2 Unix SMB/CIFS implementation.
4 endpoint server for the lsarpc pipe
6 Copyright (C) Andrew Tridgell 2004
8 This program is free software; you can redistribute it and/or modify
9 it under the terms of the GNU General Public License as published by
10 the Free Software Foundation; either version 2 of the License, or
11 (at your option) any later version.
13 This program is distributed in the hope that it will be useful,
14 but WITHOUT ANY WARRANTY; without even the implied warranty of
15 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 GNU General Public License for more details.
18 You should have received a copy of the GNU General Public License
19 along with this program; if not, write to the Free Software
20 Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
24 #include "rpc_server/common/common.h"
27 this type allows us to distinguish handle types
36 state associated with a lsa_OpenPolicy() operation
38 struct lsa_policy_state {
43 const char *domain_dn;
50 static void lsa_Policy_close(struct lsa_policy_state *state)
52 state->reference_count--;
53 if (state->reference_count == 0) {
54 samdb_close(state->sam_ctx);
55 talloc_destroy(state->mem_ctx);
60 destroy an open policy. This closes the database connection
62 static void lsa_Policy_destroy(struct dcesrv_connection *conn, struct dcesrv_handle *h)
64 struct lsa_policy_state *state = h->data;
65 lsa_Policy_close(state);
71 static NTSTATUS lsa_Close(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
74 struct dcesrv_handle *h;
76 *r->out.handle = *r->in.handle;
78 DCESRV_PULL_HANDLE(h, r->in.handle, DCESRV_HANDLE_ANY);
80 /* this causes the callback samr_XXX_destroy() to be called by
81 the handle destroy code which destroys the state associated
83 dcesrv_handle_destroy(dce_call->conn, h);
85 ZERO_STRUCTP(r->out.handle);
94 static NTSTATUS lsa_Delete(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
97 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
104 static NTSTATUS lsa_EnumPrivs(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
105 struct lsa_EnumPrivs *r)
107 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
114 static NTSTATUS lsa_QuerySecObj(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
115 struct lsa_QuerySecObj *r)
117 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
124 static NTSTATUS lsa_SetSecObj(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
125 struct lsa_SetSecObj *r)
127 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
134 static NTSTATUS lsa_ChangePassword(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
135 struct lsa_ChangePassword *r)
137 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
144 static NTSTATUS lsa_OpenPolicy2(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
145 struct lsa_OpenPolicy2 *r)
147 struct lsa_policy_state *state;
148 struct dcesrv_handle *handle;
149 TALLOC_CTX *lsa_mem_ctx;
151 ZERO_STRUCTP(r->out.handle);
153 lsa_mem_ctx = talloc_init("lsa_OpenPolicy");
155 return NT_STATUS_NO_MEMORY;
158 state = talloc_p(lsa_mem_ctx, struct lsa_policy_state);
160 return NT_STATUS_NO_MEMORY;
162 state->mem_ctx = lsa_mem_ctx;
164 /* make sure the sam database is accessible */
165 state->sam_ctx = samdb_connect();
166 if (state->sam_ctx == NULL) {
167 talloc_destroy(state->mem_ctx);
168 return NT_STATUS_INVALID_SYSTEM_SERVICE;
171 /* work out the domain_dn - useful for so many calls its worth
173 state->domain_dn = samdb_search_string(state->sam_ctx, state->mem_ctx, NULL,
174 "dn", "(&(objectClass=domain)(!(objectclass=builtinDomain)))");
175 if (!state->domain_dn) {
176 samdb_close(state->sam_ctx);
177 talloc_destroy(state->mem_ctx);
178 return NT_STATUS_NO_SUCH_DOMAIN;
181 handle = dcesrv_handle_new(dce_call->conn, LSA_HANDLE_POLICY);
183 talloc_destroy(state->mem_ctx);
184 return NT_STATUS_NO_MEMORY;
187 handle->data = state;
188 handle->destroy = lsa_Policy_destroy;
190 state->reference_count = 1;
191 state->access_mask = r->in.access_mask;
192 *r->out.handle = handle->wire_handle;
194 /* note that we have completely ignored the attr element of
195 the OpenPolicy. As far as I can tell, this is what w2k3
203 a wrapper around lsa_OpenPolicy2
205 static NTSTATUS lsa_OpenPolicy(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
206 struct lsa_OpenPolicy *r)
208 struct lsa_OpenPolicy2 r2;
210 r2.in.system_name = NULL;
211 r2.in.attr = r->in.attr;
212 r2.in.access_mask = r->in.access_mask;
213 r2.out.handle = r->out.handle;
215 return lsa_OpenPolicy2(dce_call, mem_ctx, &r2);
222 fill in the AccountDomain info
224 static NTSTATUS lsa_info_AccountDomain(struct lsa_policy_state *state, TALLOC_CTX *mem_ctx,
225 struct lsa_DomainInfo *info)
227 const char * const attrs[] = { "objectSid", "name", NULL};
229 struct ldb_message **res;
231 ret = samdb_search(state->sam_ctx, mem_ctx, NULL, &res, attrs,
232 "dn=%s", state->domain_dn);
234 return NT_STATUS_INTERNAL_DB_CORRUPTION;
237 info->name.name = samdb_result_string(res[0], "name", NULL);
238 info->sid = samdb_result_dom_sid(mem_ctx, res[0], "objectSid");
244 fill in the DNS domain info
246 static NTSTATUS lsa_info_DNS(struct lsa_policy_state *state, TALLOC_CTX *mem_ctx,
247 struct lsa_DnsDomainInfo *info)
249 const char * const attrs[] = { "name", "dnsDomain", "objectGUID", "objectSid", NULL };
251 struct ldb_message **res;
253 ret = samdb_search(state->sam_ctx, mem_ctx, NULL, &res, attrs,
254 "dn=%s", state->domain_dn);
256 return NT_STATUS_INTERNAL_DB_CORRUPTION;
259 info->name.name = samdb_result_string(res[0], "name", NULL);
260 info->dns_domain.name = samdb_result_string(res[0], "dnsDomain", NULL);
261 info->dns_forest.name = samdb_result_string(res[0], "dnsDomain", NULL);
262 info->domain_guid = samdb_result_guid(res[0], "objectGUID");
263 info->sid = samdb_result_dom_sid(mem_ctx, res[0], "objectSid");
271 static NTSTATUS lsa_QueryInfoPolicy2(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
272 struct lsa_QueryInfoPolicy2 *r)
274 struct lsa_policy_state *state;
275 struct dcesrv_handle *h;
279 DCESRV_PULL_HANDLE(h, r->in.handle, LSA_HANDLE_POLICY);
283 r->out.info = talloc_p(mem_ctx, union lsa_PolicyInformation);
285 return NT_STATUS_NO_MEMORY;
288 ZERO_STRUCTP(r->out.info);
290 switch (r->in.level) {
291 case LSA_POLICY_INFO_DOMAIN:
292 case LSA_POLICY_INFO_ACCOUNT_DOMAIN:
293 return lsa_info_AccountDomain(state, mem_ctx, &r->out.info->account_domain);
295 case LSA_POLICY_INFO_DNS:
296 return lsa_info_DNS(state, mem_ctx, &r->out.info->dns);
299 return NT_STATUS_INVALID_INFO_CLASS;
305 static NTSTATUS lsa_QueryInfoPolicy(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
306 struct lsa_QueryInfoPolicy *r)
308 struct lsa_QueryInfoPolicy2 r2;
311 r2.in.handle = r->in.handle;
312 r2.in.level = r->in.level;
314 status = lsa_QueryInfoPolicy2(dce_call, mem_ctx, &r2);
316 r->out.info = r2.out.info;
324 static NTSTATUS lsa_SetInfoPolicy(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
325 struct lsa_SetInfoPolicy *r)
327 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
334 static NTSTATUS lsa_ClearAuditLog(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
335 struct lsa_ClearAuditLog *r)
337 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
344 static NTSTATUS lsa_CreateAccount(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
345 struct lsa_CreateAccount *r)
347 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
354 static NTSTATUS lsa_EnumAccounts(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
355 struct lsa_EnumAccounts *r)
357 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
362 lsa_CreateTrustedDomain
364 static NTSTATUS lsa_CreateTrustedDomain(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
365 struct lsa_CreateTrustedDomain *r)
367 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
374 static NTSTATUS lsa_EnumTrustDom(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
375 struct lsa_EnumTrustDom *r)
377 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
384 static NTSTATUS lsa_LookupNames(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
385 struct lsa_LookupNames *r)
387 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
394 static NTSTATUS lsa_LookupSids(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
395 struct lsa_LookupSids *r)
397 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
404 static NTSTATUS lsa_CreateSecret(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
405 struct lsa_CreateSecret *r)
407 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
414 static NTSTATUS lsa_OpenAccount(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
415 struct lsa_OpenAccount *r)
417 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
424 static NTSTATUS lsa_EnumPrivsAccount(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
425 struct lsa_EnumPrivsAccount *r)
427 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
432 lsa_AddPrivilegesToAccount
434 static NTSTATUS lsa_AddPrivilegesToAccount(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
435 struct lsa_AddPrivilegesToAccount *r)
437 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
442 lsa_RemovePrivilegesFromAccount
444 static NTSTATUS lsa_RemovePrivilegesFromAccount(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
445 struct lsa_RemovePrivilegesFromAccount *r)
447 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
452 lsa_GetQuotasForAccount
454 static NTSTATUS lsa_GetQuotasForAccount(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
455 struct lsa_GetQuotasForAccount *r)
457 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
462 lsa_SetQuotasForAccount
464 static NTSTATUS lsa_SetQuotasForAccount(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
465 struct lsa_SetQuotasForAccount *r)
467 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
472 lsa_GetSystemAccessAccount
474 static NTSTATUS lsa_GetSystemAccessAccount(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
475 struct lsa_GetSystemAccessAccount *r)
477 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
482 lsa_SetSystemAccessAccount
484 static NTSTATUS lsa_SetSystemAccessAccount(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
485 struct lsa_SetSystemAccessAccount *r)
487 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
492 lsa_OpenTrustedDomain
494 static NTSTATUS lsa_OpenTrustedDomain(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
495 struct lsa_OpenTrustedDomain *r)
497 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
502 lsa_QueryInfoTrustedDomain
504 static NTSTATUS lsa_QueryInfoTrustedDomain(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
505 struct lsa_QueryInfoTrustedDomain *r)
507 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
512 lsa_SetInformationTrustedDomain
514 static NTSTATUS lsa_SetInformationTrustedDomain(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
515 struct lsa_SetInformationTrustedDomain *r)
517 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
524 static NTSTATUS lsa_OpenSecret(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
525 struct lsa_OpenSecret *r)
527 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
534 static NTSTATUS lsa_SetSecret(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
535 struct lsa_SetSecret *r)
537 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
544 static NTSTATUS lsa_QuerySecret(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
545 struct lsa_QuerySecret *r)
547 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
554 static NTSTATUS lsa_LookupPrivValue(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
555 struct lsa_LookupPrivValue *r)
557 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
564 static NTSTATUS lsa_LookupPrivName(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
565 struct lsa_LookupPrivName *r)
567 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
572 lsa_LookupPrivDisplayName
574 static NTSTATUS lsa_LookupPrivDisplayName(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
575 struct lsa_LookupPrivDisplayName *r)
577 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
584 static NTSTATUS lsa_DeleteObject(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
585 struct lsa_DeleteObject *r)
587 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
592 lsa_EnumAccountsWithUserRight
594 static NTSTATUS lsa_EnumAccountsWithUserRight(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
595 struct lsa_EnumAccountsWithUserRight *r)
597 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
602 lsa_EnumAccountRights
604 static NTSTATUS lsa_EnumAccountRights(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
605 struct lsa_EnumAccountRights *r)
607 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
614 static NTSTATUS lsa_AddAccountRights(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
615 struct lsa_AddAccountRights *r)
617 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
622 lsa_RemoveAccountRights
624 static NTSTATUS lsa_RemoveAccountRights(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
625 struct lsa_RemoveAccountRights *r)
627 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
632 lsa_QueryTrustDomainInfo
634 static NTSTATUS lsa_QueryTrustDomainInfo(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
635 struct lsa_QueryTrustDomainInfo *r)
637 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
642 lsa_SetTrustDomainInfo
644 static NTSTATUS lsa_SetTrustDomainInfo(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
645 struct lsa_SetTrustDomainInfo *r)
647 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
652 lsa_DeleteTrustDomain
654 static NTSTATUS lsa_DeleteTrustDomain(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
655 struct lsa_DeleteTrustDomain *r)
657 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
664 static NTSTATUS lsa_StorePrivateData(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
665 struct lsa_StorePrivateData *r)
667 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
672 lsa_RetrievePrivateData
674 static NTSTATUS lsa_RetrievePrivateData(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
675 struct lsa_RetrievePrivateData *r)
677 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
684 static NTSTATUS lsa_GetUserName(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
685 struct lsa_GetUserName *r)
687 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
693 static NTSTATUS lsa_SetInfoPolicy2(struct dcesrv_call_state *dce_call,
695 struct lsa_SetInfoPolicy2 *r)
697 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
701 lsa_QueryTrustedDomainInfoByName
703 static NTSTATUS lsa_QueryTrustedDomainInfoByName(struct dcesrv_call_state *dce_call,
705 struct lsa_QueryTrustedDomainInfoByName *r)
707 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
711 lsa_SetTrustedDomainInfoByName
713 static NTSTATUS lsa_SetTrustedDomainInfoByName(struct dcesrv_call_state *dce_call,
715 struct lsa_SetTrustedDomainInfoByName *r)
717 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
721 lsa_EnumTrustedDomainsEx
723 static NTSTATUS lsa_EnumTrustedDomainsEx(struct dcesrv_call_state *dce_call,
725 struct lsa_EnumTrustedDomainsEx *r)
727 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
731 lsa_CreateTrustedDomainEx
733 static NTSTATUS lsa_CreateTrustedDomainEx(struct dcesrv_call_state *dce_call,
735 struct lsa_CreateTrustedDomainEx *r)
737 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
741 lsa_CloseTrustedDomainEx
743 static NTSTATUS lsa_CloseTrustedDomainEx(struct dcesrv_call_state *dce_call,
745 struct lsa_CloseTrustedDomainEx *r)
747 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
751 lsa_QueryDomainInformationPolicy
753 static NTSTATUS lsa_QueryDomainInformationPolicy(struct dcesrv_call_state *dce_call,
755 struct lsa_QueryDomainInformationPolicy *r)
757 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
763 static NTSTATUS lsa_SetDomInfoPolicy(struct dcesrv_call_state *dce_call,
765 struct lsa_SetDomInfoPolicy *r)
767 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
771 lsa_OpenTrustedDomainByName
773 static NTSTATUS lsa_OpenTrustedDomainByName(struct dcesrv_call_state *dce_call,
775 struct lsa_OpenTrustedDomainByName *r)
777 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
783 static NTSTATUS lsa_TestCall(struct dcesrv_call_state *dce_call,
785 struct lsa_TestCall *r)
787 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
793 static NTSTATUS lsa_LookupSids2(struct dcesrv_call_state *dce_call,
795 struct lsa_LookupSids2 *r)
797 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
803 static NTSTATUS lsa_LookupNames2(struct dcesrv_call_state *dce_call,
805 struct lsa_LookupNames2 *r)
807 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
811 lsa_CreateTrustedDomainEx2
813 static NTSTATUS lsa_CreateTrustedDomainEx2(struct dcesrv_call_state *dce_call,
815 struct lsa_CreateTrustedDomainEx2 *r)
817 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
820 /* include the generated boilerplate */
821 #include "librpc/gen_ndr/ndr_lsa_s.c"