summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorGünther Deschner <gd@samba.org>2011-07-15 18:38:21 +0200
committerGünther Deschner <gd@samba.org>2011-07-15 19:57:48 +0200
commite898ad3ffecff5714f381f540753a2b745614995 (patch)
treef1fced7d325fe5ebe8c96dd502ee6c0de92ac54d
parent7f52cd3b358c4a33606f222b4c59acb2f33d9235 (diff)
downloadsamba-e898ad3ffecff5714f381f540753a2b745614995.tar.gz
samba-e898ad3ffecff5714f381f540753a2b745614995.tar.bz2
samba-e898ad3ffecff5714f381f540753a2b745614995.zip
s4-lsa: prepare dcesrv_lsa_CreateTrustedDomain_base() to deal with unencrypted auth info.
Guenther Autobuild-User: Günther Deschner <gd@samba.org> Autobuild-Date: Fri Jul 15 19:57:48 CEST 2011 on sn-devel-104
-rw-r--r--source4/rpc_server/lsa/dcesrv_lsa.c31
1 files changed, 16 insertions, 15 deletions
diff --git a/source4/rpc_server/lsa/dcesrv_lsa.c b/source4/rpc_server/lsa/dcesrv_lsa.c
index c690894f85..d5c1b61f58 100644
--- a/source4/rpc_server/lsa/dcesrv_lsa.c
+++ b/source4/rpc_server/lsa/dcesrv_lsa.c
@@ -874,7 +874,8 @@ static NTSTATUS add_trust_user(TALLOC_CTX *mem_ctx,
static NTSTATUS dcesrv_lsa_CreateTrustedDomain_base(struct dcesrv_call_state *dce_call,
TALLOC_CTX *mem_ctx,
struct lsa_CreateTrustedDomainEx2 *r,
- int op)
+ int op,
+ struct lsa_TrustDomainInfoAuthInfo *unencrypted_auth_info)
{
struct dcesrv_handle *policy_handle;
struct lsa_policy_state *policy_state;
@@ -931,7 +932,7 @@ static NTSTATUS dcesrv_lsa_CreateTrustedDomain_base(struct dcesrv_call_state *dc
/* No secrets are created at this time, for this function */
auth_struct.outgoing.count = 0;
auth_struct.incoming.count = 0;
- } else {
+ } else if (op == NDR_LSA_CREATETRUSTEDDOMAINEX2) {
auth_blob = data_blob_const(r->in.auth_info_internal->auth_blob.data,
r->in.auth_info_internal->auth_blob.size);
nt_status = get_trustdom_auth_blob(dce_call, mem_ctx,
@@ -939,12 +940,18 @@ static NTSTATUS dcesrv_lsa_CreateTrustedDomain_base(struct dcesrv_call_state *dc
if (!NT_STATUS_IS_OK(nt_status)) {
return nt_status;
}
+ } else if (op == NDR_LSA_CREATETRUSTEDDOMAINEX) {
- if (op == NDR_LSA_CREATETRUSTEDDOMAINEX) {
- if (auth_struct.incoming.count > 1) {
- return NT_STATUS_INVALID_PARAMETER;
- }
+ if (unencrypted_auth_info->incoming_count > 1) {
+ return NT_STATUS_INVALID_PARAMETER;
}
+
+ /* more investigation required here, do not create secrets for
+ * now */
+ auth_struct.outgoing.count = 0;
+ auth_struct.incoming.count = 0;
+ } else {
+ return NT_STATUS_INVALID_PARAMETER;
}
if (auth_struct.incoming.count) {
@@ -1126,7 +1133,7 @@ static NTSTATUS dcesrv_lsa_CreateTrustedDomainEx2(struct dcesrv_call_state *dce_
TALLOC_CTX *mem_ctx,
struct lsa_CreateTrustedDomainEx2 *r)
{
- return dcesrv_lsa_CreateTrustedDomain_base(dce_call, mem_ctx, r, NDR_LSA_CREATETRUSTEDDOMAINEX2);
+ return dcesrv_lsa_CreateTrustedDomain_base(dce_call, mem_ctx, r, NDR_LSA_CREATETRUSTEDDOMAINEX2, NULL);
}
/*
lsa_CreateTrustedDomainEx
@@ -1139,14 +1146,8 @@ static NTSTATUS dcesrv_lsa_CreateTrustedDomainEx(struct dcesrv_call_state *dce_c
r2.in.policy_handle = r->in.policy_handle;
r2.in.info = r->in.info;
-
- r2.in.auth_info_internal = talloc_zero(mem_ctx, struct lsa_TrustDomainInfoAuthInfoInternal);
- if (!r2.in.auth_info_internal) {
- return NT_STATUS_NO_MEMORY;
- }
-
r2.out.trustdom_handle = r->out.trustdom_handle;
- return dcesrv_lsa_CreateTrustedDomain_base(dce_call, mem_ctx, &r2, NDR_LSA_CREATETRUSTEDDOMAINEX);
+ return dcesrv_lsa_CreateTrustedDomain_base(dce_call, mem_ctx, &r2, NDR_LSA_CREATETRUSTEDDOMAINEX, r->in.auth_info);
}
/*
@@ -1173,7 +1174,7 @@ static NTSTATUS dcesrv_lsa_CreateTrustedDomain(struct dcesrv_call_state *dce_cal
r2.in.access_mask = r->in.access_mask;
r2.out.trustdom_handle = r->out.trustdom_handle;
- return dcesrv_lsa_CreateTrustedDomain_base(dce_call, mem_ctx, &r2, NDR_LSA_CREATETRUSTEDDOMAIN);
+ return dcesrv_lsa_CreateTrustedDomain_base(dce_call, mem_ctx, &r2, NDR_LSA_CREATETRUSTEDDOMAIN, NULL);
}