summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--source4/librpc/idl/lsa.idl39
-rw-r--r--source4/librpc/idl/netlogon.idl61
-rw-r--r--source4/rpc_server/lsa/dcesrv_lsa.c57
-rw-r--r--source4/rpc_server/lsa/lsa_lookup.c32
-rw-r--r--source4/rpc_server/netlogon/dcerpc_netlogon.c44
-rw-r--r--source4/torture/ndr/lsa.c8
-rw-r--r--source4/torture/rpc/lsa.c30
7 files changed, 211 insertions, 60 deletions
diff --git a/source4/librpc/idl/lsa.idl b/source4/librpc/idl/lsa.idl
index e1c4499022..4dce6d6d1e 100644
--- a/source4/librpc/idl/lsa.idl
+++ b/source4/librpc/idl/lsa.idl
@@ -140,12 +140,11 @@ import "misc.idl", "security.idl";
typedef struct {
uint32 percent_full;
- uint32 log_size;
- NTTIME retention_time;
+ uint32 maximum_log_size;
+ hyper retention_time;
uint8 shutdown_in_progress;
- NTTIME time_to_shutdown;
+ hyper time_to_shutdown;
uint32 next_audit_record;
- uint32 unknown;
} lsa_AuditLogInfo;
typedef [v1_enum] enum {
@@ -183,9 +182,13 @@ import "misc.idl", "security.idl";
lsa_String name;
} lsa_PDAccountInfo;
+ typedef [v1_enum] enum {
+ LSA_ROLE_BACKUP=2,
+ LSA_ROLE_PRIMARY=3
+ } lsa_Role;
+
typedef struct {
- uint16 unknown; /* an midl padding bug? */
- uint16 role;
+ lsa_Role role;
} lsa_ServerRole;
typedef struct {
@@ -204,7 +207,7 @@ import "misc.idl", "security.idl";
typedef struct {
hyper modified_id;
- NTTIME db_create_time;
+ NTTIME_hyper db_create_time;
} lsa_ModificationInfo;
typedef struct {
@@ -212,7 +215,6 @@ import "misc.idl", "security.idl";
} lsa_AuditFullSetInfo;
typedef struct {
- uint16 unknown; /* an midl padding bug? */
uint8 shutdown_on_full;
uint8 log_is_full;
} lsa_AuditFullQueryInfo;
@@ -243,7 +245,8 @@ import "misc.idl", "security.idl";
LSA_POLICY_INFO_DB=9,
LSA_POLICY_INFO_AUDIT_FULL_SET=10,
LSA_POLICY_INFO_AUDIT_FULL_QUERY=11,
- LSA_POLICY_INFO_DNS=12
+ LSA_POLICY_INFO_DNS=12,
+ LSA_POLICY_INFO_DNS_INT=13
} lsa_PolicyInfo;
typedef [switch_type(uint16)] union {
@@ -259,6 +262,7 @@ import "misc.idl", "security.idl";
[case(LSA_POLICY_INFO_AUDIT_FULL_SET)] lsa_AuditFullSetInfo auditfullset;
[case(LSA_POLICY_INFO_AUDIT_FULL_QUERY)] lsa_AuditFullQueryInfo auditfullquery;
[case(LSA_POLICY_INFO_DNS)] lsa_DnsDomainInfo dns;
+ [case(LSA_POLICY_INFO_DNS_INT)] lsa_DnsDomainInfo dns;
} lsa_PolicyInformation;
NTSTATUS lsa_QueryInfoPolicy (
@@ -1009,8 +1013,8 @@ import "misc.idl", "security.idl";
[in,out] lsa_TransSidArray2 *sids,
[in] lsa_LookupNamesLevel level,
[in,out] uint32 *count,
- [in] uint32 unknown1,
- [in] uint32 unknown2
+ [in] uint32 lookup_options,
+ [in] uint32 client_revision /* LSA_CLIENT_REVISION* */
);
/* Function 0x3b */
@@ -1068,8 +1072,8 @@ import "misc.idl", "security.idl";
[in,out] lsa_TransSidArray3 *sids,
[in] lsa_LookupNamesLevel level,
[in,out] uint32 *count,
- [in] uint32 unknown1,
- [in] uint32 unknown2
+ [in] uint32 lookup_options,
+ [in] uint32 client_revision /* LSA_CLIENT_REVISION* */
);
/* Function 0x45 */
@@ -1148,6 +1152,11 @@ import "misc.idl", "security.idl";
[in] uint32 unknown2
);
+ const int LSA_CLIENT_REVISION_NO_DNS = 0x00000001;
+ const int LSA_CLIENT_REVISION_DNS = 0x00000002;
+
+ const int LSA_LOOKUP_OPTIONS_NO_ISOLATED = 0x80000000;
+
/* Function 0x4d */
NTSTATUS lsa_LookupNames4(
[in,range(0,1000)] uint32 num_names,
@@ -1156,8 +1165,8 @@ import "misc.idl", "security.idl";
[in,out] lsa_TransSidArray3 *sids,
[in] lsa_LookupNamesLevel level,
[in,out] uint32 *count,
- [in] uint32 unknown1,
- [in] uint32 unknown2
+ [in] uint32 lookup_options,
+ [in] uint32 client_revision /* LSA_CLIENT_REVISION* */
);
/* Function 0x4e */
diff --git a/source4/librpc/idl/netlogon.idl b/source4/librpc/idl/netlogon.idl
index 8a36922fdd..22e90878e7 100644
--- a/source4/librpc/idl/netlogon.idl
+++ b/source4/librpc/idl/netlogon.idl
@@ -1100,6 +1100,16 @@ interface netlogon
/****************/
/* Function 0x1d */
+ typedef [bitmap32bit] bitmap {
+ NETR_TRUST_FLAG_IN_FOREST = 0x00000001,
+ NETR_TRUST_FLAG_OUTBOUND = 0x00000002,
+ NETR_TRUST_FLAG_TREEROOT = 0x00000004,
+ NETR_TRUST_FLAG_PRIMARY = 0x00000008,
+ NETR_TRUST_FLAG_NATIVE = 0x00000010,
+ NETR_TRUST_FLAG_INBOUND = 0x00000020,
+ NETR_TRUST_FLAG_MIT_KRB5 = 0x00000080,
+ NETR_TRUST_FLAG_AES = 0x00000100
+ } netr_TrustFlags;
typedef [flag(NDR_PAHEX)] struct {
uint16 length;
@@ -1128,25 +1138,60 @@ interface netlogon
} netr_DomainQuery;
typedef struct {
+ /* these first 3 values come from the fact windows
+ actually encodes this structure as a UNICODE_STRING
+ - see MS-NRPC section 2.2.1.3.9 */
+ [value(8)] uint32 length;
+ [value(0)] uint32 dummy;
+ [value(8)] uint32 size;
+ netr_TrustFlags flags;
+ uint32 parent_index;
+ uint32 trust_type;
+ uint32 trust_attributes;
+ } netr_trust_extension;
+
+ typedef struct {
+ uint16 length; /* value is 16 when info != NULL, otherwise 0 */
+ [value(length)] uint16 size; /* value is 16 when info != NULL, otherwise 0 */
+ netr_trust_extension *info;
+ } netr_trust_extension_container;
+
+ typedef struct {
lsa_String domainname;
lsa_String fulldomainname;
lsa_String forest;
GUID guid;
dom_sid2 *sid;
- netr_BinaryString unknown1[4];
- uint32 unknown[4];
+ netr_trust_extension_container trust_extension;
+ lsa_String dummystring[3];
+ uint32 dummy[4];
} netr_DomainTrustInfo;
typedef struct {
+ uint32 policy_size;
+ [size_is(policy_size)] uint8 *policy;
+ } netr_LsaPolicyInfo;
+
+ typedef [public,bitmap32bit] bitmap {
+ NETR_WS_FLAG_HANDLES_INBOUND_TRUSTS = 0x00000001,
+ NETR_WS_FLAG_HANDLES_SPN_UPDATE = 0x00000002
+ } netr_WorkstationFlags;
+
+ typedef struct {
netr_DomainTrustInfo domaininfo;
uint32 num_trusts;
[size_is(num_trusts)] netr_DomainTrustInfo *trusts;
- uint32 unknown[14]; /* room for expansion? */
+ netr_LsaPolicyInfo lsa_policy;
+ lsa_String dns_hostname;
+ lsa_String dummystring[3];
+ netr_WorkstationFlags workstation_flags;
+ uint32 supported_enc_types;
+ uint32 dummy[2];
} netr_DomainInfo1;
typedef union {
[case(1)] netr_DomainInfo1 *info1;
- [case(2)] netr_DomainInfo1 *info1;
+ [case(2)] netr_DomainInfo1 *info2;
} netr_DomainInfo;
NTSTATUS netr_LogonGetDomainInfo(
@@ -1230,14 +1275,6 @@ interface netlogon
/****************/
/* Function 0x24 */
- typedef [bitmap32bit] bitmap {
- NETR_TRUST_FLAG_IN_FOREST = 0x00000001,
- NETR_TRUST_FLAG_OUTBOUND = 0x00000002,
- NETR_TRUST_FLAG_TREEROOT = 0x00000004,
- NETR_TRUST_FLAG_PRIMARY = 0x00000008,
- NETR_TRUST_FLAG_NATIVE = 0x00000010,
- NETR_TRUST_FLAG_INBOUND = 0x00000020
- } netr_TrustFlags;
typedef [v1_enum] enum {
NETR_TRUST_TYPE_DOWNLEVEL = 1,
diff --git a/source4/rpc_server/lsa/dcesrv_lsa.c b/source4/rpc_server/lsa/dcesrv_lsa.c
index 7b15241b96..5e3be84cc5 100644
--- a/source4/rpc_server/lsa/dcesrv_lsa.c
+++ b/source4/rpc_server/lsa/dcesrv_lsa.c
@@ -1,3 +1,5 @@
+/* need access mask/acl implementation */
+
/*
Unix SMB/CIFS implementation.
@@ -141,7 +143,8 @@ static NTSTATUS dcesrv_lsa_DeleteObject(struct dcesrv_call_state *dce_call, TALL
return NT_STATUS_OK;
} else if (h->wire_handle.handle_type == LSA_HANDLE_TRUSTED_DOMAIN) {
- struct lsa_trusted_domain_state *trusted_domain_state = h->data;
+ struct lsa_trusted_domain_state *trusted_domain_state =
+ talloc_get_type(h->data, struct lsa_trusted_domain_state);
ret = ldb_transaction_start(trusted_domain_state->policy->sam_ldb);
if (ret != 0) {
return NT_STATUS_INTERNAL_DB_CORRUPTION;
@@ -187,6 +190,9 @@ static NTSTATUS dcesrv_lsa_DeleteObject(struct dcesrv_call_state *dce_call, TALL
r2.in.sid = astate->account_sid;
r2.out.rights = rights;
+ /* dcesrv_lsa_EnumAccountRights takes a LSA_HANDLE_POLICY,
+ but we have a LSA_HANDLE_ACCOUNT here, so this call
+ will always fail */
status = dcesrv_lsa_EnumAccountRights(dce_call, mem_ctx, &r2);
if (NT_STATUS_EQUAL(status, NT_STATUS_OBJECT_NAME_NOT_FOUND)) {
return NT_STATUS_OK;
@@ -444,18 +450,46 @@ static NTSTATUS dcesrv_lsa_QueryInfoPolicy2(struct dcesrv_call_state *dce_call,
ZERO_STRUCTP(r->out.info);
switch (r->in.level) {
+ case LSA_POLICY_INFO_AUDIT_LOG:
+ /* we don't need to fill in any of this */
+ ZERO_STRUCT(r->out.info->audit_log);
+ return NT_STATUS_OK;
+ case LSA_POLICY_INFO_AUDIT_EVENTS:
+ /* we don't need to fill in any of this */
+ ZERO_STRUCT(r->out.info->audit_events);
+ return NT_STATUS_OK;
+ case LSA_POLICY_INFO_PD:
+ /* we don't need to fill in any of this */
+ ZERO_STRUCT(r->out.info->pd);
+ return NT_STATUS_OK;
case LSA_POLICY_INFO_DOMAIN:
case LSA_POLICY_INFO_ACCOUNT_DOMAIN:
return dcesrv_lsa_info_AccountDomain(state, mem_ctx, &r->out.info->account_domain);
+ case LSA_POLICY_INFO_ROLE:
+ r->out.info->role.role = LSA_ROLE_PRIMARY;
+ return NT_STATUS_OK;
case LSA_POLICY_INFO_DNS:
+ case LSA_POLICY_INFO_DNS_INT:
return dcesrv_lsa_info_DNS(state, mem_ctx, &r->out.info->dns);
- case LSA_POLICY_INFO_DB:
+
+ case LSA_POLICY_INFO_REPLICA:
+ ZERO_STRUCT(r->out.info->replica);
+ return NT_STATUS_OK;
+
+ case LSA_POLICY_INFO_QUOTA:
+ ZERO_STRUCT(r->out.info->quota);
+ return NT_STATUS_OK;
+
case LSA_POLICY_INFO_AUDIT_FULL_SET:
+ case LSA_POLICY_INFO_DB:
case LSA_POLICY_INFO_AUDIT_FULL_QUERY:
+ /* windows gives INVALID_PARAMETER */
+ r->out.info = NULL;
return NT_STATUS_INVALID_PARAMETER;
}
+ r->out.info = NULL;
return NT_STATUS_INVALID_INFO_CLASS;
}
@@ -468,6 +502,8 @@ static NTSTATUS dcesrv_lsa_QueryInfoPolicy(struct dcesrv_call_state *dce_call, T
struct lsa_QueryInfoPolicy2 r2;
NTSTATUS status;
+ ZERO_STRUCT(r2);
+
r2.in.handle = r->in.handle;
r2.in.level = r->in.level;
@@ -484,6 +520,7 @@ static NTSTATUS dcesrv_lsa_QueryInfoPolicy(struct dcesrv_call_state *dce_call, T
static NTSTATUS dcesrv_lsa_SetInfoPolicy(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
struct lsa_SetInfoPolicy *r)
{
+ /* need to support this */
DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
}
@@ -502,6 +539,13 @@ static NTSTATUS dcesrv_lsa_ClearAuditLog(struct dcesrv_call_state *dce_call, TAL
lsa_CreateAccount
This call does not seem to have any long-term effects, hence no database operations
+
+ we need to talk to the MS product group to find out what this account database means!
+
+ answer is that the lsa database is totally separate from the SAM and
+ ldap databases. We are going to need a separate ldb to store these
+ accounts. The SIDs on this account bear no relation to the SIDs in
+ AD
*/
static NTSTATUS dcesrv_lsa_CreateAccount(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
struct lsa_CreateAccount *r)
@@ -648,7 +692,7 @@ static NTSTATUS dcesrv_lsa_CreateTrustedDomain_base(struct dcesrv_call_state *dc
dns_name = r->in.info->domain_name.string;
- trusted_domain_state = talloc(mem_ctx, struct lsa_trusted_domain_state);
+ trusted_domain_state = talloc_zero(mem_ctx, struct lsa_trusted_domain_state);
if (!trusted_domain_state) {
return NT_STATUS_NO_MEMORY;
}
@@ -1004,7 +1048,7 @@ static NTSTATUS dcesrv_lsa_OpenTrustedDomain(struct dcesrv_call_state *dce_call,
ZERO_STRUCTP(r->out.trustdom_handle);
policy_state = policy_handle->data;
- trusted_domain_state = talloc(mem_ctx, struct lsa_trusted_domain_state);
+ trusted_domain_state = talloc_zero(mem_ctx, struct lsa_trusted_domain_state);
if (!trusted_domain_state) {
return NT_STATUS_NO_MEMORY;
}
@@ -1088,7 +1132,7 @@ static NTSTATUS dcesrv_lsa_OpenTrustedDomainByName(struct dcesrv_call_state *dce
return NT_STATUS_INVALID_PARAMETER;
}
- trusted_domain_state = talloc(mem_ctx, struct lsa_trusted_domain_state);
+ trusted_domain_state = talloc_zero(mem_ctx, struct lsa_trusted_domain_state);
if (!trusted_domain_state) {
return NT_STATUS_NO_MEMORY;
}
@@ -1228,7 +1272,7 @@ static NTSTATUS dcesrv_lsa_QueryTrustedDomainInfo(struct dcesrv_call_state *dce_
DCESRV_PULL_HANDLE(h, r->in.trustdom_handle, LSA_HANDLE_TRUSTED_DOMAIN);
- trusted_domain_state = h->data;
+ trusted_domain_state = talloc_get_type(h->data, struct lsa_trusted_domain_state);
/* pull all the user attributes */
ret = gendb_search_dn(trusted_domain_state->policy->sam_ldb, mem_ctx,
@@ -2786,6 +2830,7 @@ static NTSTATUS dcesrv_lsa_SetInfoPolicy2(struct dcesrv_call_state *dce_call,
TALLOC_CTX *mem_ctx,
struct lsa_SetInfoPolicy2 *r)
{
+ /* need to support these */
DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
}
diff --git a/source4/rpc_server/lsa/lsa_lookup.c b/source4/rpc_server/lsa/lsa_lookup.c
index 0ffb0572ee..2375a6d27a 100644
--- a/source4/rpc_server/lsa/lsa_lookup.c
+++ b/source4/rpc_server/lsa/lsa_lookup.c
@@ -525,8 +525,19 @@ NTSTATUS dcesrv_lsa_LookupSids2(struct dcesrv_call_state *dce_call,
int i;
NTSTATUS status = NT_STATUS_OK;
+ if (r->in.level < LSA_LOOKUP_NAMES_ALL ||
+ r->in.level > LSA_LOOKUP_NAMES_RODC_REFERRAL_TO_FULL_DC) {
+ return NT_STATUS_INVALID_PARAMETER;
+ }
+
r->out.domains = NULL;
+ /* NOTE: the WSPP test suite tries SIDs with invalid revision numbers,
+ and expects NT_STATUS_INVALID_PARAMETER back - we just treat it as
+ an unknown SID. We could add a SID validator here. (tridge)
+ MS-DTYP 2.4.2
+ */
+
status = dcesrv_lsa_get_policy_state(dce_call, mem_ctx, &state);
if (!NT_STATUS_IS_OK(status)) {
return status;
@@ -583,7 +594,7 @@ NTSTATUS dcesrv_lsa_LookupSids2(struct dcesrv_call_state *dce_call,
authority_name, sid,
r->out.domains, &sid_index);
if (!NT_STATUS_IS_OK(status2)) {
- return status2;
+ continue;
}
r->out.names->names[i].sid_type = rtype;
@@ -683,9 +694,8 @@ NTSTATUS dcesrv_lsa_LookupSids(struct dcesrv_call_state *dce_call, TALLOC_CTX *m
r2.out.names = NULL;
status = dcesrv_lsa_LookupSids2(dce_call, mem_ctx, &r2);
- if (NT_STATUS_IS_ERR(status)) {
- return status;
- }
+ /* we deliberately don't check for error from the above,
+ as even on error we are supposed to return the names */
r->out.domains = r2.out.domains;
if (!r2.out.names) {
@@ -727,6 +737,11 @@ NTSTATUS dcesrv_lsa_LookupNames3(struct dcesrv_call_state *dce_call,
DCESRV_PULL_HANDLE(policy_handle, r->in.handle, LSA_HANDLE_POLICY);
+ if (r->in.level < LSA_LOOKUP_NAMES_ALL ||
+ r->in.level > LSA_LOOKUP_NAMES_RODC_REFERRAL_TO_FULL_DC) {
+ return NT_STATUS_INVALID_PARAMETER;
+ }
+
policy_state = policy_handle->data;
r->out.domains = NULL;
@@ -830,10 +845,11 @@ NTSTATUS dcesrv_lsa_LookupNames4(struct dcesrv_call_state *dce_call, TALLOC_CTX
r2.in.num_names = r->in.num_names;
r2.in.names = r->in.names;
+ r2.in.level = r->in.level;
r2.in.sids = r->in.sids;
r2.in.count = r->in.count;
- r2.in.unknown1 = r->in.unknown1;
- r2.in.unknown2 = r->in.unknown2;
+ r2.in.lookup_options = r->in.lookup_options;
+ r2.in.client_revision = r->in.client_revision;
r2.out.domains = r->out.domains;
r2.out.sids = r->out.sids;
r2.out.count = r->out.count;
@@ -952,8 +968,8 @@ NTSTATUS dcesrv_lsa_LookupNames(struct dcesrv_call_state *dce_call, TALLOC_CTX *
r2.in.sids = NULL;
r2.in.level = r->in.level;
r2.in.count = r->in.count;
- r2.in.unknown1 = 0;
- r2.in.unknown2 = 0;
+ r2.in.lookup_options = 0;
+ r2.in.client_revision = 0;
r2.out.count = r->out.count;
status = dcesrv_lsa_LookupNames2(dce_call, mem_ctx, &r2);
diff --git a/source4/rpc_server/netlogon/dcerpc_netlogon.c b/source4/rpc_server/netlogon/dcerpc_netlogon.c
index cceb2a62ac..beb1c4eb06 100644
--- a/source4/rpc_server/netlogon/dcerpc_netlogon.c
+++ b/source4/rpc_server/netlogon/dcerpc_netlogon.c
@@ -36,6 +36,7 @@
#include "param/param.h"
#include "lib/messaging/irpc.h"
#include "librpc/gen_ndr/ndr_irpc.h"
+#include "librpc/gen_ndr/ndr_netlogon.h"
struct server_pipe_state {
struct netr_Credential client_challenge;
@@ -898,20 +899,36 @@ static NTSTATUS fill_domain_trust_info(TALLOC_CTX *mem_ctx,
struct ldb_message *res,
struct ldb_message *ref_res,
struct netr_DomainTrustInfo *info,
- bool is_local)
+ bool is_local, bool is_trust_list)
{
ZERO_STRUCTP(info);
+ info->trust_extension.info = talloc_zero(mem_ctx, struct netr_trust_extension);
+ info->trust_extension.length = 16;
+ info->trust_extension.info->flags =
+ NETR_TRUST_FLAG_TREEROOT |
+ NETR_TRUST_FLAG_IN_FOREST |
+ NETR_TRUST_FLAG_PRIMARY;
+ info->trust_extension.info->parent_index = 0; /* should be index into array
+ of parent */
+ info->trust_extension.info->trust_type = LSA_TRUST_TYPE_UPLEVEL; /* should be based on ldb search for trusts */
+ info->trust_extension.info->trust_attributes = LSA_TRUST_ATTRIBUTE_NON_TRANSITIVE; /* needs to be based on ldb search */
+
+ if (is_trust_list) {
+ /* MS-NRPC 3.5.4.3.9 - must be set to NULL for trust list */
+ info->forest.string = NULL;
+ } else {
+ info->forest.string = "bludom.tridgell.net"; /* need ldb search */
+ }
+
if (is_local) {
info->domainname.string = samdb_result_string(ref_res, "nETBIOSName", NULL);
info->fulldomainname.string = samdb_result_string(ref_res, "dnsRoot", NULL);
- info->forest.string = NULL;
info->guid = samdb_result_guid(res, "objectGUID");
info->sid = samdb_result_dom_sid(mem_ctx, res, "objectSid");
} else {
info->domainname.string = samdb_result_string(res, "flatName", NULL);
info->fulldomainname.string = samdb_result_string(res, "trustPartner", NULL);
- info->forest.string = NULL;
info->guid = samdb_result_guid(res, "objectGUID");
info->sid = samdb_result_dom_sid(mem_ctx, res, "securityIdentifier");
}
@@ -942,11 +959,16 @@ static NTSTATUS dcesrv_netr_LogonGetDomainInfo(struct dcesrv_call_state *dce_cal
const char *local_domain;
+ NDR_PRINT_IN_DEBUG(netr_LogonGetDomainInfo, r);
+
status = dcesrv_netr_creds_server_step_check(dce_call->event_ctx, dce_call->conn->dce_ctx->lp_ctx,
r->in.computer_name, mem_ctx,
r->in.credential,
r->out.return_authenticator,
NULL);
+ if (!NT_STATUS_IS_OK(status)) {
+ DEBUG(0,(__location__ " Bad credentials - error\n"));
+ }
NT_STATUS_NOT_OK_RETURN(status);
sam_ctx = samdb_connect(mem_ctx, dce_call->event_ctx, dce_call->conn->dce_ctx->lp_ctx, dce_call->conn->auth_state.session_info);
@@ -992,19 +1014,29 @@ static NTSTATUS dcesrv_netr_LogonGetDomainInfo(struct dcesrv_call_state *dce_cal
info1->num_trusts);
NT_STATUS_HAVE_NO_MEMORY(info1->trusts);
- status = fill_domain_trust_info(mem_ctx, res1[0], ref_res[0], &info1->domaininfo, true);
+ status = fill_domain_trust_info(mem_ctx, res1[0], ref_res[0], &info1->domaininfo,
+ true, false);
NT_STATUS_NOT_OK_RETURN(status);
for (i=0;i<ret2;i++) {
- status = fill_domain_trust_info(mem_ctx, res2[i], NULL, &info1->trusts[i], false);
+ status = fill_domain_trust_info(mem_ctx, res2[i], NULL, &info1->trusts[i],
+ false, true);
NT_STATUS_NOT_OK_RETURN(status);
}
- status = fill_domain_trust_info(mem_ctx, res1[0], ref_res[0], &info1->trusts[i], true);
+ status = fill_domain_trust_info(mem_ctx, res1[0], ref_res[0], &info1->trusts[i],
+ true, true);
NT_STATUS_NOT_OK_RETURN(status);
+ info1->dns_hostname.string = "blu.bludom.tridgell.net";
+ info1->workstation_flags =
+ NETR_WS_FLAG_HANDLES_INBOUND_TRUSTS | NETR_WS_FLAG_HANDLES_SPN_UPDATE;
+ info1->supported_enc_types = 0; /* w2008 gives this 0 */
+
r->out.info.info1 = info1;
+ NDR_PRINT_OUT_DEBUG(netr_LogonGetDomainInfo, r);
+
return NT_STATUS_OK;
}
diff --git a/source4/torture/ndr/lsa.c b/source4/torture/ndr/lsa.c
index a72a03fa38..0d6d786882 100644
--- a/source4/torture/ndr/lsa.c
+++ b/source4/torture/ndr/lsa.c
@@ -1538,8 +1538,8 @@ static bool lsarlookupnames2_in_check(struct torture_context *tctx,
torture_assert_str_equal(tctx, r->in.names[1].string, "Administrators",
"names[1]");
torture_assert_int_equal(tctx, r->in.level, 1, "level");
- torture_assert_int_equal(tctx, r->in.unknown1, 0, "unknown 1");
- torture_assert_int_equal(tctx, r->in.unknown2, 0, "unknown 2");
+ torture_assert_int_equal(tctx, r->in.lookup_options, 0, "lookup_options");
+ torture_assert_int_equal(tctx, r->in.client_revision, 0, "client_revision");
torture_assert_int_equal(tctx, *r->in.count, 0, "count");
torture_assert_int_equal(tctx, r->in.sids->count, 0, "sids count");
torture_assert(tctx, r->in.sids->sids == NULL, "sids sids");
@@ -1637,8 +1637,8 @@ static bool lsarlookupnames3_in_check(struct torture_context *tctx,
torture_assert_str_equal(tctx, r->in.names[1].string, "Administrators",
"names[1]");
torture_assert_int_equal(tctx, r->in.level, 1, "level");
- torture_assert_int_equal(tctx, r->in.unknown1, 0, "unknown 1");
- torture_assert_int_equal(tctx, r->in.unknown2, 0, "unknown 2");
+ torture_assert_int_equal(tctx, r->in.lookup_options, 0, "lookup_options");
+ torture_assert_int_equal(tctx, r->in.client_revision, 0, "client_revision");
torture_assert_int_equal(tctx, *r->in.count, 0, "count");
torture_assert_int_equal(tctx, r->in.sids->count, 0, "sids count");
torture_assert(tctx, r->in.sids->sids == NULL, "sids sids");
diff --git a/source4/torture/rpc/lsa.c b/source4/torture/rpc/lsa.c
index 45f67afd69..efbdecab13 100644
--- a/source4/torture/rpc/lsa.c
+++ b/source4/torture/rpc/lsa.c
@@ -338,8 +338,8 @@ static bool test_LookupNames2(struct dcerpc_pipe *p,
r.in.sids = &sids;
r.in.level = 1;
r.in.count = &count;
- r.in.unknown1 = 0;
- r.in.unknown2 = 0;
+ r.in.lookup_options = 0;
+ r.in.client_revision = 0;
r.out.count = &count;
r.out.sids = &sids;
@@ -383,8 +383,8 @@ static bool test_LookupNames3(struct dcerpc_pipe *p,
r.in.sids = &sids;
r.in.level = 1;
r.in.count = &count;
- r.in.unknown1 = 0;
- r.in.unknown2 = 0;
+ r.in.lookup_options = 0;
+ r.in.client_revision = 0;
r.out.count = &count;
r.out.sids = &sids;
@@ -425,8 +425,8 @@ static bool test_LookupNames4(struct dcerpc_pipe *p,
r.in.sids = &sids;
r.in.level = 1;
r.in.count = &count;
- r.in.unknown1 = 0;
- r.in.unknown2 = 0;
+ r.in.lookup_options = 0;
+ r.in.client_revision = 0;
r.out.count = &count;
r.out.sids = &sids;
@@ -2243,7 +2243,7 @@ static bool test_QueryInfoPolicy(struct dcerpc_pipe *p,
bool ret = true;
printf("\nTesting QueryInfoPolicy\n");
- for (i=1;i<13;i++) {
+ for (i=1;i<=13;i++) {
r.in.handle = handle;
r.in.level = i;
@@ -2262,7 +2262,14 @@ static bool test_QueryInfoPolicy(struct dcerpc_pipe *p,
break;
case LSA_POLICY_INFO_DOMAIN:
case LSA_POLICY_INFO_ACCOUNT_DOMAIN:
+ case LSA_POLICY_INFO_DNS_INT:
case LSA_POLICY_INFO_DNS:
+ case LSA_POLICY_INFO_REPLICA:
+ case LSA_POLICY_INFO_QUOTA:
+ case LSA_POLICY_INFO_ROLE:
+ case LSA_POLICY_INFO_AUDIT_LOG:
+ case LSA_POLICY_INFO_AUDIT_EVENTS:
+ case LSA_POLICY_INFO_PD:
if (!NT_STATUS_IS_OK(status)) {
printf("QueryInfoPolicy failed - %s\n", nt_errstr(status));
ret = false;
@@ -2352,7 +2359,14 @@ static bool test_QueryInfoPolicy2(struct dcerpc_pipe *p,
break;
case LSA_POLICY_INFO_DOMAIN:
case LSA_POLICY_INFO_ACCOUNT_DOMAIN:
+ case LSA_POLICY_INFO_DNS_INT:
case LSA_POLICY_INFO_DNS:
+ case LSA_POLICY_INFO_REPLICA:
+ case LSA_POLICY_INFO_QUOTA:
+ case LSA_POLICY_INFO_ROLE:
+ case LSA_POLICY_INFO_AUDIT_LOG:
+ case LSA_POLICY_INFO_AUDIT_EVENTS:
+ case LSA_POLICY_INFO_PD:
if (!NT_STATUS_IS_OK(status)) {
printf("QueryInfoPolicy2 failed - %s\n", nt_errstr(status));
ret = false;
@@ -2458,7 +2472,6 @@ bool torture_rpc_lsa(struct torture_context *tctx)
if (!join) {
ret = false;
}
-
if (!test_LookupNames_wellknown(p, tctx, handle)) {
ret = false;
}
@@ -2482,7 +2495,6 @@ bool torture_rpc_lsa(struct torture_context *tctx)
if (!test_CreateSecret(p, tctx, handle)) {
ret = false;
}
-
if (!test_CreateTrustedDomain(p, tctx, handle)) {
ret = false;
}