/*
dssetup_DsRoleGetPrimaryDomainInformation
+
+ This is not an LSA call, but is the only call left on the DSSETUP
+ pipe (after the pipe was truncated), and needs lsa_get_policy_state
*/
static WERROR dssetup_DsRoleGetPrimaryDomainInformation(struct dcesrv_call_state *dce_call,
TALLOC_CTX *mem_ctx,
/*
- lsa_LookupSids3
+ lsa_LookupSids2
*/
-static NTSTATUS lsa_LookupSids3(struct dcesrv_call_state *dce_call,
+static NTSTATUS lsa_LookupSids2(struct dcesrv_call_state *dce_call,
TALLOC_CTX *mem_ctx,
- struct lsa_LookupSids3 *r)
+ struct lsa_LookupSids2 *r)
{
struct lsa_policy_state *state;
int i;
/*
- lsa_LookupSids2
+ lsa_LookupSids3
+
+ Identical to LookupSids2, but doesn't take a policy handle
+
*/
-static NTSTATUS lsa_LookupSids2(struct dcesrv_call_state *dce_call,
+static NTSTATUS lsa_LookupSids3(struct dcesrv_call_state *dce_call,
TALLOC_CTX *mem_ctx,
- struct lsa_LookupSids2 *r)
+ struct lsa_LookupSids3 *r)
{
- struct lsa_LookupSids3 r3;
+ struct lsa_LookupSids2 r2;
+ struct lsa_OpenPolicy2 pol;
NTSTATUS status;
+ struct dcesrv_handle *h;
- r3.in.sids = r->in.sids;
- r3.in.names = r->in.names;
- r3.in.level = r->in.level;
- r3.in.count = r->in.count;
- r3.in.unknown1 = r->in.unknown1;
- r3.in.unknown2 = r->in.unknown2;
- r3.out.count = r->out.count;
- r3.out.names = r->out.names;
+ /* No policy handle on the wire, so make one up here */
+ r2.in.handle = talloc(mem_ctx, struct policy_handle);
+ if (!r2.in.handle) {
+ return NT_STATUS_NO_MEMORY;
+ }
- status = lsa_LookupSids3(dce_call, mem_ctx, &r3);
+ pol.out.handle = r2.in.handle;
+ pol.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
+ pol.in.attr = NULL;
+ pol.in.system_name = NULL;
+ status = lsa_OpenPolicy2(dce_call, mem_ctx, &pol);
+ if (!NT_STATUS_IS_OK(status)) {
+ return status;
+ }
+
+ /* ensure this handle goes away at the end of this call */
+ DCESRV_PULL_HANDLE(h, r2.in.handle, LSA_HANDLE_POLICY);
+ talloc_steal(mem_ctx, h);
+
+ r2.in.sids = r->in.sids;
+ r2.in.names = r->in.names;
+ r2.in.level = r->in.level;
+ r2.in.count = r->in.count;
+ r2.in.unknown1 = r->in.unknown1;
+ r2.in.unknown2 = r->in.unknown2;
+ r2.out.count = r->out.count;
+ r2.out.names = r->out.names;
+
+ status = lsa_LookupSids2(dce_call, mem_ctx, &r2);
if (dce_call->fault_code != 0) {
return status;
}
- r->out.domains = r3.out.domains;
- r->out.names = r3.out.names;
- r->out.count = r3.out.count;
+ r->out.domains = r2.out.domains;
+ r->out.names = r2.out.names;
+ r->out.count = r2.out.count;
return status;
}
/*
- lsa_LookupNames4
+ lsa_LookupNames3
*/
-static NTSTATUS lsa_LookupNames4(struct dcesrv_call_state *dce_call,
+static NTSTATUS lsa_LookupNames3(struct dcesrv_call_state *dce_call,
TALLOC_CTX *mem_ctx,
- struct lsa_LookupNames4 *r)
+ struct lsa_LookupNames3 *r)
{
- struct lsa_policy_state *state;
+ struct lsa_policy_state *policy_state;
+ struct dcesrv_handle *policy_handle;
int i;
NTSTATUS status = NT_STATUS_OK;
- status = lsa_get_policy_state(dce_call, mem_ctx, &state);
- if (!NT_STATUS_IS_OK(status)) {
- return status;
- }
+ DCESRV_PULL_HANDLE(policy_handle, r->in.handle, LSA_HANDLE_POLICY);
+
+ policy_state = policy_handle->data;
r->out.domains = NULL;
r->out.sids->sids[i].sid_index = 0xFFFFFFFF;
r->out.sids->sids[i].unknown = 0;
- status2 = lsa_lookup_name(state, mem_ctx, name, &sid, &atype);
+ status2 = lsa_lookup_name(policy_state, mem_ctx, name, &sid, &atype);
if (!NT_STATUS_IS_OK(status2) || sid->num_auths == 0) {
status = STATUS_SOME_UNMAPPED;
continue;
continue;
}
- status2 = lsa_authority_list(state, mem_ctx, sid, r->out.domains, &sid_index);
+ status2 = lsa_authority_list(policy_state, mem_ctx, sid, r->out.domains, &sid_index);
if (!NT_STATUS_IS_OK(status2)) {
return status2;
}
}
/*
- lsa_LookupNames3
+ lsa_LookupNames4
+
+ Identical to LookupNames3, but doesn't take a policy handle
+
*/
-static NTSTATUS lsa_LookupNames3(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
- struct lsa_LookupNames3 *r)
+static NTSTATUS lsa_LookupNames4(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
+ struct lsa_LookupNames4 *r)
{
- struct lsa_LookupNames4 r2;
+ struct lsa_LookupNames3 r2;
+ struct lsa_OpenPolicy2 pol;
NTSTATUS status;
struct dcesrv_handle *h;
- DCESRV_PULL_HANDLE(h, r->in.handle, LSA_HANDLE_POLICY);
-
+
+ /* No policy handle on the wire, so make one up here */
+ r2.in.handle = talloc(mem_ctx, struct policy_handle);
+ if (!r2.in.handle) {
+ return NT_STATUS_NO_MEMORY;
+ }
+
+ pol.out.handle = r2.in.handle;
+ pol.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
+ pol.in.attr = NULL;
+ pol.in.system_name = NULL;
+ status = lsa_OpenPolicy2(dce_call, mem_ctx, &pol);
+ if (!NT_STATUS_IS_OK(status)) {
+ return status;
+ }
+
+ /* ensure this handle goes away at the end of this call */
+ DCESRV_PULL_HANDLE(h, r2.in.handle, LSA_HANDLE_POLICY);
+ talloc_steal(mem_ctx, h);
+
r2.in.num_names = r->in.num_names;
r2.in.names = r->in.names;
r2.in.sids = r->in.sids;
r2.out.sids = r->out.sids;
r2.out.count = r->out.count;
- status = lsa_LookupNames4(dce_call, mem_ctx, &r2);
+ status = lsa_LookupNames3(dce_call, mem_ctx, &r2);
if (dce_call->fault_code != 0) {
return status;
}