diff options
-rw-r--r-- | source4/libcli/ndr/ndr_basic.c | 16 | ||||
-rw-r--r-- | source4/libcli/ndr/ndr_lsa.c | 25 | ||||
-rw-r--r-- | source4/libcli/ndr/ndr_lsa.h | 12 | ||||
-rw-r--r-- | source4/libcli/rpc/rpc_lsa.c | 42 | ||||
-rw-r--r-- | source4/torture/rpc/lsa.c | 46 |
5 files changed, 129 insertions, 12 deletions
diff --git a/source4/libcli/ndr/ndr_basic.c b/source4/libcli/ndr/ndr_basic.c index 8cbf375403..21326c2a62 100644 --- a/source4/libcli/ndr/ndr_basic.c +++ b/source4/libcli/ndr/ndr_basic.c @@ -177,6 +177,7 @@ NTSTATUS ndr_push_bytes(struct ndr_push *ndr, const char *data, uint32 n) */ NTSTATUS ndr_push_length4_start(struct ndr_push *ndr, struct ndr_push_save *save) { + NDR_PUSH_ALIGN(ndr, 4); save->offset = ndr->offset; return ndr_push_u32(ndr, 0); } @@ -203,21 +204,16 @@ NTSTATUS ndr_push_ptr(struct ndr_push *ndr, const void *p) */ NTSTATUS ndr_push_unistr(struct ndr_push *ndr, const char *s) { - smb_ucs2_t *ws; + char *ws; ssize_t len; - int i; - len = push_ucs2_talloc(ndr->mem_ctx, &ws, s); + len = push_ucs2_talloc(ndr->mem_ctx, (smb_ucs2_t **)&ws, s); if (len == -1) { return NT_STATUS_INVALID_PARAMETER; } - NDR_CHECK(ndr_push_u32(ndr, len)); + NDR_CHECK(ndr_push_u32(ndr, len/2)); NDR_CHECK(ndr_push_u32(ndr, 0)); - NDR_CHECK(ndr_push_u32(ndr, len-2)); - NDR_PUSH_NEED_BYTES(ndr, len); - for (i=0;i<len;i+=2) { - SSVAL(ndr->data, ndr->offset + i, ws[i]); - } - ndr->offset += i; + NDR_CHECK(ndr_push_u32(ndr, len/2)); + NDR_CHECK(ndr_push_bytes(ndr, ws, len)); return NT_STATUS_OK; } diff --git a/source4/libcli/ndr/ndr_lsa.c b/source4/libcli/ndr/ndr_lsa.c index 6649bd04c2..5955432915 100644 --- a/source4/libcli/ndr/ndr_lsa.c +++ b/source4/libcli/ndr/ndr_lsa.c @@ -83,3 +83,28 @@ NTSTATUS ndr_pull_lsa_OpenPolicy(struct ndr_pull *ndr, NDR_CHECK(ndr_pull_status(ndr, &r->out.status)); return NT_STATUS_OK; } + +/* + push a openpolicy2 +*/ +NTSTATUS ndr_push_lsa_OpenPolicy2(struct ndr_push *ndr, + struct lsa_OpenPolicy2 *r) +{ + NDR_CHECK(ndr_push_ptr(ndr, r->in.system_name)); + NDR_CHECK(ndr_push_unistr(ndr, r->in.system_name)); + NDR_CHECK(ndr_push_lsa_ObjectAttribute(ndr, r->in.attr)); + NDR_CHECK(ndr_push_u32(ndr, r->in.desired_access)); + return NT_STATUS_OK; +} + + +/* + parse a openpolicy2 +*/ +NTSTATUS ndr_pull_lsa_OpenPolicy2(struct ndr_pull *ndr, + struct lsa_OpenPolicy2 *r) +{ + NDR_CHECK(ndr_pull_policy_handle(ndr, &r->out.handle)); + NDR_CHECK(ndr_pull_status(ndr, &r->out.status)); + return NT_STATUS_OK; +} diff --git a/source4/libcli/ndr/ndr_lsa.h b/source4/libcli/ndr/ndr_lsa.h index 4a0aff8323..cfdd98e24e 100644 --- a/source4/libcli/ndr/ndr_lsa.h +++ b/source4/libcli/ndr/ndr_lsa.h @@ -45,3 +45,15 @@ struct lsa_OpenPolicy { NTSTATUS status; } out; }; + +struct lsa_OpenPolicy2 { + struct { + const char *system_name; + struct lsa_ObjectAttribute *attr; + uint32 desired_access; + } in; + struct { + struct policy_handle handle; + NTSTATUS status; + } out; +}; diff --git a/source4/libcli/rpc/rpc_lsa.c b/source4/libcli/rpc/rpc_lsa.c index b747762984..8e1a48857e 100644 --- a/source4/libcli/rpc/rpc_lsa.c +++ b/source4/libcli/rpc/rpc_lsa.c @@ -62,3 +62,45 @@ done: talloc_destroy(mem_ctx); return status; } + + +/* + OpenPolicy2 interface +*/ +NTSTATUS dcerpc_lsa_OpenPolicy2(struct dcerpc_pipe *p, + const char *server, + struct lsa_ObjectAttribute *attr, + uint32 access_mask, + struct policy_handle *handle) +{ + struct lsa_OpenPolicy2 r; + NTSTATUS status; + TALLOC_CTX *mem_ctx; + + mem_ctx = talloc_init("dcerpc_rpcecho_addone"); + if (!mem_ctx) { + return NT_STATUS_NO_MEMORY; + } + + /* fill the .in side of the call */ + r.in.system_name = server; + r.in.attr = attr; + r.in.desired_access = access_mask; + + /* make the call */ + status = dcerpc_ndr_request(p, LSA_OPENPOLICY2, mem_ctx, + (ndr_push_fn_t) ndr_push_lsa_OpenPolicy2, + (ndr_pull_fn_t) ndr_pull_lsa_OpenPolicy2, + &r); + if (!NT_STATUS_IS_OK(status)) { + goto done; + } + + /* and extract the .out parameters */ + *handle = r.out.handle; + status = r.out.status; + +done: + talloc_destroy(mem_ctx); + return status; +} diff --git a/source4/torture/rpc/lsa.c b/source4/torture/rpc/lsa.c index 95a07ef0c6..a4062d1181 100644 --- a/source4/torture/rpc/lsa.c +++ b/source4/torture/rpc/lsa.c @@ -28,6 +28,8 @@ static BOOL test_OpenPolicy(struct dcerpc_pipe *p) struct lsa_QosInfo qos; NTSTATUS status; + printf("testing OpenPolicy\n"); + qos.impersonation_level = 2; qos.context_mode = 1; qos.effective_only = 0; @@ -51,11 +53,45 @@ static BOOL test_OpenPolicy(struct dcerpc_pipe *p) return True; } + +static BOOL test_OpenPolicy2(struct dcerpc_pipe *p) +{ + struct lsa_ObjectAttribute attr; + struct policy_handle handle; + struct lsa_QosInfo qos; + NTSTATUS status; + + printf("testing OpenPolicy2\n"); + + qos.impersonation_level = 2; + qos.context_mode = 1; + qos.effective_only = 0; + + attr.root_dir = NULL; + attr.object_name = NULL; + attr.attributes = 0; + attr.sec_desc = NULL; + attr.sec_qos = &qos; + + status = dcerpc_lsa_OpenPolicy2(p, + "\\", + &attr, + SEC_RIGHTS_MAXIMUM_ALLOWED, + &handle); + if (!NT_STATUS_IS_OK(status)) { + printf("OpenPolicy2 failed - %s\n", nt_errstr(status)); + return False; + } + + return True; +} + BOOL torture_rpc_lsa(int dummy) { NTSTATUS status; struct dcerpc_pipe *p; TALLOC_CTX *mem_ctx; + BOOL ret = True; mem_ctx = talloc_init("torture_rpc_lsa"); @@ -64,9 +100,15 @@ BOOL torture_rpc_lsa(int dummy) return False; } - test_OpenPolicy(p); + if (!test_OpenPolicy(p)) { + ret = False; + } + + if (!test_OpenPolicy2(p)) { + ret = False; + } torture_rpc_close(p); - return NT_STATUS_IS_OK(status); + return ret; } |