summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorGünther Deschner <gd@samba.org>2005-09-01 10:36:48 +0000
committerGerald (Jerry) Carter <jerry@samba.org>2007-10-10 13:36:20 -0500
commitad44611170d7f24544cd62424a5729aef03acd21 (patch)
tree9c31ea07ad0dd9849d20ccc9652a70d2d83edd44
parenteb133639dc524cd03f2dd2ba24cf48cd673642f5 (diff)
downloadsamba-ad44611170d7f24544cd62424a5729aef03acd21.tar.gz
samba-ad44611170d7f24544cd62424a5729aef03acd21.tar.bz2
samba-ad44611170d7f24544cd62424a5729aef03acd21.zip
r9888: add IDL for lsa_QueryDomainInformationPolicy to query Kerberos Settings.
Guenther (This used to be commit d717e878bdc05b06adcc50c3527c339be8164145)
-rw-r--r--source4/librpc/idl/lsa.idl39
-rw-r--r--source4/rpc_server/lsa/dcesrv_lsa.c6
-rw-r--r--source4/torture/rpc/lsa.c33
3 files changed, 73 insertions, 5 deletions
diff --git a/source4/librpc/idl/lsa.idl b/source4/librpc/idl/lsa.idl
index 83251b37db..0927e6ef85 100644
--- a/source4/librpc/idl/lsa.idl
+++ b/source4/librpc/idl/lsa.idl
@@ -738,10 +738,45 @@
NTSTATUS lsa_CloseTrustedDomainEx();
/* Function 0x35 */
- NTSTATUS lsa_QueryDomainInformationPolicy();
+
+ /* w2k3 returns either 0x000bbbd000000000 or 0x000a48e800000000
+ for unknown6 - gd */
+ typedef struct {
+ uint32 enforce_restrictions;
+ hyper service_tkt_lifetime;
+ hyper user_tkt_lifetime;
+ hyper user_tkt_renewaltime;
+ hyper clock_skew;
+ hyper unknown6;
+ } lsa_DomainInfoKerberos;
+
+ typedef struct {
+ uint32 blob_size;
+ [size_is(blob_size)] uint8 *efs_blob;
+ } lsa_DomainInfoEfs;
+
+ typedef enum {
+ LSA_DOMAIN_INFO_POLICY_EFS=2,
+ LSA_DOMAIN_INFO_POLICY_KERBEROS=3
+ } lsa_DomainInfoEnum;
+
+ typedef [switch_type(uint16)] union {
+ [case(LSA_DOMAIN_INFO_POLICY_EFS)] lsa_DomainInfoEfs efs_info;
+ [case(LSA_DOMAIN_INFO_POLICY_KERBEROS)] lsa_DomainInfoKerberos kerberos_info;
+ } lsa_DomainInformationPolicy;
+
+ NTSTATUS lsa_QueryDomainInformationPolicy(
+ [in,ref] policy_handle *handle,
+ [in] uint16 level,
+ [out,switch_is(level)] lsa_DomainInformationPolicy *info
+ );
/* Function 0x36 */
- NTSTATUS lsa_SetDomInfoPolicy();
+ NTSTATUS lsa_SetDomainInformationPolicy(
+ [in,ref] policy_handle *handle,
+ [in] uint16 level,
+ [in,switch_is(level)] lsa_DomainInformationPolicy *info
+ );
/**********************/
/* Function 0x37 */
diff --git a/source4/rpc_server/lsa/dcesrv_lsa.c b/source4/rpc_server/lsa/dcesrv_lsa.c
index b976330bee..55fc992080 100644
--- a/source4/rpc_server/lsa/dcesrv_lsa.c
+++ b/source4/rpc_server/lsa/dcesrv_lsa.c
@@ -2479,9 +2479,9 @@ static NTSTATUS lsa_QueryDomainInformationPolicy(struct dcesrv_call_state *dce_c
/*
lsa_SetDomInfoPolicy
*/
-static NTSTATUS lsa_SetDomInfoPolicy(struct dcesrv_call_state *dce_call,
- TALLOC_CTX *mem_ctx,
- struct lsa_SetDomInfoPolicy *r)
+static NTSTATUS lsa_SetDomainInformationPolicy(struct dcesrv_call_state *dce_call,
+ TALLOC_CTX *mem_ctx,
+ struct lsa_SetDomainInformationPolicy *r)
{
DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
}
diff --git a/source4/torture/rpc/lsa.c b/source4/torture/rpc/lsa.c
index f723f68a02..7630056503 100644
--- a/source4/torture/rpc/lsa.c
+++ b/source4/torture/rpc/lsa.c
@@ -1477,6 +1477,35 @@ static BOOL test_CreateTrustedDomain(struct dcerpc_pipe *p,
return ret;
}
+static BOOL test_QueryDomainInfoPolicy(struct dcerpc_pipe *p,
+ TALLOC_CTX *mem_ctx,
+ struct policy_handle *handle)
+{
+ struct lsa_QueryDomainInformationPolicy r;
+ NTSTATUS status;
+ int i;
+ BOOL ret = True;
+ printf("\nTesting QueryDomainInformationPolicy\n");
+
+ for (i=2;i<4;i++) {
+ r.in.handle = handle;
+ r.in.level = i;
+
+ printf("\ntrying QueryDomainInformationPolicy level %d\n", i);
+
+ status = dcerpc_lsa_QueryDomainInformationPolicy(p, mem_ctx, &r);
+
+ if (!NT_STATUS_IS_OK(status)) {
+ printf("QueryDomainInformationPolicy failed - %s\n", nt_errstr(status));
+ ret = False;
+ continue;
+ }
+ }
+
+ return ret;
+}
+
+
static BOOL test_QueryInfoPolicy(struct dcerpc_pipe *p,
TALLOC_CTX *mem_ctx,
struct policy_handle *handle)
@@ -1630,6 +1659,10 @@ BOOL torture_rpc_lsa(void)
ret = False;
}
+ if (!test_QueryDomainInfoPolicy(p, mem_ctx, &handle)) {
+ ret = False;
+ }
+
if (!test_many_LookupSids(p, mem_ctx, &handle)) {
ret = False;
}