s3-lsa: Add and remove trusted domain account
[samba.git] / source3 / rpc_server / lsa / srv_lsa_nt.c
1 /*
2  *  Unix SMB/CIFS implementation.
3  *  RPC Pipe client / server routines
4  *  Copyright (C) Andrew Tridgell              1992-1997,
5  *  Copyright (C) Luke Kenneth Casson Leighton 1996-1997,
6  *  Copyright (C) Paul Ashton                       1997,
7  *  Copyright (C) Jeremy Allison                    2001, 2006.
8  *  Copyright (C) Rafal Szczesniak                  2002,
9  *  Copyright (C) Jim McDonough <jmcd@us.ibm.com>   2002,
10  *  Copyright (C) Simo Sorce                        2003.
11  *  Copyright (C) Gerald (Jerry) Carter             2005.
12  *  Copyright (C) Volker Lendecke                   2005.
13  *  Copyright (C) Guenther Deschner                 2008.
14  *  Copyright (C) Andrew Bartlett                   2010.
15  *
16  *  This program is free software; you can redistribute it and/or modify
17  *  it under the terms of the GNU General Public License as published by
18  *  the Free Software Foundation; either version 3 of the License, or
19  *  (at your option) any later version.
20  *
21  *  This program is distributed in the hope that it will be useful,
22  *  but WITHOUT ANY WARRANTY; without even the implied warranty of
23  *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
24  *  GNU General Public License for more details.
25  *
26  *  You should have received a copy of the GNU General Public License
27  *  along with this program; if not, see <http://www.gnu.org/licenses/>.
28  */
29
30 /* This is the implementation of the lsa server code. */
31
32 #include "includes.h"
33 #include "../librpc/gen_ndr/srv_lsa.h"
34 #include "secrets.h"
35 #include "../librpc/gen_ndr/netlogon.h"
36 #include "rpc_client/init_lsa.h"
37 #include "../libcli/security/security.h"
38 #include "../libcli/security/dom_sid.h"
39 #include "../librpc/gen_ndr/drsblobs.h"
40 #include "../librpc/gen_ndr/ndr_drsblobs.h"
41 #include "../lib/crypto/arcfour.h"
42
43 #undef DBGC_CLASS
44 #define DBGC_CLASS DBGC_RPC_SRV
45
46 #define MAX_LOOKUP_SIDS 0x5000 /* 20480 */
47
48 enum lsa_handle_type {
49         LSA_HANDLE_POLICY_TYPE = 1,
50         LSA_HANDLE_ACCOUNT_TYPE = 2,
51         LSA_HANDLE_TRUST_TYPE = 3};
52
53 struct lsa_info {
54         struct dom_sid sid;
55         const char *name;
56         uint32 access;
57         enum lsa_handle_type type;
58         struct security_descriptor *sd;
59 };
60
61 const struct generic_mapping lsa_account_mapping = {
62         LSA_ACCOUNT_READ,
63         LSA_ACCOUNT_WRITE,
64         LSA_ACCOUNT_EXECUTE,
65         LSA_ACCOUNT_ALL_ACCESS
66 };
67
68 const struct generic_mapping lsa_policy_mapping = {
69         LSA_POLICY_READ,
70         LSA_POLICY_WRITE,
71         LSA_POLICY_EXECUTE,
72         LSA_POLICY_ALL_ACCESS
73 };
74
75 const struct generic_mapping lsa_secret_mapping = {
76         LSA_SECRET_READ,
77         LSA_SECRET_WRITE,
78         LSA_SECRET_EXECUTE,
79         LSA_SECRET_ALL_ACCESS
80 };
81
82 const struct generic_mapping lsa_trusted_domain_mapping = {
83         LSA_TRUSTED_DOMAIN_READ,
84         LSA_TRUSTED_DOMAIN_WRITE,
85         LSA_TRUSTED_DOMAIN_EXECUTE,
86         LSA_TRUSTED_DOMAIN_ALL_ACCESS
87 };
88
89 /***************************************************************************
90  init_lsa_ref_domain_list - adds a domain if it's not already in, returns the index.
91 ***************************************************************************/
92
93 static int init_lsa_ref_domain_list(TALLOC_CTX *mem_ctx,
94                                     struct lsa_RefDomainList *ref,
95                                     const char *dom_name,
96                                     struct dom_sid *dom_sid)
97 {
98         int num = 0;
99
100         if (dom_name != NULL) {
101                 for (num = 0; num < ref->count; num++) {
102                         if (dom_sid_equal(dom_sid, ref->domains[num].sid)) {
103                                 return num;
104                         }
105                 }
106         } else {
107                 num = ref->count;
108         }
109
110         if (num >= LSA_REF_DOMAIN_LIST_MULTIPLIER) {
111                 /* index not found, already at maximum domain limit */
112                 return -1;
113         }
114
115         ref->count = num + 1;
116         ref->max_size = LSA_REF_DOMAIN_LIST_MULTIPLIER;
117
118         ref->domains = TALLOC_REALLOC_ARRAY(mem_ctx, ref->domains,
119                                             struct lsa_DomainInfo, ref->count);
120         if (!ref->domains) {
121                 return -1;
122         }
123
124         ZERO_STRUCT(ref->domains[num]);
125
126         init_lsa_StringLarge(&ref->domains[num].name, dom_name);
127         ref->domains[num].sid = dom_sid_dup(mem_ctx, dom_sid);
128         if (!ref->domains[num].sid) {
129                 return -1;
130         }
131
132         return num;
133 }
134
135
136 /***************************************************************************
137  initialize a lsa_DomainInfo structure.
138  ***************************************************************************/
139
140 static void init_dom_query_3(struct lsa_DomainInfo *r,
141                              const char *name,
142                              struct dom_sid *sid)
143 {
144         init_lsa_StringLarge(&r->name, name);
145         r->sid = sid;
146 }
147
148 /***************************************************************************
149  initialize a lsa_DomainInfo structure.
150  ***************************************************************************/
151
152 static void init_dom_query_5(struct lsa_DomainInfo *r,
153                              const char *name,
154                              struct dom_sid *sid)
155 {
156         init_lsa_StringLarge(&r->name, name);
157         r->sid = sid;
158 }
159
160 /***************************************************************************
161  lookup_lsa_rids. Must be called as root for lookup_name to work.
162  ***************************************************************************/
163
164 static NTSTATUS lookup_lsa_rids(TALLOC_CTX *mem_ctx,
165                                 struct lsa_RefDomainList *ref,
166                                 struct lsa_TranslatedSid *prid,
167                                 uint32_t num_entries,
168                                 struct lsa_String *name,
169                                 int flags,
170                                 uint32_t *pmapped_count)
171 {
172         uint32 mapped_count, i;
173
174         SMB_ASSERT(num_entries <= MAX_LOOKUP_SIDS);
175
176         mapped_count = 0;
177         *pmapped_count = 0;
178
179         for (i = 0; i < num_entries; i++) {
180                 struct dom_sid sid;
181                 uint32 rid;
182                 int dom_idx;
183                 const char *full_name;
184                 const char *domain;
185                 enum lsa_SidType type = SID_NAME_UNKNOWN;
186
187                 /* Split name into domain and user component */
188
189                 /* follow w2k8 behavior and return the builtin domain when no
190                  * input has been passed in */
191
192                 if (name[i].string) {
193                         full_name = name[i].string;
194                 } else {
195                         full_name = "BUILTIN";
196                 }
197
198                 DEBUG(5, ("lookup_lsa_rids: looking up name %s\n", full_name));
199
200                 /* We can ignore the result of lookup_name, it will not touch
201                    "type" if it's not successful */
202
203                 lookup_name(mem_ctx, full_name, flags, &domain, NULL,
204                             &sid, &type);
205
206                 switch (type) {
207                 case SID_NAME_USER:
208                 case SID_NAME_DOM_GRP:
209                 case SID_NAME_DOMAIN:
210                 case SID_NAME_ALIAS:
211                 case SID_NAME_WKN_GRP:
212                         DEBUG(5, ("init_lsa_rids: %s found\n", full_name));
213                         /* Leave these unchanged */
214                         break;
215                 default:
216                         /* Don't hand out anything but the list above */
217                         DEBUG(5, ("init_lsa_rids: %s not found\n", full_name));
218                         type = SID_NAME_UNKNOWN;
219                         break;
220                 }
221
222                 rid = 0;
223                 dom_idx = -1;
224
225                 if (type != SID_NAME_UNKNOWN) {
226                         if (type == SID_NAME_DOMAIN) {
227                                 rid = (uint32_t)-1;
228                         } else {
229                                 sid_split_rid(&sid, &rid);
230                         }
231                         dom_idx = init_lsa_ref_domain_list(mem_ctx, ref, domain, &sid);
232                         mapped_count++;
233                 }
234
235                 prid[i].sid_type        = type;
236                 prid[i].rid             = rid;
237                 prid[i].sid_index       = dom_idx;
238         }
239
240         *pmapped_count = mapped_count;
241         return NT_STATUS_OK;
242 }
243
244 /***************************************************************************
245  lookup_lsa_sids. Must be called as root for lookup_name to work.
246  ***************************************************************************/
247
248 static NTSTATUS lookup_lsa_sids(TALLOC_CTX *mem_ctx,
249                                 struct lsa_RefDomainList *ref,
250                                 struct lsa_TranslatedSid3 *trans_sids,
251                                 uint32_t num_entries,
252                                 struct lsa_String *name,
253                                 int flags,
254                                 uint32 *pmapped_count)
255 {
256         uint32 mapped_count, i;
257
258         SMB_ASSERT(num_entries <= MAX_LOOKUP_SIDS);
259
260         mapped_count = 0;
261         *pmapped_count = 0;
262
263         for (i = 0; i < num_entries; i++) {
264                 struct dom_sid sid;
265                 uint32 rid;
266                 int dom_idx;
267                 const char *full_name;
268                 const char *domain;
269                 enum lsa_SidType type = SID_NAME_UNKNOWN;
270
271                 ZERO_STRUCT(sid);
272
273                 /* Split name into domain and user component */
274
275                 full_name = name[i].string;
276                 if (full_name == NULL) {
277                         return NT_STATUS_NO_MEMORY;
278                 }
279
280                 DEBUG(5, ("init_lsa_sids: looking up name %s\n", full_name));
281
282                 /* We can ignore the result of lookup_name, it will not touch
283                    "type" if it's not successful */
284
285                 lookup_name(mem_ctx, full_name, flags, &domain, NULL,
286                             &sid, &type);
287
288                 switch (type) {
289                 case SID_NAME_USER:
290                 case SID_NAME_DOM_GRP:
291                 case SID_NAME_DOMAIN:
292                 case SID_NAME_ALIAS:
293                 case SID_NAME_WKN_GRP:
294                         DEBUG(5, ("init_lsa_sids: %s found\n", full_name));
295                         /* Leave these unchanged */
296                         break;
297                 default:
298                         /* Don't hand out anything but the list above */
299                         DEBUG(5, ("init_lsa_sids: %s not found\n", full_name));
300                         type = SID_NAME_UNKNOWN;
301                         break;
302                 }
303
304                 rid = 0;
305                 dom_idx = -1;
306
307                 if (type != SID_NAME_UNKNOWN) {
308                         struct dom_sid domain_sid;
309                         sid_copy(&domain_sid, &sid);
310                         sid_split_rid(&domain_sid, &rid);
311                         dom_idx = init_lsa_ref_domain_list(mem_ctx, ref, domain, &domain_sid);
312                         mapped_count++;
313                 }
314
315                 /* Initialize the lsa_TranslatedSid3 return. */
316                 trans_sids[i].sid_type = type;
317                 trans_sids[i].sid = dom_sid_dup(mem_ctx, &sid);
318                 trans_sids[i].sid_index = dom_idx;
319         }
320
321         *pmapped_count = mapped_count;
322         return NT_STATUS_OK;
323 }
324
325 static NTSTATUS make_lsa_object_sd(TALLOC_CTX *mem_ctx, struct security_descriptor **sd, size_t *sd_size,
326                                         const struct generic_mapping *map,
327                                         struct dom_sid *sid, uint32_t sid_access)
328 {
329         struct dom_sid adm_sid;
330         struct security_ace ace[5];
331         size_t i = 0;
332
333         struct security_acl *psa = NULL;
334
335         /* READ|EXECUTE access for Everyone */
336
337         init_sec_ace(&ace[i++], &global_sid_World, SEC_ACE_TYPE_ACCESS_ALLOWED,
338                         map->generic_execute | map->generic_read, 0);
339
340         /* Add Full Access 'BUILTIN\Administrators' and 'BUILTIN\Account Operators */
341
342         init_sec_ace(&ace[i++], &global_sid_Builtin_Administrators,
343                         SEC_ACE_TYPE_ACCESS_ALLOWED, map->generic_all, 0);
344         init_sec_ace(&ace[i++], &global_sid_Builtin_Account_Operators,
345                         SEC_ACE_TYPE_ACCESS_ALLOWED, map->generic_all, 0);
346
347         /* Add Full Access for Domain Admins */
348         sid_compose(&adm_sid, get_global_sam_sid(), DOMAIN_RID_ADMINS);
349         init_sec_ace(&ace[i++], &adm_sid, SEC_ACE_TYPE_ACCESS_ALLOWED,
350                         map->generic_all, 0);
351
352         /* If we have a sid, give it some special access */
353
354         if (sid) {
355                 init_sec_ace(&ace[i++], sid, SEC_ACE_TYPE_ACCESS_ALLOWED,
356                         sid_access, 0);
357         }
358
359         if((psa = make_sec_acl(mem_ctx, NT4_ACL_REVISION, i, ace)) == NULL)
360                 return NT_STATUS_NO_MEMORY;
361
362         if((*sd = make_sec_desc(mem_ctx, SECURITY_DESCRIPTOR_REVISION_1,
363                                 SEC_DESC_SELF_RELATIVE, &adm_sid, NULL, NULL,
364                                 psa, sd_size)) == NULL)
365                 return NT_STATUS_NO_MEMORY;
366
367         return NT_STATUS_OK;
368 }
369
370 /***************************************************************************
371  ***************************************************************************/
372
373 static NTSTATUS create_lsa_policy_handle(TALLOC_CTX *mem_ctx,
374                                          struct pipes_struct *p,
375                                          enum lsa_handle_type type,
376                                          uint32_t acc_granted,
377                                          struct dom_sid *sid,
378                                          const char *name,
379                                          const struct security_descriptor *sd,
380                                          struct policy_handle *handle)
381 {
382         struct lsa_info *info;
383
384         ZERO_STRUCTP(handle);
385
386         info = talloc_zero(mem_ctx, struct lsa_info);
387         if (!info) {
388                 return NT_STATUS_NO_MEMORY;
389         }
390
391         info->type = type;
392         info->access = acc_granted;
393
394         if (sid) {
395                 sid_copy(&info->sid, sid);
396         }
397
398         info->name = talloc_strdup(info, name);
399
400         if (sd) {
401                 info->sd = dup_sec_desc(info, sd);
402                 if (!info->sd) {
403                         talloc_free(info);
404                         return NT_STATUS_NO_MEMORY;
405                 }
406         }
407
408         if (!create_policy_hnd(p, handle, info)) {
409                 talloc_free(info);
410                 ZERO_STRUCTP(handle);
411                 return NT_STATUS_NO_MEMORY;
412         }
413
414         return NT_STATUS_OK;
415 }
416
417 /***************************************************************************
418  _lsa_OpenPolicy2
419  ***************************************************************************/
420
421 NTSTATUS _lsa_OpenPolicy2(struct pipes_struct *p,
422                           struct lsa_OpenPolicy2 *r)
423 {
424         struct security_descriptor *psd = NULL;
425         size_t sd_size;
426         uint32 des_access = r->in.access_mask;
427         uint32 acc_granted;
428         NTSTATUS status;
429
430         /* Work out max allowed. */
431         map_max_allowed_access(p->server_info->security_token,
432                                &p->server_info->utok,
433                                &des_access);
434
435         /* map the generic bits to the lsa policy ones */
436         se_map_generic(&des_access, &lsa_policy_mapping);
437
438         /* get the generic lsa policy SD until we store it */
439         status = make_lsa_object_sd(p->mem_ctx, &psd, &sd_size, &lsa_policy_mapping,
440                         NULL, 0);
441         if (!NT_STATUS_IS_OK(status)) {
442                 return status;
443         }
444
445         status = access_check_object(psd, p->server_info->security_token,
446                                      SEC_PRIV_INVALID, SEC_PRIV_INVALID, 0, des_access,
447                                      &acc_granted, "_lsa_OpenPolicy2" );
448         if (!NT_STATUS_IS_OK(status)) {
449                 return status;
450         }
451
452         status = create_lsa_policy_handle(p->mem_ctx, p,
453                                           LSA_HANDLE_POLICY_TYPE,
454                                           acc_granted,
455                                           get_global_sam_sid(),
456                                           NULL,
457                                           psd,
458                                           r->out.handle);
459         if (!NT_STATUS_IS_OK(status)) {
460                 return NT_STATUS_OBJECT_NAME_NOT_FOUND;
461         }
462
463         return NT_STATUS_OK;
464 }
465
466 /***************************************************************************
467  _lsa_OpenPolicy
468  ***************************************************************************/
469
470 NTSTATUS _lsa_OpenPolicy(struct pipes_struct *p,
471                          struct lsa_OpenPolicy *r)
472 {
473         struct lsa_OpenPolicy2 o;
474
475         o.in.system_name        = NULL; /* should be ignored */
476         o.in.attr               = r->in.attr;
477         o.in.access_mask        = r->in.access_mask;
478
479         o.out.handle            = r->out.handle;
480
481         return _lsa_OpenPolicy2(p, &o);
482 }
483
484 /***************************************************************************
485  _lsa_EnumTrustDom - this needs fixing to do more than return NULL ! JRA.
486  ufff, done :)  mimir
487  ***************************************************************************/
488
489 NTSTATUS _lsa_EnumTrustDom(struct pipes_struct *p,
490                            struct lsa_EnumTrustDom *r)
491 {
492         struct lsa_info *info;
493         uint32_t count;
494         struct trustdom_info **domains;
495         struct lsa_DomainInfo *entries;
496         int i;
497         NTSTATUS nt_status;
498
499         if (!find_policy_by_hnd(p, r->in.handle, (void **)(void *)&info))
500                 return NT_STATUS_INVALID_HANDLE;
501
502         if (info->type != LSA_HANDLE_POLICY_TYPE) {
503                 return NT_STATUS_INVALID_HANDLE;
504         }
505
506         /* check if the user has enough rights */
507         if (!(info->access & LSA_POLICY_VIEW_LOCAL_INFORMATION))
508                 return NT_STATUS_ACCESS_DENIED;
509
510         become_root();
511         nt_status = pdb_enum_trusteddoms(p->mem_ctx, &count, &domains);
512         unbecome_root();
513
514         if (!NT_STATUS_IS_OK(nt_status)) {
515                 return nt_status;
516         }
517
518         entries = TALLOC_ZERO_ARRAY(p->mem_ctx, struct lsa_DomainInfo, count);
519         if (!entries) {
520                 return NT_STATUS_NO_MEMORY;
521         }
522
523         for (i=0; i<count; i++) {
524                 init_lsa_StringLarge(&entries[i].name, domains[i]->name);
525                 entries[i].sid = &domains[i]->sid;
526         }
527
528         if (*r->in.resume_handle >= count) {
529                 *r->out.resume_handle = -1;
530                 TALLOC_FREE(entries);
531                 return NT_STATUS_NO_MORE_ENTRIES;
532         }
533
534         /* return the rest, limit by max_size. Note that we
535            use the w2k3 element size value of 60 */
536         r->out.domains->count = count - *r->in.resume_handle;
537         r->out.domains->count = MIN(r->out.domains->count,
538                                  1+(r->in.max_size/LSA_ENUM_TRUST_DOMAIN_MULTIPLIER));
539
540         r->out.domains->domains = entries + *r->in.resume_handle;
541
542         if (r->out.domains->count < count - *r->in.resume_handle) {
543                 *r->out.resume_handle = *r->in.resume_handle + r->out.domains->count;
544                 return STATUS_MORE_ENTRIES;
545         }
546
547         /* according to MS-LSAD 3.1.4.7.8 output resume handle MUST
548          * always be larger than the previous input resume handle, in
549          * particular when hitting the last query it is vital to set the
550          * resume handle correctly to avoid infinite client loops, as
551          * seen e.g. with Windows XP SP3 when resume handle is 0 and
552          * status is NT_STATUS_OK - gd */
553
554         *r->out.resume_handle = (uint32_t)-1;
555
556         return NT_STATUS_OK;
557 }
558
559 #define LSA_AUDIT_NUM_CATEGORIES_NT4    7
560 #define LSA_AUDIT_NUM_CATEGORIES_WIN2K  9
561 #define LSA_AUDIT_NUM_CATEGORIES LSA_AUDIT_NUM_CATEGORIES_NT4
562
563 /***************************************************************************
564  _lsa_QueryInfoPolicy
565  ***************************************************************************/
566
567 NTSTATUS _lsa_QueryInfoPolicy(struct pipes_struct *p,
568                               struct lsa_QueryInfoPolicy *r)
569 {
570         NTSTATUS status = NT_STATUS_OK;
571         struct lsa_info *handle;
572         struct dom_sid domain_sid;
573         const char *name;
574         struct dom_sid *sid = NULL;
575         union lsa_PolicyInformation *info = NULL;
576         uint32_t acc_required = 0;
577
578         if (!find_policy_by_hnd(p, r->in.handle, (void **)(void *)&handle))
579                 return NT_STATUS_INVALID_HANDLE;
580
581         if (handle->type != LSA_HANDLE_POLICY_TYPE) {
582                 return NT_STATUS_INVALID_HANDLE;
583         }
584
585         switch (r->in.level) {
586         case LSA_POLICY_INFO_AUDIT_LOG:
587         case LSA_POLICY_INFO_AUDIT_EVENTS:
588                 acc_required = LSA_POLICY_VIEW_AUDIT_INFORMATION;
589                 break;
590         case LSA_POLICY_INFO_DOMAIN:
591                 acc_required = LSA_POLICY_VIEW_LOCAL_INFORMATION;
592                 break;
593         case LSA_POLICY_INFO_PD:
594                 acc_required = LSA_POLICY_GET_PRIVATE_INFORMATION;
595                 break;
596         case LSA_POLICY_INFO_ACCOUNT_DOMAIN:
597                 acc_required = LSA_POLICY_VIEW_LOCAL_INFORMATION;
598                 break;
599         case LSA_POLICY_INFO_ROLE:
600         case LSA_POLICY_INFO_REPLICA:
601                 acc_required = LSA_POLICY_VIEW_LOCAL_INFORMATION;
602                 break;
603         case LSA_POLICY_INFO_QUOTA:
604                 acc_required = LSA_POLICY_VIEW_LOCAL_INFORMATION;
605                 break;
606         case LSA_POLICY_INFO_MOD:
607         case LSA_POLICY_INFO_AUDIT_FULL_SET:
608                 /* according to MS-LSAD 3.1.4.4.3 */
609                 return NT_STATUS_INVALID_PARAMETER;
610         case LSA_POLICY_INFO_AUDIT_FULL_QUERY:
611                 acc_required = LSA_POLICY_VIEW_AUDIT_INFORMATION;
612                 break;
613         case LSA_POLICY_INFO_DNS:
614         case LSA_POLICY_INFO_DNS_INT:
615         case LSA_POLICY_INFO_L_ACCOUNT_DOMAIN:
616                 acc_required = LSA_POLICY_VIEW_LOCAL_INFORMATION;
617                 break;
618         default:
619                 break;
620         }
621
622         if (!(handle->access & acc_required)) {
623                 /* return NT_STATUS_ACCESS_DENIED; */
624         }
625
626         info = TALLOC_ZERO_P(p->mem_ctx, union lsa_PolicyInformation);
627         if (!info) {
628                 return NT_STATUS_NO_MEMORY;
629         }
630
631         switch (r->in.level) {
632         /* according to MS-LSAD 3.1.4.4.3 */
633         case LSA_POLICY_INFO_MOD:
634         case LSA_POLICY_INFO_AUDIT_FULL_SET:
635         case LSA_POLICY_INFO_AUDIT_FULL_QUERY:
636                 return NT_STATUS_INVALID_PARAMETER;
637         case LSA_POLICY_INFO_AUDIT_LOG:
638                 info->audit_log.percent_full            = 0;
639                 info->audit_log.maximum_log_size        = 0;
640                 info->audit_log.retention_time          = 0;
641                 info->audit_log.shutdown_in_progress    = 0;
642                 info->audit_log.time_to_shutdown        = 0;
643                 info->audit_log.next_audit_record       = 0;
644                 status = NT_STATUS_OK;
645                 break;
646         case LSA_POLICY_INFO_PD:
647                 info->pd.name.string                    = NULL;
648                 status = NT_STATUS_OK;
649                 break;
650         case LSA_POLICY_INFO_REPLICA:
651                 info->replica.source.string             = NULL;
652                 info->replica.account.string            = NULL;
653                 status = NT_STATUS_OK;
654                 break;
655         case LSA_POLICY_INFO_QUOTA:
656                 info->quota.paged_pool                  = 0;
657                 info->quota.non_paged_pool              = 0;
658                 info->quota.min_wss                     = 0;
659                 info->quota.max_wss                     = 0;
660                 info->quota.pagefile                    = 0;
661                 info->quota.unknown                     = 0;
662                 status = NT_STATUS_OK;
663                 break;
664         case LSA_POLICY_INFO_AUDIT_EVENTS:
665                 {
666
667                 uint32 policy_def = LSA_AUDIT_POLICY_ALL;
668
669                 /* check if the user has enough rights */
670                 if (!(handle->access & LSA_POLICY_VIEW_AUDIT_INFORMATION)) {
671                         DEBUG(10,("_lsa_QueryInfoPolicy: insufficient access rights\n"));
672                         return NT_STATUS_ACCESS_DENIED;
673                 }
674
675                 /* fake info: We audit everything. ;) */
676
677                 info->audit_events.auditing_mode = true;
678                 info->audit_events.count = LSA_AUDIT_NUM_CATEGORIES;
679                 info->audit_events.settings = TALLOC_ZERO_ARRAY(p->mem_ctx,
680                                                                 enum lsa_PolicyAuditPolicy,
681                                                                 info->audit_events.count);
682                 if (!info->audit_events.settings) {
683                         return NT_STATUS_NO_MEMORY;
684                 }
685
686                 info->audit_events.settings[LSA_AUDIT_CATEGORY_ACCOUNT_MANAGEMENT] = policy_def;
687                 info->audit_events.settings[LSA_AUDIT_CATEGORY_FILE_AND_OBJECT_ACCESS] = policy_def;
688                 info->audit_events.settings[LSA_AUDIT_CATEGORY_LOGON] = policy_def;
689                 info->audit_events.settings[LSA_AUDIT_CATEGORY_PROCCESS_TRACKING] = policy_def;
690                 info->audit_events.settings[LSA_AUDIT_CATEGORY_SECURITY_POLICY_CHANGES] = policy_def;
691                 info->audit_events.settings[LSA_AUDIT_CATEGORY_SYSTEM] = policy_def;
692                 info->audit_events.settings[LSA_AUDIT_CATEGORY_USE_OF_USER_RIGHTS] = policy_def;
693
694                 break;
695                 }
696         case LSA_POLICY_INFO_DOMAIN:
697                 /* check if the user has enough rights */
698                 if (!(handle->access & LSA_POLICY_VIEW_LOCAL_INFORMATION))
699                         return NT_STATUS_ACCESS_DENIED;
700
701                 /* Request PolicyPrimaryDomainInformation. */
702                 switch (lp_server_role()) {
703                         case ROLE_DOMAIN_PDC:
704                         case ROLE_DOMAIN_BDC:
705                                 name = get_global_sam_name();
706                                 sid = dom_sid_dup(p->mem_ctx, get_global_sam_sid());
707                                 if (!sid) {
708                                         return NT_STATUS_NO_MEMORY;
709                                 }
710                                 break;
711                         case ROLE_DOMAIN_MEMBER:
712                                 name = lp_workgroup();
713                                 /* We need to return the Domain SID here. */
714                                 if (secrets_fetch_domain_sid(lp_workgroup(), &domain_sid)) {
715                                         sid = dom_sid_dup(p->mem_ctx, &domain_sid);
716                                         if (!sid) {
717                                                 return NT_STATUS_NO_MEMORY;
718                                         }
719                                 } else {
720                                         return NT_STATUS_CANT_ACCESS_DOMAIN_INFO;
721                                 }
722                                 break;
723                         case ROLE_STANDALONE:
724                                 name = lp_workgroup();
725                                 sid = NULL;
726                                 break;
727                         default:
728                                 return NT_STATUS_CANT_ACCESS_DOMAIN_INFO;
729                 }
730                 init_dom_query_3(&info->domain, name, sid);
731                 break;
732         case LSA_POLICY_INFO_ACCOUNT_DOMAIN:
733                 /* check if the user has enough rights */
734                 if (!(handle->access & LSA_POLICY_VIEW_LOCAL_INFORMATION))
735                         return NT_STATUS_ACCESS_DENIED;
736
737                 /* Request PolicyAccountDomainInformation. */
738                 name = get_global_sam_name();
739                 sid = get_global_sam_sid();
740
741                 init_dom_query_5(&info->account_domain, name, sid);
742                 break;
743         case LSA_POLICY_INFO_ROLE:
744                 /* check if the user has enough rights */
745                 if (!(handle->access & LSA_POLICY_VIEW_LOCAL_INFORMATION))
746                         return NT_STATUS_ACCESS_DENIED;
747
748                 switch (lp_server_role()) {
749                         case ROLE_DOMAIN_BDC:
750                                 /*
751                                  * only a BDC is a backup controller
752                                  * of the domain, it controls.
753                                  */
754                                 info->role.role = LSA_ROLE_BACKUP;
755                                 break;
756                         default:
757                                 /*
758                                  * any other role is a primary
759                                  * of the domain, it controls.
760                                  */
761                                 info->role.role = LSA_ROLE_PRIMARY;
762                                 break;
763                 }
764                 break;
765         case LSA_POLICY_INFO_DNS:
766         case LSA_POLICY_INFO_DNS_INT: {
767                 struct pdb_domain_info *dominfo;
768
769                 if ((pdb_capabilities() & PDB_CAP_ADS) == 0) {
770                         DEBUG(10, ("Not replying to LSA_POLICY_INFO_DNS "
771                                    "without ADS passdb backend\n"));
772                         status = NT_STATUS_INVALID_INFO_CLASS;
773                         break;
774                 }
775
776                 dominfo = pdb_get_domain_info(info);
777                 if (dominfo == NULL) {
778                         status = NT_STATUS_NO_MEMORY;
779                         break;
780                 }
781
782                 init_lsa_StringLarge(&info->dns.name,
783                                      dominfo->name);
784                 init_lsa_StringLarge(&info->dns.dns_domain,
785                                      dominfo->dns_domain);
786                 init_lsa_StringLarge(&info->dns.dns_forest,
787                                      dominfo->dns_forest);
788                 info->dns.domain_guid = dominfo->guid;
789                 info->dns.sid = &dominfo->sid;
790                 break;
791         }
792         default:
793                 DEBUG(0,("_lsa_QueryInfoPolicy: unknown info level in Lsa Query: %d\n",
794                         r->in.level));
795                 status = NT_STATUS_INVALID_INFO_CLASS;
796                 break;
797         }
798
799         *r->out.info = info;
800
801         return status;
802 }
803
804 /***************************************************************************
805  _lsa_QueryInfoPolicy2
806  ***************************************************************************/
807
808 NTSTATUS _lsa_QueryInfoPolicy2(struct pipes_struct *p,
809                                struct lsa_QueryInfoPolicy2 *r2)
810 {
811         struct lsa_QueryInfoPolicy r;
812
813         if ((pdb_capabilities() & PDB_CAP_ADS) == 0) {
814                 p->rng_fault_state = True;
815                 return NT_STATUS_NOT_IMPLEMENTED;
816         }
817
818         ZERO_STRUCT(r);
819         r.in.handle = r2->in.handle;
820         r.in.level = r2->in.level;
821         r.out.info = r2->out.info;
822
823         return _lsa_QueryInfoPolicy(p, &r);
824 }
825
826 /***************************************************************************
827  _lsa_lookup_sids_internal
828  ***************************************************************************/
829
830 static NTSTATUS _lsa_lookup_sids_internal(struct pipes_struct *p,
831                                           TALLOC_CTX *mem_ctx,
832                                           uint16_t level,                       /* input */
833                                           int num_sids,                         /* input */
834                                           struct lsa_SidPtr *sid,               /* input */
835                                           struct lsa_RefDomainList **pp_ref,    /* input/output */
836                                           struct lsa_TranslatedName2 **pp_names,/* input/output */
837                                           uint32_t *pp_mapped_count)            /* input/output */
838 {
839         NTSTATUS status;
840         int i;
841         const struct dom_sid **sids = NULL;
842         struct lsa_RefDomainList *ref = NULL;
843         uint32 mapped_count = 0;
844         struct lsa_dom_info *dom_infos = NULL;
845         struct lsa_name_info *name_infos = NULL;
846         struct lsa_TranslatedName2 *names = NULL;
847
848         *pp_mapped_count = 0;
849         *pp_names = NULL;
850         *pp_ref = NULL;
851
852         if (num_sids == 0) {
853                 return NT_STATUS_OK;
854         }
855
856         sids = TALLOC_ARRAY(p->mem_ctx, const struct dom_sid *, num_sids);
857         ref = TALLOC_ZERO_P(p->mem_ctx, struct lsa_RefDomainList);
858
859         if (sids == NULL || ref == NULL) {
860                 return NT_STATUS_NO_MEMORY;
861         }
862
863         for (i=0; i<num_sids; i++) {
864                 sids[i] = sid[i].sid;
865         }
866
867         status = lookup_sids(p->mem_ctx, num_sids, sids, level,
868                                   &dom_infos, &name_infos);
869
870         if (!NT_STATUS_IS_OK(status)) {
871                 return status;
872         }
873
874         names = TALLOC_ARRAY(p->mem_ctx, struct lsa_TranslatedName2, num_sids);
875         if (names == NULL) {
876                 return NT_STATUS_NO_MEMORY;
877         }
878
879         for (i=0; i<LSA_REF_DOMAIN_LIST_MULTIPLIER; i++) {
880
881                 if (!dom_infos[i].valid) {
882                         break;
883                 }
884
885                 if (init_lsa_ref_domain_list(mem_ctx, ref,
886                                              dom_infos[i].name,
887                                              &dom_infos[i].sid) != i) {
888                         DEBUG(0, ("Domain %s mentioned twice??\n",
889                                   dom_infos[i].name));
890                         return NT_STATUS_INTERNAL_ERROR;
891                 }
892         }
893
894         for (i=0; i<num_sids; i++) {
895                 struct lsa_name_info *name = &name_infos[i];
896
897                 if (name->type == SID_NAME_UNKNOWN) {
898                         fstring tmp;
899                         name->dom_idx = -1;
900                         /* Unknown sids should return the string
901                          * representation of the SID. Windows 2003 behaves
902                          * rather erratic here, in many cases it returns the
903                          * RID as 8 bytes hex, in others it returns the full
904                          * SID. We (Jerry/VL) could not figure out which the
905                          * hard cases are, so leave it with the SID.  */
906                         name->name = talloc_asprintf(p->mem_ctx, "%s",
907                                                      sid_to_fstring(tmp,
908                                                                     sids[i]));
909                         if (name->name == NULL) {
910                                 return NT_STATUS_NO_MEMORY;
911                         }
912                 } else {
913                         mapped_count += 1;
914                 }
915
916                 names[i].sid_type       = name->type;
917                 names[i].name.string    = name->name;
918                 names[i].sid_index      = name->dom_idx;
919                 names[i].unknown        = 0;
920         }
921
922         status = NT_STATUS_NONE_MAPPED;
923         if (mapped_count > 0) {
924                 status = (mapped_count < num_sids) ?
925                         STATUS_SOME_UNMAPPED : NT_STATUS_OK;
926         }
927
928         DEBUG(10, ("num_sids %d, mapped_count %d, status %s\n",
929                    num_sids, mapped_count, nt_errstr(status)));
930
931         *pp_mapped_count = mapped_count;
932         *pp_names = names;
933         *pp_ref = ref;
934
935         return status;
936 }
937
938 /***************************************************************************
939  _lsa_LookupSids
940  ***************************************************************************/
941
942 NTSTATUS _lsa_LookupSids(struct pipes_struct *p,
943                          struct lsa_LookupSids *r)
944 {
945         NTSTATUS status;
946         struct lsa_info *handle;
947         int num_sids = r->in.sids->num_sids;
948         uint32 mapped_count = 0;
949         struct lsa_RefDomainList *domains = NULL;
950         struct lsa_TranslatedName *names_out = NULL;
951         struct lsa_TranslatedName2 *names = NULL;
952         int i;
953
954         if ((r->in.level < 1) || (r->in.level > 6)) {
955                 return NT_STATUS_INVALID_PARAMETER;
956         }
957
958         if (!find_policy_by_hnd(p, r->in.handle, (void **)(void *)&handle)) {
959                 return NT_STATUS_INVALID_HANDLE;
960         }
961
962         if (handle->type != LSA_HANDLE_POLICY_TYPE) {
963                 return NT_STATUS_INVALID_HANDLE;
964         }
965
966         /* check if the user has enough rights */
967         if (!(handle->access & LSA_POLICY_LOOKUP_NAMES)) {
968                 return NT_STATUS_ACCESS_DENIED;
969         }
970
971         if (num_sids >  MAX_LOOKUP_SIDS) {
972                 DEBUG(5,("_lsa_LookupSids: limit of %d exceeded, requested %d\n",
973                          MAX_LOOKUP_SIDS, num_sids));
974                 return NT_STATUS_NONE_MAPPED;
975         }
976
977         status = _lsa_lookup_sids_internal(p,
978                                            p->mem_ctx,
979                                            r->in.level,
980                                            num_sids,
981                                            r->in.sids->sids,
982                                            &domains,
983                                            &names,
984                                            &mapped_count);
985
986         /* Only return here when there is a real error.
987            NT_STATUS_NONE_MAPPED is a special case as it indicates that none of
988            the requested sids could be resolved. Older versions of XP (pre SP3)
989            rely that we return with the string representations of those SIDs in
990            that case. If we don't, XP crashes - Guenther
991            */
992
993         if (NT_STATUS_IS_ERR(status) &&
994             !NT_STATUS_EQUAL(status, NT_STATUS_NONE_MAPPED)) {
995                 return status;
996         }
997
998         /* Convert from lsa_TranslatedName2 to lsa_TranslatedName */
999         names_out = TALLOC_ARRAY(p->mem_ctx, struct lsa_TranslatedName,
1000                                  num_sids);
1001         if (!names_out) {
1002                 return NT_STATUS_NO_MEMORY;
1003         }
1004
1005         for (i=0; i<num_sids; i++) {
1006                 names_out[i].sid_type = names[i].sid_type;
1007                 names_out[i].name = names[i].name;
1008                 names_out[i].sid_index = names[i].sid_index;
1009         }
1010
1011         *r->out.domains = domains;
1012         r->out.names->count = num_sids;
1013         r->out.names->names = names_out;
1014         *r->out.count = mapped_count;
1015
1016         return status;
1017 }
1018
1019 /***************************************************************************
1020  _lsa_LookupSids2
1021  ***************************************************************************/
1022
1023 NTSTATUS _lsa_LookupSids2(struct pipes_struct *p,
1024                           struct lsa_LookupSids2 *r)
1025 {
1026         NTSTATUS status;
1027         struct lsa_info *handle;
1028         int num_sids = r->in.sids->num_sids;
1029         uint32 mapped_count = 0;
1030         struct lsa_RefDomainList *domains = NULL;
1031         struct lsa_TranslatedName2 *names = NULL;
1032         bool check_policy = true;
1033
1034         switch (p->opnum) {
1035                 case NDR_LSA_LOOKUPSIDS3:
1036                         check_policy = false;
1037                         break;
1038                 case NDR_LSA_LOOKUPSIDS2:
1039                 default:
1040                         check_policy = true;
1041         }
1042
1043         if ((r->in.level < 1) || (r->in.level > 6)) {
1044                 return NT_STATUS_INVALID_PARAMETER;
1045         }
1046
1047         if (check_policy) {
1048                 if (!find_policy_by_hnd(p, r->in.handle, (void **)(void *)&handle)) {
1049                         return NT_STATUS_INVALID_HANDLE;
1050                 }
1051
1052                 if (handle->type != LSA_HANDLE_POLICY_TYPE) {
1053                         return NT_STATUS_INVALID_HANDLE;
1054                 }
1055
1056                 /* check if the user has enough rights */
1057                 if (!(handle->access & LSA_POLICY_LOOKUP_NAMES)) {
1058                         return NT_STATUS_ACCESS_DENIED;
1059                 }
1060         }
1061
1062         if (num_sids >  MAX_LOOKUP_SIDS) {
1063                 DEBUG(5,("_lsa_LookupSids2: limit of %d exceeded, requested %d\n",
1064                          MAX_LOOKUP_SIDS, num_sids));
1065                 return NT_STATUS_NONE_MAPPED;
1066         }
1067
1068         status = _lsa_lookup_sids_internal(p,
1069                                            p->mem_ctx,
1070                                            r->in.level,
1071                                            num_sids,
1072                                            r->in.sids->sids,
1073                                            &domains,
1074                                            &names,
1075                                            &mapped_count);
1076
1077         *r->out.domains = domains;
1078         r->out.names->count = num_sids;
1079         r->out.names->names = names;
1080         *r->out.count = mapped_count;
1081
1082         return status;
1083 }
1084
1085 /***************************************************************************
1086  _lsa_LookupSids3
1087  ***************************************************************************/
1088
1089 NTSTATUS _lsa_LookupSids3(struct pipes_struct *p,
1090                           struct lsa_LookupSids3 *r)
1091 {
1092         struct lsa_LookupSids2 q;
1093
1094         /* No policy handle on this call. Restrict to crypto connections. */
1095         if (p->auth.auth_type != DCERPC_AUTH_TYPE_SCHANNEL) {
1096                 DEBUG(0,("_lsa_LookupSids3: client %s not using schannel for netlogon\n",
1097                         get_remote_machine_name() ));
1098                 return NT_STATUS_INVALID_PARAMETER;
1099         }
1100
1101         q.in.handle             = NULL;
1102         q.in.sids               = r->in.sids;
1103         q.in.level              = r->in.level;
1104         q.in.lookup_options     = r->in.lookup_options;
1105         q.in.client_revision    = r->in.client_revision;
1106         q.in.names              = r->in.names;
1107         q.in.count              = r->in.count;
1108
1109         q.out.domains           = r->out.domains;
1110         q.out.names             = r->out.names;
1111         q.out.count             = r->out.count;
1112
1113         return _lsa_LookupSids2(p, &q);
1114 }
1115
1116 /***************************************************************************
1117  ***************************************************************************/
1118
1119 static int lsa_lookup_level_to_flags(enum lsa_LookupNamesLevel level)
1120 {
1121         int flags;
1122
1123         switch (level) {
1124                 case LSA_LOOKUP_NAMES_ALL: /* 1 */
1125                         flags = LOOKUP_NAME_ALL;
1126                         break;
1127                 case LSA_LOOKUP_NAMES_DOMAINS_ONLY: /* 2 */
1128                         flags = LOOKUP_NAME_DOMAIN|LOOKUP_NAME_REMOTE|LOOKUP_NAME_ISOLATED;
1129                         break;
1130                 case LSA_LOOKUP_NAMES_PRIMARY_DOMAIN_ONLY: /* 3 */
1131                         flags = LOOKUP_NAME_DOMAIN|LOOKUP_NAME_ISOLATED;
1132                         break;
1133                 case LSA_LOOKUP_NAMES_UPLEVEL_TRUSTS_ONLY: /* 4 */
1134                 case LSA_LOOKUP_NAMES_FOREST_TRUSTS_ONLY: /* 5 */
1135                 case LSA_LOOKUP_NAMES_UPLEVEL_TRUSTS_ONLY2: /* 6 */
1136                 case LSA_LOOKUP_NAMES_RODC_REFERRAL_TO_FULL_DC: /* 7 */
1137                 default:
1138                         flags = LOOKUP_NAME_NONE;
1139                         break;
1140         }
1141
1142         return flags;
1143 }
1144
1145 /***************************************************************************
1146  _lsa_LookupNames
1147  ***************************************************************************/
1148
1149 NTSTATUS _lsa_LookupNames(struct pipes_struct *p,
1150                           struct lsa_LookupNames *r)
1151 {
1152         NTSTATUS status = NT_STATUS_NONE_MAPPED;
1153         struct lsa_info *handle;
1154         struct lsa_String *names = r->in.names;
1155         uint32 num_entries = r->in.num_names;
1156         struct lsa_RefDomainList *domains = NULL;
1157         struct lsa_TranslatedSid *rids = NULL;
1158         uint32 mapped_count = 0;
1159         int flags = 0;
1160
1161         if (num_entries >  MAX_LOOKUP_SIDS) {
1162                 num_entries = MAX_LOOKUP_SIDS;
1163                 DEBUG(5,("_lsa_LookupNames: truncating name lookup list to %d\n",
1164                         num_entries));
1165         }
1166
1167         flags = lsa_lookup_level_to_flags(r->in.level);
1168
1169         domains = TALLOC_ZERO_P(p->mem_ctx, struct lsa_RefDomainList);
1170         if (!domains) {
1171                 return NT_STATUS_NO_MEMORY;
1172         }
1173
1174         if (num_entries) {
1175                 rids = TALLOC_ZERO_ARRAY(p->mem_ctx, struct lsa_TranslatedSid,
1176                                          num_entries);
1177                 if (!rids) {
1178                         return NT_STATUS_NO_MEMORY;
1179                 }
1180         } else {
1181                 rids = NULL;
1182         }
1183
1184         if (!find_policy_by_hnd(p, r->in.handle, (void **)(void *)&handle)) {
1185                 status = NT_STATUS_INVALID_HANDLE;
1186                 goto done;
1187         }
1188
1189         if (handle->type != LSA_HANDLE_POLICY_TYPE) {
1190                 return NT_STATUS_INVALID_HANDLE;
1191         }
1192
1193         /* check if the user has enough rights */
1194         if (!(handle->access & LSA_POLICY_LOOKUP_NAMES)) {
1195                 status = NT_STATUS_ACCESS_DENIED;
1196                 goto done;
1197         }
1198
1199         /* set up the LSA Lookup RIDs response */
1200         become_root(); /* lookup_name can require root privs */
1201         status = lookup_lsa_rids(p->mem_ctx, domains, rids, num_entries,
1202                                  names, flags, &mapped_count);
1203         unbecome_root();
1204
1205 done:
1206
1207         if (NT_STATUS_IS_OK(status) && (num_entries != 0) ) {
1208                 if (mapped_count == 0) {
1209                         status = NT_STATUS_NONE_MAPPED;
1210                 } else if (mapped_count != num_entries) {
1211                         status = STATUS_SOME_UNMAPPED;
1212                 }
1213         }
1214
1215         *r->out.count = mapped_count;
1216         *r->out.domains = domains;
1217         r->out.sids->sids = rids;
1218         r->out.sids->count = num_entries;
1219
1220         return status;
1221 }
1222
1223 /***************************************************************************
1224  _lsa_LookupNames2
1225  ***************************************************************************/
1226
1227 NTSTATUS _lsa_LookupNames2(struct pipes_struct *p,
1228                            struct lsa_LookupNames2 *r)
1229 {
1230         NTSTATUS status;
1231         struct lsa_LookupNames q;
1232         struct lsa_TransSidArray2 *sid_array2 = r->in.sids;
1233         struct lsa_TransSidArray *sid_array = NULL;
1234         uint32_t i;
1235
1236         sid_array = TALLOC_ZERO_P(p->mem_ctx, struct lsa_TransSidArray);
1237         if (!sid_array) {
1238                 return NT_STATUS_NO_MEMORY;
1239         }
1240
1241         q.in.handle             = r->in.handle;
1242         q.in.num_names          = r->in.num_names;
1243         q.in.names              = r->in.names;
1244         q.in.level              = r->in.level;
1245         q.in.sids               = sid_array;
1246         q.in.count              = r->in.count;
1247         /* we do not know what this is for */
1248         /*                      = r->in.unknown1; */
1249         /*                      = r->in.unknown2; */
1250
1251         q.out.domains           = r->out.domains;
1252         q.out.sids              = sid_array;
1253         q.out.count             = r->out.count;
1254
1255         status = _lsa_LookupNames(p, &q);
1256
1257         sid_array2->count = sid_array->count;
1258         sid_array2->sids = TALLOC_ARRAY(p->mem_ctx, struct lsa_TranslatedSid2, sid_array->count);
1259         if (!sid_array2->sids) {
1260                 return NT_STATUS_NO_MEMORY;
1261         }
1262
1263         for (i=0; i<sid_array->count; i++) {
1264                 sid_array2->sids[i].sid_type  = sid_array->sids[i].sid_type;
1265                 sid_array2->sids[i].rid       = sid_array->sids[i].rid;
1266                 sid_array2->sids[i].sid_index = sid_array->sids[i].sid_index;
1267                 sid_array2->sids[i].unknown   = 0;
1268         }
1269
1270         r->out.sids = sid_array2;
1271
1272         return status;
1273 }
1274
1275 /***************************************************************************
1276  _lsa_LookupNames3
1277  ***************************************************************************/
1278
1279 NTSTATUS _lsa_LookupNames3(struct pipes_struct *p,
1280                            struct lsa_LookupNames3 *r)
1281 {
1282         NTSTATUS status;
1283         struct lsa_info *handle;
1284         struct lsa_String *names = r->in.names;
1285         uint32 num_entries = r->in.num_names;
1286         struct lsa_RefDomainList *domains = NULL;
1287         struct lsa_TranslatedSid3 *trans_sids = NULL;
1288         uint32 mapped_count = 0;
1289         int flags = 0;
1290         bool check_policy = true;
1291
1292         switch (p->opnum) {
1293                 case NDR_LSA_LOOKUPNAMES4:
1294                         check_policy = false;
1295                         break;
1296                 case NDR_LSA_LOOKUPNAMES3:
1297                 default:
1298                         check_policy = true;
1299         }
1300
1301         if (num_entries >  MAX_LOOKUP_SIDS) {
1302                 num_entries = MAX_LOOKUP_SIDS;
1303                 DEBUG(5,("_lsa_LookupNames3: truncating name lookup list to %d\n", num_entries));
1304         }
1305
1306         /* Probably the lookup_level is some sort of bitmask. */
1307         if (r->in.level == 1) {
1308                 flags = LOOKUP_NAME_ALL;
1309         }
1310
1311         domains = TALLOC_ZERO_P(p->mem_ctx, struct lsa_RefDomainList);
1312         if (!domains) {
1313                 return NT_STATUS_NO_MEMORY;
1314         }
1315
1316         if (num_entries) {
1317                 trans_sids = TALLOC_ZERO_ARRAY(p->mem_ctx, struct lsa_TranslatedSid3,
1318                                                num_entries);
1319                 if (!trans_sids) {
1320                         return NT_STATUS_NO_MEMORY;
1321                 }
1322         } else {
1323                 trans_sids = NULL;
1324         }
1325
1326         if (check_policy) {
1327
1328                 if (!find_policy_by_hnd(p, r->in.handle, (void **)(void *)&handle)) {
1329                         status = NT_STATUS_INVALID_HANDLE;
1330                         goto done;
1331                 }
1332
1333                 if (handle->type != LSA_HANDLE_POLICY_TYPE) {
1334                         return NT_STATUS_INVALID_HANDLE;
1335                 }
1336
1337                 /* check if the user has enough rights */
1338                 if (!(handle->access & LSA_POLICY_LOOKUP_NAMES)) {
1339                         status = NT_STATUS_ACCESS_DENIED;
1340                         goto done;
1341                 }
1342         }
1343
1344         /* set up the LSA Lookup SIDs response */
1345         become_root(); /* lookup_name can require root privs */
1346         status = lookup_lsa_sids(p->mem_ctx, domains, trans_sids, num_entries,
1347                                  names, flags, &mapped_count);
1348         unbecome_root();
1349
1350 done:
1351
1352         if (NT_STATUS_IS_OK(status)) {
1353                 if (mapped_count == 0) {
1354                         status = NT_STATUS_NONE_MAPPED;
1355                 } else if (mapped_count != num_entries) {
1356                         status = STATUS_SOME_UNMAPPED;
1357                 }
1358         }
1359
1360         *r->out.count = mapped_count;
1361         *r->out.domains = domains;
1362         r->out.sids->sids = trans_sids;
1363         r->out.sids->count = num_entries;
1364
1365         return status;
1366 }
1367
1368 /***************************************************************************
1369  _lsa_LookupNames4
1370  ***************************************************************************/
1371
1372 NTSTATUS _lsa_LookupNames4(struct pipes_struct *p,
1373                            struct lsa_LookupNames4 *r)
1374 {
1375         struct lsa_LookupNames3 q;
1376
1377         /* No policy handle on this call. Restrict to crypto connections. */
1378         if (p->auth.auth_type != DCERPC_AUTH_TYPE_SCHANNEL) {
1379                 DEBUG(0,("_lsa_lookup_names4: client %s not using schannel for netlogon\n",
1380                         get_remote_machine_name() ));
1381                 return NT_STATUS_INVALID_PARAMETER;
1382         }
1383
1384         q.in.handle             = NULL;
1385         q.in.num_names          = r->in.num_names;
1386         q.in.names              = r->in.names;
1387         q.in.level              = r->in.level;
1388         q.in.lookup_options     = r->in.lookup_options;
1389         q.in.client_revision    = r->in.client_revision;
1390         q.in.sids               = r->in.sids;
1391         q.in.count              = r->in.count;
1392
1393         q.out.domains           = r->out.domains;
1394         q.out.sids              = r->out.sids;
1395         q.out.count             = r->out.count;
1396
1397         return _lsa_LookupNames3(p, &q);
1398 }
1399
1400 /***************************************************************************
1401  _lsa_close. Also weird - needs to check if lsa handle is correct. JRA.
1402  ***************************************************************************/
1403
1404 NTSTATUS _lsa_Close(struct pipes_struct *p, struct lsa_Close *r)
1405 {
1406         if (!find_policy_by_hnd(p, r->in.handle, NULL)) {
1407                 return NT_STATUS_INVALID_HANDLE;
1408         }
1409
1410         close_policy_hnd(p, r->in.handle);
1411         ZERO_STRUCTP(r->out.handle);
1412         return NT_STATUS_OK;
1413 }
1414
1415 /***************************************************************************
1416  ***************************************************************************/
1417
1418 static NTSTATUS lsa_lookup_trusted_domain_by_sid(TALLOC_CTX *mem_ctx,
1419                                                  const struct dom_sid *sid,
1420                                                  struct trustdom_info **info)
1421 {
1422         NTSTATUS status;
1423         uint32_t num_domains = 0;
1424         struct trustdom_info **domains = NULL;
1425         int i;
1426
1427         status = pdb_enum_trusteddoms(mem_ctx, &num_domains, &domains);
1428         if (!NT_STATUS_IS_OK(status)) {
1429                 return status;
1430         }
1431
1432         for (i=0; i < num_domains; i++) {
1433                 if (dom_sid_equal(&domains[i]->sid, sid)) {
1434                         break;
1435                 }
1436         }
1437
1438         if (i == num_domains) {
1439                 return NT_STATUS_INVALID_PARAMETER;
1440         }
1441
1442         *info = domains[i];
1443
1444         return NT_STATUS_OK;
1445 }
1446
1447 /***************************************************************************
1448  ***************************************************************************/
1449
1450 static NTSTATUS lsa_lookup_trusted_domain_by_name(TALLOC_CTX *mem_ctx,
1451                                                   const char *netbios_domain_name,
1452                                                   struct trustdom_info **info_p)
1453 {
1454         NTSTATUS status;
1455         struct trustdom_info *info;
1456         struct pdb_trusted_domain *td;
1457
1458         status = pdb_get_trusted_domain(mem_ctx, netbios_domain_name, &td);
1459         if (!NT_STATUS_IS_OK(status)) {
1460                 return status;
1461         }
1462
1463         info = talloc(mem_ctx, struct trustdom_info);
1464         if (!info) {
1465                 return NT_STATUS_NO_MEMORY;
1466         }
1467
1468         info->name      = talloc_strdup(info, netbios_domain_name);
1469         NT_STATUS_HAVE_NO_MEMORY(info->name);
1470
1471         sid_copy(&info->sid, &td->security_identifier);
1472
1473         *info_p = info;
1474
1475         return NT_STATUS_OK;
1476 }
1477
1478 /***************************************************************************
1479  ***************************************************************************/
1480
1481 NTSTATUS _lsa_OpenSecret(struct pipes_struct *p, struct lsa_OpenSecret *r)
1482 {
1483         return NT_STATUS_OBJECT_NAME_NOT_FOUND;
1484 }
1485
1486 /***************************************************************************
1487  _lsa_OpenTrustedDomain_base
1488  ***************************************************************************/
1489
1490 static NTSTATUS _lsa_OpenTrustedDomain_base(struct pipes_struct *p,
1491                                             uint32_t access_mask,
1492                                             struct trustdom_info *info,
1493                                             struct policy_handle *handle)
1494 {
1495         struct security_descriptor *psd = NULL;
1496         size_t sd_size;
1497         uint32_t acc_granted;
1498         NTSTATUS status;
1499
1500         /* des_access is for the account here, not the policy
1501          * handle - so don't check against policy handle. */
1502
1503         /* Work out max allowed. */
1504         map_max_allowed_access(p->server_info->security_token,
1505                                &p->server_info->utok,
1506                                &access_mask);
1507
1508         /* map the generic bits to the lsa account ones */
1509         se_map_generic(&access_mask, &lsa_account_mapping);
1510
1511         /* get the generic lsa account SD until we store it */
1512         status = make_lsa_object_sd(p->mem_ctx, &psd, &sd_size,
1513                                     &lsa_trusted_domain_mapping,
1514                                     NULL, 0);
1515         if (!NT_STATUS_IS_OK(status)) {
1516                 return status;
1517         }
1518
1519         status = access_check_object(psd, p->server_info->security_token,
1520                                      SEC_PRIV_INVALID, SEC_PRIV_INVALID, 0,
1521                                      access_mask, &acc_granted,
1522                                      "_lsa_OpenTrustedDomain");
1523         if (!NT_STATUS_IS_OK(status)) {
1524                 return status;
1525         }
1526
1527         status = create_lsa_policy_handle(p->mem_ctx, p,
1528                                           LSA_HANDLE_TRUST_TYPE,
1529                                           acc_granted,
1530                                           &info->sid,
1531                                           info->name,
1532                                           psd,
1533                                           handle);
1534         if (!NT_STATUS_IS_OK(status)) {
1535                 return NT_STATUS_OBJECT_NAME_NOT_FOUND;
1536         }
1537
1538         return NT_STATUS_OK;
1539 }
1540
1541 /***************************************************************************
1542  _lsa_OpenTrustedDomain
1543  ***************************************************************************/
1544
1545 NTSTATUS _lsa_OpenTrustedDomain(struct pipes_struct *p,
1546                                 struct lsa_OpenTrustedDomain *r)
1547 {
1548         struct lsa_info *handle = NULL;
1549         struct trustdom_info *info;
1550         NTSTATUS status;
1551
1552         if (!find_policy_by_hnd(p, r->in.handle, (void **)(void *)&handle)) {
1553                 return NT_STATUS_INVALID_HANDLE;
1554         }
1555
1556         if (handle->type != LSA_HANDLE_POLICY_TYPE) {
1557                 return NT_STATUS_INVALID_HANDLE;
1558         }
1559
1560         status = lsa_lookup_trusted_domain_by_sid(p->mem_ctx,
1561                                                   r->in.sid,
1562                                                   &info);
1563         if (!NT_STATUS_IS_OK(status)) {
1564                 return status;
1565         }
1566
1567         return _lsa_OpenTrustedDomain_base(p, r->in.access_mask, info,
1568                                            r->out.trustdom_handle);
1569 }
1570
1571 /***************************************************************************
1572  _lsa_OpenTrustedDomainByName
1573  ***************************************************************************/
1574
1575 NTSTATUS _lsa_OpenTrustedDomainByName(struct pipes_struct *p,
1576                                       struct lsa_OpenTrustedDomainByName *r)
1577 {
1578         struct lsa_info *handle = NULL;
1579         struct trustdom_info *info;
1580         NTSTATUS status;
1581
1582         if (!find_policy_by_hnd(p, r->in.handle, (void **)(void *)&handle)) {
1583                 return NT_STATUS_INVALID_HANDLE;
1584         }
1585
1586         if (handle->type != LSA_HANDLE_POLICY_TYPE) {
1587                 return NT_STATUS_INVALID_HANDLE;
1588         }
1589
1590         status = lsa_lookup_trusted_domain_by_name(p->mem_ctx,
1591                                                    r->in.name.string,
1592                                                    &info);
1593         if (!NT_STATUS_IS_OK(status)) {
1594                 return status;
1595         }
1596
1597         return _lsa_OpenTrustedDomain_base(p, r->in.access_mask, info,
1598                                            r->out.trustdom_handle);
1599 }
1600
1601 static NTSTATUS add_trusted_domain_user(TALLOC_CTX *mem_ctx,
1602                                         const char *netbios_name,
1603                                         struct trustDomainPasswords auth_struct)
1604 {
1605         NTSTATUS status;
1606         struct samu *sam_acct;
1607         char *acct_name;
1608         uint32_t rid;
1609         struct dom_sid user_sid;
1610         int i;
1611         char *dummy;
1612         size_t dummy_size;
1613
1614         sam_acct = samu_new(mem_ctx);
1615         if (sam_acct == NULL) {
1616                 return NT_STATUS_NO_MEMORY;
1617         }
1618
1619         acct_name = talloc_asprintf(mem_ctx, "%s$", netbios_name);
1620         if (acct_name == NULL) {
1621                 return NT_STATUS_NO_MEMORY;
1622         }
1623         if (!pdb_set_username(sam_acct, acct_name, PDB_SET)) {
1624                 return NT_STATUS_UNSUCCESSFUL;
1625         }
1626
1627         if (!pdb_set_domain(sam_acct, get_global_sam_name(), PDB_SET)) {
1628                 return NT_STATUS_UNSUCCESSFUL;
1629         }
1630
1631         if (!pdb_set_acct_ctrl(sam_acct, ACB_DOMTRUST, PDB_SET)) {
1632                 return NT_STATUS_UNSUCCESSFUL;
1633         }
1634
1635         if (!pdb_new_rid(&rid)) {
1636                 return NT_STATUS_DS_NO_MORE_RIDS;
1637         }
1638         sid_compose(&user_sid, get_global_sam_sid(), rid);
1639         if (!pdb_set_user_sid(sam_acct, &user_sid, PDB_SET)) {
1640                 return NT_STATUS_UNSUCCESSFUL;
1641         }
1642
1643         for (i = 0; i < auth_struct.incoming.count; i++) {
1644                 switch (auth_struct.incoming.current.array[i].AuthType) {
1645                         case TRUST_AUTH_TYPE_CLEAR:
1646                                 if (!convert_string_talloc(mem_ctx,
1647                                                            CH_UTF16LE,
1648                                                            CH_UNIX,
1649                                                            auth_struct.incoming.current.array[i].AuthInfo.clear.password,
1650                                                            auth_struct.incoming.current.array[i].AuthInfo.clear.size,
1651                                                            &dummy,
1652                                                            &dummy_size,
1653                                                            false)) {
1654                                         return NT_STATUS_UNSUCCESSFUL;
1655                                 }
1656                                 if (!pdb_set_plaintext_passwd(sam_acct, dummy)) {
1657                                         return NT_STATUS_UNSUCCESSFUL;
1658                                 }
1659                                 break;
1660                         default:
1661                                 continue;
1662                 }
1663         }
1664
1665         status = pdb_add_sam_account(sam_acct);
1666         if (!NT_STATUS_IS_OK(status)) {
1667                 return status;
1668         }
1669
1670         return NT_STATUS_OK;
1671 }
1672
1673 /***************************************************************************
1674  _lsa_CreateTrustedDomainEx2
1675  ***************************************************************************/
1676
1677 NTSTATUS _lsa_CreateTrustedDomainEx2(struct pipes_struct *p,
1678                                      struct lsa_CreateTrustedDomainEx2 *r)
1679 {
1680         struct lsa_info *policy;
1681         NTSTATUS status;
1682         uint32_t acc_granted;
1683         struct security_descriptor *psd;
1684         size_t sd_size;
1685         struct pdb_trusted_domain td;
1686         struct trustDomainPasswords auth_struct;
1687         enum ndr_err_code ndr_err;
1688         DATA_BLOB auth_blob;
1689
1690         if (!IS_DC) {
1691                 return NT_STATUS_NOT_SUPPORTED;
1692         }
1693
1694         if (!find_policy_by_hnd(p, r->in.policy_handle, (void **)(void *)&policy)) {
1695                 return NT_STATUS_INVALID_HANDLE;
1696         }
1697
1698         if (!(policy->access & LSA_POLICY_TRUST_ADMIN)) {
1699                 return NT_STATUS_ACCESS_DENIED;
1700         }
1701
1702         if (p->server_info->utok.uid != sec_initial_uid() &&
1703             !nt_token_check_domain_rid(p->server_info->security_token, DOMAIN_RID_ADMINS)) {
1704                 return NT_STATUS_ACCESS_DENIED;
1705         }
1706
1707         /* Work out max allowed. */
1708         map_max_allowed_access(p->server_info->security_token,
1709                                &p->server_info->utok,
1710                                &r->in.access_mask);
1711
1712         /* map the generic bits to the lsa policy ones */
1713         se_map_generic(&r->in.access_mask, &lsa_account_mapping);
1714
1715         status = make_lsa_object_sd(p->mem_ctx, &psd, &sd_size,
1716                                     &lsa_trusted_domain_mapping,
1717                                     NULL, 0);
1718         if (!NT_STATUS_IS_OK(status)) {
1719                 return status;
1720         }
1721
1722         status = access_check_object(psd, p->server_info->security_token,
1723                                      SEC_PRIV_INVALID, SEC_PRIV_INVALID, 0,
1724                                      r->in.access_mask, &acc_granted,
1725                                      "_lsa_CreateTrustedDomainEx2");
1726         if (!NT_STATUS_IS_OK(status)) {
1727                 return status;
1728         }
1729
1730         ZERO_STRUCT(td);
1731
1732         td.domain_name = talloc_strdup(p->mem_ctx,
1733                                        r->in.info->domain_name.string);
1734         if (td.domain_name == NULL) {
1735                 return NT_STATUS_NO_MEMORY;
1736         }
1737         td.netbios_name = talloc_strdup(p->mem_ctx,
1738                                         r->in.info->netbios_name.string);
1739         if (td.netbios_name == NULL) {
1740                 return NT_STATUS_NO_MEMORY;
1741         }
1742         sid_copy(&td.security_identifier, r->in.info->sid);
1743         td.trust_direction = r->in.info->trust_direction;
1744         td.trust_type = r->in.info->trust_type;
1745         td.trust_attributes = r->in.info->trust_attributes;
1746
1747         if (r->in.auth_info->auth_blob.size != 0) {
1748                 auth_blob.length = r->in.auth_info->auth_blob.size;
1749                 auth_blob.data = r->in.auth_info->auth_blob.data;
1750
1751                 arcfour_crypt_blob(auth_blob.data, auth_blob.length,
1752                                    &p->server_info->user_session_key);
1753
1754                 ndr_err = ndr_pull_struct_blob(&auth_blob, p->mem_ctx,
1755                                                &auth_struct,
1756                                                (ndr_pull_flags_fn_t) ndr_pull_trustDomainPasswords);
1757                 if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
1758                         return NT_STATUS_UNSUCCESSFUL;
1759                 }
1760
1761                 ndr_err = ndr_push_struct_blob(&td.trust_auth_incoming, p->mem_ctx,
1762                                                &auth_struct.incoming,
1763                                                (ndr_push_flags_fn_t) ndr_push_trustAuthInOutBlob);
1764                 if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
1765                         return NT_STATUS_UNSUCCESSFUL;
1766                 }
1767
1768                 ndr_err = ndr_push_struct_blob(&td.trust_auth_outgoing, p->mem_ctx,
1769                                                &auth_struct.outgoing,
1770                                                (ndr_push_flags_fn_t) ndr_push_trustAuthInOutBlob);
1771                 if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
1772                         return NT_STATUS_UNSUCCESSFUL;
1773                 }
1774         } else {
1775                 td.trust_auth_incoming.data = NULL;
1776                 td.trust_auth_incoming.length = 0;
1777                 td.trust_auth_outgoing.data = NULL;
1778                 td.trust_auth_outgoing.length = 0;
1779         }
1780
1781         status = pdb_set_trusted_domain(r->in.info->domain_name.string, &td);
1782         if (!NT_STATUS_IS_OK(status)) {
1783                 return status;
1784         }
1785
1786         if (r->in.info->trust_direction & LSA_TRUST_DIRECTION_INBOUND) {
1787                 status = add_trusted_domain_user(p->mem_ctx,
1788                                                  r->in.info->netbios_name.string,
1789                                                  auth_struct);
1790                 if (!NT_STATUS_IS_OK(status)) {
1791                         return status;
1792                 }
1793         }
1794
1795         status = create_lsa_policy_handle(p->mem_ctx, p,
1796                                           LSA_HANDLE_TRUST_TYPE,
1797                                           acc_granted,
1798                                           r->in.info->sid,
1799                                           r->in.info->netbios_name.string,
1800                                           psd,
1801                                           r->out.trustdom_handle);
1802         if (!NT_STATUS_IS_OK(status)) {
1803                 pdb_del_trusteddom_pw(r->in.info->netbios_name.string);
1804                 return NT_STATUS_OBJECT_NAME_NOT_FOUND;
1805         }
1806
1807         return NT_STATUS_OK;
1808 }
1809
1810 /***************************************************************************
1811  _lsa_CreateTrustedDomainEx
1812  ***************************************************************************/
1813
1814 NTSTATUS _lsa_CreateTrustedDomainEx(struct pipes_struct *p,
1815                                     struct lsa_CreateTrustedDomainEx *r)
1816 {
1817         struct lsa_CreateTrustedDomainEx2 q;
1818
1819         q.in.policy_handle      = r->in.policy_handle;
1820         q.in.info               = r->in.info;
1821         q.in.auth_info          = r->in.auth_info;
1822         q.in.access_mask        = r->in.access_mask;
1823         q.out.trustdom_handle   = r->out.trustdom_handle;
1824
1825         return _lsa_CreateTrustedDomainEx2(p, &q);
1826 }
1827
1828 /***************************************************************************
1829  _lsa_CreateTrustedDomain
1830  ***************************************************************************/
1831
1832 NTSTATUS _lsa_CreateTrustedDomain(struct pipes_struct *p,
1833                                   struct lsa_CreateTrustedDomain *r)
1834 {
1835         struct lsa_CreateTrustedDomainEx2 c;
1836         struct lsa_TrustDomainInfoInfoEx info;
1837         struct lsa_TrustDomainInfoAuthInfoInternal auth_info;
1838
1839         ZERO_STRUCT(auth_info);
1840
1841         info.domain_name        = r->in.info->name;
1842         info.netbios_name       = r->in.info->name;
1843         info.sid                = r->in.info->sid;
1844         info.trust_direction    = LSA_TRUST_DIRECTION_OUTBOUND;
1845         info.trust_type         = LSA_TRUST_TYPE_DOWNLEVEL;
1846         info.trust_attributes   = 0;
1847
1848         c.in.policy_handle      = r->in.policy_handle;
1849         c.in.info               = &info;
1850         c.in.auth_info          = &auth_info;
1851         c.in.access_mask        = r->in.access_mask;
1852         c.out.trustdom_handle   = r->out.trustdom_handle;
1853
1854         return _lsa_CreateTrustedDomainEx2(p, &c);
1855 }
1856
1857 /***************************************************************************
1858  _lsa_DeleteTrustedDomain
1859  ***************************************************************************/
1860
1861 NTSTATUS _lsa_DeleteTrustedDomain(struct pipes_struct *p,
1862                                   struct lsa_DeleteTrustedDomain *r)
1863 {
1864         NTSTATUS status;
1865         struct lsa_info *handle;
1866         struct pdb_trusted_domain *td;
1867         struct samu *sam_acct;
1868         char *acct_name;
1869
1870         /* find the connection policy handle. */
1871         if (!find_policy_by_hnd(p, r->in.handle, (void **)(void *)&handle)) {
1872                 return NT_STATUS_INVALID_HANDLE;
1873         }
1874
1875         if (handle->type != LSA_HANDLE_POLICY_TYPE) {
1876                 return NT_STATUS_INVALID_HANDLE;
1877         }
1878
1879         if (!(handle->access & LSA_POLICY_TRUST_ADMIN)) {
1880                 return NT_STATUS_ACCESS_DENIED;
1881         }
1882
1883         status = pdb_get_trusted_domain_by_sid(p->mem_ctx, r->in.dom_sid, &td);
1884         if (!NT_STATUS_IS_OK(status)) {
1885                 return status;
1886         }
1887
1888         if (td->netbios_name == NULL || *td->netbios_name == '\0') {
1889                 DEBUG(10, ("Missing netbios name for for trusted domain %s.\n",
1890                            sid_string_tos(r->in.dom_sid)));
1891                 return NT_STATUS_UNSUCCESSFUL;
1892         }
1893
1894         if (td->trust_direction & LSA_TRUST_DIRECTION_INBOUND) {
1895                 sam_acct = samu_new(p->mem_ctx);
1896                 if (sam_acct == NULL) {
1897                         return NT_STATUS_NO_MEMORY;
1898                 }
1899
1900                 acct_name = talloc_asprintf(p->mem_ctx, "%s$", td->netbios_name);
1901                 if (acct_name == NULL) {
1902                         return NT_STATUS_NO_MEMORY;
1903                 }
1904                 if (!pdb_set_username(sam_acct, acct_name, PDB_SET)) {
1905                         return NT_STATUS_UNSUCCESSFUL;
1906                 }
1907                 status = pdb_delete_sam_account(sam_acct);
1908                 if (!NT_STATUS_IS_OK(status)) {
1909                         return status;
1910                 }
1911         }
1912
1913         status = pdb_del_trusted_domain(td->netbios_name);
1914         if (!NT_STATUS_IS_OK(status)) {
1915                 return status;
1916         }
1917
1918         return NT_STATUS_OK;
1919 }
1920
1921 /***************************************************************************
1922  _lsa_CloseTrustedDomainEx
1923  ***************************************************************************/
1924
1925 NTSTATUS _lsa_CloseTrustedDomainEx(struct pipes_struct *p,
1926                                    struct lsa_CloseTrustedDomainEx *r)
1927 {
1928         return NT_STATUS_NOT_IMPLEMENTED;
1929 }
1930
1931 /***************************************************************************
1932  _lsa_QueryTrustedDomainInfo
1933  ***************************************************************************/
1934
1935 NTSTATUS _lsa_QueryTrustedDomainInfo(struct pipes_struct *p,
1936                                      struct lsa_QueryTrustedDomainInfo *r)
1937 {
1938         NTSTATUS status;
1939         struct lsa_info *handle;
1940         union lsa_TrustedDomainInfo *info;
1941         struct pdb_trusted_domain *td;
1942         uint32_t acc_required;
1943
1944         /* find the connection policy handle. */
1945         if (!find_policy_by_hnd(p, r->in.trustdom_handle, (void **)(void *)&handle)) {
1946                 return NT_STATUS_INVALID_HANDLE;
1947         }
1948
1949         if (handle->type != LSA_HANDLE_TRUST_TYPE) {
1950                 return NT_STATUS_INVALID_HANDLE;
1951         }
1952
1953         switch (r->in.level) {
1954         case LSA_TRUSTED_DOMAIN_INFO_NAME:
1955                 acc_required = LSA_TRUSTED_QUERY_DOMAIN_NAME;
1956                 break;
1957         case LSA_TRUSTED_DOMAIN_INFO_CONTROLLERS:
1958                 acc_required = LSA_TRUSTED_QUERY_CONTROLLERS;
1959                 break;
1960         case LSA_TRUSTED_DOMAIN_INFO_POSIX_OFFSET:
1961                 acc_required = LSA_TRUSTED_QUERY_POSIX;
1962                 break;
1963         case LSA_TRUSTED_DOMAIN_INFO_PASSWORD:
1964                 acc_required = LSA_TRUSTED_QUERY_AUTH;
1965                 break;
1966         case LSA_TRUSTED_DOMAIN_INFO_BASIC:
1967                 acc_required = LSA_TRUSTED_QUERY_DOMAIN_NAME;
1968                 break;
1969         case LSA_TRUSTED_DOMAIN_INFO_INFO_EX:
1970                 acc_required = LSA_TRUSTED_QUERY_DOMAIN_NAME;
1971                 break;
1972         case LSA_TRUSTED_DOMAIN_INFO_AUTH_INFO:
1973                 acc_required = LSA_TRUSTED_QUERY_AUTH;
1974                 break;
1975         case LSA_TRUSTED_DOMAIN_INFO_FULL_INFO:
1976                 acc_required = LSA_TRUSTED_QUERY_DOMAIN_NAME |
1977                                LSA_TRUSTED_QUERY_POSIX |
1978                                LSA_TRUSTED_QUERY_AUTH;
1979                 break;
1980         case LSA_TRUSTED_DOMAIN_INFO_AUTH_INFO_INTERNAL:
1981                 acc_required = LSA_TRUSTED_QUERY_AUTH;
1982                 break;
1983         case LSA_TRUSTED_DOMAIN_INFO_FULL_INFO_INTERNAL:
1984                 acc_required = LSA_TRUSTED_QUERY_DOMAIN_NAME |
1985                                LSA_TRUSTED_QUERY_POSIX |
1986                                LSA_TRUSTED_QUERY_AUTH;
1987                 break;
1988         case LSA_TRUSTED_DOMAIN_INFO_INFO_EX2_INTERNAL:
1989                 acc_required = LSA_TRUSTED_QUERY_DOMAIN_NAME;
1990                 break;
1991         case LSA_TRUSTED_DOMAIN_INFO_FULL_INFO_2_INTERNAL:
1992                 acc_required = LSA_TRUSTED_QUERY_DOMAIN_NAME |
1993                                LSA_TRUSTED_QUERY_POSIX |
1994                                LSA_TRUSTED_QUERY_AUTH;
1995                 break;
1996         case LSA_TRUSTED_DOMAIN_SUPPORTED_ENCRYPTION_TYPES:
1997                 acc_required = LSA_TRUSTED_QUERY_POSIX;
1998                 break;
1999         default:
2000                 return NT_STATUS_INVALID_PARAMETER;
2001         }
2002
2003         if (!(handle->access & acc_required)) {
2004                 return NT_STATUS_ACCESS_DENIED;
2005         }
2006
2007         status = pdb_get_trusted_domain_by_sid(p->mem_ctx, &handle->sid, &td);
2008         if (!NT_STATUS_IS_OK(status)) {
2009                 return status;
2010         }
2011
2012         info = TALLOC_ZERO_P(p->mem_ctx, union lsa_TrustedDomainInfo);
2013         if (!info) {
2014                 return NT_STATUS_NO_MEMORY;
2015         }
2016
2017         switch (r->in.level) {
2018         case LSA_TRUSTED_DOMAIN_INFO_NAME:
2019                 init_lsa_StringLarge(&info->name.netbios_name, td->netbios_name);
2020                 break;
2021         case LSA_TRUSTED_DOMAIN_INFO_CONTROLLERS:
2022                 return NT_STATUS_INVALID_PARAMETER;
2023         case LSA_TRUSTED_DOMAIN_INFO_POSIX_OFFSET:
2024                 break;
2025         case LSA_TRUSTED_DOMAIN_INFO_PASSWORD:
2026                 return NT_STATUS_INVALID_INFO_CLASS;
2027         case LSA_TRUSTED_DOMAIN_INFO_BASIC:
2028                 return NT_STATUS_INVALID_PARAMETER;
2029         case LSA_TRUSTED_DOMAIN_INFO_INFO_EX:
2030                 init_lsa_StringLarge(&info->info_ex.domain_name, td->domain_name);
2031                 init_lsa_StringLarge(&info->info_ex.netbios_name, td->netbios_name);
2032                 info->info_ex.sid = dom_sid_dup(info, &td->security_identifier);
2033                 if (!info->info_ex.sid) {
2034                         return NT_STATUS_NO_MEMORY;
2035                 }
2036                 info->info_ex.trust_direction = td->trust_direction;
2037                 info->info_ex.trust_type = td->trust_type;
2038                 info->info_ex.trust_attributes = td->trust_attributes;
2039                 break;
2040         case LSA_TRUSTED_DOMAIN_INFO_AUTH_INFO:
2041                 return NT_STATUS_INVALID_INFO_CLASS;
2042         case LSA_TRUSTED_DOMAIN_INFO_FULL_INFO:
2043                 break;
2044         case LSA_TRUSTED_DOMAIN_INFO_AUTH_INFO_INTERNAL:
2045                 return NT_STATUS_INVALID_INFO_CLASS;
2046         case LSA_TRUSTED_DOMAIN_INFO_FULL_INFO_INTERNAL:
2047                 return NT_STATUS_INVALID_INFO_CLASS;
2048         case LSA_TRUSTED_DOMAIN_INFO_INFO_EX2_INTERNAL:
2049                 return NT_STATUS_INVALID_PARAMETER;
2050         case LSA_TRUSTED_DOMAIN_INFO_FULL_INFO_2_INTERNAL:
2051                 break;
2052         case LSA_TRUSTED_DOMAIN_SUPPORTED_ENCRYPTION_TYPES:
2053                 break;
2054         default:
2055                 return NT_STATUS_INVALID_PARAMETER;
2056         }
2057
2058         *r->out.info = info;
2059
2060         return NT_STATUS_OK;
2061 }
2062
2063 /***************************************************************************
2064  _lsa_QueryTrustedDomainInfoBySid
2065  ***************************************************************************/
2066
2067 NTSTATUS _lsa_QueryTrustedDomainInfoBySid(struct pipes_struct *p,
2068                                           struct lsa_QueryTrustedDomainInfoBySid *r)
2069 {
2070         NTSTATUS status;
2071         struct policy_handle trustdom_handle;
2072         struct lsa_OpenTrustedDomain o;
2073         struct lsa_QueryTrustedDomainInfo q;
2074         struct lsa_Close c;
2075
2076         o.in.handle             = r->in.handle;
2077         o.in.sid                = r->in.dom_sid;
2078         o.in.access_mask        = SEC_FLAG_MAXIMUM_ALLOWED;
2079         o.out.trustdom_handle   = &trustdom_handle;
2080
2081         status = _lsa_OpenTrustedDomain(p, &o);
2082         if (!NT_STATUS_IS_OK(status)) {
2083                 return status;
2084         }
2085
2086         q.in.trustdom_handle    = &trustdom_handle;
2087         q.in.level              = r->in.level;
2088         q.out.info              = r->out.info;
2089
2090         status = _lsa_QueryTrustedDomainInfo(p, &q);
2091         if (!NT_STATUS_IS_OK(status)) {
2092                 return status;
2093         }
2094
2095         c.in.handle             = &trustdom_handle;
2096         c.out.handle            = &trustdom_handle;
2097
2098         return _lsa_Close(p, &c);
2099 }
2100
2101 /***************************************************************************
2102  _lsa_QueryTrustedDomainInfoByName
2103  ***************************************************************************/
2104
2105 NTSTATUS _lsa_QueryTrustedDomainInfoByName(struct pipes_struct *p,
2106                                            struct lsa_QueryTrustedDomainInfoByName *r)
2107 {
2108         NTSTATUS status;
2109         struct policy_handle trustdom_handle;
2110         struct lsa_OpenTrustedDomainByName o;
2111         struct lsa_QueryTrustedDomainInfo q;
2112         struct lsa_Close c;
2113
2114         o.in.handle             = r->in.handle;
2115         o.in.name.string        = r->in.trusted_domain->string;
2116         o.in.access_mask        = SEC_FLAG_MAXIMUM_ALLOWED;
2117         o.out.trustdom_handle   = &trustdom_handle;
2118
2119         status = _lsa_OpenTrustedDomainByName(p, &o);
2120         if (!NT_STATUS_IS_OK(status)) {
2121                 if (NT_STATUS_EQUAL(status, NT_STATUS_NO_SUCH_DOMAIN)) {
2122                         return NT_STATUS_OBJECT_NAME_NOT_FOUND;
2123                 }
2124                 return status;
2125         }
2126
2127         q.in.trustdom_handle    = &trustdom_handle;
2128         q.in.level              = r->in.level;
2129         q.out.info              = r->out.info;
2130
2131         status = _lsa_QueryTrustedDomainInfo(p, &q);
2132         if (!NT_STATUS_IS_OK(status)) {
2133                 return status;
2134         }
2135
2136         c.in.handle             = &trustdom_handle;
2137         c.out.handle            = &trustdom_handle;
2138
2139         return _lsa_Close(p, &c);
2140 }
2141
2142 /***************************************************************************
2143  ***************************************************************************/
2144
2145 NTSTATUS _lsa_CreateSecret(struct pipes_struct *p, struct lsa_CreateSecret *r)
2146 {
2147         return NT_STATUS_ACCESS_DENIED;
2148 }
2149
2150 /***************************************************************************
2151  ***************************************************************************/
2152
2153 NTSTATUS _lsa_SetSecret(struct pipes_struct *p, struct lsa_SetSecret *r)
2154 {
2155         return NT_STATUS_ACCESS_DENIED;
2156 }
2157
2158 /***************************************************************************
2159  _lsa_DeleteObject
2160  ***************************************************************************/
2161
2162 NTSTATUS _lsa_DeleteObject(struct pipes_struct *p,
2163                            struct lsa_DeleteObject *r)
2164 {
2165         NTSTATUS status;
2166         struct lsa_info *info = NULL;
2167
2168         if (!find_policy_by_hnd(p, r->in.handle, (void **)(void *)&info)) {
2169                 return NT_STATUS_INVALID_HANDLE;
2170         }
2171
2172         if (!(info->access & SEC_STD_DELETE)) {
2173                 return NT_STATUS_ACCESS_DENIED;
2174         }
2175
2176         switch (info->type) {
2177         case LSA_HANDLE_ACCOUNT_TYPE:
2178                 status = privilege_delete_account(&info->sid);
2179                 if (!NT_STATUS_IS_OK(status)) {
2180                         DEBUG(10,("_lsa_DeleteObject: privilege_delete_account gave: %s\n",
2181                                 nt_errstr(status)));
2182                         return status;
2183                 }
2184                 break;
2185         default:
2186                 return NT_STATUS_INVALID_HANDLE;
2187         }
2188
2189         close_policy_hnd(p, r->in.handle);
2190         ZERO_STRUCTP(r->out.handle);
2191
2192         return status;
2193 }
2194
2195 /***************************************************************************
2196  _lsa_EnumPrivs
2197  ***************************************************************************/
2198
2199 NTSTATUS _lsa_EnumPrivs(struct pipes_struct *p,
2200                         struct lsa_EnumPrivs *r)
2201 {
2202         struct lsa_info *handle;
2203         uint32 i;
2204         uint32 enum_context = *r->in.resume_handle;
2205         int num_privs = num_privileges_in_short_list();
2206         struct lsa_PrivEntry *entries = NULL;
2207
2208         /* remember that the enum_context starts at 0 and not 1 */
2209
2210         if ( enum_context >= num_privs )
2211                 return NT_STATUS_NO_MORE_ENTRIES;
2212
2213         DEBUG(10,("_lsa_EnumPrivs: enum_context:%d total entries:%d\n",
2214                 enum_context, num_privs));
2215
2216         if (!find_policy_by_hnd(p, r->in.handle, (void **)(void *)&handle))
2217                 return NT_STATUS_INVALID_HANDLE;
2218
2219         if (handle->type != LSA_HANDLE_POLICY_TYPE) {
2220                 return NT_STATUS_INVALID_HANDLE;
2221         }
2222
2223         /* check if the user has enough rights
2224            I don't know if it's the right one. not documented.  */
2225
2226         if (!(handle->access & LSA_POLICY_VIEW_LOCAL_INFORMATION))
2227                 return NT_STATUS_ACCESS_DENIED;
2228
2229         if (num_privs) {
2230                 entries = TALLOC_ZERO_ARRAY(p->mem_ctx, struct lsa_PrivEntry, num_privs);
2231                 if (!entries) {
2232                         return NT_STATUS_NO_MEMORY;
2233                 }
2234         } else {
2235                 entries = NULL;
2236         }
2237
2238         for (i = 0; i < num_privs; i++) {
2239                 if( i < enum_context) {
2240
2241                         init_lsa_StringLarge(&entries[i].name, NULL);
2242
2243                         entries[i].luid.low = 0;
2244                         entries[i].luid.high = 0;
2245                 } else {
2246
2247                         init_lsa_StringLarge(&entries[i].name, sec_privilege_name_from_index(i));
2248
2249                         entries[i].luid.low = sec_privilege_from_index(i);
2250                         entries[i].luid.high = 0;
2251                 }
2252         }
2253
2254         enum_context = num_privs;
2255
2256         *r->out.resume_handle = enum_context;
2257         r->out.privs->count = num_privs;
2258         r->out.privs->privs = entries;
2259
2260         return NT_STATUS_OK;
2261 }
2262
2263 /***************************************************************************
2264  _lsa_LookupPrivDisplayName
2265  ***************************************************************************/
2266
2267 NTSTATUS _lsa_LookupPrivDisplayName(struct pipes_struct *p,
2268                                     struct lsa_LookupPrivDisplayName *r)
2269 {
2270         struct lsa_info *handle;
2271         const char *description;
2272         struct lsa_StringLarge *lsa_name;
2273
2274         if (!find_policy_by_hnd(p, r->in.handle, (void **)(void *)&handle))
2275                 return NT_STATUS_INVALID_HANDLE;
2276
2277         if (handle->type != LSA_HANDLE_POLICY_TYPE) {
2278                 return NT_STATUS_INVALID_HANDLE;
2279         }
2280
2281         /* check if the user has enough rights */
2282
2283         /*
2284          * I don't know if it's the right one. not documented.
2285          */
2286         if (!(handle->access & LSA_POLICY_VIEW_LOCAL_INFORMATION))
2287                 return NT_STATUS_ACCESS_DENIED;
2288
2289         DEBUG(10,("_lsa_LookupPrivDisplayName: name = %s\n", r->in.name->string));
2290
2291         description = get_privilege_dispname(r->in.name->string);
2292         if (!description) {
2293                 DEBUG(10,("_lsa_LookupPrivDisplayName: doesn't exist\n"));
2294                 return NT_STATUS_NO_SUCH_PRIVILEGE;
2295         }
2296
2297         DEBUG(10,("_lsa_LookupPrivDisplayName: display name = %s\n", description));
2298
2299         lsa_name = TALLOC_ZERO_P(p->mem_ctx, struct lsa_StringLarge);
2300         if (!lsa_name) {
2301                 return NT_STATUS_NO_MEMORY;
2302         }
2303
2304         init_lsa_StringLarge(lsa_name, description);
2305
2306         *r->out.returned_language_id = r->in.language_id;
2307         *r->out.disp_name = lsa_name;
2308
2309         return NT_STATUS_OK;
2310 }
2311
2312 /***************************************************************************
2313  _lsa_EnumAccounts
2314  ***************************************************************************/
2315
2316 NTSTATUS _lsa_EnumAccounts(struct pipes_struct *p,
2317                            struct lsa_EnumAccounts *r)
2318 {
2319         struct lsa_info *handle;
2320         struct dom_sid *sid_list;
2321         int i, j, num_entries;
2322         NTSTATUS status;
2323         struct lsa_SidPtr *sids = NULL;
2324
2325         if (!find_policy_by_hnd(p, r->in.handle, (void **)(void *)&handle))
2326                 return NT_STATUS_INVALID_HANDLE;
2327
2328         if (handle->type != LSA_HANDLE_POLICY_TYPE) {
2329                 return NT_STATUS_INVALID_HANDLE;
2330         }
2331
2332         if (!(handle->access & LSA_POLICY_VIEW_LOCAL_INFORMATION))
2333                 return NT_STATUS_ACCESS_DENIED;
2334
2335         sid_list = NULL;
2336         num_entries = 0;
2337
2338         /* The only way we can currently find out all the SIDs that have been
2339            privileged is to scan all privileges */
2340
2341         status = privilege_enumerate_accounts(&sid_list, &num_entries);
2342         if (!NT_STATUS_IS_OK(status)) {
2343                 return status;
2344         }
2345
2346         if (*r->in.resume_handle >= num_entries) {
2347                 return NT_STATUS_NO_MORE_ENTRIES;
2348         }
2349
2350         if (num_entries - *r->in.resume_handle) {
2351                 sids = TALLOC_ZERO_ARRAY(p->mem_ctx, struct lsa_SidPtr,
2352                                          num_entries - *r->in.resume_handle);
2353                 if (!sids) {
2354                         talloc_free(sid_list);
2355                         return NT_STATUS_NO_MEMORY;
2356                 }
2357
2358                 for (i = *r->in.resume_handle, j = 0; i < num_entries; i++, j++) {
2359                         sids[j].sid = dom_sid_dup(p->mem_ctx, &sid_list[i]);
2360                         if (!sids[j].sid) {
2361                                 talloc_free(sid_list);
2362                                 return NT_STATUS_NO_MEMORY;
2363                         }
2364                 }
2365         }
2366
2367         talloc_free(sid_list);
2368
2369         *r->out.resume_handle = num_entries;
2370         r->out.sids->num_sids = num_entries;
2371         r->out.sids->sids = sids;
2372
2373         return NT_STATUS_OK;
2374 }
2375
2376 /***************************************************************************
2377  _lsa_GetUserName
2378  ***************************************************************************/
2379
2380 NTSTATUS _lsa_GetUserName(struct pipes_struct *p,
2381                           struct lsa_GetUserName *r)
2382 {
2383         const char *username, *domname;
2384         struct lsa_String *account_name = NULL;
2385         struct lsa_String *authority_name = NULL;
2386
2387         if (r->in.account_name &&
2388            *r->in.account_name) {
2389                 return NT_STATUS_INVALID_PARAMETER;
2390         }
2391
2392         if (r->in.authority_name &&
2393            *r->in.authority_name) {
2394                 return NT_STATUS_INVALID_PARAMETER;
2395         }
2396
2397         if (p->server_info->guest) {
2398                 /*
2399                  * I'm 99% sure this is not the right place to do this,
2400                  * global_sid_Anonymous should probably be put into the token
2401                  * instead of the guest id -- vl
2402                  */
2403                 if (!lookup_sid(p->mem_ctx, &global_sid_Anonymous,
2404                                 &domname, &username, NULL)) {
2405                         return NT_STATUS_NO_MEMORY;
2406                 }
2407         } else {
2408                 username = p->server_info->sanitized_username;
2409                 domname = p->server_info->info3->base.domain.string;
2410         }
2411
2412         account_name = TALLOC_P(p->mem_ctx, struct lsa_String);
2413         if (!account_name) {
2414                 return NT_STATUS_NO_MEMORY;
2415         }
2416         init_lsa_String(account_name, username);
2417
2418         if (r->out.authority_name) {
2419                 authority_name = TALLOC_P(p->mem_ctx, struct lsa_String);
2420                 if (!authority_name) {
2421                         return NT_STATUS_NO_MEMORY;
2422                 }
2423                 init_lsa_String(authority_name, domname);
2424         }
2425
2426         *r->out.account_name = account_name;
2427         if (r->out.authority_name) {
2428                 *r->out.authority_name = authority_name;
2429         }
2430
2431         return NT_STATUS_OK;
2432 }
2433
2434 /***************************************************************************
2435  _lsa_CreateAccount
2436  ***************************************************************************/
2437
2438 NTSTATUS _lsa_CreateAccount(struct pipes_struct *p,
2439                             struct lsa_CreateAccount *r)
2440 {
2441         NTSTATUS status;
2442         struct lsa_info *handle;
2443         uint32_t acc_granted;
2444         struct security_descriptor *psd;
2445         size_t sd_size;
2446
2447         /* find the connection policy handle. */
2448         if (!find_policy_by_hnd(p, r->in.handle, (void **)(void *)&handle))
2449                 return NT_STATUS_INVALID_HANDLE;
2450
2451         if (handle->type != LSA_HANDLE_POLICY_TYPE) {
2452                 return NT_STATUS_INVALID_HANDLE;
2453         }
2454
2455         /* check if the user has enough rights */
2456
2457         if (!(handle->access & LSA_POLICY_CREATE_ACCOUNT)) {
2458                 return NT_STATUS_ACCESS_DENIED;
2459         }
2460
2461         /* Work out max allowed. */
2462         map_max_allowed_access(p->server_info->security_token,
2463                                &p->server_info->utok,
2464                                &r->in.access_mask);
2465
2466         /* map the generic bits to the lsa policy ones */
2467         se_map_generic(&r->in.access_mask, &lsa_account_mapping);
2468
2469         status = make_lsa_object_sd(p->mem_ctx, &psd, &sd_size,
2470                                     &lsa_account_mapping,
2471                                     r->in.sid, LSA_POLICY_ALL_ACCESS);
2472         if (!NT_STATUS_IS_OK(status)) {
2473                 return status;
2474         }
2475
2476         status = access_check_object(psd, p->server_info->security_token,
2477                                      SEC_PRIV_INVALID, SEC_PRIV_INVALID, 0, r->in.access_mask,
2478                                      &acc_granted, "_lsa_CreateAccount");
2479         if (!NT_STATUS_IS_OK(status)) {
2480                 return status;
2481         }
2482
2483         if ( is_privileged_sid( r->in.sid ) )
2484                 return NT_STATUS_OBJECT_NAME_COLLISION;
2485
2486         status = create_lsa_policy_handle(p->mem_ctx, p,
2487                                           LSA_HANDLE_ACCOUNT_TYPE,
2488                                           acc_granted,
2489                                           r->in.sid,
2490                                           NULL,
2491                                           psd,
2492                                           r->out.acct_handle);
2493         if (!NT_STATUS_IS_OK(status)) {
2494                 return NT_STATUS_OBJECT_NAME_NOT_FOUND;
2495         }
2496
2497         return privilege_create_account(r->in.sid);
2498 }
2499
2500 /***************************************************************************
2501  _lsa_OpenAccount
2502  ***************************************************************************/
2503
2504 NTSTATUS _lsa_OpenAccount(struct pipes_struct *p,
2505                           struct lsa_OpenAccount *r)
2506 {
2507         struct lsa_info *handle;
2508         struct security_descriptor *psd = NULL;
2509         size_t sd_size;
2510         uint32_t des_access = r->in.access_mask;
2511         uint32_t acc_granted;
2512         NTSTATUS status;
2513
2514         /* find the connection policy handle. */
2515         if (!find_policy_by_hnd(p, r->in.handle, (void **)(void *)&handle))
2516                 return NT_STATUS_INVALID_HANDLE;
2517
2518         if (handle->type != LSA_HANDLE_POLICY_TYPE) {
2519                 return NT_STATUS_INVALID_HANDLE;
2520         }
2521
2522         /* des_access is for the account here, not the policy
2523          * handle - so don't check against policy handle. */
2524
2525         /* Work out max allowed. */
2526         map_max_allowed_access(p->server_info->security_token,
2527                                &p->server_info->utok,
2528                                &des_access);
2529
2530         /* map the generic bits to the lsa account ones */
2531         se_map_generic(&des_access, &lsa_account_mapping);
2532
2533         /* get the generic lsa account SD until we store it */
2534         status = make_lsa_object_sd(p->mem_ctx, &psd, &sd_size,
2535                                 &lsa_account_mapping,
2536                                 r->in.sid, LSA_ACCOUNT_ALL_ACCESS);
2537         if (!NT_STATUS_IS_OK(status)) {
2538                 return status;
2539         }
2540
2541         status = access_check_object(psd, p->server_info->security_token,
2542                                      SEC_PRIV_INVALID, SEC_PRIV_INVALID, 0, des_access,
2543                                      &acc_granted, "_lsa_OpenAccount" );
2544         if (!NT_STATUS_IS_OK(status)) {
2545                 return status;
2546         }
2547
2548         /* TODO: Fis the parsing routine before reenabling this check! */
2549         #if 0
2550         if (!lookup_sid(&handle->sid, dom_name, name, &type))
2551                 return NT_STATUS_ACCESS_DENIED;
2552         #endif
2553
2554         status = create_lsa_policy_handle(p->mem_ctx, p,
2555                                           LSA_HANDLE_ACCOUNT_TYPE,
2556                                           acc_granted,
2557                                           r->in.sid,
2558                                           NULL,
2559                                           psd,
2560                                           r->out.acct_handle);
2561         if (!NT_STATUS_IS_OK(status)) {
2562                 return NT_STATUS_OBJECT_NAME_NOT_FOUND;
2563         }
2564
2565         return NT_STATUS_OK;
2566 }
2567
2568 /***************************************************************************
2569  _lsa_EnumPrivsAccount
2570  For a given SID, enumerate all the privilege this account has.
2571  ***************************************************************************/
2572
2573 NTSTATUS _lsa_EnumPrivsAccount(struct pipes_struct *p,
2574                                struct lsa_EnumPrivsAccount *r)
2575 {
2576         NTSTATUS status = NT_STATUS_OK;
2577         struct lsa_info *info=NULL;
2578         PRIVILEGE_SET *privileges;
2579         struct lsa_PrivilegeSet *priv_set = NULL;
2580
2581         /* find the connection policy handle. */
2582         if (!find_policy_by_hnd(p, r->in.handle, (void **)(void *)&info))
2583                 return NT_STATUS_INVALID_HANDLE;
2584
2585         if (info->type != LSA_HANDLE_ACCOUNT_TYPE) {
2586                 return NT_STATUS_INVALID_HANDLE;
2587         }
2588
2589         if (!(info->access & LSA_ACCOUNT_VIEW))
2590                 return NT_STATUS_ACCESS_DENIED;
2591
2592         status = get_privileges_for_sid_as_set(p->mem_ctx, &privileges, &info->sid);
2593         if (!NT_STATUS_IS_OK(status)) {
2594                 return status;
2595         }
2596
2597         *r->out.privs = priv_set = TALLOC_ZERO_P(p->mem_ctx, struct lsa_PrivilegeSet);
2598         if (!priv_set) {
2599                 return NT_STATUS_NO_MEMORY;
2600         }
2601
2602         DEBUG(10,("_lsa_EnumPrivsAccount: %s has %d privileges\n",
2603                   sid_string_dbg(&info->sid),
2604                   privileges->count));
2605
2606         priv_set->count = privileges->count;
2607         priv_set->unknown = 0;
2608         priv_set->set = talloc_move(priv_set, &privileges->set);
2609
2610         return status;
2611 }
2612
2613 /***************************************************************************
2614  _lsa_GetSystemAccessAccount
2615  ***************************************************************************/
2616
2617 NTSTATUS _lsa_GetSystemAccessAccount(struct pipes_struct *p,
2618                                      struct lsa_GetSystemAccessAccount *r)
2619 {
2620         NTSTATUS status;
2621         struct lsa_info *info = NULL;
2622         struct lsa_EnumPrivsAccount e;
2623         struct lsa_PrivilegeSet *privset;
2624
2625         /* find the connection policy handle. */
2626
2627         if (!find_policy_by_hnd(p, r->in.handle, (void **)(void *)&info))
2628                 return NT_STATUS_INVALID_HANDLE;
2629
2630         if (info->type != LSA_HANDLE_ACCOUNT_TYPE) {
2631                 return NT_STATUS_INVALID_HANDLE;
2632         }
2633
2634         if (!(info->access & LSA_ACCOUNT_VIEW))
2635                 return NT_STATUS_ACCESS_DENIED;
2636
2637         privset = talloc_zero(p->mem_ctx, struct lsa_PrivilegeSet);
2638         if (!privset) {
2639                 return NT_STATUS_NO_MEMORY;
2640         }
2641
2642         e.in.handle = r->in.handle;
2643         e.out.privs = &privset;
2644
2645         status = _lsa_EnumPrivsAccount(p, &e);
2646         if (!NT_STATUS_IS_OK(status)) {
2647                 DEBUG(10,("_lsa_GetSystemAccessAccount: "
2648                         "failed to call _lsa_EnumPrivsAccount(): %s\n",
2649                         nt_errstr(status)));
2650                 return status;
2651         }
2652
2653         /* Samba4 would iterate over the privset to merge the policy mode bits,
2654          * not sure samba3 can do the same here, so just return what we did in
2655          * the past - gd */
2656
2657         /*
2658           0x01 -> Log on locally
2659           0x02 -> Access this computer from network
2660           0x04 -> Log on as a batch job
2661           0x10 -> Log on as a service
2662
2663           they can be ORed together
2664         */
2665
2666         *r->out.access_mask = LSA_POLICY_MODE_INTERACTIVE |
2667                               LSA_POLICY_MODE_NETWORK;
2668
2669         return NT_STATUS_OK;
2670 }
2671
2672 /***************************************************************************
2673   update the systemaccount information
2674  ***************************************************************************/
2675
2676 NTSTATUS _lsa_SetSystemAccessAccount(struct pipes_struct *p,
2677                                      struct lsa_SetSystemAccessAccount *r)
2678 {
2679         struct lsa_info *info=NULL;
2680         GROUP_MAP map;
2681
2682         /* find the connection policy handle. */
2683         if (!find_policy_by_hnd(p, r->in.handle, (void **)(void *)&info))
2684                 return NT_STATUS_INVALID_HANDLE;
2685
2686         if (info->type != LSA_HANDLE_ACCOUNT_TYPE) {
2687                 return NT_STATUS_INVALID_HANDLE;
2688         }
2689
2690         if (!(info->access & LSA_ACCOUNT_ADJUST_SYSTEM_ACCESS)) {
2691                 return NT_STATUS_ACCESS_DENIED;
2692         }
2693
2694         if (!pdb_getgrsid(&map, info->sid))
2695                 return NT_STATUS_NO_SUCH_GROUP;
2696
2697         return pdb_update_group_mapping_entry(&map);
2698 }
2699
2700 /***************************************************************************
2701  _lsa_AddPrivilegesToAccount
2702  For a given SID, add some privileges.
2703  ***************************************************************************/
2704
2705 NTSTATUS _lsa_AddPrivilegesToAccount(struct pipes_struct *p,
2706                                      struct lsa_AddPrivilegesToAccount *r)
2707 {
2708         struct lsa_info *info = NULL;
2709         struct lsa_PrivilegeSet *set = NULL;
2710
2711         /* find the connection policy handle. */
2712         if (!find_policy_by_hnd(p, r->in.handle, (void **)(void *)&info))
2713                 return NT_STATUS_INVALID_HANDLE;
2714
2715         if (info->type != LSA_HANDLE_ACCOUNT_TYPE) {
2716                 return NT_STATUS_INVALID_HANDLE;
2717         }
2718
2719         if (!(info->access & LSA_ACCOUNT_ADJUST_PRIVILEGES)) {
2720                 return NT_STATUS_ACCESS_DENIED;
2721         }
2722
2723         set = r->in.privs;
2724
2725         if ( !grant_privilege_set( &info->sid, set ) ) {
2726                 DEBUG(3,("_lsa_AddPrivilegesToAccount: grant_privilege_set(%s) failed!\n",
2727                          sid_string_dbg(&info->sid) ));
2728                 return NT_STATUS_NO_SUCH_PRIVILEGE;
2729         }
2730
2731         return NT_STATUS_OK;
2732 }
2733
2734 /***************************************************************************
2735  _lsa_RemovePrivilegesFromAccount
2736  For a given SID, remove some privileges.
2737  ***************************************************************************/
2738
2739 NTSTATUS _lsa_RemovePrivilegesFromAccount(struct pipes_struct *p,
2740                                           struct lsa_RemovePrivilegesFromAccount *r)
2741 {
2742         struct lsa_info *info = NULL;
2743         struct lsa_PrivilegeSet *set = NULL;
2744
2745         /* find the connection policy handle. */
2746         if (!find_policy_by_hnd(p, r->in.handle, (void **)(void *)&info))
2747                 return NT_STATUS_INVALID_HANDLE;
2748
2749         if (info->type != LSA_HANDLE_ACCOUNT_TYPE) {
2750                 return NT_STATUS_INVALID_HANDLE;
2751         }
2752
2753         if (!(info->access & LSA_ACCOUNT_ADJUST_PRIVILEGES)) {
2754                 return NT_STATUS_ACCESS_DENIED;
2755         }
2756
2757         set = r->in.privs;
2758
2759         if ( !revoke_privilege_set( &info->sid, set) ) {
2760                 DEBUG(3,("_lsa_RemovePrivilegesFromAccount: revoke_privilege(%s) failed!\n",
2761                          sid_string_dbg(&info->sid) ));
2762                 return NT_STATUS_NO_SUCH_PRIVILEGE;
2763         }
2764
2765         return NT_STATUS_OK;
2766 }
2767
2768 /***************************************************************************
2769  _lsa_LookupPrivName
2770  ***************************************************************************/
2771
2772 NTSTATUS _lsa_LookupPrivName(struct pipes_struct *p,
2773                              struct lsa_LookupPrivName *r)
2774 {
2775         struct lsa_info *info = NULL;
2776         const char *name;
2777         struct lsa_StringLarge *lsa_name;
2778
2779         /* find the connection policy handle. */
2780         if (!find_policy_by_hnd(p, r->in.handle, (void **)(void *)&info)) {
2781                 return NT_STATUS_INVALID_HANDLE;
2782         }
2783
2784         if (info->type != LSA_HANDLE_POLICY_TYPE) {
2785                 return NT_STATUS_INVALID_HANDLE;
2786         }
2787
2788         if (!(info->access & LSA_POLICY_VIEW_LOCAL_INFORMATION)) {
2789                 return NT_STATUS_ACCESS_DENIED;
2790         }
2791
2792         if (r->in.luid->high != 0) {
2793                 return NT_STATUS_NO_SUCH_PRIVILEGE;
2794         }
2795
2796         name = sec_privilege_name(r->in.luid->low);
2797         if (!name) {
2798                 return NT_STATUS_NO_SUCH_PRIVILEGE;
2799         }
2800
2801         lsa_name = TALLOC_ZERO_P(p->mem_ctx, struct lsa_StringLarge);
2802         if (!lsa_name) {
2803                 return NT_STATUS_NO_MEMORY;
2804         }
2805
2806         lsa_name->string = talloc_strdup(lsa_name, name);
2807         if (!lsa_name->string) {
2808                 TALLOC_FREE(lsa_name);
2809                 return NT_STATUS_NO_MEMORY;
2810         }
2811
2812         *r->out.name = lsa_name;
2813
2814         return NT_STATUS_OK;
2815 }
2816
2817 /***************************************************************************
2818  _lsa_QuerySecurity
2819  ***************************************************************************/
2820
2821 NTSTATUS _lsa_QuerySecurity(struct pipes_struct *p,
2822                             struct lsa_QuerySecurity *r)
2823 {
2824         struct lsa_info *handle=NULL;
2825         struct security_descriptor *psd = NULL;
2826         size_t sd_size;
2827         NTSTATUS status;
2828
2829         /* find the connection policy handle. */
2830         if (!find_policy_by_hnd(p, r->in.handle, (void **)(void *)&handle))
2831                 return NT_STATUS_INVALID_HANDLE;
2832
2833         switch (handle->type) {
2834         case LSA_HANDLE_POLICY_TYPE:
2835                 status = make_lsa_object_sd(p->mem_ctx, &psd, &sd_size,
2836                                 &lsa_policy_mapping, NULL, 0);
2837                 break;
2838         case LSA_HANDLE_ACCOUNT_TYPE:
2839                 status = make_lsa_object_sd(p->mem_ctx, &psd, &sd_size,
2840                                 &lsa_account_mapping,
2841                                 &handle->sid, LSA_ACCOUNT_ALL_ACCESS);
2842                 break;
2843         default:
2844                 status = NT_STATUS_INVALID_HANDLE;
2845                 break;
2846         }
2847
2848         if (!NT_STATUS_IS_OK(status)) {
2849                 return status;
2850         }
2851
2852         *r->out.sdbuf = make_sec_desc_buf(p->mem_ctx, sd_size, psd);
2853         if (!*r->out.sdbuf) {
2854                 return NT_STATUS_NO_MEMORY;
2855         }
2856
2857         return status;
2858 }
2859
2860 /***************************************************************************
2861  _lsa_AddAccountRights
2862  ***************************************************************************/
2863
2864 NTSTATUS _lsa_AddAccountRights(struct pipes_struct *p,
2865                                struct lsa_AddAccountRights *r)
2866 {
2867         struct lsa_info *info = NULL;
2868         int i = 0;
2869         uint32_t acc_granted = 0;
2870         struct security_descriptor *psd = NULL;
2871         size_t sd_size;
2872         struct dom_sid sid;
2873         NTSTATUS status;
2874
2875         /* find the connection policy handle. */
2876         if (!find_policy_by_hnd(p, r->in.handle, (void **)(void *)&info))
2877                 return NT_STATUS_INVALID_HANDLE;
2878
2879         if (info->type != LSA_HANDLE_POLICY_TYPE) {
2880                 return NT_STATUS_INVALID_HANDLE;
2881         }
2882
2883         /* get the generic lsa account SD for this SID until we store it */
2884         status = make_lsa_object_sd(p->mem_ctx, &psd, &sd_size,
2885                                 &lsa_account_mapping,
2886                                 r->in.sid, LSA_ACCOUNT_ALL_ACCESS);
2887         if (!NT_STATUS_IS_OK(status)) {
2888                 return status;
2889         }
2890
2891         /*
2892          * From the MS DOCs. If the sid doesn't exist, ask for LSA_POLICY_CREATE_ACCOUNT
2893          * on the policy handle. If it does, ask for
2894          * LSA_ACCOUNT_ADJUST_PRIVILEGES|LSA_ACCOUNT_ADJUST_SYSTEM_ACCESS|LSA_ACCOUNT_VIEW,
2895          * on the account sid. We don't check here so just use the latter. JRA.
2896          */
2897
2898         status = access_check_object(psd, p->server_info->security_token,
2899                                      SEC_PRIV_INVALID, SEC_PRIV_INVALID, 0,
2900                                      LSA_ACCOUNT_ADJUST_PRIVILEGES|LSA_ACCOUNT_ADJUST_SYSTEM_ACCESS|LSA_ACCOUNT_VIEW,
2901                                      &acc_granted, "_lsa_AddAccountRights" );
2902         if (!NT_STATUS_IS_OK(status)) {
2903                 return status;
2904         }
2905
2906         /* according to an NT4 PDC, you can add privileges to SIDs even without
2907            call_lsa_create_account() first.  And you can use any arbitrary SID. */
2908
2909         sid_copy( &sid, r->in.sid );
2910
2911         for ( i=0; i < r->in.rights->count; i++ ) {
2912
2913                 const char *privname = r->in.rights->names[i].string;
2914
2915                 /* only try to add non-null strings */
2916
2917                 if ( !privname )
2918                         continue;
2919
2920                 if ( !grant_privilege_by_name( &sid, privname ) ) {
2921                         DEBUG(2,("_lsa_AddAccountRights: Failed to add privilege [%s]\n",
2922                                 privname ));
2923                         return NT_STATUS_NO_SUCH_PRIVILEGE;
2924                 }
2925         }
2926
2927         return NT_STATUS_OK;
2928 }
2929
2930 /***************************************************************************
2931  _lsa_RemoveAccountRights
2932  ***************************************************************************/
2933
2934 NTSTATUS _lsa_RemoveAccountRights(struct pipes_struct *p,
2935                                   struct lsa_RemoveAccountRights *r)
2936 {
2937         struct lsa_info *info = NULL;
2938         int i = 0;
2939         struct security_descriptor *psd = NULL;
2940         size_t sd_size;
2941         struct dom_sid sid;
2942         const char *privname = NULL;
2943         uint32_t acc_granted = 0;
2944         NTSTATUS status;
2945
2946         /* find the connection policy handle. */
2947         if (!find_policy_by_hnd(p, r->in.handle, (void **)(void *)&info))
2948                 return NT_STATUS_INVALID_HANDLE;
2949
2950         if (info->type != LSA_HANDLE_POLICY_TYPE) {
2951                 return NT_STATUS_INVALID_HANDLE;
2952         }
2953
2954         /* get the generic lsa account SD for this SID until we store it */
2955         status = make_lsa_object_sd(p->mem_ctx, &psd, &sd_size,
2956                                 &lsa_account_mapping,
2957                                 r->in.sid, LSA_ACCOUNT_ALL_ACCESS);
2958         if (!NT_STATUS_IS_OK(status)) {
2959                 return status;
2960         }
2961
2962         /*
2963          * From the MS DOCs. We need
2964          * LSA_ACCOUNT_ADJUST_PRIVILEGES|LSA_ACCOUNT_ADJUST_SYSTEM_ACCESS|LSA_ACCOUNT_VIEW
2965          * and DELETE on the account sid.
2966          */
2967
2968         status = access_check_object(psd, p->server_info->security_token,
2969                                      SEC_PRIV_INVALID, SEC_PRIV_INVALID, 0,
2970                                      LSA_ACCOUNT_ADJUST_PRIVILEGES|LSA_ACCOUNT_ADJUST_SYSTEM_ACCESS|
2971                                      LSA_ACCOUNT_VIEW|SEC_STD_DELETE,
2972                                      &acc_granted, "_lsa_RemoveAccountRights");
2973         if (!NT_STATUS_IS_OK(status)) {
2974                 return status;
2975         }
2976
2977         sid_copy( &sid, r->in.sid );
2978
2979         if ( r->in.remove_all ) {
2980                 if ( !revoke_all_privileges( &sid ) )
2981                         return NT_STATUS_ACCESS_DENIED;
2982
2983                 return NT_STATUS_OK;
2984         }
2985
2986         for ( i=0; i < r->in.rights->count; i++ ) {
2987
2988                 privname = r->in.rights->names[i].string;
2989
2990                 /* only try to add non-null strings */
2991
2992                 if ( !privname )
2993                         continue;
2994
2995                 if ( !revoke_privilege_by_name( &sid, privname ) ) {
2996                         DEBUG(2,("_lsa_RemoveAccountRights: Failed to revoke privilege [%s]\n",
2997                                 privname ));
2998                         return NT_STATUS_NO_SUCH_PRIVILEGE;
2999                 }
3000         }
3001
3002         return NT_STATUS_OK;
3003 }
3004
3005 /*******************************************************************
3006 ********************************************************************/
3007
3008 static NTSTATUS init_lsa_right_set(TALLOC_CTX *mem_ctx,
3009                                    struct lsa_RightSet *r,
3010                                    PRIVILEGE_SET *privileges)
3011 {
3012         uint32 i;
3013         const char *privname;
3014         const char **privname_array = NULL;
3015         int num_priv = 0;
3016
3017         for (i=0; i<privileges->count; i++) {
3018                 if (privileges->set[i].luid.high) {
3019                         continue;
3020                 }
3021                 privname = sec_privilege_name(privileges->set[i].luid.low);
3022                 if (privname) {
3023                         if (!add_string_to_array(mem_ctx, privname,
3024                                                  &privname_array, &num_priv)) {
3025                                 return NT_STATUS_NO_MEMORY;
3026                         }
3027                 }
3028         }
3029
3030         if (num_priv) {
3031
3032                 r->names = TALLOC_ZERO_ARRAY(mem_ctx, struct lsa_StringLarge,
3033                                              num_priv);
3034                 if (!r->names) {
3035                         return NT_STATUS_NO_MEMORY;
3036                 }
3037
3038                 for (i=0; i<num_priv; i++) {
3039                         init_lsa_StringLarge(&r->names[i], privname_array[i]);
3040                 }
3041
3042                 r->count = num_priv;
3043         }
3044
3045         return NT_STATUS_OK;
3046 }
3047
3048 /***************************************************************************
3049  _lsa_EnumAccountRights
3050  ***************************************************************************/
3051
3052 NTSTATUS _lsa_EnumAccountRights(struct pipes_struct *p,
3053                                 struct lsa_EnumAccountRights *r)
3054 {
3055         NTSTATUS status;
3056         struct lsa_info *info = NULL;
3057         PRIVILEGE_SET *privileges;
3058
3059         /* find the connection policy handle. */
3060
3061         if (!find_policy_by_hnd(p, r->in.handle, (void **)(void *)&info))
3062                 return NT_STATUS_INVALID_HANDLE;
3063
3064         if (info->type != LSA_HANDLE_POLICY_TYPE) {
3065                 return NT_STATUS_INVALID_HANDLE;
3066         }
3067
3068         if (!(info->access & LSA_ACCOUNT_VIEW)) {
3069                 return NT_STATUS_ACCESS_DENIED;
3070         }
3071
3072         /* according to an NT4 PDC, you can add privileges to SIDs even without
3073            call_lsa_create_account() first.  And you can use any arbitrary SID. */
3074
3075         /* according to MS-LSAD 3.1.4.5.10 it is required to return
3076          * NT_STATUS_OBJECT_NAME_NOT_FOUND if the account sid was not found in
3077          * the lsa database */
3078
3079         status = get_privileges_for_sid_as_set(p->mem_ctx, &privileges, r->in.sid);
3080         if (!NT_STATUS_IS_OK(status)) {
3081                 return status;
3082         }
3083
3084         DEBUG(10,("_lsa_EnumAccountRights: %s has %d privileges\n",
3085                   sid_string_dbg(r->in.sid), privileges->count));
3086
3087         status = init_lsa_right_set(p->mem_ctx, r->out.rights, privileges);
3088
3089         return status;
3090 }
3091
3092 /***************************************************************************
3093  _lsa_LookupPrivValue
3094  ***************************************************************************/
3095
3096 NTSTATUS _lsa_LookupPrivValue(struct pipes_struct *p,
3097                               struct lsa_LookupPrivValue *r)
3098 {
3099         struct lsa_info *info = NULL;
3100         const char *name = NULL;
3101
3102         /* find the connection policy handle. */
3103
3104         if (!find_policy_by_hnd(p, r->in.handle, (void **)(void *)&info))
3105                 return NT_STATUS_INVALID_HANDLE;
3106
3107         if (info->type != LSA_HANDLE_POLICY_TYPE) {
3108                 return NT_STATUS_INVALID_HANDLE;
3109         }
3110
3111         if (!(info->access & LSA_POLICY_LOOKUP_NAMES))
3112                 return NT_STATUS_ACCESS_DENIED;
3113
3114         name = r->in.name->string;
3115
3116         DEBUG(10,("_lsa_lookup_priv_value: name = %s\n", name));
3117
3118         r->out.luid->low = sec_privilege_id(name);
3119         r->out.luid->high = 0;
3120         if (r->out.luid->low == SEC_PRIV_INVALID) {
3121                 return NT_STATUS_NO_SUCH_PRIVILEGE;
3122         }
3123         return NT_STATUS_OK;
3124 }
3125
3126 /***************************************************************************
3127  _lsa_EnumAccountsWithUserRight
3128  ***************************************************************************/
3129
3130 NTSTATUS _lsa_EnumAccountsWithUserRight(struct pipes_struct *p,
3131                                         struct lsa_EnumAccountsWithUserRight *r)
3132 {
3133         NTSTATUS status;
3134         struct lsa_info *info = NULL;
3135         struct dom_sid *sids = NULL;
3136         int num_sids = 0;
3137         uint32_t i;
3138         enum sec_privilege privilege;
3139
3140         if (!find_policy_by_hnd(p, r->in.handle, (void **)(void *)&info)) {
3141                 return NT_STATUS_INVALID_HANDLE;
3142         }
3143
3144         if (info->type != LSA_HANDLE_POLICY_TYPE) {
3145                 return NT_STATUS_INVALID_HANDLE;
3146         }
3147
3148         if (!(info->access & LSA_POLICY_LOOKUP_NAMES)) {
3149                 return NT_STATUS_ACCESS_DENIED;
3150         }
3151
3152         if (!r->in.name || !r->in.name->string) {
3153                 return NT_STATUS_NO_SUCH_PRIVILEGE;
3154         }
3155
3156         privilege = sec_privilege_id(r->in.name->string);
3157         if (privilege == SEC_PRIV_INVALID) {
3158                 return NT_STATUS_NO_SUCH_PRIVILEGE;
3159         }
3160
3161         status = privilege_enum_sids(privilege, p->mem_ctx,
3162                                      &sids, &num_sids);
3163         if (!NT_STATUS_IS_OK(status)) {
3164                 return status;
3165         }
3166
3167         r->out.sids->num_sids = num_sids;
3168         r->out.sids->sids = talloc_array(p->mem_ctx, struct lsa_SidPtr,
3169                                          r->out.sids->num_sids);
3170
3171         for (i=0; i < r->out.sids->num_sids; i++) {
3172                 r->out.sids->sids[i].sid = dom_sid_dup(r->out.sids->sids,
3173                                                           &sids[i]);
3174                 if (!r->out.sids->sids[i].sid) {
3175                         TALLOC_FREE(r->out.sids->sids);
3176                         r->out.sids->num_sids = 0;
3177                         return NT_STATUS_NO_MEMORY;
3178                 }
3179         }
3180
3181         return NT_STATUS_OK;
3182 }
3183
3184 /***************************************************************************
3185  _lsa_Delete
3186  ***************************************************************************/
3187
3188 NTSTATUS _lsa_Delete(struct pipes_struct *p,
3189                      struct lsa_Delete *r)
3190 {
3191         return NT_STATUS_NOT_SUPPORTED;
3192 }
3193
3194 /*
3195  * From here on the server routines are just dummy ones to make smbd link with
3196  * librpc/gen_ndr/srv_lsa.c. These routines are actually never called, we are
3197  * pulling the server stubs across one by one.
3198  */
3199
3200 NTSTATUS _lsa_SetSecObj(struct pipes_struct *p, struct lsa_SetSecObj *r)
3201 {
3202         p->rng_fault_state = True;
3203         return NT_STATUS_NOT_IMPLEMENTED;
3204 }
3205
3206 NTSTATUS _lsa_ChangePassword(struct pipes_struct *p,
3207                              struct lsa_ChangePassword *r)
3208 {
3209         p->rng_fault_state = True;
3210         return NT_STATUS_NOT_IMPLEMENTED;
3211 }
3212
3213 NTSTATUS _lsa_SetInfoPolicy(struct pipes_struct *p, struct lsa_SetInfoPolicy *r)
3214 {
3215         p->rng_fault_state = True;
3216         return NT_STATUS_NOT_IMPLEMENTED;
3217 }
3218
3219 NTSTATUS _lsa_ClearAuditLog(struct pipes_struct *p, struct lsa_ClearAuditLog *r)
3220 {
3221         p->rng_fault_state = True;
3222         return NT_STATUS_NOT_IMPLEMENTED;
3223 }
3224
3225 NTSTATUS _lsa_GetQuotasForAccount(struct pipes_struct *p,
3226                                   struct lsa_GetQuotasForAccount *r)
3227 {
3228         p->rng_fault_state = True;
3229         return NT_STATUS_NOT_IMPLEMENTED;
3230 }
3231
3232 NTSTATUS _lsa_SetQuotasForAccount(struct pipes_struct *p,
3233                                   struct lsa_SetQuotasForAccount *r)
3234 {
3235         p->rng_fault_state = True;
3236         return NT_STATUS_NOT_IMPLEMENTED;
3237 }
3238
3239 NTSTATUS _lsa_SetInformationTrustedDomain(struct pipes_struct *p,
3240                                           struct lsa_SetInformationTrustedDomain *r)
3241 {
3242         p->rng_fault_state = True;
3243         return NT_STATUS_NOT_IMPLEMENTED;
3244 }
3245
3246 NTSTATUS _lsa_QuerySecret(struct pipes_struct *p, struct lsa_QuerySecret *r)
3247 {
3248         p->rng_fault_state = True;
3249         return NT_STATUS_NOT_IMPLEMENTED;
3250 }
3251
3252 NTSTATUS _lsa_SetTrustedDomainInfo(struct pipes_struct *p,
3253                                    struct lsa_SetTrustedDomainInfo *r)
3254 {
3255         p->rng_fault_state = True;
3256         return NT_STATUS_NOT_IMPLEMENTED;
3257 }
3258
3259 NTSTATUS _lsa_StorePrivateData(struct pipes_struct *p,
3260                                struct lsa_StorePrivateData *r)
3261 {
3262         p->rng_fault_state = True;
3263         return NT_STATUS_NOT_IMPLEMENTED;
3264 }
3265
3266 NTSTATUS _lsa_RetrievePrivateData(struct pipes_struct *p,
3267                                   struct lsa_RetrievePrivateData *r)
3268 {
3269         p->rng_fault_state = True;
3270         return NT_STATUS_NOT_IMPLEMENTED;
3271 }
3272
3273 NTSTATUS _lsa_SetInfoPolicy2(struct pipes_struct *p,
3274                              struct lsa_SetInfoPolicy2 *r)
3275 {
3276         p->rng_fault_state = True;
3277         return NT_STATUS_NOT_IMPLEMENTED;
3278 }
3279
3280 NTSTATUS _lsa_SetTrustedDomainInfoByName(struct pipes_struct *p,
3281                                          struct lsa_SetTrustedDomainInfoByName *r)
3282 {
3283         p->rng_fault_state = True;
3284         return NT_STATUS_NOT_IMPLEMENTED;
3285 }
3286
3287 NTSTATUS _lsa_EnumTrustedDomainsEx(struct pipes_struct *p,
3288                                    struct lsa_EnumTrustedDomainsEx *r)
3289 {
3290         struct lsa_info *info;
3291         uint32_t count;
3292         struct pdb_trusted_domain **domains;
3293         struct lsa_TrustDomainInfoInfoEx *entries;
3294         int i;
3295         NTSTATUS nt_status;
3296
3297         if (!find_policy_by_hnd(p, r->in.handle, (void **)(void *)&info))
3298                 return NT_STATUS_INVALID_HANDLE;
3299
3300         if (info->type != LSA_HANDLE_POLICY_TYPE) {
3301                 return NT_STATUS_INVALID_HANDLE;
3302         }
3303
3304         /* check if the user has enough rights */
3305         if (!(info->access & LSA_POLICY_VIEW_LOCAL_INFORMATION))
3306                 return NT_STATUS_ACCESS_DENIED;
3307
3308         become_root();
3309         nt_status = pdb_enum_trusted_domains(p->mem_ctx, &count, &domains);
3310         unbecome_root();
3311
3312         if (!NT_STATUS_IS_OK(nt_status)) {
3313                 return nt_status;
3314         }
3315
3316         entries = TALLOC_ZERO_ARRAY(p->mem_ctx, struct lsa_TrustDomainInfoInfoEx,
3317                                     count);
3318         if (!entries) {
3319                 return NT_STATUS_NO_MEMORY;
3320         }
3321
3322         for (i=0; i<count; i++) {
3323                 init_lsa_StringLarge(&entries[i].netbios_name,
3324                                      domains[i]->netbios_name);
3325                 entries[i].sid = &domains[i]->security_identifier;
3326         }
3327
3328         if (*r->in.resume_handle >= count) {
3329                 *r->out.resume_handle = -1;
3330                 TALLOC_FREE(entries);
3331                 return NT_STATUS_NO_MORE_ENTRIES;
3332         }
3333
3334         /* return the rest, limit by max_size. Note that we
3335            use the w2k3 element size value of 60 */
3336         r->out.domains->count = count - *r->in.resume_handle;
3337         r->out.domains->count = MIN(r->out.domains->count,
3338                                     (r->in.max_size/LSA_ENUM_TRUST_DOMAIN_EX_MULTIPLIER));
3339
3340         r->out.domains->domains = entries + *r->in.resume_handle;
3341
3342         if (r->out.domains->count < count - *r->in.resume_handle) {
3343                 *r->out.resume_handle = *r->in.resume_handle + r->out.domains->count;
3344                 return STATUS_MORE_ENTRIES;
3345         }
3346
3347         /* according to MS-LSAD 3.1.4.7.8 output resume handle MUST
3348          * always be larger than the previous input resume handle, in
3349          * particular when hitting the last query it is vital to set the
3350          * resume handle correctly to avoid infinite client loops, as
3351          * seen e.g. with Windows XP SP3 when resume handle is 0 and
3352          * status is NT_STATUS_OK - gd */
3353
3354         *r->out.resume_handle = (uint32_t)-1;
3355
3356         return NT_STATUS_OK;
3357 }
3358
3359 NTSTATUS _lsa_QueryDomainInformationPolicy(struct pipes_struct *p,
3360                                            struct lsa_QueryDomainInformationPolicy *r)
3361 {
3362         p->rng_fault_state = True;
3363         return NT_STATUS_NOT_IMPLEMENTED;
3364 }
3365
3366 NTSTATUS _lsa_SetDomainInformationPolicy(struct pipes_struct *p,
3367                                          struct lsa_SetDomainInformationPolicy *r)
3368 {
3369         p->rng_fault_state = True;
3370         return NT_STATUS_NOT_IMPLEMENTED;
3371 }
3372
3373 NTSTATUS _lsa_TestCall(struct pipes_struct *p, struct lsa_TestCall *r)
3374 {
3375         p->rng_fault_state = True;
3376         return NT_STATUS_NOT_IMPLEMENTED;
3377 }
3378
3379 NTSTATUS _lsa_CREDRWRITE(struct pipes_struct *p, struct lsa_CREDRWRITE *r)
3380 {
3381         p->rng_fault_state = True;
3382         return NT_STATUS_NOT_IMPLEMENTED;
3383 }
3384
3385 NTSTATUS _lsa_CREDRREAD(struct pipes_struct *p, struct lsa_CREDRREAD *r)
3386 {
3387         p->rng_fault_state = True;
3388         return NT_STATUS_NOT_IMPLEMENTED;
3389 }
3390
3391 NTSTATUS _lsa_CREDRENUMERATE(struct pipes_struct *p, struct lsa_CREDRENUMERATE *r)
3392 {
3393         p->rng_fault_state = True;
3394         return NT_STATUS_NOT_IMPLEMENTED;
3395 }
3396
3397 NTSTATUS _lsa_CREDRWRITEDOMAINCREDENTIALS(struct pipes_struct *p,
3398                                           struct lsa_CREDRWRITEDOMAINCREDENTIALS *r)
3399 {
3400         p->rng_fault_state = True;
3401         return NT_STATUS_NOT_IMPLEMENTED;
3402 }
3403
3404 NTSTATUS _lsa_CREDRREADDOMAINCREDENTIALS(struct pipes_struct *p,
3405                                          struct lsa_CREDRREADDOMAINCREDENTIALS *r)
3406 {
3407         p->rng_fault_state = True;
3408         return NT_STATUS_NOT_IMPLEMENTED;
3409 }
3410
3411 NTSTATUS _lsa_CREDRDELETE(struct pipes_struct *p, struct lsa_CREDRDELETE *r)
3412 {
3413         p->rng_fault_state = True;
3414         return NT_STATUS_NOT_IMPLEMENTED;
3415 }
3416
3417 NTSTATUS _lsa_CREDRGETTARGETINFO(struct pipes_struct *p,
3418                                  struct lsa_CREDRGETTARGETINFO *r)
3419 {
3420         p->rng_fault_state = True;
3421         return NT_STATUS_NOT_IMPLEMENTED;
3422 }
3423
3424 NTSTATUS _lsa_CREDRPROFILELOADED(struct pipes_struct *p,
3425                                  struct lsa_CREDRPROFILELOADED *r)
3426 {
3427         p->rng_fault_state = True;
3428         return NT_STATUS_NOT_IMPLEMENTED;
3429 }
3430
3431 NTSTATUS _lsa_CREDRGETSESSIONTYPES(struct pipes_struct *p,
3432                                    struct lsa_CREDRGETSESSIONTYPES *r)
3433 {
3434         p->rng_fault_state = True;
3435         return NT_STATUS_NOT_IMPLEMENTED;
3436 }
3437
3438 NTSTATUS _lsa_LSARREGISTERAUDITEVENT(struct pipes_struct *p,
3439                                      struct lsa_LSARREGISTERAUDITEVENT *r)
3440 {
3441         p->rng_fault_state = True;
3442         return NT_STATUS_NOT_IMPLEMENTED;
3443 }
3444
3445 NTSTATUS _lsa_LSARGENAUDITEVENT(struct pipes_struct *p,
3446                                 struct lsa_LSARGENAUDITEVENT *r)
3447 {
3448         p->rng_fault_state = True;
3449         return NT_STATUS_NOT_IMPLEMENTED;
3450 }
3451
3452 NTSTATUS _lsa_LSARUNREGISTERAUDITEVENT(struct pipes_struct *p,
3453                                        struct lsa_LSARUNREGISTERAUDITEVENT *r)
3454 {
3455         p->rng_fault_state = True;
3456         return NT_STATUS_NOT_IMPLEMENTED;
3457 }
3458
3459 NTSTATUS _lsa_lsaRQueryForestTrustInformation(struct pipes_struct *p,
3460                                               struct lsa_lsaRQueryForestTrustInformation *r)
3461 {
3462         p->rng_fault_state = True;
3463         return NT_STATUS_NOT_IMPLEMENTED;
3464 }
3465
3466 NTSTATUS _lsa_lsaRSetForestTrustInformation(struct pipes_struct *p,
3467                                             struct lsa_lsaRSetForestTrustInformation *r)
3468 {
3469         p->rng_fault_state = True;
3470         return NT_STATUS_NOT_IMPLEMENTED;
3471 }
3472
3473 NTSTATUS _lsa_CREDRRENAME(struct pipes_struct *p,
3474                           struct lsa_CREDRRENAME *r)
3475 {
3476         p->rng_fault_state = True;
3477         return NT_STATUS_NOT_IMPLEMENTED;
3478 }
3479
3480 NTSTATUS _lsa_LSAROPENPOLICYSCE(struct pipes_struct *p,
3481                                 struct lsa_LSAROPENPOLICYSCE *r)
3482 {
3483         p->rng_fault_state = True;
3484         return NT_STATUS_NOT_IMPLEMENTED;
3485 }
3486
3487 NTSTATUS _lsa_LSARADTREGISTERSECURITYEVENTSOURCE(struct pipes_struct *p,
3488                                                  struct lsa_LSARADTREGISTERSECURITYEVENTSOURCE *r)
3489 {
3490         p->rng_fault_state = True;
3491         return NT_STATUS_NOT_IMPLEMENTED;
3492 }
3493
3494 NTSTATUS _lsa_LSARADTUNREGISTERSECURITYEVENTSOURCE(struct pipes_struct *p,
3495                                                    struct lsa_LSARADTUNREGISTERSECURITYEVENTSOURCE *r)
3496 {
3497         p->rng_fault_state = True;
3498         return NT_STATUS_NOT_IMPLEMENTED;
3499 }
3500
3501 NTSTATUS _lsa_LSARADTREPORTSECURITYEVENT(struct pipes_struct *p,
3502                                          struct lsa_LSARADTREPORTSECURITYEVENT *r)
3503 {
3504         p->rng_fault_state = True;
3505         return NT_STATUS_NOT_IMPLEMENTED;
3506 }