r917: - added the start of a LSA server to samba4.

- added start of QueryDomainInfo in samr server

"net rpc info" from samba3 now works against a samba4 server. I
suspect join will work fairly soon.

source/include/enums.h

@@ -29,15 +29,6 @@ enum protocol_types {PROTOCOL_NONE,PROTOCOL_CORE,PROTOCOL_COREPLUS,PROTOCOL_LANM
 /* security levels */
 enum security_types {SEC_SHARE,SEC_USER,SEC_SERVER,SEC_DOMAIN,SEC_ADS};
 
-/* server roles */
-enum server_types
-{
-	ROLE_STANDALONE,
-	ROLE_DOMAIN_MEMBER,
-	ROLE_DOMAIN_BDC,
-	ROLE_DOMAIN_PDC
-};
-
 /* printing types */
 enum printing_types {PRINT_BSD,PRINT_SYSV,PRINT_AIX,PRINT_HPUX,
 		     PRINT_QNX,PRINT_PLP,PRINT_LPRNG,PRINT_SOFTQ,

source/libcli/auth/ntlmssp.h

@@ -76,7 +76,7 @@ typedef struct ntlmssp_state
 	TALLOC_CTX *mem_ctx;
 	unsigned int ref_count;
 	enum NTLMSSP_ROLE role;
-	enum server_types server_role;
+	enum samr_Role server_role;
 	uint32_t expected_state;
 
 	BOOL unicode;

source/librpc/config.m4

@@ -10,6 +10,7 @@ SMB_SUBSYSTEM(LIBNDR_RAW,[],
 		librpc/gen_ndr/ndr_echo.o
 		librpc/gen_ndr/ndr_misc.o
 		librpc/gen_ndr/ndr_lsa.o
+		librpc/gen_ndr/ndr_lsads.o
 		librpc/gen_ndr/ndr_dfs.o
 		librpc/gen_ndr/ndr_samr.o
 		librpc/gen_ndr/ndr_spoolss.o

source/librpc/idl/lsa.idl

@@ -99,7 +99,7 @@
 	NTSTATUS lsa_OpenPolicy (
 		[in]       uint16 *system_name,
 		[in,ref]   lsa_ObjectAttribute *attr,
-		[in]       uint32 desired_access,
+		[in]       uint32 access_mask,
 		[out,ref]  policy_handle *handle
 		);
 	
@@ -191,18 +191,18 @@
 	} lsaPolicyInfo;
 
 	typedef union {
-		[case(1)]  lsa_AuditLogInfo audit_log;
-		[case(2)]  lsa_AuditEventsInfo audit_events;
-		[case(3)]  lsa_DomainInfo domain;
-		[case(4)]  lsa_PDAccountInfo pd;
-		[case(5)]  lsa_DomainInfo account_domain;
-		[case(6)]  lsa_ServerRole role;
-		[case(7)]  lsa_ReplicaSourceInfo replica;
-		[case(8)]  lsa_DefaultQuotaInfo quota;
-		[case(9)]  lsa_ModificationInfo db;
-		[case(10)] lsa_AuditFullSetInfo auditfullset;
-		[case(11)] lsa_AuditFullQueryInfo auditfullquery;
-		[case(12)] lsa_DnsDomainInfo dns;
+		[case(LSA_POLICY_INFO_AUDIT_LOG)]        lsa_AuditLogInfo       audit_log;
+		[case(LSA_POLICY_INFO_AUDIT_EVENTS)]     lsa_AuditEventsInfo    audit_events;
+		[case(LSA_POLICY_INFO_DOMAIN)]           lsa_DomainInfo         domain;
+		[case(LSA_POLICY_INFO_PD)]               lsa_PDAccountInfo      pd;
+		[case(LSA_POLICY_INFO_ACCOUNT_DOMAIN)]   lsa_DomainInfo         account_domain;
+		[case(LSA_POLICY_INFO_ROLE)]             lsa_ServerRole         role;
+		[case(LSA_POLICY_INFO_REPLICA)]          lsa_ReplicaSourceInfo  replica;
+		[case(LSA_POLICY_INFO_QUOTA)]            lsa_DefaultQuotaInfo   quota;
+		[case(LSA_POLICY_INFO_DB)]               lsa_ModificationInfo   db;
+		[case(LSA_POLICY_INFO_AUDIT_FULL_SET)]   lsa_AuditFullSetInfo   auditfullset;
+		[case(LSA_POLICY_INFO_AUDIT_FULL_QUERY)] lsa_AuditFullQueryInfo auditfullquery;
+		[case(LSA_POLICY_INFO_DNS)]              lsa_DnsDomainInfo      dns;
 	} lsa_PolicyInformation;
 
 	NTSTATUS lsa_QueryInfoPolicy (
@@ -224,7 +224,7 @@
 	NTSTATUS lsa_CreateAccount (
 		[in,ref]    policy_handle *handle,
 		[in,ref]    dom_sid2 *sid,
-		[in]        uint32 desired_access,
+		[in]        uint32 access_mask,
 		[out,ref]   policy_handle *acct_handle
 		);
 
@@ -258,7 +258,7 @@
 	NTSTATUS lsa_CreateTrustedDomain(
 		[in,ref]     policy_handle *handle,
 		[in,ref]     lsa_TrustInformation *info,
-		[in]         uint32 desired_access,
+		[in]         uint32 access_mask,
 		[out,ref]    policy_handle *dom_handle
 		);
 
@@ -343,7 +343,7 @@
 	NTSTATUS lsa_CreateSecret(
 		[in,ref]     policy_handle *handle,
 		[in]         lsa_Name       name,
-		[in]         uint32         desired_access,
+		[in]         uint32         access_mask,
 		[out,ref]    policy_handle *sec_handle
 		);
 
@@ -353,7 +353,7 @@
 	NTSTATUS lsa_OpenAccount (
 		[in,ref]     policy_handle *handle,
 		[in,ref]     dom_sid2 *sid,
-		[in]         uint32 desired_access,
+		[in]         uint32 access_mask,
 		[out,ref]    policy_handle *acct_handle
 		);
 
@@ -406,7 +406,7 @@
 	NTSTATUS lsa_OpenSecret(
 		[in,ref]     policy_handle *handle,
 		[in]         lsa_Name       name,
-		[in]         uint32         desired_access,
+		[in]         uint32         access_mask,
 		[out,ref]    policy_handle *sec_handle
 		);
 
@@ -493,7 +493,7 @@
 	NTSTATUS lsa_OpenPolicy2 (
 		[in]      unistr *system_name,
 		[in,ref]  lsa_ObjectAttribute *attr,
-		[in]      uint32 desired_access,
+		[in]      uint32 access_mask,
 		[out,ref] policy_handle *handle
 		);
 
@@ -503,19 +503,3 @@
 	/* Function:          0x2e */
 	NTSTATUS QUERYINFO2 ();
 }
-
-
-[ 
-  uuid(3919286a-b10c-11d0-9ba8-00c04fd92ef5),
-  version(0.0),
-  endpoints(lsarpc,lsass),
-  pointer_default(unique)
-] 
-interface lsads
-{
-
-	/*****************/
-        /* Function 0x00 */
-	void lsads_Unknown0();
-
-}

source/librpc/idl/samr.idl

@@ -125,6 +125,14 @@
 	/************************/
 	/* Function    0x08     */
 
+	/* server roles */
+	typedef enum {
+		ROLE_STANDALONE    = 0,
+		ROLE_DOMAIN_MEMBER = 1,
+		ROLE_DOMAIN_BDC    = 2,
+		ROLE_DOMAIN_PDC    = 3
+	} samr_Role;
+
 	typedef struct {
 		uint16 min_pwd_len;
 		uint16 password_history;

source/param/loadparm.c

@@ -953,7 +953,7 @@ static void init_globals(void)
 	string_set(&sDefault.fstype, FSTYPE_STRING);
 	string_set(&sDefault.ntvfs_handler, "default");
 
-	Globals.dcerpc_ep_servers = str_list_make("epmapper srvsvc wkssvc rpcecho samr netlogon", NULL);
+	Globals.dcerpc_ep_servers = str_list_make("epmapper srvsvc wkssvc rpcecho samr netlogon lsarpc", NULL);
 
 	Globals.AuthMethods = str_list_make("guest sam_ignoredomain", NULL);
 
@@ -961,8 +961,6 @@ static void init_globals(void)
 	string_set(&Globals.szPrivateDir, dyn_PRIVATE_DIR);
 	asprintf(&Globals.szSAM_URL, "tdb://%s/sam.ldb", dyn_PRIVATE_DIR);
 
-	/* use the new 'hash2' method by default, with a prefix of 1 */
-
 	string_set(&Globals.szGuestaccount, GUEST_ACCOUNT);
 
 	/* using UTF8 by default allows us to support all chars */

source/rpc_server/config.m4

@@ -12,5 +12,6 @@ SMB_MODULE_MK(dcerpc_wkssvc,DCERPC,STATIC,rpc_server/config.mk)
 SMB_MODULE_MK(dcerpc_samr,DCERPC,STATIC,rpc_server/config.mk)
 SMB_MODULE_MK(dcerpc_winreg,DCERPC,STATIC,rpc_server/config.mk)
 SMB_MODULE_MK(dcerpc_netlogon,DCERPC,STATIC,rpc_server/config.mk)
+SMB_MODULE_MK(dcerpc_lsarpc,DCERPC,STATIC,rpc_server/config.mk)
 
 SMB_SUBSYSTEM_MK(DCERPC,rpc_server/config.mk)

source/rpc_server/config.mk

@@ -103,6 +103,17 @@ REQUIRED_SUBSYSTEMS = \
 # End MODULE dcerpc_netlogon
 ################################################
 
+################################################
+# Start MODULE dcerpc_lsa
+[MODULE::dcerpc_lsarpc]
+INIT_OBJ_FILES = \
+		rpc_server/lsa/dcesrv_lsa.o
+REQUIRED_SUBSYSTEMS = \
+		SAMDB \
+		DCERPC_COMMON
+# End MODULE dcerpc_lsa
+################################################
+
 ################################################
 # Start SUBSYSTEM DCERPC
 [SUBSYSTEM::DCERPC]

source/rpc_server/lsa/dcesrv_lsa.c

@@ -0,0 +1,646 @@
+/* 
+   Unix SMB/CIFS implementation.
+
+   endpoint server for the lsarpc pipe
+
+   Copyright (C) Andrew Tridgell 2004
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 2 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program; if not, write to the Free Software
+   Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+*/
+
+#include "includes.h"
+#include "rpc_server/common/common.h"
+
+/*
+  this type allows us to distinguish handle types
+*/
+enum lsa_handle {
+	LSA_HANDLE_POLICY,
+	LSA_HANDLE_ACCOUNT,
+	LSA_HANDLE_SECRET
+};
+
+/*
+  state associated with a lsa_OpenPolicy() operation
+*/
+struct lsa_policy_state {
+	int reference_count;
+	void *sam_ctx;
+	TALLOC_CTX *mem_ctx;
+	uint32_t access_mask;
+	const char *domain_dn;
+};
+
+
+/*
+  destroy policy state
+*/
+static void lsa_Policy_close(struct lsa_policy_state *state)
+{
+	state->reference_count--;
+	if (state->reference_count == 0) {
+		samdb_close(state->sam_ctx);
+		talloc_destroy(state->mem_ctx);
+	}
+}
+
+/*
+  destroy an open policy. This closes the database connection
+*/
+static void lsa_Policy_destroy(struct dcesrv_connection *conn, struct dcesrv_handle *h)
+{
+	struct lsa_policy_state *state = h->data;
+	lsa_Policy_close(state);
+}
+
+/* 
+  lsa_Close 
+*/
+static NTSTATUS lsa_Close(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
+			  struct lsa_Close *r)
+{
+	struct dcesrv_handle *h;
+
+	*r->out.handle = *r->in.handle;
+
+	DCESRV_PULL_HANDLE(h, r->in.handle, DCESRV_HANDLE_ANY);
+
+	/* this causes the callback samr_XXX_destroy() to be called by
+	   the handle destroy code which destroys the state associated
+	   with the handle */
+	dcesrv_handle_destroy(dce_call->conn, h);
+
+	ZERO_STRUCTP(r->out.handle);
+
+	return NT_STATUS_OK;
+}
+
+
+/* 
+  lsa_Delete 
+*/
+static NTSTATUS lsa_Delete(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
+			   struct lsa_Delete *r)
+{
+	DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
+}
+
+
+/* 
+  lsa_EnumPrivs 
+*/
+static NTSTATUS lsa_EnumPrivs(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
+			      struct lsa_EnumPrivs *r)
+{
+	DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
+}
+
+
+/* 
+  lsa_QuerySecObj 
+*/
+static NTSTATUS lsa_QuerySecObj(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
+				struct lsa_QuerySecObj *r)
+{
+	DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
+}
+
+
+/* 
+  lsa_SetSecObj 
+*/
+static NTSTATUS lsa_SetSecObj(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
+			      struct lsa_SetSecObj *r)
+{
+	DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
+}
+
+
+/* 
+  lsa_ChangePassword 
+*/
+static NTSTATUS lsa_ChangePassword(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
+				   struct lsa_ChangePassword *r)
+{
+	DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
+}
+
+
+/* 
+  lsa_OpenPolicy 
+*/
+static NTSTATUS lsa_OpenPolicy(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
+			       struct lsa_OpenPolicy *r)
+{
+	struct lsa_policy_state *state;
+	struct dcesrv_handle *handle;
+	TALLOC_CTX *lsa_mem_ctx;
+
+	ZERO_STRUCTP(r->out.handle);
+
+	lsa_mem_ctx = talloc_init("lsa_OpenPolicy");
+	if (!lsa_mem_ctx) {
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	state = talloc_p(lsa_mem_ctx, struct lsa_policy_state);
+	if (!state) {
+		return NT_STATUS_NO_MEMORY;
+	}
+	state->mem_ctx = lsa_mem_ctx;
+
+	/* make sure the sam database is accessible */
+	state->sam_ctx = samdb_connect();
+	if (state->sam_ctx == NULL) {
+		talloc_destroy(state->mem_ctx);
+		return NT_STATUS_INVALID_SYSTEM_SERVICE;
+	}
+
+	/* work out the domain_dn - useful for so many calls its worth
+	   fetching here */
+	state->domain_dn = samdb_search_string(state->sam_ctx, state->mem_ctx, NULL,
+					       "dn", "(&(objectClass=domain)(!(objectclass=builtinDomain)))");
+	if (!state->domain_dn) {
+		samdb_close(state->sam_ctx);
+		talloc_destroy(state->mem_ctx);
+		return NT_STATUS_NO_SUCH_DOMAIN;		
+	}
+
+	handle = dcesrv_handle_new(dce_call->conn, LSA_HANDLE_POLICY);
+	if (!handle) {
+		talloc_destroy(state->mem_ctx);
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	handle->data = state;
+	handle->destroy = lsa_Policy_destroy;
+
+	state->reference_count = 1;
+	state->access_mask = r->in.access_mask;
+	*r->out.handle = handle->wire_handle;
+
+	/* note that we have completely ignored the attr element of
+	   the OpenPolicy. As far as I can tell, this is what w2k3
+	   does */
+
+	return NT_STATUS_OK;
+}
+
+
+/*
+  fill in the AccountDomain info
+*/
+static NTSTATUS lsa_info_AccountDomain(struct lsa_policy_state *state, TALLOC_CTX *mem_ctx,
+				       struct lsa_DomainInfo *info)
+{
+	const char * const attrs[] = { "objectSid", "name", NULL};
+	int ret;
+	struct ldb_message **res;
+
+	ret = samdb_search(state->sam_ctx, mem_ctx, NULL, &res, attrs, 
+			   "dn=%s", state->domain_dn);
+	if (ret != 1) {
+		return NT_STATUS_INTERNAL_DB_CORRUPTION;
+	}
+
+	info->name.name = samdb_result_string(res[0], "name", NULL);
+	info->sid       = samdb_result_dom_sid(mem_ctx, res[0], "objectSid");
+
+	return NT_STATUS_OK;
+}
+
+/* 
+  lsa_QueryInfoPolicy 
+*/
+static NTSTATUS lsa_QueryInfoPolicy(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
+				    struct lsa_QueryInfoPolicy *r)
+{
+	struct lsa_policy_state *state;
+	struct dcesrv_handle *h;
+
+	r->out.info = NULL;
+
+	DCESRV_PULL_HANDLE(h, r->in.handle, LSA_HANDLE_POLICY);
+
+	state = h->data;
+
+	r->out.info = talloc_p(mem_ctx, union lsa_PolicyInformation);
+	if (!r->out.info) {
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	ZERO_STRUCTP(r->out.info);
+
+	switch (r->in.level) {
+	case LSA_POLICY_INFO_ACCOUNT_DOMAIN:
+		return lsa_info_AccountDomain(state, mem_ctx, &r->out.info->account_domain);
+	}
+
+	return NT_STATUS_INVALID_INFO_CLASS;
+}
+
+
+/* 
+  lsa_SetInfoPolicy 
+*/
+static NTSTATUS lsa_SetInfoPolicy(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
+				  struct lsa_SetInfoPolicy *r)
+{
+	DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
+}
+
+
+/* 
+  lsa_ClearAuditLog 
+*/
+static NTSTATUS lsa_ClearAuditLog(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
+				  struct lsa_ClearAuditLog *r)
+{
+	DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
+}
+
+
+/* 
+  lsa_CreateAccount 
+*/
+static NTSTATUS lsa_CreateAccount(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
+				  struct lsa_CreateAccount *r)
+{
+	DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
+}
+
+
+/* 
+  lsa_EnumAccounts 
+*/
+static NTSTATUS lsa_EnumAccounts(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
+				 struct lsa_EnumAccounts *r)
+{
+	DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
+}
+
+
+/* 
+  lsa_CreateTrustedDomain 
+*/
+static NTSTATUS lsa_CreateTrustedDomain(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
+					struct lsa_CreateTrustedDomain *r)
+{
+	DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
+}
+
+
+/* 
+  lsa_EnumTrustDom 
+*/
+static NTSTATUS lsa_EnumTrustDom(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
+		       struct lsa_EnumTrustDom *r)
+{
+	DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
+}
+
+
+/* 
+  lsa_LookupNames 
+*/
+static NTSTATUS lsa_LookupNames(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
+		       struct lsa_LookupNames *r)
+{
+	DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
+}
+
+
+/* 
+  lsa_LookupSids 
+*/
+static NTSTATUS lsa_LookupSids(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
+		       struct lsa_LookupSids *r)
+{
+	DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
+}
+
+
+/* 
+  lsa_CreateSecret 
+*/
+static NTSTATUS lsa_CreateSecret(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
+		       struct lsa_CreateSecret *r)
+{
+	DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
+}
+
+
+/* 
+  lsa_OpenAccount 
+*/
+static NTSTATUS lsa_OpenAccount(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
+		       struct lsa_OpenAccount *r)
+{
+	DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
+}
+
+
+/* 
+  lsa_EnumPrivsAccount 
+*/
+static NTSTATUS lsa_EnumPrivsAccount(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
+		       struct lsa_EnumPrivsAccount *r)
+{
+	DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
+}
+
+
+/* 
+  ADDPRIVS 
+*/
+static NTSTATUS ADDPRIVS(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
+		       struct ADDPRIVS *r)
+{
+	DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
+}
+
+
+/* 
+  REMOVEPRIVS 
+*/
+static NTSTATUS REMOVEPRIVS(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
+		       struct REMOVEPRIVS *r)
+{
+	DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
+}
+
+
+/* 
+  GETQUOTAS 
+*/
+static NTSTATUS GETQUOTAS(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
+		       struct GETQUOTAS *r)
+{
+	DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
+}
+
+
+/* 
+  SETQUOTAS 
+*/
+static NTSTATUS SETQUOTAS(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
+		       struct SETQUOTAS *r)
+{
+	DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
+}
+
+
+/* 
+  GETSYSTEMACCOUNT 
+*/
+static NTSTATUS GETSYSTEMACCOUNT(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
+		       struct GETSYSTEMACCOUNT *r)
+{
+	DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
+}
+
+
+/* 
+  SETSYSTEMACCOUNT 
+*/
+static NTSTATUS SETSYSTEMACCOUNT(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
+		       struct SETSYSTEMACCOUNT *r)
+{
+	DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
+}
+
+
+/* 
+  OPENTRUSTDOM 
+*/
+static NTSTATUS OPENTRUSTDOM(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
+		       struct OPENTRUSTDOM *r)
+{
+	DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
+}
+
+
+/* 
+  QUERYTRUSTDOM 
+*/
+static NTSTATUS QUERYTRUSTDOM(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
+		       struct QUERYTRUSTDOM *r)
+{
+	DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
+}
+
+
+/* 
+  SETINFOTRUSTDOM 
+*/
+static NTSTATUS SETINFOTRUSTDOM(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
+		       struct SETINFOTRUSTDOM *r)
+{
+	DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
+}
+
+
+/* 
+  lsa_OpenSecret 
+*/
+static NTSTATUS lsa_OpenSecret(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
+		       struct lsa_OpenSecret *r)
+{
+	DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
+}
+
+
+/* 
+  lsa_SetSecret 
+*/
+static NTSTATUS lsa_SetSecret(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
+		       struct lsa_SetSecret *r)
+{
+	DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
+}
+
+
+/* 
+  lsa_QuerySecret 
+*/
+static NTSTATUS lsa_QuerySecret(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
+		       struct lsa_QuerySecret *r)
+{
+	DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
+}
+
+
+/* 
+  LOOKUPPRIVVALUE 
+*/
+static NTSTATUS LOOKUPPRIVVALUE(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
+		       struct LOOKUPPRIVVALUE *r)
+{
+	DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
+}
+
+
+/* 
+  lsa_LookupPrivName 
+*/
+static NTSTATUS lsa_LookupPrivName(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
+		       struct lsa_LookupPrivName *r)
+{
+	DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
+}
+
+
+/* 
+  PRIV_GET_DISPNAME 
+*/
+static NTSTATUS PRIV_GET_DISPNAME(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
+		       struct PRIV_GET_DISPNAME *r)
+{
+	DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
+}
+
+
+/* 
+  DELETEOBJECT 
+*/
+static NTSTATUS DELETEOBJECT(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
+		       struct DELETEOBJECT *r)
+{
+	DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
+}
+
+
+/* 
+  ENUMACCTWITHRIGHT 
+*/
+static NTSTATUS ENUMACCTWITHRIGHT(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
+		       struct ENUMACCTWITHRIGHT *r)
+{
+	DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
+}
+
+
+/* 
+  lsa_EnumAccountRights 
+*/
+static NTSTATUS lsa_EnumAccountRights(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
+		       struct lsa_EnumAccountRights *r)
+{
+	DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
+}
+
+
+/* 
+  ADDACCTRIGHTS 
+*/
+static NTSTATUS ADDACCTRIGHTS(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
+		       struct ADDACCTRIGHTS *r)
+{
+	DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
+}
+
+
+/* 
+  REMOVEACCTRIGHTS 
+*/
+static NTSTATUS REMOVEACCTRIGHTS(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
+		       struct REMOVEACCTRIGHTS *r)
+{
+	DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
+}
+
+
+/* 
+  QUERYTRUSTDOMINFO 
+*/
+static NTSTATUS QUERYTRUSTDOMINFO(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
+		       struct QUERYTRUSTDOMINFO *r)
+{
+	DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
+}
+
+
+/* 
+  SETTRUSTDOMINFO 
+*/
+static NTSTATUS SETTRUSTDOMINFO(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
+		       struct SETTRUSTDOMINFO *r)
+{
+	DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
+}
+
+
+/* 
+  DELETETRUSTDOM 
+*/
+static NTSTATUS DELETETRUSTDOM(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
+		       struct DELETETRUSTDOM *r)
+{
+	DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
+}
+
+
+/* 
+  STOREPRIVDATA 
+*/
+static NTSTATUS STOREPRIVDATA(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
+		       struct STOREPRIVDATA *r)
+{
+	DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
+}
+
+
+/* 
+  RETRPRIVDATA 
+*/
+static NTSTATUS RETRPRIVDATA(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
+		       struct RETRPRIVDATA *r)
+{
+	DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
+}
+
+
+/* 
+  lsa_OpenPolicy2 
+*/
+static NTSTATUS lsa_OpenPolicy2(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
+		       struct lsa_OpenPolicy2 *r)
+{
+	DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
+}
+
+
+/* 
+  UNK_GET_CONNUSER 
+*/
+static NTSTATUS UNK_GET_CONNUSER(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
+		       struct UNK_GET_CONNUSER *r)
+{
+	DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
+}
+
+
+/* 
+  QUERYINFO2 
+*/
+static NTSTATUS QUERYINFO2(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
+		       struct QUERYINFO2 *r)
+{
+	DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
+}
+
+
+/* include the generated boilerplate */
+#include "librpc/gen_ndr/ndr_lsa_s.c"

source/rpc_server/netlogon/dcerpc_netlogon.c

@@ -448,7 +448,7 @@ static NTSTATUS netr_ServerPasswordSet(struct dcesrv_call_state *dce_call, TALLO
   netr_LogonUasLogon 
 */
 static WERROR netr_LogonUasLogon(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
-		       struct netr_LogonUasLogon *r)
+				 struct netr_LogonUasLogon *r)
 {
 	DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
 }

source/rpc_server/samr/dcesrv_samr.c

@@ -364,14 +364,70 @@ static NTSTATUS samr_OpenDomain(struct dcesrv_call_state *dce_call, TALLOC_CTX *
 	return NT_STATUS_OK;
 }
 
+/*
+  return DomInfo2
+*/
+static NTSTATUS samr_info_DomInfo2(struct samr_domain_state *state, TALLOC_CTX *mem_ctx,
+				   struct samr_DomInfo2 *info)
+{
+	const char * const attrs[] = { "comment", "name", NULL };
+	int ret;
+	struct ldb_message **res;
+
+	ret = samdb_search(state->sam_ctx, mem_ctx, NULL, &res, attrs, 
+			   "dn=%s", state->domain_dn);
+	if (ret != 1) {
+		return NT_STATUS_INTERNAL_DB_CORRUPTION;
+	}
+
+	/* where is this supposed to come from? is it settable? */
+	info->force_logoff_time = 0x8000000000000000LL;
+
+	info->comment.name = samdb_result_string(res[0], "comment", NULL);
+	info->domain.name  = samdb_result_string(res[0], "name", NULL);
+
+	info->primary.name = lp_netbios_name();
+	info->sequence_num = 0;
+	info->role = ROLE_DOMAIN_PDC;
+	info->num_users = samdb_search_count(state->sam_ctx, mem_ctx, NULL, "(objectClass=user)");
+	info->num_groups = samdb_search_count(state->sam_ctx, mem_ctx, NULL,
+					      "(&(objectClass=group)(sAMAccountType=%u))",
+					      ATYPE_GLOBAL_GROUP);
+	info->num_aliases = samdb_search_count(state->sam_ctx, mem_ctx, NULL,
+					       "(&(objectClass=group)(sAMAccountType=%u))",
+					       ATYPE_LOCAL_GROUP);
+
+	return NT_STATUS_OK;
+}
 
 /* 
   samr_QueryDomainInfo 
 */
 static NTSTATUS samr_QueryDomainInfo(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
-		       struct samr_QueryDomainInfo *r)
+				     struct samr_QueryDomainInfo *r)
 {
-	DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
+	struct dcesrv_handle *h;
+	struct samr_domain_state *d_state;
+
+	r->out.info = NULL;
+
+	DCESRV_PULL_HANDLE(h, r->in.handle, SAMR_HANDLE_DOMAIN);
+
+	d_state = h->data;
+
+	r->out.info = talloc_p(mem_ctx, union samr_DomainInfo);
+	if (!r->out.info) {
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	ZERO_STRUCTP(r->out.info);
+
+	switch (r->in.level) {
+	case 2:
+		return samr_info_DomInfo2(d_state, mem_ctx, &r->out.info->info2);
+	}
+
+	return NT_STATUS_INVALID_INFO_CLASS;
 }
 
 

source/rpc_server/samr/samdb.c

@@ -205,6 +205,26 @@ const char *samdb_search_string(void *ctx,
 	return str;
 }
 
+/*
+  return the count of the number of records in the sam matching the query
+*/
+int samdb_search_count(void *ctx,
+		       TALLOC_CTX *mem_ctx,
+		       const char *basedn,
+		       const char *format, ...) _PRINTF_ATTRIBUTE(4,5)
+{
+	va_list ap;
+	struct ldb_message **res;
+	const char * const attrs[] = { NULL };
+	int ret;
+
+	va_start(ap, format);
+	ret = samdb_search_v(ctx, mem_ctx, basedn, &res, attrs, format, ap);
+	va_end(ap);
+
+	return ret;
+}
+
 
 /*
   search the sam for a single integer attribute in exactly 1 record

source/torture/rpc/lsa.c

@@ -51,7 +51,7 @@ static BOOL test_OpenPolicy(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx)
 
 	r.in.system_name = &system_name;
 	r.in.attr = &attr;
-	r.in.desired_access = SEC_RIGHTS_MAXIMUM_ALLOWED;
+	r.in.access_mask = SEC_RIGHTS_MAXIMUM_ALLOWED;
 	r.out.handle = &handle;
 
 	status = dcerpc_lsa_OpenPolicy(p, mem_ctx, &r);
@@ -88,7 +88,7 @@ static BOOL test_OpenPolicy2(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
 
 	r.in.system_name = "\\";
 	r.in.attr = &attr;
-	r.in.desired_access = SEC_RIGHTS_MAXIMUM_ALLOWED;
+	r.in.access_mask = SEC_RIGHTS_MAXIMUM_ALLOWED;
 	r.out.handle = handle;
 
 	status = dcerpc_lsa_OpenPolicy2(p, mem_ctx, &r);
@@ -267,7 +267,7 @@ static BOOL test_CreateAccount(struct dcerpc_pipe *p,
 
 	r.in.handle = handle;
 	r.in.sid = newsid;
-	r.in.desired_access = SEC_RIGHTS_MAXIMUM_ALLOWED;
+	r.in.access_mask = SEC_RIGHTS_MAXIMUM_ALLOWED;
 	r.out.acct_handle = &acct_handle;
 
 	status = dcerpc_lsa_CreateAccount(p, mem_ctx, &r);
@@ -303,7 +303,7 @@ static BOOL test_CreateTrustedDomain(struct dcerpc_pipe *p,
 
 	r.in.handle = handle;
 	r.in.info = &trustinfo;
-	r.in.desired_access = SEC_RIGHTS_MAXIMUM_ALLOWED;
+	r.in.access_mask = SEC_RIGHTS_MAXIMUM_ALLOWED;
 	r.out.dom_handle = &dom_handle;
 
 	status = dcerpc_lsa_CreateTrustedDomain(p, mem_ctx, &r);
@@ -348,7 +348,7 @@ static BOOL test_CreateSecret(struct dcerpc_pipe *p,
 	init_lsa_Name(&r.in.name, secname);
 
 	r.in.handle = handle;
-	r.in.desired_access = SEC_RIGHTS_MAXIMUM_ALLOWED;
+	r.in.access_mask = SEC_RIGHTS_MAXIMUM_ALLOWED;
 	r.out.sec_handle = &sec_handle;
 
 	status = dcerpc_lsa_CreateSecret(p, mem_ctx, &r);
@@ -358,7 +358,7 @@ static BOOL test_CreateSecret(struct dcerpc_pipe *p,
 	}
 
 	r2.in.handle = handle;
-	r2.in.desired_access = SEC_RIGHTS_MAXIMUM_ALLOWED;
+	r2.in.access_mask = SEC_RIGHTS_MAXIMUM_ALLOWED;
 	r2.in.name = r.in.name;
 	r2.out.sec_handle = &sec_handle2;
 
@@ -501,7 +501,7 @@ static BOOL test_OpenAccount(struct dcerpc_pipe *p,
 
 	r.in.handle = handle;
 	r.in.sid = sid;
-	r.in.desired_access = SEC_RIGHTS_MAXIMUM_ALLOWED;
+	r.in.access_mask = SEC_RIGHTS_MAXIMUM_ALLOWED;
 	r.out.acct_handle = &acct_handle;
 
 	status = dcerpc_lsa_OpenAccount(p, mem_ctx, &r);

source/torture/rpc/samr.c

@@ -2562,7 +2562,8 @@ static BOOL test_CreateDomainGroup(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
 		return True;
 	}
 
-	if (NT_STATUS_EQUAL(status, NT_STATUS_GROUP_EXISTS)) {
+	if (NT_STATUS_EQUAL(status, NT_STATUS_GROUP_EXISTS) ||
+	    NT_STATUS_EQUAL(status, NT_STATUS_USER_EXISTS)) {
 		if (!test_DeleteGroup_byname(p, mem_ctx, domain_handle, r.in.name->name)) {
 			return False;
 		}
@@ -2639,6 +2640,10 @@ static BOOL test_OpenDomain(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
 		return False;
 	}
 
+	if (!test_QuerySecurity(p, mem_ctx, &domain_handle)) {
+		ret = False;
+	}
+
 	if (!test_RemoveMemberFromForeignDomain(p, mem_ctx, &domain_handle)) {
 		ret = False;
 	}
@@ -2659,10 +2664,6 @@ static BOOL test_OpenDomain(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
 		ret = False;
 	}
 
-	if (!test_QuerySecurity(p, mem_ctx, &domain_handle)) {
-		ret = False;
-	}
-
 	if (!test_QueryDomainInfo(p, mem_ctx, &domain_handle)) {
 		ret = False;
 	}