From 459a2301a5d63f5a1a6b27996c8a0358b20f2ab2 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Mon, 11 Sep 2006 05:11:10 +0000 Subject: r18361: Invert the way we handle LookupSids2/LookupSids3 and LookupNames3/LookupNames4 The latter calls don't supply a policy handle The latter calls now acquire a policy handle, then call the earlier calls. This means we still share the codepaths, but don't need to fetch policy state when it is already provided. Andrew Bartlett (This used to be commit 5fa9e96bd0d1f75e208be9a8a04dfc90a854bee9) --- source4/rpc_server/lsa/dcesrv_lsa.c | 121 +++++++++++++++++++++++++----------- 1 file changed, 85 insertions(+), 36 deletions(-) (limited to 'source4/rpc_server/lsa') diff --git a/source4/rpc_server/lsa/dcesrv_lsa.c b/source4/rpc_server/lsa/dcesrv_lsa.c index e39f461f99..5c0cc79575 100644 --- a/source4/rpc_server/lsa/dcesrv_lsa.c +++ b/source4/rpc_server/lsa/dcesrv_lsa.c @@ -395,6 +395,9 @@ static NTSTATUS lsa_get_policy_state(struct dcesrv_call_state *dce_call, TALLOC_ /* dssetup_DsRoleGetPrimaryDomainInformation + + This is not an LSA call, but is the only call left on the DSSETUP + pipe (after the pipe was truncated), and needs lsa_get_policy_state */ static WERROR dssetup_DsRoleGetPrimaryDomainInformation(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx, @@ -1554,11 +1557,11 @@ static NTSTATUS lsa_lookup_sid(struct lsa_policy_state *state, TALLOC_CTX *mem_c /* - lsa_LookupSids3 + lsa_LookupSids2 */ -static NTSTATUS lsa_LookupSids3(struct dcesrv_call_state *dce_call, +static NTSTATUS lsa_LookupSids2(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx, - struct lsa_LookupSids3 *r) + struct lsa_LookupSids2 *r) { struct lsa_policy_state *state; int i; @@ -1640,32 +1643,56 @@ static NTSTATUS lsa_LookupSids3(struct dcesrv_call_state *dce_call, /* - lsa_LookupSids2 + lsa_LookupSids3 + + Identical to LookupSids2, but doesn't take a policy handle + */ -static NTSTATUS lsa_LookupSids2(struct dcesrv_call_state *dce_call, +static NTSTATUS lsa_LookupSids3(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx, - struct lsa_LookupSids2 *r) + struct lsa_LookupSids3 *r) { - struct lsa_LookupSids3 r3; + struct lsa_LookupSids2 r2; + struct lsa_OpenPolicy2 pol; NTSTATUS status; + struct dcesrv_handle *h; - r3.in.sids = r->in.sids; - r3.in.names = r->in.names; - r3.in.level = r->in.level; - r3.in.count = r->in.count; - r3.in.unknown1 = r->in.unknown1; - r3.in.unknown2 = r->in.unknown2; - r3.out.count = r->out.count; - r3.out.names = r->out.names; + /* No policy handle on the wire, so make one up here */ + r2.in.handle = talloc(mem_ctx, struct policy_handle); + if (!r2.in.handle) { + return NT_STATUS_NO_MEMORY; + } - status = lsa_LookupSids3(dce_call, mem_ctx, &r3); + pol.out.handle = r2.in.handle; + pol.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED; + pol.in.attr = NULL; + pol.in.system_name = NULL; + status = lsa_OpenPolicy2(dce_call, mem_ctx, &pol); + if (!NT_STATUS_IS_OK(status)) { + return status; + } + + /* ensure this handle goes away at the end of this call */ + DCESRV_PULL_HANDLE(h, r2.in.handle, LSA_HANDLE_POLICY); + talloc_steal(mem_ctx, h); + + r2.in.sids = r->in.sids; + r2.in.names = r->in.names; + r2.in.level = r->in.level; + r2.in.count = r->in.count; + r2.in.unknown1 = r->in.unknown1; + r2.in.unknown2 = r->in.unknown2; + r2.out.count = r->out.count; + r2.out.names = r->out.names; + + status = lsa_LookupSids2(dce_call, mem_ctx, &r2); if (dce_call->fault_code != 0) { return status; } - r->out.domains = r3.out.domains; - r->out.names = r3.out.names; - r->out.count = r3.out.count; + r->out.domains = r2.out.domains; + r->out.names = r2.out.names; + r->out.count = r2.out.count; return status; } @@ -2987,20 +3014,20 @@ static NTSTATUS lsa_lookup_name(struct lsa_policy_state *state, TALLOC_CTX *mem_ /* - lsa_LookupNames4 + lsa_LookupNames3 */ -static NTSTATUS lsa_LookupNames4(struct dcesrv_call_state *dce_call, +static NTSTATUS lsa_LookupNames3(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx, - struct lsa_LookupNames4 *r) + struct lsa_LookupNames3 *r) { - struct lsa_policy_state *state; + struct lsa_policy_state *policy_state; + struct dcesrv_handle *policy_handle; int i; NTSTATUS status = NT_STATUS_OK; - status = lsa_get_policy_state(dce_call, mem_ctx, &state); - if (!NT_STATUS_IS_OK(status)) { - return status; - } + DCESRV_PULL_HANDLE(policy_handle, r->in.handle, LSA_HANDLE_POLICY); + + policy_state = policy_handle->data; r->out.domains = NULL; @@ -3036,7 +3063,7 @@ static NTSTATUS lsa_LookupNames4(struct dcesrv_call_state *dce_call, r->out.sids->sids[i].sid_index = 0xFFFFFFFF; r->out.sids->sids[i].unknown = 0; - status2 = lsa_lookup_name(state, mem_ctx, name, &sid, &atype); + status2 = lsa_lookup_name(policy_state, mem_ctx, name, &sid, &atype); if (!NT_STATUS_IS_OK(status2) || sid->num_auths == 0) { status = STATUS_SOME_UNMAPPED; continue; @@ -3048,7 +3075,7 @@ static NTSTATUS lsa_LookupNames4(struct dcesrv_call_state *dce_call, continue; } - status2 = lsa_authority_list(state, mem_ctx, sid, r->out.domains, &sid_index); + status2 = lsa_authority_list(policy_state, mem_ctx, sid, r->out.domains, &sid_index); if (!NT_STATUS_IS_OK(status2)) { return status2; } @@ -3063,16 +3090,38 @@ static NTSTATUS lsa_LookupNames4(struct dcesrv_call_state *dce_call, } /* - lsa_LookupNames3 + lsa_LookupNames4 + + Identical to LookupNames3, but doesn't take a policy handle + */ -static NTSTATUS lsa_LookupNames3(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx, - struct lsa_LookupNames3 *r) +static NTSTATUS lsa_LookupNames4(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx, + struct lsa_LookupNames4 *r) { - struct lsa_LookupNames4 r2; + struct lsa_LookupNames3 r2; + struct lsa_OpenPolicy2 pol; NTSTATUS status; struct dcesrv_handle *h; - DCESRV_PULL_HANDLE(h, r->in.handle, LSA_HANDLE_POLICY); - + + /* No policy handle on the wire, so make one up here */ + r2.in.handle = talloc(mem_ctx, struct policy_handle); + if (!r2.in.handle) { + return NT_STATUS_NO_MEMORY; + } + + pol.out.handle = r2.in.handle; + pol.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED; + pol.in.attr = NULL; + pol.in.system_name = NULL; + status = lsa_OpenPolicy2(dce_call, mem_ctx, &pol); + if (!NT_STATUS_IS_OK(status)) { + return status; + } + + /* ensure this handle goes away at the end of this call */ + DCESRV_PULL_HANDLE(h, r2.in.handle, LSA_HANDLE_POLICY); + talloc_steal(mem_ctx, h); + r2.in.num_names = r->in.num_names; r2.in.names = r->in.names; r2.in.sids = r->in.sids; @@ -3083,7 +3132,7 @@ static NTSTATUS lsa_LookupNames3(struct dcesrv_call_state *dce_call, TALLOC_CTX r2.out.sids = r->out.sids; r2.out.count = r->out.count; - status = lsa_LookupNames4(dce_call, mem_ctx, &r2); + status = lsa_LookupNames3(dce_call, mem_ctx, &r2); if (dce_call->fault_code != 0) { return status; } -- cgit