summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--source4/libcli/ndr/ndr_lsa.c45
-rw-r--r--source4/libcli/ndr/ndr_lsa.h13
-rw-r--r--source4/libcli/ndr/ndr_sec.c10
-rw-r--r--source4/libcli/raw/rawdcerpc.c3
-rw-r--r--source4/libcli/rpc/rpc_lsa.c40
-rw-r--r--source4/torture/rpc/lsa.c77
6 files changed, 180 insertions, 8 deletions
diff --git a/source4/libcli/ndr/ndr_lsa.c b/source4/libcli/ndr/ndr_lsa.c
index 5955432915..dfe978f9d4 100644
--- a/source4/libcli/ndr/ndr_lsa.c
+++ b/source4/libcli/ndr/ndr_lsa.c
@@ -108,3 +108,48 @@ NTSTATUS ndr_pull_lsa_OpenPolicy2(struct ndr_pull *ndr,
NDR_CHECK(ndr_pull_status(ndr, &r->out.status));
return NT_STATUS_OK;
}
+
+
+/*
+ push a EnumSids
+*/
+NTSTATUS ndr_push_lsa_EnumSids(struct ndr_push *ndr,
+ struct lsa_EnumSids *r)
+{
+ NDR_CHECK(ndr_push_policy_handle(ndr, r->in.handle));
+ NDR_CHECK(ndr_push_u32(ndr, r->in.start_at));
+ NDR_CHECK(ndr_push_u32(ndr, r->in.num_entries));
+ return NT_STATUS_OK;
+}
+
+/*
+ pull a EnumSids
+*/
+NTSTATUS ndr_pull_lsa_EnumSids(struct ndr_pull *ndr,
+ struct lsa_EnumSids *r)
+{
+ uint32 nptrs, asize, i, ptr;
+
+ NDR_CHECK(ndr_pull_u32(ndr, &r->out.num_entries));
+ NDR_CHECK(ndr_pull_u32(ndr, &nptrs));
+ NDR_CHECK(ndr_pull_u32(ndr, &ptr));
+ if (!ptr) goto done;
+
+ NDR_CHECK(ndr_pull_u32(ndr, &asize));
+ NDR_ALLOC_N(ndr, r->out.sids, nptrs);
+ for (i=0;i<nptrs;i++) {
+ NDR_CHECK(ndr_pull_u32(ndr, &ptr));
+ if (ptr) {
+ NDR_ALLOC(ndr, r->out.sids[i]);
+ } else {
+ r->out.sids[i] = NULL;
+ }
+ }
+ for (i=0;i<nptrs;i++) {
+ if (r->out.sids[i]) NDR_CHECK(ndr_pull_dom_sid2(ndr, r->out.sids[i]));
+ }
+
+done:
+ NDR_CHECK(ndr_pull_status(ndr, &r->out.status));
+ return NT_STATUS_OK;
+}
diff --git a/source4/libcli/ndr/ndr_lsa.h b/source4/libcli/ndr/ndr_lsa.h
index cfdd98e24e..0cc43b5f86 100644
--- a/source4/libcli/ndr/ndr_lsa.h
+++ b/source4/libcli/ndr/ndr_lsa.h
@@ -57,3 +57,16 @@ struct lsa_OpenPolicy2 {
NTSTATUS status;
} out;
};
+
+struct lsa_EnumSids {
+ struct {
+ struct policy_handle *handle;
+ uint32 start_at;
+ uint32 num_entries;
+ } in;
+ struct {
+ uint32 num_entries;
+ struct dom_sid **sids;
+ NTSTATUS status;
+ } out;
+};
diff --git a/source4/libcli/ndr/ndr_sec.c b/source4/libcli/ndr/ndr_sec.c
index 6b83a09d7a..52578089e6 100644
--- a/source4/libcli/ndr/ndr_sec.c
+++ b/source4/libcli/ndr/ndr_sec.c
@@ -137,6 +137,16 @@ NTSTATUS ndr_pull_dom_sid(struct ndr_pull *ndr, struct dom_sid *sid)
}
/*
+ parse a dom_sid2 - this is a dom_sid but with an extra copy of the num_auths field
+*/
+NTSTATUS ndr_pull_dom_sid2(struct ndr_pull *ndr, struct dom_sid *sid)
+{
+ uint32 num_auths;
+ NDR_CHECK(ndr_pull_u32(ndr, &num_auths));
+ return ndr_pull_dom_sid(ndr, sid);
+}
+
+/*
parse a dom_sid offset and structure
*/
NTSTATUS ndr_pull_dom_sid_ofs(struct ndr_pull *ndr, struct dom_sid **sid)
diff --git a/source4/libcli/raw/rawdcerpc.c b/source4/libcli/raw/rawdcerpc.c
index 6a3275c7a4..a253e0eb65 100644
--- a/source4/libcli/raw/rawdcerpc.c
+++ b/source4/libcli/raw/rawdcerpc.c
@@ -59,6 +59,9 @@ NTSTATUS dcerpc_pipe_open_smb(struct dcerpc_pipe *p, const char *pipe_name)
io.ntcreatex.in.fname = name;
mem_ctx = talloc_init("torture_rpc_connection");
+ if (!mem_ctx) {
+ return NT_STATUS_NO_MEMORY;
+ }
status = smb_raw_open(p->tree, mem_ctx, &io);
free(name);
talloc_destroy(mem_ctx);
diff --git a/source4/libcli/rpc/rpc_lsa.c b/source4/libcli/rpc/rpc_lsa.c
index 8e1a48857e..65d6a81491 100644
--- a/source4/libcli/rpc/rpc_lsa.c
+++ b/source4/libcli/rpc/rpc_lsa.c
@@ -35,7 +35,7 @@ NTSTATUS dcerpc_lsa_OpenPolicy(struct dcerpc_pipe *p,
NTSTATUS status;
TALLOC_CTX *mem_ctx;
- mem_ctx = talloc_init("dcerpc_rpcecho_addone");
+ mem_ctx = talloc_init("dcerpc_lsa_openpolicy");
if (!mem_ctx) {
return NT_STATUS_NO_MEMORY;
}
@@ -77,7 +77,7 @@ NTSTATUS dcerpc_lsa_OpenPolicy2(struct dcerpc_pipe *p,
NTSTATUS status;
TALLOC_CTX *mem_ctx;
- mem_ctx = talloc_init("dcerpc_rpcecho_addone");
+ mem_ctx = talloc_init("dcerpc_lsa_openpolicy2");
if (!mem_ctx) {
return NT_STATUS_NO_MEMORY;
}
@@ -104,3 +104,39 @@ done:
talloc_destroy(mem_ctx);
return status;
}
+
+/*
+ EnumSids interface
+*/
+NTSTATUS dcerpc_lsa_EnumSids(struct dcerpc_pipe *p,
+ TALLOC_CTX *mem_ctx,
+ struct policy_handle *handle,
+ uint32 resume_handle,
+ uint32 *num_entries,
+ struct dom_sid ***sids)
+{
+ struct lsa_EnumSids r;
+ NTSTATUS status;
+
+ /* fill the .in side of the call */
+ r.in.handle = handle;
+ r.in.start_at = 0;
+ r.in.num_entries = *num_entries;
+
+ /* make the call */
+ status = dcerpc_ndr_request(p, LSA_ENUM_ACCOUNTS, mem_ctx,
+ (ndr_push_fn_t) ndr_push_lsa_EnumSids,
+ (ndr_pull_fn_t) ndr_pull_lsa_EnumSids,
+ &r);
+ if (!NT_STATUS_IS_OK(status)) {
+ goto done;
+ }
+
+ /* and extract the .out parameters */
+ *num_entries = r.out.num_entries;
+ *sids = r.out.sids;
+ status = r.out.status;
+
+done:
+ return status;
+}
diff --git a/source4/torture/rpc/lsa.c b/source4/torture/rpc/lsa.c
index a4062d1181..a542cad636 100644
--- a/source4/torture/rpc/lsa.c
+++ b/source4/torture/rpc/lsa.c
@@ -21,6 +21,39 @@
#include "includes.h"
+/*
+ this really shouldn't be here ....
+*/
+static char *lsa_sid_string_talloc(TALLOC_CTX *mem_ctx, struct dom_sid *sid)
+{
+ int i, ofs, maxlen;
+ uint32 ia;
+ char *ret;
+
+ if (!sid) {
+ return talloc_asprintf(mem_ctx, "(NULL SID)");
+ }
+
+ maxlen = sid->num_auths * 11 + 25;
+ ret = talloc(mem_ctx, maxlen);
+ if (!ret) return NULL;
+
+ ia = (sid->id_auth[5]) +
+ (sid->id_auth[4] << 8 ) +
+ (sid->id_auth[3] << 16) +
+ (sid->id_auth[2] << 24);
+
+ ofs = snprintf(ret, maxlen, "S-%u-%lu",
+ (unsigned int)sid->sid_rev_num, (unsigned long)ia);
+
+ for (i = 0; i < sid->num_auths; i++) {
+ ofs += snprintf(ret + ofs, maxlen - ofs, "-%lu", (unsigned long)sid->sub_auths[i]);
+ }
+
+ return ret;
+}
+
+
static BOOL test_OpenPolicy(struct dcerpc_pipe *p)
{
struct lsa_ObjectAttribute attr;
@@ -28,7 +61,7 @@ static BOOL test_OpenPolicy(struct dcerpc_pipe *p)
struct lsa_QosInfo qos;
NTSTATUS status;
- printf("testing OpenPolicy\n");
+ printf("\ntesting OpenPolicy\n");
qos.impersonation_level = 2;
qos.context_mode = 1;
@@ -54,14 +87,13 @@ static BOOL test_OpenPolicy(struct dcerpc_pipe *p)
}
-static BOOL test_OpenPolicy2(struct dcerpc_pipe *p)
+static BOOL test_OpenPolicy2(struct dcerpc_pipe *p, struct policy_handle *handle)
{
struct lsa_ObjectAttribute attr;
- struct policy_handle handle;
struct lsa_QosInfo qos;
NTSTATUS status;
- printf("testing OpenPolicy2\n");
+ printf("\ntesting OpenPolicy2\n");
qos.impersonation_level = 2;
qos.context_mode = 1;
@@ -77,7 +109,7 @@ static BOOL test_OpenPolicy2(struct dcerpc_pipe *p)
"\\",
&attr,
SEC_RIGHTS_MAXIMUM_ALLOWED,
- &handle);
+ handle);
if (!NT_STATUS_IS_OK(status)) {
printf("OpenPolicy2 failed - %s\n", nt_errstr(status));
return False;
@@ -86,12 +118,41 @@ static BOOL test_OpenPolicy2(struct dcerpc_pipe *p)
return True;
}
+
+static BOOL test_EnumSids(struct dcerpc_pipe *p,
+ TALLOC_CTX *mem_ctx,
+ struct policy_handle *handle)
+{
+ NTSTATUS status;
+ struct dom_sid **sids;
+ uint32 num_entries = 100;
+ int i;
+
+ printf("\ntesting EnumSids\n");
+
+ status = dcerpc_lsa_EnumSids(p, mem_ctx, handle, 0, &num_entries, &sids);
+ if (!NT_STATUS_IS_OK(status)) {
+ printf("EnumSids failed - %s\n", nt_errstr(status));
+ return False;
+ }
+
+ printf("Got %d sids\n", num_entries);
+
+ for (i=0;i<num_entries;i++) {
+ printf("%s\n", lsa_sid_string_talloc(mem_ctx, sids[i]));
+ }
+
+
+ return True;
+}
+
BOOL torture_rpc_lsa(int dummy)
{
NTSTATUS status;
struct dcerpc_pipe *p;
TALLOC_CTX *mem_ctx;
BOOL ret = True;
+ struct policy_handle handle;
mem_ctx = talloc_init("torture_rpc_lsa");
@@ -104,10 +165,14 @@ BOOL torture_rpc_lsa(int dummy)
ret = False;
}
- if (!test_OpenPolicy2(p)) {
+ if (!test_OpenPolicy2(p, &handle)) {
ret = False;
}
+ if (!test_EnumSids(p, mem_ctx, &handle)) {
+ ret = False;
+ }
+
torture_rpc_close(p);
return ret;