summaryrefslogtreecommitdiff
path: root/source4
diff options
context:
space:
mode:
Diffstat (limited to 'source4')
-rw-r--r--source4/libnet/libnet_samsync.c31
-rw-r--r--source4/librpc/idl/netlogon.idl10
-rw-r--r--source4/torture/rpc/netlogon.c32
-rw-r--r--source4/torture/rpc/samsync.c42
4 files changed, 75 insertions, 40 deletions
diff --git a/source4/libnet/libnet_samsync.c b/source4/libnet/libnet_samsync.c
index 0f82d98673..51e49e94a0 100644
--- a/source4/libnet/libnet_samsync.c
+++ b/source4/libnet/libnet_samsync.c
@@ -169,6 +169,8 @@ NTSTATUS libnet_SamSync_netlogon(struct libnet_context *ctx, TALLOC_CTX *mem_ctx
TALLOC_CTX *samsync_ctx, *loop_ctx, *delta_ctx;
struct creds_CredentialState *creds;
struct netr_DatabaseSync dbsync;
+ struct netr_Authenticator credential, return_authenticator;
+ struct netr_DELTA_ENUM_ARRAY *delta_enum_array = NULL;
struct cli_credentials *machine_account;
struct dcerpc_pipe *p;
struct libnet_context *machine_net_ctx;
@@ -320,19 +322,30 @@ NTSTATUS libnet_SamSync_netlogon(struct libnet_context *ctx, TALLOC_CTX *mem_ctx
}
/* Setup details for the synchronisation */
+
+ ZERO_STRUCT(return_authenticator);
+
dbsync.in.logon_server = talloc_asprintf(samsync_ctx, "\\\\%s", dcerpc_server_name(p));
dbsync.in.computername = cli_credentials_get_workstation(machine_account);
dbsync.in.preferredmaximumlength = (uint32_t)-1;
- ZERO_STRUCT(dbsync.in.return_authenticator);
+ dbsync.in.return_authenticator = &return_authenticator;
+ dbsync.out.return_authenticator = &return_authenticator;
+ dbsync.out.delta_enum_array = &delta_enum_array;
+
+ for (i=0;i< ARRAY_SIZE(database_ids); i++) {
- for (i=0;i< ARRAY_SIZE(database_ids); i++) {
- dbsync.in.sync_context = 0;
- dbsync.in.database_id = database_ids[i];
+ uint32_t sync_context = 0;
+
+ dbsync.in.database_id = database_ids[i];
+ dbsync.in.sync_context = &sync_context;
+ dbsync.out.sync_context = &sync_context;
do {
int d;
loop_ctx = talloc_named(samsync_ctx, 0, "DatabaseSync loop context");
- creds_client_authenticator(creds, &dbsync.in.credential);
+ creds_client_authenticator(creds, &credential);
+
+ dbsync.in.credential = &credential;
dbsync_nt_status = dcerpc_netr_DatabaseSync(p, loop_ctx, &dbsync);
if (!NT_STATUS_IS_OK(dbsync_nt_status) &&
@@ -342,7 +355,7 @@ NTSTATUS libnet_SamSync_netlogon(struct libnet_context *ctx, TALLOC_CTX *mem_ctx
return nt_status;
}
- if (!creds_client_check(creds, &dbsync.out.return_authenticator.cred)) {
+ if (!creds_client_check(creds, &dbsync.out.return_authenticator->cred)) {
r->out.error_string = talloc_strdup(mem_ctx, "Credential chaining on incoming DatabaseSync failed");
talloc_free(samsync_ctx);
return NT_STATUS_ACCESS_DENIED;
@@ -351,7 +364,7 @@ NTSTATUS libnet_SamSync_netlogon(struct libnet_context *ctx, TALLOC_CTX *mem_ctx
dbsync.in.sync_context = dbsync.out.sync_context;
/* For every single remote 'delta' entry: */
- for (d=0; d < dbsync.out.delta_enum_array->num_deltas; d++) {
+ for (d=0; d < delta_enum_array->num_deltas; d++) {
char *error_string = NULL;
delta_ctx = talloc_named(loop_ctx, 0, "DatabaseSync delta context");
/* 'Fix' elements, by decrypting and
@@ -360,7 +373,7 @@ NTSTATUS libnet_SamSync_netlogon(struct libnet_context *ctx, TALLOC_CTX *mem_ctx
creds,
r->in.rid_crypt,
dbsync.in.database_id,
- &dbsync.out.delta_enum_array->delta_enum[d],
+ &delta_enum_array->delta_enum[d],
&error_string);
if (!NT_STATUS_IS_OK(nt_status)) {
r->out.error_string = talloc_steal(mem_ctx, error_string);
@@ -374,7 +387,7 @@ NTSTATUS libnet_SamSync_netlogon(struct libnet_context *ctx, TALLOC_CTX *mem_ctx
nt_status = r->in.delta_fn(delta_ctx,
r->in.fn_ctx,
dbsync.in.database_id,
- &dbsync.out.delta_enum_array->delta_enum[d],
+ &delta_enum_array->delta_enum[d],
&error_string);
if (!NT_STATUS_IS_OK(nt_status)) {
r->out.error_string = talloc_steal(mem_ctx, error_string);
diff --git a/source4/librpc/idl/netlogon.idl b/source4/librpc/idl/netlogon.idl
index a11bca7028..cb05b2a2c9 100644
--- a/source4/librpc/idl/netlogon.idl
+++ b/source4/librpc/idl/netlogon.idl
@@ -739,12 +739,12 @@ interface netlogon
NTSTATUS netr_DatabaseSync(
[in] [string,charset(UTF16)] uint16 logon_server[],
[in] [string,charset(UTF16)] uint16 computername[],
- [in] netr_Authenticator credential,
- [in,out] netr_Authenticator return_authenticator,
+ [in,ref] netr_Authenticator *credential,
+ [in,out,ref] netr_Authenticator *return_authenticator,
[in] netr_SamDatabaseID database_id,
- [in,out] uint32 sync_context,
- [in] uint32 preferredmaximumlength,
- [out,unique] netr_DELTA_ENUM_ARRAY *delta_enum_array
+ [in,out,ref] uint32 *sync_context,
+ [out,ref] netr_DELTA_ENUM_ARRAY **delta_enum_array,
+ [in] uint32 preferredmaximumlength
);
diff --git a/source4/torture/rpc/netlogon.c b/source4/torture/rpc/netlogon.c
index 38fe8b58f5..29d833856c 100644
--- a/source4/torture/rpc/netlogon.c
+++ b/source4/torture/rpc/netlogon.c
@@ -695,24 +695,36 @@ static bool test_DatabaseSync(struct torture_context *tctx,
struct creds_CredentialState *creds;
const uint32_t database_ids[] = {SAM_DATABASE_DOMAIN, SAM_DATABASE_BUILTIN, SAM_DATABASE_PRIVS};
int i;
+ struct netr_DELTA_ENUM_ARRAY *delta_enum_array = NULL;
+ struct netr_Authenticator credential, return_authenticator;
if (!test_SetupCredentials(p, tctx, machine_credentials, &creds)) {
return false;
}
+ ZERO_STRUCT(return_authenticator);
+
r.in.logon_server = talloc_asprintf(tctx, "\\\\%s", dcerpc_server_name(p));
r.in.computername = TEST_MACHINE_NAME;
r.in.preferredmaximumlength = (uint32_t)-1;
- ZERO_STRUCT(r.in.return_authenticator);
+ r.in.return_authenticator = &return_authenticator;
+ r.out.delta_enum_array = &delta_enum_array;
+ r.out.return_authenticator = &return_authenticator;
for (i=0;i<ARRAY_SIZE(database_ids);i++) {
- r.in.sync_context = 0;
+
+ uint32_t sync_context = 0;
+
r.in.database_id = database_ids[i];
+ r.in.sync_context = &sync_context;
+ r.out.sync_context = &sync_context;
torture_comment(tctx, "Testing DatabaseSync of id %d\n", r.in.database_id);
do {
- creds_client_authenticator(creds, &r.in.credential);
+ creds_client_authenticator(creds, &credential);
+
+ r.in.credential = &credential;
status = dcerpc_netr_DatabaseSync(p, tctx, &r);
if (NT_STATUS_EQUAL(status, STATUS_MORE_ENTRIES))
@@ -724,18 +736,16 @@ static bool test_DatabaseSync(struct torture_context *tctx,
}
torture_assert_ntstatus_ok(tctx, status, "DatabaseSync");
- if (!creds_client_check(creds, &r.out.return_authenticator.cred)) {
+ if (!creds_client_check(creds, &r.out.return_authenticator->cred)) {
torture_comment(tctx, "Credential chaining failed\n");
}
- r.in.sync_context = r.out.sync_context;
-
- if (r.out.delta_enum_array &&
- r.out.delta_enum_array->num_deltas > 0 &&
- r.out.delta_enum_array->delta_enum[0].delta_type == NETR_DELTA_DOMAIN &&
- r.out.delta_enum_array->delta_enum[0].delta_union.domain) {
+ if (delta_enum_array &&
+ delta_enum_array->num_deltas > 0 &&
+ delta_enum_array->delta_enum[0].delta_type == NETR_DELTA_DOMAIN &&
+ delta_enum_array->delta_enum[0].delta_union.domain) {
sequence_nums[r.in.database_id] =
- r.out.delta_enum_array->delta_enum[0].delta_union.domain->sequence_num;
+ delta_enum_array->delta_enum[0].delta_union.domain->sequence_num;
torture_comment(tctx, "\tsequence_nums[%d]=%llu\n",
r.in.database_id,
(unsigned long long)sequence_nums[r.in.database_id]);
diff --git a/source4/torture/rpc/samsync.c b/source4/torture/rpc/samsync.c
index e1129435a0..489080be27 100644
--- a/source4/torture/rpc/samsync.c
+++ b/source4/torture/rpc/samsync.c
@@ -1131,23 +1131,35 @@ static bool test_DatabaseSync(struct torture_context *tctx,
bool ret = true;
struct samsync_trusted_domain *t;
struct samsync_secret *s;
+ struct netr_Authenticator return_authenticator, credential;
+ struct netr_DELTA_ENUM_ARRAY *delta_enum_array = NULL;
const char *domain, *username;
+ ZERO_STRUCT(return_authenticator);
+
r.in.logon_server = talloc_asprintf(mem_ctx, "\\\\%s", dcerpc_server_name(samsync_state->p));
r.in.computername = TEST_MACHINE_NAME;
r.in.preferredmaximumlength = (uint32_t)-1;
- ZERO_STRUCT(r.in.return_authenticator);
+ r.in.return_authenticator = &return_authenticator;
+ r.out.return_authenticator = &return_authenticator;
+ r.out.delta_enum_array = &delta_enum_array;
for (i=0;i<ARRAY_SIZE(database_ids);i++) {
- r.in.sync_context = 0;
+
+ uint32_t sync_context = 0;
+
r.in.database_id = database_ids[i];
+ r.in.sync_context = &sync_context;
+ r.out.sync_context = &sync_context;
printf("Testing DatabaseSync of id %d\n", r.in.database_id);
do {
loop_ctx = talloc_named(mem_ctx, 0, "DatabaseSync loop context");
- creds_client_authenticator(samsync_state->creds, &r.in.credential);
+ creds_client_authenticator(samsync_state->creds, &credential);
+
+ r.in.credential = &credential;
status = dcerpc_netr_DatabaseSync(samsync_state->p, loop_ctx, &r);
if (!NT_STATUS_IS_OK(status) &&
@@ -1157,67 +1169,67 @@ static bool test_DatabaseSync(struct torture_context *tctx,
break;
}
- if (!creds_client_check(samsync_state->creds, &r.out.return_authenticator.cred)) {
+ if (!creds_client_check(samsync_state->creds, &r.out.return_authenticator->cred)) {
printf("Credential chaining failed\n");
}
r.in.sync_context = r.out.sync_context;
- for (d=0; d < r.out.delta_enum_array->num_deltas; d++) {
+ for (d=0; d < delta_enum_array->num_deltas; d++) {
delta_ctx = talloc_named(loop_ctx, 0, "DatabaseSync delta context");
- switch (r.out.delta_enum_array->delta_enum[d].delta_type) {
+ switch (delta_enum_array->delta_enum[d].delta_type) {
case NETR_DELTA_DOMAIN:
if (!samsync_handle_domain(delta_ctx, samsync_state,
- r.in.database_id, &r.out.delta_enum_array->delta_enum[d])) {
+ r.in.database_id, &delta_enum_array->delta_enum[d])) {
printf("Failed to handle DELTA_DOMAIN\n");
ret = false;
}
break;
case NETR_DELTA_GROUP:
if (!samsync_handle_group(delta_ctx, samsync_state,
- r.in.database_id, &r.out.delta_enum_array->delta_enum[d])) {
+ r.in.database_id, &delta_enum_array->delta_enum[d])) {
printf("Failed to handle DELTA_USER\n");
ret = false;
}
break;
case NETR_DELTA_USER:
if (!samsync_handle_user(tctx, delta_ctx, samsync_state,
- r.in.database_id, &r.out.delta_enum_array->delta_enum[d])) {
+ r.in.database_id, &delta_enum_array->delta_enum[d])) {
printf("Failed to handle DELTA_USER\n");
ret = false;
}
break;
case NETR_DELTA_ALIAS:
if (!samsync_handle_alias(delta_ctx, samsync_state,
- r.in.database_id, &r.out.delta_enum_array->delta_enum[d])) {
+ r.in.database_id, &delta_enum_array->delta_enum[d])) {
printf("Failed to handle DELTA_ALIAS\n");
ret = false;
}
break;
case NETR_DELTA_POLICY:
if (!samsync_handle_policy(delta_ctx, samsync_state,
- r.in.database_id, &r.out.delta_enum_array->delta_enum[d])) {
+ r.in.database_id, &delta_enum_array->delta_enum[d])) {
printf("Failed to handle DELTA_POLICY\n");
ret = false;
}
break;
case NETR_DELTA_TRUSTED_DOMAIN:
if (!samsync_handle_trusted_domain(delta_ctx, samsync_state,
- r.in.database_id, &r.out.delta_enum_array->delta_enum[d])) {
+ r.in.database_id, &delta_enum_array->delta_enum[d])) {
printf("Failed to handle DELTA_TRUSTED_DOMAIN\n");
ret = false;
}
break;
case NETR_DELTA_ACCOUNT:
if (!samsync_handle_account(delta_ctx, samsync_state,
- r.in.database_id, &r.out.delta_enum_array->delta_enum[d])) {
+ r.in.database_id, &delta_enum_array->delta_enum[d])) {
printf("Failed to handle DELTA_ACCOUNT\n");
ret = false;
}
break;
case NETR_DELTA_SECRET:
if (!samsync_handle_secret(delta_ctx, samsync_state,
- r.in.database_id, &r.out.delta_enum_array->delta_enum[d])) {
+ r.in.database_id, &delta_enum_array->delta_enum[d])) {
printf("Failed to handle DELTA_SECRET\n");
ret = false;
}
@@ -1239,7 +1251,7 @@ static bool test_DatabaseSync(struct torture_context *tctx,
case NETR_DELTA_DELETE_USER2:
case NETR_DELTA_MODIFY_COUNT:
default:
- printf("Uxpected delta type %d\n", r.out.delta_enum_array->delta_enum[d].delta_type);
+ printf("Uxpected delta type %d\n", delta_enum_array->delta_enum[d].delta_type);
ret = false;
break;
}