From c9d929af8ba018816df69734bed1c197d0c3b7f2 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Wed, 7 Dec 2011 16:03:04 +1100 Subject: s4-lsarpc handle more info levels in SetInfoTrustedDomain calls This uses the very helpful conversion functions written for the s3 lsa server and places these in common. Andrew Bartlett --- libcli/auth/wscript_build | 2 +- libcli/lsarpc/util_lsarpc.c | 360 ++++++++++++++++++++++++++++++++ libcli/lsarpc/util_lsarpc.h | 37 ++++ libcli/lsarpc/wscript_build | 5 + selftest/knownfail | 2 +- source3/Makefile.in | 4 +- source3/rpc_client/util_lsarpc.c | 336 ----------------------------- source3/rpc_client/util_lsarpc.h | 32 --- source3/rpc_server/lsa/srv_lsa_nt.c | 2 +- source3/torture/test_authinfo_structs.c | 2 +- source3/wscript_build | 4 +- source4/rpc_server/lsa/dcesrv_lsa.c | 22 +- source4/rpc_server/wscript_build | 2 +- wscript_build | 1 + 14 files changed, 431 insertions(+), 380 deletions(-) create mode 100644 libcli/lsarpc/util_lsarpc.c create mode 100644 libcli/lsarpc/util_lsarpc.h create mode 100644 libcli/lsarpc/wscript_build delete mode 100644 source3/rpc_client/util_lsarpc.c delete mode 100644 source3/rpc_client/util_lsarpc.h diff --git a/libcli/auth/wscript_build b/libcli/auth/wscript_build index a140df2cc0..ff8b82ebd0 100644 --- a/libcli/auth/wscript_build +++ b/libcli/auth/wscript_build @@ -2,7 +2,7 @@ bld.SAMBA_LIBRARY('cliauth', source='', - deps='NTLMSSP_COMMON MSRPC_PARSE LIBCLI_AUTH COMMON_SCHANNEL PAM_ERRORS SPNEGO_PARSE KRB5_WRAP errors NTLM_CHECK', + deps='NTLMSSP_COMMON MSRPC_PARSE LIBCLI_AUTH COMMON_SCHANNEL PAM_ERRORS SPNEGO_PARSE KRB5_WRAP errors NTLM_CHECK UTIL_LSARPC', private_library=True, grouping_library=True) diff --git a/libcli/lsarpc/util_lsarpc.c b/libcli/lsarpc/util_lsarpc.c new file mode 100644 index 0000000000..0243e09e4b --- /dev/null +++ b/libcli/lsarpc/util_lsarpc.c @@ -0,0 +1,360 @@ +/* + Unix SMB/CIFS implementation. + Authentication utility functions + Copyright (C) Sumit Bose 2010 + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 3 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program. If not, see . +*/ + +#include "includes.h" +#include "../librpc/gen_ndr/ndr_drsblobs.h" +#include "../librpc/gen_ndr/ndr_lsa.h" +#include "libcli/lsarpc/util_lsarpc.h" + +static NTSTATUS ai_array_2_trust_domain_info_buffer(TALLOC_CTX *mem_ctx, + uint32_t count, + struct AuthenticationInformationArray *ai, + struct lsa_TrustDomainInfoBuffer **_b) +{ + NTSTATUS status; + struct lsa_TrustDomainInfoBuffer *b; + int i; + + b = talloc_array(mem_ctx, struct lsa_TrustDomainInfoBuffer, count); + if (b == NULL) { + return NT_STATUS_NO_MEMORY; + } + + for(i = 0; i < count; i++) { + size_t size = 0; + b[i].last_update_time = ai->array[i].LastUpdateTime; + b[i].AuthType = ai->array[i].AuthType; + switch(ai->array[i].AuthType) { + case TRUST_AUTH_TYPE_NONE: + b[i].data.size = 0; + b[i].data.data = NULL; + break; + case TRUST_AUTH_TYPE_NT4OWF: + if (ai->array[i].AuthInfo.nt4owf.size != 16) { + status = NT_STATUS_INVALID_PARAMETER; + goto fail; + } + b[i].data.data = (uint8_t *)talloc_memdup(b, + &ai->array[i].AuthInfo.nt4owf.password.hash, + 16); + if (b[i].data.data == NULL) { + status = NT_STATUS_NO_MEMORY; + goto fail; + } + break; + case TRUST_AUTH_TYPE_CLEAR: + if (!convert_string_talloc(b, + CH_UTF16LE, CH_UNIX, + ai->array[i].AuthInfo.clear.password, + ai->array[i].AuthInfo.clear.size, + &b[i].data.data, + &size)) { + status = NT_STATUS_INVALID_PARAMETER; + goto fail; + } + b[i].data.size = size; + break; + case TRUST_AUTH_TYPE_VERSION: + if (ai->array[i].AuthInfo.version.size != 4) { + status = NT_STATUS_INVALID_PARAMETER; + goto fail; + } + b[i].data.size = 4; + b[i].data.data = (uint8_t *)talloc_memdup(b, + &ai->array[i].AuthInfo.version.version, 4); + if (b[i].data.data == NULL) { + status = NT_STATUS_NO_MEMORY; + goto fail; + } + break; + default: + status = NT_STATUS_INVALID_PARAMETER; + goto fail; + } + } + + *_b = b; + + return NT_STATUS_OK; + +fail: + talloc_free(b); + return status; +} + +static NTSTATUS trustauth_inout_blob_2_auth_info(TALLOC_CTX *mem_ctx, + DATA_BLOB *inout_blob, + uint32_t *count, + struct lsa_TrustDomainInfoBuffer **current, + struct lsa_TrustDomainInfoBuffer **previous) +{ + NTSTATUS status; + struct trustAuthInOutBlob iopw; + enum ndr_err_code ndr_err; + TALLOC_CTX *tmp_ctx; + + tmp_ctx = talloc_new(mem_ctx); + if (tmp_ctx == NULL) { + return NT_STATUS_NO_MEMORY; + } + + ndr_err = ndr_pull_struct_blob(inout_blob, tmp_ctx, &iopw, + (ndr_pull_flags_fn_t)ndr_pull_trustAuthInOutBlob); + if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) { + status = NT_STATUS_INVALID_PARAMETER; + goto done; + } + + *count = iopw.count; + + status = ai_array_2_trust_domain_info_buffer(mem_ctx, iopw.count, + &iopw.current, current); + if (!NT_STATUS_IS_OK(status)) { + goto done; + } + + if (iopw.previous.count > 0) { + status = ai_array_2_trust_domain_info_buffer(mem_ctx, iopw.count, + &iopw.previous, previous); + if (!NT_STATUS_IS_OK(status)) { + goto done; + } + } else { + *previous = NULL; + } + + status = NT_STATUS_OK; + +done: + talloc_free(tmp_ctx); + return status; +} + +NTSTATUS auth_blob_2_auth_info(TALLOC_CTX *mem_ctx, + DATA_BLOB incoming, DATA_BLOB outgoing, + struct lsa_TrustDomainInfoAuthInfo *auth_info) +{ + NTSTATUS status; + + if (incoming.length != 0) { + status = trustauth_inout_blob_2_auth_info(mem_ctx, + &incoming, + &auth_info->incoming_count, + &auth_info->incoming_current_auth_info, + &auth_info->incoming_previous_auth_info); + if (!NT_STATUS_IS_OK(status)) { + return status; + } + } else { + auth_info->incoming_count = 0; + auth_info->incoming_current_auth_info = NULL; + auth_info->incoming_previous_auth_info = NULL; + } + + if (outgoing.length != 0) { + status = trustauth_inout_blob_2_auth_info(mem_ctx, + &outgoing, + &auth_info->outgoing_count, + &auth_info->outgoing_current_auth_info, + &auth_info->outgoing_previous_auth_info); + if (!NT_STATUS_IS_OK(status)) { + return status; + } + } else { + auth_info->outgoing_count = 0; + auth_info->outgoing_current_auth_info = NULL; + auth_info->outgoing_previous_auth_info = NULL; + } + + return NT_STATUS_OK; +} + +static NTSTATUS trust_domain_info_buffer_2_ai_array(TALLOC_CTX *mem_ctx, + uint32_t count, + struct lsa_TrustDomainInfoBuffer *b, + struct AuthenticationInformationArray *ai) +{ + NTSTATUS status; + int i; + + ai->count = count; + ai->array = talloc_zero_array(mem_ctx, struct AuthenticationInformation, + count); + if (ai->array == NULL) { + return NT_STATUS_NO_MEMORY; + } + + for(i = 0; i < count; i++) { + size_t size = 0; + ai->array[i].LastUpdateTime = b[i].last_update_time; + ai->array[i].AuthType = b[i].AuthType; + switch(ai->array[i].AuthType) { + case TRUST_AUTH_TYPE_NONE: + ai->array[i].AuthInfo.none.size = 0; + break; + case TRUST_AUTH_TYPE_NT4OWF: + if (b[i].data.size != 16) { + status = NT_STATUS_INVALID_PARAMETER; + goto fail; + } + memcpy(&ai->array[i].AuthInfo.nt4owf.password.hash, + b[i].data.data, 16); + break; + case TRUST_AUTH_TYPE_CLEAR: + if (!convert_string_talloc(ai->array, + CH_UNIX, CH_UTF16, + b[i].data.data, + b[i].data.size, + &ai->array[i].AuthInfo.clear.password, + &size)) { + status = NT_STATUS_INVALID_PARAMETER; + goto fail; + } + ai->array[i].AuthInfo.clear.size = size; + break; + case TRUST_AUTH_TYPE_VERSION: + if (b[i].data.size != 4) { + status = NT_STATUS_INVALID_PARAMETER; + goto fail; + } + ai->array[i].AuthInfo.version.size = 4; + memcpy(&ai->array[i].AuthInfo.version.version, + b[i].data.data, 4); + break; + default: + status = NT_STATUS_INVALID_PARAMETER; + goto fail; + } + } + + return NT_STATUS_OK; + +fail: + talloc_free(ai->array); + return status; +} + +NTSTATUS auth_info_2_trustauth_inout(TALLOC_CTX *mem_ctx, + uint32_t count, + struct lsa_TrustDomainInfoBuffer *current, + struct lsa_TrustDomainInfoBuffer *previous, + struct trustAuthInOutBlob **iopw_out) +{ + NTSTATUS status; + struct trustAuthInOutBlob *iopw; + enum ndr_err_code ndr_err; + + iopw = talloc_zero(mem_ctx, struct trustAuthInOutBlob); + if (iopw == NULL) { + return NT_STATUS_NO_MEMORY; + } + + iopw->count = count; + status = trust_domain_info_buffer_2_ai_array(iopw, count, current, + &iopw->current); + if (!NT_STATUS_IS_OK(status)) { + goto done; + } + + if (previous != NULL) { + status = trust_domain_info_buffer_2_ai_array(iopw, count, + previous, + &iopw->previous); + if (!NT_STATUS_IS_OK(status)) { + goto done; + } + } else { + iopw->previous.count = 0; + iopw->previous.array = NULL; + } + + *iopw_out = iopw; + + status = NT_STATUS_OK; + +done: + return status; +} + +static NTSTATUS auth_info_2_trustauth_inout_blob(TALLOC_CTX *mem_ctx, + uint32_t count, + struct lsa_TrustDomainInfoBuffer *current, + struct lsa_TrustDomainInfoBuffer *previous, + DATA_BLOB *inout_blob) +{ + NTSTATUS status; + struct trustAuthInOutBlob *iopw = NULL; + enum ndr_err_code ndr_err; + + status = auth_info_2_trustauth_inout(mem_ctx, count, current, previous, &iopw); + + if (!NT_STATUS_IS_OK(status)) { + goto done; + } + + ndr_err = ndr_push_struct_blob(inout_blob, mem_ctx, + iopw, + (ndr_push_flags_fn_t)ndr_push_trustAuthInOutBlob); + if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) { + return NT_STATUS_INVALID_PARAMETER; + } + + status = NT_STATUS_OK; + +done: + talloc_free(iopw); + return status; +} + +NTSTATUS auth_info_2_auth_blob(TALLOC_CTX *mem_ctx, + struct lsa_TrustDomainInfoAuthInfo *auth_info, + DATA_BLOB *incoming, DATA_BLOB *outgoing) +{ + NTSTATUS status; + + if (auth_info->incoming_count == 0) { + incoming->length = 0; + incoming->data = NULL; + } else { + status = auth_info_2_trustauth_inout_blob(mem_ctx, + auth_info->incoming_count, + auth_info->incoming_current_auth_info, + auth_info->incoming_previous_auth_info, + incoming); + if (!NT_STATUS_IS_OK(status)) { + return status; + } + } + + if (auth_info->outgoing_count == 0) { + outgoing->length = 0; + outgoing->data = NULL; + } else { + status = auth_info_2_trustauth_inout_blob(mem_ctx, + auth_info->outgoing_count, + auth_info->outgoing_current_auth_info, + auth_info->outgoing_previous_auth_info, + outgoing); + if (!NT_STATUS_IS_OK(status)) { + return status; + } + } + + return NT_STATUS_OK; +} diff --git a/libcli/lsarpc/util_lsarpc.h b/libcli/lsarpc/util_lsarpc.h new file mode 100644 index 0000000000..2b471745f1 --- /dev/null +++ b/libcli/lsarpc/util_lsarpc.h @@ -0,0 +1,37 @@ +/* + Unix SMB/CIFS implementation. + Authentication utility functions + Copyright (C) Sumit Bose 2010 + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 3 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program. If not, see . +*/ + +#ifndef _LIBCLI_AUTH_UTIL_LSARPC_H_ +#define _LIBCLI_AUTH_UTIL_LSARPC_H_ + +/* The following definitions come from libcli/auth/util_lsarpc.c */ + +NTSTATUS auth_blob_2_auth_info(TALLOC_CTX *mem_ctx, + DATA_BLOB incoming, DATA_BLOB outgoing, + struct lsa_TrustDomainInfoAuthInfo *auth_info); +NTSTATUS auth_info_2_trustauth_inout(TALLOC_CTX *mem_ctx, + uint32_t count, + struct lsa_TrustDomainInfoBuffer *current, + struct lsa_TrustDomainInfoBuffer *previous, + struct trustAuthInOutBlob **iopw_out); +NTSTATUS auth_info_2_auth_blob(TALLOC_CTX *mem_ctx, + struct lsa_TrustDomainInfoAuthInfo *auth_info, + DATA_BLOB *incoming, DATA_BLOB *outgoing); + +#endif /* _LIBCLI_AUTH_UTIL_LSARPC_H_ */ diff --git a/libcli/lsarpc/wscript_build b/libcli/lsarpc/wscript_build new file mode 100644 index 0000000000..feb3970041 --- /dev/null +++ b/libcli/lsarpc/wscript_build @@ -0,0 +1,5 @@ +#!/usr/bin/env python + +bld.SAMBA_SUBSYSTEM('UTIL_LSARPC', + source='util_lsarpc.c', + deps='NDR_LSA'); diff --git a/selftest/knownfail b/selftest/knownfail index 589a784298..9e52fa8943 100644 --- a/selftest/knownfail +++ b/selftest/knownfail @@ -106,4 +106,4 @@ ^samba4.ldap.acl.*.AclSearchTests.test_search4$ # ACL search behaviour not enabled by default ^samba4.ldap.acl.*.AclSearchTests.test_search5$ # ACL search behaviour not enabled by default ^samba4.ldap.acl.*.AclSearchTests.test_search6$ # ACL search behaviour not enabled by default -^samba4.rpc.lsa.forest # Not fully provided by Samba 4 +^samba4.rpc.lsa.forest.trust #Not fully provided by Samba4 diff --git a/source3/Makefile.in b/source3/Makefile.in index 0d89c14fbf..b0c17f6cff 100644 --- a/source3/Makefile.in +++ b/source3/Makefile.in @@ -704,7 +704,7 @@ DCE_RPC_EP_OBJ = librpc/rpc/dcerpc_ep.o RPC_LSARPC_OBJ = rpc_server/lsa/srv_lsa_nt.o \ librpc/gen_ndr/srv_lsa.o \ - rpc_client/util_lsarpc.o + ../libcli/lsarpc/util_lsarpc.o RPC_NETLOGON_OBJ = rpc_server/netlogon/srv_netlog_nt.o \ librpc/gen_ndr/srv_netlogon.o @@ -1271,7 +1271,7 @@ SMBTORTURE_OBJ = $(SMBTORTURE_OBJ1) $(PARAM_OBJ) $(TLDAP_OBJ) \ @LIBWBCLIENT_STATIC@ \ torture/wbc_async.o \ ../nsswitch/wb_reqtrans.o \ - rpc_client/util_lsarpc.o \ + ../libcli/lsarpc/util_lsarpc.o \ $(LIBMSRPC_OBJ) $(LIBMSRPC_GEN_OBJ) $(LIBCLI_ECHO_OBJ) MASKTEST_OBJ = torture/masktest.o $(PARAM_OBJ) $(LIBSMB_OBJ) $(KRBCLIENT_OBJ) \ diff --git a/source3/rpc_client/util_lsarpc.c b/source3/rpc_client/util_lsarpc.c deleted file mode 100644 index d67144b18f..0000000000 --- a/source3/rpc_client/util_lsarpc.c +++ /dev/null @@ -1,336 +0,0 @@ -/* - Unix SMB/CIFS implementation. - Authentication utility functions - Copyright (C) Sumit Bose 2010 - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 3 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program. If not, see . -*/ - -#include "includes.h" -#include "../librpc/gen_ndr/ndr_drsblobs.h" -#include "../librpc/gen_ndr/ndr_lsa.h" -#include "rpc_client/util_lsarpc.h" - -static NTSTATUS ai_array_2_trust_domain_info_buffer(TALLOC_CTX *mem_ctx, - uint32_t count, - struct AuthenticationInformationArray *ai, - struct lsa_TrustDomainInfoBuffer **_b) -{ - NTSTATUS status; - struct lsa_TrustDomainInfoBuffer *b; - int i; - - b = talloc_array(mem_ctx, struct lsa_TrustDomainInfoBuffer, count); - if (b == NULL) { - return NT_STATUS_NO_MEMORY; - } - - for(i = 0; i < count; i++) { - size_t size = 0; - b[i].last_update_time = ai->array[i].LastUpdateTime; - b[i].AuthType = ai->array[i].AuthType; - switch(ai->array[i].AuthType) { - case TRUST_AUTH_TYPE_NONE: - b[i].data.size = 0; - b[i].data.data = NULL; - break; - case TRUST_AUTH_TYPE_NT4OWF: - if (ai->array[i].AuthInfo.nt4owf.size != 16) { - status = NT_STATUS_INVALID_PARAMETER; - goto fail; - } - b[i].data.data = (uint8_t *)talloc_memdup(b, - &ai->array[i].AuthInfo.nt4owf.password.hash, - 16); - if (b[i].data.data == NULL) { - status = NT_STATUS_NO_MEMORY; - goto fail; - } - break; - case TRUST_AUTH_TYPE_CLEAR: - if (!convert_string_talloc(b, - CH_UTF16LE, CH_UNIX, - ai->array[i].AuthInfo.clear.password, - ai->array[i].AuthInfo.clear.size, - &b[i].data.data, - &size)) { - status = NT_STATUS_INVALID_PARAMETER; - goto fail; - } - b[i].data.size = size; - break; - case TRUST_AUTH_TYPE_VERSION: - if (ai->array[i].AuthInfo.version.size != 4) { - status = NT_STATUS_INVALID_PARAMETER; - goto fail; - } - b[i].data.size = 4; - b[i].data.data = (uint8_t *)talloc_memdup(b, - &ai->array[i].AuthInfo.version.version, 4); - if (b[i].data.data == NULL) { - status = NT_STATUS_NO_MEMORY; - goto fail; - } - break; - default: - status = NT_STATUS_INVALID_PARAMETER; - goto fail; - } - } - - *_b = b; - - return NT_STATUS_OK; - -fail: - talloc_free(b); - return status; -} - -static NTSTATUS trustauth_inout_blob_2_auth_info(TALLOC_CTX *mem_ctx, - DATA_BLOB *inout_blob, - uint32_t *count, - struct lsa_TrustDomainInfoBuffer **current, - struct lsa_TrustDomainInfoBuffer **previous) -{ - NTSTATUS status; - struct trustAuthInOutBlob iopw; - enum ndr_err_code ndr_err; - TALLOC_CTX *tmp_ctx; - - tmp_ctx = talloc_new(mem_ctx); - if (tmp_ctx == NULL) { - return NT_STATUS_NO_MEMORY; - } - - ndr_err = ndr_pull_struct_blob(inout_blob, tmp_ctx, &iopw, - (ndr_pull_flags_fn_t)ndr_pull_trustAuthInOutBlob); - if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) { - status = NT_STATUS_INVALID_PARAMETER; - goto done; - } - - *count = iopw.count; - - status = ai_array_2_trust_domain_info_buffer(mem_ctx, iopw.count, - &iopw.current, current); - if (!NT_STATUS_IS_OK(status)) { - goto done; - } - - if (iopw.previous.count > 0) { - status = ai_array_2_trust_domain_info_buffer(mem_ctx, iopw.count, - &iopw.previous, previous); - if (!NT_STATUS_IS_OK(status)) { - goto done; - } - } else { - *previous = NULL; - } - - status = NT_STATUS_OK; - -done: - talloc_free(tmp_ctx); - return status; -} - -NTSTATUS auth_blob_2_auth_info(TALLOC_CTX *mem_ctx, - DATA_BLOB incoming, DATA_BLOB outgoing, - struct lsa_TrustDomainInfoAuthInfo *auth_info) -{ - NTSTATUS status; - - if (incoming.length != 0) { - status = trustauth_inout_blob_2_auth_info(mem_ctx, - &incoming, - &auth_info->incoming_count, - &auth_info->incoming_current_auth_info, - &auth_info->incoming_previous_auth_info); - if (!NT_STATUS_IS_OK(status)) { - return status; - } - } else { - auth_info->incoming_count = 0; - auth_info->incoming_current_auth_info = NULL; - auth_info->incoming_previous_auth_info = NULL; - } - - if (outgoing.length != 0) { - status = trustauth_inout_blob_2_auth_info(mem_ctx, - &outgoing, - &auth_info->outgoing_count, - &auth_info->outgoing_current_auth_info, - &auth_info->outgoing_previous_auth_info); - if (!NT_STATUS_IS_OK(status)) { - return status; - } - } else { - auth_info->outgoing_count = 0; - auth_info->outgoing_current_auth_info = NULL; - auth_info->outgoing_previous_auth_info = NULL; - } - - return NT_STATUS_OK; -} - -static NTSTATUS trust_domain_info_buffer_2_ai_array(TALLOC_CTX *mem_ctx, - uint32_t count, - struct lsa_TrustDomainInfoBuffer *b, - struct AuthenticationInformationArray *ai) -{ - NTSTATUS status; - int i; - - ai->count = count; - ai->array = talloc_zero_array(mem_ctx, struct AuthenticationInformation, - count); - if (ai->array == NULL) { - return NT_STATUS_NO_MEMORY; - } - - for(i = 0; i < count; i++) { - size_t size = 0; - ai->array[i].LastUpdateTime = b[i].last_update_time; - ai->array[i].AuthType = b[i].AuthType; - switch(ai->array[i].AuthType) { - case TRUST_AUTH_TYPE_NONE: - ai->array[i].AuthInfo.none.size = 0; - break; - case TRUST_AUTH_TYPE_NT4OWF: - if (b[i].data.size != 16) { - status = NT_STATUS_INVALID_PARAMETER; - goto fail; - } - memcpy(&ai->array[i].AuthInfo.nt4owf.password.hash, - b[i].data.data, 16); - break; - case TRUST_AUTH_TYPE_CLEAR: - if (!convert_string_talloc(ai->array, - CH_UNIX, CH_UTF16, - b[i].data.data, - b[i].data.size, - &ai->array[i].AuthInfo.clear.password, - &size)) { - status = NT_STATUS_INVALID_PARAMETER; - goto fail; - } - ai->array[i].AuthInfo.clear.size = size; - break; - case TRUST_AUTH_TYPE_VERSION: - if (b[i].data.size != 4) { - status = NT_STATUS_INVALID_PARAMETER; - goto fail; - } - ai->array[i].AuthInfo.version.size = 4; - memcpy(&ai->array[i].AuthInfo.version.version, - b[i].data.data, 4); - break; - default: - status = NT_STATUS_INVALID_PARAMETER; - goto fail; - } - } - - return NT_STATUS_OK; - -fail: - talloc_free(ai->array); - return status; -} - -static NTSTATUS auth_info_2_trustauth_inout_blob(TALLOC_CTX *mem_ctx, - uint32_t count, - struct lsa_TrustDomainInfoBuffer *current, - struct lsa_TrustDomainInfoBuffer *previous, - DATA_BLOB *inout_blob) -{ - NTSTATUS status; - struct trustAuthInOutBlob *iopw; - enum ndr_err_code ndr_err; - - iopw = talloc_zero(mem_ctx, struct trustAuthInOutBlob); - if (iopw == NULL) { - return NT_STATUS_NO_MEMORY; - } - - iopw->count = count; - status = trust_domain_info_buffer_2_ai_array(iopw, count, current, - &iopw->current); - if (!NT_STATUS_IS_OK(status)) { - goto done; - } - - if (previous != NULL) { - status = trust_domain_info_buffer_2_ai_array(iopw, count, - previous, - &iopw->previous); - if (!NT_STATUS_IS_OK(status)) { - goto done; - } - } else { - iopw->previous.count = 0; - iopw->previous.array = NULL; - } - - ndr_err = ndr_push_struct_blob(inout_blob, mem_ctx, - iopw, - (ndr_push_flags_fn_t)ndr_push_trustAuthInOutBlob); - if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) { - return NT_STATUS_INVALID_PARAMETER; - } - - status = NT_STATUS_OK; - -done: - talloc_free(iopw); - return status; -} - -NTSTATUS auth_info_2_auth_blob(TALLOC_CTX *mem_ctx, - struct lsa_TrustDomainInfoAuthInfo *auth_info, - DATA_BLOB *incoming, DATA_BLOB *outgoing) -{ - NTSTATUS status; - - if (auth_info->incoming_count == 0) { - incoming->length = 0; - incoming->data = NULL; - } else { - status = auth_info_2_trustauth_inout_blob(mem_ctx, - auth_info->incoming_count, - auth_info->incoming_current_auth_info, - auth_info->incoming_previous_auth_info, - incoming); - if (!NT_STATUS_IS_OK(status)) { - return status; - } - } - - if (auth_info->outgoing_count == 0) { - outgoing->length = 0; - outgoing->data = NULL; - } else { - status = auth_info_2_trustauth_inout_blob(mem_ctx, - auth_info->outgoing_count, - auth_info->outgoing_current_auth_info, - auth_info->outgoing_previous_auth_info, - outgoing); - if (!NT_STATUS_IS_OK(status)) { - return status; - } - } - - return NT_STATUS_OK; -} diff --git a/source3/rpc_client/util_lsarpc.h b/source3/rpc_client/util_lsarpc.h deleted file mode 100644 index 0aa5e25b7a..0000000000 --- a/source3/rpc_client/util_lsarpc.h +++ /dev/null @@ -1,32 +0,0 @@ -/* - Unix SMB/CIFS implementation. - Authentication utility functions - Copyright (C) Sumit Bose 2010 - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 3 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program. If not, see . -*/ - -#ifndef _RPC_CLIENT_UTIL_LSARPC_H_ -#define _RPC_CLIENT_UTIL_LSARPC_H_ - -/* The following definitions come from rpc_client/util_lsarpc.c */ - -NTSTATUS auth_blob_2_auth_info(TALLOC_CTX *mem_ctx, - DATA_BLOB incoming, DATA_BLOB outgoing, - struct lsa_TrustDomainInfoAuthInfo *auth_info); -NTSTATUS auth_info_2_auth_blob(TALLOC_CTX *mem_ctx, - struct lsa_TrustDomainInfoAuthInfo *auth_info, - DATA_BLOB *incoming, DATA_BLOB *outgoing); - -#endif /* _RPC_CLIENT_UTIL_LSARPC_H_ */ diff --git a/source3/rpc_server/lsa/srv_lsa_nt.c b/source3/rpc_server/lsa/srv_lsa_nt.c index a83938acbe..0a5cda503d 100644 --- a/source3/rpc_server/lsa/srv_lsa_nt.c +++ b/source3/rpc_server/lsa/srv_lsa_nt.c @@ -48,7 +48,7 @@ #include "rpc_server/srv_access_check.h" #include "../librpc/gen_ndr/ndr_wkssvc.h" #include "../libcli/auth/libcli_auth.h" -#include "rpc_client/util_lsarpc.h" +#include "../libcli/lsarpc/util_lsarpc.h" #undef DBGC_CLASS #define DBGC_CLASS DBGC_RPC_SRV diff --git a/source3/torture/test_authinfo_structs.c b/source3/torture/test_authinfo_structs.c index eea253dddc..0b5cff7b04 100644 --- a/source3/torture/test_authinfo_structs.c +++ b/source3/torture/test_authinfo_structs.c @@ -21,7 +21,7 @@ #include "includes.h" #include "torture/proto.h" #include "librpc/gen_ndr/lsa.h" -#include "rpc_client/util_lsarpc.h" +#include "libcli/lsarpc/util_lsarpc.h" static bool cmp_TrustDomainInfoBuffer(struct lsa_TrustDomainInfoBuffer a, struct lsa_TrustDomainInfoBuffer b) diff --git a/source3/wscript_build b/source3/wscript_build index 8ca98b33b0..b07539f7f6 100755 --- a/source3/wscript_build +++ b/source3/wscript_build @@ -32,7 +32,7 @@ DRSUAPI_SRC = '''${COMPRESSION_SRC}''' LIBCLI_SPOOLSS_SRC = '''rpc_client/cli_spoolss.c rpc_client/init_spoolss.c''' -LIBCLI_LSA_SRC = '''rpc_client/cli_lsarpc.c rpc_client/util_lsarpc.c''' +LIBCLI_LSA_SRC = '''rpc_client/cli_lsarpc.c''' LIBCLI_SAMR_SRC = 'rpc_client/cli_samr.c' @@ -1077,7 +1077,7 @@ bld.SAMBA3_SUBSYSTEM('LIBCLI_SAMR', bld.SAMBA3_LIBRARY('libcli_lsa3', source=LIBCLI_LSA_SRC, - deps='RPC_NDR_LSA INIT_LSA', + deps='RPC_NDR_LSA INIT_LSA UTIL_LSARPC', private_library=True) bld.SAMBA3_LIBRARY('libcli_netlogon3', diff --git a/source4/rpc_server/lsa/dcesrv_lsa.c b/source4/rpc_server/lsa/dcesrv_lsa.c index acab1874af..609fb65308 100644 --- a/source4/rpc_server/lsa/dcesrv_lsa.c +++ b/source4/rpc_server/lsa/dcesrv_lsa.c @@ -32,6 +32,7 @@ #include "dsdb/common/util.h" #include "libcli/security/session.h" #include "kdc/kdc-policy.h" +#include "libcli/lsarpc/util_lsarpc.h" /* this type allows us to distinguish handle types @@ -1601,7 +1602,7 @@ static NTSTATUS setInfoTrustedDomain_base(struct dcesrv_call_state *dce_call, uint32_t *enc_types = NULL; DATA_BLOB trustAuthIncoming, trustAuthOutgoing, auth_blob; struct trustDomainPasswords auth_struct; - struct AuthenticationInformationArray *current_passwords = NULL; + struct trustAuthInOutBlob *current_passwords = NULL; NTSTATUS nt_status; struct ldb_message **msgs; struct ldb_message *msg; @@ -1644,8 +1645,23 @@ static NTSTATUS setInfoTrustedDomain_base(struct dcesrv_call_state *dce_call, } if (auth_info) { - /* FIXME: not handled yet */ - return NT_STATUS_INVALID_PARAMETER; + nt_status = auth_info_2_auth_blob(mem_ctx, auth_info, + &trustAuthIncoming, + &trustAuthOutgoing); + if (!NT_STATUS_IS_OK(nt_status)) { + return nt_status; + } + if (trustAuthIncoming.data) { + /* This does the decode of some of this twice, but it is easier that way */ + nt_status = auth_info_2_trustauth_inout(mem_ctx, + auth_info->incoming_count, + auth_info->incoming_current_auth_info, + NULL, + ¤t_passwords); + if (!NT_STATUS_IS_OK(nt_status)) { + return nt_status; + } + } } /* decode auth_info_int if set */ diff --git a/source4/rpc_server/wscript_build b/source4/rpc_server/wscript_build index cf6d71227b..ffdee2394a 100755 --- a/source4/rpc_server/wscript_build +++ b/source4/rpc_server/wscript_build @@ -93,7 +93,7 @@ bld.SAMBA_MODULE('dcerpc_lsarpc', autoproto='lsa/proto.h', subsystem='dcerpc_server', init_function='dcerpc_server_lsa_init', - deps='samdb DCERPC_COMMON ndr-standard LIBCLI_AUTH NDR_DSSETUP com_err security kdc-policy' + deps='samdb DCERPC_COMMON ndr-standard LIBCLI_AUTH NDR_DSSETUP com_err security kdc-policy UTIL_LSARPC' ) diff --git a/wscript_build b/wscript_build index b11c642188..5e0c05c216 100644 --- a/wscript_build +++ b/wscript_build @@ -102,6 +102,7 @@ bld.RECURSE('libcli/ldap') bld.RECURSE('libcli/nbt') bld.RECURSE('libcli/netlogon') bld.RECURSE('libcli/auth') +bld.RECURSE('libcli/lsarpc') bld.RECURSE('libcli/drsuapi') bld.RECURSE('libcli/echo') bld.RECURSE('libcli/samsync') -- cgit