1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-22 13:34:15 +03:00

s4-netlogon: merge netr_DatabaseSync from s3 idl.

Guenther
This commit is contained in:
Günther Deschner 2008-10-28 23:13:58 +01:00
parent f285af6367
commit cbc0b63a77
5 changed files with 78 additions and 43 deletions

View File

@ -741,12 +741,12 @@ interface netlogon
NTSTATUS netr_DatabaseSync(
[in] [string,charset(UTF16)] uint16 logon_server[],
[in] [string,charset(UTF16)] uint16 computername[],
[in] netr_Authenticator credential,
[in,ref] netr_Authenticator *credential,
[in,out,ref] netr_Authenticator *return_authenticator,
[in] netr_SamDatabaseID database_id,
[in,out,ref] uint32 *sync_context,
[in] uint32 preferredmaximumlength,
[out,ref] netr_DELTA_ENUM_ARRAY *delta_enum_array
[out,ref] netr_DELTA_ENUM_ARRAY **delta_enum_array,
[in] uint32 preferredmaximumlength
);

View File

@ -169,6 +169,8 @@ NTSTATUS libnet_SamSync_netlogon(struct libnet_context *ctx, TALLOC_CTX *mem_ctx
TALLOC_CTX *samsync_ctx, *loop_ctx, *delta_ctx;
struct creds_CredentialState *creds;
struct netr_DatabaseSync dbsync;
struct netr_Authenticator credential, return_authenticator;
struct netr_DELTA_ENUM_ARRAY *delta_enum_array = NULL;
struct cli_credentials *machine_account;
struct dcerpc_pipe *p;
struct libnet_context *machine_net_ctx;
@ -320,19 +322,30 @@ NTSTATUS libnet_SamSync_netlogon(struct libnet_context *ctx, TALLOC_CTX *mem_ctx
}
/* Setup details for the synchronisation */
ZERO_STRUCT(return_authenticator);
dbsync.in.logon_server = talloc_asprintf(samsync_ctx, "\\\\%s", dcerpc_server_name(p));
dbsync.in.computername = cli_credentials_get_workstation(machine_account);
dbsync.in.preferredmaximumlength = (uint32_t)-1;
ZERO_STRUCT(dbsync.in.return_authenticator);
dbsync.in.return_authenticator = &return_authenticator;
dbsync.out.return_authenticator = &return_authenticator;
dbsync.out.delta_enum_array = &delta_enum_array;
for (i=0;i< ARRAY_SIZE(database_ids); i++) {
dbsync.in.sync_context = 0;
dbsync.in.database_id = database_ids[i];
for (i=0;i< ARRAY_SIZE(database_ids); i++) {
uint32_t sync_context = 0;
dbsync.in.database_id = database_ids[i];
dbsync.in.sync_context = &sync_context;
dbsync.out.sync_context = &sync_context;
do {
int d;
loop_ctx = talloc_named(samsync_ctx, 0, "DatabaseSync loop context");
creds_client_authenticator(creds, &dbsync.in.credential);
creds_client_authenticator(creds, &credential);
dbsync.in.credential = &credential;
dbsync_nt_status = dcerpc_netr_DatabaseSync(p, loop_ctx, &dbsync);
if (!NT_STATUS_IS_OK(dbsync_nt_status) &&
@ -342,7 +355,7 @@ NTSTATUS libnet_SamSync_netlogon(struct libnet_context *ctx, TALLOC_CTX *mem_ctx
return nt_status;
}
if (!creds_client_check(creds, &dbsync.out.return_authenticator.cred)) {
if (!creds_client_check(creds, &dbsync.out.return_authenticator->cred)) {
r->out.error_string = talloc_strdup(mem_ctx, "Credential chaining on incoming DatabaseSync failed");
talloc_free(samsync_ctx);
return NT_STATUS_ACCESS_DENIED;
@ -351,7 +364,7 @@ NTSTATUS libnet_SamSync_netlogon(struct libnet_context *ctx, TALLOC_CTX *mem_ctx
dbsync.in.sync_context = dbsync.out.sync_context;
/* For every single remote 'delta' entry: */
for (d=0; d < dbsync.out.delta_enum_array->num_deltas; d++) {
for (d=0; d < delta_enum_array->num_deltas; d++) {
char *error_string = NULL;
delta_ctx = talloc_named(loop_ctx, 0, "DatabaseSync delta context");
/* 'Fix' elements, by decrypting and
@ -360,7 +373,7 @@ NTSTATUS libnet_SamSync_netlogon(struct libnet_context *ctx, TALLOC_CTX *mem_ctx
creds,
r->in.rid_crypt,
dbsync.in.database_id,
&dbsync.out.delta_enum_array->delta_enum[d],
&delta_enum_array->delta_enum[d],
&error_string);
if (!NT_STATUS_IS_OK(nt_status)) {
r->out.error_string = talloc_steal(mem_ctx, error_string);
@ -374,7 +387,7 @@ NTSTATUS libnet_SamSync_netlogon(struct libnet_context *ctx, TALLOC_CTX *mem_ctx
nt_status = r->in.delta_fn(delta_ctx,
r->in.fn_ctx,
dbsync.in.database_id,
&dbsync.out.delta_enum_array->delta_enum[d],
&delta_enum_array->delta_enum[d],
&error_string);
if (!NT_STATUS_IS_OK(nt_status)) {
r->out.error_string = talloc_steal(mem_ctx, error_string);

View File

@ -739,12 +739,12 @@ interface netlogon
NTSTATUS netr_DatabaseSync(
[in] [string,charset(UTF16)] uint16 logon_server[],
[in] [string,charset(UTF16)] uint16 computername[],
[in] netr_Authenticator credential,
[in,out] netr_Authenticator return_authenticator,
[in,ref] netr_Authenticator *credential,
[in,out,ref] netr_Authenticator *return_authenticator,
[in] netr_SamDatabaseID database_id,
[in,out] uint32 sync_context,
[in] uint32 preferredmaximumlength,
[out,unique] netr_DELTA_ENUM_ARRAY *delta_enum_array
[in,out,ref] uint32 *sync_context,
[out,ref] netr_DELTA_ENUM_ARRAY **delta_enum_array,
[in] uint32 preferredmaximumlength
);

View File

@ -695,24 +695,36 @@ static bool test_DatabaseSync(struct torture_context *tctx,
struct creds_CredentialState *creds;
const uint32_t database_ids[] = {SAM_DATABASE_DOMAIN, SAM_DATABASE_BUILTIN, SAM_DATABASE_PRIVS};
int i;
struct netr_DELTA_ENUM_ARRAY *delta_enum_array = NULL;
struct netr_Authenticator credential, return_authenticator;
if (!test_SetupCredentials(p, tctx, machine_credentials, &creds)) {
return false;
}
ZERO_STRUCT(return_authenticator);
r.in.logon_server = talloc_asprintf(tctx, "\\\\%s", dcerpc_server_name(p));
r.in.computername = TEST_MACHINE_NAME;
r.in.preferredmaximumlength = (uint32_t)-1;
ZERO_STRUCT(r.in.return_authenticator);
r.in.return_authenticator = &return_authenticator;
r.out.delta_enum_array = &delta_enum_array;
r.out.return_authenticator = &return_authenticator;
for (i=0;i<ARRAY_SIZE(database_ids);i++) {
r.in.sync_context = 0;
uint32_t sync_context = 0;
r.in.database_id = database_ids[i];
r.in.sync_context = &sync_context;
r.out.sync_context = &sync_context;
torture_comment(tctx, "Testing DatabaseSync of id %d\n", r.in.database_id);
do {
creds_client_authenticator(creds, &r.in.credential);
creds_client_authenticator(creds, &credential);
r.in.credential = &credential;
status = dcerpc_netr_DatabaseSync(p, tctx, &r);
if (NT_STATUS_EQUAL(status, STATUS_MORE_ENTRIES))
@ -724,18 +736,16 @@ static bool test_DatabaseSync(struct torture_context *tctx,
}
torture_assert_ntstatus_ok(tctx, status, "DatabaseSync");
if (!creds_client_check(creds, &r.out.return_authenticator.cred)) {
if (!creds_client_check(creds, &r.out.return_authenticator->cred)) {
torture_comment(tctx, "Credential chaining failed\n");
}
r.in.sync_context = r.out.sync_context;
if (r.out.delta_enum_array &&
r.out.delta_enum_array->num_deltas > 0 &&
r.out.delta_enum_array->delta_enum[0].delta_type == NETR_DELTA_DOMAIN &&
r.out.delta_enum_array->delta_enum[0].delta_union.domain) {
if (delta_enum_array &&
delta_enum_array->num_deltas > 0 &&
delta_enum_array->delta_enum[0].delta_type == NETR_DELTA_DOMAIN &&
delta_enum_array->delta_enum[0].delta_union.domain) {
sequence_nums[r.in.database_id] =
r.out.delta_enum_array->delta_enum[0].delta_union.domain->sequence_num;
delta_enum_array->delta_enum[0].delta_union.domain->sequence_num;
torture_comment(tctx, "\tsequence_nums[%d]=%llu\n",
r.in.database_id,
(unsigned long long)sequence_nums[r.in.database_id]);

View File

@ -1131,23 +1131,35 @@ static bool test_DatabaseSync(struct torture_context *tctx,
bool ret = true;
struct samsync_trusted_domain *t;
struct samsync_secret *s;
struct netr_Authenticator return_authenticator, credential;
struct netr_DELTA_ENUM_ARRAY *delta_enum_array = NULL;
const char *domain, *username;
ZERO_STRUCT(return_authenticator);
r.in.logon_server = talloc_asprintf(mem_ctx, "\\\\%s", dcerpc_server_name(samsync_state->p));
r.in.computername = TEST_MACHINE_NAME;
r.in.preferredmaximumlength = (uint32_t)-1;
ZERO_STRUCT(r.in.return_authenticator);
r.in.return_authenticator = &return_authenticator;
r.out.return_authenticator = &return_authenticator;
r.out.delta_enum_array = &delta_enum_array;
for (i=0;i<ARRAY_SIZE(database_ids);i++) {
r.in.sync_context = 0;
uint32_t sync_context = 0;
r.in.database_id = database_ids[i];
r.in.sync_context = &sync_context;
r.out.sync_context = &sync_context;
printf("Testing DatabaseSync of id %d\n", r.in.database_id);
do {
loop_ctx = talloc_named(mem_ctx, 0, "DatabaseSync loop context");
creds_client_authenticator(samsync_state->creds, &r.in.credential);
creds_client_authenticator(samsync_state->creds, &credential);
r.in.credential = &credential;
status = dcerpc_netr_DatabaseSync(samsync_state->p, loop_ctx, &r);
if (!NT_STATUS_IS_OK(status) &&
@ -1157,67 +1169,67 @@ static bool test_DatabaseSync(struct torture_context *tctx,
break;
}
if (!creds_client_check(samsync_state->creds, &r.out.return_authenticator.cred)) {
if (!creds_client_check(samsync_state->creds, &r.out.return_authenticator->cred)) {
printf("Credential chaining failed\n");
}
r.in.sync_context = r.out.sync_context;
for (d=0; d < r.out.delta_enum_array->num_deltas; d++) {
for (d=0; d < delta_enum_array->num_deltas; d++) {
delta_ctx = talloc_named(loop_ctx, 0, "DatabaseSync delta context");
switch (r.out.delta_enum_array->delta_enum[d].delta_type) {
switch (delta_enum_array->delta_enum[d].delta_type) {
case NETR_DELTA_DOMAIN:
if (!samsync_handle_domain(delta_ctx, samsync_state,
r.in.database_id, &r.out.delta_enum_array->delta_enum[d])) {
r.in.database_id, &delta_enum_array->delta_enum[d])) {
printf("Failed to handle DELTA_DOMAIN\n");
ret = false;
}
break;
case NETR_DELTA_GROUP:
if (!samsync_handle_group(delta_ctx, samsync_state,
r.in.database_id, &r.out.delta_enum_array->delta_enum[d])) {
r.in.database_id, &delta_enum_array->delta_enum[d])) {
printf("Failed to handle DELTA_USER\n");
ret = false;
}
break;
case NETR_DELTA_USER:
if (!samsync_handle_user(tctx, delta_ctx, samsync_state,
r.in.database_id, &r.out.delta_enum_array->delta_enum[d])) {
r.in.database_id, &delta_enum_array->delta_enum[d])) {
printf("Failed to handle DELTA_USER\n");
ret = false;
}
break;
case NETR_DELTA_ALIAS:
if (!samsync_handle_alias(delta_ctx, samsync_state,
r.in.database_id, &r.out.delta_enum_array->delta_enum[d])) {
r.in.database_id, &delta_enum_array->delta_enum[d])) {
printf("Failed to handle DELTA_ALIAS\n");
ret = false;
}
break;
case NETR_DELTA_POLICY:
if (!samsync_handle_policy(delta_ctx, samsync_state,
r.in.database_id, &r.out.delta_enum_array->delta_enum[d])) {
r.in.database_id, &delta_enum_array->delta_enum[d])) {
printf("Failed to handle DELTA_POLICY\n");
ret = false;
}
break;
case NETR_DELTA_TRUSTED_DOMAIN:
if (!samsync_handle_trusted_domain(delta_ctx, samsync_state,
r.in.database_id, &r.out.delta_enum_array->delta_enum[d])) {
r.in.database_id, &delta_enum_array->delta_enum[d])) {
printf("Failed to handle DELTA_TRUSTED_DOMAIN\n");
ret = false;
}
break;
case NETR_DELTA_ACCOUNT:
if (!samsync_handle_account(delta_ctx, samsync_state,
r.in.database_id, &r.out.delta_enum_array->delta_enum[d])) {
r.in.database_id, &delta_enum_array->delta_enum[d])) {
printf("Failed to handle DELTA_ACCOUNT\n");
ret = false;
}
break;
case NETR_DELTA_SECRET:
if (!samsync_handle_secret(delta_ctx, samsync_state,
r.in.database_id, &r.out.delta_enum_array->delta_enum[d])) {
r.in.database_id, &delta_enum_array->delta_enum[d])) {
printf("Failed to handle DELTA_SECRET\n");
ret = false;
}
@ -1239,7 +1251,7 @@ static bool test_DatabaseSync(struct torture_context *tctx,
case NETR_DELTA_DELETE_USER2:
case NETR_DELTA_MODIFY_COUNT:
default:
printf("Uxpected delta type %d\n", r.out.delta_enum_array->delta_enum[d].delta_type);
printf("Uxpected delta type %d\n", delta_enum_array->delta_enum[d].delta_type);
ret = false;
break;
}