r9888: add IDL for lsa_QueryDomainInformationPolicy to query Kerberos Settings.

Guenther

3 files changed, 73 insertions, 5 deletions

diff --git a/source/librpc/idl/lsa.idl b/source/librpc/idl/lsa.idl
index 83251b37db8..0927e6ef85f 100644
--- a/source/librpc/idl/lsa.idl
+++ b/source/librpc/idl/lsa.idl
@@ -738,10 +738,45 @@
 	NTSTATUS lsa_CloseTrustedDomainEx();
 
 	/* Function 0x35 */
-	NTSTATUS lsa_QueryDomainInformationPolicy();
+
+	/* w2k3 returns either 0x000bbbd000000000 or 0x000a48e800000000 
+	   for unknown6 - gd */
+	typedef struct {
+		uint32 enforce_restrictions;
+		hyper service_tkt_lifetime;
+		hyper user_tkt_lifetime;
+		hyper user_tkt_renewaltime;
+		hyper clock_skew;
+		hyper unknown6;
+	} lsa_DomainInfoKerberos;
+
+	typedef struct {
+		uint32 blob_size;
+		[size_is(blob_size)] uint8 *efs_blob;
+	} lsa_DomainInfoEfs;
+
+	typedef enum {
+		LSA_DOMAIN_INFO_POLICY_EFS=2,
+		LSA_DOMAIN_INFO_POLICY_KERBEROS=3
+	} lsa_DomainInfoEnum;
+
+	typedef [switch_type(uint16)] union {
+		[case(LSA_DOMAIN_INFO_POLICY_EFS)]	lsa_DomainInfoEfs	efs_info;
+		[case(LSA_DOMAIN_INFO_POLICY_KERBEROS)]	lsa_DomainInfoKerberos	kerberos_info;
+	} lsa_DomainInformationPolicy;
+
+	NTSTATUS lsa_QueryDomainInformationPolicy(
+		[in,ref]		policy_handle *handle,
+		[in] 			uint16 level,
+		[out,switch_is(level)]	lsa_DomainInformationPolicy *info
+		);
 
 	/* Function 0x36 */
-	NTSTATUS lsa_SetDomInfoPolicy();
+	NTSTATUS lsa_SetDomainInformationPolicy(
+		[in,ref]		policy_handle *handle,
+		[in] 			uint16 level,
+		[in,switch_is(level)]	lsa_DomainInformationPolicy *info
+		);
 
 	/**********************/
 	/* Function 0x37 */
diff --git a/source/rpc_server/lsa/dcesrv_lsa.c b/source/rpc_server/lsa/dcesrv_lsa.c
index b976330bee9..55fc9920809 100644
--- a/source/rpc_server/lsa/dcesrv_lsa.c
+++ b/source/rpc_server/lsa/dcesrv_lsa.c
@@ -2479,9 +2479,9 @@ static NTSTATUS lsa_QueryDomainInformationPolicy(struct dcesrv_call_state *dce_c
 /*
   lsa_SetDomInfoPolicy
 */
-static NTSTATUS lsa_SetDomInfoPolicy(struct dcesrv_call_state *dce_call,
-				     TALLOC_CTX *mem_ctx,
-				     struct lsa_SetDomInfoPolicy *r)
+static NTSTATUS lsa_SetDomainInformationPolicy(struct dcesrv_call_state *dce_call,
+					      TALLOC_CTX *mem_ctx,
+					      struct lsa_SetDomainInformationPolicy *r)
 {
 	DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
 }
diff --git a/source/torture/rpc/lsa.c b/source/torture/rpc/lsa.c
index f723f68a022..7630056503c 100644
--- a/source/torture/rpc/lsa.c
+++ b/source/torture/rpc/lsa.c
@@ -1477,6 +1477,35 @@ static BOOL test_CreateTrustedDomain(struct dcerpc_pipe *p,
 	return ret;
 }
 
+static BOOL test_QueryDomainInfoPolicy(struct dcerpc_pipe *p, 
+				 TALLOC_CTX *mem_ctx, 
+				 struct policy_handle *handle)
+{
+	struct lsa_QueryDomainInformationPolicy r;
+	NTSTATUS status;
+	int i;
+	BOOL ret = True;
+	printf("\nTesting QueryDomainInformationPolicy\n");
+
+	for (i=2;i<4;i++) {
+		r.in.handle = handle;
+		r.in.level = i;
+
+		printf("\ntrying QueryDomainInformationPolicy level %d\n", i);
+
+		status = dcerpc_lsa_QueryDomainInformationPolicy(p, mem_ctx, &r);
+
+		if (!NT_STATUS_IS_OK(status)) {
+			printf("QueryDomainInformationPolicy failed - %s\n", nt_errstr(status));
+			ret = False;
+			continue;
+		}
+	}
+
+	return ret;
+}
+
+
 static BOOL test_QueryInfoPolicy(struct dcerpc_pipe *p, 
 				 TALLOC_CTX *mem_ctx, 
 				 struct policy_handle *handle)
@@ -1630,6 +1659,10 @@ BOOL torture_rpc_lsa(void)
 		ret = False;
 	}
 
+	if (!test_QueryDomainInfoPolicy(p, mem_ctx, &handle)) {
+		ret = False;
+	}
+
 	if (!test_many_LookupSids(p, mem_ctx, &handle)) {
 		ret = False;
 	}