The branch, master has been updated
via 8863d84d537 s3:rpc_client: Remove unused rpccli_lsa_open_policy2()
via 417c8180c44 s3:winbind: Always close the policy handle we opened
via 05a006fab94 s3:winbind: Use dcerpc_lsa_open_policy_fallback() in
winbindd_cm.c
via 6b6a88cdddf s3:utils: Use any_nt_status_not_ok() in
rpc_rights_grant_internal()
via 28e7a754c8d s3:utils: Use goto to close the policy in
rpc_rights_grant_internal()
via e5abb584b64 s3:utils: Use dcerpc_lsa_open_policy_fallback() in
net_rpc_rights.c
via 5b3e562006a s3:utils: Use dcerpc_lsa_open_policy_fallback() in
net_rpc.c
via 48fe294e51d s3:rpcclient: Use dcerpc_lsa_open_policy_fallback() in
cmd_lsarpc.c
via 367b946a34b s3:rpcclient: Remove trailing white spaces from
cmd_lsarpc.c
via 4f7c395cd3d s3:libnetapi: Use dcerpc_lsa_open_policy_fallback() in
localgroup.c
via bea13a02d4b s3:utils: Use dcerpc_lsa_open_policy_fallback() in
net_rpc_trust.c
via 070cfeae527 s3:rpc_server: Use dcerpc_lsa_open_policy_fallback()
for netlogon
via 0db702322ce s3:rpc_client: Implement
dcerpc_lsa_open_policy_fallback()
via aecd73becca s3:rpc_client: Implement dcerpc_lsa_open_policy3()
via f5a4dcb0a7c s4:torture: Implement lsa_OpenPolicy3 tests
via d18ce289054 s3:rpc_server: Implement _lsa_OpenPolicy3()
via 15cecaaf0f1 s4:rpc_server: Implement dcesrv_lsa_OpenPolicy3()
via 75e381d4433 s4:torture: Adapt LSA tests for newer Windows versions
via f5275ae3dcc lsa.idl: Backport changes from wireshark
via 5c72df15a87 lsa.idl: Add new functions and types
via 80ba5456d8c s4:rpc_server: Remove trailing white spaces from
lsa_init.c
from 028c90547e3 python:tests: Add ndrdump test for GMSA Managed
Password blobs
https://git.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit 8863d84d537117e073da0a371bc153e16e4ebd9f
Author: Andreas Schneider <a...@samba.org>
Date: Thu Aug 31 18:09:37 2023 +0200
s3:rpc_client: Remove unused rpccli_lsa_open_policy2()
Signed-off-by: Andreas Schneider <a...@samba.org>
Reviewed-by: Stefan Metzmacher <me...@samba.org>
Autobuild-User(master): Andreas Schneider <a...@cryptomilk.org>
Autobuild-Date(master): Tue Nov 21 12:21:18 UTC 2023 on atb-devel-224
commit 417c8180c4406e9071ce88cfbe18d15e1f403fc1
Author: Andreas Schneider <a...@samba.org>
Date: Tue Oct 24 09:39:09 2023 +0200
s3:winbind: Always close the policy handle we opened
Signed-off-by: Andreas Schneider <a...@samba.org>
Reviewed-by: Stefan Metzmacher <me...@samba.org>
commit 05a006fab946ec9dad820c2910bb9782c7fcd380
Author: Andreas Schneider <a...@samba.org>
Date: Thu Aug 31 18:08:56 2023 +0200
s3:winbind: Use dcerpc_lsa_open_policy_fallback() in winbindd_cm.c
Signed-off-by: Andreas Schneider <a...@samba.org>
Reviewed-by: Stefan Metzmacher <me...@samba.org>
commit 6b6a88cdddff8355299793189b1bf7e8f5a273f0
Author: Andreas Schneider <a...@samba.org>
Date: Thu Nov 2 08:31:32 2023 +0100
s3:utils: Use any_nt_status_not_ok() in rpc_rights_grant_internal()
Signed-off-by: Andreas Schneider <a...@samba.org>
Reviewed-by: Stefan Metzmacher <me...@samba.org>
commit 28e7a754c8d0d49729f6a85bdbfc02b1a7a023f5
Author: Andreas Schneider <a...@samba.org>
Date: Thu Nov 2 08:30:36 2023 +0100
s3:utils: Use goto to close the policy in rpc_rights_grant_internal()
Signed-off-by: Andreas Schneider <a...@samba.org>
Reviewed-by: Stefan Metzmacher <me...@samba.org>
commit e5abb584b64c9e82ad73c0303c749688f306c455
Author: Andreas Schneider <a...@samba.org>
Date: Thu Aug 31 17:57:09 2023 +0200
s3:utils: Use dcerpc_lsa_open_policy_fallback() in net_rpc_rights.c
Signed-off-by: Andreas Schneider <a...@samba.org>
Reviewed-by: Stefan Metzmacher <me...@samba.org>
commit 5b3e562006a1f8f9fc31a74fe2037e83544de7b9
Author: Andreas Schneider <a...@samba.org>
Date: Thu Aug 31 16:22:02 2023 +0200
s3:utils: Use dcerpc_lsa_open_policy_fallback() in net_rpc.c
Signed-off-by: Andreas Schneider <a...@samba.org>
Reviewed-by: Stefan Metzmacher <me...@samba.org>
commit 48fe294e51de465482b0018e4ce10fe8ecdbd2a0
Author: Andreas Schneider <a...@samba.org>
Date: Thu Aug 31 16:08:39 2023 +0200
s3:rpcclient: Use dcerpc_lsa_open_policy_fallback() in cmd_lsarpc.c
Signed-off-by: Andreas Schneider <a...@samba.org>
Reviewed-by: Stefan Metzmacher <me...@samba.org>
commit 367b946a34b45036ceacf97e926be87c0b11316d
Author: Andreas Schneider <a...@samba.org>
Date: Thu Aug 31 15:39:51 2023 +0200
s3:rpcclient: Remove trailing white spaces from cmd_lsarpc.c
Signed-off-by: Andreas Schneider <a...@samba.org>
Reviewed-by: Stefan Metzmacher <me...@samba.org>
commit 4f7c395cd3d5cab9969a7778d0a5c3bca30d3db2
Author: Andreas Schneider <a...@samba.org>
Date: Thu Aug 31 11:23:03 2023 +0200
s3:libnetapi: Use dcerpc_lsa_open_policy_fallback() in localgroup.c
Signed-off-by: Andreas Schneider <a...@samba.org>
Reviewed-by: Stefan Metzmacher <me...@samba.org>
commit bea13a02d4bc45b6041be435f129557fc1615ce3
Author: Andreas Schneider <a...@samba.org>
Date: Thu Aug 31 10:27:12 2023 +0200
s3:utils: Use dcerpc_lsa_open_policy_fallback() in net_rpc_trust.c
Signed-off-by: Andreas Schneider <a...@samba.org>
Reviewed-by: Stefan Metzmacher <me...@samba.org>
commit 070cfeae527ca9699b2afc42f01c12632464b5e3
Author: Andreas Schneider <a...@samba.org>
Date: Thu Aug 31 10:19:08 2023 +0200
s3:rpc_server: Use dcerpc_lsa_open_policy_fallback() for netlogon
Signed-off-by: Andreas Schneider <a...@samba.org>
Reviewed-by: Stefan Metzmacher <me...@samba.org>
commit 0db702322ce577bde6a21b36d6f8ae4cabb2de42
Author: Andreas Schneider <a...@samba.org>
Date: Mon Oct 23 15:35:38 2023 +0200
s3:rpc_client: Implement dcerpc_lsa_open_policy_fallback()
Signed-off-by: Andreas Schneider <a...@samba.org>
Reviewed-by: Stefan Metzmacher <me...@samba.org>
commit aecd73beccacd61f5bb4fe38563fa2668cfc266c
Author: Andreas Schneider <a...@samba.org>
Date: Thu Aug 31 10:18:23 2023 +0200
s3:rpc_client: Implement dcerpc_lsa_open_policy3()
Signed-off-by: Andreas Schneider <a...@samba.org>
Reviewed-by: Stefan Metzmacher <me...@samba.org>
commit f5a4dcb0a7c88850b9dad83e10b5dd8fc1411468
Author: Andreas Schneider <a...@samba.org>
Date: Thu Jul 13 21:19:37 2023 +0200
s4:torture: Implement lsa_OpenPolicy3 tests
Signed-off-by: Andreas Schneider <a...@samba.org>
Reviewed-by: Stefan Metzmacher <me...@samba.org>
commit d18ce28905400d01872701b6884863b3bf26cff6
Author: Andreas Schneider <a...@samba.org>
Date: Thu Aug 31 09:19:35 2023 +0200
s3:rpc_server: Implement _lsa_OpenPolicy3()
Signed-off-by: Andreas Schneider <a...@samba.org>
Reviewed-by: Stefan Metzmacher <me...@samba.org>
commit 15cecaaf0f14e049cfc464665de2fe8734307397
Author: Andreas Schneider <a...@samba.org>
Date: Wed Aug 30 14:48:23 2023 +0200
s4:rpc_server: Implement dcesrv_lsa_OpenPolicy3()
Signed-off-by: Andreas Schneider <a...@samba.org>
Reviewed-by: Stefan Metzmacher <me...@samba.org>
commit 75e381d4433952eb01e0399bfffc5ce2bdae4f32
Author: Andreas Schneider <a...@samba.org>
Date: Wed Aug 30 07:46:42 2023 +0200
s4:torture: Adapt LSA tests for newer Windows versions
Newer Windows version directly disconnect the client. This is what
happens if the test is run against Windows Server 2022.
Signed-off-by: Andreas Schneider <a...@samba.org>
Reviewed-by: Stefan Metzmacher <me...@samba.org>
commit f5275ae3dcca0546ae73dcc16f3e68f314646915
Author: Stefan Metzmacher <me...@samba.org>
Date: Fri Mar 18 15:46:09 2022 +0100
lsa.idl: Backport changes from wireshark
Signed-off-by: Stefan Metzmacher <me...@samba.org>
Reviewed-by: Andreas Schneider <a...@samba.org>
commit 5c72df15a87b38c0734297d90949a4e57e7b4703
Author: Stefan Metzmacher <me...@samba.org>
Date: Fri Mar 18 13:34:38 2022 +0100
lsa.idl: Add new functions and types
[MS-LSAD] got new functions in order to use AES encryption
and other security related features.
For our servers we still pretent we don't
know about the new functions and return DCERPC_FAULT_OP_RNG_ERROR.
Signed-off-by: Stefan Metzmacher <me...@samba.org>
Reviewed-by: Andreas Schneider <a...@samba.org>
commit 80ba5456d8cb9623c9b5a54571791dc4ac88571d
Author: Andreas Schneider <a...@samba.org>
Date: Wed Aug 30 09:24:06 2023 +0200
s4:rpc_server: Remove trailing white spaces from lsa_init.c
Signed-off-by: Andreas Schneider <a...@samba.org>
Reviewed-by: Stefan Metzmacher <me...@samba.org>
-----------------------------------------------------------------------
Summary of changes:
librpc/idl/lsa.idl | 276 ++++++++++++-
source3/lib/netapi/localgroup.c | 28 +-
source3/rpc_client/cli_lsarpc.c | 86 +++-
source3/rpc_client/cli_lsarpc.h | 70 +++-
source3/rpc_server/lsa/srv_lsa_nt.c | 406 +++++++++++++++++++
source3/rpc_server/netlogon/srv_netlog_nt.c | 23 +-
source3/rpcclient/cmd_lsarpc.c | 603 ++++++++++++++++++++--------
source3/utils/net_rpc.c | 79 +++-
source3/utils/net_rpc_rights.c | 65 ++-
source3/utils/net_rpc_trust.c | 40 +-
source3/winbindd/winbindd_cm.c | 32 +-
source4/rpc_server/lsa/dcesrv_lsa.c | 516 +++++++++++++++++++++++-
source4/rpc_server/lsa/lsa_init.c | 102 ++++-
source4/torture/rpc/lsa.c | 185 ++++++++-
14 files changed, 2228 insertions(+), 283 deletions(-)
Changeset truncated at 500 lines:
diff --git a/librpc/idl/lsa.idl b/librpc/idl/lsa.idl
index 5f16fc06765..ede27c9fae4 100644
--- a/librpc/idl/lsa.idl
+++ b/librpc/idl/lsa.idl
@@ -113,9 +113,17 @@ import "misc.idl", "security.idl";
/******************/
/* Function: 0x06 */
+
+ typedef enum {
+ LSA_SECURITY_ANONYMOUS = 0,
+ LSA_SECURITY_IDENTIFICATION = 1,
+ LSA_SECURITY_IMPERSONATION = 2,
+ LSA_SECURITY_DELEGATION = 3
+ } lsa_SecurityImpersonationLevel;
+
typedef struct {
uint3264 len; /* ignored */
- uint16 impersonation_level;
+ lsa_SecurityImpersonationLevel impersonation_level;
uint8 context_mode;
uint8 effective_only;
} lsa_QosInfo;
@@ -412,7 +420,7 @@ import "misc.idl", "security.idl";
[case(LSA_POLICY_INFO_AUDIT_FULL_SET)] lsa_AuditFullSetInfo
auditfullset;
[case(LSA_POLICY_INFO_AUDIT_FULL_QUERY)] lsa_AuditFullQueryInfo
auditfullquery;
[case(LSA_POLICY_INFO_DNS)] lsa_DnsDomainInfo
dns;
- [case(LSA_POLICY_INFO_DNS_INT)] lsa_DnsDomainInfo
dns;
+ [case(LSA_POLICY_INFO_DNS_INT)] lsa_DnsDomainInfo
dns_int;
[case(LSA_POLICY_INFO_L_ACCOUNT_DOMAIN)] lsa_DomainInfo
l_account_domain;
} lsa_PolicyInformation;
@@ -686,7 +694,9 @@ import "misc.idl", "security.idl";
LSA_TRUSTED_DOMAIN_INFO_FULL_INFO_INTERNAL = 10,
LSA_TRUSTED_DOMAIN_INFO_INFO_EX2_INTERNAL = 11,
LSA_TRUSTED_DOMAIN_INFO_FULL_INFO_2_INTERNAL = 12,
- LSA_TRUSTED_DOMAIN_SUPPORTED_ENCRYPTION_TYPES = 13
+ LSA_TRUSTED_DOMAIN_SUPPORTED_ENCRYPTION_TYPES = 13,
+ LSA_TRUSTED_DOMAIN_INFO_AUTH_INFO_INTERNAL_AES= 14,
+ LSA_TRUSTED_DOMAIN_INFO_FULL_INFO_INTERNAL_AES= 15
} lsa_TrustDomInfoEnum;
typedef [public,bitmap32bit] bitmap {
@@ -786,6 +796,18 @@ import "misc.idl", "security.idl";
lsa_TrustDomainInfoAuthInfoInternal auth_info;
} lsa_TrustDomainInfoFullInfoInternal;
+ typedef struct {
+ uint8 auth_data[64];
+ uint8 salt[16];
+ lsa_DATA_BUF2 cipher;
+ } lsa_TrustDomainInfoAuthInfoInternalAES;
+
+ typedef struct {
+ lsa_TrustDomainInfoInfoEx info_ex;
+ lsa_TrustDomainInfoPosixOffset posix_offset;
+ lsa_TrustDomainInfoAuthInfoInternalAES auth_info;
+ } lsa_TrustDomainInfoFullInfoInternalAES;
+
typedef struct {
lsa_TrustDomainInfoInfoEx info_ex;
uint32 forest_trust_length;
@@ -829,6 +851,10 @@ import "misc.idl", "security.idl";
lsa_TrustDomainInfoFullInfo2Internal
full_info2_internal;
[case(LSA_TRUSTED_DOMAIN_SUPPORTED_ENCRYPTION_TYPES)]
lsa_TrustDomainInfoSupportedEncTypes enc_types;
+ [case(LSA_TRUSTED_DOMAIN_INFO_AUTH_INFO_INTERNAL_AES)]
+ lsa_TrustDomainInfoAuthInfoInternalAES
auth_info_internal_aes;
+ [case(LSA_TRUSTED_DOMAIN_INFO_FULL_INFO_INTERNAL_AES)]
+ lsa_TrustDomainInfoFullInfoInternalAES
full_info_internal_aes;
} lsa_TrustedDomainInfo;
/* Function: 0x1a */
@@ -1071,6 +1097,10 @@ import "misc.idl", "security.idl";
);
/* Function 0x35 */
+ typedef struct {
+ uint32 quality_of_service;
+ } lsa_DomainInfoQoS;
+
typedef [bitmap32bit] bitmap {
LSA_POLICY_KERBEROS_VALIDATE_CLIENT = 0x00000080
} lsa_krbAuthenticationOptions;
@@ -1092,25 +1122,27 @@ import "misc.idl", "security.idl";
} lsa_DomainInfoEfs;
typedef enum {
+ LSA_DOMAIN_INFO_POLICY_QOS=1,
LSA_DOMAIN_INFO_POLICY_EFS=2,
LSA_DOMAIN_INFO_POLICY_KERBEROS=3
} lsa_DomainInfoEnum;
- typedef [switch_type(uint16)] union {
+ typedef [switch_type(lsa_DomainInfoEnum)] union {
+ [case(LSA_DOMAIN_INFO_POLICY_QOS)] lsa_DomainInfoQoS
qos_info;
[case(LSA_DOMAIN_INFO_POLICY_EFS)] lsa_DomainInfoEfs
efs_info;
[case(LSA_DOMAIN_INFO_POLICY_KERBEROS)] lsa_DomainInfoKerberos
kerberos_info;
} lsa_DomainInformationPolicy;
NTSTATUS lsa_QueryDomainInformationPolicy(
[in] policy_handle *handle,
- [in] uint16 level,
+ [in] lsa_DomainInfoEnum level,
[out,ref,switch_is(level)] lsa_DomainInformationPolicy
**info
);
/* Function 0x36 */
NTSTATUS lsa_SetDomainInformationPolicy(
[in] policy_handle *handle,
- [in] uint16 level,
+ [in] lsa_DomainInfoEnum level,
[in,unique,switch_is(level)] lsa_DomainInformationPolicy
*info
);
@@ -1289,8 +1321,13 @@ import "misc.idl", "security.idl";
LSA_FOREST_TRUST_TOP_LEVEL_NAME = 0,
LSA_FOREST_TRUST_TOP_LEVEL_NAME_EX = 1,
LSA_FOREST_TRUST_DOMAIN_INFO = 2,
- LSA_FOREST_TRUST_RECORD_TYPE_LAST = 3
+ LSA_FOREST_TRUST_BINARY_DATA = 3,
+ LSA_FOREST_TRUST_SCANNER_INFO = 4
} lsa_ForestTrustRecordType;
+ const uint32 LSA_FOREST_TRUST_RECORD_TYPE_LAST =
+ LSA_FOREST_TRUST_BINARY_DATA;
+ const uint32 LSA_FOREST_TRUST_RECORD2_TYPE_LAST =
+ LSA_FOREST_TRUST_SCANNER_INFO;
typedef struct {
[range(0,131072)] uint3264 length;
@@ -1404,4 +1441,229 @@ import "misc.idl", "security.idl";
/* Function 0x51 */
[todo] NTSTATUS lsa_LSARADTREPORTSECURITYEVENT();
+ /* Function 0x52 (82) */
+ [todo] void lsa_Opnum82NotUsedOnWire(void);
+
+ /* Function 0x53 (83) */
+ [todo] void lsa_Opnum83NotUsedOnWire(void);
+
+ /* Function 0x54 (84) */
+ [todo] void lsa_Opnum84NotUsedOnWire(void);
+
+ /* Function 0x55 (85) */
+ [todo] void lsa_Opnum85NotUsedOnWire(void);
+
+ /* Function 0x56 (86) */
+ [todo] void lsa_Opnum86NotUsedOnWire(void);
+
+ /* Function 0x57 (87) */
+ [todo] void lsa_Opnum87NotUsedOnWire(void);
+
+ /* Function 0x58 (88) */
+ [todo] void lsa_Opnum88NotUsedOnWire(void);
+
+ /* Function 0x59 (89) */
+ [todo] void lsa_Opnum89NotUsedOnWire(void);
+
+ /* Function 0x5A (90) */
+ [todo] void lsa_Opnum90NotUsedOnWire(void);
+
+ /* Function 0x5B (91) */
+ [todo] void lsa_Opnum91NotUsedOnWire(void);
+
+ /* Function 0x5C (92) */
+ [todo] void lsa_Opnum92NotUsedOnWire(void);
+
+ /* Function 0x5D (93) */
+ [todo] void lsa_Opnum93NotUsedOnWire(void);
+
+ /* Function 0x5E (94) */
+ [todo] void lsa_Opnum94NotUsedOnWire(void);
+
+ /* Function 0x5F (95) */
+ [todo] void lsa_Opnum95NotUsedOnWire(void);
+
+ /* Function 0x60 (96) */
+ [todo] void lsa_Opnum96NotUsedOnWire(void);
+
+ /* Function 0x61 (97) */
+ [todo] void lsa_Opnum97NotUsedOnWire(void);
+
+ /* Function 0x62 (98) */
+ [todo] void lsa_Opnum98NotUsedOnWire(void);
+
+ /* Function 0x63 (99) */
+ [todo] void lsa_Opnum99NotUsedOnWire(void);
+
+ /* Function 0x64 (100) */
+ [todo] void lsa_Opnum100NotUsedOnWire(void);
+
+ /* Function 0x65 (101) */
+ [todo] void lsa_Opnum101NotUsedOnWire(void);
+
+ /* Function 0x66 (102) */
+ [todo] void lsa_Opnum102NotUsedOnWire(void);
+
+ /* Function 0x67 (103) */
+ [todo] void lsa_Opnum103NotUsedOnWire(void);
+
+ /* Function 0x68 (104) */
+ [todo] void lsa_Opnum104NotUsedOnWire(void);
+
+ /* Function 0x69 (105) */
+ [todo] void lsa_Opnum105NotUsedOnWire(void);
+
+ /* Function 0x6A (106) */
+ [todo] void lsa_Opnum106NotUsedOnWire(void);
+
+ /* Function 0x6B (107) */
+ [todo] void lsa_Opnum107NotUsedOnWire(void);
+
+ /* Function 0x6C (108) */
+ [todo] void lsa_Opnum108NotUsedOnWire(void);
+
+ /* Function 0x6D (109) */
+ [todo] void lsa_Opnum109NotUsedOnWire(void);
+
+ /* Function 0x6E (110) */
+ [todo] void lsa_Opnum110NotUsedOnWire(void);
+
+ /* Function 0x6F (111) */
+ [todo] void lsa_Opnum111NotUsedOnWire(void);
+
+ /* Function 0x70 (112) */
+ [todo] void lsa_Opnum112NotUsedOnWire(void);
+
+ /* Function 0x71 (113) */
+ [todo] void lsa_Opnum113NotUsedOnWire(void);
+
+ /* Function 0x72 (114) */
+ [todo] void lsa_Opnum114NotUsedOnWire(void);
+
+ /* Function 0x73 (115) */
+ [todo] void lsa_Opnum115NotUsedOnWire(void);
+
+ /* Function 0x74 (116) */
+ [todo] void lsa_Opnum116NotUsedOnWire(void);
+
+ /* Function 0x75 (117) */
+ [todo] void lsa_Opnum117NotUsedOnWire(void);
+
+ /* Function 0x76 (118) */
+ [todo] void lsa_Opnum118NotUsedOnWire(void);
+
+ /* Function 0x77 (119) */
+ [todo] void lsa_Opnum119NotUsedOnWire(void);
+
+ /* Function 0x78 (120) */
+ [todo] void lsa_Opnum120NotUsedOnWire(void);
+
+ /* Function 0x79 (121) */
+ [todo] void lsa_Opnum121NotUsedOnWire(void);
+
+ /* Function 0x7A (122) */
+ [todo] void lsa_Opnum122NotUsedOnWire(void);
+
+ /* Function 0x7B (123) */
+ [todo] void lsa_Opnum123NotUsedOnWire(void);
+
+ /* Function 0x7C (124) */
+ [todo] void lsa_Opnum124NotUsedOnWire(void);
+
+ /* Function 0x7D (125) */
+ [todo] void lsa_Opnum125NotUsedOnWire(void);
+
+ /* Function 0x7E (126) */
+ [todo] void lsa_Opnum126NotUsedOnWire(void);
+
+ /* Function 0x7F (127) */
+ [todo] void lsa_Opnum127NotUsedOnWire(void);
+
+ /* Function 0x80 (128) */
+ [todo] void lsa_Opnum128NotUsedOnWire(void);
+
+ /***********************/
+ /* Function 0x81 (129) */
+
+ NTSTATUS lsa_CreateTrustedDomainEx3(
+ [in] policy_handle *policy_handle,
+ [in] lsa_TrustDomainInfoInfoEx *info,
+ [in] lsa_TrustDomainInfoAuthInfoInternalAES
*auth_info_internal,
+ [in] lsa_TrustedAccessMask access_mask,
+ [out] policy_handle *trustdom_handle
+ );
+
+ /***********************/
+ /* Function 0x82 (130) */
+
+ typedef [bitmap32bit] bitmap {
+ LSA_FEATURE_TDO_AUTH_INFO_AES_CIPHER = 0x00000001
+ } lsa_RevisionSupportedFeature;
+
+ typedef struct {
+ uint32 revision;
+ lsa_RevisionSupportedFeature supported_features;
+ } lsa_revision_info1;
+
+ typedef [switch_type(uint32)] union {
+ [case(1)] lsa_revision_info1 info1;
+ } lsa_revision_info;
+
+ [public] NTSTATUS lsa_OpenPolicy3 (
+ [in,unique] [string,charset(UTF16)] uint16 *system_name,
+ [in] lsa_ObjectAttribute *attr,
+ [in] lsa_PolicyAccessMask access_mask,
+ [in] uint32 in_version,
+ [in,ref][switch_is(in_version)] lsa_revision_info
*in_revision_info,
+ [out,ref] uint32 *out_version,
+ [out,ref][switch_is(*out_version)] lsa_revision_info
*out_revision_info,
+ [out,ref] policy_handle *handle
+ );
+
+ /* Function 0x83 (131) */
+ [todo] void lsa_Opnum131NotUsedOnWire(void);
+
+ /***********************/
+ /* Function 0x84 (132) */
+ typedef [switch_type(lsa_ForestTrustRecordType)] union {
+ [case(LSA_FOREST_TRUST_TOP_LEVEL_NAME)] lsa_StringLarge
top_level_name;
+ [case(LSA_FOREST_TRUST_TOP_LEVEL_NAME_EX)] lsa_StringLarge
top_level_name_ex;
+ [case(LSA_FOREST_TRUST_DOMAIN_INFO)] lsa_ForestTrustDomainInfo
domain_info;
+ [case(LSA_FOREST_TRUST_BINARY_DATA)] lsa_ForestTrustBinaryData
data;
+ /*
+ * lsa_ForestTrustScannerInfo would have the same
+ * definition as lsa_ForestTrustDomainInfo
+ */
+ [case(LSA_FOREST_TRUST_SCANNER_INFO)] lsa_ForestTrustDomainInfo
scanner_info;
+ } lsa_ForestTrustData2;
+
+ typedef struct {
+ lsa_ForestTrustRecordFlags flags;
+ lsa_ForestTrustRecordType type;
+ NTTIME_hyper time;
+ [switch_is(type)] lsa_ForestTrustData2 forest_trust_data;
+ } lsa_ForestTrustRecord2;
+
+ typedef [public] struct {
+ [range(0,4000)] uint32 count;
+ [size_is(count)] lsa_ForestTrustRecord2 **entries;
+ } lsa_ForestTrustInformation2;
+
+ [public] NTSTATUS lsa_lsaRQueryForestTrustInformation2(
+ [in] policy_handle *handle,
+ [in,ref] lsa_String *trusted_domain_name,
+ [in] lsa_ForestTrustRecordType highest_record_type,
+ [out,ref] lsa_ForestTrustInformation2 **forest_trust_info
+ );
+
+ /***********************/
+ /* Function 0x85 (133) */
+ [public] NTSTATUS lsa_lsaRSetForestTrustInformation2(
+ [in] policy_handle *handle,
+ [in,ref] lsa_StringLarge *trusted_domain_name,
+ [in] lsa_ForestTrustRecordType highest_record_type,
+ [in,ref] lsa_ForestTrustInformation2 *forest_trust_info,
+ [in] boolean8 check_only,
+ [out,ref] lsa_ForestTrustCollisionInfo **collision_info
+ );
}
diff --git a/source3/lib/netapi/localgroup.c b/source3/lib/netapi/localgroup.c
index 5d6ad174fb1..a63fca4366a 100644
--- a/source3/lib/netapi/localgroup.c
+++ b/source3/lib/netapi/localgroup.c
@@ -968,6 +968,12 @@ static NTSTATUS libnetapi_lsa_lookup_names3(TALLOC_CTX
*mem_ctx,
struct lsa_String names;
uint32_t num_names = 1;
+ union lsa_revision_info out_revision_info = {
+ .info1 = {
+ .revision = 0,
+ },
+ };
+ uint32_t out_version = 0;
if (!sid || !name) {
return NT_STATUS_INVALID_PARAMETER;
@@ -977,13 +983,21 @@ static NTSTATUS libnetapi_lsa_lookup_names3(TALLOC_CTX
*mem_ctx,
init_lsa_String(&names, name);
- status = rpccli_lsa_open_policy2(lsa_pipe, mem_ctx,
- false,
- SEC_STD_READ_CONTROL |
- LSA_POLICY_VIEW_LOCAL_INFORMATION |
- LSA_POLICY_LOOKUP_NAMES,
- &lsa_handle);
- NT_STATUS_NOT_OK_RETURN(status);
+ status = dcerpc_lsa_open_policy_fallback(
+ b,
+ mem_ctx,
+ lsa_pipe->srv_name_slash,
+ false,
+ SEC_STD_READ_CONTROL |
+ LSA_POLICY_VIEW_LOCAL_INFORMATION |
+ LSA_POLICY_LOOKUP_NAMES,
+ &out_version,
+ &out_revision_info,
+ &lsa_handle,
+ &result);
+ if (any_nt_status_not_ok(status, result, &status)) {
+ return status;
+ }
status = dcerpc_lsa_LookupNames3(b, mem_ctx,
&lsa_handle,
diff --git a/source3/rpc_client/cli_lsarpc.c b/source3/rpc_client/cli_lsarpc.c
index 1ea49781a4d..73b4872a2c4 100644
--- a/source3/rpc_client/cli_lsarpc.c
+++ b/source3/rpc_client/cli_lsarpc.c
@@ -126,30 +126,86 @@ NTSTATUS dcerpc_lsa_open_policy2(struct
dcerpc_binding_handle *h,
result);
}
-/** Open a LSA policy handle
- *
- * @param cli Handle on an initialised SMB connection
- */
+NTSTATUS dcerpc_lsa_open_policy3(struct dcerpc_binding_handle *h,
+ TALLOC_CTX *mem_ctx,
+ const char *srv_name_slash,
+ bool sec_qos,
+ uint32_t des_access,
+ uint32_t *out_version,
+ union lsa_revision_info *out_revision_info,
+ struct policy_handle *pol,
+ NTSTATUS *result)
+{
+ struct lsa_ObjectAttribute attr = { .len = 0x18, };
+ struct lsa_QosInfo qos;
+ union lsa_revision_info in_revision_info = {
+ .info1 = {
+ .revision = 1,
+ },
+ };
+ uint32_t in_version = 1;
+
+ if (sec_qos) {
+ qos.len = 0xc;
+ qos.impersonation_level = 2;
+ qos.context_mode = 1;
+ qos.effective_only = 0;
+
+ attr.sec_qos = &qos;
+ }
-NTSTATUS rpccli_lsa_open_policy2(struct rpc_pipe_client *cli,
- TALLOC_CTX *mem_ctx, bool sec_qos,
- uint32_t des_access, struct policy_handle *pol)
+ return dcerpc_lsa_OpenPolicy3(h,
+ mem_ctx,
+ srv_name_slash,
+ &attr,
+ des_access,
+ in_version,
+ &in_revision_info,
+ out_version,
+ out_revision_info,
+ pol,
+ result);
+}
+
+NTSTATUS dcerpc_lsa_open_policy_fallback(struct dcerpc_binding_handle *h,
+ TALLOC_CTX *mem_ctx,
+ const char *srv_name_slash,
+ bool sec_qos,
+ uint32_t desired_access,
+ uint32_t *out_version,
+ union lsa_revision_info
*out_revision_info,
+ struct policy_handle *pol,
+ NTSTATUS *result)
{
NTSTATUS status;
- NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
- status = dcerpc_lsa_open_policy2(cli->binding_handle,
+ status = dcerpc_lsa_open_policy3(h,
mem_ctx,
- cli->srv_name_slash,
+ srv_name_slash,
sec_qos,
- des_access,
+ desired_access,
+ out_version,
+ out_revision_info,
pol,
- &result);
- if (!NT_STATUS_IS_OK(status)) {
- return status;
+ result);
+ if (NT_STATUS_EQUAL(status, NT_STATUS_RPC_PROCNUM_OUT_OF_RANGE)) {
+ *out_version = 1;
+ *out_revision_info = (union lsa_revision_info) {
+ .info1 = {
+ .revision = 1,
+ }
+ };
+
+ status = dcerpc_lsa_open_policy2(h,
+ mem_ctx,
--
Samba Shared Repository
