diff options
| -rw-r--r-- | source4/librpc/idl/lsa.idl | 9 | ||||
| -rw-r--r-- | source4/provision.ldif | 2 | ||||
| -rw-r--r-- | source4/rpc_server/lsa/dcesrv_lsa.c | 98 | ||||
| -rw-r--r-- | source4/rpc_server/samr/samdb.c | 22 | ||||
| -rwxr-xr-x | source4/script/provision.pl | 7 | ||||
| -rw-r--r-- | source4/torture/rpc/lsa.c | 38 |
6 files changed, 148 insertions, 28 deletions
diff --git a/source4/librpc/idl/lsa.idl b/source4/librpc/idl/lsa.idl index e477ce7054..b9acbfcf10 100644 --- a/source4/librpc/idl/lsa.idl +++ b/source4/librpc/idl/lsa.idl @@ -500,6 +500,13 @@ /* Function: 0x2d */ NTSTATUS UNK_GET_CONNUSER (); + + /**********************/ /* Function: 0x2e */ - NTSTATUS QUERYINFO2 (); + + NTSTATUS lsa_QueryInfoPolicy2( + [in,ref] policy_handle *handle, + [in] uint16 level, + [out,switch_is(level)] lsa_PolicyInformation *info + ); } diff --git a/source4/provision.ldif b/source4/provision.ldif index 075cd758ba..444f7185bd 100644 --- a/source4/provision.ldif +++ b/source4/provision.ldif @@ -27,6 +27,8 @@ objectClass: top objectClass: domain objectClass: domainDNS name: ${DOMAIN} +realm: ${REALM} +dnsDomain: ${REALM} dc: ${DOMAIN} objectGUID: ${NEWGUID} creationTime: ${NTTIME} diff --git a/source4/rpc_server/lsa/dcesrv_lsa.c b/source4/rpc_server/lsa/dcesrv_lsa.c index 6ea782a8f2..bff7a98b25 100644 --- a/source4/rpc_server/lsa/dcesrv_lsa.c +++ b/source4/rpc_server/lsa/dcesrv_lsa.c @@ -139,10 +139,10 @@ static NTSTATUS lsa_ChangePassword(struct dcesrv_call_state *dce_call, TALLOC_CT /* - lsa_OpenPolicy + lsa_OpenPolicy2 */ -static NTSTATUS lsa_OpenPolicy(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx, - struct lsa_OpenPolicy *r) +static NTSTATUS lsa_OpenPolicy2(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx, + struct lsa_OpenPolicy2 *r) { struct lsa_policy_state *state; struct dcesrv_handle *handle; @@ -198,6 +198,25 @@ static NTSTATUS lsa_OpenPolicy(struct dcesrv_call_state *dce_call, TALLOC_CTX *m return NT_STATUS_OK; } +/* + lsa_OpenPolicy + a wrapper around lsa_OpenPolicy2 +*/ +static NTSTATUS lsa_OpenPolicy(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx, + struct lsa_OpenPolicy *r) +{ + struct lsa_OpenPolicy2 r2; + + r2.in.system_name = NULL; + r2.in.attr = r->in.attr; + r2.in.access_mask = r->in.access_mask; + r2.out.handle = r->out.handle; + + return lsa_OpenPolicy2(dce_call, mem_ctx, &r2); +} + + + /* fill in the AccountDomain info @@ -221,11 +240,36 @@ static NTSTATUS lsa_info_AccountDomain(struct lsa_policy_state *state, TALLOC_CT return NT_STATUS_OK; } +/* + fill in the DNS domain info +*/ +static NTSTATUS lsa_info_DNS(struct lsa_policy_state *state, TALLOC_CTX *mem_ctx, + struct lsa_DnsDomainInfo *info) +{ + const char * const attrs[] = { "name", "dnsDomain", "objectGUID", "objectSid", NULL }; + int ret; + struct ldb_message **res; + + ret = samdb_search(state->sam_ctx, mem_ctx, NULL, &res, attrs, + "dn=%s", state->domain_dn); + if (ret != 1) { + return NT_STATUS_INTERNAL_DB_CORRUPTION; + } + + info->name.name = samdb_result_string(res[0], "name", NULL); + info->dns_domain.name = samdb_result_string(res[0], "dnsDomain", NULL); + info->dns_forest.name = samdb_result_string(res[0], "dnsDomain", NULL); + info->domain_guid = samdb_result_guid(res[0], "objectGUID"); + info->sid = samdb_result_dom_sid(mem_ctx, res[0], "objectSid"); + + return NT_STATUS_OK; +} + /* - lsa_QueryInfoPolicy + lsa_QueryInfoPolicy2 */ -static NTSTATUS lsa_QueryInfoPolicy(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx, - struct lsa_QueryInfoPolicy *r) +static NTSTATUS lsa_QueryInfoPolicy2(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx, + struct lsa_QueryInfoPolicy2 *r) { struct lsa_policy_state *state; struct dcesrv_handle *h; @@ -244,13 +288,35 @@ static NTSTATUS lsa_QueryInfoPolicy(struct dcesrv_call_state *dce_call, TALLOC_C ZERO_STRUCTP(r->out.info); switch (r->in.level) { + case LSA_POLICY_INFO_DOMAIN: case LSA_POLICY_INFO_ACCOUNT_DOMAIN: return lsa_info_AccountDomain(state, mem_ctx, &r->out.info->account_domain); + + case LSA_POLICY_INFO_DNS: + return lsa_info_DNS(state, mem_ctx, &r->out.info->dns); } return NT_STATUS_INVALID_INFO_CLASS; } +/* + lsa_QueryInfoPolicy +*/ +static NTSTATUS lsa_QueryInfoPolicy(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx, + struct lsa_QueryInfoPolicy *r) +{ + struct lsa_QueryInfoPolicy2 r2; + NTSTATUS status; + + r2.in.handle = r->in.handle; + r2.in.level = r->in.level; + + status = lsa_QueryInfoPolicy2(dce_call, mem_ctx, &r2); + + r->out.info = r2.out.info; + + return status; +} /* lsa_SetInfoPolicy @@ -613,16 +679,6 @@ static NTSTATUS RETRPRIVDATA(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem /* - lsa_OpenPolicy2 -*/ -static NTSTATUS lsa_OpenPolicy2(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx, - struct lsa_OpenPolicy2 *r) -{ - DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR); -} - - -/* UNK_GET_CONNUSER */ static NTSTATUS UNK_GET_CONNUSER(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx, @@ -632,15 +688,5 @@ static NTSTATUS UNK_GET_CONNUSER(struct dcesrv_call_state *dce_call, TALLOC_CTX } -/* - QUERYINFO2 -*/ -static NTSTATUS QUERYINFO2(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx, - struct QUERYINFO2 *r) -{ - DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR); -} - - /* include the generated boilerplate */ #include "librpc/gen_ndr/ndr_lsa_s.c" diff --git a/source4/rpc_server/samr/samdb.c b/source4/rpc_server/samr/samdb.c index 12319cf84a..ed76a4fc60 100644 --- a/source4/rpc_server/samr/samdb.c +++ b/source4/rpc_server/samr/samdb.c @@ -380,6 +380,28 @@ struct dom_sid *samdb_result_dom_sid(TALLOC_CTX *mem_ctx, struct ldb_message *ms } /* + pull a guid structure from a objectGUID in a result set. +*/ +struct GUID samdb_result_guid(struct ldb_message *msg, const char *attr) +{ + NTSTATUS status; + struct GUID guid; + const char *guidstr = ldb_msg_find_string(msg, attr, NULL); + + ZERO_STRUCT(guid); + + if (!guidstr) return guid; + + status = GUID_from_string(guidstr, &guid); + if (!NT_STATUS_IS_OK(status)) { + ZERO_STRUCT(guid); + return guid; + } + + return guid; +} + +/* pull a sid prefix from a objectSid in a result set. this is used to find the domain sid for a user */ diff --git a/source4/script/provision.pl b/source4/script/provision.pl index e71c065328..8bafa6a030 100755 --- a/source4/script/provision.pl +++ b/source4/script/provision.pl @@ -27,7 +27,8 @@ sub randguid() my $r3 = int(rand(2**16)); my $r4 = int(rand(2**16)); my $r5 = int(rand(2**32)); - return sprintf("%08x-%04x-%04x-%04x-%08x", $r1, $r2, $r3, $r4, $r5); + my $r6 = int(rand(2**16)); + return sprintf("%08x-%04x-%04x-%04x-%08x%04x", $r1, $r2, $r3, $r4, $r5, $r6); } sub randsid() @@ -63,6 +64,10 @@ sub substitute($) return $domain; } + if ($var eq "REALM") { + return $realm; + } + if ($var eq "HOSTNAME") { return $hostname; } diff --git a/source4/torture/rpc/lsa.c b/source4/torture/rpc/lsa.c index 031070caa6..7dfa2494b7 100644 --- a/source4/torture/rpc/lsa.c +++ b/source4/torture/rpc/lsa.c @@ -675,6 +675,40 @@ static BOOL test_QueryInfoPolicy(struct dcerpc_pipe *p, return ret; } +static BOOL test_QueryInfoPolicy2(struct dcerpc_pipe *p, + TALLOC_CTX *mem_ctx, + struct policy_handle *handle) +{ + struct lsa_QueryInfoPolicy2 r; + NTSTATUS status; + int i; + BOOL ret = True; + printf("\nTesting QueryInfoPolicy2\n"); + + for (i=1;i<13;i++) { + r.in.handle = handle; + r.in.level = i; + + printf("\ntrying QueryInfoPolicy2 level %d\n", i); + + status = dcerpc_lsa_QueryInfoPolicy2(p, mem_ctx, &r); + + if ((i == 9 || i == 10 || i == 11) && + NT_STATUS_EQUAL(status, NT_STATUS_INVALID_PARAMETER)) { + printf("server failed level %u (OK)\n", i); + continue; + } + + if (!NT_STATUS_IS_OK(status)) { + printf("QueryInfoPolicy2 failed - %s\n", nt_errstr(status)); + ret = False; + continue; + } + } + + return ret; +} + static BOOL test_Close(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx, struct policy_handle *handle) @@ -759,6 +793,10 @@ BOOL torture_rpc_lsa(int dummy) if (!test_QueryInfoPolicy(p, mem_ctx, &handle)) { ret = False; } + + if (!test_QueryInfoPolicy2(p, mem_ctx, &handle)) { + ret = False; + } #if 0 if (!test_Delete(p, mem_ctx, &handle)) { |