/* 
 *  Unix SMB/CIFS implementation.
 *  RPC Pipe client / server routines
 *  Copyright (C) Andrew Tridgell              1992-1997,
 *  Copyright (C) Luke Kenneth Casson Leighton 1996-1997,
 *  Copyright (C) Paul Ashton                       1997,
 *  Copyright (C) Jeremy Allison                    2001,
 *  Copyright (C) Jim McDonough <jmcd@us.ibm.com> 2002-2003.
 *  Copyright (C) Gerald (Jerry) Carter             2005
 *
 *  This program is free software; you can redistribute it and/or modify
 *  it under the terms of the GNU General Public License as published by
 *  the Free Software Foundation; either version 3 of the License, or
 *  (at your option) any later version.
 *  
 *  This program is distributed in the hope that it will be useful,
 *  but WITHOUT ANY WARRANTY; without even the implied warranty of
 *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 *  GNU General Public License for more details.
 *  
 *  You should have received a copy of the GNU General Public License
 *  along with this program; if not, see <http://www.gnu.org/licenses/>.
 */

/* This is the interface to the lsa server code. */

#include "includes.h"

#undef DBGC_CLASS
#define DBGC_CLASS DBGC_RPC_SRV

static bool proxy_lsa_call(pipes_struct *p, uint8 opnum)
{
	struct api_struct *fns;
	int n_fns;

	lsarpc_get_pipe_fns(&fns, &n_fns);

	if (opnum >= n_fns)
		return False;

	if (fns[opnum].opnum != opnum) {
		smb_panic("LSA function table not sorted");
	}

	return fns[opnum].fn(p);
}

/***************************************************************************
 api_lsa_open_policy2
 ***************************************************************************/

static bool api_lsa_open_policy2(pipes_struct *p)
{
	return proxy_lsa_call(p, NDR_LSA_OPENPOLICY2);
}

/***************************************************************************
api_lsa_open_policy
 ***************************************************************************/

static bool api_lsa_open_policy(pipes_struct *p)
{
	return proxy_lsa_call(p, NDR_LSA_OPENPOLICY);
}

/***************************************************************************
 api_lsa_enum_trust_dom
 ***************************************************************************/

static bool api_lsa_enum_trust_dom(pipes_struct *p)
{
	return proxy_lsa_call(p, NDR_LSA_ENUMTRUSTDOM);
}

/***************************************************************************
 api_lsa_query_info
 ***************************************************************************/

static bool api_lsa_query_info(pipes_struct *p)
{
	return proxy_lsa_call(p, NDR_LSA_QUERYINFOPOLICY);
}

/***************************************************************************
 api_lsa_lookup_sids
 ***************************************************************************/

static bool api_lsa_lookup_sids(pipes_struct *p)
{
	LSA_Q_LOOKUP_SIDS q_u;
	LSA_R_LOOKUP_SIDS r_u;
	prs_struct *data = &p->in_data.data;
	prs_struct *rdata = &p->out_data.rdata;

	ZERO_STRUCT(q_u);
	ZERO_STRUCT(r_u);

	/* grab the info class and policy handle */
	if(!lsa_io_q_lookup_sids("", &q_u, data, 0)) {
		DEBUG(0,("api_lsa_lookup_sids: failed to unmarshall LSA_Q_LOOKUP_SIDS.\n"));
		return False;
	}

	r_u.status = _lsa_lookup_sids(p, &q_u, &r_u);

	if(!lsa_io_r_lookup_sids("", &r_u, rdata, 0)) {
		DEBUG(0,("api_lsa_lookup_sids: Failed to marshall LSA_R_LOOKUP_SIDS.\n"));
		return False;
	}

	return True;
}

/***************************************************************************
 api_lsa_lookup_names
 ***************************************************************************/

static bool api_lsa_lookup_names(pipes_struct *p)
{
	LSA_Q_LOOKUP_NAMES q_u;
	LSA_R_LOOKUP_NAMES r_u;
	prs_struct *data = &p->in_data.data;
	prs_struct *rdata = &p->out_data.rdata;

	ZERO_STRUCT(q_u);
	ZERO_STRUCT(r_u);

	/* grab the info class and policy handle */
	if(!lsa_io_q_lookup_names("", &q_u, data, 0)) {
		DEBUG(0,("api_lsa_lookup_names: failed to unmarshall LSA_Q_LOOKUP_NAMES.\n"));
		return False;
	}

	r_u.status = _lsa_lookup_names(p, &q_u, &r_u);

	/* store the response in the SMB stream */
	if(!lsa_io_r_lookup_names("", &r_u, rdata, 0)) {
		DEBUG(0,("api_lsa_lookup_names: Failed to marshall LSA_R_LOOKUP_NAMES.\n"));
		return False;
	}

	return True;
}

/***************************************************************************
 api_lsa_close.
 ***************************************************************************/

static bool api_lsa_close(pipes_struct *p)
{
	return proxy_lsa_call(p, NDR_LSA_CLOSE);
}

/***************************************************************************
 api_lsa_open_secret.
 ***************************************************************************/

static bool api_lsa_open_secret(pipes_struct *p)
{
	return proxy_lsa_call(p, NDR_LSA_OPENSECRET);
}

/***************************************************************************
 api_lsa_open_secret.
 ***************************************************************************/

static bool api_lsa_enum_privs(pipes_struct *p)
{
	return proxy_lsa_call(p, NDR_LSA_ENUMPRIVS);
}

/***************************************************************************
 api_lsa_open_secret.
 ***************************************************************************/

static bool api_lsa_priv_get_dispname(pipes_struct *p)
{
	return proxy_lsa_call(p, NDR_LSA_LOOKUPPRIVDISPLAYNAME);
}

/***************************************************************************
 api_lsa_open_secret.
 ***************************************************************************/

static bool api_lsa_enum_accounts(pipes_struct *p)
{
	return proxy_lsa_call(p, NDR_LSA_ENUMACCOUNTS);
}

/***************************************************************************
 api_lsa_UNK_GET_CONNUSER
 ***************************************************************************/

static bool api_lsa_unk_get_connuser(pipes_struct *p)
{
	return proxy_lsa_call(p, NDR_LSA_GETUSERNAME);
}

/***************************************************************************
 api_lsa_create_user
 ***************************************************************************/

static bool api_lsa_create_account(pipes_struct *p)
{
	return proxy_lsa_call(p, NDR_LSA_CREATEACCOUNT);
}

/***************************************************************************
 api_lsa_open_user
 ***************************************************************************/

static bool api_lsa_open_account(pipes_struct *p)
{
	return proxy_lsa_call(p, NDR_LSA_OPENACCOUNT);
}

/***************************************************************************
 api_lsa_get_privs
 ***************************************************************************/

static bool api_lsa_enum_privsaccount(pipes_struct *p)
{
	return proxy_lsa_call(p, NDR_LSA_ENUMPRIVSACCOUNT);
}

/***************************************************************************
 api_lsa_getsystemaccount
 ***************************************************************************/

static bool api_lsa_getsystemaccount(pipes_struct *p)
{
	return proxy_lsa_call(p, NDR_LSA_GETSYSTEMACCESSACCOUNT);
}


/***************************************************************************
 api_lsa_setsystemaccount
 ***************************************************************************/

static bool api_lsa_setsystemaccount(pipes_struct *p)
{
	return proxy_lsa_call(p, NDR_LSA_SETSYSTEMACCESSACCOUNT);
}

/***************************************************************************
 api_lsa_addprivs
 ***************************************************************************/

static bool api_lsa_addprivs(pipes_struct *p)
{
	return proxy_lsa_call(p, NDR_LSA_ADDPRIVILEGESTOACCOUNT);
}

/***************************************************************************
 api_lsa_removeprivs
 ***************************************************************************/

static bool api_lsa_removeprivs(pipes_struct *p)
{
	return proxy_lsa_call(p, NDR_LSA_REMOVEPRIVILEGESFROMACCOUNT);
}

/***************************************************************************
 api_lsa_query_secobj
 ***************************************************************************/

static bool api_lsa_query_secobj(pipes_struct *p)
{
	return proxy_lsa_call(p, NDR_LSA_QUERYSECURITY);
}

/***************************************************************************
 api_lsa_add_acct_rights
 ***************************************************************************/

static bool api_lsa_add_acct_rights(pipes_struct *p)
{
	return proxy_lsa_call(p, NDR_LSA_ADDACCOUNTRIGHTS);
}

/***************************************************************************
 api_lsa_remove_acct_rights
 ***************************************************************************/

static bool api_lsa_remove_acct_rights(pipes_struct *p)
{
	return proxy_lsa_call(p, NDR_LSA_REMOVEACCOUNTRIGHTS);
}

/***************************************************************************
 api_lsa_enum_acct_rights
 ***************************************************************************/

static bool api_lsa_enum_acct_rights(pipes_struct *p)
{
	return proxy_lsa_call(p, NDR_LSA_ENUMACCOUNTRIGHTS);
}

/***************************************************************************
 api_lsa_lookup_priv_value
 ***************************************************************************/

static bool api_lsa_lookup_priv_value(pipes_struct *p)
{
	return proxy_lsa_call(p, NDR_LSA_LOOKUPPRIVVALUE);
}

/***************************************************************************
 ***************************************************************************/

static bool api_lsa_open_trust_dom(pipes_struct *p)
{
	return proxy_lsa_call(p, NDR_LSA_OPENTRUSTEDDOMAIN);
}

/***************************************************************************
 ***************************************************************************/

static bool api_lsa_create_trust_dom(pipes_struct *p)
{
	return proxy_lsa_call(p, NDR_LSA_CREATETRUSTEDDOMAIN);
}

/***************************************************************************
 ***************************************************************************/

static bool api_lsa_create_secret(pipes_struct *p)
{
	return proxy_lsa_call(p, NDR_LSA_CREATESECRET);
}

/***************************************************************************
 ***************************************************************************/

static bool api_lsa_set_secret(pipes_struct *p)
{
	return proxy_lsa_call(p, NDR_LSA_SETSECRET);
}

/***************************************************************************
 ***************************************************************************/

static bool api_lsa_delete_object(pipes_struct *p)
{
	return proxy_lsa_call(p, NDR_LSA_DELETEOBJECT);
}

/***************************************************************************
 api_lsa_lookup_sids2
 ***************************************************************************/

static bool api_lsa_lookup_sids2(pipes_struct *p)
{
	LSA_Q_LOOKUP_SIDS2 q_u;
	LSA_R_LOOKUP_SIDS2 r_u;
	prs_struct *data = &p->in_data.data;
	prs_struct *rdata = &p->out_data.rdata;

	ZERO_STRUCT(q_u);
	ZERO_STRUCT(r_u);

	/* grab the info class and policy handle */
	if(!lsa_io_q_lookup_sids2("", &q_u, data, 0)) {
		DEBUG(0,("api_lsa_lookup_sids2: failed to unmarshall LSA_Q_LOOKUP_SIDS2.\n"));
		return False;
	}

	r_u.status = _lsa_lookup_sids2(p, &q_u, &r_u);

	if(!lsa_io_r_lookup_sids2("", &r_u, rdata, 0)) {
		DEBUG(0,("api_lsa_lookup_sids2: Failed to marshall LSA_R_LOOKUP_SIDS2.\n"));
		return False;
	}

	return True;
}

/***************************************************************************
 api_lsa_lookup_sids3
 ***************************************************************************/

static bool api_lsa_lookup_sids3(pipes_struct *p)
{
	LSA_Q_LOOKUP_SIDS3 q_u;
	LSA_R_LOOKUP_SIDS3 r_u;
	prs_struct *data = &p->in_data.data;
	prs_struct *rdata = &p->out_data.rdata;

	ZERO_STRUCT(q_u);
	ZERO_STRUCT(r_u);

	/* grab the info class and policy handle */
	if(!lsa_io_q_lookup_sids3("", &q_u, data, 0)) {
		DEBUG(0,("api_lsa_lookup_sids3: failed to unmarshall LSA_Q_LOOKUP_SIDS3.\n"));
		return False;
	}

	r_u.status = _lsa_lookup_sids3(p, &q_u, &r_u);

	if(!lsa_io_r_lookup_sids3("", &r_u, rdata, 0)) {
		DEBUG(0,("api_lsa_lookup_sids3: Failed to marshall LSA_R_LOOKUP_SIDS3.\n"));
		return False;
	}

	return True;
}

/***************************************************************************
 api_lsa_lookup_names2
 ***************************************************************************/

static bool api_lsa_lookup_names2(pipes_struct *p)
{
	LSA_Q_LOOKUP_NAMES2 q_u;
	LSA_R_LOOKUP_NAMES2 r_u;
	prs_struct *data = &p->in_data.data;
	prs_struct *rdata = &p->out_data.rdata;

	ZERO_STRUCT(q_u);
	ZERO_STRUCT(r_u);

	/* grab the info class and policy handle */
	if(!lsa_io_q_lookup_names2("", &q_u, data, 0)) {
		DEBUG(0,("api_lsa_lookup_names2: failed to unmarshall LSA_Q_LOOKUP_NAMES2.\n"));
		return False;
	}

	r_u.status = _lsa_lookup_names2(p, &q_u, &r_u);

	/* store the response in the SMB stream */
	if(!lsa_io_r_lookup_names2("", &r_u, rdata, 0)) {
		DEBUG(0,("api_lsa_lookup_names2: Failed to marshall LSA_R_LOOKUP_NAMES2.\n"));
		return False;
	}

	return True;
}

/***************************************************************************
 api_lsa_lookup_names3
 ***************************************************************************/

static bool api_lsa_lookup_names3(pipes_struct *p)
{
	LSA_Q_LOOKUP_NAMES3 q_u;
	LSA_R_LOOKUP_NAMES3 r_u;
	prs_struct *data = &p->in_data.data;
	prs_struct *rdata = &p->out_data.rdata;

	ZERO_STRUCT(q_u);
	ZERO_STRUCT(r_u);

	/* grab the info class and policy handle */
	if(!lsa_io_q_lookup_names3("", &q_u, data, 0)) {
		DEBUG(0,("api_lsa_lookup_names3: failed to unmarshall LSA_Q_LOOKUP_NAMES3.\n"));
		return False;
	}

	r_u.status = _lsa_lookup_names3(p, &q_u, &r_u);

	/* store the response in the SMB stream */
	if(!lsa_io_r_lookup_names3("", &r_u, rdata, 0)) {
		DEBUG(0,("api_lsa_lookup_names3: Failed to marshall LSA_R_LOOKUP_NAMES3.\n"));
		return False;
	}

	return True;
}

/***************************************************************************
 api_lsa_lookup_names4
 ***************************************************************************/

static bool api_lsa_lookup_names4(pipes_struct *p)
{
	LSA_Q_LOOKUP_NAMES4 q_u;
	LSA_R_LOOKUP_NAMES4 r_u;
	prs_struct *data = &p->in_data.data;
	prs_struct *rdata = &p->out_data.rdata;

	ZERO_STRUCT(q_u);
	ZERO_STRUCT(r_u);

	/* grab the info class and policy handle */
	if(!lsa_io_q_lookup_names4("", &q_u, data, 0)) {
		DEBUG(0,("api_lsa_lookup_names4: failed to unmarshall LSA_Q_LOOKUP_NAMES4.\n"));
		return False;
	}

	r_u.status = _lsa_lookup_names4(p, &q_u, &r_u);

	/* store the response in the SMB stream */
	if(!lsa_io_r_lookup_names4("", &r_u, rdata, 0)) {
		DEBUG(0,("api_lsa_lookup_names4: Failed to marshall LSA_R_LOOKUP_NAMES4.\n"));
		return False;
	}

	return True;
}

#if 0	/* AD DC work in ongoing in Samba 4 */

/***************************************************************************
 api_lsa_query_info2
 ***************************************************************************/

static bool api_lsa_query_info2(pipes_struct *p)
{
	LSA_Q_QUERY_INFO2 q_u;
	LSA_R_QUERY_INFO2 r_u;

	prs_struct *data = &p->in_data.data;
	prs_struct *rdata = &p->out_data.rdata;

	ZERO_STRUCT(q_u);
	ZERO_STRUCT(r_u);

	if(!lsa_io_q_query_info2("", &q_u, data, 0)) {
		DEBUG(0,("api_lsa_query_info2: failed to unmarshall LSA_Q_QUERY_INFO2.\n"));
		return False;
	}

	r_u.status = _lsa_query_info2(p, &q_u, &r_u);

	if (!lsa_io_r_query_info2("", &r_u, rdata, 0)) {
		DEBUG(0,("api_lsa_query_info2: failed to marshall LSA_R_QUERY_INFO2.\n"));
		return False;
	}

	return True;
}
#endif	/* AD DC work in ongoing in Samba 4 */

/***************************************************************************
 \PIPE\ntlsa commands
 ***************************************************************************/
 
static struct api_struct api_lsa_cmds[] =
{
	{ "LSA_OPENPOLICY2"     , LSA_OPENPOLICY2     , api_lsa_open_policy2     },
	{ "LSA_OPENPOLICY"      , LSA_OPENPOLICY      , api_lsa_open_policy      },
	{ "LSA_QUERYINFOPOLICY" , LSA_QUERYINFOPOLICY , api_lsa_query_info       },
	{ "LSA_ENUMTRUSTDOM"    , LSA_ENUMTRUSTDOM    , api_lsa_enum_trust_dom   },
	{ "LSA_CLOSE"           , LSA_CLOSE           , api_lsa_close            },
	{ "LSA_OPENSECRET"      , LSA_OPENSECRET      , api_lsa_open_secret      },
	{ "LSA_LOOKUPSIDS"      , LSA_LOOKUPSIDS      , api_lsa_lookup_sids      },
	{ "LSA_LOOKUPNAMES"     , LSA_LOOKUPNAMES     , api_lsa_lookup_names     },
	{ "LSA_ENUM_PRIVS"      , LSA_ENUM_PRIVS      , api_lsa_enum_privs       },
	{ "LSA_PRIV_GET_DISPNAME",LSA_PRIV_GET_DISPNAME,api_lsa_priv_get_dispname},
	{ "LSA_ENUM_ACCOUNTS"   , LSA_ENUM_ACCOUNTS   , api_lsa_enum_accounts    },
	{ "LSA_UNK_GET_CONNUSER", LSA_UNK_GET_CONNUSER, api_lsa_unk_get_connuser },
	{ "LSA_CREATEACCOUNT"   , LSA_CREATEACCOUNT   , api_lsa_create_account   },
	{ "LSA_OPENACCOUNT"     , LSA_OPENACCOUNT     , api_lsa_open_account     },
	{ "LSA_ENUMPRIVSACCOUNT", LSA_ENUMPRIVSACCOUNT, api_lsa_enum_privsaccount},
	{ "LSA_GETSYSTEMACCOUNT", LSA_GETSYSTEMACCOUNT, api_lsa_getsystemaccount },
	{ "LSA_SETSYSTEMACCOUNT", LSA_SETSYSTEMACCOUNT, api_lsa_setsystemaccount },
	{ "LSA_ADDPRIVS"        , LSA_ADDPRIVS        , api_lsa_addprivs         },
	{ "LSA_REMOVEPRIVS"     , LSA_REMOVEPRIVS     , api_lsa_removeprivs      },
	{ "LSA_ADDACCTRIGHTS"   , LSA_ADDACCTRIGHTS   , api_lsa_add_acct_rights    },
	{ "LSA_REMOVEACCTRIGHTS", LSA_REMOVEACCTRIGHTS, api_lsa_remove_acct_rights },
	{ "LSA_ENUMACCTRIGHTS"  , LSA_ENUMACCTRIGHTS  , api_lsa_enum_acct_rights },
	{ "LSA_QUERYSECOBJ"     , LSA_QUERYSECOBJ     , api_lsa_query_secobj     },
	{ "LSA_LOOKUPPRIVVALUE" , LSA_LOOKUPPRIVVALUE , api_lsa_lookup_priv_value },
	{ "LSA_OPENTRUSTDOM"    , LSA_OPENTRUSTDOM    , api_lsa_open_trust_dom },
	{ "LSA_OPENSECRET"      , LSA_OPENSECRET      , api_lsa_open_secret },
	{ "LSA_CREATETRUSTDOM"  , LSA_CREATETRUSTDOM  , api_lsa_create_trust_dom },
	{ "LSA_CREATSECRET"     , LSA_CREATESECRET    , api_lsa_create_secret },
	{ "LSA_SETSECRET"       , LSA_SETSECRET       , api_lsa_set_secret },
	{ "LSA_DELETEOBJECT"    , LSA_DELETEOBJECT    , api_lsa_delete_object },
	{ "LSA_LOOKUPSIDS2"     , LSA_LOOKUPSIDS2     , api_lsa_lookup_sids2 },
	{ "LSA_LOOKUPNAMES2"	, LSA_LOOKUPNAMES2    , api_lsa_lookup_names2 },
	{ "LSA_LOOKUPNAMES3"	, LSA_LOOKUPNAMES3    , api_lsa_lookup_names3 },
	{ "LSA_LOOKUPSIDS3"     , LSA_LOOKUPSIDS3     , api_lsa_lookup_sids3 },
	{ "LSA_LOOKUPNAMES4"	, LSA_LOOKUPNAMES4    , api_lsa_lookup_names4 }
#if 0	/* AD DC work in ongoing in Samba 4 */
	/* be careful of the adding of new RPC's.  See commentrs below about
	   ADS DC capabilities                                               */
	{ "LSA_QUERYINFO2"      , LSA_QUERYINFO2      , api_lsa_query_info2      }
#endif	/* AD DC work in ongoing in Samba 4 */
};

static int count_fns(void)
{
	int funcs = sizeof(api_lsa_cmds) / sizeof(struct api_struct);
	
#if 0	/* AD DC work is on going in Samba 4 */
	/*
	 * NOTE: Certain calls can not be enabled if we aren't an ADS DC.  Make sure
	 * these calls are always last and that you decrement by the amount of calls
	 * to disable.
	 */
	if (!(SEC_ADS == lp_security() && ROLE_DOMAIN_PDC == lp_server_role())) {
		funcs -= 1;
	}
#endif	/* AD DC work in ongoing in Samba 4 */

	return funcs;
}

void lsa_get_pipe_fns( struct api_struct **fns, int *n_fns )
{
	*fns = api_lsa_cmds;
	*n_fns = count_fns();
}


NTSTATUS rpc_lsa_init(void)
{
	int funcs = count_fns();

	return rpc_pipe_register_commands(SMB_RPC_INTERFACE_VERSION, "lsarpc", "lsass", api_lsa_cmds, 
		funcs);
}