summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorAndrew Bartlett <abartlet@samba.org>2011-12-07 16:03:04 +1100
committerAndrew Bartlett <abartlet@samba.org>2011-12-12 12:57:07 +0100
commitc9d929af8ba018816df69734bed1c197d0c3b7f2 (patch)
treed47340212f302fc1a17791ad794be28b1cc2677b
parentc79db40040e27e1f7853db322d7c7460895d57bc (diff)
downloadsamba-c9d929af8ba018816df69734bed1c197d0c3b7f2.tar.gz
samba-c9d929af8ba018816df69734bed1c197d0c3b7f2.tar.xz
samba-c9d929af8ba018816df69734bed1c197d0c3b7f2.zip
s4-lsarpc handle more info levels in SetInfoTrustedDomain calls
This uses the very helpful conversion functions written for the s3 lsa server and places these in common. Andrew Bartlett
-rw-r--r--libcli/auth/wscript_build2
-rw-r--r--libcli/lsarpc/util_lsarpc.c (renamed from source3/rpc_client/util_lsarpc.c)36
-rw-r--r--libcli/lsarpc/util_lsarpc.h (renamed from source3/rpc_client/util_lsarpc.h)13
-rw-r--r--libcli/lsarpc/wscript_build5
-rw-r--r--selftest/knownfail2
-rw-r--r--source3/Makefile.in4
-rw-r--r--source3/rpc_server/lsa/srv_lsa_nt.c2
-rw-r--r--source3/torture/test_authinfo_structs.c2
-rwxr-xr-xsource3/wscript_build4
-rw-r--r--source4/rpc_server/lsa/dcesrv_lsa.c22
-rwxr-xr-xsource4/rpc_server/wscript_build2
-rw-r--r--wscript_build1
12 files changed, 73 insertions, 22 deletions
diff --git a/libcli/auth/wscript_build b/libcli/auth/wscript_build
index a140df2cc0..ff8b82ebd0 100644
--- a/libcli/auth/wscript_build
+++ b/libcli/auth/wscript_build
@@ -2,7 +2,7 @@
bld.SAMBA_LIBRARY('cliauth',
source='',
- deps='NTLMSSP_COMMON MSRPC_PARSE LIBCLI_AUTH COMMON_SCHANNEL PAM_ERRORS SPNEGO_PARSE KRB5_WRAP errors NTLM_CHECK',
+ deps='NTLMSSP_COMMON MSRPC_PARSE LIBCLI_AUTH COMMON_SCHANNEL PAM_ERRORS SPNEGO_PARSE KRB5_WRAP errors NTLM_CHECK UTIL_LSARPC',
private_library=True,
grouping_library=True)
diff --git a/source3/rpc_client/util_lsarpc.c b/libcli/lsarpc/util_lsarpc.c
index d67144b18f..0243e09e4b 100644
--- a/source3/rpc_client/util_lsarpc.c
+++ b/libcli/lsarpc/util_lsarpc.c
@@ -20,7 +20,7 @@
#include "includes.h"
#include "../librpc/gen_ndr/ndr_drsblobs.h"
#include "../librpc/gen_ndr/ndr_lsa.h"
-#include "rpc_client/util_lsarpc.h"
+#include "libcli/lsarpc/util_lsarpc.h"
static NTSTATUS ai_array_2_trust_domain_info_buffer(TALLOC_CTX *mem_ctx,
uint32_t count,
@@ -186,9 +186,9 @@ NTSTATUS auth_blob_2_auth_info(TALLOC_CTX *mem_ctx,
}
static NTSTATUS trust_domain_info_buffer_2_ai_array(TALLOC_CTX *mem_ctx,
- uint32_t count,
- struct lsa_TrustDomainInfoBuffer *b,
- struct AuthenticationInformationArray *ai)
+ uint32_t count,
+ struct lsa_TrustDomainInfoBuffer *b,
+ struct AuthenticationInformationArray *ai)
{
NTSTATUS status;
int i;
@@ -250,11 +250,11 @@ fail:
return status;
}
-static NTSTATUS auth_info_2_trustauth_inout_blob(TALLOC_CTX *mem_ctx,
+NTSTATUS auth_info_2_trustauth_inout(TALLOC_CTX *mem_ctx,
uint32_t count,
struct lsa_TrustDomainInfoBuffer *current,
struct lsa_TrustDomainInfoBuffer *previous,
- DATA_BLOB *inout_blob)
+ struct trustAuthInOutBlob **iopw_out)
{
NTSTATUS status;
struct trustAuthInOutBlob *iopw;
@@ -284,6 +284,30 @@ static NTSTATUS auth_info_2_trustauth_inout_blob(TALLOC_CTX *mem_ctx,
iopw->previous.array = NULL;
}
+ *iopw_out = iopw;
+
+ status = NT_STATUS_OK;
+
+done:
+ return status;
+}
+
+static NTSTATUS auth_info_2_trustauth_inout_blob(TALLOC_CTX *mem_ctx,
+ uint32_t count,
+ struct lsa_TrustDomainInfoBuffer *current,
+ struct lsa_TrustDomainInfoBuffer *previous,
+ DATA_BLOB *inout_blob)
+{
+ NTSTATUS status;
+ struct trustAuthInOutBlob *iopw = NULL;
+ enum ndr_err_code ndr_err;
+
+ status = auth_info_2_trustauth_inout(mem_ctx, count, current, previous, &iopw);
+
+ if (!NT_STATUS_IS_OK(status)) {
+ goto done;
+ }
+
ndr_err = ndr_push_struct_blob(inout_blob, mem_ctx,
iopw,
(ndr_push_flags_fn_t)ndr_push_trustAuthInOutBlob);
diff --git a/source3/rpc_client/util_lsarpc.h b/libcli/lsarpc/util_lsarpc.h
index 0aa5e25b7a..2b471745f1 100644
--- a/source3/rpc_client/util_lsarpc.h
+++ b/libcli/lsarpc/util_lsarpc.h
@@ -17,16 +17,21 @@
along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
-#ifndef _RPC_CLIENT_UTIL_LSARPC_H_
-#define _RPC_CLIENT_UTIL_LSARPC_H_
+#ifndef _LIBCLI_AUTH_UTIL_LSARPC_H_
+#define _LIBCLI_AUTH_UTIL_LSARPC_H_
-/* The following definitions come from rpc_client/util_lsarpc.c */
+/* The following definitions come from libcli/auth/util_lsarpc.c */
NTSTATUS auth_blob_2_auth_info(TALLOC_CTX *mem_ctx,
DATA_BLOB incoming, DATA_BLOB outgoing,
struct lsa_TrustDomainInfoAuthInfo *auth_info);
+NTSTATUS auth_info_2_trustauth_inout(TALLOC_CTX *mem_ctx,
+ uint32_t count,
+ struct lsa_TrustDomainInfoBuffer *current,
+ struct lsa_TrustDomainInfoBuffer *previous,
+ struct trustAuthInOutBlob **iopw_out);
NTSTATUS auth_info_2_auth_blob(TALLOC_CTX *mem_ctx,
struct lsa_TrustDomainInfoAuthInfo *auth_info,
DATA_BLOB *incoming, DATA_BLOB *outgoing);
-#endif /* _RPC_CLIENT_UTIL_LSARPC_H_ */
+#endif /* _LIBCLI_AUTH_UTIL_LSARPC_H_ */
diff --git a/libcli/lsarpc/wscript_build b/libcli/lsarpc/wscript_build
new file mode 100644
index 0000000000..feb3970041
--- /dev/null
+++ b/libcli/lsarpc/wscript_build
@@ -0,0 +1,5 @@
+#!/usr/bin/env python
+
+bld.SAMBA_SUBSYSTEM('UTIL_LSARPC',
+ source='util_lsarpc.c',
+ deps='NDR_LSA');
diff --git a/selftest/knownfail b/selftest/knownfail
index 589a784298..9e52fa8943 100644
--- a/selftest/knownfail
+++ b/selftest/knownfail
@@ -106,4 +106,4 @@
^samba4.ldap.acl.*.AclSearchTests.test_search4$ # ACL search behaviour not enabled by default
^samba4.ldap.acl.*.AclSearchTests.test_search5$ # ACL search behaviour not enabled by default
^samba4.ldap.acl.*.AclSearchTests.test_search6$ # ACL search behaviour not enabled by default
-^samba4.rpc.lsa.forest # Not fully provided by Samba 4
+^samba4.rpc.lsa.forest.trust #Not fully provided by Samba4
diff --git a/source3/Makefile.in b/source3/Makefile.in
index 0d89c14fbf..b0c17f6cff 100644
--- a/source3/Makefile.in
+++ b/source3/Makefile.in
@@ -704,7 +704,7 @@ DCE_RPC_EP_OBJ = librpc/rpc/dcerpc_ep.o
RPC_LSARPC_OBJ = rpc_server/lsa/srv_lsa_nt.o \
librpc/gen_ndr/srv_lsa.o \
- rpc_client/util_lsarpc.o
+ ../libcli/lsarpc/util_lsarpc.o
RPC_NETLOGON_OBJ = rpc_server/netlogon/srv_netlog_nt.o \
librpc/gen_ndr/srv_netlogon.o
@@ -1271,7 +1271,7 @@ SMBTORTURE_OBJ = $(SMBTORTURE_OBJ1) $(PARAM_OBJ) $(TLDAP_OBJ) \
@LIBWBCLIENT_STATIC@ \
torture/wbc_async.o \
../nsswitch/wb_reqtrans.o \
- rpc_client/util_lsarpc.o \
+ ../libcli/lsarpc/util_lsarpc.o \
$(LIBMSRPC_OBJ) $(LIBMSRPC_GEN_OBJ) $(LIBCLI_ECHO_OBJ)
MASKTEST_OBJ = torture/masktest.o $(PARAM_OBJ) $(LIBSMB_OBJ) $(KRBCLIENT_OBJ) \
diff --git a/source3/rpc_server/lsa/srv_lsa_nt.c b/source3/rpc_server/lsa/srv_lsa_nt.c
index a83938acbe..0a5cda503d 100644
--- a/source3/rpc_server/lsa/srv_lsa_nt.c
+++ b/source3/rpc_server/lsa/srv_lsa_nt.c
@@ -48,7 +48,7 @@
#include "rpc_server/srv_access_check.h"
#include "../librpc/gen_ndr/ndr_wkssvc.h"
#include "../libcli/auth/libcli_auth.h"
-#include "rpc_client/util_lsarpc.h"
+#include "../libcli/lsarpc/util_lsarpc.h"
#undef DBGC_CLASS
#define DBGC_CLASS DBGC_RPC_SRV
diff --git a/source3/torture/test_authinfo_structs.c b/source3/torture/test_authinfo_structs.c
index eea253dddc..0b5cff7b04 100644
--- a/source3/torture/test_authinfo_structs.c
+++ b/source3/torture/test_authinfo_structs.c
@@ -21,7 +21,7 @@
#include "includes.h"
#include "torture/proto.h"
#include "librpc/gen_ndr/lsa.h"
-#include "rpc_client/util_lsarpc.h"
+#include "libcli/lsarpc/util_lsarpc.h"
static bool cmp_TrustDomainInfoBuffer(struct lsa_TrustDomainInfoBuffer a,
struct lsa_TrustDomainInfoBuffer b)
diff --git a/source3/wscript_build b/source3/wscript_build
index 8ca98b33b0..b07539f7f6 100755
--- a/source3/wscript_build
+++ b/source3/wscript_build
@@ -32,7 +32,7 @@ DRSUAPI_SRC = '''${COMPRESSION_SRC}'''
LIBCLI_SPOOLSS_SRC = '''rpc_client/cli_spoolss.c
rpc_client/init_spoolss.c'''
-LIBCLI_LSA_SRC = '''rpc_client/cli_lsarpc.c rpc_client/util_lsarpc.c'''
+LIBCLI_LSA_SRC = '''rpc_client/cli_lsarpc.c'''
LIBCLI_SAMR_SRC = 'rpc_client/cli_samr.c'
@@ -1077,7 +1077,7 @@ bld.SAMBA3_SUBSYSTEM('LIBCLI_SAMR',
bld.SAMBA3_LIBRARY('libcli_lsa3',
source=LIBCLI_LSA_SRC,
- deps='RPC_NDR_LSA INIT_LSA',
+ deps='RPC_NDR_LSA INIT_LSA UTIL_LSARPC',
private_library=True)
bld.SAMBA3_LIBRARY('libcli_netlogon3',
diff --git a/source4/rpc_server/lsa/dcesrv_lsa.c b/source4/rpc_server/lsa/dcesrv_lsa.c
index acab1874af..609fb65308 100644
--- a/source4/rpc_server/lsa/dcesrv_lsa.c
+++ b/source4/rpc_server/lsa/dcesrv_lsa.c
@@ -32,6 +32,7 @@
#include "dsdb/common/util.h"
#include "libcli/security/session.h"
#include "kdc/kdc-policy.h"
+#include "libcli/lsarpc/util_lsarpc.h"
/*
this type allows us to distinguish handle types
@@ -1601,7 +1602,7 @@ static NTSTATUS setInfoTrustedDomain_base(struct dcesrv_call_state *dce_call,
uint32_t *enc_types = NULL;
DATA_BLOB trustAuthIncoming, trustAuthOutgoing, auth_blob;
struct trustDomainPasswords auth_struct;
- struct AuthenticationInformationArray *current_passwords = NULL;
+ struct trustAuthInOutBlob *current_passwords = NULL;
NTSTATUS nt_status;
struct ldb_message **msgs;
struct ldb_message *msg;
@@ -1644,8 +1645,23 @@ static NTSTATUS setInfoTrustedDomain_base(struct dcesrv_call_state *dce_call,
}
if (auth_info) {
- /* FIXME: not handled yet */
- return NT_STATUS_INVALID_PARAMETER;
+ nt_status = auth_info_2_auth_blob(mem_ctx, auth_info,
+ &trustAuthIncoming,
+ &trustAuthOutgoing);
+ if (!NT_STATUS_IS_OK(nt_status)) {
+ return nt_status;
+ }
+ if (trustAuthIncoming.data) {
+ /* This does the decode of some of this twice, but it is easier that way */
+ nt_status = auth_info_2_trustauth_inout(mem_ctx,
+ auth_info->incoming_count,
+ auth_info->incoming_current_auth_info,
+ NULL,
+ &current_passwords);
+ if (!NT_STATUS_IS_OK(nt_status)) {
+ return nt_status;
+ }
+ }
}
/* decode auth_info_int if set */
diff --git a/source4/rpc_server/wscript_build b/source4/rpc_server/wscript_build
index cf6d71227b..ffdee2394a 100755
--- a/source4/rpc_server/wscript_build
+++ b/source4/rpc_server/wscript_build
@@ -93,7 +93,7 @@ bld.SAMBA_MODULE('dcerpc_lsarpc',
autoproto='lsa/proto.h',
subsystem='dcerpc_server',
init_function='dcerpc_server_lsa_init',
- deps='samdb DCERPC_COMMON ndr-standard LIBCLI_AUTH NDR_DSSETUP com_err security kdc-policy'
+ deps='samdb DCERPC_COMMON ndr-standard LIBCLI_AUTH NDR_DSSETUP com_err security kdc-policy UTIL_LSARPC'
)
diff --git a/wscript_build b/wscript_build
index b11c642188..5e0c05c216 100644
--- a/wscript_build
+++ b/wscript_build
@@ -102,6 +102,7 @@ bld.RECURSE('libcli/ldap')
bld.RECURSE('libcli/nbt')
bld.RECURSE('libcli/netlogon')
bld.RECURSE('libcli/auth')
+bld.RECURSE('libcli/lsarpc')
bld.RECURSE('libcli/drsuapi')
bld.RECURSE('libcli/echo')
bld.RECURSE('libcli/samsync')