diff options
Diffstat (limited to 'source4')
-rw-r--r-- | source4/librpc/idl/drsuapi.idl | 42 | ||||
-rw-r--r-- | source4/rpc_server/drsuapi/dcesrv_drsuapi.c | 6 | ||||
-rw-r--r-- | source4/torture/rpc/drsuapi.c | 38 |
3 files changed, 81 insertions, 5 deletions
diff --git a/source4/librpc/idl/drsuapi.idl b/source4/librpc/idl/drsuapi.idl index 74ed5ed1e8..fc9aee6b7f 100644 --- a/source4/librpc/idl/drsuapi.idl +++ b/source4/librpc/idl/drsuapi.idl @@ -71,8 +71,46 @@ interface drsuapi NTSTATUS DRSUAPI_GET_NT4_CHANGELOG(); /*****************/ - /* Function 0x0c */ - NTSTATUS DRSUAPI_CRACKNAMES(); + /* Function 0x0c */ + typedef struct { + unistr *str; + } drsuapi_DsCrackNamesInInfo1Names; + + typedef struct { + uint32 unknown1; + uint32 unknown2; + uint32 unknown3; + uint32 unknown4; + uint32 unknown5; + [range(1,10000)] uint32 count; + [size_is(count)] drsuapi_DsCrackNamesInInfo1Names *names; + } drsuapi_DsCrackNamesInInfo1; + + typedef union { + [case(1)] drsuapi_DsCrackNamesInInfo1 info1; + } drsuapi_DsCrackNamesInInfo; + + typedef struct { + uint32 unknown1; + unistr *name1; + unistr *name2; + } drsuapi_DsCrackNamesOutInfo1Names; + + typedef struct { + uint32 count; + [size_is(count)] drsuapi_DsCrackNamesOutInfo1Names *names; + } drsuapi_DsCrackNamesOutInfo1; + + typedef union { + [case(1)] drsuapi_DsCrackNamesOutInfo1 *info1; + } drsuapi_DsCrackNamesOutInfo; + + NTSTATUS drsuapi_DsCrackNames( + [in,ref] policy_handle *bind_handle, + [in, out] uint32 level, + [in,switch_is(level)] drsuapi_DsCrackNamesInInfo in, + [out,switch_is(level)] drsuapi_DsCrackNamesOutInfo out + ); /*****************/ /* Function 0x0d */ diff --git a/source4/rpc_server/drsuapi/dcesrv_drsuapi.c b/source4/rpc_server/drsuapi/dcesrv_drsuapi.c index d909209211..9d1e5968a2 100644 --- a/source4/rpc_server/drsuapi/dcesrv_drsuapi.c +++ b/source4/rpc_server/drsuapi/dcesrv_drsuapi.c @@ -190,10 +190,10 @@ static NTSTATUS DRSUAPI_GET_NT4_CHANGELOG(struct dcesrv_call_state *dce_call, TA /* - DRSUAPI_CRACKNAMES + drsuapi_DsCrackNames */ -static NTSTATUS DRSUAPI_CRACKNAMES(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx, - struct DRSUAPI_CRACKNAMES *r) +static NTSTATUS drsuapi_DsCrackNames(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx, + struct drsuapi_DsCrackNames *r) { DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR); } diff --git a/source4/torture/rpc/drsuapi.c b/source4/torture/rpc/drsuapi.c index 907183083b..aed7f884d2 100644 --- a/source4/torture/rpc/drsuapi.c +++ b/source4/torture/rpc/drsuapi.c @@ -48,6 +48,40 @@ static BOOL test_DsBind(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx, return ret; } +static BOOL test_DsCrackNames(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx, + struct policy_handle *bind_handle) +{ + NTSTATUS status; + struct drsuapi_DsCrackNames r; + struct drsuapi_DsCrackNamesInInfo1Names names[1]; + BOOL ret = True; + + ZERO_STRUCT(r); + r.in.bind_handle = bind_handle; + r.in.level = 1; + r.in.in.info1.unknown1 = 0x000004e4; + r.in.in.info1.unknown2 = 0x00000407; + r.in.in.info1.unknown3 = 0x00000000; + r.in.in.info1.unknown4 = 0x00000007; + r.in.in.info1.unknown5 = 0x00000002; + r.in.in.info1.count = 1; + r.in.in.info1.names = names; + + names[0].str = talloc_asprintf(mem_ctx, "%s/", lp_realm()); + + status = dcerpc_drsuapi_DsCrackNames(p, mem_ctx, &r); + if (!NT_STATUS_IS_OK(status)) { + const char *errstr = nt_errstr(status); + if (NT_STATUS_EQUAL(status, NT_STATUS_NET_WRITE_FAULT)) { + errstr = dcerpc_errstr(mem_ctx, p->last_fault_code); + } + printf("drsuapi_DsCrackNames failed - %s\n", errstr); + ret = False; + } + + return ret; +} + static BOOL test_DsUnbind(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx, struct policy_handle *bind_handle) { @@ -95,6 +129,10 @@ BOOL torture_rpc_drsuapi(int dummy) ret = False; } + if (!test_DsCrackNames(p, mem_ctx, &bind_handle)) { + ret = False; + } + if (!test_DsUnbind(p, mem_ctx, &bind_handle)) { ret = False; } |