yipee! we can now do lsaOpenPolicy() via the new interfaces, without

using any of the old lsa code
(This used to be commit f5bd301ff7befa223a1d761a37ae8f7ce7f1fcd1)

7 files changed, 291 insertions, 20 deletions

diff --git a/source4/libcli/ndr/libndr.h b/source4/libcli/ndr/libndr.h
index 0205a64552..931fc1c341 100644
--- a/source4/libcli/ndr/libndr.h
+++ b/source4/libcli/ndr/libndr.h
@@ -54,6 +54,10 @@ struct ndr_push {
 	TALLOC_CTX *mem_ctx;
 };
 
+struct ndr_push_save {
+	uint32 offset;
+};
+
 #define NDR_BASE_MARSHALL_SIZE 1024
 
 
@@ -90,4 +94,6 @@ typedef NTSTATUS (*ndr_pull_fn_t)(struct ndr_pull *, void *);
 
 /* now pull in the individual parsers */
 #include "libcli/ndr/ndr_sec.h"
+#include "libcli/ndr/ndr_misc.h"
 #include "libcli/ndr/ndr_echo.h"
+#include "libcli/ndr/ndr_lsa.h"
diff --git a/source4/libcli/ndr/ndr_basic.c b/source4/libcli/ndr/ndr_basic.c
index d06eac3ca9..8cbf375403 100644
--- a/source4/libcli/ndr/ndr_basic.c
+++ b/source4/libcli/ndr/ndr_basic.c
@@ -36,21 +36,6 @@
 } while(0)
 
 /*
-  parse a GUID
-*/
-NTSTATUS ndr_pull_guid(struct ndr_pull *ndr, GUID *guid)
-{
-	int i;
-	NDR_PULL_NEED_BYTES(ndr, GUID_SIZE);
-	for (i=0;i<GUID_SIZE;i++) {
-		guid->info[i] = CVAL(ndr->data, ndr->offset + i);
-	}
-	ndr->offset += i;
-	return NT_STATUS_OK;
-}
-
-
-/*
   parse a u8
 */
 NTSTATUS ndr_pull_u8(struct ndr_pull *ndr, uint8 *v)
@@ -96,17 +81,40 @@ NTSTATUS ndr_pull_u32(struct ndr_pull *ndr, uint32 *v)
 }
 
 /*
+  pull a NTSTATUS
+*/
+NTSTATUS ndr_pull_status(struct ndr_pull *ndr, NTSTATUS *status)
+{
+	uint32 v;
+	NDR_CHECK(ndr_pull_u32(ndr, &v));
+	*status = NT_STATUS(v);
+	return NT_STATUS_OK;
+}
+
+/*
   parse a set of bytes
 */
-NTSTATUS ndr_pull_bytes(struct ndr_pull *ndr, char **data, uint32 n)
+NTSTATUS ndr_pull_bytes(struct ndr_pull *ndr, char *data, uint32 n)
 {
 	NDR_PULL_NEED_BYTES(ndr, n);
-	NDR_ALLOC_N(ndr, *data, n);
-	memcpy(*data, ndr->data + ndr->offset, n);
+	memcpy(data, ndr->data + ndr->offset, n);
 	ndr->offset += n;
 	return NT_STATUS_OK;
 }
 
+/*
+  parse a GUID
+*/
+NTSTATUS ndr_pull_guid(struct ndr_pull *ndr, GUID *guid)
+{
+	int i;
+	NDR_PULL_NEED_BYTES(ndr, GUID_SIZE);
+	for (i=0;i<GUID_SIZE;i++) {
+		guid->info[i] = CVAL(ndr->data, ndr->offset + i);
+	}
+	ndr->offset += i;
+	return NT_STATUS_OK;
+}
 
 
 #define NDR_PUSH_NEED_BYTES(ndr, n) NDR_CHECK(ndr_push_expand(ndr, ndr->offset+(n)))
@@ -161,3 +169,55 @@ NTSTATUS ndr_push_bytes(struct ndr_push *ndr, const char *data, uint32 n)
 	ndr->offset += n;
 	return NT_STATUS_OK;
 }
+
+
+/*
+  this is used when a packet has a 4 byte length field. We remember the start position
+  and come back to it later to fill in the size
+*/
+NTSTATUS ndr_push_length4_start(struct ndr_push *ndr, struct ndr_push_save *save)
+{
+	save->offset = ndr->offset;
+	return ndr_push_u32(ndr, 0);
+}
+
+NTSTATUS ndr_push_length4_end(struct ndr_push *ndr, struct ndr_push_save *save)
+{
+	uint32 offset = ndr->offset;
+	ndr->offset = save->offset;
+	NDR_CHECK(ndr_push_u32(ndr, offset - save->offset));
+	ndr->offset = offset;
+	return NT_STATUS_OK;
+}
+
+/*
+  push a 1 if a pointer is non-NULL, otherwise 0
+*/
+NTSTATUS ndr_push_ptr(struct ndr_push *ndr, const void *p)
+{
+	return ndr_push_u32(ndr, p?1:0);
+}
+
+/*
+  push a comformant, variable ucs2 string onto the wire from a C string
+*/
+NTSTATUS ndr_push_unistr(struct ndr_push *ndr, const char *s)
+{
+	smb_ucs2_t *ws;
+	ssize_t len;
+	int i;
+	len = push_ucs2_talloc(ndr->mem_ctx, &ws, s);
+	if (len == -1) {
+		return NT_STATUS_INVALID_PARAMETER;
+	}
+	NDR_CHECK(ndr_push_u32(ndr, len));
+	NDR_CHECK(ndr_push_u32(ndr, 0));
+	NDR_CHECK(ndr_push_u32(ndr, len-2));
+	NDR_PUSH_NEED_BYTES(ndr, len);
+	for (i=0;i<len;i+=2) {
+		SSVAL(ndr->data, ndr->offset + i, ws[i]);
+	}
+	ndr->offset += i;
+	return NT_STATUS_OK;
+}
+
diff --git a/source4/libcli/ndr/ndr_echo.c b/source4/libcli/ndr/ndr_echo.c
index a085a6534d..c60569676c 100644
--- a/source4/libcli/ndr/ndr_echo.c
+++ b/source4/libcli/ndr/ndr_echo.c
@@ -53,7 +53,8 @@ NTSTATUS ndr_pull_rpcecho_echodata(struct ndr_pull *ndr,
 				   struct rpcecho_echodata *r)
 {
 	NDR_CHECK(ndr_pull_u32(ndr, &r->out.len));
-	NDR_CHECK(ndr_pull_bytes(ndr, &r->out.data, r->out.len));
+	NDR_ALLOC_N(ndr, r->out.data, r->out.len);
+	NDR_CHECK(ndr_pull_bytes(ndr, r->out.data, r->out.len));
 	return NT_STATUS_OK;
 }
 
@@ -97,7 +98,8 @@ NTSTATUS ndr_pull_rpcecho_sourcedata(struct ndr_pull *ndr,
 				   struct rpcecho_sourcedata *r)
 {
 	NDR_CHECK(ndr_pull_u32(ndr, &r->out.len));
-	NDR_CHECK(ndr_pull_bytes(ndr, &r->out.data, r->out.len));
+	NDR_ALLOC_N(ndr, r->out.data, r->out.len);
+	NDR_CHECK(ndr_pull_bytes(ndr, r->out.data, r->out.len));
 	return NT_STATUS_OK;
 }
 
diff --git a/source4/libcli/ndr/ndr_lsa.c b/source4/libcli/ndr/ndr_lsa.c
new file mode 100644
index 0000000000..6649bd04c2
--- /dev/null
+++ b/source4/libcli/ndr/ndr_lsa.c
@@ -0,0 +1,85 @@
+/* 
+   Unix SMB/CIFS implementation.
+
+   routines for marshalling/unmarshalling lsa pipe
+
+   Copyright (C) Andrew Tridgell 2003
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 2 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program; if not, write to the Free Software
+   Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+*/
+
+
+#include "includes.h"
+
+NTSTATUS ndr_push_lsa_QosInfo(struct ndr_push *ndr,
+			      struct lsa_QosInfo *r)
+{
+	struct ndr_push_save length;
+
+	NDR_CHECK(ndr_push_length4_start(ndr, &length));
+	NDR_CHECK(ndr_push_u16(ndr, r->impersonation_level));
+	NDR_CHECK(ndr_push_u8(ndr, r->context_mode));
+	NDR_CHECK(ndr_push_u8(ndr, r->effective_only));
+	NDR_CHECK(ndr_push_length4_end(ndr, &length));
+
+	return NT_STATUS_OK;
+}
+
+NTSTATUS ndr_push_lsa_ObjectAttribute(struct ndr_push *ndr,
+				      struct lsa_ObjectAttribute *r)
+{
+	struct ndr_push_save length;
+
+	NDR_CHECK(ndr_push_length4_start(ndr, &length));
+	NDR_CHECK(ndr_push_ptr(ndr, r->root_dir));
+	NDR_CHECK(ndr_push_ptr(ndr, r->object_name));
+	NDR_CHECK(ndr_push_u32(ndr, r->attributes));
+	NDR_CHECK(ndr_push_ptr(ndr, r->sec_desc));
+	NDR_CHECK(ndr_push_ptr(ndr, r->sec_qos));
+
+	if (r->root_dir)    NDR_CHECK(ndr_push_u8(ndr, r->root_dir[0]));
+	if (r->object_name) NDR_CHECK(ndr_push_unistr(ndr, r->object_name));
+	if (r->sec_desc)    NDR_CHECK(ndr_push_security_descriptor(ndr, r->sec_desc));
+	if (r->sec_qos)     NDR_CHECK(ndr_push_lsa_QosInfo(ndr, r->sec_qos));
+
+	NDR_CHECK(ndr_push_length4_end(ndr, &length));
+
+	return NT_STATUS_OK;
+}
+
+/*
+  push a openpolicy
+*/
+NTSTATUS ndr_push_lsa_OpenPolicy(struct ndr_push *ndr, 
+				 struct lsa_OpenPolicy *r)
+{
+	NDR_CHECK(ndr_push_ptr(ndr, r->in.system_name));
+	NDR_CHECK(ndr_push_u16(ndr, r->in.system_name[0]));
+	NDR_CHECK(ndr_push_lsa_ObjectAttribute(ndr, r->in.attr));
+	NDR_CHECK(ndr_push_u32(ndr, r->in.desired_access));
+	return NT_STATUS_OK;
+}
+
+
+/*
+  parse a openpolicy
+*/
+NTSTATUS ndr_pull_lsa_OpenPolicy(struct ndr_pull *ndr,
+				 struct lsa_OpenPolicy *r)
+{
+	NDR_CHECK(ndr_pull_policy_handle(ndr, &r->out.handle));
+	NDR_CHECK(ndr_pull_status(ndr, &r->out.status));
+	return NT_STATUS_OK;
+}
diff --git a/source4/libcli/ndr/ndr_lsa.h b/source4/libcli/ndr/ndr_lsa.h
new file mode 100644
index 0000000000..4a0aff8323
--- /dev/null
+++ b/source4/libcli/ndr/ndr_lsa.h
@@ -0,0 +1,47 @@
+/* 
+   Unix SMB/CIFS implementation.
+
+   definitions for marshalling/unmarshalling the lsa pipe
+
+   Copyright (C) Andrew Tridgell 2003
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 2 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program; if not, write to the Free Software
+   Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+*/
+
+struct lsa_QosInfo {
+	uint16 impersonation_level;
+	uint8  context_mode;
+	uint8  effective_only;
+};
+
+struct lsa_ObjectAttribute {
+	const char *root_dir;
+	const char *object_name;
+	uint32 attributes;
+	struct security_descriptor *sec_desc;
+	struct lsa_QosInfo *sec_qos;
+};
+
+struct lsa_OpenPolicy {
+	struct {
+		const char *system_name;
+		struct lsa_ObjectAttribute *attr;
+		uint32 desired_access;
+	} in;
+	struct {
+		struct policy_handle handle;
+		NTSTATUS status;
+	} out;
+};
diff --git a/source4/libcli/ndr/ndr_misc.c b/source4/libcli/ndr/ndr_misc.c
new file mode 100644
index 0000000000..cdd6652068
--- /dev/null
+++ b/source4/libcli/ndr/ndr_misc.c
@@ -0,0 +1,45 @@
+/* 
+   Unix SMB/CIFS implementation.
+
+   routines for marshalling/unmarshalling miscellaneous rpc structures
+
+   Copyright (C) Andrew Tridgell 2003
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 2 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program; if not, write to the Free Software
+   Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+*/
+
+
+#include "includes.h"
+
+
+/*
+  parse a policy handle
+*/
+NTSTATUS ndr_pull_policy_handle(struct ndr_pull *ndr, 
+				struct policy_handle *r)
+{
+	NDR_CHECK(ndr_pull_bytes(ndr, r->data, 20));
+	return NT_STATUS_OK;
+}
+
+/*
+  push a policy handle
+*/
+NTSTATUS ndr_push_policy_handle(struct ndr_push *ndr, 
+				struct policy_handle *r)
+{
+	NDR_CHECK(ndr_push_bytes(ndr, r->data, 20));
+	return NT_STATUS_OK;
+}
diff --git a/source4/libcli/ndr/ndr_misc.h b/source4/libcli/ndr/ndr_misc.h
new file mode 100644
index 0000000000..cc3576b3e8
--- /dev/null
+++ b/source4/libcli/ndr/ndr_misc.h
@@ -0,0 +1,26 @@
+/* 
+   Unix SMB/CIFS implementation.
+
+   definitions for marshalling/unmarshalling miscellaneous structures
+
+   Copyright (C) Andrew Tridgell 2003
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 2 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program; if not, write to the Free Software
+   Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+*/
+
+/* policy handles are used all over the place */
+struct policy_handle {
+	char data[20];
+};