sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2025-01-11 05:18:09 +03:00
Code

r4698: - Initial implementation of trusted domains in LSA.

Browse Source 
- Use templates for Secrets and the new trusted domains

 - Auto-add modifiedTime, createdTime and objectGUID to records in the
   samdb layer.

Andrew Bartlett
This commit is contained in:
Andrew Bartlett 2005-01-12 02:40:25 +00:00 committed by Gerald (Jerry) Carter
parent be4cd59f33
commit 271c8faadf
6 changed files with 423 additions and 187 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

22
source/dsdb/samdb/samdb.c
View File

@ -23,12 +23,13 @@
#include "includes.h"
#include "librpc/gen_ndr/ndr_netlogon.h"
#include "lib/ldb/include/ldb.h"
#include "system/time.h"
/*
connect to the SAM database
return an opaque context pointer on success, or NULL on failure
*/
void *samdb_connect(TALLOC_CTX *mem_ctx)
struct ldb_wrap *samdb_connect(TALLOC_CTX *mem_ctx)
{
return ldb_wrap_connect(mem_ctx, lp_sam_url(), 0, NULL);
}
@ -604,7 +605,9 @@ int samdb_copy_template(struct ldb_wrap *sam_ctx, TALLOC_CTX *mem_ctx,
strcasecmp((char *)el->values[j].data, "userTemplate") == 0 ||
strcasecmp((char *)el->values[j].data, "groupTemplate") == 0 ||
strcasecmp((char *)el->values[j].data, "foreignSecurityTemplate") == 0 ||
strcasecmp((char *)el->values[j].data, "aliasTemplate") == 0)) {
strcasecmp((char *)el->values[j].data, "aliasTemplate") == 0 ||
strcasecmp((char *)el->values[j].data, "trustedDomainTemplate") == 0 ||
strcasecmp((char *)el->values[j].data, "secretTemplate") == 0)) {
continue;
}
samdb_msg_add_string(sam_ctx, mem_ctx, msg, el->name,
@ -919,6 +922,19 @@ int samdb_msg_set_ldaptime(struct ldb_wrap *sam_ctx, TALLOC_CTX *mem_ctx, struct
*/
int samdb_add(struct ldb_wrap *sam_ctx, TALLOC_CTX *mem_ctx, struct ldb_message *msg)
{
struct GUID guid;
const char *guidstr;
time_t now = time(NULL);
/* a new GUID */
guid = GUID_random();
guidstr = GUID_string(mem_ctx, &guid);
if (!guidstr) {
return -1;
}
samdb_msg_add_string(sam_ctx, mem_ctx, msg, "objectGUID", guidstr);
samdb_msg_set_ldaptime(sam_ctx, mem_ctx, msg, "whenCreated", now);
samdb_msg_set_ldaptime(sam_ctx, mem_ctx, msg, "whenChanged", now);
return ldb_add(sam_ctx->ldb, msg);
}
@ -935,6 +951,8 @@ int samdb_delete(struct ldb_wrap *sam_ctx, TALLOC_CTX *mem_ctx, const char *dn)
*/
int samdb_modify(struct ldb_wrap *sam_ctx, TALLOC_CTX *mem_ctx, struct ldb_message *msg)
{
time_t now = time(NULL);
samdb_msg_set_ldaptime(sam_ctx, mem_ctx, msg, "whenChanged", now);
return ldb_modify(sam_ctx->ldb, msg);
}

2
source/librpc/idl/lsa.idl
View File

@ -263,7 +263,7 @@
[in,ref] policy_handle *handle,
[in,ref] lsa_TrustInformation *info,
[in] uint32 access_mask,
[out,ref] policy_handle *dom_handle
[out,ref] policy_handle *trustdom_handle
);

18
source/provision.ldif
View File

@ -960,3 +960,21 @@ objectClass: Template
objectClass: foreignSecurityPrincipalTemplate
cn: TemplateForeignSecurityPrincipal
name: TemplateForeignSecurityPrincipal
dn: CN=TemplateSecret,CN=Templates,${BASEDN}
objectClass: top
objectClass: leaf
objectClass: Template
objectClass: secretTemplate
cn: TemplateSecret
name: TemplateSecret
instanceType: 4
dn: CN=TemplateTrustedDomain,CN=Templates,${BASEDN}
objectClass: top
objectClass: leaf
objectClass: Template
objectClass: trustedDomainTemplate
cn: TemplateTrustedDomain
name: TemplateTrustedDomain
instanceType: 4

520
source/rpc_server/lsa/dcesrv_lsa.c
View File

@ -36,7 +36,8 @@
enum lsa_handle {
LSA_HANDLE_POLICY,
LSA_HANDLE_ACCOUNT,
LSA_HANDLE_SECRET
LSA_HANDLE_SECRET,
LSA_HANDLE_TRUSTED_DOMAIN
};
/*
@ -79,6 +80,15 @@ struct lsa_secret_state {
BOOL global;
};
/*
state associated with a lsa_OpenTrustedDomain() operation
*/
struct lsa_trusted_domain_state {
struct lsa_policy_state *policy;
uint32_t access_mask;
const char *trusted_domain_dn;
};
/*
lsa_Close
*/
@ -117,6 +127,16 @@ static NTSTATUS lsa_Delete(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_c
return NT_STATUS_INVALID_HANDLE;
}
return NT_STATUS_OK;
} else if (h->wire_handle.handle_type == LSA_HANDLE_TRUSTED_DOMAIN) {
struct lsa_trusted_domain_state *trusted_domain_state = h->data;
ret = samdb_delete(trusted_domain_state->policy->sam_ctx, mem_ctx,
trusted_domain_state->trusted_domain_dn);
talloc_free(h);
if (ret != 0) {
return NT_STATUS_INVALID_HANDLE;
}
return NT_STATUS_OK;
}
@ -520,11 +540,346 @@ static NTSTATUS lsa_EnumAccounts(struct dcesrv_call_state *dce_call, TALLOC_CTX
}
/*
lsa_CreateTrustedDomainEx2
*/
static NTSTATUS lsa_CreateTrustedDomainEx2(struct dcesrv_call_state *dce_call,
TALLOC_CTX *mem_ctx,
struct lsa_CreateTrustedDomainEx2 *r)
{
DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
}
/*
lsa_CreateTrustedDomainEx
*/
static NTSTATUS lsa_CreateTrustedDomainEx(struct dcesrv_call_state *dce_call,
TALLOC_CTX *mem_ctx,
struct lsa_CreateTrustedDomainEx *r)
{
DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
}
/*
lsa_CreateTrustedDomain
*/
static NTSTATUS lsa_CreateTrustedDomain(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
struct lsa_CreateTrustedDomain *r)
{
struct dcesrv_handle *policy_handle;
struct lsa_policy_state *policy_state;
struct lsa_trusted_domain_state *trusted_domain_state;
struct dcesrv_handle *handle;
struct ldb_message **msgs, *msg;
const char *attrs[] = {
NULL
};
const char *name;
int ret;
DCESRV_PULL_HANDLE(policy_handle, r->in.handle, LSA_HANDLE_POLICY);
ZERO_STRUCTP(r->out.trustdom_handle);
policy_state = policy_handle->data;
if (!r->in.info->name.string) {
return NT_STATUS_INVALID_PARAMETER;
}
name = r->in.info->name.string;
trusted_domain_state = talloc(mem_ctx, struct lsa_trusted_domain_state);
if (!trusted_domain_state) {
return NT_STATUS_NO_MEMORY;
}
trusted_domain_state->policy = policy_state;
msg = ldb_msg_new(mem_ctx);
if (msg == NULL) {
return NT_STATUS_NO_MEMORY;
}
/* search for the trusted_domain record */
ret = samdb_search(trusted_domain_state->policy->sam_ctx,
mem_ctx, policy_state->system_dn, &msgs, attrs,
"(&(cn=%s)(objectclass=trustedDomain))",
r->in.info->name.string);
if (ret > 0) {
return NT_STATUS_OBJECT_NAME_COLLISION;
}
if (ret < 0 || ret > 1) {
DEBUG(0,("Found %d records matching DN %s\n", ret, policy_state->system_dn));
return NT_STATUS_INTERNAL_DB_CORRUPTION;
}
msg->dn = talloc_asprintf(mem_ctx, "cn=%s,%s", r->in.info->name.string,
policy_state->system_dn);
if (!msg->dn) {
return NT_STATUS_NO_MEMORY;
}
samdb_msg_add_string(trusted_domain_state->policy->sam_ctx, mem_ctx, msg, "cn", name);
samdb_msg_add_string(trusted_domain_state->policy->sam_ctx, mem_ctx, msg, "flatname", name);
if (r->in.info->sid) {
const char *sid_string = dom_sid_string(mem_ctx, r->in.info->sid);
if (!sid_string) {
return NT_STATUS_NO_MEMORY;
}
samdb_msg_add_string(trusted_domain_state->policy->sam_ctx, mem_ctx, msg, "securityIdentifier", name);
}
/* pull in all the template attributes. Note this is always from the global samdb */
ret = samdb_copy_template(trusted_domain_state->policy->sam_ctx, mem_ctx, msg,
"(&(name=TemplateTrustedDomain)(objectclass=trustedDomainTemplate))");
if (ret != 0) {
DEBUG(0,("Failed to load TemplateTrustedDomain from samdb\n"));
return NT_STATUS_INTERNAL_DB_CORRUPTION;
}
samdb_msg_add_string(trusted_domain_state->policy->sam_ctx, mem_ctx, msg, "objectClass", "trustedDomain");
trusted_domain_state->trusted_domain_dn = talloc_reference(trusted_domain_state, msg->dn);
/* create the trusted_domain */
ret = samdb_add(trusted_domain_state->policy->sam_ctx, mem_ctx, msg);
if (ret != 0) {
DEBUG(0,("Failed to create trusted_domain record %s\n", msg->dn));
return NT_STATUS_INTERNAL_DB_CORRUPTION;
}
handle = dcesrv_handle_new(dce_call->context, LSA_HANDLE_TRUSTED_DOMAIN);
if (!handle) {
return NT_STATUS_NO_MEMORY;
}
handle->data = talloc_steal(handle, trusted_domain_state);
trusted_domain_state->access_mask = r->in.access_mask;
trusted_domain_state->policy = talloc_reference(trusted_domain_state, policy_state);
*r->out.trustdom_handle = handle->wire_handle;
return NT_STATUS_OK;
}
/*
lsa_OpenTrustedDomain
*/
static NTSTATUS lsa_OpenTrustedDomain(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
struct lsa_OpenTrustedDomain *r)
{
struct dcesrv_handle *policy_handle;
struct lsa_policy_state *policy_state;
struct lsa_trusted_domain_state *trusted_domain_state;
struct dcesrv_handle *handle;
struct ldb_message **msgs;
const char *attrs[] = {
NULL
};
const char *sid_string;
int ret;
DCESRV_PULL_HANDLE(policy_handle, r->in.handle, LSA_HANDLE_POLICY);
ZERO_STRUCTP(r->out.trustdom_handle);
policy_state = policy_handle->data;
trusted_domain_state = talloc(mem_ctx, struct lsa_trusted_domain_state);
if (!trusted_domain_state) {
return NT_STATUS_NO_MEMORY;
}
trusted_domain_state->policy = policy_state;
sid_string = dom_sid_string(mem_ctx, r->in.sid);
if (!sid_string) {
return NT_STATUS_NO_MEMORY;
}
/* search for the trusted_domain record */
ret = samdb_search(trusted_domain_state->policy->sam_ctx,
mem_ctx, policy_state->system_dn, &msgs, attrs,
"(&(securityIdentifier=%s)(objectclass=trustedDomain))",
sid_string);
if (ret == 0) {
return NT_STATUS_OBJECT_NAME_NOT_FOUND;
}
if (ret != 1) {
DEBUG(0,("Found %d records matching DN %s\n", ret, policy_state->system_dn));
return NT_STATUS_INTERNAL_DB_CORRUPTION;
}
trusted_domain_state->trusted_domain_dn = talloc_reference(trusted_domain_state, msgs[0]->dn);
handle = dcesrv_handle_new(dce_call->context, LSA_HANDLE_TRUSTED_DOMAIN);
if (!handle) {
return NT_STATUS_NO_MEMORY;
}
handle->data = talloc_steal(handle, trusted_domain_state);
trusted_domain_state->access_mask = r->in.access_mask;
trusted_domain_state->policy = talloc_reference(trusted_domain_state, policy_state);
*r->out.trustdom_handle = handle->wire_handle;
return NT_STATUS_OK;
}
/*
lsa_OpenTrustedDomainByName
*/
static NTSTATUS lsa_OpenTrustedDomainByName(struct dcesrv_call_state *dce_call,
TALLOC_CTX *mem_ctx,
struct lsa_OpenTrustedDomainByName *r)
{
struct dcesrv_handle *policy_handle;
struct lsa_policy_state *policy_state;
struct lsa_trusted_domain_state *trusted_domain_state;
struct dcesrv_handle *handle;
struct ldb_message **msgs;
const char *attrs[] = {
NULL
};
int ret;
DCESRV_PULL_HANDLE(policy_handle, r->in.handle, LSA_HANDLE_POLICY);
ZERO_STRUCTP(r->out.trustdom_handle);
policy_state = policy_handle->data;
if (!r->in.name.string) {
return NT_STATUS_INVALID_PARAMETER;
}
trusted_domain_state = talloc(mem_ctx, struct lsa_trusted_domain_state);
if (!trusted_domain_state) {
return NT_STATUS_NO_MEMORY;
}
/* search for the trusted_domain record */
ret = samdb_search(trusted_domain_state->policy->sam_ctx,
mem_ctx, policy_state->system_dn, &msgs, attrs,
"(&(cn=%s)(objectclass=trustedDomain))",
r->in.name.string);
if (ret == 0) {
return NT_STATUS_OBJECT_NAME_NOT_FOUND;
}
if (ret != 1) {
DEBUG(0,("Found %d records matching DN %s\n", ret, policy_state->system_dn));
return NT_STATUS_INTERNAL_DB_CORRUPTION;
}
trusted_domain_state->trusted_domain_dn = talloc_reference(trusted_domain_state, msgs[0]->dn);
handle = dcesrv_handle_new(dce_call->context, LSA_HANDLE_TRUSTED_DOMAIN);
if (!handle) {
return NT_STATUS_NO_MEMORY;
}
handle->data = talloc_steal(handle, trusted_domain_state);
trusted_domain_state->access_mask = r->in.access_mask;
trusted_domain_state->policy = talloc_reference(trusted_domain_state, policy_state);
*r->out.trustdom_handle = handle->wire_handle;
return NT_STATUS_OK;
}
/*
lsa_QueryTrustedDomainInfoBySid
*/
static NTSTATUS lsa_QueryTrustedDomainInfoBySid(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
struct lsa_QueryTrustedDomainInfoBySid *r)
{
DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
}
/*
lsa_SetTrustDomainInfo
*/
static NTSTATUS lsa_SetTrustDomainInfo(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
struct lsa_SetTrustDomainInfo *r)
{
DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
}
/*
lsa_DeleteTrustDomain
*/
static NTSTATUS lsa_DeleteTrustDomain(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
struct lsa_DeleteTrustDomain *r)
{
DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
}
/*
lsa_QueryTrustedDomainInfo
*/
static NTSTATUS lsa_QueryTrustedDomainInfo(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
struct lsa_QueryTrustedDomainInfo *r)
{
DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
}
/*
lsa_SetInformationTrustedDomain
*/
static NTSTATUS lsa_SetInformationTrustedDomain(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
struct lsa_SetInformationTrustedDomain *r)
{
DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
}
/*
lsa_QueryTrustedDomainInfoByName
*/
static NTSTATUS lsa_QueryTrustedDomainInfoByName(struct dcesrv_call_state *dce_call,
TALLOC_CTX *mem_ctx,
struct lsa_QueryTrustedDomainInfoByName *r)
{
DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
}
/*
lsa_SetTrustedDomainInfoByName
*/
static NTSTATUS lsa_SetTrustedDomainInfoByName(struct dcesrv_call_state *dce_call,
TALLOC_CTX *mem_ctx,
struct lsa_SetTrustedDomainInfoByName *r)
{
DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
}
/*
lsa_EnumTrustedDomainsEx
*/
static NTSTATUS lsa_EnumTrustedDomainsEx(struct dcesrv_call_state *dce_call,
TALLOC_CTX *mem_ctx,
struct lsa_EnumTrustedDomainsEx *r)
{
DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
}
/*
lsa_CloseTrustedDomainEx
*/
static NTSTATUS lsa_CloseTrustedDomainEx(struct dcesrv_call_state *dce_call,
TALLOC_CTX *mem_ctx,
struct lsa_CloseTrustedDomainEx *r)
{
DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
}
@ -990,7 +1345,7 @@ static NTSTATUS lsa_AddRemoveAccountRights(struct dcesrv_call_state *dce_call,
const struct lsa_RightSet *rights)
{
const char *sidstr;
struct ldb_message msg;
struct ldb_message *msg;
struct ldb_message_element el;
int i, ret;
const char *dn;
@ -1001,21 +1356,23 @@ static NTSTATUS lsa_AddRemoveAccountRights(struct dcesrv_call_state *dce_call,
return NT_STATUS_NO_MEMORY;
}
msg = ldb_msg_new(mem_ctx);
if (msg == NULL) {
return NT_STATUS_NO_MEMORY;
}
dn = samdb_search_string(state->sam_ctx, mem_ctx, NULL, "dn",
"objectSid=%s", sidstr);
if (dn == NULL) {
return NT_STATUS_NO_SUCH_USER;
}
msg.dn = talloc_strdup(mem_ctx, dn);
if (msg.dn == NULL) {
msg->dn = talloc_strdup(mem_ctx, dn);
if (msg->dn == NULL) {
return NT_STATUS_NO_MEMORY;
}
msg.num_elements = 1;
msg.elements = &el;
el.flags = ldb_flag;
el.name = talloc_strdup(mem_ctx, "privilege");
if (el.name == NULL) {
if (ldb_msg_add_empty(state->sam_ctx->ldb, msg, "privilege", ldb_flag)) {
return NT_STATUS_NO_MEMORY;
}
@ -1066,7 +1423,7 @@ static NTSTATUS lsa_AddRemoveAccountRights(struct dcesrv_call_state *dce_call,
return NT_STATUS_OK;
}
ret = samdb_modify(state->sam_ctx, mem_ctx, &msg);
ret = samdb_modify(state->sam_ctx, mem_ctx, msg);
if (ret != 0) {
if (ldb_flag == LDB_FLAG_MOD_DELETE) {
return NT_STATUS_OBJECT_NAME_NOT_FOUND;
@ -1216,36 +1573,6 @@ static NTSTATUS lsa_SetSystemAccessAccount(struct dcesrv_call_state *dce_call, T
}
/*
lsa_OpenTrustedDomain
*/
static NTSTATUS lsa_OpenTrustedDomain(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
struct lsa_OpenTrustedDomain *r)
{
DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
}
/*
lsa_QueryTrustedDomainInfo
*/
static NTSTATUS lsa_QueryTrustedDomainInfo(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
struct lsa_QueryTrustedDomainInfo *r)
{
DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
}
/*
lsa_SetInformationTrustedDomain
*/
static NTSTATUS lsa_SetInformationTrustedDomain(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
struct lsa_SetInformationTrustedDomain *r)
{
DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
}
/*
lsa_CreateSecret
*/
@ -1278,6 +1605,7 @@ static NTSTATUS lsa_CreateSecret(struct dcesrv_call_state *dce_call, TALLOC_CTX
if (!secret_state) {
return NT_STATUS_NO_MEMORY;
}
secret_state->policy = policy_state;
msg = ldb_msg_new(mem_ctx);
if (msg == NULL) {
@ -1342,6 +1670,15 @@ static NTSTATUS lsa_CreateSecret(struct dcesrv_call_state *dce_call, TALLOC_CTX
msg->dn = talloc_asprintf(mem_ctx, "cn=%s,cn=LSA Secrets", name);
samdb_msg_add_string(secret_state->sam_ctx, mem_ctx, msg, "cn", name);
}
/* pull in all the template attributes. Note this is always from the global samdb */
ret = samdb_copy_template(secret_state->policy->sam_ctx, mem_ctx, msg,
"(&(name=TemplateSecret)(objectclass=secretTemplate))");
if (ret != 0) {
DEBUG(0,("Failed to load TemplateSecret from samdb\n"));
return NT_STATUS_INTERNAL_DB_CORRUPTION;
}
samdb_msg_add_string(secret_state->sam_ctx, mem_ctx, msg, "objectClass", "secret");
secret_state->secret_dn = talloc_reference(secret_state, msg->dn);
@ -1401,6 +1738,7 @@ static NTSTATUS lsa_OpenSecret(struct dcesrv_call_state *dce_call, TALLOC_CTX *m
if (!secret_state) {
return NT_STATUS_NO_MEMORY;
}
secret_state->policy = policy_state;
if (strncmp("G$", r->in.name.string, 2) == 0) {
name = &r->in.name.string[2];
@ -1952,36 +2290,6 @@ static NTSTATUS lsa_RemoveAccountRights(struct dcesrv_call_state *dce_call,
}
/*
lsa_QueryTrustedDomainInfoBySid
*/
static NTSTATUS lsa_QueryTrustedDomainInfoBySid(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
struct lsa_QueryTrustedDomainInfoBySid *r)
{
DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
}
/*
lsa_SetTrustDomainInfo
*/
static NTSTATUS lsa_SetTrustDomainInfo(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
struct lsa_SetTrustDomainInfo *r)
{
DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
}
/*
lsa_DeleteTrustDomain
*/
static NTSTATUS lsa_DeleteTrustDomain(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
struct lsa_DeleteTrustDomain *r)
{
DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
}
/*
lsa_StorePrivateData
*/
@ -2067,56 +2375,6 @@ static NTSTATUS lsa_SetInfoPolicy2(struct dcesrv_call_state *dce_call,
DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
}
/*
lsa_QueryTrustedDomainInfoByName
*/
static NTSTATUS lsa_QueryTrustedDomainInfoByName(struct dcesrv_call_state *dce_call,
TALLOC_CTX *mem_ctx,
struct lsa_QueryTrustedDomainInfoByName *r)
{
DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
}
/*
lsa_SetTrustedDomainInfoByName
*/
static NTSTATUS lsa_SetTrustedDomainInfoByName(struct dcesrv_call_state *dce_call,
TALLOC_CTX *mem_ctx,
struct lsa_SetTrustedDomainInfoByName *r)
{
DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
}
/*
lsa_EnumTrustedDomainsEx
*/
static NTSTATUS lsa_EnumTrustedDomainsEx(struct dcesrv_call_state *dce_call,
TALLOC_CTX *mem_ctx,
struct lsa_EnumTrustedDomainsEx *r)
{
DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
}
/*
lsa_CreateTrustedDomainEx
*/
static NTSTATUS lsa_CreateTrustedDomainEx(struct dcesrv_call_state *dce_call,
TALLOC_CTX *mem_ctx,
struct lsa_CreateTrustedDomainEx *r)
{
DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
}
/*
lsa_CloseTrustedDomainEx
*/
static NTSTATUS lsa_CloseTrustedDomainEx(struct dcesrv_call_state *dce_call,
TALLOC_CTX *mem_ctx,
struct lsa_CloseTrustedDomainEx *r)
{
DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
}
/*
lsa_QueryDomainInformationPolicy
*/
@ -2137,16 +2395,6 @@ static NTSTATUS lsa_SetDomInfoPolicy(struct dcesrv_call_state *dce_call,
DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
}
/*
lsa_OpenTrustedDomainByName
*/
static NTSTATUS lsa_OpenTrustedDomainByName(struct dcesrv_call_state *dce_call,
TALLOC_CTX *mem_ctx,
struct lsa_OpenTrustedDomainByName *r)
{
DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
}
/*
lsa_TestCall
*/
@ -2395,18 +2643,6 @@ static NTSTATUS lsa_LookupNames(struct dcesrv_call_state *dce_call, TALLOC_CTX *
return status;
}
/*
lsa_CreateTrustedDomainEx2
*/
static NTSTATUS lsa_CreateTrustedDomainEx2(struct dcesrv_call_state *dce_call,
TALLOC_CTX *mem_ctx,
struct lsa_CreateTrustedDomainEx2 *r)
{
DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
}
/*
lsa_CREDRWRITE
*/

42
source/rpc_server/samr/dcesrv_samr.c
View File

@ -468,9 +468,7 @@ static NTSTATUS samr_CreateDomainGroup(struct dcesrv_call_state *dce_call, TALLO
const char *name;
struct ldb_message *msg;
uint32_t rid;
const char *groupname, *sidstr, *guidstr;
struct GUID guid;
time_t now = time(NULL);
const char *groupname, *sidstr;
struct dcesrv_handle *g_handle;
int ret;
NTSTATUS status;
@ -523,13 +521,6 @@ static NTSTATUS samr_CreateDomainGroup(struct dcesrv_call_state *dce_call, TALLO
return NT_STATUS_NO_MEMORY;
}
/* a new GUID */
guid = GUID_random();
guidstr = GUID_string(mem_ctx, &guid);
if (!guidstr) {
return NT_STATUS_NO_MEMORY;
}
/* add core elements to the ldb_message for the user */
msg->dn = talloc_asprintf(mem_ctx, "CN=%s,CN=Users,%s", groupname,
d_state->domain_dn);
@ -541,9 +532,6 @@ static NTSTATUS samr_CreateDomainGroup(struct dcesrv_call_state *dce_call, TALLO
samdb_msg_add_string(d_state->sam_ctx, mem_ctx, msg, "sAMAccountName", groupname);
samdb_msg_add_string(d_state->sam_ctx, mem_ctx, msg, "objectClass", "group");
samdb_msg_add_string(d_state->sam_ctx, mem_ctx, msg, "objectSid", sidstr);
samdb_msg_add_string(d_state->sam_ctx, mem_ctx, msg, "objectGUID", guidstr);
samdb_msg_set_ldaptime(d_state->sam_ctx, mem_ctx, msg, "whenCreated", now);
samdb_msg_set_ldaptime(d_state->sam_ctx, mem_ctx, msg, "whenChanged", now);
/* create the group */
ret = samdb_add(d_state->sam_ctx, mem_ctx, msg);
@ -703,9 +691,7 @@ static NTSTATUS samr_CreateUser2(struct dcesrv_call_state *dce_call, TALLOC_CTX
const char *name;
struct ldb_message *msg;
uint32_t rid;
const char *account_name, *sidstr, *guidstr;
struct GUID guid;
time_t now = time(NULL);
const char *account_name, *sidstr;
struct dcesrv_handle *u_handle;
int ret;
NTSTATUS status;
@ -803,13 +789,6 @@ static NTSTATUS samr_CreateUser2(struct dcesrv_call_state *dce_call, TALLOC_CTX
return NT_STATUS_NO_MEMORY;
}
/* a new GUID */
guid = GUID_random();
guidstr = GUID_string(mem_ctx, &guid);
if (!guidstr) {
return NT_STATUS_NO_MEMORY;
}
/* add core elements to the ldb_message for the user */
msg->dn = talloc_asprintf(mem_ctx, "CN=%s,CN=%s,%s", account_name, container, d_state->domain_dn);
if (!msg->dn) {
@ -823,9 +802,6 @@ static NTSTATUS samr_CreateUser2(struct dcesrv_call_state *dce_call, TALLOC_CTX
samdb_msg_add_string(d_state->sam_ctx, mem_ctx, msg, "objectClass", additional_class);
}
samdb_msg_add_string(d_state->sam_ctx, mem_ctx, msg, "objectSid", sidstr);
samdb_msg_add_string(d_state->sam_ctx, mem_ctx, msg, "objectGUID", guidstr);
samdb_msg_set_ldaptime(d_state->sam_ctx, mem_ctx, msg, "whenCreated", now);
samdb_msg_set_ldaptime(d_state->sam_ctx, mem_ctx, msg, "whenChanged", now);
/* create the user */
ret = samdb_add(d_state->sam_ctx, mem_ctx, msg);
@ -973,9 +949,7 @@ static NTSTATUS samr_CreateDomAlias(struct dcesrv_call_state *dce_call, TALLOC_C
struct samr_domain_state *d_state;
struct samr_account_state *a_state;
struct dcesrv_handle *h;
const char *aliasname, *name, *sidstr, *guidstr;
struct GUID guid;
time_t now = time(NULL);
const char *aliasname, *name, *sidstr;
struct ldb_message *msg;
uint32_t rid;
struct dcesrv_handle *a_handle;
@ -1032,13 +1006,6 @@ static NTSTATUS samr_CreateDomAlias(struct dcesrv_call_state *dce_call, TALLOC_C
return NT_STATUS_NO_MEMORY;
}
/* a new GUID */
guid = GUID_random();
guidstr = GUID_string(mem_ctx, &guid);
if (!guidstr) {
return NT_STATUS_NO_MEMORY;
}
/* add core elements to the ldb_message for the alias */
msg->dn = talloc_asprintf(mem_ctx, "CN=%s,CN=Users,%s", aliasname,
d_state->domain_dn);
@ -1051,9 +1018,6 @@ static NTSTATUS samr_CreateDomAlias(struct dcesrv_call_state *dce_call, TALLOC_C
samdb_msg_add_string(d_state->sam_ctx, mem_ctx, msg, "sAMAccountName", aliasname);
samdb_msg_add_string(d_state->sam_ctx, mem_ctx, msg, "objectClass", "group");
samdb_msg_add_string(d_state->sam_ctx, mem_ctx, msg, "objectSid", sidstr);
samdb_msg_add_string(d_state->sam_ctx, mem_ctx, msg, "objectGUID", guidstr);
samdb_msg_set_ldaptime(d_state->sam_ctx, mem_ctx, msg, "whenCreated", now);
samdb_msg_set_ldaptime(d_state->sam_ctx, mem_ctx, msg, "whenChanged", now);
/* create the alias */
ret = samdb_add(d_state->sam_ctx, mem_ctx, msg);

6
source/torture/rpc/lsa.c
View File

@ -639,7 +639,7 @@ static BOOL test_CreateTrustedDomain(struct dcerpc_pipe *p,
struct lsa_CreateTrustedDomain r;
struct lsa_TrustInformation trustinfo;
struct dom_sid *domsid;
struct policy_handle dom_handle;
struct policy_handle trustdom_handle;
printf("Testing CreateTrustedDomain\n");
@ -651,7 +651,7 @@ static BOOL test_CreateTrustedDomain(struct dcerpc_pipe *p,
r.in.handle = handle;
r.in.info = &trustinfo;
r.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
r.out.dom_handle = &dom_handle;
r.out.trustdom_handle = &trustdom_handle;
status = dcerpc_lsa_CreateTrustedDomain(p, mem_ctx, &r);
if (NT_STATUS_EQUAL(status, NT_STATUS_OBJECT_NAME_COLLISION)) {
@ -663,7 +663,7 @@ static BOOL test_CreateTrustedDomain(struct dcerpc_pipe *p,
return False;
}
if (!test_Delete(p, mem_ctx, &dom_handle)) {
if (!test_Delete(p, mem_ctx, &trustdom_handle)) {
return False;
}