sizeof(ninfo.challenge));
if (nt_hash) {
ninfo.nt.length = 24;
- ninfo.nt.data = talloc(mem_ctx, 24);
+ ninfo.nt.data = talloc_size(mem_ctx, 24);
SMBOWFencrypt(nt_hash->hash, ninfo.challenge, ninfo.nt.data);
} else {
ninfo.nt.length = 0;
if (lm_hash) {
ninfo.lm.length = 24;
- ninfo.lm.data = talloc(mem_ctx, 24);
+ ninfo.lm.data = talloc_size(mem_ctx, 24);
SMBOWFencrypt(lm_hash->hash, ninfo.challenge, ninfo.lm.data);
} else {
ninfo.lm.length = 0;
}
o.in.connect_handle = samsync_state->connect_handle;
- o.in.access_mask = SEC_RIGHTS_MAXIMUM_ALLOWED;
+ o.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
o.in.sid = l.out.sid;
o.out.domain_handle = domain_handle;
} \
} while (0)
+#define TEST_SID_EQUAL(s1, s2) do {\
+ if (!dom_sid_equal(s1, s2)) {\
+ printf("dom_sid mismatch: " #s1 ":%s != " #s2 ": %s\n", \
+ dom_sid_string(mem_ctx, s1), dom_sid_string(mem_ctx, s2));\
+ ret = False;\
+ } \
+} while (0)
+
/* The ~SEC_DESC_SACL_PRESENT is because we don't, as administrator,
* get back the SACL part of the SD when we ask over SAMR */
}
r.in.domain_handle = samsync_state->domain_handle[database_id];
- r.in.access_mask = SEC_RIGHTS_MAXIMUM_ALLOWED;
+ r.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
r.in.rid = rid;
r.out.user_handle = &user_handle;
TEST_INT_EQUAL(q.out.info->info21.logon_hours.units_per_week,
user->logon_hours.units_per_week);
if (ret) {
- if (memcmp(q.out.info->info21.logon_hours.bitmap, user->logon_hours.bitmap,
+ if (memcmp(q.out.info->info21.logon_hours.bits, user->logon_hours.bits,
q.out.info->info21.logon_hours.units_per_week/8) != 0) {
printf("Logon hours mismatch\n");
ret = False;
} else if (NT_STATUS_IS_OK(nt_status)) {
TEST_INT_EQUAL(user->rid, info3->base.rid);
TEST_INT_EQUAL(user->primary_gid, info3->base.primary_gid);
- TEST_INT_EQUAL(user->acct_flags, info3->base.acct_flags);
- TEST_STRING_EQUAL(user->account_name, info3->base.account_name);
+ /* this is 0x0 from NT4 sp6 */
+ if (info3->base.acct_flags) {
+ TEST_INT_EQUAL(user->acct_flags, info3->base.acct_flags);
+ }
+ /* this is NULL from NT4 sp6 */
+ if (info3->base.account_name.string) {
+ TEST_STRING_EQUAL(user->account_name, info3->base.account_name);
+ }
TEST_STRING_EQUAL(user->full_name, info3->base.full_name);
TEST_STRING_EQUAL(user->logon_script, info3->base.logon_script);
TEST_STRING_EQUAL(user->profile_path, info3->base.profile_path);
* doco I read -- abartlet) */
/* This copes with the two different versions of 0 I see */
+ /* with NT4 sp6 we have the || case */
if (!((user->last_logoff == 0)
- && (info3->base.last_logoff == 0x7fffffffffffffffLL))) {
+ || (info3->base.last_logoff == 0x7fffffffffffffffLL))) {
TEST_TIME_EQUAL(user->last_logoff, info3->base.last_logoff);
}
return ret;
}
r.in.domain_handle = samsync_state->domain_handle[database_id];
- r.in.access_mask = SEC_RIGHTS_MAXIMUM_ALLOWED;
+ r.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
r.in.rid = rid;
r.out.alias_handle = &alias_handle;
}
r.in.domain_handle = samsync_state->domain_handle[database_id];
- r.in.access_mask = SEC_RIGHTS_MAXIMUM_ALLOWED;
+ r.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
r.in.rid = rid;
r.out.group_handle = &group_handle;
DLIST_ADD(samsync_state->secrets, new);
o.in.handle = samsync_state->lsa_handle;
- o.in.access_mask = SEC_RIGHTS_MAXIMUM_ALLOWED;
+ o.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
o.in.name.string = name;
o.out.sec_handle = &sec_handle;
return False;
}
- TEST_SEC_DESC_EQUAL(secret->sdbuf, lsa, &sec_handle);
-
+/*
+ We would like to do this, but it is NOT_SUPPORTED on win2k3
+ TEST_SEC_DESC_EQUAL(secret->sdbuf, lsa, &sec_handle);
+*/
status = dcerpc_fetch_session_key(samsync_state->p_lsa, &session_key);
if (!NT_STATUS_IS_OK(status)) {
printf("dcerpc_fetch_session_key failed - %s\n", nt_errstr(status));
struct lsa_OpenTrustedDomain t;
struct policy_handle trustdom_handle;
struct lsa_QueryTrustedDomainInfo q;
- union lsa_TrustedDomainInfo *info[4];
- int levels [] = {1, 3};
+ union lsa_TrustedDomainInfo *info[9];
+ int levels [] = {1, 3, 8};
int i;
new->name = talloc_reference(new, trusted_domain->domain_name.string);
new->sid = talloc_reference(new, dom_sid);
t.in.handle = samsync_state->lsa_handle;
- t.in.access_mask = SEC_RIGHTS_MAXIMUM_ALLOWED;
+ t.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
t.in.sid = dom_sid;
t.out.trustdom_handle = &trustdom_handle;
q.in.level = levels[i];
status = dcerpc_lsa_QueryTrustedDomainInfo(samsync_state->p_lsa, mem_ctx, &q);
if (!NT_STATUS_IS_OK(status)) {
+ if (q.in.level == 8 && NT_STATUS_EQUAL(status,NT_STATUS_INVALID_PARAMETER)) {
+ info[levels[i]] = NULL;
+ continue;
+ }
printf("QueryInfoTrustedDomain level %d failed - %s\n",
levels[i], nt_errstr(status));
return False;
info[levels[i]] = q.out.info;
}
- TEST_STRING_EQUAL(info[1]->info1.domain_name, trusted_domain->domain_name);
- TEST_INT_EQUAL(info[3]->info3.flags, trusted_domain->flags);
+ if (info[8]) {
+ TEST_SID_EQUAL(info[8]->full_info.info_ex.sid, dom_sid);
+ TEST_STRING_EQUAL(info[8]->full_info.info_ex.netbios_name, trusted_domain->domain_name);
+ }
+ TEST_STRING_EQUAL(info[1]->name.netbios_name, trusted_domain->domain_name);
+ TEST_INT_EQUAL(info[3]->flags.flags, trusted_domain->flags);
+/*
+ We would like to do this, but it is NOT_SUPPORTED on win2k3
TEST_SEC_DESC_EQUAL(trusted_domain->sdbuf, lsa, &trustdom_handle);
-
+*/
DLIST_ADD(samsync_state->trusted_domains, new);
return ret;
BOOL *found_priv_in_lsa;
a.in.handle = samsync_state->lsa_handle;
- a.in.access_mask = SEC_RIGHTS_MAXIMUM_ALLOWED;
+ a.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
a.in.sid = dom_sid;
a.out.acct_handle = &acct_handle;
TEST_SEC_DESC_EQUAL(account->sdbuf, lsa, &acct_handle);
- found_priv_in_lsa = talloc_zero_array_p(mem_ctx, BOOL, account->privilege_entries);
+ found_priv_in_lsa = talloc_zero_array(mem_ctx, BOOL, account->privilege_entries);
e.in.handle = &acct_handle;
status = dcerpc_netr_DatabaseDeltas(samsync_state->p, mem_ctx, &r);
if (!NT_STATUS_IS_OK(status) &&
- !NT_STATUS_EQUAL(status, STATUS_MORE_ENTRIES)) {
+ !NT_STATUS_EQUAL(status, STATUS_MORE_ENTRIES) &&
+ !NT_STATUS_EQUAL(status, NT_STATUS_SYNCHRONIZATION_REQUIRED)) {
printf("DatabaseDeltas - %s\n", nt_errstr(status));
ret = False;
break;
samsync_state->connect_handle = talloc_zero_p(samsync_state, struct policy_handle);
samsync_state->lsa_handle = talloc_zero_p(samsync_state, struct policy_handle);
c.in.system_name = NULL;
- c.in.access_mask = SEC_RIGHTS_MAXIMUM_ALLOWED;
+ c.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
c.out.connect_handle = samsync_state->connect_handle;
status = dcerpc_samr_Connect(samsync_state->p_samr, mem_ctx, &c);
r.in.system_name = "\\";
r.in.attr = &attr;
- r.in.access_mask = SEC_RIGHTS_MAXIMUM_ALLOWED;
+ r.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
r.out.handle = samsync_state->lsa_handle;
status = dcerpc_lsa_OpenPolicy2(samsync_state->p_lsa, mem_ctx, &r);
}
b.flags &= ~DCERPC_AUTH_OPTIONS;
- b.flags |= DCERPC_SCHANNEL_BDC | DCERPC_SIGN | DCERPC_SCHANNEL_128;
+ b.flags |= DCERPC_SCHANNEL_BDC | DCERPC_SIGN;
status = dcerpc_pipe_connect_b(&samsync_state->p, &b,
DCERPC_NETLOGON_UUID,
goto failed;
}
- status = dcerpc_schannel_creds(samsync_state->p->security_state.generic_state, mem_ctx, &samsync_state->creds);
+ status = dcerpc_schannel_creds(samsync_state->p->conn->security_state.generic_state, mem_ctx, &samsync_state->creds);
if (!NT_STATUS_IS_OK(status)) {
ret = False;
}
}
b_netlogon_wksta.flags &= ~DCERPC_AUTH_OPTIONS;
- b_netlogon_wksta.flags |= DCERPC_SCHANNEL_WORKSTATION | DCERPC_SIGN | DCERPC_SCHANNEL_128;
+ b_netlogon_wksta.flags |= DCERPC_SCHANNEL_WORKSTATION | DCERPC_SIGN;
status = dcerpc_pipe_connect_b(&samsync_state->p_netlogon_wksta, &b_netlogon_wksta,
DCERPC_NETLOGON_UUID,
goto failed;
}
- status = dcerpc_schannel_creds(samsync_state->p_netlogon_wksta->security_state.generic_state, mem_ctx, &samsync_state->creds_netlogon_wksta);
+ status = dcerpc_schannel_creds(samsync_state->p_netlogon_wksta->conn->security_state.generic_state,
+ mem_ctx, &samsync_state->creds_netlogon_wksta);
if (!NT_STATUS_IS_OK(status)) {
ret = False;
}