From eda5759e4566c69f03e13137473980a10dfedde4 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?G=C3=BCnther=20Deschner?= Date: Tue, 4 Jul 2006 10:25:04 +0000 Subject: [PATCH] r16796: Fill in dsr_GetMemberships() / dsr_GetMemberships2(). This intersting call is apparently used to construct the user token, collect memberships from other DSAs and to retrieve (nested) memberships of a given group. Torture test to follow (once I cleaned it up). Guenther (This used to be commit ca5e133e8c6fca188fcaa834cdcd4cb2cd801d79) --- source4/librpc/idl/drsuapi.idl | 77 ++++++++++++++++++++- source4/rpc_server/drsuapi/dcesrv_drsuapi.c | 14 ++-- 2 files changed, 80 insertions(+), 11 deletions(-) diff --git a/source4/librpc/idl/drsuapi.idl b/source4/librpc/idl/drsuapi.idl index f106c4ce3a2..cba0103b8ec 100644 --- a/source4/librpc/idl/drsuapi.idl +++ b/source4/librpc/idl/drsuapi.idl @@ -7,11 +7,13 @@ authservice("ldap"), helpstring("Active Directory Replication"), pointer_default(unique), - depends(security,misc), + depends(security,misc,samr), keepref ] interface drsuapi { + declare bitmap samr_GroupAttrs; + /*****************/ /* Function 0x00 */ typedef [bitmap32bit] bitmap { @@ -767,7 +769,51 @@ interface drsuapi /*****************/ /* Function 0x09 */ - WERROR DRSUAPI_GET_MEMBERSHIPS(); + + /* how are type 4 and 7 different from 2 and 3 ? */ + typedef [v1_enum] enum { + DRSUAPI_DS_MEMBERSHIP_TYPE_UNIVERSAL_AND_DOMAIN_GROUPS = 1, + DRSUAPI_DS_MEMBERSHIP_TYPE_DOMAIN_LOCAL_GROUPS = 2, + DRSUAPI_DS_MEMBERSHIP_TYPE_DOMAIN_GROUPS = 3, + DRSUAPI_DS_MEMBERSHIP_TYPE_DOMAIN_LOCAL_GROUPS2 = 4, + DRSUAPI_DS_MEMBERSHIP_TYPE_UNIVERSAL_GROUPS = 5, + DRSUAPI_DS_MEMBERSHIP_TYPE_GROUPMEMBERS = 6, + DRSUAPI_DS_MEMBERSHIP_TYPE_DOMAIN_GROUPS2 = 7 + } drsuapi_DsMembershipType; + + typedef struct { + NTSTATUS status; + [range(0,10000)] uint32 num_memberships; + [range(0,10000)] uint32 num_sids; + [size_is(num_memberships)] drsuapi_DsReplicaObjectIdentifier **info_array; + [size_is(num_memberships)] samr_GroupAttrs *group_attrs; + [size_is(num_sids)] dom_sid28 **sids; + } drsuapi_DsGetMembershipsCtr1; + + typedef [switch_type(int32)] union { + [case(1)] drsuapi_DsGetMembershipsCtr1 ctr1; + } drsuapi_DsGetMembershipsCtr; + + const int DRSUAPI_DS_MEMBERSHIP_FLAG_GROUP_ATTR = 0x1; + + typedef struct { + [range(1,10000)] uint32 count; + [size_is(count)] drsuapi_DsReplicaObjectIdentifier **info_array; + uint32 flags; + drsuapi_DsMembershipType type; + drsuapi_DsReplicaObjectIdentifier *domain; + } drsuapi_DsGetMembershipsRequest1; + + typedef [switch_type(int32)] union { + [case(1)] drsuapi_DsGetMembershipsRequest1 req1; + } drsuapi_DsGetMembershipsRequest; + + WERROR drsuapi_DsGetMemberships( + [in] policy_handle *bind_handle, + [in,out] int32 level, + [in] [switch_is(level)] drsuapi_DsGetMembershipsRequest req, + [out] [switch_is(level)] drsuapi_DsGetMembershipsCtr ctr + ); /*****************/ /* Function 0x0a */ @@ -1370,7 +1416,32 @@ interface drsuapi /*****************/ /* Function 0x15 */ - WERROR DRSUAPI_GET_MEMBERSHIPS2(); + + typedef struct { + [range(0,10000)] uint32 num_entries; + [size_is(num_entries)] drsuapi_DsGetMembershipsCtr1 **ctrl_array; + } drsuapi_DsGetMemberships2Ctr1; + + typedef [switch_type(int32)] union { + [case(1)] drsuapi_DsGetMembershipsCtr1 ctr1; + } drsuapi_DsGetMemberships2Ctr; + + typedef struct { + [range(1,10000)] uint32 num_req; + [size_is(num_req)] drsuapi_DsGetMembershipsRequest1 **req_array; + } drsuapi_DsGetMemberships2Request1; + + typedef [switch_type(int32)] union { + [case(1)] drsuapi_DsGetMemberships2Request1 req1; + } drsuapi_DsGetMemberships2Request; + + WERROR drsuapi_DsGetMemberships2( + [in] policy_handle *bind_handle, + [in,out] int32 level, + [in] [switch_is(level)] drsuapi_DsGetMemberships2Request req, + [out] [switch_is(level)] drsuapi_DsGetMemberships2Ctr ctr + ); + /*****************/ /* Function 0x16 */ diff --git a/source4/rpc_server/drsuapi/dcesrv_drsuapi.c b/source4/rpc_server/drsuapi/dcesrv_drsuapi.c index 11ad149044f..4028e4c4f9c 100644 --- a/source4/rpc_server/drsuapi/dcesrv_drsuapi.c +++ b/source4/rpc_server/drsuapi/dcesrv_drsuapi.c @@ -171,10 +171,10 @@ static WERROR DRSUAPI_VERIFY_NAMES(struct dcesrv_call_state *dce_call, TALLOC_CT /* - DRSUAPI_GET_MEMBERSHIPS + drsuapi_DsGetMemberships */ -static WERROR DRSUAPI_GET_MEMBERSHIPS(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx, - struct DRSUAPI_GET_MEMBERSHIPS *r) +static WERROR drsuapi_DsGetMemberships(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx, + struct drsuapi_DsGetMemberships *r) { DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR); } @@ -332,17 +332,15 @@ static WERROR DRSUAPI_ADD_SID_HISTORY(struct dcesrv_call_state *dce_call, TALLOC DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR); } - /* - DRSUAPI_GET_MEMBERSHIPS2 + drsuapi_DsGetMemberships2 */ -static WERROR DRSUAPI_GET_MEMBERSHIPS2(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx, - struct DRSUAPI_GET_MEMBERSHIPS2 *r) +static WERROR drsuapi_DsGetMemberships2(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx, + struct drsuapi_DsGetMemberships2 *r) { DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR); } - /* DRSUAPI_REPLICA_VERIFY_OBJECTS */