From 174c0778421b5154ff2ba809688ea6ef38a1478b Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Mon, 22 Nov 2004 11:59:59 +0000 Subject: [PATCH] r3907: * Rename lsa_Name to lsa_String * Add new IDL to LSA, to query information about trusted domains (for cross-check with SamSync). Andrew Bartlett --- source/librpc/idl/lsa.idl | 91 ++++++++++++++++++++---------- source/rpc_server/lsa/dcesrv_lsa.c | 34 +++++------ source/torture/rpc/lsa.c | 41 +++++++++----- source/torture/rpc/samsync.c | 22 +++++++- 4 files changed, 125 insertions(+), 63 deletions(-) diff --git a/source/librpc/idl/lsa.idl b/source/librpc/idl/lsa.idl index f84addf150c..15d1445250d 100644 --- a/source/librpc/idl/lsa.idl +++ b/source/librpc/idl/lsa.idl @@ -30,13 +30,13 @@ /* Function: 0x02 */ typedef struct { - [value(2*strlen_m(r->name))] uint16 name_len; - [value(r->name_len)] uint16 name_size; - unistr_noterm *name; - } lsa_Name; + [value(2*strlen_m(r->string))] uint16 length; + [value(r->length)] uint16 size; + unistr_noterm *string; + } lsa_String; typedef struct { - lsa_Name name; + lsa_String name; uint32 luid_low; uint32 luid_high; } lsa_PrivEntry; @@ -122,12 +122,12 @@ } lsa_AuditEventsInfo; typedef struct { - lsa_Name name; + lsa_String name; dom_sid2 *sid; } lsa_DomainInfo; typedef struct { - lsa_Name name; + lsa_String name; } lsa_PDAccountInfo; typedef struct { @@ -136,8 +136,8 @@ } lsa_ServerRole; typedef struct { - lsa_Name source; - lsa_Name account; + lsa_String source; + lsa_String account; } lsa_ReplicaSourceInfo; typedef struct { @@ -165,9 +165,9 @@ } lsa_AuditFullQueryInfo; typedef struct { - lsa_Name name; - lsa_Name dns_domain; - lsa_Name dns_forest; + lsa_String name; + lsa_String dns_domain; + lsa_String dns_forest; GUID domain_guid; dom_sid2 *sid; } lsa_DnsDomainInfo; @@ -248,8 +248,8 @@ /* Function: 0x0c */ typedef struct { - lsa_Name name; - dom_sid2 *sid; + lsa_String name; + dom_sid2 *sid; } lsa_TrustInformation; NTSTATUS lsa_CreateTrustedDomain( @@ -264,7 +264,7 @@ /* Function: 0x0d */ typedef struct { - lsa_Name name; + lsa_String name; dom_sid2 *sid; } lsa_DomainInformation; @@ -304,7 +304,7 @@ NTSTATUS lsa_LookupNames ( [in,ref] policy_handle *handle, [in,range(0,1000)] uint32 num_names, - [in,ref,size_is(num_names)] lsa_Name *names, + [in,ref,size_is(num_names)] lsa_String *names, [out] lsa_RefDomainList *domains, [in,out,ref] lsa_TransSidArray *sids, [in] uint16 level, @@ -317,7 +317,7 @@ typedef struct { uint16 sid_type; - lsa_Name name; + lsa_String name; uint32 sid_index; } lsa_TranslatedName; @@ -339,7 +339,7 @@ /* Function: 0x10 */ NTSTATUS lsa_CreateSecret( [in,ref] policy_handle *handle, - [in] lsa_Name name, + [in] lsa_String name, [in] uint32 access_mask, [out,ref] policy_handle *sec_handle ); @@ -405,25 +405,54 @@ [out,ref] policy_handle *trustdom_handle ); + typedef [flag(NDR_PAHEX)] struct { + uint32 length; + uint32 size; + [size_is(size),length_is(length)] uint8 *data; + } lsa_DATA_BUF; + + typedef struct { + lsa_String domain_name; + } lsa_TrustDomainInfo1; + + typedef struct { + uint32 flags; + } lsa_TrustDomainInfo3; + + typedef struct { + lsa_String name; + lsa_String name2; + dom_sid2 *sid; + uint32 unknown1; + uint32 unknown2; + uint32 unknown3; + } lsa_TrustDomainInfo6; + + typedef union { + [case(1)] lsa_TrustDomainInfo1 info1; + [case(3)] lsa_TrustDomainInfo3 info3; + [case(6)] lsa_TrustDomainInfo6 info6; + } lsa_TrustedDomainInfo; + /* Function: 0x1a */ - NTSTATUS lsa_QueryInfoTrustedDomain(); + NTSTATUS lsa_QueryInfoTrustedDomain( + [in,ref] policy_handle *trustdom_handle, + [in] uint16 level, + [out,switch_is(level)] lsa_TrustedDomainInfo *info + ); + /* Function: 0x1b */ NTSTATUS lsa_SetInformationTrustedDomain(); /* Function: 0x1c */ NTSTATUS lsa_OpenSecret( [in,ref] policy_handle *handle, - [in] lsa_Name name, + [in] lsa_String name, [in] uint32 access_mask, [out,ref] policy_handle *sec_handle ); /* Function: 0x1d */ - typedef [flag(NDR_PAHEX)] struct { - uint32 length; - uint32 size; - [size_is(size),length_is(length)] uint8 *data; - } lsa_DATA_BUF; NTSTATUS lsa_SetSecret( [in,ref] policy_handle *handle, @@ -452,7 +481,7 @@ NTSTATUS lsa_LookupPrivName ( [in,ref] policy_handle *handle, [in,ref] lsa_LUID *luid, - [out] lsa_Name *name + [out] lsa_String *name ); @@ -460,8 +489,8 @@ /* Function: 0x21 */ NTSTATUS lsa_LookupPrivDisplayName ( [in,ref] policy_handle *handle, - [in,ref] lsa_Name *name, - [out] lsa_Name *disp_name, + [in,ref] lsa_String *name, + [out] lsa_String *disp_name, /* see http://www.microsoft.com/globaldev/nlsweb/ for language definitions */ [in,out,ref] uint16 *language_id, @@ -476,7 +505,7 @@ /* Function: 0x23 */ NTSTATUS lsa_EnumAccountsWithUserRight ( [in,ref] policy_handle *handle, - [in] lsa_Name *name, + [in] lsa_String *name, [out,ref] lsa_SidArray *sids ); @@ -487,7 +516,7 @@ typedef struct { uint32 count; - [size_is(count)] lsa_Name *names; + [size_is(count)] lsa_String *names; } lsa_RightSet; NTSTATUS lsa_EnumAccountRights ( @@ -575,7 +604,7 @@ /* Function 0x37 */ NTSTATUS lsa_OpenTrustedDomainByName( [in,ref] policy_handle *handle, - [in] lsa_Name name, + [in] lsa_String name, [in] uint32 access_mask, [out,ref] policy_handle *trustdom_handle ); diff --git a/source/rpc_server/lsa/dcesrv_lsa.c b/source/rpc_server/lsa/dcesrv_lsa.c index 1c3e8d374aa..845e5686199 100644 --- a/source/rpc_server/lsa/dcesrv_lsa.c +++ b/source/rpc_server/lsa/dcesrv_lsa.c @@ -228,8 +228,8 @@ static NTSTATUS lsa_info_AccountDomain(struct lsa_policy_state *state, TALLOC_CT return NT_STATUS_INTERNAL_DB_CORRUPTION; } - info->name.name = samdb_result_string(res[0], "name", NULL); - info->sid = samdb_result_dom_sid(mem_ctx, res[0], "objectSid"); + info->name.string = samdb_result_string(res[0], "name", NULL); + info->sid = samdb_result_dom_sid(mem_ctx, res[0], "objectSid"); return NT_STATUS_OK; } @@ -250,11 +250,11 @@ static NTSTATUS lsa_info_DNS(struct lsa_policy_state *state, TALLOC_CTX *mem_ctx return NT_STATUS_INTERNAL_DB_CORRUPTION; } - info->name.name = samdb_result_string(res[0], "name", NULL); - info->dns_domain.name = samdb_result_string(res[0], "dnsDomain", NULL); - info->dns_forest.name = samdb_result_string(res[0], "dnsDomain", NULL); - info->domain_guid = samdb_result_guid(res[0], "objectGUID"); - info->sid = samdb_result_dom_sid(mem_ctx, res[0], "objectSid"); + info->name.string = samdb_result_string(res[0], "name", NULL); + info->dns_domain.string = samdb_result_string(res[0], "dnsDomain", NULL); + info->dns_forest.string = samdb_result_string(res[0], "dnsDomain", NULL); + info->domain_guid = samdb_result_guid(res[0], "objectGUID"); + info->sid = samdb_result_dom_sid(mem_ctx, res[0], "objectSid"); return NT_STATUS_OK; } @@ -436,12 +436,12 @@ static NTSTATUS lsa_LookupSids(struct dcesrv_call_state *dce_call, TALLOC_CTX *m r->out.names->count++; (*r->out.count)++; - r->out.names->names[i].sid_type = SID_NAME_UNKNOWN; - r->out.names->names[i].name.name = sid_str; - r->out.names->names[i].sid_index = 0xFFFFFFFF; + r->out.names->names[i].sid_type = SID_NAME_UNKNOWN; + r->out.names->names[i].name.string = sid_str; + r->out.names->names[i].sid_index = 0xFFFFFFFF; if (sid_str == NULL) { - r->out.names->names[i].name.name = "(SIDERROR)"; + r->out.names->names[i].name.string = "(SIDERROR)"; status = STATUS_SOME_UNMAPPED; continue; } @@ -462,7 +462,7 @@ static NTSTATUS lsa_LookupSids(struct dcesrv_call_state *dce_call, TALLOC_CTX *m /* see if we've already done this authority name */ for (j=0;jout.domains->count;j++) { - if (strcmp(authority_name, r->out.domains->domains[j].name.name) == 0) { + if (strcmp(authority_name, r->out.domains->domains[j].name.string) == 0) { break; } } @@ -474,8 +474,8 @@ static NTSTATUS lsa_LookupSids(struct dcesrv_call_state *dce_call, TALLOC_CTX *m if (r->out.domains == NULL) { return NT_STATUS_NO_MEMORY; } - r->out.domains->domains[j].name.name = authority_name; - r->out.domains->domains[j].sid = authority_sid; + r->out.domains->domains[j].name.string = authority_name; + r->out.domains->domains[j].sid = authority_sid; r->out.domains->count++; } @@ -503,9 +503,9 @@ static NTSTATUS lsa_LookupSids(struct dcesrv_call_state *dce_call, TALLOC_CTX *m continue; } - r->out.names->names[i].sid_type = rtype; - r->out.names->names[i].name.name = name; - r->out.names->names[i].sid_index = 0; + r->out.names->names[i].sid_type = rtype; + r->out.names->names[i].name.string = name; + r->out.names->names[i].sid_index = 0; } return status; diff --git a/source/torture/rpc/lsa.c b/source/torture/rpc/lsa.c index 703df406547..a0b4e816bba 100644 --- a/source/torture/rpc/lsa.c +++ b/source/torture/rpc/lsa.c @@ -22,9 +22,9 @@ #include "includes.h" #include "librpc/gen_ndr/ndr_lsa.h" -static void init_lsa_Name(struct lsa_Name *name, const char *s) +static void init_lsa_String(struct lsa_String *name, const char *s) { - name->name = s; + name->string = s; } static BOOL test_OpenPolicy(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx) @@ -108,7 +108,7 @@ static BOOL test_LookupNames(struct dcerpc_pipe *p, { struct lsa_LookupNames r; struct lsa_TransSidArray sids; - struct lsa_Name *names; + struct lsa_String *names; uint32_t count = 0; NTSTATUS status; int i; @@ -120,7 +120,7 @@ static BOOL test_LookupNames(struct dcerpc_pipe *p, names = talloc(mem_ctx, tnames->count * sizeof(names[0])); for (i=0;icount;i++) { - init_lsa_Name(&names[i], tnames->names[i].name.name); + init_lsa_String(&names[i], tnames->names[i].name.string); } r.in.handle = handle; @@ -350,7 +350,7 @@ static BOOL test_CreateTrustedDomain(struct dcerpc_pipe *p, domsid = dom_sid_parse_talloc(mem_ctx, "S-1-5-21-97398-379795-12345"); trustinfo.sid = domsid; - init_lsa_Name(&trustinfo.name, "torturedomain"); + init_lsa_String(&trustinfo.name, "torturedomain"); r.in.handle = handle; r.in.info = &trustinfo; @@ -396,7 +396,7 @@ static BOOL test_CreateSecret(struct dcerpc_pipe *p, asprintf(&secname, "torturesecret-%u", (uint_t)random()); - init_lsa_Name(&r.in.name, secname); + init_lsa_String(&r.in.name, secname); r.in.handle = handle; r.in.access_mask = SEC_RIGHTS_MAXIMUM_ALLOWED; @@ -640,7 +640,7 @@ static BOOL test_EnumAccounts(struct dcerpc_pipe *p, static BOOL test_LookupPrivDisplayName(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx, struct policy_handle *handle, - struct lsa_Name *priv_name) + struct lsa_String *priv_name) { struct lsa_LookupPrivDisplayName r; NTSTATUS status; @@ -648,7 +648,7 @@ static BOOL test_LookupPrivDisplayName(struct dcerpc_pipe *p, terminals */ uint16 language_id = (random() % 4) + 0x409; - printf("testing LookupPrivDisplayName(%s)\n", priv_name->name); + printf("testing LookupPrivDisplayName(%s)\n", priv_name->string); r.in.handle = handle; r.in.name = priv_name; @@ -662,7 +662,7 @@ static BOOL test_LookupPrivDisplayName(struct dcerpc_pipe *p, return False; } printf("%s -> \"%s\" (language 0x%x/0x%x)\n", - priv_name->name, r.out.disp_name->name, + priv_name->string, r.out.disp_name->string, *r.in.language_id, *r.out.language_id); return True; @@ -671,7 +671,7 @@ static BOOL test_LookupPrivDisplayName(struct dcerpc_pipe *p, static BOOL test_EnumAccountsWithUserRight(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx, struct policy_handle *handle, - struct lsa_Name *priv_name) + struct lsa_String *priv_name) { struct lsa_EnumAccountsWithUserRight r; struct lsa_SidArray sids; @@ -679,7 +679,7 @@ static BOOL test_EnumAccountsWithUserRight(struct dcerpc_pipe *p, ZERO_STRUCT(sids); - printf("testing EnumAccountsWithUserRight(%s)\n", priv_name->name); + printf("testing EnumAccountsWithUserRight(%s)\n", priv_name->string); r.in.handle = handle; r.in.name = priv_name; @@ -746,7 +746,7 @@ static BOOL test_EnumTrustDom(struct dcerpc_pipe *p, NTSTATUS status; uint32_t resume_handle = 0; struct lsa_DomainList domains; - int i; + int i,j; BOOL ret = True; printf("\nTesting EnumTrustDom\n"); @@ -777,6 +777,7 @@ static BOOL test_EnumTrustDom(struct dcerpc_pipe *p, struct policy_handle trust_handle; struct policy_handle handle2; struct lsa_Close c; + int levels [] = {1, 3, 6}; trust.in.handle = handle; trust.in.sid = domains.domains[i].sid; @@ -793,6 +794,20 @@ static BOOL test_EnumTrustDom(struct dcerpc_pipe *p, c.in.handle = &trust_handle; c.out.handle = &handle2; + for (j=1; j < ARRAY_SIZE(levels); j++) { + struct lsa_QueryInfoTrustedDomain q; + union lsa_TrustedDomainInfo info; + q.in.trustdom_handle = &trust_handle; + q.in.level = levels[j]; + q.out.info = &info; + status = dcerpc_lsa_QueryInfoTrustedDomain(p, mem_ctx, &q); + if (!NT_STATUS_IS_OK(status)) { + printf("QueryInfoTrustedDomain level %d failed - %s\n", + j, nt_errstr(status)); + ret = False; + } + } + status = dcerpc_lsa_Close(p, mem_ctx, &c); if (!NT_STATUS_IS_OK(status)) { printf("Close of trusted doman failed - %s\n", nt_errstr(status)); @@ -813,7 +828,7 @@ static BOOL test_EnumTrustDom(struct dcerpc_pipe *p, c.in.handle = &trust_handle; c.out.handle = &handle2; - + status = dcerpc_lsa_Close(p, mem_ctx, &c); if (!NT_STATUS_IS_OK(status)) { printf("Close of trusted doman failed - %s\n", nt_errstr(status)); diff --git a/source/torture/rpc/samsync.c b/source/torture/rpc/samsync.c index 59508bf1fe0..20d63a351af 100644 --- a/source/torture/rpc/samsync.c +++ b/source/torture/rpc/samsync.c @@ -706,7 +706,7 @@ static BOOL samsync_handle_secret(TALLOC_CTX *mem_ctx, struct samsync_state *sam o.in.handle = samsync_state->lsa_handle; o.in.access_mask = SEC_RIGHTS_MAXIMUM_ALLOWED; - o.in.name.name = name; + o.in.name.string = name; o.out.sec_handle = &sec_handle; status = dcerpc_lsa_OpenSecret(samsync_state->p_lsa, mem_ctx, &o); @@ -781,6 +781,10 @@ static BOOL samsync_handle_trusted_domain(TALLOC_CTX *mem_ctx, struct samsync_st struct samsync_trusted_domain *new = talloc_p(samsync_state, struct samsync_trusted_domain); struct lsa_OpenTrustedDomain t; struct policy_handle trustdom_handle; + struct lsa_QueryInfoTrustedDomain q; + union lsa_TrustedDomainInfo info[4]; + int levels [] = {1, 3}; + int i; new->name = talloc_reference(new, trusted_domain->domain_name.string); new->sid = talloc_reference(new, dom_sid); @@ -795,7 +799,21 @@ static BOOL samsync_handle_trusted_domain(TALLOC_CTX *mem_ctx, struct samsync_st printf("OpenTrustedDomain failed - %s\n", nt_errstr(status)); return False; } + + for (i=0; i< ARRAY_SIZE(levels); i++) { + q.in.trustdom_handle = &trustdom_handle; + q.in.level = levels[i]; + q.out.info = &info[levels[i]]; + status = dcerpc_lsa_QueryInfoTrustedDomain(samsync_state->p_lsa, mem_ctx, &q); + if (!NT_STATUS_IS_OK(status)) { + printf("QueryInfoTrustedDomain level %d failed - %s\n", + levels[i], nt_errstr(status)); + return False; + } + } + TEST_STRING_EQUAL(info[1].info1.domain_name, trusted_domain->domain_name); + TEST_INT_EQUAL(info[3].info3.flags, trusted_domain->flags); TEST_SEC_DESC_EQUAL(trusted_domain->sdbuf, lsa, &trustdom_handle); DLIST_ADD(samsync_state->trusted_domains, new); @@ -868,7 +886,7 @@ static BOOL samsync_handle_account(TALLOC_CTX *mem_ctx, struct samsync_state *sa return False; } for (j=0;jprivilege_entries; j++) { - if (strcmp(r.out.name->name, account->privilege_name[j].string) == 0) { + if (strcmp(r.out.name->string, account->privilege_name[j].string) == 0) { found_priv_in_lsa[j] = True; break; }