diff options
author | Andrew Tridgell <tridge@samba.org> | 2004-05-28 13:23:30 +0000 |
---|---|---|
committer | Gerald (Jerry) Carter <jerry@samba.org> | 2007-10-10 12:56:20 -0500 |
commit | d9538e7412c593a9dc10a600676939d2cf0205ea (patch) | |
tree | 0ff1ce915a7c076facc22cc8e63d1fcf55e2215c /source4 | |
parent | 90341da78b10beb4fa0bdbc8de35d44373c27fbf (diff) | |
download | samba-d9538e7412c593a9dc10a600676939d2cf0205ea.tar.gz samba-d9538e7412c593a9dc10a600676939d2cf0205ea.tar.bz2 samba-d9538e7412c593a9dc10a600676939d2cf0205ea.zip |
r937: - added a simple QuerySecurity implementation in samr server
- moved some sec desc defines into misc.idl
- fixed pw_len field in UserInfo26
- made some pipes available on TCP
- added netr_DsrEnumerateDomainTrusts() to netlogon
- added templates for remaining netlogon IDL calls (from ethereal)
- added a unistr_noterm vs unistr error detector in ndr basic decoder
- added torture test for netr_DsrEnumerateDomainTrusts()
(This used to be commit ae5a5113fb83640dcb9ae4642c1b9eaf28487956)
Diffstat (limited to 'source4')
-rw-r--r-- | source4/include/rpc_secdes.h | 20 | ||||
-rw-r--r-- | source4/lib/basic.mk | 1 | ||||
-rw-r--r-- | source4/lib/util_secdesc.c | 51 | ||||
-rw-r--r-- | source4/librpc/idl/lsa.idl | 2 | ||||
-rw-r--r-- | source4/librpc/idl/misc.idl | 20 | ||||
-rw-r--r-- | source4/librpc/idl/netlogon.idl | 138 | ||||
-rw-r--r-- | source4/librpc/idl/samr.idl | 3 | ||||
-rw-r--r-- | source4/librpc/idl/winreg.idl | 1 | ||||
-rw-r--r-- | source4/librpc/ndr/ndr_basic.c | 12 | ||||
-rw-r--r-- | source4/rpc_server/netlogon/dcerpc_netlogon.c | 326 | ||||
-rw-r--r-- | source4/rpc_server/samr/dcesrv_samr.c | 18 | ||||
-rw-r--r-- | source4/rpc_server/samr/samdb.c | 11 | ||||
-rw-r--r-- | source4/torture/rpc/netlogon.c | 28 | ||||
-rw-r--r-- | source4/torture/rpc/samr.c | 4 |
14 files changed, 612 insertions, 23 deletions
diff --git a/source4/include/rpc_secdes.h b/source4/include/rpc_secdes.h index eb83b81d85..3c56d6cb82 100644 --- a/source4/include/rpc_secdes.h +++ b/source4/include/rpc_secdes.h @@ -74,28 +74,8 @@ typedef struct security_descriptor SEC_DESC; #define SEC_ACE_TYPE_SYSTEM_AUDIT_OBJECT 0x7 #define SEC_ACE_TYPE_SYSTEM_ALARM_OBJECT 0x8 -#define SEC_DESC_OWNER_DEFAULTED 0x0001 -#define SEC_DESC_GROUP_DEFAULTED 0x0002 -#define SEC_DESC_DACL_PRESENT 0x0004 -#define SEC_DESC_DACL_DEFAULTED 0x0008 -#define SEC_DESC_SACL_PRESENT 0x0010 -#define SEC_DESC_SACL_DEFAULTED 0x0020 -#define SEC_DESC_DACL_TRUSTED 0x0040 -#define SEC_DESC_SERVER_SECURITY 0x0080 -/* - * New Windows 2000 bits. - */ -#define SE_DESC_DACL_AUTO_INHERIT_REQ 0x0100 -#define SE_DESC_SACL_AUTO_INHERIT_REQ 0x0200 -#define SE_DESC_DACL_AUTO_INHERITED 0x0400 -#define SE_DESC_SACL_AUTO_INHERITED 0x0800 -#define SE_DESC_DACL_PROTECTED 0x1000 -#define SE_DESC_SACL_PROTECTED 0x2000 /* Don't know what this means. */ -#define SEC_DESC_RM_CONTROL_VALID 0x4000 - -#define SEC_DESC_SELF_RELATIVE 0x8000 /* security information */ #define OWNER_SECURITY_INFORMATION 0x00000001 diff --git a/source4/lib/basic.mk b/source4/lib/basic.mk index ce82157894..754458fec1 100644 --- a/source4/lib/basic.mk +++ b/source4/lib/basic.mk @@ -25,6 +25,7 @@ ADD_OBJ_FILES = \ lib/wins_srv.o \ lib/util_str.o \ lib/util_sid.o \ + lib/util_secdesc.o \ lib/util_uuid.o \ lib/util_unistr.o \ lib/util_file.o \ diff --git a/source4/lib/util_secdesc.c b/source4/lib/util_secdesc.c new file mode 100644 index 0000000000..92887b21d9 --- /dev/null +++ b/source4/lib/util_secdesc.c @@ -0,0 +1,51 @@ +/* + Unix SMB/CIFS implementation. + + security descriptror utility functions + + Copyright (C) Andrew Tridgell 2004 + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 2 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. +*/ + +#include "includes.h" + +/* + return a blank security descriptor (no owners, dacl or sacl) +*/ +struct security_descriptor *sd_initialise(TALLOC_CTX *mem_ctx) +{ + struct security_descriptor *sd; + + sd = talloc_p(mem_ctx, struct security_descriptor); + if (!sd) { + return NULL; + } + + sd->revision = SD_REVISION; + /* we mark as self relative, even though it isn't while it remains + a pointer in memory because this simplifies the ndr code later. + All SDs that we store/emit are in fact SELF_RELATIVE + */ + sd->type = SEC_DESC_SELF_RELATIVE; + + sd->owner_sid = NULL; + sd->group_sid = NULL; + sd->sacl = NULL; + sd->dacl = NULL; + + return sd; +} + diff --git a/source4/librpc/idl/lsa.idl b/source4/librpc/idl/lsa.idl index b9acbfcf10..5683a0d08e 100644 --- a/source4/librpc/idl/lsa.idl +++ b/source4/librpc/idl/lsa.idl @@ -6,7 +6,7 @@ [ uuid(12345778-1234-abcd-ef00-0123456789ab), version(0.0), - endpoints(lsarpc,lsass), + endpoints(lsarpc,lsass,TCP-0), pointer_default(unique) ] interface lsarpc { diff --git a/source4/librpc/idl/misc.idl b/source4/librpc/idl/misc.idl index c5e0b06a23..240c0026e3 100644 --- a/source4/librpc/idl/misc.idl +++ b/source4/librpc/idl/misc.idl @@ -80,6 +80,26 @@ interface misc security_ace aces[num_aces]; } security_acl; + /* default revision for new ACLs */ + const int SD_REVISION = 1; + + /* security_descriptor->type bits */ + const int SEC_DESC_OWNER_DEFAULTED = 0x0001; + const int SEC_DESC_GROUP_DEFAULTED = 0x0002; + const int SEC_DESC_DACL_PRESENT = 0x0004; + const int SEC_DESC_DACL_DEFAULTED = 0x0008; + const int SEC_DESC_SACL_PRESENT = 0x0010; + const int SEC_DESC_SACL_DEFAULTED = 0x0020; + const int SEC_DESC_DACL_TRUSTED = 0x0040; + const int SEC_DESC_SERVER_SECURITY = 0x0080; + const int SEC_DESC_DACL_AUTO_INHERIT_REQ = 0x0100; + const int SEC_DESC_SACL_AUTO_INHERIT_REQ = 0x0200; + const int SEC_DESC_DACL_AUTO_INHERITED = 0x0400; + const int SEC_DESC_SACL_AUTO_INHERITED = 0x0800; + const int SEC_DESC_DACL_PROTECTED = 0x1000; + const int SEC_DESC_SACL_PROTECTED = 0x2000; + const int SEC_DESC_RM_CONTROL_VALID = 0x4000; + const int SEC_DESC_SELF_RELATIVE = 0x8000; typedef [public] struct { uint8 revision; diff --git a/source4/librpc/idl/netlogon.idl b/source4/librpc/idl/netlogon.idl index f3c2b1ff26..6888c63ab9 100644 --- a/source4/librpc/idl/netlogon.idl +++ b/source4/librpc/idl/netlogon.idl @@ -9,6 +9,7 @@ [ uuid(12345678-1234-abcd-ef00-01234567cffb), version(1.0), + endpoints(netlogon,TCP-0), pointer_default(unique) ] @@ -854,4 +855,141 @@ interface netlogon [in][switch_is(function_code)] netr_CONTROL_DATA_INFORMATION data, [out][switch_is(level)] netr_CONTROL_QUERY_INFORMATION query ); + + /*****************/ + /* Function 0x13 */ + WERROR netr_NETRENUMERATETRUSTEDDOMAINS() ; + + /*****************/ + /* Function 0x14 */ + WERROR netr_DSRGETDCNAME() ; + + /*****************/ + /* Function 0x15 */ + WERROR netr_NETRLOGONDUMMYROUTINE1(); + + /****************/ + /* Function 0x16 */ + WERROR netr_NETRLOGONSETSERVICEBITS(); + + /****************/ + /* Function 0x17 */ + WERROR netr_NETRLOGONGETTRUSTRID(); + + /****************/ + /* Function 0x18 */ + WERROR netr_NETRLOGONCOMPUTESERVERDIGEST(); + + /****************/ + /* Function 0x19 */ + WERROR netr_NETRLOGONCOMPUTECLIENTDIGEST(); + + /****************/ + /* Function 0x1a */ + WERROR netr_NETRSERVERAUTHENTICATE3(); + + /****************/ + /* Function 0x1b */ + WERROR netr_DSRGETDCNAMEX(); + + /****************/ + /* Function 0x1c */ + WERROR netr_DSRGETSITENAME(); + + /****************/ + /* Function 0x1d */ + WERROR netr_NETRLOGONGETDOMAININFO(); + + /****************/ + /* Function 0x1e */ + WERROR netr_NETRSERVERPASSWORDSET2(); + + /****************/ + /* Function 0x1f */ + WERROR netr_NETRSERVERPASSWORDGET(); + + /****************/ + /* Function 0x20 */ + WERROR netr_NETRLOGONSENDTOSAM(); + + /****************/ + /* Function 0x21 */ + WERROR netr_DSRADDRESSTOSITENAMESW(); + + /****************/ + /* Function 0x22 */ + WERROR netr_DSRGETDCNAMEEX2(); + + /****************/ + /* Function 0x23 */ + WERROR netr_NETRLOGONGETTIMESERVICEPARENTDOMAIN(); + + /****************/ + /* Function 0x24 */ + WERROR netr_NETRENUMERATETRUSTEDDOMAINSEX(); + + /****************/ + /* Function 0x25 */ + WERROR netr_DSRADDRESSTOSITENAMESEXW(); + + /****************/ + /* Function 0x26 */ + WERROR netr_DSRGETDCSITECOVERAGEW(); + + /****************/ + /* Function 0x27 */ + WERROR netr_NETRLOGONSAMLOGONEX(); + + /****************/ + /* Function 0x28 */ + + const int NETR_TRUST_FLAG_IN_FOREST = 0x01; + const int NETR_TRUST_FLAG_OUTBOUND = 0x02; + const int NETR_TRUST_FLAG_TREEROOT = 0x04; + const int NETR_TRUST_FLAG_PRIMARY = 0x08; + const int NETR_TRUST_FLAG_NATIVE = 0x10; + const int NETR_TRUST_FLAG_INBOUND = 0x20; + + typedef struct { + unistr *netbios_name; + unistr *dns_name; + uint32 trust_flags; + uint32 parent_index; + uint32 trust_type; + uint32 trust_attributes; + dom_sid2 *sid; + GUID guid; + } netr_DomainTrust; + + WERROR netr_DsrEnumerateDomainTrusts( + [in] unistr *server_name, + [in] uint32 trust_flags, + [out] uint32 count, + [out,size_is(count)] netr_DomainTrust *trusts + ); + + + /****************/ + /* Function 0x29 */ + WERROR netr_DSRDEREGISTERDNSHOSTRECORDS(); + + /****************/ + /* Function 0x2a */ + WERROR netr_NETRSERVERTRUSTPASSWORDSGET(); + + /****************/ + /* Function 0x2b */ + WERROR netr_DSRGETFORESTTRUSTINFORMATION(); + + /****************/ + /* Function 0x2c */ + WERROR netr_NETRGETFORESTTRUSTINFORMATION(); + + /****************/ + /* Function 0x2d */ + WERROR netr_NETRLOGONSAMLOGONWITHFLAGS(); + + /****************/ + /* Function 0x2e */ + WERROR netr_NETRSERVERGETTRUSTINFO(); } diff --git a/source4/librpc/idl/samr.idl b/source4/librpc/idl/samr.idl index e428bfe0c7..960d007bd3 100644 --- a/source4/librpc/idl/samr.idl +++ b/source4/librpc/idl/samr.idl @@ -10,6 +10,7 @@ [ uuid(12345778-1234-abcd-ef00-0123456789ac), version(1.0), + endpoints(samr,TCP-0), pointer_default(unique) ] interface samr { @@ -761,7 +762,7 @@ typedef struct { samr_CryptPasswordEx password; - uint16 pw_len; + uint8 pw_len; } samr_UserInfo26; typedef union { diff --git a/source4/librpc/idl/winreg.idl b/source4/librpc/idl/winreg.idl index fa11f80dcd..d043dad1f1 100644 --- a/source4/librpc/idl/winreg.idl +++ b/source4/librpc/idl/winreg.idl @@ -6,6 +6,7 @@ [ uuid(338cd001-2244-31f1-aaaa-900038001003), version(1.0), + endpoints(winreg,TCP-0), pointer_default(unique) ] interface winreg { diff --git a/source4/librpc/ndr/ndr_basic.c b/source4/librpc/ndr/ndr_basic.c index 1766d47e14..f8315b3af0 100644 --- a/source4/librpc/ndr/ndr_basic.c +++ b/source4/librpc/ndr/ndr_basic.c @@ -413,6 +413,18 @@ NTSTATUS ndr_pull_string(struct ndr_pull *ndr, int ndr_flags, const char **s) "Bad character conversion"); } NDR_CHECK(ndr_pull_advance(ndr, len2*2)); + + /* this is a way of detecting if a string is sent with the wrong + termination */ + if (ndr->flags & LIBNDR_FLAG_STR_NOTERM) { + if (strlen(as) < len2) { + DEBUG(6,("short string '%s'\n", as)); + } + } else { + if (strlen(as) == len2) { + DEBUG(6,("long string '%s'\n", as)); + } + } *s = as; break; diff --git a/source4/rpc_server/netlogon/dcerpc_netlogon.c b/source4/rpc_server/netlogon/dcerpc_netlogon.c index 4481df6aa8..7cf2965323 100644 --- a/source4/rpc_server/netlogon/dcerpc_netlogon.c +++ b/source4/rpc_server/netlogon/dcerpc_netlogon.c @@ -598,5 +598,331 @@ static WERROR netr_LogonControl2Ex(struct dcesrv_call_state *dce_call, TALLOC_CT } +/* + netr_NETRENUMERATETRUSTEDDOMAINS +*/ +static WERROR netr_NETRENUMERATETRUSTEDDOMAINS(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx, + struct netr_NETRENUMERATETRUSTEDDOMAINS *r) +{ + DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR); +} + + +/* + netr_DSRGETDCNAME +*/ +static WERROR netr_DSRGETDCNAME(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx, + struct netr_DSRGETDCNAME *r) +{ + DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR); +} + + +/* + netr_NETRLOGONDUMMYROUTINE1 +*/ +static WERROR netr_NETRLOGONDUMMYROUTINE1(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx, + struct netr_NETRLOGONDUMMYROUTINE1 *r) +{ + DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR); +} + + +/* + netr_NETRLOGONSETSERVICEBITS +*/ +static WERROR netr_NETRLOGONSETSERVICEBITS(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx, + struct netr_NETRLOGONSETSERVICEBITS *r) +{ + DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR); +} + + +/* + netr_NETRLOGONGETTRUSTRID +*/ +static WERROR netr_NETRLOGONGETTRUSTRID(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx, + struct netr_NETRLOGONGETTRUSTRID *r) +{ + DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR); +} + + +/* + netr_NETRLOGONCOMPUTESERVERDIGEST +*/ +static WERROR netr_NETRLOGONCOMPUTESERVERDIGEST(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx, + struct netr_NETRLOGONCOMPUTESERVERDIGEST *r) +{ + DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR); +} + + +/* + netr_NETRLOGONCOMPUTECLIENTDIGEST +*/ +static WERROR netr_NETRLOGONCOMPUTECLIENTDIGEST(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx, + struct netr_NETRLOGONCOMPUTECLIENTDIGEST *r) +{ + DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR); +} + + +/* + netr_NETRSERVERAUTHENTICATE3 +*/ +static WERROR netr_NETRSERVERAUTHENTICATE3(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx, + struct netr_NETRSERVERAUTHENTICATE3 *r) +{ + DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR); +} + + +/* + netr_DSRGETDCNAMEX +*/ +static WERROR netr_DSRGETDCNAMEX(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx, + struct netr_DSRGETDCNAMEX *r) +{ + DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR); +} + + +/* + netr_DSRGETSITENAME +*/ +static WERROR netr_DSRGETSITENAME(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx, + struct netr_DSRGETSITENAME *r) +{ + DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR); +} + + +/* + netr_NETRLOGONGETDOMAININFO +*/ +static WERROR netr_NETRLOGONGETDOMAININFO(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx, + struct netr_NETRLOGONGETDOMAININFO *r) +{ + DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR); +} + + +/* + netr_NETRSERVERPASSWORDSET2 +*/ +static WERROR netr_NETRSERVERPASSWORDSET2(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx, + struct netr_NETRSERVERPASSWORDSET2 *r) +{ + DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR); +} + + +/* + netr_NETRSERVERPASSWORDGET +*/ +static WERROR netr_NETRSERVERPASSWORDGET(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx, + struct netr_NETRSERVERPASSWORDGET *r) +{ + DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR); +} + + +/* + netr_NETRLOGONSENDTOSAM +*/ +static WERROR netr_NETRLOGONSENDTOSAM(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx, + struct netr_NETRLOGONSENDTOSAM *r) +{ + DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR); +} + + +/* + netr_DSRADDRESSTOSITENAMESW +*/ +static WERROR netr_DSRADDRESSTOSITENAMESW(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx, + struct netr_DSRADDRESSTOSITENAMESW *r) +{ + DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR); +} + + +/* + netr_DSRGETDCNAMEEX2 +*/ +static WERROR netr_DSRGETDCNAMEEX2(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx, + struct netr_DSRGETDCNAMEEX2 *r) +{ + DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR); +} + + +/* + netr_NETRLOGONGETTIMESERVICEPARENTDOMAIN +*/ +static WERROR netr_NETRLOGONGETTIMESERVICEPARENTDOMAIN(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx, + struct netr_NETRLOGONGETTIMESERVICEPARENTDOMAIN *r) +{ + DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR); +} + + +/* + netr_NETRENUMERATETRUSTEDDOMAINSEX +*/ +static WERROR netr_NETRENUMERATETRUSTEDDOMAINSEX(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx, + struct netr_NETRENUMERATETRUSTEDDOMAINSEX *r) +{ + DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR); +} + + +/* + netr_DSRADDRESSTOSITENAMESEXW +*/ +static WERROR netr_DSRADDRESSTOSITENAMESEXW(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx, + struct netr_DSRADDRESSTOSITENAMESEXW *r) +{ + DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR); +} + + +/* + netr_DSRGETDCSITECOVERAGEW +*/ +static WERROR netr_DSRGETDCSITECOVERAGEW(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx, + struct netr_DSRGETDCSITECOVERAGEW *r) +{ + DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR); +} + + +/* + netr_NETRLOGONSAMLOGONEX +*/ +static WERROR netr_NETRLOGONSAMLOGONEX(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx, + struct netr_NETRLOGONSAMLOGONEX *r) +{ + DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR); +} + + +/* + netr_DsrEnumerateDomainTrusts +*/ +static WERROR netr_DsrEnumerateDomainTrusts(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx, + struct netr_DsrEnumerateDomainTrusts *r) +{ + struct netr_DomainTrust *trusts; + void *sam_ctx; + int ret, i; + struct ldb_message **res; + const char * const attrs[] = { "name", "dnsDomain", "objectSid", "objectGUID", NULL }; + + ZERO_STRUCT(r->out); + + sam_ctx = samdb_connect(); + if (sam_ctx == NULL) { + return WERR_GENERAL_FAILURE; + } + + ret = samdb_search(sam_ctx, mem_ctx, NULL, &res, attrs, "(objectClass=domainDNS)"); + if (ret == -1) { + samdb_close(sam_ctx); + return WERR_GENERAL_FAILURE; + } + + if (ret == 0) { + return WERR_OK; + } + + trusts = talloc_array_p(mem_ctx, struct netr_DomainTrust, ret); + if (trusts == NULL) { + return WERR_NOMEM; + } + + r->out.count = ret; + r->out.trusts = trusts; + + for (i=0;i<ret;i++) { + trusts[i].netbios_name = samdb_result_string(res[i], "name", NULL); + trusts[i].dns_name = samdb_result_string(res[i], "dnsDomain", NULL); + trusts[i].trust_flags = + NETR_TRUST_FLAG_TREEROOT | + NETR_TRUST_FLAG_IN_FOREST | + NETR_TRUST_FLAG_PRIMARY; + trusts[i].parent_index = 0; + trusts[i].trust_type = 2; + trusts[i].trust_attributes = 0; + trusts[i].sid = samdb_result_dom_sid(mem_ctx, res[i], "objectSid"); + trusts[i].guid = samdb_result_guid(res[i], "objectGUID"); + } + + + return WERR_OK; +} + + +/* + netr_DSRDEREGISTERDNSHOSTRECORDS +*/ +static WERROR netr_DSRDEREGISTERDNSHOSTRECORDS(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx, + struct netr_DSRDEREGISTERDNSHOSTRECORDS *r) +{ + DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR); +} + + +/* + netr_NETRSERVERTRUSTPASSWORDSGET +*/ +static WERROR netr_NETRSERVERTRUSTPASSWORDSGET(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx, + struct netr_NETRSERVERTRUSTPASSWORDSGET *r) +{ + DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR); +} + + +/* + netr_DSRGETFORESTTRUSTINFORMATION +*/ +static WERROR netr_DSRGETFORESTTRUSTINFORMATION(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx, + struct netr_DSRGETFORESTTRUSTINFORMATION *r) +{ + DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR); +} + + +/* + netr_NETRGETFORESTTRUSTINFORMATION +*/ +static WERROR netr_NETRGETFORESTTRUSTINFORMATION(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx, + struct netr_NETRGETFORESTTRUSTINFORMATION *r) +{ + DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR); +} + + +/* + netr_NETRLOGONSAMLOGONWITHFLAGS +*/ +static WERROR netr_NETRLOGONSAMLOGONWITHFLAGS(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx, + struct netr_NETRLOGONSAMLOGONWITHFLAGS *r) +{ + DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR); +} + + +/* + netr_NETRSERVERGETTRUSTINFO +*/ +static WERROR netr_NETRSERVERGETTRUSTINFO(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx, + struct netr_NETRSERVERGETTRUSTINFO *r) +{ + DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR); +} + + /* include the generated boilerplate */ #include "librpc/gen_ndr/ndr_netlogon_s.c" diff --git a/source4/rpc_server/samr/dcesrv_samr.c b/source4/rpc_server/samr/dcesrv_samr.c index eba36e53fa..2811a09534 100644 --- a/source4/rpc_server/samr/dcesrv_samr.c +++ b/source4/rpc_server/samr/dcesrv_samr.c @@ -135,7 +135,23 @@ static NTSTATUS samr_SetSecurity(struct dcesrv_call_state *dce_call, TALLOC_CTX static NTSTATUS samr_QuerySecurity(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx, struct samr_QuerySecurity *r) { - DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR); + struct dcesrv_handle *h; + struct samr_SdBuf *sd; + + r->out.sdbuf = NULL; + + DCESRV_PULL_HANDLE(h, r->in.handle, DCESRV_HANDLE_ANY); + + sd = talloc_p(mem_ctx, struct samr_SdBuf); + if (sd == NULL) { + return NT_STATUS_NO_MEMORY; + } + + sd->sd = samdb_default_security_descriptor(mem_ctx); + + r->out.sdbuf = sd; + + return NT_STATUS_OK; } diff --git a/source4/rpc_server/samr/samdb.c b/source4/rpc_server/samr/samdb.c index ed76a4fc60..37063b551d 100644 --- a/source4/rpc_server/samr/samdb.c +++ b/source4/rpc_server/samr/samdb.c @@ -965,3 +965,14 @@ int samdb_replace(void *ctx, TALLOC_CTX *mem_ctx, struct ldb_message *msg) return samdb_modify(ctx, mem_ctx, msg); } +/* + return a default security descriptor +*/ +struct security_descriptor *samdb_default_security_descriptor(TALLOC_CTX *mem_ctx) +{ + struct security_descriptor *sd; + + sd = sd_initialise(mem_ctx); + + return sd; +} diff --git a/source4/torture/rpc/netlogon.c b/source4/torture/rpc/netlogon.c index 8fd4a0fd4c..0fbd03fb83 100644 --- a/source4/torture/rpc/netlogon.c +++ b/source4/torture/rpc/netlogon.c @@ -1561,6 +1561,30 @@ static BOOL test_LogonControl2Ex(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx) } +/* + try a netlogon netr_DsrEnumerateDomainTrusts +*/ +static BOOL test_DsrEnumerateDomainTrusts(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx) +{ + NTSTATUS status; + struct netr_DsrEnumerateDomainTrusts r; + + r.in.server_name = talloc_asprintf(mem_ctx, "\\\\%s", dcerpc_server_name(p)); + r.in.trust_flags = 0x3f; + + printf("Testing netr_DsrEnumerateDomainTrusts\n"); + + status = dcerpc_netr_DsrEnumerateDomainTrusts(p, mem_ctx, &r); + if (!NT_STATUS_IS_OK(status) || !W_ERROR_IS_OK(r.out.result)) { + printf("netr_DsrEnumerateDomainTrusts - %s/%s\n", + nt_errstr(status), win_errstr(r.out.result)); + return False; + } + + return True; +} + + BOOL torture_rpc_netlogon(int dummy) { @@ -1640,6 +1664,10 @@ BOOL torture_rpc_netlogon(int dummy) ret = False; } + if (!test_DsrEnumerateDomainTrusts(p, mem_ctx)) { + ret = False; + } + torture_rpc_close(p); if (!leave_domain_bdc(mem_ctx)) { diff --git a/source4/torture/rpc/samr.c b/source4/torture/rpc/samr.c index a1b01b533f..a7a6482da9 100644 --- a/source4/torture/rpc/samr.c +++ b/source4/torture/rpc/samr.c @@ -134,6 +134,10 @@ static BOOL test_QuerySecurity(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx, return False; } + if (s.in.sdbuf == NULL) { + return False; + } + s.in.handle = handle; s.in.sec_info = 7; s.in.sdbuf = r.out.sdbuf; |