diff options
| -rw-r--r-- | librpc/idl/lsa.idl (renamed from source3/librpc/idl/lsa.idl) | 62 | ||||
| -rw-r--r-- | source3/Makefile.in | 2 | ||||
| -rw-r--r-- | source3/librpc/gen_ndr/lsa.h | 2 | ||||
| -rw-r--r-- | source3/passdb/lookup_sid.c | 8 | ||||
| -rw-r--r-- | source3/rpc_server/srv_lsa_nt.c | 8 | ||||
| -rw-r--r-- | source4/libcli/util/clilsa.c | 8 | ||||
| -rw-r--r-- | source4/libnet/libnet_group.c | 8 | ||||
| -rw-r--r-- | source4/libnet/libnet_lookup.c | 4 | ||||
| -rw-r--r-- | source4/libnet/libnet_rpc.c | 12 | ||||
| -rw-r--r-- | source4/libnet/libnet_user.c | 10 | ||||
| -rw-r--r-- | source4/librpc/idl/lsa.idl | 1222 | ||||
| -rw-r--r-- | source4/rpc_server/lsa/dcesrv_lsa.c | 186 | ||||
| -rw-r--r-- | source4/rpc_server/lsa/lsa_lookup.c | 36 | ||||
| -rw-r--r-- | source4/torture/ndr/lsa.c | 34 | ||||
| -rw-r--r-- | source4/torture/rpc/handles.c | 2 | ||||
| -rw-r--r-- | source4/torture/rpc/lsa.c | 165 | ||||
| -rw-r--r-- | source4/torture/rpc/lsa_lookup.c | 11 | ||||
| -rw-r--r-- | source4/torture/rpc/object_uuid.c | 8 | ||||
| -rw-r--r-- | source4/torture/rpc/samba3rpc.c | 23 | ||||
| -rw-r--r-- | source4/torture/rpc/samsync.c | 26 | ||||
| -rw-r--r-- | source4/torture/rpc/schannel.c | 21 | ||||
| -rw-r--r-- | source4/winbind/wb_async_helpers.c | 21 | ||||
| -rw-r--r-- | source4/winbind/wb_init_domain.c | 7 |
23 files changed, 414 insertions, 1472 deletions
diff --git a/source3/librpc/idl/lsa.idl b/librpc/idl/lsa.idl index a443448871..003641d97a 100644 --- a/source3/librpc/idl/lsa.idl +++ b/librpc/idl/lsa.idl @@ -56,7 +56,7 @@ import "misc.idl", "security.idl"; NTSTATUS lsa_Close ( [in,out] policy_handle *handle ); - + /******************/ /* Function: 0x01 */ @@ -71,7 +71,7 @@ import "misc.idl", "security.idl"; uint32 low; uint32 high; } lsa_LUID; - + typedef struct { lsa_StringLarge name; lsa_LUID luid; @@ -83,22 +83,20 @@ import "misc.idl", "security.idl"; } lsa_PrivArray; [public] NTSTATUS lsa_EnumPrivs ( - [in] policy_handle *handle, - [in,out,ref] uint32 *resume_handle, - [out,ref] lsa_PrivArray *privs, - [in] uint32 max_count + [in] policy_handle *handle, + [in,out,ref] uint32 *resume_handle, + [out,ref] lsa_PrivArray *privs, + [in] uint32 max_count ); /******************/ /* Function: 0x03 */ - NTSTATUS lsa_QuerySecurity ( - [in] policy_handle *handle, - [in] security_secinfo sec_info, - [out,ref] sec_desc_buf **sdbuf + [in] policy_handle *handle, + [in] security_secinfo sec_info, + [out,ref] sec_desc_buf **sdbuf ); - /******************/ /* Function: 0x04 */ NTSTATUS lsa_SetSecObj( @@ -120,7 +118,7 @@ import "misc.idl", "security.idl"; uint8 context_mode; uint8 effective_only; } lsa_QosInfo; - + typedef struct { uint32 len; /* ignored */ uint8 *root_dir; @@ -153,7 +151,7 @@ import "misc.idl", "security.idl"; [in] lsa_PolicyAccessMask access_mask, [out] policy_handle *handle ); - + /******************/ @@ -317,26 +315,25 @@ import "misc.idl", "security.idl"; /******************/ /* NOTE: This only returns accounts that have at least - one privilege set + one privilege set */ /* Function: 0x0b */ typedef struct { dom_sid2 *sid; } lsa_SidPtr; - + typedef [public] struct { [range(0,1000)] uint32 num_sids; [size_is(num_sids)] lsa_SidPtr *sids; } lsa_SidArray; - [public] NTSTATUS lsa_EnumAccounts ( + [public] NTSTATUS lsa_EnumAccounts( [in] policy_handle *handle, [in,out,ref] uint32 *resume_handle, [out,ref] lsa_SidArray *sids, [in,range(0,8192)] uint32 num_entries ); - /*************************************************/ /* Function: 0x0c */ @@ -359,7 +356,7 @@ import "misc.idl", "security.idl"; [size_is(count)] lsa_DomainInfo *domains; } lsa_DomainList; - NTSTATUS lsa_EnumTrustDom ( + NTSTATUS lsa_EnumTrustDom( [in] policy_handle *handle, [in,out,ref] uint32 *resume_handle, [out,ref] lsa_DomainList *domains, @@ -394,8 +391,6 @@ import "misc.idl", "security.idl"; } lsa_TransSidArray; const int LSA_REF_DOMAIN_LIST_MULTIPLIER = 32; - const int MAX_REF_DOMAINS = LSA_REF_DOMAIN_LIST_MULTIPLIER; - typedef struct { [range(0,1000)] uint32 count; [size_is(count)] lsa_DomainInfo *domains; @@ -445,10 +440,7 @@ import "misc.idl", "security.idl"; [size_is(count)] lsa_TranslatedName *names; } lsa_TransNameArray; - /* This number is based on Win2k and later maximum response allowed */ - const int MAX_LOOKUP_SIDS = 0x5000; /* 20480 */ - - [public] NTSTATUS lsa_LookupSids ( + [public] NTSTATUS lsa_LookupSids( [in] policy_handle *handle, [in,ref] lsa_SidArray *sids, [out,ref] lsa_RefDomainList **domains, @@ -484,14 +476,14 @@ import "misc.idl", "security.idl"; lsa_LUID luid; uint32 attribute; } lsa_LUIDAttribute; - + typedef struct { [range(0,1000)] uint32 count; uint32 unknown; [size_is(count)] lsa_LUIDAttribute set[*]; } lsa_PrivilegeSet; - - NTSTATUS lsa_EnumPrivsAccount ( + + NTSTATUS lsa_EnumPrivsAccount( [in] policy_handle *handle, [out,ref] lsa_PrivilegeSet **privs ); @@ -503,7 +495,7 @@ import "misc.idl", "security.idl"; [in] policy_handle *handle, [in,ref] lsa_PrivilegeSet *privs ); - + /****************************************/ /* Function: 0x14 */ @@ -515,10 +507,10 @@ import "misc.idl", "security.idl"; /* Function: 0x15 */ [todo] NTSTATUS lsa_GetQuotasForAccount(); - + /* Function: 0x16 */ [todo] NTSTATUS lsa_SetQuotasForAccount(); - + typedef [bitmap32bit] bitmap { LSA_POLICY_MODE_INTERACTIVE = 0x00000001, LSA_POLICY_MODE_NETWORK = 0x00000002, @@ -772,7 +764,7 @@ import "misc.idl", "security.idl"; /* Function: 0x20 */ - NTSTATUS lsa_LookupPrivName ( + NTSTATUS lsa_LookupPrivName( [in] policy_handle *handle, [in,ref] lsa_LUID *luid, [out,ref] lsa_StringLarge **name @@ -781,7 +773,7 @@ import "misc.idl", "security.idl"; /*******************/ /* Function: 0x21 */ - NTSTATUS lsa_LookupPrivDisplayName ( + NTSTATUS lsa_LookupPrivDisplayName( [in] policy_handle *handle, [in,ref] lsa_String *name, [in] uint16 language_id, @@ -810,12 +802,12 @@ import "misc.idl", "security.idl"; typedef struct { [string,charset(UTF16)] uint16 *name; } lsa_RightAttribute; - + typedef struct { [range(0,256)] uint32 count; [size_is(count)] lsa_StringLarge *names; } lsa_RightSet; - + NTSTATUS lsa_EnumAccountRights ( [in] policy_handle *handle, [in,ref] dom_sid2 *sid, @@ -953,7 +945,7 @@ import "misc.idl", "security.idl"; /* Function 0x35 */ - /* w2k3 returns either 0x000bbbd000000000 or 0x000a48e800000000 + /* w2k3 returns either 0x000bbbd000000000 or 0x000a48e800000000 for unknown6 - gd */ typedef struct { uint32 enforce_restrictions; diff --git a/source3/Makefile.in b/source3/Makefile.in index 60832c8391..babd4f901d 100644 --- a/source3/Makefile.in +++ b/source3/Makefile.in @@ -1214,7 +1214,7 @@ modules:: SHOWFLAGS $(MODULES) ## Perl IDL Compiler samba3-idl:: @PIDL_ARGS="$(PIDL_ARGS)" CPP="$(CPP)" PIDL="../pidl/pidl" \ - srcdir="$(srcdir)" $(srcdir)/script/build_idl.sh librpc/idl/lsa.idl \ + srcdir="$(srcdir)" $(srcdir)/script/build_idl.sh ../librpc/idl/lsa.idl \ ../librpc/idl/dfs.idl ../librpc/idl/echo.idl ../librpc/idl/winreg.idl \ ../librpc/idl/initshutdown.idl librpc/idl/srvsvc.idl ../librpc/idl/svcctl.idl \ ../librpc/idl/eventlog.idl ../librpc/idl/wkssvc.idl librpc/idl/netlogon.idl \ diff --git a/source3/librpc/gen_ndr/lsa.h b/source3/librpc/gen_ndr/lsa.h index d91cf4b66d..0ccbcdf5b0 100644 --- a/source3/librpc/gen_ndr/lsa.h +++ b/source3/librpc/gen_ndr/lsa.h @@ -9,8 +9,6 @@ #define LSA_ENUM_TRUST_DOMAIN_MULTIPLIER ( 60 ) #define LSA_REF_DOMAIN_LIST_MULTIPLIER ( 32 ) -#define MAX_REF_DOMAINS ( LSA_REF_DOMAIN_LIST_MULTIPLIER ) -#define MAX_LOOKUP_SIDS ( 0x5000 ) #define LSA_ENUM_TRUST_DOMAIN_EX_MULTIPLIER ( 82 ) #define LSA_CLIENT_REVISION_NO_DNS ( 0x00000001 ) #define LSA_CLIENT_REVISION_DNS ( 0x00000002 ) diff --git a/source3/passdb/lookup_sid.c b/source3/passdb/lookup_sid.c index 3861c8e229..b9a67f208e 100644 --- a/source3/passdb/lookup_sid.c +++ b/source3/passdb/lookup_sid.c @@ -746,7 +746,7 @@ NTSTATUS lookup_sids(TALLOC_CTX *mem_ctx, int num_sids, } dom_infos = TALLOC_ZERO_ARRAY(mem_ctx, struct lsa_dom_info, - MAX_REF_DOMAINS); + LSA_REF_DOMAIN_LIST_MULTIPLIER); if (dom_infos == NULL) { result = NT_STATUS_NO_MEMORY; goto fail; @@ -816,7 +816,7 @@ NTSTATUS lookup_sids(TALLOC_CTX *mem_ctx, int num_sids, continue; } - for (j=0; j<MAX_REF_DOMAINS; j++) { + for (j=0; j<LSA_REF_DOMAIN_LIST_MULTIPLIER; j++) { if (!dom_infos[j].valid) { break; } @@ -825,7 +825,7 @@ NTSTATUS lookup_sids(TALLOC_CTX *mem_ctx, int num_sids, } } - if (j == MAX_REF_DOMAINS) { + if (j == LSA_REF_DOMAIN_LIST_MULTIPLIER) { /* TODO: What's the right error message here? */ result = NT_STATUS_NONE_MAPPED; goto fail; @@ -869,7 +869,7 @@ NTSTATUS lookup_sids(TALLOC_CTX *mem_ctx, int num_sids, /* Iterate over the domains found */ - for (i=0; i<MAX_REF_DOMAINS; i++) { + for (i=0; i<LSA_REF_DOMAIN_LIST_MULTIPLIER; i++) { uint32_t *rids; const char *domain_name = NULL; const char **names; diff --git a/source3/rpc_server/srv_lsa_nt.c b/source3/rpc_server/srv_lsa_nt.c index 2fa705daf3..3addf91494 100644 --- a/source3/rpc_server/srv_lsa_nt.c +++ b/source3/rpc_server/srv_lsa_nt.c @@ -33,6 +33,8 @@ #undef DBGC_CLASS #define DBGC_CLASS DBGC_RPC_SRV +#define MAX_LOOKUP_SIDS 0x5000 /* 20480 */ + extern PRIVS privs[]; struct lsa_info { @@ -68,13 +70,13 @@ static int init_lsa_ref_domain_list(TALLOC_CTX *mem_ctx, num = ref->count; } - if (num >= MAX_REF_DOMAINS) { + if (num >= LSA_REF_DOMAIN_LIST_MULTIPLIER) { /* index not found, already at maximum domain limit */ return -1; } ref->count = num + 1; - ref->max_size = MAX_REF_DOMAINS; + ref->max_size = LSA_REF_DOMAIN_LIST_MULTIPLIER; ref->domains = TALLOC_REALLOC_ARRAY(mem_ctx, ref->domains, struct lsa_DomainInfo, ref->count); @@ -725,7 +727,7 @@ static NTSTATUS _lsa_lookup_sids_internal(pipes_struct *p, return NT_STATUS_NO_MEMORY; } - for (i=0; i<MAX_REF_DOMAINS; i++) { + for (i=0; i<LSA_REF_DOMAIN_LIST_MULTIPLIER; i++) { if (!dom_infos[i].valid) { break; diff --git a/source4/libcli/util/clilsa.c b/source4/libcli/util/clilsa.c index 43f64186c3..16967d73b0 100644 --- a/source4/libcli/util/clilsa.c +++ b/source4/libcli/util/clilsa.c @@ -202,6 +202,7 @@ NTSTATUS smblsa_lookup_sid(struct smbcli_state *cli, struct lsa_LookupSids r; struct lsa_TransNameArray names; struct lsa_SidArray sids; + struct lsa_RefDomainList *domains = NULL; uint32_t count = 1; NTSTATUS status; struct dom_sid *sid; @@ -231,6 +232,7 @@ NTSTATUS smblsa_lookup_sid(struct smbcli_state *cli, r.in.count = &count; r.out.count = &count; r.out.names = &names; + r.out.domains = &domains; status = dcerpc_lsa_LookupSids(cli->lsa->pipe, mem_ctx2, &r); if (!NT_STATUS_IS_OK(status)) { @@ -243,7 +245,7 @@ NTSTATUS smblsa_lookup_sid(struct smbcli_state *cli, } (*name) = talloc_asprintf(mem_ctx, "%s\\%s", - r.out.domains->domains[0].name.string, + domains->domains[0].name.string, names.names[0].name.string); talloc_free(mem_ctx2); @@ -262,6 +264,7 @@ NTSTATUS smblsa_lookup_name(struct smbcli_state *cli, struct lsa_LookupNames r; struct lsa_TransSidArray sids; struct lsa_String names; + struct lsa_RefDomainList *domains = NULL; uint32_t count = 1; NTSTATUS status; struct dom_sid *sid; @@ -286,6 +289,7 @@ NTSTATUS smblsa_lookup_name(struct smbcli_state *cli, r.in.count = &count; r.out.count = &count; r.out.sids = &sids; + r.out.domains = &domains; status = dcerpc_lsa_LookupNames(cli->lsa->pipe, mem_ctx2, &r); if (!NT_STATUS_IS_OK(status)) { @@ -297,7 +301,7 @@ NTSTATUS smblsa_lookup_name(struct smbcli_state *cli, return NT_STATUS_UNSUCCESSFUL; } - sid = r.out.domains->domains[0].sid; + sid = domains->domains[0].sid; rid = sids.sids[0].rid; (*sid_str) = talloc_asprintf(mem_ctx, "%s-%u", diff --git a/source4/libnet/libnet_group.c b/source4/libnet/libnet_group.c index 50ba079b71..eded378511 100644 --- a/source4/libnet/libnet_group.c +++ b/source4/libnet/libnet_group.c @@ -444,6 +444,8 @@ struct composite_context *libnet_GroupList_send(struct libnet_context *ctx, /* prepare arguments of QueryDomainInfo call */ s->query_domain.in.handle = &ctx->lsa.handle; s->query_domain.in.level = LSA_POLICY_INFO_DOMAIN; + s->query_domain.out.info = talloc_zero(c, union lsa_PolicyInformation *); + if (composite_nomem(s->query_domain.out.info, c)) return c; /* send the request */ query_req = dcerpc_lsa_QueryInfoPolicy_send(ctx->lsa.pipe, c, &s->query_domain); @@ -474,6 +476,8 @@ static void continue_lsa_domain_opened(struct composite_context *ctx) /* prepare arguments of QueryDomainInfo call */ s->query_domain.in.handle = &s->ctx->lsa.handle; s->query_domain.in.level = LSA_POLICY_INFO_DOMAIN; + s->query_domain.out.info = talloc_zero(c, union lsa_PolicyInformation *); + if (composite_nomem(s->query_domain.out.info, c)) return; /* send the request */ query_req = dcerpc_lsa_QueryInfoPolicy_send(s->ctx->lsa.pipe, c, &s->query_domain); @@ -502,7 +506,7 @@ static void continue_domain_queried(struct rpc_request *req) if (!composite_is_ok(c)) return; /* get the returned domain info */ - s->dominfo = s->query_domain.out.info->domain; + s->dominfo = (*s->query_domain.out.info)->domain; /* make sure we have samr domain handle before continuing */ prereq_met = samr_domain_opened(s->ctx, s->domain_name, &c, &s->domain_open, @@ -592,7 +596,7 @@ static void continue_groups_enumerated(struct rpc_request *req) for (i = 0; i < s->group_list.out.sam->count; i++) { struct dom_sid *group_sid; struct samr_SamEntry *entry = &s->group_list.out.sam->entries[i]; - struct dom_sid *domain_sid = s->query_domain.out.info->domain.sid; + struct dom_sid *domain_sid = (*s->query_domain.out.info)->domain.sid; /* construct group sid from returned rid and queried domain sid */ group_sid = dom_sid_add_rid(c, domain_sid, entry->idx); diff --git a/source4/libnet/libnet_lookup.c b/source4/libnet/libnet_lookup.c index dc54ec3cf1..fc307823b8 100644 --- a/source4/libnet/libnet_lookup.c +++ b/source4/libnet/libnet_lookup.c @@ -312,6 +312,8 @@ static bool prepare_lookup_params(struct libnet_context *ctx, s->lookup.in.count = &s->count; s->lookup.out.count = &s->count; s->lookup.out.sids = &s->sids; + s->lookup.out.domains = talloc_zero(ctx, struct lsa_RefDomainList *); + if (composite_nomem(s->lookup.out.domains, c)) return false; return true; } @@ -372,7 +374,7 @@ NTSTATUS libnet_LookupName_recv(struct composite_context *c, TALLOC_CTX *mem_ctx io->out.sidstr = NULL; if (*s->lookup.out.count > 0) { - struct lsa_RefDomainList *domains = s->lookup.out.domains; + struct lsa_RefDomainList *domains = *s->lookup.out.domains; struct lsa_TransSidArray *sids = s->lookup.out.sids; if (domains == NULL || sids == NULL) { diff --git a/source4/libnet/libnet_rpc.c b/source4/libnet/libnet_rpc.c index 28cbba2933..a0d93287a5 100644 --- a/source4/libnet/libnet_rpc.c +++ b/source4/libnet/libnet_rpc.c @@ -607,6 +607,8 @@ static void continue_lsa_policy(struct rpc_request *req) /* query lsa info for dns domain name and guid */ s->lsa_query_info2.in.handle = &s->lsa_handle; s->lsa_query_info2.in.level = LSA_POLICY_INFO_DNS; + s->lsa_query_info2.out.info = talloc_zero(c, union lsa_PolicyInformation *); + if (composite_nomem(s->lsa_query_info2.out.info, c)) return; query_info_req = dcerpc_lsa_QueryInfoPolicy2_send(s->lsa_pipe, c, &s->lsa_query_info2); if (composite_nomem(query_info_req, c)) return; @@ -658,13 +660,13 @@ static void continue_lsa_query_info2(struct rpc_request *req) /* Copy the dns domain name and guid from the query result */ /* this should actually be a conversion from lsa_StringLarge */ - s->r.out.realm = s->lsa_query_info2.out.info->dns.dns_domain.string; + s->r.out.realm = (*s->lsa_query_info2.out.info)->dns.dns_domain.string; s->r.out.guid = talloc(c, struct GUID); if (composite_nomem(s->r.out.guid, c)) { s->r.out.error_string = NULL; return; } - *s->r.out.guid = s->lsa_query_info2.out.info->dns.domain_guid; + *s->r.out.guid = (*s->lsa_query_info2.out.info)->dns.domain_guid; } /* post monitor message */ @@ -680,6 +682,8 @@ static void continue_lsa_query_info2(struct rpc_request *req) /* query lsa info for domain name and sid */ s->lsa_query_info.in.handle = &s->lsa_handle; s->lsa_query_info.in.level = LSA_POLICY_INFO_DOMAIN; + s->lsa_query_info.out.info = talloc_zero(c, union lsa_PolicyInformation *); + if (composite_nomem(s->lsa_query_info.out.info, c)) return; query_info_req = dcerpc_lsa_QueryInfoPolicy_send(s->lsa_pipe, c, &s->lsa_query_info); if (composite_nomem(query_info_req, c)) return; @@ -719,8 +723,8 @@ static void continue_lsa_query_info(struct rpc_request *req) } /* Copy the domain name and sid from the query result */ - s->r.out.domain_sid = s->lsa_query_info.out.info->domain.sid; - s->r.out.domain_name = s->lsa_query_info.out.info->domain.name.string; + s->r.out.domain_sid = (*s->lsa_query_info.out.info)->domain.sid; + s->r.out.domain_name = (*s->lsa_query_info.out.info)->domain.name.string; continue_epm_map_binding_send(c); } diff --git a/source4/libnet/libnet_user.c b/source4/libnet/libnet_user.c index dce7320c73..c768319452 100644 --- a/source4/libnet/libnet_user.c +++ b/source4/libnet/libnet_user.c @@ -957,7 +957,9 @@ struct composite_context* libnet_UserList_send(struct libnet_context *ctx, /* prepare arguments of QueryDomainInfo call */ s->query_domain.in.handle = &ctx->lsa.handle; s->query_domain.in.level = LSA_POLICY_INFO_DOMAIN; - + s->query_domain.out.info = talloc_zero(c, union lsa_PolicyInformation *); + if (composite_nomem(s->query_domain.out.info, c)) return c; + /* send the request */ query_req = dcerpc_lsa_QueryInfoPolicy_send(ctx->lsa.pipe, c, &s->query_domain); if (composite_nomem(query_req, c)) return c; @@ -987,6 +989,8 @@ static void continue_lsa_domain_opened(struct composite_context *ctx) /* prepare arguments of QueryDomainInfo call */ s->query_domain.in.handle = &s->ctx->lsa.handle; s->query_domain.in.level = LSA_POLICY_INFO_DOMAIN; + s->query_domain.out.info = talloc_zero(c, union lsa_PolicyInformation *); + if (composite_nomem(s->query_domain.out.info, c)) return; /* send the request */ query_req = dcerpc_lsa_QueryInfoPolicy_send(s->ctx->lsa.pipe, c, &s->query_domain); @@ -1015,7 +1019,7 @@ static void continue_domain_queried(struct rpc_request *req) if (!composite_is_ok(c)) return; /* get the returned domain info */ - s->dominfo = s->query_domain.out.info->domain; + s->dominfo = (*s->query_domain.out.info)->domain; /* make sure we have samr domain handle before continuing */ prereq_met = samr_domain_opened(s->ctx, s->domain_name, &c, &s->domain_open, @@ -1107,7 +1111,7 @@ static void continue_users_enumerated(struct rpc_request *req) for (i = 0; i < s->user_list.out.sam->count; i++) { struct dom_sid *user_sid; struct samr_SamEntry *entry = &s->user_list.out.sam->entries[i]; - struct dom_sid *domain_sid = s->query_domain.out.info->domain.sid; + struct dom_sid *domain_sid = (*s->query_domain.out.info)->domain.sid; /* construct user sid from returned rid and queried domain sid */ user_sid = dom_sid_add_rid(c, domain_sid, entry->idx); diff --git a/source4/librpc/idl/lsa.idl b/source4/librpc/idl/lsa.idl deleted file mode 100644 index 4a7a42b4dc..0000000000 --- a/source4/librpc/idl/lsa.idl +++ /dev/null @@ -1,1222 +0,0 @@ -#include "idl_types.h" - -/* - lsa interface definition -*/ - -import "misc.idl", "security.idl"; - -[ uuid("12345778-1234-abcd-ef00-0123456789ab"), - version(0.0), - endpoint("ncacn_np:[\\pipe\\lsarpc]","ncacn_np:[\\pipe\\netlogon]","ncacn_np:[\\pipe\\lsass]", "ncacn_ip_tcp:", "ncalrpc:"), - pointer_default(unique), - helpstring("Local Security Authority") -] interface lsarpc -{ - typedef bitmap security_secinfo security_secinfo; - typedef bitmap kerb_EncTypes kerb_EncTypes; - - typedef [public,noejs] struct { - [value(2*strlen_m(string))] uint16 length; - [value(2*strlen_m(string))] uint16 size; - [charset(UTF16),size_is(size/2),length_is(length/2)] uint16 *string; - } lsa_String; - - typedef [public] struct { - [value(2*strlen_m(string))] uint16 length; - [value(2*strlen_m_term(string))] uint16 size; - [charset(UTF16),size_is(size/2),length_is(length/2)] uint16 *string; - } lsa_StringLarge; - - typedef [public] struct { - uint32 count; - [size_is(count)] lsa_String *names; - } lsa_Strings; - - typedef [public] struct { - [value(strlen_m(string))] uint16 length; - [value(strlen_m(string))] uint16 size; - [charset(DOS),size_is(size),length_is(length)] uint8 *string; - } lsa_AsciiString; - - typedef [public] struct { - [value(strlen_m(string))] uint16 length; - [value(strlen_m_term(string))] uint16 size; - [charset(DOS),size_is(size),length_is(length)] uint8 *string; - } lsa_AsciiStringLarge; - - typedef [public] struct { - uint16 length; - uint16 size; - [size_is(size/2),length_is(length/2)] uint16 *array; - } lsa_BinaryString; - - /******************/ - /* Function: 0x00 */ - NTSTATUS lsa_Close ( - [in,out] policy_handle *handle - ); - - - /******************/ - /* Function: 0x01 */ - [public] NTSTATUS lsa_Delete ( - [in] policy_handle *handle - ); - - - /******************/ - /* Function: 0x02 */ - typedef struct { - uint32 low; - uint32 high; - } lsa_LUID; - - typedef struct { - lsa_StringLarge name; - lsa_LUID luid; - } lsa_PrivEntry; - - typedef struct { - uint32 count; - [size_is(count)] lsa_PrivEntry *privs; - } lsa_PrivArray; - - [public] NTSTATUS lsa_EnumPrivs ( - [in] policy_handle *handle, - [in,out] uint32 *resume_handle, - [in] uint32 max_count, - [out] lsa_PrivArray *privs - ); - - /******************/ - /* Function: 0x03 */ - - NTSTATUS lsa_QuerySecurity ( - [in] policy_handle *handle, - [in] security_secinfo sec_info, - [out,unique] sec_desc_buf *sdbuf - ); - - - /******************/ - /* Function: 0x04 */ - NTSTATUS lsa_SetSecObj( - [in] policy_handle *handle, - [in] security_secinfo sec_info, - [in,ref] sec_desc_buf *sdbuf - ); - - /******************/ - /* Function: 0x05 */ - [todo] NTSTATUS lsa_ChangePassword (); - - - /******************/ - /* Function: 0x06 */ - typedef struct { - uint32 len; /* ignored */ - uint16 impersonation_level; - uint8 context_mode; - uint8 effective_only; - } lsa_QosInfo; - - typedef struct { - uint32 len; /* ignored */ - uint8 *root_dir; - [string,charset(UTF16)] uint16 *object_name; - uint32 attributes; - security_descriptor *sec_desc; - lsa_QosInfo *sec_qos; - } lsa_ObjectAttribute; - - typedef [public,bitmap32bit] bitmap { - LSA_POLICY_VIEW_LOCAL_INFORMATION = 0x00000001, - LSA_POLICY_VIEW_AUDIT_INFORMATION = 0x00000002, - LSA_POLICY_GET_PRIVATE_INFORMATION = 0x00000004, - LSA_POLICY_TRUST_ADMIN = 0x00000008, - LSA_POLICY_CREATE_ACCOUNT = 0x00000010, - LSA_POLICY_CREATE_SECRET = 0x00000020, - LSA_POLICY_CREATE_PRIVILEGE = 0x00000040, - LSA_POLICY_SET_DEFAULT_QUOTA_LIMITS = 0x00000080, - LSA_POLICY_SET_AUDIT_REQUIREMENTS = 0x00000100, - LSA_POLICY_AUDIT_LOG_ADMIN = 0x00000200, - LSA_POLICY_SERVER_ADMIN = 0x00000400, - LSA_POLICY_LOOKUP_NAMES = 0x00000800 - } lsa_PolicyAccessMask; - - /* notice the screwup with the system_name - thats why MS created - OpenPolicy2 */ - [public] NTSTATUS lsa_OpenPolicy ( - [in,unique] uint16 *system_name, - [in] lsa_ObjectAttribute *attr, - [in] lsa_PolicyAccessMask access_mask, - [out] policy_handle *handle - ); - - - - /******************/ - /* Function: 0x07 */ - - typedef struct { - uint32 percent_full; - uint32 maximum_log_size; - hyper retention_time; - uint8 shutdown_in_progress; - hyper time_to_shutdown; - uint32 next_audit_record; - } lsa_AuditLogInfo; - - typedef [v1_enum] enum { - LSA_AUDIT_POLICY_NONE=0, - LSA_AUDIT_POLICY_SUCCESS=1, - LSA_AUDIT_POLICY_FAILURE=2, - LSA_AUDIT_POLICY_ALL=(LSA_AUDIT_POLICY_SUCCESS|LSA_AUDIT_POLICY_FAILURE), - LSA_AUDIT_POLICY_CLEAR=4 - } lsa_PolicyAuditPolicy; - - typedef enum { - LSA_AUDIT_CATEGORY_SYSTEM = 0, - LSA_AUDIT_CATEGORY_LOGON = 1, - LSA_AUDIT_CATEGORY_FILE_AND_OBJECT_ACCESS = 2, - LSA_AUDIT_CATEGORY_USE_OF_USER_RIGHTS = 3, - LSA_AUDIT_CATEGORY_PROCCESS_TRACKING = 4, - LSA_AUDIT_CATEGORY_SECURITY_POLICY_CHANGES = 5, - LSA_AUDIT_CATEGORY_ACCOUNT_MANAGEMENT = 6, - LSA_AUDIT_CATEGORY_DIRECTORY_SERVICE_ACCESS = 7, /* only in win2k/2k3 */ - LSA_AUDIT_CATEGORY_ACCOUNT_LOGON = 8 /* only in win2k/2k3 */ - } lsa_PolicyAuditEventType; - - typedef struct { - uint32 auditing_mode; - [size_is(count)] lsa_PolicyAuditPolicy *settings; - uint32 count; - } lsa_AuditEventsInfo; - - typedef struct { - lsa_StringLarge name; - dom_sid2 *sid; - } lsa_DomainInfo; - - typedef struct { - lsa_String name; - } lsa_PDAccountInfo; - - typedef [v1_enum] enum { - LSA_ROLE_BACKUP=2, - LSA_ROLE_PRIMARY=3 - } lsa_Role; - - typedef struct { - lsa_Role role; - } lsa_ServerRole; - - typedef struct { - lsa_String source; - lsa_String account; - } lsa_ReplicaSourceInfo; - - typedef struct { - uint32 paged_pool; - uint32 non_paged_pool; - uint32 min_wss; - uint32 max_wss; - uint32 pagefile; - hyper unknown; - } lsa_DefaultQuotaInfo; - - typedef struct { - hyper modified_id; - NTTIME_hyper db_create_time; - } lsa_ModificationInfo; - - typedef struct { - uint8 shutdown_on_full; - } lsa_AuditFullSetInfo; - - typedef struct { - uint8 shutdown_on_full; - uint8 log_is_full; - } lsa_AuditFullQueryInfo; - - typedef struct { - /* it's important that we use the lsa_StringLarge here, - * because otherwise windows clients result with such dns hostnames - * e.g. w2k3-client.samba4.samba.orgsamba4.samba.org - * where it should be - * w2k3-client.samba4.samba.org - */ - lsa_StringLarge name; - lsa_StringLarge dns_domain; - lsa_StringLarge dns_forest; - GUID domain_guid; - dom_sid2 *sid; - } lsa_DnsDomainInfo; - - typedef enum { - LSA_POLICY_INFO_AUDIT_LOG=1, - LSA_POLICY_INFO_AUDIT_EVENTS=2, - LSA_POLICY_INFO_DOMAIN=3, - LSA_POLICY_INFO_PD=4, - LSA_POLICY_INFO_ACCOUNT_DOMAIN=5, - LSA_POLICY_INFO_ROLE=6, - LSA_POLICY_INFO_REPLICA=7, - LSA_POLICY_INFO_QUOTA=8, - LSA_POLICY_INFO_MOD=9, - LSA_POLICY_INFO_AUDIT_FULL_SET=10, - LSA_POLICY_INFO_AUDIT_FULL_QUERY=11, - LSA_POLICY_INFO_DNS=12, - LSA_POLICY_INFO_DNS_INT=13, - LSA_POLICY_INFO_L_ACCOUNT_DOMAIN=14 - } lsa_PolicyInfo; - - typedef [switch_type(uint16)] union { - [case(LSA_POLICY_INFO_AUDIT_LOG)] lsa_AuditLogInfo audit_log; - [case(LSA_POLICY_INFO_AUDIT_EVENTS)] lsa_AuditEventsInfo audit_events; - [case(LSA_POLICY_INFO_DOMAIN)] lsa_DomainInfo domain; - [case(LSA_POLICY_INFO_PD)] lsa_PDAccountInfo pd; - [case(LSA_POLICY_INFO_ACCOUNT_DOMAIN)] lsa_DomainInfo account_domain; - [case(LSA_POLICY_INFO_ROLE)] lsa_ServerRole role; - [case(LSA_POLICY_INFO_REPLICA)] lsa_ReplicaSourceInfo replica; - [case(LSA_POLICY_INFO_QUOTA)] lsa_DefaultQuotaInfo quota; - [case(LSA_POLICY_INFO_MOD)] lsa_ModificationInfo mod; - [case(LSA_POLICY_INFO_AUDIT_FULL_SET)] lsa_AuditFullSetInfo auditfullset; - [case(LSA_POLICY_INFO_AUDIT_FULL_QUERY)] lsa_AuditFullQueryInfo auditfullquery; - [case(LSA_POLICY_INFO_DNS)] lsa_DnsDomainInfo dns; - [case(LSA_POLICY_INFO_DNS_INT)] lsa_DnsDomainInfo dns; - [case(LSA_POLICY_INFO_L_ACCOUNT_DOMAIN)] lsa_DomainInfo l_account_domain; - } lsa_PolicyInformation; - - NTSTATUS lsa_QueryInfoPolicy( - [in] policy_handle *handle, - [in] lsa_PolicyInfo level, - [out,unique,switch_is(level)] lsa_PolicyInformation *info - ); - - /******************/ - /* Function: 0x08 */ - NTSTATUS lsa_SetInfoPolicy ( - [in] policy_handle *handle, - [in] lsa_PolicyInfo level, - [in,switch_is(level)] lsa_PolicyInformation *info - ); - - /******************/ - /* Function: 0x09 */ - [todo] NTSTATUS lsa_ClearAuditLog (); - - /******************/ - /* Function: 0x0a */ - [public] NTSTATUS lsa_CreateAccount ( - [in] policy_handle *handle, - [in,ref] dom_sid2 *sid, - [in] uint32 access_mask, - [out] policy_handle *acct_handle - ); - - /******************/ - /* NOTE: This only returns accounts that have at least - one privilege set - */ - /* Function: 0x0b */ - typedef struct { - dom_sid2 *sid; - } lsa_SidPtr; - - typedef [public] struct { - [range(0,1000)] uint32 num_sids; - [size_is(num_sids)] lsa_SidPtr *sids; - } lsa_SidArray; - - [public] NTSTATUS lsa_EnumAccounts ( - [in] policy_handle *handle, - [in,out] uint32 *resume_handle, - [in,range(0,8192)] uint32 num_entries, - [out] lsa_SidArray *sids - ); - - - /*************************************************/ - /* Function: 0x0c */ - - [public] NTSTATUS lsa_CreateTrustedDomain( - [in] policy_handle *policy_handle, - [in] lsa_DomainInfo *info, - [in] uint32 access_mask, - [out] policy_handle *trustdom_handle - ); - - - /******************/ - /* Function: 0x0d */ - - /* w2k3 treats max_size as max_domains*60 */ - const int LSA_ENUM_TRUST_DOMAIN_MULTIPLIER = 60; - - typedef struct { - uint32 count; - [size_is(count)] lsa_DomainInfo *domains; - } lsa_DomainList; - - NTSTATUS lsa_EnumTrustDom ( - [in] policy_handle *handle, - [in,out] uint32 *resume_handle, - [in] uint32 max_size, - [out] lsa_DomainList *domains - ); - - - /******************/ - /* Function: 0x0e */ - typedef [public] enum { - SID_NAME_USE_NONE = 0,/* NOTUSED */ - SID_NAME_USER = 1, /* user */ - SID_NAME_DOM_GRP = 2, /* domain group */ - SID_NAME_DOMAIN = 3, /* domain: don't know what this is */ - SID_NAME_ALIAS = 4, /* local group */ - SID_NAME_WKN_GRP = 5, /* well-known group */ - SID_NAME_DELETED = 6, /* deleted account: needed for c2 rating */ - SID_NAME_INVALID = 7, /* invalid account */ - SID_NAME_UNKNOWN = 8, /* oops. */ - SID_NAME_COMPUTER = 9 /* machine */ - } lsa_SidType; - - typedef struct { - lsa_SidType sid_type; - uint32 rid; - uint32 sid_index; - } lsa_TranslatedSid; - - typedef struct { - [range(0,1000)] uint32 count; - [size_is(count)] lsa_TranslatedSid *sids; - } lsa_TransSidArray; - - const int LSA_REF_DOMAIN_LIST_MULTIPLIER = 32; - typedef struct { - [range(0,1000)] uint32 count; - [size_is(count)] lsa_DomainInfo *domains; - uint32 max_size; - } lsa_RefDomainList; - - /* Level 1: Ask everywhere - * Level 2: Ask domain and trusted domains, no builtin and wkn - * Level 3: Only ask domain - * Level 4: W2k3ad: Only ask AD trusts - * Level 5: Only ask transitive forest trusts - * Level 6: Like 4 - */ - - typedef enum { - LSA_LOOKUP_NAMES_ALL = 1, - LSA_LOOKUP_NAMES_DOMAINS_ONLY = 2, - LSA_LOOKUP_NAMES_PRIMARY_DOMAIN_ONLY = 3, - LSA_LOOKUP_NAMES_UPLEVEL_TRUSTS_ONLY = 4, - LSA_LOOKUP_NAMES_FOREST_TRUSTS_ONLY = 5, - LSA_LOOKUP_NAMES_UPLEVEL_TRUSTS_ONLY2 = 6, - LSA_LOOKUP_NAMES_RODC_REFERRAL_TO_FULL_DC = 7 - } lsa_LookupNamesLevel; - - [public] NTSTATUS lsa_LookupNames ( - [in] policy_handle *handle, - [in,range(0,1000)] uint32 num_names, - [in,size_is(num_names)] lsa_String names[], - [out,unique] lsa_RefDomainList *domains, - [in,out] lsa_TransSidArray *sids, - [in] lsa_LookupNamesLevel level, - [in,out] uint32 *count - ); - - - /******************/ - /* Function: 0x0f */ - - typedef struct { - lsa_SidType sid_type; - lsa_String name; - uint32 sid_index; - } lsa_TranslatedName; - - typedef struct { - [range(0,1000)] uint32 count; - [size_is(count)] lsa_TranslatedName *names; - } lsa_TransNameArray; - - [public] NTSTATUS lsa_LookupSids ( - [in] policy_handle *handle, - [in] lsa_SidArray *sids, - [out,unique] lsa_RefDomainList *domains, - [in,out] lsa_TransNameArray *names, - [in] uint16 level, - [in,out] uint32 *count - ); - - - /* Function: 0x10 */ - [public] NTSTATUS lsa_CreateSecret( - [in] policy_handle *handle, - [in] lsa_String name, - [in] uint32 access_mask, - [out] policy_handle *sec_handle - ); - - - /*****************************************/ - /* Function: 0x11 */ - NTSTATUS lsa_OpenAccount( - [in] policy_handle *handle, - [in,ref] dom_sid2 *sid, - [in] uint32 access_mask, - [out] policy_handle *acct_handle - ); - - - /****************************************/ - /* Function: 0x12 */ - - typedef struct { - lsa_LUID luid; - uint32 attribute; - } lsa_LUIDAttribute; - - typedef struct { - [range(0,1000)] uint32 count; - uint32 unknown; - [size_is(count)] lsa_LUIDAttribute set[*]; - } lsa_PrivilegeSet; - - NTSTATUS lsa_EnumPrivsAccount ( - [in] policy_handle *handle, - [out,unique] lsa_PrivilegeSet *privs - ); - - - /****************************************/ - /* Function: 0x13 */ - NTSTATUS lsa_AddPrivilegesToAccount( - [in] policy_handle *handle, - [in,ref] lsa_PrivilegeSet *privs - ); - - - /****************************************/ - /* Function: 0x14 */ - NTSTATUS lsa_RemovePrivilegesFromAccount( - [in] policy_handle *handle, - [in] uint8 remove_all, - [in,unique] lsa_PrivilegeSet *privs - ); - - /* Function: 0x15 */ - [todo] NTSTATUS lsa_GetQuotasForAccount(); - - /* Function: 0x16 */ - [todo] NTSTATUS lsa_SetQuotasForAccount(); - - typedef [bitmap32bit] bitmap { - LSA_POLICY_MODE_INTERACTIVE = 0x00000001, - LSA_POLICY_MODE_NETWORK = 0x00000002, - LSA_POLICY_MODE_BATCH = 0x00000004, - LSA_POLICY_MODE_SERVICE = 0x00000010, - LSA_POLICY_MODE_PROXY = 0x00000020, - LSA_POLICY_MODE_DENY_INTERACTIVE = 0x00000040, - LSA_POLICY_MODE_DENY_NETWORK = 0x00000080, - LSA_POLICY_MODE_DENY_BATCH = 0x00000100, - LSA_POLICY_MODE_DENY_SERVICE = 0x00000200, - LSA_POLICY_MODE_REMOTE_INTERACTIVE = 0x00000400, - LSA_POLICY_MODE_DENY_REMOTE_INTERACTIVE = 0x00000800, - LSA_POLICY_MODE_ALL = 0x00000FF7, - LSA_POLICY_MODE_ALL_NT4 = 0x00000037 - } lsa_SystemAccessModeFlags; - - /* Function: 0x17 */ - NTSTATUS lsa_GetSystemAccessAccount( - [in] policy_handle *handle, - [out,ref] uint32 *access_mask - ); - - /* Function: 0x18 */ - NTSTATUS lsa_SetSystemAccessAccount( - [in] policy_handle *handle, - [in] uint32 access_mask - ); - - /* Function: 0x19 */ - NTSTATUS lsa_OpenTrustedDomain( - [in] policy_handle *handle, - [in] dom_sid2 *sid, - [in] uint32 access_mask, - [out] policy_handle *trustdom_handle - ); - - typedef [flag(NDR_PAHEX)] struct { - uint32 length; - uint32 size; - [size_is(size),length_is(length)] uint8 *data; - } lsa_DATA_BUF; - - typedef [flag(NDR_PAHEX)] struct { - [range(0,65536)] uint32 size; - [size_is(size)] uint8 *data; - } lsa_DATA_BUF2; - - typedef enum { - LSA_TRUSTED_DOMAIN_INFO_NAME = 1, - LSA_TRUSTED_DOMAIN_INFO_CONTROLLERS = 2, - LSA_TRUSTED_DOMAIN_INFO_POSIX_OFFSET = 3, - LSA_TRUSTED_DOMAIN_INFO_PASSWORD = 4, - LSA_TRUSTED_DOMAIN_INFO_BASIC = 5, - LSA_TRUSTED_DOMAIN_INFO_INFO_EX = 6, - LSA_TRUSTED_DOMAIN_INFO_AUTH_INFO = 7, - LSA_TRUSTED_DOMAIN_INFO_FULL_INFO = 8, - LSA_TRUSTED_DOMAIN_INFO_AUTH_INFO_INTERNAL = 9, - LSA_TRUSTED_DOMAIN_INFO_FULL_INFO_INTERNAL = 10, - LSA_TRUSTED_DOMAIN_INFO_INFO_EX2_INTERNAL = 11, - LSA_TRUSTED_DOMAIN_INFO_FULL_INFO_2_INTERNAL = 12, - LSA_TRUSTED_DOMAIN_SUPPORTED_ENCRTYPION_TYPES = 13 - } lsa_TrustDomInfoEnum; - - typedef [public,bitmap32bit] bitmap { - LSA_TRUST_DIRECTION_INBOUND = 0x00000001, - LSA_TRUST_DIRECTION_OUTBOUND = 0x00000002 - } lsa_TrustDirection; - - typedef [v1_enum] enum { - LSA_TRUST_TYPE_DOWNLEVEL = 0x00000001, - LSA_TRUST_TYPE_UPLEVEL = 0x00000002, - LSA_TRUST_TYPE_MIT = 0x00000003 - } lsa_TrustType; - - typedef [public,bitmap32bit] bitmap { - LSA_TRUST_ATTRIBUTE_NON_TRANSITIVE = 0x00000001, - LSA_TRUST_ATTRIBUTE_UPLEVEL_ONLY = 0x00000002, - LSA_TRUST_ATTRIBUTE_QUARANTINED_DOMAIN = 0x00000004, - LSA_TRUST_ATTRIBUTE_FOREST_TRANSITIVE = 0x00000008, - LSA_TRUST_ATTRIBUTE_CROSS_ORGANIZATION = 0x00000010, - LSA_TRUST_ATTRIBUTE_WITHIN_FOREST = 0x00000020, - LSA_TRUST_ATTRIBUTE_TREAT_AS_EXTERNAL = 0x00000040, - LSA_TRUST_ATTRIBUTE_USES_RC4_ENCRYPTION = 0x00000080 - } lsa_TrustAttributes; - - typedef struct { - lsa_StringLarge netbios_name; - } lsa_TrustDomainInfoName; - - - typedef struct { - uint32 entries; - [size_is(entries)] lsa_StringLarge *netbios_names; - } lsa_TrustDomainInfoControllers; - - typedef struct { - uint32 posix_offset; - } lsa_TrustDomainInfoPosixOffset; - - typedef struct { - lsa_DATA_BUF *password; - lsa_DATA_BUF *old_password; - } lsa_TrustDomainInfoPassword; - - typedef struct { - lsa_String netbios_name; - dom_sid2 *sid; - } lsa_TrustDomainInfoBasic; - - typedef struct { - lsa_StringLarge domain_name; - lsa_StringLarge netbios_name; - dom_sid2 *sid; - lsa_TrustDirection trust_direction; - lsa_TrustType trust_type; - lsa_TrustAttributes trust_attributes; - } lsa_TrustDomainInfoInfoEx; - - typedef [public,v1_enum] enum { - TRUST_AUTH_TYPE_NONE = 0, - TRUST_AUTH_TYPE_NT4OWF = 1, - TRUST_AUTH_TYPE_CLEAR = 2, - TRUST_AUTH_TYPE_VERSION = 3 - } lsa_TrustAuthType; - - typedef struct { - NTTIME_hyper last_update_time; - lsa_TrustAuthType AuthType; - lsa_DATA_BUF2 data; - } lsa_TrustDomainInfoBuffer; - - typedef struct { - uint32 incoming_count; - lsa_TrustDomainInfoBuffer *incoming_current_auth_info; - lsa_TrustDomainInfoBuffer *incoming_previous_auth_info; - uint32 outgoing_count; - lsa_TrustDomainInfoBuffer *outgoing_current_auth_info; - lsa_TrustDomainInfoBuffer *outgoing_previous_auth_info; - } lsa_TrustDomainInfoAuthInfo; - - typedef struct { - lsa_TrustDomainInfoInfoEx info_ex; - lsa_TrustDomainInfoPosixOffset posix_offset; - lsa_TrustDomainInfoAuthInfo auth_info; - } lsa_TrustDomainInfoFullInfo; - - typedef struct { - lsa_DATA_BUF2 auth_blob; - } lsa_TrustDomainInfoAuthInfoInternal; - - typedef struct { - lsa_TrustDomainInfoInfoEx info_ex; - lsa_TrustDomainInfoPosixOffset posix_offset; - lsa_TrustDomainInfoAuthInfoInternal auth_info; - } lsa_TrustDomainInfoFullInfoInternal; - - typedef struct { - lsa_TrustDomainInfoInfoEx info_ex; - uint32 forest_trust_length; - [size_is(forest_trust_length)] uint8 *forest_trust_data; - } lsa_TrustDomainInfoInfoEx2Internal; - - typedef struct { - lsa_TrustDomainInfoInfoEx2Internal info; - lsa_TrustDomainInfoPosixOffset posix_offset; - lsa_TrustDomainInfoAuthInfo auth_info; - } lsa_TrustDomainInfoFullInfo2Internal; - - typedef struct { - kerb_EncTypes enc_types; - } lsa_TrustDomainInfoSupportedEncTypes; - - typedef [switch_type(lsa_TrustDomInfoEnum)] union { - [case(LSA_TRUSTED_DOMAIN_INFO_NAME)] - lsa_TrustDomainInfoName name; - [case(LSA_TRUSTED_DOMAIN_INFO_CONTROLLERS)] - lsa_TrustDomainInfoControllers controllers; - [case(LSA_TRUSTED_DOMAIN_INFO_POSIX_OFFSET)] - lsa_TrustDomainInfoPosixOffset posix_offset; - [case(LSA_TRUSTED_DOMAIN_INFO_PASSWORD)] - lsa_TrustDomainInfoPassword password; - [case(LSA_TRUSTED_DOMAIN_INFO_BASIC)] - lsa_TrustDomainInfoBasic info_basic; - [case(LSA_TRUSTED_DOMAIN_INFO_INFO_EX)] - lsa_TrustDomainInfoInfoEx info_ex; - [case(LSA_TRUSTED_DOMAIN_INFO_AUTH_INFO)] - lsa_TrustDomainInfoAuthInfo auth_info; - [case(LSA_TRUSTED_DOMAIN_INFO_FULL_INFO)] - lsa_TrustDomainInfoFullInfo full_info; - [case(LSA_TRUSTED_DOMAIN_INFO_AUTH_INFO_INTERNAL)] - lsa_TrustDomainInfoAuthInfoInternal auth_info_internal; - [case(LSA_TRUSTED_DOMAIN_INFO_FULL_INFO_INTERNAL)] - lsa_TrustDomainInfoFullInfoInternal full_info_internal; - [case(LSA_TRUSTED_DOMAIN_INFO_INFO_EX2_INTERNAL)] - lsa_TrustDomainInfoInfoEx2Internal info_ex2_internal; - [case(LSA_TRUSTED_DOMAIN_INFO_FULL_INFO_2_INTERNAL)] - lsa_TrustDomainInfoFullInfo2Internal full_info2_internal; - [case(LSA_TRUSTED_DOMAIN_SUPPORTED_ENCRTYPION_TYPES)] - lsa_TrustDomainInfoSupportedEncTypes enc_types; - } lsa_TrustedDomainInfo; - - /* Function: 0x1a */ - NTSTATUS lsa_QueryTrustedDomainInfo( - [in] policy_handle *trustdom_handle, - [in] lsa_TrustDomInfoEnum level, - [out,switch_is(level),unique] lsa_TrustedDomainInfo *info - ); - - /* Function: 0x1b */ - NTSTATUS lsa_SetInformationTrustedDomain( - [in] policy_handle *trustdom_handle, - [in] lsa_TrustDomInfoEnum level, - [in,switch_is(level)] lsa_TrustedDomainInfo *info - ); - - /* Function: 0x1c */ - [public] NTSTATUS lsa_OpenSecret( - [in] policy_handle *handle, - [in] lsa_String name, - [in] uint32 access_mask, - [out] policy_handle *sec_handle - ); - - /* Function: 0x1d */ - - [public] NTSTATUS lsa_SetSecret( - [in] policy_handle *sec_handle, - [in,unique] lsa_DATA_BUF *new_val, - [in,unique] lsa_DATA_BUF *old_val - ); - - typedef struct { - lsa_DATA_BUF *buf; - } lsa_DATA_BUF_PTR; - - /* Function: 0x1e */ - [public] NTSTATUS lsa_QuerySecret ( - [in] policy_handle *sec_handle, - [in,out,unique] lsa_DATA_BUF_PTR *new_val, - [in,out,unique] NTTIME_hyper *new_mtime, - [in,out,unique] lsa_DATA_BUF_PTR *old_val, - [in,out,unique] NTTIME_hyper *old_mtime - ); - - /* Function: 0x1f */ - NTSTATUS lsa_LookupPrivValue( - [in] policy_handle *handle, - [in,ref] lsa_String *name, - [out,ref] lsa_LUID *luid - ); - - - /* Function: 0x20 */ - NTSTATUS lsa_LookupPrivName ( - [in] policy_handle *handle, - [in] lsa_LUID *luid, - [out,unique] lsa_StringLarge *name - ); - - - /*******************/ - /* Function: 0x21 */ - NTSTATUS lsa_LookupPrivDisplayName ( - [in] policy_handle *handle, - [in] lsa_String *name, - [out,unique] lsa_StringLarge *disp_name, - /* see http://www.microsoft.com/globaldev/nlsweb/ for - language definitions */ - [in,out] uint16 *language_id, - [in] uint16 unknown - ); - - /*******************/ - /* Function: 0x22 */ - NTSTATUS lsa_DeleteObject ( - [in,out] policy_handle *handle - ); - - /*******************/ - /* Function: 0x23 */ - NTSTATUS lsa_EnumAccountsWithUserRight ( - [in] policy_handle *handle, - [in,unique] lsa_String *name, - [out] lsa_SidArray *sids - ); - - /* Function: 0x24 */ - typedef struct { - [string,charset(UTF16)] uint16 *name; - } lsa_RightAttribute; - - typedef struct { - [range(0,256)] uint32 count; - [size_is(count)] lsa_StringLarge *names; - } lsa_RightSet; - - NTSTATUS lsa_EnumAccountRights ( - [in] policy_handle *handle, - [in,ref] dom_sid2 *sid, - [out,ref] lsa_RightSet *rights - ); - - - /**********************/ - /* Function: 0x25 */ - NTSTATUS lsa_AddAccountRights ( - [in] policy_handle *handle, - [in,ref] dom_sid2 *sid, - [in,ref] lsa_RightSet *rights - ); - - /**********************/ - /* Function: 0x26 */ - NTSTATUS lsa_RemoveAccountRights ( - [in] policy_handle *handle, - [in,ref] dom_sid2 *sid, - [in] uint8 remove_all, - [in,ref] lsa_RightSet *rights - ); - - /* Function: 0x27 */ - NTSTATUS lsa_QueryTrustedDomainInfoBySid( - [in] policy_handle *handle, - [in] dom_sid2 *dom_sid, - [in] lsa_TrustDomInfoEnum level, - [out,switch_is(level),unique] lsa_TrustedDomainInfo *info - ); - - /* Function: 0x28 */ - NTSTATUS lsa_SetTrustedDomainInfo( - [in] policy_handle *handle, - [in] dom_sid2 *dom_sid, - [in] lsa_TrustDomInfoEnum level, - [in,switch_is(level)] lsa_TrustedDomainInfo *info - ); - - /* Function: 0x29 */ - NTSTATUS lsa_DeleteTrustedDomain( - [in] policy_handle *handle, - [in] dom_sid2 *dom_sid - ); - - /* Function: 0x2a */ - [todo] NTSTATUS lsa_StorePrivateData(); - /* Function: 0x2b */ - [todo] NTSTATUS lsa_RetrievePrivateData(); - - - /**********************/ - /* Function: 0x2c */ - [public] NTSTATUS lsa_OpenPolicy2 ( - [in,unique] [string,charset(UTF16)] uint16 *system_name, - [in] lsa_ObjectAttribute *attr, - [in] lsa_PolicyAccessMask access_mask, - [out] policy_handle *handle - ); - - /**********************/ - /* Function: 0x2d */ - typedef struct { - lsa_String *string; - } lsa_StringPointer; - - NTSTATUS lsa_GetUserName( - [in,unique] [string,charset(UTF16)] uint16 *system_name, - [in,out,unique] lsa_String *account_name, - [in,out,unique] lsa_StringPointer *authority_name - ); - - /**********************/ - /* Function: 0x2e */ - - NTSTATUS lsa_QueryInfoPolicy2( - [in] policy_handle *handle, - [in] lsa_PolicyInfo level, - [out,unique,switch_is(level)] lsa_PolicyInformation *info - ); - - /* Function 0x2f */ - NTSTATUS lsa_SetInfoPolicy2( - [in] policy_handle *handle, - [in] lsa_PolicyInfo level, - [in,switch_is(level)] lsa_PolicyInformation *info - ); - - /**********************/ - /* Function 0x30 */ - NTSTATUS lsa_QueryTrustedDomainInfoByName( - [in] policy_handle *handle, - [in] lsa_String trusted_domain, - [in] lsa_TrustDomInfoEnum level, - [out,unique,switch_is(level)] lsa_TrustedDomainInfo *info - ); - - /**********************/ - /* Function 0x31 */ - NTSTATUS lsa_SetTrustedDomainInfoByName( - [in] policy_handle *handle, - [in] lsa_String trusted_domain, - [in] lsa_TrustDomInfoEnum level, - [in,unique,switch_is(level)] lsa_TrustedDomainInfo *info - ); - - /* Function 0x32 */ - - /* w2k3 treats max_size as max_domains*82 */ - const int LSA_ENUM_TRUST_DOMAIN_EX_MULTIPLIER = 82; - - typedef struct { - uint32 count; - [size_is(count)] lsa_TrustDomainInfoInfoEx *domains; - } lsa_DomainListEx; - - NTSTATUS lsa_EnumTrustedDomainsEx ( - [in] policy_handle *handle, - [in,out] uint32 *resume_handle, - [out] lsa_DomainListEx *domains, - [in] uint32 max_size - ); - - /* Function 0x33 */ - NTSTATUS lsa_CreateTrustedDomainEx( - [in] policy_handle *policy_handle, - [in] lsa_TrustDomainInfoInfoEx *info, - [in] lsa_TrustDomainInfoAuthInfoInternal *auth_info, - [in] uint32 access_mask, - [out] policy_handle *trustdom_handle - ); - - - /* Function 0x34 */ - NTSTATUS lsa_CloseTrustedDomainEx( - [in,out] policy_handle *handle - ); - - /* Function 0x35 */ - - /* w2k3 returns either 0x000bbbd000000000 or 0x000a48e800000000 - for unknown6 - gd */ - typedef struct { - uint32 enforce_restrictions; - hyper service_tkt_lifetime; - hyper user_tkt_lifetime; - hyper user_tkt_renewaltime; - hyper clock_skew; - hyper unknown6; - } lsa_DomainInfoKerberos; - - typedef struct { - uint32 blob_size; - [size_is(blob_size)] uint8 *efs_blob; - } lsa_DomainInfoEfs; - - typedef enum { - LSA_DOMAIN_INFO_POLICY_EFS=2, - LSA_DOMAIN_INFO_POLICY_KERBEROS=3 - } lsa_DomainInfoEnum; - - typedef [switch_type(uint16)] union { - [case(LSA_DOMAIN_INFO_POLICY_EFS)] lsa_DomainInfoEfs efs_info; - [case(LSA_DOMAIN_INFO_POLICY_KERBEROS)] lsa_DomainInfoKerberos kerberos_info; - } lsa_DomainInformationPolicy; - - NTSTATUS lsa_QueryDomainInformationPolicy( - [in] policy_handle *handle, - [in] uint16 level, - [out,unique,switch_is(level)] lsa_DomainInformationPolicy *info - ); - - /* Function 0x36 */ - NTSTATUS lsa_SetDomainInformationPolicy( - [in] policy_handle *handle, - [in] uint16 level, - [in,unique,switch_is(level)] lsa_DomainInformationPolicy *info - ); - - /**********************/ - /* Function 0x37 */ - NTSTATUS lsa_OpenTrustedDomainByName( - [in] policy_handle *handle, - [in] lsa_String name, - [in] uint32 access_mask, - [out] policy_handle *trustdom_handle - ); - - /* Function 0x38 */ - [todo] NTSTATUS lsa_TestCall(); - - /**********************/ - /* Function 0x39 */ - - typedef struct { - lsa_SidType sid_type; - lsa_String name; - uint32 sid_index; - uint32 unknown; - } lsa_TranslatedName2; - - typedef struct { - [range(0,1000)] uint32 count; - [size_is(count)] lsa_TranslatedName2 *names; - } lsa_TransNameArray2; - - [public] NTSTATUS lsa_LookupSids2( - [in] policy_handle *handle, - [in] lsa_SidArray *sids, - [out,unique] lsa_RefDomainList *domains, - [in,out] lsa_TransNameArray2 *names, - [in] uint16 level, - [in,out] uint32 *count, - [in] uint32 unknown1, - [in] uint32 unknown2 - ); - - /**********************/ - /* Function 0x3a */ - - typedef struct { - lsa_SidType sid_type; - uint32 rid; - uint32 sid_index; - uint32 unknown; - } lsa_TranslatedSid2; - - typedef struct { - [range(0,1000)] uint32 count; - [size_is(count)] lsa_TranslatedSid2 *sids; - } lsa_TransSidArray2; - - [public] NTSTATUS lsa_LookupNames2 ( - [in] policy_handle *handle, - [in,range(0,1000)] uint32 num_names, - [in,size_is(num_names)] lsa_String names[], - [out,unique] lsa_RefDomainList *domains, - [in,out] lsa_TransSidArray2 *sids, - [in] lsa_LookupNamesLevel level, - [in,out] uint32 *count, - [in] uint32 lookup_options, - [in] uint32 client_revision /* LSA_CLIENT_REVISION* */ - ); - - /* Function 0x3b */ - NTSTATUS lsa_CreateTrustedDomainEx2( - [in] policy_handle *policy_handle, - [in] lsa_TrustDomainInfoInfoEx *info, - [in] lsa_TrustDomainInfoAuthInfoInternal *auth_info, - [in] uint32 access_mask, - [out] policy_handle *trustdom_handle - ); - - /* Function 0x3c */ - [todo] NTSTATUS lsa_CREDRWRITE(); - - /* Function 0x3d */ - [todo] NTSTATUS lsa_CREDRREAD(); - - /* Function 0x3e */ - [todo] NTSTATUS lsa_CREDRENUMERATE(); - - /* Function 0x3f */ - [todo] NTSTATUS lsa_CREDRWRITEDOMAINCREDENTIALS(); - - /* Function 0x40 */ - [todo] NTSTATUS lsa_CREDRREADDOMAINCREDENTIALS(); - - /* Function 0x41 */ - [todo] NTSTATUS lsa_CREDRDELETE(); - - /* Function 0x42 */ - [todo] NTSTATUS lsa_CREDRGETTARGETINFO(); - - /* Function 0x43 */ - [todo] NTSTATUS lsa_CREDRPROFILELOADED(); - - /**********************/ - /* Function 0x44 */ - typedef struct { - lsa_SidType sid_type; - dom_sid2 *sid; - uint32 sid_index; - uint32 flags; - } lsa_TranslatedSid3; - - typedef struct { - [range(0,1000)] uint32 count; - [size_is(count)] lsa_TranslatedSid3 *sids; - } lsa_TransSidArray3; - - [public] NTSTATUS lsa_LookupNames3 ( - [in] policy_handle *handle, - [in,range(0,1000)] uint32 num_names, - [in,size_is(num_names)] lsa_String names[], - [out,unique] lsa_RefDomainList *domains, - [in,out] lsa_TransSidArray3 *sids, - [in] lsa_LookupNamesLevel level, - [in,out] uint32 *count, - [in] uint32 lookup_options, - [in] uint32 client_revision /* LSA_CLIENT_REVISION* */ - ); - - /* Function 0x45 */ - [todo] NTSTATUS lsa_CREDRGETSESSIONTYPES(); - - /* Function 0x46 */ - [todo] NTSTATUS lsa_LSARREGISTERAUDITEVENT(); - - /* Function 0x47 */ - [todo] NTSTATUS lsa_LSARGENAUDITEVENT(); - - /* Function 0x48 */ - [todo] NTSTATUS lsa_LSARUNREGISTERAUDITEVENT(); - - /* Function 0x49 */ - typedef struct { - [range(0,131072)] uint32 length; - [size_is(length)] uint8 *data; - } lsa_ForestTrustBinaryData; - - typedef struct { - dom_sid2 *domain_sid; - lsa_StringLarge dns_domain_name; - lsa_StringLarge netbios_domain_name; - } lsa_ForestTrustDomainInfo; - - typedef [switch_type(uint32)] union { - [case(LSA_FOREST_TRUST_TOP_LEVEL_NAME)] lsa_String top_level_name; - [case(LSA_FOREST_TRUST_TOP_LEVEL_NAME_EX)] lsa_StringLarge top_level_name_ex; - [case(LSA_FOREST_TRUST_DOMAIN_INFO)] lsa_ForestTrustDomainInfo domain_info; - [default] lsa_ForestTrustBinaryData data; - } lsa_ForestTrustData; - - typedef [v1_enum] enum { - LSA_FOREST_TRUST_TOP_LEVEL_NAME = 0, - LSA_FOREST_TRUST_TOP_LEVEL_NAME_EX = 1, - LSA_FOREST_TRUST_DOMAIN_INFO = 2, - LSA_FOREST_TRUST_RECORD_TYPE_LAST = 3 - } lsa_ForestTrustRecordType; - - typedef struct { - uint32 flags; - lsa_ForestTrustRecordType level; - hyper unknown; - [switch_is(level)] lsa_ForestTrustData forest_trust_data; - } lsa_ForestTrustRecord; - - typedef [public] struct { - [range(0,4000)] uint32 count; - [size_is(count)] lsa_ForestTrustRecord **entries; - } lsa_ForestTrustInformation; - - NTSTATUS lsa_lsaRQueryForestTrustInformation( - [in] policy_handle *handle, - [in,ref] lsa_String *trusted_domain_name, - [in] uint16 unknown, /* level ? */ - [out,ref] lsa_ForestTrustInformation **forest_trust_info - ); - - /* Function 0x4a */ - [todo] NTSTATUS lsa_LSARSETFORESTTRUSTINFORMATION(); - - /* Function 0x4b */ - [todo] NTSTATUS lsa_CREDRRENAME(); - - /*****************/ - /* Function 0x4c */ - - [public] NTSTATUS lsa_LookupSids3( - [in] lsa_SidArray *sids, - [out,unique] lsa_RefDomainList *domains, - [in,out] lsa_TransNameArray2 *names, - [in] uint16 level, - [in,out] uint32 *count, - [in] uint32 unknown1, - [in] uint32 unknown2 - ); - - const int LSA_CLIENT_REVISION_NO_DNS = 0x00000001; - const int LSA_CLIENT_REVISION_DNS = 0x00000002; - - const int LSA_LOOKUP_OPTIONS_NO_ISOLATED = 0x80000000; - - /* Function 0x4d */ - NTSTATUS lsa_LookupNames4( - [in,range(0,1000)] uint32 num_names, - [in,size_is(num_names)] lsa_String names[], - [out,unique] lsa_RefDomainList *domains, - [in,out] lsa_TransSidArray3 *sids, - [in] lsa_LookupNamesLevel level, - [in,out] uint32 *count, - [in] uint32 lookup_options, - [in] uint32 client_revision /* LSA_CLIENT_REVISION* */ - ); - - /* Function 0x4e */ - [todo] NTSTATUS lsa_LSAROPENPOLICYSCE(); - - /* Function 0x4f */ - [todo] NTSTATUS lsa_LSARADTREGISTERSECURITYEVENTSOURCE(); - - /* Function 0x50 */ - [todo] NTSTATUS lsa_LSARADTUNREGISTERSECURITYEVENTSOURCE(); - - /* Function 0x51 */ - [todo] NTSTATUS lsa_LSARADTREPORTSECURITYEVENT(); - -} diff --git a/source4/rpc_server/lsa/dcesrv_lsa.c b/source4/rpc_server/lsa/dcesrv_lsa.c index b009d2f2f8..e279161375 100644 --- a/source4/rpc_server/lsa/dcesrv_lsa.c +++ b/source4/rpc_server/lsa/dcesrv_lsa.c @@ -434,67 +434,67 @@ static NTSTATUS dcesrv_lsa_QueryInfoPolicy2(struct dcesrv_call_state *dce_call, { struct lsa_policy_state *state; struct dcesrv_handle *h; + union lsa_PolicyInformation *info; - r->out.info = NULL; + *r->out.info = NULL; DCESRV_PULL_HANDLE(h, r->in.handle, LSA_HANDLE_POLICY); state = h->data; - r->out.info = talloc(mem_ctx, union lsa_PolicyInformation); - if (!r->out.info) { + info = talloc_zero(mem_ctx, union lsa_PolicyInformation); + if (!info) { return NT_STATUS_NO_MEMORY; } - - ZERO_STRUCTP(r->out.info); + *r->out.info = info; switch (r->in.level) { case LSA_POLICY_INFO_AUDIT_LOG: /* we don't need to fill in any of this */ - ZERO_STRUCT(r->out.info->audit_log); + ZERO_STRUCT(info->audit_log); return NT_STATUS_OK; case LSA_POLICY_INFO_AUDIT_EVENTS: /* we don't need to fill in any of this */ - ZERO_STRUCT(r->out.info->audit_events); + ZERO_STRUCT(info->audit_events); return NT_STATUS_OK; case LSA_POLICY_INFO_PD: /* we don't need to fill in any of this */ - ZERO_STRUCT(r->out.info->pd); + ZERO_STRUCT(info->pd); return NT_STATUS_OK; case LSA_POLICY_INFO_DOMAIN: - return dcesrv_lsa_info_AccountDomain(state, mem_ctx, &r->out.info->domain); + return dcesrv_lsa_info_AccountDomain(state, mem_ctx, &info->domain); case LSA_POLICY_INFO_ACCOUNT_DOMAIN: - return dcesrv_lsa_info_AccountDomain(state, mem_ctx, &r->out.info->account_domain); + return dcesrv_lsa_info_AccountDomain(state, mem_ctx, &info->account_domain); case LSA_POLICY_INFO_L_ACCOUNT_DOMAIN: - return dcesrv_lsa_info_AccountDomain(state, mem_ctx, &r->out.info->l_account_domain); + return dcesrv_lsa_info_AccountDomain(state, mem_ctx, &info->l_account_domain); case LSA_POLICY_INFO_ROLE: - r->out.info->role.role = LSA_ROLE_PRIMARY; + info->role.role = LSA_ROLE_PRIMARY; return NT_STATUS_OK; case LSA_POLICY_INFO_DNS: case LSA_POLICY_INFO_DNS_INT: - return dcesrv_lsa_info_DNS(state, mem_ctx, &r->out.info->dns); + return dcesrv_lsa_info_DNS(state, mem_ctx, &info->dns); case LSA_POLICY_INFO_REPLICA: - ZERO_STRUCT(r->out.info->replica); + ZERO_STRUCT(info->replica); return NT_STATUS_OK; case LSA_POLICY_INFO_QUOTA: - ZERO_STRUCT(r->out.info->quota); + ZERO_STRUCT(info->quota); return NT_STATUS_OK; case LSA_POLICY_INFO_MOD: case LSA_POLICY_INFO_AUDIT_FULL_SET: case LSA_POLICY_INFO_AUDIT_FULL_QUERY: /* windows gives INVALID_PARAMETER */ - r->out.info = NULL; + *r->out.info = NULL; return NT_STATUS_INVALID_PARAMETER; } - r->out.info = NULL; + *r->out.info = NULL; return NT_STATUS_INVALID_INFO_CLASS; } @@ -511,11 +511,10 @@ static NTSTATUS dcesrv_lsa_QueryInfoPolicy(struct dcesrv_call_state *dce_call, T r2.in.handle = r->in.handle; r2.in.level = r->in.level; + r2.out.info = r->out.info; status = dcesrv_lsa_QueryInfoPolicy2(dce_call, mem_ctx, &r2); - r->out.info = r2.out.info; - return status; } @@ -1314,6 +1313,7 @@ static NTSTATUS fill_trust_domain_ex(TALLOC_CTX *mem_ctx, static NTSTATUS dcesrv_lsa_QueryTrustedDomainInfo(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx, struct lsa_QueryTrustedDomainInfo *r) { + union lsa_TrustedDomainInfo *info = NULL; struct dcesrv_handle *h; struct lsa_trusted_domain_state *trusted_domain_state; struct ldb_message *msg; @@ -1342,17 +1342,19 @@ static NTSTATUS dcesrv_lsa_QueryTrustedDomainInfo(struct dcesrv_call_state *dce_ } msg = res[0]; - r->out.info = talloc(mem_ctx, union lsa_TrustedDomainInfo); - if (!r->out.info) { + info = talloc_zero(mem_ctx, union lsa_TrustedDomainInfo); + if (!info) { return NT_STATUS_NO_MEMORY; } + *r->out.info = info; + switch (r->in.level) { case LSA_TRUSTED_DOMAIN_INFO_NAME: - r->out.info->name.netbios_name.string + info->name.netbios_name.string = samdb_result_string(msg, "flatname", NULL); break; case LSA_TRUSTED_DOMAIN_INFO_POSIX_OFFSET: - r->out.info->posix_offset.posix_offset + info->posix_offset.posix_offset = samdb_result_uint(msg, "posixOffset", 0); break; #if 0 /* Win2k3 doesn't implement this */ @@ -1364,32 +1366,32 @@ static NTSTATUS dcesrv_lsa_QueryTrustedDomainInfo(struct dcesrv_call_state *dce_ break; #endif case LSA_TRUSTED_DOMAIN_INFO_INFO_EX: - return fill_trust_domain_ex(mem_ctx, msg, &r->out.info->info_ex); + return fill_trust_domain_ex(mem_ctx, msg, &info->info_ex); case LSA_TRUSTED_DOMAIN_INFO_FULL_INFO: - ZERO_STRUCT(r->out.info->full_info); - return fill_trust_domain_ex(mem_ctx, msg, &r->out.info->full_info.info_ex); + ZERO_STRUCT(info->full_info); + return fill_trust_domain_ex(mem_ctx, msg, &info->full_info.info_ex); case LSA_TRUSTED_DOMAIN_INFO_FULL_INFO_2_INTERNAL: - ZERO_STRUCT(r->out.info->full_info2_internal); - r->out.info->full_info2_internal.posix_offset.posix_offset + ZERO_STRUCT(info->full_info2_internal); + info->full_info2_internal.posix_offset.posix_offset = samdb_result_uint(msg, "posixOffset", 0); - return fill_trust_domain_ex(mem_ctx, msg, &r->out.info->full_info2_internal.info.info_ex); + return fill_trust_domain_ex(mem_ctx, msg, &info->full_info2_internal.info.info_ex); case LSA_TRUSTED_DOMAIN_SUPPORTED_ENCRTYPION_TYPES: - r->out.info->enc_types.enc_types + info->enc_types.enc_types = samdb_result_uint(msg, "msDs-supportedEncryptionTypes", KERB_ENCTYPE_RC4_HMAC_MD5); break; case LSA_TRUSTED_DOMAIN_INFO_CONTROLLERS: case LSA_TRUSTED_DOMAIN_INFO_INFO_EX2_INTERNAL: /* oops, we don't want to return the info after all */ - talloc_free(r->out.info); + talloc_free(info); r->out.info = NULL; return NT_STATUS_INVALID_PARAMETER; default: /* oops, we don't want to return the info after all */ - talloc_free(r->out.info); + talloc_free(info); r->out.info = NULL; return NT_STATUS_INVALID_INFO_CLASS; } @@ -1407,6 +1409,7 @@ static NTSTATUS dcesrv_lsa_QueryTrustedDomainInfoBySid(struct dcesrv_call_state NTSTATUS status; struct lsa_OpenTrustedDomain open; struct lsa_QueryTrustedDomainInfo query; + union lsa_TrustedDomainInfo *info; struct dcesrv_handle *h; open.in.handle = r->in.handle; open.in.sid = r->in.dom_sid; @@ -1423,15 +1426,15 @@ static NTSTATUS dcesrv_lsa_QueryTrustedDomainInfoBySid(struct dcesrv_call_state /* Ensure this handle goes away at the end of this call */ DCESRV_PULL_HANDLE(h, open.out.trustdom_handle, DCESRV_HANDLE_ANY); talloc_steal(mem_ctx, h); - + query.in.trustdom_handle = open.out.trustdom_handle; query.in.level = r->in.level; + query.out.info = r->out.info; status = dcesrv_lsa_QueryTrustedDomainInfo(dce_call, mem_ctx, &query); if (!NT_STATUS_IS_OK(status)) { return status; } - - r->out.info = query.out.info; + return NT_STATUS_OK; } @@ -1457,7 +1460,7 @@ static NTSTATUS dcesrv_lsa_QueryTrustedDomainInfoByName(struct dcesrv_call_state struct lsa_QueryTrustedDomainInfo query; struct dcesrv_handle *h; open.in.handle = r->in.handle; - open.in.name = r->in.trusted_domain; + open.in.name = *r->in.trusted_domain; open.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED; open.out.trustdom_handle = talloc(mem_ctx, struct policy_handle); if (!open.out.trustdom_handle) { @@ -1474,12 +1477,12 @@ static NTSTATUS dcesrv_lsa_QueryTrustedDomainInfoByName(struct dcesrv_call_state query.in.trustdom_handle = open.out.trustdom_handle; query.in.level = r->in.level; + query.out.info = r->out.info; status = dcesrv_lsa_QueryTrustedDomainInfo(dce_call, mem_ctx, &query); if (!NT_STATUS_IS_OK(status)) { return status; } - r->out.info = query.out.info; return NT_STATUS_OK; } @@ -1724,15 +1727,21 @@ static NTSTATUS dcesrv_lsa_EnumPrivsAccount(struct dcesrv_call_state *dce_call, const char * const attrs[] = { "privilege", NULL}; struct ldb_message_element *el; const char *sidstr; + struct lsa_PrivilegeSet *privs; DCESRV_PULL_HANDLE(h, r->in.handle, LSA_HANDLE_ACCOUNT); astate = h->data; - r->out.privs = talloc(mem_ctx, struct lsa_PrivilegeSet); - r->out.privs->count = 0; - r->out.privs->unknown = 0; - r->out.privs->set = NULL; + privs = talloc(mem_ctx, struct lsa_PrivilegeSet); + if (privs == NULL) { + return NT_STATUS_NO_MEMORY; + } + privs->count = 0; + privs->unknown = 0; + privs->set = NULL; + + *r->out.privs = privs; sidstr = ldap_encode_ndr_dom_sid(mem_ctx, astate->account_sid); if (sidstr == NULL) { @@ -1750,9 +1759,9 @@ static NTSTATUS dcesrv_lsa_EnumPrivsAccount(struct dcesrv_call_state *dce_call, return NT_STATUS_OK; } - r->out.privs->set = talloc_array(r->out.privs, - struct lsa_LUIDAttribute, el->num_values); - if (r->out.privs->set == NULL) { + privs->set = talloc_array(privs, + struct lsa_LUIDAttribute, el->num_values); + if (privs->set == NULL) { return NT_STATUS_NO_MEMORY; } @@ -1761,12 +1770,12 @@ static NTSTATUS dcesrv_lsa_EnumPrivsAccount(struct dcesrv_call_state *dce_call, if (id == -1) { return NT_STATUS_INTERNAL_DB_CORRUPTION; } - r->out.privs->set[i].attribute = 0; - r->out.privs->set[i].luid.low = id; - r->out.privs->set[i].luid.high = 0; + privs->set[i].attribute = 0; + privs->set[i].luid.low = id; + privs->set[i].luid.high = 0; } - r->out.privs->count = el->num_values; + privs->count = el->num_values; return NT_STATUS_OK; } @@ -2058,8 +2067,18 @@ static NTSTATUS dcesrv_lsa_GetSystemAccessAccount(struct dcesrv_call_state *dce_ int i; NTSTATUS status; struct lsa_EnumPrivsAccount enumPrivs; + struct lsa_PrivilegeSet *privs; + + privs = talloc(mem_ctx, struct lsa_PrivilegeSet); + if (!privs) { + return NT_STATUS_NO_MEMORY; + } + privs->count = 0; + privs->unknown = 0; + privs->set = NULL; enumPrivs.in.handle = r->in.handle; + enumPrivs.out.privs = &privs; status = dcesrv_lsa_EnumPrivsAccount(dce_call, mem_ctx, &enumPrivs); if (!NT_STATUS_IS_OK(status)) { @@ -2068,8 +2087,8 @@ static NTSTATUS dcesrv_lsa_GetSystemAccessAccount(struct dcesrv_call_state *dce_ *(r->out.access_mask) = 0x00000000; - for (i = 0; i < enumPrivs.out.privs->count; i++) { - int priv = enumPrivs.out.privs->set[i].luid.low; + for (i = 0; i < privs->count; i++) { + int priv = privs->set[i].luid.low; switch (priv) { case SEC_PRIV_INTERACTIVE_LOGON: @@ -2695,6 +2714,7 @@ static NTSTATUS dcesrv_lsa_LookupPrivName(struct dcesrv_call_state *dce_call, { struct dcesrv_handle *h; struct lsa_policy_state *state; + struct lsa_StringLarge *name; const char *privname; DCESRV_PULL_HANDLE(h, r->in.handle, LSA_HANDLE_POLICY); @@ -2710,11 +2730,14 @@ static NTSTATUS dcesrv_lsa_LookupPrivName(struct dcesrv_call_state *dce_call, return NT_STATUS_NO_SUCH_PRIVILEGE; } - r->out.name = talloc(mem_ctx, struct lsa_StringLarge); - if (r->out.name == NULL) { + name = talloc(mem_ctx, struct lsa_StringLarge); + if (name == NULL) { return NT_STATUS_NO_MEMORY; } - r->out.name->string = privname; + + name->string = privname; + + *r->out.name = name; return NT_STATUS_OK; } @@ -2729,6 +2752,7 @@ static NTSTATUS dcesrv_lsa_LookupPrivDisplayName(struct dcesrv_call_state *dce_c { struct dcesrv_handle *h; struct lsa_policy_state *state; + struct lsa_StringLarge *disp_name = NULL; int id; DCESRV_PULL_HANDLE(h, r->in.handle, LSA_HANDLE_POLICY); @@ -2739,17 +2763,20 @@ static NTSTATUS dcesrv_lsa_LookupPrivDisplayName(struct dcesrv_call_state *dce_c if (id == -1) { return NT_STATUS_NO_SUCH_PRIVILEGE; } - - r->out.disp_name = talloc(mem_ctx, struct lsa_StringLarge); - if (r->out.disp_name == NULL) { + + disp_name = talloc(mem_ctx, struct lsa_StringLarge); + if (disp_name == NULL) { return NT_STATUS_NO_MEMORY; } - r->out.disp_name->string = sec_privilege_display_name(id, r->in.language_id); - if (r->out.disp_name->string == NULL) { + disp_name->string = sec_privilege_display_name(id, &r->in.language_id); + if (disp_name->string == NULL) { return NT_STATUS_INTERNAL_ERROR; } + *r->out.disp_name = disp_name; + *r->out.returned_language_id = 0; + return NT_STATUS_OK; } @@ -2875,19 +2902,23 @@ static NTSTATUS dcesrv_lsa_GetUserName(struct dcesrv_call_state *dce_call, TALLO const char *account_name; const char *authority_name; struct lsa_String *_account_name; - struct lsa_StringPointer *_authority_name = NULL; + struct lsa_String *_authority_name = NULL; /* this is what w2k3 does */ r->out.account_name = r->in.account_name; r->out.authority_name = r->in.authority_name; - if (r->in.account_name && r->in.account_name->string) { + if (r->in.account_name + && *r->in.account_name + /* && *(*r->in.account_name)->string */ + ) { return NT_STATUS_INVALID_PARAMETER; } - if (r->in.authority_name && - r->in.authority_name->string && - r->in.authority_name->string->string) { + if (r->in.authority_name + && *r->in.authority_name + /* && *(*r->in.authority_name)->string */ + ) { return NT_STATUS_INVALID_PARAMETER; } @@ -2899,15 +2930,15 @@ static NTSTATUS dcesrv_lsa_GetUserName(struct dcesrv_call_state *dce_call, TALLO _account_name->string = account_name; if (r->in.authority_name) { - _authority_name = talloc(mem_ctx, struct lsa_StringPointer); + _authority_name = talloc(mem_ctx, struct lsa_String); NT_STATUS_HAVE_NO_MEMORY(_authority_name); - _authority_name->string = talloc(mem_ctx, struct lsa_String); - NT_STATUS_HAVE_NO_MEMORY(_authority_name->string); - _authority_name->string->string = authority_name; + _authority_name->string = authority_name; } - r->out.account_name = _account_name; - r->out.authority_name = _authority_name; + *r->out.account_name = _account_name; + if (r->out.authority_name) { + *r->out.authority_name = _authority_name; + } return status; } @@ -2930,19 +2961,21 @@ static NTSTATUS dcesrv_lsa_QueryDomainInformationPolicy(struct dcesrv_call_state TALLOC_CTX *mem_ctx, struct lsa_QueryDomainInformationPolicy *r) { - r->out.info = talloc(mem_ctx, union lsa_DomainInformationPolicy); - if (!r->out.info) { + union lsa_DomainInformationPolicy *info; + + info = talloc(r->out.info, union lsa_DomainInformationPolicy); + if (!info) { return NT_STATUS_NO_MEMORY; } switch (r->in.level) { case LSA_DOMAIN_INFO_POLICY_EFS: - talloc_free(r->out.info); - r->out.info = NULL; + talloc_free(info); + *r->out.info = NULL; return NT_STATUS_OBJECT_NAME_NOT_FOUND; case LSA_DOMAIN_INFO_POLICY_KERBEROS: { - struct lsa_DomainInfoKerberos *k = &r->out.info->kerberos_info; + struct lsa_DomainInfoKerberos *k = &info->kerberos_info; struct smb_krb5_context *smb_krb5_context; int ret = smb_krb5_init_context(mem_ctx, dce_call->event_ctx, @@ -2959,11 +2992,12 @@ static NTSTATUS dcesrv_lsa_QueryDomainInformationPolicy(struct dcesrv_call_state k->user_tkt_renewaltime = 0; /* Need to find somewhere to store this, and query in KDC too */ k->clock_skew = krb5_get_max_time_skew(smb_krb5_context->krb5_context); talloc_free(smb_krb5_context); + *r->out.info = info; return NT_STATUS_OK; } default: - talloc_free(r->out.info); - r->out.info = NULL; + talloc_free(info); + *r->out.info = NULL; return NT_STATUS_INVALID_INFO_CLASS; } } diff --git a/source4/rpc_server/lsa/lsa_lookup.c b/source4/rpc_server/lsa/lsa_lookup.c index 2375a6d27a..a56e7764a9 100644 --- a/source4/rpc_server/lsa/lsa_lookup.c +++ b/source4/rpc_server/lsa/lsa_lookup.c @@ -522,6 +522,7 @@ NTSTATUS dcesrv_lsa_LookupSids2(struct dcesrv_call_state *dce_call, struct lsa_LookupSids2 *r) { struct lsa_policy_state *state; + struct lsa_RefDomainList *domains = NULL; int i; NTSTATUS status = NT_STATUS_OK; @@ -530,7 +531,7 @@ NTSTATUS dcesrv_lsa_LookupSids2(struct dcesrv_call_state *dce_call, return NT_STATUS_INVALID_PARAMETER; } - r->out.domains = NULL; + *r->out.domains = NULL; /* NOTE: the WSPP test suite tries SIDs with invalid revision numbers, and expects NT_STATUS_INVALID_PARAMETER back - we just treat it as @@ -543,10 +544,11 @@ NTSTATUS dcesrv_lsa_LookupSids2(struct dcesrv_call_state *dce_call, return status; } - r->out.domains = talloc_zero(mem_ctx, struct lsa_RefDomainList); - if (r->out.domains == NULL) { + domains = talloc_zero(r->out.domains, struct lsa_RefDomainList); + if (domains == NULL) { return NT_STATUS_NO_MEMORY; } + *r->out.domains = domains; r->out.names = talloc_zero(mem_ctx, struct lsa_TransNameArray2); if (r->out.names == NULL) { @@ -592,7 +594,7 @@ NTSTATUS dcesrv_lsa_LookupSids2(struct dcesrv_call_state *dce_call, /* set up the authority table */ status2 = dcesrv_lsa_authority_list(state, mem_ctx, rtype, authority_name, sid, - r->out.domains, &sid_index); + domains, &sid_index); if (!NT_STATUS_IS_OK(status2)) { continue; } @@ -604,7 +606,7 @@ NTSTATUS dcesrv_lsa_LookupSids2(struct dcesrv_call_state *dce_call, (*r->out.count)++; } - + if (*r->out.count == 0) { return NT_STATUS_NONE_MAPPED; } @@ -660,6 +662,7 @@ NTSTATUS dcesrv_lsa_LookupSids3(struct dcesrv_call_state *dce_call, r2.in.unknown2 = r->in.unknown2; r2.out.count = r->out.count; r2.out.names = r->out.names; + r2.out.domains = r->out.domains; status = dcesrv_lsa_LookupSids2(dce_call, mem_ctx, &r2); @@ -692,6 +695,7 @@ NTSTATUS dcesrv_lsa_LookupSids(struct dcesrv_call_state *dce_call, TALLOC_CTX *m r2.in.unknown2 = 0; r2.out.count = r->out.count; r2.out.names = NULL; + r2.out.domains = r->out.domains; status = dcesrv_lsa_LookupSids2(dce_call, mem_ctx, &r2); /* we deliberately don't check for error from the above, @@ -734,6 +738,7 @@ NTSTATUS dcesrv_lsa_LookupNames3(struct dcesrv_call_state *dce_call, struct dcesrv_handle *policy_handle; int i; struct loadparm_context *lp_ctx = dce_call->conn->dce_ctx->lp_ctx; + struct lsa_RefDomainList *domains; DCESRV_PULL_HANDLE(policy_handle, r->in.handle, LSA_HANDLE_POLICY); @@ -744,12 +749,13 @@ NTSTATUS dcesrv_lsa_LookupNames3(struct dcesrv_call_state *dce_call, policy_state = policy_handle->data; - r->out.domains = NULL; + *r->out.domains = NULL; - r->out.domains = talloc_zero(mem_ctx, struct lsa_RefDomainList); - if (r->out.domains == NULL) { + domains = talloc_zero(mem_ctx, struct lsa_RefDomainList); + if (domains == NULL) { return NT_STATUS_NO_MEMORY; } + *r->out.domains = domains; r->out.sids = talloc_zero(mem_ctx, struct lsa_TransSidArray3); if (r->out.sids == NULL) { @@ -785,7 +791,7 @@ NTSTATUS dcesrv_lsa_LookupNames3(struct dcesrv_call_state *dce_call, } status2 = dcesrv_lsa_authority_list(policy_state, mem_ctx, rtype, authority_name, - sid, r->out.domains, &sid_index); + sid, domains, &sid_index); if (!NT_STATUS_IS_OK(status2)) { continue; } @@ -873,8 +879,9 @@ NTSTATUS dcesrv_lsa_LookupNames2(struct dcesrv_call_state *dce_call, struct dcesrv_handle *h; int i; struct loadparm_context *lp_ctx = dce_call->conn->dce_ctx->lp_ctx; + struct lsa_RefDomainList *domains; - r->out.domains = NULL; + *r->out.domains = NULL; DCESRV_PULL_HANDLE(h, r->in.handle, LSA_HANDLE_POLICY); @@ -885,10 +892,11 @@ NTSTATUS dcesrv_lsa_LookupNames2(struct dcesrv_call_state *dce_call, state = h->data; - r->out.domains = talloc_zero(mem_ctx, struct lsa_RefDomainList); - if (r->out.domains == NULL) { + domains = talloc_zero(mem_ctx, struct lsa_RefDomainList); + if (domains == NULL) { return NT_STATUS_NO_MEMORY; } + *r->out.domains = domains; r->out.sids = talloc_zero(mem_ctx, struct lsa_TransSidArray2); if (r->out.sids == NULL) { @@ -927,7 +935,7 @@ NTSTATUS dcesrv_lsa_LookupNames2(struct dcesrv_call_state *dce_call, } status2 = dcesrv_lsa_authority_list(state, mem_ctx, rtype, authority_name, - sid, r->out.domains, &sid_index); + sid, domains, &sid_index); if (!NT_STATUS_IS_OK(status2)) { continue; } @@ -971,13 +979,13 @@ NTSTATUS dcesrv_lsa_LookupNames(struct dcesrv_call_state *dce_call, TALLOC_CTX * r2.in.lookup_options = 0; r2.in.client_revision = 0; r2.out.count = r->out.count; + r2.out.domains = r->out.domains; status = dcesrv_lsa_LookupNames2(dce_call, mem_ctx, &r2); if (r2.out.sids == NULL) { return status; } - r->out.domains = r2.out.domains; r->out.sids = talloc(mem_ctx, struct lsa_TransSidArray); if (r->out.sids == NULL) { return NT_STATUS_NO_MEMORY; diff --git a/source4/torture/ndr/lsa.c b/source4/torture/ndr/lsa.c index 0d6d786882..68eb36ebbd 100644 --- a/source4/torture/ndr/lsa.c +++ b/source4/torture/ndr/lsa.c @@ -428,11 +428,12 @@ static const uint8_t lsarlookupnames_out_data[] = { static bool lsarlookupnames_out_check(struct torture_context *tctx, struct lsa_LookupNames *r) { + struct lsa_RefDomainList *domains = *(r->out.domains); torture_assert(tctx, r->out.domains != NULL, "domains ptr"); - torture_assert_int_equal(tctx, r->out.domains->count, 1, "domains count"); - torture_assert_int_equal(tctx, r->out.domains->max_size, 32, "domains size"); - torture_assert(tctx, r->out.domains->domains != NULL, "domains domains"); - torture_assert_str_equal(tctx, r->out.domains->domains[0].name.string, "BUILTIN", "domain name"); + torture_assert_int_equal(tctx, domains->count, 1, "domains count"); + torture_assert_int_equal(tctx, domains->max_size, 32, "domains size"); + torture_assert(tctx, domains->domains != NULL, "domains domains"); + torture_assert_str_equal(tctx, domains->domains[0].name.string, "BUILTIN", "domain name"); /* FIXME: SID */ torture_assert(tctx, r->out.count != NULL, "count ptr"); torture_assert_int_equal(tctx, *r->out.count, 100, "count"); @@ -1014,11 +1015,12 @@ static const uint8_t lsarlookupsids_out_data[] = { static bool lsarlookupsids_out_check(struct torture_context *tctx, struct lsa_LookupSids *r) { - torture_assert(tctx, r->out.domains != NULL, "domains"); - torture_assert_int_equal(tctx, r->out.domains->count, 1, "domains count"); - torture_assert_int_equal(tctx, r->out.domains->max_size, 32, "domains size"); - torture_assert(tctx, r->out.domains->domains != NULL, "domains domains"); - torture_assert_str_equal(tctx, r->out.domains->domains[0].name.string, "BUILTIN", "name"); + struct lsa_RefDomainList *domains = *(r->out.domains); + torture_assert(tctx, domains != NULL, "domains"); + torture_assert_int_equal(tctx, domains->count, 1, "domains count"); + torture_assert_int_equal(tctx, domains->max_size, 32, "domains size"); + torture_assert(tctx, domains->domains != NULL, "domains domains"); + torture_assert_str_equal(tctx, domains->domains[0].name.string, "BUILTIN", "name"); torture_assert_ntstatus_ok(tctx, r->out.result, "return code"); return true; } @@ -1474,12 +1476,13 @@ static const uint8_t lsarlookupsids2_out_data[] = { static bool lsarlookupsids2_out_check(struct torture_context *tctx, struct lsa_LookupSids2 *r) { + struct lsa_RefDomainList *domains = *(r->out.domains); /* FIXME: Handle */ torture_assert(tctx, r->out.names != NULL, "names ptr"); torture_assert(tctx, r->out.domains != NULL, "domains ptr"); - torture_assert_int_equal(tctx, r->out.domains->count, 4, "domains count"); - torture_assert_int_equal(tctx, r->out.domains->max_size, 32, "domains size"); - torture_assert_str_equal(tctx, r->out.domains->domains[0].name.string, "NT AUTHORITY", "trust info name"); + torture_assert_int_equal(tctx, domains->count, 4, "domains count"); + torture_assert_int_equal(tctx, domains->max_size, 32, "domains size"); + torture_assert_str_equal(tctx, domains->domains[0].name.string, "NT AUTHORITY", "trust info name"); torture_assert_int_equal(tctx, r->out.names->count, 7, "names count"); torture_assert_str_equal(tctx, r->out.names->names[0].name.string, "Account Operators", "name str 1"); torture_assert_str_equal(tctx, r->out.names->names[1].name.string, "Administrators", "name str 2"); @@ -1749,12 +1752,13 @@ static const uint8_t lsarlookupsids3_out_data[] = { static bool lsarlookupsids3_out_check(struct torture_context *tctx, struct lsa_LookupSids3 *r) { + struct lsa_RefDomainList *domains = *(r->out.domains); /* FIXME: Handle */ torture_assert(tctx, r->out.names != NULL, "names ptr"); torture_assert(tctx, r->out.domains != NULL, "domains ptr"); - torture_assert_int_equal(tctx, r->out.domains->count, 4, "domains count"); - torture_assert_int_equal(tctx, r->out.domains->max_size, 32, "domains size"); - torture_assert_str_equal(tctx, r->out.domains->domains[0].name.string, "NT AUTHORITY", "trust info name"); + torture_assert_int_equal(tctx, domains->count, 4, "domains count"); + torture_assert_int_equal(tctx, domains->max_size, 32, "domains size"); + torture_assert_str_equal(tctx, domains->domains[0].name.string, "NT AUTHORITY", "trust info name"); torture_assert_int_equal(tctx, r->out.names->count, 7, "names count"); torture_assert_str_equal(tctx, r->out.names->names[0].name.string, "Account Operators", "name str 1"); torture_assert_str_equal(tctx, r->out.names->names[1].name.string, "Administrators", "name str 2"); diff --git a/source4/torture/rpc/handles.c b/source4/torture/rpc/handles.c index f35897b3df..553025276d 100644 --- a/source4/torture/rpc/handles.c +++ b/source4/torture/rpc/handles.c @@ -109,6 +109,7 @@ static bool test_handles_lsa_shared(struct torture_context *torture) struct lsa_OpenPolicy r; struct lsa_Close c; struct lsa_QuerySecurity qsec; + struct sec_desc_buf *sdbuf = NULL; uint16_t system_name = '\\'; TALLOC_CTX *mem_ctx = talloc_new(torture); enum dcerpc_transport_t transport; @@ -167,6 +168,7 @@ static bool test_handles_lsa_shared(struct torture_context *torture) qsec.in.handle = &handle; qsec.in.sec_info = 0; + qsec.out.sdbuf = &sdbuf; c.in.handle = &handle; c.out.handle = &handle2; diff --git a/source4/torture/rpc/lsa.c b/source4/torture/rpc/lsa.c index 69df965f19..454afabc50 100644 --- a/source4/torture/rpc/lsa.c +++ b/source4/torture/rpc/lsa.c @@ -153,6 +153,7 @@ static bool test_LookupNames(struct dcerpc_pipe *p, { struct lsa_LookupNames r; struct lsa_TransSidArray sids; + struct lsa_RefDomainList *domains = NULL; struct lsa_String *names; uint32_t count = 0; NTSTATUS status; @@ -176,6 +177,7 @@ static bool test_LookupNames(struct dcerpc_pipe *p, r.in.count = &count; r.out.count = &count; r.out.sids = &sids; + r.out.domains = &domains; status = dcerpc_lsa_LookupNames(p, mem_ctx, &r); @@ -217,6 +219,7 @@ static bool test_LookupNames_bogus(struct dcerpc_pipe *p, { struct lsa_LookupNames r; struct lsa_TransSidArray sids; + struct lsa_RefDomainList *domains = NULL; struct lsa_String *names; uint32_t count = 0; NTSTATUS status; @@ -248,6 +251,7 @@ static bool test_LookupNames_bogus(struct dcerpc_pipe *p, r.in.count = &count; r.out.count = &count; r.out.sids = &sids; + r.out.domains = &domains; status = dcerpc_lsa_LookupNames(p, mem_ctx, &r); if (!NT_STATUS_EQUAL(status, NT_STATUS_NONE_MAPPED)) { @@ -317,6 +321,7 @@ static bool test_LookupNames2(struct dcerpc_pipe *p, { struct lsa_LookupNames2 r; struct lsa_TransSidArray2 sids; + struct lsa_RefDomainList *domains = NULL; struct lsa_String *names; uint32_t count = 0; NTSTATUS status; @@ -342,6 +347,7 @@ static bool test_LookupNames2(struct dcerpc_pipe *p, r.in.client_revision = 0; r.out.count = &count; r.out.sids = &sids; + r.out.domains = &domains; status = dcerpc_lsa_LookupNames2(p, mem_ctx, &r); if (!NT_STATUS_IS_OK(status)) { @@ -362,6 +368,7 @@ static bool test_LookupNames3(struct dcerpc_pipe *p, { struct lsa_LookupNames3 r; struct lsa_TransSidArray3 sids; + struct lsa_RefDomainList *domains = NULL; struct lsa_String *names; uint32_t count = 0; NTSTATUS status; @@ -387,6 +394,7 @@ static bool test_LookupNames3(struct dcerpc_pipe *p, r.in.client_revision = 0; r.out.count = &count; r.out.sids = &sids; + r.out.domains = &domains; status = dcerpc_lsa_LookupNames3(p, mem_ctx, &r); if (!NT_STATUS_IS_OK(status)) { @@ -405,6 +413,7 @@ static bool test_LookupNames4(struct dcerpc_pipe *p, { struct lsa_LookupNames4 r; struct lsa_TransSidArray3 sids; + struct lsa_RefDomainList *domains = NULL; struct lsa_String *names; uint32_t count = 0; NTSTATUS status; @@ -429,6 +438,7 @@ static bool test_LookupNames4(struct dcerpc_pipe *p, r.in.client_revision = 0; r.out.count = &count; r.out.sids = &sids; + r.out.domains = &domains; status = dcerpc_lsa_LookupNames4(p, mem_ctx, &r); if (!NT_STATUS_IS_OK(status)) { @@ -449,6 +459,7 @@ static bool test_LookupSids(struct dcerpc_pipe *p, { struct lsa_LookupSids r; struct lsa_TransNameArray names; + struct lsa_RefDomainList *domains = NULL; uint32_t count = sids->num_sids; NTSTATUS status; @@ -464,6 +475,7 @@ static bool test_LookupSids(struct dcerpc_pipe *p, r.in.count = &count; r.out.count = &count; r.out.names = &names; + r.out.domains = &domains; status = dcerpc_lsa_LookupSids(p, mem_ctx, &r); if (!NT_STATUS_IS_OK(status)) { @@ -488,6 +500,7 @@ static bool test_LookupSids2(struct dcerpc_pipe *p, { struct lsa_LookupSids2 r; struct lsa_TransNameArray2 names; + struct lsa_RefDomainList *domains = NULL; uint32_t count = sids->num_sids; NTSTATUS status; @@ -505,6 +518,7 @@ static bool test_LookupSids2(struct dcerpc_pipe *p, r.in.unknown2 = 0; r.out.count = &count; r.out.names = &names; + r.out.domains = &domains; status = dcerpc_lsa_LookupSids2(p, mem_ctx, &r); if (!NT_STATUS_IS_OK(status)) { @@ -531,6 +545,7 @@ static bool test_LookupSids3(struct dcerpc_pipe *p, { struct lsa_LookupSids3 r; struct lsa_TransNameArray2 names; + struct lsa_RefDomainList *domains = NULL; uint32_t count = sids->num_sids; NTSTATUS status; @@ -545,6 +560,7 @@ static bool test_LookupSids3(struct dcerpc_pipe *p, r.in.count = &count; r.in.unknown1 = 0; r.in.unknown2 = 0; + r.out.domains = &domains; r.out.count = &count; r.out.names = &names; @@ -594,6 +610,7 @@ bool test_many_LookupSids(struct dcerpc_pipe *p, if (handle) { struct lsa_LookupSids r; struct lsa_TransNameArray names; + struct lsa_RefDomainList *domains = NULL; names.count = 0; names.names = NULL; @@ -604,6 +621,7 @@ bool test_many_LookupSids(struct dcerpc_pipe *p, r.in.count = &names.count; r.out.count = &count; r.out.names = &names; + r.out.domains = &domains; status = dcerpc_lsa_LookupSids(p, mem_ctx, &r); if (!NT_STATUS_IS_OK(status)) { @@ -619,6 +637,7 @@ bool test_many_LookupSids(struct dcerpc_pipe *p, } else if (p->conn->security_state.auth_info->auth_type == DCERPC_AUTH_TYPE_SCHANNEL && p->conn->security_state.auth_info->auth_level >= DCERPC_AUTH_LEVEL_INTEGRITY) { struct lsa_LookupSids3 r; + struct lsa_RefDomainList *domains = NULL; struct lsa_TransNameArray2 names; names.count = 0; @@ -634,6 +653,7 @@ bool test_many_LookupSids(struct dcerpc_pipe *p, r.in.unknown2 = 0; r.out.count = &count; r.out.names = &names; + r.out.domains = &domains; status = dcerpc_lsa_LookupSids3(p, mem_ctx, &r); if (!NT_STATUS_IS_OK(status)) { @@ -683,6 +703,7 @@ static bool test_LookupSids_async(struct dcerpc_pipe *p, uint32_t *count; struct lsa_TransNameArray *names; struct lsa_LookupSids *r; + struct lsa_RefDomainList *domains = NULL; struct rpc_request **req; int i, replies; bool ret = true; @@ -714,6 +735,7 @@ static bool test_LookupSids_async(struct dcerpc_pipe *p, r[i].in.count = &names[i].count; r[i].out.count = &count[i]; r[i].out.names = &names[i]; + r[i].out.domains = &domains; req[i] = dcerpc_lsa_LookupSids_send(p, req, &r[i]); if (req[i] == NULL) { @@ -767,9 +789,11 @@ static bool test_LookupPrivName(struct dcerpc_pipe *p, { NTSTATUS status; struct lsa_LookupPrivName r; + struct lsa_StringLarge *name = NULL; r.in.handle = handle; r.in.luid = luid; + r.out.name = &name; status = dcerpc_lsa_LookupPrivName(p, mem_ctx, &r); if (!NT_STATUS_IS_OK(status)) { @@ -807,22 +831,24 @@ static bool test_RemovePrivilegesFromAccount(struct dcerpc_pipe *p, if (!NT_STATUS_IS_OK(status)) { struct lsa_LookupPrivName r_name; + struct lsa_StringLarge *name = NULL; r_name.in.handle = handle; r_name.in.luid = luid; - + r_name.out.name = &name; + status = dcerpc_lsa_LookupPrivName(p, mem_ctx, &r_name); if (!NT_STATUS_IS_OK(status)) { printf("\nLookupPrivName failed - %s\n", nt_errstr(status)); return false; } /* Windows 2008 does not allow this to be removed */ - if (strcmp("SeAuditPrivilege", r_name.out.name->string) == 0) { + if (strcmp("SeAuditPrivilege", name->string) == 0) { return ret; } printf("RemovePrivilegesFromAccount failed to remove %s - %s\n", - r_name.out.name->string, + name->string, nt_errstr(status)); return false; } @@ -867,11 +893,13 @@ static bool test_EnumPrivsAccount(struct dcerpc_pipe *p, { NTSTATUS status; struct lsa_EnumPrivsAccount r; + struct lsa_PrivilegeSet *privs = NULL; bool ret = true; printf("\nTesting EnumPrivsAccount\n"); r.in.handle = acct_handle; + r.out.privs = &privs; status = dcerpc_lsa_EnumPrivsAccount(p, mem_ctx, &r); if (!NT_STATUS_IS_OK(status)) { @@ -879,17 +907,17 @@ static bool test_EnumPrivsAccount(struct dcerpc_pipe *p, return false; } - if (r.out.privs && r.out.privs->count > 0) { + if (privs && privs->count > 0) { int i; - for (i=0;i<r.out.privs->count;i++) { + for (i=0;i<privs->count;i++) { test_LookupPrivName(p, mem_ctx, handle, - &r.out.privs->set[i].luid); + &privs->set[i].luid); } ret &= test_RemovePrivilegesFromAccount(p, mem_ctx, handle, acct_handle, - &r.out.privs->set[0].luid); + &privs->set[0].luid); ret &= test_AddPrivilegesToAccount(p, mem_ctx, acct_handle, - &r.out.privs->set[0].luid); + &privs->set[0].luid); } return ret; @@ -1462,6 +1490,7 @@ static bool test_QuerySecurity(struct dcerpc_pipe *p, { NTSTATUS status; struct lsa_QuerySecurity r; + struct sec_desc_buf *sdbuf = NULL; if (torture_setting_bool(tctx, "samba4", false)) { printf("\nskipping QuerySecurity test against Samba4\n"); @@ -1472,6 +1501,7 @@ static bool test_QuerySecurity(struct dcerpc_pipe *p, r.in.handle = acct_handle; r.in.sec_info = 7; + r.out.sdbuf = &sdbuf; status = dcerpc_lsa_QuerySecurity(p, tctx, &r); if (!NT_STATUS_IS_OK(status)) { @@ -1602,14 +1632,17 @@ static bool test_LookupPrivDisplayName(struct dcerpc_pipe *p, /* produce a reasonable range of language output without screwing up terminals */ uint16_t language_id = (random() % 4) + 0x409; + uint16_t returned_language_id = 0; + struct lsa_StringLarge *disp_name = NULL; printf("\nTesting LookupPrivDisplayName(%s)\n", priv_name->string); r.in.handle = handle; r.in.name = priv_name; - r.in.language_id = &language_id; - r.out.language_id = &language_id; - r.in.unknown = 0; + r.in.language_id = language_id; + r.in.language_id_sys = 0; + r.out.returned_language_id = &returned_language_id; + r.out.disp_name = &disp_name; status = dcerpc_lsa_LookupPrivDisplayName(p, mem_ctx, &r); if (!NT_STATUS_IS_OK(status)) { @@ -1617,8 +1650,8 @@ static bool test_LookupPrivDisplayName(struct dcerpc_pipe *p, return false; } printf("%s -> \"%s\" (language 0x%x/0x%x)\n", - priv_name->string, r.out.disp_name->string, - *r.in.language_id, *r.out.language_id); + priv_name->string, disp_name->string, + r.in.language_id, *r.out.returned_language_id); return true; } @@ -1794,7 +1827,7 @@ static bool test_query_each_TrustDom(struct dcerpc_pipe *p, for (j=0; j < ARRAY_SIZE(levels); j++) { struct lsa_QueryTrustedDomainInfo q; - union lsa_TrustedDomainInfo info; + union lsa_TrustedDomainInfo *info = NULL; q.in.trustdom_handle = &trustdom_handle; q.in.level = levels[j]; q.out.info = &info; @@ -1827,7 +1860,7 @@ static bool test_query_each_TrustDom(struct dcerpc_pipe *p, for (j=0; j < ARRAY_SIZE(levels); j++) { struct lsa_QueryTrustedDomainInfoBySid q; - union lsa_TrustedDomainInfo info; + union lsa_TrustedDomainInfo *info = NULL; if (!domains->domains[i].sid) { continue; @@ -1837,6 +1870,7 @@ static bool test_query_each_TrustDom(struct dcerpc_pipe *p, q.in.dom_sid = domains->domains[i].sid; q.in.level = levels[j]; q.out.info = &info; + status = dcerpc_lsa_QueryTrustedDomainInfoBySid(p, mem_ctx, &q); if (!NT_STATUS_IS_OK(status) && ok[j]) { printf("QueryTrustedDomainInfoBySid level %d failed - %s\n", @@ -1864,7 +1898,7 @@ static bool test_query_each_TrustDom(struct dcerpc_pipe *p, for (j=0; j < ARRAY_SIZE(levels); j++) { struct lsa_QueryTrustedDomainInfo q; - union lsa_TrustedDomainInfo info; + union lsa_TrustedDomainInfo *info = NULL; q.in.trustdom_handle = &trustdom_handle; q.in.level = levels[j]; q.out.info = &info; @@ -1891,9 +1925,13 @@ static bool test_query_each_TrustDom(struct dcerpc_pipe *p, for (j=0; j < ARRAY_SIZE(levels); j++) { struct lsa_QueryTrustedDomainInfoByName q; - union lsa_TrustedDomainInfo info; + union lsa_TrustedDomainInfo *info = NULL; + struct lsa_String name; + + name.string = domains->domains[i].name.string; + q.in.handle = handle; - q.in.trusted_domain.string = domains->domains[i].name.string; + q.in.trusted_domain = &name; q.in.level = levels[j]; q.out.info = &info; status = dcerpc_lsa_QueryTrustedDomainInfoByName(p, mem_ctx, &q); @@ -2055,6 +2093,7 @@ static bool test_CreateTrustedDomain(struct dcerpc_pipe *p, struct dom_sid *domsid[12]; struct policy_handle trustdom_handle[12]; struct lsa_QueryTrustedDomainInfo q; + union lsa_TrustedDomainInfo *info = NULL; int i; printf("\nTesting CreateTrustedDomain for 12 domains\n"); @@ -2089,6 +2128,7 @@ static bool test_CreateTrustedDomain(struct dcerpc_pipe *p, q.in.trustdom_handle = &trustdom_handle[i]; q.in.level = LSA_TRUSTED_DOMAIN_INFO_INFO_EX; + q.out.info = &info; status = dcerpc_lsa_QueryTrustedDomainInfo(p, mem_ctx, &q); if (!NT_STATUS_IS_OK(status)) { printf("QueryTrustedDomainInfo level 1 failed - %s\n", nt_errstr(status)); @@ -2096,24 +2136,24 @@ static bool test_CreateTrustedDomain(struct dcerpc_pipe *p, } else if (!q.out.info) { ret = false; } else { - if (strcmp(q.out.info->info_ex.netbios_name.string, trustinfo.name.string) != 0) { + if (strcmp(info->info_ex.netbios_name.string, trustinfo.name.string) != 0) { printf("QueryTrustedDomainInfo returned inconsistant short name: %s != %s\n", - q.out.info->info_ex.netbios_name.string, trustinfo.name.string); + info->info_ex.netbios_name.string, trustinfo.name.string); ret = false; } - if (q.out.info->info_ex.trust_type != LSA_TRUST_TYPE_DOWNLEVEL) { + if (info->info_ex.trust_type != LSA_TRUST_TYPE_DOWNLEVEL) { printf("QueryTrustedDomainInfo of %s returned incorrect trust type %d != %d\n", - trust_name, q.out.info->info_ex.trust_type, LSA_TRUST_TYPE_DOWNLEVEL); + trust_name, info->info_ex.trust_type, LSA_TRUST_TYPE_DOWNLEVEL); ret = false; } - if (q.out.info->info_ex.trust_attributes != 0) { + if (info->info_ex.trust_attributes != 0) { printf("QueryTrustedDomainInfo of %s returned incorrect trust attributes %d != %d\n", - trust_name, q.out.info->info_ex.trust_attributes, 0); + trust_name, info->info_ex.trust_attributes, 0); ret = false; } - if (q.out.info->info_ex.trust_direction != LSA_TRUST_DIRECTION_OUTBOUND) { + if (info->info_ex.trust_direction != LSA_TRUST_DIRECTION_OUTBOUND) { printf("QueryTrustedDomainInfo of %s returned incorrect trust direction %d != %d\n", - trust_name, q.out.info->info_ex.trust_direction, LSA_TRUST_DIRECTION_OUTBOUND); + trust_name, info->info_ex.trust_direction, LSA_TRUST_DIRECTION_OUTBOUND); ret = false; } } @@ -2149,6 +2189,7 @@ static bool test_CreateTrustedDomainEx2(struct dcerpc_pipe *p, struct dom_sid *domsid[12]; struct policy_handle trustdom_handle[12]; struct lsa_QueryTrustedDomainInfo q; + union lsa_TrustedDomainInfo *info = NULL; DATA_BLOB session_key; enum ndr_err_code ndr_err; int i; @@ -2221,6 +2262,7 @@ static bool test_CreateTrustedDomainEx2(struct dcerpc_pipe *p, q.in.trustdom_handle = &trustdom_handle[i]; q.in.level = LSA_TRUSTED_DOMAIN_INFO_INFO_EX; + q.out.info = &info; status = dcerpc_lsa_QueryTrustedDomainInfo(p, mem_ctx, &q); if (!NT_STATUS_IS_OK(status)) { printf("QueryTrustedDomainInfo level 1 failed - %s\n", nt_errstr(status)); @@ -2229,24 +2271,24 @@ static bool test_CreateTrustedDomainEx2(struct dcerpc_pipe *p, printf("QueryTrustedDomainInfo level 1 failed to return an info pointer\n"); ret = false; } else { - if (strcmp(q.out.info->info_ex.netbios_name.string, trustinfo.netbios_name.string) != 0) { + if (strcmp(info->info_ex.netbios_name.string, trustinfo.netbios_name.string) != 0) { printf("QueryTrustedDomainInfo returned inconsistant short name: %s != %s\n", - q.out.info->info_ex.netbios_name.string, trustinfo.netbios_name.string); + info->info_ex.netbios_name.string, trustinfo.netbios_name.string); ret = false; } - if (q.out.info->info_ex.trust_type != trustinfo.trust_type) { + if (info->info_ex.trust_type != trustinfo.trust_type) { printf("QueryTrustedDomainInfo of %s returned incorrect trust type %d != %d\n", - trust_name, q.out.info->info_ex.trust_type, trustinfo.trust_type); + trust_name, info->info_ex.trust_type, trustinfo.trust_type); ret = false; } - if (q.out.info->info_ex.trust_attributes != LSA_TRUST_ATTRIBUTE_USES_RC4_ENCRYPTION) { + if (info->info_ex.trust_attributes != LSA_TRUST_ATTRIBUTE_USES_RC4_ENCRYPTION) { printf("QueryTrustedDomainInfo of %s returned incorrect trust attributes %d != %d\n", - trust_name, q.out.info->info_ex.trust_attributes, LSA_TRUST_ATTRIBUTE_USES_RC4_ENCRYPTION); + trust_name, info->info_ex.trust_attributes, LSA_TRUST_ATTRIBUTE_USES_RC4_ENCRYPTION); ret = false; } - if (q.out.info->info_ex.trust_direction != trustinfo.trust_direction) { + if (info->info_ex.trust_direction != trustinfo.trust_direction) { printf("QueryTrustedDomainInfo of %s returned incorrect trust direction %d != %d\n", - trust_name, q.out.info->info_ex.trust_direction, trustinfo.trust_direction); + trust_name, info->info_ex.trust_direction, trustinfo.trust_direction); ret = false; } } @@ -2274,6 +2316,7 @@ static bool test_QueryDomainInfoPolicy(struct dcerpc_pipe *p, struct policy_handle *handle) { struct lsa_QueryDomainInformationPolicy r; + union lsa_DomainInformationPolicy *info = NULL; NTSTATUS status; int i; bool ret = true; @@ -2283,6 +2326,7 @@ static bool test_QueryDomainInfoPolicy(struct dcerpc_pipe *p, for (i=2;i<4;i++) { r.in.handle = handle; r.in.level = i; + r.out.info = &info; printf("\nTrying QueryDomainInformationPolicy level %d\n", i); @@ -2308,6 +2352,7 @@ static bool test_QueryInfoPolicyCalls( bool version2, struct policy_handle *handle) { struct lsa_QueryInfoPolicy r; + union lsa_PolicyInformation *info = NULL; NTSTATUS status; int i; bool ret = true; @@ -2320,6 +2365,7 @@ static bool test_QueryInfoPolicyCalls( bool version2, for (i=1;i<=14;i++) { r.in.handle = handle; r.in.level = i; + r.out.info = &info; if (version2) printf("\nTrying QueryInfoPolicy2 level %d\n", i); @@ -2389,33 +2435,33 @@ static bool test_QueryInfoPolicyCalls( bool version2, struct lsa_TransNameArray tnames; tnames.count = 14; tnames.names = talloc_zero_array(tctx, struct lsa_TranslatedName, tnames.count); - tnames.names[0].name.string = r.out.info->dns.name.string; + tnames.names[0].name.string = info->dns.name.string; tnames.names[0].sid_type = SID_NAME_DOMAIN; - tnames.names[1].name.string = r.out.info->dns.dns_domain.string; + tnames.names[1].name.string = info->dns.dns_domain.string; tnames.names[1].sid_type = SID_NAME_DOMAIN; - tnames.names[2].name.string = talloc_asprintf(tctx, "%s\\", r.out.info->dns.name.string); + tnames.names[2].name.string = talloc_asprintf(tctx, "%s\\", info->dns.name.string); tnames.names[2].sid_type = SID_NAME_DOMAIN; - tnames.names[3].name.string = talloc_asprintf(tctx, "%s\\", r.out.info->dns.dns_domain.string); + tnames.names[3].name.string = talloc_asprintf(tctx, "%s\\", info->dns.dns_domain.string); tnames.names[3].sid_type = SID_NAME_DOMAIN; - tnames.names[4].name.string = talloc_asprintf(tctx, "%s\\guest", r.out.info->dns.name.string); + tnames.names[4].name.string = talloc_asprintf(tctx, "%s\\guest", info->dns.name.string); tnames.names[4].sid_type = SID_NAME_USER; - tnames.names[5].name.string = talloc_asprintf(tctx, "%s\\krbtgt", r.out.info->dns.name.string); + tnames.names[5].name.string = talloc_asprintf(tctx, "%s\\krbtgt", info->dns.name.string); tnames.names[5].sid_type = SID_NAME_USER; - tnames.names[6].name.string = talloc_asprintf(tctx, "%s\\guest", r.out.info->dns.dns_domain.string); + tnames.names[6].name.string = talloc_asprintf(tctx, "%s\\guest", info->dns.dns_domain.string); tnames.names[6].sid_type = SID_NAME_USER; - tnames.names[7].name.string = talloc_asprintf(tctx, "%s\\krbtgt", r.out.info->dns.dns_domain.string); + tnames.names[7].name.string = talloc_asprintf(tctx, "%s\\krbtgt", info->dns.dns_domain.string); tnames.names[7].sid_type = SID_NAME_USER; - tnames.names[8].name.string = talloc_asprintf(tctx, "krbtgt@%s", r.out.info->dns.name.string); + tnames.names[8].name.string = talloc_asprintf(tctx, "krbtgt@%s", info->dns.name.string); tnames.names[8].sid_type = SID_NAME_USER; - tnames.names[9].name.string = talloc_asprintf(tctx, "krbtgt@%s", r.out.info->dns.dns_domain.string); + tnames.names[9].name.string = talloc_asprintf(tctx, "krbtgt@%s", info->dns.dns_domain.string); tnames.names[9].sid_type = SID_NAME_USER; - tnames.names[10].name.string = talloc_asprintf(tctx, "%s\\"TEST_MACHINENAME "$", r.out.info->dns.name.string); + tnames.names[10].name.string = talloc_asprintf(tctx, "%s\\"TEST_MACHINENAME "$", info->dns.name.string); tnames.names[10].sid_type = SID_NAME_USER; - tnames.names[11].name.string = talloc_asprintf(tctx, "%s\\"TEST_MACHINENAME "$", r.out.info->dns.dns_domain.string); + tnames.names[11].name.string = talloc_asprintf(tctx, "%s\\"TEST_MACHINENAME "$", info->dns.dns_domain.string); tnames.names[11].sid_type = SID_NAME_USER; - tnames.names[12].name.string = talloc_asprintf(tctx, TEST_MACHINENAME "$@%s", r.out.info->dns.name.string); + tnames.names[12].name.string = talloc_asprintf(tctx, TEST_MACHINENAME "$@%s", info->dns.name.string); tnames.names[12].sid_type = SID_NAME_USER; - tnames.names[13].name.string = talloc_asprintf(tctx, TEST_MACHINENAME "$@%s", r.out.info->dns.dns_domain.string); + tnames.names[13].name.string = talloc_asprintf(tctx, TEST_MACHINENAME "$@%s", info->dns.dns_domain.string); tnames.names[13].sid_type = SID_NAME_USER; ret &= test_LookupNames(p, tctx, handle, &tnames); @@ -2444,14 +2490,27 @@ static bool test_GetUserName(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx) struct lsa_GetUserName r; NTSTATUS status; bool ret = true; - struct lsa_StringPointer authority_name_p; + struct lsa_String *authority_name_p = NULL; + struct lsa_String *account_name_p = NULL; printf("\nTesting GetUserName\n"); - r.in.system_name = "\\"; - r.in.account_name = NULL; - r.in.authority_name = &authority_name_p; - authority_name_p.string = NULL; + r.in.system_name = "\\"; + r.in.account_name = &account_name_p; + r.in.authority_name = NULL; + r.out.account_name = &account_name_p; + + status = dcerpc_lsa_GetUserName(p, mem_ctx, &r); + + if (!NT_STATUS_IS_OK(status)) { + printf("GetUserName failed - %s\n", nt_errstr(status)); + ret = false; + } + + account_name_p = NULL; + r.in.account_name = &account_name_p; + r.in.authority_name = &authority_name_p; + r.out.account_name = &account_name_p; status = dcerpc_lsa_GetUserName(p, mem_ctx, &r); diff --git a/source4/torture/rpc/lsa_lookup.c b/source4/torture/rpc/lsa_lookup.c index 9c817a7061..0124ce1741 100644 --- a/source4/torture/rpc/lsa_lookup.c +++ b/source4/torture/rpc/lsa_lookup.c @@ -66,15 +66,17 @@ static bool get_domainsid(TALLOC_CTX *mem_ctx, struct dcerpc_pipe *p, struct dom_sid **sid) { struct lsa_QueryInfoPolicy r; + union lsa_PolicyInformation *info = NULL; NTSTATUS status; r.in.level = LSA_POLICY_INFO_DOMAIN; r.in.handle = handle; + r.out.info = &info; status = dcerpc_lsa_QueryInfoPolicy(p, mem_ctx, &r); if (!NT_STATUS_IS_OK(status)) return false; - *sid = r.out.info->domain.sid; + *sid = info->domain.sid; return true; } @@ -192,6 +194,7 @@ static bool get_downleveltrust(struct torture_context *tctx, struct dcerpc_pipe for (i=0; i<domains.count; i++) { struct lsa_QueryTrustedDomainInfoBySid q; + union lsa_TrustedDomainInfo *info = NULL; if (domains.domains[i].sid == NULL) continue; @@ -199,11 +202,13 @@ static bool get_downleveltrust(struct torture_context *tctx, struct dcerpc_pipe q.in.handle = handle; q.in.dom_sid = domains.domains[i].sid; q.in.level = 6; + q.out.info = &info; + status = dcerpc_lsa_QueryTrustedDomainInfoBySid(p, tctx, &q); if (!NT_STATUS_IS_OK(status)) continue; - if ((q.out.info->info_ex.trust_direction & 2) && - (q.out.info->info_ex.trust_type == 1)) { + if ((info->info_ex.trust_direction & 2) && + (info->info_ex.trust_type == 1)) { *sid = domains.domains[i].sid; return true; } diff --git a/source4/torture/rpc/object_uuid.c b/source4/torture/rpc/object_uuid.c index 5a77bd1c29..69905169af 100644 --- a/source4/torture/rpc/object_uuid.c +++ b/source4/torture/rpc/object_uuid.c @@ -39,7 +39,8 @@ static bool test_random_uuid(struct torture_context *torture) struct GUID uuid; struct dssetup_DsRoleGetPrimaryDomainInformation r1; struct lsa_GetUserName r2; - struct lsa_StringPointer authority_name_p; + struct lsa_String *authority_name_p = NULL; + struct lsa_String *account_name_p = NULL; torture_comment(torture, "RPC-OBJECTUUID-RANDOM\n"); @@ -63,9 +64,10 @@ static bool test_random_uuid(struct torture_context *torture) uuid = GUID_random(); r2.in.system_name = "\\"; - r2.in.account_name = NULL; + r2.in.account_name = &account_name_p; r2.in.authority_name = &authority_name_p; - authority_name_p.string = NULL; + r2.out.account_name = &account_name_p; + r2.out.authority_name = &authority_name_p; req = dcerpc_ndr_request_send(p2, &uuid, &ndr_table_lsarpc, diff --git a/source4/torture/rpc/samba3rpc.c b/source4/torture/rpc/samba3rpc.c index 85714ace13..a45397de46 100644 --- a/source4/torture/rpc/samba3rpc.c +++ b/source4/torture/rpc/samba3rpc.c @@ -208,6 +208,7 @@ static bool bindtest(struct smbcli_state *cli, struct lsa_ObjectAttribute objectattr; struct lsa_OpenPolicy2 openpolicy; struct lsa_QueryInfoPolicy query; + union lsa_PolicyInformation *info = NULL; struct policy_handle handle; struct lsa_Close close_handle; @@ -256,6 +257,7 @@ static bool bindtest(struct smbcli_state *cli, query.in.handle = &handle; query.in.level = LSA_POLICY_INFO_DOMAIN; + query.out.info = &info; status = dcerpc_lsa_QueryInfoPolicy(lsa_pipe, mem_ctx, &query); if (!NT_STATUS_IS_OK(status)) { @@ -1500,6 +1502,7 @@ static struct dom_sid *name2sid(TALLOC_CTX *mem_ctx, struct policy_handle handle; struct lsa_LookupNames l; struct lsa_TransSidArray sids; + struct lsa_RefDomainList *domains = NULL; struct lsa_String lsa_name; uint32_t count = 0; struct dom_sid *result; @@ -1546,6 +1549,7 @@ static struct dom_sid *name2sid(TALLOC_CTX *mem_ctx, l.in.count = &count; l.out.count = &count; l.out.sids = &sids; + l.out.domains = &domains; status = dcerpc_lsa_LookupNames(p, tmp_ctx, &l); if (!NT_STATUS_IS_OK(status)) { @@ -1555,7 +1559,7 @@ static struct dom_sid *name2sid(TALLOC_CTX *mem_ctx, return NULL; } - result = dom_sid_add_rid(mem_ctx, l.out.domains->domains[0].sid, + result = dom_sid_add_rid(mem_ctx, domains->domains[0].sid, l.out.sids->sids[0].rid); c.in.handle = &handle; @@ -1583,7 +1587,8 @@ static struct dom_sid *whoami(TALLOC_CTX *mem_ctx, struct dcerpc_pipe *lsa; struct lsa_GetUserName r; NTSTATUS status; - struct lsa_StringPointer authority_name_p; + struct lsa_String *authority_name_p = NULL; + struct lsa_String *account_name_p = NULL; struct dom_sid *result; status = pipe_bind_smb(mem_ctx, lp_ctx, tree, "\\pipe\\lsarpc", @@ -1595,12 +1600,14 @@ static struct dom_sid *whoami(TALLOC_CTX *mem_ctx, } r.in.system_name = "\\"; - r.in.account_name = NULL; - authority_name_p.string = NULL; + r.in.account_name = &account_name_p; r.in.authority_name = &authority_name_p; + r.out.account_name = &account_name_p; status = dcerpc_lsa_GetUserName(lsa, mem_ctx, &r); + authority_name_p = *r.out.authority_name; + if (!NT_STATUS_IS_OK(status)) { printf("(%s) GetUserName failed - %s\n", __location__, nt_errstr(status)); @@ -1608,8 +1615,8 @@ static struct dom_sid *whoami(TALLOC_CTX *mem_ctx, return NULL; } - result = name2sid(mem_ctx, lsa, r.out.account_name->string, - r.out.authority_name->string->string); + result = name2sid(mem_ctx, lsa, account_name_p->string, + authority_name_p->string); talloc_free(lsa); return result; @@ -2388,8 +2395,10 @@ bool torture_samba3_rpc_lsa(struct torture_context *torture) for (i=0; i<ARRAY_SIZE(levels); i++) { struct lsa_QueryInfoPolicy r; + union lsa_PolicyInformation *info = NULL; r.in.handle = &lsa_handle; r.in.level = levels[i]; + r.out.info = &info; status = dcerpc_lsa_QueryInfoPolicy(p, mem_ctx, &r); if (!NT_STATUS_IS_OK(status)) { d_printf("(%s) dcerpc_lsa_QueryInfoPolicy %d " @@ -2399,7 +2408,7 @@ bool torture_samba3_rpc_lsa(struct torture_context *torture) return false; } if (levels[i] == 5) { - domain_sid = r.out.info->account_domain.sid; + domain_sid = info->account_domain.sid; } } } diff --git a/source4/torture/rpc/samsync.c b/source4/torture/rpc/samsync.c index 2d2aaa80d6..fdd86da28c 100644 --- a/source4/torture/rpc/samsync.c +++ b/source4/torture/rpc/samsync.c @@ -204,10 +204,12 @@ static struct sec_desc_buf *samsync_query_lsa_sec_desc(TALLOC_CTX *mem_ctx, struct policy_handle *handle) { struct lsa_QuerySecurity r; + struct sec_desc_buf *sdbuf = NULL; NTSTATUS status; r.in.handle = handle; r.in.sec_info = 0x7; + r.out.sdbuf = &sdbuf; status = dcerpc_lsa_QuerySecurity(samsync_state->p_lsa, mem_ctx, &r); if (!NT_STATUS_IS_OK(status)) { @@ -215,7 +217,7 @@ static struct sec_desc_buf *samsync_query_lsa_sec_desc(TALLOC_CTX *mem_ctx, return NULL; } - return r.out.sdbuf; + return sdbuf; } #define TEST_UINT64_EQUAL(i1, i2) do {\ @@ -965,6 +967,7 @@ static bool samsync_handle_trusted_domain(TALLOC_CTX *mem_ctx, struct samsync_st struct policy_handle trustdom_handle; struct lsa_QueryTrustedDomainInfo q; union lsa_TrustedDomainInfo *info[9]; + union lsa_TrustedDomainInfo *_info = NULL; int levels [] = {1, 3, 8}; int i; @@ -985,6 +988,7 @@ static bool samsync_handle_trusted_domain(TALLOC_CTX *mem_ctx, struct samsync_st for (i=0; i< ARRAY_SIZE(levels); i++) { q.in.trustdom_handle = &trustdom_handle; q.in.level = levels[i]; + q.out.info = &_info; status = dcerpc_lsa_QueryTrustedDomainInfo(samsync_state->p_lsa, mem_ctx, &q); if (!NT_STATUS_IS_OK(status)) { if (q.in.level == 8 && NT_STATUS_EQUAL(status,NT_STATUS_INVALID_PARAMETER)) { @@ -995,7 +999,7 @@ static bool samsync_handle_trusted_domain(TALLOC_CTX *mem_ctx, struct samsync_st levels[i], nt_errstr(status)); return false; } - info[levels[i]] = q.out.info; + info[levels[i]] = _info; } if (info[8]) { @@ -1025,6 +1029,7 @@ static bool samsync_handle_account(TALLOC_CTX *mem_ctx, struct samsync_state *sa struct lsa_OpenAccount a; struct policy_handle acct_handle; struct lsa_EnumPrivsAccount e; + struct lsa_PrivilegeSet *privs = NULL; struct lsa_LookupPrivName r; int i, j; @@ -1047,6 +1052,7 @@ static bool samsync_handle_account(TALLOC_CTX *mem_ctx, struct samsync_state *sa found_priv_in_lsa = talloc_zero_array(mem_ctx, bool, account->privilege_entries); e.in.handle = &acct_handle; + e.out.privs = &privs; status = dcerpc_lsa_EnumPrivsAccount(samsync_state->p_lsa, mem_ctx, &e); if (!NT_STATUS_IS_OK(status)) { @@ -1054,23 +1060,27 @@ static bool samsync_handle_account(TALLOC_CTX *mem_ctx, struct samsync_state *sa return false; } - if ((account->privilege_entries && !e.out.privs)) { + if ((account->privilege_entries && !privs)) { printf("Account %s has privileges in SamSync, but not LSA\n", dom_sid_string(mem_ctx, dom_sid)); return false; } - if (!account->privilege_entries && e.out.privs && e.out.privs->count) { + if (!account->privilege_entries && privs && privs->count) { printf("Account %s has privileges in LSA, but not SamSync\n", dom_sid_string(mem_ctx, dom_sid)); return false; } - TEST_INT_EQUAL(account->privilege_entries, e.out.privs->count); + TEST_INT_EQUAL(account->privilege_entries, privs->count); - for (i=0;i< e.out.privs->count; i++) { + for (i=0;i< privs->count; i++) { + + struct lsa_StringLarge *name = NULL; + r.in.handle = samsync_state->lsa_handle; - r.in.luid = &e.out.privs->set[i].luid; + r.in.luid = &privs->set[i].luid; + r.out.name = &name; status = dcerpc_lsa_LookupPrivName(samsync_state->p_lsa, mem_ctx, &r); if (!NT_STATUS_IS_OK(status)) { @@ -1083,7 +1093,7 @@ static bool samsync_handle_account(TALLOC_CTX *mem_ctx, struct samsync_state *sa return false; } for (j=0;j<account->privilege_entries; j++) { - if (strcmp(r.out.name->string, account->privilege_name[j].string) == 0) { + if (strcmp(name->string, account->privilege_name[j].string) == 0) { found_priv_in_lsa[j] = true; break; } diff --git a/source4/torture/rpc/schannel.c b/source4/torture/rpc/schannel.c index 15d40a2e17..a8aa046280 100644 --- a/source4/torture/rpc/schannel.c +++ b/source4/torture/rpc/schannel.c @@ -182,18 +182,21 @@ static bool test_lsa_ops(struct torture_context *tctx, struct dcerpc_pipe *p) struct lsa_GetUserName r; NTSTATUS status; bool ret = true; - struct lsa_StringPointer authority_name_p; + struct lsa_String *account_name_p = NULL; + struct lsa_String *authority_name_p = NULL; printf("\nTesting GetUserName\n"); r.in.system_name = "\\"; - r.in.account_name = NULL; + r.in.account_name = &account_name_p; r.in.authority_name = &authority_name_p; - authority_name_p.string = NULL; + r.out.account_name = &account_name_p; /* do several ops to test credential chaining and various operations */ status = dcerpc_lsa_GetUserName(p, tctx, &r); - + + authority_name_p = *r.out.authority_name; + if (NT_STATUS_EQUAL(status, NT_STATUS_RPC_PROTSEQ_NOT_SUPPORTED)) { printf("not considering %s to be an error\n", nt_errstr(status)); } else if (!NT_STATUS_IS_OK(status)) { @@ -204,18 +207,18 @@ static bool test_lsa_ops(struct torture_context *tctx, struct dcerpc_pipe *p) return false; } - if (strcmp(r.out.account_name->string, "ANONYMOUS LOGON") != 0) { + if (strcmp(account_name_p->string, "ANONYMOUS LOGON") != 0) { printf("GetUserName returned wrong user: %s, expected %s\n", - r.out.account_name->string, "ANONYMOUS LOGON"); + account_name_p->string, "ANONYMOUS LOGON"); return false; } - if (!r.out.authority_name || !r.out.authority_name->string) { + if (!authority_name_p || !authority_name_p->string) { return false; } - if (strcmp(r.out.authority_name->string->string, "NT AUTHORITY") != 0) { + if (strcmp(authority_name_p->string, "NT AUTHORITY") != 0) { printf("GetUserName returned wrong user: %s, expected %s\n", - r.out.authority_name->string->string, "NT AUTHORITY"); + authority_name_p->string, "NT AUTHORITY"); return false; } } diff --git a/source4/winbind/wb_async_helpers.c b/source4/winbind/wb_async_helpers.c index 25d52a16b5..48a2a4d882 100644 --- a/source4/winbind/wb_async_helpers.c +++ b/source4/winbind/wb_async_helpers.c @@ -41,6 +41,7 @@ struct lsa_lookupsids_state { struct lsa_LookupSids r; struct lsa_SidArray sids; struct lsa_TransNameArray names; + struct lsa_RefDomainList *domains; uint32_t count; struct wb_sid_object **result; }; @@ -76,6 +77,9 @@ struct composite_context *wb_lsa_lookupsids_send(TALLOC_CTX *mem_ctx, if (state->sids.sids[i].sid == NULL) goto failed; } + state->domains = talloc(state, struct lsa_RefDomainList); + if (state->domains == NULL) goto failed; + state->count = 0; state->num_sids = num_sids; state->names.count = 0; @@ -88,6 +92,7 @@ struct composite_context *wb_lsa_lookupsids_send(TALLOC_CTX *mem_ctx, state->r.in.count = &state->count; state->r.out.names = &state->names; state->r.out.count = &state->count; + state->r.out.domains = &state->domains; req = dcerpc_lsa_LookupSids_send(lsa_pipe, state, &state->r); if (req == NULL) goto failed; @@ -125,6 +130,8 @@ static void lsa_lookupsids_recv_names(struct rpc_request *req) struct lsa_TranslatedName *name = &state->r.out.names->names[i]; struct lsa_DomainInfo *dom; + struct lsa_RefDomainList *domains = + state->domains; state->result[i] = talloc_zero(state->result, struct wb_sid_object); @@ -135,13 +142,13 @@ static void lsa_lookupsids_recv_names(struct rpc_request *req) continue; } - if (name->sid_index >= state->r.out.domains->count) { + if (name->sid_index >= domains->count) { composite_error(state->ctx, NT_STATUS_INVALID_PARAMETER); return; } - dom = &state->r.out.domains->domains[name->sid_index]; + dom = &domains->domains[name->sid_index]; state->result[i]->domain = talloc_reference(state->result[i], dom->name.string); if ((name->sid_type == SID_NAME_DOMAIN) || @@ -183,6 +190,7 @@ struct lsa_lookupnames_state { uint32_t num_names; struct lsa_LookupNames r; struct lsa_TransSidArray sids; + struct lsa_RefDomainList *domains; uint32_t count; struct wb_sid_object **result; }; @@ -222,6 +230,9 @@ struct composite_context *wb_lsa_lookupnames_send(TALLOC_CTX *mem_ctx, lsa_names[i].string = names[i]; } + state->domains = talloc(state, struct lsa_RefDomainList); + if (state->domains == NULL) goto failed; + state->r.in.handle = handle; state->r.in.num_names = num_names; state->r.in.names = lsa_names; @@ -230,6 +241,7 @@ struct composite_context *wb_lsa_lookupnames_send(TALLOC_CTX *mem_ctx, state->r.in.count = &state->count; state->r.out.count = &state->count; state->r.out.sids = &state->sids; + state->r.out.domains = &state->domains; req = dcerpc_lsa_LookupNames_send(lsa_pipe, state, &state->r); if (req == NULL) goto failed; @@ -265,6 +277,7 @@ static void lsa_lookupnames_recv_sids(struct rpc_request *req) for (i=0; i<state->num_names; i++) { struct lsa_TranslatedSid *sid = &state->r.out.sids->sids[i]; + struct lsa_RefDomainList *domains = state->domains; struct lsa_DomainInfo *dom; state->result[i] = talloc_zero(state->result, @@ -276,13 +289,13 @@ static void lsa_lookupnames_recv_sids(struct rpc_request *req) continue; } - if (sid->sid_index >= state->r.out.domains->count) { + if (sid->sid_index >= domains->count) { composite_error(state->ctx, NT_STATUS_INVALID_PARAMETER); return; } - dom = &state->r.out.domains->domains[sid->sid_index]; + dom = &domains->domains[sid->sid_index]; state->result[i]->sid = dom_sid_add_rid(state->result[i], dom->sid, sid->rid); diff --git a/source4/winbind/wb_init_domain.c b/source4/winbind/wb_init_domain.c index c6dee825a9..531647def8 100644 --- a/source4/winbind/wb_init_domain.c +++ b/source4/winbind/wb_init_domain.c @@ -70,6 +70,7 @@ struct init_domain_state { struct lsa_ObjectAttribute objectattr; struct lsa_OpenPolicy2 lsa_openpolicy; struct lsa_QueryInfoPolicy queryinfo; + union lsa_PolicyInformation *info; }; static void init_domain_recv_netlogonpipe(struct composite_context *ctx); @@ -326,8 +327,12 @@ static void init_domain_recv_lsa_policy(struct rpc_request *req) state->ctx->status = state->lsa_openpolicy.out.result; if (!composite_is_ok(state->ctx)) return; + state->info = talloc_zero(state->ctx, union lsa_PolicyInformation); + if (composite_nomem(state->info, state->ctx)) return; + state->queryinfo.in.handle = &state->domain->libnet_ctx->lsa.handle; state->queryinfo.in.level = LSA_POLICY_INFO_ACCOUNT_DOMAIN; + state->queryinfo.out.info = &state->info; req = dcerpc_lsa_QueryInfoPolicy_send(state->domain->libnet_ctx->lsa.pipe, state, &state->queryinfo); @@ -347,7 +352,7 @@ static void init_domain_recv_queryinfo(struct rpc_request *req) state->ctx->status = state->queryinfo.out.result; if (!composite_is_ok(state->ctx)) return; - dominfo = &state->queryinfo.out.info->account_domain; + dominfo = &(*state->queryinfo.out.info)->account_domain; if (strcasecmp(state->domain->info->name, dominfo->name.string) != 0) { DEBUG(2, ("Expected domain name %s, DC %s said %s\n", |