summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAndrew Tridgell <tridge@samba.org>2004-05-28 13:23:30 +0000
committerGerald (Jerry) Carter <jerry@samba.org>2007-10-10 12:56:20 -0500
commitd9538e7412c593a9dc10a600676939d2cf0205ea (patch)
tree0ff1ce915a7c076facc22cc8e63d1fcf55e2215c
parent90341da78b10beb4fa0bdbc8de35d44373c27fbf (diff)
downloadsamba-d9538e7412c593a9dc10a600676939d2cf0205ea.tar.gz
samba-d9538e7412c593a9dc10a600676939d2cf0205ea.tar.bz2
samba-d9538e7412c593a9dc10a600676939d2cf0205ea.zip
r937: - added a simple QuerySecurity implementation in samr server
- moved some sec desc defines into misc.idl - fixed pw_len field in UserInfo26 - made some pipes available on TCP - added netr_DsrEnumerateDomainTrusts() to netlogon - added templates for remaining netlogon IDL calls (from ethereal) - added a unistr_noterm vs unistr error detector in ndr basic decoder - added torture test for netr_DsrEnumerateDomainTrusts() (This used to be commit ae5a5113fb83640dcb9ae4642c1b9eaf28487956)
-rw-r--r--source4/include/rpc_secdes.h20
-rw-r--r--source4/lib/basic.mk1
-rw-r--r--source4/lib/util_secdesc.c51
-rw-r--r--source4/librpc/idl/lsa.idl2
-rw-r--r--source4/librpc/idl/misc.idl20
-rw-r--r--source4/librpc/idl/netlogon.idl138
-rw-r--r--source4/librpc/idl/samr.idl3
-rw-r--r--source4/librpc/idl/winreg.idl1
-rw-r--r--source4/librpc/ndr/ndr_basic.c12
-rw-r--r--source4/rpc_server/netlogon/dcerpc_netlogon.c326
-rw-r--r--source4/rpc_server/samr/dcesrv_samr.c18
-rw-r--r--source4/rpc_server/samr/samdb.c11
-rw-r--r--source4/torture/rpc/netlogon.c28
-rw-r--r--source4/torture/rpc/samr.c4
14 files changed, 612 insertions, 23 deletions
diff --git a/source4/include/rpc_secdes.h b/source4/include/rpc_secdes.h
index eb83b81d85..3c56d6cb82 100644
--- a/source4/include/rpc_secdes.h
+++ b/source4/include/rpc_secdes.h
@@ -74,28 +74,8 @@ typedef struct security_descriptor SEC_DESC;
#define SEC_ACE_TYPE_SYSTEM_AUDIT_OBJECT 0x7
#define SEC_ACE_TYPE_SYSTEM_ALARM_OBJECT 0x8
-#define SEC_DESC_OWNER_DEFAULTED 0x0001
-#define SEC_DESC_GROUP_DEFAULTED 0x0002
-#define SEC_DESC_DACL_PRESENT 0x0004
-#define SEC_DESC_DACL_DEFAULTED 0x0008
-#define SEC_DESC_SACL_PRESENT 0x0010
-#define SEC_DESC_SACL_DEFAULTED 0x0020
-#define SEC_DESC_DACL_TRUSTED 0x0040
-#define SEC_DESC_SERVER_SECURITY 0x0080
-/*
- * New Windows 2000 bits.
- */
-#define SE_DESC_DACL_AUTO_INHERIT_REQ 0x0100
-#define SE_DESC_SACL_AUTO_INHERIT_REQ 0x0200
-#define SE_DESC_DACL_AUTO_INHERITED 0x0400
-#define SE_DESC_SACL_AUTO_INHERITED 0x0800
-#define SE_DESC_DACL_PROTECTED 0x1000
-#define SE_DESC_SACL_PROTECTED 0x2000
/* Don't know what this means. */
-#define SEC_DESC_RM_CONTROL_VALID 0x4000
-
-#define SEC_DESC_SELF_RELATIVE 0x8000
/* security information */
#define OWNER_SECURITY_INFORMATION 0x00000001
diff --git a/source4/lib/basic.mk b/source4/lib/basic.mk
index ce82157894..754458fec1 100644
--- a/source4/lib/basic.mk
+++ b/source4/lib/basic.mk
@@ -25,6 +25,7 @@ ADD_OBJ_FILES = \
lib/wins_srv.o \
lib/util_str.o \
lib/util_sid.o \
+ lib/util_secdesc.o \
lib/util_uuid.o \
lib/util_unistr.o \
lib/util_file.o \
diff --git a/source4/lib/util_secdesc.c b/source4/lib/util_secdesc.c
new file mode 100644
index 0000000000..92887b21d9
--- /dev/null
+++ b/source4/lib/util_secdesc.c
@@ -0,0 +1,51 @@
+/*
+ Unix SMB/CIFS implementation.
+
+ security descriptror utility functions
+
+ Copyright (C) Andrew Tridgell 2004
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 2 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program; if not, write to the Free Software
+ Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+*/
+
+#include "includes.h"
+
+/*
+ return a blank security descriptor (no owners, dacl or sacl)
+*/
+struct security_descriptor *sd_initialise(TALLOC_CTX *mem_ctx)
+{
+ struct security_descriptor *sd;
+
+ sd = talloc_p(mem_ctx, struct security_descriptor);
+ if (!sd) {
+ return NULL;
+ }
+
+ sd->revision = SD_REVISION;
+ /* we mark as self relative, even though it isn't while it remains
+ a pointer in memory because this simplifies the ndr code later.
+ All SDs that we store/emit are in fact SELF_RELATIVE
+ */
+ sd->type = SEC_DESC_SELF_RELATIVE;
+
+ sd->owner_sid = NULL;
+ sd->group_sid = NULL;
+ sd->sacl = NULL;
+ sd->dacl = NULL;
+
+ return sd;
+}
+
diff --git a/source4/librpc/idl/lsa.idl b/source4/librpc/idl/lsa.idl
index b9acbfcf10..5683a0d08e 100644
--- a/source4/librpc/idl/lsa.idl
+++ b/source4/librpc/idl/lsa.idl
@@ -6,7 +6,7 @@
[ uuid(12345778-1234-abcd-ef00-0123456789ab),
version(0.0),
- endpoints(lsarpc,lsass),
+ endpoints(lsarpc,lsass,TCP-0),
pointer_default(unique)
] interface lsarpc
{
diff --git a/source4/librpc/idl/misc.idl b/source4/librpc/idl/misc.idl
index c5e0b06a23..240c0026e3 100644
--- a/source4/librpc/idl/misc.idl
+++ b/source4/librpc/idl/misc.idl
@@ -80,6 +80,26 @@ interface misc
security_ace aces[num_aces];
} security_acl;
+ /* default revision for new ACLs */
+ const int SD_REVISION = 1;
+
+ /* security_descriptor->type bits */
+ const int SEC_DESC_OWNER_DEFAULTED = 0x0001;
+ const int SEC_DESC_GROUP_DEFAULTED = 0x0002;
+ const int SEC_DESC_DACL_PRESENT = 0x0004;
+ const int SEC_DESC_DACL_DEFAULTED = 0x0008;
+ const int SEC_DESC_SACL_PRESENT = 0x0010;
+ const int SEC_DESC_SACL_DEFAULTED = 0x0020;
+ const int SEC_DESC_DACL_TRUSTED = 0x0040;
+ const int SEC_DESC_SERVER_SECURITY = 0x0080;
+ const int SEC_DESC_DACL_AUTO_INHERIT_REQ = 0x0100;
+ const int SEC_DESC_SACL_AUTO_INHERIT_REQ = 0x0200;
+ const int SEC_DESC_DACL_AUTO_INHERITED = 0x0400;
+ const int SEC_DESC_SACL_AUTO_INHERITED = 0x0800;
+ const int SEC_DESC_DACL_PROTECTED = 0x1000;
+ const int SEC_DESC_SACL_PROTECTED = 0x2000;
+ const int SEC_DESC_RM_CONTROL_VALID = 0x4000;
+ const int SEC_DESC_SELF_RELATIVE = 0x8000;
typedef [public] struct {
uint8 revision;
diff --git a/source4/librpc/idl/netlogon.idl b/source4/librpc/idl/netlogon.idl
index f3c2b1ff26..6888c63ab9 100644
--- a/source4/librpc/idl/netlogon.idl
+++ b/source4/librpc/idl/netlogon.idl
@@ -9,6 +9,7 @@
[
uuid(12345678-1234-abcd-ef00-01234567cffb),
version(1.0),
+ endpoints(netlogon,TCP-0),
pointer_default(unique)
]
@@ -854,4 +855,141 @@ interface netlogon
[in][switch_is(function_code)] netr_CONTROL_DATA_INFORMATION data,
[out][switch_is(level)] netr_CONTROL_QUERY_INFORMATION query
);
+
+ /*****************/
+ /* Function 0x13 */
+ WERROR netr_NETRENUMERATETRUSTEDDOMAINS() ;
+
+ /*****************/
+ /* Function 0x14 */
+ WERROR netr_DSRGETDCNAME() ;
+
+ /*****************/
+ /* Function 0x15 */
+ WERROR netr_NETRLOGONDUMMYROUTINE1();
+
+ /****************/
+ /* Function 0x16 */
+ WERROR netr_NETRLOGONSETSERVICEBITS();
+
+ /****************/
+ /* Function 0x17 */
+ WERROR netr_NETRLOGONGETTRUSTRID();
+
+ /****************/
+ /* Function 0x18 */
+ WERROR netr_NETRLOGONCOMPUTESERVERDIGEST();
+
+ /****************/
+ /* Function 0x19 */
+ WERROR netr_NETRLOGONCOMPUTECLIENTDIGEST();
+
+ /****************/
+ /* Function 0x1a */
+ WERROR netr_NETRSERVERAUTHENTICATE3();
+
+ /****************/
+ /* Function 0x1b */
+ WERROR netr_DSRGETDCNAMEX();
+
+ /****************/
+ /* Function 0x1c */
+ WERROR netr_DSRGETSITENAME();
+
+ /****************/
+ /* Function 0x1d */
+ WERROR netr_NETRLOGONGETDOMAININFO();
+
+ /****************/
+ /* Function 0x1e */
+ WERROR netr_NETRSERVERPASSWORDSET2();
+
+ /****************/
+ /* Function 0x1f */
+ WERROR netr_NETRSERVERPASSWORDGET();
+
+ /****************/
+ /* Function 0x20 */
+ WERROR netr_NETRLOGONSENDTOSAM();
+
+ /****************/
+ /* Function 0x21 */
+ WERROR netr_DSRADDRESSTOSITENAMESW();
+
+ /****************/
+ /* Function 0x22 */
+ WERROR netr_DSRGETDCNAMEEX2();
+
+ /****************/
+ /* Function 0x23 */
+ WERROR netr_NETRLOGONGETTIMESERVICEPARENTDOMAIN();
+
+ /****************/
+ /* Function 0x24 */
+ WERROR netr_NETRENUMERATETRUSTEDDOMAINSEX();
+
+ /****************/
+ /* Function 0x25 */
+ WERROR netr_DSRADDRESSTOSITENAMESEXW();
+
+ /****************/
+ /* Function 0x26 */
+ WERROR netr_DSRGETDCSITECOVERAGEW();
+
+ /****************/
+ /* Function 0x27 */
+ WERROR netr_NETRLOGONSAMLOGONEX();
+
+ /****************/
+ /* Function 0x28 */
+
+ const int NETR_TRUST_FLAG_IN_FOREST = 0x01;
+ const int NETR_TRUST_FLAG_OUTBOUND = 0x02;
+ const int NETR_TRUST_FLAG_TREEROOT = 0x04;
+ const int NETR_TRUST_FLAG_PRIMARY = 0x08;
+ const int NETR_TRUST_FLAG_NATIVE = 0x10;
+ const int NETR_TRUST_FLAG_INBOUND = 0x20;
+
+ typedef struct {
+ unistr *netbios_name;
+ unistr *dns_name;
+ uint32 trust_flags;
+ uint32 parent_index;
+ uint32 trust_type;
+ uint32 trust_attributes;
+ dom_sid2 *sid;
+ GUID guid;
+ } netr_DomainTrust;
+
+ WERROR netr_DsrEnumerateDomainTrusts(
+ [in] unistr *server_name,
+ [in] uint32 trust_flags,
+ [out] uint32 count,
+ [out,size_is(count)] netr_DomainTrust *trusts
+ );
+
+
+ /****************/
+ /* Function 0x29 */
+ WERROR netr_DSRDEREGISTERDNSHOSTRECORDS();
+
+ /****************/
+ /* Function 0x2a */
+ WERROR netr_NETRSERVERTRUSTPASSWORDSGET();
+
+ /****************/
+ /* Function 0x2b */
+ WERROR netr_DSRGETFORESTTRUSTINFORMATION();
+
+ /****************/
+ /* Function 0x2c */
+ WERROR netr_NETRGETFORESTTRUSTINFORMATION();
+
+ /****************/
+ /* Function 0x2d */
+ WERROR netr_NETRLOGONSAMLOGONWITHFLAGS();
+
+ /****************/
+ /* Function 0x2e */
+ WERROR netr_NETRSERVERGETTRUSTINFO();
}
diff --git a/source4/librpc/idl/samr.idl b/source4/librpc/idl/samr.idl
index e428bfe0c7..960d007bd3 100644
--- a/source4/librpc/idl/samr.idl
+++ b/source4/librpc/idl/samr.idl
@@ -10,6 +10,7 @@
[ uuid(12345778-1234-abcd-ef00-0123456789ac),
version(1.0),
+ endpoints(samr,TCP-0),
pointer_default(unique)
] interface samr
{
@@ -761,7 +762,7 @@
typedef struct {
samr_CryptPasswordEx password;
- uint16 pw_len;
+ uint8 pw_len;
} samr_UserInfo26;
typedef union {
diff --git a/source4/librpc/idl/winreg.idl b/source4/librpc/idl/winreg.idl
index fa11f80dcd..d043dad1f1 100644
--- a/source4/librpc/idl/winreg.idl
+++ b/source4/librpc/idl/winreg.idl
@@ -6,6 +6,7 @@
[ uuid(338cd001-2244-31f1-aaaa-900038001003),
version(1.0),
+ endpoints(winreg,TCP-0),
pointer_default(unique)
] interface winreg
{
diff --git a/source4/librpc/ndr/ndr_basic.c b/source4/librpc/ndr/ndr_basic.c
index 1766d47e14..f8315b3af0 100644
--- a/source4/librpc/ndr/ndr_basic.c
+++ b/source4/librpc/ndr/ndr_basic.c
@@ -413,6 +413,18 @@ NTSTATUS ndr_pull_string(struct ndr_pull *ndr, int ndr_flags, const char **s)
"Bad character conversion");
}
NDR_CHECK(ndr_pull_advance(ndr, len2*2));
+
+ /* this is a way of detecting if a string is sent with the wrong
+ termination */
+ if (ndr->flags & LIBNDR_FLAG_STR_NOTERM) {
+ if (strlen(as) < len2) {
+ DEBUG(6,("short string '%s'\n", as));
+ }
+ } else {
+ if (strlen(as) == len2) {
+ DEBUG(6,("long string '%s'\n", as));
+ }
+ }
*s = as;
break;
diff --git a/source4/rpc_server/netlogon/dcerpc_netlogon.c b/source4/rpc_server/netlogon/dcerpc_netlogon.c
index 4481df6aa8..7cf2965323 100644
--- a/source4/rpc_server/netlogon/dcerpc_netlogon.c
+++ b/source4/rpc_server/netlogon/dcerpc_netlogon.c
@@ -598,5 +598,331 @@ static WERROR netr_LogonControl2Ex(struct dcesrv_call_state *dce_call, TALLOC_CT
}
+/*
+ netr_NETRENUMERATETRUSTEDDOMAINS
+*/
+static WERROR netr_NETRENUMERATETRUSTEDDOMAINS(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
+ struct netr_NETRENUMERATETRUSTEDDOMAINS *r)
+{
+ DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
+}
+
+
+/*
+ netr_DSRGETDCNAME
+*/
+static WERROR netr_DSRGETDCNAME(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
+ struct netr_DSRGETDCNAME *r)
+{
+ DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
+}
+
+
+/*
+ netr_NETRLOGONDUMMYROUTINE1
+*/
+static WERROR netr_NETRLOGONDUMMYROUTINE1(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
+ struct netr_NETRLOGONDUMMYROUTINE1 *r)
+{
+ DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
+}
+
+
+/*
+ netr_NETRLOGONSETSERVICEBITS
+*/
+static WERROR netr_NETRLOGONSETSERVICEBITS(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
+ struct netr_NETRLOGONSETSERVICEBITS *r)
+{
+ DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
+}
+
+
+/*
+ netr_NETRLOGONGETTRUSTRID
+*/
+static WERROR netr_NETRLOGONGETTRUSTRID(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
+ struct netr_NETRLOGONGETTRUSTRID *r)
+{
+ DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
+}
+
+
+/*
+ netr_NETRLOGONCOMPUTESERVERDIGEST
+*/
+static WERROR netr_NETRLOGONCOMPUTESERVERDIGEST(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
+ struct netr_NETRLOGONCOMPUTESERVERDIGEST *r)
+{
+ DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
+}
+
+
+/*
+ netr_NETRLOGONCOMPUTECLIENTDIGEST
+*/
+static WERROR netr_NETRLOGONCOMPUTECLIENTDIGEST(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
+ struct netr_NETRLOGONCOMPUTECLIENTDIGEST *r)
+{
+ DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
+}
+
+
+/*
+ netr_NETRSERVERAUTHENTICATE3
+*/
+static WERROR netr_NETRSERVERAUTHENTICATE3(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
+ struct netr_NETRSERVERAUTHENTICATE3 *r)
+{
+ DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
+}
+
+
+/*
+ netr_DSRGETDCNAMEX
+*/
+static WERROR netr_DSRGETDCNAMEX(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
+ struct netr_DSRGETDCNAMEX *r)
+{
+ DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
+}
+
+
+/*
+ netr_DSRGETSITENAME
+*/
+static WERROR netr_DSRGETSITENAME(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
+ struct netr_DSRGETSITENAME *r)
+{
+ DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
+}
+
+
+/*
+ netr_NETRLOGONGETDOMAININFO
+*/
+static WERROR netr_NETRLOGONGETDOMAININFO(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
+ struct netr_NETRLOGONGETDOMAININFO *r)
+{
+ DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
+}
+
+
+/*
+ netr_NETRSERVERPASSWORDSET2
+*/
+static WERROR netr_NETRSERVERPASSWORDSET2(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
+ struct netr_NETRSERVERPASSWORDSET2 *r)
+{
+ DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
+}
+
+
+/*
+ netr_NETRSERVERPASSWORDGET
+*/
+static WERROR netr_NETRSERVERPASSWORDGET(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
+ struct netr_NETRSERVERPASSWORDGET *r)
+{
+ DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
+}
+
+
+/*
+ netr_NETRLOGONSENDTOSAM
+*/
+static WERROR netr_NETRLOGONSENDTOSAM(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
+ struct netr_NETRLOGONSENDTOSAM *r)
+{
+ DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
+}
+
+
+/*
+ netr_DSRADDRESSTOSITENAMESW
+*/
+static WERROR netr_DSRADDRESSTOSITENAMESW(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
+ struct netr_DSRADDRESSTOSITENAMESW *r)
+{
+ DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
+}
+
+
+/*
+ netr_DSRGETDCNAMEEX2
+*/
+static WERROR netr_DSRGETDCNAMEEX2(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
+ struct netr_DSRGETDCNAMEEX2 *r)
+{
+ DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
+}
+
+
+/*
+ netr_NETRLOGONGETTIMESERVICEPARENTDOMAIN
+*/
+static WERROR netr_NETRLOGONGETTIMESERVICEPARENTDOMAIN(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
+ struct netr_NETRLOGONGETTIMESERVICEPARENTDOMAIN *r)
+{
+ DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
+}
+
+
+/*
+ netr_NETRENUMERATETRUSTEDDOMAINSEX
+*/
+static WERROR netr_NETRENUMERATETRUSTEDDOMAINSEX(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
+ struct netr_NETRENUMERATETRUSTEDDOMAINSEX *r)
+{
+ DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
+}
+
+
+/*
+ netr_DSRADDRESSTOSITENAMESEXW
+*/
+static WERROR netr_DSRADDRESSTOSITENAMESEXW(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
+ struct netr_DSRADDRESSTOSITENAMESEXW *r)
+{
+ DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
+}
+
+
+/*
+ netr_DSRGETDCSITECOVERAGEW
+*/
+static WERROR netr_DSRGETDCSITECOVERAGEW(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
+ struct netr_DSRGETDCSITECOVERAGEW *r)
+{
+ DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
+}
+
+
+/*
+ netr_NETRLOGONSAMLOGONEX
+*/
+static WERROR netr_NETRLOGONSAMLOGONEX(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
+ struct netr_NETRLOGONSAMLOGONEX *r)
+{
+ DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
+}
+
+
+/*
+ netr_DsrEnumerateDomainTrusts
+*/
+static WERROR netr_DsrEnumerateDomainTrusts(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
+ struct netr_DsrEnumerateDomainTrusts *r)
+{
+ struct netr_DomainTrust *trusts;
+ void *sam_ctx;
+ int ret, i;
+ struct ldb_message **res;
+ const char * const attrs[] = { "name", "dnsDomain", "objectSid", "objectGUID", NULL };
+
+ ZERO_STRUCT(r->out);
+
+ sam_ctx = samdb_connect();
+ if (sam_ctx == NULL) {
+ return WERR_GENERAL_FAILURE;
+ }
+
+ ret = samdb_search(sam_ctx, mem_ctx, NULL, &res, attrs, "(objectClass=domainDNS)");
+ if (ret == -1) {
+ samdb_close(sam_ctx);
+ return WERR_GENERAL_FAILURE;
+ }
+
+ if (ret == 0) {
+ return WERR_OK;
+ }
+
+ trusts = talloc_array_p(mem_ctx, struct netr_DomainTrust, ret);
+ if (trusts == NULL) {
+ return WERR_NOMEM;
+ }
+
+ r->out.count = ret;
+ r->out.trusts = trusts;
+
+ for (i=0;i<ret;i++) {
+ trusts[i].netbios_name = samdb_result_string(res[i], "name", NULL);
+ trusts[i].dns_name = samdb_result_string(res[i], "dnsDomain", NULL);
+ trusts[i].trust_flags =
+ NETR_TRUST_FLAG_TREEROOT |
+ NETR_TRUST_FLAG_IN_FOREST |
+ NETR_TRUST_FLAG_PRIMARY;
+ trusts[i].parent_index = 0;
+ trusts[i].trust_type = 2;
+ trusts[i].trust_attributes = 0;
+ trusts[i].sid = samdb_result_dom_sid(mem_ctx, res[i], "objectSid");
+ trusts[i].guid = samdb_result_guid(res[i], "objectGUID");
+ }
+
+
+ return WERR_OK;
+}
+
+
+/*
+ netr_DSRDEREGISTERDNSHOSTRECORDS
+*/
+static WERROR netr_DSRDEREGISTERDNSHOSTRECORDS(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
+ struct netr_DSRDEREGISTERDNSHOSTRECORDS *r)
+{
+ DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
+}
+
+
+/*
+ netr_NETRSERVERTRUSTPASSWORDSGET
+*/
+static WERROR netr_NETRSERVERTRUSTPASSWORDSGET(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
+ struct netr_NETRSERVERTRUSTPASSWORDSGET *r)
+{
+ DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
+}
+
+
+/*
+ netr_DSRGETFORESTTRUSTINFORMATION
+*/
+static WERROR netr_DSRGETFORESTTRUSTINFORMATION(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
+ struct netr_DSRGETFORESTTRUSTINFORMATION *r)
+{
+ DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
+}
+
+
+/*
+ netr_NETRGETFORESTTRUSTINFORMATION
+*/
+static WERROR netr_NETRGETFORESTTRUSTINFORMATION(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
+ struct netr_NETRGETFORESTTRUSTINFORMATION *r)
+{
+ DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
+}
+
+
+/*
+ netr_NETRLOGONSAMLOGONWITHFLAGS
+*/
+static WERROR netr_NETRLOGONSAMLOGONWITHFLAGS(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
+ struct netr_NETRLOGONSAMLOGONWITHFLAGS *r)
+{
+ DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
+}
+
+
+/*
+ netr_NETRSERVERGETTRUSTINFO
+*/
+static WERROR netr_NETRSERVERGETTRUSTINFO(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
+ struct netr_NETRSERVERGETTRUSTINFO *r)
+{
+ DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
+}
+
+
/* include the generated boilerplate */
#include "librpc/gen_ndr/ndr_netlogon_s.c"
diff --git a/source4/rpc_server/samr/dcesrv_samr.c b/source4/rpc_server/samr/dcesrv_samr.c
index eba36e53fa..2811a09534 100644
--- a/source4/rpc_server/samr/dcesrv_samr.c
+++ b/source4/rpc_server/samr/dcesrv_samr.c
@@ -135,7 +135,23 @@ static NTSTATUS samr_SetSecurity(struct dcesrv_call_state *dce_call, TALLOC_CTX
static NTSTATUS samr_QuerySecurity(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
struct samr_QuerySecurity *r)
{
- DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
+ struct dcesrv_handle *h;
+ struct samr_SdBuf *sd;
+
+ r->out.sdbuf = NULL;
+
+ DCESRV_PULL_HANDLE(h, r->in.handle, DCESRV_HANDLE_ANY);
+
+ sd = talloc_p(mem_ctx, struct samr_SdBuf);
+ if (sd == NULL) {
+ return NT_STATUS_NO_MEMORY;
+ }
+
+ sd->sd = samdb_default_security_descriptor(mem_ctx);
+
+ r->out.sdbuf = sd;
+
+ return NT_STATUS_OK;
}
diff --git a/source4/rpc_server/samr/samdb.c b/source4/rpc_server/samr/samdb.c
index ed76a4fc60..37063b551d 100644
--- a/source4/rpc_server/samr/samdb.c
+++ b/source4/rpc_server/samr/samdb.c
@@ -965,3 +965,14 @@ int samdb_replace(void *ctx, TALLOC_CTX *mem_ctx, struct ldb_message *msg)
return samdb_modify(ctx, mem_ctx, msg);
}
+/*
+ return a default security descriptor
+*/
+struct security_descriptor *samdb_default_security_descriptor(TALLOC_CTX *mem_ctx)
+{
+ struct security_descriptor *sd;
+
+ sd = sd_initialise(mem_ctx);
+
+ return sd;
+}
diff --git a/source4/torture/rpc/netlogon.c b/source4/torture/rpc/netlogon.c
index 8fd4a0fd4c..0fbd03fb83 100644
--- a/source4/torture/rpc/netlogon.c
+++ b/source4/torture/rpc/netlogon.c
@@ -1561,6 +1561,30 @@ static BOOL test_LogonControl2Ex(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx)
}
+/*
+ try a netlogon netr_DsrEnumerateDomainTrusts
+*/
+static BOOL test_DsrEnumerateDomainTrusts(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx)
+{
+ NTSTATUS status;
+ struct netr_DsrEnumerateDomainTrusts r;
+
+ r.in.server_name = talloc_asprintf(mem_ctx, "\\\\%s", dcerpc_server_name(p));
+ r.in.trust_flags = 0x3f;
+
+ printf("Testing netr_DsrEnumerateDomainTrusts\n");
+
+ status = dcerpc_netr_DsrEnumerateDomainTrusts(p, mem_ctx, &r);
+ if (!NT_STATUS_IS_OK(status) || !W_ERROR_IS_OK(r.out.result)) {
+ printf("netr_DsrEnumerateDomainTrusts - %s/%s\n",
+ nt_errstr(status), win_errstr(r.out.result));
+ return False;
+ }
+
+ return True;
+}
+
+
BOOL torture_rpc_netlogon(int dummy)
{
@@ -1640,6 +1664,10 @@ BOOL torture_rpc_netlogon(int dummy)
ret = False;
}
+ if (!test_DsrEnumerateDomainTrusts(p, mem_ctx)) {
+ ret = False;
+ }
+
torture_rpc_close(p);
if (!leave_domain_bdc(mem_ctx)) {
diff --git a/source4/torture/rpc/samr.c b/source4/torture/rpc/samr.c
index a1b01b533f..a7a6482da9 100644
--- a/source4/torture/rpc/samr.c
+++ b/source4/torture/rpc/samr.c
@@ -134,6 +134,10 @@ static BOOL test_QuerySecurity(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
return False;
}
+ if (s.in.sdbuf == NULL) {
+ return False;
+ }
+
s.in.handle = handle;
s.in.sec_info = 7;
s.in.sdbuf = r.out.sdbuf;