diff options
author | Andrew Bartlett <abartlet@samba.org> | 2005-01-12 02:40:25 +0000 |
---|---|---|
committer | Gerald (Jerry) Carter <jerry@samba.org> | 2007-10-10 13:08:44 -0500 |
commit | c0571f623406ca33a4d5ce616c743479335eeba0 (patch) | |
tree | dc05f1e9787a52a96dfdedcc2727ad8d5bf9ab8d /source4 | |
parent | 9eaf1b45c0514dd9772059b460a99922c691de9a (diff) | |
download | samba-c0571f623406ca33a4d5ce616c743479335eeba0.tar.gz samba-c0571f623406ca33a4d5ce616c743479335eeba0.tar.bz2 samba-c0571f623406ca33a4d5ce616c743479335eeba0.zip |
r4698: - Initial implementation of trusted domains in LSA.
- Use templates for Secrets and the new trusted domains
- Auto-add modifiedTime, createdTime and objectGUID to records in the
samdb layer.
Andrew Bartlett
(This used to be commit 271c8faadfe2d9e0f3d523a1cdc831f5f9e35d19)
Diffstat (limited to 'source4')
-rw-r--r-- | source4/dsdb/samdb/samdb.c | 22 | ||||
-rw-r--r-- | source4/librpc/idl/lsa.idl | 2 | ||||
-rw-r--r-- | source4/provision.ldif | 18 | ||||
-rw-r--r-- | source4/rpc_server/lsa/dcesrv_lsa.c | 520 | ||||
-rw-r--r-- | source4/rpc_server/samr/dcesrv_samr.c | 42 | ||||
-rw-r--r-- | source4/torture/rpc/lsa.c | 6 |
6 files changed, 423 insertions, 187 deletions
diff --git a/source4/dsdb/samdb/samdb.c b/source4/dsdb/samdb/samdb.c index 0f72f2a1d6..81ce05d9fe 100644 --- a/source4/dsdb/samdb/samdb.c +++ b/source4/dsdb/samdb/samdb.c @@ -23,12 +23,13 @@ #include "includes.h" #include "librpc/gen_ndr/ndr_netlogon.h" #include "lib/ldb/include/ldb.h" +#include "system/time.h" /* connect to the SAM database return an opaque context pointer on success, or NULL on failure */ -void *samdb_connect(TALLOC_CTX *mem_ctx) +struct ldb_wrap *samdb_connect(TALLOC_CTX *mem_ctx) { return ldb_wrap_connect(mem_ctx, lp_sam_url(), 0, NULL); } @@ -604,7 +605,9 @@ int samdb_copy_template(struct ldb_wrap *sam_ctx, TALLOC_CTX *mem_ctx, strcasecmp((char *)el->values[j].data, "userTemplate") == 0 || strcasecmp((char *)el->values[j].data, "groupTemplate") == 0 || strcasecmp((char *)el->values[j].data, "foreignSecurityTemplate") == 0 || - strcasecmp((char *)el->values[j].data, "aliasTemplate") == 0)) { + strcasecmp((char *)el->values[j].data, "aliasTemplate") == 0 || + strcasecmp((char *)el->values[j].data, "trustedDomainTemplate") == 0 || + strcasecmp((char *)el->values[j].data, "secretTemplate") == 0)) { continue; } samdb_msg_add_string(sam_ctx, mem_ctx, msg, el->name, @@ -919,6 +922,19 @@ int samdb_msg_set_ldaptime(struct ldb_wrap *sam_ctx, TALLOC_CTX *mem_ctx, struct */ int samdb_add(struct ldb_wrap *sam_ctx, TALLOC_CTX *mem_ctx, struct ldb_message *msg) { + struct GUID guid; + const char *guidstr; + time_t now = time(NULL); + /* a new GUID */ + guid = GUID_random(); + guidstr = GUID_string(mem_ctx, &guid); + if (!guidstr) { + return -1; + } + + samdb_msg_add_string(sam_ctx, mem_ctx, msg, "objectGUID", guidstr); + samdb_msg_set_ldaptime(sam_ctx, mem_ctx, msg, "whenCreated", now); + samdb_msg_set_ldaptime(sam_ctx, mem_ctx, msg, "whenChanged", now); return ldb_add(sam_ctx->ldb, msg); } @@ -935,6 +951,8 @@ int samdb_delete(struct ldb_wrap *sam_ctx, TALLOC_CTX *mem_ctx, const char *dn) */ int samdb_modify(struct ldb_wrap *sam_ctx, TALLOC_CTX *mem_ctx, struct ldb_message *msg) { + time_t now = time(NULL); + samdb_msg_set_ldaptime(sam_ctx, mem_ctx, msg, "whenChanged", now); return ldb_modify(sam_ctx->ldb, msg); } diff --git a/source4/librpc/idl/lsa.idl b/source4/librpc/idl/lsa.idl index 4906947ada..8aeb40b3bc 100644 --- a/source4/librpc/idl/lsa.idl +++ b/source4/librpc/idl/lsa.idl @@ -263,7 +263,7 @@ [in,ref] policy_handle *handle, [in,ref] lsa_TrustInformation *info, [in] uint32 access_mask, - [out,ref] policy_handle *dom_handle + [out,ref] policy_handle *trustdom_handle ); diff --git a/source4/provision.ldif b/source4/provision.ldif index c160972b5d..c583aa0f97 100644 --- a/source4/provision.ldif +++ b/source4/provision.ldif @@ -960,3 +960,21 @@ objectClass: Template objectClass: foreignSecurityPrincipalTemplate cn: TemplateForeignSecurityPrincipal name: TemplateForeignSecurityPrincipal + +dn: CN=TemplateSecret,CN=Templates,${BASEDN} +objectClass: top +objectClass: leaf +objectClass: Template +objectClass: secretTemplate +cn: TemplateSecret +name: TemplateSecret +instanceType: 4 + +dn: CN=TemplateTrustedDomain,CN=Templates,${BASEDN} +objectClass: top +objectClass: leaf +objectClass: Template +objectClass: trustedDomainTemplate +cn: TemplateTrustedDomain +name: TemplateTrustedDomain +instanceType: 4 diff --git a/source4/rpc_server/lsa/dcesrv_lsa.c b/source4/rpc_server/lsa/dcesrv_lsa.c index bdb2e3d4c9..2ea4d8aa25 100644 --- a/source4/rpc_server/lsa/dcesrv_lsa.c +++ b/source4/rpc_server/lsa/dcesrv_lsa.c @@ -36,7 +36,8 @@ enum lsa_handle { LSA_HANDLE_POLICY, LSA_HANDLE_ACCOUNT, - LSA_HANDLE_SECRET + LSA_HANDLE_SECRET, + LSA_HANDLE_TRUSTED_DOMAIN }; /* @@ -79,6 +80,15 @@ struct lsa_secret_state { BOOL global; }; +/* + state associated with a lsa_OpenTrustedDomain() operation +*/ +struct lsa_trusted_domain_state { + struct lsa_policy_state *policy; + uint32_t access_mask; + const char *trusted_domain_dn; +}; + /* lsa_Close */ @@ -118,6 +128,16 @@ static NTSTATUS lsa_Delete(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_c } return NT_STATUS_OK; + } else if (h->wire_handle.handle_type == LSA_HANDLE_TRUSTED_DOMAIN) { + struct lsa_trusted_domain_state *trusted_domain_state = h->data; + ret = samdb_delete(trusted_domain_state->policy->sam_ctx, mem_ctx, + trusted_domain_state->trusted_domain_dn); + talloc_free(h); + if (ret != 0) { + return NT_STATUS_INVALID_HANDLE; + } + + return NT_STATUS_OK; } return NT_STATUS_INVALID_HANDLE; @@ -520,12 +540,347 @@ static NTSTATUS lsa_EnumAccounts(struct dcesrv_call_state *dce_call, TALLOC_CTX } +/* + lsa_CreateTrustedDomainEx2 +*/ +static NTSTATUS lsa_CreateTrustedDomainEx2(struct dcesrv_call_state *dce_call, + TALLOC_CTX *mem_ctx, + struct lsa_CreateTrustedDomainEx2 *r) +{ + DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR); +} + +/* + lsa_CreateTrustedDomainEx +*/ +static NTSTATUS lsa_CreateTrustedDomainEx(struct dcesrv_call_state *dce_call, + TALLOC_CTX *mem_ctx, + struct lsa_CreateTrustedDomainEx *r) +{ + DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR); +} + /* lsa_CreateTrustedDomain */ static NTSTATUS lsa_CreateTrustedDomain(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx, struct lsa_CreateTrustedDomain *r) { + struct dcesrv_handle *policy_handle; + struct lsa_policy_state *policy_state; + struct lsa_trusted_domain_state *trusted_domain_state; + struct dcesrv_handle *handle; + struct ldb_message **msgs, *msg; + const char *attrs[] = { + NULL + }; + const char *name; + int ret; + + DCESRV_PULL_HANDLE(policy_handle, r->in.handle, LSA_HANDLE_POLICY); + ZERO_STRUCTP(r->out.trustdom_handle); + + policy_state = policy_handle->data; + + if (!r->in.info->name.string) { + return NT_STATUS_INVALID_PARAMETER; + } + name = r->in.info->name.string; + + trusted_domain_state = talloc(mem_ctx, struct lsa_trusted_domain_state); + if (!trusted_domain_state) { + return NT_STATUS_NO_MEMORY; + } + trusted_domain_state->policy = policy_state; + + msg = ldb_msg_new(mem_ctx); + if (msg == NULL) { + return NT_STATUS_NO_MEMORY; + } + + /* search for the trusted_domain record */ + ret = samdb_search(trusted_domain_state->policy->sam_ctx, + mem_ctx, policy_state->system_dn, &msgs, attrs, + "(&(cn=%s)(objectclass=trustedDomain))", + r->in.info->name.string); + if (ret > 0) { + return NT_STATUS_OBJECT_NAME_COLLISION; + } + + if (ret < 0 || ret > 1) { + DEBUG(0,("Found %d records matching DN %s\n", ret, policy_state->system_dn)); + return NT_STATUS_INTERNAL_DB_CORRUPTION; + } + + msg->dn = talloc_asprintf(mem_ctx, "cn=%s,%s", r->in.info->name.string, + policy_state->system_dn); + if (!msg->dn) { + return NT_STATUS_NO_MEMORY; + } + + samdb_msg_add_string(trusted_domain_state->policy->sam_ctx, mem_ctx, msg, "cn", name); + samdb_msg_add_string(trusted_domain_state->policy->sam_ctx, mem_ctx, msg, "flatname", name); + + if (r->in.info->sid) { + const char *sid_string = dom_sid_string(mem_ctx, r->in.info->sid); + if (!sid_string) { + return NT_STATUS_NO_MEMORY; + } + + samdb_msg_add_string(trusted_domain_state->policy->sam_ctx, mem_ctx, msg, "securityIdentifier", name); + } + + /* pull in all the template attributes. Note this is always from the global samdb */ + ret = samdb_copy_template(trusted_domain_state->policy->sam_ctx, mem_ctx, msg, + "(&(name=TemplateTrustedDomain)(objectclass=trustedDomainTemplate))"); + if (ret != 0) { + DEBUG(0,("Failed to load TemplateTrustedDomain from samdb\n")); + return NT_STATUS_INTERNAL_DB_CORRUPTION; + } + + samdb_msg_add_string(trusted_domain_state->policy->sam_ctx, mem_ctx, msg, "objectClass", "trustedDomain"); + + trusted_domain_state->trusted_domain_dn = talloc_reference(trusted_domain_state, msg->dn); + + /* create the trusted_domain */ + ret = samdb_add(trusted_domain_state->policy->sam_ctx, mem_ctx, msg); + if (ret != 0) { + DEBUG(0,("Failed to create trusted_domain record %s\n", msg->dn)); + return NT_STATUS_INTERNAL_DB_CORRUPTION; + } + + handle = dcesrv_handle_new(dce_call->context, LSA_HANDLE_TRUSTED_DOMAIN); + if (!handle) { + return NT_STATUS_NO_MEMORY; + } + + handle->data = talloc_steal(handle, trusted_domain_state); + + trusted_domain_state->access_mask = r->in.access_mask; + trusted_domain_state->policy = talloc_reference(trusted_domain_state, policy_state); + + *r->out.trustdom_handle = handle->wire_handle; + + return NT_STATUS_OK; +} + +/* + lsa_OpenTrustedDomain +*/ +static NTSTATUS lsa_OpenTrustedDomain(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx, + struct lsa_OpenTrustedDomain *r) +{ + struct dcesrv_handle *policy_handle; + + struct lsa_policy_state *policy_state; + struct lsa_trusted_domain_state *trusted_domain_state; + struct dcesrv_handle *handle; + struct ldb_message **msgs; + const char *attrs[] = { + NULL + }; + + const char *sid_string; + int ret; + + DCESRV_PULL_HANDLE(policy_handle, r->in.handle, LSA_HANDLE_POLICY); + ZERO_STRUCTP(r->out.trustdom_handle); + policy_state = policy_handle->data; + + trusted_domain_state = talloc(mem_ctx, struct lsa_trusted_domain_state); + if (!trusted_domain_state) { + return NT_STATUS_NO_MEMORY; + } + trusted_domain_state->policy = policy_state; + + sid_string = dom_sid_string(mem_ctx, r->in.sid); + if (!sid_string) { + return NT_STATUS_NO_MEMORY; + } + + /* search for the trusted_domain record */ + ret = samdb_search(trusted_domain_state->policy->sam_ctx, + mem_ctx, policy_state->system_dn, &msgs, attrs, + "(&(securityIdentifier=%s)(objectclass=trustedDomain))", + sid_string); + if (ret == 0) { + return NT_STATUS_OBJECT_NAME_NOT_FOUND; + } + + if (ret != 1) { + DEBUG(0,("Found %d records matching DN %s\n", ret, policy_state->system_dn)); + return NT_STATUS_INTERNAL_DB_CORRUPTION; + } + + trusted_domain_state->trusted_domain_dn = talloc_reference(trusted_domain_state, msgs[0]->dn); + + handle = dcesrv_handle_new(dce_call->context, LSA_HANDLE_TRUSTED_DOMAIN); + if (!handle) { + return NT_STATUS_NO_MEMORY; + } + + handle->data = talloc_steal(handle, trusted_domain_state); + + trusted_domain_state->access_mask = r->in.access_mask; + trusted_domain_state->policy = talloc_reference(trusted_domain_state, policy_state); + + *r->out.trustdom_handle = handle->wire_handle; + + return NT_STATUS_OK; +} + + +/* + lsa_OpenTrustedDomainByName +*/ +static NTSTATUS lsa_OpenTrustedDomainByName(struct dcesrv_call_state *dce_call, + TALLOC_CTX *mem_ctx, + struct lsa_OpenTrustedDomainByName *r) +{ + struct dcesrv_handle *policy_handle; + + struct lsa_policy_state *policy_state; + struct lsa_trusted_domain_state *trusted_domain_state; + struct dcesrv_handle *handle; + struct ldb_message **msgs; + const char *attrs[] = { + NULL + }; + + int ret; + + DCESRV_PULL_HANDLE(policy_handle, r->in.handle, LSA_HANDLE_POLICY); + ZERO_STRUCTP(r->out.trustdom_handle); + policy_state = policy_handle->data; + + if (!r->in.name.string) { + return NT_STATUS_INVALID_PARAMETER; + } + + trusted_domain_state = talloc(mem_ctx, struct lsa_trusted_domain_state); + if (!trusted_domain_state) { + return NT_STATUS_NO_MEMORY; + } + + /* search for the trusted_domain record */ + ret = samdb_search(trusted_domain_state->policy->sam_ctx, + mem_ctx, policy_state->system_dn, &msgs, attrs, + "(&(cn=%s)(objectclass=trustedDomain))", + r->in.name.string); + if (ret == 0) { + return NT_STATUS_OBJECT_NAME_NOT_FOUND; + } + + if (ret != 1) { + DEBUG(0,("Found %d records matching DN %s\n", ret, policy_state->system_dn)); + return NT_STATUS_INTERNAL_DB_CORRUPTION; + } + + trusted_domain_state->trusted_domain_dn = talloc_reference(trusted_domain_state, msgs[0]->dn); + + handle = dcesrv_handle_new(dce_call->context, LSA_HANDLE_TRUSTED_DOMAIN); + if (!handle) { + return NT_STATUS_NO_MEMORY; + } + + handle->data = talloc_steal(handle, trusted_domain_state); + + trusted_domain_state->access_mask = r->in.access_mask; + trusted_domain_state->policy = talloc_reference(trusted_domain_state, policy_state); + + *r->out.trustdom_handle = handle->wire_handle; + + return NT_STATUS_OK; +} + + +/* + lsa_QueryTrustedDomainInfoBySid +*/ +static NTSTATUS lsa_QueryTrustedDomainInfoBySid(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx, + struct lsa_QueryTrustedDomainInfoBySid *r) +{ + DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR); +} + + +/* + lsa_SetTrustDomainInfo +*/ +static NTSTATUS lsa_SetTrustDomainInfo(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx, + struct lsa_SetTrustDomainInfo *r) +{ + DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR); +} + + +/* + lsa_DeleteTrustDomain +*/ +static NTSTATUS lsa_DeleteTrustDomain(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx, + struct lsa_DeleteTrustDomain *r) +{ + DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR); +} + + +/* + lsa_QueryTrustedDomainInfo +*/ +static NTSTATUS lsa_QueryTrustedDomainInfo(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx, + struct lsa_QueryTrustedDomainInfo *r) +{ + DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR); +} + + +/* + lsa_SetInformationTrustedDomain +*/ +static NTSTATUS lsa_SetInformationTrustedDomain(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx, + struct lsa_SetInformationTrustedDomain *r) +{ + DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR); +} + + +/* + lsa_QueryTrustedDomainInfoByName +*/ +static NTSTATUS lsa_QueryTrustedDomainInfoByName(struct dcesrv_call_state *dce_call, + TALLOC_CTX *mem_ctx, + struct lsa_QueryTrustedDomainInfoByName *r) +{ + DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR); +} + +/* + lsa_SetTrustedDomainInfoByName +*/ +static NTSTATUS lsa_SetTrustedDomainInfoByName(struct dcesrv_call_state *dce_call, + TALLOC_CTX *mem_ctx, + struct lsa_SetTrustedDomainInfoByName *r) +{ + DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR); +} + +/* + lsa_EnumTrustedDomainsEx +*/ +static NTSTATUS lsa_EnumTrustedDomainsEx(struct dcesrv_call_state *dce_call, + TALLOC_CTX *mem_ctx, + struct lsa_EnumTrustedDomainsEx *r) +{ + DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR); +} + +/* + lsa_CloseTrustedDomainEx +*/ +static NTSTATUS lsa_CloseTrustedDomainEx(struct dcesrv_call_state *dce_call, + TALLOC_CTX *mem_ctx, + struct lsa_CloseTrustedDomainEx *r) +{ DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR); } @@ -990,7 +1345,7 @@ static NTSTATUS lsa_AddRemoveAccountRights(struct dcesrv_call_state *dce_call, const struct lsa_RightSet *rights) { const char *sidstr; - struct ldb_message msg; + struct ldb_message *msg; struct ldb_message_element el; int i, ret; const char *dn; @@ -1001,21 +1356,23 @@ static NTSTATUS lsa_AddRemoveAccountRights(struct dcesrv_call_state *dce_call, return NT_STATUS_NO_MEMORY; } + msg = ldb_msg_new(mem_ctx); + if (msg == NULL) { + return NT_STATUS_NO_MEMORY; + } + dn = samdb_search_string(state->sam_ctx, mem_ctx, NULL, "dn", "objectSid=%s", sidstr); if (dn == NULL) { return NT_STATUS_NO_SUCH_USER; } - msg.dn = talloc_strdup(mem_ctx, dn); - if (msg.dn == NULL) { + msg->dn = talloc_strdup(mem_ctx, dn); + if (msg->dn == NULL) { return NT_STATUS_NO_MEMORY; } - msg.num_elements = 1; - msg.elements = ⪙ - el.flags = ldb_flag; - el.name = talloc_strdup(mem_ctx, "privilege"); - if (el.name == NULL) { + + if (ldb_msg_add_empty(state->sam_ctx->ldb, msg, "privilege", ldb_flag)) { return NT_STATUS_NO_MEMORY; } @@ -1066,7 +1423,7 @@ static NTSTATUS lsa_AddRemoveAccountRights(struct dcesrv_call_state *dce_call, return NT_STATUS_OK; } - ret = samdb_modify(state->sam_ctx, mem_ctx, &msg); + ret = samdb_modify(state->sam_ctx, mem_ctx, msg); if (ret != 0) { if (ldb_flag == LDB_FLAG_MOD_DELETE) { return NT_STATUS_OBJECT_NAME_NOT_FOUND; @@ -1217,36 +1574,6 @@ static NTSTATUS lsa_SetSystemAccessAccount(struct dcesrv_call_state *dce_call, T /* - lsa_OpenTrustedDomain -*/ -static NTSTATUS lsa_OpenTrustedDomain(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx, - struct lsa_OpenTrustedDomain *r) -{ - DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR); -} - - -/* - lsa_QueryTrustedDomainInfo -*/ -static NTSTATUS lsa_QueryTrustedDomainInfo(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx, - struct lsa_QueryTrustedDomainInfo *r) -{ - DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR); -} - - -/* - lsa_SetInformationTrustedDomain -*/ -static NTSTATUS lsa_SetInformationTrustedDomain(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx, - struct lsa_SetInformationTrustedDomain *r) -{ - DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR); -} - - -/* lsa_CreateSecret */ static NTSTATUS lsa_CreateSecret(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx, @@ -1278,6 +1605,7 @@ static NTSTATUS lsa_CreateSecret(struct dcesrv_call_state *dce_call, TALLOC_CTX if (!secret_state) { return NT_STATUS_NO_MEMORY; } + secret_state->policy = policy_state; msg = ldb_msg_new(mem_ctx); if (msg == NULL) { @@ -1342,6 +1670,15 @@ static NTSTATUS lsa_CreateSecret(struct dcesrv_call_state *dce_call, TALLOC_CTX msg->dn = talloc_asprintf(mem_ctx, "cn=%s,cn=LSA Secrets", name); samdb_msg_add_string(secret_state->sam_ctx, mem_ctx, msg, "cn", name); } + + /* pull in all the template attributes. Note this is always from the global samdb */ + ret = samdb_copy_template(secret_state->policy->sam_ctx, mem_ctx, msg, + "(&(name=TemplateSecret)(objectclass=secretTemplate))"); + if (ret != 0) { + DEBUG(0,("Failed to load TemplateSecret from samdb\n")); + return NT_STATUS_INTERNAL_DB_CORRUPTION; + } + samdb_msg_add_string(secret_state->sam_ctx, mem_ctx, msg, "objectClass", "secret"); secret_state->secret_dn = talloc_reference(secret_state, msg->dn); @@ -1401,6 +1738,7 @@ static NTSTATUS lsa_OpenSecret(struct dcesrv_call_state *dce_call, TALLOC_CTX *m if (!secret_state) { return NT_STATUS_NO_MEMORY; } + secret_state->policy = policy_state; if (strncmp("G$", r->in.name.string, 2) == 0) { name = &r->in.name.string[2]; @@ -1953,36 +2291,6 @@ static NTSTATUS lsa_RemoveAccountRights(struct dcesrv_call_state *dce_call, /* - lsa_QueryTrustedDomainInfoBySid -*/ -static NTSTATUS lsa_QueryTrustedDomainInfoBySid(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx, - struct lsa_QueryTrustedDomainInfoBySid *r) -{ - DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR); -} - - -/* - lsa_SetTrustDomainInfo -*/ -static NTSTATUS lsa_SetTrustDomainInfo(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx, - struct lsa_SetTrustDomainInfo *r) -{ - DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR); -} - - -/* - lsa_DeleteTrustDomain -*/ -static NTSTATUS lsa_DeleteTrustDomain(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx, - struct lsa_DeleteTrustDomain *r) -{ - DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR); -} - - -/* lsa_StorePrivateData */ static NTSTATUS lsa_StorePrivateData(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx, @@ -2068,56 +2376,6 @@ static NTSTATUS lsa_SetInfoPolicy2(struct dcesrv_call_state *dce_call, } /* - lsa_QueryTrustedDomainInfoByName -*/ -static NTSTATUS lsa_QueryTrustedDomainInfoByName(struct dcesrv_call_state *dce_call, - TALLOC_CTX *mem_ctx, - struct lsa_QueryTrustedDomainInfoByName *r) -{ - DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR); -} - -/* - lsa_SetTrustedDomainInfoByName -*/ -static NTSTATUS lsa_SetTrustedDomainInfoByName(struct dcesrv_call_state *dce_call, - TALLOC_CTX *mem_ctx, - struct lsa_SetTrustedDomainInfoByName *r) -{ - DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR); -} - -/* - lsa_EnumTrustedDomainsEx -*/ -static NTSTATUS lsa_EnumTrustedDomainsEx(struct dcesrv_call_state *dce_call, - TALLOC_CTX *mem_ctx, - struct lsa_EnumTrustedDomainsEx *r) -{ - DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR); -} - -/* - lsa_CreateTrustedDomainEx -*/ -static NTSTATUS lsa_CreateTrustedDomainEx(struct dcesrv_call_state *dce_call, - TALLOC_CTX *mem_ctx, - struct lsa_CreateTrustedDomainEx *r) -{ - DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR); -} - -/* - lsa_CloseTrustedDomainEx -*/ -static NTSTATUS lsa_CloseTrustedDomainEx(struct dcesrv_call_state *dce_call, - TALLOC_CTX *mem_ctx, - struct lsa_CloseTrustedDomainEx *r) -{ - DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR); -} - -/* lsa_QueryDomainInformationPolicy */ static NTSTATUS lsa_QueryDomainInformationPolicy(struct dcesrv_call_state *dce_call, @@ -2138,16 +2396,6 @@ static NTSTATUS lsa_SetDomInfoPolicy(struct dcesrv_call_state *dce_call, } /* - lsa_OpenTrustedDomainByName -*/ -static NTSTATUS lsa_OpenTrustedDomainByName(struct dcesrv_call_state *dce_call, - TALLOC_CTX *mem_ctx, - struct lsa_OpenTrustedDomainByName *r) -{ - DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR); -} - -/* lsa_TestCall */ static NTSTATUS lsa_TestCall(struct dcesrv_call_state *dce_call, @@ -2395,18 +2643,6 @@ static NTSTATUS lsa_LookupNames(struct dcesrv_call_state *dce_call, TALLOC_CTX * return status; } - - -/* - lsa_CreateTrustedDomainEx2 -*/ -static NTSTATUS lsa_CreateTrustedDomainEx2(struct dcesrv_call_state *dce_call, - TALLOC_CTX *mem_ctx, - struct lsa_CreateTrustedDomainEx2 *r) -{ - DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR); -} - /* lsa_CREDRWRITE */ diff --git a/source4/rpc_server/samr/dcesrv_samr.c b/source4/rpc_server/samr/dcesrv_samr.c index a98fe5ae06..7cbe63056a 100644 --- a/source4/rpc_server/samr/dcesrv_samr.c +++ b/source4/rpc_server/samr/dcesrv_samr.c @@ -468,9 +468,7 @@ static NTSTATUS samr_CreateDomainGroup(struct dcesrv_call_state *dce_call, TALLO const char *name; struct ldb_message *msg; uint32_t rid; - const char *groupname, *sidstr, *guidstr; - struct GUID guid; - time_t now = time(NULL); + const char *groupname, *sidstr; struct dcesrv_handle *g_handle; int ret; NTSTATUS status; @@ -523,13 +521,6 @@ static NTSTATUS samr_CreateDomainGroup(struct dcesrv_call_state *dce_call, TALLO return NT_STATUS_NO_MEMORY; } - /* a new GUID */ - guid = GUID_random(); - guidstr = GUID_string(mem_ctx, &guid); - if (!guidstr) { - return NT_STATUS_NO_MEMORY; - } - /* add core elements to the ldb_message for the user */ msg->dn = talloc_asprintf(mem_ctx, "CN=%s,CN=Users,%s", groupname, d_state->domain_dn); @@ -541,9 +532,6 @@ static NTSTATUS samr_CreateDomainGroup(struct dcesrv_call_state *dce_call, TALLO samdb_msg_add_string(d_state->sam_ctx, mem_ctx, msg, "sAMAccountName", groupname); samdb_msg_add_string(d_state->sam_ctx, mem_ctx, msg, "objectClass", "group"); samdb_msg_add_string(d_state->sam_ctx, mem_ctx, msg, "objectSid", sidstr); - samdb_msg_add_string(d_state->sam_ctx, mem_ctx, msg, "objectGUID", guidstr); - samdb_msg_set_ldaptime(d_state->sam_ctx, mem_ctx, msg, "whenCreated", now); - samdb_msg_set_ldaptime(d_state->sam_ctx, mem_ctx, msg, "whenChanged", now); /* create the group */ ret = samdb_add(d_state->sam_ctx, mem_ctx, msg); @@ -703,9 +691,7 @@ static NTSTATUS samr_CreateUser2(struct dcesrv_call_state *dce_call, TALLOC_CTX const char *name; struct ldb_message *msg; uint32_t rid; - const char *account_name, *sidstr, *guidstr; - struct GUID guid; - time_t now = time(NULL); + const char *account_name, *sidstr; struct dcesrv_handle *u_handle; int ret; NTSTATUS status; @@ -803,13 +789,6 @@ static NTSTATUS samr_CreateUser2(struct dcesrv_call_state *dce_call, TALLOC_CTX return NT_STATUS_NO_MEMORY; } - /* a new GUID */ - guid = GUID_random(); - guidstr = GUID_string(mem_ctx, &guid); - if (!guidstr) { - return NT_STATUS_NO_MEMORY; - } - /* add core elements to the ldb_message for the user */ msg->dn = talloc_asprintf(mem_ctx, "CN=%s,CN=%s,%s", account_name, container, d_state->domain_dn); if (!msg->dn) { @@ -823,9 +802,6 @@ static NTSTATUS samr_CreateUser2(struct dcesrv_call_state *dce_call, TALLOC_CTX samdb_msg_add_string(d_state->sam_ctx, mem_ctx, msg, "objectClass", additional_class); } samdb_msg_add_string(d_state->sam_ctx, mem_ctx, msg, "objectSid", sidstr); - samdb_msg_add_string(d_state->sam_ctx, mem_ctx, msg, "objectGUID", guidstr); - samdb_msg_set_ldaptime(d_state->sam_ctx, mem_ctx, msg, "whenCreated", now); - samdb_msg_set_ldaptime(d_state->sam_ctx, mem_ctx, msg, "whenChanged", now); /* create the user */ ret = samdb_add(d_state->sam_ctx, mem_ctx, msg); @@ -973,9 +949,7 @@ static NTSTATUS samr_CreateDomAlias(struct dcesrv_call_state *dce_call, TALLOC_C struct samr_domain_state *d_state; struct samr_account_state *a_state; struct dcesrv_handle *h; - const char *aliasname, *name, *sidstr, *guidstr; - struct GUID guid; - time_t now = time(NULL); + const char *aliasname, *name, *sidstr; struct ldb_message *msg; uint32_t rid; struct dcesrv_handle *a_handle; @@ -1032,13 +1006,6 @@ static NTSTATUS samr_CreateDomAlias(struct dcesrv_call_state *dce_call, TALLOC_C return NT_STATUS_NO_MEMORY; } - /* a new GUID */ - guid = GUID_random(); - guidstr = GUID_string(mem_ctx, &guid); - if (!guidstr) { - return NT_STATUS_NO_MEMORY; - } - /* add core elements to the ldb_message for the alias */ msg->dn = talloc_asprintf(mem_ctx, "CN=%s,CN=Users,%s", aliasname, d_state->domain_dn); @@ -1051,9 +1018,6 @@ static NTSTATUS samr_CreateDomAlias(struct dcesrv_call_state *dce_call, TALLOC_C samdb_msg_add_string(d_state->sam_ctx, mem_ctx, msg, "sAMAccountName", aliasname); samdb_msg_add_string(d_state->sam_ctx, mem_ctx, msg, "objectClass", "group"); samdb_msg_add_string(d_state->sam_ctx, mem_ctx, msg, "objectSid", sidstr); - samdb_msg_add_string(d_state->sam_ctx, mem_ctx, msg, "objectGUID", guidstr); - samdb_msg_set_ldaptime(d_state->sam_ctx, mem_ctx, msg, "whenCreated", now); - samdb_msg_set_ldaptime(d_state->sam_ctx, mem_ctx, msg, "whenChanged", now); /* create the alias */ ret = samdb_add(d_state->sam_ctx, mem_ctx, msg); diff --git a/source4/torture/rpc/lsa.c b/source4/torture/rpc/lsa.c index c5b74c8674..98de8df78c 100644 --- a/source4/torture/rpc/lsa.c +++ b/source4/torture/rpc/lsa.c @@ -639,7 +639,7 @@ static BOOL test_CreateTrustedDomain(struct dcerpc_pipe *p, struct lsa_CreateTrustedDomain r; struct lsa_TrustInformation trustinfo; struct dom_sid *domsid; - struct policy_handle dom_handle; + struct policy_handle trustdom_handle; printf("Testing CreateTrustedDomain\n"); @@ -651,7 +651,7 @@ static BOOL test_CreateTrustedDomain(struct dcerpc_pipe *p, r.in.handle = handle; r.in.info = &trustinfo; r.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED; - r.out.dom_handle = &dom_handle; + r.out.trustdom_handle = &trustdom_handle; status = dcerpc_lsa_CreateTrustedDomain(p, mem_ctx, &r); if (NT_STATUS_EQUAL(status, NT_STATUS_OBJECT_NAME_COLLISION)) { @@ -663,7 +663,7 @@ static BOOL test_CreateTrustedDomain(struct dcerpc_pipe *p, return False; } - if (!test_Delete(p, mem_ctx, &dom_handle)) { + if (!test_Delete(p, mem_ctx, &trustdom_handle)) { return False; } |