diff options
-rw-r--r-- | source4/libcli/ndr/ndr_lsa.c | 45 | ||||
-rw-r--r-- | source4/libcli/ndr/ndr_lsa.h | 13 | ||||
-rw-r--r-- | source4/libcli/ndr/ndr_sec.c | 10 | ||||
-rw-r--r-- | source4/libcli/raw/rawdcerpc.c | 3 | ||||
-rw-r--r-- | source4/libcli/rpc/rpc_lsa.c | 40 | ||||
-rw-r--r-- | source4/torture/rpc/lsa.c | 77 |
6 files changed, 180 insertions, 8 deletions
diff --git a/source4/libcli/ndr/ndr_lsa.c b/source4/libcli/ndr/ndr_lsa.c index 5955432915..dfe978f9d4 100644 --- a/source4/libcli/ndr/ndr_lsa.c +++ b/source4/libcli/ndr/ndr_lsa.c @@ -108,3 +108,48 @@ NTSTATUS ndr_pull_lsa_OpenPolicy2(struct ndr_pull *ndr, NDR_CHECK(ndr_pull_status(ndr, &r->out.status)); return NT_STATUS_OK; } + + +/* + push a EnumSids +*/ +NTSTATUS ndr_push_lsa_EnumSids(struct ndr_push *ndr, + struct lsa_EnumSids *r) +{ + NDR_CHECK(ndr_push_policy_handle(ndr, r->in.handle)); + NDR_CHECK(ndr_push_u32(ndr, r->in.start_at)); + NDR_CHECK(ndr_push_u32(ndr, r->in.num_entries)); + return NT_STATUS_OK; +} + +/* + pull a EnumSids +*/ +NTSTATUS ndr_pull_lsa_EnumSids(struct ndr_pull *ndr, + struct lsa_EnumSids *r) +{ + uint32 nptrs, asize, i, ptr; + + NDR_CHECK(ndr_pull_u32(ndr, &r->out.num_entries)); + NDR_CHECK(ndr_pull_u32(ndr, &nptrs)); + NDR_CHECK(ndr_pull_u32(ndr, &ptr)); + if (!ptr) goto done; + + NDR_CHECK(ndr_pull_u32(ndr, &asize)); + NDR_ALLOC_N(ndr, r->out.sids, nptrs); + for (i=0;i<nptrs;i++) { + NDR_CHECK(ndr_pull_u32(ndr, &ptr)); + if (ptr) { + NDR_ALLOC(ndr, r->out.sids[i]); + } else { + r->out.sids[i] = NULL; + } + } + for (i=0;i<nptrs;i++) { + if (r->out.sids[i]) NDR_CHECK(ndr_pull_dom_sid2(ndr, r->out.sids[i])); + } + +done: + NDR_CHECK(ndr_pull_status(ndr, &r->out.status)); + return NT_STATUS_OK; +} diff --git a/source4/libcli/ndr/ndr_lsa.h b/source4/libcli/ndr/ndr_lsa.h index cfdd98e24e..0cc43b5f86 100644 --- a/source4/libcli/ndr/ndr_lsa.h +++ b/source4/libcli/ndr/ndr_lsa.h @@ -57,3 +57,16 @@ struct lsa_OpenPolicy2 { NTSTATUS status; } out; }; + +struct lsa_EnumSids { + struct { + struct policy_handle *handle; + uint32 start_at; + uint32 num_entries; + } in; + struct { + uint32 num_entries; + struct dom_sid **sids; + NTSTATUS status; + } out; +}; diff --git a/source4/libcli/ndr/ndr_sec.c b/source4/libcli/ndr/ndr_sec.c index 6b83a09d7a..52578089e6 100644 --- a/source4/libcli/ndr/ndr_sec.c +++ b/source4/libcli/ndr/ndr_sec.c @@ -137,6 +137,16 @@ NTSTATUS ndr_pull_dom_sid(struct ndr_pull *ndr, struct dom_sid *sid) } /* + parse a dom_sid2 - this is a dom_sid but with an extra copy of the num_auths field +*/ +NTSTATUS ndr_pull_dom_sid2(struct ndr_pull *ndr, struct dom_sid *sid) +{ + uint32 num_auths; + NDR_CHECK(ndr_pull_u32(ndr, &num_auths)); + return ndr_pull_dom_sid(ndr, sid); +} + +/* parse a dom_sid offset and structure */ NTSTATUS ndr_pull_dom_sid_ofs(struct ndr_pull *ndr, struct dom_sid **sid) diff --git a/source4/libcli/raw/rawdcerpc.c b/source4/libcli/raw/rawdcerpc.c index 6a3275c7a4..a253e0eb65 100644 --- a/source4/libcli/raw/rawdcerpc.c +++ b/source4/libcli/raw/rawdcerpc.c @@ -59,6 +59,9 @@ NTSTATUS dcerpc_pipe_open_smb(struct dcerpc_pipe *p, const char *pipe_name) io.ntcreatex.in.fname = name; mem_ctx = talloc_init("torture_rpc_connection"); + if (!mem_ctx) { + return NT_STATUS_NO_MEMORY; + } status = smb_raw_open(p->tree, mem_ctx, &io); free(name); talloc_destroy(mem_ctx); diff --git a/source4/libcli/rpc/rpc_lsa.c b/source4/libcli/rpc/rpc_lsa.c index 8e1a48857e..65d6a81491 100644 --- a/source4/libcli/rpc/rpc_lsa.c +++ b/source4/libcli/rpc/rpc_lsa.c @@ -35,7 +35,7 @@ NTSTATUS dcerpc_lsa_OpenPolicy(struct dcerpc_pipe *p, NTSTATUS status; TALLOC_CTX *mem_ctx; - mem_ctx = talloc_init("dcerpc_rpcecho_addone"); + mem_ctx = talloc_init("dcerpc_lsa_openpolicy"); if (!mem_ctx) { return NT_STATUS_NO_MEMORY; } @@ -77,7 +77,7 @@ NTSTATUS dcerpc_lsa_OpenPolicy2(struct dcerpc_pipe *p, NTSTATUS status; TALLOC_CTX *mem_ctx; - mem_ctx = talloc_init("dcerpc_rpcecho_addone"); + mem_ctx = talloc_init("dcerpc_lsa_openpolicy2"); if (!mem_ctx) { return NT_STATUS_NO_MEMORY; } @@ -104,3 +104,39 @@ done: talloc_destroy(mem_ctx); return status; } + +/* + EnumSids interface +*/ +NTSTATUS dcerpc_lsa_EnumSids(struct dcerpc_pipe *p, + TALLOC_CTX *mem_ctx, + struct policy_handle *handle, + uint32 resume_handle, + uint32 *num_entries, + struct dom_sid ***sids) +{ + struct lsa_EnumSids r; + NTSTATUS status; + + /* fill the .in side of the call */ + r.in.handle = handle; + r.in.start_at = 0; + r.in.num_entries = *num_entries; + + /* make the call */ + status = dcerpc_ndr_request(p, LSA_ENUM_ACCOUNTS, mem_ctx, + (ndr_push_fn_t) ndr_push_lsa_EnumSids, + (ndr_pull_fn_t) ndr_pull_lsa_EnumSids, + &r); + if (!NT_STATUS_IS_OK(status)) { + goto done; + } + + /* and extract the .out parameters */ + *num_entries = r.out.num_entries; + *sids = r.out.sids; + status = r.out.status; + +done: + return status; +} diff --git a/source4/torture/rpc/lsa.c b/source4/torture/rpc/lsa.c index a4062d1181..a542cad636 100644 --- a/source4/torture/rpc/lsa.c +++ b/source4/torture/rpc/lsa.c @@ -21,6 +21,39 @@ #include "includes.h" +/* + this really shouldn't be here .... +*/ +static char *lsa_sid_string_talloc(TALLOC_CTX *mem_ctx, struct dom_sid *sid) +{ + int i, ofs, maxlen; + uint32 ia; + char *ret; + + if (!sid) { + return talloc_asprintf(mem_ctx, "(NULL SID)"); + } + + maxlen = sid->num_auths * 11 + 25; + ret = talloc(mem_ctx, maxlen); + if (!ret) return NULL; + + ia = (sid->id_auth[5]) + + (sid->id_auth[4] << 8 ) + + (sid->id_auth[3] << 16) + + (sid->id_auth[2] << 24); + + ofs = snprintf(ret, maxlen, "S-%u-%lu", + (unsigned int)sid->sid_rev_num, (unsigned long)ia); + + for (i = 0; i < sid->num_auths; i++) { + ofs += snprintf(ret + ofs, maxlen - ofs, "-%lu", (unsigned long)sid->sub_auths[i]); + } + + return ret; +} + + static BOOL test_OpenPolicy(struct dcerpc_pipe *p) { struct lsa_ObjectAttribute attr; @@ -28,7 +61,7 @@ static BOOL test_OpenPolicy(struct dcerpc_pipe *p) struct lsa_QosInfo qos; NTSTATUS status; - printf("testing OpenPolicy\n"); + printf("\ntesting OpenPolicy\n"); qos.impersonation_level = 2; qos.context_mode = 1; @@ -54,14 +87,13 @@ static BOOL test_OpenPolicy(struct dcerpc_pipe *p) } -static BOOL test_OpenPolicy2(struct dcerpc_pipe *p) +static BOOL test_OpenPolicy2(struct dcerpc_pipe *p, struct policy_handle *handle) { struct lsa_ObjectAttribute attr; - struct policy_handle handle; struct lsa_QosInfo qos; NTSTATUS status; - printf("testing OpenPolicy2\n"); + printf("\ntesting OpenPolicy2\n"); qos.impersonation_level = 2; qos.context_mode = 1; @@ -77,7 +109,7 @@ static BOOL test_OpenPolicy2(struct dcerpc_pipe *p) "\\", &attr, SEC_RIGHTS_MAXIMUM_ALLOWED, - &handle); + handle); if (!NT_STATUS_IS_OK(status)) { printf("OpenPolicy2 failed - %s\n", nt_errstr(status)); return False; @@ -86,12 +118,41 @@ static BOOL test_OpenPolicy2(struct dcerpc_pipe *p) return True; } + +static BOOL test_EnumSids(struct dcerpc_pipe *p, + TALLOC_CTX *mem_ctx, + struct policy_handle *handle) +{ + NTSTATUS status; + struct dom_sid **sids; + uint32 num_entries = 100; + int i; + + printf("\ntesting EnumSids\n"); + + status = dcerpc_lsa_EnumSids(p, mem_ctx, handle, 0, &num_entries, &sids); + if (!NT_STATUS_IS_OK(status)) { + printf("EnumSids failed - %s\n", nt_errstr(status)); + return False; + } + + printf("Got %d sids\n", num_entries); + + for (i=0;i<num_entries;i++) { + printf("%s\n", lsa_sid_string_talloc(mem_ctx, sids[i])); + } + + + return True; +} + BOOL torture_rpc_lsa(int dummy) { NTSTATUS status; struct dcerpc_pipe *p; TALLOC_CTX *mem_ctx; BOOL ret = True; + struct policy_handle handle; mem_ctx = talloc_init("torture_rpc_lsa"); @@ -104,10 +165,14 @@ BOOL torture_rpc_lsa(int dummy) ret = False; } - if (!test_OpenPolicy2(p)) { + if (!test_OpenPolicy2(p, &handle)) { ret = False; } + if (!test_EnumSids(p, mem_ctx, &handle)) { + ret = False; + } + torture_rpc_close(p); return ret; |