[size_is(1)] AuthenticationInformation array[];
} AuthenticationInformationArray;
- typedef [public,nopull,nopush,noprint] struct {
+ typedef [public,nopull,nopush,noprint,gensize] struct {
uint32 count;
[relative] AuthenticationInformationArray *current;
[relative] AuthenticationInformationArray *previous;
} trustAuthInOutBlob;
+ typedef [public] struct {
+ uint8 confounder[512];
+ trustAuthInOutBlob outgoing;
+ trustAuthInOutBlob incoming;
+ [value(ndr_size_trustAuthInOutBlob(&outgoing, ndr->flags))] uint32 outgoing_size;
+ [value(ndr_size_trustAuthInOutBlob(&incoming, ndr->flags))] uint32 incoming_size;
+ } trustAuthInAndOutBlob;
+
void decode_trustAuthInOut(
[in] trustAuthInOutBlob blob
);
lsa_TrustDomainInfoAuthInfo auth_info;
} lsa_TrustDomainInfoFullInfo;
+ typedef struct {
+ lsa_DATA_BUF2 auth_blob;
+ } lsa_TrustDomainInfoAuthInfoInternal;
+
+ typedef struct {
+ lsa_TrustDomainInfoInfoEx info_ex;
+ lsa_TrustDomainInfoPosixOffset posix_offset;
+ lsa_TrustDomainInfoAuthInfoInternal auth_info;
+ } lsa_TrustDomainInfoFullInfoInternal;
+
typedef struct {
lsa_TrustDomainInfoInfoEx info_ex;
- lsa_DATA_BUF2 data1;
+ uint32 forest_trust_length;
+ [size_is(forest_trust_length)] uint8 *forest_trust_data;
} lsa_TrustDomainInfoInfoEx2Internal;
typedef struct {
- lsa_TrustDomainInfoInfoEx info_ex;
- lsa_DATA_BUF2 data1;
+ lsa_TrustDomainInfoInfoEx2Internal info;
lsa_TrustDomainInfoPosixOffset posix_offset;
lsa_TrustDomainInfoAuthInfo auth_info;
} lsa_TrustDomainInfoInfo2Internal;
[case(LSA_TRUSTED_DOMAIN_INFO_FULL_INFO)]
lsa_TrustDomainInfoFullInfo full_info;
[case(LSA_TRUSTED_DOMAIN_INFO_AUTH_INFO_INTERNAL)]
- lsa_TrustDomainInfoAuthInfo auth_info_internal;
+ lsa_TrustDomainInfoAuthInfoInternal auth_info_internal;
[case(LSA_TRUSTED_DOMAIN_INFO_FULL_INFO_INTERNAL)]
- lsa_TrustDomainInfoFullInfo full_info_internal;
+ lsa_TrustDomainInfoFullInfoInternal full_info_internal;
[case(LSA_TRUSTED_DOMAIN_INFO_INFO_EX2_INTERNAL)]
lsa_TrustDomainInfoInfoEx2Internal info_ex2_internal;
[case(LSA_TRUSTED_DOMAIN_INFO_FULL_INFO_2_INTERNAL)]
NTSTATUS lsa_CreateTrustedDomainEx(
[in] policy_handle *policy_handle,
[in] lsa_TrustDomainInfoInfoEx *info,
- [in] lsa_TrustDomainInfoAuthInfo *auth_info,
+ [in] lsa_TrustDomainInfoAuthInfoInternal *auth_info,
[in] uint32 access_mask,
[out] policy_handle *trustdom_handle
);
NTSTATUS lsa_CreateTrustedDomainEx2(
[in] policy_handle *policy_handle,
[in] lsa_TrustDomainInfoInfoEx *info,
- [in] lsa_TrustDomainInfoAuthInfo *auth_info,
+ [in] lsa_TrustDomainInfoAuthInfoInternal *auth_info,
[in] uint32 access_mask,
[out] policy_handle *trustdom_handle
);
#include "torture/torture.h"
#include "librpc/gen_ndr/ndr_lsa_c.h"
#include "librpc/gen_ndr/netlogon.h"
+#include "librpc/gen_ndr/ndr_drsblobs.h"
#include "lib/events/events.h"
#include "libcli/security/security.h"
#include "libcli/auth/libcli_auth.h"
#include "torture/rpc/rpc.h"
#include "param/param.h"
+#include "lib/crypto/crypto.h"
#define TEST_MACHINENAME "lsatestmach"
static void init_lsa_String(struct lsa_String *name, const char *s)
return false;
}
+ /* Start from the bottom again */
+ resume_handle = 0;
+
do {
r.in.handle = handle;
r.in.resume_handle = &resume_handle;
}
static bool test_CreateTrustedDomainEx2(struct dcerpc_pipe *p,
+ struct torture_context *tctx,
TALLOC_CTX *mem_ctx,
struct policy_handle *handle)
{
bool ret = true;
struct lsa_CreateTrustedDomainEx2 r;
struct lsa_TrustDomainInfoInfoEx trustinfo;
+ struct lsa_TrustDomainInfoAuthInfoInternal authinfo;
+ struct trustAuthInAndOutBlob auth_struct;
+ DATA_BLOB auth_blob;
struct dom_sid *domsid[12];
struct policy_handle trustdom_handle[12];
struct lsa_QueryTrustedDomainInfo q;
+ DATA_BLOB session_key;
+ enum ndr_err_code ndr_err;
int i;
printf("Testing CreateTrustedDomainEx2 for 12 domains\n");
+ status = dcerpc_fetch_session_key(p, &session_key);
+ if (!NT_STATUS_IS_OK(status)) {
+ printf("dcerpc_fetch_session_key failed - %s\n", nt_errstr(status));
+ return false;
+ }
+
for (i=0; i< 12; i++) {
char *trust_name = talloc_asprintf(mem_ctx, "torturedom%02d", i);
char *trust_name_dns = talloc_asprintf(mem_ctx, "torturedom%02d.samba.example.com", i);
trustinfo.trust_attributes = LSA_TRUST_ATTRIBUTE_USES_RC4_ENCRYPTION;
+ generate_random_buffer(auth_struct.confounder, sizeof(auth_struct.confounder));
+
+ auth_struct.outgoing.count = 0;
+ auth_struct.incoming.count = 0;
+
+ ndr_err = ndr_push_struct_blob(&auth_blob, mem_ctx, lp_iconv_convenience(tctx->lp_ctx), &auth_struct,
+ (ndr_push_flags_fn_t)ndr_push_trustAuthInAndOutBlob);
+ if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+ printf("ndr_push_struct_blob of trustAuthInAndOutBlob structure failed");
+ ret = false;
+ }
+
+ arcfour_crypt_blob(auth_blob.data, auth_blob.length, &session_key);
+
+ authinfo.auth_blob.size = auth_blob.length;
+ authinfo.auth_blob.data = auth_blob.data;
+
r.in.policy_handle = handle;
r.in.info = &trustinfo;
- r.in.auth_info = NULL;
+ r.in.auth_info = &authinfo;
r.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
r.out.trustdom_handle = &trustdom_handle[i];
status = dcerpc_lsa_CreateTrustedDomainEx2(p, mem_ctx, &r);
}
if (!NT_STATUS_IS_OK(status)) {
- printf("CreateTrustedDomainEx failed - %s\n", nt_errstr(status));
+ printf("CreateTrustedDomainEx failed2 - %s\n", nt_errstr(status));
ret = false;
} else {
ret = false;
}
- if (!test_CreateTrustedDomainEx2(p, tctx, handle)) {
+ if (!test_CreateTrustedDomainEx2(p, tctx, tctx, handle)) {
ret = false;
}