s4-lsarpc handle more info levels in SetInfoTrustedDomain calls

This uses the very helpful conversion functions written for the s3 lsa server
and places these in common.

Andrew Bartlett

6 files changed, 6 insertions, 374 deletions

diff --git a/source3/Makefile.in b/source3/Makefile.in
index 0d89c14fbf..b0c17f6cff 100644
--- a/source3/Makefile.in
+++ b/source3/Makefile.in
@@ -704,7 +704,7 @@ DCE_RPC_EP_OBJ = librpc/rpc/dcerpc_ep.o
 
 RPC_LSARPC_OBJ = rpc_server/lsa/srv_lsa_nt.o \
 		 librpc/gen_ndr/srv_lsa.o \
-		 rpc_client/util_lsarpc.o
+		 ../libcli/lsarpc/util_lsarpc.o
 
 RPC_NETLOGON_OBJ = rpc_server/netlogon/srv_netlog_nt.o \
 		   librpc/gen_ndr/srv_netlogon.o
@@ -1271,7 +1271,7 @@ SMBTORTURE_OBJ = $(SMBTORTURE_OBJ1) $(PARAM_OBJ) $(TLDAP_OBJ) \
 	@LIBWBCLIENT_STATIC@ \
         torture/wbc_async.o \
         ../nsswitch/wb_reqtrans.o \
-	rpc_client/util_lsarpc.o \
+	../libcli/lsarpc/util_lsarpc.o \
 	$(LIBMSRPC_OBJ) $(LIBMSRPC_GEN_OBJ) $(LIBCLI_ECHO_OBJ)
 
 MASKTEST_OBJ = torture/masktest.o $(PARAM_OBJ) $(LIBSMB_OBJ) $(KRBCLIENT_OBJ) \
diff --git a/source3/rpc_client/util_lsarpc.c b/source3/rpc_client/util_lsarpc.c
deleted file mode 100644
index d67144b18f..0000000000
--- a/source3/rpc_client/util_lsarpc.c
+++ /dev/null
@@ -1,336 +0,0 @@
-/*
-   Unix SMB/CIFS implementation.
-   Authentication utility functions
-   Copyright (C) Sumit Bose 2010
-
-   This program is free software; you can redistribute it and/or modify
-   it under the terms of the GNU General Public License as published by
-   the Free Software Foundation; either version 3 of the License, or
-   (at your option) any later version.
-
-   This program is distributed in the hope that it will be useful,
-   but WITHOUT ANY WARRANTY; without even the implied warranty of
-   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-   GNU General Public License for more details.
-
-   You should have received a copy of the GNU General Public License
-   along with this program.  If not, see <http://www.gnu.org/licenses/>.
-*/
-
-#include "includes.h"
-#include "../librpc/gen_ndr/ndr_drsblobs.h"
-#include "../librpc/gen_ndr/ndr_lsa.h"
-#include "rpc_client/util_lsarpc.h"
-
-static NTSTATUS ai_array_2_trust_domain_info_buffer(TALLOC_CTX *mem_ctx,
-				uint32_t count,
-				struct AuthenticationInformationArray *ai,
-				struct lsa_TrustDomainInfoBuffer **_b)
-{
-	NTSTATUS status;
-	struct lsa_TrustDomainInfoBuffer *b;
-	int i;
-
-	b = talloc_array(mem_ctx, struct lsa_TrustDomainInfoBuffer, count);
-	if (b == NULL) {
-		return NT_STATUS_NO_MEMORY;
-	}
-
-	for(i = 0; i < count; i++) {
-		size_t size = 0;
-		b[i].last_update_time = ai->array[i].LastUpdateTime;
-		b[i].AuthType = ai->array[i].AuthType;
-		switch(ai->array[i].AuthType) {
-			case TRUST_AUTH_TYPE_NONE:
-				b[i].data.size = 0;
-				b[i].data.data = NULL;
-				break;
-			case TRUST_AUTH_TYPE_NT4OWF:
-				if (ai->array[i].AuthInfo.nt4owf.size != 16) {
-					status = NT_STATUS_INVALID_PARAMETER;
-					goto fail;
-				}
-				b[i].data.data = (uint8_t *)talloc_memdup(b,
-				    &ai->array[i].AuthInfo.nt4owf.password.hash,
-				    16);
-				if (b[i].data.data == NULL) {
-					status = NT_STATUS_NO_MEMORY;
-					goto fail;
-				}
-				break;
-			case TRUST_AUTH_TYPE_CLEAR:
-				if (!convert_string_talloc(b,
-							   CH_UTF16LE, CH_UNIX,
-							   ai->array[i].AuthInfo.clear.password,
-							   ai->array[i].AuthInfo.clear.size,
-							   &b[i].data.data,
-							   &size)) {
-					status = NT_STATUS_INVALID_PARAMETER;
-					goto fail;
-				}
-				b[i].data.size = size;
-				break;
-			case TRUST_AUTH_TYPE_VERSION:
-				if (ai->array[i].AuthInfo.version.size != 4) {
-					status = NT_STATUS_INVALID_PARAMETER;
-					goto fail;
-				}
-				b[i].data.size = 4;
-				b[i].data.data = (uint8_t *)talloc_memdup(b,
-				     &ai->array[i].AuthInfo.version.version, 4);
-				if (b[i].data.data == NULL) {
-					status = NT_STATUS_NO_MEMORY;
-					goto fail;
-				}
-				break;
-			default:
-				status = NT_STATUS_INVALID_PARAMETER;
-				goto fail;
-		}
-	}
-
-	*_b = b;
-
-	return NT_STATUS_OK;
-
-fail:
-	talloc_free(b);
-	return status;
-}
-
-static NTSTATUS trustauth_inout_blob_2_auth_info(TALLOC_CTX *mem_ctx,
-				    DATA_BLOB *inout_blob,
-				    uint32_t *count,
-				    struct lsa_TrustDomainInfoBuffer **current,
-				    struct lsa_TrustDomainInfoBuffer **previous)
-{
-	NTSTATUS status;
-	struct trustAuthInOutBlob iopw;
-	enum ndr_err_code ndr_err;
-	TALLOC_CTX *tmp_ctx;
-
-	tmp_ctx = talloc_new(mem_ctx);
-	if (tmp_ctx == NULL) {
-		return NT_STATUS_NO_MEMORY;
-	}
-
-	ndr_err = ndr_pull_struct_blob(inout_blob, tmp_ctx, &iopw,
-			      (ndr_pull_flags_fn_t)ndr_pull_trustAuthInOutBlob);
-	if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
-		status = NT_STATUS_INVALID_PARAMETER;
-		goto done;
-	}
-
-	*count = iopw.count;
-
-	status = ai_array_2_trust_domain_info_buffer(mem_ctx, iopw.count,
-						      &iopw.current, current);
-	if (!NT_STATUS_IS_OK(status)) {
-		goto done;
-	}
-
-	if (iopw.previous.count > 0) {
-		status = ai_array_2_trust_domain_info_buffer(mem_ctx, iopw.count,
-							     &iopw.previous, previous);
-		if (!NT_STATUS_IS_OK(status)) {
-			goto done;
-		}
-	} else {
-		*previous = NULL;
-	}
-
-	status = NT_STATUS_OK;
-
-done:
-	talloc_free(tmp_ctx);
-	return status;
-}
-
-NTSTATUS auth_blob_2_auth_info(TALLOC_CTX *mem_ctx,
-			       DATA_BLOB incoming, DATA_BLOB outgoing,
-			       struct lsa_TrustDomainInfoAuthInfo *auth_info)
-{
-	NTSTATUS status;
-
-	if (incoming.length != 0) {
-		status = trustauth_inout_blob_2_auth_info(mem_ctx,
-					&incoming,
-					&auth_info->incoming_count,
-					&auth_info->incoming_current_auth_info,
-					&auth_info->incoming_previous_auth_info);
-		if (!NT_STATUS_IS_OK(status)) {
-			return status;
-		}
-	} else {
-		auth_info->incoming_count = 0;
-		auth_info->incoming_current_auth_info = NULL;
-		auth_info->incoming_previous_auth_info = NULL;
-	}
-
-	if (outgoing.length != 0) {
-		status = trustauth_inout_blob_2_auth_info(mem_ctx,
-					&outgoing,
-					&auth_info->outgoing_count,
-					&auth_info->outgoing_current_auth_info,
-					&auth_info->outgoing_previous_auth_info);
-		if (!NT_STATUS_IS_OK(status)) {
-			return status;
-		}
-	} else {
-		auth_info->outgoing_count = 0;
-		auth_info->outgoing_current_auth_info = NULL;
-		auth_info->outgoing_previous_auth_info = NULL;
-	}
-
-	return NT_STATUS_OK;
-}
-
-static NTSTATUS trust_domain_info_buffer_2_ai_array(TALLOC_CTX *mem_ctx,
-				uint32_t count,
-				struct lsa_TrustDomainInfoBuffer *b,
-				struct AuthenticationInformationArray *ai)
-{
-	NTSTATUS status;
-	int i;
-
-	ai->count = count;
-	ai->array = talloc_zero_array(mem_ctx, struct AuthenticationInformation,
-				      count);
-	if (ai->array == NULL) {
-		return NT_STATUS_NO_MEMORY;
-	}
-
-	for(i = 0; i < count; i++) {
-		size_t size = 0;
-		ai->array[i].LastUpdateTime = b[i].last_update_time;
-		ai->array[i].AuthType = b[i].AuthType;
-		switch(ai->array[i].AuthType) {
-			case TRUST_AUTH_TYPE_NONE:
-				ai->array[i].AuthInfo.none.size = 0;
-				break;
-			case TRUST_AUTH_TYPE_NT4OWF:
-				if (b[i].data.size != 16) {
-					status = NT_STATUS_INVALID_PARAMETER;
-					goto fail;
-				}
-				memcpy(&ai->array[i].AuthInfo.nt4owf.password.hash,
-				       b[i].data.data, 16);
-				break;
-			case TRUST_AUTH_TYPE_CLEAR:
-				if (!convert_string_talloc(ai->array,
-							   CH_UNIX, CH_UTF16,
-							   b[i].data.data,
-							   b[i].data.size,
-							   &ai->array[i].AuthInfo.clear.password,
-							   &size)) {
-					status = NT_STATUS_INVALID_PARAMETER;
-					goto fail;
-				}
-				ai->array[i].AuthInfo.clear.size = size;
-				break;
-			case TRUST_AUTH_TYPE_VERSION:
-				if (b[i].data.size != 4) {
-					status = NT_STATUS_INVALID_PARAMETER;
-					goto fail;
-				}
-				ai->array[i].AuthInfo.version.size = 4;
-				memcpy(&ai->array[i].AuthInfo.version.version,
-				       b[i].data.data, 4);
-				break;
-			default:
-				status = NT_STATUS_INVALID_PARAMETER;
-				goto fail;
-		}
-	}
-
-	return NT_STATUS_OK;
-
-fail:
-	talloc_free(ai->array);
-	return status;
-}
-
-static NTSTATUS auth_info_2_trustauth_inout_blob(TALLOC_CTX *mem_ctx,
-				     uint32_t count,
-				     struct lsa_TrustDomainInfoBuffer *current,
-				     struct lsa_TrustDomainInfoBuffer *previous,
-				     DATA_BLOB *inout_blob)
-{
-	NTSTATUS status;
-	struct trustAuthInOutBlob *iopw;
-	enum ndr_err_code ndr_err;
-
-	iopw = talloc_zero(mem_ctx, struct trustAuthInOutBlob);
-	if (iopw == NULL) {
-		return NT_STATUS_NO_MEMORY;
-	}
-
-	iopw->count = count;
-	status = trust_domain_info_buffer_2_ai_array(iopw, count, current,
-						     &iopw->current);
-	if (!NT_STATUS_IS_OK(status)) {
-		goto done;
-	}
-
-	if (previous != NULL) {
-		status = trust_domain_info_buffer_2_ai_array(iopw, count,
-							     previous,
-							     &iopw->previous);
-		if (!NT_STATUS_IS_OK(status)) {
-			goto done;
-		}
-	} else {
-		iopw->previous.count = 0;
-		iopw->previous.array = NULL;
-	}
-
-	ndr_err = ndr_push_struct_blob(inout_blob, mem_ctx,
-			      iopw,
-			      (ndr_push_flags_fn_t)ndr_push_trustAuthInOutBlob);
-	if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
-		return NT_STATUS_INVALID_PARAMETER;
-	}
-
-	status = NT_STATUS_OK;
-
-done:
-	talloc_free(iopw);
-	return status;
-}
-
-NTSTATUS auth_info_2_auth_blob(TALLOC_CTX *mem_ctx,
-			       struct lsa_TrustDomainInfoAuthInfo *auth_info,
-			       DATA_BLOB *incoming, DATA_BLOB *outgoing)
-{
-	NTSTATUS status;
-
-	if (auth_info->incoming_count == 0) {
-		incoming->length = 0;
-		incoming->data = NULL;
-	} else {
-		status = auth_info_2_trustauth_inout_blob(mem_ctx,
-					 auth_info->incoming_count,
-					 auth_info->incoming_current_auth_info,
-					 auth_info->incoming_previous_auth_info,
-					 incoming);
-		if (!NT_STATUS_IS_OK(status)) {
-			return status;
-		}
-	}
-
-	if (auth_info->outgoing_count == 0) {
-		outgoing->length = 0;
-		outgoing->data = NULL;
-	} else {
-		status = auth_info_2_trustauth_inout_blob(mem_ctx,
-					 auth_info->outgoing_count,
-					 auth_info->outgoing_current_auth_info,
-					 auth_info->outgoing_previous_auth_info,
-					 outgoing);
-		if (!NT_STATUS_IS_OK(status)) {
-			return status;
-		}
-	}
-
-	return NT_STATUS_OK;
-}
diff --git a/source3/rpc_client/util_lsarpc.h b/source3/rpc_client/util_lsarpc.h
deleted file mode 100644
index 0aa5e25b7a..0000000000
--- a/source3/rpc_client/util_lsarpc.h
+++ /dev/null
@@ -1,32 +0,0 @@
-/*
-   Unix SMB/CIFS implementation.
-   Authentication utility functions
-   Copyright (C) Sumit Bose 2010
-
-   This program is free software; you can redistribute it and/or modify
-   it under the terms of the GNU General Public License as published by
-   the Free Software Foundation; either version 3 of the License, or
-   (at your option) any later version.
-
-   This program is distributed in the hope that it will be useful,
-   but WITHOUT ANY WARRANTY; without even the implied warranty of
-   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-   GNU General Public License for more details.
-
-   You should have received a copy of the GNU General Public License
-   along with this program.  If not, see <http://www.gnu.org/licenses/>.
-*/
-
-#ifndef _RPC_CLIENT_UTIL_LSARPC_H_
-#define _RPC_CLIENT_UTIL_LSARPC_H_
-
-/* The following definitions come from rpc_client/util_lsarpc.c  */
-
-NTSTATUS auth_blob_2_auth_info(TALLOC_CTX *mem_ctx,
-			       DATA_BLOB incoming, DATA_BLOB outgoing,
-			       struct lsa_TrustDomainInfoAuthInfo *auth_info);
-NTSTATUS auth_info_2_auth_blob(TALLOC_CTX *mem_ctx,
-			       struct lsa_TrustDomainInfoAuthInfo *auth_info,
-			       DATA_BLOB *incoming, DATA_BLOB *outgoing);
-
-#endif /* _RPC_CLIENT_UTIL_LSARPC_H_ */
diff --git a/source3/rpc_server/lsa/srv_lsa_nt.c b/source3/rpc_server/lsa/srv_lsa_nt.c
index a83938acbe..0a5cda503d 100644
--- a/source3/rpc_server/lsa/srv_lsa_nt.c
+++ b/source3/rpc_server/lsa/srv_lsa_nt.c
@@ -48,7 +48,7 @@
 #include "rpc_server/srv_access_check.h"
 #include "../librpc/gen_ndr/ndr_wkssvc.h"
 #include "../libcli/auth/libcli_auth.h"
-#include "rpc_client/util_lsarpc.h"
+#include "../libcli/lsarpc/util_lsarpc.h"
 
 #undef DBGC_CLASS
 #define DBGC_CLASS DBGC_RPC_SRV
diff --git a/source3/torture/test_authinfo_structs.c b/source3/torture/test_authinfo_structs.c
index eea253dddc..0b5cff7b04 100644
--- a/source3/torture/test_authinfo_structs.c
+++ b/source3/torture/test_authinfo_structs.c
@@ -21,7 +21,7 @@
 #include "includes.h"
 #include "torture/proto.h"
 #include "librpc/gen_ndr/lsa.h"
-#include "rpc_client/util_lsarpc.h"
+#include "libcli/lsarpc/util_lsarpc.h"
 
 static bool cmp_TrustDomainInfoBuffer(struct lsa_TrustDomainInfoBuffer a,
 				      struct lsa_TrustDomainInfoBuffer b)
diff --git a/source3/wscript_build b/source3/wscript_build
index 8ca98b33b0..b07539f7f6 100755
--- a/source3/wscript_build
+++ b/source3/wscript_build
@@ -32,7 +32,7 @@ DRSUAPI_SRC = '''${COMPRESSION_SRC}'''
 LIBCLI_SPOOLSS_SRC = '''rpc_client/cli_spoolss.c
                      rpc_client/init_spoolss.c'''
 
-LIBCLI_LSA_SRC = '''rpc_client/cli_lsarpc.c rpc_client/util_lsarpc.c'''
+LIBCLI_LSA_SRC = '''rpc_client/cli_lsarpc.c'''
 
 LIBCLI_SAMR_SRC = 'rpc_client/cli_samr.c'
 
@@ -1077,7 +1077,7 @@ bld.SAMBA3_SUBSYSTEM('LIBCLI_SAMR',
 
 bld.SAMBA3_LIBRARY('libcli_lsa3',
                    source=LIBCLI_LSA_SRC,
-                   deps='RPC_NDR_LSA INIT_LSA', 
+                   deps='RPC_NDR_LSA INIT_LSA UTIL_LSARPC', 
                    private_library=True)
 
 bld.SAMBA3_LIBRARY('libcli_netlogon3',