From ad44611170d7f24544cd62424a5729aef03acd21 Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Thu, 1 Sep 2005 10:36:48 +0000 Subject: r9888: add IDL for lsa_QueryDomainInformationPolicy to query Kerberos Settings. Guenther (This used to be commit d717e878bdc05b06adcc50c3527c339be8164145) --- source4/librpc/idl/lsa.idl | 39 +++++++++++++++++++++++++++++++++++-- source4/rpc_server/lsa/dcesrv_lsa.c | 6 +++--- source4/torture/rpc/lsa.c | 33 +++++++++++++++++++++++++++++++ 3 files changed, 73 insertions(+), 5 deletions(-) diff --git a/source4/librpc/idl/lsa.idl b/source4/librpc/idl/lsa.idl index 83251b37db..0927e6ef85 100644 --- a/source4/librpc/idl/lsa.idl +++ b/source4/librpc/idl/lsa.idl @@ -738,10 +738,45 @@ NTSTATUS lsa_CloseTrustedDomainEx(); /* Function 0x35 */ - NTSTATUS lsa_QueryDomainInformationPolicy(); + + /* w2k3 returns either 0x000bbbd000000000 or 0x000a48e800000000 + for unknown6 - gd */ + typedef struct { + uint32 enforce_restrictions; + hyper service_tkt_lifetime; + hyper user_tkt_lifetime; + hyper user_tkt_renewaltime; + hyper clock_skew; + hyper unknown6; + } lsa_DomainInfoKerberos; + + typedef struct { + uint32 blob_size; + [size_is(blob_size)] uint8 *efs_blob; + } lsa_DomainInfoEfs; + + typedef enum { + LSA_DOMAIN_INFO_POLICY_EFS=2, + LSA_DOMAIN_INFO_POLICY_KERBEROS=3 + } lsa_DomainInfoEnum; + + typedef [switch_type(uint16)] union { + [case(LSA_DOMAIN_INFO_POLICY_EFS)] lsa_DomainInfoEfs efs_info; + [case(LSA_DOMAIN_INFO_POLICY_KERBEROS)] lsa_DomainInfoKerberos kerberos_info; + } lsa_DomainInformationPolicy; + + NTSTATUS lsa_QueryDomainInformationPolicy( + [in,ref] policy_handle *handle, + [in] uint16 level, + [out,switch_is(level)] lsa_DomainInformationPolicy *info + ); /* Function 0x36 */ - NTSTATUS lsa_SetDomInfoPolicy(); + NTSTATUS lsa_SetDomainInformationPolicy( + [in,ref] policy_handle *handle, + [in] uint16 level, + [in,switch_is(level)] lsa_DomainInformationPolicy *info + ); /**********************/ /* Function 0x37 */ diff --git a/source4/rpc_server/lsa/dcesrv_lsa.c b/source4/rpc_server/lsa/dcesrv_lsa.c index b976330bee..55fc992080 100644 --- a/source4/rpc_server/lsa/dcesrv_lsa.c +++ b/source4/rpc_server/lsa/dcesrv_lsa.c @@ -2479,9 +2479,9 @@ static NTSTATUS lsa_QueryDomainInformationPolicy(struct dcesrv_call_state *dce_c /* lsa_SetDomInfoPolicy */ -static NTSTATUS lsa_SetDomInfoPolicy(struct dcesrv_call_state *dce_call, - TALLOC_CTX *mem_ctx, - struct lsa_SetDomInfoPolicy *r) +static NTSTATUS lsa_SetDomainInformationPolicy(struct dcesrv_call_state *dce_call, + TALLOC_CTX *mem_ctx, + struct lsa_SetDomainInformationPolicy *r) { DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR); } diff --git a/source4/torture/rpc/lsa.c b/source4/torture/rpc/lsa.c index f723f68a02..7630056503 100644 --- a/source4/torture/rpc/lsa.c +++ b/source4/torture/rpc/lsa.c @@ -1477,6 +1477,35 @@ static BOOL test_CreateTrustedDomain(struct dcerpc_pipe *p, return ret; } +static BOOL test_QueryDomainInfoPolicy(struct dcerpc_pipe *p, + TALLOC_CTX *mem_ctx, + struct policy_handle *handle) +{ + struct lsa_QueryDomainInformationPolicy r; + NTSTATUS status; + int i; + BOOL ret = True; + printf("\nTesting QueryDomainInformationPolicy\n"); + + for (i=2;i<4;i++) { + r.in.handle = handle; + r.in.level = i; + + printf("\ntrying QueryDomainInformationPolicy level %d\n", i); + + status = dcerpc_lsa_QueryDomainInformationPolicy(p, mem_ctx, &r); + + if (!NT_STATUS_IS_OK(status)) { + printf("QueryDomainInformationPolicy failed - %s\n", nt_errstr(status)); + ret = False; + continue; + } + } + + return ret; +} + + static BOOL test_QueryInfoPolicy(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx, struct policy_handle *handle) @@ -1630,6 +1659,10 @@ BOOL torture_rpc_lsa(void) ret = False; } + if (!test_QueryDomainInfoPolicy(p, mem_ctx, &handle)) { + ret = False; + } + if (!test_many_LookupSids(p, mem_ctx, &handle)) { ret = False; } -- cgit