diff options
Diffstat (limited to 'source4')
-rw-r--r-- | source4/librpc/idl/lsa.idl | 23 | ||||
-rw-r--r-- | source4/librpc/ndr/ndr_basic.c | 29 | ||||
-rw-r--r-- | source4/librpc/ndr/ndr_lsa.c | 97 | ||||
-rw-r--r-- | source4/librpc/ndr/ndr_lsa.h | 30 | ||||
-rw-r--r-- | source4/librpc/rpc/rpc_lsa.c | 20 | ||||
-rw-r--r-- | source4/torture/rpc/lsa.c | 68 |
6 files changed, 262 insertions, 5 deletions
diff --git a/source4/librpc/idl/lsa.idl b/source4/librpc/idl/lsa.idl index c807f19d49..886b8fd225 100644 --- a/source4/librpc/idl/lsa.idl +++ b/source4/librpc/idl/lsa.idl @@ -57,7 +57,7 @@ typedef struct { uint16 name_len; uint16 name_size; - unistr *name; + unistr_noterm *name; } lsa_Name; typedef struct { @@ -90,4 +90,25 @@ [in] uint16 level, [in,out,ref] uint32 *count ); + + typedef struct { + uint16 sid_type; + uint32 rid; + uint32 sid_index; + } lsa_TranslatedSid; + + typedef struct { + uint32 count; + [size_is(count)] lsa_TranslatedSid *sids; + } lsa_TransSidArray; + + NTSTATUS lsa_LookupNames ( + [in,ref] policy_handle *handle, + [in] uint32 num_names, + [in,ref,size_is(num_names)] lsa_Name *names, + [out] lsa_RefDomainList *domains, + [in,out,ref] lsa_TransSidArray *sids, + [in] uint16 level, + [in,out,ref] uint32 *count + ); } diff --git a/source4/librpc/ndr/ndr_basic.c b/source4/librpc/ndr/ndr_basic.c index 3e6d0b30e6..6ada49997f 100644 --- a/source4/librpc/ndr/ndr_basic.c +++ b/source4/librpc/ndr/ndr_basic.c @@ -221,7 +221,7 @@ NTSTATUS ndr_push_length4_end(struct ndr_push *ndr, struct ndr_push_save *save) */ NTSTATUS ndr_push_ptr(struct ndr_push *ndr, const void *p) { - return ndr_push_uint32(ndr, p?1:0); + return ndr_push_uint32(ndr, p?0xaabbccdd:0); } /* @@ -243,6 +243,25 @@ NTSTATUS ndr_push_unistr(struct ndr_push *ndr, const char *s) } /* + push a comformant, variable ucs2 string onto the wire from a C string + don't send the null +*/ +NTSTATUS ndr_push_unistr_noterm(struct ndr_push *ndr, const char *s) +{ + char *ws; + ssize_t len; + len = push_ucs2_talloc(ndr->mem_ctx, (smb_ucs2_t **)&ws, s); + if (len == -1) { + return NT_STATUS_INVALID_PARAMETER; + } + NDR_CHECK(ndr_push_uint32(ndr, len/2 - 1)); + NDR_CHECK(ndr_push_uint32(ndr, 0)); + NDR_CHECK(ndr_push_uint32(ndr, len/2 - 1)); + NDR_CHECK(ndr_push_bytes(ndr, ws, len - 2)); + return NT_STATUS_OK; +} + +/* pull a comformant, variable ucs2 string from the wire into a C string */ NTSTATUS ndr_pull_unistr(struct ndr_pull *ndr, const char **s) @@ -269,6 +288,14 @@ NTSTATUS ndr_pull_unistr(struct ndr_pull *ndr, const char **s) } /* + pull a comformant, variable ucs2 string from the wire into a C string +*/ +NTSTATUS ndr_pull_unistr_noterm(struct ndr_pull *ndr, const char **s) +{ + return ndr_pull_unistr(ndr, s); +} + +/* push a 4 byte offset pointer, remembering where we are so we can later fill in the correct value */ diff --git a/source4/librpc/ndr/ndr_lsa.c b/source4/librpc/ndr/ndr_lsa.c index 8e42b3786b..12b981c1e7 100644 --- a/source4/librpc/ndr/ndr_lsa.c +++ b/source4/librpc/ndr/ndr_lsa.c @@ -267,7 +267,7 @@ static NTSTATUS ndr_push_lsa_Name(struct ndr_push *ndr, int ndr_flags, struct ls buffers: if (!(ndr_flags & NDR_BUFFERS)) goto done; if (r->name) { - NDR_CHECK(ndr_push_unistr(ndr, r->name)); + NDR_CHECK(ndr_push_unistr_noterm(ndr, r->name)); } done: return NT_STATUS_OK; @@ -288,7 +288,7 @@ static NTSTATUS ndr_pull_lsa_Name(struct ndr_pull *ndr, int ndr_flags, struct ls buffers: if (!(ndr_flags & NDR_BUFFERS)) goto done; if (r->name) { - NDR_CHECK(ndr_pull_unistr(ndr, &r->name)); + NDR_CHECK(ndr_pull_unistr_noterm(ndr, &r->name)); } done: return NT_STATUS_OK; @@ -457,3 +457,96 @@ NTSTATUS ndr_pull_lsa_LookupSids(struct ndr_pull *ndr, struct lsa_LookupSids *r) return NT_STATUS_OK; } +static NTSTATUS ndr_push_lsa_TranslatedSid(struct ndr_push *ndr, int ndr_flags, struct lsa_TranslatedSid *r) +{ + if (!(ndr_flags & NDR_SCALARS)) goto buffers; + NDR_CHECK(ndr_push_uint16(ndr, r->sid_type)); + NDR_CHECK(ndr_push_uint32(ndr, r->rid)); + NDR_CHECK(ndr_push_uint32(ndr, r->sid_index)); +buffers: + if (!(ndr_flags & NDR_BUFFERS)) goto done; +done: + return NT_STATUS_OK; +} + +static NTSTATUS ndr_pull_lsa_TranslatedSid(struct ndr_pull *ndr, int ndr_flags, struct lsa_TranslatedSid *r) +{ + if (!(ndr_flags & NDR_SCALARS)) goto buffers; + NDR_CHECK(ndr_pull_uint16(ndr, &r->sid_type)); + NDR_CHECK(ndr_pull_uint32(ndr, &r->rid)); + NDR_CHECK(ndr_pull_uint32(ndr, &r->sid_index)); +buffers: + if (!(ndr_flags & NDR_BUFFERS)) goto done; +done: + return NT_STATUS_OK; +} + +static NTSTATUS ndr_push_lsa_TransSidArray(struct ndr_push *ndr, int ndr_flags, struct lsa_TransSidArray *r) +{ + if (!(ndr_flags & NDR_SCALARS)) goto buffers; + NDR_CHECK(ndr_push_uint32(ndr, r->count)); + NDR_CHECK(ndr_push_ptr(ndr, r->sids)); +buffers: + if (!(ndr_flags & NDR_BUFFERS)) goto done; + if (r->sids) { + NDR_CHECK(ndr_push_array(ndr, ndr_flags, r->sids, sizeof(r->sids[0]), r->count, (ndr_push_flags_fn_t)ndr_push_lsa_TranslatedSid)); + } +done: + return NT_STATUS_OK; +} + +static NTSTATUS ndr_pull_lsa_TransSidArray(struct ndr_pull *ndr, int ndr_flags, struct lsa_TransSidArray *r) +{ + uint32 _ptr_sids; + if (!(ndr_flags & NDR_SCALARS)) goto buffers; + NDR_CHECK(ndr_pull_uint32(ndr, &r->count)); + NDR_CHECK(ndr_pull_uint32(ndr, &_ptr_sids)); + if (_ptr_sids) { + NDR_ALLOC(ndr, r->sids); + } else { + r->sids = NULL; + } +buffers: + if (!(ndr_flags & NDR_BUFFERS)) goto done; + if (r->sids) { + NDR_CHECK(ndr_pull_array(ndr, ndr_flags, (void **)&r->sids, sizeof(r->sids[0]), r->count, (ndr_pull_flags_fn_t)ndr_pull_lsa_TranslatedSid)); + } +done: + return NT_STATUS_OK; +} + +NTSTATUS ndr_push_lsa_LookupNames(struct ndr_push *ndr, struct lsa_LookupNames *r) +{ + NDR_CHECK(ndr_push_policy_handle(ndr, r->in.handle)); + NDR_CHECK(ndr_push_uint32(ndr, r->in.num_names)); + if (r->in.names) { + int ndr_flags = NDR_SCALARS|NDR_BUFFERS; + NDR_CHECK(ndr_push_array(ndr, ndr_flags, r->in.names, sizeof(r->in.names[0]), r->in.num_names, (ndr_push_flags_fn_t)ndr_push_lsa_Name)); + } + NDR_CHECK(ndr_push_lsa_TransSidArray(ndr, NDR_SCALARS|NDR_BUFFERS, r->in.sids)); + NDR_CHECK(ndr_push_uint16(ndr, r->in.level)); + NDR_CHECK(ndr_push_uint32(ndr, *r->in.count)); + + return NT_STATUS_OK; +} + +NTSTATUS ndr_pull_lsa_LookupNames(struct ndr_pull *ndr, struct lsa_LookupNames *r) +{ + uint32 _ptr_domains; + NDR_ALLOC(ndr, r->out.domains); + NDR_CHECK(ndr_pull_uint32(ndr, &_ptr_domains)); + if (_ptr_domains) { + NDR_ALLOC(ndr, r->out.domains); + } else { + r->out.domains = NULL; + } + if (r->out.domains) { + NDR_CHECK(ndr_pull_lsa_RefDomainList(ndr, NDR_SCALARS|NDR_BUFFERS, r->out.domains)); + } + NDR_CHECK(ndr_pull_lsa_TransSidArray(ndr, NDR_SCALARS|NDR_BUFFERS, r->out.sids)); + NDR_CHECK(ndr_pull_uint32(ndr, r->out.count)); + NDR_CHECK(ndr_pull_NTSTATUS(ndr, &r->out.result)); + + return NT_STATUS_OK; +} + diff --git a/source4/librpc/ndr/ndr_lsa.h b/source4/librpc/ndr/ndr_lsa.h index ef70c5d073..770138f349 100644 --- a/source4/librpc/ndr/ndr_lsa.h +++ b/source4/librpc/ndr/ndr_lsa.h @@ -112,3 +112,33 @@ struct lsa_LookupSids { }; +struct lsa_TranslatedSid { + uint16 sid_type; + uint32 rid; + uint32 sid_index; +}; + +struct lsa_TransSidArray { + uint32 count; + struct lsa_TranslatedSid *sids; +}; + +struct lsa_LookupNames { + struct { + struct policy_handle *handle; + uint32 num_names; + struct lsa_Name *names; + struct lsa_TransSidArray *sids; + uint16 level; + uint32 *count; + } in; + + struct { + struct lsa_RefDomainList *domains; + struct lsa_TransSidArray *sids; + uint32 *count; + NTSTATUS result; + } out; + +}; + diff --git a/source4/librpc/rpc/rpc_lsa.c b/source4/librpc/rpc/rpc_lsa.c index c6f6f80e73..82039244e7 100644 --- a/source4/librpc/rpc/rpc_lsa.c +++ b/source4/librpc/rpc/rpc_lsa.c @@ -168,3 +168,23 @@ NTSTATUS dcerpc_lsa_LookupSids(struct dcerpc_pipe *p, return r->out.result; } + +/* + LookupNames interface +*/ +NTSTATUS dcerpc_lsa_LookupNames(struct dcerpc_pipe *p, + TALLOC_CTX *mem_ctx, + struct lsa_LookupNames *r) +{ + NTSTATUS status; + + status = dcerpc_ndr_request(p, LSA_LOOKUPNAMES, mem_ctx, + (ndr_push_fn_t) ndr_push_lsa_LookupNames, + (ndr_pull_fn_t) ndr_pull_lsa_LookupNames, + r); + if (!NT_STATUS_IS_OK(status)) { + return status; + } + + return r->out.result; +} diff --git a/source4/torture/rpc/lsa.c b/source4/torture/rpc/lsa.c index 044c09ced0..3f107be41e 100644 --- a/source4/torture/rpc/lsa.c +++ b/source4/torture/rpc/lsa.c @@ -143,6 +143,69 @@ static BOOL test_OpenPolicy2(struct dcerpc_pipe *p, struct policy_handle *handle return True; } +static BOOL test_LookupNames(struct dcerpc_pipe *p, + TALLOC_CTX *mem_ctx, + struct policy_handle *handle, + struct lsa_TransNameArray *tnames) +{ + struct lsa_LookupNames r; + struct lsa_TransSidArray sids; + struct lsa_Name *names; + uint32 count = 0; + NTSTATUS status; + int i; + + printf("\nTesting LookupNames\n"); + + sids.count = 0; + sids.sids = NULL; + + names = talloc(mem_ctx, tnames->count * sizeof(names[0])); + for (i=0;i<tnames->count;i++) { + names[i].name_len = 2*strlen(tnames->names[i].name.name); + names[i].name_size = 2*strlen(tnames->names[i].name.name); + names[i].name = tnames->names[i].name.name; + } + + r.in.handle = handle; + r.in.num_names = tnames->count; + r.in.names = names; + r.in.sids = &sids; + r.in.level = 1; + r.in.count = &count; + r.out.count = &count; + r.out.sids = &sids; + + status = dcerpc_lsa_LookupNames(p, mem_ctx, &r); + if (!NT_STATUS_IS_OK(status)) { + printf("LookupNames failed - %s\n", nt_errstr(status)); + return False; + } + + if (r.out.domains) { + printf("lookup gave %d domains (max_count=%d)\n", + r.out.domains->count, + r.out.domains->max_count); + for (i=0;i<r.out.domains->count;i++) { + printf("name='%s' sid=%s\n", + r.out.domains->domains[i].name.name, + lsa_sid_string_talloc(mem_ctx, r.out.domains->domains[i].sid)); + } + } + + printf("lookup gave %d sids (sids.count=%d)\n", count, sids.count); + for (i=0;i<sids.count;i++) { + printf("sid_type=%d rid=%d sid_index=%d\n", + sids.sids[i].sid_type, + sids.sids[i].rid, + sids.sids[i].sid_index); + } + + printf("\n"); + + return True; +} + static BOOL test_LookupSids(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx, @@ -193,9 +256,12 @@ static BOOL test_LookupSids(struct dcerpc_pipe *p, names.names[i].name.name); } - printf("\n"); + if (!test_LookupNames(p, mem_ctx, handle, &names)) { + return False; + } + return True; } |