From 1ce0d9791be5265a13af8761f545b6c81dee2966 Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Thu, 16 Jul 2009 03:00:13 +0200 Subject: s3-lsa: implement _lsa_QueryTrustedDomainInfo(). MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Guenther Signed-off-by: Günther Deschner --- source3/rpc_server/lsa/srv_lsa_nt.c | 146 ++++++++++++++++++++++++++++++++++-- 1 file changed, 139 insertions(+), 7 deletions(-) (limited to 'source3/rpc_server/lsa') diff --git a/source3/rpc_server/lsa/srv_lsa_nt.c b/source3/rpc_server/lsa/srv_lsa_nt.c index 23b5869d2e..ca54d51410 100644 --- a/source3/rpc_server/lsa/srv_lsa_nt.c +++ b/source3/rpc_server/lsa/srv_lsa_nt.c @@ -1661,6 +1661,145 @@ NTSTATUS _lsa_DeleteTrustedDomain(struct pipes_struct *p, return NT_STATUS_OK; } +/*************************************************************************** + _lsa_QueryTrustedDomainInfo + ***************************************************************************/ + +NTSTATUS _lsa_QueryTrustedDomainInfo(struct pipes_struct *p, + struct lsa_QueryTrustedDomainInfo *r) +{ + NTSTATUS status; + struct lsa_info *handle; + union lsa_TrustedDomainInfo *info; + struct trustdom_info *trust_info; + uint32_t acc_required; + + /* find the connection policy handle. */ + if (!find_policy_by_hnd(p, r->in.trustdom_handle, (void **)(void *)&handle)) { + return NT_STATUS_INVALID_HANDLE; + } + + if (handle->type != LSA_HANDLE_TRUST_TYPE) { + return NT_STATUS_INVALID_HANDLE; + } + + switch (r->in.level) { + case LSA_TRUSTED_DOMAIN_INFO_NAME: + acc_required = LSA_TRUSTED_QUERY_DOMAIN_NAME; + break; + case LSA_TRUSTED_DOMAIN_INFO_CONTROLLERS: + acc_required = LSA_TRUSTED_QUERY_CONTROLLERS; + break; + case LSA_TRUSTED_DOMAIN_INFO_POSIX_OFFSET: + acc_required = LSA_TRUSTED_QUERY_POSIX; + break; + case LSA_TRUSTED_DOMAIN_INFO_PASSWORD: + acc_required = LSA_TRUSTED_QUERY_AUTH; + break; + case LSA_TRUSTED_DOMAIN_INFO_BASIC: + acc_required = LSA_TRUSTED_QUERY_DOMAIN_NAME; + break; + case LSA_TRUSTED_DOMAIN_INFO_INFO_EX: + acc_required = LSA_TRUSTED_QUERY_DOMAIN_NAME; + break; + case LSA_TRUSTED_DOMAIN_INFO_AUTH_INFO: + acc_required = LSA_TRUSTED_QUERY_AUTH; + break; + case LSA_TRUSTED_DOMAIN_INFO_FULL_INFO: + acc_required = LSA_TRUSTED_QUERY_DOMAIN_NAME | + LSA_TRUSTED_QUERY_POSIX | + LSA_TRUSTED_QUERY_AUTH; + break; + case LSA_TRUSTED_DOMAIN_INFO_AUTH_INFO_INTERNAL: + acc_required = LSA_TRUSTED_QUERY_AUTH; + break; + case LSA_TRUSTED_DOMAIN_INFO_FULL_INFO_INTERNAL: + acc_required = LSA_TRUSTED_QUERY_DOMAIN_NAME | + LSA_TRUSTED_QUERY_POSIX | + LSA_TRUSTED_QUERY_AUTH; + break; + case LSA_TRUSTED_DOMAIN_INFO_INFO_EX2_INTERNAL: + acc_required = LSA_TRUSTED_QUERY_DOMAIN_NAME; + break; + case LSA_TRUSTED_DOMAIN_INFO_FULL_INFO_2_INTERNAL: + acc_required = LSA_TRUSTED_QUERY_DOMAIN_NAME | + LSA_TRUSTED_QUERY_POSIX | + LSA_TRUSTED_QUERY_AUTH; + break; + case LSA_TRUSTED_DOMAIN_SUPPORTED_ENCRYPTION_TYPES: + acc_required = LSA_TRUSTED_QUERY_POSIX; + break; + default: + return NT_STATUS_INVALID_PARAMETER; + } + + if (!(handle->access & acc_required)) { + return NT_STATUS_ACCESS_DENIED; + } + + status = lsa_lookup_trusted_domain_by_sid(p->mem_ctx, + &handle->sid, + &trust_info); + if (!NT_STATUS_IS_OK(status)) { + return status; + } + + info = TALLOC_ZERO_P(p->mem_ctx, union lsa_TrustedDomainInfo); + if (!info) { + return NT_STATUS_NO_MEMORY; + } + + switch (r->in.level) { + case LSA_TRUSTED_DOMAIN_INFO_NAME: + init_lsa_StringLarge(&info->name.netbios_name, trust_info->name); + break; + case LSA_TRUSTED_DOMAIN_INFO_CONTROLLERS: + return NT_STATUS_INVALID_PARAMETER; + case LSA_TRUSTED_DOMAIN_INFO_POSIX_OFFSET: + break; + case LSA_TRUSTED_DOMAIN_INFO_PASSWORD: + return NT_STATUS_INVALID_INFO_CLASS; + case LSA_TRUSTED_DOMAIN_INFO_BASIC: + init_lsa_String(&info->info_basic.netbios_name, trust_info->name); + info->info_basic.sid = dom_sid_dup(info, &trust_info->sid); + if (!info->info_basic.sid) { + return NT_STATUS_NO_MEMORY; + } + break; + case LSA_TRUSTED_DOMAIN_INFO_INFO_EX: + init_lsa_StringLarge(&info->info_ex.domain_name, trust_info->name); + init_lsa_StringLarge(&info->info_ex.netbios_name, trust_info->name); + info->info_ex.sid = dom_sid_dup(info, &trust_info->sid); + if (!info->info_ex.sid) { + return NT_STATUS_NO_MEMORY; + } + info->info_ex.trust_direction = LSA_TRUST_DIRECTION_OUTBOUND; + info->info_ex.trust_type = LSA_TRUST_TYPE_DOWNLEVEL; + info->info_ex.trust_attributes = 0; + break; + case LSA_TRUSTED_DOMAIN_INFO_AUTH_INFO: + return NT_STATUS_INVALID_INFO_CLASS; + case LSA_TRUSTED_DOMAIN_INFO_FULL_INFO: + break; + case LSA_TRUSTED_DOMAIN_INFO_AUTH_INFO_INTERNAL: + return NT_STATUS_INVALID_INFO_CLASS; + case LSA_TRUSTED_DOMAIN_INFO_FULL_INFO_INTERNAL: + return NT_STATUS_INVALID_INFO_CLASS; + case LSA_TRUSTED_DOMAIN_INFO_INFO_EX2_INTERNAL: + return NT_STATUS_INVALID_PARAMETER; + case LSA_TRUSTED_DOMAIN_INFO_FULL_INFO_2_INTERNAL: + break; + case LSA_TRUSTED_DOMAIN_SUPPORTED_ENCRYPTION_TYPES: + break; + default: + return NT_STATUS_INVALID_PARAMETER; + } + + *r->out.info = info; + + return NT_STATUS_OK; +} + /*************************************************************************** ***************************************************************************/ @@ -2758,13 +2897,6 @@ NTSTATUS _lsa_SetQuotasForAccount(struct pipes_struct *p, return NT_STATUS_NOT_IMPLEMENTED; } -NTSTATUS _lsa_QueryTrustedDomainInfo(struct pipes_struct *p, - struct lsa_QueryTrustedDomainInfo *r) -{ - p->rng_fault_state = True; - return NT_STATUS_NOT_IMPLEMENTED; -} - NTSTATUS _lsa_SetInformationTrustedDomain(struct pipes_struct *p, struct lsa_SetInformationTrustedDomain *r) { -- cgit