[SCM] Samba Shared Repository - branch master updated
Günther Deschner
gd at samba.org
Fri Sep 20 02:33:02 UTC 2019
The branch, master has been updated
via 2d5facc9547 s4-torture: add netr_LogonGetDomainInfo NDR(64) tests
via 634ab14f0d2 s4-torture: reformat test table in ndr test
via fda5b839c70 torture: add torture_suite_add_ndr_pull_io_test_flags()
via 742d8ba9c4b s3-rpcclient: add logongetdomaininfo command
via 6e47f9ab377 libcli/auth: add netlogon_creds_cli_LogonGetDomainInfo()
via 8f0751b8b7c netlogon.idl: fix the marshalling of netr_trust_extension_container for NDR64
via 0fea2707fb0 netlogon.idl: fix the marshalling of netr_OsVersion for NDR64
via c87cf54684b security.idl: add SE_GROUP_INTEGRITY[_ENABLED] to security_GroupAttrs
via 09de6f06182 librpc/idl: change from samr_GroupAttrs in samr.idl to security_GroupAttrs in security.idl
via 73b93e1a705 security.idl: add GUID_DRS_ALLOWED_TO_AUTHENTICATE
via a7e49897c4a misc: fix AD trust attributes in adssearch
via 7ba90c17343 lsa: document new LSA trust attributes
via d78c87e665e s3-winbindd: fix forest trusts with additional trust attributes.
from 82512034563 s3-libads: adapt to coding standards, no code changes
https://git.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit 2d5facc95478801580eb52d4d4441660c5fa2697
Author: Günther Deschner <gd at samba.org>
Date: Wed Sep 18 19:41:50 2019 +0200
s4-torture: add netr_LogonGetDomainInfo NDR(64) tests
Guenther
Signed-off-by: Guenther Deschner <gd at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
Autobuild-User(master): Günther Deschner <gd at samba.org>
Autobuild-Date(master): Fri Sep 20 02:32:44 UTC 2019 on sn-devel-184
commit 634ab14f0d246fab28cf14ad9664cecf3ca5335a
Author: Günther Deschner <gd at samba.org>
Date: Thu Sep 19 01:55:09 2019 +0200
s4-torture: reformat test table in ndr test
Guenther
Signed-off-by: Guenther Deschner <gd at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
commit fda5b839c705725301fc17562d08a927751b890b
Author: Günther Deschner <gd at samba.org>
Date: Wed Sep 18 19:48:40 2019 +0200
torture: add torture_suite_add_ndr_pull_io_test_flags()
Guenther
Signed-off-by: Guenther Deschner <gd at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
commit 742d8ba9c4b9e6e70898f08a50f9929662bbafb6
Author: Günther Deschner <gd at samba.org>
Date: Wed Sep 18 04:11:33 2019 +0200
s3-rpcclient: add logongetdomaininfo command
Guenther
Signed-off-by: Guenther Deschner <gd at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
commit 6e47f9ab37744d628cc6b723f4838e81202f2df6
Author: Stefan Metzmacher <metze at samba.org>
Date: Mon Jul 20 14:00:05 2015 +0200
libcli/auth: add netlogon_creds_cli_LogonGetDomainInfo()
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Guenther Deschner <gd at samba.org>
commit 8f0751b8b7cd45fc7186b467d814eb5231821e34
Author: Stefan Metzmacher <metze at samba.org>
Date: Thu Aug 15 13:22:43 2019 +0200
netlogon.idl: fix the marshalling of netr_trust_extension_container for NDR64
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Guenther Deschner <gd at samba.org>
commit 0fea2707fb05897eec3c26bd4814669832142382
Author: Stefan Metzmacher <metze at samba.org>
Date: Thu Aug 15 13:22:43 2019 +0200
netlogon.idl: fix the marshalling of netr_OsVersion for NDR64
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Guenther Deschner <gd at samba.org>
commit c87cf54684be606aa8f9b420f5c4f710de2a363a
Author: Stefan Metzmacher <metze at samba.org>
Date: Tue Mar 20 12:40:25 2018 +0100
security.idl: add SE_GROUP_INTEGRITY[_ENABLED] to security_GroupAttrs
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Guenther Deschner <gd at samba.org>
commit 09de6f06182ede5bee3cb0c5408ce4082c62ccc2
Author: Stefan Metzmacher <metze at samba.org>
Date: Tue Mar 20 12:39:02 2018 +0100
librpc/idl: change from samr_GroupAttrs in samr.idl to security_GroupAttrs in security.idl
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Guenther Deschner <gd at samba.org>
commit 73b93e1a70508346e813e311179e2ed538adfe6b
Author: Stefan Metzmacher <metze at samba.org>
Date: Thu Feb 1 23:44:33 2018 +0100
security.idl: add GUID_DRS_ALLOWED_TO_AUTHENTICATE
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Guenther Deschner <gd at samba.org>
commit a7e49897c4ad84a5d7710ac78a09802fe66f9d16
Author: Günther Deschner <gd at samba.org>
Date: Thu Sep 12 23:27:13 2019 +0200
misc: fix AD trust attributes in adssearch
Guenther
Signed-off-by: Guenther Deschner <gd at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
commit 7ba90c17343cc9921e1d44a5055d39602dbb6ba1
Author: Günther Deschner <gd at samba.org>
Date: Thu Sep 12 16:36:20 2019 +0200
lsa: document new LSA trust attributes
Guenther
Signed-off-by: Guenther Deschner <gd at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
commit d78c87e665e23e6470a19a69383ede7137172c26
Author: Günther Deschner <gd at samba.org>
Date: Thu Sep 12 16:39:10 2019 +0200
s3-winbindd: fix forest trusts with additional trust attributes.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14130
Guenther
Signed-off-by: Guenther Deschner <gd at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
-----------------------------------------------------------------------
Summary of changes:
examples/misc/adssearch.pl | 17 +-
libcli/auth/netlogon_creds_cli.c | 281 +++++++++++-
libcli/auth/netlogon_creds_cli.h | 17 +
librpc/idl/drsuapi.idl | 4 +-
librpc/idl/lsa.idl | 19 +-
librpc/idl/netlogon.idl | 35 +-
librpc/idl/samr.idl | 22 +-
librpc/idl/security.idl | 15 +-
source3/rpcclient/cmd_netlogon.c | 52 ++-
source3/winbindd/winbindd_ads.c | 2 +-
source3/winbindd/winbindd_util.c | 2 +-
source4/dsdb/tests/python/token_group.py | 2 +-
source4/rpc_server/netlogon/dcerpc_netlogon.c | 22 +-
source4/torture/ndr/ndr.c | 4 +
source4/torture/ndr/ndr.h | 10 +
source4/torture/ndr/netlogon.c | 625 +++++++++++++++++++++++++-
source4/torture/rpc/netlogon.c | 8 +-
17 files changed, 1066 insertions(+), 71 deletions(-)
Changeset truncated at 500 lines:
diff --git a/examples/misc/adssearch.pl b/examples/misc/adssearch.pl
index 7c3570abd6e..fc24811b626 100755
--- a/examples/misc/adssearch.pl
+++ b/examples/misc/adssearch.pl
@@ -285,10 +285,17 @@ my %ads_sdeffective = (
);
my %ads_trustattrs = (
- "TRUST_ATTRIBUTE_NON_TRANSITIVE" => 1,
- "TRUST_ATTRIBUTE_TREE_PARENT" => 2,
- "TRUST_ATTRIBUTE_TREE_ROOT" => 3,
- "TRUST_ATTRIBUTE_UPLEVEL_ONLY" => 4,
+ "TRUST_ATTRIBUTE_NON_TRANSITIVE" => 0x00000001,
+ "TRUST_ATTRIBUTE_UPLEVEL_ONLY" => 0x00000002,
+ "TRUST_ATTRIBUTE_QUARANTINED_DOMAIN" => 0x00000004,
+ "TRUST_ATTRIBUTE_FOREST_TRANSITIVE" => 0x00000008,
+ "TRUST_ATTRIBUTE_CROSS_ORGANIZATION" => 0x00000010,
+ "TRUST_ATTRIBUTE_WITHIN_FOREST" => 0x00000020,
+ "TRUST_ATTRIBUTE_TREAT_AS_EXTERNAL" => 0x00000040,
+ "TRUST_ATTRIBUTE_USES_RC4_ENCRYPTION" => 0x00000080,
+ "TRUST_ATTRIBUTE_CROSS_ORGANIZATION_NO_TGT_DELEGATION" => 0x00000200,
+ "TRUST_ATTRIBUTE_PIM_TRUST" => 0x00000400,
+ "TRUST_ATTRIBUTE_CROSS_ORGANIZATION_ENABLE_TGT_DELEGATION" => 0x00000800,
);
my %ads_trustdirection = (
@@ -1283,7 +1290,7 @@ sub dump_sdeffective {
}
sub dump_trustattr {
- return dump_bitmask_equal(@_,%ads_trustattrs);
+ return dump_bitmask_and(@_,%ads_trustattrs);
}
sub dump_trusttype {
diff --git a/libcli/auth/netlogon_creds_cli.c b/libcli/auth/netlogon_creds_cli.c
index c5a100c3c0e..3cc18e7fa60 100644
--- a/libcli/auth/netlogon_creds_cli.c
+++ b/libcli/auth/netlogon_creds_cli.c
@@ -3528,7 +3528,6 @@ NTSTATUS netlogon_creds_cli_GetForestTrustInformation(
TALLOC_FREE(frame);
return status;
}
-
struct netlogon_creds_cli_SendToSam_state {
struct tevent_context *ev;
struct netlogon_creds_cli_context *context;
@@ -3793,3 +3792,283 @@ NTSTATUS netlogon_creds_cli_SendToSam(struct netlogon_creds_cli_context *context
TALLOC_FREE(frame);
return status;
}
+
+struct netlogon_creds_cli_LogonGetDomainInfo_state {
+ struct tevent_context *ev;
+ struct netlogon_creds_cli_context *context;
+ struct dcerpc_binding_handle *binding_handle;
+
+ char *srv_name_slash;
+ enum dcerpc_AuthType auth_type;
+ enum dcerpc_AuthLevel auth_level;
+
+ uint32_t level;
+ union netr_WorkstationInfo *query;
+ union netr_DomainInfo *info;
+
+ struct netlogon_creds_CredentialState *creds;
+ struct netlogon_creds_CredentialState tmp_creds;
+ struct netr_Authenticator req_auth;
+ struct netr_Authenticator rep_auth;
+};
+
+static void netlogon_creds_cli_LogonGetDomainInfo_cleanup(struct tevent_req *req,
+ NTSTATUS status);
+static void netlogon_creds_cli_LogonGetDomainInfo_locked(struct tevent_req *subreq);
+
+struct tevent_req *netlogon_creds_cli_LogonGetDomainInfo_send(TALLOC_CTX *mem_ctx,
+ struct tevent_context *ev,
+ struct netlogon_creds_cli_context *context,
+ struct dcerpc_binding_handle *b,
+ uint32_t level,
+ union netr_WorkstationInfo *query)
+{
+ struct tevent_req *req;
+ struct netlogon_creds_cli_LogonGetDomainInfo_state *state;
+ struct tevent_req *subreq;
+
+ req = tevent_req_create(mem_ctx, &state,
+ struct netlogon_creds_cli_LogonGetDomainInfo_state);
+ if (req == NULL) {
+ return NULL;
+ }
+
+ state->ev = ev;
+ state->context = context;
+ state->binding_handle = b;
+
+ state->srv_name_slash = talloc_asprintf(state, "\\\\%s",
+ context->server.computer);
+ if (tevent_req_nomem(state->srv_name_slash, req)) {
+ return tevent_req_post(req, ev);
+ }
+
+ state->level = level;
+ state->query = query;
+ state->info = talloc_zero(state, union netr_DomainInfo);
+ if (tevent_req_nomem(state->info, req)) {
+ return tevent_req_post(req, ev);
+ }
+
+ dcerpc_binding_handle_auth_info(state->binding_handle,
+ &state->auth_type,
+ &state->auth_level);
+
+ subreq = netlogon_creds_cli_lock_send(state, state->ev,
+ state->context);
+ if (tevent_req_nomem(subreq, req)) {
+ return tevent_req_post(req, ev);
+ }
+
+ tevent_req_set_callback(subreq,
+ netlogon_creds_cli_LogonGetDomainInfo_locked,
+ req);
+
+ return req;
+}
+
+static void netlogon_creds_cli_LogonGetDomainInfo_cleanup(struct tevent_req *req,
+ NTSTATUS status)
+{
+ struct netlogon_creds_cli_LogonGetDomainInfo_state *state =
+ tevent_req_data(req,
+ struct netlogon_creds_cli_LogonGetDomainInfo_state);
+
+ if (state->creds == NULL) {
+ return;
+ }
+
+ if (!NT_STATUS_EQUAL(status, NT_STATUS_NETWORK_ACCESS_DENIED) &&
+ !NT_STATUS_EQUAL(status, NT_STATUS_IO_TIMEOUT) &&
+ !NT_STATUS_EQUAL(status, NT_STATUS_DOWNGRADE_DETECTED) &&
+ !NT_STATUS_EQUAL(status, NT_STATUS_ACCESS_DENIED) &&
+ !NT_STATUS_EQUAL(status, NT_STATUS_RPC_SEC_PKG_ERROR)) {
+ TALLOC_FREE(state->creds);
+ return;
+ }
+
+ netlogon_creds_cli_delete(state->context, state->creds);
+}
+
+static void netlogon_creds_cli_LogonGetDomainInfo_done(struct tevent_req *subreq);
+
+static void netlogon_creds_cli_LogonGetDomainInfo_locked(struct tevent_req *subreq)
+{
+ struct tevent_req *req =
+ tevent_req_callback_data(subreq,
+ struct tevent_req);
+ struct netlogon_creds_cli_LogonGetDomainInfo_state *state =
+ tevent_req_data(req,
+ struct netlogon_creds_cli_LogonGetDomainInfo_state);
+ NTSTATUS status;
+
+ status = netlogon_creds_cli_lock_recv(subreq, state,
+ &state->creds);
+ TALLOC_FREE(subreq);
+ if (tevent_req_nterror(req, status)) {
+ return;
+ }
+
+ if (state->auth_type == DCERPC_AUTH_TYPE_SCHANNEL) {
+ switch (state->auth_level) {
+ case DCERPC_AUTH_LEVEL_INTEGRITY:
+ case DCERPC_AUTH_LEVEL_PRIVACY:
+ break;
+ default:
+ tevent_req_nterror(req, NT_STATUS_INVALID_PARAMETER_MIX);
+ return;
+ }
+ } else {
+ uint32_t tmp = state->creds->negotiate_flags;
+
+ if (tmp & NETLOGON_NEG_AUTHENTICATED_RPC) {
+ /*
+ * if DCERPC_AUTH_TYPE_SCHANNEL is supported
+ * it should be used, which means
+ * we had a chance to verify no downgrade
+ * happened.
+ *
+ * This relies on netlogon_creds_cli_check*
+ * being called before, as first request after
+ * the DCERPC bind.
+ */
+ tevent_req_nterror(req, NT_STATUS_INVALID_PARAMETER_MIX);
+ return;
+ }
+ }
+
+ /*
+ * we defer all callbacks in order to cleanup
+ * the database record.
+ */
+ tevent_req_defer_callback(req, state->ev);
+
+ state->tmp_creds = *state->creds;
+ netlogon_creds_client_authenticator(&state->tmp_creds,
+ &state->req_auth);
+ ZERO_STRUCT(state->rep_auth);
+
+ subreq = dcerpc_netr_LogonGetDomainInfo_send(state, state->ev,
+ state->binding_handle,
+ state->srv_name_slash,
+ state->tmp_creds.computer_name,
+ &state->req_auth,
+ &state->rep_auth,
+ state->level,
+ state->query,
+ state->info);
+ if (tevent_req_nomem(subreq, req)) {
+ status = NT_STATUS_NO_MEMORY;
+ netlogon_creds_cli_LogonGetDomainInfo_cleanup(req, status);
+ return;
+ }
+
+ tevent_req_set_callback(subreq,
+ netlogon_creds_cli_LogonGetDomainInfo_done,
+ req);
+}
+
+static void netlogon_creds_cli_LogonGetDomainInfo_done(struct tevent_req *subreq)
+{
+ struct tevent_req *req =
+ tevent_req_callback_data(subreq,
+ struct tevent_req);
+ struct netlogon_creds_cli_LogonGetDomainInfo_state *state =
+ tevent_req_data(req,
+ struct netlogon_creds_cli_LogonGetDomainInfo_state);
+ NTSTATUS status;
+ NTSTATUS result;
+ bool ok;
+
+ /*
+ * We use state->dns_names as the memory context, as this is
+ * the only in/out variable and it has been overwritten by the
+ * out parameter from the server.
+ *
+ * We need to preserve the return value until the caller can use it.
+ */
+ status = dcerpc_netr_LogonGetDomainInfo_recv(subreq, state->info, &result);
+ TALLOC_FREE(subreq);
+ if (tevent_req_nterror(req, status)) {
+ netlogon_creds_cli_LogonGetDomainInfo_cleanup(req, status);
+ return;
+ }
+
+ ok = netlogon_creds_client_check(&state->tmp_creds,
+ &state->rep_auth.cred);
+ if (!ok) {
+ status = NT_STATUS_ACCESS_DENIED;
+ tevent_req_nterror(req, status);
+ netlogon_creds_cli_LogonGetDomainInfo_cleanup(req, status);
+ return;
+ }
+
+ if (tevent_req_nterror(req, result)) {
+ netlogon_creds_cli_LogonGetDomainInfo_cleanup(req, result);
+ return;
+ }
+
+ *state->creds = state->tmp_creds;
+ status = netlogon_creds_cli_store(state->context,
+ state->creds);
+ if (tevent_req_nterror(req, status)) {
+ netlogon_creds_cli_LogonGetDomainInfo_cleanup(req, status);
+ return;
+ }
+
+ tevent_req_done(req);
+}
+
+NTSTATUS netlogon_creds_cli_LogonGetDomainInfo_recv(struct tevent_req *req,
+ TALLOC_CTX *mem_ctx,
+ union netr_DomainInfo **info)
+{
+ struct netlogon_creds_cli_LogonGetDomainInfo_state *state =
+ tevent_req_data(req,
+ struct netlogon_creds_cli_LogonGetDomainInfo_state);
+ NTSTATUS status;
+
+ if (tevent_req_is_nterror(req, &status)) {
+ netlogon_creds_cli_LogonGetDomainInfo_cleanup(req, status);
+ tevent_req_received(req);
+ return status;
+ }
+
+ *info = talloc_move(mem_ctx, &state->info);
+
+ tevent_req_received(req);
+ return NT_STATUS_OK;
+}
+
+NTSTATUS netlogon_creds_cli_LogonGetDomainInfo(
+ struct netlogon_creds_cli_context *context,
+ struct dcerpc_binding_handle *b,
+ TALLOC_CTX *mem_ctx,
+ uint32_t level,
+ union netr_WorkstationInfo *query,
+ union netr_DomainInfo **info)
+{
+ TALLOC_CTX *frame = talloc_stackframe();
+ struct tevent_context *ev;
+ struct tevent_req *req;
+ NTSTATUS status = NT_STATUS_OK;
+
+ ev = samba_tevent_context_init(frame);
+ if (ev == NULL) {
+ goto fail;
+ }
+ req = netlogon_creds_cli_LogonGetDomainInfo_send(frame, ev, context, b,
+ level, query);
+ if (req == NULL) {
+ goto fail;
+ }
+ if (!tevent_req_poll_ntstatus(req, ev, &status)) {
+ goto fail;
+ }
+ status = netlogon_creds_cli_LogonGetDomainInfo_recv(req,
+ mem_ctx,
+ info);
+ fail:
+ TALLOC_FREE(frame);
+ return status;
+}
diff --git a/libcli/auth/netlogon_creds_cli.h b/libcli/auth/netlogon_creds_cli.h
index 56a2dd9bc77..7fb41872c36 100644
--- a/libcli/auth/netlogon_creds_cli.h
+++ b/libcli/auth/netlogon_creds_cli.h
@@ -214,4 +214,21 @@ NTSTATUS netlogon_creds_cli_SendToSam(
struct dcerpc_binding_handle *b,
struct netr_SendToSamBase *message);
+struct tevent_req *netlogon_creds_cli_LogonGetDomainInfo_send(TALLOC_CTX *mem_ctx,
+ struct tevent_context *ev,
+ struct netlogon_creds_cli_context *context,
+ struct dcerpc_binding_handle *b,
+ uint32_t level,
+ union netr_WorkstationInfo *query);
+NTSTATUS netlogon_creds_cli_LogonGetDomainInfo_recv(struct tevent_req *req,
+ TALLOC_CTX *mem_ctx,
+ union netr_DomainInfo **info);
+NTSTATUS netlogon_creds_cli_LogonGetDomainInfo(
+ struct netlogon_creds_cli_context *context,
+ struct dcerpc_binding_handle *b,
+ TALLOC_CTX *mem_ctx,
+ uint32_t level,
+ union netr_WorkstationInfo *query,
+ union netr_DomainInfo **info);
+
#endif /* NETLOGON_CREDS_CLI_H */
diff --git a/librpc/idl/drsuapi.idl b/librpc/idl/drsuapi.idl
index 448a58bcd1f..2aaae8dce59 100644
--- a/librpc/idl/drsuapi.idl
+++ b/librpc/idl/drsuapi.idl
@@ -13,7 +13,7 @@ import "security.idl", "misc.idl", "lsa.idl", "samr.idl";
]
interface drsuapi
{
- typedef bitmap samr_GroupAttrs samr_GroupAttrs;
+ typedef bitmap security_GroupAttrs security_GroupAttrs;
/* see MS-DRSR section 5.39 */
typedef [public,bitmap32bit] bitmap {
@@ -945,7 +945,7 @@ interface drsuapi
[range(0,10000)] uint32 num_memberships;
[range(0,10000)] uint32 num_sids;
[size_is(num_memberships)] drsuapi_DsReplicaObjectIdentifier **info_array;
- [size_is(num_memberships)] samr_GroupAttrs *group_attrs;
+ [size_is(num_memberships)] security_GroupAttrs *group_attrs;
[size_is(num_sids)] dom_sid28 **sids;
} drsuapi_DsGetMembershipsCtr1;
diff --git a/librpc/idl/lsa.idl b/librpc/idl/lsa.idl
index ea8a426fa01..39ed3be8262 100644
--- a/librpc/idl/lsa.idl
+++ b/librpc/idl/lsa.idl
@@ -702,14 +702,17 @@ import "misc.idl", "security.idl";
} lsa_TrustType;
typedef [public,bitmap32bit] bitmap {
- LSA_TRUST_ATTRIBUTE_NON_TRANSITIVE = 0x00000001,
- LSA_TRUST_ATTRIBUTE_UPLEVEL_ONLY = 0x00000002,
- LSA_TRUST_ATTRIBUTE_QUARANTINED_DOMAIN = 0x00000004,
- LSA_TRUST_ATTRIBUTE_FOREST_TRANSITIVE = 0x00000008,
- LSA_TRUST_ATTRIBUTE_CROSS_ORGANIZATION = 0x00000010,
- LSA_TRUST_ATTRIBUTE_WITHIN_FOREST = 0x00000020,
- LSA_TRUST_ATTRIBUTE_TREAT_AS_EXTERNAL = 0x00000040,
- LSA_TRUST_ATTRIBUTE_USES_RC4_ENCRYPTION = 0x00000080
+ LSA_TRUST_ATTRIBUTE_NON_TRANSITIVE = 0x00000001,
+ LSA_TRUST_ATTRIBUTE_UPLEVEL_ONLY = 0x00000002,
+ LSA_TRUST_ATTRIBUTE_QUARANTINED_DOMAIN = 0x00000004,
+ LSA_TRUST_ATTRIBUTE_FOREST_TRANSITIVE = 0x00000008,
+ LSA_TRUST_ATTRIBUTE_CROSS_ORGANIZATION = 0x00000010,
+ LSA_TRUST_ATTRIBUTE_WITHIN_FOREST = 0x00000020,
+ LSA_TRUST_ATTRIBUTE_TREAT_AS_EXTERNAL = 0x00000040,
+ LSA_TRUST_ATTRIBUTE_USES_RC4_ENCRYPTION = 0x00000080,
+ LSA_TRUST_ATTRIBUTE_CROSS_ORGANIZATION_NO_TGT_DELEGATION = 0x00000200,
+ LSA_TRUST_ATTRIBUTE_PIM_TRUST = 0x00000400,
+ LSA_TRUST_ATTRIBUTE_CROSS_ORGANIZATION_ENABLE_TGT_DELEGATION = 0x00000800
} lsa_TrustAttributes;
typedef struct {
diff --git a/librpc/idl/netlogon.idl b/librpc/idl/netlogon.idl
index b4474f7ec49..ae5e33aea40 100644
--- a/librpc/idl/netlogon.idl
+++ b/librpc/idl/netlogon.idl
@@ -29,7 +29,7 @@ cpp_quote("#define ENC_HMAC_SHA1_96_AES256 KERB_ENCTYPE_AES256_CTS_HMAC_SHA1_96"
interface netlogon
{
typedef bitmap samr_AcctFlags samr_AcctFlags;
- typedef bitmap samr_GroupAttrs samr_GroupAttrs;
+ typedef bitmap security_GroupAttrs security_GroupAttrs;
typedef enum netr_DeltaEnum8Bit netr_DeltaEnum8Bit;
typedef enum netr_SamDatabaseID8Bit netr_SamDatabaseID8Bit;
@@ -274,7 +274,7 @@ interface netlogon
typedef [public] struct {
dom_sid2 *sid;
- samr_GroupAttrs attributes;
+ security_GroupAttrs attributes;
} netr_SidAttr;
typedef [public] struct {
@@ -1347,9 +1347,10 @@ interface netlogon
actually encodes this structure as a UNICODE_STRING
- see MS-NRPC section 2.2.1.3.9 */
/* 142 * 2 = 284 (length of structure "netr_OsVersionInfoEx") */
- [value(142)] uint32 length;
- [value(0)] uint32 dummy;
- [value(142)] uint32 size;
+ [value(142)] uint3264 length;
+ [value(0)] uint3264 dummy;
+ [value(142)] uint3264 size;
+ [subcontext(0),subcontext_size(size*2)]
netr_OsVersionInfoEx os;
} netr_OsVersion;
@@ -1385,21 +1386,27 @@ interface netlogon
} netr_WorkstationInfo;
typedef struct {
- /* these first 3 values come from the fact windows
- actually encodes this structure as a UNICODE_STRING
- - see MS-NRPC section 2.2.1.3.9 */
- [value(8)] uint32 length;
- [value(0)] uint32 dummy;
- [value(8)] uint32 size;
netr_TrustFlags flags;
uint32 parent_index;
lsa_TrustType trust_type;
lsa_TrustAttributes trust_attributes;
+ } netr_trust_extension_info;
+
+ typedef struct {
+ /* these first 3 values come from the fact windows
+ actually encodes this structure as a UNICODE_STRING
+ - see MS-NRPC section 2.2.1.3.9 */
+ [value(8)] uint3264 length;
+ [value(0)] uint3264 dummy;
+ [value(8)] uint3264 size;
+ [subcontext(0),subcontext_size(size*2)]
+ netr_trust_extension_info info;
} netr_trust_extension;
typedef struct {
- uint16 length; /* value is 16 when info != NULL, otherwise 0 */
- [value(length)] uint16 size; /* value is 16 when info != NULL, otherwise 0 */
+ /* value is 16 when info != NULL, otherwise 0 */
+ [value(info == NULL ? 0 : 16)] uint16 length;
+ [value(info == NULL ? 0 : 16)] uint16 size;
netr_trust_extension *info;
} netr_trust_extension_container;
@@ -1439,7 +1446,7 @@ interface netlogon
[case(2)] netr_LsaPolicyInformation *lsa_policy_info;
} netr_DomainInfo;
- NTSTATUS netr_LogonGetDomainInfo(
+ [public] NTSTATUS netr_LogonGetDomainInfo(
[in] [string,charset(UTF16)] uint16 *server_name,
[in,unique] [string,charset(UTF16)] uint16 *computer_name,
[in,ref] netr_Authenticator *credential,
diff --git a/librpc/idl/samr.idl b/librpc/idl/samr.idl
index b9d1d34ae33..867862dcd5c 100644
--- a/librpc/idl/samr.idl
+++ b/librpc/idl/samr.idl
@@ -16,6 +16,7 @@ import "misc.idl", "lsa.idl", "security.idl";
] interface samr
{
typedef bitmap security_secinfo security_secinfo;
+ typedef bitmap security_GroupAttrs security_GroupAttrs;
--
Samba Shared Repository
More information about the samba-cvs
mailing list