2 Unix SMB/CIFS implementation.
4 endpoint server for the lsarpc pipe
6 Copyright (C) Andrew Tridgell 2004
7 Copyright (C) Andrew Bartlett <abartlet@samba.org> 2004-2005
9 This program is free software; you can redistribute it and/or modify
10 it under the terms of the GNU General Public License as published by
11 the Free Software Foundation; either version 2 of the License, or
12 (at your option) any later version.
14 This program is distributed in the hope that it will be useful,
15 but WITHOUT ANY WARRANTY; without even the implied warranty of
16 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17 GNU General Public License for more details.
19 You should have received a copy of the GNU General Public License
20 along with this program; if not, write to the Free Software
21 Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
25 #include "librpc/gen_ndr/ndr_lsa.h"
26 #include "librpc/gen_ndr/ndr_samr.h"
27 #include "rpc_server/dcerpc_server.h"
28 #include "rpc_server/common/common.h"
29 #include "lib/ldb/include/ldb.h"
30 #include "system/time.h"
32 #include "auth/auth.h"
35 this type allows us to distinguish handle types
41 LSA_HANDLE_TRUSTED_DOMAIN
45 state associated with a lsa_OpenPolicy() operation
47 struct lsa_policy_state
{
48 struct dcesrv_handle
*handle
;
49 struct ldb_context
*sam_ldb
;
50 struct sidmap_context
*sidmap
;
52 const struct ldb_dn
*domain_dn
;
53 const struct ldb_dn
*builtin_dn
;
54 const struct ldb_dn
*system_dn
;
55 const char *domain_name
;
56 struct dom_sid
*domain_sid
;
57 struct dom_sid
*builtin_sid
;
62 state associated with a lsa_OpenAccount() operation
64 struct lsa_account_state
{
65 struct lsa_policy_state
*policy
;
67 struct dom_sid
*account_sid
;
68 const struct ldb_dn
*account_dn
;
73 state associated with a lsa_OpenSecret() operation
75 struct lsa_secret_state
{
76 struct lsa_policy_state
*policy
;
78 const struct ldb_dn
*secret_dn
;
79 struct ldb_context
*sam_ldb
;
84 state associated with a lsa_OpenTrustedDomain() operation
86 struct lsa_trusted_domain_state
{
87 struct lsa_policy_state
*policy
;
89 const struct ldb_dn
*trusted_domain_dn
;
95 static NTSTATUS
lsa_Close(struct dcesrv_call_state
*dce_call
, TALLOC_CTX
*mem_ctx
,
98 struct dcesrv_handle
*h
;
100 *r
->out
.handle
= *r
->in
.handle
;
102 DCESRV_PULL_HANDLE(h
, r
->in
.handle
, DCESRV_HANDLE_ANY
);
106 ZERO_STRUCTP(r
->out
.handle
);
115 static NTSTATUS
lsa_Delete(struct dcesrv_call_state
*dce_call
, TALLOC_CTX
*mem_ctx
,
116 struct lsa_Delete
*r
)
118 struct dcesrv_handle
*h
;
121 DCESRV_PULL_HANDLE(h
, r
->in
.handle
, DCESRV_HANDLE_ANY
);
122 if (h
->wire_handle
.handle_type
== LSA_HANDLE_SECRET
) {
123 struct lsa_secret_state
*secret_state
= h
->data
;
124 ret
= samdb_delete(secret_state
->sam_ldb
, mem_ctx
, secret_state
->secret_dn
);
127 return NT_STATUS_INVALID_HANDLE
;
131 } else if (h
->wire_handle
.handle_type
== LSA_HANDLE_TRUSTED_DOMAIN
) {
132 struct lsa_trusted_domain_state
*trusted_domain_state
= h
->data
;
133 ret
= samdb_delete(trusted_domain_state
->policy
->sam_ldb
, mem_ctx
,
134 trusted_domain_state
->trusted_domain_dn
);
137 return NT_STATUS_INVALID_HANDLE
;
143 return NT_STATUS_INVALID_HANDLE
;
150 static NTSTATUS
lsa_EnumPrivs(struct dcesrv_call_state
*dce_call
, TALLOC_CTX
*mem_ctx
,
151 struct lsa_EnumPrivs
*r
)
153 struct dcesrv_handle
*h
;
154 struct lsa_policy_state
*state
;
156 const char *privname
;
158 DCESRV_PULL_HANDLE(h
, r
->in
.handle
, LSA_HANDLE_POLICY
);
162 i
= *r
->in
.resume_handle
;
165 while ((privname
= sec_privilege_name(i
)) &&
166 r
->out
.privs
->count
< r
->in
.max_count
) {
167 struct lsa_PrivEntry
*e
;
169 r
->out
.privs
->privs
= talloc_realloc(r
->out
.privs
,
171 struct lsa_PrivEntry
,
172 r
->out
.privs
->count
+1);
173 if (r
->out
.privs
->privs
== NULL
) {
174 return NT_STATUS_NO_MEMORY
;
176 e
= &r
->out
.privs
->privs
[r
->out
.privs
->count
];
179 e
->name
.string
= privname
;
180 r
->out
.privs
->count
++;
184 *r
->out
.resume_handle
= i
;
193 static NTSTATUS
lsa_QuerySecurity(struct dcesrv_call_state
*dce_call
, TALLOC_CTX
*mem_ctx
,
194 struct lsa_QuerySecurity
*r
)
196 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR
);
203 static NTSTATUS
lsa_SetSecObj(struct dcesrv_call_state
*dce_call
, TALLOC_CTX
*mem_ctx
,
204 struct lsa_SetSecObj
*r
)
206 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR
);
213 static NTSTATUS
lsa_ChangePassword(struct dcesrv_call_state
*dce_call
, TALLOC_CTX
*mem_ctx
,
214 struct lsa_ChangePassword
*r
)
216 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR
);
219 static NTSTATUS
lsa_get_policy_state(struct dcesrv_call_state
*dce_call
, TALLOC_CTX
*mem_ctx
,
220 struct lsa_policy_state
**_state
)
222 struct lsa_policy_state
*state
;
224 state
= talloc(mem_ctx
, struct lsa_policy_state
);
226 return NT_STATUS_NO_MEMORY
;
229 /* make sure the sam database is accessible */
230 state
->sam_ldb
= samdb_connect(state
, dce_call
->conn
->auth_state
.session_info
);
231 if (state
->sam_ldb
== NULL
) {
232 return NT_STATUS_INVALID_SYSTEM_SERVICE
;
235 state
->sidmap
= sidmap_open(state
);
236 if (state
->sidmap
== NULL
) {
237 return NT_STATUS_INVALID_SYSTEM_SERVICE
;
240 /* work out the domain_dn - useful for so many calls its worth
242 state
->domain_dn
= samdb_base_dn(state
);
243 if (!state
->domain_dn
) {
244 return NT_STATUS_NO_MEMORY
;
248 = samdb_search_string(state
->sam_ldb
, mem_ctx
, NULL
, "nETBIOSName",
249 "(&(objectclass=crossRef)(ncName=%s))", ldb_dn_linearize(mem_ctx
, state
->domain_dn
));
251 if (!state
->domain_name
) {
252 return NT_STATUS_NO_SUCH_DOMAIN
;
254 talloc_steal(state
, state
->domain_name
);
256 /* work out the builtin_dn - useful for so many calls its worth
258 state
->builtin_dn
= samdb_search_dn(state
->sam_ldb
, mem_ctx
, state
->domain_dn
, "(objectClass=builtinDomain)");
259 if (!state
->builtin_dn
) {
260 return NT_STATUS_NO_SUCH_DOMAIN
;
263 /* work out the system_dn - useful for so many calls its worth
265 state
->system_dn
= samdb_search_dn(state
->sam_ldb
, mem_ctx
,
266 state
->domain_dn
, "(&(objectClass=container)(cn=System))");
267 if (!state
->system_dn
) {
268 return NT_STATUS_NO_SUCH_DOMAIN
;
271 state
->domain_sid
= samdb_search_dom_sid(state
->sam_ldb
, state
,
272 state
->domain_dn
, "objectSid", "dn=%s",
273 ldb_dn_linearize(mem_ctx
, state
->domain_dn
));
274 if (!state
->domain_sid
) {
275 return NT_STATUS_NO_SUCH_DOMAIN
;
278 talloc_steal(state
, state
->domain_sid
);
280 state
->builtin_sid
= dom_sid_parse_talloc(state
, SID_BUILTIN
);
281 if (!state
->builtin_sid
) {
282 return NT_STATUS_NO_SUCH_DOMAIN
;
293 static NTSTATUS
lsa_OpenPolicy2(struct dcesrv_call_state
*dce_call
, TALLOC_CTX
*mem_ctx
,
294 struct lsa_OpenPolicy2
*r
)
297 struct lsa_policy_state
*state
;
298 struct dcesrv_handle
*handle
;
300 ZERO_STRUCTP(r
->out
.handle
);
302 status
= lsa_get_policy_state(dce_call
, mem_ctx
, &state
);
303 if (!NT_STATUS_IS_OK(status
)) {
307 handle
= dcesrv_handle_new(dce_call
->context
, LSA_HANDLE_POLICY
);
309 return NT_STATUS_NO_MEMORY
;
312 handle
->data
= talloc_steal(handle
, state
);
314 state
->access_mask
= r
->in
.access_mask
;
315 state
->handle
= handle
;
316 *r
->out
.handle
= handle
->wire_handle
;
318 /* note that we have completely ignored the attr element of
319 the OpenPolicy. As far as I can tell, this is what w2k3
327 a wrapper around lsa_OpenPolicy2
329 static NTSTATUS
lsa_OpenPolicy(struct dcesrv_call_state
*dce_call
, TALLOC_CTX
*mem_ctx
,
330 struct lsa_OpenPolicy
*r
)
332 struct lsa_OpenPolicy2 r2
;
334 r2
.in
.system_name
= NULL
;
335 r2
.in
.attr
= r
->in
.attr
;
336 r2
.in
.access_mask
= r
->in
.access_mask
;
337 r2
.out
.handle
= r
->out
.handle
;
339 return lsa_OpenPolicy2(dce_call
, mem_ctx
, &r2
);
346 fill in the AccountDomain info
348 static NTSTATUS
lsa_info_AccountDomain(struct lsa_policy_state
*state
, TALLOC_CTX
*mem_ctx
,
349 struct lsa_DomainInfo
*info
)
351 info
->name
.string
= state
->domain_name
;
352 info
->sid
= state
->domain_sid
;
358 fill in the DNS domain info
360 static NTSTATUS
lsa_info_DNS(struct lsa_policy_state
*state
, TALLOC_CTX
*mem_ctx
,
361 struct lsa_DnsDomainInfo
*info
)
363 const char * const attrs
[] = { "dnsDomain", "objectGUID", "objectSid", NULL
};
365 struct ldb_message
**res
;
367 ret
= gendb_search_dn(state
->sam_ldb
, mem_ctx
, state
->domain_dn
, &res
, attrs
);
369 return NT_STATUS_INTERNAL_DB_CORRUPTION
;
372 info
->name
.string
= state
->domain_name
;
373 info
->sid
= state
->domain_sid
;
374 info
->dns_domain
.string
= samdb_result_string(res
[0], "dnsDomain", NULL
);
375 info
->dns_forest
.string
= samdb_result_string(res
[0], "dnsDomain", NULL
);
376 info
->domain_guid
= samdb_result_guid(res
[0], "objectGUID");
384 static NTSTATUS
lsa_QueryInfoPolicy2(struct dcesrv_call_state
*dce_call
, TALLOC_CTX
*mem_ctx
,
385 struct lsa_QueryInfoPolicy2
*r
)
387 struct lsa_policy_state
*state
;
388 struct dcesrv_handle
*h
;
392 DCESRV_PULL_HANDLE(h
, r
->in
.handle
, LSA_HANDLE_POLICY
);
396 r
->out
.info
= talloc(mem_ctx
, union lsa_PolicyInformation
);
398 return NT_STATUS_NO_MEMORY
;
401 ZERO_STRUCTP(r
->out
.info
);
403 switch (r
->in
.level
) {
404 case LSA_POLICY_INFO_DOMAIN
:
405 case LSA_POLICY_INFO_ACCOUNT_DOMAIN
:
406 return lsa_info_AccountDomain(state
, mem_ctx
, &r
->out
.info
->account_domain
);
408 case LSA_POLICY_INFO_DNS
:
409 return lsa_info_DNS(state
, mem_ctx
, &r
->out
.info
->dns
);
412 return NT_STATUS_INVALID_INFO_CLASS
;
418 static NTSTATUS
lsa_QueryInfoPolicy(struct dcesrv_call_state
*dce_call
, TALLOC_CTX
*mem_ctx
,
419 struct lsa_QueryInfoPolicy
*r
)
421 struct lsa_QueryInfoPolicy2 r2
;
424 r2
.in
.handle
= r
->in
.handle
;
425 r2
.in
.level
= r
->in
.level
;
427 status
= lsa_QueryInfoPolicy2(dce_call
, mem_ctx
, &r2
);
429 r
->out
.info
= r2
.out
.info
;
437 static NTSTATUS
lsa_SetInfoPolicy(struct dcesrv_call_state
*dce_call
, TALLOC_CTX
*mem_ctx
,
438 struct lsa_SetInfoPolicy
*r
)
440 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR
);
447 static NTSTATUS
lsa_ClearAuditLog(struct dcesrv_call_state
*dce_call
, TALLOC_CTX
*mem_ctx
,
448 struct lsa_ClearAuditLog
*r
)
450 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR
);
457 static NTSTATUS
lsa_CreateAccount(struct dcesrv_call_state
*dce_call
, TALLOC_CTX
*mem_ctx
,
458 struct lsa_CreateAccount
*r
)
460 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR
);
467 static NTSTATUS
lsa_EnumAccounts(struct dcesrv_call_state
*dce_call
, TALLOC_CTX
*mem_ctx
,
468 struct lsa_EnumAccounts
*r
)
470 struct dcesrv_handle
*h
;
471 struct lsa_policy_state
*state
;
473 struct ldb_message
**res
;
474 const char * const attrs
[] = { "objectSid", NULL
};
477 DCESRV_PULL_HANDLE(h
, r
->in
.handle
, LSA_HANDLE_POLICY
);
481 ret
= gendb_search(state
->sam_ldb
, mem_ctx
, state
->builtin_dn
, &res
, attrs
,
484 return NT_STATUS_NO_SUCH_USER
;
487 if (*r
->in
.resume_handle
>= ret
) {
488 return NT_STATUS_NO_MORE_ENTRIES
;
491 count
= ret
- *r
->in
.resume_handle
;
492 if (count
> r
->in
.num_entries
) {
493 count
= r
->in
.num_entries
;
497 return NT_STATUS_NO_MORE_ENTRIES
;
500 r
->out
.sids
->sids
= talloc_array(r
->out
.sids
, struct lsa_SidPtr
, count
);
501 if (r
->out
.sids
->sids
== NULL
) {
502 return NT_STATUS_NO_MEMORY
;
505 for (i
=0;i
<count
;i
++) {
506 r
->out
.sids
->sids
[i
].sid
=
507 samdb_result_dom_sid(r
->out
.sids
->sids
,
508 res
[i
+ *r
->in
.resume_handle
],
510 NT_STATUS_HAVE_NO_MEMORY(r
->out
.sids
->sids
[i
].sid
);
513 r
->out
.sids
->num_sids
= count
;
514 *r
->out
.resume_handle
= count
+ *r
->in
.resume_handle
;
522 lsa_CreateTrustedDomainEx2
524 static NTSTATUS
lsa_CreateTrustedDomainEx2(struct dcesrv_call_state
*dce_call
,
526 struct lsa_CreateTrustedDomainEx2
*r
)
528 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR
);
532 lsa_CreateTrustedDomainEx
534 static NTSTATUS
lsa_CreateTrustedDomainEx(struct dcesrv_call_state
*dce_call
,
536 struct lsa_CreateTrustedDomainEx
*r
)
538 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR
);
542 lsa_CreateTrustedDomain
544 static NTSTATUS
lsa_CreateTrustedDomain(struct dcesrv_call_state
*dce_call
, TALLOC_CTX
*mem_ctx
,
545 struct lsa_CreateTrustedDomain
*r
)
547 struct dcesrv_handle
*policy_handle
;
548 struct lsa_policy_state
*policy_state
;
549 struct lsa_trusted_domain_state
*trusted_domain_state
;
550 struct dcesrv_handle
*handle
;
551 struct ldb_message
**msgs
, *msg
;
552 const char *attrs
[] = {
558 DCESRV_PULL_HANDLE(policy_handle
, r
->in
.handle
, LSA_HANDLE_POLICY
);
559 ZERO_STRUCTP(r
->out
.trustdom_handle
);
561 policy_state
= policy_handle
->data
;
563 if (!r
->in
.info
->name
.string
) {
564 return NT_STATUS_INVALID_PARAMETER
;
566 name
= r
->in
.info
->name
.string
;
568 trusted_domain_state
= talloc(mem_ctx
, struct lsa_trusted_domain_state
);
569 if (!trusted_domain_state
) {
570 return NT_STATUS_NO_MEMORY
;
572 trusted_domain_state
->policy
= policy_state
;
574 msg
= ldb_msg_new(mem_ctx
);
576 return NT_STATUS_NO_MEMORY
;
579 /* search for the trusted_domain record */
580 ret
= gendb_search(trusted_domain_state
->policy
->sam_ldb
,
581 mem_ctx
, policy_state
->system_dn
, &msgs
, attrs
,
582 "(&(cn=%s)(objectclass=trustedDomain))",
583 r
->in
.info
->name
.string
);
585 return NT_STATUS_OBJECT_NAME_COLLISION
;
588 if (ret
< 0 || ret
> 1) {
589 DEBUG(0,("Found %d records matching DN %s\n", ret
,
590 ldb_dn_linearize(mem_ctx
, policy_state
->system_dn
)));
591 return NT_STATUS_INTERNAL_DB_CORRUPTION
;
594 msg
->dn
= ldb_dn_build_child(mem_ctx
, "cn",
595 r
->in
.info
->name
.string
,
596 policy_state
->system_dn
);
598 return NT_STATUS_NO_MEMORY
;
601 samdb_msg_add_string(trusted_domain_state
->policy
->sam_ldb
, mem_ctx
, msg
, "cn", name
);
602 samdb_msg_add_string(trusted_domain_state
->policy
->sam_ldb
, mem_ctx
, msg
, "flatname", name
);
604 if (r
->in
.info
->sid
) {
605 const char *sid_string
= dom_sid_string(mem_ctx
, r
->in
.info
->sid
);
607 return NT_STATUS_NO_MEMORY
;
610 samdb_msg_add_string(trusted_domain_state
->policy
->sam_ldb
, mem_ctx
, msg
, "securityIdentifier", sid_string
);
613 samdb_msg_add_string(trusted_domain_state
->policy
->sam_ldb
, mem_ctx
, msg
, "objectClass", "trustedDomain");
615 trusted_domain_state
->trusted_domain_dn
= talloc_reference(trusted_domain_state
, msg
->dn
);
617 /* create the trusted_domain */
618 ret
= samdb_add(trusted_domain_state
->policy
->sam_ldb
, mem_ctx
, msg
);
620 DEBUG(0,("Failed to create trusted_domain record %s\n",
621 ldb_dn_linearize(mem_ctx
, msg
->dn
)));
622 return NT_STATUS_INTERNAL_DB_CORRUPTION
;
625 handle
= dcesrv_handle_new(dce_call
->context
, LSA_HANDLE_TRUSTED_DOMAIN
);
627 return NT_STATUS_NO_MEMORY
;
630 handle
->data
= talloc_steal(handle
, trusted_domain_state
);
632 trusted_domain_state
->access_mask
= r
->in
.access_mask
;
633 trusted_domain_state
->policy
= talloc_reference(trusted_domain_state
, policy_state
);
635 *r
->out
.trustdom_handle
= handle
->wire_handle
;
641 lsa_OpenTrustedDomain
643 static NTSTATUS
lsa_OpenTrustedDomain(struct dcesrv_call_state
*dce_call
, TALLOC_CTX
*mem_ctx
,
644 struct lsa_OpenTrustedDomain
*r
)
646 struct dcesrv_handle
*policy_handle
;
648 struct lsa_policy_state
*policy_state
;
649 struct lsa_trusted_domain_state
*trusted_domain_state
;
650 struct dcesrv_handle
*handle
;
651 struct ldb_message
**msgs
;
652 const char *attrs
[] = {
656 const char *sid_string
;
659 DCESRV_PULL_HANDLE(policy_handle
, r
->in
.handle
, LSA_HANDLE_POLICY
);
660 ZERO_STRUCTP(r
->out
.trustdom_handle
);
661 policy_state
= policy_handle
->data
;
663 trusted_domain_state
= talloc(mem_ctx
, struct lsa_trusted_domain_state
);
664 if (!trusted_domain_state
) {
665 return NT_STATUS_NO_MEMORY
;
667 trusted_domain_state
->policy
= policy_state
;
669 sid_string
= dom_sid_string(mem_ctx
, r
->in
.sid
);
671 return NT_STATUS_NO_MEMORY
;
674 /* search for the trusted_domain record */
675 ret
= gendb_search(trusted_domain_state
->policy
->sam_ldb
,
676 mem_ctx
, policy_state
->system_dn
, &msgs
, attrs
,
677 "(&(securityIdentifier=%s)(objectclass=trustedDomain))",
680 return NT_STATUS_OBJECT_NAME_NOT_FOUND
;
684 DEBUG(0,("Found %d records matching DN %s\n", ret
,
685 ldb_dn_linearize(mem_ctx
, policy_state
->system_dn
)));
686 return NT_STATUS_INTERNAL_DB_CORRUPTION
;
689 trusted_domain_state
->trusted_domain_dn
= talloc_reference(trusted_domain_state
, msgs
[0]->dn
);
691 handle
= dcesrv_handle_new(dce_call
->context
, LSA_HANDLE_TRUSTED_DOMAIN
);
693 return NT_STATUS_NO_MEMORY
;
696 handle
->data
= talloc_steal(handle
, trusted_domain_state
);
698 trusted_domain_state
->access_mask
= r
->in
.access_mask
;
699 trusted_domain_state
->policy
= talloc_reference(trusted_domain_state
, policy_state
);
701 *r
->out
.trustdom_handle
= handle
->wire_handle
;
708 lsa_OpenTrustedDomainByName
710 static NTSTATUS
lsa_OpenTrustedDomainByName(struct dcesrv_call_state
*dce_call
,
712 struct lsa_OpenTrustedDomainByName
*r
)
714 struct dcesrv_handle
*policy_handle
;
716 struct lsa_policy_state
*policy_state
;
717 struct lsa_trusted_domain_state
*trusted_domain_state
;
718 struct dcesrv_handle
*handle
;
719 struct ldb_message
**msgs
;
720 const char *attrs
[] = {
726 DCESRV_PULL_HANDLE(policy_handle
, r
->in
.handle
, LSA_HANDLE_POLICY
);
727 ZERO_STRUCTP(r
->out
.trustdom_handle
);
728 policy_state
= policy_handle
->data
;
730 if (!r
->in
.name
.string
) {
731 return NT_STATUS_INVALID_PARAMETER
;
734 trusted_domain_state
= talloc(mem_ctx
, struct lsa_trusted_domain_state
);
735 if (!trusted_domain_state
) {
736 return NT_STATUS_NO_MEMORY
;
738 trusted_domain_state
->policy
= policy_state
;
740 /* search for the trusted_domain record */
741 ret
= gendb_search(trusted_domain_state
->policy
->sam_ldb
,
742 mem_ctx
, policy_state
->system_dn
, &msgs
, attrs
,
743 "(&(flatname=%s)(objectclass=trustedDomain))",
746 return NT_STATUS_OBJECT_NAME_NOT_FOUND
;
750 DEBUG(0,("Found %d records matching DN %s\n", ret
,
751 ldb_dn_linearize(mem_ctx
, policy_state
->system_dn
)));
752 return NT_STATUS_INTERNAL_DB_CORRUPTION
;
755 trusted_domain_state
->trusted_domain_dn
= talloc_reference(trusted_domain_state
, msgs
[0]->dn
);
757 handle
= dcesrv_handle_new(dce_call
->context
, LSA_HANDLE_TRUSTED_DOMAIN
);
759 return NT_STATUS_NO_MEMORY
;
762 handle
->data
= talloc_steal(handle
, trusted_domain_state
);
764 trusted_domain_state
->access_mask
= r
->in
.access_mask
;
765 trusted_domain_state
->policy
= talloc_reference(trusted_domain_state
, policy_state
);
767 *r
->out
.trustdom_handle
= handle
->wire_handle
;
774 lsa_QueryTrustedDomainInfoBySid
776 static NTSTATUS
lsa_QueryTrustedDomainInfoBySid(struct dcesrv_call_state
*dce_call
, TALLOC_CTX
*mem_ctx
,
777 struct lsa_QueryTrustedDomainInfoBySid
*r
)
779 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR
);
784 lsa_SetTrustDomainInfo
786 static NTSTATUS
lsa_SetTrustDomainInfo(struct dcesrv_call_state
*dce_call
, TALLOC_CTX
*mem_ctx
,
787 struct lsa_SetTrustDomainInfo
*r
)
789 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR
);
794 lsa_DeleteTrustDomain
796 static NTSTATUS
lsa_DeleteTrustDomain(struct dcesrv_call_state
*dce_call
, TALLOC_CTX
*mem_ctx
,
797 struct lsa_DeleteTrustDomain
*r
)
799 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR
);
804 lsa_QueryTrustedDomainInfo
806 static NTSTATUS
lsa_QueryTrustedDomainInfo(struct dcesrv_call_state
*dce_call
, TALLOC_CTX
*mem_ctx
,
807 struct lsa_QueryTrustedDomainInfo
*r
)
809 struct dcesrv_handle
*h
;
810 struct lsa_trusted_domain_state
*trusted_domain_state
;
811 struct ldb_message
*msg
;
813 struct ldb_message
**res
;
814 const char *attrs
[] = {
818 "securityIdentifier",
822 DCESRV_PULL_HANDLE(h
, r
->in
.trustdom_handle
, LSA_HANDLE_TRUSTED_DOMAIN
);
824 trusted_domain_state
= h
->data
;
826 /* pull all the user attributes */
827 ret
= gendb_search_dn(trusted_domain_state
->policy
->sam_ldb
, mem_ctx
,
828 trusted_domain_state
->trusted_domain_dn
, &res
, attrs
);
830 return NT_STATUS_INTERNAL_DB_CORRUPTION
;
834 r
->out
.info
= talloc(mem_ctx
, union lsa_TrustedDomainInfo
);
836 return NT_STATUS_NO_MEMORY
;
838 switch (r
->in
.level
) {
839 case LSA_TRUSTED_DOMAIN_INFO_NAME
:
840 r
->out
.info
->name
.netbios_name
.string
841 = samdb_result_string(msg
, "flatname", NULL
);
843 case LSA_TRUSTED_DOMAIN_INFO_POSIX_OFFSET
:
844 r
->out
.info
->posix_offset
.posix_offset
845 = samdb_result_uint(msg
, "posixOffset", 0);
848 /* oops, we don't want to return the info after all */
849 talloc_free(r
->out
.info
);
851 return NT_STATUS_INVALID_INFO_CLASS
;
859 lsa_SetInformationTrustedDomain
861 static NTSTATUS
lsa_SetInformationTrustedDomain(struct dcesrv_call_state
*dce_call
, TALLOC_CTX
*mem_ctx
,
862 struct lsa_SetInformationTrustedDomain
*r
)
864 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR
);
869 lsa_QueryTrustedDomainInfoByName
871 static NTSTATUS
lsa_QueryTrustedDomainInfoByName(struct dcesrv_call_state
*dce_call
,
873 struct lsa_QueryTrustedDomainInfoByName
*r
)
875 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR
);
879 lsa_SetTrustedDomainInfoByName
881 static NTSTATUS
lsa_SetTrustedDomainInfoByName(struct dcesrv_call_state
*dce_call
,
883 struct lsa_SetTrustedDomainInfoByName
*r
)
885 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR
);
889 lsa_EnumTrustedDomainsEx
891 static NTSTATUS
lsa_EnumTrustedDomainsEx(struct dcesrv_call_state
*dce_call
,
893 struct lsa_EnumTrustedDomainsEx
*r
)
895 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR
);
899 lsa_CloseTrustedDomainEx
901 static NTSTATUS
lsa_CloseTrustedDomainEx(struct dcesrv_call_state
*dce_call
,
903 struct lsa_CloseTrustedDomainEx
*r
)
905 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR
);
910 comparison function for sorting lsa_DomainInformation array
912 static int compare_DomainInformation(struct lsa_DomainInformation
*e1
, struct lsa_DomainInformation
*e2
)
914 return strcasecmp(e1
->name
.string
, e2
->name
.string
);
920 static NTSTATUS
lsa_EnumTrustDom(struct dcesrv_call_state
*dce_call
, TALLOC_CTX
*mem_ctx
,
921 struct lsa_EnumTrustDom
*r
)
923 struct dcesrv_handle
*policy_handle
;
924 struct lsa_DomainInformation
*entries
;
925 struct lsa_policy_state
*policy_state
;
926 struct ldb_message
**domains
;
927 const char *attrs
[] = {
929 "securityIdentifier",
936 *r
->out
.resume_handle
= 0;
938 r
->out
.domains
->domains
= NULL
;
939 r
->out
.domains
->count
= 0;
941 DCESRV_PULL_HANDLE(policy_handle
, r
->in
.handle
, LSA_HANDLE_POLICY
);
943 policy_state
= policy_handle
->data
;
945 /* search for all users in this domain. This could possibly be cached and
946 resumed based on resume_key */
947 count
= gendb_search(policy_state
->sam_ldb
, mem_ctx
, policy_state
->system_dn
, &domains
, attrs
,
948 "objectclass=trustedDomain");
950 return NT_STATUS_INTERNAL_DB_CORRUPTION
;
952 if (count
== 0 || r
->in
.max_size
== 0) {
956 /* convert to lsa_DomainInformation format */
957 entries
= talloc_array(mem_ctx
, struct lsa_DomainInformation
, count
);
959 return NT_STATUS_NO_MEMORY
;
961 for (i
=0;i
<count
;i
++) {
962 entries
[i
].sid
= samdb_result_dom_sid(mem_ctx
, domains
[i
], "securityIdentifier");
963 entries
[i
].name
.string
= samdb_result_string(domains
[i
], "flatname", NULL
);
966 /* sort the results by name */
967 qsort(entries
, count
, sizeof(struct lsa_DomainInformation
),
968 (comparison_fn_t
)compare_DomainInformation
);
970 if (*r
->in
.resume_handle
>= count
) {
971 *r
->out
.resume_handle
= -1;
973 return NT_STATUS_NO_MORE_ENTRIES
;
976 /* return the rest, limit by max_size. Note that we
977 use the w2k3 element size value of 60 */
978 r
->out
.domains
->count
= count
- *r
->in
.resume_handle
;
979 r
->out
.domains
->count
= MIN(r
->out
.domains
->count
,
980 1+(r
->in
.max_size
/LSA_ENUM_TRUST_DOMAIN_MULTIPLIER
));
982 r
->out
.domains
->domains
= entries
+ *r
->in
.resume_handle
;
983 r
->out
.domains
->count
= r
->out
.domains
->count
;
985 if (r
->out
.domains
->count
< count
- *r
->in
.resume_handle
) {
986 *r
->out
.resume_handle
= *r
->in
.resume_handle
+ r
->out
.domains
->count
;
987 return STATUS_MORE_ENTRIES
;
995 return the authority name and authority sid, given a sid
997 static NTSTATUS
lsa_authority_name(struct lsa_policy_state
*state
,
998 TALLOC_CTX
*mem_ctx
, struct dom_sid
*sid
,
999 const char **authority_name
,
1000 struct dom_sid
**authority_sid
)
1002 if (dom_sid_in_domain(state
->domain_sid
, sid
)) {
1003 *authority_name
= state
->domain_name
;
1004 *authority_sid
= state
->domain_sid
;
1005 return NT_STATUS_OK
;
1008 if (dom_sid_in_domain(state
->builtin_sid
, sid
)) {
1009 *authority_name
= "BUILTIN";
1010 *authority_sid
= state
->builtin_sid
;
1011 return NT_STATUS_OK
;
1014 *authority_sid
= dom_sid_dup(mem_ctx
, sid
);
1015 if (*authority_sid
== NULL
) {
1016 return NT_STATUS_NO_MEMORY
;
1018 (*authority_sid
)->num_auths
= 0;
1019 *authority_name
= dom_sid_string(mem_ctx
, *authority_sid
);
1020 if (*authority_name
== NULL
) {
1021 return NT_STATUS_NO_MEMORY
;
1024 return NT_STATUS_OK
;
1028 add to the lsa_RefDomainList for LookupSids and LookupNames
1030 static NTSTATUS
lsa_authority_list(struct lsa_policy_state
*state
, TALLOC_CTX
*mem_ctx
,
1031 struct dom_sid
*sid
,
1032 struct lsa_RefDomainList
*domains
,
1033 uint32_t *sid_index
)
1036 const char *authority_name
;
1037 struct dom_sid
*authority_sid
;
1040 /* work out the authority name */
1041 status
= lsa_authority_name(state
, mem_ctx
, sid
,
1042 &authority_name
, &authority_sid
);
1043 if (!NT_STATUS_IS_OK(status
)) {
1047 /* see if we've already done this authority name */
1048 for (i
=0;i
<domains
->count
;i
++) {
1049 if (strcmp(authority_name
, domains
->domains
[i
].name
.string
) == 0) {
1051 return NT_STATUS_OK
;
1055 domains
->domains
= talloc_realloc(domains
,
1057 struct lsa_TrustInformation
,
1059 if (domains
->domains
== NULL
) {
1060 return NT_STATUS_NO_MEMORY
;
1062 domains
->domains
[i
].name
.string
= authority_name
;
1063 domains
->domains
[i
].sid
= authority_sid
;
1067 return NT_STATUS_OK
;
1071 lookup a name for 1 SID
1073 static NTSTATUS
lsa_lookup_sid(struct lsa_policy_state
*state
, TALLOC_CTX
*mem_ctx
,
1074 struct dom_sid
*sid
, const char *sid_str
,
1075 const char **name
, uint32_t *atype
)
1078 struct ldb_message
**res
;
1079 const char * const attrs
[] = { "sAMAccountName", "sAMAccountType", "name", NULL
};
1082 ret
= gendb_search(state
->sam_ldb
, mem_ctx
, NULL
, &res
, attrs
,
1083 "objectSid=%s", ldap_encode_ndr_dom_sid(mem_ctx
, sid
));
1085 *name
= ldb_msg_find_string(res
[0], "sAMAccountName", NULL
);
1087 *name
= ldb_msg_find_string(res
[0], "name", NULL
);
1089 *name
= talloc_strdup(mem_ctx
, sid_str
);
1090 NTSTATUS_TALLOC_CHECK(*name
);
1094 *atype
= samdb_result_uint(res
[0], "sAMAccountType", 0);
1096 return NT_STATUS_OK
;
1099 status
= sidmap_allocated_sid_lookup(state
->sidmap
, mem_ctx
, sid
, name
, atype
);
1108 static NTSTATUS
lsa_LookupSids3(struct dcesrv_call_state
*dce_call
,
1109 TALLOC_CTX
*mem_ctx
,
1110 struct lsa_LookupSids3
*r
)
1112 struct lsa_policy_state
*state
;
1114 NTSTATUS status
= NT_STATUS_OK
;
1116 r
->out
.domains
= NULL
;
1118 status
= lsa_get_policy_state(dce_call
, mem_ctx
, &state
);
1119 if (!NT_STATUS_IS_OK(status
)) {
1123 r
->out
.domains
= talloc_zero(mem_ctx
, struct lsa_RefDomainList
);
1124 if (r
->out
.domains
== NULL
) {
1125 return NT_STATUS_NO_MEMORY
;
1128 r
->out
.names
= talloc_zero(mem_ctx
, struct lsa_TransNameArray2
);
1129 if (r
->out
.names
== NULL
) {
1130 return NT_STATUS_NO_MEMORY
;
1135 r
->out
.names
->names
= talloc_array(r
->out
.names
, struct lsa_TranslatedName2
,
1136 r
->in
.sids
->num_sids
);
1137 if (r
->out
.names
->names
== NULL
) {
1138 return NT_STATUS_NO_MEMORY
;
1141 for (i
=0;i
<r
->in
.sids
->num_sids
;i
++) {
1142 struct dom_sid
*sid
= r
->in
.sids
->sids
[i
].sid
;
1143 char *sid_str
= dom_sid_string(mem_ctx
, sid
);
1145 uint32_t atype
, rtype
, sid_index
;
1148 r
->out
.names
->count
++;
1151 r
->out
.names
->names
[i
].sid_type
= SID_NAME_UNKNOWN
;
1152 r
->out
.names
->names
[i
].name
.string
= sid_str
;
1153 r
->out
.names
->names
[i
].sid_index
= 0xFFFFFFFF;
1154 r
->out
.names
->names
[i
].unknown
= 0;
1156 if (sid_str
== NULL
) {
1157 r
->out
.names
->names
[i
].name
.string
= "(SIDERROR)";
1158 status
= STATUS_SOME_UNMAPPED
;
1162 /* work out the authority name */
1163 status2
= lsa_authority_list(state
, mem_ctx
, sid
, r
->out
.domains
, &sid_index
);
1164 if (!NT_STATUS_IS_OK(status2
)) {
1168 status2
= lsa_lookup_sid(state
, mem_ctx
, sid
, sid_str
,
1170 if (!NT_STATUS_IS_OK(status2
)) {
1171 status
= STATUS_SOME_UNMAPPED
;
1175 rtype
= samdb_atype_map(atype
);
1176 if (rtype
== SID_NAME_UNKNOWN
) {
1177 status
= STATUS_SOME_UNMAPPED
;
1181 r
->out
.names
->names
[i
].sid_type
= rtype
;
1182 r
->out
.names
->names
[i
].name
.string
= name
;
1183 r
->out
.names
->names
[i
].sid_index
= sid_index
;
1184 r
->out
.names
->names
[i
].unknown
= 0;
1194 static NTSTATUS
lsa_LookupSids2(struct dcesrv_call_state
*dce_call
,
1195 TALLOC_CTX
*mem_ctx
,
1196 struct lsa_LookupSids2
*r
)
1198 struct lsa_LookupSids3 r3
;
1201 r3
.in
.sids
= r
->in
.sids
;
1202 r3
.in
.names
= r
->in
.names
;
1203 r3
.in
.level
= r
->in
.level
;
1204 r3
.in
.count
= r
->in
.count
;
1205 r3
.in
.unknown1
= r
->in
.unknown1
;
1206 r3
.in
.unknown2
= r
->in
.unknown2
;
1207 r3
.out
.count
= r
->out
.count
;
1208 r3
.out
.names
= r
->out
.names
;
1210 status
= lsa_LookupSids3(dce_call
, mem_ctx
, &r3
);
1211 if (dce_call
->fault_code
!= 0) {
1215 r
->out
.domains
= r3
.out
.domains
;
1216 r
->out
.names
= r3
.out
.names
;
1217 r
->out
.count
= r3
.out
.count
;
1226 static NTSTATUS
lsa_LookupSids(struct dcesrv_call_state
*dce_call
, TALLOC_CTX
*mem_ctx
,
1227 struct lsa_LookupSids
*r
)
1229 struct lsa_LookupSids3 r3
;
1233 r3
.in
.sids
= r
->in
.sids
;
1235 r3
.in
.level
= r
->in
.level
;
1236 r3
.in
.count
= r
->in
.count
;
1239 r3
.out
.count
= r
->out
.count
;
1240 r3
.out
.names
= NULL
;
1242 status
= lsa_LookupSids3(dce_call
, mem_ctx
, &r3
);
1243 if (dce_call
->fault_code
!= 0) {
1247 r
->out
.domains
= r3
.out
.domains
;
1248 if (!r3
.out
.names
) {
1249 r
->out
.names
= NULL
;
1253 r
->out
.names
= talloc(mem_ctx
, struct lsa_TransNameArray
);
1254 if (r
->out
.names
== NULL
) {
1255 return NT_STATUS_NO_MEMORY
;
1257 r
->out
.names
->count
= r3
.out
.names
->count
;
1258 r
->out
.names
->names
= talloc_array(r
->out
.names
, struct lsa_TranslatedName
,
1259 r
->out
.names
->count
);
1260 if (r
->out
.names
->names
== NULL
) {
1261 return NT_STATUS_NO_MEMORY
;
1263 for (i
=0;i
<r
->out
.names
->count
;i
++) {
1264 r
->out
.names
->names
[i
].sid_type
= r3
.out
.names
->names
[i
].sid_type
;
1265 r
->out
.names
->names
[i
].name
.string
= r3
.out
.names
->names
[i
].name
.string
;
1266 r
->out
.names
->names
[i
].sid_index
= r3
.out
.names
->names
[i
].sid_index
;
1276 static NTSTATUS
lsa_OpenAccount(struct dcesrv_call_state
*dce_call
, TALLOC_CTX
*mem_ctx
,
1277 struct lsa_OpenAccount
*r
)
1279 struct dcesrv_handle
*h
, *ah
;
1280 struct lsa_policy_state
*state
;
1281 struct lsa_account_state
*astate
;
1283 ZERO_STRUCTP(r
->out
.acct_handle
);
1285 DCESRV_PULL_HANDLE(h
, r
->in
.handle
, LSA_HANDLE_POLICY
);
1289 astate
= talloc(dce_call
->conn
, struct lsa_account_state
);
1290 if (astate
== NULL
) {
1291 return NT_STATUS_NO_MEMORY
;
1294 astate
->account_sid
= dom_sid_dup(astate
, r
->in
.sid
);
1295 if (astate
->account_sid
== NULL
) {
1296 talloc_free(astate
);
1297 return NT_STATUS_NO_MEMORY
;
1300 /* check it really exists */
1301 astate
->account_dn
= samdb_search_dn(state
->sam_ldb
, astate
,
1302 NULL
, "(&(objectSid=%s)(objectClass=group))",
1303 ldap_encode_ndr_dom_sid(mem_ctx
, astate
->account_sid
));
1304 if (astate
->account_dn
== NULL
) {
1305 talloc_free(astate
);
1306 return NT_STATUS_NO_SUCH_USER
;
1309 astate
->policy
= talloc_reference(astate
, state
);
1310 astate
->access_mask
= r
->in
.access_mask
;
1312 ah
= dcesrv_handle_new(dce_call
->context
, LSA_HANDLE_ACCOUNT
);
1314 talloc_free(astate
);
1315 return NT_STATUS_NO_MEMORY
;
1318 ah
->data
= talloc_steal(ah
, astate
);
1320 *r
->out
.acct_handle
= ah
->wire_handle
;
1322 return NT_STATUS_OK
;
1327 lsa_EnumPrivsAccount
1329 static NTSTATUS
lsa_EnumPrivsAccount(struct dcesrv_call_state
*dce_call
,
1330 TALLOC_CTX
*mem_ctx
,
1331 struct lsa_EnumPrivsAccount
*r
)
1333 struct dcesrv_handle
*h
;
1334 struct lsa_account_state
*astate
;
1336 struct ldb_message
**res
;
1337 const char * const attrs
[] = { "privilege", NULL
};
1338 struct ldb_message_element
*el
;
1340 DCESRV_PULL_HANDLE(h
, r
->in
.handle
, LSA_HANDLE_ACCOUNT
);
1344 r
->out
.privs
= talloc(mem_ctx
, struct lsa_PrivilegeSet
);
1345 r
->out
.privs
->count
= 0;
1346 r
->out
.privs
->unknown
= 0;
1347 r
->out
.privs
->set
= NULL
;
1349 ret
= gendb_search_dn(astate
->policy
->sam_ldb
, mem_ctx
,
1350 astate
->account_dn
, &res
, attrs
);
1352 return NT_STATUS_OK
;
1355 el
= ldb_msg_find_element(res
[0], "privilege");
1356 if (el
== NULL
|| el
->num_values
== 0) {
1357 return NT_STATUS_OK
;
1360 r
->out
.privs
->set
= talloc_array(r
->out
.privs
,
1361 struct lsa_LUIDAttribute
, el
->num_values
);
1362 if (r
->out
.privs
->set
== NULL
) {
1363 return NT_STATUS_NO_MEMORY
;
1366 for (i
=0;i
<el
->num_values
;i
++) {
1367 int id
= sec_privilege_id((const char *)el
->values
[i
].data
);
1369 return NT_STATUS_INTERNAL_DB_CORRUPTION
;
1371 r
->out
.privs
->set
[i
].attribute
= 0;
1372 r
->out
.privs
->set
[i
].luid
.low
= id
;
1373 r
->out
.privs
->set
[i
].luid
.high
= 0;
1376 r
->out
.privs
->count
= el
->num_values
;
1378 return NT_STATUS_OK
;
1382 lsa_EnumAccountRights
1384 static NTSTATUS
lsa_EnumAccountRights(struct dcesrv_call_state
*dce_call
,
1385 TALLOC_CTX
*mem_ctx
,
1386 struct lsa_EnumAccountRights
*r
)
1388 struct dcesrv_handle
*h
;
1389 struct lsa_policy_state
*state
;
1391 struct ldb_message
**res
;
1392 const char * const attrs
[] = { "privilege", NULL
};
1394 struct ldb_message_element
*el
;
1396 DCESRV_PULL_HANDLE(h
, r
->in
.handle
, LSA_HANDLE_POLICY
);
1400 sidstr
= ldap_encode_ndr_dom_sid(mem_ctx
, r
->in
.sid
);
1401 if (sidstr
== NULL
) {
1402 return NT_STATUS_NO_MEMORY
;
1405 ret
= gendb_search(state
->sam_ldb
, mem_ctx
, NULL
, &res
, attrs
,
1406 "objectSid=%s", sidstr
);
1408 return NT_STATUS_OBJECT_NAME_NOT_FOUND
;
1411 el
= ldb_msg_find_element(res
[0], "privilege");
1412 if (el
== NULL
|| el
->num_values
== 0) {
1413 return NT_STATUS_OBJECT_NAME_NOT_FOUND
;
1416 r
->out
.rights
->count
= el
->num_values
;
1417 r
->out
.rights
->names
= talloc_array(r
->out
.rights
,
1418 struct lsa_String
, r
->out
.rights
->count
);
1419 if (r
->out
.rights
->names
== NULL
) {
1420 return NT_STATUS_NO_MEMORY
;
1423 for (i
=0;i
<el
->num_values
;i
++) {
1424 r
->out
.rights
->names
[i
].string
= (const char *)el
->values
[i
].data
;
1427 return NT_STATUS_OK
;
1433 helper for lsa_AddAccountRights and lsa_RemoveAccountRights
1435 static NTSTATUS
lsa_AddRemoveAccountRights(struct dcesrv_call_state
*dce_call
,
1436 TALLOC_CTX
*mem_ctx
,
1437 struct lsa_policy_state
*state
,
1439 struct dom_sid
*sid
,
1440 const struct lsa_RightSet
*rights
)
1443 struct ldb_message
*msg
;
1444 struct ldb_message_element el
;
1446 struct lsa_EnumAccountRights r2
;
1448 sidstr
= ldap_encode_ndr_dom_sid(mem_ctx
, sid
);
1449 if (sidstr
== NULL
) {
1450 return NT_STATUS_NO_MEMORY
;
1453 msg
= ldb_msg_new(mem_ctx
);
1455 return NT_STATUS_NO_MEMORY
;
1458 msg
->dn
= samdb_search_dn(state
->sam_ldb
, mem_ctx
, NULL
, "objectSid=%s", sidstr
);
1459 if (msg
->dn
== NULL
) {
1460 return NT_STATUS_NO_SUCH_USER
;
1463 if (ldb_msg_add_empty(state
->sam_ldb
, msg
, "privilege", ldb_flag
)) {
1464 return NT_STATUS_NO_MEMORY
;
1467 if (ldb_flag
== LDB_FLAG_MOD_ADD
) {
1470 r2
.in
.handle
= &state
->handle
->wire_handle
;
1472 r2
.out
.rights
= talloc(mem_ctx
, struct lsa_RightSet
);
1474 status
= lsa_EnumAccountRights(dce_call
, mem_ctx
, &r2
);
1475 if (!NT_STATUS_IS_OK(status
)) {
1476 ZERO_STRUCTP(r2
.out
.rights
);
1481 el
.values
= talloc_array(mem_ctx
, struct ldb_val
, rights
->count
);
1482 if (el
.values
== NULL
) {
1483 return NT_STATUS_NO_MEMORY
;
1485 for (i
=0;i
<rights
->count
;i
++) {
1486 if (sec_privilege_id(rights
->names
[i
].string
) == -1) {
1487 return NT_STATUS_NO_SUCH_PRIVILEGE
;
1490 if (ldb_flag
== LDB_FLAG_MOD_ADD
) {
1492 for (j
=0;j
<r2
.out
.rights
->count
;j
++) {
1493 if (strcasecmp_m(r2
.out
.rights
->names
[j
].string
,
1494 rights
->names
[i
].string
) == 0) {
1498 if (j
!= r2
.out
.rights
->count
) continue;
1502 el
.values
[el
.num_values
].length
= strlen(rights
->names
[i
].string
);
1503 el
.values
[el
.num_values
].data
= (uint8_t *)talloc_strdup(mem_ctx
, rights
->names
[i
].string
);
1504 if (el
.values
[el
.num_values
].data
== NULL
) {
1505 return NT_STATUS_NO_MEMORY
;
1510 if (el
.num_values
== 0) {
1511 return NT_STATUS_OK
;
1514 ret
= samdb_modify(state
->sam_ldb
, mem_ctx
, msg
);
1516 if (ldb_flag
== LDB_FLAG_MOD_DELETE
) {
1517 return NT_STATUS_OBJECT_NAME_NOT_FOUND
;
1519 return NT_STATUS_UNEXPECTED_IO_ERROR
;
1522 return NT_STATUS_OK
;
1526 lsa_AddPrivilegesToAccount
1528 static NTSTATUS
lsa_AddPrivilegesToAccount(struct dcesrv_call_state
*dce_call
, TALLOC_CTX
*mem_ctx
,
1529 struct lsa_AddPrivilegesToAccount
*r
)
1531 struct lsa_RightSet rights
;
1532 struct dcesrv_handle
*h
;
1533 struct lsa_account_state
*astate
;
1536 DCESRV_PULL_HANDLE(h
, r
->in
.handle
, LSA_HANDLE_ACCOUNT
);
1540 rights
.count
= r
->in
.privs
->count
;
1541 rights
.names
= talloc_array(mem_ctx
, struct lsa_String
, rights
.count
);
1542 if (rights
.names
== NULL
) {
1543 return NT_STATUS_NO_MEMORY
;
1545 for (i
=0;i
<rights
.count
;i
++) {
1546 int id
= r
->in
.privs
->set
[i
].luid
.low
;
1547 if (r
->in
.privs
->set
[i
].luid
.high
) {
1548 return NT_STATUS_NO_SUCH_PRIVILEGE
;
1550 rights
.names
[i
].string
= sec_privilege_name(id
);
1551 if (rights
.names
[i
].string
== NULL
) {
1552 return NT_STATUS_NO_SUCH_PRIVILEGE
;
1556 return lsa_AddRemoveAccountRights(dce_call
, mem_ctx
, astate
->policy
,
1557 LDB_FLAG_MOD_ADD
, astate
->account_sid
,
1563 lsa_RemovePrivilegesFromAccount
1565 static NTSTATUS
lsa_RemovePrivilegesFromAccount(struct dcesrv_call_state
*dce_call
, TALLOC_CTX
*mem_ctx
,
1566 struct lsa_RemovePrivilegesFromAccount
*r
)
1568 struct lsa_RightSet
*rights
;
1569 struct dcesrv_handle
*h
;
1570 struct lsa_account_state
*astate
;
1573 DCESRV_PULL_HANDLE(h
, r
->in
.handle
, LSA_HANDLE_ACCOUNT
);
1577 rights
= talloc(mem_ctx
, struct lsa_RightSet
);
1579 if (r
->in
.remove_all
== 1 &&
1580 r
->in
.privs
== NULL
) {
1581 struct lsa_EnumAccountRights r2
;
1584 r2
.in
.handle
= &astate
->policy
->handle
->wire_handle
;
1585 r2
.in
.sid
= astate
->account_sid
;
1586 r2
.out
.rights
= rights
;
1588 status
= lsa_EnumAccountRights(dce_call
, mem_ctx
, &r2
);
1589 if (!NT_STATUS_IS_OK(status
)) {
1593 return lsa_AddRemoveAccountRights(dce_call
, mem_ctx
, astate
->policy
,
1594 LDB_FLAG_MOD_DELETE
, astate
->account_sid
,
1598 if (r
->in
.remove_all
!= 0) {
1599 return NT_STATUS_INVALID_PARAMETER
;
1602 rights
->count
= r
->in
.privs
->count
;
1603 rights
->names
= talloc_array(mem_ctx
, struct lsa_String
, rights
->count
);
1604 if (rights
->names
== NULL
) {
1605 return NT_STATUS_NO_MEMORY
;
1607 for (i
=0;i
<rights
->count
;i
++) {
1608 int id
= r
->in
.privs
->set
[i
].luid
.low
;
1609 if (r
->in
.privs
->set
[i
].luid
.high
) {
1610 return NT_STATUS_NO_SUCH_PRIVILEGE
;
1612 rights
->names
[i
].string
= sec_privilege_name(id
);
1613 if (rights
->names
[i
].string
== NULL
) {
1614 return NT_STATUS_NO_SUCH_PRIVILEGE
;
1618 return lsa_AddRemoveAccountRights(dce_call
, mem_ctx
, astate
->policy
,
1619 LDB_FLAG_MOD_DELETE
, astate
->account_sid
,
1625 lsa_GetQuotasForAccount
1627 static NTSTATUS
lsa_GetQuotasForAccount(struct dcesrv_call_state
*dce_call
, TALLOC_CTX
*mem_ctx
,
1628 struct lsa_GetQuotasForAccount
*r
)
1630 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR
);
1635 lsa_SetQuotasForAccount
1637 static NTSTATUS
lsa_SetQuotasForAccount(struct dcesrv_call_state
*dce_call
, TALLOC_CTX
*mem_ctx
,
1638 struct lsa_SetQuotasForAccount
*r
)
1640 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR
);
1645 lsa_GetSystemAccessAccount
1647 static NTSTATUS
lsa_GetSystemAccessAccount(struct dcesrv_call_state
*dce_call
, TALLOC_CTX
*mem_ctx
,
1648 struct lsa_GetSystemAccessAccount
*r
)
1650 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR
);
1655 lsa_SetSystemAccessAccount
1657 static NTSTATUS
lsa_SetSystemAccessAccount(struct dcesrv_call_state
*dce_call
, TALLOC_CTX
*mem_ctx
,
1658 struct lsa_SetSystemAccessAccount
*r
)
1660 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR
);
1667 static NTSTATUS
lsa_CreateSecret(struct dcesrv_call_state
*dce_call
, TALLOC_CTX
*mem_ctx
,
1668 struct lsa_CreateSecret
*r
)
1670 struct dcesrv_handle
*policy_handle
;
1671 struct lsa_policy_state
*policy_state
;
1672 struct lsa_secret_state
*secret_state
;
1673 struct dcesrv_handle
*handle
;
1674 struct ldb_message
**msgs
, *msg
;
1675 const char *attrs
[] = {
1683 DCESRV_PULL_HANDLE(policy_handle
, r
->in
.handle
, LSA_HANDLE_POLICY
);
1684 ZERO_STRUCTP(r
->out
.sec_handle
);
1686 policy_state
= policy_handle
->data
;
1688 if (!r
->in
.name
.string
) {
1689 return NT_STATUS_INVALID_PARAMETER
;
1692 secret_state
= talloc(mem_ctx
, struct lsa_secret_state
);
1693 if (!secret_state
) {
1694 return NT_STATUS_NO_MEMORY
;
1696 secret_state
->policy
= policy_state
;
1698 msg
= ldb_msg_new(mem_ctx
);
1700 return NT_STATUS_NO_MEMORY
;
1703 if (strncmp("G$", r
->in
.name
.string
, 2) == 0) {
1705 name
= &r
->in
.name
.string
[2];
1706 secret_state
->sam_ldb
= talloc_reference(secret_state
, policy_state
->sam_ldb
);
1707 secret_state
->global
= True
;
1709 if (strlen(name
) < 1) {
1710 return NT_STATUS_INVALID_PARAMETER
;
1713 name2
= talloc_asprintf(mem_ctx
, "%s Secret", name
);
1714 /* search for the secret record */
1715 ret
= gendb_search(secret_state
->sam_ldb
,
1716 mem_ctx
, policy_state
->system_dn
, &msgs
, attrs
,
1717 "(&(cn=%s)(objectclass=secret))",
1720 return NT_STATUS_OBJECT_NAME_COLLISION
;
1723 if (ret
< 0 || ret
> 1) {
1724 DEBUG(0,("Found %d records matching DN %s\n", ret
,
1725 ldb_dn_linearize(mem_ctx
, policy_state
->system_dn
)));
1726 return NT_STATUS_INTERNAL_DB_CORRUPTION
;
1729 msg
->dn
= ldb_dn_build_child(mem_ctx
, "cn", name2
, policy_state
->system_dn
);
1730 if (!name2
|| !msg
->dn
) {
1731 return NT_STATUS_NO_MEMORY
;
1734 samdb_msg_add_string(secret_state
->sam_ldb
, mem_ctx
, msg
, "cn", name2
);
1737 secret_state
->global
= False
;
1739 name
= r
->in
.name
.string
;
1740 if (strlen(name
) < 1) {
1741 return NT_STATUS_INVALID_PARAMETER
;
1744 secret_state
->sam_ldb
= talloc_reference(secret_state
, secrets_db_connect(mem_ctx
));
1745 /* search for the secret record */
1746 ret
= gendb_search(secret_state
->sam_ldb
, mem_ctx
,
1747 ldb_dn_explode(mem_ctx
, "cn=LSA Secrets"),
1749 "(&(cn=%s)(objectclass=secret))", name
);
1751 return NT_STATUS_OBJECT_NAME_COLLISION
;
1754 if (ret
< 0 || ret
> 1) {
1755 DEBUG(0,("Found %d records matching DN %s\n", ret
,
1756 ldb_dn_linearize(mem_ctx
, policy_state
->system_dn
)));
1757 return NT_STATUS_INTERNAL_DB_CORRUPTION
;
1760 msg
->dn
= ldb_dn_string_compose(mem_ctx
, NULL
, "cn=%s,cn=LSA Secrets", name
);
1761 samdb_msg_add_string(secret_state
->sam_ldb
, mem_ctx
, msg
, "cn", name
);
1764 /* pull in all the template attributes. Note this is always from the global samdb */
1765 ret
= samdb_copy_template(secret_state
->policy
->sam_ldb
, mem_ctx
, msg
,
1766 "(&(name=TemplateSecret)(objectclass=secretTemplate))");
1768 DEBUG(0,("Failed to load TemplateSecret from samdb\n"));
1769 return NT_STATUS_INTERNAL_DB_CORRUPTION
;
1772 samdb_msg_add_string(secret_state
->sam_ldb
, mem_ctx
, msg
, "objectClass", "secret");
1774 secret_state
->secret_dn
= talloc_reference(secret_state
, msg
->dn
);
1776 /* create the secret */
1777 ret
= samdb_add(secret_state
->sam_ldb
, mem_ctx
, msg
);
1779 DEBUG(0,("Failed to create secret record %s\n",
1780 ldb_dn_linearize(mem_ctx
, msg
->dn
)));
1781 return NT_STATUS_INTERNAL_DB_CORRUPTION
;
1784 handle
= dcesrv_handle_new(dce_call
->context
, LSA_HANDLE_SECRET
);
1786 return NT_STATUS_NO_MEMORY
;
1789 handle
->data
= talloc_steal(handle
, secret_state
);
1791 secret_state
->access_mask
= r
->in
.access_mask
;
1792 secret_state
->policy
= talloc_reference(secret_state
, policy_state
);
1794 *r
->out
.sec_handle
= handle
->wire_handle
;
1796 return NT_STATUS_OK
;
1803 static NTSTATUS
lsa_OpenSecret(struct dcesrv_call_state
*dce_call
, TALLOC_CTX
*mem_ctx
,
1804 struct lsa_OpenSecret
*r
)
1806 struct dcesrv_handle
*policy_handle
;
1808 struct lsa_policy_state
*policy_state
;
1809 struct lsa_secret_state
*secret_state
;
1810 struct dcesrv_handle
*handle
;
1811 struct ldb_message
**msgs
;
1812 const char *attrs
[] = {
1820 DCESRV_PULL_HANDLE(policy_handle
, r
->in
.handle
, LSA_HANDLE_POLICY
);
1821 ZERO_STRUCTP(r
->out
.sec_handle
);
1822 policy_state
= policy_handle
->data
;
1824 if (!r
->in
.name
.string
) {
1825 return NT_STATUS_INVALID_PARAMETER
;
1828 secret_state
= talloc(mem_ctx
, struct lsa_secret_state
);
1829 if (!secret_state
) {
1830 return NT_STATUS_NO_MEMORY
;
1832 secret_state
->policy
= policy_state
;
1834 if (strncmp("G$", r
->in
.name
.string
, 2) == 0) {
1835 name
= &r
->in
.name
.string
[2];
1836 secret_state
->sam_ldb
= talloc_reference(secret_state
, policy_state
->sam_ldb
);
1837 secret_state
->global
= True
;
1839 if (strlen(name
) < 1) {
1840 return NT_STATUS_INVALID_PARAMETER
;
1843 /* search for the secret record */
1844 ret
= gendb_search(secret_state
->sam_ldb
,
1845 mem_ctx
, policy_state
->system_dn
, &msgs
, attrs
,
1846 "(&(cn=%s Secret)(objectclass=secret))",
1849 return NT_STATUS_OBJECT_NAME_NOT_FOUND
;
1853 DEBUG(0,("Found %d records matching DN %s\n", ret
,
1854 ldb_dn_linearize(mem_ctx
, policy_state
->system_dn
)));
1855 return NT_STATUS_INTERNAL_DB_CORRUPTION
;
1859 secret_state
->sam_ldb
= talloc_reference(secret_state
, secrets_db_connect(mem_ctx
));
1861 secret_state
->global
= False
;
1862 name
= r
->in
.name
.string
;
1863 if (strlen(name
) < 1) {
1864 return NT_STATUS_INVALID_PARAMETER
;
1867 /* search for the secret record */
1868 ret
= gendb_search(secret_state
->sam_ldb
, mem_ctx
,
1869 ldb_dn_explode(mem_ctx
, "cn=LSA Secrets"),
1871 "(&(cn=%s)(objectclass=secret))", name
);
1873 return NT_STATUS_OBJECT_NAME_NOT_FOUND
;
1877 DEBUG(0,("Found %d records matching DN %s\n", ret
,
1878 ldb_dn_linearize(mem_ctx
, policy_state
->system_dn
)));
1879 return NT_STATUS_INTERNAL_DB_CORRUPTION
;
1883 secret_state
->secret_dn
= talloc_reference(secret_state
, msgs
[0]->dn
);
1885 handle
= dcesrv_handle_new(dce_call
->context
, LSA_HANDLE_SECRET
);
1887 return NT_STATUS_NO_MEMORY
;
1890 handle
->data
= talloc_steal(handle
, secret_state
);
1892 secret_state
->access_mask
= r
->in
.access_mask
;
1893 secret_state
->policy
= talloc_reference(secret_state
, policy_state
);
1895 *r
->out
.sec_handle
= handle
->wire_handle
;
1897 return NT_STATUS_OK
;
1904 static NTSTATUS
lsa_SetSecret(struct dcesrv_call_state
*dce_call
, TALLOC_CTX
*mem_ctx
,
1905 struct lsa_SetSecret
*r
)
1908 struct dcesrv_handle
*h
;
1909 struct lsa_secret_state
*secret_state
;
1910 struct ldb_message
*msg
;
1911 DATA_BLOB session_key
;
1912 DATA_BLOB crypt_secret
, secret
;
1915 NTSTATUS status
= NT_STATUS_OK
;
1917 struct timeval now
= timeval_current();
1918 NTTIME nt_now
= timeval_to_nttime(&now
);
1920 DCESRV_PULL_HANDLE(h
, r
->in
.sec_handle
, LSA_HANDLE_SECRET
);
1922 secret_state
= h
->data
;
1924 msg
= ldb_msg_new(mem_ctx
);
1926 return NT_STATUS_NO_MEMORY
;
1929 msg
->dn
= talloc_reference(mem_ctx
, secret_state
->secret_dn
);
1931 return NT_STATUS_NO_MEMORY
;
1933 status
= dcesrv_fetch_session_key(dce_call
->conn
, &session_key
);
1934 if (!NT_STATUS_IS_OK(status
)) {
1938 if (r
->in
.old_val
) {
1940 crypt_secret
.data
= r
->in
.old_val
->data
;
1941 crypt_secret
.length
= r
->in
.old_val
->size
;
1943 status
= sess_decrypt_blob(mem_ctx
, &crypt_secret
, &session_key
, &secret
);
1944 if (!NT_STATUS_IS_OK(status
)) {
1948 val
.data
= secret
.data
;
1949 val
.length
= secret
.length
;
1952 if (samdb_msg_add_value(secret_state
->sam_ldb
,
1953 mem_ctx
, msg
, "priorSecret", &val
) != 0) {
1954 return NT_STATUS_NO_MEMORY
;
1957 /* set old value mtime */
1958 if (samdb_msg_add_uint64(secret_state
->sam_ldb
,
1959 mem_ctx
, msg
, "priorSetTime", nt_now
) != 0) {
1960 return NT_STATUS_NO_MEMORY
;
1963 if (!r
->in
.new_val
) {
1964 /* This behaviour varies depending of if this is a local, or a global secret... */
1965 if (secret_state
->global
) {
1966 /* set old value mtime */
1967 if (samdb_msg_add_uint64(secret_state
->sam_ldb
,
1968 mem_ctx
, msg
, "lastSetTime", nt_now
) != 0) {
1969 return NT_STATUS_NO_MEMORY
;
1972 if (samdb_msg_add_delete(secret_state
->sam_ldb
,
1973 mem_ctx
, msg
, "secret")) {
1974 return NT_STATUS_NO_MEMORY
;
1976 if (samdb_msg_add_delete(secret_state
->sam_ldb
,
1977 mem_ctx
, msg
, "lastSetTime")) {
1978 return NT_STATUS_NO_MEMORY
;
1984 if (r
->in
.new_val
) {
1986 crypt_secret
.data
= r
->in
.new_val
->data
;
1987 crypt_secret
.length
= r
->in
.new_val
->size
;
1989 status
= sess_decrypt_blob(mem_ctx
, &crypt_secret
, &session_key
, &secret
);
1990 if (!NT_STATUS_IS_OK(status
)) {
1994 val
.data
= secret
.data
;
1995 val
.length
= secret
.length
;
1998 if (samdb_msg_add_value(secret_state
->sam_ldb
,
1999 mem_ctx
, msg
, "secret", &val
) != 0) {
2000 return NT_STATUS_NO_MEMORY
;
2003 /* set new value mtime */
2004 if (samdb_msg_add_uint64(secret_state
->sam_ldb
,
2005 mem_ctx
, msg
, "lastSetTime", nt_now
) != 0) {
2006 return NT_STATUS_NO_MEMORY
;
2009 /* If the old value is not set, then migrate the
2010 * current value to the old value */
2011 if (!r
->in
.old_val
) {
2012 const struct ldb_val
*new_val
;
2013 NTTIME last_set_time
;
2014 struct ldb_message
**res
;
2015 const char *attrs
[] = {
2021 /* search for the secret record */
2022 ret
= gendb_search_dn(secret_state
->sam_ldb
,mem_ctx
,
2023 secret_state
->secret_dn
, &res
, attrs
);
2025 return NT_STATUS_OBJECT_NAME_NOT_FOUND
;
2029 DEBUG(0,("Found %d records matching dn=%s\n", ret
,
2030 ldb_dn_linearize(mem_ctx
, secret_state
->secret_dn
)));
2031 return NT_STATUS_INTERNAL_DB_CORRUPTION
;
2034 new_val
= ldb_msg_find_ldb_val(res
[0], "secret");
2035 last_set_time
= ldb_msg_find_uint64(res
[0], "lastSetTime", 0);
2039 if (samdb_msg_add_value(secret_state
->sam_ldb
,
2040 mem_ctx
, msg
, "priorSecret",
2042 return NT_STATUS_NO_MEMORY
;
2046 /* set new value mtime */
2047 if (ldb_msg_find_ldb_val(res
[0], "lastSetTime")) {
2048 if (samdb_msg_add_uint64(secret_state
->sam_ldb
,
2049 mem_ctx
, msg
, "priorSetTime", last_set_time
) != 0) {
2050 return NT_STATUS_NO_MEMORY
;
2056 /* modify the samdb record */
2057 ret
= samdb_replace(secret_state
->sam_ldb
, mem_ctx
, msg
);
2059 /* we really need samdb.c to return NTSTATUS */
2060 return NT_STATUS_UNSUCCESSFUL
;
2063 return NT_STATUS_OK
;
2070 static NTSTATUS
lsa_QuerySecret(struct dcesrv_call_state
*dce_call
, TALLOC_CTX
*mem_ctx
,
2071 struct lsa_QuerySecret
*r
)
2073 struct dcesrv_handle
*h
;
2074 struct lsa_secret_state
*secret_state
;
2075 struct ldb_message
*msg
;
2076 DATA_BLOB session_key
;
2077 DATA_BLOB crypt_secret
, secret
;
2079 struct ldb_message
**res
;
2080 const char *attrs
[] = {
2090 DCESRV_PULL_HANDLE(h
, r
->in
.sec_handle
, LSA_HANDLE_SECRET
);
2092 secret_state
= h
->data
;
2094 /* pull all the user attributes */
2095 ret
= gendb_search_dn(secret_state
->sam_ldb
, mem_ctx
,
2096 secret_state
->secret_dn
, &res
, attrs
);
2098 return NT_STATUS_INTERNAL_DB_CORRUPTION
;
2102 nt_status
= dcesrv_fetch_session_key(dce_call
->conn
, &session_key
);
2103 if (!NT_STATUS_IS_OK(nt_status
)) {
2107 if (r
->in
.old_val
) {
2108 const struct ldb_val
*prior_val
;
2109 r
->out
.old_val
= talloc_zero(mem_ctx
, struct lsa_DATA_BUF_PTR
);
2110 if (!r
->out
.old_val
) {
2111 return NT_STATUS_NO_MEMORY
;
2114 prior_val
= ldb_msg_find_ldb_val(res
[0], "priorSecret");
2116 if (prior_val
&& prior_val
->length
) {
2117 secret
.data
= prior_val
->data
;
2118 secret
.length
= prior_val
->length
;
2120 crypt_secret
= sess_encrypt_blob(mem_ctx
, &secret
, &session_key
);
2121 if (!crypt_secret
.length
) {
2122 return NT_STATUS_NO_MEMORY
;
2124 r
->out
.old_val
->buf
= talloc(mem_ctx
, struct lsa_DATA_BUF
);
2125 if (!r
->out
.old_val
->buf
) {
2126 return NT_STATUS_NO_MEMORY
;
2128 r
->out
.old_val
->buf
->size
= crypt_secret
.length
;
2129 r
->out
.old_val
->buf
->length
= crypt_secret
.length
;
2130 r
->out
.old_val
->buf
->data
= crypt_secret
.data
;
2134 if (r
->in
.old_mtime
) {
2135 r
->out
.old_mtime
= talloc(mem_ctx
, NTTIME
);
2136 if (!r
->out
.old_mtime
) {
2137 return NT_STATUS_NO_MEMORY
;
2139 *r
->out
.old_mtime
= ldb_msg_find_uint64(res
[0], "priorSetTime", 0);
2142 if (r
->in
.new_val
) {
2143 const struct ldb_val
*new_val
;
2144 r
->out
.new_val
= talloc_zero(mem_ctx
, struct lsa_DATA_BUF_PTR
);
2145 if (!r
->out
.new_val
) {
2146 return NT_STATUS_NO_MEMORY
;
2150 new_val
= ldb_msg_find_ldb_val(res
[0], "secret");
2152 if (new_val
&& new_val
->length
) {
2153 secret
.data
= new_val
->data
;
2154 secret
.length
= new_val
->length
;
2156 crypt_secret
= sess_encrypt_blob(mem_ctx
, &secret
, &session_key
);
2157 if (!crypt_secret
.length
) {
2158 return NT_STATUS_NO_MEMORY
;
2160 r
->out
.new_val
->buf
= talloc(mem_ctx
, struct lsa_DATA_BUF
);
2161 if (!r
->out
.new_val
->buf
) {
2162 return NT_STATUS_NO_MEMORY
;
2164 r
->out
.new_val
->buf
->length
= crypt_secret
.length
;
2165 r
->out
.new_val
->buf
->size
= crypt_secret
.length
;
2166 r
->out
.new_val
->buf
->data
= crypt_secret
.data
;
2170 if (r
->in
.new_mtime
) {
2171 r
->out
.new_mtime
= talloc(mem_ctx
, NTTIME
);
2172 if (!r
->out
.new_mtime
) {
2173 return NT_STATUS_NO_MEMORY
;
2175 *r
->out
.new_mtime
= ldb_msg_find_uint64(res
[0], "lastSetTime", 0);
2178 return NT_STATUS_OK
;
2185 static NTSTATUS
lsa_LookupPrivValue(struct dcesrv_call_state
*dce_call
,
2186 TALLOC_CTX
*mem_ctx
,
2187 struct lsa_LookupPrivValue
*r
)
2189 struct dcesrv_handle
*h
;
2190 struct lsa_policy_state
*state
;
2193 DCESRV_PULL_HANDLE(h
, r
->in
.handle
, LSA_HANDLE_POLICY
);
2197 id
= sec_privilege_id(r
->in
.name
->string
);
2199 return NT_STATUS_NO_SUCH_PRIVILEGE
;
2202 r
->out
.luid
->low
= id
;
2203 r
->out
.luid
->high
= 0;
2205 return NT_STATUS_OK
;
2212 static NTSTATUS
lsa_LookupPrivName(struct dcesrv_call_state
*dce_call
,
2213 TALLOC_CTX
*mem_ctx
,
2214 struct lsa_LookupPrivName
*r
)
2216 struct dcesrv_handle
*h
;
2217 struct lsa_policy_state
*state
;
2218 const char *privname
;
2220 DCESRV_PULL_HANDLE(h
, r
->in
.handle
, LSA_HANDLE_POLICY
);
2224 if (r
->in
.luid
->high
!= 0) {
2225 return NT_STATUS_NO_SUCH_PRIVILEGE
;
2228 privname
= sec_privilege_name(r
->in
.luid
->low
);
2229 if (privname
== NULL
) {
2230 return NT_STATUS_NO_SUCH_PRIVILEGE
;
2233 r
->out
.name
= talloc(mem_ctx
, struct lsa_String
);
2234 if (r
->out
.name
== NULL
) {
2235 return NT_STATUS_NO_MEMORY
;
2237 r
->out
.name
->string
= privname
;
2239 return NT_STATUS_OK
;
2244 lsa_LookupPrivDisplayName
2246 static NTSTATUS
lsa_LookupPrivDisplayName(struct dcesrv_call_state
*dce_call
,
2247 TALLOC_CTX
*mem_ctx
,
2248 struct lsa_LookupPrivDisplayName
*r
)
2250 struct dcesrv_handle
*h
;
2251 struct lsa_policy_state
*state
;
2254 DCESRV_PULL_HANDLE(h
, r
->in
.handle
, LSA_HANDLE_POLICY
);
2258 id
= sec_privilege_id(r
->in
.name
->string
);
2260 return NT_STATUS_NO_SUCH_PRIVILEGE
;
2263 r
->out
.disp_name
= talloc(mem_ctx
, struct lsa_String
);
2264 if (r
->out
.disp_name
== NULL
) {
2265 return NT_STATUS_NO_MEMORY
;
2268 r
->out
.disp_name
->string
= sec_privilege_display_name(id
, r
->in
.language_id
);
2269 if (r
->out
.disp_name
->string
== NULL
) {
2270 return NT_STATUS_INTERNAL_ERROR
;
2273 return NT_STATUS_OK
;
2280 static NTSTATUS
lsa_DeleteObject(struct dcesrv_call_state
*dce_call
, TALLOC_CTX
*mem_ctx
,
2281 struct lsa_DeleteObject
*r
)
2283 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR
);
2288 lsa_EnumAccountsWithUserRight
2290 static NTSTATUS
lsa_EnumAccountsWithUserRight(struct dcesrv_call_state
*dce_call
,
2291 TALLOC_CTX
*mem_ctx
,
2292 struct lsa_EnumAccountsWithUserRight
*r
)
2294 struct dcesrv_handle
*h
;
2295 struct lsa_policy_state
*state
;
2297 struct ldb_message
**res
;
2298 const char * const attrs
[] = { "objectSid", NULL
};
2299 const char *privname
;
2301 DCESRV_PULL_HANDLE(h
, r
->in
.handle
, LSA_HANDLE_POLICY
);
2305 if (r
->in
.name
== NULL
) {
2306 return NT_STATUS_NO_SUCH_PRIVILEGE
;
2309 privname
= r
->in
.name
->string
;
2310 if (sec_privilege_id(privname
) == -1) {
2311 return NT_STATUS_NO_SUCH_PRIVILEGE
;
2314 ret
= gendb_search(state
->sam_ldb
, mem_ctx
, NULL
, &res
, attrs
,
2315 "privilege=%s", privname
);
2317 return NT_STATUS_NO_SUCH_USER
;
2320 r
->out
.sids
->sids
= talloc_array(r
->out
.sids
, struct lsa_SidPtr
, ret
);
2321 if (r
->out
.sids
->sids
== NULL
) {
2322 return NT_STATUS_NO_MEMORY
;
2324 for (i
=0;i
<ret
;i
++) {
2325 r
->out
.sids
->sids
[i
].sid
= samdb_result_dom_sid(r
->out
.sids
->sids
,
2326 res
[i
], "objectSid");
2327 NT_STATUS_HAVE_NO_MEMORY(r
->out
.sids
->sids
[i
].sid
);
2329 r
->out
.sids
->num_sids
= ret
;
2331 return NT_STATUS_OK
;
2336 lsa_AddAccountRights
2338 static NTSTATUS
lsa_AddAccountRights(struct dcesrv_call_state
*dce_call
,
2339 TALLOC_CTX
*mem_ctx
,
2340 struct lsa_AddAccountRights
*r
)
2342 struct dcesrv_handle
*h
;
2343 struct lsa_policy_state
*state
;
2345 DCESRV_PULL_HANDLE(h
, r
->in
.handle
, LSA_HANDLE_POLICY
);
2349 return lsa_AddRemoveAccountRights(dce_call
, mem_ctx
, state
,
2351 r
->in
.sid
, r
->in
.rights
);
2356 lsa_RemoveAccountRights
2358 static NTSTATUS
lsa_RemoveAccountRights(struct dcesrv_call_state
*dce_call
,
2359 TALLOC_CTX
*mem_ctx
,
2360 struct lsa_RemoveAccountRights
*r
)
2362 struct dcesrv_handle
*h
;
2363 struct lsa_policy_state
*state
;
2365 DCESRV_PULL_HANDLE(h
, r
->in
.handle
, LSA_HANDLE_POLICY
);
2369 return lsa_AddRemoveAccountRights(dce_call
, mem_ctx
, state
,
2370 LDB_FLAG_MOD_DELETE
,
2371 r
->in
.sid
, r
->in
.rights
);
2376 lsa_StorePrivateData
2378 static NTSTATUS
lsa_StorePrivateData(struct dcesrv_call_state
*dce_call
, TALLOC_CTX
*mem_ctx
,
2379 struct lsa_StorePrivateData
*r
)
2381 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR
);
2386 lsa_RetrievePrivateData
2388 static NTSTATUS
lsa_RetrievePrivateData(struct dcesrv_call_state
*dce_call
, TALLOC_CTX
*mem_ctx
,
2389 struct lsa_RetrievePrivateData
*r
)
2391 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR
);
2398 static NTSTATUS
lsa_GetUserName(struct dcesrv_call_state
*dce_call
, TALLOC_CTX
*mem_ctx
,
2399 struct lsa_GetUserName
*r
)
2401 NTSTATUS status
= NT_STATUS_OK
;
2402 const char *account_name
;
2403 const char *authority_name
;
2404 struct lsa_String
*_account_name
;
2405 struct lsa_StringPointer
*_authority_name
= NULL
;
2407 /* this is what w2k3 does */
2408 r
->out
.account_name
= r
->in
.account_name
;
2409 r
->out
.authority_name
= r
->in
.authority_name
;
2411 if (r
->in
.account_name
&& r
->in
.account_name
->string
) {
2412 return NT_STATUS_INVALID_PARAMETER
;
2415 if (r
->in
.authority_name
&&
2416 r
->in
.authority_name
->string
&&
2417 r
->in
.authority_name
->string
->string
) {
2418 return NT_STATUS_INVALID_PARAMETER
;
2421 account_name
= talloc_reference(mem_ctx
, dce_call
->conn
->auth_state
.session_info
->server_info
->account_name
);
2422 authority_name
= talloc_reference(mem_ctx
, dce_call
->conn
->auth_state
.session_info
->server_info
->domain_name
);
2424 _account_name
= talloc(mem_ctx
, struct lsa_String
);
2425 NTSTATUS_TALLOC_CHECK(_account_name
);
2426 _account_name
->string
= account_name
;
2428 if (r
->in
.authority_name
) {
2429 _authority_name
= talloc(mem_ctx
, struct lsa_StringPointer
);
2430 NTSTATUS_TALLOC_CHECK(_authority_name
);
2431 _authority_name
->string
= talloc(mem_ctx
, struct lsa_String
);
2432 NTSTATUS_TALLOC_CHECK(_authority_name
->string
);
2433 _authority_name
->string
->string
= authority_name
;
2436 r
->out
.account_name
= _account_name
;
2437 r
->out
.authority_name
= _authority_name
;
2445 static NTSTATUS
lsa_SetInfoPolicy2(struct dcesrv_call_state
*dce_call
,
2446 TALLOC_CTX
*mem_ctx
,
2447 struct lsa_SetInfoPolicy2
*r
)
2449 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR
);
2453 lsa_QueryDomainInformationPolicy
2455 static NTSTATUS
lsa_QueryDomainInformationPolicy(struct dcesrv_call_state
*dce_call
,
2456 TALLOC_CTX
*mem_ctx
,
2457 struct lsa_QueryDomainInformationPolicy
*r
)
2459 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR
);
2463 lsa_SetDomInfoPolicy
2465 static NTSTATUS
lsa_SetDomainInformationPolicy(struct dcesrv_call_state
*dce_call
,
2466 TALLOC_CTX
*mem_ctx
,
2467 struct lsa_SetDomainInformationPolicy
*r
)
2469 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR
);
2475 static NTSTATUS
lsa_TestCall(struct dcesrv_call_state
*dce_call
,
2476 TALLOC_CTX
*mem_ctx
,
2477 struct lsa_TestCall
*r
)
2479 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR
);
2483 lookup a SID for 1 name
2485 static NTSTATUS
lsa_lookup_name(struct lsa_policy_state
*state
, TALLOC_CTX
*mem_ctx
,
2486 const char *name
, struct dom_sid
**sid
, uint32_t *atype
)
2489 struct ldb_message
**res
;
2490 const char * const attrs
[] = { "objectSid", "sAMAccountType", NULL
};
2493 p
= strchr_m(name
, '\\');
2495 /* TODO: properly parse the domain prefix here, and use it to
2500 ret
= gendb_search(state
->sam_ldb
, mem_ctx
, NULL
, &res
, attrs
, "sAMAccountName=%s", name
);
2502 *sid
= samdb_result_dom_sid(mem_ctx
, res
[0], "objectSid");
2504 return NT_STATUS_INVALID_SID
;
2507 *atype
= samdb_result_uint(res
[0], "sAMAccountType", 0);
2509 return NT_STATUS_OK
;
2512 /* need to add a call into sidmap to check for a allocated sid */
2514 return NT_STATUS_INVALID_SID
;
2521 static NTSTATUS
lsa_LookupNames3(struct dcesrv_call_state
*dce_call
,
2522 TALLOC_CTX
*mem_ctx
,
2523 struct lsa_LookupNames3
*r
)
2525 struct lsa_policy_state
*state
;
2526 struct dcesrv_handle
*h
;
2528 NTSTATUS status
= NT_STATUS_OK
;
2530 r
->out
.domains
= NULL
;
2532 DCESRV_PULL_HANDLE(h
, r
->in
.handle
, LSA_HANDLE_POLICY
);
2536 r
->out
.domains
= talloc_zero(mem_ctx
, struct lsa_RefDomainList
);
2537 if (r
->out
.domains
== NULL
) {
2538 return NT_STATUS_NO_MEMORY
;
2541 r
->out
.sids
= talloc_zero(mem_ctx
, struct lsa_TransSidArray3
);
2542 if (r
->out
.sids
== NULL
) {
2543 return NT_STATUS_NO_MEMORY
;
2548 r
->out
.sids
->sids
= talloc_array(r
->out
.sids
, struct lsa_TranslatedSid3
,
2550 if (r
->out
.sids
->sids
== NULL
) {
2551 return NT_STATUS_NO_MEMORY
;
2554 for (i
=0;i
<r
->in
.num_names
;i
++) {
2555 const char *name
= r
->in
.names
[i
].string
;
2556 struct dom_sid
*sid
;
2557 uint32_t atype
, rtype
, sid_index
;
2560 r
->out
.sids
->count
++;
2563 r
->out
.sids
->sids
[i
].sid_type
= SID_NAME_UNKNOWN
;
2564 r
->out
.sids
->sids
[i
].sid
= NULL
;
2565 r
->out
.sids
->sids
[i
].sid_index
= 0xFFFFFFFF;
2566 r
->out
.sids
->sids
[i
].unknown
= 0;
2568 status2
= lsa_lookup_name(state
, mem_ctx
, name
, &sid
, &atype
);
2569 if (!NT_STATUS_IS_OK(status2
) || sid
->num_auths
== 0) {
2570 status
= STATUS_SOME_UNMAPPED
;
2574 rtype
= samdb_atype_map(atype
);
2575 if (rtype
== SID_NAME_UNKNOWN
) {
2576 status
= STATUS_SOME_UNMAPPED
;
2580 status2
= lsa_authority_list(state
, mem_ctx
, sid
, r
->out
.domains
, &sid_index
);
2581 if (!NT_STATUS_IS_OK(status2
)) {
2585 r
->out
.sids
->sids
[i
].sid_type
= rtype
;
2586 r
->out
.sids
->sids
[i
].sid
= sid
;
2587 r
->out
.sids
->sids
[i
].sid_index
= sid_index
;
2588 r
->out
.sids
->sids
[i
].unknown
= 0;
2597 static NTSTATUS
lsa_LookupNames2(struct dcesrv_call_state
*dce_call
,
2598 TALLOC_CTX
*mem_ctx
,
2599 struct lsa_LookupNames2
*r
)
2601 struct lsa_policy_state
*state
;
2602 struct dcesrv_handle
*h
;
2604 NTSTATUS status
= NT_STATUS_OK
;
2606 r
->out
.domains
= NULL
;
2608 DCESRV_PULL_HANDLE(h
, r
->in
.handle
, LSA_HANDLE_POLICY
);
2612 r
->out
.domains
= talloc_zero(mem_ctx
, struct lsa_RefDomainList
);
2613 if (r
->out
.domains
== NULL
) {
2614 return NT_STATUS_NO_MEMORY
;
2617 r
->out
.sids
= talloc_zero(mem_ctx
, struct lsa_TransSidArray2
);
2618 if (r
->out
.sids
== NULL
) {
2619 return NT_STATUS_NO_MEMORY
;
2624 r
->out
.sids
->sids
= talloc_array(r
->out
.sids
, struct lsa_TranslatedSid2
,
2626 if (r
->out
.sids
->sids
== NULL
) {
2627 return NT_STATUS_NO_MEMORY
;
2630 for (i
=0;i
<r
->in
.num_names
;i
++) {
2631 const char *name
= r
->in
.names
[i
].string
;
2632 struct dom_sid
*sid
;
2633 uint32_t atype
, rtype
, sid_index
;
2636 r
->out
.sids
->count
++;
2639 r
->out
.sids
->sids
[i
].sid_type
= SID_NAME_UNKNOWN
;
2640 r
->out
.sids
->sids
[i
].rid
= 0xFFFFFFFF;
2641 r
->out
.sids
->sids
[i
].sid_index
= 0xFFFFFFFF;
2642 r
->out
.sids
->sids
[i
].unknown
= 0;
2644 status2
= lsa_lookup_name(state
, mem_ctx
, name
, &sid
, &atype
);
2645 if (!NT_STATUS_IS_OK(status2
) || sid
->num_auths
== 0) {
2646 status
= STATUS_SOME_UNMAPPED
;
2650 rtype
= samdb_atype_map(atype
);
2651 if (rtype
== SID_NAME_UNKNOWN
) {
2652 status
= STATUS_SOME_UNMAPPED
;
2656 status2
= lsa_authority_list(state
, mem_ctx
, sid
, r
->out
.domains
, &sid_index
);
2657 if (!NT_STATUS_IS_OK(status2
)) {
2661 r
->out
.sids
->sids
[i
].sid_type
= rtype
;
2662 r
->out
.sids
->sids
[i
].rid
= sid
->sub_auths
[sid
->num_auths
-1];
2663 r
->out
.sids
->sids
[i
].sid_index
= sid_index
;
2664 r
->out
.sids
->sids
[i
].unknown
= 0;
2673 static NTSTATUS
lsa_LookupNames(struct dcesrv_call_state
*dce_call
, TALLOC_CTX
*mem_ctx
,
2674 struct lsa_LookupNames
*r
)
2676 struct lsa_LookupNames2 r2
;
2680 r2
.in
.handle
= r
->in
.handle
;
2681 r2
.in
.num_names
= r
->in
.num_names
;
2682 r2
.in
.names
= r
->in
.names
;
2684 r2
.in
.level
= r
->in
.level
;
2685 r2
.in
.count
= r
->in
.count
;
2688 r2
.out
.count
= r
->out
.count
;
2690 status
= lsa_LookupNames2(dce_call
, mem_ctx
, &r2
);
2691 if (dce_call
->fault_code
!= 0) {
2695 r
->out
.domains
= r2
.out
.domains
;
2696 r
->out
.sids
= talloc(mem_ctx
, struct lsa_TransSidArray
);
2697 if (r
->out
.sids
== NULL
) {
2698 return NT_STATUS_NO_MEMORY
;
2700 r
->out
.sids
->count
= r2
.out
.sids
->count
;
2701 r
->out
.sids
->sids
= talloc_array(r
->out
.sids
, struct lsa_TranslatedSid
,
2702 r
->out
.sids
->count
);
2703 if (r
->out
.sids
->sids
== NULL
) {
2704 return NT_STATUS_NO_MEMORY
;
2706 for (i
=0;i
<r
->out
.sids
->count
;i
++) {
2707 r
->out
.sids
->sids
[i
].sid_type
= r2
.out
.sids
->sids
[i
].sid_type
;
2708 r
->out
.sids
->sids
[i
].rid
= r2
.out
.sids
->sids
[i
].rid
;
2709 r
->out
.sids
->sids
[i
].sid_index
= r2
.out
.sids
->sids
[i
].sid_index
;
2718 static NTSTATUS
lsa_CREDRWRITE(struct dcesrv_call_state
*dce_call
, TALLOC_CTX
*mem_ctx
,
2719 struct lsa_CREDRWRITE
*r
)
2721 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR
);
2728 static NTSTATUS
lsa_CREDRREAD(struct dcesrv_call_state
*dce_call
, TALLOC_CTX
*mem_ctx
,
2729 struct lsa_CREDRREAD
*r
)
2731 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR
);
2738 static NTSTATUS
lsa_CREDRENUMERATE(struct dcesrv_call_state
*dce_call
, TALLOC_CTX
*mem_ctx
,
2739 struct lsa_CREDRENUMERATE
*r
)
2741 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR
);
2746 lsa_CREDRWRITEDOMAINCREDENTIALS
2748 static NTSTATUS
lsa_CREDRWRITEDOMAINCREDENTIALS(struct dcesrv_call_state
*dce_call
, TALLOC_CTX
*mem_ctx
,
2749 struct lsa_CREDRWRITEDOMAINCREDENTIALS
*r
)
2751 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR
);
2756 lsa_CREDRREADDOMAINCREDENTIALS
2758 static NTSTATUS
lsa_CREDRREADDOMAINCREDENTIALS(struct dcesrv_call_state
*dce_call
, TALLOC_CTX
*mem_ctx
,
2759 struct lsa_CREDRREADDOMAINCREDENTIALS
*r
)
2761 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR
);
2768 static NTSTATUS
lsa_CREDRDELETE(struct dcesrv_call_state
*dce_call
, TALLOC_CTX
*mem_ctx
,
2769 struct lsa_CREDRDELETE
*r
)
2771 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR
);
2776 lsa_CREDRGETTARGETINFO
2778 static NTSTATUS
lsa_CREDRGETTARGETINFO(struct dcesrv_call_state
*dce_call
, TALLOC_CTX
*mem_ctx
,
2779 struct lsa_CREDRGETTARGETINFO
*r
)
2781 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR
);
2786 lsa_CREDRPROFILELOADED
2788 static NTSTATUS
lsa_CREDRPROFILELOADED(struct dcesrv_call_state
*dce_call
, TALLOC_CTX
*mem_ctx
,
2789 struct lsa_CREDRPROFILELOADED
*r
)
2791 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR
);
2796 lsa_CREDRGETSESSIONTYPES
2798 static NTSTATUS
lsa_CREDRGETSESSIONTYPES(struct dcesrv_call_state
*dce_call
, TALLOC_CTX
*mem_ctx
,
2799 struct lsa_CREDRGETSESSIONTYPES
*r
)
2801 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR
);
2806 lsa_LSARREGISTERAUDITEVENT
2808 static NTSTATUS
lsa_LSARREGISTERAUDITEVENT(struct dcesrv_call_state
*dce_call
, TALLOC_CTX
*mem_ctx
,
2809 struct lsa_LSARREGISTERAUDITEVENT
*r
)
2811 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR
);
2816 lsa_LSARGENAUDITEVENT
2818 static NTSTATUS
lsa_LSARGENAUDITEVENT(struct dcesrv_call_state
*dce_call
, TALLOC_CTX
*mem_ctx
,
2819 struct lsa_LSARGENAUDITEVENT
*r
)
2821 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR
);
2826 lsa_LSARUNREGISTERAUDITEVENT
2828 static NTSTATUS
lsa_LSARUNREGISTERAUDITEVENT(struct dcesrv_call_state
*dce_call
, TALLOC_CTX
*mem_ctx
,
2829 struct lsa_LSARUNREGISTERAUDITEVENT
*r
)
2831 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR
);
2836 lsa_LSARQUERYFORESTTRUSTINFORMATION
2838 static NTSTATUS
lsa_LSARQUERYFORESTTRUSTINFORMATION(struct dcesrv_call_state
*dce_call
, TALLOC_CTX
*mem_ctx
,
2839 struct lsa_LSARQUERYFORESTTRUSTINFORMATION
*r
)
2841 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR
);
2846 lsa_LSARSETFORESTTRUSTINFORMATION
2848 static NTSTATUS
lsa_LSARSETFORESTTRUSTINFORMATION(struct dcesrv_call_state
*dce_call
, TALLOC_CTX
*mem_ctx
,
2849 struct lsa_LSARSETFORESTTRUSTINFORMATION
*r
)
2851 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR
);
2858 static NTSTATUS
lsa_CREDRRENAME(struct dcesrv_call_state
*dce_call
, TALLOC_CTX
*mem_ctx
,
2859 struct lsa_CREDRRENAME
*r
)
2861 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR
);
2866 lsa_LSARLOOKUPNAMES4
2868 static NTSTATUS
lsa_LSARLOOKUPNAMES4(struct dcesrv_call_state
*dce_call
, TALLOC_CTX
*mem_ctx
,
2869 struct lsa_LSARLOOKUPNAMES4
*r
)
2871 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR
);
2876 lsa_LSAROPENPOLICYSCE
2878 static NTSTATUS
lsa_LSAROPENPOLICYSCE(struct dcesrv_call_state
*dce_call
, TALLOC_CTX
*mem_ctx
,
2879 struct lsa_LSAROPENPOLICYSCE
*r
)
2881 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR
);
2886 lsa_LSARADTREGISTERSECURITYEVENTSOURCE
2888 static NTSTATUS
lsa_LSARADTREGISTERSECURITYEVENTSOURCE(struct dcesrv_call_state
*dce_call
, TALLOC_CTX
*mem_ctx
,
2889 struct lsa_LSARADTREGISTERSECURITYEVENTSOURCE
*r
)
2891 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR
);
2896 lsa_LSARADTUNREGISTERSECURITYEVENTSOURCE
2898 static NTSTATUS
lsa_LSARADTUNREGISTERSECURITYEVENTSOURCE(struct dcesrv_call_state
*dce_call
, TALLOC_CTX
*mem_ctx
,
2899 struct lsa_LSARADTUNREGISTERSECURITYEVENTSOURCE
*r
)
2901 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR
);
2906 lsa_LSARADTREPORTSECURITYEVENT
2908 static NTSTATUS
lsa_LSARADTREPORTSECURITYEVENT(struct dcesrv_call_state
*dce_call
, TALLOC_CTX
*mem_ctx
,
2909 struct lsa_LSARADTREPORTSECURITYEVENT
*r
)
2911 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR
);
2915 /* include the generated boilerplate */
2916 #include "librpc/gen_ndr/ndr_lsa_s.c"