diff options
Diffstat (limited to 'source4')
-rw-r--r-- | source4/libcli/util/clilsa.c | 4 | ||||
-rw-r--r-- | source4/librpc/idl/lsa.idl | 26 | ||||
-rw-r--r-- | source4/rpc_server/lsa/lsa_lookup.c | 14 | ||||
-rw-r--r-- | source4/torture/ndr/lsa.c | 25 | ||||
-rw-r--r-- | source4/torture/rpc/lsa.c | 12 | ||||
-rw-r--r-- | source4/winbind/wb_async_helpers.c | 11 |
6 files changed, 60 insertions, 32 deletions
diff --git a/source4/libcli/util/clilsa.c b/source4/libcli/util/clilsa.c index 43f64186c3..3d33941a1f 100644 --- a/source4/libcli/util/clilsa.c +++ b/source4/libcli/util/clilsa.c @@ -202,6 +202,7 @@ NTSTATUS smblsa_lookup_sid(struct smbcli_state *cli, struct lsa_LookupSids r; struct lsa_TransNameArray names; struct lsa_SidArray sids; + struct lsa_RefDomainList *domains = NULL; uint32_t count = 1; NTSTATUS status; struct dom_sid *sid; @@ -231,6 +232,7 @@ NTSTATUS smblsa_lookup_sid(struct smbcli_state *cli, r.in.count = &count; r.out.count = &count; r.out.names = &names; + r.out.domains = &domains; status = dcerpc_lsa_LookupSids(cli->lsa->pipe, mem_ctx2, &r); if (!NT_STATUS_IS_OK(status)) { @@ -243,7 +245,7 @@ NTSTATUS smblsa_lookup_sid(struct smbcli_state *cli, } (*name) = talloc_asprintf(mem_ctx, "%s\\%s", - r.out.domains->domains[0].name.string, + domains->domains[0].name.string, names.names[0].name.string); talloc_free(mem_ctx2); diff --git a/source4/librpc/idl/lsa.idl b/source4/librpc/idl/lsa.idl index 52701211f6..f3bfb8b359 100644 --- a/source4/librpc/idl/lsa.idl +++ b/source4/librpc/idl/lsa.idl @@ -440,13 +440,13 @@ import "misc.idl", "security.idl"; [size_is(count)] lsa_TranslatedName *names; } lsa_TransNameArray; - [public] NTSTATUS lsa_LookupSids ( + [public] NTSTATUS lsa_LookupSids( [in] policy_handle *handle, - [in] lsa_SidArray *sids, - [out,unique] lsa_RefDomainList *domains, - [in,out] lsa_TransNameArray *names, + [in,ref] lsa_SidArray *sids, + [out,ref] lsa_RefDomainList **domains, + [in,out,ref] lsa_TransNameArray *names, [in] uint16 level, - [in,out] uint32 *count + [in,out,ref] uint32 *count ); @@ -1013,11 +1013,11 @@ import "misc.idl", "security.idl"; [public] NTSTATUS lsa_LookupSids2( [in] policy_handle *handle, - [in] lsa_SidArray *sids, - [out,unique] lsa_RefDomainList *domains, - [in,out] lsa_TransNameArray2 *names, + [in,ref] lsa_SidArray *sids, + [out,ref] lsa_RefDomainList **domains, + [in,out,ref] lsa_TransNameArray2 *names, [in] uint16 level, - [in,out] uint32 *count, + [in,out,ref] uint32 *count, [in] uint32 unknown1, [in] uint32 unknown2 ); @@ -1175,11 +1175,11 @@ import "misc.idl", "security.idl"; /* Function 0x4c */ [public] NTSTATUS lsa_LookupSids3( - [in] lsa_SidArray *sids, - [out,unique] lsa_RefDomainList *domains, - [in,out] lsa_TransNameArray2 *names, + [in,ref] lsa_SidArray *sids, + [out,ref] lsa_RefDomainList **domains, + [in,out,ref] lsa_TransNameArray2 *names, [in] uint16 level, - [in,out] uint32 *count, + [in,out,ref] uint32 *count, [in] uint32 unknown1, [in] uint32 unknown2 ); diff --git a/source4/rpc_server/lsa/lsa_lookup.c b/source4/rpc_server/lsa/lsa_lookup.c index 2375a6d27a..e6285365ca 100644 --- a/source4/rpc_server/lsa/lsa_lookup.c +++ b/source4/rpc_server/lsa/lsa_lookup.c @@ -522,6 +522,7 @@ NTSTATUS dcesrv_lsa_LookupSids2(struct dcesrv_call_state *dce_call, struct lsa_LookupSids2 *r) { struct lsa_policy_state *state; + struct lsa_RefDomainList *domains = NULL; int i; NTSTATUS status = NT_STATUS_OK; @@ -530,7 +531,7 @@ NTSTATUS dcesrv_lsa_LookupSids2(struct dcesrv_call_state *dce_call, return NT_STATUS_INVALID_PARAMETER; } - r->out.domains = NULL; + *r->out.domains = NULL; /* NOTE: the WSPP test suite tries SIDs with invalid revision numbers, and expects NT_STATUS_INVALID_PARAMETER back - we just treat it as @@ -543,10 +544,11 @@ NTSTATUS dcesrv_lsa_LookupSids2(struct dcesrv_call_state *dce_call, return status; } - r->out.domains = talloc_zero(mem_ctx, struct lsa_RefDomainList); - if (r->out.domains == NULL) { + domains = talloc_zero(r->out.domains, struct lsa_RefDomainList); + if (domains == NULL) { return NT_STATUS_NO_MEMORY; } + *r->out.domains = domains; r->out.names = talloc_zero(mem_ctx, struct lsa_TransNameArray2); if (r->out.names == NULL) { @@ -592,7 +594,7 @@ NTSTATUS dcesrv_lsa_LookupSids2(struct dcesrv_call_state *dce_call, /* set up the authority table */ status2 = dcesrv_lsa_authority_list(state, mem_ctx, rtype, authority_name, sid, - r->out.domains, &sid_index); + domains, &sid_index); if (!NT_STATUS_IS_OK(status2)) { continue; } @@ -604,7 +606,7 @@ NTSTATUS dcesrv_lsa_LookupSids2(struct dcesrv_call_state *dce_call, (*r->out.count)++; } - + if (*r->out.count == 0) { return NT_STATUS_NONE_MAPPED; } @@ -660,6 +662,7 @@ NTSTATUS dcesrv_lsa_LookupSids3(struct dcesrv_call_state *dce_call, r2.in.unknown2 = r->in.unknown2; r2.out.count = r->out.count; r2.out.names = r->out.names; + r2.out.domains = r->out.domains; status = dcesrv_lsa_LookupSids2(dce_call, mem_ctx, &r2); @@ -692,6 +695,7 @@ NTSTATUS dcesrv_lsa_LookupSids(struct dcesrv_call_state *dce_call, TALLOC_CTX *m r2.in.unknown2 = 0; r2.out.count = r->out.count; r2.out.names = NULL; + r2.out.domains = r->out.domains; status = dcesrv_lsa_LookupSids2(dce_call, mem_ctx, &r2); /* we deliberately don't check for error from the above, diff --git a/source4/torture/ndr/lsa.c b/source4/torture/ndr/lsa.c index 0d6d786882..6f580bd8d8 100644 --- a/source4/torture/ndr/lsa.c +++ b/source4/torture/ndr/lsa.c @@ -1014,11 +1014,12 @@ static const uint8_t lsarlookupsids_out_data[] = { static bool lsarlookupsids_out_check(struct torture_context *tctx, struct lsa_LookupSids *r) { - torture_assert(tctx, r->out.domains != NULL, "domains"); - torture_assert_int_equal(tctx, r->out.domains->count, 1, "domains count"); - torture_assert_int_equal(tctx, r->out.domains->max_size, 32, "domains size"); - torture_assert(tctx, r->out.domains->domains != NULL, "domains domains"); - torture_assert_str_equal(tctx, r->out.domains->domains[0].name.string, "BUILTIN", "name"); + struct lsa_RefDomainList *domains = *(r->out.domains); + torture_assert(tctx, domains != NULL, "domains"); + torture_assert_int_equal(tctx, domains->count, 1, "domains count"); + torture_assert_int_equal(tctx, domains->max_size, 32, "domains size"); + torture_assert(tctx, domains->domains != NULL, "domains domains"); + torture_assert_str_equal(tctx, domains->domains[0].name.string, "BUILTIN", "name"); torture_assert_ntstatus_ok(tctx, r->out.result, "return code"); return true; } @@ -1474,12 +1475,13 @@ static const uint8_t lsarlookupsids2_out_data[] = { static bool lsarlookupsids2_out_check(struct torture_context *tctx, struct lsa_LookupSids2 *r) { + struct lsa_RefDomainList *domains = *(r->out.domains); /* FIXME: Handle */ torture_assert(tctx, r->out.names != NULL, "names ptr"); torture_assert(tctx, r->out.domains != NULL, "domains ptr"); - torture_assert_int_equal(tctx, r->out.domains->count, 4, "domains count"); - torture_assert_int_equal(tctx, r->out.domains->max_size, 32, "domains size"); - torture_assert_str_equal(tctx, r->out.domains->domains[0].name.string, "NT AUTHORITY", "trust info name"); + torture_assert_int_equal(tctx, domains->count, 4, "domains count"); + torture_assert_int_equal(tctx, domains->max_size, 32, "domains size"); + torture_assert_str_equal(tctx, domains->domains[0].name.string, "NT AUTHORITY", "trust info name"); torture_assert_int_equal(tctx, r->out.names->count, 7, "names count"); torture_assert_str_equal(tctx, r->out.names->names[0].name.string, "Account Operators", "name str 1"); torture_assert_str_equal(tctx, r->out.names->names[1].name.string, "Administrators", "name str 2"); @@ -1749,12 +1751,13 @@ static const uint8_t lsarlookupsids3_out_data[] = { static bool lsarlookupsids3_out_check(struct torture_context *tctx, struct lsa_LookupSids3 *r) { + struct lsa_RefDomainList *domains = *(r->out.domains); /* FIXME: Handle */ torture_assert(tctx, r->out.names != NULL, "names ptr"); torture_assert(tctx, r->out.domains != NULL, "domains ptr"); - torture_assert_int_equal(tctx, r->out.domains->count, 4, "domains count"); - torture_assert_int_equal(tctx, r->out.domains->max_size, 32, "domains size"); - torture_assert_str_equal(tctx, r->out.domains->domains[0].name.string, "NT AUTHORITY", "trust info name"); + torture_assert_int_equal(tctx, domains->count, 4, "domains count"); + torture_assert_int_equal(tctx, domains->max_size, 32, "domains size"); + torture_assert_str_equal(tctx, domains->domains[0].name.string, "NT AUTHORITY", "trust info name"); torture_assert_int_equal(tctx, r->out.names->count, 7, "names count"); torture_assert_str_equal(tctx, r->out.names->names[0].name.string, "Account Operators", "name str 1"); torture_assert_str_equal(tctx, r->out.names->names[1].name.string, "Administrators", "name str 2"); diff --git a/source4/torture/rpc/lsa.c b/source4/torture/rpc/lsa.c index a5f7f73959..ea9435bd95 100644 --- a/source4/torture/rpc/lsa.c +++ b/source4/torture/rpc/lsa.c @@ -449,6 +449,7 @@ static bool test_LookupSids(struct dcerpc_pipe *p, { struct lsa_LookupSids r; struct lsa_TransNameArray names; + struct lsa_RefDomainList *domains = NULL; uint32_t count = sids->num_sids; NTSTATUS status; @@ -464,6 +465,7 @@ static bool test_LookupSids(struct dcerpc_pipe *p, r.in.count = &count; r.out.count = &count; r.out.names = &names; + r.out.domains = &domains; status = dcerpc_lsa_LookupSids(p, mem_ctx, &r); if (!NT_STATUS_IS_OK(status)) { @@ -488,6 +490,7 @@ static bool test_LookupSids2(struct dcerpc_pipe *p, { struct lsa_LookupSids2 r; struct lsa_TransNameArray2 names; + struct lsa_RefDomainList *domains = NULL; uint32_t count = sids->num_sids; NTSTATUS status; @@ -505,6 +508,7 @@ static bool test_LookupSids2(struct dcerpc_pipe *p, r.in.unknown2 = 0; r.out.count = &count; r.out.names = &names; + r.out.domains = &domains; status = dcerpc_lsa_LookupSids2(p, mem_ctx, &r); if (!NT_STATUS_IS_OK(status)) { @@ -531,6 +535,7 @@ static bool test_LookupSids3(struct dcerpc_pipe *p, { struct lsa_LookupSids3 r; struct lsa_TransNameArray2 names; + struct lsa_RefDomainList *domains = NULL; uint32_t count = sids->num_sids; NTSTATUS status; @@ -545,6 +550,7 @@ static bool test_LookupSids3(struct dcerpc_pipe *p, r.in.count = &count; r.in.unknown1 = 0; r.in.unknown2 = 0; + r.out.domains = &domains; r.out.count = &count; r.out.names = &names; @@ -594,6 +600,7 @@ bool test_many_LookupSids(struct dcerpc_pipe *p, if (handle) { struct lsa_LookupSids r; struct lsa_TransNameArray names; + struct lsa_RefDomainList *domains = NULL; names.count = 0; names.names = NULL; @@ -604,6 +611,7 @@ bool test_many_LookupSids(struct dcerpc_pipe *p, r.in.count = &names.count; r.out.count = &count; r.out.names = &names; + r.out.domains = &domains; status = dcerpc_lsa_LookupSids(p, mem_ctx, &r); if (!NT_STATUS_IS_OK(status)) { @@ -619,6 +627,7 @@ bool test_many_LookupSids(struct dcerpc_pipe *p, } else if (p->conn->security_state.auth_info->auth_type == DCERPC_AUTH_TYPE_SCHANNEL && p->conn->security_state.auth_info->auth_level >= DCERPC_AUTH_LEVEL_INTEGRITY) { struct lsa_LookupSids3 r; + struct lsa_RefDomainList *domains = NULL; struct lsa_TransNameArray2 names; names.count = 0; @@ -634,6 +643,7 @@ bool test_many_LookupSids(struct dcerpc_pipe *p, r.in.unknown2 = 0; r.out.count = &count; r.out.names = &names; + r.out.domains = &domains; status = dcerpc_lsa_LookupSids3(p, mem_ctx, &r); if (!NT_STATUS_IS_OK(status)) { @@ -683,6 +693,7 @@ static bool test_LookupSids_async(struct dcerpc_pipe *p, uint32_t *count; struct lsa_TransNameArray *names; struct lsa_LookupSids *r; + struct lsa_RefDomainList *domains = NULL; struct rpc_request **req; int i, replies; bool ret = true; @@ -714,6 +725,7 @@ static bool test_LookupSids_async(struct dcerpc_pipe *p, r[i].in.count = &names[i].count; r[i].out.count = &count[i]; r[i].out.names = &names[i]; + r[i].out.domains = &domains; req[i] = dcerpc_lsa_LookupSids_send(p, req, &r[i]); if (req[i] == NULL) { diff --git a/source4/winbind/wb_async_helpers.c b/source4/winbind/wb_async_helpers.c index 25d52a16b5..b9c37ca588 100644 --- a/source4/winbind/wb_async_helpers.c +++ b/source4/winbind/wb_async_helpers.c @@ -41,6 +41,7 @@ struct lsa_lookupsids_state { struct lsa_LookupSids r; struct lsa_SidArray sids; struct lsa_TransNameArray names; + struct lsa_RefDomainList *domains; uint32_t count; struct wb_sid_object **result; }; @@ -76,6 +77,9 @@ struct composite_context *wb_lsa_lookupsids_send(TALLOC_CTX *mem_ctx, if (state->sids.sids[i].sid == NULL) goto failed; } + state->domains = talloc(state, struct lsa_RefDomainList); + if (state->domains == NULL) goto failed; + state->count = 0; state->num_sids = num_sids; state->names.count = 0; @@ -88,6 +92,7 @@ struct composite_context *wb_lsa_lookupsids_send(TALLOC_CTX *mem_ctx, state->r.in.count = &state->count; state->r.out.names = &state->names; state->r.out.count = &state->count; + state->r.out.domains = &state->domains; req = dcerpc_lsa_LookupSids_send(lsa_pipe, state, &state->r); if (req == NULL) goto failed; @@ -125,6 +130,8 @@ static void lsa_lookupsids_recv_names(struct rpc_request *req) struct lsa_TranslatedName *name = &state->r.out.names->names[i]; struct lsa_DomainInfo *dom; + struct lsa_RefDomainList *domains = + state->domains; state->result[i] = talloc_zero(state->result, struct wb_sid_object); @@ -135,13 +142,13 @@ static void lsa_lookupsids_recv_names(struct rpc_request *req) continue; } - if (name->sid_index >= state->r.out.domains->count) { + if (name->sid_index >= domains->count) { composite_error(state->ctx, NT_STATUS_INVALID_PARAMETER); return; } - dom = &state->r.out.domains->domains[name->sid_index]; + dom = &domains->domains[name->sid_index]; state->result[i]->domain = talloc_reference(state->result[i], dom->name.string); if ((name->sid_type == SID_NAME_DOMAIN) || |