r4277: - added server support for lsa_EnumAccounts()

- expanded the lsa test suite to better test lsa_EnumAccounts()
(This used to be commit bafdb1772977d98fd57bb31a328af7cb1deee788)

diff --git a/source4/rpc_server/lsa/dcesrv_lsa.c b/source4/rpc_server/lsa/dcesrv_lsa.c
index f184c97db8befe135e903cd14ae5ddac81a05f47..f784837d1a0ba8d7cfbb800dd9d4eb61cda0bd35 100644 (file)
--- a/source4/rpc_server/lsa/dcesrv_lsa.c
+++ b/source4/rpc_server/lsa/dcesrv_lsa.c
@@ -44,6 +44,7 @@ struct lsa_policy_state {
        struct sidmap_context *sidmap;
        uint32_t access_mask;
        const char *domain_dn;
+       const char *builtin_dn;
        const char *domain_name;
        struct dom_sid *domain_sid;
        struct dom_sid *builtin_sid;
@@ -225,6 +226,15 @@ static NTSTATUS lsa_OpenPolicy2(struct dcesrv_call_state *dce_call, TALLOC_CTX *
                return NT_STATUS_NO_SUCH_DOMAIN;                
        }
 
+       /* work out the builtin_dn - useful for so many calls its worth
+          fetching here */
+       state->builtin_dn = samdb_search_string(state->sam_ctx, state, NULL,
+                                               "dn", "objectClass=builtinDomain");
+       if (!state->builtin_dn) {
+               talloc_free(state);
+               return NT_STATUS_NO_SUCH_DOMAIN;                
+       }
+
        sid_str = samdb_search_string(state->sam_ctx, state, NULL,
                                      "objectSid", "dn=%s", state->domain_dn);
        if (!sid_str) {
@@ -427,7 +437,58 @@ static NTSTATUS lsa_CreateAccount(struct dcesrv_call_state *dce_call, TALLOC_CTX
 static NTSTATUS lsa_EnumAccounts(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
                                 struct lsa_EnumAccounts *r)
 {
-       DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
+       struct dcesrv_handle *h;
+       struct lsa_policy_state *state;
+       int ret, i;
+       struct ldb_message **res;
+       const char * const attrs[] = { "objectSid", NULL};
+       uint32_t count;
+
+       DCESRV_PULL_HANDLE(h, r->in.handle, LSA_HANDLE_POLICY);
+
+       state = h->data;
+
+       ret = samdb_search(state->sam_ctx, mem_ctx, state->builtin_dn, &res, attrs, "objectClass=group");
+       if (ret <= 0) {
+               return NT_STATUS_NO_SUCH_USER;
+       }
+
+       if (*r->in.resume_handle >= ret) {
+               return NT_STATUS_NO_MORE_ENTRIES;
+       }
+
+       count = ret - *r->in.resume_handle;
+       if (count > r->in.num_entries) {
+               count = r->in.num_entries;
+       }
+
+       if (count == 0) {
+               return NT_STATUS_NO_MORE_ENTRIES;
+       }
+
+       r->out.sids->sids = talloc_array_p(r->out.sids, struct lsa_SidPtr, count);
+       if (r->out.sids->sids == NULL) {
+               return NT_STATUS_NO_MEMORY;
+       }
+
+       for (i=0;i<count;i++) {
+               const char *sidstr;
+
+               sidstr = samdb_result_string(res[i + *r->in.resume_handle], "objectSid", NULL);
+               if (sidstr == NULL) {
+                       return NT_STATUS_NO_MEMORY;
+               }
+               r->out.sids->sids[i].sid = dom_sid_parse_talloc(r->out.sids->sids, sidstr);
+               if (r->out.sids->sids[i].sid == NULL) {
+                       return NT_STATUS_NO_MEMORY;
+               }
+       }
+
+       r->out.sids->num_sids = count;
+       *r->out.resume_handle = count + *r->in.resume_handle;
+
+       return NT_STATUS_OK;
+       
 }
 
 

diff --git a/source4/torture/rpc/lsa.c b/source4/torture/rpc/lsa.c
index 84fd246538a5fcd2f1187d38d9d5219db8fa48f2..3b7635f13b656a6ac883c2ddfa5deec17583c1dc 100644 (file)
--- a/source4/torture/rpc/lsa.c
+++ b/source4/torture/rpc/lsa.c
@@ -702,26 +702,31 @@ static BOOL test_EnumAccounts(struct dcerpc_pipe *p,
        r.out.sids = &sids1;
 
        resume_handle = 0;
-       status = dcerpc_lsa_EnumAccounts(p, mem_ctx, &r);
-       if (!NT_STATUS_IS_OK(status)) {
-               printf("EnumAccounts failed - %s\n", nt_errstr(status));
-               return False;
-       }
+       while (True) {
+               status = dcerpc_lsa_EnumAccounts(p, mem_ctx, &r);
+               if (NT_STATUS_EQUAL(status, NT_STATUS_NO_MORE_ENTRIES)) {
+                       break;
+               }
+               if (!NT_STATUS_IS_OK(status)) {
+                       printf("EnumAccounts failed - %s\n", nt_errstr(status));
+                       return False;
+               }
 
-       if (!test_LookupSids(p, mem_ctx, handle, &sids1)) {
-               return False;
-       }
+               if (!test_LookupSids(p, mem_ctx, handle, &sids1)) {
+                       return False;
+               }
 
-       if (!test_LookupSids2(p, mem_ctx, handle, &sids1)) {
-               return False;
-       }
+               if (!test_LookupSids2(p, mem_ctx, handle, &sids1)) {
+                       return False;
+               }
 
-       printf("testing all accounts\n");
-       for (i=0;i<sids1.num_sids;i++) {
-               test_OpenAccount(p, mem_ctx, handle, sids1.sids[i].sid);
-               test_EnumAccountRights(p, mem_ctx, handle, sids1.sids[i].sid);
+               printf("testing all accounts\n");
+               for (i=0;i<sids1.num_sids;i++) {
+                       test_OpenAccount(p, mem_ctx, handle, sids1.sids[i].sid);
+                       test_EnumAccountRights(p, mem_ctx, handle, sids1.sids[i].sid);
+               }
+               printf("\n");
        }
-       printf("\n");
 
        if (sids1.num_sids < 3) {
                return True;