1 /*
   2  * CDDL HEADER START
   3  *
   4  * The contents of this file are subject to the terms of the
   5  * Common Development and Distribution License (the "License").
   6  * You may not use this file except in compliance with the License.
   7  *
   8  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
   9  * or http://www.opensolaris.org/os/licensing.
  10  * See the License for the specific language governing permissions
  11  * and limitations under the License.
  12  *
  13  * When distributing Covered Code, include this CDDL HEADER in each
  14  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
  15  * If applicable, add the following below this CDDL HEADER, with the
  16  * fields enclosed by brackets "[]" replaced with your own identifying
  17  * information: Portions Copyright [yyyy] [name of copyright owner]
  18  *
  19  * CDDL HEADER END
  20  */
  21 
  22 /*
  23  * Copyright (c) 2009, 2010, Oracle and/or its affiliates. All rights reserved.
  24  * Copyright 2015 Nexenta Systems, Inc.  All rights reserved.
  25  */
  26 
  27 /*
  28  * Security Accounts Manager RPC (SAMR) server-side interface.
  29  *
  30  * The SAM is a hierarchical database:
  31  * - If you want to talk to the SAM you need a SAM handle.
  32  * - If you want to work with a domain, use the SAM handle.
  33  *   to obtain a domain handle.
  34  * - Use domain handles to obtain user handles etc.
  35  */
  36 
  37 #include <strings.h>
  38 #include <unistd.h>
  39 #include <netdb.h>
  40 #include <assert.h>
  41 #include <grp.h>
  42 #include <smbsrv/libsmb.h>
  43 #include <smbsrv/libmlrpc.h>
  44 #include <smbsrv/libmlsvc.h>
  45 #include <smbsrv/smbinfo.h>
  46 #include <smbsrv/nmpipes.h>
  47 #include <smbsrv/ndl/samrpc.ndl>
  48 #include <samlib.h>
  49 
  50 /*
  51  * The keys associated with the various handles dispensed by the SAMR
  52  * server.  These keys can be used to validate client activity.
  53  * These values are never passed over the wire so security shouldn't
  54  * be an issue.
  55  */
  56 typedef enum {
  57         SAMR_KEY_NULL = 0,
  58         SAMR_KEY_CONNECT,
  59         SAMR_KEY_DOMAIN,
  60         SAMR_KEY_USER,
  61         SAMR_KEY_GROUP,
  62         SAMR_KEY_ALIAS
  63 } samr_key_t;
  64 
  65 typedef struct samr_keydata {
  66         samr_key_t kd_key;
  67         smb_domain_type_t kd_type;
  68         DWORD kd_rid;
  69 } samr_keydata_t;
  70 
  71 /*
  72  * DomainDisplayUser    All user objects (or those derived from user) with
  73  *                      userAccountControl containing the UF_NORMAL_ACCOUNT bit.
  74  *
  75  * DomainDisplayMachine All user objects (or those derived from user) with
  76  *                      userAccountControl containing the
  77  *                      UF_WORKSTATION_TRUST_ACCOUNT or UF_SERVER_TRUST_ACCOUNT
  78  *                      bit.
  79  *
  80  * DomainDisplayGroup   All group objects (or those derived from group) with
  81  *                      groupType equal to GROUP_TYPE_SECURITY_UNIVERSAL or
  82  *                      GROUP_TYPE_SECURITY_ACCOUNT.
  83  *
  84  * DomainDisplayOemUser Same as DomainDisplayUser with OEM strings
  85  *
  86  * DomainDisplayOemGroup Same as DomainDisplayGroup with OEM strings
  87  */
  88 typedef enum {
  89         DomainDisplayUser = 1,
  90         DomainDisplayMachine,
  91         DomainDispalyGroup,
  92         DomainDisplayOemUser,
  93         DomainDisplayOemGroup
  94 } samr_displvl_t;
  95 
  96 #define SAMR_VALID_DISPLEVEL(lvl) \
  97         (((lvl) >= DomainDisplayUser) && ((lvl) <= DomainDisplayOemGroup))
  98 
  99 #define SAMR_SUPPORTED_DISPLEVEL(lvl) (lvl == DomainDisplayUser)
 100 
 101 static ndr_hdid_t *samr_hdalloc(ndr_xa_t *, samr_key_t, smb_domain_type_t,
 102     DWORD);
 103 static void samr_hdfree(ndr_xa_t *, ndr_hdid_t *);
 104 static ndr_handle_t *samr_hdlookup(ndr_xa_t *, ndr_hdid_t *, samr_key_t);
 105 static int samr_call_stub(ndr_xa_t *mxa);
 106 static DWORD samr_s_enum_local_domains(struct samr_EnumLocalDomain *,
 107     ndr_xa_t *);
 108 
 109 static ndr_stub_table_t samr_stub_table[];
 110 
 111 static ndr_service_t samr_service = {
 112         "SAMR",                         /* name */
 113         "Security Accounts Manager",    /* desc */
 114         "\\samr",                       /* endpoint */
 115         PIPE_LSASS,                     /* sec_addr_port */
 116         "12345778-1234-abcd-ef00-0123456789ac", 1,      /* abstract */
 117         NDR_TRANSFER_SYNTAX_UUID,               2,      /* transfer */
 118         0,                              /* no bind_instance_size */
 119         NULL,                           /* no bind_req() */
 120         NULL,                           /* no unbind_and_close() */
 121         samr_call_stub,                 /* call_stub() */
 122         &TYPEINFO(samr_interface),  /* interface ti */
 123         samr_stub_table                 /* stub_table */
 124 };
 125 
 126 /*
 127  * samr_initialize
 128  *
 129  * This function registers the SAM RPC interface with the RPC runtime
 130  * library. It must be called in order to use either the client side
 131  * or the server side functions.
 132  */
 133 void
 134 samr_initialize(void)
 135 {
 136         (void) ndr_svc_register(&samr_service);
 137 }
 138 
 139 /*
 140  * Custom call_stub to set the stream string policy.
 141  */
 142 static int
 143 samr_call_stub(ndr_xa_t *mxa)
 144 {
 145         NDS_SETF(&mxa->send_nds, NDS_F_NOTERM);
 146         NDS_SETF(&mxa->recv_nds, NDS_F_NOTERM);
 147 
 148         return (ndr_generic_call_stub(mxa));
 149 }
 150 
 151 /*
 152  * Handle allocation wrapper to setup the local context.
 153  */
 154 static ndr_hdid_t *
 155 samr_hdalloc(ndr_xa_t *mxa, samr_key_t key, smb_domain_type_t domain_type,
 156     DWORD rid)
 157 {
 158         ndr_handle_t    *hd;
 159         ndr_hdid_t      *id;
 160         samr_keydata_t  *data;
 161 
 162         if ((data = malloc(sizeof (samr_keydata_t))) == NULL)
 163                 return (NULL);
 164 
 165         data->kd_key = key;
 166         data->kd_type = domain_type;
 167         data->kd_rid = rid;
 168 
 169         if ((id = ndr_hdalloc(mxa, data)) == NULL) {
 170                 free(data);
 171                 return (NULL);
 172         }
 173 
 174         if ((hd = ndr_hdlookup(mxa, id)) != NULL)
 175                 hd->nh_data_free = free;
 176 
 177         return (id);
 178 }
 179 
 180 /*
 181  * Handle deallocation wrapper to free the local context.
 182  */
 183 static void
 184 samr_hdfree(ndr_xa_t *mxa, ndr_hdid_t *id)
 185 {
 186         ndr_handle_t *hd;
 187 
 188         if ((hd = ndr_hdlookup(mxa, id)) != NULL) {
 189                 free(hd->nh_data);
 190                 hd->nh_data = NULL;
 191                 ndr_hdfree(mxa, id);
 192         }
 193 }
 194 
 195 /*
 196  * Handle lookup wrapper to validate the local context.
 197  */
 198 static ndr_handle_t *
 199 samr_hdlookup(ndr_xa_t *mxa, ndr_hdid_t *id, samr_key_t key)
 200 {
 201         ndr_handle_t *hd;
 202         samr_keydata_t *data;
 203 
 204         if ((hd = ndr_hdlookup(mxa, id)) == NULL)
 205                 return (NULL);
 206 
 207         if ((data = (samr_keydata_t *)hd->nh_data) == NULL)
 208                 return (NULL);
 209 
 210         if (data->kd_key != key)
 211                 return (NULL);
 212 
 213         return (hd);
 214 }
 215 
 216 /*
 217  * samr_s_Connect
 218  *
 219  * This is a request to connect to the local SAM database. We don't
 220  * support any form of update request and our database doesn't
 221  * contain any private information, so there is little point in
 222  * doing any access access checking here.
 223  *
 224  * Return a handle for use with subsequent SAM requests.
 225  */
 226 static int
 227 samr_s_Connect(void *arg, ndr_xa_t *mxa)
 228 {
 229         struct samr_Connect *param = arg;
 230         ndr_hdid_t *id;
 231 
 232         id = samr_hdalloc(mxa, SAMR_KEY_CONNECT, SMB_DOMAIN_NULL, 0);
 233         if (id) {
 234                 bcopy(id, ¶m->handle, sizeof (samr_handle_t));
 235                 param->status = 0;
 236         } else {
 237                 bzero(¶m->handle, sizeof (samr_handle_t));
 238                 param->status = NT_SC_ERROR(NT_STATUS_NO_MEMORY);
 239         }
 240 
 241         return (NDR_DRC_OK);
 242 }
 243 
 244 /*
 245  * samr_s_CloseHandle
 246  *
 247  * Close the SAM interface specified by the handle.
 248  * Free the handle and zero out the result handle for the client.
 249  */
 250 static int
 251 samr_s_CloseHandle(void *arg, ndr_xa_t *mxa)
 252 {
 253         struct samr_CloseHandle *param = arg;
 254         ndr_hdid_t *id = (ndr_hdid_t *)¶m->handle;
 255 
 256         samr_hdfree(mxa, id);
 257 
 258         bzero(¶m->result_handle, sizeof (samr_handle_t));
 259         param->status = 0;
 260         return (NDR_DRC_OK);
 261 }
 262 
 263 /*
 264  * samr_s_LookupDomain
 265  *
 266  * This is a request to map a domain name to a domain SID. We can map
 267  * the primary domain name, our local domain name (hostname) and the
 268  * builtin domain names to the appropriate SID. Anything else will be
 269  * rejected.
 270  */
 271 static int
 272 samr_s_LookupDomain(void *arg, ndr_xa_t *mxa)
 273 {
 274         struct samr_LookupDomain *param = arg;
 275         char *domain_name;
 276         smb_domain_t di;
 277 
 278         if ((domain_name = (char *)param->domain_name.str) == NULL) {
 279                 bzero(param, sizeof (struct samr_LookupDomain));
 280                 param->status = NT_SC_ERROR(NT_STATUS_INVALID_PARAMETER);
 281                 return (NDR_DRC_OK);
 282         }
 283 
 284         if (!smb_domain_lookup_name(domain_name, &di)) {
 285                 bzero(param, sizeof (struct samr_LookupDomain));
 286                 param->status = NT_SC_ERROR(NT_STATUS_NO_SUCH_DOMAIN);
 287                 return (NDR_DRC_OK);
 288         }
 289 
 290         param->sid = (struct samr_sid *)NDR_SIDDUP(mxa, di.di_binsid);
 291         if (param->sid == NULL) {
 292                 bzero(param, sizeof (struct samr_LookupDomain));
 293                 param->status = NT_SC_ERROR(NT_STATUS_NO_MEMORY);
 294                 return (NDR_DRC_OK);
 295         }
 296 
 297         param->status = NT_STATUS_SUCCESS;
 298         return (NDR_DRC_OK);
 299 }
 300 
 301 /*
 302  * samr_s_EnumLocalDomains
 303  *
 304  * This is a request for the local domains supported by this server.
 305  * All we do here is validate the handle and set the status. The real
 306  * work is done in samr_s_enum_local_domains.
 307  */
 308 static int
 309 samr_s_EnumLocalDomains(void *arg, ndr_xa_t *mxa)
 310 {
 311         struct samr_EnumLocalDomain *param = arg;
 312         ndr_hdid_t *id = (ndr_hdid_t *)¶m->handle;
 313         DWORD status;
 314 
 315         if (samr_hdlookup(mxa, id, SAMR_KEY_CONNECT) == NULL)
 316                 status = NT_STATUS_ACCESS_DENIED;
 317         else
 318                 status = samr_s_enum_local_domains(param, mxa);
 319 
 320         if (status == NT_STATUS_SUCCESS) {
 321                 param->enum_context = param->info->entries_read;
 322                 param->total_entries = param->info->entries_read;
 323                 param->status = NT_STATUS_SUCCESS;
 324         } else {
 325                 bzero(param, sizeof (struct samr_EnumLocalDomain));
 326                 param->status = NT_SC_ERROR(status);
 327         }
 328 
 329         return (NDR_DRC_OK);
 330 }
 331 
 332 
 333 /*
 334  * samr_s_enum_local_domains
 335  *
 336  * This function should only be called via samr_s_EnumLocalDomains to
 337  * ensure that the appropriate validation is performed. We will answer
 338  * queries about two domains: the local domain, synonymous with the
 339  * local hostname, and the BUILTIN domain. So we return these two
 340  * strings.
 341  *
 342  * Returns NT status values.
 343  */
 344 static DWORD
 345 samr_s_enum_local_domains(struct samr_EnumLocalDomain *param,
 346     ndr_xa_t *mxa)
 347 {
 348         struct samr_LocalDomainInfo *info;
 349         struct samr_LocalDomainEntry *entry;
 350         char *hostname;
 351 
 352         hostname = NDR_MALLOC(mxa, NETBIOS_NAME_SZ);
 353         if (hostname == NULL)
 354                 return (NT_STATUS_NO_MEMORY);
 355 
 356         if (smb_getnetbiosname(hostname, NETBIOS_NAME_SZ) != 0)
 357                 return (NT_STATUS_NO_MEMORY);
 358 
 359         entry = NDR_NEWN(mxa, struct samr_LocalDomainEntry, 2);
 360         if (entry == NULL)
 361                 return (NT_STATUS_NO_MEMORY);
 362 
 363         bzero(entry, (sizeof (struct samr_LocalDomainEntry) * 2));
 364         (void) NDR_MSTRING(mxa, hostname, (ndr_mstring_t *)&entry[0].name);
 365         (void) NDR_MSTRING(mxa, "Builtin", (ndr_mstring_t *)&entry[1].name);
 366 
 367         info = NDR_NEW(mxa, struct samr_LocalDomainInfo);
 368         if (info == NULL)
 369                 return (NT_STATUS_NO_MEMORY);
 370 
 371         info->entries_read = 2;
 372         info->entry = entry;
 373         param->info = info;
 374         return (NT_STATUS_SUCCESS);
 375 }
 376 
 377 /*
 378  * samr_s_OpenDomain
 379  *
 380  * This is a request to open a domain within the local SAM database.
 381  * The caller must supply a valid connect handle.
 382  * We return a handle to be used to access objects within this domain.
 383  */
 384 static int
 385 samr_s_OpenDomain(void *arg, ndr_xa_t *mxa)
 386 {
 387         struct samr_OpenDomain *param = arg;
 388         ndr_hdid_t *id = (ndr_hdid_t *)¶m->handle;
 389         smb_domain_t domain;
 390 
 391         if (samr_hdlookup(mxa, id, SAMR_KEY_CONNECT) == NULL) {
 392                 bzero(¶m->domain_handle, sizeof (samr_handle_t));
 393                 param->status = NT_SC_ERROR(NT_STATUS_ACCESS_DENIED);
 394                 return (NDR_DRC_OK);
 395         }
 396 
 397         if (!smb_domain_lookup_sid((smb_sid_t *)param->sid, &domain)) {
 398                 bzero(¶m->domain_handle, sizeof (samr_handle_t));
 399                 param->status = NT_SC_ERROR(NT_STATUS_CANT_ACCESS_DOMAIN_INFO);
 400                 return (NDR_DRC_OK);
 401         }
 402 
 403         if ((domain.di_type != SMB_DOMAIN_BUILTIN) &&
 404             (domain.di_type != SMB_DOMAIN_LOCAL)) {
 405                 bzero(¶m->domain_handle, sizeof (samr_handle_t));
 406                 param->status = NT_SC_ERROR(NT_STATUS_CANT_ACCESS_DOMAIN_INFO);
 407                 return (NDR_DRC_OK);
 408         }
 409 
 410         id = samr_hdalloc(mxa, SAMR_KEY_DOMAIN, domain.di_type, 0);
 411         if (id) {
 412                 bcopy(id, ¶m->domain_handle, sizeof (samr_handle_t));
 413                 param->status = 0;
 414         } else {
 415                 bzero(¶m->domain_handle, sizeof (samr_handle_t));
 416                 param->status = NT_SC_ERROR(NT_STATUS_NO_MEMORY);
 417         }
 418 
 419         return (NDR_DRC_OK);
 420 }
 421 
 422 /*
 423  * samr_s_QueryDomainInfo
 424  *
 425  * The caller should pass a domain handle.
 426  *
 427  * Windows 95 Server Manager sends requests for levels 6 and 7 when
 428  * the services menu item is selected. Level 2 is basically for getting
 429  * number of users, groups, and aliases in a domain.
 430  * We have no information on what the various information levels mean.
 431  */
 432 static int
 433 samr_s_QueryDomainInfo(void *arg, ndr_xa_t *mxa)
 434 {
 435         struct samr_QueryDomainInfo *param = arg;
 436         struct samr_QueryDomainInfoRes *info;
 437         ndr_hdid_t *id = (ndr_hdid_t *)¶m->domain_handle;
 438         ndr_handle_t *hd;
 439         samr_keydata_t *data;
 440         char *domain;
 441         char hostname[NETBIOS_NAME_SZ];
 442         int alias_cnt, user_cnt;
 443         int rc = 0;
 444 
 445         if ((hd = samr_hdlookup(mxa, id, SAMR_KEY_DOMAIN)) == NULL) {
 446                 bzero(param, sizeof (struct samr_QueryDomainInfo));
 447                 param->status = NT_SC_ERROR(NT_STATUS_INVALID_HANDLE);
 448                 return (NDR_DRC_OK);
 449         }
 450 
 451         info = NDR_NEW(mxa, struct samr_QueryDomainInfoRes);
 452         if (info == NULL) {
 453                 bzero(param, sizeof (struct samr_QueryDomainInfo));
 454                 param->status = NT_SC_ERROR(NT_STATUS_NO_MEMORY);
 455                 return (NDR_DRC_OK);
 456         }
 457         info->switch_value = param->info_level;
 458         param->info = info;
 459 
 460         data = (samr_keydata_t *)hd->nh_data;
 461 
 462         switch (data->kd_type) {
 463         case SMB_DOMAIN_BUILTIN:
 464                 domain = "BUILTIN";
 465                 user_cnt = 0;
 466                 alias_cnt = smb_sam_grp_cnt(data->kd_type);
 467                 break;
 468 
 469         case SMB_DOMAIN_LOCAL:
 470                 rc = smb_getnetbiosname(hostname, sizeof (hostname));
 471                 if (rc == 0) {
 472                         domain = hostname;
 473                         user_cnt = smb_sam_usr_cnt();
 474                         alias_cnt = smb_sam_grp_cnt(data->kd_type);
 475                 }
 476                 break;
 477 
 478         default:
 479                 bzero(param, sizeof (struct samr_QueryDomainInfo));
 480                 param->status = NT_SC_ERROR(NT_STATUS_INVALID_HANDLE);
 481                 return (NDR_DRC_OK);
 482         }
 483 
 484         if (rc != 0) {
 485                 bzero(param, sizeof (struct samr_QueryDomainInfo));
 486                 param->status = NT_SC_ERROR(NT_STATUS_INTERNAL_ERROR);
 487                 return (NDR_DRC_OK);
 488         }
 489 
 490         switch (param->info_level) {
 491         case SAMR_QUERY_DOMAIN_INFO_6:
 492                 info->ru.info6.unknown1 = 0x00000000;
 493                 info->ru.info6.unknown2 = 0x00147FB0;
 494                 info->ru.info6.unknown3 = 0x00000000;
 495                 info->ru.info6.unknown4 = 0x00000000;
 496                 info->ru.info6.unknown5 = 0x00000000;
 497                 param->status = NT_STATUS_SUCCESS;
 498                 break;
 499 
 500         case SAMR_QUERY_DOMAIN_INFO_7:
 501                 info->ru.info7.unknown1 = 0x00000003;
 502                 param->status = NT_STATUS_SUCCESS;
 503                 break;
 504 
 505         case SAMR_QUERY_DOMAIN_INFO_2:
 506                 info->ru.info2.unknown1 = 0x00000000;
 507                 info->ru.info2.unknown2 = 0x80000000;
 508 
 509                 (void) NDR_MSTRING(mxa, "",
 510                     (ndr_mstring_t *)&(info->ru.info2.s1));
 511                 (void) NDR_MSTRING(mxa, domain,
 512                     (ndr_mstring_t *)&(info->ru.info2.domain));
 513                 (void) NDR_MSTRING(mxa, "",
 514                     (ndr_mstring_t *)&(info->ru.info2.s2));
 515 
 516                 info->ru.info2.sequence_num = 0x0000002B;
 517                 info->ru.info2.unknown3 = 0x00000000;
 518                 info->ru.info2.unknown4 = 0x00000001;
 519                 info->ru.info2.unknown5 = 0x00000003;
 520                 info->ru.info2.unknown6 = 0x00000001;
 521                 info->ru.info2.num_users = user_cnt;
 522                 info->ru.info2.num_groups = 0;
 523                 info->ru.info2.num_aliases = alias_cnt;
 524                 param->status = NT_STATUS_SUCCESS;
 525                 break;
 526 
 527         default:
 528                 bzero(param, sizeof (struct samr_QueryDomainInfo));
 529                 return (NDR_DRC_FAULT_REQUEST_OPNUM_INVALID);
 530         };
 531 
 532         return (NDR_DRC_OK);
 533 }
 534 
 535 /*
 536  * QueryInfoDomain2: Identical to QueryDomainInfo.
 537  */
 538 static int
 539 samr_s_QueryInfoDomain2(void *arg, ndr_xa_t *mxa)
 540 {
 541         return (samr_s_QueryDomainInfo(arg, mxa));
 542 }
 543 
 544 /*
 545  * Looks up the given name in the specified domain which could
 546  * be either the built-in or local domain.
 547  *
 548  * CAVEAT: this function should be able to handle a list of
 549  * names but currently it can only handle one name at a time.
 550  */
 551 static int
 552 samr_s_LookupNames(void *arg, ndr_xa_t *mxa)
 553 {
 554         struct samr_LookupNames *param = arg;
 555         ndr_hdid_t *id = (ndr_hdid_t *)¶m->handle;
 556         ndr_handle_t *hd;
 557         samr_keydata_t *data;
 558         smb_account_t account;
 559         smb_wka_t *wka;
 560         uint32_t status = NT_STATUS_SUCCESS;
 561 
 562         if ((hd = samr_hdlookup(mxa, id, SAMR_KEY_DOMAIN)) == NULL)
 563                 status = NT_STATUS_INVALID_HANDLE;
 564 
 565         if (param->n_entry != 1)
 566                 status = NT_STATUS_ACCESS_DENIED;
 567 
 568         if (param->name.str == NULL) {
 569                 /*
 570                  * Windows NT returns NT_STATUS_NONE_MAPPED.
 571                  * Windows 2000 returns STATUS_INVALID_ACCOUNT_NAME.
 572                  */
 573                 status = NT_STATUS_NONE_MAPPED;
 574         }
 575 
 576         if (status != NT_STATUS_SUCCESS) {
 577                 bzero(param, sizeof (struct samr_LookupNames));
 578                 param->status = NT_SC_ERROR(status);
 579                 return (NDR_DRC_OK);
 580         }
 581 
 582         param->rids.rid = NDR_NEW(mxa, DWORD);
 583         param->rid_types.rid_type = NDR_NEW(mxa, DWORD);
 584 
 585         data = (samr_keydata_t *)hd->nh_data;
 586 
 587         switch (data->kd_type) {
 588         case SMB_DOMAIN_BUILTIN:
 589                 wka = smb_wka_lookup_builtin((char *)param->name.str);
 590                 if (wka != NULL) {
 591                         param->rids.n_entry = 1;
 592                         (void) smb_sid_getrid(wka->wka_binsid,
 593                             ¶m->rids.rid[0]);
 594                         param->rid_types.n_entry = 1;
 595                         param->rid_types.rid_type[0] = wka->wka_type;
 596                         param->status = NT_STATUS_SUCCESS;
 597                         return (NDR_DRC_OK);
 598                 }
 599                 break;
 600 
 601         case SMB_DOMAIN_LOCAL:
 602                 status = smb_sam_lookup_name(NULL, (char *)param->name.str,
 603                     SidTypeUnknown, &account);
 604                 if (status == NT_STATUS_SUCCESS) {
 605                         param->rids.n_entry = 1;
 606                         param->rids.rid[0] = account.a_rid;
 607                         param->rid_types.n_entry = 1;
 608                         param->rid_types.rid_type[0] = account.a_type;
 609                         param->status = NT_STATUS_SUCCESS;
 610                         smb_account_free(&account);
 611                         return (NDR_DRC_OK);
 612                 }
 613                 break;
 614 
 615         default:
 616                 bzero(param, sizeof (struct samr_LookupNames));
 617                 param->status = NT_SC_ERROR(NT_STATUS_INVALID_HANDLE);
 618                 return (NDR_DRC_OK);
 619         }
 620 
 621         param->rids.n_entry = 0;
 622         param->rid_types.n_entry = 0;
 623         param->status = NT_SC_ERROR(NT_STATUS_NONE_MAPPED);
 624         return (NDR_DRC_OK);
 625 }
 626 
 627 /*
 628  * samr_s_OpenUser
 629  *
 630  * This is a request to open a user within a specified domain in the
 631  * local SAM database. The caller must supply a valid domain handle,
 632  * obtained via a successful domain open request. The user is
 633  * specified by the rid in the request.
 634  */
 635 static int
 636 samr_s_OpenUser(void *arg, ndr_xa_t *mxa)
 637 {
 638         struct samr_OpenUser *param = arg;
 639         ndr_hdid_t *id = (ndr_hdid_t *)¶m->handle;
 640         ndr_handle_t *hd;
 641         samr_keydata_t *data;
 642 
 643         if ((hd = samr_hdlookup(mxa, id, SAMR_KEY_DOMAIN)) == NULL) {
 644                 bzero(¶m->user_handle, sizeof (samr_handle_t));
 645                 param->status = NT_SC_ERROR(NT_STATUS_INVALID_HANDLE);
 646                 return (NDR_DRC_OK);
 647         }
 648 
 649         data = (samr_keydata_t *)hd->nh_data;
 650 
 651         id = samr_hdalloc(mxa, SAMR_KEY_USER, data->kd_type, param->rid);
 652         if (id == NULL) {
 653                 bzero(¶m->user_handle, sizeof (samr_handle_t));
 654                 param->status = NT_SC_ERROR(NT_STATUS_NO_MEMORY);
 655         } else {
 656                 bcopy(id, ¶m->user_handle, sizeof (samr_handle_t));
 657                 param->status = NT_STATUS_SUCCESS;
 658         }
 659 
 660         return (NDR_DRC_OK);
 661 }
 662 
 663 /*
 664  * samr_s_DeleteUser
 665  *
 666  * Request to delete a user within a specified domain in the local
 667  * SAM database.  The caller should supply a valid user handle.
 668  */
 669 /*ARGSUSED*/
 670 static int
 671 samr_s_DeleteUser(void *arg, ndr_xa_t *mxa)
 672 {
 673         struct samr_DeleteUser *param = arg;
 674 
 675         bzero(param, sizeof (struct samr_DeleteUser));
 676         param->status = NT_SC_ERROR(NT_STATUS_ACCESS_DENIED);
 677         return (NDR_DRC_OK);
 678 }
 679 
 680 /*
 681  * samr_s_QueryUserInfo
 682  *
 683  * Returns:
 684  * NT_STATUS_SUCCESS
 685  * NT_STATUS_ACCESS_DENIED
 686  * NT_STATUS_INVALID_INFO_CLASS
 687  */
 688 /*ARGSUSED*/
 689 static int
 690 samr_s_QueryUserInfo(void *arg, ndr_xa_t *mxa)
 691 {
 692         static uint16_t                 owf_buf[8];
 693         static uint8_t                  hour_buf[SAMR_SET_USER_HOURS_SZ];
 694         struct samr_QueryUserInfo       *param = arg;
 695         struct samr_QueryUserInfo21     *all_info;
 696         ndr_hdid_t                      *id;
 697         ndr_handle_t                    *hd;
 698         samr_keydata_t                  *data;
 699         smb_domain_t                    di;
 700         smb_account_t                   account;
 701         smb_sid_t                       *sid;
 702         uint32_t                        status;
 703 
 704         id = (ndr_hdid_t *)¶m->user_handle;
 705         if ((hd = samr_hdlookup(mxa, id, SAMR_KEY_USER)) == NULL) {
 706                 status = NT_STATUS_INVALID_HANDLE;
 707                 goto QueryUserInfoError;
 708         }
 709 
 710         data = (samr_keydata_t *)hd->nh_data;
 711 
 712         if (param->switch_value != SAMR_QUERY_USER_ALL_INFO) {
 713                 status = NT_STATUS_ACCESS_DENIED;
 714                 goto QueryUserInfoError;
 715         }
 716 
 717         if (!smb_domain_lookup_type(SMB_DOMAIN_LOCAL, &di)) {
 718                 status = NT_STATUS_ACCESS_DENIED;
 719                 goto QueryUserInfoError;
 720         }
 721 
 722         if ((sid = smb_sid_splice(di.di_binsid, data->kd_rid)) == NULL) {
 723                 status = NT_STATUS_ACCESS_DENIED;
 724                 goto QueryUserInfoError;
 725         }
 726 
 727         if (smb_sam_lookup_sid(sid, &account) != NT_STATUS_SUCCESS) {
 728                 status = NT_STATUS_ACCESS_DENIED;
 729                 goto QueryUserInfoError;
 730         }
 731 
 732         all_info = ¶m->ru.info21;
 733         bzero(all_info, sizeof (struct samr_QueryUserInfo21));
 734 
 735         all_info->WhichFields = SAMR_USER_ALL_USERNAME | SAMR_USER_ALL_USERID;
 736 
 737         (void) NDR_MSTRING(mxa, account.a_name,
 738             (ndr_mstring_t *)&all_info->UserName);
 739         all_info->UserId = data->kd_rid;
 740 
 741         all_info->LmOwfPassword.length = 16;
 742         all_info->LmOwfPassword.maxlen = 16;
 743         all_info->LmOwfPassword.buf = owf_buf;
 744         all_info->NtOwfPassword.length = 16;
 745         all_info->NtOwfPassword.maxlen = 16;
 746         all_info->NtOwfPassword.buf = owf_buf;
 747         all_info->LogonHours.units_per_week = SAMR_HOURS_PER_WEEK;
 748         all_info->LogonHours.hours = hour_buf;
 749 
 750         param->address = 1;
 751         param->switch_index = SAMR_QUERY_USER_ALL_INFO;
 752         param->status = NT_STATUS_SUCCESS;
 753         smb_account_free(&account);
 754         smb_sid_free(sid);
 755         return (NDR_DRC_OK);
 756 
 757 QueryUserInfoError:
 758         smb_sid_free(sid);
 759         bzero(param, sizeof (struct samr_QueryUserInfo));
 760         param->status = NT_SC_ERROR(status);
 761         return (NDR_DRC_OK);
 762 }
 763 
 764 /*
 765  * samr_s_QueryUserGroups
 766  *
 767  * Request the list of groups of which a user is a member.
 768  * The user is identified from the handle, which contains an
 769  * rid in the discriminator field. Note that this is a local user.
 770  */
 771 static int
 772 samr_s_QueryUserGroups(void *arg, ndr_xa_t *mxa)
 773 {
 774         struct samr_QueryUserGroups *param = arg;
 775         struct samr_UserGroupInfo *info;
 776         struct samr_UserGroups *group;
 777         ndr_hdid_t *id = (ndr_hdid_t *)¶m->user_handle;
 778         ndr_handle_t *hd;
 779         samr_keydata_t *data;
 780         smb_sid_t *user_sid = NULL;
 781         smb_group_t grp;
 782         smb_giter_t gi;
 783         smb_domain_t di;
 784         uint32_t status;
 785         int size;
 786         int ngrp_max;
 787 
 788         if ((hd = samr_hdlookup(mxa, id, SAMR_KEY_USER)) == NULL) {
 789                 status = NT_STATUS_ACCESS_DENIED;
 790                 goto query_error;
 791         }
 792 
 793         data = (samr_keydata_t *)hd->nh_data;
 794         switch (data->kd_type) {
 795         case SMB_DOMAIN_BUILTIN:
 796         case SMB_DOMAIN_LOCAL:
 797                 if (!smb_domain_lookup_type(data->kd_type, &di)) {
 798                         status = NT_STATUS_CANT_ACCESS_DOMAIN_INFO;
 799                         goto query_error;
 800                 }
 801                 break;
 802         default:
 803                 status = NT_STATUS_INVALID_HANDLE;
 804                 goto query_error;
 805         }
 806 
 807         user_sid = smb_sid_splice(di.di_binsid, data->kd_rid);
 808         if (user_sid == NULL) {
 809                 status = NT_STATUS_NO_MEMORY;
 810                 goto query_error;
 811         }
 812 
 813         info = NDR_NEW(mxa, struct samr_UserGroupInfo);
 814         if (info == NULL) {
 815                 status = NT_STATUS_NO_MEMORY;
 816                 goto query_error;
 817         }
 818         bzero(info, sizeof (struct samr_UserGroupInfo));
 819 
 820         size = 32 * 1024;
 821         info->groups = NDR_MALLOC(mxa, size);
 822         if (info->groups == NULL) {
 823                 status = NT_STATUS_NO_MEMORY;
 824                 goto query_error;
 825         }
 826         ngrp_max = size / sizeof (struct samr_UserGroups);
 827 
 828         if (smb_lgrp_iteropen(&gi) != SMB_LGRP_SUCCESS) {
 829                 status = NT_STATUS_INTERNAL_ERROR;
 830                 goto query_error;
 831         }
 832 
 833         info->n_entry = 0;
 834         group = info->groups;
 835         while ((info->n_entry < ngrp_max) &&
 836             (smb_lgrp_iterate(&gi, &grp) == SMB_LGRP_SUCCESS)) {
 837                 if (smb_lgrp_is_member(&grp, user_sid)) {
 838                         group->rid = grp.sg_rid;
 839                         group->attr = grp.sg_attr;
 840                         group++;
 841                         info->n_entry++;
 842                 }
 843                 smb_lgrp_free(&grp);
 844         }
 845         smb_lgrp_iterclose(&gi);
 846 
 847         free(user_sid);
 848         param->info = info;
 849         param->status = NT_STATUS_SUCCESS;
 850         return (NDR_DRC_OK);
 851 
 852 query_error:
 853         free(user_sid);
 854         bzero(param, sizeof (struct samr_QueryUserGroups));
 855         param->status = NT_SC_ERROR(status);
 856         return (NDR_DRC_OK);
 857 }
 858 
 859 /*
 860  * samr_s_OpenGroup
 861  *
 862  * This is a request to open a group within the specified domain in the
 863  * local SAM database. The caller must supply a valid domain handle,
 864  * obtained via a successful domain open request. The group is
 865  * specified by the rid in the request. If this is a local RID it
 866  * should already be encoded with type information.
 867  *
 868  * We return a handle to be used to access information about this group.
 869  */
 870 static int
 871 samr_s_OpenGroup(void *arg, ndr_xa_t *mxa)
 872 {
 873         struct samr_OpenGroup *param = arg;
 874         ndr_hdid_t *id = (ndr_hdid_t *)¶m->handle;
 875         ndr_handle_t *hd;
 876         samr_keydata_t *data;
 877 
 878         if ((hd = samr_hdlookup(mxa, id, SAMR_KEY_DOMAIN)) == NULL) {
 879                 bzero(¶m->group_handle, sizeof (samr_handle_t));
 880                 param->status = NT_SC_ERROR(NT_STATUS_INVALID_HANDLE);
 881                 return (NDR_DRC_OK);
 882         }
 883 
 884         data = (samr_keydata_t *)hd->nh_data;
 885         id = samr_hdalloc(mxa, SAMR_KEY_GROUP, data->kd_type, param->rid);
 886 
 887         if (id) {
 888                 bcopy(id, ¶m->group_handle, sizeof (samr_handle_t));
 889                 param->status = 0;
 890         } else {
 891                 bzero(¶m->group_handle, sizeof (samr_handle_t));
 892                 param->status = NT_SC_ERROR(NT_STATUS_NO_MEMORY);
 893         }
 894 
 895         return (NDR_DRC_OK);
 896 }
 897 
 898 /*
 899  * samr_s_AddAliasMember
 900  *
 901  * Add a member to a local SAM group.
 902  * The caller must supply a valid group handle.
 903  * The member is specified by the sid in the request.
 904  */
 905 static int
 906 samr_s_AddAliasMember(void *arg, ndr_xa_t *mxa)
 907 {
 908         struct samr_AddAliasMember *param = arg;
 909         ndr_hdid_t *id = (ndr_hdid_t *)¶m->alias_handle;
 910         ndr_handle_t *hd;
 911         samr_keydata_t *data;
 912         smb_group_t grp;
 913         uint32_t rc;
 914         uint32_t status = NT_STATUS_SUCCESS;
 915 
 916         if (param->sid == NULL) {
 917                 bzero(param, sizeof (struct samr_AddAliasMember));
 918                 param->status = NT_SC_ERROR(NT_STATUS_INVALID_PARAMETER);
 919                 return (NDR_DRC_OK);
 920         }
 921 
 922         if (!ndr_is_admin(mxa)) {
 923                 bzero(param, sizeof (struct samr_AddAliasMember));
 924                 param->status = NT_SC_ERROR(NT_STATUS_ACCESS_DENIED);
 925                 return (NDR_DRC_OK);
 926         }
 927 
 928 
 929         if ((hd = samr_hdlookup(mxa, id, SAMR_KEY_ALIAS)) == NULL) {
 930                 bzero(param, sizeof (struct samr_AddAliasMember));
 931                 param->status = NT_SC_ERROR(NT_STATUS_INVALID_HANDLE);
 932                 return (NDR_DRC_OK);
 933         }
 934 
 935         data = (samr_keydata_t *)hd->nh_data;
 936         rc = smb_lgrp_getbyrid(data->kd_rid, data->kd_type, &grp);
 937         if (rc != SMB_LGRP_SUCCESS) {
 938                 bzero(param, sizeof (struct samr_AddAliasMember));
 939                 status = smb_lgrp_err_to_ntstatus(rc);
 940                 param->status = NT_SC_ERROR(status);
 941                 return (NDR_DRC_OK);
 942         }
 943 
 944         rc = smb_lgrp_add_member(grp.sg_name,
 945             (smb_sid_t *)param->sid, SidTypeUser);
 946         if (rc != SMB_LGRP_SUCCESS) {
 947                 bzero(param, sizeof (struct samr_AddAliasMember));
 948                 status = smb_lgrp_err_to_ntstatus(rc);
 949                 param->status = NT_SC_ERROR(status);
 950         }
 951         smb_lgrp_free(&grp);
 952 
 953         param->status = status;
 954         return (NDR_DRC_OK);
 955 }
 956 
 957 /*
 958  * samr_s_DeleteAliasMember
 959  *
 960  * Delete a member from a local SAM group.
 961  * The caller must supply a valid group handle.
 962  * The member is specified by the sid in the request.
 963  */
 964 static int
 965 samr_s_DeleteAliasMember(void *arg, ndr_xa_t *mxa)
 966 {
 967         struct samr_DeleteAliasMember *param = arg;
 968         ndr_hdid_t *id = (ndr_hdid_t *)¶m->alias_handle;
 969         ndr_handle_t *hd;
 970         samr_keydata_t *data;
 971         smb_group_t grp;
 972         uint32_t rc;
 973         uint32_t status = NT_STATUS_SUCCESS;
 974 
 975         if (param->sid == NULL) {
 976                 bzero(param, sizeof (struct samr_DeleteAliasMember));
 977                 param->status = NT_SC_ERROR(NT_STATUS_INVALID_PARAMETER);
 978                 return (NDR_DRC_OK);
 979         }
 980 
 981         if (!ndr_is_admin(mxa)) {
 982                 bzero(param, sizeof (struct samr_DeleteAliasMember));
 983                 param->status = NT_SC_ERROR(NT_STATUS_ACCESS_DENIED);
 984                 return (NDR_DRC_OK);
 985         }
 986 
 987         if ((hd = samr_hdlookup(mxa, id, SAMR_KEY_ALIAS)) == NULL) {
 988                 bzero(param, sizeof (struct samr_DeleteAliasMember));
 989                 param->status = NT_SC_ERROR(NT_STATUS_INVALID_HANDLE);
 990                 return (NDR_DRC_OK);
 991         }
 992 
 993         data = (samr_keydata_t *)hd->nh_data;
 994         rc = smb_lgrp_getbyrid(data->kd_rid, data->kd_type, &grp);
 995         if (rc != SMB_LGRP_SUCCESS) {
 996                 bzero(param, sizeof (struct samr_DeleteAliasMember));
 997                 status = smb_lgrp_err_to_ntstatus(rc);
 998                 param->status = NT_SC_ERROR(status);
 999                 return (NDR_DRC_OK);
1000         }
1001 
1002         rc = smb_lgrp_del_member(grp.sg_name,
1003             (smb_sid_t *)param->sid, SidTypeUser);
1004         if (rc != SMB_LGRP_SUCCESS) {
1005                 bzero(param, sizeof (struct samr_DeleteAliasMember));
1006                 status = smb_lgrp_err_to_ntstatus(rc);
1007                 param->status = NT_SC_ERROR(status);
1008         }
1009         smb_lgrp_free(&grp);
1010 
1011         param->status = status;
1012         return (NDR_DRC_OK);
1013 }
1014 
1015 /*
1016  * samr_s_ListAliasMembers
1017  *
1018  * List members from a local SAM group.
1019  * The caller must supply a valid group handle.
1020  * A list of user SIDs in the specified group is returned to the caller.
1021  */
1022 static int
1023 samr_s_ListAliasMembers(void *arg, ndr_xa_t *mxa)
1024 {
1025         struct samr_ListAliasMembers *param = arg;
1026         ndr_hdid_t *id = (ndr_hdid_t *)¶m->alias_handle;
1027         ndr_handle_t *hd;
1028         samr_keydata_t *data;
1029         smb_group_t grp;
1030         smb_gsid_t *members;
1031         struct samr_SidInfo info;
1032         struct samr_SidList *user;
1033         uint32_t num = 0, size;
1034         int i;
1035         uint32_t rc;
1036         uint32_t status = NT_STATUS_SUCCESS;
1037 
1038         if ((hd = samr_hdlookup(mxa, id, SAMR_KEY_ALIAS)) == NULL) {
1039                 bzero(param, sizeof (struct samr_ListAliasMembers));
1040                 param->status = NT_SC_ERROR(NT_STATUS_INVALID_HANDLE);
1041                 return (NDR_DRC_OK);
1042         }
1043 
1044         bzero(&info, sizeof (struct samr_SidInfo));
1045         data = (samr_keydata_t *)hd->nh_data;
1046         rc = smb_lgrp_getbyrid(data->kd_rid, data->kd_type, &grp);
1047         if (rc != SMB_LGRP_SUCCESS) {
1048                 bzero(param, sizeof (struct samr_ListAliasMembers));
1049                 status = smb_lgrp_err_to_ntstatus(rc);
1050                 param->status = NT_SC_ERROR(status);
1051                 return (NDR_DRC_OK);
1052         }
1053 
1054         num = grp.sg_nmembers;
1055         members = grp.sg_members;
1056         size = num * sizeof (struct samr_SidList);
1057         info.sidlist = NDR_MALLOC(mxa, size);
1058         if (info.sidlist == NULL) {
1059                 bzero(param, sizeof (struct samr_ListAliasMembers));
1060                 param->status = NT_SC_ERROR(NT_STATUS_NO_MEMORY);
1061                 smb_lgrp_free(&grp);
1062                 return (NDR_DRC_OK);
1063         }
1064 
1065         info.n_entry = num;
1066         user = info.sidlist;
1067         for (i = 0; i < num; i++) {
1068                 user->sid = (struct samr_sid *)NDR_SIDDUP(mxa,
1069                     members[i].gs_sid);
1070                 if (user->sid == NULL) {
1071                         bzero(param, sizeof (struct samr_ListAliasMembers));
1072                         param->status = NT_SC_ERROR(NT_STATUS_NO_MEMORY);
1073                         smb_lgrp_free(&grp);
1074                         return (NDR_DRC_OK);
1075                 }
1076                 user++;
1077         }
1078         smb_lgrp_free(&grp);
1079 
1080         param->info = info;
1081         param->status = status;
1082         return (NDR_DRC_OK);
1083 }
1084 
1085 /*
1086  * samr_s_Connect2
1087  *
1088  * This is a request to connect to the local SAM database.
1089  * We don't support any form of update request and our database doesn't
1090  * contain any private information, so there is little point in doing
1091  * any access access checking here.
1092  *
1093  * Return a handle for use with subsequent SAM requests.
1094  */
1095 static int
1096 samr_s_Connect2(void *arg, ndr_xa_t *mxa)
1097 {
1098         struct samr_Connect2 *param = arg;
1099         ndr_hdid_t *id;
1100 
1101         id = samr_hdalloc(mxa, SAMR_KEY_CONNECT, SMB_DOMAIN_NULL, 0);
1102         if (id) {
1103                 bcopy(id, ¶m->handle, sizeof (samr_handle_t));
1104                 param->status = 0;
1105         } else {
1106                 bzero(¶m->handle, sizeof (samr_handle_t));
1107                 param->status = NT_SC_ERROR(NT_STATUS_NO_MEMORY);
1108         }
1109 
1110         return (NDR_DRC_OK);
1111 }
1112 
1113 /*
1114  * samr_s_GetUserPwInfo
1115  *
1116  * Request for a user's password policy information.
1117  */
1118 /*ARGSUSED*/
1119 static int
1120 samr_s_GetUserPwInfo(void *arg, ndr_xa_t *mxa)
1121 {
1122         static samr_password_info_t     pwinfo;
1123         struct samr_GetUserPwInfo       *param = arg;
1124 
1125         param->pwinfo = &pwinfo;
1126         param->status = NT_STATUS_SUCCESS;
1127         return (NDR_DRC_OK);
1128 }
1129 
1130 /*
1131  * samr_s_CreateUser
1132  */
1133 /*ARGSUSED*/
1134 static int
1135 samr_s_CreateUser(void *arg, ndr_xa_t *mxa)
1136 {
1137         struct samr_CreateUser *param = arg;
1138 
1139         bzero(¶m->user_handle, sizeof (samr_handle_t));
1140         param->status = NT_SC_ERROR(NT_STATUS_ACCESS_DENIED);
1141         return (NDR_DRC_OK);
1142 }
1143 
1144 /*
1145  * samr_s_ChangePasswordUser2
1146  */
1147 /*ARGSUSED*/
1148 static int
1149 samr_s_ChangePasswordUser2(void *arg, ndr_xa_t *mxa)
1150 {
1151         struct samr_ChangePasswordUser2 *param = arg;
1152 
1153         bzero(param, sizeof (*param));
1154         param->status = NT_SC_ERROR(NT_STATUS_ACCESS_DENIED);
1155         return (NDR_DRC_OK);
1156 }
1157 
1158 /*
1159  * samr_s_GetDomainPwInfo
1160  *
1161  * Request for the domain password policy information.
1162  */
1163 /*ARGSUSED*/
1164 static int
1165 samr_s_GetDomainPwInfo(void *arg, ndr_xa_t *mxa)
1166 {
1167         static samr_password_info_t     pwinfo;
1168         struct samr_GetDomainPwInfo     *param = arg;
1169 
1170         param->pwinfo = &pwinfo;
1171         param->status = NT_STATUS_SUCCESS;
1172         return (NDR_DRC_OK);
1173 }
1174 
1175 /*
1176  * samr_s_SetUserInfo
1177  */
1178 /*ARGSUSED*/
1179 static int
1180 samr_s_SetUserInfo(void *arg, ndr_xa_t *mxa)
1181 {
1182         struct samr_SetUserInfo *param = arg;
1183 
1184         bzero(param, sizeof (struct samr_SetUserInfo));
1185         param->status = NT_SC_ERROR(NT_STATUS_ACCESS_DENIED);
1186         return (NDR_DRC_OK);
1187 }
1188 
1189 /*
1190  * samr_s_QueryDispInfo
1191  *
1192  * This function currently return local users' information only.
1193  * This RPC is called repeatedly until all the users info are
1194  * retrieved.
1195  *
1196  * The total count and the returned count are returned as total size
1197  * and returned size.  The client doesn't seem to care.
1198  */
1199 static int
1200 samr_s_QueryDispInfo(void *arg, ndr_xa_t *mxa)
1201 {
1202         struct samr_QueryDispInfo *param = arg;
1203         ndr_hdid_t *id = (ndr_hdid_t *)¶m->domain_handle;
1204         ndr_handle_t *hd;
1205         samr_keydata_t *data;
1206         DWORD status = NT_STATUS_SUCCESS;
1207         struct user_acct_info *user;
1208         smb_pwditer_t pwi;
1209         smb_luser_t *uinfo;
1210         int num_users;
1211         int start_idx;
1212         int max_retcnt, retcnt;
1213         int skip;
1214 
1215         if ((hd = samr_hdlookup(mxa, id, SAMR_KEY_DOMAIN)) == NULL) {
1216                 status = NT_STATUS_INVALID_HANDLE;
1217                 goto error;
1218         }
1219 
1220         if (!SAMR_VALID_DISPLEVEL(param->level)) {
1221                 status = NT_STATUS_INVALID_INFO_CLASS;
1222                 goto error;
1223         }
1224 
1225         if (!SAMR_SUPPORTED_DISPLEVEL(param->level)) {
1226                 status = NT_STATUS_NOT_IMPLEMENTED;
1227                 goto error;
1228         }
1229 
1230         data = (samr_keydata_t *)hd->nh_data;
1231 
1232         switch (data->kd_type) {
1233         case SMB_DOMAIN_BUILTIN:
1234                 goto no_info;
1235 
1236         case SMB_DOMAIN_LOCAL:
1237                 num_users = smb_sam_usr_cnt();
1238                 start_idx = param->start_idx;
1239                 if ((num_users == 0) || (start_idx >= num_users))
1240                         goto no_info;
1241 
1242                 max_retcnt = num_users - start_idx;
1243                 if (max_retcnt > param->max_entries)
1244                         max_retcnt = param->max_entries;
1245                 param->users.acct = NDR_MALLOC(mxa,
1246                     max_retcnt * sizeof (struct user_acct_info));
1247                 user = param->users.acct;
1248                 if (user == NULL) {
1249                         status = NT_STATUS_NO_MEMORY;
1250                         goto error;
1251                 }
1252                 bzero(user, max_retcnt * sizeof (struct user_acct_info));
1253 
1254                 if (smb_pwd_iteropen(&pwi) != SMB_PWE_SUCCESS)
1255                         goto no_info;
1256 
1257                 skip = retcnt = 0;
1258                 while ((uinfo = smb_pwd_iterate(&pwi)) != NULL) {
1259                         if (skip++ < start_idx)
1260                                 continue;
1261 
1262                         if (retcnt++ >= max_retcnt)
1263                                 break;
1264 
1265                         assert(uinfo->su_name != NULL);
1266 
1267                         user->index = start_idx + retcnt;
1268                         user->rid = uinfo->su_rid;
1269                         user->ctrl = ACF_NORMUSER | ACF_PWDNOEXP;
1270                         if (uinfo->su_ctrl & SMB_PWF_DISABLE)
1271                                 user->ctrl |= ACF_DISABLED;
1272                         if (NDR_MSTRING(mxa, uinfo->su_name,
1273                             (ndr_mstring_t *)&user->name) == -1) {
1274                                 smb_pwd_iterclose(&pwi);
1275                                 status = NT_STATUS_NO_MEMORY;
1276                                 goto error;
1277                         }
1278                         (void) NDR_MSTRING(mxa, uinfo->su_fullname,
1279                             (ndr_mstring_t *)&user->fullname);
1280                         (void) NDR_MSTRING(mxa, uinfo->su_desc,
1281                             (ndr_mstring_t *)&user->desc);
1282                         user++;
1283                 }
1284                 smb_pwd_iterclose(&pwi);
1285 
1286                 if (retcnt >= max_retcnt) {
1287                         retcnt = max_retcnt;
1288                         param->status = status;
1289                 } else {
1290                         param->status = NT_STATUS_MORE_ENTRIES;
1291                 }
1292 
1293                 param->users.total_size = num_users;
1294                 param->users.returned_size = retcnt;
1295                 param->users.switch_value = param->level;
1296                 param->users.count = retcnt;
1297 
1298                 break;
1299 
1300         default:
1301                 status = NT_STATUS_INVALID_HANDLE;
1302                 goto error;
1303         }
1304 
1305         return (NDR_DRC_OK);
1306 
1307 no_info:
1308         param->users.total_size = 0;
1309         param->users.returned_size = 0;
1310         param->users.switch_value = param->level;
1311         param->users.count = 0;
1312         param->users.acct = NULL;
1313         param->status = status;
1314         return (NDR_DRC_OK);
1315 
1316 error:
1317         bzero(param, sizeof (struct samr_QueryDispInfo));
1318         param->status = NT_SC_ERROR(status);
1319         return (NDR_DRC_OK);
1320 }
1321 
1322 /*
1323  * samr_s_EnumDomainGroups
1324  *
1325  *
1326  * This function is supposed to return local group information.
1327  * As we don't support local users, this function dosen't send
1328  * back any information.
1329  *
1330  * Added template that returns information for a domain group as None.
1331  * All information is hard-coded from packet captures.
1332  */
1333 static int
1334 samr_s_EnumDomainGroups(void *arg, ndr_xa_t *mxa)
1335 {
1336         struct samr_EnumDomainGroups *param = arg;
1337         ndr_hdid_t *id = (ndr_hdid_t *)¶m->domain_handle;
1338         DWORD status = NT_STATUS_SUCCESS;
1339 
1340         if (samr_hdlookup(mxa, id, SAMR_KEY_DOMAIN) == NULL)
1341                 status = NT_SC_ERROR(NT_STATUS_INVALID_HANDLE);
1342 
1343         param->total_size = 0;
1344         param->returned_size = 0;
1345         param->switch_value = 3;
1346         param->count = 0;
1347         param->groups = 0;
1348         param->status = status;
1349         return (NDR_DRC_OK);
1350 
1351 #ifdef SAMR_SUPPORT_GROUPS
1352         if ((desc->discrim != SAMR_LOCAL_DOMAIN) || (param->start_idx != 0)) {
1353                 param->total_size = 0;
1354                 param->returned_size = 0;
1355                 param->switch_value = 3;
1356                 param->count = 0;
1357                 param->groups = 0;
1358         } else {
1359                 param->total_size = 64;
1360                 param->returned_size = 64;
1361                 param->switch_value = 3;
1362                 param->count = 1;
1363                 param->groups = (struct group_disp_info *)NDR_MALLOC(
1364                     mxa, sizeof (struct group_disp_info));
1365 
1366                 param->groups->count = 1;
1367                 param->groups->acct[0].index = 1;
1368                 param->groups->acct[0].rid = 513;
1369                 param->groups->acct[0].ctrl = 0x7;
1370                 (void) NDR_MSTRING(mxa, "None",
1371                     (ndr_mstring_t *)¶m->groups->acct[0].name);
1372 
1373                 (void) NDR_MSTRING(mxa, "Ordinary users",
1374                     (ndr_mstring_t *)¶m->groups->acct[0].desc);
1375         }
1376 
1377         param->status = NT_STATUS_SUCCESS;
1378         return (NDR_DRC_OK);
1379 #endif
1380 }
1381 
1382 /*
1383  * samr_s_OpenAlias
1384  *
1385  * Lookup for requested alias, if it exists return a handle
1386  * for that alias. The alias domain sid should match with
1387  * the passed domain handle.
1388  */
1389 static int
1390 samr_s_OpenAlias(void *arg, ndr_xa_t *mxa)
1391 {
1392         struct samr_OpenAlias *param = arg;
1393         ndr_hdid_t      *id = (ndr_hdid_t *)¶m->domain_handle;
1394         ndr_handle_t    *hd;
1395         samr_keydata_t  *data;
1396         smb_domain_type_t gd_type;
1397         smb_sid_t       *sid;
1398         smb_wka_t       *wka;
1399         char            sidstr[SMB_SID_STRSZ];
1400         uint32_t        rid;
1401         uint32_t        status;
1402         int             rc;
1403 
1404         if ((hd = samr_hdlookup(mxa, id, SAMR_KEY_DOMAIN)) == NULL) {
1405                 status = NT_STATUS_INVALID_HANDLE;
1406                 goto open_alias_err;
1407         }
1408 
1409         if ((param->access_mask & SAMR_ALIAS_ACCESS_ALL_ACCESS) == 0) {
1410                 status = NT_STATUS_ACCESS_DENIED;
1411                 goto open_alias_err;
1412         }
1413 
1414         data = (samr_keydata_t *)hd->nh_data;
1415         gd_type = (smb_domain_type_t)data->kd_type;
1416         rid = param->rid;
1417 
1418         switch (gd_type) {
1419         case SMB_DOMAIN_BUILTIN:
1420                 (void) snprintf(sidstr, SMB_SID_STRSZ, "%s-%d",
1421                     NT_BUILTIN_DOMAIN_SIDSTR, rid);
1422                 if ((sid = smb_sid_fromstr(sidstr)) == NULL) {
1423                         status = NT_STATUS_NO_SUCH_ALIAS;
1424                         goto open_alias_err;
1425                 }
1426 
1427                 wka = smb_wka_lookup_sid(sid);
1428                 smb_sid_free(sid);
1429 
1430                 if (wka == NULL) {
1431                         status = NT_STATUS_NO_SUCH_ALIAS;
1432                         goto open_alias_err;
1433                 }
1434                 break;
1435 
1436         case SMB_DOMAIN_LOCAL:
1437                 rc = smb_lgrp_getbyrid(rid, gd_type, NULL);
1438                 if (rc != SMB_LGRP_SUCCESS) {
1439                         status = NT_STATUS_NO_SUCH_ALIAS;
1440                         goto open_alias_err;
1441                 }
1442                 break;
1443 
1444         default:
1445                 status = NT_STATUS_NO_SUCH_ALIAS;
1446                 goto open_alias_err;
1447         }
1448 
1449         id = samr_hdalloc(mxa, SAMR_KEY_ALIAS, data->kd_type, param->rid);
1450         if (id) {
1451                 bcopy(id, ¶m->alias_handle, sizeof (samr_handle_t));
1452                 param->status = NT_STATUS_SUCCESS;
1453                 return (NDR_DRC_OK);
1454         }
1455 
1456         status = NT_STATUS_NO_MEMORY;
1457 
1458 open_alias_err:
1459         bzero(¶m->alias_handle, sizeof (samr_handle_t));
1460         param->status = NT_SC_ERROR(status);
1461         return (NDR_DRC_OK);
1462 }
1463 
1464 /*
1465  * samr_s_CreateDomainAlias
1466  *
1467  * Create a local group in the security accounts manager (SAM) database.
1468  * A local SAM group can only be added if a Solaris group already exists
1469  * with the same name.  On success, a valid group handle is returned.
1470  *
1471  * The caller must have administrator rights to execute this function.
1472  */
1473 static int
1474 samr_s_CreateDomainAlias(void *arg, ndr_xa_t *mxa)
1475 {
1476         struct samr_CreateDomainAlias *param = arg;
1477         ndr_hdid_t *id = (ndr_hdid_t *)¶m->alias_handle;
1478         uint32_t status = NT_STATUS_SUCCESS;
1479         smb_group_t grp;
1480         uint32_t rc;
1481         char *gname;
1482 
1483         if (samr_hdlookup(mxa, id, SAMR_KEY_DOMAIN) != NULL) {
1484                 bzero(param, sizeof (struct samr_CreateDomainAlias));
1485                 param->status = NT_SC_ERROR(NT_STATUS_INVALID_HANDLE);
1486                 return (NDR_DRC_OK);
1487         }
1488 
1489         gname = (char *)param->alias_name.str;
1490         if (gname == NULL) {
1491                 bzero(¶m->alias_handle, sizeof (samr_handle_t));
1492                 param->status = NT_SC_ERROR(NT_STATUS_INVALID_PARAMETER);
1493                 return (NDR_DRC_OK);
1494         }
1495 
1496         if ((!ndr_is_admin(mxa)) ||
1497             ((param->access_mask & SAMR_ALIAS_ACCESS_WRITE_ACCOUNT) == 0)) {
1498                 bzero(¶m->alias_handle, sizeof (samr_handle_t));
1499                 param->status = NT_SC_ERROR(NT_STATUS_ACCESS_DENIED);
1500                 return (NDR_DRC_OK);
1501         }
1502 
1503         rc = smb_lgrp_add(gname, "");
1504         if (rc != SMB_LGRP_SUCCESS) {
1505                 bzero(¶m->alias_handle, sizeof (samr_handle_t));
1506                 status = smb_lgrp_err_to_ntstatus(rc);
1507                 param->status = NT_SC_ERROR(status);
1508                 return (NDR_DRC_OK);
1509         }
1510 
1511         rc = smb_lgrp_getbyname((char *)gname, &grp);
1512         if (rc != SMB_LGRP_SUCCESS) {
1513                 bzero(¶m->alias_handle, sizeof (samr_handle_t));
1514                 status = smb_lgrp_err_to_ntstatus(rc);
1515                 param->status = NT_SC_ERROR(status);
1516                 return (NDR_DRC_OK);
1517         }
1518 
1519         id = samr_hdalloc(mxa, SAMR_KEY_ALIAS, SMB_DOMAIN_LOCAL, grp.sg_rid);
1520         smb_lgrp_free(&grp);
1521         if (id) {
1522                 bcopy(id, ¶m->alias_handle, sizeof (samr_handle_t));
1523                 param->status = status;
1524         } else {
1525                 bzero(¶m->alias_handle, sizeof (samr_handle_t));
1526                 param->status = NT_SC_ERROR(NT_STATUS_NO_MEMORY);
1527         }
1528 
1529         return (NDR_DRC_OK);
1530 }
1531 
1532 /*
1533  * samr_s_SetAliasInfo
1534  *
1535  * Similar to NetLocalGroupSetInfo.
1536  */
1537 static int
1538 samr_s_SetAliasInfo(void *arg, ndr_xa_t *mxa)
1539 {
1540         struct samr_SetAliasInfo *param = arg;
1541         ndr_hdid_t *id = (ndr_hdid_t *)¶m->alias_handle;
1542         DWORD status = NT_STATUS_SUCCESS;
1543 
1544         if (samr_hdlookup(mxa, id, SAMR_KEY_ALIAS) == NULL)
1545                 status = NT_SC_ERROR(NT_STATUS_INVALID_HANDLE);
1546 
1547         param->status = status;
1548         return (NDR_DRC_OK);
1549 }
1550 
1551 /*
1552  * samr_s_QueryAliasInfo
1553  *
1554  * Retrieves information about the specified local group account
1555  * by given handle.
1556  */
1557 static int
1558 samr_s_QueryAliasInfo(void *arg, ndr_xa_t *mxa)
1559 {
1560         struct samr_QueryAliasInfo *param = arg;
1561         ndr_hdid_t      *id = (ndr_hdid_t *)¶m->alias_handle;
1562         ndr_handle_t    *hd;
1563         samr_keydata_t  *data;
1564         smb_group_t     grp;
1565         smb_domain_type_t gd_type;
1566         smb_sid_t       *sid;
1567         smb_wka_t       *wka;
1568         char            sidstr[SMB_SID_STRSZ];
1569         char            *name;
1570         char            *desc;
1571         uint32_t        rid;
1572         uint32_t        status;
1573         int             rc;
1574 
1575         if ((hd = samr_hdlookup(mxa, id, SAMR_KEY_ALIAS)) == NULL) {
1576                 status = NT_STATUS_INVALID_HANDLE;
1577                 goto query_alias_err;
1578         }
1579 
1580         data = (samr_keydata_t *)hd->nh_data;
1581         gd_type = (smb_domain_type_t)data->kd_type;
1582         rid = data->kd_rid;
1583 
1584         switch (gd_type) {
1585         case SMB_DOMAIN_BUILTIN:
1586                 (void) snprintf(sidstr, SMB_SID_STRSZ, "%s-%d",
1587                     NT_BUILTIN_DOMAIN_SIDSTR, rid);
1588                 if ((sid = smb_sid_fromstr(sidstr)) == NULL) {
1589                         status = NT_STATUS_NO_SUCH_ALIAS;
1590                         goto query_alias_err;
1591                 }
1592 
1593                 wka = smb_wka_lookup_sid(sid);
1594                 smb_sid_free(sid);
1595 
1596                 if (wka == NULL) {
1597                         status = NT_STATUS_NO_SUCH_ALIAS;
1598                         goto query_alias_err;
1599                 }
1600 
1601                 name = wka->wka_name;
1602                 desc = (wka->wka_desc != NULL) ? wka->wka_desc : "";
1603                 break;
1604 
1605         case SMB_DOMAIN_LOCAL:
1606                 rc = smb_lgrp_getbyrid(rid, gd_type, &grp);
1607                 if (rc != SMB_LGRP_SUCCESS) {
1608                         status = NT_STATUS_NO_SUCH_ALIAS;
1609                         goto query_alias_err;
1610                 }
1611                 name = grp.sg_name;
1612                 desc = grp.sg_cmnt;
1613                 break;
1614 
1615         default:
1616                 status = NT_STATUS_NO_SUCH_ALIAS;
1617                 goto query_alias_err;
1618         }
1619 
1620         switch (param->level) {
1621         case SAMR_QUERY_ALIAS_INFO_GENERAL:
1622                 param->ru.info1.level = param->level;
1623                 (void) NDR_MSTRING(mxa, name,
1624                     (ndr_mstring_t *)¶m->ru.info1.name);
1625                 (void) NDR_MSTRING(mxa, desc,
1626                     (ndr_mstring_t *)¶m->ru.info1.desc);
1627                 param->ru.info1.member_count = 1;
1628                 break;
1629 
1630         case SAMR_QUERY_ALIAS_INFO_NAME:
1631                 param->ru.info2.level = param->level;
1632                 (void) NDR_MSTRING(mxa, name,
1633                     (ndr_mstring_t *)¶m->ru.info2.name);
1634                 break;
1635 
1636         case SAMR_QUERY_ALIAS_INFO_COMMENT:
1637                 param->ru.info3.level = param->level;
1638                 (void) NDR_MSTRING(mxa, desc,
1639                     (ndr_mstring_t *)¶m->ru.info3.desc);
1640                 break;
1641 
1642         default:
1643                 if (gd_type == SMB_DOMAIN_LOCAL)
1644                         smb_lgrp_free(&grp);
1645                 status = NT_STATUS_INVALID_INFO_CLASS;
1646                 goto query_alias_err;
1647         };
1648 
1649         if (gd_type == SMB_DOMAIN_LOCAL)
1650                 smb_lgrp_free(&grp);
1651         param->address = (DWORD)(uintptr_t)¶m->ru;
1652         param->status = 0;
1653         return (NDR_DRC_OK);
1654 
1655 query_alias_err:
1656         param->status = NT_SC_ERROR(status);
1657         return (NDR_DRC_OK);
1658 }
1659 
1660 /*
1661  * samr_s_DeleteDomainAlias
1662  *
1663  * Deletes a local group in the security database, which is the
1664  * security accounts manager (SAM). A valid group handle is returned
1665  * to the caller upon success.
1666  *
1667  * The caller must have administrator rights to execute this function.
1668  */
1669 static int
1670 samr_s_DeleteDomainAlias(void *arg, ndr_xa_t *mxa)
1671 {
1672         struct samr_DeleteDomainAlias *param = arg;
1673         ndr_hdid_t *id = (ndr_hdid_t *)¶m->alias_handle;
1674         ndr_handle_t    *hd;
1675         smb_group_t grp;
1676         samr_keydata_t  *data;
1677         smb_domain_type_t       gd_type;
1678         uint32_t        rid;
1679         uint32_t        rc;
1680         uint32_t        status = NT_STATUS_SUCCESS;
1681 
1682         if (!ndr_is_admin(mxa)) {
1683                 bzero(param, sizeof (struct samr_DeleteDomainAlias));
1684                 param->status = NT_SC_ERROR(NT_STATUS_ACCESS_DENIED);
1685                 return (NDR_DRC_OK);
1686         }
1687 
1688         if ((hd = samr_hdlookup(mxa, id, SAMR_KEY_ALIAS)) == NULL) {
1689                 bzero(param, sizeof (struct samr_DeleteDomainAlias));
1690                 param->status = NT_SC_ERROR(NT_STATUS_INVALID_HANDLE);
1691                 return (NDR_DRC_OK);
1692         }
1693 
1694         data = (samr_keydata_t *)hd->nh_data;
1695         gd_type = (smb_domain_type_t)data->kd_type;
1696         rid = data->kd_rid;
1697 
1698         switch (gd_type) {
1699         case SMB_DOMAIN_BUILTIN:
1700                 bzero(param, sizeof (struct samr_DeleteDomainAlias));
1701                 status = NT_SC_ERROR(NT_STATUS_NOT_SUPPORTED);
1702                 break;
1703 
1704         case SMB_DOMAIN_LOCAL:
1705                 rc = smb_lgrp_getbyrid(rid, gd_type, &grp);
1706                 if (rc != SMB_LGRP_SUCCESS) {
1707                         bzero(param, sizeof (struct samr_DeleteDomainAlias));
1708                         status = smb_lgrp_err_to_ntstatus(rc);
1709                         status = NT_SC_ERROR(status);
1710                         break;
1711                 }
1712 
1713                 rc = smb_lgrp_delete(grp.sg_name);
1714                 if (rc != SMB_LGRP_SUCCESS) {
1715                         bzero(param, sizeof (struct samr_DeleteDomainAlias));
1716                         status = smb_lgrp_err_to_ntstatus(rc);
1717                         status = NT_SC_ERROR(status);
1718                 }
1719                 smb_lgrp_free(&grp);
1720                 break;
1721 
1722         default:
1723                 bzero(param, sizeof (struct samr_DeleteDomainAlias));
1724                 status = NT_SC_ERROR(NT_STATUS_NO_SUCH_ALIAS);
1725         }
1726 
1727         param->status = status;
1728         return (NDR_DRC_OK);
1729 }
1730 
1731 /*
1732  * samr_s_EnumDomainAliases
1733  *
1734  * This function sends back a list which contains all local groups' name.
1735  */
1736 static int
1737 samr_s_EnumDomainAliases(void *arg, ndr_xa_t *mxa)
1738 {
1739         struct samr_EnumDomainAliases *param = arg;
1740         ndr_hdid_t *id = (ndr_hdid_t *)¶m->domain_handle;
1741         ndr_handle_t *hd;
1742         samr_keydata_t *data;
1743         smb_group_t grp;
1744         smb_giter_t gi;
1745         int cnt, skip, i;
1746         struct name_rid *info;
1747 
1748         if ((hd = samr_hdlookup(mxa, id, SAMR_KEY_DOMAIN)) == NULL) {
1749                 bzero(param, sizeof (struct samr_EnumDomainAliases));
1750                 param->status = NT_SC_ERROR(NT_STATUS_INVALID_HANDLE);
1751                 return (NDR_DRC_OK);
1752         }
1753 
1754         data = (samr_keydata_t *)hd->nh_data;
1755 
1756         cnt = smb_sam_grp_cnt(data->kd_type);
1757         if (cnt <= param->resume_handle) {
1758                 param->aliases = (struct aliases_info *)NDR_MALLOC(mxa,
1759                     sizeof (struct aliases_info));
1760 
1761                 if (param->aliases == NULL) {
1762                         bzero(param, sizeof (struct samr_EnumDomainAliases));
1763                         param->status = NT_SC_ERROR(NT_STATUS_NO_MEMORY);
1764                         return (NDR_DRC_OK);
1765                 }
1766 
1767                 bzero(param->aliases, sizeof (struct aliases_info));
1768                 param->out_resume = 0;
1769                 param->entries = 0;
1770                 param->status = NT_STATUS_SUCCESS;
1771                 return (NDR_DRC_OK);
1772         }
1773 
1774         cnt -= param->resume_handle;
1775         param->aliases = (struct aliases_info *)NDR_MALLOC(mxa,
1776             sizeof (struct aliases_info) + (cnt-1) * sizeof (struct name_rid));
1777 
1778         if (param->aliases == NULL) {
1779                 bzero(param, sizeof (struct samr_EnumDomainAliases));
1780                 param->status = NT_SC_ERROR(NT_STATUS_NO_MEMORY);
1781                 return (NDR_DRC_OK);
1782         }
1783 
1784         if (smb_lgrp_iteropen(&gi) != SMB_LGRP_SUCCESS) {
1785                 bzero(param, sizeof (struct samr_EnumDomainAliases));
1786                 param->status = NT_SC_ERROR(NT_STATUS_INTERNAL_ERROR);
1787                 return (NDR_DRC_OK);
1788         }
1789 
1790         skip = i = 0;
1791         info = param->aliases->info;
1792         while (smb_lgrp_iterate(&gi, &grp) == SMB_LGRP_SUCCESS) {
1793                 if ((skip++ >= param->resume_handle) &&
1794                     (grp.sg_domain == data->kd_type) && (i++ < cnt)) {
1795                         info->rid = grp.sg_rid;
1796                         (void) NDR_MSTRING(mxa, grp.sg_name,
1797                             (ndr_mstring_t *)&info->name);
1798 
1799                         info++;
1800                 }
1801                 smb_lgrp_free(&grp);
1802         }
1803         smb_lgrp_iterclose(&gi);
1804 
1805         param->aliases->count = i;
1806         param->aliases->address = i;
1807 
1808         param->out_resume = i;
1809         param->entries = i;
1810         param->status = 0;
1811         return (NDR_DRC_OK);
1812 }
1813 
1814 /*
1815  * samr_s_Connect4
1816  */
1817 static int
1818 samr_s_Connect4(void *arg, ndr_xa_t *mxa)
1819 {
1820         struct samr_Connect4    *param = arg;
1821         ndr_hdid_t              *id;
1822 
1823         id = samr_hdalloc(mxa, SAMR_KEY_CONNECT, SMB_DOMAIN_NULL, 0);
1824         if (id) {
1825                 bcopy(id, ¶m->handle, sizeof (samr_handle_t));
1826                 param->status = 0;
1827         } else {
1828                 bzero(¶m->handle, sizeof (samr_handle_t));
1829                 param->status = NT_SC_ERROR(NT_STATUS_NO_MEMORY);
1830         }
1831 
1832         return (NDR_DRC_OK);
1833 }
1834 
1835 /*
1836  * samr_s_Connect5
1837  *
1838  * This is the connect5 form of the connect request used by Windows XP.
1839  * Returns an RPC fault for now.
1840  */
1841 /*ARGSUSED*/
1842 static int
1843 samr_s_Connect5(void *arg, ndr_xa_t *mxa)
1844 {
1845         struct samr_Connect5 *param = arg;
1846 
1847         bzero(param, sizeof (struct samr_Connect5));
1848         return (NDR_DRC_FAULT_REQUEST_OPNUM_INVALID);
1849 }
1850 
1851 static ndr_stub_table_t samr_stub_table[] = {
1852         { samr_s_Connect,               SAMR_OPNUM_Connect },
1853         { samr_s_CloseHandle,           SAMR_OPNUM_CloseHandle },
1854         { samr_s_LookupDomain,          SAMR_OPNUM_LookupDomain },
1855         { samr_s_EnumLocalDomains,      SAMR_OPNUM_EnumLocalDomains },
1856         { samr_s_OpenDomain,            SAMR_OPNUM_OpenDomain },
1857         { samr_s_QueryDomainInfo,       SAMR_OPNUM_QueryDomainInfo },
1858         { samr_s_QueryInfoDomain2,      SAMR_OPNUM_QueryInfoDomain2 },
1859         { samr_s_LookupNames,           SAMR_OPNUM_LookupNames },
1860         { samr_s_OpenUser,              SAMR_OPNUM_OpenUser },
1861         { samr_s_DeleteUser,            SAMR_OPNUM_DeleteUser },
1862         { samr_s_QueryUserInfo,         SAMR_OPNUM_QueryUserInfo },
1863         { samr_s_QueryUserGroups,       SAMR_OPNUM_QueryUserGroups },
1864         { samr_s_OpenGroup,             SAMR_OPNUM_OpenGroup },
1865         { samr_s_Connect2,              SAMR_OPNUM_Connect2 },
1866         { samr_s_GetUserPwInfo,         SAMR_OPNUM_GetUserPwInfo },
1867         { samr_s_CreateUser,            SAMR_OPNUM_CreateUser },
1868         { samr_s_ChangePasswordUser2,   SAMR_OPNUM_ChangePasswordUser2 },
1869         { samr_s_GetDomainPwInfo,       SAMR_OPNUM_GetDomainPwInfo },
1870         { samr_s_SetUserInfo,           SAMR_OPNUM_SetUserInfo },
1871         { samr_s_Connect4,              SAMR_OPNUM_Connect4 },
1872         { samr_s_Connect5,              SAMR_OPNUM_Connect5 },
1873         { samr_s_QueryDispInfo,         SAMR_OPNUM_QueryDispInfo },
1874         { samr_s_OpenAlias,             SAMR_OPNUM_OpenAlias },
1875         { samr_s_CreateDomainAlias,     SAMR_OPNUM_CreateDomainAlias },
1876         { samr_s_SetAliasInfo,          SAMR_OPNUM_SetAliasInfo },
1877         { samr_s_QueryAliasInfo,        SAMR_OPNUM_QueryAliasInfo },
1878         { samr_s_DeleteDomainAlias,     SAMR_OPNUM_DeleteDomainAlias },
1879         { samr_s_EnumDomainAliases,     SAMR_OPNUM_EnumDomainAliases },
1880         { samr_s_EnumDomainGroups,      SAMR_OPNUM_EnumDomainGroups },
1881         { samr_s_AddAliasMember,        SAMR_OPNUM_AddAliasMember },
1882         { samr_s_DeleteAliasMember,     SAMR_OPNUM_DeleteAliasMember },
1883         { samr_s_ListAliasMembers,      SAMR_OPNUM_ListAliasMembers },
1884         {0}
1885 };
1886 
1887 /*
1888  * There is a bug in the way that midl and the marshalling code handles
1889  * unions so we need to fix some of the data offsets at runtime. The
1890  * following macros and the fixup functions handle the corrections.
1891  */
1892 
1893 DECL_FIXUP_STRUCT(samr_QueryAliasInfo_ru);
1894 DECL_FIXUP_STRUCT(samr_QueryAliasInfoRes);
1895 DECL_FIXUP_STRUCT(samr_QueryAliasInfo);
1896 
1897 DECL_FIXUP_STRUCT(QueryUserInfo_result_u);
1898 DECL_FIXUP_STRUCT(QueryUserInfo_result);
1899 DECL_FIXUP_STRUCT(samr_QueryUserInfo);
1900 
1901 void
1902 fixup_samr_QueryAliasInfo(struct samr_QueryAliasInfo *val)
1903 {
1904         unsigned short size1 = 0;
1905         unsigned short size2 = 0;
1906         unsigned short size3 = 0;
1907 
1908         switch (val->level) {
1909         case SAMR_QUERY_ALIAS_INFO_GENERAL:
1910                 size1 = sizeof (struct samr_QueryAliasInfoGeneral);
1911                 break;
1912         case SAMR_QUERY_ALIAS_INFO_NAME:
1913                 size1 = sizeof (struct samr_QueryAliasInfoName);
1914                 break;
1915         case SAMR_QUERY_ALIAS_INFO_COMMENT:
1916                 size1 = sizeof (struct samr_QueryAliasInfoComment);
1917                 break;
1918 
1919         default:
1920                 return;
1921         };
1922 
1923         size2 = size1 + (2 * sizeof (DWORD));
1924         size3 = size2 + sizeof (ndr_request_hdr_t) + sizeof (DWORD);
1925 
1926         FIXUP_PDU_SIZE(samr_QueryAliasInfo_ru, size1);
1927         FIXUP_PDU_SIZE(samr_QueryAliasInfoRes, size2);
1928         FIXUP_PDU_SIZE(samr_QueryAliasInfo, size3);
1929 }
1930 
1931 void
1932 fixup_samr_QueryUserInfo(struct samr_QueryUserInfo *val)
1933 {
1934         unsigned short size1 = 0;
1935         unsigned short size2 = 0;
1936         unsigned short size3 = 0;
1937 
1938         switch (val->switch_index) {
1939                 CASE_INFO_ENT(samr_QueryUserInfo, 1);
1940                 CASE_INFO_ENT(samr_QueryUserInfo, 6);
1941                 CASE_INFO_ENT(samr_QueryUserInfo, 7);
1942                 CASE_INFO_ENT(samr_QueryUserInfo, 8);
1943                 CASE_INFO_ENT(samr_QueryUserInfo, 9);
1944                 CASE_INFO_ENT(samr_QueryUserInfo, 16);
1945                 CASE_INFO_ENT(samr_QueryUserInfo, 21);
1946 
1947                 default:
1948                         return;
1949         };
1950 
1951         size2 = size1 + (2 * sizeof (DWORD));
1952         size3 = size2 + sizeof (ndr_request_hdr_t) + sizeof (DWORD);
1953 
1954         FIXUP_PDU_SIZE(QueryUserInfo_result_u, size1);
1955         FIXUP_PDU_SIZE(QueryUserInfo_result, size2);
1956         FIXUP_PDU_SIZE(samr_QueryUserInfo, size3);
1957 }
1958 
1959 /*
1960  * As long as there is only one entry in the union, there is no need
1961  * to patch anything.
1962  */
1963 /*ARGSUSED*/
1964 void
1965 fixup_samr_QueryGroupInfo(struct samr_QueryGroupInfo *val)
1966 {
1967 }