The branch, master has been updated via 2d5facc9547 s4-torture: add netr_LogonGetDomainInfo NDR(64) tests via 634ab14f0d2 s4-torture: reformat test table in ndr test via fda5b839c70 torture: add torture_suite_add_ndr_pull_io_test_flags() via 742d8ba9c4b s3-rpcclient: add logongetdomaininfo command via 6e47f9ab377 libcli/auth: add netlogon_creds_cli_LogonGetDomainInfo() via 8f0751b8b7c netlogon.idl: fix the marshalling of netr_trust_extension_container for NDR64 via 0fea2707fb0 netlogon.idl: fix the marshalling of netr_OsVersion for NDR64 via c87cf54684b security.idl: add SE_GROUP_INTEGRITY[_ENABLED] to security_GroupAttrs via 09de6f06182 librpc/idl: change from samr_GroupAttrs in samr.idl to security_GroupAttrs in security.idl via 73b93e1a705 security.idl: add GUID_DRS_ALLOWED_TO_AUTHENTICATE via a7e49897c4a misc: fix AD trust attributes in adssearch via 7ba90c17343 lsa: document new LSA trust attributes via d78c87e665e s3-winbindd: fix forest trusts with additional trust attributes. from 82512034563 s3-libads: adapt to coding standards, no code changes
https://git.samba.org/?p=samba.git;a=shortlog;h=master - Log ----------------------------------------------------------------- commit 2d5facc95478801580eb52d4d4441660c5fa2697 Author: Günther Deschner <g...@samba.org> Date: Wed Sep 18 19:41:50 2019 +0200 s4-torture: add netr_LogonGetDomainInfo NDR(64) tests Guenther Signed-off-by: Guenther Deschner <g...@samba.org> Reviewed-by: Stefan Metzmacher <me...@samba.org> Autobuild-User(master): Günther Deschner <g...@samba.org> Autobuild-Date(master): Fri Sep 20 02:32:44 UTC 2019 on sn-devel-184 commit 634ab14f0d246fab28cf14ad9664cecf3ca5335a Author: Günther Deschner <g...@samba.org> Date: Thu Sep 19 01:55:09 2019 +0200 s4-torture: reformat test table in ndr test Guenther Signed-off-by: Guenther Deschner <g...@samba.org> Reviewed-by: Stefan Metzmacher <me...@samba.org> commit fda5b839c705725301fc17562d08a927751b890b Author: Günther Deschner <g...@samba.org> Date: Wed Sep 18 19:48:40 2019 +0200 torture: add torture_suite_add_ndr_pull_io_test_flags() Guenther Signed-off-by: Guenther Deschner <g...@samba.org> Reviewed-by: Stefan Metzmacher <me...@samba.org> commit 742d8ba9c4b9e6e70898f08a50f9929662bbafb6 Author: Günther Deschner <g...@samba.org> Date: Wed Sep 18 04:11:33 2019 +0200 s3-rpcclient: add logongetdomaininfo command Guenther Signed-off-by: Guenther Deschner <g...@samba.org> Reviewed-by: Stefan Metzmacher <me...@samba.org> commit 6e47f9ab37744d628cc6b723f4838e81202f2df6 Author: Stefan Metzmacher <me...@samba.org> Date: Mon Jul 20 14:00:05 2015 +0200 libcli/auth: add netlogon_creds_cli_LogonGetDomainInfo() Signed-off-by: Stefan Metzmacher <me...@samba.org> Reviewed-by: Guenther Deschner <g...@samba.org> commit 8f0751b8b7cd45fc7186b467d814eb5231821e34 Author: Stefan Metzmacher <me...@samba.org> Date: Thu Aug 15 13:22:43 2019 +0200 netlogon.idl: fix the marshalling of netr_trust_extension_container for NDR64 Signed-off-by: Stefan Metzmacher <me...@samba.org> Reviewed-by: Guenther Deschner <g...@samba.org> commit 0fea2707fb05897eec3c26bd4814669832142382 Author: Stefan Metzmacher <me...@samba.org> Date: Thu Aug 15 13:22:43 2019 +0200 netlogon.idl: fix the marshalling of netr_OsVersion for NDR64 Signed-off-by: Stefan Metzmacher <me...@samba.org> Reviewed-by: Guenther Deschner <g...@samba.org> commit c87cf54684be606aa8f9b420f5c4f710de2a363a Author: Stefan Metzmacher <me...@samba.org> Date: Tue Mar 20 12:40:25 2018 +0100 security.idl: add SE_GROUP_INTEGRITY[_ENABLED] to security_GroupAttrs Signed-off-by: Stefan Metzmacher <me...@samba.org> Reviewed-by: Guenther Deschner <g...@samba.org> commit 09de6f06182ede5bee3cb0c5408ce4082c62ccc2 Author: Stefan Metzmacher <me...@samba.org> Date: Tue Mar 20 12:39:02 2018 +0100 librpc/idl: change from samr_GroupAttrs in samr.idl to security_GroupAttrs in security.idl Signed-off-by: Stefan Metzmacher <me...@samba.org> Reviewed-by: Guenther Deschner <g...@samba.org> commit 73b93e1a70508346e813e311179e2ed538adfe6b Author: Stefan Metzmacher <me...@samba.org> Date: Thu Feb 1 23:44:33 2018 +0100 security.idl: add GUID_DRS_ALLOWED_TO_AUTHENTICATE Signed-off-by: Stefan Metzmacher <me...@samba.org> Reviewed-by: Guenther Deschner <g...@samba.org> commit a7e49897c4ad84a5d7710ac78a09802fe66f9d16 Author: Günther Deschner <g...@samba.org> Date: Thu Sep 12 23:27:13 2019 +0200 misc: fix AD trust attributes in adssearch Guenther Signed-off-by: Guenther Deschner <g...@samba.org> Reviewed-by: Stefan Metzmacher <me...@samba.org> commit 7ba90c17343cc9921e1d44a5055d39602dbb6ba1 Author: Günther Deschner <g...@samba.org> Date: Thu Sep 12 16:36:20 2019 +0200 lsa: document new LSA trust attributes Guenther Signed-off-by: Guenther Deschner <g...@samba.org> Reviewed-by: Stefan Metzmacher <me...@samba.org> commit d78c87e665e23e6470a19a69383ede7137172c26 Author: Günther Deschner <g...@samba.org> Date: Thu Sep 12 16:39:10 2019 +0200 s3-winbindd: fix forest trusts with additional trust attributes. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14130 Guenther Signed-off-by: Guenther Deschner <g...@samba.org> Reviewed-by: Stefan Metzmacher <me...@samba.org> Reviewed-by: Andreas Schneider <a...@samba.org> ----------------------------------------------------------------------- Summary of changes: examples/misc/adssearch.pl | 17 +- libcli/auth/netlogon_creds_cli.c | 281 +++++++++++- libcli/auth/netlogon_creds_cli.h | 17 + librpc/idl/drsuapi.idl | 4 +- librpc/idl/lsa.idl | 19 +- librpc/idl/netlogon.idl | 35 +- librpc/idl/samr.idl | 22 +- librpc/idl/security.idl | 15 +- source3/rpcclient/cmd_netlogon.c | 52 ++- source3/winbindd/winbindd_ads.c | 2 +- source3/winbindd/winbindd_util.c | 2 +- source4/dsdb/tests/python/token_group.py | 2 +- source4/rpc_server/netlogon/dcerpc_netlogon.c | 22 +- source4/torture/ndr/ndr.c | 4 + source4/torture/ndr/ndr.h | 10 + source4/torture/ndr/netlogon.c | 625 +++++++++++++++++++++++++- source4/torture/rpc/netlogon.c | 8 +- 17 files changed, 1066 insertions(+), 71 deletions(-) Changeset truncated at 500 lines: diff --git a/examples/misc/adssearch.pl b/examples/misc/adssearch.pl index 7c3570abd6e..fc24811b626 100755 --- a/examples/misc/adssearch.pl +++ b/examples/misc/adssearch.pl @@ -285,10 +285,17 @@ my %ads_sdeffective = ( ); my %ads_trustattrs = ( - "TRUST_ATTRIBUTE_NON_TRANSITIVE" => 1, - "TRUST_ATTRIBUTE_TREE_PARENT" => 2, - "TRUST_ATTRIBUTE_TREE_ROOT" => 3, - "TRUST_ATTRIBUTE_UPLEVEL_ONLY" => 4, + "TRUST_ATTRIBUTE_NON_TRANSITIVE" => 0x00000001, + "TRUST_ATTRIBUTE_UPLEVEL_ONLY" => 0x00000002, + "TRUST_ATTRIBUTE_QUARANTINED_DOMAIN" => 0x00000004, + "TRUST_ATTRIBUTE_FOREST_TRANSITIVE" => 0x00000008, + "TRUST_ATTRIBUTE_CROSS_ORGANIZATION" => 0x00000010, + "TRUST_ATTRIBUTE_WITHIN_FOREST" => 0x00000020, + "TRUST_ATTRIBUTE_TREAT_AS_EXTERNAL" => 0x00000040, + "TRUST_ATTRIBUTE_USES_RC4_ENCRYPTION" => 0x00000080, + "TRUST_ATTRIBUTE_CROSS_ORGANIZATION_NO_TGT_DELEGATION" => 0x00000200, + "TRUST_ATTRIBUTE_PIM_TRUST" => 0x00000400, + "TRUST_ATTRIBUTE_CROSS_ORGANIZATION_ENABLE_TGT_DELEGATION" => 0x00000800, ); my %ads_trustdirection = ( @@ -1283,7 +1290,7 @@ sub dump_sdeffective { } sub dump_trustattr { - return dump_bitmask_equal(@_,%ads_trustattrs); + return dump_bitmask_and(@_,%ads_trustattrs); } sub dump_trusttype { diff --git a/libcli/auth/netlogon_creds_cli.c b/libcli/auth/netlogon_creds_cli.c index c5a100c3c0e..3cc18e7fa60 100644 --- a/libcli/auth/netlogon_creds_cli.c +++ b/libcli/auth/netlogon_creds_cli.c @@ -3528,7 +3528,6 @@ NTSTATUS netlogon_creds_cli_GetForestTrustInformation( TALLOC_FREE(frame); return status; } - struct netlogon_creds_cli_SendToSam_state { struct tevent_context *ev; struct netlogon_creds_cli_context *context; @@ -3793,3 +3792,283 @@ NTSTATUS netlogon_creds_cli_SendToSam(struct netlogon_creds_cli_context *context TALLOC_FREE(frame); return status; } + +struct netlogon_creds_cli_LogonGetDomainInfo_state { + struct tevent_context *ev; + struct netlogon_creds_cli_context *context; + struct dcerpc_binding_handle *binding_handle; + + char *srv_name_slash; + enum dcerpc_AuthType auth_type; + enum dcerpc_AuthLevel auth_level; + + uint32_t level; + union netr_WorkstationInfo *query; + union netr_DomainInfo *info; + + struct netlogon_creds_CredentialState *creds; + struct netlogon_creds_CredentialState tmp_creds; + struct netr_Authenticator req_auth; + struct netr_Authenticator rep_auth; +}; + +static void netlogon_creds_cli_LogonGetDomainInfo_cleanup(struct tevent_req *req, + NTSTATUS status); +static void netlogon_creds_cli_LogonGetDomainInfo_locked(struct tevent_req *subreq); + +struct tevent_req *netlogon_creds_cli_LogonGetDomainInfo_send(TALLOC_CTX *mem_ctx, + struct tevent_context *ev, + struct netlogon_creds_cli_context *context, + struct dcerpc_binding_handle *b, + uint32_t level, + union netr_WorkstationInfo *query) +{ + struct tevent_req *req; + struct netlogon_creds_cli_LogonGetDomainInfo_state *state; + struct tevent_req *subreq; + + req = tevent_req_create(mem_ctx, &state, + struct netlogon_creds_cli_LogonGetDomainInfo_state); + if (req == NULL) { + return NULL; + } + + state->ev = ev; + state->context = context; + state->binding_handle = b; + + state->srv_name_slash = talloc_asprintf(state, "\\\\%s", + context->server.computer); + if (tevent_req_nomem(state->srv_name_slash, req)) { + return tevent_req_post(req, ev); + } + + state->level = level; + state->query = query; + state->info = talloc_zero(state, union netr_DomainInfo); + if (tevent_req_nomem(state->info, req)) { + return tevent_req_post(req, ev); + } + + dcerpc_binding_handle_auth_info(state->binding_handle, + &state->auth_type, + &state->auth_level); + + subreq = netlogon_creds_cli_lock_send(state, state->ev, + state->context); + if (tevent_req_nomem(subreq, req)) { + return tevent_req_post(req, ev); + } + + tevent_req_set_callback(subreq, + netlogon_creds_cli_LogonGetDomainInfo_locked, + req); + + return req; +} + +static void netlogon_creds_cli_LogonGetDomainInfo_cleanup(struct tevent_req *req, + NTSTATUS status) +{ + struct netlogon_creds_cli_LogonGetDomainInfo_state *state = + tevent_req_data(req, + struct netlogon_creds_cli_LogonGetDomainInfo_state); + + if (state->creds == NULL) { + return; + } + + if (!NT_STATUS_EQUAL(status, NT_STATUS_NETWORK_ACCESS_DENIED) && + !NT_STATUS_EQUAL(status, NT_STATUS_IO_TIMEOUT) && + !NT_STATUS_EQUAL(status, NT_STATUS_DOWNGRADE_DETECTED) && + !NT_STATUS_EQUAL(status, NT_STATUS_ACCESS_DENIED) && + !NT_STATUS_EQUAL(status, NT_STATUS_RPC_SEC_PKG_ERROR)) { + TALLOC_FREE(state->creds); + return; + } + + netlogon_creds_cli_delete(state->context, state->creds); +} + +static void netlogon_creds_cli_LogonGetDomainInfo_done(struct tevent_req *subreq); + +static void netlogon_creds_cli_LogonGetDomainInfo_locked(struct tevent_req *subreq) +{ + struct tevent_req *req = + tevent_req_callback_data(subreq, + struct tevent_req); + struct netlogon_creds_cli_LogonGetDomainInfo_state *state = + tevent_req_data(req, + struct netlogon_creds_cli_LogonGetDomainInfo_state); + NTSTATUS status; + + status = netlogon_creds_cli_lock_recv(subreq, state, + &state->creds); + TALLOC_FREE(subreq); + if (tevent_req_nterror(req, status)) { + return; + } + + if (state->auth_type == DCERPC_AUTH_TYPE_SCHANNEL) { + switch (state->auth_level) { + case DCERPC_AUTH_LEVEL_INTEGRITY: + case DCERPC_AUTH_LEVEL_PRIVACY: + break; + default: + tevent_req_nterror(req, NT_STATUS_INVALID_PARAMETER_MIX); + return; + } + } else { + uint32_t tmp = state->creds->negotiate_flags; + + if (tmp & NETLOGON_NEG_AUTHENTICATED_RPC) { + /* + * if DCERPC_AUTH_TYPE_SCHANNEL is supported + * it should be used, which means + * we had a chance to verify no downgrade + * happened. + * + * This relies on netlogon_creds_cli_check* + * being called before, as first request after + * the DCERPC bind. + */ + tevent_req_nterror(req, NT_STATUS_INVALID_PARAMETER_MIX); + return; + } + } + + /* + * we defer all callbacks in order to cleanup + * the database record. + */ + tevent_req_defer_callback(req, state->ev); + + state->tmp_creds = *state->creds; + netlogon_creds_client_authenticator(&state->tmp_creds, + &state->req_auth); + ZERO_STRUCT(state->rep_auth); + + subreq = dcerpc_netr_LogonGetDomainInfo_send(state, state->ev, + state->binding_handle, + state->srv_name_slash, + state->tmp_creds.computer_name, + &state->req_auth, + &state->rep_auth, + state->level, + state->query, + state->info); + if (tevent_req_nomem(subreq, req)) { + status = NT_STATUS_NO_MEMORY; + netlogon_creds_cli_LogonGetDomainInfo_cleanup(req, status); + return; + } + + tevent_req_set_callback(subreq, + netlogon_creds_cli_LogonGetDomainInfo_done, + req); +} + +static void netlogon_creds_cli_LogonGetDomainInfo_done(struct tevent_req *subreq) +{ + struct tevent_req *req = + tevent_req_callback_data(subreq, + struct tevent_req); + struct netlogon_creds_cli_LogonGetDomainInfo_state *state = + tevent_req_data(req, + struct netlogon_creds_cli_LogonGetDomainInfo_state); + NTSTATUS status; + NTSTATUS result; + bool ok; + + /* + * We use state->dns_names as the memory context, as this is + * the only in/out variable and it has been overwritten by the + * out parameter from the server. + * + * We need to preserve the return value until the caller can use it. + */ + status = dcerpc_netr_LogonGetDomainInfo_recv(subreq, state->info, &result); + TALLOC_FREE(subreq); + if (tevent_req_nterror(req, status)) { + netlogon_creds_cli_LogonGetDomainInfo_cleanup(req, status); + return; + } + + ok = netlogon_creds_client_check(&state->tmp_creds, + &state->rep_auth.cred); + if (!ok) { + status = NT_STATUS_ACCESS_DENIED; + tevent_req_nterror(req, status); + netlogon_creds_cli_LogonGetDomainInfo_cleanup(req, status); + return; + } + + if (tevent_req_nterror(req, result)) { + netlogon_creds_cli_LogonGetDomainInfo_cleanup(req, result); + return; + } + + *state->creds = state->tmp_creds; + status = netlogon_creds_cli_store(state->context, + state->creds); + if (tevent_req_nterror(req, status)) { + netlogon_creds_cli_LogonGetDomainInfo_cleanup(req, status); + return; + } + + tevent_req_done(req); +} + +NTSTATUS netlogon_creds_cli_LogonGetDomainInfo_recv(struct tevent_req *req, + TALLOC_CTX *mem_ctx, + union netr_DomainInfo **info) +{ + struct netlogon_creds_cli_LogonGetDomainInfo_state *state = + tevent_req_data(req, + struct netlogon_creds_cli_LogonGetDomainInfo_state); + NTSTATUS status; + + if (tevent_req_is_nterror(req, &status)) { + netlogon_creds_cli_LogonGetDomainInfo_cleanup(req, status); + tevent_req_received(req); + return status; + } + + *info = talloc_move(mem_ctx, &state->info); + + tevent_req_received(req); + return NT_STATUS_OK; +} + +NTSTATUS netlogon_creds_cli_LogonGetDomainInfo( + struct netlogon_creds_cli_context *context, + struct dcerpc_binding_handle *b, + TALLOC_CTX *mem_ctx, + uint32_t level, + union netr_WorkstationInfo *query, + union netr_DomainInfo **info) +{ + TALLOC_CTX *frame = talloc_stackframe(); + struct tevent_context *ev; + struct tevent_req *req; + NTSTATUS status = NT_STATUS_OK; + + ev = samba_tevent_context_init(frame); + if (ev == NULL) { + goto fail; + } + req = netlogon_creds_cli_LogonGetDomainInfo_send(frame, ev, context, b, + level, query); + if (req == NULL) { + goto fail; + } + if (!tevent_req_poll_ntstatus(req, ev, &status)) { + goto fail; + } + status = netlogon_creds_cli_LogonGetDomainInfo_recv(req, + mem_ctx, + info); + fail: + TALLOC_FREE(frame); + return status; +} diff --git a/libcli/auth/netlogon_creds_cli.h b/libcli/auth/netlogon_creds_cli.h index 56a2dd9bc77..7fb41872c36 100644 --- a/libcli/auth/netlogon_creds_cli.h +++ b/libcli/auth/netlogon_creds_cli.h @@ -214,4 +214,21 @@ NTSTATUS netlogon_creds_cli_SendToSam( struct dcerpc_binding_handle *b, struct netr_SendToSamBase *message); +struct tevent_req *netlogon_creds_cli_LogonGetDomainInfo_send(TALLOC_CTX *mem_ctx, + struct tevent_context *ev, + struct netlogon_creds_cli_context *context, + struct dcerpc_binding_handle *b, + uint32_t level, + union netr_WorkstationInfo *query); +NTSTATUS netlogon_creds_cli_LogonGetDomainInfo_recv(struct tevent_req *req, + TALLOC_CTX *mem_ctx, + union netr_DomainInfo **info); +NTSTATUS netlogon_creds_cli_LogonGetDomainInfo( + struct netlogon_creds_cli_context *context, + struct dcerpc_binding_handle *b, + TALLOC_CTX *mem_ctx, + uint32_t level, + union netr_WorkstationInfo *query, + union netr_DomainInfo **info); + #endif /* NETLOGON_CREDS_CLI_H */ diff --git a/librpc/idl/drsuapi.idl b/librpc/idl/drsuapi.idl index 448a58bcd1f..2aaae8dce59 100644 --- a/librpc/idl/drsuapi.idl +++ b/librpc/idl/drsuapi.idl @@ -13,7 +13,7 @@ import "security.idl", "misc.idl", "lsa.idl", "samr.idl"; ] interface drsuapi { - typedef bitmap samr_GroupAttrs samr_GroupAttrs; + typedef bitmap security_GroupAttrs security_GroupAttrs; /* see MS-DRSR section 5.39 */ typedef [public,bitmap32bit] bitmap { @@ -945,7 +945,7 @@ interface drsuapi [range(0,10000)] uint32 num_memberships; [range(0,10000)] uint32 num_sids; [size_is(num_memberships)] drsuapi_DsReplicaObjectIdentifier **info_array; - [size_is(num_memberships)] samr_GroupAttrs *group_attrs; + [size_is(num_memberships)] security_GroupAttrs *group_attrs; [size_is(num_sids)] dom_sid28 **sids; } drsuapi_DsGetMembershipsCtr1; diff --git a/librpc/idl/lsa.idl b/librpc/idl/lsa.idl index ea8a426fa01..39ed3be8262 100644 --- a/librpc/idl/lsa.idl +++ b/librpc/idl/lsa.idl @@ -702,14 +702,17 @@ import "misc.idl", "security.idl"; } lsa_TrustType; typedef [public,bitmap32bit] bitmap { - LSA_TRUST_ATTRIBUTE_NON_TRANSITIVE = 0x00000001, - LSA_TRUST_ATTRIBUTE_UPLEVEL_ONLY = 0x00000002, - LSA_TRUST_ATTRIBUTE_QUARANTINED_DOMAIN = 0x00000004, - LSA_TRUST_ATTRIBUTE_FOREST_TRANSITIVE = 0x00000008, - LSA_TRUST_ATTRIBUTE_CROSS_ORGANIZATION = 0x00000010, - LSA_TRUST_ATTRIBUTE_WITHIN_FOREST = 0x00000020, - LSA_TRUST_ATTRIBUTE_TREAT_AS_EXTERNAL = 0x00000040, - LSA_TRUST_ATTRIBUTE_USES_RC4_ENCRYPTION = 0x00000080 + LSA_TRUST_ATTRIBUTE_NON_TRANSITIVE = 0x00000001, + LSA_TRUST_ATTRIBUTE_UPLEVEL_ONLY = 0x00000002, + LSA_TRUST_ATTRIBUTE_QUARANTINED_DOMAIN = 0x00000004, + LSA_TRUST_ATTRIBUTE_FOREST_TRANSITIVE = 0x00000008, + LSA_TRUST_ATTRIBUTE_CROSS_ORGANIZATION = 0x00000010, + LSA_TRUST_ATTRIBUTE_WITHIN_FOREST = 0x00000020, + LSA_TRUST_ATTRIBUTE_TREAT_AS_EXTERNAL = 0x00000040, + LSA_TRUST_ATTRIBUTE_USES_RC4_ENCRYPTION = 0x00000080, + LSA_TRUST_ATTRIBUTE_CROSS_ORGANIZATION_NO_TGT_DELEGATION = 0x00000200, + LSA_TRUST_ATTRIBUTE_PIM_TRUST = 0x00000400, + LSA_TRUST_ATTRIBUTE_CROSS_ORGANIZATION_ENABLE_TGT_DELEGATION = 0x00000800 } lsa_TrustAttributes; typedef struct { diff --git a/librpc/idl/netlogon.idl b/librpc/idl/netlogon.idl index b4474f7ec49..ae5e33aea40 100644 --- a/librpc/idl/netlogon.idl +++ b/librpc/idl/netlogon.idl @@ -29,7 +29,7 @@ cpp_quote("#define ENC_HMAC_SHA1_96_AES256 KERB_ENCTYPE_AES256_CTS_HMAC_SHA1_96" interface netlogon { typedef bitmap samr_AcctFlags samr_AcctFlags; - typedef bitmap samr_GroupAttrs samr_GroupAttrs; + typedef bitmap security_GroupAttrs security_GroupAttrs; typedef enum netr_DeltaEnum8Bit netr_DeltaEnum8Bit; typedef enum netr_SamDatabaseID8Bit netr_SamDatabaseID8Bit; @@ -274,7 +274,7 @@ interface netlogon typedef [public] struct { dom_sid2 *sid; - samr_GroupAttrs attributes; + security_GroupAttrs attributes; } netr_SidAttr; typedef [public] struct { @@ -1347,9 +1347,10 @@ interface netlogon actually encodes this structure as a UNICODE_STRING - see MS-NRPC section 2.2.1.3.9 */ /* 142 * 2 = 284 (length of structure "netr_OsVersionInfoEx") */ - [value(142)] uint32 length; - [value(0)] uint32 dummy; - [value(142)] uint32 size; + [value(142)] uint3264 length; + [value(0)] uint3264 dummy; + [value(142)] uint3264 size; + [subcontext(0),subcontext_size(size*2)] netr_OsVersionInfoEx os; } netr_OsVersion; @@ -1385,21 +1386,27 @@ interface netlogon } netr_WorkstationInfo; typedef struct { - /* these first 3 values come from the fact windows - actually encodes this structure as a UNICODE_STRING - - see MS-NRPC section 2.2.1.3.9 */ - [value(8)] uint32 length; - [value(0)] uint32 dummy; - [value(8)] uint32 size; netr_TrustFlags flags; uint32 parent_index; lsa_TrustType trust_type; lsa_TrustAttributes trust_attributes; + } netr_trust_extension_info; + + typedef struct { + /* these first 3 values come from the fact windows + actually encodes this structure as a UNICODE_STRING + - see MS-NRPC section 2.2.1.3.9 */ + [value(8)] uint3264 length; + [value(0)] uint3264 dummy; + [value(8)] uint3264 size; + [subcontext(0),subcontext_size(size*2)] + netr_trust_extension_info info; } netr_trust_extension; typedef struct { - uint16 length; /* value is 16 when info != NULL, otherwise 0 */ - [value(length)] uint16 size; /* value is 16 when info != NULL, otherwise 0 */ + /* value is 16 when info != NULL, otherwise 0 */ + [value(info == NULL ? 0 : 16)] uint16 length; + [value(info == NULL ? 0 : 16)] uint16 size; netr_trust_extension *info; } netr_trust_extension_container; @@ -1439,7 +1446,7 @@ interface netlogon [case(2)] netr_LsaPolicyInformation *lsa_policy_info; } netr_DomainInfo; - NTSTATUS netr_LogonGetDomainInfo( + [public] NTSTATUS netr_LogonGetDomainInfo( [in] [string,charset(UTF16)] uint16 *server_name, [in,unique] [string,charset(UTF16)] uint16 *computer_name, [in,ref] netr_Authenticator *credential, diff --git a/librpc/idl/samr.idl b/librpc/idl/samr.idl index b9d1d34ae33..867862dcd5c 100644 --- a/librpc/idl/samr.idl +++ b/librpc/idl/samr.idl @@ -16,6 +16,7 @@ import "misc.idl", "lsa.idl", "security.idl"; ] interface samr { typedef bitmap security_secinfo security_secinfo; + typedef bitmap security_GroupAttrs security_GroupAttrs; -- Samba Shared Repository