summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--source4/build/pidl/header.pm36
-rw-r--r--source4/libcli/auth/credentials.c12
-rw-r--r--source4/librpc/idl/idl_types.h3
-rw-r--r--source4/librpc/idl/misc.idl14
-rw-r--r--source4/librpc/idl/netlogon.idl130
-rw-r--r--source4/librpc/idl/samr.idl18
-rw-r--r--source4/torture/rpc/netlogon.c44
7 files changed, 155 insertions, 102 deletions
diff --git a/source4/build/pidl/header.pm b/source4/build/pidl/header.pm
index cdc4522517..3277525487 100644
--- a/source4/build/pidl/header.pm
+++ b/source4/build/pidl/header.pm
@@ -116,28 +116,26 @@ sub HeaderEnum($$)
#####################################################################
-# parse a union element
-sub HeaderUnionElement($)
-{
- my($element) = shift;
- $res .= "/* [case($element->{CASE})] */ ";
- if ($element->{TYPE} eq "UNION_ELEMENT") {
- HeaderElement($element->{DATA});
- }
-}
-
-#####################################################################
# parse a union
sub HeaderUnion($$)
{
- my($union) = shift;
- my($name) = shift;
- (defined $union->{PROPERTIES}) && HeaderProperties($union->{PROPERTIES});
- $res .= "\nunion $name {\n";
- foreach my $e (@{$union->{DATA}}) {
- HeaderUnionElement($e);
- }
- $res .= "}";
+ my($union) = shift;
+ my($name) = shift;
+ my %done = ();
+
+ (defined $union->{PROPERTIES}) && HeaderProperties($union->{PROPERTIES});
+ $res .= "\nunion $name {\n";
+ $tab_depth++;
+ foreach my $e (@{$union->{DATA}}) {
+ if ($e->{TYPE} eq "UNION_ELEMENT") {
+ if (! defined $done{$e->{DATA}->{NAME}}) {
+ HeaderElement($e->{DATA});
+ }
+ $done{$e->{DATA}->{NAME}} = 1;
+ }
+ }
+ $tab_depth--;
+ $res .= "}";
}
#####################################################################
diff --git a/source4/libcli/auth/credentials.c b/source4/libcli/auth/credentials.c
index 5814053d5f..acc083d57f 100644
--- a/source4/libcli/auth/credentials.c
+++ b/source4/libcli/auth/credentials.c
@@ -23,8 +23,7 @@
#include "includes.h"
/*
- initialise the credentials state and return the initial credentials
- to be sent as part of a netr_ServerAuthenticate*() call.
+ initialise the credentials state
this call is made after the netr_ServerReqChallenge call
*/
@@ -60,7 +59,8 @@ static void creds_init(struct netr_CredentialState *creds,
/*
- step the credentials to the next element in the chain
+ step the credentials to the next element in the chain, updating the
+ current client and server credentials and the seed
*/
static void creds_step(struct netr_CredentialState *creds)
{
@@ -96,6 +96,12 @@ static void creds_step(struct netr_CredentialState *creds)
}
+
+/*****************************************************************
+The above functions are common to the client and server interface
+next comes the client specific functions
+******************************************************************/
+
/*
initialise the credentials chain and return the first client
credentials
diff --git a/source4/librpc/idl/idl_types.h b/source4/librpc/idl/idl_types.h
index 9a9d7fdaf6..f684ba7dd7 100644
--- a/source4/librpc/idl/idl_types.h
+++ b/source4/librpc/idl/idl_types.h
@@ -63,3 +63,6 @@
this is used to control formatting of uint8 arrays
*/
#define NDR_PAHEX LIBNDR_PRINT_ARRAY_HEX
+
+
+#define bool8 uint8
diff --git a/source4/librpc/idl/misc.idl b/source4/librpc/idl/misc.idl
index 076b128988..d974b5465c 100644
--- a/source4/librpc/idl/misc.idl
+++ b/source4/librpc/idl/misc.idl
@@ -50,10 +50,20 @@ interface misc
[relative] security_acl *dacl; /* user (discretionary) ACL */
} security_descriptor;
- /* we declare this noprint so we can supply
- a nicer pretty-print routine */
typedef [public, flag(NDR_PAHEX)] struct {
uint8 data[20];
} policy_handle;
+
+ /* a 4 byte aligned 64-bit integer */
+ typedef [public] struct {
+ uint32 low;
+ uint32 high;
+ } ULONG8;
+
+ /* this is also used in samr and netlogon */
+ typedef [public] struct {
+ uint32 units_per_week;
+ [size_is(1260), length_is(units_per_week/8)] uint8 *bitmap;
+ } samr_LogonHours;
}
diff --git a/source4/librpc/idl/netlogon.idl b/source4/librpc/idl/netlogon.idl
index 5d30b51157..c97090dabd 100644
--- a/source4/librpc/idl/netlogon.idl
+++ b/source4/librpc/idl/netlogon.idl
@@ -280,7 +280,6 @@ interface netlogon
[out] netr_Authenticator return_authenticator
);
-#if 0
/*****************/
/* Function 0x07 */
@@ -298,7 +297,7 @@ interface netlogon
} DELTA_DELETE_USER;
typedef struct {
- bool SensitiveDataFlag;
+ bool8 SensitiveDataFlag;
uint32 DataLength;
[size_is(DataLength)] uint8 *SensitiveData;
} USER_PRIVATE_INFO;
@@ -315,24 +314,24 @@ interface netlogon
netr_String workstations;
NTTIME LastLogon;
NTTIME LastLogoff;
- LOGON_HOURS logonhours;
+ samr_LogonHours logon_hours;
uint16 BadPwCount;
uint16 LogonCount;
NTTIME PwLastSet;
NTTIME AccountExpires;
uint32 AccountControl;
- LM_OWF_PASSWORD lmpw;
- NT_OWF_PASSWORD ntpw;
- bool NTPwPresent;
- bool LMPwPresent;
- bool PwExpired;
+ netr_Password lmpw;
+ netr_Password ntpw;
+ bool8 NTPwPresent;
+ bool8 LMPwPresent;
+ bool8 PwExpired;
netr_String UserComment;
netr_String Parameters;
uint16 CountryCode;
uint16 CodePage;
USER_PRIVATE_INFO user_private_info;
uint32 SecurityInformation;
- LSA_SECURITY_DESCRIPTOR sec_desc;
+ security_descriptor sec_desc;
netr_String unknown1;
netr_String unknown2;
netr_String unknown3;
@@ -354,7 +353,7 @@ interface netlogon
NTTIME domain_modify_time;
NTTIME domain_create_time;
uint32 SecurityInformation;
- LSA_SECURITY_DESCRIPTOR sec_desc;
+ security_descriptor sec_desc;
netr_String unknown1;
netr_String unknown2;
netr_String unknown3;
@@ -367,10 +366,10 @@ interface netlogon
typedef struct {
netr_String groupname;
- GROUP_MEMBERSHIP group_membership;
+ netr_GroupMembership group_membership;
netr_String comment;
uint32 SecurityInformation;
- LSA_SECURITY_DESCRIPTOR sec_desc;
+ security_descriptor sec_desc;
netr_String unknown1;
netr_String unknown2;
netr_String unknown3;
@@ -408,7 +407,7 @@ interface netlogon
netr_String alias_name;
uint32 rid;
uint32 SecurityInformation;
- LSA_SECURITY_DESCRIPTOR sec_desc;
+ security_descriptor sec_desc;
netr_String unknown1;
netr_String unknown2;
netr_String unknown3;
@@ -420,7 +419,12 @@ interface netlogon
} DELTA_ALIAS;
typedef struct {
- SID_ARRAY sids;
+ uint32 count;
+ [size_is(count)] dom_sid2 *sids;
+ } netr_SidArray;
+
+ typedef struct {
+ netr_SidArray sids;
uint32 unknown1;
uint32 unknown2;
uint32 unknown3;
@@ -439,16 +443,16 @@ interface netlogon
typedef struct {
uint32 maxlogsize;
NTTIME auditretentionperiod;
- bool auditingmode;
+ bool8 auditingmode;
uint32 maxauditeventcount;
[size_is(maxauditeventcount)] uint32 *eventauditoptions;
netr_String primarydomainname;
- dom_sid2 *sid;
+ dom_sid2 *sid;
QUOTA_LIMITS quota_limits;
NTTIME db_modify_time;
NTTIME db_create_time;
uint32 SecurityInformation;
- LSA_SECURITY_DESCRIPTOR sec_desc;
+ security_descriptor sec_desc;
netr_String unknown1;
netr_String unknown2;
netr_String unknown3;
@@ -464,7 +468,7 @@ interface netlogon
uint32 num_controllers;
[size_is(num_controllers)] netr_String *controller_names;
uint32 SecurityInformation;
- LSA_SECURITY_DESCRIPTOR sec_desc;
+ security_descriptor sec_desc;
netr_String unknown1;
netr_String unknown2;
netr_String unknown3;
@@ -476,13 +480,13 @@ interface netlogon
} DELTA_TRUSTED_DOMAINS;
typedef struct {
- uint32 privilegeentries;
- uint32 provolegecontrol;
+ uint32 privilege_entries;
+ uint32 privilege_control;
[size_is(privilege_entries)] uint32 *privilege_attrib;
[size_is(privilege_entries)] netr_String *privilege_name;
- QUOTALIMITS quotalimits;
+ QUOTA_LIMITS quotalimits;
uint32 SecurityInformation;
- LSA_SECURITY_DESCRIPTOR sec_desc;
+ security_descriptor sec_desc;
netr_String unknown1;
netr_String unknown2;
netr_String unknown3;
@@ -505,7 +509,7 @@ interface netlogon
CIPHER_VALUE old_cipher;
NTTIME old_cipher_set_time;
uint32 SecurityInformation;
- LSA_SECURITY_DESCRIPTOR sec_desc;
+ security_descriptor sec_desc;
netr_String unknown1;
netr_String unknown2;
netr_String unknown3;
@@ -516,20 +520,15 @@ interface netlogon
uint32 unknown8;
} DELTA_SECRET;
- typedef struct {
- uint32 low_value;
- uint32 high_value;
- } xxx;
-
- typedef [switch_type(short)] union {
+ typedef union {
[case(1)] DELTA_DOMAIN *domain;
[case(2)] DELTA_GROUP *group;
- [case(4)] DELTA_RENAME_GROUP *rename_group;
+ [case(4)] DELTA_RENAME *rename_group;
[case(5)] DELTA_USER *user;
- [case(7)] DELTA_RENAME_USER *rename_user;
+ [case(7)] DELTA_RENAME *rename_user;
[case(8)] DELTA_GROUP_MEMBER *group_member;
[case(9)] DELTA_ALIAS *alias;
- [case(11)] DELTA_RENAME_ALIAS *rename_alias;
+ [case(11)] DELTA_RENAME *rename_alias;
[case(12)] DELTA_ALIAS_MEMBER *alias_member;
[case(13)] DELTA_POLICY *policy;
[case(14)] DELTA_TRUSTED_DOMAINS *trusted_domains;
@@ -537,10 +536,10 @@ interface netlogon
[case(18)] DELTA_SECRET *secret;
[case(20)] DELTA_DELETE_USER *delete_group;
[case(21)] DELTA_DELETE_USER *delete_user;
- [case(22)] MODIFIED_COUNT *modified_count;
+ [case(22)] HYPER_T *modified_count;
} DELTA_UNION;
- typedef [switch_type(short)] union {
+ typedef union {
[case(1)] uint32 rid;
[case(2)] uint32 rid;
[case(3)] uint32 rid;
@@ -566,8 +565,8 @@ interface netlogon
typedef struct {
uint16 delta_type;
- DELTA_ID_UNION delta_id_union;
- DELTA_UNION delta_union;
+ [switch_is(delta_type)] DELTA_ID_UNION delta_id_union;
+ [switch_is(delta_type)] DELTA_UNION delta_union;
} DELTA_ENUM;
typedef struct {
@@ -576,32 +575,35 @@ interface netlogon
} DELTA_ENUM_ARRAY;
- WERROR netr_DatabaseDeltas(
- [in][string][ref] wchar_t *logonserver, # REF!!!
- [in][string][ref] wchar_t *computername,
- [in][ref] AUTHENTICATOR credential,
- [in][out][ref] AUTHENTICATOR return_authenticator,
- [in] uint32 database_id,
- [in][out][ref] MODIFIED_COUNT domain_modify_count,
- [in] uint32 preferredmaximumlength,
- [out] DELTA_ENUM_ARRAY *delta_enum_array
+ NTSTATUS netr_DatabaseDeltas(
+ [in] unistr logonserver,
+ [in] unistr computername,
+ [in] netr_Authenticator credential,
+ [in,out] netr_Authenticator return_authenticator,
+ [in] uint32 database_id,
+ [in,out] HYPER_T domain_modify_count,
+ [in] uint32 preferredmaximumlength,
+ [out] DELTA_ENUM_ARRAY *delta_enum_array
);
/*****************/
/* Function 0x08 */
- WERROR netr_DatabaseSync(
- [in][string][ref] wchar_t *logonserver, # REF!!!
- [in][string][ref] wchar_t *computername,
- [in][ref] AUTHENTICATOR credential,
- [in][out][ref] AUTHENTICATOR return_authenticator,
- [in] uint32 database_id,
- [in][out][ref] uint32 sync_context,
- [in] uint32 preferredmaximumlength,
- [out] DELTA_ENUM_ARRAY *delta_enum_array
+ NTSTATUS netr_DatabaseSync(
+ [in] unistr logonserver,
+ [in] unistr computername,
+ [in] netr_Authenticator credential,
+ [in,out] netr_Authenticator return_authenticator,
+ [in] uint32 database_id,
+ [in,out] uint32 sync_context,
+ [in] uint32 preferredmaximumlength,
+ [out] DELTA_ENUM_ARRAY *delta_enum_array
);
+#if 0
+
+
/*****************/
/* Function 0x09 */
@@ -612,7 +614,7 @@ interface netlogon
uint32 serial_number;
} UAS_INFO_0;
- WERROR netr_AccountDeltas(
+ NTSTATUS netr_AccountDeltas(
[in][string] wchar_t *logonserver,
[in][string][ref] wchar_t *computername,
[in][ref] AUTHENTICATOR credential,
@@ -630,7 +632,7 @@ interface netlogon
/*****************/
/* Function 0x0A */
- WERROR netr_AccountSync(
+ NTSTATUS netr_AccountSync(
[in][string] wchar_t *logonserver,
[in][string][ref] wchar_t *computername,
[in][ref] AUTHENTICATOR credential,
@@ -649,7 +651,7 @@ interface netlogon
/*****************/
/* Function 0x0B */
- WERROR netr_GetDcName(
+ NTSTATUS netr_GetDcName(
[in] unistr logon_server,
[in] unistr *domainname,
[out]unistr *dcname,
@@ -687,7 +689,7 @@ interface netlogon
/*****************/
/* Function 0x0C */
- WERROR netr_LogonControl(
+ NTSTATUS netr_LogonControl(
[in][string] wchar_t *logonserver,
[in] uint32 function_code,
[in] uint32 level,
@@ -698,7 +700,7 @@ interface netlogon
/*****************/
/* Function 0x0D */
- WERROR netr_GetAnyDCName(
+ NTSTATUS netr_GetAnyDCName(
[in] unistr *logon_server,
[in] unistr *domainname,
[out]unistr *dcname,
@@ -715,7 +717,7 @@ interface netlogon
/*****************/
/* Function 0x0E */
- WERROR netr_LogonControl2(
+ NTSTATUS netr_LogonControl2(
[in][string] wchar_t *logonserver,
[in] uint32 function_code,
[in] uint32 level,
@@ -727,7 +729,7 @@ interface netlogon
/*****************/
/* Function 0x0F */
- WERROR netr_ServerAuthenticate2(
+ NTSTATUS netr_ServerAuthenticate2(
[in][string] wchar_t *logonserver,
[in] unistr username,
[in] uint16 secure_channel_type,
@@ -741,7 +743,7 @@ interface netlogon
/*****************/
/* Function 0x10 */
- WERROR netr_DatabaseSync2(
+ NTSTATUS netr_DatabaseSync2(
[in][string][ref] wchar_t *logonserver, # REF!!!
[in][string][ref] wchar_t *computername,
[in][ref] AUTHENTICATOR credential,
@@ -757,7 +759,7 @@ interface netlogon
/*****************/
/* Function 0x11 */
- WERROR netr_DatabaseRedo(
+ NTSTATUS netr_DatabaseRedo(
[in][string][ref] wchar_t *logonserver, # REF!!!
[in][string][ref] wchar_t *computername,
[in][ref] AUTHENTICATOR credential,
@@ -771,7 +773,7 @@ interface netlogon
/*****************/
/* Function 0x12 */
- WERROR netr_LogonControl2Ex(
+ NTSTATUS netr_LogonControl2Ex(
[in][string] wchar_t *logonserver,
[in] uint32 function_code,
[in] uint32 level,
diff --git a/source4/librpc/idl/samr.idl b/source4/librpc/idl/samr.idl
index cd44c9174a..e690e7b616 100644
--- a/source4/librpc/idl/samr.idl
+++ b/source4/librpc/idl/samr.idl
@@ -13,12 +13,6 @@
pointer_default(unique)
] interface samr
{
- /* a 4 byte aligned 64-bit integer */
- typedef [public] struct {
- uint32 low;
- uint32 high;
- } ULONG8;
-
/******************/
/* Function: 0x00 */
NTSTATUS samr_Connect (
@@ -491,16 +485,14 @@
NTTIME last_pwd_change;
NTTIME allow_pwd_change;
NTTIME force_pwd_change;
- uint32 units_per_week;
- [size_is(1260), length_is(units_per_week/8)] uint8 *logon_hours;
+ samr_LogonHours logon_hours;
uint16 bad_pwd_count;
uint16 num_logons;
uint32 acct_flags;
} samr_UserInfo3;
typedef struct {
- uint32 units_per_week;
- [size_is(1260), length_is(units_per_week/8)] uint8 *logon_hours;
+ samr_LogonHours logon_hours;
} samr_UserInfo4;
typedef struct {
@@ -516,8 +508,7 @@
samr_Name workstations;
NTTIME last_logon;
NTTIME last_logoff;
- uint32 units_per_week;
- [size_is(1260), length_is(units_per_week/8)] uint8 *logon_hours;
+ samr_LogonHours logon_hours;
uint16 bad_pwd_count;
uint16 num_logons;
NTTIME last_pwd_change;
@@ -601,8 +592,7 @@
uint32 primary_gid;
uint32 acct_flags;
uint32 fields_present;
- uint32 units_per_week;
- [size_is(1260), length_is(units_per_week/8)] uint8 *logon_hours;
+ samr_LogonHours logon_hours;
uint16 bad_pwd_count;
uint16 num_logons;
uint16 country_code;
diff --git a/source4/torture/rpc/netlogon.c b/source4/torture/rpc/netlogon.c
index 354a516884..dac9f8c4ea 100644
--- a/source4/torture/rpc/netlogon.c
+++ b/source4/torture/rpc/netlogon.c
@@ -220,6 +220,8 @@ static BOOL test_SetPassword(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx)
printf("Credential chaining failed\n");
}
+ /* by changing the machine password twice we test the credentials
+ chaining fully */
printf("Testing a second ServerPasswordSet on machine account\n");
creds_client_authenticator(&creds, &r.in.credential);
@@ -238,6 +240,44 @@ static BOOL test_SetPassword(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx)
}
+/*
+ try a netlogon DatabaseSync
+*/
+static BOOL test_DatabaseSync(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx)
+{
+ NTSTATUS status;
+ struct netr_DatabaseSync r;
+ struct netr_CredentialState creds;
+
+ if (!test_SetupCredentials(p, mem_ctx, &creds)) {
+ return False;
+ }
+
+ creds_client_authenticator(&creds, &r.in.credential);
+ ZERO_STRUCT(r.in.return_authenticator);
+
+ r.in.logonserver = talloc_asprintf(mem_ctx, "\\\\%s", dcerpc_server_name(p));
+ r.in.computername = lp_netbios_name();
+ r.in.database_id = 1;
+ r.in.sync_context = 1;
+ r.in.preferredmaximumlength = (uint32)-1;
+
+ printf("Testing DatabaseSync\n");
+
+ status = dcerpc_netr_DatabaseSync(p, mem_ctx, &r);
+ if (!NT_STATUS_IS_OK(status)) {
+ printf("DatabaseSync - %s\n", nt_errstr(status));
+ return False;
+ }
+
+ if (!creds_client_check(&creds, &r.out.return_authenticator.cred)) {
+ printf("Credential chaining failed\n");
+ }
+
+ return True;
+}
+
+
BOOL torture_rpc_netlogon(int dummy)
{
NTSTATUS status;
@@ -273,6 +313,10 @@ BOOL torture_rpc_netlogon(int dummy)
ret = False;
}
+ if (!test_DatabaseSync(p, mem_ctx)) {
+ ret = False;
+ }
+
torture_rpc_close(p);
return ret;