diff options
| author | Andrew Bartlett <abartlet@samba.org> | 2008-08-26 12:18:26 +1000 |
|---|---|---|
| committer | Andrew Bartlett <abartlet@samba.org> | 2008-08-26 12:18:26 +1000 |
| commit | 4eba234a7352094e1640e8ff9d80a20f8d4705a3 (patch) | |
| tree | 25e2c87fd6e48c1dd6264665f8e7a4a1c353559a /source4/rpc_server | |
| parent | f7c13b1a959903f3bb64206c0335b1b3c3de3065 (diff) | |
| download | samba-4eba234a7352094e1640e8ff9d80a20f8d4705a3.tar.gz samba-4eba234a7352094e1640e8ff9d80a20f8d4705a3.tar.bz2 samba-4eba234a7352094e1640e8ff9d80a20f8d4705a3.zip | |
More LSA server and testuite work.
- Implement QueryDomainInformationPolicy in Samba4
- Allow RPC-LSA to pass against Windows 2008 (which does not allow
the Audit privilage to be removed)
Andrew Bartlett
(This used to be commit d94c7bbcd6eee6d975eac32a1d172f4164c97137)
Diffstat (limited to 'source4/rpc_server')
| -rw-r--r-- | source4/rpc_server/lsa/dcesrv_lsa.c | 39 |
1 files changed, 38 insertions, 1 deletions
diff --git a/source4/rpc_server/lsa/dcesrv_lsa.c b/source4/rpc_server/lsa/dcesrv_lsa.c index 7ed3b63540..f67b5dee10 100644 --- a/source4/rpc_server/lsa/dcesrv_lsa.c +++ b/source4/rpc_server/lsa/dcesrv_lsa.c @@ -23,6 +23,8 @@ #include "rpc_server/lsa/lsa.h" #include "util/util_ldb.h" #include "libcli/ldap/ldap_ndr.h" +#include "system/kerberos.h" +#include "auth/kerberos/kerberos.h" /* this type allows us to distinguish handle types @@ -2502,7 +2504,42 @@ static NTSTATUS dcesrv_lsa_QueryDomainInformationPolicy(struct dcesrv_call_state TALLOC_CTX *mem_ctx, struct lsa_QueryDomainInformationPolicy *r) { - DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR); + r->out.info = talloc(mem_ctx, union lsa_DomainInformationPolicy); + if (!r->out.info) { + return NT_STATUS_NO_MEMORY; + } + + switch (r->in.level) { + case LSA_DOMAIN_INFO_POLICY_EFS: + talloc_free(r->out.info); + r->out.info = NULL; + return NT_STATUS_OBJECT_NAME_NOT_FOUND; + case LSA_DOMAIN_INFO_POLICY_KERBEROS: + { + struct lsa_DomainInfoKerberos *k = &r->out.info->kerberos_info; + struct smb_krb5_context *smb_krb5_context; + int ret = smb_krb5_init_context(mem_ctx, + dce_call->event_ctx, + dce_call->conn->dce_ctx->lp_ctx, + &smb_krb5_context); + if (ret != 0) { + talloc_free(r->out.info); + r->out.info = NULL; + return NT_STATUS_INTERNAL_ERROR; + } + k->enforce_restrictions = 0; /* FIXME, details missing from MS-LSAD 2.2.53 */ + k->service_tkt_lifetime = 0; /* Need to find somewhere to store this, and query in KDC too */ + k->user_tkt_lifetime = 0; /* Need to find somewhere to store this, and query in KDC too */ + k->user_tkt_renewaltime = 0; /* Need to find somewhere to store this, and query in KDC too */ + k->clock_skew = krb5_get_max_time_skew(smb_krb5_context->krb5_context); + talloc_free(smb_krb5_context); + return NT_STATUS_OK; + } + default: + talloc_free(r->out.info); + r->out.info = NULL; + return NT_STATUS_INVALID_INFO_CLASS; + } } /* |