From 148499cb62acddd07f60102f8c99c38eb6fb5554 Mon Sep 17 00:00:00 2001 From: Gregor Beck Date: Wed, 31 Jul 2013 15:28:51 +0200 Subject: [PATCH 01/67] security.idl: add new security_secinfo bits [MS-DTYP].pdf 2.4.7 Signed-off-by: Gregor Beck Reviewed-by: Stefan Metzmacher Reviewed-by: Jeremy Allison --- librpc/idl/security.idl | 3 +++ 1 file changed, 3 insertions(+) diff --git a/librpc/idl/security.idl b/librpc/idl/security.idl index 00bb6e6..381d6e5 100644 --- a/librpc/idl/security.idl +++ b/librpc/idl/security.idl @@ -621,6 +621,9 @@ interface security SECINFO_DACL = 0x00000004, SECINFO_SACL = 0x00000008, SECINFO_LABEL = 0x00000010, + SECINFO_ATTRIBUTE = 0x00000020, + SECINFO_SCOPE = 0x00000040, + SECINFO_BACKUP = 0x00010000, SECINFO_UNPROTECTED_SACL = 0x10000000, SECINFO_UNPROTECTED_DACL = 0x20000000, SECINFO_PROTECTED_SACL = 0x40000000, -- 1.8.1.2 From f556e71db74e695349c03bf82f68ea6e700eae03 Mon Sep 17 00:00:00 2001 From: Gregor Beck Date: Thu, 1 Aug 2013 14:16:24 +0200 Subject: [PATCH 02/67] Fix bug 9678 - Windows 8 Roaming profiles fail Windows 8 tries to set 'ATTRIBUTE_SECURITY_INFORMATION' on some dirs. Ignoring it makes roaming profiles work again. Just like w2k3 gracefully ignore all the other bits. Signed-off-by: Gregor Beck Reviewed-by: Stefan Metzmacher Reviewed-by: Jeremy Allison Autobuild-User(master): Jeremy Allison Autobuild-Date(master): Thu Aug 1 20:58:25 CEST 2013 on sn-devel-104 --- source3/smbd/nttrans.c | 9 ++------- 1 file changed, 2 insertions(+), 7 deletions(-) diff --git a/source3/smbd/nttrans.c b/source3/smbd/nttrans.c index c8116b0..800e2fd 100644 --- a/source3/smbd/nttrans.c +++ b/source3/smbd/nttrans.c @@ -891,13 +891,8 @@ NTSTATUS set_sd(files_struct *fsp, struct security_descriptor *psd, /* Ensure we have at least one thing set. */ if ((security_info_sent & (SECINFO_OWNER|SECINFO_GROUP|SECINFO_DACL|SECINFO_SACL)) == 0) { - if (security_info_sent & SECINFO_LABEL) { - /* Only consider SECINFO_LABEL if no other - bits are set. Just like W2K3 we don't - store this. */ - return NT_STATUS_OK; - } - return NT_STATUS_INVALID_PARAMETER; + /* Just like W2K3 */ + return NT_STATUS_OK; } /* Ensure we have the rights to do this. */ -- 1.8.1.2 From ba40d0d9d320e500621a6a8107a2ef0a34aeb6ba Mon Sep 17 00:00:00 2001 From: Christian Ambach Date: Thu, 20 Jun 2013 18:27:13 +0200 Subject: [PATCH 03/67] s3:lib/system fix build on AIX 7 AIX uses struct stat64 with struct timespec64, so direct assignment does not work any more. Pair-Programmed-With: Volker Lendecke Signed-off-by: Christian Ambach Autobuild-User(master): Volker Lendecke Autobuild-Date(master): Fri Aug 2 09:47:43 CEST 2013 on sn-devel-104 --- source3/lib/system.c | 15 ++++++++++++--- 1 file changed, 12 insertions(+), 3 deletions(-) diff --git a/source3/lib/system.c b/source3/lib/system.c index 8dbf7dc..8252e4f 100644 --- a/source3/lib/system.c +++ b/source3/lib/system.c @@ -228,7 +228,10 @@ static struct timespec get_atimespec(const struct stat *pst) return ret; #else #if defined(HAVE_STRUCT_STAT_ST_MTIM_TV_NSEC) - return pst->st_atim; + struct timespec ret; + ret.tv_sec = pst->st_atim.tv_sec; + ret.tv_nsec = pst->st_atim.tv_nsec; + return ret; #elif defined(HAVE_STRUCT_STAT_ST_MTIMENSEC) struct timespec ret; ret.tv_sec = pst->st_atime; @@ -263,7 +266,10 @@ static struct timespec get_mtimespec(const struct stat *pst) return ret; #else #if defined(HAVE_STRUCT_STAT_ST_MTIM_TV_NSEC) - return pst->st_mtim; + struct timespec ret; + ret.tv_sec = pst->st_mtim.tv_sec; + ret.tv_nsec = pst->st_mtim.tv_nsec; + return ret; #elif defined(HAVE_STRUCT_STAT_ST_MTIMENSEC) struct timespec ret; ret.tv_sec = pst->st_mtime; @@ -298,7 +304,10 @@ static struct timespec get_ctimespec(const struct stat *pst) return ret; #else #if defined(HAVE_STRUCT_STAT_ST_MTIM_TV_NSEC) - return pst->st_ctim; + struct timespec ret; + ret.tv_sec = pst->st_ctim.tv_sec; + ret.tv_nsec = pst->st_ctim.tv_nsec; + return ret; #elif defined(HAVE_STRUCT_STAT_ST_MTIMENSEC) struct timespec ret; ret.tv_sec = pst->st_ctime; -- 1.8.1.2 From 859182da6d06be0e9d37d7ed3448efc3dc78bdb2 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Tue, 30 Jul 2013 10:40:39 +1200 Subject: [PATCH 04/67] dfs_server: Use dsdb_search_one to catch 0 results as well as NO_SUCH_OBJECT errors This ensures we do not de-reference an invalid rs->msgs pointer if the pointed-to object was not objectclass=computer Andrew Bartlett Bug: https://bugzilla.samba.org/show_bug.cgi?id=10052 Signed-off-by: Andrew Bartlett Reviewed-by: Stefan Metzmacher Autobuild-User(master): Stefan Metzmacher Autobuild-Date(master): Fri Aug 2 13:11:20 CEST 2013 on sn-devel-104 --- dfs_server/dfs_server_ad.c | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/dfs_server/dfs_server_ad.c b/dfs_server/dfs_server_ad.c index 249a1d1..062eb49 100644 --- a/dfs_server/dfs_server_ad.c +++ b/dfs_server/dfs_server_ad.c @@ -206,14 +206,14 @@ static NTSTATUS get_dcs_insite(TALLOC_CTX *ctx, struct ldb_context *ldb, for (i = 0; icount; i++) { struct ldb_dn *dn; - struct ldb_result *r2; + struct ldb_message *msg; dn = ldb_msg_find_attr_as_dn(ldb, ctx, r->msgs[i], "serverReference"); if (!dn) { return NT_STATUS_INTERNAL_ERROR; } - ret = ldb_search(ldb, r, &r2, dn, LDB_SCOPE_BASE, attrs2, "(objectClass=computer)"); + ret = dsdb_search_one(ldb, r, &msg, dn, LDB_SCOPE_BASE, attrs2, 0, "(objectClass=computer)"); if (ret != LDB_SUCCESS) { DEBUG(2,(__location__ ": Search for computer on %s failed - %s\n", ldb_dn_get_linearized(dn), ldb_errstring(ldb))); @@ -221,7 +221,7 @@ static NTSTATUS get_dcs_insite(TALLOC_CTX *ctx, struct ldb_context *ldb, } if (dofqdn) { - const char *dns = ldb_msg_find_attr_as_string(r2->msgs[0], "dNSHostName", NULL); + const char *dns = ldb_msg_find_attr_as_string(msg, "dNSHostName", NULL); if (dns == NULL) { DEBUG(2,(__location__ ": dNSHostName missing on %s\n", ldb_dn_get_linearized(dn))); @@ -233,7 +233,7 @@ static NTSTATUS get_dcs_insite(TALLOC_CTX *ctx, struct ldb_context *ldb, NT_STATUS_HAVE_NO_MEMORY_AND_FREE(list->names[list->count], r); } else { char *tmp; - const char *aname = ldb_msg_find_attr_as_string(r2->msgs[0], "sAMAccountName", NULL); + const char *aname = ldb_msg_find_attr_as_string(msg, "sAMAccountName", NULL); if (aname == NULL) { DEBUG(2,(__location__ ": sAMAccountName missing on %s\n", ldb_dn_get_linearized(dn))); @@ -250,7 +250,7 @@ static NTSTATUS get_dcs_insite(TALLOC_CTX *ctx, struct ldb_context *ldb, list->names[list->count] = tmp; } list->count++; - talloc_free(r2); + talloc_free(msg); } talloc_free(r); -- 1.8.1.2 From 852c9ac34dbef66d0b2619554c611157c2fab771 Mon Sep 17 00:00:00 2001 From: Richard Sharpe Date: Mon, 22 Jul 2013 16:04:43 -0700 Subject: [PATCH 05/67] There are tests all over the SMB1 code to check that srv_send_smb fails, but it never returns false. Even if the write to the socket/fd fails, we never return false and will keep reading stuff off of the input buffer until it is exhausted and then we will exit. Signed-off-by: Richard Sharpe Reviewed-by: Jeremy Allison Autobuild-User(master): Richard Sharpe Autobuild-Date(master): Sat Aug 3 17:41:22 CEST 2013 on sn-devel-104 --- source3/smbd/process.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/source3/smbd/process.c b/source3/smbd/process.c index 5ef0fd3..3fbfc37 100644 --- a/source3/smbd/process.c +++ b/source3/smbd/process.c @@ -194,7 +194,7 @@ out: SMB_PERFCOUNT_END(pcd); smbd_unlock_socket(sconn); - return true; + return (ret > 0); } /******************************************************************* -- 1.8.1.2 From b35a27b77954992fc1e6db446bbfa6cfbb7547a1 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Fri, 2 Aug 2013 17:05:58 -0700 Subject: [PATCH 06/67] Ensure we can never integer wrap when working on client-supplied max_data_bytes. This would only be possible with SMB2, and is already checked in the upper SMB2 layers, but it really doesn't hurt to have these extra checks at time of use also. Signed-off-by: Jeremy Allison Reviewed-by: David Disseldorp Autobuild-User(master): David Disseldorp Autobuild-Date(master): Sun Aug 4 16:54:04 CEST 2013 on sn-devel-104 --- source3/smbd/trans2.c | 22 ++++++++++++++++++++++ 1 file changed, 22 insertions(+) diff --git a/source3/smbd/trans2.c b/source3/smbd/trans2.c index a216f15..f769104 100644 --- a/source3/smbd/trans2.c +++ b/source3/smbd/trans2.c @@ -2564,6 +2564,11 @@ total_data=%u (should be %u)\n", (unsigned int)total_data, (unsigned int)IVAL(pd } } + if (max_data_bytes + DIR_ENTRY_SAFETY_MARGIN < max_data_bytes) { + reply_nterror(req, NT_STATUS_INVALID_PARAMETER); + goto out; + } + *ppdata = (char *)SMB_REALLOC( *ppdata, max_data_bytes + DIR_ENTRY_SAFETY_MARGIN); if(*ppdata == NULL ) { @@ -2893,6 +2898,11 @@ total_data=%u (should be %u)\n", (unsigned int)total_data, (unsigned int)IVAL(pd } } + if (max_data_bytes + DIR_ENTRY_SAFETY_MARGIN < max_data_bytes) { + reply_nterror(req, NT_STATUS_INVALID_PARAMETER); + return; + } + *ppdata = (char *)SMB_REALLOC( *ppdata, max_data_bytes + DIR_ENTRY_SAFETY_MARGIN); if(*ppdata == NULL) { @@ -3150,6 +3160,10 @@ NTSTATUS smbd_do_qfsinfo(connection_struct *conn, st = smb_fname.st; + if (max_data_bytes + DIR_ENTRY_SAFETY_MARGIN < max_data_bytes) { + return NT_STATUS_INVALID_PARAMETER; + } + *ppdata = (char *)SMB_REALLOC( *ppdata, max_data_bytes + DIR_ENTRY_SAFETY_MARGIN); if (*ppdata == NULL) { @@ -4368,6 +4382,10 @@ static void call_trans2qpipeinfo(connection_struct *conn, } params = *pparams; SSVAL(params,0,0); + if (max_data_bytes + DIR_ENTRY_SAFETY_MARGIN < max_data_bytes) { + reply_nterror(req, NT_STATUS_INVALID_PARAMETER); + return; + } data_size = max_data_bytes + DIR_ENTRY_SAFETY_MARGIN; *ppdata = (char *)SMB_REALLOC(*ppdata, data_size); if (*ppdata == NULL ) { @@ -4449,6 +4467,10 @@ NTSTATUS smbd_do_qfilepathinfo(connection_struct *conn, nlink -= 1; } + if (max_data_bytes + DIR_ENTRY_SAFETY_MARGIN < max_data_bytes) { + return NT_STATUS_INVALID_PARAMETER; + } + data_size = max_data_bytes + DIR_ENTRY_SAFETY_MARGIN; *ppdata = (char *)SMB_REALLOC(*ppdata, data_size); if (*ppdata == NULL) { -- 1.8.1.2 From cae48e9a36d7e37ec18791439b30a876bde0c775 Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Tue, 23 Jul 2013 10:08:38 +0200 Subject: [PATCH 07/67] tevent: Add echo server sample code This is under a deliberately permissive license. I would like people to start using libtevent and tevent_req (LGPL) without any worries about where to start from. Signed-off-by: Volker Lendecke Reviewed-by: Amitay Isaacs Autobuild-User(master): Amitay Isaacs Autobuild-Date(master): Mon Aug 5 04:07:58 CEST 2013 on sn-devel-104 --- lib/tevent/echo_server.c | 664 +++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 664 insertions(+) create mode 100644 lib/tevent/echo_server.c diff --git a/lib/tevent/echo_server.c b/lib/tevent/echo_server.c new file mode 100644 index 0000000..a1da0d8 --- /dev/null +++ b/lib/tevent/echo_server.c @@ -0,0 +1,664 @@ +/** + ** NOTE! The following liberal license applies to this sample file only. + ** This does NOT imply that all of Samba is released under this license. + ** + ** This file is meant as a starting point for libtevent users to be used + ** in any program linking against the LGPL licensed libtevent. + **/ + +/* + * This file is being made available by the Samba Team under the following + * license: + * + * Permission to use, copy, modify, and distribute this sample file for any + * purpose is hereby granted without fee. + * + * This work is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. + */ + +#include +#include +#include +#include +#include +#include +#include +#include +#include "tevent.h" +#include "talloc.h" + +/** + * @brief Helper function to get a useful unix error from tevent_req + */ + +static bool tevent_req_is_unix_error(struct tevent_req *req, int *perrno) +{ + enum tevent_req_state state; + uint64_t err; + + if (!tevent_req_is_error(req, &state, &err)) { + return false; + } + switch (state) { + case TEVENT_REQ_TIMED_OUT: + *perrno = ETIMEDOUT; + break; + case TEVENT_REQ_NO_MEMORY: + *perrno = ENOMEM; + break; + case TEVENT_REQ_USER_ERROR: + *perrno = err; + break; + default: + *perrno = EINVAL; + break; + } + return true; +} + +/** + * @brief Wrapper around accept(2) + */ + +struct accept_state { + struct tevent_fd *fde; + int listen_sock; + socklen_t addrlen; + struct sockaddr addr; + int sock; +}; + +static void accept_handler(struct tevent_context *ev, struct tevent_fd *fde, + uint16_t flags, void *private_data); + +static struct tevent_req *accept_send(TALLOC_CTX *mem_ctx, + struct tevent_context *ev, + int listen_sock) +{ + struct tevent_req *req; + struct accept_state *state; + + req = tevent_req_create(mem_ctx, &state, struct accept_state); + if (req == NULL) { + return NULL; + } + + state->listen_sock = listen_sock; + + state->fde = tevent_add_fd(ev, state, listen_sock, TEVENT_FD_READ, + accept_handler, req); + if (tevent_req_nomem(state->fde, req)) { + return tevent_req_post(req, ev); + } + return req; +} + +static void accept_handler(struct tevent_context *ev, struct tevent_fd *fde, + uint16_t flags, void *private_data) +{ + struct tevent_req *req = talloc_get_type_abort( + private_data, struct tevent_req); + struct accept_state *state = tevent_req_data(req, struct accept_state); + int ret; + + TALLOC_FREE(state->fde); + + if ((flags & TEVENT_FD_READ) == 0) { + tevent_req_error(req, EIO); + return; + } + state->addrlen = sizeof(state->addr); + + ret = accept(state->listen_sock, &state->addr, &state->addrlen); + if (ret == -1) { + tevent_req_error(req, errno); + return; + } + state->sock = ret; + tevent_req_done(req); +} + +static int accept_recv(struct tevent_req *req, struct sockaddr *paddr, + socklen_t *paddrlen, int *perr) +{ + struct accept_state *state = tevent_req_data(req, struct accept_state); + int err; + + if (tevent_req_is_unix_error(req, &err)) { + if (perr != NULL) { + *perr = err; + } + return -1; + } + if (paddr != NULL) { + *paddr = state->addr; + } + if (paddrlen != NULL) { + *paddrlen = state->addrlen; + } + return state->sock; +} + +/** + * @brief Wrapper around read(2) + */ + +struct read_state { + struct tevent_fd *fde; + int fd; + void *buf; + size_t count; + + ssize_t nread; +}; + +static void read_handler(struct tevent_context *ev, struct tevent_fd *fde, + uint16_t flags, void *private_data); + +static struct tevent_req *read_send(TALLOC_CTX *mem_ctx, + struct tevent_context *ev, + int fd, void *buf, size_t count) +{ + struct tevent_req *req; + struct read_state *state; + + req = tevent_req_create(mem_ctx, &state, struct read_state); + if (req == NULL) { + return NULL; + } + + state->fd = fd; + state->buf = buf; + state->count = count; + + state->fde = tevent_add_fd(ev, state, fd, TEVENT_FD_READ, + read_handler, req); + if (tevent_req_nomem(state->fde, req)) { + return tevent_req_post(req, ev); + } + return req; +} + +static void read_handler(struct tevent_context *ev, struct tevent_fd *fde, + uint16_t flags, void *private_data) +{ + struct tevent_req *req = talloc_get_type_abort( + private_data, struct tevent_req); + struct read_state *state = tevent_req_data(req, struct read_state); + ssize_t ret; + + TALLOC_FREE(state->fde); + + if ((flags & TEVENT_FD_READ) == 0) { + tevent_req_error(req, EIO); + return; + } + + ret = read(state->fd, state->buf, state->count); + if (ret == -1) { + tevent_req_error(req, errno); + return; + } + state->nread = ret; + tevent_req_done(req); +} + +static ssize_t read_recv(struct tevent_req *req, int *perr) +{ + struct read_state *state = tevent_req_data(req, struct read_state); + int err; + + if (tevent_req_is_unix_error(req, &err)) { + if (perr != NULL) { + *perr = err; + } + return -1; + } + return state->nread; +} + +/** + * @brief Wrapper around write(2) + */ + +struct write_state { + struct tevent_fd *fde; + int fd; + const void *buf; + size_t count; + + ssize_t nwritten; +}; + +static void write_handler(struct tevent_context *ev, struct tevent_fd *fde, + uint16_t flags, void *private_data); + +static struct tevent_req *write_send(TALLOC_CTX *mem_ctx, + struct tevent_context *ev, + int fd, const void *buf, size_t count) +{ + struct tevent_req *req; + struct write_state *state; + + req = tevent_req_create(mem_ctx, &state, struct write_state); + if (req == NULL) { + return NULL; + } + + state->fd = fd; + state->buf = buf; + state->count = count; + + state->fde = tevent_add_fd(ev, state, fd, TEVENT_FD_WRITE, + write_handler, req); + if (tevent_req_nomem(state->fde, req)) { + return tevent_req_post(req, ev); + } + return req; +} + +static void write_handler(struct tevent_context *ev, struct tevent_fd *fde, + uint16_t flags, void *private_data) +{ + struct tevent_req *req = talloc_get_type_abort( + private_data, struct tevent_req); + struct write_state *state = tevent_req_data(req, struct write_state); + ssize_t ret; + + TALLOC_FREE(state->fde); + + if ((flags & TEVENT_FD_WRITE) == 0) { + tevent_req_error(req, EIO); + return; + } + + ret = write(state->fd, state->buf, state->count); + if (ret == -1) { + tevent_req_error(req, errno); + return; + } + state->nwritten = ret; + tevent_req_done(req); +} + +static ssize_t write_recv(struct tevent_req *req, int *perr) +{ + struct write_state *state = tevent_req_data(req, struct write_state); + int err; + + if (tevent_req_is_unix_error(req, &err)) { + if (perr != NULL) { + *perr = err; + } + return -1; + } + return state->nwritten; +} + +/** + * @brief Wrapper function that deals with short writes + */ + +struct writeall_state { + struct tevent_context *ev; + int fd; + const void *buf; + size_t count; + size_t nwritten; +}; + +static void writeall_done(struct tevent_req *subreq); + +static struct tevent_req *writeall_send(TALLOC_CTX *mem_ctx, + struct tevent_context *ev, + int fd, const void *buf, size_t count) +{ + struct tevent_req *req, *subreq; + struct writeall_state *state; + + req = tevent_req_create(mem_ctx, &state, struct writeall_state); + if (req == NULL) { + return NULL; + } + state->ev = ev; + state->fd = fd; + state->buf = buf; + state->count = count; + state->nwritten = 0; + + subreq = write_send(state, state->ev, state->fd, + ((char *)state->buf)+state->nwritten, + state->count - state->nwritten); + if (tevent_req_nomem(subreq, req)) { + return tevent_req_post(req, ev); + } + tevent_req_set_callback(subreq, writeall_done, req); + return req; +} + +static void writeall_done(struct tevent_req *subreq) +{ + struct tevent_req *req = tevent_req_callback_data( + subreq, struct tevent_req); + struct writeall_state *state = tevent_req_data( + req, struct writeall_state); + ssize_t nwritten; + int err = 0; + + nwritten = write_recv(subreq, &err); + TALLOC_FREE(subreq); + if (nwritten == -1) { + tevent_req_error(req, err); + return; + } + + state->nwritten += nwritten; + + if (state->nwritten < state->count) { + subreq = write_send(state, state->ev, state->fd, + ((char *)state->buf)+state->nwritten, + state->count - state->nwritten); + if (tevent_req_nomem(subreq, req)) { + return; + } + tevent_req_set_callback(subreq, writeall_done, req); + return; + } + tevent_req_done(req); +} + +static ssize_t writeall_recv(struct tevent_req *req, int *perr) +{ + struct writeall_state *state = tevent_req_data( + req, struct writeall_state); + int err; + + if (tevent_req_is_unix_error(req, &err)) { + if (perr != NULL) { + *perr = err; + } + return -1; + } + return state->nwritten; +} + +/** + * @brief Async echo handler code dealing with one client + */ + +struct echo_state { + struct tevent_context *ev; + int fd; + uint8_t *buf; +}; + +static int echo_state_destructor(struct echo_state *s); +static void echo_read_done(struct tevent_req *subreq); +static void echo_writeall_done(struct tevent_req *subreq); + +static struct tevent_req *echo_send(TALLOC_CTX *mem_ctx, + struct tevent_context *ev, + int fd, size_t bufsize) +{ + struct tevent_req *req, *subreq; + struct echo_state *state; + + req = tevent_req_create(mem_ctx, &state, struct echo_state); + if (req == NULL) { + return NULL; + } + state->ev = ev; + state->fd = fd; + + talloc_set_destructor(state, echo_state_destructor); + + state->buf = talloc_array(state, uint8_t, bufsize); + if (tevent_req_nomem(state->buf, req)) { + return tevent_req_post(req, ev); + } + + subreq = read_send(state, state->ev, state->fd, + state->buf, talloc_get_size(state->buf)); + if (tevent_req_nomem(subreq, req)) { + return tevent_req_post(req, ev); + } + tevent_req_set_callback(subreq, echo_read_done, req); + return req; +} + +static int echo_state_destructor(struct echo_state *s) +{ + if (s->fd != -1) { + printf("Closing client fd %d\n", s->fd); + close(s->fd); + s->fd = -1; + } + return 0; +} + +static void echo_read_done(struct tevent_req *subreq) +{ + struct tevent_req *req = tevent_req_callback_data( + subreq, struct tevent_req); + struct echo_state *state = tevent_req_data( + req, struct echo_state); + ssize_t nread; + int err; + + nread = read_recv(subreq, &err); + TALLOC_FREE(subreq); + if (nread == -1) { + tevent_req_error(req, err); + return; + } + if (nread == 0) { + tevent_req_done(req); + return; + } + + subreq = writeall_send(state, state->ev, state->fd, state->buf, nread); + if (tevent_req_nomem(subreq, req)) { + return; + } + tevent_req_set_callback(subreq, echo_writeall_done, req); +} + +static void echo_writeall_done(struct tevent_req *subreq) +{ + struct tevent_req *req = tevent_req_callback_data( + subreq, struct tevent_req); + struct echo_state *state = tevent_req_data( + req, struct echo_state); + ssize_t nwritten; + int err; + + nwritten = writeall_recv(subreq, &err); + TALLOC_FREE(subreq); + if (nwritten == -1) { + if (err == EPIPE) { + tevent_req_done(req); + return; + } + tevent_req_error(req, err); + return; + } + + subreq = read_send(state, state->ev, state->fd, + state->buf, talloc_get_size(state->buf)); + if (tevent_req_nomem(subreq, req)) { + return; + } + tevent_req_set_callback(subreq, echo_read_done, req); +} + +static bool echo_recv(struct tevent_req *req, int *perr) +{ + int err; + + if (tevent_req_is_unix_error(req, &err)) { + *perr = err; + return false; + } + return true; +} + +/** + * @brief Full echo handler code accepting and handling clients + */ + +struct echo_server_state { + struct tevent_context *ev; + int listen_sock; +}; + +static void echo_server_accepted(struct tevent_req *subreq); +static void echo_server_client_done(struct tevent_req *subreq); + +static struct tevent_req *echo_server_send(TALLOC_CTX *mem_ctx, + struct tevent_context *ev, + int listen_sock) +{ + struct tevent_req *req, *subreq; + struct echo_server_state *state; + + req = tevent_req_create(mem_ctx, &state, + struct echo_server_state); + if (req == NULL) { + return NULL; + } + state->ev = ev; + state->listen_sock = listen_sock; + + subreq = accept_send(state, state->ev, state->listen_sock); + if (tevent_req_nomem(subreq, req)) { + return tevent_req_post(req, ev); + } + tevent_req_set_callback(subreq, echo_server_accepted, req); + return req; +} + +static void echo_server_accepted(struct tevent_req *subreq) +{ + struct tevent_req *req = tevent_req_callback_data( + subreq, struct tevent_req); + struct echo_server_state *state = tevent_req_data( + req, struct echo_server_state); + int sock, err; + + sock = accept_recv(subreq, NULL, NULL, &err); + TALLOC_FREE(subreq); + if (sock == -1) { + tevent_req_error(req, err); + return; + } + + printf("new client fd %d\n", sock); + + subreq = echo_send(state, state->ev, sock, 100); + if (tevent_req_nomem(subreq, req)) { + return; + } + tevent_req_set_callback(subreq, echo_server_client_done, req); + + subreq = accept_send(state, state->ev, state->listen_sock); + if (tevent_req_nomem(subreq, req)) { + return; + } + tevent_req_set_callback(subreq, echo_server_accepted, req); +} + +static void echo_server_client_done(struct tevent_req *subreq) +{ + bool ret; + int err; + + ret = echo_recv(subreq, &err); + TALLOC_FREE(subreq); + + if (ret) { + printf("Client done\n"); + } else { + printf("Client failed: %s\n", strerror(err)); + } +} + +static bool echo_server_recv(struct tevent_req *req, int *perr) +{ + int err; + + if (tevent_req_is_unix_error(req, &err)) { + *perr = err; + return false; + } + return true; +} + +int main(int argc, const char **argv) +{ + int ret, port, listen_sock, err; + struct tevent_context *ev; + struct sockaddr_in addr; + struct tevent_req *req; + bool result; + + if (argc != 2) { + fprintf(stderr, "Usage: %s \n", argv[0]); + exit(1); + } + + port = atoi(argv[1]); + + printf("listening on port %d\n", port); + + listen_sock = socket(AF_INET, SOCK_STREAM, 0); + + if (listen_sock == -1) { + perror("socket() failed"); + exit(1); + } + + memset(&addr, 0, sizeof(addr)); + + addr.sin_family = AF_INET; + addr.sin_port = htons(port); + + ret = bind(listen_sock, (struct sockaddr *)&addr, sizeof(addr)); + if (ret == -1) { + perror("bind() failed"); + exit(1); + } + + ret = listen(listen_sock, 5); + if (ret == -1) { + perror("listen() failed"); + exit(1); + } + + ev = tevent_context_init(NULL); + if (ev == NULL) { + fprintf(stderr, "tevent_context_init failed\n"); + exit(1); + } + + req = echo_server_send(ev, ev, listen_sock); + if (req == NULL) { + fprintf(stderr, "echo_server_send failed\n"); + exit(1); + } + + if (!tevent_req_poll(req, ev)) { + perror("tevent_req_poll() failed"); + exit(1); + } + + result = echo_server_recv(req, &err); + TALLOC_FREE(req); + if (!result) { + fprintf(stderr, "echo_server failed: %s\n", strerror(err)); + exit(1); + } + + return 0; +} -- 1.8.1.2 From 953502925863377b5e566edff4ac68c63e8d151f Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Wed, 31 Jul 2013 12:33:25 +0200 Subject: [PATCH 08/67] auth/credentials: remove pointless talloc_reference() from cli_credentials_get_unparsed_name() Signed-off-by: Stefan Metzmacher Reviewed-by: Andrew Bartlett --- auth/credentials/credentials.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/auth/credentials/credentials.c b/auth/credentials/credentials.c index e636123..e597809 100644 --- a/auth/credentials/credentials.c +++ b/auth/credentials/credentials.c @@ -669,7 +669,7 @@ _PUBLIC_ const char *cli_credentials_get_unparsed_name(struct cli_credentials *c const char *name; if (bind_dn) { - name = talloc_reference(mem_ctx, bind_dn); + name = talloc_strdup(mem_ctx, bind_dn); } else { cli_credentials_get_ntlm_username_domain(credentials, mem_ctx, &username, &domain); if (domain && domain[0]) { -- 1.8.1.2 From b8f09226458dc13cf901f481ede89d8a6bb94ba7 Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Wed, 31 Jul 2013 12:33:25 +0200 Subject: [PATCH 09/67] auth/credentials: remove pointless talloc_reference() from cli_credentials_get_principal_and_obtained() Signed-off-by: Stefan Metzmacher Reviewed-by: Andrew Bartlett --- auth/credentials/credentials.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/auth/credentials/credentials.c b/auth/credentials/credentials.c index e597809..7a4b081 100644 --- a/auth/credentials/credentials.c +++ b/auth/credentials/credentials.c @@ -267,7 +267,7 @@ _PUBLIC_ const char *cli_credentials_get_principal_and_obtained(struct cli_crede } } *obtained = cred->principal_obtained; - return talloc_reference(mem_ctx, cred->principal); + return talloc_strdup(mem_ctx, cred->principal); } /** -- 1.8.1.2 From 6ff6778bdc60f1cd4d52cba83bd47d3398fe5a20 Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Wed, 31 Jul 2013 12:52:17 +0200 Subject: [PATCH 10/67] auth/credentials: add cli_credentials_[set_]callback_data* Signed-off-by: Stefan Metzmacher Reviewed-by: Andrew Bartlett --- auth/credentials/credentials.c | 11 +++++++++++ auth/credentials/credentials.h | 8 ++++++++ 2 files changed, 19 insertions(+) diff --git a/auth/credentials/credentials.c b/auth/credentials/credentials.c index 7a4b081..e6a4710 100644 --- a/auth/credentials/credentials.c +++ b/auth/credentials/credentials.c @@ -114,6 +114,17 @@ _PUBLIC_ struct cli_credentials *cli_credentials_init(TALLOC_CTX *mem_ctx) return cred; } +_PUBLIC_ void cli_credentials_set_callback_data(struct cli_credentials *cred, + void *callback_data) +{ + cred->priv_data = callback_data; +} + +_PUBLIC_ void *_cli_credentials_callback_data(struct cli_credentials *cred) +{ + return cred->priv_data; +} + /** * Create a new anonymous credential * @param mem_ctx TALLOC_CTX parent for credentials structure diff --git a/auth/credentials/credentials.h b/auth/credentials/credentials.h index dbc014f..0f498ad 100644 --- a/auth/credentials/credentials.h +++ b/auth/credentials/credentials.h @@ -332,6 +332,14 @@ bool cli_credentials_set_realm_callback(struct cli_credentials *cred, bool cli_credentials_set_workstation_callback(struct cli_credentials *cred, const char *(*workstation_cb) (struct cli_credentials *)); +void cli_credentials_set_callback_data(struct cli_credentials *cred, + void *callback_data); +void *_cli_credentials_callback_data(struct cli_credentials *cred); +#define cli_credentials_callback_data(_cred, _type) \ + talloc_get_type_abort(_cli_credentials_callback_data(_cred), _type) +#define cli_credentials_callback_data_void(_cred) \ + _cli_credentials_callback_data(_cred) + /** * Return attached NETLOGON credentials */ -- 1.8.1.2 From b3cd44d50cff99fa77611679d68d2d57434fefa4 Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Wed, 31 Jul 2013 13:21:14 +0200 Subject: [PATCH 11/67] auth/credentials: add cli_credentials_shallow_copy() This is useful for testing. Signed-off-by: Stefan Metzmacher Reviewed-by: Andrew Bartlett --- auth/credentials/credentials.c | 15 +++++++++++++++ auth/credentials/credentials.h | 3 +++ 2 files changed, 18 insertions(+) diff --git a/auth/credentials/credentials.c b/auth/credentials/credentials.c index e6a4710..c1c6993 100644 --- a/auth/credentials/credentials.c +++ b/auth/credentials/credentials.c @@ -125,6 +125,21 @@ _PUBLIC_ void *_cli_credentials_callback_data(struct cli_credentials *cred) return cred->priv_data; } +_PUBLIC_ struct cli_credentials *cli_credentials_shallow_copy(TALLOC_CTX *mem_ctx, + struct cli_credentials *src) +{ + struct cli_credentials *dst; + + dst = talloc(mem_ctx, struct cli_credentials); + if (dst == NULL) { + return NULL; + } + + *dst = *src; + + return dst; +} + /** * Create a new anonymous credential * @param mem_ctx TALLOC_CTX parent for credentials structure diff --git a/auth/credentials/credentials.h b/auth/credentials/credentials.h index 0f498ad..1377bfa 100644 --- a/auth/credentials/credentials.h +++ b/auth/credentials/credentials.h @@ -340,6 +340,9 @@ void *_cli_credentials_callback_data(struct cli_credentials *cred); #define cli_credentials_callback_data_void(_cred) \ _cli_credentials_callback_data(_cred) +struct cli_credentials *cli_credentials_shallow_copy(TALLOC_CTX *mem_ctx, + struct cli_credentials *src); + /** * Return attached NETLOGON credentials */ -- 1.8.1.2 From cfeeb3ce3de5d1df07299fb83327ae258da0bf8d Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Wed, 31 Jul 2013 13:20:13 +0200 Subject: [PATCH 12/67] s3:ntlm_auth: remove pointless credentials->priv_data = NULL; Signed-off-by: Stefan Metzmacher Reviewed-by: Andrew Bartlett --- source3/utils/ntlm_auth.c | 1 - 1 file changed, 1 deletion(-) diff --git a/source3/utils/ntlm_auth.c b/source3/utils/ntlm_auth.c index 62cba62..8f51a1a 100644 --- a/source3/utils/ntlm_auth.c +++ b/source3/utils/ntlm_auth.c @@ -228,7 +228,6 @@ static const char *get_password(struct cli_credentials *credentials) /* Ask for a password */ x_fprintf(x_stdout, "PW\n"); - credentials->priv_data = NULL; manage_squid_request(NUM_HELPER_MODES /* bogus */, NULL, NULL, manage_gensec_get_pw_request, (void **)&password); talloc_steal(credentials, password); -- 1.8.1.2 From 36b3c9506c1ac5549a38140e7ffd57644290069f Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Wed, 31 Jul 2013 13:22:10 +0200 Subject: [PATCH 13/67] s4:torture/shell: simplify cli_credentials_set_password() call All we want is to avoid a possible callback... Signed-off-by: Stefan Metzmacher Reviewed-by: Andrew Bartlett --- source4/torture/shell.c | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/source4/torture/shell.c b/source4/torture/shell.c index d6cc94c..aa85da3 100644 --- a/source4/torture/shell.c +++ b/source4/torture/shell.c @@ -110,10 +110,7 @@ void torture_shell(struct torture_context *tctx) * stops the credentials system prompting when we use the "auth" * command to display the current auth parameters. */ - if (cmdline_credentials->password_obtained != CRED_SPECIFIED) { - cli_credentials_set_password(cmdline_credentials, "", - CRED_SPECIFIED); - } + cli_credentials_set_password(cmdline_credentials, "", CRED_GUESS_ENV); while (1) { cline = smb_readline("torture> ", NULL, NULL); -- 1.8.1.2 From d36fcaa5f3c4d1ad54d767f4a7c5fa6c8d69c00e Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Wed, 31 Jul 2013 13:23:08 +0200 Subject: [PATCH 14/67] s4:torture/gentest: make use of cli_credentials_get_username() Signed-off-by: Stefan Metzmacher Reviewed-by: Andrew Bartlett --- source4/torture/gentest.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/source4/torture/gentest.c b/source4/torture/gentest.c index f3c4c20..9e985ed 100644 --- a/source4/torture/gentest.c +++ b/source4/torture/gentest.c @@ -221,7 +221,8 @@ static bool connect_servers(struct tevent_context *ev, printf("Connecting to \\\\%s\\%s as %s - instance %d\n", servers[i].server_name, servers[i].share_name, - servers[i].credentials->username, j); + cli_credentials_get_username(servers[i].credentials), + j); cli_credentials_set_workstation(servers[i].credentials, "gentest", CRED_SPECIFIED); -- 1.8.1.2 From d47bf469b8a9064f4f7033918b1fe519adfa0c26 Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Wed, 31 Jul 2013 13:23:41 +0200 Subject: [PATCH 15/67] s4:torture/rpc: make use of cli_credentials_set_netlogon_creds() Signed-off-by: Stefan Metzmacher Reviewed-by: Andrew Bartlett --- source4/torture/rpc/schannel.c | 36 ++++++++++++++++-------------------- 1 file changed, 16 insertions(+), 20 deletions(-) diff --git a/source4/torture/rpc/schannel.c b/source4/torture/rpc/schannel.c index e0862d2..8203749 100644 --- a/source4/torture/rpc/schannel.c +++ b/source4/torture/rpc/schannel.c @@ -604,9 +604,9 @@ bool torture_rpc_schannel2(struct torture_context *torture) torture_assert(torture, join_ctx != NULL, "Failed to join domain with acct_flags=ACB_WSTRUST"); - credentials2 = (struct cli_credentials *)talloc_memdup(torture, credentials1, sizeof(*credentials1)); - credentials1->netlogon_creds = NULL; - credentials2->netlogon_creds = NULL; + credentials2 = cli_credentials_shallow_copy(torture, credentials1); + cli_credentials_set_netlogon_creds(credentials1, NULL); + cli_credentials_set_netlogon_creds(credentials2, NULL); status = dcerpc_parse_binding(torture, binding, &b); torture_assert_ntstatus_ok(torture, status, "Bad binding string"); @@ -624,8 +624,8 @@ bool torture_rpc_schannel2(struct torture_context *torture) credentials2, torture->ev, torture->lp_ctx); torture_assert_ntstatus_ok(torture, status, "Failed to connect with schannel"); - credentials1->netlogon_creds = NULL; - credentials2->netlogon_creds = NULL; + cli_credentials_set_netlogon_creds(credentials1, NULL); + cli_credentials_set_netlogon_creds(credentials2, NULL); torture_comment(torture, "Testing logon on pipe1\n"); if (!test_netlogon_ex_ops(p1, torture, credentials1, NULL)) @@ -827,16 +827,12 @@ bool torture_rpc_schannel_bench1(struct torture_context *torture) s->nprocs = torture_setting_int(torture, "nprocs", 4); s->conns = talloc_zero_array(s, struct torture_schannel_bench_conn, s->nprocs); - s->user1_creds = (struct cli_credentials *)talloc_memdup(s, - cmdline_credentials, - sizeof(*s->user1_creds)); + s->user1_creds = cli_credentials_shallow_copy(s, cmdline_credentials); tmp = torture_setting_string(s->tctx, "extra_user1", NULL); if (tmp) { cli_credentials_parse_string(s->user1_creds, tmp, CRED_SPECIFIED); } - s->user2_creds = (struct cli_credentials *)talloc_memdup(s, - cmdline_credentials, - sizeof(*s->user1_creds)); + s->user2_creds = cli_credentials_shallow_copy(s, cmdline_credentials); tmp = torture_setting_string(s->tctx, "extra_user2", NULL); if (tmp) { cli_credentials_parse_string(s->user1_creds, tmp, CRED_SPECIFIED); @@ -855,15 +851,16 @@ bool torture_rpc_schannel_bench1(struct torture_context *torture) cli_credentials_set_kerberos_state(s->wks_creds2, CRED_DONT_USE_KERBEROS); for (i=0; i < s->nprocs; i++) { - s->conns[i].s = s; - s->conns[i].index = i; - s->conns[i].wks_creds = (struct cli_credentials *)talloc_memdup( - s->conns, s->wks_creds1,sizeof(*s->wks_creds1)); + struct cli_credentials *wks = s->wks_creds1; + if ((i % 2) && (torture_setting_bool(torture, "multijoin", false))) { - memcpy(s->conns[i].wks_creds, s->wks_creds2, - talloc_get_size(s->conns[i].wks_creds)); + wks = s->wks_creds2; } - s->conns[i].wks_creds->netlogon_creds = NULL; + + s->conns[i].s = s; + s->conns[i].index = i; + s->conns[i].wks_creds = cli_credentials_shallow_copy(s->conns, wks); + cli_credentials_set_netlogon_creds(s->conns[i].wks_creds, NULL); } status = dcerpc_parse_binding(s, binding, &s->b); @@ -962,8 +959,7 @@ bool torture_rpc_schannel_bench1(struct torture_context *torture) /* Just as a test, connect with the new creds */ - talloc_free(s->wks_creds1->netlogon_creds); - s->wks_creds1->netlogon_creds = NULL; + cli_credentials_set_netlogon_creds(s->wks_creds1, NULL); status = dcerpc_pipe_connect_b(s, &net_pipe, s->b, &ndr_table_netlogon, -- 1.8.1.2 From bbd63dd8a17468d3e332969a30c06e2b2f1540fc Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Wed, 31 Jul 2013 13:24:21 +0200 Subject: [PATCH 16/67] s4:ntlm_auth: make use of cli_credentials_[set_]callback_data* Signed-off-by: Stefan Metzmacher Reviewed-by: Andrew Bartlett --- source4/utils/ntlm_auth.c | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/source4/utils/ntlm_auth.c b/source4/utils/ntlm_auth.c index c363c9d..136e238 100644 --- a/source4/utils/ntlm_auth.c +++ b/source4/utils/ntlm_auth.c @@ -299,10 +299,11 @@ static void manage_gensec_get_pw_request(enum stdio_helper_mode stdio_helper_mod static const char *get_password(struct cli_credentials *credentials) { char *password = NULL; - + void *cb = cli_credentials_callback_data_void(credentials); + /* Ask for a password */ - mux_printf((unsigned int)(uintptr_t)credentials->priv_data, "PW\n"); - credentials->priv_data = NULL; + mux_printf((unsigned int)(uintptr_t)cb, "PW\n"); + cli_credentials_set_callback_data(credentials, NULL); manage_squid_request(cmdline_lp_ctx, NUM_HELPER_MODES /* bogus */, manage_gensec_get_pw_request, (void **)&password); return password; @@ -505,8 +506,9 @@ static void manage_gensec_request(enum stdio_helper_mode stdio_helper_mode, if (state->set_password) { cli_credentials_set_password(creds, state->set_password, CRED_SPECIFIED); } else { + void *cb = (void*)(uintptr_t)mux_id; + cli_credentials_set_callback_data(creds, cb); cli_credentials_set_password_callback(creds, get_password); - creds->priv_data = (void*)(uintptr_t)mux_id; } if (opt_workstation) { cli_credentials_set_workstation(creds, opt_workstation, CRED_SPECIFIED); -- 1.8.1.2 From 9325bd9cb6bb942ea989f4e32799c76ea8af3d3e Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Wed, 31 Jul 2013 12:41:40 +0200 Subject: [PATCH 17/67] auth/credentials: keep cli_credentials private Signed-off-by: Stefan Metzmacher Reviewed-by: Andrew Bartlett --- auth/credentials/credentials.c | 1 + auth/credentials/credentials.h | 101 +++------------------------- auth/credentials/credentials_internal.h | 114 ++++++++++++++++++++++++++++++++ auth/credentials/credentials_krb5.c | 1 + auth/credentials/credentials_ntlm.c | 1 + auth/credentials/credentials_secrets.c | 1 + 6 files changed, 126 insertions(+), 93 deletions(-) create mode 100644 auth/credentials/credentials_internal.h diff --git a/auth/credentials/credentials.c b/auth/credentials/credentials.c index c1c6993..f334465 100644 --- a/auth/credentials/credentials.c +++ b/auth/credentials/credentials.c @@ -24,6 +24,7 @@ #include "includes.h" #include "librpc/gen_ndr/samr.h" /* for struct samrPassword */ #include "auth/credentials/credentials.h" +#include "auth/credentials/credentials_internal.h" #include "libcli/auth/libcli_auth.h" #include "tevent.h" #include "param/param.h" diff --git a/auth/credentials/credentials.h b/auth/credentials/credentials.h index 1377bfa..cb09dc3 100644 --- a/auth/credentials/credentials.h +++ b/auth/credentials/credentials.h @@ -25,9 +25,17 @@ #include "../lib/util/data_blob.h" #include "librpc/gen_ndr/misc.h" +struct cli_credentials; struct ccache_container; struct tevent_context; struct netlogon_creds_CredentialState; +struct ldb_context; +struct ldb_message; +struct loadparm_context; +struct ccache_container; +struct gssapi_creds_container; +struct smb_krb5_context; +struct keytab_container; /* In order of priority */ enum credentials_obtained { @@ -57,99 +65,6 @@ enum credentials_krb_forwardable { #define CLI_CRED_NTLM_AUTH 0x08 #define CLI_CRED_CLEAR_AUTH 0x10 /* TODO: Push cleartext auth with this flag */ -struct cli_credentials { - enum credentials_obtained workstation_obtained; - enum credentials_obtained username_obtained; - enum credentials_obtained password_obtained; - enum credentials_obtained domain_obtained; - enum credentials_obtained realm_obtained; - enum credentials_obtained ccache_obtained; - enum credentials_obtained client_gss_creds_obtained; - enum credentials_obtained principal_obtained; - enum credentials_obtained keytab_obtained; - enum credentials_obtained server_gss_creds_obtained; - - /* Threshold values (essentially a MAX() over a number of the - * above) for the ccache and GSS credentials, to ensure we - * regenerate/pick correctly */ - - enum credentials_obtained ccache_threshold; - enum credentials_obtained client_gss_creds_threshold; - - const char *workstation; - const char *username; - const char *password; - const char *old_password; - const char *domain; - const char *realm; - const char *principal; - char *salt_principal; - char *impersonate_principal; - char *self_service; - char *target_service; - - const char *bind_dn; - - /* Allows authentication from a keytab or similar */ - struct samr_Password *nt_hash; - - /* Allows NTLM pass-though authentication */ - DATA_BLOB lm_response; - DATA_BLOB nt_response; - - struct ccache_container *ccache; - struct gssapi_creds_container *client_gss_creds; - struct keytab_container *keytab; - struct gssapi_creds_container *server_gss_creds; - - const char *(*workstation_cb) (struct cli_credentials *); - const char *(*password_cb) (struct cli_credentials *); - const char *(*username_cb) (struct cli_credentials *); - const char *(*domain_cb) (struct cli_credentials *); - const char *(*realm_cb) (struct cli_credentials *); - const char *(*principal_cb) (struct cli_credentials *); - - /* Private handle for the callback routines to use */ - void *priv_data; - - struct netlogon_creds_CredentialState *netlogon_creds; - enum netr_SchannelType secure_channel_type; - int kvno; - time_t password_last_changed_time; - - struct smb_krb5_context *smb_krb5_context; - - /* We are flagged to get machine account details from the - * secrets.ldb when we are asked for a username or password */ - bool machine_account_pending; - struct loadparm_context *machine_account_pending_lp_ctx; - - /* Is this a machine account? */ - bool machine_account; - - /* Should we be trying to use kerberos? */ - enum credentials_use_kerberos use_kerberos; - - /* Should we get a forwardable ticket? */ - enum credentials_krb_forwardable krb_forwardable; - - /* gensec features which should be used for connections */ - uint32_t gensec_features; - - /* Number of retries left before bailing out */ - int tries; - - /* Whether any callback is currently running */ - bool callback_running; -}; - -struct ldb_context; -struct ldb_message; -struct loadparm_context; -struct ccache_container; - -struct gssapi_creds_container; - const char *cli_credentials_get_workstation(struct cli_credentials *cred); bool cli_credentials_set_workstation(struct cli_credentials *cred, const char *val, diff --git a/auth/credentials/credentials_internal.h b/auth/credentials/credentials_internal.h new file mode 100644 index 0000000..5a3655b --- /dev/null +++ b/auth/credentials/credentials_internal.h @@ -0,0 +1,114 @@ +/* + samba -- Unix SMB/CIFS implementation. + + Client credentials structure + + Copyright (C) Jelmer Vernooij 2004-2006 + Copyright (C) Andrew Bartlett 2005 + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 3 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program. If not, see . +*/ +#ifndef __CREDENTIALS_INTERNAL_H__ +#define __CREDENTIALS_INTERNAL_H__ + +#include "../lib/util/data_blob.h" +#include "librpc/gen_ndr/misc.h" + +struct cli_credentials { + enum credentials_obtained workstation_obtained; + enum credentials_obtained username_obtained; + enum credentials_obtained password_obtained; + enum credentials_obtained domain_obtained; + enum credentials_obtained realm_obtained; + enum credentials_obtained ccache_obtained; + enum credentials_obtained client_gss_creds_obtained; + enum credentials_obtained principal_obtained; + enum credentials_obtained keytab_obtained; + enum credentials_obtained server_gss_creds_obtained; + + /* Threshold values (essentially a MAX() over a number of the + * above) for the ccache and GSS credentials, to ensure we + * regenerate/pick correctly */ + + enum credentials_obtained ccache_threshold; + enum credentials_obtained client_gss_creds_threshold; + + const char *workstation; + const char *username; + const char *password; + const char *old_password; + const char *domain; + const char *realm; + const char *principal; + char *salt_principal; + char *impersonate_principal; + char *self_service; + char *target_service; + + const char *bind_dn; + + /* Allows authentication from a keytab or similar */ + struct samr_Password *nt_hash; + + /* Allows NTLM pass-though authentication */ + DATA_BLOB lm_response; + DATA_BLOB nt_response; + + struct ccache_container *ccache; + struct gssapi_creds_container *client_gss_creds; + struct keytab_container *keytab; + struct gssapi_creds_container *server_gss_creds; + + const char *(*workstation_cb) (struct cli_credentials *); + const char *(*password_cb) (struct cli_credentials *); + const char *(*username_cb) (struct cli_credentials *); + const char *(*domain_cb) (struct cli_credentials *); + const char *(*realm_cb) (struct cli_credentials *); + const char *(*principal_cb) (struct cli_credentials *); + + /* Private handle for the callback routines to use */ + void *priv_data; + + struct netlogon_creds_CredentialState *netlogon_creds; + enum netr_SchannelType secure_channel_type; + int kvno; + time_t password_last_changed_time; + + struct smb_krb5_context *smb_krb5_context; + + /* We are flagged to get machine account details from the + * secrets.ldb when we are asked for a username or password */ + bool machine_account_pending; + struct loadparm_context *machine_account_pending_lp_ctx; + + /* Is this a machine account? */ + bool machine_account; + + /* Should we be trying to use kerberos? */ + enum credentials_use_kerberos use_kerberos; + + /* Should we get a forwardable ticket? */ + enum credentials_krb_forwardable krb_forwardable; + + /* gensec features which should be used for connections */ + uint32_t gensec_features; + + /* Number of retries left before bailing out */ + int tries; + + /* Whether any callback is currently running */ + bool callback_running; +}; + +#endif /* __CREDENTIALS_INTERNAL_H__ */ diff --git a/auth/credentials/credentials_krb5.c b/auth/credentials/credentials_krb5.c index cc51f56..31fc9d2 100644 --- a/auth/credentials/credentials_krb5.c +++ b/auth/credentials/credentials_krb5.c @@ -26,6 +26,7 @@ #include "system/gssapi.h" #include "auth/kerberos/kerberos.h" #include "auth/credentials/credentials.h" +#include "auth/credentials/credentials_internal.h" #include "auth/credentials/credentials_proto.h" #include "auth/credentials/credentials_krb5.h" #include "auth/kerberos/kerberos_credentials.h" diff --git a/auth/credentials/credentials_ntlm.c b/auth/credentials/credentials_ntlm.c index 8f143bf..8c6be39 100644 --- a/auth/credentials/credentials_ntlm.c +++ b/auth/credentials/credentials_ntlm.c @@ -26,6 +26,7 @@ #include "../lib/crypto/crypto.h" #include "libcli/auth/libcli_auth.h" #include "auth/credentials/credentials.h" +#include "auth/credentials/credentials_internal.h" _PUBLIC_ NTSTATUS cli_credentials_get_ntlm_response(struct cli_credentials *cred, TALLOC_CTX *mem_ctx, int *flags, diff --git a/auth/credentials/credentials_secrets.c b/auth/credentials/credentials_secrets.c index 27ee607..678d167 100644 --- a/auth/credentials/credentials_secrets.c +++ b/auth/credentials/credentials_secrets.c @@ -28,6 +28,7 @@ #include "param/secrets.h" #include "system/filesys.h" #include "auth/credentials/credentials.h" +#include "auth/credentials/credentials_internal.h" #include "auth/credentials/credentials_proto.h" #include "auth/credentials/credentials_krb5.h" #include "auth/kerberos/kerberos_util.h" -- 1.8.1.2 From 26a7420c1c4307023b22676cd85d95010ecbf603 Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Wed, 31 Jul 2013 13:39:17 +0200 Subject: [PATCH 18/67] auth/credentials: get the old password from secrets.tdb Signed-off-by: Stefan Metzmacher Reviewed-by: Andrew Bartlett --- auth/credentials/credentials_secrets.c | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/auth/credentials/credentials_secrets.c b/auth/credentials/credentials_secrets.c index 678d167..6c1cded 100644 --- a/auth/credentials/credentials_secrets.c +++ b/auth/credentials/credentials_secrets.c @@ -238,6 +238,7 @@ _PUBLIC_ NTSTATUS cli_credentials_set_machine_account(struct cli_credentials *cr bool secrets_tdb_password_more_recent; time_t secrets_tdb_lct = 0; char *secrets_tdb_password = NULL; + char *secrets_tdb_old_password = NULL; char *keystr; char *keystr_upper = NULL; char *secrets_tdb; @@ -285,6 +286,15 @@ _PUBLIC_ NTSTATUS cli_credentials_set_machine_account(struct cli_credentials *cr if (NT_STATUS_IS_OK(status)) { secrets_tdb_password = (char *)dbuf.dptr; } + keystr = talloc_asprintf(tmp_ctx, "%s/%s", + SECRETS_MACHINE_PASSWORD_PREV, + domain); + keystr_upper = strupper_talloc(tmp_ctx, keystr); + status = dbwrap_fetch(db_ctx, tmp_ctx, string_tdb_data(keystr_upper), + &dbuf); + if (NT_STATUS_IS_OK(status)) { + secrets_tdb_old_password = (char *)dbuf.dptr; + } } filter = talloc_asprintf(cred, SECRETS_PRIMARY_DOMAIN_FILTER, @@ -308,6 +318,7 @@ _PUBLIC_ NTSTATUS cli_credentials_set_machine_account(struct cli_credentials *cr if (secrets_tdb_password_more_recent) { char *machine_account = talloc_asprintf(tmp_ctx, "%s$", lpcfg_netbios_name(lp_ctx)); cli_credentials_set_password(cred, secrets_tdb_password, CRED_SPECIFIED); + cli_credentials_set_old_password(cred, secrets_tdb_old_password, CRED_SPECIFIED); cli_credentials_set_domain(cred, domain, CRED_SPECIFIED); cli_credentials_set_username(cred, machine_account, CRED_SPECIFIED); } else if (!NT_STATUS_IS_OK(status)) { -- 1.8.1.2 From 8ea36a8e58d499aa7bf342b365ca00cb39f295b6 Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Wed, 31 Jul 2013 14:25:54 +0200 Subject: [PATCH 19/67] auth/credentials: simplify password_tries state Signed-off-by: Stefan Metzmacher Reviewed-by: Andrew Bartlett --- auth/credentials/credentials.c | 19 ++++++++++++++----- auth/credentials/credentials_internal.h | 2 +- 2 files changed, 15 insertions(+), 6 deletions(-) diff --git a/auth/credentials/credentials.c b/auth/credentials/credentials.c index f334465..4ac5356 100644 --- a/auth/credentials/credentials.c +++ b/auth/credentials/credentials.c @@ -104,7 +104,7 @@ _PUBLIC_ struct cli_credentials *cli_credentials_init(TALLOC_CTX *mem_ctx) cred->machine_account = false; - cred->tries = 3; + cred->password_tries = 0; cred->callback_running = false; @@ -397,6 +397,7 @@ _PUBLIC_ bool cli_credentials_set_password(struct cli_credentials *cred, enum credentials_obtained obtained) { if (obtained >= cred->password_obtained) { + cred->password_tries = 0; cred->password = talloc_strdup(cred, val); if (cred->password) { /* Don't print the actual password in talloc memory dumps */ @@ -418,6 +419,7 @@ _PUBLIC_ bool cli_credentials_set_password_callback(struct cli_credentials *cred const char *(*password_cb) (struct cli_credentials *)) { if (cred->password_obtained < CRED_CALLBACK) { + cred->password_tries = 3; cred->password_cb = password_cb; cred->password_obtained = CRED_CALLBACK; cli_credentials_invalidate_ccache(cred, cred->password_obtained); @@ -897,12 +899,19 @@ _PUBLIC_ bool cli_credentials_wrong_password(struct cli_credentials *cred) if (cred->password_obtained != CRED_CALLBACK_RESULT) { return false; } - - cred->password_obtained = CRED_CALLBACK; - cred->tries--; + if (cred->password_tries == 0) { + return false; + } + + cred->password_tries--; - return (cred->tries > 0); + if (cred->password_tries == 0) { + return false; + } + + cred->password_obtained = CRED_CALLBACK; + return true; } _PUBLIC_ void cli_credentials_get_ntlm_username_domain(struct cli_credentials *cred, TALLOC_CTX *mem_ctx, diff --git a/auth/credentials/credentials_internal.h b/auth/credentials/credentials_internal.h index 5a3655b..f2f79b9 100644 --- a/auth/credentials/credentials_internal.h +++ b/auth/credentials/credentials_internal.h @@ -105,7 +105,7 @@ struct cli_credentials { uint32_t gensec_features; /* Number of retries left before bailing out */ - int tries; + uint32_t password_tries; /* Whether any callback is currently running */ bool callback_running; -- 1.8.1.2 From b699d404bb5d4385a757b5aa5d0e792cf9d5de59 Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Wed, 31 Jul 2013 14:32:36 +0200 Subject: [PATCH 20/67] auth/credentials: use CRED_CALLBACK_RESULT after a callback We only do this if it's still CRED_CALLBACK after the callback, this allowes the callback to overwrite it. Signed-off-by: Stefan Metzmacher Reviewed-by: Andrew Bartlett Autobuild-User(master): Andrew Bartlett Autobuild-Date(master): Mon Aug 5 09:36:05 CEST 2013 on sn-devel-104 --- auth/credentials/credentials.c | 34 +++++++++++++++++++++++----------- 1 file changed, 23 insertions(+), 11 deletions(-) diff --git a/auth/credentials/credentials.c b/auth/credentials/credentials.c index 4ac5356..be497bc 100644 --- a/auth/credentials/credentials.c +++ b/auth/credentials/credentials.c @@ -206,8 +206,10 @@ _PUBLIC_ const char *cli_credentials_get_username(struct cli_credentials *cred) cred->callback_running = true; cred->username = cred->username_cb(cred); cred->callback_running = false; - cred->username_obtained = CRED_SPECIFIED; - cli_credentials_invalidate_ccache(cred, cred->username_obtained); + if (cred->username_obtained == CRED_CALLBACK) { + cred->username_obtained = CRED_CALLBACK_RESULT; + cli_credentials_invalidate_ccache(cred, cred->username_obtained); + } } return cred->username; @@ -275,8 +277,10 @@ _PUBLIC_ const char *cli_credentials_get_principal_and_obtained(struct cli_crede cred->callback_running = true; cred->principal = cred->principal_cb(cred); cred->callback_running = false; - cred->principal_obtained = CRED_SPECIFIED; - cli_credentials_invalidate_ccache(cred, cred->principal_obtained); + if (cred->principal_obtained == CRED_CALLBACK) { + cred->principal_obtained = CRED_CALLBACK_RESULT; + cli_credentials_invalidate_ccache(cred, cred->principal_obtained); + } } if (cred->principal_obtained < cred->username_obtained @@ -382,8 +386,10 @@ _PUBLIC_ const char *cli_credentials_get_password(struct cli_credentials *cred) cred->callback_running = true; cred->password = cred->password_cb(cred); cred->callback_running = false; - cred->password_obtained = CRED_CALLBACK_RESULT; - cli_credentials_invalidate_ccache(cred, cred->password_obtained); + if (cred->password_obtained == CRED_CALLBACK) { + cred->password_obtained = CRED_CALLBACK_RESULT; + cli_credentials_invalidate_ccache(cred, cred->password_obtained); + } } return cred->password; @@ -502,8 +508,10 @@ _PUBLIC_ const char *cli_credentials_get_domain(struct cli_credentials *cred) cred->callback_running = true; cred->domain = cred->domain_cb(cred); cred->callback_running = false; - cred->domain_obtained = CRED_SPECIFIED; - cli_credentials_invalidate_ccache(cred, cred->domain_obtained); + if (cred->domain_obtained == CRED_CALLBACK) { + cred->domain_obtained = CRED_CALLBACK_RESULT; + cli_credentials_invalidate_ccache(cred, cred->domain_obtained); + } } return cred->domain; @@ -561,8 +569,10 @@ _PUBLIC_ const char *cli_credentials_get_realm(struct cli_credentials *cred) cred->callback_running = true; cred->realm = cred->realm_cb(cred); cred->callback_running = false; - cred->realm_obtained = CRED_SPECIFIED; - cli_credentials_invalidate_ccache(cred, cred->realm_obtained); + if (cred->realm_obtained == CRED_CALLBACK) { + cred->realm_obtained = CRED_CALLBACK_RESULT; + cli_credentials_invalidate_ccache(cred, cred->realm_obtained); + } } return cred->realm; @@ -612,7 +622,9 @@ _PUBLIC_ const char *cli_credentials_get_workstation(struct cli_credentials *cre cred->callback_running = true; cred->workstation = cred->workstation_cb(cred); cred->callback_running = false; - cred->workstation_obtained = CRED_SPECIFIED; + if (cred->workstation_obtained == CRED_CALLBACK) { + cred->workstation_obtained = CRED_CALLBACK_RESULT; + } } return cred->workstation; -- 1.8.1.2 From 6dc7c63efa95d0c04b542667d9b6a6621c8139bf Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?G=C3=BCnther=20Deschner?= Date: Fri, 17 May 2013 15:14:35 +0200 Subject: [PATCH 21/67] s3-libads: Fail create_local_private_krb5_conf_for_domain() if parameters missing. MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Guenther Signed-off-by: Günther Deschner Reviewed-by: Stefan Metzmacher Reviewed-by: Andreas Schneider --- source3/libads/kerberos.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/source3/libads/kerberos.c b/source3/libads/kerberos.c index 96d194d..bb74305 100644 --- a/source3/libads/kerberos.c +++ b/source3/libads/kerberos.c @@ -839,6 +839,10 @@ bool create_local_private_krb5_conf_for_domain(const char *realm, return false; } + if (!realm || !domain || !pss || !kdc_name) { + return false; + } + dname = lock_path("smb_krb5"); if (!dname) { return false; -- 1.8.1.2 From 93e92faca9c99cd91878c2f48fb244233b16aa0f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?G=C3=BCnther=20Deschner?= Date: Fri, 17 May 2013 16:02:59 +0200 Subject: [PATCH 22/67] s3-net: pass down ndr_interface_table to connect_dst_pipe(). MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Guenther Signed-off-by: Günther Deschner Reviewed-by: Stefan Metzmacher Reviewed-by: Andreas Schneider --- source3/utils/net_proto.h | 2 +- source3/utils/net_rpc.c | 4 ++-- source3/utils/net_rpc_printer.c | 10 +++++----- source3/utils/net_util.c | 4 ++-- 4 files changed, 10 insertions(+), 10 deletions(-) diff --git a/source3/utils/net_proto.h b/source3/utils/net_proto.h index 3f99e14..03fb312 100644 --- a/source3/utils/net_proto.h +++ b/source3/utils/net_proto.h @@ -416,7 +416,7 @@ NTSTATUS connect_to_ipc_anonymous(struct net_context *c, const char *server_name); NTSTATUS connect_dst_pipe(struct net_context *c, struct cli_state **cli_dst, struct rpc_pipe_client **pp_pipe_hnd, - const struct ndr_syntax_id *interface); + const struct ndr_interface_table *table); int net_use_krb_machine_account(struct net_context *c); int net_use_machine_account(struct net_context *c); bool net_find_server(struct net_context *c, diff --git a/source3/utils/net_rpc.c b/source3/utils/net_rpc.c index 870ad22..e59a223 100644 --- a/source3/utils/net_rpc.c +++ b/source3/utils/net_rpc.c @@ -3619,7 +3619,7 @@ static NTSTATUS rpc_share_migrate_shares_internals(struct net_context *c, /* connect destination PI_SRVSVC */ nt_status = connect_dst_pipe(c, &cli_dst, &srvsvc_pipe, - &ndr_table_srvsvc.syntax_id); + &ndr_table_srvsvc); if (!NT_STATUS_IS_OK(nt_status)) return nt_status; @@ -4105,7 +4105,7 @@ static NTSTATUS rpc_share_migrate_security_internals(struct net_context *c, /* connect destination PI_SRVSVC */ nt_status = connect_dst_pipe(c, &cli_dst, &srvsvc_pipe, - &ndr_table_srvsvc.syntax_id); + &ndr_table_srvsvc); if (!NT_STATUS_IS_OK(nt_status)) return nt_status; diff --git a/source3/utils/net_rpc_printer.c b/source3/utils/net_rpc_printer.c index 9743d08..3ed97a7 100644 --- a/source3/utils/net_rpc_printer.c +++ b/source3/utils/net_rpc_printer.c @@ -1577,7 +1577,7 @@ NTSTATUS rpc_printer_migrate_security_internals(struct net_context *c, /* connect destination PI_SPOOLSS */ nt_status = connect_dst_pipe(c, &cli_dst, &pipe_hnd_dst, - &ndr_table_spoolss.syntax_id); + &ndr_table_spoolss); if (!NT_STATUS_IS_OK(nt_status)) { return nt_status; } @@ -1729,7 +1729,7 @@ NTSTATUS rpc_printer_migrate_forms_internals(struct net_context *c, /* connect destination PI_SPOOLSS */ nt_status = connect_dst_pipe(c, &cli_dst, &pipe_hnd_dst, - &ndr_table_spoolss.syntax_id); + &ndr_table_spoolss); if (!NT_STATUS_IS_OK(nt_status)) { return nt_status; } @@ -1906,7 +1906,7 @@ NTSTATUS rpc_printer_migrate_drivers_internals(struct net_context *c, DEBUG(3,("copying printer-drivers\n")); nt_status = connect_dst_pipe(c, &cli_dst, &pipe_hnd_dst, - &ndr_table_spoolss.syntax_id); + &ndr_table_spoolss); if (!NT_STATUS_IS_OK(nt_status)) { return nt_status; } @@ -2125,7 +2125,7 @@ NTSTATUS rpc_printer_migrate_printers_internals(struct net_context *c, /* connect destination PI_SPOOLSS */ nt_status = connect_dst_pipe(c, &cli_dst, &pipe_hnd_dst, - &ndr_table_spoolss.syntax_id); + &ndr_table_spoolss); if (!NT_STATUS_IS_OK(nt_status)) { return nt_status; } @@ -2300,7 +2300,7 @@ NTSTATUS rpc_printer_migrate_settings_internals(struct net_context *c, /* connect destination PI_SPOOLSS */ nt_status = connect_dst_pipe(c, &cli_dst, &pipe_hnd_dst, - &ndr_table_spoolss.syntax_id); + &ndr_table_spoolss); if (!NT_STATUS_IS_OK(nt_status)) { return nt_status; } diff --git a/source3/utils/net_util.c b/source3/utils/net_util.c index 9c4a77e..a4282ec 100644 --- a/source3/utils/net_util.c +++ b/source3/utils/net_util.c @@ -231,7 +231,7 @@ NTSTATUS connect_to_ipc_anonymous(struct net_context *c, **/ NTSTATUS connect_dst_pipe(struct net_context *c, struct cli_state **cli_dst, struct rpc_pipe_client **pp_pipe_hnd, - const struct ndr_syntax_id *interface) + const struct ndr_interface_table *table) { NTSTATUS nt_status; char *server_name = SMB_STRDUP("127.0.0.1"); @@ -256,7 +256,7 @@ NTSTATUS connect_dst_pipe(struct net_context *c, struct cli_state **cli_dst, return nt_status; } - nt_status = cli_rpc_pipe_open_noauth(cli_tmp, interface, + nt_status = cli_rpc_pipe_open_noauth(cli_tmp, &table->syntax_id, &pipe_hnd); if (!NT_STATUS_IS_OK(nt_status)) { DEBUG(0, ("couldn't not initialize pipe\n")); -- 1.8.1.2 From a1368ca6ef8ab4f158c8b303ad058835f1bbf441 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?G=C3=BCnther=20Deschner?= Date: Fri, 17 May 2013 16:24:42 +0200 Subject: [PATCH 23/67] s3-rpc_cli: remove prototype of nonexisting cli_rpc_pipe_open_krb5(). MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Guenther Signed-off-by: Günther Deschner Reviewed-by: Stefan Metzmacher Reviewed-by: Andreas Schneider --- source3/rpc_client/cli_pipe.h | 9 --------- 1 file changed, 9 deletions(-) diff --git a/source3/rpc_client/cli_pipe.h b/source3/rpc_client/cli_pipe.h index bf785fb..34ae542 100644 --- a/source3/rpc_client/cli_pipe.h +++ b/source3/rpc_client/cli_pipe.h @@ -131,15 +131,6 @@ NTSTATUS cli_rpc_pipe_open_schannel(struct cli_state *cli, const char *domain, struct rpc_pipe_client **presult); -NTSTATUS cli_rpc_pipe_open_krb5(struct cli_state *cli, - const struct ndr_syntax_id *interface, - enum dcerpc_transport_t transport, - enum dcerpc_AuthLevel auth_level, - const char *service_princ, - const char *username, - const char *password, - struct rpc_pipe_client **presult); - NTSTATUS cli_get_session_key(TALLOC_CTX *mem_ctx, struct rpc_pipe_client *cli, DATA_BLOB *session_key); -- 1.8.1.2 From fa37bbd9d06865d265bf554a3c49920f956f2185 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?G=C3=BCnther=20Deschner?= Date: Fri, 17 May 2013 16:08:16 +0200 Subject: [PATCH 24/67] s3-libnetapi: pass down ndr_interface_table to libnetapi_get_binding_handle(). MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Guenther Signed-off-by: Günther Deschner Reviewed-by: Stefan Metzmacher Reviewed-by: Andreas Schneider --- source3/lib/netapi/cm.c | 4 ++-- source3/lib/netapi/file.c | 6 +++--- source3/lib/netapi/getdc.c | 6 +++--- source3/lib/netapi/netapi_private.h | 3 ++- source3/lib/netapi/netlogon.c | 4 ++-- source3/lib/netapi/serverinfo.c | 6 +++--- source3/lib/netapi/share.c | 10 +++++----- source3/lib/netapi/shutdown.c | 4 ++-- 8 files changed, 22 insertions(+), 21 deletions(-) diff --git a/source3/lib/netapi/cm.c b/source3/lib/netapi/cm.c index 36e8731..786fd94 100644 --- a/source3/lib/netapi/cm.c +++ b/source3/lib/netapi/cm.c @@ -269,7 +269,7 @@ WERROR libnetapi_open_pipe(struct libnetapi_ctx *ctx, WERROR libnetapi_get_binding_handle(struct libnetapi_ctx *ctx, const char *server_name, - const struct ndr_syntax_id *interface, + const struct ndr_interface_table *table, struct dcerpc_binding_handle **binding_handle) { struct rpc_pipe_client *pipe_cli; @@ -277,7 +277,7 @@ WERROR libnetapi_get_binding_handle(struct libnetapi_ctx *ctx, *binding_handle = NULL; - result = libnetapi_open_pipe(ctx, server_name, interface, &pipe_cli); + result = libnetapi_open_pipe(ctx, server_name, &table->syntax_id, &pipe_cli); if (!W_ERROR_IS_OK(result)) { return result; } diff --git a/source3/lib/netapi/file.c b/source3/lib/netapi/file.c index 1e406d2..551f9ff 100644 --- a/source3/lib/netapi/file.c +++ b/source3/lib/netapi/file.c @@ -36,7 +36,7 @@ WERROR NetFileClose_r(struct libnetapi_ctx *ctx, struct dcerpc_binding_handle *b; werr = libnetapi_get_binding_handle(ctx, r->in.server_name, - &ndr_table_srvsvc.syntax_id, + &ndr_table_srvsvc, &b); if (!W_ERROR_IS_OK(werr)) { goto done; @@ -130,7 +130,7 @@ WERROR NetFileGetInfo_r(struct libnetapi_ctx *ctx, } werr = libnetapi_get_binding_handle(ctx, r->in.server_name, - &ndr_table_srvsvc.syntax_id, + &ndr_table_srvsvc, &b); if (!W_ERROR_IS_OK(werr)) { goto done; @@ -201,7 +201,7 @@ WERROR NetFileEnum_r(struct libnetapi_ctx *ctx, } werr = libnetapi_get_binding_handle(ctx, r->in.server_name, - &ndr_table_srvsvc.syntax_id, + &ndr_table_srvsvc, &b); if (!W_ERROR_IS_OK(werr)) { goto done; diff --git a/source3/lib/netapi/getdc.c b/source3/lib/netapi/getdc.c index 3b26d46..ae976f1 100644 --- a/source3/lib/netapi/getdc.c +++ b/source3/lib/netapi/getdc.c @@ -47,7 +47,7 @@ WERROR NetGetDCName_r(struct libnetapi_ctx *ctx, void *buffer; werr = libnetapi_get_binding_handle(ctx, r->in.server_name, - &ndr_table_netlogon.syntax_id, + &ndr_table_netlogon, &b); if (!W_ERROR_IS_OK(werr)) { goto done; @@ -101,7 +101,7 @@ WERROR NetGetAnyDCName_r(struct libnetapi_ctx *ctx, void *buffer; werr = libnetapi_get_binding_handle(ctx, r->in.server_name, - &ndr_table_netlogon.syntax_id, + &ndr_table_netlogon, &b); if (!W_ERROR_IS_OK(werr)) { goto done; @@ -173,7 +173,7 @@ WERROR DsGetDcName_r(struct libnetapi_ctx *ctx, struct dcerpc_binding_handle *b; werr = libnetapi_get_binding_handle(ctx, r->in.server_name, - &ndr_table_netlogon.syntax_id, + &ndr_table_netlogon, &b); if (!W_ERROR_IS_OK(werr)) { goto done; diff --git a/source3/lib/netapi/netapi_private.h b/source3/lib/netapi/netapi_private.h index 349287b..62aa7ef 100644 --- a/source3/lib/netapi/netapi_private.h +++ b/source3/lib/netapi/netapi_private.h @@ -30,6 +30,7 @@ return fn ## _r(ctx, r); struct dcerpc_binding_handle; +struct ndr_interface_table; struct libnetapi_private_ctx { struct { @@ -64,7 +65,7 @@ WERROR libnetapi_open_pipe(struct libnetapi_ctx *ctx, struct rpc_pipe_client **presult); WERROR libnetapi_get_binding_handle(struct libnetapi_ctx *ctx, const char *server_name, - const struct ndr_syntax_id *interface, + const struct ndr_interface_table *table, struct dcerpc_binding_handle **binding_handle); WERROR libnetapi_samr_open_domain(struct libnetapi_ctx *mem_ctx, struct rpc_pipe_client *pipe_cli, diff --git a/source3/lib/netapi/netlogon.c b/source3/lib/netapi/netlogon.c index a046fb7..136cb48 100644 --- a/source3/lib/netapi/netlogon.c +++ b/source3/lib/netapi/netlogon.c @@ -133,7 +133,7 @@ WERROR I_NetLogonControl_r(struct libnetapi_ctx *ctx, struct dcerpc_binding_handle *b; werr = libnetapi_get_binding_handle(ctx, r->in.server_name, - &ndr_table_netlogon.syntax_id, + &ndr_table_netlogon, &b); if (!W_ERROR_IS_OK(werr)) { goto done; @@ -190,7 +190,7 @@ WERROR I_NetLogonControl2_r(struct libnetapi_ctx *ctx, } werr = libnetapi_get_binding_handle(ctx, r->in.server_name, - &ndr_table_netlogon.syntax_id, + &ndr_table_netlogon, &b); if (!W_ERROR_IS_OK(werr)) { goto done; diff --git a/source3/lib/netapi/serverinfo.c b/source3/lib/netapi/serverinfo.c index 046b693..b2a84d1 100644 --- a/source3/lib/netapi/serverinfo.c +++ b/source3/lib/netapi/serverinfo.c @@ -503,7 +503,7 @@ WERROR NetServerGetInfo_r(struct libnetapi_ctx *ctx, } werr = libnetapi_get_binding_handle(ctx, r->in.server_name, - &ndr_table_srvsvc.syntax_id, + &ndr_table_srvsvc, &b); if (!W_ERROR_IS_OK(werr)) { goto done; @@ -616,7 +616,7 @@ WERROR NetServerSetInfo_r(struct libnetapi_ctx *ctx, struct dcerpc_binding_handle *b; werr = libnetapi_get_binding_handle(ctx, r->in.server_name, - &ndr_table_srvsvc.syntax_id, + &ndr_table_srvsvc, &b); if (!W_ERROR_IS_OK(werr)) { goto done; @@ -658,7 +658,7 @@ WERROR NetRemoteTOD_r(struct libnetapi_ctx *ctx, struct dcerpc_binding_handle *b; werr = libnetapi_get_binding_handle(ctx, r->in.server_name, - &ndr_table_srvsvc.syntax_id, + &ndr_table_srvsvc, &b); if (!W_ERROR_IS_OK(werr)) { goto done; diff --git a/source3/lib/netapi/share.c b/source3/lib/netapi/share.c index d12fa1c..090e1a9 100644 --- a/source3/lib/netapi/share.c +++ b/source3/lib/netapi/share.c @@ -200,7 +200,7 @@ WERROR NetShareAdd_r(struct libnetapi_ctx *ctx, } werr = libnetapi_get_binding_handle(ctx, r->in.server_name, - &ndr_table_srvsvc.syntax_id, + &ndr_table_srvsvc, &b); if (!W_ERROR_IS_OK(werr)) { goto done; @@ -258,7 +258,7 @@ WERROR NetShareDel_r(struct libnetapi_ctx *ctx, } werr = libnetapi_get_binding_handle(ctx, r->in.server_name, - &ndr_table_srvsvc.syntax_id, + &ndr_table_srvsvc, &b); if (!W_ERROR_IS_OK(werr)) { goto done; @@ -321,7 +321,7 @@ WERROR NetShareEnum_r(struct libnetapi_ctx *ctx, ZERO_STRUCT(info_ctr); werr = libnetapi_get_binding_handle(ctx, r->in.server_name, - &ndr_table_srvsvc.syntax_id, + &ndr_table_srvsvc, &b); if (!W_ERROR_IS_OK(werr)) { goto done; @@ -428,7 +428,7 @@ WERROR NetShareGetInfo_r(struct libnetapi_ctx *ctx, } werr = libnetapi_get_binding_handle(ctx, r->in.server_name, - &ndr_table_srvsvc.syntax_id, + &ndr_table_srvsvc, &b); if (!W_ERROR_IS_OK(werr)) { goto done; @@ -502,7 +502,7 @@ WERROR NetShareSetInfo_r(struct libnetapi_ctx *ctx, } werr = libnetapi_get_binding_handle(ctx, r->in.server_name, - &ndr_table_srvsvc.syntax_id, + &ndr_table_srvsvc, &b); if (!W_ERROR_IS_OK(werr)) { goto done; diff --git a/source3/lib/netapi/shutdown.c b/source3/lib/netapi/shutdown.c index 78bc2fc..9e1e8e1 100644 --- a/source3/lib/netapi/shutdown.c +++ b/source3/lib/netapi/shutdown.c @@ -38,7 +38,7 @@ WERROR NetShutdownInit_r(struct libnetapi_ctx *ctx, struct dcerpc_binding_handle *b; werr = libnetapi_get_binding_handle(ctx, r->in.server_name, - &ndr_table_initshutdown.syntax_id, + &ndr_table_initshutdown, &b); if (!W_ERROR_IS_OK(werr)) { goto done; @@ -82,7 +82,7 @@ WERROR NetShutdownAbort_r(struct libnetapi_ctx *ctx, struct dcerpc_binding_handle *b; werr = libnetapi_get_binding_handle(ctx, r->in.server_name, - &ndr_table_initshutdown.syntax_id, + &ndr_table_initshutdown, &b); if (!W_ERROR_IS_OK(werr)) { goto done; -- 1.8.1.2 From 77f7f2a976e5b95f3bd9f542b92926adee4f5fa6 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?G=C3=BCnther=20Deschner?= Date: Fri, 17 May 2013 16:10:13 +0200 Subject: [PATCH 25/67] s3-libnetapi: pass down ndr_interface_table to libnetapi_open_pipe(). MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Guenther Signed-off-by: Günther Deschner Reviewed-by: Stefan Metzmacher Reviewed-by: Andreas Schneider --- source3/lib/netapi/cm.c | 8 ++++---- source3/lib/netapi/group.c | 18 +++++++++--------- source3/lib/netapi/joindomain.c | 10 +++++----- source3/lib/netapi/localgroup.c | 14 +++++++------- source3/lib/netapi/netapi_private.h | 2 +- source3/lib/netapi/user.c | 22 +++++++++++----------- 6 files changed, 37 insertions(+), 37 deletions(-) diff --git a/source3/lib/netapi/cm.c b/source3/lib/netapi/cm.c index 786fd94..310b6d2 100644 --- a/source3/lib/netapi/cm.c +++ b/source3/lib/netapi/cm.c @@ -234,7 +234,7 @@ static NTSTATUS pipe_cm_open(TALLOC_CTX *ctx, WERROR libnetapi_open_pipe(struct libnetapi_ctx *ctx, const char *server_name, - const struct ndr_syntax_id *interface, + const struct ndr_interface_table *table, struct rpc_pipe_client **presult) { struct rpc_pipe_client *result = NULL; @@ -251,10 +251,10 @@ WERROR libnetapi_open_pipe(struct libnetapi_ctx *ctx, return werr; } - status = pipe_cm_open(ctx, ipc, interface, &result); + status = pipe_cm_open(ctx, ipc, &table->syntax_id, &result); if (!NT_STATUS_IS_OK(status)) { libnetapi_set_error_string(ctx, "failed to open PIPE %s: %s", - get_pipe_name_from_syntax(talloc_tos(), interface), + get_pipe_name_from_syntax(talloc_tos(), &table->syntax_id), get_friendly_nt_error_msg(status)); return WERR_DEST_NOT_FOUND; } @@ -277,7 +277,7 @@ WERROR libnetapi_get_binding_handle(struct libnetapi_ctx *ctx, *binding_handle = NULL; - result = libnetapi_open_pipe(ctx, server_name, &table->syntax_id, &pipe_cli); + result = libnetapi_open_pipe(ctx, server_name, table, &pipe_cli); if (!W_ERROR_IS_OK(result)) { return result; } diff --git a/source3/lib/netapi/group.c b/source3/lib/netapi/group.c index 9813f7e..38ed6df 100644 --- a/source3/lib/netapi/group.c +++ b/source3/lib/netapi/group.c @@ -76,7 +76,7 @@ WERROR NetGroupAdd_r(struct libnetapi_ctx *ctx, } werr = libnetapi_open_pipe(ctx, r->in.server_name, - &ndr_table_samr.syntax_id, + &ndr_table_samr, &pipe_cli); if (!W_ERROR_IS_OK(werr)) { goto done; @@ -272,7 +272,7 @@ WERROR NetGroupDel_r(struct libnetapi_ctx *ctx, } werr = libnetapi_open_pipe(ctx, r->in.server_name, - &ndr_table_samr.syntax_id, + &ndr_table_samr, &pipe_cli); if (!W_ERROR_IS_OK(werr)) { goto done; @@ -475,7 +475,7 @@ WERROR NetGroupSetInfo_r(struct libnetapi_ctx *ctx, } werr = libnetapi_open_pipe(ctx, r->in.server_name, - &ndr_table_samr.syntax_id, + &ndr_table_samr, &pipe_cli); if (!W_ERROR_IS_OK(werr)) { goto done; @@ -745,7 +745,7 @@ WERROR NetGroupGetInfo_r(struct libnetapi_ctx *ctx, } werr = libnetapi_open_pipe(ctx, r->in.server_name, - &ndr_table_samr.syntax_id, + &ndr_table_samr, &pipe_cli); if (!W_ERROR_IS_OK(werr)) { goto done; @@ -885,7 +885,7 @@ WERROR NetGroupAddUser_r(struct libnetapi_ctx *ctx, } werr = libnetapi_open_pipe(ctx, r->in.server_name, - &ndr_table_samr.syntax_id, + &ndr_table_samr, &pipe_cli); if (!W_ERROR_IS_OK(werr)) { goto done; @@ -1029,7 +1029,7 @@ WERROR NetGroupDelUser_r(struct libnetapi_ctx *ctx, } werr = libnetapi_open_pipe(ctx, r->in.server_name, - &ndr_table_samr.syntax_id, + &ndr_table_samr, &pipe_cli); if (!W_ERROR_IS_OK(werr)) { goto done; @@ -1332,7 +1332,7 @@ WERROR NetGroupEnum_r(struct libnetapi_ctx *ctx, } werr = libnetapi_open_pipe(ctx, r->in.server_name, - &ndr_table_samr.syntax_id, + &ndr_table_samr, &pipe_cli); if (!W_ERROR_IS_OK(werr)) { goto done; @@ -1479,7 +1479,7 @@ WERROR NetGroupGetUsers_r(struct libnetapi_ctx *ctx, werr = libnetapi_open_pipe(ctx, r->in.server_name, - &ndr_table_samr.syntax_id, + &ndr_table_samr, &pipe_cli); if (!W_ERROR_IS_OK(werr)) { goto done; @@ -1655,7 +1655,7 @@ WERROR NetGroupSetUsers_r(struct libnetapi_ctx *ctx, } werr = libnetapi_open_pipe(ctx, r->in.server_name, - &ndr_table_samr.syntax_id, + &ndr_table_samr, &pipe_cli); if (!W_ERROR_IS_OK(werr)) { goto done; diff --git a/source3/lib/netapi/joindomain.c b/source3/lib/netapi/joindomain.c index b6fb57a..d8e624f 100644 --- a/source3/lib/netapi/joindomain.c +++ b/source3/lib/netapi/joindomain.c @@ -116,7 +116,7 @@ WERROR NetJoinDomain_r(struct libnetapi_ctx *ctx, DATA_BLOB session_key; werr = libnetapi_open_pipe(ctx, r->in.server, - &ndr_table_wkssvc.syntax_id, + &ndr_table_wkssvc, &pipe_cli); if (!W_ERROR_IS_OK(werr)) { goto done; @@ -257,7 +257,7 @@ WERROR NetUnjoinDomain_r(struct libnetapi_ctx *ctx, DATA_BLOB session_key; werr = libnetapi_open_pipe(ctx, r->in.server_name, - &ndr_table_wkssvc.syntax_id, + &ndr_table_wkssvc, &pipe_cli); if (!W_ERROR_IS_OK(werr)) { goto done; @@ -313,7 +313,7 @@ WERROR NetGetJoinInformation_r(struct libnetapi_ctx *ctx, struct dcerpc_binding_handle *b; werr = libnetapi_open_pipe(ctx, r->in.server_name, - &ndr_table_wkssvc.syntax_id, + &ndr_table_wkssvc, &pipe_cli); if (!W_ERROR_IS_OK(werr)) { goto done; @@ -455,7 +455,7 @@ WERROR NetGetJoinableOUs_r(struct libnetapi_ctx *ctx, DATA_BLOB session_key; werr = libnetapi_open_pipe(ctx, r->in.server_name, - &ndr_table_wkssvc.syntax_id, + &ndr_table_wkssvc, &pipe_cli); if (!W_ERROR_IS_OK(werr)) { goto done; @@ -508,7 +508,7 @@ WERROR NetRenameMachineInDomain_r(struct libnetapi_ctx *ctx, DATA_BLOB session_key; werr = libnetapi_open_pipe(ctx, r->in.server_name, - &ndr_table_wkssvc.syntax_id, + &ndr_table_wkssvc, &pipe_cli); if (!W_ERROR_IS_OK(werr)) { goto done; diff --git a/source3/lib/netapi/localgroup.c b/source3/lib/netapi/localgroup.c index 1a544ad..6501edd 100644 --- a/source3/lib/netapi/localgroup.c +++ b/source3/lib/netapi/localgroup.c @@ -179,7 +179,7 @@ WERROR NetLocalGroupAdd_r(struct libnetapi_ctx *ctx, } werr = libnetapi_open_pipe(ctx, r->in.server_name, - &ndr_table_samr.syntax_id, + &ndr_table_samr, &pipe_cli); if (!W_ERROR_IS_OK(werr)) { goto done; @@ -313,7 +313,7 @@ WERROR NetLocalGroupDel_r(struct libnetapi_ctx *ctx, ZERO_STRUCT(alias_handle); werr = libnetapi_open_pipe(ctx, r->in.server_name, - &ndr_table_samr.syntax_id, + &ndr_table_samr, &pipe_cli); if (!W_ERROR_IS_OK(werr)) { goto done; @@ -493,7 +493,7 @@ WERROR NetLocalGroupGetInfo_r(struct libnetapi_ctx *ctx, ZERO_STRUCT(alias_handle); werr = libnetapi_open_pipe(ctx, r->in.server_name, - &ndr_table_samr.syntax_id, + &ndr_table_samr, &pipe_cli); if (!W_ERROR_IS_OK(werr)) { goto done; @@ -672,7 +672,7 @@ WERROR NetLocalGroupSetInfo_r(struct libnetapi_ctx *ctx, ZERO_STRUCT(alias_handle); werr = libnetapi_open_pipe(ctx, r->in.server_name, - &ndr_table_samr.syntax_id, + &ndr_table_samr, &pipe_cli); if (!W_ERROR_IS_OK(werr)) { goto done; @@ -822,7 +822,7 @@ WERROR NetLocalGroupEnum_r(struct libnetapi_ctx *ctx, ZERO_STRUCT(alias_handle); werr = libnetapi_open_pipe(ctx, r->in.server_name, - &ndr_table_samr.syntax_id, + &ndr_table_samr, &pipe_cli); if (!W_ERROR_IS_OK(werr)) { goto done; @@ -1135,7 +1135,7 @@ static WERROR NetLocalGroupModifyMembers_r(struct libnetapi_ctx *ctx, if (r->in.level == 3) { werr = libnetapi_open_pipe(ctx, r->in.server_name, - &ndr_table_lsarpc.syntax_id, + &ndr_table_lsarpc, &lsa_pipe); if (!W_ERROR_IS_OK(werr)) { goto done; @@ -1154,7 +1154,7 @@ static WERROR NetLocalGroupModifyMembers_r(struct libnetapi_ctx *ctx, } werr = libnetapi_open_pipe(ctx, r->in.server_name, - &ndr_table_samr.syntax_id, + &ndr_table_samr, &pipe_cli); if (!W_ERROR_IS_OK(werr)) { goto done; diff --git a/source3/lib/netapi/netapi_private.h b/source3/lib/netapi/netapi_private.h index 62aa7ef..897cf3d 100644 --- a/source3/lib/netapi/netapi_private.h +++ b/source3/lib/netapi/netapi_private.h @@ -61,7 +61,7 @@ NET_API_STATUS libnetapi_get_debuglevel(struct libnetapi_ctx *ctx, char **debugl WERROR libnetapi_shutdown_cm(struct libnetapi_ctx *ctx); WERROR libnetapi_open_pipe(struct libnetapi_ctx *ctx, const char *server_name, - const struct ndr_syntax_id *interface, + const struct ndr_interface_table *table, struct rpc_pipe_client **presult); WERROR libnetapi_get_binding_handle(struct libnetapi_ctx *ctx, const char *server_name, diff --git a/source3/lib/netapi/user.c b/source3/lib/netapi/user.c index df3914c..a2d6c79 100644 --- a/source3/lib/netapi/user.c +++ b/source3/lib/netapi/user.c @@ -400,7 +400,7 @@ WERROR NetUserAdd_r(struct libnetapi_ctx *ctx, } werr = libnetapi_open_pipe(ctx, r->in.server_name, - &ndr_table_samr.syntax_id, + &ndr_table_samr, &pipe_cli); if (!W_ERROR_IS_OK(werr)) { goto done; @@ -552,7 +552,7 @@ WERROR NetUserDel_r(struct libnetapi_ctx *ctx, ZERO_STRUCT(user_handle); werr = libnetapi_open_pipe(ctx, r->in.server_name, - &ndr_table_samr.syntax_id, + &ndr_table_samr, &pipe_cli); if (!W_ERROR_IS_OK(werr)) { @@ -1314,7 +1314,7 @@ WERROR NetUserEnum_r(struct libnetapi_ctx *ctx, } werr = libnetapi_open_pipe(ctx, r->in.server_name, - &ndr_table_samr.syntax_id, + &ndr_table_samr, &pipe_cli); if (!W_ERROR_IS_OK(werr)) { goto done; @@ -1622,7 +1622,7 @@ WERROR NetQueryDisplayInformation_r(struct libnetapi_ctx *ctx, } werr = libnetapi_open_pipe(ctx, r->in.server_name, - &ndr_table_samr.syntax_id, + &ndr_table_samr, &pipe_cli); if (!W_ERROR_IS_OK(werr)) { goto done; @@ -1756,7 +1756,7 @@ WERROR NetUserGetInfo_r(struct libnetapi_ctx *ctx, } werr = libnetapi_open_pipe(ctx, r->in.server_name, - &ndr_table_samr.syntax_id, + &ndr_table_samr, &pipe_cli); if (!W_ERROR_IS_OK(werr)) { goto done; @@ -1920,7 +1920,7 @@ WERROR NetUserSetInfo_r(struct libnetapi_ctx *ctx, } werr = libnetapi_open_pipe(ctx, r->in.server_name, - &ndr_table_samr.syntax_id, + &ndr_table_samr, &pipe_cli); if (!W_ERROR_IS_OK(werr)) { goto done; @@ -2371,7 +2371,7 @@ WERROR NetUserModalsGet_r(struct libnetapi_ctx *ctx, } werr = libnetapi_open_pipe(ctx, r->in.server_name, - &ndr_table_samr.syntax_id, + &ndr_table_samr, &pipe_cli); if (!W_ERROR_IS_OK(werr)) { goto done; @@ -2856,7 +2856,7 @@ WERROR NetUserModalsSet_r(struct libnetapi_ctx *ctx, } werr = libnetapi_open_pipe(ctx, r->in.server_name, - &ndr_table_samr.syntax_id, + &ndr_table_samr, &pipe_cli); if (!W_ERROR_IS_OK(werr)) { goto done; @@ -2991,7 +2991,7 @@ WERROR NetUserGetGroups_r(struct libnetapi_ctx *ctx, } werr = libnetapi_open_pipe(ctx, r->in.server_name, - &ndr_table_samr.syntax_id, + &ndr_table_samr, &pipe_cli); if (!W_ERROR_IS_OK(werr)) { goto done; @@ -3166,7 +3166,7 @@ WERROR NetUserSetGroups_r(struct libnetapi_ctx *ctx, } werr = libnetapi_open_pipe(ctx, r->in.server_name, - &ndr_table_samr.syntax_id, + &ndr_table_samr, &pipe_cli); if (!W_ERROR_IS_OK(werr)) { goto done; @@ -3491,7 +3491,7 @@ WERROR NetUserGetLocalGroups_r(struct libnetapi_ctx *ctx, } werr = libnetapi_open_pipe(ctx, r->in.server_name, - &ndr_table_samr.syntax_id, + &ndr_table_samr, &pipe_cli); if (!W_ERROR_IS_OK(werr)) { goto done; -- 1.8.1.2 From 0ce2178f2ffeaee324c7e8fef7c87727def7bd77 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?G=C3=BCnther=20Deschner?= Date: Fri, 17 May 2013 16:13:26 +0200 Subject: [PATCH 26/67] s3-libnetapi: pass down ndr_interface_table to pipe_cm() and friends. MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Guenther Signed-off-by: Günther Deschner Reviewed-by: Stefan Metzmacher Reviewed-by: Andreas Schneider --- source3/lib/netapi/cm.c | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/source3/lib/netapi/cm.c b/source3/lib/netapi/cm.c index 310b6d2..c158792 100644 --- a/source3/lib/netapi/cm.c +++ b/source3/lib/netapi/cm.c @@ -161,7 +161,7 @@ WERROR libnetapi_shutdown_cm(struct libnetapi_ctx *ctx) ********************************************************************/ static NTSTATUS pipe_cm_find(struct client_ipc_connection *ipc, - const struct ndr_syntax_id *interface, + const struct ndr_interface_table *table, struct rpc_pipe_client **presult) { struct client_pipe_connection *p; @@ -177,7 +177,7 @@ static NTSTATUS pipe_cm_find(struct client_ipc_connection *ipc, if (strequal(ipc_remote_name, p->pipe->desthost) && ndr_syntax_id_equal(&p->pipe->abstract_syntax, - interface)) { + &table->syntax_id)) { *presult = p->pipe; return NT_STATUS_OK; } @@ -191,7 +191,7 @@ static NTSTATUS pipe_cm_find(struct client_ipc_connection *ipc, static NTSTATUS pipe_cm_connect(TALLOC_CTX *mem_ctx, struct client_ipc_connection *ipc, - const struct ndr_syntax_id *interface, + const struct ndr_interface_table *table, struct rpc_pipe_client **presult) { struct client_pipe_connection *p; @@ -202,7 +202,7 @@ static NTSTATUS pipe_cm_connect(TALLOC_CTX *mem_ctx, return NT_STATUS_NO_MEMORY; } - status = cli_rpc_pipe_open_noauth(ipc->cli, interface, &p->pipe); + status = cli_rpc_pipe_open_noauth(ipc->cli, &table->syntax_id, &p->pipe); if (!NT_STATUS_IS_OK(status)) { TALLOC_FREE(p); return status; @@ -219,14 +219,14 @@ static NTSTATUS pipe_cm_connect(TALLOC_CTX *mem_ctx, static NTSTATUS pipe_cm_open(TALLOC_CTX *ctx, struct client_ipc_connection *ipc, - const struct ndr_syntax_id *interface, + const struct ndr_interface_table *table, struct rpc_pipe_client **presult) { - if (NT_STATUS_IS_OK(pipe_cm_find(ipc, interface, presult))) { + if (NT_STATUS_IS_OK(pipe_cm_find(ipc, table, presult))) { return NT_STATUS_OK; } - return pipe_cm_connect(ctx, ipc, interface, presult); + return pipe_cm_connect(ctx, ipc, table, presult); } /******************************************************************** @@ -251,7 +251,7 @@ WERROR libnetapi_open_pipe(struct libnetapi_ctx *ctx, return werr; } - status = pipe_cm_open(ctx, ipc, &table->syntax_id, &result); + status = pipe_cm_open(ctx, ipc, table, &result); if (!NT_STATUS_IS_OK(status)) { libnetapi_set_error_string(ctx, "failed to open PIPE %s: %s", get_pipe_name_from_syntax(talloc_tos(), &table->syntax_id), -- 1.8.1.2 From 9b4fb5b074b035eaef98c4a463c9d68006ed52da Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?G=C3=BCnther=20Deschner?= Date: Fri, 17 May 2013 16:16:59 +0200 Subject: [PATCH 27/67] s3-rpc_cli: pass down ndr_interface_table to rpc_pipe_open_ncalrpc(). MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Guenther Signed-off-by: Günther Deschner Reviewed-by: Stefan Metzmacher Reviewed-by: Andreas Schneider --- source3/librpc/rpc/dcerpc_ep.c | 2 +- source3/rpc_client/cli_pipe.c | 4 ++-- source3/rpc_client/cli_pipe.h | 2 +- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/source3/librpc/rpc/dcerpc_ep.c b/source3/librpc/rpc/dcerpc_ep.c index bb080c5..410caa7 100644 --- a/source3/librpc/rpc/dcerpc_ep.c +++ b/source3/librpc/rpc/dcerpc_ep.c @@ -365,7 +365,7 @@ static NTSTATUS ep_register(TALLOC_CTX *mem_ctx, status = rpc_pipe_open_ncalrpc(tmp_ctx, ncalrpc_sock, - &ndr_table_epmapper.syntax_id, + &ndr_table_epmapper, &cli); if (!NT_STATUS_IS_OK(status)) { goto done; diff --git a/source3/rpc_client/cli_pipe.c b/source3/rpc_client/cli_pipe.c index 497df24..5a55fd5 100644 --- a/source3/rpc_client/cli_pipe.c +++ b/source3/rpc_client/cli_pipe.c @@ -2654,7 +2654,7 @@ NTSTATUS rpc_pipe_open_tcp(TALLOC_CTX *mem_ctx, const char *host, Create a rpc pipe client struct, connecting to a unix domain socket ********************************************************************/ NTSTATUS rpc_pipe_open_ncalrpc(TALLOC_CTX *mem_ctx, const char *socket_path, - const struct ndr_syntax_id *abstract_syntax, + const struct ndr_interface_table *table, struct rpc_pipe_client **presult) { struct rpc_pipe_client *result; @@ -2668,7 +2668,7 @@ NTSTATUS rpc_pipe_open_ncalrpc(TALLOC_CTX *mem_ctx, const char *socket_path, return NT_STATUS_NO_MEMORY; } - result->abstract_syntax = *abstract_syntax; + result->abstract_syntax = table->syntax_id; result->transfer_syntax = ndr_transfer_syntax_ndr; result->desthost = get_myname(result); diff --git a/source3/rpc_client/cli_pipe.h b/source3/rpc_client/cli_pipe.h index 34ae542..3415db0 100644 --- a/source3/rpc_client/cli_pipe.h +++ b/source3/rpc_client/cli_pipe.h @@ -71,7 +71,7 @@ NTSTATUS rpc_pipe_open_tcp(TALLOC_CTX *mem_ctx, struct rpc_pipe_client **presult); NTSTATUS rpc_pipe_open_ncalrpc(TALLOC_CTX *mem_ctx, const char *socket_path, - const struct ndr_syntax_id *abstract_syntax, + const struct ndr_interface_table *table, struct rpc_pipe_client **presult); struct dcerpc_binding_handle *rpccli_bh_create(struct rpc_pipe_client *c); -- 1.8.1.2 From 6886cff0a7e97864e9094af936cbef08a3c8f6f4 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?G=C3=BCnther=20Deschner?= Date: Fri, 17 May 2013 16:44:05 +0200 Subject: [PATCH 28/67] s3-rpc_cli: pass down ndr_interface_table to rpc_pipe_open_interface(). MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Guenther Signed-off-by: Günther Deschner Reviewed-by: Stefan Metzmacher Reviewed-by: Andreas Schneider --- source3/printing/nt_printing_migrate_internal.c | 2 +- source3/printing/printspoolss.c | 4 +-- source3/rpc_server/rpc_ncacn_np.c | 8 +++--- source3/rpc_server/rpc_ncacn_np.h | 2 +- source3/smbd/lanman.c | 36 ++++++++++++------------- source3/smbd/reply.c | 2 +- 6 files changed, 27 insertions(+), 27 deletions(-) diff --git a/source3/printing/nt_printing_migrate_internal.c b/source3/printing/nt_printing_migrate_internal.c index 200db07f..6bc7ea2 100644 --- a/source3/printing/nt_printing_migrate_internal.c +++ b/source3/printing/nt_printing_migrate_internal.c @@ -211,7 +211,7 @@ bool nt_printing_tdb_migrate(struct messaging_context *msg_ctx) } status = rpc_pipe_open_interface(tmp_ctx, - &ndr_table_winreg.syntax_id, + &ndr_table_winreg, session_info, NULL, msg_ctx, diff --git a/source3/printing/printspoolss.c b/source3/printing/printspoolss.c index fc1e9c1..0507e83 100644 --- a/source3/printing/printspoolss.c +++ b/source3/printing/printspoolss.c @@ -154,7 +154,7 @@ NTSTATUS print_spool_open(files_struct *fsp, * a job id */ status = rpc_pipe_open_interface(fsp->conn, - &ndr_table_spoolss.syntax_id, + &ndr_table_spoolss, fsp->conn->session_info, fsp->conn->sconn->remote_address, fsp->conn->sconn->msg_ctx, @@ -343,7 +343,7 @@ void print_spool_terminate(struct connection_struct *conn, rap_jobid_delete(print_file->svcname, print_file->jobid); status = rpc_pipe_open_interface(conn, - &ndr_table_spoolss.syntax_id, + &ndr_table_spoolss, conn->session_info, conn->sconn->remote_address, conn->sconn->msg_ctx, diff --git a/source3/rpc_server/rpc_ncacn_np.c b/source3/rpc_server/rpc_ncacn_np.c index b4602a9..7389b3e 100644 --- a/source3/rpc_server/rpc_ncacn_np.c +++ b/source3/rpc_server/rpc_ncacn_np.c @@ -758,7 +758,7 @@ done: */ NTSTATUS rpc_pipe_open_interface(TALLOC_CTX *mem_ctx, - const struct ndr_syntax_id *syntax, + const struct ndr_interface_table *table, const struct auth_session_info *session_info, const struct tsocket_address *remote_address, struct messaging_context *msg_ctx, @@ -783,7 +783,7 @@ NTSTATUS rpc_pipe_open_interface(TALLOC_CTX *mem_ctx, return NT_STATUS_NO_MEMORY; } - pipe_name = get_pipe_name_from_syntax(tmp_ctx, syntax); + pipe_name = get_pipe_name_from_syntax(tmp_ctx, &table->syntax_id); if (pipe_name == NULL) { status = NT_STATUS_INVALID_PARAMETER; goto done; @@ -800,7 +800,7 @@ NTSTATUS rpc_pipe_open_interface(TALLOC_CTX *mem_ctx, switch (pipe_mode) { case RPC_SERVICE_MODE_EMBEDDED: status = rpc_pipe_open_internal(tmp_ctx, - syntax, session_info, + &table->syntax_id, session_info, remote_address, msg_ctx, &cli); if (!NT_STATUS_IS_OK(status)) { @@ -813,7 +813,7 @@ NTSTATUS rpc_pipe_open_interface(TALLOC_CTX *mem_ctx, * to spoolssd. */ status = rpc_pipe_open_external(tmp_ctx, - pipe_name, syntax, + pipe_name, &table->syntax_id, session_info, &cli); if (!NT_STATUS_IS_OK(status)) { diff --git a/source3/rpc_server/rpc_ncacn_np.h b/source3/rpc_server/rpc_ncacn_np.h index 586d61b..67cd8a1 100644 --- a/source3/rpc_server/rpc_ncacn_np.h +++ b/source3/rpc_server/rpc_ncacn_np.h @@ -50,7 +50,7 @@ NTSTATUS rpcint_binding_handle(TALLOC_CTX *mem_ctx, struct messaging_context *msg_ctx, struct dcerpc_binding_handle **binding_handle); NTSTATUS rpc_pipe_open_interface(TALLOC_CTX *mem_ctx, - const struct ndr_syntax_id *syntax, + const struct ndr_interface_table *table, const struct auth_session_info *session_info, const struct tsocket_address *remote_address, struct messaging_context *msg_ctx, diff --git a/source3/smbd/lanman.c b/source3/smbd/lanman.c index 9278a3f..51d5fbf 100644 --- a/source3/smbd/lanman.c +++ b/source3/smbd/lanman.c @@ -832,7 +832,7 @@ static bool api_DosPrintQGetInfo(struct smbd_server_connection *sconn, } status = rpc_pipe_open_interface(conn, - &ndr_table_spoolss.syntax_id, + &ndr_table_spoolss, conn->session_info, conn->sconn->remote_address, conn->sconn->msg_ctx, @@ -1029,7 +1029,7 @@ static bool api_DosPrintQEnum(struct smbd_server_connection *sconn, } status = rpc_pipe_open_interface(conn, - &ndr_table_spoolss.syntax_id, + &ndr_table_spoolss, conn->session_info, conn->sconn->remote_address, conn->sconn->msg_ctx, @@ -2255,7 +2255,7 @@ static bool api_RNetShareAdd(struct smbd_server_connection *sconn, return false; } - status = rpc_pipe_open_interface(mem_ctx, &ndr_table_srvsvc.syntax_id, + status = rpc_pipe_open_interface(mem_ctx, &ndr_table_srvsvc, conn->session_info, conn->sconn->remote_address, conn->sconn->msg_ctx, @@ -2367,7 +2367,7 @@ static bool api_RNetGroupEnum(struct smbd_server_connection *sconn, } status = rpc_pipe_open_interface( - talloc_tos(), &ndr_table_samr.syntax_id, + talloc_tos(), &ndr_table_samr, conn->session_info, conn->sconn->remote_address, conn->sconn->msg_ctx, &samr_pipe); if (!NT_STATUS_IS_OK(status)) { @@ -2573,7 +2573,7 @@ static bool api_NetUserGetGroups(struct smbd_server_connection *sconn, endp = *rdata + *rdata_len; status = rpc_pipe_open_interface( - talloc_tos(), &ndr_table_samr.syntax_id, + talloc_tos(), &ndr_table_samr, conn->session_info, conn->sconn->remote_address, conn->sconn->msg_ctx, &samr_pipe); if (!NT_STATUS_IS_OK(status)) { @@ -2765,7 +2765,7 @@ static bool api_RNetUserEnum(struct smbd_server_connection *sconn, endp = *rdata + *rdata_len; status = rpc_pipe_open_interface( - talloc_tos(), &ndr_table_samr.syntax_id, + talloc_tos(), &ndr_table_samr, conn->session_info, conn->sconn->remote_address, conn->sconn->msg_ctx, &samr_pipe); if (!NT_STATUS_IS_OK(status)) { @@ -3030,7 +3030,7 @@ static bool api_SetUserPassword(struct smbd_server_connection *sconn, ZERO_STRUCT(domain_handle); ZERO_STRUCT(user_handle); - status = rpc_pipe_open_interface(mem_ctx, &ndr_table_samr.syntax_id, + status = rpc_pipe_open_interface(mem_ctx, &ndr_table_samr, conn->session_info, conn->sconn->remote_address, conn->sconn->msg_ctx, @@ -3281,7 +3281,7 @@ static bool api_SamOEMChangePassword(struct smbd_server_connection *sconn, memcpy(password.data, data, 516); memcpy(hash.hash, data+516, 16); - status = rpc_pipe_open_interface(mem_ctx, &ndr_table_samr.syntax_id, + status = rpc_pipe_open_interface(mem_ctx, &ndr_table_samr, conn->session_info, conn->sconn->remote_address, conn->sconn->msg_ctx, @@ -3378,7 +3378,7 @@ static bool api_RDosPrintJobDel(struct smbd_server_connection *sconn, ZERO_STRUCT(handle); status = rpc_pipe_open_interface(conn, - &ndr_table_spoolss.syntax_id, + &ndr_table_spoolss, conn->session_info, conn->sconn->remote_address, conn->sconn->msg_ctx, @@ -3506,7 +3506,7 @@ static bool api_WPrintQueueCtrl(struct smbd_server_connection *sconn, ZERO_STRUCT(handle); status = rpc_pipe_open_interface(conn, - &ndr_table_spoolss.syntax_id, + &ndr_table_spoolss, conn->session_info, conn->sconn->remote_address, conn->sconn->msg_ctx, @@ -3688,7 +3688,7 @@ static bool api_PrintJobInfo(struct smbd_server_connection *sconn, ZERO_STRUCT(handle); status = rpc_pipe_open_interface(conn, - &ndr_table_spoolss.syntax_id, + &ndr_table_spoolss, conn->session_info, conn->sconn->remote_address, conn->sconn->msg_ctx, @@ -3865,7 +3865,7 @@ static bool api_RNetServerGetInfo(struct smbd_server_connection *sconn, p = *rdata; p2 = p + struct_len; - status = rpc_pipe_open_interface(mem_ctx, &ndr_table_srvsvc.syntax_id, + status = rpc_pipe_open_interface(mem_ctx, &ndr_table_srvsvc, conn->session_info, conn->sconn->remote_address, conn->sconn->msg_ctx, @@ -4296,7 +4296,7 @@ static bool api_RNetUserGetInfo(struct smbd_server_connection *sconn, ZERO_STRUCT(domain_handle); ZERO_STRUCT(user_handle); - status = rpc_pipe_open_interface(mem_ctx, &ndr_table_samr.syntax_id, + status = rpc_pipe_open_interface(mem_ctx, &ndr_table_samr, conn->session_info, conn->sconn->remote_address, conn->sconn->msg_ctx, @@ -4825,7 +4825,7 @@ static bool api_WPrintJobGetInfo(struct smbd_server_connection *sconn, ZERO_STRUCT(handle); status = rpc_pipe_open_interface(conn, - &ndr_table_spoolss.syntax_id, + &ndr_table_spoolss, conn->session_info, conn->sconn->remote_address, conn->sconn->msg_ctx, @@ -4967,7 +4967,7 @@ static bool api_WPrintJobEnumerate(struct smbd_server_connection *sconn, ZERO_STRUCT(handle); status = rpc_pipe_open_interface(conn, - &ndr_table_spoolss.syntax_id, + &ndr_table_spoolss, conn->session_info, conn->sconn->remote_address, conn->sconn->msg_ctx, @@ -5167,7 +5167,7 @@ static bool api_WPrintDestGetInfo(struct smbd_server_connection *sconn, ZERO_STRUCT(handle); status = rpc_pipe_open_interface(conn, - &ndr_table_spoolss.syntax_id, + &ndr_table_spoolss, conn->session_info, conn->sconn->remote_address, conn->sconn->msg_ctx, @@ -5299,7 +5299,7 @@ static bool api_WPrintDestEnum(struct smbd_server_connection *sconn, queuecnt = 0; status = rpc_pipe_open_interface(conn, - &ndr_table_spoolss.syntax_id, + &ndr_table_spoolss, conn->session_info, conn->sconn->remote_address, conn->sconn->msg_ctx, @@ -5610,7 +5610,7 @@ static bool api_RNetSessionEnum(struct smbd_server_connection *sconn, } status = rpc_pipe_open_interface(conn, - &ndr_table_srvsvc.syntax_id, + &ndr_table_srvsvc, conn->session_info, conn->sconn->remote_address, conn->sconn->msg_ctx, diff --git a/source3/smbd/reply.c b/source3/smbd/reply.c index 2ae3ff4..3f59df8 100644 --- a/source3/smbd/reply.c +++ b/source3/smbd/reply.c @@ -5636,7 +5636,7 @@ void reply_printqueue(struct smb_request *req) ZERO_STRUCT(handle); status = rpc_pipe_open_interface(conn, - &ndr_table_spoolss.syntax_id, + &ndr_table_spoolss, conn->session_info, conn->sconn->remote_address, conn->sconn->msg_ctx, -- 1.8.1.2 From f6d61b571d79ebf1df58513ec728057d00b95f3e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?G=C3=BCnther=20Deschner?= Date: Fri, 24 May 2013 13:03:23 +0200 Subject: [PATCH 29/67] s3-rpc_cli: pass down ndr_interface_table to cli_rpc_pipe_open_schannel(). MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Guenther Signed-off-by: Günther Deschner Reviewed-by: Stefan Metzmacher Reviewed-by: Andreas Schneider --- source3/auth/auth_domain.c | 2 +- source3/rpc_client/cli_pipe.h | 2 +- source3/rpc_client/cli_pipe_schannel.c | 4 ++-- source3/rpcclient/rpcclient.c | 2 +- source3/utils/net_rpc.c | 2 +- 5 files changed, 6 insertions(+), 6 deletions(-) diff --git a/source3/auth/auth_domain.c b/source3/auth/auth_domain.c index 286c75c..a375f11 100644 --- a/source3/auth/auth_domain.c +++ b/source3/auth/auth_domain.c @@ -115,7 +115,7 @@ static NTSTATUS connect_to_domain_password_server(struct cli_state **cli, if (lp_client_schannel()) { /* We also setup the creds chain in the open_schannel call. */ result = cli_rpc_pipe_open_schannel( - *cli, &ndr_table_netlogon.syntax_id, NCACN_NP, + *cli, &ndr_table_netlogon, NCACN_NP, DCERPC_AUTH_LEVEL_PRIVACY, domain, &netlogon_pipe); } else { result = cli_rpc_pipe_open_noauth( diff --git a/source3/rpc_client/cli_pipe.h b/source3/rpc_client/cli_pipe.h index 3415db0..d17322a 100644 --- a/source3/rpc_client/cli_pipe.h +++ b/source3/rpc_client/cli_pipe.h @@ -125,7 +125,7 @@ NTSTATUS cli_rpc_pipe_open_ntlmssp_auth_schannel(struct cli_state *cli, struct rpc_pipe_client **presult); NTSTATUS cli_rpc_pipe_open_schannel(struct cli_state *cli, - const struct ndr_syntax_id *interface, + const struct ndr_interface_table *table, enum dcerpc_transport_t transport, enum dcerpc_AuthLevel auth_level, const char *domain, diff --git a/source3/rpc_client/cli_pipe_schannel.c b/source3/rpc_client/cli_pipe_schannel.c index c275720..8bc01a5 100644 --- a/source3/rpc_client/cli_pipe_schannel.c +++ b/source3/rpc_client/cli_pipe_schannel.c @@ -169,7 +169,7 @@ NTSTATUS cli_rpc_pipe_open_ntlmssp_auth_schannel(struct cli_state *cli, ****************************************************************************/ NTSTATUS cli_rpc_pipe_open_schannel(struct cli_state *cli, - const struct ndr_syntax_id *interface, + const struct ndr_interface_table *table, enum dcerpc_transport_t transport, enum dcerpc_AuthLevel auth_level, const char *domain, @@ -190,7 +190,7 @@ NTSTATUS cli_rpc_pipe_open_schannel(struct cli_state *cli, } status = cli_rpc_pipe_open_schannel_with_key( - cli, interface, transport, auth_level, domain, &netlogon_pipe->dc, + cli, &table->syntax_id, transport, auth_level, domain, &netlogon_pipe->dc, &result); /* Now we've bound using the session key we can close the netlog pipe. */ diff --git a/source3/rpcclient/rpcclient.c b/source3/rpcclient/rpcclient.c index d204d7f..6b6478e 100644 --- a/source3/rpcclient/rpcclient.c +++ b/source3/rpcclient/rpcclient.c @@ -734,7 +734,7 @@ static NTSTATUS do_cmd(struct cli_state *cli, break; case DCERPC_AUTH_TYPE_SCHANNEL: ntresult = cli_rpc_pipe_open_schannel( - cli, &cmd_entry->table->syntax_id, + cli, cmd_entry->table, default_transport, pipe_default_auth_level, get_cmdline_auth_info_domain(auth_info), diff --git a/source3/utils/net_rpc.c b/source3/utils/net_rpc.c index e59a223..1e9d6f0 100644 --- a/source3/utils/net_rpc.c +++ b/source3/utils/net_rpc.c @@ -191,7 +191,7 @@ int run_rpc_command(struct net_context *c, &ndr_table_netlogon.syntax_id))) { /* Always try and create an schannel netlogon pipe. */ nt_status = cli_rpc_pipe_open_schannel( - cli, &table->syntax_id, NCACN_NP, + cli, table, NCACN_NP, DCERPC_AUTH_LEVEL_PRIVACY, domain_name, &pipe_hnd); if (!NT_STATUS_IS_OK(nt_status)) { -- 1.8.1.2 From 7f169474fc86479abe09a5716b8029c6febcfaa9 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?G=C3=BCnther=20Deschner?= Date: Fri, 24 May 2013 13:08:33 +0200 Subject: [PATCH 30/67] s3-rpc_cli: pass down ndr_interface_table to cli_rpc_pipe_open_ntlmssp_auth_schannel(). MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Guenther Signed-off-by: Günther Deschner Reviewed-by: Stefan Metzmacher Reviewed-by: Andreas Schneider --- source3/rpc_client/cli_pipe.h | 2 +- source3/rpc_client/cli_pipe_schannel.c | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/source3/rpc_client/cli_pipe.h b/source3/rpc_client/cli_pipe.h index d17322a..7026692 100644 --- a/source3/rpc_client/cli_pipe.h +++ b/source3/rpc_client/cli_pipe.h @@ -116,7 +116,7 @@ NTSTATUS cli_rpc_pipe_open_schannel_with_key(struct cli_state *cli, struct rpc_pipe_client **presult); NTSTATUS cli_rpc_pipe_open_ntlmssp_auth_schannel(struct cli_state *cli, - const struct ndr_syntax_id *interface, + const struct ndr_interface_table *table, enum dcerpc_transport_t transport, enum dcerpc_AuthLevel auth_level, const char *domain, diff --git a/source3/rpc_client/cli_pipe_schannel.c b/source3/rpc_client/cli_pipe_schannel.c index 8bc01a5..261a768 100644 --- a/source3/rpc_client/cli_pipe_schannel.c +++ b/source3/rpc_client/cli_pipe_schannel.c @@ -128,7 +128,7 @@ static NTSTATUS get_schannel_session_key_auth_ntlmssp(struct cli_state *cli, ****************************************************************************/ NTSTATUS cli_rpc_pipe_open_ntlmssp_auth_schannel(struct cli_state *cli, - const struct ndr_syntax_id *interface, + const struct ndr_interface_table *table, enum dcerpc_transport_t transport, enum dcerpc_AuthLevel auth_level, const char *domain, @@ -151,7 +151,7 @@ NTSTATUS cli_rpc_pipe_open_ntlmssp_auth_schannel(struct cli_state *cli, } status = cli_rpc_pipe_open_schannel_with_key( - cli, interface, transport, auth_level, domain, &netlogon_pipe->dc, + cli, &table->syntax_id, transport, auth_level, domain, &netlogon_pipe->dc, &result); /* Now we've bound using the session key we can close the netlog pipe. */ -- 1.8.1.2 From 3dc3a6c8483a8de22b483ecf164c81232d4a8d65 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?G=C3=BCnther=20Deschner?= Date: Fri, 24 May 2013 13:17:24 +0200 Subject: [PATCH 31/67] s3-rpc_cli: pass down ndr_interface_table to cli_rpc_pipe_open_schannel_with_key(). MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Guenther Signed-off-by: Günther Deschner Reviewed-by: Stefan Metzmacher Reviewed-by: Andreas Schneider --- source3/libnet/libnet_join.c | 2 +- source3/rpc_client/cli_pipe.c | 6 +++--- source3/rpc_client/cli_pipe.h | 2 +- source3/rpc_client/cli_pipe_schannel.c | 4 ++-- source3/utils/net_rpc_join.c | 4 ++-- source3/winbindd/winbindd_cm.c | 8 ++++---- 6 files changed, 13 insertions(+), 13 deletions(-) diff --git a/source3/libnet/libnet_join.c b/source3/libnet/libnet_join.c index dfe7283..c77149a 100644 --- a/source3/libnet/libnet_join.c +++ b/source3/libnet/libnet_join.c @@ -1264,7 +1264,7 @@ NTSTATUS libnet_join_ok(const char *netbios_domain_name, } status = cli_rpc_pipe_open_schannel_with_key( - cli, &ndr_table_netlogon.syntax_id, NCACN_NP, + cli, &ndr_table_netlogon, NCACN_NP, DCERPC_AUTH_LEVEL_PRIVACY, netbios_domain_name, &netlogon_pipe->dc, &pipe_hnd); diff --git a/source3/rpc_client/cli_pipe.c b/source3/rpc_client/cli_pipe.c index 5a55fd5..8ff4a86 100644 --- a/source3/rpc_client/cli_pipe.c +++ b/source3/rpc_client/cli_pipe.c @@ -2994,7 +2994,7 @@ NTSTATUS cli_rpc_pipe_open_generic_auth(struct cli_state *cli, ****************************************************************************/ NTSTATUS cli_rpc_pipe_open_schannel_with_key(struct cli_state *cli, - const struct ndr_syntax_id *interface, + const struct ndr_interface_table *table, enum dcerpc_transport_t transport, enum dcerpc_AuthLevel auth_level, const char *domain, @@ -3005,7 +3005,7 @@ NTSTATUS cli_rpc_pipe_open_schannel_with_key(struct cli_state *cli, struct pipe_auth_data *auth; NTSTATUS status; - status = cli_rpc_pipe_open(cli, transport, interface, &result); + status = cli_rpc_pipe_open(cli, transport, &table->syntax_id, &result); if (!NT_STATUS_IS_OK(status)) { return status; } @@ -3042,7 +3042,7 @@ NTSTATUS cli_rpc_pipe_open_schannel_with_key(struct cli_state *cli, DEBUG(10,("cli_rpc_pipe_open_schannel_with_key: opened pipe %s to machine %s " "for domain %s and bound using schannel.\n", - get_pipe_name_from_syntax(talloc_tos(), interface), + get_pipe_name_from_syntax(talloc_tos(), &table->syntax_id), result->desthost, domain)); *presult = result; diff --git a/source3/rpc_client/cli_pipe.h b/source3/rpc_client/cli_pipe.h index 7026692..65bfbc8 100644 --- a/source3/rpc_client/cli_pipe.h +++ b/source3/rpc_client/cli_pipe.h @@ -108,7 +108,7 @@ NTSTATUS cli_rpc_pipe_open_spnego(struct cli_state *cli, struct rpc_pipe_client **presult); NTSTATUS cli_rpc_pipe_open_schannel_with_key(struct cli_state *cli, - const struct ndr_syntax_id *interface, + const struct ndr_interface_table *table, enum dcerpc_transport_t transport, enum dcerpc_AuthLevel auth_level, const char *domain, diff --git a/source3/rpc_client/cli_pipe_schannel.c b/source3/rpc_client/cli_pipe_schannel.c index 261a768..784e63f 100644 --- a/source3/rpc_client/cli_pipe_schannel.c +++ b/source3/rpc_client/cli_pipe_schannel.c @@ -151,7 +151,7 @@ NTSTATUS cli_rpc_pipe_open_ntlmssp_auth_schannel(struct cli_state *cli, } status = cli_rpc_pipe_open_schannel_with_key( - cli, &table->syntax_id, transport, auth_level, domain, &netlogon_pipe->dc, + cli, table, transport, auth_level, domain, &netlogon_pipe->dc, &result); /* Now we've bound using the session key we can close the netlog pipe. */ @@ -190,7 +190,7 @@ NTSTATUS cli_rpc_pipe_open_schannel(struct cli_state *cli, } status = cli_rpc_pipe_open_schannel_with_key( - cli, &table->syntax_id, transport, auth_level, domain, &netlogon_pipe->dc, + cli, table, transport, auth_level, domain, &netlogon_pipe->dc, &result); /* Now we've bound using the session key we can close the netlog pipe. */ diff --git a/source3/utils/net_rpc_join.c b/source3/utils/net_rpc_join.c index 7167cf9..c536676 100644 --- a/source3/utils/net_rpc_join.c +++ b/source3/utils/net_rpc_join.c @@ -137,7 +137,7 @@ NTSTATUS net_rpc_join_ok(struct net_context *c, const char *domain, } ntret = cli_rpc_pipe_open_schannel_with_key( - cli, &ndr_table_netlogon.syntax_id, NCACN_NP, + cli, &ndr_table_netlogon, NCACN_NP, DCERPC_AUTH_LEVEL_PRIVACY, domain, &netlogon_pipe->dc, &pipe_hnd); @@ -488,7 +488,7 @@ int net_rpc_join_newstyle(struct net_context *c, int argc, const char **argv) struct rpc_pipe_client *netlogon_schannel_pipe; status = cli_rpc_pipe_open_schannel_with_key( - cli, &ndr_table_netlogon.syntax_id, NCACN_NP, + cli, &ndr_table_netlogon, NCACN_NP, DCERPC_AUTH_LEVEL_PRIVACY, domain, &pipe_hnd->dc, &netlogon_schannel_pipe); diff --git a/source3/winbindd/winbindd_cm.c b/source3/winbindd/winbindd_cm.c index 50728a5..dfcf3f4 100644 --- a/source3/winbindd/winbindd_cm.c +++ b/source3/winbindd/winbindd_cm.c @@ -2343,7 +2343,7 @@ NTSTATUS cm_connect_sam(struct winbindd_domain *domain, TALLOC_CTX *mem_ctx, goto anonymous; } status = cli_rpc_pipe_open_schannel_with_key - (conn->cli, &ndr_table_samr.syntax_id, NCACN_NP, + (conn->cli, &ndr_table_samr, NCACN_NP, DCERPC_AUTH_LEVEL_PRIVACY, domain->name, &p_creds, &conn->samr_pipe); @@ -2475,7 +2475,7 @@ NTSTATUS cm_connect_lsa_tcp(struct winbindd_domain *domain, } status = cli_rpc_pipe_open_schannel_with_key(conn->cli, - &ndr_table_lsarpc.syntax_id, + &ndr_table_lsarpc, NCACN_IP_TCP, DCERPC_AUTH_LEVEL_PRIVACY, domain->name, @@ -2574,7 +2574,7 @@ NTSTATUS cm_connect_lsa(struct winbindd_domain *domain, TALLOC_CTX *mem_ctx, goto anonymous; } result = cli_rpc_pipe_open_schannel_with_key - (conn->cli, &ndr_table_lsarpc.syntax_id, NCACN_NP, + (conn->cli, &ndr_table_lsarpc, NCACN_NP, DCERPC_AUTH_LEVEL_PRIVACY, domain->name, &p_creds, &conn->lsa_pipe); @@ -2754,7 +2754,7 @@ NTSTATUS cm_connect_netlogon(struct winbindd_domain *domain, */ result = cli_rpc_pipe_open_schannel_with_key( - conn->cli, &ndr_table_netlogon.syntax_id, NCACN_NP, + conn->cli, &ndr_table_netlogon, NCACN_NP, DCERPC_AUTH_LEVEL_PRIVACY, domain->name, &netlogon_pipe->dc, &conn->netlogon_pipe); -- 1.8.1.2 From 9813fe2b04a5b4abaa95ea1d893b3803edbede4d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?G=C3=BCnther=20Deschner?= Date: Fri, 24 May 2013 13:29:28 +0200 Subject: [PATCH 32/67] s3-rpc_cli: pass down ndr_interface_table to cli_rpc_pipe_open_noauth(). MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Guenther Signed-off-by: Günther Deschner Reviewed-by: Stefan Metzmacher Reviewed-by: Andreas Schneider --- source3/auth/auth_domain.c | 2 +- source3/client/client.c | 2 +- source3/lib/netapi/cm.c | 2 +- source3/libnet/libnet_join.c | 8 ++++---- source3/libsmb/libsmb_dir.c | 2 +- source3/libsmb/libsmb_server.c | 2 +- source3/libsmb/passchange.c | 4 ++-- source3/libsmb/trustdom_cache.c | 2 +- source3/libsmb/trusts_util.c | 2 +- source3/rpc_client/cli_pipe.c | 4 ++-- source3/rpc_client/cli_pipe.h | 2 +- source3/rpc_client/cli_pipe_schannel.c | 2 +- source3/rpc_server/spoolss/srv_spoolss_nt.c | 2 +- source3/rpcclient/cmd_spoolss.c | 2 +- source3/rpcclient/cmd_test.c | 4 ++-- source3/rpcclient/rpcclient.c | 2 +- source3/torture/test_async_echo.c | 2 +- source3/utils/net_ads.c | 2 +- source3/utils/net_rpc.c | 20 ++++++++++---------- source3/utils/net_rpc_join.c | 6 +++--- source3/utils/net_rpc_shell.c | 2 +- source3/utils/net_rpc_trust.c | 2 +- source3/utils/net_util.c | 8 ++++---- source3/utils/netlookup.c | 2 +- source3/utils/smbcacls.c | 7 +++---- source3/utils/smbcquotas.c | 2 +- source3/utils/smbtree.c | 2 +- source3/winbindd/winbindd_cm.c | 10 +++++----- 28 files changed, 54 insertions(+), 55 deletions(-) diff --git a/source3/auth/auth_domain.c b/source3/auth/auth_domain.c index a375f11..54ee5a1 100644 --- a/source3/auth/auth_domain.c +++ b/source3/auth/auth_domain.c @@ -119,7 +119,7 @@ static NTSTATUS connect_to_domain_password_server(struct cli_state **cli, DCERPC_AUTH_LEVEL_PRIVACY, domain, &netlogon_pipe); } else { result = cli_rpc_pipe_open_noauth( - *cli, &ndr_table_netlogon.syntax_id, &netlogon_pipe); + *cli, &ndr_table_netlogon, &netlogon_pipe); } if (!NT_STATUS_IS_OK(result)) { diff --git a/source3/client/client.c b/source3/client/client.c index d03d1a4..1f63052 100644 --- a/source3/client/client.c +++ b/source3/client/client.c @@ -4218,7 +4218,7 @@ static bool browse_host_rpc(bool sort) int i; struct dcerpc_binding_handle *b; - status = cli_rpc_pipe_open_noauth(cli, &ndr_table_srvsvc.syntax_id, + status = cli_rpc_pipe_open_noauth(cli, &ndr_table_srvsvc, &pipe_hnd); if (!NT_STATUS_IS_OK(status)) { diff --git a/source3/lib/netapi/cm.c b/source3/lib/netapi/cm.c index c158792..cbc93d9 100644 --- a/source3/lib/netapi/cm.c +++ b/source3/lib/netapi/cm.c @@ -202,7 +202,7 @@ static NTSTATUS pipe_cm_connect(TALLOC_CTX *mem_ctx, return NT_STATUS_NO_MEMORY; } - status = cli_rpc_pipe_open_noauth(ipc->cli, &table->syntax_id, &p->pipe); + status = cli_rpc_pipe_open_noauth(ipc->cli, table, &p->pipe); if (!NT_STATUS_IS_OK(status)) { TALLOC_FREE(p); return status; diff --git a/source3/libnet/libnet_join.c b/source3/libnet/libnet_join.c index c77149a..348fb94 100644 --- a/source3/libnet/libnet_join.c +++ b/source3/libnet/libnet_join.c @@ -734,7 +734,7 @@ static NTSTATUS libnet_join_lookup_dc_rpc(TALLOC_CTX *mem_ctx, goto done; } - status = cli_rpc_pipe_open_noauth(*cli, &ndr_table_lsarpc.syntax_id, + status = cli_rpc_pipe_open_noauth(*cli, &ndr_table_lsarpc, &pipe_hnd); if (!NT_STATUS_IS_OK(status)) { DEBUG(0,("Error connecting to LSA pipe. Error was %s\n", @@ -804,7 +804,7 @@ static NTSTATUS libnet_join_joindomain_rpc_unsecure(TALLOC_CTX *mem_ctx, fstring trust_passwd; NTSTATUS status; - status = cli_rpc_pipe_open_noauth(cli, &ndr_table_netlogon.syntax_id, + status = cli_rpc_pipe_open_noauth(cli, &ndr_table_netlogon, &pipe_hnd); if (!NT_STATUS_IS_OK(status)) { return status; @@ -893,7 +893,7 @@ static NTSTATUS libnet_join_joindomain_rpc(TALLOC_CTX *mem_ctx, /* Open the domain */ - status = cli_rpc_pipe_open_noauth(cli, &ndr_table_samr.syntax_id, + status = cli_rpc_pipe_open_noauth(cli, &ndr_table_samr, &pipe_hnd); if (!NT_STATUS_IS_OK(status)) { DEBUG(0,("Error connecting to SAM pipe. Error was %s\n", @@ -1354,7 +1354,7 @@ static NTSTATUS libnet_join_unjoindomain_rpc(TALLOC_CTX *mem_ctx, /* Open the domain */ - status = cli_rpc_pipe_open_noauth(cli, &ndr_table_samr.syntax_id, + status = cli_rpc_pipe_open_noauth(cli, &ndr_table_samr, &pipe_hnd); if (!NT_STATUS_IS_OK(status)) { DEBUG(0,("Error connecting to SAM pipe. Error was %s\n", diff --git a/source3/libsmb/libsmb_dir.c b/source3/libsmb/libsmb_dir.c index 87e10d8..3a07f11 100644 --- a/source3/libsmb/libsmb_dir.c +++ b/source3/libsmb/libsmb_dir.c @@ -277,7 +277,7 @@ net_share_enum_rpc(struct cli_state *cli, struct dcerpc_binding_handle *b; /* Open the server service pipe */ - nt_status = cli_rpc_pipe_open_noauth(cli, &ndr_table_srvsvc.syntax_id, + nt_status = cli_rpc_pipe_open_noauth(cli, &ndr_table_srvsvc, &pipe_hnd); if (!NT_STATUS_IS_OK(nt_status)) { DEBUG(1, ("net_share_enum_rpc pipe open fail!\n")); diff --git a/source3/libsmb/libsmb_server.c b/source3/libsmb/libsmb_server.c index fc3977e..5c665bf 100644 --- a/source3/libsmb/libsmb_server.c +++ b/source3/libsmb/libsmb_server.c @@ -792,7 +792,7 @@ SMBC_attr_server(TALLOC_CTX *ctx, ipc_srv->cli = ipc_cli; nt_status = cli_rpc_pipe_open_noauth( - ipc_srv->cli, &ndr_table_lsarpc.syntax_id, &pipe_hnd); + ipc_srv->cli, &ndr_table_lsarpc, &pipe_hnd); if (!NT_STATUS_IS_OK(nt_status)) { DEBUG(1, ("cli_nt_session_open fail!\n")); errno = ENOTSUP; diff --git a/source3/libsmb/passchange.c b/source3/libsmb/passchange.c index 3933833..9736ada 100644 --- a/source3/libsmb/passchange.c +++ b/source3/libsmb/passchange.c @@ -169,7 +169,7 @@ NTSTATUS remote_password_change(const char *remote_machine, const char *user_nam * way. */ result = cli_rpc_pipe_open_noauth( - cli, &ndr_table_samr.syntax_id, &pipe_hnd); + cli, &ndr_table_samr, &pipe_hnd); } if (!NT_STATUS_IS_OK(result)) { @@ -230,7 +230,7 @@ NTSTATUS remote_password_change(const char *remote_machine, const char *user_nam result = NT_STATUS_UNSUCCESSFUL; /* OK, this is ugly, but... try an anonymous pipe. */ - result = cli_rpc_pipe_open_noauth(cli, &ndr_table_samr.syntax_id, + result = cli_rpc_pipe_open_noauth(cli, &ndr_table_samr, &pipe_hnd); if ( NT_STATUS_IS_OK(result) && diff --git a/source3/libsmb/trustdom_cache.c b/source3/libsmb/trustdom_cache.c index 8789d30..dadc751 100644 --- a/source3/libsmb/trustdom_cache.c +++ b/source3/libsmb/trustdom_cache.c @@ -289,7 +289,7 @@ static bool enumerate_domain_trusts( TALLOC_CTX *mem_ctx, const char *domain, /* open the LSARPC_PIPE */ - status = cli_rpc_pipe_open_noauth(cli, &ndr_table_lsarpc.syntax_id, + status = cli_rpc_pipe_open_noauth(cli, &ndr_table_lsarpc, &lsa_pipe); if (!NT_STATUS_IS_OK(status)) { goto done; diff --git a/source3/libsmb/trusts_util.c b/source3/libsmb/trusts_util.c index 0d039bc..6156ba0 100644 --- a/source3/libsmb/trusts_util.c +++ b/source3/libsmb/trusts_util.c @@ -182,7 +182,7 @@ NTSTATUS change_trust_account_password( const char *domain, const char *remote_m /* Shouldn't we open this with schannel ? JRA. */ nt_status = cli_rpc_pipe_open_noauth( - cli, &ndr_table_netlogon.syntax_id, &netlogon_pipe); + cli, &ndr_table_netlogon, &netlogon_pipe); if (!NT_STATUS_IS_OK(nt_status)) { DEBUG(0,("modify_trust_password: unable to open the domain client session to machine %s. Error was : %s.\n", dc_name, nt_errstr(nt_status))); diff --git a/source3/rpc_client/cli_pipe.c b/source3/rpc_client/cli_pipe.c index 8ff4a86..a8fbaa2 100644 --- a/source3/rpc_client/cli_pipe.c +++ b/source3/rpc_client/cli_pipe.c @@ -2920,11 +2920,11 @@ NTSTATUS cli_rpc_pipe_open_noauth_transport(struct cli_state *cli, ****************************************************************************/ NTSTATUS cli_rpc_pipe_open_noauth(struct cli_state *cli, - const struct ndr_syntax_id *interface, + const struct ndr_interface_table *table, struct rpc_pipe_client **presult) { return cli_rpc_pipe_open_noauth_transport(cli, NCACN_NP, - interface, presult); + &table->syntax_id, presult); } /**************************************************************************** diff --git a/source3/rpc_client/cli_pipe.h b/source3/rpc_client/cli_pipe.h index 65bfbc8..9aae61a 100644 --- a/source3/rpc_client/cli_pipe.h +++ b/source3/rpc_client/cli_pipe.h @@ -77,7 +77,7 @@ NTSTATUS rpc_pipe_open_ncalrpc(TALLOC_CTX *mem_ctx, const char *socket_path, struct dcerpc_binding_handle *rpccli_bh_create(struct rpc_pipe_client *c); NTSTATUS cli_rpc_pipe_open_noauth(struct cli_state *cli, - const struct ndr_syntax_id *interface, + const struct ndr_interface_table *table, struct rpc_pipe_client **presult); NTSTATUS cli_rpc_pipe_open_noauth_transport(struct cli_state *cli, diff --git a/source3/rpc_client/cli_pipe_schannel.c b/source3/rpc_client/cli_pipe_schannel.c index 784e63f..bc672ef 100644 --- a/source3/rpc_client/cli_pipe_schannel.c +++ b/source3/rpc_client/cli_pipe_schannel.c @@ -217,7 +217,7 @@ NTSTATUS get_schannel_session_key(struct cli_state *cli, struct rpc_pipe_client *netlogon_pipe = NULL; NTSTATUS status; - status = cli_rpc_pipe_open_noauth(cli, &ndr_table_netlogon.syntax_id, + status = cli_rpc_pipe_open_noauth(cli, &ndr_table_netlogon, &netlogon_pipe); if (!NT_STATUS_IS_OK(status)) { return status; diff --git a/source3/rpc_server/spoolss/srv_spoolss_nt.c b/source3/rpc_server/spoolss/srv_spoolss_nt.c index 03c966b..a094b49 100644 --- a/source3/rpc_server/spoolss/srv_spoolss_nt.c +++ b/source3/rpc_server/spoolss/srv_spoolss_nt.c @@ -2493,7 +2493,7 @@ static bool spoolss_connect_to_client(struct rpc_pipe_client **pp_pipe, * Now start the NT Domain stuff :-). */ - ret = cli_rpc_pipe_open_noauth(the_cli, &ndr_table_spoolss.syntax_id, pp_pipe); + ret = cli_rpc_pipe_open_noauth(the_cli, &ndr_table_spoolss, pp_pipe); if (!NT_STATUS_IS_OK(ret)) { DEBUG(2,("spoolss_connect_to_client: unable to open the spoolss pipe on machine %s. Error was : %s.\n", remote_machine, nt_errstr(ret))); diff --git a/source3/rpcclient/cmd_spoolss.c b/source3/rpcclient/cmd_spoolss.c index 5c499d4..fb011f8 100644 --- a/source3/rpcclient/cmd_spoolss.c +++ b/source3/rpcclient/cmd_spoolss.c @@ -3453,7 +3453,7 @@ static WERROR cmd_spoolss_printercmp(struct rpc_pipe_client *cli, if ( !NT_STATUS_IS_OK(nt_status) ) return WERR_GENERAL_FAILURE; - nt_status = cli_rpc_pipe_open_noauth(cli_server2, &ndr_table_spoolss.syntax_id, + nt_status = cli_rpc_pipe_open_noauth(cli_server2, &ndr_table_spoolss, &cli2); if (!NT_STATUS_IS_OK(nt_status)) { printf("failed to open spoolss pipe on server %s (%s)\n", diff --git a/source3/rpcclient/cmd_test.c b/source3/rpcclient/cmd_test.c index 591ae8c..367dc71 100644 --- a/source3/rpcclient/cmd_test.c +++ b/source3/rpcclient/cmd_test.c @@ -36,14 +36,14 @@ static NTSTATUS cmd_testme(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx, d_printf("testme\n"); status = cli_rpc_pipe_open_noauth(rpc_pipe_np_smb_conn(cli), - &ndr_table_lsarpc.syntax_id, + &ndr_table_lsarpc, &lsa_pipe); if (!NT_STATUS_IS_OK(status)) { goto done; } status = cli_rpc_pipe_open_noauth(rpc_pipe_np_smb_conn(cli), - &ndr_table_samr.syntax_id, + &ndr_table_samr, &samr_pipe); if (!NT_STATUS_IS_OK(status)) { goto done; diff --git a/source3/rpcclient/rpcclient.c b/source3/rpcclient/rpcclient.c index 6b6478e..e3b35bb 100644 --- a/source3/rpcclient/rpcclient.c +++ b/source3/rpcclient/rpcclient.c @@ -167,7 +167,7 @@ static void fetch_machine_sid(struct cli_state *cli) goto error; } - result = cli_rpc_pipe_open_noauth(cli, &ndr_table_lsarpc.syntax_id, + result = cli_rpc_pipe_open_noauth(cli, &ndr_table_lsarpc, &lsapipe); if (!NT_STATUS_IS_OK(result)) { fprintf(stderr, "could not initialise lsa pipe. Error was %s\n", nt_errstr(result) ); diff --git a/source3/torture/test_async_echo.c b/source3/torture/test_async_echo.c index 6df95dd..f21daa4 100644 --- a/source3/torture/test_async_echo.c +++ b/source3/torture/test_async_echo.c @@ -82,7 +82,7 @@ bool run_async_echo(int dummy) printf("torture_open_connection failed\n"); goto fail; } - status = cli_rpc_pipe_open_noauth(cli, &ndr_table_rpcecho.syntax_id, + status = cli_rpc_pipe_open_noauth(cli, &ndr_table_rpcecho, &p); if (!NT_STATUS_IS_OK(status)) { printf("Could not open echo pipe: %s\n", nt_errstr(status)); diff --git a/source3/utils/net_ads.c b/source3/utils/net_ads.c index 5699943..89eebf3 100644 --- a/source3/utils/net_ads.c +++ b/source3/utils/net_ads.c @@ -1957,7 +1957,7 @@ static int net_ads_printer_publish(struct net_context *c, int argc, const char * SAFE_FREE(srv_cn_escaped); SAFE_FREE(printername_escaped); - nt_status = cli_rpc_pipe_open_noauth(cli, &ndr_table_spoolss.syntax_id, &pipe_hnd); + nt_status = cli_rpc_pipe_open_noauth(cli, &ndr_table_spoolss, &pipe_hnd); if (!NT_STATUS_IS_OK(nt_status)) { d_fprintf(stderr, _("Unable to open a connection to the spoolss pipe on %s\n"), servername); diff --git a/source3/utils/net_rpc.c b/source3/utils/net_rpc.c index 1e9d6f0..488167c 100644 --- a/source3/utils/net_rpc.c +++ b/source3/utils/net_rpc.c @@ -82,7 +82,7 @@ NTSTATUS net_get_remote_domain_sid(struct cli_state *cli, TALLOC_CTX *mem_ctx, union lsa_PolicyInformation *info = NULL; struct dcerpc_binding_handle *b; - status = cli_rpc_pipe_open_noauth(cli, &ndr_table_lsarpc.syntax_id, + status = cli_rpc_pipe_open_noauth(cli, &ndr_table_lsarpc, &lsa_pipe); if (!NT_STATUS_IS_OK(status)) { d_fprintf(stderr, _("Could not initialise lsa pipe\n")); @@ -212,7 +212,7 @@ int run_rpc_command(struct net_context *c, c->opt_password, &pipe_hnd); } else { nt_status = cli_rpc_pipe_open_noauth( - cli, &table->syntax_id, + cli, table, &pipe_hnd); } if (!NT_STATUS_IS_OK(nt_status)) { @@ -348,7 +348,7 @@ static NTSTATUS rpc_oldjoin_internals(struct net_context *c, NTSTATUS result; enum netr_SchannelType sec_channel_type; - result = cli_rpc_pipe_open_noauth(cli, &ndr_table_netlogon.syntax_id, + result = cli_rpc_pipe_open_noauth(cli, &ndr_table_netlogon, &pipe_hnd); if (!NT_STATUS_IS_OK(result)) { DEBUG(0,("rpc_oldjoin_internals: netlogon pipe open to machine %s failed. " @@ -1958,7 +1958,7 @@ static NTSTATUS get_sid_from_name(struct cli_state *cli, NTSTATUS status, result; struct dcerpc_binding_handle *b; - status = cli_rpc_pipe_open_noauth(cli, &ndr_table_lsarpc.syntax_id, + status = cli_rpc_pipe_open_noauth(cli, &ndr_table_lsarpc, &pipe_hnd); if (!NT_STATUS_IS_OK(status)) { goto done; @@ -2951,7 +2951,7 @@ static NTSTATUS rpc_list_alias_members(struct net_context *c, } result = cli_rpc_pipe_open_noauth(rpc_pipe_np_smb_conn(pipe_hnd), - &ndr_table_lsarpc.syntax_id, + &ndr_table_lsarpc, &lsa_pipe); if (!NT_STATUS_IS_OK(result)) { d_fprintf(stderr, _("Couldn't open LSA pipe. Error was %s\n"), @@ -6188,7 +6188,7 @@ static NTSTATUS rpc_trustdom_get_pdc(struct net_context *c, /* Try netr_GetDcName */ - status = cli_rpc_pipe_open_noauth(cli, &ndr_table_netlogon.syntax_id, + status = cli_rpc_pipe_open_noauth(cli, &ndr_table_netlogon, &netr); if (!NT_STATUS_IS_OK(status)) { return status; @@ -6335,7 +6335,7 @@ static int rpc_trustdom_establish(struct net_context *c, int argc, * Call LsaOpenPolicy and LsaQueryInfo */ - nt_status = cli_rpc_pipe_open_noauth(cli, &ndr_table_lsarpc.syntax_id, + nt_status = cli_rpc_pipe_open_noauth(cli, &ndr_table_lsarpc, &pipe_hnd); if (!NT_STATUS_IS_OK(nt_status)) { DEBUG(0, ("Could not initialise lsa pipe. Error was %s\n", nt_errstr(nt_status) )); @@ -6612,7 +6612,7 @@ static int rpc_trustdom_vampire(struct net_context *c, int argc, return -1; }; - nt_status = cli_rpc_pipe_open_noauth(cli, &ndr_table_lsarpc.syntax_id, + nt_status = cli_rpc_pipe_open_noauth(cli, &ndr_table_lsarpc, &pipe_hnd); if (!NT_STATUS_IS_OK(nt_status)) { DEBUG(0, ("Could not initialise lsa pipe. Error was %s\n", @@ -6790,7 +6790,7 @@ static int rpc_trustdom_list(struct net_context *c, int argc, const char **argv) return -1; }; - nt_status = cli_rpc_pipe_open_noauth(cli, &ndr_table_lsarpc.syntax_id, + nt_status = cli_rpc_pipe_open_noauth(cli, &ndr_table_lsarpc, &pipe_hnd); if (!NT_STATUS_IS_OK(nt_status)) { DEBUG(0, ("Could not initialise lsa pipe. Error was %s\n", @@ -6906,7 +6906,7 @@ static int rpc_trustdom_list(struct net_context *c, int argc, const char **argv) /* * Open \PIPE\samr and get needed policy handles */ - nt_status = cli_rpc_pipe_open_noauth(cli, &ndr_table_samr.syntax_id, + nt_status = cli_rpc_pipe_open_noauth(cli, &ndr_table_samr, &pipe_hnd); if (!NT_STATUS_IS_OK(nt_status)) { DEBUG(0, ("Could not initialise samr pipe. Error was %s\n", nt_errstr(nt_status))); diff --git a/source3/utils/net_rpc_join.c b/source3/utils/net_rpc_join.c index c536676..a6ef11b 100644 --- a/source3/utils/net_rpc_join.c +++ b/source3/utils/net_rpc_join.c @@ -245,7 +245,7 @@ int net_rpc_join_newstyle(struct net_context *c, int argc, const char **argv) /* Fetch domain sid */ - status = cli_rpc_pipe_open_noauth(cli, &ndr_table_lsarpc.syntax_id, + status = cli_rpc_pipe_open_noauth(cli, &ndr_table_lsarpc, &pipe_hnd); if (!NT_STATUS_IS_OK(status)) { DEBUG(0, ("Error connecting to LSA pipe. Error was %s\n", @@ -280,7 +280,7 @@ int net_rpc_join_newstyle(struct net_context *c, int argc, const char **argv) } /* Create domain user */ - status = cli_rpc_pipe_open_noauth(cli, &ndr_table_samr.syntax_id, + status = cli_rpc_pipe_open_noauth(cli, &ndr_table_samr, &pipe_hnd); if (!NT_STATUS_IS_OK(status)) { DEBUG(0, ("Error connecting to SAM pipe. Error was %s\n", @@ -447,7 +447,7 @@ int net_rpc_join_newstyle(struct net_context *c, int argc, const char **argv) /* Now check the whole process from top-to-bottom */ - status = cli_rpc_pipe_open_noauth(cli, &ndr_table_netlogon.syntax_id, + status = cli_rpc_pipe_open_noauth(cli, &ndr_table_netlogon, &pipe_hnd); if (!NT_STATUS_IS_OK(status)) { DEBUG(0,("Error connecting to NETLOGON pipe. Error was %s\n", diff --git a/source3/utils/net_rpc_shell.c b/source3/utils/net_rpc_shell.c index 6086066..120cfa6 100644 --- a/source3/utils/net_rpc_shell.c +++ b/source3/utils/net_rpc_shell.c @@ -85,7 +85,7 @@ static NTSTATUS net_sh_run(struct net_context *c, return NT_STATUS_NO_MEMORY; } - status = cli_rpc_pipe_open_noauth(ctx->cli, &cmd->table->syntax_id, + status = cli_rpc_pipe_open_noauth(ctx->cli, cmd->table, &pipe_hnd); if (!NT_STATUS_IS_OK(status)) { d_fprintf(stderr, _("Could not open pipe: %s\n"), diff --git a/source3/utils/net_rpc_trust.c b/source3/utils/net_rpc_trust.c index 9060700..5e58103 100644 --- a/source3/utils/net_rpc_trust.c +++ b/source3/utils/net_rpc_trust.c @@ -210,7 +210,7 @@ static NTSTATUS connect_and_get_info(TALLOC_CTX *mem_ctx, return status; } - status = cli_rpc_pipe_open_noauth(*cli, &ndr_table_lsarpc.syntax_id, pipe_hnd); + status = cli_rpc_pipe_open_noauth(*cli, &ndr_table_lsarpc, pipe_hnd); if (!NT_STATUS_IS_OK(status)) { DEBUG(0, ("Failed to initialise lsa pipe with error [%s]\n", nt_errstr(status))); diff --git a/source3/utils/net_util.c b/source3/utils/net_util.c index a4282ec..13a0ef1 100644 --- a/source3/utils/net_util.c +++ b/source3/utils/net_util.c @@ -45,7 +45,7 @@ NTSTATUS net_rpc_lookup_name(struct net_context *c, ZERO_STRUCT(pol); - status = cli_rpc_pipe_open_noauth(cli, &ndr_table_lsarpc.syntax_id, + status = cli_rpc_pipe_open_noauth(cli, &ndr_table_lsarpc, &lsa_pipe); if (!NT_STATUS_IS_OK(status)) { d_fprintf(stderr, _("Could not initialise lsa pipe\n")); @@ -256,7 +256,7 @@ NTSTATUS connect_dst_pipe(struct net_context *c, struct cli_state **cli_dst, return nt_status; } - nt_status = cli_rpc_pipe_open_noauth(cli_tmp, &table->syntax_id, + nt_status = cli_rpc_pipe_open_noauth(cli_tmp, table, &pipe_hnd); if (!NT_STATUS_IS_OK(nt_status)) { DEBUG(0, ("couldn't not initialize pipe\n")); @@ -571,7 +571,7 @@ static NTSTATUS net_scan_dc_noad(struct net_context *c, ZERO_STRUCTP(dc_info); ZERO_STRUCT(pol); - status = cli_rpc_pipe_open_noauth(cli, &ndr_table_lsarpc.syntax_id, + status = cli_rpc_pipe_open_noauth(cli, &ndr_table_lsarpc, &pipe_hnd); if (!NT_STATUS_IS_OK(status)) { return status; @@ -634,7 +634,7 @@ NTSTATUS net_scan_dc(struct net_context *c, ZERO_STRUCTP(dc_info); - status = cli_rpc_pipe_open_noauth(cli, &ndr_table_dssetup.syntax_id, + status = cli_rpc_pipe_open_noauth(cli, &ndr_table_dssetup, &dssetup_pipe); if (!NT_STATUS_IS_OK(status)) { DEBUG(10,("net_scan_dc: failed to open dssetup pipe with %s, " diff --git a/source3/utils/netlookup.c b/source3/utils/netlookup.c index b66c34e..56d3bfe 100644 --- a/source3/utils/netlookup.c +++ b/source3/utils/netlookup.c @@ -122,7 +122,7 @@ static struct con_struct *create_cs(struct net_context *c, } nt_status = cli_rpc_pipe_open_noauth(cs->cli, - &ndr_table_lsarpc.syntax_id, + &ndr_table_lsarpc, &cs->lsapipe); if (!NT_STATUS_IS_OK(nt_status)) { diff --git a/source3/utils/smbcacls.c b/source3/utils/smbcacls.c index 39400c8..d3d60bc 100644 --- a/source3/utils/smbcacls.c +++ b/source3/utils/smbcacls.c @@ -96,7 +96,7 @@ static NTSTATUS cli_lsa_lookup_sid(struct cli_state *cli, goto tcon_fail; } - status = cli_rpc_pipe_open_noauth(cli, &ndr_table_lsarpc.syntax_id, + status = cli_rpc_pipe_open_noauth(cli, &ndr_table_lsarpc, &p); if (!NT_STATUS_IS_OK(status)) { goto fail; @@ -146,7 +146,7 @@ static NTSTATUS cli_lsa_lookup_name(struct cli_state *cli, goto tcon_fail; } - status = cli_rpc_pipe_open_noauth(cli, &ndr_table_lsarpc.syntax_id, + status = cli_rpc_pipe_open_noauth(cli, &ndr_table_lsarpc, &p); if (!NT_STATUS_IS_OK(status)) { goto fail; @@ -187,14 +187,13 @@ static NTSTATUS cli_lsa_lookup_domain_sid(struct cli_state *cli, struct policy_handle handle; NTSTATUS status, result; TALLOC_CTX *frame = talloc_stackframe(); - const struct ndr_syntax_id *lsarpc_syntax = &ndr_table_lsarpc.syntax_id; status = cli_tree_connect(cli, "IPC$", "?????", "", 0); if (!NT_STATUS_IS_OK(status)) { goto done; } - status = cli_rpc_pipe_open_noauth(cli, lsarpc_syntax, &rpc_pipe); + status = cli_rpc_pipe_open_noauth(cli, &ndr_table_lsarpc, &rpc_pipe); if (!NT_STATUS_IS_OK(status)) { goto tdis; } diff --git a/source3/utils/smbcquotas.c b/source3/utils/smbcquotas.c index bf1f95c..2791b93 100644 --- a/source3/utils/smbcquotas.c +++ b/source3/utils/smbcquotas.c @@ -58,7 +58,7 @@ static bool cli_open_policy_hnd(void) NTSTATUS ret; cli_ipc = connect_one("IPC$"); ret = cli_rpc_pipe_open_noauth(cli_ipc, - &ndr_table_lsarpc.syntax_id, + &ndr_table_lsarpc, &global_pipe_hnd); if (!NT_STATUS_IS_OK(ret)) { return False; diff --git a/source3/utils/smbtree.c b/source3/utils/smbtree.c index 40b1f09..5c07b12 100644 --- a/source3/utils/smbtree.c +++ b/source3/utils/smbtree.c @@ -177,7 +177,7 @@ static bool get_rpc_shares(struct cli_state *cli, return False; } - status = cli_rpc_pipe_open_noauth(cli, &ndr_table_srvsvc.syntax_id, + status = cli_rpc_pipe_open_noauth(cli, &ndr_table_srvsvc, &pipe_hnd); if (!NT_STATUS_IS_OK(status)) { diff --git a/source3/winbindd/winbindd_cm.c b/source3/winbindd/winbindd_cm.c index dfcf3f4..6c3f6ea 100644 --- a/source3/winbindd/winbindd_cm.c +++ b/source3/winbindd/winbindd_cm.c @@ -2006,7 +2006,7 @@ static void set_dc_type_and_flags_connect( struct winbindd_domain *domain ) DEBUG(5, ("set_dc_type_and_flags_connect: domain %s\n", domain->name )); status = cli_rpc_pipe_open_noauth(domain->conn.cli, - &ndr_table_dssetup.syntax_id, + &ndr_table_dssetup, &cli); if (!NT_STATUS_IS_OK(status)) { @@ -2057,7 +2057,7 @@ static void set_dc_type_and_flags_connect( struct winbindd_domain *domain ) no_dssetup: status = cli_rpc_pipe_open_noauth(domain->conn.cli, - &ndr_table_lsarpc.syntax_id, &cli); + &ndr_table_lsarpc, &cli); if (!NT_STATUS_IS_OK(status)) { DEBUG(5, ("set_dc_type_and_flags_connect: Could not bind to " @@ -2375,7 +2375,7 @@ NTSTATUS cm_connect_sam(struct winbindd_domain *domain, TALLOC_CTX *mem_ctx, anonymous: /* Finally fall back to anonymous. */ - status = cli_rpc_pipe_open_noauth(conn->cli, &ndr_table_samr.syntax_id, + status = cli_rpc_pipe_open_noauth(conn->cli, &ndr_table_samr, &conn->samr_pipe); if (!NT_STATUS_IS_OK(status)) { @@ -2602,7 +2602,7 @@ NTSTATUS cm_connect_lsa(struct winbindd_domain *domain, TALLOC_CTX *mem_ctx, anonymous: result = cli_rpc_pipe_open_noauth(conn->cli, - &ndr_table_lsarpc.syntax_id, + &ndr_table_lsarpc, &conn->lsa_pipe); if (!NT_STATUS_IS_OK(result)) { result = NT_STATUS_PIPE_NOT_AVAILABLE; @@ -2688,7 +2688,7 @@ NTSTATUS cm_connect_netlogon(struct winbindd_domain *domain, TALLOC_FREE(conn->netlogon_pipe); result = cli_rpc_pipe_open_noauth(conn->cli, - &ndr_table_netlogon.syntax_id, + &ndr_table_netlogon, &netlogon_pipe); if (!NT_STATUS_IS_OK(result)) { return result; -- 1.8.1.2 From 9aa99c3cfb0ff7a290dd4df472a4ff30d0efcb76 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?G=C3=BCnther=20Deschner?= Date: Fri, 24 May 2013 13:33:03 +0200 Subject: [PATCH 33/67] s3-rpc_cli: pass down ndr_interface_table to cli_rpc_pipe_open_noauth_transport(). MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Guenther Signed-off-by: Günther Deschner Reviewed-by: Stefan Metzmacher Reviewed-by: Andreas Schneider --- source3/rpc_client/cli_pipe.c | 13 +++++++------ source3/rpc_client/cli_pipe.h | 2 +- source3/rpcclient/rpcclient.c | 2 +- 3 files changed, 9 insertions(+), 8 deletions(-) diff --git a/source3/rpc_client/cli_pipe.c b/source3/rpc_client/cli_pipe.c index a8fbaa2..02d2a16 100644 --- a/source3/rpc_client/cli_pipe.c +++ b/source3/rpc_client/cli_pipe.c @@ -2837,14 +2837,14 @@ static NTSTATUS cli_rpc_pipe_open(struct cli_state *cli, NTSTATUS cli_rpc_pipe_open_noauth_transport(struct cli_state *cli, enum dcerpc_transport_t transport, - const struct ndr_syntax_id *interface, + const struct ndr_interface_table *table, struct rpc_pipe_client **presult) { struct rpc_pipe_client *result; struct pipe_auth_data *auth; NTSTATUS status; - status = cli_rpc_pipe_open(cli, transport, interface, &result); + status = cli_rpc_pipe_open(cli, transport, &table->syntax_id, &result); if (!NT_STATUS_IS_OK(status)) { return status; } @@ -2893,7 +2893,7 @@ NTSTATUS cli_rpc_pipe_open_noauth_transport(struct cli_state *cli, status = rpc_pipe_bind(result, auth); if (!NT_STATUS_IS_OK(status)) { int lvl = 0; - if (ndr_syntax_id_equal(interface, + if (ndr_syntax_id_equal(&table->syntax_id, &ndr_table_dssetup.syntax_id)) { /* non AD domains just don't have this pipe, avoid * level 0 statement in that case - gd */ @@ -2901,7 +2901,8 @@ NTSTATUS cli_rpc_pipe_open_noauth_transport(struct cli_state *cli, } DEBUG(lvl, ("cli_rpc_pipe_open_noauth: rpc_pipe_bind for pipe " "%s failed with error %s\n", - get_pipe_name_from_syntax(talloc_tos(), interface), + get_pipe_name_from_syntax(talloc_tos(), + &table->syntax_id), nt_errstr(status) )); TALLOC_FREE(result); return status; @@ -2909,7 +2910,7 @@ NTSTATUS cli_rpc_pipe_open_noauth_transport(struct cli_state *cli, DEBUG(10,("cli_rpc_pipe_open_noauth: opened pipe %s to machine " "%s and bound anonymously.\n", - get_pipe_name_from_syntax(talloc_tos(), interface), + get_pipe_name_from_syntax(talloc_tos(), &table->syntax_id), result->desthost)); *presult = result; @@ -2924,7 +2925,7 @@ NTSTATUS cli_rpc_pipe_open_noauth(struct cli_state *cli, struct rpc_pipe_client **presult) { return cli_rpc_pipe_open_noauth_transport(cli, NCACN_NP, - &table->syntax_id, presult); + table, presult); } /**************************************************************************** diff --git a/source3/rpc_client/cli_pipe.h b/source3/rpc_client/cli_pipe.h index 9aae61a..f37f8a9 100644 --- a/source3/rpc_client/cli_pipe.h +++ b/source3/rpc_client/cli_pipe.h @@ -82,7 +82,7 @@ NTSTATUS cli_rpc_pipe_open_noauth(struct cli_state *cli, NTSTATUS cli_rpc_pipe_open_noauth_transport(struct cli_state *cli, enum dcerpc_transport_t transport, - const struct ndr_syntax_id *interface, + const struct ndr_interface_table *table, struct rpc_pipe_client **presult); NTSTATUS cli_rpc_pipe_open_generic_auth(struct cli_state *cli, diff --git a/source3/rpcclient/rpcclient.c b/source3/rpcclient/rpcclient.c index e3b35bb..c23ff2d 100644 --- a/source3/rpcclient/rpcclient.c +++ b/source3/rpcclient/rpcclient.c @@ -690,7 +690,7 @@ static NTSTATUS do_cmd(struct cli_state *cli, case DCERPC_AUTH_TYPE_NONE: ntresult = cli_rpc_pipe_open_noauth_transport( cli, default_transport, - &cmd_entry->table->syntax_id, + cmd_entry->table, &cmd_entry->rpc_pipe); break; case DCERPC_AUTH_TYPE_SPNEGO: -- 1.8.1.2 From 34cc4b409558f229fba24f59e81ef9100a851d24 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?G=C3=BCnther=20Deschner?= Date: Fri, 24 May 2013 13:38:01 +0200 Subject: [PATCH 34/67] s3-rpc_cli: pass down ndr_interface_table to cli_rpc_pipe_open(). MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Guenther Signed-off-by: Günther Deschner Reviewed-by: Stefan Metzmacher Reviewed-by: Andreas Schneider --- source3/rpc_client/cli_pipe.c | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/source3/rpc_client/cli_pipe.c b/source3/rpc_client/cli_pipe.c index 02d2a16..c5fdd9b 100644 --- a/source3/rpc_client/cli_pipe.c +++ b/source3/rpc_client/cli_pipe.c @@ -2815,7 +2815,7 @@ static NTSTATUS rpc_pipe_open_np(struct cli_state *cli, static NTSTATUS cli_rpc_pipe_open(struct cli_state *cli, enum dcerpc_transport_t transport, - const struct ndr_syntax_id *interface, + const struct ndr_interface_table *table, struct rpc_pipe_client **presult) { switch (transport) { @@ -2823,9 +2823,9 @@ static NTSTATUS cli_rpc_pipe_open(struct cli_state *cli, return rpc_pipe_open_tcp(NULL, smbXcli_conn_remote_name(cli->conn), smbXcli_conn_remote_sockaddr(cli->conn), - interface, presult); + &table->syntax_id, presult); case NCACN_NP: - return rpc_pipe_open_np(cli, interface, presult); + return rpc_pipe_open_np(cli, &table->syntax_id, presult); default: return NT_STATUS_NOT_IMPLEMENTED; } @@ -2844,7 +2844,7 @@ NTSTATUS cli_rpc_pipe_open_noauth_transport(struct cli_state *cli, struct pipe_auth_data *auth; NTSTATUS status; - status = cli_rpc_pipe_open(cli, transport, &table->syntax_id, &result); + status = cli_rpc_pipe_open(cli, transport, table, &result); if (!NT_STATUS_IS_OK(status)) { return status; } @@ -2949,7 +2949,7 @@ NTSTATUS cli_rpc_pipe_open_generic_auth(struct cli_state *cli, NTSTATUS status; - status = cli_rpc_pipe_open(cli, transport, &table->syntax_id, &result); + status = cli_rpc_pipe_open(cli, transport, table, &result); if (!NT_STATUS_IS_OK(status)) { return status; } @@ -3006,7 +3006,7 @@ NTSTATUS cli_rpc_pipe_open_schannel_with_key(struct cli_state *cli, struct pipe_auth_data *auth; NTSTATUS status; - status = cli_rpc_pipe_open(cli, transport, &table->syntax_id, &result); + status = cli_rpc_pipe_open(cli, transport, table, &result); if (!NT_STATUS_IS_OK(status)) { return status; } @@ -3076,7 +3076,7 @@ NTSTATUS cli_rpc_pipe_open_spnego(struct cli_state *cli, return NT_STATUS_INVALID_PARAMETER; } - status = cli_rpc_pipe_open(cli, transport, &table->syntax_id, &result); + status = cli_rpc_pipe_open(cli, transport, table, &result); if (!NT_STATUS_IS_OK(status)) { return status; } -- 1.8.1.2 From 8cd3a060514ddcc178c938100edfb0b177c00c8c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?G=C3=BCnther=20Deschner?= Date: Fri, 24 May 2013 13:40:45 +0200 Subject: [PATCH 35/67] s3-rpc_cli: pass down ndr_interface_table to rpc_pipe_open_np(). MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Guenther Signed-off-by: Günther Deschner Reviewed-by: Stefan Metzmacher Reviewed-by: Andreas Schneider --- source3/rpc_client/cli_pipe.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/source3/rpc_client/cli_pipe.c b/source3/rpc_client/cli_pipe.c index c5fdd9b..632a42b 100644 --- a/source3/rpc_client/cli_pipe.c +++ b/source3/rpc_client/cli_pipe.c @@ -2747,7 +2747,7 @@ static int rpc_pipe_client_np_ref_destructor(struct rpc_pipe_client_np_ref *np_r ****************************************************************************/ static NTSTATUS rpc_pipe_open_np(struct cli_state *cli, - const struct ndr_syntax_id *abstract_syntax, + const struct ndr_interface_table *table, struct rpc_pipe_client **presult) { struct rpc_pipe_client *result; @@ -2765,7 +2765,7 @@ static NTSTATUS rpc_pipe_open_np(struct cli_state *cli, return NT_STATUS_NO_MEMORY; } - result->abstract_syntax = *abstract_syntax; + result->abstract_syntax = table->syntax_id; result->transfer_syntax = ndr_transfer_syntax_ndr; result->desthost = talloc_strdup(result, smbXcli_conn_remote_name(cli->conn)); result->srv_name_slash = talloc_asprintf_strupper_m( @@ -2779,7 +2779,7 @@ static NTSTATUS rpc_pipe_open_np(struct cli_state *cli, return NT_STATUS_NO_MEMORY; } - status = rpc_transport_np_init(result, cli, abstract_syntax, + status = rpc_transport_np_init(result, cli, &table->syntax_id, &result->transport); if (!NT_STATUS_IS_OK(status)) { TALLOC_FREE(result); @@ -2825,7 +2825,7 @@ static NTSTATUS cli_rpc_pipe_open(struct cli_state *cli, smbXcli_conn_remote_sockaddr(cli->conn), &table->syntax_id, presult); case NCACN_NP: - return rpc_pipe_open_np(cli, &table->syntax_id, presult); + return rpc_pipe_open_np(cli, table, presult); default: return NT_STATUS_NOT_IMPLEMENTED; } -- 1.8.1.2 From 5c5cff0a722a0925ae75ea7aa11ede0d82d5b92d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?G=C3=BCnther=20Deschner?= Date: Fri, 24 May 2013 13:44:00 +0200 Subject: [PATCH 36/67] s3-rpc_cli: pass down ndr_interface_table to rpc_pipe_open_tcp(). MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Guenther Signed-off-by: Günther Deschner Reviewed-by: Stefan Metzmacher Reviewed-by: Andreas Schneider --- source3/rpc_client/cli_pipe.c | 8 ++++---- source3/rpc_client/cli_pipe.h | 2 +- source3/torture/rpc_open_tcp.c | 2 +- 3 files changed, 6 insertions(+), 6 deletions(-) diff --git a/source3/rpc_client/cli_pipe.c b/source3/rpc_client/cli_pipe.c index 632a42b..3934cc6 100644 --- a/source3/rpc_client/cli_pipe.c +++ b/source3/rpc_client/cli_pipe.c @@ -2635,19 +2635,19 @@ done: */ NTSTATUS rpc_pipe_open_tcp(TALLOC_CTX *mem_ctx, const char *host, const struct sockaddr_storage *addr, - const struct ndr_syntax_id *abstract_syntax, + const struct ndr_interface_table *table, struct rpc_pipe_client **presult) { NTSTATUS status; uint16_t port = 0; - status = rpc_pipe_get_tcp_port(host, addr, abstract_syntax, &port); + status = rpc_pipe_get_tcp_port(host, addr, &table->syntax_id, &port); if (!NT_STATUS_IS_OK(status)) { return status; } return rpc_pipe_open_tcp_port(mem_ctx, host, addr, port, - abstract_syntax, presult); + &table->syntax_id, presult); } /******************************************************************** @@ -2823,7 +2823,7 @@ static NTSTATUS cli_rpc_pipe_open(struct cli_state *cli, return rpc_pipe_open_tcp(NULL, smbXcli_conn_remote_name(cli->conn), smbXcli_conn_remote_sockaddr(cli->conn), - &table->syntax_id, presult); + table, presult); case NCACN_NP: return rpc_pipe_open_np(cli, table, presult); default: diff --git a/source3/rpc_client/cli_pipe.h b/source3/rpc_client/cli_pipe.h index f37f8a9..6fcc587 100644 --- a/source3/rpc_client/cli_pipe.h +++ b/source3/rpc_client/cli_pipe.h @@ -67,7 +67,7 @@ NTSTATUS rpccli_schannel_bind_data(TALLOC_CTX *mem_ctx, NTSTATUS rpc_pipe_open_tcp(TALLOC_CTX *mem_ctx, const char *host, const struct sockaddr_storage *ss_addr, - const struct ndr_syntax_id *abstract_syntax, + const struct ndr_interface_table *table, struct rpc_pipe_client **presult); NTSTATUS rpc_pipe_open_ncalrpc(TALLOC_CTX *mem_ctx, const char *socket_path, diff --git a/source3/torture/rpc_open_tcp.c b/source3/torture/rpc_open_tcp.c index d29f4cf..cd27b5f 100644 --- a/source3/torture/rpc_open_tcp.c +++ b/source3/torture/rpc_open_tcp.c @@ -95,7 +95,7 @@ int main(int argc, const char **argv) } status = rpc_pipe_open_tcp(mem_ctx, argv[2], NULL, - &((*table)->syntax_id), + *table, &rpc_pipe); if (!NT_STATUS_IS_OK(status)) { d_printf("ERROR calling rpc_pipe_open_tcp(): %s\n", -- 1.8.1.2 From 0ff8c2d508949f732716e24047694cecf38597df Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?G=C3=BCnther=20Deschner?= Date: Fri, 24 May 2013 13:46:07 +0200 Subject: [PATCH 37/67] s3-rpc_cli: pass down ndr_interface_table to rpc_pipe_get_tcp_port(). MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Guenther Signed-off-by: Günther Deschner Reviewed-by: Stefan Metzmacher Reviewed-by: Andreas Schneider --- source3/rpc_client/cli_pipe.c | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/source3/rpc_client/cli_pipe.c b/source3/rpc_client/cli_pipe.c index 3934cc6..29092aa 100644 --- a/source3/rpc_client/cli_pipe.c +++ b/source3/rpc_client/cli_pipe.c @@ -2490,7 +2490,7 @@ static NTSTATUS rpc_pipe_open_tcp_port(TALLOC_CTX *mem_ctx, const char *host, */ static NTSTATUS rpc_pipe_get_tcp_port(const char *host, const struct sockaddr_storage *addr, - const struct ndr_syntax_id *abstract_syntax, + const struct ndr_interface_table *table, uint16_t *pport) { NTSTATUS status; @@ -2513,7 +2513,7 @@ static NTSTATUS rpc_pipe_get_tcp_port(const char *host, goto done; } - if (ndr_syntax_id_equal(abstract_syntax, + if (ndr_syntax_id_equal(&table->syntax_id, &ndr_table_epmapper.syntax_id)) { *pport = 135; return NT_STATUS_OK; @@ -2548,7 +2548,7 @@ static NTSTATUS rpc_pipe_get_tcp_port(const char *host, } map_binding->transport = NCACN_IP_TCP; - map_binding->object = *abstract_syntax; + map_binding->object = table->syntax_id; map_binding->host = host; /* needed? */ map_binding->endpoint = "0"; /* correct? needed? */ @@ -2584,7 +2584,7 @@ static NTSTATUS rpc_pipe_get_tcp_port(const char *host, status = dcerpc_epm_Map(epm_handle, tmp_ctx, discard_const_p(struct GUID, - &(abstract_syntax->uuid)), + &(table->syntax_id.uuid)), map_tower, entry_handle, max_towers, @@ -2641,7 +2641,7 @@ NTSTATUS rpc_pipe_open_tcp(TALLOC_CTX *mem_ctx, const char *host, NTSTATUS status; uint16_t port = 0; - status = rpc_pipe_get_tcp_port(host, addr, &table->syntax_id, &port); + status = rpc_pipe_get_tcp_port(host, addr, table, &port); if (!NT_STATUS_IS_OK(status)) { return status; } -- 1.8.1.2 From 7bdcfcb37c5b96ee6aa0cecffd89c6d17291fe62 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?G=C3=BCnther=20Deschner?= Date: Fri, 24 May 2013 13:47:16 +0200 Subject: [PATCH 38/67] s3-rpc_cli: pass down ndr_interface_table to rpc_pipe_open_tcp_port(). MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Guenther Signed-off-by: Günther Deschner Reviewed-by: Stefan Metzmacher Reviewed-by: Andreas Schneider --- source3/rpc_client/cli_pipe.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/source3/rpc_client/cli_pipe.c b/source3/rpc_client/cli_pipe.c index 29092aa..a378f51 100644 --- a/source3/rpc_client/cli_pipe.c +++ b/source3/rpc_client/cli_pipe.c @@ -2419,7 +2419,7 @@ NTSTATUS rpccli_schannel_bind_data(TALLOC_CTX *mem_ctx, const char *domain, static NTSTATUS rpc_pipe_open_tcp_port(TALLOC_CTX *mem_ctx, const char *host, const struct sockaddr_storage *ss_addr, uint16_t port, - const struct ndr_syntax_id *abstract_syntax, + const struct ndr_interface_table *table, struct rpc_pipe_client **presult) { struct rpc_pipe_client *result; @@ -2432,7 +2432,7 @@ static NTSTATUS rpc_pipe_open_tcp_port(TALLOC_CTX *mem_ctx, const char *host, return NT_STATUS_NO_MEMORY; } - result->abstract_syntax = *abstract_syntax; + result->abstract_syntax = table->syntax_id; result->transfer_syntax = ndr_transfer_syntax_ndr; result->desthost = talloc_strdup(result, host); @@ -2521,7 +2521,7 @@ static NTSTATUS rpc_pipe_get_tcp_port(const char *host, /* open the connection to the endpoint mapper */ status = rpc_pipe_open_tcp_port(tmp_ctx, host, addr, 135, - &ndr_table_epmapper.syntax_id, + &ndr_table_epmapper, &epm_pipe); if (!NT_STATUS_IS_OK(status)) { @@ -2647,7 +2647,7 @@ NTSTATUS rpc_pipe_open_tcp(TALLOC_CTX *mem_ctx, const char *host, } return rpc_pipe_open_tcp_port(mem_ctx, host, addr, port, - &table->syntax_id, presult); + table, presult); } /******************************************************************** -- 1.8.1.2 From c41b6e5c5e7fcdbd98c1eb2bea08378b47d343d4 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?G=C3=BCnther=20Deschner?= Date: Fri, 24 May 2013 13:52:05 +0200 Subject: [PATCH 39/67] s3-rpc_cli: pass down ndr_interface_table to rpc_transport_np_init(). MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Guenther Signed-off-by: Günther Deschner Reviewed-by: Stefan Metzmacher Reviewed-by: Andreas Schneider --- source3/rpc_client/cli_pipe.c | 2 +- source3/rpc_client/rpc_transport.h | 2 +- source3/rpc_client/rpc_transport_np.c | 4 ++-- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/source3/rpc_client/cli_pipe.c b/source3/rpc_client/cli_pipe.c index a378f51..1e296ee 100644 --- a/source3/rpc_client/cli_pipe.c +++ b/source3/rpc_client/cli_pipe.c @@ -2779,7 +2779,7 @@ static NTSTATUS rpc_pipe_open_np(struct cli_state *cli, return NT_STATUS_NO_MEMORY; } - status = rpc_transport_np_init(result, cli, &table->syntax_id, + status = rpc_transport_np_init(result, cli, table, &result->transport); if (!NT_STATUS_IS_OK(status)) { TALLOC_FREE(result); diff --git a/source3/rpc_client/rpc_transport.h b/source3/rpc_client/rpc_transport.h index bc115dd..2b4a323 100644 --- a/source3/rpc_client/rpc_transport.h +++ b/source3/rpc_client/rpc_transport.h @@ -89,7 +89,7 @@ NTSTATUS rpc_transport_np_init_recv(struct tevent_req *req, TALLOC_CTX *mem_ctx, struct rpc_cli_transport **presult); NTSTATUS rpc_transport_np_init(TALLOC_CTX *mem_ctx, struct cli_state *cli, - const struct ndr_syntax_id *abstract_syntax, + const struct ndr_interface_table *table, struct rpc_cli_transport **presult); /* The following definitions come from rpc_client/rpc_transport_sock.c */ diff --git a/source3/rpc_client/rpc_transport_np.c b/source3/rpc_client/rpc_transport_np.c index 78caa5b..59a29ea 100644 --- a/source3/rpc_client/rpc_transport_np.c +++ b/source3/rpc_client/rpc_transport_np.c @@ -109,7 +109,7 @@ NTSTATUS rpc_transport_np_init_recv(struct tevent_req *req, } NTSTATUS rpc_transport_np_init(TALLOC_CTX *mem_ctx, struct cli_state *cli, - const struct ndr_syntax_id *abstract_syntax, + const struct ndr_interface_table *table, struct rpc_cli_transport **presult) { TALLOC_CTX *frame = talloc_stackframe(); @@ -123,7 +123,7 @@ NTSTATUS rpc_transport_np_init(TALLOC_CTX *mem_ctx, struct cli_state *cli, goto fail; } - req = rpc_transport_np_init_send(frame, ev, cli, abstract_syntax); + req = rpc_transport_np_init_send(frame, ev, cli, &table->syntax_id); if (req == NULL) { status = NT_STATUS_NO_MEMORY; goto fail; -- 1.8.1.2 From b19e7e6638a5dd53e3c6e6701f78bf31184ed493 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?G=C3=BCnther=20Deschner?= Date: Fri, 24 May 2013 13:56:53 +0200 Subject: [PATCH 40/67] s3-rpc_cli: pass down ndr_interface_table to rpc_transport_np_init_send(). MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Guenther Signed-off-by: Günther Deschner Reviewed-by: Stefan Metzmacher Reviewed-by: Andreas Schneider --- source3/rpc_client/rpc_transport.h | 2 +- source3/rpc_client/rpc_transport_np.c | 6 +++--- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/source3/rpc_client/rpc_transport.h b/source3/rpc_client/rpc_transport.h index 2b4a323..72e7609 100644 --- a/source3/rpc_client/rpc_transport.h +++ b/source3/rpc_client/rpc_transport.h @@ -84,7 +84,7 @@ struct cli_state; struct tevent_req *rpc_transport_np_init_send(TALLOC_CTX *mem_ctx, struct tevent_context *ev, struct cli_state *cli, - const struct ndr_syntax_id *abstract_syntax); + const struct ndr_interface_table *table); NTSTATUS rpc_transport_np_init_recv(struct tevent_req *req, TALLOC_CTX *mem_ctx, struct rpc_cli_transport **presult); diff --git a/source3/rpc_client/rpc_transport_np.c b/source3/rpc_client/rpc_transport_np.c index 59a29ea..804db58 100644 --- a/source3/rpc_client/rpc_transport_np.c +++ b/source3/rpc_client/rpc_transport_np.c @@ -34,7 +34,7 @@ static void rpc_transport_np_init_pipe_open(struct tevent_req *subreq); struct tevent_req *rpc_transport_np_init_send(TALLOC_CTX *mem_ctx, struct tevent_context *ev, struct cli_state *cli, - const struct ndr_syntax_id *abstract_syntax) + const struct ndr_interface_table *table) { struct tevent_req *req; struct rpc_transport_np_init_state *state; @@ -47,7 +47,7 @@ struct tevent_req *rpc_transport_np_init_send(TALLOC_CTX *mem_ctx, return NULL; } - pipe_name = get_pipe_name_from_syntax(state, abstract_syntax); + pipe_name = get_pipe_name_from_syntax(state, &table->syntax_id); if (tevent_req_nomem(pipe_name, req)) { return tevent_req_post(req, ev); } @@ -123,7 +123,7 @@ NTSTATUS rpc_transport_np_init(TALLOC_CTX *mem_ctx, struct cli_state *cli, goto fail; } - req = rpc_transport_np_init_send(frame, ev, cli, &table->syntax_id); + req = rpc_transport_np_init_send(frame, ev, cli, table); if (req == NULL) { status = NT_STATUS_NO_MEMORY; goto fail; -- 1.8.1.2 From a9d5b2fdf03a25e7669258de6c83288be3335cef Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?G=C3=BCnther=20Deschner?= Date: Wed, 19 Dec 2012 13:53:23 +0100 Subject: [PATCH 41/67] libcli/auth: also set secure channel type in netlogon_creds_client_init(). MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Günther Deschner Reviewed-by: Stefan Metzmacher Reviewed-by: Andreas Schneider --- libcli/auth/credentials.c | 2 ++ libcli/auth/proto.h | 1 + source3/rpc_client/cli_netlogon.c | 1 + source4/librpc/rpc/dcerpc_schannel.c | 1 + source4/torture/ntp/ntp_signd.c | 1 + source4/torture/rpc/lsa.c | 1 + source4/torture/rpc/netlogon.c | 3 +++ source4/torture/rpc/samba3rpc.c | 2 ++ 8 files changed, 12 insertions(+) diff --git a/libcli/auth/credentials.c b/libcli/auth/credentials.c index 7c8d53c..fb77ede 100644 --- a/libcli/auth/credentials.c +++ b/libcli/auth/credentials.c @@ -263,6 +263,7 @@ next comes the client specific functions struct netlogon_creds_CredentialState *netlogon_creds_client_init(TALLOC_CTX *mem_ctx, const char *client_account, const char *client_computer_name, + uint16_t secure_channel_type, const struct netr_Credential *client_challenge, const struct netr_Credential *server_challenge, const struct samr_Password *machine_password, @@ -277,6 +278,7 @@ struct netlogon_creds_CredentialState *netlogon_creds_client_init(TALLOC_CTX *me creds->sequence = time(NULL); creds->negotiate_flags = negotiate_flags; + creds->secure_channel_type = secure_channel_type; creds->computer_name = talloc_strdup(creds, client_computer_name); if (!creds->computer_name) { diff --git a/libcli/auth/proto.h b/libcli/auth/proto.h index 89a732e..6bc18d7 100644 --- a/libcli/auth/proto.h +++ b/libcli/auth/proto.h @@ -26,6 +26,7 @@ next comes the client specific functions struct netlogon_creds_CredentialState *netlogon_creds_client_init(TALLOC_CTX *mem_ctx, const char *client_account, const char *client_computer_name, + uint16_t secure_channel_type, const struct netr_Credential *client_challenge, const struct netr_Credential *server_challenge, const struct samr_Password *machine_password, diff --git a/source3/rpc_client/cli_netlogon.c b/source3/rpc_client/cli_netlogon.c index 66a50a8..3d6a3e1 100644 --- a/source3/rpc_client/cli_netlogon.c +++ b/source3/rpc_client/cli_netlogon.c @@ -89,6 +89,7 @@ NTSTATUS rpccli_netlogon_setup_creds(struct rpc_pipe_client *cli, cli->dc = netlogon_creds_client_init(cli, mach_acct, clnt_name, + sec_chan_type, &clnt_chal_send, &srv_chal_recv, &password, diff --git a/source4/librpc/rpc/dcerpc_schannel.c b/source4/librpc/rpc/dcerpc_schannel.c index be1ab24..1480486 100644 --- a/source4/librpc/rpc/dcerpc_schannel.c +++ b/source4/librpc/rpc/dcerpc_schannel.c @@ -187,6 +187,7 @@ static void continue_srv_challenge(struct tevent_req *subreq) s->creds = netlogon_creds_client_init(s, s->a.in.account_name, s->a.in.computer_name, + s->a.in.secure_channel_type, &s->credentials1, &s->credentials2, s->mach_pwd, &s->credentials3, s->local_negotiate_flags); diff --git a/source4/torture/ntp/ntp_signd.c b/source4/torture/ntp/ntp_signd.c index 89eb1a0..5f097fe 100644 --- a/source4/torture/ntp/ntp_signd.c +++ b/source4/torture/ntp/ntp_signd.c @@ -113,6 +113,7 @@ static bool test_ntp_signd(struct torture_context *tctx, creds = netlogon_creds_client_init(tctx, a.in.account_name, a.in.computer_name, + a.in.secure_channel_type, &credentials1, &credentials2, pwhash, &credentials3, negotiate_flags); diff --git a/source4/torture/rpc/lsa.c b/source4/torture/rpc/lsa.c index 107af11..7385ad4 100644 --- a/source4/torture/rpc/lsa.c +++ b/source4/torture/rpc/lsa.c @@ -2715,6 +2715,7 @@ static bool check_pw_with_ServerAuthenticate3(struct dcerpc_pipe *p, creds = netlogon_creds_client_init(tctx, a.in.account_name, a.in.computer_name, + a.in.secure_channel_type, &credentials1, &credentials2, &mach_password, &credentials3, negotiate_flags); diff --git a/source4/torture/rpc/netlogon.c b/source4/torture/rpc/netlogon.c index dadf8bc..c7bdf49 100644 --- a/source4/torture/rpc/netlogon.c +++ b/source4/torture/rpc/netlogon.c @@ -173,6 +173,7 @@ bool test_SetupCredentials(struct dcerpc_pipe *p, struct torture_context *tctx, creds = netlogon_creds_client_init(tctx, a.in.account_name, a.in.computer_name, + a.in.secure_channel_type, &credentials1, &credentials2, mach_password, &credentials3, 0); @@ -243,6 +244,7 @@ bool test_SetupCredentials2(struct dcerpc_pipe *p, struct torture_context *tctx, creds = netlogon_creds_client_init(tctx, a.in.account_name, a.in.computer_name, + a.in.secure_channel_type, &credentials1, &credentials2, mach_password, &credentials3, negotiate_flags); @@ -310,6 +312,7 @@ bool test_SetupCredentials3(struct dcerpc_pipe *p, struct torture_context *tctx, creds = netlogon_creds_client_init(tctx, a.in.account_name, a.in.computer_name, + a.in.secure_channel_type, &credentials1, &credentials2, &mach_password, &credentials3, negotiate_flags); diff --git a/source4/torture/rpc/samba3rpc.c b/source4/torture/rpc/samba3rpc.c index 9443d5e..432e9d5 100644 --- a/source4/torture/rpc/samba3rpc.c +++ b/source4/torture/rpc/samba3rpc.c @@ -1015,6 +1015,7 @@ static bool auth2(struct torture_context *tctx, creds_state = netlogon_creds_client_init(mem_ctx, a.in.account_name, a.in.computer_name, + a.in.secure_channel_type, r.in.credentials, r.out.return_credentials, &mach_pw, &netr_cred, negotiate_flags); @@ -2146,6 +2147,7 @@ static bool torture_samba3_rpc_randomauth2(struct torture_context *torture) creds_state = netlogon_creds_client_init(mem_ctx, a.in.account_name, a.in.computer_name, + a.in.secure_channel_type, r.in.credentials, r.out.return_credentials, &mach_pw, &netr_cred, negotiate_flags); -- 1.8.1.2 From c11a79c5a054e862f61c97093fa2ce5e5040f111 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?G=C3=BCnther=20Deschner?= Date: Wed, 24 Sep 2008 11:04:42 +0200 Subject: [PATCH 42/67] s3: libnet_join: add admin_domain. MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Guenther Signed-off-by: Günther Deschner Reviewed-by: Stefan Metzmacher Reviewed-by: Andreas Schneider --- source3/librpc/idl/libnet_join.idl | 2 ++ 1 file changed, 2 insertions(+) diff --git a/source3/librpc/idl/libnet_join.idl b/source3/librpc/idl/libnet_join.idl index 4f28bb6..ac0a350 100644 --- a/source3/librpc/idl/libnet_join.idl +++ b/source3/librpc/idl/libnet_join.idl @@ -21,6 +21,7 @@ interface libnetjoin [in,ref] string *domain_name, [in] string account_ou, [in] string admin_account, + [in] string admin_domain, [in,noprint] string admin_password, [in] string machine_password, [in] wkssvc_joinflags join_flags, @@ -51,6 +52,7 @@ interface libnetjoin [in] string domain_name, [in] string account_ou, [in] string admin_account, + [in] string admin_domain, [in,noprint] string admin_password, [in] string machine_password, [in] wkssvc_joinflags unjoin_flags, -- 1.8.1.2 From cc0cbd4fdc6e07538d67cc41ca07bad1eaebf493 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?G=C3=BCnther=20Deschner?= Date: Wed, 24 Sep 2008 11:05:37 +0200 Subject: [PATCH 43/67] s3: libnet_join: use admin_domain in libnetjoin. MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Guenther Signed-off-by: Günther Deschner Reviewed-by: Stefan Metzmacher Reviewed-by: Andreas Schneider --- source3/libnet/libnet_join.c | 27 ++++++++++++++++++++++++++- 1 file changed, 26 insertions(+), 1 deletion(-) diff --git a/source3/libnet/libnet_join.c b/source3/libnet/libnet_join.c index 348fb94..4582158 100644 --- a/source3/libnet/libnet_join.c +++ b/source3/libnet/libnet_join.c @@ -686,6 +686,7 @@ static bool libnet_join_joindomain_store_secrets(TALLOC_CTX *mem_ctx, static NTSTATUS libnet_join_connect_dc_ipc(const char *dc, const char *user, + const char *domain, const char *pass, bool use_kerberos, struct cli_state **cli) @@ -705,7 +706,7 @@ static NTSTATUS libnet_join_connect_dc_ipc(const char *dc, NULL, 0, "IPC$", "IPC", user, - NULL, + domain, pass, flags, SMB_SIGNING_DEFAULT); @@ -727,6 +728,7 @@ static NTSTATUS libnet_join_lookup_dc_rpc(TALLOC_CTX *mem_ctx, status = libnet_join_connect_dc_ipc(r->in.dc_name, r->in.admin_account, + r->in.admin_domain, r->in.admin_password, r->in.use_kerberos, cli); @@ -1345,6 +1347,7 @@ static NTSTATUS libnet_join_unjoindomain_rpc(TALLOC_CTX *mem_ctx, status = libnet_join_connect_dc_ipc(r->in.dc_name, r->in.admin_account, + r->in.admin_domain, r->in.admin_password, r->in.use_kerberos, &cli); @@ -1724,6 +1727,17 @@ static WERROR libnet_join_pre_processing(TALLOC_CTX *mem_ctx, return WERR_SETUP_DOMAIN_CONTROLLER; } + if (!r->in.admin_domain) { + char *admin_domain = NULL; + char *admin_account = NULL; + split_domain_user(mem_ctx, + r->in.admin_account, + &admin_domain, + &admin_account); + r->in.admin_domain = admin_domain; + r->in.admin_account = admin_account; + } + if (!secrets_init()) { libnet_join_set_error_string(mem_ctx, r, "Unable to open secrets database"); @@ -2285,6 +2299,17 @@ static WERROR libnet_unjoin_pre_processing(TALLOC_CTX *mem_ctx, return WERR_SETUP_DOMAIN_CONTROLLER; } + if (!r->in.admin_domain) { + char *admin_domain = NULL; + char *admin_account = NULL; + split_domain_user(mem_ctx, + r->in.admin_account, + &admin_domain, + &admin_account); + r->in.admin_domain = admin_domain; + r->in.admin_account = admin_account; + } + if (!secrets_init()) { libnet_unjoin_set_error_string(mem_ctx, r, "Unable to open secrets database"); -- 1.8.1.2 From c4d6d75cf48aed7b17728e283581366143fa4233 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?G=C3=BCnther=20Deschner?= Date: Thu, 6 Nov 2008 11:40:03 +0100 Subject: [PATCH 44/67] s3-libnetjoin: add machine_name length check. MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Guenther Signed-off-by: Günther Deschner Reviewed-by: Stefan Metzmacher Reviewed-by: Andreas Schneider --- source3/libnet/libnet_join.c | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/source3/libnet/libnet_join.c b/source3/libnet/libnet_join.c index 4582158..df3a86d 100644 --- a/source3/libnet/libnet_join.c +++ b/source3/libnet/libnet_join.c @@ -1715,6 +1715,15 @@ static WERROR libnet_join_pre_processing(TALLOC_CTX *mem_ctx, return WERR_INVALID_PARAM; } + if (strlen(r->in.machine_name) > 15) { + libnet_join_set_error_string(mem_ctx, r, + "Our netbios name can be at most 15 chars long, " + "\"%s\" is %u chars long\n", + r->in.machine_name, + (unsigned int)strlen(r->in.machine_name)); + return WERR_INVALID_PARAM; + } + if (!libnet_parse_domain_dc(mem_ctx, r->in.domain_name, &r->in.domain_name, &r->in.dc_name)) { -- 1.8.1.2 From d398a12f7907866189c1b253ca6a40e5454f42a1 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?G=C3=BCnther=20Deschner?= Date: Thu, 6 Nov 2008 13:37:45 +0100 Subject: [PATCH 45/67] s3-libnetjoin: move "net rpc oldjoin" to use libnetjoin. MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Guenther Signed-off-by: Günther Deschner Reviewed-by: Stefan Metzmacher Reviewed-by: Andreas Schneider --- source3/utils/net_rpc.c | 182 ++++++++++++++++++++++-------------------------- 1 file changed, 84 insertions(+), 98 deletions(-) diff --git a/source3/utils/net_rpc.c b/source3/utils/net_rpc.c index 488167c..fc779a3 100644 --- a/source3/utils/net_rpc.c +++ b/source3/utils/net_rpc.c @@ -37,6 +37,8 @@ #include "secrets.h" #include "lib/netapi/netapi.h" #include "lib/netapi/netapi_net.h" +#include "librpc/gen_ndr/libnet_join.h" +#include "libnet/libnet_join.h" #include "rpc_client/init_lsa.h" #include "../libcli/security/security.h" #include "libsmb/libsmb.h" @@ -314,48 +316,46 @@ int net_rpc_changetrustpw(struct net_context *c, int argc, const char **argv) } /** - * Join a domain, the old way. + * Join a domain, the old way. This function exists to allow + * the message to be displayed when oldjoin was explicitly + * requested, but not when it was implied by "net rpc join". * * This uses 'machinename' as the inital password, and changes it. * * The password should be created with 'server manager' or equiv first. * - * All parameters are provided by the run_rpc_command function, except for - * argc, argv which are passed through. - * - * @param domain_sid The domain sid acquired from the remote server. - * @param cli A cli_state connected to the server. - * @param mem_ctx Talloc context, destroyed on completion of the function. * @param argc Standard main() style argc. * @param argv Standard main() style argv. Initial components are already * stripped. * - * @return Normal NTSTATUS return. + * @return A shell status integer (0 for success). **/ -static NTSTATUS rpc_oldjoin_internals(struct net_context *c, - const struct dom_sid *domain_sid, - const char *domain_name, - struct cli_state *cli, - struct rpc_pipe_client *pipe_hnd, - TALLOC_CTX *mem_ctx, - int argc, - const char **argv) +static int net_rpc_oldjoin(struct net_context *c, int argc, const char **argv) { + struct libnet_JoinCtx *r = NULL; + TALLOC_CTX *mem_ctx; + WERROR werr; + const char *domain = lp_workgroup(); /* FIXME */ + bool modify_config = lp_config_backend_is_registry(); + enum netr_SchannelType sec_chan_type; + char *pw = NULL; - fstring trust_passwd; - unsigned char orig_trust_passwd_hash[16]; - NTSTATUS result; - enum netr_SchannelType sec_channel_type; + if (c->display_usage) { + d_printf("Usage:\n" + "net rpc oldjoin\n" + " Join a domain the old way\n"); + return 0; + } - result = cli_rpc_pipe_open_noauth(cli, &ndr_table_netlogon, - &pipe_hnd); - if (!NT_STATUS_IS_OK(result)) { - DEBUG(0,("rpc_oldjoin_internals: netlogon pipe open to machine %s failed. " - "error was %s\n", - smbXcli_conn_remote_name(cli->conn), - nt_errstr(result) )); - return result; + mem_ctx = talloc_init("net_rpc_oldjoin"); + if (!mem_ctx) { + return -1; + } + + werr = libnet_init_JoinCtx(mem_ctx, &r); + if (!W_ERROR_IS_OK(werr)) { + goto fail; } /* @@ -363,92 +363,78 @@ static NTSTATUS rpc_oldjoin_internals(struct net_context *c, a BDC, the server must agree that we are a BDC. */ if (argc >= 0) { - sec_channel_type = get_sec_channel_type(argv[0]); + sec_chan_type = get_sec_channel_type(argv[0]); } else { - sec_channel_type = get_sec_channel_type(NULL); + sec_chan_type = get_sec_channel_type(NULL); } - fstrcpy(trust_passwd, lp_netbios_name()); - if (!strlower_m(trust_passwd)) { - return NT_STATUS_UNSUCCESSFUL; + if (!c->msg_ctx) { + d_fprintf(stderr, _("Could not initialise message context. " + "Try running as root\n")); + werr = WERR_ACCESS_DENIED; + goto fail; } - /* - * Machine names can be 15 characters, but the max length on - * a password is 14. --jerry - */ - - trust_passwd[14] = '\0'; - - E_md4hash(trust_passwd, orig_trust_passwd_hash); - - result = trust_pw_change_and_store_it(pipe_hnd, mem_ctx, c->opt_target_workgroup, - lp_netbios_name(), - orig_trust_passwd_hash, - sec_channel_type); - - if (NT_STATUS_IS_OK(result)) - printf(_("Joined domain %s.\n"), c->opt_target_workgroup); + pw = talloc_strndup(r, lp_netbios_name(), 14); + if (pw == NULL) { + werr = WERR_NOMEM; + goto fail; + } + r->in.msg_ctx = c->msg_ctx; + r->in.domain_name = domain; + r->in.secure_channel_type = sec_chan_type; + r->in.dc_name = c->opt_host; + r->in.admin_account = ""; + r->in.admin_password = strlower_talloc(r, pw); + if (r->in.admin_password == NULL) { + werr = WERR_NOMEM; + goto fail; + } + r->in.debug = true; + r->in.modify_config = modify_config; + r->in.join_flags = WKSSVC_JOIN_FLAGS_JOIN_TYPE | + WKSSVC_JOIN_FLAGS_JOIN_UNSECURE | + WKSSVC_JOIN_FLAGS_MACHINE_PWD_PASSED; - if (!secrets_store_domain_sid(c->opt_target_workgroup, domain_sid)) { - DEBUG(0, ("error storing domain sid for %s\n", c->opt_target_workgroup)); - result = NT_STATUS_UNSUCCESSFUL; + werr = libnet_Join(mem_ctx, r); + if (!W_ERROR_IS_OK(werr)) { + goto fail; } - return result; -} + /* Check the short name of the domain */ -/** - * Join a domain, the old way. - * - * @param argc Standard main() style argc. - * @param argv Standard main() style argv. Initial components are already - * stripped. - * - * @return A shell status integer (0 for success). - **/ + if (!modify_config && !strequal(lp_workgroup(), r->out.netbios_domain_name)) { + d_printf("The workgroup in %s does not match the short\n", get_dyn_CONFIGFILE()); + d_printf("domain name obtained from the server.\n"); + d_printf("Using the name [%s] from the server.\n", r->out.netbios_domain_name); + d_printf("You should set \"workgroup = %s\" in %s.\n", + r->out.netbios_domain_name, get_dyn_CONFIGFILE()); + } -static int net_rpc_perform_oldjoin(struct net_context *c, int argc, const char **argv) -{ - return run_rpc_command(c, NULL, &ndr_table_netlogon, - NET_FLAGS_NO_PIPE | NET_FLAGS_ANONYMOUS | NET_FLAGS_PDC, - rpc_oldjoin_internals, - argc, argv); -} + d_printf("Using short domain name -- %s\n", r->out.netbios_domain_name); -/** - * Join a domain, the old way. This function exists to allow - * the message to be displayed when oldjoin was explicitly - * requested, but not when it was implied by "net rpc join". - * - * @param argc Standard main() style argc. - * @param argv Standard main() style argv. Initial components are already - * stripped. - * - * @return A shell status integer (0 for success). - **/ + if (r->out.dns_domain_name) { + d_printf("Joined '%s' to realm '%s'\n", r->in.machine_name, + r->out.dns_domain_name); + } else { + d_printf("Joined '%s' to domain '%s'\n", r->in.machine_name, + r->out.netbios_domain_name); + } -static int net_rpc_oldjoin(struct net_context *c, int argc, const char **argv) -{ - int rc = -1; + TALLOC_FREE(mem_ctx); - if (c->display_usage) { - d_printf( "%s\n" - "net rpc oldjoin\n" - " %s\n", - _("Usage:"), - _("Join a domain the old way")); - return 0; - } + return 0; - rc = net_rpc_perform_oldjoin(c, argc, argv); +fail: + /* issue an overall failure message at the end. */ + d_fprintf(stderr, _("Failed to join domain: %s\n"), + r && r->out.error_string ? r->out.error_string : + get_friendly_werror_msg(werr)); - if (rc) { - d_fprintf(stderr, _("Failed to join domain\n")); - } + TALLOC_FREE(mem_ctx); - return rc; + return -1; } /** @@ -492,7 +478,7 @@ int net_rpc_join(struct net_context *c, int argc, const char **argv) return -1; } - if ((net_rpc_perform_oldjoin(c, argc, argv) == 0)) + if ((net_rpc_oldjoin(c, argc, argv) == 0)) return 0; return net_rpc_join_newstyle(c, argc, argv); -- 1.8.1.2 From 1242ab0cb3bf575b695b39313604af9d0a7f1b3a Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Thu, 13 Jun 2013 19:12:27 +0200 Subject: [PATCH 46/67] s3:libnet: let the caller truncate the pw in libnet_join_joindomain_rpc_unsecure() Signed-off-by: Stefan Metzmacher Reviewed-by: Andreas Schneider --- source3/libnet/libnet_join.c | 15 +-------------- 1 file changed, 1 insertion(+), 14 deletions(-) diff --git a/source3/libnet/libnet_join.c b/source3/libnet/libnet_join.c index df3a86d..26c037a 100644 --- a/source3/libnet/libnet_join.c +++ b/source3/libnet/libnet_join.c @@ -803,7 +803,6 @@ static NTSTATUS libnet_join_joindomain_rpc_unsecure(TALLOC_CTX *mem_ctx, struct rpc_pipe_client *pipe_hnd = NULL; unsigned char orig_trust_passwd_hash[16]; unsigned char new_trust_passwd_hash[16]; - fstring trust_passwd; NTSTATUS status; status = cli_rpc_pipe_open_noauth(cli, &ndr_table_netlogon, @@ -822,19 +821,7 @@ static NTSTATUS libnet_join_joindomain_rpc_unsecure(TALLOC_CTX *mem_ctx, E_md4hash(r->in.machine_password, new_trust_passwd_hash); /* according to WKSSVC_JOIN_FLAGS_MACHINE_PWD_PASSED */ - fstrcpy(trust_passwd, r->in.admin_password); - if (!strlower_m(trust_passwd)) { - return NT_STATUS_INVALID_PARAMETER; - } - - /* - * Machine names can be 15 characters, but the max length on - * a password is 14. --jerry - */ - - trust_passwd[14] = '\0'; - - E_md4hash(trust_passwd, orig_trust_passwd_hash); + E_md4hash(r->in.admin_password, orig_trust_passwd_hash); status = rpccli_netlogon_set_trust_password(pipe_hnd, mem_ctx, r->in.machine_name, -- 1.8.1.2 From 9cfa6251600ddea0e821f2bd3fd359c28eb1b7f9 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?G=C3=BCnther=20Deschner?= Date: Tue, 3 Feb 2009 20:10:05 +0100 Subject: [PATCH 47/67] s3-net: use libnetjoin for "net rpc testjoin". MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Guenther Signed-off-by: Günther Deschner Reviewed-by: Stefan Metzmacher Reviewed-by: Andreas Schneider --- source3/utils/net_proto.h | 2 +- source3/utils/net_rpc.c | 66 ++++++++++++++++++++++++++++++++++++++++++++ source3/utils/net_rpc_join.c | 29 ------------------- 3 files changed, 67 insertions(+), 30 deletions(-) diff --git a/source3/utils/net_proto.h b/source3/utils/net_proto.h index 03fb312..d791708 100644 --- a/source3/utils/net_proto.h +++ b/source3/utils/net_proto.h @@ -145,6 +145,7 @@ int run_rpc_command(struct net_context *c, int argc, const char **argv); int net_rpc_changetrustpw(struct net_context *c, int argc, const char **argv); +int net_rpc_testjoin(struct net_context *c, int argc, const char **argv); int net_rpc_join(struct net_context *c, int argc, const char **argv); NTSTATUS rpc_info_internals(struct net_context *c, const struct dom_sid *domain_sid, @@ -205,7 +206,6 @@ NTSTATUS net_rpc_join_ok(struct net_context *c, const char *domain, const char *server, const struct sockaddr_storage *server_ss); int net_rpc_join_newstyle(struct net_context *c, int argc, const char **argv); -int net_rpc_testjoin(struct net_context *c, int argc, const char **argv); /* The following definitions come from utils/net_rpc_printer.c */ diff --git a/source3/utils/net_rpc.c b/source3/utils/net_rpc.c index fc779a3..3a70e99 100644 --- a/source3/utils/net_rpc.c +++ b/source3/utils/net_rpc.c @@ -438,6 +438,72 @@ fail: } /** + * check that a join is OK + * + * @return A shell status integer (0 for success) + * + **/ +int net_rpc_testjoin(struct net_context *c, int argc, const char **argv) +{ + NTSTATUS status; + TALLOC_CTX *mem_ctx; + const char *domain = c->opt_target_workgroup; + const char *dc = c->opt_host; + + if (c->display_usage) { + d_printf("Usage\n" + "net rpc testjoin\n" + " Test if a join is OK\n"); + return 0; + } + + mem_ctx = talloc_init("net_rpc_testjoin"); + if (!mem_ctx) { + return -1; + } + + if (!dc) { + struct netr_DsRGetDCNameInfo *info; + + if (!c->msg_ctx) { + d_fprintf(stderr, _("Could not initialise message context. " + "Try running as root\n")); + talloc_destroy(mem_ctx); + return -1; + } + + status = dsgetdcname(mem_ctx, + c->msg_ctx, + domain, + NULL, + NULL, + DS_RETURN_DNS_NAME, + &info); + if (!NT_STATUS_IS_OK(status)) { + talloc_destroy(mem_ctx); + return -1; + } + + dc = strip_hostname(info->dc_unc); + } + + /* Display success or failure */ + status = libnet_join_ok(c->opt_workgroup, lp_netbios_name(), dc, + c->opt_kerberos); + if (!NT_STATUS_IS_OK(status)) { + fprintf(stderr,"Join to domain '%s' is not valid: %s\n", + domain, nt_errstr(status)); + talloc_destroy(mem_ctx); + return -1; + } + + printf("Join to '%s' is OK\n",domain); + talloc_destroy(mem_ctx); + + return 0; +} + +/** * 'net rpc join' entrypoint. * @param argc Standard main() style argc. * @param argv Standard main() style argv. Initial components are already diff --git a/source3/utils/net_rpc_join.c b/source3/utils/net_rpc_join.c index a6ef11b..8d7baab 100644 --- a/source3/utils/net_rpc_join.c +++ b/source3/utils/net_rpc_join.c @@ -552,32 +552,3 @@ done: return retval; } - -/** - * check that a join is OK - * - * @return A shell status integer (0 for success) - * - **/ -int net_rpc_testjoin(struct net_context *c, int argc, const char **argv) -{ - NTSTATUS nt_status; - - if (c->display_usage) { - d_printf(_("Usage\n" - "net rpc testjoin\n" - " Test if a join is OK\n")); - return 0; - } - - /* Display success or failure */ - nt_status = net_rpc_join_ok(c, c->opt_target_workgroup, NULL, NULL); - if (!NT_STATUS_IS_OK(nt_status)) { - fprintf(stderr, _("Join to domain '%s' is not valid: %s\n"), - c->opt_target_workgroup, nt_errstr(nt_status)); - return -1; - } - - printf(_("Join to '%s' is OK\n"), c->opt_target_workgroup); - return 0; -} -- 1.8.1.2 From 3e4ded48bbeacdcd128f3c667cbdd12a3efca312 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?G=C3=BCnther=20Deschner?= Date: Tue, 3 Feb 2009 20:21:05 +0100 Subject: [PATCH 48/67] s3-net: use libnetjoin for "net rpc join" newstyle. MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Guenther Signed-off-by: Günther Deschner Reviewed-by: Stefan Metzmacher Reviewed-by: Andreas Schneider --- source3/utils/net_proto.h | 8 +- source3/utils/net_rpc.c | 106 +++++++++ source3/utils/net_rpc_join.c | 554 ------------------------------------------- source3/wscript_build | 2 +- 4 files changed, 108 insertions(+), 562 deletions(-) delete mode 100644 source3/utils/net_rpc_join.c diff --git a/source3/utils/net_proto.h b/source3/utils/net_proto.h index d791708..1809ba9 100644 --- a/source3/utils/net_proto.h +++ b/source3/utils/net_proto.h @@ -146,6 +146,7 @@ int run_rpc_command(struct net_context *c, const char **argv); int net_rpc_changetrustpw(struct net_context *c, int argc, const char **argv); int net_rpc_testjoin(struct net_context *c, int argc, const char **argv); +int net_rpc_join_newstyle(struct net_context *c, int argc, const char **argv); int net_rpc_join(struct net_context *c, int argc, const char **argv); NTSTATUS rpc_info_internals(struct net_context *c, const struct dom_sid *domain_sid, @@ -200,13 +201,6 @@ int net_rpc(struct net_context *c, int argc, const char **argv); int net_rpc_audit(struct net_context *c, int argc, const char **argv); -/* The following definitions come from utils/net_rpc_join.c */ - -NTSTATUS net_rpc_join_ok(struct net_context *c, const char *domain, - const char *server, - const struct sockaddr_storage *server_ss); -int net_rpc_join_newstyle(struct net_context *c, int argc, const char **argv); - /* The following definitions come from utils/net_rpc_printer.c */ NTSTATUS net_copy_fileattr(struct net_context *c, diff --git a/source3/utils/net_rpc.c b/source3/utils/net_rpc.c index 3a70e99..ae8ebc0 100644 --- a/source3/utils/net_rpc.c +++ b/source3/utils/net_rpc.c @@ -504,6 +504,112 @@ int net_rpc_testjoin(struct net_context *c, int argc, const char **argv) } /** + * Join a domain using the administrator username and password + * + * @param argc Standard main() style argc + * @param argc Standard main() style argv. Initial components are already + * stripped. Currently not used. + * @return A shell status integer (0 for success) + * + **/ + +int net_rpc_join_newstyle(struct net_context *c, int argc, const char **argv) +{ + struct libnet_JoinCtx *r = NULL; + TALLOC_CTX *mem_ctx; + WERROR werr; + const char *domain = lp_workgroup(); /* FIXME */ + bool modify_config = lp_config_backend_is_registry(); + enum netr_SchannelType sec_chan_type; + + if (c->display_usage) { + d_printf("Usage:\n" + "net rpc join\n" + " Join a domain the new way\n"); + return 0; + } + + mem_ctx = talloc_init("net_rpc_join_newstyle"); + if (!mem_ctx) { + return -1; + } + + werr = libnet_init_JoinCtx(mem_ctx, &r); + if (!W_ERROR_IS_OK(werr)) { + goto fail; + } + + /* + check what type of join - if the user want's to join as + a BDC, the server must agree that we are a BDC. + */ + if (argc >= 0) { + sec_chan_type = get_sec_channel_type(argv[0]); + } else { + sec_chan_type = get_sec_channel_type(NULL); + } + + if (!c->msg_ctx) { + d_fprintf(stderr, _("Could not initialise message context. " + "Try running as root\n")); + werr = WERR_ACCESS_DENIED; + goto fail; + } + + r->in.msg_ctx = c->msg_ctx; + r->in.domain_name = domain; + r->in.secure_channel_type = sec_chan_type; + r->in.dc_name = c->opt_host; + r->in.admin_account = c->opt_user_name; + r->in.admin_password = net_prompt_pass(c, c->opt_user_name); + r->in.debug = true; + r->in.use_kerberos = c->opt_kerberos; + r->in.modify_config = modify_config; + r->in.join_flags = WKSSVC_JOIN_FLAGS_JOIN_TYPE | + WKSSVC_JOIN_FLAGS_ACCOUNT_CREATE | + WKSSVC_JOIN_FLAGS_DOMAIN_JOIN_IF_JOINED; + + werr = libnet_Join(mem_ctx, r); + if (!W_ERROR_IS_OK(werr)) { + goto fail; + } + + /* Check the short name of the domain */ + + if (!modify_config && !strequal(lp_workgroup(), r->out.netbios_domain_name)) { + d_printf("The workgroup in %s does not match the short\n", get_dyn_CONFIGFILE()); + d_printf("domain name obtained from the server.\n"); + d_printf("Using the name [%s] from the server.\n", r->out.netbios_domain_name); + d_printf("You should set \"workgroup = %s\" in %s.\n", + r->out.netbios_domain_name, get_dyn_CONFIGFILE()); + } + + d_printf("Using short domain name -- %s\n", r->out.netbios_domain_name); + + if (r->out.dns_domain_name) { + d_printf("Joined '%s' to realm '%s'\n", r->in.machine_name, + r->out.dns_domain_name); + } else { + d_printf("Joined '%s' to domain '%s'\n", r->in.machine_name, + r->out.netbios_domain_name); + } + + TALLOC_FREE(mem_ctx); + + return 0; + +fail: + /* issue an overall failure message at the end. */ + d_printf("Failed to join domain: %s\n", + r && r->out.error_string ? r->out.error_string : + get_friendly_werror_msg(werr)); + + TALLOC_FREE(mem_ctx); + + return -1; +} + +/** * 'net rpc join' entrypoint. * @param argc Standard main() style argc. * @param argv Standard main() style argv. Initial components are already diff --git a/source3/utils/net_rpc_join.c b/source3/utils/net_rpc_join.c deleted file mode 100644 index 8d7baab..0000000 --- a/source3/utils/net_rpc_join.c +++ /dev/null @@ -1,554 +0,0 @@ -/* - Samba Unix/Linux SMB client library - Distributed SMB/CIFS Server Management Utility - Copyright (C) 2001 Andrew Bartlett (abartlet@samba.org) - Copyright (C) Tim Potter 2001 - Copyright (C) 2008 Guenther Deschner - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 3 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program. If not, see . */ - -#include "includes.h" -#include "utils/net.h" -#include "rpc_client/cli_pipe.h" -#include "../libcli/auth/libcli_auth.h" -#include "../librpc/gen_ndr/ndr_lsa_c.h" -#include "rpc_client/cli_lsarpc.h" -#include "../librpc/gen_ndr/ndr_samr_c.h" -#include "rpc_client/init_samr.h" -#include "../librpc/gen_ndr/ndr_netlogon.h" -#include "rpc_client/cli_netlogon.h" -#include "secrets.h" -#include "rpc_client/init_lsa.h" -#include "libsmb/libsmb.h" -#include "../libcli/smb/smbXcli_base.h" - -/* Macro for checking RPC error codes to make things more readable */ - -#define CHECK_RPC_ERR(rpc, msg) \ - if (!NT_STATUS_IS_OK(status = rpc)) { \ - DEBUG(0, (msg ": %s\n", nt_errstr(status))); \ - goto done; \ - } - -#define CHECK_DCERPC_ERR(rpc, msg) \ - if (!NT_STATUS_IS_OK(status = rpc)) { \ - DEBUG(0, (msg ": %s\n", nt_errstr(status))); \ - goto done; \ - } \ - if (!NT_STATUS_IS_OK(result)) { \ - status = result; \ - DEBUG(0, (msg ": %s\n", nt_errstr(result))); \ - goto done; \ - } - - -#define CHECK_RPC_ERR_DEBUG(rpc, debug_args) \ - if (!NT_STATUS_IS_OK(status = rpc)) { \ - DEBUG(0, debug_args); \ - goto done; \ - } - -#define CHECK_DCERPC_ERR_DEBUG(rpc, debug_args) \ - if (!NT_STATUS_IS_OK(status = rpc)) { \ - DEBUG(0, debug_args); \ - goto done; \ - } \ - if (!NT_STATUS_IS_OK(result)) { \ - status = result; \ - DEBUG(0, debug_args); \ - goto done; \ - } - - -/** - * confirm that a domain join is still valid - * - * @return A shell status integer (0 for success) - * - **/ -NTSTATUS net_rpc_join_ok(struct net_context *c, const char *domain, - const char *server, - const struct sockaddr_storage *server_ss) -{ - enum security_types sec; - unsigned int conn_flags = NET_FLAGS_PDC; - uint32_t neg_flags = NETLOGON_NEG_AUTH2_ADS_FLAGS; - struct cli_state *cli = NULL; - struct rpc_pipe_client *pipe_hnd = NULL; - struct rpc_pipe_client *netlogon_pipe = NULL; - NTSTATUS ntret = NT_STATUS_UNSUCCESSFUL; - - sec = (enum security_types)lp_security(); - - if (sec == SEC_ADS) { - /* Connect to IPC$ using machine account's credentials. We don't use anonymous - connection here, as it may be denied by server's local policy. */ - net_use_machine_account(c); - - } else { - /* some servers (e.g. WinNT) don't accept machine-authenticated - smb connections */ - conn_flags |= NET_FLAGS_ANONYMOUS; - } - - /* Connect to remote machine */ - ntret = net_make_ipc_connection_ex(c, domain, server, server_ss, - conn_flags, &cli); - if (!NT_STATUS_IS_OK(ntret)) { - return ntret; - } - - /* Setup the creds as though we're going to do schannel... */ - ntret = get_schannel_session_key(cli, domain, &neg_flags, - &netlogon_pipe); - - /* We return NT_STATUS_INVALID_NETWORK_RESPONSE if the server is refusing - to negotiate schannel, but the creds were set up ok. That'll have to do. */ - - if (!NT_STATUS_IS_OK(ntret)) { - if (NT_STATUS_EQUAL(ntret, NT_STATUS_INVALID_NETWORK_RESPONSE)) { - cli_shutdown(cli); - return NT_STATUS_OK; - } else { - DEBUG(0,("net_rpc_join_ok: failed to get schannel session " - "key from server %s for domain %s. Error was %s\n", - smbXcli_conn_remote_name(cli->conn), domain, nt_errstr(ntret) )); - cli_shutdown(cli); - return ntret; - } - } - - /* Only do the rest of the schannel test if the client is allowed to do this. */ - if (!lp_client_schannel()) { - cli_shutdown(cli); - /* We're good... */ - return ntret; - } - - ntret = cli_rpc_pipe_open_schannel_with_key( - cli, &ndr_table_netlogon, NCACN_NP, - DCERPC_AUTH_LEVEL_PRIVACY, - domain, &netlogon_pipe->dc, &pipe_hnd); - - if (!NT_STATUS_IS_OK(ntret)) { - DEBUG(0,("net_rpc_join_ok: failed to open schannel session " - "on netlogon pipe to server %s for domain %s. Error was %s\n", - smbXcli_conn_remote_name(cli->conn), domain, nt_errstr(ntret) )); - /* - * Note: here, we have: - * (pipe_hnd != NULL) if and only if NT_STATUS_IS_OK(ntret) - */ - } - - cli_shutdown(cli); - return ntret; -} - -/** - * Join a domain using the administrator username and password - * - * @param argc Standard main() style argc - * @param argc Standard main() style argv. Initial components are already - * stripped. Currently not used. - * @return A shell status integer (0 for success) - * - **/ - -int net_rpc_join_newstyle(struct net_context *c, int argc, const char **argv) -{ - - /* libsmb variables */ - - struct cli_state *cli; - TALLOC_CTX *mem_ctx; - uint32 acb_info = ACB_WSTRUST; - uint32_t neg_flags = NETLOGON_NEG_AUTH2_ADS_FLAGS; - enum netr_SchannelType sec_channel_type; - struct rpc_pipe_client *pipe_hnd = NULL; - struct dcerpc_binding_handle *b = NULL; - - /* rpc variables */ - - struct policy_handle lsa_pol, sam_pol, domain_pol, user_pol; - struct dom_sid *domain_sid; - uint32 user_rid; - - /* Password stuff */ - - DATA_BLOB session_key = data_blob_null; - char *clear_trust_password = NULL; - struct samr_CryptPassword crypt_pwd; - uchar md4_trust_password[16]; - union samr_UserInfo set_info; - - /* Misc */ - - NTSTATUS status, result; - int retval = 1; - const char *domain = NULL; - char *acct_name; - struct lsa_String lsa_acct_name; - uint32 acct_flags=0; - uint32_t access_granted = 0; - union lsa_PolicyInformation *info = NULL; - struct samr_Ids user_rids; - struct samr_Ids name_types; - - - /* check what type of join */ - if (argc >= 0) { - sec_channel_type = get_sec_channel_type(argv[0]); - } else { - sec_channel_type = get_sec_channel_type(NULL); - } - - switch (sec_channel_type) { - case SEC_CHAN_WKSTA: - acb_info = ACB_WSTRUST; - break; - case SEC_CHAN_BDC: - acb_info = ACB_SVRTRUST; - break; -#if 0 - case SEC_CHAN_DOMAIN: - acb_info = ACB_DOMTRUST; - break; -#endif - default: - DEBUG(0,("secure channel type %d not yet supported\n", - sec_channel_type)); - break; - } - - /* Make authenticated connection to remote machine */ - - status = net_make_ipc_connection(c, NET_FLAGS_PDC, &cli); - if (!NT_STATUS_IS_OK(status)) { - return 1; - } - - if (!(mem_ctx = talloc_init("net_rpc_join_newstyle"))) { - DEBUG(0, ("Could not initialise talloc context\n")); - goto done; - } - - /* Fetch domain sid */ - - status = cli_rpc_pipe_open_noauth(cli, &ndr_table_lsarpc, - &pipe_hnd); - if (!NT_STATUS_IS_OK(status)) { - DEBUG(0, ("Error connecting to LSA pipe. Error was %s\n", - nt_errstr(status) )); - goto done; - } - - b = pipe_hnd->binding_handle; - - CHECK_RPC_ERR(rpccli_lsa_open_policy(pipe_hnd, mem_ctx, true, - SEC_FLAG_MAXIMUM_ALLOWED, - &lsa_pol), - "error opening lsa policy handle"); - - CHECK_DCERPC_ERR(dcerpc_lsa_QueryInfoPolicy(b, mem_ctx, - &lsa_pol, - LSA_POLICY_INFO_ACCOUNT_DOMAIN, - &info, - &result), - "error querying info policy"); - - domain = info->account_domain.name.string; - domain_sid = info->account_domain.sid; - - dcerpc_lsa_Close(b, mem_ctx, &lsa_pol, &result); - TALLOC_FREE(pipe_hnd); /* Done with this pipe */ - - /* Bail out if domain didn't get set. */ - if (!domain) { - DEBUG(0, ("Could not get domain name.\n")); - goto done; - } - - /* Create domain user */ - status = cli_rpc_pipe_open_noauth(cli, &ndr_table_samr, - &pipe_hnd); - if (!NT_STATUS_IS_OK(status)) { - DEBUG(0, ("Error connecting to SAM pipe. Error was %s\n", - nt_errstr(status) )); - goto done; - } - - b = pipe_hnd->binding_handle; - - status = cli_get_session_key(mem_ctx, pipe_hnd, &session_key); - if (!NT_STATUS_IS_OK(status)) { - DEBUG(0,("Error getting session_key of SAM pipe. Error was %s\n", - nt_errstr(status))); - goto done; - } - - CHECK_DCERPC_ERR(dcerpc_samr_Connect2(b, mem_ctx, - pipe_hnd->desthost, - SAMR_ACCESS_ENUM_DOMAINS - | SAMR_ACCESS_LOOKUP_DOMAIN, - &sam_pol, - &result), - "could not connect to SAM database"); - - - CHECK_DCERPC_ERR(dcerpc_samr_OpenDomain(b, mem_ctx, - &sam_pol, - SAMR_DOMAIN_ACCESS_LOOKUP_INFO_1 - | SAMR_DOMAIN_ACCESS_CREATE_USER - | SAMR_DOMAIN_ACCESS_OPEN_ACCOUNT, - domain_sid, - &domain_pol, - &result), - "could not open domain"); - - /* Create domain user */ - if ((acct_name = talloc_asprintf(mem_ctx, "%s$", lp_netbios_name())) == NULL) { - status = NT_STATUS_NO_MEMORY; - goto done; - } - if (!strlower_m(acct_name)) { - status = NT_STATUS_INVALID_PARAMETER; - goto done; - } - - init_lsa_String(&lsa_acct_name, acct_name); - - acct_flags = SEC_GENERIC_READ | SEC_GENERIC_WRITE | SEC_GENERIC_EXECUTE | - SEC_STD_WRITE_DAC | SEC_STD_DELETE | - SAMR_USER_ACCESS_SET_PASSWORD | - SAMR_USER_ACCESS_GET_ATTRIBUTES | - SAMR_USER_ACCESS_SET_ATTRIBUTES; - - DEBUG(10, ("Creating account with flags: %d\n",acct_flags)); - - status = dcerpc_samr_CreateUser2(b, mem_ctx, - &domain_pol, - &lsa_acct_name, - acb_info, - acct_flags, - &user_pol, - &access_granted, - &user_rid, - &result); - if (!NT_STATUS_IS_OK(status)) { - goto done; - } - if (!NT_STATUS_IS_OK(result) && - !NT_STATUS_EQUAL(result, NT_STATUS_USER_EXISTS)) { - status = result; - d_fprintf(stderr,_("Creation of workstation account failed\n")); - - /* If NT_STATUS_ACCESS_DENIED then we have a valid - username/password combo but the user does not have - administrator access. */ - - if (NT_STATUS_V(result) == NT_STATUS_V(NT_STATUS_ACCESS_DENIED)) - d_fprintf(stderr, _("User specified does not have " - "administrator privileges\n")); - - goto done; - } - - /* We *must* do this.... don't ask... */ - - if (NT_STATUS_IS_OK(result)) { - dcerpc_samr_Close(b, mem_ctx, &user_pol, &result); - } - - CHECK_DCERPC_ERR_DEBUG(dcerpc_samr_LookupNames(b, mem_ctx, - &domain_pol, - 1, - &lsa_acct_name, - &user_rids, - &name_types, - &result), - ("error looking up rid for user %s: %s/%s\n", - acct_name, nt_errstr(status), nt_errstr(result))); - - if (name_types.ids[0] != SID_NAME_USER) { - DEBUG(0, ("%s is not a user account (type=%d)\n", acct_name, name_types.ids[0])); - goto done; - } - - user_rid = user_rids.ids[0]; - - /* Open handle on user */ - - CHECK_DCERPC_ERR_DEBUG( - dcerpc_samr_OpenUser(b, mem_ctx, - &domain_pol, - SEC_FLAG_MAXIMUM_ALLOWED, - user_rid, - &user_pol, - &result), - ("could not re-open existing user %s: %s/%s\n", - acct_name, nt_errstr(status), nt_errstr(result))); - - /* Create a random machine account password */ - - clear_trust_password = generate_random_password(talloc_tos(), - DEFAULT_TRUST_ACCOUNT_PASSWORD_LENGTH, - DEFAULT_TRUST_ACCOUNT_PASSWORD_LENGTH); - E_md4hash(clear_trust_password, md4_trust_password); - - /* Set password on machine account */ - - init_samr_CryptPassword(clear_trust_password, - &session_key, - &crypt_pwd); - - set_info.info24.password = crypt_pwd; - set_info.info24.password_expired = PASS_DONT_CHANGE_AT_NEXT_LOGON; - - CHECK_DCERPC_ERR(dcerpc_samr_SetUserInfo2(b, mem_ctx, - &user_pol, - 24, - &set_info, - &result), - "error setting trust account password"); - - /* Why do we have to try to (re-)set the ACB to be the same as what - we passed in the samr_create_dom_user() call? When a NT - workstation is joined to a domain by an administrator the - acb_info is set to 0x80. For a normal user with "Add - workstations to the domain" rights the acb_info is 0x84. I'm - not sure whether it is supposed to make a difference or not. NT - seems to cope with either value so don't bomb out if the set - userinfo2 level 0x10 fails. -tpot */ - - set_info.info16.acct_flags = acb_info; - - /* Ignoring the return value is necessary for joining a domain - as a normal user with "Add workstation to domain" privilege. */ - - status = dcerpc_samr_SetUserInfo(b, mem_ctx, - &user_pol, - 16, - &set_info, - &result); - - dcerpc_samr_Close(b, mem_ctx, &user_pol, &result); - TALLOC_FREE(pipe_hnd); /* Done with this pipe */ - - /* Now check the whole process from top-to-bottom */ - - status = cli_rpc_pipe_open_noauth(cli, &ndr_table_netlogon, - &pipe_hnd); - if (!NT_STATUS_IS_OK(status)) { - DEBUG(0,("Error connecting to NETLOGON pipe. Error was %s\n", - nt_errstr(status) )); - goto done; - } - - status = rpccli_netlogon_setup_creds(pipe_hnd, - pipe_hnd->desthost, /* server name */ - domain, /* domain */ - lp_netbios_name(), /* client name */ - lp_netbios_name(), /* machine account name */ - md4_trust_password, - sec_channel_type, - &neg_flags); - - if (!NT_STATUS_IS_OK(status)) { - DEBUG(0, ("Error in domain join verification (credential setup failed): %s\n\n", - nt_errstr(status))); - - if ( NT_STATUS_EQUAL(status, NT_STATUS_ACCESS_DENIED) && - (sec_channel_type == SEC_CHAN_BDC) ) { - d_fprintf(stderr, _("Please make sure that no computer " - "account\nnamed like this machine " - "(%s) exists in the domain\n"), - lp_netbios_name()); - } - - goto done; - } - - /* We can only check the schannel connection if the client is allowed - to do this and the server supports it. If not, just assume success - (after all the rpccli_netlogon_setup_creds() succeeded, and we'll - do the same again (setup creds) in net_rpc_join_ok(). JRA. */ - - if (lp_client_schannel() && (neg_flags & NETLOGON_NEG_SCHANNEL)) { - struct rpc_pipe_client *netlogon_schannel_pipe; - - status = cli_rpc_pipe_open_schannel_with_key( - cli, &ndr_table_netlogon, NCACN_NP, - DCERPC_AUTH_LEVEL_PRIVACY, domain, &pipe_hnd->dc, - &netlogon_schannel_pipe); - - if (!NT_STATUS_IS_OK(status)) { - DEBUG(0, ("Error in domain join verification (schannel setup failed): %s\n\n", - nt_errstr(status))); - - if ( NT_STATUS_EQUAL(status, NT_STATUS_ACCESS_DENIED) && - (sec_channel_type == SEC_CHAN_BDC) ) { - d_fprintf(stderr, _("Please make sure that no " - "computer account\nnamed " - "like this machine (%s) " - "exists in the domain\n"), - lp_netbios_name()); - } - - goto done; - } - TALLOC_FREE(netlogon_schannel_pipe); - } - - TALLOC_FREE(pipe_hnd); - - /* Now store the secret in the secrets database */ - - if (!strupper_m(discard_const_p(char, domain))) { - DEBUG(0, ("strupper_m %s failed\n", domain)); - goto done; - } - - if (!secrets_store_domain_sid(domain, domain_sid)) { - DEBUG(0, ("error storing domain sid for %s\n", domain)); - goto done; - } - - if (!secrets_store_machine_password(clear_trust_password, domain, sec_channel_type)) { - DEBUG(0, ("error storing plaintext domain secrets for %s\n", domain)); - } - - /* double-check, connection from scratch */ - status = net_rpc_join_ok(c, domain, smbXcli_conn_remote_name(cli->conn), - smbXcli_conn_remote_sockaddr(cli->conn)); - retval = NT_STATUS_IS_OK(status) ? 0 : -1; - -done: - - /* Display success or failure */ - - if (domain) { - if (retval != 0) { - fprintf(stderr,_("Unable to join domain %s.\n"),domain); - } else { - printf(_("Joined domain %s.\n"),domain); - } - } - - cli_shutdown(cli); - - TALLOC_FREE(clear_trust_password); - data_blob_clear_free(&session_key); - - return retval; -} diff --git a/source3/wscript_build b/source3/wscript_build index a8bdaf0..f7988a6 100755 --- a/source3/wscript_build +++ b/source3/wscript_build @@ -504,7 +504,7 @@ LIBNET_SAMSYNC_SRC = '''libnet/libnet_samsync.c NET_SRC1 = '''utils/net.c utils/net_ads.c utils/net_help.c utils/net_rap.c utils/net_rpc.c utils/net_rpc_samsync.c - utils/net_rpc_join.c utils/net_time.c utils/net_lookup.c + utils/net_time.c utils/net_lookup.c utils/net_cache.c utils/net_groupmap.c utils/net_idmap.c utils/net_idmap_check.c utils/interact.c -- 1.8.1.2 From 05d9b4165af9e7f03d3fbeb64db4fc305fcec4df Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Mon, 15 Jul 2013 13:28:34 +0200 Subject: [PATCH 49/67] s3-net: avoid confusing output in net_rpc_oldjoin() if NET_FLAGS_EXPECT_FALLBACK is passed "net rpc join" tries net_rpc_oldjoin() first and falls back to net_rpc_join_newstyle(). We should not print the join failed if just net_rpc_oldjoin() failed. Signed-off-by: Stefan Metzmacher Reviewed-by: Andreas Schneider --- source3/utils/net.h | 1 + source3/utils/net_proto.h | 1 - source3/utils/net_rpc.c | 15 +++++++++++++-- 3 files changed, 14 insertions(+), 3 deletions(-) diff --git a/source3/utils/net.h b/source3/utils/net.h index 2056d89..e97734a 100644 --- a/source3/utils/net.h +++ b/source3/utils/net.h @@ -182,6 +182,7 @@ enum netdom_domain_t { ND_TYPE_NT4, ND_TYPE_AD }; #define NET_FLAGS_SIGN 0x00000040 /* sign RPC connection */ #define NET_FLAGS_SEAL 0x00000080 /* seal RPC connection */ #define NET_FLAGS_TCP 0x00000100 /* use ncacn_ip_tcp */ +#define NET_FLAGS_EXPECT_FALLBACK 0x00000200 /* the caller will fallback */ /* net share operation modes */ #define NET_MODE_SHARE_MIGRATE 1 diff --git a/source3/utils/net_proto.h b/source3/utils/net_proto.h index 1809ba9..25e9db2 100644 --- a/source3/utils/net_proto.h +++ b/source3/utils/net_proto.h @@ -146,7 +146,6 @@ int run_rpc_command(struct net_context *c, const char **argv); int net_rpc_changetrustpw(struct net_context *c, int argc, const char **argv); int net_rpc_testjoin(struct net_context *c, int argc, const char **argv); -int net_rpc_join_newstyle(struct net_context *c, int argc, const char **argv); int net_rpc_join(struct net_context *c, int argc, const char **argv); NTSTATUS rpc_info_internals(struct net_context *c, const struct dom_sid *domain_sid, diff --git a/source3/utils/net_rpc.c b/source3/utils/net_rpc.c index ae8ebc0..e258ec6 100644 --- a/source3/utils/net_rpc.c +++ b/source3/utils/net_rpc.c @@ -427,11 +427,16 @@ static int net_rpc_oldjoin(struct net_context *c, int argc, const char **argv) return 0; fail: + if (c->opt_flags & NET_FLAGS_EXPECT_FALLBACK) { + goto cleanup; + } + /* issue an overall failure message at the end. */ d_fprintf(stderr, _("Failed to join domain: %s\n"), r && r->out.error_string ? r->out.error_string : get_friendly_werror_msg(werr)); +cleanup: TALLOC_FREE(mem_ctx); return -1; @@ -513,7 +518,7 @@ int net_rpc_testjoin(struct net_context *c, int argc, const char **argv) * **/ -int net_rpc_join_newstyle(struct net_context *c, int argc, const char **argv) +static int net_rpc_join_newstyle(struct net_context *c, int argc, const char **argv) { struct libnet_JoinCtx *r = NULL; TALLOC_CTX *mem_ctx; @@ -623,6 +628,8 @@ fail: int net_rpc_join(struct net_context *c, int argc, const char **argv) { + int ret; + if (c->display_usage) { d_printf("%s\n%s", _("Usage:"), @@ -650,8 +657,12 @@ int net_rpc_join(struct net_context *c, int argc, const char **argv) return -1; } - if ((net_rpc_oldjoin(c, argc, argv) == 0)) + c->opt_flags |= NET_FLAGS_EXPECT_FALLBACK; + ret = net_rpc_oldjoin(c, argc, argv); + c->opt_flags &= ~NET_FLAGS_EXPECT_FALLBACK; + if (ret == 0) { return 0; + } return net_rpc_join_newstyle(c, argc, argv); } -- 1.8.1.2 From 34fa7946993506fde2c6b30e4a41bea27390a814 Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Tue, 16 Jul 2013 10:07:30 +0200 Subject: [PATCH 50/67] s4:librpc: fix netlogon connections against servers without AES support LogonGetCapabilities() only works on the credential chain if the server supports AES, so we need to work on a temporary copy until we know the server replied a valid return authenticator. Signed-off-by: Stefan Metzmacher Reviewed-by: Andreas Schneider --- source4/librpc/rpc/dcerpc_schannel.c | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/source4/librpc/rpc/dcerpc_schannel.c b/source4/librpc/rpc/dcerpc_schannel.c index 1480486..130ebeb 100644 --- a/source4/librpc/rpc/dcerpc_schannel.c +++ b/source4/librpc/rpc/dcerpc_schannel.c @@ -385,6 +385,7 @@ struct auth_schannel_state { struct loadparm_context *lp_ctx; uint8_t auth_level; struct netlogon_creds_CredentialState *creds_state; + struct netlogon_creds_CredentialState save_creds_state; struct netr_Authenticator auth; struct netr_Authenticator return_auth; union netr_Capabilities capabilities; @@ -449,7 +450,8 @@ static void continue_bind_auth(struct composite_context *ctx) s->creds_state = cli_credentials_get_netlogon_creds(s->credentials); if (composite_nomem(s->creds_state, c)) return; - netlogon_creds_client_authenticator(s->creds_state, &s->auth); + s->save_creds_state = *s->creds_state; + netlogon_creds_client_authenticator(&s->save_creds_state, &s->auth); s->c.in.server_name = talloc_asprintf(c, "\\\\%s", @@ -519,12 +521,14 @@ static void continue_get_capabilities(struct tevent_req *subreq) } /* verify credentials */ - if (!netlogon_creds_client_check(s->creds_state, + if (!netlogon_creds_client_check(&s->save_creds_state, &s->c.out.return_authenticator->cred)) { composite_error(c, NT_STATUS_UNSUCCESSFUL); return; } + *s->creds_state = s->save_creds_state; + if (!NT_STATUS_IS_OK(s->c.out.result)) { composite_error(c, s->c.out.result); return; -- 1.8.1.2 From d54c908ff5bef774f5cca038741558089ff6baeb Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Fri, 22 Mar 2013 15:07:10 +0100 Subject: [PATCH 51/67] s3:rpcclient: use talloc_stackframe() in do_cmd() Signed-off-by: Stefan Metzmacher Reviewed-by: Andreas Schneider --- source3/rpcclient/rpcclient.c | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/source3/rpcclient/rpcclient.c b/source3/rpcclient/rpcclient.c index c23ff2d..9bf296e 100644 --- a/source3/rpcclient/rpcclient.c +++ b/source3/rpcclient/rpcclient.c @@ -678,7 +678,7 @@ static NTSTATUS do_cmd(struct cli_state *cli, /* Create mem_ctx */ - if (!(mem_ctx = talloc_init("do_cmd"))) { + if (!(mem_ctx = talloc_stackframe())) { DEBUG(0, ("talloc_init() failed\n")); return NT_STATUS_NO_MEMORY; } @@ -745,12 +745,14 @@ static NTSTATUS do_cmd(struct cli_state *cli, "auth type %u\n", cmd_entry->table->name, pipe_default_auth_type )); + talloc_free(mem_ctx); return NT_STATUS_UNSUCCESSFUL; } if (!NT_STATUS_IS_OK(ntresult)) { DEBUG(0, ("Could not initialise %s. Error was %s\n", cmd_entry->table->name, nt_errstr(ntresult) )); + talloc_free(mem_ctx); return ntresult; } @@ -765,6 +767,7 @@ static NTSTATUS do_cmd(struct cli_state *cli, trust_password, &machine_account, &sec_channel_type)) { + talloc_free(mem_ctx); return NT_STATUS_CANT_ACCESS_DOMAIN_INFO; } @@ -780,6 +783,7 @@ static NTSTATUS do_cmd(struct cli_state *cli, if (!NT_STATUS_IS_OK(ntresult)) { DEBUG(0, ("Could not initialise credentials for %s.\n", cmd_entry->table->name)); + talloc_free(mem_ctx); return ntresult; } } @@ -803,7 +807,7 @@ static NTSTATUS do_cmd(struct cli_state *cli, /* Cleanup */ - talloc_destroy(mem_ctx); + talloc_free(mem_ctx); return ntresult; } -- 1.8.1.2 From 39fedd27182d9e1985418ea79b86aef69999dd57 Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Wed, 24 Apr 2013 12:36:04 +0200 Subject: [PATCH 52/67] libcli/auth: make netlogon_creds_crypt_samlogon_validation more robust Signed-off-by: Stefan Metzmacher Reviewed-by: Andreas Schneider --- libcli/auth/credentials.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/libcli/auth/credentials.c b/libcli/auth/credentials.c index fb77ede..5c8b25b 100644 --- a/libcli/auth/credentials.c +++ b/libcli/auth/credentials.c @@ -493,8 +493,12 @@ static void netlogon_creds_crypt_samlogon_validation(struct netlogon_creds_Crede bool encrypt) { static const char zeros[16]; - struct netr_SamBaseInfo *base = NULL; + + if (validation == NULL) { + return; + } + switch (validation_level) { case 2: if (validation->sam2) { -- 1.8.1.2 From 291f6a1e031dc9db7d03b3ca924c4309b313cae5 Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Fri, 14 Jun 2013 09:47:50 +0200 Subject: [PATCH 53/67] libcli/auth: fix shadowed declaration in netlogon_creds_crypt_samlogon_validation() Signed-off-by: Stefan Metzmacher Reviewed-by: Andreas Schneider --- libcli/auth/credentials.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/libcli/auth/credentials.c b/libcli/auth/credentials.c index 5c8b25b..2e9c87e 100644 --- a/libcli/auth/credentials.c +++ b/libcli/auth/credentials.c @@ -490,7 +490,7 @@ NTSTATUS netlogon_creds_server_step_check(struct netlogon_creds_CredentialState static void netlogon_creds_crypt_samlogon_validation(struct netlogon_creds_CredentialState *creds, uint16_t validation_level, union netr_Validation *validation, - bool encrypt) + bool do_encrypt) { static const char zeros[16]; struct netr_SamBaseInfo *base = NULL; @@ -531,7 +531,7 @@ static void netlogon_creds_crypt_samlogon_validation(struct netlogon_creds_Crede /* Don't crypt an all-zero key, it would give away the NETLOGON pipe session key */ if (memcmp(base->key.key, zeros, sizeof(base->key.key)) != 0) { - if (encrypt) { + if (do_encrypt) { netlogon_creds_aes_encrypt(creds, base->key.key, sizeof(base->key.key)); @@ -544,7 +544,7 @@ static void netlogon_creds_crypt_samlogon_validation(struct netlogon_creds_Crede if (memcmp(base->LMSessKey.key, zeros, sizeof(base->LMSessKey.key)) != 0) { - if (encrypt) { + if (do_encrypt) { netlogon_creds_aes_encrypt(creds, base->LMSessKey.key, sizeof(base->LMSessKey.key)); @@ -574,7 +574,7 @@ static void netlogon_creds_crypt_samlogon_validation(struct netlogon_creds_Crede /* Don't crypt an all-zero key, it would give away the NETLOGON pipe session key */ if (memcmp(base->LMSessKey.key, zeros, sizeof(base->LMSessKey.key)) != 0) { - if (encrypt) { + if (do_encrypt) { netlogon_creds_des_encrypt_LMKey(creds, &base->LMSessKey); } else { -- 1.8.1.2 From c7319fce604d5f89a89094b6b18ef459a347aef8 Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Thu, 25 Apr 2013 17:01:00 +0200 Subject: [PATCH 54/67] libcli/auth: add netlogon_creds_[de|en]crypt_samlogon_logon() Signed-off-by: Stefan Metzmacher Reviewed-by: Andreas Schneider --- libcli/auth/credentials.c | 118 ++++++++++++++++++++++++++++++++++++++++++++++ libcli/auth/proto.h | 6 +++ 2 files changed, 124 insertions(+) diff --git a/libcli/auth/credentials.c b/libcli/auth/credentials.c index 2e9c87e..78a8d7a 100644 --- a/libcli/auth/credentials.c +++ b/libcli/auth/credentials.c @@ -601,6 +601,124 @@ void netlogon_creds_encrypt_samlogon_validation(struct netlogon_creds_Credential validation, true); } +static void netlogon_creds_crypt_samlogon_logon(struct netlogon_creds_CredentialState *creds, + enum netr_LogonInfoClass level, + union netr_LogonLevel *logon, + bool encrypt) +{ + static const char zeros[16]; + + if (logon == NULL) { + return; + } + + switch (level) { + case NetlogonInteractiveInformation: + case NetlogonInteractiveTransitiveInformation: + case NetlogonServiceInformation: + case NetlogonServiceTransitiveInformation: + if (logon->password == NULL) { + return; + } + + if (creds->negotiate_flags & NETLOGON_NEG_SUPPORTS_AES) { + uint8_t *h; + + h = logon->password->lmpassword.hash; + if (memcmp(h, zeros, 16) != 0) { + if (encrypt) { + netlogon_creds_aes_encrypt(creds, h, 16); + } else { + netlogon_creds_aes_decrypt(creds, h, 16); + } + } + + h = logon->password->ntpassword.hash; + if (memcmp(h, zeros, 16) != 0) { + if (encrypt) { + netlogon_creds_aes_encrypt(creds, h, 16); + } else { + netlogon_creds_aes_decrypt(creds, h, 16); + } + } + } else if (creds->negotiate_flags & NETLOGON_NEG_ARCFOUR) { + uint8_t *h; + + h = logon->password->lmpassword.hash; + if (memcmp(h, zeros, 16) != 0) { + netlogon_creds_arcfour_crypt(creds, h, 16); + } + + h = logon->password->ntpassword.hash; + if (memcmp(h, zeros, 16) != 0) { + netlogon_creds_arcfour_crypt(creds, h, 16); + } + } else { + struct samr_Password *p; + + p = &logon->password->lmpassword; + if (memcmp(p->hash, zeros, 16) != 0) { + if (encrypt) { + netlogon_creds_des_encrypt(creds, p); + } else { + netlogon_creds_des_decrypt(creds, p); + } + } + p = &logon->password->ntpassword; + if (memcmp(p->hash, zeros, 16) != 0) { + if (encrypt) { + netlogon_creds_des_encrypt(creds, p); + } else { + netlogon_creds_des_decrypt(creds, p); + } + } + } + break; + + case NetlogonNetworkInformation: + case NetlogonNetworkTransitiveInformation: + break; + + case NetlogonGenericInformation: + if (logon->generic == NULL) { + return; + } + + if (creds->negotiate_flags & NETLOGON_NEG_SUPPORTS_AES) { + if (encrypt) { + netlogon_creds_aes_encrypt(creds, + logon->generic->data, + logon->generic->length); + } else { + netlogon_creds_aes_decrypt(creds, + logon->generic->data, + logon->generic->length); + } + } else if (creds->negotiate_flags & NETLOGON_NEG_ARCFOUR) { + netlogon_creds_arcfour_crypt(creds, + logon->generic->data, + logon->generic->length); + } else { + /* Using DES to verify kerberos tickets makes no sense */ + } + break; + } +} + +void netlogon_creds_decrypt_samlogon_logon(struct netlogon_creds_CredentialState *creds, + enum netr_LogonInfoClass level, + union netr_LogonLevel *logon) +{ + netlogon_creds_crypt_samlogon_logon(creds, level, logon, false); +} + +void netlogon_creds_encrypt_samlogon_logon(struct netlogon_creds_CredentialState *creds, + enum netr_LogonInfoClass level, + union netr_LogonLevel *logon) +{ + netlogon_creds_crypt_samlogon_logon(creds, level, logon, true); +} + /* copy a netlogon_creds_CredentialState struct */ diff --git a/libcli/auth/proto.h b/libcli/auth/proto.h index 6bc18d7..110e039 100644 --- a/libcli/auth/proto.h +++ b/libcli/auth/proto.h @@ -64,6 +64,12 @@ void netlogon_creds_decrypt_samlogon_validation(struct netlogon_creds_Credential void netlogon_creds_encrypt_samlogon_validation(struct netlogon_creds_CredentialState *creds, uint16_t validation_level, union netr_Validation *validation); +void netlogon_creds_decrypt_samlogon_logon(struct netlogon_creds_CredentialState *creds, + enum netr_LogonInfoClass level, + union netr_LogonLevel *logon); +void netlogon_creds_encrypt_samlogon_logon(struct netlogon_creds_CredentialState *creds, + enum netr_LogonInfoClass level, + union netr_LogonLevel *logon); /* The following definitions come from /home/jeremy/src/samba/git/master/source3/../source4/../libcli/auth/session.c */ -- 1.8.1.2 From 2ea749a1a43a6539b01d36dbe0402a99619444e1 Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Wed, 24 Apr 2013 12:53:27 +0200 Subject: [PATCH 55/67] libcli/auth: add netlogon_creds_shallow_copy_logon() This can be used before netlogon_creds_encrypt_samlogon_logon() in order to keep the provided buffers unchanged. Signed-off-by: Stefan Metzmacher Reviewed-by: Andreas Schneider --- libcli/auth/credentials.c | 73 +++++++++++++++++++++++++++++++++++++++++++++++ libcli/auth/proto.h | 3 ++ 2 files changed, 76 insertions(+) diff --git a/libcli/auth/credentials.c b/libcli/auth/credentials.c index 78a8d7a..1f664d3 100644 --- a/libcli/auth/credentials.c +++ b/libcli/auth/credentials.c @@ -719,6 +719,79 @@ void netlogon_creds_encrypt_samlogon_logon(struct netlogon_creds_CredentialState netlogon_creds_crypt_samlogon_logon(creds, level, logon, true); } +union netr_LogonLevel *netlogon_creds_shallow_copy_logon(TALLOC_CTX *mem_ctx, + enum netr_LogonInfoClass level, + const union netr_LogonLevel *in) +{ + union netr_LogonLevel *out; + + if (in == NULL) { + return NULL; + } + + out = talloc(mem_ctx, union netr_LogonLevel); + if (out == NULL) { + return NULL; + } + + *out = *in; + + switch (level) { + case NetlogonInteractiveInformation: + case NetlogonInteractiveTransitiveInformation: + case NetlogonServiceInformation: + case NetlogonServiceTransitiveInformation: + if (in->password == NULL) { + return out; + } + + out->password = talloc(out, struct netr_PasswordInfo); + if (out->password == NULL) { + talloc_free(out); + return NULL; + } + *out->password = *in->password; + + return out; + + case NetlogonNetworkInformation: + case NetlogonNetworkTransitiveInformation: + break; + + case NetlogonGenericInformation: + if (in->generic == NULL) { + return out; + } + + out->generic = talloc(out, struct netr_GenericInfo); + if (out->generic == NULL) { + talloc_free(out); + return NULL; + } + *out->generic = *in->generic; + + if (in->generic->data == NULL) { + return out; + } + + if (in->generic->length == 0) { + return out; + } + + out->generic->data = talloc_memdup(out->generic, + in->generic->data, + in->generic->length); + if (out->generic->data == NULL) { + talloc_free(out); + return NULL; + } + + return out; + } + + return out; +} + /* copy a netlogon_creds_CredentialState struct */ diff --git a/libcli/auth/proto.h b/libcli/auth/proto.h index 110e039..0c319d3 100644 --- a/libcli/auth/proto.h +++ b/libcli/auth/proto.h @@ -70,6 +70,9 @@ void netlogon_creds_decrypt_samlogon_logon(struct netlogon_creds_CredentialState void netlogon_creds_encrypt_samlogon_logon(struct netlogon_creds_CredentialState *creds, enum netr_LogonInfoClass level, union netr_LogonLevel *logon); +union netr_LogonLevel *netlogon_creds_shallow_copy_logon(TALLOC_CTX *mem_ctx, + enum netr_LogonInfoClass level, + const union netr_LogonLevel *in); /* The following definitions come from /home/jeremy/src/samba/git/master/source3/../source4/../libcli/auth/session.c */ -- 1.8.1.2 From 9d548318da11247ffe8acf505cdb5299090c16f0 Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Wed, 24 Apr 2013 16:00:18 +0200 Subject: [PATCH 56/67] s4:netlogon: make use of netlogon_creds_decrypt_samlogon_logon() Signed-off-by: Stefan Metzmacher Reviewed-by: Andreas Schneider --- source4/rpc_server/netlogon/dcerpc_netlogon.c | 28 ++++++--------------------- 1 file changed, 6 insertions(+), 22 deletions(-) diff --git a/source4/rpc_server/netlogon/dcerpc_netlogon.c b/source4/rpc_server/netlogon/dcerpc_netlogon.c index d463e85..5cc3b34 100644 --- a/source4/rpc_server/netlogon/dcerpc_netlogon.c +++ b/source4/rpc_server/netlogon/dcerpc_netlogon.c @@ -629,29 +629,15 @@ static NTSTATUS dcesrv_netr_LogonSamLogon_base(struct dcesrv_call_state *dce_cal user_info = talloc_zero(mem_ctx, struct auth_usersupplied_info); NT_STATUS_HAVE_NO_MEMORY(user_info); + netlogon_creds_decrypt_samlogon_logon(creds, + r->in.logon_level, + r->in.logon); + switch (r->in.logon_level) { case NetlogonInteractiveInformation: case NetlogonServiceInformation: case NetlogonInteractiveTransitiveInformation: case NetlogonServiceTransitiveInformation: - if (creds->negotiate_flags & NETLOGON_NEG_SUPPORTS_AES) { - netlogon_creds_aes_decrypt(creds, - r->in.logon->password->lmpassword.hash, - sizeof(r->in.logon->password->lmpassword.hash)); - netlogon_creds_aes_decrypt(creds, - r->in.logon->password->ntpassword.hash, - sizeof(r->in.logon->password->ntpassword.hash)); - } else if (creds->negotiate_flags & NETLOGON_NEG_ARCFOUR) { - netlogon_creds_arcfour_crypt(creds, - r->in.logon->password->lmpassword.hash, - sizeof(r->in.logon->password->lmpassword.hash)); - netlogon_creds_arcfour_crypt(creds, - r->in.logon->password->ntpassword.hash, - sizeof(r->in.logon->password->ntpassword.hash)); - } else { - netlogon_creds_des_decrypt(creds, &r->in.logon->password->lmpassword); - netlogon_creds_des_decrypt(creds, &r->in.logon->password->ntpassword); - } /* TODO: we need to deny anonymous access here */ nt_status = auth_context_create(mem_ctx, @@ -705,11 +691,9 @@ static NTSTATUS dcesrv_netr_LogonSamLogon_base(struct dcesrv_call_state *dce_cal case NetlogonGenericInformation: { if (creds->negotiate_flags & NETLOGON_NEG_SUPPORTS_AES) { - netlogon_creds_aes_decrypt(creds, - r->in.logon->generic->data, r->in.logon->generic->length); + /* OK */ } else if (creds->negotiate_flags & NETLOGON_NEG_ARCFOUR) { - netlogon_creds_arcfour_crypt(creds, - r->in.logon->generic->data, r->in.logon->generic->length); + /* OK */ } else { /* Using DES to verify kerberos tickets makes no sense */ return NT_STATUS_INVALID_PARAMETER; -- 1.8.1.2 From 7b3ddd1a0bb41fe84c115555113362044620e484 Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Wed, 24 Apr 2013 16:00:44 +0200 Subject: [PATCH 57/67] s3:netlogon: make use of netlogon_creds_decrypt_samlogon_logon() Signed-off-by: Stefan Metzmacher Reviewed-by: Andreas Schneider --- source3/rpc_server/netlogon/srv_netlog_nt.c | 45 ++++++++++++++--------------- 1 file changed, 21 insertions(+), 24 deletions(-) diff --git a/source3/rpc_server/netlogon/srv_netlog_nt.c b/source3/rpc_server/netlogon/srv_netlog_nt.c index 6a6c125..4f66dfe 100644 --- a/source3/rpc_server/netlogon/srv_netlog_nt.c +++ b/source3/rpc_server/netlogon/srv_netlog_nt.c @@ -1467,6 +1467,15 @@ static NTSTATUS _netr_LogonSamLogon_base(struct pipes_struct *p, struct auth_context *auth_context = NULL; const char *fn; +#ifdef DEBUG_PASSWORD + logon = netlogon_creds_shallow_copy_logon(p->mem_ctx, + r->in.logon_level, + r->in.logon); + if (logon == NULL) { + logon = r->in.logon; + } +#endif + switch (p->opnum) { case NDR_NETR_LOGONSAMLOGON: fn = "_netr_LogonSamLogon"; @@ -1547,6 +1556,10 @@ static NTSTATUS _netr_LogonSamLogon_base(struct pipes_struct *p, status = NT_STATUS_OK; + netlogon_creds_decrypt_samlogon_logon(creds, + r->in.logon_level, + logon); + switch (r->in.logon_level) { case NetlogonNetworkInformation: case NetlogonNetworkTransitiveInformation: @@ -1592,32 +1605,16 @@ static NTSTATUS _netr_LogonSamLogon_base(struct pipes_struct *p, uint8_t chal[8]; #ifdef DEBUG_PASSWORD - DEBUG(100,("lm owf password:")); - dump_data(100, logon->password->lmpassword.hash, 16); - - DEBUG(100,("nt owf password:")); - dump_data(100, logon->password->ntpassword.hash, 16); -#endif - if (creds->negotiate_flags & NETLOGON_NEG_SUPPORTS_AES) { - netlogon_creds_aes_decrypt(creds, - logon->password->lmpassword.hash, - 16); - netlogon_creds_aes_decrypt(creds, - logon->password->ntpassword.hash, - 16); - } else if (creds->negotiate_flags & NETLOGON_NEG_ARCFOUR) { - netlogon_creds_arcfour_crypt(creds, - logon->password->lmpassword.hash, - 16); - netlogon_creds_arcfour_crypt(creds, - logon->password->ntpassword.hash, - 16); - } else { - netlogon_creds_des_decrypt(creds, &logon->password->lmpassword); - netlogon_creds_des_decrypt(creds, &logon->password->ntpassword); + if (logon != r->in.logon) { + DEBUG(100,("lm owf password:")); + dump_data(100, + r->in.logon->password->lmpassword.hash, 16); + + DEBUG(100,("nt owf password:")); + dump_data(100, + r->in.logon->password->ntpassword.hash, 16); } -#ifdef DEBUG_PASSWORD DEBUG(100,("decrypt of lm owf password:")); dump_data(100, logon->password->lmpassword.hash, 16); -- 1.8.1.2 From 6ce645e03c279cbb2ed8a94f033b8e0601b61ef4 Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Thu, 25 Apr 2013 18:27:57 +0200 Subject: [PATCH 58/67] s3:rpc_client: make rpccli_schannel_bind_data() static Signed-off-by: Stefan Metzmacher Reviewed-by: Andreas Schneider --- source3/rpc_client/cli_pipe.c | 9 +++++---- source3/rpc_client/cli_pipe.h | 6 ------ 2 files changed, 5 insertions(+), 10 deletions(-) diff --git a/source3/rpc_client/cli_pipe.c b/source3/rpc_client/cli_pipe.c index 1e296ee..068510a 100644 --- a/source3/rpc_client/cli_pipe.c +++ b/source3/rpc_client/cli_pipe.c @@ -2373,10 +2373,11 @@ static NTSTATUS rpccli_generic_bind_data(TALLOC_CTX *mem_ctx, return status; } -NTSTATUS rpccli_schannel_bind_data(TALLOC_CTX *mem_ctx, const char *domain, - enum dcerpc_AuthLevel auth_level, - struct netlogon_creds_CredentialState *creds, - struct pipe_auth_data **presult) +static NTSTATUS rpccli_schannel_bind_data(TALLOC_CTX *mem_ctx, + const char *domain, + enum dcerpc_AuthLevel auth_level, + struct netlogon_creds_CredentialState *creds, + struct pipe_auth_data **presult) { struct schannel_state *schannel_auth; struct pipe_auth_data *result; diff --git a/source3/rpc_client/cli_pipe.h b/source3/rpc_client/cli_pipe.h index 6fcc587..8eb6040 100644 --- a/source3/rpc_client/cli_pipe.h +++ b/source3/rpc_client/cli_pipe.h @@ -58,12 +58,6 @@ NTSTATUS rpccli_ncalrpc_bind_data(TALLOC_CTX *mem_ctx, NTSTATUS rpccli_anon_bind_data(TALLOC_CTX *mem_ctx, struct pipe_auth_data **presult); -NTSTATUS rpccli_schannel_bind_data(TALLOC_CTX *mem_ctx, - const char *domain, - enum dcerpc_AuthLevel auth_level, - struct netlogon_creds_CredentialState *creds, - struct pipe_auth_data **presult); - NTSTATUS rpc_pipe_open_tcp(TALLOC_CTX *mem_ctx, const char *host, const struct sockaddr_storage *ss_addr, -- 1.8.1.2 From 8a302fc353de8d373a0ec8544da4da6f305ec923 Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Thu, 25 Apr 2013 18:29:31 +0200 Subject: [PATCH 59/67] s3:rpc_client: use the correct context for netlogon_creds_copy() in rpccli_schannel_bind_data() Signed-off-by: Stefan Metzmacher Reviewed-by: Andreas Schneider --- source3/rpc_client/cli_pipe.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/source3/rpc_client/cli_pipe.c b/source3/rpc_client/cli_pipe.c index 068510a..b4a4bed 100644 --- a/source3/rpc_client/cli_pipe.c +++ b/source3/rpc_client/cli_pipe.c @@ -2403,7 +2403,10 @@ static NTSTATUS rpccli_schannel_bind_data(TALLOC_CTX *mem_ctx, schannel_auth->state = SCHANNEL_STATE_START; schannel_auth->initiator = true; - schannel_auth->creds = netlogon_creds_copy(result, creds); + schannel_auth->creds = netlogon_creds_copy(schannel_auth, creds); + if (schannel_auth->creds == NULL) { + goto fail; + } result->auth_ctx = schannel_auth; *presult = result; -- 1.8.1.2 From 94be8d63cd21fbb9e31bf7a92af82e19c596f94f Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Thu, 25 Apr 2013 19:43:58 +0200 Subject: [PATCH 60/67] s3:rpc_client: rename same variables in cli_rpc_pipe_open_schannel_with_key() Signed-off-by: Stefan Metzmacher Reviewed-by: Andreas Schneider --- source3/rpc_client/cli_pipe.c | 30 +++++++++++++++--------------- 1 file changed, 15 insertions(+), 15 deletions(-) diff --git a/source3/rpc_client/cli_pipe.c b/source3/rpc_client/cli_pipe.c index b4a4bed..a935030 100644 --- a/source3/rpc_client/cli_pipe.c +++ b/source3/rpc_client/cli_pipe.c @@ -3004,32 +3004,32 @@ NTSTATUS cli_rpc_pipe_open_schannel_with_key(struct cli_state *cli, enum dcerpc_AuthLevel auth_level, const char *domain, struct netlogon_creds_CredentialState **pdc, - struct rpc_pipe_client **presult) + struct rpc_pipe_client **_rpccli) { - struct rpc_pipe_client *result; - struct pipe_auth_data *auth; + struct rpc_pipe_client *rpccli; + struct pipe_auth_data *rpcauth; NTSTATUS status; - status = cli_rpc_pipe_open(cli, transport, table, &result); + status = cli_rpc_pipe_open(cli, transport, table, &rpccli); if (!NT_STATUS_IS_OK(status)) { return status; } - status = rpccli_schannel_bind_data(result, domain, auth_level, - *pdc, &auth); + status = rpccli_schannel_bind_data(rpccli, domain, auth_level, + *pdc, &rpcauth); if (!NT_STATUS_IS_OK(status)) { DEBUG(0, ("rpccli_schannel_bind_data returned %s\n", nt_errstr(status))); - TALLOC_FREE(result); + TALLOC_FREE(rpccli); return status; } - status = rpc_pipe_bind(result, auth); + status = rpc_pipe_bind(rpccli, rpcauth); if (!NT_STATUS_IS_OK(status)) { DEBUG(0, ("cli_rpc_pipe_open_schannel_with_key: " "cli_rpc_pipe_bind failed with error %s\n", nt_errstr(status) )); - TALLOC_FREE(result); + TALLOC_FREE(rpccli); return status; } @@ -3037,10 +3037,10 @@ NTSTATUS cli_rpc_pipe_open_schannel_with_key(struct cli_state *cli, * The credentials on a new netlogon pipe are the ones we are passed * in - copy them over */ - if (result->dc == NULL) { - result->dc = netlogon_creds_copy(result, *pdc); - if (result->dc == NULL) { - TALLOC_FREE(result); + if (rpccli->dc == NULL) { + rpccli->dc = netlogon_creds_copy(rpccli, *pdc); + if (rpccli->dc == NULL) { + TALLOC_FREE(rpccli); return NT_STATUS_NO_MEMORY; } } @@ -3048,9 +3048,9 @@ NTSTATUS cli_rpc_pipe_open_schannel_with_key(struct cli_state *cli, DEBUG(10,("cli_rpc_pipe_open_schannel_with_key: opened pipe %s to machine %s " "for domain %s and bound using schannel.\n", get_pipe_name_from_syntax(talloc_tos(), &table->syntax_id), - result->desthost, domain)); + rpccli->desthost, domain)); - *presult = result; + *_rpccli = rpccli; return NT_STATUS_OK; } -- 1.8.1.2 From 6659f0164c6b8d7ad522bcd6c2c6748c3d9bca81 Mon Sep 17 00:00:00 2001 From: Andreas Schneider Date: Mon, 5 Aug 2013 09:25:11 +0200 Subject: [PATCH 61/67] s3-libads: Print a message if no realm has been specified. Signed-off-by: Andreas Schneider Reviewed-by: Stefan Metzmacher Autobuild-User(master): Andreas Schneider Autobuild-Date(master): Mon Aug 5 12:24:44 CEST 2013 on sn-devel-104 --- source3/libads/kerberos.c | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/source3/libads/kerberos.c b/source3/libads/kerberos.c index bb74305..b026e09 100644 --- a/source3/libads/kerberos.c +++ b/source3/libads/kerberos.c @@ -839,7 +839,13 @@ bool create_local_private_krb5_conf_for_domain(const char *realm, return false; } - if (!realm || !domain || !pss || !kdc_name) { + if (realm == NULL) { + DEBUG(0, ("No realm has been specified! Do you really want to " + "join an Active Directory server?\n")); + return false; + } + + if (domain == NULL || pss == NULL || kdc_name == NULL) { return false; } -- 1.8.1.2 From c8d8bb257ac390c89c4238ed86dfef02750b6049 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Wed, 10 Jul 2013 17:10:17 -0700 Subject: [PATCH 62/67] Fix bug #10010 - Missing integer wrap protection in EA list reading can cause server to loop with DOS. Ensure we never wrap whilst adding client provided input. Signed-off-by: Jeremy Allison --- source3/smbd/nttrans.c | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/source3/smbd/nttrans.c b/source3/smbd/nttrans.c index 800e2fd..bcba29a 100644 --- a/source3/smbd/nttrans.c +++ b/source3/smbd/nttrans.c @@ -990,7 +990,19 @@ struct ea_list *read_nttrans_ea_list(TALLOC_CTX *ctx, const char *pdata, size_t if (next_offset == 0) { break; } + + /* Integer wrap protection for the increment. */ + if (offset + next_offset < offset) { + break; + } + offset += next_offset; + + /* Integer wrap protection for while loop. */ + if (offset + 4 < offset) { + break; + } + } return ea_list_head; -- 1.8.1.2 From c4cba824d9e4bb31e1b6a901e994ffdfd3ad522e Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Thu, 11 Jul 2013 09:36:01 -0700 Subject: [PATCH 63/67] Fix bug #10010 - Missing integer wrap protection in EA list reading can cause server to loop with DOS. Fix client-side parsing also. Found by David Disseldorp Signed-off-by: Jeremy Allison Autobuild-User(master): Karolin Seeger Autobuild-Date(master): Mon Aug 5 14:39:04 CEST 2013 on sn-devel-104 --- source4/libcli/raw/raweas.c | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/source4/libcli/raw/raweas.c b/source4/libcli/raw/raweas.c index 5f06e70..b626b31 100644 --- a/source4/libcli/raw/raweas.c +++ b/source4/libcli/raw/raweas.c @@ -243,9 +243,12 @@ NTSTATUS ea_pull_list_chained(const DATA_BLOB *blob, return NT_STATUS_INVALID_PARAMETER; } - ofs += next_ofs; + if (ofs + next_ofs < ofs) { + return NT_STATUS_INVALID_PARAMETER; + } - if (ofs+4 > blob->length) { + ofs += next_ofs; + if (ofs+4 > blob->length || ofs+4 < ofs) { return NT_STATUS_INVALID_PARAMETER; } n++; -- 1.8.1.2 From 09359c1d60e528fe4a4f1233722a090d1f7d1297 Mon Sep 17 00:00:00 2001 From: Christian Ambach Date: Thu, 20 Jun 2013 18:26:04 +0200 Subject: [PATCH 64/67] waf: fix build on AIX7 the same works for AIX 5,6,7 so leave away the version specifics (as autoconf build did) Signed-off-by: Christian Ambach --- buildtools/wafsamba/wscript | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/buildtools/wafsamba/wscript b/buildtools/wafsamba/wscript index 17aef27..d115b5f 100755 --- a/buildtools/wafsamba/wscript +++ b/buildtools/wafsamba/wscript @@ -322,7 +322,7 @@ def configure(conf): else: conf.env.HAVE_LD_VERSION_SCRIPT = False - if sys.platform == "aix5" or sys.platform == "aix6": + if sys.platform.startswith('aix'): conf.DEFINE('_ALL_SOURCE', 1, add_to_cflags=True) # Might not be needed if ALL_SOURCE is defined # conf.DEFINE('_XOPEN_SOURCE', 600, add_to_cflags=True) -- 1.8.1.2 From e812222815d2803e6ab5ca1bac317576c035e2eb Mon Sep 17 00:00:00 2001 From: Christian Ambach Date: Tue, 25 Jun 2013 18:37:35 +0200 Subject: [PATCH 65/67] waf: add --without-gettext option Signed-off-by: Christian Ambach --- buildtools/wafsamba/wscript | 3 +++ 1 file changed, 3 insertions(+) diff --git a/buildtools/wafsamba/wscript b/buildtools/wafsamba/wscript index d115b5f..fe2e515 100755 --- a/buildtools/wafsamba/wscript +++ b/buildtools/wafsamba/wscript @@ -82,6 +82,9 @@ def set_options(opt): help='additional directory to search for gettext', action='store', dest='gettext_location', default='/usr/local', match = ['Checking for library intl', 'Checking for header libintl.h']) + opt.add_option('--without-gettext', + help=("Disable use of gettext"), + action="store_true", dest='disable_gettext', default=False) gr = opt.option_group('developer options') -- 1.8.1.2 From 7f9a9a46a82c20ce52b2dfd92f4b5a9cbb58e532 Mon Sep 17 00:00:00 2001 From: Christian Ambach Date: Thu, 1 Aug 2013 22:28:05 +0200 Subject: [PATCH 66/67] waf: consolidate libintl related checks consolidate the dealing with functions from libintl and the handling of checking if libiconv is required or not to a common place in lib/replace also add a new samba_intl subsystem that has dependencies on the appropriate set of libraries (libintl, libintl+libiconv or none) that can be used as a general dependency by code that depends on the internationalization libraries Signed-off-by: Christian Ambach --- lib/replace/wscript | 38 ++++++++++++++++++++++++--------- source3/wscript | 9 ++++---- source4/heimdal_build/wscript_configure | 4 +--- 3 files changed, 33 insertions(+), 18 deletions(-) diff --git a/lib/replace/wscript b/lib/replace/wscript index 2117f56..0867e77 100644 --- a/lib/replace/wscript +++ b/lib/replace/wscript @@ -89,7 +89,7 @@ struct foo bar = { .y = 'X', .x = 1 }; sys/sockio.h sys/un.h''', together=True) conf.CHECK_HEADERS('sys/uio.h ifaddrs.h direct.h dirent.h') conf.CHECK_HEADERS('windows.h winsock2.h ws2tcpip.h') - conf.CHECK_HEADERS('libintl.h errno.h') + conf.CHECK_HEADERS('errno.h') conf.CHECK_HEADERS('gcrypt.h getopt.h iconv.h') conf.CHECK_HEADERS('sys/inotify.h memory.h nss.h sasl/sasl.h') conf.CHECK_HEADERS('security/pam_appl.h zlib.h asm/unistd.h') @@ -363,17 +363,33 @@ removeea setea headers='netinet/in.h arpa/nameser.h resolv.h') - if not conf.CHECK_FUNCS_IN('gettext', 'intl', checklibc=True, headers='libintl.h'): - # Some hosts need lib iconv for linking with lib intl - # So we try with flags just in case it helps. - oldflags = conf.env['LDFLAGS_INTL'] - conf.env['LDFLAGS_INTL'] = "-liconv" - if not conf.CHECK_LIB('intl'): - conf.env['LDFLAGS_INTL'] = oldflags + conf.env.intl_libs='' + if not Options.options.disable_gettext: + conf.CHECK_HEADERS('libintl.h') + conf.CHECK_LIB('intl') + # *textdomain functions are not strictly necessary + conf.CHECK_FUNCS_IN('bindtextdomain textdomain bind_textdomain_codeset', + 'intl', checklibc=True, headers='libintl.h') + # gettext and dgettext must exist + if conf.CHECK_FUNCS_IN('dgettext gettext', 'intl', checklibc=True, headers='libintl.h'): + # save for dependency definitions + conf.env.intl_libs='intl' else: - conf.CHECK_FUNCS_IN('gettext', 'intl', checklibc=True, headers='libintl.h') + # Some hosts need lib iconv for linking with lib intl + # So we try with flags just in case it helps. + oldflags = conf.env['EXTRA_LDFLAGS']; + conf.env['EXTRA_LDFLAGS'].extend("-liconv") + conf.CHECK_FUNCS_IN('dgettext gettext bindtextdomain textdomain bind_textdomain_codeset', + 'intl', headers='libintl.h') + conf.env['EXTRA_LDFLAGS'] = oldflags + if conf.env['HAVE_GETTEXT'] and conf.env['HAVE_DGETTEXT']: + # save for dependency definitions + conf.env.intl_libs='iconv intl' + else: + conf.fatal('library gettext not found, try specifying the path to ' + + 'it with --with-gettext= or ' + + '--without-gettext to build without''') - conf.CHECK_FUNCS_IN('dgettext gettext', 'intl', headers='libintl.h') conf.CHECK_FUNCS_IN('pthread_create', 'pthread', checklibc=True, headers='pthread.h') conf.CHECK_FUNCS_IN('crypt', 'crypt', checklibc=True) @@ -627,6 +643,8 @@ def build(bld): target='stdbool.h', enabled = not bld.CONFIG_SET('HAVE_STDBOOL_H')) + bld.SAMBA_SUBSYSTEM('samba_intl', source='', use_global_deps=False,deps=bld.env.intl_libs) + def dist(): '''makes a tarball for distribution''' samba_dist.dist() diff --git a/source3/wscript b/source3/wscript index 3c0145b..271314d 100644 --- a/source3/wscript +++ b/source3/wscript @@ -98,7 +98,6 @@ def configure(conf): conf.CHECK_FUNCS('memalign posix_memalign hstrerror') conf.CHECK_FUNCS('shmget') conf.CHECK_FUNCS_IN('shm_open', 'rt', checklibc=True) - conf.CHECK_FUNCS('gettext dgettext bindtextdomain textdomain bind_textdomain_codeset') #FIXME: for some reason this one still fails conf.CHECK_FUNCS_IN('yp_get_default_domain', 'nsl') conf.CHECK_FUNCS_IN('dn_expand _dn_expand __dn_expand', 'resolv') @@ -331,8 +330,8 @@ if (0) { conf.CHECK_FUNCS(''' _acl __acl atexit -bindtextdomain _chdir __chdir chflags chmod _close __close _closedir -__closedir crypt16 devnm dgettext dirfd + _chdir __chdir chflags chmod _close __close _closedir +__closedir crypt16 devnm dirfd DNSServiceRegister _dup __dup _dup2 __dup2 endmntent execl _facl __facl _fchdir __fchdir fchmod fchown _fcntl __fcntl fcvt fcvtl fdatasync @@ -341,7 +340,7 @@ fsetxattr _fstat __fstat fsync futimens futimes __fxstat getauthuid getcwd _getcwd __getcwd getdents __getdents getdirentries getgrent getgrnam getgrouplist getgrset getmntent getpagesize -getpwanam getpwent_r getrlimit gettext +getpwanam getpwent_r getrlimit glob grantpt hstrerror initgroups innetgr llseek _llseek __llseek _lseek __lseek _lstat __lstat lutimes @@ -357,7 +356,7 @@ setmntent setpgid setpriv setsid setuidx shmget shm_open sigaction sigblock sigprocmask sigset _stat __stat statvfs strcasecmp strchr strpbrk strsignal strtol strupr sysconf sysctl sysctlbyname -__sys_llseek syslog _telldir __telldir textdomain timegm +__sys_llseek syslog _telldir __telldir timegm utimensat vsyslog _write __write __xstat ''') diff --git a/source4/heimdal_build/wscript_configure b/source4/heimdal_build/wscript_configure index 2bb465a..bed63d6 100755 --- a/source4/heimdal_build/wscript_configure +++ b/source4/heimdal_build/wscript_configure @@ -19,7 +19,7 @@ conf.CHECK_HEADERS('ifaddrs.h') conf.CHECK_HEADERS('''crypt.h errno.h inttypes.h netdb.h signal.h sys/bswap.h sys/file.h sys/stropts.h sys/timeb.h sys/times.h sys/uio.h sys/un.h sys/utsname.h time.h timezone.h ttyname.h netinet/in.h - netinet/in6.h netinet6/in6.h libintl.h''') + netinet/in6.h netinet6/in6.h''') conf.CHECK_HEADERS('curses.h term.h termcap.h', together=True) @@ -42,8 +42,6 @@ conf.CHECK_FUNCS_IN('''getnameinfo sendmsg socket getipnodebyname gethostent get 'socket nsl', checklibc=True) -conf.CHECK_FUNCS_IN('dgettext gettext', 'intl', headers='libintl.h') - conf.CHECK_FUNCS('iruserok') conf.CHECK_FUNCS('bswap16') -- 1.8.1.2 From 1cd649bde3be28d93bd6d205c0858558923e317b Mon Sep 17 00:00:00 2001 From: Christian Ambach Date: Thu, 1 Aug 2013 23:00:21 +0200 Subject: [PATCH 67/67] waf: replace dependency to libintl with samba_intl Signed-off-by: Christian Ambach --- nsswitch/wscript_build | 2 +- source3/wscript_build | 2 +- source4/heimdal_build/wscript_build | 4 ++-- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/nsswitch/wscript_build b/nsswitch/wscript_build index a7d6489..55ba776 100644 --- a/nsswitch/wscript_build +++ b/nsswitch/wscript_build @@ -81,7 +81,7 @@ elif (host_os.rfind('aix') > -1): if bld.CONFIG_SET('WITH_PAM_MODULES') and bld.CONFIG_SET('HAVE_PAM_START'): bld.SAMBA_LIBRARY('pamwinbind', source='pam_winbind.c', - deps='intl talloc wbclient winbind-client iniparser pam', + deps='talloc wbclient winbind-client iniparser pam samba_intl', cflags='-DLOCALEDIR=\"%s/locale\"' % bld.env.DATADIR, realname='pam_winbind.so', install_path='${PAMMODULESDIR}' diff --git a/source3/wscript_build b/source3/wscript_build index f7988a6..f52197a 100755 --- a/source3/wscript_build +++ b/source3/wscript_build @@ -1267,7 +1267,7 @@ bld.SAMBA3_BINARY('net', talloc netapi addns - intl + samba_intl popt_samba3 pdb libsmb diff --git a/source4/heimdal_build/wscript_build b/source4/heimdal_build/wscript_build index 8ca8788..ae7fbec 100644 --- a/source4/heimdal_build/wscript_build +++ b/source4/heimdal_build/wscript_build @@ -670,7 +670,7 @@ if not bld.CONFIG_SET("USING_SYSTEM_KRB5"): HEIMDAL_LIBRARY('krb5', KRB5_SOURCE, version_script='lib/krb5/version-script.map', includes='../heimdal/lib/krb5 ../heimdal/lib/asn1 ../heimdal/include', - deps='roken wind asn1 hx509 hcrypto intl com_err HEIMDAL_CONFIG heimbase execinfo', + deps='roken wind asn1 hx509 hcrypto com_err HEIMDAL_CONFIG heimbase execinfo samba_intl', vnum='26.0.0', ) KRB5_PROTO_SOURCE = KRB5_SOURCE + ['lib/krb5/expand_path.c', 'lib/krb5/plugin.c', 'lib/krb5/context.c'] @@ -894,7 +894,7 @@ if not bld.CONFIG_SET('USING_SYSTEM_COM_ERR'): HEIMDAL_LIBRARY('com_err', 'lib/com_err/com_err.c lib/com_err/error.c', includes='../heimdal/lib/com_err', - deps='roken intl', + deps='roken samba_intl', vnum='0.25', version_script='lib/com_err/version-script.map', ) -- 1.8.1.2