sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2024-12-25 23:21:54 +03:00
Code

Merge branch 'master' of ssh://git.samba.org/data/git/samba

Browse Source
This commit is contained in:
Jelmer Vernooij 2008-10-27 23:41:48 +01:00
commit 35f12009af
23 changed files with 414 additions and 1472 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
source3/librpc/idl/lsa.idl → librpc/idl/lsa.idl
View File

@ -91,14 +91,12 @@ import "misc.idl", "security.idl";
/******************/
/* Function: 0x03 */
NTSTATUS lsa_QuerySecurity (
[in] policy_handle *handle,
[in] security_secinfo sec_info,
[out,ref] sec_desc_buf **sdbuf
);
/******************/
/* Function: 0x04 */
NTSTATUS lsa_SetSecObj(
@ -336,7 +334,6 @@ import "misc.idl", "security.idl";
[in,range(0,8192)] uint32 num_entries
);
/*************************************************/
/* Function: 0x0c */
@ -394,8 +391,6 @@ import "misc.idl", "security.idl";
} lsa_TransSidArray;
const int LSA_REF_DOMAIN_LIST_MULTIPLIER = 32;
const int MAX_REF_DOMAINS = LSA_REF_DOMAIN_LIST_MULTIPLIER;
typedef struct {
[range(0,1000)] uint32 count;
[size_is(count)] lsa_DomainInfo *domains;
@ -445,9 +440,6 @@ import "misc.idl", "security.idl";
[size_is(count)] lsa_TranslatedName *names;
} lsa_TransNameArray;
/* This number is based on Win2k and later maximum response allowed */
const int MAX_LOOKUP_SIDS = 0x5000; /* 20480 */
[public] NTSTATUS lsa_LookupSids(
[in] policy_handle *handle,
[in,ref] lsa_SidArray *sids,

2
source3/Makefile.in
View File

@ -1214,7 +1214,7 @@ modules:: SHOWFLAGS $(MODULES)
## Perl IDL Compiler
samba3-idl::
@PIDL_ARGS="$(PIDL_ARGS)" CPP="$(CPP)" PIDL="../pidl/pidl" \
srcdir="$(srcdir)" $(srcdir)/script/build_idl.sh librpc/idl/lsa.idl \
srcdir="$(srcdir)" $(srcdir)/script/build_idl.sh ../librpc/idl/lsa.idl \
../librpc/idl/dfs.idl ../librpc/idl/echo.idl ../librpc/idl/winreg.idl \
../librpc/idl/initshutdown.idl librpc/idl/srvsvc.idl ../librpc/idl/svcctl.idl \
../librpc/idl/eventlog.idl ../librpc/idl/wkssvc.idl librpc/idl/netlogon.idl \

2
source3/librpc/gen_ndr/lsa.h
View File

@ -9,8 +9,6 @@
#define LSA_ENUM_TRUST_DOMAIN_MULTIPLIER ( 60 )
#define LSA_REF_DOMAIN_LIST_MULTIPLIER ( 32 )
#define MAX_REF_DOMAINS ( LSA_REF_DOMAIN_LIST_MULTIPLIER )
#define MAX_LOOKUP_SIDS ( 0x5000 )
#define LSA_ENUM_TRUST_DOMAIN_EX_MULTIPLIER ( 82 )
#define LSA_CLIENT_REVISION_NO_DNS ( 0x00000001 )
#define LSA_CLIENT_REVISION_DNS ( 0x00000002 )

8
source3/passdb/lookup_sid.c
View File

@ -746,7 +746,7 @@ NTSTATUS lookup_sids(TALLOC_CTX *mem_ctx, int num_sids,
}
dom_infos = TALLOC_ZERO_ARRAY(mem_ctx, struct lsa_dom_info,
MAX_REF_DOMAINS);
LSA_REF_DOMAIN_LIST_MULTIPLIER);
if (dom_infos == NULL) {
result = NT_STATUS_NO_MEMORY;
goto fail;
@ -816,7 +816,7 @@ NTSTATUS lookup_sids(TALLOC_CTX *mem_ctx, int num_sids,
continue;
}
for (j=0; j<MAX_REF_DOMAINS; j++) {
for (j=0; j<LSA_REF_DOMAIN_LIST_MULTIPLIER; j++) {
if (!dom_infos[j].valid) {
break;
}
@ -825,7 +825,7 @@ NTSTATUS lookup_sids(TALLOC_CTX *mem_ctx, int num_sids,
}
}
if (j == MAX_REF_DOMAINS) {
if (j == LSA_REF_DOMAIN_LIST_MULTIPLIER) {
/* TODO: What's the right error message here? */
result = NT_STATUS_NONE_MAPPED;
goto fail;
@ -869,7 +869,7 @@ NTSTATUS lookup_sids(TALLOC_CTX *mem_ctx, int num_sids,
/* Iterate over the domains found */
for (i=0; i<MAX_REF_DOMAINS; i++) {
for (i=0; i<LSA_REF_DOMAIN_LIST_MULTIPLIER; i++) {
uint32_t *rids;
const char *domain_name = NULL;
const char **names;

8
source3/rpc_server/srv_lsa_nt.c
View File

@ -33,6 +33,8 @@
#undef DBGC_CLASS
#define DBGC_CLASS DBGC_RPC_SRV
#define MAX_LOOKUP_SIDS 0x5000 /* 20480 */
extern PRIVS privs[];
struct lsa_info {
@ -68,13 +70,13 @@ static int init_lsa_ref_domain_list(TALLOC_CTX *mem_ctx,
num = ref->count;
}
if (num >= MAX_REF_DOMAINS) {
if (num >= LSA_REF_DOMAIN_LIST_MULTIPLIER) {
/* index not found, already at maximum domain limit */
return -1;
}
ref->count = num + 1;
ref->max_size = MAX_REF_DOMAINS;
ref->max_size = LSA_REF_DOMAIN_LIST_MULTIPLIER;
ref->domains = TALLOC_REALLOC_ARRAY(mem_ctx, ref->domains,
struct lsa_DomainInfo, ref->count);
@ -725,7 +727,7 @@ static NTSTATUS _lsa_lookup_sids_internal(pipes_struct *p,
return NT_STATUS_NO_MEMORY;
}
for (i=0; i<MAX_REF_DOMAINS; i++) {
for (i=0; i<LSA_REF_DOMAIN_LIST_MULTIPLIER; i++) {
if (!dom_infos[i].valid) {
break;

8
source4/libcli/util/clilsa.c
View File

@ -202,6 +202,7 @@ NTSTATUS smblsa_lookup_sid(struct smbcli_state *cli,
struct lsa_LookupSids r;
struct lsa_TransNameArray names;
struct lsa_SidArray sids;
struct lsa_RefDomainList *domains = NULL;
uint32_t count = 1;
NTSTATUS status;
struct dom_sid *sid;
@ -231,6 +232,7 @@ NTSTATUS smblsa_lookup_sid(struct smbcli_state *cli,
r.in.count = &count;
r.out.count = &count;
r.out.names = &names;
r.out.domains = &domains;
status = dcerpc_lsa_LookupSids(cli->lsa->pipe, mem_ctx2, &r);
if (!NT_STATUS_IS_OK(status)) {
@ -243,7 +245,7 @@ NTSTATUS smblsa_lookup_sid(struct smbcli_state *cli,
}
(*name) = talloc_asprintf(mem_ctx, "%s\\%s",
r.out.domains->domains[0].name.string,
domains->domains[0].name.string,
names.names[0].name.string);
talloc_free(mem_ctx2);
@ -262,6 +264,7 @@ NTSTATUS smblsa_lookup_name(struct smbcli_state *cli,
struct lsa_LookupNames r;
struct lsa_TransSidArray sids;
struct lsa_String names;
struct lsa_RefDomainList *domains = NULL;
uint32_t count = 1;
NTSTATUS status;
struct dom_sid *sid;
@ -286,6 +289,7 @@ NTSTATUS smblsa_lookup_name(struct smbcli_state *cli,
r.in.count = &count;
r.out.count = &count;
r.out.sids = &sids;
r.out.domains = &domains;
status = dcerpc_lsa_LookupNames(cli->lsa->pipe, mem_ctx2, &r);
if (!NT_STATUS_IS_OK(status)) {
@ -297,7 +301,7 @@ NTSTATUS smblsa_lookup_name(struct smbcli_state *cli,
return NT_STATUS_UNSUCCESSFUL;
}
sid = r.out.domains->domains[0].sid;
sid = domains->domains[0].sid;
rid = sids.sids[0].rid;
(*sid_str) = talloc_asprintf(mem_ctx, "%s-%u",

8
source4/libnet/libnet_group.c
View File

@ -444,6 +444,8 @@ struct composite_context *libnet_GroupList_send(struct libnet_context *ctx,
/* prepare arguments of QueryDomainInfo call */
s->query_domain.in.handle = &ctx->lsa.handle;
s->query_domain.in.level = LSA_POLICY_INFO_DOMAIN;
s->query_domain.out.info = talloc_zero(c, union lsa_PolicyInformation *);
if (composite_nomem(s->query_domain.out.info, c)) return c;
/* send the request */
query_req = dcerpc_lsa_QueryInfoPolicy_send(ctx->lsa.pipe, c, &s->query_domain);
@ -474,6 +476,8 @@ static void continue_lsa_domain_opened(struct composite_context *ctx)
/* prepare arguments of QueryDomainInfo call */
s->query_domain.in.handle = &s->ctx->lsa.handle;
s->query_domain.in.level = LSA_POLICY_INFO_DOMAIN;
s->query_domain.out.info = talloc_zero(c, union lsa_PolicyInformation *);
if (composite_nomem(s->query_domain.out.info, c)) return;
/* send the request */
query_req = dcerpc_lsa_QueryInfoPolicy_send(s->ctx->lsa.pipe, c, &s->query_domain);
@ -502,7 +506,7 @@ static void continue_domain_queried(struct rpc_request *req)
if (!composite_is_ok(c)) return;
/* get the returned domain info */
s->dominfo = s->query_domain.out.info->domain;
s->dominfo = (*s->query_domain.out.info)->domain;
/* make sure we have samr domain handle before continuing */
prereq_met = samr_domain_opened(s->ctx, s->domain_name, &c, &s->domain_open,
@ -592,7 +596,7 @@ static void continue_groups_enumerated(struct rpc_request *req)
for (i = 0; i < s->group_list.out.sam->count; i++) {
struct dom_sid *group_sid;
struct samr_SamEntry *entry = &s->group_list.out.sam->entries[i];
struct dom_sid *domain_sid = s->query_domain.out.info->domain.sid;
struct dom_sid *domain_sid = (*s->query_domain.out.info)->domain.sid;
/* construct group sid from returned rid and queried domain sid */
group_sid = dom_sid_add_rid(c, domain_sid, entry->idx);

4
source4/libnet/libnet_lookup.c
View File

@ -312,6 +312,8 @@ static bool prepare_lookup_params(struct libnet_context *ctx,
s->lookup.in.count = &s->count;
s->lookup.out.count = &s->count;
s->lookup.out.sids = &s->sids;
s->lookup.out.domains = talloc_zero(ctx, struct lsa_RefDomainList *);
if (composite_nomem(s->lookup.out.domains, c)) return false;
return true;
}
@ -372,7 +374,7 @@ NTSTATUS libnet_LookupName_recv(struct composite_context *c, TALLOC_CTX *mem_ctx
io->out.sidstr = NULL;
if (*s->lookup.out.count > 0) {
struct lsa_RefDomainList *domains = s->lookup.out.domains;
struct lsa_RefDomainList *domains = *s->lookup.out.domains;
struct lsa_TransSidArray *sids = s->lookup.out.sids;
if (domains == NULL || sids == NULL) {

12
source4/libnet/libnet_rpc.c
View File

@ -607,6 +607,8 @@ static void continue_lsa_policy(struct rpc_request *req)
/* query lsa info for dns domain name and guid */
s->lsa_query_info2.in.handle = &s->lsa_handle;
s->lsa_query_info2.in.level = LSA_POLICY_INFO_DNS;
s->lsa_query_info2.out.info = talloc_zero(c, union lsa_PolicyInformation *);
if (composite_nomem(s->lsa_query_info2.out.info, c)) return;
query_info_req = dcerpc_lsa_QueryInfoPolicy2_send(s->lsa_pipe, c, &s->lsa_query_info2);
if (composite_nomem(query_info_req, c)) return;
@ -658,13 +660,13 @@ static void continue_lsa_query_info2(struct rpc_request *req)
/* Copy the dns domain name and guid from the query result */
/* this should actually be a conversion from lsa_StringLarge */
s->r.out.realm = s->lsa_query_info2.out.info->dns.dns_domain.string;
s->r.out.realm = (*s->lsa_query_info2.out.info)->dns.dns_domain.string;
s->r.out.guid = talloc(c, struct GUID);
if (composite_nomem(s->r.out.guid, c)) {
s->r.out.error_string = NULL;
return;
}
*s->r.out.guid = s->lsa_query_info2.out.info->dns.domain_guid;
*s->r.out.guid = (*s->lsa_query_info2.out.info)->dns.domain_guid;
}
/* post monitor message */
@ -680,6 +682,8 @@ static void continue_lsa_query_info2(struct rpc_request *req)
/* query lsa info for domain name and sid */
s->lsa_query_info.in.handle = &s->lsa_handle;
s->lsa_query_info.in.level = LSA_POLICY_INFO_DOMAIN;
s->lsa_query_info.out.info = talloc_zero(c, union lsa_PolicyInformation *);
if (composite_nomem(s->lsa_query_info.out.info, c)) return;
query_info_req = dcerpc_lsa_QueryInfoPolicy_send(s->lsa_pipe, c, &s->lsa_query_info);
if (composite_nomem(query_info_req, c)) return;
@ -719,8 +723,8 @@ static void continue_lsa_query_info(struct rpc_request *req)
}
/* Copy the domain name and sid from the query result */
s->r.out.domain_sid = s->lsa_query_info.out.info->domain.sid;
s->r.out.domain_name = s->lsa_query_info.out.info->domain.name.string;
s->r.out.domain_sid = (*s->lsa_query_info.out.info)->domain.sid;
s->r.out.domain_name = (*s->lsa_query_info.out.info)->domain.name.string;
continue_epm_map_binding_send(c);
}

8
source4/libnet/libnet_user.c
View File

@ -957,6 +957,8 @@ struct composite_context* libnet_UserList_send(struct libnet_context *ctx,
/* prepare arguments of QueryDomainInfo call */
s->query_domain.in.handle = &ctx->lsa.handle;
s->query_domain.in.level = LSA_POLICY_INFO_DOMAIN;
s->query_domain.out.info = talloc_zero(c, union lsa_PolicyInformation *);
if (composite_nomem(s->query_domain.out.info, c)) return c;
/* send the request */
query_req = dcerpc_lsa_QueryInfoPolicy_send(ctx->lsa.pipe, c, &s->query_domain);
@ -987,6 +989,8 @@ static void continue_lsa_domain_opened(struct composite_context *ctx)
/* prepare arguments of QueryDomainInfo call */
s->query_domain.in.handle = &s->ctx->lsa.handle;
s->query_domain.in.level = LSA_POLICY_INFO_DOMAIN;
s->query_domain.out.info = talloc_zero(c, union lsa_PolicyInformation *);
if (composite_nomem(s->query_domain.out.info, c)) return;
/* send the request */
query_req = dcerpc_lsa_QueryInfoPolicy_send(s->ctx->lsa.pipe, c, &s->query_domain);
@ -1015,7 +1019,7 @@ static void continue_domain_queried(struct rpc_request *req)
if (!composite_is_ok(c)) return;
/* get the returned domain info */
s->dominfo = s->query_domain.out.info->domain;
s->dominfo = (*s->query_domain.out.info)->domain;
/* make sure we have samr domain handle before continuing */
prereq_met = samr_domain_opened(s->ctx, s->domain_name, &c, &s->domain_open,
@ -1107,7 +1111,7 @@ static void continue_users_enumerated(struct rpc_request *req)
for (i = 0; i < s->user_list.out.sam->count; i++) {
struct dom_sid *user_sid;
struct samr_SamEntry *entry = &s->user_list.out.sam->entries[i];
struct dom_sid *domain_sid = s->query_domain.out.info->domain.sid;
struct dom_sid *domain_sid = (*s->query_domain.out.info)->domain.sid;
/* construct user sid from returned rid and queried domain sid */
user_sid = dom_sid_add_rid(c, domain_sid, entry->idx);

1222
source4/librpc/idl/lsa.idl
View File

File diff suppressed because it is too large Load Diff

178
source4/rpc_server/lsa/dcesrv_lsa.c
View File

@ -434,67 +434,67 @@ static NTSTATUS dcesrv_lsa_QueryInfoPolicy2(struct dcesrv_call_state *dce_call,
{
struct lsa_policy_state *state;
struct dcesrv_handle *h;
union lsa_PolicyInformation *info;
r->out.info = NULL;
*r->out.info = NULL;
DCESRV_PULL_HANDLE(h, r->in.handle, LSA_HANDLE_POLICY);
state = h->data;
r->out.info = talloc(mem_ctx, union lsa_PolicyInformation);
if (!r->out.info) {
info = talloc_zero(mem_ctx, union lsa_PolicyInformation);
if (!info) {
return NT_STATUS_NO_MEMORY;
}
ZERO_STRUCTP(r->out.info);
*r->out.info = info;
switch (r->in.level) {
case LSA_POLICY_INFO_AUDIT_LOG:
/* we don't need to fill in any of this */
ZERO_STRUCT(r->out.info->audit_log);
ZERO_STRUCT(info->audit_log);
return NT_STATUS_OK;
case LSA_POLICY_INFO_AUDIT_EVENTS:
/* we don't need to fill in any of this */
ZERO_STRUCT(r->out.info->audit_events);
ZERO_STRUCT(info->audit_events);
return NT_STATUS_OK;
case LSA_POLICY_INFO_PD:
/* we don't need to fill in any of this */
ZERO_STRUCT(r->out.info->pd);
ZERO_STRUCT(info->pd);
return NT_STATUS_OK;
case LSA_POLICY_INFO_DOMAIN:
return dcesrv_lsa_info_AccountDomain(state, mem_ctx, &r->out.info->domain);
return dcesrv_lsa_info_AccountDomain(state, mem_ctx, &info->domain);
case LSA_POLICY_INFO_ACCOUNT_DOMAIN:
return dcesrv_lsa_info_AccountDomain(state, mem_ctx, &r->out.info->account_domain);
return dcesrv_lsa_info_AccountDomain(state, mem_ctx, &info->account_domain);
case LSA_POLICY_INFO_L_ACCOUNT_DOMAIN:
return dcesrv_lsa_info_AccountDomain(state, mem_ctx, &r->out.info->l_account_domain);
return dcesrv_lsa_info_AccountDomain(state, mem_ctx, &info->l_account_domain);
case LSA_POLICY_INFO_ROLE:
r->out.info->role.role = LSA_ROLE_PRIMARY;
info->role.role = LSA_ROLE_PRIMARY;
return NT_STATUS_OK;
case LSA_POLICY_INFO_DNS:
case LSA_POLICY_INFO_DNS_INT:
return dcesrv_lsa_info_DNS(state, mem_ctx, &r->out.info->dns);
return dcesrv_lsa_info_DNS(state, mem_ctx, &info->dns);
case LSA_POLICY_INFO_REPLICA:
ZERO_STRUCT(r->out.info->replica);
ZERO_STRUCT(info->replica);
return NT_STATUS_OK;
case LSA_POLICY_INFO_QUOTA:
ZERO_STRUCT(r->out.info->quota);
ZERO_STRUCT(info->quota);
return NT_STATUS_OK;
case LSA_POLICY_INFO_MOD:
case LSA_POLICY_INFO_AUDIT_FULL_SET:
case LSA_POLICY_INFO_AUDIT_FULL_QUERY:
/* windows gives INVALID_PARAMETER */
r->out.info = NULL;
*r->out.info = NULL;
return NT_STATUS_INVALID_PARAMETER;
}
r->out.info = NULL;
*r->out.info = NULL;
return NT_STATUS_INVALID_INFO_CLASS;
}
@ -511,11 +511,10 @@ static NTSTATUS dcesrv_lsa_QueryInfoPolicy(struct dcesrv_call_state *dce_call, T
r2.in.handle = r->in.handle;
r2.in.level = r->in.level;
r2.out.info = r->out.info;
status = dcesrv_lsa_QueryInfoPolicy2(dce_call, mem_ctx, &r2);
r->out.info = r2.out.info;
return status;
}
@ -1314,6 +1313,7 @@ static NTSTATUS fill_trust_domain_ex(TALLOC_CTX *mem_ctx,
static NTSTATUS dcesrv_lsa_QueryTrustedDomainInfo(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
struct lsa_QueryTrustedDomainInfo *r)
{
union lsa_TrustedDomainInfo *info = NULL;
struct dcesrv_handle *h;
struct lsa_trusted_domain_state *trusted_domain_state;
struct ldb_message *msg;
@ -1342,17 +1342,19 @@ static NTSTATUS dcesrv_lsa_QueryTrustedDomainInfo(struct dcesrv_call_state *dce_
}
msg = res[0];
r->out.info = talloc(mem_ctx, union lsa_TrustedDomainInfo);
if (!r->out.info) {
info = talloc_zero(mem_ctx, union lsa_TrustedDomainInfo);
if (!info) {
return NT_STATUS_NO_MEMORY;
}
*r->out.info = info;
switch (r->in.level) {
case LSA_TRUSTED_DOMAIN_INFO_NAME:
r->out.info->name.netbios_name.string
info->name.netbios_name.string
= samdb_result_string(msg, "flatname", NULL);
break;
case LSA_TRUSTED_DOMAIN_INFO_POSIX_OFFSET:
r->out.info->posix_offset.posix_offset
info->posix_offset.posix_offset
= samdb_result_uint(msg, "posixOffset", 0);
break;
#if 0 /* Win2k3 doesn't implement this */
@ -1364,32 +1366,32 @@ static NTSTATUS dcesrv_lsa_QueryTrustedDomainInfo(struct dcesrv_call_state *dce_
break;
#endif
case LSA_TRUSTED_DOMAIN_INFO_INFO_EX:
return fill_trust_domain_ex(mem_ctx, msg, &r->out.info->info_ex);
return fill_trust_domain_ex(mem_ctx, msg, &info->info_ex);
case LSA_TRUSTED_DOMAIN_INFO_FULL_INFO:
ZERO_STRUCT(r->out.info->full_info);
return fill_trust_domain_ex(mem_ctx, msg, &r->out.info->full_info.info_ex);
ZERO_STRUCT(info->full_info);
return fill_trust_domain_ex(mem_ctx, msg, &info->full_info.info_ex);
case LSA_TRUSTED_DOMAIN_INFO_FULL_INFO_2_INTERNAL:
ZERO_STRUCT(r->out.info->full_info2_internal);
r->out.info->full_info2_internal.posix_offset.posix_offset
ZERO_STRUCT(info->full_info2_internal);
info->full_info2_internal.posix_offset.posix_offset
= samdb_result_uint(msg, "posixOffset", 0);
return fill_trust_domain_ex(mem_ctx, msg, &r->out.info->full_info2_internal.info.info_ex);
return fill_trust_domain_ex(mem_ctx, msg, &info->full_info2_internal.info.info_ex);
case LSA_TRUSTED_DOMAIN_SUPPORTED_ENCRTYPION_TYPES:
r->out.info->enc_types.enc_types
info->enc_types.enc_types
= samdb_result_uint(msg, "msDs-supportedEncryptionTypes", KERB_ENCTYPE_RC4_HMAC_MD5);
break;
case LSA_TRUSTED_DOMAIN_INFO_CONTROLLERS:
case LSA_TRUSTED_DOMAIN_INFO_INFO_EX2_INTERNAL:
/* oops, we don't want to return the info after all */
talloc_free(r->out.info);
talloc_free(info);
r->out.info = NULL;
return NT_STATUS_INVALID_PARAMETER;
default:
/* oops, we don't want to return the info after all */
talloc_free(r->out.info);
talloc_free(info);
r->out.info = NULL;
return NT_STATUS_INVALID_INFO_CLASS;
}
@ -1407,6 +1409,7 @@ static NTSTATUS dcesrv_lsa_QueryTrustedDomainInfoBySid(struct dcesrv_call_state
NTSTATUS status;
struct lsa_OpenTrustedDomain open;
struct lsa_QueryTrustedDomainInfo query;
union lsa_TrustedDomainInfo *info;
struct dcesrv_handle *h;
open.in.handle = r->in.handle;
open.in.sid = r->in.dom_sid;
@ -1426,12 +1429,12 @@ static NTSTATUS dcesrv_lsa_QueryTrustedDomainInfoBySid(struct dcesrv_call_state
query.in.trustdom_handle = open.out.trustdom_handle;
query.in.level = r->in.level;
query.out.info = r->out.info;
status = dcesrv_lsa_QueryTrustedDomainInfo(dce_call, mem_ctx, &query);
if (!NT_STATUS_IS_OK(status)) {
return status;
}
r->out.info = query.out.info;
return NT_STATUS_OK;
}
@ -1457,7 +1460,7 @@ static NTSTATUS dcesrv_lsa_QueryTrustedDomainInfoByName(struct dcesrv_call_state
struct lsa_QueryTrustedDomainInfo query;
struct dcesrv_handle *h;
open.in.handle = r->in.handle;
open.in.name = r->in.trusted_domain;
open.in.name = *r->in.trusted_domain;
open.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
open.out.trustdom_handle = talloc(mem_ctx, struct policy_handle);
if (!open.out.trustdom_handle) {
@ -1474,12 +1477,12 @@ static NTSTATUS dcesrv_lsa_QueryTrustedDomainInfoByName(struct dcesrv_call_state
query.in.trustdom_handle = open.out.trustdom_handle;
query.in.level = r->in.level;
query.out.info = r->out.info;
status = dcesrv_lsa_QueryTrustedDomainInfo(dce_call, mem_ctx, &query);
if (!NT_STATUS_IS_OK(status)) {
return status;
}
r->out.info = query.out.info;
return NT_STATUS_OK;
}
@ -1724,15 +1727,21 @@ static NTSTATUS dcesrv_lsa_EnumPrivsAccount(struct dcesrv_call_state *dce_call,
const char * const attrs[] = { "privilege", NULL};
struct ldb_message_element *el;
const char *sidstr;
struct lsa_PrivilegeSet *privs;
DCESRV_PULL_HANDLE(h, r->in.handle, LSA_HANDLE_ACCOUNT);
astate = h->data;
r->out.privs = talloc(mem_ctx, struct lsa_PrivilegeSet);
r->out.privs->count = 0;
r->out.privs->unknown = 0;
r->out.privs->set = NULL;
privs = talloc(mem_ctx, struct lsa_PrivilegeSet);
if (privs == NULL) {
return NT_STATUS_NO_MEMORY;
}
privs->count = 0;
privs->unknown = 0;
privs->set = NULL;
*r->out.privs = privs;
sidstr = ldap_encode_ndr_dom_sid(mem_ctx, astate->account_sid);
if (sidstr == NULL) {
@ -1750,9 +1759,9 @@ static NTSTATUS dcesrv_lsa_EnumPrivsAccount(struct dcesrv_call_state *dce_call,
return NT_STATUS_OK;
}
r->out.privs->set = talloc_array(r->out.privs,
privs->set = talloc_array(privs,
struct lsa_LUIDAttribute, el->num_values);
if (r->out.privs->set == NULL) {
if (privs->set == NULL) {
return NT_STATUS_NO_MEMORY;
}
@ -1761,12 +1770,12 @@ static NTSTATUS dcesrv_lsa_EnumPrivsAccount(struct dcesrv_call_state *dce_call,
if (id == -1) {
return NT_STATUS_INTERNAL_DB_CORRUPTION;
}
r->out.privs->set[i].attribute = 0;
r->out.privs->set[i].luid.low = id;
r->out.privs->set[i].luid.high = 0;
privs->set[i].attribute = 0;
privs->set[i].luid.low = id;
privs->set[i].luid.high = 0;
}
r->out.privs->count = el->num_values;
privs->count = el->num_values;
return NT_STATUS_OK;
}
@ -2058,8 +2067,18 @@ static NTSTATUS dcesrv_lsa_GetSystemAccessAccount(struct dcesrv_call_state *dce_
int i;
NTSTATUS status;
struct lsa_EnumPrivsAccount enumPrivs;
struct lsa_PrivilegeSet *privs;
privs = talloc(mem_ctx, struct lsa_PrivilegeSet);
if (!privs) {
return NT_STATUS_NO_MEMORY;
}
privs->count = 0;
privs->unknown = 0;
privs->set = NULL;
enumPrivs.in.handle = r->in.handle;
enumPrivs.out.privs = &privs;
status = dcesrv_lsa_EnumPrivsAccount(dce_call, mem_ctx, &enumPrivs);
if (!NT_STATUS_IS_OK(status)) {
@ -2068,8 +2087,8 @@ static NTSTATUS dcesrv_lsa_GetSystemAccessAccount(struct dcesrv_call_state *dce_
*(r->out.access_mask) = 0x00000000;
for (i = 0; i < enumPrivs.out.privs->count; i++) {
int priv = enumPrivs.out.privs->set[i].luid.low;
for (i = 0; i < privs->count; i++) {
int priv = privs->set[i].luid.low;
switch (priv) {
case SEC_PRIV_INTERACTIVE_LOGON:
@ -2695,6 +2714,7 @@ static NTSTATUS dcesrv_lsa_LookupPrivName(struct dcesrv_call_state *dce_call,
{
struct dcesrv_handle *h;
struct lsa_policy_state *state;
struct lsa_StringLarge *name;
const char *privname;
DCESRV_PULL_HANDLE(h, r->in.handle, LSA_HANDLE_POLICY);
@ -2710,11 +2730,14 @@ static NTSTATUS dcesrv_lsa_LookupPrivName(struct dcesrv_call_state *dce_call,
return NT_STATUS_NO_SUCH_PRIVILEGE;
}
r->out.name = talloc(mem_ctx, struct lsa_StringLarge);
if (r->out.name == NULL) {
name = talloc(mem_ctx, struct lsa_StringLarge);
if (name == NULL) {
return NT_STATUS_NO_MEMORY;
}
r->out.name->string = privname;
name->string = privname;
*r->out.name = name;
return NT_STATUS_OK;
}
@ -2729,6 +2752,7 @@ static NTSTATUS dcesrv_lsa_LookupPrivDisplayName(struct dcesrv_call_state *dce_c
{
struct dcesrv_handle *h;
struct lsa_policy_state *state;
struct lsa_StringLarge *disp_name = NULL;
int id;
DCESRV_PULL_HANDLE(h, r->in.handle, LSA_HANDLE_POLICY);
@ -2740,16 +2764,19 @@ static NTSTATUS dcesrv_lsa_LookupPrivDisplayName(struct dcesrv_call_state *dce_c
return NT_STATUS_NO_SUCH_PRIVILEGE;
}
r->out.disp_name = talloc(mem_ctx, struct lsa_StringLarge);
if (r->out.disp_name == NULL) {
disp_name = talloc(mem_ctx, struct lsa_StringLarge);
if (disp_name == NULL) {
return NT_STATUS_NO_MEMORY;
}
r->out.disp_name->string = sec_privilege_display_name(id, r->in.language_id);
if (r->out.disp_name->string == NULL) {
disp_name->string = sec_privilege_display_name(id, &r->in.language_id);
if (disp_name->string == NULL) {
return NT_STATUS_INTERNAL_ERROR;
}
*r->out.disp_name = disp_name;
*r->out.returned_language_id = 0;
return NT_STATUS_OK;
}
@ -2875,19 +2902,23 @@ static NTSTATUS dcesrv_lsa_GetUserName(struct dcesrv_call_state *dce_call, TALLO
const char *account_name;
const char *authority_name;
struct lsa_String *_account_name;
struct lsa_StringPointer *_authority_name = NULL;
struct lsa_String *_authority_name = NULL;
/* this is what w2k3 does */
r->out.account_name = r->in.account_name;
r->out.authority_name = r->in.authority_name;
if (r->in.account_name && r->in.account_name->string) {
if (r->in.account_name
&& *r->in.account_name
/* && *(*r->in.account_name)->string */
) {
return NT_STATUS_INVALID_PARAMETER;
}
if (r->in.authority_name &&
r->in.authority_name->string &&
r->in.authority_name->string->string) {
if (r->in.authority_name
&& *r->in.authority_name
/* && *(*r->in.authority_name)->string */
) {
return NT_STATUS_INVALID_PARAMETER;
}
@ -2899,15 +2930,15 @@ static NTSTATUS dcesrv_lsa_GetUserName(struct dcesrv_call_state *dce_call, TALLO
_account_name->string = account_name;
if (r->in.authority_name) {
_authority_name = talloc(mem_ctx, struct lsa_StringPointer);
_authority_name = talloc(mem_ctx, struct lsa_String);
NT_STATUS_HAVE_NO_MEMORY(_authority_name);
_authority_name->string = talloc(mem_ctx, struct lsa_String);
NT_STATUS_HAVE_NO_MEMORY(_authority_name->string);
_authority_name->string->string = authority_name;
_authority_name->string = authority_name;
}
r->out.account_name = _account_name;
r->out.authority_name = _authority_name;
*r->out.account_name = _account_name;
if (r->out.authority_name) {
*r->out.authority_name = _authority_name;
}
return status;
}
@ -2930,19 +2961,21 @@ static NTSTATUS dcesrv_lsa_QueryDomainInformationPolicy(struct dcesrv_call_state
TALLOC_CTX *mem_ctx,
struct lsa_QueryDomainInformationPolicy *r)
{
r->out.info = talloc(mem_ctx, union lsa_DomainInformationPolicy);
if (!r->out.info) {
union lsa_DomainInformationPolicy *info;
info = talloc(r->out.info, union lsa_DomainInformationPolicy);
if (!info) {
return NT_STATUS_NO_MEMORY;
}
switch (r->in.level) {
case LSA_DOMAIN_INFO_POLICY_EFS:
talloc_free(r->out.info);
r->out.info = NULL;
talloc_free(info);
*r->out.info = NULL;
return NT_STATUS_OBJECT_NAME_NOT_FOUND;
case LSA_DOMAIN_INFO_POLICY_KERBEROS:
{
struct lsa_DomainInfoKerberos *k = &r->out.info->kerberos_info;
struct lsa_DomainInfoKerberos *k = &info->kerberos_info;
struct smb_krb5_context *smb_krb5_context;
int ret = smb_krb5_init_context(mem_ctx,
dce_call->event_ctx,
@ -2959,11 +2992,12 @@ static NTSTATUS dcesrv_lsa_QueryDomainInformationPolicy(struct dcesrv_call_state
k->user_tkt_renewaltime = 0; /* Need to find somewhere to store this, and query in KDC too */
k->clock_skew = krb5_get_max_time_skew(smb_krb5_context->krb5_context);
talloc_free(smb_krb5_context);
*r->out.info = info;
return NT_STATUS_OK;
}
default:
talloc_free(r->out.info);
r->out.info = NULL;
talloc_free(info);
*r->out.info = NULL;
return NT_STATUS_INVALID_INFO_CLASS;
}
}

34
source4/rpc_server/lsa/lsa_lookup.c
View File

@ -522,6 +522,7 @@ NTSTATUS dcesrv_lsa_LookupSids2(struct dcesrv_call_state *dce_call,
struct lsa_LookupSids2 *r)
{
struct lsa_policy_state *state;
struct lsa_RefDomainList *domains = NULL;
int i;
NTSTATUS status = NT_STATUS_OK;
@ -530,7 +531,7 @@ NTSTATUS dcesrv_lsa_LookupSids2(struct dcesrv_call_state *dce_call,
return NT_STATUS_INVALID_PARAMETER;
}
r->out.domains = NULL;
*r->out.domains = NULL;
/* NOTE: the WSPP test suite tries SIDs with invalid revision numbers,
and expects NT_STATUS_INVALID_PARAMETER back - we just treat it as
@ -543,10 +544,11 @@ NTSTATUS dcesrv_lsa_LookupSids2(struct dcesrv_call_state *dce_call,
return status;
}
r->out.domains = talloc_zero(mem_ctx, struct lsa_RefDomainList);
if (r->out.domains == NULL) {
domains = talloc_zero(r->out.domains, struct lsa_RefDomainList);
if (domains == NULL) {
return NT_STATUS_NO_MEMORY;
}
*r->out.domains = domains;
r->out.names = talloc_zero(mem_ctx, struct lsa_TransNameArray2);
if (r->out.names == NULL) {
@ -592,7 +594,7 @@ NTSTATUS dcesrv_lsa_LookupSids2(struct dcesrv_call_state *dce_call,
/* set up the authority table */
status2 = dcesrv_lsa_authority_list(state, mem_ctx, rtype,
authority_name, sid,
r->out.domains, &sid_index);
domains, &sid_index);
if (!NT_STATUS_IS_OK(status2)) {
continue;
}
@ -660,6 +662,7 @@ NTSTATUS dcesrv_lsa_LookupSids3(struct dcesrv_call_state *dce_call,
r2.in.unknown2 = r->in.unknown2;
r2.out.count = r->out.count;
r2.out.names = r->out.names;
r2.out.domains = r->out.domains;
status = dcesrv_lsa_LookupSids2(dce_call, mem_ctx, &r2);
@ -692,6 +695,7 @@ NTSTATUS dcesrv_lsa_LookupSids(struct dcesrv_call_state *dce_call, TALLOC_CTX *m
r2.in.unknown2 = 0;
r2.out.count = r->out.count;
r2.out.names = NULL;
r2.out.domains = r->out.domains;
status = dcesrv_lsa_LookupSids2(dce_call, mem_ctx, &r2);
/* we deliberately don't check for error from the above,
@ -734,6 +738,7 @@ NTSTATUS dcesrv_lsa_LookupNames3(struct dcesrv_call_state *dce_call,
struct dcesrv_handle *policy_handle;
int i;
struct loadparm_context *lp_ctx = dce_call->conn->dce_ctx->lp_ctx;
struct lsa_RefDomainList *domains;
DCESRV_PULL_HANDLE(policy_handle, r->in.handle, LSA_HANDLE_POLICY);
@ -744,12 +749,13 @@ NTSTATUS dcesrv_lsa_LookupNames3(struct dcesrv_call_state *dce_call,
policy_state = policy_handle->data;
r->out.domains = NULL;
*r->out.domains = NULL;
r->out.domains = talloc_zero(mem_ctx, struct lsa_RefDomainList);
if (r->out.domains == NULL) {
domains = talloc_zero(mem_ctx, struct lsa_RefDomainList);
if (domains == NULL) {
return NT_STATUS_NO_MEMORY;
}
*r->out.domains = domains;
r->out.sids = talloc_zero(mem_ctx, struct lsa_TransSidArray3);
if (r->out.sids == NULL) {
@ -785,7 +791,7 @@ NTSTATUS dcesrv_lsa_LookupNames3(struct dcesrv_call_state *dce_call,
}
status2 = dcesrv_lsa_authority_list(policy_state, mem_ctx, rtype, authority_name,
sid, r->out.domains, &sid_index);
sid, domains, &sid_index);
if (!NT_STATUS_IS_OK(status2)) {
continue;
}
@ -873,8 +879,9 @@ NTSTATUS dcesrv_lsa_LookupNames2(struct dcesrv_call_state *dce_call,
struct dcesrv_handle *h;
int i;
struct loadparm_context *lp_ctx = dce_call->conn->dce_ctx->lp_ctx;
struct lsa_RefDomainList *domains;
r->out.domains = NULL;
*r->out.domains = NULL;
DCESRV_PULL_HANDLE(h, r->in.handle, LSA_HANDLE_POLICY);
@ -885,10 +892,11 @@ NTSTATUS dcesrv_lsa_LookupNames2(struct dcesrv_call_state *dce_call,
state = h->data;
r->out.domains = talloc_zero(mem_ctx, struct lsa_RefDomainList);
if (r->out.domains == NULL) {
domains = talloc_zero(mem_ctx, struct lsa_RefDomainList);
if (domains == NULL) {
return NT_STATUS_NO_MEMORY;
}
*r->out.domains = domains;
r->out.sids = talloc_zero(mem_ctx, struct lsa_TransSidArray2);
if (r->out.sids == NULL) {
@ -927,7 +935,7 @@ NTSTATUS dcesrv_lsa_LookupNames2(struct dcesrv_call_state *dce_call,
}
status2 = dcesrv_lsa_authority_list(state, mem_ctx, rtype, authority_name,
sid, r->out.domains, &sid_index);
sid, domains, &sid_index);
if (!NT_STATUS_IS_OK(status2)) {
continue;
}
@ -971,13 +979,13 @@ NTSTATUS dcesrv_lsa_LookupNames(struct dcesrv_call_state *dce_call, TALLOC_CTX *
r2.in.lookup_options = 0;
r2.in.client_revision = 0;
r2.out.count = r->out.count;
r2.out.domains = r->out.domains;
status = dcesrv_lsa_LookupNames2(dce_call, mem_ctx, &r2);
if (r2.out.sids == NULL) {
return status;
}
r->out.domains = r2.out.domains;
r->out.sids = talloc(mem_ctx, struct lsa_TransSidArray);
if (r->out.sids == NULL) {
return NT_STATUS_NO_MEMORY;

34
source4/torture/ndr/lsa.c
View File

@ -428,11 +428,12 @@ static const uint8_t lsarlookupnames_out_data[] = {
static bool lsarlookupnames_out_check(struct torture_context *tctx,
struct lsa_LookupNames *r)
{
struct lsa_RefDomainList *domains = *(r->out.domains);
torture_assert(tctx, r->out.domains != NULL, "domains ptr");
torture_assert_int_equal(tctx, r->out.domains->count, 1, "domains count");
torture_assert_int_equal(tctx, r->out.domains->max_size, 32, "domains size");
torture_assert(tctx, r->out.domains->domains != NULL, "domains domains");
torture_assert_str_equal(tctx, r->out.domains->domains[0].name.string, "BUILTIN", "domain name");
torture_assert_int_equal(tctx, domains->count, 1, "domains count");
torture_assert_int_equal(tctx, domains->max_size, 32, "domains size");
torture_assert(tctx, domains->domains != NULL, "domains domains");
torture_assert_str_equal(tctx, domains->domains[0].name.string, "BUILTIN", "domain name");
/* FIXME: SID */
torture_assert(tctx, r->out.count != NULL, "count ptr");
torture_assert_int_equal(tctx, *r->out.count, 100, "count");
@ -1014,11 +1015,12 @@ static const uint8_t lsarlookupsids_out_data[] = {
static bool lsarlookupsids_out_check(struct torture_context *tctx,
struct lsa_LookupSids *r)
{
torture_assert(tctx, r->out.domains != NULL, "domains");
torture_assert_int_equal(tctx, r->out.domains->count, 1, "domains count");
torture_assert_int_equal(tctx, r->out.domains->max_size, 32, "domains size");
torture_assert(tctx, r->out.domains->domains != NULL, "domains domains");
torture_assert_str_equal(tctx, r->out.domains->domains[0].name.string, "BUILTIN", "name");
struct lsa_RefDomainList *domains = *(r->out.domains);
torture_assert(tctx, domains != NULL, "domains");
torture_assert_int_equal(tctx, domains->count, 1, "domains count");
torture_assert_int_equal(tctx, domains->max_size, 32, "domains size");
torture_assert(tctx, domains->domains != NULL, "domains domains");
torture_assert_str_equal(tctx, domains->domains[0].name.string, "BUILTIN", "name");
torture_assert_ntstatus_ok(tctx, r->out.result, "return code");
return true;
}
@ -1474,12 +1476,13 @@ static const uint8_t lsarlookupsids2_out_data[] = {
static bool lsarlookupsids2_out_check(struct torture_context *tctx,
struct lsa_LookupSids2 *r)
{
struct lsa_RefDomainList *domains = *(r->out.domains);
/* FIXME: Handle */
torture_assert(tctx, r->out.names != NULL, "names ptr");
torture_assert(tctx, r->out.domains != NULL, "domains ptr");
torture_assert_int_equal(tctx, r->out.domains->count, 4, "domains count");
torture_assert_int_equal(tctx, r->out.domains->max_size, 32, "domains size");
torture_assert_str_equal(tctx, r->out.domains->domains[0].name.string, "NT AUTHORITY", "trust info name");
torture_assert_int_equal(tctx, domains->count, 4, "domains count");
torture_assert_int_equal(tctx, domains->max_size, 32, "domains size");
torture_assert_str_equal(tctx, domains->domains[0].name.string, "NT AUTHORITY", "trust info name");
torture_assert_int_equal(tctx, r->out.names->count, 7, "names count");
torture_assert_str_equal(tctx, r->out.names->names[0].name.string, "Account Operators", "name str 1");
torture_assert_str_equal(tctx, r->out.names->names[1].name.string, "Administrators", "name str 2");
@ -1749,12 +1752,13 @@ static const uint8_t lsarlookupsids3_out_data[] = {
static bool lsarlookupsids3_out_check(struct torture_context *tctx,
struct lsa_LookupSids3 *r)
{
struct lsa_RefDomainList *domains = *(r->out.domains);
/* FIXME: Handle */
torture_assert(tctx, r->out.names != NULL, "names ptr");
torture_assert(tctx, r->out.domains != NULL, "domains ptr");
torture_assert_int_equal(tctx, r->out.domains->count, 4, "domains count");
torture_assert_int_equal(tctx, r->out.domains->max_size, 32, "domains size");
torture_assert_str_equal(tctx, r->out.domains->domains[0].name.string, "NT AUTHORITY", "trust info name");
torture_assert_int_equal(tctx, domains->count, 4, "domains count");
torture_assert_int_equal(tctx, domains->max_size, 32, "domains size");
torture_assert_str_equal(tctx, domains->domains[0].name.string, "NT AUTHORITY", "trust info name");
torture_assert_int_equal(tctx, r->out.names->count, 7, "names count");
torture_assert_str_equal(tctx, r->out.names->names[0].name.string, "Account Operators", "name str 1");
torture_assert_str_equal(tctx, r->out.names->names[1].name.string, "Administrators", "name str 2");

2
source4/torture/rpc/handles.c
View File

@ -109,6 +109,7 @@ static bool test_handles_lsa_shared(struct torture_context *torture)
struct lsa_OpenPolicy r;
struct lsa_Close c;
struct lsa_QuerySecurity qsec;
struct sec_desc_buf *sdbuf = NULL;
uint16_t system_name = '\\';
TALLOC_CTX *mem_ctx = talloc_new(torture);
enum dcerpc_transport_t transport;
@ -167,6 +168,7 @@ static bool test_handles_lsa_shared(struct torture_context *torture)
qsec.in.handle = &handle;
qsec.in.sec_info = 0;
qsec.out.sdbuf = &sdbuf;
c.in.handle = &handle;
c.out.handle = &handle2;

159
source4/torture/rpc/lsa.c
View File

@ -153,6 +153,7 @@ static bool test_LookupNames(struct dcerpc_pipe *p,
{
struct lsa_LookupNames r;
struct lsa_TransSidArray sids;
struct lsa_RefDomainList *domains = NULL;
struct lsa_String *names;
uint32_t count = 0;
NTSTATUS status;
@ -176,6 +177,7 @@ static bool test_LookupNames(struct dcerpc_pipe *p,
r.in.count = &count;
r.out.count = &count;
r.out.sids = &sids;
r.out.domains = &domains;
status = dcerpc_lsa_LookupNames(p, mem_ctx, &r);
@ -217,6 +219,7 @@ static bool test_LookupNames_bogus(struct dcerpc_pipe *p,
{
struct lsa_LookupNames r;
struct lsa_TransSidArray sids;
struct lsa_RefDomainList *domains = NULL;
struct lsa_String *names;
uint32_t count = 0;
NTSTATUS status;
@ -248,6 +251,7 @@ static bool test_LookupNames_bogus(struct dcerpc_pipe *p,
r.in.count = &count;
r.out.count = &count;
r.out.sids = &sids;
r.out.domains = &domains;
status = dcerpc_lsa_LookupNames(p, mem_ctx, &r);
if (!NT_STATUS_EQUAL(status, NT_STATUS_NONE_MAPPED)) {
@ -317,6 +321,7 @@ static bool test_LookupNames2(struct dcerpc_pipe *p,
{
struct lsa_LookupNames2 r;
struct lsa_TransSidArray2 sids;
struct lsa_RefDomainList *domains = NULL;
struct lsa_String *names;
uint32_t count = 0;
NTSTATUS status;
@ -342,6 +347,7 @@ static bool test_LookupNames2(struct dcerpc_pipe *p,
r.in.client_revision = 0;
r.out.count = &count;
r.out.sids = &sids;
r.out.domains = &domains;
status = dcerpc_lsa_LookupNames2(p, mem_ctx, &r);
if (!NT_STATUS_IS_OK(status)) {
@ -362,6 +368,7 @@ static bool test_LookupNames3(struct dcerpc_pipe *p,
{
struct lsa_LookupNames3 r;
struct lsa_TransSidArray3 sids;
struct lsa_RefDomainList *domains = NULL;
struct lsa_String *names;
uint32_t count = 0;
NTSTATUS status;
@ -387,6 +394,7 @@ static bool test_LookupNames3(struct dcerpc_pipe *p,
r.in.client_revision = 0;
r.out.count = &count;
r.out.sids = &sids;
r.out.domains = &domains;
status = dcerpc_lsa_LookupNames3(p, mem_ctx, &r);
if (!NT_STATUS_IS_OK(status)) {
@ -405,6 +413,7 @@ static bool test_LookupNames4(struct dcerpc_pipe *p,
{
struct lsa_LookupNames4 r;
struct lsa_TransSidArray3 sids;
struct lsa_RefDomainList *domains = NULL;
struct lsa_String *names;
uint32_t count = 0;
NTSTATUS status;
@ -429,6 +438,7 @@ static bool test_LookupNames4(struct dcerpc_pipe *p,
r.in.client_revision = 0;
r.out.count = &count;
r.out.sids = &sids;
r.out.domains = &domains;
status = dcerpc_lsa_LookupNames4(p, mem_ctx, &r);
if (!NT_STATUS_IS_OK(status)) {
@ -449,6 +459,7 @@ static bool test_LookupSids(struct dcerpc_pipe *p,
{
struct lsa_LookupSids r;
struct lsa_TransNameArray names;
struct lsa_RefDomainList *domains = NULL;
uint32_t count = sids->num_sids;
NTSTATUS status;
@ -464,6 +475,7 @@ static bool test_LookupSids(struct dcerpc_pipe *p,
r.in.count = &count;
r.out.count = &count;
r.out.names = &names;
r.out.domains = &domains;
status = dcerpc_lsa_LookupSids(p, mem_ctx, &r);
if (!NT_STATUS_IS_OK(status)) {
@ -488,6 +500,7 @@ static bool test_LookupSids2(struct dcerpc_pipe *p,
{
struct lsa_LookupSids2 r;
struct lsa_TransNameArray2 names;
struct lsa_RefDomainList *domains = NULL;
uint32_t count = sids->num_sids;
NTSTATUS status;
@ -505,6 +518,7 @@ static bool test_LookupSids2(struct dcerpc_pipe *p,
r.in.unknown2 = 0;
r.out.count = &count;
r.out.names = &names;
r.out.domains = &domains;
status = dcerpc_lsa_LookupSids2(p, mem_ctx, &r);
if (!NT_STATUS_IS_OK(status)) {
@ -531,6 +545,7 @@ static bool test_LookupSids3(struct dcerpc_pipe *p,
{
struct lsa_LookupSids3 r;
struct lsa_TransNameArray2 names;
struct lsa_RefDomainList *domains = NULL;
uint32_t count = sids->num_sids;
NTSTATUS status;
@ -545,6 +560,7 @@ static bool test_LookupSids3(struct dcerpc_pipe *p,
r.in.count = &count;
r.in.unknown1 = 0;
r.in.unknown2 = 0;
r.out.domains = &domains;
r.out.count = &count;
r.out.names = &names;
@ -594,6 +610,7 @@ bool test_many_LookupSids(struct dcerpc_pipe *p,
if (handle) {
struct lsa_LookupSids r;
struct lsa_TransNameArray names;
struct lsa_RefDomainList *domains = NULL;
names.count = 0;
names.names = NULL;
@ -604,6 +621,7 @@ bool test_many_LookupSids(struct dcerpc_pipe *p,
r.in.count = &names.count;
r.out.count = &count;
r.out.names = &names;
r.out.domains = &domains;
status = dcerpc_lsa_LookupSids(p, mem_ctx, &r);
if (!NT_STATUS_IS_OK(status)) {
@ -619,6 +637,7 @@ bool test_many_LookupSids(struct dcerpc_pipe *p,
} else if (p->conn->security_state.auth_info->auth_type == DCERPC_AUTH_TYPE_SCHANNEL &&
p->conn->security_state.auth_info->auth_level >= DCERPC_AUTH_LEVEL_INTEGRITY) {
struct lsa_LookupSids3 r;
struct lsa_RefDomainList *domains = NULL;
struct lsa_TransNameArray2 names;
names.count = 0;
@ -634,6 +653,7 @@ bool test_many_LookupSids(struct dcerpc_pipe *p,
r.in.unknown2 = 0;
r.out.count = &count;
r.out.names = &names;
r.out.domains = &domains;
status = dcerpc_lsa_LookupSids3(p, mem_ctx, &r);
if (!NT_STATUS_IS_OK(status)) {
@ -683,6 +703,7 @@ static bool test_LookupSids_async(struct dcerpc_pipe *p,
uint32_t *count;
struct lsa_TransNameArray *names;
struct lsa_LookupSids *r;
struct lsa_RefDomainList *domains = NULL;
struct rpc_request **req;
int i, replies;
bool ret = true;
@ -714,6 +735,7 @@ static bool test_LookupSids_async(struct dcerpc_pipe *p,
r[i].in.count = &names[i].count;
r[i].out.count = &count[i];
r[i].out.names = &names[i];
r[i].out.domains = &domains;
req[i] = dcerpc_lsa_LookupSids_send(p, req, &r[i]);
if (req[i] == NULL) {
@ -767,9 +789,11 @@ static bool test_LookupPrivName(struct dcerpc_pipe *p,
{
NTSTATUS status;
struct lsa_LookupPrivName r;
struct lsa_StringLarge *name = NULL;
r.in.handle = handle;
r.in.luid = luid;
r.out.name = &name;
status = dcerpc_lsa_LookupPrivName(p, mem_ctx, &r);
if (!NT_STATUS_IS_OK(status)) {
@ -807,9 +831,11 @@ static bool test_RemovePrivilegesFromAccount(struct dcerpc_pipe *p,
if (!NT_STATUS_IS_OK(status)) {
struct lsa_LookupPrivName r_name;
struct lsa_StringLarge *name = NULL;
r_name.in.handle = handle;
r_name.in.luid = luid;
r_name.out.name = &name;
status = dcerpc_lsa_LookupPrivName(p, mem_ctx, &r_name);
if (!NT_STATUS_IS_OK(status)) {
@ -817,12 +843,12 @@ static bool test_RemovePrivilegesFromAccount(struct dcerpc_pipe *p,
return false;
}
/* Windows 2008 does not allow this to be removed */
if (strcmp("SeAuditPrivilege", r_name.out.name->string) == 0) {
if (strcmp("SeAuditPrivilege", name->string) == 0) {
return ret;
}
printf("RemovePrivilegesFromAccount failed to remove %s - %s\n",
r_name.out.name->string,
name->string,
nt_errstr(status));
return false;
}
@ -867,11 +893,13 @@ static bool test_EnumPrivsAccount(struct dcerpc_pipe *p,
{
NTSTATUS status;
struct lsa_EnumPrivsAccount r;
struct lsa_PrivilegeSet *privs = NULL;
bool ret = true;
printf("\nTesting EnumPrivsAccount\n");
r.in.handle = acct_handle;
r.out.privs = &privs;
status = dcerpc_lsa_EnumPrivsAccount(p, mem_ctx, &r);
if (!NT_STATUS_IS_OK(status)) {
@ -879,17 +907,17 @@ static bool test_EnumPrivsAccount(struct dcerpc_pipe *p,
return false;
}
if (r.out.privs && r.out.privs->count > 0) {
if (privs && privs->count > 0) {
int i;
for (i=0;i<r.out.privs->count;i++) {
for (i=0;i<privs->count;i++) {
test_LookupPrivName(p, mem_ctx, handle,
&r.out.privs->set[i].luid);
&privs->set[i].luid);
}
ret &= test_RemovePrivilegesFromAccount(p, mem_ctx, handle, acct_handle,
&r.out.privs->set[0].luid);
&privs->set[0].luid);
ret &= test_AddPrivilegesToAccount(p, mem_ctx, acct_handle,
&r.out.privs->set[0].luid);
&privs->set[0].luid);
}
return ret;
@ -1462,6 +1490,7 @@ static bool test_QuerySecurity(struct dcerpc_pipe *p,
{
NTSTATUS status;
struct lsa_QuerySecurity r;
struct sec_desc_buf *sdbuf = NULL;
if (torture_setting_bool(tctx, "samba4", false)) {
printf("\nskipping QuerySecurity test against Samba4\n");
@ -1472,6 +1501,7 @@ static bool test_QuerySecurity(struct dcerpc_pipe *p,
r.in.handle = acct_handle;
r.in.sec_info = 7;
r.out.sdbuf = &sdbuf;
status = dcerpc_lsa_QuerySecurity(p, tctx, &r);
if (!NT_STATUS_IS_OK(status)) {
@ -1602,14 +1632,17 @@ static bool test_LookupPrivDisplayName(struct dcerpc_pipe *p,
/* produce a reasonable range of language output without screwing up
terminals */
uint16_t language_id = (random() % 4) + 0x409;
uint16_t returned_language_id = 0;
struct lsa_StringLarge *disp_name = NULL;
printf("\nTesting LookupPrivDisplayName(%s)\n", priv_name->string);
r.in.handle = handle;
r.in.name = priv_name;
r.in.language_id = &language_id;
r.out.language_id = &language_id;
r.in.unknown = 0;
r.in.language_id = language_id;
r.in.language_id_sys = 0;
r.out.returned_language_id = &returned_language_id;
r.out.disp_name = &disp_name;
status = dcerpc_lsa_LookupPrivDisplayName(p, mem_ctx, &r);
if (!NT_STATUS_IS_OK(status)) {
@ -1617,8 +1650,8 @@ static bool test_LookupPrivDisplayName(struct dcerpc_pipe *p,
return false;
}
printf("%s -> \"%s\" (language 0x%x/0x%x)\n",
priv_name->string, r.out.disp_name->string,
*r.in.language_id, *r.out.language_id);
priv_name->string, disp_name->string,
r.in.language_id, *r.out.returned_language_id);
return true;
}
@ -1794,7 +1827,7 @@ static bool test_query_each_TrustDom(struct dcerpc_pipe *p,
for (j=0; j < ARRAY_SIZE(levels); j++) {
struct lsa_QueryTrustedDomainInfo q;
union lsa_TrustedDomainInfo info;
union lsa_TrustedDomainInfo *info = NULL;
q.in.trustdom_handle = &trustdom_handle;
q.in.level = levels[j];
q.out.info = &info;
@ -1827,7 +1860,7 @@ static bool test_query_each_TrustDom(struct dcerpc_pipe *p,
for (j=0; j < ARRAY_SIZE(levels); j++) {
struct lsa_QueryTrustedDomainInfoBySid q;
union lsa_TrustedDomainInfo info;
union lsa_TrustedDomainInfo *info = NULL;
if (!domains->domains[i].sid) {
continue;
@ -1837,6 +1870,7 @@ static bool test_query_each_TrustDom(struct dcerpc_pipe *p,
q.in.dom_sid = domains->domains[i].sid;
q.in.level = levels[j];
q.out.info = &info;
status = dcerpc_lsa_QueryTrustedDomainInfoBySid(p, mem_ctx, &q);
if (!NT_STATUS_IS_OK(status) && ok[j]) {
printf("QueryTrustedDomainInfoBySid level %d failed - %s\n",
@ -1864,7 +1898,7 @@ static bool test_query_each_TrustDom(struct dcerpc_pipe *p,
for (j=0; j < ARRAY_SIZE(levels); j++) {
struct lsa_QueryTrustedDomainInfo q;
union lsa_TrustedDomainInfo info;
union lsa_TrustedDomainInfo *info = NULL;
q.in.trustdom_handle = &trustdom_handle;
q.in.level = levels[j];
q.out.info = &info;
@ -1891,9 +1925,13 @@ static bool test_query_each_TrustDom(struct dcerpc_pipe *p,
for (j=0; j < ARRAY_SIZE(levels); j++) {
struct lsa_QueryTrustedDomainInfoByName q;
union lsa_TrustedDomainInfo info;
union lsa_TrustedDomainInfo *info = NULL;
struct lsa_String name;
name.string = domains->domains[i].name.string;
q.in.handle = handle;
q.in.trusted_domain.string = domains->domains[i].name.string;
q.in.trusted_domain = &name;
q.in.level = levels[j];
q.out.info = &info;
status = dcerpc_lsa_QueryTrustedDomainInfoByName(p, mem_ctx, &q);
@ -2055,6 +2093,7 @@ static bool test_CreateTrustedDomain(struct dcerpc_pipe *p,
struct dom_sid *domsid[12];
struct policy_handle trustdom_handle[12];
struct lsa_QueryTrustedDomainInfo q;
union lsa_TrustedDomainInfo *info = NULL;
int i;
printf("\nTesting CreateTrustedDomain for 12 domains\n");
@ -2089,6 +2128,7 @@ static bool test_CreateTrustedDomain(struct dcerpc_pipe *p,
q.in.trustdom_handle = &trustdom_handle[i];
q.in.level = LSA_TRUSTED_DOMAIN_INFO_INFO_EX;
q.out.info = &info;
status = dcerpc_lsa_QueryTrustedDomainInfo(p, mem_ctx, &q);
if (!NT_STATUS_IS_OK(status)) {
printf("QueryTrustedDomainInfo level 1 failed - %s\n", nt_errstr(status));
@ -2096,24 +2136,24 @@ static bool test_CreateTrustedDomain(struct dcerpc_pipe *p,
} else if (!q.out.info) {
ret = false;
} else {
if (strcmp(q.out.info->info_ex.netbios_name.string, trustinfo.name.string) != 0) {
if (strcmp(info->info_ex.netbios_name.string, trustinfo.name.string) != 0) {
printf("QueryTrustedDomainInfo returned inconsistant short name: %s != %s\n",
q.out.info->info_ex.netbios_name.string, trustinfo.name.string);
info->info_ex.netbios_name.string, trustinfo.name.string);
ret = false;
}
if (q.out.info->info_ex.trust_type != LSA_TRUST_TYPE_DOWNLEVEL) {
if (info->info_ex.trust_type != LSA_TRUST_TYPE_DOWNLEVEL) {
printf("QueryTrustedDomainInfo of %s returned incorrect trust type %d != %d\n",
trust_name, q.out.info->info_ex.trust_type, LSA_TRUST_TYPE_DOWNLEVEL);
trust_name, info->info_ex.trust_type, LSA_TRUST_TYPE_DOWNLEVEL);
ret = false;
}
if (q.out.info->info_ex.trust_attributes != 0) {
if (info->info_ex.trust_attributes != 0) {
printf("QueryTrustedDomainInfo of %s returned incorrect trust attributes %d != %d\n",
trust_name, q.out.info->info_ex.trust_attributes, 0);
trust_name, info->info_ex.trust_attributes, 0);
ret = false;
}
if (q.out.info->info_ex.trust_direction != LSA_TRUST_DIRECTION_OUTBOUND) {
if (info->info_ex.trust_direction != LSA_TRUST_DIRECTION_OUTBOUND) {
printf("QueryTrustedDomainInfo of %s returned incorrect trust direction %d != %d\n",
trust_name, q.out.info->info_ex.trust_direction, LSA_TRUST_DIRECTION_OUTBOUND);
trust_name, info->info_ex.trust_direction, LSA_TRUST_DIRECTION_OUTBOUND);
ret = false;
}
}
@ -2149,6 +2189,7 @@ static bool test_CreateTrustedDomainEx2(struct dcerpc_pipe *p,
struct dom_sid *domsid[12];
struct policy_handle trustdom_handle[12];
struct lsa_QueryTrustedDomainInfo q;
union lsa_TrustedDomainInfo *info = NULL;
DATA_BLOB session_key;
enum ndr_err_code ndr_err;
int i;
@ -2221,6 +2262,7 @@ static bool test_CreateTrustedDomainEx2(struct dcerpc_pipe *p,
q.in.trustdom_handle = &trustdom_handle[i];
q.in.level = LSA_TRUSTED_DOMAIN_INFO_INFO_EX;
q.out.info = &info;
status = dcerpc_lsa_QueryTrustedDomainInfo(p, mem_ctx, &q);
if (!NT_STATUS_IS_OK(status)) {
printf("QueryTrustedDomainInfo level 1 failed - %s\n", nt_errstr(status));
@ -2229,24 +2271,24 @@ static bool test_CreateTrustedDomainEx2(struct dcerpc_pipe *p,
printf("QueryTrustedDomainInfo level 1 failed to return an info pointer\n");
ret = false;
} else {
if (strcmp(q.out.info->info_ex.netbios_name.string, trustinfo.netbios_name.string) != 0) {
if (strcmp(info->info_ex.netbios_name.string, trustinfo.netbios_name.string) != 0) {
printf("QueryTrustedDomainInfo returned inconsistant short name: %s != %s\n",
q.out.info->info_ex.netbios_name.string, trustinfo.netbios_name.string);
info->info_ex.netbios_name.string, trustinfo.netbios_name.string);
ret = false;
}
if (q.out.info->info_ex.trust_type != trustinfo.trust_type) {
if (info->info_ex.trust_type != trustinfo.trust_type) {
printf("QueryTrustedDomainInfo of %s returned incorrect trust type %d != %d\n",
trust_name, q.out.info->info_ex.trust_type, trustinfo.trust_type);
trust_name, info->info_ex.trust_type, trustinfo.trust_type);
ret = false;
}
if (q.out.info->info_ex.trust_attributes != LSA_TRUST_ATTRIBUTE_USES_RC4_ENCRYPTION) {
if (info->info_ex.trust_attributes != LSA_TRUST_ATTRIBUTE_USES_RC4_ENCRYPTION) {
printf("QueryTrustedDomainInfo of %s returned incorrect trust attributes %d != %d\n",
trust_name, q.out.info->info_ex.trust_attributes, LSA_TRUST_ATTRIBUTE_USES_RC4_ENCRYPTION);
trust_name, info->info_ex.trust_attributes, LSA_TRUST_ATTRIBUTE_USES_RC4_ENCRYPTION);
ret = false;
}
if (q.out.info->info_ex.trust_direction != trustinfo.trust_direction) {
if (info->info_ex.trust_direction != trustinfo.trust_direction) {
printf("QueryTrustedDomainInfo of %s returned incorrect trust direction %d != %d\n",
trust_name, q.out.info->info_ex.trust_direction, trustinfo.trust_direction);
trust_name, info->info_ex.trust_direction, trustinfo.trust_direction);
ret = false;
}
}
@ -2274,6 +2316,7 @@ static bool test_QueryDomainInfoPolicy(struct dcerpc_pipe *p,
struct policy_handle *handle)
{
struct lsa_QueryDomainInformationPolicy r;
union lsa_DomainInformationPolicy *info = NULL;
NTSTATUS status;
int i;
bool ret = true;
@ -2283,6 +2326,7 @@ static bool test_QueryDomainInfoPolicy(struct dcerpc_pipe *p,
for (i=2;i<4;i++) {
r.in.handle = handle;
r.in.level = i;
r.out.info = &info;
printf("\nTrying QueryDomainInformationPolicy level %d\n", i);
@ -2308,6 +2352,7 @@ static bool test_QueryInfoPolicyCalls( bool version2,
struct policy_handle *handle)
{
struct lsa_QueryInfoPolicy r;
union lsa_PolicyInformation *info = NULL;
NTSTATUS status;
int i;
bool ret = true;
@ -2320,6 +2365,7 @@ static bool test_QueryInfoPolicyCalls( bool version2,
for (i=1;i<=14;i++) {
r.in.handle = handle;
r.in.level = i;
r.out.info = &info;
if (version2)
printf("\nTrying QueryInfoPolicy2 level %d\n", i);
@ -2389,33 +2435,33 @@ static bool test_QueryInfoPolicyCalls( bool version2,
struct lsa_TransNameArray tnames;
tnames.count = 14;
tnames.names = talloc_zero_array(tctx, struct lsa_TranslatedName, tnames.count);
tnames.names[0].name.string = r.out.info->dns.name.string;
tnames.names[0].name.string = info->dns.name.string;
tnames.names[0].sid_type = SID_NAME_DOMAIN;
tnames.names[1].name.string = r.out.info->dns.dns_domain.string;
tnames.names[1].name.string = info->dns.dns_domain.string;
tnames.names[1].sid_type = SID_NAME_DOMAIN;
tnames.names[2].name.string = talloc_asprintf(tctx, "%s\\", r.out.info->dns.name.string);
tnames.names[2].name.string = talloc_asprintf(tctx, "%s\\", info->dns.name.string);
tnames.names[2].sid_type = SID_NAME_DOMAIN;
tnames.names[3].name.string = talloc_asprintf(tctx, "%s\\", r.out.info->dns.dns_domain.string);
tnames.names[3].name.string = talloc_asprintf(tctx, "%s\\", info->dns.dns_domain.string);
tnames.names[3].sid_type = SID_NAME_DOMAIN;
tnames.names[4].name.string = talloc_asprintf(tctx, "%s\\guest", r.out.info->dns.name.string);
tnames.names[4].name.string = talloc_asprintf(tctx, "%s\\guest", info->dns.name.string);
tnames.names[4].sid_type = SID_NAME_USER;
tnames.names[5].name.string = talloc_asprintf(tctx, "%s\\krbtgt", r.out.info->dns.name.string);
tnames.names[5].name.string = talloc_asprintf(tctx, "%s\\krbtgt", info->dns.name.string);
tnames.names[5].sid_type = SID_NAME_USER;
tnames.names[6].name.string = talloc_asprintf(tctx, "%s\\guest", r.out.info->dns.dns_domain.string);
tnames.names[6].name.string = talloc_asprintf(tctx, "%s\\guest", info->dns.dns_domain.string);
tnames.names[6].sid_type = SID_NAME_USER;
tnames.names[7].name.string = talloc_asprintf(tctx, "%s\\krbtgt", r.out.info->dns.dns_domain.string);
tnames.names[7].name.string = talloc_asprintf(tctx, "%s\\krbtgt", info->dns.dns_domain.string);
tnames.names[7].sid_type = SID_NAME_USER;
tnames.names[8].name.string = talloc_asprintf(tctx, "krbtgt@%s", r.out.info->dns.name.string);
tnames.names[8].name.string = talloc_asprintf(tctx, "krbtgt@%s", info->dns.name.string);
tnames.names[8].sid_type = SID_NAME_USER;
tnames.names[9].name.string = talloc_asprintf(tctx, "krbtgt@%s", r.out.info->dns.dns_domain.string);
tnames.names[9].name.string = talloc_asprintf(tctx, "krbtgt@%s", info->dns.dns_domain.string);
tnames.names[9].sid_type = SID_NAME_USER;
tnames.names[10].name.string = talloc_asprintf(tctx, "%s\\"TEST_MACHINENAME "$", r.out.info->dns.name.string);
tnames.names[10].name.string = talloc_asprintf(tctx, "%s\\"TEST_MACHINENAME "$", info->dns.name.string);
tnames.names[10].sid_type = SID_NAME_USER;
tnames.names[11].name.string = talloc_asprintf(tctx, "%s\\"TEST_MACHINENAME "$", r.out.info->dns.dns_domain.string);
tnames.names[11].name.string = talloc_asprintf(tctx, "%s\\"TEST_MACHINENAME "$", info->dns.dns_domain.string);
tnames.names[11].sid_type = SID_NAME_USER;
tnames.names[12].name.string = talloc_asprintf(tctx, TEST_MACHINENAME "$@%s", r.out.info->dns.name.string);
tnames.names[12].name.string = talloc_asprintf(tctx, TEST_MACHINENAME "$@%s", info->dns.name.string);
tnames.names[12].sid_type = SID_NAME_USER;
tnames.names[13].name.string = talloc_asprintf(tctx, TEST_MACHINENAME "$@%s", r.out.info->dns.dns_domain.string);
tnames.names[13].name.string = talloc_asprintf(tctx, TEST_MACHINENAME "$@%s", info->dns.dns_domain.string);
tnames.names[13].sid_type = SID_NAME_USER;
ret &= test_LookupNames(p, tctx, handle, &tnames);
@ -2444,14 +2490,27 @@ static bool test_GetUserName(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx)
struct lsa_GetUserName r;
NTSTATUS status;
bool ret = true;
struct lsa_StringPointer authority_name_p;
struct lsa_String *authority_name_p = NULL;
struct lsa_String *account_name_p = NULL;
printf("\nTesting GetUserName\n");
r.in.system_name = "\\";
r.in.account_name = NULL;
r.in.account_name = &account_name_p;
r.in.authority_name = NULL;
r.out.account_name = &account_name_p;
status = dcerpc_lsa_GetUserName(p, mem_ctx, &r);
if (!NT_STATUS_IS_OK(status)) {
printf("GetUserName failed - %s\n", nt_errstr(status));
ret = false;
}
account_name_p = NULL;
r.in.account_name = &account_name_p;
r.in.authority_name = &authority_name_p;
authority_name_p.string = NULL;
r.out.account_name = &account_name_p;
status = dcerpc_lsa_GetUserName(p, mem_ctx, &r);

11
source4/torture/rpc/lsa_lookup.c
View File

@ -66,15 +66,17 @@ static bool get_domainsid(TALLOC_CTX *mem_ctx, struct dcerpc_pipe *p,
struct dom_sid **sid)
{
struct lsa_QueryInfoPolicy r;
union lsa_PolicyInformation *info = NULL;
NTSTATUS status;
r.in.level = LSA_POLICY_INFO_DOMAIN;
r.in.handle = handle;
r.out.info = &info;
status = dcerpc_lsa_QueryInfoPolicy(p, mem_ctx, &r);
if (!NT_STATUS_IS_OK(status)) return false;
*sid = r.out.info->domain.sid;
*sid = info->domain.sid;
return true;
}
@ -192,6 +194,7 @@ static bool get_downleveltrust(struct torture_context *tctx, struct dcerpc_pipe
for (i=0; i<domains.count; i++) {
struct lsa_QueryTrustedDomainInfoBySid q;
union lsa_TrustedDomainInfo *info = NULL;
if (domains.domains[i].sid == NULL)
continue;
@ -199,11 +202,13 @@ static bool get_downleveltrust(struct torture_context *tctx, struct dcerpc_pipe
q.in.handle = handle;
q.in.dom_sid = domains.domains[i].sid;
q.in.level = 6;
q.out.info = &info;
status = dcerpc_lsa_QueryTrustedDomainInfoBySid(p, tctx, &q);
if (!NT_STATUS_IS_OK(status)) continue;
if ((q.out.info->info_ex.trust_direction & 2) &&
(q.out.info->info_ex.trust_type == 1)) {
if ((info->info_ex.trust_direction & 2) &&
(info->info_ex.trust_type == 1)) {
*sid = domains.domains[i].sid;
return true;
}

8
source4/torture/rpc/object_uuid.c
View File

@ -39,7 +39,8 @@ static bool test_random_uuid(struct torture_context *torture)
struct GUID uuid;
struct dssetup_DsRoleGetPrimaryDomainInformation r1;
struct lsa_GetUserName r2;
struct lsa_StringPointer authority_name_p;
struct lsa_String *authority_name_p = NULL;
struct lsa_String *account_name_p = NULL;
torture_comment(torture, "RPC-OBJECTUUID-RANDOM\n");
@ -63,9 +64,10 @@ static bool test_random_uuid(struct torture_context *torture)
uuid = GUID_random();
r2.in.system_name = "\\";
r2.in.account_name = NULL;
r2.in.account_name = &account_name_p;
r2.in.authority_name = &authority_name_p;
authority_name_p.string = NULL;
r2.out.account_name = &account_name_p;
r2.out.authority_name = &authority_name_p;
req = dcerpc_ndr_request_send(p2, &uuid,
&ndr_table_lsarpc,

23
source4/torture/rpc/samba3rpc.c
View File

@ -208,6 +208,7 @@ static bool bindtest(struct smbcli_state *cli,
struct lsa_ObjectAttribute objectattr;
struct lsa_OpenPolicy2 openpolicy;
struct lsa_QueryInfoPolicy query;
union lsa_PolicyInformation *info = NULL;
struct policy_handle handle;
struct lsa_Close close_handle;
@ -256,6 +257,7 @@ static bool bindtest(struct smbcli_state *cli,
query.in.handle = &handle;
query.in.level = LSA_POLICY_INFO_DOMAIN;
query.out.info = &info;
status = dcerpc_lsa_QueryInfoPolicy(lsa_pipe, mem_ctx, &query);
if (!NT_STATUS_IS_OK(status)) {
@ -1500,6 +1502,7 @@ static struct dom_sid *name2sid(TALLOC_CTX *mem_ctx,
struct policy_handle handle;
struct lsa_LookupNames l;
struct lsa_TransSidArray sids;
struct lsa_RefDomainList *domains = NULL;
struct lsa_String lsa_name;
uint32_t count = 0;
struct dom_sid *result;
@ -1546,6 +1549,7 @@ static struct dom_sid *name2sid(TALLOC_CTX *mem_ctx,
l.in.count = &count;
l.out.count = &count;
l.out.sids = &sids;
l.out.domains = &domains;
status = dcerpc_lsa_LookupNames(p, tmp_ctx, &l);
if (!NT_STATUS_IS_OK(status)) {
@ -1555,7 +1559,7 @@ static struct dom_sid *name2sid(TALLOC_CTX *mem_ctx,
return NULL;
}
result = dom_sid_add_rid(mem_ctx, l.out.domains->domains[0].sid,
result = dom_sid_add_rid(mem_ctx, domains->domains[0].sid,
l.out.sids->sids[0].rid);
c.in.handle = &handle;
@ -1583,7 +1587,8 @@ static struct dom_sid *whoami(TALLOC_CTX *mem_ctx,
struct dcerpc_pipe *lsa;
struct lsa_GetUserName r;
NTSTATUS status;
struct lsa_StringPointer authority_name_p;
struct lsa_String *authority_name_p = NULL;
struct lsa_String *account_name_p = NULL;
struct dom_sid *result;
status = pipe_bind_smb(mem_ctx, lp_ctx, tree, "\\pipe\\lsarpc",
@ -1595,12 +1600,14 @@ static struct dom_sid *whoami(TALLOC_CTX *mem_ctx,
}
r.in.system_name = "\\";
r.in.account_name = NULL;
authority_name_p.string = NULL;
r.in.account_name = &account_name_p;
r.in.authority_name = &authority_name_p;
r.out.account_name = &account_name_p;
status = dcerpc_lsa_GetUserName(lsa, mem_ctx, &r);
authority_name_p = *r.out.authority_name;
if (!NT_STATUS_IS_OK(status)) {
printf("(%s) GetUserName failed - %s\n",
__location__, nt_errstr(status));
@ -1608,8 +1615,8 @@ static struct dom_sid *whoami(TALLOC_CTX *mem_ctx,
return NULL;
}
result = name2sid(mem_ctx, lsa, r.out.account_name->string,
r.out.authority_name->string->string);
result = name2sid(mem_ctx, lsa, account_name_p->string,
authority_name_p->string);
talloc_free(lsa);
return result;
@ -2388,8 +2395,10 @@ bool torture_samba3_rpc_lsa(struct torture_context *torture)
for (i=0; i<ARRAY_SIZE(levels); i++) {
struct lsa_QueryInfoPolicy r;
union lsa_PolicyInformation *info = NULL;
r.in.handle = &lsa_handle;
r.in.level = levels[i];
r.out.info = &info;
status = dcerpc_lsa_QueryInfoPolicy(p, mem_ctx, &r);
if (!NT_STATUS_IS_OK(status)) {
d_printf("(%s) dcerpc_lsa_QueryInfoPolicy %d "
@ -2399,7 +2408,7 @@ bool torture_samba3_rpc_lsa(struct torture_context *torture)
return false;
}
if (levels[i] == 5) {
domain_sid = r.out.info->account_domain.sid;
domain_sid = info->account_domain.sid;
}
}
}

26
source4/torture/rpc/samsync.c
View File

@ -204,10 +204,12 @@ static struct sec_desc_buf *samsync_query_lsa_sec_desc(TALLOC_CTX *mem_ctx,
struct policy_handle *handle)
{
struct lsa_QuerySecurity r;
struct sec_desc_buf *sdbuf = NULL;
NTSTATUS status;
r.in.handle = handle;
r.in.sec_info = 0x7;
r.out.sdbuf = &sdbuf;
status = dcerpc_lsa_QuerySecurity(samsync_state->p_lsa, mem_ctx, &r);
if (!NT_STATUS_IS_OK(status)) {
@ -215,7 +217,7 @@ static struct sec_desc_buf *samsync_query_lsa_sec_desc(TALLOC_CTX *mem_ctx,
return NULL;
}
return r.out.sdbuf;
return sdbuf;
}
#define TEST_UINT64_EQUAL(i1, i2) do {\
@ -965,6 +967,7 @@ static bool samsync_handle_trusted_domain(TALLOC_CTX *mem_ctx, struct samsync_st
struct policy_handle trustdom_handle;
struct lsa_QueryTrustedDomainInfo q;
union lsa_TrustedDomainInfo *info[9];
union lsa_TrustedDomainInfo *_info = NULL;
int levels [] = {1, 3, 8};
int i;
@ -985,6 +988,7 @@ static bool samsync_handle_trusted_domain(TALLOC_CTX *mem_ctx, struct samsync_st
for (i=0; i< ARRAY_SIZE(levels); i++) {
q.in.trustdom_handle = &trustdom_handle;
q.in.level = levels[i];
q.out.info = &_info;
status = dcerpc_lsa_QueryTrustedDomainInfo(samsync_state->p_lsa, mem_ctx, &q);
if (!NT_STATUS_IS_OK(status)) {
if (q.in.level == 8 && NT_STATUS_EQUAL(status,NT_STATUS_INVALID_PARAMETER)) {
@ -995,7 +999,7 @@ static bool samsync_handle_trusted_domain(TALLOC_CTX *mem_ctx, struct samsync_st
levels[i], nt_errstr(status));
return false;
}
info[levels[i]] = q.out.info;
info[levels[i]] = _info;
}
if (info[8]) {
@ -1025,6 +1029,7 @@ static bool samsync_handle_account(TALLOC_CTX *mem_ctx, struct samsync_state *sa
struct lsa_OpenAccount a;
struct policy_handle acct_handle;
struct lsa_EnumPrivsAccount e;
struct lsa_PrivilegeSet *privs = NULL;
struct lsa_LookupPrivName r;
int i, j;
@ -1047,6 +1052,7 @@ static bool samsync_handle_account(TALLOC_CTX *mem_ctx, struct samsync_state *sa
found_priv_in_lsa = talloc_zero_array(mem_ctx, bool, account->privilege_entries);
e.in.handle = &acct_handle;
e.out.privs = &privs;
status = dcerpc_lsa_EnumPrivsAccount(samsync_state->p_lsa, mem_ctx, &e);
if (!NT_STATUS_IS_OK(status)) {
@ -1054,23 +1060,27 @@ static bool samsync_handle_account(TALLOC_CTX *mem_ctx, struct samsync_state *sa
return false;
}
if ((account->privilege_entries && !e.out.privs)) {
if ((account->privilege_entries && !privs)) {
printf("Account %s has privileges in SamSync, but not LSA\n",
dom_sid_string(mem_ctx, dom_sid));
return false;
}
if (!account->privilege_entries && e.out.privs && e.out.privs->count) {
if (!account->privilege_entries && privs && privs->count) {
printf("Account %s has privileges in LSA, but not SamSync\n",
dom_sid_string(mem_ctx, dom_sid));
return false;
}
TEST_INT_EQUAL(account->privilege_entries, e.out.privs->count);
TEST_INT_EQUAL(account->privilege_entries, privs->count);
for (i=0;i< privs->count; i++) {
struct lsa_StringLarge *name = NULL;
for (i=0;i< e.out.privs->count; i++) {
r.in.handle = samsync_state->lsa_handle;
r.in.luid = &e.out.privs->set[i].luid;
r.in.luid = &privs->set[i].luid;
r.out.name = &name;
status = dcerpc_lsa_LookupPrivName(samsync_state->p_lsa, mem_ctx, &r);
if (!NT_STATUS_IS_OK(status)) {
@ -1083,7 +1093,7 @@ static bool samsync_handle_account(TALLOC_CTX *mem_ctx, struct samsync_state *sa
return false;
}
for (j=0;j<account->privilege_entries; j++) {
if (strcmp(r.out.name->string, account->privilege_name[j].string) == 0) {
if (strcmp(name->string, account->privilege_name[j].string) == 0) {
found_priv_in_lsa[j] = true;
break;
}

19
source4/torture/rpc/schannel.c
View File

@ -182,18 +182,21 @@ static bool test_lsa_ops(struct torture_context *tctx, struct dcerpc_pipe *p)
struct lsa_GetUserName r;
NTSTATUS status;
bool ret = true;
struct lsa_StringPointer authority_name_p;
struct lsa_String *account_name_p = NULL;
struct lsa_String *authority_name_p = NULL;
printf("\nTesting GetUserName\n");
r.in.system_name = "\\";
r.in.account_name = NULL;
r.in.account_name = &account_name_p;
r.in.authority_name = &authority_name_p;
authority_name_p.string = NULL;
r.out.account_name = &account_name_p;
/* do several ops to test credential chaining and various operations */
status = dcerpc_lsa_GetUserName(p, tctx, &r);
authority_name_p = *r.out.authority_name;
if (NT_STATUS_EQUAL(status, NT_STATUS_RPC_PROTSEQ_NOT_SUPPORTED)) {
printf("not considering %s to be an error\n", nt_errstr(status));
} else if (!NT_STATUS_IS_OK(status)) {
@ -204,18 +207,18 @@ static bool test_lsa_ops(struct torture_context *tctx, struct dcerpc_pipe *p)
return false;
}
if (strcmp(r.out.account_name->string, "ANONYMOUS LOGON") != 0) {
if (strcmp(account_name_p->string, "ANONYMOUS LOGON") != 0) {
printf("GetUserName returned wrong user: %s, expected %s\n",
r.out.account_name->string, "ANONYMOUS LOGON");
account_name_p->string, "ANONYMOUS LOGON");
return false;
}
if (!r.out.authority_name || !r.out.authority_name->string) {
if (!authority_name_p || !authority_name_p->string) {
return false;
}
if (strcmp(r.out.authority_name->string->string, "NT AUTHORITY") != 0) {
if (strcmp(authority_name_p->string, "NT AUTHORITY") != 0) {
printf("GetUserName returned wrong user: %s, expected %s\n",
r.out.authority_name->string->string, "NT AUTHORITY");
authority_name_p->string, "NT AUTHORITY");
return false;
}
}

21
source4/winbind/wb_async_helpers.c
View File

@ -41,6 +41,7 @@ struct lsa_lookupsids_state {
struct lsa_LookupSids r;
struct lsa_SidArray sids;
struct lsa_TransNameArray names;
struct lsa_RefDomainList *domains;
uint32_t count;
struct wb_sid_object **result;
};
@ -76,6 +77,9 @@ struct composite_context *wb_lsa_lookupsids_send(TALLOC_CTX *mem_ctx,
if (state->sids.sids[i].sid == NULL) goto failed;
}
state->domains = talloc(state, struct lsa_RefDomainList);
if (state->domains == NULL) goto failed;
state->count = 0;
state->num_sids = num_sids;
state->names.count = 0;
@ -88,6 +92,7 @@ struct composite_context *wb_lsa_lookupsids_send(TALLOC_CTX *mem_ctx,
state->r.in.count = &state->count;
state->r.out.names = &state->names;
state->r.out.count = &state->count;
state->r.out.domains = &state->domains;
req = dcerpc_lsa_LookupSids_send(lsa_pipe, state, &state->r);
if (req == NULL) goto failed;
@ -125,6 +130,8 @@ static void lsa_lookupsids_recv_names(struct rpc_request *req)
struct lsa_TranslatedName *name =
&state->r.out.names->names[i];
struct lsa_DomainInfo *dom;
struct lsa_RefDomainList *domains =
state->domains;
state->result[i] = talloc_zero(state->result,
struct wb_sid_object);
@ -135,13 +142,13 @@ static void lsa_lookupsids_recv_names(struct rpc_request *req)
continue;
}
if (name->sid_index >= state->r.out.domains->count) {
if (name->sid_index >= domains->count) {
composite_error(state->ctx,
NT_STATUS_INVALID_PARAMETER);
return;
}
dom = &state->r.out.domains->domains[name->sid_index];
dom = &domains->domains[name->sid_index];
state->result[i]->domain = talloc_reference(state->result[i],
dom->name.string);
if ((name->sid_type == SID_NAME_DOMAIN) ||
@ -183,6 +190,7 @@ struct lsa_lookupnames_state {
uint32_t num_names;
struct lsa_LookupNames r;
struct lsa_TransSidArray sids;
struct lsa_RefDomainList *domains;
uint32_t count;
struct wb_sid_object **result;
};
@ -222,6 +230,9 @@ struct composite_context *wb_lsa_lookupnames_send(TALLOC_CTX *mem_ctx,
lsa_names[i].string = names[i];
}
state->domains = talloc(state, struct lsa_RefDomainList);
if (state->domains == NULL) goto failed;
state->r.in.handle = handle;
state->r.in.num_names = num_names;
state->r.in.names = lsa_names;
@ -230,6 +241,7 @@ struct composite_context *wb_lsa_lookupnames_send(TALLOC_CTX *mem_ctx,
state->r.in.count = &state->count;
state->r.out.count = &state->count;
state->r.out.sids = &state->sids;
state->r.out.domains = &state->domains;
req = dcerpc_lsa_LookupNames_send(lsa_pipe, state, &state->r);
if (req == NULL) goto failed;
@ -265,6 +277,7 @@ static void lsa_lookupnames_recv_sids(struct rpc_request *req)
for (i=0; i<state->num_names; i++) {
struct lsa_TranslatedSid *sid = &state->r.out.sids->sids[i];
struct lsa_RefDomainList *domains = state->domains;
struct lsa_DomainInfo *dom;
state->result[i] = talloc_zero(state->result,
@ -276,13 +289,13 @@ static void lsa_lookupnames_recv_sids(struct rpc_request *req)
continue;
}
if (sid->sid_index >= state->r.out.domains->count) {
if (sid->sid_index >= domains->count) {
composite_error(state->ctx,
NT_STATUS_INVALID_PARAMETER);
return;
}
dom = &state->r.out.domains->domains[sid->sid_index];
dom = &domains->domains[sid->sid_index];
state->result[i]->sid = dom_sid_add_rid(state->result[i],
dom->sid, sid->rid);

7
source4/winbind/wb_init_domain.c
View File

@ -70,6 +70,7 @@ struct init_domain_state {
struct lsa_ObjectAttribute objectattr;
struct lsa_OpenPolicy2 lsa_openpolicy;
struct lsa_QueryInfoPolicy queryinfo;
union lsa_PolicyInformation *info;
};
static void init_domain_recv_netlogonpipe(struct composite_context *ctx);
@ -326,8 +327,12 @@ static void init_domain_recv_lsa_policy(struct rpc_request *req)
state->ctx->status = state->lsa_openpolicy.out.result;
if (!composite_is_ok(state->ctx)) return;
state->info = talloc_zero(state->ctx, union lsa_PolicyInformation);
if (composite_nomem(state->info, state->ctx)) return;
state->queryinfo.in.handle = &state->domain->libnet_ctx->lsa.handle;
state->queryinfo.in.level = LSA_POLICY_INFO_ACCOUNT_DOMAIN;
state->queryinfo.out.info = &state->info;
req = dcerpc_lsa_QueryInfoPolicy_send(state->domain->libnet_ctx->lsa.pipe, state,
&state->queryinfo);
@ -347,7 +352,7 @@ static void init_domain_recv_queryinfo(struct rpc_request *req)
state->ctx->status = state->queryinfo.out.result;
if (!composite_is_ok(state->ctx)) return;
dominfo = &state->queryinfo.out.info->account_domain;
dominfo = &(*state->queryinfo.out.info)->account_domain;
if (strcasecmp(state->domain->info->name, dominfo->name.string) != 0) {
DEBUG(2, ("Expected domain name %s, DC %s said %s\n",