r4447: implement server side of lsa_LookupSids3() and lsa_LookupNames3()
[samba.git] / source4 / rpc_server / lsa / dcesrv_lsa.c
1 /* 
2    Unix SMB/CIFS implementation.
3
4    endpoint server for the lsarpc pipe
5
6    Copyright (C) Andrew Tridgell 2004
7    
8    This program is free software; you can redistribute it and/or modify
9    it under the terms of the GNU General Public License as published by
10    the Free Software Foundation; either version 2 of the License, or
11    (at your option) any later version.
12    
13    This program is distributed in the hope that it will be useful,
14    but WITHOUT ANY WARRANTY; without even the implied warranty of
15    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
16    GNU General Public License for more details.
17    
18    You should have received a copy of the GNU General Public License
19    along with this program; if not, write to the Free Software
20    Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
21 */
22
23 #include "includes.h"
24 #include "librpc/gen_ndr/ndr_lsa.h"
25 #include "librpc/gen_ndr/ndr_samr.h"
26 #include "rpc_server/dcerpc_server.h"
27 #include "rpc_server/common/common.h"
28 #include "lib/ldb/include/ldb.h"
29 #include "auth/auth.h"
30
31 /*
32   this type allows us to distinguish handle types
33 */
34 enum lsa_handle {
35         LSA_HANDLE_POLICY,
36         LSA_HANDLE_ACCOUNT,
37         LSA_HANDLE_SECRET
38 };
39
40 /*
41   state associated with a lsa_OpenPolicy() operation
42 */
43 struct lsa_policy_state {
44         struct dcesrv_handle *handle;
45         void *sam_ctx;
46         struct sidmap_context *sidmap;
47         uint32_t access_mask;
48         const char *domain_dn;
49         const char *builtin_dn;
50         const char *domain_name;
51         struct dom_sid *domain_sid;
52         struct dom_sid *builtin_sid;
53 };
54
55
56 /*
57   state associated with a lsa_OpenAccount() operation
58 */
59 struct lsa_account_state {
60         struct lsa_policy_state *policy;
61         uint32_t access_mask;
62         struct dom_sid *account_sid;
63         const char *account_sid_str;
64         const char *account_dn;
65 };
66
67
68 /*
69   destroy an open policy. This closes the database connection
70 */
71 static void lsa_Policy_destroy(struct dcesrv_connection *conn, struct dcesrv_handle *h)
72 {
73         struct lsa_policy_state *state = h->data;
74         talloc_free(state);
75 }
76
77 /*
78   destroy an open account.
79 */
80 static void lsa_Account_destroy(struct dcesrv_connection *conn, struct dcesrv_handle *h)
81 {
82         struct lsa_account_state *astate = h->data;
83         talloc_free(astate);
84 }
85
86 /* 
87   lsa_Close 
88 */
89 static NTSTATUS lsa_Close(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
90                           struct lsa_Close *r)
91 {
92         struct dcesrv_handle *h;
93
94         *r->out.handle = *r->in.handle;
95
96         DCESRV_PULL_HANDLE(h, r->in.handle, DCESRV_HANDLE_ANY);
97
98         /* this causes the callback samr_XXX_destroy() to be called by
99            the handle destroy code which destroys the state associated
100            with the handle */
101         dcesrv_handle_destroy(dce_call->conn, h);
102
103         ZERO_STRUCTP(r->out.handle);
104
105         return NT_STATUS_OK;
106 }
107
108
109 /* 
110   lsa_Delete 
111 */
112 static NTSTATUS lsa_Delete(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
113                            struct lsa_Delete *r)
114 {
115         DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
116 }
117
118
119 /* 
120   lsa_EnumPrivs 
121 */
122 static NTSTATUS lsa_EnumPrivs(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
123                               struct lsa_EnumPrivs *r)
124 {
125         struct dcesrv_handle *h;
126         struct lsa_policy_state *state;
127         int i;
128         const char *privname;
129
130         DCESRV_PULL_HANDLE(h, r->in.handle, LSA_HANDLE_POLICY);
131
132         state = h->data;
133
134         i = *r->in.resume_handle;
135         if (i == 0) i = 1;
136
137         while ((privname = sec_privilege_name(i)) &&
138                r->out.privs->count < r->in.max_count) {
139                 struct lsa_PrivEntry *e;
140
141                 r->out.privs->privs = talloc_realloc_p(r->out.privs,
142                                                        r->out.privs->privs, 
143                                                        struct lsa_PrivEntry, 
144                                                        r->out.privs->count+1);
145                 if (r->out.privs->privs == NULL) {
146                         return NT_STATUS_NO_MEMORY;
147                 }
148                 e = &r->out.privs->privs[r->out.privs->count];
149                 e->luid.low = i;
150                 e->luid.high = 0;
151                 e->name.string = privname;
152                 r->out.privs->count++;
153                 i++;
154         }
155
156         *r->out.resume_handle = i;
157
158         return NT_STATUS_OK;
159 }
160
161
162 /* 
163   lsa_QuerySecObj 
164 */
165 static NTSTATUS lsa_QuerySecurity(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
166                                   struct lsa_QuerySecurity *r)
167 {
168         DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
169 }
170
171
172 /* 
173   lsa_SetSecObj 
174 */
175 static NTSTATUS lsa_SetSecObj(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
176                               struct lsa_SetSecObj *r)
177 {
178         DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
179 }
180
181
182 /* 
183   lsa_ChangePassword 
184 */
185 static NTSTATUS lsa_ChangePassword(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
186                                    struct lsa_ChangePassword *r)
187 {
188         DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
189 }
190
191 static NTSTATUS lsa_get_policy_state(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
192                                      struct lsa_policy_state **_state)
193 {
194         struct lsa_policy_state *state;
195         const char *sid_str;
196
197         state = talloc_p(mem_ctx, struct lsa_policy_state);
198         if (!state) {
199                 return NT_STATUS_NO_MEMORY;
200         }
201
202         /* make sure the sam database is accessible */
203         state->sam_ctx = samdb_connect(state);
204         if (state->sam_ctx == NULL) {
205                 talloc_free(state);
206                 return NT_STATUS_INVALID_SYSTEM_SERVICE;
207         }
208
209         state->sidmap = sidmap_open(state);
210         if (state->sidmap == NULL) {
211                 talloc_free(state);
212                 return NT_STATUS_INVALID_SYSTEM_SERVICE;
213         }
214
215         /* work out the domain_dn - useful for so many calls its worth
216            fetching here */
217         state->domain_dn = samdb_search_string(state->sam_ctx, state, NULL,
218                                                "dn", "(&(objectClass=domain)(!(objectclass=builtinDomain)))");
219         if (!state->domain_dn) {
220                 talloc_free(state);
221                 return NT_STATUS_NO_SUCH_DOMAIN;                
222         }
223
224         /* work out the builtin_dn - useful for so many calls its worth
225            fetching here */
226         state->builtin_dn = samdb_search_string(state->sam_ctx, state, NULL,
227                                                 "dn", "objectClass=builtinDomain");
228         if (!state->builtin_dn) {
229                 talloc_free(state);
230                 return NT_STATUS_NO_SUCH_DOMAIN;                
231         }
232
233         sid_str = samdb_search_string(state->sam_ctx, state, NULL,
234                                       "objectSid", "dn=%s", state->domain_dn);
235         if (!sid_str) {
236                 talloc_free(state);
237                 return NT_STATUS_NO_SUCH_DOMAIN;                
238         }
239
240         state->domain_sid = dom_sid_parse_talloc(state, sid_str);
241         if (!state->domain_sid) {
242                 talloc_free(state);
243                 return NT_STATUS_NO_SUCH_DOMAIN;                
244         }
245
246         state->builtin_sid = dom_sid_parse_talloc(state, SID_BUILTIN);
247         if (!state->builtin_sid) {
248                 talloc_free(state);
249                 return NT_STATUS_NO_SUCH_DOMAIN;                
250         }
251
252         state->domain_name = samdb_search_string(state->sam_ctx, state, NULL,
253                                                  "name", "dn=%s", state->domain_dn);
254         if (!state->domain_name) {
255                 talloc_free(state);
256                 return NT_STATUS_NO_SUCH_DOMAIN;                
257         }
258
259         *_state = state;
260
261         return NT_STATUS_OK;
262 }
263
264 /* 
265   lsa_OpenPolicy2
266 */
267 static NTSTATUS lsa_OpenPolicy2(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
268                                struct lsa_OpenPolicy2 *r)
269 {
270         NTSTATUS status;
271         struct lsa_policy_state *state;
272         struct dcesrv_handle *handle;
273
274         ZERO_STRUCTP(r->out.handle);
275
276         status = lsa_get_policy_state(dce_call, mem_ctx, &state);
277         if (!NT_STATUS_IS_OK(status)) {
278                 return status;
279         }
280
281         handle = dcesrv_handle_new(dce_call->conn, LSA_HANDLE_POLICY);
282         if (!handle) {
283                 return NT_STATUS_NO_MEMORY;
284         }
285
286         handle->data = talloc_reference(handle, state);
287         handle->destroy = lsa_Policy_destroy;
288
289         state->access_mask = r->in.access_mask;
290         state->handle = handle;
291         *r->out.handle = handle->wire_handle;
292
293         /* note that we have completely ignored the attr element of
294            the OpenPolicy. As far as I can tell, this is what w2k3
295            does */
296
297         return NT_STATUS_OK;
298 }
299
300 /* 
301   lsa_OpenPolicy
302   a wrapper around lsa_OpenPolicy2
303 */
304 static NTSTATUS lsa_OpenPolicy(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
305                                 struct lsa_OpenPolicy *r)
306 {
307         struct lsa_OpenPolicy2 r2;
308
309         r2.in.system_name = NULL;
310         r2.in.attr = r->in.attr;
311         r2.in.access_mask = r->in.access_mask;
312         r2.out.handle = r->out.handle;
313
314         return lsa_OpenPolicy2(dce_call, mem_ctx, &r2);
315 }
316
317
318
319
320 /*
321   fill in the AccountDomain info
322 */
323 static NTSTATUS lsa_info_AccountDomain(struct lsa_policy_state *state, TALLOC_CTX *mem_ctx,
324                                        struct lsa_DomainInfo *info)
325 {
326         const char * const attrs[] = { "objectSid", "name", NULL};
327         int ret;
328         struct ldb_message **res;
329
330         ret = samdb_search(state->sam_ctx, mem_ctx, NULL, &res, attrs, 
331                            "dn=%s", state->domain_dn);
332         if (ret != 1) {
333                 return NT_STATUS_INTERNAL_DB_CORRUPTION;
334         }
335
336         info->name.string = samdb_result_string(res[0], "name", NULL);
337         info->sid         = samdb_result_dom_sid(mem_ctx, res[0], "objectSid");
338
339         return NT_STATUS_OK;
340 }
341
342 /*
343   fill in the DNS domain info
344 */
345 static NTSTATUS lsa_info_DNS(struct lsa_policy_state *state, TALLOC_CTX *mem_ctx,
346                              struct lsa_DnsDomainInfo *info)
347 {
348         const char * const attrs[] = { "name", "dnsDomain", "objectGUID", "objectSid", NULL };
349         int ret;
350         struct ldb_message **res;
351
352         ret = samdb_search(state->sam_ctx, mem_ctx, NULL, &res, attrs, 
353                            "dn=%s", state->domain_dn);
354         if (ret != 1) {
355                 return NT_STATUS_INTERNAL_DB_CORRUPTION;
356         }
357
358         info->name.string       = samdb_result_string(res[0],           "name", NULL);
359         info->dns_domain.string = samdb_result_string(res[0],           "dnsDomain", NULL);
360         info->dns_forest.string = samdb_result_string(res[0],           "dnsDomain", NULL);
361         info->domain_guid       = samdb_result_guid(res[0],             "objectGUID");
362         info->sid               = samdb_result_dom_sid(mem_ctx, res[0], "objectSid");
363
364         return NT_STATUS_OK;
365 }
366
367 /* 
368   lsa_QueryInfoPolicy2
369 */
370 static NTSTATUS lsa_QueryInfoPolicy2(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
371                                      struct lsa_QueryInfoPolicy2 *r)
372 {
373         struct lsa_policy_state *state;
374         struct dcesrv_handle *h;
375
376         r->out.info = NULL;
377
378         DCESRV_PULL_HANDLE(h, r->in.handle, LSA_HANDLE_POLICY);
379
380         state = h->data;
381
382         r->out.info = talloc_p(mem_ctx, union lsa_PolicyInformation);
383         if (!r->out.info) {
384                 return NT_STATUS_NO_MEMORY;
385         }
386
387         ZERO_STRUCTP(r->out.info);
388
389         switch (r->in.level) {
390         case LSA_POLICY_INFO_DOMAIN:
391         case LSA_POLICY_INFO_ACCOUNT_DOMAIN:
392                 return lsa_info_AccountDomain(state, mem_ctx, &r->out.info->account_domain);
393
394         case LSA_POLICY_INFO_DNS:
395                 return lsa_info_DNS(state, mem_ctx, &r->out.info->dns);
396         }
397
398         return NT_STATUS_INVALID_INFO_CLASS;
399 }
400
401 /* 
402   lsa_QueryInfoPolicy 
403 */
404 static NTSTATUS lsa_QueryInfoPolicy(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
405                                     struct lsa_QueryInfoPolicy *r)
406 {
407         struct lsa_QueryInfoPolicy2 r2;
408         NTSTATUS status;
409
410         r2.in.handle = r->in.handle;
411         r2.in.level = r->in.level;
412         
413         status = lsa_QueryInfoPolicy2(dce_call, mem_ctx, &r2);
414
415         r->out.info = r2.out.info;
416
417         return status;
418 }
419
420 /* 
421   lsa_SetInfoPolicy 
422 */
423 static NTSTATUS lsa_SetInfoPolicy(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
424                                   struct lsa_SetInfoPolicy *r)
425 {
426         DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
427 }
428
429
430 /* 
431   lsa_ClearAuditLog 
432 */
433 static NTSTATUS lsa_ClearAuditLog(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
434                                   struct lsa_ClearAuditLog *r)
435 {
436         DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
437 }
438
439
440 /* 
441   lsa_CreateAccount 
442 */
443 static NTSTATUS lsa_CreateAccount(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
444                                   struct lsa_CreateAccount *r)
445 {
446         DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
447 }
448
449
450 /* 
451   lsa_EnumAccounts 
452 */
453 static NTSTATUS lsa_EnumAccounts(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
454                                  struct lsa_EnumAccounts *r)
455 {
456         struct dcesrv_handle *h;
457         struct lsa_policy_state *state;
458         int ret, i;
459         struct ldb_message **res;
460         const char * const attrs[] = { "objectSid", NULL};
461         uint32_t count;
462
463         DCESRV_PULL_HANDLE(h, r->in.handle, LSA_HANDLE_POLICY);
464
465         state = h->data;
466
467         ret = samdb_search(state->sam_ctx, mem_ctx, state->builtin_dn, &res, attrs, "objectClass=group");
468         if (ret <= 0) {
469                 return NT_STATUS_NO_SUCH_USER;
470         }
471
472         if (*r->in.resume_handle >= ret) {
473                 return NT_STATUS_NO_MORE_ENTRIES;
474         }
475
476         count = ret - *r->in.resume_handle;
477         if (count > r->in.num_entries) {
478                 count = r->in.num_entries;
479         }
480
481         if (count == 0) {
482                 return NT_STATUS_NO_MORE_ENTRIES;
483         }
484
485         r->out.sids->sids = talloc_array_p(r->out.sids, struct lsa_SidPtr, count);
486         if (r->out.sids->sids == NULL) {
487                 return NT_STATUS_NO_MEMORY;
488         }
489
490         for (i=0;i<count;i++) {
491                 const char *sidstr;
492
493                 sidstr = samdb_result_string(res[i + *r->in.resume_handle], "objectSid", NULL);
494                 if (sidstr == NULL) {
495                         return NT_STATUS_NO_MEMORY;
496                 }
497                 r->out.sids->sids[i].sid = dom_sid_parse_talloc(r->out.sids->sids, sidstr);
498                 if (r->out.sids->sids[i].sid == NULL) {
499                         return NT_STATUS_NO_MEMORY;
500                 }
501         }
502
503         r->out.sids->num_sids = count;
504         *r->out.resume_handle = count + *r->in.resume_handle;
505
506         return NT_STATUS_OK;
507         
508 }
509
510
511 /* 
512   lsa_CreateTrustedDomain 
513 */
514 static NTSTATUS lsa_CreateTrustedDomain(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
515                                         struct lsa_CreateTrustedDomain *r)
516 {
517         DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
518 }
519
520
521 /* 
522   lsa_EnumTrustDom 
523 */
524 static NTSTATUS lsa_EnumTrustDom(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
525                        struct lsa_EnumTrustDom *r)
526 {
527         DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
528 }
529
530
531 /*
532   return the authority name and authority sid, given a sid
533 */
534 static NTSTATUS lsa_authority_name(struct lsa_policy_state *state,
535                                    TALLOC_CTX *mem_ctx, struct dom_sid *sid,
536                                    const char **authority_name,
537                                    struct dom_sid **authority_sid)
538 {
539         if (dom_sid_in_domain(state->domain_sid, sid)) {
540                 *authority_name = state->domain_name;
541                 *authority_sid = state->domain_sid;
542                 return NT_STATUS_OK;
543         }
544
545         if (dom_sid_in_domain(state->builtin_sid, sid)) {
546                 *authority_name = "BUILTIN";
547                 *authority_sid = state->builtin_sid;
548                 return NT_STATUS_OK;
549         }
550
551         *authority_sid = dom_sid_dup(mem_ctx, sid);
552         if (*authority_sid == NULL) {
553                 return NT_STATUS_NO_MEMORY;
554         }
555         (*authority_sid)->num_auths = 0;
556         *authority_name = dom_sid_string(mem_ctx, *authority_sid);
557         if (*authority_name == NULL) {
558                 return NT_STATUS_NO_MEMORY;
559         }
560
561         return NT_STATUS_OK;
562 }
563
564 /*
565   add to the lsa_RefDomainList for LookupSids and LookupNames
566 */
567 static NTSTATUS lsa_authority_list(struct lsa_policy_state *state, TALLOC_CTX *mem_ctx, 
568                                    struct dom_sid *sid, 
569                                    struct lsa_RefDomainList *domains,
570                                    uint32_t *sid_index)
571 {
572         NTSTATUS status;
573         const char *authority_name;
574         struct dom_sid *authority_sid;
575         int i;
576
577         /* work out the authority name */
578         status = lsa_authority_name(state, mem_ctx, sid, 
579                                     &authority_name, &authority_sid);
580         if (!NT_STATUS_IS_OK(status)) {
581                 return status;
582         }
583         
584         /* see if we've already done this authority name */
585         for (i=0;i<domains->count;i++) {
586                 if (strcmp(authority_name, domains->domains[i].name.string) == 0) {
587                         *sid_index = i;
588                         return NT_STATUS_OK;
589                 }
590         }
591
592         domains->domains = talloc_realloc_p(domains, 
593                                             domains->domains,
594                                             struct lsa_TrustInformation,
595                                             domains->count+1);
596         if (domains->domains == NULL) {
597                 return NT_STATUS_NO_MEMORY;
598         }
599         domains->domains[i].name.string = authority_name;
600         domains->domains[i].sid         = authority_sid;
601         domains->count++;
602         *sid_index = i;
603         
604         return NT_STATUS_OK;
605 }
606
607 /*
608   lookup a name for 1 SID
609 */
610 static NTSTATUS lsa_lookup_sid(struct lsa_policy_state *state, TALLOC_CTX *mem_ctx,
611                                struct dom_sid *sid, const char *sid_str,
612                                const char **name, uint32_t *atype)
613 {
614         int ret;
615         struct ldb_message **res;
616         const char * const attrs[] = { "sAMAccountName", "sAMAccountType", "name", NULL};
617         NTSTATUS status;
618
619         ret = samdb_search(state->sam_ctx, mem_ctx, NULL, &res, attrs, 
620                            "objectSid=%s", sid_str);
621         if (ret == 1) {
622                 *name = ldb_msg_find_string(res[0], "sAMAccountName", NULL);
623                 if (!*name) {
624                         *name = ldb_msg_find_string(res[0], "name", NULL);
625                         if (!*name) {
626                                 *name = talloc_strdup(mem_ctx, sid_str);
627                                 NTSTATUS_TALLOC_CHECK(*name);
628                         }
629                 }
630
631                 *atype = samdb_result_uint(res[0], "sAMAccountType", 0);
632
633                 return NT_STATUS_OK;
634         }
635
636         status = sidmap_allocated_sid_lookup(state->sidmap, mem_ctx, sid, name, atype);
637
638         return status;
639 }
640
641
642 /*
643   lsa_LookupSids3
644 */
645 static NTSTATUS lsa_LookupSids3(struct dcesrv_call_state *dce_call,
646                                 TALLOC_CTX *mem_ctx,
647                                 struct lsa_LookupSids3 *r)
648 {
649         struct lsa_policy_state *state;
650         int i;
651         NTSTATUS status = NT_STATUS_OK;
652
653         r->out.domains = NULL;
654
655         status = lsa_get_policy_state(dce_call, mem_ctx, &state);
656         if (!NT_STATUS_IS_OK(status)) {
657                 return status;
658         }
659
660         r->out.domains = talloc_zero_p(mem_ctx,  struct lsa_RefDomainList);
661         if (r->out.domains == NULL) {
662                 return NT_STATUS_NO_MEMORY;
663         }
664
665         r->out.names = talloc_zero_p(mem_ctx,  struct lsa_TransNameArray2);
666         if (r->out.names == NULL) {
667                 return NT_STATUS_NO_MEMORY;
668         }
669
670         *r->out.count = 0;
671
672         r->out.names->names = talloc_array_p(r->out.names, struct lsa_TranslatedName2, 
673                                              r->in.sids->num_sids);
674         if (r->out.names->names == NULL) {
675                 return NT_STATUS_NO_MEMORY;
676         }
677
678         for (i=0;i<r->in.sids->num_sids;i++) {
679                 struct dom_sid *sid = r->in.sids->sids[i].sid;
680                 char *sid_str = dom_sid_string(mem_ctx, sid);
681                 const char *name;
682                 uint32_t atype, rtype, sid_index;
683                 NTSTATUS status2;
684
685                 r->out.names->count++;
686                 (*r->out.count)++;
687
688                 r->out.names->names[i].sid_type    = SID_NAME_UNKNOWN;
689                 r->out.names->names[i].name.string = sid_str;
690                 r->out.names->names[i].sid_index   = 0xFFFFFFFF;
691                 r->out.names->names[i].unknown     = 0;
692
693                 if (sid_str == NULL) {
694                         r->out.names->names[i].name.string = "(SIDERROR)";
695                         status = STATUS_SOME_UNMAPPED;
696                         continue;
697                 }
698
699                 /* work out the authority name */
700                 status2 = lsa_authority_list(state, mem_ctx, sid, r->out.domains, &sid_index);
701                 if (!NT_STATUS_IS_OK(status2)) {
702                         return status2;
703                 }
704
705                 status2 = lsa_lookup_sid(state, mem_ctx, sid, sid_str, 
706                                          &name, &atype);
707                 if (!NT_STATUS_IS_OK(status2)) {
708                         status = STATUS_SOME_UNMAPPED;
709                         continue;
710                 }
711
712                 rtype = samdb_atype_map(atype);
713                 if (rtype == SID_NAME_UNKNOWN) {
714                         status = STATUS_SOME_UNMAPPED;
715                         continue;
716                 }
717
718                 r->out.names->names[i].sid_type    = rtype;
719                 r->out.names->names[i].name.string = name;
720                 r->out.names->names[i].sid_index   = sid_index;
721                 r->out.names->names[i].unknown     = 0;
722         }
723         
724         return status;
725 }
726
727
728 /*
729   lsa_LookupSids2
730 */
731 static NTSTATUS lsa_LookupSids2(struct dcesrv_call_state *dce_call,
732                                 TALLOC_CTX *mem_ctx,
733                                 struct lsa_LookupSids2 *r)
734 {
735         struct lsa_LookupSids3 r3;
736         NTSTATUS status;
737
738         r3.in.sids     = r->in.sids;
739         r3.in.names    = r->in.names;
740         r3.in.level    = r->in.level;
741         r3.in.count    = r->in.count;
742         r3.in.unknown1 = r->in.unknown1;
743         r3.in.unknown2 = r->in.unknown2;
744         r3.out.count   = r->out.count;
745         r3.out.names   = r->out.names;
746
747         status = lsa_LookupSids3(dce_call, mem_ctx, &r3);
748         if (dce_call->fault_code != 0) {
749                 return status;
750         }
751
752         r->out.domains = r3.out.domains;
753         r->out.names   = r3.out.names;
754         r->out.count   = r3.out.count;
755
756         return status;
757 }
758
759
760 /* 
761   lsa_LookupSids 
762 */
763 static NTSTATUS lsa_LookupSids(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
764                                struct lsa_LookupSids *r)
765 {
766         struct lsa_LookupSids3 r3;
767         NTSTATUS status;
768         int i;
769
770         r3.in.sids     = r->in.sids;
771         r3.in.names    = NULL;
772         r3.in.level    = r->in.level;
773         r3.in.count    = r->in.count;
774         r3.in.unknown1 = 0;
775         r3.in.unknown2 = 0;
776         r3.out.count   = r->out.count;
777
778         status = lsa_LookupSids3(dce_call, mem_ctx, &r3);
779         if (dce_call->fault_code != 0) {
780                 return status;
781         }
782
783         r->out.domains = r3.out.domains;
784         r->out.names = talloc_p(mem_ctx, struct lsa_TransNameArray);
785         if (r->out.names == NULL) {
786                 return NT_STATUS_NO_MEMORY;
787         }
788         r->out.names->count = r3.out.names->count;
789         r->out.names->names = talloc_array_p(r->out.names, struct lsa_TranslatedName, 
790                                              r->out.names->count);
791         if (r->out.names->names == NULL) {
792                 return NT_STATUS_NO_MEMORY;
793         }
794         for (i=0;i<r->out.names->count;i++) {
795                 r->out.names->names[i].sid_type    = r3.out.names->names[i].sid_type;
796                 r->out.names->names[i].name.string = r3.out.names->names[i].name.string;
797                 r->out.names->names[i].sid_index   = r3.out.names->names[i].sid_index;
798         }
799
800         return status;
801 }
802
803
804 /* 
805   lsa_CreateSecret 
806 */
807 static NTSTATUS lsa_CreateSecret(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
808                        struct lsa_CreateSecret *r)
809 {
810         DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
811 }
812
813
814 /* 
815   lsa_OpenAccount 
816 */
817 static NTSTATUS lsa_OpenAccount(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
818                                 struct lsa_OpenAccount *r)
819 {
820         struct dcesrv_handle *h, *ah;
821         struct lsa_policy_state *state;
822         struct lsa_account_state *astate;
823
824         ZERO_STRUCTP(r->out.acct_handle);
825
826         DCESRV_PULL_HANDLE(h, r->in.handle, LSA_HANDLE_POLICY);
827
828         state = h->data;
829
830         astate = talloc_p(dce_call->conn, struct lsa_account_state);
831         if (astate == NULL) {
832                 return NT_STATUS_NO_MEMORY;
833         }
834
835         astate->account_sid = dom_sid_dup(astate, r->in.sid);
836         if (astate->account_sid == NULL) {
837                 talloc_free(astate);
838                 return NT_STATUS_NO_MEMORY;
839         }
840         
841         astate->account_sid_str = dom_sid_string(astate, astate->account_sid);
842         if (astate->account_sid_str == NULL) {
843                 talloc_free(astate);
844                 return NT_STATUS_NO_MEMORY;
845         }
846
847         /* check it really exists */
848         astate->account_dn = samdb_search_string(state->sam_ctx, astate,
849                                                  NULL, "dn", 
850                                                  "(&(objectSid=%s)(objectClass=group))", 
851                                                  astate->account_sid_str);
852         if (astate->account_dn == NULL) {
853                 talloc_free(astate);
854                 return NT_STATUS_NO_SUCH_USER;
855         }
856         
857         astate->policy = talloc_reference(astate, state);
858         astate->access_mask = r->in.access_mask;
859
860         ah = dcesrv_handle_new(dce_call->conn, LSA_HANDLE_ACCOUNT);
861         if (!ah) {
862                 talloc_free(astate);
863                 return NT_STATUS_NO_MEMORY;
864         }
865
866         ah->data = astate;
867         ah->destroy = lsa_Account_destroy;
868
869         *r->out.acct_handle = ah->wire_handle;
870
871         return NT_STATUS_OK;
872 }
873
874
875 /* 
876   lsa_EnumPrivsAccount 
877 */
878 static NTSTATUS lsa_EnumPrivsAccount(struct dcesrv_call_state *dce_call, 
879                                      TALLOC_CTX *mem_ctx,
880                                      struct lsa_EnumPrivsAccount *r)
881 {
882         struct dcesrv_handle *h;
883         struct lsa_account_state *astate;
884         int ret, i;
885         struct ldb_message **res;
886         const char * const attrs[] = { "privilege", NULL};
887         struct ldb_message_element *el;
888
889         DCESRV_PULL_HANDLE(h, r->in.handle, LSA_HANDLE_ACCOUNT);
890
891         astate = h->data;
892
893         r->out.privs = talloc_p(mem_ctx, struct lsa_PrivilegeSet);
894         r->out.privs->count = 0;
895         r->out.privs->unknown = 0;
896         r->out.privs->set = NULL;
897
898         ret = samdb_search(astate->policy->sam_ctx, mem_ctx, NULL, &res, attrs, 
899                            "dn=%s", astate->account_dn);
900         if (ret != 1) {
901                 return NT_STATUS_OK;
902         }
903
904         el = ldb_msg_find_element(res[0], "privilege");
905         if (el == NULL || el->num_values == 0) {
906                 return NT_STATUS_OK;
907         }
908
909         r->out.privs->set = talloc_array_p(r->out.privs, 
910                                            struct lsa_LUIDAttribute, el->num_values);
911         if (r->out.privs->set == NULL) {
912                 return NT_STATUS_NO_MEMORY;
913         }
914
915         for (i=0;i<el->num_values;i++) {
916                 int id = sec_privilege_id(el->values[i].data);
917                 if (id == -1) {
918                         return NT_STATUS_INTERNAL_DB_CORRUPTION;
919                 }
920                 r->out.privs->set[i].attribute = 0;
921                 r->out.privs->set[i].luid.low = id;
922                 r->out.privs->set[i].luid.high = 0;
923         }
924
925         r->out.privs->count = el->num_values;
926
927         return NT_STATUS_OK;
928 }
929
930 /* 
931   lsa_EnumAccountRights 
932 */
933 static NTSTATUS lsa_EnumAccountRights(struct dcesrv_call_state *dce_call, 
934                                       TALLOC_CTX *mem_ctx,
935                                       struct lsa_EnumAccountRights *r)
936 {
937         struct dcesrv_handle *h;
938         struct lsa_policy_state *state;
939         int ret, i;
940         struct ldb_message **res;
941         const char * const attrs[] = { "privilege", NULL};
942         const char *sidstr;
943         struct ldb_message_element *el;
944
945         DCESRV_PULL_HANDLE(h, r->in.handle, LSA_HANDLE_POLICY);
946
947         state = h->data;
948
949         sidstr = dom_sid_string(mem_ctx, r->in.sid);
950         if (sidstr == NULL) {
951                 return NT_STATUS_NO_MEMORY;
952         }
953
954         ret = samdb_search(state->sam_ctx, mem_ctx, NULL, &res, attrs, 
955                            "objectSid=%s", sidstr);
956         if (ret != 1) {
957                 return NT_STATUS_OBJECT_NAME_NOT_FOUND;
958         }
959
960         el = ldb_msg_find_element(res[0], "privilege");
961         if (el == NULL || el->num_values == 0) {
962                 return NT_STATUS_OBJECT_NAME_NOT_FOUND;
963         }
964
965         r->out.rights->count = el->num_values;
966         r->out.rights->names = talloc_array_p(r->out.rights, 
967                                               struct lsa_String, r->out.rights->count);
968         if (r->out.rights->names == NULL) {
969                 return NT_STATUS_NO_MEMORY;
970         }
971
972         for (i=0;i<el->num_values;i++) {
973                 r->out.rights->names[i].string = el->values[i].data;
974         }
975
976         return NT_STATUS_OK;
977 }
978
979
980
981 /* 
982   helper for lsa_AddAccountRights and lsa_RemoveAccountRights
983 */
984 static NTSTATUS lsa_AddRemoveAccountRights(struct dcesrv_call_state *dce_call, 
985                                            TALLOC_CTX *mem_ctx,
986                                            struct lsa_policy_state *state,
987                                            int ldb_flag,
988                                            struct dom_sid *sid,
989                                            const struct lsa_RightSet *rights)
990 {
991         const char *sidstr;
992         struct ldb_message msg;
993         struct ldb_message_element el;
994         int i, ret;
995         const char *dn;
996         struct lsa_EnumAccountRights r2;
997
998         sidstr = dom_sid_string(mem_ctx, sid);
999         if (sidstr == NULL) {
1000                 return NT_STATUS_NO_MEMORY;
1001         }
1002
1003         dn = samdb_search_string(state->sam_ctx, mem_ctx, NULL, "dn", 
1004                                  "objectSid=%s", sidstr);
1005         if (dn == NULL) {
1006                 return NT_STATUS_NO_SUCH_USER;
1007         }
1008
1009         msg.dn = talloc_strdup(mem_ctx, dn);
1010         if (msg.dn == NULL) {
1011                 return NT_STATUS_NO_MEMORY;
1012         }
1013         msg.num_elements = 1;
1014         msg.elements = &el;
1015         el.flags = ldb_flag;
1016         el.name = talloc_strdup(mem_ctx, "privilege");
1017         if (el.name == NULL) {
1018                 return NT_STATUS_NO_MEMORY;
1019         }
1020
1021         if (ldb_flag == LDB_FLAG_MOD_ADD) {
1022                 NTSTATUS status;
1023
1024                 r2.in.handle = &state->handle->wire_handle;
1025                 r2.in.sid = sid;
1026                 r2.out.rights = talloc_p(mem_ctx, struct lsa_RightSet);
1027
1028                 status = lsa_EnumAccountRights(dce_call, mem_ctx, &r2);
1029                 if (!NT_STATUS_IS_OK(status)) {
1030                         ZERO_STRUCTP(r2.out.rights);
1031                 }
1032         }
1033
1034         el.num_values = 0;
1035         el.values = talloc_array_p(mem_ctx, struct ldb_val, rights->count);
1036         if (el.values == NULL) {
1037                 return NT_STATUS_NO_MEMORY;
1038         }
1039         for (i=0;i<rights->count;i++) {
1040                 if (sec_privilege_id(rights->names[i].string) == -1) {
1041                         return NT_STATUS_NO_SUCH_PRIVILEGE;
1042                 }
1043
1044                 if (ldb_flag == LDB_FLAG_MOD_ADD) {
1045                         int j;
1046                         for (j=0;j<r2.out.rights->count;j++) {
1047                                 if (StrCaseCmp(r2.out.rights->names[j].string, 
1048                                                rights->names[i].string) == 0) {
1049                                         break;
1050                                 }
1051                         }
1052                         if (j != r2.out.rights->count) continue;
1053                 }
1054
1055
1056                 el.values[el.num_values].length = strlen(rights->names[i].string);
1057                 el.values[el.num_values].data = talloc_strdup(mem_ctx, rights->names[i].string);
1058                 if (el.values[el.num_values].data == NULL) {
1059                         return NT_STATUS_NO_MEMORY;
1060                 }
1061                 el.num_values++;
1062         }
1063
1064         if (el.num_values == 0) {
1065                 return NT_STATUS_OK;
1066         }
1067
1068         ret = samdb_modify(state->sam_ctx, mem_ctx, &msg);
1069         if (ret != 0) {
1070                 if (ldb_flag == LDB_FLAG_MOD_DELETE) {
1071                         return NT_STATUS_OBJECT_NAME_NOT_FOUND;
1072                 }
1073                 return NT_STATUS_UNEXPECTED_IO_ERROR;
1074         }
1075
1076         return NT_STATUS_OK;
1077 }
1078
1079 /* 
1080   lsa_AddPrivilegesToAccount
1081 */
1082 static NTSTATUS lsa_AddPrivilegesToAccount(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
1083                                            struct lsa_AddPrivilegesToAccount *r)
1084 {
1085         struct lsa_RightSet rights;
1086         struct dcesrv_handle *h;
1087         struct lsa_account_state *astate;
1088         int i;
1089
1090         DCESRV_PULL_HANDLE(h, r->in.handle, LSA_HANDLE_ACCOUNT);
1091
1092         astate = h->data;
1093
1094         rights.count = r->in.privs->count;
1095         rights.names = talloc_array_p(mem_ctx, struct lsa_String, rights.count);
1096         if (rights.names == NULL) {
1097                 return NT_STATUS_NO_MEMORY;
1098         }
1099         for (i=0;i<rights.count;i++) {
1100                 int id = r->in.privs->set[i].luid.low;
1101                 if (r->in.privs->set[i].luid.high) {
1102                         return NT_STATUS_NO_SUCH_PRIVILEGE;
1103                 }
1104                 rights.names[i].string = sec_privilege_name(id);
1105                 if (rights.names[i].string == NULL) {
1106                         return NT_STATUS_NO_SUCH_PRIVILEGE;
1107                 }
1108         }
1109
1110         return lsa_AddRemoveAccountRights(dce_call, mem_ctx, astate->policy, 
1111                                           LDB_FLAG_MOD_ADD, astate->account_sid,
1112                                           &rights);
1113 }
1114
1115
1116 /* 
1117   lsa_RemovePrivilegesFromAccount
1118 */
1119 static NTSTATUS lsa_RemovePrivilegesFromAccount(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
1120                                                 struct lsa_RemovePrivilegesFromAccount *r)
1121 {
1122         struct lsa_RightSet *rights;
1123         struct dcesrv_handle *h;
1124         struct lsa_account_state *astate;
1125         int i;
1126
1127         DCESRV_PULL_HANDLE(h, r->in.handle, LSA_HANDLE_ACCOUNT);
1128
1129         astate = h->data;
1130
1131         rights = talloc_p(mem_ctx, struct lsa_RightSet);
1132
1133         if (r->in.remove_all == 1 && 
1134             r->in.privs == NULL) {
1135                 struct lsa_EnumAccountRights r2;
1136                 NTSTATUS status;
1137
1138                 r2.in.handle = &astate->policy->handle->wire_handle;
1139                 r2.in.sid = astate->account_sid;
1140                 r2.out.rights = rights;
1141
1142                 status = lsa_EnumAccountRights(dce_call, mem_ctx, &r2);
1143                 if (!NT_STATUS_IS_OK(status)) {
1144                         return status;
1145                 }
1146
1147                 return lsa_AddRemoveAccountRights(dce_call, mem_ctx, astate->policy, 
1148                                                   LDB_FLAG_MOD_DELETE, astate->account_sid,
1149                                                   r2.out.rights);
1150         }
1151
1152         if (r->in.remove_all != 0) {
1153                 return NT_STATUS_INVALID_PARAMETER;
1154         }
1155
1156         rights->count = r->in.privs->count;
1157         rights->names = talloc_array_p(mem_ctx, struct lsa_String, rights->count);
1158         if (rights->names == NULL) {
1159                 return NT_STATUS_NO_MEMORY;
1160         }
1161         for (i=0;i<rights->count;i++) {
1162                 int id = r->in.privs->set[i].luid.low;
1163                 if (r->in.privs->set[i].luid.high) {
1164                         return NT_STATUS_NO_SUCH_PRIVILEGE;
1165                 }
1166                 rights->names[i].string = sec_privilege_name(id);
1167                 if (rights->names[i].string == NULL) {
1168                         return NT_STATUS_NO_SUCH_PRIVILEGE;
1169                 }
1170         }
1171
1172         return lsa_AddRemoveAccountRights(dce_call, mem_ctx, astate->policy, 
1173                                           LDB_FLAG_MOD_DELETE, astate->account_sid,
1174                                           rights);
1175 }
1176
1177
1178 /* 
1179   lsa_GetQuotasForAccount
1180 */
1181 static NTSTATUS lsa_GetQuotasForAccount(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
1182                        struct lsa_GetQuotasForAccount *r)
1183 {
1184         DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
1185 }
1186
1187
1188 /* 
1189   lsa_SetQuotasForAccount
1190 */
1191 static NTSTATUS lsa_SetQuotasForAccount(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
1192                        struct lsa_SetQuotasForAccount *r)
1193 {
1194         DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
1195 }
1196
1197
1198 /* 
1199   lsa_GetSystemAccessAccount
1200 */
1201 static NTSTATUS lsa_GetSystemAccessAccount(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
1202                        struct lsa_GetSystemAccessAccount *r)
1203 {
1204         DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
1205 }
1206
1207
1208 /* 
1209   lsa_SetSystemAccessAccount
1210 */
1211 static NTSTATUS lsa_SetSystemAccessAccount(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
1212                        struct lsa_SetSystemAccessAccount *r)
1213 {
1214         DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
1215 }
1216
1217
1218 /* 
1219   lsa_OpenTrustedDomain
1220 */
1221 static NTSTATUS lsa_OpenTrustedDomain(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
1222                        struct lsa_OpenTrustedDomain *r)
1223 {
1224         DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
1225 }
1226
1227
1228 /* 
1229   lsa_QueryTrustedDomainInfo
1230 */
1231 static NTSTATUS lsa_QueryTrustedDomainInfo(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
1232                        struct lsa_QueryTrustedDomainInfo *r)
1233 {
1234         DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
1235 }
1236
1237
1238 /* 
1239   lsa_SetInformationTrustedDomain
1240 */
1241 static NTSTATUS lsa_SetInformationTrustedDomain(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
1242                        struct lsa_SetInformationTrustedDomain *r)
1243 {
1244         DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
1245 }
1246
1247
1248 /* 
1249   lsa_OpenSecret 
1250 */
1251 static NTSTATUS lsa_OpenSecret(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
1252                        struct lsa_OpenSecret *r)
1253 {
1254         DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
1255 }
1256
1257
1258 /* 
1259   lsa_SetSecret 
1260 */
1261 static NTSTATUS lsa_SetSecret(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
1262                        struct lsa_SetSecret *r)
1263 {
1264         DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
1265 }
1266
1267
1268 /* 
1269   lsa_QuerySecret 
1270 */
1271 static NTSTATUS lsa_QuerySecret(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
1272                        struct lsa_QuerySecret *r)
1273 {
1274         DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
1275 }
1276
1277
1278 /* 
1279   lsa_LookupPrivValue
1280 */
1281 static NTSTATUS lsa_LookupPrivValue(struct dcesrv_call_state *dce_call, 
1282                                     TALLOC_CTX *mem_ctx,
1283                                     struct lsa_LookupPrivValue *r)
1284 {
1285         struct dcesrv_handle *h;
1286         struct lsa_policy_state *state;
1287         int id;
1288
1289         DCESRV_PULL_HANDLE(h, r->in.handle, LSA_HANDLE_POLICY);
1290
1291         state = h->data;
1292
1293         id = sec_privilege_id(r->in.name->string);
1294         if (id == -1) {
1295                 return NT_STATUS_NO_SUCH_PRIVILEGE;
1296         }
1297
1298         r->out.luid->low = id;
1299         r->out.luid->high = 0;
1300
1301         return NT_STATUS_OK;    
1302 }
1303
1304
1305 /* 
1306   lsa_LookupPrivName 
1307 */
1308 static NTSTATUS lsa_LookupPrivName(struct dcesrv_call_state *dce_call, 
1309                                    TALLOC_CTX *mem_ctx,
1310                                    struct lsa_LookupPrivName *r)
1311 {
1312         struct dcesrv_handle *h;
1313         struct lsa_policy_state *state;
1314         const char *privname;
1315
1316         DCESRV_PULL_HANDLE(h, r->in.handle, LSA_HANDLE_POLICY);
1317
1318         state = h->data;
1319
1320         if (r->in.luid->high != 0) {
1321                 return NT_STATUS_NO_SUCH_PRIVILEGE;
1322         }
1323
1324         privname = sec_privilege_name(r->in.luid->low);
1325         if (privname == NULL) {
1326                 return NT_STATUS_NO_SUCH_PRIVILEGE;
1327         }
1328
1329         r->out.name = talloc_p(mem_ctx, struct lsa_String);
1330         if (r->out.name == NULL) {
1331                 return NT_STATUS_NO_MEMORY;
1332         }
1333         r->out.name->string = privname;
1334
1335         return NT_STATUS_OK;    
1336 }
1337
1338
1339 /* 
1340   lsa_LookupPrivDisplayName
1341 */
1342 static NTSTATUS lsa_LookupPrivDisplayName(struct dcesrv_call_state *dce_call, 
1343                                           TALLOC_CTX *mem_ctx,
1344                                           struct lsa_LookupPrivDisplayName *r)
1345 {
1346         struct dcesrv_handle *h;
1347         struct lsa_policy_state *state;
1348         int id;
1349
1350         DCESRV_PULL_HANDLE(h, r->in.handle, LSA_HANDLE_POLICY);
1351
1352         state = h->data;
1353
1354         id = sec_privilege_id(r->in.name->string);
1355         if (id == -1) {
1356                 return NT_STATUS_NO_SUCH_PRIVILEGE;
1357         }
1358         
1359         r->out.disp_name = talloc_p(mem_ctx, struct lsa_String);
1360         if (r->out.disp_name == NULL) {
1361                 return NT_STATUS_NO_MEMORY;
1362         }
1363
1364         r->out.disp_name->string = sec_privilege_display_name(id, r->in.language_id);
1365         if (r->out.disp_name->string == NULL) {
1366                 return NT_STATUS_INTERNAL_ERROR;
1367         }
1368
1369         return NT_STATUS_OK;
1370 }
1371
1372
1373 /* 
1374   lsa_DeleteObject
1375 */
1376 static NTSTATUS lsa_DeleteObject(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
1377                        struct lsa_DeleteObject *r)
1378 {
1379         DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
1380 }
1381
1382
1383 /* 
1384   lsa_EnumAccountsWithUserRight
1385 */
1386 static NTSTATUS lsa_EnumAccountsWithUserRight(struct dcesrv_call_state *dce_call, 
1387                                               TALLOC_CTX *mem_ctx,
1388                                               struct lsa_EnumAccountsWithUserRight *r)
1389 {
1390         struct dcesrv_handle *h;
1391         struct lsa_policy_state *state;
1392         int ret, i;
1393         struct ldb_message **res;
1394         const char * const attrs[] = { "objectSid", NULL};
1395         const char *privname;
1396
1397         DCESRV_PULL_HANDLE(h, r->in.handle, LSA_HANDLE_POLICY);
1398
1399         state = h->data;
1400
1401         if (r->in.name == NULL) {
1402                 return NT_STATUS_NO_SUCH_PRIVILEGE;
1403         } 
1404
1405         privname = r->in.name->string;
1406         if (sec_privilege_id(privname) == -1) {
1407                 return NT_STATUS_NO_SUCH_PRIVILEGE;
1408         }
1409
1410         ret = samdb_search(state->sam_ctx, mem_ctx, NULL, &res, attrs, 
1411                            "privilege=%s", privname);
1412         if (ret <= 0) {
1413                 return NT_STATUS_NO_SUCH_USER;
1414         }
1415
1416         r->out.sids->sids = talloc_array_p(r->out.sids, struct lsa_SidPtr, ret);
1417         if (r->out.sids->sids == NULL) {
1418                 return NT_STATUS_NO_MEMORY;
1419         }
1420         for (i=0;i<ret;i++) {
1421                 const char *sidstr;
1422                 sidstr = samdb_result_string(res[i], "objectSid", NULL);
1423                 if (sidstr == NULL) {
1424                         return NT_STATUS_NO_MEMORY;
1425                 }
1426                 r->out.sids->sids[i].sid = dom_sid_parse_talloc(r->out.sids->sids,
1427                                                                 sidstr);
1428                 if (r->out.sids->sids[i].sid == NULL) {
1429                         return NT_STATUS_NO_MEMORY;
1430                 }
1431         }
1432         r->out.sids->num_sids = ret;
1433
1434         return NT_STATUS_OK;
1435 }
1436
1437
1438 /* 
1439   lsa_AddAccountRights
1440 */
1441 static NTSTATUS lsa_AddAccountRights(struct dcesrv_call_state *dce_call, 
1442                                      TALLOC_CTX *mem_ctx,
1443                                      struct lsa_AddAccountRights *r)
1444 {
1445         struct dcesrv_handle *h;
1446         struct lsa_policy_state *state;
1447
1448         DCESRV_PULL_HANDLE(h, r->in.handle, LSA_HANDLE_POLICY);
1449
1450         state = h->data;
1451
1452         return lsa_AddRemoveAccountRights(dce_call, mem_ctx, state, 
1453                                           LDB_FLAG_MOD_ADD,
1454                                           r->in.sid, r->in.rights);
1455 }
1456
1457
1458 /* 
1459   lsa_RemoveAccountRights
1460 */
1461 static NTSTATUS lsa_RemoveAccountRights(struct dcesrv_call_state *dce_call, 
1462                                         TALLOC_CTX *mem_ctx,
1463                                         struct lsa_RemoveAccountRights *r)
1464 {
1465         struct dcesrv_handle *h;
1466         struct lsa_policy_state *state;
1467
1468         DCESRV_PULL_HANDLE(h, r->in.handle, LSA_HANDLE_POLICY);
1469
1470         state = h->data;
1471
1472         return lsa_AddRemoveAccountRights(dce_call, mem_ctx, state, 
1473                                           LDB_FLAG_MOD_DELETE,
1474                                           r->in.sid, r->in.rights);
1475 }
1476
1477
1478 /* 
1479   lsa_QueryTrustedDomainInfoBySid
1480 */
1481 static NTSTATUS lsa_QueryTrustedDomainInfoBySid(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
1482                                                 struct lsa_QueryTrustedDomainInfoBySid *r)
1483 {
1484         DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
1485 }
1486
1487
1488 /* 
1489   lsa_SetTrustDomainInfo
1490 */
1491 static NTSTATUS lsa_SetTrustDomainInfo(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
1492                        struct lsa_SetTrustDomainInfo *r)
1493 {
1494         DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
1495 }
1496
1497
1498 /* 
1499   lsa_DeleteTrustDomain
1500 */
1501 static NTSTATUS lsa_DeleteTrustDomain(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
1502                        struct lsa_DeleteTrustDomain *r)
1503 {
1504         DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
1505 }
1506
1507
1508 /* 
1509   lsa_StorePrivateData
1510 */
1511 static NTSTATUS lsa_StorePrivateData(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
1512                        struct lsa_StorePrivateData *r)
1513 {
1514         DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
1515 }
1516
1517
1518 /* 
1519   lsa_RetrievePrivateData
1520 */
1521 static NTSTATUS lsa_RetrievePrivateData(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
1522                        struct lsa_RetrievePrivateData *r)
1523 {
1524         DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
1525 }
1526
1527
1528 /* 
1529   lsa_GetUserName
1530 */
1531 static NTSTATUS lsa_GetUserName(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
1532                        struct lsa_GetUserName *r)
1533 {
1534         NTSTATUS status = NT_STATUS_OK;
1535         const char *account_name;
1536         const char *authority_name;
1537         struct lsa_String *_account_name;
1538         struct lsa_StringPointer *_authority_name = NULL;
1539
1540         /* this is what w2k3 does */
1541         r->out.account_name = r->in.account_name;
1542         r->out.authority_name = r->in.authority_name;
1543
1544         if (r->in.account_name && r->in.account_name->string) {
1545                 return NT_STATUS_INVALID_PARAMETER;
1546         }
1547
1548         if (r->in.authority_name &&
1549             r->in.authority_name->string &&
1550             r->in.authority_name->string->string) {
1551                 return NT_STATUS_INVALID_PARAMETER;
1552         }
1553
1554         /* TODO: this check should go and we should rely on the calling code that this is valid */
1555         if (!dce_call->conn->auth_state.session_info ||
1556             !dce_call->conn->auth_state.session_info->server_info ||
1557             !dce_call->conn->auth_state.session_info->server_info->account_name ||
1558             !dce_call->conn->auth_state.session_info->server_info->domain) {
1559                 return NT_STATUS_INTERNAL_ERROR;
1560         }
1561
1562         account_name = talloc_reference(mem_ctx, dce_call->conn->auth_state.session_info->server_info->account_name);
1563         authority_name = talloc_reference(mem_ctx, dce_call->conn->auth_state.session_info->server_info->domain);
1564
1565         _account_name = talloc_p(mem_ctx, struct lsa_String);
1566         NTSTATUS_TALLOC_CHECK(_account_name);
1567         _account_name->string = account_name;
1568
1569         if (r->in.authority_name) {
1570                 _authority_name = talloc_p(mem_ctx, struct lsa_StringPointer);
1571                 NTSTATUS_TALLOC_CHECK(_authority_name);
1572                 _authority_name->string = talloc_p(mem_ctx, struct lsa_String);
1573                 NTSTATUS_TALLOC_CHECK(_authority_name->string);
1574                 _authority_name->string->string = authority_name;
1575         }
1576
1577         r->out.account_name = _account_name;
1578         r->out.authority_name = _authority_name;
1579
1580         return status;
1581 }
1582
1583 /*
1584   lsa_SetInfoPolicy2
1585 */
1586 static NTSTATUS lsa_SetInfoPolicy2(struct dcesrv_call_state *dce_call,
1587                                    TALLOC_CTX *mem_ctx,
1588                                    struct lsa_SetInfoPolicy2 *r)
1589 {
1590         DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
1591 }
1592
1593 /*
1594   lsa_QueryTrustedDomainInfoByName
1595 */
1596 static NTSTATUS lsa_QueryTrustedDomainInfoByName(struct dcesrv_call_state *dce_call,
1597                                                  TALLOC_CTX *mem_ctx,
1598                                                  struct lsa_QueryTrustedDomainInfoByName *r)
1599 {
1600         DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
1601 }
1602
1603 /*
1604   lsa_SetTrustedDomainInfoByName
1605 */
1606 static NTSTATUS lsa_SetTrustedDomainInfoByName(struct dcesrv_call_state *dce_call,
1607                                                TALLOC_CTX *mem_ctx,
1608                                                struct lsa_SetTrustedDomainInfoByName *r)
1609 {
1610         DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
1611 }
1612
1613 /*
1614   lsa_EnumTrustedDomainsEx
1615 */
1616 static NTSTATUS lsa_EnumTrustedDomainsEx(struct dcesrv_call_state *dce_call,
1617                                          TALLOC_CTX *mem_ctx,
1618                                          struct lsa_EnumTrustedDomainsEx *r)
1619 {
1620         DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
1621 }
1622
1623 /*
1624   lsa_CreateTrustedDomainEx
1625 */
1626 static NTSTATUS lsa_CreateTrustedDomainEx(struct dcesrv_call_state *dce_call,
1627                                           TALLOC_CTX *mem_ctx,
1628                                           struct lsa_CreateTrustedDomainEx *r)
1629 {
1630         DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
1631 }
1632
1633 /*
1634   lsa_CloseTrustedDomainEx
1635 */
1636 static NTSTATUS lsa_CloseTrustedDomainEx(struct dcesrv_call_state *dce_call,
1637                                          TALLOC_CTX *mem_ctx,
1638                                          struct lsa_CloseTrustedDomainEx *r)
1639 {
1640         DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
1641 }
1642
1643 /*
1644   lsa_QueryDomainInformationPolicy
1645 */
1646 static NTSTATUS lsa_QueryDomainInformationPolicy(struct dcesrv_call_state *dce_call,
1647                                                  TALLOC_CTX *mem_ctx,
1648                                                  struct lsa_QueryDomainInformationPolicy *r)
1649 {
1650         DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
1651 }
1652
1653 /*
1654   lsa_SetDomInfoPolicy
1655 */
1656 static NTSTATUS lsa_SetDomInfoPolicy(struct dcesrv_call_state *dce_call,
1657                                      TALLOC_CTX *mem_ctx,
1658                                      struct lsa_SetDomInfoPolicy *r)
1659 {
1660         DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
1661 }
1662
1663 /*
1664   lsa_OpenTrustedDomainByName
1665 */
1666 static NTSTATUS lsa_OpenTrustedDomainByName(struct dcesrv_call_state *dce_call,
1667                                             TALLOC_CTX *mem_ctx,
1668                                             struct lsa_OpenTrustedDomainByName *r)
1669 {
1670         DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
1671 }
1672
1673 /*
1674   lsa_TestCall
1675 */
1676 static NTSTATUS lsa_TestCall(struct dcesrv_call_state *dce_call,
1677                              TALLOC_CTX *mem_ctx,
1678                              struct lsa_TestCall *r)
1679 {
1680         DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
1681 }
1682
1683 /*
1684   lookup a SID for 1 name
1685 */
1686 static NTSTATUS lsa_lookup_name(struct lsa_policy_state *state, TALLOC_CTX *mem_ctx,
1687                                 const char *name, struct dom_sid **sid, uint32_t *atype)
1688 {
1689         int ret;
1690         struct ldb_message **res;
1691         const char * const attrs[] = { "objectSid", "sAMAccountType", NULL};
1692         const char *p;
1693
1694         p = strchr_m(name, '\\');
1695         if (p != NULL) {
1696                 /* TODO: properly parse the domain prefix here, and use it to 
1697                    limit the search */
1698                 name = p + 1;
1699         }
1700
1701         ret = samdb_search(state->sam_ctx, mem_ctx, NULL, &res, attrs, "sAMAccountName=%s", name);
1702         if (ret == 1) {
1703                 const char *sid_str = ldb_msg_find_string(res[0], "objectSid", NULL);
1704                 if (sid_str == NULL) {
1705                         return NT_STATUS_INVALID_SID;
1706                 }
1707
1708                 *sid = dom_sid_parse_talloc(mem_ctx, sid_str);
1709                 if (*sid == NULL) {
1710                         return NT_STATUS_INVALID_SID;
1711                 }
1712
1713                 *atype = samdb_result_uint(res[0], "sAMAccountType", 0);
1714
1715                 return NT_STATUS_OK;
1716         }
1717
1718         /* need to add a call into sidmap to check for a allocated sid */
1719
1720         return NT_STATUS_INVALID_SID;
1721 }
1722
1723
1724 /*
1725   lsa_LookupNames3
1726 */
1727 static NTSTATUS lsa_LookupNames3(struct dcesrv_call_state *dce_call,
1728                                  TALLOC_CTX *mem_ctx,
1729                                  struct lsa_LookupNames3 *r)
1730 {
1731         struct lsa_policy_state *state;
1732         struct dcesrv_handle *h;
1733         int i;
1734         NTSTATUS status = NT_STATUS_OK;
1735
1736         r->out.domains = NULL;
1737
1738         DCESRV_PULL_HANDLE(h, r->in.handle, LSA_HANDLE_POLICY);
1739
1740         state = h->data;
1741
1742         r->out.domains = talloc_zero_p(mem_ctx,  struct lsa_RefDomainList);
1743         if (r->out.domains == NULL) {
1744                 return NT_STATUS_NO_MEMORY;
1745         }
1746
1747         r->out.sids = talloc_zero_p(mem_ctx,  struct lsa_TransSidArray3);
1748         if (r->out.sids == NULL) {
1749                 return NT_STATUS_NO_MEMORY;
1750         }
1751
1752         *r->out.count = 0;
1753
1754         r->out.sids->sids = talloc_array_p(r->out.sids, struct lsa_TranslatedSid3, 
1755                                            r->in.num_names);
1756         if (r->out.sids->sids == NULL) {
1757                 return NT_STATUS_NO_MEMORY;
1758         }
1759
1760         for (i=0;i<r->in.num_names;i++) {
1761                 const char *name = r->in.names[i].string;
1762                 struct dom_sid *sid;
1763                 uint32_t atype, rtype, sid_index;
1764                 NTSTATUS status2;
1765
1766                 r->out.sids->count++;
1767                 (*r->out.count)++;
1768
1769                 r->out.sids->sids[i].sid_type    = SID_NAME_UNKNOWN;
1770                 r->out.sids->sids[i].sid         = NULL;
1771                 r->out.sids->sids[i].sid_index   = 0xFFFFFFFF;
1772                 r->out.sids->sids[i].unknown     = 0;
1773
1774                 status2 = lsa_lookup_name(state, mem_ctx, name, &sid, &atype);
1775                 if (!NT_STATUS_IS_OK(status2) || sid->num_auths == 0) {
1776                         status = STATUS_SOME_UNMAPPED;
1777                         continue;
1778                 }
1779
1780                 rtype = samdb_atype_map(atype);
1781                 if (rtype == SID_NAME_UNKNOWN) {
1782                         status = STATUS_SOME_UNMAPPED;
1783                         continue;
1784                 }
1785
1786                 status2 = lsa_authority_list(state, mem_ctx, sid, r->out.domains, &sid_index);
1787                 if (!NT_STATUS_IS_OK(status2)) {
1788                         return status2;
1789                 }
1790
1791                 r->out.sids->sids[i].sid_type    = rtype;
1792                 r->out.sids->sids[i].sid         = sid;
1793                 r->out.sids->sids[i].sid_index   = sid_index;
1794                 r->out.sids->sids[i].unknown     = 0;
1795         }
1796         
1797         return status;
1798 }
1799
1800 /*
1801   lsa_LookupNames2
1802 */
1803 static NTSTATUS lsa_LookupNames2(struct dcesrv_call_state *dce_call,
1804                                  TALLOC_CTX *mem_ctx,
1805                                  struct lsa_LookupNames2 *r)
1806 {
1807         struct lsa_policy_state *state;
1808         struct dcesrv_handle *h;
1809         int i;
1810         NTSTATUS status = NT_STATUS_OK;
1811
1812         r->out.domains = NULL;
1813
1814         DCESRV_PULL_HANDLE(h, r->in.handle, LSA_HANDLE_POLICY);
1815
1816         state = h->data;
1817
1818         r->out.domains = talloc_zero_p(mem_ctx,  struct lsa_RefDomainList);
1819         if (r->out.domains == NULL) {
1820                 return NT_STATUS_NO_MEMORY;
1821         }
1822
1823         r->out.sids = talloc_zero_p(mem_ctx,  struct lsa_TransSidArray2);
1824         if (r->out.sids == NULL) {
1825                 return NT_STATUS_NO_MEMORY;
1826         }
1827
1828         *r->out.count = 0;
1829
1830         r->out.sids->sids = talloc_array_p(r->out.sids, struct lsa_TranslatedSid2, 
1831                                            r->in.num_names);
1832         if (r->out.sids->sids == NULL) {
1833                 return NT_STATUS_NO_MEMORY;
1834         }
1835
1836         for (i=0;i<r->in.num_names;i++) {
1837                 const char *name = r->in.names[i].string;
1838                 struct dom_sid *sid;
1839                 uint32_t atype, rtype, sid_index;
1840                 NTSTATUS status2;
1841
1842                 r->out.sids->count++;
1843                 (*r->out.count)++;
1844
1845                 r->out.sids->sids[i].sid_type    = SID_NAME_UNKNOWN;
1846                 r->out.sids->sids[i].rid         = 0xFFFFFFFF;
1847                 r->out.sids->sids[i].sid_index   = 0xFFFFFFFF;
1848                 r->out.sids->sids[i].unknown     = 0;
1849
1850                 status2 = lsa_lookup_name(state, mem_ctx, name, &sid, &atype);
1851                 if (!NT_STATUS_IS_OK(status2) || sid->num_auths == 0) {
1852                         status = STATUS_SOME_UNMAPPED;
1853                         continue;
1854                 }
1855
1856                 rtype = samdb_atype_map(atype);
1857                 if (rtype == SID_NAME_UNKNOWN) {
1858                         status = STATUS_SOME_UNMAPPED;
1859                         continue;
1860                 }
1861
1862                 status2 = lsa_authority_list(state, mem_ctx, sid, r->out.domains, &sid_index);
1863                 if (!NT_STATUS_IS_OK(status2)) {
1864                         return status2;
1865                 }
1866
1867                 r->out.sids->sids[i].sid_type    = rtype;
1868                 r->out.sids->sids[i].rid         = sid->sub_auths[sid->num_auths-1];
1869                 r->out.sids->sids[i].sid_index   = sid_index;
1870                 r->out.sids->sids[i].unknown     = 0;
1871         }
1872         
1873         return status;
1874 }
1875
1876 /* 
1877   lsa_LookupNames 
1878 */
1879 static NTSTATUS lsa_LookupNames(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
1880                        struct lsa_LookupNames *r)
1881 {
1882         struct lsa_LookupNames2 r2;
1883         NTSTATUS status;
1884         int i;
1885
1886         r2.in.handle    = r->in.handle;
1887         r2.in.num_names = r->in.num_names;
1888         r2.in.names     = r->in.names;
1889         r2.in.sids      = NULL;
1890         r2.in.level     = r->in.level;
1891         r2.in.count     = r->in.count;
1892         r2.in.unknown1  = 0;
1893         r2.in.unknown2  = 0;
1894         r2.out.count    = r->out.count;
1895
1896         status = lsa_LookupNames2(dce_call, mem_ctx, &r2);
1897         if (dce_call->fault_code != 0) {
1898                 return status;
1899         }
1900
1901         r->out.domains = r2.out.domains;
1902         r->out.sids = talloc_p(mem_ctx, struct lsa_TransSidArray);
1903         if (r->out.sids == NULL) {
1904                 return NT_STATUS_NO_MEMORY;
1905         }
1906         r->out.sids->count = r2.out.sids->count;
1907         r->out.sids->sids = talloc_array_p(r->out.sids, struct lsa_TranslatedSid, 
1908                                            r->out.sids->count);
1909         if (r->out.sids->sids == NULL) {
1910                 return NT_STATUS_NO_MEMORY;
1911         }
1912         for (i=0;i<r->out.sids->count;i++) {
1913                 r->out.sids->sids[i].sid_type    = r2.out.sids->sids[i].sid_type;
1914                 r->out.sids->sids[i].rid         = r2.out.sids->sids[i].rid;
1915                 r->out.sids->sids[i].sid_index   = r2.out.sids->sids[i].sid_index;
1916         }
1917
1918         return status;
1919 }
1920
1921
1922
1923 /*
1924   lsa_CreateTrustedDomainEx2
1925 */
1926 static NTSTATUS lsa_CreateTrustedDomainEx2(struct dcesrv_call_state *dce_call,
1927                                            TALLOC_CTX *mem_ctx,
1928                                            struct lsa_CreateTrustedDomainEx2 *r)
1929 {
1930         DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
1931 }
1932
1933 /* 
1934   lsa_CREDRWRITE 
1935 */
1936 static NTSTATUS lsa_CREDRWRITE(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
1937                        struct lsa_CREDRWRITE *r)
1938 {
1939         DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
1940 }
1941
1942
1943 /* 
1944   lsa_CREDRREAD 
1945 */
1946 static NTSTATUS lsa_CREDRREAD(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
1947                        struct lsa_CREDRREAD *r)
1948 {
1949         DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
1950 }
1951
1952
1953 /* 
1954   lsa_CREDRENUMERATE 
1955 */
1956 static NTSTATUS lsa_CREDRENUMERATE(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
1957                        struct lsa_CREDRENUMERATE *r)
1958 {
1959         DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
1960 }
1961
1962
1963 /* 
1964   lsa_CREDRWRITEDOMAINCREDENTIALS 
1965 */
1966 static NTSTATUS lsa_CREDRWRITEDOMAINCREDENTIALS(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
1967                        struct lsa_CREDRWRITEDOMAINCREDENTIALS *r)
1968 {
1969         DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
1970 }
1971
1972
1973 /* 
1974   lsa_CREDRREADDOMAINCREDENTIALS 
1975 */
1976 static NTSTATUS lsa_CREDRREADDOMAINCREDENTIALS(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
1977                        struct lsa_CREDRREADDOMAINCREDENTIALS *r)
1978 {
1979         DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
1980 }
1981
1982
1983 /* 
1984   lsa_CREDRDELETE 
1985 */
1986 static NTSTATUS lsa_CREDRDELETE(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
1987                        struct lsa_CREDRDELETE *r)
1988 {
1989         DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
1990 }
1991
1992
1993 /* 
1994   lsa_CREDRGETTARGETINFO 
1995 */
1996 static NTSTATUS lsa_CREDRGETTARGETINFO(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
1997                        struct lsa_CREDRGETTARGETINFO *r)
1998 {
1999         DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
2000 }
2001
2002
2003 /* 
2004   lsa_CREDRPROFILELOADED 
2005 */
2006 static NTSTATUS lsa_CREDRPROFILELOADED(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
2007                        struct lsa_CREDRPROFILELOADED *r)
2008 {
2009         DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
2010 }
2011
2012
2013 /* 
2014   lsa_CREDRGETSESSIONTYPES 
2015 */
2016 static NTSTATUS lsa_CREDRGETSESSIONTYPES(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
2017                        struct lsa_CREDRGETSESSIONTYPES *r)
2018 {
2019         DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
2020 }
2021
2022
2023 /* 
2024   lsa_LSARREGISTERAUDITEVENT 
2025 */
2026 static NTSTATUS lsa_LSARREGISTERAUDITEVENT(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
2027                        struct lsa_LSARREGISTERAUDITEVENT *r)
2028 {
2029         DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
2030 }
2031
2032
2033 /* 
2034   lsa_LSARGENAUDITEVENT 
2035 */
2036 static NTSTATUS lsa_LSARGENAUDITEVENT(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
2037                        struct lsa_LSARGENAUDITEVENT *r)
2038 {
2039         DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
2040 }
2041
2042
2043 /* 
2044   lsa_LSARUNREGISTERAUDITEVENT 
2045 */
2046 static NTSTATUS lsa_LSARUNREGISTERAUDITEVENT(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
2047                        struct lsa_LSARUNREGISTERAUDITEVENT *r)
2048 {
2049         DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
2050 }
2051
2052
2053 /* 
2054   lsa_LSARQUERYFORESTTRUSTINFORMATION 
2055 */
2056 static NTSTATUS lsa_LSARQUERYFORESTTRUSTINFORMATION(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
2057                        struct lsa_LSARQUERYFORESTTRUSTINFORMATION *r)
2058 {
2059         DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
2060 }
2061
2062
2063 /* 
2064   lsa_LSARSETFORESTTRUSTINFORMATION 
2065 */
2066 static NTSTATUS lsa_LSARSETFORESTTRUSTINFORMATION(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
2067                        struct lsa_LSARSETFORESTTRUSTINFORMATION *r)
2068 {
2069         DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
2070 }
2071
2072
2073 /* 
2074   lsa_CREDRRENAME 
2075 */
2076 static NTSTATUS lsa_CREDRRENAME(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
2077                        struct lsa_CREDRRENAME *r)
2078 {
2079         DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
2080 }
2081
2082
2083 /* 
2084   lsa_LSARLOOKUPNAMES4 
2085 */
2086 static NTSTATUS lsa_LSARLOOKUPNAMES4(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
2087                        struct lsa_LSARLOOKUPNAMES4 *r)
2088 {
2089         DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
2090 }
2091
2092
2093 /* 
2094   lsa_LSAROPENPOLICYSCE 
2095 */
2096 static NTSTATUS lsa_LSAROPENPOLICYSCE(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
2097                        struct lsa_LSAROPENPOLICYSCE *r)
2098 {
2099         DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
2100 }
2101
2102
2103 /* 
2104   lsa_LSARADTREGISTERSECURITYEVENTSOURCE 
2105 */
2106 static NTSTATUS lsa_LSARADTREGISTERSECURITYEVENTSOURCE(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
2107                        struct lsa_LSARADTREGISTERSECURITYEVENTSOURCE *r)
2108 {
2109         DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
2110 }
2111
2112
2113 /* 
2114   lsa_LSARADTUNREGISTERSECURITYEVENTSOURCE 
2115 */
2116 static NTSTATUS lsa_LSARADTUNREGISTERSECURITYEVENTSOURCE(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
2117                        struct lsa_LSARADTUNREGISTERSECURITYEVENTSOURCE *r)
2118 {
2119         DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
2120 }
2121
2122
2123 /* 
2124   lsa_LSARADTREPORTSECURITYEVENT 
2125 */
2126 static NTSTATUS lsa_LSARADTREPORTSECURITYEVENT(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
2127                        struct lsa_LSARADTREPORTSECURITYEVENT *r)
2128 {
2129         DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
2130 }
2131
2132
2133 /* include the generated boilerplate */
2134 #include "librpc/gen_ndr/ndr_lsa_s.c"