r919: - added lsa_QueryInfoPolicy2() to IDL, test suite and server

- added lsa_OpenPolicy2() to server

- added guid handling in samdb

- added a couple more info policy levels in lsa server

- added some DNS info in the provisioning template and script

With the above changes WinXP professional can join a Samba4 domain
(This used to be commit d6dca96352144d6061175c964069ed54d942b9c2)

diff --git a/source4/librpc/idl/lsa.idl b/source4/librpc/idl/lsa.idl
index e477ce7054a1545f2c085fb195b1f52a6c704b87..b9acbfcf10de2b32dfcac4e1a7f6808d2e87912c 100644 (file)
--- a/source4/librpc/idl/lsa.idl
+++ b/source4/librpc/idl/lsa.idl
@@ -500,6 +500,13 @@
 
        /* Function:    0x2d */
        NTSTATUS UNK_GET_CONNUSER ();
+
+       /**********************/
        /* Function:          0x2e */
-       NTSTATUS QUERYINFO2 ();
+
+       NTSTATUS lsa_QueryInfoPolicy2(
+               [in,ref]                 policy_handle *handle,
+               [in]                     uint16 level,
+               [out,switch_is(level)]   lsa_PolicyInformation *info
+               );
 }

diff --git a/source4/provision.ldif b/source4/provision.ldif
index 075cd758baa1e1d4ce16ae24f3d2dd501ab9431e..444f7185bd1f788d62a7ecfcd598ee17361d29f2 100644 (file)
--- a/source4/provision.ldif
+++ b/source4/provision.ldif
@@ -27,6 +27,8 @@ objectClass: top
 objectClass: domain
 objectClass: domainDNS
 name: ${DOMAIN}
+realm: ${REALM}
+dnsDomain: ${REALM}
 dc: ${DOMAIN}
 objectGUID: ${NEWGUID}
 creationTime: ${NTTIME}

diff --git a/source4/rpc_server/lsa/dcesrv_lsa.c b/source4/rpc_server/lsa/dcesrv_lsa.c
index 6ea782a8f2bdf299b48983cf3e5c95a99ec97db6..bff7a98b259d6724f842e1ea3045f37ef4c94256 100644 (file)
--- a/source4/rpc_server/lsa/dcesrv_lsa.c
+++ b/source4/rpc_server/lsa/dcesrv_lsa.c
@@ -139,10 +139,10 @@ static NTSTATUS lsa_ChangePassword(struct dcesrv_call_state *dce_call, TALLOC_CT
 
 
 /* 
-  lsa_OpenPolicy 
+  lsa_OpenPolicy2
 */
-static NTSTATUS lsa_OpenPolicy(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
-                              struct lsa_OpenPolicy *r)
+static NTSTATUS lsa_OpenPolicy2(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
+                              struct lsa_OpenPolicy2 *r)
 {
        struct lsa_policy_state *state;
        struct dcesrv_handle *handle;
@@ -198,6 +198,25 @@ static NTSTATUS lsa_OpenPolicy(struct dcesrv_call_state *dce_call, TALLOC_CTX *m
        return NT_STATUS_OK;
 }
 
+/* 
+  lsa_OpenPolicy
+  a wrapper around lsa_OpenPolicy2
+*/
+static NTSTATUS lsa_OpenPolicy(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
+                               struct lsa_OpenPolicy *r)
+{
+       struct lsa_OpenPolicy2 r2;
+
+       r2.in.system_name = NULL;
+       r2.in.attr = r->in.attr;
+       r2.in.access_mask = r->in.access_mask;
+       r2.out.handle = r->out.handle;
+
+       return lsa_OpenPolicy2(dce_call, mem_ctx, &r2);
+}
+
+
+
 
 /*
   fill in the AccountDomain info
@@ -221,11 +240,36 @@ static NTSTATUS lsa_info_AccountDomain(struct lsa_policy_state *state, TALLOC_CT
        return NT_STATUS_OK;
 }
 
+/*
+  fill in the DNS domain info
+*/
+static NTSTATUS lsa_info_DNS(struct lsa_policy_state *state, TALLOC_CTX *mem_ctx,
+                            struct lsa_DnsDomainInfo *info)
+{
+       const char * const attrs[] = { "name", "dnsDomain", "objectGUID", "objectSid", NULL };
+       int ret;
+       struct ldb_message **res;
+
+       ret = samdb_search(state->sam_ctx, mem_ctx, NULL, &res, attrs, 
+                          "dn=%s", state->domain_dn);
+       if (ret != 1) {
+               return NT_STATUS_INTERNAL_DB_CORRUPTION;
+       }
+
+       info->name.name       = samdb_result_string(res[0],           "name", NULL);
+       info->dns_domain.name = samdb_result_string(res[0],           "dnsDomain", NULL);
+       info->dns_forest.name = samdb_result_string(res[0],           "dnsDomain", NULL);
+       info->domain_guid     = samdb_result_guid(res[0],             "objectGUID");
+       info->sid             = samdb_result_dom_sid(mem_ctx, res[0], "objectSid");
+
+       return NT_STATUS_OK;
+}
+
 /* 
-  lsa_QueryInfoPolicy 
+  lsa_QueryInfoPolicy2
 */
-static NTSTATUS lsa_QueryInfoPolicy(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
-                                   struct lsa_QueryInfoPolicy *r)
+static NTSTATUS lsa_QueryInfoPolicy2(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
+                                    struct lsa_QueryInfoPolicy2 *r)
 {
        struct lsa_policy_state *state;
        struct dcesrv_handle *h;
@@ -244,13 +288,35 @@ static NTSTATUS lsa_QueryInfoPolicy(struct dcesrv_call_state *dce_call, TALLOC_C
        ZERO_STRUCTP(r->out.info);
 
        switch (r->in.level) {
+       case LSA_POLICY_INFO_DOMAIN:
        case LSA_POLICY_INFO_ACCOUNT_DOMAIN:
                return lsa_info_AccountDomain(state, mem_ctx, &r->out.info->account_domain);
+
+       case LSA_POLICY_INFO_DNS:
+               return lsa_info_DNS(state, mem_ctx, &r->out.info->dns);
        }
 
        return NT_STATUS_INVALID_INFO_CLASS;
 }
 
+/* 
+  lsa_QueryInfoPolicy 
+*/
+static NTSTATUS lsa_QueryInfoPolicy(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
+                                   struct lsa_QueryInfoPolicy *r)
+{
+       struct lsa_QueryInfoPolicy2 r2;
+       NTSTATUS status;
+
+       r2.in.handle = r->in.handle;
+       r2.in.level = r->in.level;
+       
+       status = lsa_QueryInfoPolicy2(dce_call, mem_ctx, &r2);
+
+       r->out.info = r2.out.info;
+
+       return status;
+}
 
 /* 
   lsa_SetInfoPolicy 
@@ -612,16 +678,6 @@ static NTSTATUS RETRPRIVDATA(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem
 }
 
 
-/* 
-  lsa_OpenPolicy2 
-*/
-static NTSTATUS lsa_OpenPolicy2(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
-                      struct lsa_OpenPolicy2 *r)
-{
-       DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
-}
-
-
 /* 
   UNK_GET_CONNUSER 
 */
@@ -632,15 +688,5 @@ static NTSTATUS UNK_GET_CONNUSER(struct dcesrv_call_state *dce_call, TALLOC_CTX
 }
 
 
-/* 
-  QUERYINFO2 
-*/
-static NTSTATUS QUERYINFO2(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
-                      struct QUERYINFO2 *r)
-{
-       DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
-}
-
-
 /* include the generated boilerplate */
 #include "librpc/gen_ndr/ndr_lsa_s.c"

diff --git a/source4/rpc_server/samr/samdb.c b/source4/rpc_server/samr/samdb.c
index 12319cf84ac7c6628e4ec767cf241517af0d839e..ed76a4fc60d615c15e5b8a0455ad7bf5298c395c 100644 (file)
--- a/source4/rpc_server/samr/samdb.c
+++ b/source4/rpc_server/samr/samdb.c
@@ -379,6 +379,28 @@ struct dom_sid *samdb_result_dom_sid(TALLOC_CTX *mem_ctx, struct ldb_message *ms
        return dom_sid_parse_talloc(mem_ctx, sidstr);
 }
 
+/*
+  pull a guid structure from a objectGUID in a result set. 
+*/
+struct GUID samdb_result_guid(struct ldb_message *msg, const char *attr)
+{
+       NTSTATUS status;
+       struct GUID guid;
+       const char *guidstr = ldb_msg_find_string(msg, attr, NULL);
+
+       ZERO_STRUCT(guid);
+
+       if (!guidstr) return guid;
+
+       status = GUID_from_string(guidstr, &guid);
+       if (!NT_STATUS_IS_OK(status)) {
+               ZERO_STRUCT(guid);
+               return guid;
+       }
+
+       return guid;
+}
+
 /*
   pull a sid prefix from a objectSid in a result set. 
   this is used to find the domain sid for a user

diff --git a/source4/script/provision.pl b/source4/script/provision.pl
index e71c065328f77604bf3e85153207d02bbb6dc0b6..8bafa6a030dadddb5500db8504f2c5c88d4b1525 100755 (executable)
--- a/source4/script/provision.pl
+++ b/source4/script/provision.pl
@@ -27,7 +27,8 @@ sub randguid()
        my $r3 = int(rand(2**16));
        my $r4 = int(rand(2**16));
        my $r5 = int(rand(2**32));
-       return sprintf("%08x-%04x-%04x-%04x-%08x", $r1, $r2, $r3, $r4, $r5);
+       my $r6 = int(rand(2**16));
+       return sprintf("%08x-%04x-%04x-%04x-%08x%04x", $r1, $r2, $r3, $r4, $r5, $r6);
 }
 
 sub randsid()
@@ -63,6 +64,10 @@ sub substitute($)
                return $domain;
        }
 
+       if ($var eq "REALM") {
+               return $realm;
+       }
+
        if ($var eq "HOSTNAME") {
                return $hostname;
        }

diff --git a/source4/torture/rpc/lsa.c b/source4/torture/rpc/lsa.c
index 031070caa658a6723dd6561649fc9ce7353baf23..7dfa2494b7c0ce675811fdcd2bf464f4ae1cd4e7 100644 (file)
--- a/source4/torture/rpc/lsa.c
+++ b/source4/torture/rpc/lsa.c
@@ -675,6 +675,40 @@ static BOOL test_QueryInfoPolicy(struct dcerpc_pipe *p,
        return ret;
 }
 
+static BOOL test_QueryInfoPolicy2(struct dcerpc_pipe *p, 
+                                 TALLOC_CTX *mem_ctx, 
+                                 struct policy_handle *handle)
+{
+       struct lsa_QueryInfoPolicy2 r;
+       NTSTATUS status;
+       int i;
+       BOOL ret = True;
+       printf("\nTesting QueryInfoPolicy2\n");
+
+       for (i=1;i<13;i++) {
+               r.in.handle = handle;
+               r.in.level = i;
+
+               printf("\ntrying QueryInfoPolicy2 level %d\n", i);
+
+               status = dcerpc_lsa_QueryInfoPolicy2(p, mem_ctx, &r);
+
+               if ((i == 9 || i == 10 || i == 11) &&
+                   NT_STATUS_EQUAL(status, NT_STATUS_INVALID_PARAMETER)) {
+                       printf("server failed level %u (OK)\n", i);
+                       continue;
+               }
+
+               if (!NT_STATUS_IS_OK(status)) {
+                       printf("QueryInfoPolicy2 failed - %s\n", nt_errstr(status));
+                       ret = False;
+                       continue;
+               }
+       }
+
+       return ret;
+}
+
 static BOOL test_Close(struct dcerpc_pipe *p, 
                       TALLOC_CTX *mem_ctx, 
                       struct policy_handle *handle)
@@ -759,6 +793,10 @@ BOOL torture_rpc_lsa(int dummy)
        if (!test_QueryInfoPolicy(p, mem_ctx, &handle)) {
                ret = False;
        }
+
+       if (!test_QueryInfoPolicy2(p, mem_ctx, &handle)) {
+               ret = False;
+       }
        
 #if 0
        if (!test_Delete(p, mem_ctx, &handle)) {