summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--source3/rpc_server/lsa/srv_lsa_nt.c78
1 files changed, 77 insertions, 1 deletions
diff --git a/source3/rpc_server/lsa/srv_lsa_nt.c b/source3/rpc_server/lsa/srv_lsa_nt.c
index d190775111..e3b5009e31 100644
--- a/source3/rpc_server/lsa/srv_lsa_nt.c
+++ b/source3/rpc_server/lsa/srv_lsa_nt.c
@@ -1480,12 +1480,88 @@ NTSTATUS _lsa_OpenSecret(struct pipes_struct *p, struct lsa_OpenSecret *r)
}
/***************************************************************************
+ _lsa_OpenTrustedDomain_base
+ ***************************************************************************/
+
+static NTSTATUS _lsa_OpenTrustedDomain_base(struct pipes_struct *p,
+ uint32_t access_mask,
+ struct trustdom_info *info,
+ struct policy_handle *handle)
+{
+ struct security_descriptor *psd = NULL;
+ size_t sd_size;
+ uint32_t acc_granted;
+ NTSTATUS status;
+
+ /* des_access is for the account here, not the policy
+ * handle - so don't check against policy handle. */
+
+ /* Work out max allowed. */
+ map_max_allowed_access(p->server_info->security_token,
+ &p->server_info->utok,
+ &access_mask);
+
+ /* map the generic bits to the lsa account ones */
+ se_map_generic(&access_mask, &lsa_account_mapping);
+
+ /* get the generic lsa account SD until we store it */
+ status = make_lsa_object_sd(p->mem_ctx, &psd, &sd_size,
+ &lsa_trusted_domain_mapping,
+ NULL, 0);
+ if (!NT_STATUS_IS_OK(status)) {
+ return status;
+ }
+
+ status = access_check_object(psd, p->server_info->security_token,
+ SEC_PRIV_INVALID, SEC_PRIV_INVALID, 0,
+ access_mask, &acc_granted,
+ "_lsa_OpenTrustedDomain");
+ if (!NT_STATUS_IS_OK(status)) {
+ return status;
+ }
+
+ status = create_lsa_policy_handle(p->mem_ctx, p,
+ LSA_HANDLE_TRUST_TYPE,
+ acc_granted,
+ &info->sid,
+ info->name,
+ psd,
+ handle);
+ if (!NT_STATUS_IS_OK(status)) {
+ return NT_STATUS_OBJECT_NAME_NOT_FOUND;
+ }
+
+ return NT_STATUS_OK;
+}
+
+/***************************************************************************
+ _lsa_OpenTrustedDomain
***************************************************************************/
NTSTATUS _lsa_OpenTrustedDomain(struct pipes_struct *p,
struct lsa_OpenTrustedDomain *r)
{
- return NT_STATUS_OBJECT_NAME_NOT_FOUND;
+ struct lsa_info *handle = NULL;
+ struct trustdom_info *info;
+ NTSTATUS status;
+
+ if (!find_policy_by_hnd(p, r->in.handle, (void **)(void *)&handle)) {
+ return NT_STATUS_INVALID_HANDLE;
+ }
+
+ if (handle->type != LSA_HANDLE_POLICY_TYPE) {
+ return NT_STATUS_INVALID_HANDLE;
+ }
+
+ status = lsa_lookup_trusted_domain_by_sid(p->mem_ctx,
+ r->in.sid,
+ &info);
+ if (!NT_STATUS_IS_OK(status)) {
+ return status;
+ }
+
+ return _lsa_OpenTrustedDomain_base(p, r->in.access_mask, info,
+ r->out.trustdom_handle);
}
/***************************************************************************