More work to implement LSA CreateTrustedDomainEx2

We still don't get the format inside the encrypted blob correct
however.

Andrew Bartlett
(This used to be commit 99a3abda09716c064b3e9a37c4a79a8f62444eca)

3 files changed, 63 insertions, 11 deletions

diff --git a/source4/librpc/idl/drsblobs.idl b/source4/librpc/idl/drsblobs.idl
index 39c9680bdb..196423c7dd 100644
--- a/source4/librpc/idl/drsblobs.idl
+++ b/source4/librpc/idl/drsblobs.idl
@@ -409,12 +409,20 @@ interface drsblobs {
 		[size_is(1)] AuthenticationInformation array[];
 	} AuthenticationInformationArray;
 
-	typedef [public,nopull,nopush,noprint] struct {
+	typedef [public,nopull,nopush,noprint,gensize] struct {
 		uint32 count;
 		[relative] AuthenticationInformationArray *current;
 		[relative] AuthenticationInformationArray *previous;
 	} trustAuthInOutBlob;
 
+	typedef [public] struct {
+		uint8 confounder[512];
+		trustAuthInOutBlob outgoing;
+		trustAuthInOutBlob incoming;
+		[value(ndr_size_trustAuthInOutBlob(&outgoing, ndr->flags))] uint32 outgoing_size;
+		[value(ndr_size_trustAuthInOutBlob(&incoming, ndr->flags))] uint32 incoming_size;
+	} trustAuthInAndOutBlob;
+	
 	void decode_trustAuthInOut(
 		[in] trustAuthInOutBlob blob
 		);
diff --git a/source4/librpc/idl/lsa.idl b/source4/librpc/idl/lsa.idl
index 81931ae02a..4de3d6f1bf 100644
--- a/source4/librpc/idl/lsa.idl
+++ b/source4/librpc/idl/lsa.idl
@@ -607,13 +607,23 @@ import "misc.idl", "security.idl";
 	} lsa_TrustDomainInfoFullInfo;
 
 	typedef struct {
+		lsa_DATA_BUF2                          auth_blob;
+	} lsa_TrustDomainInfoAuthInfoInternal;
+
+	typedef struct {
+		lsa_TrustDomainInfoInfoEx              info_ex;
+		lsa_TrustDomainInfoPosixOffset         posix_offset;
+		lsa_TrustDomainInfoAuthInfoInternal    auth_info;
+	} lsa_TrustDomainInfoFullInfoInternal;
+
+	typedef struct {
 		lsa_TrustDomainInfoInfoEx      info_ex;
-		lsa_DATA_BUF2                  data1;
+		uint32 forest_trust_length;
+		[size_is(forest_trust_length)] uint8 *forest_trust_data;
 	} lsa_TrustDomainInfoInfoEx2Internal;
 
 	typedef struct {
-		lsa_TrustDomainInfoInfoEx      info_ex;
-		lsa_DATA_BUF2                  data1;
+		lsa_TrustDomainInfoInfoEx2Internal     info;
 		lsa_TrustDomainInfoPosixOffset posix_offset;
 		lsa_TrustDomainInfoAuthInfo    auth_info;
 	} lsa_TrustDomainInfoInfo2Internal;
@@ -640,9 +650,9 @@ import "misc.idl", "security.idl";
 		[case(LSA_TRUSTED_DOMAIN_INFO_FULL_INFO)]
 		        lsa_TrustDomainInfoFullInfo          full_info;
 		[case(LSA_TRUSTED_DOMAIN_INFO_AUTH_INFO_INTERNAL)]
-		        lsa_TrustDomainInfoAuthInfo          auth_info_internal;
+		        lsa_TrustDomainInfoAuthInfoInternal  auth_info_internal;
 		[case(LSA_TRUSTED_DOMAIN_INFO_FULL_INFO_INTERNAL)]
-		        lsa_TrustDomainInfoFullInfo          full_info_internal;
+		        lsa_TrustDomainInfoFullInfoInternal  full_info_internal;
 		[case(LSA_TRUSTED_DOMAIN_INFO_INFO_EX2_INTERNAL)]
 		        lsa_TrustDomainInfoInfoEx2Internal   info_ex2_internal;
 		[case(LSA_TRUSTED_DOMAIN_INFO_FULL_INFO_2_INTERNAL)]
@@ -875,7 +885,7 @@ import "misc.idl", "security.idl";
 	NTSTATUS lsa_CreateTrustedDomainEx(
 		[in]  policy_handle               *policy_handle,
 		[in]  lsa_TrustDomainInfoInfoEx   *info,
-		[in]  lsa_TrustDomainInfoAuthInfo *auth_info,
+		[in]  lsa_TrustDomainInfoAuthInfoInternal *auth_info,
 		[in]  uint32 access_mask,
 		[out] policy_handle               *trustdom_handle
 		);
@@ -996,7 +1006,7 @@ import "misc.idl", "security.idl";
 	NTSTATUS lsa_CreateTrustedDomainEx2(
 		[in]  policy_handle               *policy_handle,
 		[in]  lsa_TrustDomainInfoInfoEx   *info,
-		[in]  lsa_TrustDomainInfoAuthInfo *auth_info,
+		[in]  lsa_TrustDomainInfoAuthInfoInternal *auth_info,
 		[in]  uint32                       access_mask,
 		[out] policy_handle               *trustdom_handle
 		);
diff --git a/source4/torture/rpc/lsa.c b/source4/torture/rpc/lsa.c
index 1e35d94235..316412ec9e 100644
--- a/source4/torture/rpc/lsa.c
+++ b/source4/torture/rpc/lsa.c
@@ -23,11 +23,13 @@
 #include "torture/torture.h"
 #include "librpc/gen_ndr/ndr_lsa_c.h"
 #include "librpc/gen_ndr/netlogon.h"
+#include "librpc/gen_ndr/ndr_drsblobs.h"
 #include "lib/events/events.h"
 #include "libcli/security/security.h"
 #include "libcli/auth/libcli_auth.h"
 #include "torture/rpc/rpc.h"
 #include "param/param.h"
+#include "lib/crypto/crypto.h"
 #define TEST_MACHINENAME "lsatestmach"
 
 static void init_lsa_String(struct lsa_String *name, const char *s)
@@ -1882,6 +1884,9 @@ static bool test_EnumTrustDom(struct dcerpc_pipe *p,
 		return false;
 	}
 		
+	/* Start from the bottom again */
+	resume_handle = 0;
+
 	do {
 		r.in.handle = handle;
 		r.in.resume_handle = &resume_handle;
@@ -2063,6 +2068,7 @@ static bool test_CreateTrustedDomain(struct dcerpc_pipe *p,
 }
 
 static bool test_CreateTrustedDomainEx2(struct dcerpc_pipe *p, 
+					struct torture_context *tctx, 
 					TALLOC_CTX *mem_ctx, 
 					struct policy_handle *handle)
 {
@@ -2070,13 +2076,24 @@ static bool test_CreateTrustedDomainEx2(struct dcerpc_pipe *p,
 	bool ret = true;
 	struct lsa_CreateTrustedDomainEx2 r;
 	struct lsa_TrustDomainInfoInfoEx trustinfo;
+	struct lsa_TrustDomainInfoAuthInfoInternal authinfo;
+	struct trustAuthInAndOutBlob auth_struct;
+	DATA_BLOB auth_blob;
 	struct dom_sid *domsid[12];
 	struct policy_handle trustdom_handle[12];
 	struct lsa_QueryTrustedDomainInfo q;
+	DATA_BLOB session_key;
+	enum ndr_err_code ndr_err;
 	int i;
 
 	printf("Testing CreateTrustedDomainEx2 for 12 domains\n");
 
+	status = dcerpc_fetch_session_key(p, &session_key);
+	if (!NT_STATUS_IS_OK(status)) {
+		printf("dcerpc_fetch_session_key failed - %s\n", nt_errstr(status));
+		return false;
+	}
+		
 	for (i=0; i< 12; i++) {
 		char *trust_name = talloc_asprintf(mem_ctx, "torturedom%02d", i);
 		char *trust_name_dns = talloc_asprintf(mem_ctx, "torturedom%02d.samba.example.com", i);
@@ -2102,9 +2119,26 @@ static bool test_CreateTrustedDomainEx2(struct dcerpc_pipe *p,
 
 		trustinfo.trust_attributes = LSA_TRUST_ATTRIBUTE_USES_RC4_ENCRYPTION;
 
+		generate_random_buffer(auth_struct.confounder, sizeof(auth_struct.confounder));
+
+		auth_struct.outgoing.count = 0;
+		auth_struct.incoming.count = 0;
+
+		ndr_err = ndr_push_struct_blob(&auth_blob, mem_ctx, lp_iconv_convenience(tctx->lp_ctx), &auth_struct,
+					       (ndr_push_flags_fn_t)ndr_push_trustAuthInAndOutBlob);
+		if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+			printf("ndr_push_struct_blob of trustAuthInAndOutBlob structure failed");
+			ret = false;
+		}
+
+		arcfour_crypt_blob(auth_blob.data, auth_blob.length, &session_key);
+
+		authinfo.auth_blob.size = auth_blob.length;
+		authinfo.auth_blob.data = auth_blob.data;
+
 		r.in.policy_handle = handle;
 		r.in.info = &trustinfo;
-		r.in.auth_info = NULL;
+		r.in.auth_info = &authinfo;
 		r.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
 		r.out.trustdom_handle = &trustdom_handle[i];
 		
@@ -2114,7 +2148,7 @@ static bool test_CreateTrustedDomainEx2(struct dcerpc_pipe *p,
 			status = dcerpc_lsa_CreateTrustedDomainEx2(p, mem_ctx, &r);
 		}
 		if (!NT_STATUS_IS_OK(status)) {
-			printf("CreateTrustedDomainEx failed - %s\n", nt_errstr(status));
+			printf("CreateTrustedDomainEx failed2 - %s\n", nt_errstr(status));
 			ret = false;
 		} else {
 		
@@ -2452,7 +2486,7 @@ bool torture_rpc_lsa(struct torture_context *tctx)
 			ret = false;
 		}
 
-		if (!test_CreateTrustedDomainEx2(p, tctx, handle)) {
+		if (!test_CreateTrustedDomainEx2(p, tctx, tctx, handle)) {
 			ret = false;
 		}