s3-lsa: Add conversion for auth info structs

struct lsa_TrustDomainInfoAuthInfo and struct
trustAuthInOutBlob can store the same information for different usage. The added
routines can convert one struct into the other.

Signed-off-by: Günther Deschner <gd@samba.org>

Autobuild-User: Günther Deschner <gd@samba.org>
Autobuild-Date: Mon Sep 12 15:52:17 CEST 2011 on sn-devel-104

8 files changed, 608 insertions, 37 deletions

diff --git a/source3/Makefile.in b/source3/Makefile.in
index bf66af47089..1b796377c0a 100644
--- a/source3/Makefile.in
+++ b/source3/Makefile.in
@@ -688,7 +688,8 @@ LIB_EVENTLOG_OBJ = lib/eventlog/eventlog.o
 DCE_RPC_EP_OBJ = librpc/rpc/dcerpc_ep.o
 
 RPC_LSARPC_OBJ = rpc_server/lsa/srv_lsa_nt.o \
-		 librpc/gen_ndr/srv_lsa.o
+		 librpc/gen_ndr/srv_lsa.o \
+		 rpc_client/util_lsarpc.o
 
 RPC_NETLOGON_OBJ = rpc_server/netlogon/srv_netlog_nt.o \
 		   librpc/gen_ndr/srv_netlogon.o
@@ -1255,13 +1256,15 @@ SMBTORTURE_OBJ1 = torture/torture.o torture/nbio.o torture/scanner.o torture/uta
 		torture/test_addrchange.o \
 		torture/test_case_insensitive.o \
 		torture/test_posix_append.o \
-		torture/test_smb2.o
+		torture/test_smb2.o \
+		torture/test_authinfo_structs.o
 
 SMBTORTURE_OBJ = $(SMBTORTURE_OBJ1) $(PARAM_OBJ) $(TLDAP_OBJ) \
 	$(LIBSMB_OBJ) $(KRBCLIENT_OBJ) $(LIB_NONSMBD_OBJ) \
 	@LIBWBCLIENT_STATIC@ \
         torture/wbc_async.o \
         ../nsswitch/wb_reqtrans.o \
+	rpc_client/util_lsarpc.o \
 	$(LIBMSRPC_OBJ) $(LIBMSRPC_GEN_OBJ) $(LIBCLI_ECHO_OBJ)
 
 MASKTEST_OBJ = torture/masktest.o $(PARAM_OBJ) $(LIBSMB_OBJ) $(KRBCLIENT_OBJ) \
diff --git a/source3/rpc_client/util_lsarpc.c b/source3/rpc_client/util_lsarpc.c
new file mode 100644
index 00000000000..e607a0cffb0
--- /dev/null
+++ b/source3/rpc_client/util_lsarpc.c
@@ -0,0 +1,334 @@
+/*
+   Unix SMB/CIFS implementation.
+   Authentication utility functions
+   Copyright (C) Sumit Bose 2010
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "../librpc/gen_ndr/ndr_drsblobs.h"
+#include "../librpc/gen_ndr/ndr_lsa.h"
+#include "rpc_client/util_lsarpc.h"
+
+static NTSTATUS ai_array_2_trust_domain_info_buffer(TALLOC_CTX *mem_ctx,
+				uint32_t count,
+				struct AuthenticationInformationArray *ai,
+				struct lsa_TrustDomainInfoBuffer **_b)
+{
+	NTSTATUS status;
+	struct lsa_TrustDomainInfoBuffer *b;
+	int i;
+
+	b = talloc_array(mem_ctx, struct lsa_TrustDomainInfoBuffer, count);
+	if (b == NULL) {
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	for(i = 0; i < count; i++) {
+		size_t size = 0;
+		b[i].last_update_time = ai->array[i].LastUpdateTime;
+		b[i].AuthType = ai->array[i].AuthType;
+		switch(ai->array[i].AuthType) {
+			case TRUST_AUTH_TYPE_NONE:
+				b[i].data.size = 0;
+				b[i].data.data = NULL;
+				break;
+			case TRUST_AUTH_TYPE_NT4OWF:
+				if (ai->array[i].AuthInfo.nt4owf.size != 16) {
+					status = NT_STATUS_INVALID_PARAMETER;
+					goto fail;
+				}
+				b[i].data.data = talloc_memdup(b,
+				    &ai->array[i].AuthInfo.nt4owf.password.hash,
+				    16);
+				if (b[i].data.data == NULL) {
+					status = NT_STATUS_NO_MEMORY;
+					goto fail;
+				}
+				break;
+			case TRUST_AUTH_TYPE_CLEAR:
+				if (!convert_string_talloc(b,
+							   CH_UTF16LE, CH_UNIX,
+							   ai->array[i].AuthInfo.clear.password,
+							   ai->array[i].AuthInfo.clear.size,
+							   &b[i].data.data,
+							   &size)) {
+					goto fail;
+				}
+				b[i].data.size = size;
+				break;
+			case TRUST_AUTH_TYPE_VERSION:
+				if (ai->array[i].AuthInfo.version.size != 4) {
+					status = NT_STATUS_INVALID_PARAMETER;
+					goto fail;
+				}
+				b[i].data.size = 4;
+				b[i].data.data = talloc_memdup(b,
+				     &ai->array[i].AuthInfo.version.version, 4);
+				if (b[i].data.data == NULL) {
+					status = NT_STATUS_NO_MEMORY;
+					goto fail;
+				}
+				break;
+			default:
+				status = NT_STATUS_INVALID_PARAMETER;
+				goto fail;
+		}
+	}
+
+	*_b = b;
+
+	return NT_STATUS_OK;
+
+fail:
+	talloc_free(b);
+	return status;
+}
+
+static NTSTATUS trustauth_inout_blob_2_auth_info(TALLOC_CTX *mem_ctx,
+				    DATA_BLOB *inout_blob,
+				    uint32_t *count,
+				    struct lsa_TrustDomainInfoBuffer **current,
+				    struct lsa_TrustDomainInfoBuffer **previous)
+{
+	NTSTATUS status;
+	struct trustAuthInOutBlob iopw;
+	enum ndr_err_code ndr_err;
+	TALLOC_CTX *tmp_ctx;
+
+	tmp_ctx = talloc_new(mem_ctx);
+	if (tmp_ctx == NULL) {
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	ndr_err = ndr_pull_struct_blob(inout_blob, tmp_ctx, &iopw,
+			      (ndr_pull_flags_fn_t)ndr_pull_trustAuthInOutBlob);
+	if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+		status = NT_STATUS_INVALID_PARAMETER;
+		goto done;
+	}
+
+	*count = iopw.count;
+
+	status = ai_array_2_trust_domain_info_buffer(mem_ctx, iopw.count,
+						      &iopw.current, current);
+	if (!NT_STATUS_IS_OK(status)) {
+		goto done;
+	}
+
+	if (iopw.previous.count > 0) {
+		status = ai_array_2_trust_domain_info_buffer(mem_ctx, iopw.count,
+							     &iopw.previous, previous);
+		if (!NT_STATUS_IS_OK(status)) {
+			goto done;
+		}
+	} else {
+		*previous = NULL;
+	}
+
+	status = NT_STATUS_OK;
+
+done:
+	talloc_free(tmp_ctx);
+	return status;
+}
+
+NTSTATUS auth_blob_2_auth_info(TALLOC_CTX *mem_ctx,
+			       DATA_BLOB incoming, DATA_BLOB outgoing,
+			       struct lsa_TrustDomainInfoAuthInfo *auth_info)
+{
+	NTSTATUS status;
+
+	if (incoming.length != 0) {
+		status = trustauth_inout_blob_2_auth_info(mem_ctx,
+					&incoming,
+					&auth_info->incoming_count,
+					&auth_info->incoming_current_auth_info,
+					&auth_info->incoming_previous_auth_info);
+		if (!NT_STATUS_IS_OK(status)) {
+			return status;
+		}
+	} else {
+		auth_info->incoming_count = 0;
+		auth_info->incoming_current_auth_info = NULL;
+		auth_info->incoming_previous_auth_info = NULL;
+	}
+
+	if (outgoing.length != 0) {
+		status = trustauth_inout_blob_2_auth_info(mem_ctx,
+					&outgoing,
+					&auth_info->outgoing_count,
+					&auth_info->outgoing_current_auth_info,
+					&auth_info->outgoing_previous_auth_info);
+		if (!NT_STATUS_IS_OK(status)) {
+			return status;
+		}
+	} else {
+		auth_info->outgoing_count = 0;
+		auth_info->outgoing_current_auth_info = NULL;
+		auth_info->outgoing_previous_auth_info = NULL;
+	}
+
+	return NT_STATUS_OK;
+}
+
+static NTSTATUS trust_domain_info_buffer_2_ai_array(TALLOC_CTX *mem_ctx,
+				uint32_t count,
+				struct lsa_TrustDomainInfoBuffer *b,
+				struct AuthenticationInformationArray *ai)
+{
+	NTSTATUS status;
+	int i;
+
+	ai->count = count;
+	ai->array = talloc_zero_array(mem_ctx, struct AuthenticationInformation,
+				      count);
+	if (ai->array == NULL) {
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	for(i = 0; i < count; i++) {
+		size_t size = 0;
+		ai->array[i].LastUpdateTime = b[i].last_update_time;
+		ai->array[i].AuthType = b[i].AuthType;
+		switch(ai->array[i].AuthType) {
+			case TRUST_AUTH_TYPE_NONE:
+				ai->array[i].AuthInfo.none.size = 0;
+				break;
+			case TRUST_AUTH_TYPE_NT4OWF:
+				if (b[i].data.size != 16) {
+					status = NT_STATUS_INVALID_PARAMETER;
+					goto fail;
+				}
+				memcpy(&ai->array[i].AuthInfo.nt4owf.password.hash,
+				       b[i].data.data, 16);
+				break;
+			case TRUST_AUTH_TYPE_CLEAR:
+				if (!convert_string_talloc(ai->array,
+							   CH_UNIX, CH_UTF16,
+							   b[i].data.data,
+							   b[i].data.size,
+							   &ai->array[i].AuthInfo.clear.password,
+							   &size)) {
+					goto fail;
+				}
+				ai->array[i].AuthInfo.clear.size = size;
+				break;
+			case TRUST_AUTH_TYPE_VERSION:
+				if (b[i].data.size != 4) {
+					status = NT_STATUS_INVALID_PARAMETER;
+					goto fail;
+				}
+				ai->array[i].AuthInfo.version.size = 4;
+				memcpy(&ai->array[i].AuthInfo.version.version,
+				       b[i].data.data, 4);
+				break;
+			default:
+				status = NT_STATUS_INVALID_PARAMETER;
+				goto fail;
+		}
+	}
+
+	return NT_STATUS_OK;
+
+fail:
+	talloc_free(ai->array);
+	return status;
+}
+
+static NTSTATUS auth_info_2_trustauth_inout_blob(TALLOC_CTX *mem_ctx,
+				     uint32_t count,
+				     struct lsa_TrustDomainInfoBuffer *current,
+				     struct lsa_TrustDomainInfoBuffer *previous,
+				     DATA_BLOB *inout_blob)
+{
+	NTSTATUS status;
+	struct trustAuthInOutBlob *iopw;
+	enum ndr_err_code ndr_err;
+
+	iopw = talloc_zero(mem_ctx, struct trustAuthInOutBlob);
+	if (iopw == NULL) {
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	iopw->count = count;
+	status = trust_domain_info_buffer_2_ai_array(iopw, count, current,
+						     &iopw->current);
+	if (!NT_STATUS_IS_OK(status)) {
+		goto done;
+	}
+
+	if (previous != NULL) {
+		status = trust_domain_info_buffer_2_ai_array(iopw, count,
+							     previous,
+							     &iopw->previous);
+		if (!NT_STATUS_IS_OK(status)) {
+			goto done;
+		}
+	} else {
+		iopw->previous.count = 0;
+		iopw->previous.array = NULL;
+	}
+
+	ndr_err = ndr_push_struct_blob(inout_blob, mem_ctx,
+			      iopw,
+			      (ndr_push_flags_fn_t)ndr_push_trustAuthInOutBlob);
+	if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+		return NT_STATUS_INVALID_PARAMETER;
+	}
+
+	status = NT_STATUS_OK;
+
+done:
+	talloc_free(iopw);
+	return status;
+}
+
+NTSTATUS auth_info_2_auth_blob(TALLOC_CTX *mem_ctx,
+			       struct lsa_TrustDomainInfoAuthInfo *auth_info,
+			       DATA_BLOB *incoming, DATA_BLOB *outgoing)
+{
+	NTSTATUS status;
+
+	if (auth_info->incoming_count == 0) {
+		incoming->length = 0;
+		incoming->data = NULL;
+	} else {
+		status = auth_info_2_trustauth_inout_blob(mem_ctx,
+					 auth_info->incoming_count,
+					 auth_info->incoming_current_auth_info,
+					 auth_info->incoming_previous_auth_info,
+					 incoming);
+		if (!NT_STATUS_IS_OK(status)) {
+			return status;
+		}
+	}
+
+	if (auth_info->outgoing_count == 0) {
+		outgoing->length = 0;
+		outgoing->data = NULL;
+	} else {
+		status = auth_info_2_trustauth_inout_blob(mem_ctx,
+					 auth_info->outgoing_count,
+					 auth_info->outgoing_current_auth_info,
+					 auth_info->outgoing_previous_auth_info,
+					 outgoing);
+		if (!NT_STATUS_IS_OK(status)) {
+			return status;
+		}
+	}
+
+	return NT_STATUS_OK;
+}
diff --git a/source3/rpc_client/util_lsarpc.h b/source3/rpc_client/util_lsarpc.h
new file mode 100644
index 00000000000..0aa5e25b7ac
--- /dev/null
+++ b/source3/rpc_client/util_lsarpc.h
@@ -0,0 +1,32 @@
+/*
+   Unix SMB/CIFS implementation.
+   Authentication utility functions
+   Copyright (C) Sumit Bose 2010
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#ifndef _RPC_CLIENT_UTIL_LSARPC_H_
+#define _RPC_CLIENT_UTIL_LSARPC_H_
+
+/* The following definitions come from rpc_client/util_lsarpc.c  */
+
+NTSTATUS auth_blob_2_auth_info(TALLOC_CTX *mem_ctx,
+			       DATA_BLOB incoming, DATA_BLOB outgoing,
+			       struct lsa_TrustDomainInfoAuthInfo *auth_info);
+NTSTATUS auth_info_2_auth_blob(TALLOC_CTX *mem_ctx,
+			       struct lsa_TrustDomainInfoAuthInfo *auth_info,
+			       DATA_BLOB *incoming, DATA_BLOB *outgoing);
+
+#endif /* _RPC_CLIENT_UTIL_LSARPC_H_ */
diff --git a/source3/rpc_server/lsa/srv_lsa_nt.c b/source3/rpc_server/lsa/srv_lsa_nt.c
index ec87bd61fb2..17f873bca92 100644
--- a/source3/rpc_server/lsa/srv_lsa_nt.c
+++ b/source3/rpc_server/lsa/srv_lsa_nt.c
@@ -48,6 +48,7 @@
 #include "rpc_server/srv_access_check.h"
 #include "../librpc/gen_ndr/ndr_wkssvc.h"
 #include "../libcli/auth/libcli_auth.h"
+#include "rpc_client/util_lsarpc.h"
 
 #undef DBGC_CLASS
 #define DBGC_CLASS DBGC_RPC_SRV
@@ -2023,21 +2024,6 @@ static NTSTATUS pdb_trusted_domain_2_info_ex(TALLOC_CTX *mem_ctx,
 	return NT_STATUS_OK;
 }
 
-static NTSTATUS pdb_trusted_domain_2_auth_info(struct pdb_trusted_domain *td,
-				  struct lsa_TrustDomainInfoAuthInfo *auth_info)
-{
-/* If I understand it correctly lsa_TrustDomainInfoAuthInfo is send unencrypted
- * and related calls should not be used. If there is a use case, it can be
- * implemented later. */
-	auth_info->incoming_count = 0;
-	auth_info->incoming_current_auth_info = NULL;
-	auth_info->incoming_previous_auth_info = NULL;
-	auth_info->outgoing_count = 0;
-	auth_info->outgoing_current_auth_info = NULL;
-	auth_info->outgoing_previous_auth_info = NULL;
-	return NT_STATUS_OK;
-}
-
 NTSTATUS _lsa_QueryTrustedDomainInfo(struct pipes_struct *p,
 				     struct lsa_QueryTrustedDomainInfo *r)
 {
@@ -2148,7 +2134,9 @@ NTSTATUS _lsa_QueryTrustedDomainInfo(struct pipes_struct *p,
 			return status;
 		}
 		info->full_info.posix_offset.posix_offset = *td->trust_posix_offset;
-		status = pdb_trusted_domain_2_auth_info(td,
+		status = auth_blob_2_auth_info(p->mem_ctx,
+						    td->trust_auth_incoming,
+						    td->trust_auth_outgoing,
 						    &info->full_info.auth_info);
 		if (!NT_STATUS_IS_OK(status)) {
 			return status;
@@ -2162,7 +2150,9 @@ NTSTATUS _lsa_QueryTrustedDomainInfo(struct pipes_struct *p,
 		return NT_STATUS_INVALID_PARAMETER;
 	case LSA_TRUSTED_DOMAIN_INFO_FULL_INFO_2_INTERNAL:
 		info->full_info2_internal.posix_offset.posix_offset = *td->trust_posix_offset;
-		status = pdb_trusted_domain_2_auth_info(td,
+		status = auth_blob_2_auth_info(p->mem_ctx,
+					  td->trust_auth_incoming,
+					  td->trust_auth_outgoing,
 					  &info->full_info2_internal.auth_info);
 		if (!NT_STATUS_IS_OK(status)) {
 			return status;
@@ -3571,20 +3561,6 @@ static NTSTATUS info_ex_2_pdb_trusted_domain(
 	return NT_STATUS_OK;
 }
 
-static NTSTATUS auth_info_2_pdb_trusted_domain(struct lsa_TrustDomainInfoAuthInfo *auth_info,
-					   struct pdb_trusted_domain *td)
-{
-/* If I understand it correctly lsa_TrustDomainInfoAuthInfo is send unencrypted
- * and related calls should not be used. If there is a use case, it can be
- * implemented later. */
-	td->trust_auth_incoming.length = 0;
-	td->trust_auth_incoming.data = NULL;
-	td->trust_auth_outgoing.length = 0;
-	td->trust_auth_outgoing.data = NULL;
-
-	return NT_STATUS_OK;
-}
-
 static NTSTATUS get_trustdom_auth_blob(struct pipes_struct *p,
 				       TALLOC_CTX *mem_ctx, DATA_BLOB *auth_blob,
 				       struct trustDomainPasswords *auth_struct)
@@ -3658,7 +3634,9 @@ static NTSTATUS setInfoTrustedDomain_base(struct pipes_struct *p,
 		if (!(policy->access & LSA_TRUSTED_SET_AUTH)) {
 			return NT_STATUS_ACCESS_DENIED;
 		}
-		nt_status = auth_info_2_pdb_trusted_domain(&info->auth_info, td);
+		nt_status = auth_info_2_auth_blob(td, &info->auth_info,
+						  &td->trust_auth_incoming,
+						  &td->trust_auth_outgoing);
 		if (!NT_STATUS_IS_OK(nt_status)) {
 			return nt_status;
 		}
@@ -3673,7 +3651,10 @@ static NTSTATUS setInfoTrustedDomain_base(struct pipes_struct *p,
 		if (!NT_STATUS_IS_OK(nt_status)) {
 			return nt_status;
 		}
-		nt_status = auth_info_2_pdb_trusted_domain(&info->full_info.auth_info, td);
+		nt_status = auth_info_2_auth_blob(td,
+						  &info->full_info.auth_info,
+						  &td->trust_auth_incoming,
+						  &td->trust_auth_outgoing);
 		if (!NT_STATUS_IS_OK(nt_status)) {
 			return nt_status;
 		}
diff --git a/source3/torture/proto.h b/source3/torture/proto.h
index 6b49fba1bdb..b119e243c3a 100644
--- a/source3/torture/proto.h
+++ b/source3/torture/proto.h
@@ -93,5 +93,6 @@ bool run_addrchange(int dummy);
 bool run_notify_online(int dummy);
 bool run_nttrans_create(int dummy);
 bool run_smb2_basic(int dummy);
+bool run_local_conv_auth_info(int dummy);
 
 #endif /* __TORTURE_H__ */
diff --git a/source3/torture/test_authinfo_structs.c b/source3/torture/test_authinfo_structs.c
new file mode 100644
index 00000000000..eea253dddce
--- /dev/null
+++ b/source3/torture/test_authinfo_structs.c
@@ -0,0 +1,218 @@
+/*
+   Unix SMB/CIFS implementation.
+   Test conversion form struct lsa_TrustDomainInfoAuthInfo to
+   struct trustAuthInOutBlob and back
+   Copyright (C) Sumit Bose 2011
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "torture/proto.h"
+#include "librpc/gen_ndr/lsa.h"
+#include "rpc_client/util_lsarpc.h"
+
+static bool cmp_TrustDomainInfoBuffer(struct lsa_TrustDomainInfoBuffer a,
+				      struct lsa_TrustDomainInfoBuffer b)
+{
+	if (a.last_update_time != b. last_update_time ||
+	    a.AuthType != b.AuthType ||
+	    a.data.size != b.data.size ||
+	    memcmp(a.data.data, b.data.data, a.data.size) !=0) {
+		return false;
+	}
+
+	return true;
+}
+
+static bool cmp_auth_info(struct lsa_TrustDomainInfoAuthInfo *a,
+			  struct lsa_TrustDomainInfoAuthInfo *b)
+{
+	size_t c;
+
+	if (a->incoming_count != b->incoming_count ||
+	    a->outgoing_count != b->outgoing_count) {
+		return false;
+	}
+
+	for (c = 0; c < a->incoming_count; c++) {
+		if (!cmp_TrustDomainInfoBuffer(a->incoming_current_auth_info[c],
+					       b->incoming_current_auth_info[c])) {
+			return false;
+		}
+
+		if (a->incoming_previous_auth_info != NULL &&
+		    b->incoming_previous_auth_info != NULL) {
+			if (!cmp_TrustDomainInfoBuffer(a->incoming_previous_auth_info[c],
+						       b->incoming_previous_auth_info[c])) {
+				return false;
+			}
+		} else if (a->incoming_previous_auth_info == NULL &&
+			   b->incoming_previous_auth_info == NULL) {
+			continue;
+		} else {
+			return false;
+		}
+	}
+
+	for (c = 0; c < a->outgoing_count; c++) {
+		if (!cmp_TrustDomainInfoBuffer(a->outgoing_current_auth_info[c],
+					       b->outgoing_current_auth_info[c])) {
+			return false;
+		}
+
+		if (a->outgoing_previous_auth_info != NULL &&
+		    b->outgoing_previous_auth_info != NULL) {
+			if (!cmp_TrustDomainInfoBuffer(a->outgoing_previous_auth_info[c],
+						       b->outgoing_previous_auth_info[c])) {
+				return false;
+			}
+		} else if (a->outgoing_previous_auth_info == NULL &&
+			   b->outgoing_previous_auth_info == NULL) {
+			continue;
+		} else {
+			return false;
+		}
+	}
+
+	return true;
+}
+
+static bool covert_and_compare(struct lsa_TrustDomainInfoAuthInfo *auth_info)
+{
+	NTSTATUS status;
+	TALLOC_CTX *tmp_ctx;
+	DATA_BLOB incoming;
+	DATA_BLOB outgoing;
+	struct lsa_TrustDomainInfoAuthInfo auth_info_out;
+	bool result = false;
+
+	tmp_ctx = talloc_new(NULL);
+	if (tmp_ctx == NULL) {
+		return false;
+	}
+
+	status = auth_info_2_auth_blob(tmp_ctx, auth_info, &incoming, &outgoing);
+	if (!NT_STATUS_IS_OK(status)) {
+		talloc_free(tmp_ctx);
+		return false;
+	}
+
+	status = auth_blob_2_auth_info(tmp_ctx, incoming, outgoing,
+				       &auth_info_out);
+	if (!NT_STATUS_IS_OK(status)) {
+		talloc_free(tmp_ctx);
+		return false;
+	}
+
+	result = cmp_auth_info(auth_info, &auth_info_out);
+	talloc_free(tmp_ctx);
+
+	return result;
+}
+
+bool run_local_conv_auth_info(int dummy)
+{
+	struct lsa_TrustDomainInfoAuthInfo auth_info;
+	struct lsa_TrustDomainInfoBuffer ic[1];
+	struct lsa_TrustDomainInfoBuffer ip[1];
+	struct lsa_TrustDomainInfoBuffer oc[2];
+	struct lsa_TrustDomainInfoBuffer op[2];
+	uint32_t version = 3;
+
+	ic[0].last_update_time = 12345;
+	ic[0].AuthType = TRUST_AUTH_TYPE_CLEAR;
+	ic[0].data.size = strlen("iPaSsWoRd");
+	ic[0].data.data = discard_const_p(uint8_t, "iPaSsWoRd");
+
+	ip[0].last_update_time = 67890;
+	ip[0].AuthType = TRUST_AUTH_TYPE_CLEAR;
+	ip[0].data.size = strlen("OlDiPaSsWoRd");
+	ip[0].data.data = discard_const_p(uint8_t, "OlDiPaSsWoRd");
+
+	oc[0].last_update_time = 24580;
+	oc[0].AuthType = TRUST_AUTH_TYPE_CLEAR;
+	oc[0].data.size = strlen("oPaSsWoRd");
+	oc[0].data.data = discard_const_p(uint8_t, "oPaSsWoRd");
+	oc[1].last_update_time = 24580;
+	oc[1].AuthType = TRUST_AUTH_TYPE_VERSION;
+	oc[1].data.size = 4;
+	oc[1].data.data = (uint8_t *) &version;
+
+	op[0].last_update_time = 13579;
+	op[0].AuthType = TRUST_AUTH_TYPE_CLEAR;
+	op[0].data.size = strlen("OlDoPaSsWoRd");
+	op[0].data.data = discard_const_p(uint8_t, "OlDoPaSsWoRd");
+	op[1].last_update_time = 24580;
+	op[1].AuthType = TRUST_AUTH_TYPE_VERSION;
+	op[1].data.size = 4;
+	op[1].data.data = (uint8_t *) &version;
+
+	auth_info.incoming_count = 0;
+	auth_info.incoming_current_auth_info = NULL;
+	auth_info.incoming_previous_auth_info = NULL;
+	auth_info.outgoing_count = 0;
+	auth_info.outgoing_current_auth_info = NULL;
+	auth_info.outgoing_previous_auth_info = NULL;
+
+	if (!covert_and_compare(&auth_info)) {
+		return false;
+	}
+
+	auth_info.incoming_count = 1;
+	auth_info.incoming_current_auth_info = ic;
+	auth_info.incoming_previous_auth_info = NULL;
+	auth_info.outgoing_count = 0;
+	auth_info.outgoing_current_auth_info = NULL;
+	auth_info.outgoing_previous_auth_info = NULL;
+
+	if (!covert_and_compare(&auth_info)) {
+		return false;
+	}
+
+	auth_info.incoming_count = 0;
+	auth_info.incoming_current_auth_info = NULL;
+	auth_info.incoming_previous_auth_info = NULL;
+	auth_info.outgoing_count = 2;
+	auth_info.outgoing_current_auth_info = oc;
+	auth_info.outgoing_previous_auth_info = NULL;
+
+	if (!covert_and_compare(&auth_info)) {
+		return false;
+	}
+
+	auth_info.incoming_count = 1;
+	auth_info.incoming_current_auth_info = ic;
+	auth_info.incoming_previous_auth_info = NULL;
+	auth_info.outgoing_count = 2;
+	auth_info.outgoing_current_auth_info = oc;
+	auth_info.outgoing_previous_auth_info = NULL;
+
+	if (!covert_and_compare(&auth_info)) {
+		return false;
+	}
+
+	auth_info.incoming_count = 1;
+	auth_info.incoming_current_auth_info = ic;
+	auth_info.incoming_previous_auth_info = ip;
+	auth_info.outgoing_count = 2;
+	auth_info.outgoing_current_auth_info = oc;
+	auth_info.outgoing_previous_auth_info = op;
+
+	if (!covert_and_compare(&auth_info)) {
+		return false;
+	}
+
+	return true;
+}
diff --git a/source3/torture/torture.c b/source3/torture/torture.c
index 886c58eafa0..0cba5c71728 100644
--- a/source3/torture/torture.c
+++ b/source3/torture/torture.c
@@ -8869,6 +8869,7 @@ static struct {
 	{ "LOCAL-DBTRANS", run_local_dbtrans, 0},
 	{ "LOCAL-TEVENT-SELECT", run_local_tevent_select, 0},
 	{ "LOCAL-CONVERT-STRING", run_local_convert_string, 0},
+	{ "LOCAL-CONV-AUTH-INFO", run_local_conv_auth_info, 0},
 	{NULL, NULL, 0}};
 
 
diff --git a/source3/wscript_build b/source3/wscript_build
index 9f3eb0502ac..bca1cdf8a3b 100755
--- a/source3/wscript_build
+++ b/source3/wscript_build
@@ -42,7 +42,7 @@ DRSUAPI_SRC = '''${COMPRESSION_SRC}'''
 LIBCLI_SPOOLSS_SRC = '''rpc_client/cli_spoolss.c
                      rpc_client/init_spoolss.c'''
 
-LIBCLI_LSA_SRC = '''rpc_client/cli_lsarpc.c'''
+LIBCLI_LSA_SRC = '''rpc_client/cli_lsarpc.c rpc_client/util_lsarpc.c'''
 
 LIBCLI_SAMR_SRC = 'rpc_client/cli_samr.c'
 
@@ -576,6 +576,7 @@ SMBTORTURE_SRC1 = '''torture/torture.c torture/nbio.c torture/scanner.c torture/
 		torture/test_case_insensitive.c
 		torture/test_notify_online.c
 		torture/test_smb2.c
+		torture/test_authinfo_structs.c
                 torture/test_smbsock_any_connect.c'''
 
 SMBTORTURE_SRC = '''${SMBTORTURE_SRC1}
@@ -1262,7 +1263,7 @@ bld.SAMBA3_BINARY('nmblookup' + bld.env.suffix3,
 bld.SAMBA3_BINARY('smbtorture' + bld.env.suffix3,
                  source=SMBTORTURE_SRC,
                  deps='''talloc tdb_compat tevent cap wbclient param libsmb KRBCLIENT TLDAP
-                 smbd_shim popt_samba3 asn1util LIBTSOCKET NDR_LSA msrpc3 LIBMSRPC_GEN RPC_NDR_ECHO WB_REQTRANS''',
+                 smbd_shim popt_samba3 asn1util LIBTSOCKET NDR_LSA msrpc3 LIBMSRPC_GEN RPC_NDR_ECHO WB_REQTRANS libcli_lsa3''',
                  vars=locals())
 
 bld.SAMBA3_BINARY('smbconftort',