The branch, master has been updated via 3587bb6... s4-smbtorture: skip bigendian tests against s3 in RPC-LSA-SECRETS. via 2f3a408... s3-rpcclient: add deletetrustdom command. via fbdda19... s3-rpcclient: add createtrustdom command. via a988321... s3-lsa: expand struct lsa_info to carry name and sd. via 820b2f4... s3-lsa: use switch in _lsa_QuerySecurity(). via 5e8c86c... s4-smbtorture: fix warning in RPC-WKSSVC torture test. from 3d2c9ea... s4:kdc/hdb-samba4 - Remove unused variable
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log ----------------------------------------------------------------- commit 3587bb63e21c3f033a17bb493dceb64b05fe85d6 Author: Günther Deschner <g...@samba.org> Date: Thu Oct 29 14:50:56 2009 +0100 s4-smbtorture: skip bigendian tests against s3 in RPC-LSA-SECRETS. Guenther commit 2f3a40844dbac11345a9aabf4a3edd71bab3fec6 Author: Günther Deschner <g...@samba.org> Date: Wed Oct 28 15:37:11 2009 +0100 s3-rpcclient: add deletetrustdom command. Guenther commit fbdda195498a9868b9a11a4e0621fadab1ce0963 Author: Günther Deschner <g...@samba.org> Date: Wed Oct 28 14:13:32 2009 +0100 s3-rpcclient: add createtrustdom command. Guenther commit a98832189a429d7d36eb0decbe66d228061c8cd1 Author: Günther Deschner <g...@samba.org> Date: Thu Oct 29 23:50:20 2009 +0100 s3-lsa: expand struct lsa_info to carry name and sd. Guenther commit 820b2f4cfaf0d5a954ed3bbf3e6b74ccdbfebe70 Author: Günther Deschner <g...@samba.org> Date: Thu Oct 29 12:36:30 2009 +0100 s3-lsa: use switch in _lsa_QuerySecurity(). Guenther commit 5e8c86c558360ea3c507dae5b3088aa1c2c97bb4 Author: Günther Deschner <g...@samba.org> Date: Fri Oct 30 12:13:21 2009 +0100 s4-smbtorture: fix warning in RPC-WKSSVC torture test. Guenther ----------------------------------------------------------------------- Summary of changes: source3/rpc_server/srv_lsa_nt.c | 12 +++- source3/rpcclient/cmd_lsarpc.c | 134 +++++++++++++++++++++++++++++++++++++ source4/torture/rpc/session_key.c | 6 ++ source4/torture/rpc/wkssvc.c | 8 ++- 4 files changed, 154 insertions(+), 6 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/rpc_server/srv_lsa_nt.c b/source3/rpc_server/srv_lsa_nt.c index d90dfee..931026e 100644 --- a/source3/rpc_server/srv_lsa_nt.c +++ b/source3/rpc_server/srv_lsa_nt.c @@ -41,8 +41,10 @@ enum lsa_handle_type { LSA_HANDLE_POLICY_TYPE = 1, LSA_HANDLE_ACCOUNT_TYPE }; struct lsa_info { DOM_SID sid; + const char *name; uint32 access; enum lsa_handle_type type; + struct security_descriptor *sd; }; const struct generic_mapping lsa_account_mapping = { @@ -2089,15 +2091,19 @@ NTSTATUS _lsa_QuerySecurity(pipes_struct *p, if (!find_policy_by_hnd(p, r->in.handle, (void **)(void *)&handle)) return NT_STATUS_INVALID_HANDLE; - if (handle->type == LSA_HANDLE_POLICY_TYPE) { + switch (handle->type) { + case LSA_HANDLE_POLICY_TYPE: status = make_lsa_object_sd(p->mem_ctx, &psd, &sd_size, &lsa_policy_mapping, NULL, 0); - } else if (handle->type == LSA_HANDLE_ACCOUNT_TYPE) { + break; + case LSA_HANDLE_ACCOUNT_TYPE: status = make_lsa_object_sd(p->mem_ctx, &psd, &sd_size, &lsa_account_mapping, &handle->sid, LSA_ACCOUNT_ALL_ACCESS); - } else { + break; + default: status = NT_STATUS_INVALID_HANDLE; + break; } if (!NT_STATUS_IS_OK(status)) { diff --git a/source3/rpcclient/cmd_lsarpc.c b/source3/rpcclient/cmd_lsarpc.c index 752881c..45868bf 100644 --- a/source3/rpcclient/cmd_lsarpc.c +++ b/source3/rpcclient/cmd_lsarpc.c @@ -1836,6 +1836,138 @@ static NTSTATUS cmd_lsa_store_private_data(struct rpc_pipe_client *cli, return status; } +static NTSTATUS cmd_lsa_create_trusted_domain(struct rpc_pipe_client *cli, + TALLOC_CTX *mem_ctx, int argc, + const char **argv) +{ + NTSTATUS status; + struct policy_handle handle, trustdom_handle; + struct lsa_DomainInfo info; + + if (argc < 3) { + printf("Usage: %s name sid\n", argv[0]); + return NT_STATUS_OK; + } + + status = rpccli_lsa_open_policy2(cli, mem_ctx, + true, + SEC_FLAG_MAXIMUM_ALLOWED, + &handle); + if (!NT_STATUS_IS_OK(status)) { + return status; + } + + init_lsa_StringLarge(&info.name, argv[1]); + info.sid = string_sid_talloc(mem_ctx, argv[2]); + + status = rpccli_lsa_CreateTrustedDomain(cli, mem_ctx, + &handle, + &info, + SEC_FLAG_MAXIMUM_ALLOWED, + &trustdom_handle); + if (!NT_STATUS_IS_OK(status)) { + goto done; + } + + done: + if (is_valid_policy_hnd(&trustdom_handle)) { + rpccli_lsa_Close(cli, mem_ctx, &trustdom_handle); + } + + if (is_valid_policy_hnd(&handle)) { + rpccli_lsa_Close(cli, mem_ctx, &handle); + } + + return status; +} + +static NTSTATUS cmd_lsa_delete_trusted_domain(struct rpc_pipe_client *cli, + TALLOC_CTX *mem_ctx, int argc, + const char **argv) +{ + NTSTATUS status; + struct policy_handle handle, trustdom_handle; + struct lsa_String name; + struct dom_sid *sid = NULL; + + if (argc < 2) { + printf("Usage: %s name\n", argv[0]); + return NT_STATUS_OK; + } + + status = rpccli_lsa_open_policy2(cli, mem_ctx, + true, + SEC_FLAG_MAXIMUM_ALLOWED, + &handle); + if (!NT_STATUS_IS_OK(status)) { + return status; + } + + init_lsa_String(&name, argv[1]); + + status = rpccli_lsa_OpenTrustedDomainByName(cli, mem_ctx, + &handle, + name, + SEC_FLAG_MAXIMUM_ALLOWED, + &trustdom_handle); + if (NT_STATUS_IS_OK(status)) { + goto delete_object; + } + + { + uint32_t resume_handle = 0; + struct lsa_DomainList domains; + int i; + + status = rpccli_lsa_EnumTrustDom(cli, mem_ctx, + &handle, + &resume_handle, + &domains, + 0xffff); + if (!NT_STATUS_IS_OK(status)) { + goto done; + } + + for (i=0; i < domains.count; i++) { + if (strequal(domains.domains[i].name.string, argv[1])) { + sid = domains.domains[i].sid; + break; + } + } + + if (!sid) { + return NT_STATUS_INVALID_SID; + } + } + + status = rpccli_lsa_OpenTrustedDomain(cli, mem_ctx, + &handle, + sid, + SEC_FLAG_MAXIMUM_ALLOWED, + &trustdom_handle); + if (!NT_STATUS_IS_OK(status)) { + goto done; + } + + delete_object: + status = rpccli_lsa_DeleteObject(cli, mem_ctx, + &trustdom_handle); + if (!NT_STATUS_IS_OK(status)) { + goto done; + } + + done: + if (is_valid_policy_hnd(&trustdom_handle)) { + rpccli_lsa_Close(cli, mem_ctx, &trustdom_handle); + } + + if (is_valid_policy_hnd(&handle)) { + rpccli_lsa_Close(cli, mem_ctx, &handle); + } + + return status; +} + /* List of commands exported by this module */ @@ -1872,6 +2004,8 @@ struct cmd_set lsarpc_commands[] = { { "setsecret", RPC_RTYPE_NTSTATUS, cmd_lsa_set_secret, NULL, &ndr_table_lsarpc.syntax_id, NULL, "Set Secret", "" }, { "retrieveprivatedata", RPC_RTYPE_NTSTATUS, cmd_lsa_retrieve_private_data, NULL, &ndr_table_lsarpc.syntax_id, NULL, "Retrieve Private Data", "" }, { "storeprivatedata", RPC_RTYPE_NTSTATUS, cmd_lsa_store_private_data, NULL, &ndr_table_lsarpc.syntax_id, NULL, "Store Private Data", "" }, + { "createtrustdom", RPC_RTYPE_NTSTATUS, cmd_lsa_create_trusted_domain, NULL, &ndr_table_lsarpc.syntax_id, NULL, "Create Trusted Domain", "" }, + { "deletetrustdom", RPC_RTYPE_NTSTATUS, cmd_lsa_delete_trusted_domain, NULL, &ndr_table_lsarpc.syntax_id, NULL, "Delete Trusted Domain", "" }, { NULL } }; diff --git a/source4/torture/rpc/session_key.c b/source4/torture/rpc/session_key.c index efedf7e..d0a2009 100644 --- a/source4/torture/rpc/session_key.c +++ b/source4/torture/rpc/session_key.c @@ -158,6 +158,12 @@ static bool test_secrets(struct torture_context *torture, const void *_data) binding->flags |= settings->bindoptions; + if (binding->flags & DCERPC_PUSH_BIGENDIAN) { + if (torture_setting_bool(torture, "samba3", false)) { + torture_skip(torture, "skipping bigendian test against samba3\n"); + } + } + status = dcerpc_pipe_connect_b(torture, &p, binding, &ndr_table_lsarpc, cmdline_credentials, diff --git a/source4/torture/rpc/wkssvc.c b/source4/torture/rpc/wkssvc.c index d5ef0a4..736e1e6 100644 --- a/source4/torture/rpc/wkssvc.c +++ b/source4/torture/rpc/wkssvc.c @@ -964,14 +964,16 @@ static bool test_NetrMessageBufferSend(struct torture_context *tctx, struct wkssvc_NetrMessageBufferSend r; const char *message = SMBTORTURE_MESSAGE; size_t size; - uint8_t *msg; + uint16_t *msg; - push_ucs2_talloc(tctx, (void **)&msg, message, &size); + if (!push_ucs2_talloc(tctx, &msg, message, &size)) { + return false; + } r.in.server_name = dcerpc_server_name(p); r.in.message_name = dcerpc_server_name(p); r.in.message_sender_name = dcerpc_server_name(p); - r.in.message_buffer = msg; + r.in.message_buffer = (uint8_t *)msg; r.in.message_size = size; torture_comment(tctx, "testing NetrMessageBufferSend\n"); -- Samba Shared Repository