r917: - added the start of a LSA server to samba4.

- added start of QueryDomainInfo in samr server

"net rpc info" from samba3 now works against a samba4 server. I
suspect join will work fairly soon.
(This used to be commit 0a2c6a1062d0e364356853001f5f39bdb542f453)

diff --git a/source4/include/enums.h b/source4/include/enums.h
index 5be158840f39bc24ce6d5397fe2056bdbccb91f0..e56f403a30f76cb4ef7ca6ac94049e036436baf9 100644 (file)
--- a/source4/include/enums.h
+++ b/source4/include/enums.h
@@ -29,15 +29,6 @@ enum protocol_types {PROTOCOL_NONE,PROTOCOL_CORE,PROTOCOL_COREPLUS,PROTOCOL_LANM
 /* security levels */
 enum security_types {SEC_SHARE,SEC_USER,SEC_SERVER,SEC_DOMAIN,SEC_ADS};
 
-/* server roles */
-enum server_types
-{
-       ROLE_STANDALONE,
-       ROLE_DOMAIN_MEMBER,
-       ROLE_DOMAIN_BDC,
-       ROLE_DOMAIN_PDC
-};
-
 /* printing types */
 enum printing_types {PRINT_BSD,PRINT_SYSV,PRINT_AIX,PRINT_HPUX,
                     PRINT_QNX,PRINT_PLP,PRINT_LPRNG,PRINT_SOFTQ,

diff --git a/source4/libcli/auth/ntlmssp.h b/source4/libcli/auth/ntlmssp.h
index 28487c1ab56c8eeb5902212d7df3ce11d7f89d64..a5565888f1d1d3aed0d2f7b6c7d3e0c9497ec7dc 100644 (file)
--- a/source4/libcli/auth/ntlmssp.h
+++ b/source4/libcli/auth/ntlmssp.h
@@ -76,7 +76,7 @@ typedef struct ntlmssp_state
        TALLOC_CTX *mem_ctx;
        unsigned int ref_count;
        enum NTLMSSP_ROLE role;
-       enum server_types server_role;
+       enum samr_Role server_role;
        uint32_t expected_state;
 
        BOOL unicode;

diff --git a/source4/librpc/config.m4 b/source4/librpc/config.m4
index ff012c0301d7227cf3847c063ba402635649cec8..e489538aebea0c74d64eb12943388ad1bd66185b 100644 (file)
--- a/source4/librpc/config.m4
+++ b/source4/librpc/config.m4
@@ -10,6 +10,7 @@ SMB_SUBSYSTEM(LIBNDR_RAW,[],
                librpc/gen_ndr/ndr_echo.o
                librpc/gen_ndr/ndr_misc.o
                librpc/gen_ndr/ndr_lsa.o
+               librpc/gen_ndr/ndr_lsads.o
                librpc/gen_ndr/ndr_dfs.o
                librpc/gen_ndr/ndr_samr.o
                librpc/gen_ndr/ndr_spoolss.o

diff --git a/source4/librpc/idl/lsa.idl b/source4/librpc/idl/lsa.idl
index 2e3049ac786486badc6cb04d360983b76a0c2cd4..e477ce7054a1545f2c085fb195b1f52a6c704b87 100644 (file)
--- a/source4/librpc/idl/lsa.idl
+++ b/source4/librpc/idl/lsa.idl
@@ -99,7 +99,7 @@
        NTSTATUS lsa_OpenPolicy (
                [in]       uint16 *system_name,
                [in,ref]   lsa_ObjectAttribute *attr,
-               [in]       uint32 desired_access,
+               [in]       uint32 access_mask,
                [out,ref]  policy_handle *handle
                );
        
@@ -191,18 +191,18 @@
        } lsaPolicyInfo;
 
        typedef union {
-               [case(1)]  lsa_AuditLogInfo audit_log;
-               [case(2)]  lsa_AuditEventsInfo audit_events;
-               [case(3)]  lsa_DomainInfo domain;
-               [case(4)]  lsa_PDAccountInfo pd;
-               [case(5)]  lsa_DomainInfo account_domain;
-               [case(6)]  lsa_ServerRole role;
-               [case(7)]  lsa_ReplicaSourceInfo replica;
-               [case(8)]  lsa_DefaultQuotaInfo quota;
-               [case(9)]  lsa_ModificationInfo db;
-               [case(10)] lsa_AuditFullSetInfo auditfullset;
-               [case(11)] lsa_AuditFullQueryInfo auditfullquery;
-               [case(12)] lsa_DnsDomainInfo dns;
+               [case(LSA_POLICY_INFO_AUDIT_LOG)]        lsa_AuditLogInfo       audit_log;
+               [case(LSA_POLICY_INFO_AUDIT_EVENTS)]     lsa_AuditEventsInfo    audit_events;
+               [case(LSA_POLICY_INFO_DOMAIN)]           lsa_DomainInfo         domain;
+               [case(LSA_POLICY_INFO_PD)]               lsa_PDAccountInfo      pd;
+               [case(LSA_POLICY_INFO_ACCOUNT_DOMAIN)]   lsa_DomainInfo         account_domain;
+               [case(LSA_POLICY_INFO_ROLE)]             lsa_ServerRole         role;
+               [case(LSA_POLICY_INFO_REPLICA)]          lsa_ReplicaSourceInfo  replica;
+               [case(LSA_POLICY_INFO_QUOTA)]            lsa_DefaultQuotaInfo   quota;
+               [case(LSA_POLICY_INFO_DB)]               lsa_ModificationInfo   db;
+               [case(LSA_POLICY_INFO_AUDIT_FULL_SET)]   lsa_AuditFullSetInfo   auditfullset;
+               [case(LSA_POLICY_INFO_AUDIT_FULL_QUERY)] lsa_AuditFullQueryInfo auditfullquery;
+               [case(LSA_POLICY_INFO_DNS)]              lsa_DnsDomainInfo      dns;
        } lsa_PolicyInformation;
 
        NTSTATUS lsa_QueryInfoPolicy (
@@ -224,7 +224,7 @@
        NTSTATUS lsa_CreateAccount (
                [in,ref]    policy_handle *handle,
                [in,ref]    dom_sid2 *sid,
-               [in]        uint32 desired_access,
+               [in]        uint32 access_mask,
                [out,ref]   policy_handle *acct_handle
                );
 
@@ -258,7 +258,7 @@
        NTSTATUS lsa_CreateTrustedDomain(
                [in,ref]     policy_handle *handle,
                [in,ref]     lsa_TrustInformation *info,
-               [in]         uint32 desired_access,
+               [in]         uint32 access_mask,
                [out,ref]    policy_handle *dom_handle
                );
 
@@ -343,7 +343,7 @@
        NTSTATUS lsa_CreateSecret(
                [in,ref]     policy_handle *handle,
                [in]         lsa_Name       name,
-               [in]         uint32         desired_access,
+               [in]         uint32         access_mask,
                [out,ref]    policy_handle *sec_handle
                );
 
@@ -353,7 +353,7 @@
        NTSTATUS lsa_OpenAccount (
                [in,ref]     policy_handle *handle,
                [in,ref]     dom_sid2 *sid,
-               [in]         uint32 desired_access,
+               [in]         uint32 access_mask,
                [out,ref]    policy_handle *acct_handle
                );
 
@@ -406,7 +406,7 @@
        NTSTATUS lsa_OpenSecret(
                [in,ref]     policy_handle *handle,
                [in]         lsa_Name       name,
-               [in]         uint32         desired_access,
+               [in]         uint32         access_mask,
                [out,ref]    policy_handle *sec_handle
                );
 
@@ -493,7 +493,7 @@
        NTSTATUS lsa_OpenPolicy2 (
                [in]      unistr *system_name,
                [in,ref]  lsa_ObjectAttribute *attr,
-               [in]      uint32 desired_access,
+               [in]      uint32 access_mask,
                [out,ref] policy_handle *handle
                );
 
@@ -503,19 +503,3 @@
        /* Function:          0x2e */
        NTSTATUS QUERYINFO2 ();
 }
-
-
-[ 
-  uuid(3919286a-b10c-11d0-9ba8-00c04fd92ef5),
-  version(0.0),
-  endpoints(lsarpc,lsass),
-  pointer_default(unique)
-] 
-interface lsads
-{
-
-       /*****************/
-        /* Function 0x00 */
-       void lsads_Unknown0();
-
-}

diff --git a/source4/librpc/idl/samr.idl b/source4/librpc/idl/samr.idl
index 3c9005a1f305349bf6b99e9f3379cb0b9cfa8e86..e428bfe0c7126c5f117bfcb2092513db094e10ec 100644 (file)
--- a/source4/librpc/idl/samr.idl
+++ b/source4/librpc/idl/samr.idl
@@ -125,6 +125,14 @@
        /************************/
        /* Function    0x08     */
 
+       /* server roles */
+       typedef enum {
+               ROLE_STANDALONE    = 0,
+               ROLE_DOMAIN_MEMBER = 1,
+               ROLE_DOMAIN_BDC    = 2,
+               ROLE_DOMAIN_PDC    = 3
+       } samr_Role;
+
        typedef struct {
                uint16 min_pwd_len;
                uint16 password_history;

diff --git a/source4/param/loadparm.c b/source4/param/loadparm.c
index 199ae5f3c2f02745660b6372ece7723ef6524995..dba8a01dfdc6138e56fc5f5e6662abaa58c60a8e 100644 (file)
--- a/source4/param/loadparm.c
+++ b/source4/param/loadparm.c
@@ -953,7 +953,7 @@ static void init_globals(void)
        string_set(&sDefault.fstype, FSTYPE_STRING);
        string_set(&sDefault.ntvfs_handler, "default");
 
-       Globals.dcerpc_ep_servers = str_list_make("epmapper srvsvc wkssvc rpcecho samr netlogon", NULL);
+       Globals.dcerpc_ep_servers = str_list_make("epmapper srvsvc wkssvc rpcecho samr netlogon lsarpc", NULL);
 
        Globals.AuthMethods = str_list_make("guest sam_ignoredomain", NULL);
 
@@ -961,8 +961,6 @@ static void init_globals(void)
        string_set(&Globals.szPrivateDir, dyn_PRIVATE_DIR);
        asprintf(&Globals.szSAM_URL, "tdb://%s/sam.ldb", dyn_PRIVATE_DIR);
 
-       /* use the new 'hash2' method by default, with a prefix of 1 */
-
        string_set(&Globals.szGuestaccount, GUEST_ACCOUNT);
 
        /* using UTF8 by default allows us to support all chars */

diff --git a/source4/rpc_server/config.m4 b/source4/rpc_server/config.m4
index 3841439182372877ca8b553ff88ffb54de2b05e2..13a575bac1d2f2a0f6e39d4a12e62f6b2e96614e 100644 (file)
--- a/source4/rpc_server/config.m4
+++ b/source4/rpc_server/config.m4
@@ -12,5 +12,6 @@ SMB_MODULE_MK(dcerpc_wkssvc,DCERPC,STATIC,rpc_server/config.mk)
 SMB_MODULE_MK(dcerpc_samr,DCERPC,STATIC,rpc_server/config.mk)
 SMB_MODULE_MK(dcerpc_winreg,DCERPC,STATIC,rpc_server/config.mk)
 SMB_MODULE_MK(dcerpc_netlogon,DCERPC,STATIC,rpc_server/config.mk)
+SMB_MODULE_MK(dcerpc_lsarpc,DCERPC,STATIC,rpc_server/config.mk)
 
 SMB_SUBSYSTEM_MK(DCERPC,rpc_server/config.mk)

diff --git a/source4/rpc_server/config.mk b/source4/rpc_server/config.mk
index f344e6b65114a7a381f27cb7fcce41a3967cf99e..da6adaa2206649d6acf977695f227b229df52fe7 100644 (file)
--- a/source4/rpc_server/config.mk
+++ b/source4/rpc_server/config.mk
@@ -103,6 +103,17 @@ REQUIRED_SUBSYSTEMS = \
 # End MODULE dcerpc_netlogon
 ################################################
 
+################################################
+# Start MODULE dcerpc_lsa
+[MODULE::dcerpc_lsarpc]
+INIT_OBJ_FILES = \
+               rpc_server/lsa/dcesrv_lsa.o
+REQUIRED_SUBSYSTEMS = \
+               SAMDB \
+               DCERPC_COMMON
+# End MODULE dcerpc_lsa
+################################################
+
 ################################################
 # Start SUBSYSTEM DCERPC
 [SUBSYSTEM::DCERPC]

diff --git a/source4/rpc_server/lsa/dcesrv_lsa.c b/source4/rpc_server/lsa/dcesrv_lsa.c
new file mode 100644 (file)
index 0000000..6ea782a
--- /dev/null
+++ b/source4/rpc_server/lsa/dcesrv_lsa.c
@@ -0,0 +1,646 @@
+/* 
+   Unix SMB/CIFS implementation.
+
+   endpoint server for the lsarpc pipe
+
+   Copyright (C) Andrew Tridgell 2004
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 2 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program; if not, write to the Free Software
+   Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+*/
+
+#include "includes.h"
+#include "rpc_server/common/common.h"
+
+/*
+  this type allows us to distinguish handle types
+*/
+enum lsa_handle {
+       LSA_HANDLE_POLICY,
+       LSA_HANDLE_ACCOUNT,
+       LSA_HANDLE_SECRET
+};
+
+/*
+  state associated with a lsa_OpenPolicy() operation
+*/
+struct lsa_policy_state {
+       int reference_count;
+       void *sam_ctx;
+       TALLOC_CTX *mem_ctx;
+       uint32_t access_mask;
+       const char *domain_dn;
+};
+
+
+/*
+  destroy policy state
+*/
+static void lsa_Policy_close(struct lsa_policy_state *state)
+{
+       state->reference_count--;
+       if (state->reference_count == 0) {
+               samdb_close(state->sam_ctx);
+               talloc_destroy(state->mem_ctx);
+       }
+}
+
+/*
+  destroy an open policy. This closes the database connection
+*/
+static void lsa_Policy_destroy(struct dcesrv_connection *conn, struct dcesrv_handle *h)
+{
+       struct lsa_policy_state *state = h->data;
+       lsa_Policy_close(state);
+}
+
+/* 
+  lsa_Close 
+*/
+static NTSTATUS lsa_Close(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
+                         struct lsa_Close *r)
+{
+       struct dcesrv_handle *h;
+
+       *r->out.handle = *r->in.handle;
+
+       DCESRV_PULL_HANDLE(h, r->in.handle, DCESRV_HANDLE_ANY);
+
+       /* this causes the callback samr_XXX_destroy() to be called by
+          the handle destroy code which destroys the state associated
+          with the handle */
+       dcesrv_handle_destroy(dce_call->conn, h);
+
+       ZERO_STRUCTP(r->out.handle);
+
+       return NT_STATUS_OK;
+}
+
+
+/* 
+  lsa_Delete 
+*/
+static NTSTATUS lsa_Delete(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
+                          struct lsa_Delete *r)
+{
+       DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
+}
+
+
+/* 
+  lsa_EnumPrivs 
+*/
+static NTSTATUS lsa_EnumPrivs(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
+                             struct lsa_EnumPrivs *r)
+{
+       DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
+}
+
+
+/* 
+  lsa_QuerySecObj 
+*/
+static NTSTATUS lsa_QuerySecObj(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
+                               struct lsa_QuerySecObj *r)
+{
+       DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
+}
+
+
+/* 
+  lsa_SetSecObj 
+*/
+static NTSTATUS lsa_SetSecObj(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
+                             struct lsa_SetSecObj *r)
+{
+       DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
+}
+
+
+/* 
+  lsa_ChangePassword 
+*/
+static NTSTATUS lsa_ChangePassword(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
+                                  struct lsa_ChangePassword *r)
+{
+       DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
+}
+
+
+/* 
+  lsa_OpenPolicy 
+*/
+static NTSTATUS lsa_OpenPolicy(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
+                              struct lsa_OpenPolicy *r)
+{
+       struct lsa_policy_state *state;
+       struct dcesrv_handle *handle;
+       TALLOC_CTX *lsa_mem_ctx;
+
+       ZERO_STRUCTP(r->out.handle);
+
+       lsa_mem_ctx = talloc_init("lsa_OpenPolicy");
+       if (!lsa_mem_ctx) {
+               return NT_STATUS_NO_MEMORY;
+       }
+
+       state = talloc_p(lsa_mem_ctx, struct lsa_policy_state);
+       if (!state) {
+               return NT_STATUS_NO_MEMORY;
+       }
+       state->mem_ctx = lsa_mem_ctx;
+
+       /* make sure the sam database is accessible */
+       state->sam_ctx = samdb_connect();
+       if (state->sam_ctx == NULL) {
+               talloc_destroy(state->mem_ctx);
+               return NT_STATUS_INVALID_SYSTEM_SERVICE;
+       }
+
+       /* work out the domain_dn - useful for so many calls its worth
+          fetching here */
+       state->domain_dn = samdb_search_string(state->sam_ctx, state->mem_ctx, NULL,
+                                              "dn", "(&(objectClass=domain)(!(objectclass=builtinDomain)))");
+       if (!state->domain_dn) {
+               samdb_close(state->sam_ctx);
+               talloc_destroy(state->mem_ctx);
+               return NT_STATUS_NO_SUCH_DOMAIN;                
+       }
+
+       handle = dcesrv_handle_new(dce_call->conn, LSA_HANDLE_POLICY);
+       if (!handle) {
+               talloc_destroy(state->mem_ctx);
+               return NT_STATUS_NO_MEMORY;
+       }
+
+       handle->data = state;
+       handle->destroy = lsa_Policy_destroy;
+
+       state->reference_count = 1;
+       state->access_mask = r->in.access_mask;
+       *r->out.handle = handle->wire_handle;
+
+       /* note that we have completely ignored the attr element of
+          the OpenPolicy. As far as I can tell, this is what w2k3
+          does */
+
+       return NT_STATUS_OK;
+}
+
+
+/*
+  fill in the AccountDomain info
+*/
+static NTSTATUS lsa_info_AccountDomain(struct lsa_policy_state *state, TALLOC_CTX *mem_ctx,
+                                      struct lsa_DomainInfo *info)
+{
+       const char * const attrs[] = { "objectSid", "name", NULL};
+       int ret;
+       struct ldb_message **res;
+
+       ret = samdb_search(state->sam_ctx, mem_ctx, NULL, &res, attrs, 
+                          "dn=%s", state->domain_dn);
+       if (ret != 1) {
+               return NT_STATUS_INTERNAL_DB_CORRUPTION;
+       }
+
+       info->name.name = samdb_result_string(res[0], "name", NULL);
+       info->sid       = samdb_result_dom_sid(mem_ctx, res[0], "objectSid");
+
+       return NT_STATUS_OK;
+}
+
+/* 
+  lsa_QueryInfoPolicy 
+*/
+static NTSTATUS lsa_QueryInfoPolicy(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
+                                   struct lsa_QueryInfoPolicy *r)
+{
+       struct lsa_policy_state *state;
+       struct dcesrv_handle *h;
+
+       r->out.info = NULL;
+
+       DCESRV_PULL_HANDLE(h, r->in.handle, LSA_HANDLE_POLICY);
+
+       state = h->data;
+
+       r->out.info = talloc_p(mem_ctx, union lsa_PolicyInformation);
+       if (!r->out.info) {
+               return NT_STATUS_NO_MEMORY;
+       }
+
+       ZERO_STRUCTP(r->out.info);
+
+       switch (r->in.level) {
+       case LSA_POLICY_INFO_ACCOUNT_DOMAIN:
+               return lsa_info_AccountDomain(state, mem_ctx, &r->out.info->account_domain);
+       }
+
+       return NT_STATUS_INVALID_INFO_CLASS;
+}
+
+
+/* 
+  lsa_SetInfoPolicy 
+*/
+static NTSTATUS lsa_SetInfoPolicy(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
+                                 struct lsa_SetInfoPolicy *r)
+{
+       DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
+}
+
+
+/* 
+  lsa_ClearAuditLog 
+*/
+static NTSTATUS lsa_ClearAuditLog(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
+                                 struct lsa_ClearAuditLog *r)
+{
+       DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
+}
+
+
+/* 
+  lsa_CreateAccount 
+*/
+static NTSTATUS lsa_CreateAccount(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
+                                 struct lsa_CreateAccount *r)
+{
+       DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
+}
+
+
+/* 
+  lsa_EnumAccounts 
+*/
+static NTSTATUS lsa_EnumAccounts(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
+                                struct lsa_EnumAccounts *r)
+{
+       DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
+}
+
+
+/* 
+  lsa_CreateTrustedDomain 
+*/
+static NTSTATUS lsa_CreateTrustedDomain(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
+                                       struct lsa_CreateTrustedDomain *r)
+{
+       DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
+}
+
+
+/* 
+  lsa_EnumTrustDom 
+*/
+static NTSTATUS lsa_EnumTrustDom(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
+                      struct lsa_EnumTrustDom *r)
+{
+       DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
+}
+
+
+/* 
+  lsa_LookupNames 
+*/
+static NTSTATUS lsa_LookupNames(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
+                      struct lsa_LookupNames *r)
+{
+       DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
+}
+
+
+/* 
+  lsa_LookupSids 
+*/
+static NTSTATUS lsa_LookupSids(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
+                      struct lsa_LookupSids *r)
+{
+       DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
+}
+
+
+/* 
+  lsa_CreateSecret 
+*/
+static NTSTATUS lsa_CreateSecret(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
+                      struct lsa_CreateSecret *r)
+{
+       DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
+}
+
+
+/* 
+  lsa_OpenAccount 
+*/
+static NTSTATUS lsa_OpenAccount(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
+                      struct lsa_OpenAccount *r)
+{
+       DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
+}
+
+
+/* 
+  lsa_EnumPrivsAccount 
+*/
+static NTSTATUS lsa_EnumPrivsAccount(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
+                      struct lsa_EnumPrivsAccount *r)
+{
+       DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
+}
+
+
+/* 
+  ADDPRIVS 
+*/
+static NTSTATUS ADDPRIVS(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
+                      struct ADDPRIVS *r)
+{
+       DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
+}
+
+
+/* 
+  REMOVEPRIVS 
+*/
+static NTSTATUS REMOVEPRIVS(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
+                      struct REMOVEPRIVS *r)
+{
+       DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
+}
+
+
+/* 
+  GETQUOTAS 
+*/
+static NTSTATUS GETQUOTAS(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
+                      struct GETQUOTAS *r)
+{
+       DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
+}
+
+
+/* 
+  SETQUOTAS 
+*/
+static NTSTATUS SETQUOTAS(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
+                      struct SETQUOTAS *r)
+{
+       DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
+}
+
+
+/* 
+  GETSYSTEMACCOUNT 
+*/
+static NTSTATUS GETSYSTEMACCOUNT(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
+                      struct GETSYSTEMACCOUNT *r)
+{
+       DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
+}
+
+
+/* 
+  SETSYSTEMACCOUNT 
+*/
+static NTSTATUS SETSYSTEMACCOUNT(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
+                      struct SETSYSTEMACCOUNT *r)
+{
+       DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
+}
+
+
+/* 
+  OPENTRUSTDOM 
+*/
+static NTSTATUS OPENTRUSTDOM(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
+                      struct OPENTRUSTDOM *r)
+{
+       DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
+}
+
+
+/* 
+  QUERYTRUSTDOM 
+*/
+static NTSTATUS QUERYTRUSTDOM(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
+                      struct QUERYTRUSTDOM *r)
+{
+       DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
+}
+
+
+/* 
+  SETINFOTRUSTDOM 
+*/
+static NTSTATUS SETINFOTRUSTDOM(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
+                      struct SETINFOTRUSTDOM *r)
+{
+       DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
+}
+
+
+/* 
+  lsa_OpenSecret 
+*/
+static NTSTATUS lsa_OpenSecret(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
+                      struct lsa_OpenSecret *r)
+{
+       DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
+}
+
+
+/* 
+  lsa_SetSecret 
+*/
+static NTSTATUS lsa_SetSecret(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
+                      struct lsa_SetSecret *r)
+{
+       DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
+}
+
+
+/* 
+  lsa_QuerySecret 
+*/
+static NTSTATUS lsa_QuerySecret(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
+                      struct lsa_QuerySecret *r)
+{
+       DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
+}
+
+
+/* 
+  LOOKUPPRIVVALUE 
+*/
+static NTSTATUS LOOKUPPRIVVALUE(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
+                      struct LOOKUPPRIVVALUE *r)
+{
+       DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
+}
+
+
+/* 
+  lsa_LookupPrivName 
+*/
+static NTSTATUS lsa_LookupPrivName(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
+                      struct lsa_LookupPrivName *r)
+{
+       DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
+}
+
+
+/* 
+  PRIV_GET_DISPNAME 
+*/
+static NTSTATUS PRIV_GET_DISPNAME(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
+                      struct PRIV_GET_DISPNAME *r)
+{
+       DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
+}
+
+
+/* 
+  DELETEOBJECT 
+*/
+static NTSTATUS DELETEOBJECT(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
+                      struct DELETEOBJECT *r)
+{
+       DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
+}
+
+
+/* 
+  ENUMACCTWITHRIGHT 
+*/
+static NTSTATUS ENUMACCTWITHRIGHT(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
+                      struct ENUMACCTWITHRIGHT *r)
+{
+       DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
+}
+
+
+/* 
+  lsa_EnumAccountRights 
+*/
+static NTSTATUS lsa_EnumAccountRights(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
+                      struct lsa_EnumAccountRights *r)
+{
+       DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
+}
+
+
+/* 
+  ADDACCTRIGHTS 
+*/
+static NTSTATUS ADDACCTRIGHTS(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
+                      struct ADDACCTRIGHTS *r)
+{
+       DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
+}
+
+
+/* 
+  REMOVEACCTRIGHTS 
+*/
+static NTSTATUS REMOVEACCTRIGHTS(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
+                      struct REMOVEACCTRIGHTS *r)
+{
+       DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
+}
+
+
+/* 
+  QUERYTRUSTDOMINFO 
+*/
+static NTSTATUS QUERYTRUSTDOMINFO(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
+                      struct QUERYTRUSTDOMINFO *r)
+{
+       DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
+}
+
+
+/* 
+  SETTRUSTDOMINFO 
+*/
+static NTSTATUS SETTRUSTDOMINFO(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
+                      struct SETTRUSTDOMINFO *r)
+{
+       DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
+}
+
+
+/* 
+  DELETETRUSTDOM 
+*/
+static NTSTATUS DELETETRUSTDOM(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
+                      struct DELETETRUSTDOM *r)
+{
+       DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
+}
+
+
+/* 
+  STOREPRIVDATA 
+*/
+static NTSTATUS STOREPRIVDATA(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
+                      struct STOREPRIVDATA *r)
+{
+       DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
+}
+
+
+/* 
+  RETRPRIVDATA 
+*/
+static NTSTATUS RETRPRIVDATA(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
+                      struct RETRPRIVDATA *r)
+{
+       DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
+}
+
+
+/* 
+  lsa_OpenPolicy2 
+*/
+static NTSTATUS lsa_OpenPolicy2(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
+                      struct lsa_OpenPolicy2 *r)
+{
+       DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
+}
+
+
+/* 
+  UNK_GET_CONNUSER 
+*/
+static NTSTATUS UNK_GET_CONNUSER(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
+                      struct UNK_GET_CONNUSER *r)
+{
+       DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
+}
+
+
+/* 
+  QUERYINFO2 
+*/
+static NTSTATUS QUERYINFO2(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
+                      struct QUERYINFO2 *r)
+{
+       DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
+}
+
+
+/* include the generated boilerplate */
+#include "librpc/gen_ndr/ndr_lsa_s.c"

diff --git a/source4/rpc_server/netlogon/dcerpc_netlogon.c b/source4/rpc_server/netlogon/dcerpc_netlogon.c
index 336da6821e04a2f3920a2b2d737871adf6bd2b44..4481df6aa835e1d98c708ad7dc68e9a4fd2dae53 100644 (file)
--- a/source4/rpc_server/netlogon/dcerpc_netlogon.c
+++ b/source4/rpc_server/netlogon/dcerpc_netlogon.c
@@ -448,7 +448,7 @@ static NTSTATUS netr_ServerPasswordSet(struct dcesrv_call_state *dce_call, TALLO
   netr_LogonUasLogon 
 */
 static WERROR netr_LogonUasLogon(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
-                      struct netr_LogonUasLogon *r)
+                                struct netr_LogonUasLogon *r)
 {
        DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
 }

diff --git a/source4/rpc_server/samr/dcesrv_samr.c b/source4/rpc_server/samr/dcesrv_samr.c
index 322ef3a11cbf63c3a379f7ed375873fa1ee5239e..eba36e53fa44eba2091039c142650ab64d595406 100644 (file)
--- a/source4/rpc_server/samr/dcesrv_samr.c
+++ b/source4/rpc_server/samr/dcesrv_samr.c
@@ -364,14 +364,70 @@ static NTSTATUS samr_OpenDomain(struct dcesrv_call_state *dce_call, TALLOC_CTX *
        return NT_STATUS_OK;
 }
 
+/*
+  return DomInfo2
+*/
+static NTSTATUS samr_info_DomInfo2(struct samr_domain_state *state, TALLOC_CTX *mem_ctx,
+                                  struct samr_DomInfo2 *info)
+{
+       const char * const attrs[] = { "comment", "name", NULL };
+       int ret;
+       struct ldb_message **res;
+
+       ret = samdb_search(state->sam_ctx, mem_ctx, NULL, &res, attrs, 
+                          "dn=%s", state->domain_dn);
+       if (ret != 1) {
+               return NT_STATUS_INTERNAL_DB_CORRUPTION;
+       }
+
+       /* where is this supposed to come from? is it settable? */
+       info->force_logoff_time = 0x8000000000000000LL;
+
+       info->comment.name = samdb_result_string(res[0], "comment", NULL);
+       info->domain.name  = samdb_result_string(res[0], "name", NULL);
+
+       info->primary.name = lp_netbios_name();
+       info->sequence_num = 0;
+       info->role = ROLE_DOMAIN_PDC;
+       info->num_users = samdb_search_count(state->sam_ctx, mem_ctx, NULL, "(objectClass=user)");
+       info->num_groups = samdb_search_count(state->sam_ctx, mem_ctx, NULL,
+                                             "(&(objectClass=group)(sAMAccountType=%u))",
+                                             ATYPE_GLOBAL_GROUP);
+       info->num_aliases = samdb_search_count(state->sam_ctx, mem_ctx, NULL,
+                                              "(&(objectClass=group)(sAMAccountType=%u))",
+                                              ATYPE_LOCAL_GROUP);
+
+       return NT_STATUS_OK;
+}
 
 /* 
   samr_QueryDomainInfo 
 */
 static NTSTATUS samr_QueryDomainInfo(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
-                      struct samr_QueryDomainInfo *r)
+                                    struct samr_QueryDomainInfo *r)
 {
-       DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
+       struct dcesrv_handle *h;
+       struct samr_domain_state *d_state;
+
+       r->out.info = NULL;
+
+       DCESRV_PULL_HANDLE(h, r->in.handle, SAMR_HANDLE_DOMAIN);
+
+       d_state = h->data;
+
+       r->out.info = talloc_p(mem_ctx, union samr_DomainInfo);
+       if (!r->out.info) {
+               return NT_STATUS_NO_MEMORY;
+       }
+
+       ZERO_STRUCTP(r->out.info);
+
+       switch (r->in.level) {
+       case 2:
+               return samr_info_DomInfo2(d_state, mem_ctx, &r->out.info->info2);
+       }
+
+       return NT_STATUS_INVALID_INFO_CLASS;
 }
 
 

diff --git a/source4/rpc_server/samr/samdb.c b/source4/rpc_server/samr/samdb.c
index fd643c7bb0b69cfb3e57a1086e447db618a8d8ee..12319cf84ac7c6628e4ec767cf241517af0d839e 100644 (file)
--- a/source4/rpc_server/samr/samdb.c
+++ b/source4/rpc_server/samr/samdb.c
@@ -205,6 +205,26 @@ const char *samdb_search_string(void *ctx,
        return str;
 }
 
+/*
+  return the count of the number of records in the sam matching the query
+*/
+int samdb_search_count(void *ctx,
+                      TALLOC_CTX *mem_ctx,
+                      const char *basedn,
+                      const char *format, ...) _PRINTF_ATTRIBUTE(4,5)
+{
+       va_list ap;
+       struct ldb_message **res;
+       const char * const attrs[] = { NULL };
+       int ret;
+
+       va_start(ap, format);
+       ret = samdb_search_v(ctx, mem_ctx, basedn, &res, attrs, format, ap);
+       va_end(ap);
+
+       return ret;
+}
+
 
 /*
   search the sam for a single integer attribute in exactly 1 record

diff --git a/source4/torture/rpc/lsa.c b/source4/torture/rpc/lsa.c
index 306197dcf25af72879cedf91dbcbda26339ef59b..031070caa658a6723dd6561649fc9ce7353baf23 100644 (file)
--- a/source4/torture/rpc/lsa.c
+++ b/source4/torture/rpc/lsa.c
@@ -51,7 +51,7 @@ static BOOL test_OpenPolicy(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx)
 
        r.in.system_name = &system_name;
        r.in.attr = &attr;
-       r.in.desired_access = SEC_RIGHTS_MAXIMUM_ALLOWED;
+       r.in.access_mask = SEC_RIGHTS_MAXIMUM_ALLOWED;
        r.out.handle = &handle;
 
        status = dcerpc_lsa_OpenPolicy(p, mem_ctx, &r);
@@ -88,7 +88,7 @@ static BOOL test_OpenPolicy2(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
 
        r.in.system_name = "\\";
        r.in.attr = &attr;
-       r.in.desired_access = SEC_RIGHTS_MAXIMUM_ALLOWED;
+       r.in.access_mask = SEC_RIGHTS_MAXIMUM_ALLOWED;
        r.out.handle = handle;
 
        status = dcerpc_lsa_OpenPolicy2(p, mem_ctx, &r);
@@ -267,7 +267,7 @@ static BOOL test_CreateAccount(struct dcerpc_pipe *p,
 
        r.in.handle = handle;
        r.in.sid = newsid;
-       r.in.desired_access = SEC_RIGHTS_MAXIMUM_ALLOWED;
+       r.in.access_mask = SEC_RIGHTS_MAXIMUM_ALLOWED;
        r.out.acct_handle = &acct_handle;
 
        status = dcerpc_lsa_CreateAccount(p, mem_ctx, &r);
@@ -303,7 +303,7 @@ static BOOL test_CreateTrustedDomain(struct dcerpc_pipe *p,
 
        r.in.handle = handle;
        r.in.info = &trustinfo;
-       r.in.desired_access = SEC_RIGHTS_MAXIMUM_ALLOWED;
+       r.in.access_mask = SEC_RIGHTS_MAXIMUM_ALLOWED;
        r.out.dom_handle = &dom_handle;
 
        status = dcerpc_lsa_CreateTrustedDomain(p, mem_ctx, &r);
@@ -348,7 +348,7 @@ static BOOL test_CreateSecret(struct dcerpc_pipe *p,
        init_lsa_Name(&r.in.name, secname);
 
        r.in.handle = handle;
-       r.in.desired_access = SEC_RIGHTS_MAXIMUM_ALLOWED;
+       r.in.access_mask = SEC_RIGHTS_MAXIMUM_ALLOWED;
        r.out.sec_handle = &sec_handle;
 
        status = dcerpc_lsa_CreateSecret(p, mem_ctx, &r);
@@ -358,7 +358,7 @@ static BOOL test_CreateSecret(struct dcerpc_pipe *p,
        }
 
        r2.in.handle = handle;
-       r2.in.desired_access = SEC_RIGHTS_MAXIMUM_ALLOWED;
+       r2.in.access_mask = SEC_RIGHTS_MAXIMUM_ALLOWED;
        r2.in.name = r.in.name;
        r2.out.sec_handle = &sec_handle2;
 
@@ -501,7 +501,7 @@ static BOOL test_OpenAccount(struct dcerpc_pipe *p,
 
        r.in.handle = handle;
        r.in.sid = sid;
-       r.in.desired_access = SEC_RIGHTS_MAXIMUM_ALLOWED;
+       r.in.access_mask = SEC_RIGHTS_MAXIMUM_ALLOWED;
        r.out.acct_handle = &acct_handle;
 
        status = dcerpc_lsa_OpenAccount(p, mem_ctx, &r);

diff --git a/source4/torture/rpc/samr.c b/source4/torture/rpc/samr.c
index 9d90a8b1369d26b7ca86323cd9fec1ea94bad0ec..a1b01b533f800743285847f2d52e78e0cf9ae3c1 100644 (file)
--- a/source4/torture/rpc/samr.c
+++ b/source4/torture/rpc/samr.c
@@ -2562,7 +2562,8 @@ static BOOL test_CreateDomainGroup(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
                return True;
        }
 
-       if (NT_STATUS_EQUAL(status, NT_STATUS_GROUP_EXISTS)) {
+       if (NT_STATUS_EQUAL(status, NT_STATUS_GROUP_EXISTS) ||
+           NT_STATUS_EQUAL(status, NT_STATUS_USER_EXISTS)) {
                if (!test_DeleteGroup_byname(p, mem_ctx, domain_handle, r.in.name->name)) {
                        return False;
                }
@@ -2639,6 +2640,10 @@ static BOOL test_OpenDomain(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
                return False;
        }
 
+       if (!test_QuerySecurity(p, mem_ctx, &domain_handle)) {
+               ret = False;
+       }
+
        if (!test_RemoveMemberFromForeignDomain(p, mem_ctx, &domain_handle)) {
                ret = False;
        }
@@ -2659,10 +2664,6 @@ static BOOL test_OpenDomain(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
                ret = False;
        }
 
-       if (!test_QuerySecurity(p, mem_ctx, &domain_handle)) {
-               ret = False;
-       }
-
        if (!test_QueryDomainInfo(p, mem_ctx, &domain_handle)) {
                ret = False;
        }