2004-05-27 08:13:58 +04:00
/*
Unix SMB / CIFS implementation .
endpoint server for the lsarpc pipe
Copyright ( C ) Andrew Tridgell 2004
2005-01-11 17:04:58 +03:00
Copyright ( C ) Andrew Bartlett < abartlet @ samba . org > 2004 - 2005
2004-05-27 08:13:58 +04:00
This program is free software ; you can redistribute it and / or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation ; either version 2 of the License , or
( at your option ) any later version .
This program is distributed in the hope that it will be useful ,
but WITHOUT ANY WARRANTY ; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE . See the
GNU General Public License for more details .
You should have received a copy of the GNU General Public License
along with this program ; if not , write to the Free Software
Foundation , Inc . , 675 Mass Ave , Cambridge , MA 0213 9 , USA .
*/
# include "includes.h"
2004-11-02 10:42:47 +03:00
# include "rpc_server/dcerpc_server.h"
2004-05-27 08:13:58 +04:00
# include "rpc_server/common/common.h"
2005-10-07 15:31:45 +04:00
# include "auth/auth.h"
2005-12-28 18:38:36 +03:00
# include "dsdb/samdb/samdb.h"
# include "libcli/ldap/ldap.h"
2006-07-06 09:23:29 +04:00
# include "lib/ldb/include/ldb_errors.h"
2006-04-02 16:02:01 +04:00
# include "libcli/security/security.h"
2006-03-14 18:03:25 +03:00
# include "libcli/auth/libcli_auth.h"
2006-11-06 19:11:52 +03:00
# include "param/secrets.h"
2006-03-07 14:07:23 +03:00
# include "db_wrap.h"
2006-08-31 17:10:11 +04:00
# include "librpc/gen_ndr/ndr_dssetup.h"
2004-05-27 08:13:58 +04:00
/*
this type allows us to distinguish handle types
*/
enum lsa_handle {
LSA_HANDLE_POLICY ,
LSA_HANDLE_ACCOUNT ,
2005-01-12 05:40:25 +03:00
LSA_HANDLE_SECRET ,
LSA_HANDLE_TRUSTED_DOMAIN
2004-05-27 08:13:58 +04:00
} ;
/*
state associated with a lsa_OpenPolicy ( ) operation
*/
struct lsa_policy_state {
2004-12-19 10:50:19 +03:00
struct dcesrv_handle * handle ;
2005-02-27 14:35:47 +03:00
struct ldb_context * sam_ldb ;
2004-11-29 07:24:50 +03:00
struct sidmap_context * sidmap ;
2004-05-27 08:13:58 +04:00
uint32_t access_mask ;
2006-11-22 03:59:34 +03:00
struct ldb_dn * domain_dn ;
struct ldb_dn * builtin_dn ;
struct ldb_dn * system_dn ;
2004-11-26 15:30:39 +03:00
const char * domain_name ;
2006-08-31 12:22:13 +04:00
const char * domain_dns ;
2004-11-26 15:30:39 +03:00
struct dom_sid * domain_sid ;
2006-08-31 12:22:13 +04:00
struct GUID domain_guid ;
2004-11-29 09:19:50 +03:00
struct dom_sid * builtin_sid ;
2006-08-31 17:10:11 +04:00
int mixed_domain ;
2004-05-27 08:13:58 +04:00
} ;
2004-12-19 08:01:52 +03:00
/*
state associated with a lsa_OpenAccount ( ) operation
*/
struct lsa_account_state {
struct lsa_policy_state * policy ;
uint32_t access_mask ;
struct dom_sid * account_sid ;
} ;
2005-01-11 17:04:58 +03:00
/*
state associated with a lsa_OpenSecret ( ) operation
*/
struct lsa_secret_state {
struct lsa_policy_state * policy ;
uint32_t access_mask ;
2006-08-31 12:22:13 +04:00
struct ldb_dn * secret_dn ;
2005-02-27 14:35:47 +03:00
struct ldb_context * sam_ldb ;
2005-01-12 01:16:14 +03:00
BOOL global ;
2005-01-11 17:04:58 +03:00
} ;
2005-01-12 05:40:25 +03:00
/*
state associated with a lsa_OpenTrustedDomain ( ) operation
*/
struct lsa_trusted_domain_state {
struct lsa_policy_state * policy ;
uint32_t access_mask ;
2006-11-22 03:59:34 +03:00
struct ldb_dn * trusted_domain_dn ;
2005-01-12 05:40:25 +03:00
} ;
2006-07-06 09:23:29 +04:00
static NTSTATUS lsa_EnumAccountRights ( struct dcesrv_call_state * dce_call ,
TALLOC_CTX * mem_ctx ,
struct lsa_EnumAccountRights * r ) ;
static NTSTATUS lsa_AddRemoveAccountRights ( struct dcesrv_call_state * dce_call ,
TALLOC_CTX * mem_ctx ,
struct lsa_policy_state * state ,
int ldb_flag ,
struct dom_sid * sid ,
const struct lsa_RightSet * rights ) ;
2004-05-27 08:13:58 +04:00
/*
lsa_Close
*/
static NTSTATUS lsa_Close ( struct dcesrv_call_state * dce_call , TALLOC_CTX * mem_ctx ,
struct lsa_Close * r )
{
struct dcesrv_handle * h ;
* r - > out . handle = * r - > in . handle ;
DCESRV_PULL_HANDLE ( h , r - > in . handle , DCESRV_HANDLE_ANY ) ;
2005-01-10 15:15:26 +03:00
talloc_free ( h ) ;
2004-05-27 08:13:58 +04:00
ZERO_STRUCTP ( r - > out . handle ) ;
return NT_STATUS_OK ;
}
/*
lsa_Delete
*/
static NTSTATUS lsa_Delete ( struct dcesrv_call_state * dce_call , TALLOC_CTX * mem_ctx ,
struct lsa_Delete * r )
{
2005-01-12 03:37:13 +03:00
struct dcesrv_handle * h ;
int ret ;
DCESRV_PULL_HANDLE ( h , r - > in . handle , DCESRV_HANDLE_ANY ) ;
if ( h - > wire_handle . handle_type = = LSA_HANDLE_SECRET ) {
struct lsa_secret_state * secret_state = h - > data ;
2005-02-27 14:35:47 +03:00
ret = samdb_delete ( secret_state - > sam_ldb , mem_ctx , secret_state - > secret_dn ) ;
2005-01-12 03:37:13 +03:00
talloc_free ( h ) ;
if ( ret ! = 0 ) {
return NT_STATUS_INVALID_HANDLE ;
}
2005-01-12 05:40:25 +03:00
return NT_STATUS_OK ;
} else if ( h - > wire_handle . handle_type = = LSA_HANDLE_TRUSTED_DOMAIN ) {
struct lsa_trusted_domain_state * trusted_domain_state = h - > data ;
2005-02-27 14:35:47 +03:00
ret = samdb_delete ( trusted_domain_state - > policy - > sam_ldb , mem_ctx ,
2005-01-12 05:40:25 +03:00
trusted_domain_state - > trusted_domain_dn ) ;
talloc_free ( h ) ;
if ( ret ! = 0 ) {
return NT_STATUS_INVALID_HANDLE ;
}
2005-01-12 03:37:13 +03:00
return NT_STATUS_OK ;
2006-07-06 09:23:29 +04:00
} else if ( h - > wire_handle . handle_type = = LSA_HANDLE_ACCOUNT ) {
struct lsa_RightSet * rights ;
struct lsa_account_state * astate ;
struct lsa_EnumAccountRights r2 ;
NTSTATUS status ;
rights = talloc ( mem_ctx , struct lsa_RightSet ) ;
DCESRV_PULL_HANDLE ( h , r - > in . handle , LSA_HANDLE_ACCOUNT ) ;
astate = h - > data ;
r2 . in . handle = & astate - > policy - > handle - > wire_handle ;
r2 . in . sid = astate - > account_sid ;
r2 . out . rights = rights ;
status = lsa_EnumAccountRights ( dce_call , mem_ctx , & r2 ) ;
if ( NT_STATUS_EQUAL ( status , NT_STATUS_OBJECT_NAME_NOT_FOUND ) ) {
return NT_STATUS_OK ;
}
if ( ! NT_STATUS_IS_OK ( status ) ) {
return status ;
}
status = lsa_AddRemoveAccountRights ( dce_call , mem_ctx , astate - > policy ,
LDB_FLAG_MOD_DELETE , astate - > account_sid ,
r2 . out . rights ) ;
if ( NT_STATUS_EQUAL ( status , NT_STATUS_OBJECT_NAME_NOT_FOUND ) ) {
return NT_STATUS_OK ;
}
if ( ! NT_STATUS_IS_OK ( status ) ) {
return status ;
}
2005-01-12 03:37:13 +03:00
}
return NT_STATUS_INVALID_HANDLE ;
2004-05-27 08:13:58 +04:00
}
/*
lsa_EnumPrivs
*/
static NTSTATUS lsa_EnumPrivs ( struct dcesrv_call_state * dce_call , TALLOC_CTX * mem_ctx ,
struct lsa_EnumPrivs * r )
{
2004-12-14 08:20:38 +03:00
struct dcesrv_handle * h ;
struct lsa_policy_state * state ;
int i ;
const char * privname ;
DCESRV_PULL_HANDLE ( h , r - > in . handle , LSA_HANDLE_POLICY ) ;
state = h - > data ;
i = * r - > in . resume_handle ;
if ( i = = 0 ) i = 1 ;
while ( ( privname = sec_privilege_name ( i ) ) & &
r - > out . privs - > count < r - > in . max_count ) {
struct lsa_PrivEntry * e ;
2005-01-27 10:08:20 +03:00
r - > out . privs - > privs = talloc_realloc ( r - > out . privs ,
2004-12-14 08:20:38 +03:00
r - > out . privs - > privs ,
struct lsa_PrivEntry ,
r - > out . privs - > count + 1 ) ;
if ( r - > out . privs - > privs = = NULL ) {
return NT_STATUS_NO_MEMORY ;
}
e = & r - > out . privs - > privs [ r - > out . privs - > count ] ;
2004-12-14 08:32:51 +03:00
e - > luid . low = i ;
e - > luid . high = 0 ;
2004-12-14 08:20:38 +03:00
e - > name . string = privname ;
r - > out . privs - > count + + ;
i + + ;
}
2004-12-30 22:08:32 +03:00
* r - > out . resume_handle = i ;
2004-12-14 08:20:38 +03:00
return NT_STATUS_OK ;
2004-05-27 08:13:58 +04:00
}
/*
lsa_QuerySecObj
*/
2004-11-22 11:47:47 +03:00
static NTSTATUS lsa_QuerySecurity ( struct dcesrv_call_state * dce_call , TALLOC_CTX * mem_ctx ,
struct lsa_QuerySecurity * r )
2004-05-27 08:13:58 +04:00
{
DCESRV_FAULT ( DCERPC_FAULT_OP_RNG_ERROR ) ;
}
/*
lsa_SetSecObj
*/
static NTSTATUS lsa_SetSecObj ( struct dcesrv_call_state * dce_call , TALLOC_CTX * mem_ctx ,
struct lsa_SetSecObj * r )
{
DCESRV_FAULT ( DCERPC_FAULT_OP_RNG_ERROR ) ;
}
/*
lsa_ChangePassword
*/
static NTSTATUS lsa_ChangePassword ( struct dcesrv_call_state * dce_call , TALLOC_CTX * mem_ctx ,
struct lsa_ChangePassword * r )
{
DCESRV_FAULT ( DCERPC_FAULT_OP_RNG_ERROR ) ;
}
2004-12-21 15:22:57 +03:00
static NTSTATUS lsa_get_policy_state ( struct dcesrv_call_state * dce_call , TALLOC_CTX * mem_ctx ,
struct lsa_policy_state * * _state )
2004-05-27 08:13:58 +04:00
{
struct lsa_policy_state * state ;
2006-11-22 03:59:34 +03:00
struct ldb_dn * partitions_basedn ;
2006-08-31 12:22:13 +04:00
struct ldb_result * dom_res ;
const char * dom_attrs [ ] = {
" objectSid " ,
" objectGUID " ,
2006-08-31 17:10:11 +04:00
" nTMixedDomain " ,
2006-12-13 14:19:51 +03:00
" fSMORoleOwner " ,
2006-08-31 12:22:13 +04:00
NULL
} ;
struct ldb_result * ref_res ;
const char * ref_attrs [ ] = {
" nETBIOSName " ,
" dnsRoot " ,
NULL
} ;
int ret ;
2004-05-27 08:13:58 +04:00
2005-01-27 10:08:20 +03:00
state = talloc ( mem_ctx , struct lsa_policy_state ) ;
2004-05-27 08:13:58 +04:00
if ( ! state ) {
return NT_STATUS_NO_MEMORY ;
}
/* make sure the sam database is accessible */
2005-10-07 15:31:45 +04:00
state - > sam_ldb = samdb_connect ( state , dce_call - > conn - > auth_state . session_info ) ;
2005-02-27 14:35:47 +03:00
if ( state - > sam_ldb = = NULL ) {
2004-05-27 08:13:58 +04:00
return NT_STATUS_INVALID_SYSTEM_SERVICE ;
}
2006-08-25 11:32:18 +04:00
partitions_basedn = samdb_partitions_dn ( state - > sam_ldb , mem_ctx ) ;
2004-11-29 07:24:50 +03:00
state - > sidmap = sidmap_open ( state ) ;
if ( state - > sidmap = = NULL ) {
return NT_STATUS_INVALID_SYSTEM_SERVICE ;
}
2005-09-02 03:26:50 +04:00
/* work out the domain_dn - useful for so many calls its worth
fetching here */
2006-08-25 11:32:18 +04:00
state - > domain_dn = samdb_base_dn ( state - > sam_ldb ) ;
2005-09-02 03:26:50 +04:00
if ( ! state - > domain_dn ) {
return NT_STATUS_NO_MEMORY ;
}
2006-08-31 12:22:13 +04:00
ret = ldb_search ( state - > sam_ldb , state - > domain_dn , LDB_SCOPE_BASE , NULL , dom_attrs , & dom_res ) ;
2005-07-27 04:23:09 +04:00
2006-08-31 12:22:13 +04:00
if ( ret ! = LDB_SUCCESS ) {
return NT_STATUS_INVALID_SYSTEM_SERVICE ;
}
2006-12-13 14:19:51 +03:00
talloc_steal ( mem_ctx , dom_res ) ;
2006-08-31 12:22:13 +04:00
if ( dom_res - > count ! = 1 ) {
return NT_STATUS_NO_SUCH_DOMAIN ;
}
state - > domain_sid = samdb_result_dom_sid ( state , dom_res - > msgs [ 0 ] , " objectSid " ) ;
if ( ! state - > domain_sid ) {
return NT_STATUS_NO_SUCH_DOMAIN ;
}
state - > domain_guid = samdb_result_guid ( dom_res - > msgs [ 0 ] , " objectGUID " ) ;
if ( ! state - > domain_sid ) {
return NT_STATUS_NO_SUCH_DOMAIN ;
}
2006-08-31 17:10:11 +04:00
state - > mixed_domain = ldb_msg_find_attr_as_uint ( dom_res - > msgs [ 0 ] , " nTMixedDomain " , 0 ) ;
2006-12-13 14:19:51 +03:00
2006-08-31 12:22:13 +04:00
talloc_free ( dom_res ) ;
2006-12-05 07:25:27 +03:00
ret = ldb_search_exp_fmt ( state - > sam_ldb , state , & ref_res ,
partitions_basedn , LDB_SCOPE_SUBTREE , ref_attrs ,
" (&(objectclass=crossRef)(ncName=%s)) " ,
ldb_dn_get_linearized ( state - > domain_dn ) ) ;
2006-08-31 12:22:13 +04:00
if ( ret ! = LDB_SUCCESS ) {
2006-12-05 07:25:27 +03:00
talloc_free ( ref_res ) ;
2006-08-31 12:22:13 +04:00
return NT_STATUS_INVALID_SYSTEM_SERVICE ;
}
if ( ref_res - > count ! = 1 ) {
2006-12-05 07:25:27 +03:00
talloc_free ( ref_res ) ;
2006-08-31 12:22:13 +04:00
return NT_STATUS_NO_SUCH_DOMAIN ;
}
state - > domain_name = ldb_msg_find_attr_as_string ( ref_res - > msgs [ 0 ] , " nETBIOSName " , NULL ) ;
2005-10-07 15:31:45 +04:00
if ( ! state - > domain_name ) {
2006-12-05 07:25:27 +03:00
talloc_free ( ref_res ) ;
2005-07-27 04:23:09 +04:00
return NT_STATUS_NO_SUCH_DOMAIN ;
}
2005-10-07 15:31:45 +04:00
talloc_steal ( state , state - > domain_name ) ;
2005-07-27 04:23:09 +04:00
2006-08-31 12:22:13 +04:00
state - > domain_dns = ldb_msg_find_attr_as_string ( ref_res - > msgs [ 0 ] , " dnsRoot " , NULL ) ;
if ( ! state - > domain_dns ) {
2006-12-05 07:25:27 +03:00
talloc_free ( ref_res ) ;
2006-08-31 12:22:13 +04:00
return NT_STATUS_NO_SUCH_DOMAIN ;
}
talloc_steal ( state , state - > domain_dns ) ;
talloc_free ( ref_res ) ;
2004-12-19 08:53:13 +03:00
/* work out the builtin_dn - useful for so many calls its worth
fetching here */
2005-10-17 19:20:52 +04:00
state - > builtin_dn = samdb_search_dn ( state - > sam_ldb , state , state - > domain_dn , " (objectClass=builtinDomain) " ) ;
2004-12-19 08:53:13 +03:00
if ( ! state - > builtin_dn ) {
return NT_STATUS_NO_SUCH_DOMAIN ;
}
2005-01-11 17:04:58 +03:00
/* work out the system_dn - useful for so many calls its worth
fetching here */
2005-10-17 19:20:52 +04:00
state - > system_dn = samdb_search_dn ( state - > sam_ldb , state ,
2005-08-26 20:12:25 +04:00
state - > domain_dn , " (&(objectClass=container)(cn=System)) " ) ;
2005-01-11 17:04:58 +03:00
if ( ! state - > system_dn ) {
return NT_STATUS_NO_SUCH_DOMAIN ;
}
2004-11-29 09:19:50 +03:00
state - > builtin_sid = dom_sid_parse_talloc ( state , SID_BUILTIN ) ;
if ( ! state - > builtin_sid ) {
return NT_STATUS_NO_SUCH_DOMAIN ;
}
2004-12-21 15:22:57 +03:00
* _state = state ;
return NT_STATUS_OK ;
}
2006-08-31 17:10:11 +04:00
/*
dssetup_DsRoleGetPrimaryDomainInformation
2006-09-11 09:11:10 +04:00
This is not an LSA call , but is the only call left on the DSSETUP
pipe ( after the pipe was truncated ) , and needs lsa_get_policy_state
2006-08-31 17:10:11 +04:00
*/
static WERROR dssetup_DsRoleGetPrimaryDomainInformation ( struct dcesrv_call_state * dce_call ,
TALLOC_CTX * mem_ctx ,
struct dssetup_DsRoleGetPrimaryDomainInformation * r )
{
union dssetup_DsRoleInfo * info ;
info = talloc ( mem_ctx , union dssetup_DsRoleInfo ) ;
W_ERROR_HAVE_NO_MEMORY ( info ) ;
switch ( r - > in . level ) {
case DS_ROLE_BASIC_INFORMATION :
{
enum dssetup_DsRole role = DS_ROLE_STANDALONE_SERVER ;
uint32_t flags = 0 ;
const char * domain = NULL ;
const char * dns_domain = NULL ;
const char * forest = NULL ;
struct GUID domain_guid ;
struct lsa_policy_state * state ;
NTSTATUS status = lsa_get_policy_state ( dce_call , mem_ctx , & state ) ;
if ( ! NT_STATUS_IS_OK ( status ) ) {
return ntstatus_to_werror ( status ) ;
}
ZERO_STRUCT ( domain_guid ) ;
switch ( lp_server_role ( ) ) {
case ROLE_STANDALONE :
role = DS_ROLE_STANDALONE_SERVER ;
break ;
case ROLE_DOMAIN_MEMBER :
role = DS_ROLE_MEMBER_SERVER ;
break ;
2006-12-13 14:19:51 +03:00
case ROLE_DOMAIN_CONTROLLER :
if ( samdb_is_pdc ( state - > sam_ldb ) ) {
role = DS_ROLE_PRIMARY_DC ;
} else {
role = DS_ROLE_BACKUP_DC ;
}
2006-08-31 17:10:11 +04:00
break ;
}
switch ( lp_server_role ( ) ) {
case ROLE_STANDALONE :
domain = talloc_strdup ( mem_ctx , lp_workgroup ( ) ) ;
W_ERROR_HAVE_NO_MEMORY ( domain ) ;
break ;
case ROLE_DOMAIN_MEMBER :
domain = talloc_strdup ( mem_ctx , lp_workgroup ( ) ) ;
W_ERROR_HAVE_NO_MEMORY ( domain ) ;
/* TODO: what is with dns_domain and forest and guid? */
break ;
2006-12-13 14:19:51 +03:00
case ROLE_DOMAIN_CONTROLLER :
2006-08-31 17:10:11 +04:00
flags = DS_ROLE_PRIMARY_DS_RUNNING ;
if ( state - > mixed_domain = = 1 ) {
flags | = DS_ROLE_PRIMARY_DS_MIXED_MODE ;
}
domain = state - > domain_name ;
dns_domain = state - > domain_dns ;
forest = state - > domain_dns ;
domain_guid = state - > domain_guid ;
flags | = DS_ROLE_PRIMARY_DOMAIN_GUID_PRESENT ;
break ;
}
info - > basic . role = role ;
info - > basic . flags = flags ;
info - > basic . domain = domain ;
info - > basic . dns_domain = dns_domain ;
info - > basic . forest = forest ;
info - > basic . domain_guid = domain_guid ;
r - > out . info = info ;
return WERR_OK ;
}
case DS_ROLE_UPGRADE_STATUS :
{
info - > upgrade . upgrading = DS_ROLE_NOT_UPGRADING ;
info - > upgrade . previous_role = DS_ROLE_PREVIOUS_UNKNOWN ;
r - > out . info = info ;
return WERR_OK ;
}
case DS_ROLE_OP_STATUS :
{
info - > opstatus . status = DS_ROLE_OP_IDLE ;
r - > out . info = info ;
return WERR_OK ;
}
default :
return WERR_INVALID_PARAM ;
}
return WERR_INVALID_PARAM ;
}
2004-12-21 15:22:57 +03:00
/*
lsa_OpenPolicy2
*/
static NTSTATUS lsa_OpenPolicy2 ( struct dcesrv_call_state * dce_call , TALLOC_CTX * mem_ctx ,
struct lsa_OpenPolicy2 * r )
{
NTSTATUS status ;
struct lsa_policy_state * state ;
struct dcesrv_handle * handle ;
ZERO_STRUCTP ( r - > out . handle ) ;
status = lsa_get_policy_state ( dce_call , mem_ctx , & state ) ;
if ( ! NT_STATUS_IS_OK ( status ) ) {
return status ;
}
2004-11-26 15:30:39 +03:00
2005-01-10 15:15:26 +03:00
handle = dcesrv_handle_new ( dce_call - > context , LSA_HANDLE_POLICY ) ;
2004-05-27 08:13:58 +04:00
if ( ! handle ) {
return NT_STATUS_NO_MEMORY ;
}
2005-01-10 15:15:26 +03:00
handle - > data = talloc_steal ( handle , state ) ;
2004-05-27 08:13:58 +04:00
state - > access_mask = r - > in . access_mask ;
2004-12-19 10:50:19 +03:00
state - > handle = handle ;
2004-05-27 08:13:58 +04:00
* r - > out . handle = handle - > wire_handle ;
/* note that we have completely ignored the attr element of
the OpenPolicy . As far as I can tell , this is what w2k3
does */
return NT_STATUS_OK ;
}
2004-05-27 10:27:21 +04:00
/*
lsa_OpenPolicy
a wrapper around lsa_OpenPolicy2
*/
static NTSTATUS lsa_OpenPolicy ( struct dcesrv_call_state * dce_call , TALLOC_CTX * mem_ctx ,
struct lsa_OpenPolicy * r )
{
struct lsa_OpenPolicy2 r2 ;
r2 . in . system_name = NULL ;
r2 . in . attr = r - > in . attr ;
r2 . in . access_mask = r - > in . access_mask ;
r2 . out . handle = r - > out . handle ;
return lsa_OpenPolicy2 ( dce_call , mem_ctx , & r2 ) ;
}
2004-05-27 08:13:58 +04:00
/*
fill in the AccountDomain info
*/
static NTSTATUS lsa_info_AccountDomain ( struct lsa_policy_state * state , TALLOC_CTX * mem_ctx ,
struct lsa_DomainInfo * info )
{
2005-08-03 09:25:30 +04:00
info - > name . string = state - > domain_name ;
info - > sid = state - > domain_sid ;
2004-05-27 08:13:58 +04:00
return NT_STATUS_OK ;
}
2004-05-27 10:27:21 +04:00
/*
fill in the DNS domain info
*/
static NTSTATUS lsa_info_DNS ( struct lsa_policy_state * state , TALLOC_CTX * mem_ctx ,
struct lsa_DnsDomainInfo * info )
{
2005-08-03 09:25:30 +04:00
info - > name . string = state - > domain_name ;
info - > sid = state - > domain_sid ;
2006-08-31 12:22:13 +04:00
info - > dns_domain . string = state - > domain_dns ;
info - > dns_forest . string = state - > domain_dns ;
info - > domain_guid = state - > domain_guid ;
2004-05-27 10:27:21 +04:00
return NT_STATUS_OK ;
}
2004-05-27 08:13:58 +04:00
/*
2004-05-27 10:27:21 +04:00
lsa_QueryInfoPolicy2
2004-05-27 08:13:58 +04:00
*/
2004-05-27 10:27:21 +04:00
static NTSTATUS lsa_QueryInfoPolicy2 ( struct dcesrv_call_state * dce_call , TALLOC_CTX * mem_ctx ,
struct lsa_QueryInfoPolicy2 * r )
2004-05-27 08:13:58 +04:00
{
struct lsa_policy_state * state ;
struct dcesrv_handle * h ;
r - > out . info = NULL ;
DCESRV_PULL_HANDLE ( h , r - > in . handle , LSA_HANDLE_POLICY ) ;
state = h - > data ;
2005-01-27 10:08:20 +03:00
r - > out . info = talloc ( mem_ctx , union lsa_PolicyInformation ) ;
2004-05-27 08:13:58 +04:00
if ( ! r - > out . info ) {
return NT_STATUS_NO_MEMORY ;
}
ZERO_STRUCTP ( r - > out . info ) ;
switch ( r - > in . level ) {
2004-05-27 10:27:21 +04:00
case LSA_POLICY_INFO_DOMAIN :
2004-05-27 08:13:58 +04:00
case LSA_POLICY_INFO_ACCOUNT_DOMAIN :
return lsa_info_AccountDomain ( state , mem_ctx , & r - > out . info - > account_domain ) ;
2004-05-27 10:27:21 +04:00
case LSA_POLICY_INFO_DNS :
return lsa_info_DNS ( state , mem_ctx , & r - > out . info - > dns ) ;
2004-05-27 08:13:58 +04:00
}
return NT_STATUS_INVALID_INFO_CLASS ;
}
2004-05-27 10:27:21 +04:00
/*
lsa_QueryInfoPolicy
*/
static NTSTATUS lsa_QueryInfoPolicy ( struct dcesrv_call_state * dce_call , TALLOC_CTX * mem_ctx ,
struct lsa_QueryInfoPolicy * r )
{
struct lsa_QueryInfoPolicy2 r2 ;
NTSTATUS status ;
r2 . in . handle = r - > in . handle ;
r2 . in . level = r - > in . level ;
status = lsa_QueryInfoPolicy2 ( dce_call , mem_ctx , & r2 ) ;
r - > out . info = r2 . out . info ;
return status ;
}
2004-05-27 08:13:58 +04:00
/*
lsa_SetInfoPolicy
*/
static NTSTATUS lsa_SetInfoPolicy ( struct dcesrv_call_state * dce_call , TALLOC_CTX * mem_ctx ,
struct lsa_SetInfoPolicy * r )
{
DCESRV_FAULT ( DCERPC_FAULT_OP_RNG_ERROR ) ;
}
/*
lsa_ClearAuditLog
*/
static NTSTATUS lsa_ClearAuditLog ( struct dcesrv_call_state * dce_call , TALLOC_CTX * mem_ctx ,
struct lsa_ClearAuditLog * r )
{
DCESRV_FAULT ( DCERPC_FAULT_OP_RNG_ERROR ) ;
}
/*
lsa_CreateAccount
*/
static NTSTATUS lsa_CreateAccount ( struct dcesrv_call_state * dce_call , TALLOC_CTX * mem_ctx ,
struct lsa_CreateAccount * r )
{
2006-07-06 09:23:29 +04:00
struct lsa_account_state * astate ;
struct lsa_policy_state * state ;
struct dcesrv_handle * h , * ah ;
ZERO_STRUCTP ( r - > out . acct_handle ) ;
DCESRV_PULL_HANDLE ( h , r - > in . handle , LSA_HANDLE_POLICY ) ;
state = h - > data ;
astate = talloc ( dce_call - > conn , struct lsa_account_state ) ;
if ( astate = = NULL ) {
return NT_STATUS_NO_MEMORY ;
}
astate - > account_sid = dom_sid_dup ( astate , r - > in . sid ) ;
if ( astate - > account_sid = = NULL ) {
talloc_free ( astate ) ;
return NT_STATUS_NO_MEMORY ;
}
astate - > policy = talloc_reference ( astate , state ) ;
astate - > access_mask = r - > in . access_mask ;
ah = dcesrv_handle_new ( dce_call - > context , LSA_HANDLE_ACCOUNT ) ;
if ( ! ah ) {
talloc_free ( astate ) ;
return NT_STATUS_NO_MEMORY ;
}
ah - > data = talloc_steal ( ah , astate ) ;
* r - > out . acct_handle = ah - > wire_handle ;
return NT_STATUS_OK ;
2004-05-27 08:13:58 +04:00
}
/*
lsa_EnumAccounts
*/
static NTSTATUS lsa_EnumAccounts ( struct dcesrv_call_state * dce_call , TALLOC_CTX * mem_ctx ,
struct lsa_EnumAccounts * r )
{
2004-12-19 08:53:13 +03:00
struct dcesrv_handle * h ;
struct lsa_policy_state * state ;
int ret , i ;
struct ldb_message * * res ;
const char * const attrs [ ] = { " objectSid " , NULL } ;
uint32_t count ;
DCESRV_PULL_HANDLE ( h , r - > in . handle , LSA_HANDLE_POLICY ) ;
state = h - > data ;
2006-07-06 09:23:29 +04:00
/* NOTE: This call must only return accounts that have at least
one privilege set
*/
2006-08-25 11:08:06 +04:00
ret = gendb_search ( state - > sam_ldb , mem_ctx , NULL , & res , attrs ,
2006-07-06 09:23:29 +04:00
" (&(objectSid=*)(privilege=*)) " ) ;
if ( ret < 0 ) {
2004-12-19 08:53:13 +03:00
return NT_STATUS_NO_SUCH_USER ;
}
if ( * r - > in . resume_handle > = ret ) {
return NT_STATUS_NO_MORE_ENTRIES ;
}
count = ret - * r - > in . resume_handle ;
if ( count > r - > in . num_entries ) {
count = r - > in . num_entries ;
}
if ( count = = 0 ) {
return NT_STATUS_NO_MORE_ENTRIES ;
}
2005-01-27 10:08:20 +03:00
r - > out . sids - > sids = talloc_array ( r - > out . sids , struct lsa_SidPtr , count ) ;
2004-12-19 08:53:13 +03:00
if ( r - > out . sids - > sids = = NULL ) {
return NT_STATUS_NO_MEMORY ;
}
for ( i = 0 ; i < count ; i + + ) {
2005-06-24 04:18:20 +04:00
r - > out . sids - > sids [ i ] . sid =
samdb_result_dom_sid ( r - > out . sids - > sids ,
res [ i + * r - > in . resume_handle ] ,
" objectSid " ) ;
NT_STATUS_HAVE_NO_MEMORY ( r - > out . sids - > sids [ i ] . sid ) ;
2004-12-19 08:53:13 +03:00
}
r - > out . sids - > num_sids = count ;
* r - > out . resume_handle = count + * r - > in . resume_handle ;
return NT_STATUS_OK ;
2004-05-27 08:13:58 +04:00
}
2005-01-12 05:40:25 +03:00
/*
lsa_CreateTrustedDomainEx2
*/
static NTSTATUS lsa_CreateTrustedDomainEx2 ( struct dcesrv_call_state * dce_call ,
TALLOC_CTX * mem_ctx ,
struct lsa_CreateTrustedDomainEx2 * r )
{
DCESRV_FAULT ( DCERPC_FAULT_OP_RNG_ERROR ) ;
}
/*
lsa_CreateTrustedDomainEx
*/
static NTSTATUS lsa_CreateTrustedDomainEx ( struct dcesrv_call_state * dce_call ,
TALLOC_CTX * mem_ctx ,
struct lsa_CreateTrustedDomainEx * r )
{
DCESRV_FAULT ( DCERPC_FAULT_OP_RNG_ERROR ) ;
}
2004-05-27 08:13:58 +04:00
/*
lsa_CreateTrustedDomain
*/
static NTSTATUS lsa_CreateTrustedDomain ( struct dcesrv_call_state * dce_call , TALLOC_CTX * mem_ctx ,
struct lsa_CreateTrustedDomain * r )
2005-01-12 05:40:25 +03:00
{
struct dcesrv_handle * policy_handle ;
struct lsa_policy_state * policy_state ;
struct lsa_trusted_domain_state * trusted_domain_state ;
struct dcesrv_handle * handle ;
struct ldb_message * * msgs , * msg ;
const char * attrs [ ] = {
NULL
} ;
const char * name ;
int ret ;
DCESRV_PULL_HANDLE ( policy_handle , r - > in . handle , LSA_HANDLE_POLICY ) ;
ZERO_STRUCTP ( r - > out . trustdom_handle ) ;
policy_state = policy_handle - > data ;
if ( ! r - > in . info - > name . string ) {
return NT_STATUS_INVALID_PARAMETER ;
}
name = r - > in . info - > name . string ;
trusted_domain_state = talloc ( mem_ctx , struct lsa_trusted_domain_state ) ;
if ( ! trusted_domain_state ) {
return NT_STATUS_NO_MEMORY ;
}
trusted_domain_state - > policy = policy_state ;
msg = ldb_msg_new ( mem_ctx ) ;
if ( msg = = NULL ) {
return NT_STATUS_NO_MEMORY ;
}
/* search for the trusted_domain record */
2005-03-23 04:30:43 +03:00
ret = gendb_search ( trusted_domain_state - > policy - > sam_ldb ,
2005-01-12 05:40:25 +03:00
mem_ctx , policy_state - > system_dn , & msgs , attrs ,
" (&(cn=%s)(objectclass=trustedDomain)) " ,
2005-12-19 10:07:11 +03:00
ldb_binary_encode_string ( mem_ctx , r - > in . info - > name . string ) ) ;
2005-01-12 05:40:25 +03:00
if ( ret > 0 ) {
return NT_STATUS_OBJECT_NAME_COLLISION ;
}
if ( ret < 0 | | ret > 1 ) {
2005-08-18 19:02:01 +04:00
DEBUG ( 0 , ( " Found %d records matching DN %s \n " , ret ,
2006-11-22 05:05:19 +03:00
ldb_dn_get_linearized ( policy_state - > system_dn ) ) ) ;
2005-01-12 05:40:25 +03:00
return NT_STATUS_INTERNAL_DB_CORRUPTION ;
}
2006-11-22 03:59:34 +03:00
msg - > dn = ldb_dn_copy ( mem_ctx , policy_state - > system_dn ) ;
if ( ! ldb_dn_add_child_fmt ( msg - > dn , " sn=%s " , r - > in . info - > name . string ) ) {
2005-01-12 05:40:25 +03:00
return NT_STATUS_NO_MEMORY ;
}
2005-02-27 14:35:47 +03:00
samdb_msg_add_string ( trusted_domain_state - > policy - > sam_ldb , mem_ctx , msg , " cn " , name ) ;
samdb_msg_add_string ( trusted_domain_state - > policy - > sam_ldb , mem_ctx , msg , " flatname " , name ) ;
2005-01-12 05:40:25 +03:00
if ( r - > in . info - > sid ) {
const char * sid_string = dom_sid_string ( mem_ctx , r - > in . info - > sid ) ;
if ( ! sid_string ) {
return NT_STATUS_NO_MEMORY ;
}
2005-02-27 14:35:47 +03:00
samdb_msg_add_string ( trusted_domain_state - > policy - > sam_ldb , mem_ctx , msg , " securityIdentifier " , sid_string ) ;
2005-01-12 05:40:25 +03:00
}
2005-02-27 14:35:47 +03:00
samdb_msg_add_string ( trusted_domain_state - > policy - > sam_ldb , mem_ctx , msg , " objectClass " , " trustedDomain " ) ;
2005-01-12 05:40:25 +03:00
trusted_domain_state - > trusted_domain_dn = talloc_reference ( trusted_domain_state , msg - > dn ) ;
/* create the trusted_domain */
2006-08-31 12:22:13 +04:00
ret = ldb_add ( trusted_domain_state - > policy - > sam_ldb , msg ) ;
if ( ret ! = LDB_SUCCESS ) {
DEBUG ( 0 , ( " Failed to create trusted_domain record %s: %s \n " ,
2006-11-22 05:05:19 +03:00
ldb_dn_get_linearized ( msg - > dn ) , ldb_errstring ( trusted_domain_state - > policy - > sam_ldb ) ) ) ;
2005-01-12 05:40:25 +03:00
return NT_STATUS_INTERNAL_DB_CORRUPTION ;
}
handle = dcesrv_handle_new ( dce_call - > context , LSA_HANDLE_TRUSTED_DOMAIN ) ;
if ( ! handle ) {
return NT_STATUS_NO_MEMORY ;
}
handle - > data = talloc_steal ( handle , trusted_domain_state ) ;
trusted_domain_state - > access_mask = r - > in . access_mask ;
trusted_domain_state - > policy = talloc_reference ( trusted_domain_state , policy_state ) ;
* r - > out . trustdom_handle = handle - > wire_handle ;
return NT_STATUS_OK ;
}
/*
lsa_OpenTrustedDomain
*/
static NTSTATUS lsa_OpenTrustedDomain ( struct dcesrv_call_state * dce_call , TALLOC_CTX * mem_ctx ,
struct lsa_OpenTrustedDomain * r )
{
struct dcesrv_handle * policy_handle ;
struct lsa_policy_state * policy_state ;
struct lsa_trusted_domain_state * trusted_domain_state ;
struct dcesrv_handle * handle ;
struct ldb_message * * msgs ;
const char * attrs [ ] = {
NULL
} ;
const char * sid_string ;
int ret ;
DCESRV_PULL_HANDLE ( policy_handle , r - > in . handle , LSA_HANDLE_POLICY ) ;
ZERO_STRUCTP ( r - > out . trustdom_handle ) ;
policy_state = policy_handle - > data ;
trusted_domain_state = talloc ( mem_ctx , struct lsa_trusted_domain_state ) ;
if ( ! trusted_domain_state ) {
return NT_STATUS_NO_MEMORY ;
}
trusted_domain_state - > policy = policy_state ;
sid_string = dom_sid_string ( mem_ctx , r - > in . sid ) ;
if ( ! sid_string ) {
return NT_STATUS_NO_MEMORY ;
}
/* search for the trusted_domain record */
2005-03-23 04:30:43 +03:00
ret = gendb_search ( trusted_domain_state - > policy - > sam_ldb ,
2005-01-12 05:40:25 +03:00
mem_ctx , policy_state - > system_dn , & msgs , attrs ,
" (&(securityIdentifier=%s)(objectclass=trustedDomain)) " ,
sid_string ) ;
if ( ret = = 0 ) {
return NT_STATUS_OBJECT_NAME_NOT_FOUND ;
}
if ( ret ! = 1 ) {
2005-08-18 19:02:01 +04:00
DEBUG ( 0 , ( " Found %d records matching DN %s \n " , ret ,
2006-11-22 05:05:19 +03:00
ldb_dn_get_linearized ( policy_state - > system_dn ) ) ) ;
2005-01-12 05:40:25 +03:00
return NT_STATUS_INTERNAL_DB_CORRUPTION ;
}
trusted_domain_state - > trusted_domain_dn = talloc_reference ( trusted_domain_state , msgs [ 0 ] - > dn ) ;
handle = dcesrv_handle_new ( dce_call - > context , LSA_HANDLE_TRUSTED_DOMAIN ) ;
if ( ! handle ) {
return NT_STATUS_NO_MEMORY ;
}
handle - > data = talloc_steal ( handle , trusted_domain_state ) ;
trusted_domain_state - > access_mask = r - > in . access_mask ;
trusted_domain_state - > policy = talloc_reference ( trusted_domain_state , policy_state ) ;
* r - > out . trustdom_handle = handle - > wire_handle ;
return NT_STATUS_OK ;
}
/*
lsa_OpenTrustedDomainByName
*/
static NTSTATUS lsa_OpenTrustedDomainByName ( struct dcesrv_call_state * dce_call ,
TALLOC_CTX * mem_ctx ,
struct lsa_OpenTrustedDomainByName * r )
{
struct dcesrv_handle * policy_handle ;
struct lsa_policy_state * policy_state ;
struct lsa_trusted_domain_state * trusted_domain_state ;
struct dcesrv_handle * handle ;
struct ldb_message * * msgs ;
const char * attrs [ ] = {
NULL
} ;
int ret ;
DCESRV_PULL_HANDLE ( policy_handle , r - > in . handle , LSA_HANDLE_POLICY ) ;
ZERO_STRUCTP ( r - > out . trustdom_handle ) ;
policy_state = policy_handle - > data ;
if ( ! r - > in . name . string ) {
return NT_STATUS_INVALID_PARAMETER ;
}
trusted_domain_state = talloc ( mem_ctx , struct lsa_trusted_domain_state ) ;
if ( ! trusted_domain_state ) {
return NT_STATUS_NO_MEMORY ;
}
2005-01-12 10:57:33 +03:00
trusted_domain_state - > policy = policy_state ;
2005-01-12 05:40:25 +03:00
/* search for the trusted_domain record */
2005-03-23 04:30:43 +03:00
ret = gendb_search ( trusted_domain_state - > policy - > sam_ldb ,
2005-01-12 05:40:25 +03:00
mem_ctx , policy_state - > system_dn , & msgs , attrs ,
2005-01-12 10:57:33 +03:00
" (&(flatname=%s)(objectclass=trustedDomain)) " ,
2005-12-19 10:07:11 +03:00
ldb_binary_encode_string ( mem_ctx , r - > in . name . string ) ) ;
2005-01-12 05:40:25 +03:00
if ( ret = = 0 ) {
return NT_STATUS_OBJECT_NAME_NOT_FOUND ;
}
if ( ret ! = 1 ) {
2005-08-18 19:02:01 +04:00
DEBUG ( 0 , ( " Found %d records matching DN %s \n " , ret ,
2006-11-22 05:05:19 +03:00
ldb_dn_get_linearized ( policy_state - > system_dn ) ) ) ;
2005-01-12 05:40:25 +03:00
return NT_STATUS_INTERNAL_DB_CORRUPTION ;
}
trusted_domain_state - > trusted_domain_dn = talloc_reference ( trusted_domain_state , msgs [ 0 ] - > dn ) ;
handle = dcesrv_handle_new ( dce_call - > context , LSA_HANDLE_TRUSTED_DOMAIN ) ;
if ( ! handle ) {
return NT_STATUS_NO_MEMORY ;
}
handle - > data = talloc_steal ( handle , trusted_domain_state ) ;
trusted_domain_state - > access_mask = r - > in . access_mask ;
trusted_domain_state - > policy = talloc_reference ( trusted_domain_state , policy_state ) ;
* r - > out . trustdom_handle = handle - > wire_handle ;
return NT_STATUS_OK ;
}
2006-08-31 12:22:13 +04:00
2005-01-12 05:40:25 +03:00
/*
2006-08-31 12:22:13 +04:00
lsa_SetTrustedDomainInfo
2005-01-12 05:40:25 +03:00
*/
2006-08-31 12:22:13 +04:00
static NTSTATUS lsa_SetTrustedDomainInfo ( struct dcesrv_call_state * dce_call , TALLOC_CTX * mem_ctx ,
struct lsa_SetTrustedDomainInfo * r )
2005-01-12 05:40:25 +03:00
{
DCESRV_FAULT ( DCERPC_FAULT_OP_RNG_ERROR ) ;
}
2006-08-31 12:22:13 +04:00
2005-01-12 05:40:25 +03:00
/*
2006-08-31 12:22:13 +04:00
lsa_SetInfomrationTrustedDomain
2005-01-12 05:40:25 +03:00
*/
2006-08-31 12:22:13 +04:00
static NTSTATUS lsa_SetInformationTrustedDomain ( struct dcesrv_call_state * dce_call ,
TALLOC_CTX * mem_ctx ,
struct lsa_SetInformationTrustedDomain * r )
2005-01-12 05:40:25 +03:00
{
DCESRV_FAULT ( DCERPC_FAULT_OP_RNG_ERROR ) ;
}
/*
2006-08-31 12:22:13 +04:00
lsa_DeleteTrustedDomain
2005-01-12 05:40:25 +03:00
*/
2006-08-31 12:22:13 +04:00
static NTSTATUS lsa_DeleteTrustedDomain ( struct dcesrv_call_state * dce_call , TALLOC_CTX * mem_ctx ,
struct lsa_DeleteTrustedDomain * r )
2005-01-12 05:40:25 +03:00
{
2006-08-31 12:22:13 +04:00
NTSTATUS status ;
struct lsa_OpenTrustedDomain open ;
struct lsa_Delete delete ;
struct dcesrv_handle * h ;
open . in . handle = r - > in . handle ;
open . in . sid = r - > in . dom_sid ;
open . in . access_mask = SEC_FLAG_MAXIMUM_ALLOWED ;
open . out . trustdom_handle = talloc ( mem_ctx , struct policy_handle ) ;
if ( ! open . out . trustdom_handle ) {
return NT_STATUS_NO_MEMORY ;
}
status = lsa_OpenTrustedDomain ( dce_call , mem_ctx , & open ) ;
if ( ! NT_STATUS_IS_OK ( status ) ) {
return status ;
}
DCESRV_PULL_HANDLE ( h , open . out . trustdom_handle , DCESRV_HANDLE_ANY ) ;
talloc_steal ( mem_ctx , h ) ;
delete . in . handle = open . out . trustdom_handle ;
status = lsa_Delete ( dce_call , mem_ctx , & delete ) ;
if ( ! NT_STATUS_IS_OK ( status ) ) {
return status ;
}
return NT_STATUS_OK ;
2005-01-12 05:40:25 +03:00
}
2006-08-31 12:22:13 +04:00
static NTSTATUS fill_trust_domain_ex ( TALLOC_CTX * mem_ctx ,
struct ldb_message * msg ,
struct lsa_TrustDomainInfoInfoEx * info_ex )
{
info_ex - > domain_name . string
= ldb_msg_find_attr_as_string ( msg , " trustPartner " , NULL ) ;
info_ex - > netbios_name . string
= ldb_msg_find_attr_as_string ( msg , " flatname " , NULL ) ;
info_ex - > sid
= samdb_result_dom_sid ( mem_ctx , msg , " securityIdentifier " ) ;
info_ex - > trust_direction
= ldb_msg_find_attr_as_int ( msg , " trustDirection " , 0 ) ;
info_ex - > trust_type
= ldb_msg_find_attr_as_int ( msg , " trustType " , 0 ) ;
info_ex - > trust_attributes
= ldb_msg_find_attr_as_int ( msg , " trustAttributes " , 0 ) ;
return NT_STATUS_OK ;
}
2005-01-12 05:40:25 +03:00
/*
lsa_QueryTrustedDomainInfo
*/
static NTSTATUS lsa_QueryTrustedDomainInfo ( struct dcesrv_call_state * dce_call , TALLOC_CTX * mem_ctx ,
2005-01-12 14:54:11 +03:00
struct lsa_QueryTrustedDomainInfo * r )
2005-01-12 05:40:25 +03:00
{
2005-01-12 14:54:11 +03:00
struct dcesrv_handle * h ;
struct lsa_trusted_domain_state * trusted_domain_state ;
struct ldb_message * msg ;
int ret ;
struct ldb_message * * res ;
const char * attrs [ ] = {
2006-08-31 12:22:13 +04:00
" flatname " ,
" trustPartner " ,
2005-01-12 14:54:11 +03:00
" securityIdentifier " ,
2006-08-31 12:22:13 +04:00
" trustDirection " ,
" trustType " ,
" trustAttributes " ,
2005-01-12 14:54:11 +03:00
NULL
} ;
DCESRV_PULL_HANDLE ( h , r - > in . trustdom_handle , LSA_HANDLE_TRUSTED_DOMAIN ) ;
trusted_domain_state = h - > data ;
/* pull all the user attributes */
2005-06-14 23:15:17 +04:00
ret = gendb_search_dn ( trusted_domain_state - > policy - > sam_ldb , mem_ctx ,
trusted_domain_state - > trusted_domain_dn , & res , attrs ) ;
2005-01-12 14:54:11 +03:00
if ( ret ! = 1 ) {
return NT_STATUS_INTERNAL_DB_CORRUPTION ;
}
msg = res [ 0 ] ;
r - > out . info = talloc ( mem_ctx , union lsa_TrustedDomainInfo ) ;
if ( ! r - > out . info ) {
return NT_STATUS_NO_MEMORY ;
}
switch ( r - > in . level ) {
case LSA_TRUSTED_DOMAIN_INFO_NAME :
r - > out . info - > name . netbios_name . string
= samdb_result_string ( msg , " flatname " , NULL ) ;
break ;
case LSA_TRUSTED_DOMAIN_INFO_POSIX_OFFSET :
r - > out . info - > posix_offset . posix_offset
= samdb_result_uint ( msg , " posixOffset " , 0 ) ;
break ;
2006-08-31 12:22:13 +04:00
#if 0 /* Win2k3 doesn't implement this */
case LSA_TRUSTED_DOMAIN_INFO_BASIC :
r - > out . info - > info_basic . netbios_name . string
= ldb_msg_find_attr_as_string ( msg , " flatname " , NULL ) ;
r - > out . info - > info_basic . sid
= samdb_result_dom_sid ( mem_ctx , msg , " securityIdentifier " ) ;
break ;
# endif
case LSA_TRUSTED_DOMAIN_INFO_INFO_EX :
return fill_trust_domain_ex ( mem_ctx , msg , & r - > out . info - > info_ex ) ;
case LSA_TRUSTED_DOMAIN_INFO_FULL_INFO :
ZERO_STRUCT ( r - > out . info - > full_info ) ;
return fill_trust_domain_ex ( mem_ctx , msg , & r - > out . info - > full_info . info_ex ) ;
case LSA_TRUSTED_DOMAIN_INFO_INFO_ALL :
ZERO_STRUCT ( r - > out . info - > info_all ) ;
return fill_trust_domain_ex ( mem_ctx , msg , & r - > out . info - > info_all . info_ex ) ;
case LSA_TRUSTED_DOMAIN_INFO_CONTROLLERS_INFO :
case LSA_TRUSTED_DOMAIN_INFO_11 :
/* oops, we don't want to return the info after all */
talloc_free ( r - > out . info ) ;
r - > out . info = NULL ;
return NT_STATUS_INVALID_PARAMETER ;
2005-01-12 14:54:11 +03:00
default :
/* oops, we don't want to return the info after all */
talloc_free ( r - > out . info ) ;
r - > out . info = NULL ;
return NT_STATUS_INVALID_INFO_CLASS ;
}
return NT_STATUS_OK ;
2005-01-12 05:40:25 +03:00
}
/*
2006-08-31 12:22:13 +04:00
lsa_QueryTrustedDomainInfoBySid
2005-01-12 05:40:25 +03:00
*/
2006-08-31 12:22:13 +04:00
static NTSTATUS lsa_QueryTrustedDomainInfoBySid ( struct dcesrv_call_state * dce_call , TALLOC_CTX * mem_ctx ,
struct lsa_QueryTrustedDomainInfoBySid * r )
2005-01-12 05:40:25 +03:00
{
2006-08-31 12:22:13 +04:00
NTSTATUS status ;
struct lsa_OpenTrustedDomain open ;
struct lsa_QueryTrustedDomainInfo query ;
struct dcesrv_handle * h ;
open . in . handle = r - > in . handle ;
open . in . sid = r - > in . dom_sid ;
open . in . access_mask = SEC_FLAG_MAXIMUM_ALLOWED ;
open . out . trustdom_handle = talloc ( mem_ctx , struct policy_handle ) ;
if ( ! open . out . trustdom_handle ) {
return NT_STATUS_NO_MEMORY ;
}
status = lsa_OpenTrustedDomain ( dce_call , mem_ctx , & open ) ;
if ( ! NT_STATUS_IS_OK ( status ) ) {
return status ;
}
2005-01-12 05:40:25 +03:00
2006-08-31 12:22:13 +04:00
/* Ensure this handle goes away at the end of this call */
DCESRV_PULL_HANDLE ( h , open . out . trustdom_handle , DCESRV_HANDLE_ANY ) ;
talloc_steal ( mem_ctx , h ) ;
query . in . trustdom_handle = open . out . trustdom_handle ;
query . in . level = r - > in . level ;
status = lsa_QueryTrustedDomainInfo ( dce_call , mem_ctx , & query ) ;
if ( ! NT_STATUS_IS_OK ( status ) ) {
return status ;
}
r - > out . info = query . out . info ;
return NT_STATUS_OK ;
2005-01-12 05:40:25 +03:00
}
/*
lsa_SetTrustedDomainInfoByName
*/
static NTSTATUS lsa_SetTrustedDomainInfoByName ( struct dcesrv_call_state * dce_call ,
TALLOC_CTX * mem_ctx ,
struct lsa_SetTrustedDomainInfoByName * r )
{
DCESRV_FAULT ( DCERPC_FAULT_OP_RNG_ERROR ) ;
}
2006-08-31 12:22:13 +04:00
/*
lsa_QueryTrustedDomainInfoByName
2005-01-12 05:40:25 +03:00
*/
2006-08-31 12:22:13 +04:00
static NTSTATUS lsa_QueryTrustedDomainInfoByName ( struct dcesrv_call_state * dce_call ,
TALLOC_CTX * mem_ctx ,
struct lsa_QueryTrustedDomainInfoByName * r )
2005-01-12 05:40:25 +03:00
{
2006-08-31 12:22:13 +04:00
NTSTATUS status ;
struct lsa_OpenTrustedDomainByName open ;
struct lsa_QueryTrustedDomainInfo query ;
struct dcesrv_handle * h ;
open . in . handle = r - > in . handle ;
open . in . name = r - > in . trusted_domain ;
open . in . access_mask = SEC_FLAG_MAXIMUM_ALLOWED ;
open . out . trustdom_handle = talloc ( mem_ctx , struct policy_handle ) ;
if ( ! open . out . trustdom_handle ) {
return NT_STATUS_NO_MEMORY ;
}
status = lsa_OpenTrustedDomainByName ( dce_call , mem_ctx , & open ) ;
if ( ! NT_STATUS_IS_OK ( status ) ) {
return status ;
}
/* Ensure this handle goes away at the end of this call */
DCESRV_PULL_HANDLE ( h , open . out . trustdom_handle , DCESRV_HANDLE_ANY ) ;
talloc_steal ( mem_ctx , h ) ;
query . in . trustdom_handle = open . out . trustdom_handle ;
query . in . level = r - > in . level ;
status = lsa_QueryTrustedDomainInfo ( dce_call , mem_ctx , & query ) ;
if ( ! NT_STATUS_IS_OK ( status ) ) {
return status ;
}
r - > out . info = query . out . info ;
return NT_STATUS_OK ;
2005-01-12 05:40:25 +03:00
}
/*
2006-08-31 12:22:13 +04:00
lsa_CloseTrustedDomainEx
2005-01-12 05:40:25 +03:00
*/
static NTSTATUS lsa_CloseTrustedDomainEx ( struct dcesrv_call_state * dce_call ,
TALLOC_CTX * mem_ctx ,
struct lsa_CloseTrustedDomainEx * r )
2004-05-27 08:13:58 +04:00
{
2006-08-31 12:22:13 +04:00
/* The result of a bad hair day from an IDL programmer? Not
* implmented in Win2k3 . You should always just lsa_Close
* anyway . */
return NT_STATUS_NOT_IMPLEMENTED ;
2004-05-27 08:13:58 +04:00
}
2005-01-12 10:57:33 +03:00
/*
comparison function for sorting lsa_DomainInformation array
*/
2006-08-31 12:22:13 +04:00
static int compare_DomainInfo ( struct lsa_DomainInfo * e1 , struct lsa_DomainInfo * e2 )
2005-01-12 10:57:33 +03:00
{
2006-09-01 08:37:31 +04:00
return strcasecmp_m ( e1 - > name . string , e2 - > name . string ) ;
2005-01-12 10:57:33 +03:00
}
2004-05-27 08:13:58 +04:00
/*
lsa_EnumTrustDom
*/
static NTSTATUS lsa_EnumTrustDom ( struct dcesrv_call_state * dce_call , TALLOC_CTX * mem_ctx ,
2005-01-12 10:57:33 +03:00
struct lsa_EnumTrustDom * r )
2004-05-27 08:13:58 +04:00
{
2005-01-12 10:57:33 +03:00
struct dcesrv_handle * policy_handle ;
2006-08-31 12:22:13 +04:00
struct lsa_DomainInfo * entries ;
2005-01-12 10:57:33 +03:00
struct lsa_policy_state * policy_state ;
struct ldb_message * * domains ;
const char * attrs [ ] = {
" flatname " ,
" securityIdentifier " ,
NULL
} ;
int count , i ;
* r - > out . resume_handle = 0 ;
r - > out . domains - > domains = NULL ;
r - > out . domains - > count = 0 ;
DCESRV_PULL_HANDLE ( policy_handle , r - > in . handle , LSA_HANDLE_POLICY ) ;
policy_state = policy_handle - > data ;
/* search for all users in this domain. This could possibly be cached and
resumed based on resume_key */
2005-03-23 04:30:43 +03:00
count = gendb_search ( policy_state - > sam_ldb , mem_ctx , policy_state - > system_dn , & domains , attrs ,
2005-01-12 10:57:33 +03:00
" objectclass=trustedDomain " ) ;
if ( count = = - 1 ) {
return NT_STATUS_INTERNAL_DB_CORRUPTION ;
}
if ( count = = 0 | | r - > in . max_size = = 0 ) {
return NT_STATUS_OK ;
}
2006-08-31 12:22:13 +04:00
/* convert to lsa_TrustInformation format */
entries = talloc_array ( mem_ctx , struct lsa_DomainInfo , count ) ;
2005-01-12 10:57:33 +03:00
if ( ! entries ) {
return NT_STATUS_NO_MEMORY ;
}
for ( i = 0 ; i < count ; i + + ) {
entries [ i ] . sid = samdb_result_dom_sid ( mem_ctx , domains [ i ] , " securityIdentifier " ) ;
entries [ i ] . name . string = samdb_result_string ( domains [ i ] , " flatname " , NULL ) ;
}
/* sort the results by name */
2006-08-31 12:22:13 +04:00
qsort ( entries , count , sizeof ( * entries ) ,
( comparison_fn_t ) compare_DomainInfo ) ;
2005-01-12 10:57:33 +03:00
if ( * r - > in . resume_handle > = count ) {
* r - > out . resume_handle = - 1 ;
return NT_STATUS_NO_MORE_ENTRIES ;
}
/* return the rest, limit by max_size. Note that we
use the w2k3 element size value of 60 */
r - > out . domains - > count = count - * r - > in . resume_handle ;
r - > out . domains - > count = MIN ( r - > out . domains - > count ,
1 + ( r - > in . max_size / LSA_ENUM_TRUST_DOMAIN_MULTIPLIER ) ) ;
r - > out . domains - > domains = entries + * r - > in . resume_handle ;
r - > out . domains - > count = r - > out . domains - > count ;
if ( r - > out . domains - > count < count - * r - > in . resume_handle ) {
* r - > out . resume_handle = * r - > in . resume_handle + r - > out . domains - > count ;
return STATUS_MORE_ENTRIES ;
}
return NT_STATUS_OK ;
2004-05-27 08:13:58 +04:00
}
2006-08-31 12:22:13 +04:00
/*
comparison function for sorting lsa_DomainInformation array
*/
static int compare_TrustDomainInfoInfoEx ( struct lsa_TrustDomainInfoInfoEx * e1 , struct lsa_TrustDomainInfoInfoEx * e2 )
{
2006-09-01 08:37:31 +04:00
return strcasecmp_m ( e1 - > netbios_name . string , e2 - > netbios_name . string ) ;
2006-08-31 12:22:13 +04:00
}
/*
lsa_EnumTrustedDomainsEx
*/
static NTSTATUS lsa_EnumTrustedDomainsEx ( struct dcesrv_call_state * dce_call , TALLOC_CTX * mem_ctx ,
struct lsa_EnumTrustedDomainsEx * r )
{
struct dcesrv_handle * policy_handle ;
struct lsa_TrustDomainInfoInfoEx * entries ;
struct lsa_policy_state * policy_state ;
struct ldb_message * * domains ;
const char * attrs [ ] = {
" flatname " ,
" trustPartner " ,
" securityIdentifier " ,
" trustDirection " ,
" trustType " ,
" trustAttributes " ,
NULL
} ;
NTSTATUS nt_status ;
int count , i ;
* r - > out . resume_handle = 0 ;
r - > out . domains - > domains = NULL ;
r - > out . domains - > count = 0 ;
DCESRV_PULL_HANDLE ( policy_handle , r - > in . handle , LSA_HANDLE_POLICY ) ;
policy_state = policy_handle - > data ;
/* search for all users in this domain. This could possibly be cached and
resumed based on resume_key */
count = gendb_search ( policy_state - > sam_ldb , mem_ctx , policy_state - > system_dn , & domains , attrs ,
" objectclass=trustedDomain " ) ;
if ( count = = - 1 ) {
return NT_STATUS_INTERNAL_DB_CORRUPTION ;
}
if ( count = = 0 | | r - > in . max_size = = 0 ) {
return NT_STATUS_OK ;
}
/* convert to lsa_DomainInformation format */
entries = talloc_array ( mem_ctx , struct lsa_TrustDomainInfoInfoEx , count ) ;
if ( ! entries ) {
return NT_STATUS_NO_MEMORY ;
}
for ( i = 0 ; i < count ; i + + ) {
nt_status = fill_trust_domain_ex ( mem_ctx , domains [ i ] , & entries [ i ] ) ;
if ( ! NT_STATUS_IS_OK ( nt_status ) ) {
return nt_status ;
}
}
/* sort the results by name */
qsort ( entries , count , sizeof ( * entries ) ,
( comparison_fn_t ) compare_TrustDomainInfoInfoEx ) ;
if ( * r - > in . resume_handle > = count ) {
* r - > out . resume_handle = - 1 ;
return NT_STATUS_NO_MORE_ENTRIES ;
}
/* return the rest, limit by max_size. Note that we
use the w2k3 element size value of 60 */
r - > out . domains - > count = count - * r - > in . resume_handle ;
r - > out . domains - > count = MIN ( r - > out . domains - > count ,
1 + ( r - > in . max_size / LSA_ENUM_TRUST_DOMAIN_EX_MULTIPLIER ) ) ;
r - > out . domains - > domains = entries + * r - > in . resume_handle ;
r - > out . domains - > count = r - > out . domains - > count ;
if ( r - > out . domains - > count < count - * r - > in . resume_handle ) {
* r - > out . resume_handle = * r - > in . resume_handle + r - > out . domains - > count ;
return STATUS_MORE_ENTRIES ;
}
return NT_STATUS_OK ;
}
2004-05-27 08:13:58 +04:00
2004-11-26 15:30:39 +03:00
/*
return the authority name and authority sid , given a sid
2004-05-27 08:13:58 +04:00
*/
2004-11-26 15:30:39 +03:00
static NTSTATUS lsa_authority_name ( struct lsa_policy_state * state ,
TALLOC_CTX * mem_ctx , struct dom_sid * sid ,
const char * * authority_name ,
struct dom_sid * * authority_sid )
{
if ( dom_sid_in_domain ( state - > domain_sid , sid ) ) {
* authority_name = state - > domain_name ;
* authority_sid = state - > domain_sid ;
return NT_STATUS_OK ;
}
2004-11-29 09:19:50 +03:00
if ( dom_sid_in_domain ( state - > builtin_sid , sid ) ) {
* authority_name = " BUILTIN " ;
* authority_sid = state - > builtin_sid ;
return NT_STATUS_OK ;
}
2004-11-26 15:30:39 +03:00
* authority_sid = dom_sid_dup ( mem_ctx , sid ) ;
if ( * authority_sid = = NULL ) {
return NT_STATUS_NO_MEMORY ;
}
( * authority_sid ) - > num_auths = 0 ;
* authority_name = dom_sid_string ( mem_ctx , * authority_sid ) ;
if ( * authority_name = = NULL ) {
return NT_STATUS_NO_MEMORY ;
}
return NT_STATUS_OK ;
}
2004-11-29 07:24:50 +03:00
/*
add to the lsa_RefDomainList for LookupSids and LookupNames
*/
2004-11-26 16:02:58 +03:00
static NTSTATUS lsa_authority_list ( struct lsa_policy_state * state , TALLOC_CTX * mem_ctx ,
struct dom_sid * sid ,
2004-11-29 09:19:50 +03:00
struct lsa_RefDomainList * domains ,
uint32_t * sid_index )
2004-11-26 16:02:58 +03:00
{
NTSTATUS status ;
const char * authority_name ;
struct dom_sid * authority_sid ;
int i ;
/* work out the authority name */
status = lsa_authority_name ( state , mem_ctx , sid ,
& authority_name , & authority_sid ) ;
if ( ! NT_STATUS_IS_OK ( status ) ) {
return status ;
}
/* see if we've already done this authority name */
for ( i = 0 ; i < domains - > count ; i + + ) {
if ( strcmp ( authority_name , domains - > domains [ i ] . name . string ) = = 0 ) {
2004-11-29 09:19:50 +03:00
* sid_index = i ;
return NT_STATUS_OK ;
2004-11-26 16:02:58 +03:00
}
}
2004-11-29 09:19:50 +03:00
2005-01-27 10:08:20 +03:00
domains - > domains = talloc_realloc ( domains ,
2005-09-02 03:26:50 +04:00
domains - > domains ,
2006-08-31 12:22:13 +04:00
struct lsa_DomainInfo ,
2005-09-02 03:26:50 +04:00
domains - > count + 1 ) ;
2004-11-29 09:19:50 +03:00
if ( domains - > domains = = NULL ) {
return NT_STATUS_NO_MEMORY ;
2004-11-26 16:02:58 +03:00
}
2004-11-29 09:19:50 +03:00
domains - > domains [ i ] . name . string = authority_name ;
domains - > domains [ i ] . sid = authority_sid ;
domains - > count + + ;
2006-08-31 12:22:13 +04:00
domains - > max_size = LSA_REF_DOMAIN_LIST_MULTIPLIER * domains - > count ;
2004-11-29 09:19:50 +03:00
* sid_index = i ;
2004-11-26 16:02:58 +03:00
return NT_STATUS_OK ;
}
2004-11-29 07:24:50 +03:00
/*
lookup a name for 1 SID
*/
static NTSTATUS lsa_lookup_sid ( struct lsa_policy_state * state , TALLOC_CTX * mem_ctx ,
struct dom_sid * sid , const char * sid_str ,
const char * * name , uint32_t * atype )
{
int ret ;
struct ldb_message * * res ;
2004-12-21 15:22:57 +03:00
const char * const attrs [ ] = { " sAMAccountName " , " sAMAccountType " , " name " , NULL } ;
2004-11-29 07:24:50 +03:00
NTSTATUS status ;
2005-03-23 04:30:43 +03:00
ret = gendb_search ( state - > sam_ldb , mem_ctx , NULL , & res , attrs ,
2005-06-24 04:18:20 +04:00
" objectSid=%s " , ldap_encode_ndr_dom_sid ( mem_ctx , sid ) ) ;
2004-11-29 07:24:50 +03:00
if ( ret = = 1 ) {
2006-08-13 12:00:36 +04:00
* name = ldb_msg_find_attr_as_string ( res [ 0 ] , " sAMAccountName " , NULL ) ;
2004-12-21 15:22:57 +03:00
if ( ! * name ) {
2006-08-13 12:00:36 +04:00
* name = ldb_msg_find_attr_as_string ( res [ 0 ] , " name " , NULL ) ;
2004-12-21 15:22:57 +03:00
if ( ! * name ) {
* name = talloc_strdup ( mem_ctx , sid_str ) ;
2006-04-29 15:48:56 +04:00
NT_STATUS_HAVE_NO_MEMORY ( * name ) ;
2004-12-21 15:22:57 +03:00
}
2004-11-29 07:24:50 +03:00
}
2004-12-21 15:22:57 +03:00
2004-11-29 07:24:50 +03:00
* atype = samdb_result_uint ( res [ 0 ] , " sAMAccountType " , 0 ) ;
return NT_STATUS_OK ;
}
status = sidmap_allocated_sid_lookup ( state - > sidmap , mem_ctx , sid , name , atype ) ;
return status ;
}
2004-11-26 16:02:58 +03:00
2004-11-26 15:30:39 +03:00
/*
2006-09-11 09:11:10 +04:00
lsa_LookupSids2
2004-11-26 15:30:39 +03:00
*/
2006-09-11 09:11:10 +04:00
static NTSTATUS lsa_LookupSids2 ( struct dcesrv_call_state * dce_call ,
2004-11-26 15:30:39 +03:00
TALLOC_CTX * mem_ctx ,
2006-09-11 09:11:10 +04:00
struct lsa_LookupSids2 * r )
2004-05-27 08:13:58 +04:00
{
2004-11-18 08:17:24 +03:00
struct lsa_policy_state * state ;
int i ;
NTSTATUS status = NT_STATUS_OK ;
r - > out . domains = NULL ;
2004-12-31 11:54:59 +03:00
status = lsa_get_policy_state ( dce_call , mem_ctx , & state ) ;
if ( ! NT_STATUS_IS_OK ( status ) ) {
return status ;
}
2004-11-18 08:17:24 +03:00
2005-01-27 10:08:20 +03:00
r - > out . domains = talloc_zero ( mem_ctx , struct lsa_RefDomainList ) ;
2004-11-18 08:17:24 +03:00
if ( r - > out . domains = = NULL ) {
return NT_STATUS_NO_MEMORY ;
}
2005-01-27 10:08:20 +03:00
r - > out . names = talloc_zero ( mem_ctx , struct lsa_TransNameArray2 ) ;
2004-11-26 16:02:58 +03:00
if ( r - > out . names = = NULL ) {
2004-11-18 08:17:24 +03:00
return NT_STATUS_NO_MEMORY ;
}
* r - > out . count = 0 ;
2005-01-27 10:08:20 +03:00
r - > out . names - > names = talloc_array ( r - > out . names , struct lsa_TranslatedName2 ,
2004-11-18 08:17:24 +03:00
r - > in . sids - > num_sids ) ;
if ( r - > out . names - > names = = NULL ) {
return NT_STATUS_NO_MEMORY ;
}
for ( i = 0 ; i < r - > in . sids - > num_sids ; i + + ) {
struct dom_sid * sid = r - > in . sids - > sids [ i ] . sid ;
char * sid_str = dom_sid_string ( mem_ctx , sid ) ;
2004-11-26 16:02:58 +03:00
const char * name ;
2004-11-29 09:19:50 +03:00
uint32_t atype , rtype , sid_index ;
2004-11-26 15:30:39 +03:00
NTSTATUS status2 ;
2004-11-18 08:17:24 +03:00
r - > out . names - > count + + ;
( * r - > out . count ) + + ;
2004-11-22 14:59:59 +03:00
r - > out . names - > names [ i ] . sid_type = SID_NAME_UNKNOWN ;
r - > out . names - > names [ i ] . name . string = sid_str ;
r - > out . names - > names [ i ] . sid_index = 0xFFFFFFFF ;
2004-11-26 15:30:39 +03:00
r - > out . names - > names [ i ] . unknown = 0 ;
2004-11-18 08:17:24 +03:00
if ( sid_str = = NULL ) {
2004-11-22 14:59:59 +03:00
r - > out . names - > names [ i ] . name . string = " (SIDERROR) " ;
2004-11-18 08:17:24 +03:00
status = STATUS_SOME_UNMAPPED ;
continue ;
}
/* work out the authority name */
2004-11-29 09:19:50 +03:00
status2 = lsa_authority_list ( state , mem_ctx , sid , r - > out . domains , & sid_index ) ;
2004-11-26 15:30:39 +03:00
if ( ! NT_STATUS_IS_OK ( status2 ) ) {
return status2 ;
2004-11-18 08:17:24 +03:00
}
2004-11-29 07:24:50 +03:00
status2 = lsa_lookup_sid ( state , mem_ctx , sid , sid_str ,
& name , & atype ) ;
if ( ! NT_STATUS_IS_OK ( status2 ) ) {
2004-11-18 08:17:24 +03:00
status = STATUS_SOME_UNMAPPED ;
continue ;
}
rtype = samdb_atype_map ( atype ) ;
if ( rtype = = SID_NAME_UNKNOWN ) {
status = STATUS_SOME_UNMAPPED ;
continue ;
}
2004-11-22 14:59:59 +03:00
r - > out . names - > names [ i ] . sid_type = rtype ;
r - > out . names - > names [ i ] . name . string = name ;
2004-11-29 09:19:50 +03:00
r - > out . names - > names [ i ] . sid_index = sid_index ;
2004-11-26 15:30:39 +03:00
r - > out . names - > names [ i ] . unknown = 0 ;
2004-11-18 08:17:24 +03:00
}
return status ;
2004-05-27 08:13:58 +04:00
}
2004-12-31 11:54:59 +03:00
/*
2006-09-11 09:11:10 +04:00
lsa_LookupSids3
Identical to LookupSids2 , but doesn ' t take a policy handle
2004-12-31 11:54:59 +03:00
*/
2006-09-11 09:11:10 +04:00
static NTSTATUS lsa_LookupSids3 ( struct dcesrv_call_state * dce_call ,
2004-12-31 11:54:59 +03:00
TALLOC_CTX * mem_ctx ,
2006-09-11 09:11:10 +04:00
struct lsa_LookupSids3 * r )
2004-12-31 11:54:59 +03:00
{
2006-09-11 09:11:10 +04:00
struct lsa_LookupSids2 r2 ;
struct lsa_OpenPolicy2 pol ;
2004-12-31 11:54:59 +03:00
NTSTATUS status ;
2006-09-11 09:11:10 +04:00
struct dcesrv_handle * h ;
2004-12-31 11:54:59 +03:00
2006-09-11 09:11:10 +04:00
/* No policy handle on the wire, so make one up here */
r2 . in . handle = talloc ( mem_ctx , struct policy_handle ) ;
if ( ! r2 . in . handle ) {
return NT_STATUS_NO_MEMORY ;
}
2004-12-31 11:54:59 +03:00
2006-09-11 09:11:10 +04:00
pol . out . handle = r2 . in . handle ;
pol . in . access_mask = SEC_FLAG_MAXIMUM_ALLOWED ;
pol . in . attr = NULL ;
pol . in . system_name = NULL ;
status = lsa_OpenPolicy2 ( dce_call , mem_ctx , & pol ) ;
if ( ! NT_STATUS_IS_OK ( status ) ) {
return status ;
}
/* ensure this handle goes away at the end of this call */
DCESRV_PULL_HANDLE ( h , r2 . in . handle , LSA_HANDLE_POLICY ) ;
talloc_steal ( mem_ctx , h ) ;
r2 . in . sids = r - > in . sids ;
r2 . in . names = r - > in . names ;
r2 . in . level = r - > in . level ;
r2 . in . count = r - > in . count ;
r2 . in . unknown1 = r - > in . unknown1 ;
r2 . in . unknown2 = r - > in . unknown2 ;
r2 . out . count = r - > out . count ;
r2 . out . names = r - > out . names ;
status = lsa_LookupSids2 ( dce_call , mem_ctx , & r2 ) ;
2004-12-31 11:54:59 +03:00
if ( dce_call - > fault_code ! = 0 ) {
return status ;
}
2006-09-11 09:11:10 +04:00
r - > out . domains = r2 . out . domains ;
r - > out . names = r2 . out . names ;
r - > out . count = r2 . out . count ;
2004-12-31 11:54:59 +03:00
return status ;
}
2004-11-26 15:30:39 +03:00
/*
lsa_LookupSids
*/
static NTSTATUS lsa_LookupSids ( struct dcesrv_call_state * dce_call , TALLOC_CTX * mem_ctx ,
struct lsa_LookupSids * r )
{
2006-09-11 10:15:39 +04:00
struct lsa_LookupSids2 r2 ;
2004-11-26 15:30:39 +03:00
NTSTATUS status ;
int i ;
2006-09-11 10:15:39 +04:00
r2 . in . handle = r - > in . handle ;
r2 . in . sids = r - > in . sids ;
r2 . in . names = NULL ;
r2 . in . level = r - > in . level ;
r2 . in . count = r - > in . count ;
r2 . in . unknown1 = 0 ;
r2 . in . unknown2 = 0 ;
r2 . out . count = r - > out . count ;
r2 . out . names = NULL ;
2004-11-26 15:30:39 +03:00
2006-09-11 10:15:39 +04:00
status = lsa_LookupSids2 ( dce_call , mem_ctx , & r2 ) ;
2004-11-26 15:30:39 +03:00
if ( dce_call - > fault_code ! = 0 ) {
return status ;
}
2006-09-11 10:15:39 +04:00
r - > out . domains = r2 . out . domains ;
if ( ! r2 . out . names ) {
2005-09-21 04:27:10 +04:00
r - > out . names = NULL ;
return status ;
}
2005-01-27 10:08:20 +03:00
r - > out . names = talloc ( mem_ctx , struct lsa_TransNameArray ) ;
2004-11-26 15:30:39 +03:00
if ( r - > out . names = = NULL ) {
return NT_STATUS_NO_MEMORY ;
}
2006-09-11 10:15:39 +04:00
r - > out . names - > count = r2 . out . names - > count ;
2005-01-27 10:08:20 +03:00
r - > out . names - > names = talloc_array ( r - > out . names , struct lsa_TranslatedName ,
2004-11-26 15:30:39 +03:00
r - > out . names - > count ) ;
if ( r - > out . names - > names = = NULL ) {
return NT_STATUS_NO_MEMORY ;
}
for ( i = 0 ; i < r - > out . names - > count ; i + + ) {
2006-09-11 10:15:39 +04:00
r - > out . names - > names [ i ] . sid_type = r2 . out . names - > names [ i ] . sid_type ;
r - > out . names - > names [ i ] . name . string = r2 . out . names - > names [ i ] . name . string ;
r - > out . names - > names [ i ] . sid_index = r2 . out . names - > names [ i ] . sid_index ;
2004-11-26 15:30:39 +03:00
}
return status ;
}
2004-05-27 08:13:58 +04:00
/*
lsa_OpenAccount
*/
static NTSTATUS lsa_OpenAccount ( struct dcesrv_call_state * dce_call , TALLOC_CTX * mem_ctx ,
2004-12-19 08:01:52 +03:00
struct lsa_OpenAccount * r )
2004-05-27 08:13:58 +04:00
{
2004-12-19 08:01:52 +03:00
struct dcesrv_handle * h , * ah ;
struct lsa_policy_state * state ;
struct lsa_account_state * astate ;
ZERO_STRUCTP ( r - > out . acct_handle ) ;
DCESRV_PULL_HANDLE ( h , r - > in . handle , LSA_HANDLE_POLICY ) ;
state = h - > data ;
2005-01-27 10:08:20 +03:00
astate = talloc ( dce_call - > conn , struct lsa_account_state ) ;
2004-12-19 08:01:52 +03:00
if ( astate = = NULL ) {
return NT_STATUS_NO_MEMORY ;
}
astate - > account_sid = dom_sid_dup ( astate , r - > in . sid ) ;
if ( astate - > account_sid = = NULL ) {
talloc_free ( astate ) ;
return NT_STATUS_NO_MEMORY ;
}
astate - > policy = talloc_reference ( astate , state ) ;
astate - > access_mask = r - > in . access_mask ;
2005-01-10 15:15:26 +03:00
ah = dcesrv_handle_new ( dce_call - > context , LSA_HANDLE_ACCOUNT ) ;
2004-12-19 08:01:52 +03:00
if ( ! ah ) {
talloc_free ( astate ) ;
return NT_STATUS_NO_MEMORY ;
}
2005-01-10 15:15:26 +03:00
ah - > data = talloc_steal ( ah , astate ) ;
2004-12-19 08:01:52 +03:00
* r - > out . acct_handle = ah - > wire_handle ;
return NT_STATUS_OK ;
2004-05-27 08:13:58 +04:00
}
/*
lsa_EnumPrivsAccount
*/
2004-12-15 01:18:33 +03:00
static NTSTATUS lsa_EnumPrivsAccount ( struct dcesrv_call_state * dce_call ,
TALLOC_CTX * mem_ctx ,
struct lsa_EnumPrivsAccount * r )
2004-05-27 08:13:58 +04:00
{
2004-12-19 09:41:27 +03:00
struct dcesrv_handle * h ;
struct lsa_account_state * astate ;
int ret , i ;
struct ldb_message * * res ;
const char * const attrs [ ] = { " privilege " , NULL } ;
struct ldb_message_element * el ;
2006-07-06 09:23:29 +04:00
const char * sidstr ;
2004-12-19 09:41:27 +03:00
DCESRV_PULL_HANDLE ( h , r - > in . handle , LSA_HANDLE_ACCOUNT ) ;
astate = h - > data ;
2005-01-27 10:08:20 +03:00
r - > out . privs = talloc ( mem_ctx , struct lsa_PrivilegeSet ) ;
2004-12-19 09:41:27 +03:00
r - > out . privs - > count = 0 ;
r - > out . privs - > unknown = 0 ;
r - > out . privs - > set = NULL ;
2006-07-06 09:23:29 +04:00
sidstr = ldap_encode_ndr_dom_sid ( mem_ctx , astate - > account_sid ) ;
if ( sidstr = = NULL ) {
return NT_STATUS_NO_MEMORY ;
}
2006-08-25 11:08:06 +04:00
ret = gendb_search ( astate - > policy - > sam_ldb , mem_ctx , NULL , & res , attrs ,
2006-07-06 09:23:29 +04:00
" objectSid=%s " , sidstr ) ;
2004-12-19 09:41:27 +03:00
if ( ret ! = 1 ) {
return NT_STATUS_OK ;
}
el = ldb_msg_find_element ( res [ 0 ] , " privilege " ) ;
if ( el = = NULL | | el - > num_values = = 0 ) {
return NT_STATUS_OK ;
}
2005-01-27 10:08:20 +03:00
r - > out . privs - > set = talloc_array ( r - > out . privs ,
2006-07-06 09:23:29 +04:00
struct lsa_LUIDAttribute , el - > num_values ) ;
2004-12-19 09:41:27 +03:00
if ( r - > out . privs - > set = = NULL ) {
return NT_STATUS_NO_MEMORY ;
}
for ( i = 0 ; i < el - > num_values ; i + + ) {
2005-07-13 19:18:20 +04:00
int id = sec_privilege_id ( ( const char * ) el - > values [ i ] . data ) ;
2004-12-19 09:41:27 +03:00
if ( id = = - 1 ) {
return NT_STATUS_INTERNAL_DB_CORRUPTION ;
}
r - > out . privs - > set [ i ] . attribute = 0 ;
r - > out . privs - > set [ i ] . luid . low = id ;
r - > out . privs - > set [ i ] . luid . high = 0 ;
}
r - > out . privs - > count = el - > num_values ;
return NT_STATUS_OK ;
2004-05-27 08:13:58 +04:00
}
2004-12-19 14:34:19 +03:00
/*
lsa_EnumAccountRights
*/
static NTSTATUS lsa_EnumAccountRights ( struct dcesrv_call_state * dce_call ,
TALLOC_CTX * mem_ctx ,
struct lsa_EnumAccountRights * r )
{
struct dcesrv_handle * h ;
struct lsa_policy_state * state ;
int ret , i ;
struct ldb_message * * res ;
const char * const attrs [ ] = { " privilege " , NULL } ;
const char * sidstr ;
struct ldb_message_element * el ;
DCESRV_PULL_HANDLE ( h , r - > in . handle , LSA_HANDLE_POLICY ) ;
state = h - > data ;
2005-06-24 04:18:20 +04:00
sidstr = ldap_encode_ndr_dom_sid ( mem_ctx , r - > in . sid ) ;
2004-12-19 14:34:19 +03:00
if ( sidstr = = NULL ) {
return NT_STATUS_NO_MEMORY ;
}
2006-08-25 11:08:06 +04:00
ret = gendb_search ( state - > sam_ldb , mem_ctx , NULL , & res , attrs ,
2006-07-06 09:23:29 +04:00
" (&(objectSid=%s)(privilege=*)) " , sidstr ) ;
if ( ret = = 0 ) {
2004-12-19 14:34:19 +03:00
return NT_STATUS_OBJECT_NAME_NOT_FOUND ;
}
2006-07-06 09:23:29 +04:00
if ( ret > 1 ) {
return NT_STATUS_INTERNAL_DB_CORRUPTION ;
}
if ( ret = = - 1 ) {
DEBUG ( 3 , ( " searching for account rights for SID: %s failed: %s " ,
dom_sid_string ( mem_ctx , r - > in . sid ) ,
ldb_errstring ( state - > sam_ldb ) ) ) ;
return NT_STATUS_INTERNAL_DB_CORRUPTION ;
}
2004-12-19 14:34:19 +03:00
el = ldb_msg_find_element ( res [ 0 ] , " privilege " ) ;
if ( el = = NULL | | el - > num_values = = 0 ) {
return NT_STATUS_OBJECT_NAME_NOT_FOUND ;
}
r - > out . rights - > count = el - > num_values ;
2005-01-27 10:08:20 +03:00
r - > out . rights - > names = talloc_array ( r - > out . rights ,
2006-01-09 18:50:08 +03:00
struct lsa_StringLarge , r - > out . rights - > count ) ;
2004-12-19 14:34:19 +03:00
if ( r - > out . rights - > names = = NULL ) {
return NT_STATUS_NO_MEMORY ;
}
for ( i = 0 ; i < el - > num_values ; i + + ) {
2005-07-13 19:18:20 +04:00
r - > out . rights - > names [ i ] . string = ( const char * ) el - > values [ i ] . data ;
2004-12-19 14:34:19 +03:00
}
return NT_STATUS_OK ;
}
2004-05-27 08:13:58 +04:00
2004-12-19 10:50:19 +03:00
/*
helper for lsa_AddAccountRights and lsa_RemoveAccountRights
*/
static NTSTATUS lsa_AddRemoveAccountRights ( struct dcesrv_call_state * dce_call ,
TALLOC_CTX * mem_ctx ,
struct lsa_policy_state * state ,
int ldb_flag ,
2004-12-19 14:34:19 +03:00
struct dom_sid * sid ,
2004-12-19 10:50:19 +03:00
const struct lsa_RightSet * rights )
{
const char * sidstr ;
2005-01-12 05:40:25 +03:00
struct ldb_message * msg ;
2006-07-06 09:23:29 +04:00
struct ldb_message_element * el ;
2004-12-19 10:50:19 +03:00
int i , ret ;
2004-12-19 14:34:19 +03:00
struct lsa_EnumAccountRights r2 ;
2004-12-19 10:50:19 +03:00
2005-06-24 04:18:20 +04:00
sidstr = ldap_encode_ndr_dom_sid ( mem_ctx , sid ) ;
2004-12-19 10:50:19 +03:00
if ( sidstr = = NULL ) {
return NT_STATUS_NO_MEMORY ;
}
2005-01-12 05:40:25 +03:00
msg = ldb_msg_new ( mem_ctx ) ;
if ( msg = = NULL ) {
return NT_STATUS_NO_MEMORY ;
}
2006-07-06 09:23:29 +04:00
msg - > dn = samdb_search_dn ( state - > sam_ldb , mem_ctx ,
2006-08-25 11:08:06 +04:00
NULL , " objectSid=%s " , sidstr ) ;
2005-01-12 05:40:25 +03:00
if ( msg - > dn = = NULL ) {
2006-07-06 09:23:29 +04:00
NTSTATUS status ;
if ( ldb_flag = = LDB_FLAG_MOD_DELETE ) {
return NT_STATUS_OBJECT_NAME_NOT_FOUND ;
}
status = samdb_create_foreign_security_principal ( state - > sam_ldb , mem_ctx ,
sid , & msg - > dn ) ;
if ( ! NT_STATUS_IS_OK ( status ) ) {
return status ;
}
2005-09-02 03:26:50 +04:00
return NT_STATUS_NO_SUCH_USER ;
2004-12-19 10:50:19 +03:00
}
2005-01-12 05:40:25 +03:00
2006-10-25 05:42:59 +04:00
if ( ldb_msg_add_empty ( msg , " privilege " , ldb_flag , NULL ) ) {
2004-12-19 10:50:19 +03:00
return NT_STATUS_NO_MEMORY ;
}
2004-12-19 14:34:19 +03:00
if ( ldb_flag = = LDB_FLAG_MOD_ADD ) {
NTSTATUS status ;
r2 . in . handle = & state - > handle - > wire_handle ;
r2 . in . sid = sid ;
2005-01-27 10:08:20 +03:00
r2 . out . rights = talloc ( mem_ctx , struct lsa_RightSet ) ;
2004-12-19 14:34:19 +03:00
status = lsa_EnumAccountRights ( dce_call , mem_ctx , & r2 ) ;
if ( ! NT_STATUS_IS_OK ( status ) ) {
ZERO_STRUCTP ( r2 . out . rights ) ;
}
}
for ( i = 0 ; i < rights - > count ; i + + ) {
2004-12-19 10:50:19 +03:00
if ( sec_privilege_id ( rights - > names [ i ] . string ) = = - 1 ) {
return NT_STATUS_NO_SUCH_PRIVILEGE ;
}
2004-12-19 14:34:19 +03:00
if ( ldb_flag = = LDB_FLAG_MOD_ADD ) {
int j ;
for ( j = 0 ; j < r2 . out . rights - > count ; j + + ) {
2005-08-30 15:55:05 +04:00
if ( strcasecmp_m ( r2 . out . rights - > names [ j ] . string ,
2004-12-19 14:34:19 +03:00
rights - > names [ i ] . string ) = = 0 ) {
break ;
}
}
if ( j ! = r2 . out . rights - > count ) continue ;
}
2006-07-06 09:23:29 +04:00
ret = ldb_msg_add_string ( msg , " privilege " , rights - > names [ i ] . string ) ;
if ( ret ! = LDB_SUCCESS ) {
2004-12-19 10:50:19 +03:00
return NT_STATUS_NO_MEMORY ;
}
2004-12-19 14:34:19 +03:00
}
2006-07-06 09:23:29 +04:00
el = ldb_msg_find_element ( msg , " privilege " ) ;
if ( ! el ) {
2004-12-19 14:34:19 +03:00
return NT_STATUS_OK ;
2004-12-19 10:50:19 +03:00
}
2005-02-27 14:35:47 +03:00
ret = samdb_modify ( state - > sam_ldb , mem_ctx , msg ) ;
2004-12-19 10:50:19 +03:00
if ( ret ! = 0 ) {
2006-07-06 09:23:29 +04:00
if ( ldb_flag = = LDB_FLAG_MOD_DELETE & & ret = = LDB_ERR_NO_SUCH_ATTRIBUTE ) {
2004-12-19 10:50:19 +03:00
return NT_STATUS_OBJECT_NAME_NOT_FOUND ;
}
2006-07-06 09:23:29 +04:00
DEBUG ( 3 , ( " Could not %s attributes from %s: %s " ,
ldb_flag = = LDB_FLAG_MOD_DELETE ? " delete " : " add " ,
2006-11-22 05:05:19 +03:00
ldb_dn_get_linearized ( msg - > dn ) , ldb_errstring ( state - > sam_ldb ) ) ) ;
2004-12-19 10:50:19 +03:00
return NT_STATUS_UNEXPECTED_IO_ERROR ;
}
return NT_STATUS_OK ;
}
2004-05-27 08:13:58 +04:00
/*
2004-08-14 05:11:34 +04:00
lsa_AddPrivilegesToAccount
2004-05-27 08:13:58 +04:00
*/
2004-08-14 05:11:34 +04:00
static NTSTATUS lsa_AddPrivilegesToAccount ( struct dcesrv_call_state * dce_call , TALLOC_CTX * mem_ctx ,
2004-12-19 10:50:19 +03:00
struct lsa_AddPrivilegesToAccount * r )
2004-05-27 08:13:58 +04:00
{
2004-12-19 10:50:19 +03:00
struct lsa_RightSet rights ;
struct dcesrv_handle * h ;
struct lsa_account_state * astate ;
int i ;
DCESRV_PULL_HANDLE ( h , r - > in . handle , LSA_HANDLE_ACCOUNT ) ;
astate = h - > data ;
rights . count = r - > in . privs - > count ;
2006-01-09 18:50:08 +03:00
rights . names = talloc_array ( mem_ctx , struct lsa_StringLarge , rights . count ) ;
2004-12-19 10:50:19 +03:00
if ( rights . names = = NULL ) {
return NT_STATUS_NO_MEMORY ;
}
for ( i = 0 ; i < rights . count ; i + + ) {
int id = r - > in . privs - > set [ i ] . luid . low ;
if ( r - > in . privs - > set [ i ] . luid . high ) {
return NT_STATUS_NO_SUCH_PRIVILEGE ;
}
rights . names [ i ] . string = sec_privilege_name ( id ) ;
if ( rights . names [ i ] . string = = NULL ) {
return NT_STATUS_NO_SUCH_PRIVILEGE ;
}
}
return lsa_AddRemoveAccountRights ( dce_call , mem_ctx , astate - > policy ,
LDB_FLAG_MOD_ADD , astate - > account_sid ,
& rights ) ;
2004-05-27 08:13:58 +04:00
}
/*
2004-08-14 05:11:34 +04:00
lsa_RemovePrivilegesFromAccount
2004-05-27 08:13:58 +04:00
*/
2004-08-14 05:11:34 +04:00
static NTSTATUS lsa_RemovePrivilegesFromAccount ( struct dcesrv_call_state * dce_call , TALLOC_CTX * mem_ctx ,
2004-12-19 10:50:19 +03:00
struct lsa_RemovePrivilegesFromAccount * r )
2004-05-27 08:13:58 +04:00
{
2004-12-19 10:50:19 +03:00
struct lsa_RightSet * rights ;
struct dcesrv_handle * h ;
struct lsa_account_state * astate ;
int i ;
DCESRV_PULL_HANDLE ( h , r - > in . handle , LSA_HANDLE_ACCOUNT ) ;
astate = h - > data ;
2005-01-27 10:08:20 +03:00
rights = talloc ( mem_ctx , struct lsa_RightSet ) ;
2004-12-19 10:50:19 +03:00
if ( r - > in . remove_all = = 1 & &
r - > in . privs = = NULL ) {
struct lsa_EnumAccountRights r2 ;
NTSTATUS status ;
r2 . in . handle = & astate - > policy - > handle - > wire_handle ;
r2 . in . sid = astate - > account_sid ;
r2 . out . rights = rights ;
status = lsa_EnumAccountRights ( dce_call , mem_ctx , & r2 ) ;
if ( ! NT_STATUS_IS_OK ( status ) ) {
return status ;
}
return lsa_AddRemoveAccountRights ( dce_call , mem_ctx , astate - > policy ,
LDB_FLAG_MOD_DELETE , astate - > account_sid ,
r2 . out . rights ) ;
}
if ( r - > in . remove_all ! = 0 ) {
return NT_STATUS_INVALID_PARAMETER ;
}
rights - > count = r - > in . privs - > count ;
2006-01-09 18:50:08 +03:00
rights - > names = talloc_array ( mem_ctx , struct lsa_StringLarge , rights - > count ) ;
2004-12-19 10:50:19 +03:00
if ( rights - > names = = NULL ) {
return NT_STATUS_NO_MEMORY ;
}
for ( i = 0 ; i < rights - > count ; i + + ) {
int id = r - > in . privs - > set [ i ] . luid . low ;
if ( r - > in . privs - > set [ i ] . luid . high ) {
return NT_STATUS_NO_SUCH_PRIVILEGE ;
}
rights - > names [ i ] . string = sec_privilege_name ( id ) ;
if ( rights - > names [ i ] . string = = NULL ) {
return NT_STATUS_NO_SUCH_PRIVILEGE ;
}
}
return lsa_AddRemoveAccountRights ( dce_call , mem_ctx , astate - > policy ,
LDB_FLAG_MOD_DELETE , astate - > account_sid ,
rights ) ;
2004-05-27 08:13:58 +04:00
}
/*
2004-08-14 05:11:34 +04:00
lsa_GetQuotasForAccount
2004-05-27 08:13:58 +04:00
*/
2004-08-14 05:11:34 +04:00
static NTSTATUS lsa_GetQuotasForAccount ( struct dcesrv_call_state * dce_call , TALLOC_CTX * mem_ctx ,
struct lsa_GetQuotasForAccount * r )
2004-05-27 08:13:58 +04:00
{
DCESRV_FAULT ( DCERPC_FAULT_OP_RNG_ERROR ) ;
}
/*
2004-08-14 05:11:34 +04:00
lsa_SetQuotasForAccount
2004-05-27 08:13:58 +04:00
*/
2004-08-14 05:11:34 +04:00
static NTSTATUS lsa_SetQuotasForAccount ( struct dcesrv_call_state * dce_call , TALLOC_CTX * mem_ctx ,
struct lsa_SetQuotasForAccount * r )
2004-05-27 08:13:58 +04:00
{
DCESRV_FAULT ( DCERPC_FAULT_OP_RNG_ERROR ) ;
}
/*
2004-08-14 05:11:34 +04:00
lsa_GetSystemAccessAccount
2004-05-27 08:13:58 +04:00
*/
2004-08-14 05:11:34 +04:00
static NTSTATUS lsa_GetSystemAccessAccount ( struct dcesrv_call_state * dce_call , TALLOC_CTX * mem_ctx ,
struct lsa_GetSystemAccessAccount * r )
2004-05-27 08:13:58 +04:00
{
DCESRV_FAULT ( DCERPC_FAULT_OP_RNG_ERROR ) ;
}
/*
2004-08-14 05:11:34 +04:00
lsa_SetSystemAccessAccount
2004-05-27 08:13:58 +04:00
*/
2004-08-14 05:11:34 +04:00
static NTSTATUS lsa_SetSystemAccessAccount ( struct dcesrv_call_state * dce_call , TALLOC_CTX * mem_ctx ,
struct lsa_SetSystemAccessAccount * r )
2004-05-27 08:13:58 +04:00
{
DCESRV_FAULT ( DCERPC_FAULT_OP_RNG_ERROR ) ;
}
2005-01-11 17:04:58 +03:00
/*
lsa_CreateSecret
*/
static NTSTATUS lsa_CreateSecret ( struct dcesrv_call_state * dce_call , TALLOC_CTX * mem_ctx ,
struct lsa_CreateSecret * r )
{
struct dcesrv_handle * policy_handle ;
struct lsa_policy_state * policy_state ;
struct lsa_secret_state * secret_state ;
struct dcesrv_handle * handle ;
struct ldb_message * * msgs , * msg ;
2006-08-24 14:41:31 +04:00
const char * errstr ;
2005-01-11 17:04:58 +03:00
const char * attrs [ ] = {
NULL
} ;
const char * name ;
int ret ;
DCESRV_PULL_HANDLE ( policy_handle , r - > in . handle , LSA_HANDLE_POLICY ) ;
ZERO_STRUCTP ( r - > out . sec_handle ) ;
policy_state = policy_handle - > data ;
if ( ! r - > in . name . string ) {
return NT_STATUS_INVALID_PARAMETER ;
}
secret_state = talloc ( mem_ctx , struct lsa_secret_state ) ;
if ( ! secret_state ) {
return NT_STATUS_NO_MEMORY ;
}
2005-01-12 05:40:25 +03:00
secret_state - > policy = policy_state ;
2005-01-11 17:04:58 +03:00
msg = ldb_msg_new ( mem_ctx ) ;
if ( msg = = NULL ) {
return NT_STATUS_NO_MEMORY ;
}
if ( strncmp ( " G$ " , r - > in . name . string , 2 ) = = 0 ) {
const char * name2 ;
name = & r - > in . name . string [ 2 ] ;
2005-02-27 14:35:47 +03:00
secret_state - > sam_ldb = talloc_reference ( secret_state , policy_state - > sam_ldb ) ;
2005-01-12 01:16:14 +03:00
secret_state - > global = True ;
2005-01-11 17:04:58 +03:00
if ( strlen ( name ) < 1 ) {
return NT_STATUS_INVALID_PARAMETER ;
}
2005-12-19 10:07:11 +03:00
name2 = talloc_asprintf ( mem_ctx , " %s Secret " , ldb_binary_encode_string ( mem_ctx , name ) ) ;
2005-01-11 17:04:58 +03:00
/* search for the secret record */
2005-03-23 04:30:43 +03:00
ret = gendb_search ( secret_state - > sam_ldb ,
2005-01-11 17:04:58 +03:00
mem_ctx , policy_state - > system_dn , & msgs , attrs ,
" (&(cn=%s)(objectclass=secret)) " ,
name2 ) ;
if ( ret > 0 ) {
return NT_STATUS_OBJECT_NAME_COLLISION ;
}
2006-07-06 09:23:29 +04:00
if ( ret = = - 1 ) {
DEBUG ( 0 , ( " Failure searching for CN=%s: %s \n " ,
name2 , ldb_errstring ( secret_state - > sam_ldb ) ) ) ;
2005-01-11 17:04:58 +03:00
return NT_STATUS_INTERNAL_DB_CORRUPTION ;
}
2006-11-22 03:59:34 +03:00
msg - > dn = ldb_dn_copy ( mem_ctx , policy_state - > system_dn ) ;
if ( ! name2 | | ! ldb_dn_add_child_fmt ( msg - > dn , " cn=%s " , name2 ) ) {
2005-01-11 17:04:58 +03:00
return NT_STATUS_NO_MEMORY ;
}
2005-02-27 14:35:47 +03:00
samdb_msg_add_string ( secret_state - > sam_ldb , mem_ctx , msg , " cn " , name2 ) ;
2005-01-11 17:04:58 +03:00
} else {
2005-01-12 01:16:14 +03:00
secret_state - > global = False ;
2005-01-11 17:04:58 +03:00
name = r - > in . name . string ;
if ( strlen ( name ) < 1 ) {
return NT_STATUS_INVALID_PARAMETER ;
}
2005-02-27 14:35:47 +03:00
secret_state - > sam_ldb = talloc_reference ( secret_state , secrets_db_connect ( mem_ctx ) ) ;
2005-01-11 17:04:58 +03:00
/* search for the secret record */
2005-08-18 19:02:01 +04:00
ret = gendb_search ( secret_state - > sam_ldb , mem_ctx ,
2006-11-22 03:59:34 +03:00
ldb_dn_new ( mem_ctx , secret_state - > sam_ldb , " cn=LSA Secrets " ) ,
2005-08-18 19:02:01 +04:00
& msgs , attrs ,
2005-12-19 10:07:11 +03:00
" (&(cn=%s)(objectclass=secret)) " ,
ldb_binary_encode_string ( mem_ctx , name ) ) ;
2005-01-11 17:04:58 +03:00
if ( ret > 0 ) {
return NT_STATUS_OBJECT_NAME_COLLISION ;
}
2006-07-06 09:23:29 +04:00
if ( ret = = - 1 ) {
DEBUG ( 0 , ( " Failure searching for CN=%s: %s \n " ,
name , ldb_errstring ( secret_state - > sam_ldb ) ) ) ;
2005-01-11 17:04:58 +03:00
return NT_STATUS_INTERNAL_DB_CORRUPTION ;
}
2006-11-22 03:59:34 +03:00
msg - > dn = ldb_dn_new_fmt ( mem_ctx , secret_state - > sam_ldb , " cn=%s,cn=LSA Secrets " , name ) ;
2005-02-27 14:35:47 +03:00
samdb_msg_add_string ( secret_state - > sam_ldb , mem_ctx , msg , " cn " , name ) ;
2005-01-11 17:04:58 +03:00
}
2005-01-12 05:40:25 +03:00
/* pull in all the template attributes. Note this is always from the global samdb */
2006-07-06 09:23:29 +04:00
ret = samdb_copy_template ( secret_state - > policy - > sam_ldb , msg ,
2006-08-14 06:50:18 +04:00
" (&(cn=TemplateSecret)(objectclass=secretTemplate)) " , & errstr ) ;
2005-01-12 05:40:25 +03:00
if ( ret ! = 0 ) {
2006-08-14 06:50:18 +04:00
DEBUG ( 0 , ( " Failed to load TemplateSecret from samdb: %s \n " ,
errstr ) ) ;
2005-01-12 05:40:25 +03:00
return NT_STATUS_INTERNAL_DB_CORRUPTION ;
}
2005-02-27 14:35:47 +03:00
samdb_msg_add_string ( secret_state - > sam_ldb , mem_ctx , msg , " objectClass " , " secret " ) ;
2005-01-11 17:04:58 +03:00
secret_state - > secret_dn = talloc_reference ( secret_state , msg - > dn ) ;
/* create the secret */
2005-02-27 14:35:47 +03:00
ret = samdb_add ( secret_state - > sam_ldb , mem_ctx , msg ) ;
2005-01-11 17:04:58 +03:00
if ( ret ! = 0 ) {
2006-07-06 09:23:29 +04:00
DEBUG ( 0 , ( " Failed to create secret record %s: %s \n " ,
2006-11-22 05:05:19 +03:00
ldb_dn_get_linearized ( msg - > dn ) ,
2006-07-06 09:23:29 +04:00
ldb_errstring ( secret_state - > sam_ldb ) ) ) ;
2005-01-11 17:04:58 +03:00
return NT_STATUS_INTERNAL_DB_CORRUPTION ;
}
handle = dcesrv_handle_new ( dce_call - > context , LSA_HANDLE_SECRET ) ;
if ( ! handle ) {
return NT_STATUS_NO_MEMORY ;
}
handle - > data = talloc_steal ( handle , secret_state ) ;
secret_state - > access_mask = r - > in . access_mask ;
secret_state - > policy = talloc_reference ( secret_state , policy_state ) ;
* r - > out . sec_handle = handle - > wire_handle ;
return NT_STATUS_OK ;
}
2004-05-27 08:13:58 +04:00
/*
lsa_OpenSecret
*/
static NTSTATUS lsa_OpenSecret ( struct dcesrv_call_state * dce_call , TALLOC_CTX * mem_ctx ,
2005-01-11 17:04:58 +03:00
struct lsa_OpenSecret * r )
2004-05-27 08:13:58 +04:00
{
2005-01-11 17:04:58 +03:00
struct dcesrv_handle * policy_handle ;
struct lsa_policy_state * policy_state ;
struct lsa_secret_state * secret_state ;
struct dcesrv_handle * handle ;
struct ldb_message * * msgs ;
const char * attrs [ ] = {
NULL
} ;
const char * name ;
int ret ;
DCESRV_PULL_HANDLE ( policy_handle , r - > in . handle , LSA_HANDLE_POLICY ) ;
ZERO_STRUCTP ( r - > out . sec_handle ) ;
policy_state = policy_handle - > data ;
if ( ! r - > in . name . string ) {
return NT_STATUS_INVALID_PARAMETER ;
}
secret_state = talloc ( mem_ctx , struct lsa_secret_state ) ;
if ( ! secret_state ) {
return NT_STATUS_NO_MEMORY ;
}
2005-01-12 05:40:25 +03:00
secret_state - > policy = policy_state ;
2005-01-11 17:04:58 +03:00
if ( strncmp ( " G$ " , r - > in . name . string , 2 ) = = 0 ) {
name = & r - > in . name . string [ 2 ] ;
2005-02-27 14:35:47 +03:00
secret_state - > sam_ldb = talloc_reference ( secret_state , policy_state - > sam_ldb ) ;
2005-01-12 01:16:14 +03:00
secret_state - > global = True ;
2005-01-11 17:04:58 +03:00
if ( strlen ( name ) < 1 ) {
return NT_STATUS_INVALID_PARAMETER ;
}
/* search for the secret record */
2005-03-23 04:30:43 +03:00
ret = gendb_search ( secret_state - > sam_ldb ,
2005-01-11 17:04:58 +03:00
mem_ctx , policy_state - > system_dn , & msgs , attrs ,
" (&(cn=%s Secret)(objectclass=secret)) " ,
2005-12-19 10:07:11 +03:00
ldb_binary_encode_string ( mem_ctx , name ) ) ;
2005-01-11 17:04:58 +03:00
if ( ret = = 0 ) {
return NT_STATUS_OBJECT_NAME_NOT_FOUND ;
}
if ( ret ! = 1 ) {
2005-08-18 19:02:01 +04:00
DEBUG ( 0 , ( " Found %d records matching DN %s \n " , ret ,
2006-11-22 05:05:19 +03:00
ldb_dn_get_linearized ( policy_state - > system_dn ) ) ) ;
2005-01-11 17:04:58 +03:00
return NT_STATUS_INTERNAL_DB_CORRUPTION ;
}
} else {
2005-02-27 14:35:47 +03:00
secret_state - > sam_ldb = talloc_reference ( secret_state , secrets_db_connect ( mem_ctx ) ) ;
2005-01-12 01:16:14 +03:00
secret_state - > global = False ;
2005-01-11 17:04:58 +03:00
name = r - > in . name . string ;
if ( strlen ( name ) < 1 ) {
return NT_STATUS_INVALID_PARAMETER ;
}
/* search for the secret record */
2005-08-18 19:02:01 +04:00
ret = gendb_search ( secret_state - > sam_ldb , mem_ctx ,
2006-11-22 03:59:34 +03:00
ldb_dn_new ( mem_ctx , secret_state - > sam_ldb , " cn=LSA Secrets " ) ,
2005-08-18 19:02:01 +04:00
& msgs , attrs ,
2005-12-19 10:07:11 +03:00
" (&(cn=%s)(objectclass=secret)) " ,
ldb_binary_encode_string ( mem_ctx , name ) ) ;
2005-01-11 17:04:58 +03:00
if ( ret = = 0 ) {
return NT_STATUS_OBJECT_NAME_NOT_FOUND ;
}
if ( ret ! = 1 ) {
2005-08-18 19:02:01 +04:00
DEBUG ( 0 , ( " Found %d records matching DN %s \n " , ret ,
2006-11-22 05:05:19 +03:00
ldb_dn_get_linearized ( policy_state - > system_dn ) ) ) ;
2005-01-11 17:04:58 +03:00
return NT_STATUS_INTERNAL_DB_CORRUPTION ;
}
}
secret_state - > secret_dn = talloc_reference ( secret_state , msgs [ 0 ] - > dn ) ;
handle = dcesrv_handle_new ( dce_call - > context , LSA_HANDLE_SECRET ) ;
if ( ! handle ) {
return NT_STATUS_NO_MEMORY ;
}
handle - > data = talloc_steal ( handle , secret_state ) ;
secret_state - > access_mask = r - > in . access_mask ;
secret_state - > policy = talloc_reference ( secret_state , policy_state ) ;
* r - > out . sec_handle = handle - > wire_handle ;
return NT_STATUS_OK ;
2004-05-27 08:13:58 +04:00
}
/*
lsa_SetSecret
*/
static NTSTATUS lsa_SetSecret ( struct dcesrv_call_state * dce_call , TALLOC_CTX * mem_ctx ,
2005-01-11 17:04:58 +03:00
struct lsa_SetSecret * r )
2004-05-27 08:13:58 +04:00
{
2005-01-11 17:04:58 +03:00
struct dcesrv_handle * h ;
struct lsa_secret_state * secret_state ;
struct ldb_message * msg ;
DATA_BLOB session_key ;
DATA_BLOB crypt_secret , secret ;
struct ldb_val val ;
int ret ;
NTSTATUS status = NT_STATUS_OK ;
struct timeval now = timeval_current ( ) ;
NTTIME nt_now = timeval_to_nttime ( & now ) ;
DCESRV_PULL_HANDLE ( h , r - > in . sec_handle , LSA_HANDLE_SECRET ) ;
secret_state = h - > data ;
msg = ldb_msg_new ( mem_ctx ) ;
if ( msg = = NULL ) {
return NT_STATUS_NO_MEMORY ;
}
msg - > dn = talloc_reference ( mem_ctx , secret_state - > secret_dn ) ;
if ( ! msg - > dn ) {
return NT_STATUS_NO_MEMORY ;
}
status = dcesrv_fetch_session_key ( dce_call - > conn , & session_key ) ;
if ( ! NT_STATUS_IS_OK ( status ) ) {
return status ;
}
if ( r - > in . old_val ) {
/* Decrypt */
crypt_secret . data = r - > in . old_val - > data ;
crypt_secret . length = r - > in . old_val - > size ;
status = sess_decrypt_blob ( mem_ctx , & crypt_secret , & session_key , & secret ) ;
if ( ! NT_STATUS_IS_OK ( status ) ) {
return status ;
}
val . data = secret . data ;
val . length = secret . length ;
/* set value */
2005-02-27 14:35:47 +03:00
if ( samdb_msg_add_value ( secret_state - > sam_ldb ,
2006-09-11 10:29:58 +04:00
mem_ctx , msg , " priorValue " , & val ) ! = 0 ) {
2005-01-11 17:04:58 +03:00
return NT_STATUS_NO_MEMORY ;
}
/* set old value mtime */
2005-02-27 14:35:47 +03:00
if ( samdb_msg_add_uint64 ( secret_state - > sam_ldb ,
2005-01-11 17:04:58 +03:00
mem_ctx , msg , " priorSetTime " , nt_now ) ! = 0 ) {
return NT_STATUS_NO_MEMORY ;
}
2005-01-12 01:16:14 +03:00
if ( ! r - > in . new_val ) {
/* This behaviour varies depending of if this is a local, or a global secret... */
if ( secret_state - > global ) {
/* set old value mtime */
2005-02-27 14:35:47 +03:00
if ( samdb_msg_add_uint64 ( secret_state - > sam_ldb ,
2005-01-12 01:16:14 +03:00
mem_ctx , msg , " lastSetTime " , nt_now ) ! = 0 ) {
return NT_STATUS_NO_MEMORY ;
}
} else {
2005-02-27 14:35:47 +03:00
if ( samdb_msg_add_delete ( secret_state - > sam_ldb ,
2006-09-11 10:29:58 +04:00
mem_ctx , msg , " currentValue " ) ) {
2005-01-12 01:16:14 +03:00
return NT_STATUS_NO_MEMORY ;
}
2005-02-27 14:35:47 +03:00
if ( samdb_msg_add_delete ( secret_state - > sam_ldb ,
2005-01-12 01:16:14 +03:00
mem_ctx , msg , " lastSetTime " ) ) {
return NT_STATUS_NO_MEMORY ;
}
}
}
2005-01-11 17:04:58 +03:00
}
if ( r - > in . new_val ) {
/* Decrypt */
crypt_secret . data = r - > in . new_val - > data ;
crypt_secret . length = r - > in . new_val - > size ;
status = sess_decrypt_blob ( mem_ctx , & crypt_secret , & session_key , & secret ) ;
if ( ! NT_STATUS_IS_OK ( status ) ) {
return status ;
}
val . data = secret . data ;
val . length = secret . length ;
/* set value */
2005-02-27 14:35:47 +03:00
if ( samdb_msg_add_value ( secret_state - > sam_ldb ,
2006-09-11 10:29:58 +04:00
mem_ctx , msg , " currentValue " , & val ) ! = 0 ) {
2005-01-11 17:04:58 +03:00
return NT_STATUS_NO_MEMORY ;
}
/* set new value mtime */
2005-02-27 14:35:47 +03:00
if ( samdb_msg_add_uint64 ( secret_state - > sam_ldb ,
2005-01-11 17:04:58 +03:00
mem_ctx , msg , " lastSetTime " , nt_now ) ! = 0 ) {
return NT_STATUS_NO_MEMORY ;
}
/* If the old value is not set, then migrate the
* current value to the old value */
if ( ! r - > in . old_val ) {
const struct ldb_val * new_val ;
NTTIME last_set_time ;
struct ldb_message * * res ;
const char * attrs [ ] = {
2006-09-11 10:29:58 +04:00
" currentValue " ,
2005-01-11 17:04:58 +03:00
" lastSetTime " ,
NULL
} ;
/* search for the secret record */
2005-06-14 23:15:17 +04:00
ret = gendb_search_dn ( secret_state - > sam_ldb , mem_ctx ,
secret_state - > secret_dn , & res , attrs ) ;
2005-01-11 17:04:58 +03:00
if ( ret = = 0 ) {
return NT_STATUS_OBJECT_NAME_NOT_FOUND ;
}
if ( ret ! = 1 ) {
2005-08-18 19:02:01 +04:00
DEBUG ( 0 , ( " Found %d records matching dn=%s \n " , ret ,
2006-11-22 05:05:19 +03:00
ldb_dn_get_linearized ( secret_state - > secret_dn ) ) ) ;
2005-01-11 17:04:58 +03:00
return NT_STATUS_INTERNAL_DB_CORRUPTION ;
}
2006-09-11 10:29:58 +04:00
new_val = ldb_msg_find_ldb_val ( res [ 0 ] , " currentValue " ) ;
2006-08-13 12:00:36 +04:00
last_set_time = ldb_msg_find_attr_as_uint64 ( res [ 0 ] , " lastSetTime " , 0 ) ;
2005-01-11 17:04:58 +03:00
if ( new_val ) {
/* set value */
2005-02-27 14:35:47 +03:00
if ( samdb_msg_add_value ( secret_state - > sam_ldb ,
2006-09-11 10:29:58 +04:00
mem_ctx , msg , " priorValue " ,
2005-01-11 17:04:58 +03:00
new_val ) ! = 0 ) {
return NT_STATUS_NO_MEMORY ;
}
}
/* set new value mtime */
if ( ldb_msg_find_ldb_val ( res [ 0 ] , " lastSetTime " ) ) {
2005-02-27 14:35:47 +03:00
if ( samdb_msg_add_uint64 ( secret_state - > sam_ldb ,
2005-01-11 17:04:58 +03:00
mem_ctx , msg , " priorSetTime " , last_set_time ) ! = 0 ) {
return NT_STATUS_NO_MEMORY ;
}
}
}
}
/* modify the samdb record */
2005-02-27 14:35:47 +03:00
ret = samdb_replace ( secret_state - > sam_ldb , mem_ctx , msg ) ;
2005-01-11 17:04:58 +03:00
if ( ret ! = 0 ) {
/* we really need samdb.c to return NTSTATUS */
return NT_STATUS_UNSUCCESSFUL ;
}
return NT_STATUS_OK ;
2004-05-27 08:13:58 +04:00
}
/*
lsa_QuerySecret
*/
static NTSTATUS lsa_QuerySecret ( struct dcesrv_call_state * dce_call , TALLOC_CTX * mem_ctx ,
2005-01-11 17:04:58 +03:00
struct lsa_QuerySecret * r )
2004-05-27 08:13:58 +04:00
{
2005-01-11 17:04:58 +03:00
struct dcesrv_handle * h ;
struct lsa_secret_state * secret_state ;
struct ldb_message * msg ;
DATA_BLOB session_key ;
DATA_BLOB crypt_secret , secret ;
int ret ;
struct ldb_message * * res ;
const char * attrs [ ] = {
2006-09-11 10:29:58 +04:00
" currentValue " ,
" priorValue " ,
2005-01-11 17:04:58 +03:00
" lastSetTime " ,
" priorSetTime " ,
NULL
} ;
NTSTATUS nt_status ;
DCESRV_PULL_HANDLE ( h , r - > in . sec_handle , LSA_HANDLE_SECRET ) ;
secret_state = h - > data ;
/* pull all the user attributes */
2005-06-14 23:15:17 +04:00
ret = gendb_search_dn ( secret_state - > sam_ldb , mem_ctx ,
secret_state - > secret_dn , & res , attrs ) ;
2005-01-11 17:04:58 +03:00
if ( ret ! = 1 ) {
return NT_STATUS_INTERNAL_DB_CORRUPTION ;
}
msg = res [ 0 ] ;
nt_status = dcesrv_fetch_session_key ( dce_call - > conn , & session_key ) ;
if ( ! NT_STATUS_IS_OK ( nt_status ) ) {
return nt_status ;
}
if ( r - > in . old_val ) {
const struct ldb_val * prior_val ;
2005-01-12 01:16:14 +03:00
r - > out . old_val = talloc_zero ( mem_ctx , struct lsa_DATA_BUF_PTR ) ;
if ( ! r - > out . old_val ) {
return NT_STATUS_NO_MEMORY ;
}
2006-09-11 10:29:58 +04:00
prior_val = ldb_msg_find_ldb_val ( res [ 0 ] , " priorValue " ) ;
2005-01-11 17:04:58 +03:00
if ( prior_val & & prior_val - > length ) {
secret . data = prior_val - > data ;
secret . length = prior_val - > length ;
2006-11-13 06:20:24 +03:00
/* Encrypt */
2005-01-11 17:04:58 +03:00
crypt_secret = sess_encrypt_blob ( mem_ctx , & secret , & session_key ) ;
if ( ! crypt_secret . length ) {
return NT_STATUS_NO_MEMORY ;
}
r - > out . old_val - > buf = talloc ( mem_ctx , struct lsa_DATA_BUF ) ;
2005-01-12 01:16:14 +03:00
if ( ! r - > out . old_val - > buf ) {
return NT_STATUS_NO_MEMORY ;
}
2005-01-11 17:04:58 +03:00
r - > out . old_val - > buf - > size = crypt_secret . length ;
r - > out . old_val - > buf - > length = crypt_secret . length ;
r - > out . old_val - > buf - > data = crypt_secret . data ;
}
}
if ( r - > in . old_mtime ) {
2005-01-27 09:16:59 +03:00
r - > out . old_mtime = talloc ( mem_ctx , NTTIME ) ;
2005-01-11 17:04:58 +03:00
if ( ! r - > out . old_mtime ) {
return NT_STATUS_NO_MEMORY ;
}
2006-08-13 12:00:36 +04:00
* r - > out . old_mtime = ldb_msg_find_attr_as_uint64 ( res [ 0 ] , " priorSetTime " , 0 ) ;
2005-01-11 17:04:58 +03:00
}
if ( r - > in . new_val ) {
const struct ldb_val * new_val ;
2005-01-12 01:16:14 +03:00
r - > out . new_val = talloc_zero ( mem_ctx , struct lsa_DATA_BUF_PTR ) ;
if ( ! r - > out . new_val ) {
return NT_STATUS_NO_MEMORY ;
}
2006-09-11 10:29:58 +04:00
new_val = ldb_msg_find_ldb_val ( res [ 0 ] , " currentValue " ) ;
2005-01-11 17:04:58 +03:00
if ( new_val & & new_val - > length ) {
secret . data = new_val - > data ;
secret . length = new_val - > length ;
2006-11-13 06:20:24 +03:00
/* Encrypt */
2005-01-11 17:04:58 +03:00
crypt_secret = sess_encrypt_blob ( mem_ctx , & secret , & session_key ) ;
if ( ! crypt_secret . length ) {
return NT_STATUS_NO_MEMORY ;
}
r - > out . new_val - > buf = talloc ( mem_ctx , struct lsa_DATA_BUF ) ;
2005-01-12 01:16:14 +03:00
if ( ! r - > out . new_val - > buf ) {
return NT_STATUS_NO_MEMORY ;
}
2005-01-11 17:04:58 +03:00
r - > out . new_val - > buf - > length = crypt_secret . length ;
r - > out . new_val - > buf - > size = crypt_secret . length ;
r - > out . new_val - > buf - > data = crypt_secret . data ;
}
}
if ( r - > in . new_mtime ) {
2005-01-27 09:16:59 +03:00
r - > out . new_mtime = talloc ( mem_ctx , NTTIME ) ;
2005-01-11 17:04:58 +03:00
if ( ! r - > out . new_mtime ) {
return NT_STATUS_NO_MEMORY ;
}
2006-08-13 12:00:36 +04:00
* r - > out . new_mtime = ldb_msg_find_attr_as_uint64 ( res [ 0 ] , " lastSetTime " , 0 ) ;
2005-01-11 17:04:58 +03:00
}
return NT_STATUS_OK ;
2004-05-27 08:13:58 +04:00
}
/*
2004-08-14 05:11:34 +04:00
lsa_LookupPrivValue
2004-05-27 08:13:58 +04:00
*/
2004-12-14 08:32:51 +03:00
static NTSTATUS lsa_LookupPrivValue ( struct dcesrv_call_state * dce_call ,
TALLOC_CTX * mem_ctx ,
struct lsa_LookupPrivValue * r )
2004-05-27 08:13:58 +04:00
{
2004-12-14 08:32:51 +03:00
struct dcesrv_handle * h ;
struct lsa_policy_state * state ;
int id ;
DCESRV_PULL_HANDLE ( h , r - > in . handle , LSA_HANDLE_POLICY ) ;
state = h - > data ;
id = sec_privilege_id ( r - > in . name - > string ) ;
if ( id = = - 1 ) {
return NT_STATUS_NO_SUCH_PRIVILEGE ;
}
r - > out . luid - > low = id ;
r - > out . luid - > high = 0 ;
return NT_STATUS_OK ;
2004-05-27 08:13:58 +04:00
}
/*
lsa_LookupPrivName
*/
2004-12-14 08:32:51 +03:00
static NTSTATUS lsa_LookupPrivName ( struct dcesrv_call_state * dce_call ,
TALLOC_CTX * mem_ctx ,
struct lsa_LookupPrivName * r )
2004-05-27 08:13:58 +04:00
{
2004-12-14 08:51:01 +03:00
struct dcesrv_handle * h ;
struct lsa_policy_state * state ;
const char * privname ;
DCESRV_PULL_HANDLE ( h , r - > in . handle , LSA_HANDLE_POLICY ) ;
state = h - > data ;
if ( r - > in . luid - > high ! = 0 ) {
return NT_STATUS_NO_SUCH_PRIVILEGE ;
}
privname = sec_privilege_name ( r - > in . luid - > low ) ;
if ( privname = = NULL ) {
return NT_STATUS_NO_SUCH_PRIVILEGE ;
}
2006-01-09 18:50:08 +03:00
r - > out . name = talloc ( mem_ctx , struct lsa_StringLarge ) ;
2004-12-14 08:51:01 +03:00
if ( r - > out . name = = NULL ) {
return NT_STATUS_NO_MEMORY ;
}
r - > out . name - > string = privname ;
return NT_STATUS_OK ;
2004-05-27 08:13:58 +04:00
}
/*
2004-08-14 05:11:34 +04:00
lsa_LookupPrivDisplayName
2004-05-27 08:13:58 +04:00
*/
2004-12-14 08:51:01 +03:00
static NTSTATUS lsa_LookupPrivDisplayName ( struct dcesrv_call_state * dce_call ,
TALLOC_CTX * mem_ctx ,
struct lsa_LookupPrivDisplayName * r )
2004-05-27 08:13:58 +04:00
{
2004-12-14 08:51:01 +03:00
struct dcesrv_handle * h ;
struct lsa_policy_state * state ;
int id ;
DCESRV_PULL_HANDLE ( h , r - > in . handle , LSA_HANDLE_POLICY ) ;
state = h - > data ;
id = sec_privilege_id ( r - > in . name - > string ) ;
if ( id = = - 1 ) {
return NT_STATUS_NO_SUCH_PRIVILEGE ;
}
2006-01-09 18:50:08 +03:00
r - > out . disp_name = talloc ( mem_ctx , struct lsa_StringLarge ) ;
2004-12-14 08:51:01 +03:00
if ( r - > out . disp_name = = NULL ) {
return NT_STATUS_NO_MEMORY ;
}
r - > out . disp_name - > string = sec_privilege_display_name ( id , r - > in . language_id ) ;
if ( r - > out . disp_name - > string = = NULL ) {
return NT_STATUS_INTERNAL_ERROR ;
}
return NT_STATUS_OK ;
2004-05-27 08:13:58 +04:00
}
/*
2004-08-14 05:11:34 +04:00
lsa_DeleteObject
2004-05-27 08:13:58 +04:00
*/
2004-08-14 05:11:34 +04:00
static NTSTATUS lsa_DeleteObject ( struct dcesrv_call_state * dce_call , TALLOC_CTX * mem_ctx ,
struct lsa_DeleteObject * r )
2004-05-27 08:13:58 +04:00
{
DCESRV_FAULT ( DCERPC_FAULT_OP_RNG_ERROR ) ;
}
/*
2004-08-14 05:11:34 +04:00
lsa_EnumAccountsWithUserRight
2004-05-27 08:13:58 +04:00
*/
2004-12-14 08:07:29 +03:00
static NTSTATUS lsa_EnumAccountsWithUserRight ( struct dcesrv_call_state * dce_call ,
TALLOC_CTX * mem_ctx ,
struct lsa_EnumAccountsWithUserRight * r )
2004-05-27 08:13:58 +04:00
{
2004-12-14 08:07:29 +03:00
struct dcesrv_handle * h ;
struct lsa_policy_state * state ;
int ret , i ;
struct ldb_message * * res ;
const char * const attrs [ ] = { " objectSid " , NULL } ;
const char * privname ;
DCESRV_PULL_HANDLE ( h , r - > in . handle , LSA_HANDLE_POLICY ) ;
state = h - > data ;
if ( r - > in . name = = NULL ) {
return NT_STATUS_NO_SUCH_PRIVILEGE ;
}
privname = r - > in . name - > string ;
if ( sec_privilege_id ( privname ) = = - 1 ) {
return NT_STATUS_NO_SUCH_PRIVILEGE ;
}
2006-08-25 11:08:06 +04:00
ret = gendb_search ( state - > sam_ldb , mem_ctx , NULL , & res , attrs ,
2004-12-14 08:07:29 +03:00
" privilege=%s " , privname ) ;
2006-07-06 09:23:29 +04:00
if ( ret = = - 1 ) {
return NT_STATUS_INTERNAL_DB_CORRUPTION ;
}
if ( ret = = 0 ) {
return NT_STATUS_NO_MORE_ENTRIES ;
2004-12-14 08:07:29 +03:00
}
2005-01-27 10:08:20 +03:00
r - > out . sids - > sids = talloc_array ( r - > out . sids , struct lsa_SidPtr , ret ) ;
2004-12-14 08:07:29 +03:00
if ( r - > out . sids - > sids = = NULL ) {
return NT_STATUS_NO_MEMORY ;
}
for ( i = 0 ; i < ret ; i + + ) {
2005-06-24 04:18:20 +04:00
r - > out . sids - > sids [ i ] . sid = samdb_result_dom_sid ( r - > out . sids - > sids ,
res [ i ] , " objectSid " ) ;
NT_STATUS_HAVE_NO_MEMORY ( r - > out . sids - > sids [ i ] . sid ) ;
2004-12-14 08:07:29 +03:00
}
r - > out . sids - > num_sids = ret ;
return NT_STATUS_OK ;
2004-05-27 08:13:58 +04:00
}
2004-12-14 09:17:33 +03:00
/*
lsa_AddAccountRights
*/
static NTSTATUS lsa_AddAccountRights ( struct dcesrv_call_state * dce_call ,
TALLOC_CTX * mem_ctx ,
struct lsa_AddAccountRights * r )
{
struct dcesrv_handle * h ;
struct lsa_policy_state * state ;
DCESRV_PULL_HANDLE ( h , r - > in . handle , LSA_HANDLE_POLICY ) ;
state = h - > data ;
return lsa_AddRemoveAccountRights ( dce_call , mem_ctx , state ,
LDB_FLAG_MOD_ADD ,
r - > in . sid , r - > in . rights ) ;
}
2004-05-27 08:13:58 +04:00
/*
2004-08-14 05:11:34 +04:00
lsa_RemoveAccountRights
2004-05-27 08:13:58 +04:00
*/
2004-12-14 09:10:45 +03:00
static NTSTATUS lsa_RemoveAccountRights ( struct dcesrv_call_state * dce_call ,
TALLOC_CTX * mem_ctx ,
struct lsa_RemoveAccountRights * r )
2004-05-27 08:13:58 +04:00
{
2004-12-14 09:17:33 +03:00
struct dcesrv_handle * h ;
struct lsa_policy_state * state ;
DCESRV_PULL_HANDLE ( h , r - > in . handle , LSA_HANDLE_POLICY ) ;
state = h - > data ;
return lsa_AddRemoveAccountRights ( dce_call , mem_ctx , state ,
LDB_FLAG_MOD_DELETE ,
r - > in . sid , r - > in . rights ) ;
2004-05-27 08:13:58 +04:00
}
/*
2004-08-14 05:11:34 +04:00
lsa_StorePrivateData
2004-05-27 08:13:58 +04:00
*/
2004-08-14 05:11:34 +04:00
static NTSTATUS lsa_StorePrivateData ( struct dcesrv_call_state * dce_call , TALLOC_CTX * mem_ctx ,
struct lsa_StorePrivateData * r )
2004-05-27 08:13:58 +04:00
{
DCESRV_FAULT ( DCERPC_FAULT_OP_RNG_ERROR ) ;
}
/*
2004-08-14 05:11:34 +04:00
lsa_RetrievePrivateData
2004-05-27 08:13:58 +04:00
*/
2004-08-14 05:11:34 +04:00
static NTSTATUS lsa_RetrievePrivateData ( struct dcesrv_call_state * dce_call , TALLOC_CTX * mem_ctx ,
struct lsa_RetrievePrivateData * r )
2004-05-27 08:13:58 +04:00
{
DCESRV_FAULT ( DCERPC_FAULT_OP_RNG_ERROR ) ;
}
/*
2004-08-14 05:11:34 +04:00
lsa_GetUserName
2004-05-27 08:13:58 +04:00
*/
2004-08-14 05:11:34 +04:00
static NTSTATUS lsa_GetUserName ( struct dcesrv_call_state * dce_call , TALLOC_CTX * mem_ctx ,
2005-10-06 15:15:20 +04:00
struct lsa_GetUserName * r )
2004-05-27 08:13:58 +04:00
{
2004-12-21 15:22:57 +03:00
NTSTATUS status = NT_STATUS_OK ;
const char * account_name ;
const char * authority_name ;
struct lsa_String * _account_name ;
struct lsa_StringPointer * _authority_name = NULL ;
/* this is what w2k3 does */
r - > out . account_name = r - > in . account_name ;
r - > out . authority_name = r - > in . authority_name ;
if ( r - > in . account_name & & r - > in . account_name - > string ) {
return NT_STATUS_INVALID_PARAMETER ;
}
if ( r - > in . authority_name & &
r - > in . authority_name - > string & &
r - > in . authority_name - > string - > string ) {
return NT_STATUS_INVALID_PARAMETER ;
}
2004-12-23 06:02:57 +03:00
account_name = talloc_reference ( mem_ctx , dce_call - > conn - > auth_state . session_info - > server_info - > account_name ) ;
2005-01-09 15:55:25 +03:00
authority_name = talloc_reference ( mem_ctx , dce_call - > conn - > auth_state . session_info - > server_info - > domain_name ) ;
2004-12-21 15:22:57 +03:00
2005-01-27 10:08:20 +03:00
_account_name = talloc ( mem_ctx , struct lsa_String ) ;
2006-04-29 15:48:56 +04:00
NT_STATUS_HAVE_NO_MEMORY ( _account_name ) ;
2004-12-21 15:22:57 +03:00
_account_name - > string = account_name ;
if ( r - > in . authority_name ) {
2005-01-27 10:08:20 +03:00
_authority_name = talloc ( mem_ctx , struct lsa_StringPointer ) ;
2006-04-29 15:48:56 +04:00
NT_STATUS_HAVE_NO_MEMORY ( _authority_name ) ;
2005-01-27 10:08:20 +03:00
_authority_name - > string = talloc ( mem_ctx , struct lsa_String ) ;
2006-04-29 15:48:56 +04:00
NT_STATUS_HAVE_NO_MEMORY ( _authority_name - > string ) ;
2004-12-21 15:22:57 +03:00
_authority_name - > string - > string = authority_name ;
}
r - > out . account_name = _account_name ;
r - > out . authority_name = _authority_name ;
return status ;
2004-05-27 08:13:58 +04:00
}
2004-08-14 05:11:34 +04:00
/*
lsa_SetInfoPolicy2
*/
static NTSTATUS lsa_SetInfoPolicy2 ( struct dcesrv_call_state * dce_call ,
TALLOC_CTX * mem_ctx ,
struct lsa_SetInfoPolicy2 * r )
{
DCESRV_FAULT ( DCERPC_FAULT_OP_RNG_ERROR ) ;
}
/*
lsa_QueryDomainInformationPolicy
*/
static NTSTATUS lsa_QueryDomainInformationPolicy ( struct dcesrv_call_state * dce_call ,
TALLOC_CTX * mem_ctx ,
struct lsa_QueryDomainInformationPolicy * r )
{
DCESRV_FAULT ( DCERPC_FAULT_OP_RNG_ERROR ) ;
}
/*
lsa_SetDomInfoPolicy
*/
2005-09-01 14:36:48 +04:00
static NTSTATUS lsa_SetDomainInformationPolicy ( struct dcesrv_call_state * dce_call ,
TALLOC_CTX * mem_ctx ,
struct lsa_SetDomainInformationPolicy * r )
2004-08-14 05:11:34 +04:00
{
DCESRV_FAULT ( DCERPC_FAULT_OP_RNG_ERROR ) ;
}
/*
lsa_TestCall
*/
static NTSTATUS lsa_TestCall ( struct dcesrv_call_state * dce_call ,
TALLOC_CTX * mem_ctx ,
struct lsa_TestCall * r )
{
DCESRV_FAULT ( DCERPC_FAULT_OP_RNG_ERROR ) ;
}
2004-11-30 07:34:18 +03:00
/*
lookup a SID for 1 name
*/
static NTSTATUS lsa_lookup_name ( struct lsa_policy_state * state , TALLOC_CTX * mem_ctx ,
const char * name , struct dom_sid * * sid , uint32_t * atype )
{
int ret ;
struct ldb_message * * res ;
const char * const attrs [ ] = { " objectSid " , " sAMAccountType " , NULL } ;
2004-12-31 11:54:59 +03:00
const char * p ;
p = strchr_m ( name , ' \\ ' ) ;
if ( p ! = NULL ) {
/* TODO: properly parse the domain prefix here, and use it to
limit the search */
name = p + 1 ;
}
2004-11-30 07:34:18 +03:00
2005-12-19 10:07:11 +03:00
ret = gendb_search ( state - > sam_ldb , mem_ctx , NULL , & res , attrs , " sAMAccountName=%s " , ldb_binary_encode_string ( mem_ctx , name ) ) ;
2004-11-30 07:34:18 +03:00
if ( ret = = 1 ) {
2005-06-24 04:18:20 +04:00
* sid = samdb_result_dom_sid ( mem_ctx , res [ 0 ] , " objectSid " ) ;
2004-11-30 07:34:18 +03:00
if ( * sid = = NULL ) {
return NT_STATUS_INVALID_SID ;
}
* atype = samdb_result_uint ( res [ 0 ] , " sAMAccountType " , 0 ) ;
return NT_STATUS_OK ;
}
/* need to add a call into sidmap to check for a allocated sid */
return NT_STATUS_INVALID_SID ;
}
2004-12-31 11:54:59 +03:00
/*
2006-09-11 09:11:10 +04:00
lsa_LookupNames3
2004-12-31 11:54:59 +03:00
*/
2006-09-11 09:11:10 +04:00
static NTSTATUS lsa_LookupNames3 ( struct dcesrv_call_state * dce_call ,
2004-12-31 11:54:59 +03:00
TALLOC_CTX * mem_ctx ,
2006-09-11 09:11:10 +04:00
struct lsa_LookupNames3 * r )
2004-12-31 11:54:59 +03:00
{
2006-09-11 09:11:10 +04:00
struct lsa_policy_state * policy_state ;
struct dcesrv_handle * policy_handle ;
2004-12-31 11:54:59 +03:00
int i ;
NTSTATUS status = NT_STATUS_OK ;
2006-09-11 09:11:10 +04:00
DCESRV_PULL_HANDLE ( policy_handle , r - > in . handle , LSA_HANDLE_POLICY ) ;
policy_state = policy_handle - > data ;
2005-10-25 16:39:14 +04:00
2004-12-31 11:54:59 +03:00
r - > out . domains = NULL ;
2005-01-27 10:08:20 +03:00
r - > out . domains = talloc_zero ( mem_ctx , struct lsa_RefDomainList ) ;
2004-12-31 11:54:59 +03:00
if ( r - > out . domains = = NULL ) {
return NT_STATUS_NO_MEMORY ;
}
2005-01-27 10:08:20 +03:00
r - > out . sids = talloc_zero ( mem_ctx , struct lsa_TransSidArray3 ) ;
2004-12-31 11:54:59 +03:00
if ( r - > out . sids = = NULL ) {
return NT_STATUS_NO_MEMORY ;
}
* r - > out . count = 0 ;
2005-01-27 10:08:20 +03:00
r - > out . sids - > sids = talloc_array ( r - > out . sids , struct lsa_TranslatedSid3 ,
2004-12-31 11:54:59 +03:00
r - > in . num_names ) ;
if ( r - > out . sids - > sids = = NULL ) {
return NT_STATUS_NO_MEMORY ;
}
for ( i = 0 ; i < r - > in . num_names ; i + + ) {
const char * name = r - > in . names [ i ] . string ;
struct dom_sid * sid ;
uint32_t atype , rtype , sid_index ;
NTSTATUS status2 ;
r - > out . sids - > count + + ;
( * r - > out . count ) + + ;
r - > out . sids - > sids [ i ] . sid_type = SID_NAME_UNKNOWN ;
r - > out . sids - > sids [ i ] . sid = NULL ;
r - > out . sids - > sids [ i ] . sid_index = 0xFFFFFFFF ;
r - > out . sids - > sids [ i ] . unknown = 0 ;
2006-09-11 09:11:10 +04:00
status2 = lsa_lookup_name ( policy_state , mem_ctx , name , & sid , & atype ) ;
2004-12-31 11:54:59 +03:00
if ( ! NT_STATUS_IS_OK ( status2 ) | | sid - > num_auths = = 0 ) {
status = STATUS_SOME_UNMAPPED ;
continue ;
}
rtype = samdb_atype_map ( atype ) ;
if ( rtype = = SID_NAME_UNKNOWN ) {
status = STATUS_SOME_UNMAPPED ;
continue ;
}
2006-09-11 09:11:10 +04:00
status2 = lsa_authority_list ( policy_state , mem_ctx , sid , r - > out . domains , & sid_index ) ;
2004-12-31 11:54:59 +03:00
if ( ! NT_STATUS_IS_OK ( status2 ) ) {
return status2 ;
}
r - > out . sids - > sids [ i ] . sid_type = rtype ;
r - > out . sids - > sids [ i ] . sid = sid ;
r - > out . sids - > sids [ i ] . sid_index = sid_index ;
r - > out . sids - > sids [ i ] . unknown = 0 ;
}
return status ;
}
2005-10-25 16:15:29 +04:00
/*
2006-09-11 09:11:10 +04:00
lsa_LookupNames4
Identical to LookupNames3 , but doesn ' t take a policy handle
2005-10-25 16:15:29 +04:00
*/
2006-09-11 09:11:10 +04:00
static NTSTATUS lsa_LookupNames4 ( struct dcesrv_call_state * dce_call , TALLOC_CTX * mem_ctx ,
struct lsa_LookupNames4 * r )
2005-10-25 16:15:29 +04:00
{
2006-09-11 09:11:10 +04:00
struct lsa_LookupNames3 r2 ;
struct lsa_OpenPolicy2 pol ;
2005-10-25 16:15:29 +04:00
NTSTATUS status ;
struct dcesrv_handle * h ;
2006-09-11 09:11:10 +04:00
/* No policy handle on the wire, so make one up here */
r2 . in . handle = talloc ( mem_ctx , struct policy_handle ) ;
if ( ! r2 . in . handle ) {
return NT_STATUS_NO_MEMORY ;
}
pol . out . handle = r2 . in . handle ;
pol . in . access_mask = SEC_FLAG_MAXIMUM_ALLOWED ;
pol . in . attr = NULL ;
pol . in . system_name = NULL ;
status = lsa_OpenPolicy2 ( dce_call , mem_ctx , & pol ) ;
if ( ! NT_STATUS_IS_OK ( status ) ) {
return status ;
}
/* ensure this handle goes away at the end of this call */
DCESRV_PULL_HANDLE ( h , r2 . in . handle , LSA_HANDLE_POLICY ) ;
talloc_steal ( mem_ctx , h ) ;
2005-10-25 16:15:29 +04:00
r2 . in . num_names = r - > in . num_names ;
r2 . in . names = r - > in . names ;
r2 . in . sids = r - > in . sids ;
r2 . in . count = r - > in . count ;
r2 . in . unknown1 = r - > in . unknown1 ;
r2 . in . unknown2 = r - > in . unknown2 ;
2005-10-25 16:39:14 +04:00
r2 . out . domains = r - > out . domains ;
r2 . out . sids = r - > out . sids ;
r2 . out . count = r - > out . count ;
2005-10-25 16:15:29 +04:00
2006-09-11 09:11:10 +04:00
status = lsa_LookupNames3 ( dce_call , mem_ctx , & r2 ) ;
2005-10-25 16:15:29 +04:00
if ( dce_call - > fault_code ! = 0 ) {
return status ;
}
r - > out . domains = r2 . out . domains ;
r - > out . sids = r2 . out . sids ;
r - > out . count = r2 . out . count ;
return status ;
}
2004-08-14 05:11:34 +04:00
/*
lsa_LookupNames2
*/
static NTSTATUS lsa_LookupNames2 ( struct dcesrv_call_state * dce_call ,
TALLOC_CTX * mem_ctx ,
struct lsa_LookupNames2 * r )
{
2004-11-26 16:02:58 +03:00
struct lsa_policy_state * state ;
struct dcesrv_handle * h ;
int i ;
NTSTATUS status = NT_STATUS_OK ;
r - > out . domains = NULL ;
DCESRV_PULL_HANDLE ( h , r - > in . handle , LSA_HANDLE_POLICY ) ;
state = h - > data ;
2005-01-27 10:08:20 +03:00
r - > out . domains = talloc_zero ( mem_ctx , struct lsa_RefDomainList ) ;
2004-11-26 16:02:58 +03:00
if ( r - > out . domains = = NULL ) {
return NT_STATUS_NO_MEMORY ;
}
2005-01-27 10:08:20 +03:00
r - > out . sids = talloc_zero ( mem_ctx , struct lsa_TransSidArray2 ) ;
2004-11-26 16:02:58 +03:00
if ( r - > out . sids = = NULL ) {
return NT_STATUS_NO_MEMORY ;
}
* r - > out . count = 0 ;
2005-01-27 10:08:20 +03:00
r - > out . sids - > sids = talloc_array ( r - > out . sids , struct lsa_TranslatedSid2 ,
2004-11-26 16:02:58 +03:00
r - > in . num_names ) ;
if ( r - > out . sids - > sids = = NULL ) {
return NT_STATUS_NO_MEMORY ;
}
for ( i = 0 ; i < r - > in . num_names ; i + + ) {
const char * name = r - > in . names [ i ] . string ;
struct dom_sid * sid ;
2004-11-29 09:19:50 +03:00
uint32_t atype , rtype , sid_index ;
2004-11-26 16:02:58 +03:00
NTSTATUS status2 ;
r - > out . sids - > count + + ;
( * r - > out . count ) + + ;
r - > out . sids - > sids [ i ] . sid_type = SID_NAME_UNKNOWN ;
r - > out . sids - > sids [ i ] . rid = 0xFFFFFFFF ;
r - > out . sids - > sids [ i ] . sid_index = 0xFFFFFFFF ;
r - > out . sids - > sids [ i ] . unknown = 0 ;
2004-11-30 07:34:18 +03:00
status2 = lsa_lookup_name ( state , mem_ctx , name , & sid , & atype ) ;
2004-12-15 01:18:33 +03:00
if ( ! NT_STATUS_IS_OK ( status2 ) | | sid - > num_auths = = 0 ) {
2004-11-26 16:02:58 +03:00
status = STATUS_SOME_UNMAPPED ;
continue ;
}
rtype = samdb_atype_map ( atype ) ;
if ( rtype = = SID_NAME_UNKNOWN ) {
status = STATUS_SOME_UNMAPPED ;
continue ;
}
2004-11-29 09:19:50 +03:00
status2 = lsa_authority_list ( state , mem_ctx , sid , r - > out . domains , & sid_index ) ;
2004-11-26 16:02:58 +03:00
if ( ! NT_STATUS_IS_OK ( status2 ) ) {
return status2 ;
}
2004-11-29 09:19:50 +03:00
r - > out . sids - > sids [ i ] . sid_type = rtype ;
r - > out . sids - > sids [ i ] . rid = sid - > sub_auths [ sid - > num_auths - 1 ] ;
r - > out . sids - > sids [ i ] . sid_index = sid_index ;
r - > out . sids - > sids [ i ] . unknown = 0 ;
2004-11-26 16:02:58 +03:00
}
return status ;
}
/*
lsa_LookupNames
*/
static NTSTATUS lsa_LookupNames ( struct dcesrv_call_state * dce_call , TALLOC_CTX * mem_ctx ,
struct lsa_LookupNames * r )
{
struct lsa_LookupNames2 r2 ;
NTSTATUS status ;
int i ;
r2 . in . handle = r - > in . handle ;
r2 . in . num_names = r - > in . num_names ;
r2 . in . names = r - > in . names ;
r2 . in . sids = NULL ;
r2 . in . level = r - > in . level ;
r2 . in . count = r - > in . count ;
r2 . in . unknown1 = 0 ;
r2 . in . unknown2 = 0 ;
r2 . out . count = r - > out . count ;
status = lsa_LookupNames2 ( dce_call , mem_ctx , & r2 ) ;
if ( dce_call - > fault_code ! = 0 ) {
return status ;
}
r - > out . domains = r2 . out . domains ;
2005-01-27 10:08:20 +03:00
r - > out . sids = talloc ( mem_ctx , struct lsa_TransSidArray ) ;
2004-11-26 16:02:58 +03:00
if ( r - > out . sids = = NULL ) {
return NT_STATUS_NO_MEMORY ;
}
r - > out . sids - > count = r2 . out . sids - > count ;
2005-01-27 10:08:20 +03:00
r - > out . sids - > sids = talloc_array ( r - > out . sids , struct lsa_TranslatedSid ,
2004-11-26 16:02:58 +03:00
r - > out . sids - > count ) ;
if ( r - > out . sids - > sids = = NULL ) {
return NT_STATUS_NO_MEMORY ;
}
for ( i = 0 ; i < r - > out . sids - > count ; i + + ) {
r - > out . sids - > sids [ i ] . sid_type = r2 . out . sids - > sids [ i ] . sid_type ;
r - > out . sids - > sids [ i ] . rid = r2 . out . sids - > sids [ i ] . rid ;
r - > out . sids - > sids [ i ] . sid_index = r2 . out . sids - > sids [ i ] . sid_index ;
}
return status ;
2004-08-14 05:11:34 +04:00
}
2004-12-31 09:08:43 +03:00
/*
lsa_CREDRWRITE
*/
static NTSTATUS lsa_CREDRWRITE ( struct dcesrv_call_state * dce_call , TALLOC_CTX * mem_ctx ,
struct lsa_CREDRWRITE * r )
{
DCESRV_FAULT ( DCERPC_FAULT_OP_RNG_ERROR ) ;
}
/*
lsa_CREDRREAD
*/
static NTSTATUS lsa_CREDRREAD ( struct dcesrv_call_state * dce_call , TALLOC_CTX * mem_ctx ,
struct lsa_CREDRREAD * r )
{
DCESRV_FAULT ( DCERPC_FAULT_OP_RNG_ERROR ) ;
}
/*
lsa_CREDRENUMERATE
*/
static NTSTATUS lsa_CREDRENUMERATE ( struct dcesrv_call_state * dce_call , TALLOC_CTX * mem_ctx ,
struct lsa_CREDRENUMERATE * r )
{
DCESRV_FAULT ( DCERPC_FAULT_OP_RNG_ERROR ) ;
}
/*
lsa_CREDRWRITEDOMAINCREDENTIALS
*/
static NTSTATUS lsa_CREDRWRITEDOMAINCREDENTIALS ( struct dcesrv_call_state * dce_call , TALLOC_CTX * mem_ctx ,
struct lsa_CREDRWRITEDOMAINCREDENTIALS * r )
{
DCESRV_FAULT ( DCERPC_FAULT_OP_RNG_ERROR ) ;
}
/*
lsa_CREDRREADDOMAINCREDENTIALS
*/
static NTSTATUS lsa_CREDRREADDOMAINCREDENTIALS ( struct dcesrv_call_state * dce_call , TALLOC_CTX * mem_ctx ,
struct lsa_CREDRREADDOMAINCREDENTIALS * r )
{
DCESRV_FAULT ( DCERPC_FAULT_OP_RNG_ERROR ) ;
}
/*
lsa_CREDRDELETE
*/
static NTSTATUS lsa_CREDRDELETE ( struct dcesrv_call_state * dce_call , TALLOC_CTX * mem_ctx ,
struct lsa_CREDRDELETE * r )
{
DCESRV_FAULT ( DCERPC_FAULT_OP_RNG_ERROR ) ;
}
/*
lsa_CREDRGETTARGETINFO
*/
static NTSTATUS lsa_CREDRGETTARGETINFO ( struct dcesrv_call_state * dce_call , TALLOC_CTX * mem_ctx ,
struct lsa_CREDRGETTARGETINFO * r )
{
DCESRV_FAULT ( DCERPC_FAULT_OP_RNG_ERROR ) ;
}
/*
lsa_CREDRPROFILELOADED
*/
static NTSTATUS lsa_CREDRPROFILELOADED ( struct dcesrv_call_state * dce_call , TALLOC_CTX * mem_ctx ,
struct lsa_CREDRPROFILELOADED * r )
{
DCESRV_FAULT ( DCERPC_FAULT_OP_RNG_ERROR ) ;
}
/*
lsa_CREDRGETSESSIONTYPES
*/
static NTSTATUS lsa_CREDRGETSESSIONTYPES ( struct dcesrv_call_state * dce_call , TALLOC_CTX * mem_ctx ,
struct lsa_CREDRGETSESSIONTYPES * r )
{
DCESRV_FAULT ( DCERPC_FAULT_OP_RNG_ERROR ) ;
}
/*
lsa_LSARREGISTERAUDITEVENT
*/
static NTSTATUS lsa_LSARREGISTERAUDITEVENT ( struct dcesrv_call_state * dce_call , TALLOC_CTX * mem_ctx ,
struct lsa_LSARREGISTERAUDITEVENT * r )
{
DCESRV_FAULT ( DCERPC_FAULT_OP_RNG_ERROR ) ;
}
/*
lsa_LSARGENAUDITEVENT
*/
static NTSTATUS lsa_LSARGENAUDITEVENT ( struct dcesrv_call_state * dce_call , TALLOC_CTX * mem_ctx ,
struct lsa_LSARGENAUDITEVENT * r )
{
DCESRV_FAULT ( DCERPC_FAULT_OP_RNG_ERROR ) ;
}
/*
lsa_LSARUNREGISTERAUDITEVENT
*/
static NTSTATUS lsa_LSARUNREGISTERAUDITEVENT ( struct dcesrv_call_state * dce_call , TALLOC_CTX * mem_ctx ,
struct lsa_LSARUNREGISTERAUDITEVENT * r )
{
DCESRV_FAULT ( DCERPC_FAULT_OP_RNG_ERROR ) ;
}
/*
lsa_LSARQUERYFORESTTRUSTINFORMATION
*/
static NTSTATUS lsa_LSARQUERYFORESTTRUSTINFORMATION ( struct dcesrv_call_state * dce_call , TALLOC_CTX * mem_ctx ,
struct lsa_LSARQUERYFORESTTRUSTINFORMATION * r )
{
DCESRV_FAULT ( DCERPC_FAULT_OP_RNG_ERROR ) ;
}
/*
lsa_LSARSETFORESTTRUSTINFORMATION
*/
static NTSTATUS lsa_LSARSETFORESTTRUSTINFORMATION ( struct dcesrv_call_state * dce_call , TALLOC_CTX * mem_ctx ,
struct lsa_LSARSETFORESTTRUSTINFORMATION * r )
{
DCESRV_FAULT ( DCERPC_FAULT_OP_RNG_ERROR ) ;
}
/*
lsa_CREDRRENAME
*/
static NTSTATUS lsa_CREDRRENAME ( struct dcesrv_call_state * dce_call , TALLOC_CTX * mem_ctx ,
struct lsa_CREDRRENAME * r )
{
DCESRV_FAULT ( DCERPC_FAULT_OP_RNG_ERROR ) ;
}
/*
lsa_LSAROPENPOLICYSCE
*/
static NTSTATUS lsa_LSAROPENPOLICYSCE ( struct dcesrv_call_state * dce_call , TALLOC_CTX * mem_ctx ,
struct lsa_LSAROPENPOLICYSCE * r )
{
DCESRV_FAULT ( DCERPC_FAULT_OP_RNG_ERROR ) ;
}
/*
lsa_LSARADTREGISTERSECURITYEVENTSOURCE
*/
static NTSTATUS lsa_LSARADTREGISTERSECURITYEVENTSOURCE ( struct dcesrv_call_state * dce_call , TALLOC_CTX * mem_ctx ,
struct lsa_LSARADTREGISTERSECURITYEVENTSOURCE * r )
{
DCESRV_FAULT ( DCERPC_FAULT_OP_RNG_ERROR ) ;
}
/*
lsa_LSARADTUNREGISTERSECURITYEVENTSOURCE
*/
static NTSTATUS lsa_LSARADTUNREGISTERSECURITYEVENTSOURCE ( struct dcesrv_call_state * dce_call , TALLOC_CTX * mem_ctx ,
struct lsa_LSARADTUNREGISTERSECURITYEVENTSOURCE * r )
{
DCESRV_FAULT ( DCERPC_FAULT_OP_RNG_ERROR ) ;
}
/*
lsa_LSARADTREPORTSECURITYEVENT
*/
static NTSTATUS lsa_LSARADTREPORTSECURITYEVENT ( struct dcesrv_call_state * dce_call , TALLOC_CTX * mem_ctx ,
struct lsa_LSARADTREPORTSECURITYEVENT * r )
{
DCESRV_FAULT ( DCERPC_FAULT_OP_RNG_ERROR ) ;
}
2004-05-27 08:13:58 +04:00
/* include the generated boilerplate */
# include "librpc/gen_ndr/ndr_lsa_s.c"
2006-08-31 17:10:11 +04:00
/*****************************************
NOTE ! The remaining calls below were
removed in w2k3 , so the DCESRV_FAULT ( )
replies are the correct implementation . Do
not try and fill these in with anything else
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
/*
dssetup_DsRoleDnsNameToFlatName
*/
static WERROR dssetup_DsRoleDnsNameToFlatName ( struct dcesrv_call_state * dce_call , TALLOC_CTX * mem_ctx ,
struct dssetup_DsRoleDnsNameToFlatName * r )
{
DCESRV_FAULT ( DCERPC_FAULT_OP_RNG_ERROR ) ;
}
/*
dssetup_DsRoleDcAsDc
*/
static WERROR dssetup_DsRoleDcAsDc ( struct dcesrv_call_state * dce_call , TALLOC_CTX * mem_ctx ,
struct dssetup_DsRoleDcAsDc * r )
{
DCESRV_FAULT ( DCERPC_FAULT_OP_RNG_ERROR ) ;
}
/*
dssetup_DsRoleDcAsReplica
*/
static WERROR dssetup_DsRoleDcAsReplica ( struct dcesrv_call_state * dce_call , TALLOC_CTX * mem_ctx ,
struct dssetup_DsRoleDcAsReplica * r )
{
DCESRV_FAULT ( DCERPC_FAULT_OP_RNG_ERROR ) ;
}
/*
dssetup_DsRoleDemoteDc
*/
static WERROR dssetup_DsRoleDemoteDc ( struct dcesrv_call_state * dce_call , TALLOC_CTX * mem_ctx ,
struct dssetup_DsRoleDemoteDc * r )
{
DCESRV_FAULT ( DCERPC_FAULT_OP_RNG_ERROR ) ;
}
/*
dssetup_DsRoleGetDcOperationProgress
*/
static WERROR dssetup_DsRoleGetDcOperationProgress ( struct dcesrv_call_state * dce_call , TALLOC_CTX * mem_ctx ,
struct dssetup_DsRoleGetDcOperationProgress * r )
{
DCESRV_FAULT ( DCERPC_FAULT_OP_RNG_ERROR ) ;
}
/*
dssetup_DsRoleGetDcOperationResults
*/
static WERROR dssetup_DsRoleGetDcOperationResults ( struct dcesrv_call_state * dce_call , TALLOC_CTX * mem_ctx ,
struct dssetup_DsRoleGetDcOperationResults * r )
{
DCESRV_FAULT ( DCERPC_FAULT_OP_RNG_ERROR ) ;
}
/*
dssetup_DsRoleCancel
*/
static WERROR dssetup_DsRoleCancel ( struct dcesrv_call_state * dce_call , TALLOC_CTX * mem_ctx ,
struct dssetup_DsRoleCancel * r )
{
DCESRV_FAULT ( DCERPC_FAULT_OP_RNG_ERROR ) ;
}
/*
dssetup_DsRoleServerSaveStateForUpgrade
*/
static WERROR dssetup_DsRoleServerSaveStateForUpgrade ( struct dcesrv_call_state * dce_call , TALLOC_CTX * mem_ctx ,
struct dssetup_DsRoleServerSaveStateForUpgrade * r )
{
DCESRV_FAULT ( DCERPC_FAULT_OP_RNG_ERROR ) ;
}
/*
dssetup_DsRoleUpgradeDownlevelServer
*/
static WERROR dssetup_DsRoleUpgradeDownlevelServer ( struct dcesrv_call_state * dce_call , TALLOC_CTX * mem_ctx ,
struct dssetup_DsRoleUpgradeDownlevelServer * r )
{
DCESRV_FAULT ( DCERPC_FAULT_OP_RNG_ERROR ) ;
}
/*
dssetup_DsRoleAbortDownlevelServerUpgrade
*/
static WERROR dssetup_DsRoleAbortDownlevelServerUpgrade ( struct dcesrv_call_state * dce_call , TALLOC_CTX * mem_ctx ,
struct dssetup_DsRoleAbortDownlevelServerUpgrade * r )
{
DCESRV_FAULT ( DCERPC_FAULT_OP_RNG_ERROR ) ;
}
/* include the generated boilerplate */
# include "librpc/gen_ndr/ndr_dssetup_s.c"
NTSTATUS dcerpc_server_lsa_init ( void )
{
NTSTATUS ret ;
ret = dcerpc_server_dssetup_init ( ) ;
if ( ! NT_STATUS_IS_OK ( ret ) ) {
return ret ;
}
ret = dcerpc_server_lsarpc_init ( ) ;
if ( ! NT_STATUS_IS_OK ( ret ) ) {
return ret ;
}
return ret ;
}