2 Unix SMB/CIFS implementation.
4 endpoint server for the lsarpc pipe
6 Copyright (C) Andrew Tridgell 2004
7 Copyright (C) Andrew Bartlett <abartlet@samba.org> 2004-2005
9 This program is free software; you can redistribute it and/or modify
10 it under the terms of the GNU General Public License as published by
11 the Free Software Foundation; either version 2 of the License, or
12 (at your option) any later version.
14 This program is distributed in the hope that it will be useful,
15 but WITHOUT ANY WARRANTY; without even the implied warranty of
16 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17 GNU General Public License for more details.
19 You should have received a copy of the GNU General Public License
20 along with this program; if not, write to the Free Software
21 Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
25 #include "librpc/gen_ndr/ndr_lsa.h"
26 #include "librpc/gen_ndr/ndr_samr.h"
27 #include "rpc_server/dcerpc_server.h"
28 #include "rpc_server/common/common.h"
29 #include "lib/ldb/include/ldb.h"
30 #include "auth/auth.h"
31 #include "system/time.h"
34 this type allows us to distinguish handle types
43 state associated with a lsa_OpenPolicy() operation
45 struct lsa_policy_state {
46 struct dcesrv_handle *handle;
47 struct ldb_wrap *sam_ctx;
48 struct sidmap_context *sidmap;
50 const char *domain_dn;
51 const char *builtin_dn;
52 const char *system_dn;
53 const char *domain_name;
54 struct dom_sid *domain_sid;
55 struct dom_sid *builtin_sid;
60 state associated with a lsa_OpenAccount() operation
62 struct lsa_account_state {
63 struct lsa_policy_state *policy;
65 struct dom_sid *account_sid;
66 const char *account_sid_str;
67 const char *account_dn;
72 state associated with a lsa_OpenSecret() operation
74 struct lsa_secret_state {
75 struct lsa_policy_state *policy;
77 const char *secret_dn;
78 struct ldb_wrap *sam_ctx;
84 static NTSTATUS lsa_Close(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
87 struct dcesrv_handle *h;
89 *r->out.handle = *r->in.handle;
91 DCESRV_PULL_HANDLE(h, r->in.handle, DCESRV_HANDLE_ANY);
95 ZERO_STRUCTP(r->out.handle);
104 static NTSTATUS lsa_Delete(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
105 struct lsa_Delete *r)
107 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
114 static NTSTATUS lsa_EnumPrivs(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
115 struct lsa_EnumPrivs *r)
117 struct dcesrv_handle *h;
118 struct lsa_policy_state *state;
120 const char *privname;
122 DCESRV_PULL_HANDLE(h, r->in.handle, LSA_HANDLE_POLICY);
126 i = *r->in.resume_handle;
129 while ((privname = sec_privilege_name(i)) &&
130 r->out.privs->count < r->in.max_count) {
131 struct lsa_PrivEntry *e;
133 r->out.privs->privs = talloc_realloc_p(r->out.privs,
135 struct lsa_PrivEntry,
136 r->out.privs->count+1);
137 if (r->out.privs->privs == NULL) {
138 return NT_STATUS_NO_MEMORY;
140 e = &r->out.privs->privs[r->out.privs->count];
143 e->name.string = privname;
144 r->out.privs->count++;
148 *r->out.resume_handle = i;
157 static NTSTATUS lsa_QuerySecurity(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
158 struct lsa_QuerySecurity *r)
160 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
167 static NTSTATUS lsa_SetSecObj(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
168 struct lsa_SetSecObj *r)
170 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
177 static NTSTATUS lsa_ChangePassword(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
178 struct lsa_ChangePassword *r)
180 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
183 static NTSTATUS lsa_get_policy_state(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
184 struct lsa_policy_state **_state)
186 struct lsa_policy_state *state;
189 state = talloc_p(mem_ctx, struct lsa_policy_state);
191 return NT_STATUS_NO_MEMORY;
194 /* make sure the sam database is accessible */
195 state->sam_ctx = samdb_connect(state);
196 if (state->sam_ctx == NULL) {
198 return NT_STATUS_INVALID_SYSTEM_SERVICE;
201 state->sidmap = sidmap_open(state);
202 if (state->sidmap == NULL) {
204 return NT_STATUS_INVALID_SYSTEM_SERVICE;
207 /* work out the domain_dn - useful for so many calls its worth
209 state->domain_dn = samdb_search_string(state->sam_ctx, state, NULL,
210 "dn", "(&(objectClass=domain)(!(objectclass=builtinDomain)))");
211 if (!state->domain_dn) {
213 return NT_STATUS_NO_SUCH_DOMAIN;
216 /* work out the builtin_dn - useful for so many calls its worth
218 state->builtin_dn = samdb_search_string(state->sam_ctx, state, NULL,
219 "dn", "objectClass=builtinDomain");
220 if (!state->builtin_dn) {
222 return NT_STATUS_NO_SUCH_DOMAIN;
225 /* work out the system_dn - useful for so many calls its worth
227 state->system_dn = samdb_search_string(state->sam_ctx, state, state->domain_dn,
228 "dn", "(&(objectClass=container)(cn=System))");
229 if (!state->system_dn) {
231 return NT_STATUS_NO_SUCH_DOMAIN;
234 sid_str = samdb_search_string(state->sam_ctx, state, NULL,
235 "objectSid", "dn=%s", state->domain_dn);
238 return NT_STATUS_NO_SUCH_DOMAIN;
241 state->domain_sid = dom_sid_parse_talloc(state, sid_str);
242 if (!state->domain_sid) {
244 return NT_STATUS_NO_SUCH_DOMAIN;
247 state->builtin_sid = dom_sid_parse_talloc(state, SID_BUILTIN);
248 if (!state->builtin_sid) {
250 return NT_STATUS_NO_SUCH_DOMAIN;
253 state->domain_name = samdb_search_string(state->sam_ctx, state, NULL,
254 "name", "dn=%s", state->domain_dn);
255 if (!state->domain_name) {
257 return NT_STATUS_NO_SUCH_DOMAIN;
268 static NTSTATUS lsa_OpenPolicy2(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
269 struct lsa_OpenPolicy2 *r)
272 struct lsa_policy_state *state;
273 struct dcesrv_handle *handle;
275 ZERO_STRUCTP(r->out.handle);
277 status = lsa_get_policy_state(dce_call, mem_ctx, &state);
278 if (!NT_STATUS_IS_OK(status)) {
282 handle = dcesrv_handle_new(dce_call->context, LSA_HANDLE_POLICY);
284 return NT_STATUS_NO_MEMORY;
287 handle->data = talloc_steal(handle, state);
289 state->access_mask = r->in.access_mask;
290 state->handle = handle;
291 *r->out.handle = handle->wire_handle;
293 /* note that we have completely ignored the attr element of
294 the OpenPolicy. As far as I can tell, this is what w2k3
302 a wrapper around lsa_OpenPolicy2
304 static NTSTATUS lsa_OpenPolicy(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
305 struct lsa_OpenPolicy *r)
307 struct lsa_OpenPolicy2 r2;
309 r2.in.system_name = NULL;
310 r2.in.attr = r->in.attr;
311 r2.in.access_mask = r->in.access_mask;
312 r2.out.handle = r->out.handle;
314 return lsa_OpenPolicy2(dce_call, mem_ctx, &r2);
321 fill in the AccountDomain info
323 static NTSTATUS lsa_info_AccountDomain(struct lsa_policy_state *state, TALLOC_CTX *mem_ctx,
324 struct lsa_DomainInfo *info)
326 const char * const attrs[] = { "objectSid", "name", NULL};
328 struct ldb_message **res;
330 ret = samdb_search(state->sam_ctx, mem_ctx, NULL, &res, attrs,
331 "dn=%s", state->domain_dn);
333 return NT_STATUS_INTERNAL_DB_CORRUPTION;
336 info->name.string = samdb_result_string(res[0], "name", NULL);
337 info->sid = samdb_result_dom_sid(mem_ctx, res[0], "objectSid");
343 fill in the DNS domain info
345 static NTSTATUS lsa_info_DNS(struct lsa_policy_state *state, TALLOC_CTX *mem_ctx,
346 struct lsa_DnsDomainInfo *info)
348 const char * const attrs[] = { "name", "dnsDomain", "objectGUID", "objectSid", NULL };
350 struct ldb_message **res;
352 ret = samdb_search(state->sam_ctx, mem_ctx, NULL, &res, attrs,
353 "dn=%s", state->domain_dn);
355 return NT_STATUS_INTERNAL_DB_CORRUPTION;
358 info->name.string = samdb_result_string(res[0], "name", NULL);
359 info->dns_domain.string = samdb_result_string(res[0], "dnsDomain", NULL);
360 info->dns_forest.string = samdb_result_string(res[0], "dnsDomain", NULL);
361 info->domain_guid = samdb_result_guid(res[0], "objectGUID");
362 info->sid = samdb_result_dom_sid(mem_ctx, res[0], "objectSid");
370 static NTSTATUS lsa_QueryInfoPolicy2(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
371 struct lsa_QueryInfoPolicy2 *r)
373 struct lsa_policy_state *state;
374 struct dcesrv_handle *h;
378 DCESRV_PULL_HANDLE(h, r->in.handle, LSA_HANDLE_POLICY);
382 r->out.info = talloc_p(mem_ctx, union lsa_PolicyInformation);
384 return NT_STATUS_NO_MEMORY;
387 ZERO_STRUCTP(r->out.info);
389 switch (r->in.level) {
390 case LSA_POLICY_INFO_DOMAIN:
391 case LSA_POLICY_INFO_ACCOUNT_DOMAIN:
392 return lsa_info_AccountDomain(state, mem_ctx, &r->out.info->account_domain);
394 case LSA_POLICY_INFO_DNS:
395 return lsa_info_DNS(state, mem_ctx, &r->out.info->dns);
398 return NT_STATUS_INVALID_INFO_CLASS;
404 static NTSTATUS lsa_QueryInfoPolicy(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
405 struct lsa_QueryInfoPolicy *r)
407 struct lsa_QueryInfoPolicy2 r2;
410 r2.in.handle = r->in.handle;
411 r2.in.level = r->in.level;
413 status = lsa_QueryInfoPolicy2(dce_call, mem_ctx, &r2);
415 r->out.info = r2.out.info;
423 static NTSTATUS lsa_SetInfoPolicy(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
424 struct lsa_SetInfoPolicy *r)
426 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
433 static NTSTATUS lsa_ClearAuditLog(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
434 struct lsa_ClearAuditLog *r)
436 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
443 static NTSTATUS lsa_CreateAccount(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
444 struct lsa_CreateAccount *r)
446 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
453 static NTSTATUS lsa_EnumAccounts(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
454 struct lsa_EnumAccounts *r)
456 struct dcesrv_handle *h;
457 struct lsa_policy_state *state;
459 struct ldb_message **res;
460 const char * const attrs[] = { "objectSid", NULL};
463 DCESRV_PULL_HANDLE(h, r->in.handle, LSA_HANDLE_POLICY);
467 ret = samdb_search(state->sam_ctx, mem_ctx, state->builtin_dn, &res, attrs,
470 return NT_STATUS_NO_SUCH_USER;
473 if (*r->in.resume_handle >= ret) {
474 return NT_STATUS_NO_MORE_ENTRIES;
477 count = ret - *r->in.resume_handle;
478 if (count > r->in.num_entries) {
479 count = r->in.num_entries;
483 return NT_STATUS_NO_MORE_ENTRIES;
486 r->out.sids->sids = talloc_array_p(r->out.sids, struct lsa_SidPtr, count);
487 if (r->out.sids->sids == NULL) {
488 return NT_STATUS_NO_MEMORY;
491 for (i=0;i<count;i++) {
494 sidstr = samdb_result_string(res[i + *r->in.resume_handle], "objectSid", NULL);
495 if (sidstr == NULL) {
496 return NT_STATUS_NO_MEMORY;
498 r->out.sids->sids[i].sid = dom_sid_parse_talloc(r->out.sids->sids, sidstr);
499 if (r->out.sids->sids[i].sid == NULL) {
500 return NT_STATUS_NO_MEMORY;
504 r->out.sids->num_sids = count;
505 *r->out.resume_handle = count + *r->in.resume_handle;
513 lsa_CreateTrustedDomain
515 static NTSTATUS lsa_CreateTrustedDomain(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
516 struct lsa_CreateTrustedDomain *r)
518 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
525 static NTSTATUS lsa_EnumTrustDom(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
526 struct lsa_EnumTrustDom *r)
528 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
533 return the authority name and authority sid, given a sid
535 static NTSTATUS lsa_authority_name(struct lsa_policy_state *state,
536 TALLOC_CTX *mem_ctx, struct dom_sid *sid,
537 const char **authority_name,
538 struct dom_sid **authority_sid)
540 if (dom_sid_in_domain(state->domain_sid, sid)) {
541 *authority_name = state->domain_name;
542 *authority_sid = state->domain_sid;
546 if (dom_sid_in_domain(state->builtin_sid, sid)) {
547 *authority_name = "BUILTIN";
548 *authority_sid = state->builtin_sid;
552 *authority_sid = dom_sid_dup(mem_ctx, sid);
553 if (*authority_sid == NULL) {
554 return NT_STATUS_NO_MEMORY;
556 (*authority_sid)->num_auths = 0;
557 *authority_name = dom_sid_string(mem_ctx, *authority_sid);
558 if (*authority_name == NULL) {
559 return NT_STATUS_NO_MEMORY;
566 add to the lsa_RefDomainList for LookupSids and LookupNames
568 static NTSTATUS lsa_authority_list(struct lsa_policy_state *state, TALLOC_CTX *mem_ctx,
570 struct lsa_RefDomainList *domains,
574 const char *authority_name;
575 struct dom_sid *authority_sid;
578 /* work out the authority name */
579 status = lsa_authority_name(state, mem_ctx, sid,
580 &authority_name, &authority_sid);
581 if (!NT_STATUS_IS_OK(status)) {
585 /* see if we've already done this authority name */
586 for (i=0;i<domains->count;i++) {
587 if (strcmp(authority_name, domains->domains[i].name.string) == 0) {
593 domains->domains = talloc_realloc_p(domains,
595 struct lsa_TrustInformation,
597 if (domains->domains == NULL) {
598 return NT_STATUS_NO_MEMORY;
600 domains->domains[i].name.string = authority_name;
601 domains->domains[i].sid = authority_sid;
609 lookup a name for 1 SID
611 static NTSTATUS lsa_lookup_sid(struct lsa_policy_state *state, TALLOC_CTX *mem_ctx,
612 struct dom_sid *sid, const char *sid_str,
613 const char **name, uint32_t *atype)
616 struct ldb_message **res;
617 const char * const attrs[] = { "sAMAccountName", "sAMAccountType", "name", NULL};
620 ret = samdb_search(state->sam_ctx, mem_ctx, NULL, &res, attrs,
621 "objectSid=%s", sid_str);
623 *name = ldb_msg_find_string(res[0], "sAMAccountName", NULL);
625 *name = ldb_msg_find_string(res[0], "name", NULL);
627 *name = talloc_strdup(mem_ctx, sid_str);
628 NTSTATUS_TALLOC_CHECK(*name);
632 *atype = samdb_result_uint(res[0], "sAMAccountType", 0);
637 status = sidmap_allocated_sid_lookup(state->sidmap, mem_ctx, sid, name, atype);
646 static NTSTATUS lsa_LookupSids3(struct dcesrv_call_state *dce_call,
648 struct lsa_LookupSids3 *r)
650 struct lsa_policy_state *state;
652 NTSTATUS status = NT_STATUS_OK;
654 r->out.domains = NULL;
656 status = lsa_get_policy_state(dce_call, mem_ctx, &state);
657 if (!NT_STATUS_IS_OK(status)) {
661 r->out.domains = talloc_zero_p(mem_ctx, struct lsa_RefDomainList);
662 if (r->out.domains == NULL) {
663 return NT_STATUS_NO_MEMORY;
666 r->out.names = talloc_zero_p(mem_ctx, struct lsa_TransNameArray2);
667 if (r->out.names == NULL) {
668 return NT_STATUS_NO_MEMORY;
673 r->out.names->names = talloc_array_p(r->out.names, struct lsa_TranslatedName2,
674 r->in.sids->num_sids);
675 if (r->out.names->names == NULL) {
676 return NT_STATUS_NO_MEMORY;
679 for (i=0;i<r->in.sids->num_sids;i++) {
680 struct dom_sid *sid = r->in.sids->sids[i].sid;
681 char *sid_str = dom_sid_string(mem_ctx, sid);
683 uint32_t atype, rtype, sid_index;
686 r->out.names->count++;
689 r->out.names->names[i].sid_type = SID_NAME_UNKNOWN;
690 r->out.names->names[i].name.string = sid_str;
691 r->out.names->names[i].sid_index = 0xFFFFFFFF;
692 r->out.names->names[i].unknown = 0;
694 if (sid_str == NULL) {
695 r->out.names->names[i].name.string = "(SIDERROR)";
696 status = STATUS_SOME_UNMAPPED;
700 /* work out the authority name */
701 status2 = lsa_authority_list(state, mem_ctx, sid, r->out.domains, &sid_index);
702 if (!NT_STATUS_IS_OK(status2)) {
706 status2 = lsa_lookup_sid(state, mem_ctx, sid, sid_str,
708 if (!NT_STATUS_IS_OK(status2)) {
709 status = STATUS_SOME_UNMAPPED;
713 rtype = samdb_atype_map(atype);
714 if (rtype == SID_NAME_UNKNOWN) {
715 status = STATUS_SOME_UNMAPPED;
719 r->out.names->names[i].sid_type = rtype;
720 r->out.names->names[i].name.string = name;
721 r->out.names->names[i].sid_index = sid_index;
722 r->out.names->names[i].unknown = 0;
732 static NTSTATUS lsa_LookupSids2(struct dcesrv_call_state *dce_call,
734 struct lsa_LookupSids2 *r)
736 struct lsa_LookupSids3 r3;
739 r3.in.sids = r->in.sids;
740 r3.in.names = r->in.names;
741 r3.in.level = r->in.level;
742 r3.in.count = r->in.count;
743 r3.in.unknown1 = r->in.unknown1;
744 r3.in.unknown2 = r->in.unknown2;
745 r3.out.count = r->out.count;
746 r3.out.names = r->out.names;
748 status = lsa_LookupSids3(dce_call, mem_ctx, &r3);
749 if (dce_call->fault_code != 0) {
753 r->out.domains = r3.out.domains;
754 r->out.names = r3.out.names;
755 r->out.count = r3.out.count;
764 static NTSTATUS lsa_LookupSids(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
765 struct lsa_LookupSids *r)
767 struct lsa_LookupSids3 r3;
771 r3.in.sids = r->in.sids;
773 r3.in.level = r->in.level;
774 r3.in.count = r->in.count;
777 r3.out.count = r->out.count;
779 status = lsa_LookupSids3(dce_call, mem_ctx, &r3);
780 if (dce_call->fault_code != 0) {
784 r->out.domains = r3.out.domains;
785 r->out.names = talloc_p(mem_ctx, struct lsa_TransNameArray);
786 if (r->out.names == NULL) {
787 return NT_STATUS_NO_MEMORY;
789 r->out.names->count = r3.out.names->count;
790 r->out.names->names = talloc_array_p(r->out.names, struct lsa_TranslatedName,
791 r->out.names->count);
792 if (r->out.names->names == NULL) {
793 return NT_STATUS_NO_MEMORY;
795 for (i=0;i<r->out.names->count;i++) {
796 r->out.names->names[i].sid_type = r3.out.names->names[i].sid_type;
797 r->out.names->names[i].name.string = r3.out.names->names[i].name.string;
798 r->out.names->names[i].sid_index = r3.out.names->names[i].sid_index;
808 static NTSTATUS lsa_OpenAccount(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
809 struct lsa_OpenAccount *r)
811 struct dcesrv_handle *h, *ah;
812 struct lsa_policy_state *state;
813 struct lsa_account_state *astate;
815 ZERO_STRUCTP(r->out.acct_handle);
817 DCESRV_PULL_HANDLE(h, r->in.handle, LSA_HANDLE_POLICY);
821 astate = talloc_p(dce_call->conn, struct lsa_account_state);
822 if (astate == NULL) {
823 return NT_STATUS_NO_MEMORY;
826 astate->account_sid = dom_sid_dup(astate, r->in.sid);
827 if (astate->account_sid == NULL) {
829 return NT_STATUS_NO_MEMORY;
832 astate->account_sid_str = dom_sid_string(astate, astate->account_sid);
833 if (astate->account_sid_str == NULL) {
835 return NT_STATUS_NO_MEMORY;
838 /* check it really exists */
839 astate->account_dn = samdb_search_string(state->sam_ctx, astate,
841 "(&(objectSid=%s)(objectClass=group))",
842 astate->account_sid_str);
843 if (astate->account_dn == NULL) {
845 return NT_STATUS_NO_SUCH_USER;
848 astate->policy = talloc_reference(astate, state);
849 astate->access_mask = r->in.access_mask;
851 ah = dcesrv_handle_new(dce_call->context, LSA_HANDLE_ACCOUNT);
854 return NT_STATUS_NO_MEMORY;
857 ah->data = talloc_steal(ah, astate);
859 *r->out.acct_handle = ah->wire_handle;
868 static NTSTATUS lsa_EnumPrivsAccount(struct dcesrv_call_state *dce_call,
870 struct lsa_EnumPrivsAccount *r)
872 struct dcesrv_handle *h;
873 struct lsa_account_state *astate;
875 struct ldb_message **res;
876 const char * const attrs[] = { "privilege", NULL};
877 struct ldb_message_element *el;
879 DCESRV_PULL_HANDLE(h, r->in.handle, LSA_HANDLE_ACCOUNT);
883 r->out.privs = talloc_p(mem_ctx, struct lsa_PrivilegeSet);
884 r->out.privs->count = 0;
885 r->out.privs->unknown = 0;
886 r->out.privs->set = NULL;
888 ret = samdb_search(astate->policy->sam_ctx, mem_ctx, NULL, &res, attrs,
889 "dn=%s", astate->account_dn);
894 el = ldb_msg_find_element(res[0], "privilege");
895 if (el == NULL || el->num_values == 0) {
899 r->out.privs->set = talloc_array_p(r->out.privs,
900 struct lsa_LUIDAttribute, el->num_values);
901 if (r->out.privs->set == NULL) {
902 return NT_STATUS_NO_MEMORY;
905 for (i=0;i<el->num_values;i++) {
906 int id = sec_privilege_id(el->values[i].data);
908 return NT_STATUS_INTERNAL_DB_CORRUPTION;
910 r->out.privs->set[i].attribute = 0;
911 r->out.privs->set[i].luid.low = id;
912 r->out.privs->set[i].luid.high = 0;
915 r->out.privs->count = el->num_values;
921 lsa_EnumAccountRights
923 static NTSTATUS lsa_EnumAccountRights(struct dcesrv_call_state *dce_call,
925 struct lsa_EnumAccountRights *r)
927 struct dcesrv_handle *h;
928 struct lsa_policy_state *state;
930 struct ldb_message **res;
931 const char * const attrs[] = { "privilege", NULL};
933 struct ldb_message_element *el;
935 DCESRV_PULL_HANDLE(h, r->in.handle, LSA_HANDLE_POLICY);
939 sidstr = dom_sid_string(mem_ctx, r->in.sid);
940 if (sidstr == NULL) {
941 return NT_STATUS_NO_MEMORY;
944 ret = samdb_search(state->sam_ctx, mem_ctx, NULL, &res, attrs,
945 "objectSid=%s", sidstr);
947 return NT_STATUS_OBJECT_NAME_NOT_FOUND;
950 el = ldb_msg_find_element(res[0], "privilege");
951 if (el == NULL || el->num_values == 0) {
952 return NT_STATUS_OBJECT_NAME_NOT_FOUND;
955 r->out.rights->count = el->num_values;
956 r->out.rights->names = talloc_array_p(r->out.rights,
957 struct lsa_String, r->out.rights->count);
958 if (r->out.rights->names == NULL) {
959 return NT_STATUS_NO_MEMORY;
962 for (i=0;i<el->num_values;i++) {
963 r->out.rights->names[i].string = el->values[i].data;
972 helper for lsa_AddAccountRights and lsa_RemoveAccountRights
974 static NTSTATUS lsa_AddRemoveAccountRights(struct dcesrv_call_state *dce_call,
976 struct lsa_policy_state *state,
979 const struct lsa_RightSet *rights)
982 struct ldb_message msg;
983 struct ldb_message_element el;
986 struct lsa_EnumAccountRights r2;
988 sidstr = dom_sid_string(mem_ctx, sid);
989 if (sidstr == NULL) {
990 return NT_STATUS_NO_MEMORY;
993 dn = samdb_search_string(state->sam_ctx, mem_ctx, NULL, "dn",
994 "objectSid=%s", sidstr);
996 return NT_STATUS_NO_SUCH_USER;
999 msg.dn = talloc_strdup(mem_ctx, dn);
1000 if (msg.dn == NULL) {
1001 return NT_STATUS_NO_MEMORY;
1003 msg.num_elements = 1;
1005 el.flags = ldb_flag;
1006 el.name = talloc_strdup(mem_ctx, "privilege");
1007 if (el.name == NULL) {
1008 return NT_STATUS_NO_MEMORY;
1011 if (ldb_flag == LDB_FLAG_MOD_ADD) {
1014 r2.in.handle = &state->handle->wire_handle;
1016 r2.out.rights = talloc_p(mem_ctx, struct lsa_RightSet);
1018 status = lsa_EnumAccountRights(dce_call, mem_ctx, &r2);
1019 if (!NT_STATUS_IS_OK(status)) {
1020 ZERO_STRUCTP(r2.out.rights);
1025 el.values = talloc_array_p(mem_ctx, struct ldb_val, rights->count);
1026 if (el.values == NULL) {
1027 return NT_STATUS_NO_MEMORY;
1029 for (i=0;i<rights->count;i++) {
1030 if (sec_privilege_id(rights->names[i].string) == -1) {
1031 return NT_STATUS_NO_SUCH_PRIVILEGE;
1034 if (ldb_flag == LDB_FLAG_MOD_ADD) {
1036 for (j=0;j<r2.out.rights->count;j++) {
1037 if (StrCaseCmp(r2.out.rights->names[j].string,
1038 rights->names[i].string) == 0) {
1042 if (j != r2.out.rights->count) continue;
1046 el.values[el.num_values].length = strlen(rights->names[i].string);
1047 el.values[el.num_values].data = talloc_strdup(mem_ctx, rights->names[i].string);
1048 if (el.values[el.num_values].data == NULL) {
1049 return NT_STATUS_NO_MEMORY;
1054 if (el.num_values == 0) {
1055 return NT_STATUS_OK;
1058 ret = samdb_modify(state->sam_ctx, mem_ctx, &msg);
1060 if (ldb_flag == LDB_FLAG_MOD_DELETE) {
1061 return NT_STATUS_OBJECT_NAME_NOT_FOUND;
1063 return NT_STATUS_UNEXPECTED_IO_ERROR;
1066 return NT_STATUS_OK;
1070 lsa_AddPrivilegesToAccount
1072 static NTSTATUS lsa_AddPrivilegesToAccount(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
1073 struct lsa_AddPrivilegesToAccount *r)
1075 struct lsa_RightSet rights;
1076 struct dcesrv_handle *h;
1077 struct lsa_account_state *astate;
1080 DCESRV_PULL_HANDLE(h, r->in.handle, LSA_HANDLE_ACCOUNT);
1084 rights.count = r->in.privs->count;
1085 rights.names = talloc_array_p(mem_ctx, struct lsa_String, rights.count);
1086 if (rights.names == NULL) {
1087 return NT_STATUS_NO_MEMORY;
1089 for (i=0;i<rights.count;i++) {
1090 int id = r->in.privs->set[i].luid.low;
1091 if (r->in.privs->set[i].luid.high) {
1092 return NT_STATUS_NO_SUCH_PRIVILEGE;
1094 rights.names[i].string = sec_privilege_name(id);
1095 if (rights.names[i].string == NULL) {
1096 return NT_STATUS_NO_SUCH_PRIVILEGE;
1100 return lsa_AddRemoveAccountRights(dce_call, mem_ctx, astate->policy,
1101 LDB_FLAG_MOD_ADD, astate->account_sid,
1107 lsa_RemovePrivilegesFromAccount
1109 static NTSTATUS lsa_RemovePrivilegesFromAccount(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
1110 struct lsa_RemovePrivilegesFromAccount *r)
1112 struct lsa_RightSet *rights;
1113 struct dcesrv_handle *h;
1114 struct lsa_account_state *astate;
1117 DCESRV_PULL_HANDLE(h, r->in.handle, LSA_HANDLE_ACCOUNT);
1121 rights = talloc_p(mem_ctx, struct lsa_RightSet);
1123 if (r->in.remove_all == 1 &&
1124 r->in.privs == NULL) {
1125 struct lsa_EnumAccountRights r2;
1128 r2.in.handle = &astate->policy->handle->wire_handle;
1129 r2.in.sid = astate->account_sid;
1130 r2.out.rights = rights;
1132 status = lsa_EnumAccountRights(dce_call, mem_ctx, &r2);
1133 if (!NT_STATUS_IS_OK(status)) {
1137 return lsa_AddRemoveAccountRights(dce_call, mem_ctx, astate->policy,
1138 LDB_FLAG_MOD_DELETE, astate->account_sid,
1142 if (r->in.remove_all != 0) {
1143 return NT_STATUS_INVALID_PARAMETER;
1146 rights->count = r->in.privs->count;
1147 rights->names = talloc_array_p(mem_ctx, struct lsa_String, rights->count);
1148 if (rights->names == NULL) {
1149 return NT_STATUS_NO_MEMORY;
1151 for (i=0;i<rights->count;i++) {
1152 int id = r->in.privs->set[i].luid.low;
1153 if (r->in.privs->set[i].luid.high) {
1154 return NT_STATUS_NO_SUCH_PRIVILEGE;
1156 rights->names[i].string = sec_privilege_name(id);
1157 if (rights->names[i].string == NULL) {
1158 return NT_STATUS_NO_SUCH_PRIVILEGE;
1162 return lsa_AddRemoveAccountRights(dce_call, mem_ctx, astate->policy,
1163 LDB_FLAG_MOD_DELETE, astate->account_sid,
1169 lsa_GetQuotasForAccount
1171 static NTSTATUS lsa_GetQuotasForAccount(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
1172 struct lsa_GetQuotasForAccount *r)
1174 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
1179 lsa_SetQuotasForAccount
1181 static NTSTATUS lsa_SetQuotasForAccount(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
1182 struct lsa_SetQuotasForAccount *r)
1184 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
1189 lsa_GetSystemAccessAccount
1191 static NTSTATUS lsa_GetSystemAccessAccount(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
1192 struct lsa_GetSystemAccessAccount *r)
1194 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
1199 lsa_SetSystemAccessAccount
1201 static NTSTATUS lsa_SetSystemAccessAccount(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
1202 struct lsa_SetSystemAccessAccount *r)
1204 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
1209 lsa_OpenTrustedDomain
1211 static NTSTATUS lsa_OpenTrustedDomain(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
1212 struct lsa_OpenTrustedDomain *r)
1214 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
1219 lsa_QueryTrustedDomainInfo
1221 static NTSTATUS lsa_QueryTrustedDomainInfo(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
1222 struct lsa_QueryTrustedDomainInfo *r)
1224 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
1229 lsa_SetInformationTrustedDomain
1231 static NTSTATUS lsa_SetInformationTrustedDomain(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
1232 struct lsa_SetInformationTrustedDomain *r)
1234 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
1241 static NTSTATUS lsa_CreateSecret(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
1242 struct lsa_CreateSecret *r)
1244 struct dcesrv_handle *policy_handle;
1245 struct lsa_policy_state *policy_state;
1246 struct lsa_secret_state *secret_state;
1247 struct dcesrv_handle *handle;
1248 struct ldb_message **msgs, *msg;
1249 const char *attrs[] = {
1257 DCESRV_PULL_HANDLE(policy_handle, r->in.handle, LSA_HANDLE_POLICY);
1258 ZERO_STRUCTP(r->out.sec_handle);
1260 policy_state = policy_handle->data;
1262 if (!r->in.name.string) {
1263 return NT_STATUS_INVALID_PARAMETER;
1266 secret_state = talloc(mem_ctx, struct lsa_secret_state);
1267 if (!secret_state) {
1268 return NT_STATUS_NO_MEMORY;
1271 msg = ldb_msg_new(mem_ctx);
1273 return NT_STATUS_NO_MEMORY;
1276 if (strncmp("G$", r->in.name.string, 2) == 0) {
1278 name = &r->in.name.string[2];
1279 secret_state->sam_ctx = talloc_reference(secret_state, policy_state->sam_ctx);
1281 if (strlen(name) < 1) {
1282 return NT_STATUS_INVALID_PARAMETER;
1285 name2 = talloc_asprintf(mem_ctx, "%s Secret", name);
1286 /* search for the secret record */
1287 ret = samdb_search(secret_state->sam_ctx,
1288 mem_ctx, policy_state->system_dn, &msgs, attrs,
1289 "(&(cn=%s)(objectclass=secret))",
1292 return NT_STATUS_OBJECT_NAME_COLLISION;
1295 if (ret < 0 || ret > 1) {
1296 DEBUG(0,("Found %d records matching DN %s\n", ret, policy_state->system_dn));
1297 return NT_STATUS_INTERNAL_DB_CORRUPTION;
1300 msg->dn = talloc_asprintf(mem_ctx, "cn=%s,%s", name2, policy_state->system_dn);
1301 if (!name2 || !msg->dn) {
1302 return NT_STATUS_NO_MEMORY;
1305 samdb_msg_add_string(secret_state->sam_ctx, mem_ctx, msg, "cn", name2);
1308 name = r->in.name.string;
1309 if (strlen(name) < 1) {
1310 return NT_STATUS_INVALID_PARAMETER;
1313 secret_state->sam_ctx = talloc_reference(secret_state, secrets_db_connect(mem_ctx));
1314 /* search for the secret record */
1315 ret = samdb_search(secret_state->sam_ctx,
1316 mem_ctx, "cn=LSA Secrets", &msgs, attrs,
1317 "(&(cn=%s)(objectclass=secret))",
1320 return NT_STATUS_OBJECT_NAME_COLLISION;
1323 if (ret < 0 || ret > 1) {
1324 DEBUG(0,("Found %d records matching DN %s\n", ret, policy_state->system_dn));
1325 return NT_STATUS_INTERNAL_DB_CORRUPTION;
1328 msg->dn = talloc_asprintf(mem_ctx, "cn=%s,cn=LSA Secrets", name);
1329 samdb_msg_add_string(secret_state->sam_ctx, mem_ctx, msg, "cn", name);
1331 samdb_msg_add_string(secret_state->sam_ctx, mem_ctx, msg, "objectClass", "secret");
1333 secret_state->secret_dn = talloc_reference(secret_state, msg->dn);
1335 /* create the secret */
1336 ret = samdb_add(secret_state->sam_ctx, mem_ctx, msg);
1338 DEBUG(0,("Failed to create secret record %s\n", msg->dn));
1339 return NT_STATUS_INTERNAL_DB_CORRUPTION;
1342 handle = dcesrv_handle_new(dce_call->context, LSA_HANDLE_SECRET);
1344 return NT_STATUS_NO_MEMORY;
1347 handle->data = talloc_steal(handle, secret_state);
1349 secret_state->access_mask = r->in.access_mask;
1350 secret_state->policy = talloc_reference(secret_state, policy_state);
1352 *r->out.sec_handle = handle->wire_handle;
1354 return NT_STATUS_OK;
1361 static NTSTATUS lsa_OpenSecret(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
1362 struct lsa_OpenSecret *r)
1364 struct dcesrv_handle *policy_handle;
1366 struct lsa_policy_state *policy_state;
1367 struct lsa_secret_state *secret_state;
1368 struct dcesrv_handle *handle;
1369 struct ldb_message **msgs;
1370 const char *attrs[] = {
1378 DCESRV_PULL_HANDLE(policy_handle, r->in.handle, LSA_HANDLE_POLICY);
1379 ZERO_STRUCTP(r->out.sec_handle);
1380 policy_state = policy_handle->data;
1382 if (!r->in.name.string) {
1383 return NT_STATUS_INVALID_PARAMETER;
1386 secret_state = talloc(mem_ctx, struct lsa_secret_state);
1387 if (!secret_state) {
1388 return NT_STATUS_NO_MEMORY;
1391 if (strncmp("G$", r->in.name.string, 2) == 0) {
1392 name = &r->in.name.string[2];
1393 secret_state->sam_ctx = talloc_reference(secret_state, policy_state->sam_ctx);
1395 if (strlen(name) < 1) {
1396 return NT_STATUS_INVALID_PARAMETER;
1399 /* search for the secret record */
1400 ret = samdb_search(secret_state->sam_ctx,
1401 mem_ctx, policy_state->system_dn, &msgs, attrs,
1402 "(&(cn=%s Secret)(objectclass=secret))",
1405 return NT_STATUS_OBJECT_NAME_NOT_FOUND;
1409 DEBUG(0,("Found %d records matching DN %s\n", ret, policy_state->system_dn));
1410 return NT_STATUS_INTERNAL_DB_CORRUPTION;
1414 name = r->in.name.string;
1415 if (strlen(name) < 1) {
1416 return NT_STATUS_INVALID_PARAMETER;
1419 secret_state->sam_ctx = talloc_reference(secret_state, secrets_db_connect(mem_ctx));
1420 /* search for the secret record */
1421 ret = samdb_search(secret_state->sam_ctx,
1422 mem_ctx, "cn=LSA Secrets", &msgs, attrs,
1423 "(&(cn=%s)(objectclass=secret))",
1426 return NT_STATUS_OBJECT_NAME_NOT_FOUND;
1430 DEBUG(0,("Found %d records matching DN %s\n", ret, policy_state->system_dn));
1431 return NT_STATUS_INTERNAL_DB_CORRUPTION;
1435 secret_state->secret_dn = talloc_reference(secret_state, msgs[0]->dn);
1437 handle = dcesrv_handle_new(dce_call->context, LSA_HANDLE_SECRET);
1439 return NT_STATUS_NO_MEMORY;
1442 handle->data = talloc_steal(handle, secret_state);
1444 secret_state->access_mask = r->in.access_mask;
1445 secret_state->policy = talloc_reference(secret_state, policy_state);
1447 *r->out.sec_handle = handle->wire_handle;
1449 return NT_STATUS_OK;
1456 static NTSTATUS lsa_SetSecret(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
1457 struct lsa_SetSecret *r)
1460 struct dcesrv_handle *h;
1461 struct lsa_secret_state *secret_state;
1462 struct ldb_message *msg;
1463 DATA_BLOB session_key;
1464 DATA_BLOB crypt_secret, secret;
1467 NTSTATUS status = NT_STATUS_OK;
1469 struct timeval now = timeval_current();
1470 NTTIME nt_now = timeval_to_nttime(&now);
1472 DCESRV_PULL_HANDLE(h, r->in.sec_handle, LSA_HANDLE_SECRET);
1474 secret_state = h->data;
1476 msg = ldb_msg_new(mem_ctx);
1478 return NT_STATUS_NO_MEMORY;
1481 msg->dn = talloc_reference(mem_ctx, secret_state->secret_dn);
1483 return NT_STATUS_NO_MEMORY;
1485 status = dcesrv_fetch_session_key(dce_call->conn, &session_key);
1486 if (!NT_STATUS_IS_OK(status)) {
1490 if (r->in.old_val) {
1492 crypt_secret.data = r->in.old_val->data;
1493 crypt_secret.length = r->in.old_val->size;
1495 status = sess_decrypt_blob(mem_ctx, &crypt_secret, &session_key, &secret);
1496 if (!NT_STATUS_IS_OK(status)) {
1500 val.data = secret.data;
1501 val.length = secret.length;
1504 if (samdb_msg_add_value(secret_state->sam_ctx,
1505 mem_ctx, msg, "priorSecret", &val) != 0) {
1506 return NT_STATUS_NO_MEMORY;
1509 /* set old value mtime */
1510 if (samdb_msg_add_uint64(secret_state->sam_ctx,
1511 mem_ctx, msg, "priorSetTime", nt_now) != 0) {
1512 return NT_STATUS_NO_MEMORY;
1516 if (r->in.new_val) {
1518 crypt_secret.data = r->in.new_val->data;
1519 crypt_secret.length = r->in.new_val->size;
1521 status = sess_decrypt_blob(mem_ctx, &crypt_secret, &session_key, &secret);
1522 if (!NT_STATUS_IS_OK(status)) {
1526 val.data = secret.data;
1527 val.length = secret.length;
1530 if (samdb_msg_add_value(secret_state->sam_ctx,
1531 mem_ctx, msg, "secret", &val) != 0) {
1532 return NT_STATUS_NO_MEMORY;
1535 /* set new value mtime */
1536 if (samdb_msg_add_uint64(secret_state->sam_ctx,
1537 mem_ctx, msg, "lastSetTime", nt_now) != 0) {
1538 return NT_STATUS_NO_MEMORY;
1541 /* If the old value is not set, then migrate the
1542 * current value to the old value */
1543 if (!r->in.old_val) {
1544 const struct ldb_val *new_val;
1545 NTTIME last_set_time;
1546 struct ldb_message **res;
1547 const char *attrs[] = {
1553 /* search for the secret record */
1554 ret = samdb_search(secret_state->sam_ctx,
1555 mem_ctx, NULL, &res, attrs,
1556 "(dn=%s)", secret_state->secret_dn);
1558 return NT_STATUS_OBJECT_NAME_NOT_FOUND;
1562 DEBUG(0,("Found %d records matching dn=%s\n", ret, secret_state->secret_dn));
1563 return NT_STATUS_INTERNAL_DB_CORRUPTION;
1566 new_val = ldb_msg_find_ldb_val(res[0], "secret");
1567 last_set_time = ldb_msg_find_uint64(res[0], "lastSetTime", 0);
1571 if (samdb_msg_add_value(secret_state->sam_ctx,
1572 mem_ctx, msg, "priorSecret",
1574 return NT_STATUS_NO_MEMORY;
1578 /* set new value mtime */
1579 if (ldb_msg_find_ldb_val(res[0], "lastSetTime")) {
1580 if (samdb_msg_add_uint64(secret_state->sam_ctx,
1581 mem_ctx, msg, "priorSetTime", last_set_time) != 0) {
1582 return NT_STATUS_NO_MEMORY;
1588 /* modify the samdb record */
1589 ret = samdb_replace(secret_state->sam_ctx, mem_ctx, msg);
1591 /* we really need samdb.c to return NTSTATUS */
1592 return NT_STATUS_UNSUCCESSFUL;
1595 return NT_STATUS_OK;
1602 static NTSTATUS lsa_QuerySecret(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
1603 struct lsa_QuerySecret *r)
1605 struct dcesrv_handle *h;
1606 struct lsa_secret_state *secret_state;
1607 struct ldb_message *msg;
1608 DATA_BLOB session_key;
1609 DATA_BLOB crypt_secret, secret;
1611 struct ldb_message **res;
1612 const char *attrs[] = {
1622 time_t now = time(NULL);
1624 unix_to_nt_time(&now_nt, now);
1626 DCESRV_PULL_HANDLE(h, r->in.sec_handle, LSA_HANDLE_SECRET);
1628 secret_state = h->data;
1630 /* pull all the user attributes */
1631 ret = samdb_search(secret_state->sam_ctx, mem_ctx, NULL, &res, attrs,
1632 "dn=%s", secret_state->secret_dn);
1634 return NT_STATUS_INTERNAL_DB_CORRUPTION;
1638 nt_status = dcesrv_fetch_session_key(dce_call->conn, &session_key);
1639 if (!NT_STATUS_IS_OK(nt_status)) {
1643 if (r->in.old_val) {
1644 const struct ldb_val *prior_val;
1646 prior_val = ldb_msg_find_ldb_val(res[0], "priorSecret");
1648 if (prior_val && prior_val->length) {
1649 secret.data = prior_val->data;
1650 secret.length = prior_val->length;
1652 crypt_secret = sess_encrypt_blob(mem_ctx, &secret, &session_key);
1653 if (!crypt_secret.length) {
1654 return NT_STATUS_NO_MEMORY;
1656 r->out.old_val = talloc(mem_ctx, struct lsa_DATA_BUF_PTR);
1657 r->out.old_val->buf = talloc(mem_ctx, struct lsa_DATA_BUF);
1658 r->out.old_val->buf->size = crypt_secret.length;
1659 r->out.old_val->buf->length = crypt_secret.length;
1660 r->out.old_val->buf->data = crypt_secret.data;
1664 if (r->in.old_mtime) {
1665 r->out.old_mtime = talloc(mem_ctx, NTTIME_hyper);
1666 if (!r->out.old_mtime) {
1667 return NT_STATUS_NO_MEMORY;
1669 *r->out.old_mtime = ldb_msg_find_uint64(res[0], "priorSetTime", 0);
1672 if (r->in.new_val) {
1673 const struct ldb_val *new_val;
1675 new_val = ldb_msg_find_ldb_val(res[0], "secret");
1677 if (new_val && new_val->length) {
1678 secret.data = new_val->data;
1679 secret.length = new_val->length;
1681 crypt_secret = sess_encrypt_blob(mem_ctx, &secret, &session_key);
1682 if (!crypt_secret.length) {
1683 return NT_STATUS_NO_MEMORY;
1685 r->out.new_val = talloc(mem_ctx, struct lsa_DATA_BUF_PTR);
1686 r->out.new_val->buf = talloc(mem_ctx, struct lsa_DATA_BUF);
1687 r->out.new_val->buf->length = crypt_secret.length;
1688 r->out.new_val->buf->size = crypt_secret.length;
1689 r->out.new_val->buf->data = crypt_secret.data;
1693 if (r->in.new_mtime) {
1694 r->out.new_mtime = talloc(mem_ctx, NTTIME_hyper);
1695 if (!r->out.new_mtime) {
1696 return NT_STATUS_NO_MEMORY;
1698 *r->out.new_mtime = ldb_msg_find_uint64(res[0], "lastSetTime", 0);
1701 return NT_STATUS_OK;
1708 static NTSTATUS lsa_LookupPrivValue(struct dcesrv_call_state *dce_call,
1709 TALLOC_CTX *mem_ctx,
1710 struct lsa_LookupPrivValue *r)
1712 struct dcesrv_handle *h;
1713 struct lsa_policy_state *state;
1716 DCESRV_PULL_HANDLE(h, r->in.handle, LSA_HANDLE_POLICY);
1720 id = sec_privilege_id(r->in.name->string);
1722 return NT_STATUS_NO_SUCH_PRIVILEGE;
1725 r->out.luid->low = id;
1726 r->out.luid->high = 0;
1728 return NT_STATUS_OK;
1735 static NTSTATUS lsa_LookupPrivName(struct dcesrv_call_state *dce_call,
1736 TALLOC_CTX *mem_ctx,
1737 struct lsa_LookupPrivName *r)
1739 struct dcesrv_handle *h;
1740 struct lsa_policy_state *state;
1741 const char *privname;
1743 DCESRV_PULL_HANDLE(h, r->in.handle, LSA_HANDLE_POLICY);
1747 if (r->in.luid->high != 0) {
1748 return NT_STATUS_NO_SUCH_PRIVILEGE;
1751 privname = sec_privilege_name(r->in.luid->low);
1752 if (privname == NULL) {
1753 return NT_STATUS_NO_SUCH_PRIVILEGE;
1756 r->out.name = talloc_p(mem_ctx, struct lsa_String);
1757 if (r->out.name == NULL) {
1758 return NT_STATUS_NO_MEMORY;
1760 r->out.name->string = privname;
1762 return NT_STATUS_OK;
1767 lsa_LookupPrivDisplayName
1769 static NTSTATUS lsa_LookupPrivDisplayName(struct dcesrv_call_state *dce_call,
1770 TALLOC_CTX *mem_ctx,
1771 struct lsa_LookupPrivDisplayName *r)
1773 struct dcesrv_handle *h;
1774 struct lsa_policy_state *state;
1777 DCESRV_PULL_HANDLE(h, r->in.handle, LSA_HANDLE_POLICY);
1781 id = sec_privilege_id(r->in.name->string);
1783 return NT_STATUS_NO_SUCH_PRIVILEGE;
1786 r->out.disp_name = talloc_p(mem_ctx, struct lsa_String);
1787 if (r->out.disp_name == NULL) {
1788 return NT_STATUS_NO_MEMORY;
1791 r->out.disp_name->string = sec_privilege_display_name(id, r->in.language_id);
1792 if (r->out.disp_name->string == NULL) {
1793 return NT_STATUS_INTERNAL_ERROR;
1796 return NT_STATUS_OK;
1803 static NTSTATUS lsa_DeleteObject(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
1804 struct lsa_DeleteObject *r)
1806 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
1811 lsa_EnumAccountsWithUserRight
1813 static NTSTATUS lsa_EnumAccountsWithUserRight(struct dcesrv_call_state *dce_call,
1814 TALLOC_CTX *mem_ctx,
1815 struct lsa_EnumAccountsWithUserRight *r)
1817 struct dcesrv_handle *h;
1818 struct lsa_policy_state *state;
1820 struct ldb_message **res;
1821 const char * const attrs[] = { "objectSid", NULL};
1822 const char *privname;
1824 DCESRV_PULL_HANDLE(h, r->in.handle, LSA_HANDLE_POLICY);
1828 if (r->in.name == NULL) {
1829 return NT_STATUS_NO_SUCH_PRIVILEGE;
1832 privname = r->in.name->string;
1833 if (sec_privilege_id(privname) == -1) {
1834 return NT_STATUS_NO_SUCH_PRIVILEGE;
1837 ret = samdb_search(state->sam_ctx, mem_ctx, NULL, &res, attrs,
1838 "privilege=%s", privname);
1840 return NT_STATUS_NO_SUCH_USER;
1843 r->out.sids->sids = talloc_array_p(r->out.sids, struct lsa_SidPtr, ret);
1844 if (r->out.sids->sids == NULL) {
1845 return NT_STATUS_NO_MEMORY;
1847 for (i=0;i<ret;i++) {
1849 sidstr = samdb_result_string(res[i], "objectSid", NULL);
1850 if (sidstr == NULL) {
1851 return NT_STATUS_NO_MEMORY;
1853 r->out.sids->sids[i].sid = dom_sid_parse_talloc(r->out.sids->sids,
1855 if (r->out.sids->sids[i].sid == NULL) {
1856 return NT_STATUS_NO_MEMORY;
1859 r->out.sids->num_sids = ret;
1861 return NT_STATUS_OK;
1866 lsa_AddAccountRights
1868 static NTSTATUS lsa_AddAccountRights(struct dcesrv_call_state *dce_call,
1869 TALLOC_CTX *mem_ctx,
1870 struct lsa_AddAccountRights *r)
1872 struct dcesrv_handle *h;
1873 struct lsa_policy_state *state;
1875 DCESRV_PULL_HANDLE(h, r->in.handle, LSA_HANDLE_POLICY);
1879 return lsa_AddRemoveAccountRights(dce_call, mem_ctx, state,
1881 r->in.sid, r->in.rights);
1886 lsa_RemoveAccountRights
1888 static NTSTATUS lsa_RemoveAccountRights(struct dcesrv_call_state *dce_call,
1889 TALLOC_CTX *mem_ctx,
1890 struct lsa_RemoveAccountRights *r)
1892 struct dcesrv_handle *h;
1893 struct lsa_policy_state *state;
1895 DCESRV_PULL_HANDLE(h, r->in.handle, LSA_HANDLE_POLICY);
1899 return lsa_AddRemoveAccountRights(dce_call, mem_ctx, state,
1900 LDB_FLAG_MOD_DELETE,
1901 r->in.sid, r->in.rights);
1906 lsa_QueryTrustedDomainInfoBySid
1908 static NTSTATUS lsa_QueryTrustedDomainInfoBySid(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
1909 struct lsa_QueryTrustedDomainInfoBySid *r)
1911 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
1916 lsa_SetTrustDomainInfo
1918 static NTSTATUS lsa_SetTrustDomainInfo(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
1919 struct lsa_SetTrustDomainInfo *r)
1921 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
1926 lsa_DeleteTrustDomain
1928 static NTSTATUS lsa_DeleteTrustDomain(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
1929 struct lsa_DeleteTrustDomain *r)
1931 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
1936 lsa_StorePrivateData
1938 static NTSTATUS lsa_StorePrivateData(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
1939 struct lsa_StorePrivateData *r)
1941 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
1946 lsa_RetrievePrivateData
1948 static NTSTATUS lsa_RetrievePrivateData(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
1949 struct lsa_RetrievePrivateData *r)
1951 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
1958 static NTSTATUS lsa_GetUserName(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
1959 struct lsa_GetUserName *r)
1961 NTSTATUS status = NT_STATUS_OK;
1962 const char *account_name;
1963 const char *authority_name;
1964 struct lsa_String *_account_name;
1965 struct lsa_StringPointer *_authority_name = NULL;
1967 /* this is what w2k3 does */
1968 r->out.account_name = r->in.account_name;
1969 r->out.authority_name = r->in.authority_name;
1971 if (r->in.account_name && r->in.account_name->string) {
1972 return NT_STATUS_INVALID_PARAMETER;
1975 if (r->in.authority_name &&
1976 r->in.authority_name->string &&
1977 r->in.authority_name->string->string) {
1978 return NT_STATUS_INVALID_PARAMETER;
1981 /* TODO: this check should go and we should rely on the calling code that this is valid */
1982 if (!dce_call->conn->auth_state.session_info ||
1983 !dce_call->conn->auth_state.session_info->server_info ||
1984 !dce_call->conn->auth_state.session_info->server_info->account_name ||
1985 !dce_call->conn->auth_state.session_info->server_info->domain_name) {
1986 return NT_STATUS_INTERNAL_ERROR;
1989 account_name = talloc_reference(mem_ctx, dce_call->conn->auth_state.session_info->server_info->account_name);
1990 authority_name = talloc_reference(mem_ctx, dce_call->conn->auth_state.session_info->server_info->domain_name);
1992 _account_name = talloc_p(mem_ctx, struct lsa_String);
1993 NTSTATUS_TALLOC_CHECK(_account_name);
1994 _account_name->string = account_name;
1996 if (r->in.authority_name) {
1997 _authority_name = talloc_p(mem_ctx, struct lsa_StringPointer);
1998 NTSTATUS_TALLOC_CHECK(_authority_name);
1999 _authority_name->string = talloc_p(mem_ctx, struct lsa_String);
2000 NTSTATUS_TALLOC_CHECK(_authority_name->string);
2001 _authority_name->string->string = authority_name;
2004 r->out.account_name = _account_name;
2005 r->out.authority_name = _authority_name;
2013 static NTSTATUS lsa_SetInfoPolicy2(struct dcesrv_call_state *dce_call,
2014 TALLOC_CTX *mem_ctx,
2015 struct lsa_SetInfoPolicy2 *r)
2017 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
2021 lsa_QueryTrustedDomainInfoByName
2023 static NTSTATUS lsa_QueryTrustedDomainInfoByName(struct dcesrv_call_state *dce_call,
2024 TALLOC_CTX *mem_ctx,
2025 struct lsa_QueryTrustedDomainInfoByName *r)
2027 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
2031 lsa_SetTrustedDomainInfoByName
2033 static NTSTATUS lsa_SetTrustedDomainInfoByName(struct dcesrv_call_state *dce_call,
2034 TALLOC_CTX *mem_ctx,
2035 struct lsa_SetTrustedDomainInfoByName *r)
2037 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
2041 lsa_EnumTrustedDomainsEx
2043 static NTSTATUS lsa_EnumTrustedDomainsEx(struct dcesrv_call_state *dce_call,
2044 TALLOC_CTX *mem_ctx,
2045 struct lsa_EnumTrustedDomainsEx *r)
2047 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
2051 lsa_CreateTrustedDomainEx
2053 static NTSTATUS lsa_CreateTrustedDomainEx(struct dcesrv_call_state *dce_call,
2054 TALLOC_CTX *mem_ctx,
2055 struct lsa_CreateTrustedDomainEx *r)
2057 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
2061 lsa_CloseTrustedDomainEx
2063 static NTSTATUS lsa_CloseTrustedDomainEx(struct dcesrv_call_state *dce_call,
2064 TALLOC_CTX *mem_ctx,
2065 struct lsa_CloseTrustedDomainEx *r)
2067 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
2071 lsa_QueryDomainInformationPolicy
2073 static NTSTATUS lsa_QueryDomainInformationPolicy(struct dcesrv_call_state *dce_call,
2074 TALLOC_CTX *mem_ctx,
2075 struct lsa_QueryDomainInformationPolicy *r)
2077 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
2081 lsa_SetDomInfoPolicy
2083 static NTSTATUS lsa_SetDomInfoPolicy(struct dcesrv_call_state *dce_call,
2084 TALLOC_CTX *mem_ctx,
2085 struct lsa_SetDomInfoPolicy *r)
2087 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
2091 lsa_OpenTrustedDomainByName
2093 static NTSTATUS lsa_OpenTrustedDomainByName(struct dcesrv_call_state *dce_call,
2094 TALLOC_CTX *mem_ctx,
2095 struct lsa_OpenTrustedDomainByName *r)
2097 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
2103 static NTSTATUS lsa_TestCall(struct dcesrv_call_state *dce_call,
2104 TALLOC_CTX *mem_ctx,
2105 struct lsa_TestCall *r)
2107 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
2111 lookup a SID for 1 name
2113 static NTSTATUS lsa_lookup_name(struct lsa_policy_state *state, TALLOC_CTX *mem_ctx,
2114 const char *name, struct dom_sid **sid, uint32_t *atype)
2117 struct ldb_message **res;
2118 const char * const attrs[] = { "objectSid", "sAMAccountType", NULL};
2121 p = strchr_m(name, '\\');
2123 /* TODO: properly parse the domain prefix here, and use it to
2128 ret = samdb_search(state->sam_ctx, mem_ctx, NULL, &res, attrs, "sAMAccountName=%s", name);
2130 const char *sid_str = ldb_msg_find_string(res[0], "objectSid", NULL);
2131 if (sid_str == NULL) {
2132 return NT_STATUS_INVALID_SID;
2135 *sid = dom_sid_parse_talloc(mem_ctx, sid_str);
2137 return NT_STATUS_INVALID_SID;
2140 *atype = samdb_result_uint(res[0], "sAMAccountType", 0);
2142 return NT_STATUS_OK;
2145 /* need to add a call into sidmap to check for a allocated sid */
2147 return NT_STATUS_INVALID_SID;
2154 static NTSTATUS lsa_LookupNames3(struct dcesrv_call_state *dce_call,
2155 TALLOC_CTX *mem_ctx,
2156 struct lsa_LookupNames3 *r)
2158 struct lsa_policy_state *state;
2159 struct dcesrv_handle *h;
2161 NTSTATUS status = NT_STATUS_OK;
2163 r->out.domains = NULL;
2165 DCESRV_PULL_HANDLE(h, r->in.handle, LSA_HANDLE_POLICY);
2169 r->out.domains = talloc_zero_p(mem_ctx, struct lsa_RefDomainList);
2170 if (r->out.domains == NULL) {
2171 return NT_STATUS_NO_MEMORY;
2174 r->out.sids = talloc_zero_p(mem_ctx, struct lsa_TransSidArray3);
2175 if (r->out.sids == NULL) {
2176 return NT_STATUS_NO_MEMORY;
2181 r->out.sids->sids = talloc_array_p(r->out.sids, struct lsa_TranslatedSid3,
2183 if (r->out.sids->sids == NULL) {
2184 return NT_STATUS_NO_MEMORY;
2187 for (i=0;i<r->in.num_names;i++) {
2188 const char *name = r->in.names[i].string;
2189 struct dom_sid *sid;
2190 uint32_t atype, rtype, sid_index;
2193 r->out.sids->count++;
2196 r->out.sids->sids[i].sid_type = SID_NAME_UNKNOWN;
2197 r->out.sids->sids[i].sid = NULL;
2198 r->out.sids->sids[i].sid_index = 0xFFFFFFFF;
2199 r->out.sids->sids[i].unknown = 0;
2201 status2 = lsa_lookup_name(state, mem_ctx, name, &sid, &atype);
2202 if (!NT_STATUS_IS_OK(status2) || sid->num_auths == 0) {
2203 status = STATUS_SOME_UNMAPPED;
2207 rtype = samdb_atype_map(atype);
2208 if (rtype == SID_NAME_UNKNOWN) {
2209 status = STATUS_SOME_UNMAPPED;
2213 status2 = lsa_authority_list(state, mem_ctx, sid, r->out.domains, &sid_index);
2214 if (!NT_STATUS_IS_OK(status2)) {
2218 r->out.sids->sids[i].sid_type = rtype;
2219 r->out.sids->sids[i].sid = sid;
2220 r->out.sids->sids[i].sid_index = sid_index;
2221 r->out.sids->sids[i].unknown = 0;
2230 static NTSTATUS lsa_LookupNames2(struct dcesrv_call_state *dce_call,
2231 TALLOC_CTX *mem_ctx,
2232 struct lsa_LookupNames2 *r)
2234 struct lsa_policy_state *state;
2235 struct dcesrv_handle *h;
2237 NTSTATUS status = NT_STATUS_OK;
2239 r->out.domains = NULL;
2241 DCESRV_PULL_HANDLE(h, r->in.handle, LSA_HANDLE_POLICY);
2245 r->out.domains = talloc_zero_p(mem_ctx, struct lsa_RefDomainList);
2246 if (r->out.domains == NULL) {
2247 return NT_STATUS_NO_MEMORY;
2250 r->out.sids = talloc_zero_p(mem_ctx, struct lsa_TransSidArray2);
2251 if (r->out.sids == NULL) {
2252 return NT_STATUS_NO_MEMORY;
2257 r->out.sids->sids = talloc_array_p(r->out.sids, struct lsa_TranslatedSid2,
2259 if (r->out.sids->sids == NULL) {
2260 return NT_STATUS_NO_MEMORY;
2263 for (i=0;i<r->in.num_names;i++) {
2264 const char *name = r->in.names[i].string;
2265 struct dom_sid *sid;
2266 uint32_t atype, rtype, sid_index;
2269 r->out.sids->count++;
2272 r->out.sids->sids[i].sid_type = SID_NAME_UNKNOWN;
2273 r->out.sids->sids[i].rid = 0xFFFFFFFF;
2274 r->out.sids->sids[i].sid_index = 0xFFFFFFFF;
2275 r->out.sids->sids[i].unknown = 0;
2277 status2 = lsa_lookup_name(state, mem_ctx, name, &sid, &atype);
2278 if (!NT_STATUS_IS_OK(status2) || sid->num_auths == 0) {
2279 status = STATUS_SOME_UNMAPPED;
2283 rtype = samdb_atype_map(atype);
2284 if (rtype == SID_NAME_UNKNOWN) {
2285 status = STATUS_SOME_UNMAPPED;
2289 status2 = lsa_authority_list(state, mem_ctx, sid, r->out.domains, &sid_index);
2290 if (!NT_STATUS_IS_OK(status2)) {
2294 r->out.sids->sids[i].sid_type = rtype;
2295 r->out.sids->sids[i].rid = sid->sub_auths[sid->num_auths-1];
2296 r->out.sids->sids[i].sid_index = sid_index;
2297 r->out.sids->sids[i].unknown = 0;
2306 static NTSTATUS lsa_LookupNames(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
2307 struct lsa_LookupNames *r)
2309 struct lsa_LookupNames2 r2;
2313 r2.in.handle = r->in.handle;
2314 r2.in.num_names = r->in.num_names;
2315 r2.in.names = r->in.names;
2317 r2.in.level = r->in.level;
2318 r2.in.count = r->in.count;
2321 r2.out.count = r->out.count;
2323 status = lsa_LookupNames2(dce_call, mem_ctx, &r2);
2324 if (dce_call->fault_code != 0) {
2328 r->out.domains = r2.out.domains;
2329 r->out.sids = talloc_p(mem_ctx, struct lsa_TransSidArray);
2330 if (r->out.sids == NULL) {
2331 return NT_STATUS_NO_MEMORY;
2333 r->out.sids->count = r2.out.sids->count;
2334 r->out.sids->sids = talloc_array_p(r->out.sids, struct lsa_TranslatedSid,
2335 r->out.sids->count);
2336 if (r->out.sids->sids == NULL) {
2337 return NT_STATUS_NO_MEMORY;
2339 for (i=0;i<r->out.sids->count;i++) {
2340 r->out.sids->sids[i].sid_type = r2.out.sids->sids[i].sid_type;
2341 r->out.sids->sids[i].rid = r2.out.sids->sids[i].rid;
2342 r->out.sids->sids[i].sid_index = r2.out.sids->sids[i].sid_index;
2351 lsa_CreateTrustedDomainEx2
2353 static NTSTATUS lsa_CreateTrustedDomainEx2(struct dcesrv_call_state *dce_call,
2354 TALLOC_CTX *mem_ctx,
2355 struct lsa_CreateTrustedDomainEx2 *r)
2357 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
2363 static NTSTATUS lsa_CREDRWRITE(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
2364 struct lsa_CREDRWRITE *r)
2366 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
2373 static NTSTATUS lsa_CREDRREAD(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
2374 struct lsa_CREDRREAD *r)
2376 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
2383 static NTSTATUS lsa_CREDRENUMERATE(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
2384 struct lsa_CREDRENUMERATE *r)
2386 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
2391 lsa_CREDRWRITEDOMAINCREDENTIALS
2393 static NTSTATUS lsa_CREDRWRITEDOMAINCREDENTIALS(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
2394 struct lsa_CREDRWRITEDOMAINCREDENTIALS *r)
2396 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
2401 lsa_CREDRREADDOMAINCREDENTIALS
2403 static NTSTATUS lsa_CREDRREADDOMAINCREDENTIALS(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
2404 struct lsa_CREDRREADDOMAINCREDENTIALS *r)
2406 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
2413 static NTSTATUS lsa_CREDRDELETE(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
2414 struct lsa_CREDRDELETE *r)
2416 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
2421 lsa_CREDRGETTARGETINFO
2423 static NTSTATUS lsa_CREDRGETTARGETINFO(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
2424 struct lsa_CREDRGETTARGETINFO *r)
2426 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
2431 lsa_CREDRPROFILELOADED
2433 static NTSTATUS lsa_CREDRPROFILELOADED(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
2434 struct lsa_CREDRPROFILELOADED *r)
2436 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
2441 lsa_CREDRGETSESSIONTYPES
2443 static NTSTATUS lsa_CREDRGETSESSIONTYPES(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
2444 struct lsa_CREDRGETSESSIONTYPES *r)
2446 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
2451 lsa_LSARREGISTERAUDITEVENT
2453 static NTSTATUS lsa_LSARREGISTERAUDITEVENT(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
2454 struct lsa_LSARREGISTERAUDITEVENT *r)
2456 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
2461 lsa_LSARGENAUDITEVENT
2463 static NTSTATUS lsa_LSARGENAUDITEVENT(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
2464 struct lsa_LSARGENAUDITEVENT *r)
2466 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
2471 lsa_LSARUNREGISTERAUDITEVENT
2473 static NTSTATUS lsa_LSARUNREGISTERAUDITEVENT(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
2474 struct lsa_LSARUNREGISTERAUDITEVENT *r)
2476 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
2481 lsa_LSARQUERYFORESTTRUSTINFORMATION
2483 static NTSTATUS lsa_LSARQUERYFORESTTRUSTINFORMATION(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
2484 struct lsa_LSARQUERYFORESTTRUSTINFORMATION *r)
2486 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
2491 lsa_LSARSETFORESTTRUSTINFORMATION
2493 static NTSTATUS lsa_LSARSETFORESTTRUSTINFORMATION(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
2494 struct lsa_LSARSETFORESTTRUSTINFORMATION *r)
2496 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
2503 static NTSTATUS lsa_CREDRRENAME(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
2504 struct lsa_CREDRRENAME *r)
2506 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
2511 lsa_LSARLOOKUPNAMES4
2513 static NTSTATUS lsa_LSARLOOKUPNAMES4(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
2514 struct lsa_LSARLOOKUPNAMES4 *r)
2516 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
2521 lsa_LSAROPENPOLICYSCE
2523 static NTSTATUS lsa_LSAROPENPOLICYSCE(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
2524 struct lsa_LSAROPENPOLICYSCE *r)
2526 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
2531 lsa_LSARADTREGISTERSECURITYEVENTSOURCE
2533 static NTSTATUS lsa_LSARADTREGISTERSECURITYEVENTSOURCE(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
2534 struct lsa_LSARADTREGISTERSECURITYEVENTSOURCE *r)
2536 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
2541 lsa_LSARADTUNREGISTERSECURITYEVENTSOURCE
2543 static NTSTATUS lsa_LSARADTUNREGISTERSECURITYEVENTSOURCE(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
2544 struct lsa_LSARADTUNREGISTERSECURITYEVENTSOURCE *r)
2546 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
2551 lsa_LSARADTREPORTSECURITYEVENT
2553 static NTSTATUS lsa_LSARADTREPORTSECURITYEVENT(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
2554 struct lsa_LSARADTREPORTSECURITYEVENT *r)
2556 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
2560 /* include the generated boilerplate */
2561 #include "librpc/gen_ndr/ndr_lsa_s.c"