2b22c46822634b717fe35244a1ba2c304b67f336
[kai/samba-autobuild/.git] / source4 / rpc_server / lsa / dcesrv_lsa.c
1 /* 
2    Unix SMB/CIFS implementation.
3
4    endpoint server for the lsarpc pipe
5
6    Copyright (C) Andrew Tridgell 2004
7    
8    This program is free software; you can redistribute it and/or modify
9    it under the terms of the GNU General Public License as published by
10    the Free Software Foundation; either version 2 of the License, or
11    (at your option) any later version.
12    
13    This program is distributed in the hope that it will be useful,
14    but WITHOUT ANY WARRANTY; without even the implied warranty of
15    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
16    GNU General Public License for more details.
17    
18    You should have received a copy of the GNU General Public License
19    along with this program; if not, write to the Free Software
20    Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
21 */
22
23 #include "includes.h"
24 #include "librpc/gen_ndr/ndr_lsa.h"
25 #include "librpc/gen_ndr/ndr_samr.h"
26 #include "rpc_server/dcerpc_server.h"
27 #include "rpc_server/common/common.h"
28 #include "lib/ldb/include/ldb.h"
29 #include "auth/auth.h"
30
31 /*
32   this type allows us to distinguish handle types
33 */
34 enum lsa_handle {
35         LSA_HANDLE_POLICY,
36         LSA_HANDLE_ACCOUNT,
37         LSA_HANDLE_SECRET
38 };
39
40 /*
41   state associated with a lsa_OpenPolicy() operation
42 */
43 struct lsa_policy_state {
44         struct dcesrv_handle *handle;
45         void *sam_ctx;
46         struct sidmap_context *sidmap;
47         uint32_t access_mask;
48         const char *domain_dn;
49         const char *builtin_dn;
50         const char *domain_name;
51         struct dom_sid *domain_sid;
52         struct dom_sid *builtin_sid;
53 };
54
55
56 /*
57   state associated with a lsa_OpenAccount() operation
58 */
59 struct lsa_account_state {
60         struct lsa_policy_state *policy;
61         uint32_t access_mask;
62         struct dom_sid *account_sid;
63         const char *account_sid_str;
64         const char *account_dn;
65 };
66
67
68 /*
69   destroy an open policy. This closes the database connection
70 */
71 static void lsa_Policy_destroy(struct dcesrv_connection *conn, struct dcesrv_handle *h)
72 {
73         struct lsa_policy_state *state = h->data;
74         talloc_free(state);
75 }
76
77 /*
78   destroy an open account.
79 */
80 static void lsa_Account_destroy(struct dcesrv_connection *conn, struct dcesrv_handle *h)
81 {
82         struct lsa_account_state *astate = h->data;
83         talloc_free(astate);
84 }
85
86 /* 
87   lsa_Close 
88 */
89 static NTSTATUS lsa_Close(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
90                           struct lsa_Close *r)
91 {
92         struct dcesrv_handle *h;
93
94         *r->out.handle = *r->in.handle;
95
96         DCESRV_PULL_HANDLE(h, r->in.handle, DCESRV_HANDLE_ANY);
97
98         /* this causes the callback samr_XXX_destroy() to be called by
99            the handle destroy code which destroys the state associated
100            with the handle */
101         dcesrv_handle_destroy(dce_call->conn, h);
102
103         ZERO_STRUCTP(r->out.handle);
104
105         return NT_STATUS_OK;
106 }
107
108
109 /* 
110   lsa_Delete 
111 */
112 static NTSTATUS lsa_Delete(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
113                            struct lsa_Delete *r)
114 {
115         DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
116 }
117
118
119 /* 
120   lsa_EnumPrivs 
121 */
122 static NTSTATUS lsa_EnumPrivs(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
123                               struct lsa_EnumPrivs *r)
124 {
125         struct dcesrv_handle *h;
126         struct lsa_policy_state *state;
127         int i;
128         const char *privname;
129
130         DCESRV_PULL_HANDLE(h, r->in.handle, LSA_HANDLE_POLICY);
131
132         state = h->data;
133
134         i = *r->in.resume_handle;
135         if (i == 0) i = 1;
136
137         while ((privname = sec_privilege_name(i)) &&
138                r->out.privs->count < r->in.max_count) {
139                 struct lsa_PrivEntry *e;
140
141                 r->out.privs->privs = talloc_realloc_p(r->out.privs,
142                                                        r->out.privs->privs, 
143                                                        struct lsa_PrivEntry, 
144                                                        r->out.privs->count+1);
145                 if (r->out.privs->privs == NULL) {
146                         return NT_STATUS_NO_MEMORY;
147                 }
148                 e = &r->out.privs->privs[r->out.privs->count];
149                 e->luid.low = i;
150                 e->luid.high = 0;
151                 e->name.string = privname;
152                 r->out.privs->count++;
153                 i++;
154         }
155
156         *r->out.resume_handle = i;
157
158         return NT_STATUS_OK;
159 }
160
161
162 /* 
163   lsa_QuerySecObj 
164 */
165 static NTSTATUS lsa_QuerySecurity(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
166                                   struct lsa_QuerySecurity *r)
167 {
168         DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
169 }
170
171
172 /* 
173   lsa_SetSecObj 
174 */
175 static NTSTATUS lsa_SetSecObj(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
176                               struct lsa_SetSecObj *r)
177 {
178         DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
179 }
180
181
182 /* 
183   lsa_ChangePassword 
184 */
185 static NTSTATUS lsa_ChangePassword(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
186                                    struct lsa_ChangePassword *r)
187 {
188         DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
189 }
190
191 static NTSTATUS lsa_get_policy_state(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
192                                      struct lsa_policy_state **_state)
193 {
194         struct lsa_policy_state *state;
195         const char *sid_str;
196
197         state = talloc_p(mem_ctx, struct lsa_policy_state);
198         if (!state) {
199                 return NT_STATUS_NO_MEMORY;
200         }
201
202         /* make sure the sam database is accessible */
203         state->sam_ctx = samdb_connect(state);
204         if (state->sam_ctx == NULL) {
205                 talloc_free(state);
206                 return NT_STATUS_INVALID_SYSTEM_SERVICE;
207         }
208
209         state->sidmap = sidmap_open(state);
210         if (state->sidmap == NULL) {
211                 talloc_free(state);
212                 return NT_STATUS_INVALID_SYSTEM_SERVICE;
213         }
214
215         /* work out the domain_dn - useful for so many calls its worth
216            fetching here */
217         state->domain_dn = samdb_search_string(state->sam_ctx, state, NULL,
218                                                "dn", "(&(objectClass=domain)(!(objectclass=builtinDomain)))");
219         if (!state->domain_dn) {
220                 talloc_free(state);
221                 return NT_STATUS_NO_SUCH_DOMAIN;                
222         }
223
224         /* work out the builtin_dn - useful for so many calls its worth
225            fetching here */
226         state->builtin_dn = samdb_search_string(state->sam_ctx, state, NULL,
227                                                 "dn", "objectClass=builtinDomain");
228         if (!state->builtin_dn) {
229                 talloc_free(state);
230                 return NT_STATUS_NO_SUCH_DOMAIN;                
231         }
232
233         sid_str = samdb_search_string(state->sam_ctx, state, NULL,
234                                       "objectSid", "dn=%s", state->domain_dn);
235         if (!sid_str) {
236                 talloc_free(state);
237                 return NT_STATUS_NO_SUCH_DOMAIN;                
238         }
239
240         state->domain_sid = dom_sid_parse_talloc(state, sid_str);
241         if (!state->domain_sid) {
242                 talloc_free(state);
243                 return NT_STATUS_NO_SUCH_DOMAIN;                
244         }
245
246         state->builtin_sid = dom_sid_parse_talloc(state, SID_BUILTIN);
247         if (!state->builtin_sid) {
248                 talloc_free(state);
249                 return NT_STATUS_NO_SUCH_DOMAIN;                
250         }
251
252         state->domain_name = samdb_search_string(state->sam_ctx, state, NULL,
253                                                  "name", "dn=%s", state->domain_dn);
254         if (!state->domain_name) {
255                 talloc_free(state);
256                 return NT_STATUS_NO_SUCH_DOMAIN;                
257         }
258
259         *_state = state;
260
261         return NT_STATUS_OK;
262 }
263
264 /* 
265   lsa_OpenPolicy2
266 */
267 static NTSTATUS lsa_OpenPolicy2(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
268                                struct lsa_OpenPolicy2 *r)
269 {
270         NTSTATUS status;
271         struct lsa_policy_state *state;
272         struct dcesrv_handle *handle;
273
274         ZERO_STRUCTP(r->out.handle);
275
276         status = lsa_get_policy_state(dce_call, mem_ctx, &state);
277         if (!NT_STATUS_IS_OK(status)) {
278                 return status;
279         }
280
281         handle = dcesrv_handle_new(dce_call->conn, LSA_HANDLE_POLICY);
282         if (!handle) {
283                 return NT_STATUS_NO_MEMORY;
284         }
285
286         handle->data = talloc_reference(handle, state);
287         handle->destroy = lsa_Policy_destroy;
288
289         state->access_mask = r->in.access_mask;
290         state->handle = handle;
291         *r->out.handle = handle->wire_handle;
292
293         /* note that we have completely ignored the attr element of
294            the OpenPolicy. As far as I can tell, this is what w2k3
295            does */
296
297         return NT_STATUS_OK;
298 }
299
300 /* 
301   lsa_OpenPolicy
302   a wrapper around lsa_OpenPolicy2
303 */
304 static NTSTATUS lsa_OpenPolicy(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
305                                 struct lsa_OpenPolicy *r)
306 {
307         struct lsa_OpenPolicy2 r2;
308
309         r2.in.system_name = NULL;
310         r2.in.attr = r->in.attr;
311         r2.in.access_mask = r->in.access_mask;
312         r2.out.handle = r->out.handle;
313
314         return lsa_OpenPolicy2(dce_call, mem_ctx, &r2);
315 }
316
317
318
319
320 /*
321   fill in the AccountDomain info
322 */
323 static NTSTATUS lsa_info_AccountDomain(struct lsa_policy_state *state, TALLOC_CTX *mem_ctx,
324                                        struct lsa_DomainInfo *info)
325 {
326         const char * const attrs[] = { "objectSid", "name", NULL};
327         int ret;
328         struct ldb_message **res;
329
330         ret = samdb_search(state->sam_ctx, mem_ctx, NULL, &res, attrs, 
331                            "dn=%s", state->domain_dn);
332         if (ret != 1) {
333                 return NT_STATUS_INTERNAL_DB_CORRUPTION;
334         }
335
336         info->name.string = samdb_result_string(res[0], "name", NULL);
337         info->sid         = samdb_result_dom_sid(mem_ctx, res[0], "objectSid");
338
339         return NT_STATUS_OK;
340 }
341
342 /*
343   fill in the DNS domain info
344 */
345 static NTSTATUS lsa_info_DNS(struct lsa_policy_state *state, TALLOC_CTX *mem_ctx,
346                              struct lsa_DnsDomainInfo *info)
347 {
348         const char * const attrs[] = { "name", "dnsDomain", "objectGUID", "objectSid", NULL };
349         int ret;
350         struct ldb_message **res;
351
352         ret = samdb_search(state->sam_ctx, mem_ctx, NULL, &res, attrs, 
353                            "dn=%s", state->domain_dn);
354         if (ret != 1) {
355                 return NT_STATUS_INTERNAL_DB_CORRUPTION;
356         }
357
358         info->name.string       = samdb_result_string(res[0],           "name", NULL);
359         info->dns_domain.string = samdb_result_string(res[0],           "dnsDomain", NULL);
360         info->dns_forest.string = samdb_result_string(res[0],           "dnsDomain", NULL);
361         info->domain_guid       = samdb_result_guid(res[0],             "objectGUID");
362         info->sid               = samdb_result_dom_sid(mem_ctx, res[0], "objectSid");
363
364         return NT_STATUS_OK;
365 }
366
367 /* 
368   lsa_QueryInfoPolicy2
369 */
370 static NTSTATUS lsa_QueryInfoPolicy2(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
371                                      struct lsa_QueryInfoPolicy2 *r)
372 {
373         struct lsa_policy_state *state;
374         struct dcesrv_handle *h;
375
376         r->out.info = NULL;
377
378         DCESRV_PULL_HANDLE(h, r->in.handle, LSA_HANDLE_POLICY);
379
380         state = h->data;
381
382         r->out.info = talloc_p(mem_ctx, union lsa_PolicyInformation);
383         if (!r->out.info) {
384                 return NT_STATUS_NO_MEMORY;
385         }
386
387         ZERO_STRUCTP(r->out.info);
388
389         switch (r->in.level) {
390         case LSA_POLICY_INFO_DOMAIN:
391         case LSA_POLICY_INFO_ACCOUNT_DOMAIN:
392                 return lsa_info_AccountDomain(state, mem_ctx, &r->out.info->account_domain);
393
394         case LSA_POLICY_INFO_DNS:
395                 return lsa_info_DNS(state, mem_ctx, &r->out.info->dns);
396         }
397
398         return NT_STATUS_INVALID_INFO_CLASS;
399 }
400
401 /* 
402   lsa_QueryInfoPolicy 
403 */
404 static NTSTATUS lsa_QueryInfoPolicy(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
405                                     struct lsa_QueryInfoPolicy *r)
406 {
407         struct lsa_QueryInfoPolicy2 r2;
408         NTSTATUS status;
409
410         r2.in.handle = r->in.handle;
411         r2.in.level = r->in.level;
412         
413         status = lsa_QueryInfoPolicy2(dce_call, mem_ctx, &r2);
414
415         r->out.info = r2.out.info;
416
417         return status;
418 }
419
420 /* 
421   lsa_SetInfoPolicy 
422 */
423 static NTSTATUS lsa_SetInfoPolicy(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
424                                   struct lsa_SetInfoPolicy *r)
425 {
426         DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
427 }
428
429
430 /* 
431   lsa_ClearAuditLog 
432 */
433 static NTSTATUS lsa_ClearAuditLog(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
434                                   struct lsa_ClearAuditLog *r)
435 {
436         DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
437 }
438
439
440 /* 
441   lsa_CreateAccount 
442 */
443 static NTSTATUS lsa_CreateAccount(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
444                                   struct lsa_CreateAccount *r)
445 {
446         DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
447 }
448
449
450 /* 
451   lsa_EnumAccounts 
452 */
453 static NTSTATUS lsa_EnumAccounts(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
454                                  struct lsa_EnumAccounts *r)
455 {
456         struct dcesrv_handle *h;
457         struct lsa_policy_state *state;
458         int ret, i;
459         struct ldb_message **res;
460         const char * const attrs[] = { "objectSid", NULL};
461         uint32_t count;
462
463         DCESRV_PULL_HANDLE(h, r->in.handle, LSA_HANDLE_POLICY);
464
465         state = h->data;
466
467         ret = samdb_search(state->sam_ctx, mem_ctx, state->builtin_dn, &res, attrs, "objectClass=group");
468         if (ret <= 0) {
469                 return NT_STATUS_NO_SUCH_USER;
470         }
471
472         if (*r->in.resume_handle >= ret) {
473                 return NT_STATUS_NO_MORE_ENTRIES;
474         }
475
476         count = ret - *r->in.resume_handle;
477         if (count > r->in.num_entries) {
478                 count = r->in.num_entries;
479         }
480
481         if (count == 0) {
482                 return NT_STATUS_NO_MORE_ENTRIES;
483         }
484
485         r->out.sids->sids = talloc_array_p(r->out.sids, struct lsa_SidPtr, count);
486         if (r->out.sids->sids == NULL) {
487                 return NT_STATUS_NO_MEMORY;
488         }
489
490         for (i=0;i<count;i++) {
491                 const char *sidstr;
492
493                 sidstr = samdb_result_string(res[i + *r->in.resume_handle], "objectSid", NULL);
494                 if (sidstr == NULL) {
495                         return NT_STATUS_NO_MEMORY;
496                 }
497                 r->out.sids->sids[i].sid = dom_sid_parse_talloc(r->out.sids->sids, sidstr);
498                 if (r->out.sids->sids[i].sid == NULL) {
499                         return NT_STATUS_NO_MEMORY;
500                 }
501         }
502
503         r->out.sids->num_sids = count;
504         *r->out.resume_handle = count + *r->in.resume_handle;
505
506         return NT_STATUS_OK;
507         
508 }
509
510
511 /* 
512   lsa_CreateTrustedDomain 
513 */
514 static NTSTATUS lsa_CreateTrustedDomain(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
515                                         struct lsa_CreateTrustedDomain *r)
516 {
517         DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
518 }
519
520
521 /* 
522   lsa_EnumTrustDom 
523 */
524 static NTSTATUS lsa_EnumTrustDom(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
525                        struct lsa_EnumTrustDom *r)
526 {
527         DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
528 }
529
530
531 /*
532   return the authority name and authority sid, given a sid
533 */
534 static NTSTATUS lsa_authority_name(struct lsa_policy_state *state,
535                                    TALLOC_CTX *mem_ctx, struct dom_sid *sid,
536                                    const char **authority_name,
537                                    struct dom_sid **authority_sid)
538 {
539         if (dom_sid_in_domain(state->domain_sid, sid)) {
540                 *authority_name = state->domain_name;
541                 *authority_sid = state->domain_sid;
542                 return NT_STATUS_OK;
543         }
544
545         if (dom_sid_in_domain(state->builtin_sid, sid)) {
546                 *authority_name = "BUILTIN";
547                 *authority_sid = state->builtin_sid;
548                 return NT_STATUS_OK;
549         }
550
551         *authority_sid = dom_sid_dup(mem_ctx, sid);
552         if (*authority_sid == NULL) {
553                 return NT_STATUS_NO_MEMORY;
554         }
555         (*authority_sid)->num_auths = 0;
556         *authority_name = dom_sid_string(mem_ctx, *authority_sid);
557         if (*authority_name == NULL) {
558                 return NT_STATUS_NO_MEMORY;
559         }
560
561         return NT_STATUS_OK;
562 }
563
564 /*
565   add to the lsa_RefDomainList for LookupSids and LookupNames
566 */
567 static NTSTATUS lsa_authority_list(struct lsa_policy_state *state, TALLOC_CTX *mem_ctx, 
568                                    struct dom_sid *sid, 
569                                    struct lsa_RefDomainList *domains,
570                                    uint32_t *sid_index)
571 {
572         NTSTATUS status;
573         const char *authority_name;
574         struct dom_sid *authority_sid;
575         int i;
576
577         /* work out the authority name */
578         status = lsa_authority_name(state, mem_ctx, sid, 
579                                     &authority_name, &authority_sid);
580         if (!NT_STATUS_IS_OK(status)) {
581                 return status;
582         }
583         
584         /* see if we've already done this authority name */
585         for (i=0;i<domains->count;i++) {
586                 if (strcmp(authority_name, domains->domains[i].name.string) == 0) {
587                         *sid_index = i;
588                         return NT_STATUS_OK;
589                 }
590         }
591
592         domains->domains = talloc_realloc_p(domains, 
593                                             domains->domains,
594                                             struct lsa_TrustInformation,
595                                             domains->count+1);
596         if (domains->domains == NULL) {
597                 return NT_STATUS_NO_MEMORY;
598         }
599         domains->domains[i].name.string = authority_name;
600         domains->domains[i].sid         = authority_sid;
601         domains->count++;
602         *sid_index = i;
603         
604         return NT_STATUS_OK;
605 }
606
607 /*
608   lookup a name for 1 SID
609 */
610 static NTSTATUS lsa_lookup_sid(struct lsa_policy_state *state, TALLOC_CTX *mem_ctx,
611                                struct dom_sid *sid, const char *sid_str,
612                                const char **name, uint32_t *atype)
613 {
614         int ret;
615         struct ldb_message **res;
616         const char * const attrs[] = { "sAMAccountName", "sAMAccountType", "name", NULL};
617         NTSTATUS status;
618
619         ret = samdb_search(state->sam_ctx, mem_ctx, NULL, &res, attrs, 
620                            "objectSid=%s", sid_str);
621         if (ret == 1) {
622                 *name = ldb_msg_find_string(res[0], "sAMAccountName", NULL);
623                 if (!*name) {
624                         *name = ldb_msg_find_string(res[0], "name", NULL);
625                         if (!*name) {
626                                 *name = talloc_strdup(mem_ctx, sid_str);
627                                 NTSTATUS_TALLOC_CHECK(*name);
628                         }
629                 }
630
631                 *atype = samdb_result_uint(res[0], "sAMAccountType", 0);
632
633                 return NT_STATUS_OK;
634         }
635
636         status = sidmap_allocated_sid_lookup(state->sidmap, mem_ctx, sid, name, atype);
637
638         return status;
639 }
640
641
642 /*
643   lsa_LookupSids2
644 */
645 static NTSTATUS lsa_LookupSids2(struct dcesrv_call_state *dce_call,
646                                 TALLOC_CTX *mem_ctx,
647                                 struct lsa_LookupSids2 *r)
648 {
649         struct lsa_policy_state *state;
650         struct dcesrv_handle *h;
651         int i;
652         NTSTATUS status = NT_STATUS_OK;
653
654         r->out.domains = NULL;
655
656         DCESRV_PULL_HANDLE(h, r->in.handle, LSA_HANDLE_POLICY);
657
658         state = h->data;
659
660         r->out.domains = talloc_zero_p(mem_ctx,  struct lsa_RefDomainList);
661         if (r->out.domains == NULL) {
662                 return NT_STATUS_NO_MEMORY;
663         }
664
665         r->out.names = talloc_zero_p(mem_ctx,  struct lsa_TransNameArray2);
666         if (r->out.names == NULL) {
667                 return NT_STATUS_NO_MEMORY;
668         }
669
670         *r->out.count = 0;
671
672         r->out.names->names = talloc_array_p(r->out.names, struct lsa_TranslatedName2, 
673                                              r->in.sids->num_sids);
674         if (r->out.names->names == NULL) {
675                 return NT_STATUS_NO_MEMORY;
676         }
677
678         for (i=0;i<r->in.sids->num_sids;i++) {
679                 struct dom_sid *sid = r->in.sids->sids[i].sid;
680                 char *sid_str = dom_sid_string(mem_ctx, sid);
681                 const char *name;
682                 uint32_t atype, rtype, sid_index;
683                 NTSTATUS status2;
684
685                 r->out.names->count++;
686                 (*r->out.count)++;
687
688                 r->out.names->names[i].sid_type    = SID_NAME_UNKNOWN;
689                 r->out.names->names[i].name.string = sid_str;
690                 r->out.names->names[i].sid_index   = 0xFFFFFFFF;
691                 r->out.names->names[i].unknown     = 0;
692
693                 if (sid_str == NULL) {
694                         r->out.names->names[i].name.string = "(SIDERROR)";
695                         status = STATUS_SOME_UNMAPPED;
696                         continue;
697                 }
698
699                 /* work out the authority name */
700                 status2 = lsa_authority_list(state, mem_ctx, sid, r->out.domains, &sid_index);
701                 if (!NT_STATUS_IS_OK(status2)) {
702                         return status2;
703                 }
704
705                 status2 = lsa_lookup_sid(state, mem_ctx, sid, sid_str, 
706                                          &name, &atype);
707                 if (!NT_STATUS_IS_OK(status2)) {
708                         status = STATUS_SOME_UNMAPPED;
709                         continue;
710                 }
711
712                 rtype = samdb_atype_map(atype);
713                 if (rtype == SID_NAME_UNKNOWN) {
714                         status = STATUS_SOME_UNMAPPED;
715                         continue;
716                 }
717
718                 r->out.names->names[i].sid_type    = rtype;
719                 r->out.names->names[i].name.string = name;
720                 r->out.names->names[i].sid_index   = sid_index;
721                 r->out.names->names[i].unknown     = 0;
722         }
723         
724         return status;
725 }
726
727
728 /* 
729   lsa_LookupSids 
730 */
731 static NTSTATUS lsa_LookupSids(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
732                                struct lsa_LookupSids *r)
733 {
734         struct lsa_LookupSids2 r2;
735         NTSTATUS status;
736         int i;
737
738         r2.in.handle   = r->in.handle;
739         r2.in.sids     = r->in.sids;
740         r2.in.names    = NULL;
741         r2.in.level    = r->in.level;
742         r2.in.count    = r->in.count;
743         r2.in.unknown1 = 0;
744         r2.in.unknown2 = 0;
745         r2.out.count   = r->out.count;
746
747         status = lsa_LookupSids2(dce_call, mem_ctx, &r2);
748         if (dce_call->fault_code != 0) {
749                 return status;
750         }
751
752         r->out.domains = r2.out.domains;
753         r->out.names = talloc_p(mem_ctx, struct lsa_TransNameArray);
754         if (r->out.names == NULL) {
755                 return NT_STATUS_NO_MEMORY;
756         }
757         r->out.names->count = r2.out.names->count;
758         r->out.names->names = talloc_array_p(r->out.names, struct lsa_TranslatedName, 
759                                              r->out.names->count);
760         if (r->out.names->names == NULL) {
761                 return NT_STATUS_NO_MEMORY;
762         }
763         for (i=0;i<r->out.names->count;i++) {
764                 r->out.names->names[i].sid_type    = r2.out.names->names[i].sid_type;
765                 r->out.names->names[i].name.string = r2.out.names->names[i].name.string;
766                 r->out.names->names[i].sid_index   = r2.out.names->names[i].sid_index;
767         }
768
769         return status;
770 }
771
772
773 /* 
774   lsa_CreateSecret 
775 */
776 static NTSTATUS lsa_CreateSecret(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
777                        struct lsa_CreateSecret *r)
778 {
779         DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
780 }
781
782
783 /* 
784   lsa_OpenAccount 
785 */
786 static NTSTATUS lsa_OpenAccount(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
787                                 struct lsa_OpenAccount *r)
788 {
789         struct dcesrv_handle *h, *ah;
790         struct lsa_policy_state *state;
791         struct lsa_account_state *astate;
792
793         ZERO_STRUCTP(r->out.acct_handle);
794
795         DCESRV_PULL_HANDLE(h, r->in.handle, LSA_HANDLE_POLICY);
796
797         state = h->data;
798
799         astate = talloc_p(dce_call->conn, struct lsa_account_state);
800         if (astate == NULL) {
801                 return NT_STATUS_NO_MEMORY;
802         }
803
804         astate->account_sid = dom_sid_dup(astate, r->in.sid);
805         if (astate->account_sid == NULL) {
806                 talloc_free(astate);
807                 return NT_STATUS_NO_MEMORY;
808         }
809         
810         astate->account_sid_str = dom_sid_string(astate, astate->account_sid);
811         if (astate->account_sid_str == NULL) {
812                 talloc_free(astate);
813                 return NT_STATUS_NO_MEMORY;
814         }
815
816         /* check it really exists */
817         astate->account_dn = samdb_search_string(state->sam_ctx, astate,
818                                                  NULL, "dn", 
819                                                  "(&(objectSid=%s)(objectClass=group))", 
820                                                  astate->account_sid_str);
821         if (astate->account_dn == NULL) {
822                 talloc_free(astate);
823                 return NT_STATUS_NO_SUCH_USER;
824         }
825         
826         astate->policy = talloc_reference(astate, state);
827         astate->access_mask = r->in.access_mask;
828
829         ah = dcesrv_handle_new(dce_call->conn, LSA_HANDLE_ACCOUNT);
830         if (!ah) {
831                 talloc_free(astate);
832                 return NT_STATUS_NO_MEMORY;
833         }
834
835         ah->data = astate;
836         ah->destroy = lsa_Account_destroy;
837
838         *r->out.acct_handle = ah->wire_handle;
839
840         return NT_STATUS_OK;
841 }
842
843
844 /* 
845   lsa_EnumPrivsAccount 
846 */
847 static NTSTATUS lsa_EnumPrivsAccount(struct dcesrv_call_state *dce_call, 
848                                      TALLOC_CTX *mem_ctx,
849                                      struct lsa_EnumPrivsAccount *r)
850 {
851         struct dcesrv_handle *h;
852         struct lsa_account_state *astate;
853         int ret, i;
854         struct ldb_message **res;
855         const char * const attrs[] = { "privilege", NULL};
856         struct ldb_message_element *el;
857
858         DCESRV_PULL_HANDLE(h, r->in.handle, LSA_HANDLE_ACCOUNT);
859
860         astate = h->data;
861
862         r->out.privs = talloc_p(mem_ctx, struct lsa_PrivilegeSet);
863         r->out.privs->count = 0;
864         r->out.privs->unknown = 0;
865         r->out.privs->set = NULL;
866
867         ret = samdb_search(astate->policy->sam_ctx, mem_ctx, NULL, &res, attrs, 
868                            "dn=%s", astate->account_dn);
869         if (ret != 1) {
870                 return NT_STATUS_OK;
871         }
872
873         el = ldb_msg_find_element(res[0], "privilege");
874         if (el == NULL || el->num_values == 0) {
875                 return NT_STATUS_OK;
876         }
877
878         r->out.privs->set = talloc_array_p(r->out.privs, 
879                                            struct lsa_LUIDAttribute, el->num_values);
880         if (r->out.privs->set == NULL) {
881                 return NT_STATUS_NO_MEMORY;
882         }
883
884         for (i=0;i<el->num_values;i++) {
885                 int id = sec_privilege_id(el->values[i].data);
886                 if (id == -1) {
887                         return NT_STATUS_INTERNAL_DB_CORRUPTION;
888                 }
889                 r->out.privs->set[i].attribute = 0;
890                 r->out.privs->set[i].luid.low = id;
891                 r->out.privs->set[i].luid.high = 0;
892         }
893
894         r->out.privs->count = el->num_values;
895
896         return NT_STATUS_OK;
897 }
898
899 /* 
900   lsa_EnumAccountRights 
901 */
902 static NTSTATUS lsa_EnumAccountRights(struct dcesrv_call_state *dce_call, 
903                                       TALLOC_CTX *mem_ctx,
904                                       struct lsa_EnumAccountRights *r)
905 {
906         struct dcesrv_handle *h;
907         struct lsa_policy_state *state;
908         int ret, i;
909         struct ldb_message **res;
910         const char * const attrs[] = { "privilege", NULL};
911         const char *sidstr;
912         struct ldb_message_element *el;
913
914         DCESRV_PULL_HANDLE(h, r->in.handle, LSA_HANDLE_POLICY);
915
916         state = h->data;
917
918         sidstr = dom_sid_string(mem_ctx, r->in.sid);
919         if (sidstr == NULL) {
920                 return NT_STATUS_NO_MEMORY;
921         }
922
923         ret = samdb_search(state->sam_ctx, mem_ctx, NULL, &res, attrs, 
924                            "objectSid=%s", sidstr);
925         if (ret != 1) {
926                 return NT_STATUS_OBJECT_NAME_NOT_FOUND;
927         }
928
929         el = ldb_msg_find_element(res[0], "privilege");
930         if (el == NULL || el->num_values == 0) {
931                 return NT_STATUS_OBJECT_NAME_NOT_FOUND;
932         }
933
934         r->out.rights->count = el->num_values;
935         r->out.rights->names = talloc_array_p(r->out.rights, 
936                                               struct lsa_String, r->out.rights->count);
937         if (r->out.rights->names == NULL) {
938                 return NT_STATUS_NO_MEMORY;
939         }
940
941         for (i=0;i<el->num_values;i++) {
942                 r->out.rights->names[i].string = el->values[i].data;
943         }
944
945         return NT_STATUS_OK;
946 }
947
948
949
950 /* 
951   helper for lsa_AddAccountRights and lsa_RemoveAccountRights
952 */
953 static NTSTATUS lsa_AddRemoveAccountRights(struct dcesrv_call_state *dce_call, 
954                                            TALLOC_CTX *mem_ctx,
955                                            struct lsa_policy_state *state,
956                                            int ldb_flag,
957                                            struct dom_sid *sid,
958                                            const struct lsa_RightSet *rights)
959 {
960         const char *sidstr;
961         struct ldb_message msg;
962         struct ldb_message_element el;
963         int i, ret;
964         const char *dn;
965         struct lsa_EnumAccountRights r2;
966
967         sidstr = dom_sid_string(mem_ctx, sid);
968         if (sidstr == NULL) {
969                 return NT_STATUS_NO_MEMORY;
970         }
971
972         dn = samdb_search_string(state->sam_ctx, mem_ctx, NULL, "dn", 
973                                  "objectSid=%s", sidstr);
974         if (dn == NULL) {
975                 return NT_STATUS_NO_SUCH_USER;
976         }
977
978         msg.dn = talloc_strdup(mem_ctx, dn);
979         if (msg.dn == NULL) {
980                 return NT_STATUS_NO_MEMORY;
981         }
982         msg.num_elements = 1;
983         msg.elements = &el;
984         el.flags = ldb_flag;
985         el.name = talloc_strdup(mem_ctx, "privilege");
986         if (el.name == NULL) {
987                 return NT_STATUS_NO_MEMORY;
988         }
989
990         if (ldb_flag == LDB_FLAG_MOD_ADD) {
991                 NTSTATUS status;
992
993                 r2.in.handle = &state->handle->wire_handle;
994                 r2.in.sid = sid;
995                 r2.out.rights = talloc_p(mem_ctx, struct lsa_RightSet);
996
997                 status = lsa_EnumAccountRights(dce_call, mem_ctx, &r2);
998                 if (!NT_STATUS_IS_OK(status)) {
999                         ZERO_STRUCTP(r2.out.rights);
1000                 }
1001         }
1002
1003         el.num_values = 0;
1004         el.values = talloc_array_p(mem_ctx, struct ldb_val, rights->count);
1005         if (el.values == NULL) {
1006                 return NT_STATUS_NO_MEMORY;
1007         }
1008         for (i=0;i<rights->count;i++) {
1009                 if (sec_privilege_id(rights->names[i].string) == -1) {
1010                         return NT_STATUS_NO_SUCH_PRIVILEGE;
1011                 }
1012
1013                 if (ldb_flag == LDB_FLAG_MOD_ADD) {
1014                         int j;
1015                         for (j=0;j<r2.out.rights->count;j++) {
1016                                 if (StrCaseCmp(r2.out.rights->names[j].string, 
1017                                                rights->names[i].string) == 0) {
1018                                         break;
1019                                 }
1020                         }
1021                         if (j != r2.out.rights->count) continue;
1022                 }
1023
1024
1025                 el.values[el.num_values].length = strlen(rights->names[i].string);
1026                 el.values[el.num_values].data = talloc_strdup(mem_ctx, rights->names[i].string);
1027                 if (el.values[el.num_values].data == NULL) {
1028                         return NT_STATUS_NO_MEMORY;
1029                 }
1030                 el.num_values++;
1031         }
1032
1033         if (el.num_values == 0) {
1034                 return NT_STATUS_OK;
1035         }
1036
1037         ret = samdb_modify(state->sam_ctx, mem_ctx, &msg);
1038         if (ret != 0) {
1039                 if (ldb_flag == LDB_FLAG_MOD_DELETE) {
1040                         return NT_STATUS_OBJECT_NAME_NOT_FOUND;
1041                 }
1042                 return NT_STATUS_UNEXPECTED_IO_ERROR;
1043         }
1044
1045         return NT_STATUS_OK;
1046 }
1047
1048 /* 
1049   lsa_AddPrivilegesToAccount
1050 */
1051 static NTSTATUS lsa_AddPrivilegesToAccount(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
1052                                            struct lsa_AddPrivilegesToAccount *r)
1053 {
1054         struct lsa_RightSet rights;
1055         struct dcesrv_handle *h;
1056         struct lsa_account_state *astate;
1057         int i;
1058
1059         DCESRV_PULL_HANDLE(h, r->in.handle, LSA_HANDLE_ACCOUNT);
1060
1061         astate = h->data;
1062
1063         rights.count = r->in.privs->count;
1064         rights.names = talloc_array_p(mem_ctx, struct lsa_String, rights.count);
1065         if (rights.names == NULL) {
1066                 return NT_STATUS_NO_MEMORY;
1067         }
1068         for (i=0;i<rights.count;i++) {
1069                 int id = r->in.privs->set[i].luid.low;
1070                 if (r->in.privs->set[i].luid.high) {
1071                         return NT_STATUS_NO_SUCH_PRIVILEGE;
1072                 }
1073                 rights.names[i].string = sec_privilege_name(id);
1074                 if (rights.names[i].string == NULL) {
1075                         return NT_STATUS_NO_SUCH_PRIVILEGE;
1076                 }
1077         }
1078
1079         return lsa_AddRemoveAccountRights(dce_call, mem_ctx, astate->policy, 
1080                                           LDB_FLAG_MOD_ADD, astate->account_sid,
1081                                           &rights);
1082 }
1083
1084
1085 /* 
1086   lsa_RemovePrivilegesFromAccount
1087 */
1088 static NTSTATUS lsa_RemovePrivilegesFromAccount(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
1089                                                 struct lsa_RemovePrivilegesFromAccount *r)
1090 {
1091         struct lsa_RightSet *rights;
1092         struct dcesrv_handle *h;
1093         struct lsa_account_state *astate;
1094         int i;
1095
1096         DCESRV_PULL_HANDLE(h, r->in.handle, LSA_HANDLE_ACCOUNT);
1097
1098         astate = h->data;
1099
1100         rights = talloc_p(mem_ctx, struct lsa_RightSet);
1101
1102         if (r->in.remove_all == 1 && 
1103             r->in.privs == NULL) {
1104                 struct lsa_EnumAccountRights r2;
1105                 NTSTATUS status;
1106
1107                 r2.in.handle = &astate->policy->handle->wire_handle;
1108                 r2.in.sid = astate->account_sid;
1109                 r2.out.rights = rights;
1110
1111                 status = lsa_EnumAccountRights(dce_call, mem_ctx, &r2);
1112                 if (!NT_STATUS_IS_OK(status)) {
1113                         return status;
1114                 }
1115
1116                 return lsa_AddRemoveAccountRights(dce_call, mem_ctx, astate->policy, 
1117                                                   LDB_FLAG_MOD_DELETE, astate->account_sid,
1118                                                   r2.out.rights);
1119         }
1120
1121         if (r->in.remove_all != 0) {
1122                 return NT_STATUS_INVALID_PARAMETER;
1123         }
1124
1125         rights->count = r->in.privs->count;
1126         rights->names = talloc_array_p(mem_ctx, struct lsa_String, rights->count);
1127         if (rights->names == NULL) {
1128                 return NT_STATUS_NO_MEMORY;
1129         }
1130         for (i=0;i<rights->count;i++) {
1131                 int id = r->in.privs->set[i].luid.low;
1132                 if (r->in.privs->set[i].luid.high) {
1133                         return NT_STATUS_NO_SUCH_PRIVILEGE;
1134                 }
1135                 rights->names[i].string = sec_privilege_name(id);
1136                 if (rights->names[i].string == NULL) {
1137                         return NT_STATUS_NO_SUCH_PRIVILEGE;
1138                 }
1139         }
1140
1141         return lsa_AddRemoveAccountRights(dce_call, mem_ctx, astate->policy, 
1142                                           LDB_FLAG_MOD_DELETE, astate->account_sid,
1143                                           rights);
1144 }
1145
1146
1147 /* 
1148   lsa_GetQuotasForAccount
1149 */
1150 static NTSTATUS lsa_GetQuotasForAccount(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
1151                        struct lsa_GetQuotasForAccount *r)
1152 {
1153         DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
1154 }
1155
1156
1157 /* 
1158   lsa_SetQuotasForAccount
1159 */
1160 static NTSTATUS lsa_SetQuotasForAccount(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
1161                        struct lsa_SetQuotasForAccount *r)
1162 {
1163         DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
1164 }
1165
1166
1167 /* 
1168   lsa_GetSystemAccessAccount
1169 */
1170 static NTSTATUS lsa_GetSystemAccessAccount(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
1171                        struct lsa_GetSystemAccessAccount *r)
1172 {
1173         DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
1174 }
1175
1176
1177 /* 
1178   lsa_SetSystemAccessAccount
1179 */
1180 static NTSTATUS lsa_SetSystemAccessAccount(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
1181                        struct lsa_SetSystemAccessAccount *r)
1182 {
1183         DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
1184 }
1185
1186
1187 /* 
1188   lsa_OpenTrustedDomain
1189 */
1190 static NTSTATUS lsa_OpenTrustedDomain(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
1191                        struct lsa_OpenTrustedDomain *r)
1192 {
1193         DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
1194 }
1195
1196
1197 /* 
1198   lsa_QueryTrustedDomainInfo
1199 */
1200 static NTSTATUS lsa_QueryTrustedDomainInfo(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
1201                        struct lsa_QueryTrustedDomainInfo *r)
1202 {
1203         DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
1204 }
1205
1206
1207 /* 
1208   lsa_SetInformationTrustedDomain
1209 */
1210 static NTSTATUS lsa_SetInformationTrustedDomain(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
1211                        struct lsa_SetInformationTrustedDomain *r)
1212 {
1213         DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
1214 }
1215
1216
1217 /* 
1218   lsa_OpenSecret 
1219 */
1220 static NTSTATUS lsa_OpenSecret(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
1221                        struct lsa_OpenSecret *r)
1222 {
1223         DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
1224 }
1225
1226
1227 /* 
1228   lsa_SetSecret 
1229 */
1230 static NTSTATUS lsa_SetSecret(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
1231                        struct lsa_SetSecret *r)
1232 {
1233         DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
1234 }
1235
1236
1237 /* 
1238   lsa_QuerySecret 
1239 */
1240 static NTSTATUS lsa_QuerySecret(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
1241                        struct lsa_QuerySecret *r)
1242 {
1243         DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
1244 }
1245
1246
1247 /* 
1248   lsa_LookupPrivValue
1249 */
1250 static NTSTATUS lsa_LookupPrivValue(struct dcesrv_call_state *dce_call, 
1251                                     TALLOC_CTX *mem_ctx,
1252                                     struct lsa_LookupPrivValue *r)
1253 {
1254         struct dcesrv_handle *h;
1255         struct lsa_policy_state *state;
1256         int id;
1257
1258         DCESRV_PULL_HANDLE(h, r->in.handle, LSA_HANDLE_POLICY);
1259
1260         state = h->data;
1261
1262         id = sec_privilege_id(r->in.name->string);
1263         if (id == -1) {
1264                 return NT_STATUS_NO_SUCH_PRIVILEGE;
1265         }
1266
1267         r->out.luid->low = id;
1268         r->out.luid->high = 0;
1269
1270         return NT_STATUS_OK;    
1271 }
1272
1273
1274 /* 
1275   lsa_LookupPrivName 
1276 */
1277 static NTSTATUS lsa_LookupPrivName(struct dcesrv_call_state *dce_call, 
1278                                    TALLOC_CTX *mem_ctx,
1279                                    struct lsa_LookupPrivName *r)
1280 {
1281         struct dcesrv_handle *h;
1282         struct lsa_policy_state *state;
1283         const char *privname;
1284
1285         DCESRV_PULL_HANDLE(h, r->in.handle, LSA_HANDLE_POLICY);
1286
1287         state = h->data;
1288
1289         if (r->in.luid->high != 0) {
1290                 return NT_STATUS_NO_SUCH_PRIVILEGE;
1291         }
1292
1293         privname = sec_privilege_name(r->in.luid->low);
1294         if (privname == NULL) {
1295                 return NT_STATUS_NO_SUCH_PRIVILEGE;
1296         }
1297
1298         r->out.name = talloc_p(mem_ctx, struct lsa_String);
1299         if (r->out.name == NULL) {
1300                 return NT_STATUS_NO_MEMORY;
1301         }
1302         r->out.name->string = privname;
1303
1304         return NT_STATUS_OK;    
1305 }
1306
1307
1308 /* 
1309   lsa_LookupPrivDisplayName
1310 */
1311 static NTSTATUS lsa_LookupPrivDisplayName(struct dcesrv_call_state *dce_call, 
1312                                           TALLOC_CTX *mem_ctx,
1313                                           struct lsa_LookupPrivDisplayName *r)
1314 {
1315         struct dcesrv_handle *h;
1316         struct lsa_policy_state *state;
1317         int id;
1318
1319         DCESRV_PULL_HANDLE(h, r->in.handle, LSA_HANDLE_POLICY);
1320
1321         state = h->data;
1322
1323         id = sec_privilege_id(r->in.name->string);
1324         if (id == -1) {
1325                 return NT_STATUS_NO_SUCH_PRIVILEGE;
1326         }
1327         
1328         r->out.disp_name = talloc_p(mem_ctx, struct lsa_String);
1329         if (r->out.disp_name == NULL) {
1330                 return NT_STATUS_NO_MEMORY;
1331         }
1332
1333         r->out.disp_name->string = sec_privilege_display_name(id, r->in.language_id);
1334         if (r->out.disp_name->string == NULL) {
1335                 return NT_STATUS_INTERNAL_ERROR;
1336         }
1337
1338         return NT_STATUS_OK;
1339 }
1340
1341
1342 /* 
1343   lsa_DeleteObject
1344 */
1345 static NTSTATUS lsa_DeleteObject(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
1346                        struct lsa_DeleteObject *r)
1347 {
1348         DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
1349 }
1350
1351
1352 /* 
1353   lsa_EnumAccountsWithUserRight
1354 */
1355 static NTSTATUS lsa_EnumAccountsWithUserRight(struct dcesrv_call_state *dce_call, 
1356                                               TALLOC_CTX *mem_ctx,
1357                                               struct lsa_EnumAccountsWithUserRight *r)
1358 {
1359         struct dcesrv_handle *h;
1360         struct lsa_policy_state *state;
1361         int ret, i;
1362         struct ldb_message **res;
1363         const char * const attrs[] = { "objectSid", NULL};
1364         const char *privname;
1365
1366         DCESRV_PULL_HANDLE(h, r->in.handle, LSA_HANDLE_POLICY);
1367
1368         state = h->data;
1369
1370         if (r->in.name == NULL) {
1371                 return NT_STATUS_NO_SUCH_PRIVILEGE;
1372         } 
1373
1374         privname = r->in.name->string;
1375         if (sec_privilege_id(privname) == -1) {
1376                 return NT_STATUS_NO_SUCH_PRIVILEGE;
1377         }
1378
1379         ret = samdb_search(state->sam_ctx, mem_ctx, NULL, &res, attrs, 
1380                            "privilege=%s", privname);
1381         if (ret <= 0) {
1382                 return NT_STATUS_NO_SUCH_USER;
1383         }
1384
1385         r->out.sids->sids = talloc_array_p(r->out.sids, struct lsa_SidPtr, ret);
1386         if (r->out.sids->sids == NULL) {
1387                 return NT_STATUS_NO_MEMORY;
1388         }
1389         for (i=0;i<ret;i++) {
1390                 const char *sidstr;
1391                 sidstr = samdb_result_string(res[i], "objectSid", NULL);
1392                 if (sidstr == NULL) {
1393                         return NT_STATUS_NO_MEMORY;
1394                 }
1395                 r->out.sids->sids[i].sid = dom_sid_parse_talloc(r->out.sids->sids,
1396                                                                 sidstr);
1397                 if (r->out.sids->sids[i].sid == NULL) {
1398                         return NT_STATUS_NO_MEMORY;
1399                 }
1400         }
1401         r->out.sids->num_sids = ret;
1402
1403         return NT_STATUS_OK;
1404 }
1405
1406
1407 /* 
1408   lsa_AddAccountRights
1409 */
1410 static NTSTATUS lsa_AddAccountRights(struct dcesrv_call_state *dce_call, 
1411                                      TALLOC_CTX *mem_ctx,
1412                                      struct lsa_AddAccountRights *r)
1413 {
1414         struct dcesrv_handle *h;
1415         struct lsa_policy_state *state;
1416
1417         DCESRV_PULL_HANDLE(h, r->in.handle, LSA_HANDLE_POLICY);
1418
1419         state = h->data;
1420
1421         return lsa_AddRemoveAccountRights(dce_call, mem_ctx, state, 
1422                                           LDB_FLAG_MOD_ADD,
1423                                           r->in.sid, r->in.rights);
1424 }
1425
1426
1427 /* 
1428   lsa_RemoveAccountRights
1429 */
1430 static NTSTATUS lsa_RemoveAccountRights(struct dcesrv_call_state *dce_call, 
1431                                         TALLOC_CTX *mem_ctx,
1432                                         struct lsa_RemoveAccountRights *r)
1433 {
1434         struct dcesrv_handle *h;
1435         struct lsa_policy_state *state;
1436
1437         DCESRV_PULL_HANDLE(h, r->in.handle, LSA_HANDLE_POLICY);
1438
1439         state = h->data;
1440
1441         return lsa_AddRemoveAccountRights(dce_call, mem_ctx, state, 
1442                                           LDB_FLAG_MOD_DELETE,
1443                                           r->in.sid, r->in.rights);
1444 }
1445
1446
1447 /* 
1448   lsa_QueryTrustedDomainInfoBySid
1449 */
1450 static NTSTATUS lsa_QueryTrustedDomainInfoBySid(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
1451                                                 struct lsa_QueryTrustedDomainInfoBySid *r)
1452 {
1453         DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
1454 }
1455
1456
1457 /* 
1458   lsa_SetTrustDomainInfo
1459 */
1460 static NTSTATUS lsa_SetTrustDomainInfo(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
1461                        struct lsa_SetTrustDomainInfo *r)
1462 {
1463         DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
1464 }
1465
1466
1467 /* 
1468   lsa_DeleteTrustDomain
1469 */
1470 static NTSTATUS lsa_DeleteTrustDomain(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
1471                        struct lsa_DeleteTrustDomain *r)
1472 {
1473         DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
1474 }
1475
1476
1477 /* 
1478   lsa_StorePrivateData
1479 */
1480 static NTSTATUS lsa_StorePrivateData(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
1481                        struct lsa_StorePrivateData *r)
1482 {
1483         DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
1484 }
1485
1486
1487 /* 
1488   lsa_RetrievePrivateData
1489 */
1490 static NTSTATUS lsa_RetrievePrivateData(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
1491                        struct lsa_RetrievePrivateData *r)
1492 {
1493         DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
1494 }
1495
1496
1497 /* 
1498   lsa_GetUserName
1499 */
1500 static NTSTATUS lsa_GetUserName(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
1501                        struct lsa_GetUserName *r)
1502 {
1503         NTSTATUS status = NT_STATUS_OK;
1504         const char *account_name;
1505         const char *authority_name;
1506         struct lsa_String *_account_name;
1507         struct lsa_StringPointer *_authority_name = NULL;
1508
1509         /* this is what w2k3 does */
1510         r->out.account_name = r->in.account_name;
1511         r->out.authority_name = r->in.authority_name;
1512
1513         if (r->in.account_name && r->in.account_name->string) {
1514                 return NT_STATUS_INVALID_PARAMETER;
1515         }
1516
1517         if (r->in.authority_name &&
1518             r->in.authority_name->string &&
1519             r->in.authority_name->string->string) {
1520                 return NT_STATUS_INVALID_PARAMETER;
1521         }
1522
1523         /* TODO: this check should go and we should rely on the calling code that this is valid */
1524         if (!dce_call->conn->auth_state.session_info ||
1525             !dce_call->conn->auth_state.session_info->server_info ||
1526             !dce_call->conn->auth_state.session_info->server_info->account_name ||
1527             !dce_call->conn->auth_state.session_info->server_info->domain) {
1528                 return NT_STATUS_INTERNAL_ERROR;
1529         }
1530
1531         account_name = talloc_reference(mem_ctx, dce_call->conn->auth_state.session_info->server_info->account_name);
1532         authority_name = talloc_reference(mem_ctx, dce_call->conn->auth_state.session_info->server_info->domain);
1533
1534         _account_name = talloc_p(mem_ctx, struct lsa_String);
1535         NTSTATUS_TALLOC_CHECK(_account_name);
1536         _account_name->string = account_name;
1537
1538         if (r->in.authority_name) {
1539                 _authority_name = talloc_p(mem_ctx, struct lsa_StringPointer);
1540                 NTSTATUS_TALLOC_CHECK(_authority_name);
1541                 _authority_name->string = talloc_p(mem_ctx, struct lsa_String);
1542                 NTSTATUS_TALLOC_CHECK(_authority_name->string);
1543                 _authority_name->string->string = authority_name;
1544         }
1545
1546         r->out.account_name = _account_name;
1547         r->out.authority_name = _authority_name;
1548
1549         return status;
1550 }
1551
1552 /*
1553   lsa_SetInfoPolicy2
1554 */
1555 static NTSTATUS lsa_SetInfoPolicy2(struct dcesrv_call_state *dce_call,
1556                                    TALLOC_CTX *mem_ctx,
1557                                    struct lsa_SetInfoPolicy2 *r)
1558 {
1559         DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
1560 }
1561
1562 /*
1563   lsa_QueryTrustedDomainInfoByName
1564 */
1565 static NTSTATUS lsa_QueryTrustedDomainInfoByName(struct dcesrv_call_state *dce_call,
1566                                                  TALLOC_CTX *mem_ctx,
1567                                                  struct lsa_QueryTrustedDomainInfoByName *r)
1568 {
1569         DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
1570 }
1571
1572 /*
1573   lsa_SetTrustedDomainInfoByName
1574 */
1575 static NTSTATUS lsa_SetTrustedDomainInfoByName(struct dcesrv_call_state *dce_call,
1576                                                TALLOC_CTX *mem_ctx,
1577                                                struct lsa_SetTrustedDomainInfoByName *r)
1578 {
1579         DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
1580 }
1581
1582 /*
1583   lsa_EnumTrustedDomainsEx
1584 */
1585 static NTSTATUS lsa_EnumTrustedDomainsEx(struct dcesrv_call_state *dce_call,
1586                                          TALLOC_CTX *mem_ctx,
1587                                          struct lsa_EnumTrustedDomainsEx *r)
1588 {
1589         DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
1590 }
1591
1592 /*
1593   lsa_CreateTrustedDomainEx
1594 */
1595 static NTSTATUS lsa_CreateTrustedDomainEx(struct dcesrv_call_state *dce_call,
1596                                           TALLOC_CTX *mem_ctx,
1597                                           struct lsa_CreateTrustedDomainEx *r)
1598 {
1599         DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
1600 }
1601
1602 /*
1603   lsa_CloseTrustedDomainEx
1604 */
1605 static NTSTATUS lsa_CloseTrustedDomainEx(struct dcesrv_call_state *dce_call,
1606                                          TALLOC_CTX *mem_ctx,
1607                                          struct lsa_CloseTrustedDomainEx *r)
1608 {
1609         DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
1610 }
1611
1612 /*
1613   lsa_QueryDomainInformationPolicy
1614 */
1615 static NTSTATUS lsa_QueryDomainInformationPolicy(struct dcesrv_call_state *dce_call,
1616                                                  TALLOC_CTX *mem_ctx,
1617                                                  struct lsa_QueryDomainInformationPolicy *r)
1618 {
1619         DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
1620 }
1621
1622 /*
1623   lsa_SetDomInfoPolicy
1624 */
1625 static NTSTATUS lsa_SetDomInfoPolicy(struct dcesrv_call_state *dce_call,
1626                                      TALLOC_CTX *mem_ctx,
1627                                      struct lsa_SetDomInfoPolicy *r)
1628 {
1629         DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
1630 }
1631
1632 /*
1633   lsa_OpenTrustedDomainByName
1634 */
1635 static NTSTATUS lsa_OpenTrustedDomainByName(struct dcesrv_call_state *dce_call,
1636                                             TALLOC_CTX *mem_ctx,
1637                                             struct lsa_OpenTrustedDomainByName *r)
1638 {
1639         DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
1640 }
1641
1642 /*
1643   lsa_TestCall
1644 */
1645 static NTSTATUS lsa_TestCall(struct dcesrv_call_state *dce_call,
1646                              TALLOC_CTX *mem_ctx,
1647                              struct lsa_TestCall *r)
1648 {
1649         DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
1650 }
1651
1652 /*
1653   lookup a SID for 1 name
1654 */
1655 static NTSTATUS lsa_lookup_name(struct lsa_policy_state *state, TALLOC_CTX *mem_ctx,
1656                                 const char *name, struct dom_sid **sid, uint32_t *atype)
1657 {
1658         int ret;
1659         struct ldb_message **res;
1660         const char * const attrs[] = { "objectSid", "sAMAccountType", NULL};
1661
1662         ret = samdb_search(state->sam_ctx, mem_ctx, NULL, &res, attrs, "sAMAccountName=%s", name);
1663         if (ret == 1) {
1664                 const char *sid_str = ldb_msg_find_string(res[0], "objectSid", NULL);
1665                 if (sid_str == NULL) {
1666                         return NT_STATUS_INVALID_SID;
1667                 }
1668
1669                 *sid = dom_sid_parse_talloc(mem_ctx, sid_str);
1670                 if (*sid == NULL) {
1671                         return NT_STATUS_INVALID_SID;
1672                 }
1673
1674                 *atype = samdb_result_uint(res[0], "sAMAccountType", 0);
1675
1676                 return NT_STATUS_OK;
1677         }
1678
1679         /* need to add a call into sidmap to check for a allocated sid */
1680
1681         return NT_STATUS_INVALID_SID;
1682 }
1683
1684 /*
1685   lsa_LookupNames2
1686 */
1687 static NTSTATUS lsa_LookupNames2(struct dcesrv_call_state *dce_call,
1688                                  TALLOC_CTX *mem_ctx,
1689                                  struct lsa_LookupNames2 *r)
1690 {
1691         struct lsa_policy_state *state;
1692         struct dcesrv_handle *h;
1693         int i;
1694         NTSTATUS status = NT_STATUS_OK;
1695
1696         r->out.domains = NULL;
1697
1698         DCESRV_PULL_HANDLE(h, r->in.handle, LSA_HANDLE_POLICY);
1699
1700         state = h->data;
1701
1702         r->out.domains = talloc_zero_p(mem_ctx,  struct lsa_RefDomainList);
1703         if (r->out.domains == NULL) {
1704                 return NT_STATUS_NO_MEMORY;
1705         }
1706
1707         r->out.sids = talloc_zero_p(mem_ctx,  struct lsa_TransSidArray2);
1708         if (r->out.sids == NULL) {
1709                 return NT_STATUS_NO_MEMORY;
1710         }
1711
1712         *r->out.count = 0;
1713
1714         r->out.sids->sids = talloc_array_p(r->out.sids, struct lsa_TranslatedSid2, 
1715                                            r->in.num_names);
1716         if (r->out.sids->sids == NULL) {
1717                 return NT_STATUS_NO_MEMORY;
1718         }
1719
1720         for (i=0;i<r->in.num_names;i++) {
1721                 const char *name = r->in.names[i].string;
1722                 struct dom_sid *sid;
1723                 uint32_t atype, rtype, sid_index;
1724                 NTSTATUS status2;
1725
1726                 r->out.sids->count++;
1727                 (*r->out.count)++;
1728
1729                 r->out.sids->sids[i].sid_type    = SID_NAME_UNKNOWN;
1730                 r->out.sids->sids[i].rid         = 0xFFFFFFFF;
1731                 r->out.sids->sids[i].sid_index   = 0xFFFFFFFF;
1732                 r->out.sids->sids[i].unknown     = 0;
1733
1734                 status2 = lsa_lookup_name(state, mem_ctx, name, &sid, &atype);
1735                 if (!NT_STATUS_IS_OK(status2) || sid->num_auths == 0) {
1736                         status = STATUS_SOME_UNMAPPED;
1737                         continue;
1738                 }
1739
1740                 rtype = samdb_atype_map(atype);
1741                 if (rtype == SID_NAME_UNKNOWN) {
1742                         status = STATUS_SOME_UNMAPPED;
1743                         continue;
1744                 }
1745
1746                 status2 = lsa_authority_list(state, mem_ctx, sid, r->out.domains, &sid_index);
1747                 if (!NT_STATUS_IS_OK(status2)) {
1748                         return status2;
1749                 }
1750
1751                 r->out.sids->sids[i].sid_type    = rtype;
1752                 r->out.sids->sids[i].rid         = sid->sub_auths[sid->num_auths-1];
1753                 r->out.sids->sids[i].sid_index   = sid_index;
1754                 r->out.sids->sids[i].unknown     = 0;
1755         }
1756         
1757         return status;
1758 }
1759
1760 /* 
1761   lsa_LookupNames 
1762 */
1763 static NTSTATUS lsa_LookupNames(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
1764                        struct lsa_LookupNames *r)
1765 {
1766         struct lsa_LookupNames2 r2;
1767         NTSTATUS status;
1768         int i;
1769
1770         r2.in.handle    = r->in.handle;
1771         r2.in.num_names = r->in.num_names;
1772         r2.in.names     = r->in.names;
1773         r2.in.sids      = NULL;
1774         r2.in.level     = r->in.level;
1775         r2.in.count     = r->in.count;
1776         r2.in.unknown1  = 0;
1777         r2.in.unknown2  = 0;
1778         r2.out.count    = r->out.count;
1779
1780         status = lsa_LookupNames2(dce_call, mem_ctx, &r2);
1781         if (dce_call->fault_code != 0) {
1782                 return status;
1783         }
1784
1785         r->out.domains = r2.out.domains;
1786         r->out.sids = talloc_p(mem_ctx, struct lsa_TransSidArray);
1787         if (r->out.sids == NULL) {
1788                 return NT_STATUS_NO_MEMORY;
1789         }
1790         r->out.sids->count = r2.out.sids->count;
1791         r->out.sids->sids = talloc_array_p(r->out.sids, struct lsa_TranslatedSid, 
1792                                            r->out.sids->count);
1793         if (r->out.sids->sids == NULL) {
1794                 return NT_STATUS_NO_MEMORY;
1795         }
1796         for (i=0;i<r->out.sids->count;i++) {
1797                 r->out.sids->sids[i].sid_type    = r2.out.sids->sids[i].sid_type;
1798                 r->out.sids->sids[i].rid         = r2.out.sids->sids[i].rid;
1799                 r->out.sids->sids[i].sid_index   = r2.out.sids->sids[i].sid_index;
1800         }
1801
1802         return status;
1803 }
1804
1805
1806
1807 /*
1808   lsa_CreateTrustedDomainEx2
1809 */
1810 static NTSTATUS lsa_CreateTrustedDomainEx2(struct dcesrv_call_state *dce_call,
1811                                            TALLOC_CTX *mem_ctx,
1812                                            struct lsa_CreateTrustedDomainEx2 *r)
1813 {
1814         DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
1815 }
1816
1817 /* 
1818   lsa_CREDRWRITE 
1819 */
1820 static NTSTATUS lsa_CREDRWRITE(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
1821                        struct lsa_CREDRWRITE *r)
1822 {
1823         DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
1824 }
1825
1826
1827 /* 
1828   lsa_CREDRREAD 
1829 */
1830 static NTSTATUS lsa_CREDRREAD(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
1831                        struct lsa_CREDRREAD *r)
1832 {
1833         DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
1834 }
1835
1836
1837 /* 
1838   lsa_CREDRENUMERATE 
1839 */
1840 static NTSTATUS lsa_CREDRENUMERATE(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
1841                        struct lsa_CREDRENUMERATE *r)
1842 {
1843         DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
1844 }
1845
1846
1847 /* 
1848   lsa_CREDRWRITEDOMAINCREDENTIALS 
1849 */
1850 static NTSTATUS lsa_CREDRWRITEDOMAINCREDENTIALS(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
1851                        struct lsa_CREDRWRITEDOMAINCREDENTIALS *r)
1852 {
1853         DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
1854 }
1855
1856
1857 /* 
1858   lsa_CREDRREADDOMAINCREDENTIALS 
1859 */
1860 static NTSTATUS lsa_CREDRREADDOMAINCREDENTIALS(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
1861                        struct lsa_CREDRREADDOMAINCREDENTIALS *r)
1862 {
1863         DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
1864 }
1865
1866
1867 /* 
1868   lsa_CREDRDELETE 
1869 */
1870 static NTSTATUS lsa_CREDRDELETE(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
1871                        struct lsa_CREDRDELETE *r)
1872 {
1873         DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
1874 }
1875
1876
1877 /* 
1878   lsa_CREDRGETTARGETINFO 
1879 */
1880 static NTSTATUS lsa_CREDRGETTARGETINFO(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
1881                        struct lsa_CREDRGETTARGETINFO *r)
1882 {
1883         DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
1884 }
1885
1886
1887 /* 
1888   lsa_CREDRPROFILELOADED 
1889 */
1890 static NTSTATUS lsa_CREDRPROFILELOADED(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
1891                        struct lsa_CREDRPROFILELOADED *r)
1892 {
1893         DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
1894 }
1895
1896
1897 /* 
1898   lsa_LSARLOOKUPNAMES3 
1899 */
1900 static NTSTATUS lsa_LSARLOOKUPNAMES3(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
1901                        struct lsa_LSARLOOKUPNAMES3 *r)
1902 {
1903         DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
1904 }
1905
1906
1907 /* 
1908   lsa_CREDRGETSESSIONTYPES 
1909 */
1910 static NTSTATUS lsa_CREDRGETSESSIONTYPES(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
1911                        struct lsa_CREDRGETSESSIONTYPES *r)
1912 {
1913         DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
1914 }
1915
1916
1917 /* 
1918   lsa_LSARREGISTERAUDITEVENT 
1919 */
1920 static NTSTATUS lsa_LSARREGISTERAUDITEVENT(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
1921                        struct lsa_LSARREGISTERAUDITEVENT *r)
1922 {
1923         DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
1924 }
1925
1926
1927 /* 
1928   lsa_LSARGENAUDITEVENT 
1929 */
1930 static NTSTATUS lsa_LSARGENAUDITEVENT(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
1931                        struct lsa_LSARGENAUDITEVENT *r)
1932 {
1933         DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
1934 }
1935
1936
1937 /* 
1938   lsa_LSARUNREGISTERAUDITEVENT 
1939 */
1940 static NTSTATUS lsa_LSARUNREGISTERAUDITEVENT(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
1941                        struct lsa_LSARUNREGISTERAUDITEVENT *r)
1942 {
1943         DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
1944 }
1945
1946
1947 /* 
1948   lsa_LSARQUERYFORESTTRUSTINFORMATION 
1949 */
1950 static NTSTATUS lsa_LSARQUERYFORESTTRUSTINFORMATION(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
1951                        struct lsa_LSARQUERYFORESTTRUSTINFORMATION *r)
1952 {
1953         DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
1954 }
1955
1956
1957 /* 
1958   lsa_LSARSETFORESTTRUSTINFORMATION 
1959 */
1960 static NTSTATUS lsa_LSARSETFORESTTRUSTINFORMATION(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
1961                        struct lsa_LSARSETFORESTTRUSTINFORMATION *r)
1962 {
1963         DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
1964 }
1965
1966
1967 /* 
1968   lsa_CREDRRENAME 
1969 */
1970 static NTSTATUS lsa_CREDRRENAME(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
1971                        struct lsa_CREDRRENAME *r)
1972 {
1973         DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
1974 }
1975
1976
1977 /* 
1978   lsa_LSARLOOKUPSIDS3 
1979 */
1980 static NTSTATUS lsa_LSARLOOKUPSIDS3(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
1981                        struct lsa_LSARLOOKUPSIDS3 *r)
1982 {
1983         DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
1984 }
1985
1986
1987 /* 
1988   lsa_LSARLOOKUPNAMES4 
1989 */
1990 static NTSTATUS lsa_LSARLOOKUPNAMES4(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
1991                        struct lsa_LSARLOOKUPNAMES4 *r)
1992 {
1993         DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
1994 }
1995
1996
1997 /* 
1998   lsa_LSAROPENPOLICYSCE 
1999 */
2000 static NTSTATUS lsa_LSAROPENPOLICYSCE(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
2001                        struct lsa_LSAROPENPOLICYSCE *r)
2002 {
2003         DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
2004 }
2005
2006
2007 /* 
2008   lsa_LSARADTREGISTERSECURITYEVENTSOURCE 
2009 */
2010 static NTSTATUS lsa_LSARADTREGISTERSECURITYEVENTSOURCE(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
2011                        struct lsa_LSARADTREGISTERSECURITYEVENTSOURCE *r)
2012 {
2013         DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
2014 }
2015
2016
2017 /* 
2018   lsa_LSARADTUNREGISTERSECURITYEVENTSOURCE 
2019 */
2020 static NTSTATUS lsa_LSARADTUNREGISTERSECURITYEVENTSOURCE(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
2021                        struct lsa_LSARADTUNREGISTERSECURITYEVENTSOURCE *r)
2022 {
2023         DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
2024 }
2025
2026
2027 /* 
2028   lsa_LSARADTREPORTSECURITYEVENT 
2029 */
2030 static NTSTATUS lsa_LSARADTREPORTSECURITYEVENT(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
2031                        struct lsa_LSARADTREPORTSECURITYEVENT *r)
2032 {
2033         DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
2034 }
2035
2036
2037 /* include the generated boilerplate */
2038 #include "librpc/gen_ndr/ndr_lsa_s.c"