2 Unix SMB/CIFS implementation.
4 endpoint server for the lsarpc pipe
6 Copyright (C) Andrew Tridgell 2004
8 This program is free software; you can redistribute it and/or modify
9 it under the terms of the GNU General Public License as published by
10 the Free Software Foundation; either version 2 of the License, or
11 (at your option) any later version.
13 This program is distributed in the hope that it will be useful,
14 but WITHOUT ANY WARRANTY; without even the implied warranty of
15 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 GNU General Public License for more details.
18 You should have received a copy of the GNU General Public License
19 along with this program; if not, write to the Free Software
20 Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
24 #include "librpc/gen_ndr/ndr_lsa.h"
25 #include "librpc/gen_ndr/ndr_samr.h"
26 #include "rpc_server/dcerpc_server.h"
27 #include "rpc_server/common/common.h"
28 #include "lib/ldb/include/ldb.h"
29 #include "auth/auth.h"
32 this type allows us to distinguish handle types
41 state associated with a lsa_OpenPolicy() operation
43 struct lsa_policy_state {
44 struct dcesrv_handle *handle;
46 struct sidmap_context *sidmap;
48 const char *domain_dn;
49 const char *builtin_dn;
50 const char *domain_name;
51 struct dom_sid *domain_sid;
52 struct dom_sid *builtin_sid;
57 state associated with a lsa_OpenAccount() operation
59 struct lsa_account_state {
60 struct lsa_policy_state *policy;
62 struct dom_sid *account_sid;
63 const char *account_sid_str;
64 const char *account_dn;
69 destroy an open policy. This closes the database connection
71 static void lsa_Policy_destroy(struct dcesrv_connection *conn, struct dcesrv_handle *h)
73 struct lsa_policy_state *state = h->data;
78 destroy an open account.
80 static void lsa_Account_destroy(struct dcesrv_connection *conn, struct dcesrv_handle *h)
82 struct lsa_account_state *astate = h->data;
89 static NTSTATUS lsa_Close(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
92 struct dcesrv_handle *h;
94 *r->out.handle = *r->in.handle;
96 DCESRV_PULL_HANDLE(h, r->in.handle, DCESRV_HANDLE_ANY);
98 /* this causes the callback samr_XXX_destroy() to be called by
99 the handle destroy code which destroys the state associated
101 dcesrv_handle_destroy(dce_call->conn, h);
103 ZERO_STRUCTP(r->out.handle);
112 static NTSTATUS lsa_Delete(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
113 struct lsa_Delete *r)
115 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
122 static NTSTATUS lsa_EnumPrivs(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
123 struct lsa_EnumPrivs *r)
125 struct dcesrv_handle *h;
126 struct lsa_policy_state *state;
128 const char *privname;
130 DCESRV_PULL_HANDLE(h, r->in.handle, LSA_HANDLE_POLICY);
134 i = *r->in.resume_handle;
137 while ((privname = sec_privilege_name(i)) &&
138 r->out.privs->count < r->in.max_count) {
139 struct lsa_PrivEntry *e;
141 r->out.privs->privs = talloc_realloc_p(r->out.privs,
143 struct lsa_PrivEntry,
144 r->out.privs->count+1);
145 if (r->out.privs->privs == NULL) {
146 return NT_STATUS_NO_MEMORY;
148 e = &r->out.privs->privs[r->out.privs->count];
151 e->name.string = privname;
152 r->out.privs->count++;
156 *r->out.resume_handle = i;
165 static NTSTATUS lsa_QuerySecurity(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
166 struct lsa_QuerySecurity *r)
168 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
175 static NTSTATUS lsa_SetSecObj(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
176 struct lsa_SetSecObj *r)
178 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
185 static NTSTATUS lsa_ChangePassword(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
186 struct lsa_ChangePassword *r)
188 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
191 static NTSTATUS lsa_get_policy_state(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
192 struct lsa_policy_state **_state)
194 struct lsa_policy_state *state;
197 state = talloc_p(mem_ctx, struct lsa_policy_state);
199 return NT_STATUS_NO_MEMORY;
202 /* make sure the sam database is accessible */
203 state->sam_ctx = samdb_connect(state);
204 if (state->sam_ctx == NULL) {
206 return NT_STATUS_INVALID_SYSTEM_SERVICE;
209 state->sidmap = sidmap_open(state);
210 if (state->sidmap == NULL) {
212 return NT_STATUS_INVALID_SYSTEM_SERVICE;
215 /* work out the domain_dn - useful for so many calls its worth
217 state->domain_dn = samdb_search_string(state->sam_ctx, state, NULL,
218 "dn", "(&(objectClass=domain)(!(objectclass=builtinDomain)))");
219 if (!state->domain_dn) {
221 return NT_STATUS_NO_SUCH_DOMAIN;
224 /* work out the builtin_dn - useful for so many calls its worth
226 state->builtin_dn = samdb_search_string(state->sam_ctx, state, NULL,
227 "dn", "objectClass=builtinDomain");
228 if (!state->builtin_dn) {
230 return NT_STATUS_NO_SUCH_DOMAIN;
233 sid_str = samdb_search_string(state->sam_ctx, state, NULL,
234 "objectSid", "dn=%s", state->domain_dn);
237 return NT_STATUS_NO_SUCH_DOMAIN;
240 state->domain_sid = dom_sid_parse_talloc(state, sid_str);
241 if (!state->domain_sid) {
243 return NT_STATUS_NO_SUCH_DOMAIN;
246 state->builtin_sid = dom_sid_parse_talloc(state, SID_BUILTIN);
247 if (!state->builtin_sid) {
249 return NT_STATUS_NO_SUCH_DOMAIN;
252 state->domain_name = samdb_search_string(state->sam_ctx, state, NULL,
253 "name", "dn=%s", state->domain_dn);
254 if (!state->domain_name) {
256 return NT_STATUS_NO_SUCH_DOMAIN;
267 static NTSTATUS lsa_OpenPolicy2(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
268 struct lsa_OpenPolicy2 *r)
271 struct lsa_policy_state *state;
272 struct dcesrv_handle *handle;
274 ZERO_STRUCTP(r->out.handle);
276 status = lsa_get_policy_state(dce_call, mem_ctx, &state);
277 if (!NT_STATUS_IS_OK(status)) {
281 handle = dcesrv_handle_new(dce_call->conn, LSA_HANDLE_POLICY);
283 return NT_STATUS_NO_MEMORY;
286 handle->data = talloc_reference(handle, state);
287 handle->destroy = lsa_Policy_destroy;
289 state->access_mask = r->in.access_mask;
290 state->handle = handle;
291 *r->out.handle = handle->wire_handle;
293 /* note that we have completely ignored the attr element of
294 the OpenPolicy. As far as I can tell, this is what w2k3
302 a wrapper around lsa_OpenPolicy2
304 static NTSTATUS lsa_OpenPolicy(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
305 struct lsa_OpenPolicy *r)
307 struct lsa_OpenPolicy2 r2;
309 r2.in.system_name = NULL;
310 r2.in.attr = r->in.attr;
311 r2.in.access_mask = r->in.access_mask;
312 r2.out.handle = r->out.handle;
314 return lsa_OpenPolicy2(dce_call, mem_ctx, &r2);
321 fill in the AccountDomain info
323 static NTSTATUS lsa_info_AccountDomain(struct lsa_policy_state *state, TALLOC_CTX *mem_ctx,
324 struct lsa_DomainInfo *info)
326 const char * const attrs[] = { "objectSid", "name", NULL};
328 struct ldb_message **res;
330 ret = samdb_search(state->sam_ctx, mem_ctx, NULL, &res, attrs,
331 "dn=%s", state->domain_dn);
333 return NT_STATUS_INTERNAL_DB_CORRUPTION;
336 info->name.string = samdb_result_string(res[0], "name", NULL);
337 info->sid = samdb_result_dom_sid(mem_ctx, res[0], "objectSid");
343 fill in the DNS domain info
345 static NTSTATUS lsa_info_DNS(struct lsa_policy_state *state, TALLOC_CTX *mem_ctx,
346 struct lsa_DnsDomainInfo *info)
348 const char * const attrs[] = { "name", "dnsDomain", "objectGUID", "objectSid", NULL };
350 struct ldb_message **res;
352 ret = samdb_search(state->sam_ctx, mem_ctx, NULL, &res, attrs,
353 "dn=%s", state->domain_dn);
355 return NT_STATUS_INTERNAL_DB_CORRUPTION;
358 info->name.string = samdb_result_string(res[0], "name", NULL);
359 info->dns_domain.string = samdb_result_string(res[0], "dnsDomain", NULL);
360 info->dns_forest.string = samdb_result_string(res[0], "dnsDomain", NULL);
361 info->domain_guid = samdb_result_guid(res[0], "objectGUID");
362 info->sid = samdb_result_dom_sid(mem_ctx, res[0], "objectSid");
370 static NTSTATUS lsa_QueryInfoPolicy2(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
371 struct lsa_QueryInfoPolicy2 *r)
373 struct lsa_policy_state *state;
374 struct dcesrv_handle *h;
378 DCESRV_PULL_HANDLE(h, r->in.handle, LSA_HANDLE_POLICY);
382 r->out.info = talloc_p(mem_ctx, union lsa_PolicyInformation);
384 return NT_STATUS_NO_MEMORY;
387 ZERO_STRUCTP(r->out.info);
389 switch (r->in.level) {
390 case LSA_POLICY_INFO_DOMAIN:
391 case LSA_POLICY_INFO_ACCOUNT_DOMAIN:
392 return lsa_info_AccountDomain(state, mem_ctx, &r->out.info->account_domain);
394 case LSA_POLICY_INFO_DNS:
395 return lsa_info_DNS(state, mem_ctx, &r->out.info->dns);
398 return NT_STATUS_INVALID_INFO_CLASS;
404 static NTSTATUS lsa_QueryInfoPolicy(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
405 struct lsa_QueryInfoPolicy *r)
407 struct lsa_QueryInfoPolicy2 r2;
410 r2.in.handle = r->in.handle;
411 r2.in.level = r->in.level;
413 status = lsa_QueryInfoPolicy2(dce_call, mem_ctx, &r2);
415 r->out.info = r2.out.info;
423 static NTSTATUS lsa_SetInfoPolicy(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
424 struct lsa_SetInfoPolicy *r)
426 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
433 static NTSTATUS lsa_ClearAuditLog(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
434 struct lsa_ClearAuditLog *r)
436 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
443 static NTSTATUS lsa_CreateAccount(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
444 struct lsa_CreateAccount *r)
446 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
453 static NTSTATUS lsa_EnumAccounts(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
454 struct lsa_EnumAccounts *r)
456 struct dcesrv_handle *h;
457 struct lsa_policy_state *state;
459 struct ldb_message **res;
460 const char * const attrs[] = { "objectSid", NULL};
463 DCESRV_PULL_HANDLE(h, r->in.handle, LSA_HANDLE_POLICY);
467 ret = samdb_search(state->sam_ctx, mem_ctx, state->builtin_dn, &res, attrs,
470 return NT_STATUS_NO_SUCH_USER;
473 if (*r->in.resume_handle >= ret) {
474 return NT_STATUS_NO_MORE_ENTRIES;
477 count = ret - *r->in.resume_handle;
478 if (count > r->in.num_entries) {
479 count = r->in.num_entries;
483 return NT_STATUS_NO_MORE_ENTRIES;
486 r->out.sids->sids = talloc_array_p(r->out.sids, struct lsa_SidPtr, count);
487 if (r->out.sids->sids == NULL) {
488 return NT_STATUS_NO_MEMORY;
491 for (i=0;i<count;i++) {
494 sidstr = samdb_result_string(res[i + *r->in.resume_handle], "objectSid", NULL);
495 if (sidstr == NULL) {
496 return NT_STATUS_NO_MEMORY;
498 r->out.sids->sids[i].sid = dom_sid_parse_talloc(r->out.sids->sids, sidstr);
499 if (r->out.sids->sids[i].sid == NULL) {
500 return NT_STATUS_NO_MEMORY;
504 r->out.sids->num_sids = count;
505 *r->out.resume_handle = count + *r->in.resume_handle;
513 lsa_CreateTrustedDomain
515 static NTSTATUS lsa_CreateTrustedDomain(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
516 struct lsa_CreateTrustedDomain *r)
518 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
525 static NTSTATUS lsa_EnumTrustDom(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
526 struct lsa_EnumTrustDom *r)
528 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
533 return the authority name and authority sid, given a sid
535 static NTSTATUS lsa_authority_name(struct lsa_policy_state *state,
536 TALLOC_CTX *mem_ctx, struct dom_sid *sid,
537 const char **authority_name,
538 struct dom_sid **authority_sid)
540 if (dom_sid_in_domain(state->domain_sid, sid)) {
541 *authority_name = state->domain_name;
542 *authority_sid = state->domain_sid;
546 if (dom_sid_in_domain(state->builtin_sid, sid)) {
547 *authority_name = "BUILTIN";
548 *authority_sid = state->builtin_sid;
552 *authority_sid = dom_sid_dup(mem_ctx, sid);
553 if (*authority_sid == NULL) {
554 return NT_STATUS_NO_MEMORY;
556 (*authority_sid)->num_auths = 0;
557 *authority_name = dom_sid_string(mem_ctx, *authority_sid);
558 if (*authority_name == NULL) {
559 return NT_STATUS_NO_MEMORY;
566 add to the lsa_RefDomainList for LookupSids and LookupNames
568 static NTSTATUS lsa_authority_list(struct lsa_policy_state *state, TALLOC_CTX *mem_ctx,
570 struct lsa_RefDomainList *domains,
574 const char *authority_name;
575 struct dom_sid *authority_sid;
578 /* work out the authority name */
579 status = lsa_authority_name(state, mem_ctx, sid,
580 &authority_name, &authority_sid);
581 if (!NT_STATUS_IS_OK(status)) {
585 /* see if we've already done this authority name */
586 for (i=0;i<domains->count;i++) {
587 if (strcmp(authority_name, domains->domains[i].name.string) == 0) {
593 domains->domains = talloc_realloc_p(domains,
595 struct lsa_TrustInformation,
597 if (domains->domains == NULL) {
598 return NT_STATUS_NO_MEMORY;
600 domains->domains[i].name.string = authority_name;
601 domains->domains[i].sid = authority_sid;
609 lookup a name for 1 SID
611 static NTSTATUS lsa_lookup_sid(struct lsa_policy_state *state, TALLOC_CTX *mem_ctx,
612 struct dom_sid *sid, const char *sid_str,
613 const char **name, uint32_t *atype)
616 struct ldb_message **res;
617 const char * const attrs[] = { "sAMAccountName", "sAMAccountType", "name", NULL};
620 ret = samdb_search(state->sam_ctx, mem_ctx, NULL, &res, attrs,
621 "objectSid=%s", sid_str);
623 *name = ldb_msg_find_string(res[0], "sAMAccountName", NULL);
625 *name = ldb_msg_find_string(res[0], "name", NULL);
627 *name = talloc_strdup(mem_ctx, sid_str);
628 NTSTATUS_TALLOC_CHECK(*name);
632 *atype = samdb_result_uint(res[0], "sAMAccountType", 0);
637 status = sidmap_allocated_sid_lookup(state->sidmap, mem_ctx, sid, name, atype);
646 static NTSTATUS lsa_LookupSids3(struct dcesrv_call_state *dce_call,
648 struct lsa_LookupSids3 *r)
650 struct lsa_policy_state *state;
652 NTSTATUS status = NT_STATUS_OK;
654 r->out.domains = NULL;
656 status = lsa_get_policy_state(dce_call, mem_ctx, &state);
657 if (!NT_STATUS_IS_OK(status)) {
661 r->out.domains = talloc_zero_p(mem_ctx, struct lsa_RefDomainList);
662 if (r->out.domains == NULL) {
663 return NT_STATUS_NO_MEMORY;
666 r->out.names = talloc_zero_p(mem_ctx, struct lsa_TransNameArray2);
667 if (r->out.names == NULL) {
668 return NT_STATUS_NO_MEMORY;
673 r->out.names->names = talloc_array_p(r->out.names, struct lsa_TranslatedName2,
674 r->in.sids->num_sids);
675 if (r->out.names->names == NULL) {
676 return NT_STATUS_NO_MEMORY;
679 for (i=0;i<r->in.sids->num_sids;i++) {
680 struct dom_sid *sid = r->in.sids->sids[i].sid;
681 char *sid_str = dom_sid_string(mem_ctx, sid);
683 uint32_t atype, rtype, sid_index;
686 r->out.names->count++;
689 r->out.names->names[i].sid_type = SID_NAME_UNKNOWN;
690 r->out.names->names[i].name.string = sid_str;
691 r->out.names->names[i].sid_index = 0xFFFFFFFF;
692 r->out.names->names[i].unknown = 0;
694 if (sid_str == NULL) {
695 r->out.names->names[i].name.string = "(SIDERROR)";
696 status = STATUS_SOME_UNMAPPED;
700 /* work out the authority name */
701 status2 = lsa_authority_list(state, mem_ctx, sid, r->out.domains, &sid_index);
702 if (!NT_STATUS_IS_OK(status2)) {
706 status2 = lsa_lookup_sid(state, mem_ctx, sid, sid_str,
708 if (!NT_STATUS_IS_OK(status2)) {
709 status = STATUS_SOME_UNMAPPED;
713 rtype = samdb_atype_map(atype);
714 if (rtype == SID_NAME_UNKNOWN) {
715 status = STATUS_SOME_UNMAPPED;
719 r->out.names->names[i].sid_type = rtype;
720 r->out.names->names[i].name.string = name;
721 r->out.names->names[i].sid_index = sid_index;
722 r->out.names->names[i].unknown = 0;
732 static NTSTATUS lsa_LookupSids2(struct dcesrv_call_state *dce_call,
734 struct lsa_LookupSids2 *r)
736 struct lsa_LookupSids3 r3;
739 r3.in.sids = r->in.sids;
740 r3.in.names = r->in.names;
741 r3.in.level = r->in.level;
742 r3.in.count = r->in.count;
743 r3.in.unknown1 = r->in.unknown1;
744 r3.in.unknown2 = r->in.unknown2;
745 r3.out.count = r->out.count;
746 r3.out.names = r->out.names;
748 status = lsa_LookupSids3(dce_call, mem_ctx, &r3);
749 if (dce_call->fault_code != 0) {
753 r->out.domains = r3.out.domains;
754 r->out.names = r3.out.names;
755 r->out.count = r3.out.count;
764 static NTSTATUS lsa_LookupSids(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
765 struct lsa_LookupSids *r)
767 struct lsa_LookupSids3 r3;
771 r3.in.sids = r->in.sids;
773 r3.in.level = r->in.level;
774 r3.in.count = r->in.count;
777 r3.out.count = r->out.count;
779 status = lsa_LookupSids3(dce_call, mem_ctx, &r3);
780 if (dce_call->fault_code != 0) {
784 r->out.domains = r3.out.domains;
785 r->out.names = talloc_p(mem_ctx, struct lsa_TransNameArray);
786 if (r->out.names == NULL) {
787 return NT_STATUS_NO_MEMORY;
789 r->out.names->count = r3.out.names->count;
790 r->out.names->names = talloc_array_p(r->out.names, struct lsa_TranslatedName,
791 r->out.names->count);
792 if (r->out.names->names == NULL) {
793 return NT_STATUS_NO_MEMORY;
795 for (i=0;i<r->out.names->count;i++) {
796 r->out.names->names[i].sid_type = r3.out.names->names[i].sid_type;
797 r->out.names->names[i].name.string = r3.out.names->names[i].name.string;
798 r->out.names->names[i].sid_index = r3.out.names->names[i].sid_index;
808 static NTSTATUS lsa_CreateSecret(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
809 struct lsa_CreateSecret *r)
811 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
818 static NTSTATUS lsa_OpenAccount(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
819 struct lsa_OpenAccount *r)
821 struct dcesrv_handle *h, *ah;
822 struct lsa_policy_state *state;
823 struct lsa_account_state *astate;
825 ZERO_STRUCTP(r->out.acct_handle);
827 DCESRV_PULL_HANDLE(h, r->in.handle, LSA_HANDLE_POLICY);
831 astate = talloc_p(dce_call->conn, struct lsa_account_state);
832 if (astate == NULL) {
833 return NT_STATUS_NO_MEMORY;
836 astate->account_sid = dom_sid_dup(astate, r->in.sid);
837 if (astate->account_sid == NULL) {
839 return NT_STATUS_NO_MEMORY;
842 astate->account_sid_str = dom_sid_string(astate, astate->account_sid);
843 if (astate->account_sid_str == NULL) {
845 return NT_STATUS_NO_MEMORY;
848 /* check it really exists */
849 astate->account_dn = samdb_search_string(state->sam_ctx, astate,
851 "(&(objectSid=%s)(objectClass=group))",
852 astate->account_sid_str);
853 if (astate->account_dn == NULL) {
855 return NT_STATUS_NO_SUCH_USER;
858 astate->policy = talloc_reference(astate, state);
859 astate->access_mask = r->in.access_mask;
861 ah = dcesrv_handle_new(dce_call->conn, LSA_HANDLE_ACCOUNT);
864 return NT_STATUS_NO_MEMORY;
868 ah->destroy = lsa_Account_destroy;
870 *r->out.acct_handle = ah->wire_handle;
879 static NTSTATUS lsa_EnumPrivsAccount(struct dcesrv_call_state *dce_call,
881 struct lsa_EnumPrivsAccount *r)
883 struct dcesrv_handle *h;
884 struct lsa_account_state *astate;
886 struct ldb_message **res;
887 const char * const attrs[] = { "privilege", NULL};
888 struct ldb_message_element *el;
890 DCESRV_PULL_HANDLE(h, r->in.handle, LSA_HANDLE_ACCOUNT);
894 r->out.privs = talloc_p(mem_ctx, struct lsa_PrivilegeSet);
895 r->out.privs->count = 0;
896 r->out.privs->unknown = 0;
897 r->out.privs->set = NULL;
899 ret = samdb_search(astate->policy->sam_ctx, mem_ctx, NULL, &res, attrs,
900 "dn=%s", astate->account_dn);
905 el = ldb_msg_find_element(res[0], "privilege");
906 if (el == NULL || el->num_values == 0) {
910 r->out.privs->set = talloc_array_p(r->out.privs,
911 struct lsa_LUIDAttribute, el->num_values);
912 if (r->out.privs->set == NULL) {
913 return NT_STATUS_NO_MEMORY;
916 for (i=0;i<el->num_values;i++) {
917 int id = sec_privilege_id(el->values[i].data);
919 return NT_STATUS_INTERNAL_DB_CORRUPTION;
921 r->out.privs->set[i].attribute = 0;
922 r->out.privs->set[i].luid.low = id;
923 r->out.privs->set[i].luid.high = 0;
926 r->out.privs->count = el->num_values;
932 lsa_EnumAccountRights
934 static NTSTATUS lsa_EnumAccountRights(struct dcesrv_call_state *dce_call,
936 struct lsa_EnumAccountRights *r)
938 struct dcesrv_handle *h;
939 struct lsa_policy_state *state;
941 struct ldb_message **res;
942 const char * const attrs[] = { "privilege", NULL};
944 struct ldb_message_element *el;
946 DCESRV_PULL_HANDLE(h, r->in.handle, LSA_HANDLE_POLICY);
950 sidstr = dom_sid_string(mem_ctx, r->in.sid);
951 if (sidstr == NULL) {
952 return NT_STATUS_NO_MEMORY;
955 ret = samdb_search(state->sam_ctx, mem_ctx, NULL, &res, attrs,
956 "objectSid=%s", sidstr);
958 return NT_STATUS_OBJECT_NAME_NOT_FOUND;
961 el = ldb_msg_find_element(res[0], "privilege");
962 if (el == NULL || el->num_values == 0) {
963 return NT_STATUS_OBJECT_NAME_NOT_FOUND;
966 r->out.rights->count = el->num_values;
967 r->out.rights->names = talloc_array_p(r->out.rights,
968 struct lsa_String, r->out.rights->count);
969 if (r->out.rights->names == NULL) {
970 return NT_STATUS_NO_MEMORY;
973 for (i=0;i<el->num_values;i++) {
974 r->out.rights->names[i].string = el->values[i].data;
983 helper for lsa_AddAccountRights and lsa_RemoveAccountRights
985 static NTSTATUS lsa_AddRemoveAccountRights(struct dcesrv_call_state *dce_call,
987 struct lsa_policy_state *state,
990 const struct lsa_RightSet *rights)
993 struct ldb_message msg;
994 struct ldb_message_element el;
997 struct lsa_EnumAccountRights r2;
999 sidstr = dom_sid_string(mem_ctx, sid);
1000 if (sidstr == NULL) {
1001 return NT_STATUS_NO_MEMORY;
1004 dn = samdb_search_string(state->sam_ctx, mem_ctx, NULL, "dn",
1005 "objectSid=%s", sidstr);
1007 return NT_STATUS_NO_SUCH_USER;
1010 msg.dn = talloc_strdup(mem_ctx, dn);
1011 if (msg.dn == NULL) {
1012 return NT_STATUS_NO_MEMORY;
1014 msg.num_elements = 1;
1016 el.flags = ldb_flag;
1017 el.name = talloc_strdup(mem_ctx, "privilege");
1018 if (el.name == NULL) {
1019 return NT_STATUS_NO_MEMORY;
1022 if (ldb_flag == LDB_FLAG_MOD_ADD) {
1025 r2.in.handle = &state->handle->wire_handle;
1027 r2.out.rights = talloc_p(mem_ctx, struct lsa_RightSet);
1029 status = lsa_EnumAccountRights(dce_call, mem_ctx, &r2);
1030 if (!NT_STATUS_IS_OK(status)) {
1031 ZERO_STRUCTP(r2.out.rights);
1036 el.values = talloc_array_p(mem_ctx, struct ldb_val, rights->count);
1037 if (el.values == NULL) {
1038 return NT_STATUS_NO_MEMORY;
1040 for (i=0;i<rights->count;i++) {
1041 if (sec_privilege_id(rights->names[i].string) == -1) {
1042 return NT_STATUS_NO_SUCH_PRIVILEGE;
1045 if (ldb_flag == LDB_FLAG_MOD_ADD) {
1047 for (j=0;j<r2.out.rights->count;j++) {
1048 if (StrCaseCmp(r2.out.rights->names[j].string,
1049 rights->names[i].string) == 0) {
1053 if (j != r2.out.rights->count) continue;
1057 el.values[el.num_values].length = strlen(rights->names[i].string);
1058 el.values[el.num_values].data = talloc_strdup(mem_ctx, rights->names[i].string);
1059 if (el.values[el.num_values].data == NULL) {
1060 return NT_STATUS_NO_MEMORY;
1065 if (el.num_values == 0) {
1066 return NT_STATUS_OK;
1069 ret = samdb_modify(state->sam_ctx, mem_ctx, &msg);
1071 if (ldb_flag == LDB_FLAG_MOD_DELETE) {
1072 return NT_STATUS_OBJECT_NAME_NOT_FOUND;
1074 return NT_STATUS_UNEXPECTED_IO_ERROR;
1077 return NT_STATUS_OK;
1081 lsa_AddPrivilegesToAccount
1083 static NTSTATUS lsa_AddPrivilegesToAccount(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
1084 struct lsa_AddPrivilegesToAccount *r)
1086 struct lsa_RightSet rights;
1087 struct dcesrv_handle *h;
1088 struct lsa_account_state *astate;
1091 DCESRV_PULL_HANDLE(h, r->in.handle, LSA_HANDLE_ACCOUNT);
1095 rights.count = r->in.privs->count;
1096 rights.names = talloc_array_p(mem_ctx, struct lsa_String, rights.count);
1097 if (rights.names == NULL) {
1098 return NT_STATUS_NO_MEMORY;
1100 for (i=0;i<rights.count;i++) {
1101 int id = r->in.privs->set[i].luid.low;
1102 if (r->in.privs->set[i].luid.high) {
1103 return NT_STATUS_NO_SUCH_PRIVILEGE;
1105 rights.names[i].string = sec_privilege_name(id);
1106 if (rights.names[i].string == NULL) {
1107 return NT_STATUS_NO_SUCH_PRIVILEGE;
1111 return lsa_AddRemoveAccountRights(dce_call, mem_ctx, astate->policy,
1112 LDB_FLAG_MOD_ADD, astate->account_sid,
1118 lsa_RemovePrivilegesFromAccount
1120 static NTSTATUS lsa_RemovePrivilegesFromAccount(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
1121 struct lsa_RemovePrivilegesFromAccount *r)
1123 struct lsa_RightSet *rights;
1124 struct dcesrv_handle *h;
1125 struct lsa_account_state *astate;
1128 DCESRV_PULL_HANDLE(h, r->in.handle, LSA_HANDLE_ACCOUNT);
1132 rights = talloc_p(mem_ctx, struct lsa_RightSet);
1134 if (r->in.remove_all == 1 &&
1135 r->in.privs == NULL) {
1136 struct lsa_EnumAccountRights r2;
1139 r2.in.handle = &astate->policy->handle->wire_handle;
1140 r2.in.sid = astate->account_sid;
1141 r2.out.rights = rights;
1143 status = lsa_EnumAccountRights(dce_call, mem_ctx, &r2);
1144 if (!NT_STATUS_IS_OK(status)) {
1148 return lsa_AddRemoveAccountRights(dce_call, mem_ctx, astate->policy,
1149 LDB_FLAG_MOD_DELETE, astate->account_sid,
1153 if (r->in.remove_all != 0) {
1154 return NT_STATUS_INVALID_PARAMETER;
1157 rights->count = r->in.privs->count;
1158 rights->names = talloc_array_p(mem_ctx, struct lsa_String, rights->count);
1159 if (rights->names == NULL) {
1160 return NT_STATUS_NO_MEMORY;
1162 for (i=0;i<rights->count;i++) {
1163 int id = r->in.privs->set[i].luid.low;
1164 if (r->in.privs->set[i].luid.high) {
1165 return NT_STATUS_NO_SUCH_PRIVILEGE;
1167 rights->names[i].string = sec_privilege_name(id);
1168 if (rights->names[i].string == NULL) {
1169 return NT_STATUS_NO_SUCH_PRIVILEGE;
1173 return lsa_AddRemoveAccountRights(dce_call, mem_ctx, astate->policy,
1174 LDB_FLAG_MOD_DELETE, astate->account_sid,
1180 lsa_GetQuotasForAccount
1182 static NTSTATUS lsa_GetQuotasForAccount(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
1183 struct lsa_GetQuotasForAccount *r)
1185 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
1190 lsa_SetQuotasForAccount
1192 static NTSTATUS lsa_SetQuotasForAccount(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
1193 struct lsa_SetQuotasForAccount *r)
1195 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
1200 lsa_GetSystemAccessAccount
1202 static NTSTATUS lsa_GetSystemAccessAccount(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
1203 struct lsa_GetSystemAccessAccount *r)
1205 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
1210 lsa_SetSystemAccessAccount
1212 static NTSTATUS lsa_SetSystemAccessAccount(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
1213 struct lsa_SetSystemAccessAccount *r)
1215 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
1220 lsa_OpenTrustedDomain
1222 static NTSTATUS lsa_OpenTrustedDomain(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
1223 struct lsa_OpenTrustedDomain *r)
1225 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
1230 lsa_QueryTrustedDomainInfo
1232 static NTSTATUS lsa_QueryTrustedDomainInfo(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
1233 struct lsa_QueryTrustedDomainInfo *r)
1235 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
1240 lsa_SetInformationTrustedDomain
1242 static NTSTATUS lsa_SetInformationTrustedDomain(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
1243 struct lsa_SetInformationTrustedDomain *r)
1245 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
1252 static NTSTATUS lsa_OpenSecret(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
1253 struct lsa_OpenSecret *r)
1255 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
1262 static NTSTATUS lsa_SetSecret(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
1263 struct lsa_SetSecret *r)
1265 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
1272 static NTSTATUS lsa_QuerySecret(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
1273 struct lsa_QuerySecret *r)
1275 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
1282 static NTSTATUS lsa_LookupPrivValue(struct dcesrv_call_state *dce_call,
1283 TALLOC_CTX *mem_ctx,
1284 struct lsa_LookupPrivValue *r)
1286 struct dcesrv_handle *h;
1287 struct lsa_policy_state *state;
1290 DCESRV_PULL_HANDLE(h, r->in.handle, LSA_HANDLE_POLICY);
1294 id = sec_privilege_id(r->in.name->string);
1296 return NT_STATUS_NO_SUCH_PRIVILEGE;
1299 r->out.luid->low = id;
1300 r->out.luid->high = 0;
1302 return NT_STATUS_OK;
1309 static NTSTATUS lsa_LookupPrivName(struct dcesrv_call_state *dce_call,
1310 TALLOC_CTX *mem_ctx,
1311 struct lsa_LookupPrivName *r)
1313 struct dcesrv_handle *h;
1314 struct lsa_policy_state *state;
1315 const char *privname;
1317 DCESRV_PULL_HANDLE(h, r->in.handle, LSA_HANDLE_POLICY);
1321 if (r->in.luid->high != 0) {
1322 return NT_STATUS_NO_SUCH_PRIVILEGE;
1325 privname = sec_privilege_name(r->in.luid->low);
1326 if (privname == NULL) {
1327 return NT_STATUS_NO_SUCH_PRIVILEGE;
1330 r->out.name = talloc_p(mem_ctx, struct lsa_String);
1331 if (r->out.name == NULL) {
1332 return NT_STATUS_NO_MEMORY;
1334 r->out.name->string = privname;
1336 return NT_STATUS_OK;
1341 lsa_LookupPrivDisplayName
1343 static NTSTATUS lsa_LookupPrivDisplayName(struct dcesrv_call_state *dce_call,
1344 TALLOC_CTX *mem_ctx,
1345 struct lsa_LookupPrivDisplayName *r)
1347 struct dcesrv_handle *h;
1348 struct lsa_policy_state *state;
1351 DCESRV_PULL_HANDLE(h, r->in.handle, LSA_HANDLE_POLICY);
1355 id = sec_privilege_id(r->in.name->string);
1357 return NT_STATUS_NO_SUCH_PRIVILEGE;
1360 r->out.disp_name = talloc_p(mem_ctx, struct lsa_String);
1361 if (r->out.disp_name == NULL) {
1362 return NT_STATUS_NO_MEMORY;
1365 r->out.disp_name->string = sec_privilege_display_name(id, r->in.language_id);
1366 if (r->out.disp_name->string == NULL) {
1367 return NT_STATUS_INTERNAL_ERROR;
1370 return NT_STATUS_OK;
1377 static NTSTATUS lsa_DeleteObject(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
1378 struct lsa_DeleteObject *r)
1380 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
1385 lsa_EnumAccountsWithUserRight
1387 static NTSTATUS lsa_EnumAccountsWithUserRight(struct dcesrv_call_state *dce_call,
1388 TALLOC_CTX *mem_ctx,
1389 struct lsa_EnumAccountsWithUserRight *r)
1391 struct dcesrv_handle *h;
1392 struct lsa_policy_state *state;
1394 struct ldb_message **res;
1395 const char * const attrs[] = { "objectSid", NULL};
1396 const char *privname;
1398 DCESRV_PULL_HANDLE(h, r->in.handle, LSA_HANDLE_POLICY);
1402 if (r->in.name == NULL) {
1403 return NT_STATUS_NO_SUCH_PRIVILEGE;
1406 privname = r->in.name->string;
1407 if (sec_privilege_id(privname) == -1) {
1408 return NT_STATUS_NO_SUCH_PRIVILEGE;
1411 ret = samdb_search(state->sam_ctx, mem_ctx, NULL, &res, attrs,
1412 "privilege=%s", privname);
1414 return NT_STATUS_NO_SUCH_USER;
1417 r->out.sids->sids = talloc_array_p(r->out.sids, struct lsa_SidPtr, ret);
1418 if (r->out.sids->sids == NULL) {
1419 return NT_STATUS_NO_MEMORY;
1421 for (i=0;i<ret;i++) {
1423 sidstr = samdb_result_string(res[i], "objectSid", NULL);
1424 if (sidstr == NULL) {
1425 return NT_STATUS_NO_MEMORY;
1427 r->out.sids->sids[i].sid = dom_sid_parse_talloc(r->out.sids->sids,
1429 if (r->out.sids->sids[i].sid == NULL) {
1430 return NT_STATUS_NO_MEMORY;
1433 r->out.sids->num_sids = ret;
1435 return NT_STATUS_OK;
1440 lsa_AddAccountRights
1442 static NTSTATUS lsa_AddAccountRights(struct dcesrv_call_state *dce_call,
1443 TALLOC_CTX *mem_ctx,
1444 struct lsa_AddAccountRights *r)
1446 struct dcesrv_handle *h;
1447 struct lsa_policy_state *state;
1449 DCESRV_PULL_HANDLE(h, r->in.handle, LSA_HANDLE_POLICY);
1453 return lsa_AddRemoveAccountRights(dce_call, mem_ctx, state,
1455 r->in.sid, r->in.rights);
1460 lsa_RemoveAccountRights
1462 static NTSTATUS lsa_RemoveAccountRights(struct dcesrv_call_state *dce_call,
1463 TALLOC_CTX *mem_ctx,
1464 struct lsa_RemoveAccountRights *r)
1466 struct dcesrv_handle *h;
1467 struct lsa_policy_state *state;
1469 DCESRV_PULL_HANDLE(h, r->in.handle, LSA_HANDLE_POLICY);
1473 return lsa_AddRemoveAccountRights(dce_call, mem_ctx, state,
1474 LDB_FLAG_MOD_DELETE,
1475 r->in.sid, r->in.rights);
1480 lsa_QueryTrustedDomainInfoBySid
1482 static NTSTATUS lsa_QueryTrustedDomainInfoBySid(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
1483 struct lsa_QueryTrustedDomainInfoBySid *r)
1485 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
1490 lsa_SetTrustDomainInfo
1492 static NTSTATUS lsa_SetTrustDomainInfo(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
1493 struct lsa_SetTrustDomainInfo *r)
1495 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
1500 lsa_DeleteTrustDomain
1502 static NTSTATUS lsa_DeleteTrustDomain(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
1503 struct lsa_DeleteTrustDomain *r)
1505 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
1510 lsa_StorePrivateData
1512 static NTSTATUS lsa_StorePrivateData(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
1513 struct lsa_StorePrivateData *r)
1515 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
1520 lsa_RetrievePrivateData
1522 static NTSTATUS lsa_RetrievePrivateData(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
1523 struct lsa_RetrievePrivateData *r)
1525 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
1532 static NTSTATUS lsa_GetUserName(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
1533 struct lsa_GetUserName *r)
1535 NTSTATUS status = NT_STATUS_OK;
1536 const char *account_name;
1537 const char *authority_name;
1538 struct lsa_String *_account_name;
1539 struct lsa_StringPointer *_authority_name = NULL;
1541 /* this is what w2k3 does */
1542 r->out.account_name = r->in.account_name;
1543 r->out.authority_name = r->in.authority_name;
1545 if (r->in.account_name && r->in.account_name->string) {
1546 return NT_STATUS_INVALID_PARAMETER;
1549 if (r->in.authority_name &&
1550 r->in.authority_name->string &&
1551 r->in.authority_name->string->string) {
1552 return NT_STATUS_INVALID_PARAMETER;
1555 /* TODO: this check should go and we should rely on the calling code that this is valid */
1556 if (!dce_call->conn->auth_state.session_info ||
1557 !dce_call->conn->auth_state.session_info->server_info ||
1558 !dce_call->conn->auth_state.session_info->server_info->account_name ||
1559 !dce_call->conn->auth_state.session_info->server_info->domain_name) {
1560 return NT_STATUS_INTERNAL_ERROR;
1563 account_name = talloc_reference(mem_ctx, dce_call->conn->auth_state.session_info->server_info->account_name);
1564 authority_name = talloc_reference(mem_ctx, dce_call->conn->auth_state.session_info->server_info->domain_name);
1566 _account_name = talloc_p(mem_ctx, struct lsa_String);
1567 NTSTATUS_TALLOC_CHECK(_account_name);
1568 _account_name->string = account_name;
1570 if (r->in.authority_name) {
1571 _authority_name = talloc_p(mem_ctx, struct lsa_StringPointer);
1572 NTSTATUS_TALLOC_CHECK(_authority_name);
1573 _authority_name->string = talloc_p(mem_ctx, struct lsa_String);
1574 NTSTATUS_TALLOC_CHECK(_authority_name->string);
1575 _authority_name->string->string = authority_name;
1578 r->out.account_name = _account_name;
1579 r->out.authority_name = _authority_name;
1587 static NTSTATUS lsa_SetInfoPolicy2(struct dcesrv_call_state *dce_call,
1588 TALLOC_CTX *mem_ctx,
1589 struct lsa_SetInfoPolicy2 *r)
1591 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
1595 lsa_QueryTrustedDomainInfoByName
1597 static NTSTATUS lsa_QueryTrustedDomainInfoByName(struct dcesrv_call_state *dce_call,
1598 TALLOC_CTX *mem_ctx,
1599 struct lsa_QueryTrustedDomainInfoByName *r)
1601 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
1605 lsa_SetTrustedDomainInfoByName
1607 static NTSTATUS lsa_SetTrustedDomainInfoByName(struct dcesrv_call_state *dce_call,
1608 TALLOC_CTX *mem_ctx,
1609 struct lsa_SetTrustedDomainInfoByName *r)
1611 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
1615 lsa_EnumTrustedDomainsEx
1617 static NTSTATUS lsa_EnumTrustedDomainsEx(struct dcesrv_call_state *dce_call,
1618 TALLOC_CTX *mem_ctx,
1619 struct lsa_EnumTrustedDomainsEx *r)
1621 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
1625 lsa_CreateTrustedDomainEx
1627 static NTSTATUS lsa_CreateTrustedDomainEx(struct dcesrv_call_state *dce_call,
1628 TALLOC_CTX *mem_ctx,
1629 struct lsa_CreateTrustedDomainEx *r)
1631 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
1635 lsa_CloseTrustedDomainEx
1637 static NTSTATUS lsa_CloseTrustedDomainEx(struct dcesrv_call_state *dce_call,
1638 TALLOC_CTX *mem_ctx,
1639 struct lsa_CloseTrustedDomainEx *r)
1641 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
1645 lsa_QueryDomainInformationPolicy
1647 static NTSTATUS lsa_QueryDomainInformationPolicy(struct dcesrv_call_state *dce_call,
1648 TALLOC_CTX *mem_ctx,
1649 struct lsa_QueryDomainInformationPolicy *r)
1651 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
1655 lsa_SetDomInfoPolicy
1657 static NTSTATUS lsa_SetDomInfoPolicy(struct dcesrv_call_state *dce_call,
1658 TALLOC_CTX *mem_ctx,
1659 struct lsa_SetDomInfoPolicy *r)
1661 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
1665 lsa_OpenTrustedDomainByName
1667 static NTSTATUS lsa_OpenTrustedDomainByName(struct dcesrv_call_state *dce_call,
1668 TALLOC_CTX *mem_ctx,
1669 struct lsa_OpenTrustedDomainByName *r)
1671 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
1677 static NTSTATUS lsa_TestCall(struct dcesrv_call_state *dce_call,
1678 TALLOC_CTX *mem_ctx,
1679 struct lsa_TestCall *r)
1681 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
1685 lookup a SID for 1 name
1687 static NTSTATUS lsa_lookup_name(struct lsa_policy_state *state, TALLOC_CTX *mem_ctx,
1688 const char *name, struct dom_sid **sid, uint32_t *atype)
1691 struct ldb_message **res;
1692 const char * const attrs[] = { "objectSid", "sAMAccountType", NULL};
1695 p = strchr_m(name, '\\');
1697 /* TODO: properly parse the domain prefix here, and use it to
1702 ret = samdb_search(state->sam_ctx, mem_ctx, NULL, &res, attrs, "sAMAccountName=%s", name);
1704 const char *sid_str = ldb_msg_find_string(res[0], "objectSid", NULL);
1705 if (sid_str == NULL) {
1706 return NT_STATUS_INVALID_SID;
1709 *sid = dom_sid_parse_talloc(mem_ctx, sid_str);
1711 return NT_STATUS_INVALID_SID;
1714 *atype = samdb_result_uint(res[0], "sAMAccountType", 0);
1716 return NT_STATUS_OK;
1719 /* need to add a call into sidmap to check for a allocated sid */
1721 return NT_STATUS_INVALID_SID;
1728 static NTSTATUS lsa_LookupNames3(struct dcesrv_call_state *dce_call,
1729 TALLOC_CTX *mem_ctx,
1730 struct lsa_LookupNames3 *r)
1732 struct lsa_policy_state *state;
1733 struct dcesrv_handle *h;
1735 NTSTATUS status = NT_STATUS_OK;
1737 r->out.domains = NULL;
1739 DCESRV_PULL_HANDLE(h, r->in.handle, LSA_HANDLE_POLICY);
1743 r->out.domains = talloc_zero_p(mem_ctx, struct lsa_RefDomainList);
1744 if (r->out.domains == NULL) {
1745 return NT_STATUS_NO_MEMORY;
1748 r->out.sids = talloc_zero_p(mem_ctx, struct lsa_TransSidArray3);
1749 if (r->out.sids == NULL) {
1750 return NT_STATUS_NO_MEMORY;
1755 r->out.sids->sids = talloc_array_p(r->out.sids, struct lsa_TranslatedSid3,
1757 if (r->out.sids->sids == NULL) {
1758 return NT_STATUS_NO_MEMORY;
1761 for (i=0;i<r->in.num_names;i++) {
1762 const char *name = r->in.names[i].string;
1763 struct dom_sid *sid;
1764 uint32_t atype, rtype, sid_index;
1767 r->out.sids->count++;
1770 r->out.sids->sids[i].sid_type = SID_NAME_UNKNOWN;
1771 r->out.sids->sids[i].sid = NULL;
1772 r->out.sids->sids[i].sid_index = 0xFFFFFFFF;
1773 r->out.sids->sids[i].unknown = 0;
1775 status2 = lsa_lookup_name(state, mem_ctx, name, &sid, &atype);
1776 if (!NT_STATUS_IS_OK(status2) || sid->num_auths == 0) {
1777 status = STATUS_SOME_UNMAPPED;
1781 rtype = samdb_atype_map(atype);
1782 if (rtype == SID_NAME_UNKNOWN) {
1783 status = STATUS_SOME_UNMAPPED;
1787 status2 = lsa_authority_list(state, mem_ctx, sid, r->out.domains, &sid_index);
1788 if (!NT_STATUS_IS_OK(status2)) {
1792 r->out.sids->sids[i].sid_type = rtype;
1793 r->out.sids->sids[i].sid = sid;
1794 r->out.sids->sids[i].sid_index = sid_index;
1795 r->out.sids->sids[i].unknown = 0;
1804 static NTSTATUS lsa_LookupNames2(struct dcesrv_call_state *dce_call,
1805 TALLOC_CTX *mem_ctx,
1806 struct lsa_LookupNames2 *r)
1808 struct lsa_policy_state *state;
1809 struct dcesrv_handle *h;
1811 NTSTATUS status = NT_STATUS_OK;
1813 r->out.domains = NULL;
1815 DCESRV_PULL_HANDLE(h, r->in.handle, LSA_HANDLE_POLICY);
1819 r->out.domains = talloc_zero_p(mem_ctx, struct lsa_RefDomainList);
1820 if (r->out.domains == NULL) {
1821 return NT_STATUS_NO_MEMORY;
1824 r->out.sids = talloc_zero_p(mem_ctx, struct lsa_TransSidArray2);
1825 if (r->out.sids == NULL) {
1826 return NT_STATUS_NO_MEMORY;
1831 r->out.sids->sids = talloc_array_p(r->out.sids, struct lsa_TranslatedSid2,
1833 if (r->out.sids->sids == NULL) {
1834 return NT_STATUS_NO_MEMORY;
1837 for (i=0;i<r->in.num_names;i++) {
1838 const char *name = r->in.names[i].string;
1839 struct dom_sid *sid;
1840 uint32_t atype, rtype, sid_index;
1843 r->out.sids->count++;
1846 r->out.sids->sids[i].sid_type = SID_NAME_UNKNOWN;
1847 r->out.sids->sids[i].rid = 0xFFFFFFFF;
1848 r->out.sids->sids[i].sid_index = 0xFFFFFFFF;
1849 r->out.sids->sids[i].unknown = 0;
1851 status2 = lsa_lookup_name(state, mem_ctx, name, &sid, &atype);
1852 if (!NT_STATUS_IS_OK(status2) || sid->num_auths == 0) {
1853 status = STATUS_SOME_UNMAPPED;
1857 rtype = samdb_atype_map(atype);
1858 if (rtype == SID_NAME_UNKNOWN) {
1859 status = STATUS_SOME_UNMAPPED;
1863 status2 = lsa_authority_list(state, mem_ctx, sid, r->out.domains, &sid_index);
1864 if (!NT_STATUS_IS_OK(status2)) {
1868 r->out.sids->sids[i].sid_type = rtype;
1869 r->out.sids->sids[i].rid = sid->sub_auths[sid->num_auths-1];
1870 r->out.sids->sids[i].sid_index = sid_index;
1871 r->out.sids->sids[i].unknown = 0;
1880 static NTSTATUS lsa_LookupNames(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
1881 struct lsa_LookupNames *r)
1883 struct lsa_LookupNames2 r2;
1887 r2.in.handle = r->in.handle;
1888 r2.in.num_names = r->in.num_names;
1889 r2.in.names = r->in.names;
1891 r2.in.level = r->in.level;
1892 r2.in.count = r->in.count;
1895 r2.out.count = r->out.count;
1897 status = lsa_LookupNames2(dce_call, mem_ctx, &r2);
1898 if (dce_call->fault_code != 0) {
1902 r->out.domains = r2.out.domains;
1903 r->out.sids = talloc_p(mem_ctx, struct lsa_TransSidArray);
1904 if (r->out.sids == NULL) {
1905 return NT_STATUS_NO_MEMORY;
1907 r->out.sids->count = r2.out.sids->count;
1908 r->out.sids->sids = talloc_array_p(r->out.sids, struct lsa_TranslatedSid,
1909 r->out.sids->count);
1910 if (r->out.sids->sids == NULL) {
1911 return NT_STATUS_NO_MEMORY;
1913 for (i=0;i<r->out.sids->count;i++) {
1914 r->out.sids->sids[i].sid_type = r2.out.sids->sids[i].sid_type;
1915 r->out.sids->sids[i].rid = r2.out.sids->sids[i].rid;
1916 r->out.sids->sids[i].sid_index = r2.out.sids->sids[i].sid_index;
1925 lsa_CreateTrustedDomainEx2
1927 static NTSTATUS lsa_CreateTrustedDomainEx2(struct dcesrv_call_state *dce_call,
1928 TALLOC_CTX *mem_ctx,
1929 struct lsa_CreateTrustedDomainEx2 *r)
1931 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
1937 static NTSTATUS lsa_CREDRWRITE(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
1938 struct lsa_CREDRWRITE *r)
1940 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
1947 static NTSTATUS lsa_CREDRREAD(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
1948 struct lsa_CREDRREAD *r)
1950 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
1957 static NTSTATUS lsa_CREDRENUMERATE(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
1958 struct lsa_CREDRENUMERATE *r)
1960 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
1965 lsa_CREDRWRITEDOMAINCREDENTIALS
1967 static NTSTATUS lsa_CREDRWRITEDOMAINCREDENTIALS(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
1968 struct lsa_CREDRWRITEDOMAINCREDENTIALS *r)
1970 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
1975 lsa_CREDRREADDOMAINCREDENTIALS
1977 static NTSTATUS lsa_CREDRREADDOMAINCREDENTIALS(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
1978 struct lsa_CREDRREADDOMAINCREDENTIALS *r)
1980 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
1987 static NTSTATUS lsa_CREDRDELETE(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
1988 struct lsa_CREDRDELETE *r)
1990 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
1995 lsa_CREDRGETTARGETINFO
1997 static NTSTATUS lsa_CREDRGETTARGETINFO(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
1998 struct lsa_CREDRGETTARGETINFO *r)
2000 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
2005 lsa_CREDRPROFILELOADED
2007 static NTSTATUS lsa_CREDRPROFILELOADED(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
2008 struct lsa_CREDRPROFILELOADED *r)
2010 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
2015 lsa_CREDRGETSESSIONTYPES
2017 static NTSTATUS lsa_CREDRGETSESSIONTYPES(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
2018 struct lsa_CREDRGETSESSIONTYPES *r)
2020 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
2025 lsa_LSARREGISTERAUDITEVENT
2027 static NTSTATUS lsa_LSARREGISTERAUDITEVENT(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
2028 struct lsa_LSARREGISTERAUDITEVENT *r)
2030 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
2035 lsa_LSARGENAUDITEVENT
2037 static NTSTATUS lsa_LSARGENAUDITEVENT(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
2038 struct lsa_LSARGENAUDITEVENT *r)
2040 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
2045 lsa_LSARUNREGISTERAUDITEVENT
2047 static NTSTATUS lsa_LSARUNREGISTERAUDITEVENT(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
2048 struct lsa_LSARUNREGISTERAUDITEVENT *r)
2050 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
2055 lsa_LSARQUERYFORESTTRUSTINFORMATION
2057 static NTSTATUS lsa_LSARQUERYFORESTTRUSTINFORMATION(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
2058 struct lsa_LSARQUERYFORESTTRUSTINFORMATION *r)
2060 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
2065 lsa_LSARSETFORESTTRUSTINFORMATION
2067 static NTSTATUS lsa_LSARSETFORESTTRUSTINFORMATION(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
2068 struct lsa_LSARSETFORESTTRUSTINFORMATION *r)
2070 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
2077 static NTSTATUS lsa_CREDRRENAME(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
2078 struct lsa_CREDRRENAME *r)
2080 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
2085 lsa_LSARLOOKUPNAMES4
2087 static NTSTATUS lsa_LSARLOOKUPNAMES4(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
2088 struct lsa_LSARLOOKUPNAMES4 *r)
2090 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
2095 lsa_LSAROPENPOLICYSCE
2097 static NTSTATUS lsa_LSAROPENPOLICYSCE(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
2098 struct lsa_LSAROPENPOLICYSCE *r)
2100 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
2105 lsa_LSARADTREGISTERSECURITYEVENTSOURCE
2107 static NTSTATUS lsa_LSARADTREGISTERSECURITYEVENTSOURCE(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
2108 struct lsa_LSARADTREGISTERSECURITYEVENTSOURCE *r)
2110 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
2115 lsa_LSARADTUNREGISTERSECURITYEVENTSOURCE
2117 static NTSTATUS lsa_LSARADTUNREGISTERSECURITYEVENTSOURCE(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
2118 struct lsa_LSARADTUNREGISTERSECURITYEVENTSOURCE *r)
2120 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
2125 lsa_LSARADTREPORTSECURITYEVENT
2127 static NTSTATUS lsa_LSARADTREPORTSECURITYEVENT(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
2128 struct lsa_LSARADTREPORTSECURITYEVENT *r)
2130 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
2134 /* include the generated boilerplate */
2135 #include "librpc/gen_ndr/ndr_lsa_s.c"