diff options
author | Sumit Bose <sbose@redhat.com> | 2011-09-01 18:18:31 +0200 |
---|---|---|
committer | Günther Deschner <gd@samba.org> | 2011-09-12 15:52:17 +0200 |
commit | 456aee80f584e136a4e1decb6c53fbe019ead6b8 (patch) | |
tree | 8ee7a9856a93369cbb3473af6da7b8bd7836133d /source3 | |
parent | 368ad28a6e95911739f6ad1485b63e87cf2adcc6 (diff) | |
download | samba-456aee80f584e136a4e1decb6c53fbe019ead6b8.tar.gz samba-456aee80f584e136a4e1decb6c53fbe019ead6b8.tar.bz2 samba-456aee80f584e136a4e1decb6c53fbe019ead6b8.zip |
s3-lsa: Add conversion for auth info structs
struct lsa_TrustDomainInfoAuthInfo and struct
trustAuthInOutBlob can store the same information for different usage. The added
routines can convert one struct into the other.
Signed-off-by: Günther Deschner <gd@samba.org>
Autobuild-User: Günther Deschner <gd@samba.org>
Autobuild-Date: Mon Sep 12 15:52:17 CEST 2011 on sn-devel-104
Diffstat (limited to 'source3')
-rw-r--r-- | source3/Makefile.in | 7 | ||||
-rw-r--r-- | source3/rpc_client/util_lsarpc.c | 334 | ||||
-rw-r--r-- | source3/rpc_client/util_lsarpc.h | 32 | ||||
-rw-r--r-- | source3/rpc_server/lsa/srv_lsa_nt.c | 47 | ||||
-rw-r--r-- | source3/torture/proto.h | 1 | ||||
-rw-r--r-- | source3/torture/test_authinfo_structs.c | 218 | ||||
-rw-r--r-- | source3/torture/torture.c | 1 | ||||
-rwxr-xr-x | source3/wscript_build | 5 |
8 files changed, 608 insertions, 37 deletions
diff --git a/source3/Makefile.in b/source3/Makefile.in index bf66af4708..1b796377c0 100644 --- a/source3/Makefile.in +++ b/source3/Makefile.in @@ -688,7 +688,8 @@ LIB_EVENTLOG_OBJ = lib/eventlog/eventlog.o DCE_RPC_EP_OBJ = librpc/rpc/dcerpc_ep.o RPC_LSARPC_OBJ = rpc_server/lsa/srv_lsa_nt.o \ - librpc/gen_ndr/srv_lsa.o + librpc/gen_ndr/srv_lsa.o \ + rpc_client/util_lsarpc.o RPC_NETLOGON_OBJ = rpc_server/netlogon/srv_netlog_nt.o \ librpc/gen_ndr/srv_netlogon.o @@ -1255,13 +1256,15 @@ SMBTORTURE_OBJ1 = torture/torture.o torture/nbio.o torture/scanner.o torture/uta torture/test_addrchange.o \ torture/test_case_insensitive.o \ torture/test_posix_append.o \ - torture/test_smb2.o + torture/test_smb2.o \ + torture/test_authinfo_structs.o SMBTORTURE_OBJ = $(SMBTORTURE_OBJ1) $(PARAM_OBJ) $(TLDAP_OBJ) \ $(LIBSMB_OBJ) $(KRBCLIENT_OBJ) $(LIB_NONSMBD_OBJ) \ @LIBWBCLIENT_STATIC@ \ torture/wbc_async.o \ ../nsswitch/wb_reqtrans.o \ + rpc_client/util_lsarpc.o \ $(LIBMSRPC_OBJ) $(LIBMSRPC_GEN_OBJ) $(LIBCLI_ECHO_OBJ) MASKTEST_OBJ = torture/masktest.o $(PARAM_OBJ) $(LIBSMB_OBJ) $(KRBCLIENT_OBJ) \ diff --git a/source3/rpc_client/util_lsarpc.c b/source3/rpc_client/util_lsarpc.c new file mode 100644 index 0000000000..e607a0cffb --- /dev/null +++ b/source3/rpc_client/util_lsarpc.c @@ -0,0 +1,334 @@ +/* + Unix SMB/CIFS implementation. + Authentication utility functions + Copyright (C) Sumit Bose 2010 + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 3 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program. If not, see <http://www.gnu.org/licenses/>. +*/ + +#include "includes.h" +#include "../librpc/gen_ndr/ndr_drsblobs.h" +#include "../librpc/gen_ndr/ndr_lsa.h" +#include "rpc_client/util_lsarpc.h" + +static NTSTATUS ai_array_2_trust_domain_info_buffer(TALLOC_CTX *mem_ctx, + uint32_t count, + struct AuthenticationInformationArray *ai, + struct lsa_TrustDomainInfoBuffer **_b) +{ + NTSTATUS status; + struct lsa_TrustDomainInfoBuffer *b; + int i; + + b = talloc_array(mem_ctx, struct lsa_TrustDomainInfoBuffer, count); + if (b == NULL) { + return NT_STATUS_NO_MEMORY; + } + + for(i = 0; i < count; i++) { + size_t size = 0; + b[i].last_update_time = ai->array[i].LastUpdateTime; + b[i].AuthType = ai->array[i].AuthType; + switch(ai->array[i].AuthType) { + case TRUST_AUTH_TYPE_NONE: + b[i].data.size = 0; + b[i].data.data = NULL; + break; + case TRUST_AUTH_TYPE_NT4OWF: + if (ai->array[i].AuthInfo.nt4owf.size != 16) { + status = NT_STATUS_INVALID_PARAMETER; + goto fail; + } + b[i].data.data = talloc_memdup(b, + &ai->array[i].AuthInfo.nt4owf.password.hash, + 16); + if (b[i].data.data == NULL) { + status = NT_STATUS_NO_MEMORY; + goto fail; + } + break; + case TRUST_AUTH_TYPE_CLEAR: + if (!convert_string_talloc(b, + CH_UTF16LE, CH_UNIX, + ai->array[i].AuthInfo.clear.password, + ai->array[i].AuthInfo.clear.size, + &b[i].data.data, + &size)) { + goto fail; + } + b[i].data.size = size; + break; + case TRUST_AUTH_TYPE_VERSION: + if (ai->array[i].AuthInfo.version.size != 4) { + status = NT_STATUS_INVALID_PARAMETER; + goto fail; + } + b[i].data.size = 4; + b[i].data.data = talloc_memdup(b, + &ai->array[i].AuthInfo.version.version, 4); + if (b[i].data.data == NULL) { + status = NT_STATUS_NO_MEMORY; + goto fail; + } + break; + default: + status = NT_STATUS_INVALID_PARAMETER; + goto fail; + } + } + + *_b = b; + + return NT_STATUS_OK; + +fail: + talloc_free(b); + return status; +} + +static NTSTATUS trustauth_inout_blob_2_auth_info(TALLOC_CTX *mem_ctx, + DATA_BLOB *inout_blob, + uint32_t *count, + struct lsa_TrustDomainInfoBuffer **current, + struct lsa_TrustDomainInfoBuffer **previous) +{ + NTSTATUS status; + struct trustAuthInOutBlob iopw; + enum ndr_err_code ndr_err; + TALLOC_CTX *tmp_ctx; + + tmp_ctx = talloc_new(mem_ctx); + if (tmp_ctx == NULL) { + return NT_STATUS_NO_MEMORY; + } + + ndr_err = ndr_pull_struct_blob(inout_blob, tmp_ctx, &iopw, + (ndr_pull_flags_fn_t)ndr_pull_trustAuthInOutBlob); + if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) { + status = NT_STATUS_INVALID_PARAMETER; + goto done; + } + + *count = iopw.count; + + status = ai_array_2_trust_domain_info_buffer(mem_ctx, iopw.count, + &iopw.current, current); + if (!NT_STATUS_IS_OK(status)) { + goto done; + } + + if (iopw.previous.count > 0) { + status = ai_array_2_trust_domain_info_buffer(mem_ctx, iopw.count, + &iopw.previous, previous); + if (!NT_STATUS_IS_OK(status)) { + goto done; + } + } else { + *previous = NULL; + } + + status = NT_STATUS_OK; + +done: + talloc_free(tmp_ctx); + return status; +} + +NTSTATUS auth_blob_2_auth_info(TALLOC_CTX *mem_ctx, + DATA_BLOB incoming, DATA_BLOB outgoing, + struct lsa_TrustDomainInfoAuthInfo *auth_info) +{ + NTSTATUS status; + + if (incoming.length != 0) { + status = trustauth_inout_blob_2_auth_info(mem_ctx, + &incoming, + &auth_info->incoming_count, + &auth_info->incoming_current_auth_info, + &auth_info->incoming_previous_auth_info); + if (!NT_STATUS_IS_OK(status)) { + return status; + } + } else { + auth_info->incoming_count = 0; + auth_info->incoming_current_auth_info = NULL; + auth_info->incoming_previous_auth_info = NULL; + } + + if (outgoing.length != 0) { + status = trustauth_inout_blob_2_auth_info(mem_ctx, + &outgoing, + &auth_info->outgoing_count, + &auth_info->outgoing_current_auth_info, + &auth_info->outgoing_previous_auth_info); + if (!NT_STATUS_IS_OK(status)) { + return status; + } + } else { + auth_info->outgoing_count = 0; + auth_info->outgoing_current_auth_info = NULL; + auth_info->outgoing_previous_auth_info = NULL; + } + + return NT_STATUS_OK; +} + +static NTSTATUS trust_domain_info_buffer_2_ai_array(TALLOC_CTX *mem_ctx, + uint32_t count, + struct lsa_TrustDomainInfoBuffer *b, + struct AuthenticationInformationArray *ai) +{ + NTSTATUS status; + int i; + + ai->count = count; + ai->array = talloc_zero_array(mem_ctx, struct AuthenticationInformation, + count); + if (ai->array == NULL) { + return NT_STATUS_NO_MEMORY; + } + + for(i = 0; i < count; i++) { + size_t size = 0; + ai->array[i].LastUpdateTime = b[i].last_update_time; + ai->array[i].AuthType = b[i].AuthType; + switch(ai->array[i].AuthType) { + case TRUST_AUTH_TYPE_NONE: + ai->array[i].AuthInfo.none.size = 0; + break; + case TRUST_AUTH_TYPE_NT4OWF: + if (b[i].data.size != 16) { + status = NT_STATUS_INVALID_PARAMETER; + goto fail; + } + memcpy(&ai->array[i].AuthInfo.nt4owf.password.hash, + b[i].data.data, 16); + break; + case TRUST_AUTH_TYPE_CLEAR: + if (!convert_string_talloc(ai->array, + CH_UNIX, CH_UTF16, + b[i].data.data, + b[i].data.size, + &ai->array[i].AuthInfo.clear.password, + &size)) { + goto fail; + } + ai->array[i].AuthInfo.clear.size = size; + break; + case TRUST_AUTH_TYPE_VERSION: + if (b[i].data.size != 4) { + status = NT_STATUS_INVALID_PARAMETER; + goto fail; + } + ai->array[i].AuthInfo.version.size = 4; + memcpy(&ai->array[i].AuthInfo.version.version, + b[i].data.data, 4); + break; + default: + status = NT_STATUS_INVALID_PARAMETER; + goto fail; + } + } + + return NT_STATUS_OK; + +fail: + talloc_free(ai->array); + return status; +} + +static NTSTATUS auth_info_2_trustauth_inout_blob(TALLOC_CTX *mem_ctx, + uint32_t count, + struct lsa_TrustDomainInfoBuffer *current, + struct lsa_TrustDomainInfoBuffer *previous, + DATA_BLOB *inout_blob) +{ + NTSTATUS status; + struct trustAuthInOutBlob *iopw; + enum ndr_err_code ndr_err; + + iopw = talloc_zero(mem_ctx, struct trustAuthInOutBlob); + if (iopw == NULL) { + return NT_STATUS_NO_MEMORY; + } + + iopw->count = count; + status = trust_domain_info_buffer_2_ai_array(iopw, count, current, + &iopw->current); + if (!NT_STATUS_IS_OK(status)) { + goto done; + } + + if (previous != NULL) { + status = trust_domain_info_buffer_2_ai_array(iopw, count, + previous, + &iopw->previous); + if (!NT_STATUS_IS_OK(status)) { + goto done; + } + } else { + iopw->previous.count = 0; + iopw->previous.array = NULL; + } + + ndr_err = ndr_push_struct_blob(inout_blob, mem_ctx, + iopw, + (ndr_push_flags_fn_t)ndr_push_trustAuthInOutBlob); + if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) { + return NT_STATUS_INVALID_PARAMETER; + } + + status = NT_STATUS_OK; + +done: + talloc_free(iopw); + return status; +} + +NTSTATUS auth_info_2_auth_blob(TALLOC_CTX *mem_ctx, + struct lsa_TrustDomainInfoAuthInfo *auth_info, + DATA_BLOB *incoming, DATA_BLOB *outgoing) +{ + NTSTATUS status; + + if (auth_info->incoming_count == 0) { + incoming->length = 0; + incoming->data = NULL; + } else { + status = auth_info_2_trustauth_inout_blob(mem_ctx, + auth_info->incoming_count, + auth_info->incoming_current_auth_info, + auth_info->incoming_previous_auth_info, + incoming); + if (!NT_STATUS_IS_OK(status)) { + return status; + } + } + + if (auth_info->outgoing_count == 0) { + outgoing->length = 0; + outgoing->data = NULL; + } else { + status = auth_info_2_trustauth_inout_blob(mem_ctx, + auth_info->outgoing_count, + auth_info->outgoing_current_auth_info, + auth_info->outgoing_previous_auth_info, + outgoing); + if (!NT_STATUS_IS_OK(status)) { + return status; + } + } + + return NT_STATUS_OK; +} diff --git a/source3/rpc_client/util_lsarpc.h b/source3/rpc_client/util_lsarpc.h new file mode 100644 index 0000000000..0aa5e25b7a --- /dev/null +++ b/source3/rpc_client/util_lsarpc.h @@ -0,0 +1,32 @@ +/* + Unix SMB/CIFS implementation. + Authentication utility functions + Copyright (C) Sumit Bose 2010 + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 3 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program. If not, see <http://www.gnu.org/licenses/>. +*/ + +#ifndef _RPC_CLIENT_UTIL_LSARPC_H_ +#define _RPC_CLIENT_UTIL_LSARPC_H_ + +/* The following definitions come from rpc_client/util_lsarpc.c */ + +NTSTATUS auth_blob_2_auth_info(TALLOC_CTX *mem_ctx, + DATA_BLOB incoming, DATA_BLOB outgoing, + struct lsa_TrustDomainInfoAuthInfo *auth_info); +NTSTATUS auth_info_2_auth_blob(TALLOC_CTX *mem_ctx, + struct lsa_TrustDomainInfoAuthInfo *auth_info, + DATA_BLOB *incoming, DATA_BLOB *outgoing); + +#endif /* _RPC_CLIENT_UTIL_LSARPC_H_ */ diff --git a/source3/rpc_server/lsa/srv_lsa_nt.c b/source3/rpc_server/lsa/srv_lsa_nt.c index ec87bd61fb..17f873bca9 100644 --- a/source3/rpc_server/lsa/srv_lsa_nt.c +++ b/source3/rpc_server/lsa/srv_lsa_nt.c @@ -48,6 +48,7 @@ #include "rpc_server/srv_access_check.h" #include "../librpc/gen_ndr/ndr_wkssvc.h" #include "../libcli/auth/libcli_auth.h" +#include "rpc_client/util_lsarpc.h" #undef DBGC_CLASS #define DBGC_CLASS DBGC_RPC_SRV @@ -2023,21 +2024,6 @@ static NTSTATUS pdb_trusted_domain_2_info_ex(TALLOC_CTX *mem_ctx, return NT_STATUS_OK; } -static NTSTATUS pdb_trusted_domain_2_auth_info(struct pdb_trusted_domain *td, - struct lsa_TrustDomainInfoAuthInfo *auth_info) -{ -/* If I understand it correctly lsa_TrustDomainInfoAuthInfo is send unencrypted - * and related calls should not be used. If there is a use case, it can be - * implemented later. */ - auth_info->incoming_count = 0; - auth_info->incoming_current_auth_info = NULL; - auth_info->incoming_previous_auth_info = NULL; - auth_info->outgoing_count = 0; - auth_info->outgoing_current_auth_info = NULL; - auth_info->outgoing_previous_auth_info = NULL; - return NT_STATUS_OK; -} - NTSTATUS _lsa_QueryTrustedDomainInfo(struct pipes_struct *p, struct lsa_QueryTrustedDomainInfo *r) { @@ -2148,7 +2134,9 @@ NTSTATUS _lsa_QueryTrustedDomainInfo(struct pipes_struct *p, return status; } info->full_info.posix_offset.posix_offset = *td->trust_posix_offset; - status = pdb_trusted_domain_2_auth_info(td, + status = auth_blob_2_auth_info(p->mem_ctx, + td->trust_auth_incoming, + td->trust_auth_outgoing, &info->full_info.auth_info); if (!NT_STATUS_IS_OK(status)) { return status; @@ -2162,7 +2150,9 @@ NTSTATUS _lsa_QueryTrustedDomainInfo(struct pipes_struct *p, return NT_STATUS_INVALID_PARAMETER; case LSA_TRUSTED_DOMAIN_INFO_FULL_INFO_2_INTERNAL: info->full_info2_internal.posix_offset.posix_offset = *td->trust_posix_offset; - status = pdb_trusted_domain_2_auth_info(td, + status = auth_blob_2_auth_info(p->mem_ctx, + td->trust_auth_incoming, + td->trust_auth_outgoing, &info->full_info2_internal.auth_info); if (!NT_STATUS_IS_OK(status)) { return status; @@ -3571,20 +3561,6 @@ static NTSTATUS info_ex_2_pdb_trusted_domain( return NT_STATUS_OK; } -static NTSTATUS auth_info_2_pdb_trusted_domain(struct lsa_TrustDomainInfoAuthInfo *auth_info, - struct pdb_trusted_domain *td) -{ -/* If I understand it correctly lsa_TrustDomainInfoAuthInfo is send unencrypted - * and related calls should not be used. If there is a use case, it can be - * implemented later. */ - td->trust_auth_incoming.length = 0; - td->trust_auth_incoming.data = NULL; - td->trust_auth_outgoing.length = 0; - td->trust_auth_outgoing.data = NULL; - - return NT_STATUS_OK; -} - static NTSTATUS get_trustdom_auth_blob(struct pipes_struct *p, TALLOC_CTX *mem_ctx, DATA_BLOB *auth_blob, struct trustDomainPasswords *auth_struct) @@ -3658,7 +3634,9 @@ static NTSTATUS setInfoTrustedDomain_base(struct pipes_struct *p, if (!(policy->access & LSA_TRUSTED_SET_AUTH)) { return NT_STATUS_ACCESS_DENIED; } - nt_status = auth_info_2_pdb_trusted_domain(&info->auth_info, td); + nt_status = auth_info_2_auth_blob(td, &info->auth_info, + &td->trust_auth_incoming, + &td->trust_auth_outgoing); if (!NT_STATUS_IS_OK(nt_status)) { return nt_status; } @@ -3673,7 +3651,10 @@ static NTSTATUS setInfoTrustedDomain_base(struct pipes_struct *p, if (!NT_STATUS_IS_OK(nt_status)) { return nt_status; } - nt_status = auth_info_2_pdb_trusted_domain(&info->full_info.auth_info, td); + nt_status = auth_info_2_auth_blob(td, + &info->full_info.auth_info, + &td->trust_auth_incoming, + &td->trust_auth_outgoing); if (!NT_STATUS_IS_OK(nt_status)) { return nt_status; } diff --git a/source3/torture/proto.h b/source3/torture/proto.h index 6b49fba1bd..b119e243c3 100644 --- a/source3/torture/proto.h +++ b/source3/torture/proto.h @@ -93,5 +93,6 @@ bool run_addrchange(int dummy); bool run_notify_online(int dummy); bool run_nttrans_create(int dummy); bool run_smb2_basic(int dummy); +bool run_local_conv_auth_info(int dummy); #endif /* __TORTURE_H__ */ diff --git a/source3/torture/test_authinfo_structs.c b/source3/torture/test_authinfo_structs.c new file mode 100644 index 0000000000..eea253dddc --- /dev/null +++ b/source3/torture/test_authinfo_structs.c @@ -0,0 +1,218 @@ +/* + Unix SMB/CIFS implementation. + Test conversion form struct lsa_TrustDomainInfoAuthInfo to + struct trustAuthInOutBlob and back + Copyright (C) Sumit Bose 2011 + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 3 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program. If not, see <http://www.gnu.org/licenses/>. +*/ + +#include "includes.h" +#include "torture/proto.h" +#include "librpc/gen_ndr/lsa.h" +#include "rpc_client/util_lsarpc.h" + +static bool cmp_TrustDomainInfoBuffer(struct lsa_TrustDomainInfoBuffer a, + struct lsa_TrustDomainInfoBuffer b) +{ + if (a.last_update_time != b. last_update_time || + a.AuthType != b.AuthType || + a.data.size != b.data.size || + memcmp(a.data.data, b.data.data, a.data.size) !=0) { + return false; + } + + return true; +} + +static bool cmp_auth_info(struct lsa_TrustDomainInfoAuthInfo *a, + struct lsa_TrustDomainInfoAuthInfo *b) +{ + size_t c; + + if (a->incoming_count != b->incoming_count || + a->outgoing_count != b->outgoing_count) { + return false; + } + + for (c = 0; c < a->incoming_count; c++) { + if (!cmp_TrustDomainInfoBuffer(a->incoming_current_auth_info[c], + b->incoming_current_auth_info[c])) { + return false; + } + + if (a->incoming_previous_auth_info != NULL && + b->incoming_previous_auth_info != NULL) { + if (!cmp_TrustDomainInfoBuffer(a->incoming_previous_auth_info[c], + b->incoming_previous_auth_info[c])) { + return false; + } + } else if (a->incoming_previous_auth_info == NULL && + b->incoming_previous_auth_info == NULL) { + continue; + } else { + return false; + } + } + + for (c = 0; c < a->outgoing_count; c++) { + if (!cmp_TrustDomainInfoBuffer(a->outgoing_current_auth_info[c], + b->outgoing_current_auth_info[c])) { + return false; + } + + if (a->outgoing_previous_auth_info != NULL && + b->outgoing_previous_auth_info != NULL) { + if (!cmp_TrustDomainInfoBuffer(a->outgoing_previous_auth_info[c], + b->outgoing_previous_auth_info[c])) { + return false; + } + } else if (a->outgoing_previous_auth_info == NULL && + b->outgoing_previous_auth_info == NULL) { + continue; + } else { + return false; + } + } + + return true; +} + +static bool covert_and_compare(struct lsa_TrustDomainInfoAuthInfo *auth_info) +{ + NTSTATUS status; + TALLOC_CTX *tmp_ctx; + DATA_BLOB incoming; + DATA_BLOB outgoing; + struct lsa_TrustDomainInfoAuthInfo auth_info_out; + bool result = false; + + tmp_ctx = talloc_new(NULL); + if (tmp_ctx == NULL) { + return false; + } + + status = auth_info_2_auth_blob(tmp_ctx, auth_info, &incoming, &outgoing); + if (!NT_STATUS_IS_OK(status)) { + talloc_free(tmp_ctx); + return false; + } + + status = auth_blob_2_auth_info(tmp_ctx, incoming, outgoing, + &auth_info_out); + if (!NT_STATUS_IS_OK(status)) { + talloc_free(tmp_ctx); + return false; + } + + result = cmp_auth_info(auth_info, &auth_info_out); + talloc_free(tmp_ctx); + + return result; +} + +bool run_local_conv_auth_info(int dummy) +{ + struct lsa_TrustDomainInfoAuthInfo auth_info; + struct lsa_TrustDomainInfoBuffer ic[1]; + struct lsa_TrustDomainInfoBuffer ip[1]; + struct lsa_TrustDomainInfoBuffer oc[2]; + struct lsa_TrustDomainInfoBuffer op[2]; + uint32_t version = 3; + + ic[0].last_update_time = 12345; + ic[0].AuthType = TRUST_AUTH_TYPE_CLEAR; + ic[0].data.size = strlen("iPaSsWoRd"); + ic[0].data.data = discard_const_p(uint8_t, "iPaSsWoRd"); + + ip[0].last_update_time = 67890; + ip[0].AuthType = TRUST_AUTH_TYPE_CLEAR; + ip[0].data.size = strlen("OlDiPaSsWoRd"); + ip[0].data.data = discard_const_p(uint8_t, "OlDiPaSsWoRd"); + + oc[0].last_update_time = 24580; + oc[0].AuthType = TRUST_AUTH_TYPE_CLEAR; + oc[0].data.size = strlen("oPaSsWoRd"); + oc[0].data.data = discard_const_p(uint8_t, "oPaSsWoRd"); + oc[1].last_update_time = 24580; + oc[1].AuthType = TRUST_AUTH_TYPE_VERSION; + oc[1].data.size = 4; + oc[1].data.data = (uint8_t *) &version; + + op[0].last_update_time = 13579; + op[0].AuthType = TRUST_AUTH_TYPE_CLEAR; + op[0].data.size = strlen("OlDoPaSsWoRd"); + op[0].data.data = discard_const_p(uint8_t, "OlDoPaSsWoRd"); + op[1].last_update_time = 24580; + op[1].AuthType = TRUST_AUTH_TYPE_VERSION; + op[1].data.size = 4; + op[1].data.data = (uint8_t *) &version; + + auth_info.incoming_count = 0; + auth_info.incoming_current_auth_info = NULL; + auth_info.incoming_previous_auth_info = NULL; + auth_info.outgoing_count = 0; + auth_info.outgoing_current_auth_info = NULL; + auth_info.outgoing_previous_auth_info = NULL; + + if (!covert_and_compare(&auth_info)) { + return false; + } + + auth_info.incoming_count = 1; + auth_info.incoming_current_auth_info = ic; + auth_info.incoming_previous_auth_info = NULL; + auth_info.outgoing_count = 0; + auth_info.outgoing_current_auth_info = NULL; + auth_info.outgoing_previous_auth_info = NULL; + + if (!covert_and_compare(&auth_info)) { + return false; + } + + auth_info.incoming_count = 0; + auth_info.incoming_current_auth_info = NULL; + auth_info.incoming_previous_auth_info = NULL; + auth_info.outgoing_count = 2; + auth_info.outgoing_current_auth_info = oc; + auth_info.outgoing_previous_auth_info = NULL; + + if (!covert_and_compare(&auth_info)) { + return false; + } + + auth_info.incoming_count = 1; + auth_info.incoming_current_auth_info = ic; + auth_info.incoming_previous_auth_info = NULL; + auth_info.outgoing_count = 2; + auth_info.outgoing_current_auth_info = oc; + auth_info.outgoing_previous_auth_info = NULL; + + if (!covert_and_compare(&auth_info)) { + return false; + } + + auth_info.incoming_count = 1; + auth_info.incoming_current_auth_info = ic; + auth_info.incoming_previous_auth_info = ip; + auth_info.outgoing_count = 2; + auth_info.outgoing_current_auth_info = oc; + auth_info.outgoing_previous_auth_info = op; + + if (!covert_and_compare(&auth_info)) { + return false; + } + + return true; +} diff --git a/source3/torture/torture.c b/source3/torture/torture.c index 886c58eafa..0cba5c7172 100644 --- a/source3/torture/torture.c +++ b/source3/torture/torture.c @@ -8869,6 +8869,7 @@ static struct { { "LOCAL-DBTRANS", run_local_dbtrans, 0}, { "LOCAL-TEVENT-SELECT", run_local_tevent_select, 0}, { "LOCAL-CONVERT-STRING", run_local_convert_string, 0}, + { "LOCAL-CONV-AUTH-INFO", run_local_conv_auth_info, 0}, {NULL, NULL, 0}}; diff --git a/source3/wscript_build b/source3/wscript_build index 9f3eb0502a..bca1cdf8a3 100755 --- a/source3/wscript_build +++ b/source3/wscript_build @@ -42,7 +42,7 @@ DRSUAPI_SRC = '''${COMPRESSION_SRC}''' LIBCLI_SPOOLSS_SRC = '''rpc_client/cli_spoolss.c rpc_client/init_spoolss.c''' -LIBCLI_LSA_SRC = '''rpc_client/cli_lsarpc.c''' +LIBCLI_LSA_SRC = '''rpc_client/cli_lsarpc.c rpc_client/util_lsarpc.c''' LIBCLI_SAMR_SRC = 'rpc_client/cli_samr.c' @@ -576,6 +576,7 @@ SMBTORTURE_SRC1 = '''torture/torture.c torture/nbio.c torture/scanner.c torture/ torture/test_case_insensitive.c torture/test_notify_online.c torture/test_smb2.c + torture/test_authinfo_structs.c torture/test_smbsock_any_connect.c''' SMBTORTURE_SRC = '''${SMBTORTURE_SRC1} @@ -1262,7 +1263,7 @@ bld.SAMBA3_BINARY('nmblookup' + bld.env.suffix3, bld.SAMBA3_BINARY('smbtorture' + bld.env.suffix3, source=SMBTORTURE_SRC, deps='''talloc tdb_compat tevent cap wbclient param libsmb KRBCLIENT TLDAP - smbd_shim popt_samba3 asn1util LIBTSOCKET NDR_LSA msrpc3 LIBMSRPC_GEN RPC_NDR_ECHO WB_REQTRANS''', + smbd_shim popt_samba3 asn1util LIBTSOCKET NDR_LSA msrpc3 LIBMSRPC_GEN RPC_NDR_ECHO WB_REQTRANS libcli_lsa3''', vars=locals()) bld.SAMBA3_BINARY('smbconftort', |