summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--source3/librpc/gen_ndr/lsa.h2
-rw-r--r--source3/librpc/idl/lsa.idl7
-rw-r--r--source3/passdb/lookup_sid.c8
-rw-r--r--source3/rpc_server/srv_lsa_nt.c8
-rw-r--r--source4/libcli/util/clilsa.c4
-rw-r--r--source4/librpc/idl/lsa.idl26
-rw-r--r--source4/rpc_server/lsa/lsa_lookup.c14
-rw-r--r--source4/torture/ndr/lsa.c25
-rw-r--r--source4/torture/rpc/lsa.c12
-rw-r--r--source4/winbind/wb_async_helpers.c11
10 files changed, 70 insertions, 47 deletions
diff --git a/source3/librpc/gen_ndr/lsa.h b/source3/librpc/gen_ndr/lsa.h
index d91cf4b66d..0ccbcdf5b0 100644
--- a/source3/librpc/gen_ndr/lsa.h
+++ b/source3/librpc/gen_ndr/lsa.h
@@ -9,8 +9,6 @@
#define LSA_ENUM_TRUST_DOMAIN_MULTIPLIER ( 60 )
#define LSA_REF_DOMAIN_LIST_MULTIPLIER ( 32 )
-#define MAX_REF_DOMAINS ( LSA_REF_DOMAIN_LIST_MULTIPLIER )
-#define MAX_LOOKUP_SIDS ( 0x5000 )
#define LSA_ENUM_TRUST_DOMAIN_EX_MULTIPLIER ( 82 )
#define LSA_CLIENT_REVISION_NO_DNS ( 0x00000001 )
#define LSA_CLIENT_REVISION_DNS ( 0x00000002 )
diff --git a/source3/librpc/idl/lsa.idl b/source3/librpc/idl/lsa.idl
index cb1f2b028b..2ed267789d 100644
--- a/source3/librpc/idl/lsa.idl
+++ b/source3/librpc/idl/lsa.idl
@@ -391,8 +391,6 @@ import "misc.idl", "security.idl";
} lsa_TransSidArray;
const int LSA_REF_DOMAIN_LIST_MULTIPLIER = 32;
- const int MAX_REF_DOMAINS = LSA_REF_DOMAIN_LIST_MULTIPLIER;
-
typedef struct {
[range(0,1000)] uint32 count;
[size_is(count)] lsa_DomainInfo *domains;
@@ -442,10 +440,7 @@ import "misc.idl", "security.idl";
[size_is(count)] lsa_TranslatedName *names;
} lsa_TransNameArray;
- /* This number is based on Win2k and later maximum response allowed */
- const int MAX_LOOKUP_SIDS = 0x5000; /* 20480 */
-
- [public] NTSTATUS lsa_LookupSids (
+ [public] NTSTATUS lsa_LookupSids(
[in] policy_handle *handle,
[in,ref] lsa_SidArray *sids,
[out,ref] lsa_RefDomainList **domains,
diff --git a/source3/passdb/lookup_sid.c b/source3/passdb/lookup_sid.c
index 3861c8e229..b9a67f208e 100644
--- a/source3/passdb/lookup_sid.c
+++ b/source3/passdb/lookup_sid.c
@@ -746,7 +746,7 @@ NTSTATUS lookup_sids(TALLOC_CTX *mem_ctx, int num_sids,
}
dom_infos = TALLOC_ZERO_ARRAY(mem_ctx, struct lsa_dom_info,
- MAX_REF_DOMAINS);
+ LSA_REF_DOMAIN_LIST_MULTIPLIER);
if (dom_infos == NULL) {
result = NT_STATUS_NO_MEMORY;
goto fail;
@@ -816,7 +816,7 @@ NTSTATUS lookup_sids(TALLOC_CTX *mem_ctx, int num_sids,
continue;
}
- for (j=0; j<MAX_REF_DOMAINS; j++) {
+ for (j=0; j<LSA_REF_DOMAIN_LIST_MULTIPLIER; j++) {
if (!dom_infos[j].valid) {
break;
}
@@ -825,7 +825,7 @@ NTSTATUS lookup_sids(TALLOC_CTX *mem_ctx, int num_sids,
}
}
- if (j == MAX_REF_DOMAINS) {
+ if (j == LSA_REF_DOMAIN_LIST_MULTIPLIER) {
/* TODO: What's the right error message here? */
result = NT_STATUS_NONE_MAPPED;
goto fail;
@@ -869,7 +869,7 @@ NTSTATUS lookup_sids(TALLOC_CTX *mem_ctx, int num_sids,
/* Iterate over the domains found */
- for (i=0; i<MAX_REF_DOMAINS; i++) {
+ for (i=0; i<LSA_REF_DOMAIN_LIST_MULTIPLIER; i++) {
uint32_t *rids;
const char *domain_name = NULL;
const char **names;
diff --git a/source3/rpc_server/srv_lsa_nt.c b/source3/rpc_server/srv_lsa_nt.c
index 2fa705daf3..3addf91494 100644
--- a/source3/rpc_server/srv_lsa_nt.c
+++ b/source3/rpc_server/srv_lsa_nt.c
@@ -33,6 +33,8 @@
#undef DBGC_CLASS
#define DBGC_CLASS DBGC_RPC_SRV
+#define MAX_LOOKUP_SIDS 0x5000 /* 20480 */
+
extern PRIVS privs[];
struct lsa_info {
@@ -68,13 +70,13 @@ static int init_lsa_ref_domain_list(TALLOC_CTX *mem_ctx,
num = ref->count;
}
- if (num >= MAX_REF_DOMAINS) {
+ if (num >= LSA_REF_DOMAIN_LIST_MULTIPLIER) {
/* index not found, already at maximum domain limit */
return -1;
}
ref->count = num + 1;
- ref->max_size = MAX_REF_DOMAINS;
+ ref->max_size = LSA_REF_DOMAIN_LIST_MULTIPLIER;
ref->domains = TALLOC_REALLOC_ARRAY(mem_ctx, ref->domains,
struct lsa_DomainInfo, ref->count);
@@ -725,7 +727,7 @@ static NTSTATUS _lsa_lookup_sids_internal(pipes_struct *p,
return NT_STATUS_NO_MEMORY;
}
- for (i=0; i<MAX_REF_DOMAINS; i++) {
+ for (i=0; i<LSA_REF_DOMAIN_LIST_MULTIPLIER; i++) {
if (!dom_infos[i].valid) {
break;
diff --git a/source4/libcli/util/clilsa.c b/source4/libcli/util/clilsa.c
index 43f64186c3..3d33941a1f 100644
--- a/source4/libcli/util/clilsa.c
+++ b/source4/libcli/util/clilsa.c
@@ -202,6 +202,7 @@ NTSTATUS smblsa_lookup_sid(struct smbcli_state *cli,
struct lsa_LookupSids r;
struct lsa_TransNameArray names;
struct lsa_SidArray sids;
+ struct lsa_RefDomainList *domains = NULL;
uint32_t count = 1;
NTSTATUS status;
struct dom_sid *sid;
@@ -231,6 +232,7 @@ NTSTATUS smblsa_lookup_sid(struct smbcli_state *cli,
r.in.count = &count;
r.out.count = &count;
r.out.names = &names;
+ r.out.domains = &domains;
status = dcerpc_lsa_LookupSids(cli->lsa->pipe, mem_ctx2, &r);
if (!NT_STATUS_IS_OK(status)) {
@@ -243,7 +245,7 @@ NTSTATUS smblsa_lookup_sid(struct smbcli_state *cli,
}
(*name) = talloc_asprintf(mem_ctx, "%s\\%s",
- r.out.domains->domains[0].name.string,
+ domains->domains[0].name.string,
names.names[0].name.string);
talloc_free(mem_ctx2);
diff --git a/source4/librpc/idl/lsa.idl b/source4/librpc/idl/lsa.idl
index 52701211f6..f3bfb8b359 100644
--- a/source4/librpc/idl/lsa.idl
+++ b/source4/librpc/idl/lsa.idl
@@ -440,13 +440,13 @@ import "misc.idl", "security.idl";
[size_is(count)] lsa_TranslatedName *names;
} lsa_TransNameArray;
- [public] NTSTATUS lsa_LookupSids (
+ [public] NTSTATUS lsa_LookupSids(
[in] policy_handle *handle,
- [in] lsa_SidArray *sids,
- [out,unique] lsa_RefDomainList *domains,
- [in,out] lsa_TransNameArray *names,
+ [in,ref] lsa_SidArray *sids,
+ [out,ref] lsa_RefDomainList **domains,
+ [in,out,ref] lsa_TransNameArray *names,
[in] uint16 level,
- [in,out] uint32 *count
+ [in,out,ref] uint32 *count
);
@@ -1013,11 +1013,11 @@ import "misc.idl", "security.idl";
[public] NTSTATUS lsa_LookupSids2(
[in] policy_handle *handle,
- [in] lsa_SidArray *sids,
- [out,unique] lsa_RefDomainList *domains,
- [in,out] lsa_TransNameArray2 *names,
+ [in,ref] lsa_SidArray *sids,
+ [out,ref] lsa_RefDomainList **domains,
+ [in,out,ref] lsa_TransNameArray2 *names,
[in] uint16 level,
- [in,out] uint32 *count,
+ [in,out,ref] uint32 *count,
[in] uint32 unknown1,
[in] uint32 unknown2
);
@@ -1175,11 +1175,11 @@ import "misc.idl", "security.idl";
/* Function 0x4c */
[public] NTSTATUS lsa_LookupSids3(
- [in] lsa_SidArray *sids,
- [out,unique] lsa_RefDomainList *domains,
- [in,out] lsa_TransNameArray2 *names,
+ [in,ref] lsa_SidArray *sids,
+ [out,ref] lsa_RefDomainList **domains,
+ [in,out,ref] lsa_TransNameArray2 *names,
[in] uint16 level,
- [in,out] uint32 *count,
+ [in,out,ref] uint32 *count,
[in] uint32 unknown1,
[in] uint32 unknown2
);
diff --git a/source4/rpc_server/lsa/lsa_lookup.c b/source4/rpc_server/lsa/lsa_lookup.c
index 2375a6d27a..e6285365ca 100644
--- a/source4/rpc_server/lsa/lsa_lookup.c
+++ b/source4/rpc_server/lsa/lsa_lookup.c
@@ -522,6 +522,7 @@ NTSTATUS dcesrv_lsa_LookupSids2(struct dcesrv_call_state *dce_call,
struct lsa_LookupSids2 *r)
{
struct lsa_policy_state *state;
+ struct lsa_RefDomainList *domains = NULL;
int i;
NTSTATUS status = NT_STATUS_OK;
@@ -530,7 +531,7 @@ NTSTATUS dcesrv_lsa_LookupSids2(struct dcesrv_call_state *dce_call,
return NT_STATUS_INVALID_PARAMETER;
}
- r->out.domains = NULL;
+ *r->out.domains = NULL;
/* NOTE: the WSPP test suite tries SIDs with invalid revision numbers,
and expects NT_STATUS_INVALID_PARAMETER back - we just treat it as
@@ -543,10 +544,11 @@ NTSTATUS dcesrv_lsa_LookupSids2(struct dcesrv_call_state *dce_call,
return status;
}
- r->out.domains = talloc_zero(mem_ctx, struct lsa_RefDomainList);
- if (r->out.domains == NULL) {
+ domains = talloc_zero(r->out.domains, struct lsa_RefDomainList);
+ if (domains == NULL) {
return NT_STATUS_NO_MEMORY;
}
+ *r->out.domains = domains;
r->out.names = talloc_zero(mem_ctx, struct lsa_TransNameArray2);
if (r->out.names == NULL) {
@@ -592,7 +594,7 @@ NTSTATUS dcesrv_lsa_LookupSids2(struct dcesrv_call_state *dce_call,
/* set up the authority table */
status2 = dcesrv_lsa_authority_list(state, mem_ctx, rtype,
authority_name, sid,
- r->out.domains, &sid_index);
+ domains, &sid_index);
if (!NT_STATUS_IS_OK(status2)) {
continue;
}
@@ -604,7 +606,7 @@ NTSTATUS dcesrv_lsa_LookupSids2(struct dcesrv_call_state *dce_call,
(*r->out.count)++;
}
-
+
if (*r->out.count == 0) {
return NT_STATUS_NONE_MAPPED;
}
@@ -660,6 +662,7 @@ NTSTATUS dcesrv_lsa_LookupSids3(struct dcesrv_call_state *dce_call,
r2.in.unknown2 = r->in.unknown2;
r2.out.count = r->out.count;
r2.out.names = r->out.names;
+ r2.out.domains = r->out.domains;
status = dcesrv_lsa_LookupSids2(dce_call, mem_ctx, &r2);
@@ -692,6 +695,7 @@ NTSTATUS dcesrv_lsa_LookupSids(struct dcesrv_call_state *dce_call, TALLOC_CTX *m
r2.in.unknown2 = 0;
r2.out.count = r->out.count;
r2.out.names = NULL;
+ r2.out.domains = r->out.domains;
status = dcesrv_lsa_LookupSids2(dce_call, mem_ctx, &r2);
/* we deliberately don't check for error from the above,
diff --git a/source4/torture/ndr/lsa.c b/source4/torture/ndr/lsa.c
index 0d6d786882..6f580bd8d8 100644
--- a/source4/torture/ndr/lsa.c
+++ b/source4/torture/ndr/lsa.c
@@ -1014,11 +1014,12 @@ static const uint8_t lsarlookupsids_out_data[] = {
static bool lsarlookupsids_out_check(struct torture_context *tctx,
struct lsa_LookupSids *r)
{
- torture_assert(tctx, r->out.domains != NULL, "domains");
- torture_assert_int_equal(tctx, r->out.domains->count, 1, "domains count");
- torture_assert_int_equal(tctx, r->out.domains->max_size, 32, "domains size");
- torture_assert(tctx, r->out.domains->domains != NULL, "domains domains");
- torture_assert_str_equal(tctx, r->out.domains->domains[0].name.string, "BUILTIN", "name");
+ struct lsa_RefDomainList *domains = *(r->out.domains);
+ torture_assert(tctx, domains != NULL, "domains");
+ torture_assert_int_equal(tctx, domains->count, 1, "domains count");
+ torture_assert_int_equal(tctx, domains->max_size, 32, "domains size");
+ torture_assert(tctx, domains->domains != NULL, "domains domains");
+ torture_assert_str_equal(tctx, domains->domains[0].name.string, "BUILTIN", "name");
torture_assert_ntstatus_ok(tctx, r->out.result, "return code");
return true;
}
@@ -1474,12 +1475,13 @@ static const uint8_t lsarlookupsids2_out_data[] = {
static bool lsarlookupsids2_out_check(struct torture_context *tctx,
struct lsa_LookupSids2 *r)
{
+ struct lsa_RefDomainList *domains = *(r->out.domains);
/* FIXME: Handle */
torture_assert(tctx, r->out.names != NULL, "names ptr");
torture_assert(tctx, r->out.domains != NULL, "domains ptr");
- torture_assert_int_equal(tctx, r->out.domains->count, 4, "domains count");
- torture_assert_int_equal(tctx, r->out.domains->max_size, 32, "domains size");
- torture_assert_str_equal(tctx, r->out.domains->domains[0].name.string, "NT AUTHORITY", "trust info name");
+ torture_assert_int_equal(tctx, domains->count, 4, "domains count");
+ torture_assert_int_equal(tctx, domains->max_size, 32, "domains size");
+ torture_assert_str_equal(tctx, domains->domains[0].name.string, "NT AUTHORITY", "trust info name");
torture_assert_int_equal(tctx, r->out.names->count, 7, "names count");
torture_assert_str_equal(tctx, r->out.names->names[0].name.string, "Account Operators", "name str 1");
torture_assert_str_equal(tctx, r->out.names->names[1].name.string, "Administrators", "name str 2");
@@ -1749,12 +1751,13 @@ static const uint8_t lsarlookupsids3_out_data[] = {
static bool lsarlookupsids3_out_check(struct torture_context *tctx,
struct lsa_LookupSids3 *r)
{
+ struct lsa_RefDomainList *domains = *(r->out.domains);
/* FIXME: Handle */
torture_assert(tctx, r->out.names != NULL, "names ptr");
torture_assert(tctx, r->out.domains != NULL, "domains ptr");
- torture_assert_int_equal(tctx, r->out.domains->count, 4, "domains count");
- torture_assert_int_equal(tctx, r->out.domains->max_size, 32, "domains size");
- torture_assert_str_equal(tctx, r->out.domains->domains[0].name.string, "NT AUTHORITY", "trust info name");
+ torture_assert_int_equal(tctx, domains->count, 4, "domains count");
+ torture_assert_int_equal(tctx, domains->max_size, 32, "domains size");
+ torture_assert_str_equal(tctx, domains->domains[0].name.string, "NT AUTHORITY", "trust info name");
torture_assert_int_equal(tctx, r->out.names->count, 7, "names count");
torture_assert_str_equal(tctx, r->out.names->names[0].name.string, "Account Operators", "name str 1");
torture_assert_str_equal(tctx, r->out.names->names[1].name.string, "Administrators", "name str 2");
diff --git a/source4/torture/rpc/lsa.c b/source4/torture/rpc/lsa.c
index a5f7f73959..ea9435bd95 100644
--- a/source4/torture/rpc/lsa.c
+++ b/source4/torture/rpc/lsa.c
@@ -449,6 +449,7 @@ static bool test_LookupSids(struct dcerpc_pipe *p,
{
struct lsa_LookupSids r;
struct lsa_TransNameArray names;
+ struct lsa_RefDomainList *domains = NULL;
uint32_t count = sids->num_sids;
NTSTATUS status;
@@ -464,6 +465,7 @@ static bool test_LookupSids(struct dcerpc_pipe *p,
r.in.count = &count;
r.out.count = &count;
r.out.names = &names;
+ r.out.domains = &domains;
status = dcerpc_lsa_LookupSids(p, mem_ctx, &r);
if (!NT_STATUS_IS_OK(status)) {
@@ -488,6 +490,7 @@ static bool test_LookupSids2(struct dcerpc_pipe *p,
{
struct lsa_LookupSids2 r;
struct lsa_TransNameArray2 names;
+ struct lsa_RefDomainList *domains = NULL;
uint32_t count = sids->num_sids;
NTSTATUS status;
@@ -505,6 +508,7 @@ static bool test_LookupSids2(struct dcerpc_pipe *p,
r.in.unknown2 = 0;
r.out.count = &count;
r.out.names = &names;
+ r.out.domains = &domains;
status = dcerpc_lsa_LookupSids2(p, mem_ctx, &r);
if (!NT_STATUS_IS_OK(status)) {
@@ -531,6 +535,7 @@ static bool test_LookupSids3(struct dcerpc_pipe *p,
{
struct lsa_LookupSids3 r;
struct lsa_TransNameArray2 names;
+ struct lsa_RefDomainList *domains = NULL;
uint32_t count = sids->num_sids;
NTSTATUS status;
@@ -545,6 +550,7 @@ static bool test_LookupSids3(struct dcerpc_pipe *p,
r.in.count = &count;
r.in.unknown1 = 0;
r.in.unknown2 = 0;
+ r.out.domains = &domains;
r.out.count = &count;
r.out.names = &names;
@@ -594,6 +600,7 @@ bool test_many_LookupSids(struct dcerpc_pipe *p,
if (handle) {
struct lsa_LookupSids r;
struct lsa_TransNameArray names;
+ struct lsa_RefDomainList *domains = NULL;
names.count = 0;
names.names = NULL;
@@ -604,6 +611,7 @@ bool test_many_LookupSids(struct dcerpc_pipe *p,
r.in.count = &names.count;
r.out.count = &count;
r.out.names = &names;
+ r.out.domains = &domains;
status = dcerpc_lsa_LookupSids(p, mem_ctx, &r);
if (!NT_STATUS_IS_OK(status)) {
@@ -619,6 +627,7 @@ bool test_many_LookupSids(struct dcerpc_pipe *p,
} else if (p->conn->security_state.auth_info->auth_type == DCERPC_AUTH_TYPE_SCHANNEL &&
p->conn->security_state.auth_info->auth_level >= DCERPC_AUTH_LEVEL_INTEGRITY) {
struct lsa_LookupSids3 r;
+ struct lsa_RefDomainList *domains = NULL;
struct lsa_TransNameArray2 names;
names.count = 0;
@@ -634,6 +643,7 @@ bool test_many_LookupSids(struct dcerpc_pipe *p,
r.in.unknown2 = 0;
r.out.count = &count;
r.out.names = &names;
+ r.out.domains = &domains;
status = dcerpc_lsa_LookupSids3(p, mem_ctx, &r);
if (!NT_STATUS_IS_OK(status)) {
@@ -683,6 +693,7 @@ static bool test_LookupSids_async(struct dcerpc_pipe *p,
uint32_t *count;
struct lsa_TransNameArray *names;
struct lsa_LookupSids *r;
+ struct lsa_RefDomainList *domains = NULL;
struct rpc_request **req;
int i, replies;
bool ret = true;
@@ -714,6 +725,7 @@ static bool test_LookupSids_async(struct dcerpc_pipe *p,
r[i].in.count = &names[i].count;
r[i].out.count = &count[i];
r[i].out.names = &names[i];
+ r[i].out.domains = &domains;
req[i] = dcerpc_lsa_LookupSids_send(p, req, &r[i]);
if (req[i] == NULL) {
diff --git a/source4/winbind/wb_async_helpers.c b/source4/winbind/wb_async_helpers.c
index 25d52a16b5..b9c37ca588 100644
--- a/source4/winbind/wb_async_helpers.c
+++ b/source4/winbind/wb_async_helpers.c
@@ -41,6 +41,7 @@ struct lsa_lookupsids_state {
struct lsa_LookupSids r;
struct lsa_SidArray sids;
struct lsa_TransNameArray names;
+ struct lsa_RefDomainList *domains;
uint32_t count;
struct wb_sid_object **result;
};
@@ -76,6 +77,9 @@ struct composite_context *wb_lsa_lookupsids_send(TALLOC_CTX *mem_ctx,
if (state->sids.sids[i].sid == NULL) goto failed;
}
+ state->domains = talloc(state, struct lsa_RefDomainList);
+ if (state->domains == NULL) goto failed;
+
state->count = 0;
state->num_sids = num_sids;
state->names.count = 0;
@@ -88,6 +92,7 @@ struct composite_context *wb_lsa_lookupsids_send(TALLOC_CTX *mem_ctx,
state->r.in.count = &state->count;
state->r.out.names = &state->names;
state->r.out.count = &state->count;
+ state->r.out.domains = &state->domains;
req = dcerpc_lsa_LookupSids_send(lsa_pipe, state, &state->r);
if (req == NULL) goto failed;
@@ -125,6 +130,8 @@ static void lsa_lookupsids_recv_names(struct rpc_request *req)
struct lsa_TranslatedName *name =
&state->r.out.names->names[i];
struct lsa_DomainInfo *dom;
+ struct lsa_RefDomainList *domains =
+ state->domains;
state->result[i] = talloc_zero(state->result,
struct wb_sid_object);
@@ -135,13 +142,13 @@ static void lsa_lookupsids_recv_names(struct rpc_request *req)
continue;
}
- if (name->sid_index >= state->r.out.domains->count) {
+ if (name->sid_index >= domains->count) {
composite_error(state->ctx,
NT_STATUS_INVALID_PARAMETER);
return;
}
- dom = &state->r.out.domains->domains[name->sid_index];
+ dom = &domains->domains[name->sid_index];
state->result[i]->domain = talloc_reference(state->result[i],
dom->name.string);
if ((name->sid_type == SID_NAME_DOMAIN) ||