Merge branch 'master' of ssh://git.samba.org/data/git/samba
authorJelmer Vernooij <jelmer@samba.org>
Mon, 27 Oct 2008 22:41:48 +0000 (23:41 +0100)
committerJelmer Vernooij <jelmer@samba.org>
Mon, 27 Oct 2008 22:41:48 +0000 (23:41 +0100)
23 files changed:
librpc/idl/lsa.idl [moved from source3/librpc/idl/lsa.idl with 98% similarity]
source3/Makefile.in
source3/librpc/gen_ndr/lsa.h
source3/passdb/lookup_sid.c
source3/rpc_server/srv_lsa_nt.c
source4/libcli/util/clilsa.c
source4/libnet/libnet_group.c
source4/libnet/libnet_lookup.c
source4/libnet/libnet_rpc.c
source4/libnet/libnet_user.c
source4/librpc/idl/lsa.idl [deleted file]
source4/rpc_server/lsa/dcesrv_lsa.c
source4/rpc_server/lsa/lsa_lookup.c
source4/torture/ndr/lsa.c
source4/torture/rpc/handles.c
source4/torture/rpc/lsa.c
source4/torture/rpc/lsa_lookup.c
source4/torture/rpc/object_uuid.c
source4/torture/rpc/samba3rpc.c
source4/torture/rpc/samsync.c
source4/torture/rpc/schannel.c
source4/winbind/wb_async_helpers.c
source4/winbind/wb_init_domain.c

similarity index 98%
rename from source3/librpc/idl/lsa.idl
rename to librpc/idl/lsa.idl
index a443448871afe58c9875db6e9871bef259763e5b..003641d97a161231bacb487de234934468a2fe7a 100644 (file)
@@ -56,7 +56,7 @@ import "misc.idl", "security.idl";
        NTSTATUS lsa_Close (
                [in,out]     policy_handle *handle
                );
-       
+
 
        /******************/
        /* Function: 0x01 */
@@ -71,7 +71,7 @@ import "misc.idl", "security.idl";
                uint32 low;
                uint32 high;
        } lsa_LUID;
-       
+
        typedef struct {
                lsa_StringLarge name;
                lsa_LUID luid;
@@ -83,22 +83,20 @@ import "misc.idl", "security.idl";
        } lsa_PrivArray;
 
        [public] NTSTATUS lsa_EnumPrivs (
-               [in]     policy_handle *handle,
-               [in,out,ref] uint32 *resume_handle,
-               [out,ref] lsa_PrivArray *privs,
-               [in]         uint32 max_count
+               [in]            policy_handle *handle,
+               [in,out,ref]    uint32 *resume_handle,
+               [out,ref]       lsa_PrivArray *privs,
+               [in]            uint32 max_count
                );
 
        /******************/
        /* Function: 0x03 */
-
        NTSTATUS lsa_QuerySecurity (
-               [in]     policy_handle *handle,
-               [in]         security_secinfo sec_info,
-               [out,ref]    sec_desc_buf **sdbuf
+               [in]            policy_handle *handle,
+               [in]            security_secinfo sec_info,
+               [out,ref]       sec_desc_buf **sdbuf
                );
 
-
        /******************/
        /* Function: 0x04 */
        NTSTATUS lsa_SetSecObj(
@@ -120,7 +118,7 @@ import "misc.idl", "security.idl";
                uint8   context_mode;
                uint8   effective_only;
        } lsa_QosInfo;
-       
+
        typedef struct {
                uint32 len; /* ignored */
                uint8 *root_dir;
@@ -153,7 +151,7 @@ import "misc.idl", "security.idl";
                [in]   lsa_PolicyAccessMask access_mask,
                [out]  policy_handle *handle
                );
-       
+
 
 
        /******************/
@@ -317,26 +315,25 @@ import "misc.idl", "security.idl";
 
        /******************/
        /* NOTE: This only returns accounts that have at least
-          one privilege set 
+          one privilege set
        */
        /* Function: 0x0b */
        typedef struct {
                dom_sid2 *sid;
        } lsa_SidPtr;
-       
+
        typedef [public] struct {
                [range(0,1000)] uint32 num_sids;
                [size_is(num_sids)] lsa_SidPtr *sids;
        } lsa_SidArray;
 
-       [public] NTSTATUS lsa_EnumAccounts (
+       [public] NTSTATUS lsa_EnumAccounts(
                [in]         policy_handle *handle,
                [in,out,ref] uint32 *resume_handle,
                [out,ref]    lsa_SidArray *sids,
                [in,range(0,8192)] uint32 num_entries
                );
 
-
        /*************************************************/
        /* Function: 0x0c                                */
 
@@ -359,7 +356,7 @@ import "misc.idl", "security.idl";
                [size_is(count)] lsa_DomainInfo *domains;
        } lsa_DomainList;
 
-       NTSTATUS lsa_EnumTrustDom (
+       NTSTATUS lsa_EnumTrustDom(
                [in]               policy_handle *handle,
                [in,out,ref]       uint32 *resume_handle,
                [out,ref]          lsa_DomainList *domains,
@@ -394,8 +391,6 @@ import "misc.idl", "security.idl";
        } lsa_TransSidArray;
 
        const int LSA_REF_DOMAIN_LIST_MULTIPLIER = 32;
-       const int MAX_REF_DOMAINS = LSA_REF_DOMAIN_LIST_MULTIPLIER;
-
        typedef struct {
                [range(0,1000)] uint32 count;
                [size_is(count)] lsa_DomainInfo *domains;
@@ -445,10 +440,7 @@ import "misc.idl", "security.idl";
                [size_is(count)] lsa_TranslatedName *names;
        } lsa_TransNameArray;
 
-       /* This number is based on Win2k and later maximum response allowed */
-       const int MAX_LOOKUP_SIDS = 0x5000; /* 20480 */
-
-       [public] NTSTATUS lsa_LookupSids (
+       [public] NTSTATUS lsa_LookupSids(
                [in]         policy_handle *handle,
                [in,ref]     lsa_SidArray *sids,
                [out,ref]    lsa_RefDomainList **domains,
@@ -484,14 +476,14 @@ import "misc.idl", "security.idl";
                lsa_LUID luid;
                uint32 attribute;
        } lsa_LUIDAttribute;
-       
+
        typedef struct {
                [range(0,1000)] uint32 count;
                uint32 unknown;
                [size_is(count)] lsa_LUIDAttribute set[*];
        } lsa_PrivilegeSet;
-       
-       NTSTATUS lsa_EnumPrivsAccount (
+
+       NTSTATUS lsa_EnumPrivsAccount(
                [in]         policy_handle *handle,
                [out,ref] lsa_PrivilegeSet **privs
                );
@@ -503,7 +495,7 @@ import "misc.idl", "security.idl";
                [in]         policy_handle *handle,
                [in,ref]     lsa_PrivilegeSet *privs
                );
-       
+
 
        /****************************************/
        /* Function:         0x14 */
@@ -515,10 +507,10 @@ import "misc.idl", "security.idl";
 
        /* Function:           0x15 */
        [todo] NTSTATUS lsa_GetQuotasForAccount();
-       
+
        /* Function:           0x16 */
        [todo] NTSTATUS lsa_SetQuotasForAccount();
-       
+
        typedef [bitmap32bit] bitmap {
                LSA_POLICY_MODE_INTERACTIVE             = 0x00000001,
                LSA_POLICY_MODE_NETWORK                 = 0x00000002,
@@ -772,7 +764,7 @@ import "misc.idl", "security.idl";
 
 
        /* Function:      0x20 */
-       NTSTATUS lsa_LookupPrivName (
+       NTSTATUS lsa_LookupPrivName(
                [in]     policy_handle *handle,
                [in,ref] lsa_LUID *luid,
                [out,ref] lsa_StringLarge **name
@@ -781,7 +773,7 @@ import "misc.idl", "security.idl";
 
        /*******************/
        /* Function:  0x21 */
-       NTSTATUS lsa_LookupPrivDisplayName (
+       NTSTATUS lsa_LookupPrivDisplayName(
                [in] policy_handle *handle,
                [in,ref] lsa_String *name,
                [in] uint16 language_id,
@@ -810,12 +802,12 @@ import "misc.idl", "security.idl";
        typedef struct {
                [string,charset(UTF16)] uint16 *name;
        } lsa_RightAttribute;
-       
+
        typedef struct {
                [range(0,256)] uint32 count;
                [size_is(count)] lsa_StringLarge *names;
        } lsa_RightSet;
-       
+
        NTSTATUS lsa_EnumAccountRights (
                [in]     policy_handle *handle,
                [in,ref] dom_sid2 *sid,
@@ -953,7 +945,7 @@ import "misc.idl", "security.idl";
 
        /* Function 0x35 */
 
-       /* w2k3 returns either 0x000bbbd000000000 or 0x000a48e800000000 
+       /* w2k3 returns either 0x000bbbd000000000 or 0x000a48e800000000
           for unknown6 - gd */
        typedef struct {
                uint32 enforce_restrictions;
index 60832c839133ca7f444ac365e167b817e25c4283..babd4f901d285d579be2875fc50a446fad619161 100644 (file)
@@ -1214,7 +1214,7 @@ modules:: SHOWFLAGS $(MODULES)
 ## Perl IDL Compiler
 samba3-idl::
        @PIDL_ARGS="$(PIDL_ARGS)" CPP="$(CPP)" PIDL="../pidl/pidl" \
-        srcdir="$(srcdir)" $(srcdir)/script/build_idl.sh librpc/idl/lsa.idl \
+        srcdir="$(srcdir)" $(srcdir)/script/build_idl.sh ../librpc/idl/lsa.idl \
                ../librpc/idl/dfs.idl ../librpc/idl/echo.idl ../librpc/idl/winreg.idl \
                ../librpc/idl/initshutdown.idl librpc/idl/srvsvc.idl ../librpc/idl/svcctl.idl \
                ../librpc/idl/eventlog.idl ../librpc/idl/wkssvc.idl librpc/idl/netlogon.idl \
index d91cf4b66de97710b74a5257cbe81def0bf4039b..0ccbcdf5b0c467930eb2601ac813b28e6c686c5f 100644 (file)
@@ -9,8 +9,6 @@
 
 #define LSA_ENUM_TRUST_DOMAIN_MULTIPLIER       ( 60 )
 #define LSA_REF_DOMAIN_LIST_MULTIPLIER ( 32 )
-#define MAX_REF_DOMAINS        ( LSA_REF_DOMAIN_LIST_MULTIPLIER )
-#define MAX_LOOKUP_SIDS        ( 0x5000 )
 #define LSA_ENUM_TRUST_DOMAIN_EX_MULTIPLIER    ( 82 )
 #define LSA_CLIENT_REVISION_NO_DNS     ( 0x00000001 )
 #define LSA_CLIENT_REVISION_DNS        ( 0x00000002 )
index 3861c8e229c9314263285ebada7e50ffe5658faa..b9a67f208e88c30f7e648bfe806f5b2d60b3e37e 100644 (file)
@@ -746,7 +746,7 @@ NTSTATUS lookup_sids(TALLOC_CTX *mem_ctx, int num_sids,
        }
 
        dom_infos = TALLOC_ZERO_ARRAY(mem_ctx, struct lsa_dom_info,
-                                     MAX_REF_DOMAINS);
+                                     LSA_REF_DOMAIN_LIST_MULTIPLIER);
        if (dom_infos == NULL) {
                result = NT_STATUS_NO_MEMORY;
                goto fail;
@@ -816,7 +816,7 @@ NTSTATUS lookup_sids(TALLOC_CTX *mem_ctx, int num_sids,
                        continue;
                }
 
-               for (j=0; j<MAX_REF_DOMAINS; j++) {
+               for (j=0; j<LSA_REF_DOMAIN_LIST_MULTIPLIER; j++) {
                        if (!dom_infos[j].valid) {
                                break;
                        }
@@ -825,7 +825,7 @@ NTSTATUS lookup_sids(TALLOC_CTX *mem_ctx, int num_sids,
                        }
                }
 
-               if (j == MAX_REF_DOMAINS) {
+               if (j == LSA_REF_DOMAIN_LIST_MULTIPLIER) {
                        /* TODO: What's the right error message here? */
                        result = NT_STATUS_NONE_MAPPED;
                        goto fail;
@@ -869,7 +869,7 @@ NTSTATUS lookup_sids(TALLOC_CTX *mem_ctx, int num_sids,
 
        /* Iterate over the domains found */
 
-       for (i=0; i<MAX_REF_DOMAINS; i++) {
+       for (i=0; i<LSA_REF_DOMAIN_LIST_MULTIPLIER; i++) {
                uint32_t *rids;
                const char *domain_name = NULL;
                const char **names;
index 2fa705daf3f0f4bb3f8343b4583f094ecd8509cd..3addf91494234155b3d51969e26c4cfd6037f1a4 100644 (file)
@@ -33,6 +33,8 @@
 #undef DBGC_CLASS
 #define DBGC_CLASS DBGC_RPC_SRV
 
+#define MAX_LOOKUP_SIDS 0x5000 /* 20480 */
+
 extern PRIVS privs[];
 
 struct lsa_info {
@@ -68,13 +70,13 @@ static int init_lsa_ref_domain_list(TALLOC_CTX *mem_ctx,
                num = ref->count;
        }
 
-       if (num >= MAX_REF_DOMAINS) {
+       if (num >= LSA_REF_DOMAIN_LIST_MULTIPLIER) {
                /* index not found, already at maximum domain limit */
                return -1;
        }
 
        ref->count = num + 1;
-       ref->max_size = MAX_REF_DOMAINS;
+       ref->max_size = LSA_REF_DOMAIN_LIST_MULTIPLIER;
 
        ref->domains = TALLOC_REALLOC_ARRAY(mem_ctx, ref->domains,
                                            struct lsa_DomainInfo, ref->count);
@@ -725,7 +727,7 @@ static NTSTATUS _lsa_lookup_sids_internal(pipes_struct *p,
                return NT_STATUS_NO_MEMORY;
        }
 
-       for (i=0; i<MAX_REF_DOMAINS; i++) {
+       for (i=0; i<LSA_REF_DOMAIN_LIST_MULTIPLIER; i++) {
 
                if (!dom_infos[i].valid) {
                        break;
index 43f64186c33fad02cc23ed7ccd03eed2b3baf84c..16967d73b0c08d26393a35a4c93132be53627a00 100644 (file)
@@ -202,6 +202,7 @@ NTSTATUS smblsa_lookup_sid(struct smbcli_state *cli,
        struct lsa_LookupSids r;
        struct lsa_TransNameArray names;
        struct lsa_SidArray sids;
+       struct lsa_RefDomainList *domains = NULL;
        uint32_t count = 1;
        NTSTATUS status;
        struct dom_sid *sid;
@@ -231,6 +232,7 @@ NTSTATUS smblsa_lookup_sid(struct smbcli_state *cli,
        r.in.count = &count;
        r.out.count = &count;
        r.out.names = &names;
+       r.out.domains = &domains;
 
        status = dcerpc_lsa_LookupSids(cli->lsa->pipe, mem_ctx2, &r);
        if (!NT_STATUS_IS_OK(status)) {
@@ -243,7 +245,7 @@ NTSTATUS smblsa_lookup_sid(struct smbcli_state *cli,
        }
 
        (*name) = talloc_asprintf(mem_ctx, "%s\\%s", 
-                                 r.out.domains->domains[0].name.string,
+                                 domains->domains[0].name.string,
                                  names.names[0].name.string);
 
        talloc_free(mem_ctx2);
@@ -262,6 +264,7 @@ NTSTATUS smblsa_lookup_name(struct smbcli_state *cli,
        struct lsa_LookupNames r;
        struct lsa_TransSidArray sids;
        struct lsa_String names;
+       struct lsa_RefDomainList *domains = NULL;
        uint32_t count = 1;
        NTSTATUS status;
        struct dom_sid *sid;
@@ -286,6 +289,7 @@ NTSTATUS smblsa_lookup_name(struct smbcli_state *cli,
        r.in.count = &count;
        r.out.count = &count;
        r.out.sids = &sids;
+       r.out.domains = &domains;
 
        status = dcerpc_lsa_LookupNames(cli->lsa->pipe, mem_ctx2, &r);
        if (!NT_STATUS_IS_OK(status)) {
@@ -297,7 +301,7 @@ NTSTATUS smblsa_lookup_name(struct smbcli_state *cli,
                return NT_STATUS_UNSUCCESSFUL;
        }
 
-       sid = r.out.domains->domains[0].sid;
+       sid = domains->domains[0].sid;
        rid = sids.sids[0].rid;
        
        (*sid_str) = talloc_asprintf(mem_ctx, "%s-%u", 
index 50ba079b715b381c2ff5f9c942726098426767cd..eded3785110aae555144d76e8180ad0393909a46 100644 (file)
@@ -444,6 +444,8 @@ struct composite_context *libnet_GroupList_send(struct libnet_context *ctx,
        /* prepare arguments of QueryDomainInfo call */
        s->query_domain.in.handle = &ctx->lsa.handle;
        s->query_domain.in.level  = LSA_POLICY_INFO_DOMAIN;
+       s->query_domain.out.info  = talloc_zero(c, union lsa_PolicyInformation *);
+       if (composite_nomem(s->query_domain.out.info, c)) return c;
 
        /* send the request */
        query_req = dcerpc_lsa_QueryInfoPolicy_send(ctx->lsa.pipe, c, &s->query_domain);
@@ -474,6 +476,8 @@ static void continue_lsa_domain_opened(struct composite_context *ctx)
        /* prepare arguments of QueryDomainInfo call */
        s->query_domain.in.handle = &s->ctx->lsa.handle;
        s->query_domain.in.level  = LSA_POLICY_INFO_DOMAIN;
+       s->query_domain.out.info  = talloc_zero(c, union lsa_PolicyInformation *);
+       if (composite_nomem(s->query_domain.out.info, c)) return;
 
        /* send the request */
        query_req = dcerpc_lsa_QueryInfoPolicy_send(s->ctx->lsa.pipe, c, &s->query_domain);
@@ -502,7 +506,7 @@ static void continue_domain_queried(struct rpc_request *req)
        if (!composite_is_ok(c)) return;
 
        /* get the returned domain info */
-       s->dominfo = s->query_domain.out.info->domain;
+       s->dominfo = (*s->query_domain.out.info)->domain;
 
        /* make sure we have samr domain handle before continuing */
        prereq_met = samr_domain_opened(s->ctx, s->domain_name, &c, &s->domain_open,
@@ -592,7 +596,7 @@ static void continue_groups_enumerated(struct rpc_request *req)
                for (i = 0; i < s->group_list.out.sam->count; i++) {
                        struct dom_sid *group_sid;
                        struct samr_SamEntry *entry = &s->group_list.out.sam->entries[i];
-                       struct dom_sid *domain_sid = s->query_domain.out.info->domain.sid;
+                       struct dom_sid *domain_sid = (*s->query_domain.out.info)->domain.sid;
                        
                        /* construct group sid from returned rid and queried domain sid */
                        group_sid = dom_sid_add_rid(c, domain_sid, entry->idx);
index dc54ec3cf1b51fcfd6206b8d3713a20c4706fddd..fc307823b8e6897c01a1f5050cd2d10da7a5435e 100644 (file)
@@ -312,6 +312,8 @@ static bool prepare_lookup_params(struct libnet_context *ctx,
        s->lookup.in.count     = &s->count;
        s->lookup.out.count    = &s->count;
        s->lookup.out.sids     = &s->sids;
+       s->lookup.out.domains  = talloc_zero(ctx, struct lsa_RefDomainList *);
+       if (composite_nomem(s->lookup.out.domains, c)) return false;
        
        return true;
 }
@@ -372,7 +374,7 @@ NTSTATUS libnet_LookupName_recv(struct composite_context *c, TALLOC_CTX *mem_ctx
                io->out.sidstr = NULL;
 
                if (*s->lookup.out.count > 0) {
-                       struct lsa_RefDomainList *domains = s->lookup.out.domains;
+                       struct lsa_RefDomainList *domains = *s->lookup.out.domains;
                        struct lsa_TransSidArray *sids = s->lookup.out.sids;
 
                        if (domains == NULL || sids == NULL) {
index 28cbba2933e87ebd55f6e3cd1af40f235e149caf..a0d93287a5bfa39eda86868e10ccdc05209c8db6 100644 (file)
@@ -607,6 +607,8 @@ static void continue_lsa_policy(struct rpc_request *req)
        /* query lsa info for dns domain name and guid */
        s->lsa_query_info2.in.handle = &s->lsa_handle;
        s->lsa_query_info2.in.level  = LSA_POLICY_INFO_DNS;
+       s->lsa_query_info2.out.info  = talloc_zero(c, union lsa_PolicyInformation *);
+       if (composite_nomem(s->lsa_query_info2.out.info, c)) return;
 
        query_info_req = dcerpc_lsa_QueryInfoPolicy2_send(s->lsa_pipe, c, &s->lsa_query_info2);
        if (composite_nomem(query_info_req, c)) return;
@@ -658,13 +660,13 @@ static void continue_lsa_query_info2(struct rpc_request *req)
                /* Copy the dns domain name and guid from the query result */
 
                /* this should actually be a conversion from lsa_StringLarge */
-               s->r.out.realm = s->lsa_query_info2.out.info->dns.dns_domain.string;
+               s->r.out.realm = (*s->lsa_query_info2.out.info)->dns.dns_domain.string;
                s->r.out.guid  = talloc(c, struct GUID);
                if (composite_nomem(s->r.out.guid, c)) {
                        s->r.out.error_string = NULL;
                        return;
                }
-               *s->r.out.guid = s->lsa_query_info2.out.info->dns.domain_guid;
+               *s->r.out.guid = (*s->lsa_query_info2.out.info)->dns.domain_guid;
        }
 
        /* post monitor message */
@@ -680,6 +682,8 @@ static void continue_lsa_query_info2(struct rpc_request *req)
        /* query lsa info for domain name and sid */
        s->lsa_query_info.in.handle = &s->lsa_handle;
        s->lsa_query_info.in.level  = LSA_POLICY_INFO_DOMAIN;
+       s->lsa_query_info.out.info  = talloc_zero(c, union lsa_PolicyInformation *);
+       if (composite_nomem(s->lsa_query_info.out.info, c)) return;
 
        query_info_req = dcerpc_lsa_QueryInfoPolicy_send(s->lsa_pipe, c, &s->lsa_query_info);
        if (composite_nomem(query_info_req, c)) return;
@@ -719,8 +723,8 @@ static void continue_lsa_query_info(struct rpc_request *req)
        }
 
        /* Copy the domain name and sid from the query result */
-       s->r.out.domain_sid  = s->lsa_query_info.out.info->domain.sid;
-       s->r.out.domain_name = s->lsa_query_info.out.info->domain.name.string;
+       s->r.out.domain_sid  = (*s->lsa_query_info.out.info)->domain.sid;
+       s->r.out.domain_name = (*s->lsa_query_info.out.info)->domain.name.string;
 
        continue_epm_map_binding_send(c);
 }
index dce7320c736061980e7340463254e0bbad73a825..c76831945218211dbbe591520850a4c7be6b4192 100644 (file)
@@ -957,7 +957,9 @@ struct composite_context* libnet_UserList_send(struct libnet_context *ctx,
        /* prepare arguments of QueryDomainInfo call */
        s->query_domain.in.handle = &ctx->lsa.handle;
        s->query_domain.in.level  = LSA_POLICY_INFO_DOMAIN;
-       
+       s->query_domain.out.info  = talloc_zero(c, union lsa_PolicyInformation *);
+       if (composite_nomem(s->query_domain.out.info, c)) return c;
+
        /* send the request */
        query_req = dcerpc_lsa_QueryInfoPolicy_send(ctx->lsa.pipe, c, &s->query_domain);
        if (composite_nomem(query_req, c)) return c;
@@ -987,6 +989,8 @@ static void continue_lsa_domain_opened(struct composite_context *ctx)
        /* prepare arguments of QueryDomainInfo call */
        s->query_domain.in.handle = &s->ctx->lsa.handle;
        s->query_domain.in.level  = LSA_POLICY_INFO_DOMAIN;
+       s->query_domain.out.info  = talloc_zero(c, union lsa_PolicyInformation *);
+       if (composite_nomem(s->query_domain.out.info, c)) return;
 
        /* send the request */
        query_req = dcerpc_lsa_QueryInfoPolicy_send(s->ctx->lsa.pipe, c, &s->query_domain);
@@ -1015,7 +1019,7 @@ static void continue_domain_queried(struct rpc_request *req)
        if (!composite_is_ok(c)) return;
 
        /* get the returned domain info */
-       s->dominfo = s->query_domain.out.info->domain;
+       s->dominfo = (*s->query_domain.out.info)->domain;
 
        /* make sure we have samr domain handle before continuing */
        prereq_met = samr_domain_opened(s->ctx, s->domain_name, &c, &s->domain_open,
@@ -1107,7 +1111,7 @@ static void continue_users_enumerated(struct rpc_request *req)
                for (i = 0; i < s->user_list.out.sam->count; i++) {
                        struct dom_sid *user_sid;
                        struct samr_SamEntry *entry = &s->user_list.out.sam->entries[i];
-                       struct dom_sid *domain_sid = s->query_domain.out.info->domain.sid;
+                       struct dom_sid *domain_sid = (*s->query_domain.out.info)->domain.sid;
                        
                        /* construct user sid from returned rid and queried domain sid */
                        user_sid = dom_sid_add_rid(c, domain_sid, entry->idx);
diff --git a/source4/librpc/idl/lsa.idl b/source4/librpc/idl/lsa.idl
deleted file mode 100644 (file)
index 4a7a42b..0000000
+++ /dev/null
@@ -1,1222 +0,0 @@
-#include "idl_types.h"
-
-/*
-  lsa interface definition
-*/
-
-import "misc.idl", "security.idl";
-
-[ uuid("12345778-1234-abcd-ef00-0123456789ab"),
-  version(0.0),
-  endpoint("ncacn_np:[\\pipe\\lsarpc]","ncacn_np:[\\pipe\\netlogon]","ncacn_np:[\\pipe\\lsass]", "ncacn_ip_tcp:", "ncalrpc:"),
-  pointer_default(unique),
-  helpstring("Local Security Authority")
-] interface lsarpc
-{
-       typedef bitmap security_secinfo security_secinfo;
-       typedef bitmap kerb_EncTypes kerb_EncTypes;
-
-       typedef [public,noejs] struct {
-               [value(2*strlen_m(string))] uint16 length;
-               [value(2*strlen_m(string))] uint16 size;
-               [charset(UTF16),size_is(size/2),length_is(length/2)] uint16 *string;
-       } lsa_String;
-
-       typedef [public] struct {
-               [value(2*strlen_m(string))] uint16 length;
-               [value(2*strlen_m_term(string))] uint16 size;
-               [charset(UTF16),size_is(size/2),length_is(length/2)] uint16 *string;
-       } lsa_StringLarge;
-
-       typedef [public] struct {
-               uint32 count;
-               [size_is(count)] lsa_String *names;
-       } lsa_Strings;
-
-       typedef [public] struct {
-               [value(strlen_m(string))] uint16 length;
-               [value(strlen_m(string))] uint16 size;
-               [charset(DOS),size_is(size),length_is(length)] uint8 *string;
-       } lsa_AsciiString;
-
-       typedef [public] struct {
-               [value(strlen_m(string))] uint16 length;
-               [value(strlen_m_term(string))] uint16 size;
-               [charset(DOS),size_is(size),length_is(length)] uint8 *string;
-       } lsa_AsciiStringLarge;
-
-       typedef [public] struct {
-               uint16 length;
-               uint16 size;
-               [size_is(size/2),length_is(length/2)] uint16 *array;
-       } lsa_BinaryString;
-
-       /******************/
-       /* Function: 0x00 */
-       NTSTATUS lsa_Close (
-               [in,out]     policy_handle *handle
-               );
-       
-
-       /******************/
-       /* Function: 0x01 */
-       [public] NTSTATUS lsa_Delete (
-               [in]     policy_handle *handle
-               );
-
-
-       /******************/
-       /* Function: 0x02 */
-       typedef struct {
-               uint32 low;
-               uint32 high;
-       } lsa_LUID;
-       
-       typedef struct {
-               lsa_StringLarge name;
-               lsa_LUID luid;
-       } lsa_PrivEntry;
-
-       typedef struct {
-               uint32 count;
-               [size_is(count)] lsa_PrivEntry *privs;
-       } lsa_PrivArray;
-
-       [public] NTSTATUS lsa_EnumPrivs (
-               [in]     policy_handle *handle,
-               [in,out] uint32 *resume_handle,
-               [in]         uint32 max_count,
-               [out]    lsa_PrivArray *privs
-               );
-
-       /******************/
-       /* Function: 0x03 */
-
-       NTSTATUS lsa_QuerySecurity (
-               [in]     policy_handle *handle,
-               [in]         security_secinfo sec_info,
-               [out,unique]        sec_desc_buf *sdbuf
-               );
-
-
-       /******************/
-       /* Function: 0x04 */
-       NTSTATUS lsa_SetSecObj(
-               [in]            policy_handle *handle,
-               [in]            security_secinfo sec_info,
-               [in,ref]        sec_desc_buf *sdbuf
-               );
-
-       /******************/
-       /* Function: 0x05 */
-       [todo] NTSTATUS lsa_ChangePassword ();
-
-
-       /******************/
-       /* Function: 0x06 */
-       typedef struct {
-               uint32  len; /* ignored */
-               uint16  impersonation_level;
-               uint8   context_mode;
-               uint8   effective_only;
-       } lsa_QosInfo;
-       
-       typedef struct {
-               uint32 len; /* ignored */
-               uint8 *root_dir;
-               [string,charset(UTF16)] uint16 *object_name;
-               uint32 attributes;
-               security_descriptor *sec_desc;
-               lsa_QosInfo *sec_qos;
-       } lsa_ObjectAttribute;
-
-       typedef [public,bitmap32bit] bitmap {
-               LSA_POLICY_VIEW_LOCAL_INFORMATION       = 0x00000001,
-               LSA_POLICY_VIEW_AUDIT_INFORMATION       = 0x00000002,
-               LSA_POLICY_GET_PRIVATE_INFORMATION      = 0x00000004,
-               LSA_POLICY_TRUST_ADMIN                  = 0x00000008,
-               LSA_POLICY_CREATE_ACCOUNT               = 0x00000010,
-               LSA_POLICY_CREATE_SECRET                = 0x00000020,
-               LSA_POLICY_CREATE_PRIVILEGE             = 0x00000040,
-               LSA_POLICY_SET_DEFAULT_QUOTA_LIMITS     = 0x00000080,
-               LSA_POLICY_SET_AUDIT_REQUIREMENTS       = 0x00000100,
-               LSA_POLICY_AUDIT_LOG_ADMIN              = 0x00000200,
-               LSA_POLICY_SERVER_ADMIN                 = 0x00000400,
-               LSA_POLICY_LOOKUP_NAMES                 = 0x00000800
-       } lsa_PolicyAccessMask;
-
-       /* notice the screwup with the system_name - thats why MS created
-          OpenPolicy2 */
-       [public] NTSTATUS lsa_OpenPolicy (
-               [in,unique]       uint16 *system_name,
-               [in]   lsa_ObjectAttribute *attr,
-               [in]   lsa_PolicyAccessMask access_mask,
-               [out]  policy_handle *handle
-               );
-       
-
-
-       /******************/
-       /* Function: 0x07 */
-
-       typedef struct {
-               uint32 percent_full;
-               uint32 maximum_log_size;
-               hyper  retention_time;
-               uint8  shutdown_in_progress;
-               hyper  time_to_shutdown;
-               uint32 next_audit_record;
-       } lsa_AuditLogInfo;
-
-       typedef [v1_enum] enum {
-               LSA_AUDIT_POLICY_NONE=0,
-               LSA_AUDIT_POLICY_SUCCESS=1,
-               LSA_AUDIT_POLICY_FAILURE=2,
-               LSA_AUDIT_POLICY_ALL=(LSA_AUDIT_POLICY_SUCCESS|LSA_AUDIT_POLICY_FAILURE),
-               LSA_AUDIT_POLICY_CLEAR=4
-       } lsa_PolicyAuditPolicy;
-
-       typedef enum {
-               LSA_AUDIT_CATEGORY_SYSTEM = 0,
-               LSA_AUDIT_CATEGORY_LOGON = 1,
-               LSA_AUDIT_CATEGORY_FILE_AND_OBJECT_ACCESS = 2,
-               LSA_AUDIT_CATEGORY_USE_OF_USER_RIGHTS = 3,
-               LSA_AUDIT_CATEGORY_PROCCESS_TRACKING = 4,
-               LSA_AUDIT_CATEGORY_SECURITY_POLICY_CHANGES = 5,
-               LSA_AUDIT_CATEGORY_ACCOUNT_MANAGEMENT = 6,
-               LSA_AUDIT_CATEGORY_DIRECTORY_SERVICE_ACCESS = 7,        /* only in win2k/2k3 */
-               LSA_AUDIT_CATEGORY_ACCOUNT_LOGON = 8                    /* only in win2k/2k3 */
-       } lsa_PolicyAuditEventType;
-
-       typedef struct {
-               uint32 auditing_mode;
-               [size_is(count)] lsa_PolicyAuditPolicy *settings;
-               uint32 count;
-       } lsa_AuditEventsInfo;
-
-       typedef struct {
-               lsa_StringLarge name;
-               dom_sid2 *sid;
-       } lsa_DomainInfo;
-
-       typedef struct {
-               lsa_String name;
-       } lsa_PDAccountInfo;
-
-       typedef [v1_enum] enum {
-               LSA_ROLE_BACKUP=2,
-               LSA_ROLE_PRIMARY=3
-       } lsa_Role;
-
-       typedef struct {
-               lsa_Role role;
-       } lsa_ServerRole;
-
-       typedef struct {
-               lsa_String source;
-               lsa_String account;
-       } lsa_ReplicaSourceInfo;
-
-       typedef struct {
-               uint32 paged_pool;
-               uint32 non_paged_pool;
-               uint32 min_wss;
-               uint32 max_wss;
-               uint32 pagefile;
-               hyper unknown;
-       } lsa_DefaultQuotaInfo;
-
-       typedef struct {
-               hyper modified_id;
-               NTTIME_hyper db_create_time;
-       } lsa_ModificationInfo;
-
-       typedef struct {
-               uint8 shutdown_on_full;
-       } lsa_AuditFullSetInfo;
-
-       typedef struct {
-               uint8 shutdown_on_full;
-               uint8 log_is_full;
-       } lsa_AuditFullQueryInfo;
-
-       typedef struct {
-               /* it's important that we use the lsa_StringLarge here,
-                * because otherwise windows clients result with such dns hostnames
-                * e.g. w2k3-client.samba4.samba.orgsamba4.samba.org
-                * where it should be
-                *      w2k3-client.samba4.samba.org
-                */
-               lsa_StringLarge name;
-               lsa_StringLarge dns_domain;
-               lsa_StringLarge dns_forest;
-               GUID domain_guid;
-               dom_sid2 *sid;
-       } lsa_DnsDomainInfo;
-
-       typedef enum {
-               LSA_POLICY_INFO_AUDIT_LOG=1,
-               LSA_POLICY_INFO_AUDIT_EVENTS=2,
-               LSA_POLICY_INFO_DOMAIN=3,
-               LSA_POLICY_INFO_PD=4,
-               LSA_POLICY_INFO_ACCOUNT_DOMAIN=5,
-               LSA_POLICY_INFO_ROLE=6,
-               LSA_POLICY_INFO_REPLICA=7,
-               LSA_POLICY_INFO_QUOTA=8,
-               LSA_POLICY_INFO_MOD=9,
-               LSA_POLICY_INFO_AUDIT_FULL_SET=10,
-               LSA_POLICY_INFO_AUDIT_FULL_QUERY=11,
-               LSA_POLICY_INFO_DNS=12,
-               LSA_POLICY_INFO_DNS_INT=13,
-               LSA_POLICY_INFO_L_ACCOUNT_DOMAIN=14
-       } lsa_PolicyInfo;
-
-       typedef [switch_type(uint16)] union {
-               [case(LSA_POLICY_INFO_AUDIT_LOG)]        lsa_AuditLogInfo       audit_log;
-               [case(LSA_POLICY_INFO_AUDIT_EVENTS)]     lsa_AuditEventsInfo    audit_events;
-               [case(LSA_POLICY_INFO_DOMAIN)]           lsa_DomainInfo         domain;
-               [case(LSA_POLICY_INFO_PD)]               lsa_PDAccountInfo      pd;
-               [case(LSA_POLICY_INFO_ACCOUNT_DOMAIN)]   lsa_DomainInfo         account_domain;
-               [case(LSA_POLICY_INFO_ROLE)]             lsa_ServerRole         role;
-               [case(LSA_POLICY_INFO_REPLICA)]          lsa_ReplicaSourceInfo  replica;
-               [case(LSA_POLICY_INFO_QUOTA)]            lsa_DefaultQuotaInfo   quota;
-               [case(LSA_POLICY_INFO_MOD)]              lsa_ModificationInfo   mod;
-               [case(LSA_POLICY_INFO_AUDIT_FULL_SET)]   lsa_AuditFullSetInfo   auditfullset;
-               [case(LSA_POLICY_INFO_AUDIT_FULL_QUERY)] lsa_AuditFullQueryInfo auditfullquery;
-               [case(LSA_POLICY_INFO_DNS)]              lsa_DnsDomainInfo      dns;
-               [case(LSA_POLICY_INFO_DNS_INT)]          lsa_DnsDomainInfo      dns;
-               [case(LSA_POLICY_INFO_L_ACCOUNT_DOMAIN)] lsa_DomainInfo         l_account_domain;
-       } lsa_PolicyInformation;
-
-       NTSTATUS lsa_QueryInfoPolicy(
-               [in]                            policy_handle *handle,
-               [in]                            lsa_PolicyInfo level,
-               [out,unique,switch_is(level)]   lsa_PolicyInformation *info
-               );
-
-       /******************/
-       /* Function:       0x08 */
-       NTSTATUS lsa_SetInfoPolicy (
-               [in]                            policy_handle *handle,
-               [in]                            lsa_PolicyInfo level,
-               [in,switch_is(level)]           lsa_PolicyInformation *info
-               );
-
-       /******************/
-       /* Function:       0x09 */
-       [todo] NTSTATUS lsa_ClearAuditLog ();
-
-       /******************/
-       /* Function: 0x0a */
-       [public] NTSTATUS lsa_CreateAccount (
-               [in]    policy_handle *handle,
-               [in,ref] dom_sid2 *sid,
-               [in]    uint32 access_mask,
-               [out]   policy_handle *acct_handle
-               );
-
-       /******************/
-       /* NOTE: This only returns accounts that have at least
-          one privilege set 
-       */
-       /* Function: 0x0b */
-       typedef struct {
-               dom_sid2 *sid;
-       } lsa_SidPtr;
-       
-       typedef [public] struct {
-               [range(0,1000)] uint32 num_sids;
-               [size_is(num_sids)] lsa_SidPtr *sids;
-       } lsa_SidArray;
-
-       [public] NTSTATUS lsa_EnumAccounts (
-               [in]         policy_handle *handle,
-               [in,out]     uint32 *resume_handle,
-               [in,range(0,8192)] uint32 num_entries,
-               [out]        lsa_SidArray *sids
-               );
-
-
-       /*************************************************/
-       /* Function: 0x0c                                */
-
-       [public] NTSTATUS lsa_CreateTrustedDomain(
-               [in]         policy_handle *policy_handle,
-               [in]         lsa_DomainInfo *info,
-               [in]         uint32 access_mask,
-               [out]        policy_handle *trustdom_handle
-               );
-
-
-       /******************/
-       /* Function: 0x0d */
-
-       /* w2k3 treats max_size as max_domains*60       */
-       const int LSA_ENUM_TRUST_DOMAIN_MULTIPLIER = 60;
-
-       typedef struct {
-               uint32 count;
-               [size_is(count)] lsa_DomainInfo *domains;
-       } lsa_DomainList;
-
-       NTSTATUS lsa_EnumTrustDom (
-               [in]               policy_handle *handle,
-               [in,out]           uint32 *resume_handle,
-               [in]               uint32 max_size,
-               [out]              lsa_DomainList *domains
-               );
-
-
-       /******************/
-       /* Function: 0x0e */
-       typedef [public] enum {
-               SID_NAME_USE_NONE = 0,/* NOTUSED */
-               SID_NAME_USER     = 1, /* user */
-               SID_NAME_DOM_GRP  = 2, /* domain group */
-               SID_NAME_DOMAIN   = 3, /* domain: don't know what this is */
-               SID_NAME_ALIAS    = 4, /* local group */
-               SID_NAME_WKN_GRP  = 5, /* well-known group */
-               SID_NAME_DELETED  = 6, /* deleted account: needed for c2 rating */
-               SID_NAME_INVALID  = 7, /* invalid account */
-               SID_NAME_UNKNOWN  = 8, /* oops. */
-               SID_NAME_COMPUTER = 9  /* machine */
-       } lsa_SidType;
-
-       typedef struct {
-               lsa_SidType sid_type;
-               uint32 rid;
-               uint32 sid_index;
-       } lsa_TranslatedSid;
-
-       typedef struct {
-               [range(0,1000)] uint32 count;
-               [size_is(count)] lsa_TranslatedSid *sids;
-       } lsa_TransSidArray;
-
-       const int LSA_REF_DOMAIN_LIST_MULTIPLIER = 32;
-       typedef struct {
-               [range(0,1000)] uint32 count;
-               [size_is(count)] lsa_DomainInfo *domains;
-               uint32 max_size;
-       } lsa_RefDomainList;
-
-       /* Level 1: Ask everywhere
-        * Level 2: Ask domain and trusted domains, no builtin and wkn
-        * Level 3: Only ask domain
-        * Level 4: W2k3ad: Only ask AD trusts
-        * Level 5: Only ask transitive forest trusts
-        * Level 6: Like 4
-        */
-
-       typedef enum {
-               LSA_LOOKUP_NAMES_ALL = 1,
-               LSA_LOOKUP_NAMES_DOMAINS_ONLY = 2,
-               LSA_LOOKUP_NAMES_PRIMARY_DOMAIN_ONLY = 3,
-               LSA_LOOKUP_NAMES_UPLEVEL_TRUSTS_ONLY = 4,
-               LSA_LOOKUP_NAMES_FOREST_TRUSTS_ONLY = 5,
-               LSA_LOOKUP_NAMES_UPLEVEL_TRUSTS_ONLY2 = 6,
-               LSA_LOOKUP_NAMES_RODC_REFERRAL_TO_FULL_DC = 7
-       } lsa_LookupNamesLevel;
-
-       [public] NTSTATUS lsa_LookupNames (
-               [in]         policy_handle *handle,
-               [in,range(0,1000)] uint32 num_names,
-               [in,size_is(num_names)]  lsa_String names[],
-               [out,unique] lsa_RefDomainList *domains,
-               [in,out]     lsa_TransSidArray *sids,
-               [in]         lsa_LookupNamesLevel level,
-               [in,out]     uint32 *count
-               );
-
-
-       /******************/
-       /* Function: 0x0f */
-
-       typedef struct {
-               lsa_SidType sid_type;
-               lsa_String name;
-               uint32 sid_index;
-       } lsa_TranslatedName;
-
-       typedef struct {
-               [range(0,1000)] uint32 count;
-               [size_is(count)] lsa_TranslatedName *names;
-       } lsa_TransNameArray;
-
-       [public] NTSTATUS lsa_LookupSids (
-               [in]         policy_handle *handle,
-               [in]         lsa_SidArray *sids,
-               [out,unique]        lsa_RefDomainList *domains,
-               [in,out]     lsa_TransNameArray *names,
-               [in]         uint16 level,
-               [in,out] uint32 *count
-               );
-
-
-       /* Function:        0x10 */
-       [public] NTSTATUS lsa_CreateSecret(
-               [in]         policy_handle *handle,
-               [in]         lsa_String       name,
-               [in]         uint32         access_mask,
-               [out]        policy_handle *sec_handle
-               );
-
-
-       /*****************************************/
-       /* Function:     0x11                    */
-       NTSTATUS lsa_OpenAccount(
-               [in]         policy_handle *handle,
-               [in,ref]     dom_sid2 *sid,
-               [in]         uint32 access_mask,
-               [out]        policy_handle *acct_handle
-               );
-
-
-       /****************************************/
-       /* Function:    0x12                    */
-
-       typedef struct {
-               lsa_LUID luid;
-               uint32 attribute;
-       } lsa_LUIDAttribute;
-       
-       typedef struct {
-               [range(0,1000)] uint32 count;
-               uint32 unknown;
-               [size_is(count)] lsa_LUIDAttribute set[*];
-       } lsa_PrivilegeSet;
-       
-       NTSTATUS lsa_EnumPrivsAccount (
-               [in]         policy_handle *handle,
-               [out,unique] lsa_PrivilegeSet *privs
-               );
-
-
-       /****************************************/
-       /* Function:            0x13 */
-       NTSTATUS lsa_AddPrivilegesToAccount(
-               [in]         policy_handle *handle,
-               [in,ref]     lsa_PrivilegeSet *privs
-               );
-       
-
-       /****************************************/
-       /* Function:         0x14 */
-       NTSTATUS lsa_RemovePrivilegesFromAccount(
-               [in]         policy_handle *handle,
-               [in]         uint8 remove_all,
-               [in,unique]  lsa_PrivilegeSet *privs
-               );
-
-       /* Function:           0x15 */
-       [todo] NTSTATUS lsa_GetQuotasForAccount();
-       
-       /* Function:           0x16 */
-       [todo] NTSTATUS lsa_SetQuotasForAccount();
-       
-       typedef [bitmap32bit] bitmap {
-               LSA_POLICY_MODE_INTERACTIVE             = 0x00000001,
-               LSA_POLICY_MODE_NETWORK                 = 0x00000002,
-               LSA_POLICY_MODE_BATCH                   = 0x00000004,
-               LSA_POLICY_MODE_SERVICE                 = 0x00000010,
-               LSA_POLICY_MODE_PROXY                   = 0x00000020,
-               LSA_POLICY_MODE_DENY_INTERACTIVE        = 0x00000040,
-               LSA_POLICY_MODE_DENY_NETWORK            = 0x00000080,
-               LSA_POLICY_MODE_DENY_BATCH              = 0x00000100,
-               LSA_POLICY_MODE_DENY_SERVICE            = 0x00000200,
-               LSA_POLICY_MODE_REMOTE_INTERACTIVE      = 0x00000400,
-               LSA_POLICY_MODE_DENY_REMOTE_INTERACTIVE = 0x00000800,
-               LSA_POLICY_MODE_ALL                     = 0x00000FF7,
-               LSA_POLICY_MODE_ALL_NT4                 = 0x00000037
-       } lsa_SystemAccessModeFlags;
-
-       /* Function:    0x17 */
-       NTSTATUS lsa_GetSystemAccessAccount(
-               [in]      policy_handle *handle,
-               [out,ref] uint32 *access_mask
-               );
-
-       /* Function:    0x18 */
-       NTSTATUS lsa_SetSystemAccessAccount(
-               [in] policy_handle *handle,
-               [in] uint32 access_mask
-               );
-
-       /* Function:        0x19 */
-       NTSTATUS lsa_OpenTrustedDomain(
-               [in]     policy_handle *handle,
-               [in]     dom_sid2      *sid,
-               [in]     uint32         access_mask,
-               [out]    policy_handle *trustdom_handle
-               );
-
-       typedef [flag(NDR_PAHEX)] struct {
-               uint32 length;
-               uint32 size;
-               [size_is(size),length_is(length)] uint8 *data;
-       } lsa_DATA_BUF;
-
-       typedef [flag(NDR_PAHEX)] struct {
-               [range(0,65536)] uint32 size;
-               [size_is(size)] uint8 *data;
-       } lsa_DATA_BUF2;
-
-       typedef enum {
-               LSA_TRUSTED_DOMAIN_INFO_NAME                  = 1,
-               LSA_TRUSTED_DOMAIN_INFO_CONTROLLERS           = 2,
-               LSA_TRUSTED_DOMAIN_INFO_POSIX_OFFSET          = 3,
-               LSA_TRUSTED_DOMAIN_INFO_PASSWORD              = 4,
-               LSA_TRUSTED_DOMAIN_INFO_BASIC                 = 5,
-               LSA_TRUSTED_DOMAIN_INFO_INFO_EX               = 6,
-               LSA_TRUSTED_DOMAIN_INFO_AUTH_INFO             = 7,
-               LSA_TRUSTED_DOMAIN_INFO_FULL_INFO             = 8,
-               LSA_TRUSTED_DOMAIN_INFO_AUTH_INFO_INTERNAL    = 9,
-               LSA_TRUSTED_DOMAIN_INFO_FULL_INFO_INTERNAL    = 10,
-               LSA_TRUSTED_DOMAIN_INFO_INFO_EX2_INTERNAL     = 11,
-               LSA_TRUSTED_DOMAIN_INFO_FULL_INFO_2_INTERNAL  = 12,
-               LSA_TRUSTED_DOMAIN_SUPPORTED_ENCRTYPION_TYPES = 13
-       } lsa_TrustDomInfoEnum;
-
-       typedef [public,bitmap32bit] bitmap {
-               LSA_TRUST_DIRECTION_INBOUND  = 0x00000001,
-               LSA_TRUST_DIRECTION_OUTBOUND = 0x00000002
-       } lsa_TrustDirection;
-
-       typedef [v1_enum] enum {
-               LSA_TRUST_TYPE_DOWNLEVEL  = 0x00000001,
-               LSA_TRUST_TYPE_UPLEVEL    = 0x00000002,
-               LSA_TRUST_TYPE_MIT        = 0x00000003
-       } lsa_TrustType;
-
-       typedef [public,bitmap32bit] bitmap {
-               LSA_TRUST_ATTRIBUTE_NON_TRANSITIVE      = 0x00000001,
-               LSA_TRUST_ATTRIBUTE_UPLEVEL_ONLY        = 0x00000002,
-               LSA_TRUST_ATTRIBUTE_QUARANTINED_DOMAIN  = 0x00000004,
-               LSA_TRUST_ATTRIBUTE_FOREST_TRANSITIVE   = 0x00000008,
-               LSA_TRUST_ATTRIBUTE_CROSS_ORGANIZATION  = 0x00000010,
-               LSA_TRUST_ATTRIBUTE_WITHIN_FOREST       = 0x00000020,
-               LSA_TRUST_ATTRIBUTE_TREAT_AS_EXTERNAL   = 0x00000040,
-               LSA_TRUST_ATTRIBUTE_USES_RC4_ENCRYPTION = 0x00000080
-       } lsa_TrustAttributes;
-
-       typedef struct {
-               lsa_StringLarge  netbios_name;
-       } lsa_TrustDomainInfoName;
-
-
-       typedef struct {
-               uint32 entries;
-               [size_is(entries)] lsa_StringLarge  *netbios_names;
-       } lsa_TrustDomainInfoControllers;
-
-       typedef struct {
-               uint32         posix_offset;
-       } lsa_TrustDomainInfoPosixOffset;
-
-       typedef struct {
-               lsa_DATA_BUF  *password;
-               lsa_DATA_BUF  *old_password;
-       } lsa_TrustDomainInfoPassword;
-
-       typedef struct {
-               lsa_String     netbios_name;
-               dom_sid2      *sid;
-       } lsa_TrustDomainInfoBasic;
-
-       typedef struct {
-               lsa_StringLarge     domain_name;
-               lsa_StringLarge     netbios_name;
-               dom_sid2           *sid;
-               lsa_TrustDirection  trust_direction;
-               lsa_TrustType       trust_type;
-               lsa_TrustAttributes trust_attributes;
-       } lsa_TrustDomainInfoInfoEx;
-
-       typedef [public,v1_enum] enum {
-               TRUST_AUTH_TYPE_NONE = 0,
-               TRUST_AUTH_TYPE_NT4OWF = 1,
-               TRUST_AUTH_TYPE_CLEAR = 2,
-               TRUST_AUTH_TYPE_VERSION = 3
-       } lsa_TrustAuthType;
-
-       typedef struct {
-               NTTIME_hyper   last_update_time;
-               lsa_TrustAuthType AuthType;
-               lsa_DATA_BUF2  data;
-       } lsa_TrustDomainInfoBuffer;
-
-       typedef struct {
-               uint32 incoming_count;
-               lsa_TrustDomainInfoBuffer *incoming_current_auth_info;
-               lsa_TrustDomainInfoBuffer *incoming_previous_auth_info;
-               uint32 outgoing_count;
-               lsa_TrustDomainInfoBuffer *outgoing_current_auth_info;
-               lsa_TrustDomainInfoBuffer *outgoing_previous_auth_info;
-       } lsa_TrustDomainInfoAuthInfo;
-
-       typedef struct {
-               lsa_TrustDomainInfoInfoEx      info_ex;
-               lsa_TrustDomainInfoPosixOffset posix_offset;
-               lsa_TrustDomainInfoAuthInfo    auth_info;
-       } lsa_TrustDomainInfoFullInfo;
-
-       typedef struct {
-               lsa_DATA_BUF2                          auth_blob;
-       } lsa_TrustDomainInfoAuthInfoInternal;
-
-       typedef struct {
-               lsa_TrustDomainInfoInfoEx              info_ex;
-               lsa_TrustDomainInfoPosixOffset         posix_offset;
-               lsa_TrustDomainInfoAuthInfoInternal    auth_info;
-       } lsa_TrustDomainInfoFullInfoInternal;
-
-       typedef struct {
-               lsa_TrustDomainInfoInfoEx      info_ex;
-               uint32 forest_trust_length;
-               [size_is(forest_trust_length)] uint8 *forest_trust_data;
-       } lsa_TrustDomainInfoInfoEx2Internal;
-
-       typedef struct {
-               lsa_TrustDomainInfoInfoEx2Internal     info;
-               lsa_TrustDomainInfoPosixOffset posix_offset;
-               lsa_TrustDomainInfoAuthInfo    auth_info;
-       } lsa_TrustDomainInfoFullInfo2Internal;
-
-       typedef struct {
-               kerb_EncTypes enc_types;
-       } lsa_TrustDomainInfoSupportedEncTypes;
-
-       typedef [switch_type(lsa_TrustDomInfoEnum)] union {
-               [case(LSA_TRUSTED_DOMAIN_INFO_NAME)]
-                       lsa_TrustDomainInfoName              name;
-               [case(LSA_TRUSTED_DOMAIN_INFO_CONTROLLERS)]
-                       lsa_TrustDomainInfoControllers   controllers;
-               [case(LSA_TRUSTED_DOMAIN_INFO_POSIX_OFFSET)]
-                       lsa_TrustDomainInfoPosixOffset       posix_offset;
-               [case(LSA_TRUSTED_DOMAIN_INFO_PASSWORD)]
-                       lsa_TrustDomainInfoPassword          password;
-               [case(LSA_TRUSTED_DOMAIN_INFO_BASIC)]
-                       lsa_TrustDomainInfoBasic             info_basic;
-               [case(LSA_TRUSTED_DOMAIN_INFO_INFO_EX)]
-                       lsa_TrustDomainInfoInfoEx            info_ex;
-               [case(LSA_TRUSTED_DOMAIN_INFO_AUTH_INFO)]
-                       lsa_TrustDomainInfoAuthInfo          auth_info;
-               [case(LSA_TRUSTED_DOMAIN_INFO_FULL_INFO)]
-                       lsa_TrustDomainInfoFullInfo          full_info;
-               [case(LSA_TRUSTED_DOMAIN_INFO_AUTH_INFO_INTERNAL)]
-                       lsa_TrustDomainInfoAuthInfoInternal  auth_info_internal;
-               [case(LSA_TRUSTED_DOMAIN_INFO_FULL_INFO_INTERNAL)]
-                       lsa_TrustDomainInfoFullInfoInternal  full_info_internal;
-               [case(LSA_TRUSTED_DOMAIN_INFO_INFO_EX2_INTERNAL)]
-                       lsa_TrustDomainInfoInfoEx2Internal   info_ex2_internal;
-               [case(LSA_TRUSTED_DOMAIN_INFO_FULL_INFO_2_INTERNAL)]
-                       lsa_TrustDomainInfoFullInfo2Internal     full_info2_internal;
-               [case(LSA_TRUSTED_DOMAIN_SUPPORTED_ENCRTYPION_TYPES)]
-                       lsa_TrustDomainInfoSupportedEncTypes enc_types;
-       } lsa_TrustedDomainInfo;
-
-       /* Function:       0x1a */
-       NTSTATUS lsa_QueryTrustedDomainInfo(
-               [in]     policy_handle                   *trustdom_handle,
-               [in]     lsa_TrustDomInfoEnum             level,
-               [out,switch_is(level),unique] lsa_TrustedDomainInfo *info
-               );
-
-       /* Function:     0x1b */
-       NTSTATUS lsa_SetInformationTrustedDomain(
-               [in]                  policy_handle         *trustdom_handle,
-               [in]                  lsa_TrustDomInfoEnum   level,
-               [in,switch_is(level)] lsa_TrustedDomainInfo *info
-               );
-
-       /* Function:          0x1c */
-       [public] NTSTATUS lsa_OpenSecret(
-               [in]     policy_handle    *handle,
-               [in]         lsa_String        name,
-               [in]         uint32            access_mask,
-               [out]    policy_handle    *sec_handle
-               );
-
-       /* Function:           0x1d */
-
-       [public] NTSTATUS lsa_SetSecret(
-               [in]     policy_handle    *sec_handle,
-               [in,unique]         lsa_DATA_BUF     *new_val,
-               [in,unique]         lsa_DATA_BUF     *old_val
-               );
-
-       typedef struct {
-               lsa_DATA_BUF *buf;
-       } lsa_DATA_BUF_PTR;
-
-       /* Function:         0x1e */
-       [public] NTSTATUS lsa_QuerySecret (
-               [in]     policy_handle     *sec_handle,
-               [in,out,unique]     lsa_DATA_BUF_PTR  *new_val,
-               [in,out,unique]     NTTIME_hyper      *new_mtime,
-               [in,out,unique]     lsa_DATA_BUF_PTR  *old_val,
-               [in,out,unique]     NTTIME_hyper      *old_mtime
-               );
-
-       /* Function:     0x1f */
-       NTSTATUS lsa_LookupPrivValue(
-               [in]     policy_handle *handle,
-               [in,ref] lsa_String *name,
-               [out,ref] lsa_LUID *luid
-               );
-
-
-       /* Function:      0x20 */
-       NTSTATUS lsa_LookupPrivName (
-               [in]     policy_handle *handle,
-               [in]     lsa_LUID *luid,
-               [out,unique]        lsa_StringLarge *name
-               );
-
-
-       /*******************/
-       /* Function:  0x21 */
-       NTSTATUS lsa_LookupPrivDisplayName (
-               [in]     policy_handle *handle,
-               [in]     lsa_String *name,
-               [out,unique]        lsa_StringLarge *disp_name,
-               /* see http://www.microsoft.com/globaldev/nlsweb/ for
-                  language definitions */
-               [in,out] uint16 *language_id,
-               [in]         uint16 unknown
-               );
-
-       /*******************/
-       /* Function:  0x22 */
-       NTSTATUS lsa_DeleteObject (
-               [in,out]     policy_handle *handle
-               );
-
-       /*******************/
-       /* Function:      0x23 */
-       NTSTATUS lsa_EnumAccountsWithUserRight (
-               [in]     policy_handle *handle,
-               [in,unique]         lsa_String *name,
-               [out]    lsa_SidArray *sids
-               );
-
-       /* Function:      0x24 */
-       typedef struct {
-               [string,charset(UTF16)] uint16 *name;
-       } lsa_RightAttribute;
-       
-       typedef struct {
-               [range(0,256)] uint32 count;
-               [size_is(count)] lsa_StringLarge *names;
-       } lsa_RightSet;
-       
-       NTSTATUS lsa_EnumAccountRights (
-               [in]     policy_handle *handle,
-               [in,ref] dom_sid2 *sid,
-               [out,ref] lsa_RightSet *rights
-               );
-
-
-       /**********************/
-       /* Function:       0x25 */
-       NTSTATUS lsa_AddAccountRights (
-               [in]     policy_handle *handle,
-               [in,ref] dom_sid2 *sid,
-               [in,ref] lsa_RightSet *rights
-               );
-
-       /**********************/
-       /* Function:       0x26 */
-       NTSTATUS lsa_RemoveAccountRights (
-               [in]     policy_handle *handle,
-               [in,ref] dom_sid2 *sid,
-               [in]     uint8 remove_all,
-               [in,ref] lsa_RightSet *rights
-               );
-
-       /* Function:   0x27 */
-       NTSTATUS lsa_QueryTrustedDomainInfoBySid(
-               [in]               policy_handle         *handle,
-               [in]               dom_sid2              *dom_sid,
-               [in]               lsa_TrustDomInfoEnum  level,
-               [out,switch_is(level),unique] lsa_TrustedDomainInfo *info
-        );
-
-       /* Function:     0x28 */
-       NTSTATUS lsa_SetTrustedDomainInfo(
-               [in]               policy_handle         *handle,
-               [in]               dom_sid2              *dom_sid,
-               [in]               lsa_TrustDomInfoEnum  level,
-               [in,switch_is(level)] lsa_TrustedDomainInfo *info
-        );
-
-       /* Function:      0x29 */
-       NTSTATUS lsa_DeleteTrustedDomain(
-               [in]               policy_handle         *handle,
-               [in]               dom_sid2              *dom_sid
-       );
-
-       /* Function:       0x2a */
-       [todo] NTSTATUS lsa_StorePrivateData();
-       /* Function:        0x2b */
-       [todo] NTSTATUS lsa_RetrievePrivateData();
-
-
-       /**********************/
-       /* Function:     0x2c */
-       [public] NTSTATUS lsa_OpenPolicy2 (
-               [in,unique]      [string,charset(UTF16)] uint16 *system_name,
-               [in]  lsa_ObjectAttribute *attr,
-               [in]  lsa_PolicyAccessMask access_mask,
-               [out] policy_handle *handle
-               );
-
-       /**********************/
-       /* Function:     0x2d */
-       typedef struct {
-               lsa_String *string;
-       } lsa_StringPointer;
-
-       NTSTATUS lsa_GetUserName(
-               [in,unique] [string,charset(UTF16)] uint16 *system_name,
-               [in,out,unique] lsa_String *account_name,
-               [in,out,unique] lsa_StringPointer *authority_name
-               );
-
-       /**********************/
-       /* Function:          0x2e */
-
-       NTSTATUS lsa_QueryInfoPolicy2(
-               [in]                         policy_handle *handle,
-               [in]                         lsa_PolicyInfo level,
-               [out,unique,switch_is(level)]   lsa_PolicyInformation *info
-               );
-
-       /* Function 0x2f */
-       NTSTATUS lsa_SetInfoPolicy2(
-               [in]                            policy_handle *handle,
-               [in]                            lsa_PolicyInfo level,
-               [in,switch_is(level)]           lsa_PolicyInformation *info
-               );
-
-       /**********************/
-       /* Function 0x30 */
-       NTSTATUS lsa_QueryTrustedDomainInfoByName(
-               [in]                   policy_handle          *handle,
-               [in]                   lsa_String             trusted_domain,
-               [in]                   lsa_TrustDomInfoEnum   level,
-               [out,unique,switch_is(level)] lsa_TrustedDomainInfo *info
-               );
-
-       /**********************/
-       /* Function 0x31 */
-       NTSTATUS lsa_SetTrustedDomainInfoByName(
-               [in]                   policy_handle         *handle,
-               [in]                   lsa_String             trusted_domain,
-               [in]                   lsa_TrustDomInfoEnum   level,
-               [in,unique,switch_is(level)] lsa_TrustedDomainInfo *info
-               );
-
-       /* Function 0x32 */
-
-       /* w2k3 treats max_size as max_domains*82       */
-       const int LSA_ENUM_TRUST_DOMAIN_EX_MULTIPLIER = 82;
-
-       typedef struct {
-               uint32 count;
-               [size_is(count)] lsa_TrustDomainInfoInfoEx *domains;
-       } lsa_DomainListEx;
-
-       NTSTATUS lsa_EnumTrustedDomainsEx (
-               [in]               policy_handle *handle,
-               [in,out]           uint32 *resume_handle,
-               [out]              lsa_DomainListEx *domains,
-               [in]               uint32 max_size
-               );
-
-       /* Function 0x33 */
-       NTSTATUS lsa_CreateTrustedDomainEx(
-               [in]  policy_handle               *policy_handle,
-               [in]  lsa_TrustDomainInfoInfoEx   *info,
-               [in]  lsa_TrustDomainInfoAuthInfoInternal *auth_info,
-               [in]  uint32 access_mask,
-               [out] policy_handle               *trustdom_handle
-               );
-
-
-       /* Function 0x34 */
-       NTSTATUS lsa_CloseTrustedDomainEx(
-               [in,out]                   policy_handle         *handle
-       );
-
-       /* Function 0x35 */
-
-       /* w2k3 returns either 0x000bbbd000000000 or 0x000a48e800000000 
-          for unknown6 - gd */
-       typedef struct {
-               uint32 enforce_restrictions;
-               hyper service_tkt_lifetime;
-               hyper user_tkt_lifetime;
-               hyper user_tkt_renewaltime;
-               hyper clock_skew;
-               hyper unknown6;
-       } lsa_DomainInfoKerberos;
-
-       typedef struct {
-               uint32 blob_size;
-               [size_is(blob_size)] uint8 *efs_blob;
-       } lsa_DomainInfoEfs;
-
-       typedef enum {
-               LSA_DOMAIN_INFO_POLICY_EFS=2,
-               LSA_DOMAIN_INFO_POLICY_KERBEROS=3
-       } lsa_DomainInfoEnum;
-
-       typedef [switch_type(uint16)] union {
-               [case(LSA_DOMAIN_INFO_POLICY_EFS)]      lsa_DomainInfoEfs       efs_info;
-               [case(LSA_DOMAIN_INFO_POLICY_KERBEROS)] lsa_DomainInfoKerberos  kerberos_info;
-       } lsa_DomainInformationPolicy;
-
-       NTSTATUS lsa_QueryDomainInformationPolicy(
-               [in]            policy_handle *handle,
-               [in]            uint16 level,
-               [out,unique,switch_is(level)]   lsa_DomainInformationPolicy *info
-               );
-
-       /* Function 0x36 */
-       NTSTATUS lsa_SetDomainInformationPolicy(
-               [in]            policy_handle *handle,
-               [in]                    uint16 level,
-               [in,unique,switch_is(level)]    lsa_DomainInformationPolicy *info
-               );
-
-       /**********************/
-       /* Function 0x37 */
-       NTSTATUS lsa_OpenTrustedDomainByName(
-               [in]     policy_handle *handle,
-               [in]         lsa_String     name,
-               [in]         uint32         access_mask,
-               [out]    policy_handle *trustdom_handle
-               );
-
-       /* Function 0x38 */
-       [todo] NTSTATUS lsa_TestCall();
-
-       /**********************/
-       /* Function 0x39 */
-
-       typedef struct {
-               lsa_SidType sid_type;
-               lsa_String name;
-               uint32 sid_index;
-               uint32 unknown;
-       } lsa_TranslatedName2;
-
-       typedef struct {
-               [range(0,1000)] uint32 count;
-               [size_is(count)] lsa_TranslatedName2 *names;
-       } lsa_TransNameArray2;
-
-       [public] NTSTATUS lsa_LookupSids2(
-               [in]     policy_handle *handle,
-               [in]     lsa_SidArray *sids,
-               [out,unique]        lsa_RefDomainList *domains,
-               [in,out] lsa_TransNameArray2 *names,
-               [in]         uint16 level,
-               [in,out] uint32 *count,
-               [in]         uint32 unknown1,
-               [in]         uint32 unknown2
-               );
-
-       /**********************/
-       /* Function 0x3a */
-
-       typedef struct {
-               lsa_SidType sid_type;
-               uint32 rid;
-               uint32 sid_index;
-               uint32 unknown;
-       } lsa_TranslatedSid2;
-
-       typedef struct {
-               [range(0,1000)] uint32 count;
-               [size_is(count)] lsa_TranslatedSid2 *sids;
-       } lsa_TransSidArray2;
-
-       [public] NTSTATUS lsa_LookupNames2 (
-               [in]     policy_handle *handle,
-               [in,range(0,1000)] uint32 num_names,
-               [in,size_is(num_names)]  lsa_String names[],
-               [out,unique]        lsa_RefDomainList *domains,
-               [in,out] lsa_TransSidArray2 *sids,
-               [in]         lsa_LookupNamesLevel level,
-               [in,out] uint32 *count,
-               [in]         uint32 lookup_options,
-               [in]         uint32 client_revision /* LSA_CLIENT_REVISION* */
-               );
-
-       /* Function 0x3b */
-       NTSTATUS lsa_CreateTrustedDomainEx2(
-               [in]  policy_handle               *policy_handle,
-               [in]  lsa_TrustDomainInfoInfoEx   *info,
-               [in]  lsa_TrustDomainInfoAuthInfoInternal *auth_info,
-               [in]  uint32                       access_mask,
-               [out] policy_handle               *trustdom_handle
-               );
-
-       /* Function 0x3c */
-       [todo] NTSTATUS lsa_CREDRWRITE();
-
-       /* Function 0x3d */
-       [todo] NTSTATUS lsa_CREDRREAD();
-
-       /* Function 0x3e */
-       [todo] NTSTATUS lsa_CREDRENUMERATE();
-
-       /* Function 0x3f */
-       [todo] NTSTATUS lsa_CREDRWRITEDOMAINCREDENTIALS();
-
-       /* Function 0x40 */
-       [todo] NTSTATUS lsa_CREDRREADDOMAINCREDENTIALS();
-
-       /* Function 0x41 */
-       [todo] NTSTATUS lsa_CREDRDELETE();
-
-       /* Function 0x42 */
-       [todo] NTSTATUS lsa_CREDRGETTARGETINFO();
-
-       /* Function 0x43 */
-       [todo] NTSTATUS lsa_CREDRPROFILELOADED();
-
-       /**********************/
-       /* Function 0x44 */
-       typedef struct {
-               lsa_SidType sid_type;
-               dom_sid2 *sid;
-               uint32 sid_index;
-               uint32 flags;
-       } lsa_TranslatedSid3;
-
-       typedef struct {
-               [range(0,1000)] uint32 count;
-               [size_is(count)] lsa_TranslatedSid3 *sids;
-       } lsa_TransSidArray3;
-
-       [public] NTSTATUS lsa_LookupNames3 (
-               [in]     policy_handle *handle,
-               [in,range(0,1000)] uint32 num_names,
-               [in,size_is(num_names)]  lsa_String names[],
-               [out,unique]        lsa_RefDomainList *domains,
-               [in,out] lsa_TransSidArray3 *sids,
-               [in]         lsa_LookupNamesLevel level,
-               [in,out] uint32 *count,
-               [in]         uint32 lookup_options,
-               [in]         uint32 client_revision /* LSA_CLIENT_REVISION* */
-               );
-
-       /* Function 0x45 */
-       [todo] NTSTATUS lsa_CREDRGETSESSIONTYPES();
-
-       /* Function 0x46 */
-       [todo] NTSTATUS lsa_LSARREGISTERAUDITEVENT();
-
-       /* Function 0x47 */
-       [todo] NTSTATUS lsa_LSARGENAUDITEVENT();
-
-       /* Function 0x48 */
-       [todo] NTSTATUS lsa_LSARUNREGISTERAUDITEVENT();
-
-       /* Function 0x49 */
-       typedef struct {
-               [range(0,131072)] uint32 length;
-               [size_is(length)] uint8 *data;
-       } lsa_ForestTrustBinaryData;
-
-       typedef struct {
-               dom_sid2 *domain_sid;
-               lsa_StringLarge dns_domain_name;
-               lsa_StringLarge netbios_domain_name;
-       } lsa_ForestTrustDomainInfo;
-
-       typedef [switch_type(uint32)] union {
-               [case(LSA_FOREST_TRUST_TOP_LEVEL_NAME)] lsa_String top_level_name;
-               [case(LSA_FOREST_TRUST_TOP_LEVEL_NAME_EX)] lsa_StringLarge top_level_name_ex;
-               [case(LSA_FOREST_TRUST_DOMAIN_INFO)] lsa_ForestTrustDomainInfo domain_info;
-               [default] lsa_ForestTrustBinaryData data;
-       } lsa_ForestTrustData;
-
-       typedef [v1_enum] enum {
-               LSA_FOREST_TRUST_TOP_LEVEL_NAME = 0,
-               LSA_FOREST_TRUST_TOP_LEVEL_NAME_EX = 1,
-               LSA_FOREST_TRUST_DOMAIN_INFO = 2,
-               LSA_FOREST_TRUST_RECORD_TYPE_LAST = 3
-       } lsa_ForestTrustRecordType;
-
-       typedef struct {
-               uint32 flags;
-               lsa_ForestTrustRecordType level;
-               hyper unknown;
-               [switch_is(level)] lsa_ForestTrustData forest_trust_data;
-       } lsa_ForestTrustRecord;
-
-       typedef [public] struct {
-               [range(0,4000)] uint32 count;
-               [size_is(count)] lsa_ForestTrustRecord **entries;
-       } lsa_ForestTrustInformation;
-
-       NTSTATUS lsa_lsaRQueryForestTrustInformation(
-               [in] policy_handle *handle,
-               [in,ref] lsa_String *trusted_domain_name,
-               [in] uint16 unknown, /* level ? */
-               [out,ref] lsa_ForestTrustInformation **forest_trust_info
-               );
-
-       /* Function 0x4a */
-       [todo] NTSTATUS lsa_LSARSETFORESTTRUSTINFORMATION();
-
-       /* Function 0x4b */
-       [todo] NTSTATUS lsa_CREDRRENAME();
-
-       /*****************/
-       /* Function 0x4c */
-
-       [public] NTSTATUS lsa_LookupSids3(
-               [in]         lsa_SidArray *sids,
-               [out,unique] lsa_RefDomainList *domains,
-               [in,out]     lsa_TransNameArray2 *names,
-               [in]         uint16 level,
-               [in,out]     uint32 *count,
-               [in]         uint32 unknown1,
-               [in]         uint32 unknown2
-               );
-
-       const int LSA_CLIENT_REVISION_NO_DNS     = 0x00000001;
-       const int LSA_CLIENT_REVISION_DNS        = 0x00000002;
-
-       const int LSA_LOOKUP_OPTIONS_NO_ISOLATED = 0x80000000;
-
-       /* Function 0x4d */
-       NTSTATUS lsa_LookupNames4(
-               [in,range(0,1000)] uint32 num_names,
-               [in,size_is(num_names)]  lsa_String names[],
-               [out,unique]        lsa_RefDomainList *domains,
-               [in,out] lsa_TransSidArray3 *sids,
-               [in]         lsa_LookupNamesLevel level,
-               [in,out] uint32 *count,
-               [in]         uint32 lookup_options,
-               [in]         uint32 client_revision /* LSA_CLIENT_REVISION* */
-               );
-
-       /* Function 0x4e */
-       [todo] NTSTATUS lsa_LSAROPENPOLICYSCE();
-
-       /* Function 0x4f */
-       [todo] NTSTATUS lsa_LSARADTREGISTERSECURITYEVENTSOURCE();
-
-       /* Function 0x50 */
-       [todo] NTSTATUS lsa_LSARADTUNREGISTERSECURITYEVENTSOURCE();
-
-       /* Function 0x51 */
-       [todo] NTSTATUS lsa_LSARADTREPORTSECURITYEVENT();
-
-}
index b009d2f2f8a2466ab649876d5414ddd1a37b0c6c..e279161375d510dee2025af58ca94ca0f4314b7d 100644 (file)
@@ -434,67 +434,67 @@ static NTSTATUS dcesrv_lsa_QueryInfoPolicy2(struct dcesrv_call_state *dce_call,
 {
        struct lsa_policy_state *state;
        struct dcesrv_handle *h;
+       union lsa_PolicyInformation *info;
 
-       r->out.info = NULL;
+       *r->out.info = NULL;
 
        DCESRV_PULL_HANDLE(h, r->in.handle, LSA_HANDLE_POLICY);
 
        state = h->data;
 
-       r->out.info = talloc(mem_ctx, union lsa_PolicyInformation);
-       if (!r->out.info) {
+       info = talloc_zero(mem_ctx, union lsa_PolicyInformation);
+       if (!info) {
                return NT_STATUS_NO_MEMORY;
        }
-
-       ZERO_STRUCTP(r->out.info);
+       *r->out.info = info;
 
        switch (r->in.level) {
        case LSA_POLICY_INFO_AUDIT_LOG:
                /* we don't need to fill in any of this */
-               ZERO_STRUCT(r->out.info->audit_log);
+               ZERO_STRUCT(info->audit_log);
                return NT_STATUS_OK;
        case LSA_POLICY_INFO_AUDIT_EVENTS:
                /* we don't need to fill in any of this */
-               ZERO_STRUCT(r->out.info->audit_events);
+               ZERO_STRUCT(info->audit_events);
                return NT_STATUS_OK;
        case LSA_POLICY_INFO_PD:
                /* we don't need to fill in any of this */
-               ZERO_STRUCT(r->out.info->pd);
+               ZERO_STRUCT(info->pd);
                return NT_STATUS_OK;
 
        case LSA_POLICY_INFO_DOMAIN:
-               return dcesrv_lsa_info_AccountDomain(state, mem_ctx, &r->out.info->domain);
+               return dcesrv_lsa_info_AccountDomain(state, mem_ctx, &info->domain);
        case LSA_POLICY_INFO_ACCOUNT_DOMAIN:
-               return dcesrv_lsa_info_AccountDomain(state, mem_ctx, &r->out.info->account_domain);
+               return dcesrv_lsa_info_AccountDomain(state, mem_ctx, &info->account_domain);
        case LSA_POLICY_INFO_L_ACCOUNT_DOMAIN:
-               return dcesrv_lsa_info_AccountDomain(state, mem_ctx, &r->out.info->l_account_domain);
+               return dcesrv_lsa_info_AccountDomain(state, mem_ctx, &info->l_account_domain);
 
 
        case LSA_POLICY_INFO_ROLE:
-               r->out.info->role.role = LSA_ROLE_PRIMARY;
+               info->role.role = LSA_ROLE_PRIMARY;
                return NT_STATUS_OK;
 
        case LSA_POLICY_INFO_DNS:
        case LSA_POLICY_INFO_DNS_INT:
-               return dcesrv_lsa_info_DNS(state, mem_ctx, &r->out.info->dns);
+               return dcesrv_lsa_info_DNS(state, mem_ctx, &info->dns);
 
        case LSA_POLICY_INFO_REPLICA:
-               ZERO_STRUCT(r->out.info->replica);
+               ZERO_STRUCT(info->replica);
                return NT_STATUS_OK;
 
        case LSA_POLICY_INFO_QUOTA:
-               ZERO_STRUCT(r->out.info->quota);
+               ZERO_STRUCT(info->quota);
                return NT_STATUS_OK;
 
        case LSA_POLICY_INFO_MOD:
        case LSA_POLICY_INFO_AUDIT_FULL_SET:
        case LSA_POLICY_INFO_AUDIT_FULL_QUERY:
                /* windows gives INVALID_PARAMETER */
-               r->out.info = NULL;
+               *r->out.info = NULL;
                return NT_STATUS_INVALID_PARAMETER;
        }
 
-       r->out.info = NULL;
+       *r->out.info = NULL;
        return NT_STATUS_INVALID_INFO_CLASS;
 }
 
@@ -511,11 +511,10 @@ static NTSTATUS dcesrv_lsa_QueryInfoPolicy(struct dcesrv_call_state *dce_call, T
 
        r2.in.handle = r->in.handle;
        r2.in.level = r->in.level;
+       r2.out.info = r->out.info;
        
        status = dcesrv_lsa_QueryInfoPolicy2(dce_call, mem_ctx, &r2);
 
-       r->out.info = r2.out.info;
-
        return status;
 }
 
@@ -1314,6 +1313,7 @@ static NTSTATUS fill_trust_domain_ex(TALLOC_CTX *mem_ctx,
 static NTSTATUS dcesrv_lsa_QueryTrustedDomainInfo(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
                                           struct lsa_QueryTrustedDomainInfo *r)
 {
+       union lsa_TrustedDomainInfo *info = NULL;
        struct dcesrv_handle *h;
        struct lsa_trusted_domain_state *trusted_domain_state;
        struct ldb_message *msg;
@@ -1342,17 +1342,19 @@ static NTSTATUS dcesrv_lsa_QueryTrustedDomainInfo(struct dcesrv_call_state *dce_
        }
        msg = res[0];
        
-       r->out.info = talloc(mem_ctx, union lsa_TrustedDomainInfo);
-       if (!r->out.info) {
+       info = talloc_zero(mem_ctx, union lsa_TrustedDomainInfo);
+       if (!info) {
                return NT_STATUS_NO_MEMORY;
        }
+       *r->out.info = info;
+
        switch (r->in.level) {
        case LSA_TRUSTED_DOMAIN_INFO_NAME:
-               r->out.info->name.netbios_name.string
+               info->name.netbios_name.string
                        = samdb_result_string(msg, "flatname", NULL);                                      
                break;
        case LSA_TRUSTED_DOMAIN_INFO_POSIX_OFFSET:
-               r->out.info->posix_offset.posix_offset
+               info->posix_offset.posix_offset
                        = samdb_result_uint(msg, "posixOffset", 0);                                        
                break;
 #if 0  /* Win2k3 doesn't implement this */
@@ -1364,32 +1366,32 @@ static NTSTATUS dcesrv_lsa_QueryTrustedDomainInfo(struct dcesrv_call_state *dce_
                break;
 #endif
        case LSA_TRUSTED_DOMAIN_INFO_INFO_EX:
-               return fill_trust_domain_ex(mem_ctx, msg, &r->out.info->info_ex);
+               return fill_trust_domain_ex(mem_ctx, msg, &info->info_ex);
 
        case LSA_TRUSTED_DOMAIN_INFO_FULL_INFO:
-               ZERO_STRUCT(r->out.info->full_info);
-               return fill_trust_domain_ex(mem_ctx, msg, &r->out.info->full_info.info_ex);
+               ZERO_STRUCT(info->full_info);
+               return fill_trust_domain_ex(mem_ctx, msg, &info->full_info.info_ex);
 
        case LSA_TRUSTED_DOMAIN_INFO_FULL_INFO_2_INTERNAL:
-               ZERO_STRUCT(r->out.info->full_info2_internal);
-               r->out.info->full_info2_internal.posix_offset.posix_offset
+               ZERO_STRUCT(info->full_info2_internal);
+               info->full_info2_internal.posix_offset.posix_offset
                        = samdb_result_uint(msg, "posixOffset", 0);                                        
-               return fill_trust_domain_ex(mem_ctx, msg, &r->out.info->full_info2_internal.info.info_ex);
+               return fill_trust_domain_ex(mem_ctx, msg, &info->full_info2_internal.info.info_ex);
                
        case LSA_TRUSTED_DOMAIN_SUPPORTED_ENCRTYPION_TYPES:
-               r->out.info->enc_types.enc_types
+               info->enc_types.enc_types
                        = samdb_result_uint(msg, "msDs-supportedEncryptionTypes", KERB_ENCTYPE_RC4_HMAC_MD5);
                break;
 
        case LSA_TRUSTED_DOMAIN_INFO_CONTROLLERS:
        case LSA_TRUSTED_DOMAIN_INFO_INFO_EX2_INTERNAL:
                /* oops, we don't want to return the info after all */
-               talloc_free(r->out.info);
+               talloc_free(info);
                r->out.info = NULL;
                return NT_STATUS_INVALID_PARAMETER;
        default:
                /* oops, we don't want to return the info after all */
-               talloc_free(r->out.info);
+               talloc_free(info);
                r->out.info = NULL;
                return NT_STATUS_INVALID_INFO_CLASS;
        }
@@ -1407,6 +1409,7 @@ static NTSTATUS dcesrv_lsa_QueryTrustedDomainInfoBySid(struct dcesrv_call_state
        NTSTATUS status;
        struct lsa_OpenTrustedDomain open;
        struct lsa_QueryTrustedDomainInfo query;
+       union lsa_TrustedDomainInfo *info;
        struct dcesrv_handle *h;
        open.in.handle = r->in.handle;
        open.in.sid = r->in.dom_sid;
@@ -1423,15 +1426,15 @@ static NTSTATUS dcesrv_lsa_QueryTrustedDomainInfoBySid(struct dcesrv_call_state
        /* Ensure this handle goes away at the end of this call */
        DCESRV_PULL_HANDLE(h, open.out.trustdom_handle, DCESRV_HANDLE_ANY);
        talloc_steal(mem_ctx, h);
-       
+
        query.in.trustdom_handle = open.out.trustdom_handle;
        query.in.level = r->in.level;
+       query.out.info = r->out.info;
        status = dcesrv_lsa_QueryTrustedDomainInfo(dce_call, mem_ctx, &query);
        if (!NT_STATUS_IS_OK(status)) {
                return status;
        }
-       
-       r->out.info = query.out.info;
+
        return NT_STATUS_OK;
 }
 
@@ -1457,7 +1460,7 @@ static NTSTATUS dcesrv_lsa_QueryTrustedDomainInfoByName(struct dcesrv_call_state
        struct lsa_QueryTrustedDomainInfo query;
        struct dcesrv_handle *h;
        open.in.handle = r->in.handle;
-       open.in.name = r->in.trusted_domain;
+       open.in.name = *r->in.trusted_domain;
        open.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
        open.out.trustdom_handle = talloc(mem_ctx, struct policy_handle);
        if (!open.out.trustdom_handle) {
@@ -1474,12 +1477,12 @@ static NTSTATUS dcesrv_lsa_QueryTrustedDomainInfoByName(struct dcesrv_call_state
 
        query.in.trustdom_handle = open.out.trustdom_handle;
        query.in.level = r->in.level;
+       query.out.info = r->out.info;
        status = dcesrv_lsa_QueryTrustedDomainInfo(dce_call, mem_ctx, &query);
        if (!NT_STATUS_IS_OK(status)) {
                return status;
        }
        
-       r->out.info = query.out.info;
        return NT_STATUS_OK;
 }
 
@@ -1724,15 +1727,21 @@ static NTSTATUS dcesrv_lsa_EnumPrivsAccount(struct dcesrv_call_state *dce_call,
        const char * const attrs[] = { "privilege", NULL};
        struct ldb_message_element *el;
        const char *sidstr;
+       struct lsa_PrivilegeSet *privs;
 
        DCESRV_PULL_HANDLE(h, r->in.handle, LSA_HANDLE_ACCOUNT);
 
        astate = h->data;
 
-       r->out.privs = talloc(mem_ctx, struct lsa_PrivilegeSet);
-       r->out.privs->count = 0;
-       r->out.privs->unknown = 0;
-       r->out.privs->set = NULL;
+       privs = talloc(mem_ctx, struct lsa_PrivilegeSet);
+       if (privs == NULL) {
+               return NT_STATUS_NO_MEMORY;
+       }
+       privs->count = 0;
+       privs->unknown = 0;
+       privs->set = NULL;
+
+       *r->out.privs = privs;
 
        sidstr = ldap_encode_ndr_dom_sid(mem_ctx, astate->account_sid);
        if (sidstr == NULL) {
@@ -1750,9 +1759,9 @@ static NTSTATUS dcesrv_lsa_EnumPrivsAccount(struct dcesrv_call_state *dce_call,
                return NT_STATUS_OK;
        }
 
-       r->out.privs->set = talloc_array(r->out.privs, 
-                                        struct lsa_LUIDAttribute, el->num_values);
-       if (r->out.privs->set == NULL) {
+       privs->set = talloc_array(privs,
+                                 struct lsa_LUIDAttribute, el->num_values);
+       if (privs->set == NULL) {
                return NT_STATUS_NO_MEMORY;
        }
 
@@ -1761,12 +1770,12 @@ static NTSTATUS dcesrv_lsa_EnumPrivsAccount(struct dcesrv_call_state *dce_call,
                if (id == -1) {
                        return NT_STATUS_INTERNAL_DB_CORRUPTION;
                }
-               r->out.privs->set[i].attribute = 0;
-               r->out.privs->set[i].luid.low = id;
-               r->out.privs->set[i].luid.high = 0;
+               privs->set[i].attribute = 0;
+               privs->set[i].luid.low = id;
+               privs->set[i].luid.high = 0;
        }
 
-       r->out.privs->count = el->num_values;
+       privs->count = el->num_values;
 
        return NT_STATUS_OK;
 }
@@ -2058,8 +2067,18 @@ static NTSTATUS dcesrv_lsa_GetSystemAccessAccount(struct dcesrv_call_state *dce_
        int i;
        NTSTATUS status;
        struct lsa_EnumPrivsAccount enumPrivs;
+       struct lsa_PrivilegeSet *privs;
+
+       privs = talloc(mem_ctx, struct lsa_PrivilegeSet);
+       if (!privs) {
+               return NT_STATUS_NO_MEMORY;
+       }
+       privs->count = 0;
+       privs->unknown = 0;
+       privs->set = NULL;
 
        enumPrivs.in.handle = r->in.handle;
+       enumPrivs.out.privs = &privs;
 
        status = dcesrv_lsa_EnumPrivsAccount(dce_call, mem_ctx, &enumPrivs);
        if (!NT_STATUS_IS_OK(status)) {
@@ -2068,8 +2087,8 @@ static NTSTATUS dcesrv_lsa_GetSystemAccessAccount(struct dcesrv_call_state *dce_
 
        *(r->out.access_mask) = 0x00000000;
 
-       for (i = 0; i < enumPrivs.out.privs->count; i++) {
-               int priv = enumPrivs.out.privs->set[i].luid.low;
+       for (i = 0; i < privs->count; i++) {
+               int priv = privs->set[i].luid.low;
 
                switch (priv) {
                case SEC_PRIV_INTERACTIVE_LOGON:
@@ -2695,6 +2714,7 @@ static NTSTATUS dcesrv_lsa_LookupPrivName(struct dcesrv_call_state *dce_call,
 {
        struct dcesrv_handle *h;
        struct lsa_policy_state *state;
+       struct lsa_StringLarge *name;
        const char *privname;
 
        DCESRV_PULL_HANDLE(h, r->in.handle, LSA_HANDLE_POLICY);
@@ -2710,11 +2730,14 @@ static NTSTATUS dcesrv_lsa_LookupPrivName(struct dcesrv_call_state *dce_call,
                return NT_STATUS_NO_SUCH_PRIVILEGE;
        }
 
-       r->out.name = talloc(mem_ctx, struct lsa_StringLarge);
-       if (r->out.name == NULL) {
+       name = talloc(mem_ctx, struct lsa_StringLarge);
+       if (name == NULL) {
                return NT_STATUS_NO_MEMORY;
        }
-       r->out.name->string = privname;
+
+       name->string = privname;
+
+       *r->out.name = name;
 
        return NT_STATUS_OK;    
 }
@@ -2729,6 +2752,7 @@ static NTSTATUS dcesrv_lsa_LookupPrivDisplayName(struct dcesrv_call_state *dce_c
 {
        struct dcesrv_handle *h;
        struct lsa_policy_state *state;
+       struct lsa_StringLarge *disp_name = NULL;
        int id;
 
        DCESRV_PULL_HANDLE(h, r->in.handle, LSA_HANDLE_POLICY);
@@ -2739,17 +2763,20 @@ static NTSTATUS dcesrv_lsa_LookupPrivDisplayName(struct dcesrv_call_state *dce_c
        if (id == -1) {
                return NT_STATUS_NO_SUCH_PRIVILEGE;
        }
-       
-       r->out.disp_name = talloc(mem_ctx, struct lsa_StringLarge);
-       if (r->out.disp_name == NULL) {
+
+       disp_name = talloc(mem_ctx, struct lsa_StringLarge);
+       if (disp_name == NULL) {
                return NT_STATUS_NO_MEMORY;
        }
 
-       r->out.disp_name->string = sec_privilege_display_name(id, r->in.language_id);
-       if (r->out.disp_name->string == NULL) {
+       disp_name->string = sec_privilege_display_name(id, &r->in.language_id);
+       if (disp_name->string == NULL) {
                return NT_STATUS_INTERNAL_ERROR;
        }
 
+       *r->out.disp_name = disp_name;
+       *r->out.returned_language_id = 0;
+
        return NT_STATUS_OK;
 }
 
@@ -2875,19 +2902,23 @@ static NTSTATUS dcesrv_lsa_GetUserName(struct dcesrv_call_state *dce_call, TALLO
        const char *account_name;
        const char *authority_name;
        struct lsa_String *_account_name;
-       struct lsa_StringPointer *_authority_name = NULL;
+       struct lsa_String *_authority_name = NULL;
 
        /* this is what w2k3 does */
        r->out.account_name = r->in.account_name;
        r->out.authority_name = r->in.authority_name;
 
-       if (r->in.account_name && r->in.account_name->string) {
+       if (r->in.account_name
+           && *r->in.account_name
+           /* && *(*r->in.account_name)->string */
+           ) {
                return NT_STATUS_INVALID_PARAMETER;
        }
 
-       if (r->in.authority_name &&
-           r->in.authority_name->string &&
-           r->in.authority_name->string->string) {
+       if (r->in.authority_name
+           && *r->in.authority_name
+           /* && *(*r->in.authority_name)->string */
+           ) {
                return NT_STATUS_INVALID_PARAMETER;
        }
 
@@ -2899,15 +2930,15 @@ static NTSTATUS dcesrv_lsa_GetUserName(struct dcesrv_call_state *dce_call, TALLO
        _account_name->string = account_name;
 
        if (r->in.authority_name) {
-               _authority_name = talloc(mem_ctx, struct lsa_StringPointer);
+               _authority_name = talloc(mem_ctx, struct lsa_String);
                NT_STATUS_HAVE_NO_MEMORY(_authority_name);
-               _authority_name->string = talloc(mem_ctx, struct lsa_String);
-               NT_STATUS_HAVE_NO_MEMORY(_authority_name->string);
-               _authority_name->string->string = authority_name;
+               _authority_name->string = authority_name;
        }
 
-       r->out.account_name = _account_name;
-       r->out.authority_name = _authority_name;
+       *r->out.account_name = _account_name;
+       if (r->out.authority_name) {
+               *r->out.authority_name = _authority_name;
+       }
 
        return status;
 }
@@ -2930,19 +2961,21 @@ static NTSTATUS dcesrv_lsa_QueryDomainInformationPolicy(struct dcesrv_call_state
                                                 TALLOC_CTX *mem_ctx,
                                                 struct lsa_QueryDomainInformationPolicy *r)
 {
-       r->out.info = talloc(mem_ctx, union lsa_DomainInformationPolicy);
-       if (!r->out.info) {
+       union lsa_DomainInformationPolicy *info;
+
+       info = talloc(r->out.info, union lsa_DomainInformationPolicy);
+       if (!info) {
                return NT_STATUS_NO_MEMORY;
        }
 
        switch (r->in.level) {
        case LSA_DOMAIN_INFO_POLICY_EFS:
-               talloc_free(r->out.info);
-               r->out.info = NULL;
+               talloc_free(info);
+               *r->out.info = NULL;
                return NT_STATUS_OBJECT_NAME_NOT_FOUND;
        case LSA_DOMAIN_INFO_POLICY_KERBEROS:
        {
-               struct lsa_DomainInfoKerberos *k = &r->out.info->kerberos_info;
+               struct lsa_DomainInfoKerberos *k = &info->kerberos_info;
                struct smb_krb5_context *smb_krb5_context;
                int ret = smb_krb5_init_context(mem_ctx, 
                                                        dce_call->event_ctx, 
@@ -2959,11 +2992,12 @@ static NTSTATUS dcesrv_lsa_QueryDomainInformationPolicy(struct dcesrv_call_state
                k->user_tkt_renewaltime = 0; /* Need to find somewhere to store this, and query in KDC too */
                k->clock_skew = krb5_get_max_time_skew(smb_krb5_context->krb5_context);
                talloc_free(smb_krb5_context);
+               *r->out.info = info;
                return NT_STATUS_OK;
        }
        default:
-               talloc_free(r->out.info);
-               r->out.info = NULL;
+               talloc_free(info);
+               *r->out.info = NULL;
                return NT_STATUS_INVALID_INFO_CLASS;
        }
 }
index 2375a6d27aa9ea2343d0ce92f08753bd9d8b1d19..a56e7764a985c12e24f2e561b87f9fce2c1264b5 100644 (file)
@@ -522,6 +522,7 @@ NTSTATUS dcesrv_lsa_LookupSids2(struct dcesrv_call_state *dce_call,
                                struct lsa_LookupSids2 *r)
 {
        struct lsa_policy_state *state;
+       struct lsa_RefDomainList *domains = NULL;
        int i;
        NTSTATUS status = NT_STATUS_OK;
 
@@ -530,7 +531,7 @@ NTSTATUS dcesrv_lsa_LookupSids2(struct dcesrv_call_state *dce_call,
                return NT_STATUS_INVALID_PARAMETER;
        }
 
-       r->out.domains = NULL;
+       *r->out.domains = NULL;
 
        /* NOTE: the WSPP test suite tries SIDs with invalid revision numbers,
           and expects NT_STATUS_INVALID_PARAMETER back - we just treat it as 
@@ -543,10 +544,11 @@ NTSTATUS dcesrv_lsa_LookupSids2(struct dcesrv_call_state *dce_call,
                return status;
        }
 
-       r->out.domains = talloc_zero(mem_ctx,  struct lsa_RefDomainList);
-       if (r->out.domains == NULL) {
+       domains = talloc_zero(r->out.domains,  struct lsa_RefDomainList);
+       if (domains == NULL) {
                return NT_STATUS_NO_MEMORY;
        }
+       *r->out.domains = domains;
 
        r->out.names = talloc_zero(mem_ctx,  struct lsa_TransNameArray2);
        if (r->out.names == NULL) {
@@ -592,7 +594,7 @@ NTSTATUS dcesrv_lsa_LookupSids2(struct dcesrv_call_state *dce_call,
                /* set up the authority table */
                status2 = dcesrv_lsa_authority_list(state, mem_ctx, rtype, 
                                                    authority_name, sid, 
-                                                   r->out.domains, &sid_index);
+                                                   domains, &sid_index);
                if (!NT_STATUS_IS_OK(status2)) {
                        continue;
                }
@@ -604,7 +606,7 @@ NTSTATUS dcesrv_lsa_LookupSids2(struct dcesrv_call_state *dce_call,
 
                (*r->out.count)++;
        }
-       
+
        if (*r->out.count == 0) {
                return NT_STATUS_NONE_MAPPED;
        }
@@ -660,6 +662,7 @@ NTSTATUS dcesrv_lsa_LookupSids3(struct dcesrv_call_state *dce_call,
        r2.in.unknown2 = r->in.unknown2;
        r2.out.count   = r->out.count;
        r2.out.names   = r->out.names;
+       r2.out.domains = r->out.domains;
 
        status = dcesrv_lsa_LookupSids2(dce_call, mem_ctx, &r2);
 
@@ -692,6 +695,7 @@ NTSTATUS dcesrv_lsa_LookupSids(struct dcesrv_call_state *dce_call, TALLOC_CTX *m
        r2.in.unknown2 = 0;
        r2.out.count   = r->out.count;
        r2.out.names   = NULL;
+       r2.out.domains = r->out.domains;
 
        status = dcesrv_lsa_LookupSids2(dce_call, mem_ctx, &r2);
        /* we deliberately don't check for error from the above,
@@ -734,6 +738,7 @@ NTSTATUS dcesrv_lsa_LookupNames3(struct dcesrv_call_state *dce_call,
        struct dcesrv_handle *policy_handle;
        int i;
        struct loadparm_context *lp_ctx = dce_call->conn->dce_ctx->lp_ctx;
+       struct lsa_RefDomainList *domains;
 
        DCESRV_PULL_HANDLE(policy_handle, r->in.handle, LSA_HANDLE_POLICY);
 
@@ -744,12 +749,13 @@ NTSTATUS dcesrv_lsa_LookupNames3(struct dcesrv_call_state *dce_call,
 
        policy_state = policy_handle->data;
 
-       r->out.domains = NULL;
+       *r->out.domains = NULL;
 
-       r->out.domains = talloc_zero(mem_ctx,  struct lsa_RefDomainList);
-       if (r->out.domains == NULL) {
+       domains = talloc_zero(mem_ctx,  struct lsa_RefDomainList);
+       if (domains == NULL) {
                return NT_STATUS_NO_MEMORY;
        }
+       *r->out.domains = domains;
 
        r->out.sids = talloc_zero(mem_ctx,  struct lsa_TransSidArray3);
        if (r->out.sids == NULL) {
@@ -785,7 +791,7 @@ NTSTATUS dcesrv_lsa_LookupNames3(struct dcesrv_call_state *dce_call,
                }
 
                status2 = dcesrv_lsa_authority_list(policy_state, mem_ctx, rtype, authority_name, 
-                                                   sid, r->out.domains, &sid_index);
+                                                   sid, domains, &sid_index);
                if (!NT_STATUS_IS_OK(status2)) {
                        continue;
                }
@@ -873,8 +879,9 @@ NTSTATUS dcesrv_lsa_LookupNames2(struct dcesrv_call_state *dce_call,
        struct dcesrv_handle *h;
        int i;
        struct loadparm_context *lp_ctx = dce_call->conn->dce_ctx->lp_ctx;
+       struct lsa_RefDomainList *domains;
 
-       r->out.domains = NULL;
+       *r->out.domains = NULL;
 
        DCESRV_PULL_HANDLE(h, r->in.handle, LSA_HANDLE_POLICY);
 
@@ -885,10 +892,11 @@ NTSTATUS dcesrv_lsa_LookupNames2(struct dcesrv_call_state *dce_call,
 
        state = h->data;
 
-       r->out.domains = talloc_zero(mem_ctx,  struct lsa_RefDomainList);
-       if (r->out.domains == NULL) {
+       domains = talloc_zero(mem_ctx,  struct lsa_RefDomainList);
+       if (domains == NULL) {
                return NT_STATUS_NO_MEMORY;
        }
+       *r->out.domains = domains;
 
        r->out.sids = talloc_zero(mem_ctx,  struct lsa_TransSidArray2);
        if (r->out.sids == NULL) {
@@ -927,7 +935,7 @@ NTSTATUS dcesrv_lsa_LookupNames2(struct dcesrv_call_state *dce_call,
                }
 
                status2 = dcesrv_lsa_authority_list(state, mem_ctx, rtype, authority_name, 
-                                                   sid, r->out.domains, &sid_index);
+                                                   sid, domains, &sid_index);
                if (!NT_STATUS_IS_OK(status2)) {
                        continue;
                }
@@ -971,13 +979,13 @@ NTSTATUS dcesrv_lsa_LookupNames(struct dcesrv_call_state *dce_call, TALLOC_CTX *
        r2.in.lookup_options = 0;
        r2.in.client_revision = 0;
        r2.out.count    = r->out.count;
+       r2.out.domains  = r->out.domains;
 
        status = dcesrv_lsa_LookupNames2(dce_call, mem_ctx, &r2);
        if (r2.out.sids == NULL) {
                return status;
        }
 
-       r->out.domains = r2.out.domains;
        r->out.sids = talloc(mem_ctx, struct lsa_TransSidArray);
        if (r->out.sids == NULL) {
                return NT_STATUS_NO_MEMORY;
index 0d6d78688248d35d1917cc259784bc06223277be..68eb36ebbd9688d158549309c82f06cd14462cf5 100644 (file)
@@ -428,11 +428,12 @@ static const uint8_t lsarlookupnames_out_data[] = {
 static bool lsarlookupnames_out_check(struct torture_context *tctx, 
                                                                         struct lsa_LookupNames *r)
 {
+       struct lsa_RefDomainList *domains = *(r->out.domains);
        torture_assert(tctx, r->out.domains != NULL, "domains ptr");
-       torture_assert_int_equal(tctx, r->out.domains->count, 1, "domains count");
-       torture_assert_int_equal(tctx, r->out.domains->max_size, 32, "domains size");
-       torture_assert(tctx, r->out.domains->domains != NULL, "domains domains");
-       torture_assert_str_equal(tctx, r->out.domains->domains[0].name.string, "BUILTIN", "domain name");
+       torture_assert_int_equal(tctx, domains->count, 1, "domains count");
+       torture_assert_int_equal(tctx, domains->max_size, 32, "domains size");
+       torture_assert(tctx, domains->domains != NULL, "domains domains");
+       torture_assert_str_equal(tctx, domains->domains[0].name.string, "BUILTIN", "domain name");
        /* FIXME: SID */
        torture_assert(tctx, r->out.count != NULL, "count ptr");
        torture_assert_int_equal(tctx, *r->out.count, 100, "count");
@@ -1014,11 +1015,12 @@ static const uint8_t lsarlookupsids_out_data[] = {
 static bool lsarlookupsids_out_check(struct torture_context *tctx, 
                                                                         struct lsa_LookupSids *r)
 {
-       torture_assert(tctx, r->out.domains != NULL, "domains");
-       torture_assert_int_equal(tctx, r->out.domains->count, 1, "domains count");
-       torture_assert_int_equal(tctx, r->out.domains->max_size, 32, "domains size");
-       torture_assert(tctx, r->out.domains->domains != NULL, "domains domains");
-       torture_assert_str_equal(tctx, r->out.domains->domains[0].name.string, "BUILTIN", "name");
+       struct lsa_RefDomainList *domains = *(r->out.domains);
+       torture_assert(tctx, domains != NULL, "domains");
+       torture_assert_int_equal(tctx, domains->count, 1, "domains count");
+       torture_assert_int_equal(tctx, domains->max_size, 32, "domains size");
+       torture_assert(tctx, domains->domains != NULL, "domains domains");
+       torture_assert_str_equal(tctx, domains->domains[0].name.string, "BUILTIN", "name");
        torture_assert_ntstatus_ok(tctx, r->out.result, "return code");
        return true;
 }
@@ -1474,12 +1476,13 @@ static const uint8_t lsarlookupsids2_out_data[] = {
 static bool lsarlookupsids2_out_check(struct torture_context *tctx, 
                                                                         struct lsa_LookupSids2 *r)
 {
+       struct lsa_RefDomainList *domains = *(r->out.domains);
        /* FIXME: Handle */
        torture_assert(tctx, r->out.names != NULL, "names ptr");
        torture_assert(tctx, r->out.domains != NULL, "domains ptr");
-       torture_assert_int_equal(tctx, r->out.domains->count, 4, "domains count");
-       torture_assert_int_equal(tctx, r->out.domains->max_size, 32, "domains size");
-       torture_assert_str_equal(tctx, r->out.domains->domains[0].name.string, "NT AUTHORITY", "trust info name");
+       torture_assert_int_equal(tctx, domains->count, 4, "domains count");
+       torture_assert_int_equal(tctx, domains->max_size, 32, "domains size");
+       torture_assert_str_equal(tctx, domains->domains[0].name.string, "NT AUTHORITY", "trust info name");
        torture_assert_int_equal(tctx, r->out.names->count, 7, "names count");
        torture_assert_str_equal(tctx, r->out.names->names[0].name.string, "Account Operators", "name str 1");
        torture_assert_str_equal(tctx, r->out.names->names[1].name.string, "Administrators", "name str 2");
@@ -1749,12 +1752,13 @@ static const uint8_t lsarlookupsids3_out_data[] = {
 static bool lsarlookupsids3_out_check(struct torture_context *tctx, 
                                      struct lsa_LookupSids3 *r)
 {
+       struct lsa_RefDomainList *domains = *(r->out.domains);
        /* FIXME: Handle */
        torture_assert(tctx, r->out.names != NULL, "names ptr");
        torture_assert(tctx, r->out.domains != NULL, "domains ptr");
-       torture_assert_int_equal(tctx, r->out.domains->count, 4, "domains count");
-       torture_assert_int_equal(tctx, r->out.domains->max_size, 32, "domains size");
-       torture_assert_str_equal(tctx, r->out.domains->domains[0].name.string, "NT AUTHORITY", "trust info name");
+       torture_assert_int_equal(tctx, domains->count, 4, "domains count");
+       torture_assert_int_equal(tctx, domains->max_size, 32, "domains size");
+       torture_assert_str_equal(tctx, domains->domains[0].name.string, "NT AUTHORITY", "trust info name");
        torture_assert_int_equal(tctx, r->out.names->count, 7, "names count");
        torture_assert_str_equal(tctx, r->out.names->names[0].name.string, "Account Operators", "name str 1");
        torture_assert_str_equal(tctx, r->out.names->names[1].name.string, "Administrators", "name str 2");
index f35897b3df17ebd4d8a0c896f2cfb995aca7a006..553025276d73b3d19f9a6dc0241716aa35ef2b93 100644 (file)
@@ -109,6 +109,7 @@ static bool test_handles_lsa_shared(struct torture_context *torture)
        struct lsa_OpenPolicy r;
        struct lsa_Close c;
        struct lsa_QuerySecurity qsec;
+       struct sec_desc_buf *sdbuf = NULL;
        uint16_t system_name = '\\';
        TALLOC_CTX *mem_ctx = talloc_new(torture);
        enum dcerpc_transport_t transport;
@@ -167,6 +168,7 @@ static bool test_handles_lsa_shared(struct torture_context *torture)
 
        qsec.in.handle          = &handle;
        qsec.in.sec_info        = 0;
+       qsec.out.sdbuf          = &sdbuf;
        c.in.handle = &handle;
        c.out.handle = &handle2;
 
index 69df965f1975e105415a1e2e235f094e9d234bac..454afabc50030cb0480af8a3d5fbf7f848d830d8 100644 (file)
@@ -153,6 +153,7 @@ static bool test_LookupNames(struct dcerpc_pipe *p,
 {
        struct lsa_LookupNames r;
        struct lsa_TransSidArray sids;
+       struct lsa_RefDomainList *domains = NULL;
        struct lsa_String *names;
        uint32_t count = 0;
        NTSTATUS status;
@@ -176,6 +177,7 @@ static bool test_LookupNames(struct dcerpc_pipe *p,
        r.in.count = &count;
        r.out.count = &count;
        r.out.sids = &sids;
+       r.out.domains = &domains;
 
        status = dcerpc_lsa_LookupNames(p, mem_ctx, &r);
 
@@ -217,6 +219,7 @@ static bool test_LookupNames_bogus(struct dcerpc_pipe *p,
 {
        struct lsa_LookupNames r;
        struct lsa_TransSidArray sids;
+       struct lsa_RefDomainList *domains = NULL;
        struct lsa_String *names;
        uint32_t count = 0;
        NTSTATUS status;
@@ -248,6 +251,7 @@ static bool test_LookupNames_bogus(struct dcerpc_pipe *p,
        r.in.count = &count;
        r.out.count = &count;
        r.out.sids = &sids;
+       r.out.domains = &domains;
 
        status = dcerpc_lsa_LookupNames(p, mem_ctx, &r);
        if (!NT_STATUS_EQUAL(status, NT_STATUS_NONE_MAPPED)) {
@@ -317,6 +321,7 @@ static bool test_LookupNames2(struct dcerpc_pipe *p,
 {
        struct lsa_LookupNames2 r;
        struct lsa_TransSidArray2 sids;
+       struct lsa_RefDomainList *domains = NULL;
        struct lsa_String *names;
        uint32_t count = 0;
        NTSTATUS status;
@@ -342,6 +347,7 @@ static bool test_LookupNames2(struct dcerpc_pipe *p,
        r.in.client_revision = 0;
        r.out.count = &count;
        r.out.sids = &sids;
+       r.out.domains = &domains;
 
        status = dcerpc_lsa_LookupNames2(p, mem_ctx, &r);
        if (!NT_STATUS_IS_OK(status)) {
@@ -362,6 +368,7 @@ static bool test_LookupNames3(struct dcerpc_pipe *p,
 {
        struct lsa_LookupNames3 r;
        struct lsa_TransSidArray3 sids;
+       struct lsa_RefDomainList *domains = NULL;
        struct lsa_String *names;
        uint32_t count = 0;
        NTSTATUS status;
@@ -387,6 +394,7 @@ static bool test_LookupNames3(struct dcerpc_pipe *p,
        r.in.client_revision = 0;
        r.out.count = &count;
        r.out.sids = &sids;
+       r.out.domains = &domains;
 
        status = dcerpc_lsa_LookupNames3(p, mem_ctx, &r);
        if (!NT_STATUS_IS_OK(status)) {
@@ -405,6 +413,7 @@ static bool test_LookupNames4(struct dcerpc_pipe *p,
 {
        struct lsa_LookupNames4 r;
        struct lsa_TransSidArray3 sids;
+       struct lsa_RefDomainList *domains = NULL;
        struct lsa_String *names;
        uint32_t count = 0;
        NTSTATUS status;
@@ -429,6 +438,7 @@ static bool test_LookupNames4(struct dcerpc_pipe *p,
        r.in.client_revision = 0;
        r.out.count = &count;
        r.out.sids = &sids;
+       r.out.domains = &domains;
 
        status = dcerpc_lsa_LookupNames4(p, mem_ctx, &r);
        if (!NT_STATUS_IS_OK(status)) {
@@ -449,6 +459,7 @@ static bool test_LookupSids(struct dcerpc_pipe *p,
 {
        struct lsa_LookupSids r;
        struct lsa_TransNameArray names;
+       struct lsa_RefDomainList *domains = NULL;
        uint32_t count = sids->num_sids;
        NTSTATUS status;
 
@@ -464,6 +475,7 @@ static bool test_LookupSids(struct dcerpc_pipe *p,
        r.in.count = &count;
        r.out.count = &count;
        r.out.names = &names;
+       r.out.domains = &domains;
 
        status = dcerpc_lsa_LookupSids(p, mem_ctx, &r);
        if (!NT_STATUS_IS_OK(status)) {
@@ -488,6 +500,7 @@ static bool test_LookupSids2(struct dcerpc_pipe *p,
 {
        struct lsa_LookupSids2 r;
        struct lsa_TransNameArray2 names;
+       struct lsa_RefDomainList *domains = NULL;
        uint32_t count = sids->num_sids;
        NTSTATUS status;
 
@@ -505,6 +518,7 @@ static bool test_LookupSids2(struct dcerpc_pipe *p,
        r.in.unknown2 = 0;
        r.out.count = &count;
        r.out.names = &names;
+       r.out.domains = &domains;
 
        status = dcerpc_lsa_LookupSids2(p, mem_ctx, &r);
        if (!NT_STATUS_IS_OK(status)) {
@@ -531,6 +545,7 @@ static bool test_LookupSids3(struct dcerpc_pipe *p,
 {
        struct lsa_LookupSids3 r;
        struct lsa_TransNameArray2 names;
+       struct lsa_RefDomainList *domains = NULL;
        uint32_t count = sids->num_sids;
        NTSTATUS status;
 
@@ -545,6 +560,7 @@ static bool test_LookupSids3(struct dcerpc_pipe *p,
        r.in.count = &count;
        r.in.unknown1 = 0;
        r.in.unknown2 = 0;
+       r.out.domains = &domains;
        r.out.count = &count;
        r.out.names = &names;
 
@@ -594,6 +610,7 @@ bool test_many_LookupSids(struct dcerpc_pipe *p,
        if (handle) {
                struct lsa_LookupSids r;
                struct lsa_TransNameArray names;
+               struct lsa_RefDomainList *domains = NULL;
                names.count = 0;
                names.names = NULL;
 
@@ -604,6 +621,7 @@ bool test_many_LookupSids(struct dcerpc_pipe *p,
                r.in.count = &names.count;
                r.out.count = &count;
                r.out.names = &names;
+               r.out.domains = &domains;
                
                status = dcerpc_lsa_LookupSids(p, mem_ctx, &r);
                if (!NT_STATUS_IS_OK(status)) {
@@ -619,6 +637,7 @@ bool test_many_LookupSids(struct dcerpc_pipe *p,
        } else if (p->conn->security_state.auth_info->auth_type == DCERPC_AUTH_TYPE_SCHANNEL &&
                   p->conn->security_state.auth_info->auth_level >= DCERPC_AUTH_LEVEL_INTEGRITY) {
                struct lsa_LookupSids3 r;
+               struct lsa_RefDomainList *domains = NULL;
                struct lsa_TransNameArray2 names;
 
                names.count = 0;
@@ -634,6 +653,7 @@ bool test_many_LookupSids(struct dcerpc_pipe *p,
                r.in.unknown2 = 0;
                r.out.count = &count;
                r.out.names = &names;
+               r.out.domains = &domains;
                
                status = dcerpc_lsa_LookupSids3(p, mem_ctx, &r);
                if (!NT_STATUS_IS_OK(status)) {
@@ -683,6 +703,7 @@ static bool test_LookupSids_async(struct dcerpc_pipe *p,
        uint32_t *count;
        struct lsa_TransNameArray *names;
        struct lsa_LookupSids *r;
+       struct lsa_RefDomainList *domains = NULL;
        struct rpc_request **req;
        int i, replies;
        bool ret = true;
@@ -714,6 +735,7 @@ static bool test_LookupSids_async(struct dcerpc_pipe *p,
                r[i].in.count = &names[i].count;
                r[i].out.count = &count[i];
                r[i].out.names = &names[i];
+               r[i].out.domains = &domains;
                
                req[i] = dcerpc_lsa_LookupSids_send(p, req, &r[i]);
                if (req[i] == NULL) {
@@ -767,9 +789,11 @@ static bool test_LookupPrivName(struct dcerpc_pipe *p,
 {
        NTSTATUS status;
        struct lsa_LookupPrivName r;
+       struct lsa_StringLarge *name = NULL;
 
        r.in.handle = handle;
        r.in.luid = luid;
+       r.out.name = &name;
 
        status = dcerpc_lsa_LookupPrivName(p, mem_ctx, &r);
        if (!NT_STATUS_IS_OK(status)) {
@@ -807,22 +831,24 @@ static bool test_RemovePrivilegesFromAccount(struct dcerpc_pipe *p,
        if (!NT_STATUS_IS_OK(status)) {
                
                struct lsa_LookupPrivName r_name;
+               struct lsa_StringLarge *name = NULL;
                
                r_name.in.handle = handle;
                r_name.in.luid = luid;
-               
+               r_name.out.name = &name;
+
                status = dcerpc_lsa_LookupPrivName(p, mem_ctx, &r_name);
                if (!NT_STATUS_IS_OK(status)) {
                        printf("\nLookupPrivName failed - %s\n", nt_errstr(status));
                        return false;
                }
                /* Windows 2008 does not allow this to be removed */
-               if (strcmp("SeAuditPrivilege", r_name.out.name->string) == 0) {
+               if (strcmp("SeAuditPrivilege", name->string) == 0) {
                        return ret;
                }
 
                printf("RemovePrivilegesFromAccount failed to remove %s - %s\n", 
-                      r_name.out.name->string, 
+                      name->string,
                       nt_errstr(status));
                return false;
        }
@@ -867,11 +893,13 @@ static bool test_EnumPrivsAccount(struct dcerpc_pipe *p,
 {
        NTSTATUS status;
        struct lsa_EnumPrivsAccount r;
+       struct lsa_PrivilegeSet *privs = NULL;
        bool ret = true;
 
        printf("\nTesting EnumPrivsAccount\n");
 
        r.in.handle = acct_handle;
+       r.out.privs = &privs;
 
        status = dcerpc_lsa_EnumPrivsAccount(p, mem_ctx, &r);
        if (!NT_STATUS_IS_OK(status)) {
@@ -879,17 +907,17 @@ static bool test_EnumPrivsAccount(struct dcerpc_pipe *p,
                return false;
        }
 
-       if (r.out.privs && r.out.privs->count > 0) {
+       if (privs && privs->count > 0) {
                int i;
-               for (i=0;i<r.out.privs->count;i++) {
+               for (i=0;i<privs->count;i++) {
                        test_LookupPrivName(p, mem_ctx, handle, 
-                                           &r.out.privs->set[i].luid);
+                                           &privs->set[i].luid);
                }
 
                ret &= test_RemovePrivilegesFromAccount(p, mem_ctx, handle, acct_handle, 
-                                                       &r.out.privs->set[0].luid);
+                                                       &privs->set[0].luid);
                ret &= test_AddPrivilegesToAccount(p, mem_ctx, acct_handle, 
-                                                  &r.out.privs->set[0].luid);
+                                                  &privs->set[0].luid);
        }
 
        return ret;
@@ -1462,6 +1490,7 @@ static bool test_QuerySecurity(struct dcerpc_pipe *p,
 {
        NTSTATUS status;
        struct lsa_QuerySecurity r;
+       struct sec_desc_buf *sdbuf = NULL;
 
        if (torture_setting_bool(tctx, "samba4", false)) {
                printf("\nskipping QuerySecurity test against Samba4\n");
@@ -1472,6 +1501,7 @@ static bool test_QuerySecurity(struct dcerpc_pipe *p,
 
        r.in.handle = acct_handle;
        r.in.sec_info = 7;
+       r.out.sdbuf = &sdbuf;
 
        status = dcerpc_lsa_QuerySecurity(p, tctx, &r);
        if (!NT_STATUS_IS_OK(status)) {
@@ -1602,14 +1632,17 @@ static bool test_LookupPrivDisplayName(struct dcerpc_pipe *p,
        /* produce a reasonable range of language output without screwing up
           terminals */
        uint16_t language_id = (random() % 4) + 0x409;
+       uint16_t returned_language_id = 0;
+       struct lsa_StringLarge *disp_name = NULL;
 
        printf("\nTesting LookupPrivDisplayName(%s)\n", priv_name->string);
        
        r.in.handle = handle;
        r.in.name = priv_name;
-       r.in.language_id = &language_id;
-       r.out.language_id = &language_id;
-       r.in.unknown = 0;
+       r.in.language_id = language_id;
+       r.in.language_id_sys = 0;
+       r.out.returned_language_id = &returned_language_id;
+       r.out.disp_name = &disp_name;
 
        status = dcerpc_lsa_LookupPrivDisplayName(p, mem_ctx, &r);
        if (!NT_STATUS_IS_OK(status)) {
@@ -1617,8 +1650,8 @@ static bool test_LookupPrivDisplayName(struct dcerpc_pipe *p,
                return false;
        }
        printf("%s -> \"%s\"  (language 0x%x/0x%x)\n", 
-              priv_name->string, r.out.disp_name->string, 
-              *r.in.language_id, *r.out.language_id);
+              priv_name->string, disp_name->string,
+              r.in.language_id, *r.out.returned_language_id);
 
        return true;
 }
@@ -1794,7 +1827,7 @@ static bool test_query_each_TrustDom(struct dcerpc_pipe *p,
                        
                        for (j=0; j < ARRAY_SIZE(levels); j++) {
                                struct lsa_QueryTrustedDomainInfo q;
-                               union lsa_TrustedDomainInfo info;
+                               union lsa_TrustedDomainInfo *info = NULL;
                                q.in.trustdom_handle = &trustdom_handle;
                                q.in.level = levels[j];
                                q.out.info = &info;
@@ -1827,7 +1860,7 @@ static bool test_query_each_TrustDom(struct dcerpc_pipe *p,
 
                        for (j=0; j < ARRAY_SIZE(levels); j++) {
                                struct lsa_QueryTrustedDomainInfoBySid q;
-                               union lsa_TrustedDomainInfo info;
+                               union lsa_TrustedDomainInfo *info = NULL;
                                
                                if (!domains->domains[i].sid) {
                                        continue;
@@ -1837,6 +1870,7 @@ static bool test_query_each_TrustDom(struct dcerpc_pipe *p,
                                q.in.dom_sid = domains->domains[i].sid;
                                q.in.level   = levels[j];
                                q.out.info   = &info;
+
                                status = dcerpc_lsa_QueryTrustedDomainInfoBySid(p, mem_ctx, &q);
                                if (!NT_STATUS_IS_OK(status) && ok[j]) {
                                        printf("QueryTrustedDomainInfoBySid level %d failed - %s\n", 
@@ -1864,7 +1898,7 @@ static bool test_query_each_TrustDom(struct dcerpc_pipe *p,
 
                for (j=0; j < ARRAY_SIZE(levels); j++) {
                        struct lsa_QueryTrustedDomainInfo q;
-                       union lsa_TrustedDomainInfo info;
+                       union lsa_TrustedDomainInfo *info = NULL;
                        q.in.trustdom_handle = &trustdom_handle;
                        q.in.level = levels[j];
                        q.out.info = &info;
@@ -1891,9 +1925,13 @@ static bool test_query_each_TrustDom(struct dcerpc_pipe *p,
 
                for (j=0; j < ARRAY_SIZE(levels); j++) {
                        struct lsa_QueryTrustedDomainInfoByName q;
-                       union lsa_TrustedDomainInfo info;
+                       union lsa_TrustedDomainInfo *info = NULL;
+                       struct lsa_String name;
+
+                       name.string = domains->domains[i].name.string;
+
                        q.in.handle         = handle;
-                       q.in.trusted_domain.string = domains->domains[i].name.string;
+                       q.in.trusted_domain = &name;
                        q.in.level          = levels[j];
                        q.out.info          = &info;
                        status = dcerpc_lsa_QueryTrustedDomainInfoByName(p, mem_ctx, &q);
@@ -2055,6 +2093,7 @@ static bool test_CreateTrustedDomain(struct dcerpc_pipe *p,
        struct dom_sid *domsid[12];
        struct policy_handle trustdom_handle[12];
        struct lsa_QueryTrustedDomainInfo q;
+       union lsa_TrustedDomainInfo *info = NULL;
        int i;
 
        printf("\nTesting CreateTrustedDomain for 12 domains\n");
@@ -2089,6 +2128,7 @@ static bool test_CreateTrustedDomain(struct dcerpc_pipe *p,
                
                        q.in.trustdom_handle = &trustdom_handle[i];
                        q.in.level = LSA_TRUSTED_DOMAIN_INFO_INFO_EX;
+                       q.out.info = &info;
                        status = dcerpc_lsa_QueryTrustedDomainInfo(p, mem_ctx, &q);
                        if (!NT_STATUS_IS_OK(status)) {
                                printf("QueryTrustedDomainInfo level 1 failed - %s\n", nt_errstr(status));
@@ -2096,24 +2136,24 @@ static bool test_CreateTrustedDomain(struct dcerpc_pipe *p,
                        } else if (!q.out.info) {
                                ret = false;
                        } else {
-                               if (strcmp(q.out.info->info_ex.netbios_name.string, trustinfo.name.string) != 0) {
+                               if (strcmp(info->info_ex.netbios_name.string, trustinfo.name.string) != 0) {
                                        printf("QueryTrustedDomainInfo returned inconsistant short name: %s != %s\n",
-                                              q.out.info->info_ex.netbios_name.string, trustinfo.name.string);
+                                              info->info_ex.netbios_name.string, trustinfo.name.string);
                                        ret = false;
                                }
-                               if (q.out.info->info_ex.trust_type != LSA_TRUST_TYPE_DOWNLEVEL) {
+                               if (info->info_ex.trust_type != LSA_TRUST_TYPE_DOWNLEVEL) {
                                        printf("QueryTrustedDomainInfo of %s returned incorrect trust type %d != %d\n", 
-                                              trust_name, q.out.info->info_ex.trust_type, LSA_TRUST_TYPE_DOWNLEVEL);
+                                              trust_name, info->info_ex.trust_type, LSA_TRUST_TYPE_DOWNLEVEL);
                                        ret = false;
                                }
-                               if (q.out.info->info_ex.trust_attributes != 0) {
+                               if (info->info_ex.trust_attributes != 0) {
                                        printf("QueryTrustedDomainInfo of %s returned incorrect trust attributes %d != %d\n", 
-                                              trust_name, q.out.info->info_ex.trust_attributes, 0);
+                                              trust_name, info->info_ex.trust_attributes, 0);
                                        ret = false;
                                }
-                               if (q.out.info->info_ex.trust_direction != LSA_TRUST_DIRECTION_OUTBOUND) {
+                               if (info->info_ex.trust_direction != LSA_TRUST_DIRECTION_OUTBOUND) {
                                        printf("QueryTrustedDomainInfo of %s returned incorrect trust direction %d != %d\n", 
-                                              trust_name, q.out.info->info_ex.trust_direction, LSA_TRUST_DIRECTION_OUTBOUND);
+                                              trust_name, info->info_ex.trust_direction, LSA_TRUST_DIRECTION_OUTBOUND);
                                        ret = false;
                                }
                        }
@@ -2149,6 +2189,7 @@ static bool test_CreateTrustedDomainEx2(struct dcerpc_pipe *p,
        struct dom_sid *domsid[12];
        struct policy_handle trustdom_handle[12];
        struct lsa_QueryTrustedDomainInfo q;
+       union lsa_TrustedDomainInfo *info = NULL;
        DATA_BLOB session_key;
        enum ndr_err_code ndr_err;
        int i;
@@ -2221,6 +2262,7 @@ static bool test_CreateTrustedDomainEx2(struct dcerpc_pipe *p,
                
                        q.in.trustdom_handle = &trustdom_handle[i];
                        q.in.level = LSA_TRUSTED_DOMAIN_INFO_INFO_EX;
+                       q.out.info = &info;
                        status = dcerpc_lsa_QueryTrustedDomainInfo(p, mem_ctx, &q);
                        if (!NT_STATUS_IS_OK(status)) {
                                printf("QueryTrustedDomainInfo level 1 failed - %s\n", nt_errstr(status));
@@ -2229,24 +2271,24 @@ static bool test_CreateTrustedDomainEx2(struct dcerpc_pipe *p,
                                printf("QueryTrustedDomainInfo level 1 failed to return an info pointer\n");
                                ret = false;
                        } else {
-                               if (strcmp(q.out.info->info_ex.netbios_name.string, trustinfo.netbios_name.string) != 0) {
+                               if (strcmp(info->info_ex.netbios_name.string, trustinfo.netbios_name.string) != 0) {
                                        printf("QueryTrustedDomainInfo returned inconsistant short name: %s != %s\n",
-                                              q.out.info->info_ex.netbios_name.string, trustinfo.netbios_name.string);
+                                              info->info_ex.netbios_name.string, trustinfo.netbios_name.string);
                                        ret = false;
                                }
-                               if (q.out.info->info_ex.trust_type != trustinfo.trust_type) {
+                               if (info->info_ex.trust_type != trustinfo.trust_type) {
                                        printf("QueryTrustedDomainInfo of %s returned incorrect trust type %d != %d\n", 
-                                              trust_name, q.out.info->info_ex.trust_type, trustinfo.trust_type);
+                                              trust_name, info->info_ex.trust_type, trustinfo.trust_type);
                                        ret = false;
                                }
-                               if (q.out.info->info_ex.trust_attributes != LSA_TRUST_ATTRIBUTE_USES_RC4_ENCRYPTION) {
+                               if (info->info_ex.trust_attributes != LSA_TRUST_ATTRIBUTE_USES_RC4_ENCRYPTION) {
                                        printf("QueryTrustedDomainInfo of %s returned incorrect trust attributes %d != %d\n", 
-                                              trust_name, q.out.info->info_ex.trust_attributes, LSA_TRUST_ATTRIBUTE_USES_RC4_ENCRYPTION);
+                                              trust_name, info->info_ex.trust_attributes, LSA_TRUST_ATTRIBUTE_USES_RC4_ENCRYPTION);
                                        ret = false;
                                }
-                               if (q.out.info->info_ex.trust_direction != trustinfo.trust_direction) {
+                               if (info->info_ex.trust_direction != trustinfo.trust_direction) {
                                        printf("QueryTrustedDomainInfo of %s returned incorrect trust direction %d != %d\n", 
-                                              trust_name, q.out.info->info_ex.trust_direction, trustinfo.trust_direction);
+                                              trust_name, info->info_ex.trust_direction, trustinfo.trust_direction);
                                        ret = false;
                                }
                        }
@@ -2274,6 +2316,7 @@ static bool test_QueryDomainInfoPolicy(struct dcerpc_pipe *p,
                                 struct policy_handle *handle)
 {
        struct lsa_QueryDomainInformationPolicy r;
+       union lsa_DomainInformationPolicy *info = NULL;
        NTSTATUS status;
        int i;
        bool ret = true;
@@ -2283,6 +2326,7 @@ static bool test_QueryDomainInfoPolicy(struct dcerpc_pipe *p,
        for (i=2;i<4;i++) {
                r.in.handle = handle;
                r.in.level = i;
+               r.out.info = &info;
 
                printf("\nTrying QueryDomainInformationPolicy level %d\n", i);
 
@@ -2308,6 +2352,7 @@ static bool test_QueryInfoPolicyCalls(    bool version2,
                                        struct policy_handle *handle)
 {
        struct lsa_QueryInfoPolicy r;
+       union lsa_PolicyInformation *info = NULL;
        NTSTATUS status;
        int i;
        bool ret = true;
@@ -2320,6 +2365,7 @@ static bool test_QueryInfoPolicyCalls(    bool version2,
        for (i=1;i<=14;i++) {
                r.in.handle = handle;
                r.in.level = i;
+               r.out.info = &info;
 
                if (version2)
                        printf("\nTrying QueryInfoPolicy2 level %d\n", i);
@@ -2389,33 +2435,33 @@ static bool test_QueryInfoPolicyCalls(  bool version2,
                        struct lsa_TransNameArray tnames;
                        tnames.count = 14;
                        tnames.names = talloc_zero_array(tctx, struct lsa_TranslatedName, tnames.count);
-                       tnames.names[0].name.string = r.out.info->dns.name.string;
+                       tnames.names[0].name.string = info->dns.name.string;
                        tnames.names[0].sid_type = SID_NAME_DOMAIN;
-                       tnames.names[1].name.string = r.out.info->dns.dns_domain.string;
+                       tnames.names[1].name.string = info->dns.dns_domain.string;
                        tnames.names[1].sid_type = SID_NAME_DOMAIN;
-                       tnames.names[2].name.string = talloc_asprintf(tctx, "%s\\", r.out.info->dns.name.string);
+                       tnames.names[2].name.string = talloc_asprintf(tctx, "%s\\", info->dns.name.string);
                        tnames.names[2].sid_type = SID_NAME_DOMAIN;
-                       tnames.names[3].name.string = talloc_asprintf(tctx, "%s\\", r.out.info->dns.dns_domain.string);
+                       tnames.names[3].name.string = talloc_asprintf(tctx, "%s\\", info->dns.dns_domain.string);
                        tnames.names[3].sid_type = SID_NAME_DOMAIN;
-                       tnames.names[4].name.string = talloc_asprintf(tctx, "%s\\guest", r.out.info->dns.name.string);
+                       tnames.names[4].name.string = talloc_asprintf(tctx, "%s\\guest", info->dns.name.string);
                        tnames.names[4].sid_type = SID_NAME_USER;
-                       tnames.names[5].name.string = talloc_asprintf(tctx, "%s\\krbtgt", r.out.info->dns.name.string);
+                       tnames.names[5].name.string = talloc_asprintf(tctx, "%s\\krbtgt", info->dns.name.string);
                        tnames.names[5].sid_type = SID_NAME_USER;
-                       tnames.names[6].name.string = talloc_asprintf(tctx, "%s\\guest", r.out.info->dns.dns_domain.string);
+                       tnames.names[6].name.string = talloc_asprintf(tctx, "%s\\guest", info->dns.dns_domain.string);
                        tnames.names[6].sid_type = SID_NAME_USER;
-                       tnames.names[7].name.string = talloc_asprintf(tctx, "%s\\krbtgt", r.out.info->dns.dns_domain.string);
+                       tnames.names[7].name.string = talloc_asprintf(tctx, "%s\\krbtgt", info->dns.dns_domain.string);
                        tnames.names[7].sid_type = SID_NAME_USER;
-                       tnames.names[8].name.string = talloc_asprintf(tctx, "krbtgt@%s", r.out.info->dns.name.string);
+                       tnames.names[8].name.string = talloc_asprintf(tctx, "krbtgt@%s", info->dns.name.string);
                        tnames.names[8].sid_type = SID_NAME_USER;
-                       tnames.names[9].name.string = talloc_asprintf(tctx, "krbtgt@%s", r.out.info->dns.dns_domain.string);
+                       tnames.names[9].name.string = talloc_asprintf(tctx, "krbtgt@%s", info->dns.dns_domain.string);
                        tnames.names[9].sid_type = SID_NAME_USER;
-                       tnames.names[10].name.string = talloc_asprintf(tctx, "%s\\"TEST_MACHINENAME "$", r.out.info->dns.name.string);
+                       tnames.names[10].name.string = talloc_asprintf(tctx, "%s\\"TEST_MACHINENAME "$", info->dns.name.string);
                        tnames.names[10].sid_type = SID_NAME_USER;
-                       tnames.names[11].name.string = talloc_asprintf(tctx, "%s\\"TEST_MACHINENAME "$", r.out.info->dns.dns_domain.string);
+                       tnames.names[11].name.string = talloc_asprintf(tctx, "%s\\"TEST_MACHINENAME "$", info->dns.dns_domain.string);
                        tnames.names[11].sid_type = SID_NAME_USER;
-                       tnames.names[12].name.string = talloc_asprintf(tctx, TEST_MACHINENAME "$@%s", r.out.info->dns.name.string);
+                       tnames.names[12].name.string = talloc_asprintf(tctx, TEST_MACHINENAME "$@%s", info->dns.name.string);
                        tnames.names[12].sid_type = SID_NAME_USER;
-                       tnames.names[13].name.string = talloc_asprintf(tctx, TEST_MACHINENAME "$@%s", r.out.info->dns.dns_domain.string);
+                       tnames.names[13].name.string = talloc_asprintf(tctx, TEST_MACHINENAME "$@%s", info->dns.dns_domain.string);
                        tnames.names[13].sid_type = SID_NAME_USER;
                        ret &= test_LookupNames(p, tctx, handle, &tnames);
 
@@ -2444,14 +2490,27 @@ static bool test_GetUserName(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx)
        struct lsa_GetUserName r;
        NTSTATUS status;
        bool ret = true;
-       struct lsa_StringPointer authority_name_p;
+       struct lsa_String *authority_name_p = NULL;
+       struct lsa_String *account_name_p = NULL;
 
        printf("\nTesting GetUserName\n");
 
-       r.in.system_name = "\\";
-       r.in.account_name = NULL;
-       r.in.authority_name = &authority_name_p;
-       authority_name_p.string = NULL;
+       r.in.system_name        = "\\";
+       r.in.account_name       = &account_name_p;
+       r.in.authority_name     = NULL;
+       r.out.account_name      = &account_name_p;
+
+       status = dcerpc_lsa_GetUserName(p, mem_ctx, &r);
+
+       if (!NT_STATUS_IS_OK(status)) {
+               printf("GetUserName failed - %s\n", nt_errstr(status));
+               ret = false;
+       }
+
+       account_name_p = NULL;
+       r.in.account_name       = &account_name_p;
+       r.in.authority_name     = &authority_name_p;
+       r.out.account_name      = &account_name_p;
 
        status = dcerpc_lsa_GetUserName(p, mem_ctx, &r);
 
index 9c817a7061cf7691c8a4336a3554cdaa4e39297d..0124ce1741ad248753d43b743028f17b8ae571be 100644 (file)
@@ -66,15 +66,17 @@ static bool get_domainsid(TALLOC_CTX *mem_ctx, struct dcerpc_pipe *p,
                          struct dom_sid **sid)
 {
        struct lsa_QueryInfoPolicy r;
+       union lsa_PolicyInformation *info = NULL;
        NTSTATUS status;
 
        r.in.level = LSA_POLICY_INFO_DOMAIN;
        r.in.handle = handle;
+       r.out.info = &info;
 
        status = dcerpc_lsa_QueryInfoPolicy(p, mem_ctx, &r);
        if (!NT_STATUS_IS_OK(status)) return false;
 
-       *sid = r.out.info->domain.sid;
+       *sid = info->domain.sid;
        return true;
 }
 
@@ -192,6 +194,7 @@ static bool get_downleveltrust(struct torture_context *tctx, struct dcerpc_pipe
 
        for (i=0; i<domains.count; i++) {
                struct lsa_QueryTrustedDomainInfoBySid q;
+               union lsa_TrustedDomainInfo *info = NULL;
 
                if (domains.domains[i].sid == NULL)
                        continue;
@@ -199,11 +202,13 @@ static bool get_downleveltrust(struct torture_context *tctx, struct dcerpc_pipe
                q.in.handle = handle;
                q.in.dom_sid = domains.domains[i].sid;
                q.in.level = 6;
+               q.out.info = &info;
+
                status = dcerpc_lsa_QueryTrustedDomainInfoBySid(p, tctx, &q);
                if (!NT_STATUS_IS_OK(status)) continue;
 
-               if ((q.out.info->info_ex.trust_direction & 2) &&
-                   (q.out.info->info_ex.trust_type == 1)) {
+               if ((info->info_ex.trust_direction & 2) &&
+                   (info->info_ex.trust_type == 1)) {
                        *sid = domains.domains[i].sid;
                        return true;
                }
index 5a77bd1c29203a9ff35adf68a2f82aa70bcf4fe4..69905169af8e41d139d88d44b9933bae1315c6ce 100644 (file)
@@ -39,7 +39,8 @@ static bool test_random_uuid(struct torture_context *torture)
        struct GUID uuid;
        struct dssetup_DsRoleGetPrimaryDomainInformation r1;
        struct lsa_GetUserName r2;
-       struct lsa_StringPointer authority_name_p;
+       struct lsa_String *authority_name_p = NULL;
+       struct lsa_String *account_name_p = NULL;
 
        torture_comment(torture, "RPC-OBJECTUUID-RANDOM\n");
 
@@ -63,9 +64,10 @@ static bool test_random_uuid(struct torture_context *torture)
        uuid = GUID_random();
 
        r2.in.system_name = "\\";
-       r2.in.account_name = NULL;
+       r2.in.account_name = &account_name_p;
        r2.in.authority_name = &authority_name_p;
-       authority_name_p.string = NULL;
+       r2.out.account_name = &account_name_p;
+       r2.out.authority_name = &authority_name_p;
 
        req = dcerpc_ndr_request_send(p2, &uuid,
                                      &ndr_table_lsarpc,
index 85714ace137300c6a559f0387f81edefd551e60c..a45397de4634515a3a56c5e757e43731f4419969 100644 (file)
@@ -208,6 +208,7 @@ static bool bindtest(struct smbcli_state *cli,
        struct lsa_ObjectAttribute objectattr;
        struct lsa_OpenPolicy2 openpolicy;
        struct lsa_QueryInfoPolicy query;
+       union lsa_PolicyInformation *info = NULL;
        struct policy_handle handle;
        struct lsa_Close close_handle;
 
@@ -256,6 +257,7 @@ static bool bindtest(struct smbcli_state *cli,
 
        query.in.handle = &handle;
        query.in.level = LSA_POLICY_INFO_DOMAIN;
+       query.out.info = &info;
 
        status = dcerpc_lsa_QueryInfoPolicy(lsa_pipe, mem_ctx, &query);
        if (!NT_STATUS_IS_OK(status)) {
@@ -1500,6 +1502,7 @@ static struct dom_sid *name2sid(TALLOC_CTX *mem_ctx,
        struct policy_handle handle;
        struct lsa_LookupNames l;
        struct lsa_TransSidArray sids;
+       struct lsa_RefDomainList *domains = NULL;
        struct lsa_String lsa_name;
        uint32_t count = 0;
        struct dom_sid *result;
@@ -1546,6 +1549,7 @@ static struct dom_sid *name2sid(TALLOC_CTX *mem_ctx,
        l.in.count = &count;
        l.out.count = &count;
        l.out.sids = &sids;
+       l.out.domains = &domains;
 
        status = dcerpc_lsa_LookupNames(p, tmp_ctx, &l);
        if (!NT_STATUS_IS_OK(status)) {
@@ -1555,7 +1559,7 @@ static struct dom_sid *name2sid(TALLOC_CTX *mem_ctx,
                return NULL;
        }
 
-       result = dom_sid_add_rid(mem_ctx, l.out.domains->domains[0].sid,
+       result = dom_sid_add_rid(mem_ctx, domains->domains[0].sid,
                                 l.out.sids->sids[0].rid);
 
        c.in.handle = &handle;
@@ -1583,7 +1587,8 @@ static struct dom_sid *whoami(TALLOC_CTX *mem_ctx,
        struct dcerpc_pipe *lsa;
        struct lsa_GetUserName r;
        NTSTATUS status;
-       struct lsa_StringPointer authority_name_p;
+       struct lsa_String *authority_name_p = NULL;
+       struct lsa_String *account_name_p = NULL;
        struct dom_sid *result;
 
        status = pipe_bind_smb(mem_ctx, lp_ctx, tree, "\\pipe\\lsarpc",
@@ -1595,12 +1600,14 @@ static struct dom_sid *whoami(TALLOC_CTX *mem_ctx,
        }
 
        r.in.system_name = "\\";
-       r.in.account_name = NULL;
-       authority_name_p.string = NULL;
+       r.in.account_name = &account_name_p;
        r.in.authority_name = &authority_name_p;
+       r.out.account_name = &account_name_p;
 
        status = dcerpc_lsa_GetUserName(lsa, mem_ctx, &r);
 
+       authority_name_p = *r.out.authority_name;
+
        if (!NT_STATUS_IS_OK(status)) {
                printf("(%s) GetUserName failed - %s\n",
                       __location__, nt_errstr(status));
@@ -1608,8 +1615,8 @@ static struct dom_sid *whoami(TALLOC_CTX *mem_ctx,
                return NULL;
        }
 
-       result = name2sid(mem_ctx, lsa, r.out.account_name->string,
-                         r.out.authority_name->string->string);
+       result = name2sid(mem_ctx, lsa, account_name_p->string,
+                         authority_name_p->string);
 
        talloc_free(lsa);
        return result;
@@ -2388,8 +2395,10 @@ bool torture_samba3_rpc_lsa(struct torture_context *torture)
 
                for (i=0; i<ARRAY_SIZE(levels); i++) {
                        struct lsa_QueryInfoPolicy r;
+                       union lsa_PolicyInformation *info = NULL;
                        r.in.handle = &lsa_handle;
                        r.in.level = levels[i];
+                       r.out.info = &info;
                        status = dcerpc_lsa_QueryInfoPolicy(p, mem_ctx, &r);
                        if (!NT_STATUS_IS_OK(status)) {
                                d_printf("(%s) dcerpc_lsa_QueryInfoPolicy %d "
@@ -2399,7 +2408,7 @@ bool torture_samba3_rpc_lsa(struct torture_context *torture)
                                return false;
                        }
                        if (levels[i] == 5) {
-                               domain_sid = r.out.info->account_domain.sid;
+                               domain_sid = info->account_domain.sid;
                        }
                }
        }
index 2d2aaa80d6e3633e5f2f5a42625ff67f360af841..fdd86da28cdce0730b989d9f0ca77ce8db93c196 100644 (file)
@@ -204,10 +204,12 @@ static struct sec_desc_buf *samsync_query_lsa_sec_desc(TALLOC_CTX *mem_ctx,
                                                       struct policy_handle *handle) 
 {
        struct lsa_QuerySecurity r;
+       struct sec_desc_buf *sdbuf = NULL;
        NTSTATUS status;
 
        r.in.handle = handle;
        r.in.sec_info = 0x7;
+       r.out.sdbuf = &sdbuf;
 
        status = dcerpc_lsa_QuerySecurity(samsync_state->p_lsa, mem_ctx, &r);
        if (!NT_STATUS_IS_OK(status)) {
@@ -215,7 +217,7 @@ static struct sec_desc_buf *samsync_query_lsa_sec_desc(TALLOC_CTX *mem_ctx,
                return NULL;
        }
 
-       return r.out.sdbuf;
+       return sdbuf;
 }
 
 #define TEST_UINT64_EQUAL(i1, i2) do {\
@@ -965,6 +967,7 @@ static bool samsync_handle_trusted_domain(TALLOC_CTX *mem_ctx, struct samsync_st
        struct policy_handle trustdom_handle;
        struct lsa_QueryTrustedDomainInfo q;
        union lsa_TrustedDomainInfo *info[9];
+       union lsa_TrustedDomainInfo *_info = NULL;
        int levels [] = {1, 3, 8};
        int i;
 
@@ -985,6 +988,7 @@ static bool samsync_handle_trusted_domain(TALLOC_CTX *mem_ctx, struct samsync_st
        for (i=0; i< ARRAY_SIZE(levels); i++) {
                q.in.trustdom_handle = &trustdom_handle;
                q.in.level = levels[i];
+               q.out.info = &_info;
                status = dcerpc_lsa_QueryTrustedDomainInfo(samsync_state->p_lsa, mem_ctx, &q);
                if (!NT_STATUS_IS_OK(status)) {
                        if (q.in.level == 8 && NT_STATUS_EQUAL(status,NT_STATUS_INVALID_PARAMETER)) {
@@ -995,7 +999,7 @@ static bool samsync_handle_trusted_domain(TALLOC_CTX *mem_ctx, struct samsync_st
                               levels[i], nt_errstr(status));
                        return false;
                }
-               info[levels[i]]  = q.out.info;
+               info[levels[i]]  = _info;
        }
 
        if (info[8]) {
@@ -1025,6 +1029,7 @@ static bool samsync_handle_account(TALLOC_CTX *mem_ctx, struct samsync_state *sa
        struct lsa_OpenAccount a;
        struct policy_handle acct_handle;
        struct lsa_EnumPrivsAccount e;
+       struct lsa_PrivilegeSet *privs = NULL;
        struct lsa_LookupPrivName r;
 
        int i, j;
@@ -1047,6 +1052,7 @@ static bool samsync_handle_account(TALLOC_CTX *mem_ctx, struct samsync_state *sa
        found_priv_in_lsa = talloc_zero_array(mem_ctx, bool, account->privilege_entries);
 
        e.in.handle = &acct_handle;
+       e.out.privs = &privs;
 
        status = dcerpc_lsa_EnumPrivsAccount(samsync_state->p_lsa, mem_ctx, &e);
        if (!NT_STATUS_IS_OK(status)) {
@@ -1054,23 +1060,27 @@ static bool samsync_handle_account(TALLOC_CTX *mem_ctx, struct samsync_state *sa
                return false;
        }
 
-       if ((account->privilege_entries && !e.out.privs)) {
+       if ((account->privilege_entries && !privs)) {
                printf("Account %s has privileges in SamSync, but not LSA\n",
                       dom_sid_string(mem_ctx, dom_sid));
                return false;
        }
 
-       if (!account->privilege_entries && e.out.privs && e.out.privs->count) {
+       if (!account->privilege_entries && privs && privs->count) {
                printf("Account %s has privileges in LSA, but not SamSync\n",
                       dom_sid_string(mem_ctx, dom_sid));
                return false;
        }
 
-       TEST_INT_EQUAL(account->privilege_entries, e.out.privs->count);
+       TEST_INT_EQUAL(account->privilege_entries, privs->count);
        
-       for (i=0;i< e.out.privs->count; i++) {
+       for (i=0;i< privs->count; i++) {
+
+               struct lsa_StringLarge *name = NULL;
+
                r.in.handle = samsync_state->lsa_handle;
-               r.in.luid = &e.out.privs->set[i].luid;
+               r.in.luid = &privs->set[i].luid;
+               r.out.name = &name;
                
                status = dcerpc_lsa_LookupPrivName(samsync_state->p_lsa, mem_ctx, &r);
                if (!NT_STATUS_IS_OK(status)) {
@@ -1083,7 +1093,7 @@ static bool samsync_handle_account(TALLOC_CTX *mem_ctx, struct samsync_state *sa
                        return false;
                }
                for (j=0;j<account->privilege_entries; j++) {
-                       if (strcmp(r.out.name->string, account->privilege_name[j].string) == 0) {
+                       if (strcmp(name->string, account->privilege_name[j].string) == 0) {
                                found_priv_in_lsa[j] = true;
                                break;
                        }
index 15d40a2e176a3250c8c14a7e1717eeef9c9f3bc4..a8aa04628020f6494736179705cd950a67999e93 100644 (file)
@@ -182,18 +182,21 @@ static bool test_lsa_ops(struct torture_context *tctx, struct dcerpc_pipe *p)
        struct lsa_GetUserName r;
        NTSTATUS status;
        bool ret = true;
-       struct lsa_StringPointer authority_name_p;
+       struct lsa_String *account_name_p = NULL;
+       struct lsa_String *authority_name_p = NULL;
 
        printf("\nTesting GetUserName\n");
 
        r.in.system_name = "\\";        
-       r.in.account_name = NULL;       
+       r.in.account_name = &account_name_p;
        r.in.authority_name = &authority_name_p;
-       authority_name_p.string = NULL;
+       r.out.account_name = &account_name_p;
 
        /* do several ops to test credential chaining and various operations */
        status = dcerpc_lsa_GetUserName(p, tctx, &r);
-       
+
+       authority_name_p = *r.out.authority_name;
+
        if (NT_STATUS_EQUAL(status, NT_STATUS_RPC_PROTSEQ_NOT_SUPPORTED)) {
                printf("not considering %s to be an error\n", nt_errstr(status));
        } else if (!NT_STATUS_IS_OK(status)) {
@@ -204,18 +207,18 @@ static bool test_lsa_ops(struct torture_context *tctx, struct dcerpc_pipe *p)
                        return false;
                }
                
-               if (strcmp(r.out.account_name->string, "ANONYMOUS LOGON") != 0) {
+               if (strcmp(account_name_p->string, "ANONYMOUS LOGON") != 0) {
                        printf("GetUserName returned wrong user: %s, expected %s\n",
-                              r.out.account_name->string, "ANONYMOUS LOGON");
+                              account_name_p->string, "ANONYMOUS LOGON");
                        return false;
                }
-               if (!r.out.authority_name || !r.out.authority_name->string) {
+               if (!authority_name_p || !authority_name_p->string) {
                        return false;
                }
                
-               if (strcmp(r.out.authority_name->string->string, "NT AUTHORITY") != 0) {
+               if (strcmp(authority_name_p->string, "NT AUTHORITY") != 0) {
                        printf("GetUserName returned wrong user: %s, expected %s\n",
-                              r.out.authority_name->string->string, "NT AUTHORITY");
+                              authority_name_p->string, "NT AUTHORITY");
                        return false;
                }
        }
index 25d52a16b5f900d828253cc8cacaf290beb56392..48a2a4d882d0b1c072cf753046b1962b7493bd9e 100644 (file)
@@ -41,6 +41,7 @@ struct lsa_lookupsids_state {
        struct lsa_LookupSids r;
        struct lsa_SidArray sids;
        struct lsa_TransNameArray names;
+       struct lsa_RefDomainList *domains;
        uint32_t count;
        struct wb_sid_object **result;
 };
@@ -76,6 +77,9 @@ struct composite_context *wb_lsa_lookupsids_send(TALLOC_CTX *mem_ctx,
                if (state->sids.sids[i].sid == NULL) goto failed;
        }
 
+       state->domains = talloc(state, struct lsa_RefDomainList);
+       if (state->domains == NULL) goto failed;
+
        state->count = 0;
        state->num_sids = num_sids;
        state->names.count = 0;
@@ -88,6 +92,7 @@ struct composite_context *wb_lsa_lookupsids_send(TALLOC_CTX *mem_ctx,
        state->r.in.count = &state->count;
        state->r.out.names = &state->names;
        state->r.out.count = &state->count;
+       state->r.out.domains = &state->domains;
 
        req = dcerpc_lsa_LookupSids_send(lsa_pipe, state, &state->r);
        if (req == NULL) goto failed;
@@ -125,6 +130,8 @@ static void lsa_lookupsids_recv_names(struct rpc_request *req)
                struct lsa_TranslatedName *name =
                        &state->r.out.names->names[i];
                struct lsa_DomainInfo *dom;
+               struct lsa_RefDomainList *domains =
+                       state->domains;
 
                state->result[i] = talloc_zero(state->result,
                                               struct wb_sid_object);
@@ -135,13 +142,13 @@ static void lsa_lookupsids_recv_names(struct rpc_request *req)
                        continue;
                }
 
-               if (name->sid_index >= state->r.out.domains->count) {
+               if (name->sid_index >= domains->count) {
                        composite_error(state->ctx,
                                        NT_STATUS_INVALID_PARAMETER);
                        return;
                }
 
-               dom = &state->r.out.domains->domains[name->sid_index];
+               dom = &domains->domains[name->sid_index];
                state->result[i]->domain = talloc_reference(state->result[i],
                                                            dom->name.string);
                if ((name->sid_type == SID_NAME_DOMAIN) ||
@@ -183,6 +190,7 @@ struct lsa_lookupnames_state {
        uint32_t num_names;
        struct lsa_LookupNames r;
        struct lsa_TransSidArray sids;
+       struct lsa_RefDomainList *domains;
        uint32_t count;
        struct wb_sid_object **result;
 };
@@ -222,6 +230,9 @@ struct composite_context *wb_lsa_lookupnames_send(TALLOC_CTX *mem_ctx,
                lsa_names[i].string = names[i];
        }
 
+       state->domains = talloc(state, struct lsa_RefDomainList);
+       if (state->domains == NULL) goto failed;
+
        state->r.in.handle = handle;
        state->r.in.num_names = num_names;
        state->r.in.names = lsa_names;
@@ -230,6 +241,7 @@ struct composite_context *wb_lsa_lookupnames_send(TALLOC_CTX *mem_ctx,
        state->r.in.count = &state->count;
        state->r.out.count = &state->count;
        state->r.out.sids = &state->sids;
+       state->r.out.domains = &state->domains;
 
        req = dcerpc_lsa_LookupNames_send(lsa_pipe, state, &state->r);
        if (req == NULL) goto failed;
@@ -265,6 +277,7 @@ static void lsa_lookupnames_recv_sids(struct rpc_request *req)
 
        for (i=0; i<state->num_names; i++) {
                struct lsa_TranslatedSid *sid = &state->r.out.sids->sids[i];
+               struct lsa_RefDomainList *domains = state->domains;
                struct lsa_DomainInfo *dom;
 
                state->result[i] = talloc_zero(state->result,
@@ -276,13 +289,13 @@ static void lsa_lookupnames_recv_sids(struct rpc_request *req)
                        continue;
                }
 
-               if (sid->sid_index >= state->r.out.domains->count) {
+               if (sid->sid_index >= domains->count) {
                        composite_error(state->ctx,
                                        NT_STATUS_INVALID_PARAMETER);
                        return;
                }
 
-               dom = &state->r.out.domains->domains[sid->sid_index];
+               dom = &domains->domains[sid->sid_index];
 
                state->result[i]->sid = dom_sid_add_rid(state->result[i],
                                                        dom->sid, sid->rid);
index c6dee825a904b481bdfede3025149234914c33fe..531647def80e465ee84ceb6e6a0ac47180615884 100644 (file)
@@ -70,6 +70,7 @@ struct init_domain_state {
        struct lsa_ObjectAttribute objectattr;
        struct lsa_OpenPolicy2 lsa_openpolicy;
        struct lsa_QueryInfoPolicy queryinfo;
+       union lsa_PolicyInformation *info;
 };
 
 static void init_domain_recv_netlogonpipe(struct composite_context *ctx);
@@ -326,8 +327,12 @@ static void init_domain_recv_lsa_policy(struct rpc_request *req)
        state->ctx->status = state->lsa_openpolicy.out.result;
        if (!composite_is_ok(state->ctx)) return;
 
+       state->info = talloc_zero(state->ctx, union lsa_PolicyInformation);
+       if (composite_nomem(state->info, state->ctx)) return;
+
        state->queryinfo.in.handle = &state->domain->libnet_ctx->lsa.handle;
        state->queryinfo.in.level = LSA_POLICY_INFO_ACCOUNT_DOMAIN;
+       state->queryinfo.out.info = &state->info;
 
        req = dcerpc_lsa_QueryInfoPolicy_send(state->domain->libnet_ctx->lsa.pipe, state,
                                              &state->queryinfo);
@@ -347,7 +352,7 @@ static void init_domain_recv_queryinfo(struct rpc_request *req)
        state->ctx->status = state->queryinfo.out.result;
        if (!composite_is_ok(state->ctx)) return;
 
-       dominfo = &state->queryinfo.out.info->account_domain;
+       dominfo = &(*state->queryinfo.out.info)->account_domain;
 
        if (strcasecmp(state->domain->info->name, dominfo->name.string) != 0) {
                DEBUG(2, ("Expected domain name %s, DC %s said %s\n",