r4682: A LDB-based secrets implementation in Samba4.

This uses LDB (a local secrets.ldb and the global samdb) to fill out
the secrets from an LSA perspective.

Some small changes to come, but the bulk of the work is now done.

A re-provision is required after this change.

Andrew Bartlett
(This used to be commit ded33033521a6a1c7ea80758c5c5aeeebb182a51)

2 files changed, 58 insertions, 21 deletions

diff --git a/source4/torture/rpc/lsa.c b/source4/torture/rpc/lsa.c
index f1a5b76040..c9f730cd27 100644
--- a/source4/torture/rpc/lsa.c
+++ b/source4/torture/rpc/lsa.c
@@ -3,6 +3,7 @@
    test suite for lsa rpc operations
 
    Copyright (C) Andrew Tridgell 2003
+   Copyright (C) Andrew Bartlett <abartlet@samba.org> 2004-2005
    
    This program is free software; you can redistribute it and/or modify
    it under the terms of the GNU General Public License as published by
@@ -682,7 +683,7 @@ static BOOL test_CreateSecret(struct dcerpc_pipe *p,
 	struct lsa_QuerySecret r6;
 	struct lsa_SetSecret r7;
 	struct lsa_QuerySecret r8;
-	struct policy_handle sec_handle, sec_handle2;
+	struct policy_handle sec_handle, sec_handle2, sec_handle3;
 	struct lsa_Delete d;
 	struct lsa_DATA_BUF buf1;
 	struct lsa_DATA_BUF_PTR bufp1;
@@ -721,6 +722,16 @@ static BOOL test_CreateSecret(struct dcerpc_pipe *p,
 			return False;
 		}
 		
+		r.in.handle = handle;
+		r.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
+		r.out.sec_handle = &sec_handle3;
+		
+		status = dcerpc_lsa_CreateSecret(p, mem_ctx, &r);
+		if (!NT_STATUS_EQUAL(status, NT_STATUS_OBJECT_NAME_COLLISION)) {
+			printf("CreateSecret should have failed OBJECT_NAME_COLLISION - %s\n", nt_errstr(status));
+			return False;
+		}
+		
 		r2.in.handle = handle;
 		r2.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
 		r2.in.name = r.in.name;
@@ -742,7 +753,7 @@ static BOOL test_CreateSecret(struct dcerpc_pipe *p,
 		
 		enc_key = sess_encrypt_string(secret1, &session_key);
 		
-		r3.in.handle = &sec_handle;
+		r3.in.sec_handle = &sec_handle;
 		r3.in.new_val = &buf1;
 		r3.in.old_val = NULL;
 		r3.in.new_val->data = enc_key.data;
@@ -757,13 +768,31 @@ static BOOL test_CreateSecret(struct dcerpc_pipe *p,
 			ret = False;
 		}
 		
+		r3.in.sec_handle = &sec_handle;
+		r3.in.new_val = &buf1;
+		r3.in.old_val = NULL;
+		r3.in.new_val->data = enc_key.data;
+		r3.in.new_val->length = enc_key.length;
+		r3.in.new_val->size = enc_key.length;
+		
+		/* break the encrypted data */
+		enc_key.data[0]++;
+
+		printf("Testing SetSecret with broken key\n");
+		
+		status = dcerpc_lsa_SetSecret(p, mem_ctx, &r3);
+		if (!NT_STATUS_EQUAL(status, NT_STATUS_UNKNOWN_REVISION)) {
+			printf("SetSecret should have failed UNKNOWN_REVISION - %s\n", nt_errstr(status));
+			ret = False;
+		}
+		
 		data_blob_free(&enc_key);
 		
 		ZERO_STRUCT(new_mtime);
 		ZERO_STRUCT(old_mtime);
 		
 		/* fetch the secret back again */
-		r4.in.handle = &sec_handle;
+		r4.in.sec_handle = &sec_handle;
 		r4.in.new_val = &bufp1;
 		r4.in.new_mtime = &new_mtime;
 		r4.in.old_val = NULL;
@@ -771,17 +800,18 @@ static BOOL test_CreateSecret(struct dcerpc_pipe *p,
 		
 		bufp1.buf = NULL;
 		
+		printf("Testing QuerySecret\n");
 		status = dcerpc_lsa_QuerySecret(p, mem_ctx, &r4);
 		if (!NT_STATUS_IS_OK(status)) {
 			printf("QuerySecret failed - %s\n", nt_errstr(status));
 			ret = False;
 		} else {
-			if (r4.out.new_val->buf == NULL) {
+			if (r4.out.new_val == NULL || r4.out.new_val->buf == NULL) {
 				printf("No secret buffer returned\n");
 				ret = False;
 			} else {
 				blob1.data = r4.out.new_val->buf->data;
-				blob1.length = r4.out.new_val->buf->length;
+				blob1.length = r4.out.new_val->buf->size;
 				
 				blob2 = data_blob_talloc(mem_ctx, NULL, blob1.length);
 				
@@ -797,7 +827,7 @@ static BOOL test_CreateSecret(struct dcerpc_pipe *p,
 		
 		enc_key = sess_encrypt_string(secret3, &session_key);
 		
-		r5.in.handle = &sec_handle;
+		r5.in.sec_handle = &sec_handle;
 		r5.in.new_val = &buf1;
 		r5.in.old_val = NULL;
 		r5.in.new_val->data = enc_key.data;
@@ -818,7 +848,7 @@ static BOOL test_CreateSecret(struct dcerpc_pipe *p,
 		ZERO_STRUCT(old_mtime);
 		
 		/* fetch the secret back again */
-		r6.in.handle = &sec_handle;
+		r6.in.sec_handle = &sec_handle;
 		r6.in.new_val = &bufp1;
 		r6.in.new_mtime = &new_mtime;
 		r6.in.old_val = &bufp2;
@@ -839,7 +869,7 @@ static BOOL test_CreateSecret(struct dcerpc_pipe *p,
 				ret = False;
 			} else {
 				blob1.data = r6.out.new_val->buf->data;
-				blob1.length = r6.out.new_val->buf->length;
+				blob1.length = r6.out.new_val->buf->size;
 				
 				blob2 = data_blob_talloc(mem_ctx, NULL, blob1.length);
 				
@@ -873,7 +903,7 @@ static BOOL test_CreateSecret(struct dcerpc_pipe *p,
 
 		enc_key = sess_encrypt_string(secret5, &session_key);
 		
-		r7.in.handle = &sec_handle;
+		r7.in.sec_handle = &sec_handle;
 		r7.in.old_val = &buf1;
 		r7.in.old_val->data = enc_key.data;
 		r7.in.old_val->length = enc_key.length;
@@ -891,7 +921,7 @@ static BOOL test_CreateSecret(struct dcerpc_pipe *p,
 		data_blob_free(&enc_key);
 		
 		/* fetch the secret back again */
-		r8.in.handle = &sec_handle;
+		r8.in.sec_handle = &sec_handle;
 		r8.in.new_val = &bufp1;
 		r8.in.new_mtime = &new_mtime;
 		r8.in.old_val = &bufp2;
@@ -931,7 +961,7 @@ static BOOL test_CreateSecret(struct dcerpc_pipe *p,
 				}
 
 				blob1.data = r8.out.old_val->buf->data;
-				blob1.length = r8.out.old_val->buf->length;
+				blob1.length = r8.out.old_val->buf->size;
 				
 				blob2 = data_blob_talloc(mem_ctx, NULL, blob1.length);
 				
@@ -968,14 +998,15 @@ static BOOL test_CreateSecret(struct dcerpc_pipe *p,
 		if (!NT_STATUS_EQUAL(status, NT_STATUS_INVALID_HANDLE)) {
 			printf("Second delete expected INVALID_HANDLE - %s\n", nt_errstr(status));
 			ret = False;
-		}
+		} else {
 
-		printf("Testing OpenSecret of just-deleted secret\n");
-		
-		status = dcerpc_lsa_OpenSecret(p, mem_ctx, &r2);
-		if (!NT_STATUS_EQUAL(status, NT_STATUS_OBJECT_NAME_NOT_FOUND)) {
-			printf("OpenSecret expected OBJECT_NAME_NOT_FOUND - %s\n", nt_errstr(status));
-			ret = False;
+			printf("Testing OpenSecret of just-deleted secret\n");
+			
+			status = dcerpc_lsa_OpenSecret(p, mem_ctx, &r2);
+			if (!NT_STATUS_EQUAL(status, NT_STATUS_OBJECT_NAME_NOT_FOUND)) {
+				printf("OpenSecret expected OBJECT_NAME_NOT_FOUND - %s\n", nt_errstr(status));
+				ret = False;
+			}
 		}
 		
 	}
diff --git a/source4/torture/rpc/samsync.c b/source4/torture/rpc/samsync.c
index e393cd40fe..8c85787fe2 100644
--- a/source4/torture/rpc/samsync.c
+++ b/source4/torture/rpc/samsync.c
@@ -778,8 +778,11 @@ static BOOL samsync_handle_secret(TALLOC_CTX *mem_ctx, struct samsync_state *sam
 		lsa_blob1.data = q.out.old_val->buf->data;
 		lsa_blob1.length = q.out.old_val->buf->length;
 
-		lsa_blob_out = sess_decrypt_blob(mem_ctx, &lsa_blob1, &session_key);
-		
+		status = sess_decrypt_blob(mem_ctx, &lsa_blob1, &session_key, &lsa_blob_out);
+		if (!NT_STATUS_IS_OK(status)) {
+			return False;
+		}
+
 		if (!q.out.old_mtime) {
 			printf("OLD mtime not available on LSA for secret %s\n", old->name);
 			ret = False;
@@ -814,7 +817,10 @@ static BOOL samsync_handle_secret(TALLOC_CTX *mem_ctx, struct samsync_state *sam
 		lsa_blob1.data = q.out.new_val->buf->data;
 		lsa_blob1.length = q.out.new_val->buf->length;
 
-		lsa_blob_out = sess_decrypt_blob(mem_ctx, &lsa_blob1, &session_key);
+		status = sess_decrypt_blob(mem_ctx, &lsa_blob1, &session_key, &lsa_blob_out);
+		if (!NT_STATUS_IS_OK(status)) {
+			return False;
+		}
 		
 		if (!q.out.new_mtime) {
 			printf("NEW mtime not available on LSA for secret %s\n", new->name);