diff options
Diffstat (limited to 'source4')
-rw-r--r-- | source4/libnet/libnet_samsync.c | 31 | ||||
-rw-r--r-- | source4/librpc/idl/netlogon.idl | 10 | ||||
-rw-r--r-- | source4/torture/rpc/netlogon.c | 32 | ||||
-rw-r--r-- | source4/torture/rpc/samsync.c | 42 |
4 files changed, 75 insertions, 40 deletions
diff --git a/source4/libnet/libnet_samsync.c b/source4/libnet/libnet_samsync.c index 0f82d98673..51e49e94a0 100644 --- a/source4/libnet/libnet_samsync.c +++ b/source4/libnet/libnet_samsync.c @@ -169,6 +169,8 @@ NTSTATUS libnet_SamSync_netlogon(struct libnet_context *ctx, TALLOC_CTX *mem_ctx TALLOC_CTX *samsync_ctx, *loop_ctx, *delta_ctx; struct creds_CredentialState *creds; struct netr_DatabaseSync dbsync; + struct netr_Authenticator credential, return_authenticator; + struct netr_DELTA_ENUM_ARRAY *delta_enum_array = NULL; struct cli_credentials *machine_account; struct dcerpc_pipe *p; struct libnet_context *machine_net_ctx; @@ -320,19 +322,30 @@ NTSTATUS libnet_SamSync_netlogon(struct libnet_context *ctx, TALLOC_CTX *mem_ctx } /* Setup details for the synchronisation */ + + ZERO_STRUCT(return_authenticator); + dbsync.in.logon_server = talloc_asprintf(samsync_ctx, "\\\\%s", dcerpc_server_name(p)); dbsync.in.computername = cli_credentials_get_workstation(machine_account); dbsync.in.preferredmaximumlength = (uint32_t)-1; - ZERO_STRUCT(dbsync.in.return_authenticator); + dbsync.in.return_authenticator = &return_authenticator; + dbsync.out.return_authenticator = &return_authenticator; + dbsync.out.delta_enum_array = &delta_enum_array; + + for (i=0;i< ARRAY_SIZE(database_ids); i++) { - for (i=0;i< ARRAY_SIZE(database_ids); i++) { - dbsync.in.sync_context = 0; - dbsync.in.database_id = database_ids[i]; + uint32_t sync_context = 0; + + dbsync.in.database_id = database_ids[i]; + dbsync.in.sync_context = &sync_context; + dbsync.out.sync_context = &sync_context; do { int d; loop_ctx = talloc_named(samsync_ctx, 0, "DatabaseSync loop context"); - creds_client_authenticator(creds, &dbsync.in.credential); + creds_client_authenticator(creds, &credential); + + dbsync.in.credential = &credential; dbsync_nt_status = dcerpc_netr_DatabaseSync(p, loop_ctx, &dbsync); if (!NT_STATUS_IS_OK(dbsync_nt_status) && @@ -342,7 +355,7 @@ NTSTATUS libnet_SamSync_netlogon(struct libnet_context *ctx, TALLOC_CTX *mem_ctx return nt_status; } - if (!creds_client_check(creds, &dbsync.out.return_authenticator.cred)) { + if (!creds_client_check(creds, &dbsync.out.return_authenticator->cred)) { r->out.error_string = talloc_strdup(mem_ctx, "Credential chaining on incoming DatabaseSync failed"); talloc_free(samsync_ctx); return NT_STATUS_ACCESS_DENIED; @@ -351,7 +364,7 @@ NTSTATUS libnet_SamSync_netlogon(struct libnet_context *ctx, TALLOC_CTX *mem_ctx dbsync.in.sync_context = dbsync.out.sync_context; /* For every single remote 'delta' entry: */ - for (d=0; d < dbsync.out.delta_enum_array->num_deltas; d++) { + for (d=0; d < delta_enum_array->num_deltas; d++) { char *error_string = NULL; delta_ctx = talloc_named(loop_ctx, 0, "DatabaseSync delta context"); /* 'Fix' elements, by decrypting and @@ -360,7 +373,7 @@ NTSTATUS libnet_SamSync_netlogon(struct libnet_context *ctx, TALLOC_CTX *mem_ctx creds, r->in.rid_crypt, dbsync.in.database_id, - &dbsync.out.delta_enum_array->delta_enum[d], + &delta_enum_array->delta_enum[d], &error_string); if (!NT_STATUS_IS_OK(nt_status)) { r->out.error_string = talloc_steal(mem_ctx, error_string); @@ -374,7 +387,7 @@ NTSTATUS libnet_SamSync_netlogon(struct libnet_context *ctx, TALLOC_CTX *mem_ctx nt_status = r->in.delta_fn(delta_ctx, r->in.fn_ctx, dbsync.in.database_id, - &dbsync.out.delta_enum_array->delta_enum[d], + &delta_enum_array->delta_enum[d], &error_string); if (!NT_STATUS_IS_OK(nt_status)) { r->out.error_string = talloc_steal(mem_ctx, error_string); diff --git a/source4/librpc/idl/netlogon.idl b/source4/librpc/idl/netlogon.idl index a11bca7028..cb05b2a2c9 100644 --- a/source4/librpc/idl/netlogon.idl +++ b/source4/librpc/idl/netlogon.idl @@ -739,12 +739,12 @@ interface netlogon NTSTATUS netr_DatabaseSync( [in] [string,charset(UTF16)] uint16 logon_server[], [in] [string,charset(UTF16)] uint16 computername[], - [in] netr_Authenticator credential, - [in,out] netr_Authenticator return_authenticator, + [in,ref] netr_Authenticator *credential, + [in,out,ref] netr_Authenticator *return_authenticator, [in] netr_SamDatabaseID database_id, - [in,out] uint32 sync_context, - [in] uint32 preferredmaximumlength, - [out,unique] netr_DELTA_ENUM_ARRAY *delta_enum_array + [in,out,ref] uint32 *sync_context, + [out,ref] netr_DELTA_ENUM_ARRAY **delta_enum_array, + [in] uint32 preferredmaximumlength ); diff --git a/source4/torture/rpc/netlogon.c b/source4/torture/rpc/netlogon.c index 38fe8b58f5..29d833856c 100644 --- a/source4/torture/rpc/netlogon.c +++ b/source4/torture/rpc/netlogon.c @@ -695,24 +695,36 @@ static bool test_DatabaseSync(struct torture_context *tctx, struct creds_CredentialState *creds; const uint32_t database_ids[] = {SAM_DATABASE_DOMAIN, SAM_DATABASE_BUILTIN, SAM_DATABASE_PRIVS}; int i; + struct netr_DELTA_ENUM_ARRAY *delta_enum_array = NULL; + struct netr_Authenticator credential, return_authenticator; if (!test_SetupCredentials(p, tctx, machine_credentials, &creds)) { return false; } + ZERO_STRUCT(return_authenticator); + r.in.logon_server = talloc_asprintf(tctx, "\\\\%s", dcerpc_server_name(p)); r.in.computername = TEST_MACHINE_NAME; r.in.preferredmaximumlength = (uint32_t)-1; - ZERO_STRUCT(r.in.return_authenticator); + r.in.return_authenticator = &return_authenticator; + r.out.delta_enum_array = &delta_enum_array; + r.out.return_authenticator = &return_authenticator; for (i=0;i<ARRAY_SIZE(database_ids);i++) { - r.in.sync_context = 0; + + uint32_t sync_context = 0; + r.in.database_id = database_ids[i]; + r.in.sync_context = &sync_context; + r.out.sync_context = &sync_context; torture_comment(tctx, "Testing DatabaseSync of id %d\n", r.in.database_id); do { - creds_client_authenticator(creds, &r.in.credential); + creds_client_authenticator(creds, &credential); + + r.in.credential = &credential; status = dcerpc_netr_DatabaseSync(p, tctx, &r); if (NT_STATUS_EQUAL(status, STATUS_MORE_ENTRIES)) @@ -724,18 +736,16 @@ static bool test_DatabaseSync(struct torture_context *tctx, } torture_assert_ntstatus_ok(tctx, status, "DatabaseSync"); - if (!creds_client_check(creds, &r.out.return_authenticator.cred)) { + if (!creds_client_check(creds, &r.out.return_authenticator->cred)) { torture_comment(tctx, "Credential chaining failed\n"); } - r.in.sync_context = r.out.sync_context; - - if (r.out.delta_enum_array && - r.out.delta_enum_array->num_deltas > 0 && - r.out.delta_enum_array->delta_enum[0].delta_type == NETR_DELTA_DOMAIN && - r.out.delta_enum_array->delta_enum[0].delta_union.domain) { + if (delta_enum_array && + delta_enum_array->num_deltas > 0 && + delta_enum_array->delta_enum[0].delta_type == NETR_DELTA_DOMAIN && + delta_enum_array->delta_enum[0].delta_union.domain) { sequence_nums[r.in.database_id] = - r.out.delta_enum_array->delta_enum[0].delta_union.domain->sequence_num; + delta_enum_array->delta_enum[0].delta_union.domain->sequence_num; torture_comment(tctx, "\tsequence_nums[%d]=%llu\n", r.in.database_id, (unsigned long long)sequence_nums[r.in.database_id]); diff --git a/source4/torture/rpc/samsync.c b/source4/torture/rpc/samsync.c index e1129435a0..489080be27 100644 --- a/source4/torture/rpc/samsync.c +++ b/source4/torture/rpc/samsync.c @@ -1131,23 +1131,35 @@ static bool test_DatabaseSync(struct torture_context *tctx, bool ret = true; struct samsync_trusted_domain *t; struct samsync_secret *s; + struct netr_Authenticator return_authenticator, credential; + struct netr_DELTA_ENUM_ARRAY *delta_enum_array = NULL; const char *domain, *username; + ZERO_STRUCT(return_authenticator); + r.in.logon_server = talloc_asprintf(mem_ctx, "\\\\%s", dcerpc_server_name(samsync_state->p)); r.in.computername = TEST_MACHINE_NAME; r.in.preferredmaximumlength = (uint32_t)-1; - ZERO_STRUCT(r.in.return_authenticator); + r.in.return_authenticator = &return_authenticator; + r.out.return_authenticator = &return_authenticator; + r.out.delta_enum_array = &delta_enum_array; for (i=0;i<ARRAY_SIZE(database_ids);i++) { - r.in.sync_context = 0; + + uint32_t sync_context = 0; + r.in.database_id = database_ids[i]; + r.in.sync_context = &sync_context; + r.out.sync_context = &sync_context; printf("Testing DatabaseSync of id %d\n", r.in.database_id); do { loop_ctx = talloc_named(mem_ctx, 0, "DatabaseSync loop context"); - creds_client_authenticator(samsync_state->creds, &r.in.credential); + creds_client_authenticator(samsync_state->creds, &credential); + + r.in.credential = &credential; status = dcerpc_netr_DatabaseSync(samsync_state->p, loop_ctx, &r); if (!NT_STATUS_IS_OK(status) && @@ -1157,67 +1169,67 @@ static bool test_DatabaseSync(struct torture_context *tctx, break; } - if (!creds_client_check(samsync_state->creds, &r.out.return_authenticator.cred)) { + if (!creds_client_check(samsync_state->creds, &r.out.return_authenticator->cred)) { printf("Credential chaining failed\n"); } r.in.sync_context = r.out.sync_context; - for (d=0; d < r.out.delta_enum_array->num_deltas; d++) { + for (d=0; d < delta_enum_array->num_deltas; d++) { delta_ctx = talloc_named(loop_ctx, 0, "DatabaseSync delta context"); - switch (r.out.delta_enum_array->delta_enum[d].delta_type) { + switch (delta_enum_array->delta_enum[d].delta_type) { case NETR_DELTA_DOMAIN: if (!samsync_handle_domain(delta_ctx, samsync_state, - r.in.database_id, &r.out.delta_enum_array->delta_enum[d])) { + r.in.database_id, &delta_enum_array->delta_enum[d])) { printf("Failed to handle DELTA_DOMAIN\n"); ret = false; } break; case NETR_DELTA_GROUP: if (!samsync_handle_group(delta_ctx, samsync_state, - r.in.database_id, &r.out.delta_enum_array->delta_enum[d])) { + r.in.database_id, &delta_enum_array->delta_enum[d])) { printf("Failed to handle DELTA_USER\n"); ret = false; } break; case NETR_DELTA_USER: if (!samsync_handle_user(tctx, delta_ctx, samsync_state, - r.in.database_id, &r.out.delta_enum_array->delta_enum[d])) { + r.in.database_id, &delta_enum_array->delta_enum[d])) { printf("Failed to handle DELTA_USER\n"); ret = false; } break; case NETR_DELTA_ALIAS: if (!samsync_handle_alias(delta_ctx, samsync_state, - r.in.database_id, &r.out.delta_enum_array->delta_enum[d])) { + r.in.database_id, &delta_enum_array->delta_enum[d])) { printf("Failed to handle DELTA_ALIAS\n"); ret = false; } break; case NETR_DELTA_POLICY: if (!samsync_handle_policy(delta_ctx, samsync_state, - r.in.database_id, &r.out.delta_enum_array->delta_enum[d])) { + r.in.database_id, &delta_enum_array->delta_enum[d])) { printf("Failed to handle DELTA_POLICY\n"); ret = false; } break; case NETR_DELTA_TRUSTED_DOMAIN: if (!samsync_handle_trusted_domain(delta_ctx, samsync_state, - r.in.database_id, &r.out.delta_enum_array->delta_enum[d])) { + r.in.database_id, &delta_enum_array->delta_enum[d])) { printf("Failed to handle DELTA_TRUSTED_DOMAIN\n"); ret = false; } break; case NETR_DELTA_ACCOUNT: if (!samsync_handle_account(delta_ctx, samsync_state, - r.in.database_id, &r.out.delta_enum_array->delta_enum[d])) { + r.in.database_id, &delta_enum_array->delta_enum[d])) { printf("Failed to handle DELTA_ACCOUNT\n"); ret = false; } break; case NETR_DELTA_SECRET: if (!samsync_handle_secret(delta_ctx, samsync_state, - r.in.database_id, &r.out.delta_enum_array->delta_enum[d])) { + r.in.database_id, &delta_enum_array->delta_enum[d])) { printf("Failed to handle DELTA_SECRET\n"); ret = false; } @@ -1239,7 +1251,7 @@ static bool test_DatabaseSync(struct torture_context *tctx, case NETR_DELTA_DELETE_USER2: case NETR_DELTA_MODIFY_COUNT: default: - printf("Uxpected delta type %d\n", r.out.delta_enum_array->delta_enum[d].delta_type); + printf("Uxpected delta type %d\n", delta_enum_array->delta_enum[d].delta_type); ret = false; break; } |