svn commit: samba r9888 - in branches/SAMBA_4_0/source: librpc/idl rpc_server/lsa torture/rpc

Thu Sep 1 10:36:49 GMT 2005

Author: gd
Date: 2005-09-01 10:36:48 +0000 (Thu, 01 Sep 2005)
New Revision: 9888

WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=9888

Log:
add IDL for lsa_QueryDomainInformationPolicy to query Kerberos Settings.

Guenther

Modified:
   branches/SAMBA_4_0/source/librpc/idl/lsa.idl
   branches/SAMBA_4_0/source/rpc_server/lsa/dcesrv_lsa.c
   branches/SAMBA_4_0/source/torture/rpc/lsa.c


Changeset:
Modified: branches/SAMBA_4_0/source/librpc/idl/lsa.idl
===================================================================

--- branches/SAMBA_4_0/source/librpc/idl/lsa.idl	2005-09-01 09:34:03 UTC (rev 9887)
+++ branches/SAMBA_4_0/source/librpc/idl/lsa.idl	2005-09-01 10:36:48 UTC (rev 9888)
@@ -738,10 +738,45 @@
 	NTSTATUS lsa_CloseTrustedDomainEx();
 
 	/* Function 0x35 */
-	NTSTATUS lsa_QueryDomainInformationPolicy();
 
+	/* w2k3 returns either 0x000bbbd000000000 or 0x000a48e800000000 
+	   for unknown6 - gd */
+	typedef struct {
+		uint32 enforce_restrictions;
+		hyper service_tkt_lifetime;
+		hyper user_tkt_lifetime;
+		hyper user_tkt_renewaltime;
+		hyper clock_skew;
+		hyper unknown6;
+	} lsa_DomainInfoKerberos;
+
+	typedef struct {
+		uint32 blob_size;
+		[size_is(blob_size)] uint8 *efs_blob;
+	} lsa_DomainInfoEfs;
+
+	typedef enum {
+		LSA_DOMAIN_INFO_POLICY_EFS=2,
+		LSA_DOMAIN_INFO_POLICY_KERBEROS=3
+	} lsa_DomainInfoEnum;
+
+	typedef [switch_type(uint16)] union {
+		[case(LSA_DOMAIN_INFO_POLICY_EFS)]	lsa_DomainInfoEfs	efs_info;
+		[case(LSA_DOMAIN_INFO_POLICY_KERBEROS)]	lsa_DomainInfoKerberos	kerberos_info;
+	} lsa_DomainInformationPolicy;
+
+	NTSTATUS lsa_QueryDomainInformationPolicy(
+		[in,ref]		policy_handle *handle,
+		[in] 			uint16 level,
+		[out,switch_is(level)]	lsa_DomainInformationPolicy *info
+		);
+
 	/* Function 0x36 */
-	NTSTATUS lsa_SetDomInfoPolicy();
+	NTSTATUS lsa_SetDomainInformationPolicy(
+		[in,ref]		policy_handle *handle,
+		[in] 			uint16 level,
+		[in,switch_is(level)]	lsa_DomainInformationPolicy *info
+		);
 
 	/**********************/
 	/* Function 0x37 */

Modified: branches/SAMBA_4_0/source/rpc_server/lsa/dcesrv_lsa.c
===================================================================
--- branches/SAMBA_4_0/source/rpc_server/lsa/dcesrv_lsa.c	2005-09-01 09:34:03 UTC (rev 9887)
+++ branches/SAMBA_4_0/source/rpc_server/lsa/dcesrv_lsa.c	2005-09-01 10:36:48 UTC (rev 9888)
@@ -2479,9 +2479,9 @@
 /*
   lsa_SetDomInfoPolicy
 */
-static NTSTATUS lsa_SetDomInfoPolicy(struct dcesrv_call_state *dce_call,
-				     TALLOC_CTX *mem_ctx,
-				     struct lsa_SetDomInfoPolicy *r)
+static NTSTATUS lsa_SetDomainInformationPolicy(struct dcesrv_call_state *dce_call,
+					      TALLOC_CTX *mem_ctx,
+					      struct lsa_SetDomainInformationPolicy *r)
 {
 	DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
 }

Modified: branches/SAMBA_4_0/source/torture/rpc/lsa.c
===================================================================
--- branches/SAMBA_4_0/source/torture/rpc/lsa.c	2005-09-01 09:34:03 UTC (rev 9887)
+++ branches/SAMBA_4_0/source/torture/rpc/lsa.c	2005-09-01 10:36:48 UTC (rev 9888)
@@ -1477,6 +1477,35 @@
 	return ret;
 }
 
+static BOOL test_QueryDomainInfoPolicy(struct dcerpc_pipe *p, 
+				 TALLOC_CTX *mem_ctx, 
+				 struct policy_handle *handle)
+{
+	struct lsa_QueryDomainInformationPolicy r;
+	NTSTATUS status;
+	int i;
+	BOOL ret = True;
+	printf("\nTesting QueryDomainInformationPolicy\n");
+
+	for (i=2;i<4;i++) {
+		r.in.handle = handle;
+		r.in.level = i;
+
+		printf("\ntrying QueryDomainInformationPolicy level %d\n", i);
+
+		status = dcerpc_lsa_QueryDomainInformationPolicy(p, mem_ctx, &r);
+
+		if (!NT_STATUS_IS_OK(status)) {
+			printf("QueryDomainInformationPolicy failed - %s\n", nt_errstr(status));
+			ret = False;
+			continue;
+		}
+	}
+
+	return ret;
+}
+
+
 static BOOL test_QueryInfoPolicy(struct dcerpc_pipe *p, 
 				 TALLOC_CTX *mem_ctx, 
 				 struct policy_handle *handle)
@@ -1630,6 +1659,10 @@
 		ret = False;
 	}
 
+	if (!test_QueryDomainInfoPolicy(p, mem_ctx, &handle)) {
+		ret = False;
+	}
+
 	if (!test_many_LookupSids(p, mem_ctx, &handle)) {
 		ret = False;
 	}

