Commit c9d929af authored by Andrew Bartlett's avatar Andrew Bartlett

s4-lsarpc handle more info levels in SetInfoTrustedDomain calls

This uses the very helpful conversion functions written for the s3 lsa server
and places these in common.

Andrew Bartlett
parent c79db400
......@@ -2,7 +2,7 @@
bld.SAMBA_LIBRARY('cliauth',
source='',
deps='NTLMSSP_COMMON MSRPC_PARSE LIBCLI_AUTH COMMON_SCHANNEL PAM_ERRORS SPNEGO_PARSE KRB5_WRAP errors NTLM_CHECK',
deps='NTLMSSP_COMMON MSRPC_PARSE LIBCLI_AUTH COMMON_SCHANNEL PAM_ERRORS SPNEGO_PARSE KRB5_WRAP errors NTLM_CHECK UTIL_LSARPC',
private_library=True,
grouping_library=True)
......
......@@ -20,7 +20,7 @@
#include "includes.h"
#include "../librpc/gen_ndr/ndr_drsblobs.h"
#include "../librpc/gen_ndr/ndr_lsa.h"
#include "rpc_client/util_lsarpc.h"
#include "libcli/lsarpc/util_lsarpc.h"
static NTSTATUS ai_array_2_trust_domain_info_buffer(TALLOC_CTX *mem_ctx,
uint32_t count,
......@@ -186,9 +186,9 @@ NTSTATUS auth_blob_2_auth_info(TALLOC_CTX *mem_ctx,
}
static NTSTATUS trust_domain_info_buffer_2_ai_array(TALLOC_CTX *mem_ctx,
uint32_t count,
struct lsa_TrustDomainInfoBuffer *b,
struct AuthenticationInformationArray *ai)
uint32_t count,
struct lsa_TrustDomainInfoBuffer *b,
struct AuthenticationInformationArray *ai)
{
NTSTATUS status;
int i;
......@@ -250,11 +250,11 @@ fail:
return status;
}
static NTSTATUS auth_info_2_trustauth_inout_blob(TALLOC_CTX *mem_ctx,
NTSTATUS auth_info_2_trustauth_inout(TALLOC_CTX *mem_ctx,
uint32_t count,
struct lsa_TrustDomainInfoBuffer *current,
struct lsa_TrustDomainInfoBuffer *previous,
DATA_BLOB *inout_blob)
struct trustAuthInOutBlob **iopw_out)
{
NTSTATUS status;
struct trustAuthInOutBlob *iopw;
......@@ -284,6 +284,30 @@ static NTSTATUS auth_info_2_trustauth_inout_blob(TALLOC_CTX *mem_ctx,
iopw->previous.array = NULL;
}
*iopw_out = iopw;
status = NT_STATUS_OK;
done:
return status;
}
static NTSTATUS auth_info_2_trustauth_inout_blob(TALLOC_CTX *mem_ctx,
uint32_t count,
struct lsa_TrustDomainInfoBuffer *current,
struct lsa_TrustDomainInfoBuffer *previous,
DATA_BLOB *inout_blob)
{
NTSTATUS status;
struct trustAuthInOutBlob *iopw = NULL;
enum ndr_err_code ndr_err;
status = auth_info_2_trustauth_inout(mem_ctx, count, current, previous, &iopw);
if (!NT_STATUS_IS_OK(status)) {
goto done;
}
ndr_err = ndr_push_struct_blob(inout_blob, mem_ctx,
iopw,
(ndr_push_flags_fn_t)ndr_push_trustAuthInOutBlob);
......
......@@ -17,16 +17,21 @@
along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
#ifndef _RPC_CLIENT_UTIL_LSARPC_H_
#define _RPC_CLIENT_UTIL_LSARPC_H_
#ifndef _LIBCLI_AUTH_UTIL_LSARPC_H_
#define _LIBCLI_AUTH_UTIL_LSARPC_H_
/* The following definitions come from rpc_client/util_lsarpc.c */
/* The following definitions come from libcli/auth/util_lsarpc.c */
NTSTATUS auth_blob_2_auth_info(TALLOC_CTX *mem_ctx,
DATA_BLOB incoming, DATA_BLOB outgoing,
struct lsa_TrustDomainInfoAuthInfo *auth_info);
NTSTATUS auth_info_2_trustauth_inout(TALLOC_CTX *mem_ctx,
uint32_t count,
struct lsa_TrustDomainInfoBuffer *current,
struct lsa_TrustDomainInfoBuffer *previous,
struct trustAuthInOutBlob **iopw_out);
NTSTATUS auth_info_2_auth_blob(TALLOC_CTX *mem_ctx,
struct lsa_TrustDomainInfoAuthInfo *auth_info,
DATA_BLOB *incoming, DATA_BLOB *outgoing);
#endif /* _RPC_CLIENT_UTIL_LSARPC_H_ */
#endif /* _LIBCLI_AUTH_UTIL_LSARPC_H_ */
#!/usr/bin/env python
bld.SAMBA_SUBSYSTEM('UTIL_LSARPC',
source='util_lsarpc.c',
deps='NDR_LSA');
......@@ -106,4 +106,4 @@
^samba4.ldap.acl.*.AclSearchTests.test_search4$ # ACL search behaviour not enabled by default
^samba4.ldap.acl.*.AclSearchTests.test_search5$ # ACL search behaviour not enabled by default
^samba4.ldap.acl.*.AclSearchTests.test_search6$ # ACL search behaviour not enabled by default
^samba4.rpc.lsa.forest # Not fully provided by Samba 4
^samba4.rpc.lsa.forest.trust #Not fully provided by Samba4
......@@ -704,7 +704,7 @@ DCE_RPC_EP_OBJ = librpc/rpc/dcerpc_ep.o
RPC_LSARPC_OBJ = rpc_server/lsa/srv_lsa_nt.o \
librpc/gen_ndr/srv_lsa.o \
rpc_client/util_lsarpc.o
../libcli/lsarpc/util_lsarpc.o
RPC_NETLOGON_OBJ = rpc_server/netlogon/srv_netlog_nt.o \
librpc/gen_ndr/srv_netlogon.o
......@@ -1271,7 +1271,7 @@ SMBTORTURE_OBJ = $(SMBTORTURE_OBJ1) $(PARAM_OBJ) $(TLDAP_OBJ) \
@LIBWBCLIENT_STATIC@ \
torture/wbc_async.o \
../nsswitch/wb_reqtrans.o \
rpc_client/util_lsarpc.o \
../libcli/lsarpc/util_lsarpc.o \
$(LIBMSRPC_OBJ) $(LIBMSRPC_GEN_OBJ) $(LIBCLI_ECHO_OBJ)
MASKTEST_OBJ = torture/masktest.o $(PARAM_OBJ) $(LIBSMB_OBJ) $(KRBCLIENT_OBJ) \
......
......@@ -48,7 +48,7 @@
#include "rpc_server/srv_access_check.h"
#include "../librpc/gen_ndr/ndr_wkssvc.h"
#include "../libcli/auth/libcli_auth.h"
#include "rpc_client/util_lsarpc.h"
#include "../libcli/lsarpc/util_lsarpc.h"
#undef DBGC_CLASS
#define DBGC_CLASS DBGC_RPC_SRV
......
......@@ -21,7 +21,7 @@
#include "includes.h"
#include "torture/proto.h"
#include "librpc/gen_ndr/lsa.h"
#include "rpc_client/util_lsarpc.h"
#include "libcli/lsarpc/util_lsarpc.h"
static bool cmp_TrustDomainInfoBuffer(struct lsa_TrustDomainInfoBuffer a,
struct lsa_TrustDomainInfoBuffer b)
......
......@@ -32,7 +32,7 @@ DRSUAPI_SRC = '''${COMPRESSION_SRC}'''
LIBCLI_SPOOLSS_SRC = '''rpc_client/cli_spoolss.c
rpc_client/init_spoolss.c'''
LIBCLI_LSA_SRC = '''rpc_client/cli_lsarpc.c rpc_client/util_lsarpc.c'''
LIBCLI_LSA_SRC = '''rpc_client/cli_lsarpc.c'''
LIBCLI_SAMR_SRC = 'rpc_client/cli_samr.c'
......@@ -1077,7 +1077,7 @@ bld.SAMBA3_SUBSYSTEM('LIBCLI_SAMR',
bld.SAMBA3_LIBRARY('libcli_lsa3',
source=LIBCLI_LSA_SRC,
deps='RPC_NDR_LSA INIT_LSA',
deps='RPC_NDR_LSA INIT_LSA UTIL_LSARPC',
private_library=True)
bld.SAMBA3_LIBRARY('libcli_netlogon3',
......
......@@ -32,6 +32,7 @@
#include "dsdb/common/util.h"
#include "libcli/security/session.h"
#include "kdc/kdc-policy.h"
#include "libcli/lsarpc/util_lsarpc.h"
/*
this type allows us to distinguish handle types
......@@ -1601,7 +1602,7 @@ static NTSTATUS setInfoTrustedDomain_base(struct dcesrv_call_state *dce_call,
uint32_t *enc_types = NULL;
DATA_BLOB trustAuthIncoming, trustAuthOutgoing, auth_blob;
struct trustDomainPasswords auth_struct;
struct AuthenticationInformationArray *current_passwords = NULL;
struct trustAuthInOutBlob *current_passwords = NULL;
NTSTATUS nt_status;
struct ldb_message **msgs;
struct ldb_message *msg;
......@@ -1644,8 +1645,23 @@ static NTSTATUS setInfoTrustedDomain_base(struct dcesrv_call_state *dce_call,
}
if (auth_info) {
/* FIXME: not handled yet */
return NT_STATUS_INVALID_PARAMETER;
nt_status = auth_info_2_auth_blob(mem_ctx, auth_info,
&trustAuthIncoming,
&trustAuthOutgoing);
if (!NT_STATUS_IS_OK(nt_status)) {
return nt_status;
}
if (trustAuthIncoming.data) {
/* This does the decode of some of this twice, but it is easier that way */
nt_status = auth_info_2_trustauth_inout(mem_ctx,
auth_info->incoming_count,
auth_info->incoming_current_auth_info,
NULL,
&current_passwords);
if (!NT_STATUS_IS_OK(nt_status)) {
return nt_status;
}
}
}
/* decode auth_info_int if set */
......
......@@ -93,7 +93,7 @@ bld.SAMBA_MODULE('dcerpc_lsarpc',
autoproto='lsa/proto.h',
subsystem='dcerpc_server',
init_function='dcerpc_server_lsa_init',
deps='samdb DCERPC_COMMON ndr-standard LIBCLI_AUTH NDR_DSSETUP com_err security kdc-policy'
deps='samdb DCERPC_COMMON ndr-standard LIBCLI_AUTH NDR_DSSETUP com_err security kdc-policy UTIL_LSARPC'
)
......
......@@ -102,6 +102,7 @@ bld.RECURSE('libcli/ldap')
bld.RECURSE('libcli/nbt')
bld.RECURSE('libcli/netlogon')
bld.RECURSE('libcli/auth')
bld.RECURSE('libcli/lsarpc')
bld.RECURSE('libcli/drsuapi')
bld.RECURSE('libcli/echo')
bld.RECURSE('libcli/samsync')
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment