2 Unix SMB/CIFS implementation.
4 endpoint server for the lsarpc pipe
6 Copyright (C) Andrew Tridgell 2004
8 This program is free software; you can redistribute it and/or modify
9 it under the terms of the GNU General Public License as published by
10 the Free Software Foundation; either version 2 of the License, or
11 (at your option) any later version.
13 This program is distributed in the hope that it will be useful,
14 but WITHOUT ANY WARRANTY; without even the implied warranty of
15 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 GNU General Public License for more details.
18 You should have received a copy of the GNU General Public License
19 along with this program; if not, write to the Free Software
20 Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
24 #include "librpc/gen_ndr/ndr_lsa.h"
25 #include "librpc/gen_ndr/ndr_samr.h"
26 #include "rpc_server/dcerpc_server.h"
27 #include "rpc_server/common/common.h"
28 #include "lib/ldb/include/ldb.h"
31 this type allows us to distinguish handle types
40 state associated with a lsa_OpenPolicy() operation
42 struct lsa_policy_state {
44 struct sidmap_context *sidmap;
46 const char *domain_dn;
47 const char *domain_name;
48 struct dom_sid *domain_sid;
49 struct dom_sid *builtin_sid;
54 destroy an open policy. This closes the database connection
56 static void lsa_Policy_destroy(struct dcesrv_connection *conn, struct dcesrv_handle *h)
58 struct lsa_policy_state *state = h->data;
65 static NTSTATUS lsa_Close(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
68 struct dcesrv_handle *h;
70 *r->out.handle = *r->in.handle;
72 DCESRV_PULL_HANDLE(h, r->in.handle, DCESRV_HANDLE_ANY);
74 /* this causes the callback samr_XXX_destroy() to be called by
75 the handle destroy code which destroys the state associated
77 dcesrv_handle_destroy(dce_call->conn, h);
79 ZERO_STRUCTP(r->out.handle);
88 static NTSTATUS lsa_Delete(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
91 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
98 static NTSTATUS lsa_EnumPrivs(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
99 struct lsa_EnumPrivs *r)
101 struct dcesrv_handle *h;
102 struct lsa_policy_state *state;
104 const char *privname;
106 DCESRV_PULL_HANDLE(h, r->in.handle, LSA_HANDLE_POLICY);
110 i = *r->in.resume_handle;
113 while ((privname = sec_privilege_name(i)) &&
114 r->out.privs->count < r->in.max_count) {
115 struct lsa_PrivEntry *e;
117 r->out.privs->privs = talloc_realloc_p(r->out.privs,
119 struct lsa_PrivEntry,
120 r->out.privs->count+1);
121 if (r->out.privs->privs == NULL) {
122 return NT_STATUS_NO_MEMORY;
124 e = &r->out.privs->privs[r->out.privs->count];
127 e->name.string = privname;
128 r->out.privs->count++;
132 *r->in.resume_handle = i;
141 static NTSTATUS lsa_QuerySecurity(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
142 struct lsa_QuerySecurity *r)
144 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
151 static NTSTATUS lsa_SetSecObj(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
152 struct lsa_SetSecObj *r)
154 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
161 static NTSTATUS lsa_ChangePassword(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
162 struct lsa_ChangePassword *r)
164 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
171 static NTSTATUS lsa_OpenPolicy2(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
172 struct lsa_OpenPolicy2 *r)
174 struct lsa_policy_state *state;
175 struct dcesrv_handle *handle;
178 ZERO_STRUCTP(r->out.handle);
180 state = talloc_p(dce_call->conn, struct lsa_policy_state);
182 return NT_STATUS_NO_MEMORY;
185 /* make sure the sam database is accessible */
186 state->sam_ctx = samdb_connect(state);
187 if (state->sam_ctx == NULL) {
189 return NT_STATUS_INVALID_SYSTEM_SERVICE;
192 state->sidmap = sidmap_open(state);
193 if (state->sidmap == NULL) {
195 return NT_STATUS_INVALID_SYSTEM_SERVICE;
198 /* work out the domain_dn - useful for so many calls its worth
200 state->domain_dn = samdb_search_string(state->sam_ctx, state, NULL,
201 "dn", "(&(objectClass=domain)(!(objectclass=builtinDomain)))");
202 if (!state->domain_dn) {
204 return NT_STATUS_NO_SUCH_DOMAIN;
207 sid_str = samdb_search_string(state->sam_ctx, state, NULL,
208 "objectSid", "dn=%s", state->domain_dn);
211 return NT_STATUS_NO_SUCH_DOMAIN;
214 state->domain_sid = dom_sid_parse_talloc(state, sid_str);
215 if (!state->domain_sid) {
217 return NT_STATUS_NO_SUCH_DOMAIN;
220 state->builtin_sid = dom_sid_parse_talloc(state, SID_BUILTIN);
221 if (!state->builtin_sid) {
223 return NT_STATUS_NO_SUCH_DOMAIN;
226 state->domain_name = samdb_search_string(state->sam_ctx, state, NULL,
227 "name", "dn=%s", state->domain_dn);
228 if (!state->domain_name) {
230 return NT_STATUS_NO_SUCH_DOMAIN;
234 handle = dcesrv_handle_new(dce_call->conn, LSA_HANDLE_POLICY);
237 return NT_STATUS_NO_MEMORY;
240 handle->data = state;
241 handle->destroy = lsa_Policy_destroy;
243 state->access_mask = r->in.access_mask;
244 *r->out.handle = handle->wire_handle;
246 /* note that we have completely ignored the attr element of
247 the OpenPolicy. As far as I can tell, this is what w2k3
255 a wrapper around lsa_OpenPolicy2
257 static NTSTATUS lsa_OpenPolicy(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
258 struct lsa_OpenPolicy *r)
260 struct lsa_OpenPolicy2 r2;
262 r2.in.system_name = NULL;
263 r2.in.attr = r->in.attr;
264 r2.in.access_mask = r->in.access_mask;
265 r2.out.handle = r->out.handle;
267 return lsa_OpenPolicy2(dce_call, mem_ctx, &r2);
274 fill in the AccountDomain info
276 static NTSTATUS lsa_info_AccountDomain(struct lsa_policy_state *state, TALLOC_CTX *mem_ctx,
277 struct lsa_DomainInfo *info)
279 const char * const attrs[] = { "objectSid", "name", NULL};
281 struct ldb_message **res;
283 ret = samdb_search(state->sam_ctx, mem_ctx, NULL, &res, attrs,
284 "dn=%s", state->domain_dn);
286 return NT_STATUS_INTERNAL_DB_CORRUPTION;
289 info->name.string = samdb_result_string(res[0], "name", NULL);
290 info->sid = samdb_result_dom_sid(mem_ctx, res[0], "objectSid");
296 fill in the DNS domain info
298 static NTSTATUS lsa_info_DNS(struct lsa_policy_state *state, TALLOC_CTX *mem_ctx,
299 struct lsa_DnsDomainInfo *info)
301 const char * const attrs[] = { "name", "dnsDomain", "objectGUID", "objectSid", NULL };
303 struct ldb_message **res;
305 ret = samdb_search(state->sam_ctx, mem_ctx, NULL, &res, attrs,
306 "dn=%s", state->domain_dn);
308 return NT_STATUS_INTERNAL_DB_CORRUPTION;
311 info->name.string = samdb_result_string(res[0], "name", NULL);
312 info->dns_domain.string = samdb_result_string(res[0], "dnsDomain", NULL);
313 info->dns_forest.string = samdb_result_string(res[0], "dnsDomain", NULL);
314 info->domain_guid = samdb_result_guid(res[0], "objectGUID");
315 info->sid = samdb_result_dom_sid(mem_ctx, res[0], "objectSid");
323 static NTSTATUS lsa_QueryInfoPolicy2(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
324 struct lsa_QueryInfoPolicy2 *r)
326 struct lsa_policy_state *state;
327 struct dcesrv_handle *h;
331 DCESRV_PULL_HANDLE(h, r->in.handle, LSA_HANDLE_POLICY);
335 r->out.info = talloc_p(mem_ctx, union lsa_PolicyInformation);
337 return NT_STATUS_NO_MEMORY;
340 ZERO_STRUCTP(r->out.info);
342 switch (r->in.level) {
343 case LSA_POLICY_INFO_DOMAIN:
344 case LSA_POLICY_INFO_ACCOUNT_DOMAIN:
345 return lsa_info_AccountDomain(state, mem_ctx, &r->out.info->account_domain);
347 case LSA_POLICY_INFO_DNS:
348 return lsa_info_DNS(state, mem_ctx, &r->out.info->dns);
351 return NT_STATUS_INVALID_INFO_CLASS;
357 static NTSTATUS lsa_QueryInfoPolicy(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
358 struct lsa_QueryInfoPolicy *r)
360 struct lsa_QueryInfoPolicy2 r2;
363 r2.in.handle = r->in.handle;
364 r2.in.level = r->in.level;
366 status = lsa_QueryInfoPolicy2(dce_call, mem_ctx, &r2);
368 r->out.info = r2.out.info;
376 static NTSTATUS lsa_SetInfoPolicy(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
377 struct lsa_SetInfoPolicy *r)
379 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
386 static NTSTATUS lsa_ClearAuditLog(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
387 struct lsa_ClearAuditLog *r)
389 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
396 static NTSTATUS lsa_CreateAccount(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
397 struct lsa_CreateAccount *r)
399 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
406 static NTSTATUS lsa_EnumAccounts(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
407 struct lsa_EnumAccounts *r)
409 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
414 lsa_CreateTrustedDomain
416 static NTSTATUS lsa_CreateTrustedDomain(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
417 struct lsa_CreateTrustedDomain *r)
419 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
426 static NTSTATUS lsa_EnumTrustDom(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
427 struct lsa_EnumTrustDom *r)
429 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
434 return the authority name and authority sid, given a sid
436 static NTSTATUS lsa_authority_name(struct lsa_policy_state *state,
437 TALLOC_CTX *mem_ctx, struct dom_sid *sid,
438 const char **authority_name,
439 struct dom_sid **authority_sid)
441 if (dom_sid_in_domain(state->domain_sid, sid)) {
442 *authority_name = state->domain_name;
443 *authority_sid = state->domain_sid;
447 if (dom_sid_in_domain(state->builtin_sid, sid)) {
448 *authority_name = "BUILTIN";
449 *authority_sid = state->builtin_sid;
453 *authority_sid = dom_sid_dup(mem_ctx, sid);
454 if (*authority_sid == NULL) {
455 return NT_STATUS_NO_MEMORY;
457 (*authority_sid)->num_auths = 0;
458 *authority_name = dom_sid_string(mem_ctx, *authority_sid);
459 if (*authority_name == NULL) {
460 return NT_STATUS_NO_MEMORY;
467 add to the lsa_RefDomainList for LookupSids and LookupNames
469 static NTSTATUS lsa_authority_list(struct lsa_policy_state *state, TALLOC_CTX *mem_ctx,
471 struct lsa_RefDomainList *domains,
475 const char *authority_name;
476 struct dom_sid *authority_sid;
479 /* work out the authority name */
480 status = lsa_authority_name(state, mem_ctx, sid,
481 &authority_name, &authority_sid);
482 if (!NT_STATUS_IS_OK(status)) {
486 /* see if we've already done this authority name */
487 for (i=0;i<domains->count;i++) {
488 if (strcmp(authority_name, domains->domains[i].name.string) == 0) {
494 domains->domains = talloc_realloc_p(domains,
496 struct lsa_TrustInformation,
498 if (domains->domains == NULL) {
499 return NT_STATUS_NO_MEMORY;
501 domains->domains[i].name.string = authority_name;
502 domains->domains[i].sid = authority_sid;
510 lookup a name for 1 SID
512 static NTSTATUS lsa_lookup_sid(struct lsa_policy_state *state, TALLOC_CTX *mem_ctx,
513 struct dom_sid *sid, const char *sid_str,
514 const char **name, uint32_t *atype)
517 struct ldb_message **res;
518 const char * const attrs[] = { "sAMAccountName", "sAMAccountType", NULL};
521 ret = samdb_search(state->sam_ctx, mem_ctx, NULL, &res, attrs,
522 "objectSid=%s", sid_str);
524 *name = ldb_msg_find_string(res[0], "sAMAccountName", NULL);
526 return NT_STATUS_NO_MEMORY;
529 *atype = samdb_result_uint(res[0], "sAMAccountType", 0);
534 status = sidmap_allocated_sid_lookup(state->sidmap, mem_ctx, sid, name, atype);
543 static NTSTATUS lsa_LookupSids2(struct dcesrv_call_state *dce_call,
545 struct lsa_LookupSids2 *r)
547 struct lsa_policy_state *state;
548 struct dcesrv_handle *h;
550 NTSTATUS status = NT_STATUS_OK;
552 r->out.domains = NULL;
554 DCESRV_PULL_HANDLE(h, r->in.handle, LSA_HANDLE_POLICY);
558 r->out.domains = talloc_zero_p(mem_ctx, struct lsa_RefDomainList);
559 if (r->out.domains == NULL) {
560 return NT_STATUS_NO_MEMORY;
563 r->out.names = talloc_zero_p(mem_ctx, struct lsa_TransNameArray2);
564 if (r->out.names == NULL) {
565 return NT_STATUS_NO_MEMORY;
570 r->out.names->names = talloc_array_p(r->out.names, struct lsa_TranslatedName2,
571 r->in.sids->num_sids);
572 if (r->out.names->names == NULL) {
573 return NT_STATUS_NO_MEMORY;
576 for (i=0;i<r->in.sids->num_sids;i++) {
577 struct dom_sid *sid = r->in.sids->sids[i].sid;
578 char *sid_str = dom_sid_string(mem_ctx, sid);
580 uint32_t atype, rtype, sid_index;
583 r->out.names->count++;
586 r->out.names->names[i].sid_type = SID_NAME_UNKNOWN;
587 r->out.names->names[i].name.string = sid_str;
588 r->out.names->names[i].sid_index = 0xFFFFFFFF;
589 r->out.names->names[i].unknown = 0;
591 if (sid_str == NULL) {
592 r->out.names->names[i].name.string = "(SIDERROR)";
593 status = STATUS_SOME_UNMAPPED;
597 /* work out the authority name */
598 status2 = lsa_authority_list(state, mem_ctx, sid, r->out.domains, &sid_index);
599 if (!NT_STATUS_IS_OK(status2)) {
603 status2 = lsa_lookup_sid(state, mem_ctx, sid, sid_str,
605 if (!NT_STATUS_IS_OK(status2)) {
606 status = STATUS_SOME_UNMAPPED;
610 rtype = samdb_atype_map(atype);
611 if (rtype == SID_NAME_UNKNOWN) {
612 status = STATUS_SOME_UNMAPPED;
616 r->out.names->names[i].sid_type = rtype;
617 r->out.names->names[i].name.string = name;
618 r->out.names->names[i].sid_index = sid_index;
619 r->out.names->names[i].unknown = 0;
629 static NTSTATUS lsa_LookupSids(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
630 struct lsa_LookupSids *r)
632 struct lsa_LookupSids2 r2;
636 r2.in.handle = r->in.handle;
637 r2.in.sids = r->in.sids;
639 r2.in.level = r->in.level;
640 r2.in.count = r->in.count;
643 r2.out.count = r->out.count;
645 status = lsa_LookupSids2(dce_call, mem_ctx, &r2);
646 if (dce_call->fault_code != 0) {
650 r->out.domains = r2.out.domains;
651 r->out.names = talloc_p(mem_ctx, struct lsa_TransNameArray);
652 if (r->out.names == NULL) {
653 return NT_STATUS_NO_MEMORY;
655 r->out.names->count = r2.out.names->count;
656 r->out.names->names = talloc_array_p(r->out.names, struct lsa_TranslatedName,
657 r->out.names->count);
658 if (r->out.names->names == NULL) {
659 return NT_STATUS_NO_MEMORY;
661 for (i=0;i<r->out.names->count;i++) {
662 r->out.names->names[i].sid_type = r2.out.names->names[i].sid_type;
663 r->out.names->names[i].name.string = r2.out.names->names[i].name.string;
664 r->out.names->names[i].sid_index = r2.out.names->names[i].sid_index;
674 static NTSTATUS lsa_CreateSecret(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
675 struct lsa_CreateSecret *r)
677 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
684 static NTSTATUS lsa_OpenAccount(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
685 struct lsa_OpenAccount *r)
687 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
694 static NTSTATUS lsa_EnumPrivsAccount(struct dcesrv_call_state *dce_call,
696 struct lsa_EnumPrivsAccount *r)
698 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
703 lsa_AddPrivilegesToAccount
705 static NTSTATUS lsa_AddPrivilegesToAccount(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
706 struct lsa_AddPrivilegesToAccount *r)
708 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
713 lsa_RemovePrivilegesFromAccount
715 static NTSTATUS lsa_RemovePrivilegesFromAccount(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
716 struct lsa_RemovePrivilegesFromAccount *r)
718 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
723 lsa_GetQuotasForAccount
725 static NTSTATUS lsa_GetQuotasForAccount(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
726 struct lsa_GetQuotasForAccount *r)
728 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
733 lsa_SetQuotasForAccount
735 static NTSTATUS lsa_SetQuotasForAccount(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
736 struct lsa_SetQuotasForAccount *r)
738 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
743 lsa_GetSystemAccessAccount
745 static NTSTATUS lsa_GetSystemAccessAccount(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
746 struct lsa_GetSystemAccessAccount *r)
748 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
753 lsa_SetSystemAccessAccount
755 static NTSTATUS lsa_SetSystemAccessAccount(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
756 struct lsa_SetSystemAccessAccount *r)
758 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
763 lsa_OpenTrustedDomain
765 static NTSTATUS lsa_OpenTrustedDomain(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
766 struct lsa_OpenTrustedDomain *r)
768 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
773 lsa_QueryTrustedDomainInfo
775 static NTSTATUS lsa_QueryTrustedDomainInfo(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
776 struct lsa_QueryTrustedDomainInfo *r)
778 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
783 lsa_SetInformationTrustedDomain
785 static NTSTATUS lsa_SetInformationTrustedDomain(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
786 struct lsa_SetInformationTrustedDomain *r)
788 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
795 static NTSTATUS lsa_OpenSecret(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
796 struct lsa_OpenSecret *r)
798 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
805 static NTSTATUS lsa_SetSecret(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
806 struct lsa_SetSecret *r)
808 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
815 static NTSTATUS lsa_QuerySecret(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
816 struct lsa_QuerySecret *r)
818 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
825 static NTSTATUS lsa_LookupPrivValue(struct dcesrv_call_state *dce_call,
827 struct lsa_LookupPrivValue *r)
829 struct dcesrv_handle *h;
830 struct lsa_policy_state *state;
833 DCESRV_PULL_HANDLE(h, r->in.handle, LSA_HANDLE_POLICY);
837 id = sec_privilege_id(r->in.name->string);
839 return NT_STATUS_NO_SUCH_PRIVILEGE;
842 r->out.luid->low = id;
843 r->out.luid->high = 0;
852 static NTSTATUS lsa_LookupPrivName(struct dcesrv_call_state *dce_call,
854 struct lsa_LookupPrivName *r)
856 struct dcesrv_handle *h;
857 struct lsa_policy_state *state;
858 const char *privname;
860 DCESRV_PULL_HANDLE(h, r->in.handle, LSA_HANDLE_POLICY);
864 if (r->in.luid->high != 0) {
865 return NT_STATUS_NO_SUCH_PRIVILEGE;
868 privname = sec_privilege_name(r->in.luid->low);
869 if (privname == NULL) {
870 return NT_STATUS_NO_SUCH_PRIVILEGE;
873 r->out.name = talloc_p(mem_ctx, struct lsa_String);
874 if (r->out.name == NULL) {
875 return NT_STATUS_NO_MEMORY;
877 r->out.name->string = privname;
884 lsa_LookupPrivDisplayName
886 static NTSTATUS lsa_LookupPrivDisplayName(struct dcesrv_call_state *dce_call,
888 struct lsa_LookupPrivDisplayName *r)
890 struct dcesrv_handle *h;
891 struct lsa_policy_state *state;
894 DCESRV_PULL_HANDLE(h, r->in.handle, LSA_HANDLE_POLICY);
898 id = sec_privilege_id(r->in.name->string);
900 return NT_STATUS_NO_SUCH_PRIVILEGE;
903 r->out.disp_name = talloc_p(mem_ctx, struct lsa_String);
904 if (r->out.disp_name == NULL) {
905 return NT_STATUS_NO_MEMORY;
908 r->out.disp_name->string = sec_privilege_display_name(id, r->in.language_id);
909 if (r->out.disp_name->string == NULL) {
910 return NT_STATUS_INTERNAL_ERROR;
920 static NTSTATUS lsa_DeleteObject(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
921 struct lsa_DeleteObject *r)
923 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
928 lsa_EnumAccountsWithUserRight
930 static NTSTATUS lsa_EnumAccountsWithUserRight(struct dcesrv_call_state *dce_call,
932 struct lsa_EnumAccountsWithUserRight *r)
934 struct dcesrv_handle *h;
935 struct lsa_policy_state *state;
937 struct ldb_message **res;
938 const char * const attrs[] = { "objectSid", NULL};
939 const char *privname;
941 DCESRV_PULL_HANDLE(h, r->in.handle, LSA_HANDLE_POLICY);
945 if (r->in.name == NULL) {
946 return NT_STATUS_NO_SUCH_PRIVILEGE;
949 privname = r->in.name->string;
950 if (sec_privilege_id(privname) == -1) {
951 return NT_STATUS_NO_SUCH_PRIVILEGE;
954 ret = samdb_search(state->sam_ctx, mem_ctx, NULL, &res, attrs,
955 "privilege=%s", privname);
957 return NT_STATUS_NO_SUCH_USER;
960 r->out.sids->sids = talloc_array_p(r->out.sids, struct lsa_SidPtr, ret);
961 if (r->out.sids->sids == NULL) {
962 return NT_STATUS_NO_MEMORY;
964 for (i=0;i<ret;i++) {
966 sidstr = samdb_result_string(res[i], "objectSid", NULL);
967 if (sidstr == NULL) {
968 return NT_STATUS_NO_MEMORY;
970 r->out.sids->sids[i].sid = dom_sid_parse_talloc(r->out.sids->sids,
972 if (r->out.sids->sids[i].sid == NULL) {
973 return NT_STATUS_NO_MEMORY;
976 r->out.sids->num_sids = ret;
983 lsa_EnumAccountRights
985 static NTSTATUS lsa_EnumAccountRights(struct dcesrv_call_state *dce_call,
987 struct lsa_EnumAccountRights *r)
989 struct dcesrv_handle *h;
990 struct lsa_policy_state *state;
992 struct ldb_message **res;
993 const char * const attrs[] = { "privilege", NULL};
995 struct ldb_message_element *el;
997 DCESRV_PULL_HANDLE(h, r->in.handle, LSA_HANDLE_POLICY);
1001 sidstr = dom_sid_string(mem_ctx, r->in.sid);
1002 if (sidstr == NULL) {
1003 return NT_STATUS_NO_MEMORY;
1006 ret = samdb_search(state->sam_ctx, mem_ctx, NULL, &res, attrs,
1007 "objectSid=%s", sidstr);
1009 return NT_STATUS_OBJECT_NAME_NOT_FOUND;
1012 el = ldb_msg_find_element(res[0], "privilege");
1013 if (el == NULL || el->num_values == 0) {
1014 return NT_STATUS_OBJECT_NAME_NOT_FOUND;
1017 r->out.rights->count = el->num_values;
1018 r->out.rights->names = talloc_array_p(r->out.rights,
1019 struct lsa_String, r->out.rights->count);
1020 if (r->out.rights->names == NULL) {
1021 return NT_STATUS_NO_MEMORY;
1024 for (i=0;i<el->num_values;i++) {
1025 r->out.rights->names[i].string = el->values[i].data;
1028 return NT_STATUS_OK;
1033 helper for lsa_AddAccountRights and lsa_RemoveAccountRights
1035 static NTSTATUS lsa_AddRemoveAccountRights(struct dcesrv_call_state *dce_call,
1036 TALLOC_CTX *mem_ctx,
1037 struct lsa_policy_state *state,
1039 const struct dom_sid *sid,
1040 const struct lsa_RightSet *rights)
1043 struct ldb_message msg;
1044 struct ldb_message_element el;
1048 sidstr = dom_sid_string(mem_ctx, sid);
1049 if (sidstr == NULL) {
1050 return NT_STATUS_NO_MEMORY;
1053 dn = samdb_search_string(state->sam_ctx, mem_ctx, NULL, "dn",
1054 "objectSid=%s", sidstr);
1056 return NT_STATUS_NO_SUCH_USER;
1059 msg.dn = talloc_strdup(mem_ctx, dn);
1060 if (msg.dn == NULL) {
1061 return NT_STATUS_NO_MEMORY;
1063 msg.num_elements = 1;
1065 el.flags = ldb_flag;
1066 el.name = talloc_strdup(mem_ctx, "privilege");
1067 if (el.name == NULL) {
1068 return NT_STATUS_NO_MEMORY;
1070 el.num_values = rights->count;
1071 el.values = talloc_array_p(mem_ctx, struct ldb_val, el.num_values);
1072 if (el.values == NULL) {
1073 return NT_STATUS_NO_MEMORY;
1075 for (i=0;i<el.num_values;i++) {
1076 if (sec_privilege_id(rights->names[i].string) == -1) {
1077 return NT_STATUS_NO_SUCH_PRIVILEGE;
1079 el.values[i].length = strlen(rights->names[i].string);
1080 el.values[i].data = talloc_strdup(mem_ctx, rights->names[i].string);
1081 if (el.values[i].data == NULL) {
1082 return NT_STATUS_NO_MEMORY;
1086 ret = samdb_modify(state->sam_ctx, mem_ctx, &msg);
1088 if (ldb_flag == LDB_FLAG_MOD_DELETE) {
1089 return NT_STATUS_OBJECT_NAME_NOT_FOUND;
1091 return NT_STATUS_UNEXPECTED_IO_ERROR;
1094 return NT_STATUS_OK;
1098 lsa_AddAccountRights
1100 static NTSTATUS lsa_AddAccountRights(struct dcesrv_call_state *dce_call,
1101 TALLOC_CTX *mem_ctx,
1102 struct lsa_AddAccountRights *r)
1104 struct dcesrv_handle *h;
1105 struct lsa_policy_state *state;
1107 DCESRV_PULL_HANDLE(h, r->in.handle, LSA_HANDLE_POLICY);
1111 return lsa_AddRemoveAccountRights(dce_call, mem_ctx, state,
1113 r->in.sid, r->in.rights);
1118 lsa_RemoveAccountRights
1120 static NTSTATUS lsa_RemoveAccountRights(struct dcesrv_call_state *dce_call,
1121 TALLOC_CTX *mem_ctx,
1122 struct lsa_RemoveAccountRights *r)
1124 struct dcesrv_handle *h;
1125 struct lsa_policy_state *state;
1127 DCESRV_PULL_HANDLE(h, r->in.handle, LSA_HANDLE_POLICY);
1131 return lsa_AddRemoveAccountRights(dce_call, mem_ctx, state,
1132 LDB_FLAG_MOD_DELETE,
1133 r->in.sid, r->in.rights);
1138 lsa_QueryTrustedDomainInfoBySid
1140 static NTSTATUS lsa_QueryTrustedDomainInfoBySid(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
1141 struct lsa_QueryTrustedDomainInfoBySid *r)
1143 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
1148 lsa_SetTrustDomainInfo
1150 static NTSTATUS lsa_SetTrustDomainInfo(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
1151 struct lsa_SetTrustDomainInfo *r)
1153 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
1158 lsa_DeleteTrustDomain
1160 static NTSTATUS lsa_DeleteTrustDomain(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
1161 struct lsa_DeleteTrustDomain *r)
1163 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
1168 lsa_StorePrivateData
1170 static NTSTATUS lsa_StorePrivateData(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
1171 struct lsa_StorePrivateData *r)
1173 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
1178 lsa_RetrievePrivateData
1180 static NTSTATUS lsa_RetrievePrivateData(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
1181 struct lsa_RetrievePrivateData *r)
1183 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
1190 static NTSTATUS lsa_GetUserName(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
1191 struct lsa_GetUserName *r)
1193 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
1199 static NTSTATUS lsa_SetInfoPolicy2(struct dcesrv_call_state *dce_call,
1200 TALLOC_CTX *mem_ctx,
1201 struct lsa_SetInfoPolicy2 *r)
1203 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
1207 lsa_QueryTrustedDomainInfoByName
1209 static NTSTATUS lsa_QueryTrustedDomainInfoByName(struct dcesrv_call_state *dce_call,
1210 TALLOC_CTX *mem_ctx,
1211 struct lsa_QueryTrustedDomainInfoByName *r)
1213 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
1217 lsa_SetTrustedDomainInfoByName
1219 static NTSTATUS lsa_SetTrustedDomainInfoByName(struct dcesrv_call_state *dce_call,
1220 TALLOC_CTX *mem_ctx,
1221 struct lsa_SetTrustedDomainInfoByName *r)
1223 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
1227 lsa_EnumTrustedDomainsEx
1229 static NTSTATUS lsa_EnumTrustedDomainsEx(struct dcesrv_call_state *dce_call,
1230 TALLOC_CTX *mem_ctx,
1231 struct lsa_EnumTrustedDomainsEx *r)
1233 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
1237 lsa_CreateTrustedDomainEx
1239 static NTSTATUS lsa_CreateTrustedDomainEx(struct dcesrv_call_state *dce_call,
1240 TALLOC_CTX *mem_ctx,
1241 struct lsa_CreateTrustedDomainEx *r)
1243 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
1247 lsa_CloseTrustedDomainEx
1249 static NTSTATUS lsa_CloseTrustedDomainEx(struct dcesrv_call_state *dce_call,
1250 TALLOC_CTX *mem_ctx,
1251 struct lsa_CloseTrustedDomainEx *r)
1253 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
1257 lsa_QueryDomainInformationPolicy
1259 static NTSTATUS lsa_QueryDomainInformationPolicy(struct dcesrv_call_state *dce_call,
1260 TALLOC_CTX *mem_ctx,
1261 struct lsa_QueryDomainInformationPolicy *r)
1263 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
1267 lsa_SetDomInfoPolicy
1269 static NTSTATUS lsa_SetDomInfoPolicy(struct dcesrv_call_state *dce_call,
1270 TALLOC_CTX *mem_ctx,
1271 struct lsa_SetDomInfoPolicy *r)
1273 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
1277 lsa_OpenTrustedDomainByName
1279 static NTSTATUS lsa_OpenTrustedDomainByName(struct dcesrv_call_state *dce_call,
1280 TALLOC_CTX *mem_ctx,
1281 struct lsa_OpenTrustedDomainByName *r)
1283 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
1289 static NTSTATUS lsa_TestCall(struct dcesrv_call_state *dce_call,
1290 TALLOC_CTX *mem_ctx,
1291 struct lsa_TestCall *r)
1293 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
1297 lookup a SID for 1 name
1299 static NTSTATUS lsa_lookup_name(struct lsa_policy_state *state, TALLOC_CTX *mem_ctx,
1300 const char *name, struct dom_sid **sid, uint32_t *atype)
1303 struct ldb_message **res;
1304 const char * const attrs[] = { "objectSid", "sAMAccountType", NULL};
1306 ret = samdb_search(state->sam_ctx, mem_ctx, NULL, &res, attrs, "sAMAccountName=%s", name);
1308 const char *sid_str = ldb_msg_find_string(res[0], "objectSid", NULL);
1309 if (sid_str == NULL) {
1310 return NT_STATUS_INVALID_SID;
1313 *sid = dom_sid_parse_talloc(mem_ctx, sid_str);
1315 return NT_STATUS_INVALID_SID;
1318 *atype = samdb_result_uint(res[0], "sAMAccountType", 0);
1320 return NT_STATUS_OK;
1323 /* need to add a call into sidmap to check for a allocated sid */
1325 return NT_STATUS_INVALID_SID;
1331 static NTSTATUS lsa_LookupNames2(struct dcesrv_call_state *dce_call,
1332 TALLOC_CTX *mem_ctx,
1333 struct lsa_LookupNames2 *r)
1335 struct lsa_policy_state *state;
1336 struct dcesrv_handle *h;
1338 NTSTATUS status = NT_STATUS_OK;
1340 r->out.domains = NULL;
1342 DCESRV_PULL_HANDLE(h, r->in.handle, LSA_HANDLE_POLICY);
1346 r->out.domains = talloc_zero_p(mem_ctx, struct lsa_RefDomainList);
1347 if (r->out.domains == NULL) {
1348 return NT_STATUS_NO_MEMORY;
1351 r->out.sids = talloc_zero_p(mem_ctx, struct lsa_TransSidArray2);
1352 if (r->out.sids == NULL) {
1353 return NT_STATUS_NO_MEMORY;
1358 r->out.sids->sids = talloc_array_p(r->out.sids, struct lsa_TranslatedSid2,
1360 if (r->out.sids->sids == NULL) {
1361 return NT_STATUS_NO_MEMORY;
1364 for (i=0;i<r->in.num_names;i++) {
1365 const char *name = r->in.names[i].string;
1366 struct dom_sid *sid;
1367 uint32_t atype, rtype, sid_index;
1370 r->out.sids->count++;
1373 r->out.sids->sids[i].sid_type = SID_NAME_UNKNOWN;
1374 r->out.sids->sids[i].rid = 0xFFFFFFFF;
1375 r->out.sids->sids[i].sid_index = 0xFFFFFFFF;
1376 r->out.sids->sids[i].unknown = 0;
1378 status2 = lsa_lookup_name(state, mem_ctx, name, &sid, &atype);
1379 if (!NT_STATUS_IS_OK(status2) || sid->num_auths == 0) {
1380 status = STATUS_SOME_UNMAPPED;
1384 rtype = samdb_atype_map(atype);
1385 if (rtype == SID_NAME_UNKNOWN) {
1386 status = STATUS_SOME_UNMAPPED;
1390 status2 = lsa_authority_list(state, mem_ctx, sid, r->out.domains, &sid_index);
1391 if (!NT_STATUS_IS_OK(status2)) {
1395 r->out.sids->sids[i].sid_type = rtype;
1396 r->out.sids->sids[i].rid = sid->sub_auths[sid->num_auths-1];
1397 r->out.sids->sids[i].sid_index = sid_index;
1398 r->out.sids->sids[i].unknown = 0;
1407 static NTSTATUS lsa_LookupNames(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
1408 struct lsa_LookupNames *r)
1410 struct lsa_LookupNames2 r2;
1414 r2.in.handle = r->in.handle;
1415 r2.in.num_names = r->in.num_names;
1416 r2.in.names = r->in.names;
1418 r2.in.level = r->in.level;
1419 r2.in.count = r->in.count;
1422 r2.out.count = r->out.count;
1424 status = lsa_LookupNames2(dce_call, mem_ctx, &r2);
1425 if (dce_call->fault_code != 0) {
1429 r->out.domains = r2.out.domains;
1430 r->out.sids = talloc_p(mem_ctx, struct lsa_TransSidArray);
1431 if (r->out.sids == NULL) {
1432 return NT_STATUS_NO_MEMORY;
1434 r->out.sids->count = r2.out.sids->count;
1435 r->out.sids->sids = talloc_array_p(r->out.sids, struct lsa_TranslatedSid,
1436 r->out.sids->count);
1437 if (r->out.sids->sids == NULL) {
1438 return NT_STATUS_NO_MEMORY;
1440 for (i=0;i<r->out.sids->count;i++) {
1441 r->out.sids->sids[i].sid_type = r2.out.sids->sids[i].sid_type;
1442 r->out.sids->sids[i].rid = r2.out.sids->sids[i].rid;
1443 r->out.sids->sids[i].sid_index = r2.out.sids->sids[i].sid_index;
1452 lsa_CreateTrustedDomainEx2
1454 static NTSTATUS lsa_CreateTrustedDomainEx2(struct dcesrv_call_state *dce_call,
1455 TALLOC_CTX *mem_ctx,
1456 struct lsa_CreateTrustedDomainEx2 *r)
1458 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
1461 /* include the generated boilerplate */
1462 #include "librpc/gen_ndr/ndr_lsa_s.c"
git.samba.org / samba.git / blob