summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--source4/rpc_server/lsa/dcesrv_lsa.c63
-rw-r--r--source4/torture/rpc/lsa.c37
2 files changed, 83 insertions, 17 deletions
diff --git a/source4/rpc_server/lsa/dcesrv_lsa.c b/source4/rpc_server/lsa/dcesrv_lsa.c
index f184c97db8..f784837d1a 100644
--- a/source4/rpc_server/lsa/dcesrv_lsa.c
+++ b/source4/rpc_server/lsa/dcesrv_lsa.c
@@ -44,6 +44,7 @@ struct lsa_policy_state {
struct sidmap_context *sidmap;
uint32_t access_mask;
const char *domain_dn;
+ const char *builtin_dn;
const char *domain_name;
struct dom_sid *domain_sid;
struct dom_sid *builtin_sid;
@@ -225,6 +226,15 @@ static NTSTATUS lsa_OpenPolicy2(struct dcesrv_call_state *dce_call, TALLOC_CTX *
return NT_STATUS_NO_SUCH_DOMAIN;
}
+ /* work out the builtin_dn - useful for so many calls its worth
+ fetching here */
+ state->builtin_dn = samdb_search_string(state->sam_ctx, state, NULL,
+ "dn", "objectClass=builtinDomain");
+ if (!state->builtin_dn) {
+ talloc_free(state);
+ return NT_STATUS_NO_SUCH_DOMAIN;
+ }
+
sid_str = samdb_search_string(state->sam_ctx, state, NULL,
"objectSid", "dn=%s", state->domain_dn);
if (!sid_str) {
@@ -427,7 +437,58 @@ static NTSTATUS lsa_CreateAccount(struct dcesrv_call_state *dce_call, TALLOC_CTX
static NTSTATUS lsa_EnumAccounts(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
struct lsa_EnumAccounts *r)
{
- DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
+ struct dcesrv_handle *h;
+ struct lsa_policy_state *state;
+ int ret, i;
+ struct ldb_message **res;
+ const char * const attrs[] = { "objectSid", NULL};
+ uint32_t count;
+
+ DCESRV_PULL_HANDLE(h, r->in.handle, LSA_HANDLE_POLICY);
+
+ state = h->data;
+
+ ret = samdb_search(state->sam_ctx, mem_ctx, state->builtin_dn, &res, attrs, "objectClass=group");
+ if (ret <= 0) {
+ return NT_STATUS_NO_SUCH_USER;
+ }
+
+ if (*r->in.resume_handle >= ret) {
+ return NT_STATUS_NO_MORE_ENTRIES;
+ }
+
+ count = ret - *r->in.resume_handle;
+ if (count > r->in.num_entries) {
+ count = r->in.num_entries;
+ }
+
+ if (count == 0) {
+ return NT_STATUS_NO_MORE_ENTRIES;
+ }
+
+ r->out.sids->sids = talloc_array_p(r->out.sids, struct lsa_SidPtr, count);
+ if (r->out.sids->sids == NULL) {
+ return NT_STATUS_NO_MEMORY;
+ }
+
+ for (i=0;i<count;i++) {
+ const char *sidstr;
+
+ sidstr = samdb_result_string(res[i + *r->in.resume_handle], "objectSid", NULL);
+ if (sidstr == NULL) {
+ return NT_STATUS_NO_MEMORY;
+ }
+ r->out.sids->sids[i].sid = dom_sid_parse_talloc(r->out.sids->sids, sidstr);
+ if (r->out.sids->sids[i].sid == NULL) {
+ return NT_STATUS_NO_MEMORY;
+ }
+ }
+
+ r->out.sids->num_sids = count;
+ *r->out.resume_handle = count + *r->in.resume_handle;
+
+ return NT_STATUS_OK;
+
}
diff --git a/source4/torture/rpc/lsa.c b/source4/torture/rpc/lsa.c
index 84fd246538..3b7635f13b 100644
--- a/source4/torture/rpc/lsa.c
+++ b/source4/torture/rpc/lsa.c
@@ -702,26 +702,31 @@ static BOOL test_EnumAccounts(struct dcerpc_pipe *p,
r.out.sids = &sids1;
resume_handle = 0;
- status = dcerpc_lsa_EnumAccounts(p, mem_ctx, &r);
- if (!NT_STATUS_IS_OK(status)) {
- printf("EnumAccounts failed - %s\n", nt_errstr(status));
- return False;
- }
+ while (True) {
+ status = dcerpc_lsa_EnumAccounts(p, mem_ctx, &r);
+ if (NT_STATUS_EQUAL(status, NT_STATUS_NO_MORE_ENTRIES)) {
+ break;
+ }
+ if (!NT_STATUS_IS_OK(status)) {
+ printf("EnumAccounts failed - %s\n", nt_errstr(status));
+ return False;
+ }
- if (!test_LookupSids(p, mem_ctx, handle, &sids1)) {
- return False;
- }
+ if (!test_LookupSids(p, mem_ctx, handle, &sids1)) {
+ return False;
+ }
- if (!test_LookupSids2(p, mem_ctx, handle, &sids1)) {
- return False;
- }
+ if (!test_LookupSids2(p, mem_ctx, handle, &sids1)) {
+ return False;
+ }
- printf("testing all accounts\n");
- for (i=0;i<sids1.num_sids;i++) {
- test_OpenAccount(p, mem_ctx, handle, sids1.sids[i].sid);
- test_EnumAccountRights(p, mem_ctx, handle, sids1.sids[i].sid);
+ printf("testing all accounts\n");
+ for (i=0;i<sids1.num_sids;i++) {
+ test_OpenAccount(p, mem_ctx, handle, sids1.sids[i].sid);
+ test_EnumAccountRights(p, mem_ctx, handle, sids1.sids[i].sid);
+ }
+ printf("\n");
}
- printf("\n");
if (sids1.num_sids < 3) {
return True;