Fix LSA server to pass more of RPC-LSA and match Windows 2008

This fixes some info levels in the QueryTrustedDomainInfo call, and
changes from implementing lsa_Delete to lsa_DeleteObject (which has an
explicit close and reutrns a NULL handle).

Andrew Bartlett
(This used to be commit 1f12c368b2566b378a6c521c389b8b1bafbcf916)

diff --git a/source4/rpc_server/lsa/dcesrv_lsa.c b/source4/rpc_server/lsa/dcesrv_lsa.c
index f02e2325a082ee79a7e0020a6049f30f48de61ba..096bba3c9fc5af628fea87b923eca59181a30d71 100644 (file)
--- a/source4/rpc_server/lsa/dcesrv_lsa.c
+++ b/source4/rpc_server/lsa/dcesrv_lsa.c
@@ -94,6 +94,16 @@ static NTSTATUS dcesrv_lsa_Close(struct dcesrv_call_state *dce_call, TALLOC_CTX
 */
 static NTSTATUS dcesrv_lsa_Delete(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
                           struct lsa_Delete *r)
+{
+       return NT_STATUS_NOT_SUPPORTED;
+}
+
+
+/* 
+  lsa_DeleteObject
+*/
+static NTSTATUS dcesrv_lsa_DeleteObject(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
+                      struct lsa_DeleteObject *r)
 {
        struct dcesrv_handle *h;
        int ret;
@@ -121,6 +131,8 @@ static NTSTATUS dcesrv_lsa_Delete(struct dcesrv_call_state *dce_call, TALLOC_CTX
                        return NT_STATUS_INVALID_HANDLE;
                }
 
+               ZERO_STRUCTP(r->out.handle);
+
                return NT_STATUS_OK;
        } else if (h->wire_handle.handle_type == LSA_HANDLE_TRUSTED_DOMAIN) {
                struct lsa_trusted_domain_state *trusted_domain_state = h->data;
@@ -131,6 +143,8 @@ static NTSTATUS dcesrv_lsa_Delete(struct dcesrv_call_state *dce_call, TALLOC_CTX
                        return NT_STATUS_INVALID_HANDLE;
                }
 
+               ZERO_STRUCTP(r->out.handle);
+
                return NT_STATUS_OK;
        } else if (h->wire_handle.handle_type == LSA_HANDLE_ACCOUNT) {
                struct lsa_RightSet *rights;
@@ -167,6 +181,8 @@ static NTSTATUS dcesrv_lsa_Delete(struct dcesrv_call_state *dce_call, TALLOC_CTX
                if (!NT_STATUS_IS_OK(status)) {
                        return status;
                }
+
+               ZERO_STRUCTP(r->out.handle);
        } 
        
        return NT_STATUS_INVALID_HANDLE;
@@ -861,7 +877,7 @@ static NTSTATUS dcesrv_lsa_DeleteTrustedDomain(struct dcesrv_call_state *dce_cal
 {
        NTSTATUS status;
        struct lsa_OpenTrustedDomain open;
-       struct lsa_Delete delete;
+       struct lsa_DeleteObject delete;
        struct dcesrv_handle *h;
 
        open.in.handle = r->in.handle;
@@ -880,7 +896,8 @@ static NTSTATUS dcesrv_lsa_DeleteTrustedDomain(struct dcesrv_call_state *dce_cal
        talloc_steal(mem_ctx, h);
 
        delete.in.handle = open.out.trustdom_handle;
-       status = dcesrv_lsa_Delete(dce_call, mem_ctx, &delete);
+       delete.out.handle = open.out.trustdom_handle;
+       status = dcesrv_lsa_DeleteObject(dce_call, mem_ctx, &delete);
        if (!NT_STATUS_IS_OK(status)) {
                return status;
        }
@@ -924,6 +941,7 @@ static NTSTATUS dcesrv_lsa_QueryTrustedDomainInfo(struct dcesrv_call_state *dce_
                "trustDirection",
                "trustType",
                "trustAttributes", 
+               "msDs-supportedEncryptionTypes",
                NULL
        };
 
@@ -967,12 +985,19 @@ static NTSTATUS dcesrv_lsa_QueryTrustedDomainInfo(struct dcesrv_call_state *dce_
                ZERO_STRUCT(r->out.info->full_info);
                return fill_trust_domain_ex(mem_ctx, msg, &r->out.info->full_info.info_ex);
 
-       case LSA_TRUSTED_DOMAIN_INFO_INFO_ALL:
-               ZERO_STRUCT(r->out.info->info_all);
-               return fill_trust_domain_ex(mem_ctx, msg, &r->out.info->info_all.info_ex);
+       case LSA_TRUSTED_DOMAIN_INFO_FULL_INFO_2_INTERNAL:
+               ZERO_STRUCT(r->out.info->info2_internal);
+               r->out.info->info2_internal.posix_offset.posix_offset
+                       = samdb_result_uint(msg, "posixOffset", 0);                                        
+               return fill_trust_domain_ex(mem_ctx, msg, &r->out.info->info2_internal.info_ex);
+               
+       case LSA_TRUSTED_DOMAIN_SUPPORTED_ENCRTYPION_TYPES:
+               r->out.info->enc_types.enc_types
+                       = samdb_result_uint(msg, "msDs-supportedEncryptionTypes", KERB_ENCTYPE_RC4_HMAC_MD5);
+               break;
 
-       case LSA_TRUSTED_DOMAIN_INFO_CONTROLLERS_INFO:
-       case LSA_TRUSTED_DOMAIN_INFO_11:
+       case LSA_TRUSTED_DOMAIN_INFO_CONTROLLERS:
+       case LSA_TRUSTED_DOMAIN_INFO_INFO_EX2_INTERNAL:
                /* oops, we don't want to return the info after all */
                talloc_free(r->out.info);
                r->out.info = NULL;
@@ -2310,16 +2335,6 @@ static NTSTATUS dcesrv_lsa_LookupPrivDisplayName(struct dcesrv_call_state *dce_c
 }
 
 
-/* 
-  lsa_DeleteObject
-*/
-static NTSTATUS dcesrv_lsa_DeleteObject(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
-                      struct lsa_DeleteObject *r)
-{
-       DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
-}
-
-
 /* 
   lsa_EnumAccountsWithUserRight
 */