sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2025-01-12 09:18:10 +03:00
Code
ffbb7e4060
samba-mirror/source4/rpc_server/lsa/dcesrv_lsa.c

3617 lines
91 KiB
C
Raw Normal View History

r917: - added the start of a LSA server to samba4. - added start of QueryDomainInfo in samr server "net rpc info" from samba3 now works against a samba4 server. I suspect join will work fairly soon. (This used to be commit 0a2c6a1062d0e364356853001f5f39bdb542f453)
2004-05-27 08:13:58 +04:00
/*
Unix SMB/CIFS implementation.
endpoint server for the lsarpc pipe
Copyright (C) Andrew Tridgell 2004
r4682: A LDB-based secrets implementation in Samba4. This uses LDB (a local secrets.ldb and the global samdb) to fill out the secrets from an LSA perspective. Some small changes to come, but the bulk of the work is now done. A re-provision is required after this change. Andrew Bartlett (This used to be commit ded33033521a6a1c7ea80758c5c5aeeebb182a51)
2005-01-11 17:04:58 +03:00
Copyright (C) Andrew Bartlett <abartlet@samba.org> 2004-2005
r917: - added the start of a LSA server to samba4. - added start of QueryDomainInfo in samr server "net rpc info" from samba3 now works against a samba4 server. I suspect join will work fairly soon. (This used to be commit 0a2c6a1062d0e364356853001f5f39bdb542f453)
2004-05-27 08:13:58 +04:00
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
r23792: convert Samba4 to GPLv3 There are still a few tidyups of old FSF addresses to come (in both s3 and s4). More commits soon. (This used to be commit fcf38a38ac691abd0fa51b89dc951a08e89fdafa)
2007-07-10 06:07:03 +04:00
the Free Software Foundation; either version 3 of the License, or
r917: - added the start of a LSA server to samba4. - added start of QueryDomainInfo in samr server "net rpc info" from samba3 now works against a samba4 server. I suspect join will work fairly soon. (This used to be commit 0a2c6a1062d0e364356853001f5f39bdb542f453)
2004-05-27 08:13:58 +04:00
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
r23792: convert Samba4 to GPLv3 There are still a few tidyups of old FSF addresses to come (in both s3 and s4). More commits soon. (This used to be commit fcf38a38ac691abd0fa51b89dc951a08e89fdafa)
2007-07-10 06:07:03 +04:00
along with this program. If not, see <http://www.gnu.org/licenses/>.
r917: - added the start of a LSA server to samba4. - added start of QueryDomainInfo in samr server "net rpc info" from samba3 now works against a samba4 server. I suspect join will work fairly soon. (This used to be commit 0a2c6a1062d0e364356853001f5f39bdb542f453)
2004-05-27 08:13:58 +04:00
*/
#include "includes.h"
r3468: split out dcerpc_server.h (This used to be commit 729e0026e4408f74f140375537d4fe48c1fc3242)
2004-11-02 10:42:47 +03:00
#include "rpc_server/dcerpc_server.h"
r917: - added the start of a LSA server to samba4. - added start of QueryDomainInfo in samr server "net rpc info" from samba3 now works against a samba4 server. I suspect join will work fairly soon. (This used to be commit 0a2c6a1062d0e364356853001f5f39bdb542f453)
2004-05-27 08:13:58 +04:00
#include "rpc_server/common/common.h"
r10810: This adds the hooks required to communicate the current user from the authenticated session down into LDB. This associates a session info structure with the open LDB, allowing a future ldb_ntacl module to allow/deny operations on that basis. Along the way, I cleaned up a few things, and added new helper functions to assist. In particular the LSA pipe uses simpler queries for some of the setup. In ldap_server, I have removed the 'ldasrv:hacked' module, which hasn't been worked on (other than making it continue to compile) since January, and I think the features of this module are being put into ldb anyway. I have also changed the partitions in ldap_server to be initialised after the connection, with the private pointer used to associate the ldb with the incoming session. Andrew Bartlett (This used to be commit fd7203789a2c0929eecea8125b57b833a67fed71)
2005-10-07 15:31:45 +04:00
#include "auth/auth.h"
r12542: Move some more prototypes out to seperate headers (This used to be commit 0aca5fd5130d980d07398f3291d294202aefe3c2)
2005-12-28 18:38:36 +03:00
#include "dsdb/samdb/samdb.h"
#include "libcli/ldap/ldap.h"
r16827: Factor out some code into common samdb functions: - creation of ForeignSecurityPrincipals - template duplication code Rework much of the LSA server to pass the RPC-LSA test. Much of the server code was untested. In implementing the LSA Accounts feature, I have opted to have it only create entires when privilages are applied, and not to delete entries, but to delete the privilages. We skip some parts of the test, but it is much better than not testing it at all. Andrew Bartlett (This used to be commit 10eeea6da465564ed9f785d06e2d2ed06cfe29a4)
2006-07-06 09:23:29 +04:00
#include "lib/ldb/include/ldb_errors.h"
r14860: create libcli/security/security.h metze (This used to be commit 9ec706238c173992dc938d537bdf1103bf519dbf)
2006-04-02 16:02:01 +04:00
#include "libcli/security/security.h"
r14380: Reduce the size of structs.h (This used to be commit 1a16a6f1dfa66499af43a6b88b3ea69a6a75f1fe)
2006-03-14 18:03:25 +03:00
#include "libcli/auth/libcli_auth.h"
r19573: Move secrets.o into param/ (subsystems haven't been integrated yet). (This used to be commit 8143de855c0b65346b2d8e59ecdb78952927de4a)
2006-11-06 19:11:52 +03:00
#include "param/secrets.h"
r13924: Split more prototypes out of include/proto.h + initial work on header file dependencies (This used to be commit 122835876748a3eaf5e8d31ad1abddab9acb8781)
2006-03-07 14:07:23 +03:00
#include "db_wrap.h"
r17968: Consolidate the DSSETUP and LSA pipes into a single file, as DSSETUP is just one call. This simplifies the one remaining DSSETUP call, and removes another user of the dnsDomain attribute. Andrew Bartlett (This used to be commit 6a54711564b67891c368c09ead3f7389ad40111f)
2006-08-31 17:10:11 +04:00
#include "librpc/gen_ndr/ndr_dssetup.h"
r25026: Move param/param.h out of includes.h (This used to be commit abe8349f9b4387961ff3665d8c589d61cd2edf31)
2007-09-08 16:42:09 +04:00
#include "param/param.h"
r917: - added the start of a LSA server to samba4. - added start of QueryDomainInfo in samr server "net rpc info" from samba3 now works against a samba4 server. I suspect join will work fairly soon. (This used to be commit 0a2c6a1062d0e364356853001f5f39bdb542f453)
2004-05-27 08:13:58 +04:00
/*
this type allows us to distinguish handle types
*/
enum lsa_handle {
LSA_HANDLE_POLICY,
LSA_HANDLE_ACCOUNT,
r4698: - Initial implementation of trusted domains in LSA. - Use templates for Secrets and the new trusted domains - Auto-add modifiedTime, createdTime and objectGUID to records in the samdb layer. Andrew Bartlett (This used to be commit 271c8faadfe2d9e0f3d523a1cdc831f5f9e35d19)
2005-01-12 05:40:25 +03:00
LSA_HANDLE_SECRET,
LSA_HANDLE_TRUSTED_DOMAIN
r917: - added the start of a LSA server to samba4. - added start of QueryDomainInfo in samr server "net rpc info" from samba3 now works against a samba4 server. I suspect join will work fairly soon. (This used to be commit 0a2c6a1062d0e364356853001f5f39bdb542f453)
2004-05-27 08:13:58 +04:00
};
/*
state associated with a lsa_OpenPolicy() operation
*/
struct lsa_policy_state {
r4280: added server side support for lsa_AddPrivilegesToAccount() and lsa_RemovePrivilegesFromAccount() these are the last of the server side privileges functions. We should now have a complete privileges implementation. (This used to be commit 76db300232f5557377dca059d17ea3c28a0a425c)
2004-12-19 10:50:19 +03:00
struct dcesrv_handle *handle;
r5585: LDB interfaces change: changes: - ldb_wrap disappears from code and become a private structure of db_wrap.c thanks to our move to talloc in ldb code, we do not need to expose it anymore - removal of ldb_close() function form the code thanks to our move to talloc in ldb code, we do not need it anymore use talloc_free() to close and free an ldb database - some minor updates to ldb modules code to cope with the change and fix some bugs I found out during the process (This used to be commit d58be9e74b786a11a57e89df36081d55730dfe0a)
2005-02-27 14:35:47 +03:00
struct ldb_context *sam_ldb;
r3992: provide hooks for lsa to lookup sids allocated using the linear id->sid mapping (This used to be commit e61140510905b6bbe57ad35dad8e4dd68d1f6bd8)
2004-11-29 07:24:50 +03:00
struct sidmap_context *sidmap;
r917: - added the start of a LSA server to samba4. - added start of QueryDomainInfo in samr server "net rpc info" from samba3 now works against a samba4 server. I suspect join will work fairly soon. (This used to be commit 0a2c6a1062d0e364356853001f5f39bdb542f453)
2004-05-27 08:13:58 +04:00
uint32_t access_mask;
r19831: Big ldb_dn optimization and interfaces enhancement patch This patch changes a lot of the code in ldb_dn.c, and also removes and add a number of manipulation functions around. The aim is to avoid validating a dn if not necessary as the validation code is necessarily slow. This is mainly to speed up internal operations where input is not user generated and so we can assume the DNs need no validation. The code is designed to keep the data as a string if possible. The code is not yet 100% perfect, but pass all the tests so far. A memleak is certainly present, I'll work on that next. Simo. (This used to be commit a580c871d3784602a9cce32d33419e63c8236e63)
2006-11-22 03:59:34 +03:00
struct ldb_dn *domain_dn;
r21499: fill in the correct forest dns name metze (This used to be commit c736543b15571a7c0080ba09e51b9bcf76ecda52)
2007-02-22 16:15:49 +03:00
struct ldb_dn *forest_dn;
r19831: Big ldb_dn optimization and interfaces enhancement patch This patch changes a lot of the code in ldb_dn.c, and also removes and add a number of manipulation functions around. The aim is to avoid validating a dn if not necessary as the validation code is necessarily slow. This is mainly to speed up internal operations where input is not user generated and so we can assume the DNs need no validation. The code is designed to keep the data as a string if possible. The code is not yet 100% perfect, but pass all the tests so far. A memleak is certainly present, I'll work on that next. Simo. (This used to be commit a580c871d3784602a9cce32d33419e63c8236e63)
2006-11-22 03:59:34 +03:00
struct ldb_dn *builtin_dn;
struct ldb_dn *system_dn;
r3979: added server side code for lsa_LookupSids2() and fixed authority_name return code to include our own domain. editing of ACLs via the w2k3 GUI works nicely (and faster) with these changes (This used to be commit a3f7f34b3965ddbd89b06334e03d2e1bb6aa364b)
2004-11-26 15:30:39 +03:00
const char *domain_name;
r17956: LSA Cleanup! This commit cleans up a number of aspects of the LSA interface. Firstly, we do 2 simple searches on opening the LSA policy, to obtain the basic information we need. This also avoids us searching for dnsDomain (an invented attribute). While I was at it, I added and tested new LSA calls, including the enumTrustedDomainsEx call. I have also merged the identical structures lsa_DomainInformation and lsa_DomainList. Also in this commit: Fix netlogon use of uninitialised variables. Andrew Bartlett (This used to be commit 3f3fa7f466df56612064029143fbae8effb668aa)
2006-08-31 12:22:13 +04:00
const char *domain_dns;
r21499: fill in the correct forest dns name metze (This used to be commit c736543b15571a7c0080ba09e51b9bcf76ecda52)
2007-02-22 16:15:49 +03:00
const char *forest_dns;
r3979: added server side code for lsa_LookupSids2() and fixed authority_name return code to include our own domain. editing of ACLs via the w2k3 GUI works nicely (and faster) with these changes (This used to be commit a3f7f34b3965ddbd89b06334e03d2e1bb6aa364b)
2004-11-26 15:30:39 +03:00
struct dom_sid *domain_sid;
r17956: LSA Cleanup! This commit cleans up a number of aspects of the LSA interface. Firstly, we do 2 simple searches on opening the LSA policy, to obtain the basic information we need. This also avoids us searching for dnsDomain (an invented attribute). While I was at it, I added and tested new LSA calls, including the enumTrustedDomainsEx call. I have also merged the identical structures lsa_DomainInformation and lsa_DomainList. Also in this commit: Fix netlogon use of uninitialised variables. Andrew Bartlett (This used to be commit 3f3fa7f466df56612064029143fbae8effb668aa)
2006-08-31 12:22:13 +04:00
struct GUID domain_guid;
r3994: - removed the unused reference count code in lsa server - fixed the sid_index field in lsa LookupSids and LookupNames (This used to be commit 677f701e71609d82376b1ea2fa9ebc3521896671)
2004-11-29 09:19:50 +03:00
struct dom_sid *builtin_sid;
r17968: Consolidate the DSSETUP and LSA pipes into a single file, as DSSETUP is just one call. This simplifies the one remaining DSSETUP call, and removes another user of the dnsDomain attribute. Andrew Bartlett (This used to be commit 6a54711564b67891c368c09ead3f7389ad40111f)
2006-08-31 17:10:11 +04:00
int mixed_domain;
r917: - added the start of a LSA server to samba4. - added start of QueryDomainInfo in samr server "net rpc info" from samba3 now works against a samba4 server. I suspect join will work fairly soon. (This used to be commit 0a2c6a1062d0e364356853001f5f39bdb542f453)
2004-05-27 08:13:58 +04:00
};
r4276: added server side support for lsa_OpenAccount() (This used to be commit 4716334502a245bc1ffafd3a8a00662cfbdf8ba8)
2004-12-19 08:01:52 +03:00
/*
state associated with a lsa_OpenAccount() operation
*/
struct lsa_account_state {
struct lsa_policy_state *policy;
uint32_t access_mask;
struct dom_sid *account_sid;
};
r4682: A LDB-based secrets implementation in Samba4. This uses LDB (a local secrets.ldb and the global samdb) to fill out the secrets from an LSA perspective. Some small changes to come, but the bulk of the work is now done. A re-provision is required after this change. Andrew Bartlett (This used to be commit ded33033521a6a1c7ea80758c5c5aeeebb182a51)
2005-01-11 17:04:58 +03:00
/*
state associated with a lsa_OpenSecret() operation
*/
struct lsa_secret_state {
struct lsa_policy_state *policy;
uint32_t access_mask;
r17956: LSA Cleanup! This commit cleans up a number of aspects of the LSA interface. Firstly, we do 2 simple searches on opening the LSA policy, to obtain the basic information we need. This also avoids us searching for dnsDomain (an invented attribute). While I was at it, I added and tested new LSA calls, including the enumTrustedDomainsEx call. I have also merged the identical structures lsa_DomainInformation and lsa_DomainList. Also in this commit: Fix netlogon use of uninitialised variables. Andrew Bartlett (This used to be commit 3f3fa7f466df56612064029143fbae8effb668aa)
2006-08-31 12:22:13 +04:00
struct ldb_dn *secret_dn;
r5585: LDB interfaces change: changes: - ldb_wrap disappears from code and become a private structure of db_wrap.c thanks to our move to talloc in ldb code, we do not need to expose it anymore - removal of ldb_close() function form the code thanks to our move to talloc in ldb code, we do not need it anymore use talloc_free() to close and free an ldb database - some minor updates to ldb modules code to cope with the change and fix some bugs I found out during the process (This used to be commit d58be9e74b786a11a57e89df36081d55730dfe0a)
2005-02-27 14:35:47 +03:00
struct ldb_context *sam_ldb;
r4694: 'fix' the behaviour for setting only the old, but not the new secret. (The behaviour is a little odd, but we wanted bug-for-bug, right? :-) Andrew Bartlett (This used to be commit 6a09a84320c9ab18568a66efb3839a8dcde834af)
2005-01-12 01:16:14 +03:00
BOOL global;
r4682: A LDB-based secrets implementation in Samba4. This uses LDB (a local secrets.ldb and the global samdb) to fill out the secrets from an LSA perspective. Some small changes to come, but the bulk of the work is now done. A re-provision is required after this change. Andrew Bartlett (This used to be commit ded33033521a6a1c7ea80758c5c5aeeebb182a51)
2005-01-11 17:04:58 +03:00
};
r4698: - Initial implementation of trusted domains in LSA. - Use templates for Secrets and the new trusted domains - Auto-add modifiedTime, createdTime and objectGUID to records in the samdb layer. Andrew Bartlett (This used to be commit 271c8faadfe2d9e0f3d523a1cdc831f5f9e35d19)
2005-01-12 05:40:25 +03:00
/*
state associated with a lsa_OpenTrustedDomain() operation
*/
struct lsa_trusted_domain_state {
struct lsa_policy_state *policy;
uint32_t access_mask;
r19831: Big ldb_dn optimization and interfaces enhancement patch This patch changes a lot of the code in ldb_dn.c, and also removes and add a number of manipulation functions around. The aim is to avoid validating a dn if not necessary as the validation code is necessarily slow. This is mainly to speed up internal operations where input is not user generated and so we can assume the DNs need no validation. The code is designed to keep the data as a string if possible. The code is not yet 100% perfect, but pass all the tests so far. A memleak is certainly present, I'll work on that next. Simo. (This used to be commit a580c871d3784602a9cce32d33419e63c8236e63)
2006-11-22 03:59:34 +03:00
struct ldb_dn *trusted_domain_dn;
r4698: - Initial implementation of trusted domains in LSA. - Use templates for Secrets and the new trusted domains - Auto-add modifiedTime, createdTime and objectGUID to records in the samdb layer. Andrew Bartlett (This used to be commit 271c8faadfe2d9e0f3d523a1cdc831f5f9e35d19)
2005-01-12 05:40:25 +03:00
};
r20850: Prefix all server calls with dcesrv_ (This used to be commit 76c78b0339cd88c61a13745f7f4e037f400db21b)
2007-01-17 17:49:36 +03:00
static NTSTATUS dcesrv_lsa_EnumAccountRights(struct dcesrv_call_state *dce_call,
r16827: Factor out some code into common samdb functions: - creation of ForeignSecurityPrincipals - template duplication code Rework much of the LSA server to pass the RPC-LSA test. Much of the server code was untested. In implementing the LSA Accounts feature, I have opted to have it only create entires when privilages are applied, and not to delete entries, but to delete the privilages. We skip some parts of the test, but it is much better than not testing it at all. Andrew Bartlett (This used to be commit 10eeea6da465564ed9f785d06e2d2ed06cfe29a4)
2006-07-06 09:23:29 +04:00
TALLOC_CTX *mem_ctx,
struct lsa_EnumAccountRights *r);
r20850: Prefix all server calls with dcesrv_ (This used to be commit 76c78b0339cd88c61a13745f7f4e037f400db21b)
2007-01-17 17:49:36 +03:00
static NTSTATUS dcesrv_lsa_AddRemoveAccountRights(struct dcesrv_call_state *dce_call,
r16827: Factor out some code into common samdb functions: - creation of ForeignSecurityPrincipals - template duplication code Rework much of the LSA server to pass the RPC-LSA test. Much of the server code was untested. In implementing the LSA Accounts feature, I have opted to have it only create entires when privilages are applied, and not to delete entries, but to delete the privilages. We skip some parts of the test, but it is much better than not testing it at all. Andrew Bartlett (This used to be commit 10eeea6da465564ed9f785d06e2d2ed06cfe29a4)
2006-07-06 09:23:29 +04:00
TALLOC_CTX *mem_ctx,
struct lsa_policy_state *state,
int ldb_flag,
struct dom_sid *sid,
const struct lsa_RightSet *rights);
r917: - added the start of a LSA server to samba4. - added start of QueryDomainInfo in samr server "net rpc info" from samba3 now works against a samba4 server. I suspect join will work fairly soon. (This used to be commit 0a2c6a1062d0e364356853001f5f39bdb542f453)
2004-05-27 08:13:58 +04:00
/*
lsa_Close
*/
r20850: Prefix all server calls with dcesrv_ (This used to be commit 76c78b0339cd88c61a13745f7f4e037f400db21b)
2007-01-17 17:49:36 +03:00
static NTSTATUS dcesrv_lsa_Close(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
r917: - added the start of a LSA server to samba4. - added start of QueryDomainInfo in samr server "net rpc info" from samba3 now works against a samba4 server. I suspect join will work fairly soon. (This used to be commit 0a2c6a1062d0e364356853001f5f39bdb542f453)
2004-05-27 08:13:58 +04:00
struct lsa_Close *r)
{
struct dcesrv_handle *h;
*r->out.handle = *r->in.handle;
DCESRV_PULL_HANDLE(h, r->in.handle, DCESRV_HANDLE_ANY);
r4640: first stage in the server side support for multiple context_ids on one pipe this stage does the following: - simplifies the dcerpc_handle handling, and all the callers of it - split out the context_id depenent state into a linked list of established contexts - fixed some talloc handling in several rpc servers that i noticed while doing the above (This used to be commit fde042b3fc609c94e2c7eedcdd72ecdf489cf63b)
2005-01-10 15:15:26 +03:00
talloc_free(h);
r917: - added the start of a LSA server to samba4. - added start of QueryDomainInfo in samr server "net rpc info" from samba3 now works against a samba4 server. I suspect join will work fairly soon. (This used to be commit 0a2c6a1062d0e364356853001f5f39bdb542f453)
2004-05-27 08:13:58 +04:00
ZERO_STRUCTP(r->out.handle);
return NT_STATUS_OK;
}
/*
lsa_Delete
*/
r20850: Prefix all server calls with dcesrv_ (This used to be commit 76c78b0339cd88c61a13745f7f4e037f400db21b)
2007-01-17 17:49:36 +03:00
static NTSTATUS dcesrv_lsa_Delete(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
r917: - added the start of a LSA server to samba4. - added start of QueryDomainInfo in samr server "net rpc info" from samba3 now works against a samba4 server. I suspect join will work fairly soon. (This used to be commit 0a2c6a1062d0e364356853001f5f39bdb542f453)
2004-05-27 08:13:58 +04:00
struct lsa_Delete *r)
{
r4695: Leave less memory handing around on long-term TALLOC_CTX. Add lsa_Delete() support for secrets. Andrew Bartlett (This used to be commit be4cd59f331c1ef38831ee874376d3cd073e2186)
2005-01-12 03:37:13 +03:00
struct dcesrv_handle *h;
int ret;
DCESRV_PULL_HANDLE(h, r->in.handle, DCESRV_HANDLE_ANY);
if (h->wire_handle.handle_type == LSA_HANDLE_SECRET) {
struct lsa_secret_state *secret_state = h->data;
r5585: LDB interfaces change: changes: - ldb_wrap disappears from code and become a private structure of db_wrap.c thanks to our move to talloc in ldb code, we do not need to expose it anymore - removal of ldb_close() function form the code thanks to our move to talloc in ldb code, we do not need it anymore use talloc_free() to close and free an ldb database - some minor updates to ldb modules code to cope with the change and fix some bugs I found out during the process (This used to be commit d58be9e74b786a11a57e89df36081d55730dfe0a)
2005-02-27 14:35:47 +03:00
ret = samdb_delete(secret_state->sam_ldb, mem_ctx, secret_state->secret_dn);
r4695: Leave less memory handing around on long-term TALLOC_CTX. Add lsa_Delete() support for secrets. Andrew Bartlett (This used to be commit be4cd59f331c1ef38831ee874376d3cd073e2186)
2005-01-12 03:37:13 +03:00
talloc_free(h);
if (ret != 0) {
return NT_STATUS_INVALID_HANDLE;
}
r4698: - Initial implementation of trusted domains in LSA. - Use templates for Secrets and the new trusted domains - Auto-add modifiedTime, createdTime and objectGUID to records in the samdb layer. Andrew Bartlett (This used to be commit 271c8faadfe2d9e0f3d523a1cdc831f5f9e35d19)
2005-01-12 05:40:25 +03:00
return NT_STATUS_OK;
} else if (h->wire_handle.handle_type == LSA_HANDLE_TRUSTED_DOMAIN) {
struct lsa_trusted_domain_state *trusted_domain_state = h->data;
r5585: LDB interfaces change: changes: - ldb_wrap disappears from code and become a private structure of db_wrap.c thanks to our move to talloc in ldb code, we do not need to expose it anymore - removal of ldb_close() function form the code thanks to our move to talloc in ldb code, we do not need it anymore use talloc_free() to close and free an ldb database - some minor updates to ldb modules code to cope with the change and fix some bugs I found out during the process (This used to be commit d58be9e74b786a11a57e89df36081d55730dfe0a)
2005-02-27 14:35:47 +03:00
ret = samdb_delete(trusted_domain_state->policy->sam_ldb, mem_ctx,
r4698: - Initial implementation of trusted domains in LSA. - Use templates for Secrets and the new trusted domains - Auto-add modifiedTime, createdTime and objectGUID to records in the samdb layer. Andrew Bartlett (This used to be commit 271c8faadfe2d9e0f3d523a1cdc831f5f9e35d19)
2005-01-12 05:40:25 +03:00
trusted_domain_state->trusted_domain_dn);
talloc_free(h);
if (ret != 0) {
return NT_STATUS_INVALID_HANDLE;
}
r4695: Leave less memory handing around on long-term TALLOC_CTX. Add lsa_Delete() support for secrets. Andrew Bartlett (This used to be commit be4cd59f331c1ef38831ee874376d3cd073e2186)
2005-01-12 03:37:13 +03:00
return NT_STATUS_OK;
r16827: Factor out some code into common samdb functions: - creation of ForeignSecurityPrincipals - template duplication code Rework much of the LSA server to pass the RPC-LSA test. Much of the server code was untested. In implementing the LSA Accounts feature, I have opted to have it only create entires when privilages are applied, and not to delete entries, but to delete the privilages. We skip some parts of the test, but it is much better than not testing it at all. Andrew Bartlett (This used to be commit 10eeea6da465564ed9f785d06e2d2ed06cfe29a4)
2006-07-06 09:23:29 +04:00
} else if (h->wire_handle.handle_type == LSA_HANDLE_ACCOUNT) {
struct lsa_RightSet *rights;
struct lsa_account_state *astate;
struct lsa_EnumAccountRights r2;
NTSTATUS status;
rights = talloc(mem_ctx, struct lsa_RightSet);
DCESRV_PULL_HANDLE(h, r->in.handle, LSA_HANDLE_ACCOUNT);
astate = h->data;
r2.in.handle = &astate->policy->handle->wire_handle;
r2.in.sid = astate->account_sid;
r2.out.rights = rights;
r20850: Prefix all server calls with dcesrv_ (This used to be commit 76c78b0339cd88c61a13745f7f4e037f400db21b)
2007-01-17 17:49:36 +03:00
status = dcesrv_lsa_EnumAccountRights(dce_call, mem_ctx, &r2);
r16827: Factor out some code into common samdb functions: - creation of ForeignSecurityPrincipals - template duplication code Rework much of the LSA server to pass the RPC-LSA test. Much of the server code was untested. In implementing the LSA Accounts feature, I have opted to have it only create entires when privilages are applied, and not to delete entries, but to delete the privilages. We skip some parts of the test, but it is much better than not testing it at all. Andrew Bartlett (This used to be commit 10eeea6da465564ed9f785d06e2d2ed06cfe29a4)
2006-07-06 09:23:29 +04:00
if (NT_STATUS_EQUAL(status, NT_STATUS_OBJECT_NAME_NOT_FOUND)) {
return NT_STATUS_OK;
}
if (!NT_STATUS_IS_OK(status)) {
return status;
}
r20850: Prefix all server calls with dcesrv_ (This used to be commit 76c78b0339cd88c61a13745f7f4e037f400db21b)
2007-01-17 17:49:36 +03:00
status = dcesrv_lsa_AddRemoveAccountRights(dce_call, mem_ctx, astate->policy,
r16827: Factor out some code into common samdb functions: - creation of ForeignSecurityPrincipals - template duplication code Rework much of the LSA server to pass the RPC-LSA test. Much of the server code was untested. In implementing the LSA Accounts feature, I have opted to have it only create entires when privilages are applied, and not to delete entries, but to delete the privilages. We skip some parts of the test, but it is much better than not testing it at all. Andrew Bartlett (This used to be commit 10eeea6da465564ed9f785d06e2d2ed06cfe29a4)
2006-07-06 09:23:29 +04:00
LDB_FLAG_MOD_DELETE, astate->account_sid,
r2.out.rights);
if (NT_STATUS_EQUAL(status, NT_STATUS_OBJECT_NAME_NOT_FOUND)) {
return NT_STATUS_OK;
}
if (!NT_STATUS_IS_OK(status)) {
return status;
}
r4695: Leave less memory handing around on long-term TALLOC_CTX. Add lsa_Delete() support for secrets. Andrew Bartlett (This used to be commit be4cd59f331c1ef38831ee874376d3cd073e2186)
2005-01-12 03:37:13 +03:00
}
return NT_STATUS_INVALID_HANDLE;
r917: - added the start of a LSA server to samba4. - added start of QueryDomainInfo in samr server "net rpc info" from samba3 now works against a samba4 server. I suspect join will work fairly soon. (This used to be commit 0a2c6a1062d0e364356853001f5f39bdb542f453)
2004-05-27 08:13:58 +04:00
}
/*
lsa_EnumPrivs
*/
r20850: Prefix all server calls with dcesrv_ (This used to be commit 76c78b0339cd88c61a13745f7f4e037f400db21b)
2007-01-17 17:49:36 +03:00
static NTSTATUS dcesrv_lsa_EnumPrivs(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
r917: - added the start of a LSA server to samba4. - added start of QueryDomainInfo in samr server "net rpc info" from samba3 now works against a samba4 server. I suspect join will work fairly soon. (This used to be commit 0a2c6a1062d0e364356853001f5f39bdb542f453)
2004-05-27 08:13:58 +04:00
struct lsa_EnumPrivs *r)
{
r4194: added server side implementation of lsa_EnumPrivs (This used to be commit 710732033261f6355893b94b43e6c532baa105e0)
2004-12-14 08:20:38 +03:00
struct dcesrv_handle *h;
struct lsa_policy_state *state;
int i;
const char *privname;
DCESRV_PULL_HANDLE(h, r->in.handle, LSA_HANDLE_POLICY);
state = h->data;
i = *r->in.resume_handle;
if (i == 0) i = 1;
while ((privname = sec_privilege_name(i)) &&
r->out.privs->count < r->in.max_count) {
struct lsa_PrivEntry *e;
r5037: got rid of all of the TALLOC_DEPRECATED stuff. My apologies for the large commit. I thought this was worthwhile to get done for consistency. (This used to be commit ec32b22ed5ec224f6324f5e069d15e92e38e15c0)
2005-01-27 10:08:20 +03:00
r->out.privs->privs = talloc_realloc(r->out.privs,
r4194: added server side implementation of lsa_EnumPrivs (This used to be commit 710732033261f6355893b94b43e6c532baa105e0)
2004-12-14 08:20:38 +03:00
r->out.privs->privs,
struct lsa_PrivEntry,
r->out.privs->count+1);
if (r->out.privs->privs == NULL) {
return NT_STATUS_NO_MEMORY;
}
e = &r->out.privs->privs[r->out.privs->count];
r4195: added IDL, test suite and server side code for lsa_LookupPrivValue (This used to be commit 7bddd4740332017bb5f4bddcc9ba0234d05378bd)
2004-12-14 08:32:51 +03:00
e->luid.low = i;
e->luid.high = 0;
r4194: added server side implementation of lsa_EnumPrivs (This used to be commit 710732033261f6355893b94b43e6c532baa105e0)
2004-12-14 08:20:38 +03:00
e->name.string = privname;
r->out.privs->count++;
i++;
}
r4416: [in,out] variables do have an r->out component... Volker (This used to be commit 97247c902962b7c0ac69691ae8d7300321de41d5)
2004-12-30 22:08:32 +03:00
*r->out.resume_handle = i;
r4194: added server side implementation of lsa_EnumPrivs (This used to be commit 710732033261f6355893b94b43e6c532baa105e0)
2004-12-14 08:20:38 +03:00
return NT_STATUS_OK;
r917: - added the start of a LSA server to samba4. - added start of QueryDomainInfo in samr server "net rpc info" from samba3 now works against a samba4 server. I suspect join will work fairly soon. (This used to be commit 0a2c6a1062d0e364356853001f5f39bdb542f453)
2004-05-27 08:13:58 +04:00
}
/*
lsa_QuerySecObj
*/
r20850: Prefix all server calls with dcesrv_ (This used to be commit 76c78b0339cd88c61a13745f7f4e037f400db21b)
2007-01-17 17:49:36 +03:00
static NTSTATUS dcesrv_lsa_QuerySecurity(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
r3904: * Add new LSA calls to open trusted domains * Add new tests for ACCOUNTs in SamSync * Clean up names in NETLOGON and LSA * Verify Security Descriptors against LSA, as well as SamR Andrew Bartlett (This used to be commit 7094502fe0346255a89667f702289b4c8dc9fa08)
2004-11-22 11:47:47 +03:00
struct lsa_QuerySecurity *r)
r917: - added the start of a LSA server to samba4. - added start of QueryDomainInfo in samr server "net rpc info" from samba3 now works against a samba4 server. I suspect join will work fairly soon. (This used to be commit 0a2c6a1062d0e364356853001f5f39bdb542f453)
2004-05-27 08:13:58 +04:00
{
DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
}
/*
lsa_SetSecObj
*/
r20850: Prefix all server calls with dcesrv_ (This used to be commit 76c78b0339cd88c61a13745f7f4e037f400db21b)
2007-01-17 17:49:36 +03:00
static NTSTATUS dcesrv_lsa_SetSecObj(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
r917: - added the start of a LSA server to samba4. - added start of QueryDomainInfo in samr server "net rpc info" from samba3 now works against a samba4 server. I suspect join will work fairly soon. (This used to be commit 0a2c6a1062d0e364356853001f5f39bdb542f453)
2004-05-27 08:13:58 +04:00
struct lsa_SetSecObj *r)
{
DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
}
/*
lsa_ChangePassword
*/
r20850: Prefix all server calls with dcesrv_ (This used to be commit 76c78b0339cd88c61a13745f7f4e037f400db21b)
2007-01-17 17:49:36 +03:00
static NTSTATUS dcesrv_lsa_ChangePassword(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
r917: - added the start of a LSA server to samba4. - added start of QueryDomainInfo in samr server "net rpc info" from samba3 now works against a samba4 server. I suspect join will work fairly soon. (This used to be commit 0a2c6a1062d0e364356853001f5f39bdb542f453)
2004-05-27 08:13:58 +04:00
struct lsa_ChangePassword *r)
{
DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
}
r20850: Prefix all server calls with dcesrv_ (This used to be commit 76c78b0339cd88c61a13745f7f4e037f400db21b)
2007-01-17 17:49:36 +03:00
static NTSTATUS dcesrv_lsa_get_policy_state(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
r4323: - implement the lsa_GetUserName() server call - give lsa_lookup_sid() a chance with foreign SIDS returning NT_STATUS_NO_MEMORY makes no sense here as the ldb_msg_find_string() doesn't allocate the string metze (This used to be commit b43f34e87354c82a3392a0ba99b38b4c7185e47c)
2004-12-21 15:22:57 +03:00
struct lsa_policy_state **_state)
r917: - added the start of a LSA server to samba4. - added start of QueryDomainInfo in samr server "net rpc info" from samba3 now works against a samba4 server. I suspect join will work fairly soon. (This used to be commit 0a2c6a1062d0e364356853001f5f39bdb542f453)
2004-05-27 08:13:58 +04:00
{
struct lsa_policy_state *state;
r19831: Big ldb_dn optimization and interfaces enhancement patch This patch changes a lot of the code in ldb_dn.c, and also removes and add a number of manipulation functions around. The aim is to avoid validating a dn if not necessary as the validation code is necessarily slow. This is mainly to speed up internal operations where input is not user generated and so we can assume the DNs need no validation. The code is designed to keep the data as a string if possible. The code is not yet 100% perfect, but pass all the tests so far. A memleak is certainly present, I'll work on that next. Simo. (This used to be commit a580c871d3784602a9cce32d33419e63c8236e63)
2006-11-22 03:59:34 +03:00
struct ldb_dn *partitions_basedn;
r17956: LSA Cleanup! This commit cleans up a number of aspects of the LSA interface. Firstly, we do 2 simple searches on opening the LSA policy, to obtain the basic information we need. This also avoids us searching for dnsDomain (an invented attribute). While I was at it, I added and tested new LSA calls, including the enumTrustedDomainsEx call. I have also merged the identical structures lsa_DomainInformation and lsa_DomainList. Also in this commit: Fix netlogon use of uninitialised variables. Andrew Bartlett (This used to be commit 3f3fa7f466df56612064029143fbae8effb668aa)
2006-08-31 12:22:13 +04:00
struct ldb_result *dom_res;
const char *dom_attrs[] = {
"objectSid",
"objectGUID",
r17968: Consolidate the DSSETUP and LSA pipes into a single file, as DSSETUP is just one call. This simplifies the one remaining DSSETUP call, and removes another user of the dnsDomain attribute. Andrew Bartlett (This used to be commit 6a54711564b67891c368c09ead3f7389ad40111f)
2006-08-31 17:10:11 +04:00
"nTMixedDomain",
r20149: Remove the smb.conf distinction between PDC and BDC. Now the correct way to setup a Samba4 DC is to set 'server role = domain controller'. We use the fSMORoleOwner attribute in the base DN to determine the PDC. This patch is quite large, as I have corrected a number of places that assumed taht we are always the PDC, or that used the smb.conf lp_server_role() to determine that. Also included is a warning fix in the SAMR code, where the IDL has seperated a couple of types for group display enumeration. We also now use the ldb database to determine if we should run the global catalog service. In the near future, I will complete the DRSUAPI DsGetDomainControllerInfo server-side on the same basis. Andrew Bartlett (This used to be commit 67d8365e831adf3eaecd8b34dcc481fc82565893)
2006-12-13 14:19:51 +03:00
"fSMORoleOwner",
r17956: LSA Cleanup! This commit cleans up a number of aspects of the LSA interface. Firstly, we do 2 simple searches on opening the LSA policy, to obtain the basic information we need. This also avoids us searching for dnsDomain (an invented attribute). While I was at it, I added and tested new LSA calls, including the enumTrustedDomainsEx call. I have also merged the identical structures lsa_DomainInformation and lsa_DomainList. Also in this commit: Fix netlogon use of uninitialised variables. Andrew Bartlett (This used to be commit 3f3fa7f466df56612064029143fbae8effb668aa)
2006-08-31 12:22:13 +04:00
NULL
};
struct ldb_result *ref_res;
r21499: fill in the correct forest dns name metze (This used to be commit c736543b15571a7c0080ba09e51b9bcf76ecda52)
2007-02-22 16:15:49 +03:00
struct ldb_result *forest_ref_res;
r17956: LSA Cleanup! This commit cleans up a number of aspects of the LSA interface. Firstly, we do 2 simple searches on opening the LSA policy, to obtain the basic information we need. This also avoids us searching for dnsDomain (an invented attribute). While I was at it, I added and tested new LSA calls, including the enumTrustedDomainsEx call. I have also merged the identical structures lsa_DomainInformation and lsa_DomainList. Also in this commit: Fix netlogon use of uninitialised variables. Andrew Bartlett (This used to be commit 3f3fa7f466df56612064029143fbae8effb668aa)
2006-08-31 12:22:13 +04:00
const char *ref_attrs[] = {
"nETBIOSName",
"dnsRoot",
NULL
};
int ret;
r917: - added the start of a LSA server to samba4. - added start of QueryDomainInfo in samr server "net rpc info" from samba3 now works against a samba4 server. I suspect join will work fairly soon. (This used to be commit 0a2c6a1062d0e364356853001f5f39bdb542f453)
2004-05-27 08:13:58 +04:00
r5037: got rid of all of the TALLOC_DEPRECATED stuff. My apologies for the large commit. I thought this was worthwhile to get done for consistency. (This used to be commit ec32b22ed5ec224f6324f5e069d15e92e38e15c0)
2005-01-27 10:08:20 +03:00
state = talloc(mem_ctx, struct lsa_policy_state);
r917: - added the start of a LSA server to samba4. - added start of QueryDomainInfo in samr server "net rpc info" from samba3 now works against a samba4 server. I suspect join will work fairly soon. (This used to be commit 0a2c6a1062d0e364356853001f5f39bdb542f453)
2004-05-27 08:13:58 +04:00
if (!state) {
return NT_STATUS_NO_MEMORY;
}
/* make sure the sam database is accessible */
r10810: This adds the hooks required to communicate the current user from the authenticated session down into LDB. This associates a session info structure with the open LDB, allowing a future ldb_ntacl module to allow/deny operations on that basis. Along the way, I cleaned up a few things, and added new helper functions to assist. In particular the LSA pipe uses simpler queries for some of the setup. In ldap_server, I have removed the 'ldasrv:hacked' module, which hasn't been worked on (other than making it continue to compile) since January, and I think the features of this module are being put into ldb anyway. I have also changed the partitions in ldap_server to be initialised after the connection, with the private pointer used to associate the ldb with the incoming session. Andrew Bartlett (This used to be commit fd7203789a2c0929eecea8125b57b833a67fed71)
2005-10-07 15:31:45 +04:00
state->sam_ldb = samdb_connect(state, dce_call->conn->auth_state.session_info);
r5585: LDB interfaces change: changes: - ldb_wrap disappears from code and become a private structure of db_wrap.c thanks to our move to talloc in ldb code, we do not need to expose it anymore - removal of ldb_close() function form the code thanks to our move to talloc in ldb code, we do not need it anymore use talloc_free() to close and free an ldb database - some minor updates to ldb modules code to cope with the change and fix some bugs I found out during the process (This used to be commit d58be9e74b786a11a57e89df36081d55730dfe0a)
2005-02-27 14:35:47 +03:00
if (state->sam_ldb == NULL) {
r917: - added the start of a LSA server to samba4. - added start of QueryDomainInfo in samr server "net rpc info" from samba3 now works against a samba4 server. I suspect join will work fairly soon. (This used to be commit 0a2c6a1062d0e364356853001f5f39bdb542f453)
2004-05-27 08:13:58 +04:00
return NT_STATUS_INVALID_SYSTEM_SERVICE;
}
r17824: add a wrapper for the common partitions_basedn calculation (This used to be commit 09007b0907662a0d147e8eb21d5bdfc90dbffefc)
2006-08-25 11:32:18 +04:00
partitions_basedn = samdb_partitions_dn(state->sam_ldb, mem_ctx);
r3992: provide hooks for lsa to lookup sids allocated using the linear id->sid mapping (This used to be commit e61140510905b6bbe57ad35dad8e4dd68d1f6bd8)
2004-11-29 07:24:50 +03:00
state->sidmap = sidmap_open(state);
if (state->sidmap == NULL) {
return NT_STATUS_INVALID_SYSTEM_SERVICE;
}
r9930: Use a single samdb_base_dn() function rather than lots of silly searches all over the place. This can be extended to cover an NT4 (no ADS) mode in future as well. Andrew Bartlett (This used to be commit 0761b22f99a128bd9634a191adc88b0e30982a3a)
2005-09-02 03:26:50 +04:00
/* work out the domain_dn - useful for so many calls its worth
fetching here */
r17824: add a wrapper for the common partitions_basedn calculation (This used to be commit 09007b0907662a0d147e8eb21d5bdfc90dbffefc)
2006-08-25 11:32:18 +04:00
state->domain_dn = samdb_base_dn(state->sam_ldb);
r9930: Use a single samdb_base_dn() function rather than lots of silly searches all over the place. This can be extended to cover an NT4 (no ADS) mode in future as well. Andrew Bartlett (This used to be commit 0761b22f99a128bd9634a191adc88b0e30982a3a)
2005-09-02 03:26:50 +04:00
if (!state->domain_dn) {
return NT_STATUS_NO_MEMORY;
}
r21499: fill in the correct forest dns name metze (This used to be commit c736543b15571a7c0080ba09e51b9bcf76ecda52)
2007-02-22 16:15:49 +03:00
/* work out the forest root_dn - useful for so many calls its worth
fetching here */
state->forest_dn = samdb_root_dn(state->sam_ldb);
if (!state->forest_dn) {
return NT_STATUS_NO_MEMORY;
}
r17956: LSA Cleanup! This commit cleans up a number of aspects of the LSA interface. Firstly, we do 2 simple searches on opening the LSA policy, to obtain the basic information we need. This also avoids us searching for dnsDomain (an invented attribute). While I was at it, I added and tested new LSA calls, including the enumTrustedDomainsEx call. I have also merged the identical structures lsa_DomainInformation and lsa_DomainList. Also in this commit: Fix netlogon use of uninitialised variables. Andrew Bartlett (This used to be commit 3f3fa7f466df56612064029143fbae8effb668aa)
2006-08-31 12:22:13 +04:00
ret = ldb_search(state->sam_ldb, state->domain_dn, LDB_SCOPE_BASE, NULL, dom_attrs, &dom_res);
r8790: Finish the migration of aliases and privilages with SamSync, by adding templating support for foreignSecurityPrincipals to the samdb module. This is an extension beyond what microsoft does, and has been very useful :-) The setup scripts have been modified to use the new template, as has the SAMR and LSA code. Other cleanups in LSA remove the assumption that the short domain name is the first component of the realm. Also add a lot of useful debug messages, to make it clear how/why the SamSync may have gone wrong. Many of these should perhaps be hooked into an error string. Andrew Bartlett (This used to be commit 1f071b0609c5c83024db1d4a7d04334a932b8253)
2005-07-27 04:23:09 +04:00
r17956: LSA Cleanup! This commit cleans up a number of aspects of the LSA interface. Firstly, we do 2 simple searches on opening the LSA policy, to obtain the basic information we need. This also avoids us searching for dnsDomain (an invented attribute). While I was at it, I added and tested new LSA calls, including the enumTrustedDomainsEx call. I have also merged the identical structures lsa_DomainInformation and lsa_DomainList. Also in this commit: Fix netlogon use of uninitialised variables. Andrew Bartlett (This used to be commit 3f3fa7f466df56612064029143fbae8effb668aa)
2006-08-31 12:22:13 +04:00
if (ret != LDB_SUCCESS) {
return NT_STATUS_INVALID_SYSTEM_SERVICE;
}
r20149: Remove the smb.conf distinction between PDC and BDC. Now the correct way to setup a Samba4 DC is to set 'server role = domain controller'. We use the fSMORoleOwner attribute in the base DN to determine the PDC. This patch is quite large, as I have corrected a number of places that assumed taht we are always the PDC, or that used the smb.conf lp_server_role() to determine that. Also included is a warning fix in the SAMR code, where the IDL has seperated a couple of types for group display enumeration. We also now use the ldb database to determine if we should run the global catalog service. In the near future, I will complete the DRSUAPI DsGetDomainControllerInfo server-side on the same basis. Andrew Bartlett (This used to be commit 67d8365e831adf3eaecd8b34dcc481fc82565893)
2006-12-13 14:19:51 +03:00
talloc_steal(mem_ctx, dom_res);
r17956: LSA Cleanup! This commit cleans up a number of aspects of the LSA interface. Firstly, we do 2 simple searches on opening the LSA policy, to obtain the basic information we need. This also avoids us searching for dnsDomain (an invented attribute). While I was at it, I added and tested new LSA calls, including the enumTrustedDomainsEx call. I have also merged the identical structures lsa_DomainInformation and lsa_DomainList. Also in this commit: Fix netlogon use of uninitialised variables. Andrew Bartlett (This used to be commit 3f3fa7f466df56612064029143fbae8effb668aa)
2006-08-31 12:22:13 +04:00
if (dom_res->count != 1) {
return NT_STATUS_NO_SUCH_DOMAIN;
}
state->domain_sid = samdb_result_dom_sid(state, dom_res->msgs[0], "objectSid");
if (!state->domain_sid) {
return NT_STATUS_NO_SUCH_DOMAIN;
}
state->domain_guid = samdb_result_guid(dom_res->msgs[0], "objectGUID");
if (!state->domain_sid) {
return NT_STATUS_NO_SUCH_DOMAIN;
}
r17968: Consolidate the DSSETUP and LSA pipes into a single file, as DSSETUP is just one call. This simplifies the one remaining DSSETUP call, and removes another user of the dnsDomain attribute. Andrew Bartlett (This used to be commit 6a54711564b67891c368c09ead3f7389ad40111f)
2006-08-31 17:10:11 +04:00
state->mixed_domain = ldb_msg_find_attr_as_uint(dom_res->msgs[0], "nTMixedDomain", 0);
r20149: Remove the smb.conf distinction between PDC and BDC. Now the correct way to setup a Samba4 DC is to set 'server role = domain controller'. We use the fSMORoleOwner attribute in the base DN to determine the PDC. This patch is quite large, as I have corrected a number of places that assumed taht we are always the PDC, or that used the smb.conf lp_server_role() to determine that. Also included is a warning fix in the SAMR code, where the IDL has seperated a couple of types for group display enumeration. We also now use the ldb database to determine if we should run the global catalog service. In the near future, I will complete the DRSUAPI DsGetDomainControllerInfo server-side on the same basis. Andrew Bartlett (This used to be commit 67d8365e831adf3eaecd8b34dcc481fc82565893)
2006-12-13 14:19:51 +03:00
r17956: LSA Cleanup! This commit cleans up a number of aspects of the LSA interface. Firstly, we do 2 simple searches on opening the LSA policy, to obtain the basic information we need. This also avoids us searching for dnsDomain (an invented attribute). While I was at it, I added and tested new LSA calls, including the enumTrustedDomainsEx call. I have also merged the identical structures lsa_DomainInformation and lsa_DomainList. Also in this commit: Fix netlogon use of uninitialised variables. Andrew Bartlett (This used to be commit 3f3fa7f466df56612064029143fbae8effb668aa)
2006-08-31 12:22:13 +04:00
talloc_free(dom_res);
r20034: Start using ldb_search_exp_fmt() (This used to be commit 4f07542143ddf5066f0360d965f26a8470504047)
2006-12-05 07:25:27 +03:00
ret = ldb_search_exp_fmt(state->sam_ldb, state, &ref_res,
partitions_basedn, LDB_SCOPE_SUBTREE, ref_attrs,
"(&(objectclass=crossRef)(ncName=%s))",
ldb_dn_get_linearized(state->domain_dn));
r17956: LSA Cleanup! This commit cleans up a number of aspects of the LSA interface. Firstly, we do 2 simple searches on opening the LSA policy, to obtain the basic information we need. This also avoids us searching for dnsDomain (an invented attribute). While I was at it, I added and tested new LSA calls, including the enumTrustedDomainsEx call. I have also merged the identical structures lsa_DomainInformation and lsa_DomainList. Also in this commit: Fix netlogon use of uninitialised variables. Andrew Bartlett (This used to be commit 3f3fa7f466df56612064029143fbae8effb668aa)
2006-08-31 12:22:13 +04:00
if (ret != LDB_SUCCESS) {
r20034: Start using ldb_search_exp_fmt() (This used to be commit 4f07542143ddf5066f0360d965f26a8470504047)
2006-12-05 07:25:27 +03:00
talloc_free(ref_res);
r17956: LSA Cleanup! This commit cleans up a number of aspects of the LSA interface. Firstly, we do 2 simple searches on opening the LSA policy, to obtain the basic information we need. This also avoids us searching for dnsDomain (an invented attribute). While I was at it, I added and tested new LSA calls, including the enumTrustedDomainsEx call. I have also merged the identical structures lsa_DomainInformation and lsa_DomainList. Also in this commit: Fix netlogon use of uninitialised variables. Andrew Bartlett (This used to be commit 3f3fa7f466df56612064029143fbae8effb668aa)
2006-08-31 12:22:13 +04:00
return NT_STATUS_INVALID_SYSTEM_SERVICE;
}
if (ref_res->count != 1) {
r20034: Start using ldb_search_exp_fmt() (This used to be commit 4f07542143ddf5066f0360d965f26a8470504047)
2006-12-05 07:25:27 +03:00
talloc_free(ref_res);
r17956: LSA Cleanup! This commit cleans up a number of aspects of the LSA interface. Firstly, we do 2 simple searches on opening the LSA policy, to obtain the basic information we need. This also avoids us searching for dnsDomain (an invented attribute). While I was at it, I added and tested new LSA calls, including the enumTrustedDomainsEx call. I have also merged the identical structures lsa_DomainInformation and lsa_DomainList. Also in this commit: Fix netlogon use of uninitialised variables. Andrew Bartlett (This used to be commit 3f3fa7f466df56612064029143fbae8effb668aa)
2006-08-31 12:22:13 +04:00
return NT_STATUS_NO_SUCH_DOMAIN;
}
state->domain_name = ldb_msg_find_attr_as_string(ref_res->msgs[0], "nETBIOSName", NULL);
r10810: This adds the hooks required to communicate the current user from the authenticated session down into LDB. This associates a session info structure with the open LDB, allowing a future ldb_ntacl module to allow/deny operations on that basis. Along the way, I cleaned up a few things, and added new helper functions to assist. In particular the LSA pipe uses simpler queries for some of the setup. In ldap_server, I have removed the 'ldasrv:hacked' module, which hasn't been worked on (other than making it continue to compile) since January, and I think the features of this module are being put into ldb anyway. I have also changed the partitions in ldap_server to be initialised after the connection, with the private pointer used to associate the ldb with the incoming session. Andrew Bartlett (This used to be commit fd7203789a2c0929eecea8125b57b833a67fed71)
2005-10-07 15:31:45 +04:00
if (!state->domain_name) {
r20034: Start using ldb_search_exp_fmt() (This used to be commit 4f07542143ddf5066f0360d965f26a8470504047)
2006-12-05 07:25:27 +03:00
talloc_free(ref_res);
r8790: Finish the migration of aliases and privilages with SamSync, by adding templating support for foreignSecurityPrincipals to the samdb module. This is an extension beyond what microsoft does, and has been very useful :-) The setup scripts have been modified to use the new template, as has the SAMR and LSA code. Other cleanups in LSA remove the assumption that the short domain name is the first component of the realm. Also add a lot of useful debug messages, to make it clear how/why the SamSync may have gone wrong. Many of these should perhaps be hooked into an error string. Andrew Bartlett (This used to be commit 1f071b0609c5c83024db1d4a7d04334a932b8253)
2005-07-27 04:23:09 +04:00
return NT_STATUS_NO_SUCH_DOMAIN;
}
r10810: This adds the hooks required to communicate the current user from the authenticated session down into LDB. This associates a session info structure with the open LDB, allowing a future ldb_ntacl module to allow/deny operations on that basis. Along the way, I cleaned up a few things, and added new helper functions to assist. In particular the LSA pipe uses simpler queries for some of the setup. In ldap_server, I have removed the 'ldasrv:hacked' module, which hasn't been worked on (other than making it continue to compile) since January, and I think the features of this module are being put into ldb anyway. I have also changed the partitions in ldap_server to be initialised after the connection, with the private pointer used to associate the ldb with the incoming session. Andrew Bartlett (This used to be commit fd7203789a2c0929eecea8125b57b833a67fed71)
2005-10-07 15:31:45 +04:00
talloc_steal(state, state->domain_name);
r8790: Finish the migration of aliases and privilages with SamSync, by adding templating support for foreignSecurityPrincipals to the samdb module. This is an extension beyond what microsoft does, and has been very useful :-) The setup scripts have been modified to use the new template, as has the SAMR and LSA code. Other cleanups in LSA remove the assumption that the short domain name is the first component of the realm. Also add a lot of useful debug messages, to make it clear how/why the SamSync may have gone wrong. Many of these should perhaps be hooked into an error string. Andrew Bartlett (This used to be commit 1f071b0609c5c83024db1d4a7d04334a932b8253)
2005-07-27 04:23:09 +04:00
r17956: LSA Cleanup! This commit cleans up a number of aspects of the LSA interface. Firstly, we do 2 simple searches on opening the LSA policy, to obtain the basic information we need. This also avoids us searching for dnsDomain (an invented attribute). While I was at it, I added and tested new LSA calls, including the enumTrustedDomainsEx call. I have also merged the identical structures lsa_DomainInformation and lsa_DomainList. Also in this commit: Fix netlogon use of uninitialised variables. Andrew Bartlett (This used to be commit 3f3fa7f466df56612064029143fbae8effb668aa)
2006-08-31 12:22:13 +04:00
state->domain_dns = ldb_msg_find_attr_as_string(ref_res->msgs[0], "dnsRoot", NULL);
if (!state->domain_dns) {
r20034: Start using ldb_search_exp_fmt() (This used to be commit 4f07542143ddf5066f0360d965f26a8470504047)
2006-12-05 07:25:27 +03:00
talloc_free(ref_res);
r17956: LSA Cleanup! This commit cleans up a number of aspects of the LSA interface. Firstly, we do 2 simple searches on opening the LSA policy, to obtain the basic information we need. This also avoids us searching for dnsDomain (an invented attribute). While I was at it, I added and tested new LSA calls, including the enumTrustedDomainsEx call. I have also merged the identical structures lsa_DomainInformation and lsa_DomainList. Also in this commit: Fix netlogon use of uninitialised variables. Andrew Bartlett (This used to be commit 3f3fa7f466df56612064029143fbae8effb668aa)
2006-08-31 12:22:13 +04:00
return NT_STATUS_NO_SUCH_DOMAIN;
}
talloc_steal(state, state->domain_dns);
talloc_free(ref_res);
r21499: fill in the correct forest dns name metze (This used to be commit c736543b15571a7c0080ba09e51b9bcf76ecda52)
2007-02-22 16:15:49 +03:00
ret = ldb_search_exp_fmt(state->sam_ldb, state, &forest_ref_res,
partitions_basedn, LDB_SCOPE_SUBTREE, ref_attrs,
"(&(objectclass=crossRef)(ncName=%s))",
ldb_dn_get_linearized(state->forest_dn));
if (ret != LDB_SUCCESS) {
talloc_free(forest_ref_res);
return NT_STATUS_INVALID_SYSTEM_SERVICE;
}
r21518: fix panic, sorry... metze (This used to be commit 3c786eb6bdb3289a237d231e75092a8b3ca56197)
2007-02-23 15:29:21 +03:00
if (forest_ref_res->count != 1) {
r21499: fill in the correct forest dns name metze (This used to be commit c736543b15571a7c0080ba09e51b9bcf76ecda52)
2007-02-22 16:15:49 +03:00
talloc_free(forest_ref_res);
return NT_STATUS_NO_SUCH_DOMAIN;
}
state->forest_dns = ldb_msg_find_attr_as_string(forest_ref_res->msgs[0], "dnsRoot", NULL);
if (!state->forest_dns) {
talloc_free(forest_ref_res);
return NT_STATUS_NO_SUCH_DOMAIN;
}
talloc_steal(state, state->forest_dns);
talloc_free(forest_ref_res);
r4277: - added server support for lsa_EnumAccounts() - expanded the lsa test suite to better test lsa_EnumAccounts() (This used to be commit bafdb1772977d98fd57bb31a328af7cb1deee788)
2004-12-19 08:53:13 +03:00
/* work out the builtin_dn - useful for so many calls its worth
fetching here */
r11122: Fix some talloc hierarchy errors (This used to be commit 449cc714b882d6ebea3e1cbf92e204efba98b6cb)
2005-10-17 19:20:52 +04:00
state->builtin_dn = samdb_search_dn(state->sam_ldb, state, state->domain_dn, "(objectClass=builtinDomain)");
r4277: - added server support for lsa_EnumAccounts() - expanded the lsa test suite to better test lsa_EnumAccounts() (This used to be commit bafdb1772977d98fd57bb31a328af7cb1deee788)
2004-12-19 08:53:13 +03:00
if (!state->builtin_dn) {
return NT_STATUS_NO_SUCH_DOMAIN;
}
r4682: A LDB-based secrets implementation in Samba4. This uses LDB (a local secrets.ldb and the global samdb) to fill out the secrets from an LSA perspective. Some small changes to come, but the bulk of the work is now done. A re-provision is required after this change. Andrew Bartlett (This used to be commit ded33033521a6a1c7ea80758c5c5aeeebb182a51)
2005-01-11 17:04:58 +03:00
/* work out the system_dn - useful for so many calls its worth
fetching here */
r11122: Fix some talloc hierarchy errors (This used to be commit 449cc714b882d6ebea3e1cbf92e204efba98b6cb)
2005-10-17 19:20:52 +04:00
state->system_dn = samdb_search_dn(state->sam_ldb, state,
r9654: introduce the samdb_search_dn call (This used to be commit 333ebb40d55c60465564b894d5028b364e99ee00)
2005-08-26 20:12:25 +04:00
state->domain_dn, "(&(objectClass=container)(cn=System))");
r4682: A LDB-based secrets implementation in Samba4. This uses LDB (a local secrets.ldb and the global samdb) to fill out the secrets from an LSA perspective. Some small changes to come, but the bulk of the work is now done. A re-provision is required after this change. Andrew Bartlett (This used to be commit ded33033521a6a1c7ea80758c5c5aeeebb182a51)
2005-01-11 17:04:58 +03:00
if (!state->system_dn) {
return NT_STATUS_NO_SUCH_DOMAIN;
}
r3994: - removed the unused reference count code in lsa server - fixed the sid_index field in lsa LookupSids and LookupNames (This used to be commit 677f701e71609d82376b1ea2fa9ebc3521896671)
2004-11-29 09:19:50 +03:00
state->builtin_sid = dom_sid_parse_talloc(state, SID_BUILTIN);
if (!state->builtin_sid) {
return NT_STATUS_NO_SUCH_DOMAIN;
}
r4323: - implement the lsa_GetUserName() server call - give lsa_lookup_sid() a chance with foreign SIDS returning NT_STATUS_NO_MEMORY makes no sense here as the ldb_msg_find_string() doesn't allocate the string metze (This used to be commit b43f34e87354c82a3392a0ba99b38b4c7185e47c)
2004-12-21 15:22:57 +03:00
*_state = state;
return NT_STATUS_OK;
}
r17968: Consolidate the DSSETUP and LSA pipes into a single file, as DSSETUP is just one call. This simplifies the one remaining DSSETUP call, and removes another user of the dnsDomain attribute. Andrew Bartlett (This used to be commit 6a54711564b67891c368c09ead3f7389ad40111f)
2006-08-31 17:10:11 +04:00
/*
dssetup_DsRoleGetPrimaryDomainInformation
r18361: Invert the way we handle LookupSids2/LookupSids3 and LookupNames3/LookupNames4 The latter calls don't supply a policy handle The latter calls now acquire a policy handle, then call the earlier calls. This means we still share the codepaths, but don't need to fetch policy state when it is already provided. Andrew Bartlett (This used to be commit 5fa9e96bd0d1f75e208be9a8a04dfc90a854bee9)
2006-09-11 09:11:10 +04:00
This is not an LSA call, but is the only call left on the DSSETUP
pipe (after the pipe was truncated), and needs lsa_get_policy_state
r17968: Consolidate the DSSETUP and LSA pipes into a single file, as DSSETUP is just one call. This simplifies the one remaining DSSETUP call, and removes another user of the dnsDomain attribute. Andrew Bartlett (This used to be commit 6a54711564b67891c368c09ead3f7389ad40111f)
2006-08-31 17:10:11 +04:00
*/
r20850: Prefix all server calls with dcesrv_ (This used to be commit 76c78b0339cd88c61a13745f7f4e037f400db21b)
2007-01-17 17:49:36 +03:00
static WERROR dcesrv_dssetup_DsRoleGetPrimaryDomainInformation(struct dcesrv_call_state *dce_call,
r17968: Consolidate the DSSETUP and LSA pipes into a single file, as DSSETUP is just one call. This simplifies the one remaining DSSETUP call, and removes another user of the dnsDomain attribute. Andrew Bartlett (This used to be commit 6a54711564b67891c368c09ead3f7389ad40111f)
2006-08-31 17:10:11 +04:00
TALLOC_CTX *mem_ctx,
struct dssetup_DsRoleGetPrimaryDomainInformation *r)
{
union dssetup_DsRoleInfo *info;
info = talloc(mem_ctx, union dssetup_DsRoleInfo);
W_ERROR_HAVE_NO_MEMORY(info);
switch (r->in.level) {
case DS_ROLE_BASIC_INFORMATION:
{
enum dssetup_DsRole role = DS_ROLE_STANDALONE_SERVER;
uint32_t flags = 0;
const char *domain = NULL;
const char *dns_domain = NULL;
const char *forest = NULL;
struct GUID domain_guid;
struct lsa_policy_state *state;
r20850: Prefix all server calls with dcesrv_ (This used to be commit 76c78b0339cd88c61a13745f7f4e037f400db21b)
2007-01-17 17:49:36 +03:00
NTSTATUS status = dcesrv_lsa_get_policy_state(dce_call, mem_ctx, &state);
r17968: Consolidate the DSSETUP and LSA pipes into a single file, as DSSETUP is just one call. This simplifies the one remaining DSSETUP call, and removes another user of the dnsDomain attribute. Andrew Bartlett (This used to be commit 6a54711564b67891c368c09ead3f7389ad40111f)
2006-08-31 17:10:11 +04:00
if (!NT_STATUS_IS_OK(status)) {
return ntstatus_to_werror(status);
}
ZERO_STRUCT(domain_guid);
switch (lp_server_role()) {
case ROLE_STANDALONE:
role = DS_ROLE_STANDALONE_SERVER;
break;
case ROLE_DOMAIN_MEMBER:
role = DS_ROLE_MEMBER_SERVER;
break;
r20149: Remove the smb.conf distinction between PDC and BDC. Now the correct way to setup a Samba4 DC is to set 'server role = domain controller'. We use the fSMORoleOwner attribute in the base DN to determine the PDC. This patch is quite large, as I have corrected a number of places that assumed taht we are always the PDC, or that used the smb.conf lp_server_role() to determine that. Also included is a warning fix in the SAMR code, where the IDL has seperated a couple of types for group display enumeration. We also now use the ldb database to determine if we should run the global catalog service. In the near future, I will complete the DRSUAPI DsGetDomainControllerInfo server-side on the same basis. Andrew Bartlett (This used to be commit 67d8365e831adf3eaecd8b34dcc481fc82565893)
2006-12-13 14:19:51 +03:00
case ROLE_DOMAIN_CONTROLLER:
if (samdb_is_pdc(state->sam_ldb)) {
role = DS_ROLE_PRIMARY_DC;
} else {
role = DS_ROLE_BACKUP_DC;
}
r17968: Consolidate the DSSETUP and LSA pipes into a single file, as DSSETUP is just one call. This simplifies the one remaining DSSETUP call, and removes another user of the dnsDomain attribute. Andrew Bartlett (This used to be commit 6a54711564b67891c368c09ead3f7389ad40111f)
2006-08-31 17:10:11 +04:00
break;
}
switch (lp_server_role()) {
case ROLE_STANDALONE:
domain = talloc_strdup(mem_ctx, lp_workgroup());
W_ERROR_HAVE_NO_MEMORY(domain);
break;
case ROLE_DOMAIN_MEMBER:
domain = talloc_strdup(mem_ctx, lp_workgroup());
W_ERROR_HAVE_NO_MEMORY(domain);
/* TODO: what is with dns_domain and forest and guid? */
break;
r20149: Remove the smb.conf distinction between PDC and BDC. Now the correct way to setup a Samba4 DC is to set 'server role = domain controller'. We use the fSMORoleOwner attribute in the base DN to determine the PDC. This patch is quite large, as I have corrected a number of places that assumed taht we are always the PDC, or that used the smb.conf lp_server_role() to determine that. Also included is a warning fix in the SAMR code, where the IDL has seperated a couple of types for group display enumeration. We also now use the ldb database to determine if we should run the global catalog service. In the near future, I will complete the DRSUAPI DsGetDomainControllerInfo server-side on the same basis. Andrew Bartlett (This used to be commit 67d8365e831adf3eaecd8b34dcc481fc82565893)
2006-12-13 14:19:51 +03:00
case ROLE_DOMAIN_CONTROLLER:
r17968: Consolidate the DSSETUP and LSA pipes into a single file, as DSSETUP is just one call. This simplifies the one remaining DSSETUP call, and removes another user of the dnsDomain attribute. Andrew Bartlett (This used to be commit 6a54711564b67891c368c09ead3f7389ad40111f)
2006-08-31 17:10:11 +04:00
flags = DS_ROLE_PRIMARY_DS_RUNNING;
if (state->mixed_domain == 1) {
flags |= DS_ROLE_PRIMARY_DS_MIXED_MODE;
}
domain = state->domain_name;
dns_domain = state->domain_dns;
r21499: fill in the correct forest dns name metze (This used to be commit c736543b15571a7c0080ba09e51b9bcf76ecda52)
2007-02-22 16:15:49 +03:00
forest = state->forest_dns;
r17968: Consolidate the DSSETUP and LSA pipes into a single file, as DSSETUP is just one call. This simplifies the one remaining DSSETUP call, and removes another user of the dnsDomain attribute. Andrew Bartlett (This used to be commit 6a54711564b67891c368c09ead3f7389ad40111f)
2006-08-31 17:10:11 +04:00
domain_guid = state->domain_guid;
flags |= DS_ROLE_PRIMARY_DOMAIN_GUID_PRESENT;
break;
}
info->basic.role = role;
info->basic.flags = flags;
info->basic.domain = domain;
info->basic.dns_domain = dns_domain;
info->basic.forest = forest;
info->basic.domain_guid = domain_guid;
r->out.info = info;
return WERR_OK;
}
case DS_ROLE_UPGRADE_STATUS:
{
info->upgrade.upgrading = DS_ROLE_NOT_UPGRADING;
info->upgrade.previous_role = DS_ROLE_PREVIOUS_UNKNOWN;
r->out.info = info;
return WERR_OK;
}
case DS_ROLE_OP_STATUS:
{
info->opstatus.status = DS_ROLE_OP_IDLE;
r->out.info = info;
return WERR_OK;
}
default:
return WERR_INVALID_PARAM;
}
return WERR_INVALID_PARAM;
}
r4323: - implement the lsa_GetUserName() server call - give lsa_lookup_sid() a chance with foreign SIDS returning NT_STATUS_NO_MEMORY makes no sense here as the ldb_msg_find_string() doesn't allocate the string metze (This used to be commit b43f34e87354c82a3392a0ba99b38b4c7185e47c)
2004-12-21 15:22:57 +03:00
/*
lsa_OpenPolicy2
*/
r20850: Prefix all server calls with dcesrv_ (This used to be commit 76c78b0339cd88c61a13745f7f4e037f400db21b)
2007-01-17 17:49:36 +03:00
static NTSTATUS dcesrv_lsa_OpenPolicy2(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
r4323: - implement the lsa_GetUserName() server call - give lsa_lookup_sid() a chance with foreign SIDS returning NT_STATUS_NO_MEMORY makes no sense here as the ldb_msg_find_string() doesn't allocate the string metze (This used to be commit b43f34e87354c82a3392a0ba99b38b4c7185e47c)
2004-12-21 15:22:57 +03:00
struct lsa_OpenPolicy2 *r)
{
NTSTATUS status;
struct lsa_policy_state *state;
struct dcesrv_handle *handle;
ZERO_STRUCTP(r->out.handle);
r20850: Prefix all server calls with dcesrv_ (This used to be commit 76c78b0339cd88c61a13745f7f4e037f400db21b)
2007-01-17 17:49:36 +03:00
status = dcesrv_lsa_get_policy_state(dce_call, mem_ctx, &state);
r4323: - implement the lsa_GetUserName() server call - give lsa_lookup_sid() a chance with foreign SIDS returning NT_STATUS_NO_MEMORY makes no sense here as the ldb_msg_find_string() doesn't allocate the string metze (This used to be commit b43f34e87354c82a3392a0ba99b38b4c7185e47c)
2004-12-21 15:22:57 +03:00
if (!NT_STATUS_IS_OK(status)) {
return status;
}
r3979: added server side code for lsa_LookupSids2() and fixed authority_name return code to include our own domain. editing of ACLs via the w2k3 GUI works nicely (and faster) with these changes (This used to be commit a3f7f34b3965ddbd89b06334e03d2e1bb6aa364b)
2004-11-26 15:30:39 +03:00
r4640: first stage in the server side support for multiple context_ids on one pipe this stage does the following: - simplifies the dcerpc_handle handling, and all the callers of it - split out the context_id depenent state into a linked list of established contexts - fixed some talloc handling in several rpc servers that i noticed while doing the above (This used to be commit fde042b3fc609c94e2c7eedcdd72ecdf489cf63b)
2005-01-10 15:15:26 +03:00
handle = dcesrv_handle_new(dce_call->context, LSA_HANDLE_POLICY);
r917: - added the start of a LSA server to samba4. - added start of QueryDomainInfo in samr server "net rpc info" from samba3 now works against a samba4 server. I suspect join will work fairly soon. (This used to be commit 0a2c6a1062d0e364356853001f5f39bdb542f453)
2004-05-27 08:13:58 +04:00
if (!handle) {
return NT_STATUS_NO_MEMORY;
}
r4640: first stage in the server side support for multiple context_ids on one pipe this stage does the following: - simplifies the dcerpc_handle handling, and all the callers of it - split out the context_id depenent state into a linked list of established contexts - fixed some talloc handling in several rpc servers that i noticed while doing the above (This used to be commit fde042b3fc609c94e2c7eedcdd72ecdf489cf63b)
2005-01-10 15:15:26 +03:00
handle->data = talloc_steal(handle, state);
r917: - added the start of a LSA server to samba4. - added start of QueryDomainInfo in samr server "net rpc info" from samba3 now works against a samba4 server. I suspect join will work fairly soon. (This used to be commit 0a2c6a1062d0e364356853001f5f39bdb542f453)
2004-05-27 08:13:58 +04:00
state->access_mask = r->in.access_mask;
r4280: added server side support for lsa_AddPrivilegesToAccount() and lsa_RemovePrivilegesFromAccount() these are the last of the server side privileges functions. We should now have a complete privileges implementation. (This used to be commit 76db300232f5557377dca059d17ea3c28a0a425c)
2004-12-19 10:50:19 +03:00
state->handle = handle;
r917: - added the start of a LSA server to samba4. - added start of QueryDomainInfo in samr server "net rpc info" from samba3 now works against a samba4 server. I suspect join will work fairly soon. (This used to be commit 0a2c6a1062d0e364356853001f5f39bdb542f453)
2004-05-27 08:13:58 +04:00
*r->out.handle = handle->wire_handle;
/* note that we have completely ignored the attr element of
the OpenPolicy. As far as I can tell, this is what w2k3
does */
return NT_STATUS_OK;
}
r919: - added lsa_QueryInfoPolicy2() to IDL, test suite and server - added lsa_OpenPolicy2() to server - added guid handling in samdb - added a couple more info policy levels in lsa server - added some DNS info in the provisioning template and script With the above changes WinXP professional can join a Samba4 domain (This used to be commit d6dca96352144d6061175c964069ed54d942b9c2)
2004-05-27 10:27:21 +04:00
/*
lsa_OpenPolicy
a wrapper around lsa_OpenPolicy2
*/
r20850: Prefix all server calls with dcesrv_ (This used to be commit 76c78b0339cd88c61a13745f7f4e037f400db21b)
2007-01-17 17:49:36 +03:00
static NTSTATUS dcesrv_lsa_OpenPolicy(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
r919: - added lsa_QueryInfoPolicy2() to IDL, test suite and server - added lsa_OpenPolicy2() to server - added guid handling in samdb - added a couple more info policy levels in lsa server - added some DNS info in the provisioning template and script With the above changes WinXP professional can join a Samba4 domain (This used to be commit d6dca96352144d6061175c964069ed54d942b9c2)
2004-05-27 10:27:21 +04:00
struct lsa_OpenPolicy *r)
{
struct lsa_OpenPolicy2 r2;
r2.in.system_name = NULL;
r2.in.attr = r->in.attr;
r2.in.access_mask = r->in.access_mask;
r2.out.handle = r->out.handle;
r20850: Prefix all server calls with dcesrv_ (This used to be commit 76c78b0339cd88c61a13745f7f4e037f400db21b)
2007-01-17 17:49:36 +03:00
return dcesrv_lsa_OpenPolicy2(dce_call, mem_ctx, &r2);
r919: - added lsa_QueryInfoPolicy2() to IDL, test suite and server - added lsa_OpenPolicy2() to server - added guid handling in samdb - added a couple more info policy levels in lsa server - added some DNS info in the provisioning template and script With the above changes WinXP professional can join a Samba4 domain (This used to be commit d6dca96352144d6061175c964069ed54d942b9c2)
2004-05-27 10:27:21 +04:00
}
r917: - added the start of a LSA server to samba4. - added start of QueryDomainInfo in samr server "net rpc info" from samba3 now works against a samba4 server. I suspect join will work fairly soon. (This used to be commit 0a2c6a1062d0e364356853001f5f39bdb542f453)
2004-05-27 08:13:58 +04:00
/*
fill in the AccountDomain info
*/
r20850: Prefix all server calls with dcesrv_ (This used to be commit 76c78b0339cd88c61a13745f7f4e037f400db21b)
2007-01-17 17:49:36 +03:00
static NTSTATUS dcesrv_lsa_info_AccountDomain(struct lsa_policy_state *state, TALLOC_CTX *mem_ctx,
r917: - added the start of a LSA server to samba4. - added start of QueryDomainInfo in samr server "net rpc info" from samba3 now works against a samba4 server. I suspect join will work fairly soon. (This used to be commit 0a2c6a1062d0e364356853001f5f39bdb542f453)
2004-05-27 08:13:58 +04:00
struct lsa_DomainInfo *info)
{
r8982: "name" is not the netbios name, but the RDN. Return the correct netbios domain name of the host, as well as the sid from the cache we fetched earlier. Andrew Bartlett (This used to be commit c847ca2cc8244a7ce4180d17397723a486bbecc8)
2005-08-03 09:25:30 +04:00
info->name.string = state->domain_name;
info->sid = state->domain_sid;
r917: - added the start of a LSA server to samba4. - added start of QueryDomainInfo in samr server "net rpc info" from samba3 now works against a samba4 server. I suspect join will work fairly soon. (This used to be commit 0a2c6a1062d0e364356853001f5f39bdb542f453)
2004-05-27 08:13:58 +04:00
return NT_STATUS_OK;
}
r919: - added lsa_QueryInfoPolicy2() to IDL, test suite and server - added lsa_OpenPolicy2() to server - added guid handling in samdb - added a couple more info policy levels in lsa server - added some DNS info in the provisioning template and script With the above changes WinXP professional can join a Samba4 domain (This used to be commit d6dca96352144d6061175c964069ed54d942b9c2)
2004-05-27 10:27:21 +04:00
/*
fill in the DNS domain info
*/
r20850: Prefix all server calls with dcesrv_ (This used to be commit 76c78b0339cd88c61a13745f7f4e037f400db21b)
2007-01-17 17:49:36 +03:00
static NTSTATUS dcesrv_lsa_info_DNS(struct lsa_policy_state *state, TALLOC_CTX *mem_ctx,
r919: - added lsa_QueryInfoPolicy2() to IDL, test suite and server - added lsa_OpenPolicy2() to server - added guid handling in samdb - added a couple more info policy levels in lsa server - added some DNS info in the provisioning template and script With the above changes WinXP professional can join a Samba4 domain (This used to be commit d6dca96352144d6061175c964069ed54d942b9c2)
2004-05-27 10:27:21 +04:00
struct lsa_DnsDomainInfo *info)
{
r8982: "name" is not the netbios name, but the RDN. Return the correct netbios domain name of the host, as well as the sid from the cache we fetched earlier. Andrew Bartlett (This used to be commit c847ca2cc8244a7ce4180d17397723a486bbecc8)
2005-08-03 09:25:30 +04:00
info->name.string = state->domain_name;
info->sid = state->domain_sid;
r17956: LSA Cleanup! This commit cleans up a number of aspects of the LSA interface. Firstly, we do 2 simple searches on opening the LSA policy, to obtain the basic information we need. This also avoids us searching for dnsDomain (an invented attribute). While I was at it, I added and tested new LSA calls, including the enumTrustedDomainsEx call. I have also merged the identical structures lsa_DomainInformation and lsa_DomainList. Also in this commit: Fix netlogon use of uninitialised variables. Andrew Bartlett (This used to be commit 3f3fa7f466df56612064029143fbae8effb668aa)
2006-08-31 12:22:13 +04:00
info->dns_domain.string = state->domain_dns;
r21499: fill in the correct forest dns name metze (This used to be commit c736543b15571a7c0080ba09e51b9bcf76ecda52)
2007-02-22 16:15:49 +03:00
info->dns_forest.string = state->forest_dns;
r17956: LSA Cleanup! This commit cleans up a number of aspects of the LSA interface. Firstly, we do 2 simple searches on opening the LSA policy, to obtain the basic information we need. This also avoids us searching for dnsDomain (an invented attribute). While I was at it, I added and tested new LSA calls, including the enumTrustedDomainsEx call. I have also merged the identical structures lsa_DomainInformation and lsa_DomainList. Also in this commit: Fix netlogon use of uninitialised variables. Andrew Bartlett (This used to be commit 3f3fa7f466df56612064029143fbae8effb668aa)
2006-08-31 12:22:13 +04:00
info->domain_guid = state->domain_guid;
r919: - added lsa_QueryInfoPolicy2() to IDL, test suite and server - added lsa_OpenPolicy2() to server - added guid handling in samdb - added a couple more info policy levels in lsa server - added some DNS info in the provisioning template and script With the above changes WinXP professional can join a Samba4 domain (This used to be commit d6dca96352144d6061175c964069ed54d942b9c2)
2004-05-27 10:27:21 +04:00
return NT_STATUS_OK;
}
r917: - added the start of a LSA server to samba4. - added start of QueryDomainInfo in samr server "net rpc info" from samba3 now works against a samba4 server. I suspect join will work fairly soon. (This used to be commit 0a2c6a1062d0e364356853001f5f39bdb542f453)
2004-05-27 08:13:58 +04:00
/*
r919: - added lsa_QueryInfoPolicy2() to IDL, test suite and server - added lsa_OpenPolicy2() to server - added guid handling in samdb - added a couple more info policy levels in lsa server - added some DNS info in the provisioning template and script With the above changes WinXP professional can join a Samba4 domain (This used to be commit d6dca96352144d6061175c964069ed54d942b9c2)
2004-05-27 10:27:21 +04:00
lsa_QueryInfoPolicy2
r917: - added the start of a LSA server to samba4. - added start of QueryDomainInfo in samr server "net rpc info" from samba3 now works against a samba4 server. I suspect join will work fairly soon. (This used to be commit 0a2c6a1062d0e364356853001f5f39bdb542f453)
2004-05-27 08:13:58 +04:00
*/
r20850: Prefix all server calls with dcesrv_ (This used to be commit 76c78b0339cd88c61a13745f7f4e037f400db21b)
2007-01-17 17:49:36 +03:00
static NTSTATUS dcesrv_lsa_QueryInfoPolicy2(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
r919: - added lsa_QueryInfoPolicy2() to IDL, test suite and server - added lsa_OpenPolicy2() to server - added guid handling in samdb - added a couple more info policy levels in lsa server - added some DNS info in the provisioning template and script With the above changes WinXP professional can join a Samba4 domain (This used to be commit d6dca96352144d6061175c964069ed54d942b9c2)
2004-05-27 10:27:21 +04:00
struct lsa_QueryInfoPolicy2 *r)
r917: - added the start of a LSA server to samba4. - added start of QueryDomainInfo in samr server "net rpc info" from samba3 now works against a samba4 server. I suspect join will work fairly soon. (This used to be commit 0a2c6a1062d0e364356853001f5f39bdb542f453)
2004-05-27 08:13:58 +04:00
{
struct lsa_policy_state *state;
struct dcesrv_handle *h;
r->out.info = NULL;
DCESRV_PULL_HANDLE(h, r->in.handle, LSA_HANDLE_POLICY);
state = h->data;
r5037: got rid of all of the TALLOC_DEPRECATED stuff. My apologies for the large commit. I thought this was worthwhile to get done for consistency. (This used to be commit ec32b22ed5ec224f6324f5e069d15e92e38e15c0)
2005-01-27 10:08:20 +03:00
r->out.info = talloc(mem_ctx, union lsa_PolicyInformation);
r917: - added the start of a LSA server to samba4. - added start of QueryDomainInfo in samr server "net rpc info" from samba3 now works against a samba4 server. I suspect join will work fairly soon. (This used to be commit 0a2c6a1062d0e364356853001f5f39bdb542f453)
2004-05-27 08:13:58 +04:00
if (!r->out.info) {
return NT_STATUS_NO_MEMORY;
}
ZERO_STRUCTP(r->out.info);
switch (r->in.level) {
r919: - added lsa_QueryInfoPolicy2() to IDL, test suite and server - added lsa_OpenPolicy2() to server - added guid handling in samdb - added a couple more info policy levels in lsa server - added some DNS info in the provisioning template and script With the above changes WinXP professional can join a Samba4 domain (This used to be commit d6dca96352144d6061175c964069ed54d942b9c2)
2004-05-27 10:27:21 +04:00
case LSA_POLICY_INFO_DOMAIN:
r917: - added the start of a LSA server to samba4. - added start of QueryDomainInfo in samr server "net rpc info" from samba3 now works against a samba4 server. I suspect join will work fairly soon. (This used to be commit 0a2c6a1062d0e364356853001f5f39bdb542f453)
2004-05-27 08:13:58 +04:00
case LSA_POLICY_INFO_ACCOUNT_DOMAIN:
r20850: Prefix all server calls with dcesrv_ (This used to be commit 76c78b0339cd88c61a13745f7f4e037f400db21b)
2007-01-17 17:49:36 +03:00
return dcesrv_lsa_info_AccountDomain(state, mem_ctx, &r->out.info->account_domain);
r919: - added lsa_QueryInfoPolicy2() to IDL, test suite and server - added lsa_OpenPolicy2() to server - added guid handling in samdb - added a couple more info policy levels in lsa server - added some DNS info in the provisioning template and script With the above changes WinXP professional can join a Samba4 domain (This used to be commit d6dca96352144d6061175c964069ed54d942b9c2)
2004-05-27 10:27:21 +04:00
case LSA_POLICY_INFO_DNS:
r20850: Prefix all server calls with dcesrv_ (This used to be commit 76c78b0339cd88c61a13745f7f4e037f400db21b)
2007-01-17 17:49:36 +03:00
return dcesrv_lsa_info_DNS(state, mem_ctx, &r->out.info->dns);
r917: - added the start of a LSA server to samba4. - added start of QueryDomainInfo in samr server "net rpc info" from samba3 now works against a samba4 server. I suspect join will work fairly soon. (This used to be commit 0a2c6a1062d0e364356853001f5f39bdb542f453)
2004-05-27 08:13:58 +04:00
}
return NT_STATUS_INVALID_INFO_CLASS;
}
r919: - added lsa_QueryInfoPolicy2() to IDL, test suite and server - added lsa_OpenPolicy2() to server - added guid handling in samdb - added a couple more info policy levels in lsa server - added some DNS info in the provisioning template and script With the above changes WinXP professional can join a Samba4 domain (This used to be commit d6dca96352144d6061175c964069ed54d942b9c2)
2004-05-27 10:27:21 +04:00
/*
lsa_QueryInfoPolicy
*/
r20850: Prefix all server calls with dcesrv_ (This used to be commit 76c78b0339cd88c61a13745f7f4e037f400db21b)
2007-01-17 17:49:36 +03:00
static NTSTATUS dcesrv_lsa_QueryInfoPolicy(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
r919: - added lsa_QueryInfoPolicy2() to IDL, test suite and server - added lsa_OpenPolicy2() to server - added guid handling in samdb - added a couple more info policy levels in lsa server - added some DNS info in the provisioning template and script With the above changes WinXP professional can join a Samba4 domain (This used to be commit d6dca96352144d6061175c964069ed54d942b9c2)
2004-05-27 10:27:21 +04:00
struct lsa_QueryInfoPolicy *r)
{
struct lsa_QueryInfoPolicy2 r2;
NTSTATUS status;
r2.in.handle = r->in.handle;
r2.in.level = r->in.level;
r20850: Prefix all server calls with dcesrv_ (This used to be commit 76c78b0339cd88c61a13745f7f4e037f400db21b)
2007-01-17 17:49:36 +03:00
status = dcesrv_lsa_QueryInfoPolicy2(dce_call, mem_ctx, &r2);
r919: - added lsa_QueryInfoPolicy2() to IDL, test suite and server - added lsa_OpenPolicy2() to server - added guid handling in samdb - added a couple more info policy levels in lsa server - added some DNS info in the provisioning template and script With the above changes WinXP professional can join a Samba4 domain (This used to be commit d6dca96352144d6061175c964069ed54d942b9c2)
2004-05-27 10:27:21 +04:00
r->out.info = r2.out.info;
return status;
}
r917: - added the start of a LSA server to samba4. - added start of QueryDomainInfo in samr server "net rpc info" from samba3 now works against a samba4 server. I suspect join will work fairly soon. (This used to be commit 0a2c6a1062d0e364356853001f5f39bdb542f453)
2004-05-27 08:13:58 +04:00
/*
lsa_SetInfoPolicy
*/
r20850: Prefix all server calls with dcesrv_ (This used to be commit 76c78b0339cd88c61a13745f7f4e037f400db21b)
2007-01-17 17:49:36 +03:00
static NTSTATUS dcesrv_lsa_SetInfoPolicy(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
r917: - added the start of a LSA server to samba4. - added start of QueryDomainInfo in samr server "net rpc info" from samba3 now works against a samba4 server. I suspect join will work fairly soon. (This used to be commit 0a2c6a1062d0e364356853001f5f39bdb542f453)
2004-05-27 08:13:58 +04:00
struct lsa_SetInfoPolicy *r)
{
DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
}
/*
lsa_ClearAuditLog
*/
r20850: Prefix all server calls with dcesrv_ (This used to be commit 76c78b0339cd88c61a13745f7f4e037f400db21b)
2007-01-17 17:49:36 +03:00
static NTSTATUS dcesrv_lsa_ClearAuditLog(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
r917: - added the start of a LSA server to samba4. - added start of QueryDomainInfo in samr server "net rpc info" from samba3 now works against a samba4 server. I suspect join will work fairly soon. (This used to be commit 0a2c6a1062d0e364356853001f5f39bdb542f453)
2004-05-27 08:13:58 +04:00
struct lsa_ClearAuditLog *r)
{
DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
}
/*
lsa_CreateAccount
*/
r20850: Prefix all server calls with dcesrv_ (This used to be commit 76c78b0339cd88c61a13745f7f4e037f400db21b)
2007-01-17 17:49:36 +03:00
static NTSTATUS dcesrv_lsa_CreateAccount(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
r917: - added the start of a LSA server to samba4. - added start of QueryDomainInfo in samr server "net rpc info" from samba3 now works against a samba4 server. I suspect join will work fairly soon. (This used to be commit 0a2c6a1062d0e364356853001f5f39bdb542f453)
2004-05-27 08:13:58 +04:00
struct lsa_CreateAccount *r)
{
r16827: Factor out some code into common samdb functions: - creation of ForeignSecurityPrincipals - template duplication code Rework much of the LSA server to pass the RPC-LSA test. Much of the server code was untested. In implementing the LSA Accounts feature, I have opted to have it only create entires when privilages are applied, and not to delete entries, but to delete the privilages. We skip some parts of the test, but it is much better than not testing it at all. Andrew Bartlett (This used to be commit 10eeea6da465564ed9f785d06e2d2ed06cfe29a4)
2006-07-06 09:23:29 +04:00
struct lsa_account_state *astate;
struct lsa_policy_state *state;
struct dcesrv_handle *h, *ah;
ZERO_STRUCTP(r->out.acct_handle);
DCESRV_PULL_HANDLE(h, r->in.handle, LSA_HANDLE_POLICY);
state = h->data;
astate = talloc(dce_call->conn, struct lsa_account_state);
if (astate == NULL) {
return NT_STATUS_NO_MEMORY;
}
astate->account_sid = dom_sid_dup(astate, r->in.sid);
if (astate->account_sid == NULL) {
talloc_free(astate);
return NT_STATUS_NO_MEMORY;
}
astate->policy = talloc_reference(astate, state);
astate->access_mask = r->in.access_mask;
ah = dcesrv_handle_new(dce_call->context, LSA_HANDLE_ACCOUNT);
if (!ah) {
talloc_free(astate);
return NT_STATUS_NO_MEMORY;
}
ah->data = talloc_steal(ah, astate);
*r->out.acct_handle = ah->wire_handle;
return NT_STATUS_OK;
r917: - added the start of a LSA server to samba4. - added start of QueryDomainInfo in samr server "net rpc info" from samba3 now works against a samba4 server. I suspect join will work fairly soon. (This used to be commit 0a2c6a1062d0e364356853001f5f39bdb542f453)
2004-05-27 08:13:58 +04:00
}
/*
lsa_EnumAccounts
*/
r20850: Prefix all server calls with dcesrv_ (This used to be commit 76c78b0339cd88c61a13745f7f4e037f400db21b)
2007-01-17 17:49:36 +03:00
static NTSTATUS dcesrv_lsa_EnumAccounts(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
r917: - added the start of a LSA server to samba4. - added start of QueryDomainInfo in samr server "net rpc info" from samba3 now works against a samba4 server. I suspect join will work fairly soon. (This used to be commit 0a2c6a1062d0e364356853001f5f39bdb542f453)
2004-05-27 08:13:58 +04:00
struct lsa_EnumAccounts *r)
{
r4277: - added server support for lsa_EnumAccounts() - expanded the lsa test suite to better test lsa_EnumAccounts() (This used to be commit bafdb1772977d98fd57bb31a328af7cb1deee788)
2004-12-19 08:53:13 +03:00
struct dcesrv_handle *h;
struct lsa_policy_state *state;
int ret, i;
struct ldb_message **res;
const char * const attrs[] = { "objectSid", NULL};
uint32_t count;
DCESRV_PULL_HANDLE(h, r->in.handle, LSA_HANDLE_POLICY);
state = h->data;
r16827: Factor out some code into common samdb functions: - creation of ForeignSecurityPrincipals - template duplication code Rework much of the LSA server to pass the RPC-LSA test. Much of the server code was untested. In implementing the LSA Accounts feature, I have opted to have it only create entires when privilages are applied, and not to delete entries, but to delete the privilages. We skip some parts of the test, but it is much better than not testing it at all. Andrew Bartlett (This used to be commit 10eeea6da465564ed9f785d06e2d2ed06cfe29a4)
2006-07-06 09:23:29 +04:00
/* NOTE: This call must only return accounts that have at least
one privilege set
*/
r17823: get rid of most of the samdb_base_dn() calls, as they are no longer needed in searches (This used to be commit a5ea749f0ac63bf495a55ee8d9d002208ab93572)
2006-08-25 11:08:06 +04:00
ret = gendb_search(state->sam_ldb, mem_ctx, NULL, &res, attrs,
r16827: Factor out some code into common samdb functions: - creation of ForeignSecurityPrincipals - template duplication code Rework much of the LSA server to pass the RPC-LSA test. Much of the server code was untested. In implementing the LSA Accounts feature, I have opted to have it only create entires when privilages are applied, and not to delete entries, but to delete the privilages. We skip some parts of the test, but it is much better than not testing it at all. Andrew Bartlett (This used to be commit 10eeea6da465564ed9f785d06e2d2ed06cfe29a4)
2006-07-06 09:23:29 +04:00
"(&(objectSid=*)(privilege=*))");
if (ret < 0) {
r4277: - added server support for lsa_EnumAccounts() - expanded the lsa test suite to better test lsa_EnumAccounts() (This used to be commit bafdb1772977d98fd57bb31a328af7cb1deee788)
2004-12-19 08:53:13 +03:00
return NT_STATUS_NO_SUCH_USER;
}
if (*r->in.resume_handle >= ret) {
return NT_STATUS_NO_MORE_ENTRIES;
}
count = ret - *r->in.resume_handle;
if (count > r->in.num_entries) {
count = r->in.num_entries;
}
if (count == 0) {
return NT_STATUS_NO_MORE_ENTRIES;
}
r5037: got rid of all of the TALLOC_DEPRECATED stuff. My apologies for the large commit. I thought this was worthwhile to get done for consistency. (This used to be commit ec32b22ed5ec224f6324f5e069d15e92e38e15c0)
2005-01-27 10:08:20 +03:00
r->out.sids->sids = talloc_array(r->out.sids, struct lsa_SidPtr, count);
r4277: - added server support for lsa_EnumAccounts() - expanded the lsa test suite to better test lsa_EnumAccounts() (This used to be commit bafdb1772977d98fd57bb31a328af7cb1deee788)
2004-12-19 08:53:13 +03:00
if (r->out.sids->sids == NULL) {
return NT_STATUS_NO_MEMORY;
}
for (i=0;i<count;i++) {
r7860: switch our ldb storage format to use a NDR encoded objectSid. This is quite a large change as we had lots of code that assumed that objectSid was a string in S- format. metze and simo tried to convince me to use NDR format months ago, but I didn't listen, so its fair that I have the pain of fixing all the code now :-) This builds on the ldb_register_samba_handlers() and ldif handlers code I did earlier this week. There are still three parts of this conversion I have not finished: - the ltdb index records need to use the string form of the objectSid (to keep the DNs sane). Until that it done I have disabled indexing on objectSid, which is a big performance hit, but allows us to pass all our tests while I rejig the indexing system to use a externally supplied conversion function - I haven't yet put in place the code that allows client to use the "S-xxx-yyy" form for objectSid in ldap search expressions. w2k3 supports this, presumably by looking for the "S-" prefix to determine what type of objectSid form is being used by the client. I have been working on ways to handle this, but am not happy with them yet so they aren't part of this patch - I need to change pidl to generate push functions that take a "const void *" instead of a "void*" for the data pointer. That will fix the couple of new warnings this code generates. Luckily it many places the conversion to NDR formatted records actually simplified the code, as it means we no longer need as many calls to dom_sid_parse_talloc(). In some places it got more complex, but not many. (This used to be commit d40bc2fa8ddd43560315688eebdbe98bdd02756c)
2005-06-24 04:18:20 +04:00
r->out.sids->sids[i].sid =
samdb_result_dom_sid(r->out.sids->sids,
res[i + *r->in.resume_handle],
"objectSid");
NT_STATUS_HAVE_NO_MEMORY(r->out.sids->sids[i].sid);
r4277: - added server support for lsa_EnumAccounts() - expanded the lsa test suite to better test lsa_EnumAccounts() (This used to be commit bafdb1772977d98fd57bb31a328af7cb1deee788)
2004-12-19 08:53:13 +03:00
}
r->out.sids->num_sids = count;
*r->out.resume_handle = count + *r->in.resume_handle;
return NT_STATUS_OK;
r917: - added the start of a LSA server to samba4. - added start of QueryDomainInfo in samr server "net rpc info" from samba3 now works against a samba4 server. I suspect join will work fairly soon. (This used to be commit 0a2c6a1062d0e364356853001f5f39bdb542f453)
2004-05-27 08:13:58 +04:00
}
r4698: - Initial implementation of trusted domains in LSA. - Use templates for Secrets and the new trusted domains - Auto-add modifiedTime, createdTime and objectGUID to records in the samdb layer. Andrew Bartlett (This used to be commit 271c8faadfe2d9e0f3d523a1cdc831f5f9e35d19)
2005-01-12 05:40:25 +03:00
/*
lsa_CreateTrustedDomainEx2
*/
r20850: Prefix all server calls with dcesrv_ (This used to be commit 76c78b0339cd88c61a13745f7f4e037f400db21b)
2007-01-17 17:49:36 +03:00
static NTSTATUS dcesrv_lsa_CreateTrustedDomainEx2(struct dcesrv_call_state *dce_call,
r4698: - Initial implementation of trusted domains in LSA. - Use templates for Secrets and the new trusted domains - Auto-add modifiedTime, createdTime and objectGUID to records in the samdb layer. Andrew Bartlett (This used to be commit 271c8faadfe2d9e0f3d523a1cdc831f5f9e35d19)
2005-01-12 05:40:25 +03:00
TALLOC_CTX *mem_ctx,
struct lsa_CreateTrustedDomainEx2 *r)
{
DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
}
/*
lsa_CreateTrustedDomainEx
*/
r20850: Prefix all server calls with dcesrv_ (This used to be commit 76c78b0339cd88c61a13745f7f4e037f400db21b)
2007-01-17 17:49:36 +03:00
static NTSTATUS dcesrv_lsa_CreateTrustedDomainEx(struct dcesrv_call_state *dce_call,
r4698: - Initial implementation of trusted domains in LSA. - Use templates for Secrets and the new trusted domains - Auto-add modifiedTime, createdTime and objectGUID to records in the samdb layer. Andrew Bartlett (This used to be commit 271c8faadfe2d9e0f3d523a1cdc831f5f9e35d19)
2005-01-12 05:40:25 +03:00
TALLOC_CTX *mem_ctx,
struct lsa_CreateTrustedDomainEx *r)
{
DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
}
r917: - added the start of a LSA server to samba4. - added start of QueryDomainInfo in samr server "net rpc info" from samba3 now works against a samba4 server. I suspect join will work fairly soon. (This used to be commit 0a2c6a1062d0e364356853001f5f39bdb542f453)
2004-05-27 08:13:58 +04:00
/*
lsa_CreateTrustedDomain
*/
r20850: Prefix all server calls with dcesrv_ (This used to be commit 76c78b0339cd88c61a13745f7f4e037f400db21b)
2007-01-17 17:49:36 +03:00
static NTSTATUS dcesrv_lsa_CreateTrustedDomain(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
r917: - added the start of a LSA server to samba4. - added start of QueryDomainInfo in samr server "net rpc info" from samba3 now works against a samba4 server. I suspect join will work fairly soon. (This used to be commit 0a2c6a1062d0e364356853001f5f39bdb542f453)
2004-05-27 08:13:58 +04:00
struct lsa_CreateTrustedDomain *r)
r4698: - Initial implementation of trusted domains in LSA. - Use templates for Secrets and the new trusted domains - Auto-add modifiedTime, createdTime and objectGUID to records in the samdb layer. Andrew Bartlett (This used to be commit 271c8faadfe2d9e0f3d523a1cdc831f5f9e35d19)
2005-01-12 05:40:25 +03:00
{
struct dcesrv_handle *policy_handle;
struct lsa_policy_state *policy_state;
struct lsa_trusted_domain_state *trusted_domain_state;
struct dcesrv_handle *handle;
struct ldb_message **msgs, *msg;
const char *attrs[] = {
NULL
};
const char *name;
int ret;
DCESRV_PULL_HANDLE(policy_handle, r->in.handle, LSA_HANDLE_POLICY);
ZERO_STRUCTP(r->out.trustdom_handle);
policy_state = policy_handle->data;
if (!r->in.info->name.string) {
return NT_STATUS_INVALID_PARAMETER;
}
name = r->in.info->name.string;
trusted_domain_state = talloc(mem_ctx, struct lsa_trusted_domain_state);
if (!trusted_domain_state) {
return NT_STATUS_NO_MEMORY;
}
trusted_domain_state->policy = policy_state;
msg = ldb_msg_new(mem_ctx);
if (msg == NULL) {
return NT_STATUS_NO_MEMORY;
}
/* search for the trusted_domain record */
r5988: Fix the -P option (use machine account credentials) to use the Samba4 secrets system, and not the old system from Samba3. This allowed the code from auth_domain to be shared - we now only lookup the secrets.ldb in lib/credentials.c. In order to link the resultant binary, samdb_search() has been moved from deep inside rpc_server into lib/gendb.c, along with the existing gendb_search_v(). The vast majority of this patch is the simple rename that followed, (Depending on the whole SAMDB for just this function seemed pointless, and brought in futher dependencies, such as smbencrypt.c). Andrew Bartlett (This used to be commit e13c671619bd290a8b3cae8555cb281a9a185ee0)
2005-03-23 04:30:43 +03:00
ret = gendb_search(trusted_domain_state->policy->sam_ldb,
r4698: - Initial implementation of trusted domains in LSA. - Use templates for Secrets and the new trusted domains - Auto-add modifiedTime, createdTime and objectGUID to records in the samdb layer. Andrew Bartlett (This used to be commit 271c8faadfe2d9e0f3d523a1cdc831f5f9e35d19)
2005-01-12 05:40:25 +03:00
mem_ctx, policy_state->system_dn, &msgs, attrs,
"(&(cn=%s)(objectclass=trustedDomain))",
r12361: Add a new function: ldb_binary_encode_string() This is for use on user-supplied arguments to printf style format strings which will become ldb filters. I have used it on LSA, SAMR and the auth/ code so far. Also add comments to cracknames code. Andrew Bartlett (This used to be commit 8308cf6e0472790c1c9d521d19322557907f4418)
2005-12-19 10:07:11 +03:00
ldb_binary_encode_string(mem_ctx, r->in.info->name.string));
r4698: - Initial implementation of trusted domains in LSA. - Use templates for Secrets and the new trusted domains - Auto-add modifiedTime, createdTime and objectGUID to records in the samdb layer. Andrew Bartlett (This used to be commit 271c8faadfe2d9e0f3d523a1cdc831f5f9e35d19)
2005-01-12 05:40:25 +03:00
if (ret > 0) {
return NT_STATUS_OBJECT_NAME_COLLISION;
}
if (ret < 0 || ret > 1) {
r9391: Convert all the code to use struct ldb_dn to ohandle ldap like distinguished names Provide more functions to handle DNs in this form (This used to be commit 692e35b7797e39533dd2a1c4b63d9da30f1eb5ba)
2005-08-18 19:02:01 +04:00
DEBUG(0,("Found %d records matching DN %s\n", ret,
r19832: better prototypes for the linearization functions: - ldb_dn_get_linearized returns a const string - ldb_dn_alloc_linearized allocs astring with the linearized dn (This used to be commit 3929c086d5d0b3f08b1c4f2f3f9602c3f4a9a4bd)
2006-11-22 05:05:19 +03:00
ldb_dn_get_linearized(policy_state->system_dn)));
r4698: - Initial implementation of trusted domains in LSA. - Use templates for Secrets and the new trusted domains - Auto-add modifiedTime, createdTime and objectGUID to records in the samdb layer. Andrew Bartlett (This used to be commit 271c8faadfe2d9e0f3d523a1cdc831f5f9e35d19)
2005-01-12 05:40:25 +03:00
return NT_STATUS_INTERNAL_DB_CORRUPTION;
}
r19831: Big ldb_dn optimization and interfaces enhancement patch This patch changes a lot of the code in ldb_dn.c, and also removes and add a number of manipulation functions around. The aim is to avoid validating a dn if not necessary as the validation code is necessarily slow. This is mainly to speed up internal operations where input is not user generated and so we can assume the DNs need no validation. The code is designed to keep the data as a string if possible. The code is not yet 100% perfect, but pass all the tests so far. A memleak is certainly present, I'll work on that next. Simo. (This used to be commit a580c871d3784602a9cce32d33419e63c8236e63)
2006-11-22 03:59:34 +03:00
msg->dn = ldb_dn_copy(mem_ctx, policy_state->system_dn);
r20354: Trusted domains don't have a surname, I think we want 'cn' here. Andrew Bartlett (This used to be commit 05debeaced7296762b293cc804a71abcfb096066)
2006-12-27 06:23:25 +03:00
if ( ! ldb_dn_add_child_fmt(msg->dn, "cn=%s", name)) {
r4698: - Initial implementation of trusted domains in LSA. - Use templates for Secrets and the new trusted domains - Auto-add modifiedTime, createdTime and objectGUID to records in the samdb layer. Andrew Bartlett (This used to be commit 271c8faadfe2d9e0f3d523a1cdc831f5f9e35d19)
2005-01-12 05:40:25 +03:00
return NT_STATUS_NO_MEMORY;
}
r5585: LDB interfaces change: changes: - ldb_wrap disappears from code and become a private structure of db_wrap.c thanks to our move to talloc in ldb code, we do not need to expose it anymore - removal of ldb_close() function form the code thanks to our move to talloc in ldb code, we do not need it anymore use talloc_free() to close and free an ldb database - some minor updates to ldb modules code to cope with the change and fix some bugs I found out during the process (This used to be commit d58be9e74b786a11a57e89df36081d55730dfe0a)
2005-02-27 14:35:47 +03:00
samdb_msg_add_string(trusted_domain_state->policy->sam_ldb, mem_ctx, msg, "flatname", name);
r4698: - Initial implementation of trusted domains in LSA. - Use templates for Secrets and the new trusted domains - Auto-add modifiedTime, createdTime and objectGUID to records in the samdb layer. Andrew Bartlett (This used to be commit 271c8faadfe2d9e0f3d523a1cdc831f5f9e35d19)
2005-01-12 05:40:25 +03:00
if (r->in.info->sid) {
const char *sid_string = dom_sid_string(mem_ctx, r->in.info->sid);
if (!sid_string) {
return NT_STATUS_NO_MEMORY;
}
r5585: LDB interfaces change: changes: - ldb_wrap disappears from code and become a private structure of db_wrap.c thanks to our move to talloc in ldb code, we do not need to expose it anymore - removal of ldb_close() function form the code thanks to our move to talloc in ldb code, we do not need it anymore use talloc_free() to close and free an ldb database - some minor updates to ldb modules code to cope with the change and fix some bugs I found out during the process (This used to be commit d58be9e74b786a11a57e89df36081d55730dfe0a)
2005-02-27 14:35:47 +03:00
samdb_msg_add_string(trusted_domain_state->policy->sam_ldb, mem_ctx, msg, "securityIdentifier", sid_string);
r4698: - Initial implementation of trusted domains in LSA. - Use templates for Secrets and the new trusted domains - Auto-add modifiedTime, createdTime and objectGUID to records in the samdb layer. Andrew Bartlett (This used to be commit 271c8faadfe2d9e0f3d523a1cdc831f5f9e35d19)
2005-01-12 05:40:25 +03:00
}
r5585: LDB interfaces change: changes: - ldb_wrap disappears from code and become a private structure of db_wrap.c thanks to our move to talloc in ldb code, we do not need to expose it anymore - removal of ldb_close() function form the code thanks to our move to talloc in ldb code, we do not need it anymore use talloc_free() to close and free an ldb database - some minor updates to ldb modules code to cope with the change and fix some bugs I found out during the process (This used to be commit d58be9e74b786a11a57e89df36081d55730dfe0a)
2005-02-27 14:35:47 +03:00
samdb_msg_add_string(trusted_domain_state->policy->sam_ldb, mem_ctx, msg, "objectClass", "trustedDomain");
r4698: - Initial implementation of trusted domains in LSA. - Use templates for Secrets and the new trusted domains - Auto-add modifiedTime, createdTime and objectGUID to records in the samdb layer. Andrew Bartlett (This used to be commit 271c8faadfe2d9e0f3d523a1cdc831f5f9e35d19)
2005-01-12 05:40:25 +03:00
trusted_domain_state->trusted_domain_dn = talloc_reference(trusted_domain_state, msg->dn);
/* create the trusted_domain */
r17956: LSA Cleanup! This commit cleans up a number of aspects of the LSA interface. Firstly, we do 2 simple searches on opening the LSA policy, to obtain the basic information we need. This also avoids us searching for dnsDomain (an invented attribute). While I was at it, I added and tested new LSA calls, including the enumTrustedDomainsEx call. I have also merged the identical structures lsa_DomainInformation and lsa_DomainList. Also in this commit: Fix netlogon use of uninitialised variables. Andrew Bartlett (This used to be commit 3f3fa7f466df56612064029143fbae8effb668aa)
2006-08-31 12:22:13 +04:00
ret = ldb_add(trusted_domain_state->policy->sam_ldb, msg);
if (ret != LDB_SUCCESS) {
DEBUG(0,("Failed to create trusted_domain record %s: %s\n",
r19832: better prototypes for the linearization functions: - ldb_dn_get_linearized returns a const string - ldb_dn_alloc_linearized allocs astring with the linearized dn (This used to be commit 3929c086d5d0b3f08b1c4f2f3f9602c3f4a9a4bd)
2006-11-22 05:05:19 +03:00
ldb_dn_get_linearized(msg->dn), ldb_errstring(trusted_domain_state->policy->sam_ldb)));
r4698: - Initial implementation of trusted domains in LSA. - Use templates for Secrets and the new trusted domains - Auto-add modifiedTime, createdTime and objectGUID to records in the samdb layer. Andrew Bartlett (This used to be commit 271c8faadfe2d9e0f3d523a1cdc831f5f9e35d19)
2005-01-12 05:40:25 +03:00
return NT_STATUS_INTERNAL_DB_CORRUPTION;
}
handle = dcesrv_handle_new(dce_call->context, LSA_HANDLE_TRUSTED_DOMAIN);
if (!handle) {
return NT_STATUS_NO_MEMORY;
}
handle->data = talloc_steal(handle, trusted_domain_state);
trusted_domain_state->access_mask = r->in.access_mask;
trusted_domain_state->policy = talloc_reference(trusted_domain_state, policy_state);
*r->out.trustdom_handle = handle->wire_handle;
return NT_STATUS_OK;
}
/*
lsa_OpenTrustedDomain
*/
r20850: Prefix all server calls with dcesrv_ (This used to be commit 76c78b0339cd88c61a13745f7f4e037f400db21b)
2007-01-17 17:49:36 +03:00
static NTSTATUS dcesrv_lsa_OpenTrustedDomain(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
r4698: - Initial implementation of trusted domains in LSA. - Use templates for Secrets and the new trusted domains - Auto-add modifiedTime, createdTime and objectGUID to records in the samdb layer. Andrew Bartlett (This used to be commit 271c8faadfe2d9e0f3d523a1cdc831f5f9e35d19)
2005-01-12 05:40:25 +03:00
struct lsa_OpenTrustedDomain *r)
{
struct dcesrv_handle *policy_handle;
struct lsa_policy_state *policy_state;
struct lsa_trusted_domain_state *trusted_domain_state;
struct dcesrv_handle *handle;
struct ldb_message **msgs;
const char *attrs[] = {
NULL
};
const char *sid_string;
int ret;
DCESRV_PULL_HANDLE(policy_handle, r->in.handle, LSA_HANDLE_POLICY);
ZERO_STRUCTP(r->out.trustdom_handle);
policy_state = policy_handle->data;
trusted_domain_state = talloc(mem_ctx, struct lsa_trusted_domain_state);
if (!trusted_domain_state) {
return NT_STATUS_NO_MEMORY;
}
trusted_domain_state->policy = policy_state;
sid_string = dom_sid_string(mem_ctx, r->in.sid);
if (!sid_string) {
return NT_STATUS_NO_MEMORY;
}
/* search for the trusted_domain record */
r5988: Fix the -P option (use machine account credentials) to use the Samba4 secrets system, and not the old system from Samba3. This allowed the code from auth_domain to be shared - we now only lookup the secrets.ldb in lib/credentials.c. In order to link the resultant binary, samdb_search() has been moved from deep inside rpc_server into lib/gendb.c, along with the existing gendb_search_v(). The vast majority of this patch is the simple rename that followed, (Depending on the whole SAMDB for just this function seemed pointless, and brought in futher dependencies, such as smbencrypt.c). Andrew Bartlett (This used to be commit e13c671619bd290a8b3cae8555cb281a9a185ee0)
2005-03-23 04:30:43 +03:00
ret = gendb_search(trusted_domain_state->policy->sam_ldb,
r4698: - Initial implementation of trusted domains in LSA. - Use templates for Secrets and the new trusted domains - Auto-add modifiedTime, createdTime and objectGUID to records in the samdb layer. Andrew Bartlett (This used to be commit 271c8faadfe2d9e0f3d523a1cdc831f5f9e35d19)
2005-01-12 05:40:25 +03:00
mem_ctx, policy_state->system_dn, &msgs, attrs,
"(&(securityIdentifier=%s)(objectclass=trustedDomain))",
sid_string);
if (ret == 0) {
return NT_STATUS_OBJECT_NAME_NOT_FOUND;
}
if (ret != 1) {
r9391: Convert all the code to use struct ldb_dn to ohandle ldap like distinguished names Provide more functions to handle DNs in this form (This used to be commit 692e35b7797e39533dd2a1c4b63d9da30f1eb5ba)
2005-08-18 19:02:01 +04:00
DEBUG(0,("Found %d records matching DN %s\n", ret,
r19832: better prototypes for the linearization functions: - ldb_dn_get_linearized returns a const string - ldb_dn_alloc_linearized allocs astring with the linearized dn (This used to be commit 3929c086d5d0b3f08b1c4f2f3f9602c3f4a9a4bd)
2006-11-22 05:05:19 +03:00
ldb_dn_get_linearized(policy_state->system_dn)));
r4698: - Initial implementation of trusted domains in LSA. - Use templates for Secrets and the new trusted domains - Auto-add modifiedTime, createdTime and objectGUID to records in the samdb layer. Andrew Bartlett (This used to be commit 271c8faadfe2d9e0f3d523a1cdc831f5f9e35d19)
2005-01-12 05:40:25 +03:00
return NT_STATUS_INTERNAL_DB_CORRUPTION;
}
trusted_domain_state->trusted_domain_dn = talloc_reference(trusted_domain_state, msgs[0]->dn);
handle = dcesrv_handle_new(dce_call->context, LSA_HANDLE_TRUSTED_DOMAIN);
if (!handle) {
return NT_STATUS_NO_MEMORY;
}
handle->data = talloc_steal(handle, trusted_domain_state);
trusted_domain_state->access_mask = r->in.access_mask;
trusted_domain_state->policy = talloc_reference(trusted_domain_state, policy_state);
*r->out.trustdom_handle = handle->wire_handle;
return NT_STATUS_OK;
}
/*
lsa_OpenTrustedDomainByName
*/
r20850: Prefix all server calls with dcesrv_ (This used to be commit 76c78b0339cd88c61a13745f7f4e037f400db21b)
2007-01-17 17:49:36 +03:00
static NTSTATUS dcesrv_lsa_OpenTrustedDomainByName(struct dcesrv_call_state *dce_call,
r4698: - Initial implementation of trusted domains in LSA. - Use templates for Secrets and the new trusted domains - Auto-add modifiedTime, createdTime and objectGUID to records in the samdb layer. Andrew Bartlett (This used to be commit 271c8faadfe2d9e0f3d523a1cdc831f5f9e35d19)
2005-01-12 05:40:25 +03:00
TALLOC_CTX *mem_ctx,
struct lsa_OpenTrustedDomainByName *r)
{
struct dcesrv_handle *policy_handle;
struct lsa_policy_state *policy_state;
struct lsa_trusted_domain_state *trusted_domain_state;
struct dcesrv_handle *handle;
struct ldb_message **msgs;
const char *attrs[] = {
NULL
};
int ret;
DCESRV_PULL_HANDLE(policy_handle, r->in.handle, LSA_HANDLE_POLICY);
ZERO_STRUCTP(r->out.trustdom_handle);
policy_state = policy_handle->data;
if (!r->in.name.string) {
return NT_STATUS_INVALID_PARAMETER;
}
trusted_domain_state = talloc(mem_ctx, struct lsa_trusted_domain_state);
if (!trusted_domain_state) {
return NT_STATUS_NO_MEMORY;
}
r4703: Add support for EnumTrustDomain, and expand the testsuite. Add my copyright to the SAMR server. Andrew Bartlett (This used to be commit 51e94fa26cc602ddca652776c213cd7096f9703a)
2005-01-12 10:57:33 +03:00
trusted_domain_state->policy = policy_state;
r4698: - Initial implementation of trusted domains in LSA. - Use templates for Secrets and the new trusted domains - Auto-add modifiedTime, createdTime and objectGUID to records in the samdb layer. Andrew Bartlett (This used to be commit 271c8faadfe2d9e0f3d523a1cdc831f5f9e35d19)
2005-01-12 05:40:25 +03:00
/* search for the trusted_domain record */
r5988: Fix the -P option (use machine account credentials) to use the Samba4 secrets system, and not the old system from Samba3. This allowed the code from auth_domain to be shared - we now only lookup the secrets.ldb in lib/credentials.c. In order to link the resultant binary, samdb_search() has been moved from deep inside rpc_server into lib/gendb.c, along with the existing gendb_search_v(). The vast majority of this patch is the simple rename that followed, (Depending on the whole SAMDB for just this function seemed pointless, and brought in futher dependencies, such as smbencrypt.c). Andrew Bartlett (This used to be commit e13c671619bd290a8b3cae8555cb281a9a185ee0)
2005-03-23 04:30:43 +03:00
ret = gendb_search(trusted_domain_state->policy->sam_ldb,
r4698: - Initial implementation of trusted domains in LSA. - Use templates for Secrets and the new trusted domains - Auto-add modifiedTime, createdTime and objectGUID to records in the samdb layer. Andrew Bartlett (This used to be commit 271c8faadfe2d9e0f3d523a1cdc831f5f9e35d19)
2005-01-12 05:40:25 +03:00
mem_ctx, policy_state->system_dn, &msgs, attrs,
r4703: Add support for EnumTrustDomain, and expand the testsuite. Add my copyright to the SAMR server. Andrew Bartlett (This used to be commit 51e94fa26cc602ddca652776c213cd7096f9703a)
2005-01-12 10:57:33 +03:00
"(&(flatname=%s)(objectclass=trustedDomain))",
r12361: Add a new function: ldb_binary_encode_string() This is for use on user-supplied arguments to printf style format strings which will become ldb filters. I have used it on LSA, SAMR and the auth/ code so far. Also add comments to cracknames code. Andrew Bartlett (This used to be commit 8308cf6e0472790c1c9d521d19322557907f4418)
2005-12-19 10:07:11 +03:00
ldb_binary_encode_string(mem_ctx, r->in.name.string));
r4698: - Initial implementation of trusted domains in LSA. - Use templates for Secrets and the new trusted domains - Auto-add modifiedTime, createdTime and objectGUID to records in the samdb layer. Andrew Bartlett (This used to be commit 271c8faadfe2d9e0f3d523a1cdc831f5f9e35d19)
2005-01-12 05:40:25 +03:00
if (ret == 0) {
return NT_STATUS_OBJECT_NAME_NOT_FOUND;
}
if (ret != 1) {
r9391: Convert all the code to use struct ldb_dn to ohandle ldap like distinguished names Provide more functions to handle DNs in this form (This used to be commit 692e35b7797e39533dd2a1c4b63d9da30f1eb5ba)
2005-08-18 19:02:01 +04:00
DEBUG(0,("Found %d records matching DN %s\n", ret,
r19832: better prototypes for the linearization functions: - ldb_dn_get_linearized returns a const string - ldb_dn_alloc_linearized allocs astring with the linearized dn (This used to be commit 3929c086d5d0b3f08b1c4f2f3f9602c3f4a9a4bd)
2006-11-22 05:05:19 +03:00
ldb_dn_get_linearized(policy_state->system_dn)));
r4698: - Initial implementation of trusted domains in LSA. - Use templates for Secrets and the new trusted domains - Auto-add modifiedTime, createdTime and objectGUID to records in the samdb layer. Andrew Bartlett (This used to be commit 271c8faadfe2d9e0f3d523a1cdc831f5f9e35d19)
2005-01-12 05:40:25 +03:00
return NT_STATUS_INTERNAL_DB_CORRUPTION;
}
trusted_domain_state->trusted_domain_dn = talloc_reference(trusted_domain_state, msgs[0]->dn);
handle = dcesrv_handle_new(dce_call->context, LSA_HANDLE_TRUSTED_DOMAIN);
if (!handle) {
return NT_STATUS_NO_MEMORY;
}
handle->data = talloc_steal(handle, trusted_domain_state);
trusted_domain_state->access_mask = r->in.access_mask;
trusted_domain_state->policy = talloc_reference(trusted_domain_state, policy_state);
*r->out.trustdom_handle = handle->wire_handle;
return NT_STATUS_OK;
}
r17956: LSA Cleanup! This commit cleans up a number of aspects of the LSA interface. Firstly, we do 2 simple searches on opening the LSA policy, to obtain the basic information we need. This also avoids us searching for dnsDomain (an invented attribute). While I was at it, I added and tested new LSA calls, including the enumTrustedDomainsEx call. I have also merged the identical structures lsa_DomainInformation and lsa_DomainList. Also in this commit: Fix netlogon use of uninitialised variables. Andrew Bartlett (This used to be commit 3f3fa7f466df56612064029143fbae8effb668aa)
2006-08-31 12:22:13 +04:00
r4698: - Initial implementation of trusted domains in LSA. - Use templates for Secrets and the new trusted domains - Auto-add modifiedTime, createdTime and objectGUID to records in the samdb layer. Andrew Bartlett (This used to be commit 271c8faadfe2d9e0f3d523a1cdc831f5f9e35d19)
2005-01-12 05:40:25 +03:00
/*
r17956: LSA Cleanup! This commit cleans up a number of aspects of the LSA interface. Firstly, we do 2 simple searches on opening the LSA policy, to obtain the basic information we need. This also avoids us searching for dnsDomain (an invented attribute). While I was at it, I added and tested new LSA calls, including the enumTrustedDomainsEx call. I have also merged the identical structures lsa_DomainInformation and lsa_DomainList. Also in this commit: Fix netlogon use of uninitialised variables. Andrew Bartlett (This used to be commit 3f3fa7f466df56612064029143fbae8effb668aa)
2006-08-31 12:22:13 +04:00
lsa_SetTrustedDomainInfo
r4698: - Initial implementation of trusted domains in LSA. - Use templates for Secrets and the new trusted domains - Auto-add modifiedTime, createdTime and objectGUID to records in the samdb layer. Andrew Bartlett (This used to be commit 271c8faadfe2d9e0f3d523a1cdc831f5f9e35d19)
2005-01-12 05:40:25 +03:00
*/
r20850: Prefix all server calls with dcesrv_ (This used to be commit 76c78b0339cd88c61a13745f7f4e037f400db21b)
2007-01-17 17:49:36 +03:00
static NTSTATUS dcesrv_lsa_SetTrustedDomainInfo(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
r17956: LSA Cleanup! This commit cleans up a number of aspects of the LSA interface. Firstly, we do 2 simple searches on opening the LSA policy, to obtain the basic information we need. This also avoids us searching for dnsDomain (an invented attribute). While I was at it, I added and tested new LSA calls, including the enumTrustedDomainsEx call. I have also merged the identical structures lsa_DomainInformation and lsa_DomainList. Also in this commit: Fix netlogon use of uninitialised variables. Andrew Bartlett (This used to be commit 3f3fa7f466df56612064029143fbae8effb668aa)
2006-08-31 12:22:13 +04:00
struct lsa_SetTrustedDomainInfo *r)
r4698: - Initial implementation of trusted domains in LSA. - Use templates for Secrets and the new trusted domains - Auto-add modifiedTime, createdTime and objectGUID to records in the samdb layer. Andrew Bartlett (This used to be commit 271c8faadfe2d9e0f3d523a1cdc831f5f9e35d19)
2005-01-12 05:40:25 +03:00
{
DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
}
r17956: LSA Cleanup! This commit cleans up a number of aspects of the LSA interface. Firstly, we do 2 simple searches on opening the LSA policy, to obtain the basic information we need. This also avoids us searching for dnsDomain (an invented attribute). While I was at it, I added and tested new LSA calls, including the enumTrustedDomainsEx call. I have also merged the identical structures lsa_DomainInformation and lsa_DomainList. Also in this commit: Fix netlogon use of uninitialised variables. Andrew Bartlett (This used to be commit 3f3fa7f466df56612064029143fbae8effb668aa)
2006-08-31 12:22:13 +04:00
r4698: - Initial implementation of trusted domains in LSA. - Use templates for Secrets and the new trusted domains - Auto-add modifiedTime, createdTime and objectGUID to records in the samdb layer. Andrew Bartlett (This used to be commit 271c8faadfe2d9e0f3d523a1cdc831f5f9e35d19)
2005-01-12 05:40:25 +03:00
/*
r17956: LSA Cleanup! This commit cleans up a number of aspects of the LSA interface. Firstly, we do 2 simple searches on opening the LSA policy, to obtain the basic information we need. This also avoids us searching for dnsDomain (an invented attribute). While I was at it, I added and tested new LSA calls, including the enumTrustedDomainsEx call. I have also merged the identical structures lsa_DomainInformation and lsa_DomainList. Also in this commit: Fix netlogon use of uninitialised variables. Andrew Bartlett (This used to be commit 3f3fa7f466df56612064029143fbae8effb668aa)
2006-08-31 12:22:13 +04:00
lsa_SetInfomrationTrustedDomain
r4698: - Initial implementation of trusted domains in LSA. - Use templates for Secrets and the new trusted domains - Auto-add modifiedTime, createdTime and objectGUID to records in the samdb layer. Andrew Bartlett (This used to be commit 271c8faadfe2d9e0f3d523a1cdc831f5f9e35d19)
2005-01-12 05:40:25 +03:00
*/
r20850: Prefix all server calls with dcesrv_ (This used to be commit 76c78b0339cd88c61a13745f7f4e037f400db21b)
2007-01-17 17:49:36 +03:00
static NTSTATUS dcesrv_lsa_SetInformationTrustedDomain(struct dcesrv_call_state *dce_call,
r17956: LSA Cleanup! This commit cleans up a number of aspects of the LSA interface. Firstly, we do 2 simple searches on opening the LSA policy, to obtain the basic information we need. This also avoids us searching for dnsDomain (an invented attribute). While I was at it, I added and tested new LSA calls, including the enumTrustedDomainsEx call. I have also merged the identical structures lsa_DomainInformation and lsa_DomainList. Also in this commit: Fix netlogon use of uninitialised variables. Andrew Bartlett (This used to be commit 3f3fa7f466df56612064029143fbae8effb668aa)
2006-08-31 12:22:13 +04:00
TALLOC_CTX *mem_ctx,
struct lsa_SetInformationTrustedDomain *r)
r4698: - Initial implementation of trusted domains in LSA. - Use templates for Secrets and the new trusted domains - Auto-add modifiedTime, createdTime and objectGUID to records in the samdb layer. Andrew Bartlett (This used to be commit 271c8faadfe2d9e0f3d523a1cdc831f5f9e35d19)
2005-01-12 05:40:25 +03:00
{
DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
}
/*
r17956: LSA Cleanup! This commit cleans up a number of aspects of the LSA interface. Firstly, we do 2 simple searches on opening the LSA policy, to obtain the basic information we need. This also avoids us searching for dnsDomain (an invented attribute). While I was at it, I added and tested new LSA calls, including the enumTrustedDomainsEx call. I have also merged the identical structures lsa_DomainInformation and lsa_DomainList. Also in this commit: Fix netlogon use of uninitialised variables. Andrew Bartlett (This used to be commit 3f3fa7f466df56612064029143fbae8effb668aa)
2006-08-31 12:22:13 +04:00
lsa_DeleteTrustedDomain
r4698: - Initial implementation of trusted domains in LSA. - Use templates for Secrets and the new trusted domains - Auto-add modifiedTime, createdTime and objectGUID to records in the samdb layer. Andrew Bartlett (This used to be commit 271c8faadfe2d9e0f3d523a1cdc831f5f9e35d19)
2005-01-12 05:40:25 +03:00
*/
r20850: Prefix all server calls with dcesrv_ (This used to be commit 76c78b0339cd88c61a13745f7f4e037f400db21b)
2007-01-17 17:49:36 +03:00
static NTSTATUS dcesrv_lsa_DeleteTrustedDomain(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
r17956: LSA Cleanup! This commit cleans up a number of aspects of the LSA interface. Firstly, we do 2 simple searches on opening the LSA policy, to obtain the basic information we need. This also avoids us searching for dnsDomain (an invented attribute). While I was at it, I added and tested new LSA calls, including the enumTrustedDomainsEx call. I have also merged the identical structures lsa_DomainInformation and lsa_DomainList. Also in this commit: Fix netlogon use of uninitialised variables. Andrew Bartlett (This used to be commit 3f3fa7f466df56612064029143fbae8effb668aa)
2006-08-31 12:22:13 +04:00
struct lsa_DeleteTrustedDomain *r)
r4698: - Initial implementation of trusted domains in LSA. - Use templates for Secrets and the new trusted domains - Auto-add modifiedTime, createdTime and objectGUID to records in the samdb layer. Andrew Bartlett (This used to be commit 271c8faadfe2d9e0f3d523a1cdc831f5f9e35d19)
2005-01-12 05:40:25 +03:00
{
r17956: LSA Cleanup! This commit cleans up a number of aspects of the LSA interface. Firstly, we do 2 simple searches on opening the LSA policy, to obtain the basic information we need. This also avoids us searching for dnsDomain (an invented attribute). While I was at it, I added and tested new LSA calls, including the enumTrustedDomainsEx call. I have also merged the identical structures lsa_DomainInformation and lsa_DomainList. Also in this commit: Fix netlogon use of uninitialised variables. Andrew Bartlett (This used to be commit 3f3fa7f466df56612064029143fbae8effb668aa)
2006-08-31 12:22:13 +04:00
NTSTATUS status;
struct lsa_OpenTrustedDomain open;
struct lsa_Delete delete;
struct dcesrv_handle *h;
open.in.handle = r->in.handle;
open.in.sid = r->in.dom_sid;
open.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
open.out.trustdom_handle = talloc(mem_ctx, struct policy_handle);
if (!open.out.trustdom_handle) {
return NT_STATUS_NO_MEMORY;
}
r20850: Prefix all server calls with dcesrv_ (This used to be commit 76c78b0339cd88c61a13745f7f4e037f400db21b)
2007-01-17 17:49:36 +03:00
status = dcesrv_lsa_OpenTrustedDomain(dce_call, mem_ctx, &open);
r17956: LSA Cleanup! This commit cleans up a number of aspects of the LSA interface. Firstly, we do 2 simple searches on opening the LSA policy, to obtain the basic information we need. This also avoids us searching for dnsDomain (an invented attribute). While I was at it, I added and tested new LSA calls, including the enumTrustedDomainsEx call. I have also merged the identical structures lsa_DomainInformation and lsa_DomainList. Also in this commit: Fix netlogon use of uninitialised variables. Andrew Bartlett (This used to be commit 3f3fa7f466df56612064029143fbae8effb668aa)
2006-08-31 12:22:13 +04:00
if (!NT_STATUS_IS_OK(status)) {
return status;
}
DCESRV_PULL_HANDLE(h, open.out.trustdom_handle, DCESRV_HANDLE_ANY);
talloc_steal(mem_ctx, h);
delete.in.handle = open.out.trustdom_handle;
r20850: Prefix all server calls with dcesrv_ (This used to be commit 76c78b0339cd88c61a13745f7f4e037f400db21b)
2007-01-17 17:49:36 +03:00
status = dcesrv_lsa_Delete(dce_call, mem_ctx, &delete);
r17956: LSA Cleanup! This commit cleans up a number of aspects of the LSA interface. Firstly, we do 2 simple searches on opening the LSA policy, to obtain the basic information we need. This also avoids us searching for dnsDomain (an invented attribute). While I was at it, I added and tested new LSA calls, including the enumTrustedDomainsEx call. I have also merged the identical structures lsa_DomainInformation and lsa_DomainList. Also in this commit: Fix netlogon use of uninitialised variables. Andrew Bartlett (This used to be commit 3f3fa7f466df56612064029143fbae8effb668aa)
2006-08-31 12:22:13 +04:00
if (!NT_STATUS_IS_OK(status)) {
return status;
}
return NT_STATUS_OK;
r4698: - Initial implementation of trusted domains in LSA. - Use templates for Secrets and the new trusted domains - Auto-add modifiedTime, createdTime and objectGUID to records in the samdb layer. Andrew Bartlett (This used to be commit 271c8faadfe2d9e0f3d523a1cdc831f5f9e35d19)
2005-01-12 05:40:25 +03:00
}
r17956: LSA Cleanup! This commit cleans up a number of aspects of the LSA interface. Firstly, we do 2 simple searches on opening the LSA policy, to obtain the basic information we need. This also avoids us searching for dnsDomain (an invented attribute). While I was at it, I added and tested new LSA calls, including the enumTrustedDomainsEx call. I have also merged the identical structures lsa_DomainInformation and lsa_DomainList. Also in this commit: Fix netlogon use of uninitialised variables. Andrew Bartlett (This used to be commit 3f3fa7f466df56612064029143fbae8effb668aa)
2006-08-31 12:22:13 +04:00
static NTSTATUS fill_trust_domain_ex(TALLOC_CTX *mem_ctx,
struct ldb_message *msg,
struct lsa_TrustDomainInfoInfoEx *info_ex)
{
info_ex->domain_name.string
= ldb_msg_find_attr_as_string(msg, "trustPartner", NULL);
info_ex->netbios_name.string
= ldb_msg_find_attr_as_string(msg, "flatname", NULL);
info_ex->sid
= samdb_result_dom_sid(mem_ctx, msg, "securityIdentifier");
info_ex->trust_direction
= ldb_msg_find_attr_as_int(msg, "trustDirection", 0);
info_ex->trust_type
= ldb_msg_find_attr_as_int(msg, "trustType", 0);
info_ex->trust_attributes
= ldb_msg_find_attr_as_int(msg, "trustAttributes", 0);
return NT_STATUS_OK;
}
r4698: - Initial implementation of trusted domains in LSA. - Use templates for Secrets and the new trusted domains - Auto-add modifiedTime, createdTime and objectGUID to records in the samdb layer. Andrew Bartlett (This used to be commit 271c8faadfe2d9e0f3d523a1cdc831f5f9e35d19)
2005-01-12 05:40:25 +03:00
/*
lsa_QueryTrustedDomainInfo
*/
r20850: Prefix all server calls with dcesrv_ (This used to be commit 76c78b0339cd88c61a13745f7f4e037f400db21b)
2007-01-17 17:49:36 +03:00
static NTSTATUS dcesrv_lsa_QueryTrustedDomainInfo(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
r4713: Add initial support for QueryTrustedDomainInfo on LSA. (more info levels to come) Andrew Bartlett (This used to be commit 175ae7599ee06d8856ffb8912c7fe4e68ebe5feb)
2005-01-12 14:54:11 +03:00
struct lsa_QueryTrustedDomainInfo *r)
r4698: - Initial implementation of trusted domains in LSA. - Use templates for Secrets and the new trusted domains - Auto-add modifiedTime, createdTime and objectGUID to records in the samdb layer. Andrew Bartlett (This used to be commit 271c8faadfe2d9e0f3d523a1cdc831f5f9e35d19)
2005-01-12 05:40:25 +03:00
{
r4713: Add initial support for QueryTrustedDomainInfo on LSA. (more info levels to come) Andrew Bartlett (This used to be commit 175ae7599ee06d8856ffb8912c7fe4e68ebe5feb)
2005-01-12 14:54:11 +03:00
struct dcesrv_handle *h;
struct lsa_trusted_domain_state *trusted_domain_state;
struct ldb_message *msg;
int ret;
struct ldb_message **res;
const char *attrs[] = {
r17956: LSA Cleanup! This commit cleans up a number of aspects of the LSA interface. Firstly, we do 2 simple searches on opening the LSA policy, to obtain the basic information we need. This also avoids us searching for dnsDomain (an invented attribute). While I was at it, I added and tested new LSA calls, including the enumTrustedDomainsEx call. I have also merged the identical structures lsa_DomainInformation and lsa_DomainList. Also in this commit: Fix netlogon use of uninitialised variables. Andrew Bartlett (This used to be commit 3f3fa7f466df56612064029143fbae8effb668aa)
2006-08-31 12:22:13 +04:00
"flatname",
"trustPartner",
r4713: Add initial support for QueryTrustedDomainInfo on LSA. (more info levels to come) Andrew Bartlett (This used to be commit 175ae7599ee06d8856ffb8912c7fe4e68ebe5feb)
2005-01-12 14:54:11 +03:00
"securityIdentifier",
r17956: LSA Cleanup! This commit cleans up a number of aspects of the LSA interface. Firstly, we do 2 simple searches on opening the LSA policy, to obtain the basic information we need. This also avoids us searching for dnsDomain (an invented attribute). While I was at it, I added and tested new LSA calls, including the enumTrustedDomainsEx call. I have also merged the identical structures lsa_DomainInformation and lsa_DomainList. Also in this commit: Fix netlogon use of uninitialised variables. Andrew Bartlett (This used to be commit 3f3fa7f466df56612064029143fbae8effb668aa)
2006-08-31 12:22:13 +04:00
"trustDirection",
"trustType",
"trustAttributes",
r4713: Add initial support for QueryTrustedDomainInfo on LSA. (more info levels to come) Andrew Bartlett (This used to be commit 175ae7599ee06d8856ffb8912c7fe4e68ebe5feb)
2005-01-12 14:54:11 +03:00
NULL
};
DCESRV_PULL_HANDLE(h, r->in.trustdom_handle, LSA_HANDLE_TRUSTED_DOMAIN);
trusted_domain_state = h->data;
/* pull all the user attributes */
r7582: Better way to have a fast path searching for a specific DN. Old way was ugly and had a bug, you couldn't add an attribute named dn or distinguishedName and search for it, tdb would change that search in a dn search. This makes it also possible to search by dn against an ldap server as the old method was not supported by ldap syntaxes. sss (This used to be commit a614466dec2484a0d39bdfae53da822cfcf80926)
2005-06-14 23:15:17 +04:00
ret = gendb_search_dn(trusted_domain_state->policy->sam_ldb, mem_ctx,
trusted_domain_state->trusted_domain_dn, &res, attrs);
r4713: Add initial support for QueryTrustedDomainInfo on LSA. (more info levels to come) Andrew Bartlett (This used to be commit 175ae7599ee06d8856ffb8912c7fe4e68ebe5feb)
2005-01-12 14:54:11 +03:00
if (ret != 1) {
return NT_STATUS_INTERNAL_DB_CORRUPTION;
}
msg = res[0];
r->out.info = talloc(mem_ctx, union lsa_TrustedDomainInfo);
if (!r->out.info) {
return NT_STATUS_NO_MEMORY;
}
switch (r->in.level) {
case LSA_TRUSTED_DOMAIN_INFO_NAME:
r->out.info->name.netbios_name.string
= samdb_result_string(msg, "flatname", NULL);
break;
case LSA_TRUSTED_DOMAIN_INFO_POSIX_OFFSET:
r->out.info->posix_offset.posix_offset
= samdb_result_uint(msg, "posixOffset", 0);
break;
r17956: LSA Cleanup! This commit cleans up a number of aspects of the LSA interface. Firstly, we do 2 simple searches on opening the LSA policy, to obtain the basic information we need. This also avoids us searching for dnsDomain (an invented attribute). While I was at it, I added and tested new LSA calls, including the enumTrustedDomainsEx call. I have also merged the identical structures lsa_DomainInformation and lsa_DomainList. Also in this commit: Fix netlogon use of uninitialised variables. Andrew Bartlett (This used to be commit 3f3fa7f466df56612064029143fbae8effb668aa)
2006-08-31 12:22:13 +04:00
#if 0 /* Win2k3 doesn't implement this */
case LSA_TRUSTED_DOMAIN_INFO_BASIC:
r->out.info->info_basic.netbios_name.string
= ldb_msg_find_attr_as_string(msg, "flatname", NULL);
r->out.info->info_basic.sid
= samdb_result_dom_sid(mem_ctx, msg, "securityIdentifier");
break;
#endif
case LSA_TRUSTED_DOMAIN_INFO_INFO_EX:
return fill_trust_domain_ex(mem_ctx, msg, &r->out.info->info_ex);
case LSA_TRUSTED_DOMAIN_INFO_FULL_INFO:
ZERO_STRUCT(r->out.info->full_info);
return fill_trust_domain_ex(mem_ctx, msg, &r->out.info->full_info.info_ex);
case LSA_TRUSTED_DOMAIN_INFO_INFO_ALL:
ZERO_STRUCT(r->out.info->info_all);
return fill_trust_domain_ex(mem_ctx, msg, &r->out.info->info_all.info_ex);
case LSA_TRUSTED_DOMAIN_INFO_CONTROLLERS_INFO:
case LSA_TRUSTED_DOMAIN_INFO_11:
/* oops, we don't want to return the info after all */
talloc_free(r->out.info);
r->out.info = NULL;
return NT_STATUS_INVALID_PARAMETER;
r4713: Add initial support for QueryTrustedDomainInfo on LSA. (more info levels to come) Andrew Bartlett (This used to be commit 175ae7599ee06d8856ffb8912c7fe4e68ebe5feb)
2005-01-12 14:54:11 +03:00
default:
/* oops, we don't want to return the info after all */
talloc_free(r->out.info);
r->out.info = NULL;
return NT_STATUS_INVALID_INFO_CLASS;
}
return NT_STATUS_OK;
r4698: - Initial implementation of trusted domains in LSA. - Use templates for Secrets and the new trusted domains - Auto-add modifiedTime, createdTime and objectGUID to records in the samdb layer. Andrew Bartlett (This used to be commit 271c8faadfe2d9e0f3d523a1cdc831f5f9e35d19)
2005-01-12 05:40:25 +03:00
}
/*
r17956: LSA Cleanup! This commit cleans up a number of aspects of the LSA interface. Firstly, we do 2 simple searches on opening the LSA policy, to obtain the basic information we need. This also avoids us searching for dnsDomain (an invented attribute). While I was at it, I added and tested new LSA calls, including the enumTrustedDomainsEx call. I have also merged the identical structures lsa_DomainInformation and lsa_DomainList. Also in this commit: Fix netlogon use of uninitialised variables. Andrew Bartlett (This used to be commit 3f3fa7f466df56612064029143fbae8effb668aa)
2006-08-31 12:22:13 +04:00
lsa_QueryTrustedDomainInfoBySid
r4698: - Initial implementation of trusted domains in LSA. - Use templates for Secrets and the new trusted domains - Auto-add modifiedTime, createdTime and objectGUID to records in the samdb layer. Andrew Bartlett (This used to be commit 271c8faadfe2d9e0f3d523a1cdc831f5f9e35d19)
2005-01-12 05:40:25 +03:00
*/
r20850: Prefix all server calls with dcesrv_ (This used to be commit 76c78b0339cd88c61a13745f7f4e037f400db21b)
2007-01-17 17:49:36 +03:00
static NTSTATUS dcesrv_lsa_QueryTrustedDomainInfoBySid(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
r17956: LSA Cleanup! This commit cleans up a number of aspects of the LSA interface. Firstly, we do 2 simple searches on opening the LSA policy, to obtain the basic information we need. This also avoids us searching for dnsDomain (an invented attribute). While I was at it, I added and tested new LSA calls, including the enumTrustedDomainsEx call. I have also merged the identical structures lsa_DomainInformation and lsa_DomainList. Also in this commit: Fix netlogon use of uninitialised variables. Andrew Bartlett (This used to be commit 3f3fa7f466df56612064029143fbae8effb668aa)
2006-08-31 12:22:13 +04:00
struct lsa_QueryTrustedDomainInfoBySid *r)
r4698: - Initial implementation of trusted domains in LSA. - Use templates for Secrets and the new trusted domains - Auto-add modifiedTime, createdTime and objectGUID to records in the samdb layer. Andrew Bartlett (This used to be commit 271c8faadfe2d9e0f3d523a1cdc831f5f9e35d19)
2005-01-12 05:40:25 +03:00
{
r17956: LSA Cleanup! This commit cleans up a number of aspects of the LSA interface. Firstly, we do 2 simple searches on opening the LSA policy, to obtain the basic information we need. This also avoids us searching for dnsDomain (an invented attribute). While I was at it, I added and tested new LSA calls, including the enumTrustedDomainsEx call. I have also merged the identical structures lsa_DomainInformation and lsa_DomainList. Also in this commit: Fix netlogon use of uninitialised variables. Andrew Bartlett (This used to be commit 3f3fa7f466df56612064029143fbae8effb668aa)
2006-08-31 12:22:13 +04:00
NTSTATUS status;
struct lsa_OpenTrustedDomain open;
struct lsa_QueryTrustedDomainInfo query;
struct dcesrv_handle *h;
open.in.handle = r->in.handle;
open.in.sid = r->in.dom_sid;
open.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
open.out.trustdom_handle = talloc(mem_ctx, struct policy_handle);
if (!open.out.trustdom_handle) {
return NT_STATUS_NO_MEMORY;
}
r20850: Prefix all server calls with dcesrv_ (This used to be commit 76c78b0339cd88c61a13745f7f4e037f400db21b)
2007-01-17 17:49:36 +03:00
status = dcesrv_lsa_OpenTrustedDomain(dce_call, mem_ctx, &open);
r17956: LSA Cleanup! This commit cleans up a number of aspects of the LSA interface. Firstly, we do 2 simple searches on opening the LSA policy, to obtain the basic information we need. This also avoids us searching for dnsDomain (an invented attribute). While I was at it, I added and tested new LSA calls, including the enumTrustedDomainsEx call. I have also merged the identical structures lsa_DomainInformation and lsa_DomainList. Also in this commit: Fix netlogon use of uninitialised variables. Andrew Bartlett (This used to be commit 3f3fa7f466df56612064029143fbae8effb668aa)
2006-08-31 12:22:13 +04:00
if (!NT_STATUS_IS_OK(status)) {
return status;
}
r4698: - Initial implementation of trusted domains in LSA. - Use templates for Secrets and the new trusted domains - Auto-add modifiedTime, createdTime and objectGUID to records in the samdb layer. Andrew Bartlett (This used to be commit 271c8faadfe2d9e0f3d523a1cdc831f5f9e35d19)
2005-01-12 05:40:25 +03:00
r17956: LSA Cleanup! This commit cleans up a number of aspects of the LSA interface. Firstly, we do 2 simple searches on opening the LSA policy, to obtain the basic information we need. This also avoids us searching for dnsDomain (an invented attribute). While I was at it, I added and tested new LSA calls, including the enumTrustedDomainsEx call. I have also merged the identical structures lsa_DomainInformation and lsa_DomainList. Also in this commit: Fix netlogon use of uninitialised variables. Andrew Bartlett (This used to be commit 3f3fa7f466df56612064029143fbae8effb668aa)
2006-08-31 12:22:13 +04:00
/* Ensure this handle goes away at the end of this call */
DCESRV_PULL_HANDLE(h, open.out.trustdom_handle, DCESRV_HANDLE_ANY);
talloc_steal(mem_ctx, h);
query.in.trustdom_handle = open.out.trustdom_handle;
query.in.level = r->in.level;
r20850: Prefix all server calls with dcesrv_ (This used to be commit 76c78b0339cd88c61a13745f7f4e037f400db21b)
2007-01-17 17:49:36 +03:00
status = dcesrv_lsa_QueryTrustedDomainInfo(dce_call, mem_ctx, &query);
r17956: LSA Cleanup! This commit cleans up a number of aspects of the LSA interface. Firstly, we do 2 simple searches on opening the LSA policy, to obtain the basic information we need. This also avoids us searching for dnsDomain (an invented attribute). While I was at it, I added and tested new LSA calls, including the enumTrustedDomainsEx call. I have also merged the identical structures lsa_DomainInformation and lsa_DomainList. Also in this commit: Fix netlogon use of uninitialised variables. Andrew Bartlett (This used to be commit 3f3fa7f466df56612064029143fbae8effb668aa)
2006-08-31 12:22:13 +04:00
if (!NT_STATUS_IS_OK(status)) {
return status;
}
r->out.info = query.out.info;
return NT_STATUS_OK;
r4698: - Initial implementation of trusted domains in LSA. - Use templates for Secrets and the new trusted domains - Auto-add modifiedTime, createdTime and objectGUID to records in the samdb layer. Andrew Bartlett (This used to be commit 271c8faadfe2d9e0f3d523a1cdc831f5f9e35d19)
2005-01-12 05:40:25 +03:00
}
/*
lsa_SetTrustedDomainInfoByName
*/
r20850: Prefix all server calls with dcesrv_ (This used to be commit 76c78b0339cd88c61a13745f7f4e037f400db21b)
2007-01-17 17:49:36 +03:00
static NTSTATUS dcesrv_lsa_SetTrustedDomainInfoByName(struct dcesrv_call_state *dce_call,
r4698: - Initial implementation of trusted domains in LSA. - Use templates for Secrets and the new trusted domains - Auto-add modifiedTime, createdTime and objectGUID to records in the samdb layer. Andrew Bartlett (This used to be commit 271c8faadfe2d9e0f3d523a1cdc831f5f9e35d19)
2005-01-12 05:40:25 +03:00
TALLOC_CTX *mem_ctx,
struct lsa_SetTrustedDomainInfoByName *r)
{
DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
}
r17956: LSA Cleanup! This commit cleans up a number of aspects of the LSA interface. Firstly, we do 2 simple searches on opening the LSA policy, to obtain the basic information we need. This also avoids us searching for dnsDomain (an invented attribute). While I was at it, I added and tested new LSA calls, including the enumTrustedDomainsEx call. I have also merged the identical structures lsa_DomainInformation and lsa_DomainList. Also in this commit: Fix netlogon use of uninitialised variables. Andrew Bartlett (This used to be commit 3f3fa7f466df56612064029143fbae8effb668aa)
2006-08-31 12:22:13 +04:00
/*
lsa_QueryTrustedDomainInfoByName
r4698: - Initial implementation of trusted domains in LSA. - Use templates for Secrets and the new trusted domains - Auto-add modifiedTime, createdTime and objectGUID to records in the samdb layer. Andrew Bartlett (This used to be commit 271c8faadfe2d9e0f3d523a1cdc831f5f9e35d19)
2005-01-12 05:40:25 +03:00
*/
r20850: Prefix all server calls with dcesrv_ (This used to be commit 76c78b0339cd88c61a13745f7f4e037f400db21b)
2007-01-17 17:49:36 +03:00
static NTSTATUS dcesrv_lsa_QueryTrustedDomainInfoByName(struct dcesrv_call_state *dce_call,
r17956: LSA Cleanup! This commit cleans up a number of aspects of the LSA interface. Firstly, we do 2 simple searches on opening the LSA policy, to obtain the basic information we need. This also avoids us searching for dnsDomain (an invented attribute). While I was at it, I added and tested new LSA calls, including the enumTrustedDomainsEx call. I have also merged the identical structures lsa_DomainInformation and lsa_DomainList. Also in this commit: Fix netlogon use of uninitialised variables. Andrew Bartlett (This used to be commit 3f3fa7f466df56612064029143fbae8effb668aa)
2006-08-31 12:22:13 +04:00
TALLOC_CTX *mem_ctx,
struct lsa_QueryTrustedDomainInfoByName *r)
r4698: - Initial implementation of trusted domains in LSA. - Use templates for Secrets and the new trusted domains - Auto-add modifiedTime, createdTime and objectGUID to records in the samdb layer. Andrew Bartlett (This used to be commit 271c8faadfe2d9e0f3d523a1cdc831f5f9e35d19)
2005-01-12 05:40:25 +03:00
{
r17956: LSA Cleanup! This commit cleans up a number of aspects of the LSA interface. Firstly, we do 2 simple searches on opening the LSA policy, to obtain the basic information we need. This also avoids us searching for dnsDomain (an invented attribute). While I was at it, I added and tested new LSA calls, including the enumTrustedDomainsEx call. I have also merged the identical structures lsa_DomainInformation and lsa_DomainList. Also in this commit: Fix netlogon use of uninitialised variables. Andrew Bartlett (This used to be commit 3f3fa7f466df56612064029143fbae8effb668aa)
2006-08-31 12:22:13 +04:00
NTSTATUS status;
struct lsa_OpenTrustedDomainByName open;
struct lsa_QueryTrustedDomainInfo query;
struct dcesrv_handle *h;
open.in.handle = r->in.handle;
open.in.name = r->in.trusted_domain;
open.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
open.out.trustdom_handle = talloc(mem_ctx, struct policy_handle);
if (!open.out.trustdom_handle) {
return NT_STATUS_NO_MEMORY;
}
r20850: Prefix all server calls with dcesrv_ (This used to be commit 76c78b0339cd88c61a13745f7f4e037f400db21b)
2007-01-17 17:49:36 +03:00
status = dcesrv_lsa_OpenTrustedDomainByName(dce_call, mem_ctx, &open);
r17956: LSA Cleanup! This commit cleans up a number of aspects of the LSA interface. Firstly, we do 2 simple searches on opening the LSA policy, to obtain the basic information we need. This also avoids us searching for dnsDomain (an invented attribute). While I was at it, I added and tested new LSA calls, including the enumTrustedDomainsEx call. I have also merged the identical structures lsa_DomainInformation and lsa_DomainList. Also in this commit: Fix netlogon use of uninitialised variables. Andrew Bartlett (This used to be commit 3f3fa7f466df56612064029143fbae8effb668aa)
2006-08-31 12:22:13 +04:00
if (!NT_STATUS_IS_OK(status)) {
return status;
}
/* Ensure this handle goes away at the end of this call */
DCESRV_PULL_HANDLE(h, open.out.trustdom_handle, DCESRV_HANDLE_ANY);
talloc_steal(mem_ctx, h);
query.in.trustdom_handle = open.out.trustdom_handle;
query.in.level = r->in.level;
r20850: Prefix all server calls with dcesrv_ (This used to be commit 76c78b0339cd88c61a13745f7f4e037f400db21b)
2007-01-17 17:49:36 +03:00
status = dcesrv_lsa_QueryTrustedDomainInfo(dce_call, mem_ctx, &query);
r17956: LSA Cleanup! This commit cleans up a number of aspects of the LSA interface. Firstly, we do 2 simple searches on opening the LSA policy, to obtain the basic information we need. This also avoids us searching for dnsDomain (an invented attribute). While I was at it, I added and tested new LSA calls, including the enumTrustedDomainsEx call. I have also merged the identical structures lsa_DomainInformation and lsa_DomainList. Also in this commit: Fix netlogon use of uninitialised variables. Andrew Bartlett (This used to be commit 3f3fa7f466df56612064029143fbae8effb668aa)
2006-08-31 12:22:13 +04:00
if (!NT_STATUS_IS_OK(status)) {
return status;
}
r->out.info = query.out.info;
return NT_STATUS_OK;
r4698: - Initial implementation of trusted domains in LSA. - Use templates for Secrets and the new trusted domains - Auto-add modifiedTime, createdTime and objectGUID to records in the samdb layer. Andrew Bartlett (This used to be commit 271c8faadfe2d9e0f3d523a1cdc831f5f9e35d19)
2005-01-12 05:40:25 +03:00
}
/*
r17956: LSA Cleanup! This commit cleans up a number of aspects of the LSA interface. Firstly, we do 2 simple searches on opening the LSA policy, to obtain the basic information we need. This also avoids us searching for dnsDomain (an invented attribute). While I was at it, I added and tested new LSA calls, including the enumTrustedDomainsEx call. I have also merged the identical structures lsa_DomainInformation and lsa_DomainList. Also in this commit: Fix netlogon use of uninitialised variables. Andrew Bartlett (This used to be commit 3f3fa7f466df56612064029143fbae8effb668aa)
2006-08-31 12:22:13 +04:00
lsa_CloseTrustedDomainEx
r4698: - Initial implementation of trusted domains in LSA. - Use templates for Secrets and the new trusted domains - Auto-add modifiedTime, createdTime and objectGUID to records in the samdb layer. Andrew Bartlett (This used to be commit 271c8faadfe2d9e0f3d523a1cdc831f5f9e35d19)
2005-01-12 05:40:25 +03:00
*/
r20850: Prefix all server calls with dcesrv_ (This used to be commit 76c78b0339cd88c61a13745f7f4e037f400db21b)
2007-01-17 17:49:36 +03:00
static NTSTATUS dcesrv_lsa_CloseTrustedDomainEx(struct dcesrv_call_state *dce_call,
r4698: - Initial implementation of trusted domains in LSA. - Use templates for Secrets and the new trusted domains - Auto-add modifiedTime, createdTime and objectGUID to records in the samdb layer. Andrew Bartlett (This used to be commit 271c8faadfe2d9e0f3d523a1cdc831f5f9e35d19)
2005-01-12 05:40:25 +03:00
TALLOC_CTX *mem_ctx,
struct lsa_CloseTrustedDomainEx *r)
r917: - added the start of a LSA server to samba4. - added start of QueryDomainInfo in samr server "net rpc info" from samba3 now works against a samba4 server. I suspect join will work fairly soon. (This used to be commit 0a2c6a1062d0e364356853001f5f39bdb542f453)
2004-05-27 08:13:58 +04:00
{
r17956: LSA Cleanup! This commit cleans up a number of aspects of the LSA interface. Firstly, we do 2 simple searches on opening the LSA policy, to obtain the basic information we need. This also avoids us searching for dnsDomain (an invented attribute). While I was at it, I added and tested new LSA calls, including the enumTrustedDomainsEx call. I have also merged the identical structures lsa_DomainInformation and lsa_DomainList. Also in this commit: Fix netlogon use of uninitialised variables. Andrew Bartlett (This used to be commit 3f3fa7f466df56612064029143fbae8effb668aa)
2006-08-31 12:22:13 +04:00
/* The result of a bad hair day from an IDL programmer? Not
* implmented in Win2k3. You should always just lsa_Close
* anyway. */
return NT_STATUS_NOT_IMPLEMENTED;
r917: - added the start of a LSA server to samba4. - added start of QueryDomainInfo in samr server "net rpc info" from samba3 now works against a samba4 server. I suspect join will work fairly soon. (This used to be commit 0a2c6a1062d0e364356853001f5f39bdb542f453)
2004-05-27 08:13:58 +04:00
}
r4703: Add support for EnumTrustDomain, and expand the testsuite. Add my copyright to the SAMR server. Andrew Bartlett (This used to be commit 51e94fa26cc602ddca652776c213cd7096f9703a)
2005-01-12 10:57:33 +03:00
/*
comparison function for sorting lsa_DomainInformation array
*/
r17956: LSA Cleanup! This commit cleans up a number of aspects of the LSA interface. Firstly, we do 2 simple searches on opening the LSA policy, to obtain the basic information we need. This also avoids us searching for dnsDomain (an invented attribute). While I was at it, I added and tested new LSA calls, including the enumTrustedDomainsEx call. I have also merged the identical structures lsa_DomainInformation and lsa_DomainList. Also in this commit: Fix netlogon use of uninitialised variables. Andrew Bartlett (This used to be commit 3f3fa7f466df56612064029143fbae8effb668aa)
2006-08-31 12:22:13 +04:00
static int compare_DomainInfo(struct lsa_DomainInfo *e1, struct lsa_DomainInfo *e2)
r4703: Add support for EnumTrustDomain, and expand the testsuite. Add my copyright to the SAMR server. Andrew Bartlett (This used to be commit 51e94fa26cc602ddca652776c213cd7096f9703a)
2005-01-12 10:57:33 +03:00
{
r17983: Use the UTF8-correct strcasecmp_m call for sorting these entries, which has been recently fixed to cope with NULL pointers (fix segfault on Solaris). Andrew Bartlett (This used to be commit ce36069765e8dff3bbdabed5d50af1c7a8fa8e45)
2006-09-01 08:37:31 +04:00
return strcasecmp_m(e1->name.string, e2->name.string);
r4703: Add support for EnumTrustDomain, and expand the testsuite. Add my copyright to the SAMR server. Andrew Bartlett (This used to be commit 51e94fa26cc602ddca652776c213cd7096f9703a)
2005-01-12 10:57:33 +03:00
}
r917: - added the start of a LSA server to samba4. - added start of QueryDomainInfo in samr server "net rpc info" from samba3 now works against a samba4 server. I suspect join will work fairly soon. (This used to be commit 0a2c6a1062d0e364356853001f5f39bdb542f453)
2004-05-27 08:13:58 +04:00
/*
lsa_EnumTrustDom
*/
r20850: Prefix all server calls with dcesrv_ (This used to be commit 76c78b0339cd88c61a13745f7f4e037f400db21b)
2007-01-17 17:49:36 +03:00
static NTSTATUS dcesrv_lsa_EnumTrustDom(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
r4703: Add support for EnumTrustDomain, and expand the testsuite. Add my copyright to the SAMR server. Andrew Bartlett (This used to be commit 51e94fa26cc602ddca652776c213cd7096f9703a)
2005-01-12 10:57:33 +03:00
struct lsa_EnumTrustDom *r)
r917: - added the start of a LSA server to samba4. - added start of QueryDomainInfo in samr server "net rpc info" from samba3 now works against a samba4 server. I suspect join will work fairly soon. (This used to be commit 0a2c6a1062d0e364356853001f5f39bdb542f453)
2004-05-27 08:13:58 +04:00
{
r4703: Add support for EnumTrustDomain, and expand the testsuite. Add my copyright to the SAMR server. Andrew Bartlett (This used to be commit 51e94fa26cc602ddca652776c213cd7096f9703a)
2005-01-12 10:57:33 +03:00
struct dcesrv_handle *policy_handle;
r17956: LSA Cleanup! This commit cleans up a number of aspects of the LSA interface. Firstly, we do 2 simple searches on opening the LSA policy, to obtain the basic information we need. This also avoids us searching for dnsDomain (an invented attribute). While I was at it, I added and tested new LSA calls, including the enumTrustedDomainsEx call. I have also merged the identical structures lsa_DomainInformation and lsa_DomainList. Also in this commit: Fix netlogon use of uninitialised variables. Andrew Bartlett (This used to be commit 3f3fa7f466df56612064029143fbae8effb668aa)
2006-08-31 12:22:13 +04:00
struct lsa_DomainInfo *entries;
r4703: Add support for EnumTrustDomain, and expand the testsuite. Add my copyright to the SAMR server. Andrew Bartlett (This used to be commit 51e94fa26cc602ddca652776c213cd7096f9703a)
2005-01-12 10:57:33 +03:00
struct lsa_policy_state *policy_state;
struct ldb_message **domains;
const char *attrs[] = {
"flatname",
"securityIdentifier",
NULL
};
int count, i;
*r->out.resume_handle = 0;
r->out.domains->domains = NULL;
r->out.domains->count = 0;
DCESRV_PULL_HANDLE(policy_handle, r->in.handle, LSA_HANDLE_POLICY);
policy_state = policy_handle->data;
/* search for all users in this domain. This could possibly be cached and
resumed based on resume_key */
r5988: Fix the -P option (use machine account credentials) to use the Samba4 secrets system, and not the old system from Samba3. This allowed the code from auth_domain to be shared - we now only lookup the secrets.ldb in lib/credentials.c. In order to link the resultant binary, samdb_search() has been moved from deep inside rpc_server into lib/gendb.c, along with the existing gendb_search_v(). The vast majority of this patch is the simple rename that followed, (Depending on the whole SAMDB for just this function seemed pointless, and brought in futher dependencies, such as smbencrypt.c). Andrew Bartlett (This used to be commit e13c671619bd290a8b3cae8555cb281a9a185ee0)
2005-03-23 04:30:43 +03:00
count = gendb_search(policy_state->sam_ldb, mem_ctx, policy_state->system_dn, &domains, attrs,
r4703: Add support for EnumTrustDomain, and expand the testsuite. Add my copyright to the SAMR server. Andrew Bartlett (This used to be commit 51e94fa26cc602ddca652776c213cd7096f9703a)
2005-01-12 10:57:33 +03:00
"objectclass=trustedDomain");
if (count == -1) {
return NT_STATUS_INTERNAL_DB_CORRUPTION;
}
if (count == 0 || r->in.max_size == 0) {
return NT_STATUS_OK;
}
r17956: LSA Cleanup! This commit cleans up a number of aspects of the LSA interface. Firstly, we do 2 simple searches on opening the LSA policy, to obtain the basic information we need. This also avoids us searching for dnsDomain (an invented attribute). While I was at it, I added and tested new LSA calls, including the enumTrustedDomainsEx call. I have also merged the identical structures lsa_DomainInformation and lsa_DomainList. Also in this commit: Fix netlogon use of uninitialised variables. Andrew Bartlett (This used to be commit 3f3fa7f466df56612064029143fbae8effb668aa)
2006-08-31 12:22:13 +04:00
/* convert to lsa_TrustInformation format */
entries = talloc_array(mem_ctx, struct lsa_DomainInfo, count);
r4703: Add support for EnumTrustDomain, and expand the testsuite. Add my copyright to the SAMR server. Andrew Bartlett (This used to be commit 51e94fa26cc602ddca652776c213cd7096f9703a)
2005-01-12 10:57:33 +03:00
if (!entries) {
return NT_STATUS_NO_MEMORY;
}
for (i=0;i<count;i++) {
entries[i].sid = samdb_result_dom_sid(mem_ctx, domains[i], "securityIdentifier");
entries[i].name.string = samdb_result_string(domains[i], "flatname", NULL);
}
/* sort the results by name */
r17956: LSA Cleanup! This commit cleans up a number of aspects of the LSA interface. Firstly, we do 2 simple searches on opening the LSA policy, to obtain the basic information we need. This also avoids us searching for dnsDomain (an invented attribute). While I was at it, I added and tested new LSA calls, including the enumTrustedDomainsEx call. I have also merged the identical structures lsa_DomainInformation and lsa_DomainList. Also in this commit: Fix netlogon use of uninitialised variables. Andrew Bartlett (This used to be commit 3f3fa7f466df56612064029143fbae8effb668aa)
2006-08-31 12:22:13 +04:00
qsort(entries, count, sizeof(*entries),
(comparison_fn_t)compare_DomainInfo);
r4703: Add support for EnumTrustDomain, and expand the testsuite. Add my copyright to the SAMR server. Andrew Bartlett (This used to be commit 51e94fa26cc602ddca652776c213cd7096f9703a)
2005-01-12 10:57:33 +03:00
if (*r->in.resume_handle >= count) {
*r->out.resume_handle = -1;
return NT_STATUS_NO_MORE_ENTRIES;
}
/* return the rest, limit by max_size. Note that we
use the w2k3 element size value of 60 */
r->out.domains->count = count - *r->in.resume_handle;
r->out.domains->count = MIN(r->out.domains->count,
1+(r->in.max_size/LSA_ENUM_TRUST_DOMAIN_MULTIPLIER));
r->out.domains->domains = entries + *r->in.resume_handle;
r->out.domains->count = r->out.domains->count;
if (r->out.domains->count < count - *r->in.resume_handle) {
*r->out.resume_handle = *r->in.resume_handle + r->out.domains->count;
return STATUS_MORE_ENTRIES;
}
return NT_STATUS_OK;
r917: - added the start of a LSA server to samba4. - added start of QueryDomainInfo in samr server "net rpc info" from samba3 now works against a samba4 server. I suspect join will work fairly soon. (This used to be commit 0a2c6a1062d0e364356853001f5f39bdb542f453)
2004-05-27 08:13:58 +04:00
}
r17956: LSA Cleanup! This commit cleans up a number of aspects of the LSA interface. Firstly, we do 2 simple searches on opening the LSA policy, to obtain the basic information we need. This also avoids us searching for dnsDomain (an invented attribute). While I was at it, I added and tested new LSA calls, including the enumTrustedDomainsEx call. I have also merged the identical structures lsa_DomainInformation and lsa_DomainList. Also in this commit: Fix netlogon use of uninitialised variables. Andrew Bartlett (This used to be commit 3f3fa7f466df56612064029143fbae8effb668aa)
2006-08-31 12:22:13 +04:00
/*
comparison function for sorting lsa_DomainInformation array
*/
static int compare_TrustDomainInfoInfoEx(struct lsa_TrustDomainInfoInfoEx *e1, struct lsa_TrustDomainInfoInfoEx *e2)
{
r17983: Use the UTF8-correct strcasecmp_m call for sorting these entries, which has been recently fixed to cope with NULL pointers (fix segfault on Solaris). Andrew Bartlett (This used to be commit ce36069765e8dff3bbdabed5d50af1c7a8fa8e45)
2006-09-01 08:37:31 +04:00
return strcasecmp_m(e1->netbios_name.string, e2->netbios_name.string);
r17956: LSA Cleanup! This commit cleans up a number of aspects of the LSA interface. Firstly, we do 2 simple searches on opening the LSA policy, to obtain the basic information we need. This also avoids us searching for dnsDomain (an invented attribute). While I was at it, I added and tested new LSA calls, including the enumTrustedDomainsEx call. I have also merged the identical structures lsa_DomainInformation and lsa_DomainList. Also in this commit: Fix netlogon use of uninitialised variables. Andrew Bartlett (This used to be commit 3f3fa7f466df56612064029143fbae8effb668aa)
2006-08-31 12:22:13 +04:00
}
/*
lsa_EnumTrustedDomainsEx
*/
r20850: Prefix all server calls with dcesrv_ (This used to be commit 76c78b0339cd88c61a13745f7f4e037f400db21b)
2007-01-17 17:49:36 +03:00
static NTSTATUS dcesrv_lsa_EnumTrustedDomainsEx(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
r17956: LSA Cleanup! This commit cleans up a number of aspects of the LSA interface. Firstly, we do 2 simple searches on opening the LSA policy, to obtain the basic information we need. This also avoids us searching for dnsDomain (an invented attribute). While I was at it, I added and tested new LSA calls, including the enumTrustedDomainsEx call. I have also merged the identical structures lsa_DomainInformation and lsa_DomainList. Also in this commit: Fix netlogon use of uninitialised variables. Andrew Bartlett (This used to be commit 3f3fa7f466df56612064029143fbae8effb668aa)
2006-08-31 12:22:13 +04:00
struct lsa_EnumTrustedDomainsEx *r)
{
struct dcesrv_handle *policy_handle;
struct lsa_TrustDomainInfoInfoEx *entries;
struct lsa_policy_state *policy_state;
struct ldb_message **domains;
const char *attrs[] = {
"flatname",
"trustPartner",
"securityIdentifier",
"trustDirection",
"trustType",
"trustAttributes",
NULL
};
NTSTATUS nt_status;
int count, i;
*r->out.resume_handle = 0;
r->out.domains->domains = NULL;
r->out.domains->count = 0;
DCESRV_PULL_HANDLE(policy_handle, r->in.handle, LSA_HANDLE_POLICY);
policy_state = policy_handle->data;
/* search for all users in this domain. This could possibly be cached and
resumed based on resume_key */
count = gendb_search(policy_state->sam_ldb, mem_ctx, policy_state->system_dn, &domains, attrs,
"objectclass=trustedDomain");
if (count == -1) {
return NT_STATUS_INTERNAL_DB_CORRUPTION;
}
if (count == 0 || r->in.max_size == 0) {
return NT_STATUS_OK;
}
/* convert to lsa_DomainInformation format */
entries = talloc_array(mem_ctx, struct lsa_TrustDomainInfoInfoEx, count);
if (!entries) {
return NT_STATUS_NO_MEMORY;
}
for (i=0;i<count;i++) {
nt_status = fill_trust_domain_ex(mem_ctx, domains[i], &entries[i]);
if (!NT_STATUS_IS_OK(nt_status)) {
return nt_status;
}
}
/* sort the results by name */
qsort(entries, count, sizeof(*entries),
(comparison_fn_t)compare_TrustDomainInfoInfoEx);
if (*r->in.resume_handle >= count) {
*r->out.resume_handle = -1;
return NT_STATUS_NO_MORE_ENTRIES;
}
/* return the rest, limit by max_size. Note that we
use the w2k3 element size value of 60 */
r->out.domains->count = count - *r->in.resume_handle;
r->out.domains->count = MIN(r->out.domains->count,
1+(r->in.max_size/LSA_ENUM_TRUST_DOMAIN_EX_MULTIPLIER));
r->out.domains->domains = entries + *r->in.resume_handle;
r->out.domains->count = r->out.domains->count;
if (r->out.domains->count < count - *r->in.resume_handle) {
*r->out.resume_handle = *r->in.resume_handle + r->out.domains->count;
return STATUS_MORE_ENTRIES;
}
return NT_STATUS_OK;
}
r917: - added the start of a LSA server to samba4. - added start of QueryDomainInfo in samr server "net rpc info" from samba3 now works against a samba4 server. I suspect join will work fairly soon. (This used to be commit 0a2c6a1062d0e364356853001f5f39bdb542f453)
2004-05-27 08:13:58 +04:00
r3979: added server side code for lsa_LookupSids2() and fixed authority_name return code to include our own domain. editing of ACLs via the w2k3 GUI works nicely (and faster) with these changes (This used to be commit a3f7f34b3965ddbd89b06334e03d2e1bb6aa364b)
2004-11-26 15:30:39 +03:00
/*
return the authority name and authority sid, given a sid
r917: - added the start of a LSA server to samba4. - added start of QueryDomainInfo in samr server "net rpc info" from samba3 now works against a samba4 server. I suspect join will work fairly soon. (This used to be commit 0a2c6a1062d0e364356853001f5f39bdb542f453)
2004-05-27 08:13:58 +04:00
*/
r20850: Prefix all server calls with dcesrv_ (This used to be commit 76c78b0339cd88c61a13745f7f4e037f400db21b)
2007-01-17 17:49:36 +03:00
static NTSTATUS dcesrv_lsa_authority_name(struct lsa_policy_state *state,
r3979: added server side code for lsa_LookupSids2() and fixed authority_name return code to include our own domain. editing of ACLs via the w2k3 GUI works nicely (and faster) with these changes (This used to be commit a3f7f34b3965ddbd89b06334e03d2e1bb6aa364b)
2004-11-26 15:30:39 +03:00
TALLOC_CTX *mem_ctx, struct dom_sid *sid,
const char **authority_name,
struct dom_sid **authority_sid)
{
if (dom_sid_in_domain(state->domain_sid, sid)) {
*authority_name = state->domain_name;
*authority_sid = state->domain_sid;
return NT_STATUS_OK;
}
r3994: - removed the unused reference count code in lsa server - fixed the sid_index field in lsa LookupSids and LookupNames (This used to be commit 677f701e71609d82376b1ea2fa9ebc3521896671)
2004-11-29 09:19:50 +03:00
if (dom_sid_in_domain(state->builtin_sid, sid)) {
*authority_name = "BUILTIN";
*authority_sid = state->builtin_sid;
return NT_STATUS_OK;
}
r3979: added server side code for lsa_LookupSids2() and fixed authority_name return code to include our own domain. editing of ACLs via the w2k3 GUI works nicely (and faster) with these changes (This used to be commit a3f7f34b3965ddbd89b06334e03d2e1bb6aa364b)
2004-11-26 15:30:39 +03:00
*authority_sid = dom_sid_dup(mem_ctx, sid);
if (*authority_sid == NULL) {
return NT_STATUS_NO_MEMORY;
}
(*authority_sid)->num_auths = 0;
*authority_name = dom_sid_string(mem_ctx, *authority_sid);
if (*authority_name == NULL) {
return NT_STATUS_NO_MEMORY;
}
return NT_STATUS_OK;
}
r3992: provide hooks for lsa to lookup sids allocated using the linear id->sid mapping (This used to be commit e61140510905b6bbe57ad35dad8e4dd68d1f6bd8)
2004-11-29 07:24:50 +03:00
/*
add to the lsa_RefDomainList for LookupSids and LookupNames
*/
r20850: Prefix all server calls with dcesrv_ (This used to be commit 76c78b0339cd88c61a13745f7f4e037f400db21b)
2007-01-17 17:49:36 +03:00
static NTSTATUS dcesrv_lsa_authority_list(struct lsa_policy_state *state, TALLOC_CTX *mem_ctx,
r3980: added server side support for lsa_LookupNames() and lsa_LookupNames2() (This used to be commit da12780bd98e566af13fe97ce5e84fe829a0fbd5)
2004-11-26 16:02:58 +03:00
struct dom_sid *sid,
r3994: - removed the unused reference count code in lsa server - fixed the sid_index field in lsa LookupSids and LookupNames (This used to be commit 677f701e71609d82376b1ea2fa9ebc3521896671)
2004-11-29 09:19:50 +03:00
struct lsa_RefDomainList *domains,
uint32_t *sid_index)
r3980: added server side support for lsa_LookupNames() and lsa_LookupNames2() (This used to be commit da12780bd98e566af13fe97ce5e84fe829a0fbd5)
2004-11-26 16:02:58 +03:00
{
NTSTATUS status;
const char *authority_name;
struct dom_sid *authority_sid;
int i;
/* work out the authority name */
r20850: Prefix all server calls with dcesrv_ (This used to be commit 76c78b0339cd88c61a13745f7f4e037f400db21b)
2007-01-17 17:49:36 +03:00
status = dcesrv_lsa_authority_name(state, mem_ctx, sid,
r3980: added server side support for lsa_LookupNames() and lsa_LookupNames2() (This used to be commit da12780bd98e566af13fe97ce5e84fe829a0fbd5)
2004-11-26 16:02:58 +03:00
&authority_name, &authority_sid);
if (!NT_STATUS_IS_OK(status)) {
return status;
}
/* see if we've already done this authority name */
for (i=0;i<domains->count;i++) {
if (strcmp(authority_name, domains->domains[i].name.string) == 0) {
r3994: - removed the unused reference count code in lsa server - fixed the sid_index field in lsa LookupSids and LookupNames (This used to be commit 677f701e71609d82376b1ea2fa9ebc3521896671)
2004-11-29 09:19:50 +03:00
*sid_index = i;
return NT_STATUS_OK;
r3980: added server side support for lsa_LookupNames() and lsa_LookupNames2() (This used to be commit da12780bd98e566af13fe97ce5e84fe829a0fbd5)
2004-11-26 16:02:58 +03:00
}
}
r3994: - removed the unused reference count code in lsa server - fixed the sid_index field in lsa LookupSids and LookupNames (This used to be commit 677f701e71609d82376b1ea2fa9ebc3521896671)
2004-11-29 09:19:50 +03:00
r5037: got rid of all of the TALLOC_DEPRECATED stuff. My apologies for the large commit. I thought this was worthwhile to get done for consistency. (This used to be commit ec32b22ed5ec224f6324f5e069d15e92e38e15c0)
2005-01-27 10:08:20 +03:00
domains->domains = talloc_realloc(domains,
r9930: Use a single samdb_base_dn() function rather than lots of silly searches all over the place. This can be extended to cover an NT4 (no ADS) mode in future as well. Andrew Bartlett (This used to be commit 0761b22f99a128bd9634a191adc88b0e30982a3a)
2005-09-02 03:26:50 +04:00
domains->domains,
r17956: LSA Cleanup! This commit cleans up a number of aspects of the LSA interface. Firstly, we do 2 simple searches on opening the LSA policy, to obtain the basic information we need. This also avoids us searching for dnsDomain (an invented attribute). While I was at it, I added and tested new LSA calls, including the enumTrustedDomainsEx call. I have also merged the identical structures lsa_DomainInformation and lsa_DomainList. Also in this commit: Fix netlogon use of uninitialised variables. Andrew Bartlett (This used to be commit 3f3fa7f466df56612064029143fbae8effb668aa)
2006-08-31 12:22:13 +04:00
struct lsa_DomainInfo,
r9930: Use a single samdb_base_dn() function rather than lots of silly searches all over the place. This can be extended to cover an NT4 (no ADS) mode in future as well. Andrew Bartlett (This used to be commit 0761b22f99a128bd9634a191adc88b0e30982a3a)
2005-09-02 03:26:50 +04:00
domains->count+1);
r3994: - removed the unused reference count code in lsa server - fixed the sid_index field in lsa LookupSids and LookupNames (This used to be commit 677f701e71609d82376b1ea2fa9ebc3521896671)
2004-11-29 09:19:50 +03:00
if (domains->domains == NULL) {
return NT_STATUS_NO_MEMORY;
r3980: added server side support for lsa_LookupNames() and lsa_LookupNames2() (This used to be commit da12780bd98e566af13fe97ce5e84fe829a0fbd5)
2004-11-26 16:02:58 +03:00
}
r3994: - removed the unused reference count code in lsa server - fixed the sid_index field in lsa LookupSids and LookupNames (This used to be commit 677f701e71609d82376b1ea2fa9ebc3521896671)
2004-11-29 09:19:50 +03:00
domains->domains[i].name.string = authority_name;
domains->domains[i].sid = authority_sid;
domains->count++;
r17956: LSA Cleanup! This commit cleans up a number of aspects of the LSA interface. Firstly, we do 2 simple searches on opening the LSA policy, to obtain the basic information we need. This also avoids us searching for dnsDomain (an invented attribute). While I was at it, I added and tested new LSA calls, including the enumTrustedDomainsEx call. I have also merged the identical structures lsa_DomainInformation and lsa_DomainList. Also in this commit: Fix netlogon use of uninitialised variables. Andrew Bartlett (This used to be commit 3f3fa7f466df56612064029143fbae8effb668aa)
2006-08-31 12:22:13 +04:00
domains->max_size = LSA_REF_DOMAIN_LIST_MULTIPLIER * domains->count;
r3994: - removed the unused reference count code in lsa server - fixed the sid_index field in lsa LookupSids and LookupNames (This used to be commit 677f701e71609d82376b1ea2fa9ebc3521896671)
2004-11-29 09:19:50 +03:00
*sid_index = i;
r3980: added server side support for lsa_LookupNames() and lsa_LookupNames2() (This used to be commit da12780bd98e566af13fe97ce5e84fe829a0fbd5)
2004-11-26 16:02:58 +03:00
return NT_STATUS_OK;
}
r3992: provide hooks for lsa to lookup sids allocated using the linear id->sid mapping (This used to be commit e61140510905b6bbe57ad35dad8e4dd68d1f6bd8)
2004-11-29 07:24:50 +03:00
/*
lookup a name for 1 SID
*/
r20850: Prefix all server calls with dcesrv_ (This used to be commit 76c78b0339cd88c61a13745f7f4e037f400db21b)
2007-01-17 17:49:36 +03:00
static NTSTATUS dcesrv_lsa_lookup_sid(struct lsa_policy_state *state, TALLOC_CTX *mem_ctx,
r3992: provide hooks for lsa to lookup sids allocated using the linear id->sid mapping (This used to be commit e61140510905b6bbe57ad35dad8e4dd68d1f6bd8)
2004-11-29 07:24:50 +03:00
struct dom_sid *sid, const char *sid_str,
const char **name, uint32_t *atype)
{
int ret;
struct ldb_message **res;
r4323: - implement the lsa_GetUserName() server call - give lsa_lookup_sid() a chance with foreign SIDS returning NT_STATUS_NO_MEMORY makes no sense here as the ldb_msg_find_string() doesn't allocate the string metze (This used to be commit b43f34e87354c82a3392a0ba99b38b4c7185e47c)
2004-12-21 15:22:57 +03:00
const char * const attrs[] = { "sAMAccountName", "sAMAccountType", "name", NULL};
r3992: provide hooks for lsa to lookup sids allocated using the linear id->sid mapping (This used to be commit e61140510905b6bbe57ad35dad8e4dd68d1f6bd8)
2004-11-29 07:24:50 +03:00
NTSTATUS status;
r5988: Fix the -P option (use machine account credentials) to use the Samba4 secrets system, and not the old system from Samba3. This allowed the code from auth_domain to be shared - we now only lookup the secrets.ldb in lib/credentials.c. In order to link the resultant binary, samdb_search() has been moved from deep inside rpc_server into lib/gendb.c, along with the existing gendb_search_v(). The vast majority of this patch is the simple rename that followed, (Depending on the whole SAMDB for just this function seemed pointless, and brought in futher dependencies, such as smbencrypt.c). Andrew Bartlett (This used to be commit e13c671619bd290a8b3cae8555cb281a9a185ee0)
2005-03-23 04:30:43 +03:00
ret = gendb_search(state->sam_ldb, mem_ctx, NULL, &res, attrs,
r7860: switch our ldb storage format to use a NDR encoded objectSid. This is quite a large change as we had lots of code that assumed that objectSid was a string in S- format. metze and simo tried to convince me to use NDR format months ago, but I didn't listen, so its fair that I have the pain of fixing all the code now :-) This builds on the ldb_register_samba_handlers() and ldif handlers code I did earlier this week. There are still three parts of this conversion I have not finished: - the ltdb index records need to use the string form of the objectSid (to keep the DNs sane). Until that it done I have disabled indexing on objectSid, which is a big performance hit, but allows us to pass all our tests while I rejig the indexing system to use a externally supplied conversion function - I haven't yet put in place the code that allows client to use the "S-xxx-yyy" form for objectSid in ldap search expressions. w2k3 supports this, presumably by looking for the "S-" prefix to determine what type of objectSid form is being used by the client. I have been working on ways to handle this, but am not happy with them yet so they aren't part of this patch - I need to change pidl to generate push functions that take a "const void *" instead of a "void*" for the data pointer. That will fix the couple of new warnings this code generates. Luckily it many places the conversion to NDR formatted records actually simplified the code, as it means we no longer need as many calls to dom_sid_parse_talloc(). In some places it got more complex, but not many. (This used to be commit d40bc2fa8ddd43560315688eebdbe98bdd02756c)
2005-06-24 04:18:20 +04:00
"objectSid=%s", ldap_encode_ndr_dom_sid(mem_ctx, sid));
r3992: provide hooks for lsa to lookup sids allocated using the linear id->sid mapping (This used to be commit e61140510905b6bbe57ad35dad8e4dd68d1f6bd8)
2004-11-29 07:24:50 +03:00
if (ret == 1) {
r17516: Change helper function names to make more clear what they are meant to do (This used to be commit ad75cf869550af66119d0293503024d41d834e02)
2006-08-13 12:00:36 +04:00
*name = ldb_msg_find_attr_as_string(res[0], "sAMAccountName", NULL);
r4323: - implement the lsa_GetUserName() server call - give lsa_lookup_sid() a chance with foreign SIDS returning NT_STATUS_NO_MEMORY makes no sense here as the ldb_msg_find_string() doesn't allocate the string metze (This used to be commit b43f34e87354c82a3392a0ba99b38b4c7185e47c)
2004-12-21 15:22:57 +03:00
if (!*name) {
r17516: Change helper function names to make more clear what they are meant to do (This used to be commit ad75cf869550af66119d0293503024d41d834e02)
2006-08-13 12:00:36 +04:00
*name = ldb_msg_find_attr_as_string(res[0], "name", NULL);
r4323: - implement the lsa_GetUserName() server call - give lsa_lookup_sid() a chance with foreign SIDS returning NT_STATUS_NO_MEMORY makes no sense here as the ldb_msg_find_string() doesn't allocate the string metze (This used to be commit b43f34e87354c82a3392a0ba99b38b4c7185e47c)
2004-12-21 15:22:57 +03:00
if (!*name) {
*name = talloc_strdup(mem_ctx, sid_str);
r15319: remove unneeded macros metze (This used to be commit 9611c8aa9ce0eba1703d5eecc52e67a9e5fba15f)
2006-04-29 15:48:56 +04:00
NT_STATUS_HAVE_NO_MEMORY(*name);
r4323: - implement the lsa_GetUserName() server call - give lsa_lookup_sid() a chance with foreign SIDS returning NT_STATUS_NO_MEMORY makes no sense here as the ldb_msg_find_string() doesn't allocate the string metze (This used to be commit b43f34e87354c82a3392a0ba99b38b4c7185e47c)
2004-12-21 15:22:57 +03:00
}
r3992: provide hooks for lsa to lookup sids allocated using the linear id->sid mapping (This used to be commit e61140510905b6bbe57ad35dad8e4dd68d1f6bd8)
2004-11-29 07:24:50 +03:00
}
r4323: - implement the lsa_GetUserName() server call - give lsa_lookup_sid() a chance with foreign SIDS returning NT_STATUS_NO_MEMORY makes no sense here as the ldb_msg_find_string() doesn't allocate the string metze (This used to be commit b43f34e87354c82a3392a0ba99b38b4c7185e47c)
2004-12-21 15:22:57 +03:00
r3992: provide hooks for lsa to lookup sids allocated using the linear id->sid mapping (This used to be commit e61140510905b6bbe57ad35dad8e4dd68d1f6bd8)
2004-11-29 07:24:50 +03:00
*atype = samdb_result_uint(res[0], "sAMAccountType", 0);
return NT_STATUS_OK;
}
status = sidmap_allocated_sid_lookup(state->sidmap, mem_ctx, sid, name, atype);
return status;
}
r3980: added server side support for lsa_LookupNames() and lsa_LookupNames2() (This used to be commit da12780bd98e566af13fe97ce5e84fe829a0fbd5)
2004-11-26 16:02:58 +03:00
r3979: added server side code for lsa_LookupSids2() and fixed authority_name return code to include our own domain. editing of ACLs via the w2k3 GUI works nicely (and faster) with these changes (This used to be commit a3f7f34b3965ddbd89b06334e03d2e1bb6aa364b)
2004-11-26 15:30:39 +03:00
/*
r18361: Invert the way we handle LookupSids2/LookupSids3 and LookupNames3/LookupNames4 The latter calls don't supply a policy handle The latter calls now acquire a policy handle, then call the earlier calls. This means we still share the codepaths, but don't need to fetch policy state when it is already provided. Andrew Bartlett (This used to be commit 5fa9e96bd0d1f75e208be9a8a04dfc90a854bee9)
2006-09-11 09:11:10 +04:00
lsa_LookupSids2
r3979: added server side code for lsa_LookupSids2() and fixed authority_name return code to include our own domain. editing of ACLs via the w2k3 GUI works nicely (and faster) with these changes (This used to be commit a3f7f34b3965ddbd89b06334e03d2e1bb6aa364b)
2004-11-26 15:30:39 +03:00
*/
r20850: Prefix all server calls with dcesrv_ (This used to be commit 76c78b0339cd88c61a13745f7f4e037f400db21b)
2007-01-17 17:49:36 +03:00
static NTSTATUS dcesrv_lsa_LookupSids2(struct dcesrv_call_state *dce_call,
r3979: added server side code for lsa_LookupSids2() and fixed authority_name return code to include our own domain. editing of ACLs via the w2k3 GUI works nicely (and faster) with these changes (This used to be commit a3f7f34b3965ddbd89b06334e03d2e1bb6aa364b)
2004-11-26 15:30:39 +03:00
TALLOC_CTX *mem_ctx,
r18361: Invert the way we handle LookupSids2/LookupSids3 and LookupNames3/LookupNames4 The latter calls don't supply a policy handle The latter calls now acquire a policy handle, then call the earlier calls. This means we still share the codepaths, but don't need to fetch policy state when it is already provided. Andrew Bartlett (This used to be commit 5fa9e96bd0d1f75e208be9a8a04dfc90a854bee9)
2006-09-11 09:11:10 +04:00
struct lsa_LookupSids2 *r)
r917: - added the start of a LSA server to samba4. - added start of QueryDomainInfo in samr server "net rpc info" from samba3 now works against a samba4 server. I suspect join will work fairly soon. (This used to be commit 0a2c6a1062d0e364356853001f5f39bdb542f453)
2004-05-27 08:13:58 +04:00
{
r3837: added support for LsaLookupSids in the LSA rpc server. This allows the GUI ACL editor on w2k to correctly display names instead of SIDs. (This used to be commit fdaa753578c7b80806d4040ed131f87ddbf988e0)
2004-11-18 08:17:24 +03:00
struct lsa_policy_state *state;
int i;
NTSTATUS status = NT_STATUS_OK;
r->out.domains = NULL;
r20850: Prefix all server calls with dcesrv_ (This used to be commit 76c78b0339cd88c61a13745f7f4e037f400db21b)
2007-01-17 17:49:36 +03:00
status = dcesrv_lsa_get_policy_state(dce_call, mem_ctx, &state);
r4447: implement server side of lsa_LookupSids3() and lsa_LookupNames3() (This used to be commit e535f84504b07a912c2f5dd6eca4c9893c1843db)
2004-12-31 11:54:59 +03:00
if (!NT_STATUS_IS_OK(status)) {
return status;
}
r3837: added support for LsaLookupSids in the LSA rpc server. This allows the GUI ACL editor on w2k to correctly display names instead of SIDs. (This used to be commit fdaa753578c7b80806d4040ed131f87ddbf988e0)
2004-11-18 08:17:24 +03:00
r5037: got rid of all of the TALLOC_DEPRECATED stuff. My apologies for the large commit. I thought this was worthwhile to get done for consistency. (This used to be commit ec32b22ed5ec224f6324f5e069d15e92e38e15c0)
2005-01-27 10:08:20 +03:00
r->out.domains = talloc_zero(mem_ctx, struct lsa_RefDomainList);
r3837: added support for LsaLookupSids in the LSA rpc server. This allows the GUI ACL editor on w2k to correctly display names instead of SIDs. (This used to be commit fdaa753578c7b80806d4040ed131f87ddbf988e0)
2004-11-18 08:17:24 +03:00
if (r->out.domains == NULL) {
return NT_STATUS_NO_MEMORY;
}
r5037: got rid of all of the TALLOC_DEPRECATED stuff. My apologies for the large commit. I thought this was worthwhile to get done for consistency. (This used to be commit ec32b22ed5ec224f6324f5e069d15e92e38e15c0)
2005-01-27 10:08:20 +03:00
r->out.names = talloc_zero(mem_ctx, struct lsa_TransNameArray2);
r3980: added server side support for lsa_LookupNames() and lsa_LookupNames2() (This used to be commit da12780bd98e566af13fe97ce5e84fe829a0fbd5)
2004-11-26 16:02:58 +03:00
if (r->out.names == NULL) {
r3837: added support for LsaLookupSids in the LSA rpc server. This allows the GUI ACL editor on w2k to correctly display names instead of SIDs. (This used to be commit fdaa753578c7b80806d4040ed131f87ddbf988e0)
2004-11-18 08:17:24 +03:00
return NT_STATUS_NO_MEMORY;
}
*r->out.count = 0;
r5037: got rid of all of the TALLOC_DEPRECATED stuff. My apologies for the large commit. I thought this was worthwhile to get done for consistency. (This used to be commit ec32b22ed5ec224f6324f5e069d15e92e38e15c0)
2005-01-27 10:08:20 +03:00
r->out.names->names = talloc_array(r->out.names, struct lsa_TranslatedName2,
r3837: added support for LsaLookupSids in the LSA rpc server. This allows the GUI ACL editor on w2k to correctly display names instead of SIDs. (This used to be commit fdaa753578c7b80806d4040ed131f87ddbf988e0)
2004-11-18 08:17:24 +03:00
r->in.sids->num_sids);
if (r->out.names->names == NULL) {
return NT_STATUS_NO_MEMORY;
}
for (i=0;i<r->in.sids->num_sids;i++) {
struct dom_sid *sid = r->in.sids->sids[i].sid;
char *sid_str = dom_sid_string(mem_ctx, sid);
r3980: added server side support for lsa_LookupNames() and lsa_LookupNames2() (This used to be commit da12780bd98e566af13fe97ce5e84fe829a0fbd5)
2004-11-26 16:02:58 +03:00
const char *name;
r3994: - removed the unused reference count code in lsa server - fixed the sid_index field in lsa LookupSids and LookupNames (This used to be commit 677f701e71609d82376b1ea2fa9ebc3521896671)
2004-11-29 09:19:50 +03:00
uint32_t atype, rtype, sid_index;
r3979: added server side code for lsa_LookupSids2() and fixed authority_name return code to include our own domain. editing of ACLs via the w2k3 GUI works nicely (and faster) with these changes (This used to be commit a3f7f34b3965ddbd89b06334e03d2e1bb6aa364b)
2004-11-26 15:30:39 +03:00
NTSTATUS status2;
r3837: added support for LsaLookupSids in the LSA rpc server. This allows the GUI ACL editor on w2k to correctly display names instead of SIDs. (This used to be commit fdaa753578c7b80806d4040ed131f87ddbf988e0)
2004-11-18 08:17:24 +03:00
r->out.names->count++;
(*r->out.count)++;
r3907: * Rename lsa_Name to lsa_String * Add new IDL to LSA, to query information about trusted domains (for cross-check with SamSync). Andrew Bartlett (This used to be commit 174c0778421b5154ff2ba809688ea6ef38a1478b)
2004-11-22 14:59:59 +03:00
r->out.names->names[i].sid_type = SID_NAME_UNKNOWN;
r->out.names->names[i].name.string = sid_str;
r->out.names->names[i].sid_index = 0xFFFFFFFF;
r3979: added server side code for lsa_LookupSids2() and fixed authority_name return code to include our own domain. editing of ACLs via the w2k3 GUI works nicely (and faster) with these changes (This used to be commit a3f7f34b3965ddbd89b06334e03d2e1bb6aa364b)
2004-11-26 15:30:39 +03:00
r->out.names->names[i].unknown = 0;
r3837: added support for LsaLookupSids in the LSA rpc server. This allows the GUI ACL editor on w2k to correctly display names instead of SIDs. (This used to be commit fdaa753578c7b80806d4040ed131f87ddbf988e0)
2004-11-18 08:17:24 +03:00
if (sid_str == NULL) {
r3907: * Rename lsa_Name to lsa_String * Add new IDL to LSA, to query information about trusted domains (for cross-check with SamSync). Andrew Bartlett (This used to be commit 174c0778421b5154ff2ba809688ea6ef38a1478b)
2004-11-22 14:59:59 +03:00
r->out.names->names[i].name.string = "(SIDERROR)";
r3837: added support for LsaLookupSids in the LSA rpc server. This allows the GUI ACL editor on w2k to correctly display names instead of SIDs. (This used to be commit fdaa753578c7b80806d4040ed131f87ddbf988e0)
2004-11-18 08:17:24 +03:00
status = STATUS_SOME_UNMAPPED;
continue;
}
/* work out the authority name */
r20850: Prefix all server calls with dcesrv_ (This used to be commit 76c78b0339cd88c61a13745f7f4e037f400db21b)
2007-01-17 17:49:36 +03:00
status2 = dcesrv_lsa_authority_list(state, mem_ctx, sid, r->out.domains, &sid_index);
r3979: added server side code for lsa_LookupSids2() and fixed authority_name return code to include our own domain. editing of ACLs via the w2k3 GUI works nicely (and faster) with these changes (This used to be commit a3f7f34b3965ddbd89b06334e03d2e1bb6aa364b)
2004-11-26 15:30:39 +03:00
if (!NT_STATUS_IS_OK(status2)) {
return status2;
r3837: added support for LsaLookupSids in the LSA rpc server. This allows the GUI ACL editor on w2k to correctly display names instead of SIDs. (This used to be commit fdaa753578c7b80806d4040ed131f87ddbf988e0)
2004-11-18 08:17:24 +03:00
}
r20850: Prefix all server calls with dcesrv_ (This used to be commit 76c78b0339cd88c61a13745f7f4e037f400db21b)
2007-01-17 17:49:36 +03:00
status2 = dcesrv_lsa_lookup_sid(state, mem_ctx, sid, sid_str,
r3992: provide hooks for lsa to lookup sids allocated using the linear id->sid mapping (This used to be commit e61140510905b6bbe57ad35dad8e4dd68d1f6bd8)
2004-11-29 07:24:50 +03:00
&name, &atype);
if (!NT_STATUS_IS_OK(status2)) {
r3837: added support for LsaLookupSids in the LSA rpc server. This allows the GUI ACL editor on w2k to correctly display names instead of SIDs. (This used to be commit fdaa753578c7b80806d4040ed131f87ddbf988e0)
2004-11-18 08:17:24 +03:00
status = STATUS_SOME_UNMAPPED;
continue;
}
rtype = samdb_atype_map(atype);
if (rtype == SID_NAME_UNKNOWN) {
status = STATUS_SOME_UNMAPPED;
continue;
}
r3907: * Rename lsa_Name to lsa_String * Add new IDL to LSA, to query information about trusted domains (for cross-check with SamSync). Andrew Bartlett (This used to be commit 174c0778421b5154ff2ba809688ea6ef38a1478b)
2004-11-22 14:59:59 +03:00
r->out.names->names[i].sid_type = rtype;
r->out.names->names[i].name.string = name;
r3994: - removed the unused reference count code in lsa server - fixed the sid_index field in lsa LookupSids and LookupNames (This used to be commit 677f701e71609d82376b1ea2fa9ebc3521896671)
2004-11-29 09:19:50 +03:00
r->out.names->names[i].sid_index = sid_index;
r3979: added server side code for lsa_LookupSids2() and fixed authority_name return code to include our own domain. editing of ACLs via the w2k3 GUI works nicely (and faster) with these changes (This used to be commit a3f7f34b3965ddbd89b06334e03d2e1bb6aa364b)
2004-11-26 15:30:39 +03:00
r->out.names->names[i].unknown = 0;
r3837: added support for LsaLookupSids in the LSA rpc server. This allows the GUI ACL editor on w2k to correctly display names instead of SIDs. (This used to be commit fdaa753578c7b80806d4040ed131f87ddbf988e0)
2004-11-18 08:17:24 +03:00
}
return status;
r917: - added the start of a LSA server to samba4. - added start of QueryDomainInfo in samr server "net rpc info" from samba3 now works against a samba4 server. I suspect join will work fairly soon. (This used to be commit 0a2c6a1062d0e364356853001f5f39bdb542f453)
2004-05-27 08:13:58 +04:00
}
r4447: implement server side of lsa_LookupSids3() and lsa_LookupNames3() (This used to be commit e535f84504b07a912c2f5dd6eca4c9893c1843db)
2004-12-31 11:54:59 +03:00
/*
r18361: Invert the way we handle LookupSids2/LookupSids3 and LookupNames3/LookupNames4 The latter calls don't supply a policy handle The latter calls now acquire a policy handle, then call the earlier calls. This means we still share the codepaths, but don't need to fetch policy state when it is already provided. Andrew Bartlett (This used to be commit 5fa9e96bd0d1f75e208be9a8a04dfc90a854bee9)
2006-09-11 09:11:10 +04:00
lsa_LookupSids3
Identical to LookupSids2, but doesn't take a policy handle
r4447: implement server side of lsa_LookupSids3() and lsa_LookupNames3() (This used to be commit e535f84504b07a912c2f5dd6eca4c9893c1843db)
2004-12-31 11:54:59 +03:00
*/
r20850: Prefix all server calls with dcesrv_ (This used to be commit 76c78b0339cd88c61a13745f7f4e037f400db21b)
2007-01-17 17:49:36 +03:00
static NTSTATUS dcesrv_lsa_LookupSids3(struct dcesrv_call_state *dce_call,
r4447: implement server side of lsa_LookupSids3() and lsa_LookupNames3() (This used to be commit e535f84504b07a912c2f5dd6eca4c9893c1843db)
2004-12-31 11:54:59 +03:00
TALLOC_CTX *mem_ctx,
r18361: Invert the way we handle LookupSids2/LookupSids3 and LookupNames3/LookupNames4 The latter calls don't supply a policy handle The latter calls now acquire a policy handle, then call the earlier calls. This means we still share the codepaths, but don't need to fetch policy state when it is already provided. Andrew Bartlett (This used to be commit 5fa9e96bd0d1f75e208be9a8a04dfc90a854bee9)
2006-09-11 09:11:10 +04:00
struct lsa_LookupSids3 *r)
r4447: implement server side of lsa_LookupSids3() and lsa_LookupNames3() (This used to be commit e535f84504b07a912c2f5dd6eca4c9893c1843db)
2004-12-31 11:54:59 +03:00
{
r18361: Invert the way we handle LookupSids2/LookupSids3 and LookupNames3/LookupNames4 The latter calls don't supply a policy handle The latter calls now acquire a policy handle, then call the earlier calls. This means we still share the codepaths, but don't need to fetch policy state when it is already provided. Andrew Bartlett (This used to be commit 5fa9e96bd0d1f75e208be9a8a04dfc90a854bee9)
2006-09-11 09:11:10 +04:00
struct lsa_LookupSids2 r2;
struct lsa_OpenPolicy2 pol;
r4447: implement server side of lsa_LookupSids3() and lsa_LookupNames3() (This used to be commit e535f84504b07a912c2f5dd6eca4c9893c1843db)
2004-12-31 11:54:59 +03:00
NTSTATUS status;
r18361: Invert the way we handle LookupSids2/LookupSids3 and LookupNames3/LookupNames4 The latter calls don't supply a policy handle The latter calls now acquire a policy handle, then call the earlier calls. This means we still share the codepaths, but don't need to fetch policy state when it is already provided. Andrew Bartlett (This used to be commit 5fa9e96bd0d1f75e208be9a8a04dfc90a854bee9)
2006-09-11 09:11:10 +04:00
struct dcesrv_handle *h;
r4447: implement server side of lsa_LookupSids3() and lsa_LookupNames3() (This used to be commit e535f84504b07a912c2f5dd6eca4c9893c1843db)
2004-12-31 11:54:59 +03:00
r18361: Invert the way we handle LookupSids2/LookupSids3 and LookupNames3/LookupNames4 The latter calls don't supply a policy handle The latter calls now acquire a policy handle, then call the earlier calls. This means we still share the codepaths, but don't need to fetch policy state when it is already provided. Andrew Bartlett (This used to be commit 5fa9e96bd0d1f75e208be9a8a04dfc90a854bee9)
2006-09-11 09:11:10 +04:00
/* No policy handle on the wire, so make one up here */
r2.in.handle = talloc(mem_ctx, struct policy_handle);
if (!r2.in.handle) {
return NT_STATUS_NO_MEMORY;
}
r4447: implement server side of lsa_LookupSids3() and lsa_LookupNames3() (This used to be commit e535f84504b07a912c2f5dd6eca4c9893c1843db)
2004-12-31 11:54:59 +03:00
r18361: Invert the way we handle LookupSids2/LookupSids3 and LookupNames3/LookupNames4 The latter calls don't supply a policy handle The latter calls now acquire a policy handle, then call the earlier calls. This means we still share the codepaths, but don't need to fetch policy state when it is already provided. Andrew Bartlett (This used to be commit 5fa9e96bd0d1f75e208be9a8a04dfc90a854bee9)
2006-09-11 09:11:10 +04:00
pol.out.handle = r2.in.handle;
pol.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
pol.in.attr = NULL;
pol.in.system_name = NULL;
r20850: Prefix all server calls with dcesrv_ (This used to be commit 76c78b0339cd88c61a13745f7f4e037f400db21b)
2007-01-17 17:49:36 +03:00
status = dcesrv_lsa_OpenPolicy2(dce_call, mem_ctx, &pol);
r18361: Invert the way we handle LookupSids2/LookupSids3 and LookupNames3/LookupNames4 The latter calls don't supply a policy handle The latter calls now acquire a policy handle, then call the earlier calls. This means we still share the codepaths, but don't need to fetch policy state when it is already provided. Andrew Bartlett (This used to be commit 5fa9e96bd0d1f75e208be9a8a04dfc90a854bee9)
2006-09-11 09:11:10 +04:00
if (!NT_STATUS_IS_OK(status)) {
return status;
}
/* ensure this handle goes away at the end of this call */
DCESRV_PULL_HANDLE(h, r2.in.handle, LSA_HANDLE_POLICY);
talloc_steal(mem_ctx, h);
r2.in.sids = r->in.sids;
r2.in.names = r->in.names;
r2.in.level = r->in.level;
r2.in.count = r->in.count;
r2.in.unknown1 = r->in.unknown1;
r2.in.unknown2 = r->in.unknown2;
r2.out.count = r->out.count;
r2.out.names = r->out.names;
r20850: Prefix all server calls with dcesrv_ (This used to be commit 76c78b0339cd88c61a13745f7f4e037f400db21b)
2007-01-17 17:49:36 +03:00
status = dcesrv_lsa_LookupSids2(dce_call, mem_ctx, &r2);
r4447: implement server side of lsa_LookupSids3() and lsa_LookupNames3() (This used to be commit e535f84504b07a912c2f5dd6eca4c9893c1843db)
2004-12-31 11:54:59 +03:00
if (dce_call->fault_code != 0) {
return status;
}
r18361: Invert the way we handle LookupSids2/LookupSids3 and LookupNames3/LookupNames4 The latter calls don't supply a policy handle The latter calls now acquire a policy handle, then call the earlier calls. This means we still share the codepaths, but don't need to fetch policy state when it is already provided. Andrew Bartlett (This used to be commit 5fa9e96bd0d1f75e208be9a8a04dfc90a854bee9)
2006-09-11 09:11:10 +04:00
r->out.domains = r2.out.domains;
r->out.names = r2.out.names;
r->out.count = r2.out.count;
r4447: implement server side of lsa_LookupSids3() and lsa_LookupNames3() (This used to be commit e535f84504b07a912c2f5dd6eca4c9893c1843db)
2004-12-31 11:54:59 +03:00
return status;
}
r3979: added server side code for lsa_LookupSids2() and fixed authority_name return code to include our own domain. editing of ACLs via the w2k3 GUI works nicely (and faster) with these changes (This used to be commit a3f7f34b3965ddbd89b06334e03d2e1bb6aa364b)
2004-11-26 15:30:39 +03:00
/*
lsa_LookupSids
*/
r20850: Prefix all server calls with dcesrv_ (This used to be commit 76c78b0339cd88c61a13745f7f4e037f400db21b)
2007-01-17 17:49:36 +03:00
static NTSTATUS dcesrv_lsa_LookupSids(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
r3979: added server side code for lsa_LookupSids2() and fixed authority_name return code to include our own domain. editing of ACLs via the w2k3 GUI works nicely (and faster) with these changes (This used to be commit a3f7f34b3965ddbd89b06334e03d2e1bb6aa364b)
2004-11-26 15:30:39 +03:00
struct lsa_LookupSids *r)
{
r18362: Make LookupSids map onto LookupSids2, as they both take a policy handle. Avoids a lookup for the basic domain information for every request. Andrew Bartlett (This used to be commit 35b69bc5f4bda7f4f2480997cc32188154a175ce)
2006-09-11 10:15:39 +04:00
struct lsa_LookupSids2 r2;
r3979: added server side code for lsa_LookupSids2() and fixed authority_name return code to include our own domain. editing of ACLs via the w2k3 GUI works nicely (and faster) with these changes (This used to be commit a3f7f34b3965ddbd89b06334e03d2e1bb6aa364b)
2004-11-26 15:30:39 +03:00
NTSTATUS status;
int i;
r18362: Make LookupSids map onto LookupSids2, as they both take a policy handle. Avoids a lookup for the basic domain information for every request. Andrew Bartlett (This used to be commit 35b69bc5f4bda7f4f2480997cc32188154a175ce)
2006-09-11 10:15:39 +04:00
r2.in.handle = r->in.handle;
r2.in.sids = r->in.sids;
r2.in.names = NULL;
r2.in.level = r->in.level;
r2.in.count = r->in.count;
r2.in.unknown1 = 0;
r2.in.unknown2 = 0;
r2.out.count = r->out.count;
r2.out.names = NULL;
r3979: added server side code for lsa_LookupSids2() and fixed authority_name return code to include our own domain. editing of ACLs via the w2k3 GUI works nicely (and faster) with these changes (This used to be commit a3f7f34b3965ddbd89b06334e03d2e1bb6aa364b)
2004-11-26 15:30:39 +03:00
r20850: Prefix all server calls with dcesrv_ (This used to be commit 76c78b0339cd88c61a13745f7f4e037f400db21b)
2007-01-17 17:49:36 +03:00
status = dcesrv_lsa_LookupSids2(dce_call, mem_ctx, &r2);
r3979: added server side code for lsa_LookupSids2() and fixed authority_name return code to include our own domain. editing of ACLs via the w2k3 GUI works nicely (and faster) with these changes (This used to be commit a3f7f34b3965ddbd89b06334e03d2e1bb6aa364b)
2004-11-26 15:30:39 +03:00
if (dce_call->fault_code != 0) {
return status;
}
r18362: Make LookupSids map onto LookupSids2, as they both take a policy handle. Avoids a lookup for the basic domain information for every request. Andrew Bartlett (This used to be commit 35b69bc5f4bda7f4f2480997cc32188154a175ce)
2006-09-11 10:15:39 +04:00
r->out.domains = r2.out.domains;
if (!r2.out.names) {
r10373: Fix segfault in LookupSids. Andrew Bartlett (This used to be commit ddc3a1c79e80e12296c398c42110fc378fb80e00)
2005-09-21 04:27:10 +04:00
r->out.names = NULL;
return status;
}
r5037: got rid of all of the TALLOC_DEPRECATED stuff. My apologies for the large commit. I thought this was worthwhile to get done for consistency. (This used to be commit ec32b22ed5ec224f6324f5e069d15e92e38e15c0)
2005-01-27 10:08:20 +03:00
r->out.names = talloc(mem_ctx, struct lsa_TransNameArray);
r3979: added server side code for lsa_LookupSids2() and fixed authority_name return code to include our own domain. editing of ACLs via the w2k3 GUI works nicely (and faster) with these changes (This used to be commit a3f7f34b3965ddbd89b06334e03d2e1bb6aa364b)
2004-11-26 15:30:39 +03:00
if (r->out.names == NULL) {
return NT_STATUS_NO_MEMORY;
}
r18362: Make LookupSids map onto LookupSids2, as they both take a policy handle. Avoids a lookup for the basic domain information for every request. Andrew Bartlett (This used to be commit 35b69bc5f4bda7f4f2480997cc32188154a175ce)
2006-09-11 10:15:39 +04:00
r->out.names->count = r2.out.names->count;
r5037: got rid of all of the TALLOC_DEPRECATED stuff. My apologies for the large commit. I thought this was worthwhile to get done for consistency. (This used to be commit ec32b22ed5ec224f6324f5e069d15e92e38e15c0)
2005-01-27 10:08:20 +03:00
r->out.names->names = talloc_array(r->out.names, struct lsa_TranslatedName,
r3979: added server side code for lsa_LookupSids2() and fixed authority_name return code to include our own domain. editing of ACLs via the w2k3 GUI works nicely (and faster) with these changes (This used to be commit a3f7f34b3965ddbd89b06334e03d2e1bb6aa364b)
2004-11-26 15:30:39 +03:00
r->out.names->count);
if (r->out.names->names == NULL) {
return NT_STATUS_NO_MEMORY;
}
for (i=0;i<r->out.names->count;i++) {
r18362: Make LookupSids map onto LookupSids2, as they both take a policy handle. Avoids a lookup for the basic domain information for every request. Andrew Bartlett (This used to be commit 35b69bc5f4bda7f4f2480997cc32188154a175ce)
2006-09-11 10:15:39 +04:00
r->out.names->names[i].sid_type = r2.out.names->names[i].sid_type;
r->out.names->names[i].name.string = r2.out.names->names[i].name.string;
r->out.names->names[i].sid_index = r2.out.names->names[i].sid_index;
r3979: added server side code for lsa_LookupSids2() and fixed authority_name return code to include our own domain. editing of ACLs via the w2k3 GUI works nicely (and faster) with these changes (This used to be commit a3f7f34b3965ddbd89b06334e03d2e1bb6aa364b)
2004-11-26 15:30:39 +03:00
}
return status;
}
r917: - added the start of a LSA server to samba4. - added start of QueryDomainInfo in samr server "net rpc info" from samba3 now works against a samba4 server. I suspect join will work fairly soon. (This used to be commit 0a2c6a1062d0e364356853001f5f39bdb542f453)
2004-05-27 08:13:58 +04:00
/*
lsa_OpenAccount
*/
r20850: Prefix all server calls with dcesrv_ (This used to be commit 76c78b0339cd88c61a13745f7f4e037f400db21b)
2007-01-17 17:49:36 +03:00
static NTSTATUS dcesrv_lsa_OpenAccount(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
r4276: added server side support for lsa_OpenAccount() (This used to be commit 4716334502a245bc1ffafd3a8a00662cfbdf8ba8)
2004-12-19 08:01:52 +03:00
struct lsa_OpenAccount *r)
r917: - added the start of a LSA server to samba4. - added start of QueryDomainInfo in samr server "net rpc info" from samba3 now works against a samba4 server. I suspect join will work fairly soon. (This used to be commit 0a2c6a1062d0e364356853001f5f39bdb542f453)
2004-05-27 08:13:58 +04:00
{
r4276: added server side support for lsa_OpenAccount() (This used to be commit 4716334502a245bc1ffafd3a8a00662cfbdf8ba8)
2004-12-19 08:01:52 +03:00
struct dcesrv_handle *h, *ah;
struct lsa_policy_state *state;
struct lsa_account_state *astate;
ZERO_STRUCTP(r->out.acct_handle);
DCESRV_PULL_HANDLE(h, r->in.handle, LSA_HANDLE_POLICY);
state = h->data;
r5037: got rid of all of the TALLOC_DEPRECATED stuff. My apologies for the large commit. I thought this was worthwhile to get done for consistency. (This used to be commit ec32b22ed5ec224f6324f5e069d15e92e38e15c0)
2005-01-27 10:08:20 +03:00
astate = talloc(dce_call->conn, struct lsa_account_state);
r4276: added server side support for lsa_OpenAccount() (This used to be commit 4716334502a245bc1ffafd3a8a00662cfbdf8ba8)
2004-12-19 08:01:52 +03:00
if (astate == NULL) {
return NT_STATUS_NO_MEMORY;
}
astate->account_sid = dom_sid_dup(astate, r->in.sid);
if (astate->account_sid == NULL) {
talloc_free(astate);
return NT_STATUS_NO_MEMORY;
}
astate->policy = talloc_reference(astate, state);
astate->access_mask = r->in.access_mask;
r4640: first stage in the server side support for multiple context_ids on one pipe this stage does the following: - simplifies the dcerpc_handle handling, and all the callers of it - split out the context_id depenent state into a linked list of established contexts - fixed some talloc handling in several rpc servers that i noticed while doing the above (This used to be commit fde042b3fc609c94e2c7eedcdd72ecdf489cf63b)
2005-01-10 15:15:26 +03:00
ah = dcesrv_handle_new(dce_call->context, LSA_HANDLE_ACCOUNT);
r4276: added server side support for lsa_OpenAccount() (This used to be commit 4716334502a245bc1ffafd3a8a00662cfbdf8ba8)
2004-12-19 08:01:52 +03:00
if (!ah) {
talloc_free(astate);
return NT_STATUS_NO_MEMORY;
}
r4640: first stage in the server side support for multiple context_ids on one pipe this stage does the following: - simplifies the dcerpc_handle handling, and all the callers of it - split out the context_id depenent state into a linked list of established contexts - fixed some talloc handling in several rpc servers that i noticed while doing the above (This used to be commit fde042b3fc609c94e2c7eedcdd72ecdf489cf63b)
2005-01-10 15:15:26 +03:00
ah->data = talloc_steal(ah, astate);
r4276: added server side support for lsa_OpenAccount() (This used to be commit 4716334502a245bc1ffafd3a8a00662cfbdf8ba8)
2004-12-19 08:01:52 +03:00
*r->out.acct_handle = ah->wire_handle;
return NT_STATUS_OK;
r917: - added the start of a LSA server to samba4. - added start of QueryDomainInfo in samr server "net rpc info" from samba3 now works against a samba4 server. I suspect join will work fairly soon. (This used to be commit 0a2c6a1062d0e364356853001f5f39bdb542f453)
2004-05-27 08:13:58 +04:00
}
/*
lsa_EnumPrivsAccount
*/
r20850: Prefix all server calls with dcesrv_ (This used to be commit 76c78b0339cd88c61a13745f7f4e037f400db21b)
2007-01-17 17:49:36 +03:00
static NTSTATUS dcesrv_lsa_EnumPrivsAccount(struct dcesrv_call_state *dce_call,
r4206: fixed a status code check in lsa_LookupNames2 that could cause a segv (This used to be commit 31ab04f790ff4349dbc8a24c07fa35e10b831baf)
2004-12-15 01:18:33 +03:00
TALLOC_CTX *mem_ctx,
struct lsa_EnumPrivsAccount *r)
r917: - added the start of a LSA server to samba4. - added start of QueryDomainInfo in samr server "net rpc info" from samba3 now works against a samba4 server. I suspect join will work fairly soon. (This used to be commit 0a2c6a1062d0e364356853001f5f39bdb542f453)
2004-05-27 08:13:58 +04:00
{
r4278: - added server support for lsa_EnumPrivsAccount() (This used to be commit a80c82d2635fce42482982d904f265199a000e10)
2004-12-19 09:41:27 +03:00
struct dcesrv_handle *h;
struct lsa_account_state *astate;
int ret, i;
struct ldb_message **res;
const char * const attrs[] = { "privilege", NULL};
struct ldb_message_element *el;
r16827: Factor out some code into common samdb functions: - creation of ForeignSecurityPrincipals - template duplication code Rework much of the LSA server to pass the RPC-LSA test. Much of the server code was untested. In implementing the LSA Accounts feature, I have opted to have it only create entires when privilages are applied, and not to delete entries, but to delete the privilages. We skip some parts of the test, but it is much better than not testing it at all. Andrew Bartlett (This used to be commit 10eeea6da465564ed9f785d06e2d2ed06cfe29a4)
2006-07-06 09:23:29 +04:00
const char *sidstr;
r4278: - added server support for lsa_EnumPrivsAccount() (This used to be commit a80c82d2635fce42482982d904f265199a000e10)
2004-12-19 09:41:27 +03:00
DCESRV_PULL_HANDLE(h, r->in.handle, LSA_HANDLE_ACCOUNT);
astate = h->data;
r5037: got rid of all of the TALLOC_DEPRECATED stuff. My apologies for the large commit. I thought this was worthwhile to get done for consistency. (This used to be commit ec32b22ed5ec224f6324f5e069d15e92e38e15c0)
2005-01-27 10:08:20 +03:00
r->out.privs = talloc(mem_ctx, struct lsa_PrivilegeSet);
r4278: - added server support for lsa_EnumPrivsAccount() (This used to be commit a80c82d2635fce42482982d904f265199a000e10)
2004-12-19 09:41:27 +03:00
r->out.privs->count = 0;
r->out.privs->unknown = 0;
r->out.privs->set = NULL;
r16827: Factor out some code into common samdb functions: - creation of ForeignSecurityPrincipals - template duplication code Rework much of the LSA server to pass the RPC-LSA test. Much of the server code was untested. In implementing the LSA Accounts feature, I have opted to have it only create entires when privilages are applied, and not to delete entries, but to delete the privilages. We skip some parts of the test, but it is much better than not testing it at all. Andrew Bartlett (This used to be commit 10eeea6da465564ed9f785d06e2d2ed06cfe29a4)
2006-07-06 09:23:29 +04:00
sidstr = ldap_encode_ndr_dom_sid(mem_ctx, astate->account_sid);
if (sidstr == NULL) {
return NT_STATUS_NO_MEMORY;
}
r17823: get rid of most of the samdb_base_dn() calls, as they are no longer needed in searches (This used to be commit a5ea749f0ac63bf495a55ee8d9d002208ab93572)
2006-08-25 11:08:06 +04:00
ret = gendb_search(astate->policy->sam_ldb, mem_ctx, NULL, &res, attrs,
r16827: Factor out some code into common samdb functions: - creation of ForeignSecurityPrincipals - template duplication code Rework much of the LSA server to pass the RPC-LSA test. Much of the server code was untested. In implementing the LSA Accounts feature, I have opted to have it only create entires when privilages are applied, and not to delete entries, but to delete the privilages. We skip some parts of the test, but it is much better than not testing it at all. Andrew Bartlett (This used to be commit 10eeea6da465564ed9f785d06e2d2ed06cfe29a4)
2006-07-06 09:23:29 +04:00
"objectSid=%s", sidstr);
r4278: - added server support for lsa_EnumPrivsAccount() (This used to be commit a80c82d2635fce42482982d904f265199a000e10)
2004-12-19 09:41:27 +03:00
if (ret != 1) {
return NT_STATUS_OK;
}
el = ldb_msg_find_element(res[0], "privilege");
if (el == NULL || el->num_values == 0) {
return NT_STATUS_OK;
}
r5037: got rid of all of the TALLOC_DEPRECATED stuff. My apologies for the large commit. I thought this was worthwhile to get done for consistency. (This used to be commit ec32b22ed5ec224f6324f5e069d15e92e38e15c0)
2005-01-27 10:08:20 +03:00
r->out.privs->set = talloc_array(r->out.privs,
r16827: Factor out some code into common samdb functions: - creation of ForeignSecurityPrincipals - template duplication code Rework much of the LSA server to pass the RPC-LSA test. Much of the server code was untested. In implementing the LSA Accounts feature, I have opted to have it only create entires when privilages are applied, and not to delete entries, but to delete the privilages. We skip some parts of the test, but it is much better than not testing it at all. Andrew Bartlett (This used to be commit 10eeea6da465564ed9f785d06e2d2ed06cfe29a4)
2006-07-06 09:23:29 +04:00
struct lsa_LUIDAttribute, el->num_values);
r4278: - added server support for lsa_EnumPrivsAccount() (This used to be commit a80c82d2635fce42482982d904f265199a000e10)
2004-12-19 09:41:27 +03:00
if (r->out.privs->set == NULL) {
return NT_STATUS_NO_MEMORY;
}
for (i=0;i<el->num_values;i++) {
r8429: fix compiler warnings metze (This used to be commit b9ee5818808f2e0cd38c0c5d2ef15cba22d4edbe)
2005-07-13 19:18:20 +04:00
int id = sec_privilege_id((const char *)el->values[i].data);
r4278: - added server support for lsa_EnumPrivsAccount() (This used to be commit a80c82d2635fce42482982d904f265199a000e10)
2004-12-19 09:41:27 +03:00
if (id == -1) {
return NT_STATUS_INTERNAL_DB_CORRUPTION;
}
r->out.privs->set[i].attribute = 0;
r->out.privs->set[i].luid.low = id;
r->out.privs->set[i].luid.high = 0;
}
r->out.privs->count = el->num_values;
return NT_STATUS_OK;
r917: - added the start of a LSA server to samba4. - added start of QueryDomainInfo in samr server "net rpc info" from samba3 now works against a samba4 server. I suspect join will work fairly soon. (This used to be commit 0a2c6a1062d0e364356853001f5f39bdb542f453)
2004-05-27 08:13:58 +04:00
}
r4283: adding a privilege that an account already has is not an error (This used to be commit 2a4c562896aabe391d6f675433db2e519f0ce4b0)
2004-12-19 14:34:19 +03:00
/*
lsa_EnumAccountRights
*/
r20850: Prefix all server calls with dcesrv_ (This used to be commit 76c78b0339cd88c61a13745f7f4e037f400db21b)
2007-01-17 17:49:36 +03:00
static NTSTATUS dcesrv_lsa_EnumAccountRights(struct dcesrv_call_state *dce_call,
r4283: adding a privilege that an account already has is not an error (This used to be commit 2a4c562896aabe391d6f675433db2e519f0ce4b0)
2004-12-19 14:34:19 +03:00
TALLOC_CTX *mem_ctx,
struct lsa_EnumAccountRights *r)
{
struct dcesrv_handle *h;
struct lsa_policy_state *state;
int ret, i;
struct ldb_message **res;
const char * const attrs[] = { "privilege", NULL};
const char *sidstr;
struct ldb_message_element *el;
DCESRV_PULL_HANDLE(h, r->in.handle, LSA_HANDLE_POLICY);
state = h->data;
r7860: switch our ldb storage format to use a NDR encoded objectSid. This is quite a large change as we had lots of code that assumed that objectSid was a string in S- format. metze and simo tried to convince me to use NDR format months ago, but I didn't listen, so its fair that I have the pain of fixing all the code now :-) This builds on the ldb_register_samba_handlers() and ldif handlers code I did earlier this week. There are still three parts of this conversion I have not finished: - the ltdb index records need to use the string form of the objectSid (to keep the DNs sane). Until that it done I have disabled indexing on objectSid, which is a big performance hit, but allows us to pass all our tests while I rejig the indexing system to use a externally supplied conversion function - I haven't yet put in place the code that allows client to use the "S-xxx-yyy" form for objectSid in ldap search expressions. w2k3 supports this, presumably by looking for the "S-" prefix to determine what type of objectSid form is being used by the client. I have been working on ways to handle this, but am not happy with them yet so they aren't part of this patch - I need to change pidl to generate push functions that take a "const void *" instead of a "void*" for the data pointer. That will fix the couple of new warnings this code generates. Luckily it many places the conversion to NDR formatted records actually simplified the code, as it means we no longer need as many calls to dom_sid_parse_talloc(). In some places it got more complex, but not many. (This used to be commit d40bc2fa8ddd43560315688eebdbe98bdd02756c)
2005-06-24 04:18:20 +04:00
sidstr = ldap_encode_ndr_dom_sid(mem_ctx, r->in.sid);
r4283: adding a privilege that an account already has is not an error (This used to be commit 2a4c562896aabe391d6f675433db2e519f0ce4b0)
2004-12-19 14:34:19 +03:00
if (sidstr == NULL) {
return NT_STATUS_NO_MEMORY;
}
r17823: get rid of most of the samdb_base_dn() calls, as they are no longer needed in searches (This used to be commit a5ea749f0ac63bf495a55ee8d9d002208ab93572)
2006-08-25 11:08:06 +04:00
ret = gendb_search(state->sam_ldb, mem_ctx, NULL, &res, attrs,
r16827: Factor out some code into common samdb functions: - creation of ForeignSecurityPrincipals - template duplication code Rework much of the LSA server to pass the RPC-LSA test. Much of the server code was untested. In implementing the LSA Accounts feature, I have opted to have it only create entires when privilages are applied, and not to delete entries, but to delete the privilages. We skip some parts of the test, but it is much better than not testing it at all. Andrew Bartlett (This used to be commit 10eeea6da465564ed9f785d06e2d2ed06cfe29a4)
2006-07-06 09:23:29 +04:00
"(&(objectSid=%s)(privilege=*))", sidstr);
if (ret == 0) {
r4283: adding a privilege that an account already has is not an error (This used to be commit 2a4c562896aabe391d6f675433db2e519f0ce4b0)
2004-12-19 14:34:19 +03:00
return NT_STATUS_OBJECT_NAME_NOT_FOUND;
}
r16827: Factor out some code into common samdb functions: - creation of ForeignSecurityPrincipals - template duplication code Rework much of the LSA server to pass the RPC-LSA test. Much of the server code was untested. In implementing the LSA Accounts feature, I have opted to have it only create entires when privilages are applied, and not to delete entries, but to delete the privilages. We skip some parts of the test, but it is much better than not testing it at all. Andrew Bartlett (This used to be commit 10eeea6da465564ed9f785d06e2d2ed06cfe29a4)
2006-07-06 09:23:29 +04:00
if (ret > 1) {
return NT_STATUS_INTERNAL_DB_CORRUPTION;
}
if (ret == -1) {
DEBUG(3, ("searching for account rights for SID: %s failed: %s",
dom_sid_string(mem_ctx, r->in.sid),
ldb_errstring(state->sam_ldb)));
return NT_STATUS_INTERNAL_DB_CORRUPTION;
}
r4283: adding a privilege that an account already has is not an error (This used to be commit 2a4c562896aabe391d6f675433db2e519f0ce4b0)
2004-12-19 14:34:19 +03:00
el = ldb_msg_find_element(res[0], "privilege");
if (el == NULL || el->num_values == 0) {
return NT_STATUS_OBJECT_NAME_NOT_FOUND;
}
r->out.rights->count = el->num_values;
r5037: got rid of all of the TALLOC_DEPRECATED stuff. My apologies for the large commit. I thought this was worthwhile to get done for consistency. (This used to be commit ec32b22ed5ec224f6324f5e069d15e92e38e15c0)
2005-01-27 10:08:20 +03:00
r->out.rights->names = talloc_array(r->out.rights,
r12793: fix bugs metze (This used to be commit 65be02a9801444c01230903d130b2d71b6c15617)
2006-01-09 18:50:08 +03:00
struct lsa_StringLarge, r->out.rights->count);
r4283: adding a privilege that an account already has is not an error (This used to be commit 2a4c562896aabe391d6f675433db2e519f0ce4b0)
2004-12-19 14:34:19 +03:00
if (r->out.rights->names == NULL) {
return NT_STATUS_NO_MEMORY;
}
for (i=0;i<el->num_values;i++) {
r8429: fix compiler warnings metze (This used to be commit b9ee5818808f2e0cd38c0c5d2ef15cba22d4edbe)
2005-07-13 19:18:20 +04:00
r->out.rights->names[i].string = (const char *)el->values[i].data;
r4283: adding a privilege that an account already has is not an error (This used to be commit 2a4c562896aabe391d6f675433db2e519f0ce4b0)
2004-12-19 14:34:19 +03:00
}
return NT_STATUS_OK;
}
r917: - added the start of a LSA server to samba4. - added start of QueryDomainInfo in samr server "net rpc info" from samba3 now works against a samba4 server. I suspect join will work fairly soon. (This used to be commit 0a2c6a1062d0e364356853001f5f39bdb542f453)
2004-05-27 08:13:58 +04:00
r4280: added server side support for lsa_AddPrivilegesToAccount() and lsa_RemovePrivilegesFromAccount() these are the last of the server side privileges functions. We should now have a complete privileges implementation. (This used to be commit 76db300232f5557377dca059d17ea3c28a0a425c)
2004-12-19 10:50:19 +03:00
/*
helper for lsa_AddAccountRights and lsa_RemoveAccountRights
*/
r20850: Prefix all server calls with dcesrv_ (This used to be commit 76c78b0339cd88c61a13745f7f4e037f400db21b)
2007-01-17 17:49:36 +03:00
static NTSTATUS dcesrv_lsa_AddRemoveAccountRights(struct dcesrv_call_state *dce_call,
r4280: added server side support for lsa_AddPrivilegesToAccount() and lsa_RemovePrivilegesFromAccount() these are the last of the server side privileges functions. We should now have a complete privileges implementation. (This used to be commit 76db300232f5557377dca059d17ea3c28a0a425c)
2004-12-19 10:50:19 +03:00
TALLOC_CTX *mem_ctx,
struct lsa_policy_state *state,
int ldb_flag,
r4283: adding a privilege that an account already has is not an error (This used to be commit 2a4c562896aabe391d6f675433db2e519f0ce4b0)
2004-12-19 14:34:19 +03:00
struct dom_sid *sid,
r4280: added server side support for lsa_AddPrivilegesToAccount() and lsa_RemovePrivilegesFromAccount() these are the last of the server side privileges functions. We should now have a complete privileges implementation. (This used to be commit 76db300232f5557377dca059d17ea3c28a0a425c)
2004-12-19 10:50:19 +03:00
const struct lsa_RightSet *rights)
{
const char *sidstr;
r4698: - Initial implementation of trusted domains in LSA. - Use templates for Secrets and the new trusted domains - Auto-add modifiedTime, createdTime and objectGUID to records in the samdb layer. Andrew Bartlett (This used to be commit 271c8faadfe2d9e0f3d523a1cdc831f5f9e35d19)
2005-01-12 05:40:25 +03:00
struct ldb_message *msg;
r16827: Factor out some code into common samdb functions: - creation of ForeignSecurityPrincipals - template duplication code Rework much of the LSA server to pass the RPC-LSA test. Much of the server code was untested. In implementing the LSA Accounts feature, I have opted to have it only create entires when privilages are applied, and not to delete entries, but to delete the privilages. We skip some parts of the test, but it is much better than not testing it at all. Andrew Bartlett (This used to be commit 10eeea6da465564ed9f785d06e2d2ed06cfe29a4)
2006-07-06 09:23:29 +04:00
struct ldb_message_element *el;
r4280: added server side support for lsa_AddPrivilegesToAccount() and lsa_RemovePrivilegesFromAccount() these are the last of the server side privileges functions. We should now have a complete privileges implementation. (This used to be commit 76db300232f5557377dca059d17ea3c28a0a425c)
2004-12-19 10:50:19 +03:00
int i, ret;
r4283: adding a privilege that an account already has is not an error (This used to be commit 2a4c562896aabe391d6f675433db2e519f0ce4b0)
2004-12-19 14:34:19 +03:00
struct lsa_EnumAccountRights r2;
r4280: added server side support for lsa_AddPrivilegesToAccount() and lsa_RemovePrivilegesFromAccount() these are the last of the server side privileges functions. We should now have a complete privileges implementation. (This used to be commit 76db300232f5557377dca059d17ea3c28a0a425c)
2004-12-19 10:50:19 +03:00
r7860: switch our ldb storage format to use a NDR encoded objectSid. This is quite a large change as we had lots of code that assumed that objectSid was a string in S- format. metze and simo tried to convince me to use NDR format months ago, but I didn't listen, so its fair that I have the pain of fixing all the code now :-) This builds on the ldb_register_samba_handlers() and ldif handlers code I did earlier this week. There are still three parts of this conversion I have not finished: - the ltdb index records need to use the string form of the objectSid (to keep the DNs sane). Until that it done I have disabled indexing on objectSid, which is a big performance hit, but allows us to pass all our tests while I rejig the indexing system to use a externally supplied conversion function - I haven't yet put in place the code that allows client to use the "S-xxx-yyy" form for objectSid in ldap search expressions. w2k3 supports this, presumably by looking for the "S-" prefix to determine what type of objectSid form is being used by the client. I have been working on ways to handle this, but am not happy with them yet so they aren't part of this patch - I need to change pidl to generate push functions that take a "const void *" instead of a "void*" for the data pointer. That will fix the couple of new warnings this code generates. Luckily it many places the conversion to NDR formatted records actually simplified the code, as it means we no longer need as many calls to dom_sid_parse_talloc(). In some places it got more complex, but not many. (This used to be commit d40bc2fa8ddd43560315688eebdbe98bdd02756c)
2005-06-24 04:18:20 +04:00
sidstr = ldap_encode_ndr_dom_sid(mem_ctx, sid);
r4280: added server side support for lsa_AddPrivilegesToAccount() and lsa_RemovePrivilegesFromAccount() these are the last of the server side privileges functions. We should now have a complete privileges implementation. (This used to be commit 76db300232f5557377dca059d17ea3c28a0a425c)
2004-12-19 10:50:19 +03:00
if (sidstr == NULL) {
return NT_STATUS_NO_MEMORY;
}
r4698: - Initial implementation of trusted domains in LSA. - Use templates for Secrets and the new trusted domains - Auto-add modifiedTime, createdTime and objectGUID to records in the samdb layer. Andrew Bartlett (This used to be commit 271c8faadfe2d9e0f3d523a1cdc831f5f9e35d19)
2005-01-12 05:40:25 +03:00
msg = ldb_msg_new(mem_ctx);
if (msg == NULL) {
return NT_STATUS_NO_MEMORY;
}
r16827: Factor out some code into common samdb functions: - creation of ForeignSecurityPrincipals - template duplication code Rework much of the LSA server to pass the RPC-LSA test. Much of the server code was untested. In implementing the LSA Accounts feature, I have opted to have it only create entires when privilages are applied, and not to delete entries, but to delete the privilages. We skip some parts of the test, but it is much better than not testing it at all. Andrew Bartlett (This used to be commit 10eeea6da465564ed9f785d06e2d2ed06cfe29a4)
2006-07-06 09:23:29 +04:00
msg->dn = samdb_search_dn(state->sam_ldb, mem_ctx,
r17823: get rid of most of the samdb_base_dn() calls, as they are no longer needed in searches (This used to be commit a5ea749f0ac63bf495a55ee8d9d002208ab93572)
2006-08-25 11:08:06 +04:00
NULL, "objectSid=%s", sidstr);
r4698: - Initial implementation of trusted domains in LSA. - Use templates for Secrets and the new trusted domains - Auto-add modifiedTime, createdTime and objectGUID to records in the samdb layer. Andrew Bartlett (This used to be commit 271c8faadfe2d9e0f3d523a1cdc831f5f9e35d19)
2005-01-12 05:40:25 +03:00
if (msg->dn == NULL) {
r16827: Factor out some code into common samdb functions: - creation of ForeignSecurityPrincipals - template duplication code Rework much of the LSA server to pass the RPC-LSA test. Much of the server code was untested. In implementing the LSA Accounts feature, I have opted to have it only create entires when privilages are applied, and not to delete entries, but to delete the privilages. We skip some parts of the test, but it is much better than not testing it at all. Andrew Bartlett (This used to be commit 10eeea6da465564ed9f785d06e2d2ed06cfe29a4)
2006-07-06 09:23:29 +04:00
NTSTATUS status;
if (ldb_flag == LDB_FLAG_MOD_DELETE) {
return NT_STATUS_OBJECT_NAME_NOT_FOUND;
}
status = samdb_create_foreign_security_principal(state->sam_ldb, mem_ctx,
sid, &msg->dn);
if (!NT_STATUS_IS_OK(status)) {
return status;
}
r9930: Use a single samdb_base_dn() function rather than lots of silly searches all over the place. This can be extended to cover an NT4 (no ADS) mode in future as well. Andrew Bartlett (This used to be commit 0761b22f99a128bd9634a191adc88b0e30982a3a)
2005-09-02 03:26:50 +04:00
return NT_STATUS_NO_SUCH_USER;
r4280: added server side support for lsa_AddPrivilegesToAccount() and lsa_RemovePrivilegesFromAccount() these are the last of the server side privileges functions. We should now have a complete privileges implementation. (This used to be commit 76db300232f5557377dca059d17ea3c28a0a425c)
2004-12-19 10:50:19 +03:00
}
r4698: - Initial implementation of trusted domains in LSA. - Use templates for Secrets and the new trusted domains - Auto-add modifiedTime, createdTime and objectGUID to records in the samdb layer. Andrew Bartlett (This used to be commit 271c8faadfe2d9e0f3d523a1cdc831f5f9e35d19)
2005-01-12 05:40:25 +03:00
r19489: Change ldb_msg_add_value and ldb_msg_add_empty to take a foruth argument. This is a pointer to an element pointer. If it is not null it will be filled with the pointer of the manipulated element. Will avoid double searches on the elements list in some cases. (This used to be commit 0fa5d4bc225b83e9f63ac6d75bffc4c08eb6b620)
2006-10-25 05:42:59 +04:00
if (ldb_msg_add_empty(msg, "privilege", ldb_flag, NULL)) {
r4280: added server side support for lsa_AddPrivilegesToAccount() and lsa_RemovePrivilegesFromAccount() these are the last of the server side privileges functions. We should now have a complete privileges implementation. (This used to be commit 76db300232f5557377dca059d17ea3c28a0a425c)
2004-12-19 10:50:19 +03:00
return NT_STATUS_NO_MEMORY;
}
r4283: adding a privilege that an account already has is not an error (This used to be commit 2a4c562896aabe391d6f675433db2e519f0ce4b0)
2004-12-19 14:34:19 +03:00
if (ldb_flag == LDB_FLAG_MOD_ADD) {
NTSTATUS status;
r2.in.handle = &state->handle->wire_handle;
r2.in.sid = sid;
r5037: got rid of all of the TALLOC_DEPRECATED stuff. My apologies for the large commit. I thought this was worthwhile to get done for consistency. (This used to be commit ec32b22ed5ec224f6324f5e069d15e92e38e15c0)
2005-01-27 10:08:20 +03:00
r2.out.rights = talloc(mem_ctx, struct lsa_RightSet);
r4283: adding a privilege that an account already has is not an error (This used to be commit 2a4c562896aabe391d6f675433db2e519f0ce4b0)
2004-12-19 14:34:19 +03:00
r20850: Prefix all server calls with dcesrv_ (This used to be commit 76c78b0339cd88c61a13745f7f4e037f400db21b)
2007-01-17 17:49:36 +03:00
status = dcesrv_lsa_EnumAccountRights(dce_call, mem_ctx, &r2);
r4283: adding a privilege that an account already has is not an error (This used to be commit 2a4c562896aabe391d6f675433db2e519f0ce4b0)
2004-12-19 14:34:19 +03:00
if (!NT_STATUS_IS_OK(status)) {
ZERO_STRUCTP(r2.out.rights);
}
}
for (i=0;i<rights->count;i++) {
r4280: added server side support for lsa_AddPrivilegesToAccount() and lsa_RemovePrivilegesFromAccount() these are the last of the server side privileges functions. We should now have a complete privileges implementation. (This used to be commit 76db300232f5557377dca059d17ea3c28a0a425c)
2004-12-19 10:50:19 +03:00
if (sec_privilege_id(rights->names[i].string) == -1) {
return NT_STATUS_NO_SUCH_PRIVILEGE;
}
r4283: adding a privilege that an account already has is not an error (This used to be commit 2a4c562896aabe391d6f675433db2e519f0ce4b0)
2004-12-19 14:34:19 +03:00
if (ldb_flag == LDB_FLAG_MOD_ADD) {
int j;
for (j=0;j<r2.out.rights->count;j++) {
r9792: Rename StrCaseCmp -> strcasecmp_m. All these years I was thinking StrCaseCmp was sys_strcasecmp, while it is in fact strcasecmp_m! (This used to be commit 200a8f6652cb2de7a8037a7a4c2a204b50aee2b1)
2005-08-30 15:55:05 +04:00
if (strcasecmp_m(r2.out.rights->names[j].string,
r4283: adding a privilege that an account already has is not an error (This used to be commit 2a4c562896aabe391d6f675433db2e519f0ce4b0)
2004-12-19 14:34:19 +03:00
rights->names[i].string) == 0) {
break;
}
}
if (j != r2.out.rights->count) continue;
}
r16827: Factor out some code into common samdb functions: - creation of ForeignSecurityPrincipals - template duplication code Rework much of the LSA server to pass the RPC-LSA test. Much of the server code was untested. In implementing the LSA Accounts feature, I have opted to have it only create entires when privilages are applied, and not to delete entries, but to delete the privilages. We skip some parts of the test, but it is much better than not testing it at all. Andrew Bartlett (This used to be commit 10eeea6da465564ed9f785d06e2d2ed06cfe29a4)
2006-07-06 09:23:29 +04:00
ret = ldb_msg_add_string(msg, "privilege", rights->names[i].string);
if (ret != LDB_SUCCESS) {
r4280: added server side support for lsa_AddPrivilegesToAccount() and lsa_RemovePrivilegesFromAccount() these are the last of the server side privileges functions. We should now have a complete privileges implementation. (This used to be commit 76db300232f5557377dca059d17ea3c28a0a425c)
2004-12-19 10:50:19 +03:00
return NT_STATUS_NO_MEMORY;
}
r4283: adding a privilege that an account already has is not an error (This used to be commit 2a4c562896aabe391d6f675433db2e519f0ce4b0)
2004-12-19 14:34:19 +03:00
}
r16827: Factor out some code into common samdb functions: - creation of ForeignSecurityPrincipals - template duplication code Rework much of the LSA server to pass the RPC-LSA test. Much of the server code was untested. In implementing the LSA Accounts feature, I have opted to have it only create entires when privilages are applied, and not to delete entries, but to delete the privilages. We skip some parts of the test, but it is much better than not testing it at all. Andrew Bartlett (This used to be commit 10eeea6da465564ed9f785d06e2d2ed06cfe29a4)
2006-07-06 09:23:29 +04:00
el = ldb_msg_find_element(msg, "privilege");
if (!el) {
r4283: adding a privilege that an account already has is not an error (This used to be commit 2a4c562896aabe391d6f675433db2e519f0ce4b0)
2004-12-19 14:34:19 +03:00
return NT_STATUS_OK;
r4280: added server side support for lsa_AddPrivilegesToAccount() and lsa_RemovePrivilegesFromAccount() these are the last of the server side privileges functions. We should now have a complete privileges implementation. (This used to be commit 76db300232f5557377dca059d17ea3c28a0a425c)
2004-12-19 10:50:19 +03:00
}
r5585: LDB interfaces change: changes: - ldb_wrap disappears from code and become a private structure of db_wrap.c thanks to our move to talloc in ldb code, we do not need to expose it anymore - removal of ldb_close() function form the code thanks to our move to talloc in ldb code, we do not need it anymore use talloc_free() to close and free an ldb database - some minor updates to ldb modules code to cope with the change and fix some bugs I found out during the process (This used to be commit d58be9e74b786a11a57e89df36081d55730dfe0a)
2005-02-27 14:35:47 +03:00
ret = samdb_modify(state->sam_ldb, mem_ctx, msg);
r4280: added server side support for lsa_AddPrivilegesToAccount() and lsa_RemovePrivilegesFromAccount() these are the last of the server side privileges functions. We should now have a complete privileges implementation. (This used to be commit 76db300232f5557377dca059d17ea3c28a0a425c)
2004-12-19 10:50:19 +03:00
if (ret != 0) {
r16827: Factor out some code into common samdb functions: - creation of ForeignSecurityPrincipals - template duplication code Rework much of the LSA server to pass the RPC-LSA test. Much of the server code was untested. In implementing the LSA Accounts feature, I have opted to have it only create entires when privilages are applied, and not to delete entries, but to delete the privilages. We skip some parts of the test, but it is much better than not testing it at all. Andrew Bartlett (This used to be commit 10eeea6da465564ed9f785d06e2d2ed06cfe29a4)
2006-07-06 09:23:29 +04:00
if (ldb_flag == LDB_FLAG_MOD_DELETE && ret == LDB_ERR_NO_SUCH_ATTRIBUTE) {
r4280: added server side support for lsa_AddPrivilegesToAccount() and lsa_RemovePrivilegesFromAccount() these are the last of the server side privileges functions. We should now have a complete privileges implementation. (This used to be commit 76db300232f5557377dca059d17ea3c28a0a425c)
2004-12-19 10:50:19 +03:00
return NT_STATUS_OBJECT_NAME_NOT_FOUND;
}
r16827: Factor out some code into common samdb functions: - creation of ForeignSecurityPrincipals - template duplication code Rework much of the LSA server to pass the RPC-LSA test. Much of the server code was untested. In implementing the LSA Accounts feature, I have opted to have it only create entires when privilages are applied, and not to delete entries, but to delete the privilages. We skip some parts of the test, but it is much better than not testing it at all. Andrew Bartlett (This used to be commit 10eeea6da465564ed9f785d06e2d2ed06cfe29a4)
2006-07-06 09:23:29 +04:00
DEBUG(3, ("Could not %s attributes from %s: %s",
ldb_flag == LDB_FLAG_MOD_DELETE ? "delete" : "add",
r19832: better prototypes for the linearization functions: - ldb_dn_get_linearized returns a const string - ldb_dn_alloc_linearized allocs astring with the linearized dn (This used to be commit 3929c086d5d0b3f08b1c4f2f3f9602c3f4a9a4bd)
2006-11-22 05:05:19 +03:00
ldb_dn_get_linearized(msg->dn), ldb_errstring(state->sam_ldb)));
r4280: added server side support for lsa_AddPrivilegesToAccount() and lsa_RemovePrivilegesFromAccount() these are the last of the server side privileges functions. We should now have a complete privileges implementation. (This used to be commit 76db300232f5557377dca059d17ea3c28a0a425c)
2004-12-19 10:50:19 +03:00
return NT_STATUS_UNEXPECTED_IO_ERROR;
}
return NT_STATUS_OK;
}
r917: - added the start of a LSA server to samba4. - added start of QueryDomainInfo in samr server "net rpc info" from samba3 now works against a samba4 server. I suspect join will work fairly soon. (This used to be commit 0a2c6a1062d0e364356853001f5f39bdb542f453)
2004-05-27 08:13:58 +04:00
/*
r1814: Fix the build. Tridge, in rpc_epmapper.c there's a whole bunch of "return NT_STATUS_NOT_IMPLEMENTED". You told me that's wrong, you should generate the correct fault pdu. Or is epmapper special in that respect? Volker (This used to be commit 48df39c133cd08f1eb8007c7986a675f129d0cae)
2004-08-14 05:11:34 +04:00
lsa_AddPrivilegesToAccount
r917: - added the start of a LSA server to samba4. - added start of QueryDomainInfo in samr server "net rpc info" from samba3 now works against a samba4 server. I suspect join will work fairly soon. (This used to be commit 0a2c6a1062d0e364356853001f5f39bdb542f453)
2004-05-27 08:13:58 +04:00
*/
r20850: Prefix all server calls with dcesrv_ (This used to be commit 76c78b0339cd88c61a13745f7f4e037f400db21b)
2007-01-17 17:49:36 +03:00
static NTSTATUS dcesrv_lsa_AddPrivilegesToAccount(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
r4280: added server side support for lsa_AddPrivilegesToAccount() and lsa_RemovePrivilegesFromAccount() these are the last of the server side privileges functions. We should now have a complete privileges implementation. (This used to be commit 76db300232f5557377dca059d17ea3c28a0a425c)
2004-12-19 10:50:19 +03:00
struct lsa_AddPrivilegesToAccount *r)
r917: - added the start of a LSA server to samba4. - added start of QueryDomainInfo in samr server "net rpc info" from samba3 now works against a samba4 server. I suspect join will work fairly soon. (This used to be commit 0a2c6a1062d0e364356853001f5f39bdb542f453)
2004-05-27 08:13:58 +04:00
{
r4280: added server side support for lsa_AddPrivilegesToAccount() and lsa_RemovePrivilegesFromAccount() these are the last of the server side privileges functions. We should now have a complete privileges implementation. (This used to be commit 76db300232f5557377dca059d17ea3c28a0a425c)
2004-12-19 10:50:19 +03:00
struct lsa_RightSet rights;
struct dcesrv_handle *h;
struct lsa_account_state *astate;
int i;
DCESRV_PULL_HANDLE(h, r->in.handle, LSA_HANDLE_ACCOUNT);
astate = h->data;
rights.count = r->in.privs->count;
r12793: fix bugs metze (This used to be commit 65be02a9801444c01230903d130b2d71b6c15617)
2006-01-09 18:50:08 +03:00
rights.names = talloc_array(mem_ctx, struct lsa_StringLarge, rights.count);
r4280: added server side support for lsa_AddPrivilegesToAccount() and lsa_RemovePrivilegesFromAccount() these are the last of the server side privileges functions. We should now have a complete privileges implementation. (This used to be commit 76db300232f5557377dca059d17ea3c28a0a425c)
2004-12-19 10:50:19 +03:00
if (rights.names == NULL) {
return NT_STATUS_NO_MEMORY;
}
for (i=0;i<rights.count;i++) {
int id = r->in.privs->set[i].luid.low;
if (r->in.privs->set[i].luid.high) {
return NT_STATUS_NO_SUCH_PRIVILEGE;
}
rights.names[i].string = sec_privilege_name(id);
if (rights.names[i].string == NULL) {
return NT_STATUS_NO_SUCH_PRIVILEGE;
}
}
r20850: Prefix all server calls with dcesrv_ (This used to be commit 76c78b0339cd88c61a13745f7f4e037f400db21b)
2007-01-17 17:49:36 +03:00
return dcesrv_lsa_AddRemoveAccountRights(dce_call, mem_ctx, astate->policy,
r4280: added server side support for lsa_AddPrivilegesToAccount() and lsa_RemovePrivilegesFromAccount() these are the last of the server side privileges functions. We should now have a complete privileges implementation. (This used to be commit 76db300232f5557377dca059d17ea3c28a0a425c)
2004-12-19 10:50:19 +03:00
LDB_FLAG_MOD_ADD, astate->account_sid,
&rights);
r917: - added the start of a LSA server to samba4. - added start of QueryDomainInfo in samr server "net rpc info" from samba3 now works against a samba4 server. I suspect join will work fairly soon. (This used to be commit 0a2c6a1062d0e364356853001f5f39bdb542f453)
2004-05-27 08:13:58 +04:00
}
/*
r1814: Fix the build. Tridge, in rpc_epmapper.c there's a whole bunch of "return NT_STATUS_NOT_IMPLEMENTED". You told me that's wrong, you should generate the correct fault pdu. Or is epmapper special in that respect? Volker (This used to be commit 48df39c133cd08f1eb8007c7986a675f129d0cae)
2004-08-14 05:11:34 +04:00
lsa_RemovePrivilegesFromAccount
r917: - added the start of a LSA server to samba4. - added start of QueryDomainInfo in samr server "net rpc info" from samba3 now works against a samba4 server. I suspect join will work fairly soon. (This used to be commit 0a2c6a1062d0e364356853001f5f39bdb542f453)
2004-05-27 08:13:58 +04:00
*/
r20850: Prefix all server calls with dcesrv_ (This used to be commit 76c78b0339cd88c61a13745f7f4e037f400db21b)
2007-01-17 17:49:36 +03:00
static NTSTATUS dcesrv_lsa_RemovePrivilegesFromAccount(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
r4280: added server side support for lsa_AddPrivilegesToAccount() and lsa_RemovePrivilegesFromAccount() these are the last of the server side privileges functions. We should now have a complete privileges implementation. (This used to be commit 76db300232f5557377dca059d17ea3c28a0a425c)
2004-12-19 10:50:19 +03:00
struct lsa_RemovePrivilegesFromAccount *r)
r917: - added the start of a LSA server to samba4. - added start of QueryDomainInfo in samr server "net rpc info" from samba3 now works against a samba4 server. I suspect join will work fairly soon. (This used to be commit 0a2c6a1062d0e364356853001f5f39bdb542f453)
2004-05-27 08:13:58 +04:00
{
r4280: added server side support for lsa_AddPrivilegesToAccount() and lsa_RemovePrivilegesFromAccount() these are the last of the server side privileges functions. We should now have a complete privileges implementation. (This used to be commit 76db300232f5557377dca059d17ea3c28a0a425c)
2004-12-19 10:50:19 +03:00
struct lsa_RightSet *rights;
struct dcesrv_handle *h;
struct lsa_account_state *astate;
int i;
DCESRV_PULL_HANDLE(h, r->in.handle, LSA_HANDLE_ACCOUNT);
astate = h->data;
r5037: got rid of all of the TALLOC_DEPRECATED stuff. My apologies for the large commit. I thought this was worthwhile to get done for consistency. (This used to be commit ec32b22ed5ec224f6324f5e069d15e92e38e15c0)
2005-01-27 10:08:20 +03:00
rights = talloc(mem_ctx, struct lsa_RightSet);
r4280: added server side support for lsa_AddPrivilegesToAccount() and lsa_RemovePrivilegesFromAccount() these are the last of the server side privileges functions. We should now have a complete privileges implementation. (This used to be commit 76db300232f5557377dca059d17ea3c28a0a425c)
2004-12-19 10:50:19 +03:00
if (r->in.remove_all == 1 &&
r->in.privs == NULL) {
struct lsa_EnumAccountRights r2;
NTSTATUS status;
r2.in.handle = &astate->policy->handle->wire_handle;
r2.in.sid = astate->account_sid;
r2.out.rights = rights;
r20850: Prefix all server calls with dcesrv_ (This used to be commit 76c78b0339cd88c61a13745f7f4e037f400db21b)
2007-01-17 17:49:36 +03:00
status = dcesrv_lsa_EnumAccountRights(dce_call, mem_ctx, &r2);
r4280: added server side support for lsa_AddPrivilegesToAccount() and lsa_RemovePrivilegesFromAccount() these are the last of the server side privileges functions. We should now have a complete privileges implementation. (This used to be commit 76db300232f5557377dca059d17ea3c28a0a425c)
2004-12-19 10:50:19 +03:00
if (!NT_STATUS_IS_OK(status)) {
return status;
}
r20850: Prefix all server calls with dcesrv_ (This used to be commit 76c78b0339cd88c61a13745f7f4e037f400db21b)
2007-01-17 17:49:36 +03:00
return dcesrv_lsa_AddRemoveAccountRights(dce_call, mem_ctx, astate->policy,
r4280: added server side support for lsa_AddPrivilegesToAccount() and lsa_RemovePrivilegesFromAccount() these are the last of the server side privileges functions. We should now have a complete privileges implementation. (This used to be commit 76db300232f5557377dca059d17ea3c28a0a425c)
2004-12-19 10:50:19 +03:00
LDB_FLAG_MOD_DELETE, astate->account_sid,
r2.out.rights);
}
if (r->in.remove_all != 0) {
return NT_STATUS_INVALID_PARAMETER;
}
rights->count = r->in.privs->count;
r12793: fix bugs metze (This used to be commit 65be02a9801444c01230903d130b2d71b6c15617)
2006-01-09 18:50:08 +03:00
rights->names = talloc_array(mem_ctx, struct lsa_StringLarge, rights->count);
r4280: added server side support for lsa_AddPrivilegesToAccount() and lsa_RemovePrivilegesFromAccount() these are the last of the server side privileges functions. We should now have a complete privileges implementation. (This used to be commit 76db300232f5557377dca059d17ea3c28a0a425c)
2004-12-19 10:50:19 +03:00
if (rights->names == NULL) {
return NT_STATUS_NO_MEMORY;
}
for (i=0;i<rights->count;i++) {
int id = r->in.privs->set[i].luid.low;
if (r->in.privs->set[i].luid.high) {
return NT_STATUS_NO_SUCH_PRIVILEGE;
}
rights->names[i].string = sec_privilege_name(id);
if (rights->names[i].string == NULL) {
return NT_STATUS_NO_SUCH_PRIVILEGE;
}
}
r20850: Prefix all server calls with dcesrv_ (This used to be commit 76c78b0339cd88c61a13745f7f4e037f400db21b)
2007-01-17 17:49:36 +03:00
return dcesrv_lsa_AddRemoveAccountRights(dce_call, mem_ctx, astate->policy,
r4280: added server side support for lsa_AddPrivilegesToAccount() and lsa_RemovePrivilegesFromAccount() these are the last of the server side privileges functions. We should now have a complete privileges implementation. (This used to be commit 76db300232f5557377dca059d17ea3c28a0a425c)
2004-12-19 10:50:19 +03:00
LDB_FLAG_MOD_DELETE, astate->account_sid,
rights);
r917: - added the start of a LSA server to samba4. - added start of QueryDomainInfo in samr server "net rpc info" from samba3 now works against a samba4 server. I suspect join will work fairly soon. (This used to be commit 0a2c6a1062d0e364356853001f5f39bdb542f453)
2004-05-27 08:13:58 +04:00
}
/*
r1814: Fix the build. Tridge, in rpc_epmapper.c there's a whole bunch of "return NT_STATUS_NOT_IMPLEMENTED". You told me that's wrong, you should generate the correct fault pdu. Or is epmapper special in that respect? Volker (This used to be commit 48df39c133cd08f1eb8007c7986a675f129d0cae)
2004-08-14 05:11:34 +04:00
lsa_GetQuotasForAccount
r917: - added the start of a LSA server to samba4. - added start of QueryDomainInfo in samr server "net rpc info" from samba3 now works against a samba4 server. I suspect join will work fairly soon. (This used to be commit 0a2c6a1062d0e364356853001f5f39bdb542f453)
2004-05-27 08:13:58 +04:00
*/
r20850: Prefix all server calls with dcesrv_ (This used to be commit 76c78b0339cd88c61a13745f7f4e037f400db21b)
2007-01-17 17:49:36 +03:00
static NTSTATUS dcesrv_lsa_GetQuotasForAccount(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
r1814: Fix the build. Tridge, in rpc_epmapper.c there's a whole bunch of "return NT_STATUS_NOT_IMPLEMENTED". You told me that's wrong, you should generate the correct fault pdu. Or is epmapper special in that respect? Volker (This used to be commit 48df39c133cd08f1eb8007c7986a675f129d0cae)
2004-08-14 05:11:34 +04:00
struct lsa_GetQuotasForAccount *r)
r917: - added the start of a LSA server to samba4. - added start of QueryDomainInfo in samr server "net rpc info" from samba3 now works against a samba4 server. I suspect join will work fairly soon. (This used to be commit 0a2c6a1062d0e364356853001f5f39bdb542f453)
2004-05-27 08:13:58 +04:00
{
DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
}
/*
r1814: Fix the build. Tridge, in rpc_epmapper.c there's a whole bunch of "return NT_STATUS_NOT_IMPLEMENTED". You told me that's wrong, you should generate the correct fault pdu. Or is epmapper special in that respect? Volker (This used to be commit 48df39c133cd08f1eb8007c7986a675f129d0cae)
2004-08-14 05:11:34 +04:00
lsa_SetQuotasForAccount
r917: - added the start of a LSA server to samba4. - added start of QueryDomainInfo in samr server "net rpc info" from samba3 now works against a samba4 server. I suspect join will work fairly soon. (This used to be commit 0a2c6a1062d0e364356853001f5f39bdb542f453)
2004-05-27 08:13:58 +04:00
*/
r20850: Prefix all server calls with dcesrv_ (This used to be commit 76c78b0339cd88c61a13745f7f4e037f400db21b)
2007-01-17 17:49:36 +03:00
static NTSTATUS dcesrv_lsa_SetQuotasForAccount(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
r1814: Fix the build. Tridge, in rpc_epmapper.c there's a whole bunch of "return NT_STATUS_NOT_IMPLEMENTED". You told me that's wrong, you should generate the correct fault pdu. Or is epmapper special in that respect? Volker (This used to be commit 48df39c133cd08f1eb8007c7986a675f129d0cae)
2004-08-14 05:11:34 +04:00
struct lsa_SetQuotasForAccount *r)
r917: - added the start of a LSA server to samba4. - added start of QueryDomainInfo in samr server "net rpc info" from samba3 now works against a samba4 server. I suspect join will work fairly soon. (This used to be commit 0a2c6a1062d0e364356853001f5f39bdb542f453)
2004-05-27 08:13:58 +04:00
{
DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
}
/*
r1814: Fix the build. Tridge, in rpc_epmapper.c there's a whole bunch of "return NT_STATUS_NOT_IMPLEMENTED". You told me that's wrong, you should generate the correct fault pdu. Or is epmapper special in that respect? Volker (This used to be commit 48df39c133cd08f1eb8007c7986a675f129d0cae)
2004-08-14 05:11:34 +04:00
lsa_GetSystemAccessAccount
r917: - added the start of a LSA server to samba4. - added start of QueryDomainInfo in samr server "net rpc info" from samba3 now works against a samba4 server. I suspect join will work fairly soon. (This used to be commit 0a2c6a1062d0e364356853001f5f39bdb542f453)
2004-05-27 08:13:58 +04:00
*/
r20850: Prefix all server calls with dcesrv_ (This used to be commit 76c78b0339cd88c61a13745f7f4e037f400db21b)
2007-01-17 17:49:36 +03:00
static NTSTATUS dcesrv_lsa_GetSystemAccessAccount(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
r1814: Fix the build. Tridge, in rpc_epmapper.c there's a whole bunch of "return NT_STATUS_NOT_IMPLEMENTED". You told me that's wrong, you should generate the correct fault pdu. Or is epmapper special in that respect? Volker (This used to be commit 48df39c133cd08f1eb8007c7986a675f129d0cae)
2004-08-14 05:11:34 +04:00
struct lsa_GetSystemAccessAccount *r)
r917: - added the start of a LSA server to samba4. - added start of QueryDomainInfo in samr server "net rpc info" from samba3 now works against a samba4 server. I suspect join will work fairly soon. (This used to be commit 0a2c6a1062d0e364356853001f5f39bdb542f453)
2004-05-27 08:13:58 +04:00
{
DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
}
/*
r1814: Fix the build. Tridge, in rpc_epmapper.c there's a whole bunch of "return NT_STATUS_NOT_IMPLEMENTED". You told me that's wrong, you should generate the correct fault pdu. Or is epmapper special in that respect? Volker (This used to be commit 48df39c133cd08f1eb8007c7986a675f129d0cae)
2004-08-14 05:11:34 +04:00
lsa_SetSystemAccessAccount
r917: - added the start of a LSA server to samba4. - added start of QueryDomainInfo in samr server "net rpc info" from samba3 now works against a samba4 server. I suspect join will work fairly soon. (This used to be commit 0a2c6a1062d0e364356853001f5f39bdb542f453)
2004-05-27 08:13:58 +04:00
*/
r20850: Prefix all server calls with dcesrv_ (This used to be commit 76c78b0339cd88c61a13745f7f4e037f400db21b)
2007-01-17 17:49:36 +03:00
static NTSTATUS dcesrv_lsa_SetSystemAccessAccount(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
r1814: Fix the build. Tridge, in rpc_epmapper.c there's a whole bunch of "return NT_STATUS_NOT_IMPLEMENTED". You told me that's wrong, you should generate the correct fault pdu. Or is epmapper special in that respect? Volker (This used to be commit 48df39c133cd08f1eb8007c7986a675f129d0cae)
2004-08-14 05:11:34 +04:00
struct lsa_SetSystemAccessAccount *r)
r917: - added the start of a LSA server to samba4. - added start of QueryDomainInfo in samr server "net rpc info" from samba3 now works against a samba4 server. I suspect join will work fairly soon. (This used to be commit 0a2c6a1062d0e364356853001f5f39bdb542f453)
2004-05-27 08:13:58 +04:00
{
DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
}
r4682: A LDB-based secrets implementation in Samba4. This uses LDB (a local secrets.ldb and the global samdb) to fill out the secrets from an LSA perspective. Some small changes to come, but the bulk of the work is now done. A re-provision is required after this change. Andrew Bartlett (This used to be commit ded33033521a6a1c7ea80758c5c5aeeebb182a51)
2005-01-11 17:04:58 +03:00
/*
lsa_CreateSecret
*/
r20850: Prefix all server calls with dcesrv_ (This used to be commit 76c78b0339cd88c61a13745f7f4e037f400db21b)
2007-01-17 17:49:36 +03:00
static NTSTATUS dcesrv_lsa_CreateSecret(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
r4682: A LDB-based secrets implementation in Samba4. This uses LDB (a local secrets.ldb and the global samdb) to fill out the secrets from an LSA perspective. Some small changes to come, but the bulk of the work is now done. A re-provision is required after this change. Andrew Bartlett (This used to be commit ded33033521a6a1c7ea80758c5c5aeeebb182a51)
2005-01-11 17:04:58 +03:00
struct lsa_CreateSecret *r)
{
struct dcesrv_handle *policy_handle;
struct lsa_policy_state *policy_state;
struct lsa_secret_state *secret_state;
struct dcesrv_handle *handle;
struct ldb_message **msgs, *msg;
r17788: fix compiler warnings metze (This used to be commit 00fcc4f16a01a0c6a70f86c8bd9d1f9801dfd9df)
2006-08-24 14:41:31 +04:00
const char *errstr;
r4682: A LDB-based secrets implementation in Samba4. This uses LDB (a local secrets.ldb and the global samdb) to fill out the secrets from an LSA perspective. Some small changes to come, but the bulk of the work is now done. A re-provision is required after this change. Andrew Bartlett (This used to be commit ded33033521a6a1c7ea80758c5c5aeeebb182a51)
2005-01-11 17:04:58 +03:00
const char *attrs[] = {
NULL
};
const char *name;
int ret;
DCESRV_PULL_HANDLE(policy_handle, r->in.handle, LSA_HANDLE_POLICY);
ZERO_STRUCTP(r->out.sec_handle);
policy_state = policy_handle->data;
if (!r->in.name.string) {
return NT_STATUS_INVALID_PARAMETER;
}
secret_state = talloc(mem_ctx, struct lsa_secret_state);
if (!secret_state) {
return NT_STATUS_NO_MEMORY;
}
r4698: - Initial implementation of trusted domains in LSA. - Use templates for Secrets and the new trusted domains - Auto-add modifiedTime, createdTime and objectGUID to records in the samdb layer. Andrew Bartlett (This used to be commit 271c8faadfe2d9e0f3d523a1cdc831f5f9e35d19)
2005-01-12 05:40:25 +03:00
secret_state->policy = policy_state;
r4682: A LDB-based secrets implementation in Samba4. This uses LDB (a local secrets.ldb and the global samdb) to fill out the secrets from an LSA perspective. Some small changes to come, but the bulk of the work is now done. A re-provision is required after this change. Andrew Bartlett (This used to be commit ded33033521a6a1c7ea80758c5c5aeeebb182a51)
2005-01-11 17:04:58 +03:00
msg = ldb_msg_new(mem_ctx);
if (msg == NULL) {
return NT_STATUS_NO_MEMORY;
}
if (strncmp("G$", r->in.name.string, 2) == 0) {
const char *name2;
name = &r->in.name.string[2];
r5585: LDB interfaces change: changes: - ldb_wrap disappears from code and become a private structure of db_wrap.c thanks to our move to talloc in ldb code, we do not need to expose it anymore - removal of ldb_close() function form the code thanks to our move to talloc in ldb code, we do not need it anymore use talloc_free() to close and free an ldb database - some minor updates to ldb modules code to cope with the change and fix some bugs I found out during the process (This used to be commit d58be9e74b786a11a57e89df36081d55730dfe0a)
2005-02-27 14:35:47 +03:00
secret_state->sam_ldb = talloc_reference(secret_state, policy_state->sam_ldb);
r4694: 'fix' the behaviour for setting only the old, but not the new secret. (The behaviour is a little odd, but we wanted bug-for-bug, right? :-) Andrew Bartlett (This used to be commit 6a09a84320c9ab18568a66efb3839a8dcde834af)
2005-01-12 01:16:14 +03:00
secret_state->global = True;
r4682: A LDB-based secrets implementation in Samba4. This uses LDB (a local secrets.ldb and the global samdb) to fill out the secrets from an LSA perspective. Some small changes to come, but the bulk of the work is now done. A re-provision is required after this change. Andrew Bartlett (This used to be commit ded33033521a6a1c7ea80758c5c5aeeebb182a51)
2005-01-11 17:04:58 +03:00
if (strlen(name) < 1) {
return NT_STATUS_INVALID_PARAMETER;
}
r12361: Add a new function: ldb_binary_encode_string() This is for use on user-supplied arguments to printf style format strings which will become ldb filters. I have used it on LSA, SAMR and the auth/ code so far. Also add comments to cracknames code. Andrew Bartlett (This used to be commit 8308cf6e0472790c1c9d521d19322557907f4418)
2005-12-19 10:07:11 +03:00
name2 = talloc_asprintf(mem_ctx, "%s Secret", ldb_binary_encode_string(mem_ctx, name));
r4682: A LDB-based secrets implementation in Samba4. This uses LDB (a local secrets.ldb and the global samdb) to fill out the secrets from an LSA perspective. Some small changes to come, but the bulk of the work is now done. A re-provision is required after this change. Andrew Bartlett (This used to be commit ded33033521a6a1c7ea80758c5c5aeeebb182a51)
2005-01-11 17:04:58 +03:00
/* search for the secret record */
r5988: Fix the -P option (use machine account credentials) to use the Samba4 secrets system, and not the old system from Samba3. This allowed the code from auth_domain to be shared - we now only lookup the secrets.ldb in lib/credentials.c. In order to link the resultant binary, samdb_search() has been moved from deep inside rpc_server into lib/gendb.c, along with the existing gendb_search_v(). The vast majority of this patch is the simple rename that followed, (Depending on the whole SAMDB for just this function seemed pointless, and brought in futher dependencies, such as smbencrypt.c). Andrew Bartlett (This used to be commit e13c671619bd290a8b3cae8555cb281a9a185ee0)
2005-03-23 04:30:43 +03:00
ret = gendb_search(secret_state->sam_ldb,
r4682: A LDB-based secrets implementation in Samba4. This uses LDB (a local secrets.ldb and the global samdb) to fill out the secrets from an LSA perspective. Some small changes to come, but the bulk of the work is now done. A re-provision is required after this change. Andrew Bartlett (This used to be commit ded33033521a6a1c7ea80758c5c5aeeebb182a51)
2005-01-11 17:04:58 +03:00
mem_ctx, policy_state->system_dn, &msgs, attrs,
"(&(cn=%s)(objectclass=secret))",
name2);
if (ret > 0) {
return NT_STATUS_OBJECT_NAME_COLLISION;
}
r16827: Factor out some code into common samdb functions: - creation of ForeignSecurityPrincipals - template duplication code Rework much of the LSA server to pass the RPC-LSA test. Much of the server code was untested. In implementing the LSA Accounts feature, I have opted to have it only create entires when privilages are applied, and not to delete entries, but to delete the privilages. We skip some parts of the test, but it is much better than not testing it at all. Andrew Bartlett (This used to be commit 10eeea6da465564ed9f785d06e2d2ed06cfe29a4)
2006-07-06 09:23:29 +04:00
if (ret == -1) {
DEBUG(0,("Failure searching for CN=%s: %s\n",
name2, ldb_errstring(secret_state->sam_ldb)));
r4682: A LDB-based secrets implementation in Samba4. This uses LDB (a local secrets.ldb and the global samdb) to fill out the secrets from an LSA perspective. Some small changes to come, but the bulk of the work is now done. A re-provision is required after this change. Andrew Bartlett (This used to be commit ded33033521a6a1c7ea80758c5c5aeeebb182a51)
2005-01-11 17:04:58 +03:00
return NT_STATUS_INTERNAL_DB_CORRUPTION;
}
r19831: Big ldb_dn optimization and interfaces enhancement patch This patch changes a lot of the code in ldb_dn.c, and also removes and add a number of manipulation functions around. The aim is to avoid validating a dn if not necessary as the validation code is necessarily slow. This is mainly to speed up internal operations where input is not user generated and so we can assume the DNs need no validation. The code is designed to keep the data as a string if possible. The code is not yet 100% perfect, but pass all the tests so far. A memleak is certainly present, I'll work on that next. Simo. (This used to be commit a580c871d3784602a9cce32d33419e63c8236e63)
2006-11-22 03:59:34 +03:00
msg->dn = ldb_dn_copy(mem_ctx, policy_state->system_dn);
if (!name2 || ! ldb_dn_add_child_fmt(msg->dn, "cn=%s", name2)) {
r4682: A LDB-based secrets implementation in Samba4. This uses LDB (a local secrets.ldb and the global samdb) to fill out the secrets from an LSA perspective. Some small changes to come, but the bulk of the work is now done. A re-provision is required after this change. Andrew Bartlett (This used to be commit ded33033521a6a1c7ea80758c5c5aeeebb182a51)
2005-01-11 17:04:58 +03:00
return NT_STATUS_NO_MEMORY;
}
r5585: LDB interfaces change: changes: - ldb_wrap disappears from code and become a private structure of db_wrap.c thanks to our move to talloc in ldb code, we do not need to expose it anymore - removal of ldb_close() function form the code thanks to our move to talloc in ldb code, we do not need it anymore use talloc_free() to close and free an ldb database - some minor updates to ldb modules code to cope with the change and fix some bugs I found out during the process (This used to be commit d58be9e74b786a11a57e89df36081d55730dfe0a)
2005-02-27 14:35:47 +03:00
samdb_msg_add_string(secret_state->sam_ldb, mem_ctx, msg, "cn", name2);
r4682: A LDB-based secrets implementation in Samba4. This uses LDB (a local secrets.ldb and the global samdb) to fill out the secrets from an LSA perspective. Some small changes to come, but the bulk of the work is now done. A re-provision is required after this change. Andrew Bartlett (This used to be commit ded33033521a6a1c7ea80758c5c5aeeebb182a51)
2005-01-11 17:04:58 +03:00
} else {
r4694: 'fix' the behaviour for setting only the old, but not the new secret. (The behaviour is a little odd, but we wanted bug-for-bug, right? :-) Andrew Bartlett (This used to be commit 6a09a84320c9ab18568a66efb3839a8dcde834af)
2005-01-12 01:16:14 +03:00
secret_state->global = False;
r4682: A LDB-based secrets implementation in Samba4. This uses LDB (a local secrets.ldb and the global samdb) to fill out the secrets from an LSA perspective. Some small changes to come, but the bulk of the work is now done. A re-provision is required after this change. Andrew Bartlett (This used to be commit ded33033521a6a1c7ea80758c5c5aeeebb182a51)
2005-01-11 17:04:58 +03:00
name = r->in.name.string;
if (strlen(name) < 1) {
return NT_STATUS_INVALID_PARAMETER;
}
r5585: LDB interfaces change: changes: - ldb_wrap disappears from code and become a private structure of db_wrap.c thanks to our move to talloc in ldb code, we do not need to expose it anymore - removal of ldb_close() function form the code thanks to our move to talloc in ldb code, we do not need it anymore use talloc_free() to close and free an ldb database - some minor updates to ldb modules code to cope with the change and fix some bugs I found out during the process (This used to be commit d58be9e74b786a11a57e89df36081d55730dfe0a)
2005-02-27 14:35:47 +03:00
secret_state->sam_ldb = talloc_reference(secret_state, secrets_db_connect(mem_ctx));
r4682: A LDB-based secrets implementation in Samba4. This uses LDB (a local secrets.ldb and the global samdb) to fill out the secrets from an LSA perspective. Some small changes to come, but the bulk of the work is now done. A re-provision is required after this change. Andrew Bartlett (This used to be commit ded33033521a6a1c7ea80758c5c5aeeebb182a51)
2005-01-11 17:04:58 +03:00
/* search for the secret record */
r9391: Convert all the code to use struct ldb_dn to ohandle ldap like distinguished names Provide more functions to handle DNs in this form (This used to be commit 692e35b7797e39533dd2a1c4b63d9da30f1eb5ba)
2005-08-18 19:02:01 +04:00
ret = gendb_search(secret_state->sam_ldb, mem_ctx,
r19831: Big ldb_dn optimization and interfaces enhancement patch This patch changes a lot of the code in ldb_dn.c, and also removes and add a number of manipulation functions around. The aim is to avoid validating a dn if not necessary as the validation code is necessarily slow. This is mainly to speed up internal operations where input is not user generated and so we can assume the DNs need no validation. The code is designed to keep the data as a string if possible. The code is not yet 100% perfect, but pass all the tests so far. A memleak is certainly present, I'll work on that next. Simo. (This used to be commit a580c871d3784602a9cce32d33419e63c8236e63)
2006-11-22 03:59:34 +03:00
ldb_dn_new(mem_ctx, secret_state->sam_ldb, "cn=LSA Secrets"),
r9391: Convert all the code to use struct ldb_dn to ohandle ldap like distinguished names Provide more functions to handle DNs in this form (This used to be commit 692e35b7797e39533dd2a1c4b63d9da30f1eb5ba)
2005-08-18 19:02:01 +04:00
&msgs, attrs,
r12361: Add a new function: ldb_binary_encode_string() This is for use on user-supplied arguments to printf style format strings which will become ldb filters. I have used it on LSA, SAMR and the auth/ code so far. Also add comments to cracknames code. Andrew Bartlett (This used to be commit 8308cf6e0472790c1c9d521d19322557907f4418)
2005-12-19 10:07:11 +03:00
"(&(cn=%s)(objectclass=secret))",
ldb_binary_encode_string(mem_ctx, name));
r4682: A LDB-based secrets implementation in Samba4. This uses LDB (a local secrets.ldb and the global samdb) to fill out the secrets from an LSA perspective. Some small changes to come, but the bulk of the work is now done. A re-provision is required after this change. Andrew Bartlett (This used to be commit ded33033521a6a1c7ea80758c5c5aeeebb182a51)
2005-01-11 17:04:58 +03:00
if (ret > 0) {
return NT_STATUS_OBJECT_NAME_COLLISION;
}
r16827: Factor out some code into common samdb functions: - creation of ForeignSecurityPrincipals - template duplication code Rework much of the LSA server to pass the RPC-LSA test. Much of the server code was untested. In implementing the LSA Accounts feature, I have opted to have it only create entires when privilages are applied, and not to delete entries, but to delete the privilages. We skip some parts of the test, but it is much better than not testing it at all. Andrew Bartlett (This used to be commit 10eeea6da465564ed9f785d06e2d2ed06cfe29a4)
2006-07-06 09:23:29 +04:00
if (ret == -1) {
DEBUG(0,("Failure searching for CN=%s: %s\n",
name, ldb_errstring(secret_state->sam_ldb)));
r4682: A LDB-based secrets implementation in Samba4. This uses LDB (a local secrets.ldb and the global samdb) to fill out the secrets from an LSA perspective. Some small changes to come, but the bulk of the work is now done. A re-provision is required after this change. Andrew Bartlett (This used to be commit ded33033521a6a1c7ea80758c5c5aeeebb182a51)
2005-01-11 17:04:58 +03:00
return NT_STATUS_INTERNAL_DB_CORRUPTION;
}
r19831: Big ldb_dn optimization and interfaces enhancement patch This patch changes a lot of the code in ldb_dn.c, and also removes and add a number of manipulation functions around. The aim is to avoid validating a dn if not necessary as the validation code is necessarily slow. This is mainly to speed up internal operations where input is not user generated and so we can assume the DNs need no validation. The code is designed to keep the data as a string if possible. The code is not yet 100% perfect, but pass all the tests so far. A memleak is certainly present, I'll work on that next. Simo. (This used to be commit a580c871d3784602a9cce32d33419e63c8236e63)
2006-11-22 03:59:34 +03:00
msg->dn = ldb_dn_new_fmt(mem_ctx, secret_state->sam_ldb, "cn=%s,cn=LSA Secrets", name);
r5585: LDB interfaces change: changes: - ldb_wrap disappears from code and become a private structure of db_wrap.c thanks to our move to talloc in ldb code, we do not need to expose it anymore - removal of ldb_close() function form the code thanks to our move to talloc in ldb code, we do not need it anymore use talloc_free() to close and free an ldb database - some minor updates to ldb modules code to cope with the change and fix some bugs I found out during the process (This used to be commit d58be9e74b786a11a57e89df36081d55730dfe0a)
2005-02-27 14:35:47 +03:00
samdb_msg_add_string(secret_state->sam_ldb, mem_ctx, msg, "cn", name);
r4682: A LDB-based secrets implementation in Samba4. This uses LDB (a local secrets.ldb and the global samdb) to fill out the secrets from an LSA perspective. Some small changes to come, but the bulk of the work is now done. A re-provision is required after this change. Andrew Bartlett (This used to be commit ded33033521a6a1c7ea80758c5c5aeeebb182a51)
2005-01-11 17:04:58 +03:00
}
r4698: - Initial implementation of trusted domains in LSA. - Use templates for Secrets and the new trusted domains - Auto-add modifiedTime, createdTime and objectGUID to records in the samdb layer. Andrew Bartlett (This used to be commit 271c8faadfe2d9e0f3d523a1cdc831f5f9e35d19)
2005-01-12 05:40:25 +03:00
/* pull in all the template attributes. Note this is always from the global samdb */
r16827: Factor out some code into common samdb functions: - creation of ForeignSecurityPrincipals - template duplication code Rework much of the LSA server to pass the RPC-LSA test. Much of the server code was untested. In implementing the LSA Accounts feature, I have opted to have it only create entires when privilages are applied, and not to delete entries, but to delete the privilages. We skip some parts of the test, but it is much better than not testing it at all. Andrew Bartlett (This used to be commit 10eeea6da465564ed9f785d06e2d2ed06cfe29a4)
2006-07-06 09:23:29 +04:00
ret = samdb_copy_template(secret_state->policy->sam_ldb, msg,
r24918: Fix the build (forgot to include dcesrv_lsa.c in the previous commit) and improve error strings returned from samdb.c Andrew Bartlett (This used to be commit a42d0eb531e663304bea840d614b2f91f95dd818)
2007-09-03 11:56:29 +04:00
"secret", &errstr);
r4698: - Initial implementation of trusted domains in LSA. - Use templates for Secrets and the new trusted domains - Auto-add modifiedTime, createdTime and objectGUID to records in the samdb layer. Andrew Bartlett (This used to be commit 271c8faadfe2d9e0f3d523a1cdc831f5f9e35d19)
2005-01-12 05:40:25 +03:00
if (ret != 0) {
r17529: Simo doesn't like the use of the internal ldb_errstring in functions not used purely as ldb module helper functions. This now passes these strings back as explicit parameters. Andrew Bartlett (This used to be commit 9c1cd9c2c6bcd9d056a7c9caafacdd573562ebbc)
2006-08-14 06:50:18 +04:00
DEBUG(0,("Failed to load TemplateSecret from samdb: %s\n",
errstr));
r4698: - Initial implementation of trusted domains in LSA. - Use templates for Secrets and the new trusted domains - Auto-add modifiedTime, createdTime and objectGUID to records in the samdb layer. Andrew Bartlett (This used to be commit 271c8faadfe2d9e0f3d523a1cdc831f5f9e35d19)
2005-01-12 05:40:25 +03:00
return NT_STATUS_INTERNAL_DB_CORRUPTION;
}
r5585: LDB interfaces change: changes: - ldb_wrap disappears from code and become a private structure of db_wrap.c thanks to our move to talloc in ldb code, we do not need to expose it anymore - removal of ldb_close() function form the code thanks to our move to talloc in ldb code, we do not need it anymore use talloc_free() to close and free an ldb database - some minor updates to ldb modules code to cope with the change and fix some bugs I found out during the process (This used to be commit d58be9e74b786a11a57e89df36081d55730dfe0a)
2005-02-27 14:35:47 +03:00
samdb_msg_add_string(secret_state->sam_ldb, mem_ctx, msg, "objectClass", "secret");
r4682: A LDB-based secrets implementation in Samba4. This uses LDB (a local secrets.ldb and the global samdb) to fill out the secrets from an LSA perspective. Some small changes to come, but the bulk of the work is now done. A re-provision is required after this change. Andrew Bartlett (This used to be commit ded33033521a6a1c7ea80758c5c5aeeebb182a51)
2005-01-11 17:04:58 +03:00
secret_state->secret_dn = talloc_reference(secret_state, msg->dn);
/* create the secret */
r5585: LDB interfaces change: changes: - ldb_wrap disappears from code and become a private structure of db_wrap.c thanks to our move to talloc in ldb code, we do not need to expose it anymore - removal of ldb_close() function form the code thanks to our move to talloc in ldb code, we do not need it anymore use talloc_free() to close and free an ldb database - some minor updates to ldb modules code to cope with the change and fix some bugs I found out during the process (This used to be commit d58be9e74b786a11a57e89df36081d55730dfe0a)
2005-02-27 14:35:47 +03:00
ret = samdb_add(secret_state->sam_ldb, mem_ctx, msg);
r4682: A LDB-based secrets implementation in Samba4. This uses LDB (a local secrets.ldb and the global samdb) to fill out the secrets from an LSA perspective. Some small changes to come, but the bulk of the work is now done. A re-provision is required after this change. Andrew Bartlett (This used to be commit ded33033521a6a1c7ea80758c5c5aeeebb182a51)
2005-01-11 17:04:58 +03:00
if (ret != 0) {
r16827: Factor out some code into common samdb functions: - creation of ForeignSecurityPrincipals - template duplication code Rework much of the LSA server to pass the RPC-LSA test. Much of the server code was untested. In implementing the LSA Accounts feature, I have opted to have it only create entires when privilages are applied, and not to delete entries, but to delete the privilages. We skip some parts of the test, but it is much better than not testing it at all. Andrew Bartlett (This used to be commit 10eeea6da465564ed9f785d06e2d2ed06cfe29a4)
2006-07-06 09:23:29 +04:00
DEBUG(0,("Failed to create secret record %s: %s\n",
r19832: better prototypes for the linearization functions: - ldb_dn_get_linearized returns a const string - ldb_dn_alloc_linearized allocs astring with the linearized dn (This used to be commit 3929c086d5d0b3f08b1c4f2f3f9602c3f4a9a4bd)
2006-11-22 05:05:19 +03:00
ldb_dn_get_linearized(msg->dn),
r16827: Factor out some code into common samdb functions: - creation of ForeignSecurityPrincipals - template duplication code Rework much of the LSA server to pass the RPC-LSA test. Much of the server code was untested. In implementing the LSA Accounts feature, I have opted to have it only create entires when privilages are applied, and not to delete entries, but to delete the privilages. We skip some parts of the test, but it is much better than not testing it at all. Andrew Bartlett (This used to be commit 10eeea6da465564ed9f785d06e2d2ed06cfe29a4)
2006-07-06 09:23:29 +04:00
ldb_errstring(secret_state->sam_ldb)));
r24987: Clarify error conditions in secrets handling, before I add ACLs to secrets.ldb Andrew Bartlett (This used to be commit 17a61bd5690f60d762b9c7171f1269fe1a311bab)
2007-09-07 11:31:26 +04:00
return NT_STATUS_ACCESS_DENIED;
r4682: A LDB-based secrets implementation in Samba4. This uses LDB (a local secrets.ldb and the global samdb) to fill out the secrets from an LSA perspective. Some small changes to come, but the bulk of the work is now done. A re-provision is required after this change. Andrew Bartlett (This used to be commit ded33033521a6a1c7ea80758c5c5aeeebb182a51)
2005-01-11 17:04:58 +03:00
}
handle = dcesrv_handle_new(dce_call->context, LSA_HANDLE_SECRET);
if (!handle) {
return NT_STATUS_NO_MEMORY;
}
handle->data = talloc_steal(handle, secret_state);
secret_state->access_mask = r->in.access_mask;
secret_state->policy = talloc_reference(secret_state, policy_state);
*r->out.sec_handle = handle->wire_handle;
return NT_STATUS_OK;
}
r917: - added the start of a LSA server to samba4. - added start of QueryDomainInfo in samr server "net rpc info" from samba3 now works against a samba4 server. I suspect join will work fairly soon. (This used to be commit 0a2c6a1062d0e364356853001f5f39bdb542f453)
2004-05-27 08:13:58 +04:00
/*
lsa_OpenSecret
*/
r20850: Prefix all server calls with dcesrv_ (This used to be commit 76c78b0339cd88c61a13745f7f4e037f400db21b)
2007-01-17 17:49:36 +03:00
static NTSTATUS dcesrv_lsa_OpenSecret(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
r4682: A LDB-based secrets implementation in Samba4. This uses LDB (a local secrets.ldb and the global samdb) to fill out the secrets from an LSA perspective. Some small changes to come, but the bulk of the work is now done. A re-provision is required after this change. Andrew Bartlett (This used to be commit ded33033521a6a1c7ea80758c5c5aeeebb182a51)
2005-01-11 17:04:58 +03:00
struct lsa_OpenSecret *r)
r917: - added the start of a LSA server to samba4. - added start of QueryDomainInfo in samr server "net rpc info" from samba3 now works against a samba4 server. I suspect join will work fairly soon. (This used to be commit 0a2c6a1062d0e364356853001f5f39bdb542f453)
2004-05-27 08:13:58 +04:00
{
r4682: A LDB-based secrets implementation in Samba4. This uses LDB (a local secrets.ldb and the global samdb) to fill out the secrets from an LSA perspective. Some small changes to come, but the bulk of the work is now done. A re-provision is required after this change. Andrew Bartlett (This used to be commit ded33033521a6a1c7ea80758c5c5aeeebb182a51)
2005-01-11 17:04:58 +03:00
struct dcesrv_handle *policy_handle;
struct lsa_policy_state *policy_state;
struct lsa_secret_state *secret_state;
struct dcesrv_handle *handle;
struct ldb_message **msgs;
const char *attrs[] = {
NULL
};
const char *name;
int ret;
DCESRV_PULL_HANDLE(policy_handle, r->in.handle, LSA_HANDLE_POLICY);
ZERO_STRUCTP(r->out.sec_handle);
policy_state = policy_handle->data;
if (!r->in.name.string) {
return NT_STATUS_INVALID_PARAMETER;
}
secret_state = talloc(mem_ctx, struct lsa_secret_state);
if (!secret_state) {
return NT_STATUS_NO_MEMORY;
}
r4698: - Initial implementation of trusted domains in LSA. - Use templates for Secrets and the new trusted domains - Auto-add modifiedTime, createdTime and objectGUID to records in the samdb layer. Andrew Bartlett (This used to be commit 271c8faadfe2d9e0f3d523a1cdc831f5f9e35d19)
2005-01-12 05:40:25 +03:00
secret_state->policy = policy_state;
r4682: A LDB-based secrets implementation in Samba4. This uses LDB (a local secrets.ldb and the global samdb) to fill out the secrets from an LSA perspective. Some small changes to come, but the bulk of the work is now done. A re-provision is required after this change. Andrew Bartlett (This used to be commit ded33033521a6a1c7ea80758c5c5aeeebb182a51)
2005-01-11 17:04:58 +03:00
if (strncmp("G$", r->in.name.string, 2) == 0) {
name = &r->in.name.string[2];
r5585: LDB interfaces change: changes: - ldb_wrap disappears from code and become a private structure of db_wrap.c thanks to our move to talloc in ldb code, we do not need to expose it anymore - removal of ldb_close() function form the code thanks to our move to talloc in ldb code, we do not need it anymore use talloc_free() to close and free an ldb database - some minor updates to ldb modules code to cope with the change and fix some bugs I found out during the process (This used to be commit d58be9e74b786a11a57e89df36081d55730dfe0a)
2005-02-27 14:35:47 +03:00
secret_state->sam_ldb = talloc_reference(secret_state, policy_state->sam_ldb);
r4694: 'fix' the behaviour for setting only the old, but not the new secret. (The behaviour is a little odd, but we wanted bug-for-bug, right? :-) Andrew Bartlett (This used to be commit 6a09a84320c9ab18568a66efb3839a8dcde834af)
2005-01-12 01:16:14 +03:00
secret_state->global = True;
r4682: A LDB-based secrets implementation in Samba4. This uses LDB (a local secrets.ldb and the global samdb) to fill out the secrets from an LSA perspective. Some small changes to come, but the bulk of the work is now done. A re-provision is required after this change. Andrew Bartlett (This used to be commit ded33033521a6a1c7ea80758c5c5aeeebb182a51)
2005-01-11 17:04:58 +03:00
if (strlen(name) < 1) {
return NT_STATUS_INVALID_PARAMETER;
}
/* search for the secret record */
r5988: Fix the -P option (use machine account credentials) to use the Samba4 secrets system, and not the old system from Samba3. This allowed the code from auth_domain to be shared - we now only lookup the secrets.ldb in lib/credentials.c. In order to link the resultant binary, samdb_search() has been moved from deep inside rpc_server into lib/gendb.c, along with the existing gendb_search_v(). The vast majority of this patch is the simple rename that followed, (Depending on the whole SAMDB for just this function seemed pointless, and brought in futher dependencies, such as smbencrypt.c). Andrew Bartlett (This used to be commit e13c671619bd290a8b3cae8555cb281a9a185ee0)
2005-03-23 04:30:43 +03:00
ret = gendb_search(secret_state->sam_ldb,
r4682: A LDB-based secrets implementation in Samba4. This uses LDB (a local secrets.ldb and the global samdb) to fill out the secrets from an LSA perspective. Some small changes to come, but the bulk of the work is now done. A re-provision is required after this change. Andrew Bartlett (This used to be commit ded33033521a6a1c7ea80758c5c5aeeebb182a51)
2005-01-11 17:04:58 +03:00
mem_ctx, policy_state->system_dn, &msgs, attrs,
"(&(cn=%s Secret)(objectclass=secret))",
r12361: Add a new function: ldb_binary_encode_string() This is for use on user-supplied arguments to printf style format strings which will become ldb filters. I have used it on LSA, SAMR and the auth/ code so far. Also add comments to cracknames code. Andrew Bartlett (This used to be commit 8308cf6e0472790c1c9d521d19322557907f4418)
2005-12-19 10:07:11 +03:00
ldb_binary_encode_string(mem_ctx, name));
r4682: A LDB-based secrets implementation in Samba4. This uses LDB (a local secrets.ldb and the global samdb) to fill out the secrets from an LSA perspective. Some small changes to come, but the bulk of the work is now done. A re-provision is required after this change. Andrew Bartlett (This used to be commit ded33033521a6a1c7ea80758c5c5aeeebb182a51)
2005-01-11 17:04:58 +03:00
if (ret == 0) {
return NT_STATUS_OBJECT_NAME_NOT_FOUND;
}
if (ret != 1) {
r9391: Convert all the code to use struct ldb_dn to ohandle ldap like distinguished names Provide more functions to handle DNs in this form (This used to be commit 692e35b7797e39533dd2a1c4b63d9da30f1eb5ba)
2005-08-18 19:02:01 +04:00
DEBUG(0,("Found %d records matching DN %s\n", ret,
r19832: better prototypes for the linearization functions: - ldb_dn_get_linearized returns a const string - ldb_dn_alloc_linearized allocs astring with the linearized dn (This used to be commit 3929c086d5d0b3f08b1c4f2f3f9602c3f4a9a4bd)
2006-11-22 05:05:19 +03:00
ldb_dn_get_linearized(policy_state->system_dn)));
r4682: A LDB-based secrets implementation in Samba4. This uses LDB (a local secrets.ldb and the global samdb) to fill out the secrets from an LSA perspective. Some small changes to come, but the bulk of the work is now done. A re-provision is required after this change. Andrew Bartlett (This used to be commit ded33033521a6a1c7ea80758c5c5aeeebb182a51)
2005-01-11 17:04:58 +03:00
return NT_STATUS_INTERNAL_DB_CORRUPTION;
}
} else {
r5585: LDB interfaces change: changes: - ldb_wrap disappears from code and become a private structure of db_wrap.c thanks to our move to talloc in ldb code, we do not need to expose it anymore - removal of ldb_close() function form the code thanks to our move to talloc in ldb code, we do not need it anymore use talloc_free() to close and free an ldb database - some minor updates to ldb modules code to cope with the change and fix some bugs I found out during the process (This used to be commit d58be9e74b786a11a57e89df36081d55730dfe0a)
2005-02-27 14:35:47 +03:00
secret_state->sam_ldb = talloc_reference(secret_state, secrets_db_connect(mem_ctx));
r4694: 'fix' the behaviour for setting only the old, but not the new secret. (The behaviour is a little odd, but we wanted bug-for-bug, right? :-) Andrew Bartlett (This used to be commit 6a09a84320c9ab18568a66efb3839a8dcde834af)
2005-01-12 01:16:14 +03:00
secret_state->global = False;
r4682: A LDB-based secrets implementation in Samba4. This uses LDB (a local secrets.ldb and the global samdb) to fill out the secrets from an LSA perspective. Some small changes to come, but the bulk of the work is now done. A re-provision is required after this change. Andrew Bartlett (This used to be commit ded33033521a6a1c7ea80758c5c5aeeebb182a51)
2005-01-11 17:04:58 +03:00
name = r->in.name.string;
if (strlen(name) < 1) {
return NT_STATUS_INVALID_PARAMETER;
}
/* search for the secret record */
r9391: Convert all the code to use struct ldb_dn to ohandle ldap like distinguished names Provide more functions to handle DNs in this form (This used to be commit 692e35b7797e39533dd2a1c4b63d9da30f1eb5ba)
2005-08-18 19:02:01 +04:00
ret = gendb_search(secret_state->sam_ldb, mem_ctx,
r19831: Big ldb_dn optimization and interfaces enhancement patch This patch changes a lot of the code in ldb_dn.c, and also removes and add a number of manipulation functions around. The aim is to avoid validating a dn if not necessary as the validation code is necessarily slow. This is mainly to speed up internal operations where input is not user generated and so we can assume the DNs need no validation. The code is designed to keep the data as a string if possible. The code is not yet 100% perfect, but pass all the tests so far. A memleak is certainly present, I'll work on that next. Simo. (This used to be commit a580c871d3784602a9cce32d33419e63c8236e63)
2006-11-22 03:59:34 +03:00
ldb_dn_new(mem_ctx, secret_state->sam_ldb, "cn=LSA Secrets"),
r9391: Convert all the code to use struct ldb_dn to ohandle ldap like distinguished names Provide more functions to handle DNs in this form (This used to be commit 692e35b7797e39533dd2a1c4b63d9da30f1eb5ba)
2005-08-18 19:02:01 +04:00
&msgs, attrs,
r12361: Add a new function: ldb_binary_encode_string() This is for use on user-supplied arguments to printf style format strings which will become ldb filters. I have used it on LSA, SAMR and the auth/ code so far. Also add comments to cracknames code. Andrew Bartlett (This used to be commit 8308cf6e0472790c1c9d521d19322557907f4418)
2005-12-19 10:07:11 +03:00
"(&(cn=%s)(objectclass=secret))",
ldb_binary_encode_string(mem_ctx, name));
r4682: A LDB-based secrets implementation in Samba4. This uses LDB (a local secrets.ldb and the global samdb) to fill out the secrets from an LSA perspective. Some small changes to come, but the bulk of the work is now done. A re-provision is required after this change. Andrew Bartlett (This used to be commit ded33033521a6a1c7ea80758c5c5aeeebb182a51)
2005-01-11 17:04:58 +03:00
if (ret == 0) {
return NT_STATUS_OBJECT_NAME_NOT_FOUND;
}
if (ret != 1) {
r24987: Clarify error conditions in secrets handling, before I add ACLs to secrets.ldb Andrew Bartlett (This used to be commit 17a61bd5690f60d762b9c7171f1269fe1a311bab)
2007-09-07 11:31:26 +04:00
DEBUG(0,("Found %d records matching CN=%s\n",
ret, ldb_binary_encode_string(mem_ctx, name)));
r4682: A LDB-based secrets implementation in Samba4. This uses LDB (a local secrets.ldb and the global samdb) to fill out the secrets from an LSA perspective. Some small changes to come, but the bulk of the work is now done. A re-provision is required after this change. Andrew Bartlett (This used to be commit ded33033521a6a1c7ea80758c5c5aeeebb182a51)
2005-01-11 17:04:58 +03:00
return NT_STATUS_INTERNAL_DB_CORRUPTION;
}
}
secret_state->secret_dn = talloc_reference(secret_state, msgs[0]->dn);
handle = dcesrv_handle_new(dce_call->context, LSA_HANDLE_SECRET);
if (!handle) {
return NT_STATUS_NO_MEMORY;
}
handle->data = talloc_steal(handle, secret_state);
secret_state->access_mask = r->in.access_mask;
secret_state->policy = talloc_reference(secret_state, policy_state);
*r->out.sec_handle = handle->wire_handle;
return NT_STATUS_OK;
r917: - added the start of a LSA server to samba4. - added start of QueryDomainInfo in samr server "net rpc info" from samba3 now works against a samba4 server. I suspect join will work fairly soon. (This used to be commit 0a2c6a1062d0e364356853001f5f39bdb542f453)
2004-05-27 08:13:58 +04:00
}
/*
lsa_SetSecret
*/
r20850: Prefix all server calls with dcesrv_ (This used to be commit 76c78b0339cd88c61a13745f7f4e037f400db21b)
2007-01-17 17:49:36 +03:00
static NTSTATUS dcesrv_lsa_SetSecret(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
r4682: A LDB-based secrets implementation in Samba4. This uses LDB (a local secrets.ldb and the global samdb) to fill out the secrets from an LSA perspective. Some small changes to come, but the bulk of the work is now done. A re-provision is required after this change. Andrew Bartlett (This used to be commit ded33033521a6a1c7ea80758c5c5aeeebb182a51)
2005-01-11 17:04:58 +03:00
struct lsa_SetSecret *r)
r917: - added the start of a LSA server to samba4. - added start of QueryDomainInfo in samr server "net rpc info" from samba3 now works against a samba4 server. I suspect join will work fairly soon. (This used to be commit 0a2c6a1062d0e364356853001f5f39bdb542f453)
2004-05-27 08:13:58 +04:00
{
r4682: A LDB-based secrets implementation in Samba4. This uses LDB (a local secrets.ldb and the global samdb) to fill out the secrets from an LSA perspective. Some small changes to come, but the bulk of the work is now done. A re-provision is required after this change. Andrew Bartlett (This used to be commit ded33033521a6a1c7ea80758c5c5aeeebb182a51)
2005-01-11 17:04:58 +03:00
struct dcesrv_handle *h;
struct lsa_secret_state *secret_state;
struct ldb_message *msg;
DATA_BLOB session_key;
DATA_BLOB crypt_secret, secret;
struct ldb_val val;
int ret;
NTSTATUS status = NT_STATUS_OK;
struct timeval now = timeval_current();
NTTIME nt_now = timeval_to_nttime(&now);
DCESRV_PULL_HANDLE(h, r->in.sec_handle, LSA_HANDLE_SECRET);
secret_state = h->data;
msg = ldb_msg_new(mem_ctx);
if (msg == NULL) {
return NT_STATUS_NO_MEMORY;
}
msg->dn = talloc_reference(mem_ctx, secret_state->secret_dn);
if (!msg->dn) {
return NT_STATUS_NO_MEMORY;
}
status = dcesrv_fetch_session_key(dce_call->conn, &session_key);
if (!NT_STATUS_IS_OK(status)) {
return status;
}
if (r->in.old_val) {
/* Decrypt */
crypt_secret.data = r->in.old_val->data;
crypt_secret.length = r->in.old_val->size;
status = sess_decrypt_blob(mem_ctx, &crypt_secret, &session_key, &secret);
if (!NT_STATUS_IS_OK(status)) {
return status;
}
val.data = secret.data;
val.length = secret.length;
/* set value */
r5585: LDB interfaces change: changes: - ldb_wrap disappears from code and become a private structure of db_wrap.c thanks to our move to talloc in ldb code, we do not need to expose it anymore - removal of ldb_close() function form the code thanks to our move to talloc in ldb code, we do not need it anymore use talloc_free() to close and free an ldb database - some minor updates to ldb modules code to cope with the change and fix some bugs I found out during the process (This used to be commit d58be9e74b786a11a57e89df36081d55730dfe0a)
2005-02-27 14:35:47 +03:00
if (samdb_msg_add_value(secret_state->sam_ldb,
r18364: Get us closer to schema compliance. The corrent names for "secret" and "priorSecret" are "currentValue" and "priorValue". With this, we pass RPC-LSA against OpenLDAP. Andrew Bartlett (This used to be commit 4380bcaaee74a0aa1a83540bf39793c4aeab4068)
2006-09-11 10:29:58 +04:00
mem_ctx, msg, "priorValue", &val) != 0) {
r4682: A LDB-based secrets implementation in Samba4. This uses LDB (a local secrets.ldb and the global samdb) to fill out the secrets from an LSA perspective. Some small changes to come, but the bulk of the work is now done. A re-provision is required after this change. Andrew Bartlett (This used to be commit ded33033521a6a1c7ea80758c5c5aeeebb182a51)
2005-01-11 17:04:58 +03:00
return NT_STATUS_NO_MEMORY;
}
/* set old value mtime */
r5585: LDB interfaces change: changes: - ldb_wrap disappears from code and become a private structure of db_wrap.c thanks to our move to talloc in ldb code, we do not need to expose it anymore - removal of ldb_close() function form the code thanks to our move to talloc in ldb code, we do not need it anymore use talloc_free() to close and free an ldb database - some minor updates to ldb modules code to cope with the change and fix some bugs I found out during the process (This used to be commit d58be9e74b786a11a57e89df36081d55730dfe0a)
2005-02-27 14:35:47 +03:00
if (samdb_msg_add_uint64(secret_state->sam_ldb,
r4682: A LDB-based secrets implementation in Samba4. This uses LDB (a local secrets.ldb and the global samdb) to fill out the secrets from an LSA perspective. Some small changes to come, but the bulk of the work is now done. A re-provision is required after this change. Andrew Bartlett (This used to be commit ded33033521a6a1c7ea80758c5c5aeeebb182a51)
2005-01-11 17:04:58 +03:00
mem_ctx, msg, "priorSetTime", nt_now) != 0) {
return NT_STATUS_NO_MEMORY;
}
r4694: 'fix' the behaviour for setting only the old, but not the new secret. (The behaviour is a little odd, but we wanted bug-for-bug, right? :-) Andrew Bartlett (This used to be commit 6a09a84320c9ab18568a66efb3839a8dcde834af)
2005-01-12 01:16:14 +03:00
if (!r->in.new_val) {
/* This behaviour varies depending of if this is a local, or a global secret... */
if (secret_state->global) {
/* set old value mtime */
r5585: LDB interfaces change: changes: - ldb_wrap disappears from code and become a private structure of db_wrap.c thanks to our move to talloc in ldb code, we do not need to expose it anymore - removal of ldb_close() function form the code thanks to our move to talloc in ldb code, we do not need it anymore use talloc_free() to close and free an ldb database - some minor updates to ldb modules code to cope with the change and fix some bugs I found out during the process (This used to be commit d58be9e74b786a11a57e89df36081d55730dfe0a)
2005-02-27 14:35:47 +03:00
if (samdb_msg_add_uint64(secret_state->sam_ldb,
r4694: 'fix' the behaviour for setting only the old, but not the new secret. (The behaviour is a little odd, but we wanted bug-for-bug, right? :-) Andrew Bartlett (This used to be commit 6a09a84320c9ab18568a66efb3839a8dcde834af)
2005-01-12 01:16:14 +03:00
mem_ctx, msg, "lastSetTime", nt_now) != 0) {
return NT_STATUS_NO_MEMORY;
}
} else {
r5585: LDB interfaces change: changes: - ldb_wrap disappears from code and become a private structure of db_wrap.c thanks to our move to talloc in ldb code, we do not need to expose it anymore - removal of ldb_close() function form the code thanks to our move to talloc in ldb code, we do not need it anymore use talloc_free() to close and free an ldb database - some minor updates to ldb modules code to cope with the change and fix some bugs I found out during the process (This used to be commit d58be9e74b786a11a57e89df36081d55730dfe0a)
2005-02-27 14:35:47 +03:00
if (samdb_msg_add_delete(secret_state->sam_ldb,
r18364: Get us closer to schema compliance. The corrent names for "secret" and "priorSecret" are "currentValue" and "priorValue". With this, we pass RPC-LSA against OpenLDAP. Andrew Bartlett (This used to be commit 4380bcaaee74a0aa1a83540bf39793c4aeab4068)
2006-09-11 10:29:58 +04:00
mem_ctx, msg, "currentValue")) {
r4694: 'fix' the behaviour for setting only the old, but not the new secret. (The behaviour is a little odd, but we wanted bug-for-bug, right? :-) Andrew Bartlett (This used to be commit 6a09a84320c9ab18568a66efb3839a8dcde834af)
2005-01-12 01:16:14 +03:00
return NT_STATUS_NO_MEMORY;
}
r5585: LDB interfaces change: changes: - ldb_wrap disappears from code and become a private structure of db_wrap.c thanks to our move to talloc in ldb code, we do not need to expose it anymore - removal of ldb_close() function form the code thanks to our move to talloc in ldb code, we do not need it anymore use talloc_free() to close and free an ldb database - some minor updates to ldb modules code to cope with the change and fix some bugs I found out during the process (This used to be commit d58be9e74b786a11a57e89df36081d55730dfe0a)
2005-02-27 14:35:47 +03:00
if (samdb_msg_add_delete(secret_state->sam_ldb,
r4694: 'fix' the behaviour for setting only the old, but not the new secret. (The behaviour is a little odd, but we wanted bug-for-bug, right? :-) Andrew Bartlett (This used to be commit 6a09a84320c9ab18568a66efb3839a8dcde834af)
2005-01-12 01:16:14 +03:00
mem_ctx, msg, "lastSetTime")) {
return NT_STATUS_NO_MEMORY;
}
}
}
r4682: A LDB-based secrets implementation in Samba4. This uses LDB (a local secrets.ldb and the global samdb) to fill out the secrets from an LSA perspective. Some small changes to come, but the bulk of the work is now done. A re-provision is required after this change. Andrew Bartlett (This used to be commit ded33033521a6a1c7ea80758c5c5aeeebb182a51)
2005-01-11 17:04:58 +03:00
}
if (r->in.new_val) {
/* Decrypt */
crypt_secret.data = r->in.new_val->data;
crypt_secret.length = r->in.new_val->size;
status = sess_decrypt_blob(mem_ctx, &crypt_secret, &session_key, &secret);
if (!NT_STATUS_IS_OK(status)) {
return status;
}
val.data = secret.data;
val.length = secret.length;
/* set value */
r5585: LDB interfaces change: changes: - ldb_wrap disappears from code and become a private structure of db_wrap.c thanks to our move to talloc in ldb code, we do not need to expose it anymore - removal of ldb_close() function form the code thanks to our move to talloc in ldb code, we do not need it anymore use talloc_free() to close and free an ldb database - some minor updates to ldb modules code to cope with the change and fix some bugs I found out during the process (This used to be commit d58be9e74b786a11a57e89df36081d55730dfe0a)
2005-02-27 14:35:47 +03:00
if (samdb_msg_add_value(secret_state->sam_ldb,
r18364: Get us closer to schema compliance. The corrent names for "secret" and "priorSecret" are "currentValue" and "priorValue". With this, we pass RPC-LSA against OpenLDAP. Andrew Bartlett (This used to be commit 4380bcaaee74a0aa1a83540bf39793c4aeab4068)
2006-09-11 10:29:58 +04:00
mem_ctx, msg, "currentValue", &val) != 0) {
r4682: A LDB-based secrets implementation in Samba4. This uses LDB (a local secrets.ldb and the global samdb) to fill out the secrets from an LSA perspective. Some small changes to come, but the bulk of the work is now done. A re-provision is required after this change. Andrew Bartlett (This used to be commit ded33033521a6a1c7ea80758c5c5aeeebb182a51)
2005-01-11 17:04:58 +03:00
return NT_STATUS_NO_MEMORY;
}
/* set new value mtime */
r5585: LDB interfaces change: changes: - ldb_wrap disappears from code and become a private structure of db_wrap.c thanks to our move to talloc in ldb code, we do not need to expose it anymore - removal of ldb_close() function form the code thanks to our move to talloc in ldb code, we do not need it anymore use talloc_free() to close and free an ldb database - some minor updates to ldb modules code to cope with the change and fix some bugs I found out during the process (This used to be commit d58be9e74b786a11a57e89df36081d55730dfe0a)
2005-02-27 14:35:47 +03:00
if (samdb_msg_add_uint64(secret_state->sam_ldb,
r4682: A LDB-based secrets implementation in Samba4. This uses LDB (a local secrets.ldb and the global samdb) to fill out the secrets from an LSA perspective. Some small changes to come, but the bulk of the work is now done. A re-provision is required after this change. Andrew Bartlett (This used to be commit ded33033521a6a1c7ea80758c5c5aeeebb182a51)
2005-01-11 17:04:58 +03:00
mem_ctx, msg, "lastSetTime", nt_now) != 0) {
return NT_STATUS_NO_MEMORY;
}
/* If the old value is not set, then migrate the
* current value to the old value */
if (!r->in.old_val) {
const struct ldb_val *new_val;
NTTIME last_set_time;
struct ldb_message **res;
const char *attrs[] = {
r18364: Get us closer to schema compliance. The corrent names for "secret" and "priorSecret" are "currentValue" and "priorValue". With this, we pass RPC-LSA against OpenLDAP. Andrew Bartlett (This used to be commit 4380bcaaee74a0aa1a83540bf39793c4aeab4068)
2006-09-11 10:29:58 +04:00
"currentValue",
r4682: A LDB-based secrets implementation in Samba4. This uses LDB (a local secrets.ldb and the global samdb) to fill out the secrets from an LSA perspective. Some small changes to come, but the bulk of the work is now done. A re-provision is required after this change. Andrew Bartlett (This used to be commit ded33033521a6a1c7ea80758c5c5aeeebb182a51)
2005-01-11 17:04:58 +03:00
"lastSetTime",
NULL
};
/* search for the secret record */
r7582: Better way to have a fast path searching for a specific DN. Old way was ugly and had a bug, you couldn't add an attribute named dn or distinguishedName and search for it, tdb would change that search in a dn search. This makes it also possible to search by dn against an ldap server as the old method was not supported by ldap syntaxes. sss (This used to be commit a614466dec2484a0d39bdfae53da822cfcf80926)
2005-06-14 23:15:17 +04:00
ret = gendb_search_dn(secret_state->sam_ldb,mem_ctx,
secret_state->secret_dn, &res, attrs);
r4682: A LDB-based secrets implementation in Samba4. This uses LDB (a local secrets.ldb and the global samdb) to fill out the secrets from an LSA perspective. Some small changes to come, but the bulk of the work is now done. A re-provision is required after this change. Andrew Bartlett (This used to be commit ded33033521a6a1c7ea80758c5c5aeeebb182a51)
2005-01-11 17:04:58 +03:00
if (ret == 0) {
return NT_STATUS_OBJECT_NAME_NOT_FOUND;
}
if (ret != 1) {
r9391: Convert all the code to use struct ldb_dn to ohandle ldap like distinguished names Provide more functions to handle DNs in this form (This used to be commit 692e35b7797e39533dd2a1c4b63d9da30f1eb5ba)
2005-08-18 19:02:01 +04:00
DEBUG(0,("Found %d records matching dn=%s\n", ret,
r19832: better prototypes for the linearization functions: - ldb_dn_get_linearized returns a const string - ldb_dn_alloc_linearized allocs astring with the linearized dn (This used to be commit 3929c086d5d0b3f08b1c4f2f3f9602c3f4a9a4bd)
2006-11-22 05:05:19 +03:00
ldb_dn_get_linearized(secret_state->secret_dn)));
r4682: A LDB-based secrets implementation in Samba4. This uses LDB (a local secrets.ldb and the global samdb) to fill out the secrets from an LSA perspective. Some small changes to come, but the bulk of the work is now done. A re-provision is required after this change. Andrew Bartlett (This used to be commit ded33033521a6a1c7ea80758c5c5aeeebb182a51)
2005-01-11 17:04:58 +03:00
return NT_STATUS_INTERNAL_DB_CORRUPTION;
}
r18364: Get us closer to schema compliance. The corrent names for "secret" and "priorSecret" are "currentValue" and "priorValue". With this, we pass RPC-LSA against OpenLDAP. Andrew Bartlett (This used to be commit 4380bcaaee74a0aa1a83540bf39793c4aeab4068)
2006-09-11 10:29:58 +04:00
new_val = ldb_msg_find_ldb_val(res[0], "currentValue");
r17516: Change helper function names to make more clear what they are meant to do (This used to be commit ad75cf869550af66119d0293503024d41d834e02)
2006-08-13 12:00:36 +04:00
last_set_time = ldb_msg_find_attr_as_uint64(res[0], "lastSetTime", 0);
r4682: A LDB-based secrets implementation in Samba4. This uses LDB (a local secrets.ldb and the global samdb) to fill out the secrets from an LSA perspective. Some small changes to come, but the bulk of the work is now done. A re-provision is required after this change. Andrew Bartlett (This used to be commit ded33033521a6a1c7ea80758c5c5aeeebb182a51)
2005-01-11 17:04:58 +03:00
if (new_val) {
/* set value */
r5585: LDB interfaces change: changes: - ldb_wrap disappears from code and become a private structure of db_wrap.c thanks to our move to talloc in ldb code, we do not need to expose it anymore - removal of ldb_close() function form the code thanks to our move to talloc in ldb code, we do not need it anymore use talloc_free() to close and free an ldb database - some minor updates to ldb modules code to cope with the change and fix some bugs I found out during the process (This used to be commit d58be9e74b786a11a57e89df36081d55730dfe0a)
2005-02-27 14:35:47 +03:00
if (samdb_msg_add_value(secret_state->sam_ldb,
r18364: Get us closer to schema compliance. The corrent names for "secret" and "priorSecret" are "currentValue" and "priorValue". With this, we pass RPC-LSA against OpenLDAP. Andrew Bartlett (This used to be commit 4380bcaaee74a0aa1a83540bf39793c4aeab4068)
2006-09-11 10:29:58 +04:00
mem_ctx, msg, "priorValue",
r4682: A LDB-based secrets implementation in Samba4. This uses LDB (a local secrets.ldb and the global samdb) to fill out the secrets from an LSA perspective. Some small changes to come, but the bulk of the work is now done. A re-provision is required after this change. Andrew Bartlett (This used to be commit ded33033521a6a1c7ea80758c5c5aeeebb182a51)
2005-01-11 17:04:58 +03:00
new_val) != 0) {
return NT_STATUS_NO_MEMORY;
}
}
/* set new value mtime */
if (ldb_msg_find_ldb_val(res[0], "lastSetTime")) {
r5585: LDB interfaces change: changes: - ldb_wrap disappears from code and become a private structure of db_wrap.c thanks to our move to talloc in ldb code, we do not need to expose it anymore - removal of ldb_close() function form the code thanks to our move to talloc in ldb code, we do not need it anymore use talloc_free() to close and free an ldb database - some minor updates to ldb modules code to cope with the change and fix some bugs I found out during the process (This used to be commit d58be9e74b786a11a57e89df36081d55730dfe0a)
2005-02-27 14:35:47 +03:00
if (samdb_msg_add_uint64(secret_state->sam_ldb,
r4682: A LDB-based secrets implementation in Samba4. This uses LDB (a local secrets.ldb and the global samdb) to fill out the secrets from an LSA perspective. Some small changes to come, but the bulk of the work is now done. A re-provision is required after this change. Andrew Bartlett (This used to be commit ded33033521a6a1c7ea80758c5c5aeeebb182a51)
2005-01-11 17:04:58 +03:00
mem_ctx, msg, "priorSetTime", last_set_time) != 0) {
return NT_STATUS_NO_MEMORY;
}
}
}
}
/* modify the samdb record */
r5585: LDB interfaces change: changes: - ldb_wrap disappears from code and become a private structure of db_wrap.c thanks to our move to talloc in ldb code, we do not need to expose it anymore - removal of ldb_close() function form the code thanks to our move to talloc in ldb code, we do not need it anymore use talloc_free() to close and free an ldb database - some minor updates to ldb modules code to cope with the change and fix some bugs I found out during the process (This used to be commit d58be9e74b786a11a57e89df36081d55730dfe0a)
2005-02-27 14:35:47 +03:00
ret = samdb_replace(secret_state->sam_ldb, mem_ctx, msg);
r4682: A LDB-based secrets implementation in Samba4. This uses LDB (a local secrets.ldb and the global samdb) to fill out the secrets from an LSA perspective. Some small changes to come, but the bulk of the work is now done. A re-provision is required after this change. Andrew Bartlett (This used to be commit ded33033521a6a1c7ea80758c5c5aeeebb182a51)
2005-01-11 17:04:58 +03:00
if (ret != 0) {
/* we really need samdb.c to return NTSTATUS */
return NT_STATUS_UNSUCCESSFUL;
}
return NT_STATUS_OK;
r917: - added the start of a LSA server to samba4. - added start of QueryDomainInfo in samr server "net rpc info" from samba3 now works against a samba4 server. I suspect join will work fairly soon. (This used to be commit 0a2c6a1062d0e364356853001f5f39bdb542f453)
2004-05-27 08:13:58 +04:00
}
/*
lsa_QuerySecret
*/
r20850: Prefix all server calls with dcesrv_ (This used to be commit 76c78b0339cd88c61a13745f7f4e037f400db21b)
2007-01-17 17:49:36 +03:00
static NTSTATUS dcesrv_lsa_QuerySecret(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
r4682: A LDB-based secrets implementation in Samba4. This uses LDB (a local secrets.ldb and the global samdb) to fill out the secrets from an LSA perspective. Some small changes to come, but the bulk of the work is now done. A re-provision is required after this change. Andrew Bartlett (This used to be commit ded33033521a6a1c7ea80758c5c5aeeebb182a51)
2005-01-11 17:04:58 +03:00
struct lsa_QuerySecret *r)
r917: - added the start of a LSA server to samba4. - added start of QueryDomainInfo in samr server "net rpc info" from samba3 now works against a samba4 server. I suspect join will work fairly soon. (This used to be commit 0a2c6a1062d0e364356853001f5f39bdb542f453)
2004-05-27 08:13:58 +04:00
{
r4682: A LDB-based secrets implementation in Samba4. This uses LDB (a local secrets.ldb and the global samdb) to fill out the secrets from an LSA perspective. Some small changes to come, but the bulk of the work is now done. A re-provision is required after this change. Andrew Bartlett (This used to be commit ded33033521a6a1c7ea80758c5c5aeeebb182a51)
2005-01-11 17:04:58 +03:00
struct dcesrv_handle *h;
struct lsa_secret_state *secret_state;
struct ldb_message *msg;
DATA_BLOB session_key;
DATA_BLOB crypt_secret, secret;
int ret;
struct ldb_message **res;
const char *attrs[] = {
r18364: Get us closer to schema compliance. The corrent names for "secret" and "priorSecret" are "currentValue" and "priorValue". With this, we pass RPC-LSA against OpenLDAP. Andrew Bartlett (This used to be commit 4380bcaaee74a0aa1a83540bf39793c4aeab4068)
2006-09-11 10:29:58 +04:00
"currentValue",
"priorValue",
r4682: A LDB-based secrets implementation in Samba4. This uses LDB (a local secrets.ldb and the global samdb) to fill out the secrets from an LSA perspective. Some small changes to come, but the bulk of the work is now done. A re-provision is required after this change. Andrew Bartlett (This used to be commit ded33033521a6a1c7ea80758c5c5aeeebb182a51)
2005-01-11 17:04:58 +03:00
"lastSetTime",
"priorSetTime",
NULL
};
NTSTATUS nt_status;
DCESRV_PULL_HANDLE(h, r->in.sec_handle, LSA_HANDLE_SECRET);
secret_state = h->data;
/* pull all the user attributes */
r7582: Better way to have a fast path searching for a specific DN. Old way was ugly and had a bug, you couldn't add an attribute named dn or distinguishedName and search for it, tdb would change that search in a dn search. This makes it also possible to search by dn against an ldap server as the old method was not supported by ldap syntaxes. sss (This used to be commit a614466dec2484a0d39bdfae53da822cfcf80926)
2005-06-14 23:15:17 +04:00
ret = gendb_search_dn(secret_state->sam_ldb, mem_ctx,
secret_state->secret_dn, &res, attrs);
r4682: A LDB-based secrets implementation in Samba4. This uses LDB (a local secrets.ldb and the global samdb) to fill out the secrets from an LSA perspective. Some small changes to come, but the bulk of the work is now done. A re-provision is required after this change. Andrew Bartlett (This used to be commit ded33033521a6a1c7ea80758c5c5aeeebb182a51)
2005-01-11 17:04:58 +03:00
if (ret != 1) {
return NT_STATUS_INTERNAL_DB_CORRUPTION;
}
msg = res[0];
nt_status = dcesrv_fetch_session_key(dce_call->conn, &session_key);
if (!NT_STATUS_IS_OK(nt_status)) {
return nt_status;
}
if (r->in.old_val) {
const struct ldb_val *prior_val;
r4694: 'fix' the behaviour for setting only the old, but not the new secret. (The behaviour is a little odd, but we wanted bug-for-bug, right? :-) Andrew Bartlett (This used to be commit 6a09a84320c9ab18568a66efb3839a8dcde834af)
2005-01-12 01:16:14 +03:00
r->out.old_val = talloc_zero(mem_ctx, struct lsa_DATA_BUF_PTR);
if (!r->out.old_val) {
return NT_STATUS_NO_MEMORY;
}
r18364: Get us closer to schema compliance. The corrent names for "secret" and "priorSecret" are "currentValue" and "priorValue". With this, we pass RPC-LSA against OpenLDAP. Andrew Bartlett (This used to be commit 4380bcaaee74a0aa1a83540bf39793c4aeab4068)
2006-09-11 10:29:58 +04:00
prior_val = ldb_msg_find_ldb_val(res[0], "priorValue");
r4682: A LDB-based secrets implementation in Samba4. This uses LDB (a local secrets.ldb and the global samdb) to fill out the secrets from an LSA perspective. Some small changes to come, but the bulk of the work is now done. A re-provision is required after this change. Andrew Bartlett (This used to be commit ded33033521a6a1c7ea80758c5c5aeeebb182a51)
2005-01-11 17:04:58 +03:00
if (prior_val && prior_val->length) {
secret.data = prior_val->data;
secret.length = prior_val->length;
r19682: Fix comments. Andrew Bartlett (This used to be commit 4c349f44f8a018e1ad6ed8e92c5083abc4979324)
2006-11-13 06:20:24 +03:00
/* Encrypt */
r4682: A LDB-based secrets implementation in Samba4. This uses LDB (a local secrets.ldb and the global samdb) to fill out the secrets from an LSA perspective. Some small changes to come, but the bulk of the work is now done. A re-provision is required after this change. Andrew Bartlett (This used to be commit ded33033521a6a1c7ea80758c5c5aeeebb182a51)
2005-01-11 17:04:58 +03:00
crypt_secret = sess_encrypt_blob(mem_ctx, &secret, &session_key);
if (!crypt_secret.length) {
return NT_STATUS_NO_MEMORY;
}
r->out.old_val->buf = talloc(mem_ctx, struct lsa_DATA_BUF);
r4694: 'fix' the behaviour for setting only the old, but not the new secret. (The behaviour is a little odd, but we wanted bug-for-bug, right? :-) Andrew Bartlett (This used to be commit 6a09a84320c9ab18568a66efb3839a8dcde834af)
2005-01-12 01:16:14 +03:00
if (!r->out.old_val->buf) {
return NT_STATUS_NO_MEMORY;
}
r4682: A LDB-based secrets implementation in Samba4. This uses LDB (a local secrets.ldb and the global samdb) to fill out the secrets from an LSA perspective. Some small changes to come, but the bulk of the work is now done. A re-provision is required after this change. Andrew Bartlett (This used to be commit ded33033521a6a1c7ea80758c5c5aeeebb182a51)
2005-01-11 17:04:58 +03:00
r->out.old_val->buf->size = crypt_secret.length;
r->out.old_val->buf->length = crypt_secret.length;
r->out.old_val->buf->data = crypt_secret.data;
}
}
if (r->in.old_mtime) {
r5034: - added a type mapping function in pidl, so the type names in our IDL files don't need to match the type names in the generated headers - with this type mapping we no longer need definitions for the deprecated "int32", "uint8" etc form of types. We can now force everyone to use the standard types int32_t, uint8_t etc. - fixed all the code that used the deprecated types - converted the IDL types "int64" and "uint64" to "dlong" and "udlong". These are the 4 byte aligned 64 bit integers that Microsoft internally define as two 32 bit integers in a structure. After discussions with Ronnie Sahlberg we decided that calling these "int64" was confusing, as it implied a true 8 byte aligned type - fixed all the cases where we incorrectly used things like "NTTIME_hyper" in our C code. The generated API now uses a NTTIME for those. The fact that it is hyper-aligned on the wire is not relevant to the API, and should remain just a IDL property (This used to be commit f86521677d7ff16bdc4815f9524e5286026f10f3)
2005-01-27 09:16:59 +03:00
r->out.old_mtime = talloc(mem_ctx, NTTIME);
r4682: A LDB-based secrets implementation in Samba4. This uses LDB (a local secrets.ldb and the global samdb) to fill out the secrets from an LSA perspective. Some small changes to come, but the bulk of the work is now done. A re-provision is required after this change. Andrew Bartlett (This used to be commit ded33033521a6a1c7ea80758c5c5aeeebb182a51)
2005-01-11 17:04:58 +03:00
if (!r->out.old_mtime) {
return NT_STATUS_NO_MEMORY;
}
r17516: Change helper function names to make more clear what they are meant to do (This used to be commit ad75cf869550af66119d0293503024d41d834e02)
2006-08-13 12:00:36 +04:00
*r->out.old_mtime = ldb_msg_find_attr_as_uint64(res[0], "priorSetTime", 0);
r4682: A LDB-based secrets implementation in Samba4. This uses LDB (a local secrets.ldb and the global samdb) to fill out the secrets from an LSA perspective. Some small changes to come, but the bulk of the work is now done. A re-provision is required after this change. Andrew Bartlett (This used to be commit ded33033521a6a1c7ea80758c5c5aeeebb182a51)
2005-01-11 17:04:58 +03:00
}
if (r->in.new_val) {
const struct ldb_val *new_val;
r4694: 'fix' the behaviour for setting only the old, but not the new secret. (The behaviour is a little odd, but we wanted bug-for-bug, right? :-) Andrew Bartlett (This used to be commit 6a09a84320c9ab18568a66efb3839a8dcde834af)
2005-01-12 01:16:14 +03:00
r->out.new_val = talloc_zero(mem_ctx, struct lsa_DATA_BUF_PTR);
if (!r->out.new_val) {
return NT_STATUS_NO_MEMORY;
}
r18364: Get us closer to schema compliance. The corrent names for "secret" and "priorSecret" are "currentValue" and "priorValue". With this, we pass RPC-LSA against OpenLDAP. Andrew Bartlett (This used to be commit 4380bcaaee74a0aa1a83540bf39793c4aeab4068)
2006-09-11 10:29:58 +04:00
new_val = ldb_msg_find_ldb_val(res[0], "currentValue");
r4682: A LDB-based secrets implementation in Samba4. This uses LDB (a local secrets.ldb and the global samdb) to fill out the secrets from an LSA perspective. Some small changes to come, but the bulk of the work is now done. A re-provision is required after this change. Andrew Bartlett (This used to be commit ded33033521a6a1c7ea80758c5c5aeeebb182a51)
2005-01-11 17:04:58 +03:00
if (new_val && new_val->length) {
secret.data = new_val->data;
secret.length = new_val->length;
r19682: Fix comments. Andrew Bartlett (This used to be commit 4c349f44f8a018e1ad6ed8e92c5083abc4979324)
2006-11-13 06:20:24 +03:00
/* Encrypt */
r4682: A LDB-based secrets implementation in Samba4. This uses LDB (a local secrets.ldb and the global samdb) to fill out the secrets from an LSA perspective. Some small changes to come, but the bulk of the work is now done. A re-provision is required after this change. Andrew Bartlett (This used to be commit ded33033521a6a1c7ea80758c5c5aeeebb182a51)
2005-01-11 17:04:58 +03:00
crypt_secret = sess_encrypt_blob(mem_ctx, &secret, &session_key);
if (!crypt_secret.length) {
return NT_STATUS_NO_MEMORY;
}
r->out.new_val->buf = talloc(mem_ctx, struct lsa_DATA_BUF);
r4694: 'fix' the behaviour for setting only the old, but not the new secret. (The behaviour is a little odd, but we wanted bug-for-bug, right? :-) Andrew Bartlett (This used to be commit 6a09a84320c9ab18568a66efb3839a8dcde834af)
2005-01-12 01:16:14 +03:00
if (!r->out.new_val->buf) {
return NT_STATUS_NO_MEMORY;
}
r4682: A LDB-based secrets implementation in Samba4. This uses LDB (a local secrets.ldb and the global samdb) to fill out the secrets from an LSA perspective. Some small changes to come, but the bulk of the work is now done. A re-provision is required after this change. Andrew Bartlett (This used to be commit ded33033521a6a1c7ea80758c5c5aeeebb182a51)
2005-01-11 17:04:58 +03:00
r->out.new_val->buf->length = crypt_secret.length;
r->out.new_val->buf->size = crypt_secret.length;
r->out.new_val->buf->data = crypt_secret.data;
}
}
if (r->in.new_mtime) {
r5034: - added a type mapping function in pidl, so the type names in our IDL files don't need to match the type names in the generated headers - with this type mapping we no longer need definitions for the deprecated "int32", "uint8" etc form of types. We can now force everyone to use the standard types int32_t, uint8_t etc. - fixed all the code that used the deprecated types - converted the IDL types "int64" and "uint64" to "dlong" and "udlong". These are the 4 byte aligned 64 bit integers that Microsoft internally define as two 32 bit integers in a structure. After discussions with Ronnie Sahlberg we decided that calling these "int64" was confusing, as it implied a true 8 byte aligned type - fixed all the cases where we incorrectly used things like "NTTIME_hyper" in our C code. The generated API now uses a NTTIME for those. The fact that it is hyper-aligned on the wire is not relevant to the API, and should remain just a IDL property (This used to be commit f86521677d7ff16bdc4815f9524e5286026f10f3)
2005-01-27 09:16:59 +03:00
r->out.new_mtime = talloc(mem_ctx, NTTIME);
r4682: A LDB-based secrets implementation in Samba4. This uses LDB (a local secrets.ldb and the global samdb) to fill out the secrets from an LSA perspective. Some small changes to come, but the bulk of the work is now done. A re-provision is required after this change. Andrew Bartlett (This used to be commit ded33033521a6a1c7ea80758c5c5aeeebb182a51)
2005-01-11 17:04:58 +03:00
if (!r->out.new_mtime) {
return NT_STATUS_NO_MEMORY;
}
r17516: Change helper function names to make more clear what they are meant to do (This used to be commit ad75cf869550af66119d0293503024d41d834e02)
2006-08-13 12:00:36 +04:00
*r->out.new_mtime = ldb_msg_find_attr_as_uint64(res[0], "lastSetTime", 0);
r4682: A LDB-based secrets implementation in Samba4. This uses LDB (a local secrets.ldb and the global samdb) to fill out the secrets from an LSA perspective. Some small changes to come, but the bulk of the work is now done. A re-provision is required after this change. Andrew Bartlett (This used to be commit ded33033521a6a1c7ea80758c5c5aeeebb182a51)
2005-01-11 17:04:58 +03:00
}
return NT_STATUS_OK;
r917: - added the start of a LSA server to samba4. - added start of QueryDomainInfo in samr server "net rpc info" from samba3 now works against a samba4 server. I suspect join will work fairly soon. (This used to be commit 0a2c6a1062d0e364356853001f5f39bdb542f453)
2004-05-27 08:13:58 +04:00
}
/*
r1814: Fix the build. Tridge, in rpc_epmapper.c there's a whole bunch of "return NT_STATUS_NOT_IMPLEMENTED". You told me that's wrong, you should generate the correct fault pdu. Or is epmapper special in that respect? Volker (This used to be commit 48df39c133cd08f1eb8007c7986a675f129d0cae)
2004-08-14 05:11:34 +04:00
lsa_LookupPrivValue
r917: - added the start of a LSA server to samba4. - added start of QueryDomainInfo in samr server "net rpc info" from samba3 now works against a samba4 server. I suspect join will work fairly soon. (This used to be commit 0a2c6a1062d0e364356853001f5f39bdb542f453)
2004-05-27 08:13:58 +04:00
*/
r20850: Prefix all server calls with dcesrv_ (This used to be commit 76c78b0339cd88c61a13745f7f4e037f400db21b)
2007-01-17 17:49:36 +03:00
static NTSTATUS dcesrv_lsa_LookupPrivValue(struct dcesrv_call_state *dce_call,
r4195: added IDL, test suite and server side code for lsa_LookupPrivValue (This used to be commit 7bddd4740332017bb5f4bddcc9ba0234d05378bd)
2004-12-14 08:32:51 +03:00
TALLOC_CTX *mem_ctx,
struct lsa_LookupPrivValue *r)
r917: - added the start of a LSA server to samba4. - added start of QueryDomainInfo in samr server "net rpc info" from samba3 now works against a samba4 server. I suspect join will work fairly soon. (This used to be commit 0a2c6a1062d0e364356853001f5f39bdb542f453)
2004-05-27 08:13:58 +04:00
{
r4195: added IDL, test suite and server side code for lsa_LookupPrivValue (This used to be commit 7bddd4740332017bb5f4bddcc9ba0234d05378bd)
2004-12-14 08:32:51 +03:00
struct dcesrv_handle *h;
struct lsa_policy_state *state;
int id;
DCESRV_PULL_HANDLE(h, r->in.handle, LSA_HANDLE_POLICY);
state = h->data;
id = sec_privilege_id(r->in.name->string);
if (id == -1) {
return NT_STATUS_NO_SUCH_PRIVILEGE;
}
r->out.luid->low = id;
r->out.luid->high = 0;
return NT_STATUS_OK;
r917: - added the start of a LSA server to samba4. - added start of QueryDomainInfo in samr server "net rpc info" from samba3 now works against a samba4 server. I suspect join will work fairly soon. (This used to be commit 0a2c6a1062d0e364356853001f5f39bdb542f453)
2004-05-27 08:13:58 +04:00
}
/*
lsa_LookupPrivName
*/
r20850: Prefix all server calls with dcesrv_ (This used to be commit 76c78b0339cd88c61a13745f7f4e037f400db21b)
2007-01-17 17:49:36 +03:00
static NTSTATUS dcesrv_lsa_LookupPrivName(struct dcesrv_call_state *dce_call,
r4195: added IDL, test suite and server side code for lsa_LookupPrivValue (This used to be commit 7bddd4740332017bb5f4bddcc9ba0234d05378bd)
2004-12-14 08:32:51 +03:00
TALLOC_CTX *mem_ctx,
struct lsa_LookupPrivName *r)
r917: - added the start of a LSA server to samba4. - added start of QueryDomainInfo in samr server "net rpc info" from samba3 now works against a samba4 server. I suspect join will work fairly soon. (This used to be commit 0a2c6a1062d0e364356853001f5f39bdb542f453)
2004-05-27 08:13:58 +04:00
{
r4196: - added server side code for lsa_LookupPrivDisplayName - added english descriptions of privileges. We should add other languages in the future. (This used to be commit 3eee8b7c13de3ffe7c5a87d6f1ebdcc66ff391eb)
2004-12-14 08:51:01 +03:00
struct dcesrv_handle *h;
struct lsa_policy_state *state;
const char *privname;
DCESRV_PULL_HANDLE(h, r->in.handle, LSA_HANDLE_POLICY);
state = h->data;
if (r->in.luid->high != 0) {
return NT_STATUS_NO_SUCH_PRIVILEGE;
}
privname = sec_privilege_name(r->in.luid->low);
if (privname == NULL) {
return NT_STATUS_NO_SUCH_PRIVILEGE;
}
r12793: fix bugs metze (This used to be commit 65be02a9801444c01230903d130b2d71b6c15617)
2006-01-09 18:50:08 +03:00
r->out.name = talloc(mem_ctx, struct lsa_StringLarge);
r4196: - added server side code for lsa_LookupPrivDisplayName - added english descriptions of privileges. We should add other languages in the future. (This used to be commit 3eee8b7c13de3ffe7c5a87d6f1ebdcc66ff391eb)
2004-12-14 08:51:01 +03:00
if (r->out.name == NULL) {
return NT_STATUS_NO_MEMORY;
}
r->out.name->string = privname;
return NT_STATUS_OK;
r917: - added the start of a LSA server to samba4. - added start of QueryDomainInfo in samr server "net rpc info" from samba3 now works against a samba4 server. I suspect join will work fairly soon. (This used to be commit 0a2c6a1062d0e364356853001f5f39bdb542f453)
2004-05-27 08:13:58 +04:00
}
/*
r1814: Fix the build. Tridge, in rpc_epmapper.c there's a whole bunch of "return NT_STATUS_NOT_IMPLEMENTED". You told me that's wrong, you should generate the correct fault pdu. Or is epmapper special in that respect? Volker (This used to be commit 48df39c133cd08f1eb8007c7986a675f129d0cae)
2004-08-14 05:11:34 +04:00
lsa_LookupPrivDisplayName
r917: - added the start of a LSA server to samba4. - added start of QueryDomainInfo in samr server "net rpc info" from samba3 now works against a samba4 server. I suspect join will work fairly soon. (This used to be commit 0a2c6a1062d0e364356853001f5f39bdb542f453)
2004-05-27 08:13:58 +04:00
*/
r20850: Prefix all server calls with dcesrv_ (This used to be commit 76c78b0339cd88c61a13745f7f4e037f400db21b)
2007-01-17 17:49:36 +03:00
static NTSTATUS dcesrv_lsa_LookupPrivDisplayName(struct dcesrv_call_state *dce_call,
r4196: - added server side code for lsa_LookupPrivDisplayName - added english descriptions of privileges. We should add other languages in the future. (This used to be commit 3eee8b7c13de3ffe7c5a87d6f1ebdcc66ff391eb)
2004-12-14 08:51:01 +03:00
TALLOC_CTX *mem_ctx,
struct lsa_LookupPrivDisplayName *r)
r917: - added the start of a LSA server to samba4. - added start of QueryDomainInfo in samr server "net rpc info" from samba3 now works against a samba4 server. I suspect join will work fairly soon. (This used to be commit 0a2c6a1062d0e364356853001f5f39bdb542f453)
2004-05-27 08:13:58 +04:00
{
r4196: - added server side code for lsa_LookupPrivDisplayName - added english descriptions of privileges. We should add other languages in the future. (This used to be commit 3eee8b7c13de3ffe7c5a87d6f1ebdcc66ff391eb)
2004-12-14 08:51:01 +03:00
struct dcesrv_handle *h;
struct lsa_policy_state *state;
int id;
DCESRV_PULL_HANDLE(h, r->in.handle, LSA_HANDLE_POLICY);
state = h->data;
id = sec_privilege_id(r->in.name->string);
if (id == -1) {
return NT_STATUS_NO_SUCH_PRIVILEGE;
}
r12793: fix bugs metze (This used to be commit 65be02a9801444c01230903d130b2d71b6c15617)
2006-01-09 18:50:08 +03:00
r->out.disp_name = talloc(mem_ctx, struct lsa_StringLarge);
r4196: - added server side code for lsa_LookupPrivDisplayName - added english descriptions of privileges. We should add other languages in the future. (This used to be commit 3eee8b7c13de3ffe7c5a87d6f1ebdcc66ff391eb)
2004-12-14 08:51:01 +03:00
if (r->out.disp_name == NULL) {
return NT_STATUS_NO_MEMORY;
}
r->out.disp_name->string = sec_privilege_display_name(id, r->in.language_id);
if (r->out.disp_name->string == NULL) {
return NT_STATUS_INTERNAL_ERROR;
}
return NT_STATUS_OK;
r917: - added the start of a LSA server to samba4. - added start of QueryDomainInfo in samr server "net rpc info" from samba3 now works against a samba4 server. I suspect join will work fairly soon. (This used to be commit 0a2c6a1062d0e364356853001f5f39bdb542f453)
2004-05-27 08:13:58 +04:00
}
/*
r1814: Fix the build. Tridge, in rpc_epmapper.c there's a whole bunch of "return NT_STATUS_NOT_IMPLEMENTED". You told me that's wrong, you should generate the correct fault pdu. Or is epmapper special in that respect? Volker (This used to be commit 48df39c133cd08f1eb8007c7986a675f129d0cae)
2004-08-14 05:11:34 +04:00
lsa_DeleteObject
r917: - added the start of a LSA server to samba4. - added start of QueryDomainInfo in samr server "net rpc info" from samba3 now works against a samba4 server. I suspect join will work fairly soon. (This used to be commit 0a2c6a1062d0e364356853001f5f39bdb542f453)
2004-05-27 08:13:58 +04:00
*/
r20850: Prefix all server calls with dcesrv_ (This used to be commit 76c78b0339cd88c61a13745f7f4e037f400db21b)
2007-01-17 17:49:36 +03:00
static NTSTATUS dcesrv_lsa_DeleteObject(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
r1814: Fix the build. Tridge, in rpc_epmapper.c there's a whole bunch of "return NT_STATUS_NOT_IMPLEMENTED". You told me that's wrong, you should generate the correct fault pdu. Or is epmapper special in that respect? Volker (This used to be commit 48df39c133cd08f1eb8007c7986a675f129d0cae)
2004-08-14 05:11:34 +04:00
struct lsa_DeleteObject *r)
r917: - added the start of a LSA server to samba4. - added start of QueryDomainInfo in samr server "net rpc info" from samba3 now works against a samba4 server. I suspect join will work fairly soon. (This used to be commit 0a2c6a1062d0e364356853001f5f39bdb542f453)
2004-05-27 08:13:58 +04:00
{
DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
}
/*
r1814: Fix the build. Tridge, in rpc_epmapper.c there's a whole bunch of "return NT_STATUS_NOT_IMPLEMENTED". You told me that's wrong, you should generate the correct fault pdu. Or is epmapper special in that respect? Volker (This used to be commit 48df39c133cd08f1eb8007c7986a675f129d0cae)
2004-08-14 05:11:34 +04:00
lsa_EnumAccountsWithUserRight
r917: - added the start of a LSA server to samba4. - added start of QueryDomainInfo in samr server "net rpc info" from samba3 now works against a samba4 server. I suspect join will work fairly soon. (This used to be commit 0a2c6a1062d0e364356853001f5f39bdb542f453)
2004-05-27 08:13:58 +04:00
*/
r20850: Prefix all server calls with dcesrv_ (This used to be commit 76c78b0339cd88c61a13745f7f4e037f400db21b)
2007-01-17 17:49:36 +03:00
static NTSTATUS dcesrv_lsa_EnumAccountsWithUserRight(struct dcesrv_call_state *dce_call,
r4193: added server side implementation of lsa_EnumAccountsWithUserRight (This used to be commit 5088a6cbf70fe6eff94f07e2f5874525539c46fa)
2004-12-14 08:07:29 +03:00
TALLOC_CTX *mem_ctx,
struct lsa_EnumAccountsWithUserRight *r)
r917: - added the start of a LSA server to samba4. - added start of QueryDomainInfo in samr server "net rpc info" from samba3 now works against a samba4 server. I suspect join will work fairly soon. (This used to be commit 0a2c6a1062d0e364356853001f5f39bdb542f453)
2004-05-27 08:13:58 +04:00
{
r4193: added server side implementation of lsa_EnumAccountsWithUserRight (This used to be commit 5088a6cbf70fe6eff94f07e2f5874525539c46fa)
2004-12-14 08:07:29 +03:00
struct dcesrv_handle *h;
struct lsa_policy_state *state;
int ret, i;
struct ldb_message **res;
const char * const attrs[] = { "objectSid", NULL};
const char *privname;
DCESRV_PULL_HANDLE(h, r->in.handle, LSA_HANDLE_POLICY);
state = h->data;
if (r->in.name == NULL) {
return NT_STATUS_NO_SUCH_PRIVILEGE;
}
privname = r->in.name->string;
if (sec_privilege_id(privname) == -1) {
return NT_STATUS_NO_SUCH_PRIVILEGE;
}
r17823: get rid of most of the samdb_base_dn() calls, as they are no longer needed in searches (This used to be commit a5ea749f0ac63bf495a55ee8d9d002208ab93572)
2006-08-25 11:08:06 +04:00
ret = gendb_search(state->sam_ldb, mem_ctx, NULL, &res, attrs,
r4193: added server side implementation of lsa_EnumAccountsWithUserRight (This used to be commit 5088a6cbf70fe6eff94f07e2f5874525539c46fa)
2004-12-14 08:07:29 +03:00
"privilege=%s", privname);
r16827: Factor out some code into common samdb functions: - creation of ForeignSecurityPrincipals - template duplication code Rework much of the LSA server to pass the RPC-LSA test. Much of the server code was untested. In implementing the LSA Accounts feature, I have opted to have it only create entires when privilages are applied, and not to delete entries, but to delete the privilages. We skip some parts of the test, but it is much better than not testing it at all. Andrew Bartlett (This used to be commit 10eeea6da465564ed9f785d06e2d2ed06cfe29a4)
2006-07-06 09:23:29 +04:00
if (ret == -1) {
return NT_STATUS_INTERNAL_DB_CORRUPTION;
}
if (ret == 0) {
return NT_STATUS_NO_MORE_ENTRIES;
r4193: added server side implementation of lsa_EnumAccountsWithUserRight (This used to be commit 5088a6cbf70fe6eff94f07e2f5874525539c46fa)
2004-12-14 08:07:29 +03:00
}
r5037: got rid of all of the TALLOC_DEPRECATED stuff. My apologies for the large commit. I thought this was worthwhile to get done for consistency. (This used to be commit ec32b22ed5ec224f6324f5e069d15e92e38e15c0)
2005-01-27 10:08:20 +03:00
r->out.sids->sids = talloc_array(r->out.sids, struct lsa_SidPtr, ret);
r4193: added server side implementation of lsa_EnumAccountsWithUserRight (This used to be commit 5088a6cbf70fe6eff94f07e2f5874525539c46fa)
2004-12-14 08:07:29 +03:00
if (r->out.sids->sids == NULL) {
return NT_STATUS_NO_MEMORY;
}
for (i=0;i<ret;i++) {
r7860: switch our ldb storage format to use a NDR encoded objectSid. This is quite a large change as we had lots of code that assumed that objectSid was a string in S- format. metze and simo tried to convince me to use NDR format months ago, but I didn't listen, so its fair that I have the pain of fixing all the code now :-) This builds on the ldb_register_samba_handlers() and ldif handlers code I did earlier this week. There are still three parts of this conversion I have not finished: - the ltdb index records need to use the string form of the objectSid (to keep the DNs sane). Until that it done I have disabled indexing on objectSid, which is a big performance hit, but allows us to pass all our tests while I rejig the indexing system to use a externally supplied conversion function - I haven't yet put in place the code that allows client to use the "S-xxx-yyy" form for objectSid in ldap search expressions. w2k3 supports this, presumably by looking for the "S-" prefix to determine what type of objectSid form is being used by the client. I have been working on ways to handle this, but am not happy with them yet so they aren't part of this patch - I need to change pidl to generate push functions that take a "const void *" instead of a "void*" for the data pointer. That will fix the couple of new warnings this code generates. Luckily it many places the conversion to NDR formatted records actually simplified the code, as it means we no longer need as many calls to dom_sid_parse_talloc(). In some places it got more complex, but not many. (This used to be commit d40bc2fa8ddd43560315688eebdbe98bdd02756c)
2005-06-24 04:18:20 +04:00
r->out.sids->sids[i].sid = samdb_result_dom_sid(r->out.sids->sids,
res[i], "objectSid");
NT_STATUS_HAVE_NO_MEMORY(r->out.sids->sids[i].sid);
r4193: added server side implementation of lsa_EnumAccountsWithUserRight (This used to be commit 5088a6cbf70fe6eff94f07e2f5874525539c46fa)
2004-12-14 08:07:29 +03:00
}
r->out.sids->num_sids = ret;
return NT_STATUS_OK;
r917: - added the start of a LSA server to samba4. - added start of QueryDomainInfo in samr server "net rpc info" from samba3 now works against a samba4 server. I suspect join will work fairly soon. (This used to be commit 0a2c6a1062d0e364356853001f5f39bdb542f453)
2004-05-27 08:13:58 +04:00
}
r4199: - added server side code for lsa_RemoveAccountRights (sharing code with lsa_AddAccountRights) (This used to be commit 9bd806b7a29afe9db98048be0f8035c75bf8e1c7)
2004-12-14 09:17:33 +03:00
/*
lsa_AddAccountRights
*/
r20850: Prefix all server calls with dcesrv_ (This used to be commit 76c78b0339cd88c61a13745f7f4e037f400db21b)
2007-01-17 17:49:36 +03:00
static NTSTATUS dcesrv_lsa_AddAccountRights(struct dcesrv_call_state *dce_call,
r4199: - added server side code for lsa_RemoveAccountRights (sharing code with lsa_AddAccountRights) (This used to be commit 9bd806b7a29afe9db98048be0f8035c75bf8e1c7)
2004-12-14 09:17:33 +03:00
TALLOC_CTX *mem_ctx,
struct lsa_AddAccountRights *r)
{
struct dcesrv_handle *h;
struct lsa_policy_state *state;
DCESRV_PULL_HANDLE(h, r->in.handle, LSA_HANDLE_POLICY);
state = h->data;
r20850: Prefix all server calls with dcesrv_ (This used to be commit 76c78b0339cd88c61a13745f7f4e037f400db21b)
2007-01-17 17:49:36 +03:00
return dcesrv_lsa_AddRemoveAccountRights(dce_call, mem_ctx, state,
r4199: - added server side code for lsa_RemoveAccountRights (sharing code with lsa_AddAccountRights) (This used to be commit 9bd806b7a29afe9db98048be0f8035c75bf8e1c7)
2004-12-14 09:17:33 +03:00
LDB_FLAG_MOD_ADD,
r->in.sid, r->in.rights);
}
r917: - added the start of a LSA server to samba4. - added start of QueryDomainInfo in samr server "net rpc info" from samba3 now works against a samba4 server. I suspect join will work fairly soon. (This used to be commit 0a2c6a1062d0e364356853001f5f39bdb542f453)
2004-05-27 08:13:58 +04:00
/*
r1814: Fix the build. Tridge, in rpc_epmapper.c there's a whole bunch of "return NT_STATUS_NOT_IMPLEMENTED". You told me that's wrong, you should generate the correct fault pdu. Or is epmapper special in that respect? Volker (This used to be commit 48df39c133cd08f1eb8007c7986a675f129d0cae)
2004-08-14 05:11:34 +04:00
lsa_RemoveAccountRights
r917: - added the start of a LSA server to samba4. - added start of QueryDomainInfo in samr server "net rpc info" from samba3 now works against a samba4 server. I suspect join will work fairly soon. (This used to be commit 0a2c6a1062d0e364356853001f5f39bdb542f453)
2004-05-27 08:13:58 +04:00
*/
r20850: Prefix all server calls with dcesrv_ (This used to be commit 76c78b0339cd88c61a13745f7f4e037f400db21b)
2007-01-17 17:49:36 +03:00
static NTSTATUS dcesrv_lsa_RemoveAccountRights(struct dcesrv_call_state *dce_call,
r4198: - added server side code for lsa_AddAccountRights (This used to be commit ba87142586672a1082200048e7d1ae865d266d6c)
2004-12-14 09:10:45 +03:00
TALLOC_CTX *mem_ctx,
struct lsa_RemoveAccountRights *r)
r917: - added the start of a LSA server to samba4. - added start of QueryDomainInfo in samr server "net rpc info" from samba3 now works against a samba4 server. I suspect join will work fairly soon. (This used to be commit 0a2c6a1062d0e364356853001f5f39bdb542f453)
2004-05-27 08:13:58 +04:00
{
r4199: - added server side code for lsa_RemoveAccountRights (sharing code with lsa_AddAccountRights) (This used to be commit 9bd806b7a29afe9db98048be0f8035c75bf8e1c7)
2004-12-14 09:17:33 +03:00
struct dcesrv_handle *h;
struct lsa_policy_state *state;
DCESRV_PULL_HANDLE(h, r->in.handle, LSA_HANDLE_POLICY);
state = h->data;
r20850: Prefix all server calls with dcesrv_ (This used to be commit 76c78b0339cd88c61a13745f7f4e037f400db21b)
2007-01-17 17:49:36 +03:00
return dcesrv_lsa_AddRemoveAccountRights(dce_call, mem_ctx, state,
r4199: - added server side code for lsa_RemoveAccountRights (sharing code with lsa_AddAccountRights) (This used to be commit 9bd806b7a29afe9db98048be0f8035c75bf8e1c7)
2004-12-14 09:17:33 +03:00
LDB_FLAG_MOD_DELETE,
r->in.sid, r->in.rights);
r917: - added the start of a LSA server to samba4. - added start of QueryDomainInfo in samr server "net rpc info" from samba3 now works against a samba4 server. I suspect join will work fairly soon. (This used to be commit 0a2c6a1062d0e364356853001f5f39bdb542f453)
2004-05-27 08:13:58 +04:00
}
/*
r1814: Fix the build. Tridge, in rpc_epmapper.c there's a whole bunch of "return NT_STATUS_NOT_IMPLEMENTED". You told me that's wrong, you should generate the correct fault pdu. Or is epmapper special in that respect? Volker (This used to be commit 48df39c133cd08f1eb8007c7986a675f129d0cae)
2004-08-14 05:11:34 +04:00
lsa_StorePrivateData
r917: - added the start of a LSA server to samba4. - added start of QueryDomainInfo in samr server "net rpc info" from samba3 now works against a samba4 server. I suspect join will work fairly soon. (This used to be commit 0a2c6a1062d0e364356853001f5f39bdb542f453)
2004-05-27 08:13:58 +04:00
*/
r20850: Prefix all server calls with dcesrv_ (This used to be commit 76c78b0339cd88c61a13745f7f4e037f400db21b)
2007-01-17 17:49:36 +03:00
static NTSTATUS dcesrv_lsa_StorePrivateData(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
r1814: Fix the build. Tridge, in rpc_epmapper.c there's a whole bunch of "return NT_STATUS_NOT_IMPLEMENTED". You told me that's wrong, you should generate the correct fault pdu. Or is epmapper special in that respect? Volker (This used to be commit 48df39c133cd08f1eb8007c7986a675f129d0cae)
2004-08-14 05:11:34 +04:00
struct lsa_StorePrivateData *r)
r917: - added the start of a LSA server to samba4. - added start of QueryDomainInfo in samr server "net rpc info" from samba3 now works against a samba4 server. I suspect join will work fairly soon. (This used to be commit 0a2c6a1062d0e364356853001f5f39bdb542f453)
2004-05-27 08:13:58 +04:00
{
DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
}
/*
r1814: Fix the build. Tridge, in rpc_epmapper.c there's a whole bunch of "return NT_STATUS_NOT_IMPLEMENTED". You told me that's wrong, you should generate the correct fault pdu. Or is epmapper special in that respect? Volker (This used to be commit 48df39c133cd08f1eb8007c7986a675f129d0cae)
2004-08-14 05:11:34 +04:00
lsa_RetrievePrivateData
r917: - added the start of a LSA server to samba4. - added start of QueryDomainInfo in samr server "net rpc info" from samba3 now works against a samba4 server. I suspect join will work fairly soon. (This used to be commit 0a2c6a1062d0e364356853001f5f39bdb542f453)
2004-05-27 08:13:58 +04:00
*/
r20850: Prefix all server calls with dcesrv_ (This used to be commit 76c78b0339cd88c61a13745f7f4e037f400db21b)
2007-01-17 17:49:36 +03:00
static NTSTATUS dcesrv_lsa_RetrievePrivateData(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
r1814: Fix the build. Tridge, in rpc_epmapper.c there's a whole bunch of "return NT_STATUS_NOT_IMPLEMENTED". You told me that's wrong, you should generate the correct fault pdu. Or is epmapper special in that respect? Volker (This used to be commit 48df39c133cd08f1eb8007c7986a675f129d0cae)
2004-08-14 05:11:34 +04:00
struct lsa_RetrievePrivateData *r)
r917: - added the start of a LSA server to samba4. - added start of QueryDomainInfo in samr server "net rpc info" from samba3 now works against a samba4 server. I suspect join will work fairly soon. (This used to be commit 0a2c6a1062d0e364356853001f5f39bdb542f453)
2004-05-27 08:13:58 +04:00
{
DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
}
/*
r1814: Fix the build. Tridge, in rpc_epmapper.c there's a whole bunch of "return NT_STATUS_NOT_IMPLEMENTED". You told me that's wrong, you should generate the correct fault pdu. Or is epmapper special in that respect? Volker (This used to be commit 48df39c133cd08f1eb8007c7986a675f129d0cae)
2004-08-14 05:11:34 +04:00
lsa_GetUserName
r917: - added the start of a LSA server to samba4. - added start of QueryDomainInfo in samr server "net rpc info" from samba3 now works against a samba4 server. I suspect join will work fairly soon. (This used to be commit 0a2c6a1062d0e364356853001f5f39bdb542f453)
2004-05-27 08:13:58 +04:00
*/
r20850: Prefix all server calls with dcesrv_ (This used to be commit 76c78b0339cd88c61a13745f7f4e037f400db21b)
2007-01-17 17:49:36 +03:00
static NTSTATUS dcesrv_lsa_GetUserName(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
r10764: To match Win2k3 SP1, we need to set an anonymous user token for schannel connections. Test for Win2k3 SP1 behaviour in RPC-SCHANNEL. Andrew Bartlett (This used to be commit 1c3911374ec65e4770c2fe9109d7b7d3ecd99f6a)
2005-10-06 15:15:20 +04:00
struct lsa_GetUserName *r)
r917: - added the start of a LSA server to samba4. - added start of QueryDomainInfo in samr server "net rpc info" from samba3 now works against a samba4 server. I suspect join will work fairly soon. (This used to be commit 0a2c6a1062d0e364356853001f5f39bdb542f453)
2004-05-27 08:13:58 +04:00
{
r4323: - implement the lsa_GetUserName() server call - give lsa_lookup_sid() a chance with foreign SIDS returning NT_STATUS_NO_MEMORY makes no sense here as the ldb_msg_find_string() doesn't allocate the string metze (This used to be commit b43f34e87354c82a3392a0ba99b38b4c7185e47c)
2004-12-21 15:22:57 +03:00
NTSTATUS status = NT_STATUS_OK;
const char *account_name;
const char *authority_name;
struct lsa_String *_account_name;
struct lsa_StringPointer *_authority_name = NULL;
/* this is what w2k3 does */
r->out.account_name = r->in.account_name;
r->out.authority_name = r->in.authority_name;
if (r->in.account_name && r->in.account_name->string) {
return NT_STATUS_INVALID_PARAMETER;
}
if (r->in.authority_name &&
r->in.authority_name->string &&
r->in.authority_name->string->string) {
return NT_STATUS_INVALID_PARAMETER;
}
r4340: - simplify lsa_GetUserName() server code, we don't need to do db lookups as we already known who the user is metze (This used to be commit cef0d1eb29c6c5d41591a5c0beaed1dc26961211)
2004-12-23 06:02:57 +03:00
account_name = talloc_reference(mem_ctx, dce_call->conn->auth_state.session_info->server_info->account_name);
r4620: - add interface functions to the auth subsystem so that callers doesn't need to use function pointers anymore - make the module init much easier - a lot of cleanups don't try to read the diff in auth/ better read the new files it passes test_echo.sh and test_rpc.sh abartlet: please fix spelling fixes metze (This used to be commit 3c0d16b8236451f2cfd38fc3db8ae2906106d847)
2005-01-09 15:55:25 +03:00
authority_name = talloc_reference(mem_ctx, dce_call->conn->auth_state.session_info->server_info->domain_name);
r4323: - implement the lsa_GetUserName() server call - give lsa_lookup_sid() a chance with foreign SIDS returning NT_STATUS_NO_MEMORY makes no sense here as the ldb_msg_find_string() doesn't allocate the string metze (This used to be commit b43f34e87354c82a3392a0ba99b38b4c7185e47c)
2004-12-21 15:22:57 +03:00
r5037: got rid of all of the TALLOC_DEPRECATED stuff. My apologies for the large commit. I thought this was worthwhile to get done for consistency. (This used to be commit ec32b22ed5ec224f6324f5e069d15e92e38e15c0)
2005-01-27 10:08:20 +03:00
_account_name = talloc(mem_ctx, struct lsa_String);
r15319: remove unneeded macros metze (This used to be commit 9611c8aa9ce0eba1703d5eecc52e67a9e5fba15f)
2006-04-29 15:48:56 +04:00
NT_STATUS_HAVE_NO_MEMORY(_account_name);
r4323: - implement the lsa_GetUserName() server call - give lsa_lookup_sid() a chance with foreign SIDS returning NT_STATUS_NO_MEMORY makes no sense here as the ldb_msg_find_string() doesn't allocate the string metze (This used to be commit b43f34e87354c82a3392a0ba99b38b4c7185e47c)
2004-12-21 15:22:57 +03:00
_account_name->string = account_name;
if (r->in.authority_name) {
r5037: got rid of all of the TALLOC_DEPRECATED stuff. My apologies for the large commit. I thought this was worthwhile to get done for consistency. (This used to be commit ec32b22ed5ec224f6324f5e069d15e92e38e15c0)
2005-01-27 10:08:20 +03:00
_authority_name = talloc(mem_ctx, struct lsa_StringPointer);
r15319: remove unneeded macros metze (This used to be commit 9611c8aa9ce0eba1703d5eecc52e67a9e5fba15f)
2006-04-29 15:48:56 +04:00
NT_STATUS_HAVE_NO_MEMORY(_authority_name);
r5037: got rid of all of the TALLOC_DEPRECATED stuff. My apologies for the large commit. I thought this was worthwhile to get done for consistency. (This used to be commit ec32b22ed5ec224f6324f5e069d15e92e38e15c0)
2005-01-27 10:08:20 +03:00
_authority_name->string = talloc(mem_ctx, struct lsa_String);
r15319: remove unneeded macros metze (This used to be commit 9611c8aa9ce0eba1703d5eecc52e67a9e5fba15f)
2006-04-29 15:48:56 +04:00
NT_STATUS_HAVE_NO_MEMORY(_authority_name->string);
r4323: - implement the lsa_GetUserName() server call - give lsa_lookup_sid() a chance with foreign SIDS returning NT_STATUS_NO_MEMORY makes no sense here as the ldb_msg_find_string() doesn't allocate the string metze (This used to be commit b43f34e87354c82a3392a0ba99b38b4c7185e47c)
2004-12-21 15:22:57 +03:00
_authority_name->string->string = authority_name;
}
r->out.account_name = _account_name;
r->out.authority_name = _authority_name;
return status;
r917: - added the start of a LSA server to samba4. - added start of QueryDomainInfo in samr server "net rpc info" from samba3 now works against a samba4 server. I suspect join will work fairly soon. (This used to be commit 0a2c6a1062d0e364356853001f5f39bdb542f453)
2004-05-27 08:13:58 +04:00
}
r1814: Fix the build. Tridge, in rpc_epmapper.c there's a whole bunch of "return NT_STATUS_NOT_IMPLEMENTED". You told me that's wrong, you should generate the correct fault pdu. Or is epmapper special in that respect? Volker (This used to be commit 48df39c133cd08f1eb8007c7986a675f129d0cae)
2004-08-14 05:11:34 +04:00
/*
lsa_SetInfoPolicy2
*/
r20850: Prefix all server calls with dcesrv_ (This used to be commit 76c78b0339cd88c61a13745f7f4e037f400db21b)
2007-01-17 17:49:36 +03:00
static NTSTATUS dcesrv_lsa_SetInfoPolicy2(struct dcesrv_call_state *dce_call,
r1814: Fix the build. Tridge, in rpc_epmapper.c there's a whole bunch of "return NT_STATUS_NOT_IMPLEMENTED". You told me that's wrong, you should generate the correct fault pdu. Or is epmapper special in that respect? Volker (This used to be commit 48df39c133cd08f1eb8007c7986a675f129d0cae)
2004-08-14 05:11:34 +04:00
TALLOC_CTX *mem_ctx,
struct lsa_SetInfoPolicy2 *r)
{
DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
}
/*
lsa_QueryDomainInformationPolicy
*/
r20850: Prefix all server calls with dcesrv_ (This used to be commit 76c78b0339cd88c61a13745f7f4e037f400db21b)
2007-01-17 17:49:36 +03:00
static NTSTATUS dcesrv_lsa_QueryDomainInformationPolicy(struct dcesrv_call_state *dce_call,
r1814: Fix the build. Tridge, in rpc_epmapper.c there's a whole bunch of "return NT_STATUS_NOT_IMPLEMENTED". You told me that's wrong, you should generate the correct fault pdu. Or is epmapper special in that respect? Volker (This used to be commit 48df39c133cd08f1eb8007c7986a675f129d0cae)
2004-08-14 05:11:34 +04:00
TALLOC_CTX *mem_ctx,
struct lsa_QueryDomainInformationPolicy *r)
{
DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
}
/*
lsa_SetDomInfoPolicy
*/
r20850: Prefix all server calls with dcesrv_ (This used to be commit 76c78b0339cd88c61a13745f7f4e037f400db21b)
2007-01-17 17:49:36 +03:00
static NTSTATUS dcesrv_lsa_SetDomainInformationPolicy(struct dcesrv_call_state *dce_call,
r9888: add IDL for lsa_QueryDomainInformationPolicy to query Kerberos Settings. Guenther (This used to be commit d717e878bdc05b06adcc50c3527c339be8164145)
2005-09-01 14:36:48 +04:00
TALLOC_CTX *mem_ctx,
struct lsa_SetDomainInformationPolicy *r)
r1814: Fix the build. Tridge, in rpc_epmapper.c there's a whole bunch of "return NT_STATUS_NOT_IMPLEMENTED". You told me that's wrong, you should generate the correct fault pdu. Or is epmapper special in that respect? Volker (This used to be commit 48df39c133cd08f1eb8007c7986a675f129d0cae)
2004-08-14 05:11:34 +04:00
{
DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
}
/*
lsa_TestCall
*/
r20850: Prefix all server calls with dcesrv_ (This used to be commit 76c78b0339cd88c61a13745f7f4e037f400db21b)
2007-01-17 17:49:36 +03:00
static NTSTATUS dcesrv_lsa_TestCall(struct dcesrv_call_state *dce_call,
r1814: Fix the build. Tridge, in rpc_epmapper.c there's a whole bunch of "return NT_STATUS_NOT_IMPLEMENTED". You told me that's wrong, you should generate the correct fault pdu. Or is epmapper special in that respect? Volker (This used to be commit 48df39c133cd08f1eb8007c7986a675f129d0cae)
2004-08-14 05:11:34 +04:00
TALLOC_CTX *mem_ctx,
struct lsa_TestCall *r)
{
DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
}
r4012: split out the lsa lookup single name logic into a separate function (This used to be commit 44d97619623830cc24905a5f4df941d45ebd41c3)
2004-11-30 07:34:18 +03:00
/*
lookup a SID for 1 name
*/
r20850: Prefix all server calls with dcesrv_ (This used to be commit 76c78b0339cd88c61a13745f7f4e037f400db21b)
2007-01-17 17:49:36 +03:00
static NTSTATUS dcesrv_lsa_lookup_name(struct lsa_policy_state *state, TALLOC_CTX *mem_ctx,
r4012: split out the lsa lookup single name logic into a separate function (This used to be commit 44d97619623830cc24905a5f4df941d45ebd41c3)
2004-11-30 07:34:18 +03:00
const char *name, struct dom_sid **sid, uint32_t *atype)
{
int ret;
struct ldb_message **res;
const char * const attrs[] = { "objectSid", "sAMAccountType", NULL};
r4447: implement server side of lsa_LookupSids3() and lsa_LookupNames3() (This used to be commit e535f84504b07a912c2f5dd6eca4c9893c1843db)
2004-12-31 11:54:59 +03:00
const char *p;
p = strchr_m(name, '\\');
if (p != NULL) {
/* TODO: properly parse the domain prefix here, and use it to
limit the search */
name = p + 1;
}
r4012: split out the lsa lookup single name logic into a separate function (This used to be commit 44d97619623830cc24905a5f4df941d45ebd41c3)
2004-11-30 07:34:18 +03:00
r12361: Add a new function: ldb_binary_encode_string() This is for use on user-supplied arguments to printf style format strings which will become ldb filters. I have used it on LSA, SAMR and the auth/ code so far. Also add comments to cracknames code. Andrew Bartlett (This used to be commit 8308cf6e0472790c1c9d521d19322557907f4418)
2005-12-19 10:07:11 +03:00
ret = gendb_search(state->sam_ldb, mem_ctx, NULL, &res, attrs, "sAMAccountName=%s", ldb_binary_encode_string(mem_ctx, name));
r4012: split out the lsa lookup single name logic into a separate function (This used to be commit 44d97619623830cc24905a5f4df941d45ebd41c3)
2004-11-30 07:34:18 +03:00
if (ret == 1) {
r7860: switch our ldb storage format to use a NDR encoded objectSid. This is quite a large change as we had lots of code that assumed that objectSid was a string in S- format. metze and simo tried to convince me to use NDR format months ago, but I didn't listen, so its fair that I have the pain of fixing all the code now :-) This builds on the ldb_register_samba_handlers() and ldif handlers code I did earlier this week. There are still three parts of this conversion I have not finished: - the ltdb index records need to use the string form of the objectSid (to keep the DNs sane). Until that it done I have disabled indexing on objectSid, which is a big performance hit, but allows us to pass all our tests while I rejig the indexing system to use a externally supplied conversion function - I haven't yet put in place the code that allows client to use the "S-xxx-yyy" form for objectSid in ldap search expressions. w2k3 supports this, presumably by looking for the "S-" prefix to determine what type of objectSid form is being used by the client. I have been working on ways to handle this, but am not happy with them yet so they aren't part of this patch - I need to change pidl to generate push functions that take a "const void *" instead of a "void*" for the data pointer. That will fix the couple of new warnings this code generates. Luckily it many places the conversion to NDR formatted records actually simplified the code, as it means we no longer need as many calls to dom_sid_parse_talloc(). In some places it got more complex, but not many. (This used to be commit d40bc2fa8ddd43560315688eebdbe98bdd02756c)
2005-06-24 04:18:20 +04:00
*sid = samdb_result_dom_sid(mem_ctx, res[0], "objectSid");
r4012: split out the lsa lookup single name logic into a separate function (This used to be commit 44d97619623830cc24905a5f4df941d45ebd41c3)
2004-11-30 07:34:18 +03:00
if (*sid == NULL) {
return NT_STATUS_INVALID_SID;
}
*atype = samdb_result_uint(res[0], "sAMAccountType", 0);
return NT_STATUS_OK;
}
/* need to add a call into sidmap to check for a allocated sid */
return NT_STATUS_INVALID_SID;
}
r4447: implement server side of lsa_LookupSids3() and lsa_LookupNames3() (This used to be commit e535f84504b07a912c2f5dd6eca4c9893c1843db)
2004-12-31 11:54:59 +03:00
/*
r18361: Invert the way we handle LookupSids2/LookupSids3 and LookupNames3/LookupNames4 The latter calls don't supply a policy handle The latter calls now acquire a policy handle, then call the earlier calls. This means we still share the codepaths, but don't need to fetch policy state when it is already provided. Andrew Bartlett (This used to be commit 5fa9e96bd0d1f75e208be9a8a04dfc90a854bee9)
2006-09-11 09:11:10 +04:00
lsa_LookupNames3
r4447: implement server side of lsa_LookupSids3() and lsa_LookupNames3() (This used to be commit e535f84504b07a912c2f5dd6eca4c9893c1843db)
2004-12-31 11:54:59 +03:00
*/
r20850: Prefix all server calls with dcesrv_ (This used to be commit 76c78b0339cd88c61a13745f7f4e037f400db21b)
2007-01-17 17:49:36 +03:00
static NTSTATUS dcesrv_lsa_LookupNames3(struct dcesrv_call_state *dce_call,
r4447: implement server side of lsa_LookupSids3() and lsa_LookupNames3() (This used to be commit e535f84504b07a912c2f5dd6eca4c9893c1843db)
2004-12-31 11:54:59 +03:00
TALLOC_CTX *mem_ctx,
r18361: Invert the way we handle LookupSids2/LookupSids3 and LookupNames3/LookupNames4 The latter calls don't supply a policy handle The latter calls now acquire a policy handle, then call the earlier calls. This means we still share the codepaths, but don't need to fetch policy state when it is already provided. Andrew Bartlett (This used to be commit 5fa9e96bd0d1f75e208be9a8a04dfc90a854bee9)
2006-09-11 09:11:10 +04:00
struct lsa_LookupNames3 *r)
r4447: implement server side of lsa_LookupSids3() and lsa_LookupNames3() (This used to be commit e535f84504b07a912c2f5dd6eca4c9893c1843db)
2004-12-31 11:54:59 +03:00
{
r18361: Invert the way we handle LookupSids2/LookupSids3 and LookupNames3/LookupNames4 The latter calls don't supply a policy handle The latter calls now acquire a policy handle, then call the earlier calls. This means we still share the codepaths, but don't need to fetch policy state when it is already provided. Andrew Bartlett (This used to be commit 5fa9e96bd0d1f75e208be9a8a04dfc90a854bee9)
2006-09-11 09:11:10 +04:00
struct lsa_policy_state *policy_state;
struct dcesrv_handle *policy_handle;
r4447: implement server side of lsa_LookupSids3() and lsa_LookupNames3() (This used to be commit e535f84504b07a912c2f5dd6eca4c9893c1843db)
2004-12-31 11:54:59 +03:00
int i;
NTSTATUS status = NT_STATUS_OK;
r18361: Invert the way we handle LookupSids2/LookupSids3 and LookupNames3/LookupNames4 The latter calls don't supply a policy handle The latter calls now acquire a policy handle, then call the earlier calls. This means we still share the codepaths, but don't need to fetch policy state when it is already provided. Andrew Bartlett (This used to be commit 5fa9e96bd0d1f75e208be9a8a04dfc90a854bee9)
2006-09-11 09:11:10 +04:00
DCESRV_PULL_HANDLE(policy_handle, r->in.handle, LSA_HANDLE_POLICY);
policy_state = policy_handle->data;
r11291: Fix implementation of LookupNames4. Andrew Bartlett (This used to be commit aef6800548e320c2ebb20ae345566a774d6acf8b)
2005-10-25 16:39:14 +04:00
r4447: implement server side of lsa_LookupSids3() and lsa_LookupNames3() (This used to be commit e535f84504b07a912c2f5dd6eca4c9893c1843db)
2004-12-31 11:54:59 +03:00
r->out.domains = NULL;
r5037: got rid of all of the TALLOC_DEPRECATED stuff. My apologies for the large commit. I thought this was worthwhile to get done for consistency. (This used to be commit ec32b22ed5ec224f6324f5e069d15e92e38e15c0)
2005-01-27 10:08:20 +03:00
r->out.domains = talloc_zero(mem_ctx, struct lsa_RefDomainList);
r4447: implement server side of lsa_LookupSids3() and lsa_LookupNames3() (This used to be commit e535f84504b07a912c2f5dd6eca4c9893c1843db)
2004-12-31 11:54:59 +03:00
if (r->out.domains == NULL) {
return NT_STATUS_NO_MEMORY;
}
r5037: got rid of all of the TALLOC_DEPRECATED stuff. My apologies for the large commit. I thought this was worthwhile to get done for consistency. (This used to be commit ec32b22ed5ec224f6324f5e069d15e92e38e15c0)
2005-01-27 10:08:20 +03:00
r->out.sids = talloc_zero(mem_ctx, struct lsa_TransSidArray3);
r4447: implement server side of lsa_LookupSids3() and lsa_LookupNames3() (This used to be commit e535f84504b07a912c2f5dd6eca4c9893c1843db)
2004-12-31 11:54:59 +03:00
if (r->out.sids == NULL) {
return NT_STATUS_NO_MEMORY;
}
*r->out.count = 0;
r5037: got rid of all of the TALLOC_DEPRECATED stuff. My apologies for the large commit. I thought this was worthwhile to get done for consistency. (This used to be commit ec32b22ed5ec224f6324f5e069d15e92e38e15c0)
2005-01-27 10:08:20 +03:00
r->out.sids->sids = talloc_array(r->out.sids, struct lsa_TranslatedSid3,
r4447: implement server side of lsa_LookupSids3() and lsa_LookupNames3() (This used to be commit e535f84504b07a912c2f5dd6eca4c9893c1843db)
2004-12-31 11:54:59 +03:00
r->in.num_names);
if (r->out.sids->sids == NULL) {
return NT_STATUS_NO_MEMORY;
}
for (i=0;i<r->in.num_names;i++) {
const char *name = r->in.names[i].string;
struct dom_sid *sid;
uint32_t atype, rtype, sid_index;
NTSTATUS status2;
r->out.sids->count++;
(*r->out.count)++;
r->out.sids->sids[i].sid_type = SID_NAME_UNKNOWN;
r->out.sids->sids[i].sid = NULL;
r->out.sids->sids[i].sid_index = 0xFFFFFFFF;
r->out.sids->sids[i].unknown = 0;
r20850: Prefix all server calls with dcesrv_ (This used to be commit 76c78b0339cd88c61a13745f7f4e037f400db21b)
2007-01-17 17:49:36 +03:00
status2 = dcesrv_lsa_lookup_name(policy_state, mem_ctx, name, &sid, &atype);
r4447: implement server side of lsa_LookupSids3() and lsa_LookupNames3() (This used to be commit e535f84504b07a912c2f5dd6eca4c9893c1843db)
2004-12-31 11:54:59 +03:00
if (!NT_STATUS_IS_OK(status2) || sid->num_auths == 0) {
status = STATUS_SOME_UNMAPPED;
continue;
}
rtype = samdb_atype_map(atype);
if (rtype == SID_NAME_UNKNOWN) {
status = STATUS_SOME_UNMAPPED;
continue;
}
r20850: Prefix all server calls with dcesrv_ (This used to be commit 76c78b0339cd88c61a13745f7f4e037f400db21b)
2007-01-17 17:49:36 +03:00
status2 = dcesrv_lsa_authority_list(policy_state, mem_ctx, sid, r->out.domains, &sid_index);
r4447: implement server side of lsa_LookupSids3() and lsa_LookupNames3() (This used to be commit e535f84504b07a912c2f5dd6eca4c9893c1843db)
2004-12-31 11:54:59 +03:00
if (!NT_STATUS_IS_OK(status2)) {
return status2;
}
r->out.sids->sids[i].sid_type = rtype;
r->out.sids->sids[i].sid = sid;
r->out.sids->sids[i].sid_index = sid_index;
r->out.sids->sids[i].unknown = 0;
}
return status;
}
r11288: Fill out LSA LookupNames4 and LookupSids3, including a server-side implementation. Andrew Bartlett (This used to be commit a6a615cc997cd3a71ea0d63994f6cd97096afc30)
2005-10-25 16:15:29 +04:00
/*
r18361: Invert the way we handle LookupSids2/LookupSids3 and LookupNames3/LookupNames4 The latter calls don't supply a policy handle The latter calls now acquire a policy handle, then call the earlier calls. This means we still share the codepaths, but don't need to fetch policy state when it is already provided. Andrew Bartlett (This used to be commit 5fa9e96bd0d1f75e208be9a8a04dfc90a854bee9)
2006-09-11 09:11:10 +04:00
lsa_LookupNames4
Identical to LookupNames3, but doesn't take a policy handle
r11288: Fill out LSA LookupNames4 and LookupSids3, including a server-side implementation. Andrew Bartlett (This used to be commit a6a615cc997cd3a71ea0d63994f6cd97096afc30)
2005-10-25 16:15:29 +04:00
*/
r20850: Prefix all server calls with dcesrv_ (This used to be commit 76c78b0339cd88c61a13745f7f4e037f400db21b)
2007-01-17 17:49:36 +03:00
static NTSTATUS dcesrv_lsa_LookupNames4(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
r18361: Invert the way we handle LookupSids2/LookupSids3 and LookupNames3/LookupNames4 The latter calls don't supply a policy handle The latter calls now acquire a policy handle, then call the earlier calls. This means we still share the codepaths, but don't need to fetch policy state when it is already provided. Andrew Bartlett (This used to be commit 5fa9e96bd0d1f75e208be9a8a04dfc90a854bee9)
2006-09-11 09:11:10 +04:00
struct lsa_LookupNames4 *r)
r11288: Fill out LSA LookupNames4 and LookupSids3, including a server-side implementation. Andrew Bartlett (This used to be commit a6a615cc997cd3a71ea0d63994f6cd97096afc30)
2005-10-25 16:15:29 +04:00
{
r18361: Invert the way we handle LookupSids2/LookupSids3 and LookupNames3/LookupNames4 The latter calls don't supply a policy handle The latter calls now acquire a policy handle, then call the earlier calls. This means we still share the codepaths, but don't need to fetch policy state when it is already provided. Andrew Bartlett (This used to be commit 5fa9e96bd0d1f75e208be9a8a04dfc90a854bee9)
2006-09-11 09:11:10 +04:00
struct lsa_LookupNames3 r2;
struct lsa_OpenPolicy2 pol;
r11288: Fill out LSA LookupNames4 and LookupSids3, including a server-side implementation. Andrew Bartlett (This used to be commit a6a615cc997cd3a71ea0d63994f6cd97096afc30)
2005-10-25 16:15:29 +04:00
NTSTATUS status;
struct dcesrv_handle *h;
r18361: Invert the way we handle LookupSids2/LookupSids3 and LookupNames3/LookupNames4 The latter calls don't supply a policy handle The latter calls now acquire a policy handle, then call the earlier calls. This means we still share the codepaths, but don't need to fetch policy state when it is already provided. Andrew Bartlett (This used to be commit 5fa9e96bd0d1f75e208be9a8a04dfc90a854bee9)
2006-09-11 09:11:10 +04:00
/* No policy handle on the wire, so make one up here */
r2.in.handle = talloc(mem_ctx, struct policy_handle);
if (!r2.in.handle) {
return NT_STATUS_NO_MEMORY;
}
pol.out.handle = r2.in.handle;
pol.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
pol.in.attr = NULL;
pol.in.system_name = NULL;
r20850: Prefix all server calls with dcesrv_ (This used to be commit 76c78b0339cd88c61a13745f7f4e037f400db21b)
2007-01-17 17:49:36 +03:00
status = dcesrv_lsa_OpenPolicy2(dce_call, mem_ctx, &pol);
r18361: Invert the way we handle LookupSids2/LookupSids3 and LookupNames3/LookupNames4 The latter calls don't supply a policy handle The latter calls now acquire a policy handle, then call the earlier calls. This means we still share the codepaths, but don't need to fetch policy state when it is already provided. Andrew Bartlett (This used to be commit 5fa9e96bd0d1f75e208be9a8a04dfc90a854bee9)
2006-09-11 09:11:10 +04:00
if (!NT_STATUS_IS_OK(status)) {
return status;
}
/* ensure this handle goes away at the end of this call */
DCESRV_PULL_HANDLE(h, r2.in.handle, LSA_HANDLE_POLICY);
talloc_steal(mem_ctx, h);
r11288: Fill out LSA LookupNames4 and LookupSids3, including a server-side implementation. Andrew Bartlett (This used to be commit a6a615cc997cd3a71ea0d63994f6cd97096afc30)
2005-10-25 16:15:29 +04:00
r2.in.num_names = r->in.num_names;
r2.in.names = r->in.names;
r2.in.sids = r->in.sids;
r2.in.count = r->in.count;
r2.in.unknown1 = r->in.unknown1;
r2.in.unknown2 = r->in.unknown2;
r11291: Fix implementation of LookupNames4. Andrew Bartlett (This used to be commit aef6800548e320c2ebb20ae345566a774d6acf8b)
2005-10-25 16:39:14 +04:00
r2.out.domains = r->out.domains;
r2.out.sids = r->out.sids;
r2.out.count = r->out.count;
r11288: Fill out LSA LookupNames4 and LookupSids3, including a server-side implementation. Andrew Bartlett (This used to be commit a6a615cc997cd3a71ea0d63994f6cd97096afc30)
2005-10-25 16:15:29 +04:00
r20850: Prefix all server calls with dcesrv_ (This used to be commit 76c78b0339cd88c61a13745f7f4e037f400db21b)
2007-01-17 17:49:36 +03:00
status = dcesrv_lsa_LookupNames3(dce_call, mem_ctx, &r2);
r11288: Fill out LSA LookupNames4 and LookupSids3, including a server-side implementation. Andrew Bartlett (This used to be commit a6a615cc997cd3a71ea0d63994f6cd97096afc30)
2005-10-25 16:15:29 +04:00
if (dce_call->fault_code != 0) {
return status;
}
r->out.domains = r2.out.domains;
r->out.sids = r2.out.sids;
r->out.count = r2.out.count;
return status;
}
r1814: Fix the build. Tridge, in rpc_epmapper.c there's a whole bunch of "return NT_STATUS_NOT_IMPLEMENTED". You told me that's wrong, you should generate the correct fault pdu. Or is epmapper special in that respect? Volker (This used to be commit 48df39c133cd08f1eb8007c7986a675f129d0cae)
2004-08-14 05:11:34 +04:00
/*
lsa_LookupNames2
*/
r20850: Prefix all server calls with dcesrv_ (This used to be commit 76c78b0339cd88c61a13745f7f4e037f400db21b)
2007-01-17 17:49:36 +03:00
static NTSTATUS dcesrv_lsa_LookupNames2(struct dcesrv_call_state *dce_call,
r1814: Fix the build. Tridge, in rpc_epmapper.c there's a whole bunch of "return NT_STATUS_NOT_IMPLEMENTED". You told me that's wrong, you should generate the correct fault pdu. Or is epmapper special in that respect? Volker (This used to be commit 48df39c133cd08f1eb8007c7986a675f129d0cae)
2004-08-14 05:11:34 +04:00
TALLOC_CTX *mem_ctx,
struct lsa_LookupNames2 *r)
{
r3980: added server side support for lsa_LookupNames() and lsa_LookupNames2() (This used to be commit da12780bd98e566af13fe97ce5e84fe829a0fbd5)
2004-11-26 16:02:58 +03:00
struct lsa_policy_state *state;
struct dcesrv_handle *h;
int i;
NTSTATUS status = NT_STATUS_OK;
r->out.domains = NULL;
DCESRV_PULL_HANDLE(h, r->in.handle, LSA_HANDLE_POLICY);
state = h->data;
r5037: got rid of all of the TALLOC_DEPRECATED stuff. My apologies for the large commit. I thought this was worthwhile to get done for consistency. (This used to be commit ec32b22ed5ec224f6324f5e069d15e92e38e15c0)
2005-01-27 10:08:20 +03:00
r->out.domains = talloc_zero(mem_ctx, struct lsa_RefDomainList);
r3980: added server side support for lsa_LookupNames() and lsa_LookupNames2() (This used to be commit da12780bd98e566af13fe97ce5e84fe829a0fbd5)
2004-11-26 16:02:58 +03:00
if (r->out.domains == NULL) {
return NT_STATUS_NO_MEMORY;
}
r5037: got rid of all of the TALLOC_DEPRECATED stuff. My apologies for the large commit. I thought this was worthwhile to get done for consistency. (This used to be commit ec32b22ed5ec224f6324f5e069d15e92e38e15c0)
2005-01-27 10:08:20 +03:00
r->out.sids = talloc_zero(mem_ctx, struct lsa_TransSidArray2);
r3980: added server side support for lsa_LookupNames() and lsa_LookupNames2() (This used to be commit da12780bd98e566af13fe97ce5e84fe829a0fbd5)
2004-11-26 16:02:58 +03:00
if (r->out.sids == NULL) {
return NT_STATUS_NO_MEMORY;
}
*r->out.count = 0;
r5037: got rid of all of the TALLOC_DEPRECATED stuff. My apologies for the large commit. I thought this was worthwhile to get done for consistency. (This used to be commit ec32b22ed5ec224f6324f5e069d15e92e38e15c0)
2005-01-27 10:08:20 +03:00
r->out.sids->sids = talloc_array(r->out.sids, struct lsa_TranslatedSid2,
r3980: added server side support for lsa_LookupNames() and lsa_LookupNames2() (This used to be commit da12780bd98e566af13fe97ce5e84fe829a0fbd5)
2004-11-26 16:02:58 +03:00
r->in.num_names);
if (r->out.sids->sids == NULL) {
return NT_STATUS_NO_MEMORY;
}
for (i=0;i<r->in.num_names;i++) {
const char *name = r->in.names[i].string;
struct dom_sid *sid;
r3994: - removed the unused reference count code in lsa server - fixed the sid_index field in lsa LookupSids and LookupNames (This used to be commit 677f701e71609d82376b1ea2fa9ebc3521896671)
2004-11-29 09:19:50 +03:00
uint32_t atype, rtype, sid_index;
r3980: added server side support for lsa_LookupNames() and lsa_LookupNames2() (This used to be commit da12780bd98e566af13fe97ce5e84fe829a0fbd5)
2004-11-26 16:02:58 +03:00
NTSTATUS status2;
r->out.sids->count++;
(*r->out.count)++;
r->out.sids->sids[i].sid_type = SID_NAME_UNKNOWN;
r->out.sids->sids[i].rid = 0xFFFFFFFF;
r->out.sids->sids[i].sid_index = 0xFFFFFFFF;
r->out.sids->sids[i].unknown = 0;
r20850: Prefix all server calls with dcesrv_ (This used to be commit 76c78b0339cd88c61a13745f7f4e037f400db21b)
2007-01-17 17:49:36 +03:00
status2 = dcesrv_lsa_lookup_name(state, mem_ctx, name, &sid, &atype);
r4206: fixed a status code check in lsa_LookupNames2 that could cause a segv (This used to be commit 31ab04f790ff4349dbc8a24c07fa35e10b831baf)
2004-12-15 01:18:33 +03:00
if (!NT_STATUS_IS_OK(status2) || sid->num_auths == 0) {
r3980: added server side support for lsa_LookupNames() and lsa_LookupNames2() (This used to be commit da12780bd98e566af13fe97ce5e84fe829a0fbd5)
2004-11-26 16:02:58 +03:00
status = STATUS_SOME_UNMAPPED;
continue;
}
rtype = samdb_atype_map(atype);
if (rtype == SID_NAME_UNKNOWN) {
status = STATUS_SOME_UNMAPPED;
continue;
}
r20850: Prefix all server calls with dcesrv_ (This used to be commit 76c78b0339cd88c61a13745f7f4e037f400db21b)
2007-01-17 17:49:36 +03:00
status2 = dcesrv_lsa_authority_list(state, mem_ctx, sid, r->out.domains, &sid_index);
r3980: added server side support for lsa_LookupNames() and lsa_LookupNames2() (This used to be commit da12780bd98e566af13fe97ce5e84fe829a0fbd5)
2004-11-26 16:02:58 +03:00
if (!NT_STATUS_IS_OK(status2)) {
return status2;
}
r3994: - removed the unused reference count code in lsa server - fixed the sid_index field in lsa LookupSids and LookupNames (This used to be commit 677f701e71609d82376b1ea2fa9ebc3521896671)
2004-11-29 09:19:50 +03:00
r->out.sids->sids[i].sid_type = rtype;
r->out.sids->sids[i].rid = sid->sub_auths[sid->num_auths-1];
r->out.sids->sids[i].sid_index = sid_index;
r->out.sids->sids[i].unknown = 0;
r3980: added server side support for lsa_LookupNames() and lsa_LookupNames2() (This used to be commit da12780bd98e566af13fe97ce5e84fe829a0fbd5)
2004-11-26 16:02:58 +03:00
}
return status;
}
/*
lsa_LookupNames
*/
r20850: Prefix all server calls with dcesrv_ (This used to be commit 76c78b0339cd88c61a13745f7f4e037f400db21b)
2007-01-17 17:49:36 +03:00
static NTSTATUS dcesrv_lsa_LookupNames(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
r3980: added server side support for lsa_LookupNames() and lsa_LookupNames2() (This used to be commit da12780bd98e566af13fe97ce5e84fe829a0fbd5)
2004-11-26 16:02:58 +03:00
struct lsa_LookupNames *r)
{
struct lsa_LookupNames2 r2;
NTSTATUS status;
int i;
r2.in.handle = r->in.handle;
r2.in.num_names = r->in.num_names;
r2.in.names = r->in.names;
r2.in.sids = NULL;
r2.in.level = r->in.level;
r2.in.count = r->in.count;
r2.in.unknown1 = 0;
r2.in.unknown2 = 0;
r2.out.count = r->out.count;
r20850: Prefix all server calls with dcesrv_ (This used to be commit 76c78b0339cd88c61a13745f7f4e037f400db21b)
2007-01-17 17:49:36 +03:00
status = dcesrv_lsa_LookupNames2(dce_call, mem_ctx, &r2);
r3980: added server side support for lsa_LookupNames() and lsa_LookupNames2() (This used to be commit da12780bd98e566af13fe97ce5e84fe829a0fbd5)
2004-11-26 16:02:58 +03:00
if (dce_call->fault_code != 0) {
return status;
}
r->out.domains = r2.out.domains;
r5037: got rid of all of the TALLOC_DEPRECATED stuff. My apologies for the large commit. I thought this was worthwhile to get done for consistency. (This used to be commit ec32b22ed5ec224f6324f5e069d15e92e38e15c0)
2005-01-27 10:08:20 +03:00
r->out.sids = talloc(mem_ctx, struct lsa_TransSidArray);
r3980: added server side support for lsa_LookupNames() and lsa_LookupNames2() (This used to be commit da12780bd98e566af13fe97ce5e84fe829a0fbd5)
2004-11-26 16:02:58 +03:00
if (r->out.sids == NULL) {
return NT_STATUS_NO_MEMORY;
}
r->out.sids->count = r2.out.sids->count;
r5037: got rid of all of the TALLOC_DEPRECATED stuff. My apologies for the large commit. I thought this was worthwhile to get done for consistency. (This used to be commit ec32b22ed5ec224f6324f5e069d15e92e38e15c0)
2005-01-27 10:08:20 +03:00
r->out.sids->sids = talloc_array(r->out.sids, struct lsa_TranslatedSid,
r3980: added server side support for lsa_LookupNames() and lsa_LookupNames2() (This used to be commit da12780bd98e566af13fe97ce5e84fe829a0fbd5)
2004-11-26 16:02:58 +03:00
r->out.sids->count);
if (r->out.sids->sids == NULL) {
return NT_STATUS_NO_MEMORY;
}
for (i=0;i<r->out.sids->count;i++) {
r->out.sids->sids[i].sid_type = r2.out.sids->sids[i].sid_type;
r->out.sids->sids[i].rid = r2.out.sids->sids[i].rid;
r->out.sids->sids[i].sid_index = r2.out.sids->sids[i].sid_index;
}
return status;
r1814: Fix the build. Tridge, in rpc_epmapper.c there's a whole bunch of "return NT_STATUS_NOT_IMPLEMENTED". You told me that's wrong, you should generate the correct fault pdu. Or is epmapper special in that respect? Volker (This used to be commit 48df39c133cd08f1eb8007c7986a675f129d0cae)
2004-08-14 05:11:34 +04:00
}
r4433: added the boilerplate for the new w2k3 LSA functions in preparation for adding LookupSids3 (needed for ACL editing from w2k3) (This used to be commit 745bbc0e1717c1e0068be00cff36071dbdc451a6)
2004-12-31 09:08:43 +03:00
/*
lsa_CREDRWRITE
*/
r20850: Prefix all server calls with dcesrv_ (This used to be commit 76c78b0339cd88c61a13745f7f4e037f400db21b)
2007-01-17 17:49:36 +03:00
static NTSTATUS dcesrv_lsa_CREDRWRITE(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
r4433: added the boilerplate for the new w2k3 LSA functions in preparation for adding LookupSids3 (needed for ACL editing from w2k3) (This used to be commit 745bbc0e1717c1e0068be00cff36071dbdc451a6)
2004-12-31 09:08:43 +03:00
struct lsa_CREDRWRITE *r)
{
DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
}
/*
lsa_CREDRREAD
*/
r20850: Prefix all server calls with dcesrv_ (This used to be commit 76c78b0339cd88c61a13745f7f4e037f400db21b)
2007-01-17 17:49:36 +03:00
static NTSTATUS dcesrv_lsa_CREDRREAD(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
r4433: added the boilerplate for the new w2k3 LSA functions in preparation for adding LookupSids3 (needed for ACL editing from w2k3) (This used to be commit 745bbc0e1717c1e0068be00cff36071dbdc451a6)
2004-12-31 09:08:43 +03:00
struct lsa_CREDRREAD *r)
{
DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
}
/*
lsa_CREDRENUMERATE
*/
r20850: Prefix all server calls with dcesrv_ (This used to be commit 76c78b0339cd88c61a13745f7f4e037f400db21b)
2007-01-17 17:49:36 +03:00
static NTSTATUS dcesrv_lsa_CREDRENUMERATE(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
r4433: added the boilerplate for the new w2k3 LSA functions in preparation for adding LookupSids3 (needed for ACL editing from w2k3) (This used to be commit 745bbc0e1717c1e0068be00cff36071dbdc451a6)
2004-12-31 09:08:43 +03:00
struct lsa_CREDRENUMERATE *r)
{
DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
}
/*
lsa_CREDRWRITEDOMAINCREDENTIALS
*/
r20850: Prefix all server calls with dcesrv_ (This used to be commit 76c78b0339cd88c61a13745f7f4e037f400db21b)
2007-01-17 17:49:36 +03:00
static NTSTATUS dcesrv_lsa_CREDRWRITEDOMAINCREDENTIALS(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
r4433: added the boilerplate for the new w2k3 LSA functions in preparation for adding LookupSids3 (needed for ACL editing from w2k3) (This used to be commit 745bbc0e1717c1e0068be00cff36071dbdc451a6)
2004-12-31 09:08:43 +03:00
struct lsa_CREDRWRITEDOMAINCREDENTIALS *r)
{
DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
}
/*
lsa_CREDRREADDOMAINCREDENTIALS
*/
r20850: Prefix all server calls with dcesrv_ (This used to be commit 76c78b0339cd88c61a13745f7f4e037f400db21b)
2007-01-17 17:49:36 +03:00
static NTSTATUS dcesrv_lsa_CREDRREADDOMAINCREDENTIALS(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
r4433: added the boilerplate for the new w2k3 LSA functions in preparation for adding LookupSids3 (needed for ACL editing from w2k3) (This used to be commit 745bbc0e1717c1e0068be00cff36071dbdc451a6)
2004-12-31 09:08:43 +03:00
struct lsa_CREDRREADDOMAINCREDENTIALS *r)
{
DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
}
/*
lsa_CREDRDELETE
*/
r20850: Prefix all server calls with dcesrv_ (This used to be commit 76c78b0339cd88c61a13745f7f4e037f400db21b)
2007-01-17 17:49:36 +03:00
static NTSTATUS dcesrv_lsa_CREDRDELETE(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
r4433: added the boilerplate for the new w2k3 LSA functions in preparation for adding LookupSids3 (needed for ACL editing from w2k3) (This used to be commit 745bbc0e1717c1e0068be00cff36071dbdc451a6)
2004-12-31 09:08:43 +03:00
struct lsa_CREDRDELETE *r)
{
DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
}
/*
lsa_CREDRGETTARGETINFO
*/
r20850: Prefix all server calls with dcesrv_ (This used to be commit 76c78b0339cd88c61a13745f7f4e037f400db21b)
2007-01-17 17:49:36 +03:00
static NTSTATUS dcesrv_lsa_CREDRGETTARGETINFO(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
r4433: added the boilerplate for the new w2k3 LSA functions in preparation for adding LookupSids3 (needed for ACL editing from w2k3) (This used to be commit 745bbc0e1717c1e0068be00cff36071dbdc451a6)
2004-12-31 09:08:43 +03:00
struct lsa_CREDRGETTARGETINFO *r)
{
DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
}
/*
lsa_CREDRPROFILELOADED
*/
r20850: Prefix all server calls with dcesrv_ (This used to be commit 76c78b0339cd88c61a13745f7f4e037f400db21b)
2007-01-17 17:49:36 +03:00
static NTSTATUS dcesrv_lsa_CREDRPROFILELOADED(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
r4433: added the boilerplate for the new w2k3 LSA functions in preparation for adding LookupSids3 (needed for ACL editing from w2k3) (This used to be commit 745bbc0e1717c1e0068be00cff36071dbdc451a6)
2004-12-31 09:08:43 +03:00
struct lsa_CREDRPROFILELOADED *r)
{
DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
}
/*
lsa_CREDRGETSESSIONTYPES
*/
r20850: Prefix all server calls with dcesrv_ (This used to be commit 76c78b0339cd88c61a13745f7f4e037f400db21b)
2007-01-17 17:49:36 +03:00
static NTSTATUS dcesrv_lsa_CREDRGETSESSIONTYPES(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
r4433: added the boilerplate for the new w2k3 LSA functions in preparation for adding LookupSids3 (needed for ACL editing from w2k3) (This used to be commit 745bbc0e1717c1e0068be00cff36071dbdc451a6)
2004-12-31 09:08:43 +03:00
struct lsa_CREDRGETSESSIONTYPES *r)
{
DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
}
/*
lsa_LSARREGISTERAUDITEVENT
*/
r20850: Prefix all server calls with dcesrv_ (This used to be commit 76c78b0339cd88c61a13745f7f4e037f400db21b)
2007-01-17 17:49:36 +03:00
static NTSTATUS dcesrv_lsa_LSARREGISTERAUDITEVENT(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
r4433: added the boilerplate for the new w2k3 LSA functions in preparation for adding LookupSids3 (needed for ACL editing from w2k3) (This used to be commit 745bbc0e1717c1e0068be00cff36071dbdc451a6)
2004-12-31 09:08:43 +03:00
struct lsa_LSARREGISTERAUDITEVENT *r)
{
DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
}
/*
lsa_LSARGENAUDITEVENT
*/
r20850: Prefix all server calls with dcesrv_ (This used to be commit 76c78b0339cd88c61a13745f7f4e037f400db21b)
2007-01-17 17:49:36 +03:00
static NTSTATUS dcesrv_lsa_LSARGENAUDITEVENT(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
r4433: added the boilerplate for the new w2k3 LSA functions in preparation for adding LookupSids3 (needed for ACL editing from w2k3) (This used to be commit 745bbc0e1717c1e0068be00cff36071dbdc451a6)
2004-12-31 09:08:43 +03:00
struct lsa_LSARGENAUDITEVENT *r)
{
DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
}
/*
lsa_LSARUNREGISTERAUDITEVENT
*/
r20850: Prefix all server calls with dcesrv_ (This used to be commit 76c78b0339cd88c61a13745f7f4e037f400db21b)
2007-01-17 17:49:36 +03:00
static NTSTATUS dcesrv_lsa_LSARUNREGISTERAUDITEVENT(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
r4433: added the boilerplate for the new w2k3 LSA functions in preparation for adding LookupSids3 (needed for ACL editing from w2k3) (This used to be commit 745bbc0e1717c1e0068be00cff36071dbdc451a6)
2004-12-31 09:08:43 +03:00
struct lsa_LSARUNREGISTERAUDITEVENT *r)
{
DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
}
/*
r23382: Fill in lsa_lsaRQueryForestTrustInformation. Guenther (This used to be commit 54fa6d453c628039e5ec9053b0693229efdbe011)
2007-06-08 14:42:33 +04:00
lsa_lsaRQueryForestTrustInformation
r4433: added the boilerplate for the new w2k3 LSA functions in preparation for adding LookupSids3 (needed for ACL editing from w2k3) (This used to be commit 745bbc0e1717c1e0068be00cff36071dbdc451a6)
2004-12-31 09:08:43 +03:00
*/
r23382: Fill in lsa_lsaRQueryForestTrustInformation. Guenther (This used to be commit 54fa6d453c628039e5ec9053b0693229efdbe011)
2007-06-08 14:42:33 +04:00
static NTSTATUS dcesrv_lsa_lsaRQueryForestTrustInformation(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
struct lsa_lsaRQueryForestTrustInformation *r)
r4433: added the boilerplate for the new w2k3 LSA functions in preparation for adding LookupSids3 (needed for ACL editing from w2k3) (This used to be commit 745bbc0e1717c1e0068be00cff36071dbdc451a6)
2004-12-31 09:08:43 +03:00
{
DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
}
/*
lsa_LSARSETFORESTTRUSTINFORMATION
*/
r20850: Prefix all server calls with dcesrv_ (This used to be commit 76c78b0339cd88c61a13745f7f4e037f400db21b)
2007-01-17 17:49:36 +03:00
static NTSTATUS dcesrv_lsa_LSARSETFORESTTRUSTINFORMATION(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
r4433: added the boilerplate for the new w2k3 LSA functions in preparation for adding LookupSids3 (needed for ACL editing from w2k3) (This used to be commit 745bbc0e1717c1e0068be00cff36071dbdc451a6)
2004-12-31 09:08:43 +03:00
struct lsa_LSARSETFORESTTRUSTINFORMATION *r)
{
DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
}
/*
lsa_CREDRRENAME
*/
r20850: Prefix all server calls with dcesrv_ (This used to be commit 76c78b0339cd88c61a13745f7f4e037f400db21b)
2007-01-17 17:49:36 +03:00
static NTSTATUS dcesrv_lsa_CREDRRENAME(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
r4433: added the boilerplate for the new w2k3 LSA functions in preparation for adding LookupSids3 (needed for ACL editing from w2k3) (This used to be commit 745bbc0e1717c1e0068be00cff36071dbdc451a6)
2004-12-31 09:08:43 +03:00
struct lsa_CREDRRENAME *r)
{
DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
}
/*
lsa_LSAROPENPOLICYSCE
*/
r20850: Prefix all server calls with dcesrv_ (This used to be commit 76c78b0339cd88c61a13745f7f4e037f400db21b)
2007-01-17 17:49:36 +03:00
static NTSTATUS dcesrv_lsa_LSAROPENPOLICYSCE(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
r4433: added the boilerplate for the new w2k3 LSA functions in preparation for adding LookupSids3 (needed for ACL editing from w2k3) (This used to be commit 745bbc0e1717c1e0068be00cff36071dbdc451a6)
2004-12-31 09:08:43 +03:00
struct lsa_LSAROPENPOLICYSCE *r)
{
DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
}
/*
lsa_LSARADTREGISTERSECURITYEVENTSOURCE
*/
r20850: Prefix all server calls with dcesrv_ (This used to be commit 76c78b0339cd88c61a13745f7f4e037f400db21b)
2007-01-17 17:49:36 +03:00
static NTSTATUS dcesrv_lsa_LSARADTREGISTERSECURITYEVENTSOURCE(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
r4433: added the boilerplate for the new w2k3 LSA functions in preparation for adding LookupSids3 (needed for ACL editing from w2k3) (This used to be commit 745bbc0e1717c1e0068be00cff36071dbdc451a6)
2004-12-31 09:08:43 +03:00
struct lsa_LSARADTREGISTERSECURITYEVENTSOURCE *r)
{
DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
}
/*
lsa_LSARADTUNREGISTERSECURITYEVENTSOURCE
*/
r20850: Prefix all server calls with dcesrv_ (This used to be commit 76c78b0339cd88c61a13745f7f4e037f400db21b)
2007-01-17 17:49:36 +03:00
static NTSTATUS dcesrv_lsa_LSARADTUNREGISTERSECURITYEVENTSOURCE(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
r4433: added the boilerplate for the new w2k3 LSA functions in preparation for adding LookupSids3 (needed for ACL editing from w2k3) (This used to be commit 745bbc0e1717c1e0068be00cff36071dbdc451a6)
2004-12-31 09:08:43 +03:00
struct lsa_LSARADTUNREGISTERSECURITYEVENTSOURCE *r)
{
DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
}
/*
lsa_LSARADTREPORTSECURITYEVENT
*/
r20850: Prefix all server calls with dcesrv_ (This used to be commit 76c78b0339cd88c61a13745f7f4e037f400db21b)
2007-01-17 17:49:36 +03:00
static NTSTATUS dcesrv_lsa_LSARADTREPORTSECURITYEVENT(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
r4433: added the boilerplate for the new w2k3 LSA functions in preparation for adding LookupSids3 (needed for ACL editing from w2k3) (This used to be commit 745bbc0e1717c1e0068be00cff36071dbdc451a6)
2004-12-31 09:08:43 +03:00
struct lsa_LSARADTREPORTSECURITYEVENT *r)
{
DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
}
r917: - added the start of a LSA server to samba4. - added start of QueryDomainInfo in samr server "net rpc info" from samba3 now works against a samba4 server. I suspect join will work fairly soon. (This used to be commit 0a2c6a1062d0e364356853001f5f39bdb542f453)
2004-05-27 08:13:58 +04:00
/* include the generated boilerplate */
#include "librpc/gen_ndr/ndr_lsa_s.c"
r17968: Consolidate the DSSETUP and LSA pipes into a single file, as DSSETUP is just one call. This simplifies the one remaining DSSETUP call, and removes another user of the dnsDomain attribute. Andrew Bartlett (This used to be commit 6a54711564b67891c368c09ead3f7389ad40111f)
2006-08-31 17:10:11 +04:00
/*****************************************
NOTE! The remaining calls below were
removed in w2k3, so the DCESRV_FAULT()
replies are the correct implementation. Do
not try and fill these in with anything else
******************************************/
/*
dssetup_DsRoleDnsNameToFlatName
*/
r20850: Prefix all server calls with dcesrv_ (This used to be commit 76c78b0339cd88c61a13745f7f4e037f400db21b)
2007-01-17 17:49:36 +03:00
static WERROR dcesrv_dssetup_DsRoleDnsNameToFlatName(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
r17968: Consolidate the DSSETUP and LSA pipes into a single file, as DSSETUP is just one call. This simplifies the one remaining DSSETUP call, and removes another user of the dnsDomain attribute. Andrew Bartlett (This used to be commit 6a54711564b67891c368c09ead3f7389ad40111f)
2006-08-31 17:10:11 +04:00
struct dssetup_DsRoleDnsNameToFlatName *r)
{
DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
}
/*
dssetup_DsRoleDcAsDc
*/
r20850: Prefix all server calls with dcesrv_ (This used to be commit 76c78b0339cd88c61a13745f7f4e037f400db21b)
2007-01-17 17:49:36 +03:00
static WERROR dcesrv_dssetup_DsRoleDcAsDc(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
r17968: Consolidate the DSSETUP and LSA pipes into a single file, as DSSETUP is just one call. This simplifies the one remaining DSSETUP call, and removes another user of the dnsDomain attribute. Andrew Bartlett (This used to be commit 6a54711564b67891c368c09ead3f7389ad40111f)
2006-08-31 17:10:11 +04:00
struct dssetup_DsRoleDcAsDc *r)
{
DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
}
/*
dssetup_DsRoleDcAsReplica
*/
r20850: Prefix all server calls with dcesrv_ (This used to be commit 76c78b0339cd88c61a13745f7f4e037f400db21b)
2007-01-17 17:49:36 +03:00
static WERROR dcesrv_dssetup_DsRoleDcAsReplica(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
r17968: Consolidate the DSSETUP and LSA pipes into a single file, as DSSETUP is just one call. This simplifies the one remaining DSSETUP call, and removes another user of the dnsDomain attribute. Andrew Bartlett (This used to be commit 6a54711564b67891c368c09ead3f7389ad40111f)
2006-08-31 17:10:11 +04:00
struct dssetup_DsRoleDcAsReplica *r)
{
DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
}
/*
dssetup_DsRoleDemoteDc
*/
r20850: Prefix all server calls with dcesrv_ (This used to be commit 76c78b0339cd88c61a13745f7f4e037f400db21b)
2007-01-17 17:49:36 +03:00
static WERROR dcesrv_dssetup_DsRoleDemoteDc(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
r17968: Consolidate the DSSETUP and LSA pipes into a single file, as DSSETUP is just one call. This simplifies the one remaining DSSETUP call, and removes another user of the dnsDomain attribute. Andrew Bartlett (This used to be commit 6a54711564b67891c368c09ead3f7389ad40111f)
2006-08-31 17:10:11 +04:00
struct dssetup_DsRoleDemoteDc *r)
{
DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
}
/*
dssetup_DsRoleGetDcOperationProgress
*/
r20850: Prefix all server calls with dcesrv_ (This used to be commit 76c78b0339cd88c61a13745f7f4e037f400db21b)
2007-01-17 17:49:36 +03:00
static WERROR dcesrv_dssetup_DsRoleGetDcOperationProgress(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
r17968: Consolidate the DSSETUP and LSA pipes into a single file, as DSSETUP is just one call. This simplifies the one remaining DSSETUP call, and removes another user of the dnsDomain attribute. Andrew Bartlett (This used to be commit 6a54711564b67891c368c09ead3f7389ad40111f)
2006-08-31 17:10:11 +04:00
struct dssetup_DsRoleGetDcOperationProgress *r)
{
DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
}
/*
dssetup_DsRoleGetDcOperationResults
*/
r20850: Prefix all server calls with dcesrv_ (This used to be commit 76c78b0339cd88c61a13745f7f4e037f400db21b)
2007-01-17 17:49:36 +03:00
static WERROR dcesrv_dssetup_DsRoleGetDcOperationResults(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
r17968: Consolidate the DSSETUP and LSA pipes into a single file, as DSSETUP is just one call. This simplifies the one remaining DSSETUP call, and removes another user of the dnsDomain attribute. Andrew Bartlett (This used to be commit 6a54711564b67891c368c09ead3f7389ad40111f)
2006-08-31 17:10:11 +04:00
struct dssetup_DsRoleGetDcOperationResults *r)
{
DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
}
/*
dssetup_DsRoleCancel
*/
r20850: Prefix all server calls with dcesrv_ (This used to be commit 76c78b0339cd88c61a13745f7f4e037f400db21b)
2007-01-17 17:49:36 +03:00
static WERROR dcesrv_dssetup_DsRoleCancel(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
r17968: Consolidate the DSSETUP and LSA pipes into a single file, as DSSETUP is just one call. This simplifies the one remaining DSSETUP call, and removes another user of the dnsDomain attribute. Andrew Bartlett (This used to be commit 6a54711564b67891c368c09ead3f7389ad40111f)
2006-08-31 17:10:11 +04:00
struct dssetup_DsRoleCancel *r)
{
DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
}
/*
dssetup_DsRoleServerSaveStateForUpgrade
*/
r20850: Prefix all server calls with dcesrv_ (This used to be commit 76c78b0339cd88c61a13745f7f4e037f400db21b)
2007-01-17 17:49:36 +03:00
static WERROR dcesrv_dssetup_DsRoleServerSaveStateForUpgrade(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
r17968: Consolidate the DSSETUP and LSA pipes into a single file, as DSSETUP is just one call. This simplifies the one remaining DSSETUP call, and removes another user of the dnsDomain attribute. Andrew Bartlett (This used to be commit 6a54711564b67891c368c09ead3f7389ad40111f)
2006-08-31 17:10:11 +04:00
struct dssetup_DsRoleServerSaveStateForUpgrade *r)
{
DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
}
/*
dssetup_DsRoleUpgradeDownlevelServer
*/
r20850: Prefix all server calls with dcesrv_ (This used to be commit 76c78b0339cd88c61a13745f7f4e037f400db21b)
2007-01-17 17:49:36 +03:00
static WERROR dcesrv_dssetup_DsRoleUpgradeDownlevelServer(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
r17968: Consolidate the DSSETUP and LSA pipes into a single file, as DSSETUP is just one call. This simplifies the one remaining DSSETUP call, and removes another user of the dnsDomain attribute. Andrew Bartlett (This used to be commit 6a54711564b67891c368c09ead3f7389ad40111f)
2006-08-31 17:10:11 +04:00
struct dssetup_DsRoleUpgradeDownlevelServer *r)
{
DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
}
/*
dssetup_DsRoleAbortDownlevelServerUpgrade
*/
r20850: Prefix all server calls with dcesrv_ (This used to be commit 76c78b0339cd88c61a13745f7f4e037f400db21b)
2007-01-17 17:49:36 +03:00
static WERROR dcesrv_dssetup_DsRoleAbortDownlevelServerUpgrade(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
r17968: Consolidate the DSSETUP and LSA pipes into a single file, as DSSETUP is just one call. This simplifies the one remaining DSSETUP call, and removes another user of the dnsDomain attribute. Andrew Bartlett (This used to be commit 6a54711564b67891c368c09ead3f7389ad40111f)
2006-08-31 17:10:11 +04:00
struct dssetup_DsRoleAbortDownlevelServerUpgrade *r)
{
DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
}
/* include the generated boilerplate */
#include "librpc/gen_ndr/ndr_dssetup_s.c"
NTSTATUS dcerpc_server_lsa_init(void)
{
NTSTATUS ret;
ret = dcerpc_server_dssetup_init();
if (!NT_STATUS_IS_OK(ret)) {
return ret;
}
ret = dcerpc_server_lsarpc_init();
if (!NT_STATUS_IS_OK(ret)) {
return ret;
}
return ret;
}
Copy Permalink