From 06d0f61aa43c0ab08dc122c9a3b41f9fc453fcbc Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Tue, 18 Nov 2003 05:20:54 +0000 Subject: [PATCH] added samr_QuerySecurity() call that displays the ACL for any handle. (This used to be commit 5bbeaaa3d13c838d014e7689b0fcf7374c8c7f57) --- source4/librpc/idl/samr.idl | 7 ++++++- source4/librpc/ndr/ndr_samr.c | 39 +++++++++++++++++++++++++++++++++++ source4/librpc/ndr/ndr_samr.h | 4 ++++ source4/torture/rpc/samr.c | 38 ++++++++++++++++++++++++++++++++++ 4 files changed, 87 insertions(+), 1 deletion(-) diff --git a/source4/librpc/idl/samr.idl b/source4/librpc/idl/samr.idl index 82794a28e16..a9891c9a19c 100644 --- a/source4/librpc/idl/samr.idl +++ b/source4/librpc/idl/samr.idl @@ -29,7 +29,12 @@ /******************/ /* Function: 0x03 */ - NTSTATUS samr_QuerySecurity (); + NTSTATUS samr_QuerySecurity ( + [in,ref] policy_handle *handle, + [in] uint32 sec_info, + [out] uint32 *length, + [out,subcontext] security_descriptor *sd + ); /******************/ /* Function: 0x04 */ diff --git a/source4/librpc/ndr/ndr_samr.c b/source4/librpc/ndr/ndr_samr.c index 8e9956618b9..f043a924843 100644 --- a/source4/librpc/ndr/ndr_samr.c +++ b/source4/librpc/ndr/ndr_samr.c @@ -28,6 +28,8 @@ NTSTATUS ndr_push_samr_SetSecurity(struct ndr_push *ndr, struct samr_SetSecurity NTSTATUS ndr_push_samr_QuerySecurity(struct ndr_push *ndr, struct samr_QuerySecurity *r) { + NDR_CHECK(ndr_push_policy_handle(ndr, r->in.handle)); + NDR_CHECK(ndr_push_uint32(ndr, r->in.sec_info)); return NT_STATUS_OK; } @@ -500,6 +502,26 @@ NTSTATUS ndr_pull_samr_SetSecurity(struct ndr_pull *ndr, struct samr_SetSecurity NTSTATUS ndr_pull_samr_QuerySecurity(struct ndr_pull *ndr, struct samr_QuerySecurity *r) { + uint32 _ptr_length; + uint32 _ptr_sd; + NDR_CHECK(ndr_pull_uint32(ndr, &_ptr_length)); + if (_ptr_length) { + NDR_ALLOC(ndr, r->out.length); + } else { + r->out.length = NULL; + } + if (r->out.length) { + NDR_CHECK(ndr_pull_uint32(ndr, r->out.length)); + } + NDR_CHECK(ndr_pull_uint32(ndr, &_ptr_sd)); + if (_ptr_sd) { + NDR_ALLOC(ndr, r->out.sd); + } else { + r->out.sd = NULL; + } + if (r->out.sd) { + NDR_CHECK(ndr_pull_subcontext_flags_fn(ndr, r->out.sd, (ndr_pull_flags_fn_t) ndr_pull_security_descriptor)); + } NDR_CHECK(ndr_pull_NTSTATUS(ndr, &r->out.result)); return NT_STATUS_OK; @@ -2359,11 +2381,28 @@ void ndr_print_samr_QuerySecurity(struct ndr_print *ndr, const char *name, int f if (flags & NDR_IN) { ndr_print_struct(ndr, "in", "samr_QuerySecurity"); ndr->depth++; + ndr_print_ptr(ndr, "handle", r->in.handle); + ndr->depth++; + ndr_print_policy_handle(ndr, "handle", r->in.handle); + ndr->depth--; + ndr_print_uint32(ndr, "sec_info", r->in.sec_info); ndr->depth--; } if (flags & NDR_OUT) { ndr_print_struct(ndr, "out", "samr_QuerySecurity"); ndr->depth++; + ndr_print_ptr(ndr, "length", r->out.length); + ndr->depth++; + if (r->out.length) { + ndr_print_uint32(ndr, "length", *r->out.length); + } + ndr->depth--; + ndr_print_ptr(ndr, "sd", r->out.sd); + ndr->depth++; + if (r->out.sd) { + ndr_print_security_descriptor(ndr, "sd", r->out.sd); + } + ndr->depth--; ndr_print_NTSTATUS(ndr, "result", &r->out.result); ndr->depth--; } diff --git a/source4/librpc/ndr/ndr_samr.h b/source4/librpc/ndr/ndr_samr.h index ed32d3d9f4f..2542396341c 100644 --- a/source4/librpc/ndr/ndr_samr.h +++ b/source4/librpc/ndr/ndr_samr.h @@ -111,9 +111,13 @@ struct samr_SetSecurity { struct samr_QuerySecurity { struct { + struct policy_handle *handle; + uint32 sec_info; } in; struct { + uint32 *length; + struct security_descriptor *sd; NTSTATUS result; } out; diff --git a/source4/torture/rpc/samr.c b/source4/torture/rpc/samr.c index fddf97ef74a..346a073723e 100644 --- a/source4/torture/rpc/samr.c +++ b/source4/torture/rpc/samr.c @@ -40,6 +40,24 @@ static BOOL test_Close(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx, } +static BOOL test_QuerySecurity(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx, + struct policy_handle *handle) +{ + NTSTATUS status; + struct samr_QuerySecurity r; + + r.in.handle = handle; + r.in.sec_info = 7; + + status = dcerpc_samr_QuerySecurity(p, mem_ctx, &r); + if (!NT_STATUS_IS_OK(status)) { + printf("QuerySecurity failed - %s\n", nt_errstr(status)); + return False; + } + + return True; +} + static BOOL test_QueryAliasInfo(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx, struct policy_handle *handle) @@ -141,6 +159,10 @@ static BOOL test_OpenUser(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx, return False; } + if (!test_QuerySecurity(p, mem_ctx, &acct_handle)) { + ret = False; + } + if (!test_QueryUserInfo(p, mem_ctx, &acct_handle)) { ret = False; } @@ -173,6 +195,10 @@ static BOOL test_OpenGroup(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx, return False; } + if (!test_QuerySecurity(p, mem_ctx, &acct_handle)) { + ret = False; + } + if (!test_QueryGroupInfo(p, mem_ctx, &acct_handle)) { ret = False; } @@ -205,6 +231,10 @@ static BOOL test_OpenAlias(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx, return False; } + if (!test_QuerySecurity(p, mem_ctx, &acct_handle)) { + ret = False; + } + if (!test_QueryAliasInfo(p, mem_ctx, &acct_handle)) { ret = False; } @@ -370,6 +400,10 @@ static BOOL test_OpenDomain(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx, return False; } + if (!test_QuerySecurity(p, mem_ctx, &domain_handle)) { + ret = False; + } + if (!test_QueryDomainInfo(p, mem_ctx, &domain_handle)) { ret = False; } @@ -511,6 +545,10 @@ BOOL torture_rpc_samr(int dummy) ret = False; } + if (!test_QuerySecurity(p, mem_ctx, &handle)) { + ret = False; + } + if (!test_EnumDomains(p, mem_ctx, &handle)) { ret = False; }