2 Unix SMB/CIFS implementation.
4 endpoint server for the lsarpc pipe
6 Copyright (C) Andrew Tridgell 2004
8 This program is free software; you can redistribute it and/or modify
9 it under the terms of the GNU General Public License as published by
10 the Free Software Foundation; either version 2 of the License, or
11 (at your option) any later version.
13 This program is distributed in the hope that it will be useful,
14 but WITHOUT ANY WARRANTY; without even the implied warranty of
15 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 GNU General Public License for more details.
18 You should have received a copy of the GNU General Public License
19 along with this program; if not, write to the Free Software
20 Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
24 #include "librpc/gen_ndr/ndr_lsa.h"
25 #include "rpc_server/dcerpc_server.h"
26 #include "rpc_server/common/common.h"
29 this type allows us to distinguish handle types
38 state associated with a lsa_OpenPolicy() operation
40 struct lsa_policy_state {
44 const char *domain_dn;
51 static void lsa_Policy_close(struct lsa_policy_state *state)
53 state->reference_count--;
54 if (state->reference_count == 0) {
60 destroy an open policy. This closes the database connection
62 static void lsa_Policy_destroy(struct dcesrv_connection *conn, struct dcesrv_handle *h)
64 struct lsa_policy_state *state = h->data;
65 lsa_Policy_close(state);
71 static NTSTATUS lsa_Close(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
74 struct dcesrv_handle *h;
76 *r->out.handle = *r->in.handle;
78 DCESRV_PULL_HANDLE(h, r->in.handle, DCESRV_HANDLE_ANY);
80 /* this causes the callback samr_XXX_destroy() to be called by
81 the handle destroy code which destroys the state associated
83 dcesrv_handle_destroy(dce_call->conn, h);
85 ZERO_STRUCTP(r->out.handle);
94 static NTSTATUS lsa_Delete(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
97 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
104 static NTSTATUS lsa_EnumPrivs(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
105 struct lsa_EnumPrivs *r)
107 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
114 static NTSTATUS lsa_QuerySecObj(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
115 struct lsa_QuerySecObj *r)
117 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
124 static NTSTATUS lsa_SetSecObj(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
125 struct lsa_SetSecObj *r)
127 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
134 static NTSTATUS lsa_ChangePassword(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
135 struct lsa_ChangePassword *r)
137 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
144 static NTSTATUS lsa_OpenPolicy2(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
145 struct lsa_OpenPolicy2 *r)
147 struct lsa_policy_state *state;
148 struct dcesrv_handle *handle;
150 ZERO_STRUCTP(r->out.handle);
152 state = talloc_p(dce_call->conn, struct lsa_policy_state);
154 return NT_STATUS_NO_MEMORY;
157 /* make sure the sam database is accessible */
158 state->sam_ctx = samdb_connect(state);
159 if (state->sam_ctx == NULL) {
161 return NT_STATUS_INVALID_SYSTEM_SERVICE;
164 /* work out the domain_dn - useful for so many calls its worth
166 state->domain_dn = samdb_search_string(state->sam_ctx, state, NULL,
167 "dn", "(&(objectClass=domain)(!(objectclass=builtinDomain)))");
168 if (!state->domain_dn) {
170 return NT_STATUS_NO_SUCH_DOMAIN;
173 handle = dcesrv_handle_new(dce_call->conn, LSA_HANDLE_POLICY);
176 return NT_STATUS_NO_MEMORY;
179 handle->data = state;
180 handle->destroy = lsa_Policy_destroy;
182 state->reference_count = 1;
183 state->access_mask = r->in.access_mask;
184 *r->out.handle = handle->wire_handle;
186 /* note that we have completely ignored the attr element of
187 the OpenPolicy. As far as I can tell, this is what w2k3
195 a wrapper around lsa_OpenPolicy2
197 static NTSTATUS lsa_OpenPolicy(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
198 struct lsa_OpenPolicy *r)
200 struct lsa_OpenPolicy2 r2;
202 r2.in.system_name = NULL;
203 r2.in.attr = r->in.attr;
204 r2.in.access_mask = r->in.access_mask;
205 r2.out.handle = r->out.handle;
207 return lsa_OpenPolicy2(dce_call, mem_ctx, &r2);
214 fill in the AccountDomain info
216 static NTSTATUS lsa_info_AccountDomain(struct lsa_policy_state *state, TALLOC_CTX *mem_ctx,
217 struct lsa_DomainInfo *info)
219 const char * const attrs[] = { "objectSid", "name", NULL};
221 struct ldb_message **res;
223 ret = samdb_search(state->sam_ctx, mem_ctx, NULL, &res, attrs,
224 "dn=%s", state->domain_dn);
226 return NT_STATUS_INTERNAL_DB_CORRUPTION;
229 info->name.name = samdb_result_string(res[0], "name", NULL);
230 info->sid = samdb_result_dom_sid(mem_ctx, res[0], "objectSid");
236 fill in the DNS domain info
238 static NTSTATUS lsa_info_DNS(struct lsa_policy_state *state, TALLOC_CTX *mem_ctx,
239 struct lsa_DnsDomainInfo *info)
241 const char * const attrs[] = { "name", "dnsDomain", "objectGUID", "objectSid", NULL };
243 struct ldb_message **res;
245 ret = samdb_search(state->sam_ctx, mem_ctx, NULL, &res, attrs,
246 "dn=%s", state->domain_dn);
248 return NT_STATUS_INTERNAL_DB_CORRUPTION;
251 info->name.name = samdb_result_string(res[0], "name", NULL);
252 info->dns_domain.name = samdb_result_string(res[0], "dnsDomain", NULL);
253 info->dns_forest.name = samdb_result_string(res[0], "dnsDomain", NULL);
254 info->domain_guid = samdb_result_guid(res[0], "objectGUID");
255 info->sid = samdb_result_dom_sid(mem_ctx, res[0], "objectSid");
263 static NTSTATUS lsa_QueryInfoPolicy2(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
264 struct lsa_QueryInfoPolicy2 *r)
266 struct lsa_policy_state *state;
267 struct dcesrv_handle *h;
271 DCESRV_PULL_HANDLE(h, r->in.handle, LSA_HANDLE_POLICY);
275 r->out.info = talloc_p(mem_ctx, union lsa_PolicyInformation);
277 return NT_STATUS_NO_MEMORY;
280 ZERO_STRUCTP(r->out.info);
282 switch (r->in.level) {
283 case LSA_POLICY_INFO_DOMAIN:
284 case LSA_POLICY_INFO_ACCOUNT_DOMAIN:
285 return lsa_info_AccountDomain(state, mem_ctx, &r->out.info->account_domain);
287 case LSA_POLICY_INFO_DNS:
288 return lsa_info_DNS(state, mem_ctx, &r->out.info->dns);
291 return NT_STATUS_INVALID_INFO_CLASS;
297 static NTSTATUS lsa_QueryInfoPolicy(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
298 struct lsa_QueryInfoPolicy *r)
300 struct lsa_QueryInfoPolicy2 r2;
303 r2.in.handle = r->in.handle;
304 r2.in.level = r->in.level;
306 status = lsa_QueryInfoPolicy2(dce_call, mem_ctx, &r2);
308 r->out.info = r2.out.info;
316 static NTSTATUS lsa_SetInfoPolicy(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
317 struct lsa_SetInfoPolicy *r)
319 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
326 static NTSTATUS lsa_ClearAuditLog(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
327 struct lsa_ClearAuditLog *r)
329 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
336 static NTSTATUS lsa_CreateAccount(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
337 struct lsa_CreateAccount *r)
339 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
346 static NTSTATUS lsa_EnumAccounts(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
347 struct lsa_EnumAccounts *r)
349 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
354 lsa_CreateTrustedDomain
356 static NTSTATUS lsa_CreateTrustedDomain(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
357 struct lsa_CreateTrustedDomain *r)
359 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
366 static NTSTATUS lsa_EnumTrustDom(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
367 struct lsa_EnumTrustDom *r)
369 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
376 static NTSTATUS lsa_LookupNames(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
377 struct lsa_LookupNames *r)
379 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
386 static NTSTATUS lsa_LookupSids(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
387 struct lsa_LookupSids *r)
389 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
396 static NTSTATUS lsa_CreateSecret(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
397 struct lsa_CreateSecret *r)
399 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
406 static NTSTATUS lsa_OpenAccount(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
407 struct lsa_OpenAccount *r)
409 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
416 static NTSTATUS lsa_EnumPrivsAccount(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
417 struct lsa_EnumPrivsAccount *r)
419 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
424 lsa_AddPrivilegesToAccount
426 static NTSTATUS lsa_AddPrivilegesToAccount(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
427 struct lsa_AddPrivilegesToAccount *r)
429 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
434 lsa_RemovePrivilegesFromAccount
436 static NTSTATUS lsa_RemovePrivilegesFromAccount(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
437 struct lsa_RemovePrivilegesFromAccount *r)
439 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
444 lsa_GetQuotasForAccount
446 static NTSTATUS lsa_GetQuotasForAccount(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
447 struct lsa_GetQuotasForAccount *r)
449 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
454 lsa_SetQuotasForAccount
456 static NTSTATUS lsa_SetQuotasForAccount(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
457 struct lsa_SetQuotasForAccount *r)
459 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
464 lsa_GetSystemAccessAccount
466 static NTSTATUS lsa_GetSystemAccessAccount(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
467 struct lsa_GetSystemAccessAccount *r)
469 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
474 lsa_SetSystemAccessAccount
476 static NTSTATUS lsa_SetSystemAccessAccount(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
477 struct lsa_SetSystemAccessAccount *r)
479 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
484 lsa_OpenTrustedDomain
486 static NTSTATUS lsa_OpenTrustedDomain(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
487 struct lsa_OpenTrustedDomain *r)
489 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
494 lsa_QueryInfoTrustedDomain
496 static NTSTATUS lsa_QueryInfoTrustedDomain(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
497 struct lsa_QueryInfoTrustedDomain *r)
499 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
504 lsa_SetInformationTrustedDomain
506 static NTSTATUS lsa_SetInformationTrustedDomain(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
507 struct lsa_SetInformationTrustedDomain *r)
509 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
516 static NTSTATUS lsa_OpenSecret(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
517 struct lsa_OpenSecret *r)
519 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
526 static NTSTATUS lsa_SetSecret(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
527 struct lsa_SetSecret *r)
529 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
536 static NTSTATUS lsa_QuerySecret(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
537 struct lsa_QuerySecret *r)
539 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
546 static NTSTATUS lsa_LookupPrivValue(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
547 struct lsa_LookupPrivValue *r)
549 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
556 static NTSTATUS lsa_LookupPrivName(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
557 struct lsa_LookupPrivName *r)
559 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
564 lsa_LookupPrivDisplayName
566 static NTSTATUS lsa_LookupPrivDisplayName(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
567 struct lsa_LookupPrivDisplayName *r)
569 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
576 static NTSTATUS lsa_DeleteObject(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
577 struct lsa_DeleteObject *r)
579 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
584 lsa_EnumAccountsWithUserRight
586 static NTSTATUS lsa_EnumAccountsWithUserRight(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
587 struct lsa_EnumAccountsWithUserRight *r)
589 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
594 lsa_EnumAccountRights
596 static NTSTATUS lsa_EnumAccountRights(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
597 struct lsa_EnumAccountRights *r)
599 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
606 static NTSTATUS lsa_AddAccountRights(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
607 struct lsa_AddAccountRights *r)
609 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
614 lsa_RemoveAccountRights
616 static NTSTATUS lsa_RemoveAccountRights(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
617 struct lsa_RemoveAccountRights *r)
619 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
624 lsa_QueryTrustDomainInfo
626 static NTSTATUS lsa_QueryTrustDomainInfo(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
627 struct lsa_QueryTrustDomainInfo *r)
629 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
634 lsa_SetTrustDomainInfo
636 static NTSTATUS lsa_SetTrustDomainInfo(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
637 struct lsa_SetTrustDomainInfo *r)
639 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
644 lsa_DeleteTrustDomain
646 static NTSTATUS lsa_DeleteTrustDomain(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
647 struct lsa_DeleteTrustDomain *r)
649 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
656 static NTSTATUS lsa_StorePrivateData(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
657 struct lsa_StorePrivateData *r)
659 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
664 lsa_RetrievePrivateData
666 static NTSTATUS lsa_RetrievePrivateData(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
667 struct lsa_RetrievePrivateData *r)
669 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
676 static NTSTATUS lsa_GetUserName(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
677 struct lsa_GetUserName *r)
679 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
685 static NTSTATUS lsa_SetInfoPolicy2(struct dcesrv_call_state *dce_call,
687 struct lsa_SetInfoPolicy2 *r)
689 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
693 lsa_QueryTrustedDomainInfoByName
695 static NTSTATUS lsa_QueryTrustedDomainInfoByName(struct dcesrv_call_state *dce_call,
697 struct lsa_QueryTrustedDomainInfoByName *r)
699 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
703 lsa_SetTrustedDomainInfoByName
705 static NTSTATUS lsa_SetTrustedDomainInfoByName(struct dcesrv_call_state *dce_call,
707 struct lsa_SetTrustedDomainInfoByName *r)
709 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
713 lsa_EnumTrustedDomainsEx
715 static NTSTATUS lsa_EnumTrustedDomainsEx(struct dcesrv_call_state *dce_call,
717 struct lsa_EnumTrustedDomainsEx *r)
719 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
723 lsa_CreateTrustedDomainEx
725 static NTSTATUS lsa_CreateTrustedDomainEx(struct dcesrv_call_state *dce_call,
727 struct lsa_CreateTrustedDomainEx *r)
729 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
733 lsa_CloseTrustedDomainEx
735 static NTSTATUS lsa_CloseTrustedDomainEx(struct dcesrv_call_state *dce_call,
737 struct lsa_CloseTrustedDomainEx *r)
739 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
743 lsa_QueryDomainInformationPolicy
745 static NTSTATUS lsa_QueryDomainInformationPolicy(struct dcesrv_call_state *dce_call,
747 struct lsa_QueryDomainInformationPolicy *r)
749 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
755 static NTSTATUS lsa_SetDomInfoPolicy(struct dcesrv_call_state *dce_call,
757 struct lsa_SetDomInfoPolicy *r)
759 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
763 lsa_OpenTrustedDomainByName
765 static NTSTATUS lsa_OpenTrustedDomainByName(struct dcesrv_call_state *dce_call,
767 struct lsa_OpenTrustedDomainByName *r)
769 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
775 static NTSTATUS lsa_TestCall(struct dcesrv_call_state *dce_call,
777 struct lsa_TestCall *r)
779 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
785 static NTSTATUS lsa_LookupSids2(struct dcesrv_call_state *dce_call,
787 struct lsa_LookupSids2 *r)
789 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
795 static NTSTATUS lsa_LookupNames2(struct dcesrv_call_state *dce_call,
797 struct lsa_LookupNames2 *r)
799 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
803 lsa_CreateTrustedDomainEx2
805 static NTSTATUS lsa_CreateTrustedDomainEx2(struct dcesrv_call_state *dce_call,
807 struct lsa_CreateTrustedDomainEx2 *r)
809 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
812 /* include the generated boilerplate */
813 #include "librpc/gen_ndr/ndr_lsa_s.c"