r4340: - simplify lsa_GetUserName() server code,

[samba.git] / source4 / rpc_server / lsa / dcesrv_lsa.c

diff --git a/source4/rpc_server/lsa/dcesrv_lsa.c b/source4/rpc_server/lsa/dcesrv_lsa.c
index 2c972db8ab60dfca0b57402e44eeaf2f5db8fff4..9cb79c7e14d3e99ca90bbd869fd0f11fa906460e 100644 (file)
--- a/source4/rpc_server/lsa/dcesrv_lsa.c
+++ b/source4/rpc_server/lsa/dcesrv_lsa.c
@@ -22,7 +22,11 @@
 
 #include "includes.h"
 #include "librpc/gen_ndr/ndr_lsa.h"
+#include "librpc/gen_ndr/ndr_samr.h"
+#include "rpc_server/dcerpc_server.h"
 #include "rpc_server/common/common.h"
+#include "lib/ldb/include/ldb.h"
+#include "auth/auth.h"
 
 /*
   this type allows us to distinguish handle types
@@ -37,23 +41,29 @@ enum lsa_handle {
   state associated with a lsa_OpenPolicy() operation
 */
 struct lsa_policy_state {
-       int reference_count;
+       struct dcesrv_handle *handle;
        void *sam_ctx;
+       struct sidmap_context *sidmap;
        uint32_t access_mask;
        const char *domain_dn;
+       const char *builtin_dn;
+       const char *domain_name;
+       struct dom_sid *domain_sid;
+       struct dom_sid *builtin_sid;
 };
 
 
 /*
-  destroy policy state
+  state associated with a lsa_OpenAccount() operation
 */
-static void lsa_Policy_close(struct lsa_policy_state *state)
-{
-       state->reference_count--;
-       if (state->reference_count == 0) {
-               talloc_free(state);
-       }
-}
+struct lsa_account_state {
+       struct lsa_policy_state *policy;
+       uint32_t access_mask;
+       struct dom_sid *account_sid;
+       const char *account_sid_str;
+       const char *account_dn;
+};
+
 
 /*
   destroy an open policy. This closes the database connection
@@ -61,7 +71,16 @@ static void lsa_Policy_close(struct lsa_policy_state *state)
 static void lsa_Policy_destroy(struct dcesrv_connection *conn, struct dcesrv_handle *h)
 {
        struct lsa_policy_state *state = h->data;
-       lsa_Policy_close(state);
+       talloc_free(state);
+}
+
+/*
+  destroy an open account.
+*/
+static void lsa_Account_destroy(struct dcesrv_connection *conn, struct dcesrv_handle *h)
+{
+       struct lsa_account_state *astate = h->data;
+       talloc_free(astate);
 }
 
 /* 
@@ -103,15 +122,48 @@ static NTSTATUS lsa_Delete(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_c
 static NTSTATUS lsa_EnumPrivs(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
                              struct lsa_EnumPrivs *r)
 {
-       DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
+       struct dcesrv_handle *h;
+       struct lsa_policy_state *state;
+       int i;
+       const char *privname;
+
+       DCESRV_PULL_HANDLE(h, r->in.handle, LSA_HANDLE_POLICY);
+
+       state = h->data;
+
+       i = *r->in.resume_handle;
+       if (i == 0) i = 1;
+
+       while ((privname = sec_privilege_name(i)) &&
+              r->out.privs->count < r->in.max_count) {
+               struct lsa_PrivEntry *e;
+
+               r->out.privs->privs = talloc_realloc_p(r->out.privs,
+                                                      r->out.privs->privs, 
+                                                      struct lsa_PrivEntry, 
+                                                      r->out.privs->count+1);
+               if (r->out.privs->privs == NULL) {
+                       return NT_STATUS_NO_MEMORY;
+               }
+               e = &r->out.privs->privs[r->out.privs->count];
+               e->luid.low = i;
+               e->luid.high = 0;
+               e->name.string = privname;
+               r->out.privs->count++;
+               i++;
+       }
+
+       *r->in.resume_handle = i;
+
+       return NT_STATUS_OK;
 }
 
 
 /* 
   lsa_QuerySecObj 
 */
-static NTSTATUS lsa_QuerySecObj(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
-                               struct lsa_QuerySecObj *r)
+static NTSTATUS lsa_QuerySecurity(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
+                                 struct lsa_QuerySecurity *r)
 {
        DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
 }
@@ -136,19 +188,13 @@ static NTSTATUS lsa_ChangePassword(struct dcesrv_call_state *dce_call, TALLOC_CT
        DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
 }
 
-
-/* 
-  lsa_OpenPolicy2
-*/
-static NTSTATUS lsa_OpenPolicy2(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
-                              struct lsa_OpenPolicy2 *r)
+static NTSTATUS lsa_get_policy_state(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
+                                    struct lsa_policy_state **_state)
 {
        struct lsa_policy_state *state;
-       struct dcesrv_handle *handle;
-
-       ZERO_STRUCTP(r->out.handle);
+       const char *sid_str;
 
-       state = talloc_p(dce_call->conn, struct lsa_policy_state);
+       state = talloc_p(mem_ctx, struct lsa_policy_state);
        if (!state) {
                return NT_STATUS_NO_MEMORY;
        }
@@ -160,6 +206,12 @@ static NTSTATUS lsa_OpenPolicy2(struct dcesrv_call_state *dce_call, TALLOC_CTX *
                return NT_STATUS_INVALID_SYSTEM_SERVICE;
        }
 
+       state->sidmap = sidmap_open(state);
+       if (state->sidmap == NULL) {
+               talloc_free(state);
+               return NT_STATUS_INVALID_SYSTEM_SERVICE;
+       }
+
        /* work out the domain_dn - useful for so many calls its worth
           fetching here */
        state->domain_dn = samdb_search_string(state->sam_ctx, state, NULL,
@@ -169,17 +221,73 @@ static NTSTATUS lsa_OpenPolicy2(struct dcesrv_call_state *dce_call, TALLOC_CTX *
                return NT_STATUS_NO_SUCH_DOMAIN;                
        }
 
+       /* work out the builtin_dn - useful for so many calls its worth
+          fetching here */
+       state->builtin_dn = samdb_search_string(state->sam_ctx, state, NULL,
+                                               "dn", "objectClass=builtinDomain");
+       if (!state->builtin_dn) {
+               talloc_free(state);
+               return NT_STATUS_NO_SUCH_DOMAIN;                
+       }
+
+       sid_str = samdb_search_string(state->sam_ctx, state, NULL,
+                                     "objectSid", "dn=%s", state->domain_dn);
+       if (!sid_str) {
+               talloc_free(state);
+               return NT_STATUS_NO_SUCH_DOMAIN;                
+       }
+
+       state->domain_sid = dom_sid_parse_talloc(state, sid_str);
+       if (!state->domain_sid) {
+               talloc_free(state);
+               return NT_STATUS_NO_SUCH_DOMAIN;                
+       }
+
+       state->builtin_sid = dom_sid_parse_talloc(state, SID_BUILTIN);
+       if (!state->builtin_sid) {
+               talloc_free(state);
+               return NT_STATUS_NO_SUCH_DOMAIN;                
+       }
+
+       state->domain_name = samdb_search_string(state->sam_ctx, state, NULL,
+                                                "name", "dn=%s", state->domain_dn);
+       if (!state->domain_name) {
+               talloc_free(state);
+               return NT_STATUS_NO_SUCH_DOMAIN;                
+       }
+
+       *_state = state;
+
+       return NT_STATUS_OK;
+}
+
+/* 
+  lsa_OpenPolicy2
+*/
+static NTSTATUS lsa_OpenPolicy2(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
+                              struct lsa_OpenPolicy2 *r)
+{
+       NTSTATUS status;
+       struct lsa_policy_state *state;
+       struct dcesrv_handle *handle;
+
+       ZERO_STRUCTP(r->out.handle);
+
+       status = lsa_get_policy_state(dce_call, mem_ctx, &state);
+       if (!NT_STATUS_IS_OK(status)) {
+               return status;
+       }
+
        handle = dcesrv_handle_new(dce_call->conn, LSA_HANDLE_POLICY);
        if (!handle) {
-               talloc_free(state);
                return NT_STATUS_NO_MEMORY;
        }
 
-       handle->data = state;
+       handle->data = talloc_reference(handle, state);
        handle->destroy = lsa_Policy_destroy;
 
-       state->reference_count = 1;
        state->access_mask = r->in.access_mask;
+       state->handle = handle;
        *r->out.handle = handle->wire_handle;
 
        /* note that we have completely ignored the attr element of
@@ -225,8 +333,8 @@ static NTSTATUS lsa_info_AccountDomain(struct lsa_policy_state *state, TALLOC_CT
                return NT_STATUS_INTERNAL_DB_CORRUPTION;
        }
 
-       info->name.name = samdb_result_string(res[0], "name", NULL);
-       info->sid       = samdb_result_dom_sid(mem_ctx, res[0], "objectSid");
+       info->name.string = samdb_result_string(res[0], "name", NULL);
+       info->sid         = samdb_result_dom_sid(mem_ctx, res[0], "objectSid");
 
        return NT_STATUS_OK;
 }
@@ -247,11 +355,11 @@ static NTSTATUS lsa_info_DNS(struct lsa_policy_state *state, TALLOC_CTX *mem_ctx
                return NT_STATUS_INTERNAL_DB_CORRUPTION;
        }
 
-       info->name.name       = samdb_result_string(res[0],           "name", NULL);
-       info->dns_domain.name = samdb_result_string(res[0],           "dnsDomain", NULL);
-       info->dns_forest.name = samdb_result_string(res[0],           "dnsDomain", NULL);
-       info->domain_guid     = samdb_result_guid(res[0],             "objectGUID");
-       info->sid             = samdb_result_dom_sid(mem_ctx, res[0], "objectSid");
+       info->name.string       = samdb_result_string(res[0],           "name", NULL);
+       info->dns_domain.string = samdb_result_string(res[0],           "dnsDomain", NULL);
+       info->dns_forest.string = samdb_result_string(res[0],           "dnsDomain", NULL);
+       info->domain_guid       = samdb_result_guid(res[0],             "objectGUID");
+       info->sid               = samdb_result_dom_sid(mem_ctx, res[0], "objectSid");
 
        return NT_STATUS_OK;
 }
@@ -345,7 +453,58 @@ static NTSTATUS lsa_CreateAccount(struct dcesrv_call_state *dce_call, TALLOC_CTX
 static NTSTATUS lsa_EnumAccounts(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
                                 struct lsa_EnumAccounts *r)
 {
-       DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
+       struct dcesrv_handle *h;
+       struct lsa_policy_state *state;
+       int ret, i;
+       struct ldb_message **res;
+       const char * const attrs[] = { "objectSid", NULL};
+       uint32_t count;
+
+       DCESRV_PULL_HANDLE(h, r->in.handle, LSA_HANDLE_POLICY);
+
+       state = h->data;
+
+       ret = samdb_search(state->sam_ctx, mem_ctx, state->builtin_dn, &res, attrs, "objectClass=group");
+       if (ret <= 0) {
+               return NT_STATUS_NO_SUCH_USER;
+       }
+
+       if (*r->in.resume_handle >= ret) {
+               return NT_STATUS_NO_MORE_ENTRIES;
+       }
+
+       count = ret - *r->in.resume_handle;
+       if (count > r->in.num_entries) {
+               count = r->in.num_entries;
+       }
+
+       if (count == 0) {
+               return NT_STATUS_NO_MORE_ENTRIES;
+       }
+
+       r->out.sids->sids = talloc_array_p(r->out.sids, struct lsa_SidPtr, count);
+       if (r->out.sids->sids == NULL) {
+               return NT_STATUS_NO_MEMORY;
+       }
+
+       for (i=0;i<count;i++) {
+               const char *sidstr;
+
+               sidstr = samdb_result_string(res[i + *r->in.resume_handle], "objectSid", NULL);
+               if (sidstr == NULL) {
+                       return NT_STATUS_NO_MEMORY;
+               }
+               r->out.sids->sids[i].sid = dom_sid_parse_talloc(r->out.sids->sids, sidstr);
+               if (r->out.sids->sids[i].sid == NULL) {
+                       return NT_STATUS_NO_MEMORY;
+               }
+       }
+
+       r->out.sids->num_sids = count;
+       *r->out.resume_handle = count + *r->in.resume_handle;
+
+       return NT_STATUS_OK;
+       
 }
 
 
@@ -369,13 +528,200 @@ static NTSTATUS lsa_EnumTrustDom(struct dcesrv_call_state *dce_call, TALLOC_CTX
 }
 
 
-/* 
-  lsa_LookupNames 
+/*
+  return the authority name and authority sid, given a sid
 */
-static NTSTATUS lsa_LookupNames(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
-                      struct lsa_LookupNames *r)
+static NTSTATUS lsa_authority_name(struct lsa_policy_state *state,
+                                  TALLOC_CTX *mem_ctx, struct dom_sid *sid,
+                                  const char **authority_name,
+                                  struct dom_sid **authority_sid)
 {
-       DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
+       if (dom_sid_in_domain(state->domain_sid, sid)) {
+               *authority_name = state->domain_name;
+               *authority_sid = state->domain_sid;
+               return NT_STATUS_OK;
+       }
+
+       if (dom_sid_in_domain(state->builtin_sid, sid)) {
+               *authority_name = "BUILTIN";
+               *authority_sid = state->builtin_sid;
+               return NT_STATUS_OK;
+       }
+
+       *authority_sid = dom_sid_dup(mem_ctx, sid);
+       if (*authority_sid == NULL) {
+               return NT_STATUS_NO_MEMORY;
+       }
+       (*authority_sid)->num_auths = 0;
+       *authority_name = dom_sid_string(mem_ctx, *authority_sid);
+       if (*authority_name == NULL) {
+               return NT_STATUS_NO_MEMORY;
+       }
+
+       return NT_STATUS_OK;
+}
+
+/*
+  add to the lsa_RefDomainList for LookupSids and LookupNames
+*/
+static NTSTATUS lsa_authority_list(struct lsa_policy_state *state, TALLOC_CTX *mem_ctx, 
+                                  struct dom_sid *sid, 
+                                  struct lsa_RefDomainList *domains,
+                                  uint32_t *sid_index)
+{
+       NTSTATUS status;
+       const char *authority_name;
+       struct dom_sid *authority_sid;
+       int i;
+
+       /* work out the authority name */
+       status = lsa_authority_name(state, mem_ctx, sid, 
+                                   &authority_name, &authority_sid);
+       if (!NT_STATUS_IS_OK(status)) {
+               return status;
+       }
+       
+       /* see if we've already done this authority name */
+       for (i=0;i<domains->count;i++) {
+               if (strcmp(authority_name, domains->domains[i].name.string) == 0) {
+                       *sid_index = i;
+                       return NT_STATUS_OK;
+               }
+       }
+
+       domains->domains = talloc_realloc_p(domains, 
+                                           domains->domains,
+                                           struct lsa_TrustInformation,
+                                           domains->count+1);
+       if (domains->domains == NULL) {
+               return NT_STATUS_NO_MEMORY;
+       }
+       domains->domains[i].name.string = authority_name;
+       domains->domains[i].sid         = authority_sid;
+       domains->count++;
+       *sid_index = i;
+       
+       return NT_STATUS_OK;
+}
+
+/*
+  lookup a name for 1 SID
+*/
+static NTSTATUS lsa_lookup_sid(struct lsa_policy_state *state, TALLOC_CTX *mem_ctx,
+                              struct dom_sid *sid, const char *sid_str,
+                              const char **name, uint32_t *atype)
+{
+       int ret;
+       struct ldb_message **res;
+       const char * const attrs[] = { "sAMAccountName", "sAMAccountType", "name", NULL};
+       NTSTATUS status;
+
+       ret = samdb_search(state->sam_ctx, mem_ctx, NULL, &res, attrs, 
+                          "objectSid=%s", sid_str);
+       if (ret == 1) {
+               *name = ldb_msg_find_string(res[0], "sAMAccountName", NULL);
+               if (!*name) {
+                       *name = ldb_msg_find_string(res[0], "name", NULL);
+                       if (!*name) {
+                               *name = talloc_strdup(mem_ctx, sid_str);
+                               NTSTATUS_TALLOC_CHECK(*name);
+                       }
+               }
+
+               *atype = samdb_result_uint(res[0], "sAMAccountType", 0);
+
+               return NT_STATUS_OK;
+       }
+
+       status = sidmap_allocated_sid_lookup(state->sidmap, mem_ctx, sid, name, atype);
+
+       return status;
+}
+
+
+/*
+  lsa_LookupSids2
+*/
+static NTSTATUS lsa_LookupSids2(struct dcesrv_call_state *dce_call,
+                               TALLOC_CTX *mem_ctx,
+                               struct lsa_LookupSids2 *r)
+{
+       struct lsa_policy_state *state;
+       struct dcesrv_handle *h;
+       int i;
+       NTSTATUS status = NT_STATUS_OK;
+
+       r->out.domains = NULL;
+
+       DCESRV_PULL_HANDLE(h, r->in.handle, LSA_HANDLE_POLICY);
+
+       state = h->data;
+
+       r->out.domains = talloc_zero_p(mem_ctx,  struct lsa_RefDomainList);
+       if (r->out.domains == NULL) {
+               return NT_STATUS_NO_MEMORY;
+       }
+
+       r->out.names = talloc_zero_p(mem_ctx,  struct lsa_TransNameArray2);
+       if (r->out.names == NULL) {
+               return NT_STATUS_NO_MEMORY;
+       }
+
+       *r->out.count = 0;
+
+       r->out.names->names = talloc_array_p(r->out.names, struct lsa_TranslatedName2, 
+                                            r->in.sids->num_sids);
+       if (r->out.names->names == NULL) {
+               return NT_STATUS_NO_MEMORY;
+       }
+
+       for (i=0;i<r->in.sids->num_sids;i++) {
+               struct dom_sid *sid = r->in.sids->sids[i].sid;
+               char *sid_str = dom_sid_string(mem_ctx, sid);
+               const char *name;
+               uint32_t atype, rtype, sid_index;
+               NTSTATUS status2;
+
+               r->out.names->count++;
+               (*r->out.count)++;
+
+               r->out.names->names[i].sid_type    = SID_NAME_UNKNOWN;
+               r->out.names->names[i].name.string = sid_str;
+               r->out.names->names[i].sid_index   = 0xFFFFFFFF;
+               r->out.names->names[i].unknown     = 0;
+
+               if (sid_str == NULL) {
+                       r->out.names->names[i].name.string = "(SIDERROR)";
+                       status = STATUS_SOME_UNMAPPED;
+                       continue;
+               }
+
+               /* work out the authority name */
+               status2 = lsa_authority_list(state, mem_ctx, sid, r->out.domains, &sid_index);
+               if (!NT_STATUS_IS_OK(status2)) {
+                       return status2;
+               }
+
+               status2 = lsa_lookup_sid(state, mem_ctx, sid, sid_str, 
+                                        &name, &atype);
+               if (!NT_STATUS_IS_OK(status2)) {
+                       status = STATUS_SOME_UNMAPPED;
+                       continue;
+               }
+
+               rtype = samdb_atype_map(atype);
+               if (rtype == SID_NAME_UNKNOWN) {
+                       status = STATUS_SOME_UNMAPPED;
+                       continue;
+               }
+
+               r->out.names->names[i].sid_type    = rtype;
+               r->out.names->names[i].name.string = name;
+               r->out.names->names[i].sid_index   = sid_index;
+               r->out.names->names[i].unknown     = 0;
+       }
+       
+       return status;
 }
 
 
@@ -383,9 +729,44 @@ static NTSTATUS lsa_LookupNames(struct dcesrv_call_state *dce_call, TALLOC_CTX *
   lsa_LookupSids 
 */
 static NTSTATUS lsa_LookupSids(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
-                      struct lsa_LookupSids *r)
+                              struct lsa_LookupSids *r)
 {
-       DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
+       struct lsa_LookupSids2 r2;
+       NTSTATUS status;
+       int i;
+
+       r2.in.handle   = r->in.handle;
+       r2.in.sids     = r->in.sids;
+       r2.in.names    = NULL;
+       r2.in.level    = r->in.level;
+       r2.in.count    = r->in.count;
+       r2.in.unknown1 = 0;
+       r2.in.unknown2 = 0;
+       r2.out.count   = r->out.count;
+
+       status = lsa_LookupSids2(dce_call, mem_ctx, &r2);
+       if (dce_call->fault_code != 0) {
+               return status;
+       }
+
+       r->out.domains = r2.out.domains;
+       r->out.names = talloc_p(mem_ctx, struct lsa_TransNameArray);
+       if (r->out.names == NULL) {
+               return NT_STATUS_NO_MEMORY;
+       }
+       r->out.names->count = r2.out.names->count;
+       r->out.names->names = talloc_array_p(r->out.names, struct lsa_TranslatedName, 
+                                            r->out.names->count);
+       if (r->out.names->names == NULL) {
+               return NT_STATUS_NO_MEMORY;
+       }
+       for (i=0;i<r->out.names->count;i++) {
+               r->out.names->names[i].sid_type    = r2.out.names->names[i].sid_type;
+               r->out.names->names[i].name.string = r2.out.names->names[i].name.string;
+               r->out.names->names[i].sid_index   = r2.out.names->names[i].sid_index;
+       }
+
+       return status;
 }
 
 
@@ -403,29 +784,301 @@ static NTSTATUS lsa_CreateSecret(struct dcesrv_call_state *dce_call, TALLOC_CTX
   lsa_OpenAccount 
 */
 static NTSTATUS lsa_OpenAccount(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
-                      struct lsa_OpenAccount *r)
+                               struct lsa_OpenAccount *r)
 {
-       DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
+       struct dcesrv_handle *h, *ah;
+       struct lsa_policy_state *state;
+       struct lsa_account_state *astate;
+
+       ZERO_STRUCTP(r->out.acct_handle);
+
+       DCESRV_PULL_HANDLE(h, r->in.handle, LSA_HANDLE_POLICY);
+
+       state = h->data;
+
+       astate = talloc_p(dce_call->conn, struct lsa_account_state);
+       if (astate == NULL) {
+               return NT_STATUS_NO_MEMORY;
+       }
+
+       astate->account_sid = dom_sid_dup(astate, r->in.sid);
+       if (astate->account_sid == NULL) {
+               talloc_free(astate);
+               return NT_STATUS_NO_MEMORY;
+       }
+       
+       astate->account_sid_str = dom_sid_string(astate, astate->account_sid);
+       if (astate->account_sid_str == NULL) {
+               talloc_free(astate);
+               return NT_STATUS_NO_MEMORY;
+       }
+
+       /* check it really exists */
+       astate->account_dn = samdb_search_string(state->sam_ctx, astate,
+                                                NULL, "dn", 
+                                                "(&(objectSid=%s)(objectClass=group))", 
+                                                astate->account_sid_str);
+       if (astate->account_dn == NULL) {
+               talloc_free(astate);
+               return NT_STATUS_NO_SUCH_USER;
+       }
+       
+       astate->policy = talloc_reference(astate, state);
+       astate->access_mask = r->in.access_mask;
+
+       ah = dcesrv_handle_new(dce_call->conn, LSA_HANDLE_ACCOUNT);
+       if (!ah) {
+               talloc_free(astate);
+               return NT_STATUS_NO_MEMORY;
+       }
+
+       ah->data = astate;
+       ah->destroy = lsa_Account_destroy;
+
+       *r->out.acct_handle = ah->wire_handle;
+
+       return NT_STATUS_OK;
 }
 
 
 /* 
   lsa_EnumPrivsAccount 
 */
-static NTSTATUS lsa_EnumPrivsAccount(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
-                      struct lsa_EnumPrivsAccount *r)
+static NTSTATUS lsa_EnumPrivsAccount(struct dcesrv_call_state *dce_call, 
+                                    TALLOC_CTX *mem_ctx,
+                                    struct lsa_EnumPrivsAccount *r)
 {
-       DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
+       struct dcesrv_handle *h;
+       struct lsa_account_state *astate;
+       int ret, i;
+       struct ldb_message **res;
+       const char * const attrs[] = { "privilege", NULL};
+       struct ldb_message_element *el;
+
+       DCESRV_PULL_HANDLE(h, r->in.handle, LSA_HANDLE_ACCOUNT);
+
+       astate = h->data;
+
+       r->out.privs = talloc_p(mem_ctx, struct lsa_PrivilegeSet);
+       r->out.privs->count = 0;
+       r->out.privs->unknown = 0;
+       r->out.privs->set = NULL;
+
+       ret = samdb_search(astate->policy->sam_ctx, mem_ctx, NULL, &res, attrs, 
+                          "dn=%s", astate->account_dn);
+       if (ret != 1) {
+               return NT_STATUS_OK;
+       }
+
+       el = ldb_msg_find_element(res[0], "privilege");
+       if (el == NULL || el->num_values == 0) {
+               return NT_STATUS_OK;
+       }
+
+       r->out.privs->set = talloc_array_p(r->out.privs, 
+                                          struct lsa_LUIDAttribute, el->num_values);
+       if (r->out.privs->set == NULL) {
+               return NT_STATUS_NO_MEMORY;
+       }
+
+       for (i=0;i<el->num_values;i++) {
+               int id = sec_privilege_id(el->values[i].data);
+               if (id == -1) {
+                       return NT_STATUS_INTERNAL_DB_CORRUPTION;
+               }
+               r->out.privs->set[i].attribute = 0;
+               r->out.privs->set[i].luid.low = id;
+               r->out.privs->set[i].luid.high = 0;
+       }
+
+       r->out.privs->count = el->num_values;
+
+       return NT_STATUS_OK;
 }
 
+/* 
+  lsa_EnumAccountRights 
+*/
+static NTSTATUS lsa_EnumAccountRights(struct dcesrv_call_state *dce_call, 
+                                     TALLOC_CTX *mem_ctx,
+                                     struct lsa_EnumAccountRights *r)
+{
+       struct dcesrv_handle *h;
+       struct lsa_policy_state *state;
+       int ret, i;
+       struct ldb_message **res;
+       const char * const attrs[] = { "privilege", NULL};
+       const char *sidstr;
+       struct ldb_message_element *el;
+
+       DCESRV_PULL_HANDLE(h, r->in.handle, LSA_HANDLE_POLICY);
+
+       state = h->data;
+
+       sidstr = dom_sid_string(mem_ctx, r->in.sid);
+       if (sidstr == NULL) {
+               return NT_STATUS_NO_MEMORY;
+       }
+
+       ret = samdb_search(state->sam_ctx, mem_ctx, NULL, &res, attrs, 
+                          "objectSid=%s", sidstr);
+       if (ret != 1) {
+               return NT_STATUS_OBJECT_NAME_NOT_FOUND;
+       }
+
+       el = ldb_msg_find_element(res[0], "privilege");
+       if (el == NULL || el->num_values == 0) {
+               return NT_STATUS_OBJECT_NAME_NOT_FOUND;
+       }
+
+       r->out.rights->count = el->num_values;
+       r->out.rights->names = talloc_array_p(r->out.rights, 
+                                             struct lsa_String, r->out.rights->count);
+       if (r->out.rights->names == NULL) {
+               return NT_STATUS_NO_MEMORY;
+       }
+
+       for (i=0;i<el->num_values;i++) {
+               r->out.rights->names[i].string = el->values[i].data;
+       }
+
+       return NT_STATUS_OK;
+}
+
+
+
+/* 
+  helper for lsa_AddAccountRights and lsa_RemoveAccountRights
+*/
+static NTSTATUS lsa_AddRemoveAccountRights(struct dcesrv_call_state *dce_call, 
+                                          TALLOC_CTX *mem_ctx,
+                                          struct lsa_policy_state *state,
+                                          int ldb_flag,
+                                          struct dom_sid *sid,
+                                          const struct lsa_RightSet *rights)
+{
+       const char *sidstr;
+       struct ldb_message msg;
+       struct ldb_message_element el;
+       int i, ret;
+       const char *dn;
+       struct lsa_EnumAccountRights r2;
+
+       sidstr = dom_sid_string(mem_ctx, sid);
+       if (sidstr == NULL) {
+               return NT_STATUS_NO_MEMORY;
+       }
+
+       dn = samdb_search_string(state->sam_ctx, mem_ctx, NULL, "dn", 
+                                "objectSid=%s", sidstr);
+       if (dn == NULL) {
+               return NT_STATUS_NO_SUCH_USER;
+       }
+
+       msg.dn = talloc_strdup(mem_ctx, dn);
+       if (msg.dn == NULL) {
+               return NT_STATUS_NO_MEMORY;
+       }
+       msg.num_elements = 1;
+       msg.elements = &el;
+       el.flags = ldb_flag;
+       el.name = talloc_strdup(mem_ctx, "privilege");
+       if (el.name == NULL) {
+               return NT_STATUS_NO_MEMORY;
+       }
+
+       if (ldb_flag == LDB_FLAG_MOD_ADD) {
+               NTSTATUS status;
+
+               r2.in.handle = &state->handle->wire_handle;
+               r2.in.sid = sid;
+               r2.out.rights = talloc_p(mem_ctx, struct lsa_RightSet);
+
+               status = lsa_EnumAccountRights(dce_call, mem_ctx, &r2);
+               if (!NT_STATUS_IS_OK(status)) {
+                       ZERO_STRUCTP(r2.out.rights);
+               }
+       }
+
+       el.num_values = 0;
+       el.values = talloc_array_p(mem_ctx, struct ldb_val, rights->count);
+       if (el.values == NULL) {
+               return NT_STATUS_NO_MEMORY;
+       }
+       for (i=0;i<rights->count;i++) {
+               if (sec_privilege_id(rights->names[i].string) == -1) {
+                       return NT_STATUS_NO_SUCH_PRIVILEGE;
+               }
+
+               if (ldb_flag == LDB_FLAG_MOD_ADD) {
+                       int j;
+                       for (j=0;j<r2.out.rights->count;j++) {
+                               if (StrCaseCmp(r2.out.rights->names[j].string, 
+                                              rights->names[i].string) == 0) {
+                                       break;
+                               }
+                       }
+                       if (j != r2.out.rights->count) continue;
+               }
+
+
+               el.values[el.num_values].length = strlen(rights->names[i].string);
+               el.values[el.num_values].data = talloc_strdup(mem_ctx, rights->names[i].string);
+               if (el.values[el.num_values].data == NULL) {
+                       return NT_STATUS_NO_MEMORY;
+               }
+               el.num_values++;
+       }
+
+       if (el.num_values == 0) {
+               return NT_STATUS_OK;
+       }
+
+       ret = samdb_modify(state->sam_ctx, mem_ctx, &msg);
+       if (ret != 0) {
+               if (ldb_flag == LDB_FLAG_MOD_DELETE) {
+                       return NT_STATUS_OBJECT_NAME_NOT_FOUND;
+               }
+               return NT_STATUS_UNEXPECTED_IO_ERROR;
+       }
+
+       return NT_STATUS_OK;
+}
 
 /* 
   lsa_AddPrivilegesToAccount
 */
 static NTSTATUS lsa_AddPrivilegesToAccount(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
-                      struct lsa_AddPrivilegesToAccount *r)
+                                          struct lsa_AddPrivilegesToAccount *r)
 {
-       DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
+       struct lsa_RightSet rights;
+       struct dcesrv_handle *h;
+       struct lsa_account_state *astate;
+       int i;
+
+       DCESRV_PULL_HANDLE(h, r->in.handle, LSA_HANDLE_ACCOUNT);
+
+       astate = h->data;
+
+       rights.count = r->in.privs->count;
+       rights.names = talloc_array_p(mem_ctx, struct lsa_String, rights.count);
+       if (rights.names == NULL) {
+               return NT_STATUS_NO_MEMORY;
+       }
+       for (i=0;i<rights.count;i++) {
+               int id = r->in.privs->set[i].luid.low;
+               if (r->in.privs->set[i].luid.high) {
+                       return NT_STATUS_NO_SUCH_PRIVILEGE;
+               }
+               rights.names[i].string = sec_privilege_name(id);
+               if (rights.names[i].string == NULL) {
+                       return NT_STATUS_NO_SUCH_PRIVILEGE;
+               }
+       }
+
+       return lsa_AddRemoveAccountRights(dce_call, mem_ctx, astate->policy, 
+                                         LDB_FLAG_MOD_ADD, astate->account_sid,
+                                         &rights);
 }
 
 
@@ -433,9 +1086,61 @@ static NTSTATUS lsa_AddPrivilegesToAccount(struct dcesrv_call_state *dce_call, T
   lsa_RemovePrivilegesFromAccount
 */
 static NTSTATUS lsa_RemovePrivilegesFromAccount(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
-                      struct lsa_RemovePrivilegesFromAccount *r)
+                                               struct lsa_RemovePrivilegesFromAccount *r)
 {
-       DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
+       struct lsa_RightSet *rights;
+       struct dcesrv_handle *h;
+       struct lsa_account_state *astate;
+       int i;
+
+       DCESRV_PULL_HANDLE(h, r->in.handle, LSA_HANDLE_ACCOUNT);
+
+       astate = h->data;
+
+       rights = talloc_p(mem_ctx, struct lsa_RightSet);
+
+       if (r->in.remove_all == 1 && 
+           r->in.privs == NULL) {
+               struct lsa_EnumAccountRights r2;
+               NTSTATUS status;
+
+               r2.in.handle = &astate->policy->handle->wire_handle;
+               r2.in.sid = astate->account_sid;
+               r2.out.rights = rights;
+
+               status = lsa_EnumAccountRights(dce_call, mem_ctx, &r2);
+               if (!NT_STATUS_IS_OK(status)) {
+                       return status;
+               }
+
+               return lsa_AddRemoveAccountRights(dce_call, mem_ctx, astate->policy, 
+                                                 LDB_FLAG_MOD_DELETE, astate->account_sid,
+                                                 r2.out.rights);
+       }
+
+       if (r->in.remove_all != 0) {
+               return NT_STATUS_INVALID_PARAMETER;
+       }
+
+       rights->count = r->in.privs->count;
+       rights->names = talloc_array_p(mem_ctx, struct lsa_String, rights->count);
+       if (rights->names == NULL) {
+               return NT_STATUS_NO_MEMORY;
+       }
+       for (i=0;i<rights->count;i++) {
+               int id = r->in.privs->set[i].luid.low;
+               if (r->in.privs->set[i].luid.high) {
+                       return NT_STATUS_NO_SUCH_PRIVILEGE;
+               }
+               rights->names[i].string = sec_privilege_name(id);
+               if (rights->names[i].string == NULL) {
+                       return NT_STATUS_NO_SUCH_PRIVILEGE;
+               }
+       }
+
+       return lsa_AddRemoveAccountRights(dce_call, mem_ctx, astate->policy, 
+                                         LDB_FLAG_MOD_DELETE, astate->account_sid,
+                                         rights);
 }
 
 
@@ -490,10 +1195,10 @@ static NTSTATUS lsa_OpenTrustedDomain(struct dcesrv_call_state *dce_call, TALLOC
 
 
 /* 
-  lsa_QueryInfoTrustedDomain
+  lsa_QueryTrustedDomainInfo
 */
-static NTSTATUS lsa_QueryInfoTrustedDomain(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
-                      struct lsa_QueryInfoTrustedDomain *r)
+static NTSTATUS lsa_QueryTrustedDomainInfo(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
+                      struct lsa_QueryTrustedDomainInfo *r)
 {
        DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
 }
@@ -542,30 +1247,95 @@ static NTSTATUS lsa_QuerySecret(struct dcesrv_call_state *dce_call, TALLOC_CTX *
 /* 
   lsa_LookupPrivValue
 */
-static NTSTATUS lsa_LookupPrivValue(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
-                      struct lsa_LookupPrivValue *r)
+static NTSTATUS lsa_LookupPrivValue(struct dcesrv_call_state *dce_call, 
+                                   TALLOC_CTX *mem_ctx,
+                                   struct lsa_LookupPrivValue *r)
 {
-       DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
+       struct dcesrv_handle *h;
+       struct lsa_policy_state *state;
+       int id;
+
+       DCESRV_PULL_HANDLE(h, r->in.handle, LSA_HANDLE_POLICY);
+
+       state = h->data;
+
+       id = sec_privilege_id(r->in.name->string);
+       if (id == -1) {
+               return NT_STATUS_NO_SUCH_PRIVILEGE;
+       }
+
+       r->out.luid->low = id;
+       r->out.luid->high = 0;
+
+       return NT_STATUS_OK;    
 }
 
 
 /* 
   lsa_LookupPrivName 
 */
-static NTSTATUS lsa_LookupPrivName(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
-                      struct lsa_LookupPrivName *r)
+static NTSTATUS lsa_LookupPrivName(struct dcesrv_call_state *dce_call, 
+                                  TALLOC_CTX *mem_ctx,
+                                  struct lsa_LookupPrivName *r)
 {
-       DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
+       struct dcesrv_handle *h;
+       struct lsa_policy_state *state;
+       const char *privname;
+
+       DCESRV_PULL_HANDLE(h, r->in.handle, LSA_HANDLE_POLICY);
+
+       state = h->data;
+
+       if (r->in.luid->high != 0) {
+               return NT_STATUS_NO_SUCH_PRIVILEGE;
+       }
+
+       privname = sec_privilege_name(r->in.luid->low);
+       if (privname == NULL) {
+               return NT_STATUS_NO_SUCH_PRIVILEGE;
+       }
+
+       r->out.name = talloc_p(mem_ctx, struct lsa_String);
+       if (r->out.name == NULL) {
+               return NT_STATUS_NO_MEMORY;
+       }
+       r->out.name->string = privname;
+
+       return NT_STATUS_OK;    
 }
 
 
 /* 
   lsa_LookupPrivDisplayName
 */
-static NTSTATUS lsa_LookupPrivDisplayName(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
-                      struct lsa_LookupPrivDisplayName *r)
+static NTSTATUS lsa_LookupPrivDisplayName(struct dcesrv_call_state *dce_call, 
+                                         TALLOC_CTX *mem_ctx,
+                                         struct lsa_LookupPrivDisplayName *r)
 {
-       DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
+       struct dcesrv_handle *h;
+       struct lsa_policy_state *state;
+       int id;
+
+       DCESRV_PULL_HANDLE(h, r->in.handle, LSA_HANDLE_POLICY);
+
+       state = h->data;
+
+       id = sec_privilege_id(r->in.name->string);
+       if (id == -1) {
+               return NT_STATUS_NO_SUCH_PRIVILEGE;
+       }
+       
+       r->out.disp_name = talloc_p(mem_ctx, struct lsa_String);
+       if (r->out.disp_name == NULL) {
+               return NT_STATUS_NO_MEMORY;
+       }
+
+       r->out.disp_name->string = sec_privilege_display_name(id, r->in.language_id);
+       if (r->out.disp_name->string == NULL) {
+               return NT_STATUS_INTERNAL_ERROR;
+       }
+
+       return NT_STATUS_OK;
 }
 
 
@@ -582,48 +1352,103 @@ static NTSTATUS lsa_DeleteObject(struct dcesrv_call_state *dce_call, TALLOC_CTX
 /* 
   lsa_EnumAccountsWithUserRight
 */
-static NTSTATUS lsa_EnumAccountsWithUserRight(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
-                      struct lsa_EnumAccountsWithUserRight *r)
+static NTSTATUS lsa_EnumAccountsWithUserRight(struct dcesrv_call_state *dce_call, 
+                                             TALLOC_CTX *mem_ctx,
+                                             struct lsa_EnumAccountsWithUserRight *r)
 {
-       DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
-}
+       struct dcesrv_handle *h;
+       struct lsa_policy_state *state;
+       int ret, i;
+       struct ldb_message **res;
+       const char * const attrs[] = { "objectSid", NULL};
+       const char *privname;
 
+       DCESRV_PULL_HANDLE(h, r->in.handle, LSA_HANDLE_POLICY);
 
-/* 
-  lsa_EnumAccountRights 
-*/
-static NTSTATUS lsa_EnumAccountRights(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
-                      struct lsa_EnumAccountRights *r)
-{
-       DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
+       state = h->data;
+
+       if (r->in.name == NULL) {
+               return NT_STATUS_NO_SUCH_PRIVILEGE;
+       } 
+
+       privname = r->in.name->string;
+       if (sec_privilege_id(privname) == -1) {
+               return NT_STATUS_NO_SUCH_PRIVILEGE;
+       }
+
+       ret = samdb_search(state->sam_ctx, mem_ctx, NULL, &res, attrs, 
+                          "privilege=%s", privname);
+       if (ret <= 0) {
+               return NT_STATUS_NO_SUCH_USER;
+       }
+
+       r->out.sids->sids = talloc_array_p(r->out.sids, struct lsa_SidPtr, ret);
+       if (r->out.sids->sids == NULL) {
+               return NT_STATUS_NO_MEMORY;
+       }
+       for (i=0;i<ret;i++) {
+               const char *sidstr;
+               sidstr = samdb_result_string(res[i], "objectSid", NULL);
+               if (sidstr == NULL) {
+                       return NT_STATUS_NO_MEMORY;
+               }
+               r->out.sids->sids[i].sid = dom_sid_parse_talloc(r->out.sids->sids,
+                                                               sidstr);
+               if (r->out.sids->sids[i].sid == NULL) {
+                       return NT_STATUS_NO_MEMORY;
+               }
+       }
+       r->out.sids->num_sids = ret;
+
+       return NT_STATUS_OK;
 }
 
 
 /* 
   lsa_AddAccountRights
 */
-static NTSTATUS lsa_AddAccountRights(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
-                      struct lsa_AddAccountRights *r)
+static NTSTATUS lsa_AddAccountRights(struct dcesrv_call_state *dce_call, 
+                                    TALLOC_CTX *mem_ctx,
+                                    struct lsa_AddAccountRights *r)
 {
-       DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
+       struct dcesrv_handle *h;
+       struct lsa_policy_state *state;
+
+       DCESRV_PULL_HANDLE(h, r->in.handle, LSA_HANDLE_POLICY);
+
+       state = h->data;
+
+       return lsa_AddRemoveAccountRights(dce_call, mem_ctx, state, 
+                                         LDB_FLAG_MOD_ADD,
+                                         r->in.sid, r->in.rights);
 }
 
 
 /* 
   lsa_RemoveAccountRights
 */
-static NTSTATUS lsa_RemoveAccountRights(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
-                      struct lsa_RemoveAccountRights *r)
+static NTSTATUS lsa_RemoveAccountRights(struct dcesrv_call_state *dce_call, 
+                                       TALLOC_CTX *mem_ctx,
+                                       struct lsa_RemoveAccountRights *r)
 {
-       DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
+       struct dcesrv_handle *h;
+       struct lsa_policy_state *state;
+
+       DCESRV_PULL_HANDLE(h, r->in.handle, LSA_HANDLE_POLICY);
+
+       state = h->data;
+
+       return lsa_AddRemoveAccountRights(dce_call, mem_ctx, state, 
+                                         LDB_FLAG_MOD_DELETE,
+                                         r->in.sid, r->in.rights);
 }
 
 
 /* 
-  lsa_QueryTrustDomainInfo
+  lsa_QueryTrustedDomainInfoBySid
 */
-static NTSTATUS lsa_QueryTrustDomainInfo(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
-                      struct lsa_QueryTrustDomainInfo *r)
+static NTSTATUS lsa_QueryTrustedDomainInfoBySid(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
+                                               struct lsa_QueryTrustedDomainInfoBySid *r)
 {
        DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
 }
@@ -675,7 +1500,53 @@ static NTSTATUS lsa_RetrievePrivateData(struct dcesrv_call_state *dce_call, TALL
 static NTSTATUS lsa_GetUserName(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
                       struct lsa_GetUserName *r)
 {
-       DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
+       NTSTATUS status = NT_STATUS_OK;
+       const char *account_name;
+       const char *authority_name;
+       struct lsa_String *_account_name;
+       struct lsa_StringPointer *_authority_name = NULL;
+
+       /* this is what w2k3 does */
+       r->out.account_name = r->in.account_name;
+       r->out.authority_name = r->in.authority_name;
+
+       if (r->in.account_name && r->in.account_name->string) {
+               return NT_STATUS_INVALID_PARAMETER;
+       }
+
+       if (r->in.authority_name &&
+           r->in.authority_name->string &&
+           r->in.authority_name->string->string) {
+               return NT_STATUS_INVALID_PARAMETER;
+       }
+
+       /* TODO: this check should go and we should rely on the calling code that this is valid */
+       if (!dce_call->conn->auth_state.session_info ||
+           !dce_call->conn->auth_state.session_info->server_info ||
+           !dce_call->conn->auth_state.session_info->server_info->account_name ||
+           !dce_call->conn->auth_state.session_info->server_info->domain) {
+               return NT_STATUS_INTERNAL_ERROR;
+       }
+
+       account_name = talloc_reference(mem_ctx, dce_call->conn->auth_state.session_info->server_info->account_name);
+       authority_name = talloc_reference(mem_ctx, dce_call->conn->auth_state.session_info->server_info->domain);
+
+       _account_name = talloc_p(mem_ctx, struct lsa_String);
+       NTSTATUS_TALLOC_CHECK(_account_name);
+       _account_name->string = account_name;
+
+       if (r->in.authority_name) {
+               _authority_name = talloc_p(mem_ctx, struct lsa_StringPointer);
+               NTSTATUS_TALLOC_CHECK(_authority_name);
+               _authority_name->string = talloc_p(mem_ctx, struct lsa_String);
+               NTSTATUS_TALLOC_CHECK(_authority_name->string);
+               _authority_name->string->string = authority_name;
+       }
+
+       r->out.account_name = _account_name;
+       r->out.authority_name = _authority_name;
+
+       return status;
 }
 
 /*
@@ -779,13 +1650,35 @@ static NTSTATUS lsa_TestCall(struct dcesrv_call_state *dce_call,
 }
 
 /*
-  lsa_LookupSids2
+  lookup a SID for 1 name
 */
-static NTSTATUS lsa_LookupSids2(struct dcesrv_call_state *dce_call,
-                               TALLOC_CTX *mem_ctx,
-                               struct lsa_LookupSids2 *r)
+static NTSTATUS lsa_lookup_name(struct lsa_policy_state *state, TALLOC_CTX *mem_ctx,
+                               const char *name, struct dom_sid **sid, uint32_t *atype)
 {
-       DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
+       int ret;
+       struct ldb_message **res;
+       const char * const attrs[] = { "objectSid", "sAMAccountType", NULL};
+
+       ret = samdb_search(state->sam_ctx, mem_ctx, NULL, &res, attrs, "sAMAccountName=%s", name);
+       if (ret == 1) {
+               const char *sid_str = ldb_msg_find_string(res[0], "objectSid", NULL);
+               if (sid_str == NULL) {
+                       return NT_STATUS_INVALID_SID;
+               }
+
+               *sid = dom_sid_parse_talloc(mem_ctx, sid_str);
+               if (*sid == NULL) {
+                       return NT_STATUS_INVALID_SID;
+               }
+
+               *atype = samdb_result_uint(res[0], "sAMAccountType", 0);
+
+               return NT_STATUS_OK;
+       }
+
+       /* need to add a call into sidmap to check for a allocated sid */
+
+       return NT_STATUS_INVALID_SID;
 }
 
 /*
@@ -795,9 +1688,122 @@ static NTSTATUS lsa_LookupNames2(struct dcesrv_call_state *dce_call,
                                 TALLOC_CTX *mem_ctx,
                                 struct lsa_LookupNames2 *r)
 {
-       DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
+       struct lsa_policy_state *state;
+       struct dcesrv_handle *h;
+       int i;
+       NTSTATUS status = NT_STATUS_OK;
+
+       r->out.domains = NULL;
+
+       DCESRV_PULL_HANDLE(h, r->in.handle, LSA_HANDLE_POLICY);
+
+       state = h->data;
+
+       r->out.domains = talloc_zero_p(mem_ctx,  struct lsa_RefDomainList);
+       if (r->out.domains == NULL) {
+               return NT_STATUS_NO_MEMORY;
+       }
+
+       r->out.sids = talloc_zero_p(mem_ctx,  struct lsa_TransSidArray2);
+       if (r->out.sids == NULL) {
+               return NT_STATUS_NO_MEMORY;
+       }
+
+       *r->out.count = 0;
+
+       r->out.sids->sids = talloc_array_p(r->out.sids, struct lsa_TranslatedSid2, 
+                                          r->in.num_names);
+       if (r->out.sids->sids == NULL) {
+               return NT_STATUS_NO_MEMORY;
+       }
+
+       for (i=0;i<r->in.num_names;i++) {
+               const char *name = r->in.names[i].string;
+               struct dom_sid *sid;
+               uint32_t atype, rtype, sid_index;
+               NTSTATUS status2;
+
+               r->out.sids->count++;
+               (*r->out.count)++;
+
+               r->out.sids->sids[i].sid_type    = SID_NAME_UNKNOWN;
+               r->out.sids->sids[i].rid         = 0xFFFFFFFF;
+               r->out.sids->sids[i].sid_index   = 0xFFFFFFFF;
+               r->out.sids->sids[i].unknown     = 0;
+
+               status2 = lsa_lookup_name(state, mem_ctx, name, &sid, &atype);
+               if (!NT_STATUS_IS_OK(status2) || sid->num_auths == 0) {
+                       status = STATUS_SOME_UNMAPPED;
+                       continue;
+               }
+
+               rtype = samdb_atype_map(atype);
+               if (rtype == SID_NAME_UNKNOWN) {
+                       status = STATUS_SOME_UNMAPPED;
+                       continue;
+               }
+
+               status2 = lsa_authority_list(state, mem_ctx, sid, r->out.domains, &sid_index);
+               if (!NT_STATUS_IS_OK(status2)) {
+                       return status2;
+               }
+
+               r->out.sids->sids[i].sid_type    = rtype;
+               r->out.sids->sids[i].rid         = sid->sub_auths[sid->num_auths-1];
+               r->out.sids->sids[i].sid_index   = sid_index;
+               r->out.sids->sids[i].unknown     = 0;
+       }
+       
+       return status;
 }
 
+/* 
+  lsa_LookupNames 
+*/
+static NTSTATUS lsa_LookupNames(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
+                      struct lsa_LookupNames *r)
+{
+       struct lsa_LookupNames2 r2;
+       NTSTATUS status;
+       int i;
+
+       r2.in.handle    = r->in.handle;
+       r2.in.num_names = r->in.num_names;
+       r2.in.names     = r->in.names;
+       r2.in.sids      = NULL;
+       r2.in.level     = r->in.level;
+       r2.in.count     = r->in.count;
+       r2.in.unknown1  = 0;
+       r2.in.unknown2  = 0;
+       r2.out.count    = r->out.count;
+
+       status = lsa_LookupNames2(dce_call, mem_ctx, &r2);
+       if (dce_call->fault_code != 0) {
+               return status;
+       }
+
+       r->out.domains = r2.out.domains;
+       r->out.sids = talloc_p(mem_ctx, struct lsa_TransSidArray);
+       if (r->out.sids == NULL) {
+               return NT_STATUS_NO_MEMORY;
+       }
+       r->out.sids->count = r2.out.sids->count;
+       r->out.sids->sids = talloc_array_p(r->out.sids, struct lsa_TranslatedSid, 
+                                          r->out.sids->count);
+       if (r->out.sids->sids == NULL) {
+               return NT_STATUS_NO_MEMORY;
+       }
+       for (i=0;i<r->out.sids->count;i++) {
+               r->out.sids->sids[i].sid_type    = r2.out.sids->sids[i].sid_type;
+               r->out.sids->sids[i].rid         = r2.out.sids->sids[i].rid;
+               r->out.sids->sids[i].sid_index   = r2.out.sids->sids[i].sid_index;
+       }
+
+       return status;
+}
+
+
+
 /*
   lsa_CreateTrustedDomainEx2
 */