From ba5ef49f831dbbfec1a360cd4644999de822e2bc Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Fri, 3 Oct 2008 17:52:59 -0700 Subject: [PATCH] updated the LSA and NETLOGON servers with fixes resulting from the AD plugfest in Redmond --- source4/librpc/idl/lsa.idl | 39 +++++++----- source4/librpc/idl/netlogon.idl | 61 +++++++++++++++---- source4/rpc_server/lsa/dcesrv_lsa.c | 57 +++++++++++++++-- source4/rpc_server/lsa/lsa_lookup.c | 32 +++++++--- source4/rpc_server/netlogon/dcerpc_netlogon.c | 44 +++++++++++-- source4/torture/ndr/lsa.c | 8 +-- source4/torture/rpc/lsa.c | 30 ++++++--- 7 files changed, 211 insertions(+), 60 deletions(-) diff --git a/source4/librpc/idl/lsa.idl b/source4/librpc/idl/lsa.idl index e1c4499022..4dce6d6d1e 100644 --- a/source4/librpc/idl/lsa.idl +++ b/source4/librpc/idl/lsa.idl @@ -140,12 +140,11 @@ import "misc.idl", "security.idl"; typedef struct { uint32 percent_full; - uint32 log_size; - NTTIME retention_time; + uint32 maximum_log_size; + hyper retention_time; uint8 shutdown_in_progress; - NTTIME time_to_shutdown; + hyper time_to_shutdown; uint32 next_audit_record; - uint32 unknown; } lsa_AuditLogInfo; typedef [v1_enum] enum { @@ -183,9 +182,13 @@ import "misc.idl", "security.idl"; lsa_String name; } lsa_PDAccountInfo; + typedef [v1_enum] enum { + LSA_ROLE_BACKUP=2, + LSA_ROLE_PRIMARY=3 + } lsa_Role; + typedef struct { - uint16 unknown; /* an midl padding bug? */ - uint16 role; + lsa_Role role; } lsa_ServerRole; typedef struct { @@ -204,7 +207,7 @@ import "misc.idl", "security.idl"; typedef struct { hyper modified_id; - NTTIME db_create_time; + NTTIME_hyper db_create_time; } lsa_ModificationInfo; typedef struct { @@ -212,7 +215,6 @@ import "misc.idl", "security.idl"; } lsa_AuditFullSetInfo; typedef struct { - uint16 unknown; /* an midl padding bug? */ uint8 shutdown_on_full; uint8 log_is_full; } lsa_AuditFullQueryInfo; @@ -243,7 +245,8 @@ import "misc.idl", "security.idl"; LSA_POLICY_INFO_DB=9, LSA_POLICY_INFO_AUDIT_FULL_SET=10, LSA_POLICY_INFO_AUDIT_FULL_QUERY=11, - LSA_POLICY_INFO_DNS=12 + LSA_POLICY_INFO_DNS=12, + LSA_POLICY_INFO_DNS_INT=13 } lsa_PolicyInfo; typedef [switch_type(uint16)] union { @@ -259,6 +262,7 @@ import "misc.idl", "security.idl"; [case(LSA_POLICY_INFO_AUDIT_FULL_SET)] lsa_AuditFullSetInfo auditfullset; [case(LSA_POLICY_INFO_AUDIT_FULL_QUERY)] lsa_AuditFullQueryInfo auditfullquery; [case(LSA_POLICY_INFO_DNS)] lsa_DnsDomainInfo dns; + [case(LSA_POLICY_INFO_DNS_INT)] lsa_DnsDomainInfo dns; } lsa_PolicyInformation; NTSTATUS lsa_QueryInfoPolicy ( @@ -1009,8 +1013,8 @@ import "misc.idl", "security.idl"; [in,out] lsa_TransSidArray2 *sids, [in] lsa_LookupNamesLevel level, [in,out] uint32 *count, - [in] uint32 unknown1, - [in] uint32 unknown2 + [in] uint32 lookup_options, + [in] uint32 client_revision /* LSA_CLIENT_REVISION* */ ); /* Function 0x3b */ @@ -1068,8 +1072,8 @@ import "misc.idl", "security.idl"; [in,out] lsa_TransSidArray3 *sids, [in] lsa_LookupNamesLevel level, [in,out] uint32 *count, - [in] uint32 unknown1, - [in] uint32 unknown2 + [in] uint32 lookup_options, + [in] uint32 client_revision /* LSA_CLIENT_REVISION* */ ); /* Function 0x45 */ @@ -1148,6 +1152,11 @@ import "misc.idl", "security.idl"; [in] uint32 unknown2 ); + const int LSA_CLIENT_REVISION_NO_DNS = 0x00000001; + const int LSA_CLIENT_REVISION_DNS = 0x00000002; + + const int LSA_LOOKUP_OPTIONS_NO_ISOLATED = 0x80000000; + /* Function 0x4d */ NTSTATUS lsa_LookupNames4( [in,range(0,1000)] uint32 num_names, @@ -1156,8 +1165,8 @@ import "misc.idl", "security.idl"; [in,out] lsa_TransSidArray3 *sids, [in] lsa_LookupNamesLevel level, [in,out] uint32 *count, - [in] uint32 unknown1, - [in] uint32 unknown2 + [in] uint32 lookup_options, + [in] uint32 client_revision /* LSA_CLIENT_REVISION* */ ); /* Function 0x4e */ diff --git a/source4/librpc/idl/netlogon.idl b/source4/librpc/idl/netlogon.idl index 8a36922fdd..22e90878e7 100644 --- a/source4/librpc/idl/netlogon.idl +++ b/source4/librpc/idl/netlogon.idl @@ -1100,6 +1100,16 @@ interface netlogon /****************/ /* Function 0x1d */ + typedef [bitmap32bit] bitmap { + NETR_TRUST_FLAG_IN_FOREST = 0x00000001, + NETR_TRUST_FLAG_OUTBOUND = 0x00000002, + NETR_TRUST_FLAG_TREEROOT = 0x00000004, + NETR_TRUST_FLAG_PRIMARY = 0x00000008, + NETR_TRUST_FLAG_NATIVE = 0x00000010, + NETR_TRUST_FLAG_INBOUND = 0x00000020, + NETR_TRUST_FLAG_MIT_KRB5 = 0x00000080, + NETR_TRUST_FLAG_AES = 0x00000100 + } netr_TrustFlags; typedef [flag(NDR_PAHEX)] struct { uint16 length; @@ -1127,26 +1137,61 @@ interface netlogon [case(2)] netr_DomainQuery1 *query1; } netr_DomainQuery; + typedef struct { + /* these first 3 values come from the fact windows + actually encodes this structure as a UNICODE_STRING + - see MS-NRPC section 2.2.1.3.9 */ + [value(8)] uint32 length; + [value(0)] uint32 dummy; + [value(8)] uint32 size; + netr_TrustFlags flags; + uint32 parent_index; + uint32 trust_type; + uint32 trust_attributes; + } netr_trust_extension; + + typedef struct { + uint16 length; /* value is 16 when info != NULL, otherwise 0 */ + [value(length)] uint16 size; /* value is 16 when info != NULL, otherwise 0 */ + netr_trust_extension *info; + } netr_trust_extension_container; + typedef struct { lsa_String domainname; lsa_String fulldomainname; lsa_String forest; GUID guid; dom_sid2 *sid; - netr_BinaryString unknown1[4]; - uint32 unknown[4]; + netr_trust_extension_container trust_extension; + lsa_String dummystring[3]; + uint32 dummy[4]; } netr_DomainTrustInfo; + typedef struct { + uint32 policy_size; + [size_is(policy_size)] uint8 *policy; + } netr_LsaPolicyInfo; + + typedef [public,bitmap32bit] bitmap { + NETR_WS_FLAG_HANDLES_INBOUND_TRUSTS = 0x00000001, + NETR_WS_FLAG_HANDLES_SPN_UPDATE = 0x00000002 + } netr_WorkstationFlags; + typedef struct { netr_DomainTrustInfo domaininfo; uint32 num_trusts; [size_is(num_trusts)] netr_DomainTrustInfo *trusts; - uint32 unknown[14]; /* room for expansion? */ + netr_LsaPolicyInfo lsa_policy; + lsa_String dns_hostname; + lsa_String dummystring[3]; + netr_WorkstationFlags workstation_flags; + uint32 supported_enc_types; + uint32 dummy[2]; } netr_DomainInfo1; typedef union { [case(1)] netr_DomainInfo1 *info1; - [case(2)] netr_DomainInfo1 *info1; + [case(2)] netr_DomainInfo1 *info2; } netr_DomainInfo; NTSTATUS netr_LogonGetDomainInfo( @@ -1230,14 +1275,6 @@ interface netlogon /****************/ /* Function 0x24 */ - typedef [bitmap32bit] bitmap { - NETR_TRUST_FLAG_IN_FOREST = 0x00000001, - NETR_TRUST_FLAG_OUTBOUND = 0x00000002, - NETR_TRUST_FLAG_TREEROOT = 0x00000004, - NETR_TRUST_FLAG_PRIMARY = 0x00000008, - NETR_TRUST_FLAG_NATIVE = 0x00000010, - NETR_TRUST_FLAG_INBOUND = 0x00000020 - } netr_TrustFlags; typedef [v1_enum] enum { NETR_TRUST_TYPE_DOWNLEVEL = 1, diff --git a/source4/rpc_server/lsa/dcesrv_lsa.c b/source4/rpc_server/lsa/dcesrv_lsa.c index 7b15241b96..5e3be84cc5 100644 --- a/source4/rpc_server/lsa/dcesrv_lsa.c +++ b/source4/rpc_server/lsa/dcesrv_lsa.c @@ -1,3 +1,5 @@ +/* need access mask/acl implementation */ + /* Unix SMB/CIFS implementation. @@ -141,7 +143,8 @@ static NTSTATUS dcesrv_lsa_DeleteObject(struct dcesrv_call_state *dce_call, TALL return NT_STATUS_OK; } else if (h->wire_handle.handle_type == LSA_HANDLE_TRUSTED_DOMAIN) { - struct lsa_trusted_domain_state *trusted_domain_state = h->data; + struct lsa_trusted_domain_state *trusted_domain_state = + talloc_get_type(h->data, struct lsa_trusted_domain_state); ret = ldb_transaction_start(trusted_domain_state->policy->sam_ldb); if (ret != 0) { return NT_STATUS_INTERNAL_DB_CORRUPTION; @@ -187,6 +190,9 @@ static NTSTATUS dcesrv_lsa_DeleteObject(struct dcesrv_call_state *dce_call, TALL r2.in.sid = astate->account_sid; r2.out.rights = rights; + /* dcesrv_lsa_EnumAccountRights takes a LSA_HANDLE_POLICY, + but we have a LSA_HANDLE_ACCOUNT here, so this call + will always fail */ status = dcesrv_lsa_EnumAccountRights(dce_call, mem_ctx, &r2); if (NT_STATUS_EQUAL(status, NT_STATUS_OBJECT_NAME_NOT_FOUND)) { return NT_STATUS_OK; @@ -444,18 +450,46 @@ static NTSTATUS dcesrv_lsa_QueryInfoPolicy2(struct dcesrv_call_state *dce_call, ZERO_STRUCTP(r->out.info); switch (r->in.level) { + case LSA_POLICY_INFO_AUDIT_LOG: + /* we don't need to fill in any of this */ + ZERO_STRUCT(r->out.info->audit_log); + return NT_STATUS_OK; + case LSA_POLICY_INFO_AUDIT_EVENTS: + /* we don't need to fill in any of this */ + ZERO_STRUCT(r->out.info->audit_events); + return NT_STATUS_OK; + case LSA_POLICY_INFO_PD: + /* we don't need to fill in any of this */ + ZERO_STRUCT(r->out.info->pd); + return NT_STATUS_OK; case LSA_POLICY_INFO_DOMAIN: case LSA_POLICY_INFO_ACCOUNT_DOMAIN: return dcesrv_lsa_info_AccountDomain(state, mem_ctx, &r->out.info->account_domain); + case LSA_POLICY_INFO_ROLE: + r->out.info->role.role = LSA_ROLE_PRIMARY; + return NT_STATUS_OK; case LSA_POLICY_INFO_DNS: + case LSA_POLICY_INFO_DNS_INT: return dcesrv_lsa_info_DNS(state, mem_ctx, &r->out.info->dns); - case LSA_POLICY_INFO_DB: + + case LSA_POLICY_INFO_REPLICA: + ZERO_STRUCT(r->out.info->replica); + return NT_STATUS_OK; + + case LSA_POLICY_INFO_QUOTA: + ZERO_STRUCT(r->out.info->quota); + return NT_STATUS_OK; + case LSA_POLICY_INFO_AUDIT_FULL_SET: + case LSA_POLICY_INFO_DB: case LSA_POLICY_INFO_AUDIT_FULL_QUERY: + /* windows gives INVALID_PARAMETER */ + r->out.info = NULL; return NT_STATUS_INVALID_PARAMETER; } + r->out.info = NULL; return NT_STATUS_INVALID_INFO_CLASS; } @@ -468,6 +502,8 @@ static NTSTATUS dcesrv_lsa_QueryInfoPolicy(struct dcesrv_call_state *dce_call, T struct lsa_QueryInfoPolicy2 r2; NTSTATUS status; + ZERO_STRUCT(r2); + r2.in.handle = r->in.handle; r2.in.level = r->in.level; @@ -484,6 +520,7 @@ static NTSTATUS dcesrv_lsa_QueryInfoPolicy(struct dcesrv_call_state *dce_call, T static NTSTATUS dcesrv_lsa_SetInfoPolicy(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx, struct lsa_SetInfoPolicy *r) { + /* need to support this */ DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR); } @@ -502,6 +539,13 @@ static NTSTATUS dcesrv_lsa_ClearAuditLog(struct dcesrv_call_state *dce_call, TAL lsa_CreateAccount This call does not seem to have any long-term effects, hence no database operations + + we need to talk to the MS product group to find out what this account database means! + + answer is that the lsa database is totally separate from the SAM and + ldap databases. We are going to need a separate ldb to store these + accounts. The SIDs on this account bear no relation to the SIDs in + AD */ static NTSTATUS dcesrv_lsa_CreateAccount(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx, struct lsa_CreateAccount *r) @@ -648,7 +692,7 @@ static NTSTATUS dcesrv_lsa_CreateTrustedDomain_base(struct dcesrv_call_state *dc dns_name = r->in.info->domain_name.string; - trusted_domain_state = talloc(mem_ctx, struct lsa_trusted_domain_state); + trusted_domain_state = talloc_zero(mem_ctx, struct lsa_trusted_domain_state); if (!trusted_domain_state) { return NT_STATUS_NO_MEMORY; } @@ -1004,7 +1048,7 @@ static NTSTATUS dcesrv_lsa_OpenTrustedDomain(struct dcesrv_call_state *dce_call, ZERO_STRUCTP(r->out.trustdom_handle); policy_state = policy_handle->data; - trusted_domain_state = talloc(mem_ctx, struct lsa_trusted_domain_state); + trusted_domain_state = talloc_zero(mem_ctx, struct lsa_trusted_domain_state); if (!trusted_domain_state) { return NT_STATUS_NO_MEMORY; } @@ -1088,7 +1132,7 @@ static NTSTATUS dcesrv_lsa_OpenTrustedDomainByName(struct dcesrv_call_state *dce return NT_STATUS_INVALID_PARAMETER; } - trusted_domain_state = talloc(mem_ctx, struct lsa_trusted_domain_state); + trusted_domain_state = talloc_zero(mem_ctx, struct lsa_trusted_domain_state); if (!trusted_domain_state) { return NT_STATUS_NO_MEMORY; } @@ -1228,7 +1272,7 @@ static NTSTATUS dcesrv_lsa_QueryTrustedDomainInfo(struct dcesrv_call_state *dce_ DCESRV_PULL_HANDLE(h, r->in.trustdom_handle, LSA_HANDLE_TRUSTED_DOMAIN); - trusted_domain_state = h->data; + trusted_domain_state = talloc_get_type(h->data, struct lsa_trusted_domain_state); /* pull all the user attributes */ ret = gendb_search_dn(trusted_domain_state->policy->sam_ldb, mem_ctx, @@ -2786,6 +2830,7 @@ static NTSTATUS dcesrv_lsa_SetInfoPolicy2(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx, struct lsa_SetInfoPolicy2 *r) { + /* need to support these */ DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR); } diff --git a/source4/rpc_server/lsa/lsa_lookup.c b/source4/rpc_server/lsa/lsa_lookup.c index 0ffb0572ee..2375a6d27a 100644 --- a/source4/rpc_server/lsa/lsa_lookup.c +++ b/source4/rpc_server/lsa/lsa_lookup.c @@ -525,8 +525,19 @@ NTSTATUS dcesrv_lsa_LookupSids2(struct dcesrv_call_state *dce_call, int i; NTSTATUS status = NT_STATUS_OK; + if (r->in.level < LSA_LOOKUP_NAMES_ALL || + r->in.level > LSA_LOOKUP_NAMES_RODC_REFERRAL_TO_FULL_DC) { + return NT_STATUS_INVALID_PARAMETER; + } + r->out.domains = NULL; + /* NOTE: the WSPP test suite tries SIDs with invalid revision numbers, + and expects NT_STATUS_INVALID_PARAMETER back - we just treat it as + an unknown SID. We could add a SID validator here. (tridge) + MS-DTYP 2.4.2 + */ + status = dcesrv_lsa_get_policy_state(dce_call, mem_ctx, &state); if (!NT_STATUS_IS_OK(status)) { return status; @@ -583,7 +594,7 @@ NTSTATUS dcesrv_lsa_LookupSids2(struct dcesrv_call_state *dce_call, authority_name, sid, r->out.domains, &sid_index); if (!NT_STATUS_IS_OK(status2)) { - return status2; + continue; } r->out.names->names[i].sid_type = rtype; @@ -683,9 +694,8 @@ NTSTATUS dcesrv_lsa_LookupSids(struct dcesrv_call_state *dce_call, TALLOC_CTX *m r2.out.names = NULL; status = dcesrv_lsa_LookupSids2(dce_call, mem_ctx, &r2); - if (NT_STATUS_IS_ERR(status)) { - return status; - } + /* we deliberately don't check for error from the above, + as even on error we are supposed to return the names */ r->out.domains = r2.out.domains; if (!r2.out.names) { @@ -727,6 +737,11 @@ NTSTATUS dcesrv_lsa_LookupNames3(struct dcesrv_call_state *dce_call, DCESRV_PULL_HANDLE(policy_handle, r->in.handle, LSA_HANDLE_POLICY); + if (r->in.level < LSA_LOOKUP_NAMES_ALL || + r->in.level > LSA_LOOKUP_NAMES_RODC_REFERRAL_TO_FULL_DC) { + return NT_STATUS_INVALID_PARAMETER; + } + policy_state = policy_handle->data; r->out.domains = NULL; @@ -830,10 +845,11 @@ NTSTATUS dcesrv_lsa_LookupNames4(struct dcesrv_call_state *dce_call, TALLOC_CTX r2.in.num_names = r->in.num_names; r2.in.names = r->in.names; + r2.in.level = r->in.level; r2.in.sids = r->in.sids; r2.in.count = r->in.count; - r2.in.unknown1 = r->in.unknown1; - r2.in.unknown2 = r->in.unknown2; + r2.in.lookup_options = r->in.lookup_options; + r2.in.client_revision = r->in.client_revision; r2.out.domains = r->out.domains; r2.out.sids = r->out.sids; r2.out.count = r->out.count; @@ -952,8 +968,8 @@ NTSTATUS dcesrv_lsa_LookupNames(struct dcesrv_call_state *dce_call, TALLOC_CTX * r2.in.sids = NULL; r2.in.level = r->in.level; r2.in.count = r->in.count; - r2.in.unknown1 = 0; - r2.in.unknown2 = 0; + r2.in.lookup_options = 0; + r2.in.client_revision = 0; r2.out.count = r->out.count; status = dcesrv_lsa_LookupNames2(dce_call, mem_ctx, &r2); diff --git a/source4/rpc_server/netlogon/dcerpc_netlogon.c b/source4/rpc_server/netlogon/dcerpc_netlogon.c index cceb2a62ac..beb1c4eb06 100644 --- a/source4/rpc_server/netlogon/dcerpc_netlogon.c +++ b/source4/rpc_server/netlogon/dcerpc_netlogon.c @@ -36,6 +36,7 @@ #include "param/param.h" #include "lib/messaging/irpc.h" #include "librpc/gen_ndr/ndr_irpc.h" +#include "librpc/gen_ndr/ndr_netlogon.h" struct server_pipe_state { struct netr_Credential client_challenge; @@ -898,20 +899,36 @@ static NTSTATUS fill_domain_trust_info(TALLOC_CTX *mem_ctx, struct ldb_message *res, struct ldb_message *ref_res, struct netr_DomainTrustInfo *info, - bool is_local) + bool is_local, bool is_trust_list) { ZERO_STRUCTP(info); + info->trust_extension.info = talloc_zero(mem_ctx, struct netr_trust_extension); + info->trust_extension.length = 16; + info->trust_extension.info->flags = + NETR_TRUST_FLAG_TREEROOT | + NETR_TRUST_FLAG_IN_FOREST | + NETR_TRUST_FLAG_PRIMARY; + info->trust_extension.info->parent_index = 0; /* should be index into array + of parent */ + info->trust_extension.info->trust_type = LSA_TRUST_TYPE_UPLEVEL; /* should be based on ldb search for trusts */ + info->trust_extension.info->trust_attributes = LSA_TRUST_ATTRIBUTE_NON_TRANSITIVE; /* needs to be based on ldb search */ + + if (is_trust_list) { + /* MS-NRPC 3.5.4.3.9 - must be set to NULL for trust list */ + info->forest.string = NULL; + } else { + info->forest.string = "bludom.tridgell.net"; /* need ldb search */ + } + if (is_local) { info->domainname.string = samdb_result_string(ref_res, "nETBIOSName", NULL); info->fulldomainname.string = samdb_result_string(ref_res, "dnsRoot", NULL); - info->forest.string = NULL; info->guid = samdb_result_guid(res, "objectGUID"); info->sid = samdb_result_dom_sid(mem_ctx, res, "objectSid"); } else { info->domainname.string = samdb_result_string(res, "flatName", NULL); info->fulldomainname.string = samdb_result_string(res, "trustPartner", NULL); - info->forest.string = NULL; info->guid = samdb_result_guid(res, "objectGUID"); info->sid = samdb_result_dom_sid(mem_ctx, res, "securityIdentifier"); } @@ -942,11 +959,16 @@ static NTSTATUS dcesrv_netr_LogonGetDomainInfo(struct dcesrv_call_state *dce_cal const char *local_domain; + NDR_PRINT_IN_DEBUG(netr_LogonGetDomainInfo, r); + status = dcesrv_netr_creds_server_step_check(dce_call->event_ctx, dce_call->conn->dce_ctx->lp_ctx, r->in.computer_name, mem_ctx, r->in.credential, r->out.return_authenticator, NULL); + if (!NT_STATUS_IS_OK(status)) { + DEBUG(0,(__location__ " Bad credentials - error\n")); + } NT_STATUS_NOT_OK_RETURN(status); sam_ctx = samdb_connect(mem_ctx, dce_call->event_ctx, dce_call->conn->dce_ctx->lp_ctx, dce_call->conn->auth_state.session_info); @@ -992,19 +1014,29 @@ static NTSTATUS dcesrv_netr_LogonGetDomainInfo(struct dcesrv_call_state *dce_cal info1->num_trusts); NT_STATUS_HAVE_NO_MEMORY(info1->trusts); - status = fill_domain_trust_info(mem_ctx, res1[0], ref_res[0], &info1->domaininfo, true); + status = fill_domain_trust_info(mem_ctx, res1[0], ref_res[0], &info1->domaininfo, + true, false); NT_STATUS_NOT_OK_RETURN(status); for (i=0;itrusts[i], false); + status = fill_domain_trust_info(mem_ctx, res2[i], NULL, &info1->trusts[i], + false, true); NT_STATUS_NOT_OK_RETURN(status); } - status = fill_domain_trust_info(mem_ctx, res1[0], ref_res[0], &info1->trusts[i], true); + status = fill_domain_trust_info(mem_ctx, res1[0], ref_res[0], &info1->trusts[i], + true, true); NT_STATUS_NOT_OK_RETURN(status); + info1->dns_hostname.string = "blu.bludom.tridgell.net"; + info1->workstation_flags = + NETR_WS_FLAG_HANDLES_INBOUND_TRUSTS | NETR_WS_FLAG_HANDLES_SPN_UPDATE; + info1->supported_enc_types = 0; /* w2008 gives this 0 */ + r->out.info.info1 = info1; + NDR_PRINT_OUT_DEBUG(netr_LogonGetDomainInfo, r); + return NT_STATUS_OK; } diff --git a/source4/torture/ndr/lsa.c b/source4/torture/ndr/lsa.c index a72a03fa38..0d6d786882 100644 --- a/source4/torture/ndr/lsa.c +++ b/source4/torture/ndr/lsa.c @@ -1538,8 +1538,8 @@ static bool lsarlookupnames2_in_check(struct torture_context *tctx, torture_assert_str_equal(tctx, r->in.names[1].string, "Administrators", "names[1]"); torture_assert_int_equal(tctx, r->in.level, 1, "level"); - torture_assert_int_equal(tctx, r->in.unknown1, 0, "unknown 1"); - torture_assert_int_equal(tctx, r->in.unknown2, 0, "unknown 2"); + torture_assert_int_equal(tctx, r->in.lookup_options, 0, "lookup_options"); + torture_assert_int_equal(tctx, r->in.client_revision, 0, "client_revision"); torture_assert_int_equal(tctx, *r->in.count, 0, "count"); torture_assert_int_equal(tctx, r->in.sids->count, 0, "sids count"); torture_assert(tctx, r->in.sids->sids == NULL, "sids sids"); @@ -1637,8 +1637,8 @@ static bool lsarlookupnames3_in_check(struct torture_context *tctx, torture_assert_str_equal(tctx, r->in.names[1].string, "Administrators", "names[1]"); torture_assert_int_equal(tctx, r->in.level, 1, "level"); - torture_assert_int_equal(tctx, r->in.unknown1, 0, "unknown 1"); - torture_assert_int_equal(tctx, r->in.unknown2, 0, "unknown 2"); + torture_assert_int_equal(tctx, r->in.lookup_options, 0, "lookup_options"); + torture_assert_int_equal(tctx, r->in.client_revision, 0, "client_revision"); torture_assert_int_equal(tctx, *r->in.count, 0, "count"); torture_assert_int_equal(tctx, r->in.sids->count, 0, "sids count"); torture_assert(tctx, r->in.sids->sids == NULL, "sids sids"); diff --git a/source4/torture/rpc/lsa.c b/source4/torture/rpc/lsa.c index 45f67afd69..efbdecab13 100644 --- a/source4/torture/rpc/lsa.c +++ b/source4/torture/rpc/lsa.c @@ -338,8 +338,8 @@ static bool test_LookupNames2(struct dcerpc_pipe *p, r.in.sids = &sids; r.in.level = 1; r.in.count = &count; - r.in.unknown1 = 0; - r.in.unknown2 = 0; + r.in.lookup_options = 0; + r.in.client_revision = 0; r.out.count = &count; r.out.sids = &sids; @@ -383,8 +383,8 @@ static bool test_LookupNames3(struct dcerpc_pipe *p, r.in.sids = &sids; r.in.level = 1; r.in.count = &count; - r.in.unknown1 = 0; - r.in.unknown2 = 0; + r.in.lookup_options = 0; + r.in.client_revision = 0; r.out.count = &count; r.out.sids = &sids; @@ -425,8 +425,8 @@ static bool test_LookupNames4(struct dcerpc_pipe *p, r.in.sids = &sids; r.in.level = 1; r.in.count = &count; - r.in.unknown1 = 0; - r.in.unknown2 = 0; + r.in.lookup_options = 0; + r.in.client_revision = 0; r.out.count = &count; r.out.sids = &sids; @@ -2243,7 +2243,7 @@ static bool test_QueryInfoPolicy(struct dcerpc_pipe *p, bool ret = true; printf("\nTesting QueryInfoPolicy\n"); - for (i=1;i<13;i++) { + for (i=1;i<=13;i++) { r.in.handle = handle; r.in.level = i; @@ -2262,7 +2262,14 @@ static bool test_QueryInfoPolicy(struct dcerpc_pipe *p, break; case LSA_POLICY_INFO_DOMAIN: case LSA_POLICY_INFO_ACCOUNT_DOMAIN: + case LSA_POLICY_INFO_DNS_INT: case LSA_POLICY_INFO_DNS: + case LSA_POLICY_INFO_REPLICA: + case LSA_POLICY_INFO_QUOTA: + case LSA_POLICY_INFO_ROLE: + case LSA_POLICY_INFO_AUDIT_LOG: + case LSA_POLICY_INFO_AUDIT_EVENTS: + case LSA_POLICY_INFO_PD: if (!NT_STATUS_IS_OK(status)) { printf("QueryInfoPolicy failed - %s\n", nt_errstr(status)); ret = false; @@ -2352,7 +2359,14 @@ static bool test_QueryInfoPolicy2(struct dcerpc_pipe *p, break; case LSA_POLICY_INFO_DOMAIN: case LSA_POLICY_INFO_ACCOUNT_DOMAIN: + case LSA_POLICY_INFO_DNS_INT: case LSA_POLICY_INFO_DNS: + case LSA_POLICY_INFO_REPLICA: + case LSA_POLICY_INFO_QUOTA: + case LSA_POLICY_INFO_ROLE: + case LSA_POLICY_INFO_AUDIT_LOG: + case LSA_POLICY_INFO_AUDIT_EVENTS: + case LSA_POLICY_INFO_PD: if (!NT_STATUS_IS_OK(status)) { printf("QueryInfoPolicy2 failed - %s\n", nt_errstr(status)); ret = false; @@ -2458,7 +2472,6 @@ bool torture_rpc_lsa(struct torture_context *tctx) if (!join) { ret = false; } - if (!test_LookupNames_wellknown(p, tctx, handle)) { ret = false; } @@ -2482,7 +2495,6 @@ bool torture_rpc_lsa(struct torture_context *tctx) if (!test_CreateSecret(p, tctx, handle)) { ret = false; } - if (!test_CreateTrustedDomain(p, tctx, handle)) { ret = false; } -- 2.34.1