summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--source4/librpc/rpc/dcerpc_lsa.c321
1 files changed, 318 insertions, 3 deletions
diff --git a/source4/librpc/rpc/dcerpc_lsa.c b/source4/librpc/rpc/dcerpc_lsa.c
index 9c00ce34f3..232799c44c 100644
--- a/source4/librpc/rpc/dcerpc_lsa.c
+++ b/source4/librpc/rpc/dcerpc_lsa.c
@@ -21,13 +21,58 @@
#include "includes.h"
+NTSTATUS lsa_Close(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
+ struct policy_handle *handle)
+{
+ struct lsa_Close r;
+ NTSTATUS status;
+ TALLOC_CTX *tmp_ctx;
+
+ if ((tmp_ctx = talloc_init("lsa_OpenPolicy")) == NULL)
+ return NT_STATUS_NO_MEMORY;
+
+ r.in.handle = r.out.handle = handle;
+
+ status = dcerpc_lsa_Close(p, tmp_ctx, &r);
+
+ talloc_destroy(tmp_ctx);
+
+ return status;
+}
+
+NTSTATUS lsa_Delete(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
+ struct policy_handle *handle)
+{
+ return NT_STATUS_NOT_IMPLEMENTED;
+}
+
+NTSTATUS lsa_EnumPrivs(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx)
+{
+ return NT_STATUS_NOT_IMPLEMENTED;
+}
+
+NTSTATUS lsa_SetSecObj(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx)
+{
+ return NT_STATUS_NOT_IMPLEMENTED;
+}
+
+NTSTATUS lsa_ChangePassword(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx)
+{
+ return NT_STATUS_NOT_IMPLEMENTED;
+}
+
NTSTATUS lsa_OpenPolicy(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
struct policy_handle *handle)
{
struct lsa_ObjectAttribute attr;
struct lsa_QosInfo qos;
struct lsa_OpenPolicy r;
+ NTSTATUS status;
uint16 system_name = '\\';
+ TALLOC_CTX *tmp_ctx;
+
+ if ((tmp_ctx = talloc_init("lsa_OpenPolicy")) == NULL)
+ return NT_STATUS_NO_MEMORY;
qos.len = 0;
qos.impersonation_level = 2;
@@ -46,15 +91,282 @@ NTSTATUS lsa_OpenPolicy(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
r.in.desired_access = SEC_RIGHTS_MAXIMUM_ALLOWED;
r.out.handle = handle;
- return dcerpc_lsa_OpenPolicy(p, mem_ctx, &r);
+ status = dcerpc_lsa_OpenPolicy(p, tmp_ctx, &r);
+
+ talloc_destroy(tmp_ctx);
+
+ return status;
+}
+
+NTSTATUS lsa_QueryInfoPolicy(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx)
+{
+ return NT_STATUS_NOT_IMPLEMENTED;
+}
+
+NTSTATUS lsa_SetInfoPolicy(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx)
+{
+ return NT_STATUS_NOT_IMPLEMENTED;
+}
+
+NTSTATUS lsa_ClearAuditLog(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx)
+{
+ return NT_STATUS_NOT_IMPLEMENTED;
+}
+
+NTSTATUS lsa_CreateAccount(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
+ struct policy_handle *handle)
+{
+ return NT_STATUS_NOT_IMPLEMENTED;
+}
+
+NTSTATUS lsa_EnumAccounts(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx)
+{
+ return NT_STATUS_NOT_IMPLEMENTED;
+}
+
+
+NTSTATUS lsa_CreateTrustedDomain(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
+ struct policy_handle *handle)
+{
+ return NT_STATUS_NOT_IMPLEMENTED;
+}
+
+NTSTATUS lsa_EnumTrustDom(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx)
+{
+ return NT_STATUS_NOT_IMPLEMENTED;
+}
+
+NTSTATUS lsa_LookupNames(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
+ struct policy_handle *handle, char **names,
+ uint32 num_names, struct dom_sid **sids,
+ uint32 **sid_types, uint32 *num_sids)
+{
+ struct lsa_LookupNames r;
+ struct lsa_TransSidArray lsa_sids;
+ struct lsa_Name *lsa_names;
+ uint32 count = 0;
+ NTSTATUS status;
+ int i;
+ TALLOC_CTX *tmp_ctx;
+
+ if ((tmp_ctx = talloc_init("lsa_LookupNames")) == NULL)
+ return NT_STATUS_NO_MEMORY;
+
+ lsa_sids.count = 0;
+ lsa_sids.sids = NULL;
+
+ lsa_names = talloc(tmp_ctx, num_names * sizeof(lsa_names[0]));
+
+ for (i = 0; i < num_names; i++)
+ lsa_names[i].name = names[i];
+
+ r.in.handle = handle;
+ r.in.num_names = num_names;
+ r.in.names = lsa_names;
+ r.in.sids = &lsa_sids;
+ r.in.level = 1;
+ r.in.count = &count;
+ r.out.count = &count;
+ r.out.sids = &lsa_sids;
+
+ status = dcerpc_lsa_LookupNames(p, tmp_ctx, &r);
+
+ *num_sids = count;
+
+ if ((*sids = talloc(mem_ctx, count * sizeof(struct dom_sid))) == NULL){
+ status = NT_STATUS_NO_MEMORY;
+ goto done;
+ }
+
+ if ((*sid_types = talloc(mem_ctx, count * sizeof(uint32))) == NULL) {
+ status = NT_STATUS_NO_MEMORY;
+ goto done;
+ }
+
+ /* TODO: We should really return a list of sids that is the
+ * same length as the list of names, but with sid type unknown
+ * for the case where only some of the names could be
+ * resolved. When no names are resolved the result code is
+ * NT_STATUS_NONE_MAPPED.
+ */
+
+ for (i = 0; i < count; i++) {
+ struct dom_sid *s;
+
+ s = dom_sid_add_rid(tmp_ctx, r.out.domains->domains[i].sid,
+ lsa_sids.sids[i].rid);
+
+ (*sids)[i].sid_rev_num = s->sid_rev_num;
+ (*sids)[i].num_auths = s->num_auths;
+ memcpy((*sids)[i].id_auth, s->id_auth, sizeof(s->id_auth));
+ (*sids)[i].sub_auths = talloc_steal(
+ tmp_ctx, mem_ctx, s->sub_auths);
+
+ (*sid_types)[i] = lsa_sids.sids[i].sid_type;
+ }
+
+ done:
+ talloc_destroy(tmp_ctx);
+
+ return status;
}
+NTSTATUS lsa_LookupSids(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
+ struct policy_handle *handle, struct dom_sid *sids,
+ int num_sids, char ***names, uint32 **sid_types,
+ uint32 *num_names)
+{
+ struct lsa_LookupSids r;
+ struct lsa_TransNameArray lsa_names;
+ struct lsa_SidArray lsa_sids;
+ uint32 count = num_sids;
+ NTSTATUS status;
+ TALLOC_CTX *tmp_ctx;
+ uint32 i;
+
+ if ((tmp_ctx = talloc_init("lsa_LookupNames")) == NULL)
+ return NT_STATUS_NO_MEMORY;
+
+ lsa_names.count = 0;
+ lsa_names.names = NULL;
+
+ lsa_sids.num_sids = num_sids;
+ lsa_sids.sids = talloc(tmp_ctx, num_sids * sizeof(struct lsa_SidPtr));
+
+ for (i = 0; i < num_sids; i++)
+ lsa_sids.sids[i].sid = &sids[i];
+
+ r.in.handle = handle;
+ r.in.sids = &lsa_sids;
+ r.in.names = r.out.names = &lsa_names;
+ r.in.level = 1;
+ r.in.count = r.out.count = &count;
+
+ status = dcerpc_lsa_LookupSids(p, tmp_ctx, &r);
+
+ *num_names = count;
+
+ if ((*names = talloc(mem_ctx, count * sizeof(char *))) == NULL) {
+ status = NT_STATUS_NO_MEMORY;
+ goto done;
+ }
+
+ if ((*sid_types = talloc(mem_ctx, count * sizeof(uint32))) == NULL) {
+ status = NT_STATUS_NO_MEMORY;
+ goto done;
+ }
+
+ /* TODO: Again, we need to consider the case where some of the
+ * sids could not be resolved.
+ */
+
+ for (i = 0; i < count; i++) {
+ (*names)[i] = talloc_steal(tmp_ctx, mem_ctx,
+ lsa_names.names[i].name.name);
+ (*sid_types)[i] = lsa_names.names[i].sid_type;
+ }
+
+ done:
+ talloc_destroy(tmp_ctx);
+
+ return status;
+}
+
+NTSTATUS lsa_CreateSecret(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
+ struct policy_handle *handle)
+{
+ return NT_STATUS_NOT_IMPLEMENTED;
+}
+
+NTSTATUS lsa_OpenAccount(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx)
+{
+ return NT_STATUS_NOT_IMPLEMENTED;
+}
+
+NTSTATUS lsa_EnumPrivsAccount(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
+ struct policy_handle *handle,
+ struct policy_handle *acct_handle)
+{
+ return NT_STATUS_NOT_IMPLEMENTED;
+}
+
+/* AddPrivs */
+
+/* RemovePrivs */
+
+/* GetQuotas */
+
+/* SetQuotas */
+
+/* GetSystemAccount */
+
+/* SetSystemAccount */
+
+/* OpenTrustDom */
+
+/* QueryTrustDom */
+
+/* SetInfoTrustDom */
+
+NTSTATUS lsa_OpenSecret(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx)
+{
+ return NT_STATUS_NOT_IMPLEMENTED;
+}
+
+NTSTATUS lsa_SetSecret(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx)
+{
+ return NT_STATUS_NOT_IMPLEMENTED;
+}
+
+NTSTATUS lsa_QuerySecret(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx)
+{
+ return NT_STATUS_NOT_IMPLEMENTED;
+}
+
+/* LookupPrivValue */
+
+NTSTATUS lsa_LookupPrivName(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
+ struct policy_handle *handle)
+{
+ return NT_STATUS_NOT_IMPLEMENTED;
+}
+
+/* PrivGetDispname */
+
+/* DeleteObject */
+
+/* EnumAcctWithRight */
+
+NTSTATUS lsa_EnumAccountRights(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx)
+{
+ return NT_STATUS_NOT_IMPLEMENTED;
+}
+
+/* AddAcctRights */
+
+/* RemoveAcctRights */
+
+/* QueryTrustDomInfo */
+
+/* SetTrustDomInfo */
+
+/* DeleteTrustDom */
+
+/* StorePrivData */
+
+/* RetrPrivData */
+
NTSTATUS lsa_OpenPolicy2(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
struct policy_handle *handle)
{
struct lsa_ObjectAttribute attr;
struct lsa_QosInfo qos;
struct lsa_OpenPolicy2 r;
+ TALLOC_CTX *tmp_ctx;
+ NTSTATUS status;
+
+ if ((tmp_ctx = talloc_init("lsa_OpenPolicy2")) == NULL)
+ return NT_STATUS_NO_MEMORY;
qos.len = 0;
qos.impersonation_level = 2;
@@ -73,6 +385,9 @@ NTSTATUS lsa_OpenPolicy2(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
r.in.desired_access = SEC_RIGHTS_MAXIMUM_ALLOWED;
r.out.handle = handle;
- return dcerpc_lsa_OpenPolicy2(p, mem_ctx, &r);
-}
+ status = dcerpc_lsa_OpenPolicy2(p, tmp_ctx, &r);
+ talloc_destroy(tmp_ctx);
+
+ return status;
+}