diff options
| -rw-r--r-- | source4/librpc/idl/lsa.idl | 36 | ||||
| -rw-r--r-- | source4/librpc/ndr/ndr.c | 11 | ||||
| -rw-r--r-- | source4/librpc/ndr/ndr_basic.c | 2 | ||||
| -rw-r--r-- | source4/librpc/ndr/ndr_lsa.c | 199 | ||||
| -rw-r--r-- | source4/librpc/ndr/ndr_lsa.h | 46 | ||||
| -rw-r--r-- | source4/librpc/rpc/rpc_lsa.c | 20 | ||||
| -rw-r--r-- | source4/torture/rpc/lsa.c | 61 |
7 files changed, 372 insertions, 3 deletions
diff --git a/source4/librpc/idl/lsa.idl b/source4/librpc/idl/lsa.idl index e043582f1d..c807f19d49 100644 --- a/source4/librpc/idl/lsa.idl +++ b/source4/librpc/idl/lsa.idl @@ -54,4 +54,40 @@ [out,ref] lsa_SidArray *sids ); + typedef struct { + uint16 name_len; + uint16 name_size; + unistr *name; + } lsa_Name; + + typedef struct { + uint16 sid_type; + lsa_Name name; + uint32 sid_index; + } lsa_TranslatedName; + + typedef struct { + uint32 count; + [size_is(count)] lsa_TranslatedName *names; + } lsa_TransNameArray; + + typedef struct { + lsa_Name name; + dom_sid2 *sid; + } lsa_TrustInformation; + + typedef struct { + uint32 count; + [size_is(count)] lsa_TrustInformation *domains; + uint32 max_count; + } lsa_RefDomainList; + + NTSTATUS lsa_LookupSids ( + [in,ref] policy_handle *handle, + [in,ref] lsa_SidArray *sids, + [out] lsa_RefDomainList *domains, + [in,out,ref] lsa_TransNameArray *names, + [in] uint16 level, + [in,out,ref] uint32 *count + ); } diff --git a/source4/librpc/ndr/ndr.c b/source4/librpc/ndr/ndr.c index dabe75d5ac..2413e7322d 100644 --- a/source4/librpc/ndr/ndr.c +++ b/source4/librpc/ndr/ndr.c @@ -196,10 +196,19 @@ NTSTATUS ndr_push_array(struct ndr_push *ndr, int ndr_flags, void *base, int i; char *p = base; NDR_CHECK(ndr_push_uint32(ndr, count)); + if (!(ndr_flags & NDR_SCALARS)) goto buffers; for (i=0;i<count;i++) { - NDR_CHECK(push_fn(ndr, ndr_flags, p)); + NDR_CHECK(push_fn(ndr, NDR_SCALARS, p)); p += elsize; } + if (!(ndr_flags & NDR_BUFFERS)) goto done; +buffers: + p = base; + for (i=0;i<count;i++) { + NDR_CHECK(push_fn(ndr, NDR_BUFFERS, p)); + p += elsize; + } +done: return NT_STATUS_OK; } diff --git a/source4/librpc/ndr/ndr_basic.c b/source4/librpc/ndr/ndr_basic.c index 21bd36963c..3e6d0b30e6 100644 --- a/source4/librpc/ndr/ndr_basic.c +++ b/source4/librpc/ndr/ndr_basic.c @@ -257,7 +257,7 @@ NTSTATUS ndr_pull_unistr(struct ndr_pull *ndr, const char **s) return NT_STATUS_INVALID_PARAMETER; } NDR_ALLOC_N(ndr, ws, (len1+1)*2); - NDR_CHECK(ndr_pull_bytes(ndr, ws, len1*2)); + NDR_CHECK(ndr_pull_bytes(ndr, ws, len2*2)); SSVAL(ws, len1*2, 0); SSVAL(ws, len2*2, 0); pull_ucs2_talloc(ndr->mem_ctx, &as, (const smb_ucs2_t *)ws); diff --git a/source4/librpc/ndr/ndr_lsa.c b/source4/librpc/ndr/ndr_lsa.c index 533e895006..8e42b3786b 100644 --- a/source4/librpc/ndr/ndr_lsa.c +++ b/source4/librpc/ndr/ndr_lsa.c @@ -258,3 +258,202 @@ NTSTATUS ndr_pull_lsa_EnumSids(struct ndr_pull *ndr, struct lsa_EnumSids *r) return NT_STATUS_OK; } +static NTSTATUS ndr_push_lsa_Name(struct ndr_push *ndr, int ndr_flags, struct lsa_Name *r) +{ + if (!(ndr_flags & NDR_SCALARS)) goto buffers; + NDR_CHECK(ndr_push_uint16(ndr, r->name_len)); + NDR_CHECK(ndr_push_uint16(ndr, r->name_size)); + NDR_CHECK(ndr_push_ptr(ndr, r->name)); +buffers: + if (!(ndr_flags & NDR_BUFFERS)) goto done; + if (r->name) { + NDR_CHECK(ndr_push_unistr(ndr, r->name)); + } +done: + return NT_STATUS_OK; +} + +static NTSTATUS ndr_pull_lsa_Name(struct ndr_pull *ndr, int ndr_flags, struct lsa_Name *r) +{ + uint32 _ptr_name; + if (!(ndr_flags & NDR_SCALARS)) goto buffers; + NDR_CHECK(ndr_pull_uint16(ndr, &r->name_len)); + NDR_CHECK(ndr_pull_uint16(ndr, &r->name_size)); + NDR_CHECK(ndr_pull_uint32(ndr, &_ptr_name)); + if (_ptr_name) { + NDR_ALLOC(ndr, r->name); + } else { + r->name = NULL; + } +buffers: + if (!(ndr_flags & NDR_BUFFERS)) goto done; + if (r->name) { + NDR_CHECK(ndr_pull_unistr(ndr, &r->name)); + } +done: + return NT_STATUS_OK; +} + +static NTSTATUS ndr_push_lsa_TranslatedName(struct ndr_push *ndr, int ndr_flags, struct lsa_TranslatedName *r) +{ + if (!(ndr_flags & NDR_SCALARS)) goto buffers; + NDR_CHECK(ndr_push_uint16(ndr, r->sid_type)); + NDR_CHECK(ndr_push_lsa_Name(ndr, NDR_SCALARS, &r->name)); + NDR_CHECK(ndr_push_uint32(ndr, r->sid_index)); +buffers: + if (!(ndr_flags & NDR_BUFFERS)) goto done; + NDR_CHECK(ndr_push_lsa_Name(ndr, ndr_flags, &r->name)); +done: + return NT_STATUS_OK; +} + +static NTSTATUS ndr_pull_lsa_TranslatedName(struct ndr_pull *ndr, int ndr_flags, struct lsa_TranslatedName *r) +{ + if (!(ndr_flags & NDR_SCALARS)) goto buffers; + NDR_CHECK(ndr_pull_uint16(ndr, &r->sid_type)); + NDR_CHECK(ndr_pull_lsa_Name(ndr, NDR_SCALARS, &r->name)); + NDR_CHECK(ndr_pull_uint32(ndr, &r->sid_index)); +buffers: + if (!(ndr_flags & NDR_BUFFERS)) goto done; + NDR_CHECK(ndr_pull_lsa_Name(ndr, ndr_flags, &r->name)); +done: + return NT_STATUS_OK; +} + +static NTSTATUS ndr_push_lsa_TransNameArray(struct ndr_push *ndr, int ndr_flags, struct lsa_TransNameArray *r) +{ + if (!(ndr_flags & NDR_SCALARS)) goto buffers; + NDR_CHECK(ndr_push_uint32(ndr, r->count)); + NDR_CHECK(ndr_push_ptr(ndr, r->names)); +buffers: + if (!(ndr_flags & NDR_BUFFERS)) goto done; + if (r->names) { + NDR_CHECK(ndr_push_array(ndr, ndr_flags, r->names, sizeof(r->names[0]), r->count, (ndr_push_flags_fn_t)ndr_push_lsa_TranslatedName)); + } +done: + return NT_STATUS_OK; +} + +static NTSTATUS ndr_pull_lsa_TransNameArray(struct ndr_pull *ndr, int ndr_flags, struct lsa_TransNameArray *r) +{ + uint32 _ptr_names; + if (!(ndr_flags & NDR_SCALARS)) goto buffers; + NDR_CHECK(ndr_pull_uint32(ndr, &r->count)); + NDR_CHECK(ndr_pull_uint32(ndr, &_ptr_names)); + if (_ptr_names) { + NDR_ALLOC(ndr, r->names); + } else { + r->names = NULL; + } +buffers: + if (!(ndr_flags & NDR_BUFFERS)) goto done; + if (r->names) { + NDR_CHECK(ndr_pull_array(ndr, ndr_flags, (void **)&r->names, sizeof(r->names[0]), r->count, (ndr_pull_flags_fn_t)ndr_pull_lsa_TranslatedName)); + } +done: + return NT_STATUS_OK; +} + +static NTSTATUS ndr_push_lsa_TrustInformation(struct ndr_push *ndr, int ndr_flags, struct lsa_TrustInformation *r) +{ + if (!(ndr_flags & NDR_SCALARS)) goto buffers; + NDR_CHECK(ndr_push_lsa_Name(ndr, NDR_SCALARS, &r->name)); + NDR_CHECK(ndr_push_ptr(ndr, r->sid)); +buffers: + if (!(ndr_flags & NDR_BUFFERS)) goto done; + NDR_CHECK(ndr_push_lsa_Name(ndr, ndr_flags, &r->name)); + if (r->sid) { + NDR_CHECK(ndr_push_dom_sid2(ndr, r->sid)); + } +done: + return NT_STATUS_OK; +} + +static NTSTATUS ndr_pull_lsa_TrustInformation(struct ndr_pull *ndr, int ndr_flags, struct lsa_TrustInformation *r) +{ + uint32 _ptr_sid; + if (!(ndr_flags & NDR_SCALARS)) goto buffers; + NDR_CHECK(ndr_pull_lsa_Name(ndr, NDR_SCALARS, &r->name)); + NDR_CHECK(ndr_pull_uint32(ndr, &_ptr_sid)); + if (_ptr_sid) { + NDR_ALLOC(ndr, r->sid); + } else { + r->sid = NULL; + } +buffers: + if (!(ndr_flags & NDR_BUFFERS)) goto done; + NDR_CHECK(ndr_pull_lsa_Name(ndr, ndr_flags, &r->name)); + if (r->sid) { + NDR_CHECK(ndr_pull_dom_sid2(ndr, r->sid)); + } +done: + return NT_STATUS_OK; +} + +static NTSTATUS ndr_push_lsa_RefDomainList(struct ndr_push *ndr, int ndr_flags, struct lsa_RefDomainList *r) +{ + if (!(ndr_flags & NDR_SCALARS)) goto buffers; + NDR_CHECK(ndr_push_uint32(ndr, r->count)); + NDR_CHECK(ndr_push_ptr(ndr, r->domains)); + NDR_CHECK(ndr_push_uint32(ndr, r->max_count)); +buffers: + if (!(ndr_flags & NDR_BUFFERS)) goto done; + if (r->domains) { + NDR_CHECK(ndr_push_array(ndr, ndr_flags, r->domains, sizeof(r->domains[0]), r->count, (ndr_push_flags_fn_t)ndr_push_lsa_TrustInformation)); + } +done: + return NT_STATUS_OK; +} + +static NTSTATUS ndr_pull_lsa_RefDomainList(struct ndr_pull *ndr, int ndr_flags, struct lsa_RefDomainList *r) +{ + uint32 _ptr_domains; + if (!(ndr_flags & NDR_SCALARS)) goto buffers; + NDR_CHECK(ndr_pull_uint32(ndr, &r->count)); + NDR_CHECK(ndr_pull_uint32(ndr, &_ptr_domains)); + if (_ptr_domains) { + NDR_ALLOC(ndr, r->domains); + } else { + r->domains = NULL; + } + NDR_CHECK(ndr_pull_uint32(ndr, &r->max_count)); +buffers: + if (!(ndr_flags & NDR_BUFFERS)) goto done; + if (r->domains) { + NDR_CHECK(ndr_pull_array(ndr, ndr_flags, (void **)&r->domains, sizeof(r->domains[0]), r->count, (ndr_pull_flags_fn_t)ndr_pull_lsa_TrustInformation)); + } +done: + return NT_STATUS_OK; +} + +NTSTATUS ndr_push_lsa_LookupSids(struct ndr_push *ndr, struct lsa_LookupSids *r) +{ + NDR_CHECK(ndr_push_policy_handle(ndr, r->in.handle)); + NDR_CHECK(ndr_push_lsa_SidArray(ndr, NDR_SCALARS|NDR_BUFFERS, r->in.sids)); + NDR_CHECK(ndr_push_lsa_TransNameArray(ndr, NDR_SCALARS|NDR_BUFFERS, r->in.names)); + NDR_CHECK(ndr_push_uint16(ndr, r->in.level)); + NDR_CHECK(ndr_push_uint32(ndr, *r->in.count)); + + return NT_STATUS_OK; +} + +NTSTATUS ndr_pull_lsa_LookupSids(struct ndr_pull *ndr, struct lsa_LookupSids *r) +{ + uint32 _ptr_domains; + NDR_ALLOC(ndr, r->out.domains); + NDR_CHECK(ndr_pull_uint32(ndr, &_ptr_domains)); + if (_ptr_domains) { + NDR_ALLOC(ndr, r->out.domains); + } else { + r->out.domains = NULL; + } + if (r->out.domains) { + NDR_CHECK(ndr_pull_lsa_RefDomainList(ndr, NDR_SCALARS|NDR_BUFFERS, r->out.domains)); + } + NDR_CHECK(ndr_pull_lsa_TransNameArray(ndr, NDR_SCALARS|NDR_BUFFERS, r->out.names)); + NDR_CHECK(ndr_pull_uint32(ndr, r->out.count)); + NDR_CHECK(ndr_pull_NTSTATUS(ndr, &r->out.result)); + + return NT_STATUS_OK; +} + diff --git a/source4/librpc/ndr/ndr_lsa.h b/source4/librpc/ndr/ndr_lsa.h index c19a884536..ef70c5d073 100644 --- a/source4/librpc/ndr/ndr_lsa.h +++ b/source4/librpc/ndr/ndr_lsa.h @@ -66,3 +66,49 @@ struct lsa_EnumSids { }; +struct lsa_Name { + uint16 name_len; + uint16 name_size; + const char *name; +}; + +struct lsa_TranslatedName { + uint16 sid_type; + struct lsa_Name name; + uint32 sid_index; +}; + +struct lsa_TransNameArray { + uint32 count; + struct lsa_TranslatedName *names; +}; + +struct lsa_TrustInformation { + struct lsa_Name name; + struct dom_sid2 *sid; +}; + +struct lsa_RefDomainList { + uint32 count; + struct lsa_TrustInformation *domains; + uint32 max_count; +}; + +struct lsa_LookupSids { + struct { + struct policy_handle *handle; + struct lsa_SidArray *sids; + struct lsa_TransNameArray *names; + uint16 level; + uint32 *count; + } in; + + struct { + struct lsa_RefDomainList *domains; + struct lsa_TransNameArray *names; + uint32 *count; + NTSTATUS result; + } out; + +}; + diff --git a/source4/librpc/rpc/rpc_lsa.c b/source4/librpc/rpc/rpc_lsa.c index f11519a3c3..c6f6f80e73 100644 --- a/source4/librpc/rpc/rpc_lsa.c +++ b/source4/librpc/rpc/rpc_lsa.c @@ -148,3 +148,23 @@ NTSTATUS dcerpc_lsa_EnumSids(struct dcerpc_pipe *p, done: return status; } + +/* + LookupSids interface +*/ +NTSTATUS dcerpc_lsa_LookupSids(struct dcerpc_pipe *p, + TALLOC_CTX *mem_ctx, + struct lsa_LookupSids *r) +{ + NTSTATUS status; + + status = dcerpc_ndr_request(p, LSA_LOOKUPSIDS, mem_ctx, + (ndr_push_fn_t) ndr_push_lsa_LookupSids, + (ndr_pull_fn_t) ndr_pull_lsa_LookupSids, + r); + if (!NT_STATUS_IS_OK(status)) { + return status; + } + + return r->out.result; +} diff --git a/source4/torture/rpc/lsa.c b/source4/torture/rpc/lsa.c index 5cf56acd30..044c09ced0 100644 --- a/source4/torture/rpc/lsa.c +++ b/source4/torture/rpc/lsa.c @@ -144,6 +144,61 @@ static BOOL test_OpenPolicy2(struct dcerpc_pipe *p, struct policy_handle *handle } +static BOOL test_LookupSids(struct dcerpc_pipe *p, + TALLOC_CTX *mem_ctx, + struct policy_handle *handle, + struct lsa_SidArray *sids) +{ + struct lsa_LookupSids r; + struct lsa_TransNameArray names; + uint32 count = sids->num_sids; + NTSTATUS status; + int i; + + printf("\nTesting LookupSids\n"); + + names.count = 0; + names.names = NULL; + + r.in.handle = handle; + r.in.sids = sids; + r.in.names = &names; + r.in.level = 1; + r.in.count = &count; + r.out.count = &count; + r.out.names = &names; + + status = dcerpc_lsa_LookupSids(p, mem_ctx, &r); + if (!NT_STATUS_IS_OK(status)) { + printf("LookupSids failed - %s\n", nt_errstr(status)); + return False; + } + + if (r.out.domains) { + printf("lookup gave %d domains (max_count=%d)\n", + r.out.domains->count, + r.out.domains->max_count); + for (i=0;i<r.out.domains->count;i++) { + printf("name='%s' sid=%s\n", + r.out.domains->domains[i].name.name, + lsa_sid_string_talloc(mem_ctx, r.out.domains->domains[i].sid)); + } + } + + printf("lookup gave %d names (names.count=%d)\n", count, names.count); + for (i=0;i<names.count;i++) { + printf("type=%d sid_index=%d name='%s'\n", + names.names[i].sid_type, + names.names[i].sid_index, + names.names[i].name.name); + } + + + printf("\n"); + + return True; +} + static BOOL test_EnumSids(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx, struct policy_handle *handle) @@ -168,11 +223,15 @@ static BOOL test_EnumSids(struct dcerpc_pipe *p, printf("%s\n", lsa_sid_string_talloc(mem_ctx, sids1.sids[i].sid)); } + if (!test_LookupSids(p, mem_ctx, handle, &sids1)) { + return False; + } + if (sids1.num_sids < 3) { return True; } - printf("trying partial listing (asking for 1 at 2)\n"); + printf("trying EnumSids partial listing (asking for 1 at 2)\n"); resume_handle = 2; status = dcerpc_lsa_EnumSids(p, mem_ctx, handle, &resume_handle, 1, &sids2); if (!NT_STATUS_IS_OK(status)) { |