c86fdf333d321b23775e5760609552985569a960
[jelmer/samba4-debian.git] / source / rpc_server / lsa / lsa_init.c
1 /* 
2    Unix SMB/CIFS implementation.
3
4    endpoint server for the lsarpc pipe
5
6    Copyright (C) Andrew Tridgell 2004
7    Copyright (C) Andrew Bartlett <abartlet@samba.org> 2004-2007
8    
9    This program is free software; you can redistribute it and/or modify
10    it under the terms of the GNU General Public License as published by
11    the Free Software Foundation; either version 3 of the License, or
12    (at your option) any later version.
13    
14    This program is distributed in the hope that it will be useful,
15    but WITHOUT ANY WARRANTY; without even the implied warranty of
16    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
17    GNU General Public License for more details.
18    
19    You should have received a copy of the GNU General Public License
20    along with this program.  If not, see <http://www.gnu.org/licenses/>.
21 */
22
23 #include "rpc_server/lsa/lsa.h"
24
25 NTSTATUS dcesrv_lsa_get_policy_state(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
26                                      struct lsa_policy_state **_state)
27 {
28         struct lsa_policy_state *state;
29         struct ldb_dn *partitions_basedn;
30         struct ldb_result *dom_res;
31         const char *dom_attrs[] = {
32                 "objectSid", 
33                 "objectGUID", 
34                 "nTMixedDomain",
35                 "fSMORoleOwner",
36                 NULL
37         };
38         struct ldb_result *ref_res;
39         struct ldb_result *forest_ref_res;
40         const char *ref_attrs[] = {
41                 "nETBIOSName",
42                 "dnsRoot",
43                 NULL
44         };
45         int ret;
46
47         state = talloc(mem_ctx, struct lsa_policy_state);
48         if (!state) {
49                 return NT_STATUS_NO_MEMORY;
50         }
51
52         /* make sure the sam database is accessible */
53         state->sam_ldb = samdb_connect(state, global_loadparm, dce_call->conn->auth_state.session_info); 
54         if (state->sam_ldb == NULL) {
55                 return NT_STATUS_INVALID_SYSTEM_SERVICE;
56         }
57
58         partitions_basedn = samdb_partitions_dn(state->sam_ldb, mem_ctx);
59
60         state->sidmap = sidmap_open(state, global_loadparm);
61         if (state->sidmap == NULL) {
62                 return NT_STATUS_INVALID_SYSTEM_SERVICE;
63         }
64
65         /* work out the domain_dn - useful for so many calls its worth
66            fetching here */
67         state->domain_dn = samdb_base_dn(state->sam_ldb);
68         if (!state->domain_dn) {
69                 return NT_STATUS_NO_MEMORY;             
70         }
71
72         /* work out the forest root_dn - useful for so many calls its worth
73            fetching here */
74         state->forest_dn = samdb_root_dn(state->sam_ldb);
75         if (!state->forest_dn) {
76                 return NT_STATUS_NO_MEMORY;             
77         }
78
79         ret = ldb_search(state->sam_ldb, state->domain_dn, LDB_SCOPE_BASE, NULL, dom_attrs, &dom_res);
80         
81         if (ret != LDB_SUCCESS) {
82                 return NT_STATUS_INVALID_SYSTEM_SERVICE;
83         }
84         talloc_steal(mem_ctx, dom_res);
85         if (dom_res->count != 1) {
86                 return NT_STATUS_NO_SUCH_DOMAIN;                
87         }
88
89         state->domain_sid = samdb_result_dom_sid(state, dom_res->msgs[0], "objectSid");
90         if (!state->domain_sid) {
91                 return NT_STATUS_NO_SUCH_DOMAIN;                
92         }
93
94         state->domain_guid = samdb_result_guid(dom_res->msgs[0], "objectGUID");
95         if (!state->domain_sid) {
96                 return NT_STATUS_NO_SUCH_DOMAIN;                
97         }
98
99         state->mixed_domain = ldb_msg_find_attr_as_uint(dom_res->msgs[0], "nTMixedDomain", 0);
100         
101         talloc_free(dom_res);
102
103         ret = ldb_search_exp_fmt(state->sam_ldb, state, &ref_res,
104                                  partitions_basedn, LDB_SCOPE_SUBTREE, ref_attrs,
105                                  "(&(objectclass=crossRef)(ncName=%s))",
106                                  ldb_dn_get_linearized(state->domain_dn));
107         
108         if (ret != LDB_SUCCESS) {
109                 talloc_free(ref_res);
110                 return NT_STATUS_INVALID_SYSTEM_SERVICE;
111         }
112         if (ref_res->count != 1) {
113                 talloc_free(ref_res);
114                 return NT_STATUS_NO_SUCH_DOMAIN;                
115         }
116
117         state->domain_name = ldb_msg_find_attr_as_string(ref_res->msgs[0], "nETBIOSName", NULL);
118         if (!state->domain_name) {
119                 talloc_free(ref_res);
120                 return NT_STATUS_NO_SUCH_DOMAIN;                
121         }
122         talloc_steal(state, state->domain_name);
123
124         state->domain_dns = ldb_msg_find_attr_as_string(ref_res->msgs[0], "dnsRoot", NULL);
125         if (!state->domain_dns) {
126                 talloc_free(ref_res);
127                 return NT_STATUS_NO_SUCH_DOMAIN;                
128         }
129         talloc_steal(state, state->domain_dns);
130
131         talloc_free(ref_res);
132
133         ret = ldb_search_exp_fmt(state->sam_ldb, state, &forest_ref_res,
134                                  partitions_basedn, LDB_SCOPE_SUBTREE, ref_attrs,
135                                  "(&(objectclass=crossRef)(ncName=%s))",
136                                  ldb_dn_get_linearized(state->forest_dn));
137         
138         if (ret != LDB_SUCCESS) {
139                 talloc_free(forest_ref_res);
140                 return NT_STATUS_INVALID_SYSTEM_SERVICE;
141         }
142         if (forest_ref_res->count != 1) {
143                 talloc_free(forest_ref_res);
144                 return NT_STATUS_NO_SUCH_DOMAIN;                
145         }
146
147         state->forest_dns = ldb_msg_find_attr_as_string(forest_ref_res->msgs[0], "dnsRoot", NULL);
148         if (!state->forest_dns) {
149                 talloc_free(forest_ref_res);
150                 return NT_STATUS_NO_SUCH_DOMAIN;                
151         }
152         talloc_steal(state, state->forest_dns);
153
154         talloc_free(forest_ref_res);
155
156         /* work out the builtin_dn - useful for so many calls its worth
157            fetching here */
158         state->builtin_dn = samdb_search_dn(state->sam_ldb, state, state->domain_dn, "(objectClass=builtinDomain)");
159         if (!state->builtin_dn) {
160                 return NT_STATUS_NO_SUCH_DOMAIN;                
161         }
162
163         /* work out the system_dn - useful for so many calls its worth
164            fetching here */
165         state->system_dn = samdb_search_dn(state->sam_ldb, state,
166                                            state->domain_dn, "(&(objectClass=container)(cn=System))");
167         if (!state->system_dn) {
168                 return NT_STATUS_NO_SUCH_DOMAIN;                
169         }
170
171         state->builtin_sid = dom_sid_parse_talloc(state, SID_BUILTIN);
172         if (!state->builtin_sid) {
173                 return NT_STATUS_NO_SUCH_DOMAIN;                
174         }
175
176         state->nt_authority_sid = dom_sid_parse_talloc(state, SID_NT_AUTHORITY);
177         if (!state->nt_authority_sid) {
178                 return NT_STATUS_NO_SUCH_DOMAIN;                
179         }
180
181         state->creator_owner_domain_sid = dom_sid_parse_talloc(state, SID_CREATOR_OWNER_DOMAIN);
182         if (!state->creator_owner_domain_sid) {
183                 return NT_STATUS_NO_SUCH_DOMAIN;                
184         }
185
186         state->world_domain_sid = dom_sid_parse_talloc(state, SID_WORLD_DOMAIN);
187         if (!state->world_domain_sid) {
188                 return NT_STATUS_NO_SUCH_DOMAIN;                
189         }
190
191         *_state = state;
192
193         return NT_STATUS_OK;
194 }
195
196 /* 
197   lsa_OpenPolicy2
198 */
199 NTSTATUS dcesrv_lsa_OpenPolicy2(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
200                                 struct lsa_OpenPolicy2 *r)
201 {
202         NTSTATUS status;
203         struct lsa_policy_state *state;
204         struct dcesrv_handle *handle;
205
206         ZERO_STRUCTP(r->out.handle);
207
208         status = dcesrv_lsa_get_policy_state(dce_call, mem_ctx, &state);
209         if (!NT_STATUS_IS_OK(status)) {
210                 return status;
211         }
212
213         handle = dcesrv_handle_new(dce_call->context, LSA_HANDLE_POLICY);
214         if (!handle) {
215                 return NT_STATUS_NO_MEMORY;
216         }
217
218         handle->data = talloc_steal(handle, state);
219
220         state->access_mask = r->in.access_mask;
221         state->handle = handle;
222         *r->out.handle = handle->wire_handle;
223
224         /* note that we have completely ignored the attr element of
225            the OpenPolicy. As far as I can tell, this is what w2k3
226            does */
227
228         return NT_STATUS_OK;
229 }
230
231 /* 
232   lsa_OpenPolicy
233   a wrapper around lsa_OpenPolicy2
234 */
235 NTSTATUS dcesrv_lsa_OpenPolicy(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
236                                 struct lsa_OpenPolicy *r)
237 {
238         struct lsa_OpenPolicy2 r2;
239
240         r2.in.system_name = NULL;
241         r2.in.attr = r->in.attr;
242         r2.in.access_mask = r->in.access_mask;
243         r2.out.handle = r->out.handle;
244
245         return dcesrv_lsa_OpenPolicy2(dce_call, mem_ctx, &r2);
246 }
247
248