2 Unix SMB/CIFS implementation.
4 endpoint server for the lsarpc pipe
6 Copyright (C) Andrew Tridgell 2004
8 This program is free software; you can redistribute it and/or modify
9 it under the terms of the GNU General Public License as published by
10 the Free Software Foundation; either version 2 of the License, or
11 (at your option) any later version.
13 This program is distributed in the hope that it will be useful,
14 but WITHOUT ANY WARRANTY; without even the implied warranty of
15 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 GNU General Public License for more details.
18 You should have received a copy of the GNU General Public License
19 along with this program; if not, write to the Free Software
20 Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
24 #include "librpc/gen_ndr/ndr_lsa.h"
25 #include "librpc/gen_ndr/ndr_samr.h"
26 #include "rpc_server/dcerpc_server.h"
27 #include "rpc_server/common/common.h"
28 #include "lib/ldb/include/ldb.h"
31 this type allows us to distinguish handle types
40 state associated with a lsa_OpenPolicy() operation
42 struct lsa_policy_state {
44 struct sidmap_context *sidmap;
46 const char *domain_dn;
47 const char *domain_name;
48 struct dom_sid *domain_sid;
49 struct dom_sid *builtin_sid;
54 destroy an open policy. This closes the database connection
56 static void lsa_Policy_destroy(struct dcesrv_connection *conn, struct dcesrv_handle *h)
58 struct lsa_policy_state *state = h->data;
65 static NTSTATUS lsa_Close(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
68 struct dcesrv_handle *h;
70 *r->out.handle = *r->in.handle;
72 DCESRV_PULL_HANDLE(h, r->in.handle, DCESRV_HANDLE_ANY);
74 /* this causes the callback samr_XXX_destroy() to be called by
75 the handle destroy code which destroys the state associated
77 dcesrv_handle_destroy(dce_call->conn, h);
79 ZERO_STRUCTP(r->out.handle);
88 static NTSTATUS lsa_Delete(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
91 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
98 static NTSTATUS lsa_EnumPrivs(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
99 struct lsa_EnumPrivs *r)
101 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
108 static NTSTATUS lsa_QuerySecurity(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
109 struct lsa_QuerySecurity *r)
111 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
118 static NTSTATUS lsa_SetSecObj(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
119 struct lsa_SetSecObj *r)
121 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
128 static NTSTATUS lsa_ChangePassword(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
129 struct lsa_ChangePassword *r)
131 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
138 static NTSTATUS lsa_OpenPolicy2(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
139 struct lsa_OpenPolicy2 *r)
141 struct lsa_policy_state *state;
142 struct dcesrv_handle *handle;
145 ZERO_STRUCTP(r->out.handle);
147 state = talloc_p(dce_call->conn, struct lsa_policy_state);
149 return NT_STATUS_NO_MEMORY;
152 /* make sure the sam database is accessible */
153 state->sam_ctx = samdb_connect(state);
154 if (state->sam_ctx == NULL) {
156 return NT_STATUS_INVALID_SYSTEM_SERVICE;
159 state->sidmap = sidmap_open(state);
160 if (state->sidmap == NULL) {
162 return NT_STATUS_INVALID_SYSTEM_SERVICE;
165 /* work out the domain_dn - useful for so many calls its worth
167 state->domain_dn = samdb_search_string(state->sam_ctx, state, NULL,
168 "dn", "(&(objectClass=domain)(!(objectclass=builtinDomain)))");
169 if (!state->domain_dn) {
171 return NT_STATUS_NO_SUCH_DOMAIN;
174 sid_str = samdb_search_string(state->sam_ctx, state, NULL,
175 "objectSid", "dn=%s", state->domain_dn);
178 return NT_STATUS_NO_SUCH_DOMAIN;
181 state->domain_sid = dom_sid_parse_talloc(state, sid_str);
182 if (!state->domain_sid) {
184 return NT_STATUS_NO_SUCH_DOMAIN;
187 state->builtin_sid = dom_sid_parse_talloc(state, SID_BUILTIN);
188 if (!state->builtin_sid) {
190 return NT_STATUS_NO_SUCH_DOMAIN;
193 state->domain_name = samdb_search_string(state->sam_ctx, state, NULL,
194 "name", "dn=%s", state->domain_dn);
195 if (!state->domain_name) {
197 return NT_STATUS_NO_SUCH_DOMAIN;
201 handle = dcesrv_handle_new(dce_call->conn, LSA_HANDLE_POLICY);
204 return NT_STATUS_NO_MEMORY;
207 handle->data = state;
208 handle->destroy = lsa_Policy_destroy;
210 state->access_mask = r->in.access_mask;
211 *r->out.handle = handle->wire_handle;
213 /* note that we have completely ignored the attr element of
214 the OpenPolicy. As far as I can tell, this is what w2k3
222 a wrapper around lsa_OpenPolicy2
224 static NTSTATUS lsa_OpenPolicy(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
225 struct lsa_OpenPolicy *r)
227 struct lsa_OpenPolicy2 r2;
229 r2.in.system_name = NULL;
230 r2.in.attr = r->in.attr;
231 r2.in.access_mask = r->in.access_mask;
232 r2.out.handle = r->out.handle;
234 return lsa_OpenPolicy2(dce_call, mem_ctx, &r2);
241 fill in the AccountDomain info
243 static NTSTATUS lsa_info_AccountDomain(struct lsa_policy_state *state, TALLOC_CTX *mem_ctx,
244 struct lsa_DomainInfo *info)
246 const char * const attrs[] = { "objectSid", "name", NULL};
248 struct ldb_message **res;
250 ret = samdb_search(state->sam_ctx, mem_ctx, NULL, &res, attrs,
251 "dn=%s", state->domain_dn);
253 return NT_STATUS_INTERNAL_DB_CORRUPTION;
256 info->name.string = samdb_result_string(res[0], "name", NULL);
257 info->sid = samdb_result_dom_sid(mem_ctx, res[0], "objectSid");
263 fill in the DNS domain info
265 static NTSTATUS lsa_info_DNS(struct lsa_policy_state *state, TALLOC_CTX *mem_ctx,
266 struct lsa_DnsDomainInfo *info)
268 const char * const attrs[] = { "name", "dnsDomain", "objectGUID", "objectSid", NULL };
270 struct ldb_message **res;
272 ret = samdb_search(state->sam_ctx, mem_ctx, NULL, &res, attrs,
273 "dn=%s", state->domain_dn);
275 return NT_STATUS_INTERNAL_DB_CORRUPTION;
278 info->name.string = samdb_result_string(res[0], "name", NULL);
279 info->dns_domain.string = samdb_result_string(res[0], "dnsDomain", NULL);
280 info->dns_forest.string = samdb_result_string(res[0], "dnsDomain", NULL);
281 info->domain_guid = samdb_result_guid(res[0], "objectGUID");
282 info->sid = samdb_result_dom_sid(mem_ctx, res[0], "objectSid");
290 static NTSTATUS lsa_QueryInfoPolicy2(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
291 struct lsa_QueryInfoPolicy2 *r)
293 struct lsa_policy_state *state;
294 struct dcesrv_handle *h;
298 DCESRV_PULL_HANDLE(h, r->in.handle, LSA_HANDLE_POLICY);
302 r->out.info = talloc_p(mem_ctx, union lsa_PolicyInformation);
304 return NT_STATUS_NO_MEMORY;
307 ZERO_STRUCTP(r->out.info);
309 switch (r->in.level) {
310 case LSA_POLICY_INFO_DOMAIN:
311 case LSA_POLICY_INFO_ACCOUNT_DOMAIN:
312 return lsa_info_AccountDomain(state, mem_ctx, &r->out.info->account_domain);
314 case LSA_POLICY_INFO_DNS:
315 return lsa_info_DNS(state, mem_ctx, &r->out.info->dns);
318 return NT_STATUS_INVALID_INFO_CLASS;
324 static NTSTATUS lsa_QueryInfoPolicy(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
325 struct lsa_QueryInfoPolicy *r)
327 struct lsa_QueryInfoPolicy2 r2;
330 r2.in.handle = r->in.handle;
331 r2.in.level = r->in.level;
333 status = lsa_QueryInfoPolicy2(dce_call, mem_ctx, &r2);
335 r->out.info = r2.out.info;
343 static NTSTATUS lsa_SetInfoPolicy(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
344 struct lsa_SetInfoPolicy *r)
346 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
353 static NTSTATUS lsa_ClearAuditLog(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
354 struct lsa_ClearAuditLog *r)
356 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
363 static NTSTATUS lsa_CreateAccount(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
364 struct lsa_CreateAccount *r)
366 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
373 static NTSTATUS lsa_EnumAccounts(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
374 struct lsa_EnumAccounts *r)
376 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
381 lsa_CreateTrustedDomain
383 static NTSTATUS lsa_CreateTrustedDomain(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
384 struct lsa_CreateTrustedDomain *r)
386 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
393 static NTSTATUS lsa_EnumTrustDom(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
394 struct lsa_EnumTrustDom *r)
396 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
401 return the authority name and authority sid, given a sid
403 static NTSTATUS lsa_authority_name(struct lsa_policy_state *state,
404 TALLOC_CTX *mem_ctx, struct dom_sid *sid,
405 const char **authority_name,
406 struct dom_sid **authority_sid)
408 if (dom_sid_in_domain(state->domain_sid, sid)) {
409 *authority_name = state->domain_name;
410 *authority_sid = state->domain_sid;
414 if (dom_sid_in_domain(state->builtin_sid, sid)) {
415 *authority_name = "BUILTIN";
416 *authority_sid = state->builtin_sid;
420 *authority_sid = dom_sid_dup(mem_ctx, sid);
421 if (*authority_sid == NULL) {
422 return NT_STATUS_NO_MEMORY;
424 (*authority_sid)->num_auths = 0;
425 *authority_name = dom_sid_string(mem_ctx, *authority_sid);
426 if (*authority_name == NULL) {
427 return NT_STATUS_NO_MEMORY;
434 add to the lsa_RefDomainList for LookupSids and LookupNames
436 static NTSTATUS lsa_authority_list(struct lsa_policy_state *state, TALLOC_CTX *mem_ctx,
438 struct lsa_RefDomainList *domains,
442 const char *authority_name;
443 struct dom_sid *authority_sid;
446 /* work out the authority name */
447 status = lsa_authority_name(state, mem_ctx, sid,
448 &authority_name, &authority_sid);
449 if (!NT_STATUS_IS_OK(status)) {
453 /* see if we've already done this authority name */
454 for (i=0;i<domains->count;i++) {
455 if (strcmp(authority_name, domains->domains[i].name.string) == 0) {
461 domains->domains = talloc_realloc_p(domains,
463 struct lsa_TrustInformation,
465 if (domains->domains == NULL) {
466 return NT_STATUS_NO_MEMORY;
468 domains->domains[i].name.string = authority_name;
469 domains->domains[i].sid = authority_sid;
477 lookup a name for 1 SID
479 static NTSTATUS lsa_lookup_sid(struct lsa_policy_state *state, TALLOC_CTX *mem_ctx,
480 struct dom_sid *sid, const char *sid_str,
481 const char **name, uint32_t *atype)
484 struct ldb_message **res;
485 const char * const attrs[] = { "sAMAccountName", "sAMAccountType", NULL};
488 ret = samdb_search(state->sam_ctx, mem_ctx, NULL, &res, attrs,
489 "objectSid=%s", sid_str);
491 *name = ldb_msg_find_string(res[0], "sAMAccountName", NULL);
493 return NT_STATUS_NO_MEMORY;
496 *atype = samdb_result_uint(res[0], "sAMAccountType", 0);
501 status = sidmap_allocated_sid_lookup(state->sidmap, mem_ctx, sid, name, atype);
510 static NTSTATUS lsa_LookupSids2(struct dcesrv_call_state *dce_call,
512 struct lsa_LookupSids2 *r)
514 struct lsa_policy_state *state;
515 struct dcesrv_handle *h;
517 NTSTATUS status = NT_STATUS_OK;
519 r->out.domains = NULL;
521 DCESRV_PULL_HANDLE(h, r->in.handle, LSA_HANDLE_POLICY);
525 r->out.domains = talloc_zero_p(mem_ctx, struct lsa_RefDomainList);
526 if (r->out.domains == NULL) {
527 return NT_STATUS_NO_MEMORY;
530 r->out.names = talloc_zero_p(mem_ctx, struct lsa_TransNameArray2);
531 if (r->out.names == NULL) {
532 return NT_STATUS_NO_MEMORY;
537 r->out.names->names = talloc_array_p(r->out.names, struct lsa_TranslatedName2,
538 r->in.sids->num_sids);
539 if (r->out.names->names == NULL) {
540 return NT_STATUS_NO_MEMORY;
543 for (i=0;i<r->in.sids->num_sids;i++) {
544 struct dom_sid *sid = r->in.sids->sids[i].sid;
545 char *sid_str = dom_sid_string(mem_ctx, sid);
547 uint32_t atype, rtype, sid_index;
550 r->out.names->count++;
553 r->out.names->names[i].sid_type = SID_NAME_UNKNOWN;
554 r->out.names->names[i].name.string = sid_str;
555 r->out.names->names[i].sid_index = 0xFFFFFFFF;
556 r->out.names->names[i].unknown = 0;
558 if (sid_str == NULL) {
559 r->out.names->names[i].name.string = "(SIDERROR)";
560 status = STATUS_SOME_UNMAPPED;
564 /* work out the authority name */
565 status2 = lsa_authority_list(state, mem_ctx, sid, r->out.domains, &sid_index);
566 if (!NT_STATUS_IS_OK(status2)) {
570 status2 = lsa_lookup_sid(state, mem_ctx, sid, sid_str,
572 if (!NT_STATUS_IS_OK(status2)) {
573 status = STATUS_SOME_UNMAPPED;
577 rtype = samdb_atype_map(atype);
578 if (rtype == SID_NAME_UNKNOWN) {
579 status = STATUS_SOME_UNMAPPED;
583 r->out.names->names[i].sid_type = rtype;
584 r->out.names->names[i].name.string = name;
585 r->out.names->names[i].sid_index = sid_index;
586 r->out.names->names[i].unknown = 0;
596 static NTSTATUS lsa_LookupSids(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
597 struct lsa_LookupSids *r)
599 struct lsa_LookupSids2 r2;
603 r2.in.handle = r->in.handle;
604 r2.in.sids = r->in.sids;
606 r2.in.level = r->in.level;
607 r2.in.count = r->in.count;
610 r2.out.count = r->out.count;
612 status = lsa_LookupSids2(dce_call, mem_ctx, &r2);
613 if (dce_call->fault_code != 0) {
617 r->out.domains = r2.out.domains;
618 r->out.names = talloc_p(mem_ctx, struct lsa_TransNameArray);
619 if (r->out.names == NULL) {
620 return NT_STATUS_NO_MEMORY;
622 r->out.names->count = r2.out.names->count;
623 r->out.names->names = talloc_array_p(r->out.names, struct lsa_TranslatedName,
624 r->out.names->count);
625 if (r->out.names->names == NULL) {
626 return NT_STATUS_NO_MEMORY;
628 for (i=0;i<r->out.names->count;i++) {
629 r->out.names->names[i].sid_type = r2.out.names->names[i].sid_type;
630 r->out.names->names[i].name.string = r2.out.names->names[i].name.string;
631 r->out.names->names[i].sid_index = r2.out.names->names[i].sid_index;
641 static NTSTATUS lsa_CreateSecret(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
642 struct lsa_CreateSecret *r)
644 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
651 static NTSTATUS lsa_OpenAccount(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
652 struct lsa_OpenAccount *r)
654 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
661 static NTSTATUS lsa_EnumPrivsAccount(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
662 struct lsa_EnumPrivsAccount *r)
664 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
669 lsa_AddPrivilegesToAccount
671 static NTSTATUS lsa_AddPrivilegesToAccount(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
672 struct lsa_AddPrivilegesToAccount *r)
674 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
679 lsa_RemovePrivilegesFromAccount
681 static NTSTATUS lsa_RemovePrivilegesFromAccount(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
682 struct lsa_RemovePrivilegesFromAccount *r)
684 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
689 lsa_GetQuotasForAccount
691 static NTSTATUS lsa_GetQuotasForAccount(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
692 struct lsa_GetQuotasForAccount *r)
694 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
699 lsa_SetQuotasForAccount
701 static NTSTATUS lsa_SetQuotasForAccount(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
702 struct lsa_SetQuotasForAccount *r)
704 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
709 lsa_GetSystemAccessAccount
711 static NTSTATUS lsa_GetSystemAccessAccount(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
712 struct lsa_GetSystemAccessAccount *r)
714 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
719 lsa_SetSystemAccessAccount
721 static NTSTATUS lsa_SetSystemAccessAccount(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
722 struct lsa_SetSystemAccessAccount *r)
724 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
729 lsa_OpenTrustedDomain
731 static NTSTATUS lsa_OpenTrustedDomain(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
732 struct lsa_OpenTrustedDomain *r)
734 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
739 lsa_QueryTrustedDomainInfo
741 static NTSTATUS lsa_QueryTrustedDomainInfo(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
742 struct lsa_QueryTrustedDomainInfo *r)
744 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
749 lsa_SetInformationTrustedDomain
751 static NTSTATUS lsa_SetInformationTrustedDomain(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
752 struct lsa_SetInformationTrustedDomain *r)
754 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
761 static NTSTATUS lsa_OpenSecret(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
762 struct lsa_OpenSecret *r)
764 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
771 static NTSTATUS lsa_SetSecret(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
772 struct lsa_SetSecret *r)
774 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
781 static NTSTATUS lsa_QuerySecret(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
782 struct lsa_QuerySecret *r)
784 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
791 static NTSTATUS lsa_LookupPrivValue(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
792 struct lsa_LookupPrivValue *r)
794 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
801 static NTSTATUS lsa_LookupPrivName(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
802 struct lsa_LookupPrivName *r)
804 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
809 lsa_LookupPrivDisplayName
811 static NTSTATUS lsa_LookupPrivDisplayName(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
812 struct lsa_LookupPrivDisplayName *r)
814 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
821 static NTSTATUS lsa_DeleteObject(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
822 struct lsa_DeleteObject *r)
824 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
829 lsa_EnumAccountsWithUserRight
831 static NTSTATUS lsa_EnumAccountsWithUserRight(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
832 struct lsa_EnumAccountsWithUserRight *r)
834 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
839 lsa_EnumAccountRights
841 static NTSTATUS lsa_EnumAccountRights(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
842 struct lsa_EnumAccountRights *r)
844 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
851 static NTSTATUS lsa_AddAccountRights(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
852 struct lsa_AddAccountRights *r)
854 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
859 lsa_RemoveAccountRights
861 static NTSTATUS lsa_RemoveAccountRights(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
862 struct lsa_RemoveAccountRights *r)
864 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
869 lsa_QueryTrustedDomainInfoBySid
871 static NTSTATUS lsa_QueryTrustedDomainInfoBySid(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
872 struct lsa_QueryTrustedDomainInfoBySid *r)
874 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
879 lsa_SetTrustDomainInfo
881 static NTSTATUS lsa_SetTrustDomainInfo(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
882 struct lsa_SetTrustDomainInfo *r)
884 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
889 lsa_DeleteTrustDomain
891 static NTSTATUS lsa_DeleteTrustDomain(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
892 struct lsa_DeleteTrustDomain *r)
894 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
901 static NTSTATUS lsa_StorePrivateData(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
902 struct lsa_StorePrivateData *r)
904 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
909 lsa_RetrievePrivateData
911 static NTSTATUS lsa_RetrievePrivateData(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
912 struct lsa_RetrievePrivateData *r)
914 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
921 static NTSTATUS lsa_GetUserName(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
922 struct lsa_GetUserName *r)
924 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
930 static NTSTATUS lsa_SetInfoPolicy2(struct dcesrv_call_state *dce_call,
932 struct lsa_SetInfoPolicy2 *r)
934 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
938 lsa_QueryTrustedDomainInfoByName
940 static NTSTATUS lsa_QueryTrustedDomainInfoByName(struct dcesrv_call_state *dce_call,
942 struct lsa_QueryTrustedDomainInfoByName *r)
944 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
948 lsa_SetTrustedDomainInfoByName
950 static NTSTATUS lsa_SetTrustedDomainInfoByName(struct dcesrv_call_state *dce_call,
952 struct lsa_SetTrustedDomainInfoByName *r)
954 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
958 lsa_EnumTrustedDomainsEx
960 static NTSTATUS lsa_EnumTrustedDomainsEx(struct dcesrv_call_state *dce_call,
962 struct lsa_EnumTrustedDomainsEx *r)
964 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
968 lsa_CreateTrustedDomainEx
970 static NTSTATUS lsa_CreateTrustedDomainEx(struct dcesrv_call_state *dce_call,
972 struct lsa_CreateTrustedDomainEx *r)
974 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
978 lsa_CloseTrustedDomainEx
980 static NTSTATUS lsa_CloseTrustedDomainEx(struct dcesrv_call_state *dce_call,
982 struct lsa_CloseTrustedDomainEx *r)
984 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
988 lsa_QueryDomainInformationPolicy
990 static NTSTATUS lsa_QueryDomainInformationPolicy(struct dcesrv_call_state *dce_call,
992 struct lsa_QueryDomainInformationPolicy *r)
994 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
1000 static NTSTATUS lsa_SetDomInfoPolicy(struct dcesrv_call_state *dce_call,
1001 TALLOC_CTX *mem_ctx,
1002 struct lsa_SetDomInfoPolicy *r)
1004 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
1008 lsa_OpenTrustedDomainByName
1010 static NTSTATUS lsa_OpenTrustedDomainByName(struct dcesrv_call_state *dce_call,
1011 TALLOC_CTX *mem_ctx,
1012 struct lsa_OpenTrustedDomainByName *r)
1014 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
1020 static NTSTATUS lsa_TestCall(struct dcesrv_call_state *dce_call,
1021 TALLOC_CTX *mem_ctx,
1022 struct lsa_TestCall *r)
1024 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
1028 lookup a SID for 1 name
1030 static NTSTATUS lsa_lookup_name(struct lsa_policy_state *state, TALLOC_CTX *mem_ctx,
1031 const char *name, struct dom_sid **sid, uint32_t *atype)
1034 struct ldb_message **res;
1035 const char * const attrs[] = { "objectSid", "sAMAccountType", NULL};
1037 ret = samdb_search(state->sam_ctx, mem_ctx, NULL, &res, attrs, "sAMAccountName=%s", name);
1039 const char *sid_str = ldb_msg_find_string(res[0], "objectSid", NULL);
1040 if (sid_str == NULL) {
1041 return NT_STATUS_INVALID_SID;
1044 *sid = dom_sid_parse_talloc(mem_ctx, sid_str);
1046 return NT_STATUS_INVALID_SID;
1049 *atype = samdb_result_uint(res[0], "sAMAccountType", 0);
1051 return NT_STATUS_OK;
1054 /* need to add a call into sidmap to check for a allocated sid */
1056 return NT_STATUS_INVALID_SID;
1062 static NTSTATUS lsa_LookupNames2(struct dcesrv_call_state *dce_call,
1063 TALLOC_CTX *mem_ctx,
1064 struct lsa_LookupNames2 *r)
1066 struct lsa_policy_state *state;
1067 struct dcesrv_handle *h;
1069 NTSTATUS status = NT_STATUS_OK;
1071 r->out.domains = NULL;
1073 DCESRV_PULL_HANDLE(h, r->in.handle, LSA_HANDLE_POLICY);
1077 r->out.domains = talloc_zero_p(mem_ctx, struct lsa_RefDomainList);
1078 if (r->out.domains == NULL) {
1079 return NT_STATUS_NO_MEMORY;
1082 r->out.sids = talloc_zero_p(mem_ctx, struct lsa_TransSidArray2);
1083 if (r->out.sids == NULL) {
1084 return NT_STATUS_NO_MEMORY;
1089 r->out.sids->sids = talloc_array_p(r->out.sids, struct lsa_TranslatedSid2,
1091 if (r->out.sids->sids == NULL) {
1092 return NT_STATUS_NO_MEMORY;
1095 for (i=0;i<r->in.num_names;i++) {
1096 const char *name = r->in.names[i].string;
1097 struct dom_sid *sid;
1098 uint32_t atype, rtype, sid_index;
1101 r->out.sids->count++;
1104 r->out.sids->sids[i].sid_type = SID_NAME_UNKNOWN;
1105 r->out.sids->sids[i].rid = 0xFFFFFFFF;
1106 r->out.sids->sids[i].sid_index = 0xFFFFFFFF;
1107 r->out.sids->sids[i].unknown = 0;
1109 status2 = lsa_lookup_name(state, mem_ctx, name, &sid, &atype);
1110 if (!NT_STATUS_IS_OK(status) || sid->num_auths == 0) {
1111 status = STATUS_SOME_UNMAPPED;
1115 rtype = samdb_atype_map(atype);
1116 if (rtype == SID_NAME_UNKNOWN) {
1117 status = STATUS_SOME_UNMAPPED;
1121 status2 = lsa_authority_list(state, mem_ctx, sid, r->out.domains, &sid_index);
1122 if (!NT_STATUS_IS_OK(status2)) {
1126 r->out.sids->sids[i].sid_type = rtype;
1127 r->out.sids->sids[i].rid = sid->sub_auths[sid->num_auths-1];
1128 r->out.sids->sids[i].sid_index = sid_index;
1129 r->out.sids->sids[i].unknown = 0;
1138 static NTSTATUS lsa_LookupNames(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
1139 struct lsa_LookupNames *r)
1141 struct lsa_LookupNames2 r2;
1145 r2.in.handle = r->in.handle;
1146 r2.in.num_names = r->in.num_names;
1147 r2.in.names = r->in.names;
1149 r2.in.level = r->in.level;
1150 r2.in.count = r->in.count;
1153 r2.out.count = r->out.count;
1155 status = lsa_LookupNames2(dce_call, mem_ctx, &r2);
1156 if (dce_call->fault_code != 0) {
1160 r->out.domains = r2.out.domains;
1161 r->out.sids = talloc_p(mem_ctx, struct lsa_TransSidArray);
1162 if (r->out.sids == NULL) {
1163 return NT_STATUS_NO_MEMORY;
1165 r->out.sids->count = r2.out.sids->count;
1166 r->out.sids->sids = talloc_array_p(r->out.sids, struct lsa_TranslatedSid,
1167 r->out.sids->count);
1168 if (r->out.sids->sids == NULL) {
1169 return NT_STATUS_NO_MEMORY;
1171 for (i=0;i<r->out.sids->count;i++) {
1172 r->out.sids->sids[i].sid_type = r2.out.sids->sids[i].sid_type;
1173 r->out.sids->sids[i].rid = r2.out.sids->sids[i].rid;
1174 r->out.sids->sids[i].sid_index = r2.out.sids->sids[i].sid_index;
1183 lsa_CreateTrustedDomainEx2
1185 static NTSTATUS lsa_CreateTrustedDomainEx2(struct dcesrv_call_state *dce_call,
1186 TALLOC_CTX *mem_ctx,
1187 struct lsa_CreateTrustedDomainEx2 *r)
1189 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
1192 /* include the generated boilerplate */
1193 #include "librpc/gen_ndr/ndr_lsa_s.c"