2004-05-27 08:13:58 +04:00
/*
Unix SMB / CIFS implementation .
endpoint server for the lsarpc pipe
Copyright ( C ) Andrew Tridgell 2004
2007-09-17 09:31:49 +04:00
Copyright ( C ) Andrew Bartlett < abartlet @ samba . org > 2004 - 2007
2004-05-27 08:13:58 +04:00
This program is free software ; you can redistribute it and / or modify
it under the terms of the GNU General Public License as published by
2007-07-10 06:07:03 +04:00
the Free Software Foundation ; either version 3 of the License , or
2004-05-27 08:13:58 +04:00
( at your option ) any later version .
This program is distributed in the hope that it will be useful ,
but WITHOUT ANY WARRANTY ; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE . See the
GNU General Public License for more details .
You should have received a copy of the GNU General Public License
2007-07-10 06:07:03 +04:00
along with this program . If not , see < http : //www.gnu.org/licenses/>.
2004-05-27 08:13:58 +04:00
*/
2007-09-17 09:31:49 +04:00
# include "rpc_server/lsa/lsa.h"
2007-11-16 22:12:00 +03:00
# include "util/util_ldb.h"
2007-12-06 23:39:49 +03:00
# include "libcli/ldap/ldap_ndr.h"
2008-08-26 06:18:26 +04:00
# include "system/kerberos.h"
# include "auth/kerberos/kerberos.h"
2004-05-27 08:13:58 +04:00
/*
this type allows us to distinguish handle types
*/
2004-12-19 08:01:52 +03:00
/*
state associated with a lsa_OpenAccount ( ) operation
*/
struct lsa_account_state {
struct lsa_policy_state * policy ;
uint32_t access_mask ;
struct dom_sid * account_sid ;
} ;
2005-01-11 17:04:58 +03:00
/*
state associated with a lsa_OpenSecret ( ) operation
*/
struct lsa_secret_state {
struct lsa_policy_state * policy ;
uint32_t access_mask ;
2006-08-31 12:22:13 +04:00
struct ldb_dn * secret_dn ;
2005-02-27 14:35:47 +03:00
struct ldb_context * sam_ldb ;
2007-10-07 02:25:41 +04:00
bool global ;
2005-01-11 17:04:58 +03:00
} ;
2005-01-12 05:40:25 +03:00
/*
state associated with a lsa_OpenTrustedDomain ( ) operation
*/
struct lsa_trusted_domain_state {
struct lsa_policy_state * policy ;
uint32_t access_mask ;
2006-11-22 03:59:34 +03:00
struct ldb_dn * trusted_domain_dn ;
2005-01-12 05:40:25 +03:00
} ;
2007-01-17 17:49:36 +03:00
static NTSTATUS dcesrv_lsa_EnumAccountRights ( struct dcesrv_call_state * dce_call ,
2006-07-06 09:23:29 +04:00
TALLOC_CTX * mem_ctx ,
struct lsa_EnumAccountRights * r ) ;
2007-01-17 17:49:36 +03:00
static NTSTATUS dcesrv_lsa_AddRemoveAccountRights ( struct dcesrv_call_state * dce_call ,
2006-07-06 09:23:29 +04:00
TALLOC_CTX * mem_ctx ,
struct lsa_policy_state * state ,
int ldb_flag ,
struct dom_sid * sid ,
const struct lsa_RightSet * rights ) ;
2004-05-27 08:13:58 +04:00
/*
lsa_Close
*/
2007-01-17 17:49:36 +03:00
static NTSTATUS dcesrv_lsa_Close ( struct dcesrv_call_state * dce_call , TALLOC_CTX * mem_ctx ,
2004-05-27 08:13:58 +04:00
struct lsa_Close * r )
{
struct dcesrv_handle * h ;
* r - > out . handle = * r - > in . handle ;
DCESRV_PULL_HANDLE ( h , r - > in . handle , DCESRV_HANDLE_ANY ) ;
2005-01-10 15:15:26 +03:00
talloc_free ( h ) ;
2004-05-27 08:13:58 +04:00
ZERO_STRUCTP ( r - > out . handle ) ;
return NT_STATUS_OK ;
}
/*
lsa_Delete
*/
2007-01-17 17:49:36 +03:00
static NTSTATUS dcesrv_lsa_Delete ( struct dcesrv_call_state * dce_call , TALLOC_CTX * mem_ctx ,
2004-05-27 08:13:58 +04:00
struct lsa_Delete * r )
2008-08-26 04:32:49 +04:00
{
return NT_STATUS_NOT_SUPPORTED ;
}
/*
lsa_DeleteObject
*/
static NTSTATUS dcesrv_lsa_DeleteObject ( struct dcesrv_call_state * dce_call , TALLOC_CTX * mem_ctx ,
struct lsa_DeleteObject * r )
2004-05-27 08:13:58 +04:00
{
2005-01-12 03:37:13 +03:00
struct dcesrv_handle * h ;
int ret ;
DCESRV_PULL_HANDLE ( h , r - > in . handle , DCESRV_HANDLE_ANY ) ;
2008-03-20 04:12:10 +03:00
2005-01-12 03:37:13 +03:00
if ( h - > wire_handle . handle_type = = LSA_HANDLE_SECRET ) {
struct lsa_secret_state * secret_state = h - > data ;
2008-03-20 04:12:10 +03:00
/* Ensure user is permitted to delete this... */
switch ( security_session_user_level ( dce_call - > conn - > auth_state . session_info ) )
{
case SECURITY_SYSTEM :
case SECURITY_ADMINISTRATOR :
break ;
default :
/* Users and annonymous are not allowed delete things */
return NT_STATUS_ACCESS_DENIED ;
}
2007-11-27 03:25:11 +03:00
ret = ldb_delete ( secret_state - > sam_ldb ,
secret_state - > secret_dn ) ;
2005-01-12 03:37:13 +03:00
talloc_free ( h ) ;
if ( ret ! = 0 ) {
return NT_STATUS_INVALID_HANDLE ;
}
2008-08-26 04:32:49 +04:00
ZERO_STRUCTP ( r - > out . handle ) ;
2005-01-12 05:40:25 +03:00
return NT_STATUS_OK ;
} else if ( h - > wire_handle . handle_type = = LSA_HANDLE_TRUSTED_DOMAIN ) {
struct lsa_trusted_domain_state * trusted_domain_state = h - > data ;
2007-11-27 03:25:11 +03:00
ret = ldb_delete ( trusted_domain_state - > policy - > sam_ldb ,
trusted_domain_state - > trusted_domain_dn ) ;
2005-01-12 05:40:25 +03:00
talloc_free ( h ) ;
if ( ret ! = 0 ) {
return NT_STATUS_INVALID_HANDLE ;
}
2008-08-26 04:32:49 +04:00
ZERO_STRUCTP ( r - > out . handle ) ;
2005-01-12 03:37:13 +03:00
return NT_STATUS_OK ;
2006-07-06 09:23:29 +04:00
} else if ( h - > wire_handle . handle_type = = LSA_HANDLE_ACCOUNT ) {
struct lsa_RightSet * rights ;
struct lsa_account_state * astate ;
struct lsa_EnumAccountRights r2 ;
NTSTATUS status ;
rights = talloc ( mem_ctx , struct lsa_RightSet ) ;
DCESRV_PULL_HANDLE ( h , r - > in . handle , LSA_HANDLE_ACCOUNT ) ;
astate = h - > data ;
r2 . in . handle = & astate - > policy - > handle - > wire_handle ;
r2 . in . sid = astate - > account_sid ;
r2 . out . rights = rights ;
2007-01-17 17:49:36 +03:00
status = dcesrv_lsa_EnumAccountRights ( dce_call , mem_ctx , & r2 ) ;
2006-07-06 09:23:29 +04:00
if ( NT_STATUS_EQUAL ( status , NT_STATUS_OBJECT_NAME_NOT_FOUND ) ) {
return NT_STATUS_OK ;
}
if ( ! NT_STATUS_IS_OK ( status ) ) {
return status ;
}
2007-01-17 17:49:36 +03:00
status = dcesrv_lsa_AddRemoveAccountRights ( dce_call , mem_ctx , astate - > policy ,
2006-07-06 09:23:29 +04:00
LDB_FLAG_MOD_DELETE , astate - > account_sid ,
r2 . out . rights ) ;
if ( NT_STATUS_EQUAL ( status , NT_STATUS_OBJECT_NAME_NOT_FOUND ) ) {
return NT_STATUS_OK ;
}
if ( ! NT_STATUS_IS_OK ( status ) ) {
return status ;
}
2008-08-26 04:32:49 +04:00
ZERO_STRUCTP ( r - > out . handle ) ;
2005-01-12 03:37:13 +03:00
}
return NT_STATUS_INVALID_HANDLE ;
2004-05-27 08:13:58 +04:00
}
/*
lsa_EnumPrivs
*/
2007-01-17 17:49:36 +03:00
static NTSTATUS dcesrv_lsa_EnumPrivs ( struct dcesrv_call_state * dce_call , TALLOC_CTX * mem_ctx ,
2004-05-27 08:13:58 +04:00
struct lsa_EnumPrivs * r )
{
2004-12-14 08:20:38 +03:00
struct dcesrv_handle * h ;
struct lsa_policy_state * state ;
int i ;
const char * privname ;
DCESRV_PULL_HANDLE ( h , r - > in . handle , LSA_HANDLE_POLICY ) ;
state = h - > data ;
i = * r - > in . resume_handle ;
if ( i = = 0 ) i = 1 ;
while ( ( privname = sec_privilege_name ( i ) ) & &
r - > out . privs - > count < r - > in . max_count ) {
struct lsa_PrivEntry * e ;
2005-01-27 10:08:20 +03:00
r - > out . privs - > privs = talloc_realloc ( r - > out . privs ,
2004-12-14 08:20:38 +03:00
r - > out . privs - > privs ,
struct lsa_PrivEntry ,
r - > out . privs - > count + 1 ) ;
if ( r - > out . privs - > privs = = NULL ) {
return NT_STATUS_NO_MEMORY ;
}
e = & r - > out . privs - > privs [ r - > out . privs - > count ] ;
2004-12-14 08:32:51 +03:00
e - > luid . low = i ;
e - > luid . high = 0 ;
2004-12-14 08:20:38 +03:00
e - > name . string = privname ;
r - > out . privs - > count + + ;
i + + ;
}
2004-12-30 22:08:32 +03:00
* r - > out . resume_handle = i ;
2004-12-14 08:20:38 +03:00
return NT_STATUS_OK ;
2004-05-27 08:13:58 +04:00
}
/*
lsa_QuerySecObj
*/
2007-01-17 17:49:36 +03:00
static NTSTATUS dcesrv_lsa_QuerySecurity ( struct dcesrv_call_state * dce_call , TALLOC_CTX * mem_ctx ,
2004-11-22 11:47:47 +03:00
struct lsa_QuerySecurity * r )
2004-05-27 08:13:58 +04:00
{
DCESRV_FAULT ( DCERPC_FAULT_OP_RNG_ERROR ) ;
}
/*
lsa_SetSecObj
*/
2007-01-17 17:49:36 +03:00
static NTSTATUS dcesrv_lsa_SetSecObj ( struct dcesrv_call_state * dce_call , TALLOC_CTX * mem_ctx ,
2004-05-27 08:13:58 +04:00
struct lsa_SetSecObj * r )
{
DCESRV_FAULT ( DCERPC_FAULT_OP_RNG_ERROR ) ;
}
/*
lsa_ChangePassword
*/
2007-01-17 17:49:36 +03:00
static NTSTATUS dcesrv_lsa_ChangePassword ( struct dcesrv_call_state * dce_call , TALLOC_CTX * mem_ctx ,
2004-05-27 08:13:58 +04:00
struct lsa_ChangePassword * r )
{
DCESRV_FAULT ( DCERPC_FAULT_OP_RNG_ERROR ) ;
}
2006-08-31 17:10:11 +04:00
/*
dssetup_DsRoleGetPrimaryDomainInformation
2006-09-11 09:11:10 +04:00
This is not an LSA call , but is the only call left on the DSSETUP
pipe ( after the pipe was truncated ) , and needs lsa_get_policy_state
2006-08-31 17:10:11 +04:00
*/
2007-01-17 17:49:36 +03:00
static WERROR dcesrv_dssetup_DsRoleGetPrimaryDomainInformation ( struct dcesrv_call_state * dce_call ,
2006-08-31 17:10:11 +04:00
TALLOC_CTX * mem_ctx ,
struct dssetup_DsRoleGetPrimaryDomainInformation * r )
{
union dssetup_DsRoleInfo * info ;
info = talloc ( mem_ctx , union dssetup_DsRoleInfo ) ;
W_ERROR_HAVE_NO_MEMORY ( info ) ;
switch ( r - > in . level ) {
case DS_ROLE_BASIC_INFORMATION :
{
enum dssetup_DsRole role = DS_ROLE_STANDALONE_SERVER ;
uint32_t flags = 0 ;
const char * domain = NULL ;
const char * dns_domain = NULL ;
const char * forest = NULL ;
struct GUID domain_guid ;
struct lsa_policy_state * state ;
2007-01-17 17:49:36 +03:00
NTSTATUS status = dcesrv_lsa_get_policy_state ( dce_call , mem_ctx , & state ) ;
2006-08-31 17:10:11 +04:00
if ( ! NT_STATUS_IS_OK ( status ) ) {
return ntstatus_to_werror ( status ) ;
}
ZERO_STRUCT ( domain_guid ) ;
2007-12-04 22:05:00 +03:00
switch ( lp_server_role ( dce_call - > conn - > dce_ctx - > lp_ctx ) ) {
2006-08-31 17:10:11 +04:00
case ROLE_STANDALONE :
role = DS_ROLE_STANDALONE_SERVER ;
break ;
case ROLE_DOMAIN_MEMBER :
role = DS_ROLE_MEMBER_SERVER ;
break ;
2006-12-13 14:19:51 +03:00
case ROLE_DOMAIN_CONTROLLER :
if ( samdb_is_pdc ( state - > sam_ldb ) ) {
role = DS_ROLE_PRIMARY_DC ;
} else {
role = DS_ROLE_BACKUP_DC ;
}
2006-08-31 17:10:11 +04:00
break ;
}
2007-12-04 22:05:00 +03:00
switch ( lp_server_role ( dce_call - > conn - > dce_ctx - > lp_ctx ) ) {
2006-08-31 17:10:11 +04:00
case ROLE_STANDALONE :
2007-12-04 22:05:00 +03:00
domain = talloc_strdup ( mem_ctx , lp_workgroup ( dce_call - > conn - > dce_ctx - > lp_ctx ) ) ;
2006-08-31 17:10:11 +04:00
W_ERROR_HAVE_NO_MEMORY ( domain ) ;
break ;
case ROLE_DOMAIN_MEMBER :
2007-12-04 22:05:00 +03:00
domain = talloc_strdup ( mem_ctx , lp_workgroup ( dce_call - > conn - > dce_ctx - > lp_ctx ) ) ;
2006-08-31 17:10:11 +04:00
W_ERROR_HAVE_NO_MEMORY ( domain ) ;
/* TODO: what is with dns_domain and forest and guid? */
break ;
2006-12-13 14:19:51 +03:00
case ROLE_DOMAIN_CONTROLLER :
2006-08-31 17:10:11 +04:00
flags = DS_ROLE_PRIMARY_DS_RUNNING ;
if ( state - > mixed_domain = = 1 ) {
flags | = DS_ROLE_PRIMARY_DS_MIXED_MODE ;
}
domain = state - > domain_name ;
dns_domain = state - > domain_dns ;
2007-02-22 16:15:49 +03:00
forest = state - > forest_dns ;
2006-08-31 17:10:11 +04:00
domain_guid = state - > domain_guid ;
flags | = DS_ROLE_PRIMARY_DOMAIN_GUID_PRESENT ;
break ;
}
info - > basic . role = role ;
info - > basic . flags = flags ;
info - > basic . domain = domain ;
info - > basic . dns_domain = dns_domain ;
info - > basic . forest = forest ;
info - > basic . domain_guid = domain_guid ;
r - > out . info = info ;
return WERR_OK ;
}
case DS_ROLE_UPGRADE_STATUS :
{
info - > upgrade . upgrading = DS_ROLE_NOT_UPGRADING ;
info - > upgrade . previous_role = DS_ROLE_PREVIOUS_UNKNOWN ;
r - > out . info = info ;
return WERR_OK ;
}
case DS_ROLE_OP_STATUS :
{
info - > opstatus . status = DS_ROLE_OP_IDLE ;
r - > out . info = info ;
return WERR_OK ;
}
default :
return WERR_INVALID_PARAM ;
}
return WERR_INVALID_PARAM ;
}
2004-05-27 08:13:58 +04:00
/*
fill in the AccountDomain info
*/
2007-01-17 17:49:36 +03:00
static NTSTATUS dcesrv_lsa_info_AccountDomain ( struct lsa_policy_state * state , TALLOC_CTX * mem_ctx ,
2004-05-27 08:13:58 +04:00
struct lsa_DomainInfo * info )
{
2005-08-03 09:25:30 +04:00
info - > name . string = state - > domain_name ;
info - > sid = state - > domain_sid ;
2004-05-27 08:13:58 +04:00
return NT_STATUS_OK ;
}
2004-05-27 10:27:21 +04:00
/*
fill in the DNS domain info
*/
2007-01-17 17:49:36 +03:00
static NTSTATUS dcesrv_lsa_info_DNS ( struct lsa_policy_state * state , TALLOC_CTX * mem_ctx ,
2004-05-27 10:27:21 +04:00
struct lsa_DnsDomainInfo * info )
{
2005-08-03 09:25:30 +04:00
info - > name . string = state - > domain_name ;
info - > sid = state - > domain_sid ;
2006-08-31 12:22:13 +04:00
info - > dns_domain . string = state - > domain_dns ;
2007-02-22 16:15:49 +03:00
info - > dns_forest . string = state - > forest_dns ;
2006-08-31 12:22:13 +04:00
info - > domain_guid = state - > domain_guid ;
2004-05-27 10:27:21 +04:00
return NT_STATUS_OK ;
}
2004-05-27 08:13:58 +04:00
/*
2004-05-27 10:27:21 +04:00
lsa_QueryInfoPolicy2
2004-05-27 08:13:58 +04:00
*/
2007-01-17 17:49:36 +03:00
static NTSTATUS dcesrv_lsa_QueryInfoPolicy2 ( struct dcesrv_call_state * dce_call , TALLOC_CTX * mem_ctx ,
2004-05-27 10:27:21 +04:00
struct lsa_QueryInfoPolicy2 * r )
2004-05-27 08:13:58 +04:00
{
struct lsa_policy_state * state ;
struct dcesrv_handle * h ;
r - > out . info = NULL ;
DCESRV_PULL_HANDLE ( h , r - > in . handle , LSA_HANDLE_POLICY ) ;
state = h - > data ;
2005-01-27 10:08:20 +03:00
r - > out . info = talloc ( mem_ctx , union lsa_PolicyInformation ) ;
2004-05-27 08:13:58 +04:00
if ( ! r - > out . info ) {
return NT_STATUS_NO_MEMORY ;
}
ZERO_STRUCTP ( r - > out . info ) ;
switch ( r - > in . level ) {
2004-05-27 10:27:21 +04:00
case LSA_POLICY_INFO_DOMAIN :
2004-05-27 08:13:58 +04:00
case LSA_POLICY_INFO_ACCOUNT_DOMAIN :
2007-01-17 17:49:36 +03:00
return dcesrv_lsa_info_AccountDomain ( state , mem_ctx , & r - > out . info - > account_domain ) ;
2004-05-27 10:27:21 +04:00
case LSA_POLICY_INFO_DNS :
2007-01-17 17:49:36 +03:00
return dcesrv_lsa_info_DNS ( state , mem_ctx , & r - > out . info - > dns ) ;
2007-09-17 09:31:49 +04:00
case LSA_POLICY_INFO_DB :
case LSA_POLICY_INFO_AUDIT_FULL_SET :
case LSA_POLICY_INFO_AUDIT_FULL_QUERY :
return NT_STATUS_INVALID_PARAMETER ;
2004-05-27 08:13:58 +04:00
}
return NT_STATUS_INVALID_INFO_CLASS ;
}
2004-05-27 10:27:21 +04:00
/*
lsa_QueryInfoPolicy
*/
2007-01-17 17:49:36 +03:00
static NTSTATUS dcesrv_lsa_QueryInfoPolicy ( struct dcesrv_call_state * dce_call , TALLOC_CTX * mem_ctx ,
2004-05-27 10:27:21 +04:00
struct lsa_QueryInfoPolicy * r )
{
struct lsa_QueryInfoPolicy2 r2 ;
NTSTATUS status ;
r2 . in . handle = r - > in . handle ;
r2 . in . level = r - > in . level ;
2007-01-17 17:49:36 +03:00
status = dcesrv_lsa_QueryInfoPolicy2 ( dce_call , mem_ctx , & r2 ) ;
2004-05-27 10:27:21 +04:00
r - > out . info = r2 . out . info ;
return status ;
}
2004-05-27 08:13:58 +04:00
/*
lsa_SetInfoPolicy
*/
2007-01-17 17:49:36 +03:00
static NTSTATUS dcesrv_lsa_SetInfoPolicy ( struct dcesrv_call_state * dce_call , TALLOC_CTX * mem_ctx ,
2004-05-27 08:13:58 +04:00
struct lsa_SetInfoPolicy * r )
{
DCESRV_FAULT ( DCERPC_FAULT_OP_RNG_ERROR ) ;
}
/*
lsa_ClearAuditLog
*/
2007-01-17 17:49:36 +03:00
static NTSTATUS dcesrv_lsa_ClearAuditLog ( struct dcesrv_call_state * dce_call , TALLOC_CTX * mem_ctx ,
2004-05-27 08:13:58 +04:00
struct lsa_ClearAuditLog * r )
{
DCESRV_FAULT ( DCERPC_FAULT_OP_RNG_ERROR ) ;
}
/*
lsa_CreateAccount
2008-03-20 04:12:10 +03:00
This call does not seem to have any long - term effects , hence no database operations
2004-05-27 08:13:58 +04:00
*/
2007-01-17 17:49:36 +03:00
static NTSTATUS dcesrv_lsa_CreateAccount ( struct dcesrv_call_state * dce_call , TALLOC_CTX * mem_ctx ,
2004-05-27 08:13:58 +04:00
struct lsa_CreateAccount * r )
{
2006-07-06 09:23:29 +04:00
struct lsa_account_state * astate ;
struct lsa_policy_state * state ;
struct dcesrv_handle * h , * ah ;
ZERO_STRUCTP ( r - > out . acct_handle ) ;
DCESRV_PULL_HANDLE ( h , r - > in . handle , LSA_HANDLE_POLICY ) ;
state = h - > data ;
astate = talloc ( dce_call - > conn , struct lsa_account_state ) ;
if ( astate = = NULL ) {
return NT_STATUS_NO_MEMORY ;
}
astate - > account_sid = dom_sid_dup ( astate , r - > in . sid ) ;
if ( astate - > account_sid = = NULL ) {
talloc_free ( astate ) ;
return NT_STATUS_NO_MEMORY ;
}
astate - > policy = talloc_reference ( astate , state ) ;
astate - > access_mask = r - > in . access_mask ;
ah = dcesrv_handle_new ( dce_call - > context , LSA_HANDLE_ACCOUNT ) ;
if ( ! ah ) {
talloc_free ( astate ) ;
return NT_STATUS_NO_MEMORY ;
}
ah - > data = talloc_steal ( ah , astate ) ;
* r - > out . acct_handle = ah - > wire_handle ;
return NT_STATUS_OK ;
2004-05-27 08:13:58 +04:00
}
/*
lsa_EnumAccounts
*/
2007-01-17 17:49:36 +03:00
static NTSTATUS dcesrv_lsa_EnumAccounts ( struct dcesrv_call_state * dce_call , TALLOC_CTX * mem_ctx ,
2004-05-27 08:13:58 +04:00
struct lsa_EnumAccounts * r )
{
2004-12-19 08:53:13 +03:00
struct dcesrv_handle * h ;
struct lsa_policy_state * state ;
int ret , i ;
struct ldb_message * * res ;
const char * const attrs [ ] = { " objectSid " , NULL } ;
uint32_t count ;
DCESRV_PULL_HANDLE ( h , r - > in . handle , LSA_HANDLE_POLICY ) ;
state = h - > data ;
2006-07-06 09:23:29 +04:00
/* NOTE: This call must only return accounts that have at least
one privilege set
*/
2006-08-25 11:08:06 +04:00
ret = gendb_search ( state - > sam_ldb , mem_ctx , NULL , & res , attrs ,
2006-07-06 09:23:29 +04:00
" (&(objectSid=*)(privilege=*)) " ) ;
if ( ret < 0 ) {
2004-12-19 08:53:13 +03:00
return NT_STATUS_NO_SUCH_USER ;
}
if ( * r - > in . resume_handle > = ret ) {
return NT_STATUS_NO_MORE_ENTRIES ;
}
count = ret - * r - > in . resume_handle ;
if ( count > r - > in . num_entries ) {
count = r - > in . num_entries ;
}
if ( count = = 0 ) {
return NT_STATUS_NO_MORE_ENTRIES ;
}
2005-01-27 10:08:20 +03:00
r - > out . sids - > sids = talloc_array ( r - > out . sids , struct lsa_SidPtr , count ) ;
2004-12-19 08:53:13 +03:00
if ( r - > out . sids - > sids = = NULL ) {
return NT_STATUS_NO_MEMORY ;
}
for ( i = 0 ; i < count ; i + + ) {
2005-06-24 04:18:20 +04:00
r - > out . sids - > sids [ i ] . sid =
samdb_result_dom_sid ( r - > out . sids - > sids ,
res [ i + * r - > in . resume_handle ] ,
" objectSid " ) ;
NT_STATUS_HAVE_NO_MEMORY ( r - > out . sids - > sids [ i ] . sid ) ;
2004-12-19 08:53:13 +03:00
}
r - > out . sids - > num_sids = count ;
* r - > out . resume_handle = count + * r - > in . resume_handle ;
return NT_STATUS_OK ;
2004-05-27 08:13:58 +04:00
}
2005-01-12 05:40:25 +03:00
/*
lsa_CreateTrustedDomainEx2
*/
2007-01-17 17:49:36 +03:00
static NTSTATUS dcesrv_lsa_CreateTrustedDomainEx2 ( struct dcesrv_call_state * dce_call ,
2005-01-12 05:40:25 +03:00
TALLOC_CTX * mem_ctx ,
struct lsa_CreateTrustedDomainEx2 * r )
{
DCESRV_FAULT ( DCERPC_FAULT_OP_RNG_ERROR ) ;
}
/*
lsa_CreateTrustedDomainEx
*/
2007-01-17 17:49:36 +03:00
static NTSTATUS dcesrv_lsa_CreateTrustedDomainEx ( struct dcesrv_call_state * dce_call ,
2005-01-12 05:40:25 +03:00
TALLOC_CTX * mem_ctx ,
struct lsa_CreateTrustedDomainEx * r )
{
DCESRV_FAULT ( DCERPC_FAULT_OP_RNG_ERROR ) ;
}
2004-05-27 08:13:58 +04:00
/*
lsa_CreateTrustedDomain
*/
2007-01-17 17:49:36 +03:00
static NTSTATUS dcesrv_lsa_CreateTrustedDomain ( struct dcesrv_call_state * dce_call , TALLOC_CTX * mem_ctx ,
2004-05-27 08:13:58 +04:00
struct lsa_CreateTrustedDomain * r )
2005-01-12 05:40:25 +03:00
{
struct dcesrv_handle * policy_handle ;
struct lsa_policy_state * policy_state ;
struct lsa_trusted_domain_state * trusted_domain_state ;
struct dcesrv_handle * handle ;
struct ldb_message * * msgs , * msg ;
const char * attrs [ ] = {
NULL
} ;
const char * name ;
int ret ;
DCESRV_PULL_HANDLE ( policy_handle , r - > in . handle , LSA_HANDLE_POLICY ) ;
ZERO_STRUCTP ( r - > out . trustdom_handle ) ;
policy_state = policy_handle - > data ;
if ( ! r - > in . info - > name . string ) {
return NT_STATUS_INVALID_PARAMETER ;
}
name = r - > in . info - > name . string ;
trusted_domain_state = talloc ( mem_ctx , struct lsa_trusted_domain_state ) ;
if ( ! trusted_domain_state ) {
return NT_STATUS_NO_MEMORY ;
}
trusted_domain_state - > policy = policy_state ;
msg = ldb_msg_new ( mem_ctx ) ;
if ( msg = = NULL ) {
return NT_STATUS_NO_MEMORY ;
}
/* search for the trusted_domain record */
2005-03-23 04:30:43 +03:00
ret = gendb_search ( trusted_domain_state - > policy - > sam_ldb ,
2005-01-12 05:40:25 +03:00
mem_ctx , policy_state - > system_dn , & msgs , attrs ,
" (&(cn=%s)(objectclass=trustedDomain)) " ,
2005-12-19 10:07:11 +03:00
ldb_binary_encode_string ( mem_ctx , r - > in . info - > name . string ) ) ;
2005-01-12 05:40:25 +03:00
if ( ret > 0 ) {
return NT_STATUS_OBJECT_NAME_COLLISION ;
}
if ( ret < 0 | | ret > 1 ) {
2005-08-18 19:02:01 +04:00
DEBUG ( 0 , ( " Found %d records matching DN %s \n " , ret ,
2006-11-22 05:05:19 +03:00
ldb_dn_get_linearized ( policy_state - > system_dn ) ) ) ;
2005-01-12 05:40:25 +03:00
return NT_STATUS_INTERNAL_DB_CORRUPTION ;
}
2006-11-22 03:59:34 +03:00
msg - > dn = ldb_dn_copy ( mem_ctx , policy_state - > system_dn ) ;
2006-12-27 06:23:25 +03:00
if ( ! ldb_dn_add_child_fmt ( msg - > dn , " cn=%s " , name ) ) {
2005-01-12 05:40:25 +03:00
return NT_STATUS_NO_MEMORY ;
}
2005-02-27 14:35:47 +03:00
samdb_msg_add_string ( trusted_domain_state - > policy - > sam_ldb , mem_ctx , msg , " flatname " , name ) ;
2005-01-12 05:40:25 +03:00
if ( r - > in . info - > sid ) {
const char * sid_string = dom_sid_string ( mem_ctx , r - > in . info - > sid ) ;
if ( ! sid_string ) {
return NT_STATUS_NO_MEMORY ;
}
2005-02-27 14:35:47 +03:00
samdb_msg_add_string ( trusted_domain_state - > policy - > sam_ldb , mem_ctx , msg , " securityIdentifier " , sid_string ) ;
2005-01-12 05:40:25 +03:00
}
2005-02-27 14:35:47 +03:00
samdb_msg_add_string ( trusted_domain_state - > policy - > sam_ldb , mem_ctx , msg , " objectClass " , " trustedDomain " ) ;
2005-01-12 05:40:25 +03:00
trusted_domain_state - > trusted_domain_dn = talloc_reference ( trusted_domain_state , msg - > dn ) ;
/* create the trusted_domain */
2006-08-31 12:22:13 +04:00
ret = ldb_add ( trusted_domain_state - > policy - > sam_ldb , msg ) ;
2008-03-13 08:35:11 +03:00
switch ( ret ) {
case LDB_SUCCESS :
break ;
case LDB_ERR_ENTRY_ALREADY_EXISTS :
ldb_transaction_cancel ( trusted_domain_state - > policy - > sam_ldb ) ;
DEBUG ( 0 , ( " Failed to create trusted domain record %s: %s \n " ,
ldb_dn_get_linearized ( msg - > dn ) ,
ldb_errstring ( trusted_domain_state - > policy - > sam_ldb ) ) ) ;
return NT_STATUS_DOMAIN_EXISTS ;
case LDB_ERR_INSUFFICIENT_ACCESS_RIGHTS :
ldb_transaction_cancel ( trusted_domain_state - > policy - > sam_ldb ) ;
DEBUG ( 0 , ( " Failed to create trusted domain record %s: %s \n " ,
ldb_dn_get_linearized ( msg - > dn ) ,
ldb_errstring ( trusted_domain_state - > policy - > sam_ldb ) ) ) ;
return NT_STATUS_ACCESS_DENIED ;
default :
ldb_transaction_cancel ( trusted_domain_state - > policy - > sam_ldb ) ;
DEBUG ( 0 , ( " Failed to create user record %s: %s \n " ,
ldb_dn_get_linearized ( msg - > dn ) ,
ldb_errstring ( trusted_domain_state - > policy - > sam_ldb ) ) ) ;
2005-01-12 05:40:25 +03:00
return NT_STATUS_INTERNAL_DB_CORRUPTION ;
}
handle = dcesrv_handle_new ( dce_call - > context , LSA_HANDLE_TRUSTED_DOMAIN ) ;
if ( ! handle ) {
return NT_STATUS_NO_MEMORY ;
}
handle - > data = talloc_steal ( handle , trusted_domain_state ) ;
trusted_domain_state - > access_mask = r - > in . access_mask ;
trusted_domain_state - > policy = talloc_reference ( trusted_domain_state , policy_state ) ;
* r - > out . trustdom_handle = handle - > wire_handle ;
return NT_STATUS_OK ;
}
/*
lsa_OpenTrustedDomain
*/
2007-01-17 17:49:36 +03:00
static NTSTATUS dcesrv_lsa_OpenTrustedDomain ( struct dcesrv_call_state * dce_call , TALLOC_CTX * mem_ctx ,
2005-01-12 05:40:25 +03:00
struct lsa_OpenTrustedDomain * r )
{
struct dcesrv_handle * policy_handle ;
struct lsa_policy_state * policy_state ;
struct lsa_trusted_domain_state * trusted_domain_state ;
struct dcesrv_handle * handle ;
struct ldb_message * * msgs ;
const char * attrs [ ] = {
NULL
} ;
const char * sid_string ;
int ret ;
DCESRV_PULL_HANDLE ( policy_handle , r - > in . handle , LSA_HANDLE_POLICY ) ;
ZERO_STRUCTP ( r - > out . trustdom_handle ) ;
policy_state = policy_handle - > data ;
trusted_domain_state = talloc ( mem_ctx , struct lsa_trusted_domain_state ) ;
if ( ! trusted_domain_state ) {
return NT_STATUS_NO_MEMORY ;
}
trusted_domain_state - > policy = policy_state ;
sid_string = dom_sid_string ( mem_ctx , r - > in . sid ) ;
if ( ! sid_string ) {
return NT_STATUS_NO_MEMORY ;
}
/* search for the trusted_domain record */
2005-03-23 04:30:43 +03:00
ret = gendb_search ( trusted_domain_state - > policy - > sam_ldb ,
2005-01-12 05:40:25 +03:00
mem_ctx , policy_state - > system_dn , & msgs , attrs ,
" (&(securityIdentifier=%s)(objectclass=trustedDomain)) " ,
sid_string ) ;
if ( ret = = 0 ) {
return NT_STATUS_OBJECT_NAME_NOT_FOUND ;
}
if ( ret ! = 1 ) {
2005-08-18 19:02:01 +04:00
DEBUG ( 0 , ( " Found %d records matching DN %s \n " , ret ,
2006-11-22 05:05:19 +03:00
ldb_dn_get_linearized ( policy_state - > system_dn ) ) ) ;
2005-01-12 05:40:25 +03:00
return NT_STATUS_INTERNAL_DB_CORRUPTION ;
}
trusted_domain_state - > trusted_domain_dn = talloc_reference ( trusted_domain_state , msgs [ 0 ] - > dn ) ;
handle = dcesrv_handle_new ( dce_call - > context , LSA_HANDLE_TRUSTED_DOMAIN ) ;
if ( ! handle ) {
return NT_STATUS_NO_MEMORY ;
}
handle - > data = talloc_steal ( handle , trusted_domain_state ) ;
trusted_domain_state - > access_mask = r - > in . access_mask ;
trusted_domain_state - > policy = talloc_reference ( trusted_domain_state , policy_state ) ;
* r - > out . trustdom_handle = handle - > wire_handle ;
return NT_STATUS_OK ;
}
/*
lsa_OpenTrustedDomainByName
*/
2007-01-17 17:49:36 +03:00
static NTSTATUS dcesrv_lsa_OpenTrustedDomainByName ( struct dcesrv_call_state * dce_call ,
2005-01-12 05:40:25 +03:00
TALLOC_CTX * mem_ctx ,
struct lsa_OpenTrustedDomainByName * r )
{
struct dcesrv_handle * policy_handle ;
struct lsa_policy_state * policy_state ;
struct lsa_trusted_domain_state * trusted_domain_state ;
struct dcesrv_handle * handle ;
struct ldb_message * * msgs ;
const char * attrs [ ] = {
NULL
} ;
int ret ;
DCESRV_PULL_HANDLE ( policy_handle , r - > in . handle , LSA_HANDLE_POLICY ) ;
ZERO_STRUCTP ( r - > out . trustdom_handle ) ;
policy_state = policy_handle - > data ;
if ( ! r - > in . name . string ) {
return NT_STATUS_INVALID_PARAMETER ;
}
trusted_domain_state = talloc ( mem_ctx , struct lsa_trusted_domain_state ) ;
if ( ! trusted_domain_state ) {
return NT_STATUS_NO_MEMORY ;
}
2005-01-12 10:57:33 +03:00
trusted_domain_state - > policy = policy_state ;
2005-01-12 05:40:25 +03:00
/* search for the trusted_domain record */
2005-03-23 04:30:43 +03:00
ret = gendb_search ( trusted_domain_state - > policy - > sam_ldb ,
2005-01-12 05:40:25 +03:00
mem_ctx , policy_state - > system_dn , & msgs , attrs ,
2005-01-12 10:57:33 +03:00
" (&(flatname=%s)(objectclass=trustedDomain)) " ,
2005-12-19 10:07:11 +03:00
ldb_binary_encode_string ( mem_ctx , r - > in . name . string ) ) ;
2005-01-12 05:40:25 +03:00
if ( ret = = 0 ) {
return NT_STATUS_OBJECT_NAME_NOT_FOUND ;
}
if ( ret ! = 1 ) {
2005-08-18 19:02:01 +04:00
DEBUG ( 0 , ( " Found %d records matching DN %s \n " , ret ,
2006-11-22 05:05:19 +03:00
ldb_dn_get_linearized ( policy_state - > system_dn ) ) ) ;
2005-01-12 05:40:25 +03:00
return NT_STATUS_INTERNAL_DB_CORRUPTION ;
}
trusted_domain_state - > trusted_domain_dn = talloc_reference ( trusted_domain_state , msgs [ 0 ] - > dn ) ;
handle = dcesrv_handle_new ( dce_call - > context , LSA_HANDLE_TRUSTED_DOMAIN ) ;
if ( ! handle ) {
return NT_STATUS_NO_MEMORY ;
}
handle - > data = talloc_steal ( handle , trusted_domain_state ) ;
trusted_domain_state - > access_mask = r - > in . access_mask ;
trusted_domain_state - > policy = talloc_reference ( trusted_domain_state , policy_state ) ;
* r - > out . trustdom_handle = handle - > wire_handle ;
return NT_STATUS_OK ;
}
2006-08-31 12:22:13 +04:00
2005-01-12 05:40:25 +03:00
/*
2006-08-31 12:22:13 +04:00
lsa_SetTrustedDomainInfo
2005-01-12 05:40:25 +03:00
*/
2007-01-17 17:49:36 +03:00
static NTSTATUS dcesrv_lsa_SetTrustedDomainInfo ( struct dcesrv_call_state * dce_call , TALLOC_CTX * mem_ctx ,
2006-08-31 12:22:13 +04:00
struct lsa_SetTrustedDomainInfo * r )
2005-01-12 05:40:25 +03:00
{
DCESRV_FAULT ( DCERPC_FAULT_OP_RNG_ERROR ) ;
}
2006-08-31 12:22:13 +04:00
2005-01-12 05:40:25 +03:00
/*
2006-08-31 12:22:13 +04:00
lsa_SetInfomrationTrustedDomain
2005-01-12 05:40:25 +03:00
*/
2007-01-17 17:49:36 +03:00
static NTSTATUS dcesrv_lsa_SetInformationTrustedDomain ( struct dcesrv_call_state * dce_call ,
2006-08-31 12:22:13 +04:00
TALLOC_CTX * mem_ctx ,
struct lsa_SetInformationTrustedDomain * r )
2005-01-12 05:40:25 +03:00
{
DCESRV_FAULT ( DCERPC_FAULT_OP_RNG_ERROR ) ;
}
/*
2006-08-31 12:22:13 +04:00
lsa_DeleteTrustedDomain
2005-01-12 05:40:25 +03:00
*/
2007-01-17 17:49:36 +03:00
static NTSTATUS dcesrv_lsa_DeleteTrustedDomain ( struct dcesrv_call_state * dce_call , TALLOC_CTX * mem_ctx ,
2006-08-31 12:22:13 +04:00
struct lsa_DeleteTrustedDomain * r )
2005-01-12 05:40:25 +03:00
{
2006-08-31 12:22:13 +04:00
NTSTATUS status ;
struct lsa_OpenTrustedDomain open ;
2008-08-26 04:32:49 +04:00
struct lsa_DeleteObject delete ;
2006-08-31 12:22:13 +04:00
struct dcesrv_handle * h ;
open . in . handle = r - > in . handle ;
open . in . sid = r - > in . dom_sid ;
open . in . access_mask = SEC_FLAG_MAXIMUM_ALLOWED ;
open . out . trustdom_handle = talloc ( mem_ctx , struct policy_handle ) ;
if ( ! open . out . trustdom_handle ) {
return NT_STATUS_NO_MEMORY ;
}
2007-01-17 17:49:36 +03:00
status = dcesrv_lsa_OpenTrustedDomain ( dce_call , mem_ctx , & open ) ;
2006-08-31 12:22:13 +04:00
if ( ! NT_STATUS_IS_OK ( status ) ) {
return status ;
}
DCESRV_PULL_HANDLE ( h , open . out . trustdom_handle , DCESRV_HANDLE_ANY ) ;
talloc_steal ( mem_ctx , h ) ;
delete . in . handle = open . out . trustdom_handle ;
2008-08-26 04:32:49 +04:00
delete . out . handle = open . out . trustdom_handle ;
status = dcesrv_lsa_DeleteObject ( dce_call , mem_ctx , & delete ) ;
2006-08-31 12:22:13 +04:00
if ( ! NT_STATUS_IS_OK ( status ) ) {
return status ;
}
return NT_STATUS_OK ;
2005-01-12 05:40:25 +03:00
}
2006-08-31 12:22:13 +04:00
static NTSTATUS fill_trust_domain_ex ( TALLOC_CTX * mem_ctx ,
struct ldb_message * msg ,
struct lsa_TrustDomainInfoInfoEx * info_ex )
{
info_ex - > domain_name . string
= ldb_msg_find_attr_as_string ( msg , " trustPartner " , NULL ) ;
info_ex - > netbios_name . string
= ldb_msg_find_attr_as_string ( msg , " flatname " , NULL ) ;
info_ex - > sid
= samdb_result_dom_sid ( mem_ctx , msg , " securityIdentifier " ) ;
info_ex - > trust_direction
= ldb_msg_find_attr_as_int ( msg , " trustDirection " , 0 ) ;
info_ex - > trust_type
= ldb_msg_find_attr_as_int ( msg , " trustType " , 0 ) ;
info_ex - > trust_attributes
= ldb_msg_find_attr_as_int ( msg , " trustAttributes " , 0 ) ;
return NT_STATUS_OK ;
}
2005-01-12 05:40:25 +03:00
/*
lsa_QueryTrustedDomainInfo
*/
2007-01-17 17:49:36 +03:00
static NTSTATUS dcesrv_lsa_QueryTrustedDomainInfo ( struct dcesrv_call_state * dce_call , TALLOC_CTX * mem_ctx ,
2005-01-12 14:54:11 +03:00
struct lsa_QueryTrustedDomainInfo * r )
2005-01-12 05:40:25 +03:00
{
2005-01-12 14:54:11 +03:00
struct dcesrv_handle * h ;
struct lsa_trusted_domain_state * trusted_domain_state ;
struct ldb_message * msg ;
int ret ;
struct ldb_message * * res ;
const char * attrs [ ] = {
2006-08-31 12:22:13 +04:00
" flatname " ,
" trustPartner " ,
2005-01-12 14:54:11 +03:00
" securityIdentifier " ,
2006-08-31 12:22:13 +04:00
" trustDirection " ,
" trustType " ,
" trustAttributes " ,
2008-08-26 04:32:49 +04:00
" msDs-supportedEncryptionTypes " ,
2005-01-12 14:54:11 +03:00
NULL
} ;
DCESRV_PULL_HANDLE ( h , r - > in . trustdom_handle , LSA_HANDLE_TRUSTED_DOMAIN ) ;
trusted_domain_state = h - > data ;
/* pull all the user attributes */
2005-06-14 23:15:17 +04:00
ret = gendb_search_dn ( trusted_domain_state - > policy - > sam_ldb , mem_ctx ,
trusted_domain_state - > trusted_domain_dn , & res , attrs ) ;
2005-01-12 14:54:11 +03:00
if ( ret ! = 1 ) {
return NT_STATUS_INTERNAL_DB_CORRUPTION ;
}
msg = res [ 0 ] ;
r - > out . info = talloc ( mem_ctx , union lsa_TrustedDomainInfo ) ;
if ( ! r - > out . info ) {
return NT_STATUS_NO_MEMORY ;
}
switch ( r - > in . level ) {
case LSA_TRUSTED_DOMAIN_INFO_NAME :
r - > out . info - > name . netbios_name . string
= samdb_result_string ( msg , " flatname " , NULL ) ;
break ;
case LSA_TRUSTED_DOMAIN_INFO_POSIX_OFFSET :
r - > out . info - > posix_offset . posix_offset
= samdb_result_uint ( msg , " posixOffset " , 0 ) ;
break ;
2006-08-31 12:22:13 +04:00
#if 0 /* Win2k3 doesn't implement this */
case LSA_TRUSTED_DOMAIN_INFO_BASIC :
r - > out . info - > info_basic . netbios_name . string
= ldb_msg_find_attr_as_string ( msg , " flatname " , NULL ) ;
r - > out . info - > info_basic . sid
= samdb_result_dom_sid ( mem_ctx , msg , " securityIdentifier " ) ;
break ;
# endif
case LSA_TRUSTED_DOMAIN_INFO_INFO_EX :
return fill_trust_domain_ex ( mem_ctx , msg , & r - > out . info - > info_ex ) ;
case LSA_TRUSTED_DOMAIN_INFO_FULL_INFO :
ZERO_STRUCT ( r - > out . info - > full_info ) ;
return fill_trust_domain_ex ( mem_ctx , msg , & r - > out . info - > full_info . info_ex ) ;
2008-08-26 04:32:49 +04:00
case LSA_TRUSTED_DOMAIN_INFO_FULL_INFO_2_INTERNAL :
ZERO_STRUCT ( r - > out . info - > info2_internal ) ;
r - > out . info - > info2_internal . posix_offset . posix_offset
= samdb_result_uint ( msg , " posixOffset " , 0 ) ;
return fill_trust_domain_ex ( mem_ctx , msg , & r - > out . info - > info2_internal . info_ex ) ;
case LSA_TRUSTED_DOMAIN_SUPPORTED_ENCRTYPION_TYPES :
r - > out . info - > enc_types . enc_types
= samdb_result_uint ( msg , " msDs-supportedEncryptionTypes " , KERB_ENCTYPE_RC4_HMAC_MD5 ) ;
break ;
2006-08-31 12:22:13 +04:00
2008-08-26 04:32:49 +04:00
case LSA_TRUSTED_DOMAIN_INFO_CONTROLLERS :
case LSA_TRUSTED_DOMAIN_INFO_INFO_EX2_INTERNAL :
2006-08-31 12:22:13 +04:00
/* oops, we don't want to return the info after all */
talloc_free ( r - > out . info ) ;
r - > out . info = NULL ;
return NT_STATUS_INVALID_PARAMETER ;
2005-01-12 14:54:11 +03:00
default :
/* oops, we don't want to return the info after all */
talloc_free ( r - > out . info ) ;
r - > out . info = NULL ;
return NT_STATUS_INVALID_INFO_CLASS ;
}
return NT_STATUS_OK ;
2005-01-12 05:40:25 +03:00
}
/*
2006-08-31 12:22:13 +04:00
lsa_QueryTrustedDomainInfoBySid
2005-01-12 05:40:25 +03:00
*/
2007-01-17 17:49:36 +03:00
static NTSTATUS dcesrv_lsa_QueryTrustedDomainInfoBySid ( struct dcesrv_call_state * dce_call , TALLOC_CTX * mem_ctx ,
2006-08-31 12:22:13 +04:00
struct lsa_QueryTrustedDomainInfoBySid * r )
2005-01-12 05:40:25 +03:00
{
2006-08-31 12:22:13 +04:00
NTSTATUS status ;
struct lsa_OpenTrustedDomain open ;
struct lsa_QueryTrustedDomainInfo query ;
struct dcesrv_handle * h ;
open . in . handle = r - > in . handle ;
open . in . sid = r - > in . dom_sid ;
open . in . access_mask = SEC_FLAG_MAXIMUM_ALLOWED ;
open . out . trustdom_handle = talloc ( mem_ctx , struct policy_handle ) ;
if ( ! open . out . trustdom_handle ) {
return NT_STATUS_NO_MEMORY ;
}
2007-01-17 17:49:36 +03:00
status = dcesrv_lsa_OpenTrustedDomain ( dce_call , mem_ctx , & open ) ;
2006-08-31 12:22:13 +04:00
if ( ! NT_STATUS_IS_OK ( status ) ) {
return status ;
}
2005-01-12 05:40:25 +03:00
2006-08-31 12:22:13 +04:00
/* Ensure this handle goes away at the end of this call */
DCESRV_PULL_HANDLE ( h , open . out . trustdom_handle , DCESRV_HANDLE_ANY ) ;
talloc_steal ( mem_ctx , h ) ;
query . in . trustdom_handle = open . out . trustdom_handle ;
query . in . level = r - > in . level ;
2007-01-17 17:49:36 +03:00
status = dcesrv_lsa_QueryTrustedDomainInfo ( dce_call , mem_ctx , & query ) ;
2006-08-31 12:22:13 +04:00
if ( ! NT_STATUS_IS_OK ( status ) ) {
return status ;
}
r - > out . info = query . out . info ;
return NT_STATUS_OK ;
2005-01-12 05:40:25 +03:00
}
/*
lsa_SetTrustedDomainInfoByName
*/
2007-01-17 17:49:36 +03:00
static NTSTATUS dcesrv_lsa_SetTrustedDomainInfoByName ( struct dcesrv_call_state * dce_call ,
2005-01-12 05:40:25 +03:00
TALLOC_CTX * mem_ctx ,
struct lsa_SetTrustedDomainInfoByName * r )
{
DCESRV_FAULT ( DCERPC_FAULT_OP_RNG_ERROR ) ;
}
2006-08-31 12:22:13 +04:00
/*
lsa_QueryTrustedDomainInfoByName
2005-01-12 05:40:25 +03:00
*/
2007-01-17 17:49:36 +03:00
static NTSTATUS dcesrv_lsa_QueryTrustedDomainInfoByName ( struct dcesrv_call_state * dce_call ,
2006-08-31 12:22:13 +04:00
TALLOC_CTX * mem_ctx ,
struct lsa_QueryTrustedDomainInfoByName * r )
2005-01-12 05:40:25 +03:00
{
2006-08-31 12:22:13 +04:00
NTSTATUS status ;
struct lsa_OpenTrustedDomainByName open ;
struct lsa_QueryTrustedDomainInfo query ;
struct dcesrv_handle * h ;
open . in . handle = r - > in . handle ;
open . in . name = r - > in . trusted_domain ;
open . in . access_mask = SEC_FLAG_MAXIMUM_ALLOWED ;
open . out . trustdom_handle = talloc ( mem_ctx , struct policy_handle ) ;
if ( ! open . out . trustdom_handle ) {
return NT_STATUS_NO_MEMORY ;
}
2007-01-17 17:49:36 +03:00
status = dcesrv_lsa_OpenTrustedDomainByName ( dce_call , mem_ctx , & open ) ;
2006-08-31 12:22:13 +04:00
if ( ! NT_STATUS_IS_OK ( status ) ) {
return status ;
}
/* Ensure this handle goes away at the end of this call */
DCESRV_PULL_HANDLE ( h , open . out . trustdom_handle , DCESRV_HANDLE_ANY ) ;
talloc_steal ( mem_ctx , h ) ;
query . in . trustdom_handle = open . out . trustdom_handle ;
query . in . level = r - > in . level ;
2007-01-17 17:49:36 +03:00
status = dcesrv_lsa_QueryTrustedDomainInfo ( dce_call , mem_ctx , & query ) ;
2006-08-31 12:22:13 +04:00
if ( ! NT_STATUS_IS_OK ( status ) ) {
return status ;
}
r - > out . info = query . out . info ;
return NT_STATUS_OK ;
2005-01-12 05:40:25 +03:00
}
/*
2006-08-31 12:22:13 +04:00
lsa_CloseTrustedDomainEx
2005-01-12 05:40:25 +03:00
*/
2007-01-17 17:49:36 +03:00
static NTSTATUS dcesrv_lsa_CloseTrustedDomainEx ( struct dcesrv_call_state * dce_call ,
2005-01-12 05:40:25 +03:00
TALLOC_CTX * mem_ctx ,
struct lsa_CloseTrustedDomainEx * r )
2004-05-27 08:13:58 +04:00
{
2006-08-31 12:22:13 +04:00
/* The result of a bad hair day from an IDL programmer? Not
* implmented in Win2k3 . You should always just lsa_Close
* anyway . */
return NT_STATUS_NOT_IMPLEMENTED ;
2004-05-27 08:13:58 +04:00
}
2005-01-12 10:57:33 +03:00
/*
comparison function for sorting lsa_DomainInformation array
*/
2006-08-31 12:22:13 +04:00
static int compare_DomainInfo ( struct lsa_DomainInfo * e1 , struct lsa_DomainInfo * e2 )
2005-01-12 10:57:33 +03:00
{
2006-09-01 08:37:31 +04:00
return strcasecmp_m ( e1 - > name . string , e2 - > name . string ) ;
2005-01-12 10:57:33 +03:00
}
2004-05-27 08:13:58 +04:00
/*
lsa_EnumTrustDom
*/
2007-01-17 17:49:36 +03:00
static NTSTATUS dcesrv_lsa_EnumTrustDom ( struct dcesrv_call_state * dce_call , TALLOC_CTX * mem_ctx ,
2005-01-12 10:57:33 +03:00
struct lsa_EnumTrustDom * r )
2004-05-27 08:13:58 +04:00
{
2005-01-12 10:57:33 +03:00
struct dcesrv_handle * policy_handle ;
2006-08-31 12:22:13 +04:00
struct lsa_DomainInfo * entries ;
2005-01-12 10:57:33 +03:00
struct lsa_policy_state * policy_state ;
struct ldb_message * * domains ;
const char * attrs [ ] = {
" flatname " ,
" securityIdentifier " ,
NULL
} ;
int count , i ;
* r - > out . resume_handle = 0 ;
r - > out . domains - > domains = NULL ;
r - > out . domains - > count = 0 ;
DCESRV_PULL_HANDLE ( policy_handle , r - > in . handle , LSA_HANDLE_POLICY ) ;
policy_state = policy_handle - > data ;
/* search for all users in this domain. This could possibly be cached and
resumed based on resume_key */
2005-03-23 04:30:43 +03:00
count = gendb_search ( policy_state - > sam_ldb , mem_ctx , policy_state - > system_dn , & domains , attrs ,
2005-01-12 10:57:33 +03:00
" objectclass=trustedDomain " ) ;
if ( count = = - 1 ) {
return NT_STATUS_INTERNAL_DB_CORRUPTION ;
}
2006-08-31 12:22:13 +04:00
/* convert to lsa_TrustInformation format */
entries = talloc_array ( mem_ctx , struct lsa_DomainInfo , count ) ;
2005-01-12 10:57:33 +03:00
if ( ! entries ) {
return NT_STATUS_NO_MEMORY ;
}
for ( i = 0 ; i < count ; i + + ) {
entries [ i ] . sid = samdb_result_dom_sid ( mem_ctx , domains [ i ] , " securityIdentifier " ) ;
entries [ i ] . name . string = samdb_result_string ( domains [ i ] , " flatname " , NULL ) ;
}
/* sort the results by name */
2006-08-31 12:22:13 +04:00
qsort ( entries , count , sizeof ( * entries ) ,
( comparison_fn_t ) compare_DomainInfo ) ;
2005-01-12 10:57:33 +03:00
if ( * r - > in . resume_handle > = count ) {
* r - > out . resume_handle = - 1 ;
return NT_STATUS_NO_MORE_ENTRIES ;
}
/* return the rest, limit by max_size. Note that we
use the w2k3 element size value of 60 */
r - > out . domains - > count = count - * r - > in . resume_handle ;
r - > out . domains - > count = MIN ( r - > out . domains - > count ,
1 + ( r - > in . max_size / LSA_ENUM_TRUST_DOMAIN_MULTIPLIER ) ) ;
r - > out . domains - > domains = entries + * r - > in . resume_handle ;
r - > out . domains - > count = r - > out . domains - > count ;
if ( r - > out . domains - > count < count - * r - > in . resume_handle ) {
* r - > out . resume_handle = * r - > in . resume_handle + r - > out . domains - > count ;
return STATUS_MORE_ENTRIES ;
}
return NT_STATUS_OK ;
2004-05-27 08:13:58 +04:00
}
2006-08-31 12:22:13 +04:00
/*
comparison function for sorting lsa_DomainInformation array
*/
static int compare_TrustDomainInfoInfoEx ( struct lsa_TrustDomainInfoInfoEx * e1 , struct lsa_TrustDomainInfoInfoEx * e2 )
{
2006-09-01 08:37:31 +04:00
return strcasecmp_m ( e1 - > netbios_name . string , e2 - > netbios_name . string ) ;
2006-08-31 12:22:13 +04:00
}
/*
lsa_EnumTrustedDomainsEx
*/
2007-01-17 17:49:36 +03:00
static NTSTATUS dcesrv_lsa_EnumTrustedDomainsEx ( struct dcesrv_call_state * dce_call , TALLOC_CTX * mem_ctx ,
2006-08-31 12:22:13 +04:00
struct lsa_EnumTrustedDomainsEx * r )
{
struct dcesrv_handle * policy_handle ;
struct lsa_TrustDomainInfoInfoEx * entries ;
struct lsa_policy_state * policy_state ;
struct ldb_message * * domains ;
const char * attrs [ ] = {
" flatname " ,
" trustPartner " ,
" securityIdentifier " ,
" trustDirection " ,
" trustType " ,
" trustAttributes " ,
NULL
} ;
NTSTATUS nt_status ;
int count , i ;
* r - > out . resume_handle = 0 ;
r - > out . domains - > domains = NULL ;
r - > out . domains - > count = 0 ;
DCESRV_PULL_HANDLE ( policy_handle , r - > in . handle , LSA_HANDLE_POLICY ) ;
policy_state = policy_handle - > data ;
/* search for all users in this domain. This could possibly be cached and
resumed based on resume_key */
count = gendb_search ( policy_state - > sam_ldb , mem_ctx , policy_state - > system_dn , & domains , attrs ,
" objectclass=trustedDomain " ) ;
if ( count = = - 1 ) {
return NT_STATUS_INTERNAL_DB_CORRUPTION ;
}
/* convert to lsa_DomainInformation format */
entries = talloc_array ( mem_ctx , struct lsa_TrustDomainInfoInfoEx , count ) ;
if ( ! entries ) {
return NT_STATUS_NO_MEMORY ;
}
for ( i = 0 ; i < count ; i + + ) {
nt_status = fill_trust_domain_ex ( mem_ctx , domains [ i ] , & entries [ i ] ) ;
if ( ! NT_STATUS_IS_OK ( nt_status ) ) {
return nt_status ;
}
}
/* sort the results by name */
qsort ( entries , count , sizeof ( * entries ) ,
( comparison_fn_t ) compare_TrustDomainInfoInfoEx ) ;
if ( * r - > in . resume_handle > = count ) {
* r - > out . resume_handle = - 1 ;
return NT_STATUS_NO_MORE_ENTRIES ;
}
/* return the rest, limit by max_size. Note that we
use the w2k3 element size value of 60 */
r - > out . domains - > count = count - * r - > in . resume_handle ;
r - > out . domains - > count = MIN ( r - > out . domains - > count ,
1 + ( r - > in . max_size / LSA_ENUM_TRUST_DOMAIN_EX_MULTIPLIER ) ) ;
r - > out . domains - > domains = entries + * r - > in . resume_handle ;
r - > out . domains - > count = r - > out . domains - > count ;
if ( r - > out . domains - > count < count - * r - > in . resume_handle ) {
* r - > out . resume_handle = * r - > in . resume_handle + r - > out . domains - > count ;
return STATUS_MORE_ENTRIES ;
}
return NT_STATUS_OK ;
}
2004-05-27 08:13:58 +04:00
/*
lsa_OpenAccount
*/
2007-01-17 17:49:36 +03:00
static NTSTATUS dcesrv_lsa_OpenAccount ( struct dcesrv_call_state * dce_call , TALLOC_CTX * mem_ctx ,
2004-12-19 08:01:52 +03:00
struct lsa_OpenAccount * r )
2004-05-27 08:13:58 +04:00
{
2004-12-19 08:01:52 +03:00
struct dcesrv_handle * h , * ah ;
struct lsa_policy_state * state ;
struct lsa_account_state * astate ;
ZERO_STRUCTP ( r - > out . acct_handle ) ;
DCESRV_PULL_HANDLE ( h , r - > in . handle , LSA_HANDLE_POLICY ) ;
state = h - > data ;
2005-01-27 10:08:20 +03:00
astate = talloc ( dce_call - > conn , struct lsa_account_state ) ;
2004-12-19 08:01:52 +03:00
if ( astate = = NULL ) {
return NT_STATUS_NO_MEMORY ;
}
astate - > account_sid = dom_sid_dup ( astate , r - > in . sid ) ;
if ( astate - > account_sid = = NULL ) {
talloc_free ( astate ) ;
return NT_STATUS_NO_MEMORY ;
}
astate - > policy = talloc_reference ( astate , state ) ;
astate - > access_mask = r - > in . access_mask ;
2005-01-10 15:15:26 +03:00
ah = dcesrv_handle_new ( dce_call - > context , LSA_HANDLE_ACCOUNT ) ;
2004-12-19 08:01:52 +03:00
if ( ! ah ) {
talloc_free ( astate ) ;
return NT_STATUS_NO_MEMORY ;
}
2005-01-10 15:15:26 +03:00
ah - > data = talloc_steal ( ah , astate ) ;
2004-12-19 08:01:52 +03:00
* r - > out . acct_handle = ah - > wire_handle ;
return NT_STATUS_OK ;
2004-05-27 08:13:58 +04:00
}
/*
lsa_EnumPrivsAccount
*/
2007-01-17 17:49:36 +03:00
static NTSTATUS dcesrv_lsa_EnumPrivsAccount ( struct dcesrv_call_state * dce_call ,
2004-12-15 01:18:33 +03:00
TALLOC_CTX * mem_ctx ,
struct lsa_EnumPrivsAccount * r )
2004-05-27 08:13:58 +04:00
{
2004-12-19 09:41:27 +03:00
struct dcesrv_handle * h ;
struct lsa_account_state * astate ;
int ret , i ;
struct ldb_message * * res ;
const char * const attrs [ ] = { " privilege " , NULL } ;
struct ldb_message_element * el ;
2006-07-06 09:23:29 +04:00
const char * sidstr ;
2004-12-19 09:41:27 +03:00
DCESRV_PULL_HANDLE ( h , r - > in . handle , LSA_HANDLE_ACCOUNT ) ;
astate = h - > data ;
2005-01-27 10:08:20 +03:00
r - > out . privs = talloc ( mem_ctx , struct lsa_PrivilegeSet ) ;
2004-12-19 09:41:27 +03:00
r - > out . privs - > count = 0 ;
r - > out . privs - > unknown = 0 ;
r - > out . privs - > set = NULL ;
2006-07-06 09:23:29 +04:00
sidstr = ldap_encode_ndr_dom_sid ( mem_ctx , astate - > account_sid ) ;
if ( sidstr = = NULL ) {
return NT_STATUS_NO_MEMORY ;
}
2006-08-25 11:08:06 +04:00
ret = gendb_search ( astate - > policy - > sam_ldb , mem_ctx , NULL , & res , attrs ,
2006-07-06 09:23:29 +04:00
" objectSid=%s " , sidstr ) ;
2004-12-19 09:41:27 +03:00
if ( ret ! = 1 ) {
return NT_STATUS_OK ;
}
el = ldb_msg_find_element ( res [ 0 ] , " privilege " ) ;
if ( el = = NULL | | el - > num_values = = 0 ) {
return NT_STATUS_OK ;
}
2005-01-27 10:08:20 +03:00
r - > out . privs - > set = talloc_array ( r - > out . privs ,
2006-07-06 09:23:29 +04:00
struct lsa_LUIDAttribute , el - > num_values ) ;
2004-12-19 09:41:27 +03:00
if ( r - > out . privs - > set = = NULL ) {
return NT_STATUS_NO_MEMORY ;
}
for ( i = 0 ; i < el - > num_values ; i + + ) {
2005-07-13 19:18:20 +04:00
int id = sec_privilege_id ( ( const char * ) el - > values [ i ] . data ) ;
2004-12-19 09:41:27 +03:00
if ( id = = - 1 ) {
return NT_STATUS_INTERNAL_DB_CORRUPTION ;
}
r - > out . privs - > set [ i ] . attribute = 0 ;
r - > out . privs - > set [ i ] . luid . low = id ;
r - > out . privs - > set [ i ] . luid . high = 0 ;
}
r - > out . privs - > count = el - > num_values ;
return NT_STATUS_OK ;
2004-05-27 08:13:58 +04:00
}
2004-12-19 14:34:19 +03:00
/*
lsa_EnumAccountRights
*/
2007-01-17 17:49:36 +03:00
static NTSTATUS dcesrv_lsa_EnumAccountRights ( struct dcesrv_call_state * dce_call ,
2004-12-19 14:34:19 +03:00
TALLOC_CTX * mem_ctx ,
struct lsa_EnumAccountRights * r )
{
struct dcesrv_handle * h ;
struct lsa_policy_state * state ;
int ret , i ;
struct ldb_message * * res ;
const char * const attrs [ ] = { " privilege " , NULL } ;
const char * sidstr ;
struct ldb_message_element * el ;
DCESRV_PULL_HANDLE ( h , r - > in . handle , LSA_HANDLE_POLICY ) ;
state = h - > data ;
2005-06-24 04:18:20 +04:00
sidstr = ldap_encode_ndr_dom_sid ( mem_ctx , r - > in . sid ) ;
2004-12-19 14:34:19 +03:00
if ( sidstr = = NULL ) {
return NT_STATUS_NO_MEMORY ;
}
2006-08-25 11:08:06 +04:00
ret = gendb_search ( state - > sam_ldb , mem_ctx , NULL , & res , attrs ,
2006-07-06 09:23:29 +04:00
" (&(objectSid=%s)(privilege=*)) " , sidstr ) ;
if ( ret = = 0 ) {
2004-12-19 14:34:19 +03:00
return NT_STATUS_OBJECT_NAME_NOT_FOUND ;
}
2006-07-06 09:23:29 +04:00
if ( ret > 1 ) {
return NT_STATUS_INTERNAL_DB_CORRUPTION ;
}
if ( ret = = - 1 ) {
DEBUG ( 3 , ( " searching for account rights for SID: %s failed: %s " ,
dom_sid_string ( mem_ctx , r - > in . sid ) ,
ldb_errstring ( state - > sam_ldb ) ) ) ;
return NT_STATUS_INTERNAL_DB_CORRUPTION ;
}
2004-12-19 14:34:19 +03:00
el = ldb_msg_find_element ( res [ 0 ] , " privilege " ) ;
if ( el = = NULL | | el - > num_values = = 0 ) {
return NT_STATUS_OBJECT_NAME_NOT_FOUND ;
}
r - > out . rights - > count = el - > num_values ;
2005-01-27 10:08:20 +03:00
r - > out . rights - > names = talloc_array ( r - > out . rights ,
2006-01-09 18:50:08 +03:00
struct lsa_StringLarge , r - > out . rights - > count ) ;
2004-12-19 14:34:19 +03:00
if ( r - > out . rights - > names = = NULL ) {
return NT_STATUS_NO_MEMORY ;
}
for ( i = 0 ; i < el - > num_values ; i + + ) {
2005-07-13 19:18:20 +04:00
r - > out . rights - > names [ i ] . string = ( const char * ) el - > values [ i ] . data ;
2004-12-19 14:34:19 +03:00
}
return NT_STATUS_OK ;
}
2004-05-27 08:13:58 +04:00
2004-12-19 10:50:19 +03:00
/*
helper for lsa_AddAccountRights and lsa_RemoveAccountRights
*/
2007-01-17 17:49:36 +03:00
static NTSTATUS dcesrv_lsa_AddRemoveAccountRights ( struct dcesrv_call_state * dce_call ,
2004-12-19 10:50:19 +03:00
TALLOC_CTX * mem_ctx ,
struct lsa_policy_state * state ,
int ldb_flag ,
2004-12-19 14:34:19 +03:00
struct dom_sid * sid ,
2004-12-19 10:50:19 +03:00
const struct lsa_RightSet * rights )
{
const char * sidstr ;
2005-01-12 05:40:25 +03:00
struct ldb_message * msg ;
2006-07-06 09:23:29 +04:00
struct ldb_message_element * el ;
2004-12-19 10:50:19 +03:00
int i , ret ;
2004-12-19 14:34:19 +03:00
struct lsa_EnumAccountRights r2 ;
2004-12-19 10:50:19 +03:00
2005-06-24 04:18:20 +04:00
sidstr = ldap_encode_ndr_dom_sid ( mem_ctx , sid ) ;
2004-12-19 10:50:19 +03:00
if ( sidstr = = NULL ) {
return NT_STATUS_NO_MEMORY ;
}
2005-01-12 05:40:25 +03:00
msg = ldb_msg_new ( mem_ctx ) ;
if ( msg = = NULL ) {
return NT_STATUS_NO_MEMORY ;
}
2006-07-06 09:23:29 +04:00
msg - > dn = samdb_search_dn ( state - > sam_ldb , mem_ctx ,
2006-08-25 11:08:06 +04:00
NULL , " objectSid=%s " , sidstr ) ;
2005-01-12 05:40:25 +03:00
if ( msg - > dn = = NULL ) {
2006-07-06 09:23:29 +04:00
NTSTATUS status ;
if ( ldb_flag = = LDB_FLAG_MOD_DELETE ) {
return NT_STATUS_OBJECT_NAME_NOT_FOUND ;
}
status = samdb_create_foreign_security_principal ( state - > sam_ldb , mem_ctx ,
sid , & msg - > dn ) ;
if ( ! NT_STATUS_IS_OK ( status ) ) {
return status ;
}
2005-09-02 03:26:50 +04:00
return NT_STATUS_NO_SUCH_USER ;
2004-12-19 10:50:19 +03:00
}
2005-01-12 05:40:25 +03:00
2006-10-25 05:42:59 +04:00
if ( ldb_msg_add_empty ( msg , " privilege " , ldb_flag , NULL ) ) {
2004-12-19 10:50:19 +03:00
return NT_STATUS_NO_MEMORY ;
}
2004-12-19 14:34:19 +03:00
if ( ldb_flag = = LDB_FLAG_MOD_ADD ) {
NTSTATUS status ;
r2 . in . handle = & state - > handle - > wire_handle ;
r2 . in . sid = sid ;
2005-01-27 10:08:20 +03:00
r2 . out . rights = talloc ( mem_ctx , struct lsa_RightSet ) ;
2004-12-19 14:34:19 +03:00
2007-01-17 17:49:36 +03:00
status = dcesrv_lsa_EnumAccountRights ( dce_call , mem_ctx , & r2 ) ;
2004-12-19 14:34:19 +03:00
if ( ! NT_STATUS_IS_OK ( status ) ) {
ZERO_STRUCTP ( r2 . out . rights ) ;
}
}
for ( i = 0 ; i < rights - > count ; i + + ) {
2004-12-19 10:50:19 +03:00
if ( sec_privilege_id ( rights - > names [ i ] . string ) = = - 1 ) {
return NT_STATUS_NO_SUCH_PRIVILEGE ;
}
2004-12-19 14:34:19 +03:00
if ( ldb_flag = = LDB_FLAG_MOD_ADD ) {
int j ;
for ( j = 0 ; j < r2 . out . rights - > count ; j + + ) {
2005-08-30 15:55:05 +04:00
if ( strcasecmp_m ( r2 . out . rights - > names [ j ] . string ,
2004-12-19 14:34:19 +03:00
rights - > names [ i ] . string ) = = 0 ) {
break ;
}
}
if ( j ! = r2 . out . rights - > count ) continue ;
}
2006-07-06 09:23:29 +04:00
ret = ldb_msg_add_string ( msg , " privilege " , rights - > names [ i ] . string ) ;
if ( ret ! = LDB_SUCCESS ) {
2004-12-19 10:50:19 +03:00
return NT_STATUS_NO_MEMORY ;
}
2004-12-19 14:34:19 +03:00
}
2006-07-06 09:23:29 +04:00
el = ldb_msg_find_element ( msg , " privilege " ) ;
if ( ! el ) {
2004-12-19 14:34:19 +03:00
return NT_STATUS_OK ;
2004-12-19 10:50:19 +03:00
}
2007-11-27 03:25:11 +03:00
ret = ldb_modify ( state - > sam_ldb , msg ) ;
2004-12-19 10:50:19 +03:00
if ( ret ! = 0 ) {
2006-07-06 09:23:29 +04:00
if ( ldb_flag = = LDB_FLAG_MOD_DELETE & & ret = = LDB_ERR_NO_SUCH_ATTRIBUTE ) {
2004-12-19 10:50:19 +03:00
return NT_STATUS_OBJECT_NAME_NOT_FOUND ;
}
2006-07-06 09:23:29 +04:00
DEBUG ( 3 , ( " Could not %s attributes from %s: %s " ,
ldb_flag = = LDB_FLAG_MOD_DELETE ? " delete " : " add " ,
2006-11-22 05:05:19 +03:00
ldb_dn_get_linearized ( msg - > dn ) , ldb_errstring ( state - > sam_ldb ) ) ) ;
2004-12-19 10:50:19 +03:00
return NT_STATUS_UNEXPECTED_IO_ERROR ;
}
return NT_STATUS_OK ;
}
2004-05-27 08:13:58 +04:00
/*
2004-08-14 05:11:34 +04:00
lsa_AddPrivilegesToAccount
2004-05-27 08:13:58 +04:00
*/
2007-01-17 17:49:36 +03:00
static NTSTATUS dcesrv_lsa_AddPrivilegesToAccount ( struct dcesrv_call_state * dce_call , TALLOC_CTX * mem_ctx ,
2004-12-19 10:50:19 +03:00
struct lsa_AddPrivilegesToAccount * r )
2004-05-27 08:13:58 +04:00
{
2004-12-19 10:50:19 +03:00
struct lsa_RightSet rights ;
struct dcesrv_handle * h ;
struct lsa_account_state * astate ;
int i ;
DCESRV_PULL_HANDLE ( h , r - > in . handle , LSA_HANDLE_ACCOUNT ) ;
astate = h - > data ;
rights . count = r - > in . privs - > count ;
2006-01-09 18:50:08 +03:00
rights . names = talloc_array ( mem_ctx , struct lsa_StringLarge , rights . count ) ;
2004-12-19 10:50:19 +03:00
if ( rights . names = = NULL ) {
return NT_STATUS_NO_MEMORY ;
}
for ( i = 0 ; i < rights . count ; i + + ) {
int id = r - > in . privs - > set [ i ] . luid . low ;
if ( r - > in . privs - > set [ i ] . luid . high ) {
return NT_STATUS_NO_SUCH_PRIVILEGE ;
}
rights . names [ i ] . string = sec_privilege_name ( id ) ;
if ( rights . names [ i ] . string = = NULL ) {
return NT_STATUS_NO_SUCH_PRIVILEGE ;
}
}
2007-01-17 17:49:36 +03:00
return dcesrv_lsa_AddRemoveAccountRights ( dce_call , mem_ctx , astate - > policy ,
2004-12-19 10:50:19 +03:00
LDB_FLAG_MOD_ADD , astate - > account_sid ,
& rights ) ;
2004-05-27 08:13:58 +04:00
}
/*
2004-08-14 05:11:34 +04:00
lsa_RemovePrivilegesFromAccount
2004-05-27 08:13:58 +04:00
*/
2007-01-17 17:49:36 +03:00
static NTSTATUS dcesrv_lsa_RemovePrivilegesFromAccount ( struct dcesrv_call_state * dce_call , TALLOC_CTX * mem_ctx ,
2004-12-19 10:50:19 +03:00
struct lsa_RemovePrivilegesFromAccount * r )
2004-05-27 08:13:58 +04:00
{
2004-12-19 10:50:19 +03:00
struct lsa_RightSet * rights ;
struct dcesrv_handle * h ;
struct lsa_account_state * astate ;
int i ;
DCESRV_PULL_HANDLE ( h , r - > in . handle , LSA_HANDLE_ACCOUNT ) ;
astate = h - > data ;
2005-01-27 10:08:20 +03:00
rights = talloc ( mem_ctx , struct lsa_RightSet ) ;
2004-12-19 10:50:19 +03:00
if ( r - > in . remove_all = = 1 & &
r - > in . privs = = NULL ) {
struct lsa_EnumAccountRights r2 ;
NTSTATUS status ;
r2 . in . handle = & astate - > policy - > handle - > wire_handle ;
r2 . in . sid = astate - > account_sid ;
r2 . out . rights = rights ;
2007-01-17 17:49:36 +03:00
status = dcesrv_lsa_EnumAccountRights ( dce_call , mem_ctx , & r2 ) ;
2004-12-19 10:50:19 +03:00
if ( ! NT_STATUS_IS_OK ( status ) ) {
return status ;
}
2007-01-17 17:49:36 +03:00
return dcesrv_lsa_AddRemoveAccountRights ( dce_call , mem_ctx , astate - > policy ,
2004-12-19 10:50:19 +03:00
LDB_FLAG_MOD_DELETE , astate - > account_sid ,
r2 . out . rights ) ;
}
if ( r - > in . remove_all ! = 0 ) {
return NT_STATUS_INVALID_PARAMETER ;
}
rights - > count = r - > in . privs - > count ;
2006-01-09 18:50:08 +03:00
rights - > names = talloc_array ( mem_ctx , struct lsa_StringLarge , rights - > count ) ;
2004-12-19 10:50:19 +03:00
if ( rights - > names = = NULL ) {
return NT_STATUS_NO_MEMORY ;
}
for ( i = 0 ; i < rights - > count ; i + + ) {
int id = r - > in . privs - > set [ i ] . luid . low ;
if ( r - > in . privs - > set [ i ] . luid . high ) {
return NT_STATUS_NO_SUCH_PRIVILEGE ;
}
rights - > names [ i ] . string = sec_privilege_name ( id ) ;
if ( rights - > names [ i ] . string = = NULL ) {
return NT_STATUS_NO_SUCH_PRIVILEGE ;
}
}
2007-01-17 17:49:36 +03:00
return dcesrv_lsa_AddRemoveAccountRights ( dce_call , mem_ctx , astate - > policy ,
2004-12-19 10:50:19 +03:00
LDB_FLAG_MOD_DELETE , astate - > account_sid ,
rights ) ;
2004-05-27 08:13:58 +04:00
}
/*
2004-08-14 05:11:34 +04:00
lsa_GetQuotasForAccount
2004-05-27 08:13:58 +04:00
*/
2007-01-17 17:49:36 +03:00
static NTSTATUS dcesrv_lsa_GetQuotasForAccount ( struct dcesrv_call_state * dce_call , TALLOC_CTX * mem_ctx ,
2004-08-14 05:11:34 +04:00
struct lsa_GetQuotasForAccount * r )
2004-05-27 08:13:58 +04:00
{
DCESRV_FAULT ( DCERPC_FAULT_OP_RNG_ERROR ) ;
}
/*
2004-08-14 05:11:34 +04:00
lsa_SetQuotasForAccount
2004-05-27 08:13:58 +04:00
*/
2007-01-17 17:49:36 +03:00
static NTSTATUS dcesrv_lsa_SetQuotasForAccount ( struct dcesrv_call_state * dce_call , TALLOC_CTX * mem_ctx ,
2004-08-14 05:11:34 +04:00
struct lsa_SetQuotasForAccount * r )
2004-05-27 08:13:58 +04:00
{
DCESRV_FAULT ( DCERPC_FAULT_OP_RNG_ERROR ) ;
}
/*
2004-08-14 05:11:34 +04:00
lsa_GetSystemAccessAccount
2004-05-27 08:13:58 +04:00
*/
2007-01-17 17:49:36 +03:00
static NTSTATUS dcesrv_lsa_GetSystemAccessAccount ( struct dcesrv_call_state * dce_call , TALLOC_CTX * mem_ctx ,
2004-08-14 05:11:34 +04:00
struct lsa_GetSystemAccessAccount * r )
2004-05-27 08:13:58 +04:00
{
DCESRV_FAULT ( DCERPC_FAULT_OP_RNG_ERROR ) ;
}
/*
2004-08-14 05:11:34 +04:00
lsa_SetSystemAccessAccount
2004-05-27 08:13:58 +04:00
*/
2007-01-17 17:49:36 +03:00
static NTSTATUS dcesrv_lsa_SetSystemAccessAccount ( struct dcesrv_call_state * dce_call , TALLOC_CTX * mem_ctx ,
2004-08-14 05:11:34 +04:00
struct lsa_SetSystemAccessAccount * r )
2004-05-27 08:13:58 +04:00
{
DCESRV_FAULT ( DCERPC_FAULT_OP_RNG_ERROR ) ;
}
2005-01-11 17:04:58 +03:00
/*
lsa_CreateSecret
*/
2007-01-17 17:49:36 +03:00
static NTSTATUS dcesrv_lsa_CreateSecret ( struct dcesrv_call_state * dce_call , TALLOC_CTX * mem_ctx ,
2005-01-11 17:04:58 +03:00
struct lsa_CreateSecret * r )
{
struct dcesrv_handle * policy_handle ;
struct lsa_policy_state * policy_state ;
struct lsa_secret_state * secret_state ;
struct dcesrv_handle * handle ;
struct ldb_message * * msgs , * msg ;
2006-08-24 14:41:31 +04:00
const char * errstr ;
2005-01-11 17:04:58 +03:00
const char * attrs [ ] = {
NULL
} ;
const char * name ;
int ret ;
DCESRV_PULL_HANDLE ( policy_handle , r - > in . handle , LSA_HANDLE_POLICY ) ;
ZERO_STRUCTP ( r - > out . sec_handle ) ;
2008-03-20 04:12:10 +03:00
switch ( security_session_user_level ( dce_call - > conn - > auth_state . session_info ) )
{
case SECURITY_SYSTEM :
case SECURITY_ADMINISTRATOR :
break ;
default :
/* Users and annonymous are not allowed create secrets */
return NT_STATUS_ACCESS_DENIED ;
}
2005-01-11 17:04:58 +03:00
policy_state = policy_handle - > data ;
if ( ! r - > in . name . string ) {
return NT_STATUS_INVALID_PARAMETER ;
}
secret_state = talloc ( mem_ctx , struct lsa_secret_state ) ;
if ( ! secret_state ) {
return NT_STATUS_NO_MEMORY ;
}
2005-01-12 05:40:25 +03:00
secret_state - > policy = policy_state ;
2005-01-11 17:04:58 +03:00
msg = ldb_msg_new ( mem_ctx ) ;
if ( msg = = NULL ) {
return NT_STATUS_NO_MEMORY ;
}
if ( strncmp ( " G$ " , r - > in . name . string , 2 ) = = 0 ) {
const char * name2 ;
name = & r - > in . name . string [ 2 ] ;
2005-02-27 14:35:47 +03:00
secret_state - > sam_ldb = talloc_reference ( secret_state , policy_state - > sam_ldb ) ;
2007-10-07 02:25:41 +04:00
secret_state - > global = true ;
2005-01-11 17:04:58 +03:00
if ( strlen ( name ) < 1 ) {
return NT_STATUS_INVALID_PARAMETER ;
}
2005-12-19 10:07:11 +03:00
name2 = talloc_asprintf ( mem_ctx , " %s Secret " , ldb_binary_encode_string ( mem_ctx , name ) ) ;
2005-01-11 17:04:58 +03:00
/* search for the secret record */
2005-03-23 04:30:43 +03:00
ret = gendb_search ( secret_state - > sam_ldb ,
2005-01-11 17:04:58 +03:00
mem_ctx , policy_state - > system_dn , & msgs , attrs ,
" (&(cn=%s)(objectclass=secret)) " ,
name2 ) ;
if ( ret > 0 ) {
return NT_STATUS_OBJECT_NAME_COLLISION ;
}
2006-07-06 09:23:29 +04:00
if ( ret = = - 1 ) {
DEBUG ( 0 , ( " Failure searching for CN=%s: %s \n " ,
name2 , ldb_errstring ( secret_state - > sam_ldb ) ) ) ;
2005-01-11 17:04:58 +03:00
return NT_STATUS_INTERNAL_DB_CORRUPTION ;
}
2006-11-22 03:59:34 +03:00
msg - > dn = ldb_dn_copy ( mem_ctx , policy_state - > system_dn ) ;
if ( ! name2 | | ! ldb_dn_add_child_fmt ( msg - > dn , " cn=%s " , name2 ) ) {
2005-01-11 17:04:58 +03:00
return NT_STATUS_NO_MEMORY ;
}
2005-02-27 14:35:47 +03:00
samdb_msg_add_string ( secret_state - > sam_ldb , mem_ctx , msg , " cn " , name2 ) ;
2005-01-11 17:04:58 +03:00
} else {
2007-10-07 02:25:41 +04:00
secret_state - > global = false ;
2005-01-12 01:16:14 +03:00
2005-01-11 17:04:58 +03:00
name = r - > in . name . string ;
if ( strlen ( name ) < 1 ) {
return NT_STATUS_INVALID_PARAMETER ;
}
2007-12-04 22:05:00 +03:00
secret_state - > sam_ldb = talloc_reference ( secret_state ,
2008-06-14 19:24:17 +04:00
secrets_db_connect ( mem_ctx , dce_call - > event_ctx , dce_call - > conn - > dce_ctx - > lp_ctx ) ) ;
2005-01-11 17:04:58 +03:00
/* search for the secret record */
2005-08-18 19:02:01 +04:00
ret = gendb_search ( secret_state - > sam_ldb , mem_ctx ,
2006-11-22 03:59:34 +03:00
ldb_dn_new ( mem_ctx , secret_state - > sam_ldb , " cn=LSA Secrets " ) ,
2005-08-18 19:02:01 +04:00
& msgs , attrs ,
2005-12-19 10:07:11 +03:00
" (&(cn=%s)(objectclass=secret)) " ,
ldb_binary_encode_string ( mem_ctx , name ) ) ;
2005-01-11 17:04:58 +03:00
if ( ret > 0 ) {
return NT_STATUS_OBJECT_NAME_COLLISION ;
}
2006-07-06 09:23:29 +04:00
if ( ret = = - 1 ) {
DEBUG ( 0 , ( " Failure searching for CN=%s: %s \n " ,
name , ldb_errstring ( secret_state - > sam_ldb ) ) ) ;
2005-01-11 17:04:58 +03:00
return NT_STATUS_INTERNAL_DB_CORRUPTION ;
}
2006-11-22 03:59:34 +03:00
msg - > dn = ldb_dn_new_fmt ( mem_ctx , secret_state - > sam_ldb , " cn=%s,cn=LSA Secrets " , name ) ;
2005-02-27 14:35:47 +03:00
samdb_msg_add_string ( secret_state - > sam_ldb , mem_ctx , msg , " cn " , name ) ;
2005-01-11 17:04:58 +03:00
}
2005-01-12 05:40:25 +03:00
/* pull in all the template attributes. Note this is always from the global samdb */
2006-07-06 09:23:29 +04:00
ret = samdb_copy_template ( secret_state - > policy - > sam_ldb , msg ,
2007-09-03 11:56:29 +04:00
" secret " , & errstr ) ;
2005-01-12 05:40:25 +03:00
if ( ret ! = 0 ) {
2006-08-14 06:50:18 +04:00
DEBUG ( 0 , ( " Failed to load TemplateSecret from samdb: %s \n " ,
errstr ) ) ;
2005-01-12 05:40:25 +03:00
return NT_STATUS_INTERNAL_DB_CORRUPTION ;
}
2005-02-27 14:35:47 +03:00
samdb_msg_add_string ( secret_state - > sam_ldb , mem_ctx , msg , " objectClass " , " secret " ) ;
2005-01-11 17:04:58 +03:00
secret_state - > secret_dn = talloc_reference ( secret_state , msg - > dn ) ;
/* create the secret */
2007-11-27 03:25:11 +03:00
ret = ldb_add ( secret_state - > sam_ldb , msg ) ;
2005-01-11 17:04:58 +03:00
if ( ret ! = 0 ) {
2006-07-06 09:23:29 +04:00
DEBUG ( 0 , ( " Failed to create secret record %s: %s \n " ,
2006-11-22 05:05:19 +03:00
ldb_dn_get_linearized ( msg - > dn ) ,
2006-07-06 09:23:29 +04:00
ldb_errstring ( secret_state - > sam_ldb ) ) ) ;
2007-09-07 11:31:26 +04:00
return NT_STATUS_ACCESS_DENIED ;
2005-01-11 17:04:58 +03:00
}
handle = dcesrv_handle_new ( dce_call - > context , LSA_HANDLE_SECRET ) ;
if ( ! handle ) {
return NT_STATUS_NO_MEMORY ;
}
handle - > data = talloc_steal ( handle , secret_state ) ;
secret_state - > access_mask = r - > in . access_mask ;
secret_state - > policy = talloc_reference ( secret_state , policy_state ) ;
* r - > out . sec_handle = handle - > wire_handle ;
return NT_STATUS_OK ;
}
2004-05-27 08:13:58 +04:00
/*
lsa_OpenSecret
*/
2007-01-17 17:49:36 +03:00
static NTSTATUS dcesrv_lsa_OpenSecret ( struct dcesrv_call_state * dce_call , TALLOC_CTX * mem_ctx ,
2005-01-11 17:04:58 +03:00
struct lsa_OpenSecret * r )
2004-05-27 08:13:58 +04:00
{
2005-01-11 17:04:58 +03:00
struct dcesrv_handle * policy_handle ;
struct lsa_policy_state * policy_state ;
struct lsa_secret_state * secret_state ;
struct dcesrv_handle * handle ;
struct ldb_message * * msgs ;
const char * attrs [ ] = {
NULL
} ;
const char * name ;
int ret ;
DCESRV_PULL_HANDLE ( policy_handle , r - > in . handle , LSA_HANDLE_POLICY ) ;
ZERO_STRUCTP ( r - > out . sec_handle ) ;
policy_state = policy_handle - > data ;
if ( ! r - > in . name . string ) {
return NT_STATUS_INVALID_PARAMETER ;
}
2008-03-20 04:12:10 +03:00
switch ( security_session_user_level ( dce_call - > conn - > auth_state . session_info ) )
{
case SECURITY_SYSTEM :
case SECURITY_ADMINISTRATOR :
break ;
default :
/* Users and annonymous are not allowed to access secrets */
return NT_STATUS_ACCESS_DENIED ;
}
2005-01-11 17:04:58 +03:00
secret_state = talloc ( mem_ctx , struct lsa_secret_state ) ;
if ( ! secret_state ) {
return NT_STATUS_NO_MEMORY ;
}
2005-01-12 05:40:25 +03:00
secret_state - > policy = policy_state ;
2005-01-11 17:04:58 +03:00
if ( strncmp ( " G$ " , r - > in . name . string , 2 ) = = 0 ) {
name = & r - > in . name . string [ 2 ] ;
2005-02-27 14:35:47 +03:00
secret_state - > sam_ldb = talloc_reference ( secret_state , policy_state - > sam_ldb ) ;
2007-10-07 02:25:41 +04:00
secret_state - > global = true ;
2005-01-11 17:04:58 +03:00
if ( strlen ( name ) < 1 ) {
return NT_STATUS_INVALID_PARAMETER ;
}
/* search for the secret record */
2005-03-23 04:30:43 +03:00
ret = gendb_search ( secret_state - > sam_ldb ,
2005-01-11 17:04:58 +03:00
mem_ctx , policy_state - > system_dn , & msgs , attrs ,
" (&(cn=%s Secret)(objectclass=secret)) " ,
2005-12-19 10:07:11 +03:00
ldb_binary_encode_string ( mem_ctx , name ) ) ;
2005-01-11 17:04:58 +03:00
if ( ret = = 0 ) {
return NT_STATUS_OBJECT_NAME_NOT_FOUND ;
}
if ( ret ! = 1 ) {
2005-08-18 19:02:01 +04:00
DEBUG ( 0 , ( " Found %d records matching DN %s \n " , ret ,
2006-11-22 05:05:19 +03:00
ldb_dn_get_linearized ( policy_state - > system_dn ) ) ) ;
2005-01-11 17:04:58 +03:00
return NT_STATUS_INTERNAL_DB_CORRUPTION ;
}
} else {
2008-03-20 04:12:10 +03:00
secret_state - > global = false ;
2007-11-29 18:01:16 +03:00
secret_state - > sam_ldb = talloc_reference ( secret_state ,
2008-06-14 19:24:17 +04:00
secrets_db_connect ( mem_ctx , dce_call - > event_ctx , dce_call - > conn - > dce_ctx - > lp_ctx ) ) ;
2005-01-12 01:16:14 +03:00
2005-01-11 17:04:58 +03:00
name = r - > in . name . string ;
if ( strlen ( name ) < 1 ) {
return NT_STATUS_INVALID_PARAMETER ;
}
/* search for the secret record */
2005-08-18 19:02:01 +04:00
ret = gendb_search ( secret_state - > sam_ldb , mem_ctx ,
2006-11-22 03:59:34 +03:00
ldb_dn_new ( mem_ctx , secret_state - > sam_ldb , " cn=LSA Secrets " ) ,
2005-08-18 19:02:01 +04:00
& msgs , attrs ,
2005-12-19 10:07:11 +03:00
" (&(cn=%s)(objectclass=secret)) " ,
ldb_binary_encode_string ( mem_ctx , name ) ) ;
2005-01-11 17:04:58 +03:00
if ( ret = = 0 ) {
return NT_STATUS_OBJECT_NAME_NOT_FOUND ;
}
if ( ret ! = 1 ) {
2007-09-07 11:31:26 +04:00
DEBUG ( 0 , ( " Found %d records matching CN=%s \n " ,
ret , ldb_binary_encode_string ( mem_ctx , name ) ) ) ;
2005-01-11 17:04:58 +03:00
return NT_STATUS_INTERNAL_DB_CORRUPTION ;
}
}
secret_state - > secret_dn = talloc_reference ( secret_state , msgs [ 0 ] - > dn ) ;
handle = dcesrv_handle_new ( dce_call - > context , LSA_HANDLE_SECRET ) ;
if ( ! handle ) {
return NT_STATUS_NO_MEMORY ;
}
handle - > data = talloc_steal ( handle , secret_state ) ;
secret_state - > access_mask = r - > in . access_mask ;
secret_state - > policy = talloc_reference ( secret_state , policy_state ) ;
* r - > out . sec_handle = handle - > wire_handle ;
return NT_STATUS_OK ;
2004-05-27 08:13:58 +04:00
}
/*
lsa_SetSecret
*/
2007-01-17 17:49:36 +03:00
static NTSTATUS dcesrv_lsa_SetSecret ( struct dcesrv_call_state * dce_call , TALLOC_CTX * mem_ctx ,
2005-01-11 17:04:58 +03:00
struct lsa_SetSecret * r )
2004-05-27 08:13:58 +04:00
{
2005-01-11 17:04:58 +03:00
struct dcesrv_handle * h ;
struct lsa_secret_state * secret_state ;
struct ldb_message * msg ;
DATA_BLOB session_key ;
DATA_BLOB crypt_secret , secret ;
struct ldb_val val ;
int ret ;
NTSTATUS status = NT_STATUS_OK ;
struct timeval now = timeval_current ( ) ;
NTTIME nt_now = timeval_to_nttime ( & now ) ;
DCESRV_PULL_HANDLE ( h , r - > in . sec_handle , LSA_HANDLE_SECRET ) ;
secret_state = h - > data ;
msg = ldb_msg_new ( mem_ctx ) ;
if ( msg = = NULL ) {
return NT_STATUS_NO_MEMORY ;
}
msg - > dn = talloc_reference ( mem_ctx , secret_state - > secret_dn ) ;
if ( ! msg - > dn ) {
return NT_STATUS_NO_MEMORY ;
}
status = dcesrv_fetch_session_key ( dce_call - > conn , & session_key ) ;
if ( ! NT_STATUS_IS_OK ( status ) ) {
return status ;
}
if ( r - > in . old_val ) {
/* Decrypt */
crypt_secret . data = r - > in . old_val - > data ;
crypt_secret . length = r - > in . old_val - > size ;
status = sess_decrypt_blob ( mem_ctx , & crypt_secret , & session_key , & secret ) ;
if ( ! NT_STATUS_IS_OK ( status ) ) {
return status ;
}
val . data = secret . data ;
val . length = secret . length ;
/* set value */
2005-02-27 14:35:47 +03:00
if ( samdb_msg_add_value ( secret_state - > sam_ldb ,
2006-09-11 10:29:58 +04:00
mem_ctx , msg , " priorValue " , & val ) ! = 0 ) {
2005-01-11 17:04:58 +03:00
return NT_STATUS_NO_MEMORY ;
}
/* set old value mtime */
2005-02-27 14:35:47 +03:00
if ( samdb_msg_add_uint64 ( secret_state - > sam_ldb ,
2005-01-11 17:04:58 +03:00
mem_ctx , msg , " priorSetTime " , nt_now ) ! = 0 ) {
return NT_STATUS_NO_MEMORY ;
}
2005-01-12 01:16:14 +03:00
if ( ! r - > in . new_val ) {
2008-08-26 04:33:41 +04:00
/* set old value mtime */
if ( samdb_msg_add_uint64 ( secret_state - > sam_ldb ,
mem_ctx , msg , " lastSetTime " , nt_now ) ! = 0 ) {
return NT_STATUS_NO_MEMORY ;
}
if ( samdb_msg_add_delete ( secret_state - > sam_ldb ,
mem_ctx , msg , " currentValue " ) ) {
return NT_STATUS_NO_MEMORY ;
2005-01-12 01:16:14 +03:00
}
}
2005-01-11 17:04:58 +03:00
}
if ( r - > in . new_val ) {
/* Decrypt */
crypt_secret . data = r - > in . new_val - > data ;
crypt_secret . length = r - > in . new_val - > size ;
status = sess_decrypt_blob ( mem_ctx , & crypt_secret , & session_key , & secret ) ;
if ( ! NT_STATUS_IS_OK ( status ) ) {
return status ;
}
val . data = secret . data ;
val . length = secret . length ;
/* set value */
2005-02-27 14:35:47 +03:00
if ( samdb_msg_add_value ( secret_state - > sam_ldb ,
2006-09-11 10:29:58 +04:00
mem_ctx , msg , " currentValue " , & val ) ! = 0 ) {
2005-01-11 17:04:58 +03:00
return NT_STATUS_NO_MEMORY ;
}
/* set new value mtime */
2005-02-27 14:35:47 +03:00
if ( samdb_msg_add_uint64 ( secret_state - > sam_ldb ,
2005-01-11 17:04:58 +03:00
mem_ctx , msg , " lastSetTime " , nt_now ) ! = 0 ) {
return NT_STATUS_NO_MEMORY ;
}
/* If the old value is not set, then migrate the
* current value to the old value */
if ( ! r - > in . old_val ) {
const struct ldb_val * new_val ;
NTTIME last_set_time ;
struct ldb_message * * res ;
const char * attrs [ ] = {
2006-09-11 10:29:58 +04:00
" currentValue " ,
2005-01-11 17:04:58 +03:00
" lastSetTime " ,
NULL
} ;
/* search for the secret record */
2005-06-14 23:15:17 +04:00
ret = gendb_search_dn ( secret_state - > sam_ldb , mem_ctx ,
secret_state - > secret_dn , & res , attrs ) ;
2005-01-11 17:04:58 +03:00
if ( ret = = 0 ) {
return NT_STATUS_OBJECT_NAME_NOT_FOUND ;
}
if ( ret ! = 1 ) {
2005-08-18 19:02:01 +04:00
DEBUG ( 0 , ( " Found %d records matching dn=%s \n " , ret ,
2006-11-22 05:05:19 +03:00
ldb_dn_get_linearized ( secret_state - > secret_dn ) ) ) ;
2005-01-11 17:04:58 +03:00
return NT_STATUS_INTERNAL_DB_CORRUPTION ;
}
2006-09-11 10:29:58 +04:00
new_val = ldb_msg_find_ldb_val ( res [ 0 ] , " currentValue " ) ;
2006-08-13 12:00:36 +04:00
last_set_time = ldb_msg_find_attr_as_uint64 ( res [ 0 ] , " lastSetTime " , 0 ) ;
2005-01-11 17:04:58 +03:00
if ( new_val ) {
/* set value */
2005-02-27 14:35:47 +03:00
if ( samdb_msg_add_value ( secret_state - > sam_ldb ,
2006-09-11 10:29:58 +04:00
mem_ctx , msg , " priorValue " ,
2005-01-11 17:04:58 +03:00
new_val ) ! = 0 ) {
return NT_STATUS_NO_MEMORY ;
}
}
/* set new value mtime */
if ( ldb_msg_find_ldb_val ( res [ 0 ] , " lastSetTime " ) ) {
2005-02-27 14:35:47 +03:00
if ( samdb_msg_add_uint64 ( secret_state - > sam_ldb ,
2005-01-11 17:04:58 +03:00
mem_ctx , msg , " priorSetTime " , last_set_time ) ! = 0 ) {
return NT_STATUS_NO_MEMORY ;
}
}
}
}
/* modify the samdb record */
2005-02-27 14:35:47 +03:00
ret = samdb_replace ( secret_state - > sam_ldb , mem_ctx , msg ) ;
2005-01-11 17:04:58 +03:00
if ( ret ! = 0 ) {
/* we really need samdb.c to return NTSTATUS */
return NT_STATUS_UNSUCCESSFUL ;
}
return NT_STATUS_OK ;
2004-05-27 08:13:58 +04:00
}
/*
lsa_QuerySecret
*/
2007-01-17 17:49:36 +03:00
static NTSTATUS dcesrv_lsa_QuerySecret ( struct dcesrv_call_state * dce_call , TALLOC_CTX * mem_ctx ,
2005-01-11 17:04:58 +03:00
struct lsa_QuerySecret * r )
2004-05-27 08:13:58 +04:00
{
2005-01-11 17:04:58 +03:00
struct dcesrv_handle * h ;
struct lsa_secret_state * secret_state ;
struct ldb_message * msg ;
DATA_BLOB session_key ;
DATA_BLOB crypt_secret , secret ;
int ret ;
struct ldb_message * * res ;
const char * attrs [ ] = {
2006-09-11 10:29:58 +04:00
" currentValue " ,
" priorValue " ,
2005-01-11 17:04:58 +03:00
" lastSetTime " ,
" priorSetTime " ,
NULL
} ;
NTSTATUS nt_status ;
DCESRV_PULL_HANDLE ( h , r - > in . sec_handle , LSA_HANDLE_SECRET ) ;
2008-03-20 04:12:10 +03:00
/* Ensure user is permitted to read this... */
switch ( security_session_user_level ( dce_call - > conn - > auth_state . session_info ) )
{
case SECURITY_SYSTEM :
case SECURITY_ADMINISTRATOR :
break ;
default :
/* Users and annonymous are not allowed to read secrets */
return NT_STATUS_ACCESS_DENIED ;
}
2005-01-11 17:04:58 +03:00
secret_state = h - > data ;
/* pull all the user attributes */
2005-06-14 23:15:17 +04:00
ret = gendb_search_dn ( secret_state - > sam_ldb , mem_ctx ,
secret_state - > secret_dn , & res , attrs ) ;
2005-01-11 17:04:58 +03:00
if ( ret ! = 1 ) {
return NT_STATUS_INTERNAL_DB_CORRUPTION ;
}
msg = res [ 0 ] ;
nt_status = dcesrv_fetch_session_key ( dce_call - > conn , & session_key ) ;
if ( ! NT_STATUS_IS_OK ( nt_status ) ) {
return nt_status ;
}
if ( r - > in . old_val ) {
const struct ldb_val * prior_val ;
2005-01-12 01:16:14 +03:00
r - > out . old_val = talloc_zero ( mem_ctx , struct lsa_DATA_BUF_PTR ) ;
if ( ! r - > out . old_val ) {
return NT_STATUS_NO_MEMORY ;
}
2006-09-11 10:29:58 +04:00
prior_val = ldb_msg_find_ldb_val ( res [ 0 ] , " priorValue " ) ;
2005-01-11 17:04:58 +03:00
if ( prior_val & & prior_val - > length ) {
secret . data = prior_val - > data ;
secret . length = prior_val - > length ;
2006-11-13 06:20:24 +03:00
/* Encrypt */
2005-01-11 17:04:58 +03:00
crypt_secret = sess_encrypt_blob ( mem_ctx , & secret , & session_key ) ;
if ( ! crypt_secret . length ) {
return NT_STATUS_NO_MEMORY ;
}
r - > out . old_val - > buf = talloc ( mem_ctx , struct lsa_DATA_BUF ) ;
2005-01-12 01:16:14 +03:00
if ( ! r - > out . old_val - > buf ) {
return NT_STATUS_NO_MEMORY ;
}
2005-01-11 17:04:58 +03:00
r - > out . old_val - > buf - > size = crypt_secret . length ;
r - > out . old_val - > buf - > length = crypt_secret . length ;
r - > out . old_val - > buf - > data = crypt_secret . data ;
}
}
if ( r - > in . old_mtime ) {
2005-01-27 09:16:59 +03:00
r - > out . old_mtime = talloc ( mem_ctx , NTTIME ) ;
2005-01-11 17:04:58 +03:00
if ( ! r - > out . old_mtime ) {
return NT_STATUS_NO_MEMORY ;
}
2006-08-13 12:00:36 +04:00
* r - > out . old_mtime = ldb_msg_find_attr_as_uint64 ( res [ 0 ] , " priorSetTime " , 0 ) ;
2005-01-11 17:04:58 +03:00
}
if ( r - > in . new_val ) {
const struct ldb_val * new_val ;
2005-01-12 01:16:14 +03:00
r - > out . new_val = talloc_zero ( mem_ctx , struct lsa_DATA_BUF_PTR ) ;
if ( ! r - > out . new_val ) {
return NT_STATUS_NO_MEMORY ;
}
2006-09-11 10:29:58 +04:00
new_val = ldb_msg_find_ldb_val ( res [ 0 ] , " currentValue " ) ;
2005-01-11 17:04:58 +03:00
if ( new_val & & new_val - > length ) {
secret . data = new_val - > data ;
secret . length = new_val - > length ;
2006-11-13 06:20:24 +03:00
/* Encrypt */
2005-01-11 17:04:58 +03:00
crypt_secret = sess_encrypt_blob ( mem_ctx , & secret , & session_key ) ;
if ( ! crypt_secret . length ) {
return NT_STATUS_NO_MEMORY ;
}
r - > out . new_val - > buf = talloc ( mem_ctx , struct lsa_DATA_BUF ) ;
2005-01-12 01:16:14 +03:00
if ( ! r - > out . new_val - > buf ) {
return NT_STATUS_NO_MEMORY ;
}
2005-01-11 17:04:58 +03:00
r - > out . new_val - > buf - > length = crypt_secret . length ;
r - > out . new_val - > buf - > size = crypt_secret . length ;
r - > out . new_val - > buf - > data = crypt_secret . data ;
}
}
if ( r - > in . new_mtime ) {
2005-01-27 09:16:59 +03:00
r - > out . new_mtime = talloc ( mem_ctx , NTTIME ) ;
2005-01-11 17:04:58 +03:00
if ( ! r - > out . new_mtime ) {
return NT_STATUS_NO_MEMORY ;
}
2006-08-13 12:00:36 +04:00
* r - > out . new_mtime = ldb_msg_find_attr_as_uint64 ( res [ 0 ] , " lastSetTime " , 0 ) ;
2005-01-11 17:04:58 +03:00
}
return NT_STATUS_OK ;
2004-05-27 08:13:58 +04:00
}
/*
2004-08-14 05:11:34 +04:00
lsa_LookupPrivValue
2004-05-27 08:13:58 +04:00
*/
2007-01-17 17:49:36 +03:00
static NTSTATUS dcesrv_lsa_LookupPrivValue ( struct dcesrv_call_state * dce_call ,
2004-12-14 08:32:51 +03:00
TALLOC_CTX * mem_ctx ,
struct lsa_LookupPrivValue * r )
2004-05-27 08:13:58 +04:00
{
2004-12-14 08:32:51 +03:00
struct dcesrv_handle * h ;
struct lsa_policy_state * state ;
int id ;
DCESRV_PULL_HANDLE ( h , r - > in . handle , LSA_HANDLE_POLICY ) ;
state = h - > data ;
id = sec_privilege_id ( r - > in . name - > string ) ;
if ( id = = - 1 ) {
return NT_STATUS_NO_SUCH_PRIVILEGE ;
}
r - > out . luid - > low = id ;
r - > out . luid - > high = 0 ;
return NT_STATUS_OK ;
2004-05-27 08:13:58 +04:00
}
/*
lsa_LookupPrivName
*/
2007-01-17 17:49:36 +03:00
static NTSTATUS dcesrv_lsa_LookupPrivName ( struct dcesrv_call_state * dce_call ,
2004-12-14 08:32:51 +03:00
TALLOC_CTX * mem_ctx ,
struct lsa_LookupPrivName * r )
2004-05-27 08:13:58 +04:00
{
2004-12-14 08:51:01 +03:00
struct dcesrv_handle * h ;
struct lsa_policy_state * state ;
const char * privname ;
DCESRV_PULL_HANDLE ( h , r - > in . handle , LSA_HANDLE_POLICY ) ;
state = h - > data ;
if ( r - > in . luid - > high ! = 0 ) {
return NT_STATUS_NO_SUCH_PRIVILEGE ;
}
privname = sec_privilege_name ( r - > in . luid - > low ) ;
if ( privname = = NULL ) {
return NT_STATUS_NO_SUCH_PRIVILEGE ;
}
2006-01-09 18:50:08 +03:00
r - > out . name = talloc ( mem_ctx , struct lsa_StringLarge ) ;
2004-12-14 08:51:01 +03:00
if ( r - > out . name = = NULL ) {
return NT_STATUS_NO_MEMORY ;
}
r - > out . name - > string = privname ;
return NT_STATUS_OK ;
2004-05-27 08:13:58 +04:00
}
/*
2004-08-14 05:11:34 +04:00
lsa_LookupPrivDisplayName
2004-05-27 08:13:58 +04:00
*/
2007-01-17 17:49:36 +03:00
static NTSTATUS dcesrv_lsa_LookupPrivDisplayName ( struct dcesrv_call_state * dce_call ,
2004-12-14 08:51:01 +03:00
TALLOC_CTX * mem_ctx ,
struct lsa_LookupPrivDisplayName * r )
2004-05-27 08:13:58 +04:00
{
2004-12-14 08:51:01 +03:00
struct dcesrv_handle * h ;
struct lsa_policy_state * state ;
int id ;
DCESRV_PULL_HANDLE ( h , r - > in . handle , LSA_HANDLE_POLICY ) ;
state = h - > data ;
id = sec_privilege_id ( r - > in . name - > string ) ;
if ( id = = - 1 ) {
return NT_STATUS_NO_SUCH_PRIVILEGE ;
}
2006-01-09 18:50:08 +03:00
r - > out . disp_name = talloc ( mem_ctx , struct lsa_StringLarge ) ;
2004-12-14 08:51:01 +03:00
if ( r - > out . disp_name = = NULL ) {
return NT_STATUS_NO_MEMORY ;
}
r - > out . disp_name - > string = sec_privilege_display_name ( id , r - > in . language_id ) ;
if ( r - > out . disp_name - > string = = NULL ) {
return NT_STATUS_INTERNAL_ERROR ;
}
return NT_STATUS_OK ;
2004-05-27 08:13:58 +04:00
}
/*
2004-08-14 05:11:34 +04:00
lsa_EnumAccountsWithUserRight
2004-05-27 08:13:58 +04:00
*/
2007-01-17 17:49:36 +03:00
static NTSTATUS dcesrv_lsa_EnumAccountsWithUserRight ( struct dcesrv_call_state * dce_call ,
2004-12-14 08:07:29 +03:00
TALLOC_CTX * mem_ctx ,
struct lsa_EnumAccountsWithUserRight * r )
2004-05-27 08:13:58 +04:00
{
2004-12-14 08:07:29 +03:00
struct dcesrv_handle * h ;
struct lsa_policy_state * state ;
int ret , i ;
struct ldb_message * * res ;
const char * const attrs [ ] = { " objectSid " , NULL } ;
const char * privname ;
DCESRV_PULL_HANDLE ( h , r - > in . handle , LSA_HANDLE_POLICY ) ;
state = h - > data ;
if ( r - > in . name = = NULL ) {
return NT_STATUS_NO_SUCH_PRIVILEGE ;
}
privname = r - > in . name - > string ;
if ( sec_privilege_id ( privname ) = = - 1 ) {
return NT_STATUS_NO_SUCH_PRIVILEGE ;
}
2006-08-25 11:08:06 +04:00
ret = gendb_search ( state - > sam_ldb , mem_ctx , NULL , & res , attrs ,
2004-12-14 08:07:29 +03:00
" privilege=%s " , privname ) ;
2006-07-06 09:23:29 +04:00
if ( ret = = - 1 ) {
return NT_STATUS_INTERNAL_DB_CORRUPTION ;
}
if ( ret = = 0 ) {
return NT_STATUS_NO_MORE_ENTRIES ;
2004-12-14 08:07:29 +03:00
}
2005-01-27 10:08:20 +03:00
r - > out . sids - > sids = talloc_array ( r - > out . sids , struct lsa_SidPtr , ret ) ;
2004-12-14 08:07:29 +03:00
if ( r - > out . sids - > sids = = NULL ) {
return NT_STATUS_NO_MEMORY ;
}
for ( i = 0 ; i < ret ; i + + ) {
2005-06-24 04:18:20 +04:00
r - > out . sids - > sids [ i ] . sid = samdb_result_dom_sid ( r - > out . sids - > sids ,
res [ i ] , " objectSid " ) ;
NT_STATUS_HAVE_NO_MEMORY ( r - > out . sids - > sids [ i ] . sid ) ;
2004-12-14 08:07:29 +03:00
}
r - > out . sids - > num_sids = ret ;
return NT_STATUS_OK ;
2004-05-27 08:13:58 +04:00
}
2004-12-14 09:17:33 +03:00
/*
lsa_AddAccountRights
*/
2007-01-17 17:49:36 +03:00
static NTSTATUS dcesrv_lsa_AddAccountRights ( struct dcesrv_call_state * dce_call ,
2004-12-14 09:17:33 +03:00
TALLOC_CTX * mem_ctx ,
struct lsa_AddAccountRights * r )
{
struct dcesrv_handle * h ;
struct lsa_policy_state * state ;
DCESRV_PULL_HANDLE ( h , r - > in . handle , LSA_HANDLE_POLICY ) ;
state = h - > data ;
2007-01-17 17:49:36 +03:00
return dcesrv_lsa_AddRemoveAccountRights ( dce_call , mem_ctx , state ,
2004-12-14 09:17:33 +03:00
LDB_FLAG_MOD_ADD ,
r - > in . sid , r - > in . rights ) ;
}
2004-05-27 08:13:58 +04:00
/*
2004-08-14 05:11:34 +04:00
lsa_RemoveAccountRights
2004-05-27 08:13:58 +04:00
*/
2007-01-17 17:49:36 +03:00
static NTSTATUS dcesrv_lsa_RemoveAccountRights ( struct dcesrv_call_state * dce_call ,
2004-12-14 09:10:45 +03:00
TALLOC_CTX * mem_ctx ,
struct lsa_RemoveAccountRights * r )
2004-05-27 08:13:58 +04:00
{
2004-12-14 09:17:33 +03:00
struct dcesrv_handle * h ;
struct lsa_policy_state * state ;
DCESRV_PULL_HANDLE ( h , r - > in . handle , LSA_HANDLE_POLICY ) ;
state = h - > data ;
2007-01-17 17:49:36 +03:00
return dcesrv_lsa_AddRemoveAccountRights ( dce_call , mem_ctx , state ,
2004-12-14 09:17:33 +03:00
LDB_FLAG_MOD_DELETE ,
r - > in . sid , r - > in . rights ) ;
2004-05-27 08:13:58 +04:00
}
/*
2004-08-14 05:11:34 +04:00
lsa_StorePrivateData
2004-05-27 08:13:58 +04:00
*/
2007-01-17 17:49:36 +03:00
static NTSTATUS dcesrv_lsa_StorePrivateData ( struct dcesrv_call_state * dce_call , TALLOC_CTX * mem_ctx ,
2004-08-14 05:11:34 +04:00
struct lsa_StorePrivateData * r )
2004-05-27 08:13:58 +04:00
{
DCESRV_FAULT ( DCERPC_FAULT_OP_RNG_ERROR ) ;
}
/*
2004-08-14 05:11:34 +04:00
lsa_RetrievePrivateData
2004-05-27 08:13:58 +04:00
*/
2007-01-17 17:49:36 +03:00
static NTSTATUS dcesrv_lsa_RetrievePrivateData ( struct dcesrv_call_state * dce_call , TALLOC_CTX * mem_ctx ,
2004-08-14 05:11:34 +04:00
struct lsa_RetrievePrivateData * r )
2004-05-27 08:13:58 +04:00
{
DCESRV_FAULT ( DCERPC_FAULT_OP_RNG_ERROR ) ;
}
/*
2004-08-14 05:11:34 +04:00
lsa_GetUserName
2004-05-27 08:13:58 +04:00
*/
2007-01-17 17:49:36 +03:00
static NTSTATUS dcesrv_lsa_GetUserName ( struct dcesrv_call_state * dce_call , TALLOC_CTX * mem_ctx ,
2005-10-06 15:15:20 +04:00
struct lsa_GetUserName * r )
2004-05-27 08:13:58 +04:00
{
2004-12-21 15:22:57 +03:00
NTSTATUS status = NT_STATUS_OK ;
const char * account_name ;
const char * authority_name ;
struct lsa_String * _account_name ;
struct lsa_StringPointer * _authority_name = NULL ;
/* this is what w2k3 does */
r - > out . account_name = r - > in . account_name ;
r - > out . authority_name = r - > in . authority_name ;
if ( r - > in . account_name & & r - > in . account_name - > string ) {
return NT_STATUS_INVALID_PARAMETER ;
}
if ( r - > in . authority_name & &
r - > in . authority_name - > string & &
r - > in . authority_name - > string - > string ) {
return NT_STATUS_INVALID_PARAMETER ;
}
2004-12-23 06:02:57 +03:00
account_name = talloc_reference ( mem_ctx , dce_call - > conn - > auth_state . session_info - > server_info - > account_name ) ;
2005-01-09 15:55:25 +03:00
authority_name = talloc_reference ( mem_ctx , dce_call - > conn - > auth_state . session_info - > server_info - > domain_name ) ;
2004-12-21 15:22:57 +03:00
2005-01-27 10:08:20 +03:00
_account_name = talloc ( mem_ctx , struct lsa_String ) ;
2006-04-29 15:48:56 +04:00
NT_STATUS_HAVE_NO_MEMORY ( _account_name ) ;
2004-12-21 15:22:57 +03:00
_account_name - > string = account_name ;
if ( r - > in . authority_name ) {
2005-01-27 10:08:20 +03:00
_authority_name = talloc ( mem_ctx , struct lsa_StringPointer ) ;
2006-04-29 15:48:56 +04:00
NT_STATUS_HAVE_NO_MEMORY ( _authority_name ) ;
2005-01-27 10:08:20 +03:00
_authority_name - > string = talloc ( mem_ctx , struct lsa_String ) ;
2006-04-29 15:48:56 +04:00
NT_STATUS_HAVE_NO_MEMORY ( _authority_name - > string ) ;
2004-12-21 15:22:57 +03:00
_authority_name - > string - > string = authority_name ;
}
r - > out . account_name = _account_name ;
r - > out . authority_name = _authority_name ;
return status ;
2004-05-27 08:13:58 +04:00
}
2004-08-14 05:11:34 +04:00
/*
lsa_SetInfoPolicy2
*/
2007-01-17 17:49:36 +03:00
static NTSTATUS dcesrv_lsa_SetInfoPolicy2 ( struct dcesrv_call_state * dce_call ,
2004-08-14 05:11:34 +04:00
TALLOC_CTX * mem_ctx ,
struct lsa_SetInfoPolicy2 * r )
{
DCESRV_FAULT ( DCERPC_FAULT_OP_RNG_ERROR ) ;
}
/*
lsa_QueryDomainInformationPolicy
*/
2007-01-17 17:49:36 +03:00
static NTSTATUS dcesrv_lsa_QueryDomainInformationPolicy ( struct dcesrv_call_state * dce_call ,
2004-08-14 05:11:34 +04:00
TALLOC_CTX * mem_ctx ,
struct lsa_QueryDomainInformationPolicy * r )
{
2008-08-26 06:18:26 +04:00
r - > out . info = talloc ( mem_ctx , union lsa_DomainInformationPolicy ) ;
if ( ! r - > out . info ) {
return NT_STATUS_NO_MEMORY ;
}
switch ( r - > in . level ) {
case LSA_DOMAIN_INFO_POLICY_EFS :
talloc_free ( r - > out . info ) ;
r - > out . info = NULL ;
return NT_STATUS_OBJECT_NAME_NOT_FOUND ;
case LSA_DOMAIN_INFO_POLICY_KERBEROS :
{
struct lsa_DomainInfoKerberos * k = & r - > out . info - > kerberos_info ;
struct smb_krb5_context * smb_krb5_context ;
int ret = smb_krb5_init_context ( mem_ctx ,
dce_call - > event_ctx ,
dce_call - > conn - > dce_ctx - > lp_ctx ,
& smb_krb5_context ) ;
if ( ret ! = 0 ) {
talloc_free ( r - > out . info ) ;
r - > out . info = NULL ;
return NT_STATUS_INTERNAL_ERROR ;
}
k - > enforce_restrictions = 0 ; /* FIXME, details missing from MS-LSAD 2.2.53 */
k - > service_tkt_lifetime = 0 ; /* Need to find somewhere to store this, and query in KDC too */
k - > user_tkt_lifetime = 0 ; /* Need to find somewhere to store this, and query in KDC too */
k - > user_tkt_renewaltime = 0 ; /* Need to find somewhere to store this, and query in KDC too */
k - > clock_skew = krb5_get_max_time_skew ( smb_krb5_context - > krb5_context ) ;
talloc_free ( smb_krb5_context ) ;
return NT_STATUS_OK ;
}
default :
talloc_free ( r - > out . info ) ;
r - > out . info = NULL ;
return NT_STATUS_INVALID_INFO_CLASS ;
}
2004-08-14 05:11:34 +04:00
}
/*
lsa_SetDomInfoPolicy
*/
2007-01-17 17:49:36 +03:00
static NTSTATUS dcesrv_lsa_SetDomainInformationPolicy ( struct dcesrv_call_state * dce_call ,
2005-09-01 14:36:48 +04:00
TALLOC_CTX * mem_ctx ,
struct lsa_SetDomainInformationPolicy * r )
2004-08-14 05:11:34 +04:00
{
DCESRV_FAULT ( DCERPC_FAULT_OP_RNG_ERROR ) ;
}
/*
lsa_TestCall
*/
2007-01-17 17:49:36 +03:00
static NTSTATUS dcesrv_lsa_TestCall ( struct dcesrv_call_state * dce_call ,
2004-08-14 05:11:34 +04:00
TALLOC_CTX * mem_ctx ,
struct lsa_TestCall * r )
{
DCESRV_FAULT ( DCERPC_FAULT_OP_RNG_ERROR ) ;
}
2004-12-31 09:08:43 +03:00
/*
lsa_CREDRWRITE
*/
2007-01-17 17:49:36 +03:00
static NTSTATUS dcesrv_lsa_CREDRWRITE ( struct dcesrv_call_state * dce_call , TALLOC_CTX * mem_ctx ,
2004-12-31 09:08:43 +03:00
struct lsa_CREDRWRITE * r )
{
DCESRV_FAULT ( DCERPC_FAULT_OP_RNG_ERROR ) ;
}
/*
lsa_CREDRREAD
*/
2007-01-17 17:49:36 +03:00
static NTSTATUS dcesrv_lsa_CREDRREAD ( struct dcesrv_call_state * dce_call , TALLOC_CTX * mem_ctx ,
2004-12-31 09:08:43 +03:00
struct lsa_CREDRREAD * r )
{
DCESRV_FAULT ( DCERPC_FAULT_OP_RNG_ERROR ) ;
}
/*
lsa_CREDRENUMERATE
*/
2007-01-17 17:49:36 +03:00
static NTSTATUS dcesrv_lsa_CREDRENUMERATE ( struct dcesrv_call_state * dce_call , TALLOC_CTX * mem_ctx ,
2004-12-31 09:08:43 +03:00
struct lsa_CREDRENUMERATE * r )
{
DCESRV_FAULT ( DCERPC_FAULT_OP_RNG_ERROR ) ;
}
/*
lsa_CREDRWRITEDOMAINCREDENTIALS
*/
2007-01-17 17:49:36 +03:00
static NTSTATUS dcesrv_lsa_CREDRWRITEDOMAINCREDENTIALS ( struct dcesrv_call_state * dce_call , TALLOC_CTX * mem_ctx ,
2004-12-31 09:08:43 +03:00
struct lsa_CREDRWRITEDOMAINCREDENTIALS * r )
{
DCESRV_FAULT ( DCERPC_FAULT_OP_RNG_ERROR ) ;
}
/*
lsa_CREDRREADDOMAINCREDENTIALS
*/
2007-01-17 17:49:36 +03:00
static NTSTATUS dcesrv_lsa_CREDRREADDOMAINCREDENTIALS ( struct dcesrv_call_state * dce_call , TALLOC_CTX * mem_ctx ,
2004-12-31 09:08:43 +03:00
struct lsa_CREDRREADDOMAINCREDENTIALS * r )
{
DCESRV_FAULT ( DCERPC_FAULT_OP_RNG_ERROR ) ;
}
/*
lsa_CREDRDELETE
*/
2007-01-17 17:49:36 +03:00
static NTSTATUS dcesrv_lsa_CREDRDELETE ( struct dcesrv_call_state * dce_call , TALLOC_CTX * mem_ctx ,
2004-12-31 09:08:43 +03:00
struct lsa_CREDRDELETE * r )
{
DCESRV_FAULT ( DCERPC_FAULT_OP_RNG_ERROR ) ;
}
/*
lsa_CREDRGETTARGETINFO
*/
2007-01-17 17:49:36 +03:00
static NTSTATUS dcesrv_lsa_CREDRGETTARGETINFO ( struct dcesrv_call_state * dce_call , TALLOC_CTX * mem_ctx ,
2004-12-31 09:08:43 +03:00
struct lsa_CREDRGETTARGETINFO * r )
{
DCESRV_FAULT ( DCERPC_FAULT_OP_RNG_ERROR ) ;
}
/*
lsa_CREDRPROFILELOADED
*/
2007-01-17 17:49:36 +03:00
static NTSTATUS dcesrv_lsa_CREDRPROFILELOADED ( struct dcesrv_call_state * dce_call , TALLOC_CTX * mem_ctx ,
2004-12-31 09:08:43 +03:00
struct lsa_CREDRPROFILELOADED * r )
{
DCESRV_FAULT ( DCERPC_FAULT_OP_RNG_ERROR ) ;
}
/*
lsa_CREDRGETSESSIONTYPES
*/
2007-01-17 17:49:36 +03:00
static NTSTATUS dcesrv_lsa_CREDRGETSESSIONTYPES ( struct dcesrv_call_state * dce_call , TALLOC_CTX * mem_ctx ,
2004-12-31 09:08:43 +03:00
struct lsa_CREDRGETSESSIONTYPES * r )
{
DCESRV_FAULT ( DCERPC_FAULT_OP_RNG_ERROR ) ;
}
/*
lsa_LSARREGISTERAUDITEVENT
*/
2007-01-17 17:49:36 +03:00
static NTSTATUS dcesrv_lsa_LSARREGISTERAUDITEVENT ( struct dcesrv_call_state * dce_call , TALLOC_CTX * mem_ctx ,
2004-12-31 09:08:43 +03:00
struct lsa_LSARREGISTERAUDITEVENT * r )
{
DCESRV_FAULT ( DCERPC_FAULT_OP_RNG_ERROR ) ;
}
/*
lsa_LSARGENAUDITEVENT
*/
2007-01-17 17:49:36 +03:00
static NTSTATUS dcesrv_lsa_LSARGENAUDITEVENT ( struct dcesrv_call_state * dce_call , TALLOC_CTX * mem_ctx ,
2004-12-31 09:08:43 +03:00
struct lsa_LSARGENAUDITEVENT * r )
{
DCESRV_FAULT ( DCERPC_FAULT_OP_RNG_ERROR ) ;
}
/*
lsa_LSARUNREGISTERAUDITEVENT
*/
2007-01-17 17:49:36 +03:00
static NTSTATUS dcesrv_lsa_LSARUNREGISTERAUDITEVENT ( struct dcesrv_call_state * dce_call , TALLOC_CTX * mem_ctx ,
2004-12-31 09:08:43 +03:00
struct lsa_LSARUNREGISTERAUDITEVENT * r )
{
DCESRV_FAULT ( DCERPC_FAULT_OP_RNG_ERROR ) ;
}
/*
2007-06-08 14:42:33 +04:00
lsa_lsaRQueryForestTrustInformation
2004-12-31 09:08:43 +03:00
*/
2007-06-08 14:42:33 +04:00
static NTSTATUS dcesrv_lsa_lsaRQueryForestTrustInformation ( struct dcesrv_call_state * dce_call , TALLOC_CTX * mem_ctx ,
struct lsa_lsaRQueryForestTrustInformation * r )
2004-12-31 09:08:43 +03:00
{
DCESRV_FAULT ( DCERPC_FAULT_OP_RNG_ERROR ) ;
}
/*
lsa_LSARSETFORESTTRUSTINFORMATION
*/
2007-01-17 17:49:36 +03:00
static NTSTATUS dcesrv_lsa_LSARSETFORESTTRUSTINFORMATION ( struct dcesrv_call_state * dce_call , TALLOC_CTX * mem_ctx ,
2004-12-31 09:08:43 +03:00
struct lsa_LSARSETFORESTTRUSTINFORMATION * r )
{
DCESRV_FAULT ( DCERPC_FAULT_OP_RNG_ERROR ) ;
}
/*
lsa_CREDRRENAME
*/
2007-01-17 17:49:36 +03:00
static NTSTATUS dcesrv_lsa_CREDRRENAME ( struct dcesrv_call_state * dce_call , TALLOC_CTX * mem_ctx ,
2004-12-31 09:08:43 +03:00
struct lsa_CREDRRENAME * r )
{
DCESRV_FAULT ( DCERPC_FAULT_OP_RNG_ERROR ) ;
}
/*
lsa_LSAROPENPOLICYSCE
*/
2007-01-17 17:49:36 +03:00
static NTSTATUS dcesrv_lsa_LSAROPENPOLICYSCE ( struct dcesrv_call_state * dce_call , TALLOC_CTX * mem_ctx ,
2004-12-31 09:08:43 +03:00
struct lsa_LSAROPENPOLICYSCE * r )
{
DCESRV_FAULT ( DCERPC_FAULT_OP_RNG_ERROR ) ;
}
/*
lsa_LSARADTREGISTERSECURITYEVENTSOURCE
*/
2007-01-17 17:49:36 +03:00
static NTSTATUS dcesrv_lsa_LSARADTREGISTERSECURITYEVENTSOURCE ( struct dcesrv_call_state * dce_call , TALLOC_CTX * mem_ctx ,
2004-12-31 09:08:43 +03:00
struct lsa_LSARADTREGISTERSECURITYEVENTSOURCE * r )
{
DCESRV_FAULT ( DCERPC_FAULT_OP_RNG_ERROR ) ;
}
/*
lsa_LSARADTUNREGISTERSECURITYEVENTSOURCE
*/
2007-01-17 17:49:36 +03:00
static NTSTATUS dcesrv_lsa_LSARADTUNREGISTERSECURITYEVENTSOURCE ( struct dcesrv_call_state * dce_call , TALLOC_CTX * mem_ctx ,
2004-12-31 09:08:43 +03:00
struct lsa_LSARADTUNREGISTERSECURITYEVENTSOURCE * r )
{
DCESRV_FAULT ( DCERPC_FAULT_OP_RNG_ERROR ) ;
}
/*
lsa_LSARADTREPORTSECURITYEVENT
*/
2007-01-17 17:49:36 +03:00
static NTSTATUS dcesrv_lsa_LSARADTREPORTSECURITYEVENT ( struct dcesrv_call_state * dce_call , TALLOC_CTX * mem_ctx ,
2004-12-31 09:08:43 +03:00
struct lsa_LSARADTREPORTSECURITYEVENT * r )
{
DCESRV_FAULT ( DCERPC_FAULT_OP_RNG_ERROR ) ;
}
2004-05-27 08:13:58 +04:00
/* include the generated boilerplate */
# include "librpc/gen_ndr/ndr_lsa_s.c"
2006-08-31 17:10:11 +04:00
/*****************************************
NOTE ! The remaining calls below were
removed in w2k3 , so the DCESRV_FAULT ( )
replies are the correct implementation . Do
not try and fill these in with anything else
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
/*
dssetup_DsRoleDnsNameToFlatName
*/
2007-01-17 17:49:36 +03:00
static WERROR dcesrv_dssetup_DsRoleDnsNameToFlatName ( struct dcesrv_call_state * dce_call , TALLOC_CTX * mem_ctx ,
2006-08-31 17:10:11 +04:00
struct dssetup_DsRoleDnsNameToFlatName * r )
{
DCESRV_FAULT ( DCERPC_FAULT_OP_RNG_ERROR ) ;
}
/*
dssetup_DsRoleDcAsDc
*/
2007-01-17 17:49:36 +03:00
static WERROR dcesrv_dssetup_DsRoleDcAsDc ( struct dcesrv_call_state * dce_call , TALLOC_CTX * mem_ctx ,
2006-08-31 17:10:11 +04:00
struct dssetup_DsRoleDcAsDc * r )
{
DCESRV_FAULT ( DCERPC_FAULT_OP_RNG_ERROR ) ;
}
/*
dssetup_DsRoleDcAsReplica
*/
2007-01-17 17:49:36 +03:00
static WERROR dcesrv_dssetup_DsRoleDcAsReplica ( struct dcesrv_call_state * dce_call , TALLOC_CTX * mem_ctx ,
2006-08-31 17:10:11 +04:00
struct dssetup_DsRoleDcAsReplica * r )
{
DCESRV_FAULT ( DCERPC_FAULT_OP_RNG_ERROR ) ;
}
/*
dssetup_DsRoleDemoteDc
*/
2007-01-17 17:49:36 +03:00
static WERROR dcesrv_dssetup_DsRoleDemoteDc ( struct dcesrv_call_state * dce_call , TALLOC_CTX * mem_ctx ,
2006-08-31 17:10:11 +04:00
struct dssetup_DsRoleDemoteDc * r )
{
DCESRV_FAULT ( DCERPC_FAULT_OP_RNG_ERROR ) ;
}
/*
dssetup_DsRoleGetDcOperationProgress
*/
2007-01-17 17:49:36 +03:00
static WERROR dcesrv_dssetup_DsRoleGetDcOperationProgress ( struct dcesrv_call_state * dce_call , TALLOC_CTX * mem_ctx ,
2006-08-31 17:10:11 +04:00
struct dssetup_DsRoleGetDcOperationProgress * r )
{
DCESRV_FAULT ( DCERPC_FAULT_OP_RNG_ERROR ) ;
}
/*
dssetup_DsRoleGetDcOperationResults
*/
2007-01-17 17:49:36 +03:00
static WERROR dcesrv_dssetup_DsRoleGetDcOperationResults ( struct dcesrv_call_state * dce_call , TALLOC_CTX * mem_ctx ,
2006-08-31 17:10:11 +04:00
struct dssetup_DsRoleGetDcOperationResults * r )
{
DCESRV_FAULT ( DCERPC_FAULT_OP_RNG_ERROR ) ;
}
/*
dssetup_DsRoleCancel
*/
2007-01-17 17:49:36 +03:00
static WERROR dcesrv_dssetup_DsRoleCancel ( struct dcesrv_call_state * dce_call , TALLOC_CTX * mem_ctx ,
2006-08-31 17:10:11 +04:00
struct dssetup_DsRoleCancel * r )
{
DCESRV_FAULT ( DCERPC_FAULT_OP_RNG_ERROR ) ;
}
/*
dssetup_DsRoleServerSaveStateForUpgrade
*/
2007-01-17 17:49:36 +03:00
static WERROR dcesrv_dssetup_DsRoleServerSaveStateForUpgrade ( struct dcesrv_call_state * dce_call , TALLOC_CTX * mem_ctx ,
2006-08-31 17:10:11 +04:00
struct dssetup_DsRoleServerSaveStateForUpgrade * r )
{
DCESRV_FAULT ( DCERPC_FAULT_OP_RNG_ERROR ) ;
}
/*
dssetup_DsRoleUpgradeDownlevelServer
*/
2007-01-17 17:49:36 +03:00
static WERROR dcesrv_dssetup_DsRoleUpgradeDownlevelServer ( struct dcesrv_call_state * dce_call , TALLOC_CTX * mem_ctx ,
2006-08-31 17:10:11 +04:00
struct dssetup_DsRoleUpgradeDownlevelServer * r )
{
DCESRV_FAULT ( DCERPC_FAULT_OP_RNG_ERROR ) ;
}
/*
dssetup_DsRoleAbortDownlevelServerUpgrade
*/
2007-01-17 17:49:36 +03:00
static WERROR dcesrv_dssetup_DsRoleAbortDownlevelServerUpgrade ( struct dcesrv_call_state * dce_call , TALLOC_CTX * mem_ctx ,
2006-08-31 17:10:11 +04:00
struct dssetup_DsRoleAbortDownlevelServerUpgrade * r )
{
DCESRV_FAULT ( DCERPC_FAULT_OP_RNG_ERROR ) ;
}
/* include the generated boilerplate */
# include "librpc/gen_ndr/ndr_dssetup_s.c"
NTSTATUS dcerpc_server_lsa_init ( void )
{
NTSTATUS ret ;
ret = dcerpc_server_dssetup_init ( ) ;
if ( ! NT_STATUS_IS_OK ( ret ) ) {
return ret ;
}
ret = dcerpc_server_lsarpc_init ( ) ;
if ( ! NT_STATUS_IS_OK ( ret ) ) {
return ret ;
}
return ret ;
}