svn commit: samba r3904 - in branches/SAMBA_4_0/source: librpc/idl
rpc_server/lsa torture/rpc
abartlet at samba.org
abartlet at samba.org
Mon Nov 22 08:47:47 GMT 2004
Author: abartlet
Date: 2004-11-22 08:47:47 +0000 (Mon, 22 Nov 2004)
New Revision: 3904
WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=3904
Log:
* Add new LSA calls to open trusted domains
* Add new tests for ACCOUNTs in SamSync
* Clean up names in NETLOGON and LSA
* Verify Security Descriptors against LSA, as well as SamR
Andrew Bartlett
Modified:
branches/SAMBA_4_0/source/librpc/idl/lsa.idl
branches/SAMBA_4_0/source/librpc/idl/netlogon.idl
branches/SAMBA_4_0/source/rpc_server/lsa/dcesrv_lsa.c
branches/SAMBA_4_0/source/torture/rpc/lsa.c
branches/SAMBA_4_0/source/torture/rpc/samlogon.c
Changeset:
Modified: branches/SAMBA_4_0/source/librpc/idl/lsa.idl
===================================================================
--- branches/SAMBA_4_0/source/librpc/idl/lsa.idl 2004-11-22 08:31:36 UTC (rev 3903)
+++ branches/SAMBA_4_0/source/librpc/idl/lsa.idl 2004-11-22 08:47:47 UTC (rev 3904)
@@ -56,10 +56,10 @@
/******************/
/* Function: 0x03 */
- NTSTATUS lsa_QuerySecObj (
+ NTSTATUS lsa_QuerySecurity (
[in,ref] policy_handle *handle,
[in] uint32 sec_info,
- [out] sec_desc_buf *sd
+ [out] sec_desc_buf *sdbuf
);
@@ -396,8 +396,15 @@
NTSTATUS lsa_GetSystemAccessAccount();
/* Function: 0x18 */
NTSTATUS lsa_SetSystemAccessAccount();
+
/* Function: 0x19 */
- NTSTATUS lsa_OpenTrustedDomain();
+ NTSTATUS lsa_OpenTrustedDomain(
+ [in,ref] policy_handle *handle,
+ [in,ref] dom_sid2 *sid,
+ [in] uint32 access_mask,
+ [out,ref] policy_handle *trustdom_handle
+ );
+
/* Function: 0x1a */
NTSTATUS lsa_QueryInfoTrustedDomain();
/* Function: 0x1b */
@@ -566,7 +573,12 @@
NTSTATUS lsa_SetDomInfoPolicy();
/* Function 0x37 */
- NTSTATUS lsa_OpenTrustedDomainByName();
+ NTSTATUS lsa_OpenTrustedDomainByName(
+ [in,ref] policy_handle *handle,
+ [in] lsa_Name name,
+ [in] uint32 access_mask,
+ [out,ref] policy_handle *trustdom_handle
+ );
/* Function 0x38 */
NTSTATUS lsa_TestCall();
Modified: branches/SAMBA_4_0/source/librpc/idl/netlogon.idl
===================================================================
--- branches/SAMBA_4_0/source/librpc/idl/netlogon.idl 2004-11-22 08:31:36 UTC (rev 3903)
+++ branches/SAMBA_4_0/source/librpc/idl/netlogon.idl 2004-11-22 08:47:47 UTC (rev 3904)
@@ -255,6 +255,8 @@
/* Function 0x05 */
/* secure channel types */
+ /* Only SEC_CHAN_WKSTA can forward requests to other domains. */
+
const int SEC_CHAN_WKSTA = 2;
const int SEC_CHAN_DOMAIN = 4;
const int SEC_CHAN_BDC = 6;
@@ -527,7 +529,7 @@
uint32 unknown6;
uint32 unknown7;
uint32 unknown8;
- } netr_DELTA_ACCOUNTS;
+ } netr_DELTA_ACCOUNT;
typedef struct {
uint16 unknown;
@@ -574,9 +576,9 @@
NETR_DELTA_RENAME_ALIAS = 11,
NETR_DELTA_ALIAS_MEMBER = 12,
NETR_DELTA_POLICY = 13,
- NETR_DELTA_TRUSTED_DOMAIN = 14,
+ NETR_DELTA_TRUSTED_DOMAIN = 14,
NETR_DELTA_DELETE_TRUST = 15,
- NETR_DELTA_ACCOUNTS = 16,
+ NETR_DELTA_ACCOUNT = 16,
NETR_DELTA_DELETE_ACCOUNT = 17,
NETR_DELTA_SECRET = 18,
NETR_DELTA_DELETE_SECRET = 19,
@@ -599,9 +601,9 @@
[case(NETR_DELTA_RENAME_ALIAS)] netr_DELTA_RENAME *rename_alias;
[case(NETR_DELTA_ALIAS_MEMBER)] netr_DELTA_ALIAS_MEMBER *alias_member;
[case(NETR_DELTA_POLICY)] netr_DELTA_POLICY *policy;
- [case(NETR_DELTA_TRUSTED_DOMAIN)] netr_DELTA_TRUSTED_DOMAIN *trusted_domain;
+ [case(NETR_DELTA_TRUSTED_DOMAIN)] netr_DELTA_TRUSTED_DOMAIN *trusted_domain;
[case(NETR_DELTA_DELETE_TRUST)] netr_DELTA_DELETE_TRUST delete_trust;
- [case(NETR_DELTA_ACCOUNTS)] netr_DELTA_ACCOUNTS *accounts;
+ [case(NETR_DELTA_ACCOUNT)] netr_DELTA_ACCOUNT *account;
[case(NETR_DELTA_DELETE_ACCOUNT)] netr_DELTA_DELETE_ACCOUNT delete_account;
[case(NETR_DELTA_SECRET)] netr_DELTA_SECRET *secret;
[case(NETR_DELTA_DELETE_SECRET)] netr_DELTA_DELETE_SECRET delete_secret;
@@ -626,7 +628,7 @@
[case(NETR_DELTA_POLICY)] dom_sid2 *sid;
[case(NETR_DELTA_TRUSTED_DOMAIN)] dom_sid2 *sid;
[case(NETR_DELTA_DELETE_TRUST)] dom_sid2 *sid;
- [case(NETR_DELTA_ACCOUNTS)] dom_sid2 *sid;
+ [case(NETR_DELTA_ACCOUNT)] dom_sid2 *sid;
[case(NETR_DELTA_DELETE_ACCOUNT)] dom_sid2 *sid;
[case(NETR_DELTA_SECRET)] unistr *name;
[case(NETR_DELTA_DELETE_SECRET)] unistr *name;
Modified: branches/SAMBA_4_0/source/rpc_server/lsa/dcesrv_lsa.c
===================================================================
--- branches/SAMBA_4_0/source/rpc_server/lsa/dcesrv_lsa.c 2004-11-22 08:31:36 UTC (rev 3903)
+++ branches/SAMBA_4_0/source/rpc_server/lsa/dcesrv_lsa.c 2004-11-22 08:47:47 UTC (rev 3904)
@@ -113,8 +113,8 @@
/*
lsa_QuerySecObj
*/
-static NTSTATUS lsa_QuerySecObj(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
- struct lsa_QuerySecObj *r)
+static NTSTATUS lsa_QuerySecurity(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
+ struct lsa_QuerySecurity *r)
{
DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
}
Modified: branches/SAMBA_4_0/source/torture/rpc/lsa.c
===================================================================
--- branches/SAMBA_4_0/source/torture/rpc/lsa.c 2004-11-22 08:31:36 UTC (rev 3903)
+++ branches/SAMBA_4_0/source/torture/rpc/lsa.c 2004-11-22 08:47:47 UTC (rev 3904)
@@ -523,22 +523,22 @@
}
-static BOOL test_QuerySecObj(struct dcerpc_pipe *p,
+static BOOL test_QuerySecurity(struct dcerpc_pipe *p,
TALLOC_CTX *mem_ctx,
struct policy_handle *handle,
struct policy_handle *acct_handle)
{
NTSTATUS status;
- struct lsa_QuerySecObj r;
+ struct lsa_QuerySecurity r;
- printf("Testing QuerySecObj\n");
+ printf("Testing QuerySecuriy\n");
r.in.handle = acct_handle;
r.in.sec_info = 7;
- status = dcerpc_lsa_QuerySecObj(p, mem_ctx, &r);
+ status = dcerpc_lsa_QuerySecurity(p, mem_ctx, &r);
if (!NT_STATUS_IS_OK(status)) {
- printf("QuerySecObj failed - %s\n", nt_errstr(status));
+ printf("QuerySecurity failed - %s\n", nt_errstr(status));
return False;
}
@@ -571,7 +571,7 @@
return False;
}
- if (!test_QuerySecObj(p, mem_ctx, handle, &acct_handle)) {
+ if (!test_QuerySecurity(p, mem_ctx, handle, &acct_handle)) {
return False;
}
@@ -746,6 +746,8 @@
NTSTATUS status;
uint32_t resume_handle = 0;
struct lsa_DomainList domains;
+ int i;
+ BOOL ret = True;
printf("\nTesting EnumTrustDom\n");
@@ -767,7 +769,59 @@
return False;
}
- return True;
+ printf("\nTesting OpenTrustedDomain and OpenTrustedDomainByName\n");
+
+ for (i=0; i< domains.count; i++) {
+ struct lsa_OpenTrustedDomain trust;
+ struct lsa_OpenTrustedDomainByName trust_by_name;
+ struct policy_handle trust_handle;
+ struct policy_handle handle2;
+ struct lsa_Close c;
+
+ trust.in.handle = handle;
+ trust.in.sid = domains.domains[i].sid;
+ trust.in.access_mask = SEC_RIGHTS_MAXIMUM_ALLOWED;
+ trust.out.trustdom_handle = &trust_handle;
+
+ status = dcerpc_lsa_OpenTrustedDomain(p, mem_ctx, &trust);
+
+ if (!NT_STATUS_IS_OK(status)) {
+ printf("OpenTrustedDomain failed - %s\n", nt_errstr(status));
+ return False;
+ }
+
+ c.in.handle = &trust_handle;
+ c.out.handle = &handle2;
+
+ status = dcerpc_lsa_Close(p, mem_ctx, &c);
+ if (!NT_STATUS_IS_OK(status)) {
+ printf("Close of trusted doman failed - %s\n", nt_errstr(status));
+ return False;
+ }
+
+ trust_by_name.in.handle = handle;
+ trust_by_name.in.name = domains.domains[i].name;
+ trust_by_name.in.access_mask = SEC_RIGHTS_MAXIMUM_ALLOWED;
+ trust_by_name.out.trustdom_handle = &trust_handle;
+
+ status = dcerpc_lsa_OpenTrustedDomainByName(p, mem_ctx, &trust_by_name);
+
+ if (!NT_STATUS_IS_OK(status)) {
+ printf("OpenTrustedDomainByName failed - %s\n", nt_errstr(status));
+ return False;
+ }
+
+ c.in.handle = &trust_handle;
+ c.out.handle = &handle2;
+
+ status = dcerpc_lsa_Close(p, mem_ctx, &c);
+ if (!NT_STATUS_IS_OK(status)) {
+ printf("Close of trusted doman failed - %s\n", nt_errstr(status));
+ return False;
+ }
+ }
+
+ return ret;
}
static BOOL test_QueryInfoPolicy(struct dcerpc_pipe *p,
Modified: branches/SAMBA_4_0/source/torture/rpc/samlogon.c
===================================================================
--- branches/SAMBA_4_0/source/torture/rpc/samlogon.c 2004-11-22 08:31:36 UTC (rev 3903)
+++ branches/SAMBA_4_0/source/torture/rpc/samlogon.c 2004-11-22 08:47:47 UTC (rev 3904)
@@ -1031,7 +1031,7 @@
}
if (!test_SetupCredentials(p, mem_ctx,
- TEST_MACHINE_NAME, machine_pass, &creds)) {
+ TEST_MACHINE_NAME, machine_pass, &creds)) {
ret = False;
}
More information about the samba-cvs
mailing list