#define LSA_ENUM_TRUST_DOMAIN_MULTIPLIER ( 60 )
#define LSA_REF_DOMAIN_LIST_MULTIPLIER ( 32 )
-#define MAX_REF_DOMAINS ( LSA_REF_DOMAIN_LIST_MULTIPLIER )
-#define MAX_LOOKUP_SIDS ( 0x5000 )
#define LSA_ENUM_TRUST_DOMAIN_EX_MULTIPLIER ( 82 )
#define LSA_CLIENT_REVISION_NO_DNS ( 0x00000001 )
#define LSA_CLIENT_REVISION_DNS ( 0x00000002 )
} lsa_TransSidArray;
const int LSA_REF_DOMAIN_LIST_MULTIPLIER = 32;
- const int MAX_REF_DOMAINS = LSA_REF_DOMAIN_LIST_MULTIPLIER;
-
typedef struct {
[range(0,1000)] uint32 count;
[size_is(count)] lsa_DomainInfo *domains;
[size_is(count)] lsa_TranslatedName *names;
} lsa_TransNameArray;
- /* This number is based on Win2k and later maximum response allowed */
- const int MAX_LOOKUP_SIDS = 0x5000; /* 20480 */
-
- [public] NTSTATUS lsa_LookupSids (
+ [public] NTSTATUS lsa_LookupSids(
[in] policy_handle *handle,
[in,ref] lsa_SidArray *sids,
[out,ref] lsa_RefDomainList **domains,
}
dom_infos = TALLOC_ZERO_ARRAY(mem_ctx, struct lsa_dom_info,
- MAX_REF_DOMAINS);
+ LSA_REF_DOMAIN_LIST_MULTIPLIER);
if (dom_infos == NULL) {
result = NT_STATUS_NO_MEMORY;
goto fail;
continue;
}
- for (j=0; j<MAX_REF_DOMAINS; j++) {
+ for (j=0; j<LSA_REF_DOMAIN_LIST_MULTIPLIER; j++) {
if (!dom_infos[j].valid) {
break;
}
}
}
- if (j == MAX_REF_DOMAINS) {
+ if (j == LSA_REF_DOMAIN_LIST_MULTIPLIER) {
/* TODO: What's the right error message here? */
result = NT_STATUS_NONE_MAPPED;
goto fail;
/* Iterate over the domains found */
- for (i=0; i<MAX_REF_DOMAINS; i++) {
+ for (i=0; i<LSA_REF_DOMAIN_LIST_MULTIPLIER; i++) {
uint32_t *rids;
const char *domain_name = NULL;
const char **names;
#undef DBGC_CLASS
#define DBGC_CLASS DBGC_RPC_SRV
+#define MAX_LOOKUP_SIDS 0x5000 /* 20480 */
+
extern PRIVS privs[];
struct lsa_info {
num = ref->count;
}
- if (num >= MAX_REF_DOMAINS) {
+ if (num >= LSA_REF_DOMAIN_LIST_MULTIPLIER) {
/* index not found, already at maximum domain limit */
return -1;
}
ref->count = num + 1;
- ref->max_size = MAX_REF_DOMAINS;
+ ref->max_size = LSA_REF_DOMAIN_LIST_MULTIPLIER;
ref->domains = TALLOC_REALLOC_ARRAY(mem_ctx, ref->domains,
struct lsa_DomainInfo, ref->count);
return NT_STATUS_NO_MEMORY;
}
- for (i=0; i<MAX_REF_DOMAINS; i++) {
+ for (i=0; i<LSA_REF_DOMAIN_LIST_MULTIPLIER; i++) {
if (!dom_infos[i].valid) {
break;
struct lsa_LookupSids r;
struct lsa_TransNameArray names;
struct lsa_SidArray sids;
+ struct lsa_RefDomainList *domains = NULL;
uint32_t count = 1;
NTSTATUS status;
struct dom_sid *sid;
r.in.count = &count;
r.out.count = &count;
r.out.names = &names;
+ r.out.domains = &domains;
status = dcerpc_lsa_LookupSids(cli->lsa->pipe, mem_ctx2, &r);
if (!NT_STATUS_IS_OK(status)) {
}
(*name) = talloc_asprintf(mem_ctx, "%s\\%s",
- r.out.domains->domains[0].name.string,
+ domains->domains[0].name.string,
names.names[0].name.string);
talloc_free(mem_ctx2);
[size_is(count)] lsa_TranslatedName *names;
} lsa_TransNameArray;
- [public] NTSTATUS lsa_LookupSids (
+ [public] NTSTATUS lsa_LookupSids(
[in] policy_handle *handle,
- [in] lsa_SidArray *sids,
- [out,unique] lsa_RefDomainList *domains,
- [in,out] lsa_TransNameArray *names,
+ [in,ref] lsa_SidArray *sids,
+ [out,ref] lsa_RefDomainList **domains,
+ [in,out,ref] lsa_TransNameArray *names,
[in] uint16 level,
- [in,out] uint32 *count
+ [in,out,ref] uint32 *count
);
[public] NTSTATUS lsa_LookupSids2(
[in] policy_handle *handle,
- [in] lsa_SidArray *sids,
- [out,unique] lsa_RefDomainList *domains,
- [in,out] lsa_TransNameArray2 *names,
+ [in,ref] lsa_SidArray *sids,
+ [out,ref] lsa_RefDomainList **domains,
+ [in,out,ref] lsa_TransNameArray2 *names,
[in] uint16 level,
- [in,out] uint32 *count,
+ [in,out,ref] uint32 *count,
[in] uint32 unknown1,
[in] uint32 unknown2
);
/* Function 0x4c */
[public] NTSTATUS lsa_LookupSids3(
- [in] lsa_SidArray *sids,
- [out,unique] lsa_RefDomainList *domains,
- [in,out] lsa_TransNameArray2 *names,
+ [in,ref] lsa_SidArray *sids,
+ [out,ref] lsa_RefDomainList **domains,
+ [in,out,ref] lsa_TransNameArray2 *names,
[in] uint16 level,
- [in,out] uint32 *count,
+ [in,out,ref] uint32 *count,
[in] uint32 unknown1,
[in] uint32 unknown2
);
struct lsa_LookupSids2 *r)
{
struct lsa_policy_state *state;
+ struct lsa_RefDomainList *domains = NULL;
int i;
NTSTATUS status = NT_STATUS_OK;
return NT_STATUS_INVALID_PARAMETER;
}
- r->out.domains = NULL;
+ *r->out.domains = NULL;
/* NOTE: the WSPP test suite tries SIDs with invalid revision numbers,
and expects NT_STATUS_INVALID_PARAMETER back - we just treat it as
return status;
}
- r->out.domains = talloc_zero(mem_ctx, struct lsa_RefDomainList);
- if (r->out.domains == NULL) {
+ domains = talloc_zero(r->out.domains, struct lsa_RefDomainList);
+ if (domains == NULL) {
return NT_STATUS_NO_MEMORY;
}
+ *r->out.domains = domains;
r->out.names = talloc_zero(mem_ctx, struct lsa_TransNameArray2);
if (r->out.names == NULL) {
/* set up the authority table */
status2 = dcesrv_lsa_authority_list(state, mem_ctx, rtype,
authority_name, sid,
- r->out.domains, &sid_index);
+ domains, &sid_index);
if (!NT_STATUS_IS_OK(status2)) {
continue;
}
(*r->out.count)++;
}
-
+
if (*r->out.count == 0) {
return NT_STATUS_NONE_MAPPED;
}
r2.in.unknown2 = r->in.unknown2;
r2.out.count = r->out.count;
r2.out.names = r->out.names;
+ r2.out.domains = r->out.domains;
status = dcesrv_lsa_LookupSids2(dce_call, mem_ctx, &r2);
r2.in.unknown2 = 0;
r2.out.count = r->out.count;
r2.out.names = NULL;
+ r2.out.domains = r->out.domains;
status = dcesrv_lsa_LookupSids2(dce_call, mem_ctx, &r2);
/* we deliberately don't check for error from the above,
static bool lsarlookupsids_out_check(struct torture_context *tctx,
struct lsa_LookupSids *r)
{
- torture_assert(tctx, r->out.domains != NULL, "domains");
- torture_assert_int_equal(tctx, r->out.domains->count, 1, "domains count");
- torture_assert_int_equal(tctx, r->out.domains->max_size, 32, "domains size");
- torture_assert(tctx, r->out.domains->domains != NULL, "domains domains");
- torture_assert_str_equal(tctx, r->out.domains->domains[0].name.string, "BUILTIN", "name");
+ struct lsa_RefDomainList *domains = *(r->out.domains);
+ torture_assert(tctx, domains != NULL, "domains");
+ torture_assert_int_equal(tctx, domains->count, 1, "domains count");
+ torture_assert_int_equal(tctx, domains->max_size, 32, "domains size");
+ torture_assert(tctx, domains->domains != NULL, "domains domains");
+ torture_assert_str_equal(tctx, domains->domains[0].name.string, "BUILTIN", "name");
torture_assert_ntstatus_ok(tctx, r->out.result, "return code");
return true;
}
static bool lsarlookupsids2_out_check(struct torture_context *tctx,
struct lsa_LookupSids2 *r)
{
+ struct lsa_RefDomainList *domains = *(r->out.domains);
/* FIXME: Handle */
torture_assert(tctx, r->out.names != NULL, "names ptr");
torture_assert(tctx, r->out.domains != NULL, "domains ptr");
- torture_assert_int_equal(tctx, r->out.domains->count, 4, "domains count");
- torture_assert_int_equal(tctx, r->out.domains->max_size, 32, "domains size");
- torture_assert_str_equal(tctx, r->out.domains->domains[0].name.string, "NT AUTHORITY", "trust info name");
+ torture_assert_int_equal(tctx, domains->count, 4, "domains count");
+ torture_assert_int_equal(tctx, domains->max_size, 32, "domains size");
+ torture_assert_str_equal(tctx, domains->domains[0].name.string, "NT AUTHORITY", "trust info name");
torture_assert_int_equal(tctx, r->out.names->count, 7, "names count");
torture_assert_str_equal(tctx, r->out.names->names[0].name.string, "Account Operators", "name str 1");
torture_assert_str_equal(tctx, r->out.names->names[1].name.string, "Administrators", "name str 2");
static bool lsarlookupsids3_out_check(struct torture_context *tctx,
struct lsa_LookupSids3 *r)
{
+ struct lsa_RefDomainList *domains = *(r->out.domains);
/* FIXME: Handle */
torture_assert(tctx, r->out.names != NULL, "names ptr");
torture_assert(tctx, r->out.domains != NULL, "domains ptr");
- torture_assert_int_equal(tctx, r->out.domains->count, 4, "domains count");
- torture_assert_int_equal(tctx, r->out.domains->max_size, 32, "domains size");
- torture_assert_str_equal(tctx, r->out.domains->domains[0].name.string, "NT AUTHORITY", "trust info name");
+ torture_assert_int_equal(tctx, domains->count, 4, "domains count");
+ torture_assert_int_equal(tctx, domains->max_size, 32, "domains size");
+ torture_assert_str_equal(tctx, domains->domains[0].name.string, "NT AUTHORITY", "trust info name");
torture_assert_int_equal(tctx, r->out.names->count, 7, "names count");
torture_assert_str_equal(tctx, r->out.names->names[0].name.string, "Account Operators", "name str 1");
torture_assert_str_equal(tctx, r->out.names->names[1].name.string, "Administrators", "name str 2");
{
struct lsa_LookupSids r;
struct lsa_TransNameArray names;
+ struct lsa_RefDomainList *domains = NULL;
uint32_t count = sids->num_sids;
NTSTATUS status;
r.in.count = &count;
r.out.count = &count;
r.out.names = &names;
+ r.out.domains = &domains;
status = dcerpc_lsa_LookupSids(p, mem_ctx, &r);
if (!NT_STATUS_IS_OK(status)) {
{
struct lsa_LookupSids2 r;
struct lsa_TransNameArray2 names;
+ struct lsa_RefDomainList *domains = NULL;
uint32_t count = sids->num_sids;
NTSTATUS status;
r.in.unknown2 = 0;
r.out.count = &count;
r.out.names = &names;
+ r.out.domains = &domains;
status = dcerpc_lsa_LookupSids2(p, mem_ctx, &r);
if (!NT_STATUS_IS_OK(status)) {
{
struct lsa_LookupSids3 r;
struct lsa_TransNameArray2 names;
+ struct lsa_RefDomainList *domains = NULL;
uint32_t count = sids->num_sids;
NTSTATUS status;
r.in.count = &count;
r.in.unknown1 = 0;
r.in.unknown2 = 0;
+ r.out.domains = &domains;
r.out.count = &count;
r.out.names = &names;
if (handle) {
struct lsa_LookupSids r;
struct lsa_TransNameArray names;
+ struct lsa_RefDomainList *domains = NULL;
names.count = 0;
names.names = NULL;
r.in.count = &names.count;
r.out.count = &count;
r.out.names = &names;
+ r.out.domains = &domains;
status = dcerpc_lsa_LookupSids(p, mem_ctx, &r);
if (!NT_STATUS_IS_OK(status)) {
} else if (p->conn->security_state.auth_info->auth_type == DCERPC_AUTH_TYPE_SCHANNEL &&
p->conn->security_state.auth_info->auth_level >= DCERPC_AUTH_LEVEL_INTEGRITY) {
struct lsa_LookupSids3 r;
+ struct lsa_RefDomainList *domains = NULL;
struct lsa_TransNameArray2 names;
names.count = 0;
r.in.unknown2 = 0;
r.out.count = &count;
r.out.names = &names;
+ r.out.domains = &domains;
status = dcerpc_lsa_LookupSids3(p, mem_ctx, &r);
if (!NT_STATUS_IS_OK(status)) {
uint32_t *count;
struct lsa_TransNameArray *names;
struct lsa_LookupSids *r;
+ struct lsa_RefDomainList *domains = NULL;
struct rpc_request **req;
int i, replies;
bool ret = true;
r[i].in.count = &names[i].count;
r[i].out.count = &count[i];
r[i].out.names = &names[i];
+ r[i].out.domains = &domains;
req[i] = dcerpc_lsa_LookupSids_send(p, req, &r[i]);
if (req[i] == NULL) {
struct lsa_LookupSids r;
struct lsa_SidArray sids;
struct lsa_TransNameArray names;
+ struct lsa_RefDomainList *domains;
uint32_t count;
struct wb_sid_object **result;
};
if (state->sids.sids[i].sid == NULL) goto failed;
}
+ state->domains = talloc(state, struct lsa_RefDomainList);
+ if (state->domains == NULL) goto failed;
+
state->count = 0;
state->num_sids = num_sids;
state->names.count = 0;
state->r.in.count = &state->count;
state->r.out.names = &state->names;
state->r.out.count = &state->count;
+ state->r.out.domains = &state->domains;
req = dcerpc_lsa_LookupSids_send(lsa_pipe, state, &state->r);
if (req == NULL) goto failed;
struct lsa_TranslatedName *name =
&state->r.out.names->names[i];
struct lsa_DomainInfo *dom;
+ struct lsa_RefDomainList *domains =
+ state->domains;
state->result[i] = talloc_zero(state->result,
struct wb_sid_object);
continue;
}
- if (name->sid_index >= state->r.out.domains->count) {
+ if (name->sid_index >= domains->count) {
composite_error(state->ctx,
NT_STATUS_INVALID_PARAMETER);
return;
}
- dom = &state->r.out.domains->domains[name->sid_index];
+ dom = &domains->domains[name->sid_index];
state->result[i]->domain = talloc_reference(state->result[i],
dom->name.string);
if ((name->sid_type == SID_NAME_DOMAIN) ||