diff options
-rw-r--r-- | source3/include/rpc_lsa.h | 36 | ||||
-rw-r--r-- | source3/include/rpc_misc.h | 11 | ||||
-rw-r--r-- | source3/rpc_parse/parse_lsa.c | 126 | ||||
-rw-r--r-- | source3/rpc_parse/parse_misc.c | 50 | ||||
-rw-r--r-- | source3/rpc_server/srv_lsa_nt.c | 25 |
5 files changed, 221 insertions, 27 deletions
diff --git a/source3/include/rpc_lsa.h b/source3/include/rpc_lsa.h index 7cb5fbfdfd..92189b5619 100644 --- a/source3/include/rpc_lsa.h +++ b/source3/include/rpc_lsa.h @@ -542,13 +542,47 @@ typedef struct lsa_r_lookup_names uint32 num_entries; uint32 ptr_entries; uint32 num_entries2; - DOM_RID2 *dom_rid; /* domain RIDs being looked up */ + DOM_RID *dom_rid; /* domain RIDs being looked up */ uint32 mapped_count; NTSTATUS status; /* return code */ } LSA_R_LOOKUP_NAMES; +/* LSA_Q_LOOKUP_NAMES2 - LSA Lookup NAMEs 2*/ +typedef struct lsa_q_lookup_names2 +{ + POLICY_HND pol; /* policy handle */ + uint32 num_entries; + uint32 num_entries2; + UNIHDR *hdr_name; /* name buffer pointers */ + UNISTR2 *uni_name; /* names to be looked up */ + + uint32 num_trans_entries; + uint32 ptr_trans_sids; /* undocumented domain SID buffer pointer */ + uint32 lookup_level; + uint32 mapped_count; + uint32 unknown1; + uint32 unknown2; + +} LSA_Q_LOOKUP_NAMES2; + +/* LSA_R_LOOKUP_NAMES - response to LSA Lookup NAMEs by name */ +typedef struct lsa_r_lookup_names2 +{ + uint32 ptr_dom_ref; + DOM_R_REF *dom_ref; /* domain reference info */ + + uint32 num_entries; + uint32 ptr_entries; + uint32 num_entries2; + DOM_RID2 *dom_rid; /* domain RIDs being looked up */ + + uint32 mapped_count; + + NTSTATUS status; /* return code */ +} LSA_R_LOOKUP_NAMES2; + typedef struct lsa_enum_priv_entry { UNIHDR hdr_name; diff --git a/source3/include/rpc_misc.h b/source3/include/rpc_misc.h index 091ba3395e..7b71e80c55 100644 --- a/source3/include/rpc_misc.h +++ b/source3/include/rpc_misc.h @@ -264,13 +264,20 @@ typedef struct { * Domain SID structures **********************************************************************/ -/* DOM_RID2 - domain RID structure for ntlsa pipe */ +/* DOM_RID - domain RID structure for ntlsa pipe */ typedef struct { uint8 type; /* value is SID_NAME_USE enum */ uint32 rid; uint32 rid_idx; /* referenced domain index */ -} DOM_RID2; +} DOM_RID; +/* DOM_RID2 - second domain RID structure for ntlsa pipe */ +typedef struct { + uint8 type; /* value is SID_NAME_USE enum */ + uint32 rid; + uint32 rid_idx; /* referenced domain index */ + uint32 unknown; +} DOM_RID2; typedef struct { /* DOM_RID3 - domain RID structure for samr pipe */ uint32 rid; /* domain-relative (to a SID) id */ diff --git a/source3/rpc_parse/parse_lsa.c b/source3/rpc_parse/parse_lsa.c index ad475f192b..d041553e14 100644 --- a/source3/rpc_parse/parse_lsa.c +++ b/source3/rpc_parse/parse_lsa.c @@ -1412,7 +1412,7 @@ BOOL lsa_io_r_lookup_names(const char *desc, LSA_R_LOOKUP_NAMES *out, prs_struct } if (UNMARSHALLING(ps)) { - if ((out->dom_rid = PRS_ALLOC_MEM(ps, DOM_RID2, out->num_entries2)) + if ((out->dom_rid = PRS_ALLOC_MEM(ps, DOM_RID, out->num_entries2)) == NULL) { DEBUG(3, ("lsa_io_r_lookup_names(): out of memory\n")); return False; @@ -1420,6 +1420,129 @@ BOOL lsa_io_r_lookup_names(const char *desc, LSA_R_LOOKUP_NAMES *out, prs_struct } for (i = 0; i < out->num_entries2; i++) + if(!smb_io_dom_rid("", &out->dom_rid[i], ps, depth)) /* domain RIDs being looked up */ + return False; + } + + if(!prs_uint32("mapped_count", ps, depth, &out->mapped_count)) + return False; + + if(!prs_ntstatus("status ", ps, depth, &out->status)) + return False; + + return True; +} + +/******************************************************************* +reads or writes a structure. +********************************************************************/ + +BOOL lsa_io_q_lookup_names2(const char *desc, LSA_Q_LOOKUP_NAMES2 *q_r, + prs_struct *ps, int depth) +{ + unsigned int i; + + prs_debug(ps, depth, desc, "lsa_io_q_lookup_names2"); + depth++; + + if(!prs_align(ps)) + return False; + + if(!smb_io_pol_hnd("", &q_r->pol, ps, depth)) /* policy handle */ + return False; + + if(!prs_align(ps)) + return False; + if(!prs_uint32("num_entries ", ps, depth, &q_r->num_entries)) + return False; + if(!prs_uint32("num_entries2 ", ps, depth, &q_r->num_entries2)) + return False; + + if (UNMARSHALLING(ps)) { + if (q_r->num_entries) { + if ((q_r->hdr_name = PRS_ALLOC_MEM(ps, UNIHDR, q_r->num_entries)) == NULL) + return False; + if ((q_r->uni_name = PRS_ALLOC_MEM(ps, UNISTR2, q_r->num_entries)) == NULL) + return False; + } + } + + for (i = 0; i < q_r->num_entries; i++) { + if(!prs_align(ps)) + return False; + if(!smb_io_unihdr("hdr_name", &q_r->hdr_name[i], ps, depth)) /* pointer names */ + return False; + } + + for (i = 0; i < q_r->num_entries; i++) { + if(!prs_align(ps)) + return False; + if(!smb_io_unistr2("dom_name", &q_r->uni_name[i], q_r->hdr_name[i].buffer, ps, depth)) /* names to be looked up */ + return False; + } + + if(!prs_align(ps)) + return False; + if(!prs_uint32("num_trans_entries ", ps, depth, &q_r->num_trans_entries)) + return False; + if(!prs_uint32("ptr_trans_sids ", ps, depth, &q_r->ptr_trans_sids)) + return False; + if(!prs_uint32("lookup_level ", ps, depth, &q_r->lookup_level)) + return False; + if(!prs_uint32("mapped_count ", ps, depth, &q_r->mapped_count)) + return False; + if(!prs_uint32("unknown1 ", ps, depth, &q_r->unknown1)) + return False; + if(!prs_uint32("unknown2 ", ps, depth, &q_r->unknown2)) + return False; + + return True; +} + +/******************************************************************* +reads or writes a structure. +********************************************************************/ + +BOOL lsa_io_r_lookup_names2(const char *desc, LSA_R_LOOKUP_NAMES2 *out, prs_struct *ps, int depth) +{ + unsigned int i; + + prs_debug(ps, depth, desc, "lsa_io_r_lookup_names2"); + depth++; + + if(!prs_align(ps)) + return False; + + if(!prs_uint32("ptr_dom_ref", ps, depth, &out->ptr_dom_ref)) + return False; + + if (out->ptr_dom_ref != 0) + if(!lsa_io_dom_r_ref("", out->dom_ref, ps, depth)) + return False; + + if(!prs_uint32("num_entries", ps, depth, &out->num_entries)) + return False; + if(!prs_uint32("ptr_entries", ps, depth, &out->ptr_entries)) + return False; + + if (out->ptr_entries != 0) { + if(!prs_uint32("num_entries2", ps, depth, &out->num_entries2)) + return False; + + if (out->num_entries2 != out->num_entries) { + /* RPC fault */ + return False; + } + + if (UNMARSHALLING(ps)) { + if ((out->dom_rid = PRS_ALLOC_MEM(ps, DOM_RID2, out->num_entries2)) + == NULL) { + DEBUG(3, ("lsa_io_r_lookup_names2(): out of memory\n")); + return False; + } + } + + for (i = 0; i < out->num_entries2; i++) if(!smb_io_dom_rid2("", &out->dom_rid[i], ps, depth)) /* domain RIDs being looked up */ return False; } @@ -1434,6 +1557,7 @@ BOOL lsa_io_r_lookup_names(const char *desc, LSA_R_LOOKUP_NAMES *out, prs_struct } + /******************************************************************* Inits an LSA_Q_CLOSE structure. ********************************************************************/ diff --git a/source3/rpc_parse/parse_misc.c b/source3/rpc_parse/parse_misc.c index b5b224c0a4..bc1eda8d04 100644 --- a/source3/rpc_parse/parse_misc.c +++ b/source3/rpc_parse/parse_misc.c @@ -1251,23 +1251,50 @@ BOOL smb_io_account_lockout_str(const char *desc, LOCKOUT_STRING *account_lockou } /******************************************************************* - Inits a DOM_RID2 structure. + Inits a DOM_RID structure. ********************************************************************/ -void init_dom_rid2(DOM_RID2 *rid2, uint32 rid, uint8 type, uint32 idx) +void init_dom_rid(DOM_RID *prid, uint32 rid, uint8 type, uint32 idx) { - rid2->type = type; - rid2->rid = rid; - rid2->rid_idx = idx; + prid->type = type; + prid->rid = rid; + prid->rid_idx = idx; +} + +/******************************************************************* + Reads or writes a DOM_RID structure. +********************************************************************/ + +BOOL smb_io_dom_rid(const char *desc, DOM_RID *rid, prs_struct *ps, int depth) +{ + if (rid == NULL) + return False; + + prs_debug(ps, depth, desc, "smb_io_dom_rid"); + depth++; + + if(!prs_align(ps)) + return False; + + if(!prs_uint8("type ", ps, depth, &rid->type)) + return False; + if(!prs_align(ps)) + return False; + if(!prs_uint32("rid ", ps, depth, &rid->rid)) + return False; + if(!prs_uint32("rid_idx", ps, depth, &rid->rid_idx)) + return False; + + return True; } /******************************************************************* Reads or writes a DOM_RID2 structure. ********************************************************************/ -BOOL smb_io_dom_rid2(const char *desc, DOM_RID2 *rid2, prs_struct *ps, int depth) +BOOL smb_io_dom_rid2(const char *desc, DOM_RID2 *rid, prs_struct *ps, int depth) { - if (rid2 == NULL) + if (rid == NULL) return False; prs_debug(ps, depth, desc, "smb_io_dom_rid2"); @@ -1276,18 +1303,21 @@ BOOL smb_io_dom_rid2(const char *desc, DOM_RID2 *rid2, prs_struct *ps, int depth if(!prs_align(ps)) return False; - if(!prs_uint8("type ", ps, depth, &rid2->type)) + if(!prs_uint8("type ", ps, depth, &rid->type)) return False; if(!prs_align(ps)) return False; - if(!prs_uint32("rid ", ps, depth, &rid2->rid)) + if(!prs_uint32("rid ", ps, depth, &rid->rid)) return False; - if(!prs_uint32("rid_idx", ps, depth, &rid2->rid_idx)) + if(!prs_uint32("rid_idx", ps, depth, &rid->rid_idx)) + return False; + if(!prs_uint32("unknown", ps, depth, &rid->unknown)) return False; return True; } + /******************************************************************* creates a DOM_RID3 structure. ********************************************************************/ diff --git a/source3/rpc_server/srv_lsa_nt.c b/source3/rpc_server/srv_lsa_nt.c index f7a462d2b2..78461008a8 100644 --- a/source3/rpc_server/srv_lsa_nt.c +++ b/source3/rpc_server/srv_lsa_nt.c @@ -131,11 +131,11 @@ static int init_dom_ref(DOM_R_REF *ref, const char *dom_name, DOM_SID *dom_sid) } /*************************************************************************** - init_lsa_rid2s + init_lsa_rids ***************************************************************************/ -static int init_lsa_rid2s(TALLOC_CTX *mem_ctx, - DOM_R_REF *ref, DOM_RID2 *rid2, +static int init_lsa_rids(TALLOC_CTX *mem_ctx, + DOM_R_REF *ref, DOM_RID *prid, int num_entries, UNISTR2 *name, int flags) { @@ -148,7 +148,6 @@ static int init_lsa_rid2s(TALLOC_CTX *mem_ctx, become_root(); /* lookup_name can require root privs */ for (i = 0; i < num_entries; i++) { - BOOL status = False; DOM_SID sid; uint32 rid; int dom_idx; @@ -164,7 +163,7 @@ static int init_lsa_rid2s(TALLOC_CTX *mem_ctx, return 0; } - DEBUG(5, ("init_lsa_rid2s: looking up name %s\n", full_name)); + DEBUG(5, ("init_lsa_rids: looking up name %s\n", full_name)); /* We can ignore the result of lookup_name, it will not touch "type" if it's not successful */ @@ -172,8 +171,6 @@ static int init_lsa_rid2s(TALLOC_CTX *mem_ctx, lookup_name(mem_ctx, full_name, flags, &domain, NULL, &sid, &type); - DEBUG(5, ("init_lsa_rid2s: %s\n", status ? "found" : - "not found")); switch (type) { case SID_NAME_USER: @@ -181,10 +178,12 @@ static int init_lsa_rid2s(TALLOC_CTX *mem_ctx, case SID_NAME_DOMAIN: case SID_NAME_ALIAS: case SID_NAME_WKN_GRP: + DEBUG(5, ("init_lsa_rids: %s found\n", full_name)); /* Leave these unchanged */ break; default: /* Don't hand out anything but the list above */ + DEBUG(5, ("init_lsa_rids: %s not found\n", full_name)); type = SID_NAME_UNKNOWN; break; } @@ -198,7 +197,7 @@ static int init_lsa_rid2s(TALLOC_CTX *mem_ctx, mapped_count++; } - init_dom_rid2(&rid2[i], rid, type, dom_idx); + init_dom_rid(&prid[i], rid, type, dom_idx); } unbecome_root(); @@ -212,7 +211,7 @@ static int init_lsa_rid2s(TALLOC_CTX *mem_ctx, static void init_reply_lookup_names(LSA_R_LOOKUP_NAMES *r_l, DOM_R_REF *ref, uint32 num_entries, - DOM_RID2 *rid2, uint32 mapped_count) + DOM_RID *rid, uint32 mapped_count) { r_l->ptr_dom_ref = 1; r_l->dom_ref = ref; @@ -220,7 +219,7 @@ static void init_reply_lookup_names(LSA_R_LOOKUP_NAMES *r_l, r_l->num_entries = num_entries; r_l->ptr_entries = 1; r_l->num_entries2 = num_entries; - r_l->dom_rid = rid2; + r_l->dom_rid = rid; r_l->mapped_count = mapped_count; } @@ -892,7 +891,7 @@ NTSTATUS _lsa_lookup_names(pipes_struct *p,LSA_Q_LOOKUP_NAMES *q_u, LSA_R_LOOKUP UNISTR2 *names = q_u->uni_name; int num_entries = q_u->num_entries; DOM_R_REF *ref; - DOM_RID2 *rids; + DOM_RID *rids; uint32 mapped_count = 0; int flags = 0; @@ -907,7 +906,7 @@ NTSTATUS _lsa_lookup_names(pipes_struct *p,LSA_Q_LOOKUP_NAMES *q_u, LSA_R_LOOKUP } ref = TALLOC_ZERO_P(p->mem_ctx, DOM_R_REF); - rids = TALLOC_ZERO_ARRAY(p->mem_ctx, DOM_RID2, num_entries); + rids = TALLOC_ZERO_ARRAY(p->mem_ctx, DOM_RID, num_entries); if (!find_policy_by_hnd(p, &q_u->pol, (void **)(void *)&handle)) { r_u->status = NT_STATUS_INVALID_HANDLE; @@ -924,7 +923,7 @@ NTSTATUS _lsa_lookup_names(pipes_struct *p,LSA_Q_LOOKUP_NAMES *q_u, LSA_R_LOOKUP return NT_STATUS_NO_MEMORY; /* set up the LSA Lookup RIDs response */ - mapped_count = init_lsa_rid2s(p->mem_ctx, ref, rids, num_entries, + mapped_count = init_lsa_rids(p->mem_ctx, ref, rids, num_entries, names, flags); done: |