summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--source4/librpc/idl/samr.idl26
-rw-r--r--source4/librpc/ndr/ndr_samr.c93
-rw-r--r--source4/librpc/ndr/ndr_samr.h27
-rw-r--r--source4/librpc/rpc/rpc_samr.c16
-rw-r--r--source4/torture/rpc/samr.c67
5 files changed, 207 insertions, 22 deletions
diff --git a/source4/librpc/idl/samr.idl b/source4/librpc/idl/samr.idl
index 6017f73f4e..440b5ab9e7 100644
--- a/source4/librpc/idl/samr.idl
+++ b/source4/librpc/idl/samr.idl
@@ -72,11 +72,33 @@
/************************/
/* Function 0x07 */
- NTSTATUS samr_OPEN_DOMAIN();
+ NTSTATUS samr_OpenDomain(
+ [in,ref] policy_handle *handle,
+ [in] uint32 access_mask,
+ [in,ref] dom_sid2 *sid,
+ [out,ref] policy_handle *domain_handle
+ );
/************************/
/* Function 0x08 */
- NTSTATUS samr_QUERY_DOMAIN_INFO();
+
+ typedef struct {
+ uint16 min_length_password;
+ uint16 password_history;
+ uint32 flag;
+ NTTIME expire;
+ NTTIME min_passwordage;
+ } samr_DomInfo1;
+
+ typedef union {
+ case(1) samr_DomInfo1 info1;
+ } samr_DomainInfo;
+
+ NTSTATUS samr_QueryDomainInfo(
+ [in,ref] policy_handle *handle,
+ [in] uint16 level,
+ [out,switch_is(level)] samr_DomainInfo *info
+ );
/************************/
/* Function 0x09 */
diff --git a/source4/librpc/ndr/ndr_samr.c b/source4/librpc/ndr/ndr_samr.c
index 8a972b426f..10f30afa2c 100644
--- a/source4/librpc/ndr/ndr_samr.c
+++ b/source4/librpc/ndr/ndr_samr.c
@@ -70,14 +70,19 @@ NTSTATUS ndr_push_samr_EnumDomains(struct ndr_push *ndr, struct samr_EnumDomains
return NT_STATUS_OK;
}
-NTSTATUS ndr_push_samr_OPEN_DOMAIN(struct ndr_push *ndr, struct samr_OPEN_DOMAIN *r)
+NTSTATUS ndr_push_samr_OpenDomain(struct ndr_push *ndr, struct samr_OpenDomain *r)
{
+ NDR_CHECK(ndr_push_policy_handle(ndr, r->in.handle));
+ NDR_CHECK(ndr_push_uint32(ndr, r->in.access_mask));
+ NDR_CHECK(ndr_push_dom_sid2(ndr, r->in.sid));
return NT_STATUS_OK;
}
-NTSTATUS ndr_push_samr_QUERY_DOMAIN_INFO(struct ndr_push *ndr, struct samr_QUERY_DOMAIN_INFO *r)
+NTSTATUS ndr_push_samr_QueryDomainInfo(struct ndr_push *ndr, struct samr_QueryDomainInfo *r)
{
+ NDR_CHECK(ndr_push_policy_handle(ndr, r->in.handle));
+ NDR_CHECK(ndr_push_uint16(ndr, r->in.level));
return NT_STATUS_OK;
}
@@ -578,15 +583,70 @@ NTSTATUS ndr_pull_samr_EnumDomains(struct ndr_pull *ndr, struct samr_EnumDomains
return NT_STATUS_OK;
}
-NTSTATUS ndr_pull_samr_OPEN_DOMAIN(struct ndr_pull *ndr, struct samr_OPEN_DOMAIN *r)
+NTSTATUS ndr_pull_samr_OpenDomain(struct ndr_pull *ndr, struct samr_OpenDomain *r)
{
+ NDR_CHECK(ndr_pull_policy_handle(ndr, r->out.domain_handle));
NDR_CHECK(ndr_pull_NTSTATUS(ndr, &r->out.result));
return NT_STATUS_OK;
}
-NTSTATUS ndr_pull_samr_QUERY_DOMAIN_INFO(struct ndr_pull *ndr, struct samr_QUERY_DOMAIN_INFO *r)
+static NTSTATUS ndr_pull_samr_DomInfo1(struct ndr_pull *ndr, int ndr_flags, struct samr_DomInfo1 *r)
{
+ NDR_CHECK(ndr_pull_align(ndr, 4));
+ if (!(ndr_flags & NDR_SCALARS)) goto buffers;
+ NDR_CHECK(ndr_pull_uint16(ndr, &r->min_length_password));
+ NDR_CHECK(ndr_pull_uint16(ndr, &r->password_history));
+ NDR_CHECK(ndr_pull_uint32(ndr, &r->flag));
+ NDR_CHECK(ndr_pull_NTTIME(ndr, &r->expire));
+ NDR_CHECK(ndr_pull_NTTIME(ndr, &r->min_passwordage));
+buffers:
+ if (!(ndr_flags & NDR_BUFFERS)) goto done;
+done:
+ return NT_STATUS_OK;
+}
+
+static NTSTATUS ndr_pull_samr_DomainInfo(struct ndr_pull *ndr, int ndr_flags, uint16 *level, union samr_DomainInfo *r)
+{
+ if (!(ndr_flags & NDR_SCALARS)) goto buffers;
+ NDR_CHECK(ndr_pull_uint16(ndr, level));
+ switch (*level) {
+ case 1: {
+ NDR_CHECK(ndr_pull_samr_DomInfo1(ndr, NDR_SCALARS, &r->info1));
+ break; }
+
+ default:
+ return ndr_pull_error(ndr, NDR_ERR_BAD_SWITCH, "Bad switch value %u", *level);
+ }
+buffers:
+ if (!(ndr_flags & NDR_BUFFERS)) goto done;
+ switch (*level) {
+ case 1:
+ NDR_CHECK(ndr_pull_samr_DomInfo1(ndr, NDR_BUFFERS, &r->info1));
+ break;
+
+ default:
+ return ndr_pull_error(ndr, NDR_ERR_BAD_SWITCH, "Bad switch value %u", *level);
+ }
+done:
+ return NT_STATUS_OK;
+}
+
+NTSTATUS ndr_pull_samr_QueryDomainInfo(struct ndr_pull *ndr, struct samr_QueryDomainInfo *r)
+{
+ uint32 _ptr_info;
+ NDR_CHECK(ndr_pull_uint32(ndr, &_ptr_info));
+ if (_ptr_info) {
+ NDR_ALLOC(ndr, r->out.info);
+ } else {
+ r->out.info = NULL;
+ }
+ if (r->out.info) {
+ { uint16 _level;
+ NDR_CHECK(ndr_pull_samr_DomainInfo(ndr, NDR_SCALARS|NDR_BUFFERS, &_level, r->out.info));
+ if (((NDR_SCALARS|NDR_BUFFERS) & NDR_SCALARS) && (_level != r->in.level)) return ndr_pull_error(ndr, NDR_ERR_BAD_SWITCH, "Bad switch value %u in info");
+ }
+ }
NDR_CHECK(ndr_pull_NTSTATUS(ndr, &r->out.result));
return NT_STATUS_OK;
@@ -1044,3 +1104,28 @@ void ndr_print_samr_SamArray(struct ndr_print *ndr, const char *name, struct sam
ndr->depth--;
}
+void ndr_print_samr_DomInfo1(struct ndr_print *ndr, const char *name, struct samr_DomInfo1 *r)
+{
+ ndr_print_struct(ndr, name, "samr_DomInfo1");
+ ndr->depth++;
+ ndr_print_uint16(ndr, "min_length_password", r->min_length_password);
+ ndr_print_uint16(ndr, "password_history", r->password_history);
+ ndr_print_uint32(ndr, "flag", r->flag);
+ ndr_print_NTTIME(ndr, "expire", r->expire);
+ ndr_print_NTTIME(ndr, "min_passwordage", r->min_passwordage);
+ ndr->depth--;
+}
+
+void ndr_print_samr_DomainInfo(struct ndr_print *ndr, const char *name, uint16 level, union samr_DomainInfo *r)
+{
+ ndr_print_union(ndr, name, level, "samr_DomainInfo");
+ switch (level) {
+ case 1:
+ ndr_print_samr_DomInfo1(ndr, "info1", &r->info1);
+ break;
+
+ default:
+ ndr_print_bad_level(ndr, name, level);
+ }
+}
+
diff --git a/source4/librpc/ndr/ndr_samr.h b/source4/librpc/ndr/ndr_samr.h
index f24dde1ec5..9bf4682563 100644
--- a/source4/librpc/ndr/ndr_samr.h
+++ b/source4/librpc/ndr/ndr_samr.h
@@ -98,21 +98,40 @@ struct samr_EnumDomains {
};
-struct samr_OPEN_DOMAIN {
+struct samr_OpenDomain {
struct {
+ struct policy_handle *handle;
+ uint32 access_mask;
+ struct dom_sid2 *sid;
} in;
struct {
+ struct policy_handle *domain_handle;
NTSTATUS result;
} out;
};
-struct samr_QUERY_DOMAIN_INFO {
+struct samr_DomInfo1 {
+ uint16 min_length_password;
+ uint16 password_history;
+ uint32 flag;
+ NTTIME expire;
+ NTTIME min_passwordage;
+};
+
+union samr_DomainInfo {
+/* [case(1)] */ struct samr_DomInfo1 info1;
+};
+
+struct samr_QueryDomainInfo {
struct {
+ struct policy_handle *handle;
+ uint16 level;
} in;
struct {
+ union samr_DomainInfo *info;
NTSTATUS result;
} out;
@@ -719,8 +738,8 @@ struct samr_VALIDATE_PASSWORD {
#define DCERPC_SAMR_SHUTDOWN 4
#define DCERPC_SAMR_LOOKUPDOMAIN 5
#define DCERPC_SAMR_ENUMDOMAINS 6
-#define DCERPC_SAMR_OPEN_DOMAIN 7
-#define DCERPC_SAMR_QUERY_DOMAIN_INFO 8
+#define DCERPC_SAMR_OPENDOMAIN 7
+#define DCERPC_SAMR_QUERYDOMAININFO 8
#define DCERPC_SAMR_SET_DOMAIN_INFO 9
#define DCERPC_SAMR_CREATE_DOM_GROUP 10
#define DCERPC_SAMR_ENUM_DOM_GROUPS 11
diff --git a/source4/librpc/rpc/rpc_samr.c b/source4/librpc/rpc/rpc_samr.c
index 836ada5c0c..98b294d044 100644
--- a/source4/librpc/rpc/rpc_samr.c
+++ b/source4/librpc/rpc/rpc_samr.c
@@ -101,12 +101,12 @@ NTSTATUS dcerpc_samr_EnumDomains(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx, str
return r->out.result;
}
-NTSTATUS dcerpc_samr_OPEN_DOMAIN(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx, struct samr_OPEN_DOMAIN *r)
+NTSTATUS dcerpc_samr_OpenDomain(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx, struct samr_OpenDomain *r)
{
NTSTATUS status;
- status = dcerpc_ndr_request(p, DCERPC_SAMR_OPEN_DOMAIN, mem_ctx,
- (ndr_push_fn_t) ndr_push_samr_OPEN_DOMAIN,
- (ndr_pull_fn_t) ndr_pull_samr_OPEN_DOMAIN,
+ status = dcerpc_ndr_request(p, DCERPC_SAMR_OPENDOMAIN, mem_ctx,
+ (ndr_push_fn_t) ndr_push_samr_OpenDomain,
+ (ndr_pull_fn_t) ndr_pull_samr_OpenDomain,
r);
if (!NT_STATUS_IS_OK(status)) {
return status;
@@ -115,12 +115,12 @@ NTSTATUS dcerpc_samr_OPEN_DOMAIN(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx, str
return r->out.result;
}
-NTSTATUS dcerpc_samr_QUERY_DOMAIN_INFO(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx, struct samr_QUERY_DOMAIN_INFO *r)
+NTSTATUS dcerpc_samr_QueryDomainInfo(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx, struct samr_QueryDomainInfo *r)
{
NTSTATUS status;
- status = dcerpc_ndr_request(p, DCERPC_SAMR_QUERY_DOMAIN_INFO, mem_ctx,
- (ndr_push_fn_t) ndr_push_samr_QUERY_DOMAIN_INFO,
- (ndr_pull_fn_t) ndr_pull_samr_QUERY_DOMAIN_INFO,
+ status = dcerpc_ndr_request(p, DCERPC_SAMR_QUERYDOMAININFO, mem_ctx,
+ (ndr_push_fn_t) ndr_push_samr_QueryDomainInfo,
+ (ndr_pull_fn_t) ndr_pull_samr_QueryDomainInfo,
r);
if (!NT_STATUS_IS_OK(status)) {
return status;
diff --git a/source4/torture/rpc/samr.c b/source4/torture/rpc/samr.c
index 2dd77e6ec5..431372323e 100644
--- a/source4/torture/rpc/samr.c
+++ b/source4/torture/rpc/samr.c
@@ -21,6 +21,55 @@
#include "includes.h"
+static BOOL test_QueryDomainInfo(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
+ struct policy_handle *handle)
+{
+ NTSTATUS status;
+ struct samr_QueryDomainInfo r;
+
+ printf("Testing QueryDomainInfo\n");
+
+ r.in.handle = handle;
+ r.in.level = 1;
+
+ status = dcerpc_samr_QueryDomainInfo(p, mem_ctx, &r);
+ if (!NT_STATUS_IS_OK(status)) {
+ printf("QueryDomainInfo failed - %s\n", nt_errstr(status));
+ return False;
+ }
+
+ NDR_PRINT_UNION_DEBUG(samr_DomainInfo, r.in.level, r.out.info);
+
+ return True;
+}
+
+static BOOL test_OpenDomain(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
+ struct policy_handle *handle, struct dom_sid2 *sid)
+{
+ NTSTATUS status;
+ struct samr_OpenDomain r;
+ struct policy_handle domain_handle;
+
+ printf("Testing OpenDomain\n");
+
+ r.in.handle = handle;
+ r.in.access_mask = SEC_RIGHTS_MAXIMUM_ALLOWED;
+ r.in.sid = sid;
+ r.out.domain_handle = &domain_handle;
+
+ status = dcerpc_samr_OpenDomain(p, mem_ctx, &r);
+ if (!NT_STATUS_IS_OK(status)) {
+ printf("OpenDomain failed - %s\n", nt_errstr(status));
+ return False;
+ }
+
+ if (!test_QueryDomainInfo(p, mem_ctx, &domain_handle)) {
+ return False;
+ }
+
+ return True;
+}
+
static BOOL test_LookupDomain(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
struct policy_handle *handle, struct samr_Name *domain)
{
@@ -40,6 +89,10 @@ static BOOL test_LookupDomain(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
NDR_PRINT_DEBUG(dom_sid2, r.out.sid);
+ if (!test_OpenDomain(p, mem_ctx, handle, r.out.sid)) {
+ return False;
+ }
+
return True;
}
@@ -52,6 +105,7 @@ static BOOL test_EnumDomains(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
uint32 resume_handle = 0;
uint32 num_entries=0;
int i;
+ BOOL ret = True;
r.in.handle = handle;
r.in.resume_handle = &resume_handle;
@@ -67,13 +121,18 @@ static BOOL test_EnumDomains(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
NDR_PRINT_DEBUG(samr_SamArray, r.out.sam);
- if (r.out.sam) {
- for (i=0;i<r.out.sam->count;i++) {
- test_LookupDomain(p, mem_ctx, handle, &r.out.sam->entries[i].name);
+ if (!r.out.sam) {
+ return False;
+ }
+
+ for (i=0;i<r.out.sam->count;i++) {
+ if (!test_LookupDomain(p, mem_ctx, handle,
+ &r.out.sam->entries[i].name)) {
+ ret = False;
}
}
- return True;
+ return ret;
}