sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2025-01-25 06:04:04 +03:00
Code

- corrected some lsa idl

Browse Source 
- updated lsa parse code from pidl
This commit is contained in:
Andrew Tridgell -
parent 96e269fefe
commit 3983b2aee7
11 changed files with 494 additions and 171 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
source/libcli/raw/rawacl.c
View File

@ -78,7 +78,11 @@ NTSTATUS smb_raw_query_secdesc_recv(struct cli_request *req,
return NT_STATUS_INVALID_PARAMETER; return NT_STATUS_INVALID_PARAMETER;
} }
status = ndr_pull_security_descriptor(ndr, &query->out.sd); query->out.sd = talloc(mem_ctx, sizeof(query->out.sd));
if (!query->out.sd) {
return NT_STATUS_NO_MEMORY;
}
status = ndr_pull_security_descriptor(ndr, query->out.sd);
return NT_STATUS_OK; return NT_STATUS_OK;
} }

79
source/librpc/idl/lsa.idl
View File

@ -7,42 +7,51 @@
pointer_default(unique) pointer_default(unique)
] interface lsarpc ] interface lsarpc
{ {
typedef struct {
[struct_len] uint32 _len;
uint16 impersonation_level;
uint8 context_mode;
uint8 effective_only;
} lsa_QosInfo;
typedef struct {
[struct_len] uint32 _len;
uint8 *root_dir;
unistr *object_name;
uint32 attributes;
security_descriptor *sec_desc;
lsa_QosInfo *sec_qos;
} lsa_ObjectAttribute;
NTSTATUS lsa_OpenPolicy (
[in] uint16 *system_name,
[in,ref] lsa_ObjectAttribute *attr,
[in] uint32 desired_access,
[out] policy_handle *handle
);
NTSTATUS lsa_OpenPolicy2 (
[in] unistr *system_name,
[in,ref] lsa_ObjectAttribute *attr,
[in] uint32 desired_access,
[out,ref] policy_handle *handle
);
typedef struct { typedef struct {
[struct_len] uint32 _len; dom_sid2 *sid;
uint16 impersonation_level; } lsa_SidPtr;
uint8 context_mode;
uint8 effective_only; typedef struct {
} lsa_QosInfo; uint32 num_sids;
[size_is(num_sids)] lsa_SidPtr *sids;
} lsa_SidArray;
typedef struct { NTSTATUS lsa_EnumSids (
[struct_len] uint32 _len; [in,ref] policy_handle *handle,
uint8 *root_dir; [in,out,ref] uint32 *resume_handle,
unistr *object_name; [in] uint32 num_entries,
uint32 attributes; [out,ref] lsa_SidArray *sids
security_descriptor *sec_desc; );
lsa_QosInfo *sec_qos;
} lsa_ObjectAttribute;
NTSTATUS lsa_OpenPolicy (
[in] uint16 *system_name,
[in] [ref] lsa_ObjectAttribute *attr,
[in] uint32 desired_access,
[out] policy_handle *handle
);
NTSTATUS lsa_OpenPolicy2 (
[in] unistr *system_name,
[in] [ref] lsa_ObjectAttribute *attr,
[in] uint32 desired_access,
[out] [ref] policy_handle *handle
);
NTSTATUS lsa_EnumSids(
[in] [ref] policy_handle *handle,
[in] uint32 start_at,
[in] [out] [ref] uint32 *num_entries,
[out] dom_sid **sids
);
} }

14
source/librpc/ndr/libndr.h
View File

@ -61,6 +61,12 @@ struct ndr_push_save {
#define LIBNDR_FLAG_BIGENDIAN 1 #define LIBNDR_FLAG_BIGENDIAN 1
/*
flags passed to control parse flow
*/
#define NDR_SCALARS 1
#define NDR_BUFFERS 2
/* these are used to make the error checking on each element in libndr /* these are used to make the error checking on each element in libndr
less tedious, hopefully making the code more readable */ less tedious, hopefully making the code more readable */
#define NDR_CHECK(call) do { NTSTATUS _status; \ #define NDR_CHECK(call) do { NTSTATUS _status; \
@ -75,19 +81,23 @@ struct ndr_push_save {
if (!(s)) return NT_STATUS_NO_MEMORY; \ if (!(s)) return NT_STATUS_NO_MEMORY; \
} while (0) } while (0)
#define NDR_ALLOC_N(ndr, s, n) do { \ #define NDR_ALLOC_N_SIZE(ndr, s, n, elsize) do { \
if ((n) == 0) { \ if ((n) == 0) { \
(s) = NULL; \ (s) = NULL; \
} else { \ } else { \
(s) = talloc(ndr->mem_ctx, (n) * sizeof(*(s))); \ (s) = talloc(ndr->mem_ctx, (n) * elsize); \
if (!(s)) return NT_STATUS_NO_MEMORY; \ if (!(s)) return NT_STATUS_NO_MEMORY; \
} \ } \
} while (0) } while (0)
#define NDR_ALLOC_N(ndr, s, n) NDR_ALLOC_N_SIZE(ndr, s, n, sizeof(*(s)))
/* these are used when generic fn pointers are needed for ndr push/pull fns */ /* these are used when generic fn pointers are needed for ndr push/pull fns */
typedef NTSTATUS (*ndr_push_fn_t)(struct ndr_push *, void *); typedef NTSTATUS (*ndr_push_fn_t)(struct ndr_push *, void *);
typedef NTSTATUS (*ndr_pull_fn_t)(struct ndr_pull *, void *); typedef NTSTATUS (*ndr_pull_fn_t)(struct ndr_pull *, void *);
typedef NTSTATUS (*ndr_push_flags_fn_t)(struct ndr_push *, int ndr_flags, void *);
typedef NTSTATUS (*ndr_pull_flags_fn_t)(struct ndr_pull *, int ndr_flags, void *);
/* now pull in the individual parsers */ /* now pull in the individual parsers */
#include "librpc/ndr/ndr_sec.h" #include "librpc/ndr/ndr_sec.h"
#include "librpc/ndr/ndr_misc.h" #include "librpc/ndr/ndr_misc.h"

50
source/librpc/ndr/ndr.c
View File

@ -185,3 +185,53 @@ NTSTATUS ndr_push_set_offset(struct ndr_push *ndr, uint32 ofs)
ndr->offset = ofs; ndr->offset = ofs;
return NT_STATUS_OK; return NT_STATUS_OK;
} }
/*
push a generic array
*/
NTSTATUS ndr_push_array(struct ndr_push *ndr, int ndr_flags, void *base,
size_t elsize, uint32 count,
NTSTATUS (*push_fn)(struct ndr_push *, int, void *))
{
int i;
char *p = base;
NDR_CHECK(ndr_push_uint32(ndr, count));
for (i=0;i<count;i++) {
NDR_CHECK(push_fn(ndr, ndr_flags, p));
p += elsize;
}
return NT_STATUS_OK;
}
/*
pull a generic array
*/
NTSTATUS ndr_pull_array(struct ndr_pull *ndr, int ndr_flags, void **base,
size_t elsize, uint32 count,
NTSTATUS (*pull_fn)(struct ndr_pull *, int, void *))
{
int i;
uint32 max_count;
char *p;
NDR_ALLOC_N_SIZE(ndr, *base, count, elsize);
p = *base;
NDR_CHECK(ndr_pull_uint32(ndr, &max_count));
if (max_count != count) {
/* maybe we can cope with this? */
return NT_STATUS_INVALID_PARAMETER;
}
if (!(ndr_flags & NDR_SCALARS)) goto buffers;
for (i=0;i<count;i++) {
NDR_CHECK(pull_fn(ndr, NDR_SCALARS, p));
p += elsize;
}
if (!(ndr_flags & NDR_BUFFERS)) goto done;
buffers:
p = *base;
for (i=0;i<count;i++) {
NDR_CHECK(pull_fn(ndr, NDR_BUFFERS, p));
p += elsize;
}
done:
return NT_STATUS_OK;
}

26
source/librpc/ndr/ndr_basic.c
View File

@ -242,6 +242,32 @@ NTSTATUS ndr_push_unistr(struct ndr_push *ndr, const char *s)
return NT_STATUS_OK; return NT_STATUS_OK;
} }
/*
pull a comformant, variable ucs2 string from the wire into a C string
*/
NTSTATUS ndr_pull_unistr(struct ndr_pull *ndr, const char **s)
{
char *ws, *as=NULL;
uint32 len1, ofs, len2;
NDR_CHECK(ndr_pull_uint32(ndr, &len1));
NDR_CHECK(ndr_pull_uint32(ndr, &ofs));
NDR_CHECK(ndr_pull_uint32(ndr, &len2));
if (len2 > len1) {
return NT_STATUS_INVALID_PARAMETER;
}
NDR_ALLOC_N(ndr, ws, (len1+1)*2);
NDR_CHECK(ndr_pull_bytes(ndr, ws, len1*2));
SSVAL(ws, len1*2, 0);
SSVAL(ws, len2*2, 0);
pull_ucs2_talloc(ndr->mem_ctx, &as, (const smb_ucs2_t *)ws);
if (!as) {
return NT_STATUS_INVALID_PARAMETER;
}
*s = as;
return NT_STATUS_OK;
}
/* /*
push a 4 byte offset pointer, remembering where we are so we can later fill push a 4 byte offset pointer, remembering where we are so we can later fill
in the correct value in the correct value

377
source/librpc/ndr/ndr_lsa.c
View File

@ -23,6 +23,239 @@
#include "includes.h" #include "includes.h"
/* parser auto-generated by pidl */
static NTSTATUS ndr_push_lsa_QosInfo(struct ndr_push *ndr, int ndr_flags, struct lsa_QosInfo *r)
{
struct ndr_push_save _save1, _save2, _save3;
ndr_push_save(ndr, &_save1);
if (!(ndr_flags & NDR_SCALARS)) goto buffers;
NDR_CHECK(ndr_push_align_uint32(ndr));
ndr_push_save(ndr, &_save2);
NDR_CHECK(ndr_push_uint32(ndr, 0));
NDR_CHECK(ndr_push_uint16(ndr, r->impersonation_level));
NDR_CHECK(ndr_push_uint8(ndr, r->context_mode));
NDR_CHECK(ndr_push_uint8(ndr, r->effective_only));
buffers:
if (!(ndr_flags & NDR_BUFFERS)) goto done;
ndr_push_save(ndr, &_save3);
ndr_push_restore(ndr, &_save2);
NDR_CHECK(ndr_push_uint32(ndr, _save3.offset - _save1.offset));
ndr_push_restore(ndr, &_save3);
done:
return NT_STATUS_OK;
}
static NTSTATUS ndr_pull_lsa_QosInfo(struct ndr_pull *ndr, int ndr_flags, struct lsa_QosInfo *r)
{
uint32 _size;
struct ndr_pull_save _save;
ndr_pull_save(ndr, &_save);
if (!(ndr_flags & NDR_SCALARS)) goto buffers;
NDR_CHECK(ndr_pull_uint32(ndr, &_size));
NDR_CHECK(ndr_pull_limit_size(ndr, _size, 4));
NDR_CHECK(ndr_pull_uint16(ndr, &r->impersonation_level));
NDR_CHECK(ndr_pull_uint8(ndr, &r->context_mode));
NDR_CHECK(ndr_pull_uint8(ndr, &r->effective_only));
buffers:
if (!(ndr_flags & NDR_BUFFERS)) goto done;
ndr_pull_restore(ndr, &_save);
NDR_CHECK(ndr_pull_advance(ndr, _size));
done:
return NT_STATUS_OK;
}
static NTSTATUS ndr_push_lsa_ObjectAttribute(struct ndr_push *ndr, int ndr_flags, struct lsa_ObjectAttribute *r)
{
struct ndr_push_save _save1, _save2, _save3;
ndr_push_save(ndr, &_save1);
if (!(ndr_flags & NDR_SCALARS)) goto buffers;
NDR_CHECK(ndr_push_align_uint32(ndr));
ndr_push_save(ndr, &_save2);
NDR_CHECK(ndr_push_uint32(ndr, 0));
NDR_CHECK(ndr_push_ptr(ndr, r->root_dir));
NDR_CHECK(ndr_push_ptr(ndr, r->object_name));
NDR_CHECK(ndr_push_uint32(ndr, r->attributes));
NDR_CHECK(ndr_push_ptr(ndr, r->sec_desc));
NDR_CHECK(ndr_push_ptr(ndr, r->sec_qos));
buffers:
if (!(ndr_flags & NDR_BUFFERS)) goto done;
if (r->root_dir) {
NDR_CHECK(ndr_push_uint8(ndr, *r->root_dir));
}
if (r->object_name) {
NDR_CHECK(ndr_push_unistr(ndr, r->object_name));
}
if (r->sec_desc) {
NDR_CHECK(ndr_push_security_descriptor(ndr, r->sec_desc));
}
if (r->sec_qos) {
NDR_CHECK(ndr_push_lsa_QosInfo(ndr, ndr_flags, r->sec_qos));
}
ndr_push_save(ndr, &_save3);
ndr_push_restore(ndr, &_save2);
NDR_CHECK(ndr_push_uint32(ndr, _save3.offset - _save1.offset));
ndr_push_restore(ndr, &_save3);
done:
return NT_STATUS_OK;
}
static NTSTATUS ndr_pull_lsa_ObjectAttribute(struct ndr_pull *ndr, int ndr_flags, struct lsa_ObjectAttribute *r)
{
uint32 _ptr_root_dir;
uint32 _ptr_object_name;
uint32 _ptr_sec_desc;
uint32 _ptr_sec_qos;
uint32 _size;
struct ndr_pull_save _save;
ndr_pull_save(ndr, &_save);
if (!(ndr_flags & NDR_SCALARS)) goto buffers;
NDR_CHECK(ndr_pull_uint32(ndr, &_size));
NDR_CHECK(ndr_pull_limit_size(ndr, _size, 4));
NDR_CHECK(ndr_pull_uint32(ndr, &_ptr_root_dir));
if (_ptr_root_dir) {
NDR_ALLOC(ndr, r->root_dir);
} else {
r->root_dir = NULL;
}
NDR_CHECK(ndr_pull_uint32(ndr, &_ptr_object_name));
if (_ptr_object_name) {
NDR_ALLOC(ndr, r->object_name);
} else {
r->object_name = NULL;
}
NDR_CHECK(ndr_pull_uint32(ndr, &r->attributes));
NDR_CHECK(ndr_pull_uint32(ndr, &_ptr_sec_desc));
if (_ptr_sec_desc) {
NDR_ALLOC(ndr, r->sec_desc);
} else {
r->sec_desc = NULL;
}
NDR_CHECK(ndr_pull_uint32(ndr, &_ptr_sec_qos));
if (_ptr_sec_qos) {
NDR_ALLOC(ndr, r->sec_qos);
} else {
r->sec_qos = NULL;
}
buffers:
if (!(ndr_flags & NDR_BUFFERS)) goto done;
if (r->root_dir) {
NDR_CHECK(ndr_pull_uint8(ndr, r->root_dir));
}
if (r->object_name) {
NDR_CHECK(ndr_pull_unistr(ndr, &r->object_name));
}
if (r->sec_desc) {
NDR_CHECK(ndr_pull_security_descriptor(ndr, r->sec_desc));
}
if (r->sec_qos) {
NDR_CHECK(ndr_pull_lsa_QosInfo(ndr, ndr_flags, r->sec_qos));
}
ndr_pull_restore(ndr, &_save);
NDR_CHECK(ndr_pull_advance(ndr, _size));
done:
return NT_STATUS_OK;
}
NTSTATUS ndr_push_lsa_OpenPolicy(struct ndr_push *ndr, struct lsa_OpenPolicy *r)
{
NDR_CHECK(ndr_push_ptr(ndr, r->in.system_name));
if (r->in.system_name) {
NDR_CHECK(ndr_push_uint16(ndr, *r->in.system_name));
}
NDR_CHECK(ndr_push_lsa_ObjectAttribute(ndr, NDR_SCALARS|NDR_BUFFERS, r->in.attr));
NDR_CHECK(ndr_push_uint32(ndr, r->in.desired_access));
return NT_STATUS_OK;
}
NTSTATUS ndr_push_lsa_OpenPolicy2(struct ndr_push *ndr, struct lsa_OpenPolicy2 *r)
{
NDR_CHECK(ndr_push_ptr(ndr, r->in.system_name));
if (r->in.system_name) {
NDR_CHECK(ndr_push_unistr(ndr, r->in.system_name));
}
NDR_CHECK(ndr_push_lsa_ObjectAttribute(ndr, NDR_SCALARS|NDR_BUFFERS, r->in.attr));
NDR_CHECK(ndr_push_uint32(ndr, r->in.desired_access));
return NT_STATUS_OK;
}
static NTSTATUS ndr_push_lsa_SidPtr(struct ndr_push *ndr, int ndr_flags, struct lsa_SidPtr *r)
{
if (!(ndr_flags & NDR_SCALARS)) goto buffers;
NDR_CHECK(ndr_push_ptr(ndr, r->sid));
buffers:
if (!(ndr_flags & NDR_BUFFERS)) goto done;
if (r->sid) {
NDR_CHECK(ndr_push_dom_sid2(ndr, r->sid));
}
done:
return NT_STATUS_OK;
}
static NTSTATUS ndr_pull_lsa_SidPtr(struct ndr_pull *ndr, int ndr_flags, struct lsa_SidPtr *r)
{
uint32 _ptr_sid;
if (!(ndr_flags & NDR_SCALARS)) goto buffers;
NDR_CHECK(ndr_pull_uint32(ndr, &_ptr_sid));
if (_ptr_sid) {
NDR_ALLOC(ndr, r->sid);
} else {
r->sid = NULL;
}
buffers:
if (!(ndr_flags & NDR_BUFFERS)) goto done;
if (r->sid) {
NDR_CHECK(ndr_pull_dom_sid2(ndr, r->sid));
}
done:
return NT_STATUS_OK;
}
static NTSTATUS ndr_push_lsa_SidArray(struct ndr_push *ndr, int ndr_flags, struct lsa_SidArray *r)
{
if (!(ndr_flags & NDR_SCALARS)) goto buffers;
NDR_CHECK(ndr_push_uint32(ndr, r->num_sids));
NDR_CHECK(ndr_push_ptr(ndr, r->sids));
buffers:
if (!(ndr_flags & NDR_BUFFERS)) goto done;
if (r->sids) {
NDR_CHECK(ndr_push_array(ndr, ndr_flags, r->sids, sizeof(r->sids[0]), r->num_sids, (ndr_push_flags_fn_t)ndr_push_lsa_SidPtr));
}
done:
return NT_STATUS_OK;
}
static NTSTATUS ndr_pull_lsa_SidArray(struct ndr_pull *ndr, int ndr_flags, struct lsa_SidArray *r)
{
uint32 _ptr_sids;
if (!(ndr_flags & NDR_SCALARS)) goto buffers;
NDR_CHECK(ndr_pull_uint32(ndr, &r->num_sids));
NDR_CHECK(ndr_pull_uint32(ndr, &_ptr_sids));
if (_ptr_sids) {
NDR_ALLOC(ndr, r->sids);
} else {
r->sids = NULL;
}
buffers:
if (!(ndr_flags & NDR_BUFFERS)) goto done;
if (r->sids) {
NDR_CHECK(ndr_pull_array(ndr, ndr_flags, (void **)&r->sids, sizeof(r->sids[0]), r->num_sids, (ndr_pull_flags_fn_t)ndr_pull_lsa_SidPtr));
}
done:
return NT_STATUS_OK;
}
NTSTATUS ndr_push_lsa_EnumSids(struct ndr_push *ndr, struct lsa_EnumSids *r)
{
NDR_CHECK(ndr_push_policy_handle(ndr, r->in.handle));
NDR_CHECK(ndr_push_uint32(ndr, r->in.resume_handle));
NDR_CHECK(ndr_push_uint32(ndr, r->in.num_entries));
return NT_STATUS_OK;
}
/* /*
parse a openpolicy parse a openpolicy
*/ */
@ -47,6 +280,40 @@ NTSTATUS ndr_pull_lsa_OpenPolicy2(struct ndr_pull *ndr,
return NT_STATUS_OK; return NT_STATUS_OK;
} }
#if 0
/*
pull a lsa_SidArray
*/
static NTSTATUS ndr_pull_lsa_SidArray(struct ndr_pull *ndr,
struct lsa_SidArray *r)
{
uint32 ptr;
NDR_CHECK(ndr_pull_uint32(ndr, &r->num_sids));
NDR_CHECK(ndr_pull_uint32(ndr, &ptr));
if (ptr) {
uint32 asize, i;
NDR_CHECK(ndr_pull_uint32(ndr, &asize));
NDR_ALLOC_N(ndr, r->sids, asize);
for (i=0;i<asize;i++) {
NDR_CHECK(ndr_pull_uint32(ndr, &ptr));
if (ptr) {
NDR_ALLOC(ndr, r->sids[i]);
} else {
r->sids[i] = NULL;
}
}
for (i=0;i<asize;i++) {
if (r->sids[i]) {
NDR_CHECK(ndr_pull_dom_sid2(ndr, r->sids[i]));
}
}
}
return NT_STATUS_OK;
}
#endif
/* /*
pull a EnumSids pull a EnumSids
@ -54,114 +321,10 @@ NTSTATUS ndr_pull_lsa_OpenPolicy2(struct ndr_pull *ndr,
NTSTATUS ndr_pull_lsa_EnumSids(struct ndr_pull *ndr, NTSTATUS ndr_pull_lsa_EnumSids(struct ndr_pull *ndr,
struct lsa_EnumSids *r) struct lsa_EnumSids *r)
{ {
uint32 nptrs, asize, i, ptr; NDR_CHECK(ndr_pull_uint32(ndr, &r->out.resume_handle));
NDR_ALLOC(ndr, r->out.sids);
NDR_CHECK(ndr_pull_uint32(ndr, &r->out.num_entries)); NDR_CHECK(ndr_pull_lsa_SidArray(ndr, NDR_SCALARS|NDR_BUFFERS, r->out.sids));
NDR_CHECK(ndr_pull_uint32(ndr, &nptrs));
NDR_CHECK(ndr_pull_uint32(ndr, &ptr));
if (!ptr) goto done;
NDR_CHECK(ndr_pull_uint32(ndr, &asize));
NDR_ALLOC_N(ndr, r->out.sids, nptrs);
for (i=0;i<nptrs;i++) {
NDR_CHECK(ndr_pull_uint32(ndr, &ptr));
if (ptr) {
NDR_ALLOC(ndr, r->out.sids[i]);
} else {
r->out.sids[i] = NULL;
}
}
for (i=0;i<nptrs;i++) {
if (r->out.sids[i]) NDR_CHECK(ndr_pull_dom_sid2(ndr, r->out.sids[i]));
}
done:
NDR_CHECK(ndr_pull_status(ndr, &r->out.result)); NDR_CHECK(ndr_pull_status(ndr, &r->out.result));
return NT_STATUS_OK; return NT_STATUS_OK;
} }
/* parser auto-generated by pidl */
static NTSTATUS ndr_push_lsa_QosInfo(struct ndr_push *ndr, struct lsa_QosInfo *r)
{
struct ndr_push_save len_save1, len_save2, len_save3;
ndr_push_save(ndr, &len_save1);
NDR_CHECK(ndr_push_align_uint32(ndr));
ndr_push_save(ndr, &len_save2);
NDR_CHECK(ndr_push_uint32(ndr, 0));
NDR_CHECK(ndr_push_uint16(ndr, r->impersonation_level));
NDR_CHECK(ndr_push_uint8(ndr, r->context_mode));
NDR_CHECK(ndr_push_uint8(ndr, r->effective_only));
ndr_push_save(ndr, &len_save3);
ndr_push_restore(ndr, &len_save2);
NDR_CHECK(ndr_push_uint32(ndr, len_save3.offset - len_save1.offset));
ndr_push_restore(ndr, &len_save3);
return NT_STATUS_OK;
}
static NTSTATUS ndr_push_lsa_ObjectAttribute(struct ndr_push *ndr, struct lsa_ObjectAttribute *r)
{
struct ndr_push_save len_save1, len_save2, len_save3;
ndr_push_save(ndr, &len_save1);
NDR_CHECK(ndr_push_align_uint32(ndr));
ndr_push_save(ndr, &len_save2);
NDR_CHECK(ndr_push_uint32(ndr, 0));
NDR_CHECK(ndr_push_ptr(ndr, r->root_dir));
NDR_CHECK(ndr_push_ptr(ndr, r->object_name));
NDR_CHECK(ndr_push_uint32(ndr, r->attributes));
NDR_CHECK(ndr_push_ptr(ndr, r->sec_desc));
NDR_CHECK(ndr_push_ptr(ndr, r->sec_qos));
if (r->root_dir) {
NDR_CHECK(ndr_push_uint8(ndr, *r->root_dir));
}
if (r->object_name) {
NDR_CHECK(ndr_push_unistr(ndr, r->object_name));
}
if (r->sec_desc) {
NDR_CHECK(ndr_push_security_descriptor(ndr, r->sec_desc));
}
if (r->sec_qos) {
NDR_CHECK(ndr_push_lsa_QosInfo(ndr, r->sec_qos));
}
ndr_push_save(ndr, &len_save3);
ndr_push_restore(ndr, &len_save2);
NDR_CHECK(ndr_push_uint32(ndr, len_save3.offset - len_save1.offset));
ndr_push_restore(ndr, &len_save3);
return NT_STATUS_OK;
}
NTSTATUS ndr_push_lsa_OpenPolicy(struct ndr_push *ndr, struct lsa_OpenPolicy *r)
{
NDR_CHECK(ndr_push_ptr(ndr, r->in.system_name));
if (r->in.system_name) {
NDR_CHECK(ndr_push_uint16(ndr, *r->in.system_name));
}
NDR_CHECK(ndr_push_lsa_ObjectAttribute(ndr, r->in.attr));
NDR_CHECK(ndr_push_uint32(ndr, r->in.desired_access));
return NT_STATUS_OK;
}
NTSTATUS ndr_push_lsa_OpenPolicy2(struct ndr_push *ndr, struct lsa_OpenPolicy2 *r)
{
NDR_CHECK(ndr_push_ptr(ndr, r->in.system_name));
if (r->in.system_name) {
NDR_CHECK(ndr_push_unistr(ndr, r->in.system_name));
}
NDR_CHECK(ndr_push_lsa_ObjectAttribute(ndr, r->in.attr));
NDR_CHECK(ndr_push_uint32(ndr, r->in.desired_access));
return NT_STATUS_OK;
}
NTSTATUS ndr_push_lsa_EnumSids(struct ndr_push *ndr, struct lsa_EnumSids *r)
{
NDR_CHECK(ndr_push_policy_handle(ndr, r->in.handle));
NDR_CHECK(ndr_push_uint32(ndr, r->in.start_at));
NDR_CHECK(ndr_push_uint32(ndr, r->in.num_entries));
return NT_STATUS_OK;
}

15
source/librpc/ndr/ndr_lsa.h
View File

@ -64,16 +64,25 @@ struct lsa_OpenPolicy2 {
}; };
struct lsa_SidPtr {
struct dom_sid2 *sid;
};
struct lsa_SidArray {
uint32 num_sids;
struct lsa_SidPtr *sids;
};
struct lsa_EnumSids { struct lsa_EnumSids {
struct { struct {
struct policy_handle *handle; struct policy_handle *handle;
uint32 start_at; uint32 resume_handle;
uint32 num_entries; uint32 num_entries;
} in; } in;
struct { struct {
uint32 num_entries; uint32 resume_handle;
struct dom_sid **sids; struct lsa_SidArray *sids;
NTSTATUS result; NTSTATUS result;
} out; } out;

25
source/librpc/ndr/ndr_sec.c
View File

@ -174,16 +174,14 @@ NTSTATUS ndr_pull_dom_sid_ofs(struct ndr_pull *ndr, struct dom_sid **sid)
parse a security descriptor parse a security descriptor
*/ */
NTSTATUS ndr_pull_security_descriptor(struct ndr_pull *ndr, NTSTATUS ndr_pull_security_descriptor(struct ndr_pull *ndr,
struct security_descriptor **sd) struct security_descriptor *sd)
{ {
NDR_ALLOC(ndr, *sd); NDR_CHECK(ndr_pull_uint8(ndr, &sd->revision));
NDR_CHECK(ndr_pull_uint16(ndr, &sd->type));
NDR_CHECK(ndr_pull_uint8(ndr, &(*sd)->revision)); NDR_CHECK(ndr_pull_dom_sid_ofs(ndr, &sd->owner_sid));
NDR_CHECK(ndr_pull_uint16(ndr, &(*sd)->type)); NDR_CHECK(ndr_pull_dom_sid_ofs(ndr, &sd->group_sid));
NDR_CHECK(ndr_pull_dom_sid_ofs(ndr, &(*sd)->owner_sid)); NDR_CHECK(ndr_pull_security_acl_ofs(ndr, &sd->sacl));
NDR_CHECK(ndr_pull_dom_sid_ofs(ndr, &(*sd)->group_sid)); NDR_CHECK(ndr_pull_security_acl_ofs(ndr, &sd->dacl));
NDR_CHECK(ndr_pull_security_acl_ofs(ndr, &(*sd)->sacl));
NDR_CHECK(ndr_pull_security_acl_ofs(ndr, &(*sd)->dacl));
return NT_STATUS_OK; return NT_STATUS_OK;
} }
@ -265,6 +263,15 @@ NTSTATUS ndr_push_dom_sid(struct ndr_push *ndr, struct dom_sid *sid)
return NT_STATUS_OK; return NT_STATUS_OK;
} }
/*
parse a dom_sid2 - this is a dom_sid but with an extra copy of the num_auths field
*/
NTSTATUS ndr_push_dom_sid2(struct ndr_push *ndr, struct dom_sid *sid)
{
NDR_CHECK(ndr_push_uint32(ndr, sid->num_auths));
return ndr_push_dom_sid(ndr, sid);
}
/* /*
generate a ndr security descriptor generate a ndr security descriptor

3
source/librpc/ndr/ndr_sec.h
View File

@ -31,6 +31,9 @@ struct dom_sid {
uint32 *sub_auths; uint32 *sub_auths;
}; };
/* use the same structure for dom_sid2 as dom_sid */
#define dom_sid2 dom_sid
/* an access control element */ /* an access control element */
struct security_ace { struct security_ace {
uint8 type; /* xxxx_xxxx_ACE_TYPE - e.g allowed / denied etc */ uint8 type; /* xxxx_xxxx_ACE_TYPE - e.g allowed / denied etc */

14
source/librpc/rpc/rpc_lsa.c
View File

@ -118,17 +118,17 @@ done:
NTSTATUS dcerpc_lsa_EnumSids(struct dcerpc_pipe *p, NTSTATUS dcerpc_lsa_EnumSids(struct dcerpc_pipe *p,
TALLOC_CTX *mem_ctx, TALLOC_CTX *mem_ctx,
struct policy_handle *handle, struct policy_handle *handle,
uint32 resume_handle, uint32 *resume_handle,
uint32 *num_entries, uint32 num_entries,
struct dom_sid ***sids) struct lsa_SidArray *sids)
{ {
struct lsa_EnumSids r; struct lsa_EnumSids r;
NTSTATUS status; NTSTATUS status;
/* fill the .in side of the call */ /* fill the .in side of the call */
r.in.handle = handle; r.in.handle = handle;
r.in.start_at = 0; r.in.resume_handle = *resume_handle;
r.in.num_entries = *num_entries; r.in.num_entries = num_entries;
/* make the call */ /* make the call */
status = dcerpc_ndr_request(p, LSA_ENUM_ACCOUNTS, mem_ctx, status = dcerpc_ndr_request(p, LSA_ENUM_ACCOUNTS, mem_ctx,
@ -140,8 +140,8 @@ NTSTATUS dcerpc_lsa_EnumSids(struct dcerpc_pipe *p,
} }
/* and extract the .out parameters */ /* and extract the .out parameters */
*num_entries = r.out.num_entries; *resume_handle = r.out.resume_handle;
*sids = r.out.sids; *sids = *r.out.sids;
status = r.out.result; status = r.out.result;
done: done:

56
source/torture/rpc/lsa.c
View File

@ -22,7 +22,7 @@
#include "includes.h" #include "includes.h"
/* /*
this really shouldn't be here .... these really shouldn't be here ....
*/ */
static char *lsa_sid_string_talloc(TALLOC_CTX *mem_ctx, struct dom_sid *sid) static char *lsa_sid_string_talloc(TALLOC_CTX *mem_ctx, struct dom_sid *sid)
{ {
@ -53,6 +53,31 @@ static char *lsa_sid_string_talloc(TALLOC_CTX *mem_ctx, struct dom_sid *sid)
return ret; return ret;
} }
static int dom_sid_compare(struct dom_sid *sid1, struct dom_sid *sid2)
{
int i;
if (sid1 == sid2) return 0;
if (!sid1) return -1;
if (!sid2) return 1;
/* Compare most likely different rids, first: i.e start at end */
if (sid1->num_auths != sid2->num_auths)
return sid1->num_auths - sid2->num_auths;
for (i = sid1->num_auths-1; i >= 0; --i)
if (sid1->sub_auths[i] != sid2->sub_auths[i])
return sid1->sub_auths[i] - sid2->sub_auths[i];
if (sid1->sid_rev_num != sid2->sid_rev_num)
return sid1->sid_rev_num - sid2->sid_rev_num;
for (i = 0; i < 6; i++)
if (sid1->id_auth[i] != sid2->id_auth[i])
return sid1->id_auth[i] - sid2->id_auth[i];
return 0;
}
static BOOL test_OpenPolicy(struct dcerpc_pipe *p) static BOOL test_OpenPolicy(struct dcerpc_pipe *p)
{ {
@ -124,24 +149,41 @@ static BOOL test_EnumSids(struct dcerpc_pipe *p,
struct policy_handle *handle) struct policy_handle *handle)
{ {
NTSTATUS status; NTSTATUS status;
struct dom_sid **sids; struct lsa_SidArray sids1, sids2;
uint32 num_entries = 100; uint32 resume_handle;
int i; int i;
printf("\ntesting EnumSids\n"); printf("\ntesting EnumSids\n");
status = dcerpc_lsa_EnumSids(p, mem_ctx, handle, 0, &num_entries, &sids); resume_handle = 0;
status = dcerpc_lsa_EnumSids(p, mem_ctx, handle, &resume_handle, 100, &sids1);
if (!NT_STATUS_IS_OK(status)) { if (!NT_STATUS_IS_OK(status)) {
printf("EnumSids failed - %s\n", nt_errstr(status)); printf("EnumSids failed - %s\n", nt_errstr(status));
return False; return False;
} }
printf("Got %d sids\n", num_entries); printf("Got %d sids resume_handle=%u\n", sids1.num_sids, resume_handle);
for (i=0;i<num_entries;i++) { for (i=0;i<sids1.num_sids;i++) {
printf("%s\n", lsa_sid_string_talloc(mem_ctx, sids[i])); printf("%s\n", lsa_sid_string_talloc(mem_ctx, sids1.sids[i].sid));
}
if (sids1.num_sids < 3) {
return True;
} }
printf("trying partial listing (asking for 1 at 2)\n");
resume_handle = 2;
status = dcerpc_lsa_EnumSids(p, mem_ctx, handle, &resume_handle, 1, &sids2);
if (!NT_STATUS_IS_OK(status)) {
printf("EnumSids failed - %s\n", nt_errstr(status));
return False;
}
if (sids2.num_sids != 1) {
printf("Returned wrong number of entries (%d)\n", sids2.num_sids);
return False;
}
return True; return True;
} }