summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--source4/include/enums.h9
-rw-r--r--source4/libcli/auth/ntlmssp.h2
-rw-r--r--source4/librpc/config.m41
-rw-r--r--source4/librpc/idl/lsa.idl54
-rw-r--r--source4/librpc/idl/samr.idl8
-rw-r--r--source4/param/loadparm.c4
-rw-r--r--source4/rpc_server/config.m41
-rw-r--r--source4/rpc_server/config.mk11
-rw-r--r--source4/rpc_server/lsa/dcesrv_lsa.c646
-rw-r--r--source4/rpc_server/netlogon/dcerpc_netlogon.c2
-rw-r--r--source4/rpc_server/samr/dcesrv_samr.c60
-rw-r--r--source4/rpc_server/samr/samdb.c20
-rw-r--r--source4/torture/rpc/lsa.c14
-rw-r--r--source4/torture/rpc/samr.c11
14 files changed, 780 insertions, 63 deletions
diff --git a/source4/include/enums.h b/source4/include/enums.h
index 5be158840f..e56f403a30 100644
--- a/source4/include/enums.h
+++ b/source4/include/enums.h
@@ -29,15 +29,6 @@ enum protocol_types {PROTOCOL_NONE,PROTOCOL_CORE,PROTOCOL_COREPLUS,PROTOCOL_LANM
/* security levels */
enum security_types {SEC_SHARE,SEC_USER,SEC_SERVER,SEC_DOMAIN,SEC_ADS};
-/* server roles */
-enum server_types
-{
- ROLE_STANDALONE,
- ROLE_DOMAIN_MEMBER,
- ROLE_DOMAIN_BDC,
- ROLE_DOMAIN_PDC
-};
-
/* printing types */
enum printing_types {PRINT_BSD,PRINT_SYSV,PRINT_AIX,PRINT_HPUX,
PRINT_QNX,PRINT_PLP,PRINT_LPRNG,PRINT_SOFTQ,
diff --git a/source4/libcli/auth/ntlmssp.h b/source4/libcli/auth/ntlmssp.h
index 28487c1ab5..a5565888f1 100644
--- a/source4/libcli/auth/ntlmssp.h
+++ b/source4/libcli/auth/ntlmssp.h
@@ -76,7 +76,7 @@ typedef struct ntlmssp_state
TALLOC_CTX *mem_ctx;
unsigned int ref_count;
enum NTLMSSP_ROLE role;
- enum server_types server_role;
+ enum samr_Role server_role;
uint32_t expected_state;
BOOL unicode;
diff --git a/source4/librpc/config.m4 b/source4/librpc/config.m4
index ff012c0301..e489538aeb 100644
--- a/source4/librpc/config.m4
+++ b/source4/librpc/config.m4
@@ -10,6 +10,7 @@ SMB_SUBSYSTEM(LIBNDR_RAW,[],
librpc/gen_ndr/ndr_echo.o
librpc/gen_ndr/ndr_misc.o
librpc/gen_ndr/ndr_lsa.o
+ librpc/gen_ndr/ndr_lsads.o
librpc/gen_ndr/ndr_dfs.o
librpc/gen_ndr/ndr_samr.o
librpc/gen_ndr/ndr_spoolss.o
diff --git a/source4/librpc/idl/lsa.idl b/source4/librpc/idl/lsa.idl
index 2e3049ac78..e477ce7054 100644
--- a/source4/librpc/idl/lsa.idl
+++ b/source4/librpc/idl/lsa.idl
@@ -99,7 +99,7 @@
NTSTATUS lsa_OpenPolicy (
[in] uint16 *system_name,
[in,ref] lsa_ObjectAttribute *attr,
- [in] uint32 desired_access,
+ [in] uint32 access_mask,
[out,ref] policy_handle *handle
);
@@ -191,18 +191,18 @@
} lsaPolicyInfo;
typedef union {
- [case(1)] lsa_AuditLogInfo audit_log;
- [case(2)] lsa_AuditEventsInfo audit_events;
- [case(3)] lsa_DomainInfo domain;
- [case(4)] lsa_PDAccountInfo pd;
- [case(5)] lsa_DomainInfo account_domain;
- [case(6)] lsa_ServerRole role;
- [case(7)] lsa_ReplicaSourceInfo replica;
- [case(8)] lsa_DefaultQuotaInfo quota;
- [case(9)] lsa_ModificationInfo db;
- [case(10)] lsa_AuditFullSetInfo auditfullset;
- [case(11)] lsa_AuditFullQueryInfo auditfullquery;
- [case(12)] lsa_DnsDomainInfo dns;
+ [case(LSA_POLICY_INFO_AUDIT_LOG)] lsa_AuditLogInfo audit_log;
+ [case(LSA_POLICY_INFO_AUDIT_EVENTS)] lsa_AuditEventsInfo audit_events;
+ [case(LSA_POLICY_INFO_DOMAIN)] lsa_DomainInfo domain;
+ [case(LSA_POLICY_INFO_PD)] lsa_PDAccountInfo pd;
+ [case(LSA_POLICY_INFO_ACCOUNT_DOMAIN)] lsa_DomainInfo account_domain;
+ [case(LSA_POLICY_INFO_ROLE)] lsa_ServerRole role;
+ [case(LSA_POLICY_INFO_REPLICA)] lsa_ReplicaSourceInfo replica;
+ [case(LSA_POLICY_INFO_QUOTA)] lsa_DefaultQuotaInfo quota;
+ [case(LSA_POLICY_INFO_DB)] lsa_ModificationInfo db;
+ [case(LSA_POLICY_INFO_AUDIT_FULL_SET)] lsa_AuditFullSetInfo auditfullset;
+ [case(LSA_POLICY_INFO_AUDIT_FULL_QUERY)] lsa_AuditFullQueryInfo auditfullquery;
+ [case(LSA_POLICY_INFO_DNS)] lsa_DnsDomainInfo dns;
} lsa_PolicyInformation;
NTSTATUS lsa_QueryInfoPolicy (
@@ -224,7 +224,7 @@
NTSTATUS lsa_CreateAccount (
[in,ref] policy_handle *handle,
[in,ref] dom_sid2 *sid,
- [in] uint32 desired_access,
+ [in] uint32 access_mask,
[out,ref] policy_handle *acct_handle
);
@@ -258,7 +258,7 @@
NTSTATUS lsa_CreateTrustedDomain(
[in,ref] policy_handle *handle,
[in,ref] lsa_TrustInformation *info,
- [in] uint32 desired_access,
+ [in] uint32 access_mask,
[out,ref] policy_handle *dom_handle
);
@@ -343,7 +343,7 @@
NTSTATUS lsa_CreateSecret(
[in,ref] policy_handle *handle,
[in] lsa_Name name,
- [in] uint32 desired_access,
+ [in] uint32 access_mask,
[out,ref] policy_handle *sec_handle
);
@@ -353,7 +353,7 @@
NTSTATUS lsa_OpenAccount (
[in,ref] policy_handle *handle,
[in,ref] dom_sid2 *sid,
- [in] uint32 desired_access,
+ [in] uint32 access_mask,
[out,ref] policy_handle *acct_handle
);
@@ -406,7 +406,7 @@
NTSTATUS lsa_OpenSecret(
[in,ref] policy_handle *handle,
[in] lsa_Name name,
- [in] uint32 desired_access,
+ [in] uint32 access_mask,
[out,ref] policy_handle *sec_handle
);
@@ -493,7 +493,7 @@
NTSTATUS lsa_OpenPolicy2 (
[in] unistr *system_name,
[in,ref] lsa_ObjectAttribute *attr,
- [in] uint32 desired_access,
+ [in] uint32 access_mask,
[out,ref] policy_handle *handle
);
@@ -503,19 +503,3 @@
/* Function: 0x2e */
NTSTATUS QUERYINFO2 ();
}
-
-
-[
- uuid(3919286a-b10c-11d0-9ba8-00c04fd92ef5),
- version(0.0),
- endpoints(lsarpc,lsass),
- pointer_default(unique)
-]
-interface lsads
-{
-
- /*****************/
- /* Function 0x00 */
- void lsads_Unknown0();
-
-}
diff --git a/source4/librpc/idl/samr.idl b/source4/librpc/idl/samr.idl
index 3c9005a1f3..e428bfe0c7 100644
--- a/source4/librpc/idl/samr.idl
+++ b/source4/librpc/idl/samr.idl
@@ -125,6 +125,14 @@
/************************/
/* Function 0x08 */
+ /* server roles */
+ typedef enum {
+ ROLE_STANDALONE = 0,
+ ROLE_DOMAIN_MEMBER = 1,
+ ROLE_DOMAIN_BDC = 2,
+ ROLE_DOMAIN_PDC = 3
+ } samr_Role;
+
typedef struct {
uint16 min_pwd_len;
uint16 password_history;
diff --git a/source4/param/loadparm.c b/source4/param/loadparm.c
index 199ae5f3c2..dba8a01dfd 100644
--- a/source4/param/loadparm.c
+++ b/source4/param/loadparm.c
@@ -953,7 +953,7 @@ static void init_globals(void)
string_set(&sDefault.fstype, FSTYPE_STRING);
string_set(&sDefault.ntvfs_handler, "default");
- Globals.dcerpc_ep_servers = str_list_make("epmapper srvsvc wkssvc rpcecho samr netlogon", NULL);
+ Globals.dcerpc_ep_servers = str_list_make("epmapper srvsvc wkssvc rpcecho samr netlogon lsarpc", NULL);
Globals.AuthMethods = str_list_make("guest sam_ignoredomain", NULL);
@@ -961,8 +961,6 @@ static void init_globals(void)
string_set(&Globals.szPrivateDir, dyn_PRIVATE_DIR);
asprintf(&Globals.szSAM_URL, "tdb://%s/sam.ldb", dyn_PRIVATE_DIR);
- /* use the new 'hash2' method by default, with a prefix of 1 */
-
string_set(&Globals.szGuestaccount, GUEST_ACCOUNT);
/* using UTF8 by default allows us to support all chars */
diff --git a/source4/rpc_server/config.m4 b/source4/rpc_server/config.m4
index 3841439182..13a575bac1 100644
--- a/source4/rpc_server/config.m4
+++ b/source4/rpc_server/config.m4
@@ -12,5 +12,6 @@ SMB_MODULE_MK(dcerpc_wkssvc,DCERPC,STATIC,rpc_server/config.mk)
SMB_MODULE_MK(dcerpc_samr,DCERPC,STATIC,rpc_server/config.mk)
SMB_MODULE_MK(dcerpc_winreg,DCERPC,STATIC,rpc_server/config.mk)
SMB_MODULE_MK(dcerpc_netlogon,DCERPC,STATIC,rpc_server/config.mk)
+SMB_MODULE_MK(dcerpc_lsarpc,DCERPC,STATIC,rpc_server/config.mk)
SMB_SUBSYSTEM_MK(DCERPC,rpc_server/config.mk)
diff --git a/source4/rpc_server/config.mk b/source4/rpc_server/config.mk
index f344e6b651..da6adaa220 100644
--- a/source4/rpc_server/config.mk
+++ b/source4/rpc_server/config.mk
@@ -104,6 +104,17 @@ REQUIRED_SUBSYSTEMS = \
################################################
################################################
+# Start MODULE dcerpc_lsa
+[MODULE::dcerpc_lsarpc]
+INIT_OBJ_FILES = \
+ rpc_server/lsa/dcesrv_lsa.o
+REQUIRED_SUBSYSTEMS = \
+ SAMDB \
+ DCERPC_COMMON
+# End MODULE dcerpc_lsa
+################################################
+
+################################################
# Start SUBSYSTEM DCERPC
[SUBSYSTEM::DCERPC]
INIT_OBJ_FILES = \
diff --git a/source4/rpc_server/lsa/dcesrv_lsa.c b/source4/rpc_server/lsa/dcesrv_lsa.c
new file mode 100644
index 0000000000..6ea782a8f2
--- /dev/null
+++ b/source4/rpc_server/lsa/dcesrv_lsa.c
@@ -0,0 +1,646 @@
+/*
+ Unix SMB/CIFS implementation.
+
+ endpoint server for the lsarpc pipe
+
+ Copyright (C) Andrew Tridgell 2004
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 2 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program; if not, write to the Free Software
+ Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+*/
+
+#include "includes.h"
+#include "rpc_server/common/common.h"
+
+/*
+ this type allows us to distinguish handle types
+*/
+enum lsa_handle {
+ LSA_HANDLE_POLICY,
+ LSA_HANDLE_ACCOUNT,
+ LSA_HANDLE_SECRET
+};
+
+/*
+ state associated with a lsa_OpenPolicy() operation
+*/
+struct lsa_policy_state {
+ int reference_count;
+ void *sam_ctx;
+ TALLOC_CTX *mem_ctx;
+ uint32_t access_mask;
+ const char *domain_dn;
+};
+
+
+/*
+ destroy policy state
+*/
+static void lsa_Policy_close(struct lsa_policy_state *state)
+{
+ state->reference_count--;
+ if (state->reference_count == 0) {
+ samdb_close(state->sam_ctx);
+ talloc_destroy(state->mem_ctx);
+ }
+}
+
+/*
+ destroy an open policy. This closes the database connection
+*/
+static void lsa_Policy_destroy(struct dcesrv_connection *conn, struct dcesrv_handle *h)
+{
+ struct lsa_policy_state *state = h->data;
+ lsa_Policy_close(state);
+}
+
+/*
+ lsa_Close
+*/
+static NTSTATUS lsa_Close(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
+ struct lsa_Close *r)
+{
+ struct dcesrv_handle *h;
+
+ *r->out.handle = *r->in.handle;
+
+ DCESRV_PULL_HANDLE(h, r->in.handle, DCESRV_HANDLE_ANY);
+
+ /* this causes the callback samr_XXX_destroy() to be called by
+ the handle destroy code which destroys the state associated
+ with the handle */
+ dcesrv_handle_destroy(dce_call->conn, h);
+
+ ZERO_STRUCTP(r->out.handle);
+
+ return NT_STATUS_OK;
+}
+
+
+/*
+ lsa_Delete
+*/
+static NTSTATUS lsa_Delete(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
+ struct lsa_Delete *r)
+{
+ DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
+}
+
+
+/*
+ lsa_EnumPrivs
+*/
+static NTSTATUS lsa_EnumPrivs(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
+ struct lsa_EnumPrivs *r)
+{
+ DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
+}
+
+
+/*
+ lsa_QuerySecObj
+*/
+static NTSTATUS lsa_QuerySecObj(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
+ struct lsa_QuerySecObj *r)
+{
+ DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
+}
+
+
+/*
+ lsa_SetSecObj
+*/
+static NTSTATUS lsa_SetSecObj(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
+ struct lsa_SetSecObj *r)
+{
+ DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
+}
+
+
+/*
+ lsa_ChangePassword
+*/
+static NTSTATUS lsa_ChangePassword(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
+ struct lsa_ChangePassword *r)
+{
+ DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
+}
+
+
+/*
+ lsa_OpenPolicy
+*/
+static NTSTATUS lsa_OpenPolicy(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
+ struct lsa_OpenPolicy *r)
+{
+ struct lsa_policy_state *state;
+ struct dcesrv_handle *handle;
+ TALLOC_CTX *lsa_mem_ctx;
+
+ ZERO_STRUCTP(r->out.handle);
+
+ lsa_mem_ctx = talloc_init("lsa_OpenPolicy");
+ if (!lsa_mem_ctx) {
+ return NT_STATUS_NO_MEMORY;
+ }
+
+ state = talloc_p(lsa_mem_ctx, struct lsa_policy_state);
+ if (!state) {
+ return NT_STATUS_NO_MEMORY;
+ }
+ state->mem_ctx = lsa_mem_ctx;
+
+ /* make sure the sam database is accessible */
+ state->sam_ctx = samdb_connect();
+ if (state->sam_ctx == NULL) {
+ talloc_destroy(state->mem_ctx);
+ return NT_STATUS_INVALID_SYSTEM_SERVICE;
+ }
+
+ /* work out the domain_dn - useful for so many calls its worth
+ fetching here */
+ state->domain_dn = samdb_search_string(state->sam_ctx, state->mem_ctx, NULL,
+ "dn", "(&(objectClass=domain)(!(objectclass=builtinDomain)))");
+ if (!state->domain_dn) {
+ samdb_close(state->sam_ctx);
+ talloc_destroy(state->mem_ctx);
+ return NT_STATUS_NO_SUCH_DOMAIN;
+ }
+
+ handle = dcesrv_handle_new(dce_call->conn, LSA_HANDLE_POLICY);
+ if (!handle) {
+ talloc_destroy(state->mem_ctx);
+ return NT_STATUS_NO_MEMORY;
+ }
+
+ handle->data = state;
+ handle->destroy = lsa_Policy_destroy;
+
+ state->reference_count = 1;
+ state->access_mask = r->in.access_mask;
+ *r->out.handle = handle->wire_handle;
+
+ /* note that we have completely ignored the attr element of
+ the OpenPolicy. As far as I can tell, this is what w2k3
+ does */
+
+ return NT_STATUS_OK;
+}
+
+
+/*
+ fill in the AccountDomain info
+*/
+static NTSTATUS lsa_info_AccountDomain(struct lsa_policy_state *state, TALLOC_CTX *mem_ctx,
+ struct lsa_DomainInfo *info)
+{
+ const char * const attrs[] = { "objectSid", "name", NULL};
+ int ret;
+ struct ldb_message **res;
+
+ ret = samdb_search(state->sam_ctx, mem_ctx, NULL, &res, attrs,
+ "dn=%s", state->domain_dn);
+ if (ret != 1) {
+ return NT_STATUS_INTERNAL_DB_CORRUPTION;
+ }
+
+ info->name.name = samdb_result_string(res[0], "name", NULL);
+ info->sid = samdb_result_dom_sid(mem_ctx, res[0], "objectSid");
+
+ return NT_STATUS_OK;
+}
+
+/*
+ lsa_QueryInfoPolicy
+*/
+static NTSTATUS lsa_QueryInfoPolicy(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
+ struct lsa_QueryInfoPolicy *r)
+{
+ struct lsa_policy_state *state;
+ struct dcesrv_handle *h;
+
+ r->out.info = NULL;
+
+ DCESRV_PULL_HANDLE(h, r->in.handle, LSA_HANDLE_POLICY);
+
+ state = h->data;
+
+ r->out.info = talloc_p(mem_ctx, union lsa_PolicyInformation);
+ if (!r->out.info) {
+ return NT_STATUS_NO_MEMORY;
+ }
+
+ ZERO_STRUCTP(r->out.info);
+
+ switch (r->in.level) {
+ case LSA_POLICY_INFO_ACCOUNT_DOMAIN:
+ return lsa_info_AccountDomain(state, mem_ctx, &r->out.info->account_domain);
+ }
+
+ return NT_STATUS_INVALID_INFO_CLASS;
+}
+
+
+/*
+ lsa_SetInfoPolicy
+*/
+static NTSTATUS lsa_SetInfoPolicy(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
+ struct lsa_SetInfoPolicy *r)
+{
+ DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
+}
+
+
+/*
+ lsa_ClearAuditLog
+*/
+static NTSTATUS lsa_ClearAuditLog(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
+ struct lsa_ClearAuditLog *r)
+{
+ DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
+}
+
+
+/*
+ lsa_CreateAccount
+*/
+static NTSTATUS lsa_CreateAccount(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
+ struct lsa_CreateAccount *r)
+{
+ DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
+}
+
+
+/*
+ lsa_EnumAccounts
+*/
+static NTSTATUS lsa_EnumAccounts(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
+ struct lsa_EnumAccounts *r)
+{
+ DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
+}
+
+
+/*
+ lsa_CreateTrustedDomain
+*/
+static NTSTATUS lsa_CreateTrustedDomain(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
+ struct lsa_CreateTrustedDomain *r)
+{
+ DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
+}
+
+
+/*
+ lsa_EnumTrustDom
+*/
+static NTSTATUS lsa_EnumTrustDom(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
+ struct lsa_EnumTrustDom *r)
+{
+ DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
+}
+
+
+/*
+ lsa_LookupNames
+*/
+static NTSTATUS lsa_LookupNames(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
+ struct lsa_LookupNames *r)
+{
+ DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
+}
+
+
+/*
+ lsa_LookupSids
+*/
+static NTSTATUS lsa_LookupSids(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
+ struct lsa_LookupSids *r)
+{
+ DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
+}
+
+
+/*
+ lsa_CreateSecret
+*/
+static NTSTATUS lsa_CreateSecret(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
+ struct lsa_CreateSecret *r)
+{
+ DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
+}
+
+
+/*
+ lsa_OpenAccount
+*/
+static NTSTATUS lsa_OpenAccount(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
+ struct lsa_OpenAccount *r)
+{
+ DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
+}
+
+
+/*
+ lsa_EnumPrivsAccount
+*/
+static NTSTATUS lsa_EnumPrivsAccount(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
+ struct lsa_EnumPrivsAccount *r)
+{
+ DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
+}
+
+
+/*
+ ADDPRIVS
+*/
+static NTSTATUS ADDPRIVS(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
+ struct ADDPRIVS *r)
+{
+ DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
+}
+
+
+/*
+ REMOVEPRIVS
+*/
+static NTSTATUS REMOVEPRIVS(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
+ struct REMOVEPRIVS *r)
+{
+ DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
+}
+
+
+/*
+ GETQUOTAS
+*/
+static NTSTATUS GETQUOTAS(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
+ struct GETQUOTAS *r)
+{
+ DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
+}
+
+
+/*
+ SETQUOTAS
+*/
+static NTSTATUS SETQUOTAS(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
+ struct SETQUOTAS *r)
+{
+ DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
+}
+
+
+/*
+ GETSYSTEMACCOUNT
+*/
+static NTSTATUS GETSYSTEMACCOUNT(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
+ struct GETSYSTEMACCOUNT *r)
+{
+ DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
+}
+
+
+/*
+ SETSYSTEMACCOUNT
+*/
+static NTSTATUS SETSYSTEMACCOUNT(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
+ struct SETSYSTEMACCOUNT *r)
+{
+ DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
+}
+
+
+/*
+ OPENTRUSTDOM
+*/
+static NTSTATUS OPENTRUSTDOM(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
+ struct OPENTRUSTDOM *r)
+{
+ DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
+}
+
+
+/*
+ QUERYTRUSTDOM
+*/
+static NTSTATUS QUERYTRUSTDOM(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
+ struct QUERYTRUSTDOM *r)
+{
+ DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
+}
+
+
+/*
+ SETINFOTRUSTDOM
+*/
+static NTSTATUS SETINFOTRUSTDOM(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
+ struct SETINFOTRUSTDOM *r)
+{
+ DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
+}
+
+
+/*
+ lsa_OpenSecret
+*/
+static NTSTATUS lsa_OpenSecret(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
+ struct lsa_OpenSecret *r)
+{
+ DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
+}
+
+
+/*
+ lsa_SetSecret
+*/
+static NTSTATUS lsa_SetSecret(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
+ struct lsa_SetSecret *r)
+{
+ DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
+}
+
+
+/*
+ lsa_QuerySecret
+*/
+static NTSTATUS lsa_QuerySecret(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
+ struct lsa_QuerySecret *r)
+{
+ DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
+}
+
+
+/*
+ LOOKUPPRIVVALUE
+*/
+static NTSTATUS LOOKUPPRIVVALUE(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
+ struct LOOKUPPRIVVALUE *r)
+{
+ DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
+}
+
+
+/*
+ lsa_LookupPrivName
+*/
+static NTSTATUS lsa_LookupPrivName(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
+ struct lsa_LookupPrivName *r)
+{
+ DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
+}
+
+
+/*
+ PRIV_GET_DISPNAME
+*/
+static NTSTATUS PRIV_GET_DISPNAME(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
+ struct PRIV_GET_DISPNAME *r)
+{
+ DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
+}
+
+
+/*
+ DELETEOBJECT
+*/
+static NTSTATUS DELETEOBJECT(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
+ struct DELETEOBJECT *r)
+{
+ DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
+}
+
+
+/*
+ ENUMACCTWITHRIGHT
+*/
+static NTSTATUS ENUMACCTWITHRIGHT(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
+ struct ENUMACCTWITHRIGHT *r)
+{
+ DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
+}
+
+
+/*
+ lsa_EnumAccountRights
+*/
+static NTSTATUS lsa_EnumAccountRights(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
+ struct lsa_EnumAccountRights *r)
+{
+ DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
+}
+
+
+/*
+ ADDACCTRIGHTS
+*/
+static NTSTATUS ADDACCTRIGHTS(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
+ struct ADDACCTRIGHTS *r)
+{
+ DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
+}
+
+
+/*
+ REMOVEACCTRIGHTS
+*/
+static NTSTATUS REMOVEACCTRIGHTS(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
+ struct REMOVEACCTRIGHTS *r)
+{
+ DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
+}
+
+
+/*
+ QUERYTRUSTDOMINFO
+*/
+static NTSTATUS QUERYTRUSTDOMINFO(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
+ struct QUERYTRUSTDOMINFO *r)
+{
+ DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
+}
+
+
+/*
+ SETTRUSTDOMINFO
+*/
+static NTSTATUS SETTRUSTDOMINFO(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
+ struct SETTRUSTDOMINFO *r)
+{
+ DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
+}
+
+
+/*
+ DELETETRUSTDOM
+*/
+static NTSTATUS DELETETRUSTDOM(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
+ struct DELETETRUSTDOM *r)
+{
+ DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
+}
+
+
+/*
+ STOREPRIVDATA
+*/
+static NTSTATUS STOREPRIVDATA(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
+ struct STOREPRIVDATA *r)
+{
+ DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
+}
+
+
+/*
+ RETRPRIVDATA
+*/
+static NTSTATUS RETRPRIVDATA(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
+ struct RETRPRIVDATA *r)
+{
+ DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
+}
+
+
+/*
+ lsa_OpenPolicy2
+*/
+static NTSTATUS lsa_OpenPolicy2(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
+ struct lsa_OpenPolicy2 *r)
+{
+ DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
+}
+
+
+/*
+ UNK_GET_CONNUSER
+*/
+static NTSTATUS UNK_GET_CONNUSER(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
+ struct UNK_GET_CONNUSER *r)
+{
+ DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
+}
+
+
+/*
+ QUERYINFO2
+*/
+static NTSTATUS QUERYINFO2(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
+ struct QUERYINFO2 *r)
+{
+ DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
+}
+
+
+/* include the generated boilerplate */
+#include "librpc/gen_ndr/ndr_lsa_s.c"
diff --git a/source4/rpc_server/netlogon/dcerpc_netlogon.c b/source4/rpc_server/netlogon/dcerpc_netlogon.c
index 336da6821e..4481df6aa8 100644
--- a/source4/rpc_server/netlogon/dcerpc_netlogon.c
+++ b/source4/rpc_server/netlogon/dcerpc_netlogon.c
@@ -448,7 +448,7 @@ static NTSTATUS netr_ServerPasswordSet(struct dcesrv_call_state *dce_call, TALLO
netr_LogonUasLogon
*/
static WERROR netr_LogonUasLogon(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
- struct netr_LogonUasLogon *r)
+ struct netr_LogonUasLogon *r)
{
DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
}
diff --git a/source4/rpc_server/samr/dcesrv_samr.c b/source4/rpc_server/samr/dcesrv_samr.c
index 322ef3a11c..eba36e53fa 100644
--- a/source4/rpc_server/samr/dcesrv_samr.c
+++ b/source4/rpc_server/samr/dcesrv_samr.c
@@ -364,14 +364,70 @@ static NTSTATUS samr_OpenDomain(struct dcesrv_call_state *dce_call, TALLOC_CTX *
return NT_STATUS_OK;
}
+/*
+ return DomInfo2
+*/
+static NTSTATUS samr_info_DomInfo2(struct samr_domain_state *state, TALLOC_CTX *mem_ctx,
+ struct samr_DomInfo2 *info)
+{
+ const char * const attrs[] = { "comment", "name", NULL };
+ int ret;
+ struct ldb_message **res;
+
+ ret = samdb_search(state->sam_ctx, mem_ctx, NULL, &res, attrs,
+ "dn=%s", state->domain_dn);
+ if (ret != 1) {
+ return NT_STATUS_INTERNAL_DB_CORRUPTION;
+ }
+
+ /* where is this supposed to come from? is it settable? */
+ info->force_logoff_time = 0x8000000000000000LL;
+
+ info->comment.name = samdb_result_string(res[0], "comment", NULL);
+ info->domain.name = samdb_result_string(res[0], "name", NULL);
+
+ info->primary.name = lp_netbios_name();
+ info->sequence_num = 0;
+ info->role = ROLE_DOMAIN_PDC;
+ info->num_users = samdb_search_count(state->sam_ctx, mem_ctx, NULL, "(objectClass=user)");
+ info->num_groups = samdb_search_count(state->sam_ctx, mem_ctx, NULL,
+ "(&(objectClass=group)(sAMAccountType=%u))",
+ ATYPE_GLOBAL_GROUP);
+ info->num_aliases = samdb_search_count(state->sam_ctx, mem_ctx, NULL,
+ "(&(objectClass=group)(sAMAccountType=%u))",
+ ATYPE_LOCAL_GROUP);
+
+ return NT_STATUS_OK;
+}
/*
samr_QueryDomainInfo
*/
static NTSTATUS samr_QueryDomainInfo(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
- struct samr_QueryDomainInfo *r)
+ struct samr_QueryDomainInfo *r)
{
- DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
+ struct dcesrv_handle *h;
+ struct samr_domain_state *d_state;
+
+ r->out.info = NULL;
+
+ DCESRV_PULL_HANDLE(h, r->in.handle, SAMR_HANDLE_DOMAIN);
+
+ d_state = h->data;
+
+ r->out.info = talloc_p(mem_ctx, union samr_DomainInfo);
+ if (!r->out.info) {
+ return NT_STATUS_NO_MEMORY;
+ }
+
+ ZERO_STRUCTP(r->out.info);
+
+ switch (r->in.level) {
+ case 2:
+ return samr_info_DomInfo2(d_state, mem_ctx, &r->out.info->info2);
+ }
+
+ return NT_STATUS_INVALID_INFO_CLASS;
}
diff --git a/source4/rpc_server/samr/samdb.c b/source4/rpc_server/samr/samdb.c
index fd643c7bb0..12319cf84a 100644
--- a/source4/rpc_server/samr/samdb.c
+++ b/source4/rpc_server/samr/samdb.c
@@ -205,6 +205,26 @@ const char *samdb_search_string(void *ctx,
return str;
}
+/*
+ return the count of the number of records in the sam matching the query
+*/
+int samdb_search_count(void *ctx,
+ TALLOC_CTX *mem_ctx,
+ const char *basedn,
+ const char *format, ...) _PRINTF_ATTRIBUTE(4,5)
+{
+ va_list ap;
+ struct ldb_message **res;
+ const char * const attrs[] = { NULL };
+ int ret;
+
+ va_start(ap, format);
+ ret = samdb_search_v(ctx, mem_ctx, basedn, &res, attrs, format, ap);
+ va_end(ap);
+
+ return ret;
+}
+
/*
search the sam for a single integer attribute in exactly 1 record
diff --git a/source4/torture/rpc/lsa.c b/source4/torture/rpc/lsa.c
index 306197dcf2..031070caa6 100644
--- a/source4/torture/rpc/lsa.c
+++ b/source4/torture/rpc/lsa.c
@@ -51,7 +51,7 @@ static BOOL test_OpenPolicy(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx)
r.in.system_name = &system_name;
r.in.attr = &attr;
- r.in.desired_access = SEC_RIGHTS_MAXIMUM_ALLOWED;
+ r.in.access_mask = SEC_RIGHTS_MAXIMUM_ALLOWED;
r.out.handle = &handle;
status = dcerpc_lsa_OpenPolicy(p, mem_ctx, &r);
@@ -88,7 +88,7 @@ static BOOL test_OpenPolicy2(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
r.in.system_name = "\\";
r.in.attr = &attr;
- r.in.desired_access = SEC_RIGHTS_MAXIMUM_ALLOWED;
+ r.in.access_mask = SEC_RIGHTS_MAXIMUM_ALLOWED;
r.out.handle = handle;
status = dcerpc_lsa_OpenPolicy2(p, mem_ctx, &r);
@@ -267,7 +267,7 @@ static BOOL test_CreateAccount(struct dcerpc_pipe *p,
r.in.handle = handle;
r.in.sid = newsid;
- r.in.desired_access = SEC_RIGHTS_MAXIMUM_ALLOWED;
+ r.in.access_mask = SEC_RIGHTS_MAXIMUM_ALLOWED;
r.out.acct_handle = &acct_handle;
status = dcerpc_lsa_CreateAccount(p, mem_ctx, &r);
@@ -303,7 +303,7 @@ static BOOL test_CreateTrustedDomain(struct dcerpc_pipe *p,
r.in.handle = handle;
r.in.info = &trustinfo;
- r.in.desired_access = SEC_RIGHTS_MAXIMUM_ALLOWED;
+ r.in.access_mask = SEC_RIGHTS_MAXIMUM_ALLOWED;
r.out.dom_handle = &dom_handle;
status = dcerpc_lsa_CreateTrustedDomain(p, mem_ctx, &r);
@@ -348,7 +348,7 @@ static BOOL test_CreateSecret(struct dcerpc_pipe *p,
init_lsa_Name(&r.in.name, secname);
r.in.handle = handle;
- r.in.desired_access = SEC_RIGHTS_MAXIMUM_ALLOWED;
+ r.in.access_mask = SEC_RIGHTS_MAXIMUM_ALLOWED;
r.out.sec_handle = &sec_handle;
status = dcerpc_lsa_CreateSecret(p, mem_ctx, &r);
@@ -358,7 +358,7 @@ static BOOL test_CreateSecret(struct dcerpc_pipe *p,
}
r2.in.handle = handle;
- r2.in.desired_access = SEC_RIGHTS_MAXIMUM_ALLOWED;
+ r2.in.access_mask = SEC_RIGHTS_MAXIMUM_ALLOWED;
r2.in.name = r.in.name;
r2.out.sec_handle = &sec_handle2;
@@ -501,7 +501,7 @@ static BOOL test_OpenAccount(struct dcerpc_pipe *p,
r.in.handle = handle;
r.in.sid = sid;
- r.in.desired_access = SEC_RIGHTS_MAXIMUM_ALLOWED;
+ r.in.access_mask = SEC_RIGHTS_MAXIMUM_ALLOWED;
r.out.acct_handle = &acct_handle;
status = dcerpc_lsa_OpenAccount(p, mem_ctx, &r);
diff --git a/source4/torture/rpc/samr.c b/source4/torture/rpc/samr.c
index 9d90a8b136..a1b01b533f 100644
--- a/source4/torture/rpc/samr.c
+++ b/source4/torture/rpc/samr.c
@@ -2562,7 +2562,8 @@ static BOOL test_CreateDomainGroup(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
return True;
}
- if (NT_STATUS_EQUAL(status, NT_STATUS_GROUP_EXISTS)) {
+ if (NT_STATUS_EQUAL(status, NT_STATUS_GROUP_EXISTS) ||
+ NT_STATUS_EQUAL(status, NT_STATUS_USER_EXISTS)) {
if (!test_DeleteGroup_byname(p, mem_ctx, domain_handle, r.in.name->name)) {
return False;
}
@@ -2639,6 +2640,10 @@ static BOOL test_OpenDomain(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
return False;
}
+ if (!test_QuerySecurity(p, mem_ctx, &domain_handle)) {
+ ret = False;
+ }
+
if (!test_RemoveMemberFromForeignDomain(p, mem_ctx, &domain_handle)) {
ret = False;
}
@@ -2659,10 +2664,6 @@ static BOOL test_OpenDomain(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
ret = False;
}
- if (!test_QuerySecurity(p, mem_ctx, &domain_handle)) {
- ret = False;
- }
-
if (!test_QueryDomainInfo(p, mem_ctx, &domain_handle)) {
ret = False;
}