summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--librpc/idl/lsa.idl (renamed from source3/librpc/idl/lsa.idl)62
-rw-r--r--source3/Makefile.in2
-rw-r--r--source3/librpc/gen_ndr/lsa.h2
-rw-r--r--source3/passdb/lookup_sid.c8
-rw-r--r--source3/rpc_server/srv_lsa_nt.c8
-rw-r--r--source4/libcli/util/clilsa.c8
-rw-r--r--source4/libnet/libnet_group.c8
-rw-r--r--source4/libnet/libnet_lookup.c4
-rw-r--r--source4/libnet/libnet_rpc.c12
-rw-r--r--source4/libnet/libnet_user.c10
-rw-r--r--source4/librpc/idl/lsa.idl1222
-rw-r--r--source4/rpc_server/lsa/dcesrv_lsa.c186
-rw-r--r--source4/rpc_server/lsa/lsa_lookup.c36
-rw-r--r--source4/torture/ndr/lsa.c34
-rw-r--r--source4/torture/rpc/handles.c2
-rw-r--r--source4/torture/rpc/lsa.c165
-rw-r--r--source4/torture/rpc/lsa_lookup.c11
-rw-r--r--source4/torture/rpc/object_uuid.c8
-rw-r--r--source4/torture/rpc/samba3rpc.c23
-rw-r--r--source4/torture/rpc/samsync.c26
-rw-r--r--source4/torture/rpc/schannel.c21
-rw-r--r--source4/winbind/wb_async_helpers.c21
-rw-r--r--source4/winbind/wb_init_domain.c7
23 files changed, 414 insertions, 1472 deletions
diff --git a/source3/librpc/idl/lsa.idl b/librpc/idl/lsa.idl
index a443448871..003641d97a 100644
--- a/source3/librpc/idl/lsa.idl
+++ b/librpc/idl/lsa.idl
@@ -56,7 +56,7 @@ import "misc.idl", "security.idl";
NTSTATUS lsa_Close (
[in,out] policy_handle *handle
);
-
+
/******************/
/* Function: 0x01 */
@@ -71,7 +71,7 @@ import "misc.idl", "security.idl";
uint32 low;
uint32 high;
} lsa_LUID;
-
+
typedef struct {
lsa_StringLarge name;
lsa_LUID luid;
@@ -83,22 +83,20 @@ import "misc.idl", "security.idl";
} lsa_PrivArray;
[public] NTSTATUS lsa_EnumPrivs (
- [in] policy_handle *handle,
- [in,out,ref] uint32 *resume_handle,
- [out,ref] lsa_PrivArray *privs,
- [in] uint32 max_count
+ [in] policy_handle *handle,
+ [in,out,ref] uint32 *resume_handle,
+ [out,ref] lsa_PrivArray *privs,
+ [in] uint32 max_count
);
/******************/
/* Function: 0x03 */
-
NTSTATUS lsa_QuerySecurity (
- [in] policy_handle *handle,
- [in] security_secinfo sec_info,
- [out,ref] sec_desc_buf **sdbuf
+ [in] policy_handle *handle,
+ [in] security_secinfo sec_info,
+ [out,ref] sec_desc_buf **sdbuf
);
-
/******************/
/* Function: 0x04 */
NTSTATUS lsa_SetSecObj(
@@ -120,7 +118,7 @@ import "misc.idl", "security.idl";
uint8 context_mode;
uint8 effective_only;
} lsa_QosInfo;
-
+
typedef struct {
uint32 len; /* ignored */
uint8 *root_dir;
@@ -153,7 +151,7 @@ import "misc.idl", "security.idl";
[in] lsa_PolicyAccessMask access_mask,
[out] policy_handle *handle
);
-
+
/******************/
@@ -317,26 +315,25 @@ import "misc.idl", "security.idl";
/******************/
/* NOTE: This only returns accounts that have at least
- one privilege set
+ one privilege set
*/
/* Function: 0x0b */
typedef struct {
dom_sid2 *sid;
} lsa_SidPtr;
-
+
typedef [public] struct {
[range(0,1000)] uint32 num_sids;
[size_is(num_sids)] lsa_SidPtr *sids;
} lsa_SidArray;
- [public] NTSTATUS lsa_EnumAccounts (
+ [public] NTSTATUS lsa_EnumAccounts(
[in] policy_handle *handle,
[in,out,ref] uint32 *resume_handle,
[out,ref] lsa_SidArray *sids,
[in,range(0,8192)] uint32 num_entries
);
-
/*************************************************/
/* Function: 0x0c */
@@ -359,7 +356,7 @@ import "misc.idl", "security.idl";
[size_is(count)] lsa_DomainInfo *domains;
} lsa_DomainList;
- NTSTATUS lsa_EnumTrustDom (
+ NTSTATUS lsa_EnumTrustDom(
[in] policy_handle *handle,
[in,out,ref] uint32 *resume_handle,
[out,ref] lsa_DomainList *domains,
@@ -394,8 +391,6 @@ import "misc.idl", "security.idl";
} lsa_TransSidArray;
const int LSA_REF_DOMAIN_LIST_MULTIPLIER = 32;
- const int MAX_REF_DOMAINS = LSA_REF_DOMAIN_LIST_MULTIPLIER;
-
typedef struct {
[range(0,1000)] uint32 count;
[size_is(count)] lsa_DomainInfo *domains;
@@ -445,10 +440,7 @@ import "misc.idl", "security.idl";
[size_is(count)] lsa_TranslatedName *names;
} lsa_TransNameArray;
- /* This number is based on Win2k and later maximum response allowed */
- const int MAX_LOOKUP_SIDS = 0x5000; /* 20480 */
-
- [public] NTSTATUS lsa_LookupSids (
+ [public] NTSTATUS lsa_LookupSids(
[in] policy_handle *handle,
[in,ref] lsa_SidArray *sids,
[out,ref] lsa_RefDomainList **domains,
@@ -484,14 +476,14 @@ import "misc.idl", "security.idl";
lsa_LUID luid;
uint32 attribute;
} lsa_LUIDAttribute;
-
+
typedef struct {
[range(0,1000)] uint32 count;
uint32 unknown;
[size_is(count)] lsa_LUIDAttribute set[*];
} lsa_PrivilegeSet;
-
- NTSTATUS lsa_EnumPrivsAccount (
+
+ NTSTATUS lsa_EnumPrivsAccount(
[in] policy_handle *handle,
[out,ref] lsa_PrivilegeSet **privs
);
@@ -503,7 +495,7 @@ import "misc.idl", "security.idl";
[in] policy_handle *handle,
[in,ref] lsa_PrivilegeSet *privs
);
-
+
/****************************************/
/* Function: 0x14 */
@@ -515,10 +507,10 @@ import "misc.idl", "security.idl";
/* Function: 0x15 */
[todo] NTSTATUS lsa_GetQuotasForAccount();
-
+
/* Function: 0x16 */
[todo] NTSTATUS lsa_SetQuotasForAccount();
-
+
typedef [bitmap32bit] bitmap {
LSA_POLICY_MODE_INTERACTIVE = 0x00000001,
LSA_POLICY_MODE_NETWORK = 0x00000002,
@@ -772,7 +764,7 @@ import "misc.idl", "security.idl";
/* Function: 0x20 */
- NTSTATUS lsa_LookupPrivName (
+ NTSTATUS lsa_LookupPrivName(
[in] policy_handle *handle,
[in,ref] lsa_LUID *luid,
[out,ref] lsa_StringLarge **name
@@ -781,7 +773,7 @@ import "misc.idl", "security.idl";
/*******************/
/* Function: 0x21 */
- NTSTATUS lsa_LookupPrivDisplayName (
+ NTSTATUS lsa_LookupPrivDisplayName(
[in] policy_handle *handle,
[in,ref] lsa_String *name,
[in] uint16 language_id,
@@ -810,12 +802,12 @@ import "misc.idl", "security.idl";
typedef struct {
[string,charset(UTF16)] uint16 *name;
} lsa_RightAttribute;
-
+
typedef struct {
[range(0,256)] uint32 count;
[size_is(count)] lsa_StringLarge *names;
} lsa_RightSet;
-
+
NTSTATUS lsa_EnumAccountRights (
[in] policy_handle *handle,
[in,ref] dom_sid2 *sid,
@@ -953,7 +945,7 @@ import "misc.idl", "security.idl";
/* Function 0x35 */
- /* w2k3 returns either 0x000bbbd000000000 or 0x000a48e800000000
+ /* w2k3 returns either 0x000bbbd000000000 or 0x000a48e800000000
for unknown6 - gd */
typedef struct {
uint32 enforce_restrictions;
diff --git a/source3/Makefile.in b/source3/Makefile.in
index 60832c8391..babd4f901d 100644
--- a/source3/Makefile.in
+++ b/source3/Makefile.in
@@ -1214,7 +1214,7 @@ modules:: SHOWFLAGS $(MODULES)
## Perl IDL Compiler
samba3-idl::
@PIDL_ARGS="$(PIDL_ARGS)" CPP="$(CPP)" PIDL="../pidl/pidl" \
- srcdir="$(srcdir)" $(srcdir)/script/build_idl.sh librpc/idl/lsa.idl \
+ srcdir="$(srcdir)" $(srcdir)/script/build_idl.sh ../librpc/idl/lsa.idl \
../librpc/idl/dfs.idl ../librpc/idl/echo.idl ../librpc/idl/winreg.idl \
../librpc/idl/initshutdown.idl librpc/idl/srvsvc.idl ../librpc/idl/svcctl.idl \
../librpc/idl/eventlog.idl ../librpc/idl/wkssvc.idl librpc/idl/netlogon.idl \
diff --git a/source3/librpc/gen_ndr/lsa.h b/source3/librpc/gen_ndr/lsa.h
index d91cf4b66d..0ccbcdf5b0 100644
--- a/source3/librpc/gen_ndr/lsa.h
+++ b/source3/librpc/gen_ndr/lsa.h
@@ -9,8 +9,6 @@
#define LSA_ENUM_TRUST_DOMAIN_MULTIPLIER ( 60 )
#define LSA_REF_DOMAIN_LIST_MULTIPLIER ( 32 )
-#define MAX_REF_DOMAINS ( LSA_REF_DOMAIN_LIST_MULTIPLIER )
-#define MAX_LOOKUP_SIDS ( 0x5000 )
#define LSA_ENUM_TRUST_DOMAIN_EX_MULTIPLIER ( 82 )
#define LSA_CLIENT_REVISION_NO_DNS ( 0x00000001 )
#define LSA_CLIENT_REVISION_DNS ( 0x00000002 )
diff --git a/source3/passdb/lookup_sid.c b/source3/passdb/lookup_sid.c
index 3861c8e229..b9a67f208e 100644
--- a/source3/passdb/lookup_sid.c
+++ b/source3/passdb/lookup_sid.c
@@ -746,7 +746,7 @@ NTSTATUS lookup_sids(TALLOC_CTX *mem_ctx, int num_sids,
}
dom_infos = TALLOC_ZERO_ARRAY(mem_ctx, struct lsa_dom_info,
- MAX_REF_DOMAINS);
+ LSA_REF_DOMAIN_LIST_MULTIPLIER);
if (dom_infos == NULL) {
result = NT_STATUS_NO_MEMORY;
goto fail;
@@ -816,7 +816,7 @@ NTSTATUS lookup_sids(TALLOC_CTX *mem_ctx, int num_sids,
continue;
}
- for (j=0; j<MAX_REF_DOMAINS; j++) {
+ for (j=0; j<LSA_REF_DOMAIN_LIST_MULTIPLIER; j++) {
if (!dom_infos[j].valid) {
break;
}
@@ -825,7 +825,7 @@ NTSTATUS lookup_sids(TALLOC_CTX *mem_ctx, int num_sids,
}
}
- if (j == MAX_REF_DOMAINS) {
+ if (j == LSA_REF_DOMAIN_LIST_MULTIPLIER) {
/* TODO: What's the right error message here? */
result = NT_STATUS_NONE_MAPPED;
goto fail;
@@ -869,7 +869,7 @@ NTSTATUS lookup_sids(TALLOC_CTX *mem_ctx, int num_sids,
/* Iterate over the domains found */
- for (i=0; i<MAX_REF_DOMAINS; i++) {
+ for (i=0; i<LSA_REF_DOMAIN_LIST_MULTIPLIER; i++) {
uint32_t *rids;
const char *domain_name = NULL;
const char **names;
diff --git a/source3/rpc_server/srv_lsa_nt.c b/source3/rpc_server/srv_lsa_nt.c
index 2fa705daf3..3addf91494 100644
--- a/source3/rpc_server/srv_lsa_nt.c
+++ b/source3/rpc_server/srv_lsa_nt.c
@@ -33,6 +33,8 @@
#undef DBGC_CLASS
#define DBGC_CLASS DBGC_RPC_SRV
+#define MAX_LOOKUP_SIDS 0x5000 /* 20480 */
+
extern PRIVS privs[];
struct lsa_info {
@@ -68,13 +70,13 @@ static int init_lsa_ref_domain_list(TALLOC_CTX *mem_ctx,
num = ref->count;
}
- if (num >= MAX_REF_DOMAINS) {
+ if (num >= LSA_REF_DOMAIN_LIST_MULTIPLIER) {
/* index not found, already at maximum domain limit */
return -1;
}
ref->count = num + 1;
- ref->max_size = MAX_REF_DOMAINS;
+ ref->max_size = LSA_REF_DOMAIN_LIST_MULTIPLIER;
ref->domains = TALLOC_REALLOC_ARRAY(mem_ctx, ref->domains,
struct lsa_DomainInfo, ref->count);
@@ -725,7 +727,7 @@ static NTSTATUS _lsa_lookup_sids_internal(pipes_struct *p,
return NT_STATUS_NO_MEMORY;
}
- for (i=0; i<MAX_REF_DOMAINS; i++) {
+ for (i=0; i<LSA_REF_DOMAIN_LIST_MULTIPLIER; i++) {
if (!dom_infos[i].valid) {
break;
diff --git a/source4/libcli/util/clilsa.c b/source4/libcli/util/clilsa.c
index 43f64186c3..16967d73b0 100644
--- a/source4/libcli/util/clilsa.c
+++ b/source4/libcli/util/clilsa.c
@@ -202,6 +202,7 @@ NTSTATUS smblsa_lookup_sid(struct smbcli_state *cli,
struct lsa_LookupSids r;
struct lsa_TransNameArray names;
struct lsa_SidArray sids;
+ struct lsa_RefDomainList *domains = NULL;
uint32_t count = 1;
NTSTATUS status;
struct dom_sid *sid;
@@ -231,6 +232,7 @@ NTSTATUS smblsa_lookup_sid(struct smbcli_state *cli,
r.in.count = &count;
r.out.count = &count;
r.out.names = &names;
+ r.out.domains = &domains;
status = dcerpc_lsa_LookupSids(cli->lsa->pipe, mem_ctx2, &r);
if (!NT_STATUS_IS_OK(status)) {
@@ -243,7 +245,7 @@ NTSTATUS smblsa_lookup_sid(struct smbcli_state *cli,
}
(*name) = talloc_asprintf(mem_ctx, "%s\\%s",
- r.out.domains->domains[0].name.string,
+ domains->domains[0].name.string,
names.names[0].name.string);
talloc_free(mem_ctx2);
@@ -262,6 +264,7 @@ NTSTATUS smblsa_lookup_name(struct smbcli_state *cli,
struct lsa_LookupNames r;
struct lsa_TransSidArray sids;
struct lsa_String names;
+ struct lsa_RefDomainList *domains = NULL;
uint32_t count = 1;
NTSTATUS status;
struct dom_sid *sid;
@@ -286,6 +289,7 @@ NTSTATUS smblsa_lookup_name(struct smbcli_state *cli,
r.in.count = &count;
r.out.count = &count;
r.out.sids = &sids;
+ r.out.domains = &domains;
status = dcerpc_lsa_LookupNames(cli->lsa->pipe, mem_ctx2, &r);
if (!NT_STATUS_IS_OK(status)) {
@@ -297,7 +301,7 @@ NTSTATUS smblsa_lookup_name(struct smbcli_state *cli,
return NT_STATUS_UNSUCCESSFUL;
}
- sid = r.out.domains->domains[0].sid;
+ sid = domains->domains[0].sid;
rid = sids.sids[0].rid;
(*sid_str) = talloc_asprintf(mem_ctx, "%s-%u",
diff --git a/source4/libnet/libnet_group.c b/source4/libnet/libnet_group.c
index 50ba079b71..eded378511 100644
--- a/source4/libnet/libnet_group.c
+++ b/source4/libnet/libnet_group.c
@@ -444,6 +444,8 @@ struct composite_context *libnet_GroupList_send(struct libnet_context *ctx,
/* prepare arguments of QueryDomainInfo call */
s->query_domain.in.handle = &ctx->lsa.handle;
s->query_domain.in.level = LSA_POLICY_INFO_DOMAIN;
+ s->query_domain.out.info = talloc_zero(c, union lsa_PolicyInformation *);
+ if (composite_nomem(s->query_domain.out.info, c)) return c;
/* send the request */
query_req = dcerpc_lsa_QueryInfoPolicy_send(ctx->lsa.pipe, c, &s->query_domain);
@@ -474,6 +476,8 @@ static void continue_lsa_domain_opened(struct composite_context *ctx)
/* prepare arguments of QueryDomainInfo call */
s->query_domain.in.handle = &s->ctx->lsa.handle;
s->query_domain.in.level = LSA_POLICY_INFO_DOMAIN;
+ s->query_domain.out.info = talloc_zero(c, union lsa_PolicyInformation *);
+ if (composite_nomem(s->query_domain.out.info, c)) return;
/* send the request */
query_req = dcerpc_lsa_QueryInfoPolicy_send(s->ctx->lsa.pipe, c, &s->query_domain);
@@ -502,7 +506,7 @@ static void continue_domain_queried(struct rpc_request *req)
if (!composite_is_ok(c)) return;
/* get the returned domain info */
- s->dominfo = s->query_domain.out.info->domain;
+ s->dominfo = (*s->query_domain.out.info)->domain;
/* make sure we have samr domain handle before continuing */
prereq_met = samr_domain_opened(s->ctx, s->domain_name, &c, &s->domain_open,
@@ -592,7 +596,7 @@ static void continue_groups_enumerated(struct rpc_request *req)
for (i = 0; i < s->group_list.out.sam->count; i++) {
struct dom_sid *group_sid;
struct samr_SamEntry *entry = &s->group_list.out.sam->entries[i];
- struct dom_sid *domain_sid = s->query_domain.out.info->domain.sid;
+ struct dom_sid *domain_sid = (*s->query_domain.out.info)->domain.sid;
/* construct group sid from returned rid and queried domain sid */
group_sid = dom_sid_add_rid(c, domain_sid, entry->idx);
diff --git a/source4/libnet/libnet_lookup.c b/source4/libnet/libnet_lookup.c
index dc54ec3cf1..fc307823b8 100644
--- a/source4/libnet/libnet_lookup.c
+++ b/source4/libnet/libnet_lookup.c
@@ -312,6 +312,8 @@ static bool prepare_lookup_params(struct libnet_context *ctx,
s->lookup.in.count = &s->count;
s->lookup.out.count = &s->count;
s->lookup.out.sids = &s->sids;
+ s->lookup.out.domains = talloc_zero(ctx, struct lsa_RefDomainList *);
+ if (composite_nomem(s->lookup.out.domains, c)) return false;
return true;
}
@@ -372,7 +374,7 @@ NTSTATUS libnet_LookupName_recv(struct composite_context *c, TALLOC_CTX *mem_ctx
io->out.sidstr = NULL;
if (*s->lookup.out.count > 0) {
- struct lsa_RefDomainList *domains = s->lookup.out.domains;
+ struct lsa_RefDomainList *domains = *s->lookup.out.domains;
struct lsa_TransSidArray *sids = s->lookup.out.sids;
if (domains == NULL || sids == NULL) {
diff --git a/source4/libnet/libnet_rpc.c b/source4/libnet/libnet_rpc.c
index 28cbba2933..a0d93287a5 100644
--- a/source4/libnet/libnet_rpc.c
+++ b/source4/libnet/libnet_rpc.c
@@ -607,6 +607,8 @@ static void continue_lsa_policy(struct rpc_request *req)
/* query lsa info for dns domain name and guid */
s->lsa_query_info2.in.handle = &s->lsa_handle;
s->lsa_query_info2.in.level = LSA_POLICY_INFO_DNS;
+ s->lsa_query_info2.out.info = talloc_zero(c, union lsa_PolicyInformation *);
+ if (composite_nomem(s->lsa_query_info2.out.info, c)) return;
query_info_req = dcerpc_lsa_QueryInfoPolicy2_send(s->lsa_pipe, c, &s->lsa_query_info2);
if (composite_nomem(query_info_req, c)) return;
@@ -658,13 +660,13 @@ static void continue_lsa_query_info2(struct rpc_request *req)
/* Copy the dns domain name and guid from the query result */
/* this should actually be a conversion from lsa_StringLarge */
- s->r.out.realm = s->lsa_query_info2.out.info->dns.dns_domain.string;
+ s->r.out.realm = (*s->lsa_query_info2.out.info)->dns.dns_domain.string;
s->r.out.guid = talloc(c, struct GUID);
if (composite_nomem(s->r.out.guid, c)) {
s->r.out.error_string = NULL;
return;
}
- *s->r.out.guid = s->lsa_query_info2.out.info->dns.domain_guid;
+ *s->r.out.guid = (*s->lsa_query_info2.out.info)->dns.domain_guid;
}
/* post monitor message */
@@ -680,6 +682,8 @@ static void continue_lsa_query_info2(struct rpc_request *req)
/* query lsa info for domain name and sid */
s->lsa_query_info.in.handle = &s->lsa_handle;
s->lsa_query_info.in.level = LSA_POLICY_INFO_DOMAIN;
+ s->lsa_query_info.out.info = talloc_zero(c, union lsa_PolicyInformation *);
+ if (composite_nomem(s->lsa_query_info.out.info, c)) return;
query_info_req = dcerpc_lsa_QueryInfoPolicy_send(s->lsa_pipe, c, &s->lsa_query_info);
if (composite_nomem(query_info_req, c)) return;
@@ -719,8 +723,8 @@ static void continue_lsa_query_info(struct rpc_request *req)
}
/* Copy the domain name and sid from the query result */
- s->r.out.domain_sid = s->lsa_query_info.out.info->domain.sid;
- s->r.out.domain_name = s->lsa_query_info.out.info->domain.name.string;
+ s->r.out.domain_sid = (*s->lsa_query_info.out.info)->domain.sid;
+ s->r.out.domain_name = (*s->lsa_query_info.out.info)->domain.name.string;
continue_epm_map_binding_send(c);
}
diff --git a/source4/libnet/libnet_user.c b/source4/libnet/libnet_user.c
index dce7320c73..c768319452 100644
--- a/source4/libnet/libnet_user.c
+++ b/source4/libnet/libnet_user.c
@@ -957,7 +957,9 @@ struct composite_context* libnet_UserList_send(struct libnet_context *ctx,
/* prepare arguments of QueryDomainInfo call */
s->query_domain.in.handle = &ctx->lsa.handle;
s->query_domain.in.level = LSA_POLICY_INFO_DOMAIN;
-
+ s->query_domain.out.info = talloc_zero(c, union lsa_PolicyInformation *);
+ if (composite_nomem(s->query_domain.out.info, c)) return c;
+
/* send the request */
query_req = dcerpc_lsa_QueryInfoPolicy_send(ctx->lsa.pipe, c, &s->query_domain);
if (composite_nomem(query_req, c)) return c;
@@ -987,6 +989,8 @@ static void continue_lsa_domain_opened(struct composite_context *ctx)
/* prepare arguments of QueryDomainInfo call */
s->query_domain.in.handle = &s->ctx->lsa.handle;
s->query_domain.in.level = LSA_POLICY_INFO_DOMAIN;
+ s->query_domain.out.info = talloc_zero(c, union lsa_PolicyInformation *);
+ if (composite_nomem(s->query_domain.out.info, c)) return;
/* send the request */
query_req = dcerpc_lsa_QueryInfoPolicy_send(s->ctx->lsa.pipe, c, &s->query_domain);
@@ -1015,7 +1019,7 @@ static void continue_domain_queried(struct rpc_request *req)
if (!composite_is_ok(c)) return;
/* get the returned domain info */
- s->dominfo = s->query_domain.out.info->domain;
+ s->dominfo = (*s->query_domain.out.info)->domain;
/* make sure we have samr domain handle before continuing */
prereq_met = samr_domain_opened(s->ctx, s->domain_name, &c, &s->domain_open,
@@ -1107,7 +1111,7 @@ static void continue_users_enumerated(struct rpc_request *req)
for (i = 0; i < s->user_list.out.sam->count; i++) {
struct dom_sid *user_sid;
struct samr_SamEntry *entry = &s->user_list.out.sam->entries[i];
- struct dom_sid *domain_sid = s->query_domain.out.info->domain.sid;
+ struct dom_sid *domain_sid = (*s->query_domain.out.info)->domain.sid;
/* construct user sid from returned rid and queried domain sid */
user_sid = dom_sid_add_rid(c, domain_sid, entry->idx);
diff --git a/source4/librpc/idl/lsa.idl b/source4/librpc/idl/lsa.idl
deleted file mode 100644
index 4a7a42b4dc..0000000000
--- a/source4/librpc/idl/lsa.idl
+++ /dev/null
@@ -1,1222 +0,0 @@
-#include "idl_types.h"
-
-/*
- lsa interface definition
-*/
-
-import "misc.idl", "security.idl";
-
-[ uuid("12345778-1234-abcd-ef00-0123456789ab"),
- version(0.0),
- endpoint("ncacn_np:[\\pipe\\lsarpc]","ncacn_np:[\\pipe\\netlogon]","ncacn_np:[\\pipe\\lsass]", "ncacn_ip_tcp:", "ncalrpc:"),
- pointer_default(unique),
- helpstring("Local Security Authority")
-] interface lsarpc
-{
- typedef bitmap security_secinfo security_secinfo;
- typedef bitmap kerb_EncTypes kerb_EncTypes;
-
- typedef [public,noejs] struct {
- [value(2*strlen_m(string))] uint16 length;
- [value(2*strlen_m(string))] uint16 size;
- [charset(UTF16),size_is(size/2),length_is(length/2)] uint16 *string;
- } lsa_String;
-
- typedef [public] struct {
- [value(2*strlen_m(string))] uint16 length;
- [value(2*strlen_m_term(string))] uint16 size;
- [charset(UTF16),size_is(size/2),length_is(length/2)] uint16 *string;
- } lsa_StringLarge;
-
- typedef [public] struct {
- uint32 count;
- [size_is(count)] lsa_String *names;
- } lsa_Strings;
-
- typedef [public] struct {
- [value(strlen_m(string))] uint16 length;
- [value(strlen_m(string))] uint16 size;
- [charset(DOS),size_is(size),length_is(length)] uint8 *string;
- } lsa_AsciiString;
-
- typedef [public] struct {
- [value(strlen_m(string))] uint16 length;
- [value(strlen_m_term(string))] uint16 size;
- [charset(DOS),size_is(size),length_is(length)] uint8 *string;
- } lsa_AsciiStringLarge;
-
- typedef [public] struct {
- uint16 length;
- uint16 size;
- [size_is(size/2),length_is(length/2)] uint16 *array;
- } lsa_BinaryString;
-
- /******************/
- /* Function: 0x00 */
- NTSTATUS lsa_Close (
- [in,out] policy_handle *handle
- );
-
-
- /******************/
- /* Function: 0x01 */
- [public] NTSTATUS lsa_Delete (
- [in] policy_handle *handle
- );
-
-
- /******************/
- /* Function: 0x02 */
- typedef struct {
- uint32 low;
- uint32 high;
- } lsa_LUID;
-
- typedef struct {
- lsa_StringLarge name;
- lsa_LUID luid;
- } lsa_PrivEntry;
-
- typedef struct {
- uint32 count;
- [size_is(count)] lsa_PrivEntry *privs;
- } lsa_PrivArray;
-
- [public] NTSTATUS lsa_EnumPrivs (
- [in] policy_handle *handle,
- [in,out] uint32 *resume_handle,
- [in] uint32 max_count,
- [out] lsa_PrivArray *privs
- );
-
- /******************/
- /* Function: 0x03 */
-
- NTSTATUS lsa_QuerySecurity (
- [in] policy_handle *handle,
- [in] security_secinfo sec_info,
- [out,unique] sec_desc_buf *sdbuf
- );
-
-
- /******************/
- /* Function: 0x04 */
- NTSTATUS lsa_SetSecObj(
- [in] policy_handle *handle,
- [in] security_secinfo sec_info,
- [in,ref] sec_desc_buf *sdbuf
- );
-
- /******************/
- /* Function: 0x05 */
- [todo] NTSTATUS lsa_ChangePassword ();
-
-
- /******************/
- /* Function: 0x06 */
- typedef struct {
- uint32 len; /* ignored */
- uint16 impersonation_level;
- uint8 context_mode;
- uint8 effective_only;
- } lsa_QosInfo;
-
- typedef struct {
- uint32 len; /* ignored */
- uint8 *root_dir;
- [string,charset(UTF16)] uint16 *object_name;
- uint32 attributes;
- security_descriptor *sec_desc;
- lsa_QosInfo *sec_qos;
- } lsa_ObjectAttribute;
-
- typedef [public,bitmap32bit] bitmap {
- LSA_POLICY_VIEW_LOCAL_INFORMATION = 0x00000001,
- LSA_POLICY_VIEW_AUDIT_INFORMATION = 0x00000002,
- LSA_POLICY_GET_PRIVATE_INFORMATION = 0x00000004,
- LSA_POLICY_TRUST_ADMIN = 0x00000008,
- LSA_POLICY_CREATE_ACCOUNT = 0x00000010,
- LSA_POLICY_CREATE_SECRET = 0x00000020,
- LSA_POLICY_CREATE_PRIVILEGE = 0x00000040,
- LSA_POLICY_SET_DEFAULT_QUOTA_LIMITS = 0x00000080,
- LSA_POLICY_SET_AUDIT_REQUIREMENTS = 0x00000100,
- LSA_POLICY_AUDIT_LOG_ADMIN = 0x00000200,
- LSA_POLICY_SERVER_ADMIN = 0x00000400,
- LSA_POLICY_LOOKUP_NAMES = 0x00000800
- } lsa_PolicyAccessMask;
-
- /* notice the screwup with the system_name - thats why MS created
- OpenPolicy2 */
- [public] NTSTATUS lsa_OpenPolicy (
- [in,unique] uint16 *system_name,
- [in] lsa_ObjectAttribute *attr,
- [in] lsa_PolicyAccessMask access_mask,
- [out] policy_handle *handle
- );
-
-
-
- /******************/
- /* Function: 0x07 */
-
- typedef struct {
- uint32 percent_full;
- uint32 maximum_log_size;
- hyper retention_time;
- uint8 shutdown_in_progress;
- hyper time_to_shutdown;
- uint32 next_audit_record;
- } lsa_AuditLogInfo;
-
- typedef [v1_enum] enum {
- LSA_AUDIT_POLICY_NONE=0,
- LSA_AUDIT_POLICY_SUCCESS=1,
- LSA_AUDIT_POLICY_FAILURE=2,
- LSA_AUDIT_POLICY_ALL=(LSA_AUDIT_POLICY_SUCCESS|LSA_AUDIT_POLICY_FAILURE),
- LSA_AUDIT_POLICY_CLEAR=4
- } lsa_PolicyAuditPolicy;
-
- typedef enum {
- LSA_AUDIT_CATEGORY_SYSTEM = 0,
- LSA_AUDIT_CATEGORY_LOGON = 1,
- LSA_AUDIT_CATEGORY_FILE_AND_OBJECT_ACCESS = 2,
- LSA_AUDIT_CATEGORY_USE_OF_USER_RIGHTS = 3,
- LSA_AUDIT_CATEGORY_PROCCESS_TRACKING = 4,
- LSA_AUDIT_CATEGORY_SECURITY_POLICY_CHANGES = 5,
- LSA_AUDIT_CATEGORY_ACCOUNT_MANAGEMENT = 6,
- LSA_AUDIT_CATEGORY_DIRECTORY_SERVICE_ACCESS = 7, /* only in win2k/2k3 */
- LSA_AUDIT_CATEGORY_ACCOUNT_LOGON = 8 /* only in win2k/2k3 */
- } lsa_PolicyAuditEventType;
-
- typedef struct {
- uint32 auditing_mode;
- [size_is(count)] lsa_PolicyAuditPolicy *settings;
- uint32 count;
- } lsa_AuditEventsInfo;
-
- typedef struct {
- lsa_StringLarge name;
- dom_sid2 *sid;
- } lsa_DomainInfo;
-
- typedef struct {
- lsa_String name;
- } lsa_PDAccountInfo;
-
- typedef [v1_enum] enum {
- LSA_ROLE_BACKUP=2,
- LSA_ROLE_PRIMARY=3
- } lsa_Role;
-
- typedef struct {
- lsa_Role role;
- } lsa_ServerRole;
-
- typedef struct {
- lsa_String source;
- lsa_String account;
- } lsa_ReplicaSourceInfo;
-
- typedef struct {
- uint32 paged_pool;
- uint32 non_paged_pool;
- uint32 min_wss;
- uint32 max_wss;
- uint32 pagefile;
- hyper unknown;
- } lsa_DefaultQuotaInfo;
-
- typedef struct {
- hyper modified_id;
- NTTIME_hyper db_create_time;
- } lsa_ModificationInfo;
-
- typedef struct {
- uint8 shutdown_on_full;
- } lsa_AuditFullSetInfo;
-
- typedef struct {
- uint8 shutdown_on_full;
- uint8 log_is_full;
- } lsa_AuditFullQueryInfo;
-
- typedef struct {
- /* it's important that we use the lsa_StringLarge here,
- * because otherwise windows clients result with such dns hostnames
- * e.g. w2k3-client.samba4.samba.orgsamba4.samba.org
- * where it should be
- * w2k3-client.samba4.samba.org
- */
- lsa_StringLarge name;
- lsa_StringLarge dns_domain;
- lsa_StringLarge dns_forest;
- GUID domain_guid;
- dom_sid2 *sid;
- } lsa_DnsDomainInfo;
-
- typedef enum {
- LSA_POLICY_INFO_AUDIT_LOG=1,
- LSA_POLICY_INFO_AUDIT_EVENTS=2,
- LSA_POLICY_INFO_DOMAIN=3,
- LSA_POLICY_INFO_PD=4,
- LSA_POLICY_INFO_ACCOUNT_DOMAIN=5,
- LSA_POLICY_INFO_ROLE=6,
- LSA_POLICY_INFO_REPLICA=7,
- LSA_POLICY_INFO_QUOTA=8,
- LSA_POLICY_INFO_MOD=9,
- LSA_POLICY_INFO_AUDIT_FULL_SET=10,
- LSA_POLICY_INFO_AUDIT_FULL_QUERY=11,
- LSA_POLICY_INFO_DNS=12,
- LSA_POLICY_INFO_DNS_INT=13,
- LSA_POLICY_INFO_L_ACCOUNT_DOMAIN=14
- } lsa_PolicyInfo;
-
- typedef [switch_type(uint16)] union {
- [case(LSA_POLICY_INFO_AUDIT_LOG)] lsa_AuditLogInfo audit_log;
- [case(LSA_POLICY_INFO_AUDIT_EVENTS)] lsa_AuditEventsInfo audit_events;
- [case(LSA_POLICY_INFO_DOMAIN)] lsa_DomainInfo domain;
- [case(LSA_POLICY_INFO_PD)] lsa_PDAccountInfo pd;
- [case(LSA_POLICY_INFO_ACCOUNT_DOMAIN)] lsa_DomainInfo account_domain;
- [case(LSA_POLICY_INFO_ROLE)] lsa_ServerRole role;
- [case(LSA_POLICY_INFO_REPLICA)] lsa_ReplicaSourceInfo replica;
- [case(LSA_POLICY_INFO_QUOTA)] lsa_DefaultQuotaInfo quota;
- [case(LSA_POLICY_INFO_MOD)] lsa_ModificationInfo mod;
- [case(LSA_POLICY_INFO_AUDIT_FULL_SET)] lsa_AuditFullSetInfo auditfullset;
- [case(LSA_POLICY_INFO_AUDIT_FULL_QUERY)] lsa_AuditFullQueryInfo auditfullquery;
- [case(LSA_POLICY_INFO_DNS)] lsa_DnsDomainInfo dns;
- [case(LSA_POLICY_INFO_DNS_INT)] lsa_DnsDomainInfo dns;
- [case(LSA_POLICY_INFO_L_ACCOUNT_DOMAIN)] lsa_DomainInfo l_account_domain;
- } lsa_PolicyInformation;
-
- NTSTATUS lsa_QueryInfoPolicy(
- [in] policy_handle *handle,
- [in] lsa_PolicyInfo level,
- [out,unique,switch_is(level)] lsa_PolicyInformation *info
- );
-
- /******************/
- /* Function: 0x08 */
- NTSTATUS lsa_SetInfoPolicy (
- [in] policy_handle *handle,
- [in] lsa_PolicyInfo level,
- [in,switch_is(level)] lsa_PolicyInformation *info
- );
-
- /******************/
- /* Function: 0x09 */
- [todo] NTSTATUS lsa_ClearAuditLog ();
-
- /******************/
- /* Function: 0x0a */
- [public] NTSTATUS lsa_CreateAccount (
- [in] policy_handle *handle,
- [in,ref] dom_sid2 *sid,
- [in] uint32 access_mask,
- [out] policy_handle *acct_handle
- );
-
- /******************/
- /* NOTE: This only returns accounts that have at least
- one privilege set
- */
- /* Function: 0x0b */
- typedef struct {
- dom_sid2 *sid;
- } lsa_SidPtr;
-
- typedef [public] struct {
- [range(0,1000)] uint32 num_sids;
- [size_is(num_sids)] lsa_SidPtr *sids;
- } lsa_SidArray;
-
- [public] NTSTATUS lsa_EnumAccounts (
- [in] policy_handle *handle,
- [in,out] uint32 *resume_handle,
- [in,range(0,8192)] uint32 num_entries,
- [out] lsa_SidArray *sids
- );
-
-
- /*************************************************/
- /* Function: 0x0c */
-
- [public] NTSTATUS lsa_CreateTrustedDomain(
- [in] policy_handle *policy_handle,
- [in] lsa_DomainInfo *info,
- [in] uint32 access_mask,
- [out] policy_handle *trustdom_handle
- );
-
-
- /******************/
- /* Function: 0x0d */
-
- /* w2k3 treats max_size as max_domains*60 */
- const int LSA_ENUM_TRUST_DOMAIN_MULTIPLIER = 60;
-
- typedef struct {
- uint32 count;
- [size_is(count)] lsa_DomainInfo *domains;
- } lsa_DomainList;
-
- NTSTATUS lsa_EnumTrustDom (
- [in] policy_handle *handle,
- [in,out] uint32 *resume_handle,
- [in] uint32 max_size,
- [out] lsa_DomainList *domains
- );
-
-
- /******************/
- /* Function: 0x0e */
- typedef [public] enum {
- SID_NAME_USE_NONE = 0,/* NOTUSED */
- SID_NAME_USER = 1, /* user */
- SID_NAME_DOM_GRP = 2, /* domain group */
- SID_NAME_DOMAIN = 3, /* domain: don't know what this is */
- SID_NAME_ALIAS = 4, /* local group */
- SID_NAME_WKN_GRP = 5, /* well-known group */
- SID_NAME_DELETED = 6, /* deleted account: needed for c2 rating */
- SID_NAME_INVALID = 7, /* invalid account */
- SID_NAME_UNKNOWN = 8, /* oops. */
- SID_NAME_COMPUTER = 9 /* machine */
- } lsa_SidType;
-
- typedef struct {
- lsa_SidType sid_type;
- uint32 rid;
- uint32 sid_index;
- } lsa_TranslatedSid;
-
- typedef struct {
- [range(0,1000)] uint32 count;
- [size_is(count)] lsa_TranslatedSid *sids;
- } lsa_TransSidArray;
-
- const int LSA_REF_DOMAIN_LIST_MULTIPLIER = 32;
- typedef struct {
- [range(0,1000)] uint32 count;
- [size_is(count)] lsa_DomainInfo *domains;
- uint32 max_size;
- } lsa_RefDomainList;
-
- /* Level 1: Ask everywhere
- * Level 2: Ask domain and trusted domains, no builtin and wkn
- * Level 3: Only ask domain
- * Level 4: W2k3ad: Only ask AD trusts
- * Level 5: Only ask transitive forest trusts
- * Level 6: Like 4
- */
-
- typedef enum {
- LSA_LOOKUP_NAMES_ALL = 1,
- LSA_LOOKUP_NAMES_DOMAINS_ONLY = 2,
- LSA_LOOKUP_NAMES_PRIMARY_DOMAIN_ONLY = 3,
- LSA_LOOKUP_NAMES_UPLEVEL_TRUSTS_ONLY = 4,
- LSA_LOOKUP_NAMES_FOREST_TRUSTS_ONLY = 5,
- LSA_LOOKUP_NAMES_UPLEVEL_TRUSTS_ONLY2 = 6,
- LSA_LOOKUP_NAMES_RODC_REFERRAL_TO_FULL_DC = 7
- } lsa_LookupNamesLevel;
-
- [public] NTSTATUS lsa_LookupNames (
- [in] policy_handle *handle,
- [in,range(0,1000)] uint32 num_names,
- [in,size_is(num_names)] lsa_String names[],
- [out,unique] lsa_RefDomainList *domains,
- [in,out] lsa_TransSidArray *sids,
- [in] lsa_LookupNamesLevel level,
- [in,out] uint32 *count
- );
-
-
- /******************/
- /* Function: 0x0f */
-
- typedef struct {
- lsa_SidType sid_type;
- lsa_String name;
- uint32 sid_index;
- } lsa_TranslatedName;
-
- typedef struct {
- [range(0,1000)] uint32 count;
- [size_is(count)] lsa_TranslatedName *names;
- } lsa_TransNameArray;
-
- [public] NTSTATUS lsa_LookupSids (
- [in] policy_handle *handle,
- [in] lsa_SidArray *sids,
- [out,unique] lsa_RefDomainList *domains,
- [in,out] lsa_TransNameArray *names,
- [in] uint16 level,
- [in,out] uint32 *count
- );
-
-
- /* Function: 0x10 */
- [public] NTSTATUS lsa_CreateSecret(
- [in] policy_handle *handle,
- [in] lsa_String name,
- [in] uint32 access_mask,
- [out] policy_handle *sec_handle
- );
-
-
- /*****************************************/
- /* Function: 0x11 */
- NTSTATUS lsa_OpenAccount(
- [in] policy_handle *handle,
- [in,ref] dom_sid2 *sid,
- [in] uint32 access_mask,
- [out] policy_handle *acct_handle
- );
-
-
- /****************************************/
- /* Function: 0x12 */
-
- typedef struct {
- lsa_LUID luid;
- uint32 attribute;
- } lsa_LUIDAttribute;
-
- typedef struct {
- [range(0,1000)] uint32 count;
- uint32 unknown;
- [size_is(count)] lsa_LUIDAttribute set[*];
- } lsa_PrivilegeSet;
-
- NTSTATUS lsa_EnumPrivsAccount (
- [in] policy_handle *handle,
- [out,unique] lsa_PrivilegeSet *privs
- );
-
-
- /****************************************/
- /* Function: 0x13 */
- NTSTATUS lsa_AddPrivilegesToAccount(
- [in] policy_handle *handle,
- [in,ref] lsa_PrivilegeSet *privs
- );
-
-
- /****************************************/
- /* Function: 0x14 */
- NTSTATUS lsa_RemovePrivilegesFromAccount(
- [in] policy_handle *handle,
- [in] uint8 remove_all,
- [in,unique] lsa_PrivilegeSet *privs
- );
-
- /* Function: 0x15 */
- [todo] NTSTATUS lsa_GetQuotasForAccount();
-
- /* Function: 0x16 */
- [todo] NTSTATUS lsa_SetQuotasForAccount();
-
- typedef [bitmap32bit] bitmap {
- LSA_POLICY_MODE_INTERACTIVE = 0x00000001,
- LSA_POLICY_MODE_NETWORK = 0x00000002,
- LSA_POLICY_MODE_BATCH = 0x00000004,
- LSA_POLICY_MODE_SERVICE = 0x00000010,
- LSA_POLICY_MODE_PROXY = 0x00000020,
- LSA_POLICY_MODE_DENY_INTERACTIVE = 0x00000040,
- LSA_POLICY_MODE_DENY_NETWORK = 0x00000080,
- LSA_POLICY_MODE_DENY_BATCH = 0x00000100,
- LSA_POLICY_MODE_DENY_SERVICE = 0x00000200,
- LSA_POLICY_MODE_REMOTE_INTERACTIVE = 0x00000400,
- LSA_POLICY_MODE_DENY_REMOTE_INTERACTIVE = 0x00000800,
- LSA_POLICY_MODE_ALL = 0x00000FF7,
- LSA_POLICY_MODE_ALL_NT4 = 0x00000037
- } lsa_SystemAccessModeFlags;
-
- /* Function: 0x17 */
- NTSTATUS lsa_GetSystemAccessAccount(
- [in] policy_handle *handle,
- [out,ref] uint32 *access_mask
- );
-
- /* Function: 0x18 */
- NTSTATUS lsa_SetSystemAccessAccount(
- [in] policy_handle *handle,
- [in] uint32 access_mask
- );
-
- /* Function: 0x19 */
- NTSTATUS lsa_OpenTrustedDomain(
- [in] policy_handle *handle,
- [in] dom_sid2 *sid,
- [in] uint32 access_mask,
- [out] policy_handle *trustdom_handle
- );
-
- typedef [flag(NDR_PAHEX)] struct {
- uint32 length;
- uint32 size;
- [size_is(size),length_is(length)] uint8 *data;
- } lsa_DATA_BUF;
-
- typedef [flag(NDR_PAHEX)] struct {
- [range(0,65536)] uint32 size;
- [size_is(size)] uint8 *data;
- } lsa_DATA_BUF2;
-
- typedef enum {
- LSA_TRUSTED_DOMAIN_INFO_NAME = 1,
- LSA_TRUSTED_DOMAIN_INFO_CONTROLLERS = 2,
- LSA_TRUSTED_DOMAIN_INFO_POSIX_OFFSET = 3,
- LSA_TRUSTED_DOMAIN_INFO_PASSWORD = 4,
- LSA_TRUSTED_DOMAIN_INFO_BASIC = 5,
- LSA_TRUSTED_DOMAIN_INFO_INFO_EX = 6,
- LSA_TRUSTED_DOMAIN_INFO_AUTH_INFO = 7,
- LSA_TRUSTED_DOMAIN_INFO_FULL_INFO = 8,
- LSA_TRUSTED_DOMAIN_INFO_AUTH_INFO_INTERNAL = 9,
- LSA_TRUSTED_DOMAIN_INFO_FULL_INFO_INTERNAL = 10,
- LSA_TRUSTED_DOMAIN_INFO_INFO_EX2_INTERNAL = 11,
- LSA_TRUSTED_DOMAIN_INFO_FULL_INFO_2_INTERNAL = 12,
- LSA_TRUSTED_DOMAIN_SUPPORTED_ENCRTYPION_TYPES = 13
- } lsa_TrustDomInfoEnum;
-
- typedef [public,bitmap32bit] bitmap {
- LSA_TRUST_DIRECTION_INBOUND = 0x00000001,
- LSA_TRUST_DIRECTION_OUTBOUND = 0x00000002
- } lsa_TrustDirection;
-
- typedef [v1_enum] enum {
- LSA_TRUST_TYPE_DOWNLEVEL = 0x00000001,
- LSA_TRUST_TYPE_UPLEVEL = 0x00000002,
- LSA_TRUST_TYPE_MIT = 0x00000003
- } lsa_TrustType;
-
- typedef [public,bitmap32bit] bitmap {
- LSA_TRUST_ATTRIBUTE_NON_TRANSITIVE = 0x00000001,
- LSA_TRUST_ATTRIBUTE_UPLEVEL_ONLY = 0x00000002,
- LSA_TRUST_ATTRIBUTE_QUARANTINED_DOMAIN = 0x00000004,
- LSA_TRUST_ATTRIBUTE_FOREST_TRANSITIVE = 0x00000008,
- LSA_TRUST_ATTRIBUTE_CROSS_ORGANIZATION = 0x00000010,
- LSA_TRUST_ATTRIBUTE_WITHIN_FOREST = 0x00000020,
- LSA_TRUST_ATTRIBUTE_TREAT_AS_EXTERNAL = 0x00000040,
- LSA_TRUST_ATTRIBUTE_USES_RC4_ENCRYPTION = 0x00000080
- } lsa_TrustAttributes;
-
- typedef struct {
- lsa_StringLarge netbios_name;
- } lsa_TrustDomainInfoName;
-
-
- typedef struct {
- uint32 entries;
- [size_is(entries)] lsa_StringLarge *netbios_names;
- } lsa_TrustDomainInfoControllers;
-
- typedef struct {
- uint32 posix_offset;
- } lsa_TrustDomainInfoPosixOffset;
-
- typedef struct {
- lsa_DATA_BUF *password;
- lsa_DATA_BUF *old_password;
- } lsa_TrustDomainInfoPassword;
-
- typedef struct {
- lsa_String netbios_name;
- dom_sid2 *sid;
- } lsa_TrustDomainInfoBasic;
-
- typedef struct {
- lsa_StringLarge domain_name;
- lsa_StringLarge netbios_name;
- dom_sid2 *sid;
- lsa_TrustDirection trust_direction;
- lsa_TrustType trust_type;
- lsa_TrustAttributes trust_attributes;
- } lsa_TrustDomainInfoInfoEx;
-
- typedef [public,v1_enum] enum {
- TRUST_AUTH_TYPE_NONE = 0,
- TRUST_AUTH_TYPE_NT4OWF = 1,
- TRUST_AUTH_TYPE_CLEAR = 2,
- TRUST_AUTH_TYPE_VERSION = 3
- } lsa_TrustAuthType;
-
- typedef struct {
- NTTIME_hyper last_update_time;
- lsa_TrustAuthType AuthType;
- lsa_DATA_BUF2 data;
- } lsa_TrustDomainInfoBuffer;
-
- typedef struct {
- uint32 incoming_count;
- lsa_TrustDomainInfoBuffer *incoming_current_auth_info;
- lsa_TrustDomainInfoBuffer *incoming_previous_auth_info;
- uint32 outgoing_count;
- lsa_TrustDomainInfoBuffer *outgoing_current_auth_info;
- lsa_TrustDomainInfoBuffer *outgoing_previous_auth_info;
- } lsa_TrustDomainInfoAuthInfo;
-
- typedef struct {
- lsa_TrustDomainInfoInfoEx info_ex;
- lsa_TrustDomainInfoPosixOffset posix_offset;
- lsa_TrustDomainInfoAuthInfo auth_info;
- } lsa_TrustDomainInfoFullInfo;
-
- typedef struct {
- lsa_DATA_BUF2 auth_blob;
- } lsa_TrustDomainInfoAuthInfoInternal;
-
- typedef struct {
- lsa_TrustDomainInfoInfoEx info_ex;
- lsa_TrustDomainInfoPosixOffset posix_offset;
- lsa_TrustDomainInfoAuthInfoInternal auth_info;
- } lsa_TrustDomainInfoFullInfoInternal;
-
- typedef struct {
- lsa_TrustDomainInfoInfoEx info_ex;
- uint32 forest_trust_length;
- [size_is(forest_trust_length)] uint8 *forest_trust_data;
- } lsa_TrustDomainInfoInfoEx2Internal;
-
- typedef struct {
- lsa_TrustDomainInfoInfoEx2Internal info;
- lsa_TrustDomainInfoPosixOffset posix_offset;
- lsa_TrustDomainInfoAuthInfo auth_info;
- } lsa_TrustDomainInfoFullInfo2Internal;
-
- typedef struct {
- kerb_EncTypes enc_types;
- } lsa_TrustDomainInfoSupportedEncTypes;
-
- typedef [switch_type(lsa_TrustDomInfoEnum)] union {
- [case(LSA_TRUSTED_DOMAIN_INFO_NAME)]
- lsa_TrustDomainInfoName name;
- [case(LSA_TRUSTED_DOMAIN_INFO_CONTROLLERS)]
- lsa_TrustDomainInfoControllers controllers;
- [case(LSA_TRUSTED_DOMAIN_INFO_POSIX_OFFSET)]
- lsa_TrustDomainInfoPosixOffset posix_offset;
- [case(LSA_TRUSTED_DOMAIN_INFO_PASSWORD)]
- lsa_TrustDomainInfoPassword password;
- [case(LSA_TRUSTED_DOMAIN_INFO_BASIC)]
- lsa_TrustDomainInfoBasic info_basic;
- [case(LSA_TRUSTED_DOMAIN_INFO_INFO_EX)]
- lsa_TrustDomainInfoInfoEx info_ex;
- [case(LSA_TRUSTED_DOMAIN_INFO_AUTH_INFO)]
- lsa_TrustDomainInfoAuthInfo auth_info;
- [case(LSA_TRUSTED_DOMAIN_INFO_FULL_INFO)]
- lsa_TrustDomainInfoFullInfo full_info;
- [case(LSA_TRUSTED_DOMAIN_INFO_AUTH_INFO_INTERNAL)]
- lsa_TrustDomainInfoAuthInfoInternal auth_info_internal;
- [case(LSA_TRUSTED_DOMAIN_INFO_FULL_INFO_INTERNAL)]
- lsa_TrustDomainInfoFullInfoInternal full_info_internal;
- [case(LSA_TRUSTED_DOMAIN_INFO_INFO_EX2_INTERNAL)]
- lsa_TrustDomainInfoInfoEx2Internal info_ex2_internal;
- [case(LSA_TRUSTED_DOMAIN_INFO_FULL_INFO_2_INTERNAL)]
- lsa_TrustDomainInfoFullInfo2Internal full_info2_internal;
- [case(LSA_TRUSTED_DOMAIN_SUPPORTED_ENCRTYPION_TYPES)]
- lsa_TrustDomainInfoSupportedEncTypes enc_types;
- } lsa_TrustedDomainInfo;
-
- /* Function: 0x1a */
- NTSTATUS lsa_QueryTrustedDomainInfo(
- [in] policy_handle *trustdom_handle,
- [in] lsa_TrustDomInfoEnum level,
- [out,switch_is(level),unique] lsa_TrustedDomainInfo *info
- );
-
- /* Function: 0x1b */
- NTSTATUS lsa_SetInformationTrustedDomain(
- [in] policy_handle *trustdom_handle,
- [in] lsa_TrustDomInfoEnum level,
- [in,switch_is(level)] lsa_TrustedDomainInfo *info
- );
-
- /* Function: 0x1c */
- [public] NTSTATUS lsa_OpenSecret(
- [in] policy_handle *handle,
- [in] lsa_String name,
- [in] uint32 access_mask,
- [out] policy_handle *sec_handle
- );
-
- /* Function: 0x1d */
-
- [public] NTSTATUS lsa_SetSecret(
- [in] policy_handle *sec_handle,
- [in,unique] lsa_DATA_BUF *new_val,
- [in,unique] lsa_DATA_BUF *old_val
- );
-
- typedef struct {
- lsa_DATA_BUF *buf;
- } lsa_DATA_BUF_PTR;
-
- /* Function: 0x1e */
- [public] NTSTATUS lsa_QuerySecret (
- [in] policy_handle *sec_handle,
- [in,out,unique] lsa_DATA_BUF_PTR *new_val,
- [in,out,unique] NTTIME_hyper *new_mtime,
- [in,out,unique] lsa_DATA_BUF_PTR *old_val,
- [in,out,unique] NTTIME_hyper *old_mtime
- );
-
- /* Function: 0x1f */
- NTSTATUS lsa_LookupPrivValue(
- [in] policy_handle *handle,
- [in,ref] lsa_String *name,
- [out,ref] lsa_LUID *luid
- );
-
-
- /* Function: 0x20 */
- NTSTATUS lsa_LookupPrivName (
- [in] policy_handle *handle,
- [in] lsa_LUID *luid,
- [out,unique] lsa_StringLarge *name
- );
-
-
- /*******************/
- /* Function: 0x21 */
- NTSTATUS lsa_LookupPrivDisplayName (
- [in] policy_handle *handle,
- [in] lsa_String *name,
- [out,unique] lsa_StringLarge *disp_name,
- /* see http://www.microsoft.com/globaldev/nlsweb/ for
- language definitions */
- [in,out] uint16 *language_id,
- [in] uint16 unknown
- );
-
- /*******************/
- /* Function: 0x22 */
- NTSTATUS lsa_DeleteObject (
- [in,out] policy_handle *handle
- );
-
- /*******************/
- /* Function: 0x23 */
- NTSTATUS lsa_EnumAccountsWithUserRight (
- [in] policy_handle *handle,
- [in,unique] lsa_String *name,
- [out] lsa_SidArray *sids
- );
-
- /* Function: 0x24 */
- typedef struct {
- [string,charset(UTF16)] uint16 *name;
- } lsa_RightAttribute;
-
- typedef struct {
- [range(0,256)] uint32 count;
- [size_is(count)] lsa_StringLarge *names;
- } lsa_RightSet;
-
- NTSTATUS lsa_EnumAccountRights (
- [in] policy_handle *handle,
- [in,ref] dom_sid2 *sid,
- [out,ref] lsa_RightSet *rights
- );
-
-
- /**********************/
- /* Function: 0x25 */
- NTSTATUS lsa_AddAccountRights (
- [in] policy_handle *handle,
- [in,ref] dom_sid2 *sid,
- [in,ref] lsa_RightSet *rights
- );
-
- /**********************/
- /* Function: 0x26 */
- NTSTATUS lsa_RemoveAccountRights (
- [in] policy_handle *handle,
- [in,ref] dom_sid2 *sid,
- [in] uint8 remove_all,
- [in,ref] lsa_RightSet *rights
- );
-
- /* Function: 0x27 */
- NTSTATUS lsa_QueryTrustedDomainInfoBySid(
- [in] policy_handle *handle,
- [in] dom_sid2 *dom_sid,
- [in] lsa_TrustDomInfoEnum level,
- [out,switch_is(level),unique] lsa_TrustedDomainInfo *info
- );
-
- /* Function: 0x28 */
- NTSTATUS lsa_SetTrustedDomainInfo(
- [in] policy_handle *handle,
- [in] dom_sid2 *dom_sid,
- [in] lsa_TrustDomInfoEnum level,
- [in,switch_is(level)] lsa_TrustedDomainInfo *info
- );
-
- /* Function: 0x29 */
- NTSTATUS lsa_DeleteTrustedDomain(
- [in] policy_handle *handle,
- [in] dom_sid2 *dom_sid
- );
-
- /* Function: 0x2a */
- [todo] NTSTATUS lsa_StorePrivateData();
- /* Function: 0x2b */
- [todo] NTSTATUS lsa_RetrievePrivateData();
-
-
- /**********************/
- /* Function: 0x2c */
- [public] NTSTATUS lsa_OpenPolicy2 (
- [in,unique] [string,charset(UTF16)] uint16 *system_name,
- [in] lsa_ObjectAttribute *attr,
- [in] lsa_PolicyAccessMask access_mask,
- [out] policy_handle *handle
- );
-
- /**********************/
- /* Function: 0x2d */
- typedef struct {
- lsa_String *string;
- } lsa_StringPointer;
-
- NTSTATUS lsa_GetUserName(
- [in,unique] [string,charset(UTF16)] uint16 *system_name,
- [in,out,unique] lsa_String *account_name,
- [in,out,unique] lsa_StringPointer *authority_name
- );
-
- /**********************/
- /* Function: 0x2e */
-
- NTSTATUS lsa_QueryInfoPolicy2(
- [in] policy_handle *handle,
- [in] lsa_PolicyInfo level,
- [out,unique,switch_is(level)] lsa_PolicyInformation *info
- );
-
- /* Function 0x2f */
- NTSTATUS lsa_SetInfoPolicy2(
- [in] policy_handle *handle,
- [in] lsa_PolicyInfo level,
- [in,switch_is(level)] lsa_PolicyInformation *info
- );
-
- /**********************/
- /* Function 0x30 */
- NTSTATUS lsa_QueryTrustedDomainInfoByName(
- [in] policy_handle *handle,
- [in] lsa_String trusted_domain,
- [in] lsa_TrustDomInfoEnum level,
- [out,unique,switch_is(level)] lsa_TrustedDomainInfo *info
- );
-
- /**********************/
- /* Function 0x31 */
- NTSTATUS lsa_SetTrustedDomainInfoByName(
- [in] policy_handle *handle,
- [in] lsa_String trusted_domain,
- [in] lsa_TrustDomInfoEnum level,
- [in,unique,switch_is(level)] lsa_TrustedDomainInfo *info
- );
-
- /* Function 0x32 */
-
- /* w2k3 treats max_size as max_domains*82 */
- const int LSA_ENUM_TRUST_DOMAIN_EX_MULTIPLIER = 82;
-
- typedef struct {
- uint32 count;
- [size_is(count)] lsa_TrustDomainInfoInfoEx *domains;
- } lsa_DomainListEx;
-
- NTSTATUS lsa_EnumTrustedDomainsEx (
- [in] policy_handle *handle,
- [in,out] uint32 *resume_handle,
- [out] lsa_DomainListEx *domains,
- [in] uint32 max_size
- );
-
- /* Function 0x33 */
- NTSTATUS lsa_CreateTrustedDomainEx(
- [in] policy_handle *policy_handle,
- [in] lsa_TrustDomainInfoInfoEx *info,
- [in] lsa_TrustDomainInfoAuthInfoInternal *auth_info,
- [in] uint32 access_mask,
- [out] policy_handle *trustdom_handle
- );
-
-
- /* Function 0x34 */
- NTSTATUS lsa_CloseTrustedDomainEx(
- [in,out] policy_handle *handle
- );
-
- /* Function 0x35 */
-
- /* w2k3 returns either 0x000bbbd000000000 or 0x000a48e800000000
- for unknown6 - gd */
- typedef struct {
- uint32 enforce_restrictions;
- hyper service_tkt_lifetime;
- hyper user_tkt_lifetime;
- hyper user_tkt_renewaltime;
- hyper clock_skew;
- hyper unknown6;
- } lsa_DomainInfoKerberos;
-
- typedef struct {
- uint32 blob_size;
- [size_is(blob_size)] uint8 *efs_blob;
- } lsa_DomainInfoEfs;
-
- typedef enum {
- LSA_DOMAIN_INFO_POLICY_EFS=2,
- LSA_DOMAIN_INFO_POLICY_KERBEROS=3
- } lsa_DomainInfoEnum;
-
- typedef [switch_type(uint16)] union {
- [case(LSA_DOMAIN_INFO_POLICY_EFS)] lsa_DomainInfoEfs efs_info;
- [case(LSA_DOMAIN_INFO_POLICY_KERBEROS)] lsa_DomainInfoKerberos kerberos_info;
- } lsa_DomainInformationPolicy;
-
- NTSTATUS lsa_QueryDomainInformationPolicy(
- [in] policy_handle *handle,
- [in] uint16 level,
- [out,unique,switch_is(level)] lsa_DomainInformationPolicy *info
- );
-
- /* Function 0x36 */
- NTSTATUS lsa_SetDomainInformationPolicy(
- [in] policy_handle *handle,
- [in] uint16 level,
- [in,unique,switch_is(level)] lsa_DomainInformationPolicy *info
- );
-
- /**********************/
- /* Function 0x37 */
- NTSTATUS lsa_OpenTrustedDomainByName(
- [in] policy_handle *handle,
- [in] lsa_String name,
- [in] uint32 access_mask,
- [out] policy_handle *trustdom_handle
- );
-
- /* Function 0x38 */
- [todo] NTSTATUS lsa_TestCall();
-
- /**********************/
- /* Function 0x39 */
-
- typedef struct {
- lsa_SidType sid_type;
- lsa_String name;
- uint32 sid_index;
- uint32 unknown;
- } lsa_TranslatedName2;
-
- typedef struct {
- [range(0,1000)] uint32 count;
- [size_is(count)] lsa_TranslatedName2 *names;
- } lsa_TransNameArray2;
-
- [public] NTSTATUS lsa_LookupSids2(
- [in] policy_handle *handle,
- [in] lsa_SidArray *sids,
- [out,unique] lsa_RefDomainList *domains,
- [in,out] lsa_TransNameArray2 *names,
- [in] uint16 level,
- [in,out] uint32 *count,
- [in] uint32 unknown1,
- [in] uint32 unknown2
- );
-
- /**********************/
- /* Function 0x3a */
-
- typedef struct {
- lsa_SidType sid_type;
- uint32 rid;
- uint32 sid_index;
- uint32 unknown;
- } lsa_TranslatedSid2;
-
- typedef struct {
- [range(0,1000)] uint32 count;
- [size_is(count)] lsa_TranslatedSid2 *sids;
- } lsa_TransSidArray2;
-
- [public] NTSTATUS lsa_LookupNames2 (
- [in] policy_handle *handle,
- [in,range(0,1000)] uint32 num_names,
- [in,size_is(num_names)] lsa_String names[],
- [out,unique] lsa_RefDomainList *domains,
- [in,out] lsa_TransSidArray2 *sids,
- [in] lsa_LookupNamesLevel level,
- [in,out] uint32 *count,
- [in] uint32 lookup_options,
- [in] uint32 client_revision /* LSA_CLIENT_REVISION* */
- );
-
- /* Function 0x3b */
- NTSTATUS lsa_CreateTrustedDomainEx2(
- [in] policy_handle *policy_handle,
- [in] lsa_TrustDomainInfoInfoEx *info,
- [in] lsa_TrustDomainInfoAuthInfoInternal *auth_info,
- [in] uint32 access_mask,
- [out] policy_handle *trustdom_handle
- );
-
- /* Function 0x3c */
- [todo] NTSTATUS lsa_CREDRWRITE();
-
- /* Function 0x3d */
- [todo] NTSTATUS lsa_CREDRREAD();
-
- /* Function 0x3e */
- [todo] NTSTATUS lsa_CREDRENUMERATE();
-
- /* Function 0x3f */
- [todo] NTSTATUS lsa_CREDRWRITEDOMAINCREDENTIALS();
-
- /* Function 0x40 */
- [todo] NTSTATUS lsa_CREDRREADDOMAINCREDENTIALS();
-
- /* Function 0x41 */
- [todo] NTSTATUS lsa_CREDRDELETE();
-
- /* Function 0x42 */
- [todo] NTSTATUS lsa_CREDRGETTARGETINFO();
-
- /* Function 0x43 */
- [todo] NTSTATUS lsa_CREDRPROFILELOADED();
-
- /**********************/
- /* Function 0x44 */
- typedef struct {
- lsa_SidType sid_type;
- dom_sid2 *sid;
- uint32 sid_index;
- uint32 flags;
- } lsa_TranslatedSid3;
-
- typedef struct {
- [range(0,1000)] uint32 count;
- [size_is(count)] lsa_TranslatedSid3 *sids;
- } lsa_TransSidArray3;
-
- [public] NTSTATUS lsa_LookupNames3 (
- [in] policy_handle *handle,
- [in,range(0,1000)] uint32 num_names,
- [in,size_is(num_names)] lsa_String names[],
- [out,unique] lsa_RefDomainList *domains,
- [in,out] lsa_TransSidArray3 *sids,
- [in] lsa_LookupNamesLevel level,
- [in,out] uint32 *count,
- [in] uint32 lookup_options,
- [in] uint32 client_revision /* LSA_CLIENT_REVISION* */
- );
-
- /* Function 0x45 */
- [todo] NTSTATUS lsa_CREDRGETSESSIONTYPES();
-
- /* Function 0x46 */
- [todo] NTSTATUS lsa_LSARREGISTERAUDITEVENT();
-
- /* Function 0x47 */
- [todo] NTSTATUS lsa_LSARGENAUDITEVENT();
-
- /* Function 0x48 */
- [todo] NTSTATUS lsa_LSARUNREGISTERAUDITEVENT();
-
- /* Function 0x49 */
- typedef struct {
- [range(0,131072)] uint32 length;
- [size_is(length)] uint8 *data;
- } lsa_ForestTrustBinaryData;
-
- typedef struct {
- dom_sid2 *domain_sid;
- lsa_StringLarge dns_domain_name;
- lsa_StringLarge netbios_domain_name;
- } lsa_ForestTrustDomainInfo;
-
- typedef [switch_type(uint32)] union {
- [case(LSA_FOREST_TRUST_TOP_LEVEL_NAME)] lsa_String top_level_name;
- [case(LSA_FOREST_TRUST_TOP_LEVEL_NAME_EX)] lsa_StringLarge top_level_name_ex;
- [case(LSA_FOREST_TRUST_DOMAIN_INFO)] lsa_ForestTrustDomainInfo domain_info;
- [default] lsa_ForestTrustBinaryData data;
- } lsa_ForestTrustData;
-
- typedef [v1_enum] enum {
- LSA_FOREST_TRUST_TOP_LEVEL_NAME = 0,
- LSA_FOREST_TRUST_TOP_LEVEL_NAME_EX = 1,
- LSA_FOREST_TRUST_DOMAIN_INFO = 2,
- LSA_FOREST_TRUST_RECORD_TYPE_LAST = 3
- } lsa_ForestTrustRecordType;
-
- typedef struct {
- uint32 flags;
- lsa_ForestTrustRecordType level;
- hyper unknown;
- [switch_is(level)] lsa_ForestTrustData forest_trust_data;
- } lsa_ForestTrustRecord;
-
- typedef [public] struct {
- [range(0,4000)] uint32 count;
- [size_is(count)] lsa_ForestTrustRecord **entries;
- } lsa_ForestTrustInformation;
-
- NTSTATUS lsa_lsaRQueryForestTrustInformation(
- [in] policy_handle *handle,
- [in,ref] lsa_String *trusted_domain_name,
- [in] uint16 unknown, /* level ? */
- [out,ref] lsa_ForestTrustInformation **forest_trust_info
- );
-
- /* Function 0x4a */
- [todo] NTSTATUS lsa_LSARSETFORESTTRUSTINFORMATION();
-
- /* Function 0x4b */
- [todo] NTSTATUS lsa_CREDRRENAME();
-
- /*****************/
- /* Function 0x4c */
-
- [public] NTSTATUS lsa_LookupSids3(
- [in] lsa_SidArray *sids,
- [out,unique] lsa_RefDomainList *domains,
- [in,out] lsa_TransNameArray2 *names,
- [in] uint16 level,
- [in,out] uint32 *count,
- [in] uint32 unknown1,
- [in] uint32 unknown2
- );
-
- const int LSA_CLIENT_REVISION_NO_DNS = 0x00000001;
- const int LSA_CLIENT_REVISION_DNS = 0x00000002;
-
- const int LSA_LOOKUP_OPTIONS_NO_ISOLATED = 0x80000000;
-
- /* Function 0x4d */
- NTSTATUS lsa_LookupNames4(
- [in,range(0,1000)] uint32 num_names,
- [in,size_is(num_names)] lsa_String names[],
- [out,unique] lsa_RefDomainList *domains,
- [in,out] lsa_TransSidArray3 *sids,
- [in] lsa_LookupNamesLevel level,
- [in,out] uint32 *count,
- [in] uint32 lookup_options,
- [in] uint32 client_revision /* LSA_CLIENT_REVISION* */
- );
-
- /* Function 0x4e */
- [todo] NTSTATUS lsa_LSAROPENPOLICYSCE();
-
- /* Function 0x4f */
- [todo] NTSTATUS lsa_LSARADTREGISTERSECURITYEVENTSOURCE();
-
- /* Function 0x50 */
- [todo] NTSTATUS lsa_LSARADTUNREGISTERSECURITYEVENTSOURCE();
-
- /* Function 0x51 */
- [todo] NTSTATUS lsa_LSARADTREPORTSECURITYEVENT();
-
-}
diff --git a/source4/rpc_server/lsa/dcesrv_lsa.c b/source4/rpc_server/lsa/dcesrv_lsa.c
index b009d2f2f8..e279161375 100644
--- a/source4/rpc_server/lsa/dcesrv_lsa.c
+++ b/source4/rpc_server/lsa/dcesrv_lsa.c
@@ -434,67 +434,67 @@ static NTSTATUS dcesrv_lsa_QueryInfoPolicy2(struct dcesrv_call_state *dce_call,
{
struct lsa_policy_state *state;
struct dcesrv_handle *h;
+ union lsa_PolicyInformation *info;
- r->out.info = NULL;
+ *r->out.info = NULL;
DCESRV_PULL_HANDLE(h, r->in.handle, LSA_HANDLE_POLICY);
state = h->data;
- r->out.info = talloc(mem_ctx, union lsa_PolicyInformation);
- if (!r->out.info) {
+ info = talloc_zero(mem_ctx, union lsa_PolicyInformation);
+ if (!info) {
return NT_STATUS_NO_MEMORY;
}
-
- ZERO_STRUCTP(r->out.info);
+ *r->out.info = info;
switch (r->in.level) {
case LSA_POLICY_INFO_AUDIT_LOG:
/* we don't need to fill in any of this */
- ZERO_STRUCT(r->out.info->audit_log);
+ ZERO_STRUCT(info->audit_log);
return NT_STATUS_OK;
case LSA_POLICY_INFO_AUDIT_EVENTS:
/* we don't need to fill in any of this */
- ZERO_STRUCT(r->out.info->audit_events);
+ ZERO_STRUCT(info->audit_events);
return NT_STATUS_OK;
case LSA_POLICY_INFO_PD:
/* we don't need to fill in any of this */
- ZERO_STRUCT(r->out.info->pd);
+ ZERO_STRUCT(info->pd);
return NT_STATUS_OK;
case LSA_POLICY_INFO_DOMAIN:
- return dcesrv_lsa_info_AccountDomain(state, mem_ctx, &r->out.info->domain);
+ return dcesrv_lsa_info_AccountDomain(state, mem_ctx, &info->domain);
case LSA_POLICY_INFO_ACCOUNT_DOMAIN:
- return dcesrv_lsa_info_AccountDomain(state, mem_ctx, &r->out.info->account_domain);
+ return dcesrv_lsa_info_AccountDomain(state, mem_ctx, &info->account_domain);
case LSA_POLICY_INFO_L_ACCOUNT_DOMAIN:
- return dcesrv_lsa_info_AccountDomain(state, mem_ctx, &r->out.info->l_account_domain);
+ return dcesrv_lsa_info_AccountDomain(state, mem_ctx, &info->l_account_domain);
case LSA_POLICY_INFO_ROLE:
- r->out.info->role.role = LSA_ROLE_PRIMARY;
+ info->role.role = LSA_ROLE_PRIMARY;
return NT_STATUS_OK;
case LSA_POLICY_INFO_DNS:
case LSA_POLICY_INFO_DNS_INT:
- return dcesrv_lsa_info_DNS(state, mem_ctx, &r->out.info->dns);
+ return dcesrv_lsa_info_DNS(state, mem_ctx, &info->dns);
case LSA_POLICY_INFO_REPLICA:
- ZERO_STRUCT(r->out.info->replica);
+ ZERO_STRUCT(info->replica);
return NT_STATUS_OK;
case LSA_POLICY_INFO_QUOTA:
- ZERO_STRUCT(r->out.info->quota);
+ ZERO_STRUCT(info->quota);
return NT_STATUS_OK;
case LSA_POLICY_INFO_MOD:
case LSA_POLICY_INFO_AUDIT_FULL_SET:
case LSA_POLICY_INFO_AUDIT_FULL_QUERY:
/* windows gives INVALID_PARAMETER */
- r->out.info = NULL;
+ *r->out.info = NULL;
return NT_STATUS_INVALID_PARAMETER;
}
- r->out.info = NULL;
+ *r->out.info = NULL;
return NT_STATUS_INVALID_INFO_CLASS;
}
@@ -511,11 +511,10 @@ static NTSTATUS dcesrv_lsa_QueryInfoPolicy(struct dcesrv_call_state *dce_call, T
r2.in.handle = r->in.handle;
r2.in.level = r->in.level;
+ r2.out.info = r->out.info;
status = dcesrv_lsa_QueryInfoPolicy2(dce_call, mem_ctx, &r2);
- r->out.info = r2.out.info;
-
return status;
}
@@ -1314,6 +1313,7 @@ static NTSTATUS fill_trust_domain_ex(TALLOC_CTX *mem_ctx,
static NTSTATUS dcesrv_lsa_QueryTrustedDomainInfo(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
struct lsa_QueryTrustedDomainInfo *r)
{
+ union lsa_TrustedDomainInfo *info = NULL;
struct dcesrv_handle *h;
struct lsa_trusted_domain_state *trusted_domain_state;
struct ldb_message *msg;
@@ -1342,17 +1342,19 @@ static NTSTATUS dcesrv_lsa_QueryTrustedDomainInfo(struct dcesrv_call_state *dce_
}
msg = res[0];
- r->out.info = talloc(mem_ctx, union lsa_TrustedDomainInfo);
- if (!r->out.info) {
+ info = talloc_zero(mem_ctx, union lsa_TrustedDomainInfo);
+ if (!info) {
return NT_STATUS_NO_MEMORY;
}
+ *r->out.info = info;
+
switch (r->in.level) {
case LSA_TRUSTED_DOMAIN_INFO_NAME:
- r->out.info->name.netbios_name.string
+ info->name.netbios_name.string
= samdb_result_string(msg, "flatname", NULL);
break;
case LSA_TRUSTED_DOMAIN_INFO_POSIX_OFFSET:
- r->out.info->posix_offset.posix_offset
+ info->posix_offset.posix_offset
= samdb_result_uint(msg, "posixOffset", 0);
break;
#if 0 /* Win2k3 doesn't implement this */
@@ -1364,32 +1366,32 @@ static NTSTATUS dcesrv_lsa_QueryTrustedDomainInfo(struct dcesrv_call_state *dce_
break;
#endif
case LSA_TRUSTED_DOMAIN_INFO_INFO_EX:
- return fill_trust_domain_ex(mem_ctx, msg, &r->out.info->info_ex);
+ return fill_trust_domain_ex(mem_ctx, msg, &info->info_ex);
case LSA_TRUSTED_DOMAIN_INFO_FULL_INFO:
- ZERO_STRUCT(r->out.info->full_info);
- return fill_trust_domain_ex(mem_ctx, msg, &r->out.info->full_info.info_ex);
+ ZERO_STRUCT(info->full_info);
+ return fill_trust_domain_ex(mem_ctx, msg, &info->full_info.info_ex);
case LSA_TRUSTED_DOMAIN_INFO_FULL_INFO_2_INTERNAL:
- ZERO_STRUCT(r->out.info->full_info2_internal);
- r->out.info->full_info2_internal.posix_offset.posix_offset
+ ZERO_STRUCT(info->full_info2_internal);
+ info->full_info2_internal.posix_offset.posix_offset
= samdb_result_uint(msg, "posixOffset", 0);
- return fill_trust_domain_ex(mem_ctx, msg, &r->out.info->full_info2_internal.info.info_ex);
+ return fill_trust_domain_ex(mem_ctx, msg, &info->full_info2_internal.info.info_ex);
case LSA_TRUSTED_DOMAIN_SUPPORTED_ENCRTYPION_TYPES:
- r->out.info->enc_types.enc_types
+ info->enc_types.enc_types
= samdb_result_uint(msg, "msDs-supportedEncryptionTypes", KERB_ENCTYPE_RC4_HMAC_MD5);
break;
case LSA_TRUSTED_DOMAIN_INFO_CONTROLLERS:
case LSA_TRUSTED_DOMAIN_INFO_INFO_EX2_INTERNAL:
/* oops, we don't want to return the info after all */
- talloc_free(r->out.info);
+ talloc_free(info);
r->out.info = NULL;
return NT_STATUS_INVALID_PARAMETER;
default:
/* oops, we don't want to return the info after all */
- talloc_free(r->out.info);
+ talloc_free(info);
r->out.info = NULL;
return NT_STATUS_INVALID_INFO_CLASS;
}
@@ -1407,6 +1409,7 @@ static NTSTATUS dcesrv_lsa_QueryTrustedDomainInfoBySid(struct dcesrv_call_state
NTSTATUS status;
struct lsa_OpenTrustedDomain open;
struct lsa_QueryTrustedDomainInfo query;
+ union lsa_TrustedDomainInfo *info;
struct dcesrv_handle *h;
open.in.handle = r->in.handle;
open.in.sid = r->in.dom_sid;
@@ -1423,15 +1426,15 @@ static NTSTATUS dcesrv_lsa_QueryTrustedDomainInfoBySid(struct dcesrv_call_state
/* Ensure this handle goes away at the end of this call */
DCESRV_PULL_HANDLE(h, open.out.trustdom_handle, DCESRV_HANDLE_ANY);
talloc_steal(mem_ctx, h);
-
+
query.in.trustdom_handle = open.out.trustdom_handle;
query.in.level = r->in.level;
+ query.out.info = r->out.info;
status = dcesrv_lsa_QueryTrustedDomainInfo(dce_call, mem_ctx, &query);
if (!NT_STATUS_IS_OK(status)) {
return status;
}
-
- r->out.info = query.out.info;
+
return NT_STATUS_OK;
}
@@ -1457,7 +1460,7 @@ static NTSTATUS dcesrv_lsa_QueryTrustedDomainInfoByName(struct dcesrv_call_state
struct lsa_QueryTrustedDomainInfo query;
struct dcesrv_handle *h;
open.in.handle = r->in.handle;
- open.in.name = r->in.trusted_domain;
+ open.in.name = *r->in.trusted_domain;
open.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
open.out.trustdom_handle = talloc(mem_ctx, struct policy_handle);
if (!open.out.trustdom_handle) {
@@ -1474,12 +1477,12 @@ static NTSTATUS dcesrv_lsa_QueryTrustedDomainInfoByName(struct dcesrv_call_state
query.in.trustdom_handle = open.out.trustdom_handle;
query.in.level = r->in.level;
+ query.out.info = r->out.info;
status = dcesrv_lsa_QueryTrustedDomainInfo(dce_call, mem_ctx, &query);
if (!NT_STATUS_IS_OK(status)) {
return status;
}
- r->out.info = query.out.info;
return NT_STATUS_OK;
}
@@ -1724,15 +1727,21 @@ static NTSTATUS dcesrv_lsa_EnumPrivsAccount(struct dcesrv_call_state *dce_call,
const char * const attrs[] = { "privilege", NULL};
struct ldb_message_element *el;
const char *sidstr;
+ struct lsa_PrivilegeSet *privs;
DCESRV_PULL_HANDLE(h, r->in.handle, LSA_HANDLE_ACCOUNT);
astate = h->data;
- r->out.privs = talloc(mem_ctx, struct lsa_PrivilegeSet);
- r->out.privs->count = 0;
- r->out.privs->unknown = 0;
- r->out.privs->set = NULL;
+ privs = talloc(mem_ctx, struct lsa_PrivilegeSet);
+ if (privs == NULL) {
+ return NT_STATUS_NO_MEMORY;
+ }
+ privs->count = 0;
+ privs->unknown = 0;
+ privs->set = NULL;
+
+ *r->out.privs = privs;
sidstr = ldap_encode_ndr_dom_sid(mem_ctx, astate->account_sid);
if (sidstr == NULL) {
@@ -1750,9 +1759,9 @@ static NTSTATUS dcesrv_lsa_EnumPrivsAccount(struct dcesrv_call_state *dce_call,
return NT_STATUS_OK;
}
- r->out.privs->set = talloc_array(r->out.privs,
- struct lsa_LUIDAttribute, el->num_values);
- if (r->out.privs->set == NULL) {
+ privs->set = talloc_array(privs,
+ struct lsa_LUIDAttribute, el->num_values);
+ if (privs->set == NULL) {
return NT_STATUS_NO_MEMORY;
}
@@ -1761,12 +1770,12 @@ static NTSTATUS dcesrv_lsa_EnumPrivsAccount(struct dcesrv_call_state *dce_call,
if (id == -1) {
return NT_STATUS_INTERNAL_DB_CORRUPTION;
}
- r->out.privs->set[i].attribute = 0;
- r->out.privs->set[i].luid.low = id;
- r->out.privs->set[i].luid.high = 0;
+ privs->set[i].attribute = 0;
+ privs->set[i].luid.low = id;
+ privs->set[i].luid.high = 0;
}
- r->out.privs->count = el->num_values;
+ privs->count = el->num_values;
return NT_STATUS_OK;
}
@@ -2058,8 +2067,18 @@ static NTSTATUS dcesrv_lsa_GetSystemAccessAccount(struct dcesrv_call_state *dce_
int i;
NTSTATUS status;
struct lsa_EnumPrivsAccount enumPrivs;
+ struct lsa_PrivilegeSet *privs;
+
+ privs = talloc(mem_ctx, struct lsa_PrivilegeSet);
+ if (!privs) {
+ return NT_STATUS_NO_MEMORY;
+ }
+ privs->count = 0;
+ privs->unknown = 0;
+ privs->set = NULL;
enumPrivs.in.handle = r->in.handle;
+ enumPrivs.out.privs = &privs;
status = dcesrv_lsa_EnumPrivsAccount(dce_call, mem_ctx, &enumPrivs);
if (!NT_STATUS_IS_OK(status)) {
@@ -2068,8 +2087,8 @@ static NTSTATUS dcesrv_lsa_GetSystemAccessAccount(struct dcesrv_call_state *dce_
*(r->out.access_mask) = 0x00000000;
- for (i = 0; i < enumPrivs.out.privs->count; i++) {
- int priv = enumPrivs.out.privs->set[i].luid.low;
+ for (i = 0; i < privs->count; i++) {
+ int priv = privs->set[i].luid.low;
switch (priv) {
case SEC_PRIV_INTERACTIVE_LOGON:
@@ -2695,6 +2714,7 @@ static NTSTATUS dcesrv_lsa_LookupPrivName(struct dcesrv_call_state *dce_call,
{
struct dcesrv_handle *h;
struct lsa_policy_state *state;
+ struct lsa_StringLarge *name;
const char *privname;
DCESRV_PULL_HANDLE(h, r->in.handle, LSA_HANDLE_POLICY);
@@ -2710,11 +2730,14 @@ static NTSTATUS dcesrv_lsa_LookupPrivName(struct dcesrv_call_state *dce_call,
return NT_STATUS_NO_SUCH_PRIVILEGE;
}
- r->out.name = talloc(mem_ctx, struct lsa_StringLarge);
- if (r->out.name == NULL) {
+ name = talloc(mem_ctx, struct lsa_StringLarge);
+ if (name == NULL) {
return NT_STATUS_NO_MEMORY;
}
- r->out.name->string = privname;
+
+ name->string = privname;
+
+ *r->out.name = name;
return NT_STATUS_OK;
}
@@ -2729,6 +2752,7 @@ static NTSTATUS dcesrv_lsa_LookupPrivDisplayName(struct dcesrv_call_state *dce_c
{
struct dcesrv_handle *h;
struct lsa_policy_state *state;
+ struct lsa_StringLarge *disp_name = NULL;
int id;
DCESRV_PULL_HANDLE(h, r->in.handle, LSA_HANDLE_POLICY);
@@ -2739,17 +2763,20 @@ static NTSTATUS dcesrv_lsa_LookupPrivDisplayName(struct dcesrv_call_state *dce_c
if (id == -1) {
return NT_STATUS_NO_SUCH_PRIVILEGE;
}
-
- r->out.disp_name = talloc(mem_ctx, struct lsa_StringLarge);
- if (r->out.disp_name == NULL) {
+
+ disp_name = talloc(mem_ctx, struct lsa_StringLarge);
+ if (disp_name == NULL) {
return NT_STATUS_NO_MEMORY;
}
- r->out.disp_name->string = sec_privilege_display_name(id, r->in.language_id);
- if (r->out.disp_name->string == NULL) {
+ disp_name->string = sec_privilege_display_name(id, &r->in.language_id);
+ if (disp_name->string == NULL) {
return NT_STATUS_INTERNAL_ERROR;
}
+ *r->out.disp_name = disp_name;
+ *r->out.returned_language_id = 0;
+
return NT_STATUS_OK;
}
@@ -2875,19 +2902,23 @@ static NTSTATUS dcesrv_lsa_GetUserName(struct dcesrv_call_state *dce_call, TALLO
const char *account_name;
const char *authority_name;
struct lsa_String *_account_name;
- struct lsa_StringPointer *_authority_name = NULL;
+ struct lsa_String *_authority_name = NULL;
/* this is what w2k3 does */
r->out.account_name = r->in.account_name;
r->out.authority_name = r->in.authority_name;
- if (r->in.account_name && r->in.account_name->string) {
+ if (r->in.account_name
+ && *r->in.account_name
+ /* && *(*r->in.account_name)->string */
+ ) {
return NT_STATUS_INVALID_PARAMETER;
}
- if (r->in.authority_name &&
- r->in.authority_name->string &&
- r->in.authority_name->string->string) {
+ if (r->in.authority_name
+ && *r->in.authority_name
+ /* && *(*r->in.authority_name)->string */
+ ) {
return NT_STATUS_INVALID_PARAMETER;
}
@@ -2899,15 +2930,15 @@ static NTSTATUS dcesrv_lsa_GetUserName(struct dcesrv_call_state *dce_call, TALLO
_account_name->string = account_name;
if (r->in.authority_name) {
- _authority_name = talloc(mem_ctx, struct lsa_StringPointer);
+ _authority_name = talloc(mem_ctx, struct lsa_String);
NT_STATUS_HAVE_NO_MEMORY(_authority_name);
- _authority_name->string = talloc(mem_ctx, struct lsa_String);
- NT_STATUS_HAVE_NO_MEMORY(_authority_name->string);
- _authority_name->string->string = authority_name;
+ _authority_name->string = authority_name;
}
- r->out.account_name = _account_name;
- r->out.authority_name = _authority_name;
+ *r->out.account_name = _account_name;
+ if (r->out.authority_name) {
+ *r->out.authority_name = _authority_name;
+ }
return status;
}
@@ -2930,19 +2961,21 @@ static NTSTATUS dcesrv_lsa_QueryDomainInformationPolicy(struct dcesrv_call_state
TALLOC_CTX *mem_ctx,
struct lsa_QueryDomainInformationPolicy *r)
{
- r->out.info = talloc(mem_ctx, union lsa_DomainInformationPolicy);
- if (!r->out.info) {
+ union lsa_DomainInformationPolicy *info;
+
+ info = talloc(r->out.info, union lsa_DomainInformationPolicy);
+ if (!info) {
return NT_STATUS_NO_MEMORY;
}
switch (r->in.level) {
case LSA_DOMAIN_INFO_POLICY_EFS:
- talloc_free(r->out.info);
- r->out.info = NULL;
+ talloc_free(info);
+ *r->out.info = NULL;
return NT_STATUS_OBJECT_NAME_NOT_FOUND;
case LSA_DOMAIN_INFO_POLICY_KERBEROS:
{
- struct lsa_DomainInfoKerberos *k = &r->out.info->kerberos_info;
+ struct lsa_DomainInfoKerberos *k = &info->kerberos_info;
struct smb_krb5_context *smb_krb5_context;
int ret = smb_krb5_init_context(mem_ctx,
dce_call->event_ctx,
@@ -2959,11 +2992,12 @@ static NTSTATUS dcesrv_lsa_QueryDomainInformationPolicy(struct dcesrv_call_state
k->user_tkt_renewaltime = 0; /* Need to find somewhere to store this, and query in KDC too */
k->clock_skew = krb5_get_max_time_skew(smb_krb5_context->krb5_context);
talloc_free(smb_krb5_context);
+ *r->out.info = info;
return NT_STATUS_OK;
}
default:
- talloc_free(r->out.info);
- r->out.info = NULL;
+ talloc_free(info);
+ *r->out.info = NULL;
return NT_STATUS_INVALID_INFO_CLASS;
}
}
diff --git a/source4/rpc_server/lsa/lsa_lookup.c b/source4/rpc_server/lsa/lsa_lookup.c
index 2375a6d27a..a56e7764a9 100644
--- a/source4/rpc_server/lsa/lsa_lookup.c
+++ b/source4/rpc_server/lsa/lsa_lookup.c
@@ -522,6 +522,7 @@ NTSTATUS dcesrv_lsa_LookupSids2(struct dcesrv_call_state *dce_call,
struct lsa_LookupSids2 *r)
{
struct lsa_policy_state *state;
+ struct lsa_RefDomainList *domains = NULL;
int i;
NTSTATUS status = NT_STATUS_OK;
@@ -530,7 +531,7 @@ NTSTATUS dcesrv_lsa_LookupSids2(struct dcesrv_call_state *dce_call,
return NT_STATUS_INVALID_PARAMETER;
}
- r->out.domains = NULL;
+ *r->out.domains = NULL;
/* NOTE: the WSPP test suite tries SIDs with invalid revision numbers,
and expects NT_STATUS_INVALID_PARAMETER back - we just treat it as
@@ -543,10 +544,11 @@ NTSTATUS dcesrv_lsa_LookupSids2(struct dcesrv_call_state *dce_call,
return status;
}
- r->out.domains = talloc_zero(mem_ctx, struct lsa_RefDomainList);
- if (r->out.domains == NULL) {
+ domains = talloc_zero(r->out.domains, struct lsa_RefDomainList);
+ if (domains == NULL) {
return NT_STATUS_NO_MEMORY;
}
+ *r->out.domains = domains;
r->out.names = talloc_zero(mem_ctx, struct lsa_TransNameArray2);
if (r->out.names == NULL) {
@@ -592,7 +594,7 @@ NTSTATUS dcesrv_lsa_LookupSids2(struct dcesrv_call_state *dce_call,
/* set up the authority table */
status2 = dcesrv_lsa_authority_list(state, mem_ctx, rtype,
authority_name, sid,
- r->out.domains, &sid_index);
+ domains, &sid_index);
if (!NT_STATUS_IS_OK(status2)) {
continue;
}
@@ -604,7 +606,7 @@ NTSTATUS dcesrv_lsa_LookupSids2(struct dcesrv_call_state *dce_call,
(*r->out.count)++;
}
-
+
if (*r->out.count == 0) {
return NT_STATUS_NONE_MAPPED;
}
@@ -660,6 +662,7 @@ NTSTATUS dcesrv_lsa_LookupSids3(struct dcesrv_call_state *dce_call,
r2.in.unknown2 = r->in.unknown2;
r2.out.count = r->out.count;
r2.out.names = r->out.names;
+ r2.out.domains = r->out.domains;
status = dcesrv_lsa_LookupSids2(dce_call, mem_ctx, &r2);
@@ -692,6 +695,7 @@ NTSTATUS dcesrv_lsa_LookupSids(struct dcesrv_call_state *dce_call, TALLOC_CTX *m
r2.in.unknown2 = 0;
r2.out.count = r->out.count;
r2.out.names = NULL;
+ r2.out.domains = r->out.domains;
status = dcesrv_lsa_LookupSids2(dce_call, mem_ctx, &r2);
/* we deliberately don't check for error from the above,
@@ -734,6 +738,7 @@ NTSTATUS dcesrv_lsa_LookupNames3(struct dcesrv_call_state *dce_call,
struct dcesrv_handle *policy_handle;
int i;
struct loadparm_context *lp_ctx = dce_call->conn->dce_ctx->lp_ctx;
+ struct lsa_RefDomainList *domains;
DCESRV_PULL_HANDLE(policy_handle, r->in.handle, LSA_HANDLE_POLICY);
@@ -744,12 +749,13 @@ NTSTATUS dcesrv_lsa_LookupNames3(struct dcesrv_call_state *dce_call,
policy_state = policy_handle->data;
- r->out.domains = NULL;
+ *r->out.domains = NULL;
- r->out.domains = talloc_zero(mem_ctx, struct lsa_RefDomainList);
- if (r->out.domains == NULL) {
+ domains = talloc_zero(mem_ctx, struct lsa_RefDomainList);
+ if (domains == NULL) {
return NT_STATUS_NO_MEMORY;
}
+ *r->out.domains = domains;
r->out.sids = talloc_zero(mem_ctx, struct lsa_TransSidArray3);
if (r->out.sids == NULL) {
@@ -785,7 +791,7 @@ NTSTATUS dcesrv_lsa_LookupNames3(struct dcesrv_call_state *dce_call,
}
status2 = dcesrv_lsa_authority_list(policy_state, mem_ctx, rtype, authority_name,
- sid, r->out.domains, &sid_index);
+ sid, domains, &sid_index);
if (!NT_STATUS_IS_OK(status2)) {
continue;
}
@@ -873,8 +879,9 @@ NTSTATUS dcesrv_lsa_LookupNames2(struct dcesrv_call_state *dce_call,
struct dcesrv_handle *h;
int i;
struct loadparm_context *lp_ctx = dce_call->conn->dce_ctx->lp_ctx;
+ struct lsa_RefDomainList *domains;
- r->out.domains = NULL;
+ *r->out.domains = NULL;
DCESRV_PULL_HANDLE(h, r->in.handle, LSA_HANDLE_POLICY);
@@ -885,10 +892,11 @@ NTSTATUS dcesrv_lsa_LookupNames2(struct dcesrv_call_state *dce_call,
state = h->data;
- r->out.domains = talloc_zero(mem_ctx, struct lsa_RefDomainList);
- if (r->out.domains == NULL) {
+ domains = talloc_zero(mem_ctx, struct lsa_RefDomainList);
+ if (domains == NULL) {
return NT_STATUS_NO_MEMORY;
}
+ *r->out.domains = domains;
r->out.sids = talloc_zero(mem_ctx, struct lsa_TransSidArray2);
if (r->out.sids == NULL) {
@@ -927,7 +935,7 @@ NTSTATUS dcesrv_lsa_LookupNames2(struct dcesrv_call_state *dce_call,
}
status2 = dcesrv_lsa_authority_list(state, mem_ctx, rtype, authority_name,
- sid, r->out.domains, &sid_index);
+ sid, domains, &sid_index);
if (!NT_STATUS_IS_OK(status2)) {
continue;
}
@@ -971,13 +979,13 @@ NTSTATUS dcesrv_lsa_LookupNames(struct dcesrv_call_state *dce_call, TALLOC_CTX *
r2.in.lookup_options = 0;
r2.in.client_revision = 0;
r2.out.count = r->out.count;
+ r2.out.domains = r->out.domains;
status = dcesrv_lsa_LookupNames2(dce_call, mem_ctx, &r2);
if (r2.out.sids == NULL) {
return status;
}
- r->out.domains = r2.out.domains;
r->out.sids = talloc(mem_ctx, struct lsa_TransSidArray);
if (r->out.sids == NULL) {
return NT_STATUS_NO_MEMORY;
diff --git a/source4/torture/ndr/lsa.c b/source4/torture/ndr/lsa.c
index 0d6d786882..68eb36ebbd 100644
--- a/source4/torture/ndr/lsa.c
+++ b/source4/torture/ndr/lsa.c
@@ -428,11 +428,12 @@ static const uint8_t lsarlookupnames_out_data[] = {
static bool lsarlookupnames_out_check(struct torture_context *tctx,
struct lsa_LookupNames *r)
{
+ struct lsa_RefDomainList *domains = *(r->out.domains);
torture_assert(tctx, r->out.domains != NULL, "domains ptr");
- torture_assert_int_equal(tctx, r->out.domains->count, 1, "domains count");
- torture_assert_int_equal(tctx, r->out.domains->max_size, 32, "domains size");
- torture_assert(tctx, r->out.domains->domains != NULL, "domains domains");
- torture_assert_str_equal(tctx, r->out.domains->domains[0].name.string, "BUILTIN", "domain name");
+ torture_assert_int_equal(tctx, domains->count, 1, "domains count");
+ torture_assert_int_equal(tctx, domains->max_size, 32, "domains size");
+ torture_assert(tctx, domains->domains != NULL, "domains domains");
+ torture_assert_str_equal(tctx, domains->domains[0].name.string, "BUILTIN", "domain name");
/* FIXME: SID */
torture_assert(tctx, r->out.count != NULL, "count ptr");
torture_assert_int_equal(tctx, *r->out.count, 100, "count");
@@ -1014,11 +1015,12 @@ static const uint8_t lsarlookupsids_out_data[] = {
static bool lsarlookupsids_out_check(struct torture_context *tctx,
struct lsa_LookupSids *r)
{
- torture_assert(tctx, r->out.domains != NULL, "domains");
- torture_assert_int_equal(tctx, r->out.domains->count, 1, "domains count");
- torture_assert_int_equal(tctx, r->out.domains->max_size, 32, "domains size");
- torture_assert(tctx, r->out.domains->domains != NULL, "domains domains");
- torture_assert_str_equal(tctx, r->out.domains->domains[0].name.string, "BUILTIN", "name");
+ struct lsa_RefDomainList *domains = *(r->out.domains);
+ torture_assert(tctx, domains != NULL, "domains");
+ torture_assert_int_equal(tctx, domains->count, 1, "domains count");
+ torture_assert_int_equal(tctx, domains->max_size, 32, "domains size");
+ torture_assert(tctx, domains->domains != NULL, "domains domains");
+ torture_assert_str_equal(tctx, domains->domains[0].name.string, "BUILTIN", "name");
torture_assert_ntstatus_ok(tctx, r->out.result, "return code");
return true;
}
@@ -1474,12 +1476,13 @@ static const uint8_t lsarlookupsids2_out_data[] = {
static bool lsarlookupsids2_out_check(struct torture_context *tctx,
struct lsa_LookupSids2 *r)
{
+ struct lsa_RefDomainList *domains = *(r->out.domains);
/* FIXME: Handle */
torture_assert(tctx, r->out.names != NULL, "names ptr");
torture_assert(tctx, r->out.domains != NULL, "domains ptr");
- torture_assert_int_equal(tctx, r->out.domains->count, 4, "domains count");
- torture_assert_int_equal(tctx, r->out.domains->max_size, 32, "domains size");
- torture_assert_str_equal(tctx, r->out.domains->domains[0].name.string, "NT AUTHORITY", "trust info name");
+ torture_assert_int_equal(tctx, domains->count, 4, "domains count");
+ torture_assert_int_equal(tctx, domains->max_size, 32, "domains size");
+ torture_assert_str_equal(tctx, domains->domains[0].name.string, "NT AUTHORITY", "trust info name");
torture_assert_int_equal(tctx, r->out.names->count, 7, "names count");
torture_assert_str_equal(tctx, r->out.names->names[0].name.string, "Account Operators", "name str 1");
torture_assert_str_equal(tctx, r->out.names->names[1].name.string, "Administrators", "name str 2");
@@ -1749,12 +1752,13 @@ static const uint8_t lsarlookupsids3_out_data[] = {
static bool lsarlookupsids3_out_check(struct torture_context *tctx,
struct lsa_LookupSids3 *r)
{
+ struct lsa_RefDomainList *domains = *(r->out.domains);
/* FIXME: Handle */
torture_assert(tctx, r->out.names != NULL, "names ptr");
torture_assert(tctx, r->out.domains != NULL, "domains ptr");
- torture_assert_int_equal(tctx, r->out.domains->count, 4, "domains count");
- torture_assert_int_equal(tctx, r->out.domains->max_size, 32, "domains size");
- torture_assert_str_equal(tctx, r->out.domains->domains[0].name.string, "NT AUTHORITY", "trust info name");
+ torture_assert_int_equal(tctx, domains->count, 4, "domains count");
+ torture_assert_int_equal(tctx, domains->max_size, 32, "domains size");
+ torture_assert_str_equal(tctx, domains->domains[0].name.string, "NT AUTHORITY", "trust info name");
torture_assert_int_equal(tctx, r->out.names->count, 7, "names count");
torture_assert_str_equal(tctx, r->out.names->names[0].name.string, "Account Operators", "name str 1");
torture_assert_str_equal(tctx, r->out.names->names[1].name.string, "Administrators", "name str 2");
diff --git a/source4/torture/rpc/handles.c b/source4/torture/rpc/handles.c
index f35897b3df..553025276d 100644
--- a/source4/torture/rpc/handles.c
+++ b/source4/torture/rpc/handles.c
@@ -109,6 +109,7 @@ static bool test_handles_lsa_shared(struct torture_context *torture)
struct lsa_OpenPolicy r;
struct lsa_Close c;
struct lsa_QuerySecurity qsec;
+ struct sec_desc_buf *sdbuf = NULL;
uint16_t system_name = '\\';
TALLOC_CTX *mem_ctx = talloc_new(torture);
enum dcerpc_transport_t transport;
@@ -167,6 +168,7 @@ static bool test_handles_lsa_shared(struct torture_context *torture)
qsec.in.handle = &handle;
qsec.in.sec_info = 0;
+ qsec.out.sdbuf = &sdbuf;
c.in.handle = &handle;
c.out.handle = &handle2;
diff --git a/source4/torture/rpc/lsa.c b/source4/torture/rpc/lsa.c
index 69df965f19..454afabc50 100644
--- a/source4/torture/rpc/lsa.c
+++ b/source4/torture/rpc/lsa.c
@@ -153,6 +153,7 @@ static bool test_LookupNames(struct dcerpc_pipe *p,
{
struct lsa_LookupNames r;
struct lsa_TransSidArray sids;
+ struct lsa_RefDomainList *domains = NULL;
struct lsa_String *names;
uint32_t count = 0;
NTSTATUS status;
@@ -176,6 +177,7 @@ static bool test_LookupNames(struct dcerpc_pipe *p,
r.in.count = &count;
r.out.count = &count;
r.out.sids = &sids;
+ r.out.domains = &domains;
status = dcerpc_lsa_LookupNames(p, mem_ctx, &r);
@@ -217,6 +219,7 @@ static bool test_LookupNames_bogus(struct dcerpc_pipe *p,
{
struct lsa_LookupNames r;
struct lsa_TransSidArray sids;
+ struct lsa_RefDomainList *domains = NULL;
struct lsa_String *names;
uint32_t count = 0;
NTSTATUS status;
@@ -248,6 +251,7 @@ static bool test_LookupNames_bogus(struct dcerpc_pipe *p,
r.in.count = &count;
r.out.count = &count;
r.out.sids = &sids;
+ r.out.domains = &domains;
status = dcerpc_lsa_LookupNames(p, mem_ctx, &r);
if (!NT_STATUS_EQUAL(status, NT_STATUS_NONE_MAPPED)) {
@@ -317,6 +321,7 @@ static bool test_LookupNames2(struct dcerpc_pipe *p,
{
struct lsa_LookupNames2 r;
struct lsa_TransSidArray2 sids;
+ struct lsa_RefDomainList *domains = NULL;
struct lsa_String *names;
uint32_t count = 0;
NTSTATUS status;
@@ -342,6 +347,7 @@ static bool test_LookupNames2(struct dcerpc_pipe *p,
r.in.client_revision = 0;
r.out.count = &count;
r.out.sids = &sids;
+ r.out.domains = &domains;
status = dcerpc_lsa_LookupNames2(p, mem_ctx, &r);
if (!NT_STATUS_IS_OK(status)) {
@@ -362,6 +368,7 @@ static bool test_LookupNames3(struct dcerpc_pipe *p,
{
struct lsa_LookupNames3 r;
struct lsa_TransSidArray3 sids;
+ struct lsa_RefDomainList *domains = NULL;
struct lsa_String *names;
uint32_t count = 0;
NTSTATUS status;
@@ -387,6 +394,7 @@ static bool test_LookupNames3(struct dcerpc_pipe *p,
r.in.client_revision = 0;
r.out.count = &count;
r.out.sids = &sids;
+ r.out.domains = &domains;
status = dcerpc_lsa_LookupNames3(p, mem_ctx, &r);
if (!NT_STATUS_IS_OK(status)) {
@@ -405,6 +413,7 @@ static bool test_LookupNames4(struct dcerpc_pipe *p,
{
struct lsa_LookupNames4 r;
struct lsa_TransSidArray3 sids;
+ struct lsa_RefDomainList *domains = NULL;
struct lsa_String *names;
uint32_t count = 0;
NTSTATUS status;
@@ -429,6 +438,7 @@ static bool test_LookupNames4(struct dcerpc_pipe *p,
r.in.client_revision = 0;
r.out.count = &count;
r.out.sids = &sids;
+ r.out.domains = &domains;
status = dcerpc_lsa_LookupNames4(p, mem_ctx, &r);
if (!NT_STATUS_IS_OK(status)) {
@@ -449,6 +459,7 @@ static bool test_LookupSids(struct dcerpc_pipe *p,
{
struct lsa_LookupSids r;
struct lsa_TransNameArray names;
+ struct lsa_RefDomainList *domains = NULL;
uint32_t count = sids->num_sids;
NTSTATUS status;
@@ -464,6 +475,7 @@ static bool test_LookupSids(struct dcerpc_pipe *p,
r.in.count = &count;
r.out.count = &count;
r.out.names = &names;
+ r.out.domains = &domains;
status = dcerpc_lsa_LookupSids(p, mem_ctx, &r);
if (!NT_STATUS_IS_OK(status)) {
@@ -488,6 +500,7 @@ static bool test_LookupSids2(struct dcerpc_pipe *p,
{
struct lsa_LookupSids2 r;
struct lsa_TransNameArray2 names;
+ struct lsa_RefDomainList *domains = NULL;
uint32_t count = sids->num_sids;
NTSTATUS status;
@@ -505,6 +518,7 @@ static bool test_LookupSids2(struct dcerpc_pipe *p,
r.in.unknown2 = 0;
r.out.count = &count;
r.out.names = &names;
+ r.out.domains = &domains;
status = dcerpc_lsa_LookupSids2(p, mem_ctx, &r);
if (!NT_STATUS_IS_OK(status)) {
@@ -531,6 +545,7 @@ static bool test_LookupSids3(struct dcerpc_pipe *p,
{
struct lsa_LookupSids3 r;
struct lsa_TransNameArray2 names;
+ struct lsa_RefDomainList *domains = NULL;
uint32_t count = sids->num_sids;
NTSTATUS status;
@@ -545,6 +560,7 @@ static bool test_LookupSids3(struct dcerpc_pipe *p,
r.in.count = &count;
r.in.unknown1 = 0;
r.in.unknown2 = 0;
+ r.out.domains = &domains;
r.out.count = &count;
r.out.names = &names;
@@ -594,6 +610,7 @@ bool test_many_LookupSids(struct dcerpc_pipe *p,
if (handle) {
struct lsa_LookupSids r;
struct lsa_TransNameArray names;
+ struct lsa_RefDomainList *domains = NULL;
names.count = 0;
names.names = NULL;
@@ -604,6 +621,7 @@ bool test_many_LookupSids(struct dcerpc_pipe *p,
r.in.count = &names.count;
r.out.count = &count;
r.out.names = &names;
+ r.out.domains = &domains;
status = dcerpc_lsa_LookupSids(p, mem_ctx, &r);
if (!NT_STATUS_IS_OK(status)) {
@@ -619,6 +637,7 @@ bool test_many_LookupSids(struct dcerpc_pipe *p,
} else if (p->conn->security_state.auth_info->auth_type == DCERPC_AUTH_TYPE_SCHANNEL &&
p->conn->security_state.auth_info->auth_level >= DCERPC_AUTH_LEVEL_INTEGRITY) {
struct lsa_LookupSids3 r;
+ struct lsa_RefDomainList *domains = NULL;
struct lsa_TransNameArray2 names;
names.count = 0;
@@ -634,6 +653,7 @@ bool test_many_LookupSids(struct dcerpc_pipe *p,
r.in.unknown2 = 0;
r.out.count = &count;
r.out.names = &names;
+ r.out.domains = &domains;
status = dcerpc_lsa_LookupSids3(p, mem_ctx, &r);
if (!NT_STATUS_IS_OK(status)) {
@@ -683,6 +703,7 @@ static bool test_LookupSids_async(struct dcerpc_pipe *p,
uint32_t *count;
struct lsa_TransNameArray *names;
struct lsa_LookupSids *r;
+ struct lsa_RefDomainList *domains = NULL;
struct rpc_request **req;
int i, replies;
bool ret = true;
@@ -714,6 +735,7 @@ static bool test_LookupSids_async(struct dcerpc_pipe *p,
r[i].in.count = &names[i].count;
r[i].out.count = &count[i];
r[i].out.names = &names[i];
+ r[i].out.domains = &domains;
req[i] = dcerpc_lsa_LookupSids_send(p, req, &r[i]);
if (req[i] == NULL) {
@@ -767,9 +789,11 @@ static bool test_LookupPrivName(struct dcerpc_pipe *p,
{
NTSTATUS status;
struct lsa_LookupPrivName r;
+ struct lsa_StringLarge *name = NULL;
r.in.handle = handle;
r.in.luid = luid;
+ r.out.name = &name;
status = dcerpc_lsa_LookupPrivName(p, mem_ctx, &r);
if (!NT_STATUS_IS_OK(status)) {
@@ -807,22 +831,24 @@ static bool test_RemovePrivilegesFromAccount(struct dcerpc_pipe *p,
if (!NT_STATUS_IS_OK(status)) {
struct lsa_LookupPrivName r_name;
+ struct lsa_StringLarge *name = NULL;
r_name.in.handle = handle;
r_name.in.luid = luid;
-
+ r_name.out.name = &name;
+
status = dcerpc_lsa_LookupPrivName(p, mem_ctx, &r_name);
if (!NT_STATUS_IS_OK(status)) {
printf("\nLookupPrivName failed - %s\n", nt_errstr(status));
return false;
}
/* Windows 2008 does not allow this to be removed */
- if (strcmp("SeAuditPrivilege", r_name.out.name->string) == 0) {
+ if (strcmp("SeAuditPrivilege", name->string) == 0) {
return ret;
}
printf("RemovePrivilegesFromAccount failed to remove %s - %s\n",
- r_name.out.name->string,
+ name->string,
nt_errstr(status));
return false;
}
@@ -867,11 +893,13 @@ static bool test_EnumPrivsAccount(struct dcerpc_pipe *p,
{
NTSTATUS status;
struct lsa_EnumPrivsAccount r;
+ struct lsa_PrivilegeSet *privs = NULL;
bool ret = true;
printf("\nTesting EnumPrivsAccount\n");
r.in.handle = acct_handle;
+ r.out.privs = &privs;
status = dcerpc_lsa_EnumPrivsAccount(p, mem_ctx, &r);
if (!NT_STATUS_IS_OK(status)) {
@@ -879,17 +907,17 @@ static bool test_EnumPrivsAccount(struct dcerpc_pipe *p,
return false;
}
- if (r.out.privs && r.out.privs->count > 0) {
+ if (privs && privs->count > 0) {
int i;
- for (i=0;i<r.out.privs->count;i++) {
+ for (i=0;i<privs->count;i++) {
test_LookupPrivName(p, mem_ctx, handle,
- &r.out.privs->set[i].luid);
+ &privs->set[i].luid);
}
ret &= test_RemovePrivilegesFromAccount(p, mem_ctx, handle, acct_handle,
- &r.out.privs->set[0].luid);
+ &privs->set[0].luid);
ret &= test_AddPrivilegesToAccount(p, mem_ctx, acct_handle,
- &r.out.privs->set[0].luid);
+ &privs->set[0].luid);
}
return ret;
@@ -1462,6 +1490,7 @@ static bool test_QuerySecurity(struct dcerpc_pipe *p,
{
NTSTATUS status;
struct lsa_QuerySecurity r;
+ struct sec_desc_buf *sdbuf = NULL;
if (torture_setting_bool(tctx, "samba4", false)) {
printf("\nskipping QuerySecurity test against Samba4\n");
@@ -1472,6 +1501,7 @@ static bool test_QuerySecurity(struct dcerpc_pipe *p,
r.in.handle = acct_handle;
r.in.sec_info = 7;
+ r.out.sdbuf = &sdbuf;
status = dcerpc_lsa_QuerySecurity(p, tctx, &r);
if (!NT_STATUS_IS_OK(status)) {
@@ -1602,14 +1632,17 @@ static bool test_LookupPrivDisplayName(struct dcerpc_pipe *p,
/* produce a reasonable range of language output without screwing up
terminals */
uint16_t language_id = (random() % 4) + 0x409;
+ uint16_t returned_language_id = 0;
+ struct lsa_StringLarge *disp_name = NULL;
printf("\nTesting LookupPrivDisplayName(%s)\n", priv_name->string);
r.in.handle = handle;
r.in.name = priv_name;
- r.in.language_id = &language_id;
- r.out.language_id = &language_id;
- r.in.unknown = 0;
+ r.in.language_id = language_id;
+ r.in.language_id_sys = 0;
+ r.out.returned_language_id = &returned_language_id;
+ r.out.disp_name = &disp_name;
status = dcerpc_lsa_LookupPrivDisplayName(p, mem_ctx, &r);
if (!NT_STATUS_IS_OK(status)) {
@@ -1617,8 +1650,8 @@ static bool test_LookupPrivDisplayName(struct dcerpc_pipe *p,
return false;
}
printf("%s -> \"%s\" (language 0x%x/0x%x)\n",
- priv_name->string, r.out.disp_name->string,
- *r.in.language_id, *r.out.language_id);
+ priv_name->string, disp_name->string,
+ r.in.language_id, *r.out.returned_language_id);
return true;
}
@@ -1794,7 +1827,7 @@ static bool test_query_each_TrustDom(struct dcerpc_pipe *p,
for (j=0; j < ARRAY_SIZE(levels); j++) {
struct lsa_QueryTrustedDomainInfo q;
- union lsa_TrustedDomainInfo info;
+ union lsa_TrustedDomainInfo *info = NULL;
q.in.trustdom_handle = &trustdom_handle;
q.in.level = levels[j];
q.out.info = &info;
@@ -1827,7 +1860,7 @@ static bool test_query_each_TrustDom(struct dcerpc_pipe *p,
for (j=0; j < ARRAY_SIZE(levels); j++) {
struct lsa_QueryTrustedDomainInfoBySid q;
- union lsa_TrustedDomainInfo info;
+ union lsa_TrustedDomainInfo *info = NULL;
if (!domains->domains[i].sid) {
continue;
@@ -1837,6 +1870,7 @@ static bool test_query_each_TrustDom(struct dcerpc_pipe *p,
q.in.dom_sid = domains->domains[i].sid;
q.in.level = levels[j];
q.out.info = &info;
+
status = dcerpc_lsa_QueryTrustedDomainInfoBySid(p, mem_ctx, &q);
if (!NT_STATUS_IS_OK(status) && ok[j]) {
printf("QueryTrustedDomainInfoBySid level %d failed - %s\n",
@@ -1864,7 +1898,7 @@ static bool test_query_each_TrustDom(struct dcerpc_pipe *p,
for (j=0; j < ARRAY_SIZE(levels); j++) {
struct lsa_QueryTrustedDomainInfo q;
- union lsa_TrustedDomainInfo info;
+ union lsa_TrustedDomainInfo *info = NULL;
q.in.trustdom_handle = &trustdom_handle;
q.in.level = levels[j];
q.out.info = &info;
@@ -1891,9 +1925,13 @@ static bool test_query_each_TrustDom(struct dcerpc_pipe *p,
for (j=0; j < ARRAY_SIZE(levels); j++) {
struct lsa_QueryTrustedDomainInfoByName q;
- union lsa_TrustedDomainInfo info;
+ union lsa_TrustedDomainInfo *info = NULL;
+ struct lsa_String name;
+
+ name.string = domains->domains[i].name.string;
+
q.in.handle = handle;
- q.in.trusted_domain.string = domains->domains[i].name.string;
+ q.in.trusted_domain = &name;
q.in.level = levels[j];
q.out.info = &info;
status = dcerpc_lsa_QueryTrustedDomainInfoByName(p, mem_ctx, &q);
@@ -2055,6 +2093,7 @@ static bool test_CreateTrustedDomain(struct dcerpc_pipe *p,
struct dom_sid *domsid[12];
struct policy_handle trustdom_handle[12];
struct lsa_QueryTrustedDomainInfo q;
+ union lsa_TrustedDomainInfo *info = NULL;
int i;
printf("\nTesting CreateTrustedDomain for 12 domains\n");
@@ -2089,6 +2128,7 @@ static bool test_CreateTrustedDomain(struct dcerpc_pipe *p,
q.in.trustdom_handle = &trustdom_handle[i];
q.in.level = LSA_TRUSTED_DOMAIN_INFO_INFO_EX;
+ q.out.info = &info;
status = dcerpc_lsa_QueryTrustedDomainInfo(p, mem_ctx, &q);
if (!NT_STATUS_IS_OK(status)) {
printf("QueryTrustedDomainInfo level 1 failed - %s\n", nt_errstr(status));
@@ -2096,24 +2136,24 @@ static bool test_CreateTrustedDomain(struct dcerpc_pipe *p,
} else if (!q.out.info) {
ret = false;
} else {
- if (strcmp(q.out.info->info_ex.netbios_name.string, trustinfo.name.string) != 0) {
+ if (strcmp(info->info_ex.netbios_name.string, trustinfo.name.string) != 0) {
printf("QueryTrustedDomainInfo returned inconsistant short name: %s != %s\n",
- q.out.info->info_ex.netbios_name.string, trustinfo.name.string);
+ info->info_ex.netbios_name.string, trustinfo.name.string);
ret = false;
}
- if (q.out.info->info_ex.trust_type != LSA_TRUST_TYPE_DOWNLEVEL) {
+ if (info->info_ex.trust_type != LSA_TRUST_TYPE_DOWNLEVEL) {
printf("QueryTrustedDomainInfo of %s returned incorrect trust type %d != %d\n",
- trust_name, q.out.info->info_ex.trust_type, LSA_TRUST_TYPE_DOWNLEVEL);
+ trust_name, info->info_ex.trust_type, LSA_TRUST_TYPE_DOWNLEVEL);
ret = false;
}
- if (q.out.info->info_ex.trust_attributes != 0) {
+ if (info->info_ex.trust_attributes != 0) {
printf("QueryTrustedDomainInfo of %s returned incorrect trust attributes %d != %d\n",
- trust_name, q.out.info->info_ex.trust_attributes, 0);
+ trust_name, info->info_ex.trust_attributes, 0);
ret = false;
}
- if (q.out.info->info_ex.trust_direction != LSA_TRUST_DIRECTION_OUTBOUND) {
+ if (info->info_ex.trust_direction != LSA_TRUST_DIRECTION_OUTBOUND) {
printf("QueryTrustedDomainInfo of %s returned incorrect trust direction %d != %d\n",
- trust_name, q.out.info->info_ex.trust_direction, LSA_TRUST_DIRECTION_OUTBOUND);
+ trust_name, info->info_ex.trust_direction, LSA_TRUST_DIRECTION_OUTBOUND);
ret = false;
}
}
@@ -2149,6 +2189,7 @@ static bool test_CreateTrustedDomainEx2(struct dcerpc_pipe *p,
struct dom_sid *domsid[12];
struct policy_handle trustdom_handle[12];
struct lsa_QueryTrustedDomainInfo q;
+ union lsa_TrustedDomainInfo *info = NULL;
DATA_BLOB session_key;
enum ndr_err_code ndr_err;
int i;
@@ -2221,6 +2262,7 @@ static bool test_CreateTrustedDomainEx2(struct dcerpc_pipe *p,
q.in.trustdom_handle = &trustdom_handle[i];
q.in.level = LSA_TRUSTED_DOMAIN_INFO_INFO_EX;
+ q.out.info = &info;
status = dcerpc_lsa_QueryTrustedDomainInfo(p, mem_ctx, &q);
if (!NT_STATUS_IS_OK(status)) {
printf("QueryTrustedDomainInfo level 1 failed - %s\n", nt_errstr(status));
@@ -2229,24 +2271,24 @@ static bool test_CreateTrustedDomainEx2(struct dcerpc_pipe *p,
printf("QueryTrustedDomainInfo level 1 failed to return an info pointer\n");
ret = false;
} else {
- if (strcmp(q.out.info->info_ex.netbios_name.string, trustinfo.netbios_name.string) != 0) {
+ if (strcmp(info->info_ex.netbios_name.string, trustinfo.netbios_name.string) != 0) {
printf("QueryTrustedDomainInfo returned inconsistant short name: %s != %s\n",
- q.out.info->info_ex.netbios_name.string, trustinfo.netbios_name.string);
+ info->info_ex.netbios_name.string, trustinfo.netbios_name.string);
ret = false;
}
- if (q.out.info->info_ex.trust_type != trustinfo.trust_type) {
+ if (info->info_ex.trust_type != trustinfo.trust_type) {
printf("QueryTrustedDomainInfo of %s returned incorrect trust type %d != %d\n",
- trust_name, q.out.info->info_ex.trust_type, trustinfo.trust_type);
+ trust_name, info->info_ex.trust_type, trustinfo.trust_type);
ret = false;
}
- if (q.out.info->info_ex.trust_attributes != LSA_TRUST_ATTRIBUTE_USES_RC4_ENCRYPTION) {
+ if (info->info_ex.trust_attributes != LSA_TRUST_ATTRIBUTE_USES_RC4_ENCRYPTION) {
printf("QueryTrustedDomainInfo of %s returned incorrect trust attributes %d != %d\n",
- trust_name, q.out.info->info_ex.trust_attributes, LSA_TRUST_ATTRIBUTE_USES_RC4_ENCRYPTION);
+ trust_name, info->info_ex.trust_attributes, LSA_TRUST_ATTRIBUTE_USES_RC4_ENCRYPTION);
ret = false;
}
- if (q.out.info->info_ex.trust_direction != trustinfo.trust_direction) {
+ if (info->info_ex.trust_direction != trustinfo.trust_direction) {
printf("QueryTrustedDomainInfo of %s returned incorrect trust direction %d != %d\n",
- trust_name, q.out.info->info_ex.trust_direction, trustinfo.trust_direction);
+ trust_name, info->info_ex.trust_direction, trustinfo.trust_direction);
ret = false;
}
}
@@ -2274,6 +2316,7 @@ static bool test_QueryDomainInfoPolicy(struct dcerpc_pipe *p,
struct policy_handle *handle)
{
struct lsa_QueryDomainInformationPolicy r;
+ union lsa_DomainInformationPolicy *info = NULL;
NTSTATUS status;
int i;
bool ret = true;
@@ -2283,6 +2326,7 @@ static bool test_QueryDomainInfoPolicy(struct dcerpc_pipe *p,
for (i=2;i<4;i++) {
r.in.handle = handle;
r.in.level = i;
+ r.out.info = &info;
printf("\nTrying QueryDomainInformationPolicy level %d\n", i);
@@ -2308,6 +2352,7 @@ static bool test_QueryInfoPolicyCalls( bool version2,
struct policy_handle *handle)
{
struct lsa_QueryInfoPolicy r;
+ union lsa_PolicyInformation *info = NULL;
NTSTATUS status;
int i;
bool ret = true;
@@ -2320,6 +2365,7 @@ static bool test_QueryInfoPolicyCalls( bool version2,
for (i=1;i<=14;i++) {
r.in.handle = handle;
r.in.level = i;
+ r.out.info = &info;
if (version2)
printf("\nTrying QueryInfoPolicy2 level %d\n", i);
@@ -2389,33 +2435,33 @@ static bool test_QueryInfoPolicyCalls( bool version2,
struct lsa_TransNameArray tnames;
tnames.count = 14;
tnames.names = talloc_zero_array(tctx, struct lsa_TranslatedName, tnames.count);
- tnames.names[0].name.string = r.out.info->dns.name.string;
+ tnames.names[0].name.string = info->dns.name.string;
tnames.names[0].sid_type = SID_NAME_DOMAIN;
- tnames.names[1].name.string = r.out.info->dns.dns_domain.string;
+ tnames.names[1].name.string = info->dns.dns_domain.string;
tnames.names[1].sid_type = SID_NAME_DOMAIN;
- tnames.names[2].name.string = talloc_asprintf(tctx, "%s\\", r.out.info->dns.name.string);
+ tnames.names[2].name.string = talloc_asprintf(tctx, "%s\\", info->dns.name.string);
tnames.names[2].sid_type = SID_NAME_DOMAIN;
- tnames.names[3].name.string = talloc_asprintf(tctx, "%s\\", r.out.info->dns.dns_domain.string);
+ tnames.names[3].name.string = talloc_asprintf(tctx, "%s\\", info->dns.dns_domain.string);
tnames.names[3].sid_type = SID_NAME_DOMAIN;
- tnames.names[4].name.string = talloc_asprintf(tctx, "%s\\guest", r.out.info->dns.name.string);
+ tnames.names[4].name.string = talloc_asprintf(tctx, "%s\\guest", info->dns.name.string);
tnames.names[4].sid_type = SID_NAME_USER;
- tnames.names[5].name.string = talloc_asprintf(tctx, "%s\\krbtgt", r.out.info->dns.name.string);
+ tnames.names[5].name.string = talloc_asprintf(tctx, "%s\\krbtgt", info->dns.name.string);
tnames.names[5].sid_type = SID_NAME_USER;
- tnames.names[6].name.string = talloc_asprintf(tctx, "%s\\guest", r.out.info->dns.dns_domain.string);
+ tnames.names[6].name.string = talloc_asprintf(tctx, "%s\\guest", info->dns.dns_domain.string);
tnames.names[6].sid_type = SID_NAME_USER;
- tnames.names[7].name.string = talloc_asprintf(tctx, "%s\\krbtgt", r.out.info->dns.dns_domain.string);
+ tnames.names[7].name.string = talloc_asprintf(tctx, "%s\\krbtgt", info->dns.dns_domain.string);
tnames.names[7].sid_type = SID_NAME_USER;
- tnames.names[8].name.string = talloc_asprintf(tctx, "krbtgt@%s", r.out.info->dns.name.string);
+ tnames.names[8].name.string = talloc_asprintf(tctx, "krbtgt@%s", info->dns.name.string);
tnames.names[8].sid_type = SID_NAME_USER;
- tnames.names[9].name.string = talloc_asprintf(tctx, "krbtgt@%s", r.out.info->dns.dns_domain.string);
+ tnames.names[9].name.string = talloc_asprintf(tctx, "krbtgt@%s", info->dns.dns_domain.string);
tnames.names[9].sid_type = SID_NAME_USER;
- tnames.names[10].name.string = talloc_asprintf(tctx, "%s\\"TEST_MACHINENAME "$", r.out.info->dns.name.string);
+ tnames.names[10].name.string = talloc_asprintf(tctx, "%s\\"TEST_MACHINENAME "$", info->dns.name.string);
tnames.names[10].sid_type = SID_NAME_USER;
- tnames.names[11].name.string = talloc_asprintf(tctx, "%s\\"TEST_MACHINENAME "$", r.out.info->dns.dns_domain.string);
+ tnames.names[11].name.string = talloc_asprintf(tctx, "%s\\"TEST_MACHINENAME "$", info->dns.dns_domain.string);
tnames.names[11].sid_type = SID_NAME_USER;
- tnames.names[12].name.string = talloc_asprintf(tctx, TEST_MACHINENAME "$@%s", r.out.info->dns.name.string);
+ tnames.names[12].name.string = talloc_asprintf(tctx, TEST_MACHINENAME "$@%s", info->dns.name.string);
tnames.names[12].sid_type = SID_NAME_USER;
- tnames.names[13].name.string = talloc_asprintf(tctx, TEST_MACHINENAME "$@%s", r.out.info->dns.dns_domain.string);
+ tnames.names[13].name.string = talloc_asprintf(tctx, TEST_MACHINENAME "$@%s", info->dns.dns_domain.string);
tnames.names[13].sid_type = SID_NAME_USER;
ret &= test_LookupNames(p, tctx, handle, &tnames);
@@ -2444,14 +2490,27 @@ static bool test_GetUserName(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx)
struct lsa_GetUserName r;
NTSTATUS status;
bool ret = true;
- struct lsa_StringPointer authority_name_p;
+ struct lsa_String *authority_name_p = NULL;
+ struct lsa_String *account_name_p = NULL;
printf("\nTesting GetUserName\n");
- r.in.system_name = "\\";
- r.in.account_name = NULL;
- r.in.authority_name = &authority_name_p;
- authority_name_p.string = NULL;
+ r.in.system_name = "\\";
+ r.in.account_name = &account_name_p;
+ r.in.authority_name = NULL;
+ r.out.account_name = &account_name_p;
+
+ status = dcerpc_lsa_GetUserName(p, mem_ctx, &r);
+
+ if (!NT_STATUS_IS_OK(status)) {
+ printf("GetUserName failed - %s\n", nt_errstr(status));
+ ret = false;
+ }
+
+ account_name_p = NULL;
+ r.in.account_name = &account_name_p;
+ r.in.authority_name = &authority_name_p;
+ r.out.account_name = &account_name_p;
status = dcerpc_lsa_GetUserName(p, mem_ctx, &r);
diff --git a/source4/torture/rpc/lsa_lookup.c b/source4/torture/rpc/lsa_lookup.c
index 9c817a7061..0124ce1741 100644
--- a/source4/torture/rpc/lsa_lookup.c
+++ b/source4/torture/rpc/lsa_lookup.c
@@ -66,15 +66,17 @@ static bool get_domainsid(TALLOC_CTX *mem_ctx, struct dcerpc_pipe *p,
struct dom_sid **sid)
{
struct lsa_QueryInfoPolicy r;
+ union lsa_PolicyInformation *info = NULL;
NTSTATUS status;
r.in.level = LSA_POLICY_INFO_DOMAIN;
r.in.handle = handle;
+ r.out.info = &info;
status = dcerpc_lsa_QueryInfoPolicy(p, mem_ctx, &r);
if (!NT_STATUS_IS_OK(status)) return false;
- *sid = r.out.info->domain.sid;
+ *sid = info->domain.sid;
return true;
}
@@ -192,6 +194,7 @@ static bool get_downleveltrust(struct torture_context *tctx, struct dcerpc_pipe
for (i=0; i<domains.count; i++) {
struct lsa_QueryTrustedDomainInfoBySid q;
+ union lsa_TrustedDomainInfo *info = NULL;
if (domains.domains[i].sid == NULL)
continue;
@@ -199,11 +202,13 @@ static bool get_downleveltrust(struct torture_context *tctx, struct dcerpc_pipe
q.in.handle = handle;
q.in.dom_sid = domains.domains[i].sid;
q.in.level = 6;
+ q.out.info = &info;
+
status = dcerpc_lsa_QueryTrustedDomainInfoBySid(p, tctx, &q);
if (!NT_STATUS_IS_OK(status)) continue;
- if ((q.out.info->info_ex.trust_direction & 2) &&
- (q.out.info->info_ex.trust_type == 1)) {
+ if ((info->info_ex.trust_direction & 2) &&
+ (info->info_ex.trust_type == 1)) {
*sid = domains.domains[i].sid;
return true;
}
diff --git a/source4/torture/rpc/object_uuid.c b/source4/torture/rpc/object_uuid.c
index 5a77bd1c29..69905169af 100644
--- a/source4/torture/rpc/object_uuid.c
+++ b/source4/torture/rpc/object_uuid.c
@@ -39,7 +39,8 @@ static bool test_random_uuid(struct torture_context *torture)
struct GUID uuid;
struct dssetup_DsRoleGetPrimaryDomainInformation r1;
struct lsa_GetUserName r2;
- struct lsa_StringPointer authority_name_p;
+ struct lsa_String *authority_name_p = NULL;
+ struct lsa_String *account_name_p = NULL;
torture_comment(torture, "RPC-OBJECTUUID-RANDOM\n");
@@ -63,9 +64,10 @@ static bool test_random_uuid(struct torture_context *torture)
uuid = GUID_random();
r2.in.system_name = "\\";
- r2.in.account_name = NULL;
+ r2.in.account_name = &account_name_p;
r2.in.authority_name = &authority_name_p;
- authority_name_p.string = NULL;
+ r2.out.account_name = &account_name_p;
+ r2.out.authority_name = &authority_name_p;
req = dcerpc_ndr_request_send(p2, &uuid,
&ndr_table_lsarpc,
diff --git a/source4/torture/rpc/samba3rpc.c b/source4/torture/rpc/samba3rpc.c
index 85714ace13..a45397de46 100644
--- a/source4/torture/rpc/samba3rpc.c
+++ b/source4/torture/rpc/samba3rpc.c
@@ -208,6 +208,7 @@ static bool bindtest(struct smbcli_state *cli,
struct lsa_ObjectAttribute objectattr;
struct lsa_OpenPolicy2 openpolicy;
struct lsa_QueryInfoPolicy query;
+ union lsa_PolicyInformation *info = NULL;
struct policy_handle handle;
struct lsa_Close close_handle;
@@ -256,6 +257,7 @@ static bool bindtest(struct smbcli_state *cli,
query.in.handle = &handle;
query.in.level = LSA_POLICY_INFO_DOMAIN;
+ query.out.info = &info;
status = dcerpc_lsa_QueryInfoPolicy(lsa_pipe, mem_ctx, &query);
if (!NT_STATUS_IS_OK(status)) {
@@ -1500,6 +1502,7 @@ static struct dom_sid *name2sid(TALLOC_CTX *mem_ctx,
struct policy_handle handle;
struct lsa_LookupNames l;
struct lsa_TransSidArray sids;
+ struct lsa_RefDomainList *domains = NULL;
struct lsa_String lsa_name;
uint32_t count = 0;
struct dom_sid *result;
@@ -1546,6 +1549,7 @@ static struct dom_sid *name2sid(TALLOC_CTX *mem_ctx,
l.in.count = &count;
l.out.count = &count;
l.out.sids = &sids;
+ l.out.domains = &domains;
status = dcerpc_lsa_LookupNames(p, tmp_ctx, &l);
if (!NT_STATUS_IS_OK(status)) {
@@ -1555,7 +1559,7 @@ static struct dom_sid *name2sid(TALLOC_CTX *mem_ctx,
return NULL;
}
- result = dom_sid_add_rid(mem_ctx, l.out.domains->domains[0].sid,
+ result = dom_sid_add_rid(mem_ctx, domains->domains[0].sid,
l.out.sids->sids[0].rid);
c.in.handle = &handle;
@@ -1583,7 +1587,8 @@ static struct dom_sid *whoami(TALLOC_CTX *mem_ctx,
struct dcerpc_pipe *lsa;
struct lsa_GetUserName r;
NTSTATUS status;
- struct lsa_StringPointer authority_name_p;
+ struct lsa_String *authority_name_p = NULL;
+ struct lsa_String *account_name_p = NULL;
struct dom_sid *result;
status = pipe_bind_smb(mem_ctx, lp_ctx, tree, "\\pipe\\lsarpc",
@@ -1595,12 +1600,14 @@ static struct dom_sid *whoami(TALLOC_CTX *mem_ctx,
}
r.in.system_name = "\\";
- r.in.account_name = NULL;
- authority_name_p.string = NULL;
+ r.in.account_name = &account_name_p;
r.in.authority_name = &authority_name_p;
+ r.out.account_name = &account_name_p;
status = dcerpc_lsa_GetUserName(lsa, mem_ctx, &r);
+ authority_name_p = *r.out.authority_name;
+
if (!NT_STATUS_IS_OK(status)) {
printf("(%s) GetUserName failed - %s\n",
__location__, nt_errstr(status));
@@ -1608,8 +1615,8 @@ static struct dom_sid *whoami(TALLOC_CTX *mem_ctx,
return NULL;
}
- result = name2sid(mem_ctx, lsa, r.out.account_name->string,
- r.out.authority_name->string->string);
+ result = name2sid(mem_ctx, lsa, account_name_p->string,
+ authority_name_p->string);
talloc_free(lsa);
return result;
@@ -2388,8 +2395,10 @@ bool torture_samba3_rpc_lsa(struct torture_context *torture)
for (i=0; i<ARRAY_SIZE(levels); i++) {
struct lsa_QueryInfoPolicy r;
+ union lsa_PolicyInformation *info = NULL;
r.in.handle = &lsa_handle;
r.in.level = levels[i];
+ r.out.info = &info;
status = dcerpc_lsa_QueryInfoPolicy(p, mem_ctx, &r);
if (!NT_STATUS_IS_OK(status)) {
d_printf("(%s) dcerpc_lsa_QueryInfoPolicy %d "
@@ -2399,7 +2408,7 @@ bool torture_samba3_rpc_lsa(struct torture_context *torture)
return false;
}
if (levels[i] == 5) {
- domain_sid = r.out.info->account_domain.sid;
+ domain_sid = info->account_domain.sid;
}
}
}
diff --git a/source4/torture/rpc/samsync.c b/source4/torture/rpc/samsync.c
index 2d2aaa80d6..fdd86da28c 100644
--- a/source4/torture/rpc/samsync.c
+++ b/source4/torture/rpc/samsync.c
@@ -204,10 +204,12 @@ static struct sec_desc_buf *samsync_query_lsa_sec_desc(TALLOC_CTX *mem_ctx,
struct policy_handle *handle)
{
struct lsa_QuerySecurity r;
+ struct sec_desc_buf *sdbuf = NULL;
NTSTATUS status;
r.in.handle = handle;
r.in.sec_info = 0x7;
+ r.out.sdbuf = &sdbuf;
status = dcerpc_lsa_QuerySecurity(samsync_state->p_lsa, mem_ctx, &r);
if (!NT_STATUS_IS_OK(status)) {
@@ -215,7 +217,7 @@ static struct sec_desc_buf *samsync_query_lsa_sec_desc(TALLOC_CTX *mem_ctx,
return NULL;
}
- return r.out.sdbuf;
+ return sdbuf;
}
#define TEST_UINT64_EQUAL(i1, i2) do {\
@@ -965,6 +967,7 @@ static bool samsync_handle_trusted_domain(TALLOC_CTX *mem_ctx, struct samsync_st
struct policy_handle trustdom_handle;
struct lsa_QueryTrustedDomainInfo q;
union lsa_TrustedDomainInfo *info[9];
+ union lsa_TrustedDomainInfo *_info = NULL;
int levels [] = {1, 3, 8};
int i;
@@ -985,6 +988,7 @@ static bool samsync_handle_trusted_domain(TALLOC_CTX *mem_ctx, struct samsync_st
for (i=0; i< ARRAY_SIZE(levels); i++) {
q.in.trustdom_handle = &trustdom_handle;
q.in.level = levels[i];
+ q.out.info = &_info;
status = dcerpc_lsa_QueryTrustedDomainInfo(samsync_state->p_lsa, mem_ctx, &q);
if (!NT_STATUS_IS_OK(status)) {
if (q.in.level == 8 && NT_STATUS_EQUAL(status,NT_STATUS_INVALID_PARAMETER)) {
@@ -995,7 +999,7 @@ static bool samsync_handle_trusted_domain(TALLOC_CTX *mem_ctx, struct samsync_st
levels[i], nt_errstr(status));
return false;
}
- info[levels[i]] = q.out.info;
+ info[levels[i]] = _info;
}
if (info[8]) {
@@ -1025,6 +1029,7 @@ static bool samsync_handle_account(TALLOC_CTX *mem_ctx, struct samsync_state *sa
struct lsa_OpenAccount a;
struct policy_handle acct_handle;
struct lsa_EnumPrivsAccount e;
+ struct lsa_PrivilegeSet *privs = NULL;
struct lsa_LookupPrivName r;
int i, j;
@@ -1047,6 +1052,7 @@ static bool samsync_handle_account(TALLOC_CTX *mem_ctx, struct samsync_state *sa
found_priv_in_lsa = talloc_zero_array(mem_ctx, bool, account->privilege_entries);
e.in.handle = &acct_handle;
+ e.out.privs = &privs;
status = dcerpc_lsa_EnumPrivsAccount(samsync_state->p_lsa, mem_ctx, &e);
if (!NT_STATUS_IS_OK(status)) {
@@ -1054,23 +1060,27 @@ static bool samsync_handle_account(TALLOC_CTX *mem_ctx, struct samsync_state *sa
return false;
}
- if ((account->privilege_entries && !e.out.privs)) {
+ if ((account->privilege_entries && !privs)) {
printf("Account %s has privileges in SamSync, but not LSA\n",
dom_sid_string(mem_ctx, dom_sid));
return false;
}
- if (!account->privilege_entries && e.out.privs && e.out.privs->count) {
+ if (!account->privilege_entries && privs && privs->count) {
printf("Account %s has privileges in LSA, but not SamSync\n",
dom_sid_string(mem_ctx, dom_sid));
return false;
}
- TEST_INT_EQUAL(account->privilege_entries, e.out.privs->count);
+ TEST_INT_EQUAL(account->privilege_entries, privs->count);
- for (i=0;i< e.out.privs->count; i++) {
+ for (i=0;i< privs->count; i++) {
+
+ struct lsa_StringLarge *name = NULL;
+
r.in.handle = samsync_state->lsa_handle;
- r.in.luid = &e.out.privs->set[i].luid;
+ r.in.luid = &privs->set[i].luid;
+ r.out.name = &name;
status = dcerpc_lsa_LookupPrivName(samsync_state->p_lsa, mem_ctx, &r);
if (!NT_STATUS_IS_OK(status)) {
@@ -1083,7 +1093,7 @@ static bool samsync_handle_account(TALLOC_CTX *mem_ctx, struct samsync_state *sa
return false;
}
for (j=0;j<account->privilege_entries; j++) {
- if (strcmp(r.out.name->string, account->privilege_name[j].string) == 0) {
+ if (strcmp(name->string, account->privilege_name[j].string) == 0) {
found_priv_in_lsa[j] = true;
break;
}
diff --git a/source4/torture/rpc/schannel.c b/source4/torture/rpc/schannel.c
index 15d40a2e17..a8aa046280 100644
--- a/source4/torture/rpc/schannel.c
+++ b/source4/torture/rpc/schannel.c
@@ -182,18 +182,21 @@ static bool test_lsa_ops(struct torture_context *tctx, struct dcerpc_pipe *p)
struct lsa_GetUserName r;
NTSTATUS status;
bool ret = true;
- struct lsa_StringPointer authority_name_p;
+ struct lsa_String *account_name_p = NULL;
+ struct lsa_String *authority_name_p = NULL;
printf("\nTesting GetUserName\n");
r.in.system_name = "\\";
- r.in.account_name = NULL;
+ r.in.account_name = &account_name_p;
r.in.authority_name = &authority_name_p;
- authority_name_p.string = NULL;
+ r.out.account_name = &account_name_p;
/* do several ops to test credential chaining and various operations */
status = dcerpc_lsa_GetUserName(p, tctx, &r);
-
+
+ authority_name_p = *r.out.authority_name;
+
if (NT_STATUS_EQUAL(status, NT_STATUS_RPC_PROTSEQ_NOT_SUPPORTED)) {
printf("not considering %s to be an error\n", nt_errstr(status));
} else if (!NT_STATUS_IS_OK(status)) {
@@ -204,18 +207,18 @@ static bool test_lsa_ops(struct torture_context *tctx, struct dcerpc_pipe *p)
return false;
}
- if (strcmp(r.out.account_name->string, "ANONYMOUS LOGON") != 0) {
+ if (strcmp(account_name_p->string, "ANONYMOUS LOGON") != 0) {
printf("GetUserName returned wrong user: %s, expected %s\n",
- r.out.account_name->string, "ANONYMOUS LOGON");
+ account_name_p->string, "ANONYMOUS LOGON");
return false;
}
- if (!r.out.authority_name || !r.out.authority_name->string) {
+ if (!authority_name_p || !authority_name_p->string) {
return false;
}
- if (strcmp(r.out.authority_name->string->string, "NT AUTHORITY") != 0) {
+ if (strcmp(authority_name_p->string, "NT AUTHORITY") != 0) {
printf("GetUserName returned wrong user: %s, expected %s\n",
- r.out.authority_name->string->string, "NT AUTHORITY");
+ authority_name_p->string, "NT AUTHORITY");
return false;
}
}
diff --git a/source4/winbind/wb_async_helpers.c b/source4/winbind/wb_async_helpers.c
index 25d52a16b5..48a2a4d882 100644
--- a/source4/winbind/wb_async_helpers.c
+++ b/source4/winbind/wb_async_helpers.c
@@ -41,6 +41,7 @@ struct lsa_lookupsids_state {
struct lsa_LookupSids r;
struct lsa_SidArray sids;
struct lsa_TransNameArray names;
+ struct lsa_RefDomainList *domains;
uint32_t count;
struct wb_sid_object **result;
};
@@ -76,6 +77,9 @@ struct composite_context *wb_lsa_lookupsids_send(TALLOC_CTX *mem_ctx,
if (state->sids.sids[i].sid == NULL) goto failed;
}
+ state->domains = talloc(state, struct lsa_RefDomainList);
+ if (state->domains == NULL) goto failed;
+
state->count = 0;
state->num_sids = num_sids;
state->names.count = 0;
@@ -88,6 +92,7 @@ struct composite_context *wb_lsa_lookupsids_send(TALLOC_CTX *mem_ctx,
state->r.in.count = &state->count;
state->r.out.names = &state->names;
state->r.out.count = &state->count;
+ state->r.out.domains = &state->domains;
req = dcerpc_lsa_LookupSids_send(lsa_pipe, state, &state->r);
if (req == NULL) goto failed;
@@ -125,6 +130,8 @@ static void lsa_lookupsids_recv_names(struct rpc_request *req)
struct lsa_TranslatedName *name =
&state->r.out.names->names[i];
struct lsa_DomainInfo *dom;
+ struct lsa_RefDomainList *domains =
+ state->domains;
state->result[i] = talloc_zero(state->result,
struct wb_sid_object);
@@ -135,13 +142,13 @@ static void lsa_lookupsids_recv_names(struct rpc_request *req)
continue;
}
- if (name->sid_index >= state->r.out.domains->count) {
+ if (name->sid_index >= domains->count) {
composite_error(state->ctx,
NT_STATUS_INVALID_PARAMETER);
return;
}
- dom = &state->r.out.domains->domains[name->sid_index];
+ dom = &domains->domains[name->sid_index];
state->result[i]->domain = talloc_reference(state->result[i],
dom->name.string);
if ((name->sid_type == SID_NAME_DOMAIN) ||
@@ -183,6 +190,7 @@ struct lsa_lookupnames_state {
uint32_t num_names;
struct lsa_LookupNames r;
struct lsa_TransSidArray sids;
+ struct lsa_RefDomainList *domains;
uint32_t count;
struct wb_sid_object **result;
};
@@ -222,6 +230,9 @@ struct composite_context *wb_lsa_lookupnames_send(TALLOC_CTX *mem_ctx,
lsa_names[i].string = names[i];
}
+ state->domains = talloc(state, struct lsa_RefDomainList);
+ if (state->domains == NULL) goto failed;
+
state->r.in.handle = handle;
state->r.in.num_names = num_names;
state->r.in.names = lsa_names;
@@ -230,6 +241,7 @@ struct composite_context *wb_lsa_lookupnames_send(TALLOC_CTX *mem_ctx,
state->r.in.count = &state->count;
state->r.out.count = &state->count;
state->r.out.sids = &state->sids;
+ state->r.out.domains = &state->domains;
req = dcerpc_lsa_LookupNames_send(lsa_pipe, state, &state->r);
if (req == NULL) goto failed;
@@ -265,6 +277,7 @@ static void lsa_lookupnames_recv_sids(struct rpc_request *req)
for (i=0; i<state->num_names; i++) {
struct lsa_TranslatedSid *sid = &state->r.out.sids->sids[i];
+ struct lsa_RefDomainList *domains = state->domains;
struct lsa_DomainInfo *dom;
state->result[i] = talloc_zero(state->result,
@@ -276,13 +289,13 @@ static void lsa_lookupnames_recv_sids(struct rpc_request *req)
continue;
}
- if (sid->sid_index >= state->r.out.domains->count) {
+ if (sid->sid_index >= domains->count) {
composite_error(state->ctx,
NT_STATUS_INVALID_PARAMETER);
return;
}
- dom = &state->r.out.domains->domains[sid->sid_index];
+ dom = &domains->domains[sid->sid_index];
state->result[i]->sid = dom_sid_add_rid(state->result[i],
dom->sid, sid->rid);
diff --git a/source4/winbind/wb_init_domain.c b/source4/winbind/wb_init_domain.c
index c6dee825a9..531647def8 100644
--- a/source4/winbind/wb_init_domain.c
+++ b/source4/winbind/wb_init_domain.c
@@ -70,6 +70,7 @@ struct init_domain_state {
struct lsa_ObjectAttribute objectattr;
struct lsa_OpenPolicy2 lsa_openpolicy;
struct lsa_QueryInfoPolicy queryinfo;
+ union lsa_PolicyInformation *info;
};
static void init_domain_recv_netlogonpipe(struct composite_context *ctx);
@@ -326,8 +327,12 @@ static void init_domain_recv_lsa_policy(struct rpc_request *req)
state->ctx->status = state->lsa_openpolicy.out.result;
if (!composite_is_ok(state->ctx)) return;
+ state->info = talloc_zero(state->ctx, union lsa_PolicyInformation);
+ if (composite_nomem(state->info, state->ctx)) return;
+
state->queryinfo.in.handle = &state->domain->libnet_ctx->lsa.handle;
state->queryinfo.in.level = LSA_POLICY_INFO_ACCOUNT_DOMAIN;
+ state->queryinfo.out.info = &state->info;
req = dcerpc_lsa_QueryInfoPolicy_send(state->domain->libnet_ctx->lsa.pipe, state,
&state->queryinfo);
@@ -347,7 +352,7 @@ static void init_domain_recv_queryinfo(struct rpc_request *req)
state->ctx->status = state->queryinfo.out.result;
if (!composite_is_ok(state->ctx)) return;
- dominfo = &state->queryinfo.out.info->account_domain;
+ dominfo = &(*state->queryinfo.out.info)->account_domain;
if (strcasecmp(state->domain->info->name, dominfo->name.string) != 0) {
DEBUG(2, ("Expected domain name %s, DC %s said %s\n",