BOOL lsa_domain_opened(struct libnet_context *ctx, const char *domain_name,
struct composite_context **parent_ctx,
struct libnet_DomainOpen *domain_open,
void (*continue_fn)(struct composite_context*),
void (*monitor)(struct monitor_msg*))
{
struct composite_context *domopen_req;
if (parent_ctx == NULL || *parent_ctx == NULL) return False;
if (domain_name == NULL) {
/*
* Try to guess the domain name from credentials,
* if it's not been explicitly specified.
*/
if (policy_handle_empty(&ctx->lsa.handle)) {
domain_open->in.type = DOMAIN_LSA;
domain_open->in.domain_name = cli_credentials_get_domain(ctx->cred);
domain_open->in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
} else {
composite_error(*parent_ctx, NT_STATUS_INVALID_PARAMETER);
/* this ensures the calling function exits and composite function error
gets noticed quickly */
return True;
}
} else {
/*
* The domain name has been specified, so check whether the same
* domain is already opened. If it is - just return NULL. Start
* opening a new domain otherwise.
*/
if (policy_handle_empty(&ctx->lsa.handle) ||
!strequal(domain_name, ctx->lsa.name)) {
domain_open->in.type = DOMAIN_LSA;
domain_open->in.domain_name = domain_name;
domain_open->in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
} else {
/* domain has already been opened and it's the same domain
as requested */
return True;
}
}
/* send request to open the domain */
domopen_req = libnet_DomainOpen_send(ctx, domain_open, monitor);
/* see the comment above to find out why true is returned here */
if (composite_nomem(domopen_req, *parent_ctx)) return True;
composite_continue(*parent_ctx, domopen_req, continue_fn, *parent_ctx);
return False;
}
static BOOL test_Lookup(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx)
{
NTSTATUS status;
struct epm_Lookup r;
struct GUID uuid;
struct rpc_if_id_t iface;
struct policy_handle handle;
ZERO_STRUCT(handle);
r.in.inquiry_type = 0;
r.in.object = &uuid;
r.in.interface_id = &iface;
r.in.vers_option = 0;
r.in.entry_handle = &handle;
r.out.entry_handle = &handle;
r.in.max_ents = 10;
do {
int i;
ZERO_STRUCT(uuid);
ZERO_STRUCT(iface);
status = dcerpc_epm_Lookup(p, mem_ctx, &r);
if (!NT_STATUS_IS_OK(status) || r.out.result != 0) {
break;
}
printf("epm_Lookup returned %d events GUID %s\n",
*r.out.num_ents, GUID_string(mem_ctx, &handle.uuid));
for (i=0;i<*r.out.num_ents;i++) {
printf("\nFound '%s'\n", r.out.entries[i].annotation);
display_tower(mem_ctx, &r.out.entries[i].tower->tower);
if (r.out.entries[i].tower->tower.num_floors == 5) {
test_Map(p, mem_ctx, r.out.entries[i].tower);
}
}
} while (NT_STATUS_IS_OK(status) &&
r.out.result == 0 &&
*r.out.num_ents == r.in.max_ents &&
!policy_handle_empty(&handle));
if (!NT_STATUS_IS_OK(status)) {
printf("Lookup failed - %s\n", nt_errstr(status));
return False;
}
return True;
}
static bool test_Lookup(struct torture_context *tctx,
struct dcerpc_pipe *p)
{
NTSTATUS status;
struct epm_Lookup r;
struct GUID uuid;
struct rpc_if_id_t iface;
struct policy_handle handle;
uint32_t num_ents;
ZERO_STRUCT(handle);
r.in.inquiry_type = 0;
r.in.object = &uuid;
r.in.interface_id = &iface;
r.in.vers_option = 0;
r.in.entry_handle = &handle;
r.out.entry_handle = &handle;
r.in.max_ents = 10;
r.out.num_ents = &num_ents;
do {
int i;
ZERO_STRUCT(uuid);
ZERO_STRUCT(iface);
status = dcerpc_epm_Lookup(p, tctx, &r);
if (!NT_STATUS_IS_OK(status) || r.out.result != 0) {
break;
}
printf("epm_Lookup returned %d events GUID %s\n",
*r.out.num_ents, GUID_string(tctx, &handle.uuid));
for (i=0;i<*r.out.num_ents;i++) {
printf("\nFound '%s'\n", r.out.entries[i].annotation);
display_tower(tctx, &r.out.entries[i].tower->tower);
if (r.out.entries[i].tower->tower.num_floors == 5) {
test_Map(p, tctx, r.out.entries[i].tower);
}
}
} while (NT_STATUS_IS_OK(status) &&
r.out.result == 0 &&
*r.out.num_ents == r.in.max_ents &&
!policy_handle_empty(&handle));
torture_assert_ntstatus_ok(tctx, status, "Lookup failed");
return true;
}
/**
find an internal handle given a wire handle. If the wire handle is NULL then
allocate a new handle
*/
_PUBLIC_ struct dcesrv_handle *dcesrv_handle_fetch(
struct dcesrv_connection_context *context,
struct policy_handle *p,
uint8_t handle_type)
{
struct dcesrv_handle *h;
struct dom_sid *sid;
sid = context->conn->auth_state.session_info->security_token->user_sid;
if (policy_handle_empty(p)) {
/* TODO: we should probably return a NULL handle here */
return dcesrv_handle_new(context, handle_type);
}
for (h=context->assoc_group->handles; h; h=h->next) {
if (h->wire_handle.handle_type == p->handle_type &&
GUID_equal(&p->uuid, &h->wire_handle.uuid)) {
if (handle_type != DCESRV_HANDLE_ANY &&
p->handle_type != handle_type) {
DEBUG(0,("client gave us the wrong handle type (%d should be %d)\n",
p->handle_type, handle_type));
return NULL;
}
if (!dom_sid_equal(h->sid, sid)) {
DEBUG(0,(__location__ ": Attempt to use invalid sid %s - %s\n",
dom_sid_string(context, h->sid),
dom_sid_string(context, sid)));
return NULL;
}
if (h->iface != context->iface) {
DEBUG(0,(__location__ ": Attempt to use invalid iface\n"));
return NULL;
}
return h;
}
}
return NULL;
}
