git.samba.org / ira / wip.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
s4-lsa: fixed the lsa server to cope with the new tests from gd
[ira/wip.git] / source4 / rpc_server / lsa / lsa_lookup.c
diff --git a/source4/rpc_server/lsa/lsa_lookup.c b/source4/rpc_server/lsa/lsa_lookup.c
index 2375a6d27aa9ea2343d0ce92f08753bd9d8b1d19..27371ea8d1d339673dca39be023c0590ecf67234 100644 (file)
--- a/source4/rpc_server/lsa/lsa_lookup.c
+++ b/source4/rpc_server/lsa/lsa_lookup.c
@@ -236,11 +236,12 @@ static NTSTATUS lookup_well_known_sids(TALLOC_CTX *mem_ctx,
 /*
   lookup a SID for 1 name
 */
-static NTSTATUS dcesrv_lsa_lookup_name(struct event_context *ev_ctx, 
+static NTSTATUS dcesrv_lsa_lookup_name(struct tevent_context *ev_ctx, 
                                       struct loadparm_context *lp_ctx,
                                       struct lsa_policy_state *state, TALLOC_CTX *mem_ctx,
-                               const char *name, const char **authority_name, 
-                               struct dom_sid **sid, enum lsa_SidType *rtype)
+                                      const char *name, const char **authority_name, 
+                                      struct dom_sid **sid, enum lsa_SidType *rtype,
+                                      uint32_t *rid)
 {
        int ret, atype, i;
        struct ldb_message **res;
@@ -274,6 +275,15 @@ static NTSTATUS dcesrv_lsa_lookup_name(struct event_context *ev_ctx,
                /* Look up table of well known names */
                status = lookup_well_known_names(mem_ctx, NULL, username, authority_name, sid, rtype);
                if (NT_STATUS_IS_OK(status)) {
+                       dom_sid_split_rid(NULL, *sid, NULL, rid);
+                       return NT_STATUS_OK;
+               }
+
+               if (username == NULL) {
+                       *authority_name = NAME_BUILTIN;
+                       *sid = dom_sid_parse_talloc(mem_ctx, SID_BUILTIN);
+                       *rtype = SID_NAME_DOMAIN;
+                       *rid = 0xFFFFFFFF;
                        return NT_STATUS_OK;
                }
 
@@ -281,24 +291,28 @@ static NTSTATUS dcesrv_lsa_lookup_name(struct event_context *ev_ctx,
                        *authority_name = NAME_NT_AUTHORITY;
                        *sid =  dom_sid_parse_talloc(mem_ctx, SID_NT_AUTHORITY);
                        *rtype = SID_NAME_DOMAIN;
+                       dom_sid_split_rid(NULL, *sid, NULL, rid);
                        return NT_STATUS_OK;
                }
                if (strcasecmp_m(username, NAME_BUILTIN) == 0) { 
                        *authority_name = NAME_BUILTIN;
                        *sid = dom_sid_parse_talloc(mem_ctx, SID_BUILTIN);
                        *rtype = SID_NAME_DOMAIN;
+                       *rid = 0xFFFFFFFF;
                        return NT_STATUS_OK;
                }
                if (strcasecmp_m(username, state->domain_dns) == 0) { 
                        *authority_name = state->domain_name;
                        *sid =  state->domain_sid;
                        *rtype = SID_NAME_DOMAIN;
+                       *rid = 0xFFFFFFFF;
                        return NT_STATUS_OK;
                }
                if (strcasecmp_m(username, state->domain_name) == 0) { 
                        *authority_name = state->domain_name;
                        *sid =  state->domain_sid;
                        *rtype = SID_NAME_DOMAIN;
+                       *rid = 0xFFFFFFFF;
                        return NT_STATUS_OK;
                }
                
@@ -307,7 +321,7 @@ static NTSTATUS dcesrv_lsa_lookup_name(struct event_context *ev_ctx,
                if (!name) {
                        return NT_STATUS_NO_MEMORY;
                }
-               status = dcesrv_lsa_lookup_name(ev_ctx, lp_ctx, state, mem_ctx, name, authority_name, sid, rtype);
+               status = dcesrv_lsa_lookup_name(ev_ctx, lp_ctx, state, mem_ctx, name, authority_name, sid, rtype, rid);
                if (NT_STATUS_IS_OK(status)) {
                        return status;
                }
@@ -317,7 +331,7 @@ static NTSTATUS dcesrv_lsa_lookup_name(struct event_context *ev_ctx,
                if (!name) {
                        return NT_STATUS_NO_MEMORY;
                }
-               status = dcesrv_lsa_lookup_name(ev_ctx, lp_ctx, state, mem_ctx, name, authority_name, sid, rtype);
+               status = dcesrv_lsa_lookup_name(ev_ctx, lp_ctx, state, mem_ctx, name, authority_name, sid, rtype, rid);
                if (NT_STATUS_IS_OK(status)) {
                        return status;
                }
@@ -327,7 +341,7 @@ static NTSTATUS dcesrv_lsa_lookup_name(struct event_context *ev_ctx,
                if (!name) {
                        return NT_STATUS_NO_MEMORY;
                }
-               status = dcesrv_lsa_lookup_name(ev_ctx, lp_ctx, state, mem_ctx, name, authority_name, sid, rtype);
+               status = dcesrv_lsa_lookup_name(ev_ctx, lp_ctx, state, mem_ctx, name, authority_name, sid, rtype, rid);
                if (NT_STATUS_IS_OK(status)) {
                        return status;
                }
@@ -338,12 +352,17 @@ static NTSTATUS dcesrv_lsa_lookup_name(struct event_context *ev_ctx,
                        *authority_name = NAME_NT_AUTHORITY;
                        *sid = dom_sid_parse_talloc(mem_ctx, SID_NT_AUTHORITY);
                        *rtype = SID_NAME_DOMAIN;
+                       dom_sid_split_rid(NULL, *sid, NULL, rid);
                        return NT_STATUS_OK;
                }
 
                /* Look up table of well known names */
-               return lookup_well_known_names(mem_ctx, domain, username, authority_name, 
-                                              sid, rtype);
+               status = lookup_well_known_names(mem_ctx, domain, username, authority_name, 
+                                                sid, rtype);
+               if (NT_STATUS_IS_OK(status)) {
+                       dom_sid_split_rid(NULL, *sid, NULL, rid);
+               }
+               return status;
        } else if (strcasecmp_m(domain, NAME_BUILTIN) == 0) {
                *authority_name = NAME_BUILTIN;
                domain_dn = state->builtin_dn;
@@ -371,6 +390,7 @@ static NTSTATUS dcesrv_lsa_lookup_name(struct event_context *ev_ctx,
        if (!*username) {
                *sid = domain_sid;
                *rtype = SID_NAME_DOMAIN;
+               *rid = 0xFFFFFFFF;
                return NT_STATUS_OK;
        }
        
@@ -394,7 +414,7 @@ static NTSTATUS dcesrv_lsa_lookup_name(struct event_context *ev_ctx,
 
                atype = samdb_result_uint(res[i], "sAMAccountType", 0);
                        
-               *rtype = samdb_atype_map(atype);
+               *rtype = ds_atype_map(atype);
                if (*rtype == SID_NAME_UNKNOWN) {
                        return STATUS_SOME_UNMAPPED;
                }
@@ -503,7 +523,7 @@ static NTSTATUS dcesrv_lsa_lookup_sid(struct lsa_policy_state *state, TALLOC_CTX
 
                atype = samdb_result_uint(res[0], "sAMAccountType", 0);
 
-               *rtype = samdb_atype_map(atype);
+               *rtype = ds_atype_map(atype);
 
                return NT_STATUS_OK;
        }
@@ -522,6 +542,7 @@ NTSTATUS dcesrv_lsa_LookupSids2(struct dcesrv_call_state *dce_call,
                                struct lsa_LookupSids2 *r)
 {
        struct lsa_policy_state *state;
+       struct lsa_RefDomainList *domains = NULL;
        int i;
        NTSTATUS status = NT_STATUS_OK;
 
@@ -530,7 +551,7 @@ NTSTATUS dcesrv_lsa_LookupSids2(struct dcesrv_call_state *dce_call,
                return NT_STATUS_INVALID_PARAMETER;
        }
 
-       r->out.domains = NULL;
+       *r->out.domains = NULL;
 
        /* NOTE: the WSPP test suite tries SIDs with invalid revision numbers,
           and expects NT_STATUS_INVALID_PARAMETER back - we just treat it as 
@@ -543,10 +564,11 @@ NTSTATUS dcesrv_lsa_LookupSids2(struct dcesrv_call_state *dce_call,
                return status;
        }
 
-       r->out.domains = talloc_zero(mem_ctx,  struct lsa_RefDomainList);
-       if (r->out.domains == NULL) {
+       domains = talloc_zero(r->out.domains,  struct lsa_RefDomainList);
+       if (domains == NULL) {
                return NT_STATUS_NO_MEMORY;
        }
+       *r->out.domains = domains;
 
        r->out.names = talloc_zero(mem_ctx,  struct lsa_TransNameArray2);
        if (r->out.names == NULL) {
@@ -592,7 +614,7 @@ NTSTATUS dcesrv_lsa_LookupSids2(struct dcesrv_call_state *dce_call,
                /* set up the authority table */
                status2 = dcesrv_lsa_authority_list(state, mem_ctx, rtype, 
                                                    authority_name, sid, 
-                                                   r->out.domains, &sid_index);
+                                                   domains, &sid_index);
                if (!NT_STATUS_IS_OK(status2)) {
                        continue;
                }
@@ -604,7 +626,7 @@ NTSTATUS dcesrv_lsa_LookupSids2(struct dcesrv_call_state *dce_call,
 
                (*r->out.count)++;
        }
-       
+
        if (*r->out.count == 0) {
                return NT_STATUS_NONE_MAPPED;
        }
@@ -656,10 +678,11 @@ NTSTATUS dcesrv_lsa_LookupSids3(struct dcesrv_call_state *dce_call,
        r2.in.names    = r->in.names;
        r2.in.level    = r->in.level;
        r2.in.count    = r->in.count;
-       r2.in.unknown1 = r->in.unknown1;
-       r2.in.unknown2 = r->in.unknown2;
+       r2.in.lookup_options = r->in.lookup_options;
+       r2.in.client_revision = r->in.client_revision;
        r2.out.count   = r->out.count;
        r2.out.names   = r->out.names;
+       r2.out.domains = r->out.domains;
 
        status = dcesrv_lsa_LookupSids2(dce_call, mem_ctx, &r2);
 
@@ -688,10 +711,11 @@ NTSTATUS dcesrv_lsa_LookupSids(struct dcesrv_call_state *dce_call, TALLOC_CTX *m
        r2.in.names    = NULL;
        r2.in.level    = r->in.level;
        r2.in.count    = r->in.count;
-       r2.in.unknown1 = 0;
-       r2.in.unknown2 = 0;
+       r2.in.lookup_options = 0;
+       r2.in.client_revision = 0;
        r2.out.count   = r->out.count;
        r2.out.names   = NULL;
+       r2.out.domains = r->out.domains;
 
        status = dcesrv_lsa_LookupSids2(dce_call, mem_ctx, &r2);
        /* we deliberately don't check for error from the above,
@@ -734,6 +758,7 @@ NTSTATUS dcesrv_lsa_LookupNames3(struct dcesrv_call_state *dce_call,
        struct dcesrv_handle *policy_handle;
        int i;
        struct loadparm_context *lp_ctx = dce_call->conn->dce_ctx->lp_ctx;
+       struct lsa_RefDomainList *domains;
 
        DCESRV_PULL_HANDLE(policy_handle, r->in.handle, LSA_HANDLE_POLICY);
 
@@ -744,12 +769,13 @@ NTSTATUS dcesrv_lsa_LookupNames3(struct dcesrv_call_state *dce_call,
 
        policy_state = policy_handle->data;
 
-       r->out.domains = NULL;
+       *r->out.domains = NULL;
 
-       r->out.domains = talloc_zero(mem_ctx,  struct lsa_RefDomainList);
-       if (r->out.domains == NULL) {
+       domains = talloc_zero(mem_ctx,  struct lsa_RefDomainList);
+       if (domains == NULL) {
                return NT_STATUS_NO_MEMORY;
        }
+       *r->out.domains = domains;
 
        r->out.sids = talloc_zero(mem_ctx,  struct lsa_TransSidArray3);
        if (r->out.sids == NULL) {
@@ -768,7 +794,7 @@ NTSTATUS dcesrv_lsa_LookupNames3(struct dcesrv_call_state *dce_call,
                const char *name = r->in.names[i].string;
                const char *authority_name;
                struct dom_sid *sid;
-               uint32_t sid_index;
+               uint32_t sid_index, rid;
                enum lsa_SidType rtype;
                NTSTATUS status2;
 
@@ -779,13 +805,14 @@ NTSTATUS dcesrv_lsa_LookupNames3(struct dcesrv_call_state *dce_call,
                r->out.sids->sids[i].sid_index   = 0xFFFFFFFF;
                r->out.sids->sids[i].flags       = 0;
 
-               status2 = dcesrv_lsa_lookup_name(dce_call->event_ctx, lp_ctx, policy_state, mem_ctx, name, &authority_name, &sid, &rtype);
+               status2 = dcesrv_lsa_lookup_name(dce_call->event_ctx, lp_ctx, policy_state, mem_ctx, name, 
+                                                &authority_name, &sid, &rtype, &rid);
                if (!NT_STATUS_IS_OK(status2) || sid->num_auths == 0) {
                        continue;
                }
 
                status2 = dcesrv_lsa_authority_list(policy_state, mem_ctx, rtype, authority_name, 
-                                                   sid, r->out.domains, &sid_index);
+                                                   sid, domains, &sid_index);
                if (!NT_STATUS_IS_OK(status2)) {
                        continue;
                }
@@ -873,8 +900,9 @@ NTSTATUS dcesrv_lsa_LookupNames2(struct dcesrv_call_state *dce_call,
        struct dcesrv_handle *h;
        int i;
        struct loadparm_context *lp_ctx = dce_call->conn->dce_ctx->lp_ctx;
+       struct lsa_RefDomainList *domains;
 
-       r->out.domains = NULL;
+       *r->out.domains = NULL;
 
        DCESRV_PULL_HANDLE(h, r->in.handle, LSA_HANDLE_POLICY);
 
@@ -885,10 +913,11 @@ NTSTATUS dcesrv_lsa_LookupNames2(struct dcesrv_call_state *dce_call,
 
        state = h->data;
 
-       r->out.domains = talloc_zero(mem_ctx,  struct lsa_RefDomainList);
-       if (r->out.domains == NULL) {
+       domains = talloc_zero(mem_ctx,  struct lsa_RefDomainList);
+       if (domains == NULL) {
                return NT_STATUS_NO_MEMORY;
        }
+       *r->out.domains = domains;
 
        r->out.sids = talloc_zero(mem_ctx,  struct lsa_TransSidArray2);
        if (r->out.sids == NULL) {
@@ -907,7 +936,7 @@ NTSTATUS dcesrv_lsa_LookupNames2(struct dcesrv_call_state *dce_call,
                const char *name = r->in.names[i].string;
                const char *authority_name;
                struct dom_sid *sid;
-               uint32_t rtype, sid_index;
+               uint32_t rtype, sid_index, rid=0;
                NTSTATUS status2;
 
                r->out.sids->count++;
@@ -921,19 +950,19 @@ NTSTATUS dcesrv_lsa_LookupNames2(struct dcesrv_call_state *dce_call,
                r->out.sids->sids[i].unknown     = 0;
 
                status2 = dcesrv_lsa_lookup_name(dce_call->event_ctx, lp_ctx, state, mem_ctx, name, 
-                                                &authority_name, &sid, &rtype);
+                                                &authority_name, &sid, &rtype, &rid);
                if (!NT_STATUS_IS_OK(status2)) {
                        continue;
                }
 
                status2 = dcesrv_lsa_authority_list(state, mem_ctx, rtype, authority_name, 
-                                                   sid, r->out.domains, &sid_index);
+                                                   sid, domains, &sid_index);
                if (!NT_STATUS_IS_OK(status2)) {
                        continue;
                }
 
                r->out.sids->sids[i].sid_type    = rtype;
-               r->out.sids->sids[i].rid         = sid->sub_auths[sid->num_auths-1];
+               r->out.sids->sids[i].rid         = rid;
                r->out.sids->sids[i].sid_index   = sid_index;
                r->out.sids->sids[i].unknown     = 0;
 
@@ -971,13 +1000,13 @@ NTSTATUS dcesrv_lsa_LookupNames(struct dcesrv_call_state *dce_call, TALLOC_CTX *
        r2.in.lookup_options = 0;
        r2.in.client_revision = 0;
        r2.out.count    = r->out.count;
+       r2.out.domains  = r->out.domains;
 
        status = dcesrv_lsa_LookupNames2(dce_call, mem_ctx, &r2);
        if (r2.out.sids == NULL) {
                return status;
        }
 
-       r->out.domains = r2.out.domains;
        r->out.sids = talloc(mem_ctx, struct lsa_TransSidArray);
        if (r->out.sids == NULL) {
                return NT_STATUS_NO_MEMORY;
Unnamed repository; edit this file 'description' to name the repository.