summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAndrew Tridgell <tridge@samba.org>2004-05-27 06:27:21 +0000
committerGerald (Jerry) Carter <jerry@samba.org>2007-10-10 12:56:20 -0500
commit7f3d4cc9805bbe2455d663544bbe01bb4b6da09a (patch)
tree95cddf63a068627fbb32e9348f3a36101fb8ba62
parent7a6d86fbc9610d57e7386f969743b8451cae9351 (diff)
downloadsamba-7f3d4cc9805bbe2455d663544bbe01bb4b6da09a.tar.gz
samba-7f3d4cc9805bbe2455d663544bbe01bb4b6da09a.tar.bz2
samba-7f3d4cc9805bbe2455d663544bbe01bb4b6da09a.zip
r919: - added lsa_QueryInfoPolicy2() to IDL, test suite and server
- added lsa_OpenPolicy2() to server - added guid handling in samdb - added a couple more info policy levels in lsa server - added some DNS info in the provisioning template and script With the above changes WinXP professional can join a Samba4 domain (This used to be commit d6dca96352144d6061175c964069ed54d942b9c2)
-rw-r--r--source4/librpc/idl/lsa.idl9
-rw-r--r--source4/provision.ldif2
-rw-r--r--source4/rpc_server/lsa/dcesrv_lsa.c98
-rw-r--r--source4/rpc_server/samr/samdb.c22
-rwxr-xr-xsource4/script/provision.pl7
-rw-r--r--source4/torture/rpc/lsa.c38
6 files changed, 148 insertions, 28 deletions
diff --git a/source4/librpc/idl/lsa.idl b/source4/librpc/idl/lsa.idl
index e477ce7054..b9acbfcf10 100644
--- a/source4/librpc/idl/lsa.idl
+++ b/source4/librpc/idl/lsa.idl
@@ -500,6 +500,13 @@
/* Function: 0x2d */
NTSTATUS UNK_GET_CONNUSER ();
+
+ /**********************/
/* Function: 0x2e */
- NTSTATUS QUERYINFO2 ();
+
+ NTSTATUS lsa_QueryInfoPolicy2(
+ [in,ref] policy_handle *handle,
+ [in] uint16 level,
+ [out,switch_is(level)] lsa_PolicyInformation *info
+ );
}
diff --git a/source4/provision.ldif b/source4/provision.ldif
index 075cd758ba..444f7185bd 100644
--- a/source4/provision.ldif
+++ b/source4/provision.ldif
@@ -27,6 +27,8 @@ objectClass: top
objectClass: domain
objectClass: domainDNS
name: ${DOMAIN}
+realm: ${REALM}
+dnsDomain: ${REALM}
dc: ${DOMAIN}
objectGUID: ${NEWGUID}
creationTime: ${NTTIME}
diff --git a/source4/rpc_server/lsa/dcesrv_lsa.c b/source4/rpc_server/lsa/dcesrv_lsa.c
index 6ea782a8f2..bff7a98b25 100644
--- a/source4/rpc_server/lsa/dcesrv_lsa.c
+++ b/source4/rpc_server/lsa/dcesrv_lsa.c
@@ -139,10 +139,10 @@ static NTSTATUS lsa_ChangePassword(struct dcesrv_call_state *dce_call, TALLOC_CT
/*
- lsa_OpenPolicy
+ lsa_OpenPolicy2
*/
-static NTSTATUS lsa_OpenPolicy(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
- struct lsa_OpenPolicy *r)
+static NTSTATUS lsa_OpenPolicy2(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
+ struct lsa_OpenPolicy2 *r)
{
struct lsa_policy_state *state;
struct dcesrv_handle *handle;
@@ -198,6 +198,25 @@ static NTSTATUS lsa_OpenPolicy(struct dcesrv_call_state *dce_call, TALLOC_CTX *m
return NT_STATUS_OK;
}
+/*
+ lsa_OpenPolicy
+ a wrapper around lsa_OpenPolicy2
+*/
+static NTSTATUS lsa_OpenPolicy(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
+ struct lsa_OpenPolicy *r)
+{
+ struct lsa_OpenPolicy2 r2;
+
+ r2.in.system_name = NULL;
+ r2.in.attr = r->in.attr;
+ r2.in.access_mask = r->in.access_mask;
+ r2.out.handle = r->out.handle;
+
+ return lsa_OpenPolicy2(dce_call, mem_ctx, &r2);
+}
+
+
+
/*
fill in the AccountDomain info
@@ -221,11 +240,36 @@ static NTSTATUS lsa_info_AccountDomain(struct lsa_policy_state *state, TALLOC_CT
return NT_STATUS_OK;
}
+/*
+ fill in the DNS domain info
+*/
+static NTSTATUS lsa_info_DNS(struct lsa_policy_state *state, TALLOC_CTX *mem_ctx,
+ struct lsa_DnsDomainInfo *info)
+{
+ const char * const attrs[] = { "name", "dnsDomain", "objectGUID", "objectSid", NULL };
+ int ret;
+ struct ldb_message **res;
+
+ ret = samdb_search(state->sam_ctx, mem_ctx, NULL, &res, attrs,
+ "dn=%s", state->domain_dn);
+ if (ret != 1) {
+ return NT_STATUS_INTERNAL_DB_CORRUPTION;
+ }
+
+ info->name.name = samdb_result_string(res[0], "name", NULL);
+ info->dns_domain.name = samdb_result_string(res[0], "dnsDomain", NULL);
+ info->dns_forest.name = samdb_result_string(res[0], "dnsDomain", NULL);
+ info->domain_guid = samdb_result_guid(res[0], "objectGUID");
+ info->sid = samdb_result_dom_sid(mem_ctx, res[0], "objectSid");
+
+ return NT_STATUS_OK;
+}
+
/*
- lsa_QueryInfoPolicy
+ lsa_QueryInfoPolicy2
*/
-static NTSTATUS lsa_QueryInfoPolicy(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
- struct lsa_QueryInfoPolicy *r)
+static NTSTATUS lsa_QueryInfoPolicy2(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
+ struct lsa_QueryInfoPolicy2 *r)
{
struct lsa_policy_state *state;
struct dcesrv_handle *h;
@@ -244,13 +288,35 @@ static NTSTATUS lsa_QueryInfoPolicy(struct dcesrv_call_state *dce_call, TALLOC_C
ZERO_STRUCTP(r->out.info);
switch (r->in.level) {
+ case LSA_POLICY_INFO_DOMAIN:
case LSA_POLICY_INFO_ACCOUNT_DOMAIN:
return lsa_info_AccountDomain(state, mem_ctx, &r->out.info->account_domain);
+
+ case LSA_POLICY_INFO_DNS:
+ return lsa_info_DNS(state, mem_ctx, &r->out.info->dns);
}
return NT_STATUS_INVALID_INFO_CLASS;
}
+/*
+ lsa_QueryInfoPolicy
+*/
+static NTSTATUS lsa_QueryInfoPolicy(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
+ struct lsa_QueryInfoPolicy *r)
+{
+ struct lsa_QueryInfoPolicy2 r2;
+ NTSTATUS status;
+
+ r2.in.handle = r->in.handle;
+ r2.in.level = r->in.level;
+
+ status = lsa_QueryInfoPolicy2(dce_call, mem_ctx, &r2);
+
+ r->out.info = r2.out.info;
+
+ return status;
+}
/*
lsa_SetInfoPolicy
@@ -613,16 +679,6 @@ static NTSTATUS RETRPRIVDATA(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem
/*
- lsa_OpenPolicy2
-*/
-static NTSTATUS lsa_OpenPolicy2(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
- struct lsa_OpenPolicy2 *r)
-{
- DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
-}
-
-
-/*
UNK_GET_CONNUSER
*/
static NTSTATUS UNK_GET_CONNUSER(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
@@ -632,15 +688,5 @@ static NTSTATUS UNK_GET_CONNUSER(struct dcesrv_call_state *dce_call, TALLOC_CTX
}
-/*
- QUERYINFO2
-*/
-static NTSTATUS QUERYINFO2(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
- struct QUERYINFO2 *r)
-{
- DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
-}
-
-
/* include the generated boilerplate */
#include "librpc/gen_ndr/ndr_lsa_s.c"
diff --git a/source4/rpc_server/samr/samdb.c b/source4/rpc_server/samr/samdb.c
index 12319cf84a..ed76a4fc60 100644
--- a/source4/rpc_server/samr/samdb.c
+++ b/source4/rpc_server/samr/samdb.c
@@ -380,6 +380,28 @@ struct dom_sid *samdb_result_dom_sid(TALLOC_CTX *mem_ctx, struct ldb_message *ms
}
/*
+ pull a guid structure from a objectGUID in a result set.
+*/
+struct GUID samdb_result_guid(struct ldb_message *msg, const char *attr)
+{
+ NTSTATUS status;
+ struct GUID guid;
+ const char *guidstr = ldb_msg_find_string(msg, attr, NULL);
+
+ ZERO_STRUCT(guid);
+
+ if (!guidstr) return guid;
+
+ status = GUID_from_string(guidstr, &guid);
+ if (!NT_STATUS_IS_OK(status)) {
+ ZERO_STRUCT(guid);
+ return guid;
+ }
+
+ return guid;
+}
+
+/*
pull a sid prefix from a objectSid in a result set.
this is used to find the domain sid for a user
*/
diff --git a/source4/script/provision.pl b/source4/script/provision.pl
index e71c065328..8bafa6a030 100755
--- a/source4/script/provision.pl
+++ b/source4/script/provision.pl
@@ -27,7 +27,8 @@ sub randguid()
my $r3 = int(rand(2**16));
my $r4 = int(rand(2**16));
my $r5 = int(rand(2**32));
- return sprintf("%08x-%04x-%04x-%04x-%08x", $r1, $r2, $r3, $r4, $r5);
+ my $r6 = int(rand(2**16));
+ return sprintf("%08x-%04x-%04x-%04x-%08x%04x", $r1, $r2, $r3, $r4, $r5, $r6);
}
sub randsid()
@@ -63,6 +64,10 @@ sub substitute($)
return $domain;
}
+ if ($var eq "REALM") {
+ return $realm;
+ }
+
if ($var eq "HOSTNAME") {
return $hostname;
}
diff --git a/source4/torture/rpc/lsa.c b/source4/torture/rpc/lsa.c
index 031070caa6..7dfa2494b7 100644
--- a/source4/torture/rpc/lsa.c
+++ b/source4/torture/rpc/lsa.c
@@ -675,6 +675,40 @@ static BOOL test_QueryInfoPolicy(struct dcerpc_pipe *p,
return ret;
}
+static BOOL test_QueryInfoPolicy2(struct dcerpc_pipe *p,
+ TALLOC_CTX *mem_ctx,
+ struct policy_handle *handle)
+{
+ struct lsa_QueryInfoPolicy2 r;
+ NTSTATUS status;
+ int i;
+ BOOL ret = True;
+ printf("\nTesting QueryInfoPolicy2\n");
+
+ for (i=1;i<13;i++) {
+ r.in.handle = handle;
+ r.in.level = i;
+
+ printf("\ntrying QueryInfoPolicy2 level %d\n", i);
+
+ status = dcerpc_lsa_QueryInfoPolicy2(p, mem_ctx, &r);
+
+ if ((i == 9 || i == 10 || i == 11) &&
+ NT_STATUS_EQUAL(status, NT_STATUS_INVALID_PARAMETER)) {
+ printf("server failed level %u (OK)\n", i);
+ continue;
+ }
+
+ if (!NT_STATUS_IS_OK(status)) {
+ printf("QueryInfoPolicy2 failed - %s\n", nt_errstr(status));
+ ret = False;
+ continue;
+ }
+ }
+
+ return ret;
+}
+
static BOOL test_Close(struct dcerpc_pipe *p,
TALLOC_CTX *mem_ctx,
struct policy_handle *handle)
@@ -759,6 +793,10 @@ BOOL torture_rpc_lsa(int dummy)
if (!test_QueryInfoPolicy(p, mem_ctx, &handle)) {
ret = False;
}
+
+ if (!test_QueryInfoPolicy2(p, mem_ctx, &handle)) {
+ ret = False;
+ }
#if 0
if (!test_Delete(p, mem_ctx, &handle)) {