r3904: * Add new LSA calls to open trusted domains

* Add new tests for ACCOUNTs in SamSync

* Clean up names in NETLOGON and LSA

* Verify Security Descriptors against LSA, as well as SamR

Andrew Bartlett
(This used to be commit 7094502fe0346255a89667f702289b4c8dc9fa08)

2 files changed, 24 insertions, 10 deletions

diff --git a/source4/librpc/idl/lsa.idl b/source4/librpc/idl/lsa.idl
index 225979da18..f84addf150 100644
--- a/source4/librpc/idl/lsa.idl
+++ b/source4/librpc/idl/lsa.idl
@@ -56,10 +56,10 @@
 	/******************/
 	/* Function: 0x03 */
 
-	NTSTATUS lsa_QuerySecObj (
+	NTSTATUS lsa_QuerySecurity (
 		[in,ref]     policy_handle *handle,
 		[in]         uint32 sec_info,
-		[out]        sec_desc_buf *sd
+		[out]        sec_desc_buf *sdbuf
 		);
 
 
@@ -396,8 +396,15 @@
 	NTSTATUS lsa_GetSystemAccessAccount();
 	/* Function:    0x18 */
 	NTSTATUS lsa_SetSystemAccessAccount();
+
 	/* Function:        0x19 */
-	NTSTATUS lsa_OpenTrustedDomain();
+	NTSTATUS lsa_OpenTrustedDomain(
+		[in,ref]     policy_handle *handle,
+		[in,ref]     dom_sid2      *sid,
+		[in]         uint32         access_mask,
+		[out,ref]    policy_handle *trustdom_handle
+		);
+
 	/* Function:       0x1a */
 	NTSTATUS lsa_QueryInfoTrustedDomain();
 	/* Function:     0x1b */
@@ -566,7 +573,12 @@
 	NTSTATUS lsa_SetDomInfoPolicy();
 
 	/* Function 0x37 */
-	NTSTATUS lsa_OpenTrustedDomainByName();
+	NTSTATUS lsa_OpenTrustedDomainByName(
+		[in,ref]     policy_handle *handle,
+		[in]         lsa_Name       name,
+		[in]         uint32         access_mask,
+		[out,ref]    policy_handle *trustdom_handle
+		);
 
 	/* Function 0x38 */
 	NTSTATUS lsa_TestCall();
diff --git a/source4/librpc/idl/netlogon.idl b/source4/librpc/idl/netlogon.idl
index ae6bfe249b..27ba53ff8b 100644
--- a/source4/librpc/idl/netlogon.idl
+++ b/source4/librpc/idl/netlogon.idl
@@ -255,6 +255,8 @@ interface netlogon
 	/* Function 0x05 */
 
 	/* secure channel types */
+	/* Only SEC_CHAN_WKSTA can forward requests to other domains. */
+
 	const int SEC_CHAN_WKSTA   = 2;
 	const int SEC_CHAN_DOMAIN  = 4;
 	const int SEC_CHAN_BDC     = 6;
@@ -527,7 +529,7 @@ interface netlogon
 		uint32 unknown6;
 		uint32 unknown7;
 		uint32 unknown8;
-	} netr_DELTA_ACCOUNTS;
+	} netr_DELTA_ACCOUNT;
 
 	typedef struct {
 		uint16 unknown;
@@ -574,9 +576,9 @@ interface netlogon
 		NETR_DELTA_RENAME_ALIAS     = 11,
 		NETR_DELTA_ALIAS_MEMBER     = 12,
 		NETR_DELTA_POLICY           = 13,
-		NETR_DELTA_TRUSTED_DOMAIN  = 14,
+		NETR_DELTA_TRUSTED_DOMAIN   = 14,
 		NETR_DELTA_DELETE_TRUST     = 15,
-		NETR_DELTA_ACCOUNTS         = 16,
+		NETR_DELTA_ACCOUNT          = 16,
 		NETR_DELTA_DELETE_ACCOUNT   = 17,
 		NETR_DELTA_SECRET           = 18,
 		NETR_DELTA_DELETE_SECRET    = 19,
@@ -599,9 +601,9 @@ interface netlogon
 		[case(NETR_DELTA_RENAME_ALIAS)]    netr_DELTA_RENAME          *rename_alias;
 		[case(NETR_DELTA_ALIAS_MEMBER)]    netr_DELTA_ALIAS_MEMBER    *alias_member;
 		[case(NETR_DELTA_POLICY)]          netr_DELTA_POLICY          *policy;
-		[case(NETR_DELTA_TRUSTED_DOMAIN)] netr_DELTA_TRUSTED_DOMAIN   *trusted_domain;
+		[case(NETR_DELTA_TRUSTED_DOMAIN)]  netr_DELTA_TRUSTED_DOMAIN   *trusted_domain;
 		[case(NETR_DELTA_DELETE_TRUST)]    netr_DELTA_DELETE_TRUST     delete_trust;
-		[case(NETR_DELTA_ACCOUNTS)]        netr_DELTA_ACCOUNTS        *accounts;
+		[case(NETR_DELTA_ACCOUNT)]         netr_DELTA_ACCOUNT         *account;
 		[case(NETR_DELTA_DELETE_ACCOUNT)]  netr_DELTA_DELETE_ACCOUNT   delete_account;
 		[case(NETR_DELTA_SECRET)]          netr_DELTA_SECRET          *secret;
 		[case(NETR_DELTA_DELETE_SECRET)]   netr_DELTA_DELETE_SECRET    delete_secret;
@@ -626,7 +628,7 @@ interface netlogon
 		[case(NETR_DELTA_POLICY)]          dom_sid2 *sid;
 		[case(NETR_DELTA_TRUSTED_DOMAIN)]  dom_sid2 *sid;
 		[case(NETR_DELTA_DELETE_TRUST)]    dom_sid2 *sid;
-		[case(NETR_DELTA_ACCOUNTS)]        dom_sid2 *sid;
+		[case(NETR_DELTA_ACCOUNT)]         dom_sid2 *sid;
 		[case(NETR_DELTA_DELETE_ACCOUNT)]  dom_sid2 *sid;
 		[case(NETR_DELTA_SECRET)]          unistr *name;
 		[case(NETR_DELTA_DELETE_SECRET)]   unistr *name;