r3907: * Rename lsa_Name to lsa_String

* Add new IDL to LSA, to query information about trusted domains (for
  cross-check with SamSync).

Andrew Bartlett
(This used to be commit 174c0778421b5154ff2ba809688ea6ef38a1478b)

4 files changed, 125 insertions, 63 deletions

diff --git a/source4/librpc/idl/lsa.idl b/source4/librpc/idl/lsa.idl
index f84addf150..15d1445250 100644
--- a/source4/librpc/idl/lsa.idl
+++ b/source4/librpc/idl/lsa.idl
@@ -30,13 +30,13 @@
 	/* Function: 0x02 */
 
 	typedef struct {
-		[value(2*strlen_m(r->name))] uint16 name_len;
-		[value(r->name_len)] uint16 name_size;
-		unistr_noterm *name;
-	} lsa_Name;
+		[value(2*strlen_m(r->string))] uint16 length;
+		[value(r->length)] uint16 size;
+		unistr_noterm *string;
+	} lsa_String;
 
 	typedef struct {
-		lsa_Name name;
+		lsa_String name;
 		uint32 luid_low;
 		uint32 luid_high;
 	} lsa_PrivEntry;
@@ -122,12 +122,12 @@
 	} lsa_AuditEventsInfo;
 
 	typedef struct {
-		lsa_Name name;
+		lsa_String name;
 		dom_sid2 *sid;
 	} lsa_DomainInfo;
 
 	typedef struct {
-		lsa_Name name;
+		lsa_String name;
 	} lsa_PDAccountInfo;
 
 	typedef struct {
@@ -136,8 +136,8 @@
 	} lsa_ServerRole;
 
 	typedef struct {
-		lsa_Name source;
-		lsa_Name account;
+		lsa_String source;
+		lsa_String account;
 	} lsa_ReplicaSourceInfo;
 
 	typedef struct {
@@ -165,9 +165,9 @@
 	} lsa_AuditFullQueryInfo;
 
 	typedef struct {
-		lsa_Name name;
-		lsa_Name dns_domain;
-		lsa_Name dns_forest;
+		lsa_String name;
+		lsa_String dns_domain;
+		lsa_String dns_forest;
 		GUID domain_guid;
 		dom_sid2 *sid;
 	} lsa_DnsDomainInfo;
@@ -248,8 +248,8 @@
 	/* Function: 0x0c                                */
 
 	typedef struct {
-		lsa_Name name;
-		dom_sid2 *sid;
+		lsa_String name;
+		dom_sid2  *sid;
 	} lsa_TrustInformation;
 
 	NTSTATUS lsa_CreateTrustedDomain(
@@ -264,7 +264,7 @@
 	/* Function: 0x0d */
 
 	typedef struct {
-		lsa_Name name;
+		lsa_String name;
 		dom_sid2 *sid;
 	} lsa_DomainInformation;
 
@@ -304,7 +304,7 @@
 	NTSTATUS lsa_LookupNames (
 		[in,ref]     policy_handle *handle,
 		[in,range(0,1000)] uint32 num_names,
-		[in,ref,size_is(num_names)]  lsa_Name *names,
+		[in,ref,size_is(num_names)]  lsa_String *names,
 		[out]        lsa_RefDomainList *domains,
 		[in,out,ref] lsa_TransSidArray *sids,
 		[in]         uint16 level,
@@ -317,7 +317,7 @@
 
 	typedef struct {
 		uint16 sid_type;
-		lsa_Name name;
+		lsa_String name;
 		uint32 sid_index;
 	} lsa_TranslatedName;
 
@@ -339,7 +339,7 @@
 	/* Function:        0x10 */
 	NTSTATUS lsa_CreateSecret(
 		[in,ref]     policy_handle *handle,
-		[in]         lsa_Name       name,
+		[in]         lsa_String       name,
 		[in]         uint32         access_mask,
 		[out,ref]    policy_handle *sec_handle
 		);
@@ -405,25 +405,54 @@
 		[out,ref]    policy_handle *trustdom_handle
 		);
 
+	typedef [flag(NDR_PAHEX)] struct {
+		uint32 length;
+		uint32 size;
+		[size_is(size),length_is(length)] uint8 *data;
+	} lsa_DATA_BUF;
+
+	typedef struct {
+		lsa_String     domain_name;
+	} lsa_TrustDomainInfo1;
+
+	typedef struct {
+		uint32        flags;
+	} lsa_TrustDomainInfo3;
+
+	typedef struct {
+		lsa_String     name;
+		lsa_String     name2;
+		dom_sid2    *sid;
+		uint32       unknown1;
+		uint32       unknown2;
+		uint32       unknown3;
+	} lsa_TrustDomainInfo6;
+
+	typedef union {
+		[case(1)]    lsa_TrustDomainInfo1 info1;
+		[case(3)]    lsa_TrustDomainInfo3 info3;
+		[case(6)]    lsa_TrustDomainInfo6 info6;
+	} lsa_TrustedDomainInfo;
+
 	/* Function:       0x1a */
-	NTSTATUS lsa_QueryInfoTrustedDomain();
+	NTSTATUS lsa_QueryInfoTrustedDomain(
+		[in,ref]     policy_handle *trustdom_handle,
+		[in]         uint16         level, 
+		[out,switch_is(level)] lsa_TrustedDomainInfo *info
+		);
+
 	/* Function:     0x1b */
 	NTSTATUS lsa_SetInformationTrustedDomain();
 
 	/* Function:          0x1c */
 	NTSTATUS lsa_OpenSecret(
 		[in,ref]     policy_handle *handle,
-		[in]         lsa_Name       name,
+		[in]         lsa_String       name,
 		[in]         uint32         access_mask,
 		[out,ref]    policy_handle *sec_handle
 		);
 
 	/* Function:           0x1d */
-	typedef [flag(NDR_PAHEX)] struct {
-		uint32 length;
-		uint32 size;
-		[size_is(size),length_is(length)] uint8 *data;
-	} lsa_DATA_BUF;
 
 	NTSTATUS lsa_SetSecret(
 		[in,ref]     policy_handle *handle,
@@ -452,7 +481,7 @@
 	NTSTATUS lsa_LookupPrivName (
 		[in,ref]     policy_handle *handle,
 		[in,ref]     lsa_LUID *luid,
-		[out]        lsa_Name *name
+		[out]        lsa_String *name
 		);
 
 
@@ -460,8 +489,8 @@
 	/* Function:  0x21 */
 	NTSTATUS lsa_LookupPrivDisplayName (
 		[in,ref]     policy_handle *handle,
-		[in,ref]     lsa_Name *name,
-		[out]        lsa_Name *disp_name,
+		[in,ref]     lsa_String *name,
+		[out]        lsa_String *disp_name,
 		/* see http://www.microsoft.com/globaldev/nlsweb/ for
 		   language definitions */
 		[in,out,ref] uint16 *language_id,
@@ -476,7 +505,7 @@
 	/* Function:      0x23 */
 	NTSTATUS lsa_EnumAccountsWithUserRight (
 		[in,ref]     policy_handle *handle,
-		[in]         lsa_Name *name,
+		[in]         lsa_String *name,
 		[out,ref]    lsa_SidArray *sids
 		);
 
@@ -487,7 +516,7 @@
 	
 	typedef struct {
 		uint32 count;
-		[size_is(count)] lsa_Name *names;
+		[size_is(count)] lsa_String *names;
 	} lsa_RightSet;
 	
 	NTSTATUS lsa_EnumAccountRights (
@@ -575,7 +604,7 @@
 	/* Function 0x37 */
 	NTSTATUS lsa_OpenTrustedDomainByName(
 		[in,ref]     policy_handle *handle,
-		[in]         lsa_Name       name,
+		[in]         lsa_String     name,
 		[in]         uint32         access_mask,
 		[out,ref]    policy_handle *trustdom_handle
 		);
diff --git a/source4/rpc_server/lsa/dcesrv_lsa.c b/source4/rpc_server/lsa/dcesrv_lsa.c
index 1c3e8d374a..845e568619 100644
--- a/source4/rpc_server/lsa/dcesrv_lsa.c
+++ b/source4/rpc_server/lsa/dcesrv_lsa.c
@@ -228,8 +228,8 @@ static NTSTATUS lsa_info_AccountDomain(struct lsa_policy_state *state, TALLOC_CT
 		return NT_STATUS_INTERNAL_DB_CORRUPTION;
 	}
 
-	info->name.name = samdb_result_string(res[0], "name", NULL);
-	info->sid       = samdb_result_dom_sid(mem_ctx, res[0], "objectSid");
+	info->name.string = samdb_result_string(res[0], "name", NULL);
+	info->sid         = samdb_result_dom_sid(mem_ctx, res[0], "objectSid");
 
 	return NT_STATUS_OK;
 }
@@ -250,11 +250,11 @@ static NTSTATUS lsa_info_DNS(struct lsa_policy_state *state, TALLOC_CTX *mem_ctx
 		return NT_STATUS_INTERNAL_DB_CORRUPTION;
 	}
 
-	info->name.name       = samdb_result_string(res[0],           "name", NULL);
-	info->dns_domain.name = samdb_result_string(res[0],           "dnsDomain", NULL);
-	info->dns_forest.name = samdb_result_string(res[0],           "dnsDomain", NULL);
-	info->domain_guid     = samdb_result_guid(res[0],             "objectGUID");
-	info->sid             = samdb_result_dom_sid(mem_ctx, res[0], "objectSid");
+	info->name.string       = samdb_result_string(res[0],           "name", NULL);
+	info->dns_domain.string = samdb_result_string(res[0],           "dnsDomain", NULL);
+	info->dns_forest.string = samdb_result_string(res[0],           "dnsDomain", NULL);
+	info->domain_guid       = samdb_result_guid(res[0],             "objectGUID");
+	info->sid               = samdb_result_dom_sid(mem_ctx, res[0], "objectSid");
 
 	return NT_STATUS_OK;
 }
@@ -436,12 +436,12 @@ static NTSTATUS lsa_LookupSids(struct dcesrv_call_state *dce_call, TALLOC_CTX *m
 		r->out.names->count++;
 		(*r->out.count)++;
 
-		r->out.names->names[i].sid_type = SID_NAME_UNKNOWN;
-		r->out.names->names[i].name.name = sid_str;
-		r->out.names->names[i].sid_index = 0xFFFFFFFF;
+		r->out.names->names[i].sid_type    = SID_NAME_UNKNOWN;
+		r->out.names->names[i].name.string = sid_str;
+		r->out.names->names[i].sid_index   = 0xFFFFFFFF;
 
 		if (sid_str == NULL) {
-			r->out.names->names[i].name.name = "(SIDERROR)";
+			r->out.names->names[i].name.string = "(SIDERROR)";
 			status = STATUS_SOME_UNMAPPED;
 			continue;
 		}
@@ -462,7 +462,7 @@ static NTSTATUS lsa_LookupSids(struct dcesrv_call_state *dce_call, TALLOC_CTX *m
 
 		/* see if we've already done this authority name */
 		for (j=0;j<r->out.domains->count;j++) {
-			if (strcmp(authority_name, r->out.domains->domains[j].name.name) == 0) {
+			if (strcmp(authority_name, r->out.domains->domains[j].name.string) == 0) {
 				break;
 			}
 		}
@@ -474,8 +474,8 @@ static NTSTATUS lsa_LookupSids(struct dcesrv_call_state *dce_call, TALLOC_CTX *m
 			if (r->out.domains == NULL) {
 				return NT_STATUS_NO_MEMORY;
 			}
-			r->out.domains->domains[j].name.name = authority_name;
-			r->out.domains->domains[j].sid = authority_sid;
+			r->out.domains->domains[j].name.string = authority_name;
+			r->out.domains->domains[j].sid         = authority_sid;
 			r->out.domains->count++;
 		}
 
@@ -503,9 +503,9 @@ static NTSTATUS lsa_LookupSids(struct dcesrv_call_state *dce_call, TALLOC_CTX *m
 			continue;
 		}
 
-		r->out.names->names[i].sid_type = rtype;
-		r->out.names->names[i].name.name = name;
-		r->out.names->names[i].sid_index = 0;
+		r->out.names->names[i].sid_type    = rtype;
+		r->out.names->names[i].name.string = name;
+		r->out.names->names[i].sid_index   = 0;
 	}
 	
 	return status;
diff --git a/source4/torture/rpc/lsa.c b/source4/torture/rpc/lsa.c
index 703df40654..a0b4e816bb 100644
--- a/source4/torture/rpc/lsa.c
+++ b/source4/torture/rpc/lsa.c
@@ -22,9 +22,9 @@
 #include "includes.h"
 #include "librpc/gen_ndr/ndr_lsa.h"
 
-static void init_lsa_Name(struct lsa_Name *name, const char *s)
+static void init_lsa_String(struct lsa_String *name, const char *s)
 {
-	name->name = s;
+	name->string = s;
 }
 
 static BOOL test_OpenPolicy(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx)
@@ -108,7 +108,7 @@ static BOOL test_LookupNames(struct dcerpc_pipe *p,
 {
 	struct lsa_LookupNames r;
 	struct lsa_TransSidArray sids;
-	struct lsa_Name *names;
+	struct lsa_String *names;
 	uint32_t count = 0;
 	NTSTATUS status;
 	int i;
@@ -120,7 +120,7 @@ static BOOL test_LookupNames(struct dcerpc_pipe *p,
 
 	names = talloc(mem_ctx, tnames->count * sizeof(names[0]));
 	for (i=0;i<tnames->count;i++) {
-		init_lsa_Name(&names[i], tnames->names[i].name.name);
+		init_lsa_String(&names[i], tnames->names[i].name.string);
 	}
 
 	r.in.handle = handle;
@@ -350,7 +350,7 @@ static BOOL test_CreateTrustedDomain(struct dcerpc_pipe *p,
 	domsid = dom_sid_parse_talloc(mem_ctx, "S-1-5-21-97398-379795-12345");
 
 	trustinfo.sid = domsid;
-	init_lsa_Name(&trustinfo.name, "torturedomain");
+	init_lsa_String(&trustinfo.name, "torturedomain");
 
 	r.in.handle = handle;
 	r.in.info = &trustinfo;
@@ -396,7 +396,7 @@ static BOOL test_CreateSecret(struct dcerpc_pipe *p,
 
 	asprintf(&secname, "torturesecret-%u", (uint_t)random());
 
-	init_lsa_Name(&r.in.name, secname);
+	init_lsa_String(&r.in.name, secname);
 
 	r.in.handle = handle;
 	r.in.access_mask = SEC_RIGHTS_MAXIMUM_ALLOWED;
@@ -640,7 +640,7 @@ static BOOL test_EnumAccounts(struct dcerpc_pipe *p,
 static BOOL test_LookupPrivDisplayName(struct dcerpc_pipe *p,
 				TALLOC_CTX *mem_ctx,
 				struct policy_handle *handle,
-				struct lsa_Name *priv_name)
+				struct lsa_String *priv_name)
 {
 	struct lsa_LookupPrivDisplayName r;
 	NTSTATUS status;
@@ -648,7 +648,7 @@ static BOOL test_LookupPrivDisplayName(struct dcerpc_pipe *p,
 	   terminals */
 	uint16 language_id = (random() % 4) + 0x409;
 
-	printf("testing LookupPrivDisplayName(%s)\n", priv_name->name);
+	printf("testing LookupPrivDisplayName(%s)\n", priv_name->string);
 	
 	r.in.handle = handle;
 	r.in.name = priv_name;
@@ -662,7 +662,7 @@ static BOOL test_LookupPrivDisplayName(struct dcerpc_pipe *p,
 		return False;
 	}
 	printf("%s -> \"%s\"  (language 0x%x/0x%x)\n", 
-	       priv_name->name, r.out.disp_name->name, 
+	       priv_name->string, r.out.disp_name->string, 
 	       *r.in.language_id, *r.out.language_id);
 
 	return True;
@@ -671,7 +671,7 @@ static BOOL test_LookupPrivDisplayName(struct dcerpc_pipe *p,
 static BOOL test_EnumAccountsWithUserRight(struct dcerpc_pipe *p, 
 				TALLOC_CTX *mem_ctx,
 				struct policy_handle *handle,
-				struct lsa_Name *priv_name)
+				struct lsa_String *priv_name)
 {
 	struct lsa_EnumAccountsWithUserRight r;
 	struct lsa_SidArray sids;
@@ -679,7 +679,7 @@ static BOOL test_EnumAccountsWithUserRight(struct dcerpc_pipe *p,
 
 	ZERO_STRUCT(sids);
 	
-	printf("testing EnumAccountsWithUserRight(%s)\n", priv_name->name);
+	printf("testing EnumAccountsWithUserRight(%s)\n", priv_name->string);
 	
 	r.in.handle = handle;
 	r.in.name = priv_name;
@@ -746,7 +746,7 @@ static BOOL test_EnumTrustDom(struct dcerpc_pipe *p,
 	NTSTATUS status;
 	uint32_t resume_handle = 0;
 	struct lsa_DomainList domains;
-	int i;
+	int i,j;
 	BOOL ret = True;
 
 	printf("\nTesting EnumTrustDom\n");
@@ -777,6 +777,7 @@ static BOOL test_EnumTrustDom(struct dcerpc_pipe *p,
 		struct policy_handle trust_handle;
 		struct policy_handle handle2;
 		struct lsa_Close c;
+		int levels [] = {1, 3, 6};
 		
 		trust.in.handle = handle;
 		trust.in.sid = domains.domains[i].sid;
@@ -793,6 +794,20 @@ static BOOL test_EnumTrustDom(struct dcerpc_pipe *p,
 		c.in.handle = &trust_handle;
 		c.out.handle = &handle2;
 		
+		for (j=1; j < ARRAY_SIZE(levels); j++) {
+			struct lsa_QueryInfoTrustedDomain q;
+			union lsa_TrustedDomainInfo info;
+			q.in.trustdom_handle = &trust_handle;
+			q.in.level = levels[j];
+			q.out.info = &info;
+			status = dcerpc_lsa_QueryInfoTrustedDomain(p, mem_ctx, &q);
+			if (!NT_STATUS_IS_OK(status)) {
+				printf("QueryInfoTrustedDomain level %d failed - %s\n", 
+				       j, nt_errstr(status));
+				ret = False;
+			}
+		}
+		
 		status = dcerpc_lsa_Close(p, mem_ctx, &c);
 		if (!NT_STATUS_IS_OK(status)) {
 			printf("Close of trusted doman failed - %s\n", nt_errstr(status));
@@ -813,7 +828,7 @@ static BOOL test_EnumTrustDom(struct dcerpc_pipe *p,
 
 		c.in.handle = &trust_handle;
 		c.out.handle = &handle2;
-		
+
 		status = dcerpc_lsa_Close(p, mem_ctx, &c);
 		if (!NT_STATUS_IS_OK(status)) {
 			printf("Close of trusted doman failed - %s\n", nt_errstr(status));
diff --git a/source4/torture/rpc/samsync.c b/source4/torture/rpc/samsync.c
index 59508bf1fe..20d63a351a 100644
--- a/source4/torture/rpc/samsync.c
+++ b/source4/torture/rpc/samsync.c
@@ -706,7 +706,7 @@ static BOOL samsync_handle_secret(TALLOC_CTX *mem_ctx, struct samsync_state *sam
 
 	o.in.handle = samsync_state->lsa_handle;
 	o.in.access_mask = SEC_RIGHTS_MAXIMUM_ALLOWED;
-	o.in.name.name = name;
+	o.in.name.string = name;
 	o.out.sec_handle = &sec_handle;
 
 	status = dcerpc_lsa_OpenSecret(samsync_state->p_lsa, mem_ctx, &o);
@@ -781,6 +781,10 @@ static BOOL samsync_handle_trusted_domain(TALLOC_CTX *mem_ctx, struct samsync_st
 	struct samsync_trusted_domain *new = talloc_p(samsync_state, struct samsync_trusted_domain);
 	struct lsa_OpenTrustedDomain t;
 	struct policy_handle trustdom_handle;
+	struct lsa_QueryInfoTrustedDomain q;
+	union lsa_TrustedDomainInfo info[4];
+	int levels [] = {1, 3};
+	int i;
 
 	new->name = talloc_reference(new, trusted_domain->domain_name.string);
 	new->sid = talloc_reference(new, dom_sid);
@@ -795,7 +799,21 @@ static BOOL samsync_handle_trusted_domain(TALLOC_CTX *mem_ctx, struct samsync_st
 		printf("OpenTrustedDomain failed - %s\n", nt_errstr(status));
 		return False;
 	}
+	
+	for (i=0; i< ARRAY_SIZE(levels); i++) {
+		q.in.trustdom_handle = &trustdom_handle;
+		q.in.level = levels[i];
+		q.out.info = &info[levels[i]];
+		status = dcerpc_lsa_QueryInfoTrustedDomain(samsync_state->p_lsa, mem_ctx, &q);
+		if (!NT_STATUS_IS_OK(status)) {
+			printf("QueryInfoTrustedDomain level %d failed - %s\n", 
+			       levels[i], nt_errstr(status));
+			return False;
+		}
+	}
 
+	TEST_STRING_EQUAL(info[1].info1.domain_name, trusted_domain->domain_name);
+	TEST_INT_EQUAL(info[3].info3.flags, trusted_domain->flags);
 	TEST_SEC_DESC_EQUAL(trusted_domain->sdbuf, lsa, &trustdom_handle);
 
 	DLIST_ADD(samsync_state->trusted_domains, new);
@@ -868,7 +886,7 @@ static BOOL samsync_handle_account(TALLOC_CTX *mem_ctx, struct samsync_state *sa
 			return False;
 		}
 		for (j=0;j<account->privilege_entries; j++) {
-			if (strcmp(r.out.name->name, account->privilege_name[j].string) == 0) {
+			if (strcmp(r.out.name->string, account->privilege_name[j].string) == 0) {
 				found_priv_in_lsa[j] = True;
 				break;
 			}