From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail-wm0-f47.google.com (mail-wm0-f47.google.com [74.125.82.47]) by mail.openembedded.org (Postfix) with ESMTP id 5C370607A4 for ; Wed, 20 Apr 2016 09:26:03 +0000 (UTC) Received: by mail-wm0-f47.google.com with SMTP id u206so70859422wme.1 for ; Wed, 20 Apr 2016 02:26:05 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=from:date:to:subject:message-id:references:mime-version :content-disposition:in-reply-to:user-agent; bh=LAtpO3+zpxBRONyWkGEwp9F6F/nzLb1rU2RhkiffF0k=; b=E0FVjx5ypwIYotYNdkf2GGqHTlfpgw5NjAfZmAGNJZJ/T5FQx8UILG54I1OQtYgpKE gq66MBvju4xt1WjiLwaZZTuRFbdtwiGR36JtlEFK94OUyAL53LIzZ2RkUZwMyu22RfUF 6kUpfmRoBHP2iqLPRLmwGMgpmvqOSCz4m7hDLk28RdxuBXvqH4ppYruRziHUBhBpJN+w opZoTJksjUwIO/TvUOd/RwyCgnxITy6A7seFZ2EpE0cv7IiyGP5k2CaBObcBj0LIN145 oEABnBeKJQFHWaHn9Skpw+uvhN/4o174mQ5cFf9o3Kt6a3m6y3CkWO1PGEcRJF+3Dveu Ea4g== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:from:date:to:subject:message-id:references :mime-version:content-disposition:in-reply-to:user-agent; bh=LAtpO3+zpxBRONyWkGEwp9F6F/nzLb1rU2RhkiffF0k=; b=JPJIHX6FaIylKxnD0BF0p4aLTqEjTVCH7SJlFWEe5YZIK1uZkIdjxUgCLom5Uy+onh +4k94MKjSWxNGAgans07Sh3jStUEpX3yp3WsOr27rG1clNgJAyOrh4a9AIuuOX0XwJhg 7bdL5EUeWE8R+Bl43uFAWsT6sPAbzZ0HsuGVqpMZwjGxE8uUG2wtu424yUKdXSJ78WhE 7dTtNcI5tUUP7TjUkF8KdaoleuTvIV9nqgOOtrfCjBNL9k9OIle5uYnwkwOyXCt1w6i/ 6IjxzsbuSvBiyDn8sD+uFx5XIrsSK832QfaPGBcULpKXfxrRL2XT5qIQc3yL8IjjzpoD Tazg== X-Gm-Message-State: AOPr4FUq1rjo2a+f9Oaj35gWlxDSTE3r9l7aZ939LNdcCSsOu06235jDKpOS0+YgWTN0vQ== X-Received: by 10.194.246.137 with SMTP id xw9mr8113443wjc.172.1461144361102; Wed, 20 Apr 2016 02:26:01 -0700 (PDT) Received: from localhost (ip-86-49-34-37.net.upcbroadband.cz. [86.49.34.37]) by smtp.gmail.com with ESMTPSA id m20sm6906623wma.23.2016.04.20.02.25.56 for (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 20 Apr 2016 02:25:57 -0700 (PDT) From: Martin Jansa X-Google-Original-From: Martin Jansa Date: Wed, 20 Apr 2016 11:27:56 +0200 To: openembedded-devel@lists.openembedded.org Message-ID: <20160420092756.GC2561@jama> References: <1461013253-2350-1-git-send-email-joe_macdonald@mentor.com> <1461013253-2350-6-git-send-email-joe_macdonald@mentor.com> <20160419091558.GA2562@jama> <20160419130107.GA5970@mentor.com> MIME-Version: 1.0 In-Reply-To: <20160419130107.GA5970@mentor.com> User-Agent: Mutt/1.6.0 (2016-04-01) Subject: Re: [meta-networking][PATCH 5/5] samba: Update to latest stable X-BeenThere: openembedded-devel@lists.openembedded.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: Using the OpenEmbedded metadata to build Distributions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 20 Apr 2016 09:26:06 -0000 X-Groupsio-MsgNum: 61073 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="OBd5C1Lgu00Gd/Tn" Content-Disposition: inline --OBd5C1Lgu00Gd/Tn Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Tue, Apr 19, 2016 at 09:01:25AM -0400, Joe MacDonald wrote: > [Re: [oe] [meta-networking][PATCH 5/5] samba: Update to latest stable] On= 16.04.19 (Tue 11:15) Martin Jansa wrote: >=20 > > On Mon, Apr 18, 2016 at 05:00:53PM -0400, Joe MacDonald wrote: > > > The previous version of Samba had many critical security updates that > > > would've required significant backporting effort. Update to the late= st > > > stable release instead. > >=20 > > Does it fix floating dependency on libpam as well? >=20 > It does not, unfortunately. After an embarrassingly long time with this > I thought it would be best to carry it this far, integrate the > outstanding patches against it, then tackle the libpam dependency issue. > Since I know you've sunk a lot of time into this recently I know you > know all too well what a tangle the samba build and dependency checking > system can be. Agreed that it can be resolved in follow-up patch. > It at least meets the criteria of "better than I found it", I think. Partially agree, but first please fix this one found in last world build: ERROR: samba-4.4.2-r0 do_configure: Function failed: do_configure (log file= is located at /home/jenkins/oe/world/shr-core/tmp-glibc/work/armv5te-oe-li= nux-gnueabi/samba/4.4.2-r0/temp/log.do_configure.1777) ERROR: Logfile of failure stored in: /home/jenkins/oe/world/shr-core/tmp-gl= ibc/work/armv5te-oe-linux-gnueabi/samba/4.4.2-r0/temp/log.do_configure.1777 Log data follows: | DEBUG: Executing python function sysroot_cleansstate | DEBUG: Python function sysroot_cleansstate finished | DEBUG: Executing shell function do_configure | waf [command] [options] |=20 | Main commands (example: ./waf build -j4) | build : build all targets | clean : removes the build files | configure : configures the project | ctags : build 'tags' file using ctags | dist : makes a tarball for distribution | distcheck : test that distribution tarball builds and installs | distclean : removes the build directory | etags : build TAGS file using etags | install : installs the build files | pep8 : run pep8 validator | pydoctor : build python apidocs | reconfigure : reconfigure if config scripts have changed | test : Run the test suite (see test options below) | testonly : run tests without doing a build first | uninstall : removes the installed files | wafdocs : build wafsamba apidocs | wildcard_cmd: called on a unknown command |=20 | waf: error: no such option: --without-pam_smbpass | WARNING: exit code 1 from a shell command. | ERROR: Function failed: do_configure (log file is located at /home/jenkin= s/oe/world/shr-core/tmp-glibc/work/armv5te-oe-linux-gnueabi/samba/4.4.2-r0/= temp/log.do_configure.1777) NOTE: recipe samba-4.4.2-r0: task do_configure: Failed ERROR: Task 20263 (/home/jenkins/oe/world/shr-core/meta-openembedded/meta-n= etworking/recipes-connectivity/samba/samba_4.4.2.bb, do_configure) failed w= ith exit code '1' >=20 > -J. >=20 > >=20 > > > Signed-off-by: Joe MacDonald > > > --- > > > ...1-waf-sanitize-and-fix-added-cross-answer.patch | 60 - > > > ...-Adds-a-new-mode-to-samba-cross-compiling.patch | 112 - > > > ...-readability-of-cross-answers-generated-b.patch | 66 - > > > ...wafsamba-CHECK_SIZEOF-cross-compile-frien.patch | 72 - > > > .../0005-build-unify-and-fix-endian-tests.patch | 169 - > > > ...sing-of-cross-answers-file-in-case-answer.patch | 36 - > > > .../samba-4.1.12/01-fix-force-user-sec-ads.patch | 1448 - > > > .../samba/samba-4.1.12/02-fix-ipv6-join.patch | 266 - > > > .../samba-4.1.12/03-net-ads-kerberos-pac.patch | 962 - > > > .../samba/samba-4.1.12/04-ipv6-workaround.patch | 211 - > > > .../05-fix-gecos-field-with-samlogon.patch | 29894 ---------= ---------- > > > .../06-fix-nmbd-systemd-status-update.patch | 97 - > > > .../07-fix-idmap-ad-getgroups-without-gid.patch | 42 - > > > .../08-fix-idmap-ad-sfu-with-trusted-domains.patch | 44 - > > > .../09-fix-smbclient-echo-cmd-segfault.patch | 35 - > > > ...improve-service-principal-guessing-in-net.patch | 180 - > > > ...x-overwriting-of-spns-during-net-ads-join.patch | 329 - > > > ...ted-spns-from-AD-during-keytab-generation.patch | 159 - > > > .../samba/samba-4.1.12/13-fix-aes-enctype.patch | 988 - > > > .../samba/samba-4.1.12/14-fix-dnsupdate.patch | 51 - > > > .../15-fix-netbios-name-truncation.patch | 154 - > > > .../16-do-not-check-xsltproc-manpages.patch | 52 - > > > .../samba-4.1.12/17-execute-prog-by-qemu.patch | 22 - > > > .../18-avoid-get-config-by-native-ncurses.patch | 22 - > > > ...systemd-daemon-is-contained-by-libsystemd.patch | 42 - > > > .../samba-4.1.12/21-avoid-sasl-unless-wanted.patch | 10 - > > > .../00-fix-typos-in-man-pages.patch | 0 > > > ...006-avoid-using-colon-in-the-checking-msg.patch | 0 > > > .../16-do-not-check-xsltproc-manpages.patch | 43 + > > > ...-import-target-module-while-cross-compile.patch | 19 +- > > > .../21-add-config-option-without-valgrind.patch | 0 > > > .../samba/{samba_4.1.12.bb =3D> samba_4.4.2.bb} | 81 +- > > > 32 files changed, 81 insertions(+), 35585 deletions(-) > > > delete mode 100644 meta-networking/recipes-connectivity/samba/samba-= 4.1.12/0001-waf-sanitize-and-fix-added-cross-answer.patch > > > delete mode 100644 meta-networking/recipes-connectivity/samba/samba-= 4.1.12/0002-Adds-a-new-mode-to-samba-cross-compiling.patch > > > delete mode 100644 meta-networking/recipes-connectivity/samba/samba-= 4.1.12/0003-waf-improve-readability-of-cross-answers-generated-b.patch > > > delete mode 100644 meta-networking/recipes-connectivity/samba/samba-= 4.1.12/0004-build-make-wafsamba-CHECK_SIZEOF-cross-compile-frien.patch > > > delete mode 100644 meta-networking/recipes-connectivity/samba/samba-= 4.1.12/0005-build-unify-and-fix-endian-tests.patch > > > delete mode 100644 meta-networking/recipes-connectivity/samba/samba-= 4.1.12/0007-waf-Fix-parsing-of-cross-answers-file-in-case-answer.patch > > > delete mode 100644 meta-networking/recipes-connectivity/samba/samba-= 4.1.12/01-fix-force-user-sec-ads.patch > > > delete mode 100644 meta-networking/recipes-connectivity/samba/samba-= 4.1.12/02-fix-ipv6-join.patch > > > delete mode 100644 meta-networking/recipes-connectivity/samba/samba-= 4.1.12/03-net-ads-kerberos-pac.patch > > > delete mode 100644 meta-networking/recipes-connectivity/samba/samba-= 4.1.12/04-ipv6-workaround.patch > > > delete mode 100644 meta-networking/recipes-connectivity/samba/samba-= 4.1.12/05-fix-gecos-field-with-samlogon.patch > > > delete mode 100644 meta-networking/recipes-connectivity/samba/samba-= 4.1.12/06-fix-nmbd-systemd-status-update.patch > > > delete mode 100644 meta-networking/recipes-connectivity/samba/samba-= 4.1.12/07-fix-idmap-ad-getgroups-without-gid.patch > > > delete mode 100644 meta-networking/recipes-connectivity/samba/samba-= 4.1.12/08-fix-idmap-ad-sfu-with-trusted-domains.patch > > > delete mode 100644 meta-networking/recipes-connectivity/samba/samba-= 4.1.12/09-fix-smbclient-echo-cmd-segfault.patch > > > delete mode 100644 meta-networking/recipes-connectivity/samba/samba-= 4.1.12/10-improve-service-principal-guessing-in-net.patch > > > delete mode 100644 meta-networking/recipes-connectivity/samba/samba-= 4.1.12/11-fix-overwriting-of-spns-during-net-ads-join.patch > > > delete mode 100644 meta-networking/recipes-connectivity/samba/samba-= 4.1.12/12-add-precreated-spns-from-AD-during-keytab-generation.patch > > > delete mode 100644 meta-networking/recipes-connectivity/samba/samba-= 4.1.12/13-fix-aes-enctype.patch > > > delete mode 100644 meta-networking/recipes-connectivity/samba/samba-= 4.1.12/14-fix-dnsupdate.patch > > > delete mode 100644 meta-networking/recipes-connectivity/samba/samba-= 4.1.12/15-fix-netbios-name-truncation.patch > > > delete mode 100644 meta-networking/recipes-connectivity/samba/samba-= 4.1.12/16-do-not-check-xsltproc-manpages.patch > > > delete mode 100644 meta-networking/recipes-connectivity/samba/samba-= 4.1.12/17-execute-prog-by-qemu.patch > > > delete mode 100644 meta-networking/recipes-connectivity/samba/samba-= 4.1.12/18-avoid-get-config-by-native-ncurses.patch > > > delete mode 100644 meta-networking/recipes-connectivity/samba/samba-= 4.1.12/19-systemd-daemon-is-contained-by-libsystemd.patch > > > delete mode 100644 meta-networking/recipes-connectivity/samba/samba-= 4.1.12/21-avoid-sasl-unless-wanted.patch > > > rename meta-networking/recipes-connectivity/samba/{samba-4.1.12 =3D>= samba-4.4.2}/00-fix-typos-in-man-pages.patch (100%) > > > rename meta-networking/recipes-connectivity/samba/{samba-4.1.12 =3D>= samba-4.4.2}/0006-avoid-using-colon-in-the-checking-msg.patch (100%) > > > create mode 100644 meta-networking/recipes-connectivity/samba/samba-= 4.4.2/16-do-not-check-xsltproc-manpages.patch > > > rename meta-networking/recipes-connectivity/samba/{samba-4.1.12 =3D>= samba-4.4.2}/20-do-not-import-target-module-while-cross-compile.patch (79%) > > > mode change 100755 =3D> 100644 > > > rename meta-networking/recipes-connectivity/samba/{samba-4.1.12 =3D>= samba-4.4.2}/21-add-config-option-without-valgrind.patch (100%) > > > rename meta-networking/recipes-connectivity/samba/{samba_4.1.12.bb = =3D> samba_4.4.2.bb} (82%) > > >=20 > > > diff --git a/meta-networking/recipes-connectivity/samba/samba-4.1.12/= 0001-waf-sanitize-and-fix-added-cross-answer.patch b/meta-networking/recipe= s-connectivity/samba/samba-4.1.12/0001-waf-sanitize-and-fix-added-cross-ans= wer.patch > > > deleted file mode 100644 > > > index 69668c0..0000000 > > > --- a/meta-networking/recipes-connectivity/samba/samba-4.1.12/0001-wa= f-sanitize-and-fix-added-cross-answer.patch > > > +++ /dev/null > > > @@ -1,60 +0,0 @@ > > > -From 1b32c7d7f148bcf2598799b21dfa3ba1ed824d32 Mon Sep 17 00:00:00 20= 01 > > > -From: Uri Simchoni > > > -Date: Mon, 18 May 2015 21:12:06 +0300 > > > -Subject: [PATCH 1/7] waf: sanitize and fix added cross answer > > > - > > > -When configuring samba for cross-compilation using the cross-answers > > > -method, the function add_answer receives the standard output and exi= t code > > > -of a configuration test and updates the cross-answers file according= ly. > > > - > > > -This patch sanitizes the standard output to conform to the cross-ans= wers > > > -file format - one line of output. It also adds a missing newline. > > > - > > > -(Note - at this point add_answer is only ever called with empty outp= ut > > > -but this change is significant for the reminder of this patchset) > > > - > > > -Signed-off-by: Uri Simchoni > > > -Reviewed-by: Andrew Bartlett > > > -Reviewed-by: Alexander Bokovoy > > > - > > > -Upstream-Status: Backport > > > - > > > -Signed-off-by: Jackie Huang > > > ---- > > > - buildtools/wafsamba/samba_cross.py | 13 +++++++++++-- > > > - 1 file changed, 11 insertions(+), 2 deletions(-) > > > - > > > -diff --git a/buildtools/wafsamba/samba_cross.py b/buildtools/wafsamb= a/samba_cross.py > > > -index 3838e34..fc1d78e 100644 > > > ---- a/buildtools/wafsamba/samba_cross.py > > > -+++ b/buildtools/wafsamba/samba_cross.py > > > -@@ -19,6 +19,16 @@ def add_answer(ca_file, msg, answer): > > > - except: > > > - Logs.error("Unable to open cross-answers file %s" % ca_file) > > > - sys.exit(1) > > > -+ (retcode, retstring) =3D answer > > > -+ # if retstring is more than one line then we probably > > > -+ # don't care about its actual content (the tests should > > > -+ # yield one-line output in order to comply with the cross-answer > > > -+ # format) > > > -+ retstring =3D retstring.strip() > > > -+ if len(retstring.split('\n')) > 1: > > > -+ retstring =3D '' > > > -+ answer =3D (retcode, retstring) > > > -+ > > > - if answer =3D=3D ANSWER_OK: > > > - f.write('%s: OK\n' % msg) > > > - elif answer =3D=3D ANSWER_UNKNOWN: > > > -@@ -26,8 +36,7 @@ def add_answer(ca_file, msg, answer): > > > - elif answer =3D=3D ANSWER_FAIL: > > > - f.write('%s: FAIL\n' % msg) > > > - else: > > > -- (retcode, retstring) =3D answer > > > -- f.write('%s: (%d, "%s")' % (msg, retcode, retstring)) > > > -+ f.write('%s: (%d, "%s")\n' % (msg, retcode, retstring)) > > > - f.close() > > > -=20 > > > -=20 > > > ---=20 > > > -1.9.1 > > > - > > > diff --git a/meta-networking/recipes-connectivity/samba/samba-4.1.12/= 0002-Adds-a-new-mode-to-samba-cross-compiling.patch b/meta-networking/recip= es-connectivity/samba/samba-4.1.12/0002-Adds-a-new-mode-to-samba-cross-comp= iling.patch > > > deleted file mode 100644 > > > index fce3abc..0000000 > > > --- a/meta-networking/recipes-connectivity/samba/samba-4.1.12/0002-Ad= ds-a-new-mode-to-samba-cross-compiling.patch > > > +++ /dev/null > > > @@ -1,112 +0,0 @@ > > > -From add52538b9a0ccf66ca87c7a691bf59901765849 Mon Sep 17 00:00:00 20= 01 > > > -From: Uri Simchoni > > > -Date: Mon, 18 May 2015 21:15:19 +0300 > > > -Subject: [PATCH 2/7] Adds a new mode to samba cross-compiling. > > > - > > > -When both --cross-answers and --cross-execute are set, this means: > > > -- Use cross-answers > > > -- If answer is unknown, then instead of adding UNKNOWN to the cross-= answers > > > - file and failing configure, the new mode runs cross-execute to det= ermine the > > > - answer and adds that to the cross-answers file. > > > - > > > -Signed-off-by: Uri Simchoni > > > -Reviewed-by: Andrew Bartlett > > > -Reviewed-by: Alexander Bokovoy > > > - > > > -Upstream-Status: Backport > > > - > > > -Signed-off-by: Jackie Huang > > > ---- > > > - buildtools/wafsamba/samba_cross.py | 46 +++++++++++++++++++++++++++= +---------- > > > - 1 file changed, 34 insertions(+), 12 deletions(-) > > > - > > > -diff --git a/buildtools/wafsamba/samba_cross.py b/buildtools/wafsamb= a/samba_cross.py > > > -index fc1d78e..3f1ef12 100644 > > > ---- a/buildtools/wafsamba/samba_cross.py > > > -+++ b/buildtools/wafsamba/samba_cross.py > > > -@@ -45,7 +45,6 @@ def cross_answer(ca_file, msg): > > > - try: > > > - f =3D open(ca_file, 'r') > > > - except: > > > -- add_answer(ca_file, msg, ANSWER_UNKNOWN) > > > - return ANSWER_UNKNOWN > > > - for line in f: > > > - line =3D line.strip() > > > -@@ -78,7 +77,6 @@ def cross_answer(ca_file, msg): > > > - else: > > > - raise Utils.WafError("Bad answer format '%s' in= %s" % (line, ca_file)) > > > - f.close() > > > -- add_answer(ca_file, msg, ANSWER_UNKNOWN) > > > - return ANSWER_UNKNOWN > > > -=20 > > > -=20 > > > -@@ -86,24 +84,47 @@ class cross_Popen(Utils.pproc.Popen): > > > - '''cross-compilation wrapper for Popen''' > > > - def __init__(*k, **kw): > > > - (obj, args) =3D k > > > -- > > > -- if '--cross-execute' in args: > > > -- # when --cross-execute is set, then change the arguments > > > -- # to use the cross emulator > > > -- i =3D args.index('--cross-execute') > > > -- newargs =3D args[i+1].split() > > > -- newargs.extend(args[0:i]) > > > -- args =3D newargs > > > -- elif '--cross-answers' in args: > > > -+ use_answers =3D False > > > -+ ans =3D ANSWER_UNKNOWN > > > -+ > > > -+ # Three possibilities: > > > -+ # 1. Only cross-answers - try the cross-answers file, and= if > > > -+ # there's no corresponding answer, add to the file and= mark > > > -+ # the configure process as unfinished. > > > -+ # 2. Only cross-execute - get the answer from cross-execu= te > > > -+ # 3. Both - try the cross-answers file, and if there is no > > > -+ # corresponding answer - use cross-execute to get an a= nswer, > > > -+ # and add that answer to the file. > > > -+ if '--cross-answers' in args: > > > - # when --cross-answers is set, then change the arguments > > > - # to use the cross answers if available > > > -+ use_answers =3D True > > > - i =3D args.index('--cross-answers') > > > - ca_file =3D args[i+1] > > > - msg =3D args[i+2] > > > - ans =3D cross_answer(ca_file, msg) > > > -+ > > > -+ if '--cross-execute' in args and ans =3D=3D ANSWER_UNKNOWN: > > > -+ # when --cross-execute is set, then change the arguments > > > -+ # to use the cross emulator > > > -+ i =3D args.index('--cross-execute') > > > -+ newargs =3D args[i+1].split() > > > -+ newargs.extend(args[0:i]) > > > -+ if use_answers: > > > -+ p =3D real_Popen(newargs, > > > -+ stdout=3DUtils.pproc.PIPE, > > > -+ stderr=3DUtils.pproc.PIPE) > > > -+ ce_out, ce_err =3D p.communicate() > > > -+ ans =3D (p.returncode, ce_out) > > > -+ add_answer(ca_file, msg, ans) > > > -+ else: > > > -+ args =3D newargs > > > -+ > > > -+ if use_answers: > > > - if ans =3D=3D ANSWER_UNKNOWN: > > > - global cross_answers_incomplete > > > - cross_answers_incomplete =3D True > > > -+ add_answer(ca_file, msg, ans) > > > - (retcode, retstring) =3D ans > > > - args =3D ['/bin/sh', '-c', "echo -n '%s'; exit %d" % (r= etstring, retcode)] > > > - real_Popen.__init__(*(obj, args), **kw) > > > -@@ -124,7 +145,8 @@ def SAMBA_CROSS_ARGS(conf, msg=3DNone): > > > -=20 > > > - if conf.env.CROSS_EXECUTE: > > > - ret.extend(['--cross-execute', conf.env.CROSS_EXECUTE]) > > > -- elif conf.env.CROSS_ANSWERS: > > > -+ > > > -+ if conf.env.CROSS_ANSWERS: > > > - if msg is None: > > > - raise Utils.WafError("Cannot have NULL msg in cross-ans= wers") > > > - ret.extend(['--cross-answers', os.path.join(Options.launch_= dir, conf.env.CROSS_ANSWERS), msg]) > > > ---=20 > > > -1.9.1 > > > - > > > diff --git a/meta-networking/recipes-connectivity/samba/samba-4.1.12/= 0003-waf-improve-readability-of-cross-answers-generated-b.patch b/meta-netw= orking/recipes-connectivity/samba/samba-4.1.12/0003-waf-improve-readability= -of-cross-answers-generated-b.patch > > > deleted file mode 100644 > > > index ec17d9d..0000000 > > > --- a/meta-networking/recipes-connectivity/samba/samba-4.1.12/0003-wa= f-improve-readability-of-cross-answers-generated-b.patch > > > +++ /dev/null > > > @@ -1,66 +0,0 @@ > > > -From f7052d633396005563e44509428503f42c9faa97 Mon Sep 17 00:00:00 20= 01 > > > -From: Jackie Huang > > > -Date: Thu, 12 Nov 2015 01:00:11 -0500 > > > -Subject: [PATCH 3/7] waf: improve readability of cross-answers gener= ated by cross-execute > > > - > > > -When generating a result for cross-answers from the (retcode, retstr= ing) tuple: > > > -- (0, "output") indicated as "output" > > > -- 1 is interpreted as generic fail code, instead of 255, because most > > > - if not all tests fail with 1 as exit code rather than 255 > > > -- For failing test, use NO instead of FAIL, because that's not > > > - necessarily a failure (it could mean that something is NOT > > > - broken) > > > - > > > -Signed-off-by: Uri Simchoni > > > -Reviewed-by: Andrew Bartlett > > > -Reviewed-by: Alexander Bokovoy > > > - > > > -Upstream-Status: Backport > > > - > > > -Signed-off-by: Jackie Huang > > > ---- > > > - buildtools/wafsamba/samba_cross.py | 13 ++++++++----- > > > - 1 file changed, 8 insertions(+), 5 deletions(-) > > > - > > > -diff --git a/buildtools/wafsamba/samba_cross.py b/buildtools/wafsamb= a/samba_cross.py > > > -index 3f1ef12..d1e7006 100644 > > > ---- a/buildtools/wafsamba/samba_cross.py > > > -+++ b/buildtools/wafsamba/samba_cross.py > > > -@@ -6,7 +6,7 @@ from Configure import conf > > > - real_Popen =3D None > > > -=20 > > > - ANSWER_UNKNOWN =3D (254, "") > > > --ANSWER_FAIL =3D (255, "") > > > -+ANSWER_NO =3D (1, "") > > > - ANSWER_OK =3D (0, "") > > > -=20 > > > - cross_answers_incomplete =3D False > > > -@@ -33,10 +33,13 @@ def add_answer(ca_file, msg, answer): > > > - f.write('%s: OK\n' % msg) > > > - elif answer =3D=3D ANSWER_UNKNOWN: > > > - f.write('%s: UNKNOWN\n' % msg) > > > -- elif answer =3D=3D ANSWER_FAIL: > > > -- f.write('%s: FAIL\n' % msg) > > > -+ elif answer =3D=3D ANSWER_NO: > > > -+ f.write('%s: NO\n' % msg) > > > - else: > > > -- f.write('%s: (%d, "%s")\n' % (msg, retcode, retstring)) > > > -+ if retcode =3D=3D 0: > > > -+ f.write('%s: "%s"\n' % (msg, retstring)) > > > -+ else: > > > -+ f.write('%s: (%d, "%s")\n' % (msg, retcode, retstring)) > > > - f.close() > > > -=20 > > > -=20 > > > -@@ -64,7 +67,7 @@ def cross_answer(ca_file, msg): > > > - return ANSWER_UNKNOWN > > > - elif ans =3D=3D "FAIL" or ans =3D=3D "NO": > > > - f.close() > > > -- return ANSWER_FAIL > > > -+ return ANSWER_NO > > > - elif ans[0] =3D=3D '"': > > > - return (0, ans.strip('"')) > > > - elif ans[0] =3D=3D "'": > > > ---=20 > > > -1.9.1 > > > - > > > diff --git a/meta-networking/recipes-connectivity/samba/samba-4.1.12/= 0004-build-make-wafsamba-CHECK_SIZEOF-cross-compile-frien.patch b/meta-netw= orking/recipes-connectivity/samba/samba-4.1.12/0004-build-make-wafsamba-CHE= CK_SIZEOF-cross-compile-frien.patch > > > deleted file mode 100644 > > > index 3fbb770..0000000 > > > --- a/meta-networking/recipes-connectivity/samba/samba-4.1.12/0004-bu= ild-make-wafsamba-CHECK_SIZEOF-cross-compile-frien.patch > > > +++ /dev/null > > > @@ -1,72 +0,0 @@ > > > -From 8ffb1892b5c42d8d29124d274aa4b5f1726d7e9f Mon Sep 17 00:00:00 20= 01 > > > -From: Gustavo Zacarias > > > -Date: Mon, 21 Apr 2014 10:18:16 -0300 > > > -Subject: [PATCH 4/7] build: make wafsamba CHECK_SIZEOF cross-compile= friendly > > > - > > > -Use the same trick as commit 0d9bb86293c9d39298786df095c73a6251b08b7e > > > -We do the same array trick iteratively starting from 1 (byte) by pow= ers > > > -of 2 up to 32. > > > - > > > -The new 'critical' option is used to make the invocation die or not > > > -according to each test. > > > -The default is True since normally it's expected to find a proper > > > -result and should error out if not. > > > - > > > -Signed-off-by: Gustavo Zacarias > > > -Reviewed-by: Andrew Bartlett > > > -Reviewed-by: David Disseldorp > > > - > > > -Upstream-Status: Backport > > > - > > > -Signed-off-by: Jackie Huang > > > ---- > > > - buildtools/wafsamba/samba_autoconf.py | 28 ++++++++++++++++--------= ---- > > > - 1 file changed, 16 insertions(+), 12 deletions(-) > > > - > > > -diff --git a/buildtools/wafsamba/samba_autoconf.py b/buildtools/wafs= amba/samba_autoconf.py > > > -index fe110bd..59953d9 100644 > > > ---- a/buildtools/wafsamba/samba_autoconf.py > > > -+++ b/buildtools/wafsamba/samba_autoconf.py > > > -@@ -304,23 +304,27 @@ def CHECK_FUNCS(conf, list, link=3DTrue, lib= =3DNone, headers=3DNone): > > > -=20 > > > -=20 > > > - @conf > > > --def CHECK_SIZEOF(conf, vars, headers=3DNone, define=3DNone): > > > -+def CHECK_SIZEOF(conf, vars, headers=3DNone, define=3DNone, critica= l=3DTrue): > > > - '''check the size of a type''' > > > -- ret =3D True > > > - for v in TO_LIST(vars): > > > - v_define =3D define > > > -+ ret =3D False > > > - if v_define is None: > > > - v_define =3D 'SIZEOF_%s' % v.upper().replace(' ', '_') > > > -- if not CHECK_CODE(conf, > > > -- 'printf("%%u", (unsigned)sizeof(%s))' % v, > > > -- define=3Dv_define, > > > -- execute=3DTrue, > > > -- define_ret=3DTrue, > > > -- quote=3DFalse, > > > -- headers=3Dheaders, > > > -- local_include=3DFalse, > > > -- msg=3D"Checking size of %s" % v): > > > -- ret =3D False > > > -+ for size in list((1, 2, 4, 8, 16, 32)): > > > -+ if CHECK_CODE(conf, > > > -+ 'static int test_array[1 - 2 * !(((long int)(= sizeof(%s))) <=3D %d)];' % (v, size), > > > -+ define=3Dv_define, > > > -+ quote=3DFalse, > > > -+ headers=3Dheaders, > > > -+ local_include=3DFalse, > > > -+ msg=3D"Checking if size of %s =3D=3D %d" % (v= , size)): > > > -+ conf.DEFINE(v_define, size) > > > -+ ret =3D True > > > -+ break > > > -+ if not ret and critical: > > > -+ Logs.error("Couldn't determine size of '%s'" % v) > > > -+ sys.exit(1) > > > - return ret > > > -=20 > > > - @conf > > > ---=20 > > > -1.9.1 > > > - > > > diff --git a/meta-networking/recipes-connectivity/samba/samba-4.1.12/= 0005-build-unify-and-fix-endian-tests.patch b/meta-networking/recipes-conne= ctivity/samba/samba-4.1.12/0005-build-unify-and-fix-endian-tests.patch > > > deleted file mode 100644 > > > index 5546b6d..0000000 > > > --- a/meta-networking/recipes-connectivity/samba/samba-4.1.12/0005-bu= ild-unify-and-fix-endian-tests.patch > > > +++ /dev/null > > > @@ -1,169 +0,0 @@ > > > -From 81379b6b14ea725c72953be2170b382403ed8728 Mon Sep 17 00:00:00 20= 01 > > > -From: Gustavo Zacarias > > > -Date: Mon, 21 Apr 2014 10:18:15 -0300 > > > -Subject: [PATCH 5/7] build: unify and fix endian tests > > > - > > > -Unify the endian tests out of lib/ccan/wscript into wafsamba since > > > -they're almost cross-compile friendly. > > > -While at it fix them to be so by moving the preprocessor directives = out > > > -of main scope since that will fail. > > > -And keep the WORDS_BIGENDIAN, HAVE_LITTLE_ENDIAN and HAVE_BIG_ENDIAN > > > -defines separate because of different codebases. > > > - > > > -Signed-off-by: Gustavo Zacarias > > > -Reviewed-by: Andrew Bartlett > > > -Reviewed-by: David Disseldorp > > > - > > > -Upstream-Status: Backport > > > - > > > -Signed-off-by: Jackie Huang > > > ---- > > > - buildtools/wafsamba/wscript | 65 ++++++++++++++++++++++++++++++++++= ++++++++--- > > > - lib/ccan/wscript | 55 ----------------------------------= ---- > > > - 2 files changed, 62 insertions(+), 58 deletions(-) > > > - > > > -diff --git a/buildtools/wafsamba/wscript b/buildtools/wafsamba/wscri= pt > > > -index 7984227..1a2cfe6 100755 > > > ---- a/buildtools/wafsamba/wscript > > > -+++ b/buildtools/wafsamba/wscript > > > -@@ -390,9 +390,68 @@ def configure(conf): > > > - else: > > > - conf.define('SHLIBEXT', "so", quote=3DTrue) > > > -=20 > > > -- conf.CHECK_CODE('long one =3D 1; return ((char *)(&one))[0]', > > > -- execute=3DTrue, > > > -- define=3D'WORDS_BIGENDIAN') > > > -+ # First try a header check for cross-compile friendlyness > > > -+ conf.CHECK_CODE(code =3D """#ifdef __BYTE_ORDER > > > -+ #define B __BYTE_ORDER > > > -+ #elif defined(BYTE_ORDER) > > > -+ #define B BYTE_ORDER > > > -+ #endif > > > -+ > > > -+ #ifdef __LITTLE_ENDIAN > > > -+ #define LITTLE __LITTLE_ENDIAN > > > -+ #elif defined(LITTLE_ENDIAN) > > > -+ #define LITTLE LITTLE_ENDIAN > > > -+ #endif > > > -+ > > > -+ #if !defined(LITTLE) || !defined(B) || LITT= LE !=3D B > > > -+ #error Not little endian. > > > -+ #endif > > > -+ int main(void) { return 0; }""", > > > -+ addmain=3DFalse, > > > -+ headers=3D"endian.h sys/endian.h", > > > -+ define=3D"HAVE_LITTLE_ENDIAN") > > > -+ conf.CHECK_CODE(code =3D """#ifdef __BYTE_ORDER > > > -+ #define B __BYTE_ORDER > > > -+ #elif defined(BYTE_ORDER) > > > -+ #define B BYTE_ORDER > > > -+ #endif > > > -+ > > > -+ #ifdef __BIG_ENDIAN > > > -+ #define BIG __BIG_ENDIAN > > > -+ #elif defined(BIG_ENDIAN) > > > -+ #define BIG BIG_ENDIAN > > > -+ #endif > > > -+ > > > -+ #if !defined(BIG) || !defined(B) || BIG != =3D B > > > -+ #error Not big endian. > > > -+ #endif > > > -+ int main(void) { return 0; }""", > > > -+ addmain=3DFalse, > > > -+ headers=3D"endian.h sys/endian.h", > > > -+ define=3D"HAVE_BIG_ENDIAN") > > > -+ > > > -+ if not conf.CONFIG_SET("HAVE_BIG_ENDIAN") and not conf.CONFIG_S= ET("HAVE_LITTLE_ENDIAN"): > > > -+ # That didn't work! Do runtime test. > > > -+ conf.CHECK_CODE("""union { int i; char c[sizeof(int)]; } u; > > > -+ u.i =3D 0x01020304; > > > -+ return u.c[0] =3D=3D 0x04 && u.c[1] =3D=3D 0x03 && u.c[= 2] =3D=3D 0x02 && u.c[3] =3D=3D 0x01 ? 0 : 1;""", > > > -+ addmain=3DTrue, execute=3DTrue, > > > -+ define=3D'HAVE_LITTLE_ENDIAN', > > > -+ msg=3D"Checking for HAVE_LITTLE_ENDIAN - = runtime") > > > -+ conf.CHECK_CODE("""union { int i; char c[sizeof(int)]; } u; > > > -+ u.i =3D 0x01020304; > > > -+ return u.c[0] =3D=3D 0x01 && u.c[1] =3D=3D 0x02 && u.c[= 2] =3D=3D 0x03 && u.c[3] =3D=3D 0x04 ? 0 : 1;""", > > > -+ addmain=3DTrue, execute=3DTrue, > > > -+ define=3D'HAVE_BIG_ENDIAN', > > > -+ msg=3D"Checking for HAVE_BIG_ENDIAN - run= time") > > > -+ > > > -+ # Extra sanity check. > > > -+ if conf.CONFIG_SET("HAVE_BIG_ENDIAN") =3D=3D conf.CONFIG_SET("H= AVE_LITTLE_ENDIAN"): > > > -+ Logs.error("Failed endian determination. The PDP-11 is bac= k?") > > > -+ sys.exit(1) > > > -+ else: > > > -+ if conf.CONFIG_SET("HAVE_BIG_ENDIAN"): > > > -+ conf.DEFINE('WORDS_BIGENDIAN', 1) > > > -=20 > > > - # check if signal() takes a void function > > > - if conf.CHECK_CODE('return *(signal (0, 0)) (0) =3D=3D 1', > > > -diff --git a/lib/ccan/wscript b/lib/ccan/wscript > > > -index a0b5406..5b3a910 100644 > > > ---- a/lib/ccan/wscript > > > -+++ b/lib/ccan/wscript > > > -@@ -25,61 +25,6 @@ def configure(conf): > > > - conf.CHECK_CODE('int __attribute__((used)) func(int x) { return= x; }', > > > - addmain=3DFalse, link=3DFalse, cflags=3Dconf.en= v['WERROR_CFLAGS'], > > > - define=3D'HAVE_ATTRIBUTE_USED') > > > -- # We try to use headers for a compile-time test. > > > -- conf.CHECK_CODE(code =3D """#ifdef __BYTE_ORDER > > > -- #define B __BYTE_ORDER > > > -- #elif defined(BYTE_ORDER) > > > -- #define B BYTE_ORDER > > > -- #endif > > > -- > > > -- #ifdef __LITTLE_ENDIAN > > > -- #define LITTLE __LITTLE_ENDIAN > > > -- #elif defined(LITTLE_ENDIAN) > > > -- #define LITTLE LITTLE_ENDIAN > > > -- #endif > > > -- > > > -- #if !defined(LITTLE) || !defined(B) || LITT= LE !=3D B > > > -- #error Not little endian. > > > -- #endif""", > > > -- headers=3D"endian.h sys/endian.h", > > > -- define=3D"HAVE_LITTLE_ENDIAN") > > > -- conf.CHECK_CODE(code =3D """#ifdef __BYTE_ORDER > > > -- #define B __BYTE_ORDER > > > -- #elif defined(BYTE_ORDER) > > > -- #define B BYTE_ORDER > > > -- #endif > > > -- > > > -- #ifdef __BIG_ENDIAN > > > -- #define BIG __BIG_ENDIAN > > > -- #elif defined(BIG_ENDIAN) > > > -- #define BIG BIG_ENDIAN > > > -- #endif > > > -- > > > -- #if !defined(BIG) || !defined(B) || BIG != =3D B > > > -- #error Not big endian. > > > -- #endif""", > > > -- headers=3D"endian.h sys/endian.h", > > > -- define=3D"HAVE_BIG_ENDIAN") > > > -- > > > -- if not conf.CONFIG_SET("HAVE_BIG_ENDIAN") and not conf.CONFIG_S= ET("HAVE_LITTLE_ENDIAN"): > > > -- # That didn't work! Do runtime test. > > > -- conf.CHECK_CODE("""union { int i; char c[sizeof(int)]; } u; > > > -- u.i =3D 0x01020304; > > > -- return u.c[0] =3D=3D 0x04 && u.c[1] =3D=3D 0x03 && u.c[2] =3D=3D= 0x02 && u.c[3] =3D=3D 0x01 ? 0 : 1;""", > > > -- addmain=3DTrue, execute=3DTrue, > > > -- define=3D'HAVE_LITTLE_ENDIAN', > > > -- msg=3D"Checking for HAVE_LITTLE_ENDIAN - ru= ntime") > > > -- conf.CHECK_CODE("""union { int i; char c[sizeof(int)]; } u; > > > -- u.i =3D 0x01020304; > > > -- return u.c[0] =3D=3D 0x01 && u.c[1] =3D=3D 0x02 && u.c[2] =3D=3D= 0x03 && u.c[3] =3D=3D 0x04 ? 0 : 1;""", > > > -- addmain=3DTrue, execute=3DTrue, > > > -- define=3D'HAVE_BIG_ENDIAN', > > > -- msg=3D"Checking for HAVE_BIG_ENDIAN - runti= me") > > > -- > > > -- # Extra sanity check. > > > -- if conf.CONFIG_SET("HAVE_BIG_ENDIAN") =3D=3D conf.CONFIG_SET("H= AVE_LITTLE_ENDIAN"): > > > -- Logs.error("Failed endian determination. The PDP-11 is bac= k?") > > > -- sys.exit(1) > > > -=20 > > > - conf.CHECK_CODE('return __builtin_choose_expr(1, 0, "garbage");= ', > > > - link=3DTrue, > > > ---=20 > > > -1.9.1 > > > - > > > diff --git a/meta-networking/recipes-connectivity/samba/samba-4.1.12/= 0007-waf-Fix-parsing-of-cross-answers-file-in-case-answer.patch b/meta-netw= orking/recipes-connectivity/samba/samba-4.1.12/0007-waf-Fix-parsing-of-cros= s-answers-file-in-case-answer.patch > > > deleted file mode 100644 > > > index de0d32c..0000000 > > > --- a/meta-networking/recipes-connectivity/samba/samba-4.1.12/0007-wa= f-Fix-parsing-of-cross-answers-file-in-case-answer.patch > > > +++ /dev/null > > > @@ -1,36 +0,0 @@ > > > -From 649c731526dc1473bd1804d2903d7559e63616da Mon Sep 17 00:00:00 20= 01 > > > -From: Uri Simchoni > > > -Date: Mon, 4 May 2015 09:12:45 +0300 > > > -Subject: [PATCH 7/7] waf: Fix parsing of cross-answers file in case = answer includes a colon > > > - > > > -The answer provided in the cross-answers file may include a colon, > > > -as in: > > > -Checking uname version type: "#57-Ubuntu SMP Tue Jul 15 03:51:08 UTC= 2014" > > > - > > > -Signed-off-by: Uri Simchoni > > > -Reviewed-by: Andrew Bartlett > > > -Reviewed-by: Alexander Bokovoy > > > - > > > -Upstream-Status: Backport > > > - > > > -Signed-off-by: Jackie Huang > > > ---- > > > - buildtools/wafsamba/samba_cross.py | 2 +- > > > - 1 file changed, 1 insertion(+), 1 deletion(-) > > > - > > > -diff --git a/buildtools/wafsamba/samba_cross.py b/buildtools/wafsamb= a/samba_cross.py > > > -index d1e7006..7961212 100644 > > > ---- a/buildtools/wafsamba/samba_cross.py > > > -+++ b/buildtools/wafsamba/samba_cross.py > > > -@@ -54,7 +54,7 @@ def cross_answer(ca_file, msg): > > > - if line =3D=3D '' or line[0] =3D=3D '#': > > > - continue > > > - if line.find(':') !=3D -1: > > > -- a =3D line.split(':') > > > -+ a =3D line.split(':', 1) > > > - thismsg =3D a[0].strip() > > > - if thismsg !=3D msg: > > > - continue > > > ---=20 > > > -1.9.1 > > > - > > > diff --git a/meta-networking/recipes-connectivity/samba/samba-4.1.12/= 01-fix-force-user-sec-ads.patch b/meta-networking/recipes-connectivity/samb= a/samba-4.1.12/01-fix-force-user-sec-ads.patch > > > deleted file mode 100644 > > > index 6c08ccc..0000000 > > > --- a/meta-networking/recipes-connectivity/samba/samba-4.1.12/01-fix-= force-user-sec-ads.patch > > > +++ /dev/null > > > @@ -1,1448 +0,0 @@ > > > -From 80f3551d4f594438dcc93dd82a7953c4a913badd Mon Sep 17 00:00:00 20= 01 > > > -From: Andreas Schneider > > > -Date: Mon, 16 Dec 2013 12:57:20 +0100 > > > -Subject: [PATCH 1/7] s3-lib: Add winbind_lookup_usersids(). > > > - > > > -Pair-Programmed-With: Guenther Deschner > > > -Signed-off-by: Guenther Deschner > > > -Signed-off-by: Andreas Schneider > > > -Reviewed-by: Andrew Bartlett > > > - > > > -(cherry picked from commit 241e98d8ee099f9cc5feb835085b4abd2b1ee663) > > > ---- > > > - source3/lib/winbind_util.c | 34 +++++ > > > - source3/lib/winbind_util.h | 4 + > > > - source3/passdb/ABI/pdb-0.1.0.sigs | 311 +++++++++++++++++++++++++++= +++++++++++ > > > - source3/wscript_build | 2 +- > > > - 4 files changed, 350 insertions(+), 1 deletion(-) > > > - create mode 100644 source3/passdb/ABI/pdb-0.1.0.sigs > > > - > > > -diff --git a/source3/lib/winbind_util.c b/source3/lib/winbind_util.c > > > -index b458ebe..f62682b 100644 > > > ---- a/source3/lib/winbind_util.c > > > -+++ b/source3/lib/winbind_util.c > > > -@@ -342,6 +342,40 @@ bool winbind_get_sid_aliases(TALLOC_CTX *mem_ct= x, > > > - return true; > > > - } > > > -=20 > > > -+bool winbind_lookup_usersids(TALLOC_CTX *mem_ctx, > > > -+ const struct dom_sid *user_sid, > > > -+ uint32_t *p_num_sids, > > > -+ struct dom_sid **p_sids) > > > -+{ > > > -+ wbcErr ret; > > > -+ struct wbcDomainSid dom_sid; > > > -+ struct wbcDomainSid *sid_list =3D NULL; > > > -+ uint32_t num_sids; > > > -+ > > > -+ memcpy(&dom_sid, user_sid, sizeof(dom_sid)); > > > -+ > > > -+ ret =3D wbcLookupUserSids(&dom_sid, > > > -+ false, > > > -+ &num_sids, > > > -+ &sid_list); > > > -+ if (ret !=3D WBC_ERR_SUCCESS) { > > > -+ return false; > > > -+ } > > > -+ > > > -+ *p_sids =3D talloc_array(mem_ctx, struct dom_sid, num_sids); > > > -+ if (*p_sids =3D=3D NULL) { > > > -+ wbcFreeMemory(sid_list); > > > -+ return false; > > > -+ } > > > -+ > > > -+ memcpy(*p_sids, sid_list, sizeof(dom_sid) * num_sids); > > > -+ > > > -+ *p_num_sids =3D num_sids; > > > -+ wbcFreeMemory(sid_list); > > > -+ > > > -+ return true; > > > -+} > > > -+ > > > - #else /* WITH_WINBIND */ > > > -=20 > > > - struct passwd * winbind_getpwnam(const char * name) > > > -diff --git a/source3/lib/winbind_util.h b/source3/lib/winbind_util.h > > > -index 541bb95..abbc5a9 100644 > > > ---- a/source3/lib/winbind_util.h > > > -+++ b/source3/lib/winbind_util.h > > > -@@ -58,5 +58,9 @@ bool winbind_get_sid_aliases(TALLOC_CTX *mem_ctx, > > > - size_t num_members, > > > - uint32_t **pp_alias_rids, > > > - size_t *p_num_alias_rids); > > > -+bool winbind_lookup_usersids(TALLOC_CTX *mem_ctx, > > > -+ const struct dom_sid *user_sid, > > > -+ uint32_t *p_num_sids, > > > -+ struct dom_sid **p_sids); > > > -=20 > > > - #endif /* __LIB__WINBIND_UTIL_H__ */ > > > -diff --git a/source3/passdb/ABI/pdb-0.1.0.sigs b/source3/passdb/ABI/= pdb-0.1.0.sigs > > > -new file mode 100644 > > > -index 0000000..f4de9c4 > > > ---- /dev/null > > > -+++ b/source3/passdb/ABI/pdb-0.1.0.sigs > > > -@@ -0,0 +1,311 @@ > > > -+PDB_secrets_clear_domain_protection: bool (const char *) > > > -+PDB_secrets_fetch_domain_guid: bool (const char *, struct GUID *) > > > -+PDB_secrets_fetch_domain_sid: bool (const char *, struct dom_sid *) > > > -+PDB_secrets_mark_domain_protected: bool (const char *) > > > -+PDB_secrets_store_domain_guid: bool (const char *, struct GUID *) > > > -+PDB_secrets_store_domain_sid: bool (const char *, const struct dom_= sid *) > > > -+account_policy_get: bool (enum pdb_policy_type, uint32_t *) > > > -+account_policy_get_default: bool (enum pdb_policy_type, uint32_t *) > > > -+account_policy_get_desc: const char *(enum pdb_policy_type) > > > -+account_policy_name_to_typenum: enum pdb_policy_type (const char *) > > > -+account_policy_names_list: void (TALLOC_CTX *, const char ***, int = *) > > > -+account_policy_set: bool (enum pdb_policy_type, uint32_t) > > > -+add_initial_entry: NTSTATUS (gid_t, const char *, enum lsa_SidType,= const char *, const char *) > > > -+algorithmic_pdb_gid_to_group_rid: uint32_t (gid_t) > > > -+algorithmic_pdb_rid_is_user: bool (uint32_t) > > > -+algorithmic_pdb_uid_to_user_rid: uint32_t (uid_t) > > > -+algorithmic_pdb_user_rid_to_uid: uid_t (uint32_t) > > > -+algorithmic_rid_base: int (void) > > > -+builtin_domain_name: const char *(void) > > > -+cache_account_policy_get: bool (enum pdb_policy_type, uint32_t *) > > > -+cache_account_policy_set: bool (enum pdb_policy_type, uint32_t) > > > -+create_builtin_administrators: NTSTATUS (const struct dom_sid *) > > > -+create_builtin_users: NTSTATUS (const struct dom_sid *) > > > -+decode_account_policy_name: const char *(enum pdb_policy_type) > > > -+get_account_pol_db: struct db_context *(void) > > > -+get_account_policy_attr: const char *(enum pdb_policy_type) > > > -+get_domain_group_from_sid: bool (struct dom_sid, GROUP_MAP *) > > > -+get_primary_group_sid: NTSTATUS (TALLOC_CTX *, const char *, struct= passwd **, struct dom_sid **) > > > -+get_privileges_for_sid_as_set: NTSTATUS (TALLOC_CTX *, PRIVILEGE_SE= T **, struct dom_sid *) > > > -+get_privileges_for_sids: bool (uint64_t *, struct dom_sid *, int) > > > -+get_trust_pw_clear: bool (const char *, char **, const char **, enu= m netr_SchannelType *) > > > -+get_trust_pw_hash: bool (const char *, uint8_t *, const char **, en= um netr_SchannelType *) > > > -+gid_to_sid: void (struct dom_sid *, gid_t) > > > -+gid_to_unix_groups_sid: void (gid_t, struct dom_sid *) > > > -+grab_named_mutex: struct named_mutex *(TALLOC_CTX *, const char *, = int) > > > -+grant_all_privileges: bool (const struct dom_sid *) > > > -+grant_privilege_by_name: bool (const struct dom_sid *, const char *) > > > -+grant_privilege_set: bool (const struct dom_sid *, struct lsa_Privi= legeSet *) > > > -+groupdb_tdb_init: const struct mapping_backend *(void) > > > -+init_account_policy: bool (void) > > > -+init_buffer_from_samu: uint32_t (uint8_t **, struct samu *, bool) > > > -+init_samu_from_buffer: bool (struct samu *, uint32_t, uint8_t *, ui= nt32_t) > > > -+initialize_password_db: bool (bool, struct tevent_context *) > > > -+is_dc_trusted_domain_situation: bool (const char *) > > > -+is_privileged_sid: bool (const struct dom_sid *) > > > -+local_password_change: NTSTATUS (const char *, int, const char *, c= har **, char **) > > > -+login_cache_delentry: bool (const struct samu *) > > > -+login_cache_init: bool (void) > > > -+login_cache_read: bool (struct samu *, struct login_cache *) > > > -+login_cache_shutdown: bool (void) > > > -+login_cache_write: bool (const struct samu *, const struct login_ca= che *) > > > -+lookup_builtin_name: bool (const char *, uint32_t *) > > > -+lookup_builtin_rid: bool (TALLOC_CTX *, uint32_t, const char **) > > > -+lookup_global_sam_name: bool (const char *, int, uint32_t *, enum l= sa_SidType *) > > > -+lookup_name: bool (TALLOC_CTX *, const char *, int, const char **, = const char **, struct dom_sid *, enum lsa_SidType *) > > > -+lookup_name_smbconf: bool (TALLOC_CTX *, const char *, int, const c= har **, const char **, struct dom_sid *, enum lsa_SidType *) > > > -+lookup_sid: bool (TALLOC_CTX *, const struct dom_sid *, const char = **, const char **, enum lsa_SidType *) > > > -+lookup_sids: NTSTATUS (TALLOC_CTX *, int, const struct dom_sid **, = int, struct lsa_dom_info **, struct lsa_name_info **) > > > -+lookup_unix_group_name: bool (const char *, struct dom_sid *) > > > -+lookup_unix_user_name: bool (const char *, struct dom_sid *) > > > -+lookup_wellknown_name: bool (TALLOC_CTX *, const char *, struct dom= _sid *, const char **) > > > -+lookup_wellknown_sid: bool (TALLOC_CTX *, const struct dom_sid *, c= onst char **, const char **) > > > -+make_pdb_method: NTSTATUS (struct pdb_methods **) > > > -+make_pdb_method_name: NTSTATUS (struct pdb_methods **, const char *) > > > -+max_algorithmic_gid: gid_t (void) > > > -+max_algorithmic_uid: uid_t (void) > > > -+my_sam_name: const char *(void) > > > -+pdb_add_aliasmem: NTSTATUS (const struct dom_sid *, const struct do= m_sid *) > > > -+pdb_add_group_mapping_entry: NTSTATUS (GROUP_MAP *) > > > -+pdb_add_groupmem: NTSTATUS (TALLOC_CTX *, uint32_t, uint32_t) > > > -+pdb_add_sam_account: NTSTATUS (struct samu *) > > > -+pdb_build_fields_present: uint32_t (struct samu *) > > > -+pdb_capabilities: uint32_t (void) > > > -+pdb_copy_sam_account: bool (struct samu *, struct samu *) > > > -+pdb_create_alias: NTSTATUS (const char *, uint32_t *) > > > -+pdb_create_builtin: NTSTATUS (uint32_t) > > > -+pdb_create_builtin_alias: NTSTATUS (uint32_t, gid_t) > > > -+pdb_create_dom_group: NTSTATUS (TALLOC_CTX *, const char *, uint32_= t *) > > > -+pdb_create_user: NTSTATUS (TALLOC_CTX *, const char *, uint32_t, ui= nt32_t *) > > > -+pdb_decode_acct_ctrl: uint32_t (const char *) > > > -+pdb_default_add_aliasmem: NTSTATUS (struct pdb_methods *, const str= uct dom_sid *, const struct dom_sid *) > > > -+pdb_default_add_group_mapping_entry: NTSTATUS (struct pdb_methods *= , GROUP_MAP *) > > > -+pdb_default_alias_memberships: NTSTATUS (struct pdb_methods *, TALL= OC_CTX *, const struct dom_sid *, const struct dom_sid *, size_t, uint32_t = **, size_t *) > > > -+pdb_default_create_alias: NTSTATUS (struct pdb_methods *, const cha= r *, uint32_t *) > > > -+pdb_default_del_aliasmem: NTSTATUS (struct pdb_methods *, const str= uct dom_sid *, const struct dom_sid *) > > > -+pdb_default_delete_alias: NTSTATUS (struct pdb_methods *, const str= uct dom_sid *) > > > -+pdb_default_delete_group_mapping_entry: NTSTATUS (struct pdb_method= s *, struct dom_sid) > > > -+pdb_default_enum_aliasmem: NTSTATUS (struct pdb_methods *, const st= ruct dom_sid *, TALLOC_CTX *, struct dom_sid **, size_t *) > > > -+pdb_default_enum_group_mapping: NTSTATUS (struct pdb_methods *, con= st struct dom_sid *, enum lsa_SidType, GROUP_MAP ***, size_t *, bool) > > > -+pdb_default_get_aliasinfo: NTSTATUS (struct pdb_methods *, const st= ruct dom_sid *, struct acct_info *) > > > -+pdb_default_getgrgid: NTSTATUS (struct pdb_methods *, GROUP_MAP *, = gid_t) > > > -+pdb_default_getgrnam: NTSTATUS (struct pdb_methods *, GROUP_MAP *, = const char *) > > > -+pdb_default_getgrsid: NTSTATUS (struct pdb_methods *, GROUP_MAP *, = struct dom_sid) > > > -+pdb_default_set_aliasinfo: NTSTATUS (struct pdb_methods *, const st= ruct dom_sid *, struct acct_info *) > > > -+pdb_default_update_group_mapping_entry: NTSTATUS (struct pdb_method= s *, GROUP_MAP *) > > > -+pdb_del_aliasmem: NTSTATUS (const struct dom_sid *, const struct do= m_sid *) > > > -+pdb_del_groupmem: NTSTATUS (TALLOC_CTX *, uint32_t, uint32_t) > > > -+pdb_del_trusted_domain: NTSTATUS (const char *) > > > -+pdb_del_trusteddom_pw: bool (const char *) > > > -+pdb_delete_alias: NTSTATUS (const struct dom_sid *) > > > -+pdb_delete_dom_group: NTSTATUS (TALLOC_CTX *, uint32_t) > > > -+pdb_delete_group_mapping_entry: NTSTATUS (struct dom_sid) > > > -+pdb_delete_sam_account: NTSTATUS (struct samu *) > > > -+pdb_delete_secret: NTSTATUS (const char *) > > > -+pdb_delete_user: NTSTATUS (TALLOC_CTX *, struct samu *) > > > -+pdb_element_is_changed: bool (const struct samu *, enum pdb_element= s) > > > -+pdb_element_is_set_or_changed: bool (const struct samu *, enum pdb_= elements) > > > -+pdb_encode_acct_ctrl: char *(uint32_t, size_t) > > > -+pdb_enum_alias_memberships: NTSTATUS (TALLOC_CTX *, const struct do= m_sid *, const struct dom_sid *, size_t, uint32_t **, size_t *) > > > -+pdb_enum_aliasmem: NTSTATUS (const struct dom_sid *, TALLOC_CTX *, = struct dom_sid **, size_t *) > > > -+pdb_enum_group_mapping: bool (const struct dom_sid *, enum lsa_SidT= ype, GROUP_MAP ***, size_t *, bool) > > > -+pdb_enum_group_members: NTSTATUS (TALLOC_CTX *, const struct dom_si= d *, uint32_t **, size_t *) > > > -+pdb_enum_group_memberships: NTSTATUS (TALLOC_CTX *, struct samu *, = struct dom_sid **, gid_t **, uint32_t *) > > > -+pdb_enum_trusted_domains: NTSTATUS (TALLOC_CTX *, uint32_t *, struc= t pdb_trusted_domain ***) > > > -+pdb_enum_trusteddoms: NTSTATUS (TALLOC_CTX *, uint32_t *, struct tr= ustdom_info ***) > > > -+pdb_enum_upn_suffixes: NTSTATUS (TALLOC_CTX *, uint32_t *, char ***) > > > -+pdb_find_backend_entry: struct pdb_init_function_entry *(const char= *) > > > -+pdb_get_account_policy: bool (enum pdb_policy_type, uint32_t *) > > > -+pdb_get_acct_ctrl: uint32_t (const struct samu *) > > > -+pdb_get_acct_desc: const char *(const struct samu *) > > > -+pdb_get_aliasinfo: NTSTATUS (const struct dom_sid *, struct acct_in= fo *) > > > -+pdb_get_backend_private_data: void *(const struct samu *, const str= uct pdb_methods *) > > > -+pdb_get_backends: const struct pdb_init_function_entry *(void) > > > -+pdb_get_bad_password_count: uint16_t (const struct samu *) > > > -+pdb_get_bad_password_time: time_t (const struct samu *) > > > -+pdb_get_code_page: uint16_t (const struct samu *) > > > -+pdb_get_comment: const char *(const struct samu *) > > > -+pdb_get_country_code: uint16_t (const struct samu *) > > > -+pdb_get_dir_drive: const char *(const struct samu *) > > > -+pdb_get_domain: const char *(const struct samu *) > > > -+pdb_get_domain_info: struct pdb_domain_info *(TALLOC_CTX *) > > > -+pdb_get_fullname: const char *(const struct samu *) > > > -+pdb_get_group_rid: uint32_t (struct samu *) > > > -+pdb_get_group_sid: const struct dom_sid *(struct samu *) > > > -+pdb_get_homedir: const char *(const struct samu *) > > > -+pdb_get_hours: const uint8_t *(const struct samu *) > > > -+pdb_get_hours_len: uint32_t (const struct samu *) > > > -+pdb_get_init_flags: enum pdb_value_state (const struct samu *, enum= pdb_elements) > > > -+pdb_get_kickoff_time: time_t (const struct samu *) > > > -+pdb_get_lanman_passwd: const uint8_t *(const struct samu *) > > > -+pdb_get_logoff_time: time_t (const struct samu *) > > > -+pdb_get_logon_count: uint16_t (const struct samu *) > > > -+pdb_get_logon_divs: uint16_t (const struct samu *) > > > -+pdb_get_logon_script: const char *(const struct samu *) > > > -+pdb_get_logon_time: time_t (const struct samu *) > > > -+pdb_get_munged_dial: const char *(const struct samu *) > > > -+pdb_get_nt_passwd: const uint8_t *(const struct samu *) > > > -+pdb_get_nt_username: const char *(const struct samu *) > > > -+pdb_get_pass_can_change: bool (const struct samu *) > > > -+pdb_get_pass_can_change_time: time_t (const struct samu *) > > > -+pdb_get_pass_can_change_time_noncalc: time_t (const struct samu *) > > > -+pdb_get_pass_last_set_time: time_t (const struct samu *) > > > -+pdb_get_pass_must_change_time: time_t (const struct samu *) > > > -+pdb_get_plaintext_passwd: const char *(const struct samu *) > > > -+pdb_get_profile_path: const char *(const struct samu *) > > > -+pdb_get_pw_history: const uint8_t *(const struct samu *, uint32_t *) > > > -+pdb_get_secret: NTSTATUS (TALLOC_CTX *, const char *, DATA_BLOB *, = NTTIME *, DATA_BLOB *, NTTIME *, struct security_descriptor **) > > > -+pdb_get_seq_num: bool (time_t *) > > > -+pdb_get_tevent_context: struct tevent_context *(void) > > > -+pdb_get_trusted_domain: NTSTATUS (TALLOC_CTX *, const char *, struc= t pdb_trusted_domain **) > > > -+pdb_get_trusted_domain_by_sid: NTSTATUS (TALLOC_CTX *, struct dom_s= id *, struct pdb_trusted_domain **) > > > -+pdb_get_trusteddom_pw: bool (const char *, char **, struct dom_sid = *, time_t *) > > > -+pdb_get_unknown_6: uint32_t (const struct samu *) > > > -+pdb_get_user_rid: uint32_t (const struct samu *) > > > -+pdb_get_user_sid: const struct dom_sid *(const struct samu *) > > > -+pdb_get_username: const char *(const struct samu *) > > > -+pdb_get_workstations: const char *(const struct samu *) > > > -+pdb_getgrgid: bool (GROUP_MAP *, gid_t) > > > -+pdb_getgrnam: bool (GROUP_MAP *, const char *) > > > -+pdb_getgrsid: bool (GROUP_MAP *, struct dom_sid) > > > -+pdb_gethexhours: bool (const char *, unsigned char *) > > > -+pdb_gethexpwd: bool (const char *, unsigned char *) > > > -+pdb_getsampwnam: bool (struct samu *, const char *) > > > -+pdb_getsampwsid: bool (struct samu *, const struct dom_sid *) > > > -+pdb_gid_to_sid: bool (gid_t, struct dom_sid *) > > > -+pdb_group_rid_to_gid: gid_t (uint32_t) > > > -+pdb_increment_bad_password_count: bool (struct samu *) > > > -+pdb_is_password_change_time_max: bool (time_t) > > > -+pdb_is_responsible_for_builtin: bool (void) > > > -+pdb_is_responsible_for_our_sam: bool (void) > > > -+pdb_is_responsible_for_unix_groups: bool (void) > > > -+pdb_is_responsible_for_unix_users: bool (void) > > > -+pdb_is_responsible_for_wellknown: bool (void) > > > -+pdb_lookup_rids: NTSTATUS (const struct dom_sid *, int, uint32_t *,= const char **, enum lsa_SidType *) > > > -+pdb_new_rid: bool (uint32_t *) > > > -+pdb_nop_add_group_mapping_entry: NTSTATUS (struct pdb_methods *, GR= OUP_MAP *) > > > -+pdb_nop_delete_group_mapping_entry: NTSTATUS (struct pdb_methods *,= struct dom_sid) > > > -+pdb_nop_enum_group_mapping: NTSTATUS (struct pdb_methods *, enum ls= a_SidType, GROUP_MAP **, size_t *, bool) > > > -+pdb_nop_getgrgid: NTSTATUS (struct pdb_methods *, GROUP_MAP *, gid_= t) > > > -+pdb_nop_getgrnam: NTSTATUS (struct pdb_methods *, GROUP_MAP *, cons= t char *) > > > -+pdb_nop_getgrsid: NTSTATUS (struct pdb_methods *, GROUP_MAP *, stru= ct dom_sid) > > > -+pdb_nop_update_group_mapping_entry: NTSTATUS (struct pdb_methods *,= GROUP_MAP *) > > > -+pdb_rename_sam_account: NTSTATUS (struct samu *, const char *) > > > -+pdb_search_aliases: struct pdb_search *(TALLOC_CTX *, const struct = dom_sid *) > > > -+pdb_search_entries: uint32_t (struct pdb_search *, uint32_t, uint32= _t, struct samr_displayentry **) > > > -+pdb_search_groups: struct pdb_search *(TALLOC_CTX *) > > > -+pdb_search_init: struct pdb_search *(TALLOC_CTX *, enum pdb_search_= type) > > > -+pdb_search_users: struct pdb_search *(TALLOC_CTX *, uint32_t) > > > -+pdb_set_account_policy: bool (enum pdb_policy_type, uint32_t) > > > -+pdb_set_acct_ctrl: bool (struct samu *, uint32_t, enum pdb_value_st= ate) > > > -+pdb_set_acct_desc: bool (struct samu *, const char *, enum pdb_valu= e_state) > > > -+pdb_set_aliasinfo: NTSTATUS (const struct dom_sid *, struct acct_in= fo *) > > > -+pdb_set_backend_private_data: bool (struct samu *, void *, void (*)= (void **), const struct pdb_methods *, enum pdb_value_state) > > > -+pdb_set_bad_password_count: bool (struct samu *, uint16_t, enum pdb= _value_state) > > > -+pdb_set_bad_password_time: bool (struct samu *, time_t, enum pdb_va= lue_state) > > > -+pdb_set_code_page: bool (struct samu *, uint16_t, enum pdb_value_st= ate) > > > -+pdb_set_comment: bool (struct samu *, const char *, enum pdb_value_= state) > > > -+pdb_set_country_code: bool (struct samu *, uint16_t, enum pdb_value= _state) > > > -+pdb_set_dir_drive: bool (struct samu *, const char *, enum pdb_valu= e_state) > > > -+pdb_set_domain: bool (struct samu *, const char *, enum pdb_value_s= tate) > > > -+pdb_set_fullname: bool (struct samu *, const char *, enum pdb_value= _state) > > > -+pdb_set_group_sid: bool (struct samu *, const struct dom_sid *, enu= m pdb_value_state) > > > -+pdb_set_group_sid_from_rid: bool (struct samu *, uint32_t, enum pdb= _value_state) > > > -+pdb_set_homedir: bool (struct samu *, const char *, enum pdb_value_= state) > > > -+pdb_set_hours: bool (struct samu *, const uint8_t *, int, enum pdb_= value_state) > > > -+pdb_set_hours_len: bool (struct samu *, uint32_t, enum pdb_value_st= ate) > > > -+pdb_set_init_flags: bool (struct samu *, enum pdb_elements, enum pd= b_value_state) > > > -+pdb_set_kickoff_time: bool (struct samu *, time_t, enum pdb_value_s= tate) > > > -+pdb_set_lanman_passwd: bool (struct samu *, const uint8_t *, enum p= db_value_state) > > > -+pdb_set_logoff_time: bool (struct samu *, time_t, enum pdb_value_st= ate) > > > -+pdb_set_logon_count: bool (struct samu *, uint16_t, enum pdb_value_= state) > > > -+pdb_set_logon_divs: bool (struct samu *, uint16_t, enum pdb_value_s= tate) > > > -+pdb_set_logon_script: bool (struct samu *, const char *, enum pdb_v= alue_state) > > > -+pdb_set_logon_time: bool (struct samu *, time_t, enum pdb_value_sta= te) > > > -+pdb_set_munged_dial: bool (struct samu *, const char *, enum pdb_va= lue_state) > > > -+pdb_set_nt_passwd: bool (struct samu *, const uint8_t *, enum pdb_v= alue_state) > > > -+pdb_set_nt_username: bool (struct samu *, const char *, enum pdb_va= lue_state) > > > -+pdb_set_pass_can_change: bool (struct samu *, bool) > > > -+pdb_set_pass_can_change_time: bool (struct samu *, time_t, enum pdb= _value_state) > > > -+pdb_set_pass_last_set_time: bool (struct samu *, time_t, enum pdb_v= alue_state) > > > -+pdb_set_plaintext_passwd: bool (struct samu *, const char *) > > > -+pdb_set_plaintext_pw_only: bool (struct samu *, const char *, enum = pdb_value_state) > > > -+pdb_set_profile_path: bool (struct samu *, const char *, enum pdb_v= alue_state) > > > -+pdb_set_pw_history: bool (struct samu *, const uint8_t *, uint32_t,= enum pdb_value_state) > > > -+pdb_set_secret: NTSTATUS (const char *, DATA_BLOB *, DATA_BLOB *, s= truct security_descriptor *) > > > -+pdb_set_trusted_domain: NTSTATUS (const char *, const struct pdb_tr= usted_domain *) > > > -+pdb_set_trusteddom_pw: bool (const char *, const char *, const stru= ct dom_sid *) > > > -+pdb_set_unix_primary_group: NTSTATUS (TALLOC_CTX *, struct samu *) > > > -+pdb_set_unknown_6: bool (struct samu *, uint32_t, enum pdb_value_st= ate) > > > -+pdb_set_upn_suffixes: NTSTATUS (uint32_t, const char **) > > > -+pdb_set_user_sid: bool (struct samu *, const struct dom_sid *, enum= pdb_value_state) > > > -+pdb_set_user_sid_from_rid: bool (struct samu *, uint32_t, enum pdb_= value_state) > > > -+pdb_set_user_sid_from_string: bool (struct samu *, const char *, en= um pdb_value_state) > > > -+pdb_set_username: bool (struct samu *, const char *, enum pdb_value= _state) > > > -+pdb_set_workstations: bool (struct samu *, const char *, enum pdb_v= alue_state) > > > -+pdb_sethexhours: void (char *, const unsigned char *) > > > -+pdb_sethexpwd: void (char *, const unsigned char *, uint32_t) > > > -+pdb_sid_to_id: bool (const struct dom_sid *, struct unixid *) > > > -+pdb_sid_to_id_unix_users_and_groups: bool (const struct dom_sid *, = struct unixid *) > > > -+pdb_uid_to_sid: bool (uid_t, struct dom_sid *) > > > -+pdb_update_autolock_flag: bool (struct samu *, bool *) > > > -+pdb_update_bad_password_count: bool (struct samu *, bool *) > > > -+pdb_update_group_mapping_entry: NTSTATUS (GROUP_MAP *) > > > -+pdb_update_login_attempts: NTSTATUS (struct samu *, bool) > > > -+pdb_update_sam_account: NTSTATUS (struct samu *) > > > -+privilege_create_account: NTSTATUS (const struct dom_sid *) > > > -+privilege_delete_account: NTSTATUS (const struct dom_sid *) > > > -+privilege_enum_sids: NTSTATUS (enum sec_privilege, TALLOC_CTX *, st= ruct dom_sid **, int *) > > > -+privilege_enumerate_accounts: NTSTATUS (struct dom_sid **, int *) > > > -+revoke_all_privileges: bool (const struct dom_sid *) > > > -+revoke_privilege_by_name: bool (const struct dom_sid *, const char = *) > > > -+revoke_privilege_set: bool (const struct dom_sid *, struct lsa_Priv= ilegeSet *) > > > -+samu_alloc_rid_unix: NTSTATUS (struct pdb_methods *, struct samu *,= const struct passwd *) > > > -+samu_new: struct samu *(TALLOC_CTX *) > > > -+samu_set_unix: NTSTATUS (struct samu *, const struct passwd *) > > > -+secrets_trusted_domains: NTSTATUS (TALLOC_CTX *, uint32_t *, struct= trustdom_info ***) > > > -+sid_check_is_builtin: bool (const struct dom_sid *) > > > -+sid_check_is_for_passdb: bool (const struct dom_sid *) > > > -+sid_check_is_in_builtin: bool (const struct dom_sid *) > > > -+sid_check_is_in_unix_groups: bool (const struct dom_sid *) > > > -+sid_check_is_in_unix_users: bool (const struct dom_sid *) > > > -+sid_check_is_in_wellknown_domain: bool (const struct dom_sid *) > > > -+sid_check_is_unix_groups: bool (const struct dom_sid *) > > > -+sid_check_is_unix_users: bool (const struct dom_sid *) > > > -+sid_check_is_wellknown_builtin: bool (const struct dom_sid *) > > > -+sid_check_is_wellknown_domain: bool (const struct dom_sid *, const = char **) > > > -+sid_check_object_is_for_passdb: bool (const struct dom_sid *) > > > -+sid_to_gid: bool (const struct dom_sid *, gid_t *) > > > -+sid_to_uid: bool (const struct dom_sid *, uid_t *) > > > -+sids_to_unixids: bool (const struct dom_sid *, uint32_t, struct uni= xid *) > > > -+smb_add_user_group: int (const char *, const char *) > > > -+smb_create_group: int (const char *, gid_t *) > > > -+smb_delete_group: int (const char *) > > > -+smb_delete_user_group: int (const char *, const char *) > > > -+smb_nscd_flush_group_cache: void (void) > > > -+smb_nscd_flush_user_cache: void (void) > > > -+smb_register_passdb: NTSTATUS (int, const char *, pdb_init_function) > > > -+smb_set_primary_group: int (const char *, const char *) > > > -+uid_to_sid: void (struct dom_sid *, uid_t) > > > -+uid_to_unix_users_sid: void (uid_t, struct dom_sid *) > > > -+unix_groups_domain_name: const char *(void) > > > -+unix_users_domain_name: const char *(void) > > > -+unixid_from_both: void (struct unixid *, uint32_t) > > > -+unixid_from_gid: void (struct unixid *, uint32_t) > > > -+unixid_from_uid: void (struct unixid *, uint32_t) > > > -+wb_is_trusted_domain: wbcErr (const char *) > > > -+winbind_allocate_gid: bool (gid_t *) > > > -+winbind_allocate_uid: bool (uid_t *) > > > -+winbind_get_groups: bool (TALLOC_CTX *, const char *, uint32_t *, g= id_t **) > > > -+winbind_get_sid_aliases: bool (TALLOC_CTX *, const struct dom_sid *= , const struct dom_sid *, size_t, uint32_t **, size_t *) > > > -+winbind_getpwnam: struct passwd *(const char *) > > > -+winbind_getpwsid: struct passwd *(const struct dom_sid *) > > > -+winbind_gid_to_sid: bool (struct dom_sid *, gid_t) > > > -+winbind_lookup_name: bool (const char *, const char *, struct dom_s= id *, enum lsa_SidType *) > > > -+winbind_lookup_rids: bool (TALLOC_CTX *, const struct dom_sid *, in= t, uint32_t *, const char **, const char ***, enum lsa_SidType **) > > > -+winbind_lookup_sid: bool (TALLOC_CTX *, const struct dom_sid *, con= st char **, const char **, enum lsa_SidType *) > > > -+winbind_lookup_usersids: bool (TALLOC_CTX *, const struct dom_sid *= , uint32_t *, struct dom_sid **) > > > -+winbind_ping: bool (void) > > > -+winbind_sid_to_gid: bool (gid_t *, const struct dom_sid *) > > > -+winbind_sid_to_uid: bool (uid_t *, const struct dom_sid *) > > > -+winbind_uid_to_sid: bool (struct dom_sid *, uid_t) > > > -diff --git a/source3/wscript_build b/source3/wscript_build > > > -index e0432bf..6d6b6aa 100755 > > > ---- a/source3/wscript_build > > > -+++ b/source3/wscript_build > > > -@@ -736,7 +736,7 @@ bld.SAMBA3_LIBRARY('pdb', > > > - passdb/lookup_sid.h''', > > > - abi_match=3Dprivate_pdb_match, > > > - abi_directory=3D'passdb/ABI', > > > -- vnum=3D'0', > > > -+ vnum=3D'0.1.0', > > > - vars=3Dlocals()) > > > -=20 > > > - bld.SAMBA3_LIBRARY('smbldaphelper', > > > ---=20 > > > -1.8.5.2 > > > - > > > - > > > -From 91debcafd196a9e821efddce0a9d75c48f8e168d Mon Sep 17 00:00:00 20= 01 > > > -From: Andreas Schneider > > > -Date: Fri, 13 Dec 2013 19:08:34 +0100 > > > -Subject: [PATCH 2/7] s3-auth: Add passwd_to_SamInfo3(). > > > - > > > -First this function tries to contacts winbind if the user is a domain > > > -user to get valid information about it. If winbind isn't running it = will > > > -try to create everything from the passwd struct. This is not always > > > -reliable but works in most cases. It improves the current situation > > > -which doesn't talk to winbind at all. > > > - > > > -Pair-Programmed-With: Guenther Deschner > > > -Signed-off-by: Guenther Deschner > > > -Signed-off-by: Andreas Schneider > > > -Reviewed-by: Andrew Bartlett > > > -(cherry picked from commit 1bb11c7744df6928cb8a096373ab920366b38770) > > > ---- > > > - source3/auth/proto.h | 4 ++ > > > - source3/auth/server_info.c | 116 ++++++++++++++++++++++++++++++++++= +++++++++++ > > > - 2 files changed, 120 insertions(+) > > > - > > > -diff --git a/source3/auth/proto.h b/source3/auth/proto.h > > > -index 76661fc..8385e66 100644 > > > ---- a/source3/auth/proto.h > > > -+++ b/source3/auth/proto.h > > > -@@ -286,6 +286,10 @@ NTSTATUS samu_to_SamInfo3(TALLOC_CTX *mem_ctx, > > > - const char *login_server, > > > - struct netr_SamInfo3 **_info3, > > > - struct extra_auth_info *extra); > > > -+NTSTATUS passwd_to_SamInfo3(TALLOC_CTX *mem_ctx, > > > -+ const char *unix_username, > > > -+ const struct passwd *pwd, > > > -+ struct netr_SamInfo3 **pinfo3); > > > - struct netr_SamInfo3 *copy_netr_SamInfo3(TALLOC_CTX *mem_ctx, > > > - struct netr_SamInfo3 *orig); > > > - struct netr_SamInfo3 *wbcAuthUserInfo_to_netr_SamInfo3(TALLOC_CTX *= mem_ctx, > > > -diff --git a/source3/auth/server_info.c b/source3/auth/server_info.c > > > -index d2b7d6e..46d8178 100644 > > > ---- a/source3/auth/server_info.c > > > -+++ b/source3/auth/server_info.c > > > -@@ -24,6 +24,7 @@ > > > - #include "../libcli/security/security.h" > > > - #include "rpc_client/util_netlogon.h" > > > - #include "nsswitch/libwbclient/wbclient.h" > > > -+#include "lib/winbind_util.h" > > > - #include "passdb.h" > > > -=20 > > > - #undef DBGC_CLASS > > > -@@ -436,6 +437,121 @@ NTSTATUS samu_to_SamInfo3(TALLOC_CTX *mem_ctx, > > > - return NT_STATUS_OK; > > > - } > > > -=20 > > > -+NTSTATUS passwd_to_SamInfo3(TALLOC_CTX *mem_ctx, > > > -+ const char *unix_username, > > > -+ const struct passwd *pwd, > > > -+ struct netr_SamInfo3 **pinfo3) > > > -+{ > > > -+ struct netr_SamInfo3 *info3; > > > -+ NTSTATUS status; > > > -+ TALLOC_CTX *tmp_ctx; > > > -+ const char *domain_name =3D NULL; > > > -+ const char *user_name =3D NULL; > > > -+ struct dom_sid domain_sid; > > > -+ struct dom_sid user_sid; > > > -+ struct dom_sid group_sid; > > > -+ enum lsa_SidType type; > > > -+ uint32_t num_sids =3D 0; > > > -+ struct dom_sid *user_sids =3D NULL; > > > -+ bool ok; > > > -+ > > > -+ tmp_ctx =3D talloc_stackframe(); > > > -+ > > > -+ ok =3D lookup_name_smbconf(tmp_ctx, > > > -+ unix_username, > > > -+ LOOKUP_NAME_ALL, > > > -+ &domain_name, > > > -+ &user_name, > > > -+ &user_sid, > > > -+ &type); > > > -+ if (!ok) { > > > -+ status =3D NT_STATUS_NO_SUCH_USER; > > > -+ goto done; > > > -+ } > > > -+ > > > -+ if (type !=3D SID_NAME_USER) { > > > -+ status =3D NT_STATUS_NO_SUCH_USER; > > > -+ goto done; > > > -+ } > > > -+ > > > -+ ok =3D winbind_lookup_usersids(tmp_ctx, > > > -+ &user_sid, > > > -+ &num_sids, > > > -+ &user_sids); > > > -+ /* Check if winbind is running */ > > > -+ if (ok) { > > > -+ /* > > > -+ * Winbind is running and the first element of the user_sids > > > -+ * is the primary group. > > > -+ */ > > > -+ if (num_sids > 0) { > > > -+ group_sid =3D user_sids[0]; > > > -+ } > > > -+ } else { > > > -+ /* > > > -+ * Winbind is not running, create the group_sid from the > > > -+ * group id. > > > -+ */ > > > -+ gid_to_sid(&group_sid, pwd->pw_gid); > > > -+ } > > > -+ > > > -+ /* Make sure we have a valid group sid */ > > > -+ ok =3D !is_null_sid(&group_sid); > > > -+ if (!ok) { > > > -+ status =3D NT_STATUS_NO_SUCH_USER; > > > -+ goto done; > > > -+ } > > > -+ > > > -+ /* Construct a netr_SamInfo3 from the information we have */ > > > -+ info3 =3D talloc_zero(tmp_ctx, struct netr_SamInfo3); > > > -+ if (!info3) { > > > -+ status =3D NT_STATUS_NO_MEMORY; > > > -+ goto done; > > > -+ } > > > -+ > > > -+ info3->base.account_name.string =3D talloc_strdup(info3, unix_user= name); > > > -+ if (info3->base.account_name.string =3D=3D NULL) { > > > -+ status =3D NT_STATUS_NO_MEMORY; > > > -+ goto done; > > > -+ } > > > -+ > > > -+ ZERO_STRUCT(domain_sid); > > > -+ > > > -+ sid_copy(&domain_sid, &user_sid); > > > -+ sid_split_rid(&domain_sid, &info3->base.rid); > > > -+ info3->base.domain_sid =3D dom_sid_dup(info3, &domain_sid); > > > -+ > > > -+ ok =3D sid_peek_check_rid(&domain_sid, &group_sid, > > > -+ &info3->base.primary_gid); > > > -+ if (!ok) { > > > -+ DEBUG(1, ("The primary group domain sid(%s) does not " > > > -+ "match the domain sid(%s) for %s(%s)\n", > > > -+ sid_string_dbg(&group_sid), > > > -+ sid_string_dbg(&domain_sid), > > > -+ unix_username, > > > -+ sid_string_dbg(&user_sid))); > > > -+ status =3D NT_STATUS_INVALID_SID; > > > -+ goto done; > > > -+ } > > > -+ > > > -+ info3->base.acct_flags =3D ACB_NORMAL; > > > -+ > > > -+ if (num_sids) { > > > -+ status =3D group_sids_to_info3(info3, user_sids, num_sids); > > > -+ if (!NT_STATUS_IS_OK(status)) { > > > -+ goto done; > > > -+ } > > > -+ } > > > -+ > > > -+ *pinfo3 =3D talloc_steal(mem_ctx, info3); > > > -+ > > > -+ status =3D NT_STATUS_OK; > > > -+done: > > > -+ talloc_free(tmp_ctx); > > > -+ > > > -+ return status; > > > -+} > > > -+ > > > - #undef RET_NOMEM > > > -=20 > > > - #define RET_NOMEM(ptr) do { \ > > > ---=20 > > > -1.8.5.2 > > > - > > > - > > > -From c7b7670dc5cd8dbf727258666b6417d67afafb33 Mon Sep 17 00:00:00 20= 01 > > > -From: Andreas Schneider > > > -Date: Fri, 13 Dec 2013 19:11:01 +0100 > > > -Subject: [PATCH 3/7] s3-auth: Pass talloc context to make_server_inf= o_pw(). > > > - > > > -Pair-Programmed-With: Guenther Deschner > > > -Signed-off-by: Guenther Deschner > > > -Signed-off-by: Andreas Schneider > > > -Reviewed-by: Andrew Bartlett > > > -(cherry picked from commit 1b59c9743cf3fbd66b0b8b52162b2cc8d922e5cf) > > > ---- > > > - source3/auth/auth_unix.c | 7 +++++-- > > > - source3/auth/auth_util.c | 52 +++++++++++++++++++++++++++++--------= ----------- > > > - source3/auth/proto.h | 7 ++++--- > > > - source3/auth/user_krb5.c | 5 +---- > > > - 4 files changed, 42 insertions(+), 29 deletions(-) > > > - > > > -diff --git a/source3/auth/auth_unix.c b/source3/auth/auth_unix.c > > > -index c8b5435..7b483a2 100644 > > > ---- a/source3/auth/auth_unix.c > > > -+++ b/source3/auth/auth_unix.c > > > -@@ -67,8 +67,11 @@ static NTSTATUS check_unix_security(const struct = auth_context *auth_context, > > > - unbecome_root(); > > > -=20 > > > - if (NT_STATUS_IS_OK(nt_status)) { > > > -- if (pass) { > > > -- make_server_info_pw(server_info, pass->pw_name, pass); > > > -+ if (pass !=3D NULL) { > > > -+ nt_status =3D make_server_info_pw(mem_ctx, > > > -+ pass->pw_name, > > > -+ pass, > > > -+ server_info); > > > - } else { > > > - /* we need to do somthing more useful here */ > > > - nt_status =3D NT_STATUS_NO_SUCH_USER; > > > -diff --git a/source3/auth/auth_util.c b/source3/auth/auth_util.c > > > -index ceaa706..b225b0d 100644 > > > ---- a/source3/auth/auth_util.c > > > -+++ b/source3/auth/auth_util.c > > > -@@ -639,14 +639,15 @@ NTSTATUS create_local_token(TALLOC_CTX *mem_ct= x, > > > - to a struct samu > > > - *******************************************************************= ********/ > > > -=20 > > > --NTSTATUS make_server_info_pw(struct auth_serversupplied_info **serv= er_info, > > > -- char *unix_username, > > > -- struct passwd *pwd) > > > -+NTSTATUS make_server_info_pw(TALLOC_CTX *mem_ctx, > > > -+ const char *unix_username, > > > -+ const struct passwd *pwd, > > > -+ struct auth_serversupplied_info **server_info) > > > - { > > > - NTSTATUS status; > > > - struct samu *sampass =3D NULL; > > > - char *qualified_name =3D NULL; > > > -- TALLOC_CTX *mem_ctx =3D NULL; > > > -+ TALLOC_CTX *tmp_ctx; > > > - struct dom_sid u_sid; > > > - enum lsa_SidType type; > > > - struct auth_serversupplied_info *result; > > > -@@ -664,27 +665,27 @@ NTSTATUS make_server_info_pw(struct auth_serve= rsupplied_info **server_info, > > > - * plaintext passwords were used with no SAM backend. > > > - */ > > > -=20 > > > -- mem_ctx =3D talloc_init("make_server_info_pw_tmp"); > > > -- if (!mem_ctx) { > > > -+ tmp_ctx =3D talloc_stackframe(); > > > -+ if (tmp_ctx =3D=3D NULL) { > > > - return NT_STATUS_NO_MEMORY; > > > - } > > > -=20 > > > -- qualified_name =3D talloc_asprintf(mem_ctx, "%s\\%s", > > > -+ qualified_name =3D talloc_asprintf(tmp_ctx, "%s\\%s", > > > - unix_users_domain_name(), > > > - unix_username ); > > > - if (!qualified_name) { > > > -- TALLOC_FREE(mem_ctx); > > > -+ TALLOC_FREE(tmp_ctx); > > > - return NT_STATUS_NO_MEMORY; > > > - } > > > -=20 > > > -- if (!lookup_name(mem_ctx, qualified_name, LOOKUP_NAME_ALL, > > > -+ if (!lookup_name(tmp_ctx, qualified_name, LOOKUP_NAME_ALL, > > > - NULL, NULL, > > > - &u_sid, &type)) { > > > -- TALLOC_FREE(mem_ctx); > > > -+ TALLOC_FREE(tmp_ctx); > > > - return NT_STATUS_NO_SUCH_USER; > > > - } > > > -=20 > > > -- TALLOC_FREE(mem_ctx); > > > -+ TALLOC_FREE(tmp_ctx); > > > -=20 > > > - if (type !=3D SID_NAME_USER) { > > > - return NT_STATUS_NO_SUCH_USER; > > > -@@ -707,7 +708,7 @@ NTSTATUS make_server_info_pw(struct auth_servers= upplied_info **server_info, > > > - /* set the user sid to be the calculated u_sid */ > > > - pdb_set_user_sid(sampass, &u_sid, PDB_SET); > > > -=20 > > > -- result =3D make_server_info(NULL); > > > -+ result =3D make_server_info(mem_ctx); > > > - if (result =3D=3D NULL) { > > > - TALLOC_FREE(sampass); > > > - return NT_STATUS_NO_MEMORY; > > > -@@ -992,25 +993,36 @@ NTSTATUS make_session_info_from_username(TALLO= C_CTX *mem_ctx, > > > - struct passwd *pwd; > > > - NTSTATUS status; > > > - struct auth_serversupplied_info *result; > > > -+ TALLOC_CTX *tmp_ctx; > > > -=20 > > > -- pwd =3D Get_Pwnam_alloc(talloc_tos(), username); > > > -- if (pwd =3D=3D NULL) { > > > -- return NT_STATUS_NO_SUCH_USER; > > > -+ tmp_ctx =3D talloc_stackframe(); > > > -+ if (tmp_ctx =3D=3D NULL) { > > > -+ return NT_STATUS_NO_MEMORY; > > > - } > > > -=20 > > > -- status =3D make_server_info_pw(&result, pwd->pw_name, pwd); > > > -+ pwd =3D Get_Pwnam_alloc(tmp_ctx, username); > > > -+ if (pwd =3D=3D NULL) { > > > -+ status =3D NT_STATUS_NO_SUCH_USER; > > > -+ goto done; > > > -+ } > > > -=20 > > > -+ status =3D make_server_info_pw(tmp_ctx, pwd->pw_name, pwd, &result= ); > > > - if (!NT_STATUS_IS_OK(status)) { > > > -- return status; > > > -+ goto done; > > > - } > > > -=20 > > > - result->nss_token =3D true; > > > - result->guest =3D is_guest; > > > -=20 > > > - /* Now turn the server_info into a session_info with the full toke= n etc */ > > > -- status =3D create_local_token(mem_ctx, result, NULL, pwd->pw_name,= session_info); > > > -- TALLOC_FREE(result); > > > -- TALLOC_FREE(pwd); > > > -+ status =3D create_local_token(mem_ctx, > > > -+ result, > > > -+ NULL, > > > -+ pwd->pw_name, > > > -+ session_info); > > > -+ > > > -+done: > > > -+ talloc_free(tmp_ctx); > > > -=20 > > > - return status; > > > - } > > > -diff --git a/source3/auth/proto.h b/source3/auth/proto.h > > > -index 8385e66..7abca07 100644 > > > ---- a/source3/auth/proto.h > > > -+++ b/source3/auth/proto.h > > > -@@ -206,9 +206,10 @@ bool user_in_group_sid(const char *username, co= nst struct dom_sid *group_sid); > > > - bool user_sid_in_group_sid(const struct dom_sid *sid, const struct = dom_sid *group_sid); > > > - bool user_in_group(const char *username, const char *groupname); > > > - struct passwd; > > > --NTSTATUS make_server_info_pw(struct auth_serversupplied_info **serv= er_info, > > > -- char *unix_username, > > > -- struct passwd *pwd); > > > -+NTSTATUS make_server_info_pw(TALLOC_CTX *mem_ctx, > > > -+ const char *unix_username, > > > -+ const struct passwd *pwd, > > > -+ struct auth_serversupplied_info **server_info); > > > - NTSTATUS make_session_info_from_username(TALLOC_CTX *mem_ctx, > > > - const char *username, > > > - bool is_guest, > > > -diff --git a/source3/auth/user_krb5.c b/source3/auth/user_krb5.c > > > -index 974a8aa..7d44285 100644 > > > ---- a/source3/auth/user_krb5.c > > > -+++ b/source3/auth/user_krb5.c > > > -@@ -242,7 +242,7 @@ NTSTATUS make_session_info_krb5(TALLOC_CTX *mem_= ctx, > > > - */ > > > - DEBUG(10, ("didn't find user %s in passdb, calling " > > > - "make_server_info_pw\n", username)); > > > -- status =3D make_server_info_pw(&tmp, username, pw); > > > -+ status =3D make_server_info_pw(mem_ctx, username, pw, &tmp); > > > - } > > > -=20 > > > - TALLOC_FREE(sampass); > > > -@@ -253,9 +253,6 @@ NTSTATUS make_session_info_krb5(TALLOC_CTX *mem_= ctx, > > > - return status; > > > - } > > > -=20 > > > -- /* Steal tmp server info into the server_info pointer. */ > > > -- server_info =3D talloc_move(mem_ctx, &tmp); > > > -- > > > - /* make_server_info_pw does not set the domain. Without this > > > - * we end up with the local netbios name in substitutions for > > > - * %D. */ > > > ---=20 > > > -1.8.5.2 > > > - > > > - > > > -From 4fbd13598e8bdc6acf41329f71de806de4265f36 Mon Sep 17 00:00:00 20= 01 > > > -From: Andreas Schneider > > > -Date: Fri, 13 Dec 2013 19:19:02 +0100 > > > -Subject: [PATCH 4/7] s3-auth: Add passwd_to_SamInfo3(). > > > - > > > -Correctly lookup users which come from smb.conf. passwd_to_SamInfo3() > > > -tries to contact winbind if the user is a domain user to get > > > -valid information about it. If winbind isn't running it will try to > > > -create everything from the passwd struct. This is not always reliable > > > -but works in most cases. It improves the current situation which doe= sn't > > > -talk to winbind at all. > > > - > > > -BUG: https://bugzilla.samba.org/show_bug.cgi?id=3D8598 > > > - > > > -Pair-Programmed-With: Guenther Deschner > > > -Signed-off-by: Andreas Schneider > > > -Reviewed-by: Andrew Bartlett > > > - > > > -Autobuild-User(master): Andrew Bartlett > > > -Autobuild-Date(master): Wed Feb 5 01:40:38 CET 2014 on sn-devel-104 > > > - > > > -(cherry picked from commit 40e6456b5896e934fcd581c2cac2389984256e09) > > > ---- > > > - source3/auth/auth_util.c | 87 +++++++++--------------------------= ----------- > > > - source3/auth/server_info.c | 22 ++++++++++-- > > > - 2 files changed, 36 insertions(+), 73 deletions(-) > > > - > > > -diff --git a/source3/auth/auth_util.c b/source3/auth/auth_util.c > > > -index b225b0d..24190af 100644 > > > ---- a/source3/auth/auth_util.c > > > -+++ b/source3/auth/auth_util.c > > > -@@ -645,98 +645,43 @@ NTSTATUS make_server_info_pw(TALLOC_CTX *mem_c= tx, > > > - struct auth_serversupplied_info **server_info) > > > - { > > > - NTSTATUS status; > > > -- struct samu *sampass =3D NULL; > > > -- char *qualified_name =3D NULL; > > > -- TALLOC_CTX *tmp_ctx; > > > -- struct dom_sid u_sid; > > > -- enum lsa_SidType type; > > > -+ TALLOC_CTX *tmp_ctx =3D NULL; > > > - struct auth_serversupplied_info *result; > > > -=20 > > > -- /* > > > -- * The SID returned in server_info->sam_account is based > > > -- * on our SAM sid even though for a pure UNIX account this should > > > -- * not be the case as it doesn't really exist in the SAM db. > > > -- * This causes lookups on "[in]valid users" to fail as they > > > -- * will lookup this name as a "Unix User" SID to check against > > > -- * the user token. Fix this by adding the "Unix User"\unix_username > > > -- * SID to the sid array. The correct fix should probably be > > > -- * changing the server_info->sam_account user SID to be a > > > -- * S-1-22 Unix SID, but this might break old configs where > > > -- * plaintext passwords were used with no SAM backend. > > > -- */ > > > -- > > > - tmp_ctx =3D talloc_stackframe(); > > > - if (tmp_ctx =3D=3D NULL) { > > > - return NT_STATUS_NO_MEMORY; > > > - } > > > -=20 > > > -- qualified_name =3D talloc_asprintf(tmp_ctx, "%s\\%s", > > > -- unix_users_domain_name(), > > > -- unix_username ); > > > -- if (!qualified_name) { > > > -- TALLOC_FREE(tmp_ctx); > > > -- return NT_STATUS_NO_MEMORY; > > > -- } > > > -- > > > -- if (!lookup_name(tmp_ctx, qualified_name, LOOKUP_NAME_ALL, > > > -- NULL, NULL, > > > -- &u_sid, &type)) { > > > -- TALLOC_FREE(tmp_ctx); > > > -- return NT_STATUS_NO_SUCH_USER; > > > -- } > > > -- > > > -- TALLOC_FREE(tmp_ctx); > > > -- > > > -- if (type !=3D SID_NAME_USER) { > > > -- return NT_STATUS_NO_SUCH_USER; > > > -- } > > > -- > > > -- if ( !(sampass =3D samu_new( NULL )) ) { > > > -- return NT_STATUS_NO_MEMORY; > > > -- } > > > -- > > > -- status =3D samu_set_unix( sampass, pwd ); > > > -- if (!NT_STATUS_IS_OK(status)) { > > > -- return status; > > > -- } > > > -- > > > -- /* In pathological cases the above call can set the account > > > -- * name to the DOMAIN\username form. Reset the account name > > > -- * using unix_username */ > > > -- pdb_set_username(sampass, unix_username, PDB_SET); > > > -- > > > -- /* set the user sid to be the calculated u_sid */ > > > -- pdb_set_user_sid(sampass, &u_sid, PDB_SET); > > > -- > > > -- result =3D make_server_info(mem_ctx); > > > -+ result =3D make_server_info(tmp_ctx); > > > - if (result =3D=3D NULL) { > > > -- TALLOC_FREE(sampass); > > > -- return NT_STATUS_NO_MEMORY; > > > -+ status =3D NT_STATUS_NO_MEMORY; > > > -+ goto done; > > > - } > > > -=20 > > > -- status =3D samu_to_SamInfo3(result, sampass, lp_netbios_name(), > > > -- &result->info3, &result->extra); > > > -- TALLOC_FREE(sampass); > > > -+ status =3D passwd_to_SamInfo3(result, > > > -+ unix_username, > > > -+ pwd, > > > -+ &result->info3); > > > - if (!NT_STATUS_IS_OK(status)) { > > > -- DEBUG(10, ("Failed to convert samu to info3: %s\n", > > > -- nt_errstr(status))); > > > -- TALLOC_FREE(result); > > > -- return status; > > > -+ goto done; > > > - } > > > -=20 > > > - result->unix_name =3D talloc_strdup(result, unix_username); > > > -- > > > - if (result->unix_name =3D=3D NULL) { > > > -- TALLOC_FREE(result); > > > -- return NT_STATUS_NO_MEMORY; > > > -+ status =3D NT_STATUS_NO_MEMORY; > > > -+ goto done; > > > - } > > > -=20 > > > - result->utok.uid =3D pwd->pw_uid; > > > - result->utok.gid =3D pwd->pw_gid; > > > -=20 > > > -- *server_info =3D result; > > > -+ *server_info =3D talloc_steal(mem_ctx, result); > > > -+ status =3D NT_STATUS_OK; > > > -+done: > > > -+ talloc_free(tmp_ctx); > > > -=20 > > > -- return NT_STATUS_OK; > > > -+ return status; > > > - } > > > -=20 > > > - static NTSTATUS get_system_info3(TALLOC_CTX *mem_ctx, > > > -diff --git a/source3/auth/server_info.c b/source3/auth/server_info.c > > > -index 46d8178..43711d5 100644 > > > ---- a/source3/auth/server_info.c > > > -+++ b/source3/auth/server_info.c > > > -@@ -489,10 +489,28 @@ NTSTATUS passwd_to_SamInfo3(TALLOC_CTX *mem_ct= x, > > > - } > > > - } else { > > > - /* > > > -- * Winbind is not running, create the group_sid from the > > > -- * group id. > > > -+ * Winbind is not running, try to create the group_sid from the > > > -+ * passwd group id. > > > -+ */ > > > -+ > > > -+ /* > > > -+ * This can lead to a primary group of S-1-22-2-XX which > > > -+ * will be rejected by other Samba code. > > > - */ > > > - gid_to_sid(&group_sid, pwd->pw_gid); > > > -+ > > > -+ ZERO_STRUCT(domain_sid); > > > -+ > > > -+ /* > > > -+ * If we are a unix group, set the group_sid to the > > > -+ * 'Domain Users' RID of 513 which will always resolve to a > > > -+ * name. > > > -+ */ > > > -+ if (sid_check_is_in_unix_groups(&group_sid)) { > > > -+ sid_compose(&group_sid, > > > -+ get_global_sam_sid(), > > > -+ DOMAIN_RID_USERS); > > > -+ } > > > - } > > > -=20 > > > - /* Make sure we have a valid group sid */ > > > ---=20 > > > -1.8.5.2 > > > - > > > - > > > -From 76bb5e0888f4131ab773d90160051a51c401c90d Mon Sep 17 00:00:00 20= 01 > > > -From: Andreas Schneider > > > -Date: Tue, 18 Feb 2014 10:02:57 +0100 > > > -Subject: [PATCH 5/7] s3-auth: Pass mem_ctx to make_server_info_sam(). > > > - > > > -Coverity-Id: 1168009 > > > -BUG: https://bugzilla.samba.org/show_bug.cgi?id=3D8598 > > > - > > > -Signed-off-by: Andreas Schneider > > > - > > > -Change-Id: Ie614b0654c3a7eec1ebb10dbb9763696eec795bd > > > -Reviewed-by: Andrew Bartlett > > > -(cherry picked from commit 3dc72266005e87a291f5bf9847257e8c54314d39) > > > ---- > > > - source3/auth/check_samsec.c | 2 +- > > > - source3/auth/proto.h | 5 ++-- > > > - source3/auth/server_info_sam.c | 56 +++++++++++++++++++++++++++----= ----------- > > > - source3/auth/user_krb5.c | 12 +++++---- > > > - 4 files changed, 47 insertions(+), 28 deletions(-) > > > - > > > -diff --git a/source3/auth/check_samsec.c b/source3/auth/check_samsec= =2Ec > > > -index 7ed8cc2..b6cac60 100644 > > > ---- a/source3/auth/check_samsec.c > > > -+++ b/source3/auth/check_samsec.c > > > -@@ -482,7 +482,7 @@ NTSTATUS check_sam_security(const DATA_BLOB *cha= llenge, > > > - } > > > -=20 > > > - become_root(); > > > -- nt_status =3D make_server_info_sam(server_info, sampass); > > > -+ nt_status =3D make_server_info_sam(mem_ctx, sampass, server_info); > > > - unbecome_root(); > > > -=20 > > > - TALLOC_FREE(sampass); > > > -diff --git a/source3/auth/proto.h b/source3/auth/proto.h > > > -index 7abca07..eac3e54 100644 > > > ---- a/source3/auth/proto.h > > > -+++ b/source3/auth/proto.h > > > -@@ -190,8 +190,9 @@ bool make_user_info_guest(const struct tsocket_a= ddress *remote_address, > > > - struct auth_usersupplied_info **user_info); > > > -=20 > > > - struct samu; > > > --NTSTATUS make_server_info_sam(struct auth_serversupplied_info **ser= ver_info, > > > -- struct samu *sampass); > > > -+NTSTATUS make_server_info_sam(TALLOC_CTX *mem_ctx, > > > -+ struct samu *sampass, > > > -+ struct auth_serversupplied_info **pserver_info); > > > - NTSTATUS create_local_token(TALLOC_CTX *mem_ctx, > > > - const struct auth_serversupplied_info *server_info, > > > - DATA_BLOB *session_key, > > > -diff --git a/source3/auth/server_info_sam.c b/source3/auth/server_in= fo_sam.c > > > -index 5d657f9..47087b1 100644 > > > ---- a/source3/auth/server_info_sam.c > > > -+++ b/source3/auth/server_info_sam.c > > > -@@ -58,39 +58,51 @@ static bool is_our_machine_account(const char *u= sername) > > > - Make (and fill) a user_info struct from a struct samu > > > - *******************************************************************= ********/ > > > -=20 > > > --NTSTATUS make_server_info_sam(struct auth_serversupplied_info **ser= ver_info, > > > -- struct samu *sampass) > > > -+NTSTATUS make_server_info_sam(TALLOC_CTX *mem_ctx, > > > -+ struct samu *sampass, > > > -+ struct auth_serversupplied_info **pserver_info) > > > - { > > > - struct passwd *pwd; > > > -- struct auth_serversupplied_info *result; > > > -+ struct auth_serversupplied_info *server_info; > > > - const char *username =3D pdb_get_username(sampass); > > > -+ TALLOC_CTX *tmp_ctx; > > > - NTSTATUS status; > > > -=20 > > > -- if ( !(result =3D make_server_info(NULL)) ) { > > > -+ tmp_ctx =3D talloc_stackframe(); > > > -+ if (tmp_ctx =3D=3D NULL) { > > > - return NT_STATUS_NO_MEMORY; > > > - } > > > -=20 > > > -- if ( !(pwd =3D Get_Pwnam_alloc(result, username)) ) { > > > -+ server_info =3D make_server_info(tmp_ctx); > > > -+ if (server_info =3D=3D NULL) { > > > -+ return NT_STATUS_NO_MEMORY; > > > -+ } > > > -+ > > > -+ pwd =3D Get_Pwnam_alloc(tmp_ctx, username); > > > -+ if (pwd =3D=3D NULL) { > > > - DEBUG(1, ("User %s in passdb, but getpwnam() fails!\n", > > > - pdb_get_username(sampass))); > > > -- TALLOC_FREE(result); > > > -- return NT_STATUS_NO_SUCH_USER; > > > -+ status =3D NT_STATUS_NO_SUCH_USER; > > > -+ goto out; > > > - } > > > -=20 > > > -- status =3D samu_to_SamInfo3(result, sampass, lp_netbios_name(), > > > -- &result->info3, &result->extra); > > > -+ status =3D samu_to_SamInfo3(server_info, > > > -+ sampass, > > > -+ lp_netbios_name(), > > > -+ &server_info->info3, > > > -+ &server_info->extra); > > > - if (!NT_STATUS_IS_OK(status)) { > > > -- TALLOC_FREE(result); > > > -- return status; > > > -+ goto out; > > > - } > > > -=20 > > > -- result->unix_name =3D pwd->pw_name; > > > -- /* Ensure that we keep pwd->pw_name, because we will free pwd belo= w */ > > > -- talloc_steal(result, pwd->pw_name); > > > -- result->utok.gid =3D pwd->pw_gid; > > > -- result->utok.uid =3D pwd->pw_uid; > > > -+ server_info->unix_name =3D talloc_strdup(server_info, pwd->pw_name= ); > > > -+ if (server_info->unix_name =3D=3D NULL) { > > > -+ status =3D NT_STATUS_NO_MEMORY; > > > -+ goto out; > > > -+ } > > > -=20 > > > -- TALLOC_FREE(pwd); > > > -+ server_info->utok.gid =3D pwd->pw_gid; > > > -+ server_info->utok.uid =3D pwd->pw_uid; > > > -=20 > > > - if (IS_DC && is_our_machine_account(username)) { > > > - /* > > > -@@ -110,9 +122,13 @@ NTSTATUS make_server_info_sam(struct auth_serve= rsupplied_info **server_info, > > > - } > > > -=20 > > > - DEBUG(5,("make_server_info_sam: made server info for user %s -> %s= \n", > > > -- pdb_get_username(sampass), result->unix_name)); > > > -+ pdb_get_username(sampass), server_info->unix_name)); > > > -+ > > > -+ *pserver_info =3D talloc_steal(mem_ctx, server_info); > > > -=20 > > > -- *server_info =3D result; > > > -+ status =3D NT_STATUS_OK; > > > -+out: > > > -+ talloc_free(tmp_ctx); > > > -=20 > > > -- return NT_STATUS_OK; > > > -+ return status; > > > - } > > > -diff --git a/source3/auth/user_krb5.c b/source3/auth/user_krb5.c > > > -index 7d44285..e40c8ac 100644 > > > ---- a/source3/auth/user_krb5.c > > > -+++ b/source3/auth/user_krb5.c > > > -@@ -223,9 +223,6 @@ NTSTATUS make_session_info_krb5(TALLOC_CTX *mem_= ctx, > > > - * SID consistency with ntlmssp session setup > > > - */ > > > - struct samu *sampass; > > > -- /* The stupid make_server_info_XX functions here > > > -- don't take a talloc context. */ > > > -- struct auth_serversupplied_info *tmp =3D NULL; > > > -=20 > > > - sampass =3D samu_new(talloc_tos()); > > > - if (sampass =3D=3D NULL) { > > > -@@ -235,14 +232,19 @@ NTSTATUS make_session_info_krb5(TALLOC_CTX *me= m_ctx, > > > - if (pdb_getsampwnam(sampass, username)) { > > > - DEBUG(10, ("found user %s in passdb, calling " > > > - "make_server_info_sam\n", username)); > > > -- status =3D make_server_info_sam(&tmp, sampass); > > > -+ status =3D make_server_info_sam(mem_ctx, > > > -+ sampass, > > > -+ &server_info); > > > - } else { > > > - /* > > > - * User not in passdb, make it up artificially > > > - */ > > > - DEBUG(10, ("didn't find user %s in passdb, calling " > > > - "make_server_info_pw\n", username)); > > > -- status =3D make_server_info_pw(mem_ctx, username, pw, &tmp); > > > -+ status =3D make_server_info_pw(mem_ctx, > > > -+ username, > > > -+ pw, > > > -+ &server_info); > > > - } > > > -=20 > > > - TALLOC_FREE(sampass); > > > ---=20 > > > -1.8.5.2 > > > - > > > - > > > -From f9c0adb6237c6e60c33ee6af21f55c0cdefa132c Mon Sep 17 00:00:00 20= 01 > > > -From: Andreas Schneider > > > -Date: Tue, 18 Feb 2014 10:19:57 +0100 > > > -Subject: [PATCH 6/7] s3-auth: Pass mem_ctx to auth_check_ntlm_passwo= rd(). > > > - > > > -Coverity-Id: 1168009 > > > -BUG: https://bugzilla.samba.org/show_bug.cgi?id=3D8598 > > > - > > > -Signed-off-by: Andreas Schneider > > > - > > > -Change-Id: Ie01674561a6a75239a13918d3190c2f21c3efc7a > > > -Reviewed-by: Andrew Bartlett > > > -(cherry picked from commit 4d792db03f18aa164b565c7fdc7b446c174fba28) > > > ---- > > > - source3/auth/auth.c | 50 ++++++++++++++++++= ----------- > > > - source3/auth/auth_ntlmssp.c | 6 ++-- > > > - source3/auth/proto.h | 8 +++-- > > > - source3/rpc_server/netlogon/srv_netlog_nt.c | 6 ++-- > > > - source3/torture/pdbtest.c | 5 ++- > > > - 5 files changed, 48 insertions(+), 27 deletions(-) > > > - > > > -diff --git a/source3/auth/auth.c b/source3/auth/auth.c > > > -index c3797cf..dc9af02 100644 > > > ---- a/source3/auth/auth.c > > > -+++ b/source3/auth/auth.c > > > -@@ -160,18 +160,19 @@ static bool check_domain_match(const char *use= r, const char *domain) > > > - * > > > - **/ > > > -=20 > > > --NTSTATUS auth_check_ntlm_password(const struct auth_context *auth_c= ontext, > > > -- const struct auth_usersupplied_info *user_info,=20 > > > -- struct auth_serversupplied_info **server_info) > > > -+NTSTATUS auth_check_ntlm_password(TALLOC_CTX *mem_ctx, > > > -+ const struct auth_context *auth_context, > > > -+ const struct auth_usersupplied_info *user_info, > > > -+ struct auth_serversupplied_info **pserver_info) > > > - { > > > - /* if all the modules say 'not for me' this is reasonable */ > > > - NTSTATUS nt_status =3D NT_STATUS_NO_SUCH_USER; > > > - const char *unix_username; > > > - auth_methods *auth_method; > > > -- TALLOC_CTX *mem_ctx; > > > -=20 > > > -- if (!user_info || !auth_context || !server_info) > > > -+ if (user_info =3D=3D NULL || auth_context =3D=3D NULL || pserver_i= nfo =3D=3D NULL) { > > > - return NT_STATUS_LOGON_FAILURE; > > > -+ } > > > -=20 > > > - DEBUG(3, ("check_ntlm_password: Checking password for unmapped us= er [%s]\\[%s]@[%s] with the new password interface\n",=20 > > > - user_info->client.domain_name, user_info->client.account_name, = user_info->workstation_name)); > > > -@@ -205,17 +206,27 @@ NTSTATUS auth_check_ntlm_password(const struct= auth_context *auth_context, > > > - return NT_STATUS_LOGON_FAILURE; > > > -=20 > > > - for (auth_method =3D auth_context->auth_method_list;auth_method; a= uth_method =3D auth_method->next) { > > > -+ struct auth_serversupplied_info *server_info; > > > -+ TALLOC_CTX *tmp_ctx; > > > - NTSTATUS result; > > > -=20 > > > -- mem_ctx =3D talloc_init("%s authentication for user %s\\%s", auth= _method->name, > > > -- user_info->mapped.domain_name, user_info->client.account_= name); > > > -+ tmp_ctx =3D talloc_named(mem_ctx, > > > -+ 0, > > > -+ "%s authentication for user %s\\%s", > > > -+ auth_method->name, > > > -+ user_info->mapped.domain_name, > > > -+ user_info->client.account_name); > > > -=20 > > > -- result =3D auth_method->auth(auth_context, auth_method->private_d= ata, mem_ctx, user_info, server_info); > > > -+ result =3D auth_method->auth(auth_context, > > > -+ auth_method->private_data, > > > -+ tmp_ctx, > > > -+ user_info, > > > -+ &server_info); > > > -=20 > > > - /* check if the module did anything */ > > > - if ( NT_STATUS_V(result) =3D=3D NT_STATUS_V(NT_STATUS_NOT_IMPLEME= NTED) ) { > > > - DEBUG(10,("check_ntlm_password: %s had nothing to say\n", auth_m= ethod->name)); > > > -- talloc_destroy(mem_ctx); > > > -+ TALLOC_FREE(tmp_ctx); > > > - continue; > > > - } > > > -=20 > > > -@@ -229,19 +240,20 @@ NTSTATUS auth_check_ntlm_password(const struct= auth_context *auth_context, > > > - auth_method->name, user_info->client.account_name, nt_errstr(= nt_status))); > > > - } > > > -=20 > > > -- talloc_destroy(mem_ctx); > > > -- > > > -- if ( NT_STATUS_IS_OK(nt_status)) > > > -- { > > > -- break; =09 > > > -+ if (NT_STATUS_IS_OK(nt_status)) { > > > -+ *pserver_info =3D talloc_steal(mem_ctx, server_info); > > > -+ TALLOC_FREE(tmp_ctx); > > > -+ break; > > > - } > > > -+ > > > -+ TALLOC_FREE(tmp_ctx); > > > - } > > > -=20 > > > - /* successful authentication */ > > > -=20 > > > - if (NT_STATUS_IS_OK(nt_status)) { > > > -- unix_username =3D (*server_info)->unix_name; > > > -- if (!(*server_info)->guest) { > > > -+ unix_username =3D (*pserver_info)->unix_name; > > > -+ if (!(*pserver_info)->guest) { > > > - const char *rhost; > > > -=20 > > > - if (tsocket_address_is_inet(user_info->remote_host, "ip")) { > > > -@@ -270,9 +282,9 @@ NTSTATUS auth_check_ntlm_password(const struct a= uth_context *auth_context, > > > - } > > > -=20 > > > - if (NT_STATUS_IS_OK(nt_status)) { > > > -- DEBUG((*server_info)->guest ? 5 : 2,=20 > > > -+ DEBUG((*pserver_info)->guest ? 5 : 2, > > > - ("check_ntlm_password: %sauthentication for user [%s] -> = [%s] -> [%s] succeeded\n", > > > -- (*server_info)->guest ? "guest " : "", > > > -+ (*pserver_info)->guest ? "guest " : "", > > > - user_info->client.account_name, > > > - user_info->mapped.account_name, > > > - unix_username)); > > > -@@ -286,7 +298,7 @@ NTSTATUS auth_check_ntlm_password(const struct a= uth_context *auth_context, > > > - DEBUG(2, ("check_ntlm_password: Authentication for user [%s] -> [= %s] FAILED with error %s\n", > > > - user_info->client.account_name, user_info->mapped.account_name, > > > - nt_errstr(nt_status))); > > > -- ZERO_STRUCTP(server_info); > > > -+ ZERO_STRUCTP(pserver_info); > > > -=20 > > > - return nt_status; > > > - } > > > -diff --git a/source3/auth/auth_ntlmssp.c b/source3/auth/auth_ntlmssp= =2Ec > > > -index f99bd44..cb7726c 100644 > > > ---- a/source3/auth/auth_ntlmssp.c > > > -+++ b/source3/auth/auth_ntlmssp.c > > > -@@ -134,8 +134,10 @@ NTSTATUS auth3_check_password(struct auth4_cont= ext *auth4_context, > > > -=20 > > > - mapped_user_info->flags =3D user_info->flags; > > > -=20 > > > -- nt_status =3D auth_check_ntlm_password(auth_context, > > > -- mapped_user_info, &server_info); > > > -+ nt_status =3D auth_check_ntlm_password(mem_ctx, > > > -+ auth_context, > > > -+ mapped_user_info, > > > -+ &server_info); > > > -=20 > > > - if (!NT_STATUS_IS_OK(nt_status)) { > > > - DEBUG(5,("Checking NTLMSSP password for %s\\%s failed: %s\n", > > > -diff --git a/source3/auth/proto.h b/source3/auth/proto.h > > > -index eac3e54..15b1ba0 100644 > > > ---- a/source3/auth/proto.h > > > -+++ b/source3/auth/proto.h > > > -@@ -65,6 +65,8 @@ NTSTATUS auth_get_ntlm_challenge(struct auth_conte= xt *auth_context, > > > - * struct. When the return is other than NT_STATUS_OK the contents= =20 > > > - * of that structure is undefined. > > > - * > > > -+ * @param mem_ctx The memory context to use to allocate server_in= fo > > > -+ * > > > - * @param user_info Contains the user supplied components, includin= g the passwords. > > > - * Must be created with make_user_info() or one of= its wrappers. > > > - * > > > -@@ -79,9 +81,9 @@ NTSTATUS auth_get_ntlm_challenge(struct auth_conte= xt *auth_context, > > > - * @return An NTSTATUS with NT_STATUS_OK or an appropriate error. > > > - * > > > - **/ > > > -- > > > --NTSTATUS auth_check_ntlm_password(const struct auth_context *auth_c= ontext, > > > -- const struct auth_usersupplied_info *user_info,=20 > > > -+NTSTATUS auth_check_ntlm_password(TALLOC_CTX *mem_ctx, > > > -+ const struct auth_context *auth_context, > > > -+ const struct auth_usersupplied_info *user_info, > > > - struct auth_serversupplied_info **server_info); > > > -=20 > > > - /* The following definitions come from auth/auth_builtin.c */ > > > -diff --git a/source3/rpc_server/netlogon/srv_netlog_nt.c b/source3/r= pc_server/netlogon/srv_netlog_nt.c > > > -index e5ca474..0c8c9a5 100644 > > > ---- a/source3/rpc_server/netlogon/srv_netlog_nt.c > > > -+++ b/source3/rpc_server/netlogon/srv_netlog_nt.c > > > -@@ -1650,8 +1650,10 @@ static NTSTATUS _netr_LogonSamLogon_base(stru= ct pipes_struct *p, > > > - } /* end switch */ > > > -=20 > > > - if ( NT_STATUS_IS_OK(status) ) { > > > -- status =3D auth_check_ntlm_password(auth_context, > > > -- user_info, &server_info); > > > -+ status =3D auth_check_ntlm_password(p->mem_ctx, > > > -+ auth_context, > > > -+ user_info, > > > -+ &server_info); > > > - } > > > -=20 > > > - TALLOC_FREE(auth_context); > > > -diff --git a/source3/torture/pdbtest.c b/source3/torture/pdbtest.c > > > -index 17da455..14d58b9 100644 > > > ---- a/source3/torture/pdbtest.c > > > -+++ b/source3/torture/pdbtest.c > > > -@@ -304,7 +304,10 @@ static bool test_auth(TALLOC_CTX *mem_ctx, stru= ct samu *pdb_entry) > > > - return False; > > > - } > > > - =09 > > > -- status =3D auth_check_ntlm_password(auth_context, user_info, &serv= er_info); > > > -+ status =3D auth_check_ntlm_password(mem_ctx, > > > -+ auth_context, > > > -+ user_info, > > > -+ &server_info); > > > -=20 > > > - if (!NT_STATUS_IS_OK(status)) { > > > - DEBUG(0, ("Failed to test authentication with auth module: %s\n",= nt_errstr(status))); > > > ---=20 > > > -1.8.5.2 > > > - > > > - > > > -From a48bcd84c59b5b2cb8c3e0f5d68b35065bed81d7 Mon Sep 17 00:00:00 20= 01 > > > -From: Andreas Schneider > > > -Date: Tue, 18 Feb 2014 13:52:49 +0100 > > > -Subject: [PATCH 7/7] s3-auth: Pass mem_ctx to do_map_to_guest_server= _info(). > > > - > > > -Change-Id: If53117023e3ab37c810193edd00a81d247fdde7a > > > -Reviewed-by: Andrew Bartlett > > > - > > > -Autobuild-User(master): Andrew Bartlett > > > -Autobuild-Date(master): Wed Feb 19 01:28:14 CET 2014 on sn-devel-104 > > > - > > > -(cherry picked from commit 79e2725f339e7c5336b4053348c4266268de6ca3) > > > ---- > > > - source3/auth/auth_ntlmssp.c | 7 ++++--- > > > - source3/auth/auth_util.c | 12 +++++++----- > > > - source3/auth/proto.h | 8 +++++--- > > > - 3 files changed, 16 insertions(+), 11 deletions(-) > > > - > > > -diff --git a/source3/auth/auth_ntlmssp.c b/source3/auth/auth_ntlmssp= =2Ec > > > -index cb7726c..d4fe901 100644 > > > ---- a/source3/auth/auth_ntlmssp.c > > > -+++ b/source3/auth/auth_ntlmssp.c > > > -@@ -151,10 +151,11 @@ NTSTATUS auth3_check_password(struct auth4_con= text *auth4_context, > > > - free_user_info(&mapped_user_info); > > > -=20 > > > - if (!NT_STATUS_IS_OK(nt_status)) { > > > -- nt_status =3D do_map_to_guest_server_info(nt_status, > > > -- &server_info, > > > -+ nt_status =3D do_map_to_guest_server_info(mem_ctx, > > > -+ nt_status, > > > - user_info->client.account_name, > > > -- user_info->client.domain_name); > > > -+ user_info->client.domain_name, > > > -+ &server_info); > > > - *server_returned_info =3D talloc_steal(mem_ctx, server_info); > > > - return nt_status; > > > - } > > > -diff --git a/source3/auth/auth_util.c b/source3/auth/auth_util.c > > > -index 24190af..8cf5cb7 100644 > > > ---- a/source3/auth/auth_util.c > > > -+++ b/source3/auth/auth_util.c > > > -@@ -1536,9 +1536,11 @@ bool is_trusted_domain(const char* dom_name) > > > - on a logon error possibly map the error to success if "map to gue= st" > > > - is set approriately > > > - */ > > > --NTSTATUS do_map_to_guest_server_info(NTSTATUS status, > > > -- struct auth_serversupplied_info **server_info, > > > -- const char *user, const char *domain) > > > -+NTSTATUS do_map_to_guest_server_info(TALLOC_CTX *mem_ctx, > > > -+ NTSTATUS status, > > > -+ const char *user, > > > -+ const char *domain, > > > -+ struct auth_serversupplied_info **server_info) > > > - { > > > - user =3D user ? user : ""; > > > - domain =3D domain ? domain : ""; > > > -@@ -1548,13 +1550,13 @@ NTSTATUS do_map_to_guest_server_info(NTSTATU= S status, > > > - (lp_map_to_guest() =3D=3D MAP_TO_GUEST_ON_BAD_PASSWORD)) { > > > - DEBUG(3,("No such user %s [%s] - using guest account\n", > > > - user, domain)); > > > -- return make_server_info_guest(NULL, server_info); > > > -+ return make_server_info_guest(mem_ctx, server_info); > > > - } > > > - } else if (NT_STATUS_EQUAL(status, NT_STATUS_WRONG_PASSWORD)) { > > > - if (lp_map_to_guest() =3D=3D MAP_TO_GUEST_ON_BAD_PASSWORD) { > > > - DEBUG(3,("Registered username %s for guest access\n", > > > - user)); > > > -- return make_server_info_guest(NULL, server_info); > > > -+ return make_server_info_guest(mem_ctx, server_info); > > > - } > > > - } > > > -=20 > > > -diff --git a/source3/auth/proto.h b/source3/auth/proto.h > > > -index 15b1ba0..7b8959f 100644 > > > ---- a/source3/auth/proto.h > > > -+++ b/source3/auth/proto.h > > > -@@ -264,9 +264,11 @@ NTSTATUS make_user_info(struct auth_usersupplie= d_info **ret_user_info, > > > - enum auth_password_state password_state); > > > - void free_user_info(struct auth_usersupplied_info **user_info); > > > -=20 > > > --NTSTATUS do_map_to_guest_server_info(NTSTATUS status, > > > -- struct auth_serversupplied_info **server_info, > > > -- const char *user, const char *domain); > > > -+NTSTATUS do_map_to_guest_server_info(TALLOC_CTX *mem_ctx, > > > -+ NTSTATUS status, > > > -+ const char *user, > > > -+ const char *domain, > > > -+ struct auth_serversupplied_info **server_info); > > > -=20 > > > - /* The following definitions come from auth/auth_winbind.c */ > > > -=20 > > > ---=20 > > > -1.8.5.2 > > > - > > > diff --git a/meta-networking/recipes-connectivity/samba/samba-4.1.12/= 02-fix-ipv6-join.patch b/meta-networking/recipes-connectivity/samba/samba-4= =2E1.12/02-fix-ipv6-join.patch > > > deleted file mode 100644 > > > index daa283e..0000000 > > > --- a/meta-networking/recipes-connectivity/samba/samba-4.1.12/02-fix-= ipv6-join.patch > > > +++ /dev/null > > > @@ -1,266 +0,0 @@ > > > -From 168627e1877317db86471a4b0360dccd9f469aaa Mon Sep 17 00:00:00 20= 01 > > > -From: =3D?UTF-8?q?G=3DC3=3DBCnther=3D20Deschner?=3D > > > -Date: Mon, 13 Jan 2014 15:59:26 +0100 > > > -Subject: [PATCH 1/2] s3-kerberos: remove print_kdc_line() completely. > > > -MIME-Version: 1.0 > > > -Content-Type: text/plain; charset=3DUTF-8 > > > -Content-Transfer-Encoding: 8bit > > > - > > > -Just calling print_canonical_sockaddr() is sufficient, as it already= deals with > > > -ipv6 as well. The port handling, which was only done for IPv6 (not I= Pv4), is > > > -removed as well. It was pointless because it always derived the port= number from > > > -the provided address which was either a SMB (usually port 445) or LD= AP > > > -connection. No KDC will ever run on port 389 or 445 on a Windows/Sam= ba DC. > > > -Finally, the kerberos libraries that we support and build with, can = deal with > > > -ipv6 addresses in krb5.conf, so we no longer put the (unnecessary) b= urden of > > > -resolving the DC name on the kerberos library anymore. > > > - > > > -Guenther > > > - > > > -Signed-off-by: G=C3=BCnther Deschner > > > -Reviewed-by: Andreas Schneider > > > ---- > > > - source3/libads/kerberos.c | 73 ++++--------------------------------= ----------- > > > - 1 file changed, 5 insertions(+), 68 deletions(-) > > > - > > > -diff --git a/source3/libads/kerberos.c b/source3/libads/kerberos.c > > > -index b026e09..ea14350 100644 > > > ---- a/source3/libads/kerberos.c > > > -+++ b/source3/libads/kerberos.c > > > -@@ -592,70 +592,6 @@ int kerberos_kinit_password(const char *princip= al, > > > - /******************************************************************= ****** > > > - *******************************************************************= *****/ > > > -=20 > > > --static char *print_kdc_line(char *mem_ctx, > > > -- const char *prev_line, > > > -- const struct sockaddr_storage *pss, > > > -- const char *kdc_name) > > > --{ > > > -- char addr[INET6_ADDRSTRLEN]; > > > -- uint16_t port =3D get_sockaddr_port(pss); > > > -- > > > -- if (pss->ss_family =3D=3D AF_INET) { > > > -- return talloc_asprintf(mem_ctx, "%s\tkdc =3D %s\n", > > > -- prev_line, > > > -- print_canonical_sockaddr(mem_ctx, pss)); > > > -- } > > > -- > > > -- /* > > > -- * IPv6 starts here > > > -- */ > > > -- > > > -- DEBUG(10, ("print_kdc_line: IPv6 case for kdc_name: %s, port: %d\n= ", > > > -- kdc_name, port)); > > > -- > > > -- if (port !=3D 0 && port !=3D DEFAULT_KRB5_PORT) { > > > -- /* Currently for IPv6 we can't specify a non-default > > > -- krb5 port with an address, as this requires a ':'. > > > -- Resolve to a name. */ > > > -- char hostname[MAX_DNS_NAME_LENGTH]; > > > -- int ret =3D sys_getnameinfo((const struct sockaddr *)pss, > > > -- sizeof(*pss), > > > -- hostname, sizeof(hostname), > > > -- NULL, 0, > > > -- NI_NAMEREQD); > > > -- if (ret) { > > > -- DEBUG(0,("print_kdc_line: can't resolve name " > > > -- "for kdc with non-default port %s. " > > > -- "Error %s\n.", > > > -- print_canonical_sockaddr(mem_ctx, pss), > > > -- gai_strerror(ret))); > > > -- return NULL; > > > -- } > > > -- /* Success, use host:port */ > > > -- return talloc_asprintf(mem_ctx, > > > -- "%s\tkdc =3D %s:%u\n", > > > -- prev_line, > > > -- hostname, > > > -- (unsigned int)port); > > > -- } > > > -- > > > -- /* no krb5 lib currently supports "kdc =3D ipv6 address" > > > -- * at all, so just fill in just the kdc_name if we have > > > -- * it and let the krb5 lib figure out the appropriate > > > -- * ipv6 address - gd */ > > > -- > > > -- if (kdc_name) { > > > -- return talloc_asprintf(mem_ctx, "%s\tkdc =3D %s\n", > > > -- prev_line, kdc_name); > > > -- } > > > -- > > > -- return talloc_asprintf(mem_ctx, "%s\tkdc =3D %s\n", > > > -- prev_line, > > > -- print_sockaddr(addr, > > > -- sizeof(addr), > > > -- pss)); > > > --} > > > -- > > > - /******************************************************************= ****** > > > - Create a string list of available kdc's, possibly searching by sit= ename. > > > - Does DNS queries. > > > -@@ -698,7 +634,8 @@ static char *get_kdc_ip_string(char *mem_ctx, > > > - char *result =3D NULL; > > > - struct netlogon_samlogon_response **responses =3D NULL; > > > - NTSTATUS status; > > > -- char *kdc_str =3D print_kdc_line(mem_ctx, "", pss, kdc_name); > > > -+ char *kdc_str =3D talloc_asprintf(mem_ctx, "%s\tkdc =3D %s\n", "", > > > -+ print_canonical_sockaddr(mem_ctx, pss)); > > > -=20 > > > - if (kdc_str =3D=3D NULL) { > > > - TALLOC_FREE(frame); > > > -@@ -788,9 +725,9 @@ static char *get_kdc_ip_string(char *mem_ctx, > > > - } > > > -=20 > > > - /* Append to the string - inefficient but not done often. */ > > > -- new_kdc_str =3D print_kdc_line(mem_ctx, kdc_str, > > > -- &dc_addrs[i], > > > -- kdc_name); > > > -+ new_kdc_str =3D talloc_asprintf(mem_ctx, "%s\tkdc =3D %s\n", > > > -+ kdc_str, > > > -+ print_canonical_sockaddr(mem_ctx, &dc_addrs[i])); > > > - if (new_kdc_str =3D=3D NULL) { > > > - goto fail; > > > - } > > > ---=20 > > > -1.8.5.3 > > > - > > > - > > > -From 3edb3d4084548960f03356cf4c44a6892e6efb84 Mon Sep 17 00:00:00 20= 01 > > > -From: =3D?UTF-8?q?G=3DC3=3DBCnther=3D20Deschner?=3D > > > -Date: Fri, 7 Mar 2014 14:47:31 +0100 > > > -Subject: [PATCH 2/2] s3-kerberos: remove unused kdc_name from > > > - create_local_private_krb5_conf_for_domain(). > > > -MIME-Version: 1.0 > > > -Content-Type: text/plain; charset=3DUTF-8 > > > -Content-Transfer-Encoding: 8bit > > > - > > > -Guenther > > > - > > > -Signed-off-by: G=C3=BCnther Deschner > > > -Reviewed-by: Andreas Schneider > > > ---- > > > - source3/libads/kerberos.c | 10 ++++------ > > > - source3/libads/kerberos_proto.h | 3 +-- > > > - source3/libnet/libnet_join.c | 3 +-- > > > - source3/libsmb/namequery_dc.c | 6 ++---- > > > - source3/winbindd/winbindd_cm.c | 6 ++---- > > > - 5 files changed, 10 insertions(+), 18 deletions(-) > > > - > > > -diff --git a/source3/libads/kerberos.c b/source3/libads/kerberos.c > > > -index ea14350..649e568 100644 > > > ---- a/source3/libads/kerberos.c > > > -+++ b/source3/libads/kerberos.c > > > -@@ -618,8 +618,7 @@ static void add_sockaddr_unique(struct sockaddr_= storage *addrs, int *num_addrs, > > > - static char *get_kdc_ip_string(char *mem_ctx, > > > - const char *realm, > > > - const char *sitename, > > > -- const struct sockaddr_storage *pss, > > > -- const char *kdc_name) > > > -+ const struct sockaddr_storage *pss) > > > - { > > > - TALLOC_CTX *frame =3D talloc_stackframe(); > > > - int i; > > > -@@ -756,8 +755,7 @@ fail: > > > - bool create_local_private_krb5_conf_for_domain(const char *realm, > > > - const char *domain, > > > - const char *sitename, > > > -- const struct sockaddr_storage *pss, > > > -- const char *kdc_name) > > > -+ const struct sockaddr_storage *pss) > > > - { > > > - char *dname; > > > - char *tmpname =3D NULL; > > > -@@ -782,7 +780,7 @@ bool create_local_private_krb5_conf_for_domain(c= onst char *realm, > > > - return false; > > > - } > > > -=20 > > > -- if (domain =3D=3D NULL || pss =3D=3D NULL || kdc_name =3D=3D NULL)= { > > > -+ if (domain =3D=3D NULL || pss =3D=3D NULL) { > > > - return false; > > > - } > > > -=20 > > > -@@ -815,7 +813,7 @@ bool create_local_private_krb5_conf_for_domain(c= onst char *realm, > > > - goto done; > > > - } > > > -=20 > > > -- kdc_ip_string =3D get_kdc_ip_string(dname, realm, sitename, pss, k= dc_name); > > > -+ kdc_ip_string =3D get_kdc_ip_string(dname, realm, sitename, pss); > > > - if (!kdc_ip_string) { > > > - goto done; > > > - } > > > -diff --git a/source3/libads/kerberos_proto.h b/source3/libads/kerber= os_proto.h > > > -index f7470d2..2559634 100644 > > > ---- a/source3/libads/kerberos_proto.h > > > -+++ b/source3/libads/kerberos_proto.h > > > -@@ -62,8 +62,7 @@ int kerberos_kinit_password(const char *principal, > > > - bool create_local_private_krb5_conf_for_domain(const char *realm, > > > - const char *domain, > > > - const char *sitename, > > > -- const struct sockaddr_storage *pss, > > > -- const char *kdc_name); > > > -+ const struct sockaddr_storage *pss); > > > -=20 > > > - /* The following definitions come from libads/authdata.c */ > > > -=20 > > > -diff --git a/source3/libnet/libnet_join.c b/source3/libnet/libnet_jo= in.c > > > -index a87eb38..68884cd 100644 > > > ---- a/source3/libnet/libnet_join.c > > > -+++ b/source3/libnet/libnet_join.c > > > -@@ -2152,8 +2152,7 @@ static WERROR libnet_DomainJoin(TALLOC_CTX *me= m_ctx, > > > -=20 > > > - create_local_private_krb5_conf_for_domain( > > > - r->out.dns_domain_name, r->out.netbios_domain_name, > > > -- NULL, smbXcli_conn_remote_sockaddr(cli->conn), > > > -- smbXcli_conn_remote_name(cli->conn)); > > > -+ NULL, smbXcli_conn_remote_sockaddr(cli->conn)); > > > -=20 > > > - if (r->out.domain_is_ad && r->in.account_ou && > > > - !(r->in.join_flags & WKSSVC_JOIN_FLAGS_JOIN_UNSECURE)) { > > > -diff --git a/source3/libsmb/namequery_dc.c b/source3/libsmb/namequer= y_dc.c > > > -index 3cfae79..eb34741 100644 > > > ---- a/source3/libsmb/namequery_dc.c > > > -+++ b/source3/libsmb/namequery_dc.c > > > -@@ -112,14 +112,12 @@ static bool ads_dc_name(const char *domain, > > > - create_local_private_krb5_conf_for_domain(realm, > > > - domain, > > > - sitename, > > > -- &ads->ldap.ss, > > > -- ads->config.ldap_server_name); > > > -+ &ads->ldap.ss); > > > - } else { > > > - create_local_private_krb5_conf_for_domain(realm, > > > - domain, > > > - NULL, > > > -- &ads->ldap.ss, > > > -- ads->config.ldap_server_name); > > > -+ &ads->ldap.ss); > > > - } > > > - } > > > - #endif > > > -diff --git a/source3/winbindd/winbindd_cm.c b/source3/winbindd/winbi= ndd_cm.c > > > -index 669a43e..be13a57 100644 > > > ---- a/source3/winbindd/winbindd_cm.c > > > -+++ b/source3/winbindd/winbindd_cm.c > > > -@@ -1233,8 +1233,7 @@ static bool dcip_to_name(TALLOC_CTX *mem_ctx, > > > - create_local_private_krb5_conf_for_domain(domain->alt_name, > > > - domain->name, > > > - sitename, > > > -- pss, > > > -- *name); > > > -+ pss); > > > -=20 > > > - SAFE_FREE(sitename); > > > - } else { > > > -@@ -1242,8 +1241,7 @@ static bool dcip_to_name(TALLOC_CTX *mem_ctx, > > > - create_local_private_krb5_conf_for_domain(domain->alt_name, > > > - domain->name, > > > - NULL, > > > -- pss, > > > -- *name); > > > -+ pss); > > > - } > > > - winbindd_set_locator_kdc_envs(domain); > > > -=20 > > > ---=20 > > > -1.8.5.3 > > > - > > > diff --git a/meta-networking/recipes-connectivity/samba/samba-4.1.12/= 03-net-ads-kerberos-pac.patch b/meta-networking/recipes-connectivity/samba/= samba-4.1.12/03-net-ads-kerberos-pac.patch > > > deleted file mode 100644 > > > index 26a4caf..0000000 > > > --- a/meta-networking/recipes-connectivity/samba/samba-4.1.12/03-net-= ads-kerberos-pac.patch > > > +++ /dev/null > > > @@ -1,962 +0,0 @@ > > > -From 932490ae08578c37523e00e537017603ee00ce7c Mon Sep 17 00:00:00 20= 01 > > > -From: =3D?UTF-8?q?G=3DC3=3DBCnther=3D20Deschner?=3D > > > -Date: Fri, 17 Jan 2014 14:29:03 +0100 > > > -Subject: [PATCH 1/8] s3-libads: pass down local_service to > > > - kerberos_return_pac(). > > > -MIME-Version: 1.0 > > > -Content-Type: text/plain; charset=3DUTF-8 > > > -Content-Transfer-Encoding: 8bit > > > - > > > -Guenther > > > - > > > -Signed-off-by: G=C3=BCnther Deschner > > > -Reviewed-by: Andreas Schneider > > > ---- > > > - source3/libads/authdata.c | 6 +----- > > > - source3/libads/kerberos_proto.h | 1 + > > > - source3/utils/net_ads.c | 8 ++++++++ > > > - source3/winbindd/winbindd_pam.c | 9 +++++++++ > > > - 4 files changed, 19 insertions(+), 5 deletions(-) > > > - > > > -diff --git a/source3/libads/authdata.c b/source3/libads/authdata.c > > > -index 801e551..dd80dc2 100644 > > > ---- a/source3/libads/authdata.c > > > -+++ b/source3/libads/authdata.c > > > -@@ -101,13 +101,13 @@ NTSTATUS kerberos_return_pac(TALLOC_CTX *mem_c= tx, > > > - bool add_netbios_addr, > > > - time_t renewable_time, > > > - const char *impersonate_princ_s, > > > -+ const char *local_service, > > > - struct PAC_LOGON_INFO **_logon_info) > > > - { > > > - krb5_error_code ret; > > > - NTSTATUS status =3D NT_STATUS_INVALID_PARAMETER; > > > - DATA_BLOB tkt, tkt_wrapped, ap_rep, sesskey1; > > > - const char *auth_princ =3D NULL; > > > -- const char *local_service =3D NULL; > > > - const char *cc =3D "MEMORY:kerberos_return_pac"; > > > - struct auth_session_info *session_info; > > > - struct gensec_security *gensec_server_context; > > > -@@ -141,10 +141,6 @@ NTSTATUS kerberos_return_pac(TALLOC_CTX *mem_ct= x, > > > - } > > > - NT_STATUS_HAVE_NO_MEMORY(auth_princ); > > > -=20 > > > -- local_service =3D talloc_asprintf(mem_ctx, "%s$@%s", > > > -- lp_netbios_name(), lp_realm()); > > > -- NT_STATUS_HAVE_NO_MEMORY(local_service); > > > -- > > > - ret =3D kerberos_kinit_password_ext(auth_princ, > > > - pass, > > > - time_offset, > > > -diff --git a/source3/libads/kerberos_proto.h b/source3/libads/kerber= os_proto.h > > > -index 2559634..1151d66 100644 > > > ---- a/source3/libads/kerberos_proto.h > > > -+++ b/source3/libads/kerberos_proto.h > > > -@@ -77,6 +77,7 @@ NTSTATUS kerberos_return_pac(TALLOC_CTX *mem_ctx, > > > - bool add_netbios_addr, > > > - time_t renewable_time, > > > - const char *impersonate_princ_s, > > > -+ const char *local_service, > > > - struct PAC_LOGON_INFO **logon_info); > > > -=20 > > > - /* The following definitions come from libads/krb5_setpw.c */ > > > -diff --git a/source3/utils/net_ads.c b/source3/utils/net_ads.c > > > -index 89eebf3..5a073b1 100644 > > > ---- a/source3/utils/net_ads.c > > > -+++ b/source3/utils/net_ads.c > > > -@@ -2604,6 +2604,7 @@ static int net_ads_kerberos_pac(struct net_con= text *c, int argc, const char **ar > > > - NTSTATUS status; > > > - int ret =3D -1; > > > - const char *impersonate_princ_s =3D NULL; > > > -+ const char *local_service =3D NULL; > > > -=20 > > > - if (c->display_usage) { > > > - d_printf( "%s\n" > > > -@@ -2623,6 +2624,12 @@ static int net_ads_kerberos_pac(struct net_co= ntext *c, int argc, const char **ar > > > - impersonate_princ_s =3D argv[0]; > > > - } > > > -=20 > > > -+ local_service =3D talloc_asprintf(mem_ctx, "%s$@%s", > > > -+ lp_netbios_name(), lp_realm()); > > > -+ if (local_service =3D=3D NULL) { > > > -+ goto out; > > > -+ } > > > -+ > > > - c->opt_password =3D net_prompt_pass(c, c->opt_user_name); > > > -=20 > > > - status =3D kerberos_return_pac(mem_ctx, > > > -@@ -2636,6 +2643,7 @@ static int net_ads_kerberos_pac(struct net_con= text *c, int argc, const char **ar > > > - true, > > > - 2592000, /* one month */ > > > - impersonate_princ_s, > > > -+ local_service, > > > - &info); > > > - if (!NT_STATUS_IS_OK(status)) { > > > - d_printf(_("failed to query kerberos PAC: %s\n"), > > > -diff --git a/source3/winbindd/winbindd_pam.c b/source3/winbindd/winb= indd_pam.c > > > -index 3f3ec70..61e2cef 100644 > > > ---- a/source3/winbindd/winbindd_pam.c > > > -+++ b/source3/winbindd/winbindd_pam.c > > > -@@ -576,6 +576,7 @@ static NTSTATUS winbindd_raw_kerberos_login(TALL= OC_CTX *mem_ctx, > > > - time_t time_offset =3D 0; > > > - const char *user_ccache_file; > > > - struct PAC_LOGON_INFO *logon_info =3D NULL; > > > -+ const char *local_service; > > > -=20 > > > - *info3 =3D NULL; > > > -=20 > > > -@@ -632,6 +633,13 @@ static NTSTATUS winbindd_raw_kerberos_login(TAL= LOC_CTX *mem_ctx, > > > - return NT_STATUS_NO_MEMORY; > > > - } > > > -=20 > > > -+ local_service =3D talloc_asprintf(mem_ctx, "%s$@%s", > > > -+ lp_netbios_name(), lp_realm()); > > > -+ if (local_service =3D=3D NULL) { > > > -+ return NT_STATUS_NO_MEMORY; > > > -+ } > > > -+ > > > -+ > > > - /* if this is a user ccache, we need to act as the user to let the= krb5 > > > - * library handle the chown, etc. */ > > > -=20 > > > -@@ -653,6 +661,7 @@ static NTSTATUS winbindd_raw_kerberos_login(TALL= OC_CTX *mem_ctx, > > > - true, > > > - WINBINDD_PAM_AUTH_KRB5_RENEW_TIME, > > > - NULL, > > > -+ local_service, > > > - &logon_info); > > > - if (user_ccache_file !=3D NULL) { > > > - gain_root_privilege(); > > > ---=20 > > > -1.8.5.3 > > > - > > > - > > > -From baed403983a5bb2e728249443fdfc9167a87f526 Mon Sep 17 00:00:00 20= 01 > > > -From: =3D?UTF-8?q?G=3DC3=3DBCnther=3D20Deschner?=3D > > > -Date: Mon, 3 Mar 2014 12:14:51 +0100 > > > -Subject: [PATCH 2/8] auth/kerberos: fix a typo. > > > -MIME-Version: 1.0 > > > -Content-Type: text/plain; charset=3DUTF-8 > > > -Content-Transfer-Encoding: 8bit > > > - > > > -Guenther > > > - > > > -Signed-off-by: G=C3=BCnther Deschner > > > -Reviewed-by: Andreas Schneider > > > ---- > > > - auth/kerberos/kerberos_pac.c | 2 +- > > > - 1 file changed, 1 insertion(+), 1 deletion(-) > > > - > > > -diff --git a/auth/kerberos/kerberos_pac.c b/auth/kerberos/kerberos_p= ac.c > > > -index 81f7f21..8f55c8f 100644 > > > ---- a/auth/kerberos/kerberos_pac.c > > > -+++ b/auth/kerberos/kerberos_pac.c > > > -@@ -79,7 +79,7 @@ krb5_error_code check_pac_checksum(DATA_BLOB pac_d= ata, > > > - } > > > -=20 > > > - /** > > > --* @brief Decode a blob containing a NDR envoded PAC structure > > > -+* @brief Decode a blob containing a NDR encoded PAC structure > > > - * > > > - * @param mem_ctx - The memory context > > > - * @param pac_data_blob - The data blob containing the NDR encoded= data > > > ---=20 > > > -1.8.5.3 > > > - > > > - > > > -From 9725a86e60bb6ef6e912621e81acc955ae2f70a8 Mon Sep 17 00:00:00 20= 01 > > > -From: =3D?UTF-8?q?G=3DC3=3DBCnther=3D20Deschner?=3D > > > -Date: Mon, 10 Mar 2014 15:11:18 +0100 > > > -Subject: [PATCH 3/8] s3-net: change the way impersonation principals= are used > > > - in "net ads kerberos pac". > > > -MIME-Version: 1.0 > > > -Content-Type: text/plain; charset=3DUTF-8 > > > -Content-Transfer-Encoding: 8bit > > > - > > > -Guenther > > > - > > > -Signed-off-by: G=C3=BCnther Deschner > > > -Reviewed-by: Andreas Schneider > > > ---- > > > - source3/utils/net_ads.c | 14 ++++++++++---- > > > - 1 file changed, 10 insertions(+), 4 deletions(-) > > > - > > > -diff --git a/source3/utils/net_ads.c b/source3/utils/net_ads.c > > > -index 5a073b1..ac6346f 100644 > > > ---- a/source3/utils/net_ads.c > > > -+++ b/source3/utils/net_ads.c > > > -@@ -2605,6 +2605,7 @@ static int net_ads_kerberos_pac(struct net_con= text *c, int argc, const char **ar > > > - int ret =3D -1; > > > - const char *impersonate_princ_s =3D NULL; > > > - const char *local_service =3D NULL; > > > -+ int i; > > > -=20 > > > - if (c->display_usage) { > > > - d_printf( "%s\n" > > > -@@ -2615,15 +2616,20 @@ static int net_ads_kerberos_pac(struct net_c= ontext *c, int argc, const char **ar > > > - return 0; > > > - } > > > -=20 > > > -+ for (i=3D0; i > > -+ if (strnequal(argv[i], "impersonate", strlen("impersonate"))) { > > > -+ impersonate_princ_s =3D get_string_param(argv[i]); > > > -+ if (impersonate_princ_s =3D=3D NULL) { > > > -+ return -1; > > > -+ } > > > -+ } > > > -+ } > > > -+ > > > - mem_ctx =3D talloc_init("net_ads_kerberos_pac"); > > > - if (!mem_ctx) { > > > - goto out; > > > - } > > > -=20 > > > -- if (argc > 0) { > > > -- impersonate_princ_s =3D argv[0]; > > > -- } > > > -- > > > - local_service =3D talloc_asprintf(mem_ctx, "%s$@%s", > > > - lp_netbios_name(), lp_realm()); > > > - if (local_service =3D=3D NULL) { > > > ---=20 > > > -1.8.5.3 > > > - > > > - > > > -From 35a1ed22f65473fabb2f4846f6d2b50da1847f6a Mon Sep 17 00:00:00 20= 01 > > > -From: =3D?UTF-8?q?G=3DC3=3DBCnther=3D20Deschner?=3D > > > -Date: Tue, 11 Mar 2014 16:34:36 +0100 > > > -Subject: [PATCH 4/8] s3-net: allow to provide custom local_service i= n "net ads > > > - kerberos pac". > > > -MIME-Version: 1.0 > > > -Content-Type: text/plain; charset=3DUTF-8 > > > -Content-Transfer-Encoding: 8bit > > > - > > > -Guenther > > > - > > > -Signed-off-by: G=C3=BCnther Deschner > > > -Reviewed-by: Andreas Schneider > > > ---- > > > - source3/utils/net_ads.c | 14 +++++++++++--- > > > - 1 file changed, 11 insertions(+), 3 deletions(-) > > > - > > > -diff --git a/source3/utils/net_ads.c b/source3/utils/net_ads.c > > > -index ac6346f..c53c8c6 100644 > > > ---- a/source3/utils/net_ads.c > > > -+++ b/source3/utils/net_ads.c > > > -@@ -2623,6 +2623,12 @@ static int net_ads_kerberos_pac(struct net_co= ntext *c, int argc, const char **ar > > > - return -1; > > > - } > > > - } > > > -+ if (strnequal(argv[i], "local_service", strlen("local_service")))= { > > > -+ local_service =3D get_string_param(argv[i]); > > > -+ if (local_service =3D=3D NULL) { > > > -+ return -1; > > > -+ } > > > -+ } > > > - } > > > -=20 > > > - mem_ctx =3D talloc_init("net_ads_kerberos_pac"); > > > -@@ -2630,10 +2636,12 @@ static int net_ads_kerberos_pac(struct net_c= ontext *c, int argc, const char **ar > > > - goto out; > > > - } > > > -=20 > > > -- local_service =3D talloc_asprintf(mem_ctx, "%s$@%s", > > > -- lp_netbios_name(), lp_realm()); > > > - if (local_service =3D=3D NULL) { > > > -- goto out; > > > -+ local_service =3D talloc_asprintf(mem_ctx, "%s$@%s", > > > -+ lp_netbios_name(), lp_realm()); > > > -+ if (local_service =3D=3D NULL) { > > > -+ goto out; > > > -+ } > > > - } > > > -=20 > > > - c->opt_password =3D net_prompt_pass(c, c->opt_user_name); > > > ---=20 > > > -1.8.5.3 > > > - > > > - > > > -From 1270e35ba70a4e4881512d375c767023512f67bd Mon Sep 17 00:00:00 20= 01 > > > -From: =3D?UTF-8?q?G=3DC3=3DBCnther=3D20Deschner?=3D > > > -Date: Fri, 21 Feb 2014 18:56:04 +0100 > > > -Subject: [PATCH 5/8] s3-kerberos: return a full PAC in kerberos_retu= rn_pac(). > > > -MIME-Version: 1.0 > > > -Content-Type: text/plain; charset=3DUTF-8 > > > -Content-Transfer-Encoding: 8bit > > > - > > > -Guenther > > > - > > > -Signed-off-by: G=C3=BCnther Deschner > > > -Reviewed-by: Andreas Schneider > > > ---- > > > - source3/libads/authdata.c | 28 +++++++++++++++++----------- > > > - source3/libads/kerberos_proto.h | 4 ++-- > > > - source3/utils/net_ads.c | 17 ++++++++++++++++- > > > - source3/winbindd/winbindd_pam.c | 22 +++++++++++++++++++++- > > > - 4 files changed, 56 insertions(+), 15 deletions(-) > > > - > > > -diff --git a/source3/libads/authdata.c b/source3/libads/authdata.c > > > -index dd80dc2..53e40ef 100644 > > > ---- a/source3/libads/authdata.c > > > -+++ b/source3/libads/authdata.c > > > -@@ -52,7 +52,7 @@ static NTSTATUS kerberos_fetch_pac(struct auth4_co= ntext *auth_ctx, > > > - struct auth_session_info **session_info) > > > - { > > > - TALLOC_CTX *tmp_ctx; > > > -- struct PAC_LOGON_INFO *logon_info =3D NULL; > > > -+ struct PAC_DATA *pac_data =3D NULL; > > > - NTSTATUS status =3D NT_STATUS_INTERNAL_ERROR; > > > -=20 > > > - tmp_ctx =3D talloc_new(mem_ctx); > > > -@@ -61,16 +61,22 @@ static NTSTATUS kerberos_fetch_pac(struct auth4_= context *auth_ctx, > > > - } > > > -=20 > > > - if (pac_blob) { > > > -- status =3D kerberos_pac_logon_info(tmp_ctx, *pac_blob, NULL, NULL, > > > -- NULL, NULL, 0, &logon_info); > > > -+ status =3D kerberos_decode_pac(tmp_ctx, > > > -+ *pac_blob, > > > -+ NULL, > > > -+ NULL, > > > -+ NULL, > > > -+ NULL, > > > -+ 0, > > > -+ &pac_data); > > > - if (!NT_STATUS_IS_OK(status)) { > > > - goto done; > > > - } > > > - } > > > -=20 > > > -- talloc_set_name_const(logon_info, "struct PAC_LOGON_INFO"); > > > -+ talloc_set_name_const(pac_data, "struct PAC_DATA"); > > > -=20 > > > -- auth_ctx->private_data =3D talloc_steal(auth_ctx, logon_info); > > > -+ auth_ctx->private_data =3D talloc_steal(auth_ctx, pac_data); > > > - *session_info =3D talloc_zero(mem_ctx, struct auth_session_info); > > > - if (!*session_info) { > > > - status =3D NT_STATUS_NO_MEMORY; > > > -@@ -102,7 +108,7 @@ NTSTATUS kerberos_return_pac(TALLOC_CTX *mem_ctx, > > > - time_t renewable_time, > > > - const char *impersonate_princ_s, > > > - const char *local_service, > > > -- struct PAC_LOGON_INFO **_logon_info) > > > -+ struct PAC_DATA **_pac_data) > > > - { > > > - krb5_error_code ret; > > > - NTSTATUS status =3D NT_STATUS_INVALID_PARAMETER; > > > -@@ -116,7 +122,7 @@ NTSTATUS kerberos_return_pac(TALLOC_CTX *mem_ctx, > > > - size_t idx =3D 0; > > > - struct auth4_context *auth_context; > > > - struct loadparm_context *lp_ctx; > > > -- struct PAC_LOGON_INFO *logon_info =3D NULL; > > > -+ struct PAC_DATA *pac_data =3D NULL; > > > -=20 > > > - TALLOC_CTX *tmp_ctx =3D talloc_new(mem_ctx); > > > - NT_STATUS_HAVE_NO_MEMORY(tmp_ctx); > > > -@@ -272,15 +278,15 @@ NTSTATUS kerberos_return_pac(TALLOC_CTX *mem_c= tx, > > > - goto out; > > > - } > > > -=20 > > > -- logon_info =3D talloc_get_type_abort(gensec_server_context->auth_c= ontext->private_data, > > > -- struct PAC_LOGON_INFO); > > > -- if (logon_info =3D=3D NULL) { > > > -+ pac_data =3D talloc_get_type_abort(gensec_server_context->auth_con= text->private_data, > > > -+ struct PAC_DATA); > > > -+ if (pac_data =3D=3D NULL) { > > > - DEBUG(1,("no PAC\n")); > > > - status =3D NT_STATUS_INVALID_PARAMETER; > > > - goto out; > > > - } > > > -=20 > > > -- *_logon_info =3D talloc_move(mem_ctx, &logon_info); > > > -+ *_pac_data =3D talloc_move(mem_ctx, &pac_data); > > > -=20 > > > - out: > > > - talloc_free(tmp_ctx); > > > -diff --git a/source3/libads/kerberos_proto.h b/source3/libads/kerber= os_proto.h > > > -index 1151d66..b2f7486 100644 > > > ---- a/source3/libads/kerberos_proto.h > > > -+++ b/source3/libads/kerberos_proto.h > > > -@@ -32,7 +32,7 @@ > > > -=20 > > > - #include "system/kerberos.h" > > > -=20 > > > --struct PAC_LOGON_INFO; > > > -+struct PAC_DATA; > > > -=20 > > > - #include "libads/ads_status.h" > > > -=20 > > > -@@ -78,7 +78,7 @@ NTSTATUS kerberos_return_pac(TALLOC_CTX *mem_ctx, > > > - time_t renewable_time, > > > - const char *impersonate_princ_s, > > > - const char *local_service, > > > -- struct PAC_LOGON_INFO **logon_info); > > > -+ struct PAC_DATA **pac_data); > > > -=20 > > > - /* The following definitions come from libads/krb5_setpw.c */ > > > -=20 > > > -diff --git a/source3/utils/net_ads.c b/source3/utils/net_ads.c > > > -index c53c8c6..19da6da 100644 > > > ---- a/source3/utils/net_ads.c > > > -+++ b/source3/utils/net_ads.c > > > -@@ -2600,6 +2600,7 @@ static int net_ads_kerberos_renew(struct net_c= ontext *c, int argc, const char ** > > > - static int net_ads_kerberos_pac(struct net_context *c, int argc, co= nst char **argv) > > > - { > > > - struct PAC_LOGON_INFO *info =3D NULL; > > > -+ struct PAC_DATA *pac_data =3D NULL; > > > - TALLOC_CTX *mem_ctx =3D NULL; > > > - NTSTATUS status; > > > - int ret =3D -1; > > > -@@ -2658,13 +2659,27 @@ static int net_ads_kerberos_pac(struct net_c= ontext *c, int argc, const char **ar > > > - 2592000, /* one month */ > > > - impersonate_princ_s, > > > - local_service, > > > -- &info); > > > -+ &pac_data); > > > - if (!NT_STATUS_IS_OK(status)) { > > > - d_printf(_("failed to query kerberos PAC: %s\n"), > > > - nt_errstr(status)); > > > - goto out; > > > - } > > > -=20 > > > -+ for (i=3D0; i < pac_data->num_buffers; i++) { > > > -+ > > > -+ if (pac_data->buffers[i].type !=3D PAC_TYPE_LOGON_INFO) { > > > -+ continue; > > > -+ } > > > -+ > > > -+ info =3D pac_data->buffers[i].info->logon_info.info; > > > -+ if (!info) { > > > -+ goto out; > > > -+ } > > > -+ > > > -+ break; > > > -+ } > > > -+ > > > - if (info) { > > > - const char *s; > > > - s =3D NDR_PRINT_STRUCT_STRING(mem_ctx, PAC_LOGON_INFO, info); > > > -diff --git a/source3/winbindd/winbindd_pam.c b/source3/winbindd/winb= indd_pam.c > > > -index 61e2cef..a8daae51 100644 > > > ---- a/source3/winbindd/winbindd_pam.c > > > -+++ b/source3/winbindd/winbindd_pam.c > > > -@@ -576,7 +576,9 @@ static NTSTATUS winbindd_raw_kerberos_login(TALL= OC_CTX *mem_ctx, > > > - time_t time_offset =3D 0; > > > - const char *user_ccache_file; > > > - struct PAC_LOGON_INFO *logon_info =3D NULL; > > > -+ struct PAC_DATA *pac_data =3D NULL; > > > - const char *local_service; > > > -+ int i; > > > -=20 > > > - *info3 =3D NULL; > > > -=20 > > > -@@ -662,7 +664,7 @@ static NTSTATUS winbindd_raw_kerberos_login(TALL= OC_CTX *mem_ctx, > > > - WINBINDD_PAM_AUTH_KRB5_RENEW_TIME, > > > - NULL, > > > - local_service, > > > -- &logon_info); > > > -+ &pac_data); > > > - if (user_ccache_file !=3D NULL) { > > > - gain_root_privilege(); > > > - } > > > -@@ -673,6 +675,24 @@ static NTSTATUS winbindd_raw_kerberos_login(TAL= LOC_CTX *mem_ctx, > > > - goto failed; > > > - } > > > -=20 > > > -+ if (pac_data =3D=3D NULL) { > > > -+ goto failed; > > > -+ } > > > -+ > > > -+ for (i=3D0; i < pac_data->num_buffers; i++) { > > > -+ > > > -+ if (pac_data->buffers[i].type !=3D PAC_TYPE_LOGON_INFO) { > > > -+ continue; > > > -+ } > > > -+ > > > -+ logon_info =3D pac_data->buffers[i].info->logon_info.info; > > > -+ if (!logon_info) { > > > -+ return NT_STATUS_INVALID_PARAMETER; > > > -+ } > > > -+ > > > -+ break; > > > -+ } > > > -+ > > > - *info3 =3D &logon_info->info3; > > > -=20 > > > - DEBUG(10,("winbindd_raw_kerberos_login: winbindd validated ticket = of %s\n", > > > ---=20 > > > -1.8.5.3 > > > - > > > - > > > -From a8c2807a26d2f1ff094ed7ea5724c0394f79b888 Mon Sep 17 00:00:00 20= 01 > > > -From: =3D?UTF-8?q?G=3DC3=3DBCnther=3D20Deschner?=3D > > > -Date: Tue, 11 Mar 2014 18:07:11 +0100 > > > -Subject: [PATCH 6/8] s3-kerberos: let kerberos_return_pac() return a= PAC > > > - container. > > > -MIME-Version: 1.0 > > > -Content-Type: text/plain; charset=3DUTF-8 > > > -Content-Transfer-Encoding: 8bit > > > - > > > -Guenther > > > - > > > -Signed-off-by: G=C3=BCnther Deschner > > > -Reviewed-by: Andreas Schneider > > > ---- > > > - source3/libads/authdata.c | 29 +++++++++++++++++++++-------- > > > - source3/libads/kerberos_proto.h | 7 ++++++- > > > - source3/utils/net_ads.c | 5 ++++- > > > - source3/winbindd/winbindd_pam.c | 8 +++++++- > > > - 4 files changed, 38 insertions(+), 11 deletions(-) > > > - > > > -diff --git a/source3/libads/authdata.c b/source3/libads/authdata.c > > > -index 53e40ef..276408d 100644 > > > ---- a/source3/libads/authdata.c > > > -+++ b/source3/libads/authdata.c > > > -@@ -53,6 +53,7 @@ static NTSTATUS kerberos_fetch_pac(struct auth4_co= ntext *auth_ctx, > > > - { > > > - TALLOC_CTX *tmp_ctx; > > > - struct PAC_DATA *pac_data =3D NULL; > > > -+ struct PAC_DATA_CTR *pac_data_ctr =3D NULL; > > > - NTSTATUS status =3D NT_STATUS_INTERNAL_ERROR; > > > -=20 > > > - tmp_ctx =3D talloc_new(mem_ctx); > > > -@@ -74,9 +75,21 @@ static NTSTATUS kerberos_fetch_pac(struct auth4_c= ontext *auth_ctx, > > > - } > > > - } > > > -=20 > > > -- talloc_set_name_const(pac_data, "struct PAC_DATA"); > > > -+ pac_data_ctr =3D talloc(mem_ctx, struct PAC_DATA_CTR); > > > -+ if (pac_data_ctr =3D=3D NULL) { > > > -+ status =3D NT_STATUS_NO_MEMORY; > > > -+ goto done; > > > -+ } > > > -+ > > > -+ talloc_set_name_const(pac_data_ctr, "struct PAC_DATA_CTR"); > > > -+ > > > -+ pac_data_ctr->pac_data =3D talloc_steal(pac_data_ctr, pac_data); > > > -+ pac_data_ctr->pac_blob =3D data_blob_talloc(pac_data_ctr, > > > -+ pac_blob->data, > > > -+ pac_blob->length); > > > -+ > > > -+ auth_ctx->private_data =3D talloc_steal(auth_ctx, pac_data_ctr); > > > -=20 > > > -- auth_ctx->private_data =3D talloc_steal(auth_ctx, pac_data); > > > - *session_info =3D talloc_zero(mem_ctx, struct auth_session_info); > > > - if (!*session_info) { > > > - status =3D NT_STATUS_NO_MEMORY; > > > -@@ -108,7 +121,7 @@ NTSTATUS kerberos_return_pac(TALLOC_CTX *mem_ctx, > > > - time_t renewable_time, > > > - const char *impersonate_princ_s, > > > - const char *local_service, > > > -- struct PAC_DATA **_pac_data) > > > -+ struct PAC_DATA_CTR **_pac_data_ctr) > > > - { > > > - krb5_error_code ret; > > > - NTSTATUS status =3D NT_STATUS_INVALID_PARAMETER; > > > -@@ -122,7 +135,7 @@ NTSTATUS kerberos_return_pac(TALLOC_CTX *mem_ctx, > > > - size_t idx =3D 0; > > > - struct auth4_context *auth_context; > > > - struct loadparm_context *lp_ctx; > > > -- struct PAC_DATA *pac_data =3D NULL; > > > -+ struct PAC_DATA_CTR *pac_data_ctr =3D NULL; > > > -=20 > > > - TALLOC_CTX *tmp_ctx =3D talloc_new(mem_ctx); > > > - NT_STATUS_HAVE_NO_MEMORY(tmp_ctx); > > > -@@ -278,15 +291,15 @@ NTSTATUS kerberos_return_pac(TALLOC_CTX *mem_c= tx, > > > - goto out; > > > - } > > > -=20 > > > -- pac_data =3D talloc_get_type_abort(gensec_server_context->auth_con= text->private_data, > > > -- struct PAC_DATA); > > > -- if (pac_data =3D=3D NULL) { > > > -+ pac_data_ctr =3D talloc_get_type_abort(gensec_server_context->auth= _context->private_data, > > > -+ struct PAC_DATA_CTR); > > > -+ if (pac_data_ctr =3D=3D NULL) { > > > - DEBUG(1,("no PAC\n")); > > > - status =3D NT_STATUS_INVALID_PARAMETER; > > > - goto out; > > > - } > > > -=20 > > > -- *_pac_data =3D talloc_move(mem_ctx, &pac_data); > > > -+ *_pac_data_ctr =3D talloc_move(mem_ctx, &pac_data_ctr); > > > -=20 > > > - out: > > > - talloc_free(tmp_ctx); > > > -diff --git a/source3/libads/kerberos_proto.h b/source3/libads/kerber= os_proto.h > > > -index b2f7486..3d0ad4b 100644 > > > ---- a/source3/libads/kerberos_proto.h > > > -+++ b/source3/libads/kerberos_proto.h > > > -@@ -34,6 +34,11 @@ > > > -=20 > > > - struct PAC_DATA; > > > -=20 > > > -+struct PAC_DATA_CTR { > > > -+ DATA_BLOB pac_blob; > > > -+ struct PAC_DATA *pac_data; > > > -+}; > > > -+ > > > - #include "libads/ads_status.h" > > > -=20 > > > - /* The following definitions come from libads/kerberos.c */ > > > -@@ -78,7 +83,7 @@ NTSTATUS kerberos_return_pac(TALLOC_CTX *mem_ctx, > > > - time_t renewable_time, > > > - const char *impersonate_princ_s, > > > - const char *local_service, > > > -- struct PAC_DATA **pac_data); > > > -+ struct PAC_DATA_CTR **pac_data_ctr); > > > -=20 > > > - /* The following definitions come from libads/krb5_setpw.c */ > > > -=20 > > > -diff --git a/source3/utils/net_ads.c b/source3/utils/net_ads.c > > > -index 19da6da..19c28b1 100644 > > > ---- a/source3/utils/net_ads.c > > > -+++ b/source3/utils/net_ads.c > > > -@@ -2601,6 +2601,7 @@ static int net_ads_kerberos_pac(struct net_con= text *c, int argc, const char **ar > > > - { > > > - struct PAC_LOGON_INFO *info =3D NULL; > > > - struct PAC_DATA *pac_data =3D NULL; > > > -+ struct PAC_DATA_CTR *pac_data_ctr =3D NULL; > > > - TALLOC_CTX *mem_ctx =3D NULL; > > > - NTSTATUS status; > > > - int ret =3D -1; > > > -@@ -2659,13 +2660,15 @@ static int net_ads_kerberos_pac(struct net_c= ontext *c, int argc, const char **ar > > > - 2592000, /* one month */ > > > - impersonate_princ_s, > > > - local_service, > > > -- &pac_data); > > > -+ &pac_data_ctr); > > > - if (!NT_STATUS_IS_OK(status)) { > > > - d_printf(_("failed to query kerberos PAC: %s\n"), > > > - nt_errstr(status)); > > > - goto out; > > > - } > > > -=20 > > > -+ pac_data =3D pac_data_ctr->pac_data; > > > -+ > > > - for (i=3D0; i < pac_data->num_buffers; i++) { > > > -=20 > > > - if (pac_data->buffers[i].type !=3D PAC_TYPE_LOGON_INFO) { > > > -diff --git a/source3/winbindd/winbindd_pam.c b/source3/winbindd/winb= indd_pam.c > > > -index a8daae51..b41291e 100644 > > > ---- a/source3/winbindd/winbindd_pam.c > > > -+++ b/source3/winbindd/winbindd_pam.c > > > -@@ -577,6 +577,7 @@ static NTSTATUS winbindd_raw_kerberos_login(TALL= OC_CTX *mem_ctx, > > > - const char *user_ccache_file; > > > - struct PAC_LOGON_INFO *logon_info =3D NULL; > > > - struct PAC_DATA *pac_data =3D NULL; > > > -+ struct PAC_DATA_CTR *pac_data_ctr =3D NULL; > > > - const char *local_service; > > > - int i; > > > -=20 > > > -@@ -664,7 +665,7 @@ static NTSTATUS winbindd_raw_kerberos_login(TALL= OC_CTX *mem_ctx, > > > - WINBINDD_PAM_AUTH_KRB5_RENEW_TIME, > > > - NULL, > > > - local_service, > > > -- &pac_data); > > > -+ &pac_data_ctr); > > > - if (user_ccache_file !=3D NULL) { > > > - gain_root_privilege(); > > > - } > > > -@@ -675,6 +676,11 @@ static NTSTATUS winbindd_raw_kerberos_login(TAL= LOC_CTX *mem_ctx, > > > - goto failed; > > > - } > > > -=20 > > > -+ if (pac_data_ctr =3D=3D NULL) { > > > -+ goto failed; > > > -+ } > > > -+ > > > -+ pac_data =3D pac_data_ctr->pac_data; > > > - if (pac_data =3D=3D NULL) { > > > - goto failed; > > > - } > > > ---=20 > > > -1.8.5.3 > > > - > > > - > > > -From 9e01f3cbc4752539128e5452f567ff2e73c3ec9d Mon Sep 17 00:00:00 20= 01 > > > -From: =3D?UTF-8?q?G=3DC3=3DBCnther=3D20Deschner?=3D > > > -Date: Tue, 11 Mar 2014 18:14:39 +0100 > > > -Subject: [PATCH 7/8] s3-net: modify the current "net ads kerberos pa= c" > > > - command. > > > -MIME-Version: 1.0 > > > -Content-Type: text/plain; charset=3DUTF-8 > > > -Content-Transfer-Encoding: 8bit > > > - > > > -Rename it to "net ads kerberos pac dump" and add a "type=3Dnum" opti= on to allow > > > -dumping of individial pac buffer types. Ommitting type=3D or using t= ype=3D0 will > > > -dump the whole PAC structure on stdout. > > > - > > > -Guenther > > > - > > > -Signed-off-by: G=C3=BCnther Deschner > > > -Reviewed-by: Andreas Schneider > > > ---- > > > - source3/utils/net_ads.c | 115 ++++++++++++++++++++++++++++++++-----= ----------- > > > - 1 file changed, 77 insertions(+), 38 deletions(-) > > > - > > > -diff --git a/source3/utils/net_ads.c b/source3/utils/net_ads.c > > > -index 19c28b1..f54cf23 100644 > > > ---- a/source3/utils/net_ads.c > > > -+++ b/source3/utils/net_ads.c > > > -@@ -2597,27 +2597,15 @@ static int net_ads_kerberos_renew(struct net= _context *c, int argc, const char ** > > > - return ret; > > > - } > > > -=20 > > > --static int net_ads_kerberos_pac(struct net_context *c, int argc, co= nst char **argv) > > > -+static int net_ads_kerberos_pac_common(struct net_context *c, int a= rgc, const char **argv, > > > -+ struct PAC_DATA_CTR **pac_data_ctr) > > > - { > > > -- struct PAC_LOGON_INFO *info =3D NULL; > > > -- struct PAC_DATA *pac_data =3D NULL; > > > -- struct PAC_DATA_CTR *pac_data_ctr =3D NULL; > > > -- TALLOC_CTX *mem_ctx =3D NULL; > > > - NTSTATUS status; > > > - int ret =3D -1; > > > - const char *impersonate_princ_s =3D NULL; > > > - const char *local_service =3D NULL; > > > - int i; > > > -=20 > > > -- if (c->display_usage) { > > > -- d_printf( "%s\n" > > > -- "net ads kerberos pac [impersonation_principal]\n" > > > -- " %s\n", > > > -- _("Usage:"), > > > -- _("Dump the Kerberos PAC")); > > > -- return 0; > > > -- } > > > -- > > > - for (i=3D0; i > > - if (strnequal(argv[i], "impersonate", strlen("impersonate"))) { > > > - impersonate_princ_s =3D get_string_param(argv[i]); > > > -@@ -2633,13 +2621,8 @@ static int net_ads_kerberos_pac(struct net_co= ntext *c, int argc, const char **ar > > > - } > > > - } > > > -=20 > > > -- mem_ctx =3D talloc_init("net_ads_kerberos_pac"); > > > -- if (!mem_ctx) { > > > -- goto out; > > > -- } > > > -- > > > - if (local_service =3D=3D NULL) { > > > -- local_service =3D talloc_asprintf(mem_ctx, "%s$@%s", > > > -+ local_service =3D talloc_asprintf(c, "%s$@%s", > > > - lp_netbios_name(), lp_realm()); > > > - if (local_service =3D=3D NULL) { > > > - goto out; > > > -@@ -2648,7 +2631,7 @@ static int net_ads_kerberos_pac(struct net_con= text *c, int argc, const char **ar > > > -=20 > > > - c->opt_password =3D net_prompt_pass(c, c->opt_user_name); > > > -=20 > > > -- status =3D kerberos_return_pac(mem_ctx, > > > -+ status =3D kerberos_return_pac(c, > > > - c->opt_user_name, > > > - c->opt_password, > > > - 0, > > > -@@ -2660,39 +2643,95 @@ static int net_ads_kerberos_pac(struct net_c= ontext *c, int argc, const char **ar > > > - 2592000, /* one month */ > > > - impersonate_princ_s, > > > - local_service, > > > -- &pac_data_ctr); > > > -+ pac_data_ctr); > > > - if (!NT_STATUS_IS_OK(status)) { > > > - d_printf(_("failed to query kerberos PAC: %s\n"), > > > - nt_errstr(status)); > > > - goto out; > > > - } > > > -=20 > > > -- pac_data =3D pac_data_ctr->pac_data; > > > -+ ret =3D 0; > > > -+ out: > > > -+ return ret; > > > -+} > > > -=20 > > > -- for (i=3D0; i < pac_data->num_buffers; i++) { > > > -+static int net_ads_kerberos_pac_dump(struct net_context *c, int arg= c, const char **argv) > > > -+{ > > > -+ struct PAC_DATA_CTR *pac_data_ctr =3D NULL; > > > -+ int i; > > > -+ int ret =3D -1; > > > -+ enum PAC_TYPE type =3D 0; > > > -=20 > > > -- if (pac_data->buffers[i].type !=3D PAC_TYPE_LOGON_INFO) { > > > -- continue; > > > -+ if (c->display_usage) { > > > -+ d_printf( "%s\n" > > > -+ "net ads kerberos pac dump [impersonate=3Dstring] [local_serv= ice=3Dstring] [pac_buffer_type=3Dint]\n" > > > -+ " %s\n", > > > -+ _("Usage:"), > > > -+ _("Dump the Kerberos PAC")); > > > -+ return -1; > > > -+ } > > > -+ > > > -+ for (i=3D0; i > > -+ if (strnequal(argv[i], "pac_buffer_type", strlen("pac_buffer_type= "))) { > > > -+ type =3D get_int_param(argv[i]); > > > - } > > > -+ } > > > -=20 > > > -- info =3D pac_data->buffers[i].info->logon_info.info; > > > -- if (!info) { > > > -- goto out; > > > -+ ret =3D net_ads_kerberos_pac_common(c, argc, argv, &pac_data_ctr); > > > -+ if (ret) { > > > -+ return ret; > > > -+ } > > > -+ > > > -+ if (type =3D=3D 0) { > > > -+ > > > -+ char *s =3D NULL; > > > -+ > > > -+ s =3D NDR_PRINT_STRUCT_STRING(c, PAC_DATA, > > > -+ pac_data_ctr->pac_data); > > > -+ if (s !=3D NULL) { > > > -+ d_printf(_("The Pac: %s\n"), s); > > > -+ talloc_free(s); > > > - } > > > -=20 > > > -- break; > > > -+ return 0; > > > - } > > > -=20 > > > -- if (info) { > > > -- const char *s; > > > -- s =3D NDR_PRINT_STRUCT_STRING(mem_ctx, PAC_LOGON_INFO, info); > > > -- d_printf(_("The Pac: %s\n"), s); > > > -+ for (i=3D0; i < pac_data_ctr->pac_data->num_buffers; i++) { > > > -+ > > > -+ char *s =3D NULL; > > > -+ > > > -+ if (pac_data_ctr->pac_data->buffers[i].type !=3D type) { > > > -+ continue; > > > -+ } > > > -+ > > > -+ s =3D NDR_PRINT_UNION_STRING(c, PAC_INFO, type, > > > -+ pac_data_ctr->pac_data->buffers[i].info); > > > -+ if (s !=3D NULL) { > > > -+ d_printf(_("The Pac: %s\n"), s); > > > -+ talloc_free(s); > > > -+ } > > > -+ break; > > > - } > > > -=20 > > > -- ret =3D 0; > > > -- out: > > > -- TALLOC_FREE(mem_ctx); > > > -- return ret; > > > -+ return 0; > > > -+} > > > -+ > > > -+static int net_ads_kerberos_pac(struct net_context *c, int argc, co= nst char **argv) > > > -+{ > > > -+ struct functable func[] =3D { > > > -+ { > > > -+ "dump", > > > -+ net_ads_kerberos_pac_dump, > > > -+ NET_TRANSPORT_ADS, > > > -+ N_("Dump Kerberos PAC"), > > > -+ N_("net ads kerberos pac dump\n" > > > -+ " Dump a Kerberos PAC to stdout") > > > -+ }, > > > -+ > > > -+ {NULL, NULL, 0, NULL, NULL} > > > -+ }; > > > -+ > > > -+ return net_run_function(c, argc, argv, "net ads kerberos pac", fun= c); > > > - } > > > -=20 > > > - static int net_ads_kerberos_kinit(struct net_context *c, int argc, = const char **argv) > > > ---=20 > > > -1.8.5.3 > > > - > > > - > > > -From 91ceace4ee8fd141cac5dbe5282bed141c38bee7 Mon Sep 17 00:00:00 20= 01 > > > -From: =3D?UTF-8?q?G=3DC3=3DBCnther=3D20Deschner?=3D > > > -Date: Tue, 11 Mar 2014 18:16:40 +0100 > > > -Subject: [PATCH 8/8] s3-net: add a new "net ads kerberos pac save" t= ool. > > > -MIME-Version: 1.0 > > > -Content-Type: text/plain; charset=3DUTF-8 > > > -Content-Transfer-Encoding: 8bit > > > - > > > -Use "filename=3Dstring" to define a file where to save the unencrypt= ed PAC to. > > > - > > > -Guenther > > > - > > > -Signed-off-by: G=C3=BCnther Deschner > > > -Reviewed-by: Andreas Schneider > > > ---- > > > - source3/utils/net_ads.c | 52 ++++++++++++++++++++++++++++++++++++++= +++++++++++ > > > - 1 file changed, 52 insertions(+) > > > - > > > -diff --git a/source3/utils/net_ads.c b/source3/utils/net_ads.c > > > -index f54cf23..8b8e719 100644 > > > ---- a/source3/utils/net_ads.c > > > -+++ b/source3/utils/net_ads.c > > > -@@ -2716,6 +2716,50 @@ static int net_ads_kerberos_pac_dump(struct n= et_context *c, int argc, const char > > > - return 0; > > > - } > > > -=20 > > > -+static int net_ads_kerberos_pac_save(struct net_context *c, int arg= c, const char **argv) > > > -+{ > > > -+ struct PAC_DATA_CTR *pac_data_ctr =3D NULL; > > > -+ char *filename =3D NULL; > > > -+ int ret =3D -1; > > > -+ int i; > > > -+ > > > -+ if (c->display_usage) { > > > -+ d_printf( "%s\n" > > > -+ "net ads kerberos pac save [impersonate=3Dstring] [local_serv= ice=3Dstring] [filename=3Dstring]\n" > > > -+ " %s\n", > > > -+ _("Usage:"), > > > -+ _("Save the Kerberos PAC")); > > > -+ return -1; > > > -+ } > > > -+ > > > -+ for (i=3D0; i > > -+ if (strnequal(argv[i], "filename", strlen("filename"))) { > > > -+ filename =3D get_string_param(argv[i]); > > > -+ if (filename =3D=3D NULL) { > > > -+ return -1; > > > -+ } > > > -+ } > > > -+ } > > > -+ > > > -+ ret =3D net_ads_kerberos_pac_common(c, argc, argv, &pac_data_ctr); > > > -+ if (ret) { > > > -+ return ret; > > > -+ } > > > -+ > > > -+ if (filename =3D=3D NULL) { > > > -+ d_printf(_("please define \"filename=3D\" to save the P= AC\n")); > > > -+ return -1; > > > -+ } > > > -+ > > > -+ /* save the raw format */ > > > -+ if (!file_save(filename, pac_data_ctr->pac_blob.data, pac_data_ctr= ->pac_blob.length)) { > > > -+ d_printf(_("failed to save PAC in %s\n"), filename); > > > -+ return -1; > > > -+ } > > > -+ > > > -+ return 0; > > > -+} > > > -+ > > > - static int net_ads_kerberos_pac(struct net_context *c, int argc, co= nst char **argv) > > > - { > > > - struct functable func[] =3D { > > > -@@ -2727,6 +2771,14 @@ static int net_ads_kerberos_pac(struct net_co= ntext *c, int argc, const char **ar > > > - N_("net ads kerberos pac dump\n" > > > - " Dump a Kerberos PAC to stdout") > > > - }, > > > -+ { > > > -+ "save", > > > -+ net_ads_kerberos_pac_save, > > > -+ NET_TRANSPORT_ADS, > > > -+ N_("Save Kerberos PAC"), > > > -+ N_("net ads kerberos pac save\n" > > > -+ " Save a Kerberos PAC in a file") > > > -+ }, > > > -=20 > > > - {NULL, NULL, 0, NULL, NULL} > > > - }; > > > ---=20 > > > -1.8.5.3 > > > - > > > diff --git a/meta-networking/recipes-connectivity/samba/samba-4.1.12/= 04-ipv6-workaround.patch b/meta-networking/recipes-connectivity/samba/samba= -4.1.12/04-ipv6-workaround.patch > > > deleted file mode 100644 > > > index a2058f1..0000000 > > > --- a/meta-networking/recipes-connectivity/samba/samba-4.1.12/04-ipv6= -workaround.patch > > > +++ /dev/null > > > @@ -1,211 +0,0 @@ > > > -From 942dedb71437cd89932a7f39ca73d65c09aa59be Mon Sep 17 00:00:00 20= 01 > > > -From: =3D?UTF-8?q?G=3DC3=3DBCnther=3D20Deschner?=3D > > > -Date: Wed, 2 Apr 2014 19:37:34 +0200 > > > -Subject: [PATCH] s3-kerberos: make ipv6 support for generated krb5 c= onfig > > > - files more robust. > > > -MIME-Version: 1.0 > > > -Content-Type: text/plain; charset=3DUTF-8 > > > -Content-Transfer-Encoding: 8bit > > > - > > > -Older MIT Kerberos libraries will add any secondary ipv6 address as > > > -ipv4 address, defining the (default) krb5 port 88 circumvents that. > > > - > > > -Guenther > > > - > > > -Signed-off-by: G=C3=BCnther Deschner > > > ---- > > > - source3/libads/kerberos.c | 29 +++++++++++++++++++++++++++-- > > > - 1 file changed, 27 insertions(+), 2 deletions(-) > > > - > > > -diff --git a/source3/libads/kerberos.c b/source3/libads/kerberos.c > > > -index 649e568..f3c23ea 100644 > > > ---- a/source3/libads/kerberos.c > > > -+++ b/source3/libads/kerberos.c > > > -@@ -615,6 +615,31 @@ static void add_sockaddr_unique(struct sockaddr= _storage *addrs, int *num_addrs, > > > - *num_addrs +=3D 1; > > > - } > > > -=20 > > > -+/* print_canonical_sockaddr prints an ipv6 addr in the form of > > > -+* [ipv6.addr]. This string, when put in a generated krb5.conf file = is not > > > -+* always properly dealt with by some older krb5 libraries. Adding t= he hard-coded > > > -+* portnumber workarounds the issue. - gd */ > > > -+ > > > -+static char *print_canonical_sockaddr_with_port(TALLOC_CTX *mem_ctx, > > > -+ const struct sockaddr_storage *pss) > > > -+{ > > > -+ char *str =3D NULL; > > > -+ > > > -+ str =3D print_canonical_sockaddr(mem_ctx, pss); > > > -+ if (str =3D=3D NULL) { > > > -+ return NULL; > > > -+ } > > > -+ > > > -+ if (pss->ss_family !=3D AF_INET6) { > > > -+ return str; > > > -+ } > > > -+ > > > -+#if defined(HAVE_IPV6) > > > -+ str =3D talloc_asprintf_append(str, ":88"); > > > -+#endif > > > -+ return str; > > > -+} > > > -+ > > > - static char *get_kdc_ip_string(char *mem_ctx, > > > - const char *realm, > > > - const char *sitename, > > > -@@ -634,7 +659,7 @@ static char *get_kdc_ip_string(char *mem_ctx, > > > - struct netlogon_samlogon_response **responses =3D NULL; > > > - NTSTATUS status; > > > - char *kdc_str =3D talloc_asprintf(mem_ctx, "%s\tkdc =3D %s\n", "", > > > -- print_canonical_sockaddr(mem_ctx, pss)); > > > -+ print_canonical_sockaddr_with_port(mem_ctx, pss)); > > > -=20 > > > - if (kdc_str =3D=3D NULL) { > > > - TALLOC_FREE(frame); > > > -@@ -726,7 +751,7 @@ static char *get_kdc_ip_string(char *mem_ctx, > > > - /* Append to the string - inefficient but not done often. */ > > > - new_kdc_str =3D talloc_asprintf(mem_ctx, "%s\tkdc =3D %s\n", > > > - kdc_str, > > > -- print_canonical_sockaddr(mem_ctx, &dc_addrs[i])); > > > -+ print_canonical_sockaddr_with_port(mem_ctx, &dc_addrs[i]= )); > > > - if (new_kdc_str =3D=3D NULL) { > > > - goto fail; > > > - } > > > ---=20 > > > -1.9.0 > > > - > > > -From 60db71015f84dd242be889576d85ccd5c6a1f73b Mon Sep 17 00:00:00 20= 01 > > > -From: =3D?UTF-8?q?G=3DC3=3DBCnther=3D20Deschner?=3D > > > -Date: Wed, 16 Apr 2014 16:07:14 +0200 > > > -Subject: [PATCH] s3-libads: allow ads_try_connect() to re-use a reso= lved ip > > > - address. > > > -MIME-Version: 1.0 > > > -Content-Type: text/plain; charset=3DUTF-8 > > > -Content-Transfer-Encoding: 8bit > > > - > > > -Pass down a struct sockaddr_storage to ads_try_connect. > > > - > > > -Guenther > > > - > > > -Signed-off-by: G=C3=BCnther Deschner > > > -Reviewed-by: Andreas Schneider > > > - > > > -Autobuild-User(master): G=C3=BCnther Deschner > > > -Autobuild-Date(master): Thu Apr 17 19:56:16 CEST 2014 on sn-devel-104 > > > ---- > > > - source3/libads/ldap.c | 44 ++++++++++++++++++++++++++--------------= ---- > > > - 1 file changed, 26 insertions(+), 18 deletions(-) > > > - > > > -diff --git a/source3/libads/ldap.c b/source3/libads/ldap.c > > > -index d9bb8e2..8fed8fd 100644 > > > ---- a/source3/libads/ldap.c > > > -+++ b/source3/libads/ldap.c > > > -@@ -228,33 +228,27 @@ bool ads_closest_dc(ADS_STRUCT *ads) > > > - try a connection to a given ldap server, returning True and setti= ng the servers IP > > > - in the ads struct if successful > > > - */ > > > --static bool ads_try_connect(ADS_STRUCT *ads, const char *server, bo= ol gc) > > > -+static bool ads_try_connect(ADS_STRUCT *ads, bool gc, > > > -+ struct sockaddr_storage *ss) > > > - { > > > - struct NETLOGON_SAM_LOGON_RESPONSE_EX cldap_reply; > > > - TALLOC_CTX *frame =3D talloc_stackframe(); > > > - bool ret =3D false; > > > -- struct sockaddr_storage ss; > > > - char addr[INET6_ADDRSTRLEN]; > > > -=20 > > > -- if (!server || !*server) { > > > -+ if (ss =3D=3D NULL) { > > > - TALLOC_FREE(frame); > > > - return False; > > > - } > > > -=20 > > > -- if (!resolve_name(server, &ss, 0x20, true)) { > > > -- DEBUG(5,("ads_try_connect: unable to resolve name %s\n", > > > -- server )); > > > -- TALLOC_FREE(frame); > > > -- return false; > > > -- } > > > -- print_sockaddr(addr, sizeof(addr), &ss); > > > -+ print_sockaddr(addr, sizeof(addr), ss); > > > -=20 > > > - DEBUG(5,("ads_try_connect: sending CLDAP request to %s (realm: %s)= \n",=20 > > > - addr, ads->server.realm)); > > > -=20 > > > - ZERO_STRUCT( cldap_reply ); > > > -=20 > > > -- if ( !ads_cldap_netlogon_5(frame, &ss, ads->server.realm, &cldap_r= eply ) ) { > > > -+ if ( !ads_cldap_netlogon_5(frame, ss, ads->server.realm, &cldap_re= ply ) ) { > > > - DEBUG(3,("ads_try_connect: CLDAP request %s failed.\n", addr)); > > > - ret =3D false; > > > - goto out; > > > -@@ -298,7 +292,7 @@ static bool ads_try_connect(ADS_STRUCT *ads, con= st char *server, bool gc) > > > - ads->server.workgroup =3D SMB_STRDUP(cldap_reply.domain_n= ame); > > > -=20 > > > - ads->ldap.port =3D gc ? LDAP_GC_PORT : LDAP_PORT; > > > -- ads->ldap.ss =3D ss; > > > -+ ads->ldap.ss =3D *ss; > > > -=20 > > > - /* Store our site name. */ > > > - sitename_store( cldap_reply.domain_name, cldap_reply.client_site); > > > -@@ -330,6 +324,7 @@ static NTSTATUS ads_find_dc(ADS_STRUCT *ads) > > > - bool use_own_domain =3D False; > > > - char *sitename; > > > - NTSTATUS status =3D NT_STATUS_UNSUCCESSFUL; > > > -+ bool ok =3D false; > > > -=20 > > > - /* if the realm and workgroup are both empty, assume they are ours= */ > > > -=20 > > > -@@ -384,12 +379,14 @@ static NTSTATUS ads_find_dc(ADS_STRUCT *ads) > > > - DEBUG(6,("ads_find_dc: (ldap) looking for %s '%s'\n", > > > - (got_realm ? "realm" : "domain"), realm)); > > > -=20 > > > -- if (get_dc_name(domain, realm, srv_name, &ip_out)) { > > > -+ ok =3D get_dc_name(domain, realm, srv_name, &ip_out); > > > -+ if (ok) { > > > - /* > > > - * we call ads_try_connect() to fill in the > > > - * ads->config details > > > - */ > > > -- if (ads_try_connect(ads, srv_name, false)) { > > > -+ ok =3D ads_try_connect(ads, false, &ip_out); > > > -+ if (ok) { > > > - return NT_STATUS_OK; > > > - } > > > - } > > > -@@ -445,7 +442,8 @@ static NTSTATUS ads_find_dc(ADS_STRUCT *ads) > > > - } > > > - } > > > -=20 > > > -- if ( ads_try_connect(ads, server, false) ) { > > > -+ ok =3D ads_try_connect(ads, false, &ip_list[i].ss); > > > -+ if (ok) { > > > - SAFE_FREE(ip_list); > > > - SAFE_FREE(sitename); > > > - return NT_STATUS_OK; > > > -@@ -630,9 +628,19 @@ ADS_STATUS ads_connect(ADS_STRUCT *ads) > > > - TALLOC_FREE(s); > > > - } > > > -=20 > > > -- if (ads->server.ldap_server) > > > -- { > > > -- if (ads_try_connect(ads, ads->server.ldap_server, ads->server.gc)= ) { > > > -+ if (ads->server.ldap_server) { > > > -+ bool ok =3D false; > > > -+ struct sockaddr_storage ss; > > > -+ > > > -+ ok =3D resolve_name(ads->server.ldap_server, &ss, 0x20, true); > > > -+ if (!ok) { > > > -+ DEBUG(5,("ads_connect: unable to resolve name %s\n", > > > -+ ads->server.ldap_server)); > > > -+ status =3D ADS_ERROR_NT(NT_STATUS_NOT_FOUND); > > > -+ goto out; > > > -+ } > > > -+ ok =3D ads_try_connect(ads, ads->server.gc, &ss); > > > -+ if (ok) { > > > - goto got_connection; > > > - } > > > -=20 > > > ---=20 > > > -1.9.0 > > > - > > > diff --git a/meta-networking/recipes-connectivity/samba/samba-4.1.12/= 05-fix-gecos-field-with-samlogon.patch b/meta-networking/recipes-connectivi= ty/samba/samba-4.1.12/05-fix-gecos-field-with-samlogon.patch > > > deleted file mode 100644 > > > index c1dfc06..0000000 > > > --- a/meta-networking/recipes-connectivity/samba/samba-4.1.12/05-fix-= gecos-field-with-samlogon.patch > > > +++ /dev/null > > > @@ -1,29894 +0,0 @@ > > > -From 538f62edb2cc4c17204620d8a9b3075c7453422b Mon Sep 17 00:00:00 20= 01 > > > -From: Andreas Schneider > > > -Date: Thu, 4 Sep 2014 12:55:53 +0200 > > > -Subject: [PATCH 002/249] selftest: Fix selftest where pid is used > > > - uninitialized. > > > - > > > -On my system this gets evaluated to 0 so in the end we detect samba = to > > > -be running cause $childpid is set to 0. > > > - > > > -BUG: https://bugzilla.samba.org/show_bug.cgi?id=3D10793 > > > - > > > -Signed-off-by: Andreas Schneider > > > -Reviewed-by: Stefan Metzmacher > > > - > > > -Autobuild-User(master): Andreas Schneider > > > -Autobuild-Date(master): Thu Sep 4 17:09:17 CEST 2014 on sn-devel-104 > > > - > > > -(cherry picked from commit 6d2f56dbaf84203b351f33179cc3feaf557e0683) > > > -Signed-off-by: Andreas Schneider > > > - > > > -Autobuild-User(v4-1-test): Karolin Seeger > > > -Autobuild-Date(v4-1-test): Mon Sep 8 23:19:29 CEST 2014 on sn-devel= -104 > > > ---- > > > - selftest/target/Samba.pm | 7 ++++++- > > > - 1 file changed, 6 insertions(+), 1 deletion(-) > > > - > > > -diff --git a/selftest/target/Samba.pm b/selftest/target/Samba.pm > > > -index ab3851f..b0817fd 100644 > > > ---- a/selftest/target/Samba.pm > > > -+++ b/selftest/target/Samba.pm > > > -@@ -188,7 +188,12 @@ sub get_interface($) > > > - sub cleanup_child($$) > > > - { > > > - my ($pid, $name) =3D @_; > > > -- my $childpid =3D waitpid($pid, WNOHANG); > > > -+ my $childpid =3D -1; > > > -+ > > > -+ if (defined($pid)) { > > > -+ $childpid =3D waitpid($pid, WNOHANG); > > > -+ } > > > -+ > > > - if ($childpid =3D=3D 0) { > > > - } elsif ($childpid < 0) { > > > - printf STDERR "%s child process %d isn't here any more\n", > > > ---=20 > > > -1.9.3 > > > - > > > - > > > -From a14c0878c232dcf674008444f80dc0e5d8aada09 Mon Sep 17 00:00:00 20= 01 > > > -From: Stefan Metzmacher > > > -Date: Wed, 31 Jul 2013 12:33:25 +0200 > > > -Subject: [PATCH 003/249] auth/credentials: remove pointless talloc_r= eference() > > > - from cli_credentials_get_unparsed_name() > > > - > > > -Signed-off-by: Stefan Metzmacher > > > - > > > -Reviewed-by: Andrew Bartlett > > > -(cherry picked from commit 953502925863377b5e566edff4ac68c63e8d151f) > > > ---- > > > - auth/credentials/credentials.c | 2 +- > > > - 1 file changed, 1 insertion(+), 1 deletion(-) > > > - > > > -diff --git a/auth/credentials/credentials.c b/auth/credentials/crede= ntials.c > > > -index e636123..e597809 100644 > > > ---- a/auth/credentials/credentials.c > > > -+++ b/auth/credentials/credentials.c > > > -@@ -669,7 +669,7 @@ _PUBLIC_ const char *cli_credentials_get_unparse= d_name(struct cli_credentials *c > > > - const char *name; > > > -=20 > > > - if (bind_dn) { > > > -- name =3D talloc_reference(mem_ctx, bind_dn); > > > -+ name =3D talloc_strdup(mem_ctx, bind_dn); > > > - } else { > > > - cli_credentials_get_ntlm_username_domain(credentials, mem_ctx, &u= sername, &domain); > > > - if (domain && domain[0]) { > > > ---=20 > > > -1.9.3 > > > - > > > - > > > -From a9bbf2e55d56b9d2cec944ee32a127fc72e6ce6a Mon Sep 17 00:00:00 20= 01 > > > -From: Stefan Metzmacher > > > -Date: Wed, 31 Jul 2013 12:33:25 +0200 > > > -Subject: [PATCH 004/249] auth/credentials: remove pointless talloc_r= eference() > > > - from cli_credentials_get_principal_and_obtained() > > > - > > > -Signed-off-by: Stefan Metzmacher > > > - > > > -Reviewed-by: Andrew Bartlett > > > -(cherry picked from commit b8f09226458dc13cf901f481ede89d8a6bb94ba7) > > > ---- > > > - auth/credentials/credentials.c | 2 +- > > > - 1 file changed, 1 insertion(+), 1 deletion(-) > > > - > > > -diff --git a/auth/credentials/credentials.c b/auth/credentials/crede= ntials.c > > > -index e597809..7a4b081 100644 > > > ---- a/auth/credentials/credentials.c > > > -+++ b/auth/credentials/credentials.c > > > -@@ -267,7 +267,7 @@ _PUBLIC_ const char *cli_credentials_get_princip= al_and_obtained(struct cli_crede > > > - } > > > - } > > > - *obtained =3D cred->principal_obtained; > > > -- return talloc_reference(mem_ctx, cred->principal); > > > -+ return talloc_strdup(mem_ctx, cred->principal); > > > - } > > > -=20 > > > - /** > > > ---=20 > > > -1.9.3 > > > - > > > - > > > -From 5df785eba8389be9129984c6c5a1e59487685938 Mon Sep 17 00:00:00 20= 01 > > > -From: Stefan Metzmacher > > > -Date: Wed, 31 Jul 2013 12:52:17 +0200 > > > -Subject: [PATCH 005/249] auth/credentials: add > > > - cli_credentials_[set_]callback_data* > > > - > > > -Signed-off-by: Stefan Metzmacher > > > - > > > -Reviewed-by: Andrew Bartlett > > > -(cherry picked from commit 6ff6778bdc60f1cd4d52cba83bd47d3398fe5a20) > > > ---- > > > - auth/credentials/credentials.c | 11 +++++++++++ > > > - auth/credentials/credentials.h | 8 ++++++++ > > > - 2 files changed, 19 insertions(+) > > > - > > > -diff --git a/auth/credentials/credentials.c b/auth/credentials/crede= ntials.c > > > -index 7a4b081..e6a4710 100644 > > > ---- a/auth/credentials/credentials.c > > > -+++ b/auth/credentials/credentials.c > > > -@@ -114,6 +114,17 @@ _PUBLIC_ struct cli_credentials *cli_credential= s_init(TALLOC_CTX *mem_ctx) > > > - return cred; > > > - } > > > -=20 > > > -+_PUBLIC_ void cli_credentials_set_callback_data(struct cli_credenti= als *cred, > > > -+ void *callback_data) > > > -+{ > > > -+ cred->priv_data =3D callback_data; > > > -+} > > > -+ > > > -+_PUBLIC_ void *_cli_credentials_callback_data(struct cli_credential= s *cred) > > > -+{ > > > -+ return cred->priv_data; > > > -+} > > > -+ > > > - /** > > > - * Create a new anonymous credential > > > - * @param mem_ctx TALLOC_CTX parent for credentials structure=20 > > > -diff --git a/auth/credentials/credentials.h b/auth/credentials/crede= ntials.h > > > -index dbc014f..0f498ad 100644 > > > ---- a/auth/credentials/credentials.h > > > -+++ b/auth/credentials/credentials.h > > > -@@ -332,6 +332,14 @@ bool cli_credentials_set_realm_callback(struct = cli_credentials *cred, > > > - bool cli_credentials_set_workstation_callback(struct cli_credential= s *cred, > > > - const char *(*workstation_cb) (struct cli_credentials *)= ); > > > -=20 > > > -+void cli_credentials_set_callback_data(struct cli_credentials *cred, > > > -+ void *callback_data); > > > -+void *_cli_credentials_callback_data(struct cli_credentials *cred); > > > -+#define cli_credentials_callback_data(_cred, _type) \ > > > -+ talloc_get_type_abort(_cli_credentials_callback_data(_cred), _type) > > > -+#define cli_credentials_callback_data_void(_cred) \ > > > -+ _cli_credentials_callback_data(_cred) > > > -+ > > > - /** > > > - * Return attached NETLOGON credentials=20 > > > - */ > > > ---=20 > > > -1.9.3 > > > - > > > - > > > -From 8fd0244ac8fe4998a0931bc9d51b9dfbb182a2e1 Mon Sep 17 00:00:00 20= 01 > > > -From: Stefan Metzmacher > > > -Date: Wed, 31 Jul 2013 13:21:14 +0200 > > > -Subject: [PATCH 006/249] auth/credentials: add cli_credentials_shall= ow_copy() > > > - > > > -This is useful for testing. > > > - > > > -Signed-off-by: Stefan Metzmacher > > > - > > > -Reviewed-by: Andrew Bartlett > > > -(cherry picked from commit b3cd44d50cff99fa77611679d68d2d57434fefa4) > > > ---- > > > - auth/credentials/credentials.c | 15 +++++++++++++++ > > > - auth/credentials/credentials.h | 3 +++ > > > - 2 files changed, 18 insertions(+) > > > - > > > -diff --git a/auth/credentials/credentials.c b/auth/credentials/crede= ntials.c > > > -index e6a4710..c1c6993 100644 > > > ---- a/auth/credentials/credentials.c > > > -+++ b/auth/credentials/credentials.c > > > -@@ -125,6 +125,21 @@ _PUBLIC_ void *_cli_credentials_callback_data(s= truct cli_credentials *cred) > > > - return cred->priv_data; > > > - } > > > -=20 > > > -+_PUBLIC_ struct cli_credentials *cli_credentials_shallow_copy(TALLO= C_CTX *mem_ctx, > > > -+ struct cli_credentials *src) > > > -+{ > > > -+ struct cli_credentials *dst; > > > -+ > > > -+ dst =3D talloc(mem_ctx, struct cli_credentials); > > > -+ if (dst =3D=3D NULL) { > > > -+ return NULL; > > > -+ } > > > -+ > > > -+ *dst =3D *src; > > > -+ > > > -+ return dst; > > > -+} > > > -+ > > > - /** > > > - * Create a new anonymous credential > > > - * @param mem_ctx TALLOC_CTX parent for credentials structure=20 > > > -diff --git a/auth/credentials/credentials.h b/auth/credentials/crede= ntials.h > > > -index 0f498ad..1377bfa 100644 > > > ---- a/auth/credentials/credentials.h > > > -+++ b/auth/credentials/credentials.h > > > -@@ -340,6 +340,9 @@ void *_cli_credentials_callback_data(struct cli_= credentials *cred); > > > - #define cli_credentials_callback_data_void(_cred) \ > > > - _cli_credentials_callback_data(_cred) > > > -=20 > > > -+struct cli_credentials *cli_credentials_shallow_copy(TALLOC_CTX *me= m_ctx, > > > -+ struct cli_credentials *src); > > > -+ > > > - /** > > > - * Return attached NETLOGON credentials=20 > > > - */ > > > ---=20 > > > -1.9.3 > > > - > > > - > > > -From 52e4028da5db90ce3ee410997ea3464374fec46b Mon Sep 17 00:00:00 20= 01 > > > -From: Stefan Metzmacher > > > -Date: Wed, 31 Jul 2013 13:20:13 +0200 > > > -Subject: [PATCH 007/249] s3:ntlm_auth: remove pointless credentials-= >priv_data > > > - =3D NULL; > > > - > > > -Signed-off-by: Stefan Metzmacher > > > - > > > -Reviewed-by: Andrew Bartlett > > > -(cherry picked from commit cfeeb3ce3de5d1df07299fb83327ae258da0bf8d) > > > ---- > > > - source3/utils/ntlm_auth.c | 1 - > > > - 1 file changed, 1 deletion(-) > > > - > > > -diff --git a/source3/utils/ntlm_auth.c b/source3/utils/ntlm_auth.c > > > -index b3bbaa4..a5e0cd2 100644 > > > ---- a/source3/utils/ntlm_auth.c > > > -+++ b/source3/utils/ntlm_auth.c > > > -@@ -228,7 +228,6 @@ static const char *get_password(struct cli_crede= ntials *credentials) > > > -=20 > > > - /* Ask for a password */ > > > - x_fprintf(x_stdout, "PW\n"); > > > -- credentials->priv_data =3D NULL; > > > -=20 > > > - manage_squid_request(NUM_HELPER_MODES /* bogus */, NULL, NULL, man= age_gensec_get_pw_request, (void **)&password); > > > - talloc_steal(credentials, password); > > > ---=20 > > > -1.9.3 > > > - > > > - > > > -From bdfb13b91ce8961caeb98b01a75893895e8d484a Mon Sep 17 00:00:00 20= 01 > > > -From: Stefan Metzmacher > > > -Date: Wed, 31 Jul 2013 13:22:10 +0200 > > > -Subject: [PATCH 008/249] s4:torture/shell: simplify > > > - cli_credentials_set_password() call > > > - > > > -All we want is to avoid a possible callback... > > > - > > > -Signed-off-by: Stefan Metzmacher > > > - > > > -Reviewed-by: Andrew Bartlett > > > -(cherry picked from commit 36b3c9506c1ac5549a38140e7ffd57644290069f) > > > ---- > > > - source4/torture/shell.c | 5 +---- > > > - 1 file changed, 1 insertion(+), 4 deletions(-) > > > - > > > -diff --git a/source4/torture/shell.c b/source4/torture/shell.c > > > -index d6cc94c..aa85da3 100644 > > > ---- a/source4/torture/shell.c > > > -+++ b/source4/torture/shell.c > > > -@@ -110,10 +110,7 @@ void torture_shell(struct torture_context *tctx) > > > - * stops the credentials system prompting when we use the "auth" > > > - * command to display the current auth parameters. > > > - */ > > > -- if (cmdline_credentials->password_obtained !=3D CRED_SPECIFIED) { > > > -- cli_credentials_set_password(cmdline_credentials, "", > > > -- CRED_SPECIFIED); > > > -- } > > > -+ cli_credentials_set_password(cmdline_credentials, "", CRED_GUESS_E= NV); > > > -=20 > > > - while (1) { > > > - cline =3D smb_readline("torture> ", NULL, NULL); > > > ---=20 > > > -1.9.3 > > > - > > > - > > > -From 91c0d6a26823f3057357c6b31bf1f686e5ed0f5e Mon Sep 17 00:00:00 20= 01 > > > -From: Stefan Metzmacher > > > -Date: Wed, 31 Jul 2013 13:23:08 +0200 > > > -Subject: [PATCH 009/249] s4:torture/gentest: make use of > > > - cli_credentials_get_username() > > > - > > > -Signed-off-by: Stefan Metzmacher > > > - > > > -Reviewed-by: Andrew Bartlett > > > -(cherry picked from commit d36fcaa5f3c4d1ad54d767f4a7c5fa6c8d69c00e) > > > ---- > > > - source4/torture/gentest.c | 3 ++- > > > - 1 file changed, 2 insertions(+), 1 deletion(-) > > > - > > > -diff --git a/source4/torture/gentest.c b/source4/torture/gentest.c > > > -index 91b60e2..586a25b 100644 > > > ---- a/source4/torture/gentest.c > > > -+++ b/source4/torture/gentest.c > > > -@@ -221,7 +221,8 @@ static bool connect_servers(struct tevent_contex= t *ev, > > > -=20 > > > - printf("Connecting to \\\\%s\\%s as %s - instance %d\n", > > > - servers[i].server_name, servers[i].share_name,=20 > > > -- servers[i].credentials->username, j); > > > -+ cli_credentials_get_username(servers[i].credentials), > > > -+ j); > > > -=20 > > > - cli_credentials_set_workstation(servers[i].credentials,=20 > > > - "gentest", CRED_SPECIFIED); > > > ---=20 > > > -1.9.3 > > > - > > > - > > > -From 9687534ac54b732f73c3f4758055a278eaa0cbb2 Mon Sep 17 00:00:00 20= 01 > > > -From: Stefan Metzmacher > > > -Date: Wed, 31 Jul 2013 13:23:41 +0200 > > > -Subject: [PATCH 010/249] s4:torture/rpc: make use of > > > - cli_credentials_set_netlogon_creds() > > > - > > > -Signed-off-by: Stefan Metzmacher > > > - > > > -Reviewed-by: Andrew Bartlett > > > -(cherry picked from commit d47bf469b8a9064f4f7033918b1fe519adfa0c26) > > > ---- > > > - source4/torture/rpc/schannel.c | 36 ++++++++++++++++---------------= ----- > > > - 1 file changed, 16 insertions(+), 20 deletions(-) > > > - > > > -diff --git a/source4/torture/rpc/schannel.c b/source4/torture/rpc/sc= hannel.c > > > -index e0862d2..8203749 100644 > > > ---- a/source4/torture/rpc/schannel.c > > > -+++ b/source4/torture/rpc/schannel.c > > > -@@ -604,9 +604,9 @@ bool torture_rpc_schannel2(struct torture_contex= t *torture) > > > - torture_assert(torture, join_ctx !=3D NULL, > > > - "Failed to join domain with acct_flags=3DACB_WSTRUST"); > > > -=20 > > > -- credentials2 =3D (struct cli_credentials *)talloc_memdup(torture, = credentials1, sizeof(*credentials1)); > > > -- credentials1->netlogon_creds =3D NULL; > > > -- credentials2->netlogon_creds =3D NULL; > > > -+ credentials2 =3D cli_credentials_shallow_copy(torture, credentials= 1); > > > -+ cli_credentials_set_netlogon_creds(credentials1, NULL); > > > -+ cli_credentials_set_netlogon_creds(credentials2, NULL); > > > -=20 > > > - status =3D dcerpc_parse_binding(torture, binding, &b); > > > - torture_assert_ntstatus_ok(torture, status, "Bad binding string"); > > > -@@ -624,8 +624,8 @@ bool torture_rpc_schannel2(struct torture_contex= t *torture) > > > - credentials2, torture->ev, torture->lp_ctx); > > > - torture_assert_ntstatus_ok(torture, status, "Failed to connect wit= h schannel"); > > > -=20 > > > -- credentials1->netlogon_creds =3D NULL; > > > -- credentials2->netlogon_creds =3D NULL; > > > -+ cli_credentials_set_netlogon_creds(credentials1, NULL); > > > -+ cli_credentials_set_netlogon_creds(credentials2, NULL); > > > -=20 > > > - torture_comment(torture, "Testing logon on pipe1\n"); > > > - if (!test_netlogon_ex_ops(p1, torture, credentials1, NULL)) > > > -@@ -827,16 +827,12 @@ bool torture_rpc_schannel_bench1(struct tortur= e_context *torture) > > > - s->nprocs =3D torture_setting_int(torture, "nprocs", 4); > > > - s->conns =3D talloc_zero_array(s, struct torture_schannel_bench_co= nn, s->nprocs); > > > -=20 > > > -- s->user1_creds =3D (struct cli_credentials *)talloc_memdup(s, > > > -- cmdline_credentials, > > > -- sizeof(*s->user1_creds)); > > > -+ s->user1_creds =3D cli_credentials_shallow_copy(s, cmdline_credent= ials); > > > - tmp =3D torture_setting_string(s->tctx, "extra_user1", NULL); > > > - if (tmp) { > > > - cli_credentials_parse_string(s->user1_creds, tmp, CRED_SPECIFIED); > > > - } > > > -- s->user2_creds =3D (struct cli_credentials *)talloc_memdup(s, > > > -- cmdline_credentials, > > > -- sizeof(*s->user1_creds)); > > > -+ s->user2_creds =3D cli_credentials_shallow_copy(s, cmdline_credent= ials); > > > - tmp =3D torture_setting_string(s->tctx, "extra_user2", NULL); > > > - if (tmp) { > > > - cli_credentials_parse_string(s->user1_creds, tmp, CRED_SPECIFIED); > > > -@@ -855,15 +851,16 @@ bool torture_rpc_schannel_bench1(struct tortur= e_context *torture) > > > - cli_credentials_set_kerberos_state(s->wks_creds2, CRED_DONT_USE_KE= RBEROS); > > > -=20 > > > - for (i=3D0; i < s->nprocs; i++) { > > > -- s->conns[i].s =3D s; > > > -- s->conns[i].index =3D i; > > > -- s->conns[i].wks_creds =3D (struct cli_credentials *)talloc_memdup( > > > -- s->conns, s->wks_creds1,sizeof(*s->wks_creds1)); > > > -+ struct cli_credentials *wks =3D s->wks_creds1; > > > -+ > > > - if ((i % 2) && (torture_setting_bool(torture, "multijoin", false)= )) { > > > -- memcpy(s->conns[i].wks_creds, s->wks_creds2, > > > -- talloc_get_size(s->conns[i].wks_creds)); > > > -+ wks =3D s->wks_creds2; > > > - } > > > -- s->conns[i].wks_creds->netlogon_creds =3D NULL; > > > -+ > > > -+ s->conns[i].s =3D s; > > > -+ s->conns[i].index =3D i; > > > -+ s->conns[i].wks_creds =3D cli_credentials_shallow_copy(s->conns, = wks); > > > -+ cli_credentials_set_netlogon_creds(s->conns[i].wks_creds, NULL); > > > - } > > > -=20 > > > - status =3D dcerpc_parse_binding(s, binding, &s->b); > > > -@@ -962,8 +959,7 @@ bool torture_rpc_schannel_bench1(struct torture_= context *torture) > > > -=20 > > > - /* Just as a test, connect with the new creds */ > > > -=20 > > > -- talloc_free(s->wks_creds1->netlogon_creds); > > > -- s->wks_creds1->netlogon_creds =3D NULL; > > > -+ cli_credentials_set_netlogon_creds(s->wks_creds1, NULL); > > > -=20 > > > - status =3D dcerpc_pipe_connect_b(s, &net_pipe, s->b, > > > - &ndr_table_netlogon, > > > ---=20 > > > -1.9.3 > > > - > > > - > > > -From de6c67e98d94d003f36fef5472b8133c578b3c01 Mon Sep 17 00:00:00 20= 01 > > > -From: Stefan Metzmacher > > > -Date: Wed, 31 Jul 2013 13:24:21 +0200 > > > -Subject: [PATCH 011/249] s4:ntlm_auth: make use of > > > - cli_credentials_[set_]callback_data* > > > - > > > -Signed-off-by: Stefan Metzmacher > > > - > > > -Reviewed-by: Andrew Bartlett > > > -(cherry picked from commit bbd63dd8a17468d3e332969a30c06e2b2f1540fc) > > > ---- > > > - source4/utils/ntlm_auth.c | 10 ++++++---- > > > - 1 file changed, 6 insertions(+), 4 deletions(-) > > > - > > > -diff --git a/source4/utils/ntlm_auth.c b/source4/utils/ntlm_auth.c > > > -index c363c9d..136e238 100644 > > > ---- a/source4/utils/ntlm_auth.c > > > -+++ b/source4/utils/ntlm_auth.c > > > -@@ -299,10 +299,11 @@ static void manage_gensec_get_pw_request(enum = stdio_helper_mode stdio_helper_mod > > > - static const char *get_password(struct cli_credentials *credentials= )=20 > > > - { > > > - char *password =3D NULL; > > > --=09 > > > -+ void *cb =3D cli_credentials_callback_data_void(credentials); > > > -+ > > > - /* Ask for a password */ > > > -- mux_printf((unsigned int)(uintptr_t)credentials->priv_data, "PW\n"= ); > > > -- credentials->priv_data =3D NULL; > > > -+ mux_printf((unsigned int)(uintptr_t)cb, "PW\n"); > > > -+ cli_credentials_set_callback_data(credentials, NULL); > > > -=20 > > > - manage_squid_request(cmdline_lp_ctx, NUM_HELPER_MODES /* bogus */,= manage_gensec_get_pw_request, (void **)&password); > > > - return password; > > > -@@ -505,8 +506,9 @@ static void manage_gensec_request(enum stdio_hel= per_mode stdio_helper_mode, > > > - if (state->set_password) { > > > - cli_credentials_set_password(creds, state->set_password, CRED_SP= ECIFIED); > > > - } else { > > > -+ void *cb =3D (void*)(uintptr_t)mux_id; > > > -+ cli_credentials_set_callback_data(creds, cb); > > > - cli_credentials_set_password_callback(creds, get_password); > > > -- creds->priv_data =3D (void*)(uintptr_t)mux_id; > > > - } > > > - if (opt_workstation) { > > > - cli_credentials_set_workstation(creds, opt_workstation, CRED_SPE= CIFIED); > > > ---=20 > > > -1.9.3 > > > - > > > - > > > -From 80c611a2b424e4e4a7e6de7ed6b9368bff0d9afb Mon Sep 17 00:00:00 20= 01 > > > -From: Stefan Metzmacher > > > -Date: Wed, 31 Jul 2013 12:41:40 +0200 > > > -Subject: [PATCH 012/249] auth/credentials: keep cli_credentials priv= ate > > > - > > > -Signed-off-by: Stefan Metzmacher > > > - > > > -Reviewed-by: Andrew Bartlett > > > -(cherry picked from commit 9325bd9cb6bb942ea989f4e32799c76ea8af3d3e) > > > ---- > > > - auth/credentials/credentials.c | 1 + > > > - auth/credentials/credentials.h | 101 +++------------------= ------- > > > - auth/credentials/credentials_internal.h | 114 +++++++++++++++++++++= +++++++++++ > > > - auth/credentials/credentials_krb5.c | 1 + > > > - auth/credentials/credentials_ntlm.c | 1 + > > > - auth/credentials/credentials_secrets.c | 1 + > > > - 6 files changed, 126 insertions(+), 93 deletions(-) > > > - create mode 100644 auth/credentials/credentials_internal.h > > > - > > > -diff --git a/auth/credentials/credentials.c b/auth/credentials/crede= ntials.c > > > -index c1c6993..f334465 100644 > > > ---- a/auth/credentials/credentials.c > > > -+++ b/auth/credentials/credentials.c > > > -@@ -24,6 +24,7 @@ > > > - #include "includes.h" > > > - #include "librpc/gen_ndr/samr.h" /* for struct samrPassword */ > > > - #include "auth/credentials/credentials.h" > > > -+#include "auth/credentials/credentials_internal.h" > > > - #include "libcli/auth/libcli_auth.h" > > > - #include "tevent.h" > > > - #include "param/param.h" > > > -diff --git a/auth/credentials/credentials.h b/auth/credentials/crede= ntials.h > > > -index 1377bfa..cb09dc3 100644 > > > ---- a/auth/credentials/credentials.h > > > -+++ b/auth/credentials/credentials.h > > > -@@ -25,9 +25,17 @@ > > > - #include "../lib/util/data_blob.h" > > > - #include "librpc/gen_ndr/misc.h" > > > -=20 > > > -+struct cli_credentials; > > > - struct ccache_container; > > > - struct tevent_context; > > > - struct netlogon_creds_CredentialState; > > > -+struct ldb_context; > > > -+struct ldb_message; > > > -+struct loadparm_context; > > > -+struct ccache_container; > > > -+struct gssapi_creds_container; > > > -+struct smb_krb5_context; > > > -+struct keytab_container; > > > -=20 > > > - /* In order of priority */ > > > - enum credentials_obtained {=20 > > > -@@ -57,99 +65,6 @@ enum credentials_krb_forwardable { > > > - #define CLI_CRED_NTLM_AUTH 0x08 > > > - #define CLI_CRED_CLEAR_AUTH 0x10 /* TODO: Push cleartext auth w= ith this flag */ > > > -=20 > > > --struct cli_credentials { > > > -- enum credentials_obtained workstation_obtained; > > > -- enum credentials_obtained username_obtained; > > > -- enum credentials_obtained password_obtained; > > > -- enum credentials_obtained domain_obtained; > > > -- enum credentials_obtained realm_obtained; > > > -- enum credentials_obtained ccache_obtained; > > > -- enum credentials_obtained client_gss_creds_obtained; > > > -- enum credentials_obtained principal_obtained; > > > -- enum credentials_obtained keytab_obtained; > > > -- enum credentials_obtained server_gss_creds_obtained; > > > -- > > > -- /* Threshold values (essentially a MAX() over a number of the > > > -- * above) for the ccache and GSS credentials, to ensure we > > > -- * regenerate/pick correctly */ > > > -- > > > -- enum credentials_obtained ccache_threshold; > > > -- enum credentials_obtained client_gss_creds_threshold; > > > -- > > > -- const char *workstation; > > > -- const char *username; > > > -- const char *password; > > > -- const char *old_password; > > > -- const char *domain; > > > -- const char *realm; > > > -- const char *principal; > > > -- char *salt_principal; > > > -- char *impersonate_principal; > > > -- char *self_service; > > > -- char *target_service; > > > -- > > > -- const char *bind_dn; > > > -- > > > -- /* Allows authentication from a keytab or similar */ > > > -- struct samr_Password *nt_hash; > > > -- > > > -- /* Allows NTLM pass-though authentication */ > > > -- DATA_BLOB lm_response; > > > -- DATA_BLOB nt_response; > > > -- > > > -- struct ccache_container *ccache; > > > -- struct gssapi_creds_container *client_gss_creds; > > > -- struct keytab_container *keytab; > > > -- struct gssapi_creds_container *server_gss_creds; > > > -- > > > -- const char *(*workstation_cb) (struct cli_credentials *); > > > -- const char *(*password_cb) (struct cli_credentials *); > > > -- const char *(*username_cb) (struct cli_credentials *); > > > -- const char *(*domain_cb) (struct cli_credentials *); > > > -- const char *(*realm_cb) (struct cli_credentials *); > > > -- const char *(*principal_cb) (struct cli_credentials *); > > > -- > > > -- /* Private handle for the callback routines to use */ > > > -- void *priv_data; > > > -- > > > -- struct netlogon_creds_CredentialState *netlogon_creds; > > > -- enum netr_SchannelType secure_channel_type; > > > -- int kvno; > > > -- time_t password_last_changed_time; > > > -- > > > -- struct smb_krb5_context *smb_krb5_context; > > > -- > > > -- /* We are flagged to get machine account details from the > > > -- * secrets.ldb when we are asked for a username or password */ > > > -- bool machine_account_pending; > > > -- struct loadparm_context *machine_account_pending_lp_ctx; > > > --=09 > > > -- /* Is this a machine account? */ > > > -- bool machine_account; > > > -- > > > -- /* Should we be trying to use kerberos? */ > > > -- enum credentials_use_kerberos use_kerberos; > > > -- > > > -- /* Should we get a forwardable ticket? */ > > > -- enum credentials_krb_forwardable krb_forwardable; > > > -- > > > -- /* gensec features which should be used for connections */ > > > -- uint32_t gensec_features; > > > -- > > > -- /* Number of retries left before bailing out */ > > > -- int tries; > > > -- > > > -- /* Whether any callback is currently running */ > > > -- bool callback_running; > > > --}; > > > -- > > > --struct ldb_context; > > > --struct ldb_message; > > > --struct loadparm_context; > > > --struct ccache_container; > > > -- > > > --struct gssapi_creds_container; > > > -- > > > - const char *cli_credentials_get_workstation(struct cli_credentials = *cred); > > > - bool cli_credentials_set_workstation(struct cli_credentials *cred,= =20 > > > - const char *val,=20 > > > -diff --git a/auth/credentials/credentials_internal.h b/auth/credenti= als/credentials_internal.h > > > -new file mode 100644 > > > -index 0000000..5a3655b > > > ---- /dev/null > > > -+++ b/auth/credentials/credentials_internal.h > > > -@@ -0,0 +1,114 @@ > > > -+/* > > > -+ samba -- Unix SMB/CIFS implementation. > > > -+ > > > -+ Client credentials structure > > > -+ > > > -+ Copyright (C) Jelmer Vernooij 2004-2006 > > > -+ Copyright (C) Andrew Bartlett 2005 > > > -+ > > > -+ This program is free software; you can redistribute it and/or mo= dify > > > -+ it under the terms of the GNU General Public License as publishe= d by > > > -+ the Free Software Foundation; either version 3 of the License, or > > > -+ (at your option) any later version. > > > -+ > > > -+ This program is distributed in the hope that it will be useful, > > > -+ but WITHOUT ANY WARRANTY; without even the implied warranty of > > > -+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the > > > -+ GNU General Public License for more details. > > > -+ > > > -+ You should have received a copy of the GNU General Public License > > > -+ along with this program. If not, see . > > > -+*/ > > > -+#ifndef __CREDENTIALS_INTERNAL_H__ > > > -+#define __CREDENTIALS_INTERNAL_H__ > > > -+ > > > -+#include "../lib/util/data_blob.h" > > > -+#include "librpc/gen_ndr/misc.h" > > > -+ > > > -+struct cli_credentials { > > > -+ enum credentials_obtained workstation_obtained; > > > -+ enum credentials_obtained username_obtained; > > > -+ enum credentials_obtained password_obtained; > > > -+ enum credentials_obtained domain_obtained; > > > -+ enum credentials_obtained realm_obtained; > > > -+ enum credentials_obtained ccache_obtained; > > > -+ enum credentials_obtained client_gss_creds_obtained; > > > -+ enum credentials_obtained principal_obtained; > > > -+ enum credentials_obtained keytab_obtained; > > > -+ enum credentials_obtained server_gss_creds_obtained; > > > -+ > > > -+ /* Threshold values (essentially a MAX() over a number of the > > > -+ * above) for the ccache and GSS credentials, to ensure we > > > -+ * regenerate/pick correctly */ > > > -+ > > > -+ enum credentials_obtained ccache_threshold; > > > -+ enum credentials_obtained client_gss_creds_threshold; > > > -+ > > > -+ const char *workstation; > > > -+ const char *username; > > > -+ const char *password; > > > -+ const char *old_password; > > > -+ const char *domain; > > > -+ const char *realm; > > > -+ const char *principal; > > > -+ char *salt_principal; > > > -+ char *impersonate_principal; > > > -+ char *self_service; > > > -+ char *target_service; > > > -+ > > > -+ const char *bind_dn; > > > -+ > > > -+ /* Allows authentication from a keytab or similar */ > > > -+ struct samr_Password *nt_hash; > > > -+ > > > -+ /* Allows NTLM pass-though authentication */ > > > -+ DATA_BLOB lm_response; > > > -+ DATA_BLOB nt_response; > > > -+ > > > -+ struct ccache_container *ccache; > > > -+ struct gssapi_creds_container *client_gss_creds; > > > -+ struct keytab_container *keytab; > > > -+ struct gssapi_creds_container *server_gss_creds; > > > -+ > > > -+ const char *(*workstation_cb) (struct cli_credentials *); > > > -+ const char *(*password_cb) (struct cli_credentials *); > > > -+ const char *(*username_cb) (struct cli_credentials *); > > > -+ const char *(*domain_cb) (struct cli_credentials *); > > > -+ const char *(*realm_cb) (struct cli_credentials *); > > > -+ const char *(*principal_cb) (struct cli_credentials *); > > > -+ > > > -+ /* Private handle for the callback routines to use */ > > > -+ void *priv_data; > > > -+ > > > -+ struct netlogon_creds_CredentialState *netlogon_creds; > > > -+ enum netr_SchannelType secure_channel_type; > > > -+ int kvno; > > > -+ time_t password_last_changed_time; > > > -+ > > > -+ struct smb_krb5_context *smb_krb5_context; > > > -+ > > > -+ /* We are flagged to get machine account details from the > > > -+ * secrets.ldb when we are asked for a username or password */ > > > -+ bool machine_account_pending; > > > -+ struct loadparm_context *machine_account_pending_lp_ctx; > > > -+ > > > -+ /* Is this a machine account? */ > > > -+ bool machine_account; > > > -+ > > > -+ /* Should we be trying to use kerberos? */ > > > -+ enum credentials_use_kerberos use_kerberos; > > > -+ > > > -+ /* Should we get a forwardable ticket? */ > > > -+ enum credentials_krb_forwardable krb_forwardable; > > > -+ > > > -+ /* gensec features which should be used for connections */ > > > -+ uint32_t gensec_features; > > > -+ > > > -+ /* Number of retries left before bailing out */ > > > -+ int tries; > > > -+ > > > -+ /* Whether any callback is currently running */ > > > -+ bool callback_running; > > > -+}; > > > -+ > > > -+#endif /* __CREDENTIALS_INTERNAL_H__ */ > > > -diff --git a/auth/credentials/credentials_krb5.c b/auth/credentials/= credentials_krb5.c > > > -index ec6a695..489a959 100644 > > > ---- a/auth/credentials/credentials_krb5.c > > > -+++ b/auth/credentials/credentials_krb5.c > > > -@@ -26,6 +26,7 @@ > > > - #include "system/gssapi.h" > > > - #include "auth/kerberos/kerberos.h" > > > - #include "auth/credentials/credentials.h" > > > -+#include "auth/credentials/credentials_internal.h" > > > - #include "auth/credentials/credentials_proto.h" > > > - #include "auth/credentials/credentials_krb5.h" > > > - #include "auth/kerberos/kerberos_credentials.h" > > > -diff --git a/auth/credentials/credentials_ntlm.c b/auth/credentials/= credentials_ntlm.c > > > -index 8f143bf..8c6be39 100644 > > > ---- a/auth/credentials/credentials_ntlm.c > > > -+++ b/auth/credentials/credentials_ntlm.c > > > -@@ -26,6 +26,7 @@ > > > - #include "../lib/crypto/crypto.h" > > > - #include "libcli/auth/libcli_auth.h" > > > - #include "auth/credentials/credentials.h" > > > -+#include "auth/credentials/credentials_internal.h" > > > -=20 > > > - _PUBLIC_ NTSTATUS cli_credentials_get_ntlm_response(struct cli_cred= entials *cred, TALLOC_CTX *mem_ctx,=20 > > > - int *flags, > > > -diff --git a/auth/credentials/credentials_secrets.c b/auth/credentia= ls/credentials_secrets.c > > > -index 27ee607..678d167 100644 > > > ---- a/auth/credentials/credentials_secrets.c > > > -+++ b/auth/credentials/credentials_secrets.c > > > -@@ -28,6 +28,7 @@ > > > - #include "param/secrets.h" > > > - #include "system/filesys.h" > > > - #include "auth/credentials/credentials.h" > > > -+#include "auth/credentials/credentials_internal.h" > > > - #include "auth/credentials/credentials_proto.h" > > > - #include "auth/credentials/credentials_krb5.h" > > > - #include "auth/kerberos/kerberos_util.h" > > > ---=20 > > > -1.9.3 > > > - > > > - > > > -From 96ea01159cfee1e384dbd5966c7eb512d495e322 Mon Sep 17 00:00:00 20= 01 > > > -From: Stefan Metzmacher > > > -Date: Wed, 31 Jul 2013 13:39:17 +0200 > > > -Subject: [PATCH 013/249] auth/credentials: get the old password from > > > - secrets.tdb > > > - > > > -Signed-off-by: Stefan Metzmacher > > > - > > > -Reviewed-by: Andrew Bartlett > > > -(cherry picked from commit 26a7420c1c4307023b22676cd85d95010ecbf603) > > > ---- > > > - auth/credentials/credentials_secrets.c | 11 +++++++++++ > > > - 1 file changed, 11 insertions(+) > > > - > > > -diff --git a/auth/credentials/credentials_secrets.c b/auth/credentia= ls/credentials_secrets.c > > > -index 678d167..6c1cded 100644 > > > ---- a/auth/credentials/credentials_secrets.c > > > -+++ b/auth/credentials/credentials_secrets.c > > > -@@ -238,6 +238,7 @@ _PUBLIC_ NTSTATUS cli_credentials_set_machine_ac= count(struct cli_credentials *cr > > > - bool secrets_tdb_password_more_recent; > > > - time_t secrets_tdb_lct =3D 0; > > > - char *secrets_tdb_password =3D NULL; > > > -+ char *secrets_tdb_old_password =3D NULL; > > > - char *keystr; > > > - char *keystr_upper =3D NULL; > > > - char *secrets_tdb; > > > -@@ -285,6 +286,15 @@ _PUBLIC_ NTSTATUS cli_credentials_set_machine_a= ccount(struct cli_credentials *cr > > > - if (NT_STATUS_IS_OK(status)) { > > > - secrets_tdb_password =3D (char *)dbuf.dptr; > > > - } > > > -+ keystr =3D talloc_asprintf(tmp_ctx, "%s/%s", > > > -+ SECRETS_MACHINE_PASSWORD_PREV, > > > -+ domain); > > > -+ keystr_upper =3D strupper_talloc(tmp_ctx, keystr); > > > -+ status =3D dbwrap_fetch(db_ctx, tmp_ctx, string_tdb_data(keystr_u= pper), > > > -+ &dbuf); > > > -+ if (NT_STATUS_IS_OK(status)) { > > > -+ secrets_tdb_old_password =3D (char *)dbuf.dptr; > > > -+ } > > > - } > > > -=20 > > > - filter =3D talloc_asprintf(cred, SECRETS_PRIMARY_DOMAIN_FILTER,=20 > > > -@@ -308,6 +318,7 @@ _PUBLIC_ NTSTATUS cli_credentials_set_machine_ac= count(struct cli_credentials *cr > > > - if (secrets_tdb_password_more_recent) { > > > - char *machine_account =3D talloc_asprintf(tmp_ctx, "%s$", lpcfg_n= etbios_name(lp_ctx)); > > > - cli_credentials_set_password(cred, secrets_tdb_password, CRED_SPE= CIFIED); > > > -+ cli_credentials_set_old_password(cred, secrets_tdb_old_password, = CRED_SPECIFIED); > > > - cli_credentials_set_domain(cred, domain, CRED_SPECIFIED); > > > - cli_credentials_set_username(cred, machine_account, CRED_SPECIFIE= D); > > > - } else if (!NT_STATUS_IS_OK(status)) { > > > ---=20 > > > -1.9.3 > > > - > > > - > > > -From 74f5c14921f53b95b64dbcbf0352a89d50b20af1 Mon Sep 17 00:00:00 20= 01 > > > -From: Stefan Metzmacher > > > -Date: Wed, 31 Jul 2013 14:25:54 +0200 > > > -Subject: [PATCH 014/249] auth/credentials: simplify password_tries s= tate > > > - > > > -Signed-off-by: Stefan Metzmacher > > > - > > > -Reviewed-by: Andrew Bartlett > > > -(cherry picked from commit 8ea36a8e58d499aa7bf342b365ca00cb39f295b6) > > > ---- > > > - auth/credentials/credentials.c | 19 ++++++++++++++----- > > > - auth/credentials/credentials_internal.h | 2 +- > > > - 2 files changed, 15 insertions(+), 6 deletions(-) > > > - > > > -diff --git a/auth/credentials/credentials.c b/auth/credentials/crede= ntials.c > > > -index f334465..4ac5356 100644 > > > ---- a/auth/credentials/credentials.c > > > -+++ b/auth/credentials/credentials.c > > > -@@ -104,7 +104,7 @@ _PUBLIC_ struct cli_credentials *cli_credentials= _init(TALLOC_CTX *mem_ctx) > > > -=20 > > > - cred->machine_account =3D false; > > > -=20 > > > -- cred->tries =3D 3; > > > -+ cred->password_tries =3D 0; > > > -=20 > > > - cred->callback_running =3D false; > > > -=20 > > > -@@ -397,6 +397,7 @@ _PUBLIC_ bool cli_credentials_set_password(struc= t cli_credentials *cred, > > > - enum credentials_obtained obtained) > > > - { > > > - if (obtained >=3D cred->password_obtained) { > > > -+ cred->password_tries =3D 0; > > > - cred->password =3D talloc_strdup(cred, val); > > > - if (cred->password) { > > > - /* Don't print the actual password in talloc memory dumps */ > > > -@@ -418,6 +419,7 @@ _PUBLIC_ bool cli_credentials_set_password_callb= ack(struct cli_credentials *cred > > > - const char *(*password_cb) (struct cli_credentials *)) > > > - { > > > - if (cred->password_obtained < CRED_CALLBACK) { > > > -+ cred->password_tries =3D 3; > > > - cred->password_cb =3D password_cb; > > > - cred->password_obtained =3D CRED_CALLBACK; > > > - cli_credentials_invalidate_ccache(cred, cred->password_obtained); > > > -@@ -897,12 +899,19 @@ _PUBLIC_ bool cli_credentials_wrong_password(s= truct cli_credentials *cred) > > > - if (cred->password_obtained !=3D CRED_CALLBACK_RESULT) { > > > - return false; > > > - } > > > --=09 > > > -- cred->password_obtained =3D CRED_CALLBACK; > > > -=20 > > > -- cred->tries--; > > > -+ if (cred->password_tries =3D=3D 0) { > > > -+ return false; > > > -+ } > > > -+ > > > -+ cred->password_tries--; > > > -=20 > > > -- return (cred->tries > 0); > > > -+ if (cred->password_tries =3D=3D 0) { > > > -+ return false; > > > -+ } > > > -+ > > > -+ cred->password_obtained =3D CRED_CALLBACK; > > > -+ return true; > > > - } > > > -=20 > > > - _PUBLIC_ void cli_credentials_get_ntlm_username_domain(struct cli_c= redentials *cred, TALLOC_CTX *mem_ctx,=20 > > > -diff --git a/auth/credentials/credentials_internal.h b/auth/credenti= als/credentials_internal.h > > > -index 5a3655b..f2f79b9 100644 > > > ---- a/auth/credentials/credentials_internal.h > > > -+++ b/auth/credentials/credentials_internal.h > > > -@@ -105,7 +105,7 @@ struct cli_credentials { > > > - uint32_t gensec_features; > > > -=20 > > > - /* Number of retries left before bailing out */ > > > -- int tries; > > > -+ uint32_t password_tries; > > > -=20 > > > - /* Whether any callback is currently running */ > > > - bool callback_running; > > > ---=20 > > > -1.9.3 > > > - > > > - > > > -From 8d2c51caeecebc0b7d16fb7cf7b7fe2f2b5d8edd Mon Sep 17 00:00:00 20= 01 > > > -From: Stefan Metzmacher > > > -Date: Wed, 31 Jul 2013 14:32:36 +0200 > > > -Subject: [PATCH 015/249] auth/credentials: use CRED_CALLBACK_RESULT = after a > > > - callback > > > - > > > -We only do this if it's still CRED_CALLBACK after the callback, > > > -this allowes the callback to overwrite it. > > > - > > > -Signed-off-by: Stefan Metzmacher > > > - > > > -Reviewed-by: Andrew Bartlett > > > - > > > -Autobuild-User(master): Andrew Bartlett > > > -Autobuild-Date(master): Mon Aug 5 09:36:05 CEST 2013 on sn-devel-104 > > > -(cherry picked from commit b699d404bb5d4385a757b5aa5d0e792cf9d5de59) > > > ---- > > > - auth/credentials/credentials.c | 34 +++++++++++++++++++++++--------= --- > > > - 1 file changed, 23 insertions(+), 11 deletions(-) > > > - > > > -diff --git a/auth/credentials/credentials.c b/auth/credentials/crede= ntials.c > > > -index 4ac5356..be497bc 100644 > > > ---- a/auth/credentials/credentials.c > > > -+++ b/auth/credentials/credentials.c > > > -@@ -206,8 +206,10 @@ _PUBLIC_ const char *cli_credentials_get_userna= me(struct cli_credentials *cred) > > > - cred->callback_running =3D true; > > > - cred->username =3D cred->username_cb(cred); > > > - cred->callback_running =3D false; > > > -- cred->username_obtained =3D CRED_SPECIFIED; > > > -- cli_credentials_invalidate_ccache(cred, cred->username_obtained); > > > -+ if (cred->username_obtained =3D=3D CRED_CALLBACK) { > > > -+ cred->username_obtained =3D CRED_CALLBACK_RESULT; > > > -+ cli_credentials_invalidate_ccache(cred, cred->username_obtained); > > > -+ } > > > - } > > > -=20 > > > - return cred->username; > > > -@@ -275,8 +277,10 @@ _PUBLIC_ const char *cli_credentials_get_princi= pal_and_obtained(struct cli_crede > > > - cred->callback_running =3D true; > > > - cred->principal =3D cred->principal_cb(cred); > > > - cred->callback_running =3D false; > > > -- cred->principal_obtained =3D CRED_SPECIFIED; > > > -- cli_credentials_invalidate_ccache(cred, cred->principal_obtained); > > > -+ if (cred->principal_obtained =3D=3D CRED_CALLBACK) { > > > -+ cred->principal_obtained =3D CRED_CALLBACK_RESULT; > > > -+ cli_credentials_invalidate_ccache(cred, cred->principal_obtained= ); > > > -+ } > > > - } > > > -=20 > > > - if (cred->principal_obtained < cred->username_obtained > > > -@@ -382,8 +386,10 @@ _PUBLIC_ const char *cli_credentials_get_passwo= rd(struct cli_credentials *cred) > > > - cred->callback_running =3D true; > > > - cred->password =3D cred->password_cb(cred); > > > - cred->callback_running =3D false; > > > -- cred->password_obtained =3D CRED_CALLBACK_RESULT; > > > -- cli_credentials_invalidate_ccache(cred, cred->password_obtained); > > > -+ if (cred->password_obtained =3D=3D CRED_CALLBACK) { > > > -+ cred->password_obtained =3D CRED_CALLBACK_RESULT; > > > -+ cli_credentials_invalidate_ccache(cred, cred->password_obtained); > > > -+ } > > > - } > > > -=20 > > > - return cred->password; > > > -@@ -502,8 +508,10 @@ _PUBLIC_ const char *cli_credentials_get_domain= (struct cli_credentials *cred) > > > - cred->callback_running =3D true; > > > - cred->domain =3D cred->domain_cb(cred); > > > - cred->callback_running =3D false; > > > -- cred->domain_obtained =3D CRED_SPECIFIED; > > > -- cli_credentials_invalidate_ccache(cred, cred->domain_obtained); > > > -+ if (cred->domain_obtained =3D=3D CRED_CALLBACK) { > > > -+ cred->domain_obtained =3D CRED_CALLBACK_RESULT; > > > -+ cli_credentials_invalidate_ccache(cred, cred->domain_obtained); > > > -+ } > > > - } > > > -=20 > > > - return cred->domain; > > > -@@ -561,8 +569,10 @@ _PUBLIC_ const char *cli_credentials_get_realm(= struct cli_credentials *cred) > > > - cred->callback_running =3D true; > > > - cred->realm =3D cred->realm_cb(cred); > > > - cred->callback_running =3D false; > > > -- cred->realm_obtained =3D CRED_SPECIFIED; > > > -- cli_credentials_invalidate_ccache(cred, cred->realm_obtained); > > > -+ if (cred->realm_obtained =3D=3D CRED_CALLBACK) { > > > -+ cred->realm_obtained =3D CRED_CALLBACK_RESULT; > > > -+ cli_credentials_invalidate_ccache(cred, cred->realm_obtained); > > > -+ } > > > - } > > > -=20 > > > - return cred->realm; > > > -@@ -612,7 +622,9 @@ _PUBLIC_ const char *cli_credentials_get_worksta= tion(struct cli_credentials *cre > > > - cred->callback_running =3D true; > > > - cred->workstation =3D cred->workstation_cb(cred); > > > - cred->callback_running =3D false; > > > -- cred->workstation_obtained =3D CRED_SPECIFIED; > > > -+ if (cred->workstation_obtained =3D=3D CRED_CALLBACK) { > > > -+ cred->workstation_obtained =3D CRED_CALLBACK_RESULT; > > > -+ } > > > - } > > > -=20 > > > - return cred->workstation; > > > ---=20 > > > -1.9.3 > > > - > > > - > > > -From a498324b38326a874616b0bab1e5a9cd29b664ce Mon Sep 17 00:00:00 20= 01 > > > -From: =3D?UTF-8?q?G=3DC3=3DBCnther=3D20Deschner?=3D > > > -Date: Fri, 17 May 2013 16:02:59 +0200 > > > -Subject: [PATCH 016/249] s3-net: pass down ndr_interface_table to > > > - connect_dst_pipe(). > > > -MIME-Version: 1.0 > > > -Content-Type: text/plain; charset=3DUTF-8 > > > -Content-Transfer-Encoding: 8bit > > > - > > > -Guenther > > > - > > > -Signed-off-by: G=C3=BCnther Deschner > > > -Reviewed-by: Stefan Metzmacher > > > -Reviewed-by: Andreas Schneider > > > -(cherry picked from commit 93e92faca9c99cd91878c2f48fb244233b16aa0f) > > > ---- > > > - source3/utils/net_proto.h | 2 +- > > > - source3/utils/net_rpc.c | 4 ++-- > > > - source3/utils/net_rpc_printer.c | 10 +++++----- > > > - source3/utils/net_util.c | 4 ++-- > > > - 4 files changed, 10 insertions(+), 10 deletions(-) > > > - > > > -diff --git a/source3/utils/net_proto.h b/source3/utils/net_proto.h > > > -index 3f99e14..03fb312 100644 > > > ---- a/source3/utils/net_proto.h > > > -+++ b/source3/utils/net_proto.h > > > -@@ -416,7 +416,7 @@ NTSTATUS connect_to_ipc_anonymous(struct net_con= text *c, > > > - const char *server_name); > > > - NTSTATUS connect_dst_pipe(struct net_context *c, struct cli_state *= *cli_dst, > > > - struct rpc_pipe_client **pp_pipe_hnd, > > > -- const struct ndr_syntax_id *interface); > > > -+ const struct ndr_interface_table *table); > > > - int net_use_krb_machine_account(struct net_context *c); > > > - int net_use_machine_account(struct net_context *c); > > > - bool net_find_server(struct net_context *c, > > > -diff --git a/source3/utils/net_rpc.c b/source3/utils/net_rpc.c > > > -index c5c4d6c..4503f59 100644 > > > ---- a/source3/utils/net_rpc.c > > > -+++ b/source3/utils/net_rpc.c > > > -@@ -3654,7 +3654,7 @@ static NTSTATUS rpc_share_migrate_shares_inter= nals(struct net_context *c, > > > -=20 > > > - /* connect destination PI_SRVSVC */ > > > - nt_status =3D connect_dst_pipe(c, &cli_dst, &srvsvc_pipe, > > > -- &ndr_table_srvsvc.syntax_id); > > > -+ &ndr_table_srvsvc); > > > - if (!NT_STATUS_IS_OK(nt_status)) > > > - return nt_status; > > > -=20 > > > -@@ -4140,7 +4140,7 @@ static NTSTATUS rpc_share_migrate_security_int= ernals(struct net_context *c, > > > -=20 > > > - /* connect destination PI_SRVSVC */ > > > - nt_status =3D connect_dst_pipe(c, &cli_dst, &srvsvc_pipe, > > > -- &ndr_table_srvsvc.syntax_id); > > > -+ &ndr_table_srvsvc); > > > - if (!NT_STATUS_IS_OK(nt_status)) > > > - return nt_status; > > > -=20 > > > -diff --git a/source3/utils/net_rpc_printer.c b/source3/utils/net_rpc= _printer.c > > > -index ba34de1..1e42e6f 100644 > > > ---- a/source3/utils/net_rpc_printer.c > > > -+++ b/source3/utils/net_rpc_printer.c > > > -@@ -1578,7 +1578,7 @@ NTSTATUS rpc_printer_migrate_security_internal= s(struct net_context *c, > > > -=20 > > > - /* connect destination PI_SPOOLSS */ > > > - nt_status =3D connect_dst_pipe(c, &cli_dst, &pipe_hnd_dst, > > > -- &ndr_table_spoolss.syntax_id); > > > -+ &ndr_table_spoolss); > > > - if (!NT_STATUS_IS_OK(nt_status)) { > > > - return nt_status; > > > - } > > > -@@ -1730,7 +1730,7 @@ NTSTATUS rpc_printer_migrate_forms_internals(s= truct net_context *c, > > > -=20 > > > - /* connect destination PI_SPOOLSS */ > > > - nt_status =3D connect_dst_pipe(c, &cli_dst, &pipe_hnd_dst, > > > -- &ndr_table_spoolss.syntax_id); > > > -+ &ndr_table_spoolss); > > > - if (!NT_STATUS_IS_OK(nt_status)) { > > > - return nt_status; > > > - } > > > -@@ -1907,7 +1907,7 @@ NTSTATUS rpc_printer_migrate_drivers_internals= (struct net_context *c, > > > - DEBUG(3,("copying printer-drivers\n")); > > > -=20 > > > - nt_status =3D connect_dst_pipe(c, &cli_dst, &pipe_hnd_dst, > > > -- &ndr_table_spoolss.syntax_id); > > > -+ &ndr_table_spoolss); > > > - if (!NT_STATUS_IS_OK(nt_status)) { > > > - return nt_status; > > > - } > > > -@@ -2126,7 +2126,7 @@ NTSTATUS rpc_printer_migrate_printers_internal= s(struct net_context *c, > > > -=20 > > > - /* connect destination PI_SPOOLSS */ > > > - nt_status =3D connect_dst_pipe(c, &cli_dst, &pipe_hnd_dst, > > > -- &ndr_table_spoolss.syntax_id); > > > -+ &ndr_table_spoolss); > > > - if (!NT_STATUS_IS_OK(nt_status)) { > > > - return nt_status; > > > - } > > > -@@ -2301,7 +2301,7 @@ NTSTATUS rpc_printer_migrate_settings_internal= s(struct net_context *c, > > > -=20 > > > - /* connect destination PI_SPOOLSS */ > > > - nt_status =3D connect_dst_pipe(c, &cli_dst, &pipe_hnd_dst, > > > -- &ndr_table_spoolss.syntax_id); > > > -+ &ndr_table_spoolss); > > > - if (!NT_STATUS_IS_OK(nt_status)) { > > > - return nt_status; > > > - } > > > -diff --git a/source3/utils/net_util.c b/source3/utils/net_util.c > > > -index 9c4a77e..a4282ec 100644 > > > ---- a/source3/utils/net_util.c > > > -+++ b/source3/utils/net_util.c > > > -@@ -231,7 +231,7 @@ NTSTATUS connect_to_ipc_anonymous(struct net_con= text *c, > > > - **/ > > > - NTSTATUS connect_dst_pipe(struct net_context *c, struct cli_state *= *cli_dst, > > > - struct rpc_pipe_client **pp_pipe_hnd, > > > -- const struct ndr_syntax_id *interface) > > > -+ const struct ndr_interface_table *table) > > > - { > > > - NTSTATUS nt_status; > > > - char *server_name =3D SMB_STRDUP("127.0.0.1"); > > > -@@ -256,7 +256,7 @@ NTSTATUS connect_dst_pipe(struct net_context *c,= struct cli_state **cli_dst, > > > - return nt_status; > > > - } > > > -=20 > > > -- nt_status =3D cli_rpc_pipe_open_noauth(cli_tmp, interface, > > > -+ nt_status =3D cli_rpc_pipe_open_noauth(cli_tmp, &table->syntax_id, > > > - &pipe_hnd); > > > - if (!NT_STATUS_IS_OK(nt_status)) { > > > - DEBUG(0, ("couldn't not initialize pipe\n")); > > > ---=20 > > > -1.9.3 > > > - > > > - > > > -From d5273069a42d7234daaf3dd043d0a6e455348385 Mon Sep 17 00:00:00 20= 01 > > > -From: =3D?UTF-8?q?G=3DC3=3DBCnther=3D20Deschner?=3D > > > -Date: Fri, 17 May 2013 16:24:42 +0200 > > > -Subject: [PATCH 017/249] s3-rpc_cli: remove prototype of nonexisting > > > - cli_rpc_pipe_open_krb5(). > > > -MIME-Version: 1.0 > > > -Content-Type: text/plain; charset=3DUTF-8 > > > -Content-Transfer-Encoding: 8bit > > > - > > > -Guenther > > > - > > > -Signed-off-by: G=C3=BCnther Deschner > > > -Reviewed-by: Stefan Metzmacher > > > -Reviewed-by: Andreas Schneider > > > -(cherry picked from commit a1368ca6ef8ab4f158c8b303ad058835f1bbf441) > > > ---- > > > - source3/rpc_client/cli_pipe.h | 9 --------- > > > - 1 file changed, 9 deletions(-) > > > - > > > -diff --git a/source3/rpc_client/cli_pipe.h b/source3/rpc_client/cli_= pipe.h > > > -index bf785fb..34ae542 100644 > > > ---- a/source3/rpc_client/cli_pipe.h > > > -+++ b/source3/rpc_client/cli_pipe.h > > > -@@ -131,15 +131,6 @@ NTSTATUS cli_rpc_pipe_open_schannel(struct cli_= state *cli, > > > - const char *domain, > > > - struct rpc_pipe_client **presult); > > > -=20 > > > --NTSTATUS cli_rpc_pipe_open_krb5(struct cli_state *cli, > > > -- const struct ndr_syntax_id *interface, > > > -- enum dcerpc_transport_t transport, > > > -- enum dcerpc_AuthLevel auth_level, > > > -- const char *service_princ, > > > -- const char *username, > > > -- const char *password, > > > -- struct rpc_pipe_client **presult); > > > -- > > > - NTSTATUS cli_get_session_key(TALLOC_CTX *mem_ctx, > > > - struct rpc_pipe_client *cli, > > > - DATA_BLOB *session_key); > > > ---=20 > > > -1.9.3 > > > - > > > - > > > -From 1a6c1ddb44aac3f201bbe2cabab10e409ffd042b Mon Sep 17 00:00:00 20= 01 > > > -From: =3D?UTF-8?q?G=3DC3=3DBCnther=3D20Deschner?=3D > > > -Date: Fri, 17 May 2013 16:08:16 +0200 > > > -Subject: [PATCH 018/249] s3-libnetapi: pass down ndr_interface_table= to > > > - libnetapi_get_binding_handle(). > > > -MIME-Version: 1.0 > > > -Content-Type: text/plain; charset=3DUTF-8 > > > -Content-Transfer-Encoding: 8bit > > > - > > > -Guenther > > > - > > > -Signed-off-by: G=C3=BCnther Deschner > > > -Reviewed-by: Stefan Metzmacher > > > -Reviewed-by: Andreas Schneider > > > -(cherry picked from commit fa37bbd9d06865d265bf554a3c49920f956f2185) > > > ---- > > > - source3/lib/netapi/cm.c | 4 ++-- > > > - source3/lib/netapi/file.c | 6 +++--- > > > - source3/lib/netapi/getdc.c | 6 +++--- > > > - source3/lib/netapi/netapi_private.h | 3 ++- > > > - source3/lib/netapi/netlogon.c | 4 ++-- > > > - source3/lib/netapi/serverinfo.c | 6 +++--- > > > - source3/lib/netapi/share.c | 10 +++++----- > > > - source3/lib/netapi/shutdown.c | 4 ++-- > > > - 8 files changed, 22 insertions(+), 21 deletions(-) > > > - > > > -diff --git a/source3/lib/netapi/cm.c b/source3/lib/netapi/cm.c > > > -index da3d2e1..c3ae19f 100644 > > > ---- a/source3/lib/netapi/cm.c > > > -+++ b/source3/lib/netapi/cm.c > > > -@@ -269,7 +269,7 @@ WERROR libnetapi_open_pipe(struct libnetapi_ctx = *ctx, > > > -=20 > > > - WERROR libnetapi_get_binding_handle(struct libnetapi_ctx *ctx, > > > - const char *server_name, > > > -- const struct ndr_syntax_id *interface, > > > -+ const struct ndr_interface_table *table, > > > - struct dcerpc_binding_handle **binding_handle) > > > - { > > > - struct rpc_pipe_client *pipe_cli; > > > -@@ -277,7 +277,7 @@ WERROR libnetapi_get_binding_handle(struct libne= tapi_ctx *ctx, > > > -=20 > > > - *binding_handle =3D NULL; > > > -=20 > > > -- result =3D libnetapi_open_pipe(ctx, server_name, interface, &pipe_= cli); > > > -+ result =3D libnetapi_open_pipe(ctx, server_name, &table->syntax_id= , &pipe_cli); > > > - if (!W_ERROR_IS_OK(result)) { > > > - return result; > > > - } > > > -diff --git a/source3/lib/netapi/file.c b/source3/lib/netapi/file.c > > > -index 1e406d2..551f9ff 100644 > > > ---- a/source3/lib/netapi/file.c > > > -+++ b/source3/lib/netapi/file.c > > > -@@ -36,7 +36,7 @@ WERROR NetFileClose_r(struct libnetapi_ctx *ctx, > > > - struct dcerpc_binding_handle *b; > > > -=20 > > > - werr =3D libnetapi_get_binding_handle(ctx, r->in.server_name, > > > -- &ndr_table_srvsvc.syntax_id, > > > -+ &ndr_table_srvsvc, > > > - &b); > > > - if (!W_ERROR_IS_OK(werr)) { > > > - goto done; > > > -@@ -130,7 +130,7 @@ WERROR NetFileGetInfo_r(struct libnetapi_ctx *ct= x, > > > - } > > > -=20 > > > - werr =3D libnetapi_get_binding_handle(ctx, r->in.server_name, > > > -- &ndr_table_srvsvc.syntax_id, > > > -+ &ndr_table_srvsvc, > > > - &b); > > > - if (!W_ERROR_IS_OK(werr)) { > > > - goto done; > > > -@@ -201,7 +201,7 @@ WERROR NetFileEnum_r(struct libnetapi_ctx *ctx, > > > - } > > > -=20 > > > - werr =3D libnetapi_get_binding_handle(ctx, r->in.server_name, > > > -- &ndr_table_srvsvc.syntax_id, > > > -+ &ndr_table_srvsvc, > > > - &b); > > > - if (!W_ERROR_IS_OK(werr)) { > > > - goto done; > > > -diff --git a/source3/lib/netapi/getdc.c b/source3/lib/netapi/getdc.c > > > -index 3b26d46..ae976f1 100644 > > > ---- a/source3/lib/netapi/getdc.c > > > -+++ b/source3/lib/netapi/getdc.c > > > -@@ -47,7 +47,7 @@ WERROR NetGetDCName_r(struct libnetapi_ctx *ctx, > > > - void *buffer; > > > -=20 > > > - werr =3D libnetapi_get_binding_handle(ctx, r->in.server_name, > > > -- &ndr_table_netlogon.syntax_id, > > > -+ &ndr_table_netlogon, > > > - &b); > > > - if (!W_ERROR_IS_OK(werr)) { > > > - goto done; > > > -@@ -101,7 +101,7 @@ WERROR NetGetAnyDCName_r(struct libnetapi_ctx *c= tx, > > > - void *buffer; > > > -=20 > > > - werr =3D libnetapi_get_binding_handle(ctx, r->in.server_name, > > > -- &ndr_table_netlogon.syntax_id, > > > -+ &ndr_table_netlogon, > > > - &b); > > > - if (!W_ERROR_IS_OK(werr)) { > > > - goto done; > > > -@@ -173,7 +173,7 @@ WERROR DsGetDcName_r(struct libnetapi_ctx *ctx, > > > - struct dcerpc_binding_handle *b; > > > -=20 > > > - werr =3D libnetapi_get_binding_handle(ctx, r->in.server_name, > > > -- &ndr_table_netlogon.syntax_id, > > > -+ &ndr_table_netlogon, > > > - &b); > > > - if (!W_ERROR_IS_OK(werr)) { > > > - goto done; > > > -diff --git a/source3/lib/netapi/netapi_private.h b/source3/lib/netap= i/netapi_private.h > > > -index 349287b..62aa7ef 100644 > > > ---- a/source3/lib/netapi/netapi_private.h > > > -+++ b/source3/lib/netapi/netapi_private.h > > > -@@ -30,6 +30,7 @@ > > > - return fn ## _r(ctx, r); > > > -=20 > > > - struct dcerpc_binding_handle; > > > -+struct ndr_interface_table; > > > -=20 > > > - struct libnetapi_private_ctx { > > > - struct { > > > -@@ -64,7 +65,7 @@ WERROR libnetapi_open_pipe(struct libnetapi_ctx *c= tx, > > > - struct rpc_pipe_client **presult); > > > - WERROR libnetapi_get_binding_handle(struct libnetapi_ctx *ctx, > > > - const char *server_name, > > > -- const struct ndr_syntax_id *interface, > > > -+ const struct ndr_interface_table *table, > > > - struct dcerpc_binding_handle **binding_handle); > > > - WERROR libnetapi_samr_open_domain(struct libnetapi_ctx *mem_ctx, > > > - struct rpc_pipe_client *pipe_cli, > > > -diff --git a/source3/lib/netapi/netlogon.c b/source3/lib/netapi/netl= ogon.c > > > -index a046fb7..136cb48 100644 > > > ---- a/source3/lib/netapi/netlogon.c > > > -+++ b/source3/lib/netapi/netlogon.c > > > -@@ -133,7 +133,7 @@ WERROR I_NetLogonControl_r(struct libnetapi_ctx = *ctx, > > > - struct dcerpc_binding_handle *b; > > > -=20 > > > - werr =3D libnetapi_get_binding_handle(ctx, r->in.server_name, > > > -- &ndr_table_netlogon.syntax_id, > > > -+ &ndr_table_netlogon, > > > - &b); > > > - if (!W_ERROR_IS_OK(werr)) { > > > - goto done; > > > -@@ -190,7 +190,7 @@ WERROR I_NetLogonControl2_r(struct libnetapi_ctx= *ctx, > > > - } > > > -=20 > > > - werr =3D libnetapi_get_binding_handle(ctx, r->in.server_name, > > > -- &ndr_table_netlogon.syntax_id, > > > -+ &ndr_table_netlogon, > > > - &b); > > > - if (!W_ERROR_IS_OK(werr)) { > > > - goto done; > > > -diff --git a/source3/lib/netapi/serverinfo.c b/source3/lib/netapi/se= rverinfo.c > > > -index 046b693..b2a84d1 100644 > > > ---- a/source3/lib/netapi/serverinfo.c > > > -+++ b/source3/lib/netapi/serverinfo.c > > > -@@ -503,7 +503,7 @@ WERROR NetServerGetInfo_r(struct libnetapi_ctx *= ctx, > > > - } > > > -=20 > > > - werr =3D libnetapi_get_binding_handle(ctx, r->in.server_name, > > > -- &ndr_table_srvsvc.syntax_id, > > > -+ &ndr_table_srvsvc, > > > - &b); > > > - if (!W_ERROR_IS_OK(werr)) { > > > - goto done; > > > -@@ -616,7 +616,7 @@ WERROR NetServerSetInfo_r(struct libnetapi_ctx *= ctx, > > > - struct dcerpc_binding_handle *b; > > > -=20 > > > - werr =3D libnetapi_get_binding_handle(ctx, r->in.server_name, > > > -- &ndr_table_srvsvc.syntax_id, > > > -+ &ndr_table_srvsvc, > > > - &b); > > > - if (!W_ERROR_IS_OK(werr)) { > > > - goto done; > > > -@@ -658,7 +658,7 @@ WERROR NetRemoteTOD_r(struct libnetapi_ctx *ctx, > > > - struct dcerpc_binding_handle *b; > > > -=20 > > > - werr =3D libnetapi_get_binding_handle(ctx, r->in.server_name, > > > -- &ndr_table_srvsvc.syntax_id, > > > -+ &ndr_table_srvsvc, > > > - &b); > > > - if (!W_ERROR_IS_OK(werr)) { > > > - goto done; > > > -diff --git a/source3/lib/netapi/share.c b/source3/lib/netapi/share.c > > > -index d12fa1c..090e1a9 100644 > > > ---- a/source3/lib/netapi/share.c > > > -+++ b/source3/lib/netapi/share.c > > > -@@ -200,7 +200,7 @@ WERROR NetShareAdd_r(struct libnetapi_ctx *ctx, > > > - } > > > -=20 > > > - werr =3D libnetapi_get_binding_handle(ctx, r->in.server_name, > > > -- &ndr_table_srvsvc.syntax_id, > > > -+ &ndr_table_srvsvc, > > > - &b); > > > - if (!W_ERROR_IS_OK(werr)) { > > > - goto done; > > > -@@ -258,7 +258,7 @@ WERROR NetShareDel_r(struct libnetapi_ctx *ctx, > > > - } > > > -=20 > > > - werr =3D libnetapi_get_binding_handle(ctx, r->in.server_name, > > > -- &ndr_table_srvsvc.syntax_id, > > > -+ &ndr_table_srvsvc, > > > - &b); > > > - if (!W_ERROR_IS_OK(werr)) { > > > - goto done; > > > -@@ -321,7 +321,7 @@ WERROR NetShareEnum_r(struct libnetapi_ctx *ctx, > > > - ZERO_STRUCT(info_ctr); > > > -=20 > > > - werr =3D libnetapi_get_binding_handle(ctx, r->in.server_name, > > > -- &ndr_table_srvsvc.syntax_id, > > > -+ &ndr_table_srvsvc, > > > - &b); > > > - if (!W_ERROR_IS_OK(werr)) { > > > - goto done; > > > -@@ -428,7 +428,7 @@ WERROR NetShareGetInfo_r(struct libnetapi_ctx *c= tx, > > > - } > > > -=20 > > > - werr =3D libnetapi_get_binding_handle(ctx, r->in.server_name, > > > -- &ndr_table_srvsvc.syntax_id, > > > -+ &ndr_table_srvsvc, > > > - &b); > > > - if (!W_ERROR_IS_OK(werr)) { > > > - goto done; > > > -@@ -502,7 +502,7 @@ WERROR NetShareSetInfo_r(struct libnetapi_ctx *c= tx, > > > - } > > > -=20 > > > - werr =3D libnetapi_get_binding_handle(ctx, r->in.server_name, > > > -- &ndr_table_srvsvc.syntax_id, > > > -+ &ndr_table_srvsvc, > > > - &b); > > > - if (!W_ERROR_IS_OK(werr)) { > > > - goto done; > > > -diff --git a/source3/lib/netapi/shutdown.c b/source3/lib/netapi/shut= down.c > > > -index 78bc2fc..9e1e8e1 100644 > > > ---- a/source3/lib/netapi/shutdown.c > > > -+++ b/source3/lib/netapi/shutdown.c > > > -@@ -38,7 +38,7 @@ WERROR NetShutdownInit_r(struct libnetapi_ctx *ctx, > > > - struct dcerpc_binding_handle *b; > > > -=20 > > > - werr =3D libnetapi_get_binding_handle(ctx, r->in.server_name, > > > -- &ndr_table_initshutdown.syntax_id, > > > -+ &ndr_table_initshutdown, > > > - &b); > > > - if (!W_ERROR_IS_OK(werr)) { > > > - goto done; > > > -@@ -82,7 +82,7 @@ WERROR NetShutdownAbort_r(struct libnetapi_ctx *ct= x, > > > - struct dcerpc_binding_handle *b; > > > -=20 > > > - werr =3D libnetapi_get_binding_handle(ctx, r->in.server_name, > > > -- &ndr_table_initshutdown.syntax_id, > > > -+ &ndr_table_initshutdown, > > > - &b); > > > - if (!W_ERROR_IS_OK(werr)) { > > > - goto done; > > > ---=20 > > > -1.9.3 > > > - > > > - > > > -From e25e7bfe15bdb89a9680708c27b50e14a8a86ca3 Mon Sep 17 00:00:00 20= 01 > > > -From: =3D?UTF-8?q?G=3DC3=3DBCnther=3D20Deschner?=3D > > > -Date: Fri, 17 May 2013 16:10:13 +0200 > > > -Subject: [PATCH 019/249] s3-libnetapi: pass down ndr_interface_table= to > > > - libnetapi_open_pipe(). > > > -MIME-Version: 1.0 > > > -Content-Type: text/plain; charset=3DUTF-8 > > > -Content-Transfer-Encoding: 8bit > > > - > > > -Guenther > > > - > > > -Signed-off-by: G=C3=BCnther Deschner > > > -Reviewed-by: Stefan Metzmacher > > > -Reviewed-by: Andreas Schneider > > > -(cherry picked from commit 77f7f2a976e5b95f3bd9f542b92926adee4f5fa6) > > > ---- > > > - source3/lib/netapi/cm.c | 8 ++++---- > > > - source3/lib/netapi/group.c | 18 +++++++++--------- > > > - source3/lib/netapi/joindomain.c | 10 +++++----- > > > - source3/lib/netapi/localgroup.c | 14 +++++++------- > > > - source3/lib/netapi/netapi_private.h | 2 +- > > > - source3/lib/netapi/user.c | 22 +++++++++++----------- > > > - 6 files changed, 37 insertions(+), 37 deletions(-) > > > - > > > -diff --git a/source3/lib/netapi/cm.c b/source3/lib/netapi/cm.c > > > -index c3ae19f..dd1f1e3 100644 > > > ---- a/source3/lib/netapi/cm.c > > > -+++ b/source3/lib/netapi/cm.c > > > -@@ -234,7 +234,7 @@ static NTSTATUS pipe_cm_open(TALLOC_CTX *ctx, > > > -=20 > > > - WERROR libnetapi_open_pipe(struct libnetapi_ctx *ctx, > > > - const char *server_name, > > > -- const struct ndr_syntax_id *interface, > > > -+ const struct ndr_interface_table *table, > > > - struct rpc_pipe_client **presult) > > > - { > > > - struct rpc_pipe_client *result =3D NULL; > > > -@@ -251,10 +251,10 @@ WERROR libnetapi_open_pipe(struct libnetapi_ct= x *ctx, > > > - return werr; > > > - } > > > -=20 > > > -- status =3D pipe_cm_open(ctx, ipc, interface, &result); > > > -+ status =3D pipe_cm_open(ctx, ipc, &table->syntax_id, &result); > > > - if (!NT_STATUS_IS_OK(status)) { > > > - libnetapi_set_error_string(ctx, "failed to open PIPE %s: %s", > > > -- get_pipe_name_from_syntax(talloc_tos(), interface), > > > -+ get_pipe_name_from_syntax(talloc_tos(), &table->syntax_id), > > > - get_friendly_nt_error_msg(status)); > > > - return WERR_DEST_NOT_FOUND; > > > - } > > > -@@ -277,7 +277,7 @@ WERROR libnetapi_get_binding_handle(struct libne= tapi_ctx *ctx, > > > -=20 > > > - *binding_handle =3D NULL; > > > -=20 > > > -- result =3D libnetapi_open_pipe(ctx, server_name, &table->syntax_id= , &pipe_cli); > > > -+ result =3D libnetapi_open_pipe(ctx, server_name, table, &pipe_cli); > > > - if (!W_ERROR_IS_OK(result)) { > > > - return result; > > > - } > > > -diff --git a/source3/lib/netapi/group.c b/source3/lib/netapi/group.c > > > -index b806fc4..6d9b248 100644 > > > ---- a/source3/lib/netapi/group.c > > > -+++ b/source3/lib/netapi/group.c > > > -@@ -76,7 +76,7 @@ WERROR NetGroupAdd_r(struct libnetapi_ctx *ctx, > > > - } > > > -=20 > > > - werr =3D libnetapi_open_pipe(ctx, r->in.server_name, > > > -- &ndr_table_samr.syntax_id, > > > -+ &ndr_table_samr, > > > - &pipe_cli); > > > - if (!W_ERROR_IS_OK(werr)) { > > > - goto done; > > > -@@ -272,7 +272,7 @@ WERROR NetGroupDel_r(struct libnetapi_ctx *ctx, > > > - } > > > -=20 > > > - werr =3D libnetapi_open_pipe(ctx, r->in.server_name, > > > -- &ndr_table_samr.syntax_id, > > > -+ &ndr_table_samr, > > > - &pipe_cli); > > > - if (!W_ERROR_IS_OK(werr)) { > > > - goto done; > > > -@@ -492,7 +492,7 @@ WERROR NetGroupSetInfo_r(struct libnetapi_ctx *c= tx, > > > - } > > > -=20 > > > - werr =3D libnetapi_open_pipe(ctx, r->in.server_name, > > > -- &ndr_table_samr.syntax_id, > > > -+ &ndr_table_samr, > > > - &pipe_cli); > > > - if (!W_ERROR_IS_OK(werr)) { > > > - goto done; > > > -@@ -770,7 +770,7 @@ WERROR NetGroupGetInfo_r(struct libnetapi_ctx *c= tx, > > > - } > > > -=20 > > > - werr =3D libnetapi_open_pipe(ctx, r->in.server_name, > > > -- &ndr_table_samr.syntax_id, > > > -+ &ndr_table_samr, > > > - &pipe_cli); > > > - if (!W_ERROR_IS_OK(werr)) { > > > - goto done; > > > -@@ -918,7 +918,7 @@ WERROR NetGroupAddUser_r(struct libnetapi_ctx *c= tx, > > > - } > > > -=20 > > > - werr =3D libnetapi_open_pipe(ctx, r->in.server_name, > > > -- &ndr_table_samr.syntax_id, > > > -+ &ndr_table_samr, > > > - &pipe_cli); > > > - if (!W_ERROR_IS_OK(werr)) { > > > - goto done; > > > -@@ -1078,7 +1078,7 @@ WERROR NetGroupDelUser_r(struct libnetapi_ctx = *ctx, > > > - } > > > -=20 > > > - werr =3D libnetapi_open_pipe(ctx, r->in.server_name, > > > -- &ndr_table_samr.syntax_id, > > > -+ &ndr_table_samr, > > > - &pipe_cli); > > > - if (!W_ERROR_IS_OK(werr)) { > > > - goto done; > > > -@@ -1397,7 +1397,7 @@ WERROR NetGroupEnum_r(struct libnetapi_ctx *ct= x, > > > - } > > > -=20 > > > - werr =3D libnetapi_open_pipe(ctx, r->in.server_name, > > > -- &ndr_table_samr.syntax_id, > > > -+ &ndr_table_samr, > > > - &pipe_cli); > > > - if (!W_ERROR_IS_OK(werr)) { > > > - goto done; > > > -@@ -1544,7 +1544,7 @@ WERROR NetGroupGetUsers_r(struct libnetapi_ctx= *ctx, > > > -=20 > > > -=20 > > > - werr =3D libnetapi_open_pipe(ctx, r->in.server_name, > > > -- &ndr_table_samr.syntax_id, > > > -+ &ndr_table_samr, > > > - &pipe_cli); > > > - if (!W_ERROR_IS_OK(werr)) { > > > - goto done; > > > -@@ -1736,7 +1736,7 @@ WERROR NetGroupSetUsers_r(struct libnetapi_ctx= *ctx, > > > - } > > > -=20 > > > - werr =3D libnetapi_open_pipe(ctx, r->in.server_name, > > > -- &ndr_table_samr.syntax_id, > > > -+ &ndr_table_samr, > > > - &pipe_cli); > > > - if (!W_ERROR_IS_OK(werr)) { > > > - goto done; > > > -diff --git a/source3/lib/netapi/joindomain.c b/source3/lib/netapi/jo= indomain.c > > > -index b6fb57a..d8e624f 100644 > > > ---- a/source3/lib/netapi/joindomain.c > > > -+++ b/source3/lib/netapi/joindomain.c > > > -@@ -116,7 +116,7 @@ WERROR NetJoinDomain_r(struct libnetapi_ctx *ctx, > > > - DATA_BLOB session_key; > > > -=20 > > > - werr =3D libnetapi_open_pipe(ctx, r->in.server, > > > -- &ndr_table_wkssvc.syntax_id, > > > -+ &ndr_table_wkssvc, > > > - &pipe_cli); > > > - if (!W_ERROR_IS_OK(werr)) { > > > - goto done; > > > -@@ -257,7 +257,7 @@ WERROR NetUnjoinDomain_r(struct libnetapi_ctx *c= tx, > > > - DATA_BLOB session_key; > > > -=20 > > > - werr =3D libnetapi_open_pipe(ctx, r->in.server_name, > > > -- &ndr_table_wkssvc.syntax_id, > > > -+ &ndr_table_wkssvc, > > > - &pipe_cli); > > > - if (!W_ERROR_IS_OK(werr)) { > > > - goto done; > > > -@@ -313,7 +313,7 @@ WERROR NetGetJoinInformation_r(struct libnetapi_= ctx *ctx, > > > - struct dcerpc_binding_handle *b; > > > -=20 > > > - werr =3D libnetapi_open_pipe(ctx, r->in.server_name, > > > -- &ndr_table_wkssvc.syntax_id, > > > -+ &ndr_table_wkssvc, > > > - &pipe_cli); > > > - if (!W_ERROR_IS_OK(werr)) { > > > - goto done; > > > -@@ -455,7 +455,7 @@ WERROR NetGetJoinableOUs_r(struct libnetapi_ctx = *ctx, > > > - DATA_BLOB session_key; > > > -=20 > > > - werr =3D libnetapi_open_pipe(ctx, r->in.server_name, > > > -- &ndr_table_wkssvc.syntax_id, > > > -+ &ndr_table_wkssvc, > > > - &pipe_cli); > > > - if (!W_ERROR_IS_OK(werr)) { > > > - goto done; > > > -@@ -508,7 +508,7 @@ WERROR NetRenameMachineInDomain_r(struct libneta= pi_ctx *ctx, > > > - DATA_BLOB session_key; > > > -=20 > > > - werr =3D libnetapi_open_pipe(ctx, r->in.server_name, > > > -- &ndr_table_wkssvc.syntax_id, > > > -+ &ndr_table_wkssvc, > > > - &pipe_cli); > > > - if (!W_ERROR_IS_OK(werr)) { > > > - goto done; > > > -diff --git a/source3/lib/netapi/localgroup.c b/source3/lib/netapi/lo= calgroup.c > > > -index 17cab68..241970d 100644 > > > ---- a/source3/lib/netapi/localgroup.c > > > -+++ b/source3/lib/netapi/localgroup.c > > > -@@ -185,7 +185,7 @@ WERROR NetLocalGroupAdd_r(struct libnetapi_ctx *= ctx, > > > - } > > > -=20 > > > - werr =3D libnetapi_open_pipe(ctx, r->in.server_name, > > > -- &ndr_table_samr.syntax_id, > > > -+ &ndr_table_samr, > > > - &pipe_cli); > > > - if (!W_ERROR_IS_OK(werr)) { > > > - goto done; > > > -@@ -319,7 +319,7 @@ WERROR NetLocalGroupDel_r(struct libnetapi_ctx *= ctx, > > > - ZERO_STRUCT(alias_handle); > > > -=20 > > > - werr =3D libnetapi_open_pipe(ctx, r->in.server_name, > > > -- &ndr_table_samr.syntax_id, > > > -+ &ndr_table_samr, > > > - &pipe_cli); > > > - if (!W_ERROR_IS_OK(werr)) { > > > - goto done; > > > -@@ -499,7 +499,7 @@ WERROR NetLocalGroupGetInfo_r(struct libnetapi_c= tx *ctx, > > > - ZERO_STRUCT(alias_handle); > > > -=20 > > > - werr =3D libnetapi_open_pipe(ctx, r->in.server_name, > > > -- &ndr_table_samr.syntax_id, > > > -+ &ndr_table_samr, > > > - &pipe_cli); > > > - if (!W_ERROR_IS_OK(werr)) { > > > - goto done; > > > -@@ -678,7 +678,7 @@ WERROR NetLocalGroupSetInfo_r(struct libnetapi_c= tx *ctx, > > > - ZERO_STRUCT(alias_handle); > > > -=20 > > > - werr =3D libnetapi_open_pipe(ctx, r->in.server_name, > > > -- &ndr_table_samr.syntax_id, > > > -+ &ndr_table_samr, > > > - &pipe_cli); > > > - if (!W_ERROR_IS_OK(werr)) { > > > - goto done; > > > -@@ -828,7 +828,7 @@ WERROR NetLocalGroupEnum_r(struct libnetapi_ctx = *ctx, > > > - ZERO_STRUCT(alias_handle); > > > -=20 > > > - werr =3D libnetapi_open_pipe(ctx, r->in.server_name, > > > -- &ndr_table_samr.syntax_id, > > > -+ &ndr_table_samr, > > > - &pipe_cli); > > > - if (!W_ERROR_IS_OK(werr)) { > > > - goto done; > > > -@@ -1141,7 +1141,7 @@ static WERROR NetLocalGroupModifyMembers_r(str= uct libnetapi_ctx *ctx, > > > -=20 > > > - if (r->in.level =3D=3D 3) { > > > - werr =3D libnetapi_open_pipe(ctx, r->in.server_name, > > > -- &ndr_table_lsarpc.syntax_id, > > > -+ &ndr_table_lsarpc, > > > - &lsa_pipe); > > > - if (!W_ERROR_IS_OK(werr)) { > > > - goto done; > > > -@@ -1160,7 +1160,7 @@ static WERROR NetLocalGroupModifyMembers_r(str= uct libnetapi_ctx *ctx, > > > - } > > > -=20 > > > - werr =3D libnetapi_open_pipe(ctx, r->in.server_name, > > > -- &ndr_table_samr.syntax_id, > > > -+ &ndr_table_samr, > > > - &pipe_cli); > > > - if (!W_ERROR_IS_OK(werr)) { > > > - goto done; > > > -diff --git a/source3/lib/netapi/netapi_private.h b/source3/lib/netap= i/netapi_private.h > > > -index 62aa7ef..897cf3d 100644 > > > ---- a/source3/lib/netapi/netapi_private.h > > > -+++ b/source3/lib/netapi/netapi_private.h > > > -@@ -61,7 +61,7 @@ NET_API_STATUS libnetapi_get_debuglevel(struct lib= netapi_ctx *ctx, char **debugl > > > - WERROR libnetapi_shutdown_cm(struct libnetapi_ctx *ctx); > > > - WERROR libnetapi_open_pipe(struct libnetapi_ctx *ctx, > > > - const char *server_name, > > > -- const struct ndr_syntax_id *interface, > > > -+ const struct ndr_interface_table *table, > > > - struct rpc_pipe_client **presult); > > > - WERROR libnetapi_get_binding_handle(struct libnetapi_ctx *ctx, > > > - const char *server_name, > > > -diff --git a/source3/lib/netapi/user.c b/source3/lib/netapi/user.c > > > -index a971e2d..4a39f69 100644 > > > ---- a/source3/lib/netapi/user.c > > > -+++ b/source3/lib/netapi/user.c > > > -@@ -400,7 +400,7 @@ WERROR NetUserAdd_r(struct libnetapi_ctx *ctx, > > > - } > > > -=20 > > > - werr =3D libnetapi_open_pipe(ctx, r->in.server_name, > > > -- &ndr_table_samr.syntax_id, > > > -+ &ndr_table_samr, > > > - &pipe_cli); > > > - if (!W_ERROR_IS_OK(werr)) { > > > - goto done; > > > -@@ -552,7 +552,7 @@ WERROR NetUserDel_r(struct libnetapi_ctx *ctx, > > > - ZERO_STRUCT(user_handle); > > > -=20 > > > - werr =3D libnetapi_open_pipe(ctx, r->in.server_name, > > > -- &ndr_table_samr.syntax_id, > > > -+ &ndr_table_samr, > > > - &pipe_cli); > > > -=20 > > > - if (!W_ERROR_IS_OK(werr)) { > > > -@@ -1322,7 +1322,7 @@ WERROR NetUserEnum_r(struct libnetapi_ctx *ctx, > > > - } > > > -=20 > > > - werr =3D libnetapi_open_pipe(ctx, r->in.server_name, > > > -- &ndr_table_samr.syntax_id, > > > -+ &ndr_table_samr, > > > - &pipe_cli); > > > - if (!W_ERROR_IS_OK(werr)) { > > > - goto done; > > > -@@ -1630,7 +1630,7 @@ WERROR NetQueryDisplayInformation_r(struct lib= netapi_ctx *ctx, > > > - } > > > -=20 > > > - werr =3D libnetapi_open_pipe(ctx, r->in.server_name, > > > -- &ndr_table_samr.syntax_id, > > > -+ &ndr_table_samr, > > > - &pipe_cli); > > > - if (!W_ERROR_IS_OK(werr)) { > > > - goto done; > > > -@@ -1764,7 +1764,7 @@ WERROR NetUserGetInfo_r(struct libnetapi_ctx *= ctx, > > > - } > > > -=20 > > > - werr =3D libnetapi_open_pipe(ctx, r->in.server_name, > > > -- &ndr_table_samr.syntax_id, > > > -+ &ndr_table_samr, > > > - &pipe_cli); > > > - if (!W_ERROR_IS_OK(werr)) { > > > - goto done; > > > -@@ -1936,7 +1936,7 @@ WERROR NetUserSetInfo_r(struct libnetapi_ctx *= ctx, > > > - } > > > -=20 > > > - werr =3D libnetapi_open_pipe(ctx, r->in.server_name, > > > -- &ndr_table_samr.syntax_id, > > > -+ &ndr_table_samr, > > > - &pipe_cli); > > > - if (!W_ERROR_IS_OK(werr)) { > > > - goto done; > > > -@@ -2395,7 +2395,7 @@ WERROR NetUserModalsGet_r(struct libnetapi_ctx= *ctx, > > > - } > > > -=20 > > > - werr =3D libnetapi_open_pipe(ctx, r->in.server_name, > > > -- &ndr_table_samr.syntax_id, > > > -+ &ndr_table_samr, > > > - &pipe_cli); > > > - if (!W_ERROR_IS_OK(werr)) { > > > - goto done; > > > -@@ -2880,7 +2880,7 @@ WERROR NetUserModalsSet_r(struct libnetapi_ctx= *ctx, > > > - } > > > -=20 > > > - werr =3D libnetapi_open_pipe(ctx, r->in.server_name, > > > -- &ndr_table_samr.syntax_id, > > > -+ &ndr_table_samr, > > > - &pipe_cli); > > > - if (!W_ERROR_IS_OK(werr)) { > > > - goto done; > > > -@@ -3015,7 +3015,7 @@ WERROR NetUserGetGroups_r(struct libnetapi_ctx= *ctx, > > > - } > > > -=20 > > > - werr =3D libnetapi_open_pipe(ctx, r->in.server_name, > > > -- &ndr_table_samr.syntax_id, > > > -+ &ndr_table_samr, > > > - &pipe_cli); > > > - if (!W_ERROR_IS_OK(werr)) { > > > - goto done; > > > -@@ -3206,7 +3206,7 @@ WERROR NetUserSetGroups_r(struct libnetapi_ctx= *ctx, > > > - } > > > -=20 > > > - werr =3D libnetapi_open_pipe(ctx, r->in.server_name, > > > -- &ndr_table_samr.syntax_id, > > > -+ &ndr_table_samr, > > > - &pipe_cli); > > > - if (!W_ERROR_IS_OK(werr)) { > > > - goto done; > > > -@@ -3547,7 +3547,7 @@ WERROR NetUserGetLocalGroups_r(struct libnetap= i_ctx *ctx, > > > - } > > > -=20 > > > - werr =3D libnetapi_open_pipe(ctx, r->in.server_name, > > > -- &ndr_table_samr.syntax_id, > > > -+ &ndr_table_samr, > > > - &pipe_cli); > > > - if (!W_ERROR_IS_OK(werr)) { > > > - goto done; > > > ---=20 > > > -1.9.3 > > > - > > > - > > > -From 4157ba43258373cd995b2ee74dcd4d65782dc2ea Mon Sep 17 00:00:00 20= 01 > > > -From: =3D?UTF-8?q?G=3DC3=3DBCnther=3D20Deschner?=3D > > > -Date: Fri, 17 May 2013 16:13:26 +0200 > > > -Subject: [PATCH 020/249] s3-libnetapi: pass down ndr_interface_table= to > > > - pipe_cm() and friends. > > > -MIME-Version: 1.0 > > > -Content-Type: text/plain; charset=3DUTF-8 > > > -Content-Transfer-Encoding: 8bit > > > - > > > -Guenther > > > - > > > -Signed-off-by: G=C3=BCnther Deschner > > > -Reviewed-by: Stefan Metzmacher > > > -Reviewed-by: Andreas Schneider > > > -(cherry picked from commit 0ce2178f2ffeaee324c7e8fef7c87727def7bd77) > > > ---- > > > - source3/lib/netapi/cm.c | 16 ++++++++-------- > > > - 1 file changed, 8 insertions(+), 8 deletions(-) > > > - > > > -diff --git a/source3/lib/netapi/cm.c b/source3/lib/netapi/cm.c > > > -index dd1f1e3..8551521 100644 > > > ---- a/source3/lib/netapi/cm.c > > > -+++ b/source3/lib/netapi/cm.c > > > -@@ -161,7 +161,7 @@ WERROR libnetapi_shutdown_cm(struct libnetapi_ct= x *ctx) > > > - *******************************************************************= */ > > > -=20 > > > - static NTSTATUS pipe_cm_find(struct client_ipc_connection *ipc, > > > -- const struct ndr_syntax_id *interface, > > > -+ const struct ndr_interface_table *table, > > > - struct rpc_pipe_client **presult) > > > - { > > > - struct client_pipe_connection *p; > > > -@@ -177,7 +177,7 @@ static NTSTATUS pipe_cm_find(struct client_ipc_c= onnection *ipc, > > > -=20 > > > - if (strequal(ipc_remote_name, p->pipe->desthost) > > > - && ndr_syntax_id_equal(&p->pipe->abstract_syntax, > > > -- interface)) { > > > -+ &table->syntax_id)) { > > > - *presult =3D p->pipe; > > > - return NT_STATUS_OK; > > > - } > > > -@@ -191,7 +191,7 @@ static NTSTATUS pipe_cm_find(struct client_ipc_c= onnection *ipc, > > > -=20 > > > - static NTSTATUS pipe_cm_connect(TALLOC_CTX *mem_ctx, > > > - struct client_ipc_connection *ipc, > > > -- const struct ndr_syntax_id *interface, > > > -+ const struct ndr_interface_table *table, > > > - struct rpc_pipe_client **presult) > > > - { > > > - struct client_pipe_connection *p; > > > -@@ -202,7 +202,7 @@ static NTSTATUS pipe_cm_connect(TALLOC_CTX *mem_= ctx, > > > - return NT_STATUS_NO_MEMORY; > > > - } > > > -=20 > > > -- status =3D cli_rpc_pipe_open_noauth(ipc->cli, interface, &p->pipe); > > > -+ status =3D cli_rpc_pipe_open_noauth(ipc->cli, &table->syntax_id, &= p->pipe); > > > - if (!NT_STATUS_IS_OK(status)) { > > > - TALLOC_FREE(p); > > > - return status; > > > -@@ -219,14 +219,14 @@ static NTSTATUS pipe_cm_connect(TALLOC_CTX *me= m_ctx, > > > -=20 > > > - static NTSTATUS pipe_cm_open(TALLOC_CTX *ctx, > > > - struct client_ipc_connection *ipc, > > > -- const struct ndr_syntax_id *interface, > > > -+ const struct ndr_interface_table *table, > > > - struct rpc_pipe_client **presult) > > > - { > > > -- if (NT_STATUS_IS_OK(pipe_cm_find(ipc, interface, presult))) { > > > -+ if (NT_STATUS_IS_OK(pipe_cm_find(ipc, table, presult))) { > > > - return NT_STATUS_OK; > > > - } > > > -=20 > > > -- return pipe_cm_connect(ctx, ipc, interface, presult); > > > -+ return pipe_cm_connect(ctx, ipc, table, presult); > > > - } > > > -=20 > > > - /******************************************************************= ** > > > -@@ -251,7 +251,7 @@ WERROR libnetapi_open_pipe(struct libnetapi_ctx = *ctx, > > > - return werr; > > > - } > > > -=20 > > > -- status =3D pipe_cm_open(ctx, ipc, &table->syntax_id, &result); > > > -+ status =3D pipe_cm_open(ctx, ipc, table, &result); > > > - if (!NT_STATUS_IS_OK(status)) { > > > - libnetapi_set_error_string(ctx, "failed to open PIPE %s: %s", > > > - get_pipe_name_from_syntax(talloc_tos(), &table->syntax_id), > > > ---=20 > > > -1.9.3 > > > - > > > - > > > -From ec8ba2a371ce4c4cc14d04e852034dcd92862542 Mon Sep 17 00:00:00 20= 01 > > > -From: =3D?UTF-8?q?G=3DC3=3DBCnther=3D20Deschner?=3D > > > -Date: Fri, 17 May 2013 16:16:59 +0200 > > > -Subject: [PATCH 021/249] s3-rpc_cli: pass down ndr_interface_table to > > > - rpc_pipe_open_ncalrpc(). > > > -MIME-Version: 1.0 > > > -Content-Type: text/plain; charset=3DUTF-8 > > > -Content-Transfer-Encoding: 8bit > > > - > > > -Guenther > > > - > > > -Signed-off-by: G=C3=BCnther Deschner > > > -Reviewed-by: Stefan Metzmacher > > > -Reviewed-by: Andreas Schneider > > > -(cherry picked from commit 9b4fb5b074b035eaef98c4a463c9d68006ed52da) > > > ---- > > > - source3/librpc/rpc/dcerpc_ep.c | 2 +- > > > - source3/rpc_client/cli_pipe.c | 4 ++-- > > > - source3/rpc_client/cli_pipe.h | 2 +- > > > - 3 files changed, 4 insertions(+), 4 deletions(-) > > > - > > > -diff --git a/source3/librpc/rpc/dcerpc_ep.c b/source3/librpc/rpc/dce= rpc_ep.c > > > -index bb080c5..410caa7 100644 > > > ---- a/source3/librpc/rpc/dcerpc_ep.c > > > -+++ b/source3/librpc/rpc/dcerpc_ep.c > > > -@@ -365,7 +365,7 @@ static NTSTATUS ep_register(TALLOC_CTX *mem_ctx, > > > -=20 > > > - status =3D rpc_pipe_open_ncalrpc(tmp_ctx, > > > - ncalrpc_sock, > > > -- &ndr_table_epmapper.syntax_id, > > > -+ &ndr_table_epmapper, > > > - &cli); > > > - if (!NT_STATUS_IS_OK(status)) { > > > - goto done; > > > -diff --git a/source3/rpc_client/cli_pipe.c b/source3/rpc_client/cli_= pipe.c > > > -index 385ae25..427b628 100644 > > > ---- a/source3/rpc_client/cli_pipe.c > > > -+++ b/source3/rpc_client/cli_pipe.c > > > -@@ -2682,7 +2682,7 @@ NTSTATUS rpc_pipe_open_tcp(TALLOC_CTX *mem_ctx= , const char *host, > > > - Create a rpc pipe client struct, connecting to a unix domain socket > > > - ******************************************************************= **/ > > > - NTSTATUS rpc_pipe_open_ncalrpc(TALLOC_CTX *mem_ctx, const char *soc= ket_path, > > > -- const struct ndr_syntax_id *abstract_syntax, > > > -+ const struct ndr_interface_table *table, > > > - struct rpc_pipe_client **presult) > > > - { > > > - struct rpc_pipe_client *result; > > > -@@ -2696,7 +2696,7 @@ NTSTATUS rpc_pipe_open_ncalrpc(TALLOC_CTX *mem= _ctx, const char *socket_path, > > > - return NT_STATUS_NO_MEMORY; > > > - } > > > -=20 > > > -- result->abstract_syntax =3D *abstract_syntax; > > > -+ result->abstract_syntax =3D table->syntax_id; > > > - result->transfer_syntax =3D ndr_transfer_syntax_ndr; > > > -=20 > > > - result->desthost =3D get_myname(result); > > > -diff --git a/source3/rpc_client/cli_pipe.h b/source3/rpc_client/cli_= pipe.h > > > -index 34ae542..3415db0 100644 > > > ---- a/source3/rpc_client/cli_pipe.h > > > -+++ b/source3/rpc_client/cli_pipe.h > > > -@@ -71,7 +71,7 @@ NTSTATUS rpc_pipe_open_tcp(TALLOC_CTX *mem_ctx, > > > - struct rpc_pipe_client **presult); > > > -=20 > > > - NTSTATUS rpc_pipe_open_ncalrpc(TALLOC_CTX *mem_ctx, const char *soc= ket_path, > > > -- const struct ndr_syntax_id *abstract_syntax, > > > -+ const struct ndr_interface_table *table, > > > - struct rpc_pipe_client **presult); > > > -=20 > > > - struct dcerpc_binding_handle *rpccli_bh_create(struct rpc_pipe_clie= nt *c); > > > ---=20 > > > -1.9.3 > > > - > > > - > > > -From 816b7983c2342ea500e7467f2ab6c04dff89308f Mon Sep 17 00:00:00 20= 01 > > > -From: =3D?UTF-8?q?G=3DC3=3DBCnther=3D20Deschner?=3D > > > -Date: Fri, 17 May 2013 16:44:05 +0200 > > > -Subject: [PATCH 022/249] s3-rpc_cli: pass down ndr_interface_table to > > > - rpc_pipe_open_interface(). > > > -MIME-Version: 1.0 > > > -Content-Type: text/plain; charset=3DUTF-8 > > > -Content-Transfer-Encoding: 8bit > > > - > > > -Guenther > > > - > > > -Signed-off-by: G=C3=BCnther Deschner > > > -Reviewed-by: Stefan Metzmacher > > > -Reviewed-by: Andreas Schneider > > > -(cherry picked from commit 6886cff0a7e97864e9094af936cbef08a3c8f6f4) > > > ---- > > > - source3/printing/nt_printing_migrate_internal.c | 2 +- > > > - source3/printing/printspoolss.c | 4 +-- > > > - source3/rpc_server/rpc_ncacn_np.c | 8 +++--- > > > - source3/rpc_server/rpc_ncacn_np.h | 2 +- > > > - source3/smbd/lanman.c | 34 ++++++++++++--= ----------- > > > - source3/smbd/reply.c | 2 +- > > > - 6 files changed, 26 insertions(+), 26 deletions(-) > > > - > > > -diff --git a/source3/printing/nt_printing_migrate_internal.c b/sourc= e3/printing/nt_printing_migrate_internal.c > > > -index 200db07f..6bc7ea2 100644 > > > ---- a/source3/printing/nt_printing_migrate_internal.c > > > -+++ b/source3/printing/nt_printing_migrate_internal.c > > > -@@ -211,7 +211,7 @@ bool nt_printing_tdb_migrate(struct messaging_co= ntext *msg_ctx) > > > - } > > > -=20 > > > - status =3D rpc_pipe_open_interface(tmp_ctx, > > > -- &ndr_table_winreg.syntax_id, > > > -+ &ndr_table_winreg, > > > - session_info, > > > - NULL, > > > - msg_ctx, > > > -diff --git a/source3/printing/printspoolss.c b/source3/printing/prin= tspoolss.c > > > -index fc1e9c1..0507e83 100644 > > > ---- a/source3/printing/printspoolss.c > > > -+++ b/source3/printing/printspoolss.c > > > -@@ -154,7 +154,7 @@ NTSTATUS print_spool_open(files_struct *fsp, > > > - * a job id */ > > > -=20 > > > - status =3D rpc_pipe_open_interface(fsp->conn, > > > -- &ndr_table_spoolss.syntax_id, > > > -+ &ndr_table_spoolss, > > > - fsp->conn->session_info, > > > - fsp->conn->sconn->remote_address, > > > - fsp->conn->sconn->msg_ctx, > > > -@@ -343,7 +343,7 @@ void print_spool_terminate(struct connection_str= uct *conn, > > > - rap_jobid_delete(print_file->svcname, print_file->jobid); > > > -=20 > > > - status =3D rpc_pipe_open_interface(conn, > > > -- &ndr_table_spoolss.syntax_id, > > > -+ &ndr_table_spoolss, > > > - conn->session_info, > > > - conn->sconn->remote_address, > > > - conn->sconn->msg_ctx, > > > -diff --git a/source3/rpc_server/rpc_ncacn_np.c b/source3/rpc_server/= rpc_ncacn_np.c > > > -index b4602a9..7389b3e 100644 > > > ---- a/source3/rpc_server/rpc_ncacn_np.c > > > -+++ b/source3/rpc_server/rpc_ncacn_np.c > > > -@@ -758,7 +758,7 @@ done: > > > - */ > > > -=20 > > > - NTSTATUS rpc_pipe_open_interface(TALLOC_CTX *mem_ctx, > > > -- const struct ndr_syntax_id *syntax, > > > -+ const struct ndr_interface_table *table, > > > - const struct auth_session_info *session_info, > > > - const struct tsocket_address *remote_address, > > > - struct messaging_context *msg_ctx, > > > -@@ -783,7 +783,7 @@ NTSTATUS rpc_pipe_open_interface(TALLOC_CTX *mem= _ctx, > > > - return NT_STATUS_NO_MEMORY; > > > - } > > > -=20 > > > -- pipe_name =3D get_pipe_name_from_syntax(tmp_ctx, syntax); > > > -+ pipe_name =3D get_pipe_name_from_syntax(tmp_ctx, &table->syntax_id= ); > > > - if (pipe_name =3D=3D NULL) { > > > - status =3D NT_STATUS_INVALID_PARAMETER; > > > - goto done; > > > -@@ -800,7 +800,7 @@ NTSTATUS rpc_pipe_open_interface(TALLOC_CTX *mem= _ctx, > > > - switch (pipe_mode) { > > > - case RPC_SERVICE_MODE_EMBEDDED: > > > - status =3D rpc_pipe_open_internal(tmp_ctx, > > > -- syntax, session_info, > > > -+ &table->syntax_id, session_info, > > > - remote_address, msg_ctx, > > > - &cli); > > > - if (!NT_STATUS_IS_OK(status)) { > > > -@@ -813,7 +813,7 @@ NTSTATUS rpc_pipe_open_interface(TALLOC_CTX *mem= _ctx, > > > - * to spoolssd. */ > > > -=20 > > > - status =3D rpc_pipe_open_external(tmp_ctx, > > > -- pipe_name, syntax, > > > -+ pipe_name, &table->syntax_id, > > > - session_info, > > > - &cli); > > > - if (!NT_STATUS_IS_OK(status)) { > > > -diff --git a/source3/rpc_server/rpc_ncacn_np.h b/source3/rpc_server/= rpc_ncacn_np.h > > > -index 586d61b..67cd8a1 100644 > > > ---- a/source3/rpc_server/rpc_ncacn_np.h > > > -+++ b/source3/rpc_server/rpc_ncacn_np.h > > > -@@ -50,7 +50,7 @@ NTSTATUS rpcint_binding_handle(TALLOC_CTX *mem_ctx, > > > - struct messaging_context *msg_ctx, > > > - struct dcerpc_binding_handle **binding_handle); > > > - NTSTATUS rpc_pipe_open_interface(TALLOC_CTX *mem_ctx, > > > -- const struct ndr_syntax_id *syntax, > > > -+ const struct ndr_interface_table *table, > > > - const struct auth_session_info *session_info, > > > - const struct tsocket_address *remote_address, > > > - struct messaging_context *msg_ctx, > > > -diff --git a/source3/smbd/lanman.c b/source3/smbd/lanman.c > > > -index d0dae36..3c488ec 100644 > > > ---- a/source3/smbd/lanman.c > > > -+++ b/source3/smbd/lanman.c > > > -@@ -832,7 +832,7 @@ static bool api_DosPrintQGetInfo(struct smbd_ser= ver_connection *sconn, > > > - } > > > -=20 > > > - status =3D rpc_pipe_open_interface(conn, > > > -- &ndr_table_spoolss.syntax_id, > > > -+ &ndr_table_spoolss, > > > - conn->session_info, > > > - conn->sconn->remote_address, > > > - conn->sconn->msg_ctx, > > > -@@ -1029,7 +1029,7 @@ static bool api_DosPrintQEnum(struct smbd_serv= er_connection *sconn, > > > - } > > > -=20 > > > - status =3D rpc_pipe_open_interface(conn, > > > -- &ndr_table_spoolss.syntax_id, > > > -+ &ndr_table_spoolss, > > > - conn->session_info, > > > - conn->sconn->remote_address, > > > - conn->sconn->msg_ctx, > > > -@@ -2256,7 +2256,7 @@ static bool api_RNetShareAdd(struct smbd_serve= r_connection *sconn, > > > - return false; > > > - } > > > -=20 > > > -- status =3D rpc_pipe_open_interface(mem_ctx, &ndr_table_srvsvc.synt= ax_id, > > > -+ status =3D rpc_pipe_open_interface(mem_ctx, &ndr_table_srvsvc, > > > - conn->session_info, > > > - conn->sconn->remote_address, > > > - conn->sconn->msg_ctx, > > > -@@ -2368,7 +2368,7 @@ static bool api_RNetGroupEnum(struct smbd_serv= er_connection *sconn, > > > - } > > > -=20 > > > - status =3D rpc_pipe_open_interface( > > > -- talloc_tos(), &ndr_table_samr.syntax_id, > > > -+ talloc_tos(), &ndr_table_samr, > > > - conn->session_info, conn->sconn->remote_address, > > > - conn->sconn->msg_ctx, &samr_pipe); > > > - if (!NT_STATUS_IS_OK(status)) { > > > -@@ -2574,7 +2574,7 @@ static bool api_NetUserGetGroups(struct smbd_s= erver_connection *sconn, > > > - endp =3D *rdata + *rdata_len; > > > -=20 > > > - status =3D rpc_pipe_open_interface( > > > -- talloc_tos(), &ndr_table_samr.syntax_id, > > > -+ talloc_tos(), &ndr_table_samr, > > > - conn->session_info, conn->sconn->remote_address, > > > - conn->sconn->msg_ctx, &samr_pipe); > > > - if (!NT_STATUS_IS_OK(status)) { > > > -@@ -2774,7 +2774,7 @@ static bool api_RNetUserEnum(struct smbd_serve= r_connection *sconn, > > > - endp =3D *rdata + *rdata_len; > > > -=20 > > > - status =3D rpc_pipe_open_interface( > > > -- talloc_tos(), &ndr_table_samr.syntax_id, > > > -+ talloc_tos(), &ndr_table_samr, > > > - conn->session_info, conn->sconn->remote_address, > > > - conn->sconn->msg_ctx, &samr_pipe); > > > - if (!NT_STATUS_IS_OK(status)) { > > > -@@ -3037,7 +3037,7 @@ static bool api_SamOEMChangePassword(struct sm= bd_server_connection *sconn, > > > - memcpy(password.data, data, 516); > > > - memcpy(hash.hash, data+516, 16); > > > -=20 > > > -- status =3D rpc_pipe_open_interface(mem_ctx, &ndr_table_samr.syntax= _id, > > > -+ status =3D rpc_pipe_open_interface(mem_ctx, &ndr_table_samr, > > > - conn->session_info, > > > - conn->sconn->remote_address, > > > - conn->sconn->msg_ctx, > > > -@@ -3134,7 +3134,7 @@ static bool api_RDosPrintJobDel(struct smbd_se= rver_connection *sconn, > > > - ZERO_STRUCT(handle); > > > -=20 > > > - status =3D rpc_pipe_open_interface(conn, > > > -- &ndr_table_spoolss.syntax_id, > > > -+ &ndr_table_spoolss, > > > - conn->session_info, > > > - conn->sconn->remote_address, > > > - conn->sconn->msg_ctx, > > > -@@ -3262,7 +3262,7 @@ static bool api_WPrintQueueCtrl(struct smbd_se= rver_connection *sconn, > > > - ZERO_STRUCT(handle); > > > -=20 > > > - status =3D rpc_pipe_open_interface(conn, > > > -- &ndr_table_spoolss.syntax_id, > > > -+ &ndr_table_spoolss, > > > - conn->session_info, > > > - conn->sconn->remote_address, > > > - conn->sconn->msg_ctx, > > > -@@ -3444,7 +3444,7 @@ static bool api_PrintJobInfo(struct smbd_serve= r_connection *sconn, > > > - ZERO_STRUCT(handle); > > > -=20 > > > - status =3D rpc_pipe_open_interface(conn, > > > -- &ndr_table_spoolss.syntax_id, > > > -+ &ndr_table_spoolss, > > > - conn->session_info, > > > - conn->sconn->remote_address, > > > - conn->sconn->msg_ctx, > > > -@@ -3621,7 +3621,7 @@ static bool api_RNetServerGetInfo(struct smbd_= server_connection *sconn, > > > - p =3D *rdata; > > > - p2 =3D p + struct_len; > > > -=20 > > > -- status =3D rpc_pipe_open_interface(mem_ctx, &ndr_table_srvsvc.synt= ax_id, > > > -+ status =3D rpc_pipe_open_interface(mem_ctx, &ndr_table_srvsvc, > > > - conn->session_info, > > > - conn->sconn->remote_address, > > > - conn->sconn->msg_ctx, > > > -@@ -4052,7 +4052,7 @@ static bool api_RNetUserGetInfo(struct smbd_se= rver_connection *sconn, > > > - ZERO_STRUCT(domain_handle); > > > - ZERO_STRUCT(user_handle); > > > -=20 > > > -- status =3D rpc_pipe_open_interface(mem_ctx, &ndr_table_samr.syntax= _id, > > > -+ status =3D rpc_pipe_open_interface(mem_ctx, &ndr_table_samr, > > > - conn->session_info, > > > - conn->sconn->remote_address, > > > - conn->sconn->msg_ctx, > > > -@@ -4581,7 +4581,7 @@ static bool api_WPrintJobGetInfo(struct smbd_s= erver_connection *sconn, > > > - ZERO_STRUCT(handle); > > > -=20 > > > - status =3D rpc_pipe_open_interface(conn, > > > -- &ndr_table_spoolss.syntax_id, > > > -+ &ndr_table_spoolss, > > > - conn->session_info, > > > - conn->sconn->remote_address, > > > - conn->sconn->msg_ctx, > > > -@@ -4723,7 +4723,7 @@ static bool api_WPrintJobEnumerate(struct smbd= _server_connection *sconn, > > > - ZERO_STRUCT(handle); > > > -=20 > > > - status =3D rpc_pipe_open_interface(conn, > > > -- &ndr_table_spoolss.syntax_id, > > > -+ &ndr_table_spoolss, > > > - conn->session_info, > > > - conn->sconn->remote_address, > > > - conn->sconn->msg_ctx, > > > -@@ -4923,7 +4923,7 @@ static bool api_WPrintDestGetInfo(struct smbd_= server_connection *sconn, > > > - ZERO_STRUCT(handle); > > > -=20 > > > - status =3D rpc_pipe_open_interface(conn, > > > -- &ndr_table_spoolss.syntax_id, > > > -+ &ndr_table_spoolss, > > > - conn->session_info, > > > - conn->sconn->remote_address, > > > - conn->sconn->msg_ctx, > > > -@@ -5055,7 +5055,7 @@ static bool api_WPrintDestEnum(struct smbd_ser= ver_connection *sconn, > > > - queuecnt =3D 0; > > > -=20 > > > - status =3D rpc_pipe_open_interface(conn, > > > -- &ndr_table_spoolss.syntax_id, > > > -+ &ndr_table_spoolss, > > > - conn->session_info, > > > - conn->sconn->remote_address, > > > - conn->sconn->msg_ctx, > > > -@@ -5366,7 +5366,7 @@ static bool api_RNetSessionEnum(struct smbd_se= rver_connection *sconn, > > > - } > > > -=20 > > > - status =3D rpc_pipe_open_interface(conn, > > > -- &ndr_table_srvsvc.syntax_id, > > > -+ &ndr_table_srvsvc, > > > - conn->session_info, > > > - conn->sconn->remote_address, > > > - conn->sconn->msg_ctx, > > > -diff --git a/source3/smbd/reply.c b/source3/smbd/reply.c > > > -index 3f5b950..eace557 100644 > > > ---- a/source3/smbd/reply.c > > > -+++ b/source3/smbd/reply.c > > > -@@ -5637,7 +5637,7 @@ void reply_printqueue(struct smb_request *req) > > > - ZERO_STRUCT(handle); > > > -=20 > > > - status =3D rpc_pipe_open_interface(conn, > > > -- &ndr_table_spoolss.syntax_id, > > > -+ &ndr_table_spoolss, > > > - conn->session_info, > > > - conn->sconn->remote_address, > > > - conn->sconn->msg_ctx, > > > ---=20 > > > -1.9.3 > > > - > > > - > > > -From 3dc2d438f0b440f34b7cdd9eeac429a15f679460 Mon Sep 17 00:00:00 20= 01 > > > -From: =3D?UTF-8?q?G=3DC3=3DBCnther=3D20Deschner?=3D > > > -Date: Fri, 24 May 2013 13:03:23 +0200 > > > -Subject: [PATCH 023/249] s3-rpc_cli: pass down ndr_interface_table to > > > - cli_rpc_pipe_open_schannel(). > > > -MIME-Version: 1.0 > > > -Content-Type: text/plain; charset=3DUTF-8 > > > -Content-Transfer-Encoding: 8bit > > > - > > > -Guenther > > > - > > > -Signed-off-by: G=C3=BCnther Deschner > > > -Reviewed-by: Stefan Metzmacher > > > -Reviewed-by: Andreas Schneider > > > -(cherry picked from commit f6d61b571d79ebf1df58513ec728057d00b95f3e) > > > ---- > > > - source3/auth/auth_domain.c | 2 +- > > > - source3/rpc_client/cli_pipe.h | 2 +- > > > - source3/rpc_client/cli_pipe_schannel.c | 4 ++-- > > > - source3/rpcclient/rpcclient.c | 2 +- > > > - source3/utils/net_rpc.c | 2 +- > > > - 5 files changed, 6 insertions(+), 6 deletions(-) > > > - > > > -diff --git a/source3/auth/auth_domain.c b/source3/auth/auth_domain.c > > > -index 286c75c..a375f11 100644 > > > ---- a/source3/auth/auth_domain.c > > > -+++ b/source3/auth/auth_domain.c > > > -@@ -115,7 +115,7 @@ static NTSTATUS connect_to_domain_password_serve= r(struct cli_state **cli, > > > - if (lp_client_schannel()) { > > > - /* We also setup the creds chain in the open_schannel call. */ > > > - result =3D cli_rpc_pipe_open_schannel( > > > -- *cli, &ndr_table_netlogon.syntax_id, NCACN_NP, > > > -+ *cli, &ndr_table_netlogon, NCACN_NP, > > > - DCERPC_AUTH_LEVEL_PRIVACY, domain, &netlogon_pipe); > > > - } else { > > > - result =3D cli_rpc_pipe_open_noauth( > > > -diff --git a/source3/rpc_client/cli_pipe.h b/source3/rpc_client/cli_= pipe.h > > > -index 3415db0..d17322a 100644 > > > ---- a/source3/rpc_client/cli_pipe.h > > > -+++ b/source3/rpc_client/cli_pipe.h > > > -@@ -125,7 +125,7 @@ NTSTATUS cli_rpc_pipe_open_ntlmssp_auth_schannel= (struct cli_state *cli, > > > - struct rpc_pipe_client **presult); > > > -=20 > > > - NTSTATUS cli_rpc_pipe_open_schannel(struct cli_state *cli, > > > -- const struct ndr_syntax_id *interface, > > > -+ const struct ndr_interface_table *table, > > > - enum dcerpc_transport_t transport, > > > - enum dcerpc_AuthLevel auth_level, > > > - const char *domain, > > > -diff --git a/source3/rpc_client/cli_pipe_schannel.c b/source3/rpc_cl= ient/cli_pipe_schannel.c > > > -index c275720..8bc01a5 100644 > > > ---- a/source3/rpc_client/cli_pipe_schannel.c > > > -+++ b/source3/rpc_client/cli_pipe_schannel.c > > > -@@ -169,7 +169,7 @@ NTSTATUS cli_rpc_pipe_open_ntlmssp_auth_schannel= (struct cli_state *cli, > > > - ******************************************************************= **********/ > > > -=20 > > > - NTSTATUS cli_rpc_pipe_open_schannel(struct cli_state *cli, > > > -- const struct ndr_syntax_id *interface, > > > -+ const struct ndr_interface_table *table, > > > - enum dcerpc_transport_t transport, > > > - enum dcerpc_AuthLevel auth_level, > > > - const char *domain, > > > -@@ -190,7 +190,7 @@ NTSTATUS cli_rpc_pipe_open_schannel(struct cli_s= tate *cli, > > > - } > > > -=20 > > > - status =3D cli_rpc_pipe_open_schannel_with_key( > > > -- cli, interface, transport, auth_level, domain, &netlogon_pipe->dc, > > > -+ cli, &table->syntax_id, transport, auth_level, domain, &netlogon_= pipe->dc, > > > - &result); > > > -=20 > > > - /* Now we've bound using the session key we can close the netlog p= ipe. */ > > > -diff --git a/source3/rpcclient/rpcclient.c b/source3/rpcclient/rpccl= ient.c > > > -index d204d7f..6b6478e 100644 > > > ---- a/source3/rpcclient/rpcclient.c > > > -+++ b/source3/rpcclient/rpcclient.c > > > -@@ -734,7 +734,7 @@ static NTSTATUS do_cmd(struct cli_state *cli, > > > - break; > > > - case DCERPC_AUTH_TYPE_SCHANNEL: > > > - ntresult =3D cli_rpc_pipe_open_schannel( > > > -- cli, &cmd_entry->table->syntax_id, > > > -+ cli, cmd_entry->table, > > > - default_transport, > > > - pipe_default_auth_level, > > > - get_cmdline_auth_info_domain(auth_info), > > > -diff --git a/source3/utils/net_rpc.c b/source3/utils/net_rpc.c > > > -index 4503f59..dab9fcd 100644 > > > ---- a/source3/utils/net_rpc.c > > > -+++ b/source3/utils/net_rpc.c > > > -@@ -191,7 +191,7 @@ int run_rpc_command(struct net_context *c, > > > - &ndr_table_netlogon.syntax_id))) { > > > - /* Always try and create an schannel netlogon pipe. */ > > > - nt_status =3D cli_rpc_pipe_open_schannel( > > > -- cli, &table->syntax_id, NCACN_NP, > > > -+ cli, table, NCACN_NP, > > > - DCERPC_AUTH_LEVEL_PRIVACY, domain_name, > > > - &pipe_hnd); > > > - if (!NT_STATUS_IS_OK(nt_status)) { > > > ---=20 > > > -1.9.3 > > > - > > > - > > > -From 428596faf89f424c83edb86d45c5a1322e3fb6b5 Mon Sep 17 00:00:00 20= 01 > > > -From: =3D?UTF-8?q?G=3DC3=3DBCnther=3D20Deschner?=3D > > > -Date: Fri, 24 May 2013 13:08:33 +0200 > > > -Subject: [PATCH 024/249] s3-rpc_cli: pass down ndr_interface_table to > > > - cli_rpc_pipe_open_ntlmssp_auth_schannel(). > > > -MIME-Version: 1.0 > > > -Content-Type: text/plain; charset=3DUTF-8 > > > -Content-Transfer-Encoding: 8bit > > > - > > > -Guenther > > > - > > > -Signed-off-by: G=C3=BCnther Deschner > > > -Reviewed-by: Stefan Metzmacher > > > -Reviewed-by: Andreas Schneider > > > -(cherry picked from commit 7f169474fc86479abe09a5716b8029c6febcfaa9) > > > ---- > > > - source3/rpc_client/cli_pipe.h | 2 +- > > > - source3/rpc_client/cli_pipe_schannel.c | 4 ++-- > > > - 2 files changed, 3 insertions(+), 3 deletions(-) > > > - > > > -diff --git a/source3/rpc_client/cli_pipe.h b/source3/rpc_client/cli_= pipe.h > > > -index d17322a..7026692 100644 > > > ---- a/source3/rpc_client/cli_pipe.h > > > -+++ b/source3/rpc_client/cli_pipe.h > > > -@@ -116,7 +116,7 @@ NTSTATUS cli_rpc_pipe_open_schannel_with_key(str= uct cli_state *cli, > > > - struct rpc_pipe_client **presult); > > > -=20 > > > - NTSTATUS cli_rpc_pipe_open_ntlmssp_auth_schannel(struct cli_state *= cli, > > > -- const struct ndr_syntax_id *interface, > > > -+ const struct ndr_interface_table *table, > > > - enum dcerpc_transport_t transport, > > > - enum dcerpc_AuthLevel auth_level, > > > - const char *domain, > > > -diff --git a/source3/rpc_client/cli_pipe_schannel.c b/source3/rpc_cl= ient/cli_pipe_schannel.c > > > -index 8bc01a5..261a768 100644 > > > ---- a/source3/rpc_client/cli_pipe_schannel.c > > > -+++ b/source3/rpc_client/cli_pipe_schannel.c > > > -@@ -128,7 +128,7 @@ static NTSTATUS get_schannel_session_key_auth_nt= lmssp(struct cli_state *cli, > > > - ******************************************************************= **********/ > > > -=20 > > > - NTSTATUS cli_rpc_pipe_open_ntlmssp_auth_schannel(struct cli_state *= cli, > > > -- const struct ndr_syntax_id *interface, > > > -+ const struct ndr_interface_table *table, > > > - enum dcerpc_transport_t transport, > > > - enum dcerpc_AuthLevel auth_level, > > > - const char *domain, > > > -@@ -151,7 +151,7 @@ NTSTATUS cli_rpc_pipe_open_ntlmssp_auth_schannel= (struct cli_state *cli, > > > - } > > > -=20 > > > - status =3D cli_rpc_pipe_open_schannel_with_key( > > > -- cli, interface, transport, auth_level, domain, &netlogon_pipe->dc, > > > -+ cli, &table->syntax_id, transport, auth_level, domain, &netlogon_= pipe->dc, > > > - &result); > > > -=20 > > > - /* Now we've bound using the session key we can close the netlog p= ipe. */ > > > ---=20 > > > -1.9.3 > > > - > > > - > > > -From cda31f4e490942ffc89513f000fa147f535a2713 Mon Sep 17 00:00:00 20= 01 > > > -From: =3D?UTF-8?q?G=3DC3=3DBCnther=3D20Deschner?=3D > > > -Date: Fri, 24 May 2013 13:17:24 +0200 > > > -Subject: [PATCH 025/249] s3-rpc_cli: pass down ndr_interface_table to > > > - cli_rpc_pipe_open_schannel_with_key(). > > > -MIME-Version: 1.0 > > > -Content-Type: text/plain; charset=3DUTF-8 > > > -Content-Transfer-Encoding: 8bit > > > - > > > -Guenther > > > - > > > -Signed-off-by: G=C3=BCnther Deschner > > > -Reviewed-by: Stefan Metzmacher > > > -Reviewed-by: Andreas Schneider > > > -(cherry picked from commit 3dc3a6c8483a8de22b483ecf164c81232d4a8d65) > > > ---- > > > - source3/libnet/libnet_join.c | 2 +- > > > - source3/rpc_client/cli_pipe.c | 6 +++--- > > > - source3/rpc_client/cli_pipe.h | 2 +- > > > - source3/rpc_client/cli_pipe_schannel.c | 4 ++-- > > > - source3/utils/net_rpc_join.c | 4 ++-- > > > - source3/winbindd/winbindd_cm.c | 8 ++++---- > > > - 6 files changed, 13 insertions(+), 13 deletions(-) > > > - > > > -diff --git a/source3/libnet/libnet_join.c b/source3/libnet/libnet_jo= in.c > > > -index 1418385..9f47f3b 100644 > > > ---- a/source3/libnet/libnet_join.c > > > -+++ b/source3/libnet/libnet_join.c > > > -@@ -1287,7 +1287,7 @@ NTSTATUS libnet_join_ok(const char *netbios_do= main_name, > > > - } > > > -=20 > > > - status =3D cli_rpc_pipe_open_schannel_with_key( > > > -- cli, &ndr_table_netlogon.syntax_id, NCACN_NP, > > > -+ cli, &ndr_table_netlogon, NCACN_NP, > > > - DCERPC_AUTH_LEVEL_PRIVACY, > > > - netbios_domain_name, &netlogon_pipe->dc, &pipe_hnd); > > > -=20 > > > -diff --git a/source3/rpc_client/cli_pipe.c b/source3/rpc_client/cli_= pipe.c > > > -index 427b628..34cef32 100644 > > > ---- a/source3/rpc_client/cli_pipe.c > > > -+++ b/source3/rpc_client/cli_pipe.c > > > -@@ -3022,7 +3022,7 @@ NTSTATUS cli_rpc_pipe_open_generic_auth(struct= cli_state *cli, > > > - ******************************************************************= **********/ > > > -=20 > > > - NTSTATUS cli_rpc_pipe_open_schannel_with_key(struct cli_state *cli, > > > -- const struct ndr_syntax_id *interface, > > > -+ const struct ndr_interface_table *table, > > > - enum dcerpc_transport_t transport, > > > - enum dcerpc_AuthLevel auth_level, > > > - const char *domain, > > > -@@ -3033,7 +3033,7 @@ NTSTATUS cli_rpc_pipe_open_schannel_with_key(s= truct cli_state *cli, > > > - struct pipe_auth_data *auth; > > > - NTSTATUS status; > > > -=20 > > > -- status =3D cli_rpc_pipe_open(cli, transport, interface, &result); > > > -+ status =3D cli_rpc_pipe_open(cli, transport, &table->syntax_id, &r= esult); > > > - if (!NT_STATUS_IS_OK(status)) { > > > - return status; > > > - } > > > -@@ -3070,7 +3070,7 @@ NTSTATUS cli_rpc_pipe_open_schannel_with_key(s= truct cli_state *cli, > > > -=20 > > > - DEBUG(10,("cli_rpc_pipe_open_schannel_with_key: opened pipe %s to = machine %s " > > > - "for domain %s and bound using schannel.\n", > > > -- get_pipe_name_from_syntax(talloc_tos(), interface), > > > -+ get_pipe_name_from_syntax(talloc_tos(), &table->syntax_id), > > > - result->desthost, domain)); > > > -=20 > > > - *presult =3D result; > > > -diff --git a/source3/rpc_client/cli_pipe.h b/source3/rpc_client/cli_= pipe.h > > > -index 7026692..65bfbc8 100644 > > > ---- a/source3/rpc_client/cli_pipe.h > > > -+++ b/source3/rpc_client/cli_pipe.h > > > -@@ -108,7 +108,7 @@ NTSTATUS cli_rpc_pipe_open_spnego(struct cli_sta= te *cli, > > > - struct rpc_pipe_client **presult); > > > -=20 > > > - NTSTATUS cli_rpc_pipe_open_schannel_with_key(struct cli_state *cli, > > > -- const struct ndr_syntax_id *interface, > > > -+ const struct ndr_interface_table *table, > > > - enum dcerpc_transport_t transport, > > > - enum dcerpc_AuthLevel auth_level, > > > - const char *domain, > > > -diff --git a/source3/rpc_client/cli_pipe_schannel.c b/source3/rpc_cl= ient/cli_pipe_schannel.c > > > -index 261a768..784e63f 100644 > > > ---- a/source3/rpc_client/cli_pipe_schannel.c > > > -+++ b/source3/rpc_client/cli_pipe_schannel.c > > > -@@ -151,7 +151,7 @@ NTSTATUS cli_rpc_pipe_open_ntlmssp_auth_schannel= (struct cli_state *cli, > > > - } > > > -=20 > > > - status =3D cli_rpc_pipe_open_schannel_with_key( > > > -- cli, &table->syntax_id, transport, auth_level, domain, &netlogon_= pipe->dc, > > > -+ cli, table, transport, auth_level, domain, &netlogon_pipe->dc, > > > - &result); > > > -=20 > > > - /* Now we've bound using the session key we can close the netlog p= ipe. */ > > > -@@ -190,7 +190,7 @@ NTSTATUS cli_rpc_pipe_open_schannel(struct cli_s= tate *cli, > > > - } > > > -=20 > > > - status =3D cli_rpc_pipe_open_schannel_with_key( > > > -- cli, &table->syntax_id, transport, auth_level, domain, &netlogon_= pipe->dc, > > > -+ cli, table, transport, auth_level, domain, &netlogon_pipe->dc, > > > - &result); > > > -=20 > > > - /* Now we've bound using the session key we can close the netlog p= ipe. */ > > > -diff --git a/source3/utils/net_rpc_join.c b/source3/utils/net_rpc_jo= in.c > > > -index 56799cd..4b43769 100644 > > > ---- a/source3/utils/net_rpc_join.c > > > -+++ b/source3/utils/net_rpc_join.c > > > -@@ -137,7 +137,7 @@ NTSTATUS net_rpc_join_ok(struct net_context *c, = const char *domain, > > > - } > > > -=20 > > > - ntret =3D cli_rpc_pipe_open_schannel_with_key( > > > -- cli, &ndr_table_netlogon.syntax_id, NCACN_NP, > > > -+ cli, &ndr_table_netlogon, NCACN_NP, > > > - DCERPC_AUTH_LEVEL_PRIVACY, > > > - domain, &netlogon_pipe->dc, &pipe_hnd); > > > -=20 > > > -@@ -497,7 +497,7 @@ int net_rpc_join_newstyle(struct net_context *c,= int argc, const char **argv) > > > - struct rpc_pipe_client *netlogon_schannel_pipe; > > > -=20 > > > - status =3D cli_rpc_pipe_open_schannel_with_key( > > > -- cli, &ndr_table_netlogon.syntax_id, NCACN_NP, > > > -+ cli, &ndr_table_netlogon, NCACN_NP, > > > - DCERPC_AUTH_LEVEL_PRIVACY, domain, &pipe_hnd->dc, > > > - &netlogon_schannel_pipe); > > > -=20 > > > -diff --git a/source3/winbindd/winbindd_cm.c b/source3/winbindd/winbi= ndd_cm.c > > > -index 61917db..f17fc68 100644 > > > ---- a/source3/winbindd/winbindd_cm.c > > > -+++ b/source3/winbindd/winbindd_cm.c > > > -@@ -2415,7 +2415,7 @@ NTSTATUS cm_connect_sam(struct winbindd_domain= *domain, TALLOC_CTX *mem_ctx, > > > - goto anonymous; > > > - } > > > - status =3D cli_rpc_pipe_open_schannel_with_key > > > -- (conn->cli, &ndr_table_samr.syntax_id, NCACN_NP, > > > -+ (conn->cli, &ndr_table_samr, NCACN_NP, > > > - DCERPC_AUTH_LEVEL_PRIVACY, > > > - domain->name, &p_creds, &conn->samr_pipe); > > > -=20 > > > -@@ -2547,7 +2547,7 @@ NTSTATUS cm_connect_lsa_tcp(struct winbindd_do= main *domain, > > > - } > > > -=20 > > > - status =3D cli_rpc_pipe_open_schannel_with_key(conn->cli, > > > -- &ndr_table_lsarpc.syntax_id, > > > -+ &ndr_table_lsarpc, > > > - NCACN_IP_TCP, > > > - DCERPC_AUTH_LEVEL_PRIVACY, > > > - domain->name, > > > -@@ -2646,7 +2646,7 @@ NTSTATUS cm_connect_lsa(struct winbindd_domain= *domain, TALLOC_CTX *mem_ctx, > > > - goto anonymous; > > > - } > > > - result =3D cli_rpc_pipe_open_schannel_with_key > > > -- (conn->cli, &ndr_table_lsarpc.syntax_id, NCACN_NP, > > > -+ (conn->cli, &ndr_table_lsarpc, NCACN_NP, > > > - DCERPC_AUTH_LEVEL_PRIVACY, > > > - domain->name, &p_creds, &conn->lsa_pipe); > > > -=20 > > > -@@ -2831,7 +2831,7 @@ NTSTATUS cm_connect_netlogon(struct winbindd_d= omain *domain, > > > - */ > > > -=20 > > > - result =3D cli_rpc_pipe_open_schannel_with_key( > > > -- conn->cli, &ndr_table_netlogon.syntax_id, NCACN_NP, > > > -+ conn->cli, &ndr_table_netlogon, NCACN_NP, > > > - DCERPC_AUTH_LEVEL_PRIVACY, domain->name, &netlogon_pipe->dc, > > > - &conn->netlogon_pipe); > > > -=20 > > > ---=20 > > > -1.9.3 > > > - > > > - > > > -From 9b569e91cd22806eedae76d3fb60cdbd7548e4c2 Mon Sep 17 00:00:00 20= 01 > > > -From: =3D?UTF-8?q?G=3DC3=3DBCnther=3D20Deschner?=3D > > > -Date: Fri, 24 May 2013 13:29:28 +0200 > > > -Subject: [PATCH 026/249] s3-rpc_cli: pass down ndr_interface_table to > > > - cli_rpc_pipe_open_noauth(). > > > -MIME-Version: 1.0 > > > -Content-Type: text/plain; charset=3DUTF-8 > > > -Content-Transfer-Encoding: 8bit > > > - > > > -Guenther > > > - > > > -Signed-off-by: G=C3=BCnther Deschner > > > -Reviewed-by: Stefan Metzmacher > > > -Reviewed-by: Andreas Schneider > > > -(cherry picked from commit 9813fe2b04a5b4abaa95ea1d893b3803edbede4d) > > > ---- > > > - source3/auth/auth_domain.c | 2 +- > > > - source3/client/client.c | 2 +- > > > - source3/lib/netapi/cm.c | 2 +- > > > - source3/libnet/libnet_join.c | 8 ++++---- > > > - source3/libsmb/libsmb_dir.c | 2 +- > > > - source3/libsmb/libsmb_server.c | 2 +- > > > - source3/libsmb/passchange.c | 4 ++-- > > > - source3/libsmb/trustdom_cache.c | 2 +- > > > - source3/libsmb/trusts_util.c | 2 +- > > > - source3/rpc_client/cli_pipe.c | 4 ++-- > > > - source3/rpc_client/cli_pipe.h | 2 +- > > > - source3/rpc_client/cli_pipe_schannel.c | 2 +- > > > - source3/rpc_server/spoolss/srv_spoolss_nt.c | 2 +- > > > - source3/rpcclient/cmd_spoolss.c | 2 +- > > > - source3/rpcclient/cmd_test.c | 4 ++-- > > > - source3/rpcclient/rpcclient.c | 2 +- > > > - source3/torture/test_async_echo.c | 2 +- > > > - source3/utils/net_ads.c | 2 +- > > > - source3/utils/net_rpc.c | 20 ++++++++++--------= -- > > > - source3/utils/net_rpc_join.c | 6 +++--- > > > - source3/utils/net_rpc_shell.c | 2 +- > > > - source3/utils/net_rpc_trust.c | 2 +- > > > - source3/utils/net_util.c | 8 ++++---- > > > - source3/utils/netlookup.c | 2 +- > > > - source3/utils/smbcacls.c | 7 +++---- > > > - source3/utils/smbcquotas.c | 2 +- > > > - source3/utils/smbtree.c | 2 +- > > > - source3/winbindd/winbindd_cm.c | 10 +++++----- > > > - 28 files changed, 54 insertions(+), 55 deletions(-) > > > - > > > -diff --git a/source3/auth/auth_domain.c b/source3/auth/auth_domain.c > > > -index a375f11..54ee5a1 100644 > > > ---- a/source3/auth/auth_domain.c > > > -+++ b/source3/auth/auth_domain.c > > > -@@ -119,7 +119,7 @@ static NTSTATUS connect_to_domain_password_serve= r(struct cli_state **cli, > > > - DCERPC_AUTH_LEVEL_PRIVACY, domain, &netlogon_pipe); > > > - } else { > > > - result =3D cli_rpc_pipe_open_noauth( > > > -- *cli, &ndr_table_netlogon.syntax_id, &netlogon_pipe); > > > -+ *cli, &ndr_table_netlogon, &netlogon_pipe); > > > - } > > > -=20 > > > - if (!NT_STATUS_IS_OK(result)) { > > > -diff --git a/source3/client/client.c b/source3/client/client.c > > > -index ab46cb8..dafc5f0 100644 > > > ---- a/source3/client/client.c > > > -+++ b/source3/client/client.c > > > -@@ -4227,7 +4227,7 @@ static bool browse_host_rpc(bool sort) > > > - int i; > > > - struct dcerpc_binding_handle *b; > > > -=20 > > > -- status =3D cli_rpc_pipe_open_noauth(cli, &ndr_table_srvsvc.syntax_= id, > > > -+ status =3D cli_rpc_pipe_open_noauth(cli, &ndr_table_srvsvc, > > > - &pipe_hnd); > > > -=20 > > > - if (!NT_STATUS_IS_OK(status)) { > > > -diff --git a/source3/lib/netapi/cm.c b/source3/lib/netapi/cm.c > > > -index 8551521..1cfdccf 100644 > > > ---- a/source3/lib/netapi/cm.c > > > -+++ b/source3/lib/netapi/cm.c > > > -@@ -202,7 +202,7 @@ static NTSTATUS pipe_cm_connect(TALLOC_CTX *mem_= ctx, > > > - return NT_STATUS_NO_MEMORY; > > > - } > > > -=20 > > > -- status =3D cli_rpc_pipe_open_noauth(ipc->cli, &table->syntax_id, &= p->pipe); > > > -+ status =3D cli_rpc_pipe_open_noauth(ipc->cli, table, &p->pipe); > > > - if (!NT_STATUS_IS_OK(status)) { > > > - TALLOC_FREE(p); > > > - return status; > > > -diff --git a/source3/libnet/libnet_join.c b/source3/libnet/libnet_jo= in.c > > > -index 9f47f3b..324c8f3 100644 > > > ---- a/source3/libnet/libnet_join.c > > > -+++ b/source3/libnet/libnet_join.c > > > -@@ -749,7 +749,7 @@ static NTSTATUS libnet_join_lookup_dc_rpc(TALLOC= _CTX *mem_ctx, > > > - goto done; > > > - } > > > -=20 > > > -- status =3D cli_rpc_pipe_open_noauth(*cli, &ndr_table_lsarpc.syntax= _id, > > > -+ status =3D cli_rpc_pipe_open_noauth(*cli, &ndr_table_lsarpc, > > > - &pipe_hnd); > > > - if (!NT_STATUS_IS_OK(status)) { > > > - DEBUG(0,("Error connecting to LSA pipe. Error was %s\n", > > > -@@ -819,7 +819,7 @@ static NTSTATUS libnet_join_joindomain_rpc_unsec= ure(TALLOC_CTX *mem_ctx, > > > - fstring trust_passwd; > > > - NTSTATUS status; > > > -=20 > > > -- status =3D cli_rpc_pipe_open_noauth(cli, &ndr_table_netlogon.synta= x_id, > > > -+ status =3D cli_rpc_pipe_open_noauth(cli, &ndr_table_netlogon, > > > - &pipe_hnd); > > > - if (!NT_STATUS_IS_OK(status)) { > > > - return status; > > > -@@ -908,7 +908,7 @@ static NTSTATUS libnet_join_joindomain_rpc(TALLO= C_CTX *mem_ctx, > > > -=20 > > > - /* Open the domain */ > > > -=20 > > > -- status =3D cli_rpc_pipe_open_noauth(cli, &ndr_table_samr.syntax_id, > > > -+ status =3D cli_rpc_pipe_open_noauth(cli, &ndr_table_samr, > > > - &pipe_hnd); > > > - if (!NT_STATUS_IS_OK(status)) { > > > - DEBUG(0,("Error connecting to SAM pipe. Error was %s\n", > > > -@@ -1377,7 +1377,7 @@ static NTSTATUS libnet_join_unjoindomain_rpc(T= ALLOC_CTX *mem_ctx, > > > -=20 > > > - /* Open the domain */ > > > -=20 > > > -- status =3D cli_rpc_pipe_open_noauth(cli, &ndr_table_samr.syntax_id, > > > -+ status =3D cli_rpc_pipe_open_noauth(cli, &ndr_table_samr, > > > - &pipe_hnd); > > > - if (!NT_STATUS_IS_OK(status)) { > > > - DEBUG(0,("Error connecting to SAM pipe. Error was %s\n", > > > -diff --git a/source3/libsmb/libsmb_dir.c b/source3/libsmb/libsmb_dir= =2Ec > > > -index 87e10d8..3a07f11 100644 > > > ---- a/source3/libsmb/libsmb_dir.c > > > -+++ b/source3/libsmb/libsmb_dir.c > > > -@@ -277,7 +277,7 @@ net_share_enum_rpc(struct cli_state *cli, > > > - struct dcerpc_binding_handle *b; > > > -=20 > > > - /* Open the server service pipe */ > > > -- nt_status =3D cli_rpc_pipe_open_noauth(cli, &ndr_table_srvs= vc.syntax_id, > > > -+ nt_status =3D cli_rpc_pipe_open_noauth(cli, &ndr_table_srvs= vc, > > > - &pipe_hnd); > > > - if (!NT_STATUS_IS_OK(nt_status)) { > > > - DEBUG(1, ("net_share_enum_rpc pipe open fail!\n")); > > > -diff --git a/source3/libsmb/libsmb_server.c b/source3/libsmb/libsmb_= server.c > > > -index d4254da..dff0062 100644 > > > ---- a/source3/libsmb/libsmb_server.c > > > -+++ b/source3/libsmb/libsmb_server.c > > > -@@ -802,7 +802,7 @@ SMBC_attr_server(TALLOC_CTX *ctx, > > > - ipc_srv->cli =3D ipc_cli; > > > -=20 > > > - nt_status =3D cli_rpc_pipe_open_noauth( > > > -- ipc_srv->cli, &ndr_table_lsarpc.syntax_id, &pipe_hnd); > > > -+ ipc_srv->cli, &ndr_table_lsarpc, &pipe_hnd); > > > - if (!NT_STATUS_IS_OK(nt_status)) { > > > - DEBUG(1, ("cli_nt_session_open fail!\n")); > > > - errno =3D ENOTSUP; > > > -diff --git a/source3/libsmb/passchange.c b/source3/libsmb/passchange= =2Ec > > > -index 3933833..9736ada 100644 > > > ---- a/source3/libsmb/passchange.c > > > -+++ b/source3/libsmb/passchange.c > > > -@@ -169,7 +169,7 @@ NTSTATUS remote_password_change(const char *remo= te_machine, const char *user_nam > > > - * way. > > > - */ > > > - result =3D cli_rpc_pipe_open_noauth( > > > -- cli, &ndr_table_samr.syntax_id, &pipe_hnd); > > > -+ cli, &ndr_table_samr, &pipe_hnd); > > > - } > > > -=20 > > > - if (!NT_STATUS_IS_OK(result)) { > > > -@@ -230,7 +230,7 @@ NTSTATUS remote_password_change(const char *remo= te_machine, const char *user_nam > > > - result =3D NT_STATUS_UNSUCCESSFUL; > > > -=20 > > > - /* OK, this is ugly, but... try an anonymous pipe. */ > > > -- result =3D cli_rpc_pipe_open_noauth(cli, &ndr_table_samr.syntax_id, > > > -+ result =3D cli_rpc_pipe_open_noauth(cli, &ndr_table_samr, > > > - &pipe_hnd); > > > -=20 > > > - if ( NT_STATUS_IS_OK(result) && > > > -diff --git a/source3/libsmb/trustdom_cache.c b/source3/libsmb/trustd= om_cache.c > > > -index 8789d30..dadc751 100644 > > > ---- a/source3/libsmb/trustdom_cache.c > > > -+++ b/source3/libsmb/trustdom_cache.c > > > -@@ -289,7 +289,7 @@ static bool enumerate_domain_trusts( TALLOC_CTX = *mem_ctx, const char *domain, > > > -=20 > > > - /* open the LSARPC_PIPE */ > > > -=20 > > > -- status =3D cli_rpc_pipe_open_noauth(cli, &ndr_table_lsarpc.syntax_= id, > > > -+ status =3D cli_rpc_pipe_open_noauth(cli, &ndr_table_lsarpc, > > > - &lsa_pipe); > > > - if (!NT_STATUS_IS_OK(status)) { > > > - goto done; > > > -diff --git a/source3/libsmb/trusts_util.c b/source3/libsmb/trusts_ut= il.c > > > -index 0d039bc..6156ba0 100644 > > > ---- a/source3/libsmb/trusts_util.c > > > -+++ b/source3/libsmb/trusts_util.c > > > -@@ -182,7 +182,7 @@ NTSTATUS change_trust_account_password( const ch= ar *domain, const char *remote_m > > > - /* Shouldn't we open this with schannel ? JRA. */ > > > -=20 > > > - nt_status =3D cli_rpc_pipe_open_noauth( > > > -- cli, &ndr_table_netlogon.syntax_id, &netlogon_pipe); > > > -+ cli, &ndr_table_netlogon, &netlogon_pipe); > > > - if (!NT_STATUS_IS_OK(nt_status)) { > > > - DEBUG(0,("modify_trust_password: unable to open the domain client= session to machine %s. Error was : %s.\n", > > > - dc_name, nt_errstr(nt_status))); > > > -diff --git a/source3/rpc_client/cli_pipe.c b/source3/rpc_client/cli_= pipe.c > > > -index 34cef32..1137abd 100644 > > > ---- a/source3/rpc_client/cli_pipe.c > > > -+++ b/source3/rpc_client/cli_pipe.c > > > -@@ -2948,11 +2948,11 @@ NTSTATUS cli_rpc_pipe_open_noauth_transport(= struct cli_state *cli, > > > - ******************************************************************= **********/ > > > -=20 > > > - NTSTATUS cli_rpc_pipe_open_noauth(struct cli_state *cli, > > > -- const struct ndr_syntax_id *interface, > > > -+ const struct ndr_interface_table *table, > > > - struct rpc_pipe_client **presult) > > > - { > > > - return cli_rpc_pipe_open_noauth_transport(cli, NCACN_NP, > > > -- interface, presult); > > > -+ &table->syntax_id, presult); > > > - } > > > -=20 > > > - /******************************************************************= ********** > > > -diff --git a/source3/rpc_client/cli_pipe.h b/source3/rpc_client/cli_= pipe.h > > > -index 65bfbc8..9aae61a 100644 > > > ---- a/source3/rpc_client/cli_pipe.h > > > -+++ b/source3/rpc_client/cli_pipe.h > > > -@@ -77,7 +77,7 @@ NTSTATUS rpc_pipe_open_ncalrpc(TALLOC_CTX *mem_ctx= , const char *socket_path, > > > - struct dcerpc_binding_handle *rpccli_bh_create(struct rpc_pipe_clie= nt *c); > > > -=20 > > > - NTSTATUS cli_rpc_pipe_open_noauth(struct cli_state *cli, > > > -- const struct ndr_syntax_id *interface, > > > -+ const struct ndr_interface_table *table, > > > - struct rpc_pipe_client **presult); > > > -=20 > > > - NTSTATUS cli_rpc_pipe_open_noauth_transport(struct cli_state *cli, > > > -diff --git a/source3/rpc_client/cli_pipe_schannel.c b/source3/rpc_cl= ient/cli_pipe_schannel.c > > > -index 784e63f..bc672ef 100644 > > > ---- a/source3/rpc_client/cli_pipe_schannel.c > > > -+++ b/source3/rpc_client/cli_pipe_schannel.c > > > -@@ -217,7 +217,7 @@ NTSTATUS get_schannel_session_key(struct cli_sta= te *cli, > > > - struct rpc_pipe_client *netlogon_pipe =3D NULL; > > > - NTSTATUS status; > > > -=20 > > > -- status =3D cli_rpc_pipe_open_noauth(cli, &ndr_table_netlogon.synta= x_id, > > > -+ status =3D cli_rpc_pipe_open_noauth(cli, &ndr_table_netlogon, > > > - &netlogon_pipe); > > > - if (!NT_STATUS_IS_OK(status)) { > > > - return status; > > > -diff --git a/source3/rpc_server/spoolss/srv_spoolss_nt.c b/source3/r= pc_server/spoolss/srv_spoolss_nt.c > > > -index 335647b..c12cd05 100644 > > > ---- a/source3/rpc_server/spoolss/srv_spoolss_nt.c > > > -+++ b/source3/rpc_server/spoolss/srv_spoolss_nt.c > > > -@@ -2504,7 +2504,7 @@ static bool spoolss_connect_to_client(struct r= pc_pipe_client **pp_pipe, > > > - * Now start the NT Domain stuff :-). > > > - */ > > > -=20 > > > -- ret =3D cli_rpc_pipe_open_noauth(the_cli, &ndr_table_spoolss.synta= x_id, pp_pipe); > > > -+ ret =3D cli_rpc_pipe_open_noauth(the_cli, &ndr_table_spoolss, pp_p= ipe); > > > - if (!NT_STATUS_IS_OK(ret)) { > > > - DEBUG(2,("spoolss_connect_to_client: unable to open the spoolss p= ipe on machine %s. Error was : %s.\n", > > > - remote_machine, nt_errstr(ret))); > > > -diff --git a/source3/rpcclient/cmd_spoolss.c b/source3/rpcclient/cmd= _spoolss.c > > > -index 5c499d4..fb011f8 100644 > > > ---- a/source3/rpcclient/cmd_spoolss.c > > > -+++ b/source3/rpcclient/cmd_spoolss.c > > > -@@ -3453,7 +3453,7 @@ static WERROR cmd_spoolss_printercmp(struct rp= c_pipe_client *cli, > > > - if ( !NT_STATUS_IS_OK(nt_status) ) > > > - return WERR_GENERAL_FAILURE; > > > -=20 > > > -- nt_status =3D cli_rpc_pipe_open_noauth(cli_server2, &ndr_table_spo= olss.syntax_id, > > > -+ nt_status =3D cli_rpc_pipe_open_noauth(cli_server2, &ndr_table_spo= olss, > > > - &cli2); > > > - if (!NT_STATUS_IS_OK(nt_status)) { > > > - printf("failed to open spoolss pipe on server %s (%s)\n", > > > -diff --git a/source3/rpcclient/cmd_test.c b/source3/rpcclient/cmd_te= st.c > > > -index 591ae8c..367dc71 100644 > > > ---- a/source3/rpcclient/cmd_test.c > > > -+++ b/source3/rpcclient/cmd_test.c > > > -@@ -36,14 +36,14 @@ static NTSTATUS cmd_testme(struct rpc_pipe_clien= t *cli, TALLOC_CTX *mem_ctx, > > > - d_printf("testme\n"); > > > -=20 > > > - status =3D cli_rpc_pipe_open_noauth(rpc_pipe_np_smb_conn(cli), > > > -- &ndr_table_lsarpc.syntax_id, > > > -+ &ndr_table_lsarpc, > > > - &lsa_pipe); > > > - if (!NT_STATUS_IS_OK(status)) { > > > - goto done; > > > - } > > > -=20 > > > - status =3D cli_rpc_pipe_open_noauth(rpc_pipe_np_smb_conn(cli), > > > -- &ndr_table_samr.syntax_id, > > > -+ &ndr_table_samr, > > > - &samr_pipe); > > > - if (!NT_STATUS_IS_OK(status)) { > > > - goto done; > > > -diff --git a/source3/rpcclient/rpcclient.c b/source3/rpcclient/rpccl= ient.c > > > -index 6b6478e..e3b35bb 100644 > > > ---- a/source3/rpcclient/rpcclient.c > > > -+++ b/source3/rpcclient/rpcclient.c > > > -@@ -167,7 +167,7 @@ static void fetch_machine_sid(struct cli_state *= cli) > > > - goto error; > > > - } > > > -=20 > > > -- result =3D cli_rpc_pipe_open_noauth(cli, &ndr_table_lsarpc.syntax_= id, > > > -+ result =3D cli_rpc_pipe_open_noauth(cli, &ndr_table_lsarpc, > > > - &lsapipe); > > > - if (!NT_STATUS_IS_OK(result)) { > > > - fprintf(stderr, "could not initialise lsa pipe. Error was %s\n", = nt_errstr(result) ); > > > -diff --git a/source3/torture/test_async_echo.c b/source3/torture/tes= t_async_echo.c > > > -index 6df95dd..f21daa4 100644 > > > ---- a/source3/torture/test_async_echo.c > > > -+++ b/source3/torture/test_async_echo.c > > > -@@ -82,7 +82,7 @@ bool run_async_echo(int dummy) > > > - printf("torture_open_connection failed\n"); > > > - goto fail; > > > - } > > > -- status =3D cli_rpc_pipe_open_noauth(cli, &ndr_table_rpcecho.syntax= _id, > > > -+ status =3D cli_rpc_pipe_open_noauth(cli, &ndr_table_rpcecho, > > > - &p); > > > - if (!NT_STATUS_IS_OK(status)) { > > > - printf("Could not open echo pipe: %s\n", nt_errstr(status)); > > > -diff --git a/source3/utils/net_ads.c b/source3/utils/net_ads.c > > > -index 5699943..89eebf3 100644 > > > ---- a/source3/utils/net_ads.c > > > -+++ b/source3/utils/net_ads.c > > > -@@ -1957,7 +1957,7 @@ static int net_ads_printer_publish(struct net_= context *c, int argc, const char * > > > - SAFE_FREE(srv_cn_escaped); > > > - SAFE_FREE(printername_escaped); > > > -=20 > > > -- nt_status =3D cli_rpc_pipe_open_noauth(cli, &ndr_table_spoolss.syn= tax_id, &pipe_hnd); > > > -+ nt_status =3D cli_rpc_pipe_open_noauth(cli, &ndr_table_spoolss, &p= ipe_hnd); > > > - if (!NT_STATUS_IS_OK(nt_status)) { > > > - d_fprintf(stderr, _("Unable to open a connection to the spoolss p= ipe on %s\n"), > > > - servername); > > > -diff --git a/source3/utils/net_rpc.c b/source3/utils/net_rpc.c > > > -index dab9fcd..69ff14d 100644 > > > ---- a/source3/utils/net_rpc.c > > > -+++ b/source3/utils/net_rpc.c > > > -@@ -82,7 +82,7 @@ NTSTATUS net_get_remote_domain_sid(struct cli_stat= e *cli, TALLOC_CTX *mem_ctx, > > > - union lsa_PolicyInformation *info =3D NULL; > > > - struct dcerpc_binding_handle *b; > > > -=20 > > > -- status =3D cli_rpc_pipe_open_noauth(cli, &ndr_table_lsarpc.syntax_= id, > > > -+ status =3D cli_rpc_pipe_open_noauth(cli, &ndr_table_lsarpc, > > > - &lsa_pipe); > > > - if (!NT_STATUS_IS_OK(status)) { > > > - d_fprintf(stderr, _("Could not initialise lsa pipe\n")); > > > -@@ -212,7 +212,7 @@ int run_rpc_command(struct net_context *c, > > > - c->opt_password, &pipe_hnd); > > > - } else { > > > - nt_status =3D cli_rpc_pipe_open_noauth( > > > -- cli, &table->syntax_id, > > > -+ cli, table, > > > - &pipe_hnd); > > > - } > > > - if (!NT_STATUS_IS_OK(nt_status)) { > > > -@@ -348,7 +348,7 @@ static NTSTATUS rpc_oldjoin_internals(struct net= _context *c, > > > - NTSTATUS result; > > > - enum netr_SchannelType sec_channel_type; > > > -=20 > > > -- result =3D cli_rpc_pipe_open_noauth(cli, &ndr_table_netlogon.synta= x_id, > > > -+ result =3D cli_rpc_pipe_open_noauth(cli, &ndr_table_netlogon, > > > - &pipe_hnd); > > > - if (!NT_STATUS_IS_OK(result)) { > > > - DEBUG(0,("rpc_oldjoin_internals: netlogon pipe open to machine %s= failed. " > > > -@@ -1966,7 +1966,7 @@ static NTSTATUS get_sid_from_name(struct cli_s= tate *cli, > > > - NTSTATUS status, result; > > > - struct dcerpc_binding_handle *b; > > > -=20 > > > -- status =3D cli_rpc_pipe_open_noauth(cli, &ndr_table_lsarpc.syntax_= id, > > > -+ status =3D cli_rpc_pipe_open_noauth(cli, &ndr_table_lsarpc, > > > - &pipe_hnd); > > > - if (!NT_STATUS_IS_OK(status)) { > > > - goto done; > > > -@@ -2980,7 +2980,7 @@ static NTSTATUS rpc_list_alias_members(struct = net_context *c, > > > - } > > > -=20 > > > - result =3D cli_rpc_pipe_open_noauth(rpc_pipe_np_smb_conn(pipe_hnd), > > > -- &ndr_table_lsarpc.syntax_id, > > > -+ &ndr_table_lsarpc, > > > - &lsa_pipe); > > > - if (!NT_STATUS_IS_OK(result)) { > > > - d_fprintf(stderr, _("Couldn't open LSA pipe. Error was %s\n"), > > > -@@ -6232,7 +6232,7 @@ static NTSTATUS rpc_trustdom_get_pdc(struct ne= t_context *c, > > > -=20 > > > - /* Try netr_GetDcName */ > > > -=20 > > > -- status =3D cli_rpc_pipe_open_noauth(cli, &ndr_table_netlogon.synta= x_id, > > > -+ status =3D cli_rpc_pipe_open_noauth(cli, &ndr_table_netlogon, > > > - &netr); > > > - if (!NT_STATUS_IS_OK(status)) { > > > - return status; > > > -@@ -6379,7 +6379,7 @@ static int rpc_trustdom_establish(struct net_c= ontext *c, int argc, > > > - * Call LsaOpenPolicy and LsaQueryInfo > > > - */ > > > -=20 > > > -- nt_status =3D cli_rpc_pipe_open_noauth(cli, &ndr_table_lsarpc.synt= ax_id, > > > -+ nt_status =3D cli_rpc_pipe_open_noauth(cli, &ndr_table_lsarpc, > > > - &pipe_hnd); > > > - if (!NT_STATUS_IS_OK(nt_status)) { > > > - DEBUG(0, ("Could not initialise lsa pipe. Error was %s\n", nt_err= str(nt_status) )); > > > -@@ -6656,7 +6656,7 @@ static int rpc_trustdom_vampire(struct net_con= text *c, int argc, > > > - return -1; > > > - }; > > > -=20 > > > -- nt_status =3D cli_rpc_pipe_open_noauth(cli, &ndr_table_lsarpc.synt= ax_id, > > > -+ nt_status =3D cli_rpc_pipe_open_noauth(cli, &ndr_table_lsarpc, > > > - &pipe_hnd); > > > - if (!NT_STATUS_IS_OK(nt_status)) { > > > - DEBUG(0, ("Could not initialise lsa pipe. Error was %s\n", > > > -@@ -6834,7 +6834,7 @@ static int rpc_trustdom_list(struct net_contex= t *c, int argc, const char **argv) > > > - return -1; > > > - }; > > > -=20 > > > -- nt_status =3D cli_rpc_pipe_open_noauth(cli, &ndr_table_lsarpc.synt= ax_id, > > > -+ nt_status =3D cli_rpc_pipe_open_noauth(cli, &ndr_table_lsarpc, > > > - &pipe_hnd); > > > - if (!NT_STATUS_IS_OK(nt_status)) { > > > - DEBUG(0, ("Could not initialise lsa pipe. Error was %s\n", > > > -@@ -6950,7 +6950,7 @@ static int rpc_trustdom_list(struct net_contex= t *c, int argc, const char **argv) > > > - /* > > > - * Open \PIPE\samr and get needed policy handles > > > - */ > > > -- nt_status =3D cli_rpc_pipe_open_noauth(cli, &ndr_table_samr.syntax= _id, > > > -+ nt_status =3D cli_rpc_pipe_open_noauth(cli, &ndr_table_samr, > > > - &pipe_hnd); > > > - if (!NT_STATUS_IS_OK(nt_status)) { > > > - DEBUG(0, ("Could not initialise samr pipe. Error was %s\n", nt_er= rstr(nt_status))); > > > -diff --git a/source3/utils/net_rpc_join.c b/source3/utils/net_rpc_jo= in.c > > > -index 4b43769..aabbe54 100644 > > > ---- a/source3/utils/net_rpc_join.c > > > -+++ b/source3/utils/net_rpc_join.c > > > -@@ -245,7 +245,7 @@ int net_rpc_join_newstyle(struct net_context *c,= int argc, const char **argv) > > > -=20 > > > - /* Fetch domain sid */ > > > -=20 > > > -- status =3D cli_rpc_pipe_open_noauth(cli, &ndr_table_lsarpc.syntax_= id, > > > -+ status =3D cli_rpc_pipe_open_noauth(cli, &ndr_table_lsarpc, > > > - &pipe_hnd); > > > - if (!NT_STATUS_IS_OK(status)) { > > > - DEBUG(0, ("Error connecting to LSA pipe. Error was %s\n", > > > -@@ -280,7 +280,7 @@ int net_rpc_join_newstyle(struct net_context *c,= int argc, const char **argv) > > > - } > > > -=20 > > > - /* Create domain user */ > > > -- status =3D cli_rpc_pipe_open_noauth(cli, &ndr_table_samr.syntax_id, > > > -+ status =3D cli_rpc_pipe_open_noauth(cli, &ndr_table_samr, > > > - &pipe_hnd); > > > - if (!NT_STATUS_IS_OK(status)) { > > > - DEBUG(0, ("Error connecting to SAM pipe. Error was %s\n", > > > -@@ -456,7 +456,7 @@ int net_rpc_join_newstyle(struct net_context *c,= int argc, const char **argv) > > > -=20 > > > - /* Now check the whole process from top-to-bottom */ > > > -=20 > > > -- status =3D cli_rpc_pipe_open_noauth(cli, &ndr_table_netlogon.synta= x_id, > > > -+ status =3D cli_rpc_pipe_open_noauth(cli, &ndr_table_netlogon, > > > - &pipe_hnd); > > > - if (!NT_STATUS_IS_OK(status)) { > > > - DEBUG(0,("Error connecting to NETLOGON pipe. Error was %s\n", > > > -diff --git a/source3/utils/net_rpc_shell.c b/source3/utils/net_rpc_s= hell.c > > > -index 6086066..120cfa6 100644 > > > ---- a/source3/utils/net_rpc_shell.c > > > -+++ b/source3/utils/net_rpc_shell.c > > > -@@ -85,7 +85,7 @@ static NTSTATUS net_sh_run(struct net_context *c, > > > - return NT_STATUS_NO_MEMORY; > > > - } > > > -=20 > > > -- status =3D cli_rpc_pipe_open_noauth(ctx->cli, &cmd->table->syntax_= id, > > > -+ status =3D cli_rpc_pipe_open_noauth(ctx->cli, cmd->table, > > > - &pipe_hnd); > > > - if (!NT_STATUS_IS_OK(status)) { > > > - d_fprintf(stderr, _("Could not open pipe: %s\n"), > > > -diff --git a/source3/utils/net_rpc_trust.c b/source3/utils/net_rpc_t= rust.c > > > -index 9060700..5e58103 100644 > > > ---- a/source3/utils/net_rpc_trust.c > > > -+++ b/source3/utils/net_rpc_trust.c > > > -@@ -210,7 +210,7 @@ static NTSTATUS connect_and_get_info(TALLOC_CTX = *mem_ctx, > > > - return status; > > > - } > > > -=20 > > > -- status =3D cli_rpc_pipe_open_noauth(*cli, &ndr_table_lsarpc.syntax= _id, pipe_hnd); > > > -+ status =3D cli_rpc_pipe_open_noauth(*cli, &ndr_table_lsarpc, pipe_= hnd); > > > - if (!NT_STATUS_IS_OK(status)) { > > > - DEBUG(0, ("Failed to initialise lsa pipe with error [%s]\n", > > > - nt_errstr(status))); > > > -diff --git a/source3/utils/net_util.c b/source3/utils/net_util.c > > > -index a4282ec..13a0ef1 100644 > > > ---- a/source3/utils/net_util.c > > > -+++ b/source3/utils/net_util.c > > > -@@ -45,7 +45,7 @@ NTSTATUS net_rpc_lookup_name(struct net_context *c, > > > -=20 > > > - ZERO_STRUCT(pol); > > > -=20 > > > -- status =3D cli_rpc_pipe_open_noauth(cli, &ndr_table_lsarpc.syntax_= id, > > > -+ status =3D cli_rpc_pipe_open_noauth(cli, &ndr_table_lsarpc, > > > - &lsa_pipe); > > > - if (!NT_STATUS_IS_OK(status)) { > > > - d_fprintf(stderr, _("Could not initialise lsa pipe\n")); > > > -@@ -256,7 +256,7 @@ NTSTATUS connect_dst_pipe(struct net_context *c,= struct cli_state **cli_dst, > > > - return nt_status; > > > - } > > > -=20 > > > -- nt_status =3D cli_rpc_pipe_open_noauth(cli_tmp, &table->syntax_id, > > > -+ nt_status =3D cli_rpc_pipe_open_noauth(cli_tmp, table, > > > - &pipe_hnd); > > > - if (!NT_STATUS_IS_OK(nt_status)) { > > > - DEBUG(0, ("couldn't not initialize pipe\n")); > > > -@@ -571,7 +571,7 @@ static NTSTATUS net_scan_dc_noad(struct net_cont= ext *c, > > > - ZERO_STRUCTP(dc_info); > > > - ZERO_STRUCT(pol); > > > -=20 > > > -- status =3D cli_rpc_pipe_open_noauth(cli, &ndr_table_lsarpc.syntax_= id, > > > -+ status =3D cli_rpc_pipe_open_noauth(cli, &ndr_table_lsarpc, > > > - &pipe_hnd); > > > - if (!NT_STATUS_IS_OK(status)) { > > > - return status; > > > -@@ -634,7 +634,7 @@ NTSTATUS net_scan_dc(struct net_context *c, > > > -=20 > > > - ZERO_STRUCTP(dc_info); > > > -=20 > > > -- status =3D cli_rpc_pipe_open_noauth(cli, &ndr_table_dssetup.syntax= _id, > > > -+ status =3D cli_rpc_pipe_open_noauth(cli, &ndr_table_dssetup, > > > - &dssetup_pipe); > > > - if (!NT_STATUS_IS_OK(status)) { > > > - DEBUG(10,("net_scan_dc: failed to open dssetup pipe with %s, " > > > -diff --git a/source3/utils/netlookup.c b/source3/utils/netlookup.c > > > -index b66c34e..56d3bfe 100644 > > > ---- a/source3/utils/netlookup.c > > > -+++ b/source3/utils/netlookup.c > > > -@@ -122,7 +122,7 @@ static struct con_struct *create_cs(struct net_c= ontext *c, > > > - } > > > -=20 > > > - nt_status =3D cli_rpc_pipe_open_noauth(cs->cli, > > > -- &ndr_table_lsarpc.syntax_id, > > > -+ &ndr_table_lsarpc, > > > - &cs->lsapipe); > > > -=20 > > > - if (!NT_STATUS_IS_OK(nt_status)) { > > > -diff --git a/source3/utils/smbcacls.c b/source3/utils/smbcacls.c > > > -index 23a1192..f092839 100644 > > > ---- a/source3/utils/smbcacls.c > > > -+++ b/source3/utils/smbcacls.c > > > -@@ -96,7 +96,7 @@ static NTSTATUS cli_lsa_lookup_sid(struct cli_stat= e *cli, > > > - goto tcon_fail; > > > - } > > > -=20 > > > -- status =3D cli_rpc_pipe_open_noauth(cli, &ndr_table_lsarpc.syntax_= id, > > > -+ status =3D cli_rpc_pipe_open_noauth(cli, &ndr_table_lsarpc, > > > - &p); > > > - if (!NT_STATUS_IS_OK(status)) { > > > - goto fail; > > > -@@ -146,7 +146,7 @@ static NTSTATUS cli_lsa_lookup_name(struct cli_s= tate *cli, > > > - goto tcon_fail; > > > - } > > > -=20 > > > -- status =3D cli_rpc_pipe_open_noauth(cli, &ndr_table_lsarpc.syntax_= id, > > > -+ status =3D cli_rpc_pipe_open_noauth(cli, &ndr_table_lsarpc, > > > - &p); > > > - if (!NT_STATUS_IS_OK(status)) { > > > - goto fail; > > > -@@ -187,14 +187,13 @@ static NTSTATUS cli_lsa_lookup_domain_sid(stru= ct cli_state *cli, > > > - struct policy_handle handle; > > > - NTSTATUS status, result; > > > - TALLOC_CTX *frame =3D talloc_stackframe(); > > > -- const struct ndr_syntax_id *lsarpc_syntax =3D &ndr_table_lsarpc.sy= ntax_id; > > > -=20 > > > - status =3D cli_tree_connect(cli, "IPC$", "?????", "", 0); > > > - if (!NT_STATUS_IS_OK(status)) { > > > - goto done; > > > - } > > > -=20 > > > -- status =3D cli_rpc_pipe_open_noauth(cli, lsarpc_syntax, &rpc_pipe); > > > -+ status =3D cli_rpc_pipe_open_noauth(cli, &ndr_table_lsarpc, &rpc_p= ipe); > > > - if (!NT_STATUS_IS_OK(status)) { > > > - goto tdis; > > > - } > > > -diff --git a/source3/utils/smbcquotas.c b/source3/utils/smbcquotas.c > > > -index bf1f95c..2791b93 100644 > > > ---- a/source3/utils/smbcquotas.c > > > -+++ b/source3/utils/smbcquotas.c > > > -@@ -58,7 +58,7 @@ static bool cli_open_policy_hnd(void) > > > - NTSTATUS ret; > > > - cli_ipc =3D connect_one("IPC$"); > > > - ret =3D cli_rpc_pipe_open_noauth(cli_ipc, > > > -- &ndr_table_lsarpc.syntax_id, > > > -+ &ndr_table_lsarpc, > > > - &global_pipe_hnd); > > > - if (!NT_STATUS_IS_OK(ret)) { > > > - return False; > > > -diff --git a/source3/utils/smbtree.c b/source3/utils/smbtree.c > > > -index 40b1f09..5c07b12 100644 > > > ---- a/source3/utils/smbtree.c > > > -+++ b/source3/utils/smbtree.c > > > -@@ -177,7 +177,7 @@ static bool get_rpc_shares(struct cli_state *cli, > > > - return False; > > > - } > > > -=20 > > > -- status =3D cli_rpc_pipe_open_noauth(cli, &ndr_table_srvsvc.syntax_= id, > > > -+ status =3D cli_rpc_pipe_open_noauth(cli, &ndr_table_srvsvc, > > > - &pipe_hnd); > > > -=20 > > > - if (!NT_STATUS_IS_OK(status)) { > > > -diff --git a/source3/winbindd/winbindd_cm.c b/source3/winbindd/winbi= ndd_cm.c > > > -index f17fc68..facef64 100644 > > > ---- a/source3/winbindd/winbindd_cm.c > > > -+++ b/source3/winbindd/winbindd_cm.c > > > -@@ -2078,7 +2078,7 @@ static void set_dc_type_and_flags_connect( str= uct winbindd_domain *domain ) > > > - DEBUG(5, ("set_dc_type_and_flags_connect: domain %s\n", domain->na= me )); > > > -=20 > > > - status =3D cli_rpc_pipe_open_noauth(domain->conn.cli, > > > -- &ndr_table_dssetup.syntax_id, > > > -+ &ndr_table_dssetup, > > > - &cli); > > > -=20 > > > - if (!NT_STATUS_IS_OK(status)) { > > > -@@ -2129,7 +2129,7 @@ static void set_dc_type_and_flags_connect( str= uct winbindd_domain *domain ) > > > -=20 > > > - no_dssetup: > > > - status =3D cli_rpc_pipe_open_noauth(domain->conn.cli, > > > -- &ndr_table_lsarpc.syntax_id, &cli); > > > -+ &ndr_table_lsarpc, &cli); > > > -=20 > > > - if (!NT_STATUS_IS_OK(status)) { > > > - DEBUG(5, ("set_dc_type_and_flags_connect: Could not bind to " > > > -@@ -2447,7 +2447,7 @@ NTSTATUS cm_connect_sam(struct winbindd_domain= *domain, TALLOC_CTX *mem_ctx, > > > - anonymous: > > > -=20 > > > - /* Finally fall back to anonymous. */ > > > -- status =3D cli_rpc_pipe_open_noauth(conn->cli, &ndr_table_samr.syn= tax_id, > > > -+ status =3D cli_rpc_pipe_open_noauth(conn->cli, &ndr_table_samr, > > > - &conn->samr_pipe); > > > -=20 > > > - if (!NT_STATUS_IS_OK(status)) { > > > -@@ -2674,7 +2674,7 @@ NTSTATUS cm_connect_lsa(struct winbindd_domain= *domain, TALLOC_CTX *mem_ctx, > > > - anonymous: > > > -=20 > > > - result =3D cli_rpc_pipe_open_noauth(conn->cli, > > > -- &ndr_table_lsarpc.syntax_id, > > > -+ &ndr_table_lsarpc, > > > - &conn->lsa_pipe); > > > - if (!NT_STATUS_IS_OK(result)) { > > > - result =3D NT_STATUS_PIPE_NOT_AVAILABLE; > > > -@@ -2765,7 +2765,7 @@ NTSTATUS cm_connect_netlogon(struct winbindd_d= omain *domain, > > > - TALLOC_FREE(conn->netlogon_pipe); > > > -=20 > > > - result =3D cli_rpc_pipe_open_noauth(conn->cli, > > > -- &ndr_table_netlogon.syntax_id, > > > -+ &ndr_table_netlogon, > > > - &netlogon_pipe); > > > - if (!NT_STATUS_IS_OK(result)) { > > > - return result; > > > ---=20 > > > -1.9.3 > > > - > > > - > > > -From fce35e003f655b3564ee4df5ebfe7f3e6ff6d188 Mon Sep 17 00:00:00 20= 01 > > > -From: =3D?UTF-8?q?G=3DC3=3DBCnther=3D20Deschner?=3D > > > -Date: Fri, 24 May 2013 13:33:03 +0200 > > > -Subject: [PATCH 027/249] s3-rpc_cli: pass down ndr_interface_table to > > > - cli_rpc_pipe_open_noauth_transport(). > > > -MIME-Version: 1.0 > > > -Content-Type: text/plain; charset=3DUTF-8 > > > -Content-Transfer-Encoding: 8bit > > > - > > > -Guenther > > > - > > > -Signed-off-by: G=C3=BCnther Deschner > > > -Reviewed-by: Stefan Metzmacher > > > -Reviewed-by: Andreas Schneider > > > -(cherry picked from commit 9aa99c3cfb0ff7a290dd4df472a4ff30d0efcb76) > > > ---- > > > - source3/rpc_client/cli_pipe.c | 13 +++++++------ > > > - source3/rpc_client/cli_pipe.h | 2 +- > > > - source3/rpcclient/rpcclient.c | 2 +- > > > - 3 files changed, 9 insertions(+), 8 deletions(-) > > > - > > > -diff --git a/source3/rpc_client/cli_pipe.c b/source3/rpc_client/cli_= pipe.c > > > -index 1137abd..4523ab7 100644 > > > ---- a/source3/rpc_client/cli_pipe.c > > > -+++ b/source3/rpc_client/cli_pipe.c > > > -@@ -2865,14 +2865,14 @@ static NTSTATUS cli_rpc_pipe_open(struct cli= _state *cli, > > > -=20 > > > - NTSTATUS cli_rpc_pipe_open_noauth_transport(struct cli_state *cli, > > > - enum dcerpc_transport_t transport, > > > -- const struct ndr_syntax_id *interface, > > > -+ const struct ndr_interface_table *table, > > > - struct rpc_pipe_client **presult) > > > - { > > > - struct rpc_pipe_client *result; > > > - struct pipe_auth_data *auth; > > > - NTSTATUS status; > > > -=20 > > > -- status =3D cli_rpc_pipe_open(cli, transport, interface, &result); > > > -+ status =3D cli_rpc_pipe_open(cli, transport, &table->syntax_id, &r= esult); > > > - if (!NT_STATUS_IS_OK(status)) { > > > - return status; > > > - } > > > -@@ -2921,7 +2921,7 @@ NTSTATUS cli_rpc_pipe_open_noauth_transport(st= ruct cli_state *cli, > > > - status =3D rpc_pipe_bind(result, auth); > > > - if (!NT_STATUS_IS_OK(status)) { > > > - int lvl =3D 0; > > > -- if (ndr_syntax_id_equal(interface, > > > -+ if (ndr_syntax_id_equal(&table->syntax_id, > > > - &ndr_table_dssetup.syntax_id)) { > > > - /* non AD domains just don't have this pipe, avoid > > > - * level 0 statement in that case - gd */ > > > -@@ -2929,7 +2929,8 @@ NTSTATUS cli_rpc_pipe_open_noauth_transport(st= ruct cli_state *cli, > > > - } > > > - DEBUG(lvl, ("cli_rpc_pipe_open_noauth: rpc_pipe_bind for pipe " > > > - "%s failed with error %s\n", > > > -- get_pipe_name_from_syntax(talloc_tos(), interface), > > > -+ get_pipe_name_from_syntax(talloc_tos(), > > > -+ &table->syntax_id), > > > - nt_errstr(status) )); > > > - TALLOC_FREE(result); > > > - return status; > > > -@@ -2937,7 +2938,7 @@ NTSTATUS cli_rpc_pipe_open_noauth_transport(st= ruct cli_state *cli, > > > -=20 > > > - DEBUG(10,("cli_rpc_pipe_open_noauth: opened pipe %s to machine " > > > - "%s and bound anonymously.\n", > > > -- get_pipe_name_from_syntax(talloc_tos(), interface), > > > -+ get_pipe_name_from_syntax(talloc_tos(), &table->syntax_id), > > > - result->desthost)); > > > -=20 > > > - *presult =3D result; > > > -@@ -2952,7 +2953,7 @@ NTSTATUS cli_rpc_pipe_open_noauth(struct cli_s= tate *cli, > > > - struct rpc_pipe_client **presult) > > > - { > > > - return cli_rpc_pipe_open_noauth_transport(cli, NCACN_NP, > > > -- &table->syntax_id, presult); > > > -+ table, presult); > > > - } > > > -=20 > > > - /******************************************************************= ********** > > > -diff --git a/source3/rpc_client/cli_pipe.h b/source3/rpc_client/cli_= pipe.h > > > -index 9aae61a..f37f8a9 100644 > > > ---- a/source3/rpc_client/cli_pipe.h > > > -+++ b/source3/rpc_client/cli_pipe.h > > > -@@ -82,7 +82,7 @@ NTSTATUS cli_rpc_pipe_open_noauth(struct cli_state= *cli, > > > -=20 > > > - NTSTATUS cli_rpc_pipe_open_noauth_transport(struct cli_state *cli, > > > - enum dcerpc_transport_t transport, > > > -- const struct ndr_syntax_id *interface, > > > -+ const struct ndr_interface_table *table, > > > - struct rpc_pipe_client **presult); > > > -=20 > > > - NTSTATUS cli_rpc_pipe_open_generic_auth(struct cli_state *cli, > > > -diff --git a/source3/rpcclient/rpcclient.c b/source3/rpcclient/rpccl= ient.c > > > -index e3b35bb..c23ff2d 100644 > > > ---- a/source3/rpcclient/rpcclient.c > > > -+++ b/source3/rpcclient/rpcclient.c > > > -@@ -690,7 +690,7 @@ static NTSTATUS do_cmd(struct cli_state *cli, > > > - case DCERPC_AUTH_TYPE_NONE: > > > - ntresult =3D cli_rpc_pipe_open_noauth_transport( > > > - cli, default_transport, > > > -- &cmd_entry->table->syntax_id, > > > -+ cmd_entry->table, > > > - &cmd_entry->rpc_pipe); > > > - break; > > > - case DCERPC_AUTH_TYPE_SPNEGO: > > > ---=20 > > > -1.9.3 > > > - > > > - > > > -From 0d85042853b635486912688102253b2f358b5056 Mon Sep 17 00:00:00 20= 01 > > > -From: =3D?UTF-8?q?G=3DC3=3DBCnther=3D20Deschner?=3D > > > -Date: Fri, 24 May 2013 13:38:01 +0200 > > > -Subject: [PATCH 028/249] s3-rpc_cli: pass down ndr_interface_table to > > > - cli_rpc_pipe_open(). > > > -MIME-Version: 1.0 > > > -Content-Type: text/plain; charset=3DUTF-8 > > > -Content-Transfer-Encoding: 8bit > > > - > > > -Guenther > > > - > > > -Signed-off-by: G=C3=BCnther Deschner > > > -Reviewed-by: Stefan Metzmacher > > > -Reviewed-by: Andreas Schneider > > > -(cherry picked from commit 34cc4b409558f229fba24f59e81ef9100a851d24) > > > ---- > > > - source3/rpc_client/cli_pipe.c | 14 +++++++------- > > > - 1 file changed, 7 insertions(+), 7 deletions(-) > > > - > > > -diff --git a/source3/rpc_client/cli_pipe.c b/source3/rpc_client/cli_= pipe.c > > > -index 4523ab7..4dc7345 100644 > > > ---- a/source3/rpc_client/cli_pipe.c > > > -+++ b/source3/rpc_client/cli_pipe.c > > > -@@ -2843,7 +2843,7 @@ static NTSTATUS rpc_pipe_open_np(struct cli_st= ate *cli, > > > -=20 > > > - static NTSTATUS cli_rpc_pipe_open(struct cli_state *cli, > > > - enum dcerpc_transport_t transport, > > > -- const struct ndr_syntax_id *interface, > > > -+ const struct ndr_interface_table *table, > > > - struct rpc_pipe_client **presult) > > > - { > > > - switch (transport) { > > > -@@ -2851,9 +2851,9 @@ static NTSTATUS cli_rpc_pipe_open(struct cli_s= tate *cli, > > > - return rpc_pipe_open_tcp(NULL, > > > - smbXcli_conn_remote_name(cli->conn), > > > - smbXcli_conn_remote_sockaddr(cli->conn), > > > -- interface, presult); > > > -+ &table->syntax_id, presult); > > > - case NCACN_NP: > > > -- return rpc_pipe_open_np(cli, interface, presult); > > > -+ return rpc_pipe_open_np(cli, &table->syntax_id, presult); > > > - default: > > > - return NT_STATUS_NOT_IMPLEMENTED; > > > - } > > > -@@ -2872,7 +2872,7 @@ NTSTATUS cli_rpc_pipe_open_noauth_transport(st= ruct cli_state *cli, > > > - struct pipe_auth_data *auth; > > > - NTSTATUS status; > > > -=20 > > > -- status =3D cli_rpc_pipe_open(cli, transport, &table->syntax_id, &r= esult); > > > -+ status =3D cli_rpc_pipe_open(cli, transport, table, &result); > > > - if (!NT_STATUS_IS_OK(status)) { > > > - return status; > > > - } > > > -@@ -2977,7 +2977,7 @@ NTSTATUS cli_rpc_pipe_open_generic_auth(struct= cli_state *cli, > > > - =09 > > > - NTSTATUS status; > > > -=20 > > > -- status =3D cli_rpc_pipe_open(cli, transport, &table->syntax_id, &r= esult); > > > -+ status =3D cli_rpc_pipe_open(cli, transport, table, &result); > > > - if (!NT_STATUS_IS_OK(status)) { > > > - return status; > > > - } > > > -@@ -3034,7 +3034,7 @@ NTSTATUS cli_rpc_pipe_open_schannel_with_key(s= truct cli_state *cli, > > > - struct pipe_auth_data *auth; > > > - NTSTATUS status; > > > -=20 > > > -- status =3D cli_rpc_pipe_open(cli, transport, &table->syntax_id, &r= esult); > > > -+ status =3D cli_rpc_pipe_open(cli, transport, table, &result); > > > - if (!NT_STATUS_IS_OK(status)) { > > > - return status; > > > - } > > > -@@ -3104,7 +3104,7 @@ NTSTATUS cli_rpc_pipe_open_spnego(struct cli_s= tate *cli, > > > - return NT_STATUS_INVALID_PARAMETER; > > > - } > > > -=20 > > > -- status =3D cli_rpc_pipe_open(cli, transport, &table->syntax_id, &r= esult); > > > -+ status =3D cli_rpc_pipe_open(cli, transport, table, &result); > > > - if (!NT_STATUS_IS_OK(status)) { > > > - return status; > > > - } > > > ---=20 > > > -1.9.3 > > > - > > > - > > > -From d5e312185a7adc8429f8caba29a9808ab7954a27 Mon Sep 17 00:00:00 20= 01 > > > -From: =3D?UTF-8?q?G=3DC3=3DBCnther=3D20Deschner?=3D > > > -Date: Fri, 24 May 2013 13:40:45 +0200 > > > -Subject: [PATCH 029/249] s3-rpc_cli: pass down ndr_interface_table to > > > - rpc_pipe_open_np(). > > > -MIME-Version: 1.0 > > > -Content-Type: text/plain; charset=3DUTF-8 > > > -Content-Transfer-Encoding: 8bit > > > - > > > -Guenther > > > - > > > -Signed-off-by: G=C3=BCnther Deschner > > > -Reviewed-by: Stefan Metzmacher > > > -Reviewed-by: Andreas Schneider > > > -(cherry picked from commit 8cd3a060514ddcc178c938100edfb0b177c00c8c) > > > ---- > > > - source3/rpc_client/cli_pipe.c | 8 ++++---- > > > - 1 file changed, 4 insertions(+), 4 deletions(-) > > > - > > > -diff --git a/source3/rpc_client/cli_pipe.c b/source3/rpc_client/cli_= pipe.c > > > -index 4dc7345..0347d76 100644 > > > ---- a/source3/rpc_client/cli_pipe.c > > > -+++ b/source3/rpc_client/cli_pipe.c > > > -@@ -2775,7 +2775,7 @@ static int rpc_pipe_client_np_ref_destructor(s= truct rpc_pipe_client_np_ref *np_r > > > - ******************************************************************= **********/ > > > -=20 > > > - static NTSTATUS rpc_pipe_open_np(struct cli_state *cli, > > > -- const struct ndr_syntax_id *abstract_syntax, > > > -+ const struct ndr_interface_table *table, > > > - struct rpc_pipe_client **presult) > > > - { > > > - struct rpc_pipe_client *result; > > > -@@ -2793,7 +2793,7 @@ static NTSTATUS rpc_pipe_open_np(struct cli_st= ate *cli, > > > - return NT_STATUS_NO_MEMORY; > > > - } > > > -=20 > > > -- result->abstract_syntax =3D *abstract_syntax; > > > -+ result->abstract_syntax =3D table->syntax_id; > > > - result->transfer_syntax =3D ndr_transfer_syntax_ndr; > > > - result->desthost =3D talloc_strdup(result, smbXcli_conn_remote_nam= e(cli->conn)); > > > - result->srv_name_slash =3D talloc_asprintf_strupper_m( > > > -@@ -2807,7 +2807,7 @@ static NTSTATUS rpc_pipe_open_np(struct cli_st= ate *cli, > > > - return NT_STATUS_NO_MEMORY; > > > - } > > > -=20 > > > -- status =3D rpc_transport_np_init(result, cli, abstract_syntax, > > > -+ status =3D rpc_transport_np_init(result, cli, &table->syntax_id, > > > - &result->transport); > > > - if (!NT_STATUS_IS_OK(status)) { > > > - TALLOC_FREE(result); > > > -@@ -2853,7 +2853,7 @@ static NTSTATUS cli_rpc_pipe_open(struct cli_s= tate *cli, > > > - smbXcli_conn_remote_sockaddr(cli->conn), > > > - &table->syntax_id, presult); > > > - case NCACN_NP: > > > -- return rpc_pipe_open_np(cli, &table->syntax_id, presult); > > > -+ return rpc_pipe_open_np(cli, table, presult); > > > - default: > > > - return NT_STATUS_NOT_IMPLEMENTED; > > > - } > > > ---=20 > > > -1.9.3 > > > - > > > - > > > -From f1fa7838cb933fd0d390a56d823272f8528eb63c Mon Sep 17 00:00:00 20= 01 > > > -From: =3D?UTF-8?q?G=3DC3=3DBCnther=3D20Deschner?=3D > > > -Date: Fri, 24 May 2013 13:44:00 +0200 > > > -Subject: [PATCH 030/249] s3-rpc_cli: pass down ndr_interface_table to > > > - rpc_pipe_open_tcp(). > > > -MIME-Version: 1.0 > > > -Content-Type: text/plain; charset=3DUTF-8 > > > -Content-Transfer-Encoding: 8bit > > > - > > > -Guenther > > > - > > > -Signed-off-by: G=C3=BCnther Deschner > > > -Reviewed-by: Stefan Metzmacher > > > -Reviewed-by: Andreas Schneider > > > -(cherry picked from commit 5c5cff0a722a0925ae75ea7aa11ede0d82d5b92d) > > > ---- > > > - source3/rpc_client/cli_pipe.c | 8 ++++---- > > > - source3/rpc_client/cli_pipe.h | 2 +- > > > - source3/torture/rpc_open_tcp.c | 2 +- > > > - 3 files changed, 6 insertions(+), 6 deletions(-) > > > - > > > -diff --git a/source3/rpc_client/cli_pipe.c b/source3/rpc_client/cli_= pipe.c > > > -index 0347d76..46adf69 100644 > > > ---- a/source3/rpc_client/cli_pipe.c > > > -+++ b/source3/rpc_client/cli_pipe.c > > > -@@ -2663,19 +2663,19 @@ done: > > > - */ > > > - NTSTATUS rpc_pipe_open_tcp(TALLOC_CTX *mem_ctx, const char *host, > > > - const struct sockaddr_storage *addr, > > > -- const struct ndr_syntax_id *abstract_syntax, > > > -+ const struct ndr_interface_table *table, > > > - struct rpc_pipe_client **presult) > > > - { > > > - NTSTATUS status; > > > - uint16_t port =3D 0; > > > -=20 > > > -- status =3D rpc_pipe_get_tcp_port(host, addr, abstract_syntax, &por= t); > > > -+ status =3D rpc_pipe_get_tcp_port(host, addr, &table->syntax_id, &p= ort); > > > - if (!NT_STATUS_IS_OK(status)) { > > > - return status; > > > - } > > > -=20 > > > - return rpc_pipe_open_tcp_port(mem_ctx, host, addr, port, > > > -- abstract_syntax, presult); > > > -+ &table->syntax_id, presult); > > > - } > > > -=20 > > > - /******************************************************************= ** > > > -@@ -2851,7 +2851,7 @@ static NTSTATUS cli_rpc_pipe_open(struct cli_s= tate *cli, > > > - return rpc_pipe_open_tcp(NULL, > > > - smbXcli_conn_remote_name(cli->conn), > > > - smbXcli_conn_remote_sockaddr(cli->conn), > > > -- &table->syntax_id, presult); > > > -+ table, presult); > > > - case NCACN_NP: > > > - return rpc_pipe_open_np(cli, table, presult); > > > - default: > > > -diff --git a/source3/rpc_client/cli_pipe.h b/source3/rpc_client/cli_= pipe.h > > > -index f37f8a9..6fcc587 100644 > > > ---- a/source3/rpc_client/cli_pipe.h > > > -+++ b/source3/rpc_client/cli_pipe.h > > > -@@ -67,7 +67,7 @@ NTSTATUS rpccli_schannel_bind_data(TALLOC_CTX *mem= _ctx, > > > - NTSTATUS rpc_pipe_open_tcp(TALLOC_CTX *mem_ctx, > > > - const char *host, > > > - const struct sockaddr_storage *ss_addr, > > > -- const struct ndr_syntax_id *abstract_syntax, > > > -+ const struct ndr_interface_table *table, > > > - struct rpc_pipe_client **presult); > > > -=20 > > > - NTSTATUS rpc_pipe_open_ncalrpc(TALLOC_CTX *mem_ctx, const char *soc= ket_path, > > > -diff --git a/source3/torture/rpc_open_tcp.c b/source3/torture/rpc_op= en_tcp.c > > > -index d29f4cf..cd27b5f 100644 > > > ---- a/source3/torture/rpc_open_tcp.c > > > -+++ b/source3/torture/rpc_open_tcp.c > > > -@@ -95,7 +95,7 @@ int main(int argc, const char **argv) > > > - } > > > -=20 > > > - status =3D rpc_pipe_open_tcp(mem_ctx, argv[2], NULL, > > > -- &((*table)->syntax_id), > > > -+ *table, > > > - &rpc_pipe); > > > - if (!NT_STATUS_IS_OK(status)) { > > > - d_printf("ERROR calling rpc_pipe_open_tcp(): %s\n", > > > ---=20 > > > -1.9.3 > > > - > > > - > > > -From 67c01c15af1bbb98916e75f7cad61edcc13c2e2f Mon Sep 17 00:00:00 20= 01 > > > -From: =3D?UTF-8?q?G=3DC3=3DBCnther=3D20Deschner?=3D > > > -Date: Fri, 24 May 2013 13:46:07 +0200 > > > -Subject: [PATCH 031/249] s3-rpc_cli: pass down ndr_interface_table to > > > - rpc_pipe_get_tcp_port(). > > > -MIME-Version: 1.0 > > > -Content-Type: text/plain; charset=3DUTF-8 > > > -Content-Transfer-Encoding: 8bit > > > - > > > -Guenther > > > - > > > -Signed-off-by: G=C3=BCnther Deschner > > > -Reviewed-by: Stefan Metzmacher > > > -Reviewed-by: Andreas Schneider > > > -(cherry picked from commit 0ff8c2d508949f732716e24047694cecf38597df) > > > ---- > > > - source3/rpc_client/cli_pipe.c | 10 +++++----- > > > - 1 file changed, 5 insertions(+), 5 deletions(-) > > > - > > > -diff --git a/source3/rpc_client/cli_pipe.c b/source3/rpc_client/cli_= pipe.c > > > -index 46adf69..15e77db 100644 > > > ---- a/source3/rpc_client/cli_pipe.c > > > -+++ b/source3/rpc_client/cli_pipe.c > > > -@@ -2518,7 +2518,7 @@ static NTSTATUS rpc_pipe_open_tcp_port(TALLOC_= CTX *mem_ctx, const char *host, > > > - */ > > > - static NTSTATUS rpc_pipe_get_tcp_port(const char *host, > > > - const struct sockaddr_storage *addr, > > > -- const struct ndr_syntax_id *abstract_syntax, > > > -+ const struct ndr_interface_table *table, > > > - uint16_t *pport) > > > - { > > > - NTSTATUS status; > > > -@@ -2541,7 +2541,7 @@ static NTSTATUS rpc_pipe_get_tcp_port(const ch= ar *host, > > > - goto done; > > > - } > > > -=20 > > > -- if (ndr_syntax_id_equal(abstract_syntax, > > > -+ if (ndr_syntax_id_equal(&table->syntax_id, > > > - &ndr_table_epmapper.syntax_id)) { > > > - *pport =3D 135; > > > - return NT_STATUS_OK; > > > -@@ -2576,7 +2576,7 @@ static NTSTATUS rpc_pipe_get_tcp_port(const ch= ar *host, > > > - } > > > -=20 > > > - map_binding->transport =3D NCACN_IP_TCP; > > > -- map_binding->object =3D *abstract_syntax; > > > -+ map_binding->object =3D table->syntax_id; > > > - map_binding->host =3D host; /* needed? */ > > > - map_binding->endpoint =3D "0"; /* correct? needed? */ > > > -=20 > > > -@@ -2612,7 +2612,7 @@ static NTSTATUS rpc_pipe_get_tcp_port(const ch= ar *host, > > > - status =3D dcerpc_epm_Map(epm_handle, > > > - tmp_ctx, > > > - discard_const_p(struct GUID, > > > -- &(abstract_syntax->uuid)), > > > -+ &(table->syntax_id.uuid)), > > > - map_tower, > > > - entry_handle, > > > - max_towers, > > > -@@ -2669,7 +2669,7 @@ NTSTATUS rpc_pipe_open_tcp(TALLOC_CTX *mem_ctx= , const char *host, > > > - NTSTATUS status; > > > - uint16_t port =3D 0; > > > -=20 > > > -- status =3D rpc_pipe_get_tcp_port(host, addr, &table->syntax_id, &p= ort); > > > -+ status =3D rpc_pipe_get_tcp_port(host, addr, table, &port); > > > - if (!NT_STATUS_IS_OK(status)) { > > > - return status; > > > - } > > > ---=20 > > > -1.9.3 > > > - > > > - > > > -From a032ff8c89e479792947af4315ed6eb59a69f8f5 Mon Sep 17 00:00:00 20= 01 > > > -From: =3D?UTF-8?q?G=3DC3=3DBCnther=3D20Deschner?=3D > > > -Date: Fri, 24 May 2013 13:47:16 +0200 > > > -Subject: [PATCH 032/249] s3-rpc_cli: pass down ndr_interface_table to > > > - rpc_pipe_open_tcp_port(). > > > -MIME-Version: 1.0 > > > -Content-Type: text/plain; charset=3DUTF-8 > > > -Content-Transfer-Encoding: 8bit > > > - > > > -Guenther > > > - > > > -Signed-off-by: G=C3=BCnther Deschner > > > -Reviewed-by: Stefan Metzmacher > > > -Reviewed-by: Andreas Schneider > > > -(cherry picked from commit 7bdcfcb37c5b96ee6aa0cecffd89c6d17291fe62) > > > ---- > > > - source3/rpc_client/cli_pipe.c | 8 ++++---- > > > - 1 file changed, 4 insertions(+), 4 deletions(-) > > > - > > > -diff --git a/source3/rpc_client/cli_pipe.c b/source3/rpc_client/cli_= pipe.c > > > -index 15e77db..1b2955f 100644 > > > ---- a/source3/rpc_client/cli_pipe.c > > > -+++ b/source3/rpc_client/cli_pipe.c > > > -@@ -2447,7 +2447,7 @@ NTSTATUS rpccli_schannel_bind_data(TALLOC_CTX = *mem_ctx, const char *domain, > > > - static NTSTATUS rpc_pipe_open_tcp_port(TALLOC_CTX *mem_ctx, const c= har *host, > > > - const struct sockaddr_storage *ss_addr, > > > - uint16_t port, > > > -- const struct ndr_syntax_id *abstract_syntax, > > > -+ const struct ndr_interface_table *table, > > > - struct rpc_pipe_client **presult) > > > - { > > > - struct rpc_pipe_client *result; > > > -@@ -2460,7 +2460,7 @@ static NTSTATUS rpc_pipe_open_tcp_port(TALLOC_= CTX *mem_ctx, const char *host, > > > - return NT_STATUS_NO_MEMORY; > > > - } > > > -=20 > > > -- result->abstract_syntax =3D *abstract_syntax; > > > -+ result->abstract_syntax =3D table->syntax_id; > > > - result->transfer_syntax =3D ndr_transfer_syntax_ndr; > > > -=20 > > > - result->desthost =3D talloc_strdup(result, host); > > > -@@ -2549,7 +2549,7 @@ static NTSTATUS rpc_pipe_get_tcp_port(const ch= ar *host, > > > -=20 > > > - /* open the connection to the endpoint mapper */ > > > - status =3D rpc_pipe_open_tcp_port(tmp_ctx, host, addr, 135, > > > -- &ndr_table_epmapper.syntax_id, > > > -+ &ndr_table_epmapper, > > > - &epm_pipe); > > > -=20 > > > - if (!NT_STATUS_IS_OK(status)) { > > > -@@ -2675,7 +2675,7 @@ NTSTATUS rpc_pipe_open_tcp(TALLOC_CTX *mem_ctx= , const char *host, > > > - } > > > -=20 > > > - return rpc_pipe_open_tcp_port(mem_ctx, host, addr, port, > > > -- &table->syntax_id, presult); > > > -+ table, presult); > > > - } > > > -=20 > > > - /******************************************************************= ** > > > ---=20 > > > -1.9.3 > > > - > > > - > > > -From 0b4ae5ec146e35c364f01c033d6c22efb99b7314 Mon Sep 17 00:00:00 20= 01 > > > -From: =3D?UTF-8?q?G=3DC3=3DBCnther=3D20Deschner?=3D > > > -Date: Fri, 24 May 2013 13:52:05 +0200 > > > -Subject: [PATCH 033/249] s3-rpc_cli: pass down ndr_interface_table to > > > - rpc_transport_np_init(). > > > -MIME-Version: 1.0 > > > -Content-Type: text/plain; charset=3DUTF-8 > > > -Content-Transfer-Encoding: 8bit > > > - > > > -Guenther > > > - > > > -Signed-off-by: G=C3=BCnther Deschner > > > -Reviewed-by: Stefan Metzmacher > > > -Reviewed-by: Andreas Schneider > > > -(cherry picked from commit c41b6e5c5e7fcdbd98c1eb2bea08378b47d343d4) > > > ---- > > > - source3/rpc_client/cli_pipe.c | 2 +- > > > - source3/rpc_client/rpc_transport.h | 2 +- > > > - source3/rpc_client/rpc_transport_np.c | 4 ++-- > > > - 3 files changed, 4 insertions(+), 4 deletions(-) > > > - > > > -diff --git a/source3/rpc_client/cli_pipe.c b/source3/rpc_client/cli_= pipe.c > > > -index 1b2955f..1fa8d91 100644 > > > ---- a/source3/rpc_client/cli_pipe.c > > > -+++ b/source3/rpc_client/cli_pipe.c > > > -@@ -2807,7 +2807,7 @@ static NTSTATUS rpc_pipe_open_np(struct cli_st= ate *cli, > > > - return NT_STATUS_NO_MEMORY; > > > - } > > > -=20 > > > -- status =3D rpc_transport_np_init(result, cli, &table->syntax_id, > > > -+ status =3D rpc_transport_np_init(result, cli, table, > > > - &result->transport); > > > - if (!NT_STATUS_IS_OK(status)) { > > > - TALLOC_FREE(result); > > > -diff --git a/source3/rpc_client/rpc_transport.h b/source3/rpc_client= /rpc_transport.h > > > -index bc115dd..2b4a323 100644 > > > ---- a/source3/rpc_client/rpc_transport.h > > > -+++ b/source3/rpc_client/rpc_transport.h > > > -@@ -89,7 +89,7 @@ NTSTATUS rpc_transport_np_init_recv(struct tevent_= req *req, > > > - TALLOC_CTX *mem_ctx, > > > - struct rpc_cli_transport **presult); > > > - NTSTATUS rpc_transport_np_init(TALLOC_CTX *mem_ctx, struct cli_stat= e *cli, > > > -- const struct ndr_syntax_id *abstract_syntax, > > > -+ const struct ndr_interface_table *table, > > > - struct rpc_cli_transport **presult); > > > -=20 > > > - /* The following definitions come from rpc_client/rpc_transport_soc= k.c */ > > > -diff --git a/source3/rpc_client/rpc_transport_np.c b/source3/rpc_cli= ent/rpc_transport_np.c > > > -index f0696ad..7bd1ca3 100644 > > > ---- a/source3/rpc_client/rpc_transport_np.c > > > -+++ b/source3/rpc_client/rpc_transport_np.c > > > -@@ -152,7 +152,7 @@ NTSTATUS rpc_transport_np_init_recv(struct teven= t_req *req, > > > - } > > > -=20 > > > - NTSTATUS rpc_transport_np_init(TALLOC_CTX *mem_ctx, struct cli_stat= e *cli, > > > -- const struct ndr_syntax_id *abstract_syntax, > > > -+ const struct ndr_interface_table *table, > > > - struct rpc_cli_transport **presult) > > > - { > > > - TALLOC_CTX *frame =3D talloc_stackframe(); > > > -@@ -166,7 +166,7 @@ NTSTATUS rpc_transport_np_init(TALLOC_CTX *mem_c= tx, struct cli_state *cli, > > > - goto fail; > > > - } > > > -=20 > > > -- req =3D rpc_transport_np_init_send(frame, ev, cli, abstract_syntax= ); > > > -+ req =3D rpc_transport_np_init_send(frame, ev, cli, &table->syntax_= id); > > > - if (req =3D=3D NULL) { > > > - status =3D NT_STATUS_NO_MEMORY; > > > - goto fail; > > > ---=20 > > > -1.9.3 > > > - > > > - > > > -From 739d05d91f23c4c6e17078c84192f30911cbdfcd Mon Sep 17 00:00:00 20= 01 > > > -From: =3D?UTF-8?q?G=3DC3=3DBCnther=3D20Deschner?=3D > > > -Date: Fri, 24 May 2013 13:56:53 +0200 > > > -Subject: [PATCH 034/249] s3-rpc_cli: pass down ndr_interface_table to > > > - rpc_transport_np_init_send(). > > > -MIME-Version: 1.0 > > > -Content-Type: text/plain; charset=3DUTF-8 > > > -Content-Transfer-Encoding: 8bit > > > - > > > -Guenther > > > - > > > -Signed-off-by: G=C3=BCnther Deschner > > > -Reviewed-by: Stefan Metzmacher > > > -Reviewed-by: Andreas Schneider > > > -(cherry picked from commit b19e7e6638a5dd53e3c6e6701f78bf31184ed493) > > > ---- > > > - source3/rpc_client/rpc_transport.h | 2 +- > > > - source3/rpc_client/rpc_transport_np.c | 6 +++--- > > > - 2 files changed, 4 insertions(+), 4 deletions(-) > > > - > > > -diff --git a/source3/rpc_client/rpc_transport.h b/source3/rpc_client= /rpc_transport.h > > > -index 2b4a323..72e7609 100644 > > > ---- a/source3/rpc_client/rpc_transport.h > > > -+++ b/source3/rpc_client/rpc_transport.h > > > -@@ -84,7 +84,7 @@ struct cli_state; > > > - struct tevent_req *rpc_transport_np_init_send(TALLOC_CTX *mem_ctx, > > > - struct tevent_context *ev, > > > - struct cli_state *cli, > > > -- const struct ndr_syntax_id *abstract_syntax); > > > -+ const struct ndr_interface_table *table); > > > - NTSTATUS rpc_transport_np_init_recv(struct tevent_req *req, > > > - TALLOC_CTX *mem_ctx, > > > - struct rpc_cli_transport **presult); > > > -diff --git a/source3/rpc_client/rpc_transport_np.c b/source3/rpc_cli= ent/rpc_transport_np.c > > > -index 7bd1ca3..c0f313e 100644 > > > ---- a/source3/rpc_client/rpc_transport_np.c > > > -+++ b/source3/rpc_client/rpc_transport_np.c > > > -@@ -40,7 +40,7 @@ static void rpc_transport_np_init_pipe_open(struct= tevent_req *subreq); > > > - struct tevent_req *rpc_transport_np_init_send(TALLOC_CTX *mem_ctx, > > > - struct tevent_context *ev, > > > - struct cli_state *cli, > > > -- const struct ndr_syntax_id *abstract_syntax) > > > -+ const struct ndr_interface_table *table) > > > - { > > > - struct tevent_req *req; > > > - struct rpc_transport_np_init_state *state; > > > -@@ -55,7 +55,7 @@ struct tevent_req *rpc_transport_np_init_send(TALL= OC_CTX *mem_ctx, > > > - state->ev =3D ev; > > > - state->cli =3D cli; > > > - state->abs_timeout =3D timeval_current_ofs_msec(cli->timeout); > > > -- state->pipe_name =3D get_pipe_name_from_syntax(state, abstract_syn= tax); > > > -+ state->pipe_name =3D get_pipe_name_from_syntax(state, &table->synt= ax_id); > > > - if (tevent_req_nomem(state->pipe_name, req)) { > > > - return tevent_req_post(req, ev); > > > - } > > > -@@ -166,7 +166,7 @@ NTSTATUS rpc_transport_np_init(TALLOC_CTX *mem_c= tx, struct cli_state *cli, > > > - goto fail; > > > - } > > > -=20 > > > -- req =3D rpc_transport_np_init_send(frame, ev, cli, &table->syntax_= id); > > > -+ req =3D rpc_transport_np_init_send(frame, ev, cli, table); > > > - if (req =3D=3D NULL) { > > > - status =3D NT_STATUS_NO_MEMORY; > > > - goto fail; > > > ---=20 > > > -1.9.3 > > > - > > > - > > > -From c5529ee9045c44114ab1716b05d3408baa1b4e42 Mon Sep 17 00:00:00 20= 01 > > > -From: =3D?UTF-8?q?G=3DC3=3DBCnther=3D20Deschner?=3D > > > -Date: Wed, 24 Sep 2008 11:04:42 +0200 > > > -Subject: [PATCH 035/249] s3: libnet_join: add admin_domain. > > > -MIME-Version: 1.0 > > > -Content-Type: text/plain; charset=3DUTF-8 > > > -Content-Transfer-Encoding: 8bit > > > - > > > -Guenther > > > - > > > -Signed-off-by: G=C3=BCnther Deschner > > > -Reviewed-by: Stefan Metzmacher > > > -Reviewed-by: Andreas Schneider > > > -(cherry picked from commit c11a79c5a054e862f61c97093fa2ce5e5040f111) > > > ---- > > > - source3/librpc/idl/libnet_join.idl | 2 ++ > > > - 1 file changed, 2 insertions(+) > > > - > > > -diff --git a/source3/librpc/idl/libnet_join.idl b/source3/librpc/idl= /libnet_join.idl > > > -index 4f28bb6..ac0a350 100644 > > > ---- a/source3/librpc/idl/libnet_join.idl > > > -+++ b/source3/librpc/idl/libnet_join.idl > > > -@@ -21,6 +21,7 @@ interface libnetjoin > > > - [in,ref] string *domain_name, > > > - [in] string account_ou, > > > - [in] string admin_account, > > > -+ [in] string admin_domain, > > > - [in,noprint] string admin_password, > > > - [in] string machine_password, > > > - [in] wkssvc_joinflags join_flags, > > > -@@ -51,6 +52,7 @@ interface libnetjoin > > > - [in] string domain_name, > > > - [in] string account_ou, > > > - [in] string admin_account, > > > -+ [in] string admin_domain, > > > - [in,noprint] string admin_password, > > > - [in] string machine_password, > > > - [in] wkssvc_joinflags unjoin_flags, > > > ---=20 > > > -1.9.3 > > > - > > > - > > > -From a0d8f42ac44d279ae7bc599792cd1d564925dcbf Mon Sep 17 00:00:00 20= 01 > > > -From: =3D?UTF-8?q?G=3DC3=3DBCnther=3D20Deschner?=3D > > > -Date: Wed, 24 Sep 2008 11:05:37 +0200 > > > -Subject: [PATCH 036/249] s3: libnet_join: use admin_domain in libnet= join. > > > -MIME-Version: 1.0 > > > -Content-Type: text/plain; charset=3DUTF-8 > > > -Content-Transfer-Encoding: 8bit > > > - > > > -Guenther > > > - > > > -Signed-off-by: G=C3=BCnther Deschner > > > -Reviewed-by: Stefan Metzmacher > > > -Reviewed-by: Andreas Schneider > > > -(cherry picked from commit cc0cbd4fdc6e07538d67cc41ca07bad1eaebf493) > > > ---- > > > - source3/libnet/libnet_join.c | 27 ++++++++++++++++++++++++++- > > > - 1 file changed, 26 insertions(+), 1 deletion(-) > > > - > > > -diff --git a/source3/libnet/libnet_join.c b/source3/libnet/libnet_jo= in.c > > > -index 324c8f3..2253079 100644 > > > ---- a/source3/libnet/libnet_join.c > > > -+++ b/source3/libnet/libnet_join.c > > > -@@ -701,6 +701,7 @@ static bool libnet_join_joindomain_store_secrets= (TALLOC_CTX *mem_ctx, > > > -=20 > > > - static NTSTATUS libnet_join_connect_dc_ipc(const char *dc, > > > - const char *user, > > > -+ const char *domain, > > > - const char *pass, > > > - bool use_kerberos, > > > - struct cli_state **cli) > > > -@@ -720,7 +721,7 @@ static NTSTATUS libnet_join_connect_dc_ipc(const= char *dc, > > > - NULL, 0, > > > - "IPC$", "IPC", > > > - user, > > > -- NULL, > > > -+ domain, > > > - pass, > > > - flags, > > > - SMB_SIGNING_DEFAULT); > > > -@@ -742,6 +743,7 @@ static NTSTATUS libnet_join_lookup_dc_rpc(TALLOC= _CTX *mem_ctx, > > > -=20 > > > - status =3D libnet_join_connect_dc_ipc(r->in.dc_name, > > > - r->in.admin_account, > > > -+ r->in.admin_domain, > > > - r->in.admin_password, > > > - r->in.use_kerberos, > > > - cli); > > > -@@ -1368,6 +1370,7 @@ static NTSTATUS libnet_join_unjoindomain_rpc(T= ALLOC_CTX *mem_ctx, > > > -=20 > > > - status =3D libnet_join_connect_dc_ipc(r->in.dc_name, > > > - r->in.admin_account, > > > -+ r->in.admin_domain, > > > - r->in.admin_password, > > > - r->in.use_kerberos, > > > - &cli); > > > -@@ -1755,6 +1758,17 @@ static WERROR libnet_join_pre_processing(TALL= OC_CTX *mem_ctx, > > > - return WERR_SETUP_DOMAIN_CONTROLLER; > > > - } > > > -=20 > > > -+ if (!r->in.admin_domain) { > > > -+ char *admin_domain =3D NULL; > > > -+ char *admin_account =3D NULL; > > > -+ split_domain_user(mem_ctx, > > > -+ r->in.admin_account, > > > -+ &admin_domain, > > > -+ &admin_account); > > > -+ r->in.admin_domain =3D admin_domain; > > > -+ r->in.admin_account =3D admin_account; > > > -+ } > > > -+ > > > - if (!secrets_init()) { > > > - libnet_join_set_error_string(mem_ctx, r, > > > - "Unable to open secrets database"); > > > -@@ -2316,6 +2330,17 @@ static WERROR libnet_unjoin_pre_processing(TA= LLOC_CTX *mem_ctx, > > > - return WERR_SETUP_DOMAIN_CONTROLLER; > > > - } > > > -=20 > > > -+ if (!r->in.admin_domain) { > > > -+ char *admin_domain =3D NULL; > > > -+ char *admin_account =3D NULL; > > > -+ split_domain_user(mem_ctx, > > > -+ r->in.admin_account, > > > -+ &admin_domain, > > > -+ &admin_account); > > > -+ r->in.admin_domain =3D admin_domain; > > > -+ r->in.admin_account =3D admin_account; > > > -+ } > > > -+ > > > - if (!secrets_init()) { > > > - libnet_unjoin_set_error_string(mem_ctx, r, > > > - "Unable to open secrets database"); > > > ---=20 > > > -1.9.3 > > > - > > > - > > > -From 46f8496292a12b7acdd045d126b61fa9d8afee74 Mon Sep 17 00:00:00 20= 01 > > > -From: =3D?UTF-8?q?G=3DC3=3DBCnther=3D20Deschner?=3D > > > -Date: Thu, 6 Nov 2008 11:40:03 +0100 > > > -Subject: [PATCH 037/249] s3-libnetjoin: add machine_name length chec= k. > > > -MIME-Version: 1.0 > > > -Content-Type: text/plain; charset=3DUTF-8 > > > -Content-Transfer-Encoding: 8bit > > > - > > > -Guenther > > > - > > > -Signed-off-by: G=C3=BCnther Deschner > > > -Reviewed-by: Stefan Metzmacher > > > -Reviewed-by: Andreas Schneider > > > -(cherry picked from commit c4d6d75cf48aed7b17728e283581366143fa4233) > > > ---- > > > - source3/libnet/libnet_join.c | 9 +++++++++ > > > - 1 file changed, 9 insertions(+) > > > - > > > -diff --git a/source3/libnet/libnet_join.c b/source3/libnet/libnet_jo= in.c > > > -index 2253079..b731d9b 100644 > > > ---- a/source3/libnet/libnet_join.c > > > -+++ b/source3/libnet/libnet_join.c > > > -@@ -1746,6 +1746,15 @@ static WERROR libnet_join_pre_processing(TALL= OC_CTX *mem_ctx, > > > - return WERR_INVALID_PARAM; > > > - } > > > -=20 > > > -+ if (strlen(r->in.machine_name) > 15) { > > > -+ libnet_join_set_error_string(mem_ctx, r, > > > -+ "Our netbios name can be at most 15 chars long, " > > > -+ "\"%s\" is %u chars long\n", > > > -+ r->in.machine_name, > > > -+ (unsigned int)strlen(r->in.machine_name)); > > > -+ return WERR_INVALID_PARAM; > > > -+ } > > > -+ > > > - if (!libnet_parse_domain_dc(mem_ctx, r->in.domain_name, > > > - &r->in.domain_name, > > > - &r->in.dc_name)) { > > > ---=20 > > > -1.9.3 > > > - > > > - > > > -From a60cf7ddd4e2d41d92cdd35ab05f2d6a30b055c9 Mon Sep 17 00:00:00 20= 01 > > > -From: =3D?UTF-8?q?G=3DC3=3DBCnther=3D20Deschner?=3D > > > -Date: Thu, 6 Nov 2008 13:37:45 +0100 > > > -Subject: [PATCH 038/249] s3-libnetjoin: move "net rpc oldjoin" to use > > > - libnetjoin. > > > -MIME-Version: 1.0 > > > -Content-Type: text/plain; charset=3DUTF-8 > > > -Content-Transfer-Encoding: 8bit > > > - > > > -Guenther > > > - > > > -Signed-off-by: G=C3=BCnther Deschner > > > -Reviewed-by: Stefan Metzmacher > > > -Reviewed-by: Andreas Schneider > > > -(cherry picked from commit d398a12f7907866189c1b253ca6a40e5454f42a1) > > > ---- > > > - source3/utils/net_rpc.c | 182 ++++++++++++++++++++++---------------= ----------- > > > - 1 file changed, 84 insertions(+), 98 deletions(-) > > > - > > > -diff --git a/source3/utils/net_rpc.c b/source3/utils/net_rpc.c > > > -index 69ff14d..720e9d2 100644 > > > ---- a/source3/utils/net_rpc.c > > > -+++ b/source3/utils/net_rpc.c > > > -@@ -37,6 +37,8 @@ > > > - #include "secrets.h" > > > - #include "lib/netapi/netapi.h" > > > - #include "lib/netapi/netapi_net.h" > > > -+#include "librpc/gen_ndr/libnet_join.h" > > > -+#include "libnet/libnet_join.h" > > > - #include "rpc_client/init_lsa.h" > > > - #include "../libcli/security/security.h" > > > - #include "libsmb/libsmb.h" > > > -@@ -314,48 +316,46 @@ int net_rpc_changetrustpw(struct net_context *= c, int argc, const char **argv) > > > - } > > > -=20 > > > - /** > > > -- * Join a domain, the old way. > > > -+ * Join a domain, the old way. This function exists to allow > > > -+ * the message to be displayed when oldjoin was explicitly > > > -+ * requested, but not when it was implied by "net rpc join". > > > - * > > > - * This uses 'machinename' as the inital password, and changes it. > > > - * > > > - * The password should be created with 'server manager' or equiv fi= rst. > > > - * > > > -- * All parameters are provided by the run_rpc_command function, exc= ept for > > > -- * argc, argv which are passed through. > > > -- * > > > -- * @param domain_sid The domain sid acquired from the remote server. > > > -- * @param cli A cli_state connected to the server. > > > -- * @param mem_ctx Talloc context, destroyed on completion of the fu= nction. > > > - * @param argc Standard main() style argc. > > > - * @param argv Standard main() style argv. Initial components are = already > > > - * stripped. > > > - * > > > -- * @return Normal NTSTATUS return. > > > -+ * @return A shell status integer (0 for success). > > > - **/ > > > -=20 > > > --static NTSTATUS rpc_oldjoin_internals(struct net_context *c, > > > -- const struct dom_sid *domain_sid, > > > -- const char *domain_name, > > > -- struct cli_state *cli, > > > -- struct rpc_pipe_client *pipe_hnd, > > > -- TALLOC_CTX *mem_ctx, > > > -- int argc, > > > -- const char **argv) > > > -+static int net_rpc_oldjoin(struct net_context *c, int argc, const c= har **argv) > > > - { > > > -+ struct libnet_JoinCtx *r =3D NULL; > > > -+ TALLOC_CTX *mem_ctx; > > > -+ WERROR werr; > > > -+ const char *domain =3D lp_workgroup(); /* FIXME */ > > > -+ bool modify_config =3D lp_config_backend_is_registry(); > > > -+ enum netr_SchannelType sec_chan_type; > > > -+ char *pw =3D NULL; > > > -=20 > > > -- fstring trust_passwd; > > > -- unsigned char orig_trust_passwd_hash[16]; > > > -- NTSTATUS result; > > > -- enum netr_SchannelType sec_channel_type; > > > -+ if (c->display_usage) { > > > -+ d_printf("Usage:\n" > > > -+ "net rpc oldjoin\n" > > > -+ " Join a domain the old way\n"); > > > -+ return 0; > > > -+ } > > > -=20 > > > -- result =3D cli_rpc_pipe_open_noauth(cli, &ndr_table_netlogon, > > > -- &pipe_hnd); > > > -- if (!NT_STATUS_IS_OK(result)) { > > > -- DEBUG(0,("rpc_oldjoin_internals: netlogon pipe open to machine %s= failed. " > > > -- "error was %s\n", > > > -- smbXcli_conn_remote_name(cli->conn), > > > -- nt_errstr(result) )); > > > -- return result; > > > -+ mem_ctx =3D talloc_init("net_rpc_oldjoin"); > > > -+ if (!mem_ctx) { > > > -+ return -1; > > > -+ } > > > -+ > > > -+ werr =3D libnet_init_JoinCtx(mem_ctx, &r); > > > -+ if (!W_ERROR_IS_OK(werr)) { > > > -+ goto fail; > > > - } > > > -=20 > > > - /* > > > -@@ -363,92 +363,78 @@ static NTSTATUS rpc_oldjoin_internals(struct n= et_context *c, > > > - a BDC, the server must agree that we are a BDC. > > > - */ > > > - if (argc >=3D 0) { > > > -- sec_channel_type =3D get_sec_channel_type(argv[0]); > > > -+ sec_chan_type =3D get_sec_channel_type(argv[0]); > > > - } else { > > > -- sec_channel_type =3D get_sec_channel_type(NULL); > > > -+ sec_chan_type =3D get_sec_channel_type(NULL); > > > - } > > > -=20 > > > -- fstrcpy(trust_passwd, lp_netbios_name()); > > > -- if (!strlower_m(trust_passwd)) { > > > -- return NT_STATUS_UNSUCCESSFUL; > > > -+ if (!c->msg_ctx) { > > > -+ d_fprintf(stderr, _("Could not initialise message context. " > > > -+ "Try running as root\n")); > > > -+ werr =3D WERR_ACCESS_DENIED; > > > -+ goto fail; > > > - } > > > -=20 > > > -- /* > > > -- * Machine names can be 15 characters, but the max length on > > > -- * a password is 14. --jerry > > > -- */ > > > -- > > > -- trust_passwd[14] =3D '\0'; > > > -- > > > -- E_md4hash(trust_passwd, orig_trust_passwd_hash); > > > -- > > > -- result =3D trust_pw_change_and_store_it(pipe_hnd, mem_ctx, c->opt_= target_workgroup, > > > -- lp_netbios_name(), > > > -- orig_trust_passwd_hash, > > > -- sec_channel_type); > > > -- > > > -- if (NT_STATUS_IS_OK(result)) > > > -- printf(_("Joined domain %s.\n"), c->opt_target_workgroup); > > > -+ pw =3D talloc_strndup(r, lp_netbios_name(), 14); > > > -+ if (pw =3D=3D NULL) { > > > -+ werr =3D WERR_NOMEM; > > > -+ goto fail; > > > -+ } > > > -=20 > > > -+ r->in.msg_ctx =3D c->msg_ctx; > > > -+ r->in.domain_name =3D domain; > > > -+ r->in.secure_channel_type =3D sec_chan_type; > > > -+ r->in.dc_name =3D c->opt_host; > > > -+ r->in.admin_account =3D ""; > > > -+ r->in.admin_password =3D strlower_talloc(r, pw); > > > -+ if (r->in.admin_password =3D=3D NULL) { > > > -+ werr =3D WERR_NOMEM; > > > -+ goto fail; > > > -+ } > > > -+ r->in.debug =3D true; > > > -+ r->in.modify_config =3D modify_config; > > > -+ r->in.join_flags =3D WKSSVC_JOIN_FLAGS_JOIN_TYPE | > > > -+ WKSSVC_JOIN_FLAGS_JOIN_UNSECURE | > > > -+ WKSSVC_JOIN_FLAGS_MACHINE_PWD_PASSED; > > > -=20 > > > -- if (!secrets_store_domain_sid(c->opt_target_workgroup, domain_sid)= ) { > > > -- DEBUG(0, ("error storing domain sid for %s\n", c->opt_target_work= group)); > > > -- result =3D NT_STATUS_UNSUCCESSFUL; > > > -+ werr =3D libnet_Join(mem_ctx, r); > > > -+ if (!W_ERROR_IS_OK(werr)) { > > > -+ goto fail; > > > - } > > > -=20 > > > -- return result; > > > --} > > > -+ /* Check the short name of the domain */ > > > -=20 > > > --/** > > > -- * Join a domain, the old way. > > > -- * > > > -- * @param argc Standard main() style argc. > > > -- * @param argv Standard main() style argv. Initial components are = already > > > -- * stripped. > > > -- * > > > -- * @return A shell status integer (0 for success). > > > -- **/ > > > -+ if (!modify_config && !strequal(lp_workgroup(), r->out.netbios_dom= ain_name)) { > > > -+ d_printf("The workgroup in %s does not match the short\n", get_dy= n_CONFIGFILE()); > > > -+ d_printf("domain name obtained from the server.\n"); > > > -+ d_printf("Using the name [%s] from the server.\n", r->out.netbios= _domain_name); > > > -+ d_printf("You should set \"workgroup =3D %s\" in %s.\n", > > > -+ r->out.netbios_domain_name, get_dyn_CONFIGFILE()); > > > -+ } > > > -=20 > > > --static int net_rpc_perform_oldjoin(struct net_context *c, int argc,= const char **argv) > > > --{ > > > -- return run_rpc_command(c, NULL, &ndr_table_netlogon, > > > -- NET_FLAGS_NO_PIPE | NET_FLAGS_ANONYMOUS | NET_FLAGS_PDC, > > > -- rpc_oldjoin_internals, > > > -- argc, argv); > > > --} > > > -+ d_printf("Using short domain name -- %s\n", r->out.netbios_domain_= name); > > > -=20 > > > --/** > > > -- * Join a domain, the old way. This function exists to allow > > > -- * the message to be displayed when oldjoin was explicitly > > > -- * requested, but not when it was implied by "net rpc join". > > > -- * > > > -- * @param argc Standard main() style argc. > > > -- * @param argv Standard main() style argv. Initial components are = already > > > -- * stripped. > > > -- * > > > -- * @return A shell status integer (0 for success). > > > -- **/ > > > -+ if (r->out.dns_domain_name) { > > > -+ d_printf("Joined '%s' to realm '%s'\n", r->in.machine_name, > > > -+ r->out.dns_domain_name); > > > -+ } else { > > > -+ d_printf("Joined '%s' to domain '%s'\n", r->in.machine_name, > > > -+ r->out.netbios_domain_name); > > > -+ } > > > -=20 > > > --static int net_rpc_oldjoin(struct net_context *c, int argc, const c= har **argv) > > > --{ > > > -- int rc =3D -1; > > > -+ TALLOC_FREE(mem_ctx); > > > -=20 > > > -- if (c->display_usage) { > > > -- d_printf( "%s\n" > > > -- "net rpc oldjoin\n" > > > -- " %s\n", > > > -- _("Usage:"), > > > -- _("Join a domain the old way")); > > > -- return 0; > > > -- } > > > -+ return 0; > > > -=20 > > > -- rc =3D net_rpc_perform_oldjoin(c, argc, argv); > > > -+fail: > > > -+ /* issue an overall failure message at the end. */ > > > -+ d_fprintf(stderr, _("Failed to join domain: %s\n"), > > > -+ r && r->out.error_string ? r->out.error_string : > > > -+ get_friendly_werror_msg(werr)); > > > -=20 > > > -- if (rc) { > > > -- d_fprintf(stderr, _("Failed to join domain\n")); > > > -- } > > > -+ TALLOC_FREE(mem_ctx); > > > -=20 > > > -- return rc; > > > -+ return -1; > > > - } > > > -=20 > > > - /** > > > -@@ -492,7 +478,7 @@ int net_rpc_join(struct net_context *c, int argc= , const char **argv) > > > - return -1; > > > - } > > > -=20 > > > -- if ((net_rpc_perform_oldjoin(c, argc, argv) =3D=3D 0)) > > > -+ if ((net_rpc_oldjoin(c, argc, argv) =3D=3D 0)) > > > - return 0; > > > -=20 > > > - return net_rpc_join_newstyle(c, argc, argv); > > > ---=20 > > > -1.9.3 > > > - > > > - > > > -From 3185251186366984b5ec06322c75cfda71dccdbc Mon Sep 17 00:00:00 20= 01 > > > -From: Stefan Metzmacher > > > -Date: Thu, 13 Jun 2013 19:12:27 +0200 > > > -Subject: [PATCH 039/249] s3:libnet: let the caller truncate the pw in > > > - libnet_join_joindomain_rpc_unsecure() > > > - > > > -Signed-off-by: Stefan Metzmacher > > > -Reviewed-by: Andreas Schneider > > > -(cherry picked from commit 1242ab0cb3bf575b695b39313604af9d0a7f1b3a) > > > ---- > > > - source3/libnet/libnet_join.c | 15 +-------------- > > > - 1 file changed, 1 insertion(+), 14 deletions(-) > > > - > > > -diff --git a/source3/libnet/libnet_join.c b/source3/libnet/libnet_jo= in.c > > > -index b731d9b..d8ec235 100644 > > > ---- a/source3/libnet/libnet_join.c > > > -+++ b/source3/libnet/libnet_join.c > > > -@@ -818,7 +818,6 @@ static NTSTATUS libnet_join_joindomain_rpc_unsec= ure(TALLOC_CTX *mem_ctx, > > > - struct rpc_pipe_client *pipe_hnd =3D NULL; > > > - unsigned char orig_trust_passwd_hash[16]; > > > - unsigned char new_trust_passwd_hash[16]; > > > -- fstring trust_passwd; > > > - NTSTATUS status; > > > -=20 > > > - status =3D cli_rpc_pipe_open_noauth(cli, &ndr_table_netlogon, > > > -@@ -837,19 +836,7 @@ static NTSTATUS libnet_join_joindomain_rpc_unse= cure(TALLOC_CTX *mem_ctx, > > > - E_md4hash(r->in.machine_password, new_trust_passwd_hash); > > > -=20 > > > - /* according to WKSSVC_JOIN_FLAGS_MACHINE_PWD_PASSED */ > > > -- fstrcpy(trust_passwd, r->in.admin_password); > > > -- if (!strlower_m(trust_passwd)) { > > > -- return NT_STATUS_INVALID_PARAMETER; > > > -- } > > > -- > > > -- /* > > > -- * Machine names can be 15 characters, but the max length on > > > -- * a password is 14. --jerry > > > -- */ > > > -- > > > -- trust_passwd[14] =3D '\0'; > > > -- > > > -- E_md4hash(trust_passwd, orig_trust_passwd_hash); > > > -+ E_md4hash(r->in.admin_password, orig_trust_passwd_hash); > > > -=20 > > > - status =3D rpccli_netlogon_set_trust_password(pipe_hnd, mem_ctx, > > > - r->in.machine_name, > > > ---=20 > > > -1.9.3 > > > - > > > - > > > -From e1e15a73a9a5215866f6471c5e583457c516b47e Mon Sep 17 00:00:00 20= 01 > > > -From: =3D?UTF-8?q?G=3DC3=3DBCnther=3D20Deschner?=3D > > > -Date: Tue, 3 Feb 2009 20:10:05 +0100 > > > -Subject: [PATCH 040/249] s3-net: use libnetjoin for "net rpc testjoi= n". > > > -MIME-Version: 1.0 > > > -Content-Type: text/plain; charset=3DUTF-8 > > > -Content-Transfer-Encoding: 8bit > > > - > > > -Guenther > > > - > > > -Signed-off-by: G=C3=BCnther Deschner > > > -Reviewed-by: Stefan Metzmacher > > > -Reviewed-by: Andreas Schneider > > > -(cherry picked from commit 9cfa6251600ddea0e821f2bd3fd359c28eb1b7f9) > > > ---- > > > - source3/utils/net_proto.h | 2 +- > > > - source3/utils/net_rpc.c | 66 +++++++++++++++++++++++++++++++++= +++++++++++ > > > - source3/utils/net_rpc_join.c | 29 ------------------- > > > - 3 files changed, 67 insertions(+), 30 deletions(-) > > > - > > > -diff --git a/source3/utils/net_proto.h b/source3/utils/net_proto.h > > > -index 03fb312..d791708 100644 > > > ---- a/source3/utils/net_proto.h > > > -+++ b/source3/utils/net_proto.h > > > -@@ -145,6 +145,7 @@ int run_rpc_command(struct net_context *c, > > > - int argc, > > > - const char **argv); > > > - int net_rpc_changetrustpw(struct net_context *c, int argc, const ch= ar **argv); > > > -+int net_rpc_testjoin(struct net_context *c, int argc, const char **= argv); > > > - int net_rpc_join(struct net_context *c, int argc, const char **argv= ); > > > - NTSTATUS rpc_info_internals(struct net_context *c, > > > - const struct dom_sid *domain_sid, > > > -@@ -205,7 +206,6 @@ NTSTATUS net_rpc_join_ok(struct net_context *c, = const char *domain, > > > - const char *server, > > > - const struct sockaddr_storage *server_ss); > > > - int net_rpc_join_newstyle(struct net_context *c, int argc, const ch= ar **argv); > > > --int net_rpc_testjoin(struct net_context *c, int argc, const char **= argv); > > > -=20 > > > - /* The following definitions come from utils/net_rpc_printer.c */ > > > -=20 > > > -diff --git a/source3/utils/net_rpc.c b/source3/utils/net_rpc.c > > > -index 720e9d2..592be44 100644 > > > ---- a/source3/utils/net_rpc.c > > > -+++ b/source3/utils/net_rpc.c > > > -@@ -438,6 +438,72 @@ fail: > > > - } > > > -=20 > > > - /** > > > -+ * check that a join is OK > > > -+ * > > > -+ * @return A shell status integer (0 for success) > > > -+ * > > > -+ **/ > > > -+int net_rpc_testjoin(struct net_context *c, int argc, const char **= argv) > > > -+{ > > > -+ NTSTATUS status; > > > -+ TALLOC_CTX *mem_ctx; > > > -+ const char *domain =3D c->opt_target_workgroup; > > > -+ const char *dc =3D c->opt_host; > > > -+ > > > -+ if (c->display_usage) { > > > -+ d_printf("Usage\n" > > > -+ "net rpc testjoin\n" > > > -+ " Test if a join is OK\n"); > > > -+ return 0; > > > -+ } > > > -+ > > > -+ mem_ctx =3D talloc_init("net_rpc_testjoin"); > > > -+ if (!mem_ctx) { > > > -+ return -1; > > > -+ } > > > -+ > > > -+ if (!dc) { > > > -+ struct netr_DsRGetDCNameInfo *info; > > > -+ > > > -+ if (!c->msg_ctx) { > > > -+ d_fprintf(stderr, _("Could not initialise message context. " > > > -+ "Try running as root\n")); > > > -+ talloc_destroy(mem_ctx); > > > -+ return -1; > > > -+ } > > > -+ > > > -+ status =3D dsgetdcname(mem_ctx, > > > -+ c->msg_ctx, > > > -+ domain, > > > -+ NULL, > > > -+ NULL, > > > -+ DS_RETURN_DNS_NAME, > > > -+ &info); > > > -+ if (!NT_STATUS_IS_OK(status)) { > > > -+ talloc_destroy(mem_ctx); > > > -+ return -1; > > > -+ } > > > -+ > > > -+ dc =3D strip_hostname(info->dc_unc); > > > -+ } > > > -+ > > > -+ /* Display success or failure */ > > > -+ status =3D libnet_join_ok(c->opt_workgroup, lp_netbios_name(), dc, > > > -+ c->opt_kerberos); > > > -+ if (!NT_STATUS_IS_OK(status)) { > > > -+ fprintf(stderr,"Join to domain '%s' is not valid: %s\n", > > > -+ domain, nt_errstr(status)); > > > -+ talloc_destroy(mem_ctx); > > > -+ return -1; > > > -+ } > > > -+ > > > -+ printf("Join to '%s' is OK\n",domain); > > > -+ talloc_destroy(mem_ctx); > > > -+ > > > -+ return 0; > > > -+} > > > -+ > > > -+/** > > > - * 'net rpc join' entrypoint. > > > - * @param argc Standard main() style argc. > > > - * @param argv Standard main() style argv. Initial components are = already > > > -diff --git a/source3/utils/net_rpc_join.c b/source3/utils/net_rpc_jo= in.c > > > -index aabbe54..ee39a5c 100644 > > > ---- a/source3/utils/net_rpc_join.c > > > -+++ b/source3/utils/net_rpc_join.c > > > -@@ -561,32 +561,3 @@ done: > > > -=20 > > > - return retval; > > > - } > > > -- > > > --/** > > > -- * check that a join is OK > > > -- * > > > -- * @return A shell status integer (0 for success) > > > -- * > > > -- **/ > > > --int net_rpc_testjoin(struct net_context *c, int argc, const char **= argv) > > > --{ > > > -- NTSTATUS nt_status; > > > -- > > > -- if (c->display_usage) { > > > -- d_printf(_("Usage\n" > > > -- "net rpc testjoin\n" > > > -- " Test if a join is OK\n")); > > > -- return 0; > > > -- } > > > -- > > > -- /* Display success or failure */ > > > -- nt_status =3D net_rpc_join_ok(c, c->opt_target_workgroup, NULL, NU= LL); > > > -- if (!NT_STATUS_IS_OK(nt_status)) { > > > -- fprintf(stderr, _("Join to domain '%s' is not valid: %s\n"), > > > -- c->opt_target_workgroup, nt_errstr(nt_status)); > > > -- return -1; > > > -- } > > > -- > > > -- printf(_("Join to '%s' is OK\n"), c->opt_target_workgroup); > > > -- return 0; > > > --} > > > ---=20 > > > -1.9.3 > > > - > > > - > > > -From a0474baa59c0991c2b2d8e3f425c9a6845162f45 Mon Sep 17 00:00:00 20= 01 > > > -From: =3D?UTF-8?q?G=3DC3=3DBCnther=3D20Deschner?=3D > > > -Date: Tue, 3 Feb 2009 20:21:05 +0100 > > > -Subject: [PATCH 041/249] s3-net: use libnetjoin for "net rpc join" n= ewstyle. > > > -MIME-Version: 1.0 > > > -Content-Type: text/plain; charset=3DUTF-8 > > > -Content-Transfer-Encoding: 8bit > > > - > > > -Guenther > > > - > > > -Signed-off-by: G=C3=BCnther Deschner > > > -Reviewed-by: Stefan Metzmacher > > > -Reviewed-by: Andreas Schneider > > > -(cherry picked from commit 3e4ded48bbeacdcd128f3c667cbdd12a3efca312) > > > ---- > > > - source3/utils/net_proto.h | 8 +--- > > > - source3/utils/net_rpc.c | 106 +++++++++++++++++++++++++++++++++++= +++++++++++ > > > - source3/wscript_build | 2 +- > > > - 3 files changed, 108 insertions(+), 8 deletions(-) > > > - > > > -diff --git a/source3/utils/net_proto.h b/source3/utils/net_proto.h > > > -index d791708..1809ba9 100644 > > > ---- a/source3/utils/net_proto.h > > > -+++ b/source3/utils/net_proto.h > > > -@@ -146,6 +146,7 @@ int run_rpc_command(struct net_context *c, > > > - const char **argv); > > > - int net_rpc_changetrustpw(struct net_context *c, int argc, const ch= ar **argv); > > > - int net_rpc_testjoin(struct net_context *c, int argc, const char **= argv); > > > -+int net_rpc_join_newstyle(struct net_context *c, int argc, const ch= ar **argv); > > > - int net_rpc_join(struct net_context *c, int argc, const char **argv= ); > > > - NTSTATUS rpc_info_internals(struct net_context *c, > > > - const struct dom_sid *domain_sid, > > > -@@ -200,13 +201,6 @@ int net_rpc(struct net_context *c, int argc, co= nst char **argv); > > > -=20 > > > - int net_rpc_audit(struct net_context *c, int argc, const char **arg= v); > > > -=20 > > > --/* The following definitions come from utils/net_rpc_join.c */ > > > -- > > > --NTSTATUS net_rpc_join_ok(struct net_context *c, const char *domain, > > > -- const char *server, > > > -- const struct sockaddr_storage *server_ss); > > > --int net_rpc_join_newstyle(struct net_context *c, int argc, const ch= ar **argv); > > > -- > > > - /* The following definitions come from utils/net_rpc_printer.c */ > > > -=20 > > > - NTSTATUS net_copy_fileattr(struct net_context *c, > > > -diff --git a/source3/utils/net_rpc.c b/source3/utils/net_rpc.c > > > -index 592be44..6358460 100644 > > > ---- a/source3/utils/net_rpc.c > > > -+++ b/source3/utils/net_rpc.c > > > -@@ -504,6 +504,112 @@ int net_rpc_testjoin(struct net_context *c, in= t argc, const char **argv) > > > - } > > > -=20 > > > - /** > > > -+ * Join a domain using the administrator username and password > > > -+ * > > > -+ * @param argc Standard main() style argc > > > -+ * @param argc Standard main() style argv. Initial components are= already > > > -+ * stripped. Currently not used. > > > -+ * @return A shell status integer (0 for success) > > > -+ * > > > -+ **/ > > > -+ > > > -+int net_rpc_join_newstyle(struct net_context *c, int argc, const ch= ar **argv) > > > -+{ > > > -+ struct libnet_JoinCtx *r =3D NULL; > > > -+ TALLOC_CTX *mem_ctx; > > > -+ WERROR werr; > > > -+ const char *domain =3D lp_workgroup(); /* FIXME */ > > > -+ bool modify_config =3D lp_config_backend_is_registry(); > > > -+ enum netr_SchannelType sec_chan_type; > > > -+ > > > -+ if (c->display_usage) { > > > -+ d_printf("Usage:\n" > > > -+ "net rpc join\n" > > > -+ " Join a domain the new way\n"); > > > -+ return 0; > > > -+ } > > > -+ > > > -+ mem_ctx =3D talloc_init("net_rpc_join_newstyle"); > > > -+ if (!mem_ctx) { > > > -+ return -1; > > > -+ } > > > -+ > > > -+ werr =3D libnet_init_JoinCtx(mem_ctx, &r); > > > -+ if (!W_ERROR_IS_OK(werr)) { > > > -+ goto fail; > > > -+ } > > > -+ > > > -+ /* > > > -+ check what type of join - if the user want's to join as > > > -+ a BDC, the server must agree that we are a BDC. > > > -+ */ > > > -+ if (argc >=3D 0) { > > > -+ sec_chan_type =3D get_sec_channel_type(argv[0]); > > > -+ } else { > > > -+ sec_chan_type =3D get_sec_channel_type(NULL); > > > -+ } > > > -+ > > > -+ if (!c->msg_ctx) { > > > -+ d_fprintf(stderr, _("Could not initialise message context. " > > > -+ "Try running as root\n")); > > > -+ werr =3D WERR_ACCESS_DENIED; > > > -+ goto fail; > > > -+ } > > > -+ > > > -+ r->in.msg_ctx =3D c->msg_ctx; > > > -+ r->in.domain_name =3D domain; > > > -+ r->in.secure_channel_type =3D sec_chan_type; > > > -+ r->in.dc_name =3D c->opt_host; > > > -+ r->in.admin_account =3D c->opt_user_name; > > > -+ r->in.admin_password =3D net_prompt_pass(c, c->opt_user_name); > > > -+ r->in.debug =3D true; > > > -+ r->in.use_kerberos =3D c->opt_kerberos; > > > -+ r->in.modify_config =3D modify_config; > > > -+ r->in.join_flags =3D WKSSVC_JOIN_FLAGS_JOIN_TYPE | > > > -+ WKSSVC_JOIN_FLAGS_ACCOUNT_CREATE | > > > -+ WKSSVC_JOIN_FLAGS_DOMAIN_JOIN_IF_JOINED; > > > -+ > > > -+ werr =3D libnet_Join(mem_ctx, r); > > > -+ if (!W_ERROR_IS_OK(werr)) { > > > -+ goto fail; > > > -+ } > > > -+ > > > -+ /* Check the short name of the domain */ > > > -+ > > > -+ if (!modify_config && !strequal(lp_workgroup(), r->out.netbios_dom= ain_name)) { > > > -+ d_printf("The workgroup in %s does not match the short\n", get_dy= n_CONFIGFILE()); > > > -+ d_printf("domain name obtained from the server.\n"); > > > -+ d_printf("Using the name [%s] from the server.\n", r->out.netbios= _domain_name); > > > -+ d_printf("You should set \"workgroup =3D %s\" in %s.\n", > > > -+ r->out.netbios_domain_name, get_dyn_CONFIGFILE()); > > > -+ } > > > -+ > > > -+ d_printf("Using short domain name -- %s\n", r->out.netbios_domain_= name); > > > -+ > > > -+ if (r->out.dns_domain_name) { > > > -+ d_printf("Joined '%s' to realm '%s'\n", r->in.machine_name, > > > -+ r->out.dns_domain_name); > > > -+ } else { > > > -+ d_printf("Joined '%s' to domain '%s'\n", r->in.machine_name, > > > -+ r->out.netbios_domain_name); > > > -+ } > > > -+ > > > -+ TALLOC_FREE(mem_ctx); > > > -+ > > > -+ return 0; > > > -+ > > > -+fail: > > > -+ /* issue an overall failure message at the end. */ > > > -+ d_printf("Failed to join domain: %s\n", > > > -+ r && r->out.error_string ? r->out.error_string : > > > -+ get_friendly_werror_msg(werr)); > > > -+ > > > -+ TALLOC_FREE(mem_ctx); > > > -+ > > > -+ return -1; > > > -+} > > > -+ > > > -+/** > > > - * 'net rpc join' entrypoint. > > > - * @param argc Standard main() style argc. > > > - * @param argv Standard main() style argv. Initial components are = already > > > -diff --git a/source3/wscript_build b/source3/wscript_build > > > -index 9461b05..0bf84e2 100755 > > > ---- a/source3/wscript_build > > > -+++ b/source3/wscript_build > > > -@@ -507,7 +507,7 @@ LIBNET_SAMSYNC_SRC =3D '''libnet/libnet_samsync.c > > > -=20 > > > - NET_SRC1 =3D '''utils/net.c utils/net_ads.c utils/net_help.c > > > - utils/net_rap.c utils/net_rpc.c utils/net_rpc_samsync= =2Ec > > > -- utils/net_rpc_join.c utils/net_time.c utils/net_looku= p.c > > > -+ utils/net_time.c utils/net_lookup.c > > > - utils/net_cache.c utils/net_groupmap.c > > > - utils/net_idmap.c utils/net_idmap_check.c > > > - utils/interact.c > > > ---=20 > > > -1.9.3 > > > - > > > - > > > -From b2aad96d2ffd5545c250cce605dfdb7f0852806c Mon Sep 17 00:00:00 20= 01 > > > -From: Stefan Metzmacher > > > -Date: Mon, 15 Jul 2013 13:28:34 +0200 > > > -Subject: [PATCH 042/249] s3-net: avoid confusing output in net_rpc_o= ldjoin() > > > - if NET_FLAGS_EXPECT_FALLBACK is passed > > > - > > > -"net rpc join" tries net_rpc_oldjoin() first and falls back to > > > -net_rpc_join_newstyle(). We should not print the join failed > > > -if just net_rpc_oldjoin() failed. > > > - > > > -Signed-off-by: Stefan Metzmacher > > > -Reviewed-by: Andreas Schneider > > > -(cherry picked from commit 05d9b4165af9e7f03d3fbeb64db4fc305fcec4df) > > > ---- > > > - source3/utils/net.h | 1 + > > > - source3/utils/net_proto.h | 1 - > > > - source3/utils/net_rpc.c | 15 +++++++++++++-- > > > - 3 files changed, 14 insertions(+), 3 deletions(-) > > > - > > > -diff --git a/source3/utils/net.h b/source3/utils/net.h > > > -index 2056d89..e97734a 100644 > > > ---- a/source3/utils/net.h > > > -+++ b/source3/utils/net.h > > > -@@ -182,6 +182,7 @@ enum netdom_domain_t { ND_TYPE_NT4, ND_TYPE_AD }; > > > - #define NET_FLAGS_SIGN 0x00000040 /* sign RPC connection */ > > > - #define NET_FLAGS_SEAL 0x00000080 /* seal RPC connection */ > > > - #define NET_FLAGS_TCP 0x00000100 /* use ncacn_ip_tcp */ > > > -+#define NET_FLAGS_EXPECT_FALLBACK 0x00000200 /* the caller will fa= llback */ > > > -=20 > > > - /* net share operation modes */ > > > - #define NET_MODE_SHARE_MIGRATE 1 > > > -diff --git a/source3/utils/net_proto.h b/source3/utils/net_proto.h > > > -index 1809ba9..25e9db2 100644 > > > ---- a/source3/utils/net_proto.h > > > -+++ b/source3/utils/net_proto.h > > > -@@ -146,7 +146,6 @@ int run_rpc_command(struct net_context *c, > > > - const char **argv); > > > - int net_rpc_changetrustpw(struct net_context *c, int argc, const ch= ar **argv); > > > - int net_rpc_testjoin(struct net_context *c, int argc, const char **= argv); > > > --int net_rpc_join_newstyle(struct net_context *c, int argc, const ch= ar **argv); > > > - int net_rpc_join(struct net_context *c, int argc, const char **argv= ); > > > - NTSTATUS rpc_info_internals(struct net_context *c, > > > - const struct dom_sid *domain_sid, > > > -diff --git a/source3/utils/net_rpc.c b/source3/utils/net_rpc.c > > > -index 6358460..dff8801 100644 > > > ---- a/source3/utils/net_rpc.c > > > -+++ b/source3/utils/net_rpc.c > > > -@@ -427,11 +427,16 @@ static int net_rpc_oldjoin(struct net_context = *c, int argc, const char **argv) > > > - return 0; > > > -=20 > > > - fail: > > > -+ if (c->opt_flags & NET_FLAGS_EXPECT_FALLBACK) { > > > -+ goto cleanup; > > > -+ } > > > -+ > > > - /* issue an overall failure message at the end. */ > > > - d_fprintf(stderr, _("Failed to join domain: %s\n"), > > > - r && r->out.error_string ? r->out.error_string : > > > - get_friendly_werror_msg(werr)); > > > -=20 > > > -+cleanup: > > > - TALLOC_FREE(mem_ctx); > > > -=20 > > > - return -1; > > > -@@ -513,7 +518,7 @@ int net_rpc_testjoin(struct net_context *c, int = argc, const char **argv) > > > - * > > > - **/ > > > -=20 > > > --int net_rpc_join_newstyle(struct net_context *c, int argc, const ch= ar **argv) > > > -+static int net_rpc_join_newstyle(struct net_context *c, int argc, c= onst char **argv) > > > - { > > > - struct libnet_JoinCtx *r =3D NULL; > > > - TALLOC_CTX *mem_ctx; > > > -@@ -623,6 +628,8 @@ fail: > > > -=20 > > > - int net_rpc_join(struct net_context *c, int argc, const char **argv) > > > - { > > > -+ int ret; > > > -+ > > > - if (c->display_usage) { > > > - d_printf("%s\n%s", > > > - _("Usage:"), > > > -@@ -650,8 +657,12 @@ int net_rpc_join(struct net_context *c, int arg= c, const char **argv) > > > - return -1; > > > - } > > > -=20 > > > -- if ((net_rpc_oldjoin(c, argc, argv) =3D=3D 0)) > > > -+ c->opt_flags |=3D NET_FLAGS_EXPECT_FALLBACK; > > > -+ ret =3D net_rpc_oldjoin(c, argc, argv); > > > -+ c->opt_flags &=3D ~NET_FLAGS_EXPECT_FALLBACK; > > > -+ if (ret =3D=3D 0) { > > > - return 0; > > > -+ } > > > -=20 > > > - return net_rpc_join_newstyle(c, argc, argv); > > > - } > > > ---=20 > > > -1.9.3 > > > - > > > - > > > -From 8e8a2602d1c793f9a46e5219dea91a46e34d24ca Mon Sep 17 00:00:00 20= 01 > > > -From: Stefan Metzmacher > > > -Date: Tue, 16 Jul 2013 10:07:30 +0200 > > > -Subject: [PATCH 043/249] s4:librpc: fix netlogon connections against= servers > > > - without AES support > > > - > > > -LogonGetCapabilities() only works on the credential chain if > > > -the server supports AES, so we need to work on a temporary copy > > > -until we know the server replied a valid return authenticator. > > > - > > > -Signed-off-by: Stefan Metzmacher > > > -Reviewed-by: Andreas Schneider > > > -(cherry picked from commit 34fa7946993506fde2c6b30e4a41bea27390a814) > > > ---- > > > - source4/librpc/rpc/dcerpc_schannel.c | 8 ++++++-- > > > - 1 file changed, 6 insertions(+), 2 deletions(-) > > > - > > > -diff --git a/source4/librpc/rpc/dcerpc_schannel.c b/source4/librpc/r= pc/dcerpc_schannel.c > > > -index 1480486..130ebeb 100644 > > > ---- a/source4/librpc/rpc/dcerpc_schannel.c > > > -+++ b/source4/librpc/rpc/dcerpc_schannel.c > > > -@@ -385,6 +385,7 @@ struct auth_schannel_state { > > > - struct loadparm_context *lp_ctx; > > > - uint8_t auth_level; > > > - struct netlogon_creds_CredentialState *creds_state; > > > -+ struct netlogon_creds_CredentialState save_creds_state; > > > - struct netr_Authenticator auth; > > > - struct netr_Authenticator return_auth; > > > - union netr_Capabilities capabilities; > > > -@@ -449,7 +450,8 @@ static void continue_bind_auth(struct composite_= context *ctx) > > > - s->creds_state =3D cli_credentials_get_netlogon_creds(s->credenti= als); > > > - if (composite_nomem(s->creds_state, c)) return; > > > -=20 > > > -- netlogon_creds_client_authenticator(s->creds_state, &s->auth); > > > -+ s->save_creds_state =3D *s->creds_state; > > > -+ netlogon_creds_client_authenticator(&s->save_creds_state, &s->aut= h); > > > -=20 > > > - s->c.in.server_name =3D talloc_asprintf(c, > > > - "\\\\%s", > > > -@@ -519,12 +521,14 @@ static void continue_get_capabilities(struct t= event_req *subreq) > > > - } > > > -=20 > > > - /* verify credentials */ > > > -- if (!netlogon_creds_client_check(s->creds_state, > > > -+ if (!netlogon_creds_client_check(&s->save_creds_state, > > > - &s->c.out.return_authenticator->cred)) { > > > - composite_error(c, NT_STATUS_UNSUCCESSFUL); > > > - return; > > > - } > > > -=20 > > > -+ *s->creds_state =3D s->save_creds_state; > > > -+ > > > - if (!NT_STATUS_IS_OK(s->c.out.result)) { > > > - composite_error(c, s->c.out.result); > > > - return; > > > ---=20 > > > -1.9.3 > > > - > > > - > > > -From 300fb415d5a6a60702b0c8464e0e76cf0e11fdeb Mon Sep 17 00:00:00 20= 01 > > > -From: Stefan Metzmacher > > > -Date: Fri, 22 Mar 2013 15:07:10 +0100 > > > -Subject: [PATCH 044/249] s3:rpcclient: use talloc_stackframe() in do= _cmd() > > > - > > > -Signed-off-by: Stefan Metzmacher > > > -Reviewed-by: Andreas Schneider > > > -(cherry picked from commit d54c908ff5bef774f5cca038741558089ff6baeb) > > > ---- > > > - source3/rpcclient/rpcclient.c | 8 ++++++-- > > > - 1 file changed, 6 insertions(+), 2 deletions(-) > > > - > > > -diff --git a/source3/rpcclient/rpcclient.c b/source3/rpcclient/rpccl= ient.c > > > -index c23ff2d..9bf296e 100644 > > > ---- a/source3/rpcclient/rpcclient.c > > > -+++ b/source3/rpcclient/rpcclient.c > > > -@@ -678,7 +678,7 @@ static NTSTATUS do_cmd(struct cli_state *cli, > > > -=20 > > > - /* Create mem_ctx */ > > > -=20 > > > -- if (!(mem_ctx =3D talloc_init("do_cmd"))) { > > > -+ if (!(mem_ctx =3D talloc_stackframe())) { > > > - DEBUG(0, ("talloc_init() failed\n")); > > > - return NT_STATUS_NO_MEMORY; > > > - } > > > -@@ -745,12 +745,14 @@ static NTSTATUS do_cmd(struct cli_state *cli, > > > - "auth type %u\n", > > > - cmd_entry->table->name, > > > - pipe_default_auth_type )); > > > -+ talloc_free(mem_ctx); > > > - return NT_STATUS_UNSUCCESSFUL; > > > - } > > > - if (!NT_STATUS_IS_OK(ntresult)) { > > > - DEBUG(0, ("Could not initialise %s. Error was %s\n", > > > - cmd_entry->table->name, > > > - nt_errstr(ntresult) )); > > > -+ talloc_free(mem_ctx); > > > - return ntresult; > > > - } > > > -=20 > > > -@@ -765,6 +767,7 @@ static NTSTATUS do_cmd(struct cli_state *cli, > > > - trust_password, &machine_account, > > > - &sec_channel_type)) > > > - { > > > -+ talloc_free(mem_ctx); > > > - return NT_STATUS_CANT_ACCESS_DOMAIN_INFO; > > > - } > > > -=20 > > > -@@ -780,6 +783,7 @@ static NTSTATUS do_cmd(struct cli_state *cli, > > > - if (!NT_STATUS_IS_OK(ntresult)) { > > > - DEBUG(0, ("Could not initialise credentials for %s.\n", > > > - cmd_entry->table->name)); > > > -+ talloc_free(mem_ctx); > > > - return ntresult; > > > - } > > > - } > > > -@@ -803,7 +807,7 @@ static NTSTATUS do_cmd(struct cli_state *cli, > > > -=20 > > > - /* Cleanup */ > > > -=20 > > > -- talloc_destroy(mem_ctx); > > > -+ talloc_free(mem_ctx); > > > -=20 > > > - return ntresult; > > > - } > > > ---=20 > > > -1.9.3 > > > - > > > - > > > -From 95972ec54aafcf8a66e0164cd1fb478b6f4c58f6 Mon Sep 17 00:00:00 20= 01 > > > -From: Stefan Metzmacher > > > -Date: Wed, 24 Apr 2013 12:36:04 +0200 > > > -Subject: [PATCH 045/249] libcli/auth: make > > > - netlogon_creds_crypt_samlogon_validation more robust > > > - > > > -Signed-off-by: Stefan Metzmacher > > > -Reviewed-by: Andreas Schneider > > > -(cherry picked from commit 39fedd27182d9e1985418ea79b86aef69999dd57) > > > ---- > > > - libcli/auth/credentials.c | 6 +++++- > > > - 1 file changed, 5 insertions(+), 1 deletion(-) > > > - > > > -diff --git a/libcli/auth/credentials.c b/libcli/auth/credentials.c > > > -index fb77ede..5c8b25b 100644 > > > ---- a/libcli/auth/credentials.c > > > -+++ b/libcli/auth/credentials.c > > > -@@ -493,8 +493,12 @@ static void netlogon_creds_crypt_samlogon_valid= ation(struct netlogon_creds_Crede > > > - bool encrypt) > > > - { > > > - static const char zeros[16]; > > > -- > > > - struct netr_SamBaseInfo *base =3D NULL; > > > -+ > > > -+ if (validation =3D=3D NULL) { > > > -+ return; > > > -+ } > > > -+ > > > - switch (validation_level) { > > > - case 2: > > > - if (validation->sam2) { > > > ---=20 > > > -1.9.3 > > > - > > > - > > > -From ac092a319c388cc2577bcbd87e16522ba37dc2d0 Mon Sep 17 00:00:00 20= 01 > > > -From: Stefan Metzmacher > > > -Date: Fri, 14 Jun 2013 09:47:50 +0200 > > > -Subject: [PATCH 046/249] libcli/auth: fix shadowed declaration in > > > - netlogon_creds_crypt_samlogon_validation() > > > - > > > -Signed-off-by: Stefan Metzmacher > > > -Reviewed-by: Andreas Schneider > > > -(cherry picked from commit 291f6a1e031dc9db7d03b3ca924c4309b313cae5) > > > ---- > > > - libcli/auth/credentials.c | 8 ++++---- > > > - 1 file changed, 4 insertions(+), 4 deletions(-) > > > - > > > -diff --git a/libcli/auth/credentials.c b/libcli/auth/credentials.c > > > -index 5c8b25b..2e9c87e 100644 > > > ---- a/libcli/auth/credentials.c > > > -+++ b/libcli/auth/credentials.c > > > -@@ -490,7 +490,7 @@ NTSTATUS netlogon_creds_server_step_check(struct= netlogon_creds_CredentialState > > > - static void netlogon_creds_crypt_samlogon_validation(struct netlogo= n_creds_CredentialState *creds, > > > - uint16_t validation_level, > > > - union netr_Validation *validation, > > > -- bool encrypt) > > > -+ bool do_encrypt) > > > - { > > > - static const char zeros[16]; > > > - struct netr_SamBaseInfo *base =3D NULL; > > > -@@ -531,7 +531,7 @@ static void netlogon_creds_crypt_samlogon_valida= tion(struct netlogon_creds_Crede > > > - /* Don't crypt an all-zero key, it would give away the NETLOGON p= ipe session key */ > > > - if (memcmp(base->key.key, zeros, > > > - sizeof(base->key.key)) !=3D 0) { > > > -- if (encrypt) { > > > -+ if (do_encrypt) { > > > - netlogon_creds_aes_encrypt(creds, > > > - base->key.key, > > > - sizeof(base->key.key)); > > > -@@ -544,7 +544,7 @@ static void netlogon_creds_crypt_samlogon_valida= tion(struct netlogon_creds_Crede > > > -=20 > > > - if (memcmp(base->LMSessKey.key, zeros, > > > - sizeof(base->LMSessKey.key)) !=3D 0) { > > > -- if (encrypt) { > > > -+ if (do_encrypt) { > > > - netlogon_creds_aes_encrypt(creds, > > > - base->LMSessKey.key, > > > - sizeof(base->LMSessKey.key)); > > > -@@ -574,7 +574,7 @@ static void netlogon_creds_crypt_samlogon_valida= tion(struct netlogon_creds_Crede > > > - /* Don't crypt an all-zero key, it would give away the NETLOGON p= ipe session key */ > > > - if (memcmp(base->LMSessKey.key, zeros, > > > - sizeof(base->LMSessKey.key)) !=3D 0) { > > > -- if (encrypt) { > > > -+ if (do_encrypt) { > > > - netlogon_creds_des_encrypt_LMKey(creds, > > > - &base->LMSessKey); > > > - } else { > > > ---=20 > > > -1.9.3 > > > - > > > - > > > -From c535bfb9ead2175ae68b9d18a1692218a0fcf800 Mon Sep 17 00:00:00 20= 01 > > > -From: Stefan Metzmacher > > > -Date: Thu, 25 Apr 2013 17:01:00 +0200 > > > -Subject: [PATCH 047/249] libcli/auth: add > > > - netlogon_creds_[de|en]crypt_samlogon_logon() > > > - > > > -Signed-off-by: Stefan Metzmacher > > > -Reviewed-by: Andreas Schneider > > > -(cherry picked from commit c7319fce604d5f89a89094b6b18ef459a347aef8) > > > ---- > > > - libcli/auth/credentials.c | 118 +++++++++++++++++++++++++++++++++++= +++++++++++ > > > - libcli/auth/proto.h | 6 +++ > > > - 2 files changed, 124 insertions(+) > > > - > > > -diff --git a/libcli/auth/credentials.c b/libcli/auth/credentials.c > > > -index 2e9c87e..78a8d7a 100644 > > > ---- a/libcli/auth/credentials.c > > > -+++ b/libcli/auth/credentials.c > > > -@@ -601,6 +601,124 @@ void netlogon_creds_encrypt_samlogon_validatio= n(struct netlogon_creds_Credential > > > - validation, true); > > > - } > > > -=20 > > > -+static void netlogon_creds_crypt_samlogon_logon(struct netlogon_cre= ds_CredentialState *creds, > > > -+ enum netr_LogonInfoClass level, > > > -+ union netr_LogonLevel *logon, > > > -+ bool encrypt) > > > -+{ > > > -+ static const char zeros[16]; > > > -+ > > > -+ if (logon =3D=3D NULL) { > > > -+ return; > > > -+ } > > > -+ > > > -+ switch (level) { > > > -+ case NetlogonInteractiveInformation: > > > -+ case NetlogonInteractiveTransitiveInformation: > > > -+ case NetlogonServiceInformation: > > > -+ case NetlogonServiceTransitiveInformation: > > > -+ if (logon->password =3D=3D NULL) { > > > -+ return; > > > -+ } > > > -+ > > > -+ if (creds->negotiate_flags & NETLOGON_NEG_SUPPORTS_AES) { > > > -+ uint8_t *h; > > > -+ > > > -+ h =3D logon->password->lmpassword.hash; > > > -+ if (memcmp(h, zeros, 16) !=3D 0) { > > > -+ if (encrypt) { > > > -+ netlogon_creds_aes_encrypt(creds, h, 16); > > > -+ } else { > > > -+ netlogon_creds_aes_decrypt(creds, h, 16); > > > -+ } > > > -+ } > > > -+ > > > -+ h =3D logon->password->ntpassword.hash; > > > -+ if (memcmp(h, zeros, 16) !=3D 0) { > > > -+ if (encrypt) { > > > -+ netlogon_creds_aes_encrypt(creds, h, 16); > > > -+ } else { > > > -+ netlogon_creds_aes_decrypt(creds, h, 16); > > > -+ } > > > -+ } > > > -+ } else if (creds->negotiate_flags & NETLOGON_NEG_ARCFOUR) { > > > -+ uint8_t *h; > > > -+ > > > -+ h =3D logon->password->lmpassword.hash; > > > -+ if (memcmp(h, zeros, 16) !=3D 0) { > > > -+ netlogon_creds_arcfour_crypt(creds, h, 16); > > > -+ } > > > -+ > > > -+ h =3D logon->password->ntpassword.hash; > > > -+ if (memcmp(h, zeros, 16) !=3D 0) { > > > -+ netlogon_creds_arcfour_crypt(creds, h, 16); > > > -+ } > > > -+ } else { > > > -+ struct samr_Password *p; > > > -+ > > > -+ p =3D &logon->password->lmpassword; > > > -+ if (memcmp(p->hash, zeros, 16) !=3D 0) { > > > -+ if (encrypt) { > > > -+ netlogon_creds_des_encrypt(creds, p); > > > -+ } else { > > > -+ netlogon_creds_des_decrypt(creds, p); > > > -+ } > > > -+ } > > > -+ p =3D &logon->password->ntpassword; > > > -+ if (memcmp(p->hash, zeros, 16) !=3D 0) { > > > -+ if (encrypt) { > > > -+ netlogon_creds_des_encrypt(creds, p); > > > -+ } else { > > > -+ netlogon_creds_des_decrypt(creds, p); > > > -+ } > > > -+ } > > > -+ } > > > -+ break; > > > -+ > > > -+ case NetlogonNetworkInformation: > > > -+ case NetlogonNetworkTransitiveInformation: > > > -+ break; > > > -+ > > > -+ case NetlogonGenericInformation: > > > -+ if (logon->generic =3D=3D NULL) { > > > -+ return; > > > -+ } > > > -+ > > > -+ if (creds->negotiate_flags & NETLOGON_NEG_SUPPORTS_AES) { > > > -+ if (encrypt) { > > > -+ netlogon_creds_aes_encrypt(creds, > > > -+ logon->generic->data, > > > -+ logon->generic->length); > > > -+ } else { > > > -+ netlogon_creds_aes_decrypt(creds, > > > -+ logon->generic->data, > > > -+ logon->generic->length); > > > -+ } > > > -+ } else if (creds->negotiate_flags & NETLOGON_NEG_ARCFOUR) { > > > -+ netlogon_creds_arcfour_crypt(creds, > > > -+ logon->generic->data, > > > -+ logon->generic->length); > > > -+ } else { > > > -+ /* Using DES to verify kerberos tickets makes no sense */ > > > -+ } > > > -+ break; > > > -+ } > > > -+} > > > -+ > > > -+void netlogon_creds_decrypt_samlogon_logon(struct netlogon_creds_Cr= edentialState *creds, > > > -+ enum netr_LogonInfoClass level, > > > -+ union netr_LogonLevel *logon) > > > -+{ > > > -+ netlogon_creds_crypt_samlogon_logon(creds, level, logon, false); > > > -+} > > > -+ > > > -+void netlogon_creds_encrypt_samlogon_logon(struct netlogon_creds_Cr= edentialState *creds, > > > -+ enum netr_LogonInfoClass level, > > > -+ union netr_LogonLevel *logon) > > > -+{ > > > -+ netlogon_creds_crypt_samlogon_logon(creds, level, logon, true); > > > -+} > > > -+ > > > - /* > > > - copy a netlogon_creds_CredentialState struct > > > - */ > > > -diff --git a/libcli/auth/proto.h b/libcli/auth/proto.h > > > -index 6bc18d7..110e039 100644 > > > ---- a/libcli/auth/proto.h > > > -+++ b/libcli/auth/proto.h > > > -@@ -64,6 +64,12 @@ void netlogon_creds_decrypt_samlogon_validation(s= truct netlogon_creds_Credential > > > - void netlogon_creds_encrypt_samlogon_validation(struct netlogon_cre= ds_CredentialState *creds, > > > - uint16_t validation_level, > > > - union netr_Validation *validation); > > > -+void netlogon_creds_decrypt_samlogon_logon(struct netlogon_creds_Cr= edentialState *creds, > > > -+ enum netr_LogonInfoClass level, > > > -+ union netr_LogonLevel *logon); > > > -+void netlogon_creds_encrypt_samlogon_logon(struct netlogon_creds_Cr= edentialState *creds, > > > -+ enum netr_LogonInfoClass level, > > > -+ union netr_LogonLevel *logon); > > > -=20 > > > - /* The following definitions come from /home/jeremy/src/samba/git/m= aster/source3/../source4/../libcli/auth/session.c */ > > > -=20 > > > ---=20 > > > -1.9.3 > > > - > > > - > > > -From d4f36f187d7c87c8daae3f94cdba52225faa19b8 Mon Sep 17 00:00:00 20= 01 > > > -From: Stefan Metzmacher > > > -Date: Wed, 24 Apr 2013 12:53:27 +0200 > > > -Subject: [PATCH 048/249] libcli/auth: add netlogon_creds_shallow_cop= y_logon() > > > - > > > -This can be used before netlogon_creds_encrypt_samlogon_logon() > > > -in order to keep the provided buffers unchanged. > > > - > > > -Signed-off-by: Stefan Metzmacher > > > -Reviewed-by: Andreas Schneider > > > -(cherry picked from commit 2ea749a1a43a6539b01d36dbe0402a99619444e1) > > > ---- > > > - libcli/auth/credentials.c | 73 ++++++++++++++++++++++++++++++++++++= +++++++++++ > > > - libcli/auth/proto.h | 3 ++ > > > - 2 files changed, 76 insertions(+) > > > - > > > -diff --git a/libcli/auth/credentials.c b/libcli/auth/credentials.c > > > -index 78a8d7a..1f664d3 100644 > > > ---- a/libcli/auth/credentials.c > > > -+++ b/libcli/auth/credentials.c > > > -@@ -719,6 +719,79 @@ void netlogon_creds_encrypt_samlogon_logon(stru= ct netlogon_creds_CredentialState > > > - netlogon_creds_crypt_samlogon_logon(creds, level, logon, true); > > > - } > > > -=20 > > > -+union netr_LogonLevel *netlogon_creds_shallow_copy_logon(TALLOC_CTX= *mem_ctx, > > > -+ enum netr_LogonInfoClass level, > > > -+ const union netr_LogonLevel *in) > > > -+{ > > > -+ union netr_LogonLevel *out; > > > -+ > > > -+ if (in =3D=3D NULL) { > > > -+ return NULL; > > > -+ } > > > -+ > > > -+ out =3D talloc(mem_ctx, union netr_LogonLevel); > > > -+ if (out =3D=3D NULL) { > > > -+ return NULL; > > > -+ } > > > -+ > > > -+ *out =3D *in; > > > -+ > > > -+ switch (level) { > > > -+ case NetlogonInteractiveInformation: > > > -+ case NetlogonInteractiveTransitiveInformation: > > > -+ case NetlogonServiceInformation: > > > -+ case NetlogonServiceTransitiveInformation: > > > -+ if (in->password =3D=3D NULL) { > > > -+ return out; > > > -+ } > > > -+ > > > -+ out->password =3D talloc(out, struct netr_PasswordInfo); > > > -+ if (out->password =3D=3D NULL) { > > > -+ talloc_free(out); > > > -+ return NULL; > > > -+ } > > > -+ *out->password =3D *in->password; > > > -+ > > > -+ return out; > > > -+ > > > -+ case NetlogonNetworkInformation: > > > -+ case NetlogonNetworkTransitiveInformation: > > > -+ break; > > > -+ > > > -+ case NetlogonGenericInformation: > > > -+ if (in->generic =3D=3D NULL) { > > > -+ return out; > > > -+ } > > > -+ > > > -+ out->generic =3D talloc(out, struct netr_GenericInfo); > > > -+ if (out->generic =3D=3D NULL) { > > > -+ talloc_free(out); > > > -+ return NULL; > > > -+ } > > > -+ *out->generic =3D *in->generic; > > > -+ > > > -+ if (in->generic->data =3D=3D NULL) { > > > -+ return out; > > > -+ } > > > -+ > > > -+ if (in->generic->length =3D=3D 0) { > > > -+ return out; > > > -+ } > > > -+ > > > -+ out->generic->data =3D talloc_memdup(out->generic, > > > -+ in->generic->data, > > > -+ in->generic->length); > > > -+ if (out->generic->data =3D=3D NULL) { > > > -+ talloc_free(out); > > > -+ return NULL; > > > -+ } > > > -+ > > > -+ return out; > > > -+ } > > > -+ > > > -+ return out; > > > -+} > > > -+ > > > - /* > > > - copy a netlogon_creds_CredentialState struct > > > - */ > > > -diff --git a/libcli/auth/proto.h b/libcli/auth/proto.h > > > -index 110e039..0c319d3 100644 > > > ---- a/libcli/auth/proto.h > > > -+++ b/libcli/auth/proto.h > > > -@@ -70,6 +70,9 @@ void netlogon_creds_decrypt_samlogon_logon(struct = netlogon_creds_CredentialState > > > - void netlogon_creds_encrypt_samlogon_logon(struct netlogon_creds_Cr= edentialState *creds, > > > - enum netr_LogonInfoClass level, > > > - union netr_LogonLevel *logon); > > > -+union netr_LogonLevel *netlogon_creds_shallow_copy_logon(TALLOC_CTX= *mem_ctx, > > > -+ enum netr_LogonInfoClass level, > > > -+ const union netr_LogonLevel *in); > > > -=20 > > > - /* The following definitions come from /home/jeremy/src/samba/git/m= aster/source3/../source4/../libcli/auth/session.c */ > > > -=20 > > > ---=20 > > > -1.9.3 > > > - > > > - > > > -From 8cf11ba846fc31ce26020aabcf463817b56580a7 Mon Sep 17 00:00:00 20= 01 > > > -From: Stefan Metzmacher > > > -Date: Wed, 24 Apr 2013 16:00:18 +0200 > > > -Subject: [PATCH 049/249] s4:netlogon: make use of > > > - netlogon_creds_decrypt_samlogon_logon() > > > - > > > -Signed-off-by: Stefan Metzmacher > > > -Reviewed-by: Andreas Schneider > > > -(cherry picked from commit 9d548318da11247ffe8acf505cdb5299090c16f0) > > > ---- > > > - source4/rpc_server/netlogon/dcerpc_netlogon.c | 28 ++++++----------= ----------- > > > - 1 file changed, 6 insertions(+), 22 deletions(-) > > > - > > > -diff --git a/source4/rpc_server/netlogon/dcerpc_netlogon.c b/source4= /rpc_server/netlogon/dcerpc_netlogon.c > > > -index 70239a4..c41cd02 100644 > > > ---- a/source4/rpc_server/netlogon/dcerpc_netlogon.c > > > -+++ b/source4/rpc_server/netlogon/dcerpc_netlogon.c > > > -@@ -712,29 +712,15 @@ static NTSTATUS dcesrv_netr_LogonSamLogon_base= (struct dcesrv_call_state *dce_cal > > > - user_info =3D talloc_zero(mem_ctx, struct auth_usersupplied_info); > > > - NT_STATUS_HAVE_NO_MEMORY(user_info); > > > -=20 > > > -+ netlogon_creds_decrypt_samlogon_logon(creds, > > > -+ r->in.logon_level, > > > -+ r->in.logon); > > > -+ > > > - switch (r->in.logon_level) { > > > - case NetlogonInteractiveInformation: > > > - case NetlogonServiceInformation: > > > - case NetlogonInteractiveTransitiveInformation: > > > - case NetlogonServiceTransitiveInformation: > > > -- if (creds->negotiate_flags & NETLOGON_NEG_SUPPORTS_AES) { > > > -- netlogon_creds_aes_decrypt(creds, > > > -- r->in.logon->password->lmpassword.hash, > > > -- sizeof(r->in.logon->password->lmpassword.hash)); > > > -- netlogon_creds_aes_decrypt(creds, > > > -- r->in.logon->password->ntpassword.hash, > > > -- sizeof(r->in.logon->password->ntpassword.hash)); > > > -- } else if (creds->negotiate_flags & NETLOGON_NEG_ARCFOUR) { > > > -- netlogon_creds_arcfour_crypt(creds, > > > -- r->in.logon->password->lmpassword.hash, > > > -- sizeof(r->in.logon->password->lmpassword.hash)); > > > -- netlogon_creds_arcfour_crypt(creds, > > > -- r->in.logon->password->ntpassword.hash, > > > -- sizeof(r->in.logon->password->ntpassword.hash)); > > > -- } else { > > > -- netlogon_creds_des_decrypt(creds, &r->in.logon->password->lmpass= word); > > > -- netlogon_creds_des_decrypt(creds, &r->in.logon->password->ntpass= word); > > > -- } > > > -=20 > > > - /* TODO: we need to deny anonymous access here */ > > > - nt_status =3D auth_context_create(mem_ctx, > > > -@@ -788,11 +774,9 @@ static NTSTATUS dcesrv_netr_LogonSamLogon_base(= struct dcesrv_call_state *dce_cal > > > - case NetlogonGenericInformation: > > > - { > > > - if (creds->negotiate_flags & NETLOGON_NEG_SUPPORTS_AES) { > > > -- netlogon_creds_aes_decrypt(creds, > > > -- r->in.logon->generic->data, r->in.logon->generic->length); > > > -+ /* OK */ > > > - } else if (creds->negotiate_flags & NETLOGON_NEG_ARCFOUR) { > > > -- netlogon_creds_arcfour_crypt(creds, > > > -- r->in.logon->generic->data, r->in.logon->generic->length); > > > -+ /* OK */ > > > - } else { > > > - /* Using DES to verify kerberos tickets makes no sense */ > > > - return NT_STATUS_INVALID_PARAMETER; > > > ---=20 > > > -1.9.3 > > > - > > > - > > > -From 22bdc484af1b1a4ebd9451fd5cde4d3993dd6f0a Mon Sep 17 00:00:00 20= 01 > > > -From: Stefan Metzmacher > > > -Date: Wed, 24 Apr 2013 16:00:44 +0200 > > > -Subject: [PATCH 050/249] s3:netlogon: make use of > > > - netlogon_creds_decrypt_samlogon_logon() > > > - > > > -Signed-off-by: Stefan Metzmacher > > > -Reviewed-by: Andreas Schneider > > > -(cherry picked from commit 7b3ddd1a0bb41fe84c115555113362044620e484) > > > ---- > > > - source3/rpc_server/netlogon/srv_netlog_nt.c | 45 ++++++++++++++----= ----------- > > > - 1 file changed, 21 insertions(+), 24 deletions(-) > > > - > > > -diff --git a/source3/rpc_server/netlogon/srv_netlog_nt.c b/source3/r= pc_server/netlogon/srv_netlog_nt.c > > > -index e5ca474..09857b6 100644 > > > ---- a/source3/rpc_server/netlogon/srv_netlog_nt.c > > > -+++ b/source3/rpc_server/netlogon/srv_netlog_nt.c > > > -@@ -1467,6 +1467,15 @@ static NTSTATUS _netr_LogonSamLogon_base(stru= ct pipes_struct *p, > > > - struct auth_context *auth_context =3D NULL; > > > - const char *fn; > > > -=20 > > > -+#ifdef DEBUG_PASSWORD > > > -+ logon =3D netlogon_creds_shallow_copy_logon(p->mem_ctx, > > > -+ r->in.logon_level, > > > -+ r->in.logon); > > > -+ if (logon =3D=3D NULL) { > > > -+ logon =3D r->in.logon; > > > -+ } > > > -+#endif > > > -+ > > > - switch (p->opnum) { > > > - case NDR_NETR_LOGONSAMLOGON: > > > - fn =3D "_netr_LogonSamLogon"; > > > -@@ -1547,6 +1556,10 @@ static NTSTATUS _netr_LogonSamLogon_base(stru= ct pipes_struct *p, > > > -=20 > > > - status =3D NT_STATUS_OK; > > > -=20 > > > -+ netlogon_creds_decrypt_samlogon_logon(creds, > > > -+ r->in.logon_level, > > > -+ logon); > > > -+ > > > - switch (r->in.logon_level) { > > > - case NetlogonNetworkInformation: > > > - case NetlogonNetworkTransitiveInformation: > > > -@@ -1592,32 +1605,16 @@ static NTSTATUS _netr_LogonSamLogon_base(str= uct pipes_struct *p, > > > - uint8_t chal[8]; > > > -=20 > > > - #ifdef DEBUG_PASSWORD > > > -- DEBUG(100,("lm owf password:")); > > > -- dump_data(100, logon->password->lmpassword.hash, 16); > > > -- > > > -- DEBUG(100,("nt owf password:")); > > > -- dump_data(100, logon->password->ntpassword.hash, 16); > > > --#endif > > > -- if (creds->negotiate_flags & NETLOGON_NEG_SUPPORTS_AES) { > > > -- netlogon_creds_aes_decrypt(creds, > > > -- logon->password->lmpassword.hash, > > > -- 16); > > > -- netlogon_creds_aes_decrypt(creds, > > > -- logon->password->ntpassword.hash, > > > -- 16); > > > -- } else if (creds->negotiate_flags & NETLOGON_NEG_ARCFOUR) { > > > -- netlogon_creds_arcfour_crypt(creds, > > > -- logon->password->lmpassword.hash, > > > -- 16); > > > -- netlogon_creds_arcfour_crypt(creds, > > > -- logon->password->ntpassword.hash, > > > -- 16); > > > -- } else { > > > -- netlogon_creds_des_decrypt(creds, &logon->password->lmpassword); > > > -- netlogon_creds_des_decrypt(creds, &logon->password->ntpassword); > > > -+ if (logon !=3D r->in.logon) { > > > -+ DEBUG(100,("lm owf password:")); > > > -+ dump_data(100, > > > -+ r->in.logon->password->lmpassword.hash, 16); > > > -+ > > > -+ DEBUG(100,("nt owf password:")); > > > -+ dump_data(100, > > > -+ r->in.logon->password->ntpassword.hash, 16); > > > - } > > > -=20 > > > --#ifdef DEBUG_PASSWORD > > > - DEBUG(100,("decrypt of lm owf password:")); > > > - dump_data(100, logon->password->lmpassword.hash, 16); > > > -=20 > > > ---=20 > > > -1.9.3 > > > - > > > - > > > -From b25c7249bdca17d4b4720a2e8f8ba329c4105e94 Mon Sep 17 00:00:00 20= 01 > > > -From: Stefan Metzmacher > > > -Date: Thu, 25 Apr 2013 18:27:57 +0200 > > > -Subject: [PATCH 051/249] s3:rpc_client: make rpccli_schannel_bind_da= ta() > > > - static > > > - > > > -Signed-off-by: Stefan Metzmacher > > > -Reviewed-by: Andreas Schneider > > > -(cherry picked from commit 6ce645e03c279cbb2ed8a94f033b8e0601b61ef4) > > > ---- > > > - source3/rpc_client/cli_pipe.c | 9 +++++---- > > > - source3/rpc_client/cli_pipe.h | 6 ------ > > > - 2 files changed, 5 insertions(+), 10 deletions(-) > > > - > > > -diff --git a/source3/rpc_client/cli_pipe.c b/source3/rpc_client/cli_= pipe.c > > > -index 1fa8d91..66fa2d2 100644 > > > ---- a/source3/rpc_client/cli_pipe.c > > > -+++ b/source3/rpc_client/cli_pipe.c > > > -@@ -2401,10 +2401,11 @@ static NTSTATUS rpccli_generic_bind_data(TAL= LOC_CTX *mem_ctx, > > > - return status; > > > - } > > > -=20 > > > --NTSTATUS rpccli_schannel_bind_data(TALLOC_CTX *mem_ctx, const char = *domain, > > > -- enum dcerpc_AuthLevel auth_level, > > > -- struct netlogon_creds_CredentialState *creds, > > > -- struct pipe_auth_data **presult) > > > -+static NTSTATUS rpccli_schannel_bind_data(TALLOC_CTX *mem_ctx, > > > -+ const char *domain, > > > -+ enum dcerpc_AuthLevel auth_level, > > > -+ struct netlogon_creds_CredentialState *creds, > > > -+ struct pipe_auth_data **presult) > > > - { > > > - struct schannel_state *schannel_auth; > > > - struct pipe_auth_data *result; > > > -diff --git a/source3/rpc_client/cli_pipe.h b/source3/rpc_client/cli_= pipe.h > > > -index 6fcc587..8eb6040 100644 > > > ---- a/source3/rpc_client/cli_pipe.h > > > -+++ b/source3/rpc_client/cli_pipe.h > > > -@@ -58,12 +58,6 @@ NTSTATUS rpccli_ncalrpc_bind_data(TALLOC_CTX *mem= _ctx, > > > - NTSTATUS rpccli_anon_bind_data(TALLOC_CTX *mem_ctx, > > > - struct pipe_auth_data **presult); > > > -=20 > > > --NTSTATUS rpccli_schannel_bind_data(TALLOC_CTX *mem_ctx, > > > -- const char *domain, > > > -- enum dcerpc_AuthLevel auth_level, > > > -- struct netlogon_creds_CredentialState *creds, > > > -- struct pipe_auth_data **presult); > > > -- > > > - NTSTATUS rpc_pipe_open_tcp(TALLOC_CTX *mem_ctx, > > > - const char *host, > > > - const struct sockaddr_storage *ss_addr, > > > ---=20 > > > -1.9.3 > > > - > > > - > > > -From 9f56e42ba78ce4e1248f06a0cecfc97789aea260 Mon Sep 17 00:00:00 20= 01 > > > -From: Stefan Metzmacher > > > -Date: Thu, 25 Apr 2013 18:29:31 +0200 > > > -Subject: [PATCH 052/249] s3:rpc_client: use the correct context for > > > - netlogon_creds_copy() in rpccli_schannel_bind_data() > > > - > > > -Signed-off-by: Stefan Metzmacher > > > -Reviewed-by: Andreas Schneider > > > -(cherry picked from commit 8a302fc353de8d373a0ec8544da4da6f305ec923) > > > ---- > > > - source3/rpc_client/cli_pipe.c | 5 ++++- > > > - 1 file changed, 4 insertions(+), 1 deletion(-) > > > - > > > -diff --git a/source3/rpc_client/cli_pipe.c b/source3/rpc_client/cli_= pipe.c > > > -index 66fa2d2..afe8030 100644 > > > ---- a/source3/rpc_client/cli_pipe.c > > > -+++ b/source3/rpc_client/cli_pipe.c > > > -@@ -2431,7 +2431,10 @@ static NTSTATUS rpccli_schannel_bind_data(TAL= LOC_CTX *mem_ctx, > > > -=20 > > > - schannel_auth->state =3D SCHANNEL_STATE_START; > > > - schannel_auth->initiator =3D true; > > > -- schannel_auth->creds =3D netlogon_creds_copy(result, creds); > > > -+ schannel_auth->creds =3D netlogon_creds_copy(schannel_auth, creds); > > > -+ if (schannel_auth->creds =3D=3D NULL) { > > > -+ goto fail; > > > -+ } > > > -=20 > > > - result->auth_ctx =3D schannel_auth; > > > - *presult =3D result; > > > ---=20 > > > -1.9.3 > > > - > > > - > > > -From 08d78b16f0adf1d223f29d613a498878230522be Mon Sep 17 00:00:00 20= 01 > > > -From: Stefan Metzmacher > > > -Date: Thu, 25 Apr 2013 19:43:58 +0200 > > > -Subject: [PATCH 053/249] s3:rpc_client: rename same variables in > > > - cli_rpc_pipe_open_schannel_with_key() > > > - > > > -Signed-off-by: Stefan Metzmacher > > > -Reviewed-by: Andreas Schneider > > > -(cherry picked from commit 94be8d63cd21fbb9e31bf7a92af82e19c596f94f) > > > ---- > > > - source3/rpc_client/cli_pipe.c | 30 +++++++++++++++--------------- > > > - 1 file changed, 15 insertions(+), 15 deletions(-) > > > - > > > -diff --git a/source3/rpc_client/cli_pipe.c b/source3/rpc_client/cli_= pipe.c > > > -index afe8030..ec804e7 100644 > > > ---- a/source3/rpc_client/cli_pipe.c > > > -+++ b/source3/rpc_client/cli_pipe.c > > > -@@ -3032,32 +3032,32 @@ NTSTATUS cli_rpc_pipe_open_schannel_with_key= (struct cli_state *cli, > > > - enum dcerpc_AuthLevel auth_level, > > > - const char *domain, > > > - struct netlogon_creds_CredentialState **pdc, > > > -- struct rpc_pipe_client **presult) > > > -+ struct rpc_pipe_client **_rpccli) > > > - { > > > -- struct rpc_pipe_client *result; > > > -- struct pipe_auth_data *auth; > > > -+ struct rpc_pipe_client *rpccli; > > > -+ struct pipe_auth_data *rpcauth; > > > - NTSTATUS status; > > > -=20 > > > -- status =3D cli_rpc_pipe_open(cli, transport, table, &result); > > > -+ status =3D cli_rpc_pipe_open(cli, transport, table, &rpccli); > > > - if (!NT_STATUS_IS_OK(status)) { > > > - return status; > > > - } > > > -=20 > > > -- status =3D rpccli_schannel_bind_data(result, domain, auth_level, > > > -- *pdc, &auth); > > > -+ status =3D rpccli_schannel_bind_data(rpccli, domain, auth_level, > > > -+ *pdc, &rpcauth); > > > - if (!NT_STATUS_IS_OK(status)) { > > > - DEBUG(0, ("rpccli_schannel_bind_data returned %s\n", > > > - nt_errstr(status))); > > > -- TALLOC_FREE(result); > > > -+ TALLOC_FREE(rpccli); > > > - return status; > > > - } > > > -=20 > > > -- status =3D rpc_pipe_bind(result, auth); > > > -+ status =3D rpc_pipe_bind(rpccli, rpcauth); > > > - if (!NT_STATUS_IS_OK(status)) { > > > - DEBUG(0, ("cli_rpc_pipe_open_schannel_with_key: " > > > - "cli_rpc_pipe_bind failed with error %s\n", > > > - nt_errstr(status) )); > > > -- TALLOC_FREE(result); > > > -+ TALLOC_FREE(rpccli); > > > - return status; > > > - } > > > -=20 > > > -@@ -3065,10 +3065,10 @@ NTSTATUS cli_rpc_pipe_open_schannel_with_key= (struct cli_state *cli, > > > - * The credentials on a new netlogon pipe are the ones we are pass= ed > > > - * in - copy them over > > > - */ > > > -- if (result->dc =3D=3D NULL) { > > > -- result->dc =3D netlogon_creds_copy(result, *pdc); > > > -- if (result->dc =3D=3D NULL) { > > > -- TALLOC_FREE(result); > > > -+ if (rpccli->dc =3D=3D NULL) { > > > -+ rpccli->dc =3D netlogon_creds_copy(rpccli, *pdc); > > > -+ if (rpccli->dc =3D=3D NULL) { > > > -+ TALLOC_FREE(rpccli); > > > - return NT_STATUS_NO_MEMORY; > > > - } > > > - } > > > -@@ -3076,9 +3076,9 @@ NTSTATUS cli_rpc_pipe_open_schannel_with_key(s= truct cli_state *cli, > > > - DEBUG(10,("cli_rpc_pipe_open_schannel_with_key: opened pipe %s to = machine %s " > > > - "for domain %s and bound using schannel.\n", > > > - get_pipe_name_from_syntax(talloc_tos(), &table->syntax_id), > > > -- result->desthost, domain)); > > > -+ rpccli->desthost, domain)); > > > -=20 > > > -- *presult =3D result; > > > -+ *_rpccli =3D rpccli; > > > - return NT_STATUS_OK; > > > - } > > > -=20 > > > ---=20 > > > -1.9.3 > > > - > > > - > > > -From 33991d3ea286fc5da1458ca64aa4fc004547ae04 Mon Sep 17 00:00:00 20= 01 > > > -From: Stefan Metzmacher > > > -Date: Mon, 5 Aug 2013 20:26:54 +0200 > > > -Subject: [PATCH 054/249] s3:libsmb: remove unused cli_state->is_gues= tlogin > > > - > > > -Signed-off-by: Stefan Metzmacher > > > - > > > -Reviewed-by: Andrew Bartlett > > > -(cherry picked from commit 11e0be0e72cfc4bc65ba2b0ffd10cbae3ad69b2d) > > > ---- > > > - source3/include/client.h | 1 - > > > - source3/libsmb/cliconnect.c | 5 ----- > > > - 2 files changed, 6 deletions(-) > > > - > > > -diff --git a/source3/include/client.h b/source3/include/client.h > > > -index 3f92d6d..59fb104 100644 > > > ---- a/source3/include/client.h > > > -+++ b/source3/include/client.h > > > -@@ -72,7 +72,6 @@ struct cli_state { > > > - int timeout; /* in milliseconds. */ > > > - int initialised; > > > - int win95; > > > -- bool is_guestlogin; > > > - /* What the server offered. */ > > > - uint32_t server_posix_capabilities; > > > - /* What the client requested. */ > > > -diff --git a/source3/libsmb/cliconnect.c b/source3/libsmb/cliconnect= =2Ec > > > -index 13e7704..81bc028 100644 > > > ---- a/source3/libsmb/cliconnect.c > > > -+++ b/source3/libsmb/cliconnect.c > > > -@@ -240,7 +240,6 @@ static void cli_session_setup_lanman2_done(struc= t tevent_req *subreq) > > > - p =3D bytes; > > > -=20 > > > - cli_state_set_uid(state->cli, SVAL(inhdr, HDR_UID)); > > > -- cli->is_guestlogin =3D ((SVAL(vwv+2, 0) & 1) !=3D 0); > > > -=20 > > > - status =3D smb_bytes_talloc_string(cli, > > > - inhdr, > > > -@@ -448,7 +447,6 @@ static void cli_session_setup_guest_done(struct = tevent_req *subreq) > > > - p =3D bytes; > > > -=20 > > > - cli_state_set_uid(state->cli, SVAL(inhdr, HDR_UID)); > > > -- cli->is_guestlogin =3D ((SVAL(vwv+2, 0) & 1) !=3D 0); > > > -=20 > > > - status =3D smb_bytes_talloc_string(cli, > > > - inhdr, > > > -@@ -613,7 +611,6 @@ static void cli_session_setup_plain_done(struct = tevent_req *subreq) > > > - p =3D bytes; > > > -=20 > > > - cli_state_set_uid(state->cli, SVAL(inhdr, HDR_UID)); > > > -- cli->is_guestlogin =3D ((SVAL(vwv+2, 0) & 1) !=3D 0); > > > -=20 > > > - status =3D smb_bytes_talloc_string(cli, > > > - inhdr, > > > -@@ -930,7 +927,6 @@ static void cli_session_setup_nt1_done(struct te= vent_req *subreq) > > > - p =3D bytes; > > > -=20 > > > - cli_state_set_uid(state->cli, SVAL(inhdr, HDR_UID)); > > > -- cli->is_guestlogin =3D ((SVAL(vwv+2, 0) & 1) !=3D 0); > > > -=20 > > > - status =3D smb_bytes_talloc_string(cli, > > > - inhdr, > > > -@@ -1180,7 +1176,6 @@ static void cli_sesssetup_blob_done(struct tev= ent_req *subreq) > > > - state->inbuf =3D in; > > > - inhdr =3D in + NBT_HDR_SIZE; > > > - cli_state_set_uid(state->cli, SVAL(inhdr, HDR_UID)); > > > -- cli->is_guestlogin =3D ((SVAL(vwv+2, 0) & 1) !=3D 0); > > > -=20 > > > - blob_length =3D SVAL(vwv+3, 0); > > > - if (blob_length > num_bytes) { > > > ---=20 > > > -1.9.3 > > > - > > > - > > > -From 937a0f2fc020e12c21c10597a889275614603add Mon Sep 17 00:00:00 20= 01 > > > -From: Stefan Metzmacher > > > -Date: Sat, 15 Jun 2013 09:41:52 +0200 > > > -Subject: [PATCH 055/249] s3:auth_domain: try to use NETLOGON_NEG_SUP= PORTS_AES > > > - > > > -Signed-off-by: Stefan Metzmacher > > > - > > > -Reviewed-by: Andrew Bartlett > > > -(cherry picked from commit d82ab70579ff2bcb69f997068482b198f321d1ef) > > > ---- > > > - source3/auth/auth_domain.c | 3 ++- > > > - 1 file changed, 2 insertions(+), 1 deletion(-) > > > - > > > -diff --git a/source3/auth/auth_domain.c b/source3/auth/auth_domain.c > > > -index 54ee5a1..06078e2 100644 > > > ---- a/source3/auth/auth_domain.c > > > -+++ b/source3/auth/auth_domain.c > > > -@@ -133,7 +133,8 @@ machine %s. Error was : %s.\n", dc_name, nt_errs= tr(result))); > > > -=20 > > > - if (!lp_client_schannel()) { > > > - /* We need to set up a creds chain on an unauthenticated netlogon= pipe. */ > > > -- uint32_t neg_flags =3D NETLOGON_NEG_AUTH2_ADS_FLAGS; > > > -+ uint32_t neg_flags =3D NETLOGON_NEG_AUTH2_ADS_FLAGS | > > > -+ NETLOGON_NEG_SUPPORTS_AES; > > > - enum netr_SchannelType sec_chan_type =3D 0; > > > - unsigned char machine_pwd[16]; > > > - const char *account_name; > > > ---=20 > > > -1.9.3 > > > - > > > - > > > -From 981a88bb20cef572e5573ee2f18115a6e395fbf9 Mon Sep 17 00:00:00 20= 01 > > > -From: Stefan Metzmacher > > > -Date: Sat, 15 Jun 2013 09:41:52 +0200 > > > -Subject: [PATCH 056/249] s3:libnet_join: try to use NETLOGON_NEG_SUP= PORTS_AES > > > - > > > -Signed-off-by: Stefan Metzmacher > > > - > > > -Reviewed-by: Andrew Bartlett > > > -(cherry picked from commit beba32619a91977543f882432fd08acc9de78fd3) > > > ---- > > > - source3/libnet/libnet_join.c | 3 ++- > > > - 1 file changed, 2 insertions(+), 1 deletion(-) > > > - > > > -diff --git a/source3/libnet/libnet_join.c b/source3/libnet/libnet_jo= in.c > > > -index d8ec235..c1eccda 100644 > > > ---- a/source3/libnet/libnet_join.c > > > -+++ b/source3/libnet/libnet_join.c > > > -@@ -1194,7 +1194,8 @@ NTSTATUS libnet_join_ok(const char *netbios_do= main_name, > > > - const char *dc_name, > > > - const bool use_kerberos) > > > - { > > > -- uint32_t neg_flags =3D NETLOGON_NEG_AUTH2_ADS_FLAGS; > > > -+ uint32_t neg_flags =3D NETLOGON_NEG_AUTH2_ADS_FLAGS | > > > -+ NETLOGON_NEG_SUPPORTS_AES; > > > - struct cli_state *cli =3D NULL; > > > - struct rpc_pipe_client *pipe_hnd =3D NULL; > > > - struct rpc_pipe_client *netlogon_pipe =3D NULL; > > > ---=20 > > > -1.9.3 > > > - > > > - > > > -From 846a35f004850695ca7c9d4597cd8729bb7c99e3 Mon Sep 17 00:00:00 20= 01 > > > -From: Stefan Metzmacher > > > -Date: Sat, 15 Jun 2013 09:41:52 +0200 > > > -Subject: [PATCH 057/249] s3:rpc_client: try to use NETLOGON_NEG_SUPP= ORTS_AES > > > - > > > -Signed-off-by: Stefan Metzmacher > > > - > > > -Reviewed-by: Andrew Bartlett > > > -(cherry picked from commit 04600634b3e761d7c56f699fd4ba80b4cd2926a1) > > > ---- > > > - source3/rpc_client/cli_netlogon.c | 3 ++- > > > - source3/rpc_client/cli_pipe_schannel.c | 6 ++++-- > > > - 2 files changed, 6 insertions(+), 3 deletions(-) > > > - > > > -diff --git a/source3/rpc_client/cli_netlogon.c b/source3/rpc_client/= cli_netlogon.c > > > -index 3d6a3e1..5e8a2fc 100644 > > > ---- a/source3/rpc_client/cli_netlogon.c > > > -+++ b/source3/rpc_client/cli_netlogon.c > > > -@@ -610,7 +610,8 @@ NTSTATUS rpccli_netlogon_set_trust_password(stru= ct rpc_pipe_client *cli, > > > - struct dcerpc_binding_handle *b =3D cli->binding_handle; > > > -=20 > > > - if (!cli->dc) { > > > -- uint32_t neg_flags =3D NETLOGON_NEG_AUTH2_ADS_FLAGS; > > > -+ uint32_t neg_flags =3D NETLOGON_NEG_AUTH2_ADS_FLAGS | > > > -+ NETLOGON_NEG_SUPPORTS_AES; > > > - result =3D rpccli_netlogon_setup_creds(cli, > > > - cli->desthost, /* server name */ > > > - lp_workgroup(), /* domain */ > > > -diff --git a/source3/rpc_client/cli_pipe_schannel.c b/source3/rpc_cl= ient/cli_pipe_schannel.c > > > -index bc672ef..de745c0 100644 > > > ---- a/source3/rpc_client/cli_pipe_schannel.c > > > -+++ b/source3/rpc_client/cli_pipe_schannel.c > > > -@@ -136,7 +136,8 @@ NTSTATUS cli_rpc_pipe_open_ntlmssp_auth_schannel= (struct cli_state *cli, > > > - const char *password, > > > - struct rpc_pipe_client **presult) > > > - { > > > -- uint32_t neg_flags =3D NETLOGON_NEG_AUTH2_ADS_FLAGS; > > > -+ uint32_t neg_flags =3D NETLOGON_NEG_AUTH2_ADS_FLAGS | > > > -+ NETLOGON_NEG_SUPPORTS_AES; > > > - struct rpc_pipe_client *netlogon_pipe =3D NULL; > > > - struct rpc_pipe_client *result =3D NULL; > > > - NTSTATUS status; > > > -@@ -175,7 +176,8 @@ NTSTATUS cli_rpc_pipe_open_schannel(struct cli_s= tate *cli, > > > - const char *domain, > > > - struct rpc_pipe_client **presult) > > > - { > > > -- uint32_t neg_flags =3D NETLOGON_NEG_AUTH2_ADS_FLAGS; > > > -+ uint32_t neg_flags =3D NETLOGON_NEG_AUTH2_ADS_FLAGS | > > > -+ NETLOGON_NEG_SUPPORTS_AES; > > > - struct rpc_pipe_client *netlogon_pipe =3D NULL; > > > - struct rpc_pipe_client *result =3D NULL; > > > - NTSTATUS status; > > > ---=20 > > > -1.9.3 > > > - > > > - > > > -From a56391bc8cbe1fa9142d0a20f4bf977538f27e67 Mon Sep 17 00:00:00 20= 01 > > > -From: Stefan Metzmacher > > > -Date: Sat, 15 Jun 2013 09:41:52 +0200 > > > -Subject: [PATCH 058/249] s3:rpcclient: try to use NETLOGON_NEG_SUPPO= RTS_AES > > > - > > > -Signed-off-by: Stefan Metzmacher > > > - > > > -Reviewed-by: Andrew Bartlett > > > -(cherry picked from commit e77a64f505fc43628e487e832033d0cd8ec4de8e) > > > ---- > > > - source3/rpcclient/cmd_netlogon.c | 3 ++- > > > - source3/rpcclient/rpcclient.c | 3 ++- > > > - 2 files changed, 4 insertions(+), 2 deletions(-) > > > - > > > -diff --git a/source3/rpcclient/cmd_netlogon.c b/source3/rpcclient/cm= d_netlogon.c > > > -index 01d6da4..d92434b 100644 > > > ---- a/source3/rpcclient/cmd_netlogon.c > > > -+++ b/source3/rpcclient/cmd_netlogon.c > > > -@@ -1120,7 +1120,8 @@ static NTSTATUS cmd_netlogon_database_redo(str= uct rpc_pipe_client *cli, > > > - NTSTATUS status =3D NT_STATUS_UNSUCCESSFUL; > > > - NTSTATUS result; > > > - const char *server_name =3D cli->desthost; > > > -- uint32_t neg_flags =3D NETLOGON_NEG_AUTH2_ADS_FLAGS; > > > -+ uint32_t neg_flags =3D NETLOGON_NEG_AUTH2_ADS_FLAGS | > > > -+ NETLOGON_NEG_SUPPORTS_AES; > > > - struct netr_Authenticator clnt_creds, srv_cred; > > > - struct netr_DELTA_ENUM_ARRAY *delta_enum_array =3D NULL; > > > - unsigned char trust_passwd_hash[16]; > > > -diff --git a/source3/rpcclient/rpcclient.c b/source3/rpcclient/rpccl= ient.c > > > -index 9bf296e..cb7b70f 100644 > > > ---- a/source3/rpcclient/rpcclient.c > > > -+++ b/source3/rpcclient/rpcclient.c > > > -@@ -758,7 +758,8 @@ static NTSTATUS do_cmd(struct cli_state *cli, > > > -=20 > > > - if (ndr_syntax_id_equal(&cmd_entry->table->syntax_id, > > > - &ndr_table_netlogon.syntax_id)) { > > > -- uint32_t neg_flags =3D NETLOGON_NEG_AUTH2_ADS_FLAGS; > > > -+ uint32_t neg_flags =3D NETLOGON_NEG_AUTH2_ADS_FLAGS | > > > -+ NETLOGON_NEG_SUPPORTS_AES; > > > - enum netr_SchannelType sec_channel_type; > > > - uchar trust_password[16]; > > > - const char *machine_account; > > > ---=20 > > > -1.9.3 > > > - > > > - > > > -From 06c4ff36efc63ef014c449602dc314ca4e7016bd Mon Sep 17 00:00:00 20= 01 > > > -From: Stefan Metzmacher > > > -Date: Thu, 25 Apr 2013 19:57:09 +0200 > > > -Subject: [PATCH 059/249] s3:rpc_client: fix/add AES downgrade detect= ion to > > > - rpc_pipe_bind_step_two_done() > > > - > > > -Signed-off-by: Stefan Metzmacher > > > - > > > -Reviewed-by: Andrew Bartlett > > > -(cherry picked from commit 90e28c1825b2c48714d7b34fdb57d3878116d07e) > > > ---- > > > - source3/rpc_client/cli_pipe.c | 19 +++++++------------ > > > - 1 file changed, 7 insertions(+), 12 deletions(-) > > > - > > > -diff --git a/source3/rpc_client/cli_pipe.c b/source3/rpc_client/cli_= pipe.c > > > -index ec804e7..c354a6f 100644 > > > ---- a/source3/rpc_client/cli_pipe.c > > > -+++ b/source3/rpc_client/cli_pipe.c > > > -@@ -1828,8 +1828,7 @@ static void rpc_pipe_bind_step_two_done(struct= tevent_req *subreq) > > > - status =3D dcerpc_netr_LogonGetCapabilities_r_recv(subreq, talloc_= tos()); > > > - TALLOC_FREE(subreq); > > > - if (NT_STATUS_EQUAL(status, NT_STATUS_RPC_PROCNUM_OUT_OF_RANGE)) { > > > -- if (state->cli->dc && state->cli->dc->negotiate_flags & > > > -- NETLOGON_NEG_SUPPORTS_AES) { > > > -+ if (state->creds->negotiate_flags & NETLOGON_NEG_SUPPORTS_AES) { > > > - DEBUG(5, ("AES is not supported and the error was %s\n", > > > - nt_errstr(status))); > > > - tevent_req_nterror(req, > > > -@@ -1880,9 +1879,6 @@ static void rpc_pipe_bind_step_two_done(struct= tevent_req *subreq) > > > - return; > > > - } > > > -=20 > > > -- TALLOC_FREE(state->cli->dc); > > > -- state->cli->dc =3D talloc_steal(state->cli, state->creds); > > > -- > > > - if (!NT_STATUS_IS_OK(state->r.out.result)) { > > > - DEBUG(0, ("dcerpc_netr_LogonGetCapabilities_r_recv failed with %s= \n", > > > - nt_errstr(state->r.out.result))); > > > -@@ -1890,18 +1886,17 @@ static void rpc_pipe_bind_step_two_done(stru= ct tevent_req *subreq) > > > - return; > > > - } > > > -=20 > > > -- if (state->creds->negotiate_flags !=3D > > > -- state->r.out.capabilities->server_capabilities) { > > > -- DEBUG(0, ("The client capabilities don't match the server " > > > -- "capabilities: local[0x%08X] remote[0x%08X]\n", > > > -- state->creds->negotiate_flags, > > > -- state->capabilities.server_capabilities)); > > > -+ if (!(state->creds->negotiate_flags & NETLOGON_NEG_SUPPORTS_AES)) { > > > -+ DEBUG(0, ("netr_LogonGetCapabilities is supported by %s, " > > > -+ "but AES was not negotiated - downgrade detected", > > > -+ state->cli->desthost)); > > > - tevent_req_nterror(req, > > > - NT_STATUS_INVALID_NETWORK_RESPONSE); > > > - return; > > > - } > > > -=20 > > > -- /* TODO: Add downgrade dectection. */ > > > -+ TALLOC_FREE(state->cli->dc); > > > -+ state->cli->dc =3D talloc_move(state->cli, &state->creds); > > > -=20 > > > - tevent_req_done(req); > > > - return; > > > ---=20 > > > -1.9.3 > > > - > > > - > > > -From e6416b9fe5019c3ce1aa8ecf42d73125a049338f Mon Sep 17 00:00:00 20= 01 > > > -From: Stefan Metzmacher > > > -Date: Thu, 25 Apr 2013 19:45:52 +0200 > > > -Subject: [PATCH 060/249] s3:rpc_client: use netlogon_creds_copy befo= re > > > - rpc_pipe_bind > > > - > > > -Signed-off-by: Stefan Metzmacher > > > - > > > -Reviewed-by: Andrew Bartlett > > > -(cherry picked from commit e9c8e3fb92143525f846523e446e2213e5b55d9d) > > > ---- > > > - source3/rpc_client/cli_pipe.c | 24 ++++++++++++------------ > > > - 1 file changed, 12 insertions(+), 12 deletions(-) > > > - > > > -diff --git a/source3/rpc_client/cli_pipe.c b/source3/rpc_client/cli_= pipe.c > > > -index c354a6f..eb172db 100644 > > > ---- a/source3/rpc_client/cli_pipe.c > > > -+++ b/source3/rpc_client/cli_pipe.c > > > -@@ -3047,6 +3047,18 @@ NTSTATUS cli_rpc_pipe_open_schannel_with_key(= struct cli_state *cli, > > > - return status; > > > - } > > > -=20 > > > -+ /* > > > -+ * The credentials on a new netlogon pipe are the ones we are pass= ed > > > -+ * in - copy them over > > > -+ * > > > -+ * This may get overwritten... in rpc_pipe_bind()... > > > -+ */ > > > -+ rpccli->dc =3D netlogon_creds_copy(rpccli, *pdc); > > > -+ if (rpccli->dc =3D=3D NULL) { > > > -+ TALLOC_FREE(rpccli); > > > -+ return NT_STATUS_NO_MEMORY; > > > -+ } > > > -+ > > > - status =3D rpc_pipe_bind(rpccli, rpcauth); > > > - if (!NT_STATUS_IS_OK(status)) { > > > - DEBUG(0, ("cli_rpc_pipe_open_schannel_with_key: " > > > -@@ -3056,18 +3068,6 @@ NTSTATUS cli_rpc_pipe_open_schannel_with_key(= struct cli_state *cli, > > > - return status; > > > - } > > > -=20 > > > -- /* > > > -- * The credentials on a new netlogon pipe are the ones we are pass= ed > > > -- * in - copy them over > > > -- */ > > > -- if (rpccli->dc =3D=3D NULL) { > > > -- rpccli->dc =3D netlogon_creds_copy(rpccli, *pdc); > > > -- if (rpccli->dc =3D=3D NULL) { > > > -- TALLOC_FREE(rpccli); > > > -- return NT_STATUS_NO_MEMORY; > > > -- } > > > -- } > > > -- > > > - DEBUG(10,("cli_rpc_pipe_open_schannel_with_key: opened pipe %s to = machine %s " > > > - "for domain %s and bound using schannel.\n", > > > - get_pipe_name_from_syntax(talloc_tos(), &table->syntax_id), > > > ---=20 > > > -1.9.3 > > > - > > > - > > > -From 1836ea96ed7dd055278fd6cac3f69a06ea979ea2 Mon Sep 17 00:00:00 20= 01 > > > -From: Stefan Metzmacher > > > -Date: Thu, 25 Apr 2013 19:34:13 +0200 > > > -Subject: [PATCH 061/249] s3:rpc_client: add netr_LogonGetCapabilitie= s to > > > - cli_rpc_pipe_open_schannel_with_key() > > > - > > > -Signed-off-by: Stefan Metzmacher > > > - > > > -Reviewed-by: Andrew Bartlett > > > -(cherry picked from commit eecb5bafba5b362d4fdf33d6a2a32e4ee56f30a4) > > > ---- > > > - source3/rpc_client/cli_pipe.c | 101 +++++++++++++++++++++++++++++++= +++++++++++ > > > - 1 file changed, 101 insertions(+) > > > - > > > -diff --git a/source3/rpc_client/cli_pipe.c b/source3/rpc_client/cli_= pipe.c > > > -index eb172db..314eb92 100644 > > > ---- a/source3/rpc_client/cli_pipe.c > > > -+++ b/source3/rpc_client/cli_pipe.c > > > -@@ -3032,6 +3032,11 @@ NTSTATUS cli_rpc_pipe_open_schannel_with_key(= struct cli_state *cli, > > > - struct rpc_pipe_client *rpccli; > > > - struct pipe_auth_data *rpcauth; > > > - NTSTATUS status; > > > -+ NTSTATUS result; > > > -+ struct netlogon_creds_CredentialState save_creds; > > > -+ struct netr_Authenticator auth; > > > -+ struct netr_Authenticator return_auth; > > > -+ union netr_Capabilities capabilities; > > > -=20 > > > - status =3D cli_rpc_pipe_open(cli, transport, table, &rpccli); > > > - if (!NT_STATUS_IS_OK(status)) { > > > -@@ -3068,6 +3073,102 @@ NTSTATUS cli_rpc_pipe_open_schannel_with_key= (struct cli_state *cli, > > > - return status; > > > - } > > > -=20 > > > -+ if (!ndr_syntax_id_equal(&table->syntax_id, &ndr_table_netlogon.sy= ntax_id)) { > > > -+ goto done; > > > -+ } > > > -+ > > > -+ save_creds =3D *rpccli->dc; > > > -+ ZERO_STRUCT(return_auth); > > > -+ ZERO_STRUCT(capabilities); > > > -+ > > > -+ netlogon_creds_client_authenticator(&save_creds, &auth); > > > -+ > > > -+ status =3D dcerpc_netr_LogonGetCapabilities(rpccli->binding_handle, > > > -+ talloc_tos(), > > > -+ rpccli->srv_name_slash, > > > -+ save_creds.computer_name, > > > -+ &auth, &return_auth, > > > -+ 1, &capabilities, > > > -+ &result); > > > -+ if (NT_STATUS_EQUAL(status, NT_STATUS_RPC_PROCNUM_OUT_OF_RANGE)) { > > > -+ if (save_creds.negotiate_flags & NETLOGON_NEG_SUPPORTS_AES) { > > > -+ DEBUG(5, ("AES was negotiated and the error was %s - " > > > -+ "downgrade detected\n", > > > -+ nt_errstr(status))); > > > -+ TALLOC_FREE(rpccli); > > > -+ return NT_STATUS_INVALID_NETWORK_RESPONSE; > > > -+ } > > > -+ > > > -+ /* This is probably an old Samba Version */ > > > -+ DEBUG(5, ("We are checking against an NT or old Samba - %s\n", > > > -+ nt_errstr(status))); > > > -+ goto done; > > > -+ } > > > -+ > > > -+ if (!NT_STATUS_IS_OK(status)) { > > > -+ DEBUG(0, ("dcerpc_netr_LogonGetCapabilities failed with %s\n", > > > -+ nt_errstr(status))); > > > -+ TALLOC_FREE(rpccli); > > > -+ return status; > > > -+ } > > > -+ > > > -+ if (NT_STATUS_EQUAL(result, NT_STATUS_NOT_IMPLEMENTED)) { > > > -+ if (save_creds.negotiate_flags & NETLOGON_NEG_SUPPORTS_AES) { > > > -+ /* This means AES isn't supported. */ > > > -+ DEBUG(5, ("AES was negotiated and the result was %s - " > > > -+ "downgrade detected\n", > > > -+ nt_errstr(result))); > > > -+ TALLOC_FREE(rpccli); > > > -+ return NT_STATUS_INVALID_NETWORK_RESPONSE; > > > -+ } > > > -+ > > > -+ /* This is probably an old Windows version */ > > > -+ DEBUG(5, ("We are checking against an win2k3 or Samba - %s\n", > > > -+ nt_errstr(result))); > > > -+ goto done; > > > -+ } > > > -+ > > > -+ /* > > > -+ * We need to check the credential state here, cause win2k3 and ea= rlier > > > -+ * returns NT_STATUS_NOT_IMPLEMENTED > > > -+ */ > > > -+ if (!netlogon_creds_client_check(&save_creds, &return_auth.cred)) { > > > -+ /* > > > -+ * Server replied with bad credential. Fail. > > > -+ */ > > > -+ DEBUG(0,("cli_rpc_pipe_open_schannel_with_key: server %s " > > > -+ "replied with bad credential\n", > > > -+ rpccli->desthost)); > > > -+ TALLOC_FREE(rpccli); > > > -+ return NT_STATUS_INVALID_NETWORK_RESPONSE; > > > -+ } > > > -+ *rpccli->dc =3D save_creds; > > > -+ > > > -+ if (!NT_STATUS_IS_OK(result)) { > > > -+ DEBUG(0, ("dcerpc_netr_LogonGetCapabilities failed with %s\n", > > > -+ nt_errstr(result))); > > > -+ TALLOC_FREE(rpccli); > > > -+ return result; > > > -+ } > > > -+ > > > -+ if (!(save_creds.negotiate_flags & NETLOGON_NEG_SUPPORTS_AES)) { > > > -+ /* This means AES isn't supported. */ > > > -+ DEBUG(5, ("AES is not negotiated, but netr_LogonGetCapabilities " > > > -+ "was OK - downgrade detected\n")); > > > -+ TALLOC_FREE(rpccli); > > > -+ return NT_STATUS_INVALID_NETWORK_RESPONSE; > > > -+ } > > > -+ > > > -+ if (save_creds.negotiate_flags !=3D capabilities.server_capabiliti= es) { > > > -+ DEBUG(0, ("The client capabilities don't match the server " > > > -+ "capabilities: local[0x%08X] remote[0x%08X]\n", > > > -+ save_creds.negotiate_flags, > > > -+ capabilities.server_capabilities)); > > > -+ TALLOC_FREE(rpccli); > > > -+ return NT_STATUS_INVALID_NETWORK_RESPONSE; > > > -+ } > > > -+ > > > -+done: > > > - DEBUG(10,("cli_rpc_pipe_open_schannel_with_key: opened pipe %s to = machine %s " > > > - "for domain %s and bound using schannel.\n", > > > - get_pipe_name_from_syntax(talloc_tos(), &table->syntax_id), > > > ---=20 > > > -1.9.3 > > > - > > > - > > > -From 675be19880c2ac4bca14d69592ce39bb66a34dec Mon Sep 17 00:00:00 20= 01 > > > -From: Stefan Metzmacher > > > -Date: Thu, 25 Apr 2013 18:30:36 +0200 > > > -Subject: [PATCH 062/249] s3:rpc_client: remove netr_LogonGetCapabili= ties check > > > - from rpc_pipe_bind* > > > - > > > -It's done in the caller now. > > > - > > > -Signed-off-by: Stefan Metzmacher > > > - > > > -Reviewed-by: Andrew Bartlett > > > -(cherry picked from commit 3302356226cca474f0afab9a129220241c16663f) > > > ---- > > > - source3/rpc_client/cli_pipe.c | 150 +------------------------------= ----------- > > > - 1 file changed, 1 insertion(+), 149 deletions(-) > > > - > > > -diff --git a/source3/rpc_client/cli_pipe.c b/source3/rpc_client/cli_= pipe.c > > > -index 314eb92..cba055a 100644 > > > ---- a/source3/rpc_client/cli_pipe.c > > > -+++ b/source3/rpc_client/cli_pipe.c > > > -@@ -1568,15 +1568,9 @@ struct rpc_pipe_bind_state { > > > - DATA_BLOB rpc_out; > > > - bool auth3; > > > - uint32_t rpc_call_id; > > > -- struct netr_Authenticator auth; > > > -- struct netr_Authenticator return_auth; > > > -- struct netlogon_creds_CredentialState *creds; > > > -- union netr_Capabilities capabilities; > > > -- struct netr_LogonGetCapabilities r; > > > - }; > > > -=20 > > > - static void rpc_pipe_bind_step_one_done(struct tevent_req *subreq); > > > --static void rpc_pipe_bind_step_two_trigger(struct tevent_req *req); > > > - static NTSTATUS rpc_bind_next_send(struct tevent_req *req, > > > - struct rpc_pipe_bind_state *state, > > > - DATA_BLOB *credentials); > > > -@@ -1679,14 +1673,11 @@ static void rpc_pipe_bind_step_one_done(stru= ct tevent_req *subreq) > > > -=20 > > > - case DCERPC_AUTH_TYPE_NONE: > > > - case DCERPC_AUTH_TYPE_NCALRPC_AS_SYSTEM: > > > -+ case DCERPC_AUTH_TYPE_SCHANNEL: > > > - /* Bind complete. */ > > > - tevent_req_done(req); > > > - return; > > > -=20 > > > -- case DCERPC_AUTH_TYPE_SCHANNEL: > > > -- rpc_pipe_bind_step_two_trigger(req); > > > -- return; > > > -- > > > - case DCERPC_AUTH_TYPE_NTLMSSP: > > > - case DCERPC_AUTH_TYPE_SPNEGO: > > > - case DCERPC_AUTH_TYPE_KRB5: > > > -@@ -1763,145 +1754,6 @@ err_out: > > > - tevent_req_nterror(req, NT_STATUS_INTERNAL_ERROR); > > > - } > > > -=20 > > > --static void rpc_pipe_bind_step_two_done(struct tevent_req *subreq); > > > -- > > > --static void rpc_pipe_bind_step_two_trigger(struct tevent_req *req) > > > --{ > > > -- struct rpc_pipe_bind_state *state =3D > > > -- tevent_req_data(req, > > > -- struct rpc_pipe_bind_state); > > > -- struct dcerpc_binding_handle *b =3D state->cli->binding_handle; > > > -- struct schannel_state *schannel_auth =3D > > > -- talloc_get_type_abort(state->cli->auth->auth_ctx, > > > -- struct schannel_state); > > > -- struct tevent_req *subreq; > > > -- > > > -- if (schannel_auth =3D=3D NULL || > > > -- !ndr_syntax_id_equal(&state->cli->abstract_syntax, > > > -- &ndr_table_netlogon.syntax_id)) { > > > -- tevent_req_done(req); > > > -- return; > > > -- } > > > -- > > > -- ZERO_STRUCT(state->return_auth); > > > -- > > > -- state->creds =3D netlogon_creds_copy(state, schannel_auth->creds); > > > -- if (state->creds =3D=3D NULL) { > > > -- tevent_req_nterror(req, NT_STATUS_NO_MEMORY); > > > -- return; > > > -- } > > > -- > > > -- netlogon_creds_client_authenticator(state->creds, &state->auth); > > > -- > > > -- state->r.in.server_name =3D state->cli->srv_name_slash; > > > -- state->r.in.computer_name =3D state->creds->computer_name; > > > -- state->r.in.credential =3D &state->auth; > > > -- state->r.in.query_level =3D 1; > > > -- state->r.in.return_authenticator =3D &state->return_auth; > > > -- > > > -- state->r.out.capabilities =3D &state->capabilities; > > > -- state->r.out.return_authenticator =3D &state->return_auth; > > > -- > > > -- subreq =3D dcerpc_netr_LogonGetCapabilities_r_send(talloc_tos(), > > > -- state->ev, > > > -- b, > > > -- &state->r); > > > -- if (subreq =3D=3D NULL) { > > > -- tevent_req_nterror(req, NT_STATUS_NO_MEMORY); > > > -- return; > > > -- } > > > -- > > > -- tevent_req_set_callback(subreq, rpc_pipe_bind_step_two_done, req); > > > -- return; > > > --} > > > -- > > > --static void rpc_pipe_bind_step_two_done(struct tevent_req *subreq) > > > --{ > > > -- struct tevent_req *req =3D > > > -- tevent_req_callback_data(subreq, > > > -- struct tevent_req); > > > -- struct rpc_pipe_bind_state *state =3D > > > -- tevent_req_data(req, > > > -- struct rpc_pipe_bind_state); > > > -- NTSTATUS status; > > > -- > > > -- status =3D dcerpc_netr_LogonGetCapabilities_r_recv(subreq, talloc_= tos()); > > > -- TALLOC_FREE(subreq); > > > -- if (NT_STATUS_EQUAL(status, NT_STATUS_RPC_PROCNUM_OUT_OF_RANGE)) { > > > -- if (state->creds->negotiate_flags & NETLOGON_NEG_SUPPORTS_AES) { > > > -- DEBUG(5, ("AES is not supported and the error was %s\n", > > > -- nt_errstr(status))); > > > -- tevent_req_nterror(req, > > > -- NT_STATUS_INVALID_NETWORK_RESPONSE); > > > -- return; > > > -- } > > > -- > > > -- /* This is probably NT */ > > > -- DEBUG(5, ("We are checking against an NT - %s\n", > > > -- nt_errstr(status))); > > > -- tevent_req_done(req); > > > -- return; > > > -- } else if (!NT_STATUS_IS_OK(status)) { > > > -- DEBUG(0, ("dcerpc_netr_LogonGetCapabilities_r_recv failed with %s= \n", > > > -- nt_errstr(status))); > > > -- tevent_req_nterror(req, status); > > > -- return; > > > -- } > > > -- > > > -- if (NT_STATUS_EQUAL(state->r.out.result, NT_STATUS_NOT_IMPLEMENTED= )) { > > > -- if (state->creds->negotiate_flags & NETLOGON_NEG_SUPPORTS_AES) { > > > -- /* This means AES isn't supported. */ > > > -- DEBUG(5, ("AES is not supported and the error was %s\n", > > > -- nt_errstr(state->r.out.result))); > > > -- tevent_req_nterror(req, > > > -- NT_STATUS_INVALID_NETWORK_RESPONSE); > > > -- return; > > > -- } > > > -- > > > -- /* This is probably an old Samba version */ > > > -- DEBUG(5, ("We are checking against an old Samba version - %s\n", > > > -- nt_errstr(state->r.out.result))); > > > -- tevent_req_done(req); > > > -- return; > > > -- } > > > -- > > > -- /* We need to check the credential state here, cause win2k3 and ea= rlier > > > -- * returns NT_STATUS_NOT_IMPLEMENTED */ > > > -- if (!netlogon_creds_client_check(state->creds, > > > -- &state->r.out.return_authenticator->cred)) { > > > -- /* > > > -- * Server replied with bad credential. Fail. > > > -- */ > > > -- DEBUG(0,("rpc_pipe_bind_step_two_done: server %s " > > > -- "replied with bad credential\n", > > > -- state->cli->desthost)); > > > -- tevent_req_nterror(req, NT_STATUS_UNSUCCESSFUL); > > > -- return; > > > -- } > > > -- > > > -- if (!NT_STATUS_IS_OK(state->r.out.result)) { > > > -- DEBUG(0, ("dcerpc_netr_LogonGetCapabilities_r_recv failed with %s= \n", > > > -- nt_errstr(state->r.out.result))); > > > -- tevent_req_nterror(req, state->r.out.result); > > > -- return; > > > -- } > > > -- > > > -- if (!(state->creds->negotiate_flags & NETLOGON_NEG_SUPPORTS_AES)) { > > > -- DEBUG(0, ("netr_LogonGetCapabilities is supported by %s, " > > > -- "but AES was not negotiated - downgrade detected", > > > -- state->cli->desthost)); > > > -- tevent_req_nterror(req, > > > -- NT_STATUS_INVALID_NETWORK_RESPONSE); > > > -- return; > > > -- } > > > -- > > > -- TALLOC_FREE(state->cli->dc); > > > -- state->cli->dc =3D talloc_move(state->cli, &state->creds); > > > -- > > > -- tevent_req_done(req); > > > -- return; > > > --} > > > -- > > > - static NTSTATUS rpc_bind_next_send(struct tevent_req *req, > > > - struct rpc_pipe_bind_state *state, > > > - DATA_BLOB *auth_token) > > > ---=20 > > > -1.9.3 > > > - > > > - > > > -From f9b4e38b8458ec905b5f78e402f21f23c4a967e1 Mon Sep 17 00:00:00 20= 01 > > > -From: Stefan Metzmacher > > > -Date: Thu, 25 Apr 2013 19:33:28 +0200 > > > -Subject: [PATCH 063/249] s3:rpc_client: remove unused > > > - cli_rpc_pipe_open_ntlmssp_auth_schannel() > > > - > > > -Signed-off-by: Stefan Metzmacher > > > - > > > -Reviewed-by: Andrew Bartlett > > > -(cherry picked from commit 04938cbeecc777f7b799a11f1ca0461b351d968a) > > > ---- > > > - source3/rpc_client/cli_pipe.h | 9 ---- > > > - source3/rpc_client/cli_pipe_schannel.c | 80 -----------------------= ----------- > > > - 2 files changed, 89 deletions(-) > > > - > > > -diff --git a/source3/rpc_client/cli_pipe.h b/source3/rpc_client/cli_= pipe.h > > > -index 8eb6040..ab99373 100644 > > > ---- a/source3/rpc_client/cli_pipe.h > > > -+++ b/source3/rpc_client/cli_pipe.h > > > -@@ -109,15 +109,6 @@ NTSTATUS cli_rpc_pipe_open_schannel_with_key(st= ruct cli_state *cli, > > > - struct netlogon_creds_CredentialState **pdc, > > > - struct rpc_pipe_client **presult); > > > -=20 > > > --NTSTATUS cli_rpc_pipe_open_ntlmssp_auth_schannel(struct cli_state *= cli, > > > -- const struct ndr_interface_table *table, > > > -- enum dcerpc_transport_t transport, > > > -- enum dcerpc_AuthLevel auth_level, > > > -- const char *domain, > > > -- const char *username, > > > -- const char *password, > > > -- struct rpc_pipe_client **presult); > > > -- > > > - NTSTATUS cli_rpc_pipe_open_schannel(struct cli_state *cli, > > > - const struct ndr_interface_table *table, > > > - enum dcerpc_transport_t transport, > > > -diff --git a/source3/rpc_client/cli_pipe_schannel.c b/source3/rpc_cl= ient/cli_pipe_schannel.c > > > -index de745c0..aaae44b 100644 > > > ---- a/source3/rpc_client/cli_pipe_schannel.c > > > -+++ b/source3/rpc_client/cli_pipe_schannel.c > > > -@@ -86,86 +86,6 @@ static NTSTATUS get_schannel_session_key_common(s= truct rpc_pipe_client *netlogon > > > -=20 > > > - /******************************************************************= ********** > > > - Open a named pipe to an SMB server and bind using schannel (bind t= ype 68). > > > -- Fetch the session key ourselves using a temporary netlogon pipe. T= his > > > -- version uses an ntlmssp auth bound netlogon pipe to get the key. > > > -- ******************************************************************= **********/ > > > -- > > > --static NTSTATUS get_schannel_session_key_auth_ntlmssp(struct cli_st= ate *cli, > > > -- const char *domain, > > > -- const char *username, > > > -- const char *password, > > > -- uint32 *pneg_flags, > > > -- struct rpc_pipe_client **presult) > > > --{ > > > -- struct rpc_pipe_client *netlogon_pipe =3D NULL; > > > -- NTSTATUS status; > > > -- > > > -- status =3D cli_rpc_pipe_open_spnego( > > > -- cli, &ndr_table_netlogon, NCACN_NP, > > > -- GENSEC_OID_NTLMSSP, > > > -- DCERPC_AUTH_LEVEL_PRIVACY, > > > -- smbXcli_conn_remote_name(cli->conn), > > > -- domain, username, password, &netlogon_pipe); > > > -- if (!NT_STATUS_IS_OK(status)) { > > > -- return status; > > > -- } > > > -- > > > -- status =3D get_schannel_session_key_common(netlogon_pipe, cli, dom= ain, > > > -- pneg_flags); > > > -- if (!NT_STATUS_IS_OK(status)) { > > > -- TALLOC_FREE(netlogon_pipe); > > > -- return status; > > > -- } > > > -- > > > -- *presult =3D netlogon_pipe; > > > -- return NT_STATUS_OK; > > > --} > > > -- > > > --/******************************************************************= ********** > > > -- Open a named pipe to an SMB server and bind using schannel (bind t= ype 68). > > > -- Fetch the session key ourselves using a temporary netlogon pipe. T= his version > > > -- uses an ntlmssp bind to get the session key. > > > -- ******************************************************************= **********/ > > > -- > > > --NTSTATUS cli_rpc_pipe_open_ntlmssp_auth_schannel(struct cli_state *= cli, > > > -- const struct ndr_interface_table *table, > > > -- enum dcerpc_transport_t transport, > > > -- enum dcerpc_AuthLevel auth_level, > > > -- const char *domain, > > > -- const char *username, > > > -- const char *password, > > > -- struct rpc_pipe_client **presult) > > > --{ > > > -- uint32_t neg_flags =3D NETLOGON_NEG_AUTH2_ADS_FLAGS | > > > -- NETLOGON_NEG_SUPPORTS_AES; > > > -- struct rpc_pipe_client *netlogon_pipe =3D NULL; > > > -- struct rpc_pipe_client *result =3D NULL; > > > -- NTSTATUS status; > > > -- > > > -- status =3D get_schannel_session_key_auth_ntlmssp( > > > -- cli, domain, username, password, &neg_flags, &netlogon_pipe); > > > -- if (!NT_STATUS_IS_OK(status)) { > > > -- DEBUG(0,("cli_rpc_pipe_open_ntlmssp_auth_schannel: failed to get = schannel session " > > > -- "key from server %s for domain %s.\n", > > > -- smbXcli_conn_remote_name(cli->conn), domain )); > > > -- return status; > > > -- } > > > -- > > > -- status =3D cli_rpc_pipe_open_schannel_with_key( > > > -- cli, table, transport, auth_level, domain, &netlogon_pipe->dc, > > > -- &result); > > > -- > > > -- /* Now we've bound using the session key we can close the netlog p= ipe. */ > > > -- TALLOC_FREE(netlogon_pipe); > > > -- > > > -- if (NT_STATUS_IS_OK(status)) { > > > -- *presult =3D result; > > > -- } > > > -- return status; > > > --} > > > -- > > > --/******************************************************************= ********** > > > -- Open a named pipe to an SMB server and bind using schannel (bind t= ype 68). > > > - Fetch the session key ourselves using a temporary netlogon pipe. > > > - ******************************************************************= **********/ > > > -=20 > > > ---=20 > > > -1.9.3 > > > - > > > - > > > -From 35d07a4d7ca15e4cf22f7cc96d6958c9856dc0a0 Mon Sep 17 00:00:00 20= 01 > > > -From: Stefan Metzmacher > > > -Date: Sat, 3 Aug 2013 11:26:13 +0200 > > > -Subject: [PATCH 064/249] auth/gensec: first check GENSEC_FEATURE_SES= SION_KEY > > > - before returning NOT_IMPLEMENTED > > > - > > > -Preferr NT_STATUS_NO_USER_SESSION_KEY as return value of gensec_sess= ion_key(). > > > - > > > -Signed-off-by: Stefan Metzmacher > > > - > > > -Reviewed-by: Andrew Bartlett > > > -(cherry picked from commit 45c74c8084d2db14fef6a79cd98068be2ab73f30) > > > ---- > > > - auth/gensec/gensec.c | 7 ++++--- > > > - 1 file changed, 4 insertions(+), 3 deletions(-) > > > - > > > -diff --git a/auth/gensec/gensec.c b/auth/gensec/gensec.c > > > -index ea62861..9a8f0ef 100644 > > > ---- a/auth/gensec/gensec.c > > > -+++ b/auth/gensec/gensec.c > > > -@@ -155,13 +155,14 @@ _PUBLIC_ NTSTATUS gensec_session_key(struct ge= nsec_security *gensec_security, > > > - TALLOC_CTX *mem_ctx, > > > - DATA_BLOB *session_key) > > > - { > > > -- if (!gensec_security->ops->session_key) { > > > -- return NT_STATUS_NOT_IMPLEMENTED; > > > -- } > > > - if (!gensec_have_feature(gensec_security, GENSEC_FEATURE_SESSION_K= EY)) { > > > - return NT_STATUS_NO_USER_SESSION_KEY; > > > - } > > > -=20 > > > -+ if (!gensec_security->ops->session_key) { > > > -+ return NT_STATUS_NOT_IMPLEMENTED; > > > -+ } > > > -+ > > > - return gensec_security->ops->session_key(gensec_security, mem_ctx,= session_key); > > > - } > > > -=20 > > > ---=20 > > > -1.9.3 > > > - > > > - > > > -From 6eda030bd26347cef3fb670b0876956c97c00bfa Mon Sep 17 00:00:00 20= 01 > > > -From: Stefan Metzmacher > > > -Date: Sat, 3 Aug 2013 11:43:58 +0200 > > > -Subject: [PATCH 065/249] auth/gensec: add gensec_security_by_auth_ty= pe() > > > - > > > -Signed-off-by: Stefan Metzmacher > > > - > > > -Reviewed-by: Andrew Bartlett > > > -(cherry picked from commit 59b09564a7edac8dc241269587146342244ce58b) > > > ---- > > > - auth/gensec/gensec.h | 3 +++ > > > - auth/gensec/gensec_start.c | 26 ++++++++++++++++++++++++++ > > > - 2 files changed, 29 insertions(+) > > > - > > > -diff --git a/auth/gensec/gensec.h b/auth/gensec/gensec.h > > > -index 396a16d..c080861 100644 > > > ---- a/auth/gensec/gensec.h > > > -+++ b/auth/gensec/gensec.h > > > -@@ -268,6 +268,9 @@ const struct gensec_security_ops *gensec_securit= y_by_oid(struct gensec_security > > > - const char *oid_string); > > > - const struct gensec_security_ops *gensec_security_by_sasl_name(stru= ct gensec_security *gensec_security, > > > - const char *sasl_name); > > > -+const struct gensec_security_ops *gensec_security_by_auth_type( > > > -+ struct gensec_security *gensec_security, > > > -+ uint32_t auth_type); > > > - struct gensec_security_ops **gensec_security_mechs(struct gensec_se= curity *gensec_security, > > > - TALLOC_CTX *mem_ctx); > > > - const struct gensec_security_ops_wrapper *gensec_security_by_oid_li= st( > > > -diff --git a/auth/gensec/gensec_start.c b/auth/gensec/gensec_start.c > > > -index e46f0ee..c2cfa1c 100644 > > > ---- a/auth/gensec/gensec_start.c > > > -+++ b/auth/gensec/gensec_start.c > > > -@@ -246,6 +246,32 @@ _PUBLIC_ const struct gensec_security_ops *gens= ec_security_by_sasl_name( > > > - return NULL; > > > - } > > > -=20 > > > -+_PUBLIC_ const struct gensec_security_ops *gensec_security_by_auth_= type( > > > -+ struct gensec_security *gensec_security, > > > -+ uint32_t auth_type) > > > -+{ > > > -+ int i; > > > -+ struct gensec_security_ops **backends; > > > -+ const struct gensec_security_ops *backend; > > > -+ TALLOC_CTX *mem_ctx =3D talloc_new(gensec_security); > > > -+ if (!mem_ctx) { > > > -+ return NULL; > > > -+ } > > > -+ backends =3D gensec_security_mechs(gensec_security, mem_ctx); > > > -+ for (i=3D0; backends && backends[i]; i++) { > > > -+ if (!gensec_security_ops_enabled(backends[i], gensec_security)) > > > -+ continue; > > > -+ if (backends[i]->auth_type =3D=3D auth_type) { > > > -+ backend =3D backends[i]; > > > -+ talloc_free(mem_ctx); > > > -+ return backend; > > > -+ } > > > -+ } > > > -+ talloc_free(mem_ctx); > > > -+ > > > -+ return NULL; > > > -+} > > > -+ > > > - static const struct gensec_security_ops *gensec_security_by_name(st= ruct gensec_security *gensec_security, > > > - const char *name) > > > - { > > > ---=20 > > > -1.9.3 > > > - > > > - > > > -From f4e1506ed3a032d38605207f592cbc4ece93a414 Mon Sep 17 00:00:00 20= 01 > > > -From: Stefan Metzmacher > > > -Date: Wed, 24 Apr 2013 12:33:28 +0200 > > > -Subject: [PATCH 066/249] libcli/auth: maintain the sequence number f= or the > > > - NETLOGON SSP as 64bit > > > - > > > -See [MS-NPRC] 3.3.4.2 The Netlogon Signature Token. > > > - > > > -Signed-off-by: Stefan Metzmacher > > > - > > > -Reviewed-by: Andrew Bartlett > > > -(cherry picked from commit 9f2e81ae02549369db49c05edf7071612a03a8b8) > > > ---- > > > - libcli/auth/schannel.h | 2 +- > > > - libcli/auth/schannel_sign.c | 17 +++++++++++++---- > > > - source3/librpc/rpc/dcerpc_helpers.c | 4 ++-- > > > - 3 files changed, 16 insertions(+), 7 deletions(-) > > > - > > > -diff --git a/libcli/auth/schannel.h b/libcli/auth/schannel.h > > > -index bfccd95..271b5bb 100644 > > > ---- a/libcli/auth/schannel.h > > > -+++ b/libcli/auth/schannel.h > > > -@@ -30,7 +30,7 @@ enum schannel_position { > > > -=20 > > > - struct schannel_state { > > > - enum schannel_position state; > > > -- uint32_t seq_num; > > > -+ uint64_t seq_num; > > > - bool initiator; > > > - struct netlogon_creds_CredentialState *creds; > > > - }; > > > -diff --git a/libcli/auth/schannel_sign.c b/libcli/auth/schannel_sign= =2Ec > > > -index 1871da2..6e5d454 100644 > > > ---- a/libcli/auth/schannel_sign.c > > > -+++ b/libcli/auth/schannel_sign.c > > > -@@ -24,6 +24,17 @@ > > > - #include "../libcli/auth/schannel.h" > > > - #include "../lib/crypto/crypto.h" > > > -=20 > > > -+#define SETUP_SEQNUM(state, buf, initiator) do { \ > > > -+ uint8_t *_buf =3D buf; \ > > > -+ uint32_t _seq_num_low =3D (state)->seq_num & UINT32_MAX; \ > > > -+ uint32_t _seq_num_high =3D (state)->seq_num >> 32; \ > > > -+ if (initiator) { \ > > > -+ _seq_num_high |=3D 0x80000000; \ > > > -+ } \ > > > -+ RSIVAL(_buf, 0, _seq_num_low); \ > > > -+ RSIVAL(_buf, 4, _seq_num_high); \ > > > -+} while(0) > > > -+ > > > - static void netsec_offset_and_sizes(struct schannel_state *state, > > > - bool do_seal, > > > - uint32_t *_min_sig_size, > > > -@@ -255,8 +266,7 @@ NTSTATUS netsec_incoming_packet(struct schannel_= state *state, > > > - confounder =3D NULL; > > > - } > > > -=20 > > > -- RSIVAL(seq_num, 0, state->seq_num); > > > -- SIVAL(seq_num, 4, state->initiator?0:0x80); > > > -+ SETUP_SEQNUM(state, seq_num, !state->initiator); > > > -=20 > > > - if (do_unseal) { > > > - netsec_do_seal(state, seq_num, > > > -@@ -325,8 +335,7 @@ NTSTATUS netsec_outgoing_packet(struct schannel_= state *state, > > > - &checksum_length, > > > - &confounder_ofs); > > > -=20 > > > -- RSIVAL(seq_num, 0, state->seq_num); > > > -- SIVAL(seq_num, 4, state->initiator?0x80:0); > > > -+ SETUP_SEQNUM(state, seq_num, state->initiator); > > > -=20 > > > - if (do_seal) { > > > - confounder =3D _confounder; > > > -diff --git a/source3/librpc/rpc/dcerpc_helpers.c b/source3/librpc/rp= c/dcerpc_helpers.c > > > -index a55e419..0095990 100644 > > > ---- a/source3/librpc/rpc/dcerpc_helpers.c > > > -+++ b/source3/librpc/rpc/dcerpc_helpers.c > > > -@@ -462,8 +462,8 @@ static NTSTATUS add_schannel_auth_footer(struct = schannel_state *sas, > > > - return NT_STATUS_INVALID_PARAMETER; > > > - } > > > -=20 > > > -- DEBUG(10,("add_schannel_auth_footer: SCHANNEL seq_num=3D%d\n", > > > -- sas->seq_num)); > > > -+ DEBUG(10,("add_schannel_auth_footer: SCHANNEL seq_num=3D%llu\n", > > > -+ (unsigned long long)sas->seq_num)); > > > -=20 > > > - switch (auth_level) { > > > - case DCERPC_AUTH_LEVEL_PRIVACY: > > > ---=20 > > > -1.9.3 > > > - > > > - > > > -From f99afc1924dbb267e696bbdf26db606a8c77f093 Mon Sep 17 00:00:00 20= 01 > > > -From: Stefan Metzmacher > > > -Date: Fri, 2 Aug 2013 12:53:42 +0200 > > > -Subject: [PATCH 067/249] libcli/auth: add netsec_create_state() > > > - > > > -Signed-off-by: Stefan Metzmacher > > > - > > > -Reviewed-by: Andrew Bartlett > > > -(cherry picked from commit 33215398f32c76f4b8ada7b547c6d0741cb2ac16) > > > ---- > > > - libcli/auth/schannel_proto.h | 3 +++ > > > - libcli/auth/schannel_sign.c | 23 +++++++++++++++++++++++ > > > - 2 files changed, 26 insertions(+) > > > - > > > -diff --git a/libcli/auth/schannel_proto.h b/libcli/auth/schannel_pro= to.h > > > -index 0414218..da76559 100644 > > > ---- a/libcli/auth/schannel_proto.h > > > -+++ b/libcli/auth/schannel_proto.h > > > -@@ -28,6 +28,9 @@ struct schannel_state; > > > - struct db_context *open_schannel_session_store(TALLOC_CTX *mem_ctx, > > > - struct loadparm_context *lp_ctx); > > > -=20 > > > -+struct schannel_state *netsec_create_state(TALLOC_CTX *mem_ctx, > > > -+ struct netlogon_creds_CredentialState *creds, > > > -+ bool initiator); > > > - NTSTATUS netsec_incoming_packet(struct schannel_state *state, > > > - bool do_unseal, > > > - uint8_t *data, size_t length, > > > -diff --git a/libcli/auth/schannel_sign.c b/libcli/auth/schannel_sign= =2Ec > > > -index 6e5d454..518a6a9 100644 > > > ---- a/libcli/auth/schannel_sign.c > > > -+++ b/libcli/auth/schannel_sign.c > > > -@@ -35,6 +35,29 @@ > > > - RSIVAL(_buf, 4, _seq_num_high); \ > > > - } while(0) > > > -=20 > > > -+struct schannel_state *netsec_create_state(TALLOC_CTX *mem_ctx, > > > -+ struct netlogon_creds_CredentialState *creds, > > > -+ bool initiator) > > > -+{ > > > -+ struct schannel_state *state; > > > -+ > > > -+ state =3D talloc(mem_ctx, struct schannel_state); > > > -+ if (state =3D=3D NULL) { > > > -+ return NULL; > > > -+ } > > > -+ > > > -+ state->state =3D SCHANNEL_STATE_UPDATE_1; > > > -+ state->initiator =3D initiator; > > > -+ state->seq_num =3D 0; > > > -+ state->creds =3D netlogon_creds_copy(state, creds); > > > -+ if (state->creds =3D=3D NULL) { > > > -+ talloc_free(state); > > > -+ return NULL; > > > -+ } > > > -+ > > > -+ return state; > > > -+} > > > -+ > > > - static void netsec_offset_and_sizes(struct schannel_state *state, > > > - bool do_seal, > > > - uint32_t *_min_sig_size, > > > ---=20 > > > -1.9.3 > > > - > > > - > > > -From f13417a00173fcde96417773a1a551caced24c8b Mon Sep 17 00:00:00 20= 01 > > > -From: Stefan Metzmacher > > > -Date: Fri, 2 Aug 2013 13:28:11 +0200 > > > -Subject: [PATCH 068/249] s3:cli_pipe: make use of netsec_create_stat= e() > > > - > > > -Signed-off-by: Stefan Metzmacher > > > - > > > -Reviewed-by: Andrew Bartlett > > > -(cherry picked from commit e96142fc439efb7c90719f9c387778c4218ae637) > > > ---- > > > - source3/rpc_client/cli_pipe.c | 9 +-------- > > > - 1 file changed, 1 insertion(+), 8 deletions(-) > > > - > > > -diff --git a/source3/rpc_client/cli_pipe.c b/source3/rpc_client/cli_= pipe.c > > > -index cba055a..9e979b0 100644 > > > ---- a/source3/rpc_client/cli_pipe.c > > > -+++ b/source3/rpc_client/cli_pipe.c > > > -@@ -2271,18 +2271,11 @@ static NTSTATUS rpccli_schannel_bind_data(TA= LLOC_CTX *mem_ctx, > > > - goto fail; > > > - } > > > -=20 > > > -- schannel_auth =3D talloc_zero(result, struct schannel_state); > > > -+ schannel_auth =3D netsec_create_state(result, creds, true /* initi= ator */); > > > - if (schannel_auth =3D=3D NULL) { > > > - goto fail; > > > - } > > > -=20 > > > -- schannel_auth->state =3D SCHANNEL_STATE_START; > > > -- schannel_auth->initiator =3D true; > > > -- schannel_auth->creds =3D netlogon_creds_copy(schannel_auth, creds); > > > -- if (schannel_auth->creds =3D=3D NULL) { > > > -- goto fail; > > > -- } > > > -- > > > - result->auth_ctx =3D schannel_auth; > > > - *presult =3D result; > > > - return NT_STATUS_OK; > > > ---=20 > > > -1.9.3 > > > - > > > - > > > -From becf68bc072fdfab4489326d148775ebdbe27fda Mon Sep 17 00:00:00 20= 01 > > > -From: Stefan Metzmacher > > > -Date: Fri, 2 Aug 2013 13:28:59 +0200 > > > -Subject: [PATCH 069/249] s3:cli_pipe: pass down creds->computer_name= to > > > - NL_AUTH_MESSAGE > > > - > > > -We need to use the same computer_name value as in the netr_Authentic= ate3() > > > -request. > > > - > > > -We abuse cli->auth->user_name to pass the value down. > > > - > > > -Signed-off-by: Stefan Metzmacher > > > - > > > -Reviewed-by: Andrew Bartlett > > > -(cherry picked from commit 838cb539621ef19cac6badb4b10678dcc3a6f68a) > > > ---- > > > - source3/rpc_client/cli_pipe.c | 13 ++++++------- > > > - 1 file changed, 6 insertions(+), 7 deletions(-) > > > - > > > -diff --git a/source3/rpc_client/cli_pipe.c b/source3/rpc_client/cli_= pipe.c > > > -index 9e979b0..1de71fb 100644 > > > ---- a/source3/rpc_client/cli_pipe.c > > > -+++ b/source3/rpc_client/cli_pipe.c > > > -@@ -1027,13 +1027,12 @@ static NTSTATUS create_schannel_auth_rpc_bin= d_req(struct rpc_pipe_client *cli, > > > - NTSTATUS status; > > > - struct NL_AUTH_MESSAGE r; > > > -=20 > > > -- /* Use lp_workgroup() if domain not specified */ > > > -+ if (!cli->auth->user_name || !cli->auth->user_name[0]) { > > > -+ return NT_STATUS_INVALID_PARAMETER_MIX; > > > -+ } > > > -=20 > > > - if (!cli->auth->domain || !cli->auth->domain[0]) { > > > -- cli->auth->domain =3D talloc_strdup(cli, lp_workgroup()); > > > -- if (cli->auth->domain =3D=3D NULL) { > > > -- return NT_STATUS_NO_MEMORY; > > > -- } > > > -+ return NT_STATUS_INVALID_PARAMETER_MIX; > > > - } > > > -=20 > > > - /* > > > -@@ -1044,7 +1043,7 @@ static NTSTATUS create_schannel_auth_rpc_bind_= req(struct rpc_pipe_client *cli, > > > - r.Flags =3D NL_FLAG_OEM_NETBIOS_DOMAIN_NAME | > > > - NL_FLAG_OEM_NETBIOS_COMPUTER_NAME; > > > - r.oem_netbios_domain.a =3D cli->auth->domain; > > > -- r.oem_netbios_computer.a =3D lp_netbios_name(); > > > -+ r.oem_netbios_computer.a =3D cli->auth->user_name; > > > -=20 > > > - status =3D dcerpc_push_schannel_bind(cli, &r, auth_token); > > > - if (!NT_STATUS_IS_OK(status)) { > > > -@@ -2265,7 +2264,7 @@ static NTSTATUS rpccli_schannel_bind_data(TALL= OC_CTX *mem_ctx, > > > - result->auth_type =3D DCERPC_AUTH_TYPE_SCHANNEL; > > > - result->auth_level =3D auth_level; > > > -=20 > > > -- result->user_name =3D talloc_strdup(result, ""); > > > -+ result->user_name =3D talloc_strdup(result, creds->computer_name); > > > - result->domain =3D talloc_strdup(result, domain); > > > - if ((result->user_name =3D=3D NULL) || (result->domain =3D=3D NULL= )) { > > > - goto fail; > > > ---=20 > > > -1.9.3 > > > - > > > - > > > -From b447ab32047f33d306ee891d1d3fe2ae5a8c56f1 Mon Sep 17 00:00:00 20= 01 > > > -From: Stefan Metzmacher > > > -Date: Sat, 3 Aug 2013 08:50:54 +0200 > > > -Subject: [PATCH 070/249] s3:cli_pipe.c: return NO_USER_SESSION_KEY in > > > - cli_get_session_key() for schannel > > > - > > > -SCHANNEL connections don't have a user session key, > > > -they're like anonymous connections. > > > - > > > -Signed-off-by: Stefan Metzmacher > > > - > > > -Reviewed-by: Andrew Bartlett > > > -(cherry picked from commit af4dc306846a30a5a1201306cc2cbf4d494e16e7) > > > ---- > > > - source3/rpc_client/cli_pipe.c | 7 ------- > > > - 1 file changed, 7 deletions(-) > > > - > > > -diff --git a/source3/rpc_client/cli_pipe.c b/source3/rpc_client/cli_= pipe.c > > > -index 1de71fb..470469f 100644 > > > ---- a/source3/rpc_client/cli_pipe.c > > > -+++ b/source3/rpc_client/cli_pipe.c > > > -@@ -3091,7 +3091,6 @@ NTSTATUS cli_get_session_key(TALLOC_CTX *mem_c= tx, > > > - { > > > - NTSTATUS status; > > > - struct pipe_auth_data *a; > > > -- struct schannel_state *schannel_auth; > > > - struct gensec_security *gensec_security; > > > - DATA_BLOB sk =3D data_blob_null; > > > - bool make_dup =3D false; > > > -@@ -3107,12 +3106,6 @@ NTSTATUS cli_get_session_key(TALLOC_CTX *mem_= ctx, > > > - } > > > -=20 > > > - switch (cli->auth->auth_type) { > > > -- case DCERPC_AUTH_TYPE_SCHANNEL: > > > -- schannel_auth =3D talloc_get_type_abort(a->auth_ctx, > > > -- struct schannel_state); > > > -- sk =3D data_blob_const(schannel_auth->creds->session_key, 16); > > > -- make_dup =3D true; > > > -- break; > > > - case DCERPC_AUTH_TYPE_SPNEGO: > > > - case DCERPC_AUTH_TYPE_NTLMSSP: > > > - case DCERPC_AUTH_TYPE_KRB5: > > > ---=20 > > > -1.9.3 > > > - > > > - > > > -From abebeb10c26f6fa7e61c56553ce1e52b5d45937a Mon Sep 17 00:00:00 20= 01 > > > -From: Stefan Metzmacher > > > -Date: Fri, 2 Aug 2013 13:33:37 +0200 > > > -Subject: [PATCH 071/249] s3:rpc_server: make use of netsec_create_st= ate() > > > - > > > -Signed-off-by: Stefan Metzmacher > > > - > > > -Reviewed-by: Andrew Bartlett > > > -(cherry picked from commit a964309bf7631f4f6953e0d6556f8ed8e5300dcc) > > > ---- > > > - source3/rpc_server/srv_pipe.c | 12 ++++-------- > > > - 1 file changed, 4 insertions(+), 8 deletions(-) > > > - > > > -diff --git a/source3/rpc_server/srv_pipe.c b/source3/rpc_server/srv_= pipe.c > > > -index 7daff04..9043a14 100644 > > > ---- a/source3/rpc_server/srv_pipe.c > > > -+++ b/source3/rpc_server/srv_pipe.c > > > -@@ -462,8 +462,8 @@ static bool pipe_schannel_auth_bind(struct pipes= _struct *p, > > > - */ > > > -=20 > > > - become_root(); > > > -- status =3D schannel_get_creds_state(p, lp_ctx, > > > -- neg.oem_netbios_computer.a, &creds); > > > -+ status =3D schannel_get_creds_state(p->mem_ctx, lp_ctx, > > > -+ neg.oem_netbios_computer.a, &creds); > > > - unbecome_root(); > > > - =09 > > > - talloc_unlink(p, lp_ctx); > > > -@@ -472,16 +472,12 @@ static bool pipe_schannel_auth_bind(struct pip= es_struct *p, > > > - return False; > > > - } > > > -=20 > > > -- schannel_auth =3D talloc_zero(p, struct schannel_state); > > > -+ schannel_auth =3D netsec_create_state(p, creds, false /* not initi= ator */); > > > -+ TALLOC_FREE(creds); > > > - if (!schannel_auth) { > > > -- TALLOC_FREE(creds); > > > - return False; > > > - } > > > -=20 > > > -- schannel_auth->state =3D SCHANNEL_STATE_START; > > > -- schannel_auth->initiator =3D false; > > > -- schannel_auth->creds =3D creds; > > > -- > > > - /* > > > - * JRA. Should we also copy the schannel session key into the pipe= session key p->session_key > > > - * here ? We do that for NTLMSSP, but the session key is already s= et up from the vuser > > > ---=20 > > > -1.9.3 > > > - > > > - > > > -From b567c4ef93de5c098d724c15b614f5f233903812 Mon Sep 17 00:00:00 20= 01 > > > -From: Stefan Metzmacher > > > -Date: Fri, 2 Aug 2013 13:36:30 +0200 > > > -Subject: [PATCH 072/249] s3:dcerpc_helpers: remove unused DEBUG mess= age of > > > - schannel_state->seq_num. > > > - > > > -This is a layer violation and not needed anymore as we know > > > -how the seqnum handling works now. > > > - > > > -Signed-off-by: Stefan Metzmacher > > > - > > > -Reviewed-by: Andrew Bartlett > > > -(cherry picked from commit a36ccdc83edb7437dd00601c459421286fd79db4) > > > ---- > > > - source3/librpc/rpc/dcerpc_helpers.c | 3 --- > > > - 1 file changed, 3 deletions(-) > > > - > > > -diff --git a/source3/librpc/rpc/dcerpc_helpers.c b/source3/librpc/rp= c/dcerpc_helpers.c > > > -index 0095990..97999d7 100644 > > > ---- a/source3/librpc/rpc/dcerpc_helpers.c > > > -+++ b/source3/librpc/rpc/dcerpc_helpers.c > > > -@@ -462,9 +462,6 @@ static NTSTATUS add_schannel_auth_footer(struct = schannel_state *sas, > > > - return NT_STATUS_INVALID_PARAMETER; > > > - } > > > -=20 > > > -- DEBUG(10,("add_schannel_auth_footer: SCHANNEL seq_num=3D%llu\n", > > > -- (unsigned long long)sas->seq_num)); > > > -- > > > - switch (auth_level) { > > > - case DCERPC_AUTH_LEVEL_PRIVACY: > > > - status =3D netsec_outgoing_packet(sas, > > > ---=20 > > > -1.9.3 > > > - > > > - > > > -From e044773b51b76b3582669ee7e3a388d6471e2f2e Mon Sep 17 00:00:00 20= 01 > > > -From: Stefan Metzmacher > > > -Date: Fri, 2 Aug 2013 10:08:54 +0200 > > > -Subject: [PATCH 073/249] s4:libnet: avoid usage of dcerpc_schannel_c= reds() > > > - > > > -We use cli_credentials_get_netlogon_creds() which returns the same v= alue. > > > - > > > -dcerpc_schannel_creds() is a layer violation. > > > - > > > -Signed-off-by: Stefan Metzmacher > > > - > > > -Reviewed-by: Andrew Bartlett > > > -(cherry picked from commit c0144273af8f0956a05d102113c40cec77069f7a) > > > ---- > > > - source4/libnet/libnet_samsync.c | 7 +++---- > > > - 1 file changed, 3 insertions(+), 4 deletions(-) > > > - > > > -diff --git a/source4/libnet/libnet_samsync.c b/source4/libnet/libnet= _samsync.c > > > -index 9629b9f..206d81e 100644 > > > ---- a/source4/libnet/libnet_samsync.c > > > -+++ b/source4/libnet/libnet_samsync.c > > > -@@ -25,7 +25,6 @@ > > > - #include "libcli/auth/libcli_auth.h" > > > - #include "../libcli/samsync/samsync.h" > > > - #include "auth/gensec/gensec.h" > > > --#include "auth/gensec/schannel.h" > > > - #include "auth/credentials/credentials.h" > > > - #include "libcli/auth/schannel.h" > > > - #include "librpc/gen_ndr/ndr_netlogon.h" > > > -@@ -183,9 +182,9 @@ NTSTATUS libnet_SamSync_netlogon(struct libnet_c= ontext *ctx, TALLOC_CTX *mem_ctx > > > -=20 > > > - /* get NETLOGON credentials */ > > > -=20 > > > -- nt_status =3D dcerpc_schannel_creds(p->conn->security_state.generi= c_state, samsync_ctx, &creds); > > > -- if (!NT_STATUS_IS_OK(nt_status)) { > > > -- r->out.error_string =3D talloc_strdup(mem_ctx, "Could not obtain = NETLOGON credentials from DCERPC/GENSEC layer"); > > > -+ creds =3D cli_credentials_get_netlogon_creds(machine_account); > > > -+ if (creds =3D=3D NULL) { > > > -+ r->out.error_string =3D talloc_strdup(mem_ctx, "Could not obtain = NETLOGON credentials from credentials"); > > > - talloc_free(samsync_ctx); > > > - return nt_status; > > > - } > > > ---=20 > > > -1.9.3 > > > - > > > - > > > -From 322dc86454fc4e60de641ef02da2c2744c347001 Mon Sep 17 00:00:00 20= 01 > > > -From: Stefan Metzmacher > > > -Date: Fri, 2 Aug 2013 10:08:54 +0200 > > > -Subject: [PATCH 074/249] s4:torture: avoid usage of dcerpc_schannel_= creds() > > > - > > > -We use cli_credentials_get_netlogon_creds() which returns the same v= alue. > > > - > > > -dcerpc_schannel_creds() is a layer violation. > > > - > > > -Signed-off-by: Stefan Metzmacher > > > - > > > -Reviewed-by: Andrew Bartlett > > > -(cherry picked from commit 2ea3a24dced0814100e352bbbca124011be73602) > > > ---- > > > - source4/torture/rpc/samlogon.c | 5 ++--- > > > - source4/torture/rpc/samr.c | 6 +++--- > > > - source4/torture/rpc/samsync.c | 11 ++++------- > > > - source4/torture/rpc/schannel.c | 6 ++---- > > > - 4 files changed, 11 insertions(+), 17 deletions(-) > > > - > > > -diff --git a/source4/torture/rpc/samlogon.c b/source4/torture/rpc/sa= mlogon.c > > > -index 4861038..886ff39 100644 > > > ---- a/source4/torture/rpc/samlogon.c > > > -+++ b/source4/torture/rpc/samlogon.c > > > -@@ -29,7 +29,6 @@ > > > - #include "lib/cmdline/popt_common.h" > > > - #include "torture/rpc/torture_rpc.h" > > > - #include "auth/gensec/gensec.h" > > > --#include "auth/gensec/schannel.h" > > > - #include "libcli/auth/libcli_auth.h" > > > - #include "param/param.h" > > > -=20 > > > -@@ -1764,8 +1763,8 @@ bool torture_rpc_samlogon(struct torture_conte= xt *torture) > > > - torture_assert_ntstatus_ok_goto(torture, status, ret, failed, > > > - talloc_asprintf(torture, "RPC pipe connect as domain member faile= d: %s\n", nt_errstr(status))); > > > -=20 > > > -- status =3D dcerpc_schannel_creds(p->conn->security_state.generic_s= tate, mem_ctx, &creds); > > > -- if (!NT_STATUS_IS_OK(status)) { > > > -+ creds =3D cli_credentials_get_netlogon_creds(machine_credentials); > > > -+ if (creds =3D=3D NULL) { > > > - ret =3D false; > > > - goto failed; > > > - } > > > -diff --git a/source4/torture/rpc/samr.c b/source4/torture/rpc/samr.c > > > -index cdfa2b8..d4d64f9 100644 > > > ---- a/source4/torture/rpc/samr.c > > > -+++ b/source4/torture/rpc/samr.c > > > -@@ -37,7 +37,6 @@ > > > - #include "torture/rpc/torture_rpc.h" > > > - #include "param/param.h" > > > - #include "auth/gensec/gensec.h" > > > --#include "auth/gensec/schannel.h" > > > - #include "auth/gensec/gensec_proto.h" > > > - #include "../libcli/auth/schannel.h" > > > -=20 > > > -@@ -2959,6 +2958,7 @@ static bool test_QueryUserInfo_pwdlastset(stru= ct dcerpc_binding_handle *b, > > > -=20 > > > - static bool test_SamLogon(struct torture_context *tctx, > > > - struct dcerpc_pipe *p, > > > -+ struct cli_credentials *machine_credentials, > > > - struct cli_credentials *test_credentials, > > > - NTSTATUS expected_result, > > > - bool interactive) > > > -@@ -2978,7 +2978,7 @@ static bool test_SamLogon(struct torture_conte= xt *tctx, > > > - struct netr_Authenticator a; > > > - struct dcerpc_binding_handle *b =3D p->binding_handle; > > > -=20 > > > -- torture_assert_ntstatus_ok(tctx, dcerpc_schannel_creds(p->conn->se= curity_state.generic_state, tctx, &creds), ""); > > > -+ torture_assert(tctx, (creds =3D cli_credentials_get_netlogon_creds= (machine_credentials)), ""); > > > -=20 > > > - if (lpcfg_client_lanman_auth(tctx->lp_ctx)) { > > > - flags |=3D CLI_CRED_LANMAN_AUTH; > > > -@@ -3105,7 +3105,7 @@ static bool test_SamLogon_with_creds(struct to= rture_context *tctx, > > > - torture_comment(tctx, "Testing samlogon (%s) as %s password: %s\n", > > > - interactive ? "interactive" : "network", acct_name, password); > > > -=20 > > > -- if (!test_SamLogon(tctx, p, test_credentials, > > > -+ if (!test_SamLogon(tctx, p, machine_creds, test_credentials, > > > - expected_samlogon_result, interactive)) { > > > - torture_warning(tctx, "new password did not work\n"); > > > - ret =3D false; > > > -diff --git a/source4/torture/rpc/samsync.c b/source4/torture/rpc/sam= sync.c > > > -index 81027d0..15cab73 100644 > > > ---- a/source4/torture/rpc/samsync.c > > > -+++ b/source4/torture/rpc/samsync.c > > > -@@ -27,7 +27,6 @@ > > > - #include "system/time.h" > > > - #include "torture/rpc/torture_rpc.h" > > > - #include "auth/gensec/gensec.h" > > > --#include "auth/gensec/schannel.h" > > > - #include "libcli/auth/libcli_auth.h" > > > - #include "libcli/samsync/samsync.h" > > > - #include "libcli/security/security.h" > > > -@@ -1720,9 +1719,8 @@ bool torture_rpc_samsync(struct torture_contex= t *torture) > > > - } > > > - samsync_state->b =3D samsync_state->p->binding_handle; > > > -=20 > > > -- status =3D dcerpc_schannel_creds(samsync_state->p->conn->security_= state.generic_state, > > > -- samsync_state, &samsync_state->creds); > > > -- if (!NT_STATUS_IS_OK(status)) { > > > -+ samsync_state->creds =3D cli_credentials_get_netlogon_creds(creden= tials); > > > -+ if (samsync_state->creds =3D=3D NULL) { > > > - ret =3D false; > > > - } > > > -=20 > > > -@@ -1758,9 +1756,8 @@ bool torture_rpc_samsync(struct torture_contex= t *torture) > > > - goto failed; > > > - } > > > -=20 > > > -- status =3D dcerpc_schannel_creds(samsync_state->p_netlogon_wksta->= conn->security_state.generic_state, > > > -- samsync_state, &samsync_state->creds_netlogon_wksta); > > > -- if (!NT_STATUS_IS_OK(status)) { > > > -+ samsync_state->creds_netlogon_wksta =3D cli_credentials_get_netlog= on_creds(credentials_wksta); > > > -+ if (samsync_state->creds_netlogon_wksta =3D=3D NULL) { > > > - torture_comment(torture, "Failed to obtail schanel creds!\n"); > > > - ret =3D false; > > > - } > > > -diff --git a/source4/torture/rpc/schannel.c b/source4/torture/rpc/sc= hannel.c > > > -index 8203749..0098dcf 100644 > > > ---- a/source4/torture/rpc/schannel.c > > > -+++ b/source4/torture/rpc/schannel.c > > > -@@ -26,14 +26,12 @@ > > > - #include "auth/credentials/credentials.h" > > > - #include "torture/rpc/torture_rpc.h" > > > - #include "lib/cmdline/popt_common.h" > > > --#include "auth/gensec/schannel.h" > > > - #include "../libcli/auth/schannel.h" > > > - #include "libcli/auth/libcli_auth.h" > > > - #include "libcli/security/security.h" > > > - #include "system/filesys.h" > > > - #include "param/param.h" > > > - #include "librpc/rpc/dcerpc_proto.h" > > > --#include "auth/gensec/gensec.h" > > > - #include "libcli/composite/composite.h" > > > - #include "lib/events/events.h" > > > -=20 > > > -@@ -413,8 +411,8 @@ static bool test_schannel(struct torture_context= *tctx, > > > -=20 > > > - torture_assert_ntstatus_ok(tctx, status, "bind auth"); > > > -=20 > > > -- status =3D dcerpc_schannel_creds(p_netlogon->conn->security_state.= generic_state, tctx, &creds); > > > -- torture_assert_ntstatus_ok(tctx, status, "schannel creds"); > > > -+ creds =3D cli_credentials_get_netlogon_creds(credentials); > > > -+ torture_assert(tctx, (creds !=3D NULL), "schannel creds"); > > > -=20 > > > - /* checks the capabilities */ > > > - torture_assert(tctx, test_netlogon_capabilities(p_netlogon, tctx, = credentials, creds), > > > ---=20 > > > -1.9.3 > > > - > > > - > > > -From fa1c5bc2cdff9decd361c919567c502ef0c09385 Mon Sep 17 00:00:00 20= 01 > > > -From: Stefan Metzmacher > > > -Date: Fri, 2 Aug 2013 12:31:41 +0200 > > > -Subject: [PATCH 075/249] s4:gensec/schannel: remove unused > > > - dcerpc_schannel_creds() > > > - > > > -Signed-off-by: Stefan Metzmacher > > > - > > > -Reviewed-by: Andrew Bartlett > > > -(cherry picked from commit 4cad5dcb6d5e49cc9bb1aa4ca454f369e00e8c6f) > > > ---- > > > - source4/auth/gensec/schannel.c | 23 ----------------------- > > > - source4/auth/gensec/schannel.h | 26 -------------------------- > > > - 2 files changed, 49 deletions(-) > > > - delete mode 100644 source4/auth/gensec/schannel.h > > > - > > > -diff --git a/source4/auth/gensec/schannel.c b/source4/auth/gensec/sc= hannel.c > > > -index e7c545f..10d2565 100644 > > > ---- a/source4/auth/gensec/schannel.c > > > -+++ b/source4/auth/gensec/schannel.c > > > -@@ -29,7 +29,6 @@ > > > - #include "../libcli/auth/schannel.h" > > > - #include "librpc/rpc/dcerpc.h" > > > - #include "param/param.h" > > > --#include "auth/gensec/schannel.h" > > > - #include "auth/gensec/gensec_toplevel_proto.h" > > > -=20 > > > - _PUBLIC_ NTSTATUS gensec_schannel_init(void); > > > -@@ -204,28 +203,6 @@ static NTSTATUS schannel_update(struct gensec_s= ecurity *gensec_security, TALLOC_ > > > - } > > > -=20 > > > - /** > > > -- * Return the struct netlogon_creds_CredentialState. > > > -- * > > > -- * Make sure not to call this unless gensec is using schannel... > > > -- */ > > > -- > > > --/* TODO: make this non-public */ > > > -- > > > --_PUBLIC_ NTSTATUS dcerpc_schannel_creds(struct gensec_security *gen= sec_security, > > > -- TALLOC_CTX *mem_ctx, > > > -- struct netlogon_creds_CredentialState **creds) > > > --{ > > > -- struct schannel_state *state =3D talloc_get_type(gensec_security->= private_data, struct schannel_state); > > > -- > > > -- *creds =3D talloc_reference(mem_ctx, state->creds); > > > -- if (!*creds) { > > > -- return NT_STATUS_NO_MEMORY; > > > -- } > > > -- return NT_STATUS_OK; > > > --} > > > -- > > > -- > > > --/** > > > - * Returns anonymous credentials for schannel, matching Win2k3. > > > - * > > > - */ > > > -diff --git a/source4/auth/gensec/schannel.h b/source4/auth/gensec/sc= hannel.h > > > -deleted file mode 100644 > > > -index 88a32a7..0000000 > > > ---- a/source4/auth/gensec/schannel.h > > > -+++ /dev/null > > > -@@ -1,26 +0,0 @@ > > > --/* > > > -- Unix SMB/CIFS implementation. > > > -- > > > -- dcerpc schannel operations > > > -- > > > -- Copyright (C) Andrew Tridgell 2004 > > > -- Copyright (C) Andrew Bartlett 2004-2005 > > > -- > > > -- This program is free software; you can redistribute it and/or mo= dify > > > -- it under the terms of the GNU General Public License as publishe= d by > > > -- the Free Software Foundation; either version 3 of the License, or > > > -- (at your option) any later version. > > > -- > > > -- This program is distributed in the hope that it will be useful, > > > -- but WITHOUT ANY WARRANTY; without even the implied warranty of > > > -- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the > > > -- GNU General Public License for more details. > > > -- > > > -- You should have received a copy of the GNU General Public License > > > -- along with this program. If not, see . > > > --*/ > > > -- > > > --struct netlogon_creds_CredentialState; > > > --NTSTATUS dcerpc_schannel_creds(struct gensec_security *gensec_secur= ity, > > > -- TALLOC_CTX *mem_ctx, > > > -- struct netlogon_creds_CredentialState **creds); > > > ---=20 > > > -1.9.3 > > > - > > > - > > > -From eeb52af669e963ac856fc77be6a47f7ed33d8580 Mon Sep 17 00:00:00 20= 01 > > > -From: Stefan Metzmacher > > > -Date: Fri, 2 Aug 2013 13:04:07 +0200 > > > -Subject: [PATCH 076/249] s4:gensec/schannel: simplify the code by us= ing > > > - netsec_create_state() > > > - > > > -Signed-off-by: Stefan Metzmacher > > > - > > > -Reviewed-by: Andrew Bartlett > > > -(cherry picked from commit 49f347eb11bd12a3f25b0fcb8ba36d4a36594868) > > > ---- > > > - source4/auth/gensec/schannel.c | 98 +++++++++++++------------------= ----------- > > > - 1 file changed, 30 insertions(+), 68 deletions(-) > > > - > > > -diff --git a/source4/auth/gensec/schannel.c b/source4/auth/gensec/sc= hannel.c > > > -index 10d2565..3896a41 100644 > > > ---- a/source4/auth/gensec/schannel.c > > > -+++ b/source4/auth/gensec/schannel.c > > > -@@ -35,12 +35,11 @@ _PUBLIC_ NTSTATUS gensec_schannel_init(void); > > > -=20 > > > - static size_t schannel_sig_size(struct gensec_security *gensec_secu= rity, size_t data_size) > > > - { > > > -- struct schannel_state *state =3D (struct schannel_state *)gensec_s= ecurity->private_data; > > > -- uint32_t sig_size; > > > -- > > > -- sig_size =3D netsec_outgoing_sig_size(state); > > > -+ struct schannel_state *state =3D > > > -+ talloc_get_type_abort(gensec_security->private_data, > > > -+ struct schannel_state); > > > -=20 > > > -- return sig_size; > > > -+ return netsec_outgoing_sig_size(state); > > > - } > > > -=20 > > > - static NTSTATUS schannel_session_key(struct gensec_security *gensec= _security, > > > -@@ -54,7 +53,9 @@ static NTSTATUS schannel_update(struct gensec_secu= rity *gensec_security, TALLOC_ > > > - struct tevent_context *ev, > > > - const DATA_BLOB in, DATA_BLOB *out) > > > - { > > > -- struct schannel_state *state =3D (struct schannel_state *)gensec_s= ecurity->private_data; > > > -+ struct schannel_state *state =3D > > > -+ talloc_get_type(gensec_security->private_data, > > > -+ struct schannel_state); > > > - NTSTATUS status; > > > - enum ndr_err_code ndr_err; > > > - struct NL_AUTH_MESSAGE bind_schannel; > > > -@@ -67,24 +68,22 @@ static NTSTATUS schannel_update(struct gensec_se= curity *gensec_security, TALLOC_ > > > -=20 > > > - switch (gensec_security->gensec_role) { > > > - case GENSEC_CLIENT: > > > -- if (state->state !=3D SCHANNEL_STATE_START) { > > > -+ if (state !=3D NULL) { > > > - /* we could parse the bind ack, but we don't know what it is yet= */ > > > - return NT_STATUS_OK; > > > - } > > > -=20 > > > -- state->creds =3D cli_credentials_get_netlogon_creds(gensec_securi= ty->credentials); > > > -- if (state->creds =3D=3D NULL) { > > > -+ creds =3D cli_credentials_get_netlogon_creds(gensec_security->cre= dentials); > > > -+ if (creds =3D=3D NULL) { > > > - return NT_STATUS_INVALID_PARAMETER_MIX; > > > - } > > > -- /* > > > -- * We need to create a reference here or we don't get > > > -- * updates performed on the credentials if we create a > > > -- * copy. > > > -- */ > > > -- state->creds =3D talloc_reference(state, state->creds); > > > -- if (state->creds =3D=3D NULL) { > > > -+ > > > -+ state =3D netsec_create_state(gensec_security, > > > -+ creds, true /* initiator */); > > > -+ if (state =3D=3D NULL) { > > > - return NT_STATUS_NO_MEMORY; > > > - } > > > -+ gensec_security->private_data =3D state; > > > -=20 > > > - bind_schannel.MessageType =3D NL_NEGOTIATE_REQUEST; > > > - #if 0 > > > -@@ -117,12 +116,10 @@ static NTSTATUS schannel_update(struct gensec_= security *gensec_security, TALLOC_ > > > - return status; > > > - } > > > -=20 > > > -- state->state =3D SCHANNEL_STATE_UPDATE_1; > > > -- > > > - return NT_STATUS_MORE_PROCESSING_REQUIRED; > > > - case GENSEC_SERVER: > > > -=20 > > > -- if (state->state !=3D SCHANNEL_STATE_START) { > > > -+ if (state !=3D NULL) { > > > - /* no third leg on this protocol */ > > > - return NT_STATUS_INVALID_PARAMETER; > > > - } > > > -@@ -177,7 +174,12 @@ static NTSTATUS schannel_update(struct gensec_s= ecurity *gensec_security, TALLOC_ > > > - return status; > > > - } > > > -=20 > > > -- state->creds =3D talloc_steal(state, creds); > > > -+ state =3D netsec_create_state(gensec_security, > > > -+ creds, false /* not initiator */); > > > -+ if (state =3D=3D NULL) { > > > -+ return NT_STATUS_NO_MEMORY; > > > -+ } > > > -+ gensec_security->private_data =3D state; > > > -=20 > > > - bind_schannel_ack.MessageType =3D NL_NEGOTIATE_RESPONSE; > > > - bind_schannel_ack.Flags =3D 0; > > > -@@ -195,8 +197,6 @@ static NTSTATUS schannel_update(struct gensec_se= curity *gensec_security, TALLOC_ > > > - return status; > > > - } > > > -=20 > > > -- state->state =3D SCHANNEL_STATE_UPDATE_1; > > > -- > > > - return NT_STATUS_OK; > > > - } > > > - return NT_STATUS_INVALID_PARAMETER; > > > -@@ -214,54 +214,16 @@ static NTSTATUS schannel_session_info(struct g= ensec_security *gensec_security, > > > - return auth_anonymous_session_info(mem_ctx, gensec_security->setti= ngs->lp_ctx, _session_info); > > > - } > > > -=20 > > > --static NTSTATUS schannel_start(struct gensec_security *gensec_secur= ity) > > > --{ > > > -- struct schannel_state *state; > > > -- > > > -- state =3D talloc_zero(gensec_security, struct schannel_state); > > > -- if (!state) { > > > -- return NT_STATUS_NO_MEMORY; > > > -- } > > > -- > > > -- state->state =3D SCHANNEL_STATE_START; > > > -- gensec_security->private_data =3D state; > > > -- > > > -- return NT_STATUS_OK; > > > --} > > > -- > > > - static NTSTATUS schannel_server_start(struct gensec_security *gense= c_security) > > > - { > > > -- NTSTATUS status; > > > -- struct schannel_state *state; > > > -- > > > -- status =3D schannel_start(gensec_security); > > > -- if (!NT_STATUS_IS_OK(status)) { > > > -- return status; > > > -- } > > > -- > > > -- state =3D (struct schannel_state *)gensec_security->private_data; > > > -- state->initiator =3D false; > > > -- > > > - return NT_STATUS_OK; > > > - } > > > -=20 > > > - static NTSTATUS schannel_client_start(struct gensec_security *gense= c_security) > > > - { > > > -- NTSTATUS status; > > > -- struct schannel_state *state; > > > -- > > > -- status =3D schannel_start(gensec_security); > > > -- if (!NT_STATUS_IS_OK(status)) { > > > -- return status; > > > -- } > > > -- > > > -- state =3D (struct schannel_state *)gensec_security->private_data; > > > -- state->initiator =3D true; > > > -- > > > - return NT_STATUS_OK; > > > - } > > > -=20 > > > -- > > > - static bool schannel_have_feature(struct gensec_security *gensec_se= curity, > > > - uint32_t feature) > > > - { > > > -@@ -287,8 +249,8 @@ static NTSTATUS schannel_unseal_packet(struct ge= nsec_security *gensec_security, > > > - const DATA_BLOB *sig) > > > - { > > > - struct schannel_state *state =3D > > > -- talloc_get_type(gensec_security->private_data, > > > -- struct schannel_state); > > > -+ talloc_get_type_abort(gensec_security->private_data, > > > -+ struct schannel_state); > > > -=20 > > > - return netsec_incoming_packet(state, true, > > > - discard_const_p(uint8_t, data), > > > -@@ -304,8 +266,8 @@ static NTSTATUS schannel_check_packet(struct gen= sec_security *gensec_security, > > > - const DATA_BLOB *sig) > > > - { > > > - struct schannel_state *state =3D > > > -- talloc_get_type(gensec_security->private_data, > > > -- struct schannel_state); > > > -+ talloc_get_type_abort(gensec_security->private_data, > > > -+ struct schannel_state); > > > -=20 > > > - return netsec_incoming_packet(state, false, > > > - discard_const_p(uint8_t, data), > > > -@@ -321,8 +283,8 @@ static NTSTATUS schannel_seal_packet(struct gens= ec_security *gensec_security, > > > - DATA_BLOB *sig) > > > - { > > > - struct schannel_state *state =3D > > > -- talloc_get_type(gensec_security->private_data, > > > -- struct schannel_state); > > > -+ talloc_get_type_abort(gensec_security->private_data, > > > -+ struct schannel_state); > > > -=20 > > > - return netsec_outgoing_packet(state, mem_ctx, true, > > > - data, length, sig); > > > -@@ -338,8 +300,8 @@ static NTSTATUS schannel_sign_packet(struct gens= ec_security *gensec_security, > > > - DATA_BLOB *sig) > > > - { > > > - struct schannel_state *state =3D > > > -- talloc_get_type(gensec_security->private_data, > > > -- struct schannel_state); > > > -+ talloc_get_type_abort(gensec_security->private_data, > > > -+ struct schannel_state); > > > -=20 > > > - return netsec_outgoing_packet(state, mem_ctx, false, > > > - discard_const_p(uint8_t, data), > > > ---=20 > > > -1.9.3 > > > - > > > - > > > -From 685f00cfd7be11f4c62441e17d6416b9a668bb47 Mon Sep 17 00:00:00 20= 01 > > > -From: Stefan Metzmacher > > > -Date: Fri, 2 Aug 2013 13:25:20 +0200 > > > -Subject: [PATCH 077/249] s4:gensec/schannel: use the correct compute= r_name > > > - from netlogon_creds_CredentialState > > > - > > > -We need to use the same computer_name we used in the netr_Authentica= te3 > > > -request. > > > - > > > -Signed-off-by: Stefan Metzmacher > > > - > > > -Reviewed-by: Andrew Bartlett > > > -(cherry picked from commit b5104768225ae0308aa3f22f8d9bca389ef3cb3a) > > > ---- > > > - source4/auth/gensec/schannel.c | 6 +++--- > > > - 1 file changed, 3 insertions(+), 3 deletions(-) > > > - > > > -diff --git a/source4/auth/gensec/schannel.c b/source4/auth/gensec/sc= hannel.c > > > -index 3896a41..91f166b 100644 > > > ---- a/source4/auth/gensec/schannel.c > > > -+++ b/source4/auth/gensec/schannel.c > > > -@@ -94,17 +94,17 @@ static NTSTATUS schannel_update(struct gensec_se= curity *gensec_security, TALLOC_ > > > - NL_FLAG_UTF8_DNS_DOMAIN_NAME | > > > - NL_FLAG_UTF8_NETBIOS_COMPUTER_NAME; > > > - bind_schannel.oem_netbios_domain.a =3D cli_credentials_get_domain= (gensec_security->credentials); > > > -- bind_schannel.oem_netbios_computer.a =3D cli_credentials_get_work= station(gensec_security->credentials); > > > -+ bind_schannel.oem_netbios_computer.a =3D creds->computer_name; > > > - bind_schannel.utf8_dns_domain =3D cli_credentials_get_realm(gense= c_security->credentials); > > > - /* w2k3 refuses us if we use the full DNS workstation? > > > - why? perhaps because we don't fill in the dNSHostName > > > - attribute in the machine account? */ > > > -- bind_schannel.utf8_netbios_computer =3D cli_credentials_get_works= tation(gensec_security->credentials); > > > -+ bind_schannel.utf8_netbios_computer =3D creds->computer_name; > > > - #else > > > - bind_schannel.Flags =3D NL_FLAG_OEM_NETBIOS_DOMAIN_NAME | > > > - NL_FLAG_OEM_NETBIOS_COMPUTER_NAME; > > > - bind_schannel.oem_netbios_domain.a =3D cli_credentials_get_domain= (gensec_security->credentials); > > > -- bind_schannel.oem_netbios_computer.a =3D cli_credentials_get_work= station(gensec_security->credentials); > > > -+ bind_schannel.oem_netbios_computer.a =3D creds->computer_name; > > > - #endif > > > -=20 > > > - ndr_err =3D ndr_push_struct_blob(out, out_mem_ctx, &bind_schannel, > > > ---=20 > > > -1.9.3 > > > - > > > - > > > -From bd54e89fc5eb4d6afed3ef770dabf14a6ac6b060 Mon Sep 17 00:00:00 20= 01 > > > -From: Stefan Metzmacher > > > -Date: Sat, 3 Aug 2013 11:21:32 +0200 > > > -Subject: [PATCH 078/249] s4:gensec/schannel: GENSEC_FEATURE_ASYNC_RE= PLIES is > > > - not supported > > > - > > > -There's a sequence number attached to the connection, > > > -which needs to be incremented with each message... > > > - > > > -Signed-off-by: Stefan Metzmacher > > > - > > > -Reviewed-by: Andrew Bartlett > > > -(cherry picked from commit a07049a839729e29ca888bae353cd37fd6238486) > > > ---- > > > - source4/auth/gensec/schannel.c | 3 --- > > > - 1 file changed, 3 deletions(-) > > > - > > > -diff --git a/source4/auth/gensec/schannel.c b/source4/auth/gensec/sc= hannel.c > > > -index 91f166b..7fc0c7c 100644 > > > ---- a/source4/auth/gensec/schannel.c > > > -+++ b/source4/auth/gensec/schannel.c > > > -@@ -234,9 +234,6 @@ static bool schannel_have_feature(struct gensec_= security *gensec_security, > > > - if (feature & GENSEC_FEATURE_DCE_STYLE) { > > > - return true; > > > - } > > > -- if (feature & GENSEC_FEATURE_ASYNC_REPLIES) { > > > -- return true; > > > -- } > > > - return false; > > > - } > > > -=20 > > > ---=20 > > > -1.9.3 > > > - > > > - > > > -From afcf626800e8aaf94878d62d1fd7318b2ffe21c1 Mon Sep 17 00:00:00 20= 01 > > > -From: Stefan Metzmacher > > > -Date: Sat, 3 Aug 2013 11:27:55 +0200 > > > -Subject: [PATCH 079/249] s4:gensec/schannel: there's no point in hav= ing > > > - schannel_session_key() > > > - > > > -gensec_session_key() will return NT_STATUS_NO_USER_SESSION_KEY > > > -before calling schannel_session_key(), as we don't provide > > > -GENSEC_FEATURE_SESSION_KEY. > > > - > > > -Signed-off-by: Stefan Metzmacher > > > - > > > -Reviewed-by: Andrew Bartlett > > > -(cherry picked from commit 9b9ab1ae6963b3819dc2b095cbe9e1432f3459b7) > > > ---- > > > - source4/auth/gensec/schannel.c | 8 -------- > > > - 1 file changed, 8 deletions(-) > > > - > > > -diff --git a/source4/auth/gensec/schannel.c b/source4/auth/gensec/sc= hannel.c > > > -index 7fc0c7c..ebf6469 100644 > > > ---- a/source4/auth/gensec/schannel.c > > > -+++ b/source4/auth/gensec/schannel.c > > > -@@ -42,13 +42,6 @@ static size_t schannel_sig_size(struct gensec_sec= urity *gensec_security, size_t > > > - return netsec_outgoing_sig_size(state); > > > - } > > > -=20 > > > --static NTSTATUS schannel_session_key(struct gensec_security *gensec= _security, > > > -- TALLOC_CTX *mem_ctx, > > > -- DATA_BLOB *session_key) > > > --{ > > > -- return NT_STATUS_NOT_IMPLEMENTED; > > > --} > > > -- > > > - static NTSTATUS schannel_update(struct gensec_security *gensec_secu= rity, TALLOC_CTX *out_mem_ctx, > > > - struct tevent_context *ev, > > > - const DATA_BLOB in, DATA_BLOB *out) > > > -@@ -315,7 +308,6 @@ static const struct gensec_security_ops gensec_s= channel_security_ops =3D { > > > - .sign_packet =3D schannel_sign_packet, > > > - .check_packet =3D schannel_check_packet, > > > - .unseal_packet =3D schannel_unseal_packet, > > > -- .session_key =3D schannel_session_key, > > > - .session_info =3D schannel_session_info, > > > - .sig_size =3D schannel_sig_size, > > > - .have_feature =3D schannel_have_feature, > > > ---=20 > > > -1.9.3 > > > - > > > - > > > -From 56599b7019eabe3656bdba676214c74191ad068f Mon Sep 17 00:00:00 20= 01 > > > -From: Stefan Metzmacher > > > -Date: Sat, 3 Aug 2013 11:32:31 +0200 > > > -Subject: [PATCH 080/249] s4:gensec/schannel: only require > > > - librpc/gen_ndr/dcerpc.h > > > - > > > -We just need DCERPC_AUTH_TYPE_SCHANNEL > > > - > > > -Signed-off-by: Stefan Metzmacher > > > - > > > -Reviewed-by: Andrew Bartlett > > > -(cherry picked from commit e90e1b5c76db4cf589adf8856eb32e5f0d955734) > > > ---- > > > - source4/auth/gensec/schannel.c | 2 +- > > > - 1 file changed, 1 insertion(+), 1 deletion(-) > > > - > > > -diff --git a/source4/auth/gensec/schannel.c b/source4/auth/gensec/sc= hannel.c > > > -index ebf6469..e67432c 100644 > > > ---- a/source4/auth/gensec/schannel.c > > > -+++ b/source4/auth/gensec/schannel.c > > > -@@ -27,7 +27,7 @@ > > > - #include "auth/gensec/gensec.h" > > > - #include "auth/gensec/gensec_proto.h" > > > - #include "../libcli/auth/schannel.h" > > > --#include "librpc/rpc/dcerpc.h" > > > -+#include "librpc/gen_ndr/dcerpc.h" > > > - #include "param/param.h" > > > - #include "auth/gensec/gensec_toplevel_proto.h" > > > -=20 > > > ---=20 > > > -1.9.3 > > > - > > > - > > > -From baa82a6ef22c1761c7206323e90781d008a7888b Mon Sep 17 00:00:00 20= 01 > > > -From: Stefan Metzmacher > > > -Date: Fri, 2 Aug 2013 13:37:54 +0200 > > > -Subject: [PATCH 081/249] libcli/auth/schannel: make struct schannel_= state > > > - private > > > - > > > -Signed-off-by: Stefan Metzmacher > > > - > > > -Reviewed-by: Andrew Bartlett > > > -(cherry picked from commit 4c978b68d9a87001f625c10421e7d4cc140b4554) > > > ---- > > > - libcli/auth/schannel.h | 13 ------------- > > > - libcli/auth/schannel_sign.c | 12 ++++++++++++ > > > - 2 files changed, 12 insertions(+), 13 deletions(-) > > > - > > > -diff --git a/libcli/auth/schannel.h b/libcli/auth/schannel.h > > > -index 271b5bb..c53d68e 100644 > > > ---- a/libcli/auth/schannel.h > > > -+++ b/libcli/auth/schannel.h > > > -@@ -22,17 +22,4 @@ > > > -=20 > > > - #include "libcli/auth/libcli_auth.h" > > > - #include "libcli/auth/schannel_state.h" > > > -- > > > --enum schannel_position { > > > -- SCHANNEL_STATE_START =3D 0, > > > -- SCHANNEL_STATE_UPDATE_1 > > > --}; > > > -- > > > --struct schannel_state { > > > -- enum schannel_position state; > > > -- uint64_t seq_num; > > > -- bool initiator; > > > -- struct netlogon_creds_CredentialState *creds; > > > --}; > > > -- > > > - #include "libcli/auth/schannel_proto.h" > > > -diff --git a/libcli/auth/schannel_sign.c b/libcli/auth/schannel_sign= =2Ec > > > -index 518a6a9..88a6e1e 100644 > > > ---- a/libcli/auth/schannel_sign.c > > > -+++ b/libcli/auth/schannel_sign.c > > > -@@ -24,6 +24,18 @@ > > > - #include "../libcli/auth/schannel.h" > > > - #include "../lib/crypto/crypto.h" > > > -=20 > > > -+enum schannel_position { > > > -+ SCHANNEL_STATE_START =3D 0, > > > -+ SCHANNEL_STATE_UPDATE_1 > > > -+}; > > > -+ > > > -+struct schannel_state { > > > -+ enum schannel_position state; > > > -+ uint64_t seq_num; > > > -+ bool initiator; > > > -+ struct netlogon_creds_CredentialState *creds; > > > -+}; > > > -+ > > > - #define SETUP_SEQNUM(state, buf, initiator) do { \ > > > - uint8_t *_buf =3D buf; \ > > > - uint32_t _seq_num_low =3D (state)->seq_num & UINT32_MAX; \ > > > ---=20 > > > -1.9.3 > > > - > > > - > > > -From 29806ef23a9826688ace1dc52cd7af554cf83294 Mon Sep 17 00:00:00 20= 01 > > > -From: Stefan Metzmacher > > > -Date: Fri, 2 Aug 2013 15:42:21 +0200 > > > -Subject: [PATCH 082/249] libcli/auth/schannel: remove unused schanne= l_position > > > - > > > -Signed-off-by: Stefan Metzmacher > > > - > > > -Reviewed-by: Andrew Bartlett > > > -(cherry picked from commit 57bcbb9c50f0a0252110a1e04a2883b511cd9165) > > > ---- > > > - libcli/auth/schannel_sign.c | 7 ------- > > > - 1 file changed, 7 deletions(-) > > > - > > > -diff --git a/libcli/auth/schannel_sign.c b/libcli/auth/schannel_sign= =2Ec > > > -index 88a6e1e..9502cba 100644 > > > ---- a/libcli/auth/schannel_sign.c > > > -+++ b/libcli/auth/schannel_sign.c > > > -@@ -24,13 +24,7 @@ > > > - #include "../libcli/auth/schannel.h" > > > - #include "../lib/crypto/crypto.h" > > > -=20 > > > --enum schannel_position { > > > -- SCHANNEL_STATE_START =3D 0, > > > -- SCHANNEL_STATE_UPDATE_1 > > > --}; > > > -- > > > - struct schannel_state { > > > -- enum schannel_position state; > > > - uint64_t seq_num; > > > - bool initiator; > > > - struct netlogon_creds_CredentialState *creds; > > > -@@ -58,7 +52,6 @@ struct schannel_state *netsec_create_state(TALLOC_= CTX *mem_ctx, > > > - return NULL; > > > - } > > > -=20 > > > -- state->state =3D SCHANNEL_STATE_UPDATE_1; > > > - state->initiator =3D initiator; > > > - state->seq_num =3D 0; > > > - state->creds =3D netlogon_creds_copy(state, creds); > > > ---=20 > > > -1.9.3 > > > - > > > - > > > -From a6ad9118c250446ea9571f5ce9895b11ab8537ed Mon Sep 17 00:00:00 20= 01 > > > -From: Stefan Metzmacher > > > -Date: Mon, 5 Aug 2013 07:12:01 +0200 > > > -Subject: [PATCH 083/249] auth/gensec: introduce gensec_internal.h > > > - > > > -We should treat most gensec related structures private. > > > - > > > -It's a long way, but this is a start. > > > - > > > -Signed-off-by: Stefan Metzmacher > > > - > > > -Reviewed-by: Andrew Bartlett > > > -(cherry picked from commit 71c63e85e7a09acb57f6b75284358f2b3b29eeed) > > > ---- > > > - auth/gensec/gensec.c | 1 + > > > - auth/gensec/gensec.h | 100 ++----------------------= --- > > > - auth/gensec/gensec_internal.h | 127 ++++++++++++++++++++++++= +++++++++++ > > > - auth/gensec/gensec_start.c | 1 + > > > - auth/gensec/gensec_util.c | 1 + > > > - auth/gensec/spnego.c | 1 + > > > - auth/ntlmssp/gensec_ntlmssp.c | 1 + > > > - auth/ntlmssp/gensec_ntlmssp_server.c | 1 + > > > - auth/ntlmssp/ntlmssp.c | 1 + > > > - auth/ntlmssp/ntlmssp_client.c | 1 + > > > - auth/ntlmssp/ntlmssp_server.c | 1 + > > > - source3/libads/authdata.c | 1 + > > > - source3/librpc/crypto/gse.c | 1 + > > > - source3/libsmb/ntlmssp_wrap.c | 1 + > > > - source3/utils/ntlm_auth.c | 1 + > > > - source4/auth/gensec/cyrus_sasl.c | 1 + > > > - source4/auth/gensec/gensec_gssapi.c | 1 + > > > - source4/auth/gensec/gensec_krb5.c | 1 + > > > - source4/auth/gensec/pygensec.c | 1 + > > > - source4/auth/gensec/schannel.c | 1 + > > > - source4/ldap_server/ldap_backend.c | 1 + > > > - source4/libcli/ldap/ldap_bind.c | 1 + > > > - source4/torture/auth/ntlmssp.c | 1 + > > > - source4/utils/ntlm_auth.c | 1 + > > > - 24 files changed, 153 insertions(+), 96 deletions(-) > > > - create mode 100644 auth/gensec/gensec_internal.h > > > - > > > -diff --git a/auth/gensec/gensec.c b/auth/gensec/gensec.c > > > -index 9a8f0ef..d364a34 100644 > > > ---- a/auth/gensec/gensec.c > > > -+++ b/auth/gensec/gensec.c > > > -@@ -26,6 +26,7 @@ > > > - #include "lib/tsocket/tsocket.h" > > > - #include "lib/util/tevent_ntstatus.h" > > > - #include "auth/gensec/gensec.h" > > > -+#include "auth/gensec/gensec_internal.h" > > > - #include "librpc/rpc/dcerpc.h" > > > -=20 > > > - /* > > > -diff --git a/auth/gensec/gensec.h b/auth/gensec/gensec.h > > > -index c080861..5d39d81 100644 > > > ---- a/auth/gensec/gensec.h > > > -+++ b/auth/gensec/gensec.h > > > -@@ -76,6 +76,7 @@ struct gensec_settings; > > > - struct tevent_context; > > > - struct tevent_req; > > > - struct smb_krb5_context; > > > -+struct tsocket_address; > > > -=20 > > > - struct gensec_settings { > > > - struct loadparm_context *lp_ctx; > > > -@@ -93,106 +94,13 @@ struct gensec_settings { > > > - const char *server_netbios_name; > > > - }; > > > -=20 > > > --struct gensec_security_ops { > > > -- const char *name; > > > -- const char *sasl_name; > > > -- uint8_t auth_type; /* 0 if not offered on DCE-RPC */ > > > -- const char **oid; /* NULL if not offered by SPNEGO */ > > > -- NTSTATUS (*client_start)(struct gensec_security *gensec_security); > > > -- NTSTATUS (*server_start)(struct gensec_security *gensec_security); > > > -- /** > > > -- Determine if a packet has the right 'magic' for this mechanism > > > -- */ > > > -- NTSTATUS (*magic)(struct gensec_security *gensec_security, > > > -- const DATA_BLOB *first_packet); > > > -- NTSTATUS (*update)(struct gensec_security *gensec_security, TALLOC= _CTX *out_mem_ctx, > > > -- struct tevent_context *ev, > > > -- const DATA_BLOB in, DATA_BLOB *out); > > > -- NTSTATUS (*seal_packet)(struct gensec_security *gensec_security, T= ALLOC_CTX *sig_mem_ctx, > > > -- uint8_t *data, size_t length, > > > -- const uint8_t *whole_pdu, size_t pdu_length, > > > -- DATA_BLOB *sig); > > > -- NTSTATUS (*sign_packet)(struct gensec_security *gensec_security, T= ALLOC_CTX *sig_mem_ctx, > > > -- const uint8_t *data, size_t length, > > > -- const uint8_t *whole_pdu, size_t pdu_length, > > > -- DATA_BLOB *sig); > > > -- size_t (*sig_size)(struct gensec_security *gensec_security, size= _t data_size); > > > -- size_t (*max_input_size)(struct gensec_security *gensec_security= ); > > > -- size_t (*max_wrapped_size)(struct gensec_security *gensec_securi= ty); > > > -- NTSTATUS (*check_packet)(struct gensec_security *gensec_security, > > > -- const uint8_t *data, size_t length, > > > -- const uint8_t *whole_pdu, size_t pdu_length, > > > -- const DATA_BLOB *sig); > > > -- NTSTATUS (*unseal_packet)(struct gensec_security *gensec_security, > > > -- uint8_t *data, size_t length, > > > -- const uint8_t *whole_pdu, size_t pdu_length, > > > -- const DATA_BLOB *sig); > > > -- NTSTATUS (*wrap)(struct gensec_security *gensec_security, > > > -- TALLOC_CTX *mem_ctx, > > > -- const DATA_BLOB *in, > > > -- DATA_BLOB *out); > > > -- NTSTATUS (*unwrap)(struct gensec_security *gensec_security, > > > -- TALLOC_CTX *mem_ctx, > > > -- const DATA_BLOB *in, > > > -- DATA_BLOB *out); > > > -- NTSTATUS (*wrap_packets)(struct gensec_security *gensec_security, > > > -- TALLOC_CTX *mem_ctx, > > > -- const DATA_BLOB *in, > > > -- DATA_BLOB *out, > > > -- size_t *len_processed); > > > -- NTSTATUS (*unwrap_packets)(struct gensec_security *gensec_security, > > > -- TALLOC_CTX *mem_ctx, > > > -- const DATA_BLOB *in, > > > -- DATA_BLOB *out, > > > -- size_t *len_processed); > > > -- NTSTATUS (*packet_full_request)(struct gensec_security *gensec_sec= urity, > > > -- DATA_BLOB blob, size_t *size); > > > -- NTSTATUS (*session_key)(struct gensec_security *gensec_security, T= ALLOC_CTX *mem_ctx, > > > -- DATA_BLOB *session_key); > > > -- NTSTATUS (*session_info)(struct gensec_security *gensec_security, = TALLOC_CTX *mem_ctx, > > > -- struct auth_session_info **session_info); > > > -- void (*want_feature)(struct gensec_security *gensec_security, > > > -- uint32_t feature); > > > -- bool (*have_feature)(struct gensec_security *gensec_security, > > > -- uint32_t feature); > > > -- NTTIME (*expire_time)(struct gensec_security *gensec_security); > > > -- bool enabled; > > > -- bool kerberos; > > > -- enum gensec_priority priority; > > > --}; > > > -- > > > --struct gensec_security_ops_wrapper { > > > -- const struct gensec_security_ops *op; > > > -- const char *oid; > > > --}; > > > -+struct gensec_security_ops; > > > -+struct gensec_security_ops_wrapper; > > > -=20 > > > - #define GENSEC_INTERFACE_VERSION 0 > > > -=20 > > > --struct gensec_security { > > > -- const struct gensec_security_ops *ops; > > > -- void *private_data; > > > -- struct cli_credentials *credentials; > > > -- struct gensec_target target; > > > -- enum gensec_role gensec_role; > > > -- bool subcontext; > > > -- uint32_t want_features; > > > -- uint32_t max_update_size; > > > -- uint8_t dcerpc_auth_level; > > > -- struct tsocket_address *local_addr, *remote_addr; > > > -- struct gensec_settings *settings; > > > -- > > > -- /* When we are a server, this may be filled in to provide an > > > -- * NTLM authentication backend, and user lookup (such as if no > > > -- * PAC is found) */ > > > -- struct auth4_context *auth_context; > > > --}; > > > -- > > > - /* this structure is used by backends to determine the size of some= critical types */ > > > --struct gensec_critical_sizes { > > > -- int interface_version; > > > -- int sizeof_gensec_security_ops; > > > -- int sizeof_gensec_security; > > > --}; > > > -+struct gensec_critical_sizes; > > > - const struct gensec_critical_sizes *gensec_interface_version(void); > > > -=20 > > > - /* Socket wrapper */ > > > -diff --git a/auth/gensec/gensec_internal.h b/auth/gensec/gensec_inte= rnal.h > > > -new file mode 100644 > > > -index 0000000..41b6f0d > > > ---- /dev/null > > > -+++ b/auth/gensec/gensec_internal.h > > > -@@ -0,0 +1,127 @@ > > > -+/* > > > -+ Unix SMB/CIFS implementation. > > > -+ > > > -+ Generic Authentication Interface > > > -+ > > > -+ Copyright (C) Andrew Tridgell 2003 > > > -+ Copyright (C) Andrew Bartlett 2004-2005 > > > -+ > > > -+ This program is free software; you can redistribute it and/or mo= dify > > > -+ it under the terms of the GNU General Public License as publishe= d by > > > -+ the Free Software Foundation; either version 3 of the License, or > > > -+ (at your option) any later version. > > > -+ > > > -+ This program is distributed in the hope that it will be useful, > > > -+ but WITHOUT ANY WARRANTY; without even the implied warranty of > > > -+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the > > > -+ GNU General Public License for more details. > > > -+ > > > -+ You should have received a copy of the GNU General Public License > > > -+ along with this program. If not, see . > > > -+*/ > > > -+ > > > -+#ifndef __GENSEC_INTERNAL_H__ > > > -+#define __GENSEC_INTERNAL_H__ > > > -+ > > > -+struct gensec_security; > > > -+ > > > -+struct gensec_security_ops { > > > -+ const char *name; > > > -+ const char *sasl_name; > > > -+ uint8_t auth_type; /* 0 if not offered on DCE-RPC */ > > > -+ const char **oid; /* NULL if not offered by SPNEGO */ > > > -+ NTSTATUS (*client_start)(struct gensec_security *gensec_security); > > > -+ NTSTATUS (*server_start)(struct gensec_security *gensec_security); > > > -+ /** > > > -+ Determine if a packet has the right 'magic' for this mechanism > > > -+ */ > > > -+ NTSTATUS (*magic)(struct gensec_security *gensec_security, > > > -+ const DATA_BLOB *first_packet); > > > -+ NTSTATUS (*update)(struct gensec_security *gensec_security, TALLOC= _CTX *out_mem_ctx, > > > -+ struct tevent_context *ev, > > > -+ const DATA_BLOB in, DATA_BLOB *out); > > > -+ NTSTATUS (*seal_packet)(struct gensec_security *gensec_security, T= ALLOC_CTX *sig_mem_ctx, > > > -+ uint8_t *data, size_t length, > > > -+ const uint8_t *whole_pdu, size_t pdu_length, > > > -+ DATA_BLOB *sig); > > > -+ NTSTATUS (*sign_packet)(struct gensec_security *gensec_security, T= ALLOC_CTX *sig_mem_ctx, > > > -+ const uint8_t *data, size_t length, > > > -+ const uint8_t *whole_pdu, size_t pdu_length, > > > -+ DATA_BLOB *sig); > > > -+ size_t (*sig_size)(struct gensec_security *gensec_security, size= _t data_size); > > > -+ size_t (*max_input_size)(struct gensec_security *gensec_security= ); > > > -+ size_t (*max_wrapped_size)(struct gensec_security *gensec_securi= ty); > > > -+ NTSTATUS (*check_packet)(struct gensec_security *gensec_security, > > > -+ const uint8_t *data, size_t length, > > > -+ const uint8_t *whole_pdu, size_t pdu_length, > > > -+ const DATA_BLOB *sig); > > > -+ NTSTATUS (*unseal_packet)(struct gensec_security *gensec_security, > > > -+ uint8_t *data, size_t length, > > > -+ const uint8_t *whole_pdu, size_t pdu_length, > > > -+ const DATA_BLOB *sig); > > > -+ NTSTATUS (*wrap)(struct gensec_security *gensec_security, > > > -+ TALLOC_CTX *mem_ctx, > > > -+ const DATA_BLOB *in, > > > -+ DATA_BLOB *out); > > > -+ NTSTATUS (*unwrap)(struct gensec_security *gensec_security, > > > -+ TALLOC_CTX *mem_ctx, > > > -+ const DATA_BLOB *in, > > > -+ DATA_BLOB *out); > > > -+ NTSTATUS (*wrap_packets)(struct gensec_security *gensec_security, > > > -+ TALLOC_CTX *mem_ctx, > > > -+ const DATA_BLOB *in, > > > -+ DATA_BLOB *out, > > > -+ size_t *len_processed); > > > -+ NTSTATUS (*unwrap_packets)(struct gensec_security *gensec_security, > > > -+ TALLOC_CTX *mem_ctx, > > > -+ const DATA_BLOB *in, > > > -+ DATA_BLOB *out, > > > -+ size_t *len_processed); > > > -+ NTSTATUS (*packet_full_request)(struct gensec_security *gensec_sec= urity, > > > -+ DATA_BLOB blob, size_t *size); > > > -+ NTSTATUS (*session_key)(struct gensec_security *gensec_security, T= ALLOC_CTX *mem_ctx, > > > -+ DATA_BLOB *session_key); > > > -+ NTSTATUS (*session_info)(struct gensec_security *gensec_security, = TALLOC_CTX *mem_ctx, > > > -+ struct auth_session_info **session_info); > > > -+ void (*want_feature)(struct gensec_security *gensec_security, > > > -+ uint32_t feature); > > > -+ bool (*have_feature)(struct gensec_security *gensec_security, > > > -+ uint32_t feature); > > > -+ NTTIME (*expire_time)(struct gensec_security *gensec_security); > > > -+ bool enabled; > > > -+ bool kerberos; > > > -+ enum gensec_priority priority; > > > -+}; > > > -+ > > > -+struct gensec_security_ops_wrapper { > > > -+ const struct gensec_security_ops *op; > > > -+ const char *oid; > > > -+}; > > > -+ > > > -+struct gensec_security { > > > -+ const struct gensec_security_ops *ops; > > > -+ void *private_data; > > > -+ struct cli_credentials *credentials; > > > -+ struct gensec_target target; > > > -+ enum gensec_role gensec_role; > > > -+ bool subcontext; > > > -+ uint32_t want_features; > > > -+ uint32_t max_update_size; > > > -+ uint8_t dcerpc_auth_level; > > > -+ struct tsocket_address *local_addr, *remote_addr; > > > -+ struct gensec_settings *settings; > > > -+ > > > -+ /* When we are a server, this may be filled in to provide an > > > -+ * NTLM authentication backend, and user lookup (such as if no > > > -+ * PAC is found) */ > > > -+ struct auth4_context *auth_context; > > > -+}; > > > -+ > > > -+/* this structure is used by backends to determine the size of some= critical types */ > > > -+struct gensec_critical_sizes { > > > -+ int interface_version; > > > -+ int sizeof_gensec_security_ops; > > > -+ int sizeof_gensec_security; > > > -+}; > > > -+ > > > -+#endif /* __GENSEC_H__ */ > > > -diff --git a/auth/gensec/gensec_start.c b/auth/gensec/gensec_start.c > > > -index c2cfa1c..34029f5 100644 > > > ---- a/auth/gensec/gensec_start.c > > > -+++ b/auth/gensec/gensec_start.c > > > -@@ -27,6 +27,7 @@ > > > - #include "librpc/rpc/dcerpc.h" > > > - #include "auth/credentials/credentials.h" > > > - #include "auth/gensec/gensec.h" > > > -+#include "auth/gensec/gensec_internal.h" > > > - #include "lib/param/param.h" > > > - #include "lib/util/tsort.h" > > > - #include "lib/util/samba_modules.h" > > > -diff --git a/auth/gensec/gensec_util.c b/auth/gensec/gensec_util.c > > > -index 64952b1..568128a 100644 > > > ---- a/auth/gensec/gensec_util.c > > > -+++ b/auth/gensec/gensec_util.c > > > -@@ -22,6 +22,7 @@ > > > -=20 > > > - #include "includes.h" > > > - #include "auth/gensec/gensec.h" > > > -+#include "auth/gensec/gensec_internal.h" > > > - #include "auth/common_auth.h" > > > - #include "../lib/util/asn1.h" > > > -=20 > > > -diff --git a/auth/gensec/spnego.c b/auth/gensec/spnego.c > > > -index da1fc0e..38a45f8 100644 > > > ---- a/auth/gensec/spnego.c > > > -+++ b/auth/gensec/spnego.c > > > -@@ -27,6 +27,7 @@ > > > - #include "librpc/gen_ndr/ndr_dcerpc.h" > > > - #include "auth/credentials/credentials.h" > > > - #include "auth/gensec/gensec.h" > > > -+#include "auth/gensec/gensec_internal.h" > > > - #include "param/param.h" > > > - #include "lib/util/asn1.h" > > > -=20 > > > -diff --git a/auth/ntlmssp/gensec_ntlmssp.c b/auth/ntlmssp/gensec_ntl= mssp.c > > > -index 9e1d8a8..654c0e3 100644 > > > ---- a/auth/ntlmssp/gensec_ntlmssp.c > > > -+++ b/auth/ntlmssp/gensec_ntlmssp.c > > > -@@ -22,6 +22,7 @@ > > > - #include "includes.h" > > > - #include "auth/ntlmssp/ntlmssp.h" > > > - #include "auth/gensec/gensec.h" > > > -+#include "auth/gensec/gensec_internal.h" > > > - #include "auth/ntlmssp/ntlmssp_private.h" > > > -=20 > > > - NTSTATUS gensec_ntlmssp_magic(struct gensec_security *gensec_securi= ty, > > > -diff --git a/auth/ntlmssp/gensec_ntlmssp_server.c b/auth/ntlmssp/gen= sec_ntlmssp_server.c > > > -index f4dfab3..69c56fb 100644 > > > ---- a/auth/ntlmssp/gensec_ntlmssp_server.c > > > -+++ b/auth/ntlmssp/gensec_ntlmssp_server.c > > > -@@ -31,6 +31,7 @@ > > > - #include "../libcli/auth/libcli_auth.h" > > > - #include "../lib/crypto/crypto.h" > > > - #include "auth/gensec/gensec.h" > > > -+#include "auth/gensec/gensec_internal.h" > > > - #include "auth/common_auth.h" > > > - #include "param/param.h" > > > -=20 > > > -diff --git a/auth/ntlmssp/ntlmssp.c b/auth/ntlmssp/ntlmssp.c > > > -index 1a2d662..916b376 100644 > > > ---- a/auth/ntlmssp/ntlmssp.c > > > -+++ b/auth/ntlmssp/ntlmssp.c > > > -@@ -29,6 +29,7 @@ struct auth_session_info; > > > - #include "../libcli/auth/libcli_auth.h" > > > - #include "librpc/gen_ndr/ndr_dcerpc.h" > > > - #include "auth/gensec/gensec.h" > > > -+#include "auth/gensec/gensec_internal.h" > > > -=20 > > > - /** > > > - * Callbacks for NTLMSSP - for both client and server operating mod= es > > > -diff --git a/auth/ntlmssp/ntlmssp_client.c b/auth/ntlmssp/ntlmssp_cl= ient.c > > > -index fc66a8d..f99257d 100644 > > > ---- a/auth/ntlmssp/ntlmssp_client.c > > > -+++ b/auth/ntlmssp/ntlmssp_client.c > > > -@@ -29,6 +29,7 @@ struct auth_session_info; > > > - #include "../libcli/auth/libcli_auth.h" > > > - #include "auth/credentials/credentials.h" > > > - #include "auth/gensec/gensec.h" > > > -+#include "auth/gensec/gensec_internal.h" > > > - #include "param/param.h" > > > - #include "auth/ntlmssp/ntlmssp_private.h" > > > - #include "../librpc/gen_ndr/ndr_ntlmssp.h" > > > -diff --git a/auth/ntlmssp/ntlmssp_server.c b/auth/ntlmssp/ntlmssp_se= rver.c > > > -index 57179e1..2f3f0bb 100644 > > > ---- a/auth/ntlmssp/ntlmssp_server.c > > > -+++ b/auth/ntlmssp/ntlmssp_server.c > > > -@@ -28,6 +28,7 @@ > > > - #include "../libcli/auth/libcli_auth.h" > > > - #include "../lib/crypto/crypto.h" > > > - #include "auth/gensec/gensec.h" > > > -+#include "auth/gensec/gensec_internal.h" > > > - #include "auth/common_auth.h" > > > -=20 > > > - /** > > > -diff --git a/source3/libads/authdata.c b/source3/libads/authdata.c > > > -index 2c667a6..582917d 100644 > > > ---- a/source3/libads/authdata.c > > > -+++ b/source3/libads/authdata.c > > > -@@ -30,6 +30,7 @@ > > > - #include "lib/param/param.h" > > > - #include "librpc/crypto/gse.h" > > > - #include "auth/gensec/gensec.h" > > > -+#include "auth/gensec/gensec_internal.h" /* TODO: remove this */ > > > - #include "../libcli/auth/spnego.h" > > > -=20 > > > - #ifdef HAVE_KRB5 > > > -diff --git a/source3/librpc/crypto/gse.c b/source3/librpc/crypto/gse= =2Ec > > > -index 11a5457..8db3cdd 100644 > > > ---- a/source3/librpc/crypto/gse.c > > > -+++ b/source3/librpc/crypto/gse.c > > > -@@ -26,6 +26,7 @@ > > > - #include "libads/kerberos_proto.h" > > > - #include "auth/common_auth.h" > > > - #include "auth/gensec/gensec.h" > > > -+#include "auth/gensec/gensec_internal.h" > > > - #include "auth/credentials/credentials.h" > > > - #include "../librpc/gen_ndr/dcerpc.h" > > > -=20 > > > -diff --git a/source3/libsmb/ntlmssp_wrap.c b/source3/libsmb/ntlmssp_= wrap.c > > > -index 9ce4b12..46f68ae 100644 > > > ---- a/source3/libsmb/ntlmssp_wrap.c > > > -+++ b/source3/libsmb/ntlmssp_wrap.c > > > -@@ -23,6 +23,7 @@ > > > - #include "auth/ntlmssp/ntlmssp_private.h" > > > - #include "auth_generic.h" > > > - #include "auth/gensec/gensec.h" > > > -+#include "auth/gensec/gensec_internal.h" > > > - #include "auth/credentials/credentials.h" > > > - #include "librpc/rpc/dcerpc.h" > > > - #include "lib/param/param.h" > > > -diff --git a/source3/utils/ntlm_auth.c b/source3/utils/ntlm_auth.c > > > -index a5e0cd2..5fcb60e 100644 > > > ---- a/source3/utils/ntlm_auth.c > > > -+++ b/source3/utils/ntlm_auth.c > > > -@@ -32,6 +32,7 @@ > > > - #include "../libcli/auth/spnego.h" > > > - #include "auth/ntlmssp/ntlmssp.h" > > > - #include "auth/gensec/gensec.h" > > > -+#include "auth/gensec/gensec_internal.h" > > > - #include "auth/credentials/credentials.h" > > > - #include "librpc/crypto/gse.h" > > > - #include "smb_krb5.h" > > > -diff --git a/source4/auth/gensec/cyrus_sasl.c b/source4/auth/gensec/= cyrus_sasl.c > > > -index 2e733bf..08dccd6 100644 > > > ---- a/source4/auth/gensec/cyrus_sasl.c > > > -+++ b/source4/auth/gensec/cyrus_sasl.c > > > -@@ -23,6 +23,7 @@ > > > - #include "lib/tsocket/tsocket.h" > > > - #include "auth/credentials/credentials.h" > > > - #include "auth/gensec/gensec.h" > > > -+#include "auth/gensec/gensec_internal.h" > > > - #include "auth/gensec/gensec_proto.h" > > > - #include "auth/gensec/gensec_toplevel_proto.h" > > > - #include > > > -diff --git a/source4/auth/gensec/gensec_gssapi.c b/source4/auth/gens= ec/gensec_gssapi.c > > > -index 4fc544f..63a53bf 100644 > > > ---- a/source4/auth/gensec/gensec_gssapi.c > > > -+++ b/source4/auth/gensec/gensec_gssapi.c > > > -@@ -34,6 +34,7 @@ > > > - #include "auth/credentials/credentials.h" > > > - #include "auth/credentials/credentials_krb5.h" > > > - #include "auth/gensec/gensec.h" > > > -+#include "auth/gensec/gensec_internal.h" > > > - #include "auth/gensec/gensec_proto.h" > > > - #include "auth/gensec/gensec_toplevel_proto.h" > > > - #include "param/param.h" > > > -diff --git a/source4/auth/gensec/gensec_krb5.c b/source4/auth/gensec= /gensec_krb5.c > > > -index fbec64c..ecc3331 100644 > > > ---- a/source4/auth/gensec/gensec_krb5.c > > > -+++ b/source4/auth/gensec/gensec_krb5.c > > > -@@ -34,6 +34,7 @@ > > > - #include "auth/credentials/credentials_krb5.h" > > > - #include "auth/kerberos/kerberos_credentials.h" > > > - #include "auth/gensec/gensec.h" > > > -+#include "auth/gensec/gensec_internal.h" > > > - #include "auth/gensec/gensec_proto.h" > > > - #include "auth/gensec/gensec_toplevel_proto.h" > > > - #include "param/param.h" > > > -diff --git a/source4/auth/gensec/pygensec.c b/source4/auth/gensec/py= gensec.c > > > -index 02e5ae2..fd6daff 100644 > > > ---- a/source4/auth/gensec/pygensec.c > > > -+++ b/source4/auth/gensec/pygensec.c > > > -@@ -20,6 +20,7 @@ > > > - #include "includes.h" > > > - #include "param/pyparam.h" > > > - #include "auth/gensec/gensec.h" > > > -+#include "auth/gensec/gensec_internal.h" /* TODO: remove this */ > > > - #include "auth/credentials/pycredentials.h" > > > - #include "libcli/util/pyerrors.h" > > > - #include "python/modules.h" > > > -diff --git a/source4/auth/gensec/schannel.c b/source4/auth/gensec/sc= hannel.c > > > -index e67432c..eb2e100 100644 > > > ---- a/source4/auth/gensec/schannel.c > > > -+++ b/source4/auth/gensec/schannel.c > > > -@@ -25,6 +25,7 @@ > > > - #include "auth/auth.h" > > > - #include "auth/credentials/credentials.h" > > > - #include "auth/gensec/gensec.h" > > > -+#include "auth/gensec/gensec_internal.h" > > > - #include "auth/gensec/gensec_proto.h" > > > - #include "../libcli/auth/schannel.h" > > > - #include "librpc/gen_ndr/dcerpc.h" > > > -diff --git a/source4/ldap_server/ldap_backend.c b/source4/ldap_serve= r/ldap_backend.c > > > -index 4a195e5..f0da82c 100644 > > > ---- a/source4/ldap_server/ldap_backend.c > > > -+++ b/source4/ldap_server/ldap_backend.c > > > -@@ -23,6 +23,7 @@ > > > - #include "../lib/util/dlinklist.h" > > > - #include "auth/credentials/credentials.h" > > > - #include "auth/gensec/gensec.h" > > > -+#include "auth/gensec/gensec_internal.h" /* TODO: remove this */ > > > - #include "param/param.h" > > > - #include "smbd/service_stream.h" > > > - #include "dsdb/samdb/samdb.h" > > > -diff --git a/source4/libcli/ldap/ldap_bind.c b/source4/libcli/ldap/l= dap_bind.c > > > -index b355e18..f0a498b 100644 > > > ---- a/source4/libcli/ldap/ldap_bind.c > > > -+++ b/source4/libcli/ldap/ldap_bind.c > > > -@@ -27,6 +27,7 @@ > > > - #include "libcli/ldap/ldap_client.h" > > > - #include "lib/tls/tls.h" > > > - #include "auth/gensec/gensec.h" > > > -+#include "auth/gensec/gensec_internal.h" /* TODO: remove this */ > > > - #include "auth/gensec/gensec_socket.h" > > > - #include "auth/credentials/credentials.h" > > > - #include "lib/stream/packet.h" > > > -diff --git a/source4/torture/auth/ntlmssp.c b/source4/torture/auth/n= tlmssp.c > > > -index bdaa65b..45e5889 100644 > > > ---- a/source4/torture/auth/ntlmssp.c > > > -+++ b/source4/torture/auth/ntlmssp.c > > > -@@ -19,6 +19,7 @@ > > > -=20 > > > - #include "includes.h" > > > - #include "auth/gensec/gensec.h" > > > -+#include "auth/gensec/gensec_internal.h" > > > - #include "auth/ntlmssp/ntlmssp.h" > > > - #include "auth/ntlmssp/ntlmssp_private.h" > > > - #include "lib/cmdline/popt_common.h" > > > -diff --git a/source4/utils/ntlm_auth.c b/source4/utils/ntlm_auth.c > > > -index 136e238..1e2feb0 100644 > > > ---- a/source4/utils/ntlm_auth.c > > > -+++ b/source4/utils/ntlm_auth.c > > > -@@ -27,6 +27,7 @@ > > > - #include > > > - #include "auth/credentials/credentials.h" > > > - #include "auth/gensec/gensec.h" > > > -+#include "auth/gensec/gensec_internal.h" /* TODO: remove this */ > > > - #include "auth/auth.h" > > > - #include "librpc/gen_ndr/ndr_netlogon.h" > > > - #include "auth/auth_sam.h" > > > ---=20 > > > -1.9.3 > > > - > > > - > > > -From fabdf9f539385d97bc4bf2550e7fd4de2d1b5d01 Mon Sep 17 00:00:00 20= 01 > > > -From: Stefan Metzmacher > > > -Date: Mon, 5 Aug 2013 10:37:26 +0200 > > > -Subject: [PATCH 084/249] auth/gensec: avoid talloc_reference in > > > - gensec_use_kerberos_mechs() > > > - > > > -We now always copy. > > > - > > > -Signed-off-by: Stefan Metzmacher > > > - > > > -Reviewed-by: Andrew Bartlett > > > -(cherry picked from commit 3e3534f882651880093381f5a7846c0938df6501) > > > ---- > > > - auth/gensec/gensec_start.c | 38 ++++++++++++++++++++---------------= --- > > > - 1 file changed, 20 insertions(+), 18 deletions(-) > > > - > > > -diff --git a/auth/gensec/gensec_start.c b/auth/gensec/gensec_start.c > > > -index 34029f5..096ad36 100644 > > > ---- a/auth/gensec/gensec_start.c > > > -+++ b/auth/gensec/gensec_start.c > > > -@@ -80,13 +80,6 @@ _PUBLIC_ struct gensec_security_ops **gensec_use_= kerberos_mechs(TALLOC_CTX *mem_ > > > - use_kerberos =3D cli_credentials_get_kerberos_state(creds); > > > - } > > > -=20 > > > -- if (use_kerberos =3D=3D CRED_AUTO_USE_KERBEROS) { > > > -- if (!talloc_reference(mem_ctx, old_gensec_list)) { > > > -- return NULL; > > > -- } > > > -- return old_gensec_list; > > > -- } > > > -- > > > - for (num_mechs_in=3D0; old_gensec_list && old_gensec_list[num_mech= s_in]; num_mechs_in++) { > > > - /* noop */ > > > - } > > > -@@ -99,35 +92,44 @@ _PUBLIC_ struct gensec_security_ops **gensec_use= _kerberos_mechs(TALLOC_CTX *mem_ > > > - j =3D 0; > > > - for (i=3D0; old_gensec_list && old_gensec_list[i]; i++) { > > > - int oid_idx; > > > -- bool found_spnego =3D false; > > > -+ bool keep =3D false; > > > -+ > > > - for (oid_idx =3D 0; old_gensec_list[i]->oid && old_gensec_list[i]= ->oid[oid_idx]; oid_idx++) { > > > - if (strcmp(old_gensec_list[i]->oid[oid_idx], GENSEC_OID_SPNEGO) = =3D=3D 0) { > > > -- new_gensec_list[j] =3D old_gensec_list[i]; > > > -- j++; > > > -- found_spnego =3D true; > > > -+ keep =3D true; > > > - break; > > > - } > > > - } > > > -- if (found_spnego) { > > > -- continue; > > > -- } > > > -+ > > > - switch (use_kerberos) { > > > -+ case CRED_AUTO_USE_KERBEROS: > > > -+ keep =3D true; > > > -+ break; > > > -+ > > > - case CRED_DONT_USE_KERBEROS: > > > - if (old_gensec_list[i]->kerberos =3D=3D false) { > > > -- new_gensec_list[j] =3D old_gensec_list[i]; > > > -- j++; > > > -+ keep =3D true; > > > - } > > > -+ > > > - break; > > > -+ > > > - case CRED_MUST_USE_KERBEROS: > > > - if (old_gensec_list[i]->kerberos =3D=3D true) { > > > -- new_gensec_list[j] =3D old_gensec_list[i]; > > > -- j++; > > > -+ keep =3D true; > > > - } > > > -+ > > > - break; > > > - default: > > > - /* Can't happen or invalid parameter */ > > > - return NULL; > > > - } > > > -+ > > > -+ if (!keep) { > > > -+ continue; > > > -+ } > > > -+ > > > -+ new_gensec_list[j] =3D old_gensec_list[i]; > > > -+ j++; > > > - } > > > - new_gensec_list[j] =3D NULL; > > > -=20 > > > ---=20 > > > -1.9.3 > > > - > > > - > > > -From b71ed3dd183d64beda108d0881c03978ef4b3892 Mon Sep 17 00:00:00 20= 01 > > > -From: Stefan Metzmacher > > > -Date: Mon, 5 Aug 2013 10:39:16 +0200 > > > -Subject: [PATCH 085/249] auth/gensec: avoid talloc_reference in > > > - gensec_security_mechs() > > > - > > > -We now always copy. > > > - > > > -Signed-off-by: Stefan Metzmacher > > > - > > > -Reviewed-by: Andrew Bartlett > > > -(cherry picked from commit 6a7a44db5999af7262478eb1c186d784d6075beb) > > > ---- > > > - auth/gensec/gensec_start.c | 27 +++++++++------------------ > > > - 1 file changed, 9 insertions(+), 18 deletions(-) > > > - > > > -diff --git a/auth/gensec/gensec_start.c b/auth/gensec/gensec_start.c > > > -index 096ad36..00e2759 100644 > > > ---- a/auth/gensec/gensec_start.c > > > -+++ b/auth/gensec/gensec_start.c > > > -@@ -140,28 +140,19 @@ _PUBLIC_ struct gensec_security_ops **gensec_s= ecurity_mechs( > > > - struct gensec_security *gensec_security, > > > - TALLOC_CTX *mem_ctx) > > > - { > > > -- struct gensec_security_ops **backends; > > > -- if (!gensec_security) { > > > -- backends =3D gensec_security_all(); > > > -- if (!talloc_reference(mem_ctx, backends)) { > > > -- return NULL; > > > -- } > > > -- return backends; > > > -- } else { > > > -- struct cli_credentials *creds =3D gensec_get_credentials(gensec_s= ecurity); > > > -+ struct cli_credentials *creds =3D NULL; > > > -+ struct gensec_security_ops **backends =3D gensec_security_all(); > > > -+ > > > -+ if (gensec_security !=3D NULL) { > > > -+ creds =3D gensec_get_credentials(gensec_security); > > > -+ > > > - if (gensec_security->settings->backends) { > > > - backends =3D gensec_security->settings->backends; > > > -- } else { > > > -- backends =3D gensec_security_all(); > > > - } > > > -- if (!creds) { > > > -- if (!talloc_reference(mem_ctx, backends)) { > > > -- return NULL; > > > -- } > > > -- return backends; > > > -- } > > > -- return gensec_use_kerberos_mechs(mem_ctx, backends, creds); > > > - } > > > -+ > > > -+ return gensec_use_kerberos_mechs(mem_ctx, backends, creds); > > > -+ > > > - } > > > -=20 > > > - static const struct gensec_security_ops *gensec_security_by_authtyp= e(struct gensec_security *gensec_security, > > > ---=20 > > > -1.9.3 > > > - > > > - > > > -From fe6a14d48b0eb3dfcfc6d7f0b68e8f28b7ad9796 Mon Sep 17 00:00:00 20= 01 > > > -From: Stefan Metzmacher > > > -Date: Mon, 5 Aug 2013 16:12:13 +0200 > > > -Subject: [PATCH 086/249] auth/gensec: make it possible to implement = async > > > - backends > > > - > > > -Signed-off-by: Stefan Metzmacher > > > - > > > -Reviewed-by: Andrew Bartlett > > > -(cherry picked from commit e81550c8117166d0fbf69ba1d3957cb950c42961) > > > ---- > > > - auth/gensec/gensec.c | 202 +++++++++++++++++++++++++++++++= +---------- > > > - auth/gensec/gensec_internal.h | 7 ++ > > > - 2 files changed, 160 insertions(+), 49 deletions(-) > > > - > > > -diff --git a/auth/gensec/gensec.c b/auth/gensec/gensec.c > > > -index d364a34..abcbcb9 100644 > > > ---- a/auth/gensec/gensec.c > > > -+++ b/auth/gensec/gensec.c > > > -@@ -218,61 +218,92 @@ _PUBLIC_ NTSTATUS gensec_update(struct gensec_= security *gensec_security, TALLOC_ > > > - const DATA_BLOB in, DATA_BLOB *out) > > > - { > > > - NTSTATUS status; > > > -+ const struct gensec_security_ops *ops =3D gensec_security->ops; > > > -+ TALLOC_CTX *frame =3D NULL; > > > -+ struct tevent_req *subreq =3D NULL; > > > -+ bool ok; > > > -=20 > > > -- status =3D gensec_security->ops->update(gensec_security, out_mem_c= tx, > > > -- ev, in, out); > > > -- if (!NT_STATUS_IS_OK(status)) { > > > -- return status; > > > -- } > > > -+ if (ops->update_send =3D=3D NULL) { > > > -=20 > > > -- /* > > > -- * Because callers using the > > > -- * gensec_start_mech_by_auth_type() never call > > > -- * gensec_want_feature(), it isn't sensible for them > > > -- * to have to call gensec_have_feature() manually, and > > > -- * these are not points of negotiation, but are > > > -- * asserted by the client > > > -- */ > > > -- switch (gensec_security->dcerpc_auth_level) { > > > -- case DCERPC_AUTH_LEVEL_INTEGRITY: > > > -- if (!gensec_have_feature(gensec_security, GENSEC_FEATURE_SIGN)) { > > > -- DEBUG(0,("Did not manage to negotiate mandetory feature " > > > -- "SIGN for dcerpc auth_level %u\n", > > > -- gensec_security->dcerpc_auth_level)); > > > -- return NT_STATUS_ACCESS_DENIED; > > > -- } > > > -- break; > > > -- case DCERPC_AUTH_LEVEL_PRIVACY: > > > -- if (!gensec_have_feature(gensec_security, GENSEC_FEATURE_SIGN)) { > > > -- DEBUG(0,("Did not manage to negotiate mandetory feature " > > > -- "SIGN for dcerpc auth_level %u\n", > > > -- gensec_security->dcerpc_auth_level)); > > > -- return NT_STATUS_ACCESS_DENIED; > > > -+ status =3D ops->update(gensec_security, out_mem_ctx, > > > -+ ev, in, out); > > > -+ if (!NT_STATUS_IS_OK(status)) { > > > -+ return status; > > > - } > > > -- if (!gensec_have_feature(gensec_security, GENSEC_FEATURE_SEAL)) { > > > -- DEBUG(0,("Did not manage to negotiate mandetory feature " > > > -- "SEAL for dcerpc auth_level %u\n", > > > -- gensec_security->dcerpc_auth_level)); > > > -- return NT_STATUS_ACCESS_DENIED; > > > -+ > > > -+ /* > > > -+ * Because callers using the > > > -+ * gensec_start_mech_by_auth_type() never call > > > -+ * gensec_want_feature(), it isn't sensible for them > > > -+ * to have to call gensec_have_feature() manually, and > > > -+ * these are not points of negotiation, but are > > > -+ * asserted by the client > > > -+ */ > > > -+ switch (gensec_security->dcerpc_auth_level) { > > > -+ case DCERPC_AUTH_LEVEL_INTEGRITY: > > > -+ if (!gensec_have_feature(gensec_security, GENSEC_FEATURE_SIGN)) { > > > -+ DEBUG(0,("Did not manage to negotiate mandetory feature " > > > -+ "SIGN for dcerpc auth_level %u\n", > > > -+ gensec_security->dcerpc_auth_level)); > > > -+ return NT_STATUS_ACCESS_DENIED; > > > -+ } > > > -+ break; > > > -+ case DCERPC_AUTH_LEVEL_PRIVACY: > > > -+ if (!gensec_have_feature(gensec_security, GENSEC_FEATURE_SIGN)) { > > > -+ DEBUG(0,("Did not manage to negotiate mandetory feature " > > > -+ "SIGN for dcerpc auth_level %u\n", > > > -+ gensec_security->dcerpc_auth_level)); > > > -+ return NT_STATUS_ACCESS_DENIED; > > > -+ } > > > -+ if (!gensec_have_feature(gensec_security, GENSEC_FEATURE_SEAL)) { > > > -+ DEBUG(0,("Did not manage to negotiate mandetory feature " > > > -+ "SEAL for dcerpc auth_level %u\n", > > > -+ gensec_security->dcerpc_auth_level)); > > > -+ return NT_STATUS_ACCESS_DENIED; > > > -+ } > > > -+ break; > > > -+ default: > > > -+ break; > > > - } > > > -- break; > > > -- default: > > > -- break; > > > -+ > > > -+ return NT_STATUS_OK; > > > - } > > > -=20 > > > -- return NT_STATUS_OK; > > > -+ frame =3D talloc_stackframe(); > > > -+ > > > -+ subreq =3D ops->update_send(frame, ev, gensec_security, in); > > > -+ if (subreq =3D=3D NULL) { > > > -+ goto fail; > > > -+ } > > > -+ ok =3D tevent_req_poll_ntstatus(subreq, ev, &status); > > > -+ if (!ok) { > > > -+ goto fail; > > > -+ } > > > -+ status =3D ops->update_recv(subreq, out_mem_ctx, out); > > > -+ fail: > > > -+ TALLOC_FREE(frame); > > > -+ return status; > > > - } > > > -=20 > > > - struct gensec_update_state { > > > -- struct tevent_immediate *im; > > > -+ const struct gensec_security_ops *ops; > > > -+ struct tevent_req *subreq; > > > - struct gensec_security *gensec_security; > > > -- DATA_BLOB in; > > > - DATA_BLOB out; > > > -+ > > > -+ /* > > > -+ * only for sync backends, we should remove this > > > -+ * once all backends are async. > > > -+ */ > > > -+ struct tevent_immediate *im; > > > -+ DATA_BLOB in; > > > - }; > > > -=20 > > > - static void gensec_update_async_trigger(struct tevent_context *ctx, > > > - struct tevent_immediate *im, > > > - void *private_data); > > > -+static void gensec_update_subreq_done(struct tevent_req *subreq); > > > -+ > > > - /** > > > - * Next state function for the GENSEC state machine async version > > > - * > > > -@@ -298,17 +329,31 @@ _PUBLIC_ struct tevent_req *gensec_update_send= (TALLOC_CTX *mem_ctx, > > > - return NULL; > > > - } > > > -=20 > > > -- state->gensec_security =3D gensec_security; > > > -- state->in =3D in; > > > -- state->out =3D data_blob(NULL, 0); > > > -- state->im =3D tevent_create_immediate(state); > > > -- if (tevent_req_nomem(state->im, req)) { > > > -+ state->ops =3D gensec_security->ops; > > > -+ state->gensec_security =3D gensec_security; > > > -+ > > > -+ if (state->ops->update_send =3D=3D NULL) { > > > -+ state->in =3D in; > > > -+ state->im =3D tevent_create_immediate(state); > > > -+ if (tevent_req_nomem(state->im, req)) { > > > -+ return tevent_req_post(req, ev); > > > -+ } > > > -+ > > > -+ tevent_schedule_immediate(state->im, ev, > > > -+ gensec_update_async_trigger, > > > -+ req); > > > -+ > > > -+ return req; > > > -+ } > > > -+ > > > -+ state->subreq =3D state->ops->update_send(state, ev, gensec_securi= ty, in); > > > -+ if (tevent_req_nomem(state->subreq, req)) { > > > - return tevent_req_post(req, ev); > > > - } > > > -=20 > > > -- tevent_schedule_immediate(state->im, ev, > > > -- gensec_update_async_trigger, > > > -- req); > > > -+ tevent_req_set_callback(state->subreq, > > > -+ gensec_update_subreq_done, > > > -+ req); > > > -=20 > > > - return req; > > > - } > > > -@@ -323,12 +368,71 @@ static void gensec_update_async_trigger(struct= tevent_context *ctx, > > > - tevent_req_data(req, struct gensec_update_state); > > > - NTSTATUS status; > > > -=20 > > > -- status =3D gensec_update(state->gensec_security, state, ctx, > > > -- state->in, &state->out); > > > -+ status =3D state->ops->update(state->gensec_security, state, ctx, > > > -+ state->in, &state->out); > > > -+ if (tevent_req_nterror(req, status)) { > > > -+ return; > > > -+ } > > > -+ > > > -+ tevent_req_done(req); > > > -+} > > > -+ > > > -+static void gensec_update_subreq_done(struct tevent_req *subreq) > > > -+{ > > > -+ struct tevent_req *req =3D > > > -+ tevent_req_callback_data(subreq, > > > -+ struct tevent_req); > > > -+ struct gensec_update_state *state =3D > > > -+ tevent_req_data(req, > > > -+ struct gensec_update_state); > > > -+ NTSTATUS status; > > > -+ > > > -+ state->subreq =3D NULL; > > > -+ > > > -+ status =3D state->ops->update_recv(subreq, state, &state->out); > > > -+ TALLOC_FREE(subreq); > > > - if (tevent_req_nterror(req, status)) { > > > - return; > > > - } > > > -=20 > > > -+ /* > > > -+ * Because callers using the > > > -+ * gensec_start_mech_by_authtype() never call > > > -+ * gensec_want_feature(), it isn't sensible for them > > > -+ * to have to call gensec_have_feature() manually, and > > > -+ * these are not points of negotiation, but are > > > -+ * asserted by the client > > > -+ */ > > > -+ switch (state->gensec_security->dcerpc_auth_level) { > > > -+ case DCERPC_AUTH_LEVEL_INTEGRITY: > > > -+ if (!gensec_have_feature(state->gensec_security, GENSEC_FEATURE_S= IGN)) { > > > -+ DEBUG(0,("Did not manage to negotiate mandetory feature " > > > -+ "SIGN for dcerpc auth_level %u\n", > > > -+ state->gensec_security->dcerpc_auth_level)); > > > -+ tevent_req_nterror(req, NT_STATUS_ACCESS_DENIED); > > > -+ return; > > > -+ } > > > -+ break; > > > -+ case DCERPC_AUTH_LEVEL_PRIVACY: > > > -+ if (!gensec_have_feature(state->gensec_security, GENSEC_FEATURE_S= IGN)) { > > > -+ DEBUG(0,("Did not manage to negotiate mandetory feature " > > > -+ "SIGN for dcerpc auth_level %u\n", > > > -+ state->gensec_security->dcerpc_auth_level)); > > > -+ tevent_req_nterror(req, NT_STATUS_ACCESS_DENIED); > > > -+ return; > > > -+ } > > > -+ if (!gensec_have_feature(state->gensec_security, GENSEC_FEATURE_S= EAL)) { > > > -+ DEBUG(0,("Did not manage to negotiate mandetory feature " > > > -+ "SEAL for dcerpc auth_level %u\n", > > > -+ state->gensec_security->dcerpc_auth_level)); > > > -+ tevent_req_nterror(req, NT_STATUS_ACCESS_DENIED); > > > -+ return; > > > -+ } > > > -+ break; > > > -+ default: > > > -+ break; > > > -+ } > > > -+ > > > - tevent_req_done(req); > > > - } > > > -=20 > > > -diff --git a/auth/gensec/gensec_internal.h b/auth/gensec/gensec_inte= rnal.h > > > -index 41b6f0d..c04164a 100644 > > > ---- a/auth/gensec/gensec_internal.h > > > -+++ b/auth/gensec/gensec_internal.h > > > -@@ -40,6 +40,13 @@ struct gensec_security_ops { > > > - NTSTATUS (*update)(struct gensec_security *gensec_security, TALLOC= _CTX *out_mem_ctx, > > > - struct tevent_context *ev, > > > - const DATA_BLOB in, DATA_BLOB *out); > > > -+ struct tevent_req *(*update_send)(TALLOC_CTX *mem_ctx, > > > -+ struct tevent_context *ev, > > > -+ struct gensec_security *gensec_security, > > > -+ const DATA_BLOB in); > > > -+ NTSTATUS (*update_recv)(struct tevent_req *req, > > > -+ TALLOC_CTX *out_mem_ctx, > > > -+ DATA_BLOB *out); > > > - NTSTATUS (*seal_packet)(struct gensec_security *gensec_security, T= ALLOC_CTX *sig_mem_ctx, > > > - uint8_t *data, size_t length, > > > - const uint8_t *whole_pdu, size_t pdu_length, > > > ---=20 > > > -1.9.3 > > > - > > > - > > > -From aa559f2fc6f228fba268adafa92392dff8152747 Mon Sep 17 00:00:00 20= 01 > > > -From: Stefan Metzmacher > > > -Date: Mon, 5 Aug 2013 11:10:55 +0200 > > > -Subject: [PATCH 087/249] auth/gensec: use 'const char * const *' for= function > > > - parameters > > > - > > > -Signed-off-by: Stefan Metzmacher > > > - > > > -Reviewed-by: Andrew Bartlett > > > -(cherry picked from commit c81b6f7448d7f945635784de645bea4f7f2e230f) > > > ---- > > > - auth/gensec/gensec.h | 2 +- > > > - auth/gensec/gensec_start.c | 2 +- > > > - auth/gensec/spnego.c | 2 +- > > > - 3 files changed, 3 insertions(+), 3 deletions(-) > > > - > > > -diff --git a/auth/gensec/gensec.h b/auth/gensec/gensec.h > > > -index 5d39d81..d0bc451 100644 > > > ---- a/auth/gensec/gensec.h > > > -+++ b/auth/gensec/gensec.h > > > -@@ -184,7 +184,7 @@ struct gensec_security_ops **gensec_security_mec= hs(struct gensec_security *gense > > > - const struct gensec_security_ops_wrapper *gensec_security_by_oid_li= st( > > > - struct gensec_security *gensec_security, > > > - TALLOC_CTX *mem_ctx, > > > -- const char **oid_strings, > > > -+ const char * const *oid_strings, > > > - const char *skip); > > > - const char **gensec_security_oids(struct gensec_security *gensec_se= curity, > > > - TALLOC_CTX *mem_ctx, > > > -diff --git a/auth/gensec/gensec_start.c b/auth/gensec/gensec_start.c > > > -index 00e2759..2874c13 100644 > > > ---- a/auth/gensec/gensec_start.c > > > -+++ b/auth/gensec/gensec_start.c > > > -@@ -373,7 +373,7 @@ static const struct gensec_security_ops **gensec= _security_by_sasl_list( > > > - _PUBLIC_ const struct gensec_security_ops_wrapper *gensec_security_= by_oid_list( > > > - struct gensec_security *gensec_security, > > > - TALLOC_CTX *mem_ctx, > > > -- const char **oid_strings, > > > -+ const char * const *oid_strings, > > > - const char *skip) > > > - { > > > - struct gensec_security_ops_wrapper *backends_out; > > > -diff --git a/auth/gensec/spnego.c b/auth/gensec/spnego.c > > > -index 38a45f8..0eb6da1 100644 > > > ---- a/auth/gensec/spnego.c > > > -+++ b/auth/gensec/spnego.c > > > -@@ -417,7 +417,7 @@ static NTSTATUS gensec_spnego_parse_negTokenInit= (struct gensec_security *gensec_ > > > - struct spnego_state *spnego_state,=20 > > > - TALLOC_CTX *out_mem_ctx,=20 > > > - struct tevent_context *ev, > > > -- const char **mechType, > > > -+ const char * const *mechType, > > > - const DATA_BLOB unwrapped_in, DATA_BLOB *unwrapped_out)=20 > > > - { > > > - int i; > > > ---=20 > > > -1.9.3 > > > - > > > - > > > -From a2e14962e1eeebaac2fb4539794a454b0f486869 Mon Sep 17 00:00:00 20= 01 > > > -From: Stefan Metzmacher > > > -Date: Mon, 5 Aug 2013 11:20:21 +0200 > > > -Subject: [PATCH 088/249] auth/gensec: treat struct gensec_security_o= ps as > > > - const if possible. > > > - > > > -Signed-off-by: Stefan Metzmacher > > > - > > > -Reviewed-by: Andrew Bartlett > > > -(cherry picked from commit 966faef9c61d2ec02d75fc3ccc82a61524fb77e4) > > > ---- > > > - auth/gensec/gensec.h | 14 +++++----- > > > - auth/gensec/gensec_start.c | 52 ++++++++++++++++++++-------= ----------- > > > - auth/gensec/spnego.c | 8 +++--- > > > - source3/auth/auth_generic.c | 15 ++++++----- > > > - source3/libads/authdata.c | 11 ++++---- > > > - source3/libsmb/auth_generic.c | 15 ++++++----- > > > - source3/utils/ntlm_auth.c | 22 ++++++++-------- > > > - source4/ldap_server/ldap_backend.c | 4 +-- > > > - 8 files changed, 75 insertions(+), 66 deletions(-) > > > - > > > -diff --git a/auth/gensec/gensec.h b/auth/gensec/gensec.h > > > -index d0bc451..ac1fadf 100644 > > > ---- a/auth/gensec/gensec.h > > > -+++ b/auth/gensec/gensec.h > > > -@@ -85,7 +85,7 @@ struct gensec_settings { > > > - /* this allows callers to specify a specific set of ops that > > > - * should be used, rather than those loaded by the plugin > > > - * mechanism */ > > > -- struct gensec_security_ops **backends; > > > -+ const struct gensec_security_ops * const *backends; > > > -=20 > > > - /* To fill in our own name in the NTLMSSP server */ > > > - const char *server_dns_domain; > > > -@@ -179,7 +179,7 @@ const struct gensec_security_ops *gensec_securit= y_by_sasl_name(struct gensec_sec > > > - const struct gensec_security_ops *gensec_security_by_auth_type( > > > - struct gensec_security *gensec_security, > > > - uint32_t auth_type); > > > --struct gensec_security_ops **gensec_security_mechs(struct gensec_se= curity *gensec_security, > > > -+const struct gensec_security_ops **gensec_security_mechs(struct gen= sec_security *gensec_security, > > > - TALLOC_CTX *mem_ctx); > > > - const struct gensec_security_ops_wrapper *gensec_security_by_oid_li= st( > > > - struct gensec_security *gensec_security, > > > -@@ -243,11 +243,11 @@ NTSTATUS gensec_wrap(struct gensec_security *g= ensec_security, > > > - const DATA_BLOB *in, > > > - DATA_BLOB *out); > > > -=20 > > > --struct gensec_security_ops **gensec_security_all(void); > > > --bool gensec_security_ops_enabled(struct gensec_security_ops *ops, s= truct gensec_security *security); > > > --struct gensec_security_ops **gensec_use_kerberos_mechs(TALLOC_CTX *= mem_ctx, > > > -- struct gensec_security_ops **old_gensec_list, > > > -- struct cli_credentials *creds); > > > -+const struct gensec_security_ops * const *gensec_security_all(void); > > > -+bool gensec_security_ops_enabled(const struct gensec_security_ops *= ops, struct gensec_security *security); > > > -+const struct gensec_security_ops **gensec_use_kerberos_mechs(TALLOC= _CTX *mem_ctx, > > > -+ const struct gensec_security_ops * const *old_gensec_list, > > > -+ struct cli_credentials *creds); > > > -=20 > > > - NTSTATUS gensec_start_mech_by_sasl_name(struct gensec_security *gen= sec_security, > > > - const char *sasl_name); > > > -diff --git a/auth/gensec/gensec_start.c b/auth/gensec/gensec_start.c > > > -index 2874c13..3ae64d5 100644 > > > ---- a/auth/gensec/gensec_start.c > > > -+++ b/auth/gensec/gensec_start.c > > > -@@ -33,17 +33,17 @@ > > > - #include "lib/util/samba_modules.h" > > > -=20 > > > - /* the list of currently registered GENSEC backends */ > > > --static struct gensec_security_ops **generic_security_ops; > > > -+static const struct gensec_security_ops **generic_security_ops; > > > - static int gensec_num_backends; > > > -=20 > > > - /* Return all the registered mechs. Don't modify the return pointe= r, > > > -- * but you may talloc_reference it if convient */ > > > --_PUBLIC_ struct gensec_security_ops **gensec_security_all(void) > > > -+ * but you may talloc_referen it if convient */ > > > -+_PUBLIC_ const struct gensec_security_ops * const *gensec_security_= all(void) > > > - { > > > - return generic_security_ops; > > > - } > > > -=20 > > > --bool gensec_security_ops_enabled(struct gensec_security_ops *ops, s= truct gensec_security *security) > > > -+bool gensec_security_ops_enabled(const struct gensec_security_ops *= ops, struct gensec_security *security) > > > - { > > > - return lpcfg_parm_bool(security->settings->lp_ctx, NULL, "gensec",= ops->name, ops->enabled); > > > - } > > > -@@ -68,11 +68,11 @@ bool gensec_security_ops_enabled(struct gensec_s= ecurity_ops *ops, struct gensec_ > > > - * more compplex. > > > - */ > > > -=20 > > > --_PUBLIC_ struct gensec_security_ops **gensec_use_kerberos_mechs(TAL= LOC_CTX *mem_ctx, > > > -- struct gensec_security_ops **old_gensec_list, > > > -- struct cli_credentials *creds) > > > -+_PUBLIC_ const struct gensec_security_ops **gensec_use_kerberos_mec= hs(TALLOC_CTX *mem_ctx, > > > -+ const struct gensec_security_ops * const *old_gensec_list, > > > -+ struct cli_credentials *creds) > > > - { > > > -- struct gensec_security_ops **new_gensec_list; > > > -+ const struct gensec_security_ops **new_gensec_list; > > > - int i, j, num_mechs_in; > > > - enum credentials_use_kerberos use_kerberos =3D CRED_AUTO_USE_KERBE= ROS; > > > -=20 > > > -@@ -84,7 +84,9 @@ _PUBLIC_ struct gensec_security_ops **gensec_use_k= erberos_mechs(TALLOC_CTX *mem_ > > > - /* noop */ > > > - } > > > -=20 > > > -- new_gensec_list =3D talloc_array(mem_ctx, struct gensec_security_o= ps *, num_mechs_in + 1); > > > -+ new_gensec_list =3D talloc_array(mem_ctx, > > > -+ const struct gensec_security_ops *, > > > -+ num_mechs_in + 1); > > > - if (!new_gensec_list) { > > > - return NULL; > > > - } > > > -@@ -136,12 +138,12 @@ _PUBLIC_ struct gensec_security_ops **gensec_u= se_kerberos_mechs(TALLOC_CTX *mem_ > > > - return new_gensec_list; > > > - } > > > -=20 > > > --_PUBLIC_ struct gensec_security_ops **gensec_security_mechs( > > > -+_PUBLIC_ const struct gensec_security_ops **gensec_security_mechs( > > > - struct gensec_security *gensec_security, > > > - TALLOC_CTX *mem_ctx) > > > - { > > > - struct cli_credentials *creds =3D NULL; > > > -- struct gensec_security_ops **backends =3D gensec_security_all(); > > > -+ const struct gensec_security_ops * const *backends =3D gensec_secu= rity_all(); > > > -=20 > > > - if (gensec_security !=3D NULL) { > > > - creds =3D gensec_get_credentials(gensec_security); > > > -@@ -159,7 +161,7 @@ static const struct gensec_security_ops *gensec_= security_by_authtype(struct gens > > > - uint8_t auth_type) > > > - { > > > - int i; > > > -- struct gensec_security_ops **backends; > > > -+ const struct gensec_security_ops **backends; > > > - const struct gensec_security_ops *backend; > > > - TALLOC_CTX *mem_ctx =3D talloc_new(gensec_security); > > > - if (!mem_ctx) { > > > -@@ -185,7 +187,7 @@ _PUBLIC_ const struct gensec_security_ops *gense= c_security_by_oid( > > > - const char *oid_string) > > > - { > > > - int i, j; > > > -- struct gensec_security_ops **backends; > > > -+ const struct gensec_security_ops **backends; > > > - const struct gensec_security_ops *backend; > > > - TALLOC_CTX *mem_ctx =3D talloc_new(gensec_security); > > > - if (!mem_ctx) { > > > -@@ -218,7 +220,7 @@ _PUBLIC_ const struct gensec_security_ops *gense= c_security_by_sasl_name( > > > - const char *sasl_name) > > > - { > > > - int i; > > > -- struct gensec_security_ops **backends; > > > -+ const struct gensec_security_ops **backends; > > > - const struct gensec_security_ops *backend; > > > - TALLOC_CTX *mem_ctx =3D talloc_new(gensec_security); > > > - if (!mem_ctx) { > > > -@@ -245,7 +247,7 @@ _PUBLIC_ const struct gensec_security_ops *gense= c_security_by_auth_type( > > > - uint32_t auth_type) > > > - { > > > - int i; > > > -- struct gensec_security_ops **backends; > > > -+ const struct gensec_security_ops **backends; > > > - const struct gensec_security_ops *backend; > > > - TALLOC_CTX *mem_ctx =3D talloc_new(gensec_security); > > > - if (!mem_ctx) { > > > -@@ -270,7 +272,7 @@ static const struct gensec_security_ops *gensec_= security_by_name(struct gensec_s > > > - const char *name) > > > - { > > > - int i; > > > -- struct gensec_security_ops **backends; > > > -+ const struct gensec_security_ops **backends; > > > - const struct gensec_security_ops *backend; > > > - TALLOC_CTX *mem_ctx =3D talloc_new(gensec_security); > > > - if (!mem_ctx) { > > > -@@ -306,7 +308,7 @@ static const struct gensec_security_ops **gensec= _security_by_sasl_list( > > > - const char **sasl_names) > > > - { > > > - const struct gensec_security_ops **backends_out; > > > -- struct gensec_security_ops **backends; > > > -+ const struct gensec_security_ops **backends; > > > - int i, k, sasl_idx; > > > - int num_backends_out =3D 0; > > > -=20 > > > -@@ -377,7 +379,7 @@ _PUBLIC_ const struct gensec_security_ops_wrappe= r *gensec_security_by_oid_list( > > > - const char *skip) > > > - { > > > - struct gensec_security_ops_wrapper *backends_out; > > > -- struct gensec_security_ops **backends; > > > -+ const struct gensec_security_ops **backends; > > > - int i, j, k, oid_idx; > > > - int num_backends_out =3D 0; > > > -=20 > > > -@@ -451,7 +453,7 @@ _PUBLIC_ const struct gensec_security_ops_wrappe= r *gensec_security_by_oid_list( > > > - static const char **gensec_security_oids_from_ops( > > > - struct gensec_security *gensec_security, > > > - TALLOC_CTX *mem_ctx, > > > -- struct gensec_security_ops **ops, > > > -+ const struct gensec_security_ops * const *ops, > > > - const char *skip) > > > - { > > > - int i; > > > -@@ -542,8 +544,10 @@ _PUBLIC_ const char **gensec_security_oids(stru= ct gensec_security *gensec_securi > > > - TALLOC_CTX *mem_ctx, > > > - const char *skip) > > > - { > > > -- struct gensec_security_ops **ops > > > -- =3D gensec_security_mechs(gensec_security, mem_ctx); > > > -+ const struct gensec_security_ops **ops; > > > -+ > > > -+ ops =3D gensec_security_mechs(gensec_security, mem_ctx); > > > -+ > > > - return gensec_security_oids_from_ops(gensec_security, mem_ctx, ops= , skip); > > > - } > > > -=20 > > > -@@ -876,13 +880,13 @@ _PUBLIC_ NTSTATUS gensec_register(const struct= gensec_security_ops *ops) > > > -=20 > > > - generic_security_ops =3D talloc_realloc(talloc_autofree_context(), > > > - generic_security_ops, > > > -- struct gensec_security_ops *, > > > -+ const struct gensec_security_ops *, > > > - gensec_num_backends+2); > > > - if (!generic_security_ops) { > > > - return NT_STATUS_NO_MEMORY; > > > - } > > > -=20 > > > -- generic_security_ops[gensec_num_backends] =3D discard_const_p(stru= ct gensec_security_ops, ops); > > > -+ generic_security_ops[gensec_num_backends] =3D ops; > > > - gensec_num_backends++; > > > - generic_security_ops[gensec_num_backends] =3D NULL; > > > -=20 > > > -@@ -908,7 +912,7 @@ _PUBLIC_ const struct gensec_critical_sizes *gen= sec_interface_version(void) > > > - return &critical_sizes; > > > - } > > > -=20 > > > --static int sort_gensec(struct gensec_security_ops **gs1, struct gen= sec_security_ops **gs2) { > > > -+static int sort_gensec(const struct gensec_security_ops **gs1, cons= t struct gensec_security_ops **gs2) { > > > - return (*gs2)->priority - (*gs1)->priority; > > > - } > > > -=20 > > > -diff --git a/auth/gensec/spnego.c b/auth/gensec/spnego.c > > > -index 0eb6da1..d90a50c 100644 > > > ---- a/auth/gensec/spnego.c > > > -+++ b/auth/gensec/spnego.c > > > -@@ -352,9 +352,11 @@ static NTSTATUS gensec_spnego_server_try_fallba= ck(struct gensec_security *gensec > > > - const DATA_BLOB in, DATA_BLOB *out)=20 > > > - { > > > - int i,j; > > > -- struct gensec_security_ops **all_ops > > > -- =3D gensec_security_mechs(gensec_security, out_mem_ctx); > > > -- for (i=3D0; all_ops[i]; i++) { > > > -+ const struct gensec_security_ops **all_ops; > > > -+ > > > -+ all_ops =3D gensec_security_mechs(gensec_security, out_mem_ctx); > > > -+ > > > -+ for (i=3D0; all_ops && all_ops[i]; i++) { > > > - bool is_spnego; > > > - NTSTATUS nt_status; > > > -=20 > > > -diff --git a/source3/auth/auth_generic.c b/source3/auth/auth_generic= =2Ec > > > -index a2ba4e3..e15c87e 100644 > > > ---- a/source3/auth/auth_generic.c > > > -+++ b/source3/auth/auth_generic.c > > > -@@ -203,6 +203,7 @@ NTSTATUS auth_generic_prepare(TALLOC_CTX *mem_ct= x, > > > - return nt_status; > > > - } > > > - } else { > > > -+ const struct gensec_security_ops **backends =3D NULL; > > > - struct gensec_settings *gensec_settings; > > > - struct loadparm_context *lp_ctx; > > > - size_t idx =3D 0; > > > -@@ -259,24 +260,24 @@ NTSTATUS auth_generic_prepare(TALLOC_CTX *mem_= ctx, > > > - return NT_STATUS_NO_MEMORY; > > > - } > > > -=20 > > > -- gensec_settings->backends =3D talloc_zero_array(gensec_settings, > > > -- struct gensec_security_ops *, 4); > > > -- if (gensec_settings->backends =3D=3D NULL) { > > > -+ backends =3D talloc_zero_array(gensec_settings, > > > -+ const struct gensec_security_ops *, 4); > > > -+ if (backends =3D=3D NULL) { > > > - TALLOC_FREE(tmp_ctx); > > > - return NT_STATUS_NO_MEMORY; > > > - } > > > -+ gensec_settings->backends =3D backends; > > > -=20 > > > - gensec_init(); > > > -=20 > > > - /* These need to be in priority order, krb5 before NTLMSSP */ > > > - #if defined(HAVE_KRB5) > > > -- gensec_settings->backends[idx++] =3D &gensec_gse_krb5_security_op= s; > > > -+ backends[idx++] =3D &gensec_gse_krb5_security_ops; > > > - #endif > > > -=20 > > > -- gensec_settings->backends[idx++] =3D gensec_security_by_oid(NULL,= GENSEC_OID_NTLMSSP); > > > -+ backends[idx++] =3D gensec_security_by_oid(NULL, GENSEC_OID_NTLMS= SP); > > > -=20 > > > -- gensec_settings->backends[idx++] =3D gensec_security_by_oid(NULL, > > > -- GENSEC_OID_SPNEGO); > > > -+ backends[idx++] =3D gensec_security_by_oid(NULL, GENSEC_OID_SPNEG= O); > > > -=20 > > > - /* > > > - * This is anonymous for now, because we just use it > > > -diff --git a/source3/libads/authdata.c b/source3/libads/authdata.c > > > -index 582917d..801e551 100644 > > > ---- a/source3/libads/authdata.c > > > -+++ b/source3/libads/authdata.c > > > -@@ -111,7 +111,7 @@ NTSTATUS kerberos_return_pac(TALLOC_CTX *mem_ctx, > > > - const char *cc =3D "MEMORY:kerberos_return_pac"; > > > - struct auth_session_info *session_info; > > > - struct gensec_security *gensec_server_context; > > > -- > > > -+ const struct gensec_security_ops **backends; > > > - struct gensec_settings *gensec_settings; > > > - size_t idx =3D 0; > > > - struct auth4_context *auth_context; > > > -@@ -230,16 +230,17 @@ NTSTATUS kerberos_return_pac(TALLOC_CTX *mem_c= tx, > > > - goto out; > > > - } > > > -=20 > > > -- gensec_settings->backends =3D talloc_zero_array(gensec_settings, > > > -- struct gensec_security_ops *, 2); > > > -- if (gensec_settings->backends =3D=3D NULL) { > > > -+ backends =3D talloc_zero_array(gensec_settings, > > > -+ const struct gensec_security_ops *, 2); > > > -+ if (backends =3D=3D NULL) { > > > - status =3D NT_STATUS_NO_MEMORY; > > > - goto out; > > > - } > > > -+ gensec_settings->backends =3D backends; > > > -=20 > > > - gensec_init(); > > > -=20 > > > -- gensec_settings->backends[idx++] =3D &gensec_gse_krb5_security_ops; > > > -+ backends[idx++] =3D &gensec_gse_krb5_security_ops; > > > -=20 > > > - status =3D gensec_server_start(tmp_ctx, gensec_settings, > > > - auth_context, &gensec_server_context); > > > -diff --git a/source3/libsmb/auth_generic.c b/source3/libsmb/auth_gen= eric.c > > > -index ba0a0ce..e30c1b7 100644 > > > ---- a/source3/libsmb/auth_generic.c > > > -+++ b/source3/libsmb/auth_generic.c > > > -@@ -54,6 +54,7 @@ NTSTATUS auth_generic_client_prepare(TALLOC_CTX *m= em_ctx, struct auth_generic_st > > > - NTSTATUS nt_status; > > > - size_t idx =3D 0; > > > - struct gensec_settings *gensec_settings; > > > -+ const struct gensec_security_ops **backends =3D NULL; > > > - struct loadparm_context *lp_ctx; > > > -=20 > > > - ans =3D talloc_zero(mem_ctx, struct auth_generic_state); > > > -@@ -76,24 +77,24 @@ NTSTATUS auth_generic_client_prepare(TALLOC_CTX = *mem_ctx, struct auth_generic_st > > > - return NT_STATUS_NO_MEMORY; > > > - } > > > -=20 > > > -- gensec_settings->backends =3D talloc_zero_array(gensec_settings, > > > -- struct gensec_security_ops *, 4); > > > -- if (gensec_settings->backends =3D=3D NULL) { > > > -+ backends =3D talloc_zero_array(gensec_settings, > > > -+ const struct gensec_security_ops *, 4); > > > -+ if (backends =3D=3D NULL) { > > > - TALLOC_FREE(ans); > > > - return NT_STATUS_NO_MEMORY; > > > - } > > > -+ gensec_settings->backends =3D backends; > > > -=20 > > > - gensec_init(); > > > -=20 > > > - /* These need to be in priority order, krb5 before NTLMSSP */ > > > - #if defined(HAVE_KRB5) > > > -- gensec_settings->backends[idx++] =3D &gensec_gse_krb5_security_ops; > > > -+ backends[idx++] =3D &gensec_gse_krb5_security_ops; > > > - #endif > > > -=20 > > > -- gensec_settings->backends[idx++] =3D &gensec_ntlmssp3_client_ops; > > > -+ backends[idx++] =3D &gensec_ntlmssp3_client_ops; > > > -=20 > > > -- gensec_settings->backends[idx++] =3D gensec_security_by_oid(NULL, > > > -- GENSEC_OID_SPNEGO); > > > -+ backends[idx++] =3D gensec_security_by_oid(NULL, GENSEC_OID_SPNEGO= ); > > > -=20 > > > - nt_status =3D gensec_client_start(ans, &ans->gensec_security, gens= ec_settings); > > > -=20 > > > -diff --git a/source3/utils/ntlm_auth.c b/source3/utils/ntlm_auth.c > > > -index 5fcb60e..25e717c 100644 > > > ---- a/source3/utils/ntlm_auth.c > > > -+++ b/source3/utils/ntlm_auth.c > > > -@@ -1035,7 +1035,7 @@ static NTSTATUS ntlm_auth_start_ntlmssp_server= (TALLOC_CTX *mem_ctx, > > > - NTSTATUS nt_status; > > > -=20 > > > - TALLOC_CTX *tmp_ctx; > > > -- > > > -+ const struct gensec_security_ops **backends; > > > - struct gensec_settings *gensec_settings; > > > - size_t idx =3D 0; > > > - struct cli_credentials *server_credentials; > > > -@@ -1079,26 +1079,26 @@ static NTSTATUS ntlm_auth_start_ntlmssp_serv= er(TALLOC_CTX *mem_ctx, > > > - gensec_settings->server_dns_name =3D strlower_talloc(gensec_settin= gs, > > > - get_mydnsfullname()); > > > - =09 > > > -- gensec_settings->backends =3D talloc_zero_array(gensec_settings, > > > -- struct gensec_security_ops *, 4); > > > -+ backends =3D talloc_zero_array(gensec_settings, > > > -+ const struct gensec_security_ops *, 4); > > > - =09 > > > -- if (gensec_settings->backends =3D=3D NULL) { > > > -+ if (backends =3D=3D NULL) { > > > - TALLOC_FREE(tmp_ctx); > > > - return NT_STATUS_NO_MEMORY; > > > - } > > > --=09 > > > -+ gensec_settings->backends =3D backends; > > > -+ > > > - gensec_init(); > > > - =09 > > > - /* These need to be in priority order, krb5 before NTLMSSP */ > > > - #if defined(HAVE_KRB5) > > > -- gensec_settings->backends[idx++] =3D &gensec_gse_krb5_security_ops; > > > -+ backends[idx++] =3D &gensec_gse_krb5_security_ops; > > > - #endif > > > --=09 > > > -- gensec_settings->backends[idx++] =3D gensec_security_by_oid(NULL, = GENSEC_OID_NTLMSSP); > > > -=20 > > > -- gensec_settings->backends[idx++] =3D gensec_security_by_oid(NULL, > > > -- GENSEC_OID_SPNEGO); > > > --=09 > > > -+ backends[idx++] =3D gensec_security_by_oid(NULL, GENSEC_OID_NTLMSS= P); > > > -+ > > > -+ backends[idx++] =3D gensec_security_by_oid(NULL, GENSEC_OID_SPNEGO= ); > > > -+ > > > - /* > > > - * This is anonymous for now, because we just use it > > > - * to set the kerberos state at the moment > > > -diff --git a/source4/ldap_server/ldap_backend.c b/source4/ldap_serve= r/ldap_backend.c > > > -index f0da82c..3432594 100644 > > > ---- a/source4/ldap_server/ldap_backend.c > > > -+++ b/source4/ldap_server/ldap_backend.c > > > -@@ -192,8 +192,8 @@ NTSTATUS ldapsrv_backend_Init(struct ldapsrv_con= nection *conn) > > > -=20 > > > - if (conn->server_credentials) { > > > - char **sasl_mechs =3D NULL; > > > -- struct gensec_security_ops **backends =3D gensec_security_all(); > > > -- struct gensec_security_ops **ops > > > -+ const struct gensec_security_ops * const *backends =3D gensec_sec= urity_all(); > > > -+ const struct gensec_security_ops **ops > > > - =3D gensec_use_kerberos_mechs(conn, backends, conn->server_crede= ntials); > > > - unsigned int i, j =3D 0; > > > - for (i =3D 0; ops && ops[i]; i++) { > > > ---=20 > > > -1.9.3 > > > - > > > - > > > -From 6a58d4f4cb60bf25c1493ef0aedd5978abc06969 Mon Sep 17 00:00:00 20= 01 > > > -From: Stefan Metzmacher > > > -Date: Mon, 5 Aug 2013 10:43:38 +0200 > > > -Subject: [PATCH 089/249] libcli/auth: avoid possible mem leak in > > > - read_negTokenInit() > > > - > > > -Also add error checks. > > > - > > > -Signed-off-by: Stefan Metzmacher > > > - > > > -Reviewed-by: Andrew Bartlett > > > -(cherry picked from commit f1e60142e12deb560e3c62441fd9ff2acd086b60) > > > ---- > > > - libcli/auth/spnego_parse.c | 19 +++++++++++++++---- > > > - 1 file changed, 15 insertions(+), 4 deletions(-) > > > - > > > -diff --git a/libcli/auth/spnego_parse.c b/libcli/auth/spnego_parse.c > > > -index 3bf7aea..2c73613 100644 > > > ---- a/libcli/auth/spnego_parse.c > > > -+++ b/libcli/auth/spnego_parse.c > > > -@@ -46,13 +46,24 @@ static bool read_negTokenInit(struct asn1_data *= asn1, TALLOC_CTX *mem_ctx, > > > - asn1_start_tag(asn1, ASN1_CONTEXT(0)); > > > - asn1_start_tag(asn1, ASN1_SEQUENCE(0)); > > > -=20 > > > -- token->mechTypes =3D talloc(NULL, const char *); > > > -+ token->mechTypes =3D talloc(mem_ctx, const char *); > > > -+ if (token->mechTypes =3D=3D NULL) { > > > -+ asn1->has_error =3D true; > > > -+ return false; > > > -+ } > > > - for (i =3D 0; !asn1->has_error && > > > - 0 < asn1_tag_remaining(asn1); i++) { > > > - char *oid; > > > -- token->mechTypes =3D talloc_realloc(NULL, > > > -- token->mechTypes, > > > -- const char *, i+2); > > > -+ const char **p; > > > -+ p =3D talloc_realloc(mem_ctx, > > > -+ token->mechTypes, > > > -+ const char *, i+2); > > > -+ if (p =3D=3D NULL) { > > > -+ TALLOC_FREE(token->mechTypes); > > > -+ asn1->has_error =3D true; > > > -+ return false; > > > -+ } > > > -+ token->mechTypes =3D p; > > > - asn1_read_OID(asn1, token->mechTypes, &oid); > > > - token->mechTypes[i] =3D oid; > > > - } > > > ---=20 > > > -1.9.3 > > > - > > > - > > > -From 8835471a993521e49aa48ef55f324874e1933108 Mon Sep 17 00:00:00 20= 01 > > > -From: Stefan Metzmacher > > > -Date: Mon, 5 Aug 2013 10:46:47 +0200 > > > -Subject: [PATCH 090/249] libcli/auth: add more const to > > > - spnego_negTokenInit->mechTypes > > > - > > > -Signed-off-by: Stefan Metzmacher > > > - > > > -Reviewed-by: Andrew Bartlett > > > - > > > -Autobuild-User(master): Stefan Metzmacher > > > -Autobuild-Date(master): Sat Aug 10 11:11:54 CEST 2013 on sn-devel-104 > > > -(cherry picked from commit 9177a0d1c1c92c45ef92fbda55fc6dd8aeb76b6c) > > > ---- > > > - libcli/auth/spnego.h | 2 +- > > > - libcli/auth/spnego_parse.c | 27 ++++++++++++++++----------- > > > - libcli/auth/spnego_proto.h | 2 +- > > > - source3/utils/ntlm_auth.c | 2 +- > > > - 4 files changed, 19 insertions(+), 14 deletions(-) > > > - > > > -diff --git a/libcli/auth/spnego.h b/libcli/auth/spnego.h > > > -index 9a93f2e..539b903 100644 > > > ---- a/libcli/auth/spnego.h > > > -+++ b/libcli/auth/spnego.h > > > -@@ -49,7 +49,7 @@ enum spnego_negResult { > > > - }; > > > -=20 > > > - struct spnego_negTokenInit { > > > -- const char **mechTypes; > > > -+ const char * const *mechTypes; > > > - DATA_BLOB reqFlags; > > > - uint8_t reqFlagsPadding; > > > - DATA_BLOB mechToken; > > > -diff --git a/libcli/auth/spnego_parse.c b/libcli/auth/spnego_parse.c > > > -index 2c73613..b1ca07d 100644 > > > ---- a/libcli/auth/spnego_parse.c > > > -+++ b/libcli/auth/spnego_parse.c > > > -@@ -42,12 +42,14 @@ static bool read_negTokenInit(struct asn1_data *= asn1, TALLOC_CTX *mem_ctx, > > > -=20 > > > - switch (context) { > > > - /* Read mechTypes */ > > > -- case ASN1_CONTEXT(0): > > > -+ case ASN1_CONTEXT(0): { > > > -+ const char **mechTypes; > > > -+ > > > - asn1_start_tag(asn1, ASN1_CONTEXT(0)); > > > - asn1_start_tag(asn1, ASN1_SEQUENCE(0)); > > > -=20 > > > -- token->mechTypes =3D talloc(mem_ctx, const char *); > > > -- if (token->mechTypes =3D=3D NULL) { > > > -+ mechTypes =3D talloc(mem_ctx, const char *); > > > -+ if (mechTypes =3D=3D NULL) { > > > - asn1->has_error =3D true; > > > - return false; > > > - } > > > -@@ -56,22 +58,25 @@ static bool read_negTokenInit(struct asn1_data *= asn1, TALLOC_CTX *mem_ctx, > > > - char *oid; > > > - const char **p; > > > - p =3D talloc_realloc(mem_ctx, > > > -- token->mechTypes, > > > -+ mechTypes, > > > - const char *, i+2); > > > - if (p =3D=3D NULL) { > > > -- TALLOC_FREE(token->mechTypes); > > > -+ talloc_free(mechTypes); > > > - asn1->has_error =3D true; > > > - return false; > > > - } > > > -- token->mechTypes =3D p; > > > -- asn1_read_OID(asn1, token->mechTypes, &oid); > > > -- token->mechTypes[i] =3D oid; > > > -+ mechTypes =3D p; > > > -+ > > > -+ asn1_read_OID(asn1, mechTypes, &oid); > > > -+ mechTypes[i] =3D oid; > > > - } > > > -- token->mechTypes[i] =3D NULL; > > > -+ mechTypes[i] =3D NULL; > > > -+ token->mechTypes =3D mechTypes; > > > -=20 > > > - asn1_end_tag(asn1); > > > - asn1_end_tag(asn1); > > > - break; > > > -+ } > > > - /* Read reqFlags */ > > > - case ASN1_CONTEXT(1): > > > - asn1_start_tag(asn1, ASN1_CONTEXT(1)); > > > -@@ -366,7 +371,7 @@ bool spnego_free_data(struct spnego_data *spnego) > > > - switch(spnego->type) { > > > - case SPNEGO_NEG_TOKEN_INIT: > > > - if (spnego->negTokenInit.mechTypes) { > > > -- talloc_free(spnego->negTokenInit.mechTypes); > > > -+ talloc_free(discard_const(spnego->negTokenInit.mechTypes)); > > > - } > > > - data_blob_free(&spnego->negTokenInit.reqFlags); > > > - data_blob_free(&spnego->negTokenInit.mechToken); > > > -@@ -390,7 +395,7 @@ out: > > > - } > > > -=20 > > > - bool spnego_write_mech_types(TALLOC_CTX *mem_ctx, > > > -- const char **mech_types, > > > -+ const char * const *mech_types, > > > - DATA_BLOB *blob) > > > - { > > > - struct asn1_data *asn1 =3D asn1_init(mem_ctx); > > > -diff --git a/libcli/auth/spnego_proto.h b/libcli/auth/spnego_proto.h > > > -index 5fd5e59..c0fa934 100644 > > > ---- a/libcli/auth/spnego_proto.h > > > -+++ b/libcli/auth/spnego_proto.h > > > -@@ -24,5 +24,5 @@ ssize_t spnego_read_data(TALLOC_CTX *mem_ctx, DATA= _BLOB data, struct spnego_data > > > - ssize_t spnego_write_data(TALLOC_CTX *mem_ctx, DATA_BLOB *blob, str= uct spnego_data *spnego); > > > - bool spnego_free_data(struct spnego_data *spnego); > > > - bool spnego_write_mech_types(TALLOC_CTX *mem_ctx, > > > -- const char **mech_types, > > > -+ const char * const *mech_types, > > > - DATA_BLOB *blob); > > > -diff --git a/source3/utils/ntlm_auth.c b/source3/utils/ntlm_auth.c > > > -index 25e717c..1df615c 100644 > > > ---- a/source3/utils/ntlm_auth.c > > > -+++ b/source3/utils/ntlm_auth.c > > > -@@ -2058,7 +2058,7 @@ static void manage_gss_spnego_client_request(e= num stdio_helper_mode stdio_helper > > > -=20 > > > - /* The server offers a list of mechanisms */ > > > -=20 > > > -- const char **mechType =3D (const char **)spnego.negTokenInit.mech= Types; > > > -+ const char *const *mechType =3D spnego.negTokenInit.mechTypes; > > > -=20 > > > - while (*mechType !=3D NULL) { > > > -=20 > > > ---=20 > > > -1.9.3 > > > - > > > - > > > -From c06bb0c3d2c032f8b4848c75baa1fd900650866a Mon Sep 17 00:00:00 20= 01 > > > -From: Stefan Metzmacher > > > -Date: Fri, 9 Aug 2013 10:15:05 +0200 > > > -Subject: [PATCH 091/249] auth/credentials: make sure > > > - cli_credentials_get_nt_hash() always returns a talloc object > > > - > > > -Signed-off-by: Stefan Metzmacher > > > ---- > > > - auth/credentials/credentials.c | 19 ++++++++++++++----- > > > - auth/credentials/credentials.h | 4 ++-- > > > - 2 files changed, 16 insertions(+), 7 deletions(-) > > > - > > > -diff --git a/auth/credentials/credentials.c b/auth/credentials/crede= ntials.c > > > -index be497bc..57a7c0b 100644 > > > ---- a/auth/credentials/credentials.c > > > -+++ b/auth/credentials/credentials.c > > > -@@ -471,8 +471,8 @@ _PUBLIC_ bool cli_credentials_set_old_password(s= truct cli_credentials *cred, > > > - * @param cred credentials context > > > - * @retval If set, the cleartext password, otherwise NULL > > > - */ > > > --_PUBLIC_ const struct samr_Password *cli_credentials_get_nt_hash(st= ruct cli_credentials *cred,=20 > > > -- TALLOC_CTX *mem_ctx) > > > -+_PUBLIC_ struct samr_Password *cli_credentials_get_nt_hash(struct c= li_credentials *cred, > > > -+ TALLOC_CTX *mem_ctx) > > > - { > > > - const char *password =3D cli_credentials_get_password(cred); > > > -=20 > > > -@@ -481,13 +481,22 @@ _PUBLIC_ const struct samr_Password *cli_crede= ntials_get_nt_hash(struct cli_cred > > > - if (!nt_hash) { > > > - return NULL; > > > - } > > > -- =09 > > > -+ > > > - E_md4hash(password, nt_hash->hash); =20 > > > -=20 > > > - return nt_hash; > > > -- } else { > > > -- return cred->nt_hash; > > > -+ } else if (cred->nt_hash !=3D NULL) { > > > -+ struct samr_Password *nt_hash =3D talloc(mem_ctx, struct samr_Pas= sword); > > > -+ if (!nt_hash) { > > > -+ return NULL; > > > -+ } > > > -+ > > > -+ *nt_hash =3D *cred->nt_hash; > > > -+ > > > -+ return nt_hash; > > > - } > > > -+ > > > -+ return NULL; > > > - } > > > -=20 > > > - /** > > > -diff --git a/auth/credentials/credentials.h b/auth/credentials/crede= ntials.h > > > -index cb09dc3..766a513 100644 > > > ---- a/auth/credentials/credentials.h > > > -+++ b/auth/credentials/credentials.h > > > -@@ -141,8 +141,8 @@ bool cli_credentials_set_password(struct cli_cre= dentials *cred, > > > - enum credentials_obtained obtained); > > > - struct cli_credentials *cli_credentials_init_anon(TALLOC_CTX *mem_c= tx); > > > - void cli_credentials_parse_string(struct cli_credentials *credentia= ls, const char *data, enum credentials_obtained obtained); > > > --const struct samr_Password *cli_credentials_get_nt_hash(struct cli_= credentials *cred,=20 > > > -- TALLOC_CTX *mem_ctx); > > > -+struct samr_Password *cli_credentials_get_nt_hash(struct cli_creden= tials *cred, > > > -+ TALLOC_CTX *mem_ctx); > > > - bool cli_credentials_set_realm(struct cli_credentials *cred,=20 > > > - const char *val,=20 > > > - enum credentials_obtained obtained); > > > ---=20 > > > -1.9.3 > > > - > > > - > > > -From 8a3ed9f72ef9f9de32da4d454b866d64eb24ee17 Mon Sep 17 00:00:00 20= 01 > > > -From: Howard Chu > > > -Date: Tue, 17 Sep 2013 13:09:50 -0700 > > > -Subject: [PATCH 092/249] Add SASL/EXTERNAL gensec module > > > - > > > -Signed-off-by: Howard Chu > > > -Reviewed-by: Andrew Bartlett > > > -Reviewed-by: Nadezhda Ivanova > > > -(cherry picked from commit 6bf59b03d72b94b71e53fc2404c11e0d237e41b2) > > > ---- > > > - auth/gensec/external.c | 82 ++++++++++++++++++++++++++++++++++++= +++++++++++ > > > - auth/gensec/gensec.h | 3 +- > > > - auth/gensec/wscript_build | 7 ++++ > > > - 3 files changed, 91 insertions(+), 1 deletion(-) > > > - create mode 100644 auth/gensec/external.c > > > - > > > -diff --git a/auth/gensec/external.c b/auth/gensec/external.c > > > -new file mode 100644 > > > -index 0000000..a26e435 > > > ---- /dev/null > > > -+++ b/auth/gensec/external.c > > > -@@ -0,0 +1,82 @@ > > > -+/* > > > -+ Unix SMB/CIFS implementation. > > > -+ > > > -+ SASL/EXTERNAL authentication. > > > -+ > > > -+ Copyright (C) Howard Chu 2013 > > > -+ > > > -+ This program is free software; you can redistribute it and/or mo= dify > > > -+ it under the terms of the GNU General Public License as publishe= d by > > > -+ the Free Software Foundation; either version 3 of the License, or > > > -+ (at your option) any later version. > > > -+ > > > -+ This program is distributed in the hope that it will be useful, > > > -+ but WITHOUT ANY WARRANTY; without even the implied warranty of > > > -+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the > > > -+ GNU General Public License for more details. > > > -+ > > > -+ You should have received a copy of the GNU General Public License > > > -+ along with this program. If not, see . > > > -+*/ > > > -+ > > > -+#include "includes.h" > > > -+#include "auth/credentials/credentials.h" > > > -+#include "auth/gensec/gensec.h" > > > -+#include "auth/gensec/gensec_internal.h" > > > -+#include "auth/gensec/gensec_proto.h" > > > -+#include "auth/gensec/gensec_toplevel_proto.h" > > > -+ > > > -+/* SASL/EXTERNAL is essentially a no-op; it is only usable when the= transport > > > -+ * layer is already mutually authenticated. > > > -+ */ > > > -+ > > > -+NTSTATUS gensec_external_init(void); > > > -+ > > > -+static NTSTATUS gensec_external_start(struct gensec_security *gense= c_security) > > > -+{ > > > -+ if (gensec_security->want_features & GENSEC_FEATURE_SIGN) > > > -+ return NT_STATUS_INVALID_PARAMETER; > > > -+ if (gensec_security->want_features & GENSEC_FEATURE_SEAL) > > > -+ return NT_STATUS_INVALID_PARAMETER; > > > -+ > > > -+ return NT_STATUS_OK; > > > -+} > > > -+ > > > -+static NTSTATUS gensec_external_update(struct gensec_security *gens= ec_security, > > > -+ TALLOC_CTX *out_mem_ctx, > > > -+ struct tevent_context *ev, > > > -+ const DATA_BLOB in, DATA_BLOB *out) > > > -+{ > > > -+ *out =3D data_blob_talloc(out_mem_ctx, "", 0); > > > -+ return NT_STATUS_OK; > > > -+} > > > -+ > > > -+/* We have no features */ > > > -+static bool gensec_external_have_feature(struct gensec_security *ge= nsec_security, > > > -+ uint32_t feature) > > > -+{ > > > -+ return false; > > > -+} > > > -+ > > > -+static const struct gensec_security_ops gensec_external_ops =3D { > > > -+ .name =3D "sasl-EXTERNAL", > > > -+ .sasl_name =3D "EXTERNAL", > > > -+ .client_start =3D gensec_external_start, > > > -+ .update =3D gensec_external_update, > > > -+ .have_feature =3D gensec_external_have_feature, > > > -+ .enabled =3D true, > > > -+ .priority =3D GENSEC_EXTERNAL > > > -+}; > > > -+ > > > -+ > > > -+NTSTATUS gensec_external_init(void) > > > -+{ > > > -+ NTSTATUS ret; > > > -+ > > > -+ ret =3D gensec_register(&gensec_external_ops); > > > -+ if (!NT_STATUS_IS_OK(ret)) { > > > -+ DEBUG(0,("Failed to register '%s' gensec backend!\n", > > > -+ gensec_external_ops.name)); > > > -+ } > > > -+ return ret; > > > -+} > > > -diff --git a/auth/gensec/gensec.h b/auth/gensec/gensec.h > > > -index ac1fadf..6974f87 100644 > > > ---- a/auth/gensec/gensec.h > > > -+++ b/auth/gensec/gensec.h > > > -@@ -41,7 +41,8 @@ enum gensec_priority { > > > - GENSEC_SCHANNEL =3D 60, > > > - GENSEC_NTLMSSP =3D 50, > > > - GENSEC_SASL =3D 20, > > > -- GENSEC_OTHER =3D 0 > > > -+ GENSEC_OTHER =3D 10, > > > -+ GENSEC_EXTERNAL =3D 0 > > > - }; > > > -=20 > > > - struct gensec_security; > > > -diff --git a/auth/gensec/wscript_build b/auth/gensec/wscript_build > > > -index fcd74a3..71222f7 100755 > > > ---- a/auth/gensec/wscript_build > > > -+++ b/auth/gensec/wscript_build > > > -@@ -16,3 +16,10 @@ bld.SAMBA_MODULE('gensec_spnego', > > > - init_function=3D'gensec_spnego_init', > > > - deps=3D'asn1util samba-credentials SPNEGO_PARSE' > > > - ) > > > -+ > > > -+bld.SAMBA_MODULE('gensec_external', > > > -+ source=3D'external.c', > > > -+ autoproto=3D'external_proto.h', > > > -+ subsystem=3D'gensec', > > > -+ init_function=3D'gensec_external_init' > > > -+ ) > > > ---=20 > > > -1.9.3 > > > - > > > - > > > -From 75d9566940069ebeb367191ec6a6641bf7d45a83 Mon Sep 17 00:00:00 20= 01 > > > -From: =3D?UTF-8?q?G=3DC3=3DBCnther=3D20Deschner?=3D > > > -Date: Wed, 18 Sep 2013 17:24:10 +0200 > > > -Subject: [PATCH 093/249] gensec: move schannel module to toplevel. > > > -MIME-Version: 1.0 > > > -Content-Type: text/plain; charset=3DUTF-8 > > > -Content-Transfer-Encoding: 8bit > > > - > > > -Guenther > > > - > > > -Signed-off-by: G=C3=BCnther Deschner > > > -Pair-Programmed-With: Andreas Schneider > > > -Reviewed-by: Stefan Metzmacher > > > -(cherry picked from commit 4d2ec9e37ee9dcf7b521806a1c0aabdffe524d47) > > > ---- > > > - auth/gensec/schannel.c | 330 +++++++++++++++++++++++++++= +++++++++++ > > > - auth/gensec/wscript_build | 8 + > > > - source4/auth/gensec/schannel.c | 330 ---------------------------= ----------- > > > - source4/auth/gensec/wscript_build | 10 -- > > > - 4 files changed, 338 insertions(+), 340 deletions(-) > > > - create mode 100644 auth/gensec/schannel.c > > > - delete mode 100644 source4/auth/gensec/schannel.c > > > - > > > -diff --git a/auth/gensec/schannel.c b/auth/gensec/schannel.c > > > -new file mode 100644 > > > -index 0000000..eb2e100 > > > ---- /dev/null > > > -+++ b/auth/gensec/schannel.c > > > -@@ -0,0 +1,330 @@ > > > -+/* > > > -+ Unix SMB/CIFS implementation. > > > -+ > > > -+ dcerpc schannel operations > > > -+ > > > -+ Copyright (C) Andrew Tridgell 2004 > > > -+ Copyright (C) Andrew Bartlett 2004-2005 > > > -+ > > > -+ This program is free software; you can redistribute it and/or mo= dify > > > -+ it under the terms of the GNU General Public License as publishe= d by > > > -+ the Free Software Foundation; either version 3 of the License, or > > > -+ (at your option) any later version. > > > -+ > > > -+ This program is distributed in the hope that it will be useful, > > > -+ but WITHOUT ANY WARRANTY; without even the implied warranty of > > > -+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the > > > -+ GNU General Public License for more details. > > > -+ > > > -+ You should have received a copy of the GNU General Public License > > > -+ along with this program. If not, see . > > > -+*/ > > > -+ > > > -+#include "includes.h" > > > -+#include "librpc/gen_ndr/ndr_schannel.h" > > > -+#include "auth/auth.h" > > > -+#include "auth/credentials/credentials.h" > > > -+#include "auth/gensec/gensec.h" > > > -+#include "auth/gensec/gensec_internal.h" > > > -+#include "auth/gensec/gensec_proto.h" > > > -+#include "../libcli/auth/schannel.h" > > > -+#include "librpc/gen_ndr/dcerpc.h" > > > -+#include "param/param.h" > > > -+#include "auth/gensec/gensec_toplevel_proto.h" > > > -+ > > > -+_PUBLIC_ NTSTATUS gensec_schannel_init(void); > > > -+ > > > -+static size_t schannel_sig_size(struct gensec_security *gensec_secu= rity, size_t data_size) > > > -+{ > > > -+ struct schannel_state *state =3D > > > -+ talloc_get_type_abort(gensec_security->private_data, > > > -+ struct schannel_state); > > > -+ > > > -+ return netsec_outgoing_sig_size(state); > > > -+} > > > -+ > > > -+static NTSTATUS schannel_update(struct gensec_security *gensec_secu= rity, TALLOC_CTX *out_mem_ctx, > > > -+ struct tevent_context *ev, > > > -+ const DATA_BLOB in, DATA_BLOB *out) > > > -+{ > > > -+ struct schannel_state *state =3D > > > -+ talloc_get_type(gensec_security->private_data, > > > -+ struct schannel_state); > > > -+ NTSTATUS status; > > > -+ enum ndr_err_code ndr_err; > > > -+ struct NL_AUTH_MESSAGE bind_schannel; > > > -+ struct NL_AUTH_MESSAGE bind_schannel_ack; > > > -+ struct netlogon_creds_CredentialState *creds; > > > -+ const char *workstation; > > > -+ const char *domain; > > > -+ > > > -+ *out =3D data_blob(NULL, 0); > > > -+ > > > -+ switch (gensec_security->gensec_role) { > > > -+ case GENSEC_CLIENT: > > > -+ if (state !=3D NULL) { > > > -+ /* we could parse the bind ack, but we don't know what it is yet= */ > > > -+ return NT_STATUS_OK; > > > -+ } > > > -+ > > > -+ creds =3D cli_credentials_get_netlogon_creds(gensec_security->cre= dentials); > > > -+ if (creds =3D=3D NULL) { > > > -+ return NT_STATUS_INVALID_PARAMETER_MIX; > > > -+ } > > > -+ > > > -+ state =3D netsec_create_state(gensec_security, > > > -+ creds, true /* initiator */); > > > -+ if (state =3D=3D NULL) { > > > -+ return NT_STATUS_NO_MEMORY; > > > -+ } > > > -+ gensec_security->private_data =3D state; > > > -+ > > > -+ bind_schannel.MessageType =3D NL_NEGOTIATE_REQUEST; > > > -+#if 0 > > > -+ /* to support this we'd need to have access to the full domain na= me */ > > > -+ /* 0x17, 23 */ > > > -+ bind_schannel.Flags =3D NL_FLAG_OEM_NETBIOS_DOMAIN_NAME | > > > -+ NL_FLAG_OEM_NETBIOS_COMPUTER_NAME | > > > -+ NL_FLAG_UTF8_DNS_DOMAIN_NAME | > > > -+ NL_FLAG_UTF8_NETBIOS_COMPUTER_NAME; > > > -+ bind_schannel.oem_netbios_domain.a =3D cli_credentials_get_domain= (gensec_security->credentials); > > > -+ bind_schannel.oem_netbios_computer.a =3D creds->computer_name; > > > -+ bind_schannel.utf8_dns_domain =3D cli_credentials_get_realm(gense= c_security->credentials); > > > -+ /* w2k3 refuses us if we use the full DNS workstation? > > > -+ why? perhaps because we don't fill in the dNSHostName > > > -+ attribute in the machine account? */ > > > -+ bind_schannel.utf8_netbios_computer =3D creds->computer_name; > > > -+#else > > > -+ bind_schannel.Flags =3D NL_FLAG_OEM_NETBIOS_DOMAIN_NAME | > > > -+ NL_FLAG_OEM_NETBIOS_COMPUTER_NAME; > > > -+ bind_schannel.oem_netbios_domain.a =3D cli_credentials_get_domain= (gensec_security->credentials); > > > -+ bind_schannel.oem_netbios_computer.a =3D creds->computer_name; > > > -+#endif > > > -+ > > > -+ ndr_err =3D ndr_push_struct_blob(out, out_mem_ctx, &bind_schannel, > > > -+ (ndr_push_flags_fn_t)ndr_push_NL_AUTH_MESSAGE); > > > -+ if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) { > > > -+ status =3D ndr_map_error2ntstatus(ndr_err); > > > -+ DEBUG(3, ("Could not create schannel bind: %s\n", > > > -+ nt_errstr(status))); > > > -+ return status; > > > -+ } > > > -+ > > > -+ return NT_STATUS_MORE_PROCESSING_REQUIRED; > > > -+ case GENSEC_SERVER: > > > -+ > > > -+ if (state !=3D NULL) { > > > -+ /* no third leg on this protocol */ > > > -+ return NT_STATUS_INVALID_PARAMETER; > > > -+ } > > > -+ > > > -+ /* parse the schannel startup blob */ > > > -+ ndr_err =3D ndr_pull_struct_blob(&in, out_mem_ctx, &bind_schannel, > > > -+ (ndr_pull_flags_fn_t)ndr_pull_NL_AUTH_MESSAGE); > > > -+ if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) { > > > -+ status =3D ndr_map_error2ntstatus(ndr_err); > > > -+ DEBUG(3, ("Could not parse incoming schannel bind: %s\n", > > > -+ nt_errstr(status))); > > > -+ return status; > > > -+ } > > > -+ > > > -+ if (bind_schannel.Flags & NL_FLAG_OEM_NETBIOS_DOMAIN_NAME) { > > > -+ domain =3D bind_schannel.oem_netbios_domain.a; > > > -+ if (strcasecmp_m(domain, lpcfg_workgroup(gensec_security->settin= gs->lp_ctx)) !=3D 0) { > > > -+ DEBUG(3, ("Request for schannel to incorrect domain: %s !=3D ou= r domain %s\n", > > > -+ domain, lpcfg_workgroup(gensec_security->settings->lp_ctx))); > > > -+ return NT_STATUS_LOGON_FAILURE; > > > -+ } > > > -+ } else if (bind_schannel.Flags & NL_FLAG_UTF8_DNS_DOMAIN_NAME) { > > > -+ domain =3D bind_schannel.utf8_dns_domain.u; > > > -+ if (strcasecmp_m(domain, lpcfg_dnsdomain(gensec_security->settin= gs->lp_ctx)) !=3D 0) { > > > -+ DEBUG(3, ("Request for schannel to incorrect domain: %s !=3D ou= r domain %s\n", > > > -+ domain, lpcfg_dnsdomain(gensec_security->settings->lp_ctx))); > > > -+ return NT_STATUS_LOGON_FAILURE; > > > -+ } > > > -+ } else { > > > -+ DEBUG(3, ("Request for schannel to without domain\n")); > > > -+ return NT_STATUS_LOGON_FAILURE; > > > -+ } > > > -+ > > > -+ if (bind_schannel.Flags & NL_FLAG_OEM_NETBIOS_COMPUTER_NAME) { > > > -+ workstation =3D bind_schannel.oem_netbios_computer.a; > > > -+ } else if (bind_schannel.Flags & NL_FLAG_UTF8_NETBIOS_COMPUTER_NA= ME) { > > > -+ workstation =3D bind_schannel.utf8_netbios_computer.u; > > > -+ } else { > > > -+ DEBUG(3, ("Request for schannel to without netbios workstation\n= ")); > > > -+ return NT_STATUS_LOGON_FAILURE; > > > -+ } > > > -+ > > > -+ status =3D schannel_get_creds_state(out_mem_ctx, > > > -+ gensec_security->settings->lp_ctx, > > > -+ workstation, &creds); > > > -+ if (!NT_STATUS_IS_OK(status)) { > > > -+ DEBUG(3, ("Could not find session key for attempted schannel con= nection from %s: %s\n", > > > -+ workstation, nt_errstr(status))); > > > -+ if (NT_STATUS_EQUAL(status, NT_STATUS_INVALID_HANDLE)) { > > > -+ return NT_STATUS_LOGON_FAILURE; > > > -+ } > > > -+ return status; > > > -+ } > > > -+ > > > -+ state =3D netsec_create_state(gensec_security, > > > -+ creds, false /* not initiator */); > > > -+ if (state =3D=3D NULL) { > > > -+ return NT_STATUS_NO_MEMORY; > > > -+ } > > > -+ gensec_security->private_data =3D state; > > > -+ > > > -+ bind_schannel_ack.MessageType =3D NL_NEGOTIATE_RESPONSE; > > > -+ bind_schannel_ack.Flags =3D 0; > > > -+ bind_schannel_ack.Buffer.dummy =3D 0x6c0000; /* actually I think > > > -+ * this does not have > > > -+ * any meaning here > > > -+ * - gd */ > > > -+ > > > -+ ndr_err =3D ndr_push_struct_blob(out, out_mem_ctx, &bind_schannel= _ack, > > > -+ (ndr_push_flags_fn_t)ndr_push_NL_AUTH_MESSAGE); > > > -+ if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) { > > > -+ status =3D ndr_map_error2ntstatus(ndr_err); > > > -+ DEBUG(3, ("Could not return schannel bind ack for client %s: %s\= n", > > > -+ workstation, nt_errstr(status))); > > > -+ return status; > > > -+ } > > > -+ > > > -+ return NT_STATUS_OK; > > > -+ } > > > -+ return NT_STATUS_INVALID_PARAMETER; > > > -+} > > > -+ > > > -+/** > > > -+ * Returns anonymous credentials for schannel, matching Win2k3. > > > -+ * > > > -+ */ > > > -+ > > > -+static NTSTATUS schannel_session_info(struct gensec_security *gense= c_security, > > > -+ TALLOC_CTX *mem_ctx, > > > -+ struct auth_session_info **_session_info) > > > -+{ > > > -+ return auth_anonymous_session_info(mem_ctx, gensec_security->setti= ngs->lp_ctx, _session_info); > > > -+} > > > -+ > > > -+static NTSTATUS schannel_server_start(struct gensec_security *gense= c_security) > > > -+{ > > > -+ return NT_STATUS_OK; > > > -+} > > > -+ > > > -+static NTSTATUS schannel_client_start(struct gensec_security *gense= c_security) > > > -+{ > > > -+ return NT_STATUS_OK; > > > -+} > > > -+ > > > -+static bool schannel_have_feature(struct gensec_security *gensec_se= curity, > > > -+ uint32_t feature) > > > -+{ > > > -+ if (feature & (GENSEC_FEATURE_SIGN | > > > -+ GENSEC_FEATURE_SEAL)) { > > > -+ return true; > > > -+ } > > > -+ if (feature & GENSEC_FEATURE_DCE_STYLE) { > > > -+ return true; > > > -+ } > > > -+ return false; > > > -+} > > > -+ > > > -+/* > > > -+ unseal a packet > > > -+*/ > > > -+static NTSTATUS schannel_unseal_packet(struct gensec_security *gens= ec_security, > > > -+ uint8_t *data, size_t length, > > > -+ const uint8_t *whole_pdu, size_t pdu_length, > > > -+ const DATA_BLOB *sig) > > > -+{ > > > -+ struct schannel_state *state =3D > > > -+ talloc_get_type_abort(gensec_security->private_data, > > > -+ struct schannel_state); > > > -+ > > > -+ return netsec_incoming_packet(state, true, > > > -+ discard_const_p(uint8_t, data), > > > -+ length, sig); > > > -+} > > > -+ > > > -+/* > > > -+ check the signature on a packet > > > -+*/ > > > -+static NTSTATUS schannel_check_packet(struct gensec_security *gense= c_security, > > > -+ const uint8_t *data, size_t length, > > > -+ const uint8_t *whole_pdu, size_t pdu_length, > > > -+ const DATA_BLOB *sig) > > > -+{ > > > -+ struct schannel_state *state =3D > > > -+ talloc_get_type_abort(gensec_security->private_data, > > > -+ struct schannel_state); > > > -+ > > > -+ return netsec_incoming_packet(state, false, > > > -+ discard_const_p(uint8_t, data), > > > -+ length, sig); > > > -+} > > > -+/* > > > -+ seal a packet > > > -+*/ > > > -+static NTSTATUS schannel_seal_packet(struct gensec_security *gensec= _security, > > > -+ TALLOC_CTX *mem_ctx, > > > -+ uint8_t *data, size_t length, > > > -+ const uint8_t *whole_pdu, size_t pdu_length, > > > -+ DATA_BLOB *sig) > > > -+{ > > > -+ struct schannel_state *state =3D > > > -+ talloc_get_type_abort(gensec_security->private_data, > > > -+ struct schannel_state); > > > -+ > > > -+ return netsec_outgoing_packet(state, mem_ctx, true, > > > -+ data, length, sig); > > > -+} > > > -+ > > > -+/* > > > -+ sign a packet > > > -+*/ > > > -+static NTSTATUS schannel_sign_packet(struct gensec_security *gensec= _security, > > > -+ TALLOC_CTX *mem_ctx, > > > -+ const uint8_t *data, size_t length, > > > -+ const uint8_t *whole_pdu, size_t pdu_length, > > > -+ DATA_BLOB *sig) > > > -+{ > > > -+ struct schannel_state *state =3D > > > -+ talloc_get_type_abort(gensec_security->private_data, > > > -+ struct schannel_state); > > > -+ > > > -+ return netsec_outgoing_packet(state, mem_ctx, false, > > > -+ discard_const_p(uint8_t, data), > > > -+ length, sig); > > > -+} > > > -+ > > > -+static const struct gensec_security_ops gensec_schannel_security_op= s =3D { > > > -+ .name =3D "schannel", > > > -+ .auth_type =3D DCERPC_AUTH_TYPE_SCHANNEL, > > > -+ .client_start =3D schannel_client_start, > > > -+ .server_start =3D schannel_server_start, > > > -+ .update =3D schannel_update, > > > -+ .seal_packet =3D schannel_seal_packet, > > > -+ .sign_packet =3D schannel_sign_packet, > > > -+ .check_packet =3D schannel_check_packet, > > > -+ .unseal_packet =3D schannel_unseal_packet, > > > -+ .session_info =3D schannel_session_info, > > > -+ .sig_size =3D schannel_sig_size, > > > -+ .have_feature =3D schannel_have_feature, > > > -+ .enabled =3D true, > > > -+ .priority =3D GENSEC_SCHANNEL > > > -+}; > > > -+ > > > -+_PUBLIC_ NTSTATUS gensec_schannel_init(void) > > > -+{ > > > -+ NTSTATUS ret; > > > -+ ret =3D gensec_register(&gensec_schannel_security_ops); > > > -+ if (!NT_STATUS_IS_OK(ret)) { > > > -+ DEBUG(0,("Failed to register '%s' gensec backend!\n", > > > -+ gensec_schannel_security_ops.name)); > > > -+ return ret; > > > -+ } > > > -+ > > > -+ return ret; > > > -+} > > > -diff --git a/auth/gensec/wscript_build b/auth/gensec/wscript_build > > > -index 71222f7..7329eec 100755 > > > ---- a/auth/gensec/wscript_build > > > -+++ b/auth/gensec/wscript_build > > > -@@ -17,6 +17,14 @@ bld.SAMBA_MODULE('gensec_spnego', > > > - deps=3D'asn1util samba-credentials SPNEGO_PARSE' > > > - ) > > > -=20 > > > -+bld.SAMBA_MODULE('gensec_schannel', > > > -+ source=3D'schannel.c', > > > -+ autoproto=3D'schannel_proto.h', > > > -+ subsystem=3D'gensec', > > > -+ init_function=3D'gensec_schannel_init', > > > -+ deps=3D'COMMON_SCHANNEL NDR_SCHANNEL samba-credentials auth_sessio= n' > > > -+ ) > > > -+ > > > - bld.SAMBA_MODULE('gensec_external', > > > - source=3D'external.c', > > > - autoproto=3D'external_proto.h', > > > -diff --git a/source4/auth/gensec/schannel.c b/source4/auth/gensec/sc= hannel.c > > > -deleted file mode 100644 > > > -index eb2e100..0000000 > > > ---- a/source4/auth/gensec/schannel.c > > > -+++ /dev/null > > > -@@ -1,330 +0,0 @@ > > > --/* > > > -- Unix SMB/CIFS implementation. > > > -- > > > -- dcerpc schannel operations > > > -- > > > -- Copyright (C) Andrew Tridgell 2004 > > > -- Copyright (C) Andrew Bartlett 2004-2005 > > > -- > > > -- This program is free software; you can redistribute it and/or mo= dify > > > -- it under the terms of the GNU General Public License as publishe= d by > > > -- the Free Software Foundation; either version 3 of the License, or > > > -- (at your option) any later version. > > > -- > > > -- This program is distributed in the hope that it will be useful, > > > -- but WITHOUT ANY WARRANTY; without even the implied warranty of > > > -- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the > > > -- GNU General Public License for more details. > > > -- > > > -- You should have received a copy of the GNU General Public License > > > -- along with this program. If not, see . > > > --*/ > > > -- > > > --#include "includes.h" > > > --#include "librpc/gen_ndr/ndr_schannel.h" > > > --#include "auth/auth.h" > > > --#include "auth/credentials/credentials.h" > > > --#include "auth/gensec/gensec.h" > > > --#include "auth/gensec/gensec_internal.h" > > > --#include "auth/gensec/gensec_proto.h" > > > --#include "../libcli/auth/schannel.h" > > > --#include "librpc/gen_ndr/dcerpc.h" > > > --#include "param/param.h" > > > --#include "auth/gensec/gensec_toplevel_proto.h" > > > -- > > > --_PUBLIC_ NTSTATUS gensec_schannel_init(void); > > > -- > > > --static size_t schannel_sig_size(struct gensec_security *gensec_secu= rity, size_t data_size) > > > --{ > > > -- struct schannel_state *state =3D > > > -- talloc_get_type_abort(gensec_security->private_data, > > > -- struct schannel_state); > > > -- > > > -- return netsec_outgoing_sig_size(state); > > > --} > > > -- > > > --static NTSTATUS schannel_update(struct gensec_security *gensec_secu= rity, TALLOC_CTX *out_mem_ctx, > > > -- struct tevent_context *ev, > > > -- const DATA_BLOB in, DATA_BLOB *out) > > > --{ > > > -- struct schannel_state *state =3D > > > -- talloc_get_type(gensec_security->private_data, > > > -- struct schannel_state); > > > -- NTSTATUS status; > > > -- enum ndr_err_code ndr_err; > > > -- struct NL_AUTH_MESSAGE bind_schannel; > > > -- struct NL_AUTH_MESSAGE bind_schannel_ack; > > > -- struct netlogon_creds_CredentialState *creds; > > > -- const char *workstation; > > > -- const char *domain; > > > -- > > > -- *out =3D data_blob(NULL, 0); > > > -- > > > -- switch (gensec_security->gensec_role) { > > > -- case GENSEC_CLIENT: > > > -- if (state !=3D NULL) { > > > -- /* we could parse the bind ack, but we don't know what it is yet= */ > > > -- return NT_STATUS_OK; > > > -- } > > > -- > > > -- creds =3D cli_credentials_get_netlogon_creds(gensec_security->cre= dentials); > > > -- if (creds =3D=3D NULL) { > > > -- return NT_STATUS_INVALID_PARAMETER_MIX; > > > -- } > > > -- > > > -- state =3D netsec_create_state(gensec_security, > > > -- creds, true /* initiator */); > > > -- if (state =3D=3D NULL) { > > > -- return NT_STATUS_NO_MEMORY; > > > -- } > > > -- gensec_security->private_data =3D state; > > > -- > > > -- bind_schannel.MessageType =3D NL_NEGOTIATE_REQUEST; > > > --#if 0 > > > -- /* to support this we'd need to have access to the full domain na= me */ > > > -- /* 0x17, 23 */ > > > -- bind_schannel.Flags =3D NL_FLAG_OEM_NETBIOS_DOMAIN_NAME | > > > -- NL_FLAG_OEM_NETBIOS_COMPUTER_NAME | > > > -- NL_FLAG_UTF8_DNS_DOMAIN_NAME | > > > -- NL_FLAG_UTF8_NETBIOS_COMPUTER_NAME; > > > -- bind_schannel.oem_netbios_domain.a =3D cli_credentials_get_domain= (gensec_security->credentials); > > > -- bind_schannel.oem_netbios_computer.a =3D creds->computer_name; > > > -- bind_schannel.utf8_dns_domain =3D cli_credentials_get_realm(gense= c_security->credentials); > > > -- /* w2k3 refuses us if we use the full DNS workstation? > > > -- why? perhaps because we don't fill in the dNSHostName > > > -- attribute in the machine account? */ > > > -- bind_schannel.utf8_netbios_computer =3D creds->computer_name; > > > --#else > > > -- bind_schannel.Flags =3D NL_FLAG_OEM_NETBIOS_DOMAIN_NAME | > > > -- NL_FLAG_OEM_NETBIOS_COMPUTER_NAME; > > > -- bind_schannel.oem_netbios_domain.a =3D cli_credentials_get_domain= (gensec_security->credentials); > > > -- bind_schannel.oem_netbios_computer.a =3D creds->computer_name; > > > --#endif > > > -- > > > -- ndr_err =3D ndr_push_struct_blob(out, out_mem_ctx, &bind_schannel, > > > -- (ndr_push_flags_fn_t)ndr_push_NL_AUTH_MESSAGE); > > > -- if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) { > > > -- status =3D ndr_map_error2ntstatus(ndr_err); > > > -- DEBUG(3, ("Could not create schannel bind: %s\n", > > > -- nt_errstr(status))); > > > -- return status; > > > -- } > > > -- > > > -- return NT_STATUS_MORE_PROCESSING_REQUIRED; > > > -- case GENSEC_SERVER: > > > -- > > > -- if (state !=3D NULL) { > > > -- /* no third leg on this protocol */ > > > -- return NT_STATUS_INVALID_PARAMETER; > > > -- } > > > -- > > > -- /* parse the schannel startup blob */ > > > -- ndr_err =3D ndr_pull_struct_blob(&in, out_mem_ctx, &bind_schannel, > > > -- (ndr_pull_flags_fn_t)ndr_pull_NL_AUTH_MESSAGE); > > > -- if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) { > > > -- status =3D ndr_map_error2ntstatus(ndr_err); > > > -- DEBUG(3, ("Could not parse incoming schannel bind: %s\n", > > > -- nt_errstr(status))); > > > -- return status; > > > -- } > > > -- > > > -- if (bind_schannel.Flags & NL_FLAG_OEM_NETBIOS_DOMAIN_NAME) { > > > -- domain =3D bind_schannel.oem_netbios_domain.a; > > > -- if (strcasecmp_m(domain, lpcfg_workgroup(gensec_security->settin= gs->lp_ctx)) !=3D 0) { > > > -- DEBUG(3, ("Request for schannel to incorrect domain: %s !=3D ou= r domain %s\n", > > > -- domain, lpcfg_workgroup(gensec_security->settings->lp_ctx))); > > > -- return NT_STATUS_LOGON_FAILURE; > > > -- } > > > -- } else if (bind_schannel.Flags & NL_FLAG_UTF8_DNS_DOMAIN_NAME) { > > > -- domain =3D bind_schannel.utf8_dns_domain.u; > > > -- if (strcasecmp_m(domain, lpcfg_dnsdomain(gensec_security->settin= gs->lp_ctx)) !=3D 0) { > > > -- DEBUG(3, ("Request for schannel to incorrect domain: %s !=3D ou= r domain %s\n", > > > -- domain, lpcfg_dnsdomain(gensec_security->settings->lp_ctx))); > > > -- return NT_STATUS_LOGON_FAILURE; > > > -- } > > > -- } else { > > > -- DEBUG(3, ("Request for schannel to without domain\n")); > > > -- return NT_STATUS_LOGON_FAILURE; > > > -- } > > > -- > > > -- if (bind_schannel.Flags & NL_FLAG_OEM_NETBIOS_COMPUTER_NAME) { > > > -- workstation =3D bind_schannel.oem_netbios_computer.a; > > > -- } else if (bind_schannel.Flags & NL_FLAG_UTF8_NETBIOS_COMPUTER_NA= ME) { > > > -- workstation =3D bind_schannel.utf8_netbios_computer.u; > > > -- } else { > > > -- DEBUG(3, ("Request for schannel to without netbios workstation\n= ")); > > > -- return NT_STATUS_LOGON_FAILURE; > > > -- } > > > -- > > > -- status =3D schannel_get_creds_state(out_mem_ctx, > > > -- gensec_security->settings->lp_ctx, > > > -- workstation, &creds); > > > -- if (!NT_STATUS_IS_OK(status)) { > > > -- DEBUG(3, ("Could not find session key for attempted schannel con= nection from %s: %s\n", > > > -- workstation, nt_errstr(status))); > > > -- if (NT_STATUS_EQUAL(status, NT_STATUS_INVALID_HANDLE)) { > > > -- return NT_STATUS_LOGON_FAILURE; > > > -- } > > > -- return status; > > > -- } > > > -- > > > -- state =3D netsec_create_state(gensec_security, > > > -- creds, false /* not initiator */); > > > -- if (state =3D=3D NULL) { > > > -- return NT_STATUS_NO_MEMORY; > > > -- } > > > -- gensec_security->private_data =3D state; > > > -- > > > -- bind_schannel_ack.MessageType =3D NL_NEGOTIATE_RESPONSE; > > > -- bind_schannel_ack.Flags =3D 0; > > > -- bind_schannel_ack.Buffer.dummy =3D 0x6c0000; /* actually I think > > > -- * this does not have > > > -- * any meaning here > > > -- * - gd */ > > > -- > > > -- ndr_err =3D ndr_push_struct_blob(out, out_mem_ctx, &bind_schannel= _ack, > > > -- (ndr_push_flags_fn_t)ndr_push_NL_AUTH_MESSAGE); > > > -- if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) { > > > -- status =3D ndr_map_error2ntstatus(ndr_err); > > > -- DEBUG(3, ("Could not return schannel bind ack for client %s: %s\= n", > > > -- workstation, nt_errstr(status))); > > > -- return status; > > > -- } > > > -- > > > -- return NT_STATUS_OK; > > > -- } > > > -- return NT_STATUS_INVALID_PARAMETER; > > > --} > > > -- > > > --/** > > > -- * Returns anonymous credentials for schannel, matching Win2k3. > > > -- * > > > -- */ > > > -- > > > --static NTSTATUS schannel_session_info(struct gensec_security *gense= c_security, > > > -- TALLOC_CTX *mem_ctx, > > > -- struct auth_session_info **_session_info) > > > --{ > > > -- return auth_anonymous_session_info(mem_ctx, gensec_security->setti= ngs->lp_ctx, _session_info); > > > --} > > > -- > > > --static NTSTATUS schannel_server_start(struct gensec_security *gense= c_security) > > > --{ > > > -- return NT_STATUS_OK; > > > --} > > > -- > > > --static NTSTATUS schannel_client_start(struct gensec_security *gense= c_security) > > > --{ > > > -- return NT_STATUS_OK; > > > --} > > > -- > > > --static bool schannel_have_feature(struct gensec_security *gensec_se= curity, > > > -- uint32_t feature) > > > --{ > > > -- if (feature & (GENSEC_FEATURE_SIGN | > > > -- GENSEC_FEATURE_SEAL)) { > > > -- return true; > > > -- } > > > -- if (feature & GENSEC_FEATURE_DCE_STYLE) { > > > -- return true; > > > -- } > > > -- return false; > > > --} > > > -- > > > --/* > > > -- unseal a packet > > > --*/ > > > --static NTSTATUS schannel_unseal_packet(struct gensec_security *gens= ec_security, > > > -- uint8_t *data, size_t length, > > > -- const uint8_t *whole_pdu, size_t pdu_length, > > > -- const DATA_BLOB *sig) > > > --{ > > > -- struct schannel_state *state =3D > > > -- talloc_get_type_abort(gensec_security->private_data, > > > -- struct schannel_state); > > > -- > > > -- return netsec_incoming_packet(state, true, > > > -- discard_const_p(uint8_t, data), > > > -- length, sig); > > > --} > > > -- > > > --/* > > > -- check the signature on a packet > > > --*/ > > > --static NTSTATUS schannel_check_packet(struct gensec_security *gense= c_security, > > > -- const uint8_t *data, size_t length, > > > -- const uint8_t *whole_pdu, size_t pdu_length, > > > -- const DATA_BLOB *sig) > > > --{ > > > -- struct schannel_state *state =3D > > > -- talloc_get_type_abort(gensec_security->private_data, > > > -- struct schannel_state); > > > -- > > > -- return netsec_incoming_packet(state, false, > > > -- discard_const_p(uint8_t, data), > > > -- length, sig); > > > --} > > > --/* > > > -- seal a packet > > > --*/ > > > --static NTSTATUS schannel_seal_packet(struct gensec_security *gensec= _security, > > > -- TALLOC_CTX *mem_ctx, > > > -- uint8_t *data, size_t length, > > > -- const uint8_t *whole_pdu, size_t pdu_length, > > > -- DATA_BLOB *sig) > > > --{ > > > -- struct schannel_state *state =3D > > > -- talloc_get_type_abort(gensec_security->private_data, > > > -- struct schannel_state); > > > -- > > > -- return netsec_outgoing_packet(state, mem_ctx, true, > > > -- data, length, sig); > > > --} > > > -- > > > --/* > > > -- sign a packet > > > --*/ > > > --static NTSTATUS schannel_sign_packet(struct gensec_security *gensec= _security, > > > -- TALLOC_CTX *mem_ctx, > > > -- const uint8_t *data, size_t length, > > > -- const uint8_t *whole_pdu, size_t pdu_length, > > > -- DATA_BLOB *sig) > > > --{ > > > -- struct schannel_state *state =3D > > > -- talloc_get_type_abort(gensec_security->private_data, > > > -- struct schannel_state); > > > -- > > > -- return netsec_outgoing_packet(state, mem_ctx, false, > > > -- discard_const_p(uint8_t, data), > > > -- length, sig); > > > --} > > > -- > > > --static const struct gensec_security_ops gensec_schannel_security_op= s =3D { > > > -- .name =3D "schannel", > > > -- .auth_type =3D DCERPC_AUTH_TYPE_SCHANNEL, > > > -- .client_start =3D schannel_client_start, > > > -- .server_start =3D schannel_server_start, > > > -- .update =3D schannel_update, > > > -- .seal_packet =3D schannel_seal_packet, > > > -- .sign_packet =3D schannel_sign_packet, > > > -- .check_packet =3D schannel_check_packet, > > > -- .unseal_packet =3D schannel_unseal_packet, > > > -- .session_info =3D schannel_session_info, > > > -- .sig_size =3D schannel_sig_size, > > > -- .have_feature =3D schannel_have_feature, > > > -- .enabled =3D true, > > > -- .priority =3D GENSEC_SCHANNEL > > > --}; > > > -- > > > --_PUBLIC_ NTSTATUS gensec_schannel_init(void) > > > --{ > > > -- NTSTATUS ret; > > > -- ret =3D gensec_register(&gensec_schannel_security_ops); > > > -- if (!NT_STATUS_IS_OK(ret)) { > > > -- DEBUG(0,("Failed to register '%s' gensec backend!\n", > > > -- gensec_schannel_security_ops.name)); > > > -- return ret; > > > -- } > > > -- > > > -- return ret; > > > --} > > > -diff --git a/source4/auth/gensec/wscript_build b/source4/auth/gensec= /wscript_build > > > -index 04fccc5..a3eff97 100755 > > > ---- a/source4/auth/gensec/wscript_build > > > -+++ b/source4/auth/gensec/wscript_build > > > -@@ -32,16 +32,6 @@ bld.SAMBA_MODULE('cyrus_sasl', > > > - ) > > > -=20 > > > -=20 > > > --bld.SAMBA_MODULE('gensec_schannel', > > > -- source=3D'schannel.c', > > > -- subsystem=3D'gensec', > > > -- deps=3D'COMMON_SCHANNEL NDR_SCHANNEL samba-credentials ndr auth_se= ssion', > > > -- internal_module=3DTrue, > > > -- autoproto=3D'schannel_proto.h', > > > -- init_function=3D'gensec_schannel_init' > > > -- ) > > > -- > > > -- > > > - bld.SAMBA_PYTHON('pygensec', > > > - source=3D'pygensec.c', > > > - deps=3D'gensec pytalloc-util pyparam_util', > > > ---=20 > > > -1.9.3 > > > - > > > - > > > -From c4829848f45db27d6c145b35a20bea2f33bcb4d7 Mon Sep 17 00:00:00 20= 01 > > > -From: =3D?UTF-8?q?G=3DC3=3DBCnther=3D20Deschner?=3D > > > -Date: Wed, 18 Sep 2013 17:24:49 +0200 > > > -Subject: [PATCH 094/249] gensec: remove duplicate > > > - gensec_security_by_authtype() call. > > > -MIME-Version: 1.0 > > > -Content-Type: text/plain; charset=3DUTF-8 > > > -Content-Transfer-Encoding: 8bit > > > - > > > -We should use the equivalent gensec_security_by_auth_type() call whi= ch is > > > -exposed in the public header. > > > - > > > -Guenther > > > - > > > -Signed-off-by: G=C3=BCnther Deschner > > > -Pair-Programmed-With: Andreas Schneider > > > -Reviewed-by: Stefan Metzmacher > > > -(cherry picked from commit d433ad077f354de4fc1d5a155d991f417ae9967c) > > > ---- > > > - auth/gensec/gensec_start.c | 29 ++--------------------------- > > > - 1 file changed, 2 insertions(+), 27 deletions(-) > > > - > > > -diff --git a/auth/gensec/gensec_start.c b/auth/gensec/gensec_start.c > > > -index 3ae64d5..906ef67 100644 > > > ---- a/auth/gensec/gensec_start.c > > > -+++ b/auth/gensec/gensec_start.c > > > -@@ -157,31 +157,6 @@ _PUBLIC_ const struct gensec_security_ops **gen= sec_security_mechs( > > > -=20 > > > - } > > > -=20 > > > --static const struct gensec_security_ops *gensec_security_by_authtyp= e(struct gensec_security *gensec_security, > > > -- uint8_t auth_type) > > > --{ > > > -- int i; > > > -- const struct gensec_security_ops **backends; > > > -- const struct gensec_security_ops *backend; > > > -- TALLOC_CTX *mem_ctx =3D talloc_new(gensec_security); > > > -- if (!mem_ctx) { > > > -- return NULL; > > > -- } > > > -- backends =3D gensec_security_mechs(gensec_security, mem_ctx); > > > -- for (i=3D0; backends && backends[i]; i++) { > > > -- if (!gensec_security_ops_enabled(backends[i], gensec_security)) > > > -- continue; > > > -- if (backends[i]->auth_type =3D=3D auth_type) { > > > -- backend =3D backends[i]; > > > -- talloc_free(mem_ctx); > > > -- return backend; > > > -- } > > > -- } > > > -- talloc_free(mem_ctx); > > > -- > > > -- return NULL; > > > --} > > > -- > > > - _PUBLIC_ const struct gensec_security_ops *gensec_security_by_oid( > > > - struct gensec_security *gensec_security, > > > - const char *oid_string) > > > -@@ -719,7 +694,7 @@ NTSTATUS gensec_start_mech_by_ops(struct gensec_= security *gensec_security, > > > - _PUBLIC_ NTSTATUS gensec_start_mech_by_authtype(struct gensec_secur= ity *gensec_security, > > > - uint8_t auth_type, uint8_t auth_level) > > > - { > > > -- gensec_security->ops =3D gensec_security_by_authtype(gensec_securi= ty, auth_type); > > > -+ gensec_security->ops =3D gensec_security_by_auth_type(gensec_secur= ity, auth_type); > > > - if (!gensec_security->ops) { > > > - DEBUG(3, ("Could not find GENSEC backend for auth_type=3D%d\n", (= int)auth_type)); > > > - return NT_STATUS_INVALID_PARAMETER; > > > -@@ -746,7 +721,7 @@ _PUBLIC_ NTSTATUS gensec_start_mech_by_authtype(= struct gensec_security *gensec_s > > > - _PUBLIC_ const char *gensec_get_name_by_authtype(struct gensec_secu= rity *gensec_security, uint8_t authtype) > > > - { > > > - const struct gensec_security_ops *ops; > > > -- ops =3D gensec_security_by_authtype(gensec_security, authtype); > > > -+ ops =3D gensec_security_by_auth_type(gensec_security, authtype); > > > - if (ops) { > > > - return ops->name; > > > - } > > > ---=20 > > > -1.9.3 > > > - > > > - > > > -From 8c54d2ee4861a35def7cce29b900a68112356f6b Mon Sep 17 00:00:00 20= 01 > > > -From: =3D?UTF-8?q?G=3DC3=3DBCnther=3D20Deschner?=3D > > > -Date: Wed, 18 Sep 2013 17:25:55 +0200 > > > -Subject: [PATCH 095/249] gensec: check for NULL gensec_security in > > > - gensec_security_by_auth_type(). > > > -MIME-Version: 1.0 > > > -Content-Type: text/plain; charset=3DUTF-8 > > > -Content-Transfer-Encoding: 8bit > > > - > > > -We have equivalent checks in other gensec_security_by_X calls alread= y. > > > - > > > -Guenther > > > - > > > -Signed-off-by: G=C3=BCnther Deschner > > > -Pair-Programmed-With: Andreas Schneider > > > -Reviewed-by: Stefan Metzmacher > > > -(cherry picked from commit 4f979525e4137c536118a9c2b2b4ef798c270e27) > > > ---- > > > - auth/gensec/gensec_start.c | 6 ++++-- > > > - 1 file changed, 4 insertions(+), 2 deletions(-) > > > - > > > -diff --git a/auth/gensec/gensec_start.c b/auth/gensec/gensec_start.c > > > -index 906ef67..476134a 100644 > > > ---- a/auth/gensec/gensec_start.c > > > -+++ b/auth/gensec/gensec_start.c > > > -@@ -230,8 +230,10 @@ _PUBLIC_ const struct gensec_security_ops *gens= ec_security_by_auth_type( > > > - } > > > - backends =3D gensec_security_mechs(gensec_security, mem_ctx); > > > - for (i=3D0; backends && backends[i]; i++) { > > > -- if (!gensec_security_ops_enabled(backends[i], gensec_security)) > > > -- continue; > > > -+ if (gensec_security !=3D NULL && > > > -+ !gensec_security_ops_enabled(backends[i], gensec_security)) { > > > -+ continue; > > > -+ } > > > - if (backends[i]->auth_type =3D=3D auth_type) { > > > - backend =3D backends[i]; > > > - talloc_free(mem_ctx); > > > ---=20 > > > -1.9.3 > > > - > > > - > > > -From 5b941811c7ebd51bf2c8d421517fd92b3065ba47 Mon Sep 17 00:00:00 20= 01 > > > -From: =3D?UTF-8?q?G=3DC3=3DBCnther=3D20Deschner?=3D > > > -Date: Wed, 18 Sep 2013 17:27:28 +0200 > > > -Subject: [PATCH 096/249] s3-auth: also load schannel module from > > > - auth_generic_client_prepare(). > > > -MIME-Version: 1.0 > > > -Content-Type: text/plain; charset=3DUTF-8 > > > -Content-Transfer-Encoding: 8bit > > > - > > > -Guenther > > > - > > > -Signed-off-by: G=C3=BCnther Deschner > > > -Pair-Programmed-With: Andreas Schneider > > > -Reviewed-by: Stefan Metzmacher > > > -(cherry picked from commit 8fce75aa58ec70547ad218bde154e141f2d17303) > > > ---- > > > - source3/libsmb/auth_generic.c | 3 ++- > > > - 1 file changed, 2 insertions(+), 1 deletion(-) > > > - > > > -diff --git a/source3/libsmb/auth_generic.c b/source3/libsmb/auth_gen= eric.c > > > -index e30c1b7..3130dec 100644 > > > ---- a/source3/libsmb/auth_generic.c > > > -+++ b/source3/libsmb/auth_generic.c > > > -@@ -78,7 +78,7 @@ NTSTATUS auth_generic_client_prepare(TALLOC_CTX *m= em_ctx, struct auth_generic_st > > > - } > > > -=20 > > > - backends =3D talloc_zero_array(gensec_settings, > > > -- const struct gensec_security_ops *, 4); > > > -+ const struct gensec_security_ops *, 5); > > > - if (backends =3D=3D NULL) { > > > - TALLOC_FREE(ans); > > > - return NT_STATUS_NO_MEMORY; > > > -@@ -95,6 +95,7 @@ NTSTATUS auth_generic_client_prepare(TALLOC_CTX *m= em_ctx, struct auth_generic_st > > > - backends[idx++] =3D &gensec_ntlmssp3_client_ops; > > > -=20 > > > - backends[idx++] =3D gensec_security_by_oid(NULL, GENSEC_OID_SPNEGO= ); > > > -+ backends[idx++] =3D gensec_security_by_auth_type(NULL, DCERPC_AUTH= _TYPE_SCHANNEL); > > > -=20 > > > - nt_status =3D gensec_client_start(ans, &ans->gensec_security, gens= ec_settings); > > > -=20 > > > ---=20 > > > -1.9.3 > > > - > > > - > > > -From 28b5f156bcc03b88f8c0f3e52cd051a0b069334e Mon Sep 17 00:00:00 20= 01 > > > -From: =3D?UTF-8?q?G=3DC3=3DBCnther=3D20Deschner?=3D > > > -Date: Wed, 18 Sep 2013 17:44:10 +0200 > > > -Subject: [PATCH 097/249] s3-rpc_cli: allow to pass down a netlogon > > > - CredentialState struct to gensec. > > > -MIME-Version: 1.0 > > > -Content-Type: text/plain; charset=3DUTF-8 > > > -Content-Transfer-Encoding: 8bit > > > - > > > -Guenther > > > - > > > -Signed-off-by: G=C3=BCnther Deschner > > > -Pair-Programmed-With: Andreas Schneider > > > -Reviewed-by: Stefan Metzmacher > > > -(cherry picked from commit 7b570b4128f9af212048ce56abd841a1f6fdc259) > > > ---- > > > - source3/rpc_client/cli_pipe.c | 5 ++++- > > > - 1 file changed, 4 insertions(+), 1 deletion(-) > > > - > > > -diff --git a/source3/rpc_client/cli_pipe.c b/source3/rpc_client/cli_= pipe.c > > > -index 470469f..2acbad6 100644 > > > ---- a/source3/rpc_client/cli_pipe.c > > > -+++ b/source3/rpc_client/cli_pipe.c > > > -@@ -2178,6 +2178,7 @@ static NTSTATUS rpccli_generic_bind_data(TALLO= C_CTX *mem_ctx, > > > - const char *username, > > > - const char *password, > > > - enum credentials_use_kerberos use_kerberos, > > > -+ struct netlogon_creds_CredentialState *creds, > > > - struct pipe_auth_data **presult) > > > - { > > > - struct auth_generic_state *auth_generic_ctx; > > > -@@ -2231,6 +2232,7 @@ static NTSTATUS rpccli_generic_bind_data(TALLO= C_CTX *mem_ctx, > > > - } > > > -=20 > > > - cli_credentials_set_kerberos_state(auth_generic_ctx->credentials, = use_kerberos); > > > -+ cli_credentials_set_netlogon_creds(auth_generic_ctx->credentials, = creds); > > > -=20 > > > - status =3D auth_generic_client_start_by_authtype(auth_generic_ctx,= auth_type, auth_level); > > > - if (!NT_STATUS_IS_OK(status)) { > > > -@@ -2830,6 +2832,7 @@ NTSTATUS cli_rpc_pipe_open_generic_auth(struct= cli_state *cli, > > > - server, target_service, > > > - domain, username, password,=20 > > > - CRED_AUTO_USE_KERBEROS, > > > -+ NULL, > > > - &auth); > > > - if (!NT_STATUS_IS_OK(status)) { > > > - DEBUG(0, ("rpccli_generic_bind_data returned %s\n", > > > -@@ -3057,7 +3060,7 @@ NTSTATUS cli_rpc_pipe_open_spnego(struct cli_s= tate *cli, > > > - DCERPC_AUTH_TYPE_SPNEGO, auth_level, > > > - server, target_service, > > > - domain, username, password,=20 > > > -- use_kerberos, > > > -+ use_kerberos, NULL, > > > - &auth); > > > - if (!NT_STATUS_IS_OK(status)) { > > > - DEBUG(0, ("rpccli_generic_bind_data returned %s\n", > > > ---=20 > > > -1.9.3 > > > - > > > - > > > -From 4775b3fd2905e54b2c824d901fd8a99fb8caae04 Mon Sep 17 00:00:00 20= 01 > > > -From: =3D?UTF-8?q?G=3DC3=3DBCnther=3D20Deschner?=3D > > > -Date: Wed, 18 Sep 2013 18:23:40 +0200 > > > -Subject: [PATCH 098/249] s3-auth: register schannel gensec module in > > > - auth_generic_prepare() as well. > > > -MIME-Version: 1.0 > > > -Content-Type: text/plain; charset=3DUTF-8 > > > -Content-Transfer-Encoding: 8bit > > > - > > > -Guenther > > > - > > > -Signed-off-by: G=C3=BCnther Deschner > > > -Pair-Programmed-With: Andreas Schneider > > > -Reviewed-by: Stefan Metzmacher > > > -(cherry picked from commit 090671aca5234f47f390054de771198e3c177060) > > > ---- > > > - source3/auth/auth_generic.c | 5 ++++- > > > - 1 file changed, 4 insertions(+), 1 deletion(-) > > > - > > > -diff --git a/source3/auth/auth_generic.c b/source3/auth/auth_generic= =2Ec > > > -index e15c87e..e07d3b7 100644 > > > ---- a/source3/auth/auth_generic.c > > > -+++ b/source3/auth/auth_generic.c > > > -@@ -32,6 +32,7 @@ > > > - #include "librpc/crypto/gse.h" > > > - #include "auth/credentials/credentials.h" > > > - #include "lib/param/loadparm.h" > > > -+#include "librpc/gen_ndr/dcerpc.h" > > > -=20 > > > - static NTSTATUS auth3_generate_session_info_pac(struct auth4_contex= t *auth_ctx, > > > - TALLOC_CTX *mem_ctx, > > > -@@ -261,7 +262,7 @@ NTSTATUS auth_generic_prepare(TALLOC_CTX *mem_ct= x, > > > - } > > > -=20 > > > - backends =3D talloc_zero_array(gensec_settings, > > > -- const struct gensec_security_ops *, 4); > > > -+ const struct gensec_security_ops *, 5); > > > - if (backends =3D=3D NULL) { > > > - TALLOC_FREE(tmp_ctx); > > > - return NT_STATUS_NO_MEMORY; > > > -@@ -279,6 +280,8 @@ NTSTATUS auth_generic_prepare(TALLOC_CTX *mem_ct= x, > > > -=20 > > > - backends[idx++] =3D gensec_security_by_oid(NULL, GENSEC_OID_SPNEG= O); > > > -=20 > > > -+ backends[idx++] =3D gensec_security_by_auth_type(NULL, DCERPC_AUT= H_TYPE_SCHANNEL); > > > -+ > > > - /* > > > - * This is anonymous for now, because we just use it > > > - * to set the kerberos state at the moment > > > ---=20 > > > -1.9.3 > > > - > > > - > > > -From 080c2ac3cbd28318bc6c682dff0aea17fad07a2c Mon Sep 17 00:00:00 20= 01 > > > -From: =3D?UTF-8?q?G=3DC3=3DBCnther=3D20Deschner?=3D > > > -Date: Wed, 18 Sep 2013 18:33:14 +0200 > > > -Subject: [PATCH 099/249] s3-rpc_cli: use gensec for schannel bind. > > > -MIME-Version: 1.0 > > > -Content-Type: text/plain; charset=3DUTF-8 > > > -Content-Transfer-Encoding: 8bit > > > - > > > -Guenther > > > - > > > -Signed-off-by: G=C3=BCnther Deschner > > > -Pair-Programmed-With: Andreas Schneider > > > -Reviewed-by: Stefan Metzmacher > > > -(cherry picked from commit 89d0b89b5d58ceef13bc10036d396b10f8a102ae) > > > ---- > > > - source3/rpc_client/cli_pipe.c | 22 +++++++++++++--------- > > > - 1 file changed, 13 insertions(+), 9 deletions(-) > > > - > > > -diff --git a/source3/rpc_client/cli_pipe.c b/source3/rpc_client/cli_= pipe.c > > > -index 2acbad6..8a642e2 100644 > > > ---- a/source3/rpc_client/cli_pipe.c > > > -+++ b/source3/rpc_client/cli_pipe.c > > > -@@ -1120,12 +1120,6 @@ static NTSTATUS create_rpc_bind_req(TALLOC_CT= X *mem_ctx, > > > -=20 > > > - switch (auth->auth_type) { > > > - case DCERPC_AUTH_TYPE_SCHANNEL: > > > -- ret =3D create_schannel_auth_rpc_bind_req(cli, &auth_token); > > > -- if (!NT_STATUS_IS_OK(ret)) { > > > -- return ret; > > > -- } > > > -- break; > > > -- > > > - case DCERPC_AUTH_TYPE_NTLMSSP: > > > - case DCERPC_AUTH_TYPE_KRB5: > > > - case DCERPC_AUTH_TYPE_SPNEGO: > > > -@@ -2884,16 +2878,26 @@ NTSTATUS cli_rpc_pipe_open_schannel_with_key= (struct cli_state *cli, > > > - struct netr_Authenticator auth; > > > - struct netr_Authenticator return_auth; > > > - union netr_Capabilities capabilities; > > > -+ const char *target_service =3D table->authservices->names[0]; > > > -=20 > > > - status =3D cli_rpc_pipe_open(cli, transport, table, &rpccli); > > > - if (!NT_STATUS_IS_OK(status)) { > > > - return status; > > > - } > > > -=20 > > > -- status =3D rpccli_schannel_bind_data(rpccli, domain, auth_level, > > > -- *pdc, &rpcauth); > > > -+ status =3D rpccli_generic_bind_data(rpccli, > > > -+ DCERPC_AUTH_TYPE_SCHANNEL, > > > -+ auth_level, > > > -+ NULL, > > > -+ target_service, > > > -+ domain, > > > -+ (*pdc)->computer_name, > > > -+ NULL, > > > -+ CRED_AUTO_USE_KERBEROS, > > > -+ *pdc, > > > -+ &rpcauth); > > > - if (!NT_STATUS_IS_OK(status)) { > > > -- DEBUG(0, ("rpccli_schannel_bind_data returned %s\n", > > > -+ DEBUG(0, ("rpccli_generic_bind_data returned %s\n", > > > - nt_errstr(status))); > > > - TALLOC_FREE(rpccli); > > > - return status; > > > ---=20 > > > -1.9.3 > > > - > > > - > > > -From 40ffd89f975e06821379fbd240187f5e268da5fe Mon Sep 17 00:00:00 20= 01 > > > -From: =3D?UTF-8?q?G=3DC3=3DBCnther=3D20Deschner?=3D > > > -Date: Wed, 18 Sep 2013 18:34:58 +0200 > > > -Subject: [PATCH 100/249] s3-rpc_srv: use gensec for schannel bind. > > > -MIME-Version: 1.0 > > > -Content-Type: text/plain; charset=3DUTF-8 > > > -Content-Transfer-Encoding: 8bit > > > - > > > -Guenther > > > - > > > -Signed-off-by: G=C3=BCnther Deschner > > > -Pair-Programmed-With: Andreas Schneider > > > -Reviewed-by: Stefan Metzmacher > > > -(cherry picked from commit a32a83ba9d6c7b5bbe9077973e5402ba65c068e7) > > > ---- > > > - source3/rpc_server/srv_pipe.c | 9 +++++++-- > > > - 1 file changed, 7 insertions(+), 2 deletions(-) > > > - > > > -diff --git a/source3/rpc_server/srv_pipe.c b/source3/rpc_server/srv_= pipe.c > > > -index 9043a14..fd7a90a 100644 > > > ---- a/source3/rpc_server/srv_pipe.c > > > -+++ b/source3/rpc_server/srv_pipe.c > > > -@@ -808,10 +808,15 @@ static bool api_pipe_bind_req(struct pipes_str= uct *p, > > > - break; > > > -=20 > > > - case DCERPC_AUTH_TYPE_SCHANNEL: > > > -- if (!pipe_schannel_auth_bind(p, pkt, > > > -- &auth_info, &auth_resp)) { > > > -+ if (!pipe_auth_generic_bind(p, pkt, > > > -+ &auth_info, &auth_resp)) { > > > -+ goto err_exit; > > > -+ } > > > -+ if (!session_info_set_session_key(p->session_info, generic_sessi= on_key())) { > > > -+ DEBUG(0, ("session_info_set_session_key failed\n")); > > > - goto err_exit; > > > - } > > > -+ p->pipe_bound =3D true; > > > - break; > > > -=20 > > > - case DCERPC_AUTH_TYPE_SPNEGO: > > > ---=20 > > > -1.9.3 > > > - > > > - > > > -From 285de020b6e284ad5074492d62740ba8a370826a Mon Sep 17 00:00:00 20= 01 > > > -From: =3D?UTF-8?q?G=3DC3=3DBCnther=3D20Deschner?=3D > > > -Date: Wed, 18 Sep 2013 18:36:19 +0200 > > > -Subject: [PATCH 101/249] s3-rpc: use gensec for schannel footer proc= essing. > > > -MIME-Version: 1.0 > > > -Content-Type: text/plain; charset=3DUTF-8 > > > -Content-Transfer-Encoding: 8bit > > > - > > > -Guenther > > > - > > > -Signed-off-by: G=C3=BCnther Deschner > > > -Pair-Programmed-With: Andreas Schneider > > > -Reviewed-by: Stefan Metzmacher > > > -(cherry picked from commit 5a628490e46f428432cd9b32c2b4b3a34a3736ae) > > > ---- > > > - source3/librpc/rpc/dcerpc_helpers.c | 35 +++-----------------------= --------- > > > - 1 file changed, 3 insertions(+), 32 deletions(-) > > > - > > > -diff --git a/source3/librpc/rpc/dcerpc_helpers.c b/source3/librpc/rp= c/dcerpc_helpers.c > > > -index 97999d7..b9e05cb 100644 > > > ---- a/source3/librpc/rpc/dcerpc_helpers.c > > > -+++ b/source3/librpc/rpc/dcerpc_helpers.c > > > -@@ -273,7 +273,6 @@ NTSTATUS dcerpc_guess_sizes(struct pipe_auth_dat= a *auth, > > > - size_t max_len; > > > - size_t mod_len; > > > - struct gensec_security *gensec_security; > > > -- struct schannel_state *schannel_auth; > > > -=20 > > > - /* no auth token cases first */ > > > - switch (auth->auth_level) { > > > -@@ -307,16 +306,11 @@ NTSTATUS dcerpc_guess_sizes(struct pipe_auth_d= ata *auth, > > > - case DCERPC_AUTH_TYPE_SPNEGO: > > > - case DCERPC_AUTH_TYPE_NTLMSSP: > > > - case DCERPC_AUTH_TYPE_KRB5: > > > -+ case DCERPC_AUTH_TYPE_SCHANNEL: > > > - gensec_security =3D talloc_get_type_abort(auth->auth_ctx, > > > - struct gensec_security); > > > - *auth_len =3D gensec_sig_size(gensec_security, max_len); > > > - break; > > > -- > > > -- case DCERPC_AUTH_TYPE_SCHANNEL: > > > -- schannel_auth =3D talloc_get_type_abort(auth->auth_ctx, > > > -- struct schannel_state); > > > -- *auth_len =3D netsec_outgoing_sig_size(schannel_auth); > > > -- break; > > > - default: > > > - return NT_STATUS_INVALID_PARAMETER; > > > - } > > > -@@ -548,7 +542,6 @@ static NTSTATUS get_schannel_auth_footer(TALLOC_= CTX *mem_ctx, > > > - NTSTATUS dcerpc_add_auth_footer(struct pipe_auth_data *auth, > > > - size_t pad_len, DATA_BLOB *rpc_out) > > > - { > > > -- struct schannel_state *schannel_auth; > > > - struct gensec_security *gensec_security; > > > - char pad[CLIENT_NDR_PADDING_SIZE] =3D { 0, }; > > > - DATA_BLOB auth_info; > > > -@@ -600,19 +593,13 @@ NTSTATUS dcerpc_add_auth_footer(struct pipe_au= th_data *auth, > > > - case DCERPC_AUTH_TYPE_SPNEGO: > > > - case DCERPC_AUTH_TYPE_KRB5: > > > - case DCERPC_AUTH_TYPE_NTLMSSP: > > > -+ case DCERPC_AUTH_TYPE_SCHANNEL: > > > - gensec_security =3D talloc_get_type_abort(auth->auth_ctx, > > > - struct gensec_security); > > > - status =3D add_generic_auth_footer(gensec_security, > > > - auth->auth_level, > > > - rpc_out); > > > - break; > > > -- case DCERPC_AUTH_TYPE_SCHANNEL: > > > -- schannel_auth =3D talloc_get_type_abort(auth->auth_ctx, > > > -- struct schannel_state); > > > -- status =3D add_schannel_auth_footer(schannel_auth, > > > -- auth->auth_level, > > > -- rpc_out); > > > -- break; > > > - default: > > > - status =3D NT_STATUS_INVALID_PARAMETER; > > > - break; > > > -@@ -640,7 +627,6 @@ NTSTATUS dcerpc_check_auth(struct pipe_auth_data= *auth, > > > - DATA_BLOB *raw_pkt, > > > - size_t *pad_len) > > > - { > > > -- struct schannel_state *schannel_auth; > > > - struct gensec_security *gensec_security; > > > - NTSTATUS status; > > > - struct dcerpc_auth auth_info; > > > -@@ -710,6 +696,7 @@ NTSTATUS dcerpc_check_auth(struct pipe_auth_data= *auth, > > > - case DCERPC_AUTH_TYPE_SPNEGO: > > > - case DCERPC_AUTH_TYPE_KRB5: > > > - case DCERPC_AUTH_TYPE_NTLMSSP: > > > -+ case DCERPC_AUTH_TYPE_SCHANNEL: > > > -=20 > > > - DEBUG(10, ("GENSEC auth\n")); > > > -=20 > > > -@@ -723,22 +710,6 @@ NTSTATUS dcerpc_check_auth(struct pipe_auth_dat= a *auth, > > > - return status; > > > - } > > > - break; > > > -- > > > -- case DCERPC_AUTH_TYPE_SCHANNEL: > > > -- > > > -- DEBUG(10, ("SCHANNEL auth\n")); > > > -- > > > -- schannel_auth =3D talloc_get_type_abort(auth->auth_ctx, > > > -- struct schannel_state); > > > -- status =3D get_schannel_auth_footer(pkt, schannel_auth, > > > -- auth->auth_level, > > > -- &data, &full_pkt, > > > -- &auth_info.credentials); > > > -- if (!NT_STATUS_IS_OK(status)) { > > > -- return status; > > > -- } > > > -- break; > > > -- > > > - default: > > > - DEBUG(0, ("process_request_pdu: " > > > - "unknown auth type %u set.\n", > > > ---=20 > > > -1.9.3 > > > - > > > - > > > -From cfa396d153cedb9b10356540a479ff299c480cae Mon Sep 17 00:00:00 20= 01 > > > -From: =3D?UTF-8?q?G=3DC3=3DBCnther=3D20Deschner?=3D > > > -Date: Thu, 19 Sep 2013 11:03:31 +0200 > > > -Subject: [PATCH 102/249] s3-rpc_cli: remove unused schannel calls fr= om > > > - dcerpc_helpers.c > > > -MIME-Version: 1.0 > > > -Content-Type: text/plain; charset=3DUTF-8 > > > -Content-Transfer-Encoding: 8bit > > > - > > > -Guenther > > > - > > > -Signed-off-by: G=C3=BCnther Deschner > > > -Reviewed-by: Stefan Metzmacher > > > -(cherry picked from commit 639f60b1513a8c877d307ed86b7748250821fb3f) > > > ---- > > > - source3/librpc/rpc/dcerpc.h | 3 - > > > - source3/librpc/rpc/dcerpc_helpers.c | 124 -------------------------= ----------- > > > - 2 files changed, 127 deletions(-) > > > - > > > -diff --git a/source3/librpc/rpc/dcerpc.h b/source3/librpc/rpc/dcerpc= =2Eh > > > -index b3ae3b4..38d59cd 100644 > > > ---- a/source3/librpc/rpc/dcerpc.h > > > -+++ b/source3/librpc/rpc/dcerpc.h > > > -@@ -60,9 +60,6 @@ NTSTATUS dcerpc_pull_ncacn_packet(TALLOC_CTX *mem_= ctx, > > > - const DATA_BLOB *blob, > > > - struct ncacn_packet *r, > > > - bool bigendian); > > > --NTSTATUS dcerpc_push_schannel_bind(TALLOC_CTX *mem_ctx, > > > -- struct NL_AUTH_MESSAGE *r, > > > -- DATA_BLOB *blob); > > > - NTSTATUS dcerpc_push_dcerpc_auth(TALLOC_CTX *mem_ctx, > > > - enum dcerpc_AuthType auth_type, > > > - enum dcerpc_AuthLevel auth_level, > > > -diff --git a/source3/librpc/rpc/dcerpc_helpers.c b/source3/librpc/rp= c/dcerpc_helpers.c > > > -index b9e05cb..2400bfd 100644 > > > ---- a/source3/librpc/rpc/dcerpc_helpers.c > > > -+++ b/source3/librpc/rpc/dcerpc_helpers.c > > > -@@ -21,9 +21,6 @@ > > > - #include "includes.h" > > > - #include "librpc/rpc/dcerpc.h" > > > - #include "librpc/gen_ndr/ndr_dcerpc.h" > > > --#include "librpc/gen_ndr/ndr_schannel.h" > > > --#include "../libcli/auth/schannel.h" > > > --#include "../libcli/auth/spnego.h" > > > - #include "librpc/crypto/gse.h" > > > - #include "auth/gensec/gensec.h" > > > -=20 > > > -@@ -135,34 +132,6 @@ NTSTATUS dcerpc_pull_ncacn_packet(TALLOC_CTX *m= em_ctx, > > > - } > > > -=20 > > > - /** > > > --* @brief NDR Encodes a NL_AUTH_MESSAGE > > > --* > > > --* @param mem_ctx The memory context the blob will be allocated on > > > --* @param r The NL_AUTH_MESSAGE to encode > > > --* @param blob [out] The encoded blob if successful > > > --* > > > --* @return a NTSTATUS error code > > > --*/ > > > --NTSTATUS dcerpc_push_schannel_bind(TALLOC_CTX *mem_ctx, > > > -- struct NL_AUTH_MESSAGE *r, > > > -- DATA_BLOB *blob) > > > --{ > > > -- enum ndr_err_code ndr_err; > > > -- > > > -- ndr_err =3D ndr_push_struct_blob(blob, mem_ctx, r, > > > -- (ndr_push_flags_fn_t)ndr_push_NL_AUTH_MESSAGE); > > > -- if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) { > > > -- return ndr_map_error2ntstatus(ndr_err); > > > -- } > > > -- > > > -- if (DEBUGLEVEL >=3D 10) { > > > -- NDR_PRINT_DEBUG(NL_AUTH_MESSAGE, r); > > > -- } > > > -- > > > -- return NT_STATUS_OK; > > > --} > > > -- > > > --/** > > > - * @brief NDR Encodes a dcerpc_auth structure > > > - * > > > - * @param mem_ctx The memory context the blob will be allocated on > > > -@@ -437,99 +406,6 @@ static NTSTATUS get_generic_auth_footer(struct = gensec_security *gensec_security, > > > - } > > > - } > > > -=20 > > > --/******************************************************************* > > > -- Create and add the schannel sign/seal auth data. > > > -- ******************************************************************= **/ > > > -- > > > --static NTSTATUS add_schannel_auth_footer(struct schannel_state *sas, > > > -- enum dcerpc_AuthLevel auth_level, > > > -- DATA_BLOB *rpc_out) > > > --{ > > > -- uint8_t *data_p =3D rpc_out->data + DCERPC_RESPONSE_LENGTH; > > > -- size_t data_and_pad_len =3D rpc_out->length > > > -- - DCERPC_RESPONSE_LENGTH > > > -- - DCERPC_AUTH_TRAILER_LENGTH; > > > -- DATA_BLOB auth_blob; > > > -- NTSTATUS status; > > > -- > > > -- if (!sas) { > > > -- return NT_STATUS_INVALID_PARAMETER; > > > -- } > > > -- > > > -- switch (auth_level) { > > > -- case DCERPC_AUTH_LEVEL_PRIVACY: > > > -- status =3D netsec_outgoing_packet(sas, > > > -- rpc_out->data, > > > -- true, > > > -- data_p, > > > -- data_and_pad_len, > > > -- &auth_blob); > > > -- break; > > > -- case DCERPC_AUTH_LEVEL_INTEGRITY: > > > -- status =3D netsec_outgoing_packet(sas, > > > -- rpc_out->data, > > > -- false, > > > -- data_p, > > > -- data_and_pad_len, > > > -- &auth_blob); > > > -- break; > > > -- default: > > > -- status =3D NT_STATUS_INTERNAL_ERROR; > > > -- break; > > > -- } > > > -- > > > -- if (!NT_STATUS_IS_OK(status)) { > > > -- DEBUG(1,("add_schannel_auth_footer: failed to process packet: %s\= n", > > > -- nt_errstr(status))); > > > -- return status; > > > -- } > > > -- > > > -- if (DEBUGLEVEL >=3D 10) { > > > -- dump_NL_AUTH_SIGNATURE(talloc_tos(), &auth_blob); > > > -- } > > > -- > > > -- /* Finally attach the blob. */ > > > -- if (!data_blob_append(NULL, rpc_out, > > > -- auth_blob.data, auth_blob.length)) { > > > -- return NT_STATUS_NO_MEMORY; > > > -- } > > > -- data_blob_free(&auth_blob); > > > -- > > > -- return NT_STATUS_OK; > > > --} > > > -- > > > --/******************************************************************* > > > -- Check/unseal the Schannel auth data. (Unseal in place). > > > -- ******************************************************************= **/ > > > -- > > > --static NTSTATUS get_schannel_auth_footer(TALLOC_CTX *mem_ctx, > > > -- struct schannel_state *auth_state, > > > -- enum dcerpc_AuthLevel auth_level, > > > -- DATA_BLOB *data, DATA_BLOB *full_pkt, > > > -- DATA_BLOB *auth_token) > > > --{ > > > -- switch (auth_level) { > > > -- case DCERPC_AUTH_LEVEL_PRIVACY: > > > -- /* Data portion is encrypted. */ > > > -- return netsec_incoming_packet(auth_state, > > > -- true, > > > -- data->data, > > > -- data->length, > > > -- auth_token); > > > -- > > > -- case DCERPC_AUTH_LEVEL_INTEGRITY: > > > -- /* Data is signed. */ > > > -- return netsec_incoming_packet(auth_state, > > > -- false, > > > -- data->data, > > > -- data->length, > > > -- auth_token); > > > -- > > > -- default: > > > -- return NT_STATUS_INVALID_PARAMETER; > > > -- } > > > --} > > > -- > > > - /** > > > - * @brief Append an auth footer according to what is the current m= echanism > > > - * > > > ---=20 > > > -1.9.3 > > > - > > > - > > > -From 3c10a3501c04e1f5f9bd2bb1418b95b4b17248a8 Mon Sep 17 00:00:00 20= 01 > > > -From: =3D?UTF-8?q?G=3DC3=3DBCnther=3D20Deschner?=3D > > > -Date: Thu, 19 Sep 2013 11:04:19 +0200 > > > -Subject: [PATCH 103/249] s3-rpc_cli: remove unused schannel calls fr= om > > > - cli_pipe.c > > > -MIME-Version: 1.0 > > > -Content-Type: text/plain; charset=3DUTF-8 > > > -Content-Transfer-Encoding: 8bit > > > - > > > -Guenther > > > - > > > -Signed-off-by: G=C3=BCnther Deschner > > > -Reviewed-by: Stefan Metzmacher > > > -(cherry picked from commit 45949d721892a0e8a6b1a76e221c6b3bfd6a872f) > > > ---- > > > - source3/rpc_client/cli_pipe.c | 76 --------------------------------= ----------- > > > - 1 file changed, 76 deletions(-) > > > - > > > -diff --git a/source3/rpc_client/cli_pipe.c b/source3/rpc_client/cli_= pipe.c > > > -index 8a642e2..b73f2f2 100644 > > > ---- a/source3/rpc_client/cli_pipe.c > > > -+++ b/source3/rpc_client/cli_pipe.c > > > -@@ -22,11 +22,8 @@ > > > - #include "includes.h" > > > - #include "../lib/util/tevent_ntstatus.h" > > > - #include "librpc/gen_ndr/ndr_epmapper_c.h" > > > --#include "../librpc/gen_ndr/ndr_schannel.h" > > > - #include "../librpc/gen_ndr/ndr_dssetup.h" > > > - #include "../libcli/auth/schannel.h" > > > --#include "../libcli/auth/spnego.h" > > > --#include "../auth/ntlmssp/ntlmssp.h" > > > - #include "auth_generic.h" > > > - #include "librpc/gen_ndr/ndr_dcerpc.h" > > > - #include "librpc/gen_ndr/ndr_netlogon_c.h" > > > -@@ -1018,42 +1015,6 @@ static NTSTATUS create_generic_auth_rpc_bind_= req(struct rpc_pipe_client *cli, > > > - } > > > -=20 > > > - /******************************************************************* > > > -- Creates schannel auth bind. > > > -- ******************************************************************= **/ > > > -- > > > --static NTSTATUS create_schannel_auth_rpc_bind_req(struct rpc_pipe_c= lient *cli, > > > -- DATA_BLOB *auth_token) > > > --{ > > > -- NTSTATUS status; > > > -- struct NL_AUTH_MESSAGE r; > > > -- > > > -- if (!cli->auth->user_name || !cli->auth->user_name[0]) { > > > -- return NT_STATUS_INVALID_PARAMETER_MIX; > > > -- } > > > -- > > > -- if (!cli->auth->domain || !cli->auth->domain[0]) { > > > -- return NT_STATUS_INVALID_PARAMETER_MIX; > > > -- } > > > -- > > > -- /* > > > -- * Now marshall the data into the auth parse_struct. > > > -- */ > > > -- > > > -- r.MessageType =3D NL_NEGOTIATE_REQUEST; > > > -- r.Flags =3D NL_FLAG_OEM_NETBIOS_DOMAIN_NAME | > > > -- NL_FLAG_OEM_NETBIOS_COMPUTER_NAME; > > > -- r.oem_netbios_domain.a =3D cli->auth->domain; > > > -- r.oem_netbios_computer.a =3D cli->auth->user_name; > > > -- > > > -- status =3D dcerpc_push_schannel_bind(cli, &r, auth_token); > > > -- if (!NT_STATUS_IS_OK(status)) { > > > -- return status; > > > -- } > > > -- > > > -- return NT_STATUS_OK; > > > --} > > > -- > > > --/******************************************************************* > > > - Creates the internals of a DCE/RPC bind request or alter context P= DU. > > > - ******************************************************************= **/ > > > -=20 > > > -@@ -2243,43 +2204,6 @@ static NTSTATUS rpccli_generic_bind_data(TALL= OC_CTX *mem_ctx, > > > - return status; > > > - } > > > -=20 > > > --static NTSTATUS rpccli_schannel_bind_data(TALLOC_CTX *mem_ctx, > > > -- const char *domain, > > > -- enum dcerpc_AuthLevel auth_level, > > > -- struct netlogon_creds_CredentialState *creds, > > > -- struct pipe_auth_data **presult) > > > --{ > > > -- struct schannel_state *schannel_auth; > > > -- struct pipe_auth_data *result; > > > -- > > > -- result =3D talloc(mem_ctx, struct pipe_auth_data); > > > -- if (result =3D=3D NULL) { > > > -- return NT_STATUS_NO_MEMORY; > > > -- } > > > -- > > > -- result->auth_type =3D DCERPC_AUTH_TYPE_SCHANNEL; > > > -- result->auth_level =3D auth_level; > > > -- > > > -- result->user_name =3D talloc_strdup(result, creds->computer_name); > > > -- result->domain =3D talloc_strdup(result, domain); > > > -- if ((result->user_name =3D=3D NULL) || (result->domain =3D=3D NULL= )) { > > > -- goto fail; > > > -- } > > > -- > > > -- schannel_auth =3D netsec_create_state(result, creds, true /* initi= ator */); > > > -- if (schannel_auth =3D=3D NULL) { > > > -- goto fail; > > > -- } > > > -- > > > -- result->auth_ctx =3D schannel_auth; > > > -- *presult =3D result; > > > -- return NT_STATUS_OK; > > > -- > > > -- fail: > > > -- TALLOC_FREE(result); > > > -- return NT_STATUS_NO_MEMORY; > > > --} > > > -- > > > - /** > > > - * Create an rpc pipe client struct, connecting to a tcp port. > > > - */ > > > ---=20 > > > -1.9.3 > > > - > > > - > > > -From e4b33d6311e051501815199bd6c6dbba33f1bc55 Mon Sep 17 00:00:00 20= 01 > > > -From: =3D?UTF-8?q?G=3DC3=3DBCnther=3D20Deschner?=3D > > > -Date: Thu, 19 Sep 2013 11:05:21 +0200 > > > -Subject: [PATCH 104/249] s3-rpc_srv: remove unused schannel calls fr= om > > > - srv_pipe.c > > > -MIME-Version: 1.0 > > > -Content-Type: text/plain; charset=3DUTF-8 > > > -Content-Transfer-Encoding: 8bit > > > - > > > -Guenther > > > - > > > -Signed-off-by: G=C3=BCnther Deschner > > > -Reviewed-by: Stefan Metzmacher > > > - > > > -Autobuild-User(master): G=C3=BCnther Deschner > > > -Autobuild-Date(master): Thu Sep 19 12:59:04 CEST 2013 on sn-devel-104 > > > -(cherry picked from commit 6965f918c04328535c55a0ef9b7fe6392fba193a) > > > ---- > > > - source3/rpc_server/srv_pipe.c | 116 -------------------------------= ----------- > > > - 1 file changed, 116 deletions(-) > > > - > > > -diff --git a/source3/rpc_server/srv_pipe.c b/source3/rpc_server/srv_= pipe.c > > > -index fd7a90a..06752a8 100644 > > > ---- a/source3/rpc_server/srv_pipe.c > > > -+++ b/source3/rpc_server/srv_pipe.c > > > -@@ -30,11 +30,8 @@ > > > - #include "includes.h" > > > - #include "system/filesys.h" > > > - #include "srv_pipe_internal.h" > > > --#include "../librpc/gen_ndr/ndr_schannel.h" > > > - #include "../librpc/gen_ndr/dcerpc.h" > > > - #include "../librpc/rpc/rpc_common.h" > > > --#include "../libcli/auth/schannel.h" > > > --#include "../libcli/auth/spnego.h" > > > - #include "dcesrv_auth_generic.h" > > > - #include "rpc_server.h" > > > - #include "rpc_dce.h" > > > -@@ -415,119 +412,6 @@ bool is_known_pipename(const char *pipename, s= truct ndr_syntax_id *syntax) > > > - } > > > -=20 > > > - /******************************************************************* > > > -- Handle an schannel bind auth. > > > --*******************************************************************/ > > > -- > > > --static bool pipe_schannel_auth_bind(struct pipes_struct *p, > > > -- TALLOC_CTX *mem_ctx, > > > -- struct dcerpc_auth *auth_info, > > > -- DATA_BLOB *response) > > > --{ > > > -- struct NL_AUTH_MESSAGE neg; > > > -- struct NL_AUTH_MESSAGE reply; > > > -- bool ret; > > > -- NTSTATUS status; > > > -- struct netlogon_creds_CredentialState *creds; > > > -- enum ndr_err_code ndr_err; > > > -- struct schannel_state *schannel_auth; > > > -- struct loadparm_context *lp_ctx; > > > -- > > > -- ndr_err =3D ndr_pull_struct_blob( > > > -- &auth_info->credentials, mem_ctx, &neg, > > > -- (ndr_pull_flags_fn_t)ndr_pull_NL_AUTH_MESSAGE); > > > -- if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) { > > > -- DEBUG(0,("pipe_schannel_auth_bind: Could not unmarshal SCHANNEL a= uth neg\n")); > > > -- return false; > > > -- } > > > -- > > > -- if (DEBUGLEVEL >=3D 10) { > > > -- NDR_PRINT_DEBUG(NL_AUTH_MESSAGE, &neg); > > > -- } > > > -- > > > -- if (!(neg.Flags & NL_FLAG_OEM_NETBIOS_COMPUTER_NAME)) { > > > -- DEBUG(0,("pipe_schannel_auth_bind: Did not receive netbios comput= er name\n")); > > > -- return false; > > > -- } > > > -- > > > -- lp_ctx =3D loadparm_init_s3(p, loadparm_s3_helpers()); > > > -- if (!lp_ctx) { > > > -- DEBUG(0,("pipe_schannel_auth_bind: loadparm_init_s3() failed!\n")= ); > > > -- return false; > > > -- } > > > -- > > > -- /* > > > -- * The neg.oem_netbios_computer.a key here must match the remote c= omputer name > > > -- * given in the DOM_CLNT_SRV.uni_comp_name used on all netlogon pi= pe > > > -- * operations that use credentials. > > > -- */ > > > -- > > > -- become_root(); > > > -- status =3D schannel_get_creds_state(p->mem_ctx, lp_ctx, > > > -- neg.oem_netbios_computer.a, &creds); > > > -- unbecome_root(); > > > --=09 > > > -- talloc_unlink(p, lp_ctx); > > > -- if (!NT_STATUS_IS_OK(status)) { > > > -- DEBUG(0, ("pipe_schannel_auth_bind: Attempt to bind using schanne= l without successful serverauth2\n")); > > > -- return False; > > > -- } > > > -- > > > -- schannel_auth =3D netsec_create_state(p, creds, false /* not initi= ator */); > > > -- TALLOC_FREE(creds); > > > -- if (!schannel_auth) { > > > -- return False; > > > -- } > > > -- > > > -- /* > > > -- * JRA. Should we also copy the schannel session key into the pipe= session key p->session_key > > > -- * here ? We do that for NTLMSSP, but the session key is already s= et up from the vuser > > > -- * struct of the person who opened the pipe. I need to test this f= urther. JRA. > > > -- * > > > -- * VL. As we are mapping this to guest set the generic key > > > -- * "SystemLibraryDTC" key here. It's a bit difficult to test again= st > > > -- * W2k3, as it does not allow schannel binds against SAMR and LSA > > > -- * anymore. > > > -- */ > > > -- > > > -- ret =3D session_info_set_session_key(p->session_info, generic_sess= ion_key()); > > > -- > > > -- if (!ret) { > > > -- DEBUG(0, ("session_info_set_session_key failed\n")); > > > -- return false; > > > -- } > > > -- > > > -- /*** SCHANNEL verifier ***/ > > > -- > > > -- reply.MessageType =3D NL_NEGOTIATE_RESPONSE; > > > -- reply.Flags =3D 0; > > > -- reply.Buffer.dummy =3D 5; /* ??? actually I don't think > > > -- * this has any meaning > > > -- * here - gd */ > > > -- > > > -- ndr_err =3D ndr_push_struct_blob(response, mem_ctx, &reply, > > > -- (ndr_push_flags_fn_t)ndr_push_NL_AUTH_MESSAGE); > > > -- if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) { > > > -- DEBUG(0,("Failed to marshall NL_AUTH_MESSAGE.\n")); > > > -- return false; > > > -- } > > > -- > > > -- if (DEBUGLEVEL >=3D 10) { > > > -- NDR_PRINT_DEBUG(NL_AUTH_MESSAGE, &reply); > > > -- } > > > -- > > > -- DEBUG(10,("pipe_schannel_auth_bind: schannel auth: domain [%s] myn= ame [%s]\n", > > > -- neg.oem_netbios_domain.a, neg.oem_netbios_computer.a)); > > > -- > > > -- /* We're finished with this bind - no more packets. */ > > > -- p->auth.auth_ctx =3D schannel_auth; > > > -- p->auth.auth_type =3D DCERPC_AUTH_TYPE_SCHANNEL; > > > -- > > > -- p->pipe_bound =3D True; > > > -- > > > -- return True; > > > --} > > > -- > > > --/******************************************************************* > > > - Handle an NTLMSSP bind auth. > > > - *******************************************************************/ > > > -=20 > > > ---=20 > > > -1.9.3 > > > - > > > - > > > -From 68fbdf567cb7d0bc3550b826204c0708a771a4dc Mon Sep 17 00:00:00 20= 01 > > > -From: =3D?UTF-8?q?G=3DC3=3DBCnther=3D20Deschner?=3D > > > -Date: Mon, 12 Aug 2013 17:22:15 +0200 > > > -Subject: [PATCH 105/249] librpc/ndr: call ndr_table_list() from all = ndr_X > > > - functions. > > > -MIME-Version: 1.0 > > > -Content-Type: text/plain; charset=3DUTF-8 > > > -Content-Transfer-Encoding: 8bit > > > - > > > -Guenther > > > - > > > -Signed-off-by: G=C3=BCnther Deschner > > > -Reviewed-by: Stefan Metzmacher > > > -(cherry picked from commit 88c1dbf722889a2d7379cdcbac1ce9b140a42356) > > > ---- > > > - librpc/ndr/ndr_table.c | 6 +++--- > > > - 1 file changed, 3 insertions(+), 3 deletions(-) > > > - > > > -diff --git a/librpc/ndr/ndr_table.c b/librpc/ndr/ndr_table.c > > > -index 7ca0417..01d9094 100644 > > > ---- a/librpc/ndr/ndr_table.c > > > -+++ b/librpc/ndr/ndr_table.c > > > -@@ -73,7 +73,7 @@ const char *ndr_interface_name(const struct GUID *= uuid, uint32_t if_version) > > > - int ndr_interface_num_calls(const struct GUID *uuid, uint32_t if_ve= rsion) > > > - { > > > - const struct ndr_interface_list *l; > > > -- for (l=3Dndr_interfaces;l;l=3Dl->next){ > > > -+ for (l=3Dndr_table_list();l;l=3Dl->next){ > > > - if (GUID_equal(&l->table->syntax_id.uuid, uuid) && > > > - l->table->syntax_id.if_version =3D=3D if_version) { > > > - return l->table->num_calls; > > > -@@ -89,7 +89,7 @@ int ndr_interface_num_calls(const struct GUID *uui= d, uint32_t if_version) > > > - const struct ndr_interface_table *ndr_table_by_name(const char *nam= e) > > > - { > > > - const struct ndr_interface_list *l; > > > -- for (l=3Dndr_interfaces;l;l=3Dl->next) { > > > -+ for (l=3Dndr_table_list();l;l=3Dl->next) { > > > - if (strcasecmp(l->table->name, name) =3D=3D 0) { > > > - return l->table; > > > - } > > > -@@ -103,7 +103,7 @@ const struct ndr_interface_table *ndr_table_by_n= ame(const char *name) > > > - const struct ndr_interface_table *ndr_table_by_uuid(const struct GU= ID *uuid) > > > - { > > > - const struct ndr_interface_list *l; > > > -- for (l=3Dndr_interfaces;l;l=3Dl->next) { > > > -+ for (l=3Dndr_table_list();l;l=3Dl->next) { > > > - if (GUID_equal(&l->table->syntax_id.uuid, uuid)) { > > > - return l->table; > > > - } > > > ---=20 > > > -1.9.3 > > > - > > > - > > > -From c936c80f7e567bab6fc749fb35e60176fca020af Mon Sep 17 00:00:00 20= 01 > > > -From: =3D?UTF-8?q?G=3DC3=3DBCnther=3D20Deschner?=3D > > > -Date: Thu, 8 Aug 2013 17:34:56 +0200 > > > -Subject: [PATCH 106/249] librpc/ndr: make sure ndr_table_list() alwa= ys calls > > > - ndr_init_table() first. > > > -MIME-Version: 1.0 > > > -Content-Type: text/plain; charset=3DUTF-8 > > > -Content-Transfer-Encoding: 8bit > > > - > > > -Guenther > > > - > > > -Signed-off-by: G=C3=BCnther Deschner > > > -Reviewed-by: Stefan Metzmacher > > > -(cherry picked from commit 21200b12dc14673f9a610c5798635b6052370dbe) > > > ---- > > > - librpc/ndr/ndr_table.c | 1 + > > > - 1 file changed, 1 insertion(+) > > > - > > > -diff --git a/librpc/ndr/ndr_table.c b/librpc/ndr/ndr_table.c > > > -index 01d9094..f73b9fc 100644 > > > ---- a/librpc/ndr/ndr_table.c > > > -+++ b/librpc/ndr/ndr_table.c > > > -@@ -116,6 +116,7 @@ const struct ndr_interface_table *ndr_table_by_u= uid(const struct GUID *uuid) > > > - */ > > > - const struct ndr_interface_list *ndr_table_list(void) > > > - { > > > -+ ndr_table_init(); > > > - return ndr_interfaces; > > > - } > > > -=20 > > > ---=20 > > > -1.9.3 > > > - > > > - > > > -From 2ced3243b3589b673967452a6401d665dd514525 Mon Sep 17 00:00:00 20= 01 > > > -From: =3D?UTF-8?q?G=3DC3=3DBCnther=3D20Deschner?=3D > > > -Date: Thu, 8 Aug 2013 17:40:22 +0200 > > > -Subject: [PATCH 107/249] s3-rpc: use table->name directly in DEBUG c= ontexts. > > > -MIME-Version: 1.0 > > > -Content-Type: text/plain; charset=3DUTF-8 > > > -Content-Transfer-Encoding: 8bit > > > - > > > -Guenther > > > - > > > -Signed-off-by: G=C3=BCnther Deschner > > > -Reviewed-by: Stefan Metzmacher > > > -(cherry picked from commit a94e278883c58b35d383753e86135ff6a1d14ec7) > > > ---- > > > - source3/lib/netapi/cm.c | 2 +- > > > - source3/rpc_client/cli_pipe.c | 7 +++---- > > > - 2 files changed, 4 insertions(+), 5 deletions(-) > > > - > > > -diff --git a/source3/lib/netapi/cm.c b/source3/lib/netapi/cm.c > > > -index 1cfdccf..bb5d6b2 100644 > > > ---- a/source3/lib/netapi/cm.c > > > -+++ b/source3/lib/netapi/cm.c > > > -@@ -254,7 +254,7 @@ WERROR libnetapi_open_pipe(struct libnetapi_ctx = *ctx, > > > - status =3D pipe_cm_open(ctx, ipc, table, &result); > > > - if (!NT_STATUS_IS_OK(status)) { > > > - libnetapi_set_error_string(ctx, "failed to open PIPE %s: %s", > > > -- get_pipe_name_from_syntax(talloc_tos(), &table->syntax_id), > > > -+ table->name, > > > - get_friendly_nt_error_msg(status)); > > > - return WERR_DEST_NOT_FOUND; > > > - } > > > -diff --git a/source3/rpc_client/cli_pipe.c b/source3/rpc_client/cli_= pipe.c > > > -index b73f2f2..64e7f1c 100644 > > > ---- a/source3/rpc_client/cli_pipe.c > > > -+++ b/source3/rpc_client/cli_pipe.c > > > -@@ -2692,8 +2692,7 @@ NTSTATUS cli_rpc_pipe_open_noauth_transport(st= ruct cli_state *cli, > > > - } > > > - DEBUG(lvl, ("cli_rpc_pipe_open_noauth: rpc_pipe_bind for pipe " > > > - "%s failed with error %s\n", > > > -- get_pipe_name_from_syntax(talloc_tos(), > > > -- &table->syntax_id), > > > -+ table->name, > > > - nt_errstr(status) )); > > > - TALLOC_FREE(result); > > > - return status; > > > -@@ -2701,7 +2700,7 @@ NTSTATUS cli_rpc_pipe_open_noauth_transport(st= ruct cli_state *cli, > > > -=20 > > > - DEBUG(10,("cli_rpc_pipe_open_noauth: opened pipe %s to machine " > > > - "%s and bound anonymously.\n", > > > -- get_pipe_name_from_syntax(talloc_tos(), &table->syntax_id), > > > -+ table->name, > > > - result->desthost)); > > > -=20 > > > - *presult =3D result; > > > -@@ -2946,7 +2945,7 @@ NTSTATUS cli_rpc_pipe_open_schannel_with_key(s= truct cli_state *cli, > > > - done: > > > - DEBUG(10,("cli_rpc_pipe_open_schannel_with_key: opened pipe %s to = machine %s " > > > - "for domain %s and bound using schannel.\n", > > > -- get_pipe_name_from_syntax(talloc_tos(), &table->syntax_id), > > > -+ table->name, > > > - rpccli->desthost, domain)); > > > -=20 > > > - *_rpccli =3D rpccli; > > > ---=20 > > > -1.9.3 > > > - > > > - > > > -From cd864f1a3748c219df78600fc826a6e1d81fa07d Mon Sep 17 00:00:00 20= 01 > > > -From: =3D?UTF-8?q?G=3DC3=3DBCnther=3D20Deschner?=3D > > > -Date: Wed, 18 Sep 2013 10:58:16 +0200 > > > -Subject: [PATCH 108/249] s3-rpc: use ndr_interface_name() instead of > > > - get_pipe_name_from_syntax() in DEBUG. > > > -MIME-Version: 1.0 > > > -Content-Type: text/plain; charset=3DUTF-8 > > > -Content-Transfer-Encoding: 8bit > > > - > > > -Guenther > > > - > > > -Signed-off-by: G=C3=BCnther Deschner > > > -Reviewed-by: Stefan Metzmacher > > > -(cherry picked from commit 3135533710b2a1b64aaf6b10d30b86f3c004657d) > > > ---- > > > - source3/rpc_server/rpc_handles.c | 15 +++++++++------ > > > - source3/rpc_server/srv_pipe.c | 22 ++++++++++++++-------- > > > - source3/rpc_server/srv_pipe_hnd.c | 16 +++++++++++----- > > > - source3/wscript_build | 3 ++- > > > - 4 files changed, 36 insertions(+), 20 deletions(-) > > > - > > > -diff --git a/source3/rpc_server/rpc_handles.c b/source3/rpc_server/r= pc_handles.c > > > -index 70c3919..409299a 100644 > > > ---- a/source3/rpc_server/rpc_handles.c > > > -+++ b/source3/rpc_server/rpc_handles.c > > > -@@ -27,6 +27,7 @@ > > > - #include "rpc_server/rpc_pipes.h" > > > - #include "../libcli/security/security.h" > > > - #include "lib/tsocket/tsocket.h" > > > -+#include "librpc/ndr/ndr_table.h" > > > -=20 > > > - #undef DBGC_CLASS > > > - #define DBGC_CLASS DBGC_RPC_SRV > > > -@@ -218,7 +219,8 @@ bool init_pipe_handles(struct pipes_struct *p, c= onst struct ndr_syntax_id *synta > > > -=20 > > > - DEBUG(10,("init_pipe_handle_list: created handle list for " > > > - "pipe %s\n", > > > -- get_pipe_name_from_syntax(talloc_tos(), syntax))); > > > -+ ndr_interface_name(&syntax->uuid, > > > -+ syntax->if_version))); > > > - } > > > -=20 > > > - /* > > > -@@ -235,7 +237,7 @@ bool init_pipe_handles(struct pipes_struct *p, c= onst struct ndr_syntax_id *synta > > > -=20 > > > - DEBUG(10,("init_pipe_handle_list: pipe_handles ref count =3D %lu f= or " > > > - "pipe %s\n", (unsigned long)p->pipe_handles->pipe_ref_count, > > > -- get_pipe_name_from_syntax(talloc_tos(), syntax))); > > > -+ ndr_interface_name(&syntax->uuid, syntax->if_version))); > > > -=20 > > > - return True; > > > - } > > > -@@ -412,8 +414,8 @@ void close_policy_by_pipe(struct pipes_struct *p) > > > - TALLOC_FREE(p->pipe_handles); > > > -=20 > > > - DEBUG(10,("Deleted handle list for RPC connection %s\n", > > > -- get_pipe_name_from_syntax(talloc_tos(), > > > -- &p->contexts->syntax))); > > > -+ ndr_interface_name(&p->contexts->syntax.uuid, > > > -+ p->contexts->syntax.if_version))); > > > - } > > > - } > > > -=20 > > > -@@ -456,8 +458,9 @@ void *_policy_handle_create(struct pipes_struct = *p, struct policy_handle *hnd, > > > - if (p->pipe_handles->count > MAX_OPEN_POLS) { > > > - DEBUG(0, ("ERROR: Too many handles (%d) for RPC connection %s\n", > > > - (int) p->pipe_handles->count, > > > -- get_pipe_name_from_syntax(talloc_tos(), > > > -- &p->contexts->syntax))); > > > -+ ndr_interface_name(&p->contexts->syntax.uuid, > > > -+ p->contexts->syntax.if_version))); > > > -+ > > > - *pstatus =3D NT_STATUS_INSUFFICIENT_RESOURCES; > > > - return NULL; > > > - } > > > -diff --git a/source3/rpc_server/srv_pipe.c b/source3/rpc_server/srv_= pipe.c > > > -index 06752a8..19dbc37 100644 > > > ---- a/source3/rpc_server/srv_pipe.c > > > -+++ b/source3/rpc_server/srv_pipe.c > > > -@@ -41,6 +41,7 @@ > > > - #include "rpc_server/srv_pipe.h" > > > - #include "rpc_server/rpc_contexts.h" > > > - #include "lib/param/param.h" > > > -+#include "librpc/ndr/ndr_table.h" > > > -=20 > > > - #undef DBGC_CLASS > > > - #define DBGC_CLASS DBGC_RPC_SRV > > > -@@ -336,7 +337,8 @@ static bool check_bind_req(struct pipes_struct *= p, > > > - bool ok; > > > -=20 > > > - DEBUG(3,("check_bind_req for %s\n", > > > -- get_pipe_name_from_syntax(talloc_tos(), abstract))); > > > -+ ndr_interface_name(&abstract->uuid, > > > -+ abstract->if_version))); > > > -=20 > > > - /* we have to check all now since win2k introduced a new UUID on t= he lsaprpc pipe */ > > > - if (rpc_srv_pipe_exists_by_id(abstract) && > > > -@@ -580,7 +582,8 @@ static bool api_pipe_bind_req(struct pipes_struc= t *p, > > > - if (NT_STATUS_IS_ERR(status)) { > > > - DEBUG(3,("api_pipe_bind_req: Unknown rpc service name " > > > - "%s in bind request.\n", > > > -- get_pipe_name_from_syntax(talloc_tos(), &id))); > > > -+ ndr_interface_name(&id.uuid, > > > -+ id.if_version))); > > > -=20 > > > - return setup_bind_nak(p, pkt); > > > - } > > > -@@ -595,8 +598,10 @@ static bool api_pipe_bind_req(struct pipes_stru= ct *p, > > > - } else { > > > - DEBUG(0, ("module %s doesn't provide functions for " > > > - "pipe %s!\n", > > > -- get_pipe_name_from_syntax(talloc_tos(), &id), > > > -- get_pipe_name_from_syntax(talloc_tos(), &id))); > > > -+ ndr_interface_name(&id.uuid, > > > -+ id.if_version), > > > -+ ndr_interface_name(&id.uuid, > > > -+ id.if_version))); > > > - return setup_bind_nak(p, pkt); > > > - } > > > - } > > > -@@ -1206,7 +1211,8 @@ static bool api_pipe_request(struct pipes_stru= ct *p, > > > - TALLOC_CTX *frame =3D talloc_stackframe(); > > > -=20 > > > - DEBUG(5, ("Requested %s rpc service\n", > > > -- get_pipe_name_from_syntax(talloc_tos(), &pipe_fns->syntax))); > > > -+ ndr_interface_name(&pipe_fns->syntax.uuid, > > > -+ pipe_fns->syntax.if_version))); > > > -=20 > > > - ret =3D api_rpcTNP(p, pkt, pipe_fns->cmds, pipe_fns->n_cmds, > > > - &pipe_fns->syntax); > > > -@@ -1237,7 +1243,7 @@ static bool api_rpcTNP(struct pipes_struct *p,= struct ncacn_packet *pkt, > > > -=20 > > > - /* interpret the command */ > > > - DEBUG(4,("api_rpcTNP: %s op 0x%x - ", > > > -- get_pipe_name_from_syntax(talloc_tos(), syntax), > > > -+ ndr_interface_name(&syntax->uuid, syntax->if_version), > > > - pkt->u.request.opnum)); > > > -=20 > > > - if (DEBUGLEVEL >=3D 50) { > > > -@@ -1276,7 +1282,7 @@ static bool api_rpcTNP(struct pipes_struct *p,= struct ncacn_packet *pkt, > > > - /* do the actual command */ > > > - if(!api_rpc_cmds[fn_num].fn(p)) { > > > - DEBUG(0,("api_rpcTNP: %s: %s failed.\n", > > > -- get_pipe_name_from_syntax(talloc_tos(), syntax), > > > -+ ndr_interface_name(&syntax->uuid, syntax->if_version), > > > - api_rpc_cmds[fn_num].name)); > > > - data_blob_free(&p->out_data.rdata); > > > - return False; > > > -@@ -1299,7 +1305,7 @@ static bool api_rpcTNP(struct pipes_struct *p,= struct ncacn_packet *pkt, > > > - } > > > -=20 > > > - DEBUG(5,("api_rpcTNP: called %s successfully\n", > > > -- get_pipe_name_from_syntax(talloc_tos(), syntax))); > > > -+ ndr_interface_name(&syntax->uuid, syntax->if_version))); > > > -=20 > > > - /* Check for buffer underflow in rpc parsing */ > > > - if ((DEBUGLEVEL >=3D 10) && > > > -diff --git a/source3/rpc_server/srv_pipe_hnd.c b/source3/rpc_server/= srv_pipe_hnd.c > > > -index 3f8ff44..fcbfa77 100644 > > > ---- a/source3/rpc_server/srv_pipe_hnd.c > > > -+++ b/source3/rpc_server/srv_pipe_hnd.c > > > -@@ -30,6 +30,7 @@ > > > - #include "rpc_server/rpc_config.h" > > > - #include "../lib/tsocket/tsocket.h" > > > - #include "../lib/util/tevent_ntstatus.h" > > > -+#include "librpc/ndr/ndr_table.h" > > > -=20 > > > - #undef DBGC_CLASS > > > - #define DBGC_CLASS DBGC_RPC_SRV > > > -@@ -281,7 +282,8 @@ static ssize_t read_from_internal_pipe(struct pi= pes_struct *p, char *data, > > > - } > > > -=20 > > > - DEBUG(6,(" name: %s len: %u\n", > > > -- get_pipe_name_from_syntax(talloc_tos(), &p->contexts->syntax), > > > -+ ndr_interface_name(&p->contexts->syntax.uuid, > > > -+ p->contexts->syntax.if_version), > > > - (unsigned int)n)); > > > -=20 > > > - /* > > > -@@ -299,7 +301,8 @@ static ssize_t read_from_internal_pipe(struct pi= pes_struct *p, char *data, > > > - DEBUG(5,("read_from_pipe: too large read (%u) reque= sted on " > > > - "pipe %s. We can only service %d sized reads.\n", > > > - (unsigned int)n, > > > -- get_pipe_name_from_syntax(talloc_tos(), &p->contexts->syntax), > > > -+ ndr_interface_name(&p->contexts->syntax.uuid, > > > -+ p->contexts->syntax.if_version), > > > - RPC_MAX_PDU_FRAG_LEN )); > > > - n =3D RPC_MAX_PDU_FRAG_LEN; > > > - } > > > -@@ -320,7 +323,8 @@ static ssize_t read_from_internal_pipe(struct pi= pes_struct *p, char *data, > > > -=20 > > > - DEBUG(10,("read_from_pipe: %s: current_pdu_len =3D %u, " > > > - "current_pdu_sent =3D %u returning %d bytes.\n", > > > -- get_pipe_name_from_syntax(talloc_tos(), &p->contexts->syntax), > > > -+ ndr_interface_name(&p->contexts->syntax.uuid, > > > -+ p->contexts->syntax.if_version), > > > - (unsigned int)p->out_data.frag.length, > > > - (unsigned int)p->out_data.current_pdu_sent, > > > - (int)data_returned)); > > > -@@ -341,7 +345,8 @@ static ssize_t read_from_internal_pipe(struct pi= pes_struct *p, char *data, > > > -=20 > > > - DEBUG(10,("read_from_pipe: %s: fault_state =3D %d : data_sent_leng= th " > > > - "=3D %u, p->out_data.rdata.length =3D %u.\n", > > > -- get_pipe_name_from_syntax(talloc_tos(), &p->contexts->syntax), > > > -+ ndr_interface_name(&p->contexts->syntax.uuid, > > > -+ p->contexts->syntax.if_version), > > > - (int)p->fault_state, > > > - (unsigned int)p->out_data.data_sent_length, > > > - (unsigned int)p->out_data.rdata.length)); > > > -@@ -363,7 +368,8 @@ static ssize_t read_from_internal_pipe(struct pi= pes_struct *p, char *data, > > > -=20 > > > - if(!create_next_pdu(p)) { > > > - DEBUG(0,("read_from_pipe: %s: create_next_pdu failed.\n", > > > -- get_pipe_name_from_syntax(talloc_tos(), &p->contexts->syntax))); > > > -+ ndr_interface_name(&p->contexts->syntax.uuid, > > > -+ p->contexts->syntax.if_version))); > > > - return -1; > > > - } > > > -=20 > > > -diff --git a/source3/wscript_build b/source3/wscript_build > > > -index 0bf84e2..bb2e928 100755 > > > ---- a/source3/wscript_build > > > -+++ b/source3/wscript_build > > > -@@ -672,7 +672,8 @@ bld.SAMBA3_LIBRARY('msrpc3', > > > - deps=3D'''ndr ndr-standard > > > - RPC_NDR_EPMAPPER NTLMSSP_COMMON COMMON_SCHANNEL= LIBCLI_AUTH > > > - LIBTSOCKET gse dcerpc-binding > > > -- libsmb''', > > > -+ libsmb > > > -+ ndr-table''', > > > - vars=3Dlocals(), > > > - private_library=3DTrue) > > > -=20 > > > ---=20 > > > -1.9.3 > > > - > > > - > > > -From 6e6ba9bb34ac4e1d55056ef82e4bad8ab2d65b0d Mon Sep 17 00:00:00 20= 01 > > > -From: =3D?UTF-8?q?G=3DC3=3DBCnther=3D20Deschner?=3D > > > -Date: Thu, 8 Aug 2013 17:33:29 +0200 > > > -Subject: [PATCH 109/249] librpc: add dcerpc_default_transport_endpoi= nt() > > > - function. > > > -MIME-Version: 1.0 > > > -Content-Type: text/plain; charset=3DUTF-8 > > > -Content-Transfer-Encoding: 8bit > > > - > > > -Guenther > > > - > > > -Signed-off-by: G=C3=BCnther Deschner > > > -Reviewed-by: Stefan Metzmacher > > > -(cherry picked from commit 40ee3d8a5f7439b90f1ebf5e40535fad51038fe6) > > > ---- > > > - librpc/rpc/dcerpc_util.c | 55 +++++++++++++++++++++++++++++++++++++= +++++++++++ > > > - librpc/rpc/rpc_common.h | 3 +++ > > > - 2 files changed, 58 insertions(+) > > > - > > > -diff --git a/librpc/rpc/dcerpc_util.c b/librpc/rpc/dcerpc_util.c > > > -index 0b9cca3..4046f32 100644 > > > ---- a/librpc/rpc/dcerpc_util.c > > > -+++ b/librpc/rpc/dcerpc_util.c > > > -@@ -332,3 +332,58 @@ NTSTATUS dcerpc_read_ncacn_packet_recv(struct t= event_req *req, > > > - tevent_req_received(req); > > > - return NT_STATUS_OK; > > > - } > > > -+ > > > -+const char *dcerpc_default_transport_endpoint(TALLOC_CTX *mem_ctx, > > > -+ enum dcerpc_transport_t transport, > > > -+ const struct ndr_interface_table *table) > > > -+{ > > > -+ NTSTATUS status; > > > -+ const char *p =3D NULL; > > > -+ const char *endpoint =3D NULL; > > > -+ int i; > > > -+ struct dcerpc_binding *default_binding =3D NULL; > > > -+ TALLOC_CTX *frame =3D talloc_stackframe(); > > > -+ > > > -+ /* Find one of the default pipes for this interface */ > > > -+ > > > -+ for (i =3D 0; i < table->endpoints->count; i++) { > > > -+ > > > -+ status =3D dcerpc_parse_binding(frame, table->endpoints->names[i], > > > -+ &default_binding); > > > -+ if (NT_STATUS_IS_OK(status)) { > > > -+ if (transport =3D=3D NCA_UNKNOWN && > > > -+ default_binding->endpoint !=3D NULL) { > > > -+ p =3D default_binding->endpoint; > > > -+ break; > > > -+ } > > > -+ if (default_binding->transport =3D=3D transport && > > > -+ default_binding->endpoint !=3D NULL) { > > > -+ p =3D default_binding->endpoint; > > > -+ break; > > > -+ } > > > -+ } > > > -+ } > > > -+ > > > -+ if (i =3D=3D table->endpoints->count || p =3D=3D NULL) { > > > -+ goto done; > > > -+ } > > > -+ > > > -+ /* > > > -+ * extract the pipe name without \\pipe from for example > > > -+ * ncacn_np:[\\pipe\\epmapper] > > > -+ */ > > > -+ if (default_binding->transport =3D=3D NCACN_NP) { > > > -+ if (strncasecmp(p, "\\pipe\\", 6) =3D=3D 0) { > > > -+ p +=3D 6; > > > -+ } > > > -+ if (strncmp(p, "\\", 1) =3D=3D 0) { > > > -+ p +=3D 1; > > > -+ } > > > -+ } > > > -+ > > > -+ endpoint =3D talloc_strdup(mem_ctx, p); > > > -+ > > > -+ done: > > > -+ talloc_free(frame); > > > -+ return endpoint; > > > -+} > > > -diff --git a/librpc/rpc/rpc_common.h b/librpc/rpc/rpc_common.h > > > -index e2b3755..d2816f5 100644 > > > ---- a/librpc/rpc/rpc_common.h > > > -+++ b/librpc/rpc/rpc_common.h > > > -@@ -143,6 +143,9 @@ void dcerpc_set_frag_length(DATA_BLOB *blob, uin= t16_t v); > > > - uint16_t dcerpc_get_frag_length(const DATA_BLOB *blob); > > > - void dcerpc_set_auth_length(DATA_BLOB *blob, uint16_t v); > > > - uint8_t dcerpc_get_endian_flag(DATA_BLOB *blob); > > > -+const char *dcerpc_default_transport_endpoint(TALLOC_CTX *mem_ctx, > > > -+ enum dcerpc_transport_t transport, > > > -+ const struct ndr_interface_table *table); > > > -=20 > > > - /** > > > - * @brief Pull a dcerpc_auth structure, taking account of any auth > > > ---=20 > > > -1.9.3 > > > - > > > - > > > -From a71f6912117ef5054cba4346f8bfd555d70d7837 Mon Sep 17 00:00:00 20= 01 > > > -From: =3D?UTF-8?q?G=3DC3=3DBCnther=3D20Deschner?=3D > > > -Date: Wed, 18 Sep 2013 10:59:14 +0200 > > > -Subject: [PATCH 110/249] s3-rpc: use dcerpc_default_transport_endpoi= nt > > > - function. > > > -MIME-Version: 1.0 > > > -Content-Type: text/plain; charset=3DUTF-8 > > > -Content-Transfer-Encoding: 8bit > > > - > > > -Guenther > > > - > > > -Signed-off-by: G=C3=BCnther Deschner > > > -Reviewed-by: Stefan Metzmacher > > > -(cherry picked from commit b73e2d927b2221cb3fde8776789c8ca085cf2b8f) > > > ---- > > > - source3/rpc_client/rpc_transport_np.c | 4 +++- > > > - source3/rpc_server/rpc_ncacn_np.c | 12 ++++++++++-- > > > - source3/rpc_server/srv_pipe.c | 28 +++++++++++++++++++++---= ---- > > > - 3 files changed, 34 insertions(+), 10 deletions(-) > > > - > > > -diff --git a/source3/rpc_client/rpc_transport_np.c b/source3/rpc_cli= ent/rpc_transport_np.c > > > -index c0f313e..91943f4 100644 > > > ---- a/source3/rpc_client/rpc_transport_np.c > > > -+++ b/source3/rpc_client/rpc_transport_np.c > > > -@@ -22,6 +22,7 @@ > > > - #include "rpc_client/rpc_transport.h" > > > - #include "libsmb/cli_np_tstream.h" > > > - #include "client.h" > > > -+#include "librpc/ndr/ndr_table.h" > > > -=20 > > > - #undef DBGC_CLASS > > > - #define DBGC_CLASS DBGC_RPC_CLI > > > -@@ -55,7 +56,8 @@ struct tevent_req *rpc_transport_np_init_send(TALL= OC_CTX *mem_ctx, > > > - state->ev =3D ev; > > > - state->cli =3D cli; > > > - state->abs_timeout =3D timeval_current_ofs_msec(cli->timeout); > > > -- state->pipe_name =3D get_pipe_name_from_syntax(state, &table->synt= ax_id); > > > -+ state->pipe_name =3D dcerpc_default_transport_endpoint(state, NCAC= N_NP, > > > -+ table); > > > - if (tevent_req_nomem(state->pipe_name, req)) { > > > - return tevent_req_post(req, ev); > > > - } > > > -diff --git a/source3/rpc_server/rpc_ncacn_np.c b/source3/rpc_server/= rpc_ncacn_np.c > > > -index 7389b3e..46b77fd 100644 > > > ---- a/source3/rpc_server/rpc_ncacn_np.c > > > -+++ b/source3/rpc_server/rpc_ncacn_np.c > > > -@@ -36,6 +36,7 @@ > > > - #include "../lib/util/tevent_ntstatus.h" > > > - #include "rpc_contexts.h" > > > - #include "rpc_server/rpc_config.h" > > > -+#include "librpc/ndr/ndr_table.h" > > > -=20 > > > - #undef DBGC_CLASS > > > - #define DBGC_CLASS DBGC_RPC_SRV > > > -@@ -54,8 +55,15 @@ struct pipes_struct *make_internal_rpc_pipe_p(TAL= LOC_CTX *mem_ctx, > > > - struct pipe_rpc_fns *context_fns; > > > - const char *pipe_name; > > > - int ret; > > > -+ const struct ndr_interface_table *table; > > > -=20 > > > -- pipe_name =3D get_pipe_name_from_syntax(talloc_tos(), syntax); > > > -+ table =3D ndr_table_by_uuid(&syntax->uuid); > > > -+ if (table =3D=3D NULL) { > > > -+ DEBUG(0,("unknown interface\n")); > > > -+ return NULL; > > > -+ } > > > -+ > > > -+ pipe_name =3D dcerpc_default_transport_endpoint(mem_ctx, NCACN_NP,= table); > > > -=20 > > > - DEBUG(4,("Create pipe requested %s\n", pipe_name)); > > > -=20 > > > -@@ -783,7 +791,7 @@ NTSTATUS rpc_pipe_open_interface(TALLOC_CTX *mem= _ctx, > > > - return NT_STATUS_NO_MEMORY; > > > - } > > > -=20 > > > -- pipe_name =3D get_pipe_name_from_syntax(tmp_ctx, &table->syntax_id= ); > > > -+ pipe_name =3D dcerpc_default_transport_endpoint(mem_ctx, NCACN_NP,= table); > > > - if (pipe_name =3D=3D NULL) { > > > - status =3D NT_STATUS_INVALID_PARAMETER; > > > - goto done; > > > -diff --git a/source3/rpc_server/srv_pipe.c b/source3/rpc_server/srv_= pipe.c > > > -index 19dbc37..5f834fb 100644 > > > ---- a/source3/rpc_server/srv_pipe.c > > > -+++ b/source3/rpc_server/srv_pipe.c > > > -@@ -552,6 +552,7 @@ static bool api_pipe_bind_req(struct pipes_struc= t *p, > > > - struct dcerpc_ack_ctx bind_ack_ctx; > > > - DATA_BLOB auth_resp =3D data_blob_null; > > > - DATA_BLOB auth_blob =3D data_blob_null; > > > -+ const struct ndr_interface_table *table; > > > -=20 > > > - /* No rebinds on a bound pipe - use alter context. */ > > > - if (p->pipe_bound) { > > > -@@ -569,15 +570,21 @@ static bool api_pipe_bind_req(struct pipes_str= uct *p, > > > - * that this is a pipe name we support. > > > - */ > > > - id =3D pkt->u.bind.ctx_list[0].abstract_syntax; > > > -+ > > > -+ table =3D ndr_table_by_uuid(&id.uuid); > > > -+ if (table =3D=3D NULL) { > > > -+ DEBUG(0,("unknown interface\n")); > > > -+ return false; > > > -+ } > > > -+ > > > - if (rpc_srv_pipe_exists_by_id(&id)) { > > > - DEBUG(3, ("api_pipe_bind_req: %s -> %s rpc service\n", > > > - rpc_srv_get_pipe_cli_name(&id), > > > - rpc_srv_get_pipe_srv_name(&id))); > > > - } else { > > > - status =3D smb_probe_module( > > > -- "rpc", get_pipe_name_from_syntax( > > > -- talloc_tos(), > > > -- &id)); > > > -+ "rpc", dcerpc_default_transport_endpoint(pkt, > > > -+ NCACN_NP, table)); > > > -=20 > > > - if (NT_STATUS_IS_ERR(status)) { > > > - DEBUG(3,("api_pipe_bind_req: Unknown rpc service name " > > > -@@ -589,8 +596,8 @@ static bool api_pipe_bind_req(struct pipes_struc= t *p, > > > - } > > > -=20 > > > - if (rpc_srv_get_pipe_interface_by_cli_name( > > > -- get_pipe_name_from_syntax(talloc_tos(), > > > -- &id), > > > -+ dcerpc_default_transport_endpoint(pkt, > > > -+ NCACN_NP, table), > > > - &id)) { > > > - DEBUG(3, ("api_pipe_bind_req: %s -> %s rpc service\n", > > > - rpc_srv_get_pipe_cli_name(&id), > > > -@@ -1240,16 +1247,23 @@ static bool api_rpcTNP(struct pipes_struct *= p, struct ncacn_packet *pkt, > > > - { > > > - int fn_num; > > > - uint32_t offset1; > > > -+ const struct ndr_interface_table *table; > > > -=20 > > > - /* interpret the command */ > > > - DEBUG(4,("api_rpcTNP: %s op 0x%x - ", > > > - ndr_interface_name(&syntax->uuid, syntax->if_version), > > > - pkt->u.request.opnum)); > > > -=20 > > > -+ table =3D ndr_table_by_uuid(&syntax->uuid); > > > -+ if (table =3D=3D NULL) { > > > -+ DEBUG(0,("unknown interface\n")); > > > -+ return false; > > > -+ } > > > -+ > > > - if (DEBUGLEVEL >=3D 50) { > > > - fstring name; > > > - slprintf(name, sizeof(name)-1, "in_%s", > > > -- get_pipe_name_from_syntax(talloc_tos(), syntax)); > > > -+ dcerpc_default_transport_endpoint(pkt, NCACN_NP, table)); > > > - dump_pdu_region(name, pkt->u.request.opnum, > > > - &p->in_data.data, 0, > > > - p->in_data.data.length); > > > -@@ -1298,7 +1312,7 @@ static bool api_rpcTNP(struct pipes_struct *p,= struct ncacn_packet *pkt, > > > - if (DEBUGLEVEL >=3D 50) { > > > - fstring name; > > > - slprintf(name, sizeof(name)-1, "out_%s", > > > -- get_pipe_name_from_syntax(talloc_tos(), syntax)); > > > -+ dcerpc_default_transport_endpoint(pkt, NCACN_NP, table)); > > > - dump_pdu_region(name, pkt->u.request.opnum, > > > - &p->out_data.rdata, offset1, > > > - p->out_data.rdata.length); > > > ---=20 > > > -1.9.3 > > > - > > > - > > > -From 8bb6f177b210159ea6317b20e2cc12732b4d273a Mon Sep 17 00:00:00 20= 01 > > > -From: =3D?UTF-8?q?G=3DC3=3DBCnther=3D20Deschner?=3D > > > -Date: Wed, 7 Aug 2013 17:43:08 +0200 > > > -Subject: [PATCH 111/249] s3-rpc: remove unused source3/librpc/rpc/rp= c_common.c > > > -MIME-Version: 1.0 > > > -Content-Type: text/plain; charset=3DUTF-8 > > > -Content-Transfer-Encoding: 8bit > > > - > > > -Guenther > > > - > > > -Signed-off-by: G=C3=BCnther Deschner > > > -Reviewed-by: Stefan Metzmacher > > > - > > > -Autobuild-User(master): G=C3=BCnther Deschner > > > -Autobuild-Date(master): Fri Sep 20 14:57:06 CEST 2013 on sn-devel-104 > > > -(cherry picked from commit 807628ecac445999e75ec9ea1abdc5f2fde356d6) > > > ---- > > > - source3/librpc/rpc/dcerpc.h | 8 -- > > > - source3/librpc/rpc/rpc_common.c | 209 -----------------------------= ----------- > > > - source3/wscript_build | 1 - > > > - 3 files changed, 218 deletions(-) > > > - delete mode 100644 source3/librpc/rpc/rpc_common.c > > > - > > > -diff --git a/source3/librpc/rpc/dcerpc.h b/source3/librpc/rpc/dcerpc= =2Eh > > > -index 38d59cd..b18b7ba 100644 > > > ---- a/source3/librpc/rpc/dcerpc.h > > > -+++ b/source3/librpc/rpc/dcerpc.h > > > -@@ -85,12 +85,4 @@ NTSTATUS dcerpc_check_auth(struct pipe_auth_data = *auth, > > > - DATA_BLOB *raw_pkt, > > > - size_t *pad_len); > > > -=20 > > > --/* The following definitions come from librpc/rpc/rpc_common.c */ > > > -- > > > --bool smb_register_ndr_interface(const struct ndr_interface_table *i= nterface); > > > --const struct ndr_interface_table *get_iface_from_syntax( > > > -- const struct ndr_syntax_id *syntax); > > > --const char *get_pipe_name_from_syntax(TALLOC_CTX *mem_ctx, > > > -- const struct ndr_syntax_id *sy= ntax); > > > -- > > > - #endif /* __S3_DCERPC_H__ */ > > > -diff --git a/source3/librpc/rpc/rpc_common.c b/source3/librpc/rpc/rp= c_common.c > > > -deleted file mode 100644 > > > -index 1219b2d..0000000 > > > ---- a/source3/librpc/rpc/rpc_common.c > > > -+++ /dev/null > > > -@@ -1,209 +0,0 @@ > > > --/*=20 > > > -- * Unix SMB/CIFS implementation. > > > -- * RPC Pipe client / server routines > > > -- * Largely rewritten by Jeremy Allison 2005. > > > -- * =20 > > > -- * This program is free software; you can redistribute it and/or m= odify > > > -- * it under the terms of the GNU General Public License as publish= ed by > > > -- * the Free Software Foundation; either version 3 of the License, = or > > > -- * (at your option) any later version. > > > -- * =20 > > > -- * This program is distributed in the hope that it will be useful, > > > -- * but WITHOUT ANY WARRANTY; without even the implied warranty of > > > -- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the > > > -- * GNU General Public License for more details. > > > -- * =20 > > > -- * You should have received a copy of the GNU General Public Licen= se > > > -- * along with this program; if not, see . > > > -- */ > > > -- > > > --#include "includes.h" > > > --#include "librpc/rpc/dcerpc.h" > > > --#include "../librpc/gen_ndr/ndr_lsa.h" > > > --#include "../librpc/gen_ndr/ndr_dssetup.h" > > > --#include "../librpc/gen_ndr/ndr_samr.h" > > > --#include "../librpc/gen_ndr/ndr_netlogon.h" > > > --#include "../librpc/gen_ndr/ndr_srvsvc.h" > > > --#include "../librpc/gen_ndr/ndr_wkssvc.h" > > > --#include "../librpc/gen_ndr/ndr_winreg.h" > > > --#include "../librpc/gen_ndr/ndr_spoolss.h" > > > --#include "../librpc/gen_ndr/ndr_dfs.h" > > > --#include "../librpc/gen_ndr/ndr_echo.h" > > > --#include "../librpc/gen_ndr/ndr_initshutdown.h" > > > --#include "../librpc/gen_ndr/ndr_svcctl.h" > > > --#include "../librpc/gen_ndr/ndr_eventlog.h" > > > --#include "../librpc/gen_ndr/ndr_ntsvcs.h" > > > --#include "../librpc/gen_ndr/ndr_epmapper.h" > > > --#include "../librpc/gen_ndr/ndr_drsuapi.h" > > > --#include "../librpc/gen_ndr/ndr_fsrvp.h" > > > -- > > > --static const char *get_pipe_name_from_iface( > > > -- TALLOC_CTX *mem_ctx, const struct ndr_interface_table *interface) > > > --{ > > > -- int i; > > > -- const struct ndr_interface_string_array *ep =3D interface->endpoin= ts; > > > -- char *p; > > > -- > > > -- for (i=3D0; icount; i++) { > > > -- if (strncmp(ep->names[i], "ncacn_np:[\\pipe\\", 16) =3D=3D 0) { > > > -- break; > > > -- } > > > -- } > > > -- if (i =3D=3D ep->count) { > > > -- return NULL; > > > -- } > > > -- > > > -- /* > > > -- * extract the pipe name without \\pipe from for example > > > -- * ncacn_np:[\\pipe\\epmapper] > > > -- */ > > > -- p =3D strchr(ep->names[i]+15, ']'); > > > -- if (p =3D=3D NULL) { > > > -- return "PIPE"; > > > -- } > > > -- return talloc_strndup(mem_ctx, ep->names[i]+15, p - ep->names[i] -= 15); > > > --} > > > -- > > > --static const struct ndr_interface_table **interfaces; > > > -- > > > --bool smb_register_ndr_interface(const struct ndr_interface_table *i= nterface) > > > --{ > > > -- int num_interfaces =3D talloc_array_length(interfaces); > > > -- const struct ndr_interface_table **tmp; > > > -- int i; > > > -- > > > -- for (i=3D0; i > > -- if (ndr_syntax_id_equal(&interfaces[i]->syntax_id, > > > -- &interface->syntax_id)) { > > > -- return true; > > > -- } > > > -- } > > > -- > > > -- tmp =3D talloc_realloc(NULL, interfaces, > > > -- const struct ndr_interface_table *, > > > -- num_interfaces + 1); > > > -- if (tmp =3D=3D NULL) { > > > -- DEBUG(1, ("smb_register_ndr_interface: talloc failed\n")); > > > -- return false; > > > -- } > > > -- interfaces =3D tmp; > > > -- interfaces[num_interfaces] =3D interface; > > > -- return true; > > > --} > > > -- > > > --static bool initialize_interfaces(void) > > > --{ > > > -- if (!smb_register_ndr_interface(&ndr_table_lsarpc)) { > > > -- return false; > > > -- } > > > -- if (!smb_register_ndr_interface(&ndr_table_dssetup)) { > > > -- return false; > > > -- } > > > -- if (!smb_register_ndr_interface(&ndr_table_samr)) { > > > -- return false; > > > -- } > > > -- if (!smb_register_ndr_interface(&ndr_table_netlogon)) { > > > -- return false; > > > -- } > > > -- if (!smb_register_ndr_interface(&ndr_table_srvsvc)) { > > > -- return false; > > > -- } > > > -- if (!smb_register_ndr_interface(&ndr_table_wkssvc)) { > > > -- return false; > > > -- } > > > -- if (!smb_register_ndr_interface(&ndr_table_winreg)) { > > > -- return false; > > > -- } > > > -- if (!smb_register_ndr_interface(&ndr_table_spoolss)) { > > > -- return false; > > > -- } > > > -- if (!smb_register_ndr_interface(&ndr_table_netdfs)) { > > > -- return false; > > > -- } > > > -- if (!smb_register_ndr_interface(&ndr_table_rpcecho)) { > > > -- return false; > > > -- } > > > -- if (!smb_register_ndr_interface(&ndr_table_initshutdown)) { > > > -- return false; > > > -- } > > > -- if (!smb_register_ndr_interface(&ndr_table_svcctl)) { > > > -- return false; > > > -- } > > > -- if (!smb_register_ndr_interface(&ndr_table_eventlog)) { > > > -- return false; > > > -- } > > > -- if (!smb_register_ndr_interface(&ndr_table_ntsvcs)) { > > > -- return false; > > > -- } > > > -- if (!smb_register_ndr_interface(&ndr_table_epmapper)) { > > > -- return false; > > > -- } > > > -- if (!smb_register_ndr_interface(&ndr_table_drsuapi)) { > > > -- return false; > > > -- } > > > -- if (!smb_register_ndr_interface(&ndr_table_FileServerVssAgent)) { > > > -- return false; > > > -- } > > > -- return true; > > > --} > > > -- > > > --const struct ndr_interface_table *get_iface_from_syntax( > > > -- const struct ndr_syntax_id *syntax) > > > --{ > > > -- int num_interfaces; > > > -- int i; > > > -- > > > -- if (interfaces =3D=3D NULL) { > > > -- if (!initialize_interfaces()) { > > > -- return NULL; > > > -- } > > > -- } > > > -- num_interfaces =3D talloc_array_length(interfaces); > > > -- > > > -- for (i=3D0; i > > -- if (ndr_syntax_id_equal(&interfaces[i]->syntax_id, syntax)) { > > > -- return interfaces[i]; > > > -- } > > > -- } > > > -- > > > -- return NULL; > > > --} > > > -- > > > --/******************************************************************= ********** > > > -- Return the pipe name from the interface. > > > -- ******************************************************************= **********/ > > > -- > > > --const char *get_pipe_name_from_syntax(TALLOC_CTX *mem_ctx, > > > -- const struct ndr_syntax_id *syntax) > > > --{ > > > -- const struct ndr_interface_table *interface; > > > -- char *guid_str; > > > -- const char *result; > > > -- > > > -- interface =3D get_iface_from_syntax(syntax); > > > -- if (interface !=3D NULL) { > > > -- result =3D get_pipe_name_from_iface(mem_ctx, interface); > > > -- if (result !=3D NULL) { > > > -- return result; > > > -- } > > > -- } > > > -- > > > -- /* > > > -- * Here we should ask \\epmapper, but for now our code is only > > > -- * interested in the known pipes mentioned in pipe_names[] > > > -- */ > > > -- > > > -- guid_str =3D GUID_string(talloc_tos(), &syntax->uuid); > > > -- if (guid_str =3D=3D NULL) { > > > -- return NULL; > > > -- } > > > -- result =3D talloc_asprintf(mem_ctx, "Interface %s.%d", guid_str, > > > -- (int)syntax->if_version); > > > -- TALLOC_FREE(guid_str); > > > -- > > > -- if (result =3D=3D NULL) { > > > -- return "PIPE"; > > > -- } > > > -- return result; > > > --} > > > -- > > > -diff --git a/source3/wscript_build b/source3/wscript_build > > > -index bb2e928..8126cf6 100755 > > > ---- a/source3/wscript_build > > > -+++ b/source3/wscript_build > > > -@@ -141,7 +141,6 @@ LIBSMB_SRC =3D '''libsmb/clientgen.c libsmb/clic= onnect.c libsmb/clifile.c > > > -=20 > > > - LIBMSRPC_SRC =3D ''' > > > - rpc_client/cli_pipe.c > > > -- librpc/rpc/rpc_common.c > > > - rpc_client/rpc_transport_np.c > > > - rpc_client/rpc_transport_sock.c > > > - rpc_client/rpc_transport_tstream.c > > > ---=20 > > > -1.9.3 > > > - > > > - > > > -From 2b2d978bd97299371a1fd7798d69ab377a76d389 Mon Sep 17 00:00:00 20= 01 > > > -From: Volker Lendecke > > > -Date: Wed, 14 Aug 2013 09:27:59 +0000 > > > -Subject: [PATCH 112/249] winbind3: Fix an invalid free > > > -MIME-Version: 1.0 > > > -Content-Type: text/plain; charset=3DUTF-8 > > > -Content-Transfer-Encoding: 8bit > > > - > > > -This fixes a warning I've never seen before :-) > > > - > > > -../source3/winbindd/winbindd_cm.c:781:59: warning: attempt to free a= non-heap object =E2=80=98machine_krb5_principal=E2=80=99 [-Wfree-nonheap-o= bject] > > > - > > > -Signed-off-by: Volker Lendecke > > > -Reviewed-by: Stefan Metzmacher > > > - > > > -Autobuild-User(master): Stefan Metzmacher > > > -Autobuild-Date(master): Wed Aug 14 14:04:16 CEST 2013 on sn-devel-104 > > > -(cherry picked from commit 5f75814586f2d6f7c2dc8fd9342cb045c1f7e68c) > > > ---- > > > - source3/winbindd/winbindd_cm.c | 2 +- > > > - 1 file changed, 1 insertion(+), 1 deletion(-) > > > - > > > -diff --git a/source3/winbindd/winbindd_cm.c b/source3/winbindd/winbi= ndd_cm.c > > > -index facef64..d868826 100644 > > > ---- a/source3/winbindd/winbindd_cm.c > > > -+++ b/source3/winbindd/winbindd_cm.c > > > -@@ -840,7 +840,7 @@ static NTSTATUS get_trust_creds(const struct win= bindd_domain *domain, > > > - } > > > -=20 > > > - if (!strupper_m(*machine_krb5_principal)) { > > > -- SAFE_FREE(machine_krb5_principal); > > > -+ SAFE_FREE(*machine_krb5_principal); > > > - return NT_STATUS_INVALID_PARAMETER; > > > - } > > > - } > > > ---=20 > > > -1.9.3 > > > - > > > - > > > -From 1b88903c4f5931397e22874b3751dd05a03a2dea Mon Sep 17 00:00:00 20= 01 > > > -From: Andrew Bartlett > > > -Date: Fri, 11 Oct 2013 13:34:13 +1300 > > > -Subject: [PATCH 113/249] s3-winbindd: Remove undocumented winbindd:s= ocket dir > > > - parameter > > > - > > > -This uses the documeted "winbindd socket directory" parameter instea= d. > > > - > > > -This came about due to the merge of the two smb.conf tables in s3 and > > > -s4 for the Samba 4.0 release. The s4 code used a real parameter, > > > -which caused this to be documented, whereas no automatic procedure > > > -existed to notice the parametric option and the need to document tha= t. > > > -The fact that this was not used consistently in both codebases is one > > > -of the many areas of technical debt we still need to pay off here. > > > - > > > -Andrew Bartlett > > > - > > > -Signed-off-by: Andrew Bartlett > > > -Reviewed-by: Andreas Schneider > > > -(cherry picked from commit e512491552d9ed0dc1005a23ffc8f77ba237f863) > > > ---- > > > - selftest/target/Samba3.pm | 2 +- > > > - source3/include/proto.h | 1 + > > > - source3/param/loadparm.c | 1 + > > > - source3/winbindd/winbindd.c | 9 ++------- > > > - source3/winbindd/winbindd_proto.h | 1 - > > > - 5 files changed, 5 insertions(+), 9 deletions(-) > > > - > > > -diff --git a/selftest/target/Samba3.pm b/selftest/target/Samba3.pm > > > -index ba01154..d8f0c27 100755 > > > ---- a/selftest/target/Samba3.pm > > > -+++ b/selftest/target/Samba3.pm > > > -@@ -972,7 +972,7 @@ sub provision($$$$$$) > > > - printing =3D bsd > > > - printcap name =3D /dev/null > > > -=20 > > > -- winbindd:socket dir =3D $wbsockdir > > > -+ winbindd socket directory =3D $wbsockdir > > > - nmbd:socket dir =3D $nmbdsockdir > > > - idmap config * : range =3D 100000-200000 > > > - winbind enum users =3D yes > > > -diff --git a/source3/include/proto.h b/source3/include/proto.h > > > -index cbad7ac..53cd59d 100644 > > > ---- a/source3/include/proto.h > > > -+++ b/source3/include/proto.h > > > -@@ -1069,6 +1069,7 @@ char *lp_wins_hook(TALLOC_CTX *ctx); > > > - const char *lp_template_homedir(void); > > > - const char *lp_template_shell(void); > > > - const char *lp_winbind_separator(void); > > > -+const char *lp_winbindd_socket_directory(void); > > > - bool lp_winbind_enum_users(void); > > > - bool lp_winbind_enum_groups(void); > > > - bool lp_winbind_use_default_domain(void); > > > -diff --git a/source3/param/loadparm.c b/source3/param/loadparm.c > > > -index 4b31023..b2804ae 100644 > > > ---- a/source3/param/loadparm.c > > > -+++ b/source3/param/loadparm.c > > > -@@ -961,6 +961,7 @@ static void init_globals(bool reinit_globals) > > > - string_set(&Globals.szTemplateShell, "/bin/false"); > > > - string_set(&Globals.szTemplateHomedir, "/home/%D/%U"); > > > - string_set(&Globals.szWinbindSeparator, "\\"); > > > -+ string_set(&Globals.szWinbinddSocketDirectory, dyn_WINBINDD_SOCKET= _DIR); > > > -=20 > > > - string_set(&Globals.szCupsServer, ""); > > > - string_set(&Globals.szIPrintServer, ""); > > > -diff --git a/source3/winbindd/winbindd.c b/source3/winbindd/winbindd= =2Ec > > > -index f101e52..69a17bf 100644 > > > ---- a/source3/winbindd/winbindd.c > > > -+++ b/source3/winbindd/winbindd.c > > > -@@ -189,7 +189,7 @@ static void terminate(bool is_parent) > > > - char *path =3D NULL; > > > -=20 > > > - if (asprintf(&path, "%s/%s", > > > -- get_winbind_pipe_dir(), WINBINDD_SOCKET_NAME) > 0) { > > > -+ lp_winbindd_socket_directory(), WINBINDD_SOCKET_NAME) > 0) { > > > - unlink(path); > > > - SAFE_FREE(path); > > > - } > > > -@@ -1067,11 +1067,6 @@ static void winbindd_listen_fde_handler(struc= t tevent_context *ev, > > > - * Winbindd socket accessor functions > > > - */ > > > -=20 > > > --const char *get_winbind_pipe_dir(void) > > > --{ > > > -- return lp_parm_const_string(-1, "winbindd", "socket dir", get_dyn_= WINBINDD_SOCKET_DIR()); > > > --} > > > -- > > > - char *get_winbind_priv_pipe_dir(void) > > > - { > > > - return state_path(WINBINDD_PRIV_SOCKET_SUBDIR); > > > -@@ -1092,7 +1087,7 @@ static bool winbindd_setup_listeners(void) > > > -=20 > > > - pub_state->privileged =3D false; > > > - pub_state->fd =3D create_pipe_sock( > > > -- get_winbind_pipe_dir(), WINBINDD_SOCKET_NAME, 0755); > > > -+ lp_winbindd_socket_directory(), WINBINDD_SOCKET_NAME, 0755); > > > - if (pub_state->fd =3D=3D -1) { > > > - goto failed; > > > - } > > > -diff --git a/source3/winbindd/winbindd_proto.h b/source3/winbindd/wi= nbindd_proto.h > > > -index 3df7d7c..cfc19d0 100644 > > > ---- a/source3/winbindd/winbindd_proto.h > > > -+++ b/source3/winbindd/winbindd_proto.h > > > -@@ -34,7 +34,6 @@ bool winbindd_setup_stdin_handler(bool parent, boo= l foreground); > > > - bool winbindd_setup_sig_hup_handler(const char *lfile); > > > - bool winbindd_use_idmap_cache(void); > > > - bool winbindd_use_cache(void); > > > --const char *get_winbind_pipe_dir(void); > > > - char *get_winbind_priv_pipe_dir(void); > > > - struct tevent_context *winbind_event_context(void); > > > - int main(int argc, char **argv, char **envp); > > > ---=20 > > > -1.9.3 > > > - > > > - > > > -From d0ae2d10385dea4b8fae3d8932d40f546ff8905b Mon Sep 17 00:00:00 20= 01 > > > -From: Andrew Bartlett > > > -Date: Mon, 14 Oct 2013 15:33:20 +1300 > > > -Subject: [PATCH 114/249] lib/param: lp_magicchar takes a const struct > > > - share_params *p so should be FN_LOCAL_PARM_CHAR > > > - > > > -This was found when trying to autogenerate prototypes for lp_ functi= ons again. > > > - > > > -Andrew Bartlett > > > - > > > -Signed-off-by: Andrew Bartlett > > > -Reviewed-by: Stefan Metzmacher > > > ---- > > > - lib/param/loadparm.c | 2 +- > > > - lib/param/param_functions.c | 2 +- > > > - source3/param/loadparm.c | 2 +- > > > - 3 files changed, 3 insertions(+), 3 deletions(-) > > > - > > > -diff --git a/lib/param/loadparm.c b/lib/param/loadparm.c > > > -index 455c5e6..4497dbf 100644 > > > ---- a/lib/param/loadparm.c > > > -+++ b/lib/param/loadparm.c > > > -@@ -314,7 +314,7 @@ static struct loadparm_context *global_loadparm_= context; > > > -=20 > > > - #define FN_LOCAL_PARM_INTEGER(fn_name, val) FN_LOCAL_INTEGER(fn_nam= e, val) > > > -=20 > > > --#define FN_LOCAL_CHAR(fn_name,val) \ > > > -+#define FN_LOCAL_PARM_CHAR(fn_name,val) \ > > > - _PUBLIC_ char lpcfg_ ## fn_name(struct loadparm_service *service, \ > > > - struct loadparm_service *sDefault) { \ > > > - return((service !=3D NULL)? service->val : sDefault->val); \ > > > -diff --git a/lib/param/param_functions.c b/lib/param/param_functions= =2Ec > > > -index d9d5df6..60f9c07 100644 > > > ---- a/lib/param/param_functions.c > > > -+++ b/lib/param/param_functions.c > > > -@@ -147,7 +147,7 @@ FN_LOCAL_INTEGER(aio_write_size, iAioWriteSize) > > > - FN_LOCAL_INTEGER(map_readonly, iMap_readonly) > > > - FN_LOCAL_INTEGER(directory_name_cache_size, iDirectoryNameCacheSize) > > > - FN_LOCAL_INTEGER(smb_encrypt, ismb_encrypt) > > > --FN_LOCAL_CHAR(magicchar, magic_char) > > > -+FN_LOCAL_PARM_CHAR(magicchar, magic_char) > > > - FN_LOCAL_STRING(cups_options, szCupsOptions) > > > - FN_LOCAL_PARM_BOOL(change_notify, bChangeNotify) > > > - FN_LOCAL_PARM_BOOL(kernel_change_notify, bKernelChangeNotify) > > > -diff --git a/source3/param/loadparm.c b/source3/param/loadparm.c > > > -index b2804ae..40f3242 100644 > > > ---- a/source3/param/loadparm.c > > > -+++ b/source3/param/loadparm.c > > > -@@ -1116,7 +1116,7 @@ char *lp_ ## fn_name(TALLOC_CTX *ctx,int i) {r= eturn(lp_string((ctx), (LP_SNUM_OK > > > - bool lp_ ## fn_name(const struct share_params *p) {return(bool)(LP= _SNUM_OK(p->service)? ServicePtrs[(p->service)]->val : sDefault.val);} > > > - #define FN_LOCAL_PARM_INTEGER(fn_name,val) \ > > > - int lp_ ## fn_name(const struct share_params *p) {return(LP_SNUM_O= K(p->service)? ServicePtrs[(p->service)]->val : sDefault.val);} > > > --#define FN_LOCAL_CHAR(fn_name,val) \ > > > -+#define FN_LOCAL_PARM_CHAR(fn_name,val) \ > > > - char lp_ ## fn_name(const struct share_params *p) {return(LP_SNUM_= OK(p->service)? ServicePtrs[(p->service)]->val : sDefault.val);} > > > -=20 > > > -=20 > > > ---=20 > > > -1.9.3 > > > - > > > - > > > -From bf5cb3b6c6e2d3171b70fff5deb9a7767d6609a8 Mon Sep 17 00:00:00 20= 01 > > > -From: Andrew Bartlett > > > -Date: Mon, 14 Oct 2013 13:47:27 +1300 > > > -Subject: [PATCH 115/249] build: Move loadparm-related build rules to > > > - source3/param/wscript_build > > > - > > > -Signed-off-by: Andrew Bartlett > > > -Reviewed-by: Stefan Metzmacher > > > ---- > > > - source3/param/wscript_build | 32 ++++++++++++++++++++++++++++++++ > > > - source3/wscript_build | 36 ++--------------------------------= -- > > > - 2 files changed, 34 insertions(+), 34 deletions(-) > > > - create mode 100644 source3/param/wscript_build > > > - > > > -diff --git a/source3/param/wscript_build b/source3/param/wscript_bui= ld > > > -new file mode 100644 > > > -index 0000000..278d5f5 > > > ---- /dev/null > > > -+++ b/source3/param/wscript_build > > > -@@ -0,0 +1,32 @@ > > > -+#!/usr/bin/env python > > > -+ > > > -+bld.SAMBA3_SUBSYSTEM('PARAM_UTIL', > > > -+ source=3D'util.c', > > > -+ deps=3D'talloc') > > > -+ > > > -+bld.SAMBA3_SUBSYSTEM('LOADPARM_CTX', > > > -+ source=3D'loadparm_ctx.c', > > > -+ deps=3D'''talloc s3_param_h param''') > > > -+ > > > -+bld.SAMBA_GENERATOR('s3_param_global_h', > > > -+ source=3D '../../script/mkparamdefs.pl loadparm= =2Ec ../../lib/param/param_functions.c', > > > -+ target=3D'param_global.h', > > > -+ rule=3D'${PERL} ${SRC[0].abspath(env)} ${SRC[1]= =2Eabspath(env)} ${SRC[2].abspath(env)} --file ${TGT} --generate-scope=3DGL= OBAL') > > > -+ > > > -+bld.SAMBA3_PYTHON('pys3param', > > > -+ source=3D'pyparam.c', > > > -+ deps=3D'param', > > > -+ public_deps=3D'samba-hostconfig pytalloc-util tal= loc', > > > -+ realname=3D'samba/samba3/param.so') > > > -+ > > > -+bld.SAMBA3_SUBSYSTEM('param_service', > > > -+ source=3D'service.c', > > > -+ deps =3D 'USER_UTIL param PRINTING') > > > -+ > > > -+bld.SAMBA3_BINARY('test_lp_load', > > > -+ source=3D'test_lp_load.c', > > > -+ deps=3D''' > > > -+ talloc > > > -+ param > > > -+ popt_samba3''', > > > -+ install=3DFalse) > > > -diff --git a/source3/wscript_build b/source3/wscript_build > > > -index 8126cf6..13d15c3 100755 > > > ---- a/source3/wscript_build > > > -+++ b/source3/wscript_build > > > -@@ -751,33 +751,9 @@ bld.SAMBA3_SUBSYSTEM('SERVER_MUTEX', > > > - source=3DSERVER_MUTEX_SRC, > > > - deps=3D'talloc') > > > -=20 > > > --bld.SAMBA3_SUBSYSTEM('PARAM_UTIL', > > > -- source=3DPARAM_UTIL_SRC, > > > -- deps=3D'talloc') > > > -- > > > --bld.SAMBA3_SUBSYSTEM('LOADPARM_CTX', > > > -- source=3D'param/loadparm_ctx.c', > > > -- deps=3D'''talloc s3_param_h param''', > > > -- vars=3Dlocals()) > > > -- > > > --bld.SAMBA_GENERATOR('param/param_global_h', > > > -- source=3D '../script/mkparamdefs.pl param/loadp= arm.c ../lib/param/param_functions.c', > > > -- target=3D'param/param_global.h', > > > -- rule=3D'${PERL} ${SRC[0].abspath(env)} ${SRC[1]= =2Eabspath(env)} ${SRC[2].abspath(env)} --file ${TGT} --generate-scope=3DGL= OBAL') > > > -- > > > - bld.SAMBA3_SUBSYSTEM('param', > > > - source=3DPARAM_WITHOUT_REG_SRC, > > > -- deps=3D'samba-util PARAM_UTIL ldap lber LOADPARM= _CTX samba3core smbconf param_local_h param/param_global_h cups''') > > > -- > > > --bld.SAMBA3_PYTHON('pys3param', > > > -- source=3D'param/pyparam.c', > > > -- deps=3D'param', > > > -- public_deps=3D'samba-hostconfig pytalloc-util tal= loc', > > > -- realname=3D'samba/samba3/param.so') > > > -- =20 > > > --bld.SAMBA3_SUBSYSTEM('param_service', > > > -- source=3D'param/service.c', > > > -- deps =3D 'USER_UTIL param PRINTING') > > > -+ deps=3D'samba-util PARAM_UTIL ldap lber LOADPARM= _CTX samba3core smbconf param_local_h s3_param_global_h cups''') > > > -=20 > > > - bld.SAMBA3_SUBSYSTEM('REGFIO', > > > - source=3DREGFIO_SRC, > > > -@@ -1566,15 +1542,6 @@ bld.SAMBA3_BINARY('rpc_open_tcp', > > > - install=3DFalse, > > > - vars=3Dlocals()) > > > -=20 > > > --bld.SAMBA3_BINARY('test_lp_load', > > > -- source=3DTEST_LP_LOAD_SRC, > > > -- deps=3D''' > > > -- talloc > > > -- param > > > -- popt_samba3''', > > > -- install=3DFalse, > > > -- vars=3Dlocals()) > > > -- > > > - bld.SAMBA3_BINARY('dbwrap_tool', > > > - source=3DDBWRAP_TOOL_SRC, > > > - deps=3D''' > > > -@@ -1638,6 +1605,7 @@ bld.RECURSE('librpc/idl') > > > - bld.RECURSE('libsmb') > > > - bld.RECURSE('modules') > > > - bld.RECURSE('pam_smbpass') > > > -+bld.RECURSE('param') > > > - bld.RECURSE('passdb') > > > - bld.RECURSE('rpc_server') > > > - bld.RECURSE('script') > > > ---=20 > > > -1.9.3 > > > - > > > - > > > -From 281cb415404f7044a4bdbc93a21b2f755cbc74ee Mon Sep 17 00:00:00 20= 01 > > > -From: Andrew Bartlett > > > -Date: Mon, 14 Oct 2013 15:34:40 +1300 > > > -Subject: [PATCH 116/249] lib/param: Do not attempt to access the s3 = function > > > - for allocated and subbed string parameters > > > - > > > -This allows us not to generate array entries for these, which in tur= n allows > > > -us to avoid initialising them. The issue is that we do not have the > > > -% macro sub context nor a talloc context handy (yet). > > > - > > > -Andrew Bartlett > > > - > > > -Signed-off-by: Andrew Bartlett > > > -Reviewed-by: Stefan Metzmacher > > > ---- > > > - lib/param/loadparm.c | 21 ++++++++++----------- > > > - 1 file changed, 10 insertions(+), 11 deletions(-) > > > - > > > -diff --git a/lib/param/loadparm.c b/lib/param/loadparm.c > > > -index 4497dbf..23b45e2 100644 > > > ---- a/lib/param/loadparm.c > > > -+++ b/lib/param/loadparm.c > > > -@@ -232,7 +232,16 @@ static struct loadparm_context *global_loadparm= _context; > > > - #define lpcfg_default_service global_loadparm_context->sDefault > > > - #define lpcfg_global_service(i) global_loadparm_context->services[i] > > > -=20 > > > --#define FN_GLOBAL_STRING(fn_name,var_name) \ > > > -+#define FN_GLOBAL_STRING(fn_name,var_name) \ > > > -+ _PUBLIC_ const char *lpcfg_ ## fn_name(struct loadparm_context *lp= _ctx) {\ > > > -+ if (lp_ctx =3D=3D NULL) return NULL; \ > > > -+ if (lp_ctx->s3_fns) { \ > > > -+ smb_panic( __location__ ": " #fn_name " not implemented b= ecause it is an allocated and substiuted string"); \ > > > -+ } \ > > > -+ return lp_ctx->globals->var_name ? lp_string(lp_ctx->globals->var= _name) : ""; \ > > > -+} > > > -+ > > > -+#define FN_GLOBAL_CONST_STRING(fn_name,var_name) \ > > > - _PUBLIC_ const char *lpcfg_ ## fn_name(struct loadparm_context *lp= _ctx) { \ > > > - if (lp_ctx =3D=3D NULL) return NULL; \ > > > - if (lp_ctx->s3_fns) { \ > > > -@@ -242,16 +251,6 @@ static struct loadparm_context *global_loadparm= _context; > > > - return lp_ctx->globals->var_name ? lp_string(lp_ctx->globals->var_= name) : ""; \ > > > - } > > > -=20 > > > --#define FN_GLOBAL_CONST_STRING(fn_name,var_name) \ > > > -- _PUBLIC_ const char *lpcfg_ ## fn_name(struct loadparm_context *lp= _ctx) {\ > > > -- if (lp_ctx =3D=3D NULL) return NULL; \ > > > -- if (lp_ctx->s3_fns) { \ > > > -- SMB_ASSERT(lp_ctx->s3_fns->fn_name); \ > > > -- return lp_ctx->s3_fns->fn_name(); \ > > > -- } \ > > > -- return lp_ctx->globals->var_name ? lp_string(lp_ctx->globals->var= _name) : ""; \ > > > -- } > > > -- > > > - #define FN_GLOBAL_LIST(fn_name,var_name) \ > > > - _PUBLIC_ const char **lpcfg_ ## fn_name(struct loadparm_context *l= p_ctx) { \ > > > - if (lp_ctx =3D=3D NULL) return NULL; \ > > > ---=20 > > > -1.9.3 > > > - > > > - > > > -From e610d185d26910e6cb96ddf8507c31c5f1503271 Mon Sep 17 00:00:00 20= 01 > > > -From: Andrew Bartlett > > > -Date: Mon, 14 Oct 2013 15:36:18 +1300 > > > -Subject: [PATCH 117/249] param: Skip generating hooks for local and = string > > > - parameters > > > - > > > -Signed-off-by: Andrew Bartlett > > > -Reviewed-by: Stefan Metzmacher > > > ---- > > > - script/mks3param.pl | 9 ++++++++- > > > - 1 file changed, 8 insertions(+), 1 deletion(-) > > > - > > > -diff --git a/script/mks3param.pl b/script/mks3param.pl > > > -index 4222ca5..799958c 100644 > > > ---- a/script/mks3param.pl > > > -+++ b/script/mks3param.pl > > > -@@ -108,7 +108,14 @@ sub handle_loadparm($$) > > > - { > > > - my ($file,$line) =3D @_; > > > -=20 > > > -- if ($line =3D~ /^FN_(GLOBAL|LOCAL)_(CONST_STRING|STRING|BOOL|bool|= CHAR|INTEGER|LIST)\((\w+),.*\)/o) { > > > -+ # Local parameters don't need the ->s3_fns because the struct > > > -+ # loadparm_service is shared and lpcfg_service() checks the ->s3_f= ns > > > -+ # hook > > > -+ # > > > -+ # STRING isn't handled as we do not yet have a way to pass in a me= mory context nor > > > -+ # do we have a good way of dealing with the % macros yet. > > > -+ > > > -+ if ($line =3D~ /^FN_(GLOBAL)_(CONST_STRING|BOOL|bool|CHAR|INTEGER|= LIST)\((\w+),.*\)/o) { > > > - my $scope =3D $1; > > > - my $type =3D $2; > > > - my $name =3D $3; > > > ---=20 > > > -1.9.3 > > > - > > > - > > > -From 970290dc75404ab366617210edfca718fe21864b Mon Sep 17 00:00:00 20= 01 > > > -From: Andrew Bartlett > > > -Date: Mon, 14 Oct 2013 15:39:10 +1300 > > > -Subject: [PATCH 118/249] s3/param: Autogenerate parameters prototype= s again > > > - after proto.h was frozen > > > - > > > -This autogenerates the parameters so that we can keep everything in = sync easier, > > > -particularly when adding new parameters. This will also make it eas= ier to move > > > -to a fully autogenerated system in the future, as it reduces special= cases. > > > - > > > -Andrew Bartlett > > > - > > > -Signed-off-by: Andrew Bartlett > > > -Reviewed-by: Stefan Metzmacher > > > ---- > > > - script/mks3param_proto.pl | 199 +++++++++++++++++++++++++++++++++= +++++++++++ > > > - source3/include/proto.h | 2 + > > > - source3/param/wscript_build | 5 ++ > > > - 3 files changed, 206 insertions(+) > > > - create mode 100644 script/mks3param_proto.pl > > > - > > > -diff --git a/script/mks3param_proto.pl b/script/mks3param_proto.pl > > > -new file mode 100644 > > > -index 0000000..446e343 > > > ---- /dev/null > > > -+++ b/script/mks3param_proto.pl > > > -@@ -0,0 +1,199 @@ > > > -+#!/usr/bin/perl > > > -+# Generate loadparm interfaces tables for Samba3/Samba4 integration > > > -+# by Andrew Bartlett > > > -+# based on mkproto.pl Written by Jelmer Vernooij > > > -+# based on the original mkproto.sh by Andrew Tridgell > > > -+ > > > -+use strict; > > > -+ > > > -+# don't use warnings module as it is not portable enough > > > -+# use warnings; > > > -+ > > > -+use Getopt::Long; > > > -+use File::Basename; > > > -+use File::Path; > > > -+ > > > -+###################################################################= ## > > > -+# read a file into a string > > > -+ > > > -+my $file =3D undef; > > > -+my $public_define =3D undef; > > > -+my $_public =3D ""; > > > -+my $_private =3D ""; > > > -+my $public_data =3D \$_public; > > > -+my $builddir =3D "."; > > > -+my $srcdir =3D "."; > > > -+ > > > -+sub public($) > > > -+{ > > > -+ my ($d) =3D @_; > > > -+ $$public_data .=3D $d; > > > -+} > > > -+ > > > -+sub usage() > > > -+{ > > > -+ print "Usage: mks3param.pl [options] [c files]\n"; > > > -+ print "OPTIONS:\n"; > > > -+ print " --srcdir=3Dpath Read files relative to this dire= ctory\n"; > > > -+ print " --builddir=3Dpath Write file relative to this dire= ctory\n"; > > > -+ print " --help Print this help message\n\n"; > > > -+ exit 0; > > > -+} > > > -+ > > > -+GetOptions( > > > -+ 'file=3Ds' =3D> sub { my ($f,$v) =3D @_; $file =3D $v; }, > > > -+ 'srcdir=3Ds' =3D> sub { my ($f,$v) =3D @_; $srcdir =3D $v; }, > > > -+ 'builddir=3Ds' =3D> sub { my ($f,$v) =3D @_; $builddir =3D $v; }, > > > -+ 'help' =3D> \&usage > > > -+) or exit(1); > > > -+ > > > -+sub normalize_define($$) > > > -+{ > > > -+ my ($define, $file) =3D @_; > > > -+ > > > -+ if (not defined($define) and defined($file)) { > > > -+ $define =3D "__" . uc($file) . "__"; > > > -+ $define =3D~ tr{./}{__}; > > > -+ $define =3D~ tr{\-}{_}; > > > -+ } elsif (not defined($define)) { > > > -+ $define =3D '_S3_PARAM_PROTO_H_'; > > > -+ } > > > -+ > > > -+ return $define; > > > -+} > > > -+ > > > -+$public_define =3D normalize_define($public_define, $file); > > > -+ > > > -+sub file_load($) > > > -+{ > > > -+ my($filename) =3D @_; > > > -+ local(*INPUTFILE); > > > -+ open(INPUTFILE, $filename) or return undef; > > > -+ my($saved_delim) =3D $/; > > > -+ undef $/; > > > -+ my($data) =3D ; > > > -+ close(INPUTFILE); > > > -+ $/ =3D $saved_delim; > > > -+ return $data; > > > -+} > > > -+ > > > -+sub print_header($$) > > > -+{ > > > -+ my ($file, $header_name) =3D @_; > > > -+ $file->("#ifndef $header_name\n"); > > > -+ $file->("#define $header_name\n\n"); > > > -+ $file->("/* This file was automatically generated by mks3param_pro= to.pl. DO NOT EDIT */\n\n"); > > > -+} > > > -+ > > > -+sub print_footer($$) > > > -+{ > > > -+ my ($file, $header_name) =3D @_; > > > -+ $file->("\n#endif /* $header_name */\n\n"); > > > -+} > > > -+ > > > -+sub handle_loadparm($$) > > > -+{ > > > -+ my ($file,$line) =3D @_; > > > -+ > > > -+ my $scope; > > > -+ my $type; > > > -+ my $name; > > > -+ my $var; > > > -+ my $param; > > > -+ > > > -+ if ($line =3D~ /^FN_(GLOBAL|LOCAL)_(CONST_STRING|STRING|BOOL|bool|= CHAR|INTEGER|LIST)\((\w+),(.*)\)/o) { > > > -+ $scope =3D $1; > > > -+ $type =3D $2; > > > -+ $name =3D $3; > > > -+ $var =3D $4; > > > -+ $param =3D "int"; > > > -+ } elsif ($line =3D~ /^FN_(GLOBAL|LOCAL)_PARM_(CONST_STRING|STRING|= BOOL|bool|CHAR|INTEGER|LIST)\((\w+),(.*)\)/o) { > > > -+ $scope =3D $1; > > > -+ $type =3D $2; > > > -+ $name =3D $3; > > > -+ $var =3D $4; > > > -+ $param =3D "const struct share_params *p"; > > > -+ } else { > > > -+ return; > > > -+ } > > > -+ > > > -+ my %tmap =3D ( > > > -+ "BOOL" =3D> "bool ", > > > -+ "CONST_STRING" =3D> "const char *", > > > -+ "STRING" =3D> "char *", > > > -+ "INTEGER" =3D> "int ", > > > -+ "CHAR" =3D> "char ", > > > -+ "LIST" =3D> "const char **", > > > -+ ); > > > -+ > > > -+ my %smap =3D ( > > > -+ "GLOBAL" =3D> "void", > > > -+ "LOCAL" =3D> "$param" > > > -+ ); > > > -+ > > > -+ if (($type eq "STRING") and ($scope eq "GLOBAL")) { > > > -+ $file->("$tmap{$type}lp_$name(TALLOC_CTX *ctx);\n"); > > > -+ } elsif (($type eq "STRING") and ($scope eq "LOCAL")) { > > > -+ $file->("$tmap{$type}lp_$name(TALLOC_CTX *ctx, $smap{$scope});= \n"); > > > -+ } else { > > > -+ $file->("$tmap{$type}lp_$name($smap{$scope});\n"); > > > -+ } > > > -+} > > > -+ > > > -+sub process_file($$) > > > -+{ > > > -+ my ($file, $filename) =3D @_; > > > -+ > > > -+ $filename =3D~ s/\.o$/\.c/g; > > > -+ > > > -+ if ($filename =3D~ /^\//) { > > > -+ open(FH, "<$filename") or die("Failed to open $filename"); > > > -+ } elsif (!open(FH, "< $builddir/$filename")) { > > > -+ open(FH, "< $srcdir/$filename") || die "Failed to open $filena= me"; > > > -+ } > > > -+ > > > -+ my $comment =3D undef; > > > -+ my $incomment =3D 0; > > > -+ while (my $line =3D ) { > > > -+ if ($line =3D~ /^\/\*\*/) { > > > -+ $comment =3D ""; > > > -+ $incomment =3D 1; > > > -+ } > > > -+ > > > -+ if ($incomment) { > > > -+ $comment .=3D $line; > > > -+ if ($line =3D~ /\*\//) { > > > -+ $incomment =3D 0; > > > -+ } > > > -+ } > > > -+ > > > -+ # these are ordered for maximum speed > > > -+ next if ($line =3D~ /^\s/); > > > -+ > > > -+ next unless ($line =3D~ /\(/); > > > -+ > > > -+ next if ($line =3D~ /^\/|[;]/); > > > -+ > > > -+ if ($line =3D~ /^FN_/) { > > > -+ handle_loadparm($file, $line); > > > -+ } > > > -+ next; > > > -+ } > > > -+ > > > -+ close(FH); > > > -+} > > > -+ > > > -+ > > > -+print_header(\&public, $public_define); > > > -+ > > > -+process_file(\&public, $_) foreach (@ARGV); > > > -+print_footer(\&public, $public_define); > > > -+ > > > -+if (not defined($file)) { > > > -+ print STDOUT $$public_data; > > > -+} > > > -+ > > > -+mkpath(dirname($file), 0, 0755); > > > -+open(PUBLIC, ">$file") or die("Can't open `$file': $!"); > > > -+print PUBLIC "$$public_data"; > > > -+close(PUBLIC); > > > -diff --git a/source3/include/proto.h b/source3/include/proto.h > > > -index 53cd59d..614baa4 100644 > > > ---- a/source3/include/proto.h > > > -+++ b/source3/include/proto.h > > > -@@ -993,6 +993,8 @@ NTSTATUS change_trust_account_password( const ch= ar *domain, const char *remote_m > > > -=20 > > > - /* The following definitions come from param/loadparm.c */ > > > -=20 > > > -+#include "source3/param/param_proto.h" > > > -+ > > > - const char **lp_smb_ports(void); > > > - const char *lp_dos_charset(void); > > > - const char *lp_unix_charset(void); > > > -diff --git a/source3/param/wscript_build b/source3/param/wscript_bui= ld > > > -index 278d5f5..643c27e 100644 > > > ---- a/source3/param/wscript_build > > > -+++ b/source3/param/wscript_build > > > -@@ -13,6 +13,11 @@ bld.SAMBA_GENERATOR('s3_param_global_h', > > > - target=3D'param_global.h', > > > - rule=3D'${PERL} ${SRC[0].abspath(env)} ${SRC[1]= =2Eabspath(env)} ${SRC[2].abspath(env)} --file ${TGT} --generate-scope=3DGL= OBAL') > > > -=20 > > > -+bld.SAMBA_GENERATOR('s3_param_proto_h', > > > -+ source=3D '../../script/mks3param_proto.pl load= parm.c ../../lib/param/param_functions.c', > > > -+ target=3D'param_proto.h', > > > -+ rule=3D'${PERL} ${SRC[0].abspath(env)} ${SRC[1]= =2Eabspath(env)} ${SRC[2].abspath(env)} --file ${TGT}') > > > -+ > > > - bld.SAMBA3_PYTHON('pys3param', > > > - source=3D'pyparam.c', > > > - deps=3D'param', > > > ---=20 > > > -1.9.3 > > > - > > > - > > > -From 4f87a4ca65b386e90cca479aabdf9051de2c67e3 Mon Sep 17 00:00:00 20= 01 > > > -From: Andrew Bartlett > > > -Date: Mon, 14 Oct 2013 15:46:43 +1300 > > > -Subject: [PATCH 119/249] param: Autogenerate s3 lp_ctx glue table > > > - > > > -This allows us to use more lpcfg_ functions without adding them > > > -manually. > > > - > > > -Signed-off-by: Andrew Bartlett > > > -Reviewed-by: Stefan Metzmacher > > > ---- > > > - lib/param/wscript_build | 1 + > > > - script/mks3param_ctx_table.pl | 139 +++++++++++++++++++++++++++++++= +++++++++++ > > > - source3/param/loadparm_ctx.c | 64 +------------------ > > > - source3/param/wscript_build | 5 ++ > > > - 4 files changed, 146 insertions(+), 63 deletions(-) > > > - create mode 100644 script/mks3param_ctx_table.pl > > > - > > > -diff --git a/lib/param/wscript_build b/lib/param/wscript_build > > > -index 10e05a3..0e1a2e0 100644 > > > ---- a/lib/param/wscript_build > > > -+++ b/lib/param/wscript_build > > > -@@ -11,6 +11,7 @@ bld.SAMBA_GENERATOR('s3_param_h', > > > - target=3D's3_param.h', > > > - rule=3D'${PERL} ${SRC[0].abspath(env)} ${SRC[1]= =2Eabspath(env)} ${SRC[2].abspath(env)} --file ${TGT}') > > > -=20 > > > -+ > > > - bld.SAMBA_GENERATOR('param_global_h', > > > - source=3D '../../script/mkparamdefs.pl loadparm= =2Ec param_functions.c', > > > - target=3D'param_global.h', > > > -diff --git a/script/mks3param_ctx_table.pl b/script/mks3param_ctx_ta= ble.pl > > > -new file mode 100644 > > > -index 0000000..cfd6e02 > > > ---- /dev/null > > > -+++ b/script/mks3param_ctx_table.pl > > > -@@ -0,0 +1,139 @@ > > > -+#!/usr/bin/perl > > > -+# Generate loadparm interfaces tables for Samba3/Samba4 integration > > > -+# by Andrew Bartlett > > > -+# based on mkproto.pl Written by Jelmer Vernooij > > > -+# based on the original mkproto.sh by Andrew Tridgell > > > -+ > > > -+use strict; > > > -+ > > > -+# don't use warnings module as it is not portable enough > > > -+# use warnings; > > > -+ > > > -+use Getopt::Long; > > > -+use File::Basename; > > > -+use File::Path; > > > -+ > > > -+###################################################################= ## > > > -+# read a file into a string > > > -+ > > > -+my $file =3D undef; > > > -+my $public_define =3D undef; > > > -+my $_public =3D ""; > > > -+my $_private =3D ""; > > > -+my $public_data =3D \$_public; > > > -+my $builddir =3D "."; > > > -+my $srcdir =3D "."; > > > -+ > > > -+sub public($) > > > -+{ > > > -+ my ($d) =3D @_; > > > -+ $$public_data .=3D $d; > > > -+} > > > -+ > > > -+sub usage() > > > -+{ > > > -+ print "Usage: mks3param.pl [options] [c files]\n"; > > > -+ print "OPTIONS:\n"; > > > -+ print " --srcdir=3Dpath Read files relative to this dire= ctory\n"; > > > -+ print " --builddir=3Dpath Write file relative to this dire= ctory\n"; > > > -+ print " --help Print this help message\n\n"; > > > -+ exit 0; > > > -+} > > > -+ > > > -+GetOptions( > > > -+ 'file=3Ds' =3D> sub { my ($f,$v) =3D @_; $file =3D $v; }, > > > -+ 'srcdir=3Ds' =3D> sub { my ($f,$v) =3D @_; $srcdir =3D $v; }, > > > -+ 'builddir=3Ds' =3D> sub { my ($f,$v) =3D @_; $builddir =3D $v; }, > > > -+ 'help' =3D> \&usage > > > -+) or exit(1); > > > -+ > > > -+sub file_load($) > > > -+{ > > > -+ my($filename) =3D @_; > > > -+ local(*INPUTFILE); > > > -+ open(INPUTFILE, $filename) or return undef; > > > -+ my($saved_delim) =3D $/; > > > -+ undef $/; > > > -+ my($data) =3D ; > > > -+ close(INPUTFILE); > > > -+ $/ =3D $saved_delim; > > > -+ return $data; > > > -+} > > > -+ > > > -+sub print_header($) > > > -+{ > > > -+ my ($file) =3D @_; > > > -+ $file->("/* This file was automatically generated by mks3param_ctx= =2Epl. DO NOT EDIT */\n\n"); > > > -+ $file->("static const struct loadparm_s3_helpers s3_fns =3D \n"); > > > -+ $file->("{\n"); > > > -+ $file->("\t.get_parametric =3D lp_parm_const_string_service,\n"); > > > -+ $file->("\t.get_parm_struct =3D lp_get_parameter,\n"); > > > -+ $file->("\t.get_parm_ptr =3D lp_parm_ptr,\n"); > > > -+ $file->("\t.get_service =3D lp_service_for_s4_ctx,\n"); > > > -+ $file->("\t.get_servicebynum =3D lp_servicebynum_for_s4_ctx,\n"); > > > -+ $file->("\t.get_default_loadparm_service =3D lp_default_loadparm_s= ervice,\n"); > > > -+ $file->("\t.get_numservices =3D lp_numservices,\n"); > > > -+ $file->("\t.load =3D lp_load_for_s4_ctx,\n"); > > > -+ $file->("\t.set_cmdline =3D lp_set_cmdline,\n"); > > > -+ $file->("\t.dump =3D lp_dump,\n"); > > > -+} > > > -+ > > > -+sub print_footer($) > > > -+{ > > > -+ my ($file) =3D @_; > > > -+ $file->("};"); > > > -+} > > > -+ > > > -+sub handle_loadparm($$) > > > -+{ > > > -+ my ($file,$line) =3D @_; > > > -+ > > > -+ # STRING isn't handled here, as we still don't know what to do wit= h the substituted vars */ > > > -+ # LOCAL also isn't handled here > > > -+ if ($line =3D~ /^FN_(GLOBAL)_(CONST_STRING|BOOL|bool|CHAR|INTEGER|= LIST)\((\w+),.*\)/o) { > > > -+ my $scope =3D $1; > > > -+ my $type =3D $2; > > > -+ my $name =3D $3; > > > -+ > > > -+ $file->(".$name =3D lp_$name,\n"); > > > -+ } > > > -+} > > > -+ > > > -+sub process_file($$) > > > -+{ > > > -+ my ($file, $filename) =3D @_; > > > -+ > > > -+ $filename =3D~ s/\.o$/\.c/g; > > > -+ > > > -+ if ($filename =3D~ /^\//) { > > > -+ open(FH, "<$filename") or die("Failed to open $filename"); > > > -+ } elsif (!open(FH, "< $builddir/$filename")) { > > > -+ open(FH, "< $srcdir/$filename") || die "Failed to open $filena= me"; > > > -+ } > > > -+ > > > -+ my $comment =3D undef; > > > -+ my $incomment =3D 0; > > > -+ while (my $line =3D ) { > > > -+ if ($line =3D~ /^FN_/) { > > > -+ handle_loadparm($file, $line); > > > -+ } > > > -+ next; > > > -+ } > > > -+ > > > -+ close(FH); > > > -+} > > > -+ > > > -+ > > > -+print_header(\&public); > > > -+ > > > -+process_file(\&public, $_) foreach (@ARGV); > > > -+print_footer(\&public); > > > -+ > > > -+if (not defined($file)) { > > > -+ print STDOUT $$public_data; > > > -+} > > > -+ > > > -+mkpath(dirname($file), 0, 0755); > > > -+open(PUBLIC, ">$file") or die("Can't open `$file': $!"); > > > -+print PUBLIC "$$public_data"; > > > -+close(PUBLIC); > > > -diff --git a/source3/param/loadparm_ctx.c b/source3/param/loadparm_c= tx.c > > > -index 63ead53..5cbc920 100644 > > > ---- a/source3/param/loadparm_ctx.c > > > -+++ b/source3/param/loadparm_ctx.c > > > -@@ -56,69 +56,7 @@ static bool lp_load_for_s4_ctx(const char *filena= me) > > > - return status; > > > - } > > > -=20 > > > --/* These are in the order that they appear in the s4 loadparm file. > > > -- * All of the s4 loadparm functions should be here eventually, once > > > -- * they are implemented in the s3 loadparm, have the same format (e= num > > > -- * values in particular) and defaults. */ > > > --static const struct loadparm_s3_helpers s3_fns =3D > > > --{ > > > -- .get_parametric =3D lp_parm_const_string_service, > > > -- .get_parm_struct =3D lp_get_parameter, > > > -- .get_parm_ptr =3D lp_parm_ptr, > > > -- .get_service =3D lp_service_for_s4_ctx, > > > -- .get_servicebynum =3D lp_servicebynum_for_s4_ctx, > > > -- .get_default_loadparm_service =3D lp_default_loadparm_service, > > > -- .get_numservices =3D lp_numservices, > > > -- .load =3D lp_load_for_s4_ctx, > > > -- .set_cmdline =3D lp_set_cmdline, > > > -- .dump =3D lp_dump, > > > -- > > > -- ._server_role =3D lp__server_role, > > > -- ._security =3D lp__security, > > > -- ._domain_master =3D lp__domain_master, > > > -- ._domain_logons =3D lp__domain_logons, > > > -- > > > -- .winbind_separator =3D lp_winbind_separator, > > > -- .template_homedir =3D lp_template_homedir, > > > -- .template_shell =3D lp_template_shell, > > > -- > > > -- .dos_charset =3D lp_dos_charset, > > > -- .unix_charset =3D lp_unix_charset, > > > -- > > > -- .realm =3D lp_realm, > > > -- .dnsdomain =3D lp_dnsdomain, > > > -- .socket_options =3D lp_socket_options, > > > -- .workgroup =3D lp_workgroup, > > > -- > > > -- .netbios_name =3D lp_netbios_name, > > > -- .netbios_scope =3D lp_netbios_scope, > > > -- .netbios_aliases =3D lp_netbios_aliases, > > > -- > > > -- .lanman_auth =3D lp_lanman_auth, > > > -- .ntlm_auth =3D lp_ntlm_auth, > > > -- > > > -- .client_plaintext_auth =3D lp_client_plaintext_auth, > > > -- .client_lanman_auth =3D lp_client_lanman_auth, > > > -- .client_ntlmv2_auth =3D lp_client_ntlmv2_auth, > > > -- .client_use_spnego_principal =3D lp_client_use_spnego_principal, > > > -- > > > -- .private_dir =3D lp_private_dir, > > > -- .ncalrpc_dir =3D lp_ncalrpc_dir, > > > -- .lockdir =3D lp_lockdir, > > > -- > > > -- .passdb_backend =3D lp_passdb_backend, > > > -- > > > -- .host_msdfs =3D lp_host_msdfs, > > > -- .unix_extensions =3D lp_unix_extensions, > > > -- .use_spnego =3D lp_use_spnego, > > > -- .use_mmap =3D lp_use_mmap, > > > -- .use_ntdb =3D lp_use_ntdb, > > > -- > > > -- .srv_minprotocol =3D lp_srv_minprotocol, > > > -- .srv_maxprotocol =3D lp_srv_maxprotocol, > > > -- > > > -- .passwordserver =3D lp_passwordserver > > > --}; > > > -+#include "loadparm_ctx_table.c" > > > -=20 > > > - const struct loadparm_s3_helpers *loadparm_s3_helpers(void) > > > - { > > > -diff --git a/source3/param/wscript_build b/source3/param/wscript_bui= ld > > > -index 643c27e..673cb4d 100644 > > > ---- a/source3/param/wscript_build > > > -+++ b/source3/param/wscript_build > > > -@@ -18,6 +18,11 @@ bld.SAMBA_GENERATOR('s3_param_proto_h', > > > - target=3D'param_proto.h', > > > - rule=3D'${PERL} ${SRC[0].abspath(env)} ${SRC[1]= =2Eabspath(env)} ${SRC[2].abspath(env)} --file ${TGT}') > > > -=20 > > > -+bld.SAMBA_GENERATOR('s3_loadparm_ctx_table_c', > > > -+ source=3D ' ../../script/mks3param_ctx_table.pl= ../../lib/param/loadparm.c ../../lib/param/param_functions.c', > > > -+ target=3D'loadparm_ctx_table.c', > > > -+ rule=3D'${PERL} ${SRC[0].abspath(env)} ${SRC[1]= =2Eabspath(env)} ${SRC[2].abspath(env)} --file ${TGT}') > > > -+ > > > - bld.SAMBA3_PYTHON('pys3param', > > > - source=3D'pyparam.c', > > > - deps=3D'param', > > > ---=20 > > > -1.9.3 > > > - > > > - > > > -From 0046f49e1c690cf5b119859650f06559697fd103 Mon Sep 17 00:00:00 20= 01 > > > -From: Andrew Bartlett > > > -Date: Mon, 14 Oct 2013 15:49:25 +1300 > > > -Subject: [PATCH 120/249] proto: Remove manually written lp_ prototyp= es > > > - > > > -This also ensures we remove prototypes from parameters we remove or > > > -rename, and easily see how many special cases we have left. > > > - > > > -Signed-off-by: Andrew Bartlett > > > -Reviewed-by: Stefan Metzmacher > > > ---- > > > - source3/include/proto.h | 361 +------------------------------------= ----------- > > > - 1 file changed, 1 insertion(+), 360 deletions(-) > > > - > > > -diff --git a/source3/include/proto.h b/source3/include/proto.h > > > -index 614baa4..5e068d2 100644 > > > ---- a/source3/include/proto.h > > > -+++ b/source3/include/proto.h > > > -@@ -995,379 +995,20 @@ NTSTATUS change_trust_account_password( const= char *domain, const char *remote_m > > > -=20 > > > - #include "source3/param/param_proto.h" > > > -=20 > > > --const char **lp_smb_ports(void); > > > --const char *lp_dos_charset(void); > > > --const char *lp_unix_charset(void); > > > --char *lp_logfile(TALLOC_CTX *ctx); > > > --char *lp_configfile(TALLOC_CTX *ctx); > > > --const char *lp_smb_passwd_file(void); > > > --const char *lp_private_dir(void); > > > --char *lp_serverstring(TALLOC_CTX *ctx); > > > --int lp_printcap_cache_time(void); > > > --char *lp_addport_cmd(TALLOC_CTX *ctx); > > > --char *lp_enumports_cmd(TALLOC_CTX *ctx); > > > --char *lp_addprinter_cmd(TALLOC_CTX *ctx); > > > --char *lp_deleteprinter_cmd(TALLOC_CTX *ctx); > > > --char *lp_os2_driver_map(TALLOC_CTX *ctx); > > > --const char *lp_lockdir(void); > > > - const char *lp_statedir(void); > > > - const char *lp_cachedir(void); > > > --const char *lp_piddir(void); > > > --char *lp_mangling_method(TALLOC_CTX *ctx); > > > --int lp_mangle_prefix(void); > > > --const char *lp_utmpdir(void); > > > --const char *lp_wtmpdir(void); > > > --bool lp_utmp(void); > > > --char *lp_rootdir(TALLOC_CTX *ctx); > > > --char *lp_defaultservice(TALLOC_CTX *ctx); > > > --char *lp_msg_command(TALLOC_CTX *ctx); > > > --char *lp_get_quota_command(TALLOC_CTX *ctx); > > > --char *lp_set_quota_command(TALLOC_CTX *ctx); > > > --char *lp_auto_services(TALLOC_CTX *ctx); > > > --char *lp_passwd_program(TALLOC_CTX *ctx); > > > --char *lp_passwd_chat(TALLOC_CTX *ctx); > > > --const char *lp_passwordserver(void); > > > --const char **lp_name_resolve_order(void); > > > --const char *lp_netbios_scope(void); > > > --const char *lp_netbios_name(void); > > > --const char *lp_workgroup(void); > > > --const char *lp_realm(void); > > > --const char *lp_dnsdomain(void); > > > --const char *lp_afs_username_map(void); > > > --int lp_afs_token_lifetime(void); > > > --char *lp_log_nt_token_command(TALLOC_CTX *ctx); > > > --char *lp_username_map(TALLOC_CTX *ctx); > > > --const char *lp_logon_script(void); > > > --const char *lp_logon_path(void); > > > --const char *lp_logon_drive(void); > > > --const char *lp_logon_home(void); > > > --char *lp_remote_announce(TALLOC_CTX *ctx); > > > --char *lp_remote_browse_sync(TALLOC_CTX *ctx); > > > --bool lp_nmbd_bind_explicit_broadcast(void); > > > --const char **lp_wins_server_list(void); > > > --const char **lp_interfaces(void); > > > --const char *lp_nbt_client_socket_address(void); > > > --char *lp_nis_home_map_name(TALLOC_CTX *ctx); > > > --const char **lp_netbios_aliases(void); > > > --const char *lp_passdb_backend(void); > > > --const char **lp_preload_modules(void); > > > --char *lp_panic_action(TALLOC_CTX *ctx); > > > --char *lp_adduser_script(TALLOC_CTX *ctx); > > > --char *lp_renameuser_script(TALLOC_CTX *ctx); > > > --char *lp_deluser_script(TALLOC_CTX *ctx); > > > --const char *lp_guestaccount(void); > > > --char *lp_addgroup_script(TALLOC_CTX *ctx); > > > --char *lp_delgroup_script(TALLOC_CTX *ctx); > > > --char *lp_addusertogroup_script(TALLOC_CTX *ctx); > > > --char *lp_deluserfromgroup_script(TALLOC_CTX *ctx); > > > --char *lp_setprimarygroup_script(TALLOC_CTX *ctx); > > > --char *lp_addmachine_script(TALLOC_CTX *ctx); > > > --char *lp_shutdown_script(TALLOC_CTX *ctx); > > > --char *lp_abort_shutdown_script(TALLOC_CTX *ctx); > > > --char *lp_username_map_script(TALLOC_CTX *ctx); > > > --int lp_username_map_cache_time(void); > > > --char *lp_check_password_script(TALLOC_CTX *ctx); > > > --char *lp_wins_hook(TALLOC_CTX *ctx); > > > --const char *lp_template_homedir(void); > > > --const char *lp_template_shell(void); > > > --const char *lp_winbind_separator(void); > > > --const char *lp_winbindd_socket_directory(void); > > > --bool lp_winbind_enum_users(void); > > > --bool lp_winbind_enum_groups(void); > > > --bool lp_winbind_use_default_domain(void); > > > --bool lp_winbind_trusted_domains_only(void); > > > --bool lp_winbind_nested_groups(void); > > > --int lp_winbind_expand_groups(void); > > > --bool lp_winbind_refresh_tickets(void); > > > --bool lp_winbind_offline_logon(void); > > > --bool lp_winbind_normalize_names(void); > > > --bool lp_winbind_rpc_only(void); > > > --bool lp_create_krb5_conf(void); > > > - int lp_winbind_max_domain_connections(void); > > > --int lp_idmap_cache_time(void); > > > --int lp_idmap_negative_cache_time(void); > > > - bool lp_idmap_range(const char *domain_name, uint32_t *low, uint32_= t *high); > > > - bool lp_idmap_default_range(uint32_t *low, uint32_t *high); > > > - const char *lp_idmap_backend(const char *domain_name); > > > - const char *lp_idmap_default_backend (void); > > > --int lp_keepalive(void); > > > --bool lp_passdb_expand_explicit(void); > > > --char *lp_ldap_suffix(TALLOC_CTX *ctx); > > > --char *lp_ldap_admin_dn(TALLOC_CTX *ctx); > > > --int lp_ldap_ssl(void); > > > --bool lp_ldap_ssl_ads(void); > > > --int lp_ldap_deref(void); > > > --int lp_ldap_follow_referral(void); > > > --int lp_ldap_passwd_sync(void); > > > --bool lp_ldap_delete_dn(void); > > > --int lp_ldap_replication_sleep(void); > > > --int lp_ldap_timeout(void); > > > --int lp_ldap_connection_timeout(void); > > > --int lp_ldap_page_size(void); > > > --int lp_ldap_debug_level(void); > > > --int lp_ldap_debug_threshold(void); > > > --char *lp_add_share_cmd(TALLOC_CTX *ctx); > > > --char *lp_change_share_cmd(TALLOC_CTX *ctx); > > > --char *lp_delete_share_cmd(TALLOC_CTX *ctx); > > > --char *lp_usershare_path(TALLOC_CTX *ctx); > > > --const char **lp_usershare_prefix_allow_list(void); > > > --const char **lp_usershare_prefix_deny_list(void); > > > --const char **lp_eventlog_list(void); > > > --bool lp_registry_shares(void); > > > --bool lp_usershare_allow_guests(void); > > > --bool lp_usershare_owner_only(void); > > > --bool lp_disable_netbios(void); > > > --bool lp_reset_on_zero_vc(void); > > > --bool lp_log_writeable_files_on_exit(void); > > > --bool lp_ms_add_printer_wizard(void); > > > --bool lp_wins_dns_proxy(void); > > > --bool lp_we_are_a_wins_server(void); > > > --bool lp_wins_proxy(void); > > > --bool lp_local_master(void); > > > --const char **lp_init_logon_delayed_hosts(void); > > > --int lp_init_logon_delay(void); > > > --bool lp_load_printers(void); > > > - bool lp_readraw(void); > > > --bool lp_large_readwrite(void); > > > - bool lp_writeraw(void); > > > --bool lp_null_passwords(void); > > > --bool lp_obey_pam_restrictions(void); > > > --bool lp_encrypted_passwords(void); > > > --int lp_client_schannel(void); > > > --int lp_server_schannel(void); > > > --bool lp_syslog_only(void); > > > --bool lp_timestamp_logs(void); > > > --bool lp_debug_prefix_timestamp(void); > > > --bool lp_debug_hires_timestamp(void); > > > --bool lp_debug_pid(void); > > > --bool lp_debug_uid(void); > > > --bool lp_debug_class(void); > > > --bool lp_enable_core_files(void); > > > --bool lp_browse_list(void); > > > --bool lp_nis_home_map(void); > > > --bool lp_bind_interfaces_only(void); > > > --bool lp_pam_password_change(void); > > > --bool lp_unix_password_sync(void); > > > --bool lp_passwd_chat_debug(void); > > > --int lp_passwd_chat_timeout(void); > > > --bool lp_nt_pipe_support(void); > > > --bool lp_nt_status_support(void); > > > --bool lp_stat_cache(void); > > > --int lp_max_stat_cache_size(void); > > > --bool lp_allow_trusted_domains(void); > > > --bool lp_map_untrusted_to_domain(void); > > > --int lp_restrict_anonymous(void); > > > --bool lp_lanman_auth(void); > > > --bool lp_ntlm_auth(void); > > > --bool lp_client_plaintext_auth(void); > > > --bool lp_client_lanman_auth(void); > > > --bool lp_client_ntlmv2_auth(void); > > > --bool lp_host_msdfs(void); > > > --bool lp_enhanced_browsing(void); > > > --bool lp_use_mmap(void); > > > --bool lp_use_ntdb(void); > > > --bool lp_unix_extensions(void); > > > --bool lp_unicode(void); > > > --bool lp_use_spnego(void); > > > --bool lp_client_use_spnego(void); > > > --bool lp_client_use_spnego_principal(void); > > > --bool lp_hostname_lookups(void); > > > --bool lp_change_notify(const struct share_params *p ); > > > --bool lp_kernel_change_notify(const struct share_params *p ); > > > --const char * lp_dedicated_keytab_file(void); > > > --int lp_kerberos_method(void); > > > --bool lp_defer_sharing_violations(void); > > > --bool lp_enable_privileges(void); > > > --bool lp_enable_asu_support(void); > > > --int lp_os_level(void); > > > --int lp_max_ttl(void); > > > --int lp_max_wins_ttl(void); > > > --int lp_min_wins_ttl(void); > > > --int lp_max_log_size(void); > > > --int lp_max_open_files(void); > > > --int lp_open_files_db_hash_size(void); > > > --int lp_max_xmit(void); > > > --int lp_maxmux(void); > > > --int lp_passwordlevel(void); > > > --int lp_usernamelevel(void); > > > --int lp_deadtime(void); > > > --bool lp_getwd_cache(void); > > > --int lp_srv_maxprotocol(void); > > > --int lp_srv_minprotocol(void); > > > --int lp_cli_maxprotocol(void); > > > --int lp_cli_minprotocol(void); > > > - int lp_security(void); > > > --int lp__server_role(void); > > > --int lp__security(void); > > > --int lp__domain_master(void); > > > --bool lp__domain_logons(void); > > > --const char **lp_auth_methods(void); > > > --bool lp_paranoid_server_security(void); > > > --int lp_maxdisksize(void); > > > --int lp_lpqcachetime(void); > > > --int lp_max_smbd_processes(void); > > > --bool lp__disable_spoolss(void); > > > --int lp_syslog(void); > > > --int lp_lm_announce(void); > > > --int lp_lm_interval(void); > > > --int lp_machine_password_timeout(void); > > > --int lp_map_to_guest(void); > > > --int lp_oplock_break_wait_time(void); > > > --int lp_lock_spin_time(void); > > > --int lp_usershare_max_shares(void); > > > --const char *lp_socket_options(void); > > > --int lp_config_backend(void); > > > --int lp_smb2_max_read(void); > > > --int lp_smb2_max_write(void); > > > --int lp_smb2_max_trans(void); > > > - int lp_smb2_max_credits(void); > > > --char *lp_preexec(TALLOC_CTX *ctx, int ); > > > --char *lp_postexec(TALLOC_CTX *ctx, int ); > > > --char *lp_rootpreexec(TALLOC_CTX *ctx, int ); > > > --char *lp_rootpostexec(TALLOC_CTX *ctx, int ); > > > --char *lp_servicename(TALLOC_CTX *ctx, int ); > > > --const char *lp_const_servicename(int ); > > > --char *lp_pathname(TALLOC_CTX *ctx, int ); > > > --char *lp_dontdescend(TALLOC_CTX *ctx, int ); > > > --char *lp_username(TALLOC_CTX *ctx, int ); > > > --const char **lp_invalid_users(int ); > > > --const char **lp_valid_users(int ); > > > --const char **lp_admin_users(int ); > > > --const char **lp_svcctl_list(void); > > > --char *lp_cups_options(TALLOC_CTX *ctx, int ); > > > --char *lp_cups_server(TALLOC_CTX *ctx); > > > - int lp_cups_encrypt(void); > > > --char *lp_iprint_server(TALLOC_CTX *ctx); > > > --int lp_cups_connection_timeout(void); > > > --const char *lp_ctdbd_socket(void); > > > --const char *_lp_ctdbd_socket(void); > > > --const char **lp_cluster_addresses(void); > > > --bool lp_clustering(void); > > > --int lp_ctdb_timeout(void); > > > --int lp_ctdb_locktime_warn_threshold(void); > > > --char *lp_printcommand(TALLOC_CTX *ctx, int ); > > > --char *lp_lpqcommand(TALLOC_CTX *ctx, int ); > > > --char *lp_lprmcommand(TALLOC_CTX *ctx, int ); > > > --char *lp_lppausecommand(TALLOC_CTX *ctx, int ); > > > --char *lp_lpresumecommand(TALLOC_CTX *ctx, int ); > > > --char *lp_queuepausecommand(TALLOC_CTX *ctx, int ); > > > --char *lp_queueresumecommand(TALLOC_CTX *ctx, int ); > > > --const char *lp_printjob_username(int ); > > > --const char **lp_hostsallow(int ); > > > --const char **lp_hostsdeny(int ); > > > --char *lp_magicscript(TALLOC_CTX *ctx, int ); > > > --char *lp_magicoutput(TALLOC_CTX *ctx, int ); > > > --char *lp_comment(TALLOC_CTX *ctx, int ); > > > --char *lp_force_user(TALLOC_CTX *ctx, int ); > > > --char *lp_force_group(TALLOC_CTX *ctx, int ); > > > --const char **lp_readlist(int ); > > > --const char **lp_writelist(int ); > > > --char *lp_fstype(TALLOC_CTX *ctx, int ); > > > --const char **lp_vfs_objects(int ); > > > --char *lp_msdfs_proxy(TALLOC_CTX *ctx, int ); > > > --char *lp_veto_files(TALLOC_CTX *ctx, int ); > > > --char *lp_hide_files(TALLOC_CTX *ctx, int ); > > > --char *lp_veto_oplocks(TALLOC_CTX *ctx, int ); > > > --bool lp_msdfs_root(int ); > > > --char *lp_aio_write_behind(TALLOC_CTX *ctx, int ); > > > --char *lp_dfree_command(TALLOC_CTX *ctx, int ); > > > --bool lp_autoloaded(int ); > > > --bool lp_preexec_close(int ); > > > --bool lp_rootpreexec_close(int ); > > > --int lp_casesensitive(int ); > > > --bool lp_preservecase(int ); > > > --bool lp_shortpreservecase(int ); > > > --bool lp_hide_dot_files(int ); > > > --bool lp_hide_special_files(int ); > > > --bool lp_hideunreadable(int ); > > > --bool lp_hideunwriteable_files(int ); > > > --bool lp_browseable(int ); > > > --bool lp_access_based_share_enum(int ); > > > --bool lp_readonly(int ); > > > --bool lp_guest_ok(int ); > > > --bool lp_guest_only(int ); > > > --bool lp_administrative_share(int ); > > > --bool lp_print_ok(int ); > > > --bool lp_print_notify_backchannel(int ); > > > --bool lp_map_hidden(int ); > > > --bool lp_map_archive(int ); > > > --bool lp_store_dos_attributes(int ); > > > --bool lp_dmapi_support(int ); > > > --bool lp_locking(const struct share_params *p ); > > > --int lp_strict_locking(const struct share_params *p ); > > > --bool lp_posix_locking(const struct share_params *p ); > > > --bool lp_oplocks(int ); > > > --bool lp_kernel_oplocks(int ); > > > --bool lp_level2_oplocks(int ); > > > --bool lp_kernel_share_modes(int); > > > --bool lp_onlyuser(int ); > > > --bool lp_manglednames(const struct share_params *p ); > > > --bool lp_allow_insecure_widelinks(void); > > > - bool lp_widelinks(int ); > > > --bool lp_symlinks(int ); > > > --bool lp_syncalways(int ); > > > --bool lp_strict_allocate(int ); > > > --bool lp_strict_sync(int ); > > > --bool lp_map_system(int ); > > > --bool lp_delete_readonly(int ); > > > --bool lp_fake_oplocks(int ); > > > --bool lp_recursive_veto_delete(int ); > > > --bool lp_dos_filemode(int ); > > > --bool lp_dos_filetimes(int ); > > > --bool lp_dos_filetime_resolution(int ); > > > --bool lp_fake_dir_create_times(int); > > > --bool lp_async_smb_echo_handler(void); > > > --bool lp_multicast_dns_register(void); > > > --bool lp_blocking_locks(int ); > > > --bool lp_inherit_perms(int ); > > > --bool lp_inherit_acls(int ); > > > --bool lp_inherit_owner(int ); > > > --bool lp_use_client_driver(int ); > > > --bool lp_default_devmode(int ); > > > --bool lp_force_printername(int ); > > > --bool lp_nt_acl_support(int ); > > > --bool lp_force_unknown_acl_user(int ); > > > --bool lp_ea_support(int ); > > > --bool lp__use_sendfile(int ); > > > --bool lp_profile_acls(int ); > > > --bool lp_map_acl_inherit(int ); > > > --bool lp_afs_share(int ); > > > --bool lp_acl_check_permissions(int ); > > > --bool lp_acl_group_control(int ); > > > --bool lp_acl_map_full_control(int ); > > > --bool lp_acl_allow_execute_always(int); > > > --bool lp_durable_handles(int); > > > --int lp_create_mask(int ); > > > --int lp_force_create_mode(int ); > > > --int lp_dir_mask(int ); > > > --int lp_force_dir_mode(int ); > > > --int lp_max_connections(int ); > > > --int lp_defaultcase(int ); > > > --int lp_minprintspace(int ); > > > --int lp_printing(int ); > > > --int lp_max_reported_jobs(int ); > > > --int lp_oplock_contention_limit(int ); > > > --int lp_csc_policy(int ); > > > --int lp_write_cache_size(int ); > > > --int lp_block_size(int ); > > > --int lp_dfree_cache_time(int ); > > > --int lp_allocation_roundup_size(int ); > > > --int lp_aio_read_size(int ); > > > --int lp_aio_write_size(int ); > > > --int lp_map_readonly(int ); > > > --int lp_directory_name_cache_size(int ); > > > --int lp_smb_encrypt(int ); > > > --char lp_magicchar(const struct share_params *p ); > > > --int lp_winbind_cache_time(void); > > > --int lp_winbind_reconnect_delay(void); > > > --int lp_winbind_request_timeout(void); > > > --int lp_winbind_max_clients(void); > > > --const char **lp_winbind_nss_info(void); > > > --int lp_algorithmic_rid_base(void); > > > --int lp_name_cache_timeout(void); > > > --int lp_client_signing(void); > > > --int lp_server_signing(void); > > > --int lp_client_ldap_sasl_wrapping(void); > > > -+ > > > - char *lp_parm_talloc_string(TALLOC_CTX *ctx, int snum, const char *= type, const char *option, const char *def); > > > - const char *lp_parm_const_string(int snum, const char *type, const = char *option, const char *def); > > > - struct loadparm_service; > > > ---=20 > > > -1.9.3 > > > - > > > - > > > -From 5d2278756b5a7372106cbdf9b8d66fb8a0cf5033 Mon Sep 17 00:00:00 20= 01 > > > -From: Andrew Bartlett > > > -Date: Wed, 16 Oct 2013 14:45:31 +1300 > > > -Subject: [PATCH 121/249] lib/param: Add documentation on how loadpar= m works > > > - > > > -Signed-off-by: Andrew Bartlett > > > -Reviewed-by: Stefan Metzmacher > > > -Reviewed-by: Volker Lendecke > > > ---- > > > - lib/param/README | 69 +++++++++++++++++++++++++++++++++++++++++++++= +++++++++++ > > > - 1 file changed, 69 insertions(+) > > > - > > > -diff --git a/lib/param/README b/lib/param/README > > > -index 403a217..b567d71 100644 > > > ---- a/lib/param/README > > > -+++ b/lib/param/README > > > -@@ -1,4 +1,73 @@ > > > -+libsamba-hostconfig > > > -+------------------- > > > -+ > > > - This directory contains "libsamba-hostconfig".=20 > > > -=20 > > > - The libsamba-hostconfig library provides access to all host-wide co= nfiguration > > > - such as the configured shares, default parameter values and host se= cret keys. > > > -+ > > > -+ > > > -+Adding a parameter > > > -+------------------ > > > -+ > > > -+To add or change an smb.conf option, you only have to modify > > > -+lib/param/param_table.c and lib/param/param_functions.c. The rest = is > > > -+generated for you. > > > -+ > > > -+ > > > -+Using smb.conf parameters in the code > > > -+------------------------------------- > > > -+ > > > -+Call the lpcfg_*() function. To get the lp_ctx, have the caller pa= ss > > > -+it to you. To get a lp_ctx for the source3/param loadparm system, = use: > > > -+ > > > -+struct loadparm_context *lp_ctx =3D loadparm_init_s3(tmp_ctx, loadp= arm_s3_helpers()); > > > -+ > > > -+Remember to talloc_unlink(tmp_ctx, lp_ctx) the result when you are = done! > > > -+ > > > -+To get a lp_ctx for the lib/param loadparm system, typically the > > > -+pointer is already set up by popt at startup, and is passed down fr= om > > > -+cmdline_lp_ctx. > > > -+ > > > -+In pure source3/ code, you may use lp_*() functions, but are > > > -+encouraged to use the lpcfg_*() functions so that code can be made > > > -+common. > > > -+ > > > -+ > > > -+How does loadparm_init_s3() work? > > > -+--------------------------------- > > > -+ > > > -+loadparm_s3_helpers() returns a initialised table of function > > > -+pointers, pointing at all global lp_*() functions, except for those > > > -+that return substituted strings (% macros). The lpcfg_*() function > > > -+then calls this plugged in function, allowing the one function and > > > -+pattern to use either loadparm system. > > > -+ > > > -+ > > > -+There is a lot of generated code, here, what generates what? > > > -+------------------------------------------------------------ > > > -+ > > > -+The regular format of the CPP macros in param_functions.c is used to > > > -+generate up the prototypes (mkproto.pl, mks3param_proto.pl), the se= rvice > > > -+and globals table (mkparamdefs.pl), the glue table (mmks3param.pl) = and > > > -+the initilisation of the glue table (mks3param_ctx_table.pl). > > > -+ > > > -+I have tried combining some of these, but it just makes the scripts= more > > > -+complex. > > > -+ > > > -+The CPP macros are defined in and expand in lib/param/loadparm.c and > > > -+source3/param/loadparm.c to read the values from the generated > > > -+stuctures. They are CPP #included into these files so that the same > > > -+macro has two definitions, depending on the system it is loading in= to. > > > -+ > > > -+ > > > -+Why was this done, rather than a 'proper' fix, or just using one sy= stem or the other? > > > -+-------------------------------------------------------------------= ------------------ > > > -+ > > > -+This was done to allow merging from both ends - merging more parts = of > > > -+the loadparm handling, and merging code that needs to read the > > > -+smb.conf, without having to do it all at once. Ideally > > > -+param_functions.c would be generated from param_table.c or (even > > > -+better) our XML manpage source, and the CPP macros would instead be > > > -+generated expanded as generated C files, but this is a task nobody = has > > > -+taken on yet. > > > ---=20 > > > -1.9.3 > > > - > > > - > > > -From 7734a867500f5b7415f818077229f74486101c51 Mon Sep 17 00:00:00 20= 01 > > > -From: Stefan Metzmacher > > > -Date: Mon, 12 Aug 2013 08:19:08 +0200 > > > -Subject: [PATCH 122/249] librpc/rpc: add dcerpc_binding_handle_auth_= info() > > > - > > > -Signed-off-by: Stefan Metzmacher > > > ---- > > > - librpc/rpc/binding_handle.c | 25 +++++++++++++++++++++++++ > > > - librpc/rpc/rpc_common.h | 8 ++++++++ > > > - 2 files changed, 33 insertions(+) > > > - > > > -diff --git a/librpc/rpc/binding_handle.c b/librpc/rpc/binding_handle= =2Ec > > > -index 9354bbd..714baa7 100644 > > > ---- a/librpc/rpc/binding_handle.c > > > -+++ b/librpc/rpc/binding_handle.c > > > -@@ -98,6 +98,31 @@ uint32_t dcerpc_binding_handle_set_timeout(struct= dcerpc_binding_handle *h, > > > - return h->ops->set_timeout(h, timeout); > > > - } > > > -=20 > > > -+void dcerpc_binding_handle_auth_info(struct dcerpc_binding_handle *= h, > > > -+ enum dcerpc_AuthType *auth_type, > > > -+ enum dcerpc_AuthLevel *auth_level) > > > -+{ > > > -+ enum dcerpc_AuthType _auth_type; > > > -+ enum dcerpc_AuthLevel _auth_level; > > > -+ > > > -+ if (auth_type =3D=3D NULL) { > > > -+ auth_type =3D &_auth_type; > > > -+ } > > > -+ > > > -+ if (auth_level =3D=3D NULL) { > > > -+ auth_level =3D &_auth_level; > > > -+ } > > > -+ > > > -+ *auth_type =3D DCERPC_AUTH_TYPE_NONE; > > > -+ *auth_level =3D DCERPC_AUTH_LEVEL_NONE; > > > -+ > > > -+ if (h->ops->auth_info =3D=3D NULL) { > > > -+ return; > > > -+ } > > > -+ > > > -+ h->ops->auth_info(h, auth_type, auth_level); > > > -+} > > > -+ > > > - struct dcerpc_binding_handle_raw_call_state { > > > - const struct dcerpc_binding_handle_ops *ops; > > > - uint8_t *out_data; > > > -diff --git a/librpc/rpc/rpc_common.h b/librpc/rpc/rpc_common.h > > > -index d2816f5..978229e 100644 > > > ---- a/librpc/rpc/rpc_common.h > > > -+++ b/librpc/rpc/rpc_common.h > > > -@@ -189,6 +189,10 @@ struct dcerpc_binding_handle_ops { > > > - uint32_t (*set_timeout)(struct dcerpc_binding_handle *h, > > > - uint32_t timeout); > > > -=20 > > > -+ void (*auth_info)(struct dcerpc_binding_handle *h, > > > -+ enum dcerpc_AuthType *auth_type, > > > -+ enum dcerpc_AuthLevel *auth_level); > > > -+ > > > - struct tevent_req *(*raw_call_send)(TALLOC_CTX *mem_ctx, > > > - struct tevent_context *ev, > > > - struct dcerpc_binding_handle *h, > > > -@@ -259,6 +263,10 @@ bool dcerpc_binding_handle_is_connected(struct = dcerpc_binding_handle *h); > > > - uint32_t dcerpc_binding_handle_set_timeout(struct dcerpc_binding_ha= ndle *h, > > > - uint32_t timeout); > > > -=20 > > > -+void dcerpc_binding_handle_auth_info(struct dcerpc_binding_handle *= h, > > > -+ enum dcerpc_AuthType *auth_type, > > > -+ enum dcerpc_AuthLevel *auth_level); > > > -+ > > > - struct tevent_req *dcerpc_binding_handle_raw_call_send(TALLOC_CTX *= mem_ctx, > > > - struct tevent_context *ev, > > > - struct dcerpc_binding_handle *h, > > > ---=20 > > > -1.9.3 > > > - > > > - > > > -From 04a9531474630c62c3f717e251d9f1469013f5ae Mon Sep 17 00:00:00 20= 01 > > > -From: Stefan Metzmacher > > > -Date: Mon, 12 Aug 2013 08:19:35 +0200 > > > -Subject: [PATCH 123/249] s3:rpc_client: implement > > > - dcerpc_binding_handle_auth_info() > > > - > > > -Signed-off-by: Stefan Metzmacher > > > ---- > > > - source3/rpc_client/cli_pipe.c | 20 ++++++++++++++++++++ > > > - 1 file changed, 20 insertions(+) > > > - > > > -diff --git a/source3/rpc_client/cli_pipe.c b/source3/rpc_client/cli_= pipe.c > > > -index 64e7f1c..a343997 100644 > > > ---- a/source3/rpc_client/cli_pipe.c > > > -+++ b/source3/rpc_client/cli_pipe.c > > > -@@ -1867,6 +1867,25 @@ static uint32_t rpccli_bh_set_timeout(struct = dcerpc_binding_handle *h, > > > - return rpccli_set_timeout(hs->rpc_cli, timeout); > > > - } > > > -=20 > > > -+static void rpccli_bh_auth_info(struct dcerpc_binding_handle *h, > > > -+ enum dcerpc_AuthType *auth_type, > > > -+ enum dcerpc_AuthLevel *auth_level) > > > -+{ > > > -+ struct rpccli_bh_state *hs =3D dcerpc_binding_handle_data(h, > > > -+ struct rpccli_bh_state); > > > -+ > > > -+ if (hs->rpc_cli =3D=3D NULL) { > > > -+ return; > > > -+ } > > > -+ > > > -+ if (hs->rpc_cli->auth =3D=3D NULL) { > > > -+ return; > > > -+ } > > > -+ > > > -+ *auth_type =3D hs->rpc_cli->auth->auth_type; > > > -+ *auth_level =3D hs->rpc_cli->auth->auth_level; > > > -+} > > > -+ > > > - struct rpccli_bh_raw_call_state { > > > - DATA_BLOB in_data; > > > - DATA_BLOB out_data; > > > -@@ -2046,6 +2065,7 @@ static const struct dcerpc_binding_handle_ops = rpccli_bh_ops =3D { > > > - .name =3D "rpccli", > > > - .is_connected =3D rpccli_bh_is_connected, > > > - .set_timeout =3D rpccli_bh_set_timeout, > > > -+ .auth_info =3D rpccli_bh_auth_info, > > > - .raw_call_send =3D rpccli_bh_raw_call_send, > > > - .raw_call_recv =3D rpccli_bh_raw_call_recv, > > > - .disconnect_send =3D rpccli_bh_disconnect_send, > > > ---=20 > > > -1.9.3 > > > - > > > - > > > -From 1db891bac30bb6c3bb0a022c5d1529a9f001237d Mon Sep 17 00:00:00 20= 01 > > > -From: Stefan Metzmacher > > > -Date: Mon, 12 Aug 2013 08:19:57 +0200 > > > -Subject: [PATCH 124/249] s4:librpc: implement > > > - dcerpc_binding_handle_auth_info() > > > - > > > -Signed-off-by: Stefan Metzmacher > > > ---- > > > - source4/librpc/rpc/dcerpc.c | 24 ++++++++++++++++++++++++ > > > - 1 file changed, 24 insertions(+) > > > - > > > -diff --git a/source4/librpc/rpc/dcerpc.c b/source4/librpc/rpc/dcerpc= =2Ec > > > -index 2826160..56b821e 100644 > > > ---- a/source4/librpc/rpc/dcerpc.c > > > -+++ b/source4/librpc/rpc/dcerpc.c > > > -@@ -200,6 +200,29 @@ static uint32_t dcerpc_bh_set_timeout(struct dc= erpc_binding_handle *h, > > > - return old; > > > - } > > > -=20 > > > -+static void dcerpc_bh_auth_info(struct dcerpc_binding_handle *h, > > > -+ enum dcerpc_AuthType *auth_type, > > > -+ enum dcerpc_AuthLevel *auth_level) > > > -+{ > > > -+ struct dcerpc_bh_state *hs =3D dcerpc_binding_handle_data(h, > > > -+ struct dcerpc_bh_state); > > > -+ > > > -+ if (hs->p =3D=3D NULL) { > > > -+ return; > > > -+ } > > > -+ > > > -+ if (hs->p->conn =3D=3D NULL) { > > > -+ return; > > > -+ } > > > -+ > > > -+ if (hs->p->conn->security_state.auth_info =3D=3D NULL) { > > > -+ return; > > > -+ } > > > -+ > > > -+ *auth_type =3D hs->p->conn->security_state.auth_info->auth_type; > > > -+ *auth_level =3D hs->p->conn->security_state.auth_info->auth_level; > > > -+} > > > -+ > > > - struct dcerpc_bh_raw_call_state { > > > - struct tevent_context *ev; > > > - struct dcerpc_binding_handle *h; > > > -@@ -552,6 +575,7 @@ static const struct dcerpc_binding_handle_ops dc= erpc_bh_ops =3D { > > > - .name =3D "dcerpc", > > > - .is_connected =3D dcerpc_bh_is_connected, > > > - .set_timeout =3D dcerpc_bh_set_timeout, > > > -+ .auth_info =3D dcerpc_bh_auth_info, > > > - .raw_call_send =3D dcerpc_bh_raw_call_send, > > > - .raw_call_recv =3D dcerpc_bh_raw_call_recv, > > > - .disconnect_send =3D dcerpc_bh_disconnect_send, > > > ---=20 > > > -1.9.3 > > > - > > > - > > > -From 76304ed57d561eb89dceb3881236a78209dd592c Mon Sep 17 00:00:00 20= 01 > > > -From: Stefan Metzmacher > > > -Date: Tue, 17 Sep 2013 04:25:39 +0200 > > > -Subject: [PATCH 125/249] s3:winbindd: don't hide the error in cm_con= nect_lsa() > > > - > > > -We should not overwrite the error with NT_STATUS_PIPE_NOT_AVAILABLE. > > > - > > > -Signed-off-by: Stefan Metzmacher > > > ---- > > > - source3/winbindd/winbindd_cm.c | 1 - > > > - 1 file changed, 1 deletion(-) > > > - > > > -diff --git a/source3/winbindd/winbindd_cm.c b/source3/winbindd/winbi= ndd_cm.c > > > -index d868826..c4f59d3 100644 > > > ---- a/source3/winbindd/winbindd_cm.c > > > -+++ b/source3/winbindd/winbindd_cm.c > > > -@@ -2677,7 +2677,6 @@ NTSTATUS cm_connect_lsa(struct winbindd_domain= *domain, TALLOC_CTX *mem_ctx, > > > - &ndr_table_lsarpc, > > > - &conn->lsa_pipe); > > > - if (!NT_STATUS_IS_OK(result)) { > > > -- result =3D NT_STATUS_PIPE_NOT_AVAILABLE; > > > - goto done; > > > - } > > > -=20 > > > ---=20 > > > -1.9.3 > > > - > > > - > > > -From 9948366e88b1d11127317008c79a2f7182a34d65 Mon Sep 17 00:00:00 20= 01 > > > -From: Stefan Metzmacher > > > -Date: Mon, 2 Sep 2013 09:24:42 +0200 > > > -Subject: [PATCH 126/249] s3:include: add forward declaration for str= uct > > > - messaging_context; in g_lock.h > > > - > > > -Signed-off-by: Stefan Metzmacher > > > ---- > > > - source3/include/g_lock.h | 1 + > > > - 1 file changed, 1 insertion(+) > > > - > > > -diff --git a/source3/include/g_lock.h b/source3/include/g_lock.h > > > -index 004c452..f513349 100644 > > > ---- a/source3/include/g_lock.h > > > -+++ b/source3/include/g_lock.h > > > -@@ -23,6 +23,7 @@ > > > - #include "dbwrap/dbwrap.h" > > > -=20 > > > - struct g_lock_ctx; > > > -+struct messaging_context; > > > -=20 > > > - enum g_lock_type { > > > - G_LOCK_READ =3D 0, > > > ---=20 > > > -1.9.3 > > > - > > > - > > > -From 4c30267e3c26cb065b908ff396ca21937fc870c4 Mon Sep 17 00:00:00 20= 01 > > > -From: Stefan Metzmacher > > > -Date: Mon, 2 Sep 2013 19:29:05 +0200 > > > -Subject: [PATCH 127/249] s3:include: fix messaging_send_buf() protyp= e in > > > - messages.h > > > - > > > -The function already used 'uint8_t' instead of 'uint8'. > > > - > > > -Signed-off-by: Stefan Metzmacher > > > ---- > > > - source3/include/messages.h | 2 +- > > > - 1 file changed, 1 insertion(+), 1 deletion(-) > > > - > > > -diff --git a/source3/include/messages.h b/source3/include/messages.h > > > -index 09c39cc..50b2a84 100644 > > > ---- a/source3/include/messages.h > > > -+++ b/source3/include/messages.h > > > -@@ -139,7 +139,7 @@ NTSTATUS messaging_send(struct messaging_context= *msg_ctx, > > > -=20 > > > - NTSTATUS messaging_send_buf(struct messaging_context *msg_ctx, > > > - struct server_id server, uint32_t msg_type, > > > -- const uint8 *buf, size_t len); > > > -+ const uint8_t *buf, size_t len); > > > - void messaging_dispatch_rec(struct messaging_context *msg_ctx, > > > - struct messaging_rec *rec); > > > -=20 > > > ---=20 > > > -1.9.3 > > > - > > > - > > > -From ff45e4d1ca6cff9b2f329d18e98ebd4883639ed9 Mon Sep 17 00:00:00 20= 01 > > > -From: Stefan Metzmacher > > > -Date: Tue, 27 Aug 2013 12:09:51 +0200 > > > -Subject: [PATCH 128/249] s3:auth_domain: remove dead code in > > > - check_trustdomain_security() > > > - > > > -Signed-off-by: Stefan Metzmacher > > > ---- > > > - source3/auth/auth_domain.c | 22 ---------------------- > > > - 1 file changed, 22 deletions(-) > > > - > > > -diff --git a/source3/auth/auth_domain.c b/source3/auth/auth_domain.c > > > -index 06078e2..9f88c4a 100644 > > > ---- a/source3/auth/auth_domain.c > > > -+++ b/source3/auth/auth_domain.c > > > -@@ -378,8 +378,6 @@ static NTSTATUS check_trustdomain_security(const= struct auth_context *auth_conte > > > - struct auth_serversupplied_info **server_info) > > > - { > > > - NTSTATUS nt_status =3D NT_STATUS_LOGON_FAILURE; > > > -- unsigned char trust_md4_password[16]; > > > -- char *trust_password; > > > - fstring dc_name; > > > - struct sockaddr_storage dc_ss; > > > -=20 > > > -@@ -408,26 +406,6 @@ static NTSTATUS check_trustdomain_security(cons= t struct auth_context *auth_conte > > > - if ( !is_trusted_domain( user_info->mapped.domain_name ) ) > > > - return NT_STATUS_NOT_IMPLEMENTED; > > > -=20 > > > -- /* > > > -- * Get the trusted account password for the trusted domain > > > -- * No need to become_root() as secrets_init() is done at startup. > > > -- */ > > > -- > > > -- if (!pdb_get_trusteddom_pw(user_info->mapped.domain_name, &trust_p= assword, > > > -- NULL, NULL)) { > > > -- DEBUG(0, ("check_trustdomain_security: could not fetch trust " > > > -- "account password for domain %s\n", > > > -- user_info->mapped.domain_name)); > > > -- return NT_STATUS_CANT_ACCESS_DOMAIN_INFO; > > > -- } > > > -- > > > --#ifdef DEBUG_PASSWORD > > > -- DEBUG(100, ("Trust password for domain %s is %s\n", user_info->map= ped.domain_name, > > > -- trust_password)); > > > --#endif > > > -- E_md4hash(trust_password, trust_md4_password); > > > -- SAFE_FREE(trust_password); > > > -- > > > - /* use get_dc_name() for consistency even through we know that it = will be=20 > > > - a netbios name */ > > > -=20 > > > ---=20 > > > -1.9.3 > > > - > > > - > > > -From d9160b0834f74508b711eeec0354aa43d5a1b215 Mon Sep 17 00:00:00 20= 01 > > > -From: Stefan Metzmacher > > > -Date: Mon, 2 Sep 2013 20:18:39 +0200 > > > -Subject: [PATCH 129/249] s3:libsmb: remove unused > > > - change_trust_account_password() > > > - > > > -Signed-off-by: Stefan Metzmacher > > > ---- > > > - source3/include/proto.h | 1 - > > > - source3/libsmb/trusts_util.c | 72 ---------------------------------= ----------- > > > - 2 files changed, 73 deletions(-) > > > - > > > -diff --git a/source3/include/proto.h b/source3/include/proto.h > > > -index 5e068d2..a40d3c1 100644 > > > ---- a/source3/include/proto.h > > > -+++ b/source3/include/proto.h > > > -@@ -989,7 +989,6 @@ NTSTATUS trust_pw_change_and_store_it(struct rpc= _pipe_client *cli, TALLOC_CTX *m > > > - NTSTATUS trust_pw_find_change_and_store_it(struct rpc_pipe_client *= cli,=20 > > > - TALLOC_CTX *mem_ctx,=20 > > > - const char *domain) ; > > > --NTSTATUS change_trust_account_password( const char *domain, const c= har *remote_machine); > > > -=20 > > > - /* The following definitions come from param/loadparm.c */ > > > -=20 > > > -diff --git a/source3/libsmb/trusts_util.c b/source3/libsmb/trusts_ut= il.c > > > -index 6156ba0..8a0e53d 100644 > > > ---- a/source3/libsmb/trusts_util.c > > > -+++ b/source3/libsmb/trusts_util.c > > > -@@ -135,75 +135,3 @@ NTSTATUS trust_pw_find_change_and_store_it(stru= ct rpc_pipe_client *cli, > > > - sec_channel_type); > > > - } > > > -=20 > > > --NTSTATUS change_trust_account_password( const char *domain, const c= har *remote_machine) > > > --{ > > > -- NTSTATUS nt_status =3D NT_STATUS_UNSUCCESSFUL; > > > -- struct sockaddr_storage pdc_ss; > > > -- fstring dc_name; > > > -- struct cli_state *cli =3D NULL; > > > -- struct rpc_pipe_client *netlogon_pipe =3D NULL; > > > -- > > > -- DEBUG(5,("change_trust_account_password: Attempting to change trus= t account password in domain %s....\n", > > > -- domain)); > > > -- > > > -- if (remote_machine =3D=3D NULL || !strcmp(remote_machine, "*")) { > > > -- /* Use the PDC *only* for this */ > > > -- > > > -- if ( !get_pdc_ip(domain, &pdc_ss) ) { > > > -- DEBUG(0,("Can't get IP for PDC for domain %s\n", domain)); > > > -- goto failed; > > > -- } > > > -- > > > -- if ( !name_status_find( domain, 0x1b, 0x20, &pdc_ss, dc_name) ) > > > -- goto failed; > > > -- } else { > > > -- /* supoport old deprecated "smbpasswd -j DOMAIN -r MACHINE" behav= ior */ > > > -- fstrcpy( dc_name, remote_machine ); > > > -- } > > > -- > > > -- /* if this next call fails, then give up. We can't do > > > -- password changes on BDC's --jerry */ > > > -- > > > -- if (!NT_STATUS_IS_OK(cli_full_connection(&cli, lp_netbios_name(), = dc_name, > > > -- NULL, 0, > > > -- "IPC$", "IPC", > > > -- "", "", > > > -- "", 0, SMB_SIGNING_DEFAULT))) { > > > -- DEBUG(0,("modify_trust_password: Connection to %s failed!\n", dc_= name)); > > > -- nt_status =3D NT_STATUS_UNSUCCESSFUL; > > > -- goto failed; > > > -- } > > > -- > > > -- /* > > > -- * Ok - we have an anonymous connection to the IPC$ share. > > > -- * Now start the NT Domain stuff :-). > > > -- */ > > > -- > > > -- /* Shouldn't we open this with schannel ? JRA. */ > > > -- > > > -- nt_status =3D cli_rpc_pipe_open_noauth( > > > -- cli, &ndr_table_netlogon, &netlogon_pipe); > > > -- if (!NT_STATUS_IS_OK(nt_status)) { > > > -- DEBUG(0,("modify_trust_password: unable to open the domain client= session to machine %s. Error was : %s.\n", > > > -- dc_name, nt_errstr(nt_status))); > > > -- cli_shutdown(cli); > > > -- cli =3D NULL; > > > -- goto failed; > > > -- } > > > -- > > > -- nt_status =3D trust_pw_find_change_and_store_it( > > > -- netlogon_pipe, netlogon_pipe, domain); > > > -- > > > -- cli_shutdown(cli); > > > -- cli =3D NULL; > > > -- > > > --failed: > > > -- if (!NT_STATUS_IS_OK(nt_status)) { > > > -- DEBUG(0,("%s : change_trust_account_password: Failed to change pa= ssword for domain %s.\n", > > > -- current_timestring(talloc_tos(), False), domain)); > > > -- } > > > -- else > > > -- DEBUG(5,("change_trust_account_password: sucess!\n")); > > > -- > > > -- return nt_status; > > > --} > > > ---=20 > > > -1.9.3 > > > - > > > - > > > -From c6b50a3d8c382f19a8ae16428d557928438be464 Mon Sep 17 00:00:00 20= 01 > > > -From: Stefan Metzmacher > > > -Date: Mon, 2 Sep 2013 20:19:28 +0200 > > > -Subject: [PATCH 130/249] s3:libsmb: inline trust_pw_change_and_store= _it() into > > > - trust_pw_find_change_and_store_it() > > > - > > > -Signed-off-by: Stefan Metzmacher > > > ---- > > > - source3/include/proto.h | 5 ----- > > > - source3/libsmb/trusts_util.c | 50 +++++++++++++--------------------= ----------- > > > - 2 files changed, 15 insertions(+), 40 deletions(-) > > > - > > > -diff --git a/source3/include/proto.h b/source3/include/proto.h > > > -index a40d3c1..216a377 100644 > > > ---- a/source3/include/proto.h > > > -+++ b/source3/include/proto.h > > > -@@ -981,11 +981,6 @@ void update_trustdom_cache( void ); > > > -=20 > > > - /* The following definitions come from libsmb/trusts_util.c */ > > > -=20 > > > --NTSTATUS trust_pw_change_and_store_it(struct rpc_pipe_client *cli, = TALLOC_CTX *mem_ctx,=20 > > > -- const char *domain, > > > -- const char *account_name, > > > -- unsigned char orig_trust_passwd_hash[16], > > > -- enum netr_SchannelType sec_channel_type); > > > - NTSTATUS trust_pw_find_change_and_store_it(struct rpc_pipe_client *= cli,=20 > > > - TALLOC_CTX *mem_ctx,=20 > > > - const char *domain) ; > > > -diff --git a/source3/libsmb/trusts_util.c b/source3/libsmb/trusts_ut= il.c > > > -index 8a0e53d..428e0c1 100644 > > > ---- a/source3/libsmb/trusts_util.c > > > -+++ b/source3/libsmb/trusts_util.c > > > -@@ -29,20 +29,27 @@ > > > -=20 > > > - /********************************************************* > > > - Change the domain password on the PDC. > > > -- Store the password ourselves, but use the supplied password > > > -- Caller must have already setup the connection to the NETLOGON pipe > > > -+ Do most of the legwork ourselfs. Caller must have > > > -+ already setup the connection to the NETLOGON pipe > > > - **********************************************************/ > > > -=20 > > > --NTSTATUS trust_pw_change_and_store_it(struct rpc_pipe_client *cli, = TALLOC_CTX *mem_ctx,=20 > > > -- const char *domain, > > > -- const char *account_name, > > > -- unsigned char orig_trust_passwd_hash[16], > > > -- enum netr_SchannelType sec_channel_type) > > > -+NTSTATUS trust_pw_find_change_and_store_it(struct rpc_pipe_client *= cli, > > > -+ TALLOC_CTX *mem_ctx, > > > -+ const char *domain) > > > - { > > > -+ unsigned char old_trust_passwd_hash[16]; > > > - unsigned char new_trust_passwd_hash[16]; > > > -+ enum netr_SchannelType sec_channel_type =3D SEC_CHAN_NULL; > > > -+ const char *account_name; > > > - char *new_trust_passwd; > > > - NTSTATUS nt_status; > > > -=20 > > > -+ if (!get_trust_pw_hash(domain, old_trust_passwd_hash, &account_nam= e, > > > -+ &sec_channel_type)) { > > > -+ DEBUG(0, ("could not fetch domain secrets for domain %s!\n", doma= in)); > > > -+ return NT_STATUS_UNSUCCESSFUL; > > > -+ } > > > -+ > > > - switch (sec_channel_type) { > > > - case SEC_CHAN_WKSTA: > > > - case SEC_CHAN_DOMAIN: > > > -@@ -64,7 +71,7 @@ NTSTATUS trust_pw_change_and_store_it(struct rpc_p= ipe_client *cli, TALLOC_CTX *m > > > -=20 > > > - nt_status =3D rpccli_netlogon_set_trust_password(cli, mem_ctx, > > > - account_name, > > > -- orig_trust_passwd_hash, > > > -+ old_trust_passwd_hash, > > > - new_trust_passwd, > > > - new_trust_passwd_hash, > > > - sec_channel_type); > > > -@@ -108,30 +115,3 @@ NTSTATUS trust_pw_change_and_store_it(struct rp= c_pipe_client *cli, TALLOC_CTX *m > > > -=20 > > > - return nt_status; > > > - } > > > -- > > > --/********************************************************* > > > -- Change the domain password on the PDC. > > > -- Do most of the legwork ourselfs. Caller must have > > > -- already setup the connection to the NETLOGON pipe > > > --**********************************************************/ > > > -- > > > --NTSTATUS trust_pw_find_change_and_store_it(struct rpc_pipe_client *= cli,=20 > > > -- TALLOC_CTX *mem_ctx,=20 > > > -- const char *domain)=20 > > > --{ > > > -- unsigned char old_trust_passwd_hash[16]; > > > -- enum netr_SchannelType sec_channel_type =3D SEC_CHAN_NULL; > > > -- const char *account_name; > > > -- > > > -- if (!get_trust_pw_hash(domain, old_trust_passwd_hash, &account_nam= e, > > > -- &sec_channel_type)) { > > > -- DEBUG(0, ("could not fetch domain secrets for domain %s!\n", doma= in)); > > > -- return NT_STATUS_UNSUCCESSFUL; > > > -- } > > > -- > > > -- return trust_pw_change_and_store_it(cli, mem_ctx, domain, > > > -- account_name, > > > -- old_trust_passwd_hash, > > > -- sec_channel_type); > > > --} > > > -- > > > ---=20 > > > -1.9.3 > > > - > > > - > > > -From fdac5d6b0ed96f262830a3a923b9d2a42d7fd98d Mon Sep 17 00:00:00 20= 01 > > > -From: Stefan Metzmacher > > > -Date: Fri, 20 Sep 2013 04:14:00 +0200 > > > -Subject: [PATCH 131/249] s4:librpc: make dcerpc_schannel_key_send/re= cv static > > > - > > > -Signed-off-by: Stefan Metzmacher > > > ---- > > > - source4/librpc/rpc/dcerpc_schannel.c | 4 ++-- > > > - 1 file changed, 2 insertions(+), 2 deletions(-) > > > - > > > -diff --git a/source4/librpc/rpc/dcerpc_schannel.c b/source4/librpc/r= pc/dcerpc_schannel.c > > > -index 130ebeb..cd62508 100644 > > > ---- a/source4/librpc/rpc/dcerpc_schannel.c > > > -+++ b/source4/librpc/rpc/dcerpc_schannel.c > > > -@@ -306,7 +306,7 @@ static void continue_srv_auth2(struct tevent_req= *subreq) > > > - Initiate establishing a schannel key using netlogon challenge > > > - on a secondary pipe > > > - */ > > > --struct composite_context *dcerpc_schannel_key_send(TALLOC_CTX *mem_= ctx, > > > -+static struct composite_context *dcerpc_schannel_key_send(TALLOC_CT= X *mem_ctx, > > > - struct dcerpc_pipe *p, > > > - struct cli_credentials *credentials, > > > - struct loadparm_context *lp_ctx) > > > -@@ -369,7 +369,7 @@ struct composite_context *dcerpc_schannel_key_se= nd(TALLOC_CTX *mem_ctx, > > > - /* > > > - Receive result of schannel key request > > > - */ > > > --NTSTATUS dcerpc_schannel_key_recv(struct composite_context *c) > > > -+static NTSTATUS dcerpc_schannel_key_recv(struct composite_context *= c) > > > - { > > > - NTSTATUS status =3D composite_wait(c); > > > - =09 > > > ---=20 > > > -1.9.3 > > > - > > > - > > > -From de42a3f8b1a69a5abd5fb1a95e1c5f80ee68430e Mon Sep 17 00:00:00 20= 01 > > > -From: Stefan Metzmacher > > > -Date: Fri, 20 Sep 2013 04:16:00 +0200 > > > -Subject: [PATCH 132/249] s4:librpc: let dcerpc_schannel_key_recv() r= eturn > > > - netlogon_creds_CredentialState > > > - > > > -cli_credentials_set_netlogon_creds() should only be used directly be= fore > > > -a DCERPC bind in order to pass the session information to the > > > -gensec layer. > > > - > > > -Signed-off-by: Stefan Metzmacher > > > ---- > > > - source4/librpc/rpc/dcerpc_schannel.c | 24 +++++++++++++++--------- > > > - 1 file changed, 15 insertions(+), 9 deletions(-) > > > - > > > -diff --git a/source4/librpc/rpc/dcerpc_schannel.c b/source4/librpc/r= pc/dcerpc_schannel.c > > > -index cd62508..c4bedfa 100644 > > > ---- a/source4/librpc/rpc/dcerpc_schannel.c > > > -+++ b/source4/librpc/rpc/dcerpc_schannel.c > > > -@@ -296,9 +296,6 @@ static void continue_srv_auth2(struct tevent_req= *subreq) > > > - return; > > > - } > > > -=20 > > > -- /* setup current netlogon credentials */ > > > -- cli_credentials_set_netlogon_creds(s->credentials, s->creds); > > > -- > > > - composite_done(c); > > > - } > > > -=20 > > > -@@ -369,10 +366,19 @@ static struct composite_context *dcerpc_schann= el_key_send(TALLOC_CTX *mem_ctx, > > > - /* > > > - Receive result of schannel key request > > > - */ > > > --static NTSTATUS dcerpc_schannel_key_recv(struct composite_context *= c) > > > -+static NTSTATUS dcerpc_schannel_key_recv(struct composite_context *= c, > > > -+ TALLOC_CTX *mem_ctx, > > > -+ struct netlogon_creds_CredentialState **creds) > > > - { > > > - NTSTATUS status =3D composite_wait(c); > > > --=09 > > > -+ > > > -+ if (NT_STATUS_IS_OK(status)) { > > > -+ struct schannel_key_state *s =3D > > > -+ talloc_get_type_abort(c->private_data, > > > -+ struct schannel_key_state); > > > -+ *creds =3D talloc_move(mem_ctx, &s->creds); > > > -+ } > > > -+ > > > - talloc_free(c); > > > - return status; > > > - } > > > -@@ -410,13 +416,15 @@ static void continue_schannel_key(struct compo= site_context *ctx) > > > - NTSTATUS status; > > > -=20 > > > - /* receive schannel key */ > > > -- status =3D c->status =3D dcerpc_schannel_key_recv(ctx); > > > -+ status =3D c->status =3D dcerpc_schannel_key_recv(ctx, s, &s->cred= s_state); > > > - if (!composite_is_ok(c)) { > > > - DEBUG(1, ("Failed to setup credentials: %s\n", nt_errstr(status))= ); > > > - return; > > > - } > > > -=20 > > > - /* send bind auth request with received creds */ > > > -+ cli_credentials_set_netlogon_creds(s->credentials, s->creds_state); > > > -+ > > > - auth_req =3D dcerpc_bind_auth_send(c, s->pipe, s->table, s->creden= tials,=20 > > > - lpcfg_gensec_settings(c, s->lp_ctx), > > > - DCERPC_AUTH_TYPE_SCHANNEL, s->auth_level, > > > -@@ -447,9 +455,6 @@ static void continue_bind_auth(struct composite_= context *ctx) > > > - &ndr_table_netlogon.syntax_id)) { > > > - ZERO_STRUCT(s->return_auth); > > > -=20 > > > -- s->creds_state =3D cli_credentials_get_netlogon_creds(s->credenti= als); > > > -- if (composite_nomem(s->creds_state, c)) return; > > > -- > > > - s->save_creds_state =3D *s->creds_state; > > > - netlogon_creds_client_authenticator(&s->save_creds_state, &s->aut= h); > > > -=20 > > > -@@ -528,6 +533,7 @@ static void continue_get_capabilities(struct tev= ent_req *subreq) > > > - } > > > -=20 > > > - *s->creds_state =3D s->save_creds_state; > > > -+ cli_credentials_set_netlogon_creds(s->credentials, s->creds_state); > > > -=20 > > > - if (!NT_STATUS_IS_OK(s->c.out.result)) { > > > - composite_error(c, s->c.out.result); > > > ---=20 > > > -1.9.3 > > > - > > > - > > > -From f6a6e4e91b676461dc8b6dd5abca4120d9bf920a Mon Sep 17 00:00:00 20= 01 > > > -From: Stefan Metzmacher > > > -Date: Fri, 20 Sep 2013 04:33:07 +0200 > > > -Subject: [PATCH 133/249] auth:credentials: avoid talloc_reference in > > > - cli_credentials_set_netlogon_creds() > > > - > > > -Typically cli_credentials_set_netlogon_creds() should be used direct= ly > > > -before the DCERPC bind. And cli_credentials_get_netlogon_creds() > > > -should be only used by the gensec layer, which only needs a copy. > > > - > > > -Signed-off-by: Stefan Metzmacher > > > ---- > > > - auth/credentials/credentials.c | 6 +++++- > > > - 1 file changed, 5 insertions(+), 1 deletion(-) > > > - > > > -diff --git a/auth/credentials/credentials.c b/auth/credentials/crede= ntials.c > > > -index 57a7c0b..9ce38d0 100644 > > > ---- a/auth/credentials/credentials.c > > > -+++ b/auth/credentials/credentials.c > > > -@@ -814,7 +814,11 @@ _PUBLIC_ void cli_credentials_guess(struct cli_= credentials *cred, > > > - _PUBLIC_ void cli_credentials_set_netlogon_creds(struct cli_credent= ials *cred,=20 > > > - struct netlogon_creds_CredentialState *netlogon_creds) > > > - { > > > -- cred->netlogon_creds =3D talloc_reference(cred, netlogon_creds); > > > -+ TALLOC_FREE(cred->netlogon_creds); > > > -+ if (netlogon_creds =3D=3D NULL) { > > > -+ return; > > > -+ } > > > -+ cred->netlogon_creds =3D netlogon_creds_copy(cred, netlogon_creds); > > > - } > > > -=20 > > > - /** > > > ---=20 > > > -1.9.3 > > > - > > > - > > > -From 14b9bb276a798ad71776ebcb698afeeb44aa173a Mon Sep 17 00:00:00 20= 01 > > > -From: Volker Lendecke > > > -Date: Sat, 9 Nov 2013 19:14:15 +0100 > > > -Subject: [PATCH 134/249] libsmb: Fix CID 1127343 Dead default in swi= tch > > > - > > > -We have checked sec_channel_type a few lines above already > > > - > > > -Signed-off-by: Volker Lendecke > > > -Reviewed-by: Ira Cooper > > > -(cherry picked from commit 1cae867f72b79995a02eed96265fe9f69ce945da) > > > ---- > > > - source3/libsmb/trusts_util.c | 2 -- > > > - 1 file changed, 2 deletions(-) > > > - > > > -diff --git a/source3/libsmb/trusts_util.c b/source3/libsmb/trusts_ut= il.c > > > -index 428e0c1..52fb481 100644 > > > ---- a/source3/libsmb/trusts_util.c > > > -+++ b/source3/libsmb/trusts_util.c > > > -@@ -108,8 +108,6 @@ NTSTATUS trust_pw_find_change_and_store_it(struc= t rpc_pipe_client *cli, > > > - } > > > - break; > > > - } > > > -- default: > > > -- break; > > > - } > > > - } > > > -=20 > > > ---=20 > > > -1.9.3 > > > - > > > - > > > -From efb32bbe25d534f69aca03e0945220cb5049c366 Mon Sep 17 00:00:00 20= 01 > > > -From: Stefan Metzmacher > > > -Date: Fri, 29 Nov 2013 09:46:01 +0100 > > > -Subject: [PATCH 135/249] s3:rpc_server: use make_session_info_guest(= ) directly > > > - > > > -This removes the useless static auth_anonymous_session_info() wrappe= r. > > > - > > > -auth_anonymous_session_info() is also a public function in source4. > > > - > > > -Signed-off-by: Stefan Metzmacher > > > -Reviewed-by: Andrew Bartlett > > > -(cherry picked from commit ae6720117ae5fb3c922486ce46e2b0d51e020301) > > > ---- > > > - source3/rpc_server/rpc_server.c | 22 ++++++---------------- > > > - 1 file changed, 6 insertions(+), 16 deletions(-) > > > - > > > -diff --git a/source3/rpc_server/rpc_server.c b/source3/rpc_server/rp= c_server.c > > > -index de54ddc..c3a7f28 100644 > > > ---- a/source3/rpc_server/rpc_server.c > > > -+++ b/source3/rpc_server/rpc_server.c > > > -@@ -37,19 +37,6 @@ > > > - #define SERVER_TCP_LOW_PORT 1024 > > > - #define SERVER_TCP_HIGH_PORT 1300 > > > -=20 > > > --static NTSTATUS auth_anonymous_session_info(TALLOC_CTX *mem_ctx, > > > -- struct auth_session_info **session_info) > > > --{ > > > -- NTSTATUS status; > > > -- > > > -- status =3D make_session_info_guest(mem_ctx, session_info); > > > -- if (!NT_STATUS_IS_OK(status)) { > > > -- return status; > > > -- } > > > -- > > > -- return NT_STATUS_OK; > > > --} > > > -- > > > - /* Creates a pipes_struct and initializes it with the information > > > - * sent from the client */ > > > - static int make_server_pipes_struct(TALLOC_CTX *mem_ctx, > > > -@@ -1067,11 +1054,14 @@ void dcerpc_ncacn_accept(struct tevent_conte= xt *ev_ctx, > > > - } > > > -=20 > > > - if (ncacn_conn->session_info =3D=3D NULL) { > > > -- status =3D auth_anonymous_session_info(ncacn_conn, > > > -- &ncacn_conn->session_info); > > > -+ /* > > > -+ * TODO: use auth_anonymous_session_info() here? > > > -+ */ > > > -+ status =3D make_session_info_guest(ncacn_conn, > > > -+ &ncacn_conn->session_info); > > > - if (!NT_STATUS_IS_OK(status)) { > > > - DEBUG(2, ("Failed to create " > > > -- "auth_anonymous_session_info - %s\n", > > > -+ "make_session_info_guest - %s\n", > > > - nt_errstr(status))); > > > - talloc_free(ncacn_conn); > > > - return; > > > ---=20 > > > -1.9.3 > > > - > > > - > > > -From 215d591403e63b785308ff5d6b2e3c87ad9ee408 Mon Sep 17 00:00:00 20= 01 > > > -From: Garming Sam > > > -Date: Fri, 29 Nov 2013 16:51:08 +1300 > > > -Subject: [PATCH 136/249] selftest: add new rpc client test > > > - > > > -Pair-programmed-with: Andrew Bartlett > > > - > > > -Signed-off-by: Garming Sam > > > -Signed-off-by: Andrew Bartlett > > > -Reviewed-by: Andrew Bartlett > > > -Reviewed-by: Stefan Metzmacher > > > -(cherry picked from commit 0e46205ff83d137ca486868e4376b258b6dfa1a2) > > > ---- > > > - source3/script/tests/test_rpcclient_samlogon.sh | 27 ++++++++++++++= +++++++++++ > > > - source3/selftest/tests.py | 2 ++ > > > - 2 files changed, 29 insertions(+) > > > - create mode 100755 source3/script/tests/test_rpcclient_samlogon.sh > > > - > > > -diff --git a/source3/script/tests/test_rpcclient_samlogon.sh b/sourc= e3/script/tests/test_rpcclient_samlogon.sh > > > -new file mode 100755 > > > -index 0000000..01af7f8 > > > ---- /dev/null > > > -+++ b/source3/script/tests/test_rpcclient_samlogon.sh > > > -@@ -0,0 +1,27 @@ > > > -+#!/bin/sh > > > -+ > > > -+if [ $# -lt 3 ]; then > > > -+cat < > > -+Usage: test_rpcclient_samlogon.sh USERNAME PASSWORD binding > > > -+EOF > > > -+exit 1; > > > -+fi > > > -+ > > > -+USERNAME=3D"$1" > > > -+PASSWORD=3D"$2" > > > -+shift 2 > > > -+ADDARGS=3D"$*" > > > -+ > > > -+rpcclient_samlogon() > > > -+{ > > > -+ $VALGRIND $BINDIR/rpcclient -U% -c "samlogon $USERNAME $PASSWORD;s= amlogon $USERNAME $PASSWORD" $@ > > > -+} > > > -+ > > > -+ > > > -+incdir=3D`dirname $0`/../../../testprogs/blackbox > > > -+. $incdir/subunit.sh > > > -+testit "rpcclient dsenumdomtrusts" $VALGRIND $BINDIR/rpcclient $ADD= ARGS -U% -c "dsenumdomtrusts" || failed=3D`expr $failed + 1` > > > -+testit "rpcclient getdcsitecoverage" $VALGRIND $BINDIR/rpcclient $A= DDARGS -U% -c "getdcsitecoverage" || failed=3D`expr $failed + 1` > > > -+testit "rpcclient samlogon" rpcclient_samlogon $ADDARGS || failed= =3D`expr $failed +1` > > > -+ > > > -+testok $0 $failed > > > -diff --git a/source3/selftest/tests.py b/source3/selftest/tests.py > > > -index 85d67d6..f9cc3d1 100755 > > > ---- a/source3/selftest/tests.py > > > -+++ b/source3/selftest/tests.py > > > -@@ -394,6 +394,8 @@ for s in signseal_options: > > > - plantestsuite("samba3.blackbox.rpcclient krb5 ncacn_np with= [%s%s%s] " % (a, s, e), "ktest:local", [os.path.join(samba3srcdir, "script= /tests/test_rpcclient.sh"), > > > - = "$PREFIX/ktest/k= rb5_ccache-3", binding_string, "-k", configuration]) > > > -=20 > > > -+plantestsuite("samba3.blackbox.rpcclient_samlogon", "s3member:local= ", [os.path.join(samba3srcdir, "script/tests/test_rpcclient_samlogon.sh"), > > > -+ "$DC_USERNAME", "$DC_PASSWORD", "ncacn_np:$DC_SERVER= ", configuration]) > > > -=20 > > > - options_list =3D ["", "-e"] > > > - for options in options_list: > > > ---=20 > > > -1.9.3 > > > - > > > - > > > -From 05251d449931c29a0bb0c0b8ad194253dc5b66cb Mon Sep 17 00:00:00 20= 01 > > > -From: Stefan Metzmacher > > > -Date: Fri, 29 Nov 2013 08:45:38 +0100 > > > -Subject: [PATCH 137/249] s3:rpcclient: close the connection if setti= ng up the > > > - netlogon secure channel fails > > > - > > > -This is based on a patch from Garming Sam . > > > - > > > -Signed-off-by: Stefan Metzmacher > > > -Reviewed-by: Andrew Bartlett > > > -(cherry picked from commit 2fae806550f3355298541a344b217bf810bf92e4) > > > ---- > > > - source3/rpcclient/rpcclient.c | 5 +++++ > > > - 1 file changed, 5 insertions(+) > > > - > > > -diff --git a/source3/rpcclient/rpcclient.c b/source3/rpcclient/rpccl= ient.c > > > -index cb7b70f..0cbec20 100644 > > > ---- a/source3/rpcclient/rpcclient.c > > > -+++ b/source3/rpcclient/rpcclient.c > > > -@@ -768,6 +768,10 @@ static NTSTATUS do_cmd(struct cli_state *cli, > > > - trust_password, &machine_account, > > > - &sec_channel_type)) > > > - { > > > -+ DEBUG(0, ("Failed to fetch trust password for %s to connect to = %s.\n", > > > -+ get_cmdline_auth_info_domain(auth_info), > > > -+ cmd_entry->table->name)); > > > -+ TALLOC_FREE(cmd_entry->rpc_pipe); > > > - talloc_free(mem_ctx); > > > - return NT_STATUS_CANT_ACCESS_DOMAIN_INFO; > > > - } > > > -@@ -784,6 +788,7 @@ static NTSTATUS do_cmd(struct cli_state *cli, > > > - if (!NT_STATUS_IS_OK(ntresult)) { > > > - DEBUG(0, ("Could not initialise credentials for %s.\n", > > > - cmd_entry->table->name)); > > > -+ TALLOC_FREE(cmd_entry->rpc_pipe); > > > - talloc_free(mem_ctx); > > > - return ntresult; > > > - } > > > ---=20 > > > -1.9.3 > > > - > > > - > > > -From 8d3336b9a61a185a4194313fec338321fed6b151 Mon Sep 17 00:00:00 20= 01 > > > -From: Garming Sam > > > -Date: Mon, 2 Dec 2013 13:20:39 +1300 > > > -Subject: [PATCH 138/249] selftest: add new credential change test > > > - > > > -Signed-off-by: Garming Sam > > > -Reviewed-by: Stefan Metzmacher > > > -Reviewed-by: Andrew Bartlett > > > -(cherry picked from commit 48820b95285f7dffd827143ba56f432f3e283a6f) > > > ---- > > > - source3/script/tests/test_net_cred_change.sh | 16 ++++++++++++++++ > > > - source3/selftest/tests.py | 3 +++ > > > - 2 files changed, 19 insertions(+) > > > - create mode 100755 source3/script/tests/test_net_cred_change.sh > > > - > > > -diff --git a/source3/script/tests/test_net_cred_change.sh b/source3/= script/tests/test_net_cred_change.sh > > > -new file mode 100755 > > > -index 0000000..9013d07 > > > ---- /dev/null > > > -+++ b/source3/script/tests/test_net_cred_change.sh > > > -@@ -0,0 +1,16 @@ > > > -+#!/bin/sh > > > -+ > > > -+if [ $# -lt 1 ]; then > > > -+cat < > > -+Usage: test_net_cred_change.sh CONFIGURATION > > > -+EOF > > > -+exit 1; > > > -+fi > > > -+ > > > -+incdir=3D`dirname $0`/../../../testprogs/blackbox > > > -+. $incdir/subunit.sh > > > -+testit "first change" $VALGRIND $BINDIR/wbinfo -c || failed =3D`exp= r $failed + 1` > > > -+testit "first join" $VALGRIND $BINDIR/net rpc testjoin $@ || failed= =3D`expr $failed + 1` > > > -+testit "second change" $VALGRIND $BINDIR/wbinfo -c || failed =3D`ex= pr $failed + 1` > > > -+ > > > -+testok $0 $failed > > > -diff --git a/source3/selftest/tests.py b/source3/selftest/tests.py > > > -index f9cc3d1..aac1bbb 100755 > > > ---- a/source3/selftest/tests.py > > > -+++ b/source3/selftest/tests.py > > > -@@ -165,6 +165,9 @@ for env in ["s3dc", "member", "s3member"]: > > > -=20 > > > - plantestsuite("samba3.ntlm_auth.(%s:local)" % env, "%s:local" %= env, [os.path.join(samba3srcdir, "script/tests/test_ntlm_auth_s3.sh"), val= grindify(python), samba3srcdir, ntlm_auth3, '$DOMAIN', '$DC_USERNAME', '$D= C_PASSWORD', configuration]) > > > -=20 > > > -+for env in ["member", "s3member"]: > > > -+ plantestsuite("samba3.blackbox.net_cred_change.(%s:local)" % en= v, "%s:local" % env, [os.path.join(samba3srcdir, "script/tests/test_net_cre= d_change.sh"), configuration]) > > > -+ > > > - env =3D "s3member" > > > - t =3D "--krb5auth=3D$DOMAIN\\\\$DC_USERNAME%$DC_PASSWORD" > > > - plantestsuite("samba3.wbinfo_s3.(%s:local).%s" % (env, t), "%s:loca= l" % env, [os.path.join(samba3srcdir, "script/tests/test_wbinfo_s3.sh"), t]) > > > ---=20 > > > -1.9.3 > > > - > > > - > > > -From 4b97cece12602437f3a2c9a395f5ed62cc00c0c4 Mon Sep 17 00:00:00 20= 01 > > > -From: Garming Sam > > > -Date: Mon, 23 Dec 2013 17:12:39 +1300 > > > -Subject: [PATCH 139/249] selftest: add rodc and other env tests for = wbinfo > > > - > > > -Pair-programmed-with: Andrew Bartlett > > > -Signed-off-by: Garming Sam > > > -Reviewed-by: Stefan Metzmacher > > > - > > > -Autobuild-User(master): Stefan Metzmacher > > > -Autobuild-Date(master): Mon Dec 23 17:17:39 CET 2013 on sn-devel-104 > > > -(cherry picked from commit 819e1f561df5074ae21db77c6558b34f4b0e1351) > > > ---- > > > - source4/selftest/tests.py | 4 ++-- > > > - 1 file changed, 2 insertions(+), 2 deletions(-) > > > - > > > -diff --git a/source4/selftest/tests.py b/source4/selftest/tests.py > > > -index e738d1d9..c3a33c7 100755 > > > ---- a/source4/selftest/tests.py > > > -+++ b/source4/selftest/tests.py > > > -@@ -309,8 +309,8 @@ plantestsuite("samba4.blackbox.locktest(dc)", "d= c", [os.path.join(samba4srcdir, > > > - plantestsuite("samba4.blackbox.masktest", "dc", [os.path.join(samba= 4srcdir, "torture/tests/test_masktest.sh"), '$SERVER', '$USERNAME', '$PASSW= ORD', '$DOMAIN', '$PREFIX']) > > > - plantestsuite("samba4.blackbox.gentest(dc)", "dc", [os.path.join(sa= mba4srcdir, "torture/tests/test_gentest.sh"), '$SERVER', '$USERNAME', '$PAS= SWORD', '$DOMAIN', "$PREFIX"]) > > > - plantestsuite("samba4.blackbox.rfc2307_mapping(dc:local)", "dc:loca= l", [os.path.join(samba4srcdir, "../nsswitch/tests/test_rfc2307_mapping.sh"= ), '$DOMAIN', '$USERNAME', '$PASSWORD', "$SERVER", "$UID_RFC2307TEST", "$GI= D_RFC2307TEST", configuration]) > > > --plantestsuite("samba4.blackbox.wbinfo(dc:local)", "dc:local", [os.p= ath.join(samba4srcdir, "../nsswitch/tests/test_wbinfo.sh"), '$DOMAIN', '$US= ERNAME', '$PASSWORD', "dc"]) > > > --plantestsuite("samba4.blackbox.wbinfo(s4member:local)", "s4member:l= ocal", [os.path.join(samba4srcdir, "../nsswitch/tests/test_wbinfo.sh"), '$D= OMAIN', '$DC_USERNAME', '$DC_PASSWORD', "s4member"]) > > > -+for env in ["dc", "s4member", "rodc", "promoted_dc"]: > > > -+ plantestsuite("samba4.blackbox.wbinfo(%s:local)" % env, "%s:loc= al" % env, [os.path.join(samba4srcdir, "../nsswitch/tests/test_wbinfo.sh"),= '$DOMAIN', '$DC_USERNAME', '$DC_PASSWORD', env]) > > > - plantestsuite("samba4.blackbox.chgdcpass", "chgdcpass", [os.path.jo= in(bbdir, "test_chgdcpass.sh"), '$SERVER', "CHGDCPASS\$", '$REALM', '$DOMAI= N', '$PREFIX', "aes256-cts-hmac-sha1-96", '$SELFTEST_PREFIX/chgdcpass', smb= client4]) > > > - plantestsuite("samba4.blackbox.samba_upgradedns(chgdcpass:local)", = "chgdcpass:local", [os.path.join(bbdir, "test_samba_upgradedns.sh"), '$SERV= ER', '$REALM', '$PREFIX', '$SELFTEST_PREFIX/chgdcpass']) > > > - plantestsuite_loadlist("samba4.rpc.echo against NetBIOS alias", "dc= ", [valgrindify(smbtorture4), "$LISTOPT", 'ncacn_np:$NETBIOSALIAS', '-U$DOM= AIN/$USERNAME%$PASSWORD', 'rpc.echo']) > > > ---=20 > > > -1.9.3 > > > - > > > - > > > -From 689deff949e8ce9b6aa900e7b0c714d5a025d516 Mon Sep 17 00:00:00 20= 01 > > > -From: Stefan Metzmacher > > > -Date: Tue, 17 Dec 2013 19:35:37 +0100 > > > -Subject: [PATCH 140/249] libcli/auth: set the return_authenticator->= timestamp > > > - =3D 0 > > > - > > > -This is what windows returns, the value is ignored by the client any= way. > > > - > > > -Signed-off-by: Stefan Metzmacher > > > -Reviewed-by: Andrew Bartlett > > > -(cherry picked from commit 202bcf9096e53d94b294936d6144ae77f1536b72) > > > ---- > > > - libcli/auth/credentials.c | 2 +- > > > - 1 file changed, 1 insertion(+), 1 deletion(-) > > > - > > > -diff --git a/libcli/auth/credentials.c b/libcli/auth/credentials.c > > > -index 1f664d3..197db86 100644 > > > ---- a/libcli/auth/credentials.c > > > -+++ b/libcli/auth/credentials.c > > > -@@ -479,7 +479,7 @@ NTSTATUS netlogon_creds_server_step_check(struct= netlogon_creds_CredentialState > > > - netlogon_creds_step(creds); > > > - if (netlogon_creds_server_check_internal(creds, &received_authenti= cator->cred)) { > > > - return_authenticator->cred =3D creds->server; > > > -- return_authenticator->timestamp =3D creds->sequence; > > > -+ return_authenticator->timestamp =3D 0; > > > - return NT_STATUS_OK; > > > - } else { > > > - ZERO_STRUCTP(return_authenticator); > > > ---=20 > > > -1.9.3 > > > - > > > - > > > -From fe8a979787c9528bb3b403272be3dc6a313bbebd Mon Sep 17 00:00:00 20= 01 > > > -From: Stefan Metzmacher > > > -Date: Tue, 17 Dec 2013 19:40:15 +0100 > > > -Subject: [PATCH 141/249] libcli/auth: remove bogus comment regarding= replay > > > - attacks > > > - > > > -creds->sequence (timestamp) is the value that is used to increment t= he internal > > > -state, it's not a real sequence number. The sequence comes > > > -from adding all timestamps of the whole session. > > > - > > > -Signed-off-by: Stefan Metzmacher > > > -Reviewed-by: Andrew Bartlett > > > -(cherry picked from commit 636daac3b7b08ccb8845dab060157918d296ef67) > > > ---- > > > - libcli/auth/credentials.c | 2 -- > > > - 1 file changed, 2 deletions(-) > > > - > > > -diff --git a/libcli/auth/credentials.c b/libcli/auth/credentials.c > > > -index 197db86..afb4a04 100644 > > > ---- a/libcli/auth/credentials.c > > > -+++ b/libcli/auth/credentials.c > > > -@@ -473,8 +473,6 @@ NTSTATUS netlogon_creds_server_step_check(struct= netlogon_creds_CredentialState > > > - return NT_STATUS_ACCESS_DENIED; > > > - } > > > -=20 > > > -- /* TODO: this may allow the a replay attack on a non-signed > > > -- connection. Should we check that this is increasing? */ > > > - creds->sequence =3D received_authenticator->timestamp; > > > - netlogon_creds_step(creds); > > > - if (netlogon_creds_server_check_internal(creds, &received_authenti= cator->cred)) { > > > ---=20 > > > -1.9.3 > > > - > > > - > > > -From 1f6a52bb1f756be05e28dc9e16725ac73b005d00 Mon Sep 17 00:00:00 20= 01 > > > -From: Stefan Metzmacher > > > -Date: Tue, 17 Dec 2013 19:55:12 +0100 > > > -Subject: [PATCH 142/249] libcli/auth: try to use the current timesta= mp > > > - creds->sequence > > > - > > > -If the last usage of netlogon_creds_client_authenticator() > > > -is in the past try to use the current timestamp and increment > > > -more than just 2. > > > - > > > -If we use netlogon_creds_client_authenticator() a lot within a > > > -second, we increment keep incrementing by 2. > > > - > > > -Signed-off-by: Stefan Metzmacher > > > -Reviewed-by: Andrew Bartlett > > > - > > > -Autobuild-User(master): Stefan Metzmacher > > > -Autobuild-Date(master): Tue Dec 24 13:18:18 CET 2013 on sn-devel-104 > > > -(cherry picked from commit e6afeae69537f55ed187b28b60ad29b9e237ec6e) > > > ---- > > > - libcli/auth/credentials.c | 22 ++++++++++++++++++++++ > > > - 1 file changed, 22 insertions(+) > > > - > > > -diff --git a/libcli/auth/credentials.c b/libcli/auth/credentials.c > > > -index afb4a04..f52538a 100644 > > > ---- a/libcli/auth/credentials.c > > > -+++ b/libcli/auth/credentials.c > > > -@@ -344,7 +344,29 @@ struct netlogon_creds_CredentialState *netlogon= _creds_client_init_session_key(TA > > > - void netlogon_creds_client_authenticator(struct netlogon_creds_Cred= entialState *creds, > > > - struct netr_Authenticator *next) > > > - { > > > -+ uint32_t t32n =3D (uint32_t)time(NULL); > > > -+ > > > -+ /* > > > -+ * we always increment and ignore an overflow here > > > -+ */ > > > - creds->sequence +=3D 2; > > > -+ > > > -+ if (t32n > creds->sequence) { > > > -+ /* > > > -+ * we may increment more > > > -+ */ > > > -+ creds->sequence =3D t32n; > > > -+ } else { > > > -+ uint32_t d =3D creds->sequence - t32n; > > > -+ > > > -+ if (d >=3D INT32_MAX) { > > > -+ /* > > > -+ * got an overflow of time_t vs. uint32_t > > > -+ */ > > > -+ creds->sequence =3D t32n; > > > -+ } > > > -+ } > > > -+ > > > - netlogon_creds_step(creds); > > > -=20 > > > - next->cred =3D creds->client; > > > ---=20 > > > -1.9.3 > > > - > > > - > > > -From 1cc32f5bf176a6daba93603a5b9aa4fc4fe42479 Mon Sep 17 00:00:00 20= 01 > > > -From: Stefan Metzmacher > > > -Date: Fri, 3 Jan 2014 12:56:38 +0100 > > > -Subject: [PATCH 143/249] s4:selftest: run wbinfo tests at the end... > > > - > > > -This avoids flakey crashes in the promoted_dc environment. > > > - > > > -See the examples below, we had up to 50% of the daily build failing.= =2E. > > > - > > > -Signed-off-by: Stefan Metzmacher > > > -Reviewed-by: Andrew Bartlett > > > - > > > -https://git.samba.org/autobuild.flakey/2013-12-23-1942/samba.stdout > > > - > > > - [1586/1594 in 1h39m20s] samba4.drs.fsmo.python(promoted_dc) > > > - Testing for schema role transfer from localdc.samba.example.com to= PROMOTEDVDC.samba.example.com > > > - FSMO transfer of 'schema' role successful > > > - Testing for schema role transfer from PROMOTEDVDC.samba.example.co= m to localdc.samba.example.com > > > - ERROR: Failed to initiate transfer of 'schema' role: LDAP error 52= LDAP_UNAVAILABLE - <> > > > - UNEXPECTED(failure): samba4.drs.fsmo.python(promoted_dc).fsmo.DrsF= smoTestCase.test_SchemaMasterTransfer(promoted_dc) > > > - REASON: _StringException: _StringException: Content-Type: text/x-t= raceback;charset=3Dutf8,language=3Dpython > > > - traceback > > > - 380 > > > - > > > -https://git.samba.org/autobuild.flakey/2013-12-24-1546/samba.stdout > > > - > > > - [1583/1594 in 1h36m4s] samba.tests.blackbox.samba_tool_drs > > > - ERROR: Testsuite[samba.tests.blackbox.samba_tool_drs] > > > - REASON: unable to set up environment promoted_dc - exiting > > > - > > > -https://git.samba.org/autobuild.flakey/2013-12-24-1546/samba.stderr > > > - > > > - Unable to convert 1.2.840.86419.1.5.9939 to an attid, and can_chan= ge_pfm=3Dfalse! > > > - Unable to convert governsID on CN=3Dtest-class30318,CN=3DSchema,CN= =3DConfiguration,DC=3Dsamba,DC=3Dexample,DC=3Dcom to DRS object - WERR_NOT_= FOUND > > > - ../source4/rpc_server/drsuapi/getncchanges.c:1646: DsGetNCChanges = 2nd replication on different DN CN=3DConfiguration,DC=3Dsamba,DC=3Dexample,= DC=3Dcom CN=3DSchema,CN=3DConfiguration,DC=3Dsamba,DC=3Dexample,DC=3Dcom (l= ast_dn CN=3DSchema,CN=3DConfiguration,DC=3Dsamba,DC=3Dexample,DC=3Dcom) > > > - =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D > > > - INTERNAL ERROR: Signal 11 in pid 884274 (4.2.0pre1-DEVELOPERBUILD) > > > - Please read the Trouble-Shooting section of the Samba HOWTO > > > - =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D > > > - smb_panic(): calling panic action [/memdisk/autobuild/fl/b302436/s= amba/selftest/gdb_backtrace 884274] > > > - [Thread debugging using libthread_db enabled] > > > - 0x00002af6b5c1977e in __libc_waitpid (pid=3D, > > > - stat_loc=3D0x7fff67c7709c, options=3D) > > > - at ../sysdeps/unix/sysv/linux/waitpid.c:32 > > > - 32 ../sysdeps/unix/sysv/linux/waitpid.c: No such file or directory. > > > - in ../sysdeps/unix/sysv/linux/waitpid.c > > > - #0 0x00002af6b5c1977e in __libc_waitpid (pid=3D, > > > - stat_loc=3D0x7fff67c7709c, options=3D) > > > - at ../sysdeps/unix/sysv/linux/waitpid.c:32 > > > - oldtype =3D > > > - result =3D > > > - #1 0x00002af6b5baeb39 in do_system (line=3D) > > > - at ../sysdeps/posix/system.c:149 > > > - __result =3D -512 > > > - _buffer =3D {__routine =3D 0x2af6b5baee90 , > > > - __arg =3D 0x7fff67c77098, __canceltype =3D 0, __prev =3D= 0x0} > > > - _avail =3D 1 > > > - status =3D > > > - save =3D > > > - pid =3D 886733 > > > - sa =3D {__sigaction_handler =3D {sa_handler =3D 0x1, sa_si= gaction =3D 0x1}, > > > - sa_mask =3D {__val =3D {65536, 0 }}, s= a_flags =3D 0, > > > - sa_restorer =3D 0x2af6b5b730f0} > > > - omask =3D {__val =3D {7808, 4294967295, 140734934511616, 1= , 2195512, 0, > > > - 0, 0, 47239032274944, 47239027992529, 140733193388033,= 0, 0, > > > - 47239099003120, 140734934511792, 47239558787328}} > > > - #2 0x00002af6b311821f in smb_panic_default ( > > > - why=3D0x2af6b312a875 "internal error") at ../lib/util/fault.c:= 134 > > > - result =3D 32767 > > > - pidstr =3D "884274\000\000\001\375\376\320\366*\000\000\26= 0\377\377\377" > > > - cmdstring =3D "/memdisk/autobuild/fl/b302436/samba/selftes= t/gdb_backtrace 884274\000\307g\377\177\000\000\001\000\000\000\000\000\000= \000\320\301#", '\000' "\240, \017\263\366*\000\000\321\2= 47{\261\366*\000\000\001\000\000\000\005", '\000' "\260, = \016\v\321\366*\000\000X\351\017\263\366*\000\000\260q\307g\377\177\000\000= \000\361\036\321\366*\000\000\020r\307g\377\177\000\000\240\301z\326\366*\0= 00\000\000Z\304\320\366*\000" > > > - __FUNCTION__ =3D "smb_panic_default" > > > - #3 0x00002af6b31183b5 in smb_panic (why=3D0x2af6b312a875 "interna= l error") > > > - at ../lib/util/fault.c:162 > > > - No locals. > > > - #4 0x00002af6b311809f in fault_report (sig=3D11) at ../lib/util/f= ault.c:77 > > > - counter =3D 1 > > > - __FUNCTION__ =3D "fault_report" > > > - #5 0x00002af6b31180b4 in sig_fault (sig=3D11) at ../lib/util/faul= t.c:88 > > > - No locals. > > > - #6 > > > - No symbol table info available. > > > - #7 0x00002af6cabef930 in replmd_check_urgent_objectclass ( > > > - objectclass_el=3D0x0, situation=3DREPL_URGENT_ON_UPDATE) > > > - at ../source4/dsdb/samdb/ldb_modules/repl_meta_data.c:205 > > > - i =3D 2 > > > - j =3D 0 > > > - #8 0x00002af6cabf29b6 in replmd_update_rpmd (module=3D0x2af6b17f2= c20, > > > - schema=3D0x2af6d05e5570, req=3D0x2af6d05e8ad0, rename_attrs=3D= 0x0, > > > - msg=3D0x2af6d11ef100, seq_num=3D0x2af6d0c315b8, t=3D1387895162, > > > - is_urgent=3D0x7fff67c778bf, rodc=3D0x7fff67c778be) > > > - at ../source4/dsdb/samdb/ldb_modules/repl_meta_data.c:1432 > > > - omd_value =3D 0x7fff67c77810 > > > - ndr_err =3D 3508465920 > > > - omd =3D {version =3D 1741125552, reserved =3D 32767, ctr = =3D {ctr1 =3D { > > > - count =3D 3008684740, reserved =3D 10998, array =3D = 0x7fff67c777b0}}} > > > - i =3D 10998 > > > - now =3D 130323687620000000 > > > - our_invocation_id =3D 0x2af6d1796390 > > > - ret =3D 0 > > > - attrs =3D 0x7fff67c77750 > > > - attrs1 =3D {0x2af6cabff775 "replPropertyMetaData", 0x2af6c= abffc8b "*", > > > - 0x0} > > > - attrs2 =3D {0x2af6cabff76a "uSNChanged", 0x2af6cabffa98 "o= bjectClass", > > > - 0x2af6cabffc8d "instanceType", 0x0} > > > - res =3D 0x2af6d10b0eb0 > > > - ldb =3D 0x2af6b17f2470 > > > - objectclass_el =3D 0x0 > > > - situation =3D REPL_URGENT_ON_UPDATE > > > - rmd_is_provided =3D false > > > - __FUNCTION__ =3D "replmd_update_rpmd" > > > - #9 0x00002af6cabf5a06 in replmd_modify (module=3D0x2af6b17f2c20, > > > - req=3D0x2af6d05e8ad0) > > > - at ../source4/dsdb/samdb/ldb_modules/repl_meta_data.c:2455 > > > - msds_intid_struct =3D 0x2af6d05e8ad0 > > > - ldb =3D 0x2af6b17f2470 > > > - ac =3D 0x2af6d0c31580 > > > - down_req =3D 0x2af6d0e6a100 > > > - msg =3D 0x2af6d11ef100 > > > - t =3D 1387895162 > > > - ret =3D 1741125936 > > > - is_urgent =3D false > > > - rodc =3D false > > > - functional_level =3D 3 > > > - guid_blob =3D 0x0 > > > - sd_propagation_control =3D 0x0 > > > - #10 0x00002af6bf69f94d in dsdb_module_modify (module=3D0x2af6b17f2= c20, > > > - message=3D0x2af6d1183fe0, dsdb_flags=3D4194304, parent=3D0x2af= 6ce6ea980) > > > - at ../source4/dsdb/samdb/ldb_modules/util.c:460 > > > - ops =3D 0x2af6cae06b40 > > > - mod_req =3D 0x2af6d05e8ad0 > > > - ret =3D 0 > > > - ldb =3D 0x2af6b17f2470 > > > - tmp_ctx =3D 0x2af6d0ed62f0 > > > - res =3D 0x2af6d0e6a100 > > > - __FUNCTION__ =3D "dsdb_module_modify" > > > - #11 0x00002af6cabf7ebc in replmd_delete_internals (module=3D0x2af6= b17f2c20, > > > - req=3D0x2af6ce6ea980, re_delete=3Dtrue) > > > - at ../source4/dsdb/samdb/ldb_modules/repl_meta_data.c:3309 > > > - ret =3D 0 > > > - retb =3D true > > > - disallow_move_on_delete =3D false > > > - old_dn =3D 0x2af6d6a2a010 > > > - new_dn =3D 0x2af6d0794a90 > > > - rdn_name =3D 0x2af6d0885c10 "CN" > > > - rdn_value =3D 0x2af6d10d7368 > > > - new_rdn_value =3D 0x2af6d0c45a00 > > > - guid =3D {time_low =3D 48, time_mid =3D 0, time_hi_and_ver= sion =3D 0, > > > - clock_seq =3D "\200\251", node =3D "n\316\366*\000"} > > > - ldb =3D 0x2af6b17f2470 > > > - schema =3D 0x2af6d05e5570 > > > - msg =3D 0x2af6d1183fe0 > > > - old_msg =3D 0x2af6d1902800 > > > - el =3D 0x2af6d0874900 > > > - tmp_ctx =3D 0x2af6d0b77560 > > > - res =3D 0x2af6d0d57980 > > > - parent_res =3D 0x30 > > > - preserved_attrs =3D {0x2af6cac00fe1 "nTSecurityDescriptor", > > > - 0x2af6cac055c3 "attributeID", 0x2af6cac055cf "attributeS= yntax", > > > - 0x2af6cac055df "dNReferenceUpdate", 0x2af6cac055f1 "dNSH= ostName", > > > - 0x2af6cac055fd "flatName", 0x2af6cac05606 "governsID", > > > - 0x2af6cac05610 "groupType", 0x2af6cabffc8d "instanceType= ", > > > - 0x2af6cac0561a "lDAPDisplayName", > > > - 0x2af6cac0562a "legacyExchangeDN", 0x2af6cabfe94d "isDel= eted", > > > - 0x2af6cabfe957 "isRecycled", 0x2af6cac020f8 "lastKnownPa= rent", > > > - 0x2af6cac021e8 "msDS-LastKnownRDN", > > > - 0x2af6cac0563b "mS-DS-CreatorSID", 0x2af6cac0564c "mSMQO= wnerID", > > > - 0x2af6cac05658 "nCName", 0x2af6cabffa98 "objectClass", > > > - 0x2af6cac0565f "distinguishedName", 0x2af6cabff5b5 "obje= ctGUID", > > > - 0x2af6cac05671 "objectSid", 0x2af6cac0567b "oMSyntax", > > > - 0x2af6cac05684 "proxiedObjectName", 0x2af6cac014d8 "name= ", > > > - 0x2af6cabff775 "replPropertyMetaData", > > > - 0x2af6cac05696 "sAMAccountName", > > > - 0x2af6cac056a5 "securityIdentifier", 0x2af6cac056b8 "sID= History", > > > - 0x2af6cac056c3 "subClassOf", 0x2af6cac01ba8 "systemFlags= ", > > > - 0x2af6cac056ce "trustPartner", 0x2af6cac056db "trustDire= ction", > > > - 0x2af6cac056ea "trustType", 0x2af6cac056f4 "trustAttribu= tes", > > > - 0x2af6cabfe9b8 "userAccountControl", 0x2af6cabff76a "uSN= Changed", > > > - 0x2af6cabff75f "uSNCreated", 0x2af6cabff747 "whenCreated= ", > > > - 0x2af6cabff753 "whenChanged", 0x0} > > > - i =3D 12 > > > - el_count =3D 1 > > > - deletion_state =3D OBJECT_TOMBSTONE > > > - next_deletion_state =3D OBJECT_TOMBSTONE > > > - __FUNCTION__ =3D "replmd_delete_internals" > > > - #12 0x00002af6cabfbbe3 in replmd_replicated_apply_isDeleted ( > > > - ar=3D0x2af6d74c0b40) > > > - at ../source4/dsdb/samdb/ldb_modules/repl_meta_data.c:4718 > > > - del_req =3D 0x2af6ce6ea980 > > > - res =3D 0x2af6d0cdebf0 > > > - tmp_ctx =3D 0x2af6d0949230 > > > - deleted_objects_dn =3D 0x2af6d1a49f00 > > > - msg =3D 0x2af6d0a39620 > > > - ret =3D 0 > > > - #13 0x00002af6cabf0766 in replmd_op_callback (req=3D0x2af6d05a21e0, > > > - ares=3D0x2af6d0d715c0) > > > - at ../source4/dsdb/samdb/ldb_modules/repl_meta_data.c:526 > > > - ret =3D 10998 > > > - ac =3D 0x2af6d74c0b40 > > > - replmd_private =3D 0x2af6b188c7c0 > > > - modified_partition =3D 0x2af6d141b670 > > > - partition_ctrl =3D 0x2af6d1905f40 > > > - partition =3D 0x2af6ce6bdbe0 > > > - controls =3D 0x0 > > > - __FUNCTION__ =3D "replmd_op_callback" > > > - #14 0x00002af6b1df7ca2 in ldb_module_done (req=3D0x2af6d05a21e0, > > > - ctrls=3D0x2af6d1629aa0, response=3D0x0, error=3D0) > > > - at ../lib/ldb/common/ldb_modules.c:832 > > > - ares =3D 0x2af6d0d715c0 > > > - #15 0x00002af6cabf896b in replmd_op_possible_conflict_callback ( > > > - req=3D0x2af6d05a21e0, ares=3D0x2af6b1883eb0, > > > - callback=3D0x2af6cabf0334 ) > > > - at ../source4/dsdb/samdb/ldb_modules/repl_meta_data.c:3606 > > > - conflict_dn =3D 0x2af6cac03470 > > > - ar =3D 0x2af6d74c0b40 > > > - res =3D 0x2af6b354f89b > > > - attrs =3D {0x2af6cabff775 "replPropertyMetaData", > > > - 0x2af6cabff5b5 "objectGUID", 0x0} > > > - ret =3D -682882240 > > > - omd_value =3D 0x7fff67c77e20 > > > - omd =3D {version =3D 1741127104, reserved =3D 32767, ctr = =3D {ctr1 =3D { > > > - count =3D 0, reserved =3D 0, array =3D 0x28}}} > > > - rmd =3D 0x2af6d74c0ae0 > > > - ndr_err =3D 10998 > > > - rename_incoming_record =3D false > > > - rodc =3D false > > > - rmd_name =3D 0x7fff67c77e10 > > > - omd_name =3D 0x2af6d74c0b40 > > > - msg =3D 0x2af6b1883e50 > > > - __FUNCTION__ =3D "replmd_op_possible_conflict_callback" > > > - #16 0x00002af6cabf93fb in replmd_op_add_callback (req=3D0x2af6d05a= 21e0, > > > - ares=3D0x2af6b1883eb0) > > > - at ../source4/dsdb/samdb/ldb_modules/repl_meta_data.c:3802 > > > - ar =3D 0x2af6d74c0b40 > > > - #17 0x00002af6b1df7ca2 in ldb_module_done (req=3D0x2af6d05a21e0, > > > - ctrls=3D0x2af6d1629aa0, response=3D0x0, error=3D0) > > > - at ../lib/ldb/common/ldb_modules.c:832 > > > - ares =3D 0x2af6b1883eb0 > > > - #18 0x00002af6ca3c8b6a in partition_req_callback (req=3D0x2af6d087= a1e0, > > > - ares=3D0x2af6d05a1fa0) at ../source4/dsdb/samdb/ldb_modules/pa= rtition.c:213 > > > - ac =3D 0x2af6d0949370 > > > - module =3D 0x2af6cd27bf12 > > > - nreq =3D 0x2af6d05b67b0 > > > - ret =3D 0 > > > - partition_ctrl =3D 0x2af6d0d71740 > > > - #19 0x00002af6cd2752ab in ltdb_request_done (ctx=3D0x2af6d1cd7ed0,= error=3D0) > > > - at ../lib/ldb/ldb_tdb/ldb_tdb.c:1280 > > > - ldb =3D 0x2af6b17f2470 > > > - req =3D 0x2af6d087a1e0 > > > - ares =3D 0x2af6d05a1fa0 > > > - #20 0x00002af6cd275597 in ltdb_callback (ev=3D0x2af6b17ef8c0, > > > - te=3D0x2af6d17f75d0, t=3D..., private_data=3D0x2af6d1cd7ed0) > > > - at ../lib/ldb/ldb_tdb/ldb_tdb.c:1390 > > > - ctx =3D 0x2af6d1cd7ed0 > > > - ret =3D 0 > > > - #21 0x00002af6b3343259 in tevent_common_loop_timer_delay (ev=3D0x2= af6b17ef8c0) > > > - at ../lib/tevent/tevent_timed.c:341 > > > - current_time =3D {tv_sec =3D 0, tv_usec =3D 0} > > > - te =3D 0x2af6d17f75d0 > > > - #22 0x00002af6b334558a in epoll_event_loop_once (ev=3D0x2af6b17ef8= c0, > > > - location=3D0x2af6b1e1eef8 "../lib/ldb/common/ldb.c:621") > > > - at ../lib/tevent/tevent_epoll.c:912 > > > - epoll_ev =3D 0x2af6b17efb00 > > > - tval =3D {tv_sec =3D 47239056876603, tv_usec =3D 472390282= 10096} > > > - panic_triggered =3D false > > > - #23 0x00002af6b3342363 in std_event_loop_once (ev=3D0x2af6b17ef8c0, > > > - location=3D0x2af6b1e1eef8 "../lib/ldb/common/ldb.c:621") > > > - at ../lib/tevent/tevent_standard.c:112 > > > - glue_ptr =3D 0x2af6b17ef9b0 > > > - glue =3D 0x2af6b17ef9b0 > > > - ret =3D 10998 > > > - #24 0x00002af6b333c799 in _tevent_loop_once (ev=3D0x2af6b17ef8c0, > > > - location=3D0x2af6b1e1eef8 "../lib/ldb/common/ldb.c:621") > > > - at ../lib/tevent/tevent.c:530 > > > - ret =3D 0 > > > - nesting_stack_ptr =3D 0x0 > > > - #25 0x00002af6b1e154c4 in ldb_wait (handle=3D0x2af6d67624c0, type= =3DLDB_WAIT_ALL) > > > - at ../lib/ldb/common/ldb.c:621 > > > - ev =3D 0x2af6b17ef8c0 > > > - ret =3D 0 > > > - #26 0x00002af6b1e1786b in ldb_extended (ldb=3D0x2af6b17f2470, > > > - oid=3D0x2af6b4c4f9ce "1.3.6.1.4.1.7165.4.4.1", data=3D0x2af6d0= e2bc60, > > > - _res=3D0x7fff67c78240) at ../lib/ldb/common/ldb.c:1506 > > > - req =3D 0x2af6d0c45a00 > > > - ret =3D 0 > > > - res =3D 0x2af6d69238f0 > > > - #27 0x00002af6b4c4a0d6 in dsdb_replicated_objects_commit (ldb=3D0x= 2af6b17f2470, > > > - working_schema=3D0x0, objects=3D0x2af6d0e2bc60, notify_uSN=3D0= x2af6d14a65f0) > > > - at ../source4/dsdb/repl/replicated_objects.c:773 > > > - werr =3D {w =3D 0} > > > - ext_res =3D 0x0 > > > - cur_schema =3D 0x0 > > > - new_schema =3D 0x0 > > > - ret =3D 0 > > > - seq_num1 =3D 5554 > > > - seq_num2 =3D 47239626746464 > > > - used_global_schema =3D false > > > - tmp_ctx =3D 0x2af6d03c5860 > > > - __FUNCTION__ =3D "dsdb_replicated_objects_commit" > > > - #28 0x00002af6c1c6babb in dreplsrv_op_pull_source_apply_changes_tr= igger ( > > > - req=3D0x2af6d17daed0, r=3D0x2af6d17db0d0, ctr_level=3D6, ctr1= =3D0x0, > > > - ctr6=3D0x2af6d1b02bb0) at ../source4/dsdb/repl/drepl_out_helpe= rs.c:717 > > > - state =3D 0x2af6d17db050 > > > - rf1 =3D {blobsize =3D 274, consecutive_sync_failures =3D 0, > > > - last_success =3D 130323684670000000, > > > - last_attempt =3D 130323687610000000, result_last_attempt= =3D {w =3D 0}, > > > - other_info =3D 0x2af6d0949910, other_info_length =3D 66, > > > - replica_flags =3D 112, schedule =3D '\021' , > > > - reserved =3D 0, highwatermark =3D {tmp_highest_usn =3D 1= 2398, > > > - reserved_usn =3D 0, highest_usn =3D 12398}, source_dsa= _obj_guid =3D { > > > - time_low =3D 984092159, time_mid =3D 850, > > > - time_hi_and_version =3D 18870, clock_seq =3D "\251X", > > > - node =3D "UF\324\223\205\241"}, source_dsa_invocation_= id =3D { > > > - time_low =3D 1460694408, time_mid =3D 52035, > > > - time_hi_and_version =3D 18738, clock_seq =3D "\204}", > > > - node =3D "\264\365\276\372\256\303"}, transport_guid = =3D { > > > - time_low =3D 0, time_mid =3D 0, time_hi_and_version = =3D 0, > > > - clock_seq =3D "\000", node =3D "\000\000\000\000\000"}} > > > - service =3D 0x2af6d0ff6b00 > > > - partition =3D 0x2af6d0b6f220 > > > - drsuapi =3D 0x2af6d1c8d480 > > > - schema =3D 0x2af6d05e5570 > > > - working_schema =3D 0x0 > > > - mapping_ctr =3D 0x2af6d1b02c10 > > > - object_count =3D 50 > > > - first_object =3D 0x2af6d0571800 > > > - linked_attributes_count =3D 0 > > > - linked_attributes =3D 0x2af6d5212140 > > > - uptodateness_vector =3D 0x2af6d1a741c0 > > > - objects =3D 0x2af6d0e2bc60 > > > - more_data =3D false > > > - status =3D {w =3D 0} > > > - nt_status =3D {v =3D 3006553120} > > > - dsdb_repl_flags =3D 0 > > > - __FUNCTION__ =3D "dreplsrv_op_pull_source_apply_changes_tr= igger" > > > - #29 0x00002af6c1c6b3e7 in dreplsrv_op_pull_source_get_changes_done= ( > > > - subreq=3D0x0) at ../source4/dsdb/repl/drepl_out_helpers.c:599 > > > - req =3D 0x2af6d17daed0 > > > - state =3D 0x2af6d17db050 > > > - status =3D {v =3D 0} > > > - r =3D 0x2af6d17db0d0 > > > - ctr_level =3D 6 > > > - ctr1 =3D 0x0 > > > - ctr6 =3D 0x2af6d1b02bb0 > > > - extended_ret =3D DRSUAPI_EXOP_ERR_NONE > > > - #30 0x00002af6b333e2f8 in _tevent_req_notify_callback (req=3D0x2af= 6d1a73f70, > > > - location=3D0x2af6c1c7d5f8 "default/librpc/gen_ndr/ndr_drsuapi_= c.c:712") > > > - at ../lib/tevent/tevent_req.c:102 > > > - No locals. > > > - #31 0x00002af6b333e34d in tevent_req_finish (req=3D0x2af6d1a73f70, > > > - state=3DTEVENT_REQ_DONE, > > > - location=3D0x2af6c1c7d5f8 "default/librpc/gen_ndr/ndr_drsuapi_= c.c:712") > > > - at ../lib/tevent/tevent_req.c:117 > > > - No locals. > > > - #32 0x00002af6b333e374 in _tevent_req_done (req=3D0x2af6d1a73f70, > > > - location=3D0x2af6c1c7d5f8 "default/librpc/gen_ndr/ndr_drsuapi_= c.c:712") > > > - at ../lib/tevent/tevent_req.c:123 > > > - No locals. > > > - #33 0x00002af6c1c708df in dcerpc_drsuapi_DsGetNCChanges_r_done ( > > > - subreq=3D0x2af6d122f4c0) at default/librpc/gen_ndr/ndr_drsuapi= _c.c:712 > > > - req =3D 0x2af6d1a73f70 > > > - status =3D {v =3D 0} > > > - #34 0x00002af6b333e2f8 in _tevent_req_notify_callback (req=3D0x2af= 6d122f4c0, > > > - location=3D0x2af6b575b688 "../librpc/rpc/binding_handle.c:517") > > > - at ../lib/tevent/tevent_req.c:102 > > > - No locals. > > > - #35 0x00002af6b333e34d in tevent_req_finish (req=3D0x2af6d122f4c0, > > > - state=3DTEVENT_REQ_DONE, > > > - location=3D0x2af6b575b688 "../librpc/rpc/binding_handle.c:517") > > > - at ../lib/tevent/tevent_req.c:117 > > > - No locals. > > > - #36 0x00002af6b333e374 in _tevent_req_done (req=3D0x2af6d122f4c0, > > > - location=3D0x2af6b575b688 "../librpc/rpc/binding_handle.c:517") > > > - at ../lib/tevent/tevent_req.c:123 > > > - No locals. > > > - #37 0x00002af6b5757ede in dcerpc_binding_handle_call_done (subreq= =3D0x0) > > > - at ../librpc/rpc/binding_handle.c:517 > > > - req =3D 0x2af6d122f4c0 > > > - state =3D 0x2af6d122f640 > > > - h =3D 0x2af6d0959d10 > > > - error =3D {v =3D 0} > > > - out_flags =3D 0 > > > - ndr_err =3D NDR_ERR_SUCCESS > > > - #38 0x00002af6b333e2f8 in _tevent_req_notify_callback (req=3D0x2af= 6d522f7a0, > > > - location=3D0x2af6b575b1d0 "../librpc/rpc/binding_handle.c:188") > > > - at ../lib/tevent/tevent_req.c:102 > > > - No locals. > > > - #39 0x00002af6b333e34d in tevent_req_finish (req=3D0x2af6d522f7a0, > > > - state=3DTEVENT_REQ_DONE, > > > - location=3D0x2af6b575b1d0 "../librpc/rpc/binding_handle.c:188") > > > - at ../lib/tevent/tevent_req.c:117 > > > - No locals. > > > - #40 0x00002af6b333e374 in _tevent_req_done (req=3D0x2af6d522f7a0, > > > - location=3D0x2af6b575b1d0 "../librpc/rpc/binding_handle.c:188") > > > - at ../lib/tevent/tevent_req.c:123 > > > - No locals. > > > - #41 0x00002af6b5757398 in dcerpc_binding_handle_raw_call_done (sub= req=3D0x0) > > > - at ../librpc/rpc/binding_handle.c:188 > > > - req =3D 0x2af6d522f7a0 > > > - state =3D 0x2af6d522f920 > > > - error =3D {v =3D 0} > > > - #42 0x00002af6b333e2f8 in _tevent_req_notify_callback (req=3D0x2af= 6d0712430, > > > - location=3D0x2af6b44b8810 "../source4/librpc/rpc/dcerpc.c:322") > > > - at ../lib/tevent/tevent_req.c:102 > > > - No locals. > > > - #43 0x00002af6b333e34d in tevent_req_finish (req=3D0x2af6d0712430, > > > - state=3DTEVENT_REQ_DONE, > > > - location=3D0x2af6b44b8810 "../source4/librpc/rpc/dcerpc.c:322") > > > - at ../lib/tevent/tevent_req.c:117 > > > - No locals. > > > - #44 0x00002af6b333e472 in tevent_req_trigger (ev=3D0x2af6b17ef8c0, > > > - im=3D0x2af6d0712500, private_data=3D0x2af6d0712430) > > > - at ../lib/tevent/tevent_req.c:174 > > > - req =3D 0x2af6d0712430 > > > - #45 0x00002af6b333d6d4 in tevent_common_loop_immediate (ev=3D0x2af= 6b17ef8c0) > > > - at ../lib/tevent/tevent_immediate.c:135 > > > - im =3D 0x2af6d0712500 > > > - handler =3D 0x2af6b333e423 > > > - private_data =3D 0x2af6d0712430 > > > - #46 0x00002af6b3345570 in epoll_event_loop_once (ev=3D0x2af6b17ef8= c0, > > > - location=3D0x2af6b15a7b9f "../source4/smbd/server.c:503") > > > - at ../lib/tevent/tevent_epoll.c:907 > > > - epoll_ev =3D 0x2af6b17efb00 > > > - tval =3D {tv_sec =3D 47239056876603, tv_usec =3D 472390282= 10096} > > > - panic_triggered =3D false > > > - #47 0x00002af6b3342363 in std_event_loop_once (ev=3D0x2af6b17ef8c0, > > > - location=3D0x2af6b15a7b9f "../source4/smbd/server.c:503") > > > - at ../lib/tevent/tevent_standard.c:112 > > > - glue_ptr =3D 0x2af6b17ef9b0 > > > - glue =3D 0x2af6b17ef9b0 > > > - ret =3D 10998 > > > - #48 0x00002af6b333c799 in _tevent_loop_once (ev=3D0x2af6b17ef8c0, > > > - location=3D0x2af6b15a7b9f "../source4/smbd/server.c:503") > > > - at ../lib/tevent/tevent.c:530 > > > - ret =3D 0 > > > - nesting_stack_ptr =3D 0x0 > > > - #49 0x00002af6b333ca11 in tevent_common_loop_wait (ev=3D0x2af6b17e= f8c0, > > > - location=3D0x2af6b15a7b9f "../source4/smbd/server.c:503") > > > - at ../lib/tevent/tevent.c:634 > > > - ret =3D 0 > > > - #50 0x00002af6b3342405 in std_event_loop_wait (ev=3D0x2af6b17ef8c0, > > > - location=3D0x2af6b15a7b9f "../source4/smbd/server.c:503") > > > - at ../lib/tevent/tevent_standard.c:138 > > > - glue_ptr =3D 0x2af6b17ef9b0 > > > - glue =3D 0x2af6b17ef9b0 > > > - ret =3D 10998 > > > - #51 0x00002af6b333cadc in _tevent_loop_wait (ev=3D0x2af6b17ef8c0, > > > - location=3D0x2af6b15a7b9f "../source4/smbd/server.c:503") > > > - at ../lib/tevent/tevent.c:653 > > > - No locals. > > > - #52 0x00002af6b15a37bc in binary_smbd_main ( > > > - binary_name=3D0x2af6b15a737b "samba", argc=3D6, argv=3D0x7fff6= 7c78de8) > > > - at ../source4/smbd/server.c:503 > > > - opt_daemon =3D false > > > - opt_interactive =3D true > > > - opt =3D -1 > > > - pc =3D 0x2af6b17d5040 > > > - static_init =3D {0x2af6b2ac7d8c , > > > - 0x2af6b2aca9e7 , 0} > > > - shared_init =3D 0x2af6b18143b0 > > > - event_ctx =3D 0x2af6b17ef8c0 > > > - stdin_event_flags =3D 1 > > > - status =3D {v =3D 0} > > > - model =3D 0x2af6b17d5b90 "single" > > > - max_runtime =3D 7500 > > > - > > > -Autobuild-User(master): Andrew Bartlett > > > -Autobuild-Date(master): Mon Jan 6 01:16:13 CET 2014 on sn-devel-104 > > > -(cherry picked from commit 056008df62cb66090b3e30cb09c0edacfbdb5720) > > > ---- > > > - source4/selftest/tests.py | 6 ++++-- > > > - 1 file changed, 4 insertions(+), 2 deletions(-) > > > - > > > -diff --git a/source4/selftest/tests.py b/source4/selftest/tests.py > > > -index c3a33c7..9567a8e 100755 > > > ---- a/source4/selftest/tests.py > > > -+++ b/source4/selftest/tests.py > > > -@@ -309,8 +309,6 @@ plantestsuite("samba4.blackbox.locktest(dc)", "d= c", [os.path.join(samba4srcdir, > > > - plantestsuite("samba4.blackbox.masktest", "dc", [os.path.join(samba= 4srcdir, "torture/tests/test_masktest.sh"), '$SERVER', '$USERNAME', '$PASSW= ORD', '$DOMAIN', '$PREFIX']) > > > - plantestsuite("samba4.blackbox.gentest(dc)", "dc", [os.path.join(sa= mba4srcdir, "torture/tests/test_gentest.sh"), '$SERVER', '$USERNAME', '$PAS= SWORD', '$DOMAIN', "$PREFIX"]) > > > - plantestsuite("samba4.blackbox.rfc2307_mapping(dc:local)", "dc:loca= l", [os.path.join(samba4srcdir, "../nsswitch/tests/test_rfc2307_mapping.sh"= ), '$DOMAIN', '$USERNAME', '$PASSWORD', "$SERVER", "$UID_RFC2307TEST", "$GI= D_RFC2307TEST", configuration]) > > > --for env in ["dc", "s4member", "rodc", "promoted_dc"]: > > > -- plantestsuite("samba4.blackbox.wbinfo(%s:local)" % env, "%s:loc= al" % env, [os.path.join(samba4srcdir, "../nsswitch/tests/test_wbinfo.sh"),= '$DOMAIN', '$DC_USERNAME', '$DC_PASSWORD', env]) > > > - plantestsuite("samba4.blackbox.chgdcpass", "chgdcpass", [os.path.jo= in(bbdir, "test_chgdcpass.sh"), '$SERVER', "CHGDCPASS\$", '$REALM', '$DOMAI= N', '$PREFIX', "aes256-cts-hmac-sha1-96", '$SELFTEST_PREFIX/chgdcpass', smb= client4]) > > > - plantestsuite("samba4.blackbox.samba_upgradedns(chgdcpass:local)", = "chgdcpass:local", [os.path.join(bbdir, "test_samba_upgradedns.sh"), '$SERV= ER', '$REALM', '$PREFIX', '$SELFTEST_PREFIX/chgdcpass']) > > > - plantestsuite_loadlist("samba4.rpc.echo against NetBIOS alias", "dc= ", [valgrindify(smbtorture4), "$LISTOPT", 'ncacn_np:$NETBIOSALIAS', '-U$DOM= AIN/$USERNAME%$PASSWORD', 'rpc.echo']) > > > -@@ -502,6 +500,10 @@ for env in ['vampire_dc', 'promoted_dc']: > > > - extra_args=3D['-U$DOMAIN/$DC_USERNAME%$D= C_PASSWORD']) > > > -=20 > > > - plantestsuite("samba4.blackbox.samba_tool_demote(%s)" % env, en= v, [os.path.join(samba4srcdir, "utils/tests/test_demote.sh"), '$SERVER', '$= SERVER_IP', '$USERNAME', '$PASSWORD', '$DOMAIN', '$DC_SERVER', '$PREFIX/%s'= % env, smbclient4]) > > > -+ > > > -+for env in ["dc", "s4member", "rodc", "promoted_dc"]: > > > -+ plantestsuite("samba4.blackbox.wbinfo(%s:local)" % env, "%s:loc= al" % env, [os.path.join(samba4srcdir, "../nsswitch/tests/test_wbinfo.sh"),= '$DOMAIN', '$DC_USERNAME', '$DC_PASSWORD', env]) > > > -+ > > > - # TODO: Verifying the databases really should be a part of the > > > - # environment teardown. > > > - # check the databases are all OK. PLEASE LEAVE THIS AS THE LAST TEST > > > ---=20 > > > -1.9.3 > > > - > > > - > > > -From 3e44e7485dbfea37cb84034c4d13c96059bd9687 Mon Sep 17 00:00:00 20= 01 > > > -From: Stefan Metzmacher > > > -Date: Fri, 3 Jan 2014 08:35:27 +0100 > > > -Subject: [PATCH 144/249] s4:librpc: always try to negotiate > > > - DCERPC_PFC_FLAG_SUPPORT_HEADER_SIGN > > > - > > > -If the gensec backend supports it there's no reason not sign the hea= der. > > > - > > > -Signed-off-by: Stefan Metzmacher > > > -Reviewed-by: Andrew Bartlett > > > -(cherry picked from commit 7db1dc13b0149441a2beebca65b75f6e11af13a3) > > > ---- > > > - librpc/rpc/binding.c | 1 - > > > - librpc/rpc/rpc_common.h | 5 ++++- > > > - source4/librpc/rpc/dcerpc.c | 12 ++---------- > > > - source4/librpc/rpc/dcerpc_auth.c | 14 ++++++++++---- > > > - 4 files changed, 16 insertions(+), 16 deletions(-) > > > - > > > -diff --git a/librpc/rpc/binding.c b/librpc/rpc/binding.c > > > -index 49651e8..52122cf 100644 > > > ---- a/librpc/rpc/binding.c > > > -+++ b/librpc/rpc/binding.c > > > -@@ -88,7 +88,6 @@ static const struct { > > > - {"padcheck", DCERPC_DEBUG_PAD_CHECK}, > > > - {"bigendian", DCERPC_PUSH_BIGENDIAN}, > > > - {"smb2", DCERPC_SMB2}, > > > -- {"hdrsign", DCERPC_HEADER_SIGNING}, > > > - {"ndr64", DCERPC_NDR64}, > > > - {"localaddress", DCERPC_LOCALADDRESS} > > > - }; > > > -diff --git a/librpc/rpc/rpc_common.h b/librpc/rpc/rpc_common.h > > > -index 978229e..93d3bb4 100644 > > > ---- a/librpc/rpc/rpc_common.h > > > -+++ b/librpc/rpc/rpc_common.h > > > -@@ -98,7 +98,7 @@ struct dcerpc_binding { > > > - /* this triggers the DCERPC_PFC_FLAG_CONC_MPX flag in the bind requ= est */ > > > - #define DCERPC_CONCURRENT_MULTIPLEX (1<<19) > > > -=20 > > > --/* this triggers the DCERPC_PFC_FLAG_SUPPORT_HEADER_SIGN flag in th= e bind request */ > > > -+/* this indicates DCERPC_PFC_FLAG_SUPPORT_HEADER_SIGN flag was nego= tiated */ > > > - #define DCERPC_HEADER_SIGNING (1<<20) > > > -=20 > > > - /* use NDR64 transport */ > > > -@@ -113,6 +113,9 @@ struct dcerpc_binding { > > > - /* use aes schannel with hmac-sh256 session key */ > > > - #define DCERPC_SCHANNEL_AES (1<<24) > > > -=20 > > > -+/* this triggers the DCERPC_PFC_FLAG_SUPPORT_HEADER_SIGN flag in th= e bind request */ > > > -+#define DCERPC_PROPOSE_HEADER_SIGNING (1<<25) > > > -+ > > > - /* The following definitions come from ../librpc/rpc/dcerpc_error.c= */ > > > -=20 > > > - const char *dcerpc_errstr(TALLOC_CTX *mem_ctx, uint32_t fault_code); > > > -diff --git a/source4/librpc/rpc/dcerpc.c b/source4/librpc/rpc/dcerpc= =2Ec > > > -index 56b821e..2f6c8dd 100644 > > > ---- a/source4/librpc/rpc/dcerpc.c > > > -+++ b/source4/librpc/rpc/dcerpc.c > > > -@@ -1162,7 +1162,7 @@ struct tevent_req *dcerpc_bind_send(TALLOC_CTX= *mem_ctx, > > > - pkt.pfc_flags |=3D DCERPC_PFC_FLAG_CONC_MPX; > > > - } > > > -=20 > > > -- if (p->binding->flags & DCERPC_HEADER_SIGNING) { > > > -+ if (p->conn->flags & DCERPC_PROPOSE_HEADER_SIGNING) { > > > - pkt.pfc_flags |=3D DCERPC_PFC_FLAG_SUPPORT_HEADER_SIGN; > > > - } > > > -=20 > > > -@@ -1304,7 +1304,7 @@ static void dcerpc_bind_recv_handler(struct rp= c_request *subreq, > > > - conn->flags |=3D DCERPC_CONCURRENT_MULTIPLEX; > > > - } > > > -=20 > > > -- if ((state->p->binding->flags & DCERPC_HEADER_SIGNING) && > > > -+ if ((conn->flags & DCERPC_PROPOSE_HEADER_SIGNING) && > > > - (pkt->pfc_flags & DCERPC_PFC_FLAG_SUPPORT_HEADER_SIGN)) { > > > - conn->flags |=3D DCERPC_HEADER_SIGNING; > > > - } > > > -@@ -1352,10 +1352,6 @@ NTSTATUS dcerpc_auth3(struct dcerpc_pipe *p, > > > - pkt.pfc_flags |=3D DCERPC_PFC_FLAG_CONC_MPX; > > > - } > > > -=20 > > > -- if (p->binding->flags & DCERPC_HEADER_SIGNING) { > > > -- pkt.pfc_flags |=3D DCERPC_PFC_FLAG_SUPPORT_HEADER_SIGN; > > > -- } > > > -- > > > - /* construct the NDR form of the packet */ > > > - status =3D ncacn_push_auth(&blob, mem_ctx, > > > - &pkt, > > > -@@ -2046,10 +2042,6 @@ struct tevent_req *dcerpc_alter_context_send(= TALLOC_CTX *mem_ctx, > > > - pkt.pfc_flags |=3D DCERPC_PFC_FLAG_CONC_MPX; > > > - } > > > -=20 > > > -- if (p->binding->flags & DCERPC_HEADER_SIGNING) { > > > -- pkt.pfc_flags |=3D DCERPC_PFC_FLAG_SUPPORT_HEADER_SIGN; > > > -- } > > > -- > > > - pkt.u.alter.max_xmit_frag =3D 5840; > > > - pkt.u.alter.max_recv_frag =3D 5840; > > > - pkt.u.alter.assoc_group_id =3D p->binding->assoc_group_id; > > > -diff --git a/source4/librpc/rpc/dcerpc_auth.c b/source4/librpc/rpc/d= cerpc_auth.c > > > -index d5e5620..9a5d04d 100644 > > > ---- a/source4/librpc/rpc/dcerpc_auth.c > > > -+++ b/source4/librpc/rpc/dcerpc_auth.c > > > -@@ -173,10 +173,6 @@ static void bind_auth_next_step(struct composit= e_context *c) > > > -=20 > > > - if (!composite_is_ok(c)) return; > > > -=20 > > > -- if (state->pipe->conn->flags & DCERPC_HEADER_SIGNING) { > > > -- gensec_want_feature(sec->generic_state, GENSEC_FEATURE_SIGN_PKT_H= EADER); > > > -- } > > > -- > > > - if (state->credentials.length =3D=3D 0) { > > > - composite_done(c); > > > - return; > > > -@@ -234,6 +230,12 @@ static void bind_auth_recv_bindreply(struct tev= ent_req *subreq) > > > - TALLOC_FREE(subreq); > > > - if (!composite_is_ok(c)) return; > > > -=20 > > > -+ if (state->pipe->conn->flags & DCERPC_HEADER_SIGNING) { > > > -+ struct dcecli_security *sec =3D &state->pipe->conn->security_stat= e; > > > -+ > > > -+ gensec_want_feature(sec->generic_state, GENSEC_FEATURE_SIGN_PKT_H= EADER); > > > -+ } > > > -+ > > > - if (!state->more_processing) { > > > - /* The first gensec_update has not requested a second run, so > > > - * we're done here. */ > > > -@@ -395,6 +397,10 @@ struct composite_context *dcerpc_bind_auth_send= (TALLOC_CTX *mem_ctx, > > > -=20 > > > - sec->auth_info->credentials =3D state->credentials; > > > -=20 > > > -+ if (gensec_have_feature(sec->generic_state, GENSEC_FEATURE_SIGN_PK= T_HEADER)) { > > > -+ state->pipe->conn->flags |=3D DCERPC_PROPOSE_HEADER_SIGNING; > > > -+ } > > > -+ > > > - /* The first request always is a dcerpc_bind. The subsequent ones > > > - * depend on gensec results */ > > > - subreq =3D dcerpc_bind_send(state, p->conn->event_ctx, p, > > > ---=20 > > > -1.9.3 > > > - > > > - > > > -From 6bdc135a63647fbbc31c7b2e673396231541641d Mon Sep 17 00:00:00 20= 01 > > > -From: Stefan Metzmacher > > > -Date: Fri, 3 Jan 2014 08:39:12 +0100 > > > -Subject: [PATCH 145/249] s4:rpc_server: support > > > - DCERPC_PFC_FLAG_SUPPORT_HEADER_SIGN by default > > > - > > > -If the gensec backend supports it there's no reason to disable it. > > > - > > > -Signed-off-by: Stefan Metzmacher > > > -Reviewed-by: Andrew Bartlett > > > -(cherry picked from commit 661fe3cf890b91f8750872b0f5a09da536f76ae2) > > > ---- > > > - source4/rpc_server/dcerpc_server.c | 6 ------ > > > - source4/rpc_server/dcesrv_auth.c | 37 +++++++++++++++++++++++++++= +++++----- > > > - 2 files changed, 32 insertions(+), 11 deletions(-) > > > - > > > -diff --git a/source4/rpc_server/dcerpc_server.c b/source4/rpc_server= /dcerpc_server.c > > > -index ad53685..3b35703 100644 > > > ---- a/source4/rpc_server/dcerpc_server.c > > > -+++ b/source4/rpc_server/dcerpc_server.c > > > -@@ -610,12 +610,6 @@ static NTSTATUS dcesrv_bind(struct dcesrv_call_= state *call) > > > - call->conn->cli_max_recv_frag =3D MIN(0x2000, call->pkt.u.bind.ma= x_recv_frag); > > > - } > > > -=20 > > > -- if ((call->pkt.pfc_flags & DCERPC_PFC_FLAG_SUPPORT_HEADER_SIGN) && > > > -- lpcfg_parm_bool(call->conn->dce_ctx->lp_ctx, NULL, "dcesrv","h= eader signing", false)) { > > > -- call->conn->state_flags |=3D DCESRV_CALL_STATE_FLAG_HEADER_SIGNIN= G; > > > -- extra_flags |=3D DCERPC_PFC_FLAG_SUPPORT_HEADER_SIGN; > > > -- } > > > -- > > > - /* handle any authentication that is being requested */ > > > - if (!dcesrv_auth_bind(call)) { > > > - talloc_free(call->context); > > > -diff --git a/source4/rpc_server/dcesrv_auth.c b/source4/rpc_server/d= cesrv_auth.c > > > -index c891cc6..152715b 100644 > > > ---- a/source4/rpc_server/dcesrv_auth.c > > > -+++ b/source4/rpc_server/dcesrv_auth.c > > > -@@ -92,10 +92,6 @@ bool dcesrv_auth_bind(struct dcesrv_call_state *c= all) > > > - return false; > > > - } > > > -=20 > > > -- if (call->conn->state_flags & DCESRV_CALL_STATE_FLAG_HEADER_SIGNIN= G) { > > > -- gensec_want_feature(auth->gensec_security, GENSEC_FEATURE_SIGN_PK= T_HEADER); > > > -- } > > > -- > > > - return true; > > > - } > > > -=20 > > > -@@ -107,11 +103,20 @@ NTSTATUS dcesrv_auth_bind_ack(struct dcesrv_ca= ll_state *call, struct ncacn_packe > > > - { > > > - struct dcesrv_connection *dce_conn =3D call->conn; > > > - NTSTATUS status; > > > -+ bool want_header_signing =3D false; > > > -=20 > > > - if (!call->conn->auth_state.gensec_security) { > > > - return NT_STATUS_OK; > > > - } > > > -=20 > > > -+ if (call->pkt.pfc_flags & DCERPC_PFC_FLAG_SUPPORT_HEADER_SIGN) { > > > -+ want_header_signing =3D true; > > > -+ } > > > -+ > > > -+ if (!lpcfg_parm_bool(call->conn->dce_ctx->lp_ctx, NULL, "dcesrv","= header signing", true)) { > > > -+ want_header_signing =3D false; > > > -+ } > > > -+ > > > - status =3D gensec_update(dce_conn->auth_state.gensec_security, > > > - call, call->event_ctx, > > > - dce_conn->auth_state.auth_info->credentials,=20 > > > -@@ -126,9 +131,17 @@ NTSTATUS dcesrv_auth_bind_ack(struct dcesrv_cal= l_state *call, struct ncacn_packe > > > - return status; > > > - } > > > -=20 > > > -- if (dce_conn->state_flags & DCESRV_CALL_STATE_FLAG_HEADER_SIGNING= ) { > > > -+ if (!gensec_have_feature(dce_conn->auth_state.gensec_security, > > > -+ GENSEC_FEATURE_SIGN_PKT_HEADER)) > > > -+ { > > > -+ want_header_signing =3D false; > > > -+ } > > > -+ > > > -+ if (want_header_signing) { > > > - gensec_want_feature(dce_conn->auth_state.gensec_security, > > > - GENSEC_FEATURE_SIGN_PKT_HEADER); > > > -+ call->conn->state_flags |=3D DCESRV_CALL_STATE_FLAG_HEADER_SIGNI= NG; > > > -+ pkt->pfc_flags |=3D DCERPC_PFC_FLAG_SUPPORT_HEADER_SIGN; > > > - } > > > -=20 > > > - /* Now that we are authenticated, go back to the generic session = key... */ > > > -@@ -137,6 +150,20 @@ NTSTATUS dcesrv_auth_bind_ack(struct dcesrv_cal= l_state *call, struct ncacn_packe > > > - } else if (NT_STATUS_EQUAL(status, NT_STATUS_MORE_PROCESSING_REQUI= RED)) { > > > - dce_conn->auth_state.auth_info->auth_pad_length =3D 0; > > > - dce_conn->auth_state.auth_info->auth_reserved =3D 0; > > > -+ > > > -+ if (!gensec_have_feature(dce_conn->auth_state.gensec_security, > > > -+ GENSEC_FEATURE_SIGN_PKT_HEADER)) > > > -+ { > > > -+ want_header_signing =3D false; > > > -+ } > > > -+ > > > -+ if (want_header_signing) { > > > -+ gensec_want_feature(dce_conn->auth_state.gensec_security, > > > -+ GENSEC_FEATURE_SIGN_PKT_HEADER); > > > -+ call->conn->state_flags |=3D DCESRV_CALL_STATE_FLAG_HEADER_SIGNI= NG; > > > -+ pkt->pfc_flags |=3D DCERPC_PFC_FLAG_SUPPORT_HEADER_SIGN; > > > -+ } > > > -+ > > > - return NT_STATUS_OK; > > > - } else { > > > - DEBUG(4, ("GENSEC mech rejected the incoming authentication at bi= nd_ack: %s\n", > > > ---=20 > > > -1.9.3 > > > - > > > - > > > -From 868676160bb3bcfb4145a5c4b47fbb513c0bfac4 Mon Sep 17 00:00:00 20= 01 > > > -From: Stefan Metzmacher > > > -Date: Tue, 31 Dec 2013 09:53:55 +0100 > > > -Subject: [PATCH 146/249] auth/ntlmssp: GENSEC_FEATURE_SIGN_PKT_HEADE= R is > > > - always supported > > > - > > > -Signed-off-by: Stefan Metzmacher > > > -Reviewed-by: Andrew Bartlett > > > -(cherry picked from commit 64fc015a85f9b5ed74f3dabe05dbdff185093278) > > > ---- > > > - auth/ntlmssp/gensec_ntlmssp.c | 4 ++++ > > > - 1 file changed, 4 insertions(+) > > > - > > > -diff --git a/auth/ntlmssp/gensec_ntlmssp.c b/auth/ntlmssp/gensec_ntl= mssp.c > > > -index 654c0e3..5672589 100644 > > > ---- a/auth/ntlmssp/gensec_ntlmssp.c > > > -+++ b/auth/ntlmssp/gensec_ntlmssp.c > > > -@@ -102,6 +102,10 @@ bool gensec_ntlmssp_have_feature(struct gensec_= security *gensec_security, > > > - return true; > > > - } > > > - } > > > -+ if (feature & GENSEC_FEATURE_SIGN_PKT_HEADER) { > > > -+ return true; > > > -+ } > > > -+ > > > - return false; > > > - } > > > -=20 > > > ---=20 > > > -1.9.3 > > > - > > > - > > > -From e486316c74d3781413e66e451b51737fc194bdc2 Mon Sep 17 00:00:00 20= 01 > > > -From: Stefan Metzmacher > > > -Date: Tue, 31 Dec 2013 09:54:54 +0100 > > > -Subject: [PATCH 147/249] s4:auth/gensec_gssapi: handle > > > - GENSEC_FEATURE_SIGN_PKT_HEADER in have_feature() > > > - > > > -Signed-off-by: Stefan Metzmacher > > > -Reviewed-by: Andrew Bartlett > > > -(cherry picked from commit 14f6c41754960d73f46aca1bade2266b7e934d03) > > > ---- > > > - source4/auth/gensec/gensec_gssapi.c | 12 ++++++++++++ > > > - 1 file changed, 12 insertions(+) > > > - > > > -diff --git a/source4/auth/gensec/gensec_gssapi.c b/source4/auth/gens= ec/gensec_gssapi.c > > > -index 63a53bf..ffdefcf 100644 > > > ---- a/source4/auth/gensec/gensec_gssapi.c > > > -+++ b/source4/auth/gensec/gensec_gssapi.c > > > -@@ -1275,6 +1275,18 @@ static bool gensec_gssapi_have_feature(struct= gensec_security *gensec_security, > > > - if (feature & GENSEC_FEATURE_ASYNC_REPLIES) { > > > - return true; > > > - } > > > -+ if (feature & GENSEC_FEATURE_SIGN_PKT_HEADER) { > > > -+ if (gensec_security->want_features & GENSEC_FEATURE_SEAL) { > > > -+ /* TODO: implement this using gss_wrap_iov() */ > > > -+ return false; > > > -+ } > > > -+ > > > -+ if (gensec_security->want_features & GENSEC_FEATURE_SIGN) { > > > -+ return true; > > > -+ } > > > -+ > > > -+ return false; > > > -+ } > > > - return false; > > > - } > > > -=20 > > > ---=20 > > > -1.9.3 > > > - > > > - > > > -From fa8d0a7726240f8fc6648424d9724bcd65949bfd Mon Sep 17 00:00:00 20= 01 > > > -From: Stefan Metzmacher > > > -Date: Fri, 3 Jan 2014 15:30:46 +0100 > > > -Subject: [PATCH 148/249] s4:gensec_gssapi: make sure > > > - gensec_gssapi_[un]seal_packet() rejects header signing > > > - > > > -If header signing is requested we should error out instead of > > > -silently ignoring it, our peer would hopefully reject it, > > > -but we should also do that. > > > - > > > -TODO: we should implement header signing using gss_wrap_iov(). > > > - > > > -Signed-off-by: Stefan Metzmacher > > > -Reviewed-by: Andrew Bartlett > > > -(cherry picked from commit 54b5b3067f5b7a0eb6dd9f1326c903f9fe4a5592) > > > ---- > > > - source4/auth/gensec/gensec_gssapi.c | 12 ++++++++++++ > > > - 1 file changed, 12 insertions(+) > > > - > > > -diff --git a/source4/auth/gensec/gensec_gssapi.c b/source4/auth/gens= ec/gensec_gssapi.c > > > -index ffdefcf..b8f007d 100644 > > > ---- a/source4/auth/gensec/gensec_gssapi.c > > > -+++ b/source4/auth/gensec/gensec_gssapi.c > > > -@@ -1028,6 +1028,12 @@ static NTSTATUS gensec_gssapi_seal_packet(str= uct gensec_security *gensec_securit > > > - int conf_state; > > > - ssize_t sig_length; > > > -=20 > > > -+ if (gensec_security->want_features & GENSEC_FEATURE_SIGN_PKT_HEADE= R) { > > > -+ DEBUG(1, ("gensec_gssapi_seal_packet: " > > > -+ "GENSEC_FEATURE_SIGN_PKT_HEADER not supported\n")); > > > -+ return NT_STATUS_ACCESS_DENIED; > > > -+ } > > > -+ > > > - input_token.length =3D length; > > > - input_token.value =3D data; > > > - =09 > > > -@@ -1082,6 +1088,12 @@ static NTSTATUS gensec_gssapi_unseal_packet(s= truct gensec_security *gensec_secur > > > -=20 > > > - dump_data_pw("gensec_gssapi_unseal_packet: sig\n", sig->data, sig-= >length); > > > -=20 > > > -+ if (gensec_security->want_features & GENSEC_FEATURE_SIGN_PKT_HEADE= R) { > > > -+ DEBUG(1, ("gensec_gssapi_unseal_packet: " > > > -+ "GENSEC_FEATURE_SIGN_PKT_HEADER not supported\n")); > > > -+ return NT_STATUS_ACCESS_DENIED; > > > -+ } > > > -+ > > > - in =3D data_blob_talloc(gensec_security, NULL, sig->length + lengt= h); > > > -=20 > > > - memcpy(in.data, sig->data, sig->length); > > > ---=20 > > > -1.9.3 > > > - > > > - > > > -From 2b1f62e3d99047e2981dcdd32c6820346917dc04 Mon Sep 17 00:00:00 20= 01 > > > -From: Stefan Metzmacher > > > -Date: Tue, 31 Dec 2013 09:42:36 +0100 > > > -Subject: [PATCH 149/249] auth/gensec: move libcli/auth/schannel_sign= =2Ec into > > > - schannel.c > > > - > > > -Signed-off-by: Stefan Metzmacher > > > -Reviewed-by: Andrew Bartlett > > > -(cherry picked from commit 616cd009955b1722e6749019e2c1cac8bbb94e52) > > > ---- > > > - auth/gensec/schannel.c | 380 ++++++++++++++++++++++++++++++++= ++++++++ > > > - libcli/auth/schannel_proto.h | 14 -- > > > - libcli/auth/schannel_sign.c | 404 --------------------------------= ----------- > > > - libcli/auth/wscript_build | 2 +- > > > - 4 files changed, 381 insertions(+), 419 deletions(-) > > > - delete mode 100644 libcli/auth/schannel_sign.c > > > - > > > -diff --git a/auth/gensec/schannel.c b/auth/gensec/schannel.c > > > -index eb2e100..c60ab4f 100644 > > > ---- a/auth/gensec/schannel.c > > > -+++ b/auth/gensec/schannel.c > > > -@@ -31,6 +31,386 @@ > > > - #include "librpc/gen_ndr/dcerpc.h" > > > - #include "param/param.h" > > > - #include "auth/gensec/gensec_toplevel_proto.h" > > > -+#include "lib/crypto/crypto.h" > > > -+ > > > -+struct schannel_state { > > > -+ uint64_t seq_num; > > > -+ bool initiator; > > > -+ struct netlogon_creds_CredentialState *creds; > > > -+}; > > > -+ > > > -+#define SETUP_SEQNUM(state, buf, initiator) do { \ > > > -+ uint8_t *_buf =3D buf; \ > > > -+ uint32_t _seq_num_low =3D (state)->seq_num & UINT32_MAX; \ > > > -+ uint32_t _seq_num_high =3D (state)->seq_num >> 32; \ > > > -+ if (initiator) { \ > > > -+ _seq_num_high |=3D 0x80000000; \ > > > -+ } \ > > > -+ RSIVAL(_buf, 0, _seq_num_low); \ > > > -+ RSIVAL(_buf, 4, _seq_num_high); \ > > > -+} while(0) > > > -+ > > > -+static struct schannel_state *netsec_create_state(TALLOC_CTX *mem_c= tx, > > > -+ struct netlogon_creds_CredentialState *creds, > > > -+ bool initiator) > > > -+{ > > > -+ struct schannel_state *state; > > > -+ > > > -+ state =3D talloc(mem_ctx, struct schannel_state); > > > -+ if (state =3D=3D NULL) { > > > -+ return NULL; > > > -+ } > > > -+ > > > -+ state->initiator =3D initiator; > > > -+ state->seq_num =3D 0; > > > -+ state->creds =3D netlogon_creds_copy(state, creds); > > > -+ if (state->creds =3D=3D NULL) { > > > -+ talloc_free(state); > > > -+ return NULL; > > > -+ } > > > -+ > > > -+ return state; > > > -+} > > > -+ > > > -+static void netsec_offset_and_sizes(struct schannel_state *state, > > > -+ bool do_seal, > > > -+ uint32_t *_min_sig_size, > > > -+ uint32_t *_used_sig_size, > > > -+ uint32_t *_checksum_length, > > > -+ uint32_t *_confounder_ofs) > > > -+{ > > > -+ uint32_t min_sig_size; > > > -+ uint32_t used_sig_size; > > > -+ uint32_t checksum_length; > > > -+ uint32_t confounder_ofs; > > > -+ > > > -+ if (state->creds->negotiate_flags & NETLOGON_NEG_SUPPORTS_AES) { > > > -+ min_sig_size =3D 48; > > > -+ used_sig_size =3D 56; > > > -+ /* > > > -+ * Note: windows has a bug here and uses the old values... > > > -+ * > > > -+ * checksum_length =3D 32; > > > -+ * confounder_ofs =3D 48; > > > -+ */ > > > -+ checksum_length =3D 8; > > > -+ confounder_ofs =3D 24; > > > -+ } else { > > > -+ min_sig_size =3D 24; > > > -+ used_sig_size =3D 32; > > > -+ checksum_length =3D 8; > > > -+ confounder_ofs =3D 24; > > > -+ } > > > -+ > > > -+ if (do_seal) { > > > -+ min_sig_size +=3D 8; > > > -+ } > > > -+ > > > -+ if (_min_sig_size) { > > > -+ *_min_sig_size =3D min_sig_size; > > > -+ } > > > -+ > > > -+ if (_used_sig_size) { > > > -+ *_used_sig_size =3D used_sig_size; > > > -+ } > > > -+ > > > -+ if (_checksum_length) { > > > -+ *_checksum_length =3D checksum_length; > > > -+ } > > > -+ > > > -+ if (_confounder_ofs) { > > > -+ *_confounder_ofs =3D confounder_ofs; > > > -+ } > > > -+} > > > -+ > > > -+/******************************************************************* > > > -+ Encode or Decode the sequence number (which is symmetric) > > > -+ ******************************************************************= **/ > > > -+static void netsec_do_seq_num(struct schannel_state *state, > > > -+ const uint8_t *checksum, > > > -+ uint32_t checksum_length, > > > -+ uint8_t seq_num[8]) > > > -+{ > > > -+ if (state->creds->negotiate_flags & NETLOGON_NEG_SUPPORTS_AES) { > > > -+ AES_KEY key; > > > -+ uint8_t iv[AES_BLOCK_SIZE]; > > > -+ > > > -+ AES_set_encrypt_key(state->creds->session_key, 128, &key); > > > -+ ZERO_STRUCT(iv); > > > -+ memcpy(iv+0, checksum, 8); > > > -+ memcpy(iv+8, checksum, 8); > > > -+ > > > -+ aes_cfb8_encrypt(seq_num, seq_num, 8, &key, iv, AES_ENCRYPT); > > > -+ } else { > > > -+ static const uint8_t zeros[4]; > > > -+ uint8_t sequence_key[16]; > > > -+ uint8_t digest1[16]; > > > -+ > > > -+ hmac_md5(state->creds->session_key, zeros, sizeof(zeros), digest1= ); > > > -+ hmac_md5(digest1, checksum, checksum_length, sequence_key); > > > -+ arcfour_crypt(seq_num, sequence_key, 8); > > > -+ } > > > -+ > > > -+ state->seq_num++; > > > -+} > > > -+ > > > -+static void netsec_do_seal(struct schannel_state *state, > > > -+ const uint8_t seq_num[8], > > > -+ uint8_t confounder[8], > > > -+ uint8_t *data, uint32_t length, > > > -+ bool forward) > > > -+{ > > > -+ if (state->creds->negotiate_flags & NETLOGON_NEG_SUPPORTS_AES) { > > > -+ AES_KEY key; > > > -+ uint8_t iv[AES_BLOCK_SIZE]; > > > -+ uint8_t sess_kf0[16]; > > > -+ int i; > > > -+ > > > -+ for (i =3D 0; i < 16; i++) { > > > -+ sess_kf0[i] =3D state->creds->session_key[i] ^ 0xf0; > > > -+ } > > > -+ > > > -+ AES_set_encrypt_key(sess_kf0, 128, &key); > > > -+ ZERO_STRUCT(iv); > > > -+ memcpy(iv+0, seq_num, 8); > > > -+ memcpy(iv+8, seq_num, 8); > > > -+ > > > -+ if (forward) { > > > -+ aes_cfb8_encrypt(confounder, confounder, 8, &key, iv, AES_ENCRYP= T); > > > -+ aes_cfb8_encrypt(data, data, length, &key, iv, AES_ENCRYPT); > > > -+ } else { > > > -+ aes_cfb8_encrypt(confounder, confounder, 8, &key, iv, AES_DECRYP= T); > > > -+ aes_cfb8_encrypt(data, data, length, &key, iv, AES_DECRYPT); > > > -+ } > > > -+ } else { > > > -+ uint8_t sealing_key[16]; > > > -+ static const uint8_t zeros[4]; > > > -+ uint8_t digest2[16]; > > > -+ uint8_t sess_kf0[16]; > > > -+ int i; > > > -+ > > > -+ for (i =3D 0; i < 16; i++) { > > > -+ sess_kf0[i] =3D state->creds->session_key[i] ^ 0xf0; > > > -+ } > > > -+ > > > -+ hmac_md5(sess_kf0, zeros, 4, digest2); > > > -+ hmac_md5(digest2, seq_num, 8, sealing_key); > > > -+ > > > -+ arcfour_crypt(confounder, sealing_key, 8); > > > -+ arcfour_crypt(data, sealing_key, length); > > > -+ } > > > -+} > > > -+ > > > -+/******************************************************************* > > > -+ Create a digest over the entire packet (including the data), and > > > -+ MD5 it with the session key. > > > -+ ******************************************************************= **/ > > > -+static void netsec_do_sign(struct schannel_state *state, > > > -+ const uint8_t *confounder, > > > -+ const uint8_t *data, size_t length, > > > -+ uint8_t header[8], > > > -+ uint8_t *checksum) > > > -+{ > > > -+ if (state->creds->negotiate_flags & NETLOGON_NEG_SUPPORTS_AES) { > > > -+ struct HMACSHA256Context ctx; > > > -+ > > > -+ hmac_sha256_init(state->creds->session_key, > > > -+ sizeof(state->creds->session_key), > > > -+ &ctx); > > > -+ > > > -+ if (confounder) { > > > -+ SSVAL(header, 0, NL_SIGN_HMAC_SHA256); > > > -+ SSVAL(header, 2, NL_SEAL_AES128); > > > -+ SSVAL(header, 4, 0xFFFF); > > > -+ SSVAL(header, 6, 0x0000); > > > -+ > > > -+ hmac_sha256_update(header, 8, &ctx); > > > -+ hmac_sha256_update(confounder, 8, &ctx); > > > -+ } else { > > > -+ SSVAL(header, 0, NL_SIGN_HMAC_SHA256); > > > -+ SSVAL(header, 2, NL_SEAL_NONE); > > > -+ SSVAL(header, 4, 0xFFFF); > > > -+ SSVAL(header, 6, 0x0000); > > > -+ > > > -+ hmac_sha256_update(header, 8, &ctx); > > > -+ } > > > -+ > > > -+ hmac_sha256_update(data, length, &ctx); > > > -+ > > > -+ hmac_sha256_final(checksum, &ctx); > > > -+ } else { > > > -+ uint8_t packet_digest[16]; > > > -+ static const uint8_t zeros[4]; > > > -+ MD5_CTX ctx; > > > -+ > > > -+ MD5Init(&ctx); > > > -+ MD5Update(&ctx, zeros, 4); > > > -+ if (confounder) { > > > -+ SSVAL(header, 0, NL_SIGN_HMAC_MD5); > > > -+ SSVAL(header, 2, NL_SEAL_RC4); > > > -+ SSVAL(header, 4, 0xFFFF); > > > -+ SSVAL(header, 6, 0x0000); > > > -+ > > > -+ MD5Update(&ctx, header, 8); > > > -+ MD5Update(&ctx, confounder, 8); > > > -+ } else { > > > -+ SSVAL(header, 0, NL_SIGN_HMAC_MD5); > > > -+ SSVAL(header, 2, NL_SEAL_NONE); > > > -+ SSVAL(header, 4, 0xFFFF); > > > -+ SSVAL(header, 6, 0x0000); > > > -+ > > > -+ MD5Update(&ctx, header, 8); > > > -+ } > > > -+ MD5Update(&ctx, data, length); > > > -+ MD5Final(packet_digest, &ctx); > > > -+ > > > -+ hmac_md5(state->creds->session_key, > > > -+ packet_digest, sizeof(packet_digest), > > > -+ checksum); > > > -+ } > > > -+} > > > -+ > > > -+static NTSTATUS netsec_incoming_packet(struct schannel_state *state, > > > -+ bool do_unseal, > > > -+ uint8_t *data, size_t length, > > > -+ const DATA_BLOB *sig) > > > -+{ > > > -+ uint32_t min_sig_size =3D 0; > > > -+ uint8_t header[8]; > > > -+ uint8_t checksum[32]; > > > -+ uint32_t checksum_length =3D sizeof(checksum_length); > > > -+ uint8_t _confounder[8]; > > > -+ uint8_t *confounder =3D NULL; > > > -+ uint32_t confounder_ofs =3D 0; > > > -+ uint8_t seq_num[8]; > > > -+ int ret; > > > -+ > > > -+ netsec_offset_and_sizes(state, > > > -+ do_unseal, > > > -+ &min_sig_size, > > > -+ NULL, > > > -+ &checksum_length, > > > -+ &confounder_ofs); > > > -+ > > > -+ if (sig->length < min_sig_size) { > > > -+ return NT_STATUS_ACCESS_DENIED; > > > -+ } > > > -+ > > > -+ if (do_unseal) { > > > -+ confounder =3D _confounder; > > > -+ memcpy(confounder, sig->data+confounder_ofs, 8); > > > -+ } else { > > > -+ confounder =3D NULL; > > > -+ } > > > -+ > > > -+ SETUP_SEQNUM(state, seq_num, !state->initiator); > > > -+ > > > -+ if (do_unseal) { > > > -+ netsec_do_seal(state, seq_num, > > > -+ confounder, > > > -+ data, length, > > > -+ false); > > > -+ } > > > -+ > > > -+ netsec_do_sign(state, confounder, > > > -+ data, length, > > > -+ header, checksum); > > > -+ > > > -+ ret =3D memcmp(checksum, sig->data+16, checksum_length); > > > -+ if (ret !=3D 0) { > > > -+ dump_data_pw("calc digest:", checksum, checksum_length); > > > -+ dump_data_pw("wire digest:", sig->data+16, checksum_length); > > > -+ return NT_STATUS_ACCESS_DENIED; > > > -+ } > > > -+ > > > -+ netsec_do_seq_num(state, checksum, checksum_length, seq_num); > > > -+ > > > -+ ret =3D memcmp(seq_num, sig->data+8, 8); > > > -+ if (ret !=3D 0) { > > > -+ dump_data_pw("calc seq num:", seq_num, 8); > > > -+ dump_data_pw("wire seq num:", sig->data+8, 8); > > > -+ return NT_STATUS_ACCESS_DENIED; > > > -+ } > > > -+ > > > -+ return NT_STATUS_OK; > > > -+} > > > -+ > > > -+static uint32_t netsec_outgoing_sig_size(struct schannel_state *sta= te) > > > -+{ > > > -+ uint32_t sig_size =3D 0; > > > -+ > > > -+ netsec_offset_and_sizes(state, > > > -+ true, > > > -+ NULL, > > > -+ &sig_size, > > > -+ NULL, > > > -+ NULL); > > > -+ > > > -+ return sig_size; > > > -+} > > > -+ > > > -+static NTSTATUS netsec_outgoing_packet(struct schannel_state *state, > > > -+ TALLOC_CTX *mem_ctx, > > > -+ bool do_seal, > > > -+ uint8_t *data, size_t length, > > > -+ DATA_BLOB *sig) > > > -+{ > > > -+ uint32_t min_sig_size =3D 0; > > > -+ uint32_t used_sig_size =3D 0; > > > -+ uint8_t header[8]; > > > -+ uint8_t checksum[32]; > > > -+ uint32_t checksum_length =3D sizeof(checksum_length); > > > -+ uint8_t _confounder[8]; > > > -+ uint8_t *confounder =3D NULL; > > > -+ uint32_t confounder_ofs =3D 0; > > > -+ uint8_t seq_num[8]; > > > -+ > > > -+ netsec_offset_and_sizes(state, > > > -+ do_seal, > > > -+ &min_sig_size, > > > -+ &used_sig_size, > > > -+ &checksum_length, > > > -+ &confounder_ofs); > > > -+ > > > -+ SETUP_SEQNUM(state, seq_num, state->initiator); > > > -+ > > > -+ if (do_seal) { > > > -+ confounder =3D _confounder; > > > -+ generate_random_buffer(confounder, 8); > > > -+ } else { > > > -+ confounder =3D NULL; > > > -+ } > > > -+ > > > -+ netsec_do_sign(state, confounder, > > > -+ data, length, > > > -+ header, checksum); > > > -+ > > > -+ if (do_seal) { > > > -+ netsec_do_seal(state, seq_num, > > > -+ confounder, > > > -+ data, length, > > > -+ true); > > > -+ } > > > -+ > > > -+ netsec_do_seq_num(state, checksum, checksum_length, seq_num); > > > -+ > > > -+ (*sig) =3D data_blob_talloc_zero(mem_ctx, used_sig_size); > > > -+ > > > -+ memcpy(sig->data, header, 8); > > > -+ memcpy(sig->data+8, seq_num, 8); > > > -+ memcpy(sig->data+16, checksum, checksum_length); > > > -+ > > > -+ if (confounder) { > > > -+ memcpy(sig->data+confounder_ofs, confounder, 8); > > > -+ } > > > -+ > > > -+ dump_data_pw("signature:", sig->data+ 0, 8); > > > -+ dump_data_pw("seq_num :", sig->data+ 8, 8); > > > -+ dump_data_pw("digest :", sig->data+16, checksum_length); > > > -+ dump_data_pw("confound :", sig->data+confounder_ofs, 8); > > > -+ > > > -+ return NT_STATUS_OK; > > > -+} > > > -=20 > > > - _PUBLIC_ NTSTATUS gensec_schannel_init(void); > > > -=20 > > > -diff --git a/libcli/auth/schannel_proto.h b/libcli/auth/schannel_pro= to.h > > > -index da76559..bce37c8 100644 > > > ---- a/libcli/auth/schannel_proto.h > > > -+++ b/libcli/auth/schannel_proto.h > > > -@@ -28,18 +28,4 @@ struct schannel_state; > > > - struct db_context *open_schannel_session_store(TALLOC_CTX *mem_ctx, > > > - struct loadparm_context *lp_ctx); > > > -=20 > > > --struct schannel_state *netsec_create_state(TALLOC_CTX *mem_ctx, > > > -- struct netlogon_creds_CredentialState *creds, > > > -- bool initiator); > > > --NTSTATUS netsec_incoming_packet(struct schannel_state *state, > > > -- bool do_unseal, > > > -- uint8_t *data, size_t length, > > > -- const DATA_BLOB *sig); > > > --uint32_t netsec_outgoing_sig_size(struct schannel_state *state); > > > --NTSTATUS netsec_outgoing_packet(struct schannel_state *state, > > > -- TALLOC_CTX *mem_ctx, > > > -- bool do_seal, > > > -- uint8_t *data, size_t length, > > > -- DATA_BLOB *sig); > > > -- > > > - #endif > > > -diff --git a/libcli/auth/schannel_sign.c b/libcli/auth/schannel_sign= =2Ec > > > -deleted file mode 100644 > > > -index 9502cba..0000000 > > > ---- a/libcli/auth/schannel_sign.c > > > -+++ /dev/null > > > -@@ -1,404 +0,0 @@ > > > --/* > > > -- Unix SMB/CIFS implementation. > > > -- > > > -- schannel library code > > > -- > > > -- Copyright (C) Andrew Tridgell 2004 > > > -- Copyright (C) Andrew Bartlett 2005 > > > -- > > > -- This program is free software; you can redistribute it and/or mo= dify > > > -- it under the terms of the GNU General Public License as publishe= d by > > > -- the Free Software Foundation; either version 3 of the License, or > > > -- (at your option) any later version. > > > -- > > > -- This program is distributed in the hope that it will be useful, > > > -- but WITHOUT ANY WARRANTY; without even the implied warranty of > > > -- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the > > > -- GNU General Public License for more details. > > > -- > > > -- You should have received a copy of the GNU General Public License > > > -- along with this program. If not, see . > > > --*/ > > > -- > > > --#include "includes.h" > > > --#include "../libcli/auth/schannel.h" > > > --#include "../lib/crypto/crypto.h" > > > -- > > > --struct schannel_state { > > > -- uint64_t seq_num; > > > -- bool initiator; > > > -- struct netlogon_creds_CredentialState *creds; > > > --}; > > > -- > > > --#define SETUP_SEQNUM(state, buf, initiator) do { \ > > > -- uint8_t *_buf =3D buf; \ > > > -- uint32_t _seq_num_low =3D (state)->seq_num & UINT32_MAX; \ > > > -- uint32_t _seq_num_high =3D (state)->seq_num >> 32; \ > > > -- if (initiator) { \ > > > -- _seq_num_high |=3D 0x80000000; \ > > > -- } \ > > > -- RSIVAL(_buf, 0, _seq_num_low); \ > > > -- RSIVAL(_buf, 4, _seq_num_high); \ > > > --} while(0) > > > -- > > > --struct schannel_state *netsec_create_state(TALLOC_CTX *mem_ctx, > > > -- struct netlogon_creds_CredentialState *creds, > > > -- bool initiator) > > > --{ > > > -- struct schannel_state *state; > > > -- > > > -- state =3D talloc(mem_ctx, struct schannel_state); > > > -- if (state =3D=3D NULL) { > > > -- return NULL; > > > -- } > > > -- > > > -- state->initiator =3D initiator; > > > -- state->seq_num =3D 0; > > > -- state->creds =3D netlogon_creds_copy(state, creds); > > > -- if (state->creds =3D=3D NULL) { > > > -- talloc_free(state); > > > -- return NULL; > > > -- } > > > -- > > > -- return state; > > > --} > > > -- > > > --static void netsec_offset_and_sizes(struct schannel_state *state, > > > -- bool do_seal, > > > -- uint32_t *_min_sig_size, > > > -- uint32_t *_used_sig_size, > > > -- uint32_t *_checksum_length, > > > -- uint32_t *_confounder_ofs) > > > --{ > > > -- uint32_t min_sig_size; > > > -- uint32_t used_sig_size; > > > -- uint32_t checksum_length; > > > -- uint32_t confounder_ofs; > > > -- > > > -- if (state->creds->negotiate_flags & NETLOGON_NEG_SUPPORTS_AES) { > > > -- min_sig_size =3D 48; > > > -- used_sig_size =3D 56; > > > -- /* > > > -- * Note: windows has a bug here and uses the old values... > > > -- * > > > -- * checksum_length =3D 32; > > > -- * confounder_ofs =3D 48; > > > -- */ > > > -- checksum_length =3D 8; > > > -- confounder_ofs =3D 24; > > > -- } else { > > > -- min_sig_size =3D 24; > > > -- used_sig_size =3D 32; > > > -- checksum_length =3D 8; > > > -- confounder_ofs =3D 24; > > > -- } > > > -- > > > -- if (do_seal) { > > > -- min_sig_size +=3D 8; > > > -- } > > > -- > > > -- if (_min_sig_size) { > > > -- *_min_sig_size =3D min_sig_size; > > > -- } > > > -- > > > -- if (_used_sig_size) { > > > -- *_used_sig_size =3D used_sig_size; > > > -- } > > > -- > > > -- if (_checksum_length) { > > > -- *_checksum_length =3D checksum_length; > > > -- } > > > -- > > > -- if (_confounder_ofs) { > > > -- *_confounder_ofs =3D confounder_ofs; > > > -- } > > > --} > > > -- > > > --/******************************************************************* > > > -- Encode or Decode the sequence number (which is symmetric) > > > -- ******************************************************************= **/ > > > --static void netsec_do_seq_num(struct schannel_state *state, > > > -- const uint8_t *checksum, > > > -- uint32_t checksum_length, > > > -- uint8_t seq_num[8]) > > > --{ > > > -- if (state->creds->negotiate_flags & NETLOGON_NEG_SUPPORTS_AES) { > > > -- AES_KEY key; > > > -- uint8_t iv[AES_BLOCK_SIZE]; > > > -- > > > -- AES_set_encrypt_key(state->creds->session_key, 128, &key); > > > -- ZERO_STRUCT(iv); > > > -- memcpy(iv+0, checksum, 8); > > > -- memcpy(iv+8, checksum, 8); > > > -- > > > -- aes_cfb8_encrypt(seq_num, seq_num, 8, &key, iv, AES_ENCRYPT); > > > -- } else { > > > -- static const uint8_t zeros[4]; > > > -- uint8_t sequence_key[16]; > > > -- uint8_t digest1[16]; > > > -- > > > -- hmac_md5(state->creds->session_key, zeros, sizeof(zeros), digest1= ); > > > -- hmac_md5(digest1, checksum, checksum_length, sequence_key); > > > -- arcfour_crypt(seq_num, sequence_key, 8); > > > -- } > > > -- > > > -- state->seq_num++; > > > --} > > > -- > > > --static void netsec_do_seal(struct schannel_state *state, > > > -- const uint8_t seq_num[8], > > > -- uint8_t confounder[8], > > > -- uint8_t *data, uint32_t length, > > > -- bool forward) > > > --{ > > > -- if (state->creds->negotiate_flags & NETLOGON_NEG_SUPPORTS_AES) { > > > -- AES_KEY key; > > > -- uint8_t iv[AES_BLOCK_SIZE]; > > > -- uint8_t sess_kf0[16]; > > > -- int i; > > > -- > > > -- for (i =3D 0; i < 16; i++) { > > > -- sess_kf0[i] =3D state->creds->session_key[i] ^ 0xf0; > > > -- } > > > -- > > > -- AES_set_encrypt_key(sess_kf0, 128, &key); > > > -- ZERO_STRUCT(iv); > > > -- memcpy(iv+0, seq_num, 8); > > > -- memcpy(iv+8, seq_num, 8); > > > -- > > > -- if (forward) { > > > -- aes_cfb8_encrypt(confounder, confounder, 8, &key, iv, AES_ENCRYP= T); > > > -- aes_cfb8_encrypt(data, data, length, &key, iv, AES_ENCRYPT); > > > -- } else { > > > -- aes_cfb8_encrypt(confounder, confounder, 8, &key, iv, AES_DECRYP= T); > > > -- aes_cfb8_encrypt(data, data, length, &key, iv, AES_DECRYPT); > > > -- } > > > -- } else { > > > -- uint8_t sealing_key[16]; > > > -- static const uint8_t zeros[4]; > > > -- uint8_t digest2[16]; > > > -- uint8_t sess_kf0[16]; > > > -- int i; > > > -- > > > -- for (i =3D 0; i < 16; i++) { > > > -- sess_kf0[i] =3D state->creds->session_key[i] ^ 0xf0; > > > -- } > > > -- > > > -- hmac_md5(sess_kf0, zeros, 4, digest2); > > > -- hmac_md5(digest2, seq_num, 8, sealing_key); > > > -- > > > -- arcfour_crypt(confounder, sealing_key, 8); > > > -- arcfour_crypt(data, sealing_key, length); > > > -- } > > > --} > > > -- > > > --/******************************************************************* > > > -- Create a digest over the entire packet (including the data), and > > > -- MD5 it with the session key. > > > -- ******************************************************************= **/ > > > --static void netsec_do_sign(struct schannel_state *state, > > > -- const uint8_t *confounder, > > > -- const uint8_t *data, size_t length, > > > -- uint8_t header[8], > > > -- uint8_t *checksum) > > > --{ > > > -- if (state->creds->negotiate_flags & NETLOGON_NEG_SUPPORTS_AES) { > > > -- struct HMACSHA256Context ctx; > > > -- > > > -- hmac_sha256_init(state->creds->session_key, > > > -- sizeof(state->creds->session_key), > > > -- &ctx); > > > -- > > > -- if (confounder) { > > > -- SSVAL(header, 0, NL_SIGN_HMAC_SHA256); > > > -- SSVAL(header, 2, NL_SEAL_AES128); > > > -- SSVAL(header, 4, 0xFFFF); > > > -- SSVAL(header, 6, 0x0000); > > > -- > > > -- hmac_sha256_update(header, 8, &ctx); > > > -- hmac_sha256_update(confounder, 8, &ctx); > > > -- } else { > > > -- SSVAL(header, 0, NL_SIGN_HMAC_SHA256); > > > -- SSVAL(header, 2, NL_SEAL_NONE); > > > -- SSVAL(header, 4, 0xFFFF); > > > -- SSVAL(header, 6, 0x0000); > > > -- > > > -- hmac_sha256_update(header, 8, &ctx); > > > -- } > > > -- > > > -- hmac_sha256_update(data, length, &ctx); > > > -- > > > -- hmac_sha256_final(checksum, &ctx); > > > -- } else { > > > -- uint8_t packet_digest[16]; > > > -- static const uint8_t zeros[4]; > > > -- MD5_CTX ctx; > > > -- > > > -- MD5Init(&ctx); > > > -- MD5Update(&ctx, zeros, 4); > > > -- if (confounder) { > > > -- SSVAL(header, 0, NL_SIGN_HMAC_MD5); > > > -- SSVAL(header, 2, NL_SEAL_RC4); > > > -- SSVAL(header, 4, 0xFFFF); > > > -- SSVAL(header, 6, 0x0000); > > > -- > > > -- MD5Update(&ctx, header, 8); > > > -- MD5Update(&ctx, confounder, 8); > > > -- } else { > > > -- SSVAL(header, 0, NL_SIGN_HMAC_MD5); > > > -- SSVAL(header, 2, NL_SEAL_NONE); > > > -- SSVAL(header, 4, 0xFFFF); > > > -- SSVAL(header, 6, 0x0000); > > > -- > > > -- MD5Update(&ctx, header, 8); > > > -- } > > > -- MD5Update(&ctx, data, length); > > > -- MD5Final(packet_digest, &ctx); > > > -- > > > -- hmac_md5(state->creds->session_key, > > > -- packet_digest, sizeof(packet_digest), > > > -- checksum); > > > -- } > > > --} > > > -- > > > --NTSTATUS netsec_incoming_packet(struct schannel_state *state, > > > -- bool do_unseal, > > > -- uint8_t *data, size_t length, > > > -- const DATA_BLOB *sig) > > > --{ > > > -- uint32_t min_sig_size =3D 0; > > > -- uint8_t header[8]; > > > -- uint8_t checksum[32]; > > > -- uint32_t checksum_length =3D sizeof(checksum_length); > > > -- uint8_t _confounder[8]; > > > -- uint8_t *confounder =3D NULL; > > > -- uint32_t confounder_ofs =3D 0; > > > -- uint8_t seq_num[8]; > > > -- int ret; > > > -- > > > -- netsec_offset_and_sizes(state, > > > -- do_unseal, > > > -- &min_sig_size, > > > -- NULL, > > > -- &checksum_length, > > > -- &confounder_ofs); > > > -- > > > -- if (sig->length < min_sig_size) { > > > -- return NT_STATUS_ACCESS_DENIED; > > > -- } > > > -- > > > -- if (do_unseal) { > > > -- confounder =3D _confounder; > > > -- memcpy(confounder, sig->data+confounder_ofs, 8); > > > -- } else { > > > -- confounder =3D NULL; > > > -- } > > > -- > > > -- SETUP_SEQNUM(state, seq_num, !state->initiator); > > > -- > > > -- if (do_unseal) { > > > -- netsec_do_seal(state, seq_num, > > > -- confounder, > > > -- data, length, > > > -- false); > > > -- } > > > -- > > > -- netsec_do_sign(state, confounder, > > > -- data, length, > > > -- header, checksum); > > > -- > > > -- ret =3D memcmp(checksum, sig->data+16, checksum_length); > > > -- if (ret !=3D 0) { > > > -- dump_data_pw("calc digest:", checksum, checksum_length); > > > -- dump_data_pw("wire digest:", sig->data+16, checksum_length); > > > -- return NT_STATUS_ACCESS_DENIED; > > > -- } > > > -- > > > -- netsec_do_seq_num(state, checksum, checksum_length, seq_num); > > > -- > > > -- ret =3D memcmp(seq_num, sig->data+8, 8); > > > -- if (ret !=3D 0) { > > > -- dump_data_pw("calc seq num:", seq_num, 8); > > > -- dump_data_pw("wire seq num:", sig->data+8, 8); > > > -- return NT_STATUS_ACCESS_DENIED; > > > -- } > > > -- > > > -- return NT_STATUS_OK; > > > --} > > > -- > > > --uint32_t netsec_outgoing_sig_size(struct schannel_state *state) > > > --{ > > > -- uint32_t sig_size =3D 0; > > > -- > > > -- netsec_offset_and_sizes(state, > > > -- true, > > > -- NULL, > > > -- &sig_size, > > > -- NULL, > > > -- NULL); > > > -- > > > -- return sig_size; > > > --} > > > -- > > > --NTSTATUS netsec_outgoing_packet(struct schannel_state *state, > > > -- TALLOC_CTX *mem_ctx, > > > -- bool do_seal, > > > -- uint8_t *data, size_t length, > > > -- DATA_BLOB *sig) > > > --{ > > > -- uint32_t min_sig_size =3D 0; > > > -- uint32_t used_sig_size =3D 0; > > > -- uint8_t header[8]; > > > -- uint8_t checksum[32]; > > > -- uint32_t checksum_length =3D sizeof(checksum_length); > > > -- uint8_t _confounder[8]; > > > -- uint8_t *confounder =3D NULL; > > > -- uint32_t confounder_ofs =3D 0; > > > -- uint8_t seq_num[8]; > > > -- > > > -- netsec_offset_and_sizes(state, > > > -- do_seal, > > > -- &min_sig_size, > > > -- &used_sig_size, > > > -- &checksum_length, > > > -- &confounder_ofs); > > > -- > > > -- SETUP_SEQNUM(state, seq_num, state->initiator); > > > -- > > > -- if (do_seal) { > > > -- confounder =3D _confounder; > > > -- generate_random_buffer(confounder, 8); > > > -- } else { > > > -- confounder =3D NULL; > > > -- } > > > -- > > > -- netsec_do_sign(state, confounder, > > > -- data, length, > > > -- header, checksum); > > > -- > > > -- if (do_seal) { > > > -- netsec_do_seal(state, seq_num, > > > -- confounder, > > > -- data, length, > > > -- true); > > > -- } > > > -- > > > -- netsec_do_seq_num(state, checksum, checksum_length, seq_num); > > > -- > > > -- (*sig) =3D data_blob_talloc_zero(mem_ctx, used_sig_size); > > > -- > > > -- memcpy(sig->data, header, 8); > > > -- memcpy(sig->data+8, seq_num, 8); > > > -- memcpy(sig->data+16, checksum, checksum_length); > > > -- > > > -- if (confounder) { > > > -- memcpy(sig->data+confounder_ofs, confounder, 8); > > > -- } > > > -- > > > -- dump_data_pw("signature:", sig->data+ 0, 8); > > > -- dump_data_pw("seq_num :", sig->data+ 8, 8); > > > -- dump_data_pw("digest :", sig->data+16, checksum_length); > > > -- dump_data_pw("confound :", sig->data+confounder_ofs, 8); > > > -- > > > -- return NT_STATUS_OK; > > > --} > > > -diff --git a/libcli/auth/wscript_build b/libcli/auth/wscript_build > > > -index df23058..ca2be2d 100755 > > > ---- a/libcli/auth/wscript_build > > > -+++ b/libcli/auth/wscript_build > > > -@@ -24,7 +24,7 @@ bld.SAMBA_SUBSYSTEM('LIBCLI_AUTH', > > > -=20 > > > -=20 > > > - bld.SAMBA_SUBSYSTEM('COMMON_SCHANNEL', > > > -- source=3D'schannel_state_tdb.c schannel_sign.c', > > > -+ source=3D'schannel_state_tdb.c', > > > - deps=3D'dbwrap util_tdb samba-hostconfig NDR_NETLOGON' > > > - ) > > > -=20 > > > ---=20 > > > -1.9.3 > > > - > > > - > > > -From 307627065568a259eb9e94953b872bf723477be6 Mon Sep 17 00:00:00 20= 01 > > > -From: Stefan Metzmacher > > > -Date: Tue, 31 Dec 2013 10:11:18 +0100 > > > -Subject: [PATCH 150/249] auth/gensec: implement GENSEC_FEATURE_SIGN_= PKT_HEADER > > > - in schannel.c > > > - > > > -Signed-off-by: Stefan Metzmacher > > > -Reviewed-by: Andrew Bartlett > > > -(cherry picked from commit 03006d0e4471465f071517097145806fbe46fdba) > > > ---- > > > - auth/gensec/schannel.c | 56 +++++++++++++++++++++++++++++++++++++++= ++--------- > > > - 1 file changed, 46 insertions(+), 10 deletions(-) > > > - > > > -diff --git a/auth/gensec/schannel.c b/auth/gensec/schannel.c > > > -index c60ab4f..3d30e83 100644 > > > ---- a/auth/gensec/schannel.c > > > -+++ b/auth/gensec/schannel.c > > > -@@ -34,6 +34,7 @@ > > > - #include "lib/crypto/crypto.h" > > > -=20 > > > - struct schannel_state { > > > -+ struct gensec_security *gensec; > > > - uint64_t seq_num; > > > - bool initiator; > > > - struct netlogon_creds_CredentialState *creds; > > > -@@ -50,17 +51,19 @@ struct schannel_state { > > > - RSIVAL(_buf, 4, _seq_num_high); \ > > > - } while(0) > > > -=20 > > > --static struct schannel_state *netsec_create_state(TALLOC_CTX *mem_c= tx, > > > -+static struct schannel_state *netsec_create_state( > > > -+ struct gensec_security *gensec, > > > - struct netlogon_creds_CredentialState *creds, > > > - bool initiator) > > > - { > > > - struct schannel_state *state; > > > -=20 > > > -- state =3D talloc(mem_ctx, struct schannel_state); > > > -+ state =3D talloc(gensec, struct schannel_state); > > > - if (state =3D=3D NULL) { > > > - return NULL; > > > - } > > > -=20 > > > -+ state->gensec =3D gensec; > > > - state->initiator =3D initiator; > > > - state->seq_num =3D 0; > > > - state->creds =3D netlogon_creds_copy(state, creds); > > > -@@ -69,6 +72,8 @@ static struct schannel_state *netsec_create_state(= TALLOC_CTX *mem_ctx, > > > - return NULL; > > > - } > > > -=20 > > > -+ gensec->private_data =3D state; > > > -+ > > > - return state; > > > - } > > > -=20 > > > -@@ -273,6 +278,7 @@ static void netsec_do_sign(struct schannel_state= *state, > > > - static NTSTATUS netsec_incoming_packet(struct schannel_state *state, > > > - bool do_unseal, > > > - uint8_t *data, size_t length, > > > -+ const uint8_t *whole_pdu, size_t pdu_length, > > > - const DATA_BLOB *sig) > > > - { > > > - uint32_t min_sig_size =3D 0; > > > -@@ -284,6 +290,8 @@ static NTSTATUS netsec_incoming_packet(struct sc= hannel_state *state, > > > - uint32_t confounder_ofs =3D 0; > > > - uint8_t seq_num[8]; > > > - int ret; > > > -+ const uint8_t *sign_data =3D NULL; > > > -+ size_t sign_length =3D 0; > > > -=20 > > > - netsec_offset_and_sizes(state, > > > - do_unseal, > > > -@@ -312,8 +320,16 @@ static NTSTATUS netsec_incoming_packet(struct s= channel_state *state, > > > - false); > > > - } > > > -=20 > > > -+ if (state->gensec->want_features & GENSEC_FEATURE_SIGN_PKT_HEADER)= { > > > -+ sign_data =3D whole_pdu; > > > -+ sign_length =3D pdu_length; > > > -+ } else { > > > -+ sign_data =3D data; > > > -+ sign_length =3D length; > > > -+ } > > > -+ > > > - netsec_do_sign(state, confounder, > > > -- data, length, > > > -+ sign_data, sign_length, > > > - header, checksum); > > > -=20 > > > - ret =3D memcmp(checksum, sig->data+16, checksum_length); > > > -@@ -353,6 +369,7 @@ static NTSTATUS netsec_outgoing_packet(struct sc= hannel_state *state, > > > - TALLOC_CTX *mem_ctx, > > > - bool do_seal, > > > - uint8_t *data, size_t length, > > > -+ const uint8_t *whole_pdu, size_t pdu_length, > > > - DATA_BLOB *sig) > > > - { > > > - uint32_t min_sig_size =3D 0; > > > -@@ -364,6 +381,8 @@ static NTSTATUS netsec_outgoing_packet(struct sc= hannel_state *state, > > > - uint8_t *confounder =3D NULL; > > > - uint32_t confounder_ofs =3D 0; > > > - uint8_t seq_num[8]; > > > -+ const uint8_t *sign_data =3D NULL; > > > -+ size_t sign_length =3D 0; > > > -=20 > > > - netsec_offset_and_sizes(state, > > > - do_seal, > > > -@@ -381,8 +400,16 @@ static NTSTATUS netsec_outgoing_packet(struct s= channel_state *state, > > > - confounder =3D NULL; > > > - } > > > -=20 > > > -+ if (state->gensec->want_features & GENSEC_FEATURE_SIGN_PKT_HEADER)= { > > > -+ sign_data =3D whole_pdu; > > > -+ sign_length =3D pdu_length; > > > -+ } else { > > > -+ sign_data =3D data; > > > -+ sign_length =3D length; > > > -+ } > > > -+ > > > - netsec_do_sign(state, confounder, > > > -- data, length, > > > -+ sign_data, sign_length, > > > - header, checksum); > > > -=20 > > > - if (do_seal) { > > > -@@ -457,7 +484,6 @@ static NTSTATUS schannel_update(struct gensec_se= curity *gensec_security, TALLOC_ > > > - if (state =3D=3D NULL) { > > > - return NT_STATUS_NO_MEMORY; > > > - } > > > -- gensec_security->private_data =3D state; > > > -=20 > > > - bind_schannel.MessageType =3D NL_NEGOTIATE_REQUEST; > > > - #if 0 > > > -@@ -553,7 +579,6 @@ static NTSTATUS schannel_update(struct gensec_se= curity *gensec_security, TALLOC_ > > > - if (state =3D=3D NULL) { > > > - return NT_STATUS_NO_MEMORY; > > > - } > > > -- gensec_security->private_data =3D state; > > > -=20 > > > - bind_schannel_ack.MessageType =3D NL_NEGOTIATE_RESPONSE; > > > - bind_schannel_ack.Flags =3D 0; > > > -@@ -608,6 +633,9 @@ static bool schannel_have_feature(struct gensec_= security *gensec_security, > > > - if (feature & GENSEC_FEATURE_DCE_STYLE) { > > > - return true; > > > - } > > > -+ if (feature & GENSEC_FEATURE_SIGN_PKT_HEADER) { > > > -+ return true; > > > -+ } > > > - return false; > > > - } > > > -=20 > > > -@@ -625,7 +653,9 @@ static NTSTATUS schannel_unseal_packet(struct ge= nsec_security *gensec_security, > > > -=20 > > > - return netsec_incoming_packet(state, true, > > > - discard_const_p(uint8_t, data), > > > -- length, sig); > > > -+ length, > > > -+ whole_pdu, pdu_length, > > > -+ sig); > > > - } > > > -=20 > > > - /* > > > -@@ -642,7 +672,9 @@ static NTSTATUS schannel_check_packet(struct gen= sec_security *gensec_security, > > > -=20 > > > - return netsec_incoming_packet(state, false, > > > - discard_const_p(uint8_t, data), > > > -- length, sig); > > > -+ length, > > > -+ whole_pdu, pdu_length, > > > -+ sig); > > > - } > > > - /* > > > - seal a packet > > > -@@ -658,7 +690,9 @@ static NTSTATUS schannel_seal_packet(struct gens= ec_security *gensec_security, > > > - struct schannel_state); > > > -=20 > > > - return netsec_outgoing_packet(state, mem_ctx, true, > > > -- data, length, sig); > > > -+ data, length, > > > -+ whole_pdu, pdu_length, > > > -+ sig); > > > - } > > > -=20 > > > - /* > > > -@@ -676,7 +710,9 @@ static NTSTATUS schannel_sign_packet(struct gens= ec_security *gensec_security, > > > -=20 > > > - return netsec_outgoing_packet(state, mem_ctx, false, > > > - discard_const_p(uint8_t, data), > > > -- length, sig); > > > -+ length, > > > -+ whole_pdu, pdu_length, > > > -+ sig); > > > - } > > > -=20 > > > - static const struct gensec_security_ops gensec_schannel_security_op= s =3D { > > > ---=20 > > > -1.9.3 > > > - > > > - > > > -From 5b457559dfaeaf8f3d9227a93e5b75e0e7464c23 Mon Sep 17 00:00:00 20= 01 > > > -From: Stefan Metzmacher > > > -Date: Sun, 5 Jan 2014 06:16:03 +0100 > > > -Subject: [PATCH 151/249] s3:rpc_client: talloc_zero pipe_auth_data > > > - > > > -Signed-off-by: Stefan Metzmacher > > > -Reviewed-by: Andrew Bartlett > > > -(cherry picked from commit 5b39a351a8ceb3bec04236ceb4b2fe10651958a9) > > > ---- > > > - source3/rpc_client/cli_pipe.c | 6 +++--- > > > - 1 file changed, 3 insertions(+), 3 deletions(-) > > > - > > > -diff --git a/source3/rpc_client/cli_pipe.c b/source3/rpc_client/cli_= pipe.c > > > -index a343997..7d1e347 100644 > > > ---- a/source3/rpc_client/cli_pipe.c > > > -+++ b/source3/rpc_client/cli_pipe.c > > > -@@ -2101,7 +2101,7 @@ NTSTATUS rpccli_ncalrpc_bind_data(TALLOC_CTX *= mem_ctx, > > > - { > > > - struct pipe_auth_data *result; > > > -=20 > > > -- result =3D talloc(mem_ctx, struct pipe_auth_data); > > > -+ result =3D talloc_zero(mem_ctx, struct pipe_auth_data); > > > - if (result =3D=3D NULL) { > > > - return NT_STATUS_NO_MEMORY; > > > - } > > > -@@ -2125,7 +2125,7 @@ NTSTATUS rpccli_anon_bind_data(TALLOC_CTX *mem= _ctx, > > > - { > > > - struct pipe_auth_data *result; > > > -=20 > > > -- result =3D talloc(mem_ctx, struct pipe_auth_data); > > > -+ result =3D talloc_zero(mem_ctx, struct pipe_auth_data); > > > - if (result =3D=3D NULL) { > > > - return NT_STATUS_NO_MEMORY; > > > - } > > > -@@ -2160,7 +2160,7 @@ static NTSTATUS rpccli_generic_bind_data(TALLO= C_CTX *mem_ctx, > > > - struct pipe_auth_data *result; > > > - NTSTATUS status; > > > -=20 > > > -- result =3D talloc(mem_ctx, struct pipe_auth_data); > > > -+ result =3D talloc_zero(mem_ctx, struct pipe_auth_data); > > > - if (result =3D=3D NULL) { > > > - return NT_STATUS_NO_MEMORY; > > > - } > > > ---=20 > > > -1.9.3 > > > - > > > - > > > -From dd35874efea280b91ccaadf14a9a18e8a9017ea4 Mon Sep 17 00:00:00 20= 01 > > > -From: Stefan Metzmacher > > > -Date: Sun, 5 Jan 2014 06:31:44 +0100 > > > -Subject: [PATCH 152/249] s3:rpc_client: make rpc_api_pipe_req_send/r= ecv static > > > - > > > -Signed-off-by: Stefan Metzmacher > > > -Reviewed-by: Andrew Bartlett > > > -(cherry picked from commit 946e29dbc148d40fadbee81d4d530a36c0f2f1e6) > > > ---- > > > - source3/rpc_client/cli_pipe.c | 4 ++-- > > > - source3/rpc_client/cli_pipe.h | 10 ---------- > > > - 2 files changed, 2 insertions(+), 12 deletions(-) > > > - > > > -diff --git a/source3/rpc_client/cli_pipe.c b/source3/rpc_client/cli_= pipe.c > > > -index 7d1e347..3d12454 100644 > > > ---- a/source3/rpc_client/cli_pipe.c > > > -+++ b/source3/rpc_client/cli_pipe.c > > > -@@ -1153,7 +1153,7 @@ static void rpc_api_pipe_req_done(struct teven= t_req *subreq); > > > - static NTSTATUS prepare_next_frag(struct rpc_api_pipe_req_state *st= ate, > > > - bool *is_last_frag); > > > -=20 > > > --struct tevent_req *rpc_api_pipe_req_send(TALLOC_CTX *mem_ctx, > > > -+static struct tevent_req *rpc_api_pipe_req_send(TALLOC_CTX *mem_ctx, > > > - struct tevent_context *ev, > > > - struct rpc_pipe_client *cli, > > > - uint8_t op_num, > > > -@@ -1366,7 +1366,7 @@ static void rpc_api_pipe_req_done(struct teven= t_req *subreq) > > > - tevent_req_done(req); > > > - } > > > -=20 > > > --NTSTATUS rpc_api_pipe_req_recv(struct tevent_req *req, TALLOC_CTX *= mem_ctx, > > > -+static NTSTATUS rpc_api_pipe_req_recv(struct tevent_req *req, TALLO= C_CTX *mem_ctx, > > > - DATA_BLOB *reply_pdu) > > > - { > > > - struct rpc_api_pipe_req_state *state =3D tevent_req_data( > > > -diff --git a/source3/rpc_client/cli_pipe.h b/source3/rpc_client/cli_= pipe.h > > > -index ab99373..826f9bf 100644 > > > ---- a/source3/rpc_client/cli_pipe.h > > > -+++ b/source3/rpc_client/cli_pipe.h > > > -@@ -27,16 +27,6 @@ > > > -=20 > > > - /* The following definitions come from rpc_client/cli_pipe.c */ > > > -=20 > > > --struct tevent_req *rpc_api_pipe_req_send(TALLOC_CTX *mem_ctx, > > > -- struct tevent_context *ev, > > > -- struct rpc_pipe_client *cli, > > > -- uint8_t op_num, > > > -- DATA_BLOB *req_data); > > > -- > > > --NTSTATUS rpc_api_pipe_req_recv(struct tevent_req *req, > > > -- TALLOC_CTX *mem_ctx, > > > -- DATA_BLOB *reply_pdu); > > > -- > > > - struct tevent_req *rpc_pipe_bind_send(TALLOC_CTX *mem_ctx, > > > - struct tevent_context *ev, > > > - struct rpc_pipe_client *cli, > > > ---=20 > > > -1.9.3 > > > - > > > - > > > -From 9ea586bbac52bf17e6a1147420bfc9648e697706 Mon Sep 17 00:00:00 20= 01 > > > -From: Stefan Metzmacher > > > -Date: Sun, 5 Jan 2014 07:56:20 +0100 > > > -Subject: [PATCH 153/249] s3:rpc_client: add some const to > > > - rpc_api_pipe_req_send() > > > - > > > -Signed-off-by: Stefan Metzmacher > > > -Reviewed-by: Andrew Bartlett > > > -(cherry picked from commit 4d3376e919b5c33f272b3a584d8172729a7468e0) > > > ---- > > > - source3/rpc_client/cli_pipe.c | 4 ++-- > > > - 1 file changed, 2 insertions(+), 2 deletions(-) > > > - > > > -diff --git a/source3/rpc_client/cli_pipe.c b/source3/rpc_client/cli_= pipe.c > > > -index 3d12454..6b7fee2 100644 > > > ---- a/source3/rpc_client/cli_pipe.c > > > -+++ b/source3/rpc_client/cli_pipe.c > > > -@@ -1142,7 +1142,7 @@ struct rpc_api_pipe_req_state { > > > - struct rpc_pipe_client *cli; > > > - uint8_t op_num; > > > - uint32_t call_id; > > > -- DATA_BLOB *req_data; > > > -+ const DATA_BLOB *req_data; > > > - uint32_t req_data_sent; > > > - DATA_BLOB rpc_out; > > > - DATA_BLOB reply_pdu; > > > -@@ -1157,7 +1157,7 @@ static struct tevent_req *rpc_api_pipe_req_sen= d(TALLOC_CTX *mem_ctx, > > > - struct tevent_context *ev, > > > - struct rpc_pipe_client *cli, > > > - uint8_t op_num, > > > -- DATA_BLOB *req_data) > > > -+ const DATA_BLOB *req_data) > > > - { > > > - struct tevent_req *req, *subreq; > > > - struct rpc_api_pipe_req_state *state; > > > ---=20 > > > -1.9.3 > > > - > > > - > > > -From cc6303171f06ae26bce9d54013a63a6296563dd7 Mon Sep 17 00:00:00 20= 01 > > > -From: Stefan Metzmacher > > > -Date: Sun, 5 Jan 2014 08:26:15 +0100 > > > -Subject: [PATCH 154/249] s3:rpc_client: handle DCERPC_AUTH_TYPE_SCHA= NNEL as > > > - any other gensec backend > > > - > > > -Signed-off-by: Stefan Metzmacher > > > -Reviewed-by: Andrew Bartlett > > > -(cherry picked from commit f7bf7e705e704d2f1702e42a8e400baff9521066) > > > ---- > > > - source3/rpc_client/cli_pipe.c | 4 ++-- > > > - 1 file changed, 2 insertions(+), 2 deletions(-) > > > - > > > -diff --git a/source3/rpc_client/cli_pipe.c b/source3/rpc_client/cli_= pipe.c > > > -index 6b7fee2..b142774 100644 > > > ---- a/source3/rpc_client/cli_pipe.c > > > -+++ b/source3/rpc_client/cli_pipe.c > > > -@@ -1627,11 +1627,11 @@ static void rpc_pipe_bind_step_one_done(stru= ct tevent_req *subreq) > > > -=20 > > > - case DCERPC_AUTH_TYPE_NONE: > > > - case DCERPC_AUTH_TYPE_NCALRPC_AS_SYSTEM: > > > -- case DCERPC_AUTH_TYPE_SCHANNEL: > > > - /* Bind complete. */ > > > - tevent_req_done(req); > > > - return; > > > -=20 > > > -+ case DCERPC_AUTH_TYPE_SCHANNEL: > > > - case DCERPC_AUTH_TYPE_NTLMSSP: > > > - case DCERPC_AUTH_TYPE_SPNEGO: > > > - case DCERPC_AUTH_TYPE_KRB5: > > > -@@ -1666,11 +1666,11 @@ static void rpc_pipe_bind_step_one_done(stru= ct tevent_req *subreq) > > > -=20 > > > - case DCERPC_AUTH_TYPE_NONE: > > > - case DCERPC_AUTH_TYPE_NCALRPC_AS_SYSTEM: > > > -- case DCERPC_AUTH_TYPE_SCHANNEL: > > > - /* Bind complete. */ > > > - tevent_req_done(req); > > > - return; > > > -=20 > > > -+ case DCERPC_AUTH_TYPE_SCHANNEL: > > > - case DCERPC_AUTH_TYPE_NTLMSSP: > > > - case DCERPC_AUTH_TYPE_KRB5: > > > - case DCERPC_AUTH_TYPE_SPNEGO: > > > ---=20 > > > -1.9.3 > > > - > > > - > > > -From 044ca24f9d8a3bf57d6981c89e6dcc5e4477059d Mon Sep 17 00:00:00 20= 01 > > > -From: Stefan Metzmacher > > > -Date: Fri, 3 Jan 2014 22:41:33 +0100 > > > -Subject: [PATCH 155/249] s3:rpc_client: implement > > > - DCERPC_PFC_FLAG_SUPPORT_HEADER_SIGN > > > - > > > -Signed-off-by: Stefan Metzmacher > > > -Reviewed-by: Andrew Bartlett > > > -(cherry picked from commit 61bdbc23cd09a594a63f49ff8626934c85a8e51a) > > > ---- > > > - source3/librpc/rpc/dcerpc.h | 4 +++- > > > - source3/rpc_client/cli_pipe.c | 44 ++++++++++++++++++++++++++++++++= +++++------ > > > - 2 files changed, 41 insertions(+), 7 deletions(-) > > > - > > > -diff --git a/source3/librpc/rpc/dcerpc.h b/source3/librpc/rpc/dcerpc= =2Eh > > > -index b18b7ba..aaf8d68 100644 > > > ---- a/source3/librpc/rpc/dcerpc.h > > > -+++ b/source3/librpc/rpc/dcerpc.h > > > -@@ -39,7 +39,9 @@ struct NL_AUTH_MESSAGE; > > > - struct pipe_auth_data { > > > - enum dcerpc_AuthType auth_type; > > > - enum dcerpc_AuthLevel auth_level; > > > --=09 > > > -+ bool client_hdr_signing; > > > -+ bool hdr_signing; > > > -+ > > > - void *auth_ctx; > > > -=20 > > > - /* Only the client code uses these 3 for now */ > > > -diff --git a/source3/rpc_client/cli_pipe.c b/source3/rpc_client/cli_= pipe.c > > > -index b142774..1cab580 100644 > > > ---- a/source3/rpc_client/cli_pipe.c > > > -+++ b/source3/rpc_client/cli_pipe.c > > > -@@ -1002,16 +1002,31 @@ static NTSTATUS rpc_api_pipe_recv(struct tev= ent_req *req, TALLOC_CTX *mem_ctx, > > > -=20 > > > - static NTSTATUS create_generic_auth_rpc_bind_req(struct rpc_pipe_cl= ient *cli, > > > - TALLOC_CTX *mem_ctx, > > > -- DATA_BLOB *auth_token) > > > -+ DATA_BLOB *auth_token, > > > -+ bool *client_hdr_signing) > > > - { > > > - struct gensec_security *gensec_security; > > > - DATA_BLOB null_blob =3D data_blob_null; > > > -+ NTSTATUS status; > > > -=20 > > > - gensec_security =3D talloc_get_type_abort(cli->auth->auth_ctx, > > > - struct gensec_security); > > > -=20 > > > - DEBUG(5, ("create_generic_auth_rpc_bind_req: generate first token\= n")); > > > -- return gensec_update(gensec_security, mem_ctx, NULL, null_blob, au= th_token); > > > -+ status =3D gensec_update(gensec_security, mem_ctx, NULL, null_blob= , auth_token); > > > -+ > > > -+ if (!NT_STATUS_IS_OK(status) && > > > -+ !NT_STATUS_EQUAL(status, NT_STATUS_MORE_PROCESSING_REQUIRED)) > > > -+ { > > > -+ return status; > > > -+ } > > > -+ > > > -+ if (client_hdr_signing !=3D NULL) { > > > -+ *client_hdr_signing =3D gensec_have_feature(gensec_security, > > > -+ GENSEC_FEATURE_SIGN_PKT_HEADER); > > > -+ } > > > -+ > > > -+ return status; > > > - } > > > -=20 > > > - /******************************************************************* > > > -@@ -1024,17 +1039,23 @@ static NTSTATUS create_bind_or_alt_ctx_inter= nal(TALLOC_CTX *mem_ctx, > > > - const struct ndr_syntax_id *abstract, > > > - const struct ndr_syntax_id *transfer, > > > - const DATA_BLOB *auth_info, > > > -+ bool client_hdr_signing, > > > - DATA_BLOB *blob) > > > - { > > > - uint16 auth_len =3D auth_info->length; > > > - NTSTATUS status; > > > - union dcerpc_payload u; > > > - struct dcerpc_ctx_list ctx_list; > > > -+ uint8_t pfc_flags =3D DCERPC_PFC_FLAG_FIRST | DCERPC_PFC_FLAG_LAST; > > > -=20 > > > - if (auth_len) { > > > - auth_len -=3D DCERPC_AUTH_TRAILER_LENGTH; > > > - } > > > -=20 > > > -+ if (client_hdr_signing) { > > > -+ pfc_flags |=3D DCERPC_PFC_FLAG_SUPPORT_HEADER_SIGN; > > > -+ } > > > -+ > > > - ctx_list.context_id =3D 0; > > > - ctx_list.num_transfer_syntaxes =3D 1; > > > - ctx_list.abstract_syntax =3D *abstract; > > > -@@ -1048,9 +1069,7 @@ static NTSTATUS create_bind_or_alt_ctx_interna= l(TALLOC_CTX *mem_ctx, > > > - u.bind.auth_info =3D *auth_info; > > > -=20 > > > - status =3D dcerpc_push_ncacn_packet(mem_ctx, > > > -- ptype, > > > -- DCERPC_PFC_FLAG_FIRST | > > > -- DCERPC_PFC_FLAG_LAST, > > > -+ ptype, pfc_flags, > > > - auth_len, > > > - rpc_call_id, > > > - &u, > > > -@@ -1084,7 +1103,9 @@ static NTSTATUS create_rpc_bind_req(TALLOC_CTX= *mem_ctx, > > > - case DCERPC_AUTH_TYPE_NTLMSSP: > > > - case DCERPC_AUTH_TYPE_KRB5: > > > - case DCERPC_AUTH_TYPE_SPNEGO: > > > -- ret =3D create_generic_auth_rpc_bind_req(cli, mem_ctx, &auth_toke= n); > > > -+ ret =3D create_generic_auth_rpc_bind_req(cli, mem_ctx, > > > -+ &auth_token, > > > -+ &auth->client_hdr_signing); > > > -=20 > > > - if (!NT_STATUS_IS_OK(ret) && > > > - !NT_STATUS_EQUAL(ret, NT_STATUS_MORE_PROCESSING_REQUIRED)) { > > > -@@ -1126,6 +1147,7 @@ static NTSTATUS create_rpc_bind_req(TALLOC_CTX= *mem_ctx, > > > - abstract, > > > - transfer, > > > - &auth_info, > > > -+ auth->client_hdr_signing, > > > - rpc_out); > > > - return ret; > > > - } > > > -@@ -1507,6 +1529,7 @@ static NTSTATUS create_rpc_alter_context(TALLO= C_CTX *mem_ctx, > > > - abstract, > > > - transfer, > > > - &auth_info, > > > -+ false, /* client_hdr_signing */ > > > - rpc_out); > > > - data_blob_free(&auth_info); > > > - return status; > > > -@@ -1676,6 +1699,15 @@ static void rpc_pipe_bind_step_one_done(struc= t tevent_req *subreq) > > > - case DCERPC_AUTH_TYPE_SPNEGO: > > > - gensec_security =3D talloc_get_type_abort(pauth->auth_ctx, > > > - struct gensec_security); > > > -+ > > > -+ if (pkt->pfc_flags & DCERPC_PFC_FLAG_SUPPORT_HEADER_SIGN) { > > > -+ if (pauth->client_hdr_signing) { > > > -+ pauth->hdr_signing =3D true; > > > -+ gensec_want_feature(gensec_security, > > > -+ GENSEC_FEATURE_SIGN_PKT_HEADER); > > > -+ } > > > -+ } > > > -+ > > > - status =3D gensec_update(gensec_security, state, NULL, > > > - auth.credentials, &auth_token); > > > - if (NT_STATUS_EQUAL(status, > > > ---=20 > > > -1.9.3 > > > - > > > - > > > -From 472b11d1b0fdbb1ca61e64979e4b5fd7dc1756a5 Mon Sep 17 00:00:00 20= 01 > > > -From: Stefan Metzmacher > > > -Date: Fri, 3 Jan 2014 22:56:03 +0100 > > > -Subject: [PATCH 156/249] s3:rpc_server: add support for > > > - DCERPC_PFC_FLAG_SUPPORT_HEADER_SIGN > > > - > > > -If the backend supports it there's no reason to avoid it. > > > - > > > -Signed-off-by: Stefan Metzmacher > > > -Reviewed-by: Andrew Bartlett > > > -(cherry picked from commit 523d616268af5f94e11c863f9acdebabace80608) > > > ---- > > > - source3/rpc_server/srv_pipe.c | 25 ++++++++++++++++++++++--- > > > - 1 file changed, 22 insertions(+), 3 deletions(-) > > > - > > > -diff --git a/source3/rpc_server/srv_pipe.c b/source3/rpc_server/srv_= pipe.c > > > -index 5f834fb..f572819 100644 > > > ---- a/source3/rpc_server/srv_pipe.c > > > -+++ b/source3/rpc_server/srv_pipe.c > > > -@@ -42,6 +42,7 @@ > > > - #include "rpc_server/rpc_contexts.h" > > > - #include "lib/param/param.h" > > > - #include "librpc/ndr/ndr_table.h" > > > -+#include "auth/gensec/gensec.h" > > > -=20 > > > - #undef DBGC_CLASS > > > - #define DBGC_CLASS DBGC_RPC_SRV > > > -@@ -418,10 +419,11 @@ bool is_known_pipename(const char *pipename, s= truct ndr_syntax_id *syntax) > > > - *******************************************************************/ > > > -=20 > > > - static bool pipe_auth_generic_bind(struct pipes_struct *p, > > > -- TALLOC_CTX *mem_ctx, > > > -+ struct ncacn_packet *pkt, > > > - struct dcerpc_auth *auth_info, > > > - DATA_BLOB *response) > > > - { > > > -+ TALLOC_CTX *mem_ctx =3D pkt; > > > - struct gensec_security *gensec_security =3D NULL; > > > - NTSTATUS status; > > > -=20 > > > -@@ -444,6 +446,17 @@ static bool pipe_auth_generic_bind(struct pipes= _struct *p, > > > - p->auth.auth_ctx =3D gensec_security; > > > - p->auth.auth_type =3D auth_info->auth_type; > > > -=20 > > > -+ if (pkt->pfc_flags & DCERPC_PFC_FLAG_SUPPORT_HEADER_SIGN) { > > > -+ p->auth.client_hdr_signing =3D true; > > > -+ p->auth.hdr_signing =3D gensec_have_feature(gensec_security, > > > -+ GENSEC_FEATURE_SIGN_PKT_HEADER); > > > -+ } > > > -+ > > > -+ if (p->auth.hdr_signing) { > > > -+ gensec_want_feature(gensec_security, > > > -+ GENSEC_FEATURE_SIGN_PKT_HEADER); > > > -+ } > > > -+ > > > - return true; > > > - } > > > -=20 > > > -@@ -548,6 +561,7 @@ static bool api_pipe_bind_req(struct pipes_struc= t *p, > > > - unsigned int auth_type =3D DCERPC_AUTH_TYPE_NONE; > > > - NTSTATUS status; > > > - struct ndr_syntax_id id; > > > -+ uint8_t pfc_flags =3D 0; > > > - union dcerpc_payload u; > > > - struct dcerpc_ack_ctx bind_ack_ctx; > > > - DATA_BLOB auth_resp =3D data_blob_null; > > > -@@ -792,10 +806,15 @@ static bool api_pipe_bind_req(struct pipes_str= uct *p, > > > - * header and are never sending more than one PDU here. > > > - */ > > > -=20 > > > -+ pfc_flags =3D DCERPC_PFC_FLAG_FIRST | DCERPC_PFC_FLAG_LAST; > > > -+ > > > -+ if (p->auth.hdr_signing) { > > > -+ pfc_flags |=3D DCERPC_PFC_FLAG_SUPPORT_HEADER_SIGN; > > > -+ } > > > -+ > > > - status =3D dcerpc_push_ncacn_packet(p->mem_ctx, > > > - DCERPC_PKT_BIND_ACK, > > > -- DCERPC_PFC_FLAG_FIRST | > > > -- DCERPC_PFC_FLAG_LAST, > > > -+ pfc_flags, > > > - auth_resp.length, > > > - pkt->call_id, > > > - &u, > > > ---=20 > > > -1.9.3 > > > - > > > - > > > -From 4e6bea89ffcca074e0320b98e65485f348a469a5 Mon Sep 17 00:00:00 20= 01 > > > -From: Stefan Metzmacher > > > -Date: Fri, 3 Jan 2014 09:25:23 +0100 > > > -Subject: [PATCH 157/249] librpc/ndr: add > > > - LIBNDR_FLAG_SUBCONTEXT_NO_UNREAD_BYTES > > > - > > > -This lets ndr_pull_subcontext_end() make sure that all > > > -subcontext bytes are consumed otherwise it returns NDR_ERR_UNREAD_BY= TES. > > > - > > > -Signed-off-by: Stefan Metzmacher > > > -Reviewed-by: Andrew Bartlett > > > -(cherry picked from commit b62308ed994e9734dfd934d230531010d9e7cefa) > > > ---- > > > - librpc/idl/idl_types.h | 2 ++ > > > - librpc/ndr/libndr.h | 6 ++++++ > > > - librpc/ndr/ndr.c | 20 ++++++++++++++++++++ > > > - 3 files changed, 28 insertions(+) > > > - > > > -diff --git a/librpc/idl/idl_types.h b/librpc/idl/idl_types.h > > > -index c50efac..838c219 100644 > > > ---- a/librpc/idl/idl_types.h > > > -+++ b/librpc/idl/idl_types.h > > > -@@ -53,3 +53,5 @@ > > > -=20 > > > - #define NDR_RELATIVE_REVERSE LIBNDR_FLAG_RELATIVE_REVERSE > > > - #define NDR_NO_RELATIVE_REVERSE LIBNDR_FLAG_NO_RELATIVE_REVERSE > > > -+ > > > -+#define NDR_SUBCONTEXT_NO_UNREAD_BYTES LIBNDR_FLAG_SUBCONTEXT_NO_UN= READ_BYTES > > > -diff --git a/librpc/ndr/libndr.h b/librpc/ndr/libndr.h > > > -index a950519..8070c3c 100644 > > > ---- a/librpc/ndr/libndr.h > > > -+++ b/librpc/ndr/libndr.h > > > -@@ -123,6 +123,12 @@ struct ndr_print { > > > - #define LIBNDR_FLAG_STR_RAW8 (1<<13) > > > - #define LIBNDR_STRING_FLAGS (0x7FFC) > > > -=20 > > > -+/* > > > -+ * This lets ndr_pull_subcontext_end() return > > > -+ * NDR_ERR_UNREAD_BYTES. > > > -+ */ > > > -+#define LIBNDR_FLAG_SUBCONTEXT_NO_UNREAD_BYTES (1<<17) > > > -+ > > > - /* set if relative pointers should *not* be marshalled in reverse o= rder */ > > > - #define LIBNDR_FLAG_NO_RELATIVE_REVERSE (1<<18) > > > -=20 > > > -diff --git a/librpc/ndr/ndr.c b/librpc/ndr/ndr.c > > > -index e86cf2f..15a7f12 100644 > > > ---- a/librpc/ndr/ndr.c > > > -+++ b/librpc/ndr/ndr.c > > > -@@ -638,6 +638,8 @@ _PUBLIC_ enum ndr_err_code ndr_pull_subcontext_e= nd(struct ndr_pull *ndr, > > > - ssize_t size_is) > > > - { > > > - uint32_t advance; > > > -+ uint32_t highest_ofs; > > > -+ > > > - if (size_is >=3D 0) { > > > - advance =3D size_is; > > > - } else if (header_size > 0) { > > > -@@ -645,6 +647,24 @@ _PUBLIC_ enum ndr_err_code ndr_pull_subcontext_= end(struct ndr_pull *ndr, > > > - } else { > > > - advance =3D subndr->offset; > > > - } > > > -+ > > > -+ if (subndr->offset > ndr->relative_highest_offset) { > > > -+ highest_ofs =3D subndr->offset; > > > -+ } else { > > > -+ highest_ofs =3D subndr->relative_highest_offset; > > > -+ } > > > -+ if (!(subndr->flags & LIBNDR_FLAG_SUBCONTEXT_NO_UNREAD_BYTES)) { > > > -+ /* > > > -+ * avoid an error unless SUBCONTEXT_NO_UNREAD_BYTES is specified > > > -+ */ > > > -+ highest_ofs =3D advance; > > > -+ } > > > -+ if (highest_ofs < advance) { > > > -+ return ndr_pull_error(subndr, NDR_ERR_UNREAD_BYTES, > > > -+ "not all bytes consumed ofs[%u] advance[%u]", > > > -+ highest_ofs, advance); > > > -+ } > > > -+ > > > - NDR_CHECK(ndr_pull_advance(ndr, advance)); > > > - return NDR_ERR_SUCCESS; > > > - } > > > ---=20 > > > -1.9.3 > > > - > > > - > > > -From 5960d93d9cddca327ad8d24a41c64421ac6bb561 Mon Sep 17 00:00:00 20= 01 > > > -From: Stefan Metzmacher > > > -Date: Fri, 3 Jan 2014 15:06:23 +0100 > > > -Subject: [PATCH 158/249] dcerpc.idl: add documentation references > > > - > > > -To [C706 - DCE 1.1: Remote Procedure Call] and [MS-RPCE]. > > > - > > > -Signed-off-by: Stefan Metzmacher > > > -Reviewed-by: Andrew Bartlett > > > -(cherry picked from commit 66c39420e29e7c257d9cdc5d04c061472bbefd19) > > > ---- > > > - librpc/idl/dcerpc.idl | 13 +++++++++++-- > > > - 1 file changed, 11 insertions(+), 2 deletions(-) > > > - > > > -diff --git a/librpc/idl/dcerpc.idl b/librpc/idl/dcerpc.idl > > > -index 86f22a4..23cac89 100644 > > > ---- a/librpc/idl/dcerpc.idl > > > -+++ b/librpc/idl/dcerpc.idl > > > -@@ -5,8 +5,17 @@ > > > - but given that pidl can handle it nicely it simplifies things a l= ot > > > - to do it this way > > > -=20 > > > -- see http://www.opengroup.org/onlinepubs/9629399/chap12.htm for pa= cket > > > -- layouts > > > -+ See [C706 - DCE 1.1: Remote Procedure Call] for the OpenGroup > > > -+ DCERPC specification: > > > -+ http://pubs.opengroup.org/onlinepubs/9629399/toc.htm > > > -+ > > > -+ See C706 - Chapter 12: RPC PDU Encodings for packet layouts: > > > -+ http://www.opengroup.org/onlinepubs/9629399/chap12.htm > > > -+ > > > -+ See also [MS-RPCE] for the Microsoft > > > -+ "Remote Procedure Call Protocol Extensions". > > > -+ http://msdn.microsoft.com/en-us/library/cc243560.aspx > > > -+ > > > - */ > > > - import "misc.idl"; > > > -=20 > > > ---=20 > > > -1.9.3 > > > - > > > - > > > -From 812cb7e6010b39fb752cf85026fd8d8a5dccbb39 Mon Sep 17 00:00:00 20= 01 > > > -From: Stefan Metzmacher > > > -Date: Thu, 2 Jan 2014 11:18:38 +0100 > > > -Subject: [PATCH 159/249] dcerpc.idl: add dcerpc_sec_verification_tra= iler > > > - > > > -See [MS-RPCE] 2.2.2.13 Verification Trailer for details. > > > - > > > -Pair-Programmed-With: Gregor Beck > > > - > > > -Signed-off-by: Gregor Beck > > > -Signed-off-by: Stefan Metzmacher > > > -Reviewed-by: Andrew Bartlett > > > -(cherry picked from commit c0dc2fb7e1dadcef35a132040448cb27ff1d5bfa) > > > ---- > > > - librpc/idl/dcerpc.idl | 67 ++++++++++++++++++++++++++++++++++++++= +++++++++++ > > > - librpc/ndr/ndr_dcerpc.c | 66 ++++++++++++++++++++++++++++++++++++++= ++++++++++ > > > - librpc/wscript_build | 2 +- > > > - 3 files changed, 134 insertions(+), 1 deletion(-) > > > - create mode 100644 librpc/ndr/ndr_dcerpc.c > > > - > > > -diff --git a/librpc/idl/dcerpc.idl b/librpc/idl/dcerpc.idl > > > -index 23cac89..8e9be0e 100644 > > > ---- a/librpc/idl/dcerpc.idl > > > -+++ b/librpc/idl/dcerpc.idl > > > -@@ -19,6 +19,8 @@ > > > - */ > > > - import "misc.idl"; > > > -=20 > > > -+cpp_quote("extern const uint8_t DCERPC_SEC_VT_MAGIC[8];") > > > -+ > > > - interface dcerpc > > > - { > > > - typedef struct { > > > -@@ -514,4 +516,69 @@ interface dcerpc > > > - uint8 serial_low; > > > - [switch_is(ptype)] dcerpc_payload u; > > > - } ncadg_packet; > > > -+ > > > -+ typedef [bitmap16bit] bitmap { > > > -+ DCERPC_SEC_VT_COMMAND_ENUM =3D 0x3FFF, > > > -+ DCERPC_SEC_VT_COMMAND_END =3D 0x4000, > > > -+ DCERPC_SEC_VT_MUST_PROCESS =3D 0x8000 > > > -+ } dcerpc_sec_vt_command; > > > -+ > > > -+ typedef [enum16bit] enum { > > > -+ DCERPC_SEC_VT_COMMAND_BITMASK1 =3D 0x0001, > > > -+ DCERPC_SEC_VT_COMMAND_PCONTEXT =3D 0x0002, > > > -+ DCERPC_SEC_VT_COMMAND_HEADER2 =3D 0x0003 > > > -+ } dcerpc_sec_vt_command_enum; > > > -+ > > > -+ typedef [bitmap32bit] bitmap { > > > -+ DCERPC_SEC_VT_CLIENT_SUPPORTS_HEADER_SIGNING =3D 0x00000001 > > > -+ } dcerpc_sec_vt_bitmask1; > > > -+ > > > -+ typedef struct { > > > -+ ndr_syntax_id abstract_syntax; > > > -+ ndr_syntax_id transfer_syntax; > > > -+ } dcerpc_sec_vt_pcontext; > > > -+ > > > -+ typedef struct { > > > -+ dcerpc_pkt_type ptype; /* Packet type */ > > > -+ [value(0)] uint8 reserved1; > > > -+ [value(0)] uint16 reserved2; > > > -+ uint8 drep[4]; /* NDR data representation */ > > > -+ uint32 call_id; /* Call identifier */ > > > -+ uint16 context_id; > > > -+ uint16 opnum; > > > -+ } dcerpc_sec_vt_header2; > > > -+ > > > -+ typedef [switch_type(dcerpc_sec_vt_command_enum),nodiscriminant] u= nion { > > > -+ [case(DCERPC_SEC_VT_COMMAND_BITMASK1)] dcerpc_sec_vt_bitmask1 bitm= ask1; > > > -+ [case(DCERPC_SEC_VT_COMMAND_PCONTEXT)] dcerpc_sec_vt_pcontext pcon= text; > > > -+ [case(DCERPC_SEC_VT_COMMAND_HEADER2)] dcerpc_sec_vt_header2 header= 2; > > > -+ [default,flag(NDR_REMAINING)] DATA_BLOB _unknown; > > > -+ } dcerpc_sec_vt_union; > > > -+ > > > -+ typedef struct { > > > -+ dcerpc_sec_vt_command command; > > > -+ [switch_is(command & DCERPC_SEC_VT_COMMAND_ENUM)] > > > -+ [subcontext(2),flag(NDR_SUBCONTEXT_NO_UNREAD_BYTES)] > > > -+ dcerpc_sec_vt_union u; > > > -+ } dcerpc_sec_vt; > > > -+ > > > -+ typedef [public,nopush,nopull] struct { > > > -+ uint16 count; > > > -+ } dcerpc_sec_vt_count; > > > -+ > > > -+ /* > > > -+ * We assume that the whole verification trailer fits into > > > -+ * the last 1024 bytes after the stub data. > > > -+ * > > > -+ * There're currently only 3 commands defined and each should > > > -+ * only be used once. > > > -+ */ > > > -+ const uint16 DCERPC_SEC_VT_MAX_SIZE =3D 1024; > > > -+ > > > -+ typedef [public,flag(NDR_PAHEX)] struct { > > > -+ [flag(NDR_ALIGN4)] DATA_BLOB _pad; > > > -+ [value(DCERPC_SEC_VT_MAGIC)] uint8 magic[8]; > > > -+ dcerpc_sec_vt_count count; > > > -+ dcerpc_sec_vt commands[count.count]; > > > -+ } dcerpc_sec_verification_trailer; > > > - } > > > -diff --git a/librpc/ndr/ndr_dcerpc.c b/librpc/ndr/ndr_dcerpc.c > > > -new file mode 100644 > > > -index 0000000..88a7f38 > > > ---- /dev/null > > > -+++ b/librpc/ndr/ndr_dcerpc.c > > > -@@ -0,0 +1,66 @@ > > > -+/* > > > -+ Unix SMB/CIFS implementation. > > > -+ > > > -+ Manually parsed structures found in the DCERPC protocol > > > -+ > > > -+ Copyright (C) Stefan Metzmacher 2014 > > > -+ Copyright (C) Gregor Beck 2014 > > > -+ > > > -+ This program is free software; you can redistribute it and/or mo= dify > > > -+ it under the terms of the GNU General Public License as publishe= d by > > > -+ the Free Software Foundation; either version 3 of the License, or > > > -+ (at your option) any later version. > > > -+ > > > -+ This program is distributed in the hope that it will be useful, > > > -+ but WITHOUT ANY WARRANTY; without even the implied warranty of > > > -+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the > > > -+ GNU General Public License for more details. > > > -+ > > > -+ You should have received a copy of the GNU General Public License > > > -+ along with this program. If not, see . > > > -+*/ > > > -+ > > > -+#include "includes.h" > > > -+#include "bin/default/librpc/gen_ndr/ndr_dcerpc.h" > > > -+ > > > -+#include "librpc/gen_ndr/ndr_misc.h" > > > -+ > > > -+const uint8_t DCERPC_SEC_VT_MAGIC[] =3D {0x8a,0xe3,0x13,0x71,0x02,0= xf4,0x36,0x71}; > > > -+ > > > -+_PUBLIC_ enum ndr_err_code ndr_push_dcerpc_sec_vt_count(struct ndr_= push *ndr, int ndr_flags, const struct dcerpc_sec_vt_count *r) > > > -+{ > > > -+ NDR_PUSH_CHECK_FLAGS(ndr, ndr_flags); > > > -+ /* nothing */ > > > -+ return NDR_ERR_SUCCESS; > > > -+} > > > -+ > > > -+_PUBLIC_ enum ndr_err_code ndr_pull_dcerpc_sec_vt_count(struct ndr_= pull *ndr, int ndr_flags, struct dcerpc_sec_vt_count *r) > > > -+{ > > > -+ uint32_t _saved_ofs =3D ndr->offset; > > > -+ > > > -+ NDR_PULL_CHECK_FLAGS(ndr, ndr_flags); > > > -+ > > > -+ if (!(ndr_flags & NDR_SCALARS)) { > > > -+ return NDR_ERR_SUCCESS; > > > -+ } > > > -+ > > > -+ r->count =3D 0; > > > -+ > > > -+ while (true) { > > > -+ uint16_t command; > > > -+ uint16_t length; > > > -+ > > > -+ NDR_CHECK(ndr_pull_uint16(ndr, NDR_SCALARS, &command)); > > > -+ NDR_CHECK(ndr_pull_uint16(ndr, NDR_SCALARS, &length)); > > > -+ NDR_CHECK(ndr_pull_advance(ndr, length)); > > > -+ > > > -+ r->count +=3D 1; > > > -+ > > > -+ if (command & DCERPC_SEC_VT_COMMAND_END) { > > > -+ break; > > > -+ } > > > -+ } > > > -+ > > > -+ ndr->offset =3D _saved_ofs; > > > -+ return NDR_ERR_SUCCESS; > > > -+} > > > -diff --git a/librpc/wscript_build b/librpc/wscript_build > > > -index 2017a29..a5cf687 100644 > > > ---- a/librpc/wscript_build > > > -+++ b/librpc/wscript_build > > > -@@ -301,7 +301,7 @@ bld.SAMBA_SUBSYSTEM('NDR_FSRVP', > > > - ) > > > -=20 > > > - bld.SAMBA_SUBSYSTEM('NDR_DCERPC', > > > -- source=3D'gen_ndr/ndr_dcerpc.c', > > > -+ source=3D'gen_ndr/ndr_dcerpc.c ndr/ndr_dcerpc.c', > > > - public_deps=3D'ndr', > > > - public_headers=3D'gen_ndr/ndr_dcerpc.h gen_ndr/dcerpc.h', > > > - header_path=3D [ ('*gen_ndr*', 'gen_ndr') ], > > > ---=20 > > > -1.9.3 > > > - > > > - > > > -From 3480b809bd9426ce6b976b9965a54de32d246a66 Mon Sep 17 00:00:00 20= 01 > > > -From: Stefan Metzmacher > > > -Date: Sun, 5 Jan 2014 07:57:51 +0100 > > > -Subject: [PATCH 160/249] s3:rpc_client: fill alloc_hint with the rem= aining > > > - data not the total data. > > > - > > > -Signed-off-by: Stefan Metzmacher > > > -Reviewed-by: Andrew Bartlett > > > -(cherry picked from commit f0532fe0cd69aeb161088ca990d376f119102e61) > > > ---- > > > - source3/rpc_client/cli_pipe.c | 2 +- > > > - 1 file changed, 1 insertion(+), 1 deletion(-) > > > - > > > -diff --git a/source3/rpc_client/cli_pipe.c b/source3/rpc_client/cli_= pipe.c > > > -index 1cab580..5edd897 100644 > > > ---- a/source3/rpc_client/cli_pipe.c > > > -+++ b/source3/rpc_client/cli_pipe.c > > > -@@ -1277,7 +1277,7 @@ static NTSTATUS prepare_next_frag(struct rpc_a= pi_pipe_req_state *state, > > > -=20 > > > - ZERO_STRUCT(u.request); > > > -=20 > > > -- u.request.alloc_hint =3D state->req_data->length; > > > -+ u.request.alloc_hint =3D data_left; > > > - u.request.context_id =3D 0; > > > - u.request.opnum =3D state->op_num; > > > -=20 > > > ---=20 > > > -1.9.3 > > > - > > > - > > > -From bd675cd6e4848bee8798dacf1768556de48f3112 Mon Sep 17 00:00:00 20= 01 > > > -From: Stefan Metzmacher > > > -Date: Sun, 5 Jan 2014 08:12:45 +0100 > > > -Subject: [PATCH 161/249] s3:rpc_client: send a dcerpc_sec_verificati= on_trailer > > > - if needed > > > - > > > -Signed-off-by: Stefan Metzmacher > > > -Reviewed-by: Andrew Bartlett > > > - > > > -Autobuild-User(master): Stefan Metzmacher > > > -Autobuild-Date(master): Tue Jan 7 02:24:42 CET 2014 on sn-devel-104 > > > -(cherry picked from commit 6ab9164c74e0ad57bdde8abb568953026b644e27) > > > ---- > > > - source3/librpc/rpc/dcerpc.h | 1 + > > > - source3/rpc_client/cli_pipe.c | 202 +++++++++++++++++++++++++++++= +++++++++-- > > > - source3/rpc_client/rpc_client.h | 1 + > > > - 3 files changed, 194 insertions(+), 10 deletions(-) > > > - > > > -diff --git a/source3/librpc/rpc/dcerpc.h b/source3/librpc/rpc/dcerpc= =2Eh > > > -index aaf8d68..9d0f861 100644 > > > ---- a/source3/librpc/rpc/dcerpc.h > > > -+++ b/source3/librpc/rpc/dcerpc.h > > > -@@ -41,6 +41,7 @@ struct pipe_auth_data { > > > - enum dcerpc_AuthLevel auth_level; > > > - bool client_hdr_signing; > > > - bool hdr_signing; > > > -+ bool verified_bitmask1; > > > -=20 > > > - void *auth_ctx; > > > -=20 > > > -diff --git a/source3/rpc_client/cli_pipe.c b/source3/rpc_client/cli_= pipe.c > > > -index 5edd897..a45023f 100644 > > > ---- a/source3/rpc_client/cli_pipe.c > > > -+++ b/source3/rpc_client/cli_pipe.c > > > -@@ -1166,12 +1166,17 @@ struct rpc_api_pipe_req_state { > > > - uint32_t call_id; > > > - const DATA_BLOB *req_data; > > > - uint32_t req_data_sent; > > > -+ DATA_BLOB req_trailer; > > > -+ uint32_t req_trailer_sent; > > > -+ bool verify_bitmask1; > > > -+ bool verify_pcontext; > > > - DATA_BLOB rpc_out; > > > - DATA_BLOB reply_pdu; > > > - }; > > > -=20 > > > - static void rpc_api_pipe_req_write_done(struct tevent_req *subreq); > > > - static void rpc_api_pipe_req_done(struct tevent_req *subreq); > > > -+static NTSTATUS prepare_verification_trailer(struct rpc_api_pipe_re= q_state *state); > > > - static NTSTATUS prepare_next_frag(struct rpc_api_pipe_req_state *st= ate, > > > - bool *is_last_frag); > > > -=20 > > > -@@ -1207,6 +1212,11 @@ static struct tevent_req *rpc_api_pipe_req_se= nd(TALLOC_CTX *mem_ctx, > > > - goto post_status; > > > - } > > > -=20 > > > -+ status =3D prepare_verification_trailer(state); > > > -+ if (!NT_STATUS_IS_OK(status)) { > > > -+ goto post_status; > > > -+ } > > > -+ > > > - status =3D prepare_next_frag(state, &is_last_frag); > > > - if (!NT_STATUS_IS_OK(status)) { > > > - goto post_status; > > > -@@ -1241,25 +1251,164 @@ static struct tevent_req *rpc_api_pipe_req_= send(TALLOC_CTX *mem_ctx, > > > - return NULL; > > > - } > > > -=20 > > > -+static NTSTATUS prepare_verification_trailer(struct rpc_api_pipe_re= q_state *state) > > > -+{ > > > -+ struct pipe_auth_data *a =3D state->cli->auth; > > > -+ struct dcerpc_sec_verification_trailer *t; > > > -+ struct dcerpc_sec_vt *c =3D NULL; > > > -+ struct ndr_push *ndr =3D NULL; > > > -+ enum ndr_err_code ndr_err; > > > -+ size_t align =3D 0; > > > -+ size_t pad =3D 0; > > > -+ > > > -+ if (a =3D=3D NULL) { > > > -+ return NT_STATUS_OK; > > > -+ } > > > -+ > > > -+ if (a->auth_level < DCERPC_AUTH_LEVEL_INTEGRITY) { > > > -+ return NT_STATUS_OK; > > > -+ } > > > -+ > > > -+ t =3D talloc_zero(state, struct dcerpc_sec_verification_trailer); > > > -+ if (t =3D=3D NULL) { > > > -+ return NT_STATUS_NO_MEMORY; > > > -+ } > > > -+ > > > -+ if (!a->verified_bitmask1) { > > > -+ t->commands =3D talloc_realloc(t, t->commands, > > > -+ struct dcerpc_sec_vt, > > > -+ t->count.count + 1); > > > -+ if (t->commands =3D=3D NULL) { > > > -+ return NT_STATUS_NO_MEMORY; > > > -+ } > > > -+ c =3D &t->commands[t->count.count++]; > > > -+ ZERO_STRUCTP(c); > > > -+ > > > -+ c->command =3D DCERPC_SEC_VT_COMMAND_BITMASK1; > > > -+ if (a->client_hdr_signing) { > > > -+ c->u.bitmask1 =3D DCERPC_SEC_VT_CLIENT_SUPPORTS_HEADER_SIGNING; > > > -+ } > > > -+ state->verify_bitmask1 =3D true; > > > -+ } > > > -+ > > > -+ if (!state->cli->verified_pcontext) { > > > -+ t->commands =3D talloc_realloc(t, t->commands, > > > -+ struct dcerpc_sec_vt, > > > -+ t->count.count + 1); > > > -+ if (t->commands =3D=3D NULL) { > > > -+ return NT_STATUS_NO_MEMORY; > > > -+ } > > > -+ c =3D &t->commands[t->count.count++]; > > > -+ ZERO_STRUCTP(c); > > > -+ > > > -+ c->command =3D DCERPC_SEC_VT_COMMAND_PCONTEXT; > > > -+ c->u.pcontext.abstract_syntax =3D state->cli->abstract_syntax; > > > -+ c->u.pcontext.transfer_syntax =3D state->cli->transfer_syntax; > > > -+ > > > -+ state->verify_pcontext =3D true; > > > -+ } > > > -+ > > > -+ if (!a->hdr_signing) { > > > -+ t->commands =3D talloc_realloc(t, t->commands, > > > -+ struct dcerpc_sec_vt, > > > -+ t->count.count + 1); > > > -+ if (t->commands =3D=3D NULL) { > > > -+ return NT_STATUS_NO_MEMORY; > > > -+ } > > > -+ c =3D &t->commands[t->count.count++]; > > > -+ ZERO_STRUCTP(c); > > > -+ > > > -+ c->command =3D DCERPC_SEC_VT_COMMAND_HEADER2; > > > -+ c->u.header2.ptype =3D DCERPC_PKT_REQUEST; > > > -+ c->u.header2.drep[0] =3D DCERPC_DREP_LE; > > > -+ c->u.header2.drep[1] =3D 0; > > > -+ c->u.header2.drep[2] =3D 0; > > > -+ c->u.header2.drep[3] =3D 0; > > > -+ c->u.header2.call_id =3D state->call_id; > > > -+ c->u.header2.context_id =3D 0; > > > -+ c->u.header2.opnum =3D state->op_num; > > > -+ } > > > -+ > > > -+ if (t->count.count =3D=3D 0) { > > > -+ TALLOC_FREE(t); > > > -+ return NT_STATUS_OK; > > > -+ } > > > -+ > > > -+ c =3D &t->commands[t->count.count - 1]; > > > -+ c->command |=3D DCERPC_SEC_VT_COMMAND_END; > > > -+ > > > -+ if (DEBUGLEVEL >=3D 10) { > > > -+ NDR_PRINT_DEBUG(dcerpc_sec_verification_trailer, t); > > > -+ } > > > -+ > > > -+ ndr =3D ndr_push_init_ctx(state); > > > -+ if (ndr =3D=3D NULL) { > > > -+ return NT_STATUS_NO_MEMORY; > > > -+ } > > > -+ > > > -+ ndr_err =3D ndr_push_dcerpc_sec_verification_trailer(ndr, > > > -+ NDR_SCALARS | NDR_BUFFERS, > > > -+ t); > > > -+ if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) { > > > -+ return ndr_map_error2ntstatus(ndr_err); > > > -+ } > > > -+ state->req_trailer =3D ndr_push_blob(ndr); > > > -+ > > > -+ align =3D state->req_data->length & 0x3; > > > -+ if (align > 0) { > > > -+ pad =3D 4 - align; > > > -+ } > > > -+ if (pad > 0) { > > > -+ bool ok; > > > -+ uint8_t *p; > > > -+ const uint8_t zeros[4] =3D { 0, }; > > > -+ > > > -+ ok =3D data_blob_append(ndr, &state->req_trailer, zeros, pad); > > > -+ if (!ok) { > > > -+ return NT_STATUS_NO_MEMORY; > > > -+ } > > > -+ > > > -+ /* move the padding to the start */ > > > -+ p =3D state->req_trailer.data; > > > -+ memmove(p + pad, p, state->req_trailer.length - pad); > > > -+ memset(p, 0, pad); > > > -+ } > > > -+ > > > -+ return NT_STATUS_OK; > > > -+} > > > -+ > > > - static NTSTATUS prepare_next_frag(struct rpc_api_pipe_req_state *st= ate, > > > - bool *is_last_frag) > > > - { > > > -- size_t data_sent_thistime; > > > - size_t auth_len; > > > - size_t frag_len; > > > - uint8_t flags =3D 0; > > > - size_t pad_len; > > > - size_t data_left; > > > -+ size_t data_thistime; > > > -+ size_t trailer_left; > > > -+ size_t trailer_thistime =3D 0; > > > -+ size_t total_left; > > > -+ size_t total_thistime; > > > - NTSTATUS status; > > > -+ bool ok; > > > - union dcerpc_payload u; > > > -=20 > > > - data_left =3D state->req_data->length - state->req_data_sent; > > > -+ trailer_left =3D state->req_trailer.length - state->req_trailer_se= nt; > > > -+ total_left =3D data_left + trailer_left; > > > -+ if ((total_left < data_left) || (total_left < trailer_left)) { > > > -+ /* > > > -+ * overflow > > > -+ */ > > > -+ return NT_STATUS_INVALID_PARAMETER_MIX; > > > -+ } > > > -=20 > > > - status =3D dcerpc_guess_sizes(state->cli->auth, > > > -- DCERPC_REQUEST_LENGTH, data_left, > > > -+ DCERPC_REQUEST_LENGTH, total_left, > > > - state->cli->max_xmit_frag, > > > - CLIENT_NDR_PADDING_SIZE, > > > -- &data_sent_thistime, > > > -+ &total_thistime, > > > - &frag_len, &auth_len, &pad_len); > > > - if (!NT_STATUS_IS_OK(status)) { > > > - return status; > > > -@@ -1269,15 +1418,20 @@ static NTSTATUS prepare_next_frag(struct rpc= _api_pipe_req_state *state, > > > - flags =3D DCERPC_PFC_FLAG_FIRST; > > > - } > > > -=20 > > > -- if (data_sent_thistime =3D=3D data_left) { > > > -+ if (total_thistime =3D=3D total_left) { > > > - flags |=3D DCERPC_PFC_FLAG_LAST; > > > - } > > > -=20 > > > -+ data_thistime =3D MIN(total_thistime, data_left); > > > -+ if (data_thistime < total_thistime) { > > > -+ trailer_thistime =3D total_thistime - data_thistime; > > > -+ } > > > -+ > > > - data_blob_free(&state->rpc_out); > > > -=20 > > > - ZERO_STRUCT(u.request); > > > -=20 > > > -- u.request.alloc_hint =3D data_left; > > > -+ u.request.alloc_hint =3D total_left; > > > - u.request.context_id =3D 0; > > > - u.request.opnum =3D state->op_num; > > > -=20 > > > -@@ -1297,11 +1451,26 @@ static NTSTATUS prepare_next_frag(struct rpc= _api_pipe_req_state *state, > > > - * at this stage */ > > > - dcerpc_set_frag_length(&state->rpc_out, frag_len); > > > -=20 > > > -- /* Copy in the data. */ > > > -- if (!data_blob_append(NULL, &state->rpc_out, > > > -+ if (data_thistime > 0) { > > > -+ /* Copy in the data. */ > > > -+ ok =3D data_blob_append(NULL, &state->rpc_out, > > > - state->req_data->data + state->req_data_sent, > > > -- data_sent_thistime)) { > > > -- return NT_STATUS_NO_MEMORY; > > > -+ data_thistime); > > > -+ if (!ok) { > > > -+ return NT_STATUS_NO_MEMORY; > > > -+ } > > > -+ state->req_data_sent +=3D data_thistime; > > > -+ } > > > -+ > > > -+ if (trailer_thistime > 0) { > > > -+ /* Copy in the verification trailer. */ > > > -+ ok =3D data_blob_append(NULL, &state->rpc_out, > > > -+ state->req_trailer.data + state->req_trailer_sent, > > > -+ trailer_thistime); > > > -+ if (!ok) { > > > -+ return NT_STATUS_NO_MEMORY; > > > -+ } > > > -+ state->req_trailer_sent +=3D trailer_thistime; > > > - } > > > -=20 > > > - switch (state->cli->auth->auth_level) { > > > -@@ -1321,7 +1490,6 @@ static NTSTATUS prepare_next_frag(struct rpc_a= pi_pipe_req_state *state, > > > - return NT_STATUS_INVALID_PARAMETER; > > > - } > > > -=20 > > > -- state->req_data_sent +=3D data_sent_thistime; > > > - *is_last_frag =3D ((flags & DCERPC_PFC_FLAG_LAST) !=3D 0); > > > -=20 > > > - return status; > > > -@@ -1385,6 +1553,20 @@ static void rpc_api_pipe_req_done(struct teve= nt_req *subreq) > > > - tevent_req_nterror(req, status); > > > - return; > > > - } > > > -+ > > > -+ if (state->cli->auth =3D=3D NULL) { > > > -+ tevent_req_done(req); > > > -+ return; > > > -+ } > > > -+ > > > -+ if (state->verify_bitmask1) { > > > -+ state->cli->auth->verified_bitmask1 =3D true; > > > -+ } > > > -+ > > > -+ if (state->verify_pcontext) { > > > -+ state->cli->verified_pcontext =3D true; > > > -+ } > > > -+ > > > - tevent_req_done(req); > > > - } > > > -=20 > > > -diff --git a/source3/rpc_client/rpc_client.h b/source3/rpc_client/rp= c_client.h > > > -index 6561b28..8024f01 100644 > > > ---- a/source3/rpc_client/rpc_client.h > > > -+++ b/source3/rpc_client/rpc_client.h > > > -@@ -39,6 +39,7 @@ struct rpc_pipe_client { > > > -=20 > > > - struct ndr_syntax_id abstract_syntax; > > > - struct ndr_syntax_id transfer_syntax; > > > -+ bool verified_pcontext; > > > -=20 > > > - char *desthost; > > > - char *srv_name_slash; > > > ---=20 > > > -1.9.3 > > > - > > > - > > > -From 3df8f8c1dda254a85e4fa02b74d23a4802bc595c Mon Sep 17 00:00:00 20= 01 > > > -From: Stefan Metzmacher > > > -Date: Thu, 18 Apr 2013 19:16:42 +0200 > > > -Subject: [PATCH 162/249] libcli/auth: add netlogon_creds_cli* infras= tructure > > > - > > > -This provides an abstraction to hide netlogon_creds_CredentialState, > > > -which is stored in a node local tdb. > > > - > > > -Where the global state (netlogon_creds_CredentialState) between clie= nt and > > > -server was only kept in memory (on the client side), we now use > > > -the abstracted netlogon_creds_cli_context. > > > - > > > -We now use a node specific computer name in order to establish > > > -individual netlogon sessions per node. > > > - > > > -If the caller wants to use some netlogon calls with credential chain > > > -(struct netr_Authenticator), netlogon_creds_cli_lock*() is used > > > -to get the current netlogon_creds_CredentialState in a g_lock'ed > > > -fashion, a talloc_free() will release the lock. > > > - > > > -The locking is needed as there might be more than one process > > > -(multiple winbindd child, cmdline tools) which want to talk > > > -to a specific domain controller. The usage of netlogon_creds_Credent= ialState > > > -needs to be serialized as it uses sequence numbers. > > > - > > > -LogonSamLogonEx doesn't use the credential chain, but for some opera= tions > > > -it needs the global session in order to de/encrypt individual fields. > > > -It uses the lockless netlogon_creds_cli_get() and netlogon_creds_cli= _validate() > > > -functions, which just make sure the session hasn't changed between > > > -get and validate. > > > - > > > -This is prepares the proper fix for a large number of bugs: > > > -https://bugzilla.samba.org/show_bug.cgi?id=3D6563 > > > -https://bugzilla.samba.org/show_bug.cgi?id=3D7944 > > > -https://bugzilla.samba.org/show_bug.cgi?id=3D7945 > > > -https://bugzilla.samba.org/show_bug.cgi?id=3D7568 > > > -https://bugzilla.samba.org/show_bug.cgi?id=3D8599 > > > - > > > -Signed-off-by: Stefan Metzmacher > > > -Reviewed-by: Andrew Bartlett > > > -(cherry picked from commit 6e6d9f9f12284ed06a21cc02080e436b7326065f) > > > ---- > > > - libcli/auth/netlogon_creds_cli.c | 2596 +++++++++++++++++++++++++++= +++++++++++ > > > - libcli/auth/netlogon_creds_cli.h | 138 ++ > > > - libcli/auth/wscript_build | 4 + > > > - 3 files changed, 2738 insertions(+) > > > - create mode 100644 libcli/auth/netlogon_creds_cli.c > > > - create mode 100644 libcli/auth/netlogon_creds_cli.h > > > - > > > -diff --git a/libcli/auth/netlogon_creds_cli.c b/libcli/auth/netlogon= _creds_cli.c > > > -new file mode 100644 > > > -index 0000000..75d6b2c > > > ---- /dev/null > > > -+++ b/libcli/auth/netlogon_creds_cli.c > > > -@@ -0,0 +1,2596 @@ > > > -+/* > > > -+ Unix SMB/CIFS implementation. > > > -+ > > > -+ module to store/fetch session keys for the schannel client > > > -+ > > > -+ Copyright (C) Stefan Metzmacher 2013 > > > -+ > > > -+ This program is free software; you can redistribute it and/or mo= dify > > > -+ it under the terms of the GNU General Public License as publishe= d by > > > -+ the Free Software Foundation; either version 3 of the License, or > > > -+ (at your option) any later version. > > > -+ > > > -+ This program is distributed in the hope that it will be useful, > > > -+ but WITHOUT ANY WARRANTY; without even the implied warranty of > > > -+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the > > > -+ GNU General Public License for more details. > > > -+ > > > -+ You should have received a copy of the GNU General Public License > > > -+ along with this program. If not, see . > > > -+*/ > > > -+ > > > -+#include "includes.h" > > > -+#include "system/filesys.h" > > > -+#include > > > -+#include "lib/util/tevent_ntstatus.h" > > > -+#include "lib/dbwrap/dbwrap.h" > > > -+#include "lib/dbwrap/dbwrap_rbt.h" > > > -+#include "lib/util/util_tdb.h" > > > -+#include "libcli/security/security.h" > > > -+#include "../lib/param/param.h" > > > -+#include "../libcli/auth/schannel.h" > > > -+#include "../librpc/gen_ndr/ndr_schannel.h" > > > -+#include "../librpc/gen_ndr/ndr_netlogon_c.h" > > > -+#include "../librpc/gen_ndr/server_id.h" > > > -+#include "netlogon_creds_cli.h" > > > -+#include "source3/include/messages.h" > > > -+#include "source3/include/g_lock.h" > > > -+ > > > -+struct netlogon_creds_cli_locked_state; > > > -+ > > > -+struct netlogon_creds_cli_context { > > > -+ struct { > > > -+ const char *computer; > > > -+ const char *account; > > > -+ uint32_t proposed_flags; > > > -+ uint32_t required_flags; > > > -+ enum netr_SchannelType type; > > > -+ enum dcerpc_AuthLevel auth_level; > > > -+ } client; > > > -+ > > > -+ struct { > > > -+ const char *computer; > > > -+ const char *netbios_domain; > > > -+ uint32_t cached_flags; > > > -+ bool try_validation6; > > > -+ bool try_logon_ex; > > > -+ bool try_logon_with; > > > -+ } server; > > > -+ > > > -+ struct { > > > -+ const char *key_name; > > > -+ TDB_DATA key_data; > > > -+ struct db_context *ctx; > > > -+ struct g_lock_ctx *g_ctx; > > > -+ struct netlogon_creds_cli_locked_state *locked_state; > > > -+ } db; > > > -+}; > > > -+ > > > -+struct netlogon_creds_cli_locked_state { > > > -+ struct netlogon_creds_cli_context *context; > > > -+ bool is_glocked; > > > -+ struct netlogon_creds_CredentialState *creds; > > > -+}; > > > -+ > > > -+static int netlogon_creds_cli_locked_state_destructor( > > > -+ struct netlogon_creds_cli_locked_state *state) > > > -+{ > > > -+ struct netlogon_creds_cli_context *context =3D state->context; > > > -+ > > > -+ if (context =3D=3D NULL) { > > > -+ return 0; > > > -+ } > > > -+ > > > -+ if (context->db.locked_state =3D=3D state) { > > > -+ context->db.locked_state =3D NULL; > > > -+ } > > > -+ > > > -+ if (state->is_glocked) { > > > -+ g_lock_unlock(context->db.g_ctx, > > > -+ context->db.key_name); > > > -+ } > > > -+ > > > -+ return 0; > > > -+} > > > -+ > > > -+static NTSTATUS netlogon_creds_cli_context_common( > > > -+ const char *client_computer, > > > -+ const char *client_account, > > > -+ enum netr_SchannelType type, > > > -+ enum dcerpc_AuthLevel auth_level, > > > -+ uint32_t proposed_flags, > > > -+ uint32_t required_flags, > > > -+ const char *server_computer, > > > -+ const char *server_netbios_domain, > > > -+ TALLOC_CTX *mem_ctx, > > > -+ struct netlogon_creds_cli_context **_context) > > > -+{ > > > -+ struct netlogon_creds_cli_context *context =3D NULL; > > > -+ > > > -+ *_context =3D NULL; > > > -+ > > > -+ context =3D talloc_zero(mem_ctx, struct netlogon_creds_cli_context= ); > > > -+ if (context =3D=3D NULL) { > > > -+ return NT_STATUS_NO_MEMORY; > > > -+ } > > > -+ > > > -+ context->client.computer =3D talloc_strdup(context, client_compute= r); > > > -+ if (context->client.computer =3D=3D NULL) { > > > -+ talloc_free(context); > > > -+ return NT_STATUS_NO_MEMORY; > > > -+ } > > > -+ > > > -+ context->client.account =3D talloc_strdup(context, client_account); > > > -+ if (context->client.account =3D=3D NULL) { > > > -+ talloc_free(context); > > > -+ return NT_STATUS_NO_MEMORY; > > > -+ } > > > -+ > > > -+ context->client.proposed_flags =3D proposed_flags; > > > -+ context->client.required_flags =3D required_flags; > > > -+ context->client.type =3D type; > > > -+ context->client.auth_level =3D auth_level; > > > -+ > > > -+ context->server.computer =3D talloc_strdup(context, server_compute= r); > > > -+ if (context->server.computer =3D=3D NULL) { > > > -+ talloc_free(context); > > > -+ return NT_STATUS_NO_MEMORY; > > > -+ } > > > -+ > > > -+ context->server.netbios_domain =3D talloc_strdup(context, server_n= etbios_domain); > > > -+ if (context->server.netbios_domain =3D=3D NULL) { > > > -+ talloc_free(context); > > > -+ return NT_STATUS_NO_MEMORY; > > > -+ } > > > -+ > > > -+ context->db.key_name =3D talloc_asprintf(context, "CLI[%s/%s]/SRV[= %s/%s]", > > > -+ client_computer, > > > -+ client_account, > > > -+ server_computer, > > > -+ server_netbios_domain); > > > -+ if (context->db.key_name =3D=3D NULL) { > > > -+ talloc_free(context); > > > -+ return NT_STATUS_NO_MEMORY; > > > -+ } > > > -+ > > > -+ context->db.key_data =3D string_term_tdb_data(context->db.key_name= ); > > > -+ > > > -+ *_context =3D context; > > > -+ return NT_STATUS_OK; > > > -+} > > > -+ > > > -+static struct db_context *netlogon_creds_cli_global_db; > > > -+ > > > -+NTSTATUS netlogon_creds_cli_open_global_db(struct loadparm_context = *lp_ctx) > > > -+{ > > > -+ char *fname; > > > -+ struct db_context *global_db; > > > -+ > > > -+ if (netlogon_creds_cli_global_db !=3D NULL) { > > > -+ return NT_STATUS_OK; > > > -+ } > > > -+ > > > -+ fname =3D lpcfg_private_db_path(talloc_autofree_context(), lp_ctx,= "netlogon_creds_cli"); > > > -+ if (fname =3D=3D NULL) { > > > -+ return NT_STATUS_NO_MEMORY; > > > -+ } > > > -+ > > > -+ global_db =3D dbwrap_local_open(talloc_autofree_context(), lp_ctx, > > > -+ fname, 0, > > > -+ TDB_CLEAR_IF_FIRST|TDB_INCOMPATIBLE_HASH, > > > -+ O_RDWR|O_CREAT, > > > -+ 0600, DBWRAP_LOCK_ORDER_2); > > > -+ if (global_db =3D=3D NULL) { > > > -+ DEBUG(0,("netlogon_creds_cli_open_global_db: Failed to open %s - = %s\n", > > > -+ fname, strerror(errno))); > > > -+ talloc_free(fname); > > > -+ return NT_STATUS_NO_MEMORY; > > > -+ } > > > -+ TALLOC_FREE(fname); > > > -+ > > > -+ netlogon_creds_cli_global_db =3D global_db; > > > -+ return NT_STATUS_OK; > > > -+} > > > -+ > > > -+NTSTATUS netlogon_creds_cli_context_global(struct loadparm_context = *lp_ctx, > > > -+ struct messaging_context *msg_ctx, > > > -+ const char *client_account, > > > -+ enum netr_SchannelType type, > > > -+ const char *server_computer, > > > -+ const char *server_netbios_domain, > > > -+ TALLOC_CTX *mem_ctx, > > > -+ struct netlogon_creds_cli_context **_context) > > > -+{ > > > -+ TALLOC_CTX *frame =3D talloc_stackframe(); > > > -+ NTSTATUS status; > > > -+ struct netlogon_creds_cli_context *context =3D NULL; > > > -+ const char *client_computer; > > > -+ uint32_t proposed_flags; > > > -+ uint32_t required_flags =3D 0; > > > -+ bool reject_md5_servers =3D false; > > > -+ bool require_strong_key =3D false; > > > -+ int require_sign_or_seal =3D true; > > > -+ bool seal_secure_channel =3D true; > > > -+ enum dcerpc_AuthLevel auth_level =3D DCERPC_AUTH_LEVEL_NONE; > > > -+ bool neutralize_nt4_emulation =3D false; > > > -+ struct server_id self =3D { > > > -+ .vnn =3D NONCLUSTER_VNN, > > > -+ .unique_id =3D SERVERID_UNIQUE_ID_NOT_TO_VERIFY, > > > -+ }; > > > -+ > > > -+ if (msg_ctx !=3D NULL) { > > > -+ self =3D messaging_server_id(msg_ctx); > > > -+ } > > > -+ > > > -+ *_context =3D NULL; > > > -+ > > > -+ if (self.vnn !=3D NONCLUSTER_VNN) { > > > -+ client_computer =3D talloc_asprintf(frame, > > > -+ "%s_cluster_vnn_%u", > > > -+ lpcfg_netbios_name(lp_ctx), > > > -+ (unsigned)self.vnn); > > > -+ if (client_computer =3D=3D NULL) { > > > -+ TALLOC_FREE(frame); > > > -+ return NT_STATUS_NO_MEMORY; > > > -+ } > > > -+ } else { > > > -+ client_computer =3D lpcfg_netbios_name(lp_ctx); > > > -+ } > > > -+ > > > -+ /* > > > -+ * allow overwrite per domain > > > -+ * reject md5 servers: > > > -+ */ > > > -+ //TODO: add lpcfp_reject_md5_servers() > > > -+ reject_md5_servers =3D lpcfg_parm_bool(lp_ctx, NULL, > > > -+ "__default__", > > > -+ "reject md5 servers", > > > -+ reject_md5_servers); > > > -+ reject_md5_servers =3D lpcfg_parm_bool(lp_ctx, NULL, > > > -+ "reject md5 servers", > > > -+ server_netbios_domain, > > > -+ reject_md5_servers); > > > -+ > > > -+ /* > > > -+ * allow overwrite per domain > > > -+ * require strong key: > > > -+ */ > > > -+ //TODO: add lpcfp_require_strong_key() > > > -+ require_strong_key =3D lpcfg_parm_bool(lp_ctx, NULL, > > > -+ "__default__", > > > -+ "require strong key", > > > -+ require_strong_key); > > > -+ require_strong_key =3D lpcfg_parm_bool(lp_ctx, NULL, > > > -+ "require strong key", > > > -+ server_netbios_domain, > > > -+ require_strong_key); > > > -+ > > > -+ /* > > > -+ * allow overwrite per domain > > > -+ * client schannel: > > > -+ */ > > > -+ require_sign_or_seal =3D lpcfg_client_schannel(lp_ctx); > > > -+ require_sign_or_seal =3D lpcfg_parm_int(lp_ctx, NULL, > > > -+ "client schannel", > > > -+ server_netbios_domain, > > > -+ require_sign_or_seal); > > > -+ > > > -+ /* > > > -+ * allow overwrite per domain > > > -+ * winbind sealed pipes: > > > -+ */ > > > -+ seal_secure_channel =3D lpcfg_winbind_sealed_pipes(lp_ctx); > > > -+ seal_secure_channel =3D lpcfg_parm_bool(lp_ctx, NULL, > > > -+ "winbind sealed pipes", > > > -+ server_netbios_domain, > > > -+ seal_secure_channel); > > > -+ > > > -+ /* > > > -+ * allow overwrite per domain > > > -+ * neutralize nt4 emulation: > > > -+ */ > > > -+ //TODO: add lpcfp_neutralize_nt4_emulation() > > > -+ neutralize_nt4_emulation =3D lpcfg_parm_bool(lp_ctx, NULL, > > > -+ "__default__", > > > -+ "neutralize nt4 emulation", > > > -+ neutralize_nt4_emulation); > > > -+ neutralize_nt4_emulation =3D lpcfg_parm_bool(lp_ctx, NULL, > > > -+ "neutralize nt4 emulation", > > > -+ server_netbios_domain, > > > -+ neutralize_nt4_emulation); > > > -+ > > > -+ proposed_flags =3D NETLOGON_NEG_AUTH2_ADS_FLAGS; > > > -+ proposed_flags |=3D NETLOGON_NEG_SUPPORTS_AES; > > > -+ > > > -+ switch (type) { > > > -+ case SEC_CHAN_WKSTA: > > > -+ if (lpcfg_security(lp_ctx) =3D=3D SEC_ADS) { > > > -+ /* > > > -+ * AD domains should be secure > > > -+ */ > > > -+ required_flags |=3D NETLOGON_NEG_PASSWORD_SET2; > > > -+ require_sign_or_seal =3D true; > > > -+ require_strong_key =3D true; > > > -+ } > > > -+ break; > > > -+ > > > -+ case SEC_CHAN_DOMAIN: > > > -+ break; > > > -+ > > > -+ case SEC_CHAN_DNS_DOMAIN: > > > -+ /* > > > -+ * AD domains should be secure > > > -+ */ > > > -+ required_flags |=3D NETLOGON_NEG_PASSWORD_SET2; > > > -+ require_sign_or_seal =3D true; > > > -+ require_strong_key =3D true; > > > -+ neutralize_nt4_emulation =3D true; > > > -+ break; > > > -+ > > > -+ case SEC_CHAN_BDC: > > > -+ required_flags |=3D NETLOGON_NEG_PASSWORD_SET2; > > > -+ require_sign_or_seal =3D true; > > > -+ require_strong_key =3D true; > > > -+ break; > > > -+ > > > -+ case SEC_CHAN_RODC: > > > -+ required_flags |=3D NETLOGON_NEG_RODC_PASSTHROUGH; > > > -+ required_flags |=3D NETLOGON_NEG_PASSWORD_SET2; > > > -+ require_sign_or_seal =3D true; > > > -+ require_strong_key =3D true; > > > -+ neutralize_nt4_emulation =3D true; > > > -+ break; > > > -+ > > > -+ default: > > > -+ TALLOC_FREE(frame); > > > -+ return NT_STATUS_INVALID_PARAMETER; > > > -+ } > > > -+ > > > -+ if (neutralize_nt4_emulation) { > > > -+ proposed_flags |=3D NETLOGON_NEG_NEUTRALIZE_NT4_EMULATION; > > > -+ } > > > -+ > > > -+ if (require_sign_or_seal =3D=3D false) { > > > -+ proposed_flags &=3D ~NETLOGON_NEG_AUTHENTICATED_RPC; > > > -+ } else { > > > -+ required_flags |=3D NETLOGON_NEG_ARCFOUR; > > > -+ required_flags |=3D NETLOGON_NEG_AUTHENTICATED_RPC; > > > -+ } > > > -+ > > > -+ if (reject_md5_servers) { > > > -+ required_flags |=3D NETLOGON_NEG_ARCFOUR; > > > -+ required_flags |=3D NETLOGON_NEG_PASSWORD_SET2; > > > -+ required_flags |=3D NETLOGON_NEG_SUPPORTS_AES; > > > -+ required_flags |=3D NETLOGON_NEG_AUTHENTICATED_RPC; > > > -+ } > > > -+ > > > -+ if (require_strong_key) { > > > -+ required_flags |=3D NETLOGON_NEG_ARCFOUR; > > > -+ required_flags |=3D NETLOGON_NEG_STRONG_KEYS; > > > -+ required_flags |=3D NETLOGON_NEG_AUTHENTICATED_RPC; > > > -+ } > > > -+ > > > -+ proposed_flags |=3D required_flags; > > > -+ > > > -+ if (seal_secure_channel) { > > > -+ auth_level =3D DCERPC_AUTH_LEVEL_PRIVACY; > > > -+ } else { > > > -+ auth_level =3D DCERPC_AUTH_LEVEL_INTEGRITY; > > > -+ } > > > -+ > > > -+ status =3D netlogon_creds_cli_context_common(client_computer, > > > -+ client_account, > > > -+ type, > > > -+ auth_level, > > > -+ proposed_flags, > > > -+ required_flags, > > > -+ server_computer, > > > -+ server_netbios_domain, > > > -+ mem_ctx, > > > -+ &context); > > > -+ if (!NT_STATUS_IS_OK(status)) { > > > -+ TALLOC_FREE(frame); > > > -+ return status; > > > -+ } > > > -+ > > > -+ if (msg_ctx !=3D NULL) { > > > -+ context->db.g_ctx =3D g_lock_ctx_init(context, msg_ctx); > > > -+ if (context->db.g_ctx =3D=3D NULL) { > > > -+ TALLOC_FREE(context); > > > -+ TALLOC_FREE(frame); > > > -+ return NT_STATUS_NO_MEMORY; > > > -+ } > > > -+ } > > > -+ > > > -+ if (netlogon_creds_cli_global_db !=3D NULL) { > > > -+ context->db.ctx =3D netlogon_creds_cli_global_db; > > > -+ *_context =3D context; > > > -+ TALLOC_FREE(frame); > > > -+ return NT_STATUS_OK; > > > -+ } > > > -+ > > > -+ status =3D netlogon_creds_cli_open_global_db(lp_ctx); > > > -+ if (!NT_STATUS_IS_OK(status)) { > > > -+ TALLOC_FREE(context); > > > -+ TALLOC_FREE(frame); > > > -+ return NT_STATUS_NO_MEMORY; > > > -+ } > > > -+ > > > -+ context->db.ctx =3D netlogon_creds_cli_global_db; > > > -+ *_context =3D context; > > > -+ TALLOC_FREE(frame); > > > -+ return NT_STATUS_OK; > > > -+} > > > -+ > > > -+NTSTATUS netlogon_creds_cli_context_tmp(const char *client_computer, > > > -+ const char *client_account, > > > -+ enum netr_SchannelType type, > > > -+ uint32_t proposed_flags, > > > -+ uint32_t required_flags, > > > -+ enum dcerpc_AuthLevel auth_level, > > > -+ const char *server_computer, > > > -+ const char *server_netbios_domain, > > > -+ TALLOC_CTX *mem_ctx, > > > -+ struct netlogon_creds_cli_context **_context) > > > -+{ > > > -+ NTSTATUS status; > > > -+ struct netlogon_creds_cli_context *context =3D NULL; > > > -+ > > > -+ *_context =3D NULL; > > > -+ > > > -+ status =3D netlogon_creds_cli_context_common(client_computer, > > > -+ client_account, > > > -+ type, > > > -+ auth_level, > > > -+ proposed_flags, > > > -+ required_flags, > > > -+ server_computer, > > > -+ server_netbios_domain, > > > -+ mem_ctx, > > > -+ &context); > > > -+ if (!NT_STATUS_IS_OK(status)) { > > > -+ return status; > > > -+ } > > > -+ > > > -+ context->db.ctx =3D db_open_rbt(context); > > > -+ if (context->db.ctx =3D=3D NULL) { > > > -+ talloc_free(context); > > > -+ return NT_STATUS_NO_MEMORY; > > > -+ } > > > -+ > > > -+ *_context =3D context; > > > -+ return NT_STATUS_OK; > > > -+} > > > -+ > > > -+NTSTATUS netlogon_creds_cli_context_copy( > > > -+ const struct netlogon_creds_cli_context *src, > > > -+ TALLOC_CTX *mem_ctx, > > > -+ struct netlogon_creds_cli_context **_dst) > > > -+{ > > > -+ struct netlogon_creds_cli_context *dst; > > > -+ > > > -+ dst =3D talloc_zero(mem_ctx, struct netlogon_creds_cli_context); > > > -+ if (dst =3D=3D NULL) { > > > -+ return NT_STATUS_NO_MEMORY; > > > -+ } > > > -+ > > > -+ *dst =3D *src; > > > -+ > > > -+ dst->client.computer =3D talloc_strdup(dst, src->client.computer); > > > -+ if (dst->client.computer =3D=3D NULL) { > > > -+ TALLOC_FREE(dst); > > > -+ return NT_STATUS_NO_MEMORY; > > > -+ } > > > -+ dst->client.account =3D talloc_strdup(dst, src->client.account); > > > -+ if (dst->client.account =3D=3D NULL) { > > > -+ TALLOC_FREE(dst); > > > -+ return NT_STATUS_NO_MEMORY; > > > -+ } > > > -+ dst->server.computer =3D talloc_strdup(dst, src->server.computer); > > > -+ if (dst->server.computer =3D=3D NULL) { > > > -+ TALLOC_FREE(dst); > > > -+ return NT_STATUS_NO_MEMORY; > > > -+ } > > > -+ dst->server.netbios_domain =3D talloc_strdup(dst, src->server.netb= ios_domain); > > > -+ if (dst->server.netbios_domain =3D=3D NULL) { > > > -+ TALLOC_FREE(dst); > > > -+ return NT_STATUS_NO_MEMORY; > > > -+ } > > > -+ > > > -+ dst->db.key_name =3D talloc_strdup(dst, src->db.key_name); > > > -+ if (dst->db.key_name =3D=3D NULL) { > > > -+ TALLOC_FREE(dst); > > > -+ return NT_STATUS_NO_MEMORY; > > > -+ } > > > -+ > > > -+ dst->db.key_data =3D string_term_tdb_data(dst->db.key_name); > > > -+ > > > -+ *_dst =3D dst; > > > -+ return NT_STATUS_OK; > > > -+} > > > -+ > > > -+enum dcerpc_AuthLevel netlogon_creds_cli_auth_level( > > > -+ struct netlogon_creds_cli_context *context) > > > -+{ > > > -+ return context->client.auth_level; > > > -+} > > > -+ > > > -+struct netlogon_creds_cli_fetch_state { > > > -+ TALLOC_CTX *mem_ctx; > > > -+ struct netlogon_creds_CredentialState *creds; > > > -+ uint32_t required_flags; > > > -+ NTSTATUS status; > > > -+}; > > > -+ > > > -+static void netlogon_creds_cli_fetch_parser(TDB_DATA key, TDB_DATA = data, > > > -+ void *private_data) > > > -+{ > > > -+ struct netlogon_creds_cli_fetch_state *state =3D > > > -+ (struct netlogon_creds_cli_fetch_state *)private_data; > > > -+ enum ndr_err_code ndr_err; > > > -+ DATA_BLOB blob; > > > -+ uint32_t tmp_flags; > > > -+ > > > -+ state->creds =3D talloc_zero(state->mem_ctx, > > > -+ struct netlogon_creds_CredentialState); > > > -+ if (state->creds =3D=3D NULL) { > > > -+ state->status =3D NT_STATUS_NO_MEMORY; > > > -+ return; > > > -+ } > > > -+ > > > -+ blob.data =3D data.dptr; > > > -+ blob.length =3D data.dsize; > > > -+ > > > -+ ndr_err =3D ndr_pull_struct_blob(&blob, state->creds, state->creds, > > > -+ (ndr_pull_flags_fn_t)ndr_pull_netlogon_creds_CredentialState); > > > -+ if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) { > > > -+ TALLOC_FREE(state->creds); > > > -+ state->status =3D ndr_map_error2ntstatus(ndr_err); > > > -+ return; > > > -+ } > > > -+ > > > -+ tmp_flags =3D state->creds->negotiate_flags; > > > -+ tmp_flags &=3D state->required_flags; > > > -+ if (tmp_flags !=3D state->required_flags) { > > > -+ TALLOC_FREE(state->creds); > > > -+ state->status =3D NT_STATUS_DOWNGRADE_DETECTED; > > > -+ return; > > > -+ } > > > -+ > > > -+ state->status =3D NT_STATUS_OK; > > > -+} > > > -+ > > > -+NTSTATUS netlogon_creds_cli_get(struct netlogon_creds_cli_context *= context, > > > -+ TALLOC_CTX *mem_ctx, > > > -+ struct netlogon_creds_CredentialState **_creds) > > > -+{ > > > -+ NTSTATUS status; > > > -+ struct netlogon_creds_cli_fetch_state fstate =3D { > > > -+ .mem_ctx =3D mem_ctx, > > > -+ .status =3D NT_STATUS_INTERNAL_ERROR, > > > -+ .required_flags =3D context->client.required_flags, > > > -+ }; > > > -+ static const struct netr_Credential zero_creds; > > > -+ > > > -+ *_creds =3D NULL; > > > -+ > > > -+ status =3D dbwrap_parse_record(context->db.ctx, > > > -+ context->db.key_data, > > > -+ netlogon_creds_cli_fetch_parser, > > > -+ &fstate); > > > -+ if (!NT_STATUS_IS_OK(status)) { > > > -+ return status; > > > -+ } > > > -+ status =3D fstate.status; > > > -+ if (!NT_STATUS_IS_OK(status)) { > > > -+ return status; > > > -+ } > > > -+ > > > -+ /* > > > -+ * mark it as invalid for step operations. > > > -+ */ > > > -+ fstate.creds->sequence =3D 0; > > > -+ fstate.creds->seed =3D zero_creds; > > > -+ fstate.creds->client =3D zero_creds; > > > -+ fstate.creds->server =3D zero_creds; > > > -+ > > > -+ if (context->server.cached_flags =3D=3D fstate.creds->negotiate_fl= ags) { > > > -+ *_creds =3D fstate.creds; > > > -+ return NT_STATUS_OK; > > > -+ } > > > -+ > > > -+ /* > > > -+ * It is really important to try SamLogonEx here, > > > -+ * because multiple processes can talk to the same > > > -+ * domain controller, without using the credential > > > -+ * chain. > > > -+ * > > > -+ * With a normal SamLogon call, we must keep the > > > -+ * credentials chain updated and intact between all > > > -+ * users of the machine account (which would imply > > > -+ * cross-node communication for every NTLM logon). > > > -+ * > > > -+ * The credentials chain is not per NETLOGON pipe > > > -+ * connection, but globally on the server/client pair > > > -+ * by computer name, while the client is free to use > > > -+ * any computer name. We include the cluster node number > > > -+ * in our computer name in order to avoid cross node > > > -+ * coordination of the credential chain. > > > -+ * > > > -+ * It's also important to use NetlogonValidationSamInfo4 (6), > > > -+ * because it relies on the rpc transport encryption > > > -+ * and avoids using the global netlogon schannel > > > -+ * session key to en/decrypt secret information > > > -+ * like the user_session_key for network logons. > > > -+ * > > > -+ * [MS-APDS] 3.1.5.2 NTLM Network Logon > > > -+ * says NETLOGON_NEG_CROSS_FOREST_TRUSTS and > > > -+ * NETLOGON_NEG_AUTHENTICATED_RPC set together > > > -+ * are the indication that the server supports > > > -+ * NetlogonValidationSamInfo4 (6). And it must only > > > -+ * be used if "SealSecureChannel" is used. > > > -+ * > > > -+ * The "SealSecureChannel" AUTH_TYPE_SCHANNEL/AUTH_LEVEL_PRIVACY > > > -+ * check is done in netlogon_creds_cli_LogonSamLogon*(). > > > -+ */ > > > -+ context->server.cached_flags =3D fstate.creds->negotiate_flags; > > > -+ context->server.try_validation6 =3D true; > > > -+ context->server.try_logon_ex =3D true; > > > -+ context->server.try_logon_with =3D true; > > > -+ > > > -+ if (!(context->server.cached_flags & NETLOGON_NEG_AUTHENTICATED_RP= C)) { > > > -+ context->server.try_validation6 =3D false; > > > -+ context->server.try_logon_ex =3D false; > > > -+ } > > > -+ if (!(context->server.cached_flags & NETLOGON_NEG_CROSS_FOREST_TRU= STS)) { > > > -+ context->server.try_validation6 =3D false; > > > -+ } > > > -+ > > > -+ *_creds =3D fstate.creds; > > > -+ return NT_STATUS_OK; > > > -+} > > > -+ > > > -+bool netlogon_creds_cli_validate(struct netlogon_creds_cli_context = *context, > > > -+ const struct netlogon_creds_CredentialState *creds1) > > > -+{ > > > -+ TALLOC_CTX *frame =3D talloc_stackframe(); > > > -+ struct netlogon_creds_CredentialState *creds2; > > > -+ DATA_BLOB blob1; > > > -+ DATA_BLOB blob2; > > > -+ NTSTATUS status; > > > -+ enum ndr_err_code ndr_err; > > > -+ int cmp; > > > -+ > > > -+ status =3D netlogon_creds_cli_get(context, frame, &creds2); > > > -+ if (!NT_STATUS_IS_OK(status)) { > > > -+ TALLOC_FREE(frame); > > > -+ return false; > > > -+ } > > > -+ > > > -+ ndr_err =3D ndr_push_struct_blob(&blob1, frame, creds1, > > > -+ (ndr_push_flags_fn_t)ndr_push_netlogon_creds_CredentialState); > > > -+ if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) { > > > -+ TALLOC_FREE(frame); > > > -+ return false; > > > -+ } > > > -+ > > > -+ ndr_err =3D ndr_push_struct_blob(&blob2, frame, creds2, > > > -+ (ndr_push_flags_fn_t)ndr_push_netlogon_creds_CredentialState); > > > -+ if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) { > > > -+ TALLOC_FREE(frame); > > > -+ return false; > > > -+ } > > > -+ > > > -+ if (blob1.length !=3D blob2.length) { > > > -+ TALLOC_FREE(frame); > > > -+ return false; > > > -+ } > > > -+ > > > -+ cmp =3D memcmp(blob1.data, blob2.data, blob1.length); > > > -+ if (cmp !=3D 0) { > > > -+ TALLOC_FREE(frame); > > > -+ return false; > > > -+ } > > > -+ > > > -+ TALLOC_FREE(frame); > > > -+ return true; > > > -+} > > > -+ > > > -+NTSTATUS netlogon_creds_cli_store(struct netlogon_creds_cli_context= *context, > > > -+ struct netlogon_creds_CredentialState **_creds) > > > -+{ > > > -+ struct netlogon_creds_CredentialState *creds =3D *_creds; > > > -+ NTSTATUS status; > > > -+ enum ndr_err_code ndr_err; > > > -+ DATA_BLOB blob; > > > -+ TDB_DATA data; > > > -+ > > > -+ *_creds =3D NULL; > > > -+ > > > -+ if (context->db.locked_state =3D=3D NULL) { > > > -+ /* > > > -+ * this was not the result of netlogon_creds_cli_lock*() > > > -+ */ > > > -+ TALLOC_FREE(creds); > > > -+ return NT_STATUS_INVALID_PAGE_PROTECTION; > > > -+ } > > > -+ > > > -+ if (context->db.locked_state->creds !=3D creds) { > > > -+ /* > > > -+ * this was not the result of netlogon_creds_cli_lock*() > > > -+ */ > > > -+ TALLOC_FREE(creds); > > > -+ return NT_STATUS_INVALID_PAGE_PROTECTION; > > > -+ } > > > -+ > > > -+ ndr_err =3D ndr_push_struct_blob(&blob, creds, creds, > > > -+ (ndr_push_flags_fn_t)ndr_push_netlogon_creds_CredentialState); > > > -+ if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) { > > > -+ TALLOC_FREE(creds); > > > -+ status =3D ndr_map_error2ntstatus(ndr_err); > > > -+ return status; > > > -+ } > > > -+ > > > -+ data.dptr =3D blob.data; > > > -+ data.dsize =3D blob.length; > > > -+ > > > -+ status =3D dbwrap_store(context->db.ctx, > > > -+ context->db.key_data, > > > -+ data, TDB_REPLACE); > > > -+ TALLOC_FREE(creds); > > > -+ if (!NT_STATUS_IS_OK(status)) { > > > -+ return status; > > > -+ } > > > -+ > > > -+ return NT_STATUS_OK; > > > -+} > > > -+ > > > -+NTSTATUS netlogon_creds_cli_delete(struct netlogon_creds_cli_contex= t *context, > > > -+ struct netlogon_creds_CredentialState **_creds) > > > -+{ > > > -+ struct netlogon_creds_CredentialState *creds =3D *_creds; > > > -+ NTSTATUS status; > > > -+ > > > -+ *_creds =3D NULL; > > > -+ > > > -+ if (context->db.locked_state =3D=3D NULL) { > > > -+ /* > > > -+ * this was not the result of netlogon_creds_cli_lock*() > > > -+ */ > > > -+ TALLOC_FREE(creds); > > > -+ return NT_STATUS_INVALID_PAGE_PROTECTION; > > > -+ } > > > -+ > > > -+ if (context->db.locked_state->creds !=3D creds) { > > > -+ /* > > > -+ * this was not the result of netlogon_creds_cli_lock*() > > > -+ */ > > > -+ TALLOC_FREE(creds); > > > -+ return NT_STATUS_INVALID_PAGE_PROTECTION; > > > -+ } > > > -+ > > > -+ status =3D dbwrap_delete(context->db.ctx, > > > -+ context->db.key_data); > > > -+ TALLOC_FREE(creds); > > > -+ if (!NT_STATUS_IS_OK(status)) { > > > -+ return status; > > > -+ } > > > -+ > > > -+ return NT_STATUS_OK; > > > -+} > > > -+ > > > -+struct netlogon_creds_cli_lock_state { > > > -+ struct netlogon_creds_cli_locked_state *locked_state; > > > -+ struct netlogon_creds_CredentialState *creds; > > > -+}; > > > -+ > > > -+static void netlogon_creds_cli_lock_done(struct tevent_req *subreq); > > > -+static void netlogon_creds_cli_lock_fetch(struct tevent_req *req); > > > -+ > > > -+struct tevent_req *netlogon_creds_cli_lock_send(TALLOC_CTX *mem_ctx, > > > -+ struct tevent_context *ev, > > > -+ struct netlogon_creds_cli_context *context) > > > -+{ > > > -+ struct tevent_req *req; > > > -+ struct netlogon_creds_cli_lock_state *state; > > > -+ struct netlogon_creds_cli_locked_state *locked_state; > > > -+ struct tevent_req *subreq; > > > -+ > > > -+ req =3D tevent_req_create(mem_ctx, &state, > > > -+ struct netlogon_creds_cli_lock_state); > > > -+ if (req =3D=3D NULL) { > > > -+ return NULL; > > > -+ } > > > -+ > > > -+ if (context->db.locked_state !=3D NULL) { > > > -+ tevent_req_nterror(req, NT_STATUS_LOCK_NOT_GRANTED); > > > -+ return tevent_req_post(req, ev); > > > -+ } > > > -+ > > > -+ locked_state =3D talloc_zero(state, struct netlogon_creds_cli_lock= ed_state); > > > -+ if (tevent_req_nomem(locked_state, req)) { > > > -+ return tevent_req_post(req, ev); > > > -+ } > > > -+ talloc_set_destructor(locked_state, > > > -+ netlogon_creds_cli_locked_state_destructor); > > > -+ locked_state->context =3D context; > > > -+ > > > -+ context->db.locked_state =3D locked_state; > > > -+ state->locked_state =3D locked_state; > > > -+ > > > -+ if (context->db.g_ctx =3D=3D NULL) { > > > -+ netlogon_creds_cli_lock_fetch(req); > > > -+ if (!tevent_req_is_in_progress(req)) { > > > -+ return tevent_req_post(req, ev); > > > -+ } > > > -+ > > > -+ return req; > > > -+ } > > > -+ > > > -+ subreq =3D g_lock_lock_send(state, ev, > > > -+ context->db.g_ctx, > > > -+ context->db.key_name, > > > -+ G_LOCK_WRITE); > > > -+ if (tevent_req_nomem(subreq, req)) { > > > -+ return tevent_req_post(req, ev); > > > -+ } > > > -+ tevent_req_set_callback(subreq, netlogon_creds_cli_lock_done, req); > > > -+ > > > -+ return req; > > > -+} > > > -+ > > > -+static void netlogon_creds_cli_lock_done(struct tevent_req *subreq) > > > -+{ > > > -+ struct tevent_req *req =3D > > > -+ tevent_req_callback_data(subreq, > > > -+ struct tevent_req); > > > -+ struct netlogon_creds_cli_lock_state *state =3D > > > -+ tevent_req_data(req, > > > -+ struct netlogon_creds_cli_lock_state); > > > -+ NTSTATUS status; > > > -+ > > > -+ status =3D g_lock_lock_recv(subreq); > > > -+ TALLOC_FREE(subreq); > > > -+ if (tevent_req_nterror(req, status)) { > > > -+ return; > > > -+ } > > > -+ state->locked_state->is_glocked =3D true; > > > -+ > > > -+ netlogon_creds_cli_lock_fetch(req); > > > -+} > > > -+ > > > -+static void netlogon_creds_cli_lock_fetch(struct tevent_req *req) > > > -+{ > > > -+ struct netlogon_creds_cli_lock_state *state =3D > > > -+ tevent_req_data(req, > > > -+ struct netlogon_creds_cli_lock_state); > > > -+ struct netlogon_creds_cli_context *context =3D state->locked_state= ->context; > > > -+ struct netlogon_creds_cli_fetch_state fstate =3D { > > > -+ .status =3D NT_STATUS_INTERNAL_ERROR, > > > -+ .required_flags =3D context->client.required_flags, > > > -+ }; > > > -+ NTSTATUS status; > > > -+ > > > -+ fstate.mem_ctx =3D state; > > > -+ status =3D dbwrap_parse_record(context->db.ctx, > > > -+ context->db.key_data, > > > -+ netlogon_creds_cli_fetch_parser, > > > -+ &fstate); > > > -+ if (tevent_req_nterror(req, status)) { > > > -+ return; > > > -+ } > > > -+ status =3D fstate.status; > > > -+ if (tevent_req_nterror(req, status)) { > > > -+ return; > > > -+ } > > > -+ > > > -+ if (context->server.cached_flags =3D=3D fstate.creds->negotiate_fl= ags) { > > > -+ state->creds =3D fstate.creds; > > > -+ tevent_req_done(req); > > > -+ return; > > > -+ } > > > -+ > > > -+ context->server.cached_flags =3D fstate.creds->negotiate_flags; > > > -+ context->server.try_validation6 =3D true; > > > -+ context->server.try_logon_ex =3D true; > > > -+ context->server.try_logon_with =3D true; > > > -+ > > > -+ if (!(context->server.cached_flags & NETLOGON_NEG_AUTHENTICATED_RP= C)) { > > > -+ context->server.try_validation6 =3D false; > > > -+ context->server.try_logon_ex =3D false; > > > -+ } > > > -+ if (!(context->server.cached_flags & NETLOGON_NEG_CROSS_FOREST_TRU= STS)) { > > > -+ context->server.try_validation6 =3D false; > > > -+ } > > > -+ > > > -+ state->creds =3D fstate.creds; > > > -+ tevent_req_done(req); > > > -+ return; > > > -+} > > > -+ > > > -+NTSTATUS netlogon_creds_cli_lock_recv(struct tevent_req *req, > > > -+ TALLOC_CTX *mem_ctx, > > > -+ struct netlogon_creds_CredentialState **creds) > > > -+{ > > > -+ struct netlogon_creds_cli_lock_state *state =3D > > > -+ tevent_req_data(req, > > > -+ struct netlogon_creds_cli_lock_state); > > > -+ NTSTATUS status; > > > -+ > > > -+ if (tevent_req_is_nterror(req, &status)) { > > > -+ tevent_req_received(req); > > > -+ return status; > > > -+ } > > > -+ > > > -+ talloc_steal(state->creds, state->locked_state); > > > -+ state->locked_state->creds =3D state->creds; > > > -+ *creds =3D talloc_move(mem_ctx, &state->creds); > > > -+ tevent_req_received(req); > > > -+ return NT_STATUS_OK; > > > -+} > > > -+ > > > -+NTSTATUS netlogon_creds_cli_lock(struct netlogon_creds_cli_context = *context, > > > -+ TALLOC_CTX *mem_ctx, > > > -+ struct netlogon_creds_CredentialState **creds) > > > -+{ > > > -+ TALLOC_CTX *frame =3D talloc_stackframe(); > > > -+ struct tevent_context *ev; > > > -+ struct tevent_req *req; > > > -+ NTSTATUS status =3D NT_STATUS_NO_MEMORY; > > > -+ > > > -+ ev =3D samba_tevent_context_init(frame); > > > -+ if (ev =3D=3D NULL) { > > > -+ goto fail; > > > -+ } > > > -+ req =3D netlogon_creds_cli_lock_send(frame, ev, context); > > > -+ if (req =3D=3D NULL) { > > > -+ goto fail; > > > -+ } > > > -+ if (!tevent_req_poll_ntstatus(req, ev, &status)) { > > > -+ goto fail; > > > -+ } > > > -+ status =3D netlogon_creds_cli_lock_recv(req, mem_ctx, creds); > > > -+ fail: > > > -+ TALLOC_FREE(frame); > > > -+ return status; > > > -+} > > > -+ > > > -+struct netlogon_creds_cli_auth_state { > > > -+ struct tevent_context *ev; > > > -+ struct netlogon_creds_cli_context *context; > > > -+ struct dcerpc_binding_handle *binding_handle; > > > -+ struct samr_Password current_nt_hash; > > > -+ struct samr_Password previous_nt_hash; > > > -+ struct samr_Password used_nt_hash; > > > -+ char *srv_name_slash; > > > -+ uint32_t current_flags; > > > -+ struct netr_Credential client_challenge; > > > -+ struct netr_Credential server_challenge; > > > -+ struct netlogon_creds_CredentialState *creds; > > > -+ struct netr_Credential client_credential; > > > -+ struct netr_Credential server_credential; > > > -+ uint32_t rid; > > > -+ bool try_auth3; > > > -+ bool try_auth2; > > > -+ bool require_auth2; > > > -+ bool try_previous_nt_hash; > > > -+ struct netlogon_creds_cli_locked_state *locked_state; > > > -+}; > > > -+ > > > -+static void netlogon_creds_cli_auth_locked(struct tevent_req *subre= q); > > > -+static void netlogon_creds_cli_auth_challenge_start(struct tevent_r= eq *req); > > > -+ > > > -+struct tevent_req *netlogon_creds_cli_auth_send(TALLOC_CTX *mem_ctx, > > > -+ struct tevent_context *ev, > > > -+ struct netlogon_creds_cli_context *context, > > > -+ struct dcerpc_binding_handle *b, > > > -+ struct samr_Password current_nt_hash, > > > -+ const struct samr_Password *previous_nt_hash) > > > -+{ > > > -+ struct tevent_req *req; > > > -+ struct netlogon_creds_cli_auth_state *state; > > > -+ struct netlogon_creds_cli_locked_state *locked_state; > > > -+ NTSTATUS status; > > > -+ > > > -+ req =3D tevent_req_create(mem_ctx, &state, > > > -+ struct netlogon_creds_cli_auth_state); > > > -+ if (req =3D=3D NULL) { > > > -+ return NULL; > > > -+ } > > > -+ > > > -+ state->ev =3D ev; > > > -+ state->context =3D context; > > > -+ state->binding_handle =3D b; > > > -+ state->current_nt_hash =3D current_nt_hash; > > > -+ if (previous_nt_hash !=3D NULL) { > > > -+ state->previous_nt_hash =3D *previous_nt_hash; > > > -+ state->try_previous_nt_hash =3D true; > > > -+ } > > > -+ > > > -+ if (context->db.locked_state !=3D NULL) { > > > -+ tevent_req_nterror(req, NT_STATUS_LOCK_NOT_GRANTED); > > > -+ return tevent_req_post(req, ev); > > > -+ } > > > -+ > > > -+ locked_state =3D talloc_zero(state, struct netlogon_creds_cli_lock= ed_state); > > > -+ if (tevent_req_nomem(locked_state, req)) { > > > -+ return tevent_req_post(req, ev); > > > -+ } > > > -+ talloc_set_destructor(locked_state, > > > -+ netlogon_creds_cli_locked_state_destructor); > > > -+ locked_state->context =3D context; > > > -+ > > > -+ context->db.locked_state =3D locked_state; > > > -+ state->locked_state =3D locked_state; > > > -+ > > > -+ state->srv_name_slash =3D talloc_asprintf(state, "\\\\%s", > > > -+ context->server.computer); > > > -+ if (tevent_req_nomem(state->srv_name_slash, req)) { > > > -+ return tevent_req_post(req, ev); > > > -+ } > > > -+ > > > -+ state->try_auth3 =3D true; > > > -+ state->try_auth2 =3D true; > > > -+ > > > -+ if (context->client.required_flags !=3D 0) { > > > -+ state->require_auth2 =3D true; > > > -+ } > > > -+ > > > -+ state->used_nt_hash =3D state->current_nt_hash; > > > -+ state->current_flags =3D context->client.proposed_flags; > > > -+ > > > -+ if (context->db.g_ctx !=3D NULL) { > > > -+ struct tevent_req *subreq; > > > -+ > > > -+ subreq =3D g_lock_lock_send(state, ev, > > > -+ context->db.g_ctx, > > > -+ context->db.key_name, > > > -+ G_LOCK_WRITE); > > > -+ if (tevent_req_nomem(subreq, req)) { > > > -+ return tevent_req_post(req, ev); > > > -+ } > > > -+ tevent_req_set_callback(subreq, > > > -+ netlogon_creds_cli_auth_locked, > > > -+ req); > > > -+ > > > -+ return req; > > > -+ } > > > -+ > > > -+ status =3D dbwrap_delete(state->context->db.ctx, > > > -+ state->context->db.key_data); > > > -+ if (NT_STATUS_EQUAL(status, NT_STATUS_NOT_FOUND)) { > > > -+ status =3D NT_STATUS_OK; > > > -+ } > > > -+ if (tevent_req_nterror(req, status)) { > > > -+ return tevent_req_post(req, ev); > > > -+ } > > > -+ > > > -+ netlogon_creds_cli_auth_challenge_start(req); > > > -+ if (!tevent_req_is_in_progress(req)) { > > > -+ return tevent_req_post(req, ev); > > > -+ } > > > -+ > > > -+ return req; > > > -+} > > > -+ > > > -+static void netlogon_creds_cli_auth_locked(struct tevent_req *subre= q) > > > -+{ > > > -+ struct tevent_req *req =3D > > > -+ tevent_req_callback_data(subreq, > > > -+ struct tevent_req); > > > -+ struct netlogon_creds_cli_auth_state *state =3D > > > -+ tevent_req_data(req, > > > -+ struct netlogon_creds_cli_auth_state); > > > -+ NTSTATUS status; > > > -+ > > > -+ status =3D g_lock_lock_recv(subreq); > > > -+ TALLOC_FREE(subreq); > > > -+ if (tevent_req_nterror(req, status)) { > > > -+ return; > > > -+ } > > > -+ state->locked_state->is_glocked =3D true; > > > -+ > > > -+ status =3D dbwrap_delete(state->context->db.ctx, > > > -+ state->context->db.key_data); > > > -+ if (NT_STATUS_EQUAL(status, NT_STATUS_NOT_FOUND)) { > > > -+ status =3D NT_STATUS_OK; > > > -+ } > > > -+ if (tevent_req_nterror(req, status)) { > > > -+ return; > > > -+ } > > > -+ > > > -+ netlogon_creds_cli_auth_challenge_start(req); > > > -+} > > > -+ > > > -+static void netlogon_creds_cli_auth_challenge_done(struct tevent_re= q *subreq); > > > -+ > > > -+static void netlogon_creds_cli_auth_challenge_start(struct tevent_r= eq *req) > > > -+{ > > > -+ struct netlogon_creds_cli_auth_state *state =3D > > > -+ tevent_req_data(req, > > > -+ struct netlogon_creds_cli_auth_state); > > > -+ struct tevent_req *subreq; > > > -+ > > > -+ TALLOC_FREE(state->creds); > > > -+ > > > -+ generate_random_buffer(state->client_challenge.data, > > > -+ sizeof(state->client_challenge.data)); > > > -+ > > > -+ subreq =3D dcerpc_netr_ServerReqChallenge_send(state, state->ev, > > > -+ state->binding_handle, > > > -+ state->srv_name_slash, > > > -+ state->context->client.computer, > > > -+ &state->client_challenge, > > > -+ &state->server_challenge); > > > -+ if (tevent_req_nomem(subreq, req)) { > > > -+ return; > > > -+ } > > > -+ tevent_req_set_callback(subreq, > > > -+ netlogon_creds_cli_auth_challenge_done, > > > -+ req); > > > -+} > > > -+ > > > -+static void netlogon_creds_cli_auth_srvauth_done(struct tevent_req = *subreq); > > > -+ > > > -+static void netlogon_creds_cli_auth_challenge_done(struct tevent_re= q *subreq) > > > -+{ > > > -+ struct tevent_req *req =3D > > > -+ tevent_req_callback_data(subreq, > > > -+ struct tevent_req); > > > -+ struct netlogon_creds_cli_auth_state *state =3D > > > -+ tevent_req_data(req, > > > -+ struct netlogon_creds_cli_auth_state); > > > -+ NTSTATUS status; > > > -+ NTSTATUS result; > > > -+ > > > -+ status =3D dcerpc_netr_ServerReqChallenge_recv(subreq, state, &res= ult); > > > -+ TALLOC_FREE(subreq); > > > -+ if (tevent_req_nterror(req, status)) { > > > -+ return; > > > -+ } > > > -+ if (tevent_req_nterror(req, result)) { > > > -+ return; > > > -+ } > > > -+ > > > -+ if (!state->try_auth3 && !state->try_auth2) { > > > -+ state->current_flags =3D 0; > > > -+ } > > > -+ > > > -+ /* Calculate the session key and client credentials */ > > > -+ > > > -+ state->creds =3D netlogon_creds_client_init(state, > > > -+ state->context->client.account, > > > -+ state->context->client.computer, > > > -+ state->context->client.type, > > > -+ &state->client_challenge, > > > -+ &state->server_challenge, > > > -+ &state->used_nt_hash, > > > -+ &state->client_credential, > > > -+ state->current_flags); > > > -+ if (tevent_req_nomem(state->creds, req)) { > > > -+ return; > > > -+ } > > > -+ > > > -+ if (state->try_auth3) { > > > -+ subreq =3D dcerpc_netr_ServerAuthenticate3_send(state, state->ev, > > > -+ state->binding_handle, > > > -+ state->srv_name_slash, > > > -+ state->context->client.account, > > > -+ state->context->client.type, > > > -+ state->context->client.computer, > > > -+ &state->client_credential, > > > -+ &state->server_credential, > > > -+ &state->creds->negotiate_flags, > > > -+ &state->rid); > > > -+ if (tevent_req_nomem(subreq, req)) { > > > -+ return; > > > -+ } > > > -+ } else if (state->try_auth2) { > > > -+ state->rid =3D 0; > > > -+ > > > -+ subreq =3D dcerpc_netr_ServerAuthenticate2_send(state, state->ev, > > > -+ state->binding_handle, > > > -+ state->srv_name_slash, > > > -+ state->context->client.account, > > > -+ state->context->client.type, > > > -+ state->context->client.computer, > > > -+ &state->client_credential, > > > -+ &state->server_credential, > > > -+ &state->creds->negotiate_flags); > > > -+ if (tevent_req_nomem(subreq, req)) { > > > -+ return; > > > -+ } > > > -+ } else { > > > -+ state->rid =3D 0; > > > -+ > > > -+ subreq =3D dcerpc_netr_ServerAuthenticate_send(state, state->ev, > > > -+ state->binding_handle, > > > -+ state->srv_name_slash, > > > -+ state->context->client.account, > > > -+ state->context->client.type, > > > -+ state->context->client.computer, > > > -+ &state->client_credential, > > > -+ &state->server_credential); > > > -+ if (tevent_req_nomem(subreq, req)) { > > > -+ return; > > > -+ } > > > -+ } > > > -+ tevent_req_set_callback(subreq, > > > -+ netlogon_creds_cli_auth_srvauth_done, > > > -+ req); > > > -+} > > > -+ > > > -+static void netlogon_creds_cli_auth_srvauth_done(struct tevent_req = *subreq) > > > -+{ > > > -+ struct tevent_req *req =3D > > > -+ tevent_req_callback_data(subreq, > > > -+ struct tevent_req); > > > -+ struct netlogon_creds_cli_auth_state *state =3D > > > -+ tevent_req_data(req, > > > -+ struct netlogon_creds_cli_auth_state); > > > -+ NTSTATUS status; > > > -+ NTSTATUS result; > > > -+ bool ok; > > > -+ enum ndr_err_code ndr_err; > > > -+ DATA_BLOB blob; > > > -+ TDB_DATA data; > > > -+ uint32_t tmp_flags; > > > -+ > > > -+ if (state->try_auth3) { > > > -+ status =3D dcerpc_netr_ServerAuthenticate3_recv(subreq, state, > > > -+ &result); > > > -+ TALLOC_FREE(subreq); > > > -+ if (NT_STATUS_EQUAL(status, NT_STATUS_RPC_PROCNUM_OUT_OF_RANGE)) { > > > -+ state->try_auth3 =3D false; > > > -+ netlogon_creds_cli_auth_challenge_start(req); > > > -+ return; > > > -+ } > > > -+ if (tevent_req_nterror(req, status)) { > > > -+ return; > > > -+ } > > > -+ } else if (state->try_auth2) { > > > -+ status =3D dcerpc_netr_ServerAuthenticate2_recv(subreq, state, > > > -+ &result); > > > -+ TALLOC_FREE(subreq); > > > -+ if (NT_STATUS_EQUAL(status, NT_STATUS_RPC_PROCNUM_OUT_OF_RANGE)) { > > > -+ state->try_auth2 =3D false; > > > -+ if (state->require_auth2) { > > > -+ status =3D NT_STATUS_DOWNGRADE_DETECTED; > > > -+ tevent_req_nterror(req, status); > > > -+ return; > > > -+ } > > > -+ netlogon_creds_cli_auth_challenge_start(req); > > > -+ return; > > > -+ } > > > -+ if (tevent_req_nterror(req, status)) { > > > -+ return; > > > -+ } > > > -+ } else { > > > -+ status =3D dcerpc_netr_ServerAuthenticate_recv(subreq, state, > > > -+ &result); > > > -+ TALLOC_FREE(subreq); > > > -+ if (tevent_req_nterror(req, status)) { > > > -+ return; > > > -+ } > > > -+ } > > > -+ > > > -+ if (!NT_STATUS_IS_OK(result) && > > > -+ !NT_STATUS_EQUAL(result, NT_STATUS_ACCESS_DENIED)) > > > -+ { > > > -+ tevent_req_nterror(req, result); > > > -+ return; > > > -+ } > > > -+ > > > -+ tmp_flags =3D state->creds->negotiate_flags; > > > -+ tmp_flags &=3D state->context->client.required_flags; > > > -+ if (tmp_flags !=3D state->context->client.required_flags) { > > > -+ if (NT_STATUS_IS_OK(result)) { > > > -+ tevent_req_nterror(req, NT_STATUS_DOWNGRADE_DETECTED); > > > -+ return; > > > -+ } > > > -+ tevent_req_nterror(req, result); > > > -+ return; > > > -+ } > > > -+ > > > -+ if (NT_STATUS_EQUAL(result, NT_STATUS_ACCESS_DENIED)) { > > > -+ > > > -+ tmp_flags =3D state->context->client.proposed_flags; > > > -+ if ((state->current_flags =3D=3D tmp_flags) && > > > -+ (state->creds->negotiate_flags !=3D tmp_flags)) > > > -+ { > > > -+ /* > > > -+ * lets retry with the negotiated flags > > > -+ */ > > > -+ state->current_flags =3D state->creds->negotiate_flags; > > > -+ netlogon_creds_cli_auth_challenge_start(req); > > > -+ return; > > > -+ } > > > -+ > > > -+ if (!state->try_previous_nt_hash) { > > > -+ /* > > > -+ * we already retried, giving up... > > > -+ */ > > > -+ tevent_req_nterror(req, result); > > > -+ return; > > > -+ } > > > -+ > > > -+ /* > > > -+ * lets retry with the old nt hash. > > > -+ */ > > > -+ state->try_previous_nt_hash =3D false; > > > -+ state->used_nt_hash =3D state->previous_nt_hash; > > > -+ state->current_flags =3D state->context->client.proposed_flags; > > > -+ netlogon_creds_cli_auth_challenge_start(req); > > > -+ return; > > > -+ } > > > -+ > > > -+ ok =3D netlogon_creds_client_check(state->creds, > > > -+ &state->server_credential); > > > -+ if (!ok) { > > > -+ tevent_req_nterror(req, NT_STATUS_ACCESS_DENIED); > > > -+ return; > > > -+ } > > > -+ > > > -+ ndr_err =3D ndr_push_struct_blob(&blob, state, state->creds, > > > -+ (ndr_push_flags_fn_t)ndr_push_netlogon_creds_CredentialState); > > > -+ if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) { > > > -+ status =3D ndr_map_error2ntstatus(ndr_err); > > > -+ tevent_req_nterror(req, status); > > > -+ return; > > > -+ } > > > -+ > > > -+ data.dptr =3D blob.data; > > > -+ data.dsize =3D blob.length; > > > -+ > > > -+ status =3D dbwrap_store(state->context->db.ctx, > > > -+ state->context->db.key_data, > > > -+ data, TDB_REPLACE); > > > -+ TALLOC_FREE(state->locked_state); > > > -+ if (tevent_req_nterror(req, status)) { > > > -+ return; > > > -+ } > > > -+ > > > -+ tevent_req_done(req); > > > -+} > > > -+ > > > -+NTSTATUS netlogon_creds_cli_auth_recv(struct tevent_req *req) > > > -+{ > > > -+ NTSTATUS status; > > > -+ > > > -+ if (tevent_req_is_nterror(req, &status)) { > > > -+ tevent_req_received(req); > > > -+ return status; > > > -+ } > > > -+ > > > -+ tevent_req_received(req); > > > -+ return NT_STATUS_OK; > > > -+} > > > -+ > > > -+NTSTATUS netlogon_creds_cli_auth(struct netlogon_creds_cli_context = *context, > > > -+ struct dcerpc_binding_handle *b, > > > -+ struct samr_Password current_nt_hash, > > > -+ const struct samr_Password *previous_nt_hash) > > > -+{ > > > -+ TALLOC_CTX *frame =3D talloc_stackframe(); > > > -+ struct tevent_context *ev; > > > -+ struct tevent_req *req; > > > -+ NTSTATUS status =3D NT_STATUS_NO_MEMORY; > > > -+ > > > -+ ev =3D samba_tevent_context_init(frame); > > > -+ if (ev =3D=3D NULL) { > > > -+ goto fail; > > > -+ } > > > -+ req =3D netlogon_creds_cli_auth_send(frame, ev, context, b, > > > -+ current_nt_hash, > > > -+ previous_nt_hash); > > > -+ if (req =3D=3D NULL) { > > > -+ goto fail; > > > -+ } > > > -+ if (!tevent_req_poll_ntstatus(req, ev, &status)) { > > > -+ goto fail; > > > -+ } > > > -+ status =3D netlogon_creds_cli_auth_recv(req); > > > -+ fail: > > > -+ TALLOC_FREE(frame); > > > -+ return status; > > > -+} > > > -+ > > > -+struct netlogon_creds_cli_check_state { > > > -+ struct tevent_context *ev; > > > -+ struct netlogon_creds_cli_context *context; > > > -+ struct dcerpc_binding_handle *binding_handle; > > > -+ > > > -+ char *srv_name_slash; > > > -+ > > > -+ union netr_Capabilities caps; > > > -+ > > > -+ struct netlogon_creds_CredentialState *creds; > > > -+ struct netlogon_creds_CredentialState tmp_creds; > > > -+ struct netr_Authenticator req_auth; > > > -+ struct netr_Authenticator rep_auth; > > > -+}; > > > -+ > > > -+static void netlogon_creds_cli_check_cleanup(struct tevent_req *req, > > > -+ NTSTATUS status); > > > -+static void netlogon_creds_cli_check_locked(struct tevent_req *subr= eq); > > > -+ > > > -+struct tevent_req *netlogon_creds_cli_check_send(TALLOC_CTX *mem_ct= x, > > > -+ struct tevent_context *ev, > > > -+ struct netlogon_creds_cli_context *context, > > > -+ struct dcerpc_binding_handle *b) > > > -+{ > > > -+ struct tevent_req *req; > > > -+ struct netlogon_creds_cli_check_state *state; > > > -+ struct tevent_req *subreq; > > > -+ enum dcerpc_AuthType auth_type; > > > -+ enum dcerpc_AuthLevel auth_level; > > > -+ > > > -+ req =3D tevent_req_create(mem_ctx, &state, > > > -+ struct netlogon_creds_cli_check_state); > > > -+ if (req =3D=3D NULL) { > > > -+ return NULL; > > > -+ } > > > -+ > > > -+ state->ev =3D ev; > > > -+ state->context =3D context; > > > -+ state->binding_handle =3D b; > > > -+ > > > -+ state->srv_name_slash =3D talloc_asprintf(state, "\\\\%s", > > > -+ context->server.computer); > > > -+ if (tevent_req_nomem(state->srv_name_slash, req)) { > > > -+ return tevent_req_post(req, ev); > > > -+ } > > > -+ > > > -+ dcerpc_binding_handle_auth_info(state->binding_handle, > > > -+ &auth_type, &auth_level); > > > -+ > > > -+ if (auth_type !=3D DCERPC_AUTH_TYPE_SCHANNEL) { > > > -+ tevent_req_nterror(req, NT_STATUS_INVALID_PARAMETER_MIX); > > > -+ return tevent_req_post(req, ev); > > > -+ } > > > -+ > > > -+ switch (auth_level) { > > > -+ case DCERPC_AUTH_LEVEL_INTEGRITY: > > > -+ case DCERPC_AUTH_LEVEL_PRIVACY: > > > -+ break; > > > -+ default: > > > -+ tevent_req_nterror(req, NT_STATUS_INVALID_PARAMETER_MIX); > > > -+ return tevent_req_post(req, ev); > > > -+ } > > > -+ > > > -+ subreq =3D netlogon_creds_cli_lock_send(state, state->ev, > > > -+ state->context); > > > -+ if (tevent_req_nomem(subreq, req)) { > > > -+ return tevent_req_post(req, ev); > > > -+ } > > > -+ > > > -+ tevent_req_set_callback(subreq, > > > -+ netlogon_creds_cli_check_locked, > > > -+ req); > > > -+ > > > -+ return req; > > > -+} > > > -+ > > > -+static void netlogon_creds_cli_check_cleanup(struct tevent_req *req, > > > -+ NTSTATUS status) > > > -+{ > > > -+ struct netlogon_creds_cli_check_state *state =3D > > > -+ tevent_req_data(req, > > > -+ struct netlogon_creds_cli_check_state); > > > -+ > > > -+ if (state->creds =3D=3D NULL) { > > > -+ return; > > > -+ } > > > -+ > > > -+ if (!NT_STATUS_EQUAL(status, NT_STATUS_NETWORK_ACCESS_DENIED) && > > > -+ !NT_STATUS_EQUAL(status, NT_STATUS_IO_TIMEOUT) && > > > -+ !NT_STATUS_EQUAL(status, NT_STATUS_DOWNGRADE_DETECTED) && > > > -+ !NT_STATUS_EQUAL(status, NT_STATUS_ACCESS_DENIED) && > > > -+ !NT_STATUS_EQUAL(status, NT_STATUS_RPC_SEC_PKG_ERROR)) { > > > -+ TALLOC_FREE(state->creds); > > > -+ return; > > > -+ } > > > -+ > > > -+ netlogon_creds_cli_delete(state->context, &state->creds); > > > -+} > > > -+ > > > -+static void netlogon_creds_cli_check_caps(struct tevent_req *subreq= ); > > > -+ > > > -+static void netlogon_creds_cli_check_locked(struct tevent_req *subr= eq) > > > -+{ > > > -+ struct tevent_req *req =3D > > > -+ tevent_req_callback_data(subreq, > > > -+ struct tevent_req); > > > -+ struct netlogon_creds_cli_check_state *state =3D > > > -+ tevent_req_data(req, > > > -+ struct netlogon_creds_cli_check_state); > > > -+ NTSTATUS status; > > > -+ > > > -+ status =3D netlogon_creds_cli_lock_recv(subreq, state, > > > -+ &state->creds); > > > -+ TALLOC_FREE(subreq); > > > -+ if (tevent_req_nterror(req, status)) { > > > -+ return; > > > -+ } > > > -+ > > > -+ /* > > > -+ * we defer all callbacks in order to cleanup > > > -+ * the database record. > > > -+ */ > > > -+ tevent_req_defer_callback(req, state->ev); > > > -+ > > > -+ state->tmp_creds =3D *state->creds; > > > -+ netlogon_creds_client_authenticator(&state->tmp_creds, > > > -+ &state->req_auth); > > > -+ ZERO_STRUCT(state->rep_auth); > > > -+ > > > -+ subreq =3D dcerpc_netr_LogonGetCapabilities_send(state, state->ev, > > > -+ state->binding_handle, > > > -+ state->srv_name_slash, > > > -+ state->context->client.computer, > > > -+ &state->req_auth, > > > -+ &state->rep_auth, > > > -+ 1, > > > -+ &state->caps); > > > -+ if (tevent_req_nomem(subreq, req)) { > > > -+ status =3D NT_STATUS_NO_MEMORY; > > > -+ netlogon_creds_cli_check_cleanup(req, status); > > > -+ return; > > > -+ } > > > -+ tevent_req_set_callback(subreq, > > > -+ netlogon_creds_cli_check_caps, > > > -+ req); > > > -+} > > > -+ > > > -+static void netlogon_creds_cli_check_caps(struct tevent_req *subreq) > > > -+{ > > > -+ struct tevent_req *req =3D > > > -+ tevent_req_callback_data(subreq, > > > -+ struct tevent_req); > > > -+ struct netlogon_creds_cli_check_state *state =3D > > > -+ tevent_req_data(req, > > > -+ struct netlogon_creds_cli_check_state); > > > -+ NTSTATUS status; > > > -+ NTSTATUS result; > > > -+ bool ok; > > > -+ > > > -+ status =3D dcerpc_netr_LogonGetCapabilities_recv(subreq, state, > > > -+ &result); > > > -+ TALLOC_FREE(subreq); > > > -+ if (NT_STATUS_EQUAL(status, NT_STATUS_RPC_PROCNUM_OUT_OF_RANGE)) { > > > -+ /* > > > -+ * Note that the negotiated flags are already checked > > > -+ * for our required flags after the ServerAuthenticate3/2 call. > > > -+ */ > > > -+ uint32_t negotiated =3D state->tmp_creds.negotiate_flags; > > > -+ > > > -+ if (negotiated & NETLOGON_NEG_SUPPORTS_AES) { > > > -+ /* > > > -+ * If we have negotiated NETLOGON_NEG_SUPPORTS_AES > > > -+ * already, we expect this to work! > > > -+ */ > > > -+ status =3D NT_STATUS_DOWNGRADE_DETECTED; > > > -+ tevent_req_nterror(req, status); > > > -+ netlogon_creds_cli_check_cleanup(req, status); > > > -+ return; > > > -+ } > > > -+ > > > -+ if (negotiated & NETLOGON_NEG_STRONG_KEYS) { > > > -+ /* > > > -+ * If we have negotiated NETLOGON_NEG_STRONG_KEYS > > > -+ * we expect this to work at least as far as the > > > -+ * NOT_SUPPORTED error handled below! > > > -+ * > > > -+ * NT 4.0 and Old Samba servers are not > > > -+ * allowed without "require strong key =3D no" > > > -+ */ > > > -+ status =3D NT_STATUS_DOWNGRADE_DETECTED; > > > -+ tevent_req_nterror(req, status); > > > -+ netlogon_creds_cli_check_cleanup(req, status); > > > -+ return; > > > -+ } > > > -+ > > > -+ /* > > > -+ * If we not require NETLOGON_NEG_SUPPORTS_AES or > > > -+ * NETLOGON_NEG_STRONG_KEYS, it's ok to ignore > > > -+ * NT_STATUS_RPC_PROCNUM_OUT_OF_RANGE. > > > -+ * > > > -+ * This is needed against NT 4.0 and old Samba servers. > > > -+ * > > > -+ * As we're using DCERPC_AUTH_TYPE_SCHANNEL with > > > -+ * DCERPC_AUTH_LEVEL_INTEGRITY or DCERPC_AUTH_LEVEL_PRIVACY > > > -+ * we should detect a faked NT_STATUS_RPC_PROCNUM_OUT_OF_RANGE > > > -+ * with the next request as the sequence number processing > > > -+ * gets out of sync. > > > -+ */ > > > -+ netlogon_creds_cli_check_cleanup(req, result); > > > -+ tevent_req_done(req); > > > -+ return; > > > -+ } > > > -+ if (tevent_req_nterror(req, status)) { > > > -+ netlogon_creds_cli_check_cleanup(req, status); > > > -+ return; > > > -+ } > > > -+ > > > -+ if (NT_STATUS_EQUAL(result, NT_STATUS_NOT_IMPLEMENTED)) { > > > -+ /* > > > -+ * Note that the negotiated flags are already checked > > > -+ * for our required flags after the ServerAuthenticate3/2 call. > > > -+ */ > > > -+ uint32_t negotiated =3D state->tmp_creds.negotiate_flags; > > > -+ > > > -+ if (negotiated & NETLOGON_NEG_SUPPORTS_AES) { > > > -+ /* > > > -+ * If we have negotiated NETLOGON_NEG_SUPPORTS_AES > > > -+ * already, we expect this to work! > > > -+ */ > > > -+ status =3D NT_STATUS_DOWNGRADE_DETECTED; > > > -+ tevent_req_nterror(req, status); > > > -+ netlogon_creds_cli_check_cleanup(req, status); > > > -+ return; > > > -+ } > > > -+ > > > -+ /* > > > -+ * This is ok, the server does not support > > > -+ * NETLOGON_NEG_SUPPORTS_AES. > > > -+ * > > > -+ * netr_LogonGetCapabilities() was > > > -+ * netr_LogonDummyRoutine1() before > > > -+ * NETLOGON_NEG_SUPPORTS_AES was invented. > > > -+ */ > > > -+ netlogon_creds_cli_check_cleanup(req, result); > > > -+ tevent_req_done(req); > > > -+ return; > > > -+ } > > > -+ > > > -+ ok =3D netlogon_creds_client_check(&state->tmp_creds, > > > -+ &state->rep_auth.cred); > > > -+ if (!ok) { > > > -+ status =3D NT_STATUS_ACCESS_DENIED; > > > -+ tevent_req_nterror(req, status); > > > -+ netlogon_creds_cli_check_cleanup(req, status); > > > -+ return; > > > -+ } > > > -+ > > > -+ if (tevent_req_nterror(req, result)) { > > > -+ netlogon_creds_cli_check_cleanup(req, result); > > > -+ return; > > > -+ } > > > -+ > > > -+ if (state->caps.server_capabilities !=3D state->tmp_creds.negotiat= e_flags) { > > > -+ status =3D NT_STATUS_DOWNGRADE_DETECTED; > > > -+ tevent_req_nterror(req, status); > > > -+ netlogon_creds_cli_check_cleanup(req, status); > > > -+ return; > > > -+ } > > > -+ > > > -+ /* > > > -+ * This is the key check that makes this check secure. If we > > > -+ * get OK here (rather than NOT_SUPPORTED), then the server > > > -+ * did support AES. If the server only proposed STRONG_KEYS > > > -+ * and not AES, then it should have failed with > > > -+ * NOT_IMPLEMENTED. We always send AES as a client, so the > > > -+ * server should always have returned it. > > > -+ */ > > > -+ if (!(state->caps.server_capabilities & NETLOGON_NEG_SUPPORTS_AES)= ) { > > > -+ status =3D NT_STATUS_DOWNGRADE_DETECTED; > > > -+ tevent_req_nterror(req, status); > > > -+ netlogon_creds_cli_check_cleanup(req, status); > > > -+ return; > > > -+ } > > > -+ > > > -+ *state->creds =3D state->tmp_creds; > > > -+ status =3D netlogon_creds_cli_store(state->context, > > > -+ &state->creds); > > > -+ netlogon_creds_cli_check_cleanup(req, status); > > > -+ if (tevent_req_nterror(req, status)) { > > > -+ return; > > > -+ } > > > -+ > > > -+ tevent_req_done(req); > > > -+} > > > -+ > > > -+NTSTATUS netlogon_creds_cli_check_recv(struct tevent_req *req) > > > -+{ > > > -+ NTSTATUS status; > > > -+ > > > -+ if (tevent_req_is_nterror(req, &status)) { > > > -+ netlogon_creds_cli_check_cleanup(req, status); > > > -+ tevent_req_received(req); > > > -+ return status; > > > -+ } > > > -+ > > > -+ tevent_req_received(req); > > > -+ return NT_STATUS_OK; > > > -+} > > > -+ > > > -+NTSTATUS netlogon_creds_cli_check(struct netlogon_creds_cli_context= *context, > > > -+ struct dcerpc_binding_handle *b) > > > -+{ > > > -+ TALLOC_CTX *frame =3D talloc_stackframe(); > > > -+ struct tevent_context *ev; > > > -+ struct tevent_req *req; > > > -+ NTSTATUS status =3D NT_STATUS_NO_MEMORY; > > > -+ > > > -+ ev =3D samba_tevent_context_init(frame); > > > -+ if (ev =3D=3D NULL) { > > > -+ goto fail; > > > -+ } > > > -+ req =3D netlogon_creds_cli_check_send(frame, ev, context, b); > > > -+ if (req =3D=3D NULL) { > > > -+ goto fail; > > > -+ } > > > -+ if (!tevent_req_poll_ntstatus(req, ev, &status)) { > > > -+ goto fail; > > > -+ } > > > -+ status =3D netlogon_creds_cli_check_recv(req); > > > -+ fail: > > > -+ TALLOC_FREE(frame); > > > -+ return status; > > > -+} > > > -+ > > > -+struct netlogon_creds_cli_ServerPasswordSet_state { > > > -+ struct tevent_context *ev; > > > -+ struct netlogon_creds_cli_context *context; > > > -+ struct dcerpc_binding_handle *binding_handle; > > > -+ uint32_t old_timeout; > > > -+ > > > -+ char *srv_name_slash; > > > -+ enum dcerpc_AuthType auth_type; > > > -+ enum dcerpc_AuthLevel auth_level; > > > -+ > > > -+ struct samr_CryptPassword samr_crypt_password; > > > -+ struct netr_CryptPassword netr_crypt_password; > > > -+ struct samr_Password samr_password; > > > -+ > > > -+ struct netlogon_creds_CredentialState *creds; > > > -+ struct netlogon_creds_CredentialState tmp_creds; > > > -+ struct netr_Authenticator req_auth; > > > -+ struct netr_Authenticator rep_auth; > > > -+}; > > > -+ > > > -+static void netlogon_creds_cli_ServerPasswordSet_cleanup(struct tev= ent_req *req, > > > -+ NTSTATUS status); > > > -+static void netlogon_creds_cli_ServerPasswordSet_locked(struct teve= nt_req *subreq); > > > -+ > > > -+struct tevent_req *netlogon_creds_cli_ServerPasswordSet_send(TALLOC= _CTX *mem_ctx, > > > -+ struct tevent_context *ev, > > > -+ struct netlogon_creds_cli_context *context, > > > -+ struct dcerpc_binding_handle *b, > > > -+ const char *new_password, > > > -+ const uint32_t *new_version) > > > -+{ > > > -+ struct tevent_req *req; > > > -+ struct netlogon_creds_cli_ServerPasswordSet_state *state; > > > -+ struct tevent_req *subreq; > > > -+ bool ok; > > > -+ > > > -+ req =3D tevent_req_create(mem_ctx, &state, > > > -+ struct netlogon_creds_cli_ServerPasswordSet_state); > > > -+ if (req =3D=3D NULL) { > > > -+ return NULL; > > > -+ } > > > -+ > > > -+ state->ev =3D ev; > > > -+ state->context =3D context; > > > -+ state->binding_handle =3D b; > > > -+ > > > -+ /* > > > -+ * netr_ServerPasswordSet > > > -+ */ > > > -+ E_md4hash(new_password, state->samr_password.hash); > > > -+ > > > -+ /* > > > -+ * netr_ServerPasswordSet2 > > > -+ */ > > > -+ ok =3D encode_pw_buffer(state->samr_crypt_password.data, > > > -+ new_password, STR_UNICODE); > > > -+ if (!ok) { > > > -+ tevent_req_nterror(req, NT_STATUS_INVALID_PARAMETER_MIX); > > > -+ return tevent_req_post(req, ev); > > > -+ } > > > -+ > > > -+ if (new_version !=3D NULL) { > > > -+ struct NL_PASSWORD_VERSION version; > > > -+ uint32_t len =3D IVAL(state->samr_crypt_password.data, 512); > > > -+ uint32_t ofs =3D 512 - len; > > > -+ uint8_t *p; > > > -+ > > > -+ if (ofs < 12) { > > > -+ tevent_req_nterror(req, NT_STATUS_INVALID_PARAMETER_MIX); > > > -+ return tevent_req_post(req, ev); > > > -+ } > > > -+ ofs -=3D 12; > > > -+ > > > -+ version.ReservedField =3D 0; > > > -+ version.PasswordVersionNumber =3D *new_version; > > > -+ version.PasswordVersionPresent =3D > > > -+ NETLOGON_PASSWORD_VERSION_NUMBER_PRESENT; > > > -+ > > > -+ p =3D state->samr_crypt_password.data + ofs; > > > -+ SIVAL(p, 0, version.ReservedField); > > > -+ SIVAL(p, 4, version.PasswordVersionNumber); > > > -+ SIVAL(p, 8, version.PasswordVersionPresent); > > > -+ } > > > -+ > > > -+ state->srv_name_slash =3D talloc_asprintf(state, "\\\\%s", > > > -+ context->server.computer); > > > -+ if (tevent_req_nomem(state->srv_name_slash, req)) { > > > -+ return tevent_req_post(req, ev); > > > -+ } > > > -+ > > > -+ dcerpc_binding_handle_auth_info(state->binding_handle, > > > -+ &state->auth_type, > > > -+ &state->auth_level); > > > -+ > > > -+ subreq =3D netlogon_creds_cli_lock_send(state, state->ev, > > > -+ state->context); > > > -+ if (tevent_req_nomem(subreq, req)) { > > > -+ return tevent_req_post(req, ev); > > > -+ } > > > -+ > > > -+ tevent_req_set_callback(subreq, > > > -+ netlogon_creds_cli_ServerPasswordSet_locked, > > > -+ req); > > > -+ > > > -+ return req; > > > -+} > > > -+ > > > -+static void netlogon_creds_cli_ServerPasswordSet_cleanup(struct tev= ent_req *req, > > > -+ NTSTATUS status) > > > -+{ > > > -+ struct netlogon_creds_cli_ServerPasswordSet_state *state =3D > > > -+ tevent_req_data(req, > > > -+ struct netlogon_creds_cli_ServerPasswordSet_state); > > > -+ > > > -+ if (state->creds =3D=3D NULL) { > > > -+ return; > > > -+ } > > > -+ > > > -+ dcerpc_binding_handle_set_timeout(state->binding_handle, > > > -+ state->old_timeout); > > > -+ > > > -+ if (!NT_STATUS_EQUAL(status, NT_STATUS_NETWORK_ACCESS_DENIED) && > > > -+ !NT_STATUS_EQUAL(status, NT_STATUS_IO_TIMEOUT) && > > > -+ !NT_STATUS_EQUAL(status, NT_STATUS_DOWNGRADE_DETECTED) && > > > -+ !NT_STATUS_EQUAL(status, NT_STATUS_ACCESS_DENIED) && > > > -+ !NT_STATUS_EQUAL(status, NT_STATUS_RPC_SEC_PKG_ERROR)) { > > > -+ TALLOC_FREE(state->creds); > > > -+ return; > > > -+ } > > > -+ > > > -+ netlogon_creds_cli_delete(state->context, &state->creds); > > > -+} > > > -+ > > > -+static void netlogon_creds_cli_ServerPasswordSet_done(struct tevent= _req *subreq); > > > -+ > > > -+static void netlogon_creds_cli_ServerPasswordSet_locked(struct teve= nt_req *subreq) > > > -+{ > > > -+ struct tevent_req *req =3D > > > -+ tevent_req_callback_data(subreq, > > > -+ struct tevent_req); > > > -+ struct netlogon_creds_cli_ServerPasswordSet_state *state =3D > > > -+ tevent_req_data(req, > > > -+ struct netlogon_creds_cli_ServerPasswordSet_state); > > > -+ NTSTATUS status; > > > -+ > > > -+ status =3D netlogon_creds_cli_lock_recv(subreq, state, > > > -+ &state->creds); > > > -+ TALLOC_FREE(subreq); > > > -+ if (tevent_req_nterror(req, status)) { > > > -+ return; > > > -+ } > > > -+ > > > -+ if (state->auth_type =3D=3D DCERPC_AUTH_TYPE_SCHANNEL) { > > > -+ switch (state->auth_level) { > > > -+ case DCERPC_AUTH_LEVEL_INTEGRITY: > > > -+ case DCERPC_AUTH_LEVEL_PRIVACY: > > > -+ break; > > > -+ default: > > > -+ tevent_req_nterror(req, NT_STATUS_INVALID_PARAMETER_MIX); > > > -+ return; > > > -+ } > > > -+ } else { > > > -+ uint32_t tmp =3D state->creds->negotiate_flags; > > > -+ > > > -+ if (tmp & NETLOGON_NEG_AUTHENTICATED_RPC) { > > > -+ /* > > > -+ * if DCERPC_AUTH_TYPE_SCHANNEL is supported > > > -+ * it should be used, which means > > > -+ * we had a chance to verify no downgrade > > > -+ * happened. > > > -+ * > > > -+ * This relies on netlogon_creds_cli_check* > > > -+ * being called before, as first request after > > > -+ * the DCERPC bind. > > > -+ */ > > > -+ tevent_req_nterror(req, NT_STATUS_INVALID_PARAMETER_MIX); > > > -+ return; > > > -+ } > > > -+ } > > > -+ > > > -+ state->old_timeout =3D dcerpc_binding_handle_set_timeout( > > > -+ state->binding_handle, 600000); > > > -+ > > > -+ /* > > > -+ * we defer all callbacks in order to cleanup > > > -+ * the database record. > > > -+ */ > > > -+ tevent_req_defer_callback(req, state->ev); > > > -+ > > > -+ state->tmp_creds =3D *state->creds; > > > -+ netlogon_creds_client_authenticator(&state->tmp_creds, > > > -+ &state->req_auth); > > > -+ ZERO_STRUCT(state->rep_auth); > > > -+ > > > -+ if (state->tmp_creds.negotiate_flags & NETLOGON_NEG_PASSWORD_SET2)= { > > > -+ > > > -+ if (state->tmp_creds.negotiate_flags & NETLOGON_NEG_SUPPORTS_AES)= { > > > -+ netlogon_creds_aes_encrypt(&state->tmp_creds, > > > -+ state->samr_crypt_password.data, > > > -+ 516); > > > -+ } else { > > > -+ netlogon_creds_arcfour_crypt(&state->tmp_creds, > > > -+ state->samr_crypt_password.data, > > > -+ 516); > > > -+ } > > > -+ > > > -+ memcpy(state->netr_crypt_password.data, > > > -+ state->samr_crypt_password.data, 512); > > > -+ state->netr_crypt_password.length =3D > > > -+ IVAL(state->samr_crypt_password.data, 512); > > > -+ > > > -+ subreq =3D dcerpc_netr_ServerPasswordSet2_send(state, state->ev, > > > -+ state->binding_handle, > > > -+ state->srv_name_slash, > > > -+ state->tmp_creds.account_name, > > > -+ state->tmp_creds.secure_channel_type, > > > -+ state->tmp_creds.computer_name, > > > -+ &state->req_auth, > > > -+ &state->rep_auth, > > > -+ &state->netr_crypt_password); > > > -+ if (tevent_req_nomem(subreq, req)) { > > > -+ status =3D NT_STATUS_NO_MEMORY; > > > -+ netlogon_creds_cli_ServerPasswordSet_cleanup(req, status); > > > -+ return; > > > -+ } > > > -+ } else { > > > -+ netlogon_creds_des_encrypt(&state->tmp_creds, > > > -+ &state->samr_password); > > > -+ > > > -+ subreq =3D dcerpc_netr_ServerPasswordSet_send(state, state->ev, > > > -+ state->binding_handle, > > > -+ state->srv_name_slash, > > > -+ state->tmp_creds.account_name, > > > -+ state->tmp_creds.secure_channel_type, > > > -+ state->tmp_creds.computer_name, > > > -+ &state->req_auth, > > > -+ &state->rep_auth, > > > -+ &state->samr_password); > > > -+ if (tevent_req_nomem(subreq, req)) { > > > -+ status =3D NT_STATUS_NO_MEMORY; > > > -+ netlogon_creds_cli_ServerPasswordSet_cleanup(req, status); > > > -+ return; > > > -+ } > > > -+ } > > > -+ > > > -+ tevent_req_set_callback(subreq, > > > -+ netlogon_creds_cli_ServerPasswordSet_done, > > > -+ req); > > > -+} > > > -+ > > > -+static void netlogon_creds_cli_ServerPasswordSet_done(struct tevent= _req *subreq) > > > -+{ > > > -+ struct tevent_req *req =3D > > > -+ tevent_req_callback_data(subreq, > > > -+ struct tevent_req); > > > -+ struct netlogon_creds_cli_ServerPasswordSet_state *state =3D > > > -+ tevent_req_data(req, > > > -+ struct netlogon_creds_cli_ServerPasswordSet_state); > > > -+ NTSTATUS status; > > > -+ NTSTATUS result; > > > -+ bool ok; > > > -+ > > > -+ if (state->tmp_creds.negotiate_flags & NETLOGON_NEG_PASSWORD_SET2)= { > > > -+ status =3D dcerpc_netr_ServerPasswordSet2_recv(subreq, state, > > > -+ &result); > > > -+ TALLOC_FREE(subreq); > > > -+ if (tevent_req_nterror(req, status)) { > > > -+ netlogon_creds_cli_ServerPasswordSet_cleanup(req, status); > > > -+ return; > > > -+ } > > > -+ } else { > > > -+ status =3D dcerpc_netr_ServerPasswordSet_recv(subreq, state, > > > -+ &result); > > > -+ TALLOC_FREE(subreq); > > > -+ if (tevent_req_nterror(req, status)) { > > > -+ netlogon_creds_cli_ServerPasswordSet_cleanup(req, status); > > > -+ return; > > > -+ } > > > -+ } > > > -+ > > > -+ ok =3D netlogon_creds_client_check(&state->tmp_creds, > > > -+ &state->rep_auth.cred); > > > -+ if (!ok) { > > > -+ status =3D NT_STATUS_ACCESS_DENIED; > > > -+ tevent_req_nterror(req, status); > > > -+ netlogon_creds_cli_ServerPasswordSet_cleanup(req, status); > > > -+ return; > > > -+ } > > > -+ > > > -+ if (tevent_req_nterror(req, result)) { > > > -+ netlogon_creds_cli_ServerPasswordSet_cleanup(req, result); > > > -+ return; > > > -+ } > > > -+ > > > -+ dcerpc_binding_handle_set_timeout(state->binding_handle, > > > -+ state->old_timeout); > > > -+ > > > -+ *state->creds =3D state->tmp_creds; > > > -+ status =3D netlogon_creds_cli_store(state->context, > > > -+ &state->creds); > > > -+ if (tevent_req_nterror(req, status)) { > > > -+ netlogon_creds_cli_ServerPasswordSet_cleanup(req, status); > > > -+ return; > > > -+ } > > > -+ > > > -+ tevent_req_done(req); > > > -+} > > > -+ > > > -+NTSTATUS netlogon_creds_cli_ServerPasswordSet_recv(struct tevent_re= q *req) > > > -+{ > > > -+ NTSTATUS status; > > > -+ > > > -+ if (tevent_req_is_nterror(req, &status)) { > > > -+ netlogon_creds_cli_ServerPasswordSet_cleanup(req, status); > > > -+ tevent_req_received(req); > > > -+ return status; > > > -+ } > > > -+ > > > -+ tevent_req_received(req); > > > -+ return NT_STATUS_OK; > > > -+} > > > -+ > > > -+NTSTATUS netlogon_creds_cli_ServerPasswordSet( > > > -+ struct netlogon_creds_cli_context *context, > > > -+ struct dcerpc_binding_handle *b, > > > -+ const char *new_password, > > > -+ const uint32_t *new_version) > > > -+{ > > > -+ TALLOC_CTX *frame =3D talloc_stackframe(); > > > -+ struct tevent_context *ev; > > > -+ struct tevent_req *req; > > > -+ NTSTATUS status =3D NT_STATUS_NO_MEMORY; > > > -+ > > > -+ ev =3D samba_tevent_context_init(frame); > > > -+ if (ev =3D=3D NULL) { > > > -+ goto fail; > > > -+ } > > > -+ req =3D netlogon_creds_cli_ServerPasswordSet_send(frame, ev, conte= xt, b, > > > -+ new_password, > > > -+ new_version); > > > -+ if (req =3D=3D NULL) { > > > -+ goto fail; > > > -+ } > > > -+ if (!tevent_req_poll_ntstatus(req, ev, &status)) { > > > -+ goto fail; > > > -+ } > > > -+ status =3D netlogon_creds_cli_ServerPasswordSet_recv(req); > > > -+ fail: > > > -+ TALLOC_FREE(frame); > > > -+ return status; > > > -+} > > > -+ > > > -+struct netlogon_creds_cli_LogonSamLogon_state { > > > -+ struct tevent_context *ev; > > > -+ struct netlogon_creds_cli_context *context; > > > -+ struct dcerpc_binding_handle *binding_handle; > > > -+ > > > -+ char *srv_name_slash; > > > -+ > > > -+ enum netr_LogonInfoClass logon_level; > > > -+ const union netr_LogonLevel *const_logon; > > > -+ union netr_LogonLevel *logon; > > > -+ uint32_t flags; > > > -+ > > > -+ uint16_t validation_level; > > > -+ union netr_Validation *validation; > > > -+ uint8_t authoritative; > > > -+ > > > -+ /* > > > -+ * do we need encryption at the application layer? > > > -+ */ > > > -+ bool user_encrypt; > > > -+ bool try_logon_ex; > > > -+ bool try_validation6; > > > -+ > > > -+ /* > > > -+ * the read only credentials before we started the operation > > > -+ */ > > > -+ struct netlogon_creds_CredentialState *ro_creds; > > > -+ > > > -+ struct netlogon_creds_CredentialState *lk_creds; > > > -+ > > > -+ struct netlogon_creds_CredentialState tmp_creds; > > > -+ struct netr_Authenticator req_auth; > > > -+ struct netr_Authenticator rep_auth; > > > -+}; > > > -+ > > > -+static void netlogon_creds_cli_LogonSamLogon_start(struct tevent_re= q *req); > > > -+static void netlogon_creds_cli_LogonSamLogon_cleanup(struct tevent_= req *req, > > > -+ NTSTATUS status); > > > -+ > > > -+struct tevent_req *netlogon_creds_cli_LogonSamLogon_send(TALLOC_CTX= *mem_ctx, > > > -+ struct tevent_context *ev, > > > -+ struct netlogon_creds_cli_context *context, > > > -+ struct dcerpc_binding_handle *b, > > > -+ enum netr_LogonInfoClass logon_level, > > > -+ const union netr_LogonLevel *logon, > > > -+ uint32_t flags) > > > -+{ > > > -+ struct tevent_req *req; > > > -+ struct netlogon_creds_cli_LogonSamLogon_state *state; > > > -+ > > > -+ req =3D tevent_req_create(mem_ctx, &state, > > > -+ struct netlogon_creds_cli_LogonSamLogon_state); > > > -+ if (req =3D=3D NULL) { > > > -+ return NULL; > > > -+ } > > > -+ > > > -+ state->ev =3D ev; > > > -+ state->context =3D context; > > > -+ state->binding_handle =3D b; > > > -+ > > > -+ state->logon_level =3D logon_level; > > > -+ state->const_logon =3D logon; > > > -+ state->flags =3D flags; > > > -+ > > > -+ state->srv_name_slash =3D talloc_asprintf(state, "\\\\%s", > > > -+ context->server.computer); > > > -+ if (tevent_req_nomem(state->srv_name_slash, req)) { > > > -+ return tevent_req_post(req, ev); > > > -+ } > > > -+ > > > -+ switch (logon_level) { > > > -+ case NetlogonInteractiveInformation: > > > -+ case NetlogonInteractiveTransitiveInformation: > > > -+ case NetlogonServiceInformation: > > > -+ case NetlogonServiceTransitiveInformation: > > > -+ case NetlogonGenericInformation: > > > -+ state->user_encrypt =3D true; > > > -+ break; > > > -+ > > > -+ case NetlogonNetworkInformation: > > > -+ case NetlogonNetworkTransitiveInformation: > > > -+ break; > > > -+ } > > > -+ > > > -+ state->validation =3D talloc_zero(state, union netr_Validation); > > > -+ if (tevent_req_nomem(state->validation, req)) { > > > -+ return tevent_req_post(req, ev); > > > -+ } > > > -+ > > > -+ netlogon_creds_cli_LogonSamLogon_start(req); > > > -+ if (!tevent_req_is_in_progress(req)) { > > > -+ return tevent_req_post(req, ev); > > > -+ } > > > -+ > > > -+ /* > > > -+ * we defer all callbacks in order to cleanup > > > -+ * the database record. > > > -+ */ > > > -+ tevent_req_defer_callback(req, state->ev); > > > -+ return req; > > > -+} > > > -+ > > > -+static void netlogon_creds_cli_LogonSamLogon_cleanup(struct tevent_= req *req, > > > -+ NTSTATUS status) > > > -+{ > > > -+ struct netlogon_creds_cli_LogonSamLogon_state *state =3D > > > -+ tevent_req_data(req, > > > -+ struct netlogon_creds_cli_LogonSamLogon_state); > > > -+ > > > -+ if (state->lk_creds =3D=3D NULL) { > > > -+ return; > > > -+ } > > > -+ > > > -+ if (NT_STATUS_EQUAL(status, NT_STATUS_RPC_PROCNUM_OUT_OF_RANGE)) { > > > -+ /* > > > -+ * This is a hack to recover from a bug in old > > > -+ * Samba servers, when LogonSamLogonEx() fails: > > > -+ * > > > -+ * api_net_sam_logon_ex: Failed to marshall NET_R_SAM_LOGON_EX. > > > -+ * > > > -+ * All following request will get NT_STATUS_RPC_PROCNUM_OUT_OF_RA= NGE. > > > -+ * > > > -+ * A second bug generates NT_STATUS_RPC_PROCNUM_OUT_OF_RANGE, > > > -+ * instead of NT_STATUS_ACCESS_DENIED or NT_STATUS_RPC_SEC_PKG_ER= ROR > > > -+ * If the sign/seal check fails. > > > -+ * > > > -+ * In that case we need to cleanup the netlogon session. > > > -+ * > > > -+ * It's the job of the caller to disconnect the current > > > -+ * connection, if netlogon_creds_cli_LogonSamLogon() > > > -+ * returns NT_STATUS_RPC_PROCNUM_OUT_OF_RANGE. > > > -+ */ > > > -+ if (!state->context->server.try_logon_with) { > > > -+ status =3D NT_STATUS_NETWORK_ACCESS_DENIED; > > > -+ } > > > -+ } > > > -+ > > > -+ if (!NT_STATUS_EQUAL(status, NT_STATUS_NETWORK_ACCESS_DENIED) && > > > -+ !NT_STATUS_EQUAL(status, NT_STATUS_IO_TIMEOUT) && > > > -+ !NT_STATUS_EQUAL(status, NT_STATUS_DOWNGRADE_DETECTED) && > > > -+ !NT_STATUS_EQUAL(status, NT_STATUS_ACCESS_DENIED) && > > > -+ !NT_STATUS_EQUAL(status, NT_STATUS_RPC_SEC_PKG_ERROR)) { > > > -+ TALLOC_FREE(state->lk_creds); > > > -+ return; > > > -+ } > > > -+ > > > -+ netlogon_creds_cli_delete(state->context, &state->lk_creds); > > > -+} > > > -+ > > > -+static void netlogon_creds_cli_LogonSamLogon_done(struct tevent_req= *subreq); > > > -+ > > > -+static void netlogon_creds_cli_LogonSamLogon_start(struct tevent_re= q *req) > > > -+{ > > > -+ struct netlogon_creds_cli_LogonSamLogon_state *state =3D > > > -+ tevent_req_data(req, > > > -+ struct netlogon_creds_cli_LogonSamLogon_state); > > > -+ struct tevent_req *subreq; > > > -+ NTSTATUS status; > > > -+ enum dcerpc_AuthType auth_type; > > > -+ enum dcerpc_AuthLevel auth_level; > > > -+ > > > -+ TALLOC_FREE(state->ro_creds); > > > -+ TALLOC_FREE(state->logon); > > > -+ ZERO_STRUCTP(state->validation); > > > -+ > > > -+ dcerpc_binding_handle_auth_info(state->binding_handle, > > > -+ &auth_type, &auth_level); > > > -+ > > > -+ state->try_logon_ex =3D state->context->server.try_logon_ex; > > > -+ state->try_validation6 =3D state->context->server.try_validation6; > > > -+ > > > -+ if (auth_type !=3D DCERPC_AUTH_TYPE_SCHANNEL) { > > > -+ state->try_logon_ex =3D false; > > > -+ } > > > -+ > > > -+ if (auth_level !=3D DCERPC_AUTH_LEVEL_PRIVACY) { > > > -+ state->try_validation6 =3D false; > > > -+ } > > > -+ > > > -+ if (state->try_logon_ex) { > > > -+ if (state->try_validation6) { > > > -+ state->validation_level =3D 6; > > > -+ } else { > > > -+ state->validation_level =3D 3; > > > -+ state->user_encrypt =3D true; > > > -+ } > > > -+ > > > -+ state->logon =3D netlogon_creds_shallow_copy_logon(state, > > > -+ state->logon_level, > > > -+ state->const_logon); > > > -+ if (tevent_req_nomem(state->logon, req)) { > > > -+ status =3D NT_STATUS_NO_MEMORY; > > > -+ netlogon_creds_cli_LogonSamLogon_cleanup(req, status); > > > -+ return; > > > -+ } > > > -+ > > > -+ if (state->user_encrypt) { > > > -+ status =3D netlogon_creds_cli_get(state->context, > > > -+ state, > > > -+ &state->ro_creds); > > > -+ if (!NT_STATUS_IS_OK(status)) { > > > -+ status =3D NT_STATUS_ACCESS_DENIED; > > > -+ tevent_req_nterror(req, status); > > > -+ netlogon_creds_cli_LogonSamLogon_cleanup(req, status); > > > -+ return; > > > -+ } > > > -+ > > > -+ netlogon_creds_encrypt_samlogon_logon(state->ro_creds, > > > -+ state->logon_level, > > > -+ state->logon); > > > -+ } > > > -+ > > > -+ subreq =3D dcerpc_netr_LogonSamLogonEx_send(state, state->ev, > > > -+ state->binding_handle, > > > -+ state->srv_name_slash, > > > -+ state->context->client.computer, > > > -+ state->logon_level, > > > -+ state->logon, > > > -+ state->validation_level, > > > -+ state->validation, > > > -+ &state->authoritative, > > > -+ &state->flags); > > > -+ if (tevent_req_nomem(subreq, req)) { > > > -+ status =3D NT_STATUS_NO_MEMORY; > > > -+ netlogon_creds_cli_LogonSamLogon_cleanup(req, status); > > > -+ return; > > > -+ } > > > -+ tevent_req_set_callback(subreq, > > > -+ netlogon_creds_cli_LogonSamLogon_done, > > > -+ req); > > > -+ return; > > > -+ } > > > -+ > > > -+ if (state->lk_creds =3D=3D NULL) { > > > -+ subreq =3D netlogon_creds_cli_lock_send(state, state->ev, > > > -+ state->context); > > > -+ if (tevent_req_nomem(subreq, req)) { > > > -+ status =3D NT_STATUS_NO_MEMORY; > > > -+ netlogon_creds_cli_LogonSamLogon_cleanup(req, status); > > > -+ return; > > > -+ } > > > -+ tevent_req_set_callback(subreq, > > > -+ netlogon_creds_cli_LogonSamLogon_done, > > > -+ req); > > > -+ return; > > > -+ } > > > -+ > > > -+ state->tmp_creds =3D *state->lk_creds; > > > -+ netlogon_creds_client_authenticator(&state->tmp_creds, > > > -+ &state->req_auth); > > > -+ ZERO_STRUCT(state->rep_auth); > > > -+ > > > -+ state->logon =3D netlogon_creds_shallow_copy_logon(state, > > > -+ state->logon_level, > > > -+ state->const_logon); > > > -+ if (tevent_req_nomem(state->logon, req)) { > > > -+ status =3D NT_STATUS_NO_MEMORY; > > > -+ netlogon_creds_cli_LogonSamLogon_cleanup(req, status); > > > -+ return; > > > -+ } > > > -+ > > > -+ netlogon_creds_encrypt_samlogon_logon(state->ro_creds, > > > -+ state->logon_level, > > > -+ state->logon); > > > -+ > > > -+ state->validation_level =3D 3; > > > -+ > > > -+ if (state->context->server.try_logon_with) { > > > -+ subreq =3D dcerpc_netr_LogonSamLogonWithFlags_send(state, state->= ev, > > > -+ state->binding_handle, > > > -+ state->srv_name_slash, > > > -+ state->context->client.computer, > > > -+ &state->req_auth, > > > -+ &state->rep_auth, > > > -+ state->logon_level, > > > -+ state->logon, > > > -+ state->validation_level, > > > -+ state->validation, > > > -+ &state->authoritative, > > > -+ &state->flags); > > > -+ if (tevent_req_nomem(subreq, req)) { > > > -+ status =3D NT_STATUS_NO_MEMORY; > > > -+ netlogon_creds_cli_LogonSamLogon_cleanup(req, status); > > > -+ return; > > > -+ } > > > -+ } else { > > > -+ state->flags =3D 0; > > > -+ > > > -+ subreq =3D dcerpc_netr_LogonSamLogon_send(state, state->ev, > > > -+ state->binding_handle, > > > -+ state->srv_name_slash, > > > -+ state->context->client.computer, > > > -+ &state->req_auth, > > > -+ &state->rep_auth, > > > -+ state->logon_level, > > > -+ state->logon, > > > -+ state->validation_level, > > > -+ state->validation, > > > -+ &state->authoritative); > > > -+ if (tevent_req_nomem(subreq, req)) { > > > -+ status =3D NT_STATUS_NO_MEMORY; > > > -+ netlogon_creds_cli_LogonSamLogon_cleanup(req, status); > > > -+ return; > > > -+ } > > > -+ } > > > -+ > > > -+ tevent_req_set_callback(subreq, > > > -+ netlogon_creds_cli_LogonSamLogon_done, > > > -+ req); > > > -+} > > > -+ > > > -+static void netlogon_creds_cli_LogonSamLogon_done(struct tevent_req= *subreq) > > > -+{ > > > -+ struct tevent_req *req =3D > > > -+ tevent_req_callback_data(subreq, > > > -+ struct tevent_req); > > > -+ struct netlogon_creds_cli_LogonSamLogon_state *state =3D > > > -+ tevent_req_data(req, > > > -+ struct netlogon_creds_cli_LogonSamLogon_state); > > > -+ NTSTATUS status; > > > -+ NTSTATUS result; > > > -+ bool ok; > > > -+ > > > -+ if (state->try_logon_ex) { > > > -+ status =3D dcerpc_netr_LogonSamLogonEx_recv(subreq, > > > -+ state->validation, > > > -+ &result); > > > -+ TALLOC_FREE(subreq); > > > -+ if (NT_STATUS_EQUAL(status, NT_STATUS_RPC_PROCNUM_OUT_OF_RANGE)) { > > > -+ state->context->server.try_validation6 =3D false; > > > -+ state->context->server.try_logon_ex =3D false; > > > -+ netlogon_creds_cli_LogonSamLogon_start(req); > > > -+ return; > > > -+ } > > > -+ if (tevent_req_nterror(req, status)) { > > > -+ netlogon_creds_cli_LogonSamLogon_cleanup(req, status); > > > -+ return; > > > -+ } > > > -+ > > > -+ if ((state->validation_level =3D=3D 6) && > > > -+ (NT_STATUS_EQUAL(result, NT_STATUS_INVALID_INFO_CLASS) || > > > -+ NT_STATUS_EQUAL(result, NT_STATUS_INVALID_PARAMETER) || > > > -+ NT_STATUS_EQUAL(result, NT_STATUS_BUFFER_TOO_SMALL))) > > > -+ { > > > -+ state->context->server.try_validation6 =3D false; > > > -+ netlogon_creds_cli_LogonSamLogon_start(req); > > > -+ return; > > > -+ } > > > -+ > > > -+ if (tevent_req_nterror(req, result)) { > > > -+ netlogon_creds_cli_LogonSamLogon_cleanup(req, result); > > > -+ return; > > > -+ } > > > -+ > > > -+ if (state->ro_creds =3D=3D NULL) { > > > -+ tevent_req_done(req); > > > -+ return; > > > -+ } > > > -+ > > > -+ ok =3D netlogon_creds_cli_validate(state->context, state->ro_cred= s); > > > -+ if (!ok) { > > > -+ /* > > > -+ * We got a race, lets retry with on authenticator > > > -+ * protection. > > > -+ */ > > > -+ TALLOC_FREE(state->ro_creds); > > > -+ state->try_logon_ex =3D false; > > > -+ netlogon_creds_cli_LogonSamLogon_start(req); > > > -+ return; > > > -+ } > > > -+ > > > -+ netlogon_creds_decrypt_samlogon_validation(state->ro_creds, > > > -+ state->validation_level, > > > -+ state->validation); > > > -+ > > > -+ tevent_req_done(req); > > > -+ return; > > > -+ } > > > -+ > > > -+ if (state->lk_creds =3D=3D NULL) { > > > -+ status =3D netlogon_creds_cli_lock_recv(subreq, state, > > > -+ &state->lk_creds); > > > -+ TALLOC_FREE(subreq); > > > -+ if (tevent_req_nterror(req, status)) { > > > -+ netlogon_creds_cli_LogonSamLogon_cleanup(req, status); > > > -+ return; > > > -+ } > > > -+ > > > -+ netlogon_creds_cli_LogonSamLogon_start(req); > > > -+ return; > > > -+ } > > > -+ > > > -+ if (state->context->server.try_logon_with) { > > > -+ status =3D dcerpc_netr_LogonSamLogonWithFlags_recv(subreq, > > > -+ state->validation, > > > -+ &result); > > > -+ TALLOC_FREE(subreq); > > > -+ if (NT_STATUS_EQUAL(status, NT_STATUS_RPC_PROCNUM_OUT_OF_RANGE)) { > > > -+ state->context->server.try_logon_with =3D false; > > > -+ netlogon_creds_cli_LogonSamLogon_start(req); > > > -+ return; > > > -+ } > > > -+ if (tevent_req_nterror(req, status)) { > > > -+ netlogon_creds_cli_LogonSamLogon_cleanup(req, status); > > > -+ return; > > > -+ } > > > -+ } else { > > > -+ status =3D dcerpc_netr_LogonSamLogon_recv(subreq, > > > -+ state->validation, > > > -+ &result); > > > -+ TALLOC_FREE(subreq); > > > -+ if (tevent_req_nterror(req, status)) { > > > -+ netlogon_creds_cli_LogonSamLogon_cleanup(req, status); > > > -+ return; > > > -+ } > > > -+ } > > > -+ > > > -+ ok =3D netlogon_creds_client_check(&state->tmp_creds, > > > -+ &state->rep_auth.cred); > > > -+ if (!ok) { > > > -+ status =3D NT_STATUS_ACCESS_DENIED; > > > -+ tevent_req_nterror(req, status); > > > -+ netlogon_creds_cli_LogonSamLogon_cleanup(req, status); > > > -+ return; > > > -+ } > > > -+ > > > -+ *state->lk_creds =3D state->tmp_creds; > > > -+ status =3D netlogon_creds_cli_store(state->context, > > > -+ &state->lk_creds); > > > -+ if (tevent_req_nterror(req, status)) { > > > -+ netlogon_creds_cli_LogonSamLogon_cleanup(req, status); > > > -+ return; > > > -+ } > > > -+ > > > -+ if (tevent_req_nterror(req, result)) { > > > -+ netlogon_creds_cli_LogonSamLogon_cleanup(req, result); > > > -+ return; > > > -+ } > > > -+ > > > -+ netlogon_creds_decrypt_samlogon_validation(&state->tmp_creds, > > > -+ state->validation_level, > > > -+ state->validation); > > > -+ > > > -+ tevent_req_done(req); > > > -+} > > > -+ > > > -+NTSTATUS netlogon_creds_cli_LogonSamLogon_recv(struct tevent_req *r= eq, > > > -+ TALLOC_CTX *mem_ctx, > > > -+ uint16_t *validation_level, > > > -+ union netr_Validation **validation, > > > -+ uint8_t *authoritative, > > > -+ uint32_t *flags) > > > -+{ > > > -+ struct netlogon_creds_cli_LogonSamLogon_state *state =3D > > > -+ tevent_req_data(req, > > > -+ struct netlogon_creds_cli_LogonSamLogon_state); > > > -+ NTSTATUS status; > > > -+ > > > -+ /* authoritative is also returned on error */ > > > -+ *authoritative =3D state->authoritative; > > > -+ > > > -+ if (tevent_req_is_nterror(req, &status)) { > > > -+ netlogon_creds_cli_LogonSamLogon_cleanup(req, status); > > > -+ tevent_req_received(req); > > > -+ return status; > > > -+ } > > > -+ > > > -+ *validation_level =3D state->validation_level; > > > -+ *validation =3D talloc_move(mem_ctx, &state->validation); > > > -+ *flags =3D state->flags; > > > -+ > > > -+ tevent_req_received(req); > > > -+ return NT_STATUS_OK; > > > -+} > > > -+ > > > -+NTSTATUS netlogon_creds_cli_LogonSamLogon( > > > -+ struct netlogon_creds_cli_context *context, > > > -+ struct dcerpc_binding_handle *b, > > > -+ enum netr_LogonInfoClass logon_level, > > > -+ const union netr_LogonLevel *logon, > > > -+ TALLOC_CTX *mem_ctx, > > > -+ uint16_t *validation_level, > > > -+ union netr_Validation **validation, > > > -+ uint8_t *authoritative, > > > -+ uint32_t *flags) > > > -+{ > > > -+ TALLOC_CTX *frame =3D talloc_stackframe(); > > > -+ struct tevent_context *ev; > > > -+ struct tevent_req *req; > > > -+ NTSTATUS status =3D NT_STATUS_NO_MEMORY; > > > -+ > > > -+ ev =3D samba_tevent_context_init(frame); > > > -+ if (ev =3D=3D NULL) { > > > -+ goto fail; > > > -+ } > > > -+ req =3D netlogon_creds_cli_LogonSamLogon_send(frame, ev, context, = b, > > > -+ logon_level, logon, > > > -+ *flags); > > > -+ if (req =3D=3D NULL) { > > > -+ goto fail; > > > -+ } > > > -+ if (!tevent_req_poll_ntstatus(req, ev, &status)) { > > > -+ goto fail; > > > -+ } > > > -+ status =3D netlogon_creds_cli_LogonSamLogon_recv(req, mem_ctx, > > > -+ validation_level, > > > -+ validation, > > > -+ authoritative, > > > -+ flags); > > > -+ fail: > > > -+ TALLOC_FREE(frame); > > > -+ return status; > > > -+} > > > -diff --git a/libcli/auth/netlogon_creds_cli.h b/libcli/auth/netlogon= _creds_cli.h > > > -new file mode 100644 > > > -index 0000000..f8f2bef > > > ---- /dev/null > > > -+++ b/libcli/auth/netlogon_creds_cli.h > > > -@@ -0,0 +1,138 @@ > > > -+/* > > > -+ Unix SMB/CIFS implementation. > > > -+ > > > -+ module to store/fetch session keys for the schannel client > > > -+ > > > -+ Copyright (C) Stefan Metzmacher 2013 > > > -+ > > > -+ This program is free software; you can redistribute it and/or mo= dify > > > -+ it under the terms of the GNU General Public License as publishe= d by > > > -+ the Free Software Foundation; either version 3 of the License, or > > > -+ (at your option) any later version. > > > -+ > > > -+ This program is distributed in the hope that it will be useful, > > > -+ but WITHOUT ANY WARRANTY; without even the implied warranty of > > > -+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the > > > -+ GNU General Public License for more details. > > > -+ > > > -+ You should have received a copy of the GNU General Public License > > > -+ along with this program. If not, see . > > > -+*/ > > > -+ > > > -+#ifndef NETLOGON_CREDS_CLI_H > > > -+#define NETLOGON_CREDS_CLI_H > > > -+ > > > -+#include "librpc/gen_ndr/dcerpc.h" > > > -+#include "librpc/gen_ndr/schannel.h" > > > -+ > > > -+struct netlogon_creds_cli_context; > > > -+struct messaging_context; > > > -+struct dcerpc_binding_handle; > > > -+ > > > -+NTSTATUS netlogon_creds_cli_open_global_db(struct loadparm_context = *lp_ctx); > > > -+ > > > -+NTSTATUS netlogon_creds_cli_context_global(struct loadparm_context = *lp_ctx, > > > -+ struct messaging_context *msg_ctx, > > > -+ const char *client_account, > > > -+ enum netr_SchannelType type, > > > -+ const char *server_computer, > > > -+ const char *server_netbios_domain, > > > -+ TALLOC_CTX *mem_ctx, > > > -+ struct netlogon_creds_cli_context **_context); > > > -+NTSTATUS netlogon_creds_cli_context_tmp(const char *client_computer, > > > -+ const char *client_account, > > > -+ enum netr_SchannelType type, > > > -+ enum dcerpc_AuthLevel auth_level, > > > -+ uint32_t proposed_flags, > > > -+ uint32_t required_flags, > > > -+ const char *server_computer, > > > -+ const char *server_netbios_domain, > > > -+ TALLOC_CTX *mem_ctx, > > > -+ struct netlogon_creds_cli_context **_context); > > > -+NTSTATUS netlogon_creds_cli_context_copy( > > > -+ const struct netlogon_creds_cli_context *src, > > > -+ TALLOC_CTX *mem_ctx, > > > -+ struct netlogon_creds_cli_context **_dst); > > > -+ > > > -+enum dcerpc_AuthLevel netlogon_creds_cli_auth_level( > > > -+ struct netlogon_creds_cli_context *context); > > > -+ > > > -+NTSTATUS netlogon_creds_cli_get(struct netlogon_creds_cli_context *= context, > > > -+ TALLOC_CTX *mem_ctx, > > > -+ struct netlogon_creds_CredentialState **_creds); > > > -+bool netlogon_creds_cli_validate(struct netlogon_creds_cli_context = *context, > > > -+ const struct netlogon_creds_CredentialState *creds1); > > > -+ > > > -+NTSTATUS netlogon_creds_cli_store(struct netlogon_creds_cli_context= *context, > > > -+ struct netlogon_creds_CredentialState **_creds); > > > -+NTSTATUS netlogon_creds_cli_delete(struct netlogon_creds_cli_contex= t *context, > > > -+ struct netlogon_creds_CredentialState **_creds); > > > -+ > > > -+struct tevent_req *netlogon_creds_cli_lock_send(TALLOC_CTX *mem_ctx, > > > -+ struct tevent_context *ev, > > > -+ struct netlogon_creds_cli_context *context); > > > -+NTSTATUS netlogon_creds_cli_lock_recv(struct tevent_req *req, > > > -+ TALLOC_CTX *mem_ctx, > > > -+ struct netlogon_creds_CredentialState **creds); > > > -+NTSTATUS netlogon_creds_cli_lock(struct netlogon_creds_cli_context = *context, > > > -+ TALLOC_CTX *mem_ctx, > > > -+ struct netlogon_creds_CredentialState **creds); > > > -+ > > > -+struct tevent_req *netlogon_creds_cli_auth_send(TALLOC_CTX *mem_ctx, > > > -+ struct tevent_context *ev, > > > -+ struct netlogon_creds_cli_context *context, > > > -+ struct dcerpc_binding_handle *b, > > > -+ struct samr_Password current_nt_hash, > > > -+ const struct samr_Password *previous_nt_hash); > > > -+NTSTATUS netlogon_creds_cli_auth_recv(struct tevent_req *req); > > > -+NTSTATUS netlogon_creds_cli_auth(struct netlogon_creds_cli_context = *context, > > > -+ struct dcerpc_binding_handle *b, > > > -+ struct samr_Password current_nt_hash, > > > -+ const struct samr_Password *previous_nt_hash); > > > -+ > > > -+struct tevent_req *netlogon_creds_cli_check_send(TALLOC_CTX *mem_ct= x, > > > -+ struct tevent_context *ev, > > > -+ struct netlogon_creds_cli_context *context, > > > -+ struct dcerpc_binding_handle *b); > > > -+NTSTATUS netlogon_creds_cli_check_recv(struct tevent_req *req); > > > -+NTSTATUS netlogon_creds_cli_check(struct netlogon_creds_cli_context= *context, > > > -+ struct dcerpc_binding_handle *b); > > > -+ > > > -+struct tevent_req *netlogon_creds_cli_ServerPasswordSet_send(TALLOC= _CTX *mem_ctx, > > > -+ struct tevent_context *ev, > > > -+ struct netlogon_creds_cli_context *context, > > > -+ struct dcerpc_binding_handle *b, > > > -+ const char *new_password, > > > -+ const uint32_t *new_version); > > > -+NTSTATUS netlogon_creds_cli_ServerPasswordSet_recv(struct tevent_re= q *req); > > > -+NTSTATUS netlogon_creds_cli_ServerPasswordSet( > > > -+ struct netlogon_creds_cli_context *context, > > > -+ struct dcerpc_binding_handle *b, > > > -+ const char *new_password, > > > -+ const uint32_t *new_version); > > > -+ > > > -+struct tevent_req *netlogon_creds_cli_LogonSamLogon_send(TALLOC_CTX= *mem_ctx, > > > -+ struct tevent_context *ev, > > > -+ struct netlogon_creds_cli_context *context, > > > -+ struct dcerpc_binding_handle *b, > > > -+ enum netr_LogonInfoClass logon_level, > > > -+ const union netr_LogonLevel *logon, > > > -+ uint32_t flags); > > > -+NTSTATUS netlogon_creds_cli_LogonSamLogon_recv(struct tevent_req *r= eq, > > > -+ TALLOC_CTX *mem_ctx, > > > -+ uint16_t *validation_level, > > > -+ union netr_Validation **validation, > > > -+ uint8_t *authoritative, > > > -+ uint32_t *flags); > > > -+NTSTATUS netlogon_creds_cli_LogonSamLogon( > > > -+ struct netlogon_creds_cli_context *context, > > > -+ struct dcerpc_binding_handle *b, > > > -+ enum netr_LogonInfoClass logon_level, > > > -+ const union netr_LogonLevel *logon, > > > -+ TALLOC_CTX *mem_ctx, > > > -+ uint16_t *validation_level, > > > -+ union netr_Validation **validation, > > > -+ uint8_t *authoritative, > > > -+ uint32_t *flags); > > > -+ > > > -+#endif /* NETLOGON_CREDS_CLI_H */ > > > -diff --git a/libcli/auth/wscript_build b/libcli/auth/wscript_build > > > -index ca2be2d..51eb293 100755 > > > ---- a/libcli/auth/wscript_build > > > -+++ b/libcli/auth/wscript_build > > > -@@ -28,6 +28,10 @@ bld.SAMBA_SUBSYSTEM('COMMON_SCHANNEL', > > > - deps=3D'dbwrap util_tdb samba-hostconfig NDR_NETLOGON' > > > - ) > > > -=20 > > > -+bld.SAMBA_SUBSYSTEM('NETLOGON_CREDS_CLI', > > > -+ source=3D'netlogon_creds_cli.c', > > > -+ deps=3D'dbwrap util_tdb tevent-util samba-hostconfig RPC_ND= R_NETLOGON NDR_NETLOGON' > > > -+ ) > > > -=20 > > > - bld.SAMBA_SUBSYSTEM('PAM_ERRORS', > > > - source=3D'pam_errors.c', > > > ---=20 > > > -1.9.3 > > > - > > > - > > > -From e4a4e18ea7f9a9742de16e477917da6ae11ac42e Mon Sep 17 00:00:00 20= 01 > > > -From: Stefan Metzmacher > > > -Date: Fri, 13 Dec 2013 17:31:45 +0100 > > > -Subject: [PATCH 163/249] libcli/auth: use unique key_name values in > > > - netlogon_creds_cli_context_common() > > > - > > > -Until all callers are fixed to pass the same 'server_computer' > > > -value, we try to calculate a server_netbios_name and use this > > > -as unique identifier for a specific domain controller. > > > - > > > -Otherwise winbind would use 'hostname.example.com' > > > -while 'net rpc testjoin' would use 'HOSTNAME', > > > -which leads to 2 records in netlogon_creds_cli.tdb > > > -for the same domain controller. > > > - > > > -Once all callers are fixed we can think about reverting this > > > -commit. > > > - > > > -Signed-off-by: Stefan Metzmacher > > > -Reviewed-by: Andrew Bartlett > > > -(cherry picked from commit dc96b1ddccfe8eb1a631355f9471ee0b620d682c) > > > ---- > > > - libcli/auth/netlogon_creds_cli.c | 58 +++++++++++++++++++++++++++++= ++++------- > > > - 1 file changed, 48 insertions(+), 10 deletions(-) > > > - > > > -diff --git a/libcli/auth/netlogon_creds_cli.c b/libcli/auth/netlogon= _creds_cli.c > > > -index 75d6b2c..a872b31 100644 > > > ---- a/libcli/auth/netlogon_creds_cli.c > > > -+++ b/libcli/auth/netlogon_creds_cli.c > > > -@@ -106,23 +106,30 @@ static NTSTATUS netlogon_creds_cli_context_com= mon( > > > - struct netlogon_creds_cli_context **_context) > > > - { > > > - struct netlogon_creds_cli_context *context =3D NULL; > > > -+ TALLOC_CTX *frame =3D talloc_stackframe(); > > > -+ char *_key_name =3D NULL; > > > -+ char *server_netbios_name =3D NULL; > > > -+ char *p =3D NULL; > > > -=20 > > > - *_context =3D NULL; > > > -=20 > > > - context =3D talloc_zero(mem_ctx, struct netlogon_creds_cli_context= ); > > > - if (context =3D=3D NULL) { > > > -+ TALLOC_FREE(frame); > > > - return NT_STATUS_NO_MEMORY; > > > - } > > > -=20 > > > - context->client.computer =3D talloc_strdup(context, client_compute= r); > > > - if (context->client.computer =3D=3D NULL) { > > > -- talloc_free(context); > > > -+ TALLOC_FREE(context); > > > -+ TALLOC_FREE(frame); > > > - return NT_STATUS_NO_MEMORY; > > > - } > > > -=20 > > > - context->client.account =3D talloc_strdup(context, client_account); > > > - if (context->client.account =3D=3D NULL) { > > > -- talloc_free(context); > > > -+ TALLOC_FREE(context); > > > -+ TALLOC_FREE(frame); > > > - return NT_STATUS_NO_MEMORY; > > > - } > > > -=20 > > > -@@ -133,29 +140,60 @@ static NTSTATUS netlogon_creds_cli_context_com= mon( > > > -=20 > > > - context->server.computer =3D talloc_strdup(context, server_compute= r); > > > - if (context->server.computer =3D=3D NULL) { > > > -- talloc_free(context); > > > -+ TALLOC_FREE(context); > > > -+ TALLOC_FREE(frame); > > > - return NT_STATUS_NO_MEMORY; > > > - } > > > -=20 > > > - context->server.netbios_domain =3D talloc_strdup(context, server_n= etbios_domain); > > > - if (context->server.netbios_domain =3D=3D NULL) { > > > -- talloc_free(context); > > > -+ TALLOC_FREE(context); > > > -+ TALLOC_FREE(frame); > > > - return NT_STATUS_NO_MEMORY; > > > - } > > > -=20 > > > -- context->db.key_name =3D talloc_asprintf(context, "CLI[%s/%s]/SRV[= %s/%s]", > > > -- client_computer, > > > -- client_account, > > > -- server_computer, > > > -- server_netbios_domain); > > > -+ /* > > > -+ * TODO: > > > -+ * Force the callers to provide a unique > > > -+ * value for server_computer and use this directly. > > > -+ * > > > -+ * For now we have to deal with > > > -+ * "HOSTNAME" vs. "hostname.example.com". > > > -+ */ > > > -+ server_netbios_name =3D talloc_strdup(frame, server_computer); > > > -+ if (server_netbios_name =3D=3D NULL) { > > > -+ TALLOC_FREE(context); > > > -+ TALLOC_FREE(frame); > > > -+ return NT_STATUS_NO_MEMORY; > > > -+ } > > > -+ > > > -+ p =3D strchr(server_netbios_name, '.'); > > > -+ if (p !=3D NULL) { > > > -+ p[0] =3D '\0'; > > > -+ } > > > -+ > > > -+ _key_name =3D talloc_asprintf(frame, "CLI[%s/%s]/SRV[%s/%s]", > > > -+ client_computer, > > > -+ client_account, > > > -+ server_netbios_name, > > > -+ server_netbios_domain); > > > -+ if (_key_name =3D=3D NULL) { > > > -+ TALLOC_FREE(context); > > > -+ TALLOC_FREE(frame); > > > -+ return NT_STATUS_NO_MEMORY; > > > -+ } > > > -+ > > > -+ context->db.key_name =3D talloc_strdup_upper(context, _key_name); > > > - if (context->db.key_name =3D=3D NULL) { > > > -- talloc_free(context); > > > -+ TALLOC_FREE(context); > > > -+ TALLOC_FREE(frame); > > > - return NT_STATUS_NO_MEMORY; > > > - } > > > -=20 > > > - context->db.key_data =3D string_term_tdb_data(context->db.key_name= ); > > > -=20 > > > - *_context =3D context; > > > -+ TALLOC_FREE(frame); > > > - return NT_STATUS_OK; > > > - } > > > -=20 > > > ---=20 > > > -1.9.3 > > > - > > > - > > > -From 29bc7cb7a1c0ef62c923ce859cdd07de2846c5f5 Mon Sep 17 00:00:00 20= 01 > > > -From: Stefan Metzmacher > > > -Date: Thu, 17 Oct 2013 19:01:28 +0200 > > > -Subject: [PATCH 164/249] s3:param: set Globals.bWinbindSealedPipes = =3D true > > > - > > > -Signed-off-by: Stefan Metzmacher > > > -Reviewed-by: Andrew Bartlett > > > -(cherry picked from commit 99d8653d83aa2e2e3a0ea097ab7cb65d62d76daf) > > > ---- > > > - source3/param/loadparm.c | 1 + > > > - 1 file changed, 1 insertion(+) > > > - > > > -diff --git a/source3/param/loadparm.c b/source3/param/loadparm.c > > > -index 40f3242..7d95256 100644 > > > ---- a/source3/param/loadparm.c > > > -+++ b/source3/param/loadparm.c > > > -@@ -834,6 +834,7 @@ static void init_globals(bool reinit_globals) > > > - Globals.security =3D SEC_USER; > > > - Globals.bEncryptPasswords =3D true; > > > - Globals.clientSchannel =3D Auto; > > > -+ Globals.bWinbindSealedPipes =3D true; > > > - Globals.serverSchannel =3D Auto; > > > - Globals.bReadRaw =3D true; > > > - Globals.bWriteRaw =3D true; > > > ---=20 > > > -1.9.3 > > > - > > > - > > > -From 21b9d9847ba236d78156de07dd24032e64f2124d Mon Sep 17 00:00:00 20= 01 > > > -From: Stefan Metzmacher > > > -Date: Thu, 17 Oct 2013 18:39:56 +0200 > > > -Subject: [PATCH 165/249] lib/param: add "neutralize nt4 emulation" o= ption, > > > - defaulting to false > > > - > > > -Signed-off-by: Stefan Metzmacher > > > -Reviewed-by: Andrew Bartlett > > > -(cherry picked from commit b39ca3a2aefdd43a55b9cdd8fa5136254b283927) > > > ---- > > > - .../smbdotconf/winbind/netutralizent4emulation.xml | 19 ++++++++= +++++++++++ > > > - lib/param/param_functions.c | 1 + > > > - lib/param/param_table.c | 9 +++++++++ > > > - 3 files changed, 29 insertions(+) > > > - create mode 100644 docs-xml/smbdotconf/winbind/netutralizent4emulat= ion.xml > > > - > > > -diff --git a/docs-xml/smbdotconf/winbind/netutralizent4emulation.xml= b/docs-xml/smbdotconf/winbind/netutralizent4emulation.xml > > > -new file mode 100644 > > > -index 0000000..8294a90 > > > ---- /dev/null > > > -+++ b/docs-xml/smbdotconf/winbind/netutralizent4emulation.xml > > > -@@ -0,0 +1,19 @@ > > > -+ > > -+ context=3D"G" > > > -+ type=3D"boolean" > > > -+ advanced=3D"1" developer=3D"1" > > > -+ xmlns:samba=3D"http://www.samba.org/samba/DTD/samb= a-doc"> > > > -+ > > > -+ This option controls whether winbindd sends > > > -+ the NETLOGON_NEG_NEUTRALIZE_NT4_EMULATION flag in order to bypass > > > -+ the NT4 emulation of a domain controller. > > > -+ > > > -+ Typically you should not need set this. > > > -+ It can be useful for upgrades from NT4 to AD domains. > > > -+ > > > -+ The behavior can be controlled per netbios domain > > > -+ by using 'neutralize nt4 emulation:NETBIOSDOMAIN =3D yes' as optio= n. > > > -+ > > > -+ > > > -+no > > > -+ > > > -diff --git a/lib/param/param_functions.c b/lib/param/param_functions= =2Ec > > > -index 60f9c07..aef091b 100644 > > > ---- a/lib/param/param_functions.c > > > -+++ b/lib/param/param_functions.c > > > -@@ -192,6 +192,7 @@ FN_GLOBAL_BOOL(log_writeable_files_on_exit, bLog= WriteableFilesOnExit) > > > - FN_GLOBAL_BOOL(map_untrusted_to_domain, bMapUntrustedToDomain) > > > - FN_GLOBAL_BOOL(ms_add_printer_wizard, bMsAddPrinterWizard) > > > - FN_GLOBAL_BOOL(multicast_dns_register, bMulticastDnsRegister) > > > -+FN_GLOBAL_BOOL(neutralize_nt4_emulation, bNeutralizeNT4Emulation) > > > - FN_GLOBAL_BOOL(nis_home_map, bNISHomeMap) > > > - FN_GLOBAL_BOOL(nmbd_bind_explicit_broadcast, bNmbdBindExplicitBroad= cast) > > > - FN_GLOBAL_BOOL(ntlm_auth, bNTLMAuth) > > > -diff --git a/lib/param/param_table.c b/lib/param/param_table.c > > > -index 8e3f952..edf6829 100644 > > > ---- a/lib/param/param_table.c > > > -+++ b/lib/param/param_table.c > > > -@@ -4188,6 +4188,15 @@ static struct parm_struct parm_table[] =3D { > > > - .enum_list =3D NULL, > > > - .flags =3D FLAG_ADVANCED, > > > - }, > > > -+ { > > > -+ .label =3D "neutralize nt4 emulation", > > > -+ .type =3D P_BOOL, > > > -+ .p_class =3D P_GLOBAL, > > > -+ .offset =3D GLOBAL_VAR(bNeutralizeNT4Emulation), > > > -+ .special =3D NULL, > > > -+ .enum_list =3D NULL, > > > -+ .flags =3D FLAG_ADVANCED, > > > -+ }, > > > -=20 > > > - {N_("DNS options"), P_SEP, P_SEPARATOR}, > > > - { > > > ---=20 > > > -1.9.3 > > > - > > > - > > > -From d1cfe2d0f3f72e8b7700eee01e47b0bb9d3b9ca3 Mon Sep 17 00:00:00 20= 01 > > > -From: Stefan Metzmacher > > > -Date: Thu, 17 Oct 2013 18:39:56 +0200 > > > -Subject: [PATCH 166/249] lib/param: add "reject md5 servers" option, > > > - defaulting to false > > > - > > > -Signed-off-by: Stefan Metzmacher > > > -Reviewed-by: Andrew Bartlett > > > -(cherry picked from commit de4f8f0825790452455a9d51e9d84d4d4a5c0d3b) > > > ---- > > > - docs-xml/smbdotconf/winbind/rejectmd5servers.xml | 23 +++++++++++++= ++++++++++ > > > - lib/param/param_functions.c | 1 + > > > - lib/param/param_table.c | 9 +++++++++ > > > - 3 files changed, 33 insertions(+) > > > - create mode 100644 docs-xml/smbdotconf/winbind/rejectmd5servers.xml > > > - > > > -diff --git a/docs-xml/smbdotconf/winbind/rejectmd5servers.xml b/docs= -xml/smbdotconf/winbind/rejectmd5servers.xml > > > -new file mode 100644 > > > -index 0000000..18f8bcb > > > ---- /dev/null > > > -+++ b/docs-xml/smbdotconf/winbind/rejectmd5servers.xml > > > -@@ -0,0 +1,23 @@ > > > -+ > > -+ context=3D"G" > > > -+ type=3D"boolean" > > > -+ advanced=3D"1" > > > -+ xmlns:samba=3D"http://www.samba.org/samba/DTD/samb= a-doc"> > > > -+ > > > -+ This option controls whether winbindd requires support > > > -+ for aes support for the netlogon secure channel. > > > -+ > > > -+ The following flags will be required NETLOGON_NEG_ARCFOUR, > > > -+ NETLOGON_NEG_SUPPORTS_AES, NETLOGON_NEG_PASSWORD_SET2 and NETLOGON= _NEG_AUTHENTICATED_RPC. > > > -+ > > > -+ You can set this to yes if all domain controllers support ae= s. > > > -+ This will prevent downgrade attacks. > > > -+ > > > -+ The behavior can be controlled per netbios domain > > > -+ by using 'reject md5 servers:NETBIOSDOMAIN =3D yes' as option. > > > -+ > > > -+ This option takes precedence to the option. > > > -+ > > > -+ > > > -+no > > > -+ > > > -diff --git a/lib/param/param_functions.c b/lib/param/param_functions= =2Ec > > > -index aef091b..ecd7f8e 100644 > > > ---- a/lib/param/param_functions.c > > > -+++ b/lib/param/param_functions.c > > > -@@ -204,6 +204,7 @@ FN_GLOBAL_BOOL(pam_password_change, bPamPassword= Change) > > > - FN_GLOBAL_BOOL(passdb_expand_explicit, bPassdbExpandExplicit) > > > - FN_GLOBAL_BOOL(passwd_chat_debug, bPasswdChatDebug) > > > - FN_GLOBAL_BOOL(registry_shares, bRegistryShares) > > > -+FN_GLOBAL_BOOL(reject_md5_servers, bRejectMD5Servers) > > > - FN_GLOBAL_BOOL(reset_on_zero_vc, bResetOnZeroVC) > > > - FN_GLOBAL_BOOL(rpc_big_endian, bRpcBigEndian) > > > - FN_GLOBAL_BOOL(stat_cache, bStatCache) > > > -diff --git a/lib/param/param_table.c b/lib/param/param_table.c > > > -index edf6829..b53f850 100644 > > > ---- a/lib/param/param_table.c > > > -+++ b/lib/param/param_table.c > > > -@@ -4197,6 +4197,15 @@ static struct parm_struct parm_table[] =3D { > > > - .enum_list =3D NULL, > > > - .flags =3D FLAG_ADVANCED, > > > - }, > > > -+ { > > > -+ .label =3D "reject md5 servers", > > > -+ .type =3D P_BOOL, > > > -+ .p_class =3D P_GLOBAL, > > > -+ .offset =3D GLOBAL_VAR(bRejectMD5Servers), > > > -+ .special =3D NULL, > > > -+ .enum_list =3D NULL, > > > -+ .flags =3D FLAG_ADVANCED, > > > -+ }, > > > -=20 > > > - {N_("DNS options"), P_SEP, P_SEPARATOR}, > > > - { > > > ---=20 > > > -1.9.3 > > > - > > > - > > > -From 2545090f09da279655510f87d02c631c74409eb1 Mon Sep 17 00:00:00 20= 01 > > > -From: Stefan Metzmacher > > > -Date: Thu, 17 Oct 2013 18:39:56 +0200 > > > -Subject: [PATCH 167/249] lib/param: add "require strong key" option, > > > - defaulting to true > > > - > > > -Signed-off-by: Stefan Metzmacher > > > -Reviewed-by: Andrew Bartlett > > > -(cherry picked from commit 6630c68cce8fbbd700e7d4cd92ec3ebb2a268f06) > > > ---- > > > - docs-xml/smbdotconf/winbind/requirestrongkey.xml | 27 +++++++++++++= +++++++++++ > > > - lib/param/loadparm.c | 1 + > > > - lib/param/param_functions.c | 1 + > > > - lib/param/param_table.c | 9 ++++++++ > > > - 4 files changed, 38 insertions(+) > > > - create mode 100644 docs-xml/smbdotconf/winbind/requirestrongkey.xml > > > - > > > -diff --git a/docs-xml/smbdotconf/winbind/requirestrongkey.xml b/docs= -xml/smbdotconf/winbind/requirestrongkey.xml > > > -new file mode 100644 > > > -index 0000000..de749bb > > > ---- /dev/null > > > -+++ b/docs-xml/smbdotconf/winbind/requirestrongkey.xml > > > -@@ -0,0 +1,27 @@ > > > -+ > > -+ context=3D"G" > > > -+ type=3D"boolean" > > > -+ advanced=3D"1" > > > -+ xmlns:samba=3D"http://www.samba.org/samba/DTD/samb= a-doc"> > > > -+ > > > -+ This option controls whether winbindd requires support > > > -+ for md5 strong key support for the netlogon secure channel. > > > -+ > > > -+ The following flags will be required NETLOGON_NEG_STRONG_KEY= S, > > > -+ NETLOGON_NEG_ARCFOUR and NETLOGON_NEG_AUTHENTICATED_RPC. > > > -+ > > > -+ You can set this to no if some domain controllers only suppo= rt des. > > > -+ This might allows weak crypto to be negotiated, may via downgrade = attacks. > > > -+ > > > -+ The behavior can be controlled per netbios domain > > > -+ by using 'require strong key:NETBIOSDOMAIN =3D no' as option. > > > -+ > > > -+ Note for active directory domain this option is hardcoded to= 'yes' > > > -+ > > > -+ This option yields precedence to the option. > > > -+ > > > -+ This option takes precedence to the option. > > > -+ > > > -+ > > > -+yes > > > -+ > > > -diff --git a/lib/param/loadparm.c b/lib/param/loadparm.c > > > -index 23b45e2..a84a166 100644 > > > ---- a/lib/param/loadparm.c > > > -+++ b/lib/param/loadparm.c > > > -@@ -2183,6 +2183,7 @@ struct loadparm_context *loadparm_init(TALLOC_= CTX *mem_ctx) > > > -=20 > > > - lpcfg_do_global_parameter(lp_ctx, "winbind separator", "\\"); > > > - lpcfg_do_global_parameter(lp_ctx, "winbind sealed pipes", "True"); > > > -+ lpcfg_do_global_parameter(lp_ctx, "require strong key", "True"); > > > - lpcfg_do_global_parameter(lp_ctx, "winbindd socket directory", dyn= _WINBINDD_SOCKET_DIR); > > > - lpcfg_do_global_parameter(lp_ctx, "winbindd privileged socket dire= ctory", dyn_WINBINDD_PRIVILEGED_SOCKET_DIR); > > > - lpcfg_do_global_parameter(lp_ctx, "ntp signd socket directory", dy= n_NTP_SIGND_SOCKET_DIR); > > > -diff --git a/lib/param/param_functions.c b/lib/param/param_functions= =2Ec > > > -index ecd7f8e..41b137f 100644 > > > ---- a/lib/param/param_functions.c > > > -+++ b/lib/param/param_functions.c > > > -@@ -205,6 +205,7 @@ FN_GLOBAL_BOOL(passdb_expand_explicit, bPassdbEx= pandExplicit) > > > - FN_GLOBAL_BOOL(passwd_chat_debug, bPasswdChatDebug) > > > - FN_GLOBAL_BOOL(registry_shares, bRegistryShares) > > > - FN_GLOBAL_BOOL(reject_md5_servers, bRejectMD5Servers) > > > -+FN_GLOBAL_BOOL(require_strong_key, bRequireStrongKey) > > > - FN_GLOBAL_BOOL(reset_on_zero_vc, bResetOnZeroVC) > > > - FN_GLOBAL_BOOL(rpc_big_endian, bRpcBigEndian) > > > - FN_GLOBAL_BOOL(stat_cache, bStatCache) > > > -diff --git a/lib/param/param_table.c b/lib/param/param_table.c > > > -index b53f850..36e8554 100644 > > > ---- a/lib/param/param_table.c > > > -+++ b/lib/param/param_table.c > > > -@@ -4206,6 +4206,15 @@ static struct parm_struct parm_table[] =3D { > > > - .enum_list =3D NULL, > > > - .flags =3D FLAG_ADVANCED, > > > - }, > > > -+ { > > > -+ .label =3D "require strong key", > > > -+ .type =3D P_BOOL, > > > -+ .p_class =3D P_GLOBAL, > > > -+ .offset =3D GLOBAL_VAR(bRequireStrongKey), > > > -+ .special =3D NULL, > > > -+ .enum_list =3D NULL, > > > -+ .flags =3D FLAG_ADVANCED, > > > -+ }, > > > -=20 > > > - {N_("DNS options"), P_SEP, P_SEPARATOR}, > > > - { > > > ---=20 > > > -1.9.3 > > > - > > > - > > > -From 4e604cc566b2854045c5b794a846c1ab1ef4a35f Mon Sep 17 00:00:00 20= 01 > > > -From: Stefan Metzmacher > > > -Date: Thu, 17 Oct 2013 19:01:47 +0200 > > > -Subject: [PATCH 168/249] s3:param: set Globals.bRequireStrongKey =3D= true > > > - > > > -Signed-off-by: Stefan Metzmacher > > > -Reviewed-by: Andrew Bartlett > > > -(cherry picked from commit e7954bcc04ec6761b2ed6dad08b90c65efafa948) > > > ---- > > > - source3/param/loadparm.c | 1 + > > > - 1 file changed, 1 insertion(+) > > > - > > > -diff --git a/source3/param/loadparm.c b/source3/param/loadparm.c > > > -index 7d95256..ed46e53 100644 > > > ---- a/source3/param/loadparm.c > > > -+++ b/source3/param/loadparm.c > > > -@@ -835,6 +835,7 @@ static void init_globals(bool reinit_globals) > > > - Globals.bEncryptPasswords =3D true; > > > - Globals.clientSchannel =3D Auto; > > > - Globals.bWinbindSealedPipes =3D true; > > > -+ Globals.bRequireStrongKey =3D true; > > > - Globals.serverSchannel =3D Auto; > > > - Globals.bReadRaw =3D true; > > > - Globals.bWriteRaw =3D true; > > > ---=20 > > > -1.9.3 > > > - > > > - > > > -From 382f69a0f3762947a3e8cc02e8e9817533073195 Mon Sep 17 00:00:00 20= 01 > > > -From: Stefan Metzmacher > > > -Date: Thu, 17 Oct 2013 18:48:15 +0200 > > > -Subject: [PATCH 169/249] libcli/auth: make use of real options in > > > - netlogon_creds_cli_context_global() > > > - > > > -Signed-off-by: Stefan Metzmacher > > > -Reviewed-by: Andrew Bartlett > > > -(cherry picked from commit fa3af7c2e8f1bf292e190ba3d933b6e1d552595d) > > > ---- > > > - libcli/auth/netlogon_creds_cli.c | 18 +++--------------- > > > - 1 file changed, 3 insertions(+), 15 deletions(-) > > > - > > > -diff --git a/libcli/auth/netlogon_creds_cli.c b/libcli/auth/netlogon= _creds_cli.c > > > -index a872b31..6590b21 100644 > > > ---- a/libcli/auth/netlogon_creds_cli.c > > > -+++ b/libcli/auth/netlogon_creds_cli.c > > > -@@ -279,11 +279,7 @@ NTSTATUS netlogon_creds_cli_context_global(stru= ct loadparm_context *lp_ctx, > > > - * allow overwrite per domain > > > - * reject md5 servers: > > > - */ > > > -- //TODO: add lpcfp_reject_md5_servers() > > > -- reject_md5_servers =3D lpcfg_parm_bool(lp_ctx, NULL, > > > -- "__default__", > > > -- "reject md5 servers", > > > -- reject_md5_servers); > > > -+ reject_md5_servers =3D lpcfg_reject_md5_servers(lp_ctx); > > > - reject_md5_servers =3D lpcfg_parm_bool(lp_ctx, NULL, > > > - "reject md5 servers", > > > - server_netbios_domain, > > > -@@ -293,11 +289,7 @@ NTSTATUS netlogon_creds_cli_context_global(stru= ct loadparm_context *lp_ctx, > > > - * allow overwrite per domain > > > - * require strong key: > > > - */ > > > -- //TODO: add lpcfp_require_strong_key() > > > -- require_strong_key =3D lpcfg_parm_bool(lp_ctx, NULL, > > > -- "__default__", > > > -- "require strong key", > > > -- require_strong_key); > > > -+ require_strong_key =3D lpcfg_require_strong_key(lp_ctx); > > > - require_strong_key =3D lpcfg_parm_bool(lp_ctx, NULL, > > > - "require strong key", > > > - server_netbios_domain, > > > -@@ -327,11 +319,7 @@ NTSTATUS netlogon_creds_cli_context_global(stru= ct loadparm_context *lp_ctx, > > > - * allow overwrite per domain > > > - * neutralize nt4 emulation: > > > - */ > > > -- //TODO: add lpcfp_neutralize_nt4_emulation() > > > -- neutralize_nt4_emulation =3D lpcfg_parm_bool(lp_ctx, NULL, > > > -- "__default__", > > > -- "neutralize nt4 emulation", > > > -- neutralize_nt4_emulation); > > > -+ neutralize_nt4_emulation =3D lpcfg_neutralize_nt4_emulation(lp_ctx= ); > > > - neutralize_nt4_emulation =3D lpcfg_parm_bool(lp_ctx, NULL, > > > - "neutralize nt4 emulation", > > > - server_netbios_domain, > > > ---=20 > > > -1.9.3 > > > - > > > - > > > -From 79e8c0c97591ed8bc129561e44b0d94757fcc4e1 Mon Sep 17 00:00:00 20= 01 > > > -From: Stefan Metzmacher > > > -Date: Mon, 23 Dec 2013 10:45:27 +0100 > > > -Subject: [PATCH 170/249] docs-xml: explain the interaction between s= ecurity =3D > > > - ads and other options. > > > - > > > -It implies 'require strong key =3D yes' and 'client schannel =3D yes= '. > > > - > > > -Signed-off-by: Stefan Metzmacher > > > -Reviewed-by: Andrew Bartlett > > > -(cherry picked from commit f703a37a56e215827dbb2a7ec8da6738bf17f600) > > > ---- > > > - docs-xml/smbdotconf/security/security.xml | 5 ++++- > > > - 1 file changed, 4 insertions(+), 1 deletion(-) > > > - > > > -diff --git a/docs-xml/smbdotconf/security/security.xml b/docs-xml/sm= bdotconf/security/security.xml > > > -index 406089f..2f5c3f7 100644 > > > ---- a/docs-xml/smbdotconf/security/security.xml > > > -+++ b/docs-xml/smbdotconf/security/security.xml > > > -@@ -99,7 +99,10 @@ > > > - =09 > > > - Note that this mode does NOT make Samba operate as a Active = Directory Domain=20 > > > - Controller. > > > --=09 > > > -+ > > > -+ Note that this forces yes > > > -+ and yes fo= r the primary domain. > > > -+ > > > - Read the chapter about Domain Membership in the HOWTO for de= tails. > > > - > > > -=20 > > > ---=20 > > > -1.9.3 > > > - > > > - > > > -From 27ea332df51e3cd8ed9601633282b688e6f288a7 Mon Sep 17 00:00:00 20= 01 > > > -From: Stefan Metzmacher > > > -Date: Mon, 23 Dec 2013 10:46:57 +0100 > > > -Subject: [PATCH 171/249] docs-xml: explain the interaction of 'client > > > - schannel' with 'require strong key =3D yes' > > > - > > > -Signed-off-by: Stefan Metzmacher > > > -Reviewed-by: Andrew Bartlett > > > -(cherry picked from commit 1d69fdddd5287757c2e67b0982d00241a6d75d26) > > > ---- > > > - docs-xml/smbdotconf/security/clientschannel.xml | 5 +++++ > > > - 1 file changed, 5 insertions(+) > > > - > > > -diff --git a/docs-xml/smbdotconf/security/clientschannel.xml b/docs-= xml/smbdotconf/security/clientschannel.xml > > > -index e229182..ac4cc59 100644 > > > ---- a/docs-xml/smbdotconf/security/clientschannel.xml > > > -+++ b/docs-xml/smbdotconf/security/clientschannel.xml > > > -@@ -12,6 +12,11 @@ > > > - enforce it, and yes denies access=20 > > > - if the server is not able to speak netlogon schannel.=20 > > > - > > > -+ > > > -+ Note that for active directory domains this is hardcoded = to > > > -+ yes. > > > -+ > > > -+ This option yields precedence to the option. > > > - > > > - auto > > > - yes > > > ---=20 > > > -1.9.3 > > > - > > > - > > > -From 4853daeffb1916db3b92dc6ba9e5776652ec5f4e Mon Sep 17 00:00:00 20= 01 > > > -From: Stefan Metzmacher > > > -Date: Thu, 17 Oct 2013 19:31:58 +0200 > > > -Subject: [PATCH 172/249] s3:winbindd: make use of the "winbind seale= d pipes" > > > - option for all connections > > > - > > > -Signed-off-by: Stefan Metzmacher > > > -Reviewed-by: Andrew Bartlett > > > -(cherry picked from commit 225982e1cb6276ed5c6a47c0e4827d75e8ab2fb1) > > > ---- > > > - source3/winbindd/winbindd.h | 3 +++ > > > - source3/winbindd/winbindd_cm.c | 20 +++++++++++++++++--- > > > - 2 files changed, 20 insertions(+), 3 deletions(-) > > > - > > > -diff --git a/source3/winbindd/winbindd.h b/source3/winbindd/winbindd= =2Eh > > > -index 72eb3ec..afde685 100644 > > > ---- a/source3/winbindd/winbindd.h > > > -+++ b/source3/winbindd/winbindd.h > > > -@@ -25,6 +25,7 @@ > > > -=20 > > > - #include "nsswitch/winbind_struct_protocol.h" > > > - #include "nsswitch/libwbclient/wbclient.h" > > > -+#include "librpc/gen_ndr/dcerpc.h" > > > - #include "librpc/gen_ndr/wbint.h" > > > -=20 > > > - #include "talloc_dict.h" > > > -@@ -105,6 +106,8 @@ struct getpwent_user { > > > - struct winbindd_cm_conn { > > > - struct cli_state *cli; > > > -=20 > > > -+ enum dcerpc_AuthLevel auth_level; > > > -+ > > > - struct rpc_pipe_client *samr_pipe; > > > - struct policy_handle sam_connect_handle, sam_domain_handle; > > > -=20 > > > -diff --git a/source3/winbindd/winbindd_cm.c b/source3/winbindd/winbi= ndd_cm.c > > > -index c4f59d3..6c1244e 100644 > > > ---- a/source3/winbindd/winbindd_cm.c > > > -+++ b/source3/winbindd/winbindd_cm.c > > > -@@ -1722,6 +1722,7 @@ static NTSTATUS cm_open_connection(struct winb= indd_domain *domain, > > > - } > > > -=20 > > > - if (NT_STATUS_IS_OK(result)) { > > > -+ bool seal_pipes =3D true; > > > -=20 > > > - winbindd_set_locator_kdc_envs(domain); > > > -=20 > > > -@@ -1741,6 +1742,17 @@ static NTSTATUS cm_open_connection(struct win= bindd_domain *domain, > > > - */ > > > - store_current_dc_in_gencache(domain->name, domain->dcname, > > > - new_conn->cli); > > > -+ > > > -+ seal_pipes =3D lp_winbind_sealed_pipes(); > > > -+ seal_pipes =3D lp_parm_bool(-1, "winbind sealed pipes", > > > -+ domain->name, > > > -+ seal_pipes); > > > -+ > > > -+ if (seal_pipes) { > > > -+ new_conn->auth_level =3D DCERPC_AUTH_LEVEL_PRIVACY; > > > -+ } else { > > > -+ new_conn->auth_level =3D DCERPC_AUTH_LEVEL_INTEGRITY; > > > -+ } > > > - } else { > > > - /* Ensure we setup the retry handler. */ > > > - set_domain_offline(domain); > > > -@@ -1813,6 +1825,8 @@ void invalidate_cm_connection(struct winbindd_= cm_conn *conn) > > > - } > > > - } > > > -=20 > > > -+ conn->auth_level =3D DCERPC_AUTH_LEVEL_PRIVACY; > > > -+ > > > - if (conn->cli) { > > > - cli_shutdown(conn->cli); > > > - } > > > -@@ -2363,7 +2377,7 @@ NTSTATUS cm_connect_sam(struct winbindd_domain= *domain, TALLOC_CTX *mem_ctx, > > > - &ndr_table_samr, > > > - NCACN_NP, > > > - GENSEC_OID_NTLMSSP, > > > -- DCERPC_AUTH_LEVEL_PRIVACY, > > > -+ conn->auth_level, > > > - smbXcli_conn_remote_name(conn->cli->conn), > > > - domain_name, > > > - machine_account, > > > -@@ -2534,7 +2548,7 @@ NTSTATUS cm_connect_lsa_tcp(struct winbindd_do= main *domain, > > > -=20 > > > - if (conn->lsa_pipe_tcp && > > > - conn->lsa_pipe_tcp->transport->transport =3D=3D NCACN_IP_TCP && > > > -- conn->lsa_pipe_tcp->auth->auth_level =3D=3D DCERPC_AUTH_LEVEL_= PRIVACY && > > > -+ conn->lsa_pipe_tcp->auth->auth_level >=3D DCERPC_AUTH_LEVEL_IN= TEGRITY && > > > - rpccli_is_connected(conn->lsa_pipe_tcp)) { > > > - goto done; > > > - } > > > -@@ -2602,7 +2616,7 @@ NTSTATUS cm_connect_lsa(struct winbindd_domain= *domain, TALLOC_CTX *mem_ctx, > > > - result =3D cli_rpc_pipe_open_spnego > > > - (conn->cli, &ndr_table_lsarpc, NCACN_NP, > > > - GENSEC_OID_NTLMSSP, > > > -- DCERPC_AUTH_LEVEL_PRIVACY, > > > -+ conn->auth_level, > > > - smbXcli_conn_remote_name(conn->cli->conn), > > > - conn->cli->domain, conn->cli->user_name, conn->cli->password, > > > - &conn->lsa_pipe); > > > ---=20 > > > -1.9.3 > > > - > > > - > > > -From c2116e6a1ee32ff36942091287e90b08d1ecf6d1 Mon Sep 17 00:00:00 20= 01 > > > -From: Stefan Metzmacher > > > -Date: Thu, 14 Nov 2013 18:53:06 +0100 > > > -Subject: [PATCH 173/249] docs-xml: update 'winbind sealed pipes' des= cription > > > - > > > -Signed-off-by: Stefan Metzmacher > > > -Reviewed-by: Andrew Bartlett > > > -(cherry picked from commit 11aed7cd3dbd967593b34a206f0802fd0002bf27) > > > ---- > > > - docs-xml/smbdotconf/winbind/winbindsealedpipes.xml | 6 +++--- > > > - 1 file changed, 3 insertions(+), 3 deletions(-) > > > - > > > -diff --git a/docs-xml/smbdotconf/winbind/winbindsealedpipes.xml b/do= cs-xml/smbdotconf/winbind/winbindsealedpipes.xml > > > -index 26f446e..63f5588 100644 > > > ---- a/docs-xml/smbdotconf/winbind/winbindsealedpipes.xml > > > -+++ b/docs-xml/smbdotconf/winbind/winbindsealedpipes.xml > > > -@@ -4,12 +4,12 @@ > > > - advanced=3D"1" developer=3D"1" > > > - xmlns:samba=3D"http://www.samba.org/samba/DTD/samb= a-doc"> > > > - > > > -- This option controls whether any requests made over the Samb= a 4 winbind > > > -+ This option controls whether any requests from winbindd to d= omain controllers > > > - pipe will be sealed. Disabling sealing can be useful for debugging > > > - purposes. > > > -=20 > > > -- Note that this option only applies to the Samba 4 winbind an= d not > > > -- to the standard winbind. > > > -+ The behavior can be controlled per netbios domain > > > -+ by using 'winbind sealed pipes:NETBIOSDOMAIN =3D no' as option. > > > - > > > -=20 > > > - yes > > > ---=20 > > > -1.9.3 > > > - > > > - > > > -From ea14b4a713a85a2d87cba6ad88127020e1d5e813 Mon Sep 17 00:00:00 20= 01 > > > -From: Stefan Metzmacher > > > -Date: Sat, 27 Jul 2013 11:30:13 +0200 > > > -Subject: [PATCH 174/249] s3:rpc_client: make use of the new > > > - netlogon_creds_cli_context > > > - > > > -This exchanges rpc_pipe_client->dc with rpc_pipe_client->netlogon_cr= eds > > > -and lets the secure channel session state be stored in node local da= tabase. > > > - > > > -This is the proper fix for a large number of bugs: > > > -https://bugzilla.samba.org/show_bug.cgi?id=3D6563 > > > -https://bugzilla.samba.org/show_bug.cgi?id=3D7944 > > > -https://bugzilla.samba.org/show_bug.cgi?id=3D7945 > > > -https://bugzilla.samba.org/show_bug.cgi?id=3D7568 > > > -https://bugzilla.samba.org/show_bug.cgi?id=3D8599 > > > - > > > -Signed-off-by: Stefan Metzmacher > > > -Reviewed-by: Andrew Bartlett > > > -(cherry picked from commit 38d4dba37406515181e4d6f1a1faffc18e652e27) > > > ---- > > > - source3/libnet/libnet_join.c | 3 +- > > > - source3/libnet/libnet_samsync.c | 19 +- > > > - source3/rpc_client/cli_netlogon.c | 436 ++++++++--------------= ----------- > > > - source3/rpc_client/cli_pipe.c | 139 +++-------- > > > - source3/rpc_client/cli_pipe.h | 2 +- > > > - source3/rpc_client/cli_pipe_schannel.c | 3 +- > > > - source3/rpc_client/rpc_client.h | 2 +- > > > - source3/rpcclient/cmd_netlogon.c | 57 ++++- > > > - source3/winbindd/winbindd.h | 9 - > > > - source3/winbindd/winbindd_cm.c | 36 +-- > > > - source3/winbindd/winbindd_pam.c | 136 ++-------- > > > - source3/wscript_build | 6 +- > > > - 12 files changed, 250 insertions(+), 598 deletions(-) > > > - > > > -diff --git a/source3/libnet/libnet_join.c b/source3/libnet/libnet_jo= in.c > > > -index c1eccda..5dc620f 100644 > > > ---- a/source3/libnet/libnet_join.c > > > -+++ b/source3/libnet/libnet_join.c > > > -@@ -1279,7 +1279,8 @@ NTSTATUS libnet_join_ok(const char *netbios_do= main_name, > > > - status =3D cli_rpc_pipe_open_schannel_with_key( > > > - cli, &ndr_table_netlogon, NCACN_NP, > > > - DCERPC_AUTH_LEVEL_PRIVACY, > > > -- netbios_domain_name, &netlogon_pipe->dc, &pipe_hnd); > > > -+ netbios_domain_name, > > > -+ netlogon_pipe->netlogon_creds, &pipe_hnd); > > > -=20 > > > - cli_shutdown(cli); > > > -=20 > > > -diff --git a/source3/libnet/libnet_samsync.c b/source3/libnet/libnet= _samsync.c > > > -index a103785..02d3fc6 100644 > > > ---- a/source3/libnet/libnet_samsync.c > > > -+++ b/source3/libnet/libnet_samsync.c > > > -@@ -30,6 +30,7 @@ > > > - #include "../librpc/gen_ndr/ndr_netlogon_c.h" > > > - #include "../libcli/security/security.h" > > > - #include "messages.h" > > > -+#include "../libcli/auth/netlogon_creds_cli.h" > > > -=20 > > > - /** > > > - * Fix up the delta, dealing with encryption issues so that the fin= al > > > -@@ -213,8 +214,15 @@ static NTSTATUS libnet_samsync_delta(TALLOC_CTX= *mem_ctx, > > > -=20 > > > - do { > > > - struct netr_DELTA_ENUM_ARRAY *delta_enum_array =3D NULL; > > > -+ struct netlogon_creds_CredentialState *creds =3D NULL; > > > -=20 > > > -- netlogon_creds_client_authenticator(ctx->cli->dc, &credential); > > > -+ status =3D netlogon_creds_cli_lock(ctx->cli->netlogon_creds, > > > -+ mem_ctx, &creds); > > > -+ if (!NT_STATUS_IS_OK(status)) { > > > -+ return status; > > > -+ } > > > -+ > > > -+ netlogon_creds_client_authenticator(creds, &credential); > > > -=20 > > > - if (ctx->single_object_replication && > > > - !ctx->force_full_replication) { > > > -@@ -254,28 +262,33 @@ static NTSTATUS libnet_samsync_delta(TALLOC_CT= X *mem_ctx, > > > - } > > > -=20 > > > - if (!NT_STATUS_IS_OK(status)) { > > > -+ TALLOC_FREE(creds); > > > - return status; > > > - } > > > -=20 > > > - /* Check returned credentials. */ > > > -- if (!netlogon_creds_client_check(ctx->cli->dc, > > > -+ if (!netlogon_creds_client_check(creds, > > > - &return_authenticator.cred)) { > > > -+ TALLOC_FREE(creds); > > > - DEBUG(0,("credentials chain check failed\n")); > > > - return NT_STATUS_ACCESS_DENIED; > > > - } > > > -=20 > > > - if (NT_STATUS_EQUAL(result, NT_STATUS_NOT_SUPPORTED)) { > > > -+ TALLOC_FREE(creds); > > > - return result; > > > - } > > > -=20 > > > - if (NT_STATUS_IS_ERR(result)) { > > > -+ TALLOC_FREE(creds); > > > - break; > > > - } > > > -=20 > > > - samsync_fix_delta_array(mem_ctx, > > > -- ctx->cli->dc, > > > -+ creds, > > > - database_id, > > > - delta_enum_array); > > > -+ TALLOC_FREE(creds); > > > -=20 > > > - /* Process results */ > > > - callback_status =3D ctx->ops->process_objects(mem_ctx, database_i= d, > > > -diff --git a/source3/rpc_client/cli_netlogon.c b/source3/rpc_client/= cli_netlogon.c > > > -index 5e8a2fc..fcd24d6 100644 > > > ---- a/source3/rpc_client/cli_netlogon.c > > > -+++ b/source3/rpc_client/cli_netlogon.c > > > -@@ -23,11 +23,13 @@ > > > - #include "includes.h" > > > - #include "rpc_client/rpc_client.h" > > > - #include "../libcli/auth/libcli_auth.h" > > > -+#include "../libcli/auth/netlogon_creds_cli.h" > > > - #include "../librpc/gen_ndr/ndr_netlogon_c.h" > > > - #include "rpc_client/cli_netlogon.h" > > > - #include "rpc_client/init_netlogon.h" > > > - #include "rpc_client/util_netlogon.h" > > > - #include "../libcli/security/security.h" > > > -+#include "lib/param/param.h" > > > -=20 > > > - /******************************************************************= ********** > > > - Wrapper function that uses the auth and auth2 calls to set up a NE= TLOGON > > > -@@ -44,113 +46,81 @@ NTSTATUS rpccli_netlogon_setup_creds(struct rpc= _pipe_client *cli, > > > - enum netr_SchannelType sec_chan_type, > > > - uint32_t *neg_flags_inout) > > > - { > > > -+ TALLOC_CTX *frame =3D talloc_stackframe(); > > > -+ struct loadparm_context *lp_ctx; > > > - NTSTATUS status; > > > -- NTSTATUS result =3D NT_STATUS_UNSUCCESSFUL; > > > -- struct netr_Credential clnt_chal_send; > > > -- struct netr_Credential srv_chal_recv; > > > - struct samr_Password password; > > > -- bool retried =3D false; > > > - fstring mach_acct; > > > -- uint32_t neg_flags =3D *neg_flags_inout; > > > - struct dcerpc_binding_handle *b =3D cli->binding_handle; > > > -+ struct netlogon_creds_CredentialState *creds =3D NULL; > > > -=20 > > > - if (!ndr_syntax_id_equal(&cli->abstract_syntax, > > > - &ndr_table_netlogon.syntax_id)) { > > > -+ TALLOC_FREE(frame); > > > - return NT_STATUS_INVALID_PARAMETER; > > > - } > > > -=20 > > > -- TALLOC_FREE(cli->dc); > > > -- > > > -- /* Store the machine account password we're going to use. */ > > > -- memcpy(password.hash, machine_pwd, 16); > > > -- > > > -- fstr_sprintf( mach_acct, "%s$", machine_account); > > > -- > > > -- again: > > > -- /* Create the client challenge. */ > > > -- generate_random_buffer(clnt_chal_send.data, 8); > > > -- > > > -- /* Get the server challenge. */ > > > -- status =3D dcerpc_netr_ServerReqChallenge(b, talloc_tos(), > > > -- cli->srv_name_slash, > > > -- clnt_name, > > > -- &clnt_chal_send, > > > -- &srv_chal_recv, > > > -- &result); > > > -- if (!NT_STATUS_IS_OK(status)) { > > > -- return status; > > > -- } > > > -- if (!NT_STATUS_IS_OK(result)) { > > > -- return result; > > > -+ if (!strequal(lp_netbios_name(), clnt_name)) { > > > -+ TALLOC_FREE(frame); > > > -+ return NT_STATUS_INVALID_PARAMETER; > > > - } > > > -=20 > > > -- /* Calculate the session key and client credentials */ > > > -+ TALLOC_FREE(cli->netlogon_creds); > > > -=20 > > > -- cli->dc =3D netlogon_creds_client_init(cli, > > > -- mach_acct, > > > -- clnt_name, > > > -- sec_chan_type, > > > -- &clnt_chal_send, > > > -- &srv_chal_recv, > > > -- &password, > > > -- &clnt_chal_send, > > > -- neg_flags); > > > -+ fstr_sprintf( mach_acct, "%s$", machine_account); > > > -=20 > > > -- if (!cli->dc) { > > > -+ lp_ctx =3D loadparm_init_s3(frame, loadparm_s3_helpers()); > > > -+ if (lp_ctx =3D=3D NULL) { > > > -+ TALLOC_FREE(frame); > > > - return NT_STATUS_NO_MEMORY; > > > - } > > > -- > > > -- /* > > > -- * Send client auth-2 challenge and receive server repy. > > > -- */ > > > -- > > > -- status =3D dcerpc_netr_ServerAuthenticate2(b, talloc_tos(), > > > -- cli->srv_name_slash, > > > -- cli->dc->account_name, > > > -- sec_chan_type, > > > -- cli->dc->computer_name, > > > -- &clnt_chal_send, /* input. */ > > > -- &srv_chal_recv, /* output. */ > > > -- &neg_flags, > > > -- &result); > > > -+ status =3D netlogon_creds_cli_context_global(lp_ctx, > > > -+ NULL, /* msg_ctx */ > > > -+ mach_acct, > > > -+ sec_chan_type, > > > -+ server_name, > > > -+ domain, > > > -+ cli, &cli->netlogon_creds); > > > -+ talloc_unlink(frame, lp_ctx); > > > - if (!NT_STATUS_IS_OK(status)) { > > > -+ TALLOC_FREE(frame); > > > - return status; > > > - } > > > -- /* we might be talking to NT4, so let's downgrade in that case and= retry > > > -- * with the returned neg_flags - gd */ > > > -=20 > > > -- if (NT_STATUS_EQUAL(result, NT_STATUS_ACCESS_DENIED) && !retried) { > > > -- retried =3D true; > > > -- TALLOC_FREE(cli->dc); > > > -- goto again; > > > -+ status =3D netlogon_creds_cli_get(cli->netlogon_creds, > > > -+ frame, &creds); > > > -+ if (NT_STATUS_IS_OK(status)) { > > > -+ DEBUG(5,("rpccli_netlogon_setup_creds: server %s using " > > > -+ "cached credential\n", > > > -+ cli->desthost)); > > > -+ *neg_flags_inout =3D creds->negotiate_flags; > > > -+ TALLOC_FREE(frame); > > > -+ return NT_STATUS_OK; > > > - } > > > -=20 > > > -- if (!NT_STATUS_IS_OK(result)) { > > > -- return result; > > > -- } > > > -- > > > -- /* > > > -- * Check the returned value using the initial > > > -- * server received challenge. > > > -- */ > > > -- > > > -- if (!netlogon_creds_client_check(cli->dc, &srv_chal_recv)) { > > > -- /* > > > -- * Server replied with bad credential. Fail. > > > -- */ > > > -- DEBUG(0,("rpccli_netlogon_setup_creds: server %s " > > > -- "replied with bad credential\n", > > > -- cli->desthost )); > > > -- return NT_STATUS_ACCESS_DENIED; > > > -- } > > > -+ /* Store the machine account password we're going to use. */ > > > -+ memcpy(password.hash, machine_pwd, 16); > > > -=20 > > > - DEBUG(5,("rpccli_netlogon_setup_creds: server %s credential " > > > - "chain established.\n", > > > - cli->desthost )); > > > -=20 > > > -- cli->dc->negotiate_flags =3D neg_flags; > > > -- *neg_flags_inout =3D neg_flags; > > > -+ status =3D netlogon_creds_cli_auth(cli->netlogon_creds, b, > > > -+ password, NULL); > > > -+ if (!NT_STATUS_IS_OK(status)) { > > > -+ TALLOC_FREE(frame); > > > -+ return status; > > > -+ } > > > -+ > > > -+ status =3D netlogon_creds_cli_get(cli->netlogon_creds, > > > -+ frame, &creds); > > > -+ if (!NT_STATUS_IS_OK(status)) { > > > -+ TALLOC_FREE(frame); > > > -+ return NT_STATUS_INTERNAL_ERROR; > > > -+ } > > > -=20 > > > -+ *neg_flags_inout =3D creds->negotiate_flags; > > > -+ TALLOC_FREE(frame); > > > - return NT_STATUS_OK; > > > - } > > > -=20 > > > -@@ -163,20 +133,16 @@ NTSTATUS rpccli_netlogon_sam_logon(struct rpc_= pipe_client *cli, > > > - const char *username, > > > - const char *password, > > > - const char *workstation, > > > -- uint16_t validation_level, > > > -+ uint16_t _ignored_validation_level, > > > - int logon_type) > > > - { > > > -- NTSTATUS result =3D NT_STATUS_UNSUCCESSFUL; > > > - NTSTATUS status; > > > -- struct netr_Authenticator clnt_creds; > > > -- struct netr_Authenticator ret_creds; > > > - union netr_LogonLevel *logon; > > > -- union netr_Validation validation; > > > -- uint8_t authoritative; > > > -+ uint16_t validation_level =3D 0; > > > -+ union netr_Validation *validation =3D NULL; > > > -+ uint8_t authoritative =3D 0; > > > -+ uint32_t flags =3D 0; > > > - fstring clnt_name_slash; > > > -- struct dcerpc_binding_handle *b =3D cli->binding_handle; > > > -- > > > -- ZERO_STRUCT(ret_creds); > > > -=20 > > > - logon =3D talloc_zero(mem_ctx, union netr_LogonLevel); > > > - if (!logon) { > > > -@@ -191,8 +157,6 @@ NTSTATUS rpccli_netlogon_sam_logon(struct rpc_pi= pe_client *cli, > > > -=20 > > > - /* Initialise input parameters */ > > > -=20 > > > -- netlogon_creds_client_authenticator(cli->dc, &clnt_creds); > > > -- > > > - switch (logon_type) { > > > - case NetlogonInteractiveInformation: { > > > -=20 > > > -@@ -208,17 +172,6 @@ NTSTATUS rpccli_netlogon_sam_logon(struct rpc_p= ipe_client *cli, > > > -=20 > > > - nt_lm_owf_gen(password, ntpassword.hash, lmpassword.hash); > > > -=20 > > > -- if (cli->dc->negotiate_flags & NETLOGON_NEG_SUPPORTS_AES) { > > > -- netlogon_creds_aes_encrypt(cli->dc, lmpassword.hash, 16); > > > -- netlogon_creds_aes_encrypt(cli->dc, ntpassword.hash, 16); > > > -- } else if (cli->dc->negotiate_flags & NETLOGON_NEG_ARCFOUR) { > > > -- netlogon_creds_arcfour_crypt(cli->dc, lmpassword.hash, 16); > > > -- netlogon_creds_arcfour_crypt(cli->dc, ntpassword.hash, 16); > > > -- } else { > > > -- netlogon_creds_des_encrypt(cli->dc, &lmpassword); > > > -- netlogon_creds_des_encrypt(cli->dc, &ntpassword); > > > -- } > > > -- > > > - password_info->identity_info.domain_name.string =3D domain; > > > - password_info->identity_info.parameter_control =3D logon_paramet= ers; > > > - password_info->identity_info.logon_id_low =3D 0xdead; > > > -@@ -281,28 +234,20 @@ NTSTATUS rpccli_netlogon_sam_logon(struct rpc_= pipe_client *cli, > > > - return NT_STATUS_INVALID_INFO_CLASS; > > > - } > > > -=20 > > > -- status =3D dcerpc_netr_LogonSamLogon(b, mem_ctx, > > > -- cli->srv_name_slash, > > > -- lp_netbios_name(), > > > -- &clnt_creds, > > > -- &ret_creds, > > > -- logon_type, > > > -- logon, > > > -- validation_level, > > > -- &validation, > > > -- &authoritative, > > > -- &result); > > > -+ status =3D netlogon_creds_cli_LogonSamLogon(cli->netlogon_creds, > > > -+ cli->binding_handle, > > > -+ logon_type, > > > -+ logon, > > > -+ mem_ctx, > > > -+ &validation_level, > > > -+ &validation, > > > -+ &authoritative, > > > -+ &flags); > > > - if (!NT_STATUS_IS_OK(status)) { > > > - return status; > > > - } > > > -=20 > > > -- /* Always check returned credentials */ > > > -- if (!netlogon_creds_client_check(cli->dc, &ret_creds.cred)) { > > > -- DEBUG(0,("rpccli_netlogon_sam_logon: credentials chain check fail= ed\n")); > > > -- return NT_STATUS_ACCESS_DENIED; > > > -- } > > > -- > > > -- return result; > > > -+ return NT_STATUS_OK; > > > - } > > > -=20 > > > - static NTSTATUS map_validation_to_info3(TALLOC_CTX *mem_ctx, > > > -@@ -366,29 +311,24 @@ NTSTATUS rpccli_netlogon_sam_network_logon(str= uct rpc_pipe_client *cli, > > > - const char *domain, > > > - const char *workstation, > > > - const uint8 chal[8], > > > -- uint16_t validation_level, > > > -+ uint16_t _ignored_validation_level, > > > - DATA_BLOB lm_response, > > > - DATA_BLOB nt_response, > > > - struct netr_SamInfo3 **info3) > > > - { > > > -- NTSTATUS result =3D NT_STATUS_UNSUCCESSFUL; > > > - NTSTATUS status; > > > - const char *workstation_name_slash; > > > -- const char *server_name_slash; > > > -- struct netr_Authenticator clnt_creds; > > > -- struct netr_Authenticator ret_creds; > > > - union netr_LogonLevel *logon =3D NULL; > > > - struct netr_NetworkInfo *network_info; > > > -- uint8_t authoritative; > > > -- union netr_Validation validation; > > > -+ uint16_t validation_level =3D 0; > > > -+ union netr_Validation *validation =3D NULL; > > > -+ uint8_t authoritative =3D 0; > > > -+ uint32_t flags =3D 0; > > > - struct netr_ChallengeResponse lm; > > > - struct netr_ChallengeResponse nt; > > > -- struct dcerpc_binding_handle *b =3D cli->binding_handle; > > > -=20 > > > - *info3 =3D NULL; > > > -=20 > > > -- ZERO_STRUCT(ret_creds); > > > -- > > > - ZERO_STRUCT(lm); > > > - ZERO_STRUCT(nt); > > > -=20 > > > -@@ -402,21 +342,13 @@ NTSTATUS rpccli_netlogon_sam_network_logon(str= uct rpc_pipe_client *cli, > > > - return NT_STATUS_NO_MEMORY; > > > - } > > > -=20 > > > -- netlogon_creds_client_authenticator(cli->dc, &clnt_creds); > > > -- > > > -- if (server[0] !=3D '\\' && server[1] !=3D '\\') { > > > -- server_name_slash =3D talloc_asprintf(mem_ctx, "\\\\%s", server); > > > -- } else { > > > -- server_name_slash =3D server; > > > -- } > > > -- > > > - if (workstation[0] !=3D '\\' && workstation[1] !=3D '\\') { > > > - workstation_name_slash =3D talloc_asprintf(mem_ctx, "\\\\%s", wor= kstation); > > > - } else { > > > - workstation_name_slash =3D workstation; > > > - } > > > -=20 > > > -- if (!workstation_name_slash || !server_name_slash) { > > > -+ if (!workstation_name_slash) { > > > - DEBUG(0, ("talloc_asprintf failed!\n")); > > > - return NT_STATUS_NO_MEMORY; > > > - } > > > -@@ -443,40 +375,27 @@ NTSTATUS rpccli_netlogon_sam_network_logon(str= uct rpc_pipe_client *cli, > > > -=20 > > > - /* Marshall data and send request */ > > > -=20 > > > -- status =3D dcerpc_netr_LogonSamLogon(b, mem_ctx, > > > -- server_name_slash, > > > -- lp_netbios_name(), > > > -- &clnt_creds, > > > -- &ret_creds, > > > -- NetlogonNetworkInformation, > > > -- logon, > > > -- validation_level, > > > -- &validation, > > > -- &authoritative, > > > -- &result); > > > -+ status =3D netlogon_creds_cli_LogonSamLogon(cli->netlogon_creds, > > > -+ cli->binding_handle, > > > -+ NetlogonNetworkInformation, > > > -+ logon, > > > -+ mem_ctx, > > > -+ &validation_level, > > > -+ &validation, > > > -+ &authoritative, > > > -+ &flags); > > > - if (!NT_STATUS_IS_OK(status)) { > > > - return status; > > > - } > > > -=20 > > > -- /* Always check returned credentials. */ > > > -- if (!netlogon_creds_client_check(cli->dc, &ret_creds.cred)) { > > > -- DEBUG(0,("rpccli_netlogon_sam_network_logon: credentials chain ch= eck failed\n")); > > > -- return NT_STATUS_ACCESS_DENIED; > > > -- } > > > -- > > > -- if (!NT_STATUS_IS_OK(result)) { > > > -- return result; > > > -- } > > > -- > > > -- netlogon_creds_decrypt_samlogon_validation(cli->dc, validation_lev= el, > > > -- &validation); > > > -- > > > -- result =3D map_validation_to_info3(mem_ctx, validation_level, &val= idation, info3); > > > -- if (!NT_STATUS_IS_OK(result)) { > > > -- return result; > > > -+ status =3D map_validation_to_info3(mem_ctx, > > > -+ validation_level, validation, > > > -+ info3); > > > -+ if (!NT_STATUS_IS_OK(status)) { > > > -+ return status; > > > - } > > > -=20 > > > -- return result; > > > -+ return NT_STATUS_OK; > > > - } > > > -=20 > > > - NTSTATUS rpccli_netlogon_sam_network_logon_ex(struct rpc_pipe_clien= t *cli, > > > -@@ -492,100 +411,18 @@ NTSTATUS rpccli_netlogon_sam_network_logon_ex= (struct rpc_pipe_client *cli, > > > - DATA_BLOB nt_response, > > > - struct netr_SamInfo3 **info3) > > > - { > > > -- NTSTATUS result =3D NT_STATUS_UNSUCCESSFUL; > > > -- NTSTATUS status; > > > -- const char *workstation_name_slash; > > > -- const char *server_name_slash; > > > -- union netr_LogonLevel *logon =3D NULL; > > > -- struct netr_NetworkInfo *network_info; > > > -- uint8_t authoritative; > > > -- union netr_Validation validation; > > > -- struct netr_ChallengeResponse lm; > > > -- struct netr_ChallengeResponse nt; > > > -- uint32_t flags =3D 0; > > > -- struct dcerpc_binding_handle *b =3D cli->binding_handle; > > > -- > > > -- *info3 =3D NULL; > > > -- > > > -- ZERO_STRUCT(lm); > > > -- ZERO_STRUCT(nt); > > > -- > > > -- logon =3D talloc_zero(mem_ctx, union netr_LogonLevel); > > > -- if (!logon) { > > > -- return NT_STATUS_NO_MEMORY; > > > -- } > > > -- > > > -- network_info =3D talloc_zero(mem_ctx, struct netr_NetworkInfo); > > > -- if (!network_info) { > > > -- return NT_STATUS_NO_MEMORY; > > > -- } > > > -- > > > -- if (server[0] !=3D '\\' && server[1] !=3D '\\') { > > > -- server_name_slash =3D talloc_asprintf(mem_ctx, "\\\\%s", server); > > > -- } else { > > > -- server_name_slash =3D server; > > > -- } > > > -- > > > -- if (workstation[0] !=3D '\\' && workstation[1] !=3D '\\') { > > > -- workstation_name_slash =3D talloc_asprintf(mem_ctx, "\\\\%s", wor= kstation); > > > -- } else { > > > -- workstation_name_slash =3D workstation; > > > -- } > > > -- > > > -- if (!workstation_name_slash || !server_name_slash) { > > > -- DEBUG(0, ("talloc_asprintf failed!\n")); > > > -- return NT_STATUS_NO_MEMORY; > > > -- } > > > -- > > > -- /* Initialise input parameters */ > > > -- > > > -- lm.data =3D lm_response.data; > > > -- lm.length =3D lm_response.length; > > > -- nt.data =3D nt_response.data; > > > -- nt.length =3D nt_response.length; > > > -- > > > -- network_info->identity_info.domain_name.string =3D domain; > > > -- network_info->identity_info.parameter_control =3D logon_parameter= s; > > > -- network_info->identity_info.logon_id_low =3D 0xdead; > > > -- network_info->identity_info.logon_id_high =3D 0xbeef; > > > -- network_info->identity_info.account_name.string =3D username; > > > -- network_info->identity_info.workstation.string =3D workstation_na= me_slash; > > > -- > > > -- memcpy(network_info->challenge, chal, 8); > > > -- network_info->nt =3D nt; > > > -- network_info->lm =3D lm; > > > -- > > > -- logon->network =3D network_info; > > > -- > > > -- /* Marshall data and send request */ > > > -- > > > -- status =3D dcerpc_netr_LogonSamLogonEx(b, mem_ctx, > > > -- server_name_slash, > > > -- lp_netbios_name(), > > > -- NetlogonNetworkInformation, > > > -- logon, > > > -- validation_level, > > > -- &validation, > > > -- &authoritative, > > > -- &flags, > > > -- &result); > > > -- if (!NT_STATUS_IS_OK(status)) { > > > -- return status; > > > -- } > > > -- > > > -- if (!NT_STATUS_IS_OK(result)) { > > > -- return result; > > > -- } > > > -- > > > -- netlogon_creds_decrypt_samlogon_validation(cli->dc, validation_lev= el, > > > -- &validation); > > > -- > > > -- result =3D map_validation_to_info3(mem_ctx, validation_level, &val= idation, info3); > > > -- if (!NT_STATUS_IS_OK(result)) { > > > -- return result; > > > -- } > > > -- > > > -- return result; > > > -+ return rpccli_netlogon_sam_network_logon(cli, > > > -+ mem_ctx, > > > -+ logon_parameters, > > > -+ server, > > > -+ username, > > > -+ domain, > > > -+ workstation, > > > -+ chal, > > > -+ validation_level, > > > -+ lm_response, > > > -+ nt_response, > > > -+ info3); > > > - } > > > -=20 > > > - /********************************************************* > > > -@@ -605,11 +442,9 @@ NTSTATUS rpccli_netlogon_set_trust_password(str= uct rpc_pipe_client *cli, > > > - const unsigned char new_trust_passwd_hash[16], > > > - enum netr_SchannelType sec_channel_type) > > > - { > > > -- NTSTATUS result, status; > > > -- struct netr_Authenticator clnt_creds, srv_cred; > > > -- struct dcerpc_binding_handle *b =3D cli->binding_handle; > > > -+ NTSTATUS result; > > > -=20 > > > -- if (!cli->dc) { > > > -+ if (cli->netlogon_creds =3D=3D NULL) { > > > - uint32_t neg_flags =3D NETLOGON_NEG_AUTH2_ADS_FLAGS | > > > - NETLOGON_NEG_SUPPORTS_AES; > > > - result =3D rpccli_netlogon_setup_creds(cli, > > > -@@ -627,77 +462,16 @@ NTSTATUS rpccli_netlogon_set_trust_password(st= ruct rpc_pipe_client *cli, > > > - } > > > - } > > > -=20 > > > -- netlogon_creds_client_authenticator(cli->dc, &clnt_creds); > > > -- > > > -- if (cli->dc->negotiate_flags & NETLOGON_NEG_PASSWORD_SET2) { > > > -- > > > -- struct netr_CryptPassword new_password; > > > -- uint32_t old_timeout; > > > -- > > > -- init_netr_CryptPassword(new_trust_pwd_cleartext, > > > -- cli->dc, > > > -- &new_password); > > > -- > > > -- old_timeout =3D dcerpc_binding_handle_set_timeout(b, 600000); > > > -- > > > -- status =3D dcerpc_netr_ServerPasswordSet2(b, mem_ctx, > > > -- cli->srv_name_slash, > > > -- cli->dc->account_name, > > > -- sec_channel_type, > > > -- cli->dc->computer_name, > > > -- &clnt_creds, > > > -- &srv_cred, > > > -- &new_password, > > > -- &result); > > > -- > > > -- dcerpc_binding_handle_set_timeout(b, old_timeout); > > > -- > > > -- if (!NT_STATUS_IS_OK(status)) { > > > -- DEBUG(0,("dcerpc_netr_ServerPasswordSet2 failed: %s\n", > > > -- nt_errstr(status))); > > > -- return status; > > > -- } > > > -- } else { > > > -- > > > -- struct samr_Password new_password; > > > -- uint32_t old_timeout; > > > -- > > > -- memcpy(new_password.hash, new_trust_passwd_hash, sizeof(new_passw= ord.hash)); > > > -- netlogon_creds_des_encrypt(cli->dc, &new_password); > > > -- > > > -- old_timeout =3D dcerpc_binding_handle_set_timeout(b, 600000); > > > -- > > > -- status =3D dcerpc_netr_ServerPasswordSet(b, mem_ctx, > > > -- cli->srv_name_slash, > > > -- cli->dc->account_name, > > > -- sec_channel_type, > > > -- cli->dc->computer_name, > > > -- &clnt_creds, > > > -- &srv_cred, > > > -- &new_password, > > > -- &result); > > > -- > > > -- dcerpc_binding_handle_set_timeout(b, old_timeout); > > > -- > > > -- if (!NT_STATUS_IS_OK(status)) { > > > -- DEBUG(0,("dcerpc_netr_ServerPasswordSet failed: %s\n", > > > -- nt_errstr(status))); > > > -- return status; > > > -- } > > > -- } > > > -- > > > -- /* Always check returned credentials. */ > > > -- if (!netlogon_creds_client_check(cli->dc, &srv_cred.cred)) { > > > -- DEBUG(0,("credentials chain check failed\n")); > > > -- return NT_STATUS_ACCESS_DENIED; > > > -- } > > > -- > > > -+ result =3D netlogon_creds_cli_ServerPasswordSet(cli->netlogon_cred= s, > > > -+ cli->binding_handle, > > > -+ new_trust_pwd_cleartext, > > > -+ NULL); /* new_version */ > > > - if (!NT_STATUS_IS_OK(result)) { > > > -- DEBUG(0,("dcerpc_netr_ServerPasswordSet{2} failed: %s\n", > > > -+ DEBUG(0,("netlogon_creds_cli_ServerPasswordSet failed: %s\n", > > > - nt_errstr(result))); > > > - return result; > > > - } > > > -=20 > > > -- return result; > > > -+ return NT_STATUS_OK; > > > - } > > > -=20 > > > -diff --git a/source3/rpc_client/cli_pipe.c b/source3/rpc_client/cli_= pipe.c > > > -index a45023f..fe1613d 100644 > > > ---- a/source3/rpc_client/cli_pipe.c > > > -+++ b/source3/rpc_client/cli_pipe.c > > > -@@ -24,6 +24,7 @@ > > > - #include "librpc/gen_ndr/ndr_epmapper_c.h" > > > - #include "../librpc/gen_ndr/ndr_dssetup.h" > > > - #include "../libcli/auth/schannel.h" > > > -+#include "../libcli/auth/netlogon_creds_cli.h" > > > - #include "auth_generic.h" > > > - #include "librpc/gen_ndr/ndr_dcerpc.h" > > > - #include "librpc/gen_ndr/ndr_netlogon_c.h" > > > -@@ -3024,34 +3025,39 @@ NTSTATUS cli_rpc_pipe_open_schannel_with_key= (struct cli_state *cli, > > > - enum dcerpc_transport_t transport, > > > - enum dcerpc_AuthLevel auth_level, > > > - const char *domain, > > > -- struct netlogon_creds_CredentialState **pdc, > > > -+ struct netlogon_creds_cli_context *netlogon_creds, > > > - struct rpc_pipe_client **_rpccli) > > > - { > > > - struct rpc_pipe_client *rpccli; > > > - struct pipe_auth_data *rpcauth; > > > -+ struct netlogon_creds_CredentialState *creds =3D NULL; > > > - NTSTATUS status; > > > -- NTSTATUS result; > > > -- struct netlogon_creds_CredentialState save_creds; > > > -- struct netr_Authenticator auth; > > > -- struct netr_Authenticator return_auth; > > > -- union netr_Capabilities capabilities; > > > - const char *target_service =3D table->authservices->names[0]; > > > -+ int rpc_pipe_bind_dbglvl =3D 0; > > > -=20 > > > - status =3D cli_rpc_pipe_open(cli, transport, table, &rpccli); > > > - if (!NT_STATUS_IS_OK(status)) { > > > - return status; > > > - } > > > -=20 > > > -+ status =3D netlogon_creds_cli_lock(netlogon_creds, rpccli, &creds); > > > -+ if (!NT_STATUS_IS_OK(status)) { > > > -+ DEBUG(0, ("netlogon_creds_cli_get returned %s\n", > > > -+ nt_errstr(status))); > > > -+ TALLOC_FREE(rpccli); > > > -+ return status; > > > -+ } > > > -+ > > > - status =3D rpccli_generic_bind_data(rpccli, > > > - DCERPC_AUTH_TYPE_SCHANNEL, > > > - auth_level, > > > - NULL, > > > - target_service, > > > - domain, > > > -- (*pdc)->computer_name, > > > -+ creds->computer_name, > > > - NULL, > > > - CRED_AUTO_USE_KERBEROS, > > > -- *pdc, > > > -+ creds, > > > - &rpcauth); > > > - if (!NT_STATUS_IS_OK(status)) { > > > - DEBUG(0, ("rpccli_generic_bind_data returned %s\n", > > > -@@ -3060,120 +3066,43 @@ NTSTATUS cli_rpc_pipe_open_schannel_with_ke= y(struct cli_state *cli, > > > - return status; > > > - } > > > -=20 > > > -- /* > > > -- * The credentials on a new netlogon pipe are the ones we are pass= ed > > > -- * in - copy them over > > > -- * > > > -- * This may get overwritten... in rpc_pipe_bind()... > > > -- */ > > > -- rpccli->dc =3D netlogon_creds_copy(rpccli, *pdc); > > > -- if (rpccli->dc =3D=3D NULL) { > > > -- TALLOC_FREE(rpccli); > > > -- return NT_STATUS_NO_MEMORY; > > > -- } > > > -- > > > - status =3D rpc_pipe_bind(rpccli, rpcauth); > > > -+ if (NT_STATUS_EQUAL(status, NT_STATUS_NETWORK_ACCESS_DENIED)) { > > > -+ rpc_pipe_bind_dbglvl =3D 1; > > > -+ netlogon_creds_cli_delete(netlogon_creds, &creds); > > > -+ } > > > - if (!NT_STATUS_IS_OK(status)) { > > > -- DEBUG(0, ("cli_rpc_pipe_open_schannel_with_key: " > > > -- "cli_rpc_pipe_bind failed with error %s\n", > > > -- nt_errstr(status) )); > > > -+ DEBUG(rpc_pipe_bind_dbglvl, > > > -+ ("cli_rpc_pipe_open_schannel_with_key: " > > > -+ "rpc_pipe_bind failed with error %s\n", > > > -+ nt_errstr(status))); > > > - TALLOC_FREE(rpccli); > > > - return status; > > > - } > > > -=20 > > > -- if (!ndr_syntax_id_equal(&table->syntax_id, &ndr_table_netlogon.sy= ntax_id)) { > > > -- goto done; > > > -- } > > > -- > > > -- save_creds =3D *rpccli->dc; > > > -- ZERO_STRUCT(return_auth); > > > -- ZERO_STRUCT(capabilities); > > > -+ TALLOC_FREE(creds); > > > -=20 > > > -- netlogon_creds_client_authenticator(&save_creds, &auth); > > > -- > > > -- status =3D dcerpc_netr_LogonGetCapabilities(rpccli->binding_handle, > > > -- talloc_tos(), > > > -- rpccli->srv_name_slash, > > > -- save_creds.computer_name, > > > -- &auth, &return_auth, > > > -- 1, &capabilities, > > > -- &result); > > > -- if (NT_STATUS_EQUAL(status, NT_STATUS_RPC_PROCNUM_OUT_OF_RANGE)) { > > > -- if (save_creds.negotiate_flags & NETLOGON_NEG_SUPPORTS_AES) { > > > -- DEBUG(5, ("AES was negotiated and the error was %s - " > > > -- "downgrade detected\n", > > > -- nt_errstr(status))); > > > -- TALLOC_FREE(rpccli); > > > -- return NT_STATUS_INVALID_NETWORK_RESPONSE; > > > -- } > > > -- > > > -- /* This is probably an old Samba Version */ > > > -- DEBUG(5, ("We are checking against an NT or old Samba - %s\n", > > > -- nt_errstr(status))); > > > -+ if (!ndr_syntax_id_equal(&table->syntax_id, &ndr_table_netlogon.sy= ntax_id)) { > > > - goto done; > > > - } > > > -=20 > > > -+ status =3D netlogon_creds_cli_check(netlogon_creds, > > > -+ rpccli->binding_handle); > > > - if (!NT_STATUS_IS_OK(status)) { > > > -- DEBUG(0, ("dcerpc_netr_LogonGetCapabilities failed with %s\n", > > > -+ DEBUG(0, ("netlogon_creds_cli_check failed with %s\n", > > > - nt_errstr(status))); > > > - TALLOC_FREE(rpccli); > > > - return status; > > > - } > > > -=20 > > > -- if (NT_STATUS_EQUAL(result, NT_STATUS_NOT_IMPLEMENTED)) { > > > -- if (save_creds.negotiate_flags & NETLOGON_NEG_SUPPORTS_AES) { > > > -- /* This means AES isn't supported. */ > > > -- DEBUG(5, ("AES was negotiated and the result was %s - " > > > -- "downgrade detected\n", > > > -- nt_errstr(result))); > > > -- TALLOC_FREE(rpccli); > > > -- return NT_STATUS_INVALID_NETWORK_RESPONSE; > > > -- } > > > -- > > > -- /* This is probably an old Windows version */ > > > -- DEBUG(5, ("We are checking against an win2k3 or Samba - %s\n", > > > -- nt_errstr(result))); > > > -- goto done; > > > -- } > > > -- > > > -- /* > > > -- * We need to check the credential state here, cause win2k3 and ea= rlier > > > -- * returns NT_STATUS_NOT_IMPLEMENTED > > > -- */ > > > -- if (!netlogon_creds_client_check(&save_creds, &return_auth.cred)) { > > > -- /* > > > -- * Server replied with bad credential. Fail. > > > -- */ > > > -- DEBUG(0,("cli_rpc_pipe_open_schannel_with_key: server %s " > > > -- "replied with bad credential\n", > > > -- rpccli->desthost)); > > > -- TALLOC_FREE(rpccli); > > > -- return NT_STATUS_INVALID_NETWORK_RESPONSE; > > > -- } > > > -- *rpccli->dc =3D save_creds; > > > -- > > > -- if (!NT_STATUS_IS_OK(result)) { > > > -- DEBUG(0, ("dcerpc_netr_LogonGetCapabilities failed with %s\n", > > > -- nt_errstr(result))); > > > -- TALLOC_FREE(rpccli); > > > -- return result; > > > -- } > > > -- > > > -- if (!(save_creds.negotiate_flags & NETLOGON_NEG_SUPPORTS_AES)) { > > > -- /* This means AES isn't supported. */ > > > -- DEBUG(5, ("AES is not negotiated, but netr_LogonGetCapabilities " > > > -- "was OK - downgrade detected\n")); > > > -- TALLOC_FREE(rpccli); > > > -- return NT_STATUS_INVALID_NETWORK_RESPONSE; > > > -- } > > > -- > > > -- if (save_creds.negotiate_flags !=3D capabilities.server_capabiliti= es) { > > > -- DEBUG(0, ("The client capabilities don't match the server " > > > -- "capabilities: local[0x%08X] remote[0x%08X]\n", > > > -- save_creds.negotiate_flags, > > > -- capabilities.server_capabilities)); > > > -+ status =3D netlogon_creds_cli_context_copy(netlogon_creds, > > > -+ rpccli, > > > -+ &rpccli->netlogon_creds); > > > -+ if (!NT_STATUS_IS_OK(status)) { > > > -+ DEBUG(0, ("netlogon_creds_cli_context_copy failed with %s\n", > > > -+ nt_errstr(status))); > > > - TALLOC_FREE(rpccli); > > > -- return NT_STATUS_INVALID_NETWORK_RESPONSE; > > > -+ return status; > > > - } > > > -=20 > > > - done: > > > -diff --git a/source3/rpc_client/cli_pipe.h b/source3/rpc_client/cli_= pipe.h > > > -index 826f9bf..cf0c5c6 100644 > > > ---- a/source3/rpc_client/cli_pipe.h > > > -+++ b/source3/rpc_client/cli_pipe.h > > > -@@ -96,7 +96,7 @@ NTSTATUS cli_rpc_pipe_open_schannel_with_key(struc= t cli_state *cli, > > > - enum dcerpc_transport_t transport, > > > - enum dcerpc_AuthLevel auth_level, > > > - const char *domain, > > > -- struct netlogon_creds_CredentialState **pdc, > > > -+ struct netlogon_creds_cli_context *netlogon_creds, > > > - struct rpc_pipe_client **presult); > > > -=20 > > > - NTSTATUS cli_rpc_pipe_open_schannel(struct cli_state *cli, > > > -diff --git a/source3/rpc_client/cli_pipe_schannel.c b/source3/rpc_cl= ient/cli_pipe_schannel.c > > > -index aaae44b..e3d65c8 100644 > > > ---- a/source3/rpc_client/cli_pipe_schannel.c > > > -+++ b/source3/rpc_client/cli_pipe_schannel.c > > > -@@ -112,7 +112,8 @@ NTSTATUS cli_rpc_pipe_open_schannel(struct cli_s= tate *cli, > > > - } > > > -=20 > > > - status =3D cli_rpc_pipe_open_schannel_with_key( > > > -- cli, table, transport, auth_level, domain, &netlogon_pipe->dc, > > > -+ cli, table, transport, auth_level, domain, > > > -+ netlogon_pipe->netlogon_creds, > > > - &result); > > > -=20 > > > - /* Now we've bound using the session key we can close the netlog p= ipe. */ > > > -diff --git a/source3/rpc_client/rpc_client.h b/source3/rpc_client/rp= c_client.h > > > -index 8024f01..7c4cceb 100644 > > > ---- a/source3/rpc_client/rpc_client.h > > > -+++ b/source3/rpc_client/rpc_client.h > > > -@@ -50,7 +50,7 @@ struct rpc_pipe_client { > > > - struct pipe_auth_data *auth; > > > -=20 > > > - /* The following is only non-null on a netlogon client pipe. */ > > > -- struct netlogon_creds_CredentialState *dc; > > > -+ struct netlogon_creds_cli_context *netlogon_creds; > > > - }; > > > -=20 > > > - #endif /* _RPC_CLIENT_H */ > > > -diff --git a/source3/rpcclient/cmd_netlogon.c b/source3/rpcclient/cm= d_netlogon.c > > > -index d92434b..2e0b5e5 100644 > > > ---- a/source3/rpcclient/cmd_netlogon.c > > > -+++ b/source3/rpcclient/cmd_netlogon.c > > > -@@ -26,6 +26,7 @@ > > > - #include "../librpc/gen_ndr/ndr_netlogon_c.h" > > > - #include "rpc_client/cli_netlogon.h" > > > - #include "secrets.h" > > > -+#include "../libcli/auth/netlogon_creds_cli.h" > > > -=20 > > > - static WERROR cmd_netlogon_logon_ctrl2(struct rpc_pipe_client *cli, > > > - TALLOC_CTX *mem_ctx, int argc, > > > -@@ -630,8 +631,15 @@ static NTSTATUS cmd_netlogon_sam_sync(struct rp= c_pipe_client *cli, > > > -=20 > > > - do { > > > - struct netr_DELTA_ENUM_ARRAY *delta_enum_array =3D NULL; > > > -+ struct netlogon_creds_CredentialState *creds =3D NULL; > > > -=20 > > > -- netlogon_creds_client_authenticator(cli->dc, &credential); > > > -+ status =3D netlogon_creds_cli_lock(cli->netlogon_creds, > > > -+ mem_ctx, &creds); > > > -+ if (!NT_STATUS_IS_OK(status)) { > > > -+ return status; > > > -+ } > > > -+ > > > -+ netlogon_creds_client_authenticator(creds, &credential); > > > -=20 > > > - status =3D dcerpc_netr_DatabaseSync2(b, mem_ctx, > > > - logon_server, > > > -@@ -645,15 +653,18 @@ static NTSTATUS cmd_netlogon_sam_sync(struct r= pc_pipe_client *cli, > > > - 0xffff, > > > - &result); > > > - if (!NT_STATUS_IS_OK(status)) { > > > -+ TALLOC_FREE(creds); > > > - return status; > > > - } > > > -=20 > > > - /* Check returned credentials. */ > > > -- if (!netlogon_creds_client_check(cli->dc, > > > -+ if (!netlogon_creds_client_check(creds, > > > - &return_authenticator.cred)) { > > > - DEBUG(0,("credentials chain check failed\n")); > > > -+ TALLOC_FREE(creds); > > > - return NT_STATUS_ACCESS_DENIED; > > > - } > > > -+ TALLOC_FREE(creds); > > > -=20 > > > - if (NT_STATUS_IS_ERR(result)) { > > > - break; > > > -@@ -699,8 +710,15 @@ static NTSTATUS cmd_netlogon_sam_deltas(struct = rpc_pipe_client *cli, > > > -=20 > > > - do { > > > - struct netr_DELTA_ENUM_ARRAY *delta_enum_array =3D NULL; > > > -+ struct netlogon_creds_CredentialState *creds =3D NULL; > > > -+ > > > -+ status =3D netlogon_creds_cli_lock(cli->netlogon_creds, > > > -+ mem_ctx, &creds); > > > -+ if (!NT_STATUS_IS_OK(status)) { > > > -+ return status; > > > -+ } > > > -=20 > > > -- netlogon_creds_client_authenticator(cli->dc, &credential); > > > -+ netlogon_creds_client_authenticator(creds, &credential); > > > -=20 > > > - status =3D dcerpc_netr_DatabaseDeltas(b, mem_ctx, > > > - logon_server, > > > -@@ -713,15 +731,18 @@ static NTSTATUS cmd_netlogon_sam_deltas(struct= rpc_pipe_client *cli, > > > - 0xffff, > > > - &result); > > > - if (!NT_STATUS_IS_OK(status)) { > > > -+ TALLOC_FREE(creds); > > > - return status; > > > - } > > > -=20 > > > - /* Check returned credentials. */ > > > -- if (!netlogon_creds_client_check(cli->dc, > > > -+ if (!netlogon_creds_client_check(creds, > > > - &return_authenticator.cred)) { > > > - DEBUG(0,("credentials chain check failed\n")); > > > -+ TALLOC_FREE(creds); > > > - return NT_STATUS_ACCESS_DENIED; > > > - } > > > -+ TALLOC_FREE(creds); > > > -=20 > > > - if (NT_STATUS_IS_ERR(result)) { > > > - break; > > > -@@ -1129,6 +1150,7 @@ static NTSTATUS cmd_netlogon_database_redo(str= uct rpc_pipe_client *cli, > > > - struct netr_ChangeLogEntry e; > > > - uint32_t rid =3D 500; > > > - struct dcerpc_binding_handle *b =3D cli->binding_handle; > > > -+ struct netlogon_creds_CredentialState *creds =3D NULL; > > > -=20 > > > - if (argc > 2) { > > > - fprintf(stderr, "Usage: %s \n", argv[0]); > > > -@@ -1158,7 +1180,13 @@ static NTSTATUS cmd_netlogon_database_redo(st= ruct rpc_pipe_client *cli, > > > - return status; > > > - } > > > -=20 > > > -- netlogon_creds_client_authenticator(cli->dc, &clnt_creds); > > > -+ status =3D netlogon_creds_cli_lock(cli->netlogon_creds, > > > -+ mem_ctx, &creds); > > > -+ if (!NT_STATUS_IS_OK(status)) { > > > -+ return status; > > > -+ } > > > -+ > > > -+ netlogon_creds_client_authenticator(creds, &clnt_creds); > > > -=20 > > > - ZERO_STRUCT(e); > > > -=20 > > > -@@ -1176,13 +1204,16 @@ static NTSTATUS cmd_netlogon_database_redo(s= truct rpc_pipe_client *cli, > > > - &delta_enum_array, > > > - &result); > > > - if (!NT_STATUS_IS_OK(status)) { > > > -+ TALLOC_FREE(creds); > > > - return status; > > > - } > > > -=20 > > > -- if (!netlogon_creds_client_check(cli->dc, &srv_cred.cred)) { > > > -+ if (!netlogon_creds_client_check(creds, &srv_cred.cred)) { > > > - DEBUG(0,("credentials chain check failed\n")); > > > -+ TALLOC_FREE(creds); > > > - return NT_STATUS_ACCESS_DENIED; > > > - } > > > -+ TALLOC_FREE(creds); > > > -=20 > > > - return result; > > > - } > > > -@@ -1198,6 +1229,7 @@ static NTSTATUS cmd_netlogon_capabilities(stru= ct rpc_pipe_client *cli, > > > - union netr_Capabilities capabilities; > > > - uint32_t level =3D 1; > > > - struct dcerpc_binding_handle *b =3D cli->binding_handle; > > > -+ struct netlogon_creds_CredentialState *creds =3D NULL; > > > -=20 > > > - if (argc > 2) { > > > - fprintf(stderr, "Usage: %s \n", argv[0]); > > > -@@ -1210,7 +1242,13 @@ static NTSTATUS cmd_netlogon_capabilities(str= uct rpc_pipe_client *cli, > > > -=20 > > > - ZERO_STRUCT(return_authenticator); > > > -=20 > > > -- netlogon_creds_client_authenticator(cli->dc, &credential); > > > -+ status =3D netlogon_creds_cli_lock(cli->netlogon_creds, > > > -+ mem_ctx, &creds); > > > -+ if (!NT_STATUS_IS_OK(status)) { > > > -+ return status; > > > -+ } > > > -+ > > > -+ netlogon_creds_client_authenticator(creds, &credential); > > > -=20 > > > - status =3D dcerpc_netr_LogonGetCapabilities(b, mem_ctx, > > > - cli->desthost, > > > -@@ -1221,14 +1259,17 @@ static NTSTATUS cmd_netlogon_capabilities(st= ruct rpc_pipe_client *cli, > > > - &capabilities, > > > - &result); > > > - if (!NT_STATUS_IS_OK(status)) { > > > -+ TALLOC_FREE(creds); > > > - return status; > > > - } > > > -=20 > > > -- if (!netlogon_creds_client_check(cli->dc, > > > -+ if (!netlogon_creds_client_check(creds, > > > - &return_authenticator.cred)) { > > > - DEBUG(0,("credentials chain check failed\n")); > > > -+ TALLOC_FREE(creds); > > > - return NT_STATUS_ACCESS_DENIED; > > > - } > > > -+ TALLOC_FREE(creds); > > > -=20 > > > - printf("capabilities: 0x%08x\n", capabilities.server_capabilities); > > > -=20 > > > -diff --git a/source3/winbindd/winbindd.h b/source3/winbindd/winbindd= =2Eh > > > -index afde685..b5fc010 100644 > > > ---- a/source3/winbindd/winbindd.h > > > -+++ b/source3/winbindd/winbindd.h > > > -@@ -165,16 +165,7 @@ struct winbindd_domain { > > > - time_t startup_time; /* When we set "startup" true. monoto= nic clock */ > > > - bool startup; /* are we in the first 30 s= econds after startup_time ? */ > > > -=20 > > > -- bool can_do_samlogon_ex; /* Due to the lack of finer control what = type > > > -- * of DC we have, let us try to do a > > > -- * credential-chain less samlogon_ex call > > > -- * with AD and schannel. If this fails with > > > -- * DCERPC_FAULT_OP_RNG_ERROR, then set this > > > -- * to False. This variable is around so that > > > -- * we don't have to try _ex every time. */ > > > -- > > > - bool can_do_ncacn_ip_tcp; > > > -- bool can_do_validation6; > > > -=20 > > > - /* Lookup methods for this domain (LDAP or RPC) */ > > > - struct winbindd_methods *methods; > > > -diff --git a/source3/winbindd/winbindd_cm.c b/source3/winbindd/winbi= ndd_cm.c > > > -index 6c1244e..e0d1d0c 100644 > > > ---- a/source3/winbindd/winbindd_cm.c > > > -+++ b/source3/winbindd/winbindd_cm.c > > > -@@ -2047,7 +2047,6 @@ static bool set_dc_type_and_flags_trustinfo( s= truct winbindd_domain *domain ) > > > - domain->active_directory ? "" : "NOT ")); > > > -=20 > > > - domain->can_do_ncacn_ip_tcp =3D domain->active_directory; > > > -- domain->can_do_validation6 =3D domain->active_directory; > > > -=20 > > > - domain->initialized =3D True; > > > -=20 > > > -@@ -2248,7 +2247,6 @@ done: > > > - domain->name, domain->active_directory ? "" : "NOT ")); > > > -=20 > > > - domain->can_do_ncacn_ip_tcp =3D domain->active_directory; > > > -- domain->can_do_validation6 =3D domain->active_directory; > > > -=20 > > > - TALLOC_FREE(cli); > > > -=20 > > > -@@ -2289,7 +2287,7 @@ static void set_dc_type_and_flags( struct winb= indd_domain *domain ) > > > - *******************************************************************= ****/ > > > -=20 > > > - static NTSTATUS cm_get_schannel_creds(struct winbindd_domain *domai= n, > > > -- struct netlogon_creds_CredentialState **ppdc) > > > -+ struct netlogon_creds_cli_context **ppdc) > > > - { > > > - NTSTATUS result =3D NT_STATUS_UNSUCCESSFUL; > > > - struct rpc_pipe_client *netlogon_pipe; > > > -@@ -2306,11 +2304,11 @@ static NTSTATUS cm_get_schannel_creds(struct= winbindd_domain *domain, > > > - /* Return a pointer to the struct netlogon_creds_CredentialState f= rom the > > > - netlogon pipe. */ > > > -=20 > > > -- if (!domain->conn.netlogon_pipe->dc) { > > > -+ if (!domain->conn.netlogon_pipe->netlogon_creds) { > > > - return NT_STATUS_INTERNAL_ERROR; /* This shouldn't happen. */ > > > - } > > > -=20 > > > -- *ppdc =3D domain->conn.netlogon_pipe->dc; > > > -+ *ppdc =3D domain->conn.netlogon_pipe->netlogon_creds; > > > - return NT_STATUS_OK; > > > - } > > > -=20 > > > -@@ -2319,7 +2317,7 @@ NTSTATUS cm_connect_sam(struct winbindd_domain= *domain, TALLOC_CTX *mem_ctx, > > > - { > > > - struct winbindd_cm_conn *conn; > > > - NTSTATUS status, result; > > > -- struct netlogon_creds_CredentialState *p_creds; > > > -+ struct netlogon_creds_cli_context *p_creds; > > > - char *machine_password =3D NULL; > > > - char *machine_account =3D NULL; > > > - const char *domain_name =3D NULL; > > > -@@ -2431,7 +2429,7 @@ NTSTATUS cm_connect_sam(struct winbindd_domain= *domain, TALLOC_CTX *mem_ctx, > > > - status =3D cli_rpc_pipe_open_schannel_with_key > > > - (conn->cli, &ndr_table_samr, NCACN_NP, > > > - DCERPC_AUTH_LEVEL_PRIVACY, > > > -- domain->name, &p_creds, &conn->samr_pipe); > > > -+ domain->name, p_creds, &conn->samr_pipe); > > > -=20 > > > - if (!NT_STATUS_IS_OK(status)) { > > > - DEBUG(10,("cm_connect_sam: failed to connect to SAMR pipe for " > > > -@@ -2534,7 +2532,7 @@ NTSTATUS cm_connect_lsa_tcp(struct winbindd_do= main *domain, > > > - struct rpc_pipe_client **cli) > > > - { > > > - struct winbindd_cm_conn *conn; > > > -- struct netlogon_creds_CredentialState *creds; > > > -+ struct netlogon_creds_cli_context *creds; > > > - NTSTATUS status; > > > -=20 > > > - DEBUG(10,("cm_connect_lsa_tcp\n")); > > > -@@ -2565,7 +2563,7 @@ NTSTATUS cm_connect_lsa_tcp(struct winbindd_do= main *domain, > > > - NCACN_IP_TCP, > > > - DCERPC_AUTH_LEVEL_PRIVACY, > > > - domain->name, > > > -- &creds, > > > -+ creds, > > > - &conn->lsa_pipe_tcp); > > > - if (!NT_STATUS_IS_OK(status)) { > > > - DEBUG(10,("cli_rpc_pipe_open_schannel_with_key failed: %s\n", > > > -@@ -2589,7 +2587,7 @@ NTSTATUS cm_connect_lsa(struct winbindd_domain= *domain, TALLOC_CTX *mem_ctx, > > > - { > > > - struct winbindd_cm_conn *conn; > > > - NTSTATUS result =3D NT_STATUS_UNSUCCESSFUL; > > > -- struct netlogon_creds_CredentialState *p_creds; > > > -+ struct netlogon_creds_cli_context *p_creds; > > > -=20 > > > - result =3D init_dc_connection_rpc(domain); > > > - if (!NT_STATUS_IS_OK(result)) > > > -@@ -2662,7 +2660,7 @@ NTSTATUS cm_connect_lsa(struct winbindd_domain= *domain, TALLOC_CTX *mem_ctx, > > > - result =3D cli_rpc_pipe_open_schannel_with_key > > > - (conn->cli, &ndr_table_lsarpc, NCACN_NP, > > > - DCERPC_AUTH_LEVEL_PRIVACY, > > > -- domain->name, &p_creds, &conn->lsa_pipe); > > > -+ domain->name, p_creds, &conn->lsa_pipe); > > > -=20 > > > - if (!NT_STATUS_IS_OK(result)) { > > > - DEBUG(10,("cm_connect_lsa: failed to connect to LSA pipe for " > > > -@@ -2826,10 +2824,6 @@ NTSTATUS cm_connect_netlogon(struct winbindd_= domain *domain, > > > - no_schannel: > > > - if ((lp_client_schannel() =3D=3D False) || > > > - ((neg_flags & NETLOGON_NEG_SCHANNEL) =3D=3D 0)) { > > > -- /* > > > -- * NetSamLogonEx only works for schannel > > > -- */ > > > -- domain->can_do_samlogon_ex =3D False; > > > -=20 > > > - /* We're done - just keep the existing connection to NETLOGON > > > - * open */ > > > -@@ -2845,7 +2839,8 @@ NTSTATUS cm_connect_netlogon(struct winbindd_d= omain *domain, > > > -=20 > > > - result =3D cli_rpc_pipe_open_schannel_with_key( > > > - conn->cli, &ndr_table_netlogon, NCACN_NP, > > > -- DCERPC_AUTH_LEVEL_PRIVACY, domain->name, &netlogon_pipe->dc, > > > -+ DCERPC_AUTH_LEVEL_PRIVACY, domain->name, > > > -+ netlogon_pipe->netlogon_creds, > > > - &conn->netlogon_pipe); > > > -=20 > > > - /* We can now close the initial netlogon pipe. */ > > > -@@ -2859,15 +2854,6 @@ NTSTATUS cm_connect_netlogon(struct winbindd_= domain *domain, > > > - return result; > > > - } > > > -=20 > > > -- /* > > > -- * Always try netr_LogonSamLogonEx. We will fall back for NT4 > > > -- * which gives DCERPC_FAULT_OP_RNG_ERROR (function not > > > -- * supported). We used to only try SamLogonEx for AD, but > > > -- * Samba DCs can also do it. And because we don't distinguish > > > -- * between Samba and NT4, always try it once. > > > -- */ > > > -- domain->can_do_samlogon_ex =3D true; > > > -- > > > - *cli =3D conn->netlogon_pipe; > > > - return NT_STATUS_OK; > > > - } > > > -diff --git a/source3/winbindd/winbindd_pam.c b/source3/winbindd/winb= indd_pam.c > > > -index c356686..39483a5 100644 > > > ---- a/source3/winbindd/winbindd_pam.c > > > -+++ b/source3/winbindd/winbindd_pam.c > > > -@@ -1228,8 +1228,6 @@ static NTSTATUS winbind_samlogon_retry_loop(st= ruct winbindd_domain *domain, > > > -=20 > > > - do { > > > - struct rpc_pipe_client *netlogon_pipe; > > > -- const struct pipe_auth_data *auth; > > > -- uint32_t neg_flags =3D 0; > > > -=20 > > > - ZERO_STRUCTP(info3); > > > - retry =3D false; > > > -@@ -1278,75 +1276,7 @@ static NTSTATUS winbind_samlogon_retry_loop(s= truct winbindd_domain *domain, > > > - } > > > - netr_attempts =3D 0; > > > -=20 > > > -- auth =3D netlogon_pipe->auth; > > > -- if (netlogon_pipe->dc) { > > > -- neg_flags =3D netlogon_pipe->dc->negotiate_flags; > > > -- } > > > -- > > > -- /* It is really important to try SamLogonEx here, > > > -- * because in a clustered environment, we want to use > > > -- * one machine account from multiple physical > > > -- * computers. > > > -- * > > > -- * With a normal SamLogon call, we must keep the > > > -- * credentials chain updated and intact between all > > > -- * users of the machine account (which would imply > > > -- * cross-node communication for every NTLM logon). > > > -- * > > > -- * (The credentials chain is not per NETLOGON pipe > > > -- * connection, but globally on the server/client pair > > > -- * by machine name). > > > -- * > > > -- * When using SamLogonEx, the credentials are not > > > -- * supplied, but the session key is implied by the > > > -- * wrapping SamLogon context. > > > -- * > > > -- * -- abartlet 21 April 2008 > > > -- * > > > -- * It's also important to use NetlogonValidationSamInfo4 (6), > > > -- * because it relies on the rpc transport encryption > > > -- * and avoids using the global netlogon schannel > > > -- * session key to en/decrypt secret information > > > -- * like the user_session_key for network logons. > > > -- * > > > -- * [MS-APDS] 3.1.5.2 NTLM Network Logon > > > -- * says NETLOGON_NEG_CROSS_FOREST_TRUSTS and > > > -- * NETLOGON_NEG_AUTHENTICATED_RPC set together > > > -- * are the indication that the server supports > > > -- * NetlogonValidationSamInfo4 (6). And it must only > > > -- * be used if "SealSecureChannel" is used. > > > -- * > > > -- * -- metze 4 February 2011 > > > -- */ > > > -- > > > -- if (auth =3D=3D NULL) { > > > -- domain->can_do_validation6 =3D false; > > > -- } else if (auth->auth_type !=3D DCERPC_AUTH_TYPE_SCHANNEL) { > > > -- domain->can_do_validation6 =3D false; > > > -- } else if (auth->auth_level !=3D DCERPC_AUTH_LEVEL_PRIVACY) { > > > -- domain->can_do_validation6 =3D false; > > > -- } else if (!(neg_flags & NETLOGON_NEG_CROSS_FOREST_TRUSTS)) { > > > -- domain->can_do_validation6 =3D false; > > > -- } else if (!(neg_flags & NETLOGON_NEG_AUTHENTICATED_RPC)) { > > > -- domain->can_do_validation6 =3D false; > > > -- } > > > -- > > > -- if (domain->can_do_samlogon_ex && domain->can_do_validation6) { > > > -- result =3D rpccli_netlogon_sam_network_logon_ex( > > > -- netlogon_pipe, > > > -- mem_ctx, > > > -- logon_parameters, > > > -- server, /* server name */ > > > -- username, /* user name */ > > > -- domainname, /* target domain */ > > > -- workstation, /* workstation */ > > > -- chal, > > > -- 6, > > > -- lm_response, > > > -- nt_response, > > > -- info3); > > > -- } else { > > > -- result =3D rpccli_netlogon_sam_network_logon( > > > -+ result =3D rpccli_netlogon_sam_network_logon( > > > - netlogon_pipe, > > > - mem_ctx, > > > - logon_parameters, > > > -@@ -1355,48 +1285,10 @@ static NTSTATUS winbind_samlogon_retry_loop(= struct winbindd_domain *domain, > > > - domainname, /* target domain */ > > > - workstation, /* workstation */ > > > - chal, > > > -- domain->can_do_validation6 ? 6 : 3, > > > -+ -1, /* ignored */ > > > - lm_response, > > > - nt_response, > > > - info3); > > > -- } > > > -- > > > -- if (NT_STATUS_EQUAL(result, NT_STATUS_RPC_PROCNUM_OUT_OF_RANGE)) { > > > -- > > > -- /* > > > -- * It's likely that the server also does not support > > > -- * validation level 6 > > > -- */ > > > -- domain->can_do_validation6 =3D false; > > > -- > > > -- if (domain->can_do_samlogon_ex) { > > > -- DEBUG(3, ("Got a DC that can not do NetSamLogonEx, " > > > -- "retrying with NetSamLogon\n")); > > > -- domain->can_do_samlogon_ex =3D false; > > > -- retry =3D true; > > > -- continue; > > > -- } > > > -- > > > -- > > > -- /* Got DCERPC_FAULT_OP_RNG_ERROR for SamLogon > > > -- * (no Ex). This happens against old Samba > > > -- * DCs. Drop the connection. > > > -- */ > > > -- invalidate_cm_connection(&domain->conn); > > > -- result =3D NT_STATUS_LOGON_FAILURE; > > > -- break; > > > -- } > > > -- > > > -- if (domain->can_do_validation6 && > > > -- (NT_STATUS_EQUAL(result, NT_STATUS_INVALID_INFO_CLASS) || > > > -- NT_STATUS_EQUAL(result, NT_STATUS_INVALID_PARAMETER) || > > > -- NT_STATUS_EQUAL(result, NT_STATUS_BUFFER_TOO_SMALL))) { > > > -- DEBUG(3,("Got a DC that can not do validation level 6, " > > > -- "retrying with level 3\n")); > > > -- domain->can_do_validation6 =3D false; > > > -- retry =3D true; > > > -- continue; > > > -- } > > > -=20 > > > - /* > > > - * we increment this after the "feature negotiation" > > > -@@ -1428,6 +1320,30 @@ static NTSTATUS winbind_samlogon_retry_loop(s= truct winbindd_domain *domain, > > > - retry =3D true; > > > - } > > > -=20 > > > -+ if (NT_STATUS_EQUAL(result, NT_STATUS_RPC_PROCNUM_OUT_OF_RANGE)) { > > > -+ /* > > > -+ * Got DCERPC_FAULT_OP_RNG_ERROR for SamLogon > > > -+ * (no Ex). This happens against old Samba > > > -+ * DCs, if LogonSamLogonEx() fails with an error > > > -+ * e.g. NT_STATUS_NO_SUCH_USER or NT_STATUS_WRONG_PASSWORD. > > > -+ * > > > -+ * The server will log something like this: > > > -+ * api_net_sam_logon_ex: Failed to marshall NET_R_SAM_LOGON_EX. > > > -+ * > > > -+ * This sets the whole connection into a fault_state mode > > > -+ * and all following request get NT_STATUS_RPC_PROCNUM_OUT_OF_RA= NGE. > > > -+ * > > > -+ * This also happens to our retry with LogonSamLogonWithFlags() > > > -+ * and LogonSamLogon(). > > > -+ * > > > -+ * In order to recover from this situation, we need to > > > -+ * drop the connection. > > > -+ */ > > > -+ invalidate_cm_connection(&domain->conn); > > > -+ result =3D NT_STATUS_LOGON_FAILURE; > > > -+ break; > > > -+ } > > > -+ > > > - } while ( (attempts < 2) && retry ); > > > -=20 > > > - if (NT_STATUS_EQUAL(result, NT_STATUS_IO_TIMEOUT)) { > > > -diff --git a/source3/wscript_build b/source3/wscript_build > > > -index 13d15c3..0d3ba8e 100755 > > > ---- a/source3/wscript_build > > > -+++ b/source3/wscript_build > > > -@@ -671,8 +671,8 @@ bld.SAMBA3_LIBRARY('msrpc3', > > > - deps=3D'''ndr ndr-standard > > > - RPC_NDR_EPMAPPER NTLMSSP_COMMON COMMON_SCHANNEL= LIBCLI_AUTH > > > - LIBTSOCKET gse dcerpc-binding > > > -- libsmb > > > -- ndr-table''', > > > -+ libsmb ndr-table NETLOGON_CREDS_CLI > > > -+ ''', > > > - vars=3Dlocals(), > > > - private_library=3DTrue) > > > -=20 > > > -@@ -1114,7 +1114,7 @@ bld.SAMBA3_LIBRARY('libcli_lsa3', > > > -=20 > > > - bld.SAMBA3_LIBRARY('libcli_netlogon3', > > > - source=3DLIBCLI_NETLOGON_SRC, > > > -- deps=3D'RPC_NDR_NETLOGON INIT_NETLOGON cliauth p= aram', > > > -+ deps=3D'msrpc3 RPC_NDR_NETLOGON INIT_NETLOGON cl= iauth param NETLOGON_CREDS_CLI', > > > - private_library=3DTrue) > > > -=20 > > > - bld.SAMBA3_LIBRARY('cli_spoolss', > > > ---=20 > > > -1.9.3 > > > - > > > - > > > -From 0b489bffb452e05d595abc2894532100162a4e8c Mon Sep 17 00:00:00 20= 01 > > > -From: Stefan Metzmacher > > > -Date: Thu, 17 Oct 2013 17:03:00 +0200 > > > -Subject: [PATCH 175/249] s3:rpc_client: use netlogon_creds_cli_auth_= level() in > > > - cli_rpc_pipe_open_schannel_with_key() > > > - > > > -This means the auth level is now based on the "winbindd sealed pipes= " option, > > > -defaulting to "yes" and DCERPC_AUTH_LEVEL_PRIVACY. > > > - > > > -Signed-off-by: Stefan Metzmacher > > > -Reviewed-by: Andrew Bartlett > > > -(cherry picked from commit 5adfc5f9f737c003b84b0187fa17b9fc3784442e) > > > ---- > > > - source3/libnet/libnet_join.c | 1 - > > > - source3/rpc_client/cli_pipe.c | 4 +++- > > > - source3/rpc_client/cli_pipe.h | 1 - > > > - source3/rpc_client/cli_pipe_schannel.c | 2 +- > > > - source3/winbindd/winbindd_cm.c | 5 +---- > > > - 5 files changed, 5 insertions(+), 8 deletions(-) > > > - > > > -diff --git a/source3/libnet/libnet_join.c b/source3/libnet/libnet_jo= in.c > > > -index 5dc620f..b2805ee 100644 > > > ---- a/source3/libnet/libnet_join.c > > > -+++ b/source3/libnet/libnet_join.c > > > -@@ -1278,7 +1278,6 @@ NTSTATUS libnet_join_ok(const char *netbios_do= main_name, > > > -=20 > > > - status =3D cli_rpc_pipe_open_schannel_with_key( > > > - cli, &ndr_table_netlogon, NCACN_NP, > > > -- DCERPC_AUTH_LEVEL_PRIVACY, > > > - netbios_domain_name, > > > - netlogon_pipe->netlogon_creds, &pipe_hnd); > > > -=20 > > > -diff --git a/source3/rpc_client/cli_pipe.c b/source3/rpc_client/cli_= pipe.c > > > -index fe1613d..31cd7f5 100644 > > > ---- a/source3/rpc_client/cli_pipe.c > > > -+++ b/source3/rpc_client/cli_pipe.c > > > -@@ -3023,7 +3023,6 @@ NTSTATUS cli_rpc_pipe_open_generic_auth(struct= cli_state *cli, > > > - NTSTATUS cli_rpc_pipe_open_schannel_with_key(struct cli_state *cli, > > > - const struct ndr_interface_table *table, > > > - enum dcerpc_transport_t transport, > > > -- enum dcerpc_AuthLevel auth_level, > > > - const char *domain, > > > - struct netlogon_creds_cli_context *netlogon_creds, > > > - struct rpc_pipe_client **_rpccli) > > > -@@ -3031,6 +3030,7 @@ NTSTATUS cli_rpc_pipe_open_schannel_with_key(s= truct cli_state *cli, > > > - struct rpc_pipe_client *rpccli; > > > - struct pipe_auth_data *rpcauth; > > > - struct netlogon_creds_CredentialState *creds =3D NULL; > > > -+ enum dcerpc_AuthLevel auth_level; > > > - NTSTATUS status; > > > - const char *target_service =3D table->authservices->names[0]; > > > - int rpc_pipe_bind_dbglvl =3D 0; > > > -@@ -3048,6 +3048,8 @@ NTSTATUS cli_rpc_pipe_open_schannel_with_key(s= truct cli_state *cli, > > > - return status; > > > - } > > > -=20 > > > -+ auth_level =3D netlogon_creds_cli_auth_level(netlogon_creds); > > > -+ > > > - status =3D rpccli_generic_bind_data(rpccli, > > > - DCERPC_AUTH_TYPE_SCHANNEL, > > > - auth_level, > > > -diff --git a/source3/rpc_client/cli_pipe.h b/source3/rpc_client/cli_= pipe.h > > > -index cf0c5c6..c21c55d 100644 > > > ---- a/source3/rpc_client/cli_pipe.h > > > -+++ b/source3/rpc_client/cli_pipe.h > > > -@@ -94,7 +94,6 @@ NTSTATUS cli_rpc_pipe_open_spnego(struct cli_state= *cli, > > > - NTSTATUS cli_rpc_pipe_open_schannel_with_key(struct cli_state *cli, > > > - const struct ndr_interface_table *table, > > > - enum dcerpc_transport_t transport, > > > -- enum dcerpc_AuthLevel auth_level, > > > - const char *domain, > > > - struct netlogon_creds_cli_context *netlogon_creds, > > > - struct rpc_pipe_client **presult); > > > -diff --git a/source3/rpc_client/cli_pipe_schannel.c b/source3/rpc_cl= ient/cli_pipe_schannel.c > > > -index e3d65c8..8f9161f 100644 > > > ---- a/source3/rpc_client/cli_pipe_schannel.c > > > -+++ b/source3/rpc_client/cli_pipe_schannel.c > > > -@@ -112,7 +112,7 @@ NTSTATUS cli_rpc_pipe_open_schannel(struct cli_s= tate *cli, > > > - } > > > -=20 > > > - status =3D cli_rpc_pipe_open_schannel_with_key( > > > -- cli, table, transport, auth_level, domain, > > > -+ cli, table, transport, domain, > > > - netlogon_pipe->netlogon_creds, > > > - &result); > > > -=20 > > > -diff --git a/source3/winbindd/winbindd_cm.c b/source3/winbindd/winbi= ndd_cm.c > > > -index e0d1d0c..1546002 100644 > > > ---- a/source3/winbindd/winbindd_cm.c > > > -+++ b/source3/winbindd/winbindd_cm.c > > > -@@ -2428,7 +2428,6 @@ NTSTATUS cm_connect_sam(struct winbindd_domain= *domain, TALLOC_CTX *mem_ctx, > > > - } > > > - status =3D cli_rpc_pipe_open_schannel_with_key > > > - (conn->cli, &ndr_table_samr, NCACN_NP, > > > -- DCERPC_AUTH_LEVEL_PRIVACY, > > > - domain->name, p_creds, &conn->samr_pipe); > > > -=20 > > > - if (!NT_STATUS_IS_OK(status)) { > > > -@@ -2561,7 +2560,6 @@ NTSTATUS cm_connect_lsa_tcp(struct winbindd_do= main *domain, > > > - status =3D cli_rpc_pipe_open_schannel_with_key(conn->cli, > > > - &ndr_table_lsarpc, > > > - NCACN_IP_TCP, > > > -- DCERPC_AUTH_LEVEL_PRIVACY, > > > - domain->name, > > > - creds, > > > - &conn->lsa_pipe_tcp); > > > -@@ -2659,7 +2657,6 @@ NTSTATUS cm_connect_lsa(struct winbindd_domain= *domain, TALLOC_CTX *mem_ctx, > > > - } > > > - result =3D cli_rpc_pipe_open_schannel_with_key > > > - (conn->cli, &ndr_table_lsarpc, NCACN_NP, > > > -- DCERPC_AUTH_LEVEL_PRIVACY, > > > - domain->name, p_creds, &conn->lsa_pipe); > > > -=20 > > > - if (!NT_STATUS_IS_OK(result)) { > > > -@@ -2839,7 +2836,7 @@ NTSTATUS cm_connect_netlogon(struct winbindd_d= omain *domain, > > > -=20 > > > - result =3D cli_rpc_pipe_open_schannel_with_key( > > > - conn->cli, &ndr_table_netlogon, NCACN_NP, > > > -- DCERPC_AUTH_LEVEL_PRIVACY, domain->name, > > > -+ domain->name, > > > - netlogon_pipe->netlogon_creds, > > > - &conn->netlogon_pipe); > > > -=20 > > > ---=20 > > > -1.9.3 > > > - > > > - > > > -From 0f19f3b64e4f0b969eec4f2048df7c40be661e82 Mon Sep 17 00:00:00 20= 01 > > > -From: Stefan Metzmacher > > > -Date: Wed, 7 Aug 2013 11:27:25 +0200 > > > -Subject: [PATCH 176/249] s3:rpc_client: add > > > - rpccli_{create,setup}_netlogon_creds() > > > - > > > -Signed-off-by: Stefan Metzmacher > > > -Reviewed-by: Andrew Bartlett > > > -(cherry picked from commit 14ceb7b501fce6623be284cbcceb573fd2e10d3a) > > > ---- > > > - source3/rpc_client/cli_netlogon.c | 105 +++++++++++++++++++++++++++= +++++++++++ > > > - source3/rpc_client/cli_netlogon.h | 16 ++++++ > > > - 2 files changed, 121 insertions(+) > > > - > > > -diff --git a/source3/rpc_client/cli_netlogon.c b/source3/rpc_client/= cli_netlogon.c > > > -index fcd24d6..89aec37 100644 > > > ---- a/source3/rpc_client/cli_netlogon.c > > > -+++ b/source3/rpc_client/cli_netlogon.c > > > -@@ -21,15 +21,19 @@ > > > - */ > > > -=20 > > > - #include "includes.h" > > > -+#include "libsmb/libsmb.h" > > > - #include "rpc_client/rpc_client.h" > > > -+#include "rpc_client/cli_pipe.h" > > > - #include "../libcli/auth/libcli_auth.h" > > > - #include "../libcli/auth/netlogon_creds_cli.h" > > > - #include "../librpc/gen_ndr/ndr_netlogon_c.h" > > > -+#include "../librpc/gen_ndr/schannel.h" > > > - #include "rpc_client/cli_netlogon.h" > > > - #include "rpc_client/init_netlogon.h" > > > - #include "rpc_client/util_netlogon.h" > > > - #include "../libcli/security/security.h" > > > - #include "lib/param/param.h" > > > -+#include "libcli/smb/smbXcli_base.h" > > > -=20 > > > - /******************************************************************= ********** > > > - Wrapper function that uses the auth and auth2 calls to set up a NE= TLOGON > > > -@@ -124,6 +128,107 @@ NTSTATUS rpccli_netlogon_setup_creds(struct rp= c_pipe_client *cli, > > > - return NT_STATUS_OK; > > > - } > > > -=20 > > > -+NTSTATUS rpccli_create_netlogon_creds(const char *server_computer, > > > -+ const char *server_netbios_domain, > > > -+ const char *client_account, > > > -+ enum netr_SchannelType sec_chan_type, > > > -+ struct messaging_context *msg_ctx, > > > -+ TALLOC_CTX *mem_ctx, > > > -+ struct netlogon_creds_cli_context **netlogon_creds) > > > -+{ > > > -+ TALLOC_CTX *frame =3D talloc_stackframe(); > > > -+ struct loadparm_context *lp_ctx; > > > -+ NTSTATUS status; > > > -+ > > > -+ lp_ctx =3D loadparm_init_s3(frame, loadparm_s3_helpers()); > > > -+ if (lp_ctx =3D=3D NULL) { > > > -+ TALLOC_FREE(frame); > > > -+ return NT_STATUS_NO_MEMORY; > > > -+ } > > > -+ status =3D netlogon_creds_cli_context_global(lp_ctx, > > > -+ msg_ctx, > > > -+ client_account, > > > -+ sec_chan_type, > > > -+ server_computer, > > > -+ server_netbios_domain, > > > -+ mem_ctx, netlogon_creds); > > > -+ TALLOC_FREE(frame); > > > -+ if (!NT_STATUS_IS_OK(status)) { > > > -+ return status; > > > -+ } > > > -+ > > > -+ return NT_STATUS_OK; > > > -+} > > > -+ > > > -+NTSTATUS rpccli_setup_netlogon_creds(struct cli_state *cli, > > > -+ struct netlogon_creds_cli_context *netlogon_creds, > > > -+ bool force_reauth, > > > -+ struct samr_Password current_nt_hash, > > > -+ const struct samr_Password *previous_nt_hash) > > > -+{ > > > -+ TALLOC_CTX *frame =3D talloc_stackframe(); > > > -+ struct rpc_pipe_client *netlogon_pipe =3D NULL; > > > -+ struct netlogon_creds_CredentialState *creds =3D NULL; > > > -+ NTSTATUS status; > > > -+ > > > -+ status =3D netlogon_creds_cli_get(netlogon_creds, > > > -+ frame, &creds); > > > -+ if (NT_STATUS_IS_OK(status)) { > > > -+ const char *action =3D "using"; > > > -+ > > > -+ if (force_reauth) { > > > -+ action =3D "overwrite"; > > > -+ } > > > -+ > > > -+ DEBUG(5,("%s: %s cached netlogon_creds cli[%s/%s] to %s\n", > > > -+ __FUNCTION__, action, > > > -+ creds->account_name, creds->computer_name, > > > -+ smbXcli_conn_remote_name(cli->conn))); > > > -+ if (!force_reauth) { > > > -+ TALLOC_FREE(frame); > > > -+ return NT_STATUS_OK; > > > -+ } > > > -+ TALLOC_FREE(creds); > > > -+ } > > > -+ > > > -+ status =3D cli_rpc_pipe_open_noauth(cli, > > > -+ &ndr_table_netlogon, > > > -+ &netlogon_pipe); > > > -+ if (!NT_STATUS_IS_OK(status)) { > > > -+ DEBUG(5,("%s: failed to open noauth netlogon connection to %s - %= s\n", > > > -+ __FUNCTION__, > > > -+ smbXcli_conn_remote_name(cli->conn), > > > -+ nt_errstr(status))); > > > -+ TALLOC_FREE(frame); > > > -+ return status; > > > -+ } > > > -+ talloc_steal(frame, netlogon_pipe); > > > -+ > > > -+ status =3D netlogon_creds_cli_auth(netlogon_creds, > > > -+ netlogon_pipe->binding_handle, > > > -+ current_nt_hash, > > > -+ previous_nt_hash); > > > -+ if (!NT_STATUS_IS_OK(status)) { > > > -+ TALLOC_FREE(frame); > > > -+ return status; > > > -+ } > > > -+ > > > -+ status =3D netlogon_creds_cli_get(netlogon_creds, > > > -+ frame, &creds); > > > -+ if (!NT_STATUS_IS_OK(status)) { > > > -+ TALLOC_FREE(frame); > > > -+ return NT_STATUS_INTERNAL_ERROR; > > > -+ } > > > -+ > > > -+ DEBUG(5,("%s: using new netlogon_creds cli[%s/%s] to %s\n", > > > -+ __FUNCTION__, > > > -+ creds->account_name, creds->computer_name, > > > -+ smbXcli_conn_remote_name(cli->conn))); > > > -+ > > > -+ TALLOC_FREE(frame); > > > -+ return NT_STATUS_OK; > > > -+} > > > -+ > > > - /* Logon domain user */ > > > -=20 > > > - NTSTATUS rpccli_netlogon_sam_logon(struct rpc_pipe_client *cli, > > > -diff --git a/source3/rpc_client/cli_netlogon.h b/source3/rpc_client/= cli_netlogon.h > > > -index ad59d5b..82e0923 100644 > > > ---- a/source3/rpc_client/cli_netlogon.h > > > -+++ b/source3/rpc_client/cli_netlogon.h > > > -@@ -23,6 +23,10 @@ > > > - #ifndef _RPC_CLIENT_CLI_NETLOGON_H_ > > > - #define _RPC_CLIENT_CLI_NETLOGON_H_ > > > -=20 > > > -+struct cli_state; > > > -+struct messaging_context; > > > -+struct netlogon_creds_cli_context; > > > -+ > > > - /* The following definitions come from rpc_client/cli_netlogon.c */ > > > -=20 > > > - NTSTATUS rpccli_netlogon_setup_creds(struct rpc_pipe_client *cli, > > > -@@ -33,6 +37,18 @@ NTSTATUS rpccli_netlogon_setup_creds(struct rpc_p= ipe_client *cli, > > > - const unsigned char machine_pwd[16], > > > - enum netr_SchannelType sec_chan_type, > > > - uint32_t *neg_flags_inout); > > > -+NTSTATUS rpccli_create_netlogon_creds(const char *server_computer, > > > -+ const char *server_netbios_domain, > > > -+ const char *client_account, > > > -+ enum netr_SchannelType sec_chan_type, > > > -+ struct messaging_context *msg_ctx, > > > -+ TALLOC_CTX *mem_ctx, > > > -+ struct netlogon_creds_cli_context **netlogon_creds); > > > -+NTSTATUS rpccli_setup_netlogon_creds(struct cli_state *cli, > > > -+ struct netlogon_creds_cli_context *netlogon_creds, > > > -+ bool force_reauth, > > > -+ struct samr_Password current_nt_hash, > > > -+ const struct samr_Password *previous_nt_hash); > > > - NTSTATUS rpccli_netlogon_sam_logon(struct rpc_pipe_client *cli, > > > - TALLOC_CTX *mem_ctx, > > > - uint32 logon_parameters, > > > ---=20 > > > -1.9.3 > > > - > > > - > > > -From de0ed0882a458e52ef232e7d44234bf393311fc0 Mon Sep 17 00:00:00 20= 01 > > > -From: Stefan Metzmacher > > > -Date: Tue, 17 Dec 2013 20:05:56 +0100 > > > -Subject: [PATCH 177/249] s3:rpc_client: add rpccli_pre_open_netlogon= _creds() > > > - > > > -Signed-off-by: Stefan Metzmacher > > > -Reviewed-by: Andrew Bartlett > > > -(cherry picked from commit 3c025af657899c9a2ff14f868c03ff72ab74cf8e) > > > ---- > > > - source3/rpc_client/cli_netlogon.c | 21 +++++++++++++++++++++ > > > - source3/rpc_client/cli_netlogon.h | 1 + > > > - 2 files changed, 22 insertions(+) > > > - > > > -diff --git a/source3/rpc_client/cli_netlogon.c b/source3/rpc_client/= cli_netlogon.c > > > -index 89aec37..9342fc3 100644 > > > ---- a/source3/rpc_client/cli_netlogon.c > > > -+++ b/source3/rpc_client/cli_netlogon.c > > > -@@ -128,6 +128,27 @@ NTSTATUS rpccli_netlogon_setup_creds(struct rpc= _pipe_client *cli, > > > - return NT_STATUS_OK; > > > - } > > > -=20 > > > -+NTSTATUS rpccli_pre_open_netlogon_creds(void) > > > -+{ > > > -+ TALLOC_CTX *frame =3D talloc_stackframe(); > > > -+ struct loadparm_context *lp_ctx; > > > -+ NTSTATUS status; > > > -+ > > > -+ lp_ctx =3D loadparm_init_s3(frame, loadparm_s3_helpers()); > > > -+ if (lp_ctx =3D=3D NULL) { > > > -+ TALLOC_FREE(frame); > > > -+ return NT_STATUS_NO_MEMORY; > > > -+ } > > > -+ > > > -+ status =3D netlogon_creds_cli_open_global_db(lp_ctx); > > > -+ TALLOC_FREE(frame); > > > -+ if (!NT_STATUS_IS_OK(status)) { > > > -+ return status; > > > -+ } > > > -+ > > > -+ return NT_STATUS_OK; > > > -+} > > > -+ > > > - NTSTATUS rpccli_create_netlogon_creds(const char *server_computer, > > > - const char *server_netbios_domain, > > > - const char *client_account, > > > -diff --git a/source3/rpc_client/cli_netlogon.h b/source3/rpc_client/= cli_netlogon.h > > > -index 82e0923..3096c48 100644 > > > ---- a/source3/rpc_client/cli_netlogon.h > > > -+++ b/source3/rpc_client/cli_netlogon.h > > > -@@ -37,6 +37,7 @@ NTSTATUS rpccli_netlogon_setup_creds(struct rpc_pi= pe_client *cli, > > > - const unsigned char machine_pwd[16], > > > - enum netr_SchannelType sec_chan_type, > > > - uint32_t *neg_flags_inout); > > > -+NTSTATUS rpccli_pre_open_netlogon_creds(void); > > > - NTSTATUS rpccli_create_netlogon_creds(const char *server_computer, > > > - const char *server_netbios_domain, > > > - const char *client_account, > > > ---=20 > > > -1.9.3 > > > - > > > - > > > -From f4f7df785d1641f1e21ad8374140715fd41be07a Mon Sep 17 00:00:00 20= 01 > > > -From: Stefan Metzmacher > > > -Date: Tue, 27 Aug 2013 14:07:43 +0200 > > > -Subject: [PATCH 178/249] s3:rpc_client: remove unused > > > - rpccli_netlogon_sam_network_logon_ex() > > > - > > > -Signed-off-by: Stefan Metzmacher > > > -Reviewed-by: Andrew Bartlett > > > -(cherry picked from commit a07cc9a1c6ab8fee516e069a6f90bb48a7abf875) > > > ---- > > > - source3/rpc_client/cli_netlogon.c | 27 --------------------------- > > > - source3/rpc_client/cli_netlogon.h | 12 ------------ > > > - 2 files changed, 39 deletions(-) > > > - > > > -diff --git a/source3/rpc_client/cli_netlogon.c b/source3/rpc_client/= cli_netlogon.c > > > -index 9342fc3..253d060 100644 > > > ---- a/source3/rpc_client/cli_netlogon.c > > > -+++ b/source3/rpc_client/cli_netlogon.c > > > -@@ -524,33 +524,6 @@ NTSTATUS rpccli_netlogon_sam_network_logon(stru= ct rpc_pipe_client *cli, > > > - return NT_STATUS_OK; > > > - } > > > -=20 > > > --NTSTATUS rpccli_netlogon_sam_network_logon_ex(struct rpc_pipe_clien= t *cli, > > > -- TALLOC_CTX *mem_ctx, > > > -- uint32 logon_parameters, > > > -- const char *server, > > > -- const char *username, > > > -- const char *domain, > > > -- const char *workstation, > > > -- const uint8 chal[8], > > > -- uint16_t validation_level, > > > -- DATA_BLOB lm_response, > > > -- DATA_BLOB nt_response, > > > -- struct netr_SamInfo3 **info3) > > > --{ > > > -- return rpccli_netlogon_sam_network_logon(cli, > > > -- mem_ctx, > > > -- logon_parameters, > > > -- server, > > > -- username, > > > -- domain, > > > -- workstation, > > > -- chal, > > > -- validation_level, > > > -- lm_response, > > > -- nt_response, > > > -- info3); > > > --} > > > -- > > > - /********************************************************* > > > - Change the domain password on the PDC. > > > -=20 > > > -diff --git a/source3/rpc_client/cli_netlogon.h b/source3/rpc_client/= cli_netlogon.h > > > -index 3096c48..f10e5c7 100644 > > > ---- a/source3/rpc_client/cli_netlogon.h > > > -+++ b/source3/rpc_client/cli_netlogon.h > > > -@@ -71,18 +71,6 @@ NTSTATUS rpccli_netlogon_sam_network_logon(struct= rpc_pipe_client *cli, > > > - DATA_BLOB lm_response, > > > - DATA_BLOB nt_response, > > > - struct netr_SamInfo3 **info3); > > > --NTSTATUS rpccli_netlogon_sam_network_logon_ex(struct rpc_pipe_clien= t *cli, > > > -- TALLOC_CTX *mem_ctx, > > > -- uint32 logon_parameters, > > > -- const char *server, > > > -- const char *username, > > > -- const char *domain, > > > -- const char *workstation, > > > -- const uint8 chal[8], > > > -- uint16_t validation_level, > > > -- DATA_BLOB lm_response, > > > -- DATA_BLOB nt_response, > > > -- struct netr_SamInfo3 **info3); > > > - NTSTATUS rpccli_netlogon_set_trust_password(struct rpc_pipe_client = *cli, > > > - TALLOC_CTX *mem_ctx, > > > - const char *account_name, > > > ---=20 > > > -1.9.3 > > > - > > > - > > > -From b250859baf6c720e636c2435b0593af83acf6acc Mon Sep 17 00:00:00 20= 01 > > > -From: Stefan Metzmacher > > > -Date: Tue, 27 Aug 2013 14:36:24 +0200 > > > -Subject: [PATCH 179/249] s3:rpc_client: add rpccli_netlogon_network_= logon() > > > - > > > -Signed-off-by: Stefan Metzmacher > > > -Reviewed-by: Andrew Bartlett > > > -(cherry picked from commit 5196493c9e599b741417b119b48188ba0d646a37) > > > ---- > > > - source3/rpc_client/cli_netlogon.c | 103 +++++++++++++++++++++++++++= +++++++++++ > > > - source3/rpc_client/cli_netlogon.h | 14 ++++++ > > > - 2 files changed, 117 insertions(+) > > > - > > > -diff --git a/source3/rpc_client/cli_netlogon.c b/source3/rpc_client/= cli_netlogon.c > > > -index 253d060..e335423 100644 > > > ---- a/source3/rpc_client/cli_netlogon.c > > > -+++ b/source3/rpc_client/cli_netlogon.c > > > -@@ -524,6 +524,109 @@ NTSTATUS rpccli_netlogon_sam_network_logon(str= uct rpc_pipe_client *cli, > > > - return NT_STATUS_OK; > > > - } > > > -=20 > > > -+NTSTATUS rpccli_netlogon_network_logon(struct netlogon_creds_cli_co= ntext *creds, > > > -+ struct dcerpc_binding_handle *binding_handle, > > > -+ TALLOC_CTX *mem_ctx, > > > -+ uint32_t logon_parameters, > > > -+ const char *username, > > > -+ const char *domain, > > > -+ const char *workstation, > > > -+ const uint8 chal[8], > > > -+ DATA_BLOB lm_response, > > > -+ DATA_BLOB nt_response, > > > -+ uint8_t *authoritative, > > > -+ uint32_t *flags, > > > -+ struct netr_SamInfo3 **info3) > > > -+{ > > > -+ NTSTATUS status; > > > -+ const char *workstation_name_slash; > > > -+ union netr_LogonLevel *logon =3D NULL; > > > -+ struct netr_NetworkInfo *network_info; > > > -+ uint16_t validation_level =3D 0; > > > -+ union netr_Validation *validation =3D NULL; > > > -+ uint8_t _authoritative =3D 0; > > > -+ uint32_t _flags =3D 0; > > > -+ struct netr_ChallengeResponse lm; > > > -+ struct netr_ChallengeResponse nt; > > > -+ > > > -+ *info3 =3D NULL; > > > -+ > > > -+ if (authoritative =3D=3D NULL) { > > > -+ authoritative =3D &_authoritative; > > > -+ } > > > -+ if (flags =3D=3D NULL) { > > > -+ flags =3D &_flags; > > > -+ } > > > -+ > > > -+ ZERO_STRUCT(lm); > > > -+ ZERO_STRUCT(nt); > > > -+ > > > -+ logon =3D talloc_zero(mem_ctx, union netr_LogonLevel); > > > -+ if (!logon) { > > > -+ return NT_STATUS_NO_MEMORY; > > > -+ } > > > -+ > > > -+ network_info =3D talloc_zero(mem_ctx, struct netr_NetworkInfo); > > > -+ if (!network_info) { > > > -+ return NT_STATUS_NO_MEMORY; > > > -+ } > > > -+ > > > -+ if (workstation[0] !=3D '\\' && workstation[1] !=3D '\\') { > > > -+ workstation_name_slash =3D talloc_asprintf(mem_ctx, "\\\\%s", wor= kstation); > > > -+ } else { > > > -+ workstation_name_slash =3D workstation; > > > -+ } > > > -+ > > > -+ if (!workstation_name_slash) { > > > -+ DEBUG(0, ("talloc_asprintf failed!\n")); > > > -+ return NT_STATUS_NO_MEMORY; > > > -+ } > > > -+ > > > -+ /* Initialise input parameters */ > > > -+ > > > -+ lm.data =3D lm_response.data; > > > -+ lm.length =3D lm_response.length; > > > -+ nt.data =3D nt_response.data; > > > -+ nt.length =3D nt_response.length; > > > -+ > > > -+ network_info->identity_info.domain_name.string =3D domain; > > > -+ network_info->identity_info.parameter_control =3D logon_parameter= s; > > > -+ network_info->identity_info.logon_id_low =3D 0xdead; > > > -+ network_info->identity_info.logon_id_high =3D 0xbeef; > > > -+ network_info->identity_info.account_name.string =3D username; > > > -+ network_info->identity_info.workstation.string =3D workstation_na= me_slash; > > > -+ > > > -+ memcpy(network_info->challenge, chal, 8); > > > -+ network_info->nt =3D nt; > > > -+ network_info->lm =3D lm; > > > -+ > > > -+ logon->network =3D network_info; > > > -+ > > > -+ /* Marshall data and send request */ > > > -+ > > > -+ status =3D netlogon_creds_cli_LogonSamLogon(creds, > > > -+ binding_handle, > > > -+ NetlogonNetworkInformation, > > > -+ logon, > > > -+ mem_ctx, > > > -+ &validation_level, > > > -+ &validation, > > > -+ authoritative, > > > -+ flags); > > > -+ if (!NT_STATUS_IS_OK(status)) { > > > -+ return status; > > > -+ } > > > -+ > > > -+ status =3D map_validation_to_info3(mem_ctx, > > > -+ validation_level, validation, > > > -+ info3); > > > -+ if (!NT_STATUS_IS_OK(status)) { > > > -+ return status; > > > -+ } > > > -+ > > > -+ return NT_STATUS_OK; > > > -+} > > > -+ > > > - /********************************************************* > > > - Change the domain password on the PDC. > > > -=20 > > > -diff --git a/source3/rpc_client/cli_netlogon.h b/source3/rpc_client/= cli_netlogon.h > > > -index f10e5c7..54ed7ae 100644 > > > ---- a/source3/rpc_client/cli_netlogon.h > > > -+++ b/source3/rpc_client/cli_netlogon.h > > > -@@ -26,6 +26,7 @@ > > > - struct cli_state; > > > - struct messaging_context; > > > - struct netlogon_creds_cli_context; > > > -+struct dcerpc_binding_handle; > > > -=20 > > > - /* The following definitions come from rpc_client/cli_netlogon.c */ > > > -=20 > > > -@@ -71,6 +72,19 @@ NTSTATUS rpccli_netlogon_sam_network_logon(struct= rpc_pipe_client *cli, > > > - DATA_BLOB lm_response, > > > - DATA_BLOB nt_response, > > > - struct netr_SamInfo3 **info3); > > > -+NTSTATUS rpccli_netlogon_network_logon(struct netlogon_creds_cli_co= ntext *creds, > > > -+ struct dcerpc_binding_handle *binding_handle, > > > -+ TALLOC_CTX *mem_ctx, > > > -+ uint32_t logon_parameters, > > > -+ const char *username, > > > -+ const char *domain, > > > -+ const char *workstation, > > > -+ const uint8 chal[8], > > > -+ DATA_BLOB lm_response, > > > -+ DATA_BLOB nt_response, > > > -+ uint8_t *authoritative, > > > -+ uint32_t *flags, > > > -+ struct netr_SamInfo3 **info3); > > > - NTSTATUS rpccli_netlogon_set_trust_password(struct rpc_pipe_client = *cli, > > > - TALLOC_CTX *mem_ctx, > > > - const char *account_name, > > > ---=20 > > > -1.9.3 > > > - > > > - > > > -From 2488e78fdf3058bf3a48c2086afd0f3248a43417 Mon Sep 17 00:00:00 20= 01 > > > -From: Stefan Metzmacher > > > -Date: Tue, 27 Aug 2013 14:56:06 +0200 > > > -Subject: [PATCH 180/249] s3:rpc_client: add rpccli_netlogon_password= _logon() > > > - > > > -Signed-off-by: Stefan Metzmacher > > > -Reviewed-by: Andrew Bartlett > > > -(cherry picked from commit b7dc3fb20468aa67ea7ddc1cea21fbe458e74565) > > > ---- > > > - source3/rpc_client/cli_netlogon.c | 133 +++++++++++++++++++++++++++= +++++++++++ > > > - source3/rpc_client/cli_netlogon.h | 8 +++ > > > - 2 files changed, 141 insertions(+) > > > - > > > -diff --git a/source3/rpc_client/cli_netlogon.c b/source3/rpc_client/= cli_netlogon.c > > > -index e335423..a9f8604 100644 > > > ---- a/source3/rpc_client/cli_netlogon.c > > > -+++ b/source3/rpc_client/cli_netlogon.c > > > -@@ -376,6 +376,139 @@ NTSTATUS rpccli_netlogon_sam_logon(struct rpc_= pipe_client *cli, > > > - return NT_STATUS_OK; > > > - } > > > -=20 > > > -+NTSTATUS rpccli_netlogon_password_logon(struct netlogon_creds_cli_c= ontext *creds, > > > -+ struct dcerpc_binding_handle *binding_handle, > > > -+ uint32_t logon_parameters, > > > -+ const char *domain, > > > -+ const char *username, > > > -+ const char *password, > > > -+ const char *workstation, > > > -+ enum netr_LogonInfoClass logon_type) > > > -+{ > > > -+ TALLOC_CTX *frame =3D talloc_stackframe(); > > > -+ NTSTATUS status; > > > -+ union netr_LogonLevel *logon; > > > -+ uint16_t validation_level =3D 0; > > > -+ union netr_Validation *validation =3D NULL; > > > -+ uint8_t authoritative =3D 0; > > > -+ uint32_t flags =3D 0; > > > -+ char *workstation_slash =3D NULL; > > > -+ > > > -+ logon =3D talloc_zero(frame, union netr_LogonLevel); > > > -+ if (logon =3D=3D NULL) { > > > -+ TALLOC_FREE(frame); > > > -+ return NT_STATUS_NO_MEMORY; > > > -+ } > > > -+ > > > -+ if (workstation =3D=3D NULL) { > > > -+ workstation =3D lp_netbios_name(); > > > -+ } > > > -+ > > > -+ workstation_slash =3D talloc_asprintf(frame, "\\\\%s", workstation= ); > > > -+ if (workstation_slash =3D=3D NULL) { > > > -+ TALLOC_FREE(frame); > > > -+ return NT_STATUS_NO_MEMORY; > > > -+ } > > > -+ > > > -+ /* Initialise input parameters */ > > > -+ > > > -+ switch (logon_type) { > > > -+ case NetlogonInteractiveInformation: { > > > -+ > > > -+ struct netr_PasswordInfo *password_info; > > > -+ > > > -+ struct samr_Password lmpassword; > > > -+ struct samr_Password ntpassword; > > > -+ > > > -+ password_info =3D talloc_zero(frame, struct netr_PasswordInfo); > > > -+ if (password_info =3D=3D NULL) { > > > -+ TALLOC_FREE(frame); > > > -+ return NT_STATUS_NO_MEMORY; > > > -+ } > > > -+ > > > -+ nt_lm_owf_gen(password, ntpassword.hash, lmpassword.hash); > > > -+ > > > -+ password_info->identity_info.domain_name.string =3D domain; > > > -+ password_info->identity_info.parameter_control =3D logon_paramet= ers; > > > -+ password_info->identity_info.logon_id_low =3D 0xdead; > > > -+ password_info->identity_info.logon_id_high =3D 0xbeef; > > > -+ password_info->identity_info.account_name.string =3D username; > > > -+ password_info->identity_info.workstation.string =3D workstation_= slash; > > > -+ > > > -+ password_info->lmpassword =3D lmpassword; > > > -+ password_info->ntpassword =3D ntpassword; > > > -+ > > > -+ logon->password =3D password_info; > > > -+ > > > -+ break; > > > -+ } > > > -+ case NetlogonNetworkInformation: { > > > -+ struct netr_NetworkInfo *network_info; > > > -+ uint8 chal[8]; > > > -+ unsigned char local_lm_response[24]; > > > -+ unsigned char local_nt_response[24]; > > > -+ struct netr_ChallengeResponse lm; > > > -+ struct netr_ChallengeResponse nt; > > > -+ > > > -+ ZERO_STRUCT(lm); > > > -+ ZERO_STRUCT(nt); > > > -+ > > > -+ network_info =3D talloc_zero(frame, struct netr_NetworkInfo); > > > -+ if (network_info =3D=3D NULL) { > > > -+ TALLOC_FREE(frame); > > > -+ return NT_STATUS_NO_MEMORY; > > > -+ } > > > -+ > > > -+ generate_random_buffer(chal, 8); > > > -+ > > > -+ SMBencrypt(password, chal, local_lm_response); > > > -+ SMBNTencrypt(password, chal, local_nt_response); > > > -+ > > > -+ lm.length =3D 24; > > > -+ lm.data =3D local_lm_response; > > > -+ > > > -+ nt.length =3D 24; > > > -+ nt.data =3D local_nt_response; > > > -+ > > > -+ network_info->identity_info.domain_name.string =3D domain; > > > -+ network_info->identity_info.parameter_control =3D logon_paramete= rs; > > > -+ network_info->identity_info.logon_id_low =3D 0xdead; > > > -+ network_info->identity_info.logon_id_high =3D 0xbeef; > > > -+ network_info->identity_info.account_name.string =3D username; > > > -+ network_info->identity_info.workstation.string =3D workstation_s= lash; > > > -+ > > > -+ memcpy(network_info->challenge, chal, 8); > > > -+ network_info->nt =3D nt; > > > -+ network_info->lm =3D lm; > > > -+ > > > -+ logon->network =3D network_info; > > > -+ > > > -+ break; > > > -+ } > > > -+ default: > > > -+ DEBUG(0, ("switch value %d not supported\n", > > > -+ logon_type)); > > > -+ TALLOC_FREE(frame); > > > -+ return NT_STATUS_INVALID_INFO_CLASS; > > > -+ } > > > -+ > > > -+ status =3D netlogon_creds_cli_LogonSamLogon(creds, > > > -+ binding_handle, > > > -+ logon_type, > > > -+ logon, > > > -+ frame, > > > -+ &validation_level, > > > -+ &validation, > > > -+ &authoritative, > > > -+ &flags); > > > -+ TALLOC_FREE(frame); > > > -+ if (!NT_STATUS_IS_OK(status)) { > > > -+ return status; > > > -+ } > > > -+ > > > -+ return NT_STATUS_OK; > > > -+} > > > -+ > > > - static NTSTATUS map_validation_to_info3(TALLOC_CTX *mem_ctx, > > > - uint16_t validation_level, > > > - union netr_Validation *validation, > > > -diff --git a/source3/rpc_client/cli_netlogon.h b/source3/rpc_client/= cli_netlogon.h > > > -index 54ed7ae..d4c6670 100644 > > > ---- a/source3/rpc_client/cli_netlogon.h > > > -+++ b/source3/rpc_client/cli_netlogon.h > > > -@@ -60,6 +60,14 @@ NTSTATUS rpccli_netlogon_sam_logon(struct rpc_pip= e_client *cli, > > > - const char *workstation, > > > - uint16_t validation_level, > > > - int logon_type); > > > -+NTSTATUS rpccli_netlogon_password_logon(struct netlogon_creds_cli_c= ontext *creds, > > > -+ struct dcerpc_binding_handle *binding_handle, > > > -+ uint32_t logon_parameters, > > > -+ const char *domain, > > > -+ const char *username, > > > -+ const char *password, > > > -+ const char *workstation, > > > -+ enum netr_LogonInfoClass logon_type); > > > - NTSTATUS rpccli_netlogon_sam_network_logon(struct rpc_pipe_client *= cli, > > > - TALLOC_CTX *mem_ctx, > > > - uint32 logon_parameters, > > > ---=20 > > > -1.9.3 > > > - > > > - > > > -From 10c272f991643913358efd5fefb28fc1ce307c70 Mon Sep 17 00:00:00 20= 01 > > > -From: Stefan Metzmacher > > > -Date: Tue, 17 Dec 2013 20:06:14 +0100 > > > -Subject: [PATCH 181/249] s3:winbindd: call rpccli_pre_open_netlogon_= creds() in > > > - the parent > > > - > > > -This opens the CLEAR_IF_FIRST tdb in the long living parent. > > > - > > > -Signed-off-by: Stefan Metzmacher > > > -Reviewed-by: Andrew Bartlett > > > -(cherry picked from commit 07126b6fb22cebce660d1d1a4f0f9fb905064aa0) > > > ---- > > > - source3/winbindd/winbindd.c | 8 ++++++++ > > > - 1 file changed, 8 insertions(+) > > > - > > > -diff --git a/source3/winbindd/winbindd.c b/source3/winbindd/winbindd= =2Ec > > > -index 69a17bf..a90c8fe 100644 > > > ---- a/source3/winbindd/winbindd.c > > > -+++ b/source3/winbindd/winbindd.c > > > -@@ -31,6 +31,7 @@ > > > - #include "../librpc/gen_ndr/srv_lsa.h" > > > - #include "../librpc/gen_ndr/srv_samr.h" > > > - #include "secrets.h" > > > -+#include "rpc_client/cli_netlogon.h" > > > - #include "idmap.h" > > > - #include "lib/addrchange.h" > > > - #include "serverid.h" > > > -@@ -1538,6 +1539,13 @@ int main(int argc, char **argv, char **envp) > > > - return False; > > > - } > > > -=20 > > > -+ status =3D rpccli_pre_open_netlogon_creds(); > > > -+ if (!NT_STATUS_IS_OK(status)) { > > > -+ DEBUG(0, ("rpccli_pre_open_netlogon_creds() - %s\n", > > > -+ nt_errstr(status))); > > > -+ exit(1); > > > -+ } > > > -+ > > > - /* Unblock all signals we are interested in as they may have been > > > - blocked by the parent process. */ > > > -=20 > > > ---=20 > > > -1.9.3 > > > - > > > - > > > -From 4cb4ec2065f1f8b3598eb37ca24ce0f8fdf567aa Mon Sep 17 00:00:00 20= 01 > > > -From: Stefan Metzmacher > > > -Date: Wed, 7 Aug 2013 11:32:44 +0200 > > > -Subject: [PATCH 182/249] s3:winbindd: make use of > > > - rpccli_{create,setup}_netlogon_creds() > > > - > > > -Signed-off-by: Stefan Metzmacher > > > -Reviewed-by: Andrew Bartlett > > > -(cherry picked from commit 22e4e2c1d1252e434cb928d4530c378a62a64138) > > > ---- > > > - source3/winbindd/winbindd.h | 3 + > > > - source3/winbindd/winbindd_cm.c | 125 ++++++++++++++++++++----= ----------- > > > - source3/winbindd/winbindd_dual_srv.c | 1 + > > > - 3 files changed, 77 insertions(+), 52 deletions(-) > > > - > > > -diff --git a/source3/winbindd/winbindd.h b/source3/winbindd/winbindd= =2Eh > > > -index b5fc010..8f89e27 100644 > > > ---- a/source3/winbindd/winbindd.h > > > -+++ b/source3/winbindd/winbindd.h > > > -@@ -116,6 +116,9 @@ struct winbindd_cm_conn { > > > - struct policy_handle lsa_policy; > > > -=20 > > > - struct rpc_pipe_client *netlogon_pipe; > > > -+ struct netlogon_creds_cli_context *netlogon_creds; > > > -+ uint32_t netlogon_flags; > > > -+ bool netlogon_force_reauth; > > > - }; > > > -=20 > > > - /* Async child */ > > > -diff --git a/source3/winbindd/winbindd_cm.c b/source3/winbindd/winbi= ndd_cm.c > > > -index 1546002..7b6cc96 100644 > > > ---- a/source3/winbindd/winbindd_cm.c > > > -+++ b/source3/winbindd/winbindd_cm.c > > > -@@ -79,6 +79,7 @@ > > > - #include "auth/gensec/gensec.h" > > > - #include "../libcli/smb/smbXcli_base.h" > > > - #include "lib/param/loadparm.h" > > > -+#include "libcli/auth/netlogon_creds_cli.h" > > > -=20 > > > - #undef DBGC_CLASS > > > - #define DBGC_CLASS DBGC_WINBIND > > > -@@ -1826,6 +1827,9 @@ void invalidate_cm_connection(struct winbindd_= cm_conn *conn) > > > - } > > > -=20 > > > - conn->auth_level =3D DCERPC_AUTH_LEVEL_PRIVACY; > > > -+ conn->netlogon_force_reauth =3D false; > > > -+ conn->netlogon_flags =3D 0; > > > -+ TALLOC_FREE(conn->netlogon_creds); > > > -=20 > > > - if (conn->cli) { > > > - cli_shutdown(conn->cli); > > > -@@ -2292,8 +2296,18 @@ static NTSTATUS cm_get_schannel_creds(struct = winbindd_domain *domain, > > > - NTSTATUS result =3D NT_STATUS_UNSUCCESSFUL; > > > - struct rpc_pipe_client *netlogon_pipe; > > > -=20 > > > -- if (lp_client_schannel() =3D=3D False) { > > > -- return NT_STATUS_CANT_ACCESS_DOMAIN_INFO; > > > -+ *ppdc =3D NULL; > > > -+ > > > -+ if ((!IS_DC) && (!domain->primary)) { > > > -+ return NT_STATUS_TRUSTED_DOMAIN_FAILURE; > > > -+ } > > > -+ > > > -+ if (domain->conn.netlogon_creds !=3D NULL) { > > > -+ if (!(domain->conn.netlogon_flags & NETLOGON_NEG_AUTHENTICATED_RP= C)) { > > > -+ return NT_STATUS_TRUSTED_DOMAIN_FAILURE; > > > -+ } > > > -+ *ppdc =3D domain->conn.netlogon_creds; > > > -+ return NT_STATUS_OK; > > > - } > > > -=20 > > > - result =3D cm_connect_netlogon(domain, &netlogon_pipe); > > > -@@ -2301,14 +2315,15 @@ static NTSTATUS cm_get_schannel_creds(struct= winbindd_domain *domain, > > > - return result; > > > - } > > > -=20 > > > -- /* Return a pointer to the struct netlogon_creds_CredentialState f= rom the > > > -- netlogon pipe. */ > > > -+ if (domain->conn.netlogon_creds =3D=3D NULL) { > > > -+ return NT_STATUS_TRUSTED_DOMAIN_FAILURE; > > > -+ } > > > -=20 > > > -- if (!domain->conn.netlogon_pipe->netlogon_creds) { > > > -- return NT_STATUS_INTERNAL_ERROR; /* This shouldn't happen. */ > > > -+ if (!(domain->conn.netlogon_flags & NETLOGON_NEG_AUTHENTICATED_RPC= )) { > > > -+ return NT_STATUS_TRUSTED_DOMAIN_FAILURE; > > > - } > > > -=20 > > > -- *ppdc =3D domain->conn.netlogon_pipe->netlogon_creds; > > > -+ *ppdc =3D domain->conn.netlogon_creds; > > > - return NT_STATUS_OK; > > > - } > > > -=20 > > > -@@ -2747,14 +2762,16 @@ NTSTATUS cm_connect_lsat(struct winbindd_dom= ain *domain, > > > - NTSTATUS cm_connect_netlogon(struct winbindd_domain *domain, > > > - struct rpc_pipe_client **cli) > > > - { > > > -+ struct messaging_context *msg_ctx =3D winbind_messaging_context(); > > > - struct winbindd_cm_conn *conn; > > > - NTSTATUS result; > > > -- > > > -- uint32_t neg_flags =3D NETLOGON_NEG_AUTH2_ADS_FLAGS | NETLOGON_NEG= _SUPPORTS_AES; > > > -- uint8_t mach_pwd[16]; > > > - enum netr_SchannelType sec_chan_type; > > > -+ const char *_account_name; > > > - const char *account_name; > > > -- struct rpc_pipe_client *netlogon_pipe =3D NULL; > > > -+ struct samr_Password current_nt_hash; > > > -+ struct samr_Password *previous_nt_hash =3D NULL; > > > -+ struct netlogon_creds_CredentialState *creds =3D NULL; > > > -+ bool ok; > > > -=20 > > > - *cli =3D NULL; > > > -=20 > > > -@@ -2771,60 +2788,68 @@ NTSTATUS cm_connect_netlogon(struct winbindd= _domain *domain, > > > - } > > > -=20 > > > - TALLOC_FREE(conn->netlogon_pipe); > > > -- > > > -- result =3D cli_rpc_pipe_open_noauth(conn->cli, > > > -- &ndr_table_netlogon, > > > -- &netlogon_pipe); > > > -- if (!NT_STATUS_IS_OK(result)) { > > > -- return result; > > > -- } > > > -+ conn->netlogon_flags =3D 0; > > > -+ TALLOC_FREE(conn->netlogon_creds); > > > -=20 > > > - if ((!IS_DC) && (!domain->primary)) { > > > -- /* Clear the schannel request bit and drop down */ > > > -- neg_flags &=3D ~NETLOGON_NEG_SCHANNEL; =09 > > > - goto no_schannel; > > > - } > > > -=20 > > > -- if (lp_client_schannel() !=3D False) { > > > -- neg_flags |=3D NETLOGON_NEG_SCHANNEL; > > > -+ ok =3D get_trust_pw_hash(domain->name, > > > -+ current_nt_hash.hash, > > > -+ &_account_name, > > > -+ &sec_chan_type); > > > -+ if (!ok) { > > > -+ return NT_STATUS_CANT_ACCESS_DOMAIN_INFO; > > > - } > > > -=20 > > > -- if (!get_trust_pw_hash(domain->name, mach_pwd, &account_name, > > > -- &sec_chan_type)) > > > -- { > > > -- TALLOC_FREE(netlogon_pipe); > > > -- return NT_STATUS_CANT_ACCESS_DOMAIN_INFO; > > > -+ account_name =3D talloc_asprintf(talloc_tos(), "%s$", _account_nam= e); > > > -+ if (account_name =3D=3D NULL) { > > > -+ return NT_STATUS_NO_MEMORY; > > > - } > > > -=20 > > > -- result =3D rpccli_netlogon_setup_creds( > > > -- netlogon_pipe, > > > -- domain->dcname, /* server name. */ > > > -- domain->name, /* domain name */ > > > -- lp_netbios_name(), /* client name */ > > > -- account_name, /* machine account */ > > > -- mach_pwd, /* machine password */ > > > -- sec_chan_type, /* from get_trust_pw */ > > > -- &neg_flags); > > > -+ result =3D rpccli_create_netlogon_creds(domain->dcname, > > > -+ domain->name, > > > -+ account_name, > > > -+ sec_chan_type, > > > -+ msg_ctx, > > > -+ domain, > > > -+ &conn->netlogon_creds); > > > -+ if (!NT_STATUS_IS_OK(result)) { > > > -+ SAFE_FREE(previous_nt_hash); > > > -+ return result; > > > -+ } > > > -=20 > > > -+ result =3D rpccli_setup_netlogon_creds(conn->cli, > > > -+ conn->netlogon_creds, > > > -+ conn->netlogon_force_reauth, > > > -+ current_nt_hash, > > > -+ previous_nt_hash); > > > -+ conn->netlogon_force_reauth =3D false; > > > -+ SAFE_FREE(previous_nt_hash); > > > - if (!NT_STATUS_IS_OK(result)) { > > > -- TALLOC_FREE(netlogon_pipe); > > > - return result; > > > - } > > > -=20 > > > -- if ((lp_client_schannel() =3D=3D True) && > > > -- ((neg_flags & NETLOGON_NEG_SCHANNEL) =3D=3D 0)) { > > > -- DEBUG(3, ("Server did not offer schannel\n")); > > > -- TALLOC_FREE(netlogon_pipe); > > > -- return NT_STATUS_ACCESS_DENIED; > > > -+ result =3D netlogon_creds_cli_get(conn->netlogon_creds, > > > -+ talloc_tos(), > > > -+ &creds); > > > -+ if (!NT_STATUS_IS_OK(result)) { > > > -+ return result; > > > - } > > > -+ conn->netlogon_flags =3D creds->negotiate_flags; > > > -+ TALLOC_FREE(creds); > > > -=20 > > > - no_schannel: > > > -- if ((lp_client_schannel() =3D=3D False) || > > > -- ((neg_flags & NETLOGON_NEG_SCHANNEL) =3D=3D 0)) { > > > -+ if (!(conn->netlogon_flags & NETLOGON_NEG_AUTHENTICATED_RPC)) { > > > -+ result =3D cli_rpc_pipe_open_noauth(conn->cli, > > > -+ &ndr_table_netlogon, > > > -+ &conn->netlogon_pipe); > > > -+ if (!NT_STATUS_IS_OK(result)) { > > > -+ invalidate_cm_connection(conn); > > > -+ return result; > > > -+ } > > > -=20 > > > -- /* We're done - just keep the existing connection to NETLOGON > > > -- * open */ > > > -- conn->netlogon_pipe =3D netlogon_pipe; > > > - *cli =3D conn->netlogon_pipe; > > > - return NT_STATUS_OK; > > > - } > > > -@@ -2837,12 +2862,8 @@ NTSTATUS cm_connect_netlogon(struct winbindd_= domain *domain, > > > - result =3D cli_rpc_pipe_open_schannel_with_key( > > > - conn->cli, &ndr_table_netlogon, NCACN_NP, > > > - domain->name, > > > -- netlogon_pipe->netlogon_creds, > > > -+ conn->netlogon_creds, > > > - &conn->netlogon_pipe); > > > -- > > > -- /* We can now close the initial netlogon pipe. */ > > > -- TALLOC_FREE(netlogon_pipe); > > > -- > > > - if (!NT_STATUS_IS_OK(result)) { > > > - DEBUG(3, ("Could not open schannel'ed NETLOGON pipe. Error " > > > - "was %s\n", nt_errstr(result))); > > > -diff --git a/source3/winbindd/winbindd_dual_srv.c b/source3/winbindd= /winbindd_dual_srv.c > > > -index b873655..001591a 100644 > > > ---- a/source3/winbindd/winbindd_dual_srv.c > > > -+++ b/source3/winbindd/winbindd_dual_srv.c > > > -@@ -580,6 +580,7 @@ NTSTATUS _wbint_CheckMachineAccount(struct pipes= _struct *p, > > > -=20 > > > - again: > > > - invalidate_cm_connection(&domain->conn); > > > -+ domain->conn.netlogon_force_reauth =3D true; > > > -=20 > > > - { > > > - struct rpc_pipe_client *netlogon_pipe; > > > ---=20 > > > -1.9.3 > > > - > > > - > > > -From dc77edf0b74a88950f4de2472c05a73fcc629dc1 Mon Sep 17 00:00:00 20= 01 > > > -From: Stefan Metzmacher > > > -Date: Tue, 27 Aug 2013 13:07:45 +0200 > > > -Subject: [PATCH 183/249] s3:auth_domain: simplify > > > - connect_to_domain_password_server() > > > - > > > -Signed-off-by: Stefan Metzmacher > > > -Reviewed-by: Andrew Bartlett > > > -(cherry picked from commit d9d55f5406949187901476d673c7d6ff0fc165c2) > > > ---- > > > - source3/auth/auth_domain.c | 31 ++++++++++++------------------- > > > - 1 file changed, 12 insertions(+), 19 deletions(-) > > > - > > > -diff --git a/source3/auth/auth_domain.c b/source3/auth/auth_domain.c > > > -index 9f88c4a..ae27bf0 100644 > > > ---- a/source3/auth/auth_domain.c > > > -+++ b/source3/auth/auth_domain.c > > > -@@ -47,16 +47,17 @@ static struct named_mutex *mutex; > > > - * > > > - **/ > > > -=20 > > > --static NTSTATUS connect_to_domain_password_server(struct cli_state = **cli, > > > -+static NTSTATUS connect_to_domain_password_server(struct cli_state = **cli_ret, > > > - const char *domain, > > > - const char *dc_name, > > > - const struct sockaddr_storage *dc_ss, > > > - struct rpc_pipe_client **pipe_ret) > > > - { > > > -- NTSTATUS result; > > > -+ NTSTATUS result; > > > -+ struct cli_state *cli =3D NULL; > > > - struct rpc_pipe_client *netlogon_pipe =3D NULL; > > > -=20 > > > -- *cli =3D NULL; > > > -+ *cli_ret =3D NULL; > > > -=20 > > > - *pipe_ret =3D NULL; > > > -=20 > > > -@@ -80,7 +81,7 @@ static NTSTATUS connect_to_domain_password_server(= struct cli_state **cli, > > > - } > > > -=20 > > > - /* Attempt connection */ > > > -- result =3D cli_full_connection(cli, lp_netbios_name(), dc_name, dc= _ss, 0, > > > -+ result =3D cli_full_connection(&cli, lp_netbios_name(), dc_name, d= c_ss, 0, > > > - "IPC$", "IPC", "", "", "", 0, SMB_SIGNING_DEFAULT); > > > -=20 > > > - if (!NT_STATUS_IS_OK(result)) { > > > -@@ -89,11 +90,6 @@ static NTSTATUS connect_to_domain_password_server= (struct cli_state **cli, > > > - result =3D NT_STATUS_NO_LOGON_SERVERS; > > > - } > > > -=20 > > > -- if (*cli) { > > > -- cli_shutdown(*cli); > > > -- *cli =3D NULL; > > > -- } > > > -- > > > - TALLOC_FREE(mutex); > > > - return result; > > > - } > > > -@@ -115,18 +111,17 @@ static NTSTATUS connect_to_domain_password_ser= ver(struct cli_state **cli, > > > - if (lp_client_schannel()) { > > > - /* We also setup the creds chain in the open_schannel call. */ > > > - result =3D cli_rpc_pipe_open_schannel( > > > -- *cli, &ndr_table_netlogon, NCACN_NP, > > > -+ cli, &ndr_table_netlogon, NCACN_NP, > > > - DCERPC_AUTH_LEVEL_PRIVACY, domain, &netlogon_pipe); > > > - } else { > > > - result =3D cli_rpc_pipe_open_noauth( > > > -- *cli, &ndr_table_netlogon, &netlogon_pipe); > > > -+ cli, &ndr_table_netlogon, &netlogon_pipe); > > > - } > > > -=20 > > > - if (!NT_STATUS_IS_OK(result)) { > > > - DEBUG(0,("connect_to_domain_password_server: unable to open the d= omain client session to \ > > > - machine %s. Error was : %s.\n", dc_name, nt_errstr(result))); > > > -- cli_shutdown(*cli); > > > -- *cli =3D NULL; > > > -+ cli_shutdown(cli); > > > - TALLOC_FREE(mutex); > > > - return result; > > > - } > > > -@@ -145,8 +140,7 @@ machine %s. Error was : %s.\n", dc_name, nt_errs= tr(result))); > > > - DEBUG(0, ("connect_to_domain_password_server: could not fetch " > > > - "trust account password for domain '%s'\n", > > > - domain)); > > > -- cli_shutdown(*cli); > > > -- *cli =3D NULL; > > > -+ cli_shutdown(cli); > > > - TALLOC_FREE(mutex); > > > - return NT_STATUS_CANT_ACCESS_DOMAIN_INFO; > > > - } > > > -@@ -161,8 +155,7 @@ machine %s. Error was : %s.\n", dc_name, nt_errs= tr(result))); > > > - &neg_flags); > > > -=20 > > > - if (!NT_STATUS_IS_OK(result)) { > > > -- cli_shutdown(*cli); > > > -- *cli =3D NULL; > > > -+ cli_shutdown(cli); > > > - TALLOC_FREE(mutex); > > > - return result; > > > - } > > > -@@ -172,14 +165,14 @@ machine %s. Error was : %s.\n", dc_name, nt_er= rstr(result))); > > > - DEBUG(0, ("connect_to_domain_password_server: unable to open " > > > - "the domain client session to machine %s. Error " > > > - "was : %s.\n", dc_name, nt_errstr(result))); > > > -- cli_shutdown(*cli); > > > -- *cli =3D NULL; > > > -+ cli_shutdown(cli); > > > - TALLOC_FREE(mutex); > > > - return NT_STATUS_NO_LOGON_SERVERS; > > > - } > > > -=20 > > > - /* We exit here with the mutex *locked*. JRA */ > > > -=20 > > > -+ *cli_ret =3D cli; > > > - *pipe_ret =3D netlogon_pipe; > > > -=20 > > > - return NT_STATUS_OK; > > > ---=20 > > > -1.9.3 > > > - > > > - > > > -From 8fc2ffafd545dbc4af4c1ebab5fb631da18cade4 Mon Sep 17 00:00:00 20= 01 > > > -From: Stefan Metzmacher > > > -Date: Tue, 27 Aug 2013 15:01:10 +0200 > > > -Subject: [PATCH 184/249] s3:auth_domain: make use of > > > - rpccli_{create,setup}_netlogon_creds() > > > - > > > -Signed-off-by: Stefan Metzmacher > > > -Reviewed-by: Andrew Bartlett > > > -(cherry picked from commit 34e66780e573bebf4b971fb96e1ed8680c1488a9) > > > ---- > > > - source3/auth/auth_domain.c | 136 ++++++++++++++++++++++++++++------= ----------- > > > - 1 file changed, 85 insertions(+), 51 deletions(-) > > > - > > > -diff --git a/source3/auth/auth_domain.c b/source3/auth/auth_domain.c > > > -index ae27bf0..bf2671c 100644 > > > ---- a/source3/auth/auth_domain.c > > > -+++ b/source3/auth/auth_domain.c > > > -@@ -27,6 +27,7 @@ > > > - #include "secrets.h" > > > - #include "passdb.h" > > > - #include "libsmb/libsmb.h" > > > -+#include "libcli/auth/netlogon_creds_cli.h" > > > -=20 > > > - #undef DBGC_CLASS > > > - #define DBGC_CLASS DBGC_AUTH > > > -@@ -53,9 +54,20 @@ static NTSTATUS connect_to_domain_password_server= (struct cli_state **cli_ret, > > > - const struct sockaddr_storage *dc_ss, > > > - struct rpc_pipe_client **pipe_ret) > > > - { > > > -+ TALLOC_CTX *frame =3D talloc_stackframe(); > > > -+ struct messaging_context *msg_ctx =3D server_messaging_context(); > > > - NTSTATUS result; > > > - struct cli_state *cli =3D NULL; > > > - struct rpc_pipe_client *netlogon_pipe =3D NULL; > > > -+ struct netlogon_creds_cli_context *netlogon_creds =3D NULL; > > > -+ struct netlogon_creds_CredentialState *creds =3D NULL; > > > -+ uint32_t netlogon_flags =3D 0; > > > -+ enum netr_SchannelType sec_chan_type =3D 0; > > > -+ const char *_account_name =3D NULL; > > > -+ const char *account_name =3D NULL; > > > -+ struct samr_Password current_nt_hash; > > > -+ struct samr_Password *previous_nt_hash =3D NULL; > > > -+ bool ok; > > > -=20 > > > - *cli_ret =3D NULL; > > > -=20 > > > -@@ -77,6 +89,7 @@ static NTSTATUS connect_to_domain_password_server(= struct cli_state **cli_ret, > > > -=20 > > > - mutex =3D grab_named_mutex(NULL, dc_name, 10); > > > - if (mutex =3D=3D NULL) { > > > -+ TALLOC_FREE(frame); > > > - return NT_STATUS_NO_LOGON_SERVERS; > > > - } > > > -=20 > > > -@@ -91,6 +104,7 @@ static NTSTATUS connect_to_domain_password_server= (struct cli_state **cli_ret, > > > - } > > > -=20 > > > - TALLOC_FREE(mutex); > > > -+ TALLOC_FREE(frame); > > > - return result; > > > - } > > > -=20 > > > -@@ -98,67 +112,85 @@ static NTSTATUS connect_to_domain_password_serv= er(struct cli_state **cli_ret, > > > - * We now have an anonymous connection to IPC$ on the domain passw= ord server. > > > - */ > > > -=20 > > > -- /* > > > -- * Even if the connect succeeds we need to setup the netlogon > > > -- * pipe here. We do this as we may just have changed the domain > > > -- * account password on the PDC and yet we may be talking to > > > -- * a BDC that doesn't have this replicated yet. In this case > > > -- * a successful connect to a DC needs to take the netlogon connect > > > -- * into account also. This patch from "Bjart Kvarme" . > > > -- */ > > > -+ ok =3D get_trust_pw_hash(domain, > > > -+ current_nt_hash.hash, > > > -+ &_account_name, > > > -+ &sec_chan_type); > > > -+ if (!ok) { > > > -+ cli_shutdown(cli); > > > -+ TALLOC_FREE(mutex); > > > -+ TALLOC_FREE(frame); > > > -+ return NT_STATUS_CANT_ACCESS_DOMAIN_INFO; > > > -+ } > > > -=20 > > > -- /* open the netlogon pipe. */ > > > -- if (lp_client_schannel()) { > > > -- /* We also setup the creds chain in the open_schannel call. */ > > > -- result =3D cli_rpc_pipe_open_schannel( > > > -- cli, &ndr_table_netlogon, NCACN_NP, > > > -- DCERPC_AUTH_LEVEL_PRIVACY, domain, &netlogon_pipe); > > > -- } else { > > > -- result =3D cli_rpc_pipe_open_noauth( > > > -- cli, &ndr_table_netlogon, &netlogon_pipe); > > > -+ account_name =3D talloc_asprintf(talloc_tos(), "%s$", _account_nam= e); > > > -+ if (account_name =3D=3D NULL) { > > > -+ cli_shutdown(cli); > > > -+ TALLOC_FREE(mutex); > > > -+ TALLOC_FREE(frame); > > > -+ return NT_STATUS_NO_MEMORY; > > > - } > > > -=20 > > > -+ result =3D rpccli_create_netlogon_creds(dc_name, > > > -+ domain, > > > -+ account_name, > > > -+ sec_chan_type, > > > -+ msg_ctx, > > > -+ talloc_tos(), > > > -+ &netlogon_creds); > > > - if (!NT_STATUS_IS_OK(result)) { > > > -- DEBUG(0,("connect_to_domain_password_server: unable to open the d= omain client session to \ > > > --machine %s. Error was : %s.\n", dc_name, nt_errstr(result))); > > > - cli_shutdown(cli); > > > - TALLOC_FREE(mutex); > > > -+ TALLOC_FREE(frame); > > > -+ SAFE_FREE(previous_nt_hash); > > > - return result; > > > - } > > > -=20 > > > -- if (!lp_client_schannel()) { > > > -- /* We need to set up a creds chain on an unauthenticated netlogon= pipe. */ > > > -- uint32_t neg_flags =3D NETLOGON_NEG_AUTH2_ADS_FLAGS | > > > -- NETLOGON_NEG_SUPPORTS_AES; > > > -- enum netr_SchannelType sec_chan_type =3D 0; > > > -- unsigned char machine_pwd[16]; > > > -- const char *account_name; > > > -- > > > -- if (!get_trust_pw_hash(domain, machine_pwd, &account_name, > > > -- &sec_chan_type)) > > > -- { > > > -- DEBUG(0, ("connect_to_domain_password_server: could not fetch " > > > -- "trust account password for domain '%s'\n", > > > -- domain)); > > > -- cli_shutdown(cli); > > > -- TALLOC_FREE(mutex); > > > -- return NT_STATUS_CANT_ACCESS_DOMAIN_INFO; > > > -- } > > > -+ result =3D rpccli_setup_netlogon_creds(cli, > > > -+ netlogon_creds, > > > -+ false, /* force_reauth */ > > > -+ current_nt_hash, > > > -+ previous_nt_hash); > > > -+ SAFE_FREE(previous_nt_hash); > > > -+ if (!NT_STATUS_IS_OK(result)) { > > > -+ cli_shutdown(cli); > > > -+ TALLOC_FREE(mutex); > > > -+ TALLOC_FREE(frame); > > > -+ return result; > > > -+ } > > > -=20 > > > -- result =3D rpccli_netlogon_setup_creds(netlogon_pipe, > > > -- dc_name, /* server name */ > > > -- domain, /* domain */ > > > -- lp_netbios_name(), /* client name */ > > > -- account_name, /* machine account name */ > > > -- machine_pwd, > > > -- sec_chan_type, > > > -- &neg_flags); > > > -- > > > -- if (!NT_STATUS_IS_OK(result)) { > > > -- cli_shutdown(cli); > > > -- TALLOC_FREE(mutex); > > > -- return result; > > > -- } > > > -+ result =3D netlogon_creds_cli_get(netlogon_creds, > > > -+ talloc_tos(), > > > -+ &creds); > > > -+ if (!NT_STATUS_IS_OK(result)) { > > > -+ cli_shutdown(cli); > > > -+ TALLOC_FREE(mutex); > > > -+ TALLOC_FREE(frame); > > > -+ return result; > > > -+ } > > > -+ netlogon_flags =3D creds->negotiate_flags; > > > -+ TALLOC_FREE(creds); > > > -+ > > > -+ if (netlogon_flags & NETLOGON_NEG_AUTHENTICATED_RPC) { > > > -+ result =3D cli_rpc_pipe_open_schannel_with_key( > > > -+ cli, &ndr_table_netlogon, NCACN_NP, > > > -+ domain, netlogon_creds, &netlogon_pipe); > > > -+ } else { > > > -+ result =3D cli_rpc_pipe_open_noauth(cli, > > > -+ &ndr_table_netlogon, > > > -+ &netlogon_pipe); > > > -+ } > > > -+ > > > -+ if (!NT_STATUS_IS_OK(result)) { > > > -+ DEBUG(0,("connect_to_domain_password_server: " > > > -+ "unable to open the domain client session to " > > > -+ "machine %s. Flags[0x%08X] Error was : %s.\n", > > > -+ dc_name, (unsigned)netlogon_flags, > > > -+ nt_errstr(result))); > > > -+ cli_shutdown(cli); > > > -+ TALLOC_FREE(mutex); > > > -+ TALLOC_FREE(frame); > > > -+ return result; > > > - } > > > -=20 > > > - if(!netlogon_pipe) { > > > -@@ -167,6 +199,7 @@ machine %s. Error was : %s.\n", dc_name, nt_errs= tr(result))); > > > - "was : %s.\n", dc_name, nt_errstr(result))); > > > - cli_shutdown(cli); > > > - TALLOC_FREE(mutex); > > > -+ TALLOC_FREE(frame); > > > - return NT_STATUS_NO_LOGON_SERVERS; > > > - } > > > -=20 > > > -@@ -175,6 +208,7 @@ machine %s. Error was : %s.\n", dc_name, nt_errs= tr(result))); > > > - *cli_ret =3D cli; > > > - *pipe_ret =3D netlogon_pipe; > > > -=20 > > > -+ TALLOC_FREE(frame); > > > - return NT_STATUS_OK; > > > - } > > > -=20 > > > ---=20 > > > -1.9.3 > > > - > > > - > > > -From 5cc57e577bc7d144176ffe6f21ed24a95661a861 Mon Sep 17 00:00:00 20= 01 > > > -From: Stefan Metzmacher > > > -Date: Tue, 27 Aug 2013 15:02:26 +0200 > > > -Subject: [PATCH 185/249] s3:auth_domain: make use of > > > - rpccli_netlogon_network_logon() > > > - > > > -Signed-off-by: Stefan Metzmacher > > > -Reviewed-by: Andrew Bartlett > > > -(cherry picked from commit 531bbf3aff3fb08aaf112b21038f20544db60b69) > > > ---- > > > - source3/auth/auth_domain.c | 36 ++++++++++++++++++++++-------------- > > > - 1 file changed, 22 insertions(+), 14 deletions(-) > > > - > > > -diff --git a/source3/auth/auth_domain.c b/source3/auth/auth_domain.c > > > -index bf2671c..937841c 100644 > > > ---- a/source3/auth/auth_domain.c > > > -+++ b/source3/auth/auth_domain.c > > > -@@ -52,7 +52,8 @@ static NTSTATUS connect_to_domain_password_server(= struct cli_state **cli_ret, > > > - const char *domain, > > > - const char *dc_name, > > > - const struct sockaddr_storage *dc_ss, > > > -- struct rpc_pipe_client **pipe_ret) > > > -+ struct rpc_pipe_client **pipe_ret, > > > -+ struct netlogon_creds_cli_context **creds_ret) > > > - { > > > - TALLOC_CTX *frame =3D talloc_stackframe(); > > > - struct messaging_context *msg_ctx =3D server_messaging_context(); > > > -@@ -72,6 +73,7 @@ static NTSTATUS connect_to_domain_password_server(= struct cli_state **cli_ret, > > > - *cli_ret =3D NULL; > > > -=20 > > > - *pipe_ret =3D NULL; > > > -+ *creds_ret =3D NULL; > > > -=20 > > > - /* TODO: Send a SAMLOGON request to determine whether this is a va= lid > > > - logonserver. We can avoid a 30-second timeout if the DC is down > > > -@@ -207,6 +209,7 @@ static NTSTATUS connect_to_domain_password_serve= r(struct cli_state **cli_ret, > > > -=20 > > > - *cli_ret =3D cli; > > > - *pipe_ret =3D netlogon_pipe; > > > -+ *creds_ret =3D netlogon_creds; > > > -=20 > > > - TALLOC_FREE(frame); > > > - return NT_STATUS_OK; > > > -@@ -230,8 +233,11 @@ static NTSTATUS domain_client_validate(TALLOC_C= TX *mem_ctx, > > > - struct netr_SamInfo3 *info3 =3D NULL; > > > - struct cli_state *cli =3D NULL; > > > - struct rpc_pipe_client *netlogon_pipe =3D NULL; > > > -+ struct netlogon_creds_cli_context *netlogon_creds =3D NULL; > > > - NTSTATUS nt_status =3D NT_STATUS_NO_LOGON_SERVERS; > > > - int i; > > > -+ uint8_t authoritative =3D 0; > > > -+ uint32_t flags =3D 0; > > > -=20 > > > - /* > > > - * At this point, smb_apasswd points to the lanman response to > > > -@@ -248,7 +254,8 @@ static NTSTATUS domain_client_validate(TALLOC_CT= X *mem_ctx, > > > - domain, > > > - dc_name, > > > - dc_ss, > > > -- &netlogon_pipe); > > > -+ &netlogon_pipe, > > > -+ &netlogon_creds); > > > - } > > > -=20 > > > - if ( !NT_STATUS_IS_OK(nt_status) ) { > > > -@@ -268,18 +275,19 @@ static NTSTATUS domain_client_validate(TALLOC_= CTX *mem_ctx, > > > - * in the info3 structure. =20 > > > - */ > > > -=20 > > > -- nt_status =3D rpccli_netlogon_sam_network_logon(netlogon_pipe, > > > -- mem_ctx, > > > -- user_info->logon_parameters, /* flags such as '= allow workstation logon' */ > > > -- dc_name, /* server name */ > > > -- user_info->client.account_name, /* user name loggi= ng on. */ > > > -- user_info->client.domain_name, /* domain name */ > > > -- user_info->workstation_name, /* workstation nam= e */ > > > -- chal, /* 8 byte challeng= e. */ > > > -- 3, /* validation level */ > > > -- user_info->password.response.lanman, /* lanman 24 byte = response */ > > > -- user_info->password.response.nt, /* nt 24 byte resp= onse */ > > > -- &info3); /* info3 out */ > > > -+ nt_status =3D rpccli_netlogon_network_logon(netlogon_creds, > > > -+ netlogon_pipe->binding_handle, > > > -+ mem_ctx, > > > -+ user_info->logon_parameters, /* flags such as 'allo= w workstation logon' */ > > > -+ user_info->client.account_name, /* user name logging o= n. */ > > > -+ user_info->client.domain_name, /* domain name */ > > > -+ user_info->workstation_name, /* workstation name */ > > > -+ chal, /* 8 byte challenge. */ > > > -+ user_info->password.response.lanman, /* lanman 24 byte resp= onse */ > > > -+ user_info->password.response.nt, /* nt 24 byte response= */ > > > -+ &authoritative, > > > -+ &flags, > > > -+ &info3); /* info3 out */ > > > -=20 > > > - /* Let go as soon as possible so we avoid any potential deadlocks > > > - with winbind lookup up users or groups. */ > > > ---=20 > > > -1.9.3 > > > - > > > - > > > -From 5da4eca4d30b3894426a4f7cb0512ae61c097cbc Mon Sep 17 00:00:00 20= 01 > > > -From: Stefan Metzmacher > > > -Date: Mon, 2 Sep 2013 19:32:23 +0200 > > > -Subject: [PATCH 186/249] s3:libnet_join: make use of > > > - rpccli_{create,setup}_netlogon_creds() > > > - > > > -Signed-off-by: Stefan Metzmacher > > > -Reviewed-by: Andrew Bartlett > > > -(cherry picked from commit 963800539cea7487fc6258f8ac8f7cacc3426b83) > > > ---- > > > - source3/libnet/libnet_join.c | 110 +++++++++++++++++++++++++++++++-= ----------- > > > - source3/libnet/libnet_join.h | 5 +- > > > - source3/utils/net_rpc.c | 4 +- > > > - 3 files changed, 86 insertions(+), 33 deletions(-) > > > - > > > -diff --git a/source3/libnet/libnet_join.c b/source3/libnet/libnet_jo= in.c > > > -index b2805ee..6e653c3 100644 > > > ---- a/source3/libnet/libnet_join.c > > > -+++ b/source3/libnet/libnet_join.c > > > -@@ -40,6 +40,8 @@ > > > - #include "libsmb/libsmb.h" > > > - #include "../libcli/smb/smbXcli_base.h" > > > - #include "lib/param/loadparm.h" > > > -+#include "libcli/auth/netlogon_creds_cli.h" > > > -+#include "auth/credentials/credentials.h" > > > -=20 > > > - /**************************************************************** > > > - ****************************************************************/ > > > -@@ -1189,38 +1191,52 @@ static NTSTATUS libnet_join_joindomain_rpc(T= ALLOC_CTX *mem_ctx, > > > - /**************************************************************** > > > - ****************************************************************/ > > > -=20 > > > --NTSTATUS libnet_join_ok(const char *netbios_domain_name, > > > -- const char *machine_name, > > > -+NTSTATUS libnet_join_ok(struct messaging_context *msg_ctx, > > > -+ const char *netbios_domain_name, > > > - const char *dc_name, > > > - const bool use_kerberos) > > > - { > > > -- uint32_t neg_flags =3D NETLOGON_NEG_AUTH2_ADS_FLAGS | > > > -- NETLOGON_NEG_SUPPORTS_AES; > > > -+ TALLOC_CTX *frame =3D talloc_stackframe(); > > > - struct cli_state *cli =3D NULL; > > > -- struct rpc_pipe_client *pipe_hnd =3D NULL; > > > - struct rpc_pipe_client *netlogon_pipe =3D NULL; > > > -+ struct netlogon_creds_cli_context *netlogon_creds =3D NULL; > > > -+ struct netlogon_creds_CredentialState *creds =3D NULL; > > > -+ uint32_t netlogon_flags =3D 0; > > > -+ enum netr_SchannelType sec_chan_type =3D 0; > > > - NTSTATUS status; > > > - char *machine_password =3D NULL; > > > -- char *machine_account =3D NULL; > > > -+ const char *machine_name =3D NULL; > > > -+ const char *machine_account =3D NULL; > > > - int flags =3D 0; > > > -+ struct samr_Password current_nt_hash; > > > -+ struct samr_Password *previous_nt_hash =3D NULL; > > > -+ bool ok; > > > -=20 > > > - if (!dc_name) { > > > -+ TALLOC_FREE(frame); > > > - return NT_STATUS_INVALID_PARAMETER; > > > - } > > > -=20 > > > - if (!secrets_init()) { > > > -+ TALLOC_FREE(frame); > > > - return NT_STATUS_CANT_ACCESS_DOMAIN_INFO; > > > - } > > > -=20 > > > -- machine_password =3D secrets_fetch_machine_password(netbios_domain= _name, > > > -- NULL, NULL); > > > -- if (!machine_password) { > > > -- return NT_STATUS_NO_TRUST_LSA_SECRET; > > > -+ ok =3D get_trust_pw_clear(netbios_domain_name, > > > -+ &machine_password, > > > -+ &machine_name, > > > -+ &sec_chan_type); > > > -+ if (!ok) { > > > -+ TALLOC_FREE(frame); > > > -+ return NT_STATUS_CANT_ACCESS_DOMAIN_INFO; > > > - } > > > -=20 > > > -- if (asprintf(&machine_account, "%s$", machine_name) =3D=3D -1) { > > > -+ machine_account =3D talloc_asprintf(frame, "%s$", machine_name); > > > -+ if (machine_account =3D=3D NULL) { > > > - SAFE_FREE(machine_password); > > > -- return NT_STATUS_NO_MEMORY; > > > -+ SAFE_FREE(previous_nt_hash); > > > -+ TALLOC_FREE(frame); > > > -+ return NT_STATUS_CANT_ACCESS_DOMAIN_INFO; > > > - } > > > -=20 > > > - if (use_kerberos) { > > > -@@ -1232,12 +1248,13 @@ NTSTATUS libnet_join_ok(const char *netbios_= domain_name, > > > - NULL, 0, > > > - "IPC$", "IPC", > > > - machine_account, > > > -- NULL, > > > -+ netbios_domain_name, > > > - machine_password, > > > - flags, > > > - SMB_SIGNING_DEFAULT); > > > -- free(machine_account); > > > -- free(machine_password); > > > -+ > > > -+ E_md4hash(machine_password, current_nt_hash.hash); > > > -+ SAFE_FREE(machine_password); > > > -=20 > > > - if (!NT_STATUS_IS_OK(status)) { > > > - status =3D cli_full_connection(&cli, NULL, > > > -@@ -1252,36 +1269,65 @@ NTSTATUS libnet_join_ok(const char *netbios_= domain_name, > > > - } > > > -=20 > > > - if (!NT_STATUS_IS_OK(status)) { > > > -+ SAFE_FREE(previous_nt_hash); > > > -+ TALLOC_FREE(frame); > > > - return status; > > > - } > > > -=20 > > > -- status =3D get_schannel_session_key(cli, netbios_domain_name, > > > -- &neg_flags, &netlogon_pipe); > > > -+ status =3D rpccli_create_netlogon_creds(dc_name, > > > -+ netbios_domain_name, > > > -+ machine_account, > > > -+ sec_chan_type, > > > -+ msg_ctx, > > > -+ frame, > > > -+ &netlogon_creds); > > > - if (!NT_STATUS_IS_OK(status)) { > > > -- if (NT_STATUS_EQUAL(status, NT_STATUS_INVALID_NETWORK_RESPONSE)) { > > > -- cli_shutdown(cli); > > > -- return NT_STATUS_OK; > > > -- } > > > -+ SAFE_FREE(previous_nt_hash); > > > -+ cli_shutdown(cli); > > > -+ TALLOC_FREE(frame); > > > -+ return status; > > > -+ } > > > -=20 > > > -- DEBUG(0,("libnet_join_ok: failed to get schannel session " > > > -- "key from server %s for domain %s. Error was %s\n", > > > -- smbXcli_conn_remote_name(cli->conn), > > > -- netbios_domain_name, nt_errstr(status))); > > > -+ status =3D rpccli_setup_netlogon_creds(cli, > > > -+ netlogon_creds, > > > -+ true, /* force_reauth */ > > > -+ current_nt_hash, > > > -+ previous_nt_hash); > > > -+ SAFE_FREE(previous_nt_hash); > > > -+ if (!NT_STATUS_IS_OK(status)) { > > > -+ DEBUG(0,("connect_to_domain_password_server: " > > > -+ "unable to open the domain client session to " > > > -+ "machine %s. Flags[0x%08X] Error was : %s.\n", > > > -+ dc_name, (unsigned)netlogon_flags, > > > -+ nt_errstr(status))); > > > -+ cli_shutdown(cli); > > > -+ TALLOC_FREE(frame); > > > -+ return status; > > > -+ } > > > -+ > > > -+ status =3D netlogon_creds_cli_get(netlogon_creds, > > > -+ talloc_tos(), > > > -+ &creds); > > > -+ if (!NT_STATUS_IS_OK(status)) { > > > - cli_shutdown(cli); > > > -+ TALLOC_FREE(frame); > > > - return status; > > > - } > > > -+ netlogon_flags =3D creds->negotiate_flags; > > > -+ TALLOC_FREE(creds); > > > -=20 > > > -- if (!lp_client_schannel()) { > > > -+ if (!(netlogon_flags & NETLOGON_NEG_AUTHENTICATED_RPC)) { > > > - cli_shutdown(cli); > > > -+ TALLOC_FREE(frame); > > > - return NT_STATUS_OK; > > > - } > > > -=20 > > > - status =3D cli_rpc_pipe_open_schannel_with_key( > > > - cli, &ndr_table_netlogon, NCACN_NP, > > > - netbios_domain_name, > > > -- netlogon_pipe->netlogon_creds, &pipe_hnd); > > > -+ netlogon_creds, &netlogon_pipe); > > > -=20 > > > -- cli_shutdown(cli); > > > -+ TALLOC_FREE(netlogon_pipe); > > > -=20 > > > - if (!NT_STATUS_IS_OK(status)) { > > > - DEBUG(0,("libnet_join_ok: failed to open schannel session " > > > -@@ -1289,9 +1335,13 @@ NTSTATUS libnet_join_ok(const char *netbios_d= omain_name, > > > - "Error was %s\n", > > > - smbXcli_conn_remote_name(cli->conn), > > > - netbios_domain_name, nt_errstr(status))); > > > -+ cli_shutdown(cli); > > > -+ TALLOC_FREE(frame); > > > - return status; > > > - } > > > -=20 > > > -+ cli_shutdown(cli); > > > -+ TALLOC_FREE(frame); > > > - return NT_STATUS_OK; > > > - } > > > -=20 > > > -@@ -1303,8 +1353,8 @@ static WERROR libnet_join_post_verify(TALLOC_C= TX *mem_ctx, > > > - { > > > - NTSTATUS status; > > > -=20 > > > -- status =3D libnet_join_ok(r->out.netbios_domain_name, > > > -- r->in.machine_name, > > > -+ status =3D libnet_join_ok(r->in.msg_ctx, > > > -+ r->out.netbios_domain_name, > > > - r->in.dc_name, > > > - r->in.use_kerberos); > > > - if (!NT_STATUS_IS_OK(status)) { > > > -diff --git a/source3/libnet/libnet_join.h b/source3/libnet/libnet_jo= in.h > > > -index 58c33b2..b7e2f0b 100644 > > > ---- a/source3/libnet/libnet_join.h > > > -+++ b/source3/libnet/libnet_join.h > > > -@@ -23,8 +23,9 @@ > > > -=20 > > > - /* The following definitions come from libnet/libnet_join.c */ > > > -=20 > > > --NTSTATUS libnet_join_ok(const char *netbios_domain_name, > > > -- const char *machine_name, > > > -+struct messaging_context; > > > -+NTSTATUS libnet_join_ok(struct messaging_context *msg_ctx, > > > -+ const char *netbios_domain_name, > > > - const char *dc_name, > > > - const bool use_kerberos); > > > - WERROR libnet_init_JoinCtx(TALLOC_CTX *mem_ctx, > > > -diff --git a/source3/utils/net_rpc.c b/source3/utils/net_rpc.c > > > -index dff8801..9de74c0 100644 > > > ---- a/source3/utils/net_rpc.c > > > -+++ b/source3/utils/net_rpc.c > > > -@@ -493,7 +493,9 @@ int net_rpc_testjoin(struct net_context *c, int = argc, const char **argv) > > > - } > > > -=20 > > > - /* Display success or failure */ > > > -- status =3D libnet_join_ok(c->opt_workgroup, lp_netbios_name(), dc, > > > -+ status =3D libnet_join_ok(c->msg_ctx, > > > -+ c->opt_workgroup, > > > -+ dc, > > > - c->opt_kerberos); > > > - if (!NT_STATUS_IS_OK(status)) { > > > - fprintf(stderr,"Join to domain '%s' is not valid: %s\n", > > > ---=20 > > > -1.9.3 > > > - > > > - > > > -From 0da8c0a71d08de50b614e5df69a61e00d0a9cd99 Mon Sep 17 00:00:00 20= 01 > > > -From: Stefan Metzmacher > > > -Date: Thu, 5 Sep 2013 20:57:02 +0200 > > > -Subject: [PATCH 187/249] s3:libnet: use rpccli_{create,setup}_netlog= on_creds() > > > - in libnet_join_joindomain_rpc_unsecure > > > - > > > -Signed-off-by: Stefan Metzmacher > > > -Reviewed-by: Andrew Bartlett > > > -(cherry picked from commit 3a89eee03a95d4b142bf0830f40debc75bfa2e26) > > > ---- > > > - source3/libnet/libnet_join.c | 66 +++++++++++++++++++++++++++++++++= +---------- > > > - 1 file changed, 51 insertions(+), 15 deletions(-) > > > - > > > -diff --git a/source3/libnet/libnet_join.c b/source3/libnet/libnet_jo= in.c > > > -index 6e653c3..a87eb38 100644 > > > ---- a/source3/libnet/libnet_join.c > > > -+++ b/source3/libnet/libnet_join.c > > > -@@ -817,14 +817,17 @@ static NTSTATUS libnet_join_joindomain_rpc_uns= ecure(TALLOC_CTX *mem_ctx, > > > - struct libnet_JoinCtx *r, > > > - struct cli_state *cli) > > > - { > > > -- struct rpc_pipe_client *pipe_hnd =3D NULL; > > > -- unsigned char orig_trust_passwd_hash[16]; > > > -- unsigned char new_trust_passwd_hash[16]; > > > -+ TALLOC_CTX *frame =3D talloc_stackframe(); > > > -+ struct rpc_pipe_client *netlogon_pipe =3D NULL; > > > -+ struct netlogon_creds_cli_context *netlogon_creds =3D NULL; > > > -+ struct samr_Password current_nt_hash; > > > -+ const char *account_name =3D NULL; > > > - NTSTATUS status; > > > -=20 > > > - status =3D cli_rpc_pipe_open_noauth(cli, &ndr_table_netlogon, > > > -- &pipe_hnd); > > > -+ &netlogon_pipe); > > > - if (!NT_STATUS_IS_OK(status)) { > > > -+ TALLOC_FREE(frame); > > > - return status; > > > - } > > > -=20 > > > -@@ -832,22 +835,55 @@ static NTSTATUS libnet_join_joindomain_rpc_uns= ecure(TALLOC_CTX *mem_ctx, > > > - r->in.machine_password =3D generate_random_password(mem_ctx, > > > - DEFAULT_TRUST_ACCOUNT_PASSWORD_LENGTH, > > > - DEFAULT_TRUST_ACCOUNT_PASSWORD_LENGTH); > > > -- NT_STATUS_HAVE_NO_MEMORY(r->in.machine_password); > > > -+ if (r->in.machine_password =3D=3D NULL) { > > > -+ TALLOC_FREE(frame); > > > -+ return NT_STATUS_NO_MEMORY; > > > -+ } > > > - } > > > -=20 > > > -- E_md4hash(r->in.machine_password, new_trust_passwd_hash); > > > -- > > > - /* according to WKSSVC_JOIN_FLAGS_MACHINE_PWD_PASSED */ > > > -- E_md4hash(r->in.admin_password, orig_trust_passwd_hash); > > > -+ E_md4hash(r->in.admin_password, current_nt_hash.hash); > > > -=20 > > > -- status =3D rpccli_netlogon_set_trust_password(pipe_hnd, mem_ctx, > > > -- r->in.machine_name, > > > -- orig_trust_passwd_hash, > > > -- r->in.machine_password, > > > -- new_trust_passwd_hash, > > > -- r->in.secure_channel_type); > > > -+ account_name =3D talloc_asprintf(frame, "%s$", > > > -+ r->in.machine_name); > > > -+ if (account_name =3D=3D NULL) { > > > -+ TALLOC_FREE(frame); > > > -+ return NT_STATUS_NO_MEMORY; > > > -+ } > > > -=20 > > > -- return status; > > > -+ status =3D rpccli_create_netlogon_creds(netlogon_pipe->desthost, > > > -+ r->in.domain_name, > > > -+ account_name, > > > -+ r->in.secure_channel_type, > > > -+ r->in.msg_ctx, > > > -+ frame, > > > -+ &netlogon_creds); > > > -+ if (!NT_STATUS_IS_OK(status)) { > > > -+ TALLOC_FREE(frame); > > > -+ return status; > > > -+ } > > > -+ > > > -+ status =3D rpccli_setup_netlogon_creds(cli, > > > -+ netlogon_creds, > > > -+ true, /* force_reauth */ > > > -+ current_nt_hash, > > > -+ NULL); /* previous_nt_hash */ > > > -+ if (!NT_STATUS_IS_OK(status)) { > > > -+ TALLOC_FREE(frame); > > > -+ return status; > > > -+ } > > > -+ > > > -+ status =3D netlogon_creds_cli_ServerPasswordSet(netlogon_creds, > > > -+ netlogon_pipe->binding_handle, > > > -+ r->in.machine_password, > > > -+ NULL); /* new_version */ > > > -+ if (!NT_STATUS_IS_OK(status)) { > > > -+ TALLOC_FREE(frame); > > > -+ return status; > > > -+ } > > > -+ > > > -+ TALLOC_FREE(frame); > > > -+ return NT_STATUS_OK; > > > - } > > > -=20 > > > - /**************************************************************** > > > ---=20 > > > -1.9.3 > > > - > > > - > > > -From 9d192bc1d2dd06efada55792203aaed58b349ab9 Mon Sep 17 00:00:00 20= 01 > > > -From: Stefan Metzmacher > > > -Date: Wed, 11 Sep 2013 10:06:41 +0200 > > > -Subject: [PATCH 188/249] s3:rpc_client: use > > > - rpccli_{create,setup}_netlogon_creds() in cli_rpc_pipe_open_schanne= l() > > > - > > > -Signed-off-by: Stefan Metzmacher > > > -Reviewed-by: Andrew Bartlett > > > -(cherry picked from commit 94caf7e190563423914b653d0c2fc4a4abf1f899) > > > ---- > > > - source3/rpc_client/cli_pipe.h | 7 -- > > > - source3/rpc_client/cli_pipe_schannel.c | 162 ++++++++++++++--------= ----------- > > > - 2 files changed, 66 insertions(+), 103 deletions(-) > > > - > > > -diff --git a/source3/rpc_client/cli_pipe.h b/source3/rpc_client/cli_= pipe.h > > > -index c21c55d..2a76130 100644 > > > ---- a/source3/rpc_client/cli_pipe.h > > > -+++ b/source3/rpc_client/cli_pipe.h > > > -@@ -109,13 +109,6 @@ NTSTATUS cli_get_session_key(TALLOC_CTX *mem_ct= x, > > > - struct rpc_pipe_client *cli, > > > - DATA_BLOB *session_key); > > > -=20 > > > --/* The following definitions come from rpc_client/cli_pipe_schannel= =2Ec */ > > > -- > > > --NTSTATUS get_schannel_session_key(struct cli_state *cli, > > > -- const char *domain, > > > -- uint32 *pneg_flags, > > > -- struct rpc_pipe_client **presult); > > > -- > > > - #endif /* _CLI_PIPE_H */ > > > -=20 > > > - /* vim: set ts=3D8 sw=3D8 noet cindent ft=3Dc.doxygen: */ > > > -diff --git a/source3/rpc_client/cli_pipe_schannel.c b/source3/rpc_cl= ient/cli_pipe_schannel.c > > > -index 8f9161f..1fcf62e 100644 > > > ---- a/source3/rpc_client/cli_pipe_schannel.c > > > -+++ b/source3/rpc_client/cli_pipe_schannel.c > > > -@@ -23,67 +23,15 @@ > > > - #include "../libcli/auth/schannel.h" > > > - #include "rpc_client/cli_netlogon.h" > > > - #include "rpc_client/cli_pipe.h" > > > --#include "librpc/gen_ndr/ndr_dcerpc.h" > > > - #include "librpc/rpc/dcerpc.h" > > > - #include "passdb.h" > > > - #include "libsmb/libsmb.h" > > > --#include "auth/gensec/gensec.h" > > > - #include "../libcli/smb/smbXcli_base.h" > > > -+#include "libcli/auth/netlogon_creds_cli.h" > > > -=20 > > > - #undef DBGC_CLASS > > > - #define DBGC_CLASS DBGC_RPC_CLI > > > -=20 > > > -- > > > --/******************************************************************= ********** > > > -- Get a the schannel session key out of an already opened netlogon = pipe. > > > -- ******************************************************************= **********/ > > > --static NTSTATUS get_schannel_session_key_common(struct rpc_pipe_cli= ent *netlogon_pipe, > > > -- struct cli_state *cli, > > > -- const char *domain, > > > -- uint32 *pneg_flags) > > > --{ > > > -- enum netr_SchannelType sec_chan_type =3D 0; > > > -- unsigned char machine_pwd[16]; > > > -- const char *machine_account; > > > -- NTSTATUS status; > > > -- > > > -- /* Get the machine account credentials from secrets.tdb. */ > > > -- if (!get_trust_pw_hash(domain, machine_pwd, &machine_account, > > > -- &sec_chan_type)) > > > -- { > > > -- DEBUG(0, ("get_schannel_session_key: could not fetch " > > > -- "trust account password for domain '%s'\n", > > > -- domain)); > > > -- return NT_STATUS_CANT_ACCESS_DOMAIN_INFO; > > > -- } > > > -- > > > -- status =3D rpccli_netlogon_setup_creds(netlogon_pipe, > > > -- smbXcli_conn_remote_name(cli->conn), /* server name */ > > > -- domain, /* domain */ > > > -- lp_netbios_name(), /* client name */ > > > -- machine_account, /* machine account name */ > > > -- machine_pwd, > > > -- sec_chan_type, > > > -- pneg_flags); > > > -- > > > -- if (!NT_STATUS_IS_OK(status)) { > > > -- DEBUG(3, ("get_schannel_session_key_common: " > > > -- "rpccli_netlogon_setup_creds failed with result %s " > > > -- "to server %s, domain %s, machine account %s.\n", > > > -- nt_errstr(status), smbXcli_conn_remote_name(cli->conn), domain, > > > -- machine_account )); > > > -- return status; > > > -- } > > > -- > > > -- if (((*pneg_flags) & NETLOGON_NEG_SCHANNEL) =3D=3D 0) { > > > -- DEBUG(3, ("get_schannel_session_key: Server %s did not offer scha= nnel\n", > > > -- smbXcli_conn_remote_name(cli->conn))); > > > -- return NT_STATUS_INVALID_NETWORK_RESPONSE; > > > -- } > > > -- > > > -- return NT_STATUS_OK; > > > --} > > > -- > > > - /******************************************************************= ********** > > > - Open a named pipe to an SMB server and bind using schannel (bind t= ype 68). > > > - Fetch the session key ourselves using a temporary netlogon pipe. > > > -@@ -96,63 +44,85 @@ NTSTATUS cli_rpc_pipe_open_schannel(struct cli_s= tate *cli, > > > - const char *domain, > > > - struct rpc_pipe_client **presult) > > > - { > > > -- uint32_t neg_flags =3D NETLOGON_NEG_AUTH2_ADS_FLAGS | > > > -- NETLOGON_NEG_SUPPORTS_AES; > > > -- struct rpc_pipe_client *netlogon_pipe =3D NULL; > > > -+ TALLOC_CTX *frame =3D talloc_stackframe(); > > > -+ struct messaging_context *msg_ctx =3D NULL; > > > -+ const char *dc_name =3D smbXcli_conn_remote_name(cli->conn); > > > - struct rpc_pipe_client *result =3D NULL; > > > - NTSTATUS status; > > > -+ struct netlogon_creds_cli_context *netlogon_creds =3D NULL; > > > -+ struct netlogon_creds_CredentialState *creds =3D NULL; > > > -+ uint32_t netlogon_flags =3D 0; > > > -+ enum netr_SchannelType sec_chan_type =3D 0; > > > -+ const char *_account_name =3D NULL; > > > -+ const char *account_name =3D NULL; > > > -+ struct samr_Password current_nt_hash; > > > -+ struct samr_Password *previous_nt_hash =3D NULL; > > > -+ bool ok; > > > -+ > > > -+ ok =3D get_trust_pw_hash(domain, > > > -+ current_nt_hash.hash, > > > -+ &_account_name, > > > -+ &sec_chan_type); > > > -+ if (!ok) { > > > -+ TALLOC_FREE(frame); > > > -+ return NT_STATUS_CANT_ACCESS_DOMAIN_INFO; > > > -+ } > > > -+ > > > -+ account_name =3D talloc_asprintf(frame, "%s$", _account_name); > > > -+ if (account_name =3D=3D NULL) { > > > -+ SAFE_FREE(previous_nt_hash); > > > -+ TALLOC_FREE(frame); > > > -+ return NT_STATUS_NO_MEMORY; > > > -+ } > > > -+ > > > -+ status =3D rpccli_create_netlogon_creds(dc_name, > > > -+ domain, > > > -+ account_name, > > > -+ sec_chan_type, > > > -+ msg_ctx, > > > -+ frame, > > > -+ &netlogon_creds); > > > -+ if (!NT_STATUS_IS_OK(status)) { > > > -+ SAFE_FREE(previous_nt_hash); > > > -+ TALLOC_FREE(frame); > > > -+ return status; > > > -+ } > > > -=20 > > > -- status =3D get_schannel_session_key(cli, domain, &neg_flags, > > > -- &netlogon_pipe); > > > -+ status =3D rpccli_setup_netlogon_creds(cli, > > > -+ netlogon_creds, > > > -+ false, /* force_reauth */ > > > -+ current_nt_hash, > > > -+ previous_nt_hash); > > > -+ SAFE_FREE(previous_nt_hash); > > > - if (!NT_STATUS_IS_OK(status)) { > > > -- DEBUG(0,("cli_rpc_pipe_open_schannel: failed to get schannel sess= ion " > > > -- "key from server %s for domain %s.\n", > > > -- smbXcli_conn_remote_name(cli->conn), domain )); > > > -+ TALLOC_FREE(frame); > > > - return status; > > > - } > > > -=20 > > > -+ status =3D netlogon_creds_cli_get(netlogon_creds, > > > -+ frame, > > > -+ &creds); > > > -+ if (!NT_STATUS_IS_OK(status)) { > > > -+ TALLOC_FREE(frame); > > > -+ return status; > > > -+ } > > > -+ netlogon_flags =3D creds->negotiate_flags; > > > -+ TALLOC_FREE(creds); > > > -+ > > > -+ if (!(netlogon_flags & NETLOGON_NEG_AUTHENTICATED_RPC)) { > > > -+ TALLOC_FREE(frame); > > > -+ return NT_STATUS_DOWNGRADE_DETECTED; > > > -+ } > > > -+ > > > - status =3D cli_rpc_pipe_open_schannel_with_key( > > > - cli, table, transport, domain, > > > -- netlogon_pipe->netlogon_creds, > > > -+ netlogon_creds, > > > - &result); > > > -=20 > > > -- /* Now we've bound using the session key we can close the netlog p= ipe. */ > > > -- TALLOC_FREE(netlogon_pipe); > > > -- > > > - if (NT_STATUS_IS_OK(status)) { > > > - *presult =3D result; > > > - } > > > -=20 > > > -+ TALLOC_FREE(frame); > > > - return status; > > > - } > > > -- > > > --/******************************************************************= ********** > > > -- Open a netlogon pipe and get the schannel session key. > > > -- Now exposed to external callers. > > > -- ******************************************************************= **********/ > > > -- > > > -- > > > --NTSTATUS get_schannel_session_key(struct cli_state *cli, > > > -- const char *domain, > > > -- uint32 *pneg_flags, > > > -- struct rpc_pipe_client **presult) > > > --{ > > > -- struct rpc_pipe_client *netlogon_pipe =3D NULL; > > > -- NTSTATUS status; > > > -- > > > -- status =3D cli_rpc_pipe_open_noauth(cli, &ndr_table_netlogon, > > > -- &netlogon_pipe); > > > -- if (!NT_STATUS_IS_OK(status)) { > > > -- return status; > > > -- } > > > -- > > > -- status =3D get_schannel_session_key_common(netlogon_pipe, cli, dom= ain, > > > -- pneg_flags); > > > -- if (!NT_STATUS_IS_OK(status)) { > > > -- TALLOC_FREE(netlogon_pipe); > > > -- return status; > > > -- } > > > -- > > > -- *presult =3D netlogon_pipe; > > > -- return NT_STATUS_OK; > > > --} > > > ---=20 > > > -1.9.3 > > > - > > > - > > > -From 5fba6641f79a14c208c5947886c005a87b9f3256 Mon Sep 17 00:00:00 20= 01 > > > -From: Stefan Metzmacher > > > -Date: Mon, 16 Sep 2013 18:24:44 +0200 > > > -Subject: [PATCH 189/249] s3:rpcclient: add rpcclient_msg_ctx > > > - > > > -Signed-off-by: Stefan Metzmacher > > > -Reviewed-by: Andrew Bartlett > > > -(cherry picked from commit a1c468e1d75d490f0e531feb08188ddc3f0d77b5) > > > ---- > > > - source3/rpcclient/rpcclient.c | 5 +++++ > > > - source3/rpcclient/rpcclient.h | 2 ++ > > > - 2 files changed, 7 insertions(+) > > > - > > > -diff --git a/source3/rpcclient/rpcclient.c b/source3/rpcclient/rpccl= ient.c > > > -index 0cbec20..39bf613 100644 > > > ---- a/source3/rpcclient/rpcclient.c > > > -+++ b/source3/rpcclient/rpcclient.c > > > -@@ -33,6 +33,7 @@ > > > - #include "libsmb/libsmb.h" > > > - #include "auth/gensec/gensec.h" > > > - #include "../libcli/smb/smbXcli_base.h" > > > -+#include "messages.h" > > > -=20 > > > - enum pipe_auth_type_spnego { > > > - PIPE_AUTH_TYPE_SPNEGO_NONE =3D 0, > > > -@@ -48,6 +49,7 @@ static enum dcerpc_AuthLevel pipe_default_auth_lev= el =3D DCERPC_AUTH_LEVEL_NONE; > > > - static unsigned int timeout =3D 0; > > > - static enum dcerpc_transport_t default_transport =3D NCACN_NP; > > > -=20 > > > -+struct messaging_context *rpcclient_msg_ctx; > > > - struct user_auth_info *rpcclient_auth_info; > > > -=20 > > > - /* List to hold groups of commands. > > > -@@ -985,6 +987,9 @@ out_free: > > > - /* We must load interfaces after we load the smb.conf */ > > > - load_interfaces(); > > > -=20 > > > -+ rpcclient_msg_ctx =3D messaging_init(talloc_autofree_context(), > > > -+ samba_tevent_context_init(talloc_autofree_context())); > > > -+ > > > - /* > > > - * Get password > > > - * from stdin if necessary > > > -diff --git a/source3/rpcclient/rpcclient.h b/source3/rpcclient/rpccl= ient.h > > > -index 762c54a..219da2a 100644 > > > ---- a/source3/rpcclient/rpcclient.h > > > -+++ b/source3/rpcclient/rpcclient.h > > > -@@ -41,4 +41,6 @@ struct cmd_set { > > > - const char *usage; > > > - }; > > > -=20 > > > -+extern struct messaging_context *rpcclient_msg_ctx; > > > -+ > > > - #endif /* RPCCLIENT_H */ > > > ---=20 > > > -1.9.3 > > > - > > > - > > > -From c6e02d60ef12431cd1a5615fcf514548e86d6dc8 Mon Sep 17 00:00:00 20= 01 > > > -From: Stefan Metzmacher > > > -Date: Mon, 16 Sep 2013 18:29:30 +0200 > > > -Subject: [PATCH 190/249] s3:rpcclient: add rpcclient_netlogon_creds > > > - > > > -Signed-off-by: Stefan Metzmacher > > > -Reviewed-by: Andrew Bartlett > > > -(cherry picked from commit 1696b127c61fea76fce3d992632a822ed78de07c) > > > ---- > > > - source3/rpcclient/rpcclient.c | 3 +++ > > > - source3/rpcclient/rpcclient.h | 1 + > > > - 2 files changed, 4 insertions(+) > > > - > > > -diff --git a/source3/rpcclient/rpcclient.c b/source3/rpcclient/rpccl= ient.c > > > -index 39bf613..a875ff5 100644 > > > ---- a/source3/rpcclient/rpcclient.c > > > -+++ b/source3/rpcclient/rpcclient.c > > > -@@ -51,6 +51,7 @@ static enum dcerpc_transport_t default_transport = =3D NCACN_NP; > > > -=20 > > > - struct messaging_context *rpcclient_msg_ctx; > > > - struct user_auth_info *rpcclient_auth_info; > > > -+struct netlogon_creds_cli_context *rpcclient_netlogon_creds; > > > -=20 > > > - /* List to hold groups of commands. > > > - * > > > -@@ -797,6 +798,8 @@ static NTSTATUS do_cmd(struct cli_state *cli, > > > - } > > > - } > > > -=20 > > > -+ rpcclient_netlogon_creds =3D cmd_entry->rpc_pipe->netlogon_creds; > > > -+ > > > - /* Run command */ > > > -=20 > > > - if ( cmd_entry->returntype =3D=3D RPC_RTYPE_NTSTATUS ) { > > > -diff --git a/source3/rpcclient/rpcclient.h b/source3/rpcclient/rpccl= ient.h > > > -index 219da2a..9288249 100644 > > > ---- a/source3/rpcclient/rpcclient.h > > > -+++ b/source3/rpcclient/rpcclient.h > > > -@@ -42,5 +42,6 @@ struct cmd_set { > > > - }; > > > -=20 > > > - extern struct messaging_context *rpcclient_msg_ctx; > > > -+extern struct netlogon_creds_cli_context *rpcclient_netlogon_creds; > > > -=20 > > > - #endif /* RPCCLIENT_H */ > > > ---=20 > > > -1.9.3 > > > - > > > - > > > -From 849cb578d3aa38e7d6508353914d39501cd6b2c8 Mon Sep 17 00:00:00 20= 01 > > > -From: Stefan Metzmacher > > > -Date: Mon, 16 Sep 2013 18:57:09 +0200 > > > -Subject: [PATCH 191/249] s3:rpcclient: remove unused > > > - rpccli_netlogon_setup_creds() from cmd_netlogon_database_redo() > > > - > > > -rpccli_netlogon_setup_creds() is already called in the main do_cmd() > > > - > > > -Signed-off-by: Stefan Metzmacher > > > -Reviewed-by: Andrew Bartlett > > > -(cherry picked from commit fb13b002d599049f229d2014e1b94f82952b7150) > > > ---- > > > - source3/rpcclient/cmd_netlogon.c | 21 +-------------------- > > > - 1 file changed, 1 insertion(+), 20 deletions(-) > > > - > > > -diff --git a/source3/rpcclient/cmd_netlogon.c b/source3/rpcclient/cm= d_netlogon.c > > > -index 2e0b5e5..8a865a9 100644 > > > ---- a/source3/rpcclient/cmd_netlogon.c > > > -+++ b/source3/rpcclient/cmd_netlogon.c > > > -@@ -1141,12 +1141,8 @@ static NTSTATUS cmd_netlogon_database_redo(st= ruct rpc_pipe_client *cli, > > > - NTSTATUS status =3D NT_STATUS_UNSUCCESSFUL; > > > - NTSTATUS result; > > > - const char *server_name =3D cli->desthost; > > > -- uint32_t neg_flags =3D NETLOGON_NEG_AUTH2_ADS_FLAGS | > > > -- NETLOGON_NEG_SUPPORTS_AES; > > > - struct netr_Authenticator clnt_creds, srv_cred; > > > - struct netr_DELTA_ENUM_ARRAY *delta_enum_array =3D NULL; > > > -- unsigned char trust_passwd_hash[16]; > > > -- enum netr_SchannelType sec_channel_type =3D 0; > > > - struct netr_ChangeLogEntry e; > > > - uint32_t rid =3D 500; > > > - struct dcerpc_binding_handle *b =3D cli->binding_handle; > > > -@@ -1161,25 +1157,10 @@ static NTSTATUS cmd_netlogon_database_redo(s= truct rpc_pipe_client *cli, > > > - sscanf(argv[1], "%d", &rid); > > > - } > > > -=20 > > > -- if (!secrets_fetch_trust_account_password(lp_workgroup(), > > > -- trust_passwd_hash, > > > -- NULL, &sec_channel_type)) { > > > -+ if (cli->netlogon_creds =3D=3D NULL) { > > > - return NT_STATUS_UNSUCCESSFUL; > > > - } > > > -=20 > > > -- status =3D rpccli_netlogon_setup_creds(cli, > > > -- server_name, /* server name */ > > > -- lp_workgroup(), /* domain */ > > > -- lp_netbios_name(), /* client name */ > > > -- lp_netbios_name(), /* machine account name */ > > > -- trust_passwd_hash, > > > -- sec_channel_type, > > > -- &neg_flags); > > > -- > > > -- if (!NT_STATUS_IS_OK(status)) { > > > -- return status; > > > -- } > > > -- > > > - status =3D netlogon_creds_cli_lock(cli->netlogon_creds, > > > - mem_ctx, &creds); > > > - if (!NT_STATUS_IS_OK(status)) { > > > ---=20 > > > -1.9.3 > > > - > > > - > > > -From df5ce2ceb4c41e2a952cd9f011626028f8d230ff Mon Sep 17 00:00:00 20= 01 > > > -From: Stefan Metzmacher > > > -Date: Mon, 16 Sep 2013 19:00:22 +0200 > > > -Subject: [PATCH 192/249] s3:rpcclient: make use of rpcclient_netlogo= n_creds > > > - instead of cli->netlogon_creds > > > - > > > -Signed-off-by: Stefan Metzmacher > > > -Reviewed-by: Andrew Bartlett > > > -(cherry picked from commit 3bf77812e80b50f254af64e4935301719f78987e) > > > ---- > > > - source3/rpcclient/cmd_netlogon.c | 22 +++++++++++++++++----- > > > - 1 file changed, 17 insertions(+), 5 deletions(-) > > > - > > > -diff --git a/source3/rpcclient/cmd_netlogon.c b/source3/rpcclient/cm= d_netlogon.c > > > -index 8a865a9..59e1e4e 100644 > > > ---- a/source3/rpcclient/cmd_netlogon.c > > > -+++ b/source3/rpcclient/cmd_netlogon.c > > > -@@ -633,7 +633,11 @@ static NTSTATUS cmd_netlogon_sam_sync(struct rp= c_pipe_client *cli, > > > - struct netr_DELTA_ENUM_ARRAY *delta_enum_array =3D NULL; > > > - struct netlogon_creds_CredentialState *creds =3D NULL; > > > -=20 > > > -- status =3D netlogon_creds_cli_lock(cli->netlogon_creds, > > > -+ if (rpcclient_netlogon_creds =3D=3D NULL) { > > > -+ return NT_STATUS_UNSUCCESSFUL; > > > -+ } > > > -+ > > > -+ status =3D netlogon_creds_cli_lock(rpcclient_netlogon_creds, > > > - mem_ctx, &creds); > > > - if (!NT_STATUS_IS_OK(status)) { > > > - return status; > > > -@@ -712,7 +716,11 @@ static NTSTATUS cmd_netlogon_sam_deltas(struct = rpc_pipe_client *cli, > > > - struct netr_DELTA_ENUM_ARRAY *delta_enum_array =3D NULL; > > > - struct netlogon_creds_CredentialState *creds =3D NULL; > > > -=20 > > > -- status =3D netlogon_creds_cli_lock(cli->netlogon_creds, > > > -+ if (rpcclient_netlogon_creds =3D=3D NULL) { > > > -+ return NT_STATUS_UNSUCCESSFUL; > > > -+ } > > > -+ > > > -+ status =3D netlogon_creds_cli_lock(rpcclient_netlogon_creds, > > > - mem_ctx, &creds); > > > - if (!NT_STATUS_IS_OK(status)) { > > > - return status; > > > -@@ -1157,11 +1165,11 @@ static NTSTATUS cmd_netlogon_database_redo(s= truct rpc_pipe_client *cli, > > > - sscanf(argv[1], "%d", &rid); > > > - } > > > -=20 > > > -- if (cli->netlogon_creds =3D=3D NULL) { > > > -+ if (rpcclient_netlogon_creds =3D=3D NULL) { > > > - return NT_STATUS_UNSUCCESSFUL; > > > - } > > > -=20 > > > -- status =3D netlogon_creds_cli_lock(cli->netlogon_creds, > > > -+ status =3D netlogon_creds_cli_lock(rpcclient_netlogon_creds, > > > - mem_ctx, &creds); > > > - if (!NT_STATUS_IS_OK(status)) { > > > - return status; > > > -@@ -1223,7 +1231,11 @@ static NTSTATUS cmd_netlogon_capabilities(str= uct rpc_pipe_client *cli, > > > -=20 > > > - ZERO_STRUCT(return_authenticator); > > > -=20 > > > -- status =3D netlogon_creds_cli_lock(cli->netlogon_creds, > > > -+ if (rpcclient_netlogon_creds =3D=3D NULL) { > > > -+ return NT_STATUS_UNSUCCESSFUL; > > > -+ } > > > -+ > > > -+ status =3D netlogon_creds_cli_lock(rpcclient_netlogon_creds, > > > - mem_ctx, &creds); > > > - if (!NT_STATUS_IS_OK(status)) { > > > - return status; > > > ---=20 > > > -1.9.3 > > > - > > > - > > > -From 4e9d9abc0bae5ca08c3a91cc5d1b2bacffc6cbfc Mon Sep 17 00:00:00 20= 01 > > > -From: Stefan Metzmacher > > > -Date: Mon, 16 Sep 2013 19:59:11 +0200 > > > -Subject: [PATCH 193/249] s3:net_rpc: add net_context->netlogon_creds > > > - > > > -Signed-off-by: Stefan Metzmacher > > > -Reviewed-by: Andrew Bartlett > > > -(cherry picked from commit d1340c20b0900f54e2c73c4a363f45988b1ba097) > > > ---- > > > - source3/utils/net.h | 1 + > > > - source3/utils/net_rpc.c | 1 + > > > - 2 files changed, 2 insertions(+) > > > - > > > -diff --git a/source3/utils/net.h b/source3/utils/net.h > > > -index e97734a..ce19c57 100644 > > > ---- a/source3/utils/net.h > > > -+++ b/source3/utils/net.h > > > -@@ -90,6 +90,7 @@ struct net_context { > > > - bool smb_encrypt; > > > - struct libnetapi_ctx *netapi_ctx; > > > - struct messaging_context *msg_ctx; > > > -+ struct netlogon_creds_cli_context *netlogon_creds; > > > -=20 > > > - bool display_usage; > > > - void *private_data; > > > -diff --git a/source3/utils/net_rpc.c b/source3/utils/net_rpc.c > > > -index 9de74c0..3bf3f30 100644 > > > ---- a/source3/utils/net_rpc.c > > > -+++ b/source3/utils/net_rpc.c > > > -@@ -201,6 +201,7 @@ int run_rpc_command(struct net_context *c, > > > - nt_errstr(nt_status) )); > > > - goto fail; > > > - } > > > -+ c->netlogon_creds =3D pipe_hnd->netlogon_creds; > > > - } else { > > > - if (conn_flags & NET_FLAGS_SEAL) { > > > - nt_status =3D cli_rpc_pipe_open_generic_auth( > > > ---=20 > > > -1.9.3 > > > - > > > - > > > -From 7a4535c1e61de498230abd1f99bfe875ae59c2e0 Mon Sep 17 00:00:00 20= 01 > > > -From: Stefan Metzmacher > > > -Date: Sun, 15 Sep 2013 13:19:52 +0200 > > > -Subject: [PATCH 194/249] s3:libsmb: add trust_pw_change() > > > - > > > -This protects the password change using a domain specific g_lock, > > > -so multiple parts 'net rpc', 'rpcclient', 'winbindd', 'wbinfo --chan= ge-secret' > > > -even on multiple cluster nodes doesn't race anymore. > > > - > > > -Signed-off-by: Stefan Metzmacher > > > -Reviewed-by: Andrew Bartlett > > > -(cherry picked from commit 16c6e4992fa882207eeaff0a1c4d9fe217be48b7) > > > ---- > > > - source3/include/proto.h | 8 ++ > > > - source3/libsmb/trusts_util.c | 179 ++++++++++++++++++++++++++++++++= +++++++++++ > > > - 2 files changed, 187 insertions(+) > > > - > > > -diff --git a/source3/include/proto.h b/source3/include/proto.h > > > -index 216a377..edda119 100644 > > > ---- a/source3/include/proto.h > > > -+++ b/source3/include/proto.h > > > -@@ -984,6 +984,14 @@ void update_trustdom_cache( void ); > > > - NTSTATUS trust_pw_find_change_and_store_it(struct rpc_pipe_client *= cli,=20 > > > - TALLOC_CTX *mem_ctx,=20 > > > - const char *domain) ; > > > -+struct netlogon_creds_cli_context; > > > -+struct messaging_context; > > > -+struct dcerpc_binding_handle; > > > -+NTSTATUS trust_pw_change(struct netlogon_creds_cli_context *context, > > > -+ struct messaging_context *msg_ctx, > > > -+ struct dcerpc_binding_handle *b, > > > -+ const char *domain, > > > -+ bool force); > > > -=20 > > > - /* The following definitions come from param/loadparm.c */ > > > -=20 > > > -diff --git a/source3/libsmb/trusts_util.c b/source3/libsmb/trusts_ut= il.c > > > -index 52fb481..b1bc006 100644 > > > ---- a/source3/libsmb/trusts_util.c > > > -+++ b/source3/libsmb/trusts_util.c > > > -@@ -20,12 +20,15 @@ > > > -=20 > > > - #include "includes.h" > > > - #include "../libcli/auth/libcli_auth.h" > > > -+#include "../libcli/auth/netlogon_creds_cli.h" > > > - #include "rpc_client/cli_netlogon.h" > > > - #include "rpc_client/cli_pipe.h" > > > - #include "../librpc/gen_ndr/ndr_netlogon.h" > > > - #include "secrets.h" > > > - #include "passdb.h" > > > - #include "libsmb/libsmb.h" > > > -+#include "source3/include/messages.h" > > > -+#include "source3/include/g_lock.h" > > > -=20 > > > - /********************************************************* > > > - Change the domain password on the PDC. > > > -@@ -113,3 +116,179 @@ NTSTATUS trust_pw_find_change_and_store_it(str= uct rpc_pipe_client *cli, > > > -=20 > > > - return nt_status; > > > - } > > > -+ > > > -+struct trust_pw_change_state { > > > -+ struct g_lock_ctx *g_ctx; > > > -+ char *g_lock_key; > > > -+}; > > > -+ > > > -+static int trust_pw_change_state_destructor(struct trust_pw_change_= state *state) > > > -+{ > > > -+ g_lock_unlock(state->g_ctx, state->g_lock_key); > > > -+ return 0; > > > -+} > > > -+ > > > -+NTSTATUS trust_pw_change(struct netlogon_creds_cli_context *context, > > > -+ struct messaging_context *msg_ctx, > > > -+ struct dcerpc_binding_handle *b, > > > -+ const char *domain, > > > -+ bool force) > > > -+{ > > > -+ TALLOC_CTX *frame =3D talloc_stackframe(); > > > -+ struct trust_pw_change_state *state; > > > -+ struct samr_Password current_nt_hash; > > > -+ const struct samr_Password *previous_nt_hash =3D NULL; > > > -+ enum netr_SchannelType sec_channel_type =3D SEC_CHAN_NULL; > > > -+ const char *account_name; > > > -+ char *new_trust_passwd; > > > -+ char *pwd; > > > -+ struct dom_sid sid; > > > -+ time_t pass_last_set_time; > > > -+ struct timeval g_timeout =3D { 0, }; > > > -+ int timeout =3D 0; > > > -+ struct timeval tv =3D { 0, }; > > > -+ NTSTATUS status; > > > -+ > > > -+ state =3D talloc_zero(frame, struct trust_pw_change_state); > > > -+ if (state =3D=3D NULL) { > > > -+ TALLOC_FREE(frame); > > > -+ return NT_STATUS_NO_MEMORY; > > > -+ } > > > -+ > > > -+ state->g_ctx =3D g_lock_ctx_init(state, msg_ctx); > > > -+ if (state->g_ctx =3D=3D NULL) { > > > -+ TALLOC_FREE(frame); > > > -+ return NT_STATUS_NO_MEMORY; > > > -+ } > > > -+ > > > -+ state->g_lock_key =3D talloc_asprintf(state, > > > -+ "trust_password_change_%s", > > > -+ domain); > > > -+ if (state->g_lock_key =3D=3D NULL) { > > > -+ TALLOC_FREE(frame); > > > -+ return NT_STATUS_NO_MEMORY; > > > -+ } > > > -+ > > > -+ g_timeout =3D timeval_current_ofs(10, 0); > > > -+ status =3D g_lock_lock(state->g_ctx, > > > -+ state->g_lock_key, > > > -+ G_LOCK_WRITE, g_timeout); > > > -+ if (!NT_STATUS_IS_OK(status)) { > > > -+ DEBUG(1, ("could not get g_lock on [%s]!\n", > > > -+ state->g_lock_key)); > > > -+ TALLOC_FREE(frame); > > > -+ return status; > > > -+ } > > > -+ > > > -+ talloc_set_destructor(state, trust_pw_change_state_destructor); > > > -+ > > > -+ if (!get_trust_pw_hash(domain, current_nt_hash.hash, > > > -+ &account_name, > > > -+ &sec_channel_type)) { > > > -+ DEBUG(0, ("could not fetch domain secrets for domain %s!\n", doma= in)); > > > -+ TALLOC_FREE(frame); > > > -+ return NT_STATUS_TRUSTED_RELATIONSHIP_FAILURE; > > > -+ } > > > -+ > > > -+ switch (sec_channel_type) { > > > -+ case SEC_CHAN_WKSTA: > > > -+ pwd =3D secrets_fetch_machine_password(domain, > > > -+ &pass_last_set_time, > > > -+ NULL); > > > -+ if (pwd =3D=3D NULL) { > > > -+ TALLOC_FREE(frame); > > > -+ return NT_STATUS_TRUSTED_RELATIONSHIP_FAILURE; > > > -+ } > > > -+ break; > > > -+ case SEC_CHAN_DOMAIN: > > > -+ if (!pdb_get_trusteddom_pw(domain, &pwd, &sid, &pass_last_set_tim= e)) { > > > -+ TALLOC_FREE(frame); > > > -+ return NT_STATUS_TRUSTED_RELATIONSHIP_FAILURE; > > > -+ } > > > -+ break; > > > -+ default: > > > -+ TALLOC_FREE(frame); > > > -+ return NT_STATUS_NOT_SUPPORTED; > > > -+ } > > > -+ > > > -+ timeout =3D lp_machine_password_timeout(); > > > -+ if (timeout =3D=3D 0) { > > > -+ if (!force) { > > > -+ DEBUG(10,("machine password never expires\n")); > > > -+ TALLOC_FREE(frame); > > > -+ return NT_STATUS_OK; > > > -+ } > > > -+ } > > > -+ > > > -+ tv.tv_sec =3D pass_last_set_time; > > > -+ DEBUG(10, ("password last changed %s\n", > > > -+ timeval_string(talloc_tos(), &tv, false))); > > > -+ tv.tv_sec +=3D timeout; > > > -+ DEBUGADD(10, ("password valid until %s\n", > > > -+ timeval_string(talloc_tos(), &tv, false))); > > > -+ > > > -+ if (!force && !timeval_expired(&tv)) { > > > -+ TALLOC_FREE(frame); > > > -+ return NT_STATUS_OK; > > > -+ } > > > -+ > > > -+ /* Create a random machine account password */ > > > -+ new_trust_passwd =3D generate_random_password(frame, > > > -+ DEFAULT_TRUST_ACCOUNT_PASSWORD_LENGTH, > > > -+ DEFAULT_TRUST_ACCOUNT_PASSWORD_LENGTH); > > > -+ if (new_trust_passwd =3D=3D NULL) { > > > -+ DEBUG(0, ("generate_random_password failed\n")); > > > -+ TALLOC_FREE(frame); > > > -+ return NT_STATUS_NO_MEMORY; > > > -+ } > > > -+ > > > -+ status =3D netlogon_creds_cli_auth(context, b, > > > -+ current_nt_hash, > > > -+ previous_nt_hash); > > > -+ if (!NT_STATUS_IS_OK(status)) { > > > -+ TALLOC_FREE(frame); > > > -+ return status; > > > -+ } > > > -+ > > > -+ status =3D netlogon_creds_cli_ServerPasswordSet(context, b, > > > -+ new_trust_passwd, NULL); > > > -+ if (!NT_STATUS_IS_OK(status)) { > > > -+ TALLOC_FREE(frame); > > > -+ return status; > > > -+ } > > > -+ > > > -+ DEBUG(3,("%s : trust_pw_change_and_store_it: Changed password.\n", > > > -+ current_timestring(talloc_tos(), False))); > > > -+ > > > -+ /* > > > -+ * Return the result of trying to write the new password > > > -+ * back into the trust account file. > > > -+ */ > > > -+ > > > -+ switch (sec_channel_type) { > > > -+ > > > -+ case SEC_CHAN_WKSTA: > > > -+ if (!secrets_store_machine_password(new_trust_passwd, domain, sec= _channel_type)) { > > > -+ TALLOC_FREE(frame); > > > -+ return NT_STATUS_INTERNAL_DB_CORRUPTION; > > > -+ } > > > -+ break; > > > -+ > > > -+ case SEC_CHAN_DOMAIN: > > > -+ /* > > > -+ * we need to get the sid first for the > > > -+ * pdb_set_trusteddom_pw call > > > -+ */ > > > -+ if (!pdb_set_trusteddom_pw(domain, new_trust_passwd, &sid)) { > > > -+ TALLOC_FREE(frame); > > > -+ return NT_STATUS_INTERNAL_DB_CORRUPTION; > > > -+ } > > > -+ break; > > > -+ > > > -+ default: > > > -+ break; > > > -+ } > > > -+ > > > -+ TALLOC_FREE(frame); > > > -+ return NT_STATUS_OK; > > > -+} > > > ---=20 > > > -1.9.3 > > > - > > > - > > > -From 09dae290b1d49a30eef5b93f5260dc44fb628437 Mon Sep 17 00:00:00 20= 01 > > > -From: Stefan Metzmacher > > > -Date: Mon, 16 Sep 2013 18:33:51 +0200 > > > -Subject: [PATCH 195/249] s3:rpcclient: make use of trust_pw_change() > > > - > > > -Signed-off-by: Stefan Metzmacher > > > -Reviewed-by: Andrew Bartlett > > > -(cherry picked from commit a9281e6570fcc5ff5abe3149615bed7029d1cf71) > > > ---- > > > - source3/rpcclient/cmd_netlogon.c | 10 +++++----- > > > - 1 file changed, 5 insertions(+), 5 deletions(-) > > > - > > > -diff --git a/source3/rpcclient/cmd_netlogon.c b/source3/rpcclient/cm= d_netlogon.c > > > -index 59e1e4e..000d65c 100644 > > > ---- a/source3/rpcclient/cmd_netlogon.c > > > -+++ b/source3/rpcclient/cmd_netlogon.c > > > -@@ -829,11 +829,11 @@ static NTSTATUS cmd_netlogon_change_trust_pw(s= truct rpc_pipe_client *cli, > > > - return NT_STATUS_OK; > > > - } > > > -=20 > > > -- /* Perform the sam logon */ > > > -- > > > -- result =3D trust_pw_find_change_and_store_it(cli, mem_ctx, > > > -- lp_workgroup()); > > > -- > > > -+ result =3D trust_pw_change(rpcclient_netlogon_creds, > > > -+ rpcclient_msg_ctx, > > > -+ cli->binding_handle, > > > -+ lp_workgroup(), > > > -+ true); /* force */ > > > - if (!NT_STATUS_IS_OK(result)) > > > - goto done; > > > -=20 > > > ---=20 > > > -1.9.3 > > > - > > > - > > > -From 3731b2163f6bb88922a9fa84e60fa48afbbbda9a Mon Sep 17 00:00:00 20= 01 > > > -From: Stefan Metzmacher > > > -Date: Mon, 16 Sep 2013 18:34:48 +0200 > > > -Subject: [PATCH 196/249] s3:net_rpc: make use of trust_pw_change() > > > - > > > -Signed-off-by: Stefan Metzmacher > > > -Reviewed-by: Andrew Bartlett > > > -(cherry picked from commit cfd139347c21f4f4ddd16026c2c8c221feabd6c5) > > > ---- > > > - source3/utils/net_rpc.c | 6 +++++- > > > - 1 file changed, 5 insertions(+), 1 deletion(-) > > > - > > > -diff --git a/source3/utils/net_rpc.c b/source3/utils/net_rpc.c > > > -index 3bf3f30..ba49f3e 100644 > > > ---- a/source3/utils/net_rpc.c > > > -+++ b/source3/utils/net_rpc.c > > > -@@ -279,7 +279,11 @@ static NTSTATUS rpc_changetrustpw_internals(str= uct net_context *c, > > > - { > > > - NTSTATUS status; > > > -=20 > > > -- status =3D trust_pw_find_change_and_store_it(pipe_hnd, mem_ctx, c-= >opt_target_workgroup); > > > -+ status =3D trust_pw_change(c->netlogon_creds, > > > -+ c->msg_ctx, > > > -+ pipe_hnd->binding_handle, > > > -+ c->opt_target_workgroup, > > > -+ true); /* force */ > > > - if (!NT_STATUS_IS_OK(status)) { > > > - d_fprintf(stderr, _("Failed to change machine account password: %= s\n"), > > > - nt_errstr(status)); > > > ---=20 > > > -1.9.3 > > > - > > > - > > > -From cd8fdfc923adcc5b6c700ec52d1bba4643079247 Mon Sep 17 00:00:00 20= 01 > > > -From: Stefan Metzmacher > > > -Date: Mon, 16 Sep 2013 18:35:39 +0200 > > > -Subject: [PATCH 197/249] s3:winbindd: use invalidate_cm_connection()= to kill > > > - the netlogon connection > > > - > > > -Signed-off-by: Stefan Metzmacher > > > -Reviewed-by: Andrew Bartlett > > > -(cherry picked from commit dbd49d90bbf175525557eaa983ad57ca5076d710) > > > ---- > > > - source3/winbindd/winbindd_dual.c | 2 +- > > > - 1 file changed, 1 insertion(+), 1 deletion(-) > > > - > > > -diff --git a/source3/winbindd/winbindd_dual.c b/source3/winbindd/win= bindd_dual.c > > > -index 64af571..b26cdca 100644 > > > ---- a/source3/winbindd/winbindd_dual.c > > > -+++ b/source3/winbindd/winbindd_dual.c > > > -@@ -1056,7 +1056,7 @@ static void machine_password_change_handler(st= ruct tevent_context *ctx, > > > - "password was changed and we didn't know it. " > > > - "Killing connections to domain %s\n", > > > - child->domain->name)); > > > -- TALLOC_FREE(child->domain->conn.netlogon_pipe); > > > -+ invalidate_cm_connection(&child->domain->conn); > > > - } > > > -=20 > > > - if (!calculate_next_machine_pwd_change(child->domain->name, > > > ---=20 > > > -1.9.3 > > > - > > > - > > > -From 6369757af75412746c0d9950971a77be72826b92 Mon Sep 17 00:00:00 20= 01 > > > -From: Stefan Metzmacher > > > -Date: Mon, 16 Sep 2013 18:36:43 +0200 > > > -Subject: [PATCH 198/249] s3:winbindd: make use of trust_pw_change() = for > > > - periodic password changes > > > - > > > -Signed-off-by: Stefan Metzmacher > > > -Reviewed-by: Andrew Bartlett > > > -(cherry picked from commit 57741dd4ba5a9ed3abf7aad35a2a69fd66b49b4b) > > > ---- > > > - source3/winbindd/winbindd_dual.c | 16 ++++++++-------- > > > - 1 file changed, 8 insertions(+), 8 deletions(-) > > > - > > > -diff --git a/source3/winbindd/winbindd_dual.c b/source3/winbindd/win= bindd_dual.c > > > -index b26cdca..1d6a5ba 100644 > > > ---- a/source3/winbindd/winbindd_dual.c > > > -+++ b/source3/winbindd/winbindd_dual.c > > > -@@ -29,6 +29,7 @@ > > > -=20 > > > - #include "includes.h" > > > - #include "winbindd.h" > > > -+#include "rpc_client/rpc_client.h" > > > - #include "nsswitch/wb_reqtrans.h" > > > - #include "secrets.h" > > > - #include "../lib/util/select.h" > > > -@@ -999,10 +1000,10 @@ static void machine_password_change_handler(s= truct tevent_context *ctx, > > > - struct timeval now, > > > - void *private_data) > > > - { > > > -+ struct messaging_context *msg_ctx =3D winbind_messaging_context(); > > > - struct winbindd_child *child =3D > > > - (struct winbindd_child *)private_data; > > > - struct rpc_pipe_client *netlogon_pipe =3D NULL; > > > -- TALLOC_CTX *frame; > > > - NTSTATUS result; > > > - struct timeval next_change; > > > -=20 > > > -@@ -1039,15 +1040,14 @@ static void machine_password_change_handler(= struct tevent_context *ctx, > > > - return; > > > - } > > > -=20 > > > -- frame =3D talloc_stackframe(); > > > -- > > > -- result =3D trust_pw_find_change_and_store_it(netlogon_pipe, > > > -- frame, > > > -- child->domain->name); > > > -- TALLOC_FREE(frame); > > > -+ result =3D trust_pw_change(child->domain->conn.netlogon_creds, > > > -+ msg_ctx, > > > -+ netlogon_pipe->binding_handle, > > > -+ child->domain->name, > > > -+ false); /* force */ > > > -=20 > > > - DEBUG(10, ("machine_password_change_handler: " > > > -- "trust_pw_find_change_and_store_it returned %s\n", > > > -+ "trust_pw_change returned %s\n", > > > - nt_errstr(result))); > > > -=20 > > > - if (NT_STATUS_EQUAL(result, NT_STATUS_ACCESS_DENIED) ) { > > > ---=20 > > > -1.9.3 > > > - > > > - > > > -From 5fe11c760d853dff63ad9b3505f3d3721b7e14f6 Mon Sep 17 00:00:00 20= 01 > > > -From: Stefan Metzmacher > > > -Date: Mon, 16 Sep 2013 18:37:34 +0200 > > > -Subject: [PATCH 199/249] s3:winbindd: make use of trust_pw_change() = in > > > - _wbint_ChangeMachineAccount() > > > - > > > -Signed-off-by: Stefan Metzmacher > > > -Reviewed-by: Andrew Bartlett > > > -(cherry picked from commit 3c30e19c4a0e60e355b2f1d35edbb0a3b7688089) > > > ---- > > > - source3/winbindd/winbindd_dual_srv.c | 35 +++++++------------------= ---------- > > > - 1 file changed, 7 insertions(+), 28 deletions(-) > > > - > > > -diff --git a/source3/winbindd/winbindd_dual_srv.c b/source3/winbindd= /winbindd_dual_srv.c > > > -index 001591a..f064467 100644 > > > ---- a/source3/winbindd/winbindd_dual_srv.c > > > -+++ b/source3/winbindd/winbindd_dual_srv.c > > > -@@ -622,48 +622,27 @@ again: > > > - NTSTATUS _wbint_ChangeMachineAccount(struct pipes_struct *p, > > > - struct wbint_ChangeMachineAccount *r) > > > - { > > > -+ struct messaging_context *msg_ctx =3D winbind_messaging_context(); > > > - struct winbindd_domain *domain; > > > -- int num_retries =3D 0; > > > - NTSTATUS status; > > > - struct rpc_pipe_client *netlogon_pipe; > > > -- TALLOC_CTX *tmp_ctx; > > > -=20 > > > --again: > > > - domain =3D wb_child_domain(); > > > - if (domain =3D=3D NULL) { > > > - return NT_STATUS_REQUEST_NOT_ACCEPTED; > > > - } > > > -=20 > > > -- invalidate_cm_connection(&domain->conn); > > > -- > > > -- { > > > -- status =3D cm_connect_netlogon(domain, &netlogon_pipe); > > > -- } > > > -- > > > -- /* There is a race condition between fetching the trust account > > > -- password and the periodic machine password change. So it's > > > -- possible that the trust account password has been changed on us. > > > -- We are returned NT_STATUS_ACCESS_DENIED if this happens. */ > > > -- > > > --#define MAX_RETRIES 3 > > > -- > > > -- if ((num_retries < MAX_RETRIES) > > > -- && NT_STATUS_EQUAL(status, NT_STATUS_ACCESS_DENIED)) { > > > -- num_retries++; > > > -- goto again; > > > -- } > > > -- > > > -+ status =3D cm_connect_netlogon(domain, &netlogon_pipe); > > > - if (!NT_STATUS_IS_OK(status)) { > > > - DEBUG(3, ("could not open handle to NETLOGON pipe\n")); > > > - goto done; > > > - } > > > -=20 > > > -- tmp_ctx =3D talloc_new(p->mem_ctx); > > > -- > > > -- status =3D trust_pw_find_change_and_store_it(netlogon_pipe, > > > -- tmp_ctx, > > > -- domain->name); > > > -- talloc_destroy(tmp_ctx); > > > -+ status =3D trust_pw_change(domain->conn.netlogon_creds, > > > -+ msg_ctx, > > > -+ netlogon_pipe->binding_handle, > > > -+ domain->name, > > > -+ true); /* force */ > > > -=20 > > > - /* Pass back result code - zero for success, other values for > > > - specific failures. */ > > > ---=20 > > > -1.9.3 > > > - > > > - > > > -From 9956ea8b561da89fb79739dd8a8552116c7867f7 Mon Sep 17 00:00:00 20= 01 > > > -From: Stefan Metzmacher > > > -Date: Mon, 16 Sep 2013 18:39:52 +0200 > > > -Subject: [PATCH 200/249] s3:libsmb: remove unused > > > - trust_pw_find_change_and_store_it() > > > - > > > -Signed-off-by: Stefan Metzmacher > > > -Reviewed-by: Andrew Bartlett > > > -(cherry picked from commit a8ecebe3e840005c81df043cb07773972aaa2371) > > > ---- > > > - source3/include/proto.h | 3 -- > > > - source3/libsmb/trusts_util.c | 81 ---------------------------------= ----------- > > > - 2 files changed, 84 deletions(-) > > > - > > > -diff --git a/source3/include/proto.h b/source3/include/proto.h > > > -index edda119..18348e5 100644 > > > ---- a/source3/include/proto.h > > > -+++ b/source3/include/proto.h > > > -@@ -981,9 +981,6 @@ void update_trustdom_cache( void ); > > > -=20 > > > - /* The following definitions come from libsmb/trusts_util.c */ > > > -=20 > > > --NTSTATUS trust_pw_find_change_and_store_it(struct rpc_pipe_client *= cli,=20 > > > -- TALLOC_CTX *mem_ctx,=20 > > > -- const char *domain) ; > > > - struct netlogon_creds_cli_context; > > > - struct messaging_context; > > > - struct dcerpc_binding_handle; > > > -diff --git a/source3/libsmb/trusts_util.c b/source3/libsmb/trusts_ut= il.c > > > -index b1bc006..b38aec6 100644 > > > ---- a/source3/libsmb/trusts_util.c > > > -+++ b/source3/libsmb/trusts_util.c > > > -@@ -36,87 +36,6 @@ > > > - already setup the connection to the NETLOGON pipe > > > - **********************************************************/ > > > -=20 > > > --NTSTATUS trust_pw_find_change_and_store_it(struct rpc_pipe_client *= cli, > > > -- TALLOC_CTX *mem_ctx, > > > -- const char *domain) > > > --{ > > > -- unsigned char old_trust_passwd_hash[16]; > > > -- unsigned char new_trust_passwd_hash[16]; > > > -- enum netr_SchannelType sec_channel_type =3D SEC_CHAN_NULL; > > > -- const char *account_name; > > > -- char *new_trust_passwd; > > > -- NTSTATUS nt_status; > > > -- > > > -- if (!get_trust_pw_hash(domain, old_trust_passwd_hash, &account_nam= e, > > > -- &sec_channel_type)) { > > > -- DEBUG(0, ("could not fetch domain secrets for domain %s!\n", doma= in)); > > > -- return NT_STATUS_UNSUCCESSFUL; > > > -- } > > > -- > > > -- switch (sec_channel_type) { > > > -- case SEC_CHAN_WKSTA: > > > -- case SEC_CHAN_DOMAIN: > > > -- break; > > > -- default: > > > -- return NT_STATUS_NOT_SUPPORTED; > > > -- } > > > -- > > > -- /* Create a random machine account password */ > > > -- new_trust_passwd =3D generate_random_password(mem_ctx, > > > -- DEFAULT_TRUST_ACCOUNT_PASSWORD_LENGTH, > > > -- DEFAULT_TRUST_ACCOUNT_PASSWORD_LENGTH); > > > -- if (new_trust_passwd =3D=3D NULL) { > > > -- DEBUG(0, ("generate_random_password failed\n")); > > > -- return NT_STATUS_NO_MEMORY; > > > -- } > > > -- > > > -- E_md4hash(new_trust_passwd, new_trust_passwd_hash); > > > -- > > > -- nt_status =3D rpccli_netlogon_set_trust_password(cli, mem_ctx, > > > -- account_name, > > > -- old_trust_passwd_hash, > > > -- new_trust_passwd, > > > -- new_trust_passwd_hash, > > > -- sec_channel_type); > > > -- > > > -- if (NT_STATUS_IS_OK(nt_status)) { > > > -- DEBUG(3,("%s : trust_pw_change_and_store_it: Changed password.\n"= ,=20 > > > -- current_timestring(talloc_tos(), False))); > > > -- /* > > > -- * Return the result of trying to write the new password > > > -- * back into the trust account file. > > > -- */ > > > -- > > > -- switch (sec_channel_type) { > > > -- > > > -- case SEC_CHAN_WKSTA: > > > -- if (!secrets_store_machine_password(new_trust_passwd, domain, se= c_channel_type)) { > > > -- nt_status =3D NT_STATUS_UNSUCCESSFUL; > > > -- } > > > -- break; > > > -- > > > -- case SEC_CHAN_DOMAIN: { > > > -- char *pwd; > > > -- struct dom_sid sid; > > > -- time_t pass_last_set_time; > > > -- > > > -- /* we need to get the sid first for the > > > -- * pdb_set_trusteddom_pw call */ > > > -- > > > -- if (!pdb_get_trusteddom_pw(domain, &pwd, &sid, &pass_last_set_ti= me)) { > > > -- nt_status =3D NT_STATUS_TRUSTED_RELATIONSHIP_FAILURE; > > > -- } > > > -- if (!pdb_set_trusteddom_pw(domain, new_trust_passwd, &sid)) { > > > -- nt_status =3D NT_STATUS_INTERNAL_DB_CORRUPTION; > > > -- } > > > -- break; > > > -- } > > > -- } > > > -- } > > > -- > > > -- return nt_status; > > > --} > > > -- > > > - struct trust_pw_change_state { > > > - struct g_lock_ctx *g_ctx; > > > - char *g_lock_key; > > > ---=20 > > > -1.9.3 > > > - > > > - > > > -From f71cb73d7f034165802aad97e9be6f45ba32d519 Mon Sep 17 00:00:00 20= 01 > > > -From: Stefan Metzmacher > > > -Date: Mon, 16 Sep 2013 19:19:39 +0200 > > > -Subject: [PATCH 201/249] s3:libnet: pass in struct netlogon_creds_cl= i_context > > > - from the caller. > > > - > > > -Signed-off-by: Stefan Metzmacher > > > -Reviewed-by: Andrew Bartlett > > > -(cherry picked from commit 77defb175e3ffd1b096485ac7de38ad161594b72) > > > ---- > > > - source3/libnet/libnet_samsync.c | 2 +- > > > - source3/libnet/libnet_samsync.h | 1 + > > > - source3/utils/net_rpc_samsync.c | 1 + > > > - 3 files changed, 3 insertions(+), 1 deletion(-) > > > - > > > -diff --git a/source3/libnet/libnet_samsync.c b/source3/libnet/libnet= _samsync.c > > > -index 02d3fc6..e7e1393 100644 > > > ---- a/source3/libnet/libnet_samsync.c > > > -+++ b/source3/libnet/libnet_samsync.c > > > -@@ -216,7 +216,7 @@ static NTSTATUS libnet_samsync_delta(TALLOC_CTX = *mem_ctx, > > > - struct netr_DELTA_ENUM_ARRAY *delta_enum_array =3D NULL; > > > - struct netlogon_creds_CredentialState *creds =3D NULL; > > > -=20 > > > -- status =3D netlogon_creds_cli_lock(ctx->cli->netlogon_creds, > > > -+ status =3D netlogon_creds_cli_lock(ctx->netlogon_creds, > > > - mem_ctx, &creds); > > > - if (!NT_STATUS_IS_OK(status)) { > > > - return status; > > > -diff --git a/source3/libnet/libnet_samsync.h b/source3/libnet/libnet= _samsync.h > > > -index efdbb37..e1d66ec 100644 > > > ---- a/source3/libnet/libnet_samsync.h > > > -+++ b/source3/libnet/libnet_samsync.h > > > -@@ -75,6 +75,7 @@ struct samsync_context { > > > - struct samsync_object *objects; > > > -=20 > > > - struct rpc_pipe_client *cli; > > > -+ struct netlogon_creds_cli_context *netlogon_creds; > > > - struct messaging_context *msg_ctx; > > > -=20 > > > - const struct samsync_ops *ops; > > > -diff --git a/source3/utils/net_rpc_samsync.c b/source3/utils/net_rpc= _samsync.c > > > -index 772651f..6377ad4 100644 > > > ---- a/source3/utils/net_rpc_samsync.c > > > -+++ b/source3/utils/net_rpc_samsync.c > > > -@@ -129,6 +129,7 @@ NTSTATUS rpc_samdump_internals(struct net_contex= t *c, > > > -=20 > > > - ctx->mode =3D NET_SAMSYNC_MODE_DUMP; > > > - ctx->cli =3D pipe_hnd; > > > -+ ctx->netlogon_creds =3D c->netlogon_creds; > > > - ctx->ops =3D &libnet_samsync_display_ops; > > > - ctx->domain_name =3D domain_name; > > > -=20 > > > ---=20 > > > -1.9.3 > > > - > > > - > > > -From acb678ce415403e1442116b32eb8b8b32b677f4a Mon Sep 17 00:00:00 20= 01 > > > -From: Stefan Metzmacher > > > -Date: Mon, 16 Sep 2013 20:51:25 +0200 > > > -Subject: [PATCH 202/249] s3:rpcclient: make use of > > > - rpccli_{create,setup}_netlogon_creds() > > > - > > > -Signed-off-by: Stefan Metzmacher > > > -Reviewed-by: Andrew Bartlett > > > -(cherry picked from commit 5107ca02a41673739a1fc4a1c2a0fbe8465f211a) > > > ---- > > > - source3/rpcclient/rpcclient.c | 59 ++++++++++++++++++++++++++++++--= ----------- > > > - 1 file changed, 41 insertions(+), 18 deletions(-) > > > - > > > -diff --git a/source3/rpcclient/rpcclient.c b/source3/rpcclient/rpccl= ient.c > > > -index a875ff5..490f8df 100644 > > > ---- a/source3/rpcclient/rpcclient.c > > > -+++ b/source3/rpcclient/rpcclient.c > > > -@@ -676,6 +676,7 @@ static NTSTATUS do_cmd(struct cli_state *cli, > > > - { > > > - NTSTATUS ntresult; > > > - WERROR wresult; > > > -+ bool ok; > > > -=20 > > > - TALLOC_CTX *mem_ctx; > > > -=20 > > > -@@ -759,17 +760,20 @@ static NTSTATUS do_cmd(struct cli_state *cli, > > > - return ntresult; > > > - } > > > -=20 > > > -- if (ndr_syntax_id_equal(&cmd_entry->table->syntax_id, > > > -- &ndr_table_netlogon.syntax_id)) { > > > -- uint32_t neg_flags =3D NETLOGON_NEG_AUTH2_ADS_FLAGS | > > > -- NETLOGON_NEG_SUPPORTS_AES; > > > -- enum netr_SchannelType sec_channel_type; > > > -- uchar trust_password[16]; > > > -- const char *machine_account; > > > -+ ok =3D ndr_syntax_id_equal(&cmd_entry->table->syntax_id, > > > -+ &ndr_table_netlogon.syntax_id); > > > -+ if (cmd_entry->rpc_pipe->netlogon_creds =3D=3D NULL && ok) { > > > -+ const char *dc_name =3D cmd_entry->rpc_pipe->desthost; > > > -+ const char *domain =3D get_cmdline_auth_info_domain(auth_info); > > > -+ enum netr_SchannelType sec_chan_type =3D 0; > > > -+ const char *_account_name =3D NULL; > > > -+ const char *account_name =3D NULL; > > > -+ struct samr_Password current_nt_hash; > > > -+ struct samr_Password *previous_nt_hash =3D NULL; > > > -=20 > > > - if (!get_trust_pw_hash(get_cmdline_auth_info_domain(auth_info), > > > -- trust_password, &machine_account, > > > -- &sec_channel_type)) > > > -+ current_nt_hash.hash, &_account_name, > > > -+ &sec_chan_type)) > > > - { > > > - DEBUG(0, ("Failed to fetch trust password for %s to connect to = %s.\n", > > > - get_cmdline_auth_info_domain(auth_info), > > > -@@ -779,22 +783,41 @@ static NTSTATUS do_cmd(struct cli_state *cli, > > > - return NT_STATUS_CANT_ACCESS_DOMAIN_INFO; > > > - } > > > -=20 > > > -- ntresult =3D rpccli_netlogon_setup_creds(cmd_entry->rpc_pipe, > > > -- cmd_entry->rpc_pipe->desthost, /* server name */ > > > -- get_cmdline_auth_info_domain(auth_info), /* domain */ > > > -- lp_netbios_name(), /* client name */ > > > -- machine_account, /* machine account name */ > > > -- trust_password, > > > -- sec_channel_type, > > > -- &neg_flags); > > > -+ account_name =3D talloc_asprintf(mem_ctx, "%s$", _account_name); > > > -+ if (account_name =3D=3D NULL) { > > > -+ SAFE_FREE(previous_nt_hash); > > > -+ TALLOC_FREE(mem_ctx); > > > -+ return NT_STATUS_NO_MEMORY; > > > -+ } > > > -+ > > > -+ ntresult =3D rpccli_create_netlogon_creds(dc_name, > > > -+ domain, > > > -+ account_name, > > > -+ sec_chan_type, > > > -+ rpcclient_msg_ctx, > > > -+ talloc_autofree_context(), > > > -+ &rpcclient_netlogon_creds); > > > -+ if (!NT_STATUS_IS_OK(ntresult)) { > > > -+ SAFE_FREE(previous_nt_hash); > > > -+ TALLOC_FREE(mem_ctx); > > > -+ return ntresult; > > > -+ } > > > -=20 > > > -+ ntresult =3D rpccli_setup_netlogon_creds(cli, > > > -+ rpcclient_netlogon_creds, > > > -+ false, /* force_reauth */ > > > -+ current_nt_hash, > > > -+ previous_nt_hash); > > > -+ SAFE_FREE(previous_nt_hash); > > > - if (!NT_STATUS_IS_OK(ntresult)) { > > > - DEBUG(0, ("Could not initialise credentials for %s.\n", > > > - cmd_entry->table->name)); > > > - TALLOC_FREE(cmd_entry->rpc_pipe); > > > -- talloc_free(mem_ctx); > > > -+ TALLOC_FREE(rpcclient_netlogon_creds); > > > -+ TALLOC_FREE(mem_ctx); > > > - return ntresult; > > > - } > > > -+ cmd_entry->rpc_pipe->netlogon_creds =3D rpcclient_netlogon_creds; > > > - } > > > - } > > > -=20 > > > ---=20 > > > -1.9.3 > > > - > > > - > > > -From b04744971aa9cc696aa4a3c56dd46d58db8dda75 Mon Sep 17 00:00:00 20= 01 > > > -From: Garming Sam > > > -Date: Fri, 29 Nov 2013 14:45:20 +1300 > > > -Subject: [PATCH 203/249] s3:rpcclient: give errors and clean up corr= ectly > > > - after failing to obtain secret > > > - > > > -Signed-off-by: Garming Sam > > > -Reviewed-by: Stefan Metzmacher > > > -Reviewed-by: Andrew Bartlett > > > -(cherry picked from commit a012e2fdd6733e871ddeb68874a2df8413ad91ed) > > > ---- > > > - source3/rpcclient/rpcclient.c | 6 ++++++ > > > - 1 file changed, 6 insertions(+) > > > - > > > -diff --git a/source3/rpcclient/rpcclient.c b/source3/rpcclient/rpccl= ient.c > > > -index 490f8df..fd3ebdf 100644 > > > ---- a/source3/rpcclient/rpcclient.c > > > -+++ b/source3/rpcclient/rpcclient.c > > > -@@ -785,6 +785,9 @@ static NTSTATUS do_cmd(struct cli_state *cli, > > > -=20 > > > - account_name =3D talloc_asprintf(mem_ctx, "%s$", _account_name); > > > - if (account_name =3D=3D NULL) { > > > -+ DEBUG(0, ("Out of memory creating account name to connect to %s= =2E\n", > > > -+ cmd_entry->table->name)); > > > -+ TALLOC_FREE(cmd_entry->rpc_pipe); > > > - SAFE_FREE(previous_nt_hash); > > > - TALLOC_FREE(mem_ctx); > > > - return NT_STATUS_NO_MEMORY; > > > -@@ -798,6 +801,9 @@ static NTSTATUS do_cmd(struct cli_state *cli, > > > - talloc_autofree_context(), > > > - &rpcclient_netlogon_creds); > > > - if (!NT_STATUS_IS_OK(ntresult)) { > > > -+ DEBUG(0, ("Could not initialise credentials for %s.\n", > > > -+ cmd_entry->table->name)); > > > -+ TALLOC_FREE(cmd_entry->rpc_pipe); > > > - SAFE_FREE(previous_nt_hash); > > > - TALLOC_FREE(mem_ctx); > > > - return ntresult; > > > ---=20 > > > -1.9.3 > > > - > > > - > > > -From 564e6df9361025ff7da6fa92d83491cfd9e60b2b Mon Sep 17 00:00:00 20= 01 > > > -From: Stefan Metzmacher > > > -Date: Tue, 17 Sep 2013 00:46:09 +0200 > > > -Subject: [PATCH 204/249] s3:rpcclient: remove optional auth_level pa= rameter of > > > - the 'samlogon' cmd > > > - > > > -Signed-off-by: Stefan Metzmacher > > > -Reviewed-by: Andrew Bartlett > > > -(cherry picked from commit 4c99e49898151a514e334a07f38eed83fe608c05) > > > ---- > > > - source3/rpcclient/cmd_netlogon.c | 11 ++++------- > > > - 1 file changed, 4 insertions(+), 7 deletions(-) > > > - > > > -diff --git a/source3/rpcclient/cmd_netlogon.c b/source3/rpcclient/cm= d_netlogon.c > > > -index 000d65c..97b79cb 100644 > > > ---- a/source3/rpcclient/cmd_netlogon.c > > > -+++ b/source3/rpcclient/cmd_netlogon.c > > > -@@ -782,9 +782,9 @@ static NTSTATUS cmd_netlogon_sam_logon(struct rp= c_pipe_client *cli, > > > -=20 > > > - /* Check arguments */ > > > -=20 > > > -- if (argc < 3 || argc > 7) { > > > -+ if (argc < 3 || argc > 6) { > > > - fprintf(stderr, "Usage: samlogon [workstati= on]" > > > -- "[logon_type (1 or 2)] [auth level (2 or 3)] [logon_parameter]\n= "); > > > -+ "[logon_type (1 or 2)] [logon_parameter]\n"); > > > - return NT_STATUS_OK; > > > - } > > > -=20 > > > -@@ -797,11 +797,8 @@ static NTSTATUS cmd_netlogon_sam_logon(struct r= pc_pipe_client *cli, > > > - if (argc >=3D 5) > > > - sscanf(argv[4], "%i", &logon_type); > > > -=20 > > > -- if (argc >=3D 6) > > > -- validation_level =3D atoi(argv[5]); > > > -- > > > -- if (argc =3D=3D 7) > > > -- sscanf(argv[6], "%x", &logon_param); > > > -+ if (argc =3D=3D 6) > > > -+ sscanf(argv[5], "%x", &logon_param); > > > -=20 > > > - /* Perform the sam logon */ > > > -=20 > > > ---=20 > > > -1.9.3 > > > - > > > - > > > -From a61d399c13c9f46e283f85f3d076b0607c2729f3 Mon Sep 17 00:00:00 20= 01 > > > -From: Stefan Metzmacher > > > -Date: Tue, 17 Sep 2013 00:48:31 +0200 > > > -Subject: [PATCH 205/249] s3:rpcclient: make use of > > > - rpccli_netlogon_password_logon() in the 'samlogon' cmd > > > - > > > -Signed-off-by: Stefan Metzmacher > > > -Reviewed-by: Andrew Bartlett > > > -(cherry picked from commit c6bb47f2f199cc13101dccf656ac36e9eb879201) > > > ---- > > > - source3/rpcclient/cmd_netlogon.c | 11 ++++++++--- > > > - 1 file changed, 8 insertions(+), 3 deletions(-) > > > - > > > -diff --git a/source3/rpcclient/cmd_netlogon.c b/source3/rpcclient/cm= d_netlogon.c > > > -index 97b79cb..b637b3e 100644 > > > ---- a/source3/rpcclient/cmd_netlogon.c > > > -+++ b/source3/rpcclient/cmd_netlogon.c > > > -@@ -776,7 +776,6 @@ static NTSTATUS cmd_netlogon_sam_logon(struct rp= c_pipe_client *cli, > > > - NTSTATUS result =3D NT_STATUS_UNSUCCESSFUL; > > > - int logon_type =3D NetlogonNetworkInformation; > > > - const char *username, *password; > > > -- uint16_t validation_level =3D 3; > > > - uint32 logon_param =3D 0; > > > - const char *workstation =3D NULL; > > > -=20 > > > -@@ -802,8 +801,14 @@ static NTSTATUS cmd_netlogon_sam_logon(struct r= pc_pipe_client *cli, > > > -=20 > > > - /* Perform the sam logon */ > > > -=20 > > > -- result =3D rpccli_netlogon_sam_logon(cli, mem_ctx, logon_param, lp= _workgroup(), username, password, workstation, validation_level, logon_type= ); > > > -- > > > -+ result =3D rpccli_netlogon_password_logon(rpcclient_netlogon_creds, > > > -+ cli->binding_handle, > > > -+ logon_param, > > > -+ lp_workgroup(), > > > -+ username, > > > -+ password, > > > -+ workstation, > > > -+ logon_type); > > > - if (!NT_STATUS_IS_OK(result)) > > > - goto done; > > > -=20 > > > ---=20 > > > -1.9.3 > > > - > > > - > > > -From fbe0154a63d401acd47c5190be37b8d69d3d64ba Mon Sep 17 00:00:00 20= 01 > > > -From: Stefan Metzmacher > > > -Date: Tue, 17 Sep 2013 00:56:15 +0200 > > > -Subject: [PATCH 206/249] s3:winbindd: make use of > > > - rpccli_netlogon_network_logon() > > > - > > > -Signed-off-by: Stefan Metzmacher > > > -Reviewed-by: Andrew Bartlett > > > -(cherry picked from commit a34c837fdb59df1e66be9b5f23a07990e34fea1c) > > > ---- > > > - source3/winbindd/winbindd_pam.c | 28 +++++++++++++++------------- > > > - 1 file changed, 15 insertions(+), 13 deletions(-) > > > - > > > -diff --git a/source3/winbindd/winbindd_pam.c b/source3/winbindd/winb= indd_pam.c > > > -index 39483a5..3f3ec70 100644 > > > ---- a/source3/winbindd/winbindd_pam.c > > > -+++ b/source3/winbindd/winbindd_pam.c > > > -@@ -1228,6 +1228,8 @@ static NTSTATUS winbind_samlogon_retry_loop(st= ruct winbindd_domain *domain, > > > -=20 > > > - do { > > > - struct rpc_pipe_client *netlogon_pipe; > > > -+ uint8_t authoritative =3D 0; > > > -+ uint32_t flags =3D 0; > > > -=20 > > > - ZERO_STRUCTP(info3); > > > - retry =3D false; > > > -@@ -1276,19 +1278,19 @@ static NTSTATUS winbind_samlogon_retry_loop(= struct winbindd_domain *domain, > > > - } > > > - netr_attempts =3D 0; > > > -=20 > > > -- result =3D rpccli_netlogon_sam_network_logon( > > > -- netlogon_pipe, > > > -- mem_ctx, > > > -- logon_parameters, > > > -- server, /* server name */ > > > -- username, /* user name */ > > > -- domainname, /* target domain */ > > > -- workstation, /* workstation */ > > > -- chal, > > > -- -1, /* ignored */ > > > -- lm_response, > > > -- nt_response, > > > -- info3); > > > -+ result =3D rpccli_netlogon_network_logon(domain->conn.netlogon_cr= eds, > > > -+ netlogon_pipe->binding_handle, > > > -+ mem_ctx, > > > -+ logon_parameters, > > > -+ username, > > > -+ domainname, > > > -+ workstation, > > > -+ chal, > > > -+ lm_response, > > > -+ nt_response, > > > -+ &authoritative, > > > -+ &flags, > > > -+ info3); > > > -=20 > > > - /* > > > - * we increment this after the "feature negotiation" > > > ---=20 > > > -1.9.3 > > > - > > > - > > > -From cfcb681d6f80253b6f2db769f5c5be1ffb54cc0e Mon Sep 17 00:00:00 20= 01 > > > -From: Stefan Metzmacher > > > -Date: Mon, 16 Sep 2013 20:53:51 +0200 > > > -Subject: [PATCH 207/249] s3:rpc_client: make cli_rpc_pipe_open_schan= nel() more > > > - flexible > > > - > > > -It expects a messaging_context now > > > -and returns a netlogon_creds_cli_context. > > > - > > > -This way we can finally avoid having a rpc_pipe_client->netlogon_cre= ds. > > > - > > > -Signed-off-by: Stefan Metzmacher > > > -Reviewed-by: Andrew Bartlett > > > -(cherry picked from commit 660150b12a637da7f9ebb820e687f27ac22fb93a) > > > ---- > > > - source3/rpc_client/cli_pipe.h | 5 ++++- > > > - source3/rpc_client/cli_pipe_schannel.c | 9 +++++++-- > > > - source3/rpcclient/rpcclient.c | 13 +++++++------ > > > - source3/utils/net_rpc.c | 6 +++--- > > > - 4 files changed, 21 insertions(+), 12 deletions(-) > > > - > > > -diff --git a/source3/rpc_client/cli_pipe.h b/source3/rpc_client/cli_= pipe.h > > > -index 2a76130..b704d8a 100644 > > > ---- a/source3/rpc_client/cli_pipe.h > > > -+++ b/source3/rpc_client/cli_pipe.h > > > -@@ -99,11 +99,14 @@ NTSTATUS cli_rpc_pipe_open_schannel_with_key(str= uct cli_state *cli, > > > - struct rpc_pipe_client **presult); > > > -=20 > > > - NTSTATUS cli_rpc_pipe_open_schannel(struct cli_state *cli, > > > -+ struct messaging_context *msg_ctx, > > > - const struct ndr_interface_table *table, > > > - enum dcerpc_transport_t transport, > > > - enum dcerpc_AuthLevel auth_level, > > > - const char *domain, > > > -- struct rpc_pipe_client **presult); > > > -+ struct rpc_pipe_client **presult, > > > -+ TALLOC_CTX *mem_ctx, > > > -+ struct netlogon_creds_cli_context **pcreds); > > > -=20 > > > - NTSTATUS cli_get_session_key(TALLOC_CTX *mem_ctx, > > > - struct rpc_pipe_client *cli, > > > -diff --git a/source3/rpc_client/cli_pipe_schannel.c b/source3/rpc_cl= ient/cli_pipe_schannel.c > > > -index 1fcf62e..a842333 100644 > > > ---- a/source3/rpc_client/cli_pipe_schannel.c > > > -+++ b/source3/rpc_client/cli_pipe_schannel.c > > > -@@ -38,14 +38,16 @@ > > > - ******************************************************************= **********/ > > > -=20 > > > - NTSTATUS cli_rpc_pipe_open_schannel(struct cli_state *cli, > > > -+ struct messaging_context *msg_ctx, > > > - const struct ndr_interface_table *table, > > > - enum dcerpc_transport_t transport, > > > - enum dcerpc_AuthLevel auth_level, > > > - const char *domain, > > > -- struct rpc_pipe_client **presult) > > > -+ struct rpc_pipe_client **presult, > > > -+ TALLOC_CTX *mem_ctx, > > > -+ struct netlogon_creds_cli_context **pcreds) > > > - { > > > - TALLOC_CTX *frame =3D talloc_stackframe(); > > > -- struct messaging_context *msg_ctx =3D NULL; > > > - const char *dc_name =3D smbXcli_conn_remote_name(cli->conn); > > > - struct rpc_pipe_client *result =3D NULL; > > > - NTSTATUS status; > > > -@@ -121,6 +123,9 @@ NTSTATUS cli_rpc_pipe_open_schannel(struct cli_s= tate *cli, > > > -=20 > > > - if (NT_STATUS_IS_OK(status)) { > > > - *presult =3D result; > > > -+ if (pcreds !=3D NULL) { > > > -+ *pcreds =3D talloc_move(mem_ctx, &netlogon_creds); > > > -+ } > > > - } > > > -=20 > > > - TALLOC_FREE(frame); > > > -diff --git a/source3/rpcclient/rpcclient.c b/source3/rpcclient/rpccl= ient.c > > > -index fd3ebdf..43343e8 100644 > > > ---- a/source3/rpcclient/rpcclient.c > > > -+++ b/source3/rpcclient/rpcclient.c > > > -@@ -737,12 +737,16 @@ static NTSTATUS do_cmd(struct cli_state *cli, > > > - &cmd_entry->rpc_pipe); > > > - break; > > > - case DCERPC_AUTH_TYPE_SCHANNEL: > > > -+ TALLOC_FREE(rpcclient_netlogon_creds); > > > - ntresult =3D cli_rpc_pipe_open_schannel( > > > -- cli, cmd_entry->table, > > > -+ cli, rpcclient_msg_ctx, > > > -+ cmd_entry->table, > > > - default_transport, > > > - pipe_default_auth_level, > > > - get_cmdline_auth_info_domain(auth_info), > > > -- &cmd_entry->rpc_pipe); > > > -+ &cmd_entry->rpc_pipe, > > > -+ talloc_autofree_context(), > > > -+ &rpcclient_netlogon_creds); > > > - break; > > > - default: > > > - DEBUG(0, ("Could not initialise %s. Invalid " > > > -@@ -762,7 +766,7 @@ static NTSTATUS do_cmd(struct cli_state *cli, > > > -=20 > > > - ok =3D ndr_syntax_id_equal(&cmd_entry->table->syntax_id, > > > - &ndr_table_netlogon.syntax_id); > > > -- if (cmd_entry->rpc_pipe->netlogon_creds =3D=3D NULL && ok) { > > > -+ if (rpcclient_netlogon_creds =3D=3D NULL && ok) { > > > - const char *dc_name =3D cmd_entry->rpc_pipe->desthost; > > > - const char *domain =3D get_cmdline_auth_info_domain(auth_info); > > > - enum netr_SchannelType sec_chan_type =3D 0; > > > -@@ -823,12 +827,9 @@ static NTSTATUS do_cmd(struct cli_state *cli, > > > - TALLOC_FREE(mem_ctx); > > > - return ntresult; > > > - } > > > -- cmd_entry->rpc_pipe->netlogon_creds =3D rpcclient_netlogon_creds; > > > - } > > > - } > > > -=20 > > > -- rpcclient_netlogon_creds =3D cmd_entry->rpc_pipe->netlogon_creds; > > > -- > > > - /* Run command */ > > > -=20 > > > - if ( cmd_entry->returntype =3D=3D RPC_RTYPE_NTSTATUS ) { > > > -diff --git a/source3/utils/net_rpc.c b/source3/utils/net_rpc.c > > > -index ba49f3e..d0f699a 100644 > > > ---- a/source3/utils/net_rpc.c > > > -+++ b/source3/utils/net_rpc.c > > > -@@ -192,16 +192,16 @@ int run_rpc_command(struct net_context *c, > > > - && (ndr_syntax_id_equal(&table->syntax_id, > > > - &ndr_table_netlogon.syntax_id))) { > > > - /* Always try and create an schannel netlogon pipe. */ > > > -+ TALLOC_FREE(c->netlogon_creds); > > > - nt_status =3D cli_rpc_pipe_open_schannel( > > > -- cli, table, NCACN_NP, > > > -+ cli, c->msg_ctx, table, NCACN_NP, > > > - DCERPC_AUTH_LEVEL_PRIVACY, domain_name, > > > -- &pipe_hnd); > > > -+ &pipe_hnd, c, &c->netlogon_creds); > > > - if (!NT_STATUS_IS_OK(nt_status)) { > > > - DEBUG(0, ("Could not initialise schannel netlogon pipe. Error w= as %s\n", > > > - nt_errstr(nt_status) )); > > > - goto fail; > > > - } > > > -- c->netlogon_creds =3D pipe_hnd->netlogon_creds; > > > - } else { > > > - if (conn_flags & NET_FLAGS_SEAL) { > > > - nt_status =3D cli_rpc_pipe_open_generic_auth( > > > ---=20 > > > -1.9.3 > > > - > > > - > > > -From 603b40eeee3cf21de94f11471889d0443713ba4f Mon Sep 17 00:00:00 20= 01 > > > -From: Stefan Metzmacher > > > -Date: Fri, 6 Sep 2013 13:54:30 +0200 > > > -Subject: [PATCH 208/249] s3:rpc_client: remove unused > > > - rpccli_netlogon_set_trust_password() > > > - > > > -Signed-off-by: Stefan Metzmacher > > > -Reviewed-by: Andrew Bartlett > > > -(cherry picked from commit 6d457ad9c156cf86d99e58dea21dba170defad1b) > > > ---- > > > - source3/rpc_client/cli_netlogon.c | 51 ----------------------------= ----------- > > > - source3/rpc_client/cli_netlogon.h | 7 ------ > > > - 2 files changed, 58 deletions(-) > > > - > > > -diff --git a/source3/rpc_client/cli_netlogon.c b/source3/rpc_client/= cli_netlogon.c > > > -index a9f8604..2f23d1b 100644 > > > ---- a/source3/rpc_client/cli_netlogon.c > > > -+++ b/source3/rpc_client/cli_netlogon.c > > > -@@ -759,54 +759,3 @@ NTSTATUS rpccli_netlogon_network_logon(struct n= etlogon_creds_cli_context *creds, > > > -=20 > > > - return NT_STATUS_OK; > > > - } > > > -- > > > --/********************************************************* > > > -- Change the domain password on the PDC. > > > -- > > > -- Just changes the password betwen the two values specified. > > > -- > > > -- Caller must have the cli connected to the netlogon pipe > > > -- already. > > > --**********************************************************/ > > > -- > > > --NTSTATUS rpccli_netlogon_set_trust_password(struct rpc_pipe_client = *cli, > > > -- TALLOC_CTX *mem_ctx, > > > -- const char *account_name, > > > -- const unsigned char orig_trust_passwd_hash[16], > > > -- const char *new_trust_pwd_cleartext, > > > -- const unsigned char new_trust_passwd_hash[16], > > > -- enum netr_SchannelType sec_channel_type) > > > --{ > > > -- NTSTATUS result; > > > -- > > > -- if (cli->netlogon_creds =3D=3D NULL) { > > > -- uint32_t neg_flags =3D NETLOGON_NEG_AUTH2_ADS_FLAGS | > > > -- NETLOGON_NEG_SUPPORTS_AES; > > > -- result =3D rpccli_netlogon_setup_creds(cli, > > > -- cli->desthost, /* server name */ > > > -- lp_workgroup(), /* domain */ > > > -- lp_netbios_name(), /* client name */ > > > -- account_name, /* machine account name */ > > > -- orig_trust_passwd_hash, > > > -- sec_channel_type, > > > -- &neg_flags); > > > -- if (!NT_STATUS_IS_OK(result)) { > > > -- DEBUG(3,("rpccli_netlogon_set_trust_password: unable to setup cr= eds (%s)!\n", > > > -- nt_errstr(result))); > > > -- return result; > > > -- } > > > -- } > > > -- > > > -- result =3D netlogon_creds_cli_ServerPasswordSet(cli->netlogon_cred= s, > > > -- cli->binding_handle, > > > -- new_trust_pwd_cleartext, > > > -- NULL); /* new_version */ > > > -- if (!NT_STATUS_IS_OK(result)) { > > > -- DEBUG(0,("netlogon_creds_cli_ServerPasswordSet failed: %s\n", > > > -- nt_errstr(result))); > > > -- return result; > > > -- } > > > -- > > > -- return NT_STATUS_OK; > > > --} > > > -- > > > -diff --git a/source3/rpc_client/cli_netlogon.h b/source3/rpc_client/= cli_netlogon.h > > > -index d4c6670..8547db6 100644 > > > ---- a/source3/rpc_client/cli_netlogon.h > > > -+++ b/source3/rpc_client/cli_netlogon.h > > > -@@ -93,12 +93,5 @@ NTSTATUS rpccli_netlogon_network_logon(struct net= logon_creds_cli_context *creds, > > > - uint8_t *authoritative, > > > - uint32_t *flags, > > > - struct netr_SamInfo3 **info3); > > > --NTSTATUS rpccli_netlogon_set_trust_password(struct rpc_pipe_client = *cli, > > > -- TALLOC_CTX *mem_ctx, > > > -- const char *account_name, > > > -- const unsigned char orig_trust_passwd_hash[16], > > > -- const char *new_trust_pwd_cleartext, > > > -- const unsigned char new_trust_passwd_hash[16], > > > -- enum netr_SchannelType sec_channel_type); > > > -=20 > > > - #endif /* _RPC_CLIENT_CLI_NETLOGON_H_ */ > > > ---=20 > > > -1.9.3 > > > - > > > - > > > -From c9dc23d434bc7015f400b1969a055b95faac6594 Mon Sep 17 00:00:00 20= 01 > > > -From: Stefan Metzmacher > > > -Date: Fri, 6 Sep 2013 13:06:53 +0200 > > > -Subject: [PATCH 209/249] s3:rpc_client: remove unused > > > - rpccli_netlogon_setup_creds() > > > - > > > -Signed-off-by: Stefan Metzmacher > > > -Reviewed-by: Andrew Bartlett > > > -(cherry picked from commit a4faf57b47095bfc0f4370ac093c8c4cef17584f) > > > ---- > > > - source3/rpc_client/cli_netlogon.c | 92 ----------------------------= ----------- > > > - source3/rpc_client/cli_netlogon.h | 8 ---- > > > - 2 files changed, 100 deletions(-) > > > - > > > -diff --git a/source3/rpc_client/cli_netlogon.c b/source3/rpc_client/= cli_netlogon.c > > > -index 2f23d1b..687d0c2 100644 > > > ---- a/source3/rpc_client/cli_netlogon.c > > > -+++ b/source3/rpc_client/cli_netlogon.c > > > -@@ -35,98 +35,6 @@ > > > - #include "lib/param/param.h" > > > - #include "libcli/smb/smbXcli_base.h" > > > -=20 > > > --/******************************************************************= ********** > > > -- Wrapper function that uses the auth and auth2 calls to set up a NE= TLOGON > > > -- credentials chain. Stores the credentials in the struct dcinfo in = the > > > -- netlogon pipe struct. > > > --*******************************************************************= *********/ > > > -- > > > --NTSTATUS rpccli_netlogon_setup_creds(struct rpc_pipe_client *cli, > > > -- const char *server_name, > > > -- const char *domain, > > > -- const char *clnt_name, > > > -- const char *machine_account, > > > -- const unsigned char machine_pwd[16], > > > -- enum netr_SchannelType sec_chan_type, > > > -- uint32_t *neg_flags_inout) > > > --{ > > > -- TALLOC_CTX *frame =3D talloc_stackframe(); > > > -- struct loadparm_context *lp_ctx; > > > -- NTSTATUS status; > > > -- struct samr_Password password; > > > -- fstring mach_acct; > > > -- struct dcerpc_binding_handle *b =3D cli->binding_handle; > > > -- struct netlogon_creds_CredentialState *creds =3D NULL; > > > -- > > > -- if (!ndr_syntax_id_equal(&cli->abstract_syntax, > > > -- &ndr_table_netlogon.syntax_id)) { > > > -- TALLOC_FREE(frame); > > > -- return NT_STATUS_INVALID_PARAMETER; > > > -- } > > > -- > > > -- if (!strequal(lp_netbios_name(), clnt_name)) { > > > -- TALLOC_FREE(frame); > > > -- return NT_STATUS_INVALID_PARAMETER; > > > -- } > > > -- > > > -- TALLOC_FREE(cli->netlogon_creds); > > > -- > > > -- fstr_sprintf( mach_acct, "%s$", machine_account); > > > -- > > > -- lp_ctx =3D loadparm_init_s3(frame, loadparm_s3_helpers()); > > > -- if (lp_ctx =3D=3D NULL) { > > > -- TALLOC_FREE(frame); > > > -- return NT_STATUS_NO_MEMORY; > > > -- } > > > -- status =3D netlogon_creds_cli_context_global(lp_ctx, > > > -- NULL, /* msg_ctx */ > > > -- mach_acct, > > > -- sec_chan_type, > > > -- server_name, > > > -- domain, > > > -- cli, &cli->netlogon_creds); > > > -- talloc_unlink(frame, lp_ctx); > > > -- if (!NT_STATUS_IS_OK(status)) { > > > -- TALLOC_FREE(frame); > > > -- return status; > > > -- } > > > -- > > > -- status =3D netlogon_creds_cli_get(cli->netlogon_creds, > > > -- frame, &creds); > > > -- if (NT_STATUS_IS_OK(status)) { > > > -- DEBUG(5,("rpccli_netlogon_setup_creds: server %s using " > > > -- "cached credential\n", > > > -- cli->desthost)); > > > -- *neg_flags_inout =3D creds->negotiate_flags; > > > -- TALLOC_FREE(frame); > > > -- return NT_STATUS_OK; > > > -- } > > > -- > > > -- /* Store the machine account password we're going to use. */ > > > -- memcpy(password.hash, machine_pwd, 16); > > > -- > > > -- DEBUG(5,("rpccli_netlogon_setup_creds: server %s credential " > > > -- "chain established.\n", > > > -- cli->desthost )); > > > -- > > > -- status =3D netlogon_creds_cli_auth(cli->netlogon_creds, b, > > > -- password, NULL); > > > -- if (!NT_STATUS_IS_OK(status)) { > > > -- TALLOC_FREE(frame); > > > -- return status; > > > -- } > > > -- > > > -- status =3D netlogon_creds_cli_get(cli->netlogon_creds, > > > -- frame, &creds); > > > -- if (!NT_STATUS_IS_OK(status)) { > > > -- TALLOC_FREE(frame); > > > -- return NT_STATUS_INTERNAL_ERROR; > > > -- } > > > -- > > > -- *neg_flags_inout =3D creds->negotiate_flags; > > > -- TALLOC_FREE(frame); > > > -- return NT_STATUS_OK; > > > --} > > > -=20 > > > - NTSTATUS rpccli_pre_open_netlogon_creds(void) > > > - { > > > -diff --git a/source3/rpc_client/cli_netlogon.h b/source3/rpc_client/= cli_netlogon.h > > > -index 8547db6..0de836a 100644 > > > ---- a/source3/rpc_client/cli_netlogon.h > > > -+++ b/source3/rpc_client/cli_netlogon.h > > > -@@ -30,14 +30,6 @@ struct dcerpc_binding_handle; > > > -=20 > > > - /* The following definitions come from rpc_client/cli_netlogon.c */ > > > -=20 > > > --NTSTATUS rpccli_netlogon_setup_creds(struct rpc_pipe_client *cli, > > > -- const char *server_name, > > > -- const char *domain, > > > -- const char *clnt_name, > > > -- const char *machine_account, > > > -- const unsigned char machine_pwd[16], > > > -- enum netr_SchannelType sec_chan_type, > > > -- uint32_t *neg_flags_inout); > > > - NTSTATUS rpccli_pre_open_netlogon_creds(void); > > > - NTSTATUS rpccli_create_netlogon_creds(const char *server_computer, > > > - const char *server_netbios_domain, > > > ---=20 > > > -1.9.3 > > > - > > > - > > > -From 2a072da1cc18acc7eb6d82769dc96b7e94ec57fe Mon Sep 17 00:00:00 20= 01 > > > -From: Stefan Metzmacher > > > -Date: Mon, 16 Sep 2013 19:23:18 +0200 > > > -Subject: [PATCH 210/249] s3:rpc_client: remove unused > > > - rpccli_netlogon_sam_logon() > > > - > > > -Signed-off-by: Stefan Metzmacher > > > -Reviewed-by: Andrew Bartlett > > > -(cherry picked from commit e4fea80693b49e79a96acdac09d5ea292756635c) > > > ---- > > > - source3/rpc_client/cli_netlogon.c | 124 ---------------------------= ----------- > > > - source3/rpc_client/cli_netlogon.h | 9 --- > > > - 2 files changed, 133 deletions(-) > > > - > > > -diff --git a/source3/rpc_client/cli_netlogon.c b/source3/rpc_client/= cli_netlogon.c > > > -index 687d0c2..171337a 100644 > > > ---- a/source3/rpc_client/cli_netlogon.c > > > -+++ b/source3/rpc_client/cli_netlogon.c > > > -@@ -160,130 +160,6 @@ NTSTATUS rpccli_setup_netlogon_creds(struct cl= i_state *cli, > > > -=20 > > > - /* Logon domain user */ > > > -=20 > > > --NTSTATUS rpccli_netlogon_sam_logon(struct rpc_pipe_client *cli, > > > -- TALLOC_CTX *mem_ctx, > > > -- uint32 logon_parameters, > > > -- const char *domain, > > > -- const char *username, > > > -- const char *password, > > > -- const char *workstation, > > > -- uint16_t _ignored_validation_level, > > > -- int logon_type) > > > --{ > > > -- NTSTATUS status; > > > -- union netr_LogonLevel *logon; > > > -- uint16_t validation_level =3D 0; > > > -- union netr_Validation *validation =3D NULL; > > > -- uint8_t authoritative =3D 0; > > > -- uint32_t flags =3D 0; > > > -- fstring clnt_name_slash; > > > -- > > > -- logon =3D talloc_zero(mem_ctx, union netr_LogonLevel); > > > -- if (!logon) { > > > -- return NT_STATUS_NO_MEMORY; > > > -- } > > > -- > > > -- if (workstation) { > > > -- fstr_sprintf( clnt_name_slash, "\\\\%s", workstation ); > > > -- } else { > > > -- fstr_sprintf( clnt_name_slash, "\\\\%s", lp_netbios_name() ); > > > -- } > > > -- > > > -- /* Initialise input parameters */ > > > -- > > > -- switch (logon_type) { > > > -- case NetlogonInteractiveInformation: { > > > -- > > > -- struct netr_PasswordInfo *password_info; > > > -- > > > -- struct samr_Password lmpassword; > > > -- struct samr_Password ntpassword; > > > -- > > > -- password_info =3D talloc_zero(mem_ctx, struct netr_PasswordInfo); > > > -- if (!password_info) { > > > -- return NT_STATUS_NO_MEMORY; > > > -- } > > > -- > > > -- nt_lm_owf_gen(password, ntpassword.hash, lmpassword.hash); > > > -- > > > -- password_info->identity_info.domain_name.string =3D domain; > > > -- password_info->identity_info.parameter_control =3D logon_paramet= ers; > > > -- password_info->identity_info.logon_id_low =3D 0xdead; > > > -- password_info->identity_info.logon_id_high =3D 0xbeef; > > > -- password_info->identity_info.account_name.string =3D username; > > > -- password_info->identity_info.workstation.string =3D clnt_name_sl= ash; > > > -- > > > -- password_info->lmpassword =3D lmpassword; > > > -- password_info->ntpassword =3D ntpassword; > > > -- > > > -- logon->password =3D password_info; > > > -- > > > -- break; > > > -- } > > > -- case NetlogonNetworkInformation: { > > > -- struct netr_NetworkInfo *network_info; > > > -- uint8 chal[8]; > > > -- unsigned char local_lm_response[24]; > > > -- unsigned char local_nt_response[24]; > > > -- struct netr_ChallengeResponse lm; > > > -- struct netr_ChallengeResponse nt; > > > -- > > > -- ZERO_STRUCT(lm); > > > -- ZERO_STRUCT(nt); > > > -- > > > -- network_info =3D talloc_zero(mem_ctx, struct netr_NetworkInfo); > > > -- if (!network_info) { > > > -- return NT_STATUS_NO_MEMORY; > > > -- } > > > -- > > > -- generate_random_buffer(chal, 8); > > > -- > > > -- SMBencrypt(password, chal, local_lm_response); > > > -- SMBNTencrypt(password, chal, local_nt_response); > > > -- > > > -- lm.length =3D 24; > > > -- lm.data =3D local_lm_response; > > > -- > > > -- nt.length =3D 24; > > > -- nt.data =3D local_nt_response; > > > -- > > > -- network_info->identity_info.domain_name.string =3D domain; > > > -- network_info->identity_info.parameter_control =3D logon_paramete= rs; > > > -- network_info->identity_info.logon_id_low =3D 0xdead; > > > -- network_info->identity_info.logon_id_high =3D 0xbeef; > > > -- network_info->identity_info.account_name.string =3D username; > > > -- network_info->identity_info.workstation.string =3D clnt_name_sla= sh; > > > -- > > > -- memcpy(network_info->challenge, chal, 8); > > > -- network_info->nt =3D nt; > > > -- network_info->lm =3D lm; > > > -- > > > -- logon->network =3D network_info; > > > -- > > > -- break; > > > -- } > > > -- default: > > > -- DEBUG(0, ("switch value %d not supported\n", > > > -- logon_type)); > > > -- return NT_STATUS_INVALID_INFO_CLASS; > > > -- } > > > -- > > > -- status =3D netlogon_creds_cli_LogonSamLogon(cli->netlogon_creds, > > > -- cli->binding_handle, > > > -- logon_type, > > > -- logon, > > > -- mem_ctx, > > > -- &validation_level, > > > -- &validation, > > > -- &authoritative, > > > -- &flags); > > > -- if (!NT_STATUS_IS_OK(status)) { > > > -- return status; > > > -- } > > > -- > > > -- return NT_STATUS_OK; > > > --} > > > -- > > > - NTSTATUS rpccli_netlogon_password_logon(struct netlogon_creds_cli_c= ontext *creds, > > > - struct dcerpc_binding_handle *binding_handle, > > > - uint32_t logon_parameters, > > > -diff --git a/source3/rpc_client/cli_netlogon.h b/source3/rpc_client/= cli_netlogon.h > > > -index 0de836a..eaa5b0c 100644 > > > ---- a/source3/rpc_client/cli_netlogon.h > > > -+++ b/source3/rpc_client/cli_netlogon.h > > > -@@ -43,15 +43,6 @@ NTSTATUS rpccli_setup_netlogon_creds(struct cli_s= tate *cli, > > > - bool force_reauth, > > > - struct samr_Password current_nt_hash, > > > - const struct samr_Password *previous_nt_hash); > > > --NTSTATUS rpccli_netlogon_sam_logon(struct rpc_pipe_client *cli, > > > -- TALLOC_CTX *mem_ctx, > > > -- uint32 logon_parameters, > > > -- const char *domain, > > > -- const char *username, > > > -- const char *password, > > > -- const char *workstation, > > > -- uint16_t validation_level, > > > -- int logon_type); > > > - NTSTATUS rpccli_netlogon_password_logon(struct netlogon_creds_cli_c= ontext *creds, > > > - struct dcerpc_binding_handle *binding_handle, > > > - uint32_t logon_parameters, > > > ---=20 > > > -1.9.3 > > > - > > > - > > > -From 4092fca5daf42e1cd26af8069b09b97a7d01df9c Mon Sep 17 00:00:00 20= 01 > > > -From: Stefan Metzmacher > > > -Date: Mon, 16 Sep 2013 19:23:54 +0200 > > > -Subject: [PATCH 211/249] s3:rpc_client: remove unused > > > - rpccli_netlogon_sam_network_logon() > > > - > > > -Signed-off-by: Stefan Metzmacher > > > -Reviewed-by: Andrew Bartlett > > > -(cherry picked from commit 3f41b583840ffa2220f61eea61833bf3c6bd33db) > > > ---- > > > - source3/rpc_client/cli_netlogon.c | 94 ----------------------------= ----------- > > > - source3/rpc_client/cli_netlogon.h | 12 ----- > > > - 2 files changed, 106 deletions(-) > > > - > > > -diff --git a/source3/rpc_client/cli_netlogon.c b/source3/rpc_client/= cli_netlogon.c > > > -index 171337a..ca2d9bf 100644 > > > ---- a/source3/rpc_client/cli_netlogon.c > > > -+++ b/source3/rpc_client/cli_netlogon.c > > > -@@ -346,100 +346,6 @@ static NTSTATUS map_validation_to_info3(TALLOC= _CTX *mem_ctx, > > > - * @param info3 Pointer to a NET_USER_INFO_3 already allocated by t= he caller. > > > - **/ > > > -=20 > > > --NTSTATUS rpccli_netlogon_sam_network_logon(struct rpc_pipe_client *= cli, > > > -- TALLOC_CTX *mem_ctx, > > > -- uint32 logon_parameters, > > > -- const char *server, > > > -- const char *username, > > > -- const char *domain, > > > -- const char *workstation, > > > -- const uint8 chal[8], > > > -- uint16_t _ignored_validation_level, > > > -- DATA_BLOB lm_response, > > > -- DATA_BLOB nt_response, > > > -- struct netr_SamInfo3 **info3) > > > --{ > > > -- NTSTATUS status; > > > -- const char *workstation_name_slash; > > > -- union netr_LogonLevel *logon =3D NULL; > > > -- struct netr_NetworkInfo *network_info; > > > -- uint16_t validation_level =3D 0; > > > -- union netr_Validation *validation =3D NULL; > > > -- uint8_t authoritative =3D 0; > > > -- uint32_t flags =3D 0; > > > -- struct netr_ChallengeResponse lm; > > > -- struct netr_ChallengeResponse nt; > > > -- > > > -- *info3 =3D NULL; > > > -- > > > -- ZERO_STRUCT(lm); > > > -- ZERO_STRUCT(nt); > > > -- > > > -- logon =3D talloc_zero(mem_ctx, union netr_LogonLevel); > > > -- if (!logon) { > > > -- return NT_STATUS_NO_MEMORY; > > > -- } > > > -- > > > -- network_info =3D talloc_zero(mem_ctx, struct netr_NetworkInfo); > > > -- if (!network_info) { > > > -- return NT_STATUS_NO_MEMORY; > > > -- } > > > -- > > > -- if (workstation[0] !=3D '\\' && workstation[1] !=3D '\\') { > > > -- workstation_name_slash =3D talloc_asprintf(mem_ctx, "\\\\%s", wor= kstation); > > > -- } else { > > > -- workstation_name_slash =3D workstation; > > > -- } > > > -- > > > -- if (!workstation_name_slash) { > > > -- DEBUG(0, ("talloc_asprintf failed!\n")); > > > -- return NT_STATUS_NO_MEMORY; > > > -- } > > > -- > > > -- /* Initialise input parameters */ > > > -- > > > -- lm.data =3D lm_response.data; > > > -- lm.length =3D lm_response.length; > > > -- nt.data =3D nt_response.data; > > > -- nt.length =3D nt_response.length; > > > -- > > > -- network_info->identity_info.domain_name.string =3D domain; > > > -- network_info->identity_info.parameter_control =3D logon_parameter= s; > > > -- network_info->identity_info.logon_id_low =3D 0xdead; > > > -- network_info->identity_info.logon_id_high =3D 0xbeef; > > > -- network_info->identity_info.account_name.string =3D username; > > > -- network_info->identity_info.workstation.string =3D workstation_na= me_slash; > > > -- > > > -- memcpy(network_info->challenge, chal, 8); > > > -- network_info->nt =3D nt; > > > -- network_info->lm =3D lm; > > > -- > > > -- logon->network =3D network_info; > > > -- > > > -- /* Marshall data and send request */ > > > -- > > > -- status =3D netlogon_creds_cli_LogonSamLogon(cli->netlogon_creds, > > > -- cli->binding_handle, > > > -- NetlogonNetworkInformation, > > > -- logon, > > > -- mem_ctx, > > > -- &validation_level, > > > -- &validation, > > > -- &authoritative, > > > -- &flags); > > > -- if (!NT_STATUS_IS_OK(status)) { > > > -- return status; > > > -- } > > > -- > > > -- status =3D map_validation_to_info3(mem_ctx, > > > -- validation_level, validation, > > > -- info3); > > > -- if (!NT_STATUS_IS_OK(status)) { > > > -- return status; > > > -- } > > > -- > > > -- return NT_STATUS_OK; > > > --} > > > -=20 > > > - NTSTATUS rpccli_netlogon_network_logon(struct netlogon_creds_cli_co= ntext *creds, > > > - struct dcerpc_binding_handle *binding_handle, > > > -diff --git a/source3/rpc_client/cli_netlogon.h b/source3/rpc_client/= cli_netlogon.h > > > -index eaa5b0c..61fed4a 100644 > > > ---- a/source3/rpc_client/cli_netlogon.h > > > -+++ b/source3/rpc_client/cli_netlogon.h > > > -@@ -51,18 +51,6 @@ NTSTATUS rpccli_netlogon_password_logon(struct ne= tlogon_creds_cli_context *creds > > > - const char *password, > > > - const char *workstation, > > > - enum netr_LogonInfoClass logon_type); > > > --NTSTATUS rpccli_netlogon_sam_network_logon(struct rpc_pipe_client *= cli, > > > -- TALLOC_CTX *mem_ctx, > > > -- uint32 logon_parameters, > > > -- const char *server, > > > -- const char *username, > > > -- const char *domain, > > > -- const char *workstation, > > > -- const uint8 chal[8], > > > -- uint16_t validation_level, > > > -- DATA_BLOB lm_response, > > > -- DATA_BLOB nt_response, > > > -- struct netr_SamInfo3 **info3); > > > - NTSTATUS rpccli_netlogon_network_logon(struct netlogon_creds_cli_co= ntext *creds, > > > - struct dcerpc_binding_handle *binding_handle, > > > - TALLOC_CTX *mem_ctx, > > > ---=20 > > > -1.9.3 > > > - > > > - > > > -From bdfc02fd5830ed6e2f14aaf90456e572028ada6a Mon Sep 17 00:00:00 20= 01 > > > -From: Stefan Metzmacher > > > -Date: Mon, 16 Sep 2013 19:25:27 +0200 > > > -Subject: [PATCH 212/249] s3:rpc_client: finally remove unused > > > - rpc_pipe_client->netlogon_creds > > > - > > > -Signed-off-by: Stefan Metzmacher > > > -Reviewed-by: Andrew Bartlett > > > -(cherry picked from commit c0761c3eae34175d772476006caf5caad68bd8c6) > > > ---- > > > - source3/rpc_client/cli_pipe.c | 9 --------- > > > - source3/rpc_client/rpc_client.h | 3 --- > > > - 2 files changed, 12 deletions(-) > > > - > > > -diff --git a/source3/rpc_client/cli_pipe.c b/source3/rpc_client/cli_= pipe.c > > > -index 31cd7f5..8613a21 100644 > > > ---- a/source3/rpc_client/cli_pipe.c > > > -+++ b/source3/rpc_client/cli_pipe.c > > > -@@ -3097,15 +3097,6 @@ NTSTATUS cli_rpc_pipe_open_schannel_with_key(= struct cli_state *cli, > > > - return status; > > > - } > > > -=20 > > > -- status =3D netlogon_creds_cli_context_copy(netlogon_creds, > > > -- rpccli, > > > -- &rpccli->netlogon_creds); > > > -- if (!NT_STATUS_IS_OK(status)) { > > > -- DEBUG(0, ("netlogon_creds_cli_context_copy failed with %s\n", > > > -- nt_errstr(status))); > > > -- TALLOC_FREE(rpccli); > > > -- return status; > > > -- } > > > -=20 > > > - done: > > > - DEBUG(10,("cli_rpc_pipe_open_schannel_with_key: opened pipe %s to = machine %s " > > > -diff --git a/source3/rpc_client/rpc_client.h b/source3/rpc_client/rp= c_client.h > > > -index 7c4cceb..7c5ff0e 100644 > > > ---- a/source3/rpc_client/rpc_client.h > > > -+++ b/source3/rpc_client/rpc_client.h > > > -@@ -48,9 +48,6 @@ struct rpc_pipe_client { > > > - uint16 max_recv_frag; > > > -=20 > > > - struct pipe_auth_data *auth; > > > -- > > > -- /* The following is only non-null on a netlogon client pipe. */ > > > -- struct netlogon_creds_cli_context *netlogon_creds; > > > - }; > > > -=20 > > > - #endif /* _RPC_CLIENT_H */ > > > ---=20 > > > -1.9.3 > > > - > > > - > > > -From 710124dca6a97d9148d62bc9aa727568d5284e45 Mon Sep 17 00:00:00 20= 01 > > > -From: Stefan Metzmacher > > > -Date: Thu, 17 Oct 2013 19:17:12 +0200 > > > -Subject: [PATCH 213/249] libcli/auth: remove unused > > > - netlogon_creds_cli_context_copy() > > > - > > > -Signed-off-by: Stefan Metzmacher > > > -Reviewed-by: Andrew Bartlett > > > -(cherry picked from commit 3d45d4dc3c69557bf1d1fe6d4a880ad74a2a41f1) > > > ---- > > > - libcli/auth/netlogon_creds_cli.c | 47 -----------------------------= ----------- > > > - libcli/auth/netlogon_creds_cli.h | 4 ---- > > > - 2 files changed, 51 deletions(-) > > > - > > > -diff --git a/libcli/auth/netlogon_creds_cli.c b/libcli/auth/netlogon= _creds_cli.c > > > -index 6590b21..1724064 100644 > > > ---- a/libcli/auth/netlogon_creds_cli.c > > > -+++ b/libcli/auth/netlogon_creds_cli.c > > > -@@ -488,53 +488,6 @@ NTSTATUS netlogon_creds_cli_context_tmp(const c= har *client_computer, > > > - return NT_STATUS_OK; > > > - } > > > -=20 > > > --NTSTATUS netlogon_creds_cli_context_copy( > > > -- const struct netlogon_creds_cli_context *src, > > > -- TALLOC_CTX *mem_ctx, > > > -- struct netlogon_creds_cli_context **_dst) > > > --{ > > > -- struct netlogon_creds_cli_context *dst; > > > -- > > > -- dst =3D talloc_zero(mem_ctx, struct netlogon_creds_cli_context); > > > -- if (dst =3D=3D NULL) { > > > -- return NT_STATUS_NO_MEMORY; > > > -- } > > > -- > > > -- *dst =3D *src; > > > -- > > > -- dst->client.computer =3D talloc_strdup(dst, src->client.computer); > > > -- if (dst->client.computer =3D=3D NULL) { > > > -- TALLOC_FREE(dst); > > > -- return NT_STATUS_NO_MEMORY; > > > -- } > > > -- dst->client.account =3D talloc_strdup(dst, src->client.account); > > > -- if (dst->client.account =3D=3D NULL) { > > > -- TALLOC_FREE(dst); > > > -- return NT_STATUS_NO_MEMORY; > > > -- } > > > -- dst->server.computer =3D talloc_strdup(dst, src->server.computer); > > > -- if (dst->server.computer =3D=3D NULL) { > > > -- TALLOC_FREE(dst); > > > -- return NT_STATUS_NO_MEMORY; > > > -- } > > > -- dst->server.netbios_domain =3D talloc_strdup(dst, src->server.netb= ios_domain); > > > -- if (dst->server.netbios_domain =3D=3D NULL) { > > > -- TALLOC_FREE(dst); > > > -- return NT_STATUS_NO_MEMORY; > > > -- } > > > -- > > > -- dst->db.key_name =3D talloc_strdup(dst, src->db.key_name); > > > -- if (dst->db.key_name =3D=3D NULL) { > > > -- TALLOC_FREE(dst); > > > -- return NT_STATUS_NO_MEMORY; > > > -- } > > > -- > > > -- dst->db.key_data =3D string_term_tdb_data(dst->db.key_name); > > > -- > > > -- *_dst =3D dst; > > > -- return NT_STATUS_OK; > > > --} > > > -- > > > - enum dcerpc_AuthLevel netlogon_creds_cli_auth_level( > > > - struct netlogon_creds_cli_context *context) > > > - { > > > -diff --git a/libcli/auth/netlogon_creds_cli.h b/libcli/auth/netlogon= _creds_cli.h > > > -index f8f2bef..5bd8bd3 100644 > > > ---- a/libcli/auth/netlogon_creds_cli.h > > > -+++ b/libcli/auth/netlogon_creds_cli.h > > > -@@ -49,10 +49,6 @@ NTSTATUS netlogon_creds_cli_context_tmp(const cha= r *client_computer, > > > - const char *server_netbios_domain, > > > - TALLOC_CTX *mem_ctx, > > > - struct netlogon_creds_cli_context **_context); > > > --NTSTATUS netlogon_creds_cli_context_copy( > > > -- const struct netlogon_creds_cli_context *src, > > > -- TALLOC_CTX *mem_ctx, > > > -- struct netlogon_creds_cli_context **_dst); > > > -=20 > > > - enum dcerpc_AuthLevel netlogon_creds_cli_auth_level( > > > - struct netlogon_creds_cli_context *context); > > > ---=20 > > > -1.9.3 > > > - > > > - > > > -From aa3a65e9770bb81e73b30e71b49855b18d012e68 Mon Sep 17 00:00:00 20= 01 > > > -From: Stefan Metzmacher > > > -Date: Fri, 6 Dec 2013 11:38:21 +0100 > > > -Subject: [PATCH 214/249] lib/param: add "allow nt4 crypto" option, d= efaulting > > > - to false > > > - > > > -Signed-off-by: Stefan Metzmacher > > > -Reviewed-by: Andrew Bartlett > > > -(cherry picked from commit 87bdc88328568359e51af6615b378ba8dc67f647) > > > ---- > > > - docs-xml/smbdotconf/logon/allownt4crypto.xml | 26 +++++++++++++++++= +++++++++ > > > - lib/param/param_functions.c | 1 + > > > - lib/param/param_table.c | 9 +++++++++ > > > - 3 files changed, 36 insertions(+) > > > - create mode 100644 docs-xml/smbdotconf/logon/allownt4crypto.xml > > > - > > > -diff --git a/docs-xml/smbdotconf/logon/allownt4crypto.xml b/docs-xml= /smbdotconf/logon/allownt4crypto.xml > > > -new file mode 100644 > > > -index 0000000..4d417c7 > > > ---- /dev/null > > > -+++ b/docs-xml/smbdotconf/logon/allownt4crypto.xml > > > -@@ -0,0 +1,26 @@ > > > -+ > > -+ context=3D"G" > > > -+ type=3D"boolean" > > > -+ advanced=3D"1" > > > -+ xmlns:samba=3D"http://www.samba.org/samba/DTD/samb= a-doc"> > > > -+ > > > -+ This option controls whether the netlogon server (currently > > > -+ only in 'active directory domain controller' mode), will > > > -+ reject clients which does not support NETLOGON_NEG_STRONG_KEYS > > > -+ nor NETLOGON_NEG_SUPPORTS_AES. > > > -+ > > > -+ This option was added with Samba 4.2.0. It may lock out clie= nts > > > -+ which worked fine with Samba versions up to 4.1.x. as the effectiv= e default > > > -+ was "yes" there, while it is "no" now. > > > -+ > > > -+ If you have clients without RequireStrongKey =3D 1 in the re= gistry, > > > -+ you may need to set "allow nt4 crypto =3D yes", until you have fix= ed all clients. > > > -+ > > > -+ > > > -+ "allow nt4 crypto =3D yes" allows weak crypto to be negotiat= ed, maybe via downgrade attacks. > > > -+ > > > -+ This option yields precedence to the 'reject md5 clients' op= tion. > > > -+ > > > -+ > > > -+no > > > -+ > > > -diff --git a/lib/param/param_functions.c b/lib/param/param_functions= =2Ec > > > -index 41b137f..bf931c6 100644 > > > ---- a/lib/param/param_functions.c > > > -+++ b/lib/param/param_functions.c > > > -@@ -154,6 +154,7 @@ FN_LOCAL_PARM_BOOL(kernel_change_notify, bKernel= ChangeNotify) > > > - FN_LOCAL_BOOL(durable_handles, bDurableHandles) > > > -=20 > > > - FN_GLOBAL_BOOL(allow_insecure_widelinks, bAllowInsecureWidelinks) > > > -+FN_GLOBAL_BOOL(allow_nt4_crypto, bAllowNT4Crypto) > > > - FN_GLOBAL_BOOL(allow_trusted_domains, bAllowTrustedDomains) > > > - FN_GLOBAL_BOOL(async_smb_echo_handler, bAsyncSMBEchoHandler) > > > - FN_GLOBAL_BOOL(bind_interfaces_only, bBindInterfacesOnly) > > > -diff --git a/lib/param/param_table.c b/lib/param/param_table.c > > > -index 36e8554..5ef78de 100644 > > > ---- a/lib/param/param_table.c > > > -+++ b/lib/param/param_table.c > > > -@@ -4324,6 +4324,15 @@ static struct parm_struct parm_table[] =3D { > > > - .special =3D NULL, > > > - .enum_list =3D NULL > > > - }, > > > -+ { > > > -+ .label =3D "allow nt4 crypto", > > > -+ .type =3D P_BOOL, > > > -+ .p_class =3D P_GLOBAL, > > > -+ .offset =3D GLOBAL_VAR(bAllowNT4Crypto), > > > -+ .special =3D NULL, > > > -+ .enum_list =3D NULL, > > > -+ .flags =3D FLAG_ADVANCED, > > > -+ }, > > > -=20 > > > - {N_("TLS options"), P_SEP, P_SEPARATOR}, > > > -=20 > > > ---=20 > > > -1.9.3 > > > - > > > - > > > -From 51323c0574963065e2edf9346f310f08ce2b59e8 Mon Sep 17 00:00:00 20= 01 > > > -From: Stefan Metzmacher > > > -Date: Fri, 6 Dec 2013 11:39:15 +0100 > > > -Subject: [PATCH 215/249] lib/param: add "reject md5 client" option, = defaulting > > > - to false > > > - > > > -Signed-off-by: Stefan Metzmacher > > > -Reviewed-by: Andrew Bartlett > > > -(cherry picked from commit 807bcb4981fb20a9b97e69f01c3545ea7e85666e) > > > ---- > > > - docs-xml/smbdotconf/logon/rejectmd5clients.xml | 18 +++++++++++++++= +++ > > > - lib/param/param_functions.c | 1 + > > > - lib/param/param_table.c | 9 +++++++++ > > > - 3 files changed, 28 insertions(+) > > > - create mode 100644 docs-xml/smbdotconf/logon/rejectmd5clients.xml > > > - > > > -diff --git a/docs-xml/smbdotconf/logon/rejectmd5clients.xml b/docs-x= ml/smbdotconf/logon/rejectmd5clients.xml > > > -new file mode 100644 > > > -index 0000000..04a5b4d > > > ---- /dev/null > > > -+++ b/docs-xml/smbdotconf/logon/rejectmd5clients.xml > > > -@@ -0,0 +1,18 @@ > > > -+ > > -+ context=3D"G" > > > -+ type=3D"boolean" > > > -+ advanced=3D"1" > > > -+ xmlns:samba=3D"http://www.samba.org/samba/DTD/samb= a-doc"> > > > -+ > > > -+ This option controls whether the netlogon server (currently > > > -+ only in 'active directory domain controller' mode), will > > > -+ reject clients which does not support NETLOGON_NEG_SUPPORTS_AES. > > > -+ > > > -+ You can set this to yes if all domain members support aes. > > > -+ This will prevent downgrade attacks. > > > -+ > > > -+ This option takes precedence to the 'allow nt4 crypto' optio= n. > > > -+ > > > -+ > > > -+no > > > -+ > > > -diff --git a/lib/param/param_functions.c b/lib/param/param_functions= =2Ec > > > -index bf931c6..99f0b7f 100644 > > > ---- a/lib/param/param_functions.c > > > -+++ b/lib/param/param_functions.c > > > -@@ -205,6 +205,7 @@ FN_GLOBAL_BOOL(pam_password_change, bPamPassword= Change) > > > - FN_GLOBAL_BOOL(passdb_expand_explicit, bPassdbExpandExplicit) > > > - FN_GLOBAL_BOOL(passwd_chat_debug, bPasswdChatDebug) > > > - FN_GLOBAL_BOOL(registry_shares, bRegistryShares) > > > -+FN_GLOBAL_BOOL(reject_md5_clients, bRejectMD5Clients) > > > - FN_GLOBAL_BOOL(reject_md5_servers, bRejectMD5Servers) > > > - FN_GLOBAL_BOOL(require_strong_key, bRequireStrongKey) > > > - FN_GLOBAL_BOOL(reset_on_zero_vc, bResetOnZeroVC) > > > -diff --git a/lib/param/param_table.c b/lib/param/param_table.c > > > -index 5ef78de..4850324 100644 > > > ---- a/lib/param/param_table.c > > > -+++ b/lib/param/param_table.c > > > -@@ -4333,6 +4333,15 @@ static struct parm_struct parm_table[] =3D { > > > - .enum_list =3D NULL, > > > - .flags =3D FLAG_ADVANCED, > > > - }, > > > -+ { > > > -+ .label =3D "reject md5 clients", > > > -+ .type =3D P_BOOL, > > > -+ .p_class =3D P_GLOBAL, > > > -+ .offset =3D GLOBAL_VAR(bRejectMD5Clients), > > > -+ .special =3D NULL, > > > -+ .enum_list =3D NULL, > > > -+ .flags =3D FLAG_ADVANCED, > > > -+ }, > > > -=20 > > > - {N_("TLS options"), P_SEP, P_SEPARATOR}, > > > -=20 > > > ---=20 > > > -1.9.3 > > > - > > > - > > > -From 4f3cd17f89ddedaf6e34bc17b220f6ae6993d0c0 Mon Sep 17 00:00:00 20= 01 > > > -From: Stefan Metzmacher > > > -Date: Fri, 6 Dec 2013 13:41:43 +0100 > > > -Subject: [PATCH 216/249] selftest/Samba4: use "allow nt4 crypto =3D = yes" for > > > - testing > > > - > > > -Signed-off-by: Stefan Metzmacher > > > -Reviewed-by: Andrew Bartlett > > > -(cherry picked from commit 0d4806f9f056c3e37f5aed1ef19e2924aa8f4151) > > > ---- > > > - selftest/target/Samba4.pm | 1 + > > > - 1 file changed, 1 insertion(+) > > > - > > > -diff --git a/selftest/target/Samba4.pm b/selftest/target/Samba4.pm > > > -index ac2fdd9..ee6a365 100644 > > > ---- a/selftest/target/Samba4.pm > > > -+++ b/selftest/target/Samba4.pm > > > -@@ -776,6 +776,7 @@ sub provision($$$$$$$$$) > > > - server max protocol =3D SMB2 > > > - host msdfs =3D $msdfs > > > - lanman auth =3D yes > > > -+ allow nt4 crypto =3D yes > > > -=20 > > > - $extra_smbconf_options > > > -=20 > > > ---=20 > > > -1.9.3 > > > - > > > - > > > -From 32f88ae5a3d254c6e1b94ea2aaa45febf475af9e Mon Sep 17 00:00:00 20= 01 > > > -From: Stefan Metzmacher > > > -Date: Mon, 23 Dec 2013 10:12:24 +0100 > > > -Subject: [PATCH 217/249] s4:netlogon: correctly calculate the negoti= ate_flags > > > - > > > -We need to bit-wise AND the client and server flags. > > > - > > > -Signed-off-by: Stefan Metzmacher > > > -Reviewed-by: Andrew Bartlett > > > -(cherry picked from commit 3b77b804cdc9e7621f026ef9bc8e7059f471348e) > > > ---- > > > - source4/rpc_server/netlogon/dcerpc_netlogon.c | 59 +++++++++++++---= ----------- > > > - 1 file changed, 28 insertions(+), 31 deletions(-) > > > - > > > -diff --git a/source4/rpc_server/netlogon/dcerpc_netlogon.c b/source4= /rpc_server/netlogon/dcerpc_netlogon.c > > > -index c41cd02..b001cb5 100644 > > > ---- a/source4/rpc_server/netlogon/dcerpc_netlogon.c > > > -+++ b/source4/rpc_server/netlogon/dcerpc_netlogon.c > > > -@@ -120,6 +120,7 @@ static NTSTATUS dcesrv_netr_ServerAuthenticate3(= struct dcesrv_call_state *dce_ca > > > -=20 > > > - const char *trust_dom_attrs[] =3D {"flatname", NULL}; > > > - const char *account_name; > > > -+ uint32_t server_flags =3D 0; > > > - uint32_t negotiate_flags =3D 0; > > > -=20 > > > - ZERO_STRUCTP(r->out.return_credentials); > > > -@@ -176,37 +177,33 @@ static NTSTATUS dcesrv_netr_ServerAuthenticate= 3(struct dcesrv_call_state *dce_ca > > > - memcache_delete(global_challenge_table, > > > - SINGLETON_CACHE, challenge_key); > > > -=20 > > > -- negotiate_flags =3D NETLOGON_NEG_ACCOUNT_LOCKOUT | > > > -- NETLOGON_NEG_PERSISTENT_SAMREPL | > > > -- NETLOGON_NEG_ARCFOUR | > > > -- NETLOGON_NEG_PROMOTION_COUNT | > > > -- NETLOGON_NEG_CHANGELOG_BDC | > > > -- NETLOGON_NEG_FULL_SYNC_REPL | > > > -- NETLOGON_NEG_MULTIPLE_SIDS | > > > -- NETLOGON_NEG_REDO | > > > -- NETLOGON_NEG_PASSWORD_CHANGE_REFUSAL | > > > -- NETLOGON_NEG_SEND_PASSWORD_INFO_PDC | > > > -- NETLOGON_NEG_GENERIC_PASSTHROUGH | > > > -- NETLOGON_NEG_CONCURRENT_RPC | > > > -- NETLOGON_NEG_AVOID_ACCOUNT_DB_REPL | > > > -- NETLOGON_NEG_AVOID_SECURITYAUTH_DB_REPL | > > > -- NETLOGON_NEG_TRANSITIVE_TRUSTS | > > > -- NETLOGON_NEG_DNS_DOMAIN_TRUSTS | > > > -- NETLOGON_NEG_PASSWORD_SET2 | > > > -- NETLOGON_NEG_GETDOMAININFO | > > > -- NETLOGON_NEG_CROSS_FOREST_TRUSTS | > > > -- NETLOGON_NEG_NEUTRALIZE_NT4_EMULATION | > > > -- NETLOGON_NEG_RODC_PASSTHROUGH | > > > -- NETLOGON_NEG_AUTHENTICATED_RPC_LSASS | > > > -- NETLOGON_NEG_AUTHENTICATED_RPC; > > > -- > > > -- if (*r->in.negotiate_flags & NETLOGON_NEG_STRONG_KEYS) { > > > -- negotiate_flags |=3D NETLOGON_NEG_STRONG_KEYS; > > > -- } > > > -- > > > -- if (*r->in.negotiate_flags & NETLOGON_NEG_SUPPORTS_AES) { > > > -- negotiate_flags |=3D NETLOGON_NEG_SUPPORTS_AES; > > > -- } > > > -+ server_flags =3D NETLOGON_NEG_ACCOUNT_LOCKOUT | > > > -+ NETLOGON_NEG_PERSISTENT_SAMREPL | > > > -+ NETLOGON_NEG_ARCFOUR | > > > -+ NETLOGON_NEG_PROMOTION_COUNT | > > > -+ NETLOGON_NEG_CHANGELOG_BDC | > > > -+ NETLOGON_NEG_FULL_SYNC_REPL | > > > -+ NETLOGON_NEG_MULTIPLE_SIDS | > > > -+ NETLOGON_NEG_REDO | > > > -+ NETLOGON_NEG_PASSWORD_CHANGE_REFUSAL | > > > -+ NETLOGON_NEG_SEND_PASSWORD_INFO_PDC | > > > -+ NETLOGON_NEG_GENERIC_PASSTHROUGH | > > > -+ NETLOGON_NEG_CONCURRENT_RPC | > > > -+ NETLOGON_NEG_AVOID_ACCOUNT_DB_REPL | > > > -+ NETLOGON_NEG_AVOID_SECURITYAUTH_DB_REPL | > > > -+ NETLOGON_NEG_STRONG_KEYS | > > > -+ NETLOGON_NEG_TRANSITIVE_TRUSTS | > > > -+ NETLOGON_NEG_DNS_DOMAIN_TRUSTS | > > > -+ NETLOGON_NEG_PASSWORD_SET2 | > > > -+ NETLOGON_NEG_GETDOMAININFO | > > > -+ NETLOGON_NEG_CROSS_FOREST_TRUSTS | > > > -+ NETLOGON_NEG_NEUTRALIZE_NT4_EMULATION | > > > -+ NETLOGON_NEG_RODC_PASSTHROUGH | > > > -+ NETLOGON_NEG_SUPPORTS_AES | > > > -+ NETLOGON_NEG_AUTHENTICATED_RPC_LSASS | > > > -+ NETLOGON_NEG_AUTHENTICATED_RPC; > > > -+ > > > -+ negotiate_flags =3D *r->in.negotiate_flags & server_flags; > > > -=20 > > > - /* > > > - * According to Microsoft (see bugid #6099) > > > ---=20 > > > -1.9.3 > > > - > > > - > > > -From ce8c9b651d9da88a13a8cd0fe02e5f3e2f1f6b51 Mon Sep 17 00:00:00 20= 01 > > > -From: Stefan Metzmacher > > > -Date: Mon, 23 Dec 2013 10:10:17 +0100 > > > -Subject: [PATCH 218/249] s4:netlogon: don't generate a debug message= for > > > - SEC_CHAN_NULL. > > > - > > > -Signed-off-by: Stefan Metzmacher > > > -Reviewed-by: Andrew Bartlett > > > -(cherry picked from commit 2e36fbc77dc43f31ec78cdbef23b94bd00d6f565) > > > ---- > > > - source4/rpc_server/netlogon/dcerpc_netlogon.c | 2 ++ > > > - 1 file changed, 2 insertions(+) > > > - > > > -diff --git a/source4/rpc_server/netlogon/dcerpc_netlogon.c b/source4= /rpc_server/netlogon/dcerpc_netlogon.c > > > -index b001cb5..45a7262 100644 > > > ---- a/source4/rpc_server/netlogon/dcerpc_netlogon.c > > > -+++ b/source4/rpc_server/netlogon/dcerpc_netlogon.c > > > -@@ -220,6 +220,8 @@ static NTSTATUS dcesrv_netr_ServerAuthenticate3(= struct dcesrv_call_state *dce_ca > > > - case SEC_CHAN_BDC: > > > - case SEC_CHAN_RODC: > > > - break; > > > -+ case SEC_CHAN_NULL: > > > -+ return NT_STATUS_INVALID_PARAMETER; > > > - default: > > > - DEBUG(1, ("Client asked for an invalid secure channel type: %d\n", > > > - r->in.secure_channel_type)); > > > ---=20 > > > -1.9.3 > > > - > > > - > > > -From b4d5ace784d207f8562a4c93b55de415a81cec42 Mon Sep 17 00:00:00 20= 01 > > > -From: Stefan Metzmacher > > > -Date: Fri, 6 Dec 2013 12:08:50 +0100 > > > -Subject: [PATCH 219/249] s4:netlogon: implement "allow nt4 crypto" a= nd "reject > > > - md5 clients" features. > > > - > > > -Signed-off-by: Stefan Metzmacher > > > -Reviewed-by: Andrew Bartlett > > > - > > > -Autobuild-User(master): Stefan Metzmacher > > > -Autobuild-Date(master): Tue Jan 7 16:53:31 CET 2014 on sn-devel-104 > > > -(cherry picked from commit 7d2abf520df1ff46d79dfd8ff579c230f2bc3c2a) > > > ---- > > > - source4/rpc_server/netlogon/dcerpc_netlogon.c | 20 ++++++++++++++++= ++++ > > > - 1 file changed, 20 insertions(+) > > > - > > > -diff --git a/source4/rpc_server/netlogon/dcerpc_netlogon.c b/source4= /rpc_server/netlogon/dcerpc_netlogon.c > > > -index 45a7262..6b57cda 100644 > > > ---- a/source4/rpc_server/netlogon/dcerpc_netlogon.c > > > -+++ b/source4/rpc_server/netlogon/dcerpc_netlogon.c > > > -@@ -122,6 +122,9 @@ static NTSTATUS dcesrv_netr_ServerAuthenticate3(= struct dcesrv_call_state *dce_ca > > > - const char *account_name; > > > - uint32_t server_flags =3D 0; > > > - uint32_t negotiate_flags =3D 0; > > > -+ bool allow_nt4_crypto =3D lpcfg_allow_nt4_crypto(dce_call->conn->d= ce_ctx->lp_ctx); > > > -+ bool reject_des_client =3D !allow_nt4_crypto; > > > -+ bool reject_md5_client =3D lpcfg_reject_md5_clients(dce_call->conn= ->dce_ctx->lp_ctx); > > > -=20 > > > - ZERO_STRUCTP(r->out.return_credentials); > > > - *r->out.rid =3D 0; > > > -@@ -205,6 +208,23 @@ static NTSTATUS dcesrv_netr_ServerAuthenticate3= (struct dcesrv_call_state *dce_ca > > > -=20 > > > - negotiate_flags =3D *r->in.negotiate_flags & server_flags; > > > -=20 > > > -+ if (negotiate_flags & NETLOGON_NEG_STRONG_KEYS) { > > > -+ reject_des_client =3D false; > > > -+ } > > > -+ > > > -+ if (negotiate_flags & NETLOGON_NEG_SUPPORTS_AES) { > > > -+ reject_des_client =3D false; > > > -+ reject_md5_client =3D false; > > > -+ } > > > -+ > > > -+ if (reject_des_client || reject_md5_client) { > > > -+ /* > > > -+ * Here we match Windows 2012 and return no flags. > > > -+ */ > > > -+ *r->out.negotiate_flags =3D 0; > > > -+ return NT_STATUS_DOWNGRADE_DETECTED; > > > -+ } > > > -+ > > > - /* > > > - * According to Microsoft (see bugid #6099) > > > - * Windows 7 looks at the negotiate_flags > > > ---=20 > > > -1.9.3 > > > - > > > - > > > -From ff28e17cdcbe8e1ec4a275d80b3e749da4920c6d Mon Sep 17 00:00:00 20= 01 > > > -From: Stefan Metzmacher > > > -Date: Wed, 8 Jan 2014 12:04:22 +0100 > > > -Subject: [PATCH 220/249] libcli/auth: fix usage of an uninitialized = variable > > > - in netlogon_creds_cli_check_caps() > > > -MIME-Version: 1.0 > > > -Content-Type: text/plain; charset=3DUTF-8 > > > -Content-Transfer-Encoding: 8bit > > > - > > > -If status is RPC_PROCNUM_OUT_OF_RANGE, result might be uninitialized. > > > - > > > -Signed-off-by: Stefan Metzmacher > > > -Reviewed-by: Andreas Schneider > > > -Reviewed-by: G=C3=BCnther Deschner > > > -(cherry picked from commit 0e62f3279525ea864590f713f334f4dc5f5d3a32) > > > ---- > > > - libcli/auth/netlogon_creds_cli.c | 4 ++-- > > > - 1 file changed, 2 insertions(+), 2 deletions(-) > > > - > > > -diff --git a/libcli/auth/netlogon_creds_cli.c b/libcli/auth/netlogon= _creds_cli.c > > > -index 1724064..51b30a1 100644 > > > ---- a/libcli/auth/netlogon_creds_cli.c > > > -+++ b/libcli/auth/netlogon_creds_cli.c > > > -@@ -1390,7 +1390,7 @@ struct netlogon_creds_cli_check_state { > > > - }; > > > -=20 > > > - static void netlogon_creds_cli_check_cleanup(struct tevent_req *req, > > > -- NTSTATUS status); > > > -+ NTSTATUS status); > > > - static void netlogon_creds_cli_check_locked(struct tevent_req *subr= eq); > > > -=20 > > > - struct tevent_req *netlogon_creds_cli_check_send(TALLOC_CTX *mem_ct= x, > > > -@@ -1582,7 +1582,7 @@ static void netlogon_creds_cli_check_caps(stru= ct tevent_req *subreq) > > > - * with the next request as the sequence number processing > > > - * gets out of sync. > > > - */ > > > -- netlogon_creds_cli_check_cleanup(req, result); > > > -+ netlogon_creds_cli_check_cleanup(req, status); > > > - tevent_req_done(req); > > > - return; > > > - } > > > ---=20 > > > -1.9.3 > > > - > > > - > > > -From d4902881482eeecf5a219342b3862ac0fbb7b7a9 Mon Sep 17 00:00:00 20= 01 > > > -From: Stefan Metzmacher > > > -Date: Fri, 17 Jan 2014 14:00:27 +0100 > > > -Subject: [PATCH 221/249] libcli/auth: add netlogon_creds_cli_set_glo= bal_db() > > > - > > > -This can be used to inject a db_context from dbwrap_ctdb. > > > - > > > -Signed-off-by: Stefan Metzmacher > > > -Reviewed-by: Andrew Bartlett > > > -(cherry picked from commit ece3ba10a16138a75b207a0cf9fe299759253d99) > > > ---- > > > - libcli/auth/netlogon_creds_cli.c | 10 ++++++++++ > > > - libcli/auth/netlogon_creds_cli.h | 2 ++ > > > - 2 files changed, 12 insertions(+) > > > - > > > -diff --git a/libcli/auth/netlogon_creds_cli.c b/libcli/auth/netlogon= _creds_cli.c > > > -index 51b30a1..37bdf74 100644 > > > ---- a/libcli/auth/netlogon_creds_cli.c > > > -+++ b/libcli/auth/netlogon_creds_cli.c > > > -@@ -199,6 +199,16 @@ static NTSTATUS netlogon_creds_cli_context_comm= on( > > > -=20 > > > - static struct db_context *netlogon_creds_cli_global_db; > > > -=20 > > > -+NTSTATUS netlogon_creds_cli_set_global_db(struct db_context **db) > > > -+{ > > > -+ if (netlogon_creds_cli_global_db !=3D NULL) { > > > -+ return NT_STATUS_INVALID_PARAMETER_MIX; > > > -+ } > > > -+ > > > -+ netlogon_creds_cli_global_db =3D talloc_move(talloc_autofree_conte= xt(), db); > > > -+ return NT_STATUS_OK; > > > -+} > > > -+ > > > - NTSTATUS netlogon_creds_cli_open_global_db(struct loadparm_context = *lp_ctx) > > > - { > > > - char *fname; > > > -diff --git a/libcli/auth/netlogon_creds_cli.h b/libcli/auth/netlogon= _creds_cli.h > > > -index 5bd8bd3..90d0182 100644 > > > ---- a/libcli/auth/netlogon_creds_cli.h > > > -+++ b/libcli/auth/netlogon_creds_cli.h > > > -@@ -28,7 +28,9 @@ > > > - struct netlogon_creds_cli_context; > > > - struct messaging_context; > > > - struct dcerpc_binding_handle; > > > -+struct db_context; > > > -=20 > > > -+NTSTATUS netlogon_creds_cli_set_global_db(struct db_context **db); > > > - NTSTATUS netlogon_creds_cli_open_global_db(struct loadparm_context = *lp_ctx); > > > -=20 > > > - NTSTATUS netlogon_creds_cli_context_global(struct loadparm_context = *lp_ctx, > > > ---=20 > > > -1.9.3 > > > - > > > - > > > -From 80407a74da35cac64bef252698a2477787f0997d Mon Sep 17 00:00:00 20= 01 > > > -From: Stefan Metzmacher > > > -Date: Fri, 17 Jan 2014 14:07:37 +0100 > > > -Subject: [PATCH 222/249] s3:rpc_client: use db_open() to open > > > - "netlogon_creds_cli.tdb" > > > - > > > -This uses dbwrap_ctdb if running in a cluster. > > > - > > > -Signed-off-by: Stefan Metzmacher > > > -Reviewed-by: Andrew Bartlett > > > -(cherry picked from commit 8cf4eff201aa9e1ba8127311bcfc2a357fb4ef03) > > > ---- > > > - source3/rpc_client/cli_netlogon.c | 38 ++++++++++++++++++++++++++++= ++++++++-- > > > - 1 file changed, 36 insertions(+), 2 deletions(-) > > > - > > > -diff --git a/source3/rpc_client/cli_netlogon.c b/source3/rpc_client/= cli_netlogon.c > > > -index ca2d9bf..b7b490f 100644 > > > ---- a/source3/rpc_client/cli_netlogon.c > > > -+++ b/source3/rpc_client/cli_netlogon.c > > > -@@ -21,6 +21,7 @@ > > > - */ > > > -=20 > > > - #include "includes.h" > > > -+#include "system/filesys.h" > > > - #include "libsmb/libsmb.h" > > > - #include "rpc_client/rpc_client.h" > > > - #include "rpc_client/cli_pipe.h" > > > -@@ -34,26 +35,53 @@ > > > - #include "../libcli/security/security.h" > > > - #include "lib/param/param.h" > > > - #include "libcli/smb/smbXcli_base.h" > > > -+#include "dbwrap/dbwrap.h" > > > -+#include "dbwrap/dbwrap_open.h" > > > -+#include "util_tdb.h" > > > -=20 > > > -=20 > > > - NTSTATUS rpccli_pre_open_netlogon_creds(void) > > > - { > > > -- TALLOC_CTX *frame =3D talloc_stackframe(); > > > -+ static bool already_open =3D false; > > > -+ TALLOC_CTX *frame; > > > - struct loadparm_context *lp_ctx; > > > -+ char *fname; > > > -+ struct db_context *global_db; > > > - NTSTATUS status; > > > -=20 > > > -+ if (already_open) { > > > -+ return NT_STATUS_OK; > > > -+ } > > > -+ > > > -+ frame =3D talloc_stackframe(); > > > -+ > > > - lp_ctx =3D loadparm_init_s3(frame, loadparm_s3_helpers()); > > > - if (lp_ctx =3D=3D NULL) { > > > - TALLOC_FREE(frame); > > > - return NT_STATUS_NO_MEMORY; > > > - } > > > -=20 > > > -- status =3D netlogon_creds_cli_open_global_db(lp_ctx); > > > -+ fname =3D lpcfg_private_db_path(frame, lp_ctx, "netlogon_creds_cli= "); > > > -+ if (fname =3D=3D NULL) { > > > -+ TALLOC_FREE(frame); > > > -+ return NT_STATUS_NO_MEMORY; > > > -+ } > > > -+ > > > -+ global_db =3D db_open(talloc_autofree_context(), fname, > > > -+ 0, TDB_CLEAR_IF_FIRST|TDB_INCOMPATIBLE_HASH, > > > -+ O_RDWR|O_CREAT, 0600, DBWRAP_LOCK_ORDER_2); > > > -+ if (global_db =3D=3D NULL) { > > > -+ TALLOC_FREE(frame); > > > -+ return NT_STATUS_NO_MEMORY; > > > -+ } > > > -+ > > > -+ status =3D netlogon_creds_cli_set_global_db(&global_db); > > > - TALLOC_FREE(frame); > > > - if (!NT_STATUS_IS_OK(status)) { > > > - return status; > > > - } > > > -=20 > > > -+ already_open =3D true; > > > - return NT_STATUS_OK; > > > - } > > > -=20 > > > -@@ -69,6 +97,12 @@ NTSTATUS rpccli_create_netlogon_creds(const char = *server_computer, > > > - struct loadparm_context *lp_ctx; > > > - NTSTATUS status; > > > -=20 > > > -+ status =3D rpccli_pre_open_netlogon_creds(); > > > -+ if (!NT_STATUS_IS_OK(status)) { > > > -+ TALLOC_FREE(frame); > > > -+ return status; > > > -+ } > > > -+ > > > - lp_ctx =3D loadparm_init_s3(frame, loadparm_s3_helpers()); > > > - if (lp_ctx =3D=3D NULL) { > > > - TALLOC_FREE(frame); > > > ---=20 > > > -1.9.3 > > > - > > > - > > > -From 2ed3041405f5808031f2d5fd0e42f48246d22b7b Mon Sep 17 00:00:00 20= 01 > > > -From: Stefan Metzmacher > > > -Date: Fri, 17 Jan 2014 14:08:59 +0100 > > > -Subject: [PATCH 223/249] libcli/auth: don't alter the computer_name = in cluster > > > - mode. > > > - > > > -This breaks NTLMv2 authentication. > > > - > > > -Signed-off-by: Stefan Metzmacher > > > -Reviewed-by: Andrew Bartlett > > > -(cherry picked from commit 387ed2e15df085274f72cebda341040a1e767a4b) > > > ---- > > > - libcli/auth/netlogon_creds_cli.c | 22 +++------------------- > > > - 1 file changed, 3 insertions(+), 19 deletions(-) > > > - > > > -diff --git a/libcli/auth/netlogon_creds_cli.c b/libcli/auth/netlogon= _creds_cli.c > > > -index 37bdf74..88893ad 100644 > > > ---- a/libcli/auth/netlogon_creds_cli.c > > > -+++ b/libcli/auth/netlogon_creds_cli.c > > > -@@ -261,28 +261,12 @@ NTSTATUS netlogon_creds_cli_context_global(str= uct loadparm_context *lp_ctx, > > > - bool seal_secure_channel =3D true; > > > - enum dcerpc_AuthLevel auth_level =3D DCERPC_AUTH_LEVEL_NONE; > > > - bool neutralize_nt4_emulation =3D false; > > > -- struct server_id self =3D { > > > -- .vnn =3D NONCLUSTER_VNN, > > > -- .unique_id =3D SERVERID_UNIQUE_ID_NOT_TO_VERIFY, > > > -- }; > > > -- > > > -- if (msg_ctx !=3D NULL) { > > > -- self =3D messaging_server_id(msg_ctx); > > > -- } > > > -=20 > > > - *_context =3D NULL; > > > -=20 > > > -- if (self.vnn !=3D NONCLUSTER_VNN) { > > > -- client_computer =3D talloc_asprintf(frame, > > > -- "%s_cluster_vnn_%u", > > > -- lpcfg_netbios_name(lp_ctx), > > > -- (unsigned)self.vnn); > > > -- if (client_computer =3D=3D NULL) { > > > -- TALLOC_FREE(frame); > > > -- return NT_STATUS_NO_MEMORY; > > > -- } > > > -- } else { > > > -- client_computer =3D lpcfg_netbios_name(lp_ctx); > > > -+ client_computer =3D lpcfg_netbios_name(lp_ctx); > > > -+ if (strlen(client_computer) > 15) { > > > -+ return NT_STATUS_INVALID_PARAMETER_MIX; > > > - } > > > -=20 > > > - /* > > > ---=20 > > > -1.9.3 > > > - > > > - > > > -From 8257c3a5d6e8319578d224e544242da81b043a54 Mon Sep 17 00:00:00 20= 01 > > > -From: Stefan Metzmacher > > > -Date: Fri, 10 Jan 2014 13:13:40 +0100 > > > -Subject: [PATCH 224/249] libcli/auth: reject computer_name longer th= an 15 > > > - chars > > > - > > > -This matches Windows, it seems they use a fixed size field to store > > > -netlogon_creds_CredentialState. > > > - > > > -Signed-off-by: Stefan Metzmacher > > > -Reviewed-by: Andrew Bartlett > > > -(cherry picked from commit b8fdeb8ca7ce362058bb86a4e58b34fb6340867e) > > > ---- > > > - libcli/auth/schannel_state_tdb.c | 8 ++++++++ > > > - 1 file changed, 8 insertions(+) > > > - > > > -diff --git a/libcli/auth/schannel_state_tdb.c b/libcli/auth/schannel= _state_tdb.c > > > -index 8f9c1f0..b91e242 100644 > > > ---- a/libcli/auth/schannel_state_tdb.c > > > -+++ b/libcli/auth/schannel_state_tdb.c > > > -@@ -78,6 +78,14 @@ NTSTATUS schannel_store_session_key_tdb(struct db= _context *db_sc, > > > - char *name_upper; > > > - NTSTATUS status; > > > -=20 > > > -+ if (strlen(creds->computer_name) > 15) { > > > -+ /* > > > -+ * We may want to check for a completely > > > -+ * valid netbios name. > > > -+ */ > > > -+ return STATUS_BUFFER_OVERFLOW; > > > -+ } > > > -+ > > > - name_upper =3D strupper_talloc(mem_ctx, creds->computer_name); > > > - if (!name_upper) { > > > - return NT_STATUS_NO_MEMORY; > > > ---=20 > > > -1.9.3 > > > - > > > - > > > -From d6af8ed76f728621a8ba7515cf1180d6654c8d83 Mon Sep 17 00:00:00 20= 01 > > > -From: Stefan Metzmacher > > > -Date: Sat, 11 Jan 2014 17:13:04 +0100 > > > -Subject: [PATCH 225/249] s3:rpc_server/netlogon: return a zero > > > - return_authenticator on error > > > - > > > -Signed-off-by: Stefan Metzmacher > > > -Reviewed-by: Andrew Bartlett > > > -(cherry picked from commit dcc2c8362df9af088613722ebd8a6261fb098a5c) > > > ---- > > > - source3/rpc_server/netlogon/srv_netlog_nt.c | 1 + > > > - 1 file changed, 1 insertion(+) > > > - > > > -diff --git a/source3/rpc_server/netlogon/srv_netlog_nt.c b/source3/r= pc_server/netlogon/srv_netlog_nt.c > > > -index 09857b6..7bb9dd6 100644 > > > ---- a/source3/rpc_server/netlogon/srv_netlog_nt.c > > > -+++ b/source3/rpc_server/netlogon/srv_netlog_nt.c > > > -@@ -1020,6 +1020,7 @@ NTSTATUS _netr_ServerAuthenticate3(struct pipe= s_struct *p, > > > - talloc_unlink(p->mem_ctx, lp_ctx); > > > -=20 > > > - if (!NT_STATUS_IS_OK(status)) { > > > -+ ZERO_STRUCTP(r->out.return_credentials); > > > - goto out; > > > - } > > > -=20 > > > ---=20 > > > -1.9.3 > > > - > > > - > > > -From be06629b25f8340ac54a9e674e6a5da1eb01e733 Mon Sep 17 00:00:00 20= 01 > > > -From: Stefan Metzmacher > > > -Date: Sat, 11 Jan 2014 17:13:04 +0100 > > > -Subject: [PATCH 226/249] s4:rpc_server/netlogon: return a zero > > > - return_authenticator and rid on error > > > - > > > -Signed-off-by: Stefan Metzmacher > > > -Reviewed-by: Andrew Bartlett > > > -(cherry picked from commit 25fb73f2821821630dde4cc263794e754ca03d68) > > > ---- > > > - source4/rpc_server/netlogon/dcerpc_netlogon.c | 12 ++++++++---- > > > - 1 file changed, 8 insertions(+), 4 deletions(-) > > > - > > > -diff --git a/source4/rpc_server/netlogon/dcerpc_netlogon.c b/source4= /rpc_server/netlogon/dcerpc_netlogon.c > > > -index 6b57cda..afa15d8 100644 > > > ---- a/source4/rpc_server/netlogon/dcerpc_netlogon.c > > > -+++ b/source4/rpc_server/netlogon/dcerpc_netlogon.c > > > -@@ -348,9 +348,6 @@ static NTSTATUS dcesrv_netr_ServerAuthenticate3(= struct dcesrv_call_state *dce_ca > > > - return NT_STATUS_INTERNAL_ERROR; > > > - } > > > -=20 > > > -- *r->out.rid =3D samdb_result_rid_from_sid(mem_ctx, msgs[0], > > > -- "objectSid", 0); > > > -- > > > - mach_pwd =3D samdb_result_hash(mem_ctx, msgs[0], "unicodePwd"); > > > - if (mach_pwd =3D=3D NULL) { > > > - return NT_STATUS_ACCESS_DENIED; > > > -@@ -383,8 +380,15 @@ static NTSTATUS dcesrv_netr_ServerAuthenticate3= (struct dcesrv_call_state *dce_ca > > > - nt_status =3D schannel_save_creds_state(mem_ctx, > > > - dce_call->conn->dce_ctx->lp_ctx, > > > - creds); > > > -+ if (!NT_STATUS_IS_OK(nt_status)) { > > > -+ ZERO_STRUCTP(r->out.return_credentials); > > > -+ return nt_status; > > > -+ } > > > -=20 > > > -- return nt_status; > > > -+ *r->out.rid =3D samdb_result_rid_from_sid(mem_ctx, msgs[0], > > > -+ "objectSid", 0); > > > -+ > > > -+ return NT_STATUS_OK; > > > - } > > > -=20 > > > - static NTSTATUS dcesrv_netr_ServerAuthenticate(struct dcesrv_call_s= tate *dce_call, TALLOC_CTX *mem_ctx, > > > ---=20 > > > -1.9.3 > > > - > > > - > > > -From f5fe58d49fc66867db743393a92e1cd8e4cb293b Mon Sep 17 00:00:00 20= 01 > > > -From: Michael Adam > > > -Date: Wed, 29 Jan 2014 16:58:37 +0100 > > > -Subject: [PATCH 227/249] dbwrap_tool: remove the short form "-p" of > > > - "--persistent" > > > - > > > -Signed-off-by: Michael Adam > > > -Reviewed-by: Stefan Metzmacher > > > -(cherry picked from commit 6dd1008c4e8b0b798d589959021c9b578db74ff4) > > > ---- > > > - source3/utils/dbwrap_tool.c | 2 +- > > > - 1 file changed, 1 insertion(+), 1 deletion(-) > > > - > > > -diff --git a/source3/utils/dbwrap_tool.c b/source3/utils/dbwrap_tool= =2Ec > > > -index 79b40d2..406e89e 100644 > > > ---- a/source3/utils/dbwrap_tool.c > > > -+++ b/source3/utils/dbwrap_tool.c > > > -@@ -420,7 +420,7 @@ int main(int argc, const char **argv) > > > - struct poptOption popt_options[] =3D { > > > - POPT_AUTOHELP > > > - POPT_COMMON_SAMBA > > > -- { "persistent", 'p', POPT_ARG_NONE, &persistent, 0, "treat the da= tabase as persistent", NULL }, > > > -+ { "persistent", 0, POPT_ARG_NONE, &persistent, 0, "treat the data= base as persistent", NULL }, > > > - POPT_TABLEEND > > > - }; > > > - int opt; > > > ---=20 > > > -1.9.3 > > > - > > > - > > > -From 209b5ec86620f8caadcc714db0cbec4789db0377 Mon Sep 17 00:00:00 20= 01 > > > -From: Michael Adam > > > -Date: Thu, 30 Jan 2014 10:33:00 +0100 > > > -Subject: [PATCH 228/249] docs: remove short form "-p" of --persisten= t from > > > - dbwrap_tool manpage > > > - > > > -Signed-off-by: Michael Adam > > > -Reviewed-by: Stefan Metzmacher > > > -(cherry picked from commit 6f748fef652bbea3c8dbbbfb96b95270e6f1dcfc) > > > ---- > > > - docs-xml/manpages/dbwrap_tool.1.xml | 4 ++-- > > > - 1 file changed, 2 insertions(+), 2 deletions(-) > > > - > > > -diff --git a/docs-xml/manpages/dbwrap_tool.1.xml b/docs-xml/manpages= /dbwrap_tool.1.xml > > > -index 074d819..94ae281 100644 > > > ---- a/docs-xml/manpages/dbwrap_tool.1.xml > > > -+++ b/docs-xml/manpages/dbwrap_tool.1.xml > > > -@@ -19,7 +19,7 @@ > > > - > > > - > > > - dbwrap_tool > > > -- -p|--persistent > > > -+ --persistent > > > - -d <debug level> > > > - -s <config file> > > > - -l <log file base> > > > -@@ -70,7 +70,7 @@ > > > -=20 > > > - > > > - > > > -- -p|--persistent > > > -+ --persistent > > > - Open the database as a persistent database. > > > - If this option is not specified, the database is opened as > > > - non-persistent. > > > ---=20 > > > -1.9.3 > > > - > > > - > > > -From f3b8b74ff6d74fe9a0047256074e21c3363b112f Mon Sep 17 00:00:00 20= 01 > > > -From: Michael Adam > > > -Date: Thu, 30 Jan 2014 10:29:49 +0100 > > > -Subject: [PATCH 229/249] dbwrap_tool: add option "--non-persistent" = and force > > > - excatly one of "--[non-]persistent" > > > - > > > -We want to force users of dbwrap_tool to explicitly specify > > > -persistent or non-persistent. Otherwise, one could easily > > > -by accident wipe a whole database that is actually persistent > > > -but not currently opened by a samba process, just by openeing > > > -the DB with the default non-persistent mode... > > > - > > > -Signed-off-by: Michael Adam > > > -Reviewed-by: Stefan Metzmacher > > > -(cherry picked from commit c3f93271ef447f9f16cd3002307c630c5f149f5a) > > > ---- > > > - source3/utils/dbwrap_tool.c | 23 ++++++++++++++++++----- > > > - 1 file changed, 18 insertions(+), 5 deletions(-) > > > - > > > -diff --git a/source3/utils/dbwrap_tool.c b/source3/utils/dbwrap_tool= =2Ec > > > -index 406e89e..ffca6b6 100644 > > > ---- a/source3/utils/dbwrap_tool.c > > > -+++ b/source3/utils/dbwrap_tool.c > > > -@@ -411,6 +411,7 @@ int main(int argc, const char **argv) > > > - enum dbwrap_type type; > > > - const char *valuestr =3D "0"; > > > - int persistent =3D 0; > > > -+ int non_persistent =3D 0; > > > - int tdb_flags =3D TDB_DEFAULT; > > > -=20 > > > - TALLOC_CTX *mem_ctx =3D talloc_stackframe(); > > > -@@ -420,7 +421,13 @@ int main(int argc, const char **argv) > > > - struct poptOption popt_options[] =3D { > > > - POPT_AUTOHELP > > > - POPT_COMMON_SAMBA > > > -- { "persistent", 0, POPT_ARG_NONE, &persistent, 0, "treat the data= base as persistent", NULL }, > > > -+ { "non-persistent", 0, POPT_ARG_NONE, &non_persistent, 0, > > > -+ "treat the database as non-persistent " > > > -+ "(CAVEAT: This mode might wipe your database!)", > > > -+ NULL }, > > > -+ { "persistent", 0, POPT_ARG_NONE, &persistent, 0, > > > -+ "treat the database as persistent", > > > -+ NULL }, > > > - POPT_TABLEEND > > > - }; > > > - int opt; > > > -@@ -463,6 +470,16 @@ int main(int argc, const char **argv) > > > - goto done; > > > - } > > > -=20 > > > -+ if ((persistent =3D=3D 0 && non_persistent =3D=3D 0) || > > > -+ (persistent =3D=3D 1 && non_persistent =3D=3D 1)) > > > -+ { > > > -+ d_fprintf(stderr, "ERROR: you must specify exactly one " > > > -+ "of --persistent and --non-persistent\n"); > > > -+ goto done; > > > -+ } else if (non_persistent =3D=3D 1) { > > > -+ tdb_flags |=3D TDB_CLEAR_IF_FIRST; > > > -+ } > > > -+ > > > - dbname =3D extra_argv[0]; > > > - opname =3D extra_argv[1]; > > > -=20 > > > -@@ -563,10 +580,6 @@ int main(int argc, const char **argv) > > > - goto done; > > > - } > > > -=20 > > > -- if (persistent =3D=3D 0) { > > > -- tdb_flags |=3D TDB_CLEAR_IF_FIRST; > > > -- } > > > -- > > > - switch (op) { > > > - case OP_FETCH: > > > - case OP_STORE: > > > ---=20 > > > -1.9.3 > > > - > > > - > > > -From 7209e84e02c722365bec4e2a473c24217cbeb22b Mon Sep 17 00:00:00 20= 01 > > > -From: Michael Adam > > > -Date: Thu, 30 Jan 2014 10:36:46 +0100 > > > -Subject: [PATCH 230/249] docs: document new --non-persistent option = to > > > - dbwrap_tool > > > - > > > -Signed-off-by: Michael Adam > > > -Reviewed-by: Stefan Metzmacher > > > -(cherry picked from commit 1e3b352f799038ec25437db53e051dadb9d97c95) > > > ---- > > > - docs-xml/manpages/dbwrap_tool.1.xml | 20 ++++++++++++++++++-- > > > - 1 file changed, 18 insertions(+), 2 deletions(-) > > > - > > > -diff --git a/docs-xml/manpages/dbwrap_tool.1.xml b/docs-xml/manpages= /dbwrap_tool.1.xml > > > -index 94ae281..ff0e478 100644 > > > ---- a/docs-xml/manpages/dbwrap_tool.1.xml > > > -+++ b/docs-xml/manpages/dbwrap_tool.1.xml > > > -@@ -20,6 +20,7 @@ > > > - > > > - dbwrap_tool > > > - --persistent > > > -+ --non-persistent > > > - -d <debug level> > > > - -s <config file> > > > - -l <log file base> > > > -@@ -72,8 +73,23 @@ > > > - > > > - --persistent > > > - Open the database as a persistent database. > > > -- If this option is not specified, the database is opened as > > > -- non-persistent. > > > -+ > > > -+ > > > -+ Exactly one of --persistent and --non-persistent must be > > > -+ specified. > > > -+ > > > -+ > > > -+ > > > -+ --non-persistent > > > -+ Open the database as a non-persistent database. > > > -+ > > > -+ > > > -+ Caveat: opening a database as non-persistent when there > > > -+ is currently no other opener will wipe the database. > > > -+ > > > -+ > > > -+ Exactly one of --persistent and --non-persistent must be > > > -+ specified. > > > - > > > - > > > - &popt.common.samba.client; > > > ---=20 > > > -1.9.3 > > > - > > > - > > > -From accf5a617055c161540384fdfe195ad9c43cd048 Mon Sep 17 00:00:00 20= 01 > > > -From: Michael Adam > > > -Date: Thu, 30 Jan 2014 10:47:15 +0100 > > > -Subject: [PATCH 231/249] docs: remove extra spaces in synopsis of db= wrap_tool > > > - > > > -Signed-off-by: Michael Adam > > > -Reviewed-by: Stefan Metzmacher > > > -(cherry picked from commit e93f052e37e736e5776fe7f7c7d246f9ecc4b4c8) > > > ---- > > > - docs-xml/manpages/dbwrap_tool.1.xml | 4 +--- > > > - 1 file changed, 1 insertion(+), 3 deletions(-) > > > - > > > -diff --git a/docs-xml/manpages/dbwrap_tool.1.xml b/docs-xml/manpages= /dbwrap_tool.1.xml > > > -index ff0e478..68a88df 100644 > > > ---- a/docs-xml/manpages/dbwrap_tool.1.xml > > > -+++ b/docs-xml/manpages/dbwrap_tool.1.xml > > > -@@ -30,9 +30,7 @@ > > > - <operation> > > > - <key> > > > - <type> > > > -- <value> > > > -- > > > -- > > > -+ <value> > > > - > > > - > > > -=20 > > > ---=20 > > > -1.9.3 > > > - > > > - > > > -From 0e193981caa2ad9458e758a46076664d2efdb70e Mon Sep 17 00:00:00 20= 01 > > > -From: Michael Adam > > > -Date: Fri, 24 Jan 2014 00:09:50 +0100 > > > -Subject: [PATCH 232/249] smbd:smb2: fix durable reconnect: set fsp->= fnum from > > > - the smbXsrv_open->local_id > > > - > > > -Originally, fsp->fnum was left at the INVALID fnum value. > > > - > > > -Signed-off-by: Michael Adam > > > -Reviewed-by: Stefan Metzmacher > > > -(cherry picked from commit 6b2d67a345e90306f0d35402d0f4e3067a014057) > > > ---- > > > - source3/smbd/durable.c | 1 + > > > - 1 file changed, 1 insertion(+) > > > - > > > -diff --git a/source3/smbd/durable.c b/source3/smbd/durable.c > > > -index c3d0a6f..471c5b9 100644 > > > ---- a/source3/smbd/durable.c > > > -+++ b/source3/smbd/durable.c > > > -@@ -703,6 +703,7 @@ NTSTATUS vfs_default_durable_reconnect(struct co= nnection_struct *conn, > > > - fsp->share_access =3D e->share_access; > > > - fsp->can_read =3D ((fsp->access_mask & (FILE_READ_DATA)) !=3D 0); > > > - fsp->can_write =3D ((fsp->access_mask & (FILE_WRITE_DATA|FILE_APPE= ND_DATA)) !=3D 0); > > > -+ fsp->fnum =3D op->local_id; > > > -=20 > > > - /* > > > - * TODO: > > > ---=20 > > > -1.9.3 > > > - > > > - > > > -From dbc1d6f8479cf84c714c4ed6b69df2a3673d0a46 Mon Sep 17 00:00:00 20= 01 > > > -From: Stefan Metzmacher > > > -Date: Tue, 24 Dec 2013 09:00:01 +0100 > > > -Subject: [PATCH 233/249] s3:smbd: skip empty records in smbXsrv_open= _cleanup() > > > - > > > -This should avoid scary ndr_pull errors, if there's > > > -a cleanup race. > > > - > > > -Signed-off-by: Stefan Metzmacher > > > -Reviewed-by: Michael Adam > > > - > > > -Autobuild-User(master): Stefan Metzmacher > > > -Autobuild-Date(master): Thu Jan 30 18:49:37 CET 2014 on sn-devel-104 > > > -(cherry picked from commit 0b23345676c6f02d5bb1a327174d8456705ec0c7) > > > ---- > > > - source3/smbd/smbXsrv_open.c | 9 +++++++++ > > > - 1 file changed, 9 insertions(+) > > > - > > > -diff --git a/source3/smbd/smbXsrv_open.c b/source3/smbd/smbXsrv_open= =2Ec > > > -index 27dd50c..29c172c 100644 > > > ---- a/source3/smbd/smbXsrv_open.c > > > -+++ b/source3/smbd/smbXsrv_open.c > > > -@@ -1380,6 +1380,7 @@ NTSTATUS smbXsrv_open_cleanup(uint64_t persist= ent_id) > > > - struct smbXsrv_open_global0 *op =3D NULL; > > > - uint8_t key_buf[SMBXSRV_OPEN_GLOBAL_TDB_KEY_SIZE]; > > > - TDB_DATA key; > > > -+ TDB_DATA val; > > > - struct db_record *rec; > > > - bool delete_open =3D false; > > > - uint32_t global_id =3D persistent_id & UINT32_MAX; > > > -@@ -1395,6 +1396,14 @@ NTSTATUS smbXsrv_open_cleanup(uint64_t persis= tent_id) > > > - goto done; > > > - } > > > -=20 > > > -+ val =3D dbwrap_record_get_value(rec); > > > -+ if (val.dsize =3D=3D 0) { > > > -+ DEBUG(10, ("smbXsrv_open_cleanup[global: 0x%08x] " > > > -+ "empty record in %s, skipping...\n", > > > -+ global_id, dbwrap_name(smbXsrv_open_global_db_ctx))); > > > -+ goto done; > > > -+ } > > > -+ > > > - status =3D smbXsrv_open_global_parse_record(talloc_tos(), rec, &op= ); > > > - if (!NT_STATUS_IS_OK(status)) { > > > - DEBUG(1, ("smbXsrv_open_cleanup[global: 0x%08x] " > > > ---=20 > > > -1.9.3 > > > - > > > - > > > -From 838d9da4a7fe6c90ba7cae6563f0af5d8b6cf6d5 Mon Sep 17 00:00:00 20= 01 > > > -From: Michael Adam > > > -Date: Mon, 27 Jan 2014 13:38:51 +0100 > > > -Subject: [PATCH 234/249] dbwrap: add flags DBWRAP_FLAG_NONE > > > - > > > -This is in preparation of adding a dbwrap_flags argument to db_open > > > -and firends. > > > - > > > -Signed-off-by: Michael Adam > > > -Reviewed-by: Stefan Metzmacher > > > -(cherry picked from commit 229dcfd3501e4743d5d9aea5c9f7a97d7612a499) > > > ---- > > > - lib/dbwrap/dbwrap.h | 2 ++ > > > - 1 file changed, 2 insertions(+) > > > - > > > -diff --git a/lib/dbwrap/dbwrap.h b/lib/dbwrap/dbwrap.h > > > -index 8bf3286..4064ba2 100644 > > > ---- a/lib/dbwrap/dbwrap.h > > > -+++ b/lib/dbwrap/dbwrap.h > > > -@@ -32,6 +32,8 @@ enum dbwrap_lock_order { > > > - }; > > > - #define DBWRAP_LOCK_ORDER_MAX DBWRAP_LOCK_ORDER_3 > > > -=20 > > > -+#define DBWRAP_FLAG_NONE 0x0000000000000000ULL > > > -+ > > > - /* The following definitions come from lib/dbwrap.c */ > > > -=20 > > > - TDB_DATA dbwrap_record_get_key(const struct db_record *rec); > > > ---=20 > > > -1.9.3 > > > - > > > - > > > -From 868d8e2fa389ab0c697e9a70a4373908aa7df80b Mon Sep 17 00:00:00 20= 01 > > > -From: Michael Adam > > > -Date: Mon, 27 Jan 2014 14:49:12 +0100 > > > -Subject: [PATCH 235/249] dbwrap: add a dbwrap_flags argument to db_o= pen() > > > - > > > -This is in preparation to support handing flags to backends, > > > -in particular activating read only record support for ctdb > > > -databases. For a start, this does nothing but adding the > > > -parameter, and all databases use DBWRAP_FLAG_NONE. > > > - > > > -Signed-off-by: Michael Adam > > > -(similar to commit cf0cb0add9ed47b8974272237fee0e1a4ba7bf68) > > > ---- > > > - source3/groupdb/mapping_tdb.c | 2 +- > > > - source3/lib/dbwrap/dbwrap_open.c | 3 ++- > > > - source3/lib/dbwrap/dbwrap_open.h | 3 ++- > > > - source3/lib/dbwrap/dbwrap_watch.c | 3 ++- > > > - source3/lib/g_lock.c | 3 ++- > > > - source3/lib/serverid.c | 3 ++- > > > - source3/lib/sharesec.c | 2 +- > > > - source3/locking/brlock.c | 2 +- > > > - source3/locking/share_mode_lock.c | 2 +- > > > - source3/modules/vfs_acl_tdb.c | 2 +- > > > - source3/modules/vfs_xattr_tdb.c | 2 +- > > > - source3/passdb/account_pol.c | 4 ++-- > > > - source3/passdb/pdb_tdb.c | 6 +++--- > > > - source3/passdb/secrets.c | 2 +- > > > - source3/printing/printer_list.c | 3 ++- > > > - source3/registry/reg_backend_db.c | 6 +++--- > > > - source3/rpc_client/cli_netlogon.c | 3 ++- > > > - source3/smbd/notify_internal.c | 2 +- > > > - source3/smbd/smbXsrv_open.c | 3 ++- > > > - source3/smbd/smbXsrv_session.c | 3 ++- > > > - source3/smbd/smbXsrv_tcon.c | 3 ++- > > > - source3/smbd/smbXsrv_version.c | 3 ++- > > > - source3/torture/test_dbwrap_watch.c | 3 ++- > > > - source3/torture/test_idmap_tdb_common.c | 2 +- > > > - source3/torture/torture.c | 3 ++- > > > - source3/utils/dbwrap_tool.c | 2 +- > > > - source3/utils/dbwrap_torture.c | 2 +- > > > - source3/utils/net_idmap.c | 6 +++--- > > > - source3/utils/net_idmap_check.c | 2 +- > > > - source3/utils/net_registry_check.c | 4 ++-- > > > - source3/utils/status.c | 2 +- > > > - source3/winbindd/idmap_autorid.c | 2 +- > > > - source3/winbindd/idmap_tdb.c | 2 +- > > > - source3/winbindd/idmap_tdb2.c | 2 +- > > > - 34 files changed, 55 insertions(+), 42 deletions(-) > > > - > > > -diff --git a/source3/groupdb/mapping_tdb.c b/source3/groupdb/mapping= _tdb.c > > > -index 088874f..0863187 100644 > > > ---- a/source3/groupdb/mapping_tdb.c > > > -+++ b/source3/groupdb/mapping_tdb.c > > > -@@ -54,7 +54,7 @@ static bool init_group_mapping(void) > > > -=20 > > > - db =3D db_open(NULL, state_path("group_mapping.tdb"), 0, > > > - TDB_DEFAULT, O_RDWR|O_CREAT, 0600, > > > -- DBWRAP_LOCK_ORDER_1); > > > -+ DBWRAP_LOCK_ORDER_1, DBWRAP_FLAG_NONE); > > > - if (db =3D=3D NULL) { > > > - DEBUG(0, ("Failed to open group mapping database: %s\n", > > > - strerror(errno))); > > > -diff --git a/source3/lib/dbwrap/dbwrap_open.c b/source3/lib/dbwrap/d= bwrap_open.c > > > -index 515b4bf..6c9280c 100644 > > > ---- a/source3/lib/dbwrap/dbwrap_open.c > > > -+++ b/source3/lib/dbwrap/dbwrap_open.c > > > -@@ -60,7 +60,8 @@ struct db_context *db_open(TALLOC_CTX *mem_ctx, > > > - const char *name, > > > - int hash_size, int tdb_flags, > > > - int open_flags, mode_t mode, > > > -- enum dbwrap_lock_order lock_order) > > > -+ enum dbwrap_lock_order lock_order, > > > -+ uint64_t dbwrap_flags) > > > - { > > > - struct db_context *result =3D NULL; > > > - #ifdef CLUSTER_SUPPORT > > > -diff --git a/source3/lib/dbwrap/dbwrap_open.h b/source3/lib/dbwrap/d= bwrap_open.h > > > -index 51c7dfd..d14794e 100644 > > > ---- a/source3/lib/dbwrap/dbwrap_open.h > > > -+++ b/source3/lib/dbwrap/dbwrap_open.h > > > -@@ -39,6 +39,7 @@ struct db_context *db_open(TALLOC_CTX *mem_ctx, > > > - const char *name, > > > - int hash_size, int tdb_flags, > > > - int open_flags, mode_t mode, > > > -- enum dbwrap_lock_order lock_order); > > > -+ enum dbwrap_lock_order lock_order, > > > -+ uint64_t dbwrap_flags); > > > -=20 > > > - #endif /* __DBWRAP_OPEN_H__ */ > > > -diff --git a/source3/lib/dbwrap/dbwrap_watch.c b/source3/lib/dbwrap/= dbwrap_watch.c > > > -index 7bdcd99..5f3d17d 100644 > > > ---- a/source3/lib/dbwrap/dbwrap_watch.c > > > -+++ b/source3/lib/dbwrap/dbwrap_watch.c > > > -@@ -34,7 +34,8 @@ static struct db_context *dbwrap_record_watchers_d= b(void) > > > - watchers_db =3D db_open( > > > - NULL, lock_path("dbwrap_watchers.tdb"), 0, > > > - TDB_CLEAR_IF_FIRST | TDB_INCOMPATIBLE_HASH, > > > -- O_RDWR|O_CREAT, 0600, DBWRAP_LOCK_ORDER_3); > > > -+ O_RDWR|O_CREAT, 0600, DBWRAP_LOCK_ORDER_3, > > > -+ DBWRAP_FLAG_NONE); > > > - } > > > - return watchers_db; > > > - } > > > -diff --git a/source3/lib/g_lock.c b/source3/lib/g_lock.c > > > -index 8c7a6c2..6813f06 100644 > > > ---- a/source3/lib/g_lock.c > > > -+++ b/source3/lib/g_lock.c > > > -@@ -61,7 +61,8 @@ struct g_lock_ctx *g_lock_ctx_init(TALLOC_CTX *mem= _ctx, > > > - result->db =3D db_open(result, lock_path("g_lock.tdb"), 0, > > > - TDB_CLEAR_IF_FIRST|TDB_INCOMPATIBLE_HASH, > > > - O_RDWR|O_CREAT, 0600, > > > -- DBWRAP_LOCK_ORDER_2); > > > -+ DBWRAP_LOCK_ORDER_2, > > > -+ DBWRAP_FLAG_NONE); > > > - if (result->db =3D=3D NULL) { > > > - DEBUG(1, ("g_lock_init: Could not open g_lock.tdb\n")); > > > - TALLOC_FREE(result); > > > -diff --git a/source3/lib/serverid.c b/source3/lib/serverid.c > > > -index cb49520..4259887 100644 > > > ---- a/source3/lib/serverid.c > > > -+++ b/source3/lib/serverid.c > > > -@@ -77,7 +77,8 @@ static struct db_context *serverid_db(void) > > > - } > > > - db =3D db_open(NULL, lock_path("serverid.tdb"), 0, > > > - TDB_DEFAULT|TDB_CLEAR_IF_FIRST|TDB_INCOMPATIBLE_HASH, > > > -- O_RDWR|O_CREAT, 0644, DBWRAP_LOCK_ORDER_2); > > > -+ O_RDWR|O_CREAT, 0644, DBWRAP_LOCK_ORDER_2, > > > -+ DBWRAP_FLAG_NONE); > > > - return db; > > > - } > > > -=20 > > > -diff --git a/source3/lib/sharesec.c b/source3/lib/sharesec.c > > > -index c7a8e51..095c851 100644 > > > ---- a/source3/lib/sharesec.c > > > -+++ b/source3/lib/sharesec.c > > > -@@ -149,7 +149,7 @@ bool share_info_db_init(void) > > > -=20 > > > - share_db =3D db_open(NULL, state_path("share_info.tdb"), 0, > > > - TDB_DEFAULT, O_RDWR|O_CREAT, 0600, > > > -- DBWRAP_LOCK_ORDER_1); > > > -+ DBWRAP_LOCK_ORDER_1, DBWRAP_FLAG_NONE); > > > - if (share_db =3D=3D NULL) { > > > - DEBUG(0,("Failed to open share info database %s (%s)\n", > > > - state_path("share_info.tdb"), strerror(errno) )); > > > -diff --git a/source3/locking/brlock.c b/source3/locking/brlock.c > > > -index 5d683dd..d88aa2d 100644 > > > ---- a/source3/locking/brlock.c > > > -+++ b/source3/locking/brlock.c > > > -@@ -292,7 +292,7 @@ void brl_init(bool read_only) > > > - brlock_db =3D db_open(NULL, lock_path("brlock.tdb"), > > > - lp_open_files_db_hash_size(), tdb_flags, > > > - read_only?O_RDONLY:(O_RDWR|O_CREAT), 0644, > > > -- DBWRAP_LOCK_ORDER_2); > > > -+ DBWRAP_LOCK_ORDER_2, DBWRAP_FLAG_NONE); > > > - if (!brlock_db) { > > > - DEBUG(0,("Failed to open byte range locking database %s\n", > > > - lock_path("brlock.tdb"))); > > > -diff --git a/source3/locking/share_mode_lock.c b/source3/locking/sha= re_mode_lock.c > > > -index 4f049bd..22f8d9a 100644 > > > ---- a/source3/locking/share_mode_lock.c > > > -+++ b/source3/locking/share_mode_lock.c > > > -@@ -67,7 +67,7 @@ static bool locking_init_internal(bool read_only) > > > - lp_open_files_db_hash_size(), > > > - TDB_DEFAULT|TDB_VOLATILE|TDB_CLEAR_IF_FIRST|TDB_INCOMPATIBLE_H= ASH, > > > - read_only?O_RDONLY:O_RDWR|O_CREAT, 0644, > > > -- DBWRAP_LOCK_ORDER_1); > > > -+ DBWRAP_LOCK_ORDER_1, DBWRAP_FLAG_NONE); > > > -=20 > > > - if (!lock_db) { > > > - DEBUG(0,("ERROR: Failed to initialise locking database\n")); > > > -diff --git a/source3/modules/vfs_acl_tdb.c b/source3/modules/vfs_acl= _tdb.c > > > -index 80839e3..8ee4bd5 100644 > > > ---- a/source3/modules/vfs_acl_tdb.c > > > -+++ b/source3/modules/vfs_acl_tdb.c > > > -@@ -60,7 +60,7 @@ static bool acl_tdb_init(void) > > > -=20 > > > - become_root(); > > > - acl_db =3D db_open(NULL, dbname, 0, TDB_DEFAULT, O_RDWR|O_CREAT, 0= 600, > > > -- DBWRAP_LOCK_ORDER_1); > > > -+ DBWRAP_LOCK_ORDER_1, DBWRAP_FLAG_NONE); > > > - unbecome_root(); > > > -=20 > > > - if (acl_db =3D=3D NULL) { > > > -diff --git a/source3/modules/vfs_xattr_tdb.c b/source3/modules/vfs_x= attr_tdb.c > > > -index 43456cf..63a12fd 100644 > > > ---- a/source3/modules/vfs_xattr_tdb.c > > > -+++ b/source3/modules/vfs_xattr_tdb.c > > > -@@ -320,7 +320,7 @@ static bool xattr_tdb_init(int snum, TALLOC_CTX = *mem_ctx, struct db_context **p_ > > > -=20 > > > - become_root(); > > > - db =3D db_open(NULL, dbname, 0, TDB_DEFAULT, O_RDWR|O_CREAT, 0600, > > > -- DBWRAP_LOCK_ORDER_2); > > > -+ DBWRAP_LOCK_ORDER_2, DBWRAP_FLAG_NONE); > > > - unbecome_root(); > > > -=20 > > > - if (db =3D=3D NULL) { > > > -diff --git a/source3/passdb/account_pol.c b/source3/passdb/account_p= ol.c > > > -index c94df29..09a2d20 100644 > > > ---- a/source3/passdb/account_pol.c > > > -+++ b/source3/passdb/account_pol.c > > > -@@ -220,13 +220,13 @@ bool init_account_policy(void) > > > - } > > > -=20 > > > - db =3D db_open(NULL, state_path("account_policy.tdb"), 0, TDB_DEFA= ULT, > > > -- O_RDWR, 0600, DBWRAP_LOCK_ORDER_1); > > > -+ O_RDWR, 0600, DBWRAP_LOCK_ORDER_1, DBWRAP_FLAG_NONE); > > > -=20 > > > - if (db =3D=3D NULL) { /* the account policies files does not exist= or open > > > - * failed, try to create a new one */ > > > - db =3D db_open(NULL, state_path("account_policy.tdb"), 0, > > > - TDB_DEFAULT, O_RDWR|O_CREAT, 0600, > > > -- DBWRAP_LOCK_ORDER_1); > > > -+ DBWRAP_LOCK_ORDER_1, DBWRAP_FLAG_NONE); > > > - if (db =3D=3D NULL) { > > > - DEBUG(0,("Failed to open account policy database\n")); > > > - return False; > > > -diff --git a/source3/passdb/pdb_tdb.c b/source3/passdb/pdb_tdb.c > > > -index f256e6c..162083f 100644 > > > ---- a/source3/passdb/pdb_tdb.c > > > -+++ b/source3/passdb/pdb_tdb.c > > > -@@ -226,7 +226,7 @@ static bool tdbsam_convert_backup(const char *db= name, struct db_context **pp_db) > > > -=20 > > > - tmp_db =3D db_open(NULL, tmp_fname, 0, > > > - TDB_DEFAULT, O_CREAT|O_RDWR, 0600, > > > -- DBWRAP_LOCK_ORDER_1); > > > -+ DBWRAP_LOCK_ORDER_1, DBWRAP_FLAG_NONE); > > > - if (tmp_db =3D=3D NULL) { > > > - DEBUG(0, ("tdbsam_convert_backup: Failed to create backup TDB pas= swd " > > > - "[%s]\n", tmp_fname)); > > > -@@ -293,7 +293,7 @@ static bool tdbsam_convert_backup(const char *db= name, struct db_context **pp_db) > > > -=20 > > > - orig_db =3D db_open(NULL, dbname, 0, > > > - TDB_DEFAULT, O_CREAT|O_RDWR, 0600, > > > -- DBWRAP_LOCK_ORDER_1); > > > -+ DBWRAP_LOCK_ORDER_1, DBWRAP_FLAG_NONE); > > > - if (orig_db =3D=3D NULL) { > > > - DEBUG(0, ("tdbsam_convert_backup: Failed to re-open " > > > - "converted passdb TDB [%s]\n", dbname)); > > > -@@ -444,7 +444,7 @@ static bool tdbsam_open( const char *name ) > > > - /* Try to open tdb passwd. Create a new one if necessary */ > > > -=20 > > > - db_sam =3D db_open(NULL, name, 0, TDB_DEFAULT, O_CREAT|O_RDWR, 060= 0, > > > -- DBWRAP_LOCK_ORDER_1); > > > -+ DBWRAP_LOCK_ORDER_1, DBWRAP_FLAG_NONE); > > > - if (db_sam =3D=3D NULL) { > > > - DEBUG(0, ("tdbsam_open: Failed to open/create TDB passwd " > > > - "[%s]\n", name)); > > > -diff --git a/source3/passdb/secrets.c b/source3/passdb/secrets.c > > > -index 548b030..bff9a0d 100644 > > > ---- a/source3/passdb/secrets.c > > > -+++ b/source3/passdb/secrets.c > > > -@@ -79,7 +79,7 @@ bool secrets_init_path(const char *private_dir, bo= ol use_ntdb) > > > -=20 > > > - db_ctx =3D db_open(NULL, fname, 0, > > > - TDB_DEFAULT, O_RDWR|O_CREAT, 0600, > > > -- DBWRAP_LOCK_ORDER_1); > > > -+ DBWRAP_LOCK_ORDER_1, DBWRAP_FLAG_NONE); > > > -=20 > > > - if (db_ctx =3D=3D NULL) { > > > - DEBUG(0,("Failed to open %s\n", fname)); > > > -diff --git a/source3/printing/printer_list.c b/source3/printing/prin= ter_list.c > > > -index 815f89f..9a9fa0b 100644 > > > ---- a/source3/printing/printer_list.c > > > -+++ b/source3/printing/printer_list.c > > > -@@ -40,7 +40,8 @@ static struct db_context *get_printer_list_db(void) > > > - } > > > - db =3D db_open(NULL, PL_DB_NAME(), 0, > > > - TDB_DEFAULT|TDB_CLEAR_IF_FIRST|TDB_INCOMPATIBLE_HASH, > > > -- O_RDWR|O_CREAT, 0644, DBWRAP_LOCK_ORDER_1); > > > -+ O_RDWR|O_CREAT, 0644, DBWRAP_LOCK_ORDER_1, > > > -+ DBWRAP_FLAG_NONE); > > > - return db; > > > - } > > > -=20 > > > -diff --git a/source3/registry/reg_backend_db.c b/source3/registry/re= g_backend_db.c > > > -index 3e561eb..fdaf576 100644 > > > ---- a/source3/registry/reg_backend_db.c > > > -+++ b/source3/registry/reg_backend_db.c > > > -@@ -732,11 +732,11 @@ WERROR regdb_init(void) > > > -=20 > > > - regdb =3D db_open(NULL, state_path("registry.tdb"), 0, > > > - REG_TDB_FLAGS, O_RDWR, 0600, > > > -- DBWRAP_LOCK_ORDER_1); > > > -+ DBWRAP_LOCK_ORDER_1, DBWRAP_FLAG_NONE); > > > - if (!regdb) { > > > - regdb =3D db_open(NULL, state_path("registry.tdb"), 0, > > > - REG_TDB_FLAGS, O_RDWR|O_CREAT, 0600, > > > -- DBWRAP_LOCK_ORDER_1); > > > -+ DBWRAP_LOCK_ORDER_1, DBWRAP_FLAG_NONE); > > > - if (!regdb) { > > > - werr =3D ntstatus_to_werror(map_nt_error_from_unix(errno)); > > > - DEBUG(1,("regdb_init: Failed to open registry %s (%s)\n", > > > -@@ -852,7 +852,7 @@ WERROR regdb_open( void ) > > > -=20 > > > - regdb =3D db_open(NULL, state_path("registry.tdb"), 0, > > > - REG_TDB_FLAGS, O_RDWR, 0600, > > > -- DBWRAP_LOCK_ORDER_1); > > > -+ DBWRAP_LOCK_ORDER_1, DBWRAP_FLAG_NONE); > > > - if ( !regdb ) { > > > - result =3D ntstatus_to_werror( map_nt_error_from_unix( errno ) ); > > > - DEBUG(0,("regdb_open: Failed to open %s! (%s)\n", > > > -diff --git a/source3/rpc_client/cli_netlogon.c b/source3/rpc_client/= cli_netlogon.c > > > -index b7b490f..9e3c1bd 100644 > > > ---- a/source3/rpc_client/cli_netlogon.c > > > -+++ b/source3/rpc_client/cli_netlogon.c > > > -@@ -69,7 +69,8 @@ NTSTATUS rpccli_pre_open_netlogon_creds(void) > > > -=20 > > > - global_db =3D db_open(talloc_autofree_context(), fname, > > > - 0, TDB_CLEAR_IF_FIRST|TDB_INCOMPATIBLE_HASH, > > > -- O_RDWR|O_CREAT, 0600, DBWRAP_LOCK_ORDER_2); > > > -+ O_RDWR|O_CREAT, 0600, DBWRAP_LOCK_ORDER_2, > > > -+ DBWRAP_FLAG_NONE); > > > - if (global_db =3D=3D NULL) { > > > - TALLOC_FREE(frame); > > > - return NT_STATUS_NO_MEMORY; > > > -diff --git a/source3/smbd/notify_internal.c b/source3/smbd/notify_in= ternal.c > > > -index 2dc8674..67d8774 100644 > > > ---- a/source3/smbd/notify_internal.c > > > -+++ b/source3/smbd/notify_internal.c > > > -@@ -145,7 +145,7 @@ struct notify_context *notify_init(TALLOC_CTX *m= em_ctx, > > > - notify->db_index =3D db_open( > > > - notify, lock_path("notify_index.tdb"), > > > - 0, TDB_SEQNUM|TDB_CLEAR_IF_FIRST|TDB_INCOMPATIBLE_HASH, > > > -- O_RDWR|O_CREAT, 0644, DBWRAP_LOCK_ORDER_3); > > > -+ O_RDWR|O_CREAT, 0644, DBWRAP_LOCK_ORDER_3, DBWRAP_FLAG_NONE); > > > - if (notify->db_index =3D=3D NULL) { > > > - goto fail; > > > - } > > > -diff --git a/source3/smbd/smbXsrv_open.c b/source3/smbd/smbXsrv_open= =2Ec > > > -index 29c172c..830c7aa 100644 > > > ---- a/source3/smbd/smbXsrv_open.c > > > -+++ b/source3/smbd/smbXsrv_open.c > > > -@@ -64,7 +64,8 @@ NTSTATUS smbXsrv_open_global_init(void) > > > - TDB_CLEAR_IF_FIRST | > > > - TDB_INCOMPATIBLE_HASH, > > > - O_RDWR | O_CREAT, 0600, > > > -- DBWRAP_LOCK_ORDER_1); > > > -+ DBWRAP_LOCK_ORDER_1, > > > -+ DBWRAP_FLAG_NONE); > > > - if (db_ctx =3D=3D NULL) { > > > - NTSTATUS status; > > > -=20 > > > -diff --git a/source3/smbd/smbXsrv_session.c b/source3/smbd/smbXsrv_s= ession.c > > > -index 017880c..a1ba52d 100644 > > > ---- a/source3/smbd/smbXsrv_session.c > > > -+++ b/source3/smbd/smbXsrv_session.c > > > -@@ -75,7 +75,8 @@ NTSTATUS smbXsrv_session_global_init(void) > > > - TDB_CLEAR_IF_FIRST | > > > - TDB_INCOMPATIBLE_HASH, > > > - O_RDWR | O_CREAT, 0600, > > > -- DBWRAP_LOCK_ORDER_1); > > > -+ DBWRAP_LOCK_ORDER_1, > > > -+ DBWRAP_FLAG_NONE); > > > - if (db_ctx =3D=3D NULL) { > > > - NTSTATUS status; > > > -=20 > > > -diff --git a/source3/smbd/smbXsrv_tcon.c b/source3/smbd/smbXsrv_tcon= =2Ec > > > -index b6e2058..2cbd761 100644 > > > ---- a/source3/smbd/smbXsrv_tcon.c > > > -+++ b/source3/smbd/smbXsrv_tcon.c > > > -@@ -62,7 +62,8 @@ NTSTATUS smbXsrv_tcon_global_init(void) > > > - TDB_CLEAR_IF_FIRST | > > > - TDB_INCOMPATIBLE_HASH, > > > - O_RDWR | O_CREAT, 0600, > > > -- DBWRAP_LOCK_ORDER_1); > > > -+ DBWRAP_LOCK_ORDER_1, > > > -+ DBWRAP_FLAG_NONE); > > > - if (db_ctx =3D=3D NULL) { > > > - NTSTATUS status; > > > -=20 > > > -diff --git a/source3/smbd/smbXsrv_version.c b/source3/smbd/smbXsrv_v= ersion.c > > > -index 8ba5e1f..b24dae9 100644 > > > ---- a/source3/smbd/smbXsrv_version.c > > > -+++ b/source3/smbd/smbXsrv_version.c > > > -@@ -80,7 +80,8 @@ NTSTATUS smbXsrv_version_global_init(const struct = server_id *server_id) > > > - TDB_CLEAR_IF_FIRST | > > > - TDB_INCOMPATIBLE_HASH, > > > - O_RDWR | O_CREAT, 0600, > > > -- DBWRAP_LOCK_ORDER_1); > > > -+ DBWRAP_LOCK_ORDER_1, > > > -+ DBWRAP_FLAG_NONE); > > > - if (db_ctx =3D=3D NULL) { > > > - status =3D map_nt_error_from_unix_common(errno); > > > - DEBUG(0,("smbXsrv_version_global_init: " > > > -diff --git a/source3/torture/test_dbwrap_watch.c b/source3/torture/t= est_dbwrap_watch.c > > > -index 9c2a679..4e699fe 100644 > > > ---- a/source3/torture/test_dbwrap_watch.c > > > -+++ b/source3/torture/test_dbwrap_watch.c > > > -@@ -48,7 +48,8 @@ bool run_dbwrap_watch1(int dummy) > > > - goto fail; > > > - } > > > - db =3D db_open(msg, "test_watch.tdb", 0, TDB_DEFAULT, > > > -- O_CREAT|O_RDWR, 0644, DBWRAP_LOCK_ORDER_1); > > > -+ O_CREAT|O_RDWR, 0644, DBWRAP_LOCK_ORDER_1, > > > -+ DBWRAP_FLAG_NONE); > > > - if (db =3D=3D NULL) { > > > - fprintf(stderr, "db_open failed: %s\n", strerror(errno)); > > > - goto fail; > > > -diff --git a/source3/torture/test_idmap_tdb_common.c b/source3/tortu= re/test_idmap_tdb_common.c > > > -index 6f5f3c5..f7262a2 100644 > > > ---- a/source3/torture/test_idmap_tdb_common.c > > > -+++ b/source3/torture/test_idmap_tdb_common.c > > > -@@ -86,7 +86,7 @@ static bool open_db(struct idmap_tdb_common_contex= t *ctx) > > > -=20 > > > - ctx->db =3D db_open(ctx, db_path, 0, TDB_DEFAULT, > > > - O_RDWR | O_CREAT, 0600, > > > -- DBWRAP_LOCK_ORDER_1); > > > -+ DBWRAP_LOCK_ORDER_1, DBWRAP_FLAG_NONE); > > > -=20 > > > - if(!ctx->db) { > > > - DEBUG(0, ("Failed to open database: %s\n", strerror(errno))); > > > -diff --git a/source3/torture/torture.c b/source3/torture/torture.c > > > -index 2e66912..1dc3eaf 100644 > > > ---- a/source3/torture/torture.c > > > -+++ b/source3/torture/torture.c > > > -@@ -9011,7 +9011,8 @@ static bool run_local_dbtrans(int dummy) > > > - TDB_DATA value; > > > -=20 > > > - db =3D db_open(talloc_tos(), "transtest.tdb", 0, TDB_DEFAULT, > > > -- O_RDWR|O_CREAT, 0600, DBWRAP_LOCK_ORDER_1); > > > -+ O_RDWR|O_CREAT, 0600, DBWRAP_LOCK_ORDER_1, > > > -+ DBWRAP_FLAG_NONE); > > > - if (db =3D=3D NULL) { > > > - printf("Could not open transtest.db\n"); > > > - return false; > > > -diff --git a/source3/utils/dbwrap_tool.c b/source3/utils/dbwrap_tool= =2Ec > > > -index ffca6b6..b56e07a 100644 > > > ---- a/source3/utils/dbwrap_tool.c > > > -+++ b/source3/utils/dbwrap_tool.c > > > -@@ -588,7 +588,7 @@ int main(int argc, const char **argv) > > > - case OP_LISTKEYS: > > > - case OP_EXISTS: > > > - db =3D db_open(mem_ctx, dbname, 0, tdb_flags, O_RDWR | O_CREAT, > > > -- 0644, DBWRAP_LOCK_ORDER_1); > > > -+ 0644, DBWRAP_LOCK_ORDER_1, DBWRAP_FLAG_NONE); > > > - if (db =3D=3D NULL) { > > > - d_fprintf(stderr, "ERROR: could not open dbname\n"); > > > - goto done; > > > -diff --git a/source3/utils/dbwrap_torture.c b/source3/utils/dbwrap_t= orture.c > > > -index 2741820..f748ac2 100644 > > > ---- a/source3/utils/dbwrap_torture.c > > > -+++ b/source3/utils/dbwrap_torture.c > > > -@@ -309,7 +309,7 @@ int main(int argc, const char *argv[]) > > > - } > > > -=20 > > > - db =3D db_open(mem_ctx, db_name, 0, tdb_flags, O_RDWR | O_CREAT, = 0644, > > > -- DBWRAP_LOCK_ORDER_1); > > > -+ DBWRAP_LOCK_ORDER_1, DBWRAP_FLAG_NONE); > > > -=20 > > > - if (db =3D=3D NULL) { > > > - d_fprintf(stderr, "failed to open db '%s': %s\n", db_name, > > > -diff --git a/source3/utils/net_idmap.c b/source3/utils/net_idmap.c > > > -index fbeca3e..6fc07e7 100644 > > > ---- a/source3/utils/net_idmap.c > > > -+++ b/source3/utils/net_idmap.c > > > -@@ -210,7 +210,7 @@ static int net_idmap_dump(struct net_context *c,= int argc, const char **argv) > > > - d_fprintf(stderr, _("dumping id mapping from %s\n"), dbfile); > > > -=20 > > > - db =3D db_open(mem_ctx, dbfile, 0, TDB_DEFAULT, O_RDONLY, 0, > > > -- DBWRAP_LOCK_ORDER_1); > > > -+ DBWRAP_LOCK_ORDER_1, DBWRAP_FLAG_NONE); > > > - if (db =3D=3D NULL) { > > > - d_fprintf(stderr, _("Could not open idmap db (%s): %s\n"), > > > - dbfile, strerror(errno)); > > > -@@ -336,7 +336,7 @@ static int net_idmap_restore(struct net_context = *c, int argc, const char **argv) > > > - } > > > -=20 > > > - db =3D db_open(mem_ctx, dbfile, 0, TDB_DEFAULT, O_RDWR|O_CREAT, 06= 44, > > > -- DBWRAP_LOCK_ORDER_1); > > > -+ DBWRAP_LOCK_ORDER_1, DBWRAP_FLAG_NONE); > > > - if (db =3D=3D NULL) { > > > - d_fprintf(stderr, _("Could not open idmap db (%s): %s\n"), > > > - dbfile, strerror(errno)); > > > -@@ -546,7 +546,7 @@ static int net_idmap_delete(struct net_context *= c, int argc, const char **argv) > > > - d_fprintf(stderr, _("deleting id mapping from %s\n"), dbfile); > > > -=20 > > > - db =3D db_open(mem_ctx, dbfile, 0, TDB_DEFAULT, O_RDWR, 0, > > > -- DBWRAP_LOCK_ORDER_1); > > > -+ DBWRAP_LOCK_ORDER_1, DBWRAP_FLAG_NONE); > > > - if (db =3D=3D NULL) { > > > - d_fprintf(stderr, _("Could not open idmap db (%s): %s\n"), > > > - dbfile, strerror(errno)); > > > -diff --git a/source3/utils/net_idmap_check.c b/source3/utils/net_idm= ap_check.c > > > -index e75c890..4b82871 100644 > > > ---- a/source3/utils/net_idmap_check.c > > > -+++ b/source3/utils/net_idmap_check.c > > > -@@ -790,7 +790,7 @@ static bool check_open_db(struct check_ctx* ctx,= const char* name, int oflags) > > > - } > > > -=20 > > > - ctx->db =3D db_open(ctx, name, 0, TDB_DEFAULT, oflags, 0, > > > -- DBWRAP_LOCK_ORDER_1); > > > -+ DBWRAP_LOCK_ORDER_1, DBWRAP_FLAG_NONE); > > > - if (ctx->db =3D=3D NULL) { > > > - d_fprintf(stderr, > > > - _("Could not open idmap db (%s) for writing: %s\n"), > > > -diff --git a/source3/utils/net_registry_check.c b/source3/utils/net_= registry_check.c > > > -index 8cdb8fa..d57c2aa 100644 > > > ---- a/source3/utils/net_registry_check.c > > > -+++ b/source3/utils/net_registry_check.c > > > -@@ -338,7 +338,7 @@ static bool check_ctx_open_output(struct check_c= tx *ctx) > > > - } > > > -=20 > > > - ctx->odb =3D db_open(ctx, ctx->opt.output, 0, TDB_DEFAULT, oflags,= 0644, > > > -- DBWRAP_LOCK_ORDER_1); > > > -+ DBWRAP_LOCK_ORDER_1, DBWRAP_FLAG_NONE); > > > - if (ctx->odb =3D=3D NULL) { > > > - d_fprintf(stderr, > > > - _("Could not open db (%s) for writing: %s\n"), > > > -@@ -351,7 +351,7 @@ static bool check_ctx_open_output(struct check_c= tx *ctx) > > > -=20 > > > - static bool check_ctx_open_input(struct check_ctx *ctx) { > > > - ctx->idb =3D db_open(ctx, ctx->fname, 0, TDB_DEFAULT, O_RDONLY, 0, > > > -- DBWRAP_LOCK_ORDER_1); > > > -+ DBWRAP_LOCK_ORDER_1, DBWRAP_FLAG_NONE); > > > - if (ctx->idb =3D=3D NULL) { > > > - d_fprintf(stderr, > > > - _("Could not open db (%s) for reading: %s\n"), > > > -diff --git a/source3/utils/status.c b/source3/utils/status.c > > > -index be7c52f..1ff0e36 100644 > > > ---- a/source3/utils/status.c > > > -+++ b/source3/utils/status.c > > > -@@ -508,7 +508,7 @@ static void print_notify_recs(const char *path, > > > - struct db_context *db; > > > - db =3D db_open(NULL, lock_path("locking.tdb"), 0, > > > - TDB_CLEAR_IF_FIRST|TDB_INCOMPATIBLE_HASH, O_RDONLY, 0, > > > -- DBWRAP_LOCK_ORDER_1); > > > -+ DBWRAP_LOCK_ORDER_1, DBWRAP_FLAG_NONE); > > > -=20 > > > - if (!db) { > > > - d_printf("%s not initialised\n", > > > -diff --git a/source3/winbindd/idmap_autorid.c b/source3/winbindd/idm= ap_autorid.c > > > -index 57d952e..0bd2938 100644 > > > ---- a/source3/winbindd/idmap_autorid.c > > > -+++ b/source3/winbindd/idmap_autorid.c > > > -@@ -728,7 +728,7 @@ static NTSTATUS idmap_autorid_db_init(void) > > > - /* Open idmap repository */ > > > - autorid_db =3D db_open(NULL, state_path("autorid.tdb"), 0, > > > - TDB_DEFAULT, O_RDWR | O_CREAT, 0644, > > > -- DBWRAP_LOCK_ORDER_1); > > > -+ DBWRAP_LOCK_ORDER_1, DBWRAP_FLAG_NONE); > > > -=20 > > > - if (!autorid_db) { > > > - DEBUG(0, ("Unable to open idmap_autorid database '%s'\n", > > > -diff --git a/source3/winbindd/idmap_tdb.c b/source3/winbindd/idmap_t= db.c > > > -index cc930ff..ebff347 100644 > > > ---- a/source3/winbindd/idmap_tdb.c > > > -+++ b/source3/winbindd/idmap_tdb.c > > > -@@ -321,7 +321,7 @@ static NTSTATUS idmap_tdb_open_db(struct idmap_d= omain *dom) > > > -=20 > > > - /* Open idmap repository */ > > > - db =3D db_open(mem_ctx, tdbfile, 0, TDB_DEFAULT, O_RDWR | O_CREAT,= 0644, > > > -- DBWRAP_LOCK_ORDER_1); > > > -+ DBWRAP_LOCK_ORDER_1, DBWRAP_FLAG_NONE); > > > - if (!db) { > > > - DEBUG(0, ("Unable to open idmap database\n")); > > > - ret =3D NT_STATUS_UNSUCCESSFUL; > > > -diff --git a/source3/winbindd/idmap_tdb2.c b/source3/winbindd/idmap_= tdb2.c > > > -index 4a9c2fe..942490d 100644 > > > ---- a/source3/winbindd/idmap_tdb2.c > > > -+++ b/source3/winbindd/idmap_tdb2.c > > > -@@ -114,7 +114,7 @@ static NTSTATUS idmap_tdb2_open_db(struct idmap_= domain *dom) > > > -=20 > > > - /* Open idmap repository */ > > > - ctx->db =3D db_open(ctx, db_path, 0, TDB_DEFAULT, O_RDWR|O_CREAT, = 0644, > > > -- DBWRAP_LOCK_ORDER_1); > > > -+ DBWRAP_LOCK_ORDER_1, DBWRAP_FLAG_NONE); > > > - TALLOC_FREE(db_path); > > > -=20 > > > - if (ctx->db =3D=3D NULL) { > > > ---=20 > > > -1.9.3 > > > - > > > - > > > -From b904731a81df57b3d33fe0c35663bc47d061d744 Mon Sep 17 00:00:00 20= 01 > > > -From: Michael Adam > > > -Date: Tue, 28 Jan 2014 12:53:24 +0100 > > > -Subject: [PATCH 236/249] dbwrap: add a dbwrap_flags argument to db_o= pen_ctdb() > > > - > > > -This is in preparation of directly supporting ctdb read only > > > -record copies when opening a ctdb database from samba. > > > - > > > -Signed-off-by: Michael Adam > > > -Reviewed-by: Stefan Metzmacher > > > -(cherry picked from commit 6def1c3f6e145abcc81ea69505133bbe128eacac) > > > ---- > > > - source3/lib/dbwrap/dbwrap_ctdb.c | 6 ++++-- > > > - source3/lib/dbwrap/dbwrap_ctdb.h | 3 ++- > > > - source3/lib/dbwrap/dbwrap_open.c | 2 +- > > > - source3/torture/test_dbwrap_ctdb.c | 2 +- > > > - 4 files changed, 8 insertions(+), 5 deletions(-) > > > - > > > -diff --git a/source3/lib/dbwrap/dbwrap_ctdb.c b/source3/lib/dbwrap/d= bwrap_ctdb.c > > > -index 5a473f9..af7a72f 100644 > > > ---- a/source3/lib/dbwrap/dbwrap_ctdb.c > > > -+++ b/source3/lib/dbwrap/dbwrap_ctdb.c > > > -@@ -1498,7 +1498,8 @@ struct db_context *db_open_ctdb(TALLOC_CTX *me= m_ctx, > > > - const char *name, > > > - int hash_size, int tdb_flags, > > > - int open_flags, mode_t mode, > > > -- enum dbwrap_lock_order lock_order) > > > -+ enum dbwrap_lock_order lock_order, > > > -+ uint64_t dbwrap_flags) > > > - { > > > - struct db_context *result; > > > - struct db_ctdb_ctx *db_ctdb; > > > -@@ -1624,7 +1625,8 @@ struct db_context *db_open_ctdb(TALLOC_CTX *me= m_ctx, > > > - const char *name, > > > - int hash_size, int tdb_flags, > > > - int open_flags, mode_t mode, > > > -- enum dbwrap_lock_order lock_order) > > > -+ enum dbwrap_lock_order lock_order, > > > -+ uint64_t dbwrap_flags) > > > - { > > > - DEBUG(3, ("db_open_ctdb: no cluster support!\n")); > > > - errno =3D ENOSYS; > > > -diff --git a/source3/lib/dbwrap/dbwrap_ctdb.h b/source3/lib/dbwrap/d= bwrap_ctdb.h > > > -index bfbe3bd..3196b91 100644 > > > ---- a/source3/lib/dbwrap/dbwrap_ctdb.h > > > -+++ b/source3/lib/dbwrap/dbwrap_ctdb.h > > > -@@ -31,6 +31,7 @@ struct db_context *db_open_ctdb(TALLOC_CTX *mem_ct= x, > > > - const char *name, > > > - int hash_size, int tdb_flags, > > > - int open_flags, mode_t mode, > > > -- enum dbwrap_lock_order lock_order); > > > -+ enum dbwrap_lock_order lock_order, > > > -+ uint64_t dbwrap_flags); > > > -=20 > > > - #endif /* __DBWRAP_CTDB_H__ */ > > > -diff --git a/source3/lib/dbwrap/dbwrap_open.c b/source3/lib/dbwrap/d= bwrap_open.c > > > -index 6c9280c..61324f7 100644 > > > ---- a/source3/lib/dbwrap/dbwrap_open.c > > > -+++ b/source3/lib/dbwrap/dbwrap_open.c > > > -@@ -104,7 +104,7 @@ struct db_context *db_open(TALLOC_CTX *mem_ctx, > > > - if (lp_parm_bool(-1, "ctdb", partname, True)) { > > > - result =3D db_open_ctdb(mem_ctx, partname, hash_size, > > > - tdb_flags, open_flags, mode, > > > -- lock_order); > > > -+ lock_order, dbwrap_flags); > > > - if (result =3D=3D NULL) { > > > - DEBUG(0,("failed to attach to ctdb %s\n", > > > - partname)); > > > -diff --git a/source3/torture/test_dbwrap_ctdb.c b/source3/torture/te= st_dbwrap_ctdb.c > > > -index f7672ba..d7380b1 100644 > > > ---- a/source3/torture/test_dbwrap_ctdb.c > > > -+++ b/source3/torture/test_dbwrap_ctdb.c > > > -@@ -32,7 +32,7 @@ bool run_local_dbwrap_ctdb(int dummy) > > > - uint32_t val; > > > -=20 > > > - db =3D db_open_ctdb(talloc_tos(), "torture.tdb", 0, TDB_DEFAULT, > > > -- O_RDWR, 0755, DBWRAP_LOCK_ORDER_1); > > > -+ O_RDWR, 0755, DBWRAP_LOCK_ORDER_1, DBWRAP_FLAG_NONE); > > > - if (db =3D=3D NULL) { > > > - perror("db_open_ctdb failed"); > > > - goto fail; > > > ---=20 > > > -1.9.3 > > > - > > > - > > > -From 4f2d14112981d03000b533458e2e60a032d052de Mon Sep 17 00:00:00 20= 01 > > > -From: Michael Adam > > > -Date: Tue, 28 Jan 2014 11:31:44 +0100 > > > -Subject: [PATCH 237/249] dbwrap: add DBWRAP_FLAG_OPTIMIZE_READONLY_A= CCESS > > > - > > > -Signed-off-by: Michael Adam > > > -Reviewed-by: Stefan Metzmacher > > > -(cherry picked from commit 56bd4040889dfe492ff820497b7a6d76624a6048) > > > ---- > > > - lib/dbwrap/dbwrap.h | 1 + > > > - 1 file changed, 1 insertion(+) > > > - > > > -diff --git a/lib/dbwrap/dbwrap.h b/lib/dbwrap/dbwrap.h > > > -index 4064ba2..02b4405 100644 > > > ---- a/lib/dbwrap/dbwrap.h > > > -+++ b/lib/dbwrap/dbwrap.h > > > -@@ -33,6 +33,7 @@ enum dbwrap_lock_order { > > > - #define DBWRAP_LOCK_ORDER_MAX DBWRAP_LOCK_ORDER_3 > > > -=20 > > > - #define DBWRAP_FLAG_NONE 0x0000000000000000ULL > > > -+#define DBWRAP_FLAG_OPTIMIZE_READONLY_ACCESS 0x0000000000000001ULL > > > -=20 > > > - /* The following definitions come from lib/dbwrap.c */ > > > -=20 > > > ---=20 > > > -1.9.3 > > > - > > > - > > > -From a007f8f7f627c4347f48bd2446637aab137e0608 Mon Sep 17 00:00:00 20= 01 > > > -From: Stefan Metzmacher > > > -Date: Tue, 28 Jan 2014 21:24:22 +0100 > > > -Subject: [PATCH 238/249] dbwrap_ctdb: implement > > > - DBWRAP_FLAG_OPTIMIZE_READONLY_ACCESS > > > - > > > -For non-persistent databases we try to use CTDB_CONTROL_SET_DB_READO= NLY > > > -in order to make use of readonly records. > > > - > > > -Pair-Programmed-With: Michael Adam > > > - > > > -Signed-off-by: Stefan Metzmacher > > > -Signed-off-by: Michael Adam > > > -(cherry picked from commit a97b588b63f437d25c4344c76014326dbf0cbdb0) > > > ---- > > > - source3/lib/dbwrap/dbwrap_ctdb.c | 21 +++++++++++++++++++++ > > > - 1 file changed, 21 insertions(+) > > > - > > > -diff --git a/source3/lib/dbwrap/dbwrap_ctdb.c b/source3/lib/dbwrap/d= bwrap_ctdb.c > > > -index af7a72f..3dc86d1 100644 > > > ---- a/source3/lib/dbwrap/dbwrap_ctdb.c > > > -+++ b/source3/lib/dbwrap/dbwrap_ctdb.c > > > -@@ -1578,6 +1578,27 @@ struct db_context *db_open_ctdb(TALLOC_CTX *m= em_ctx, > > > - return NULL; > > > - } > > > -=20 > > > -+#ifdef HAVE_CTDB_WANT_READONLY_DECL > > > -+ if (!result->persistent && > > > -+ (dbwrap_flags & DBWRAP_FLAG_OPTIMIZE_READONLY_ACCESS)) > > > -+ { > > > -+ TDB_DATA indata; > > > -+ > > > -+ indata =3D make_tdb_data((uint8_t *)&db_ctdb->db_id, > > > -+ sizeof(db_ctdb->db_id)); > > > -+ > > > -+ status =3D ctdbd_control_local( > > > -+ conn, CTDB_CONTROL_SET_DB_READONLY, 0, 0, indata, > > > -+ NULL, NULL, &cstatus); > > > -+ if (!NT_STATUS_IS_OK(status) || (cstatus !=3D 0)) { > > > -+ DEBUG(1, ("CTDB_CONTROL_SET_DB_READONLY failed: " > > > -+ "%s, %d\n", nt_errstr(status), cstatus)); > > > -+ TALLOC_FREE(result); > > > -+ return NULL; > > > -+ } > > > -+ } > > > -+#endif > > > -+ > > > - lp_ctx =3D loadparm_init_s3(db_path, loadparm_s3_helpers()); > > > -=20 > > > - db_ctdb->wtdb =3D tdb_wrap_open(db_ctdb, db_path, hash_size, tdb_f= lags, > > > ---=20 > > > -1.9.3 > > > - > > > - > > > -From d1ea222d46a594d45422eacccbd655d7e488792a Mon Sep 17 00:00:00 20= 01 > > > -From: Stefan Metzmacher > > > -Date: Tue, 28 Jan 2014 21:31:17 +0100 > > > -Subject: [PATCH 239/249] dbwrap_open: add 'dbwrap_optimize_readonly:= * =3D yes' > > > - option > > > - > > > -Signed-off-by: Stefan Metzmacher > > > -Reviewed-by: Michael Adam > > > -(cherry picked from commit a20c977c7a58a0c09d01bfa046c00fcd3f1462de) > > > ---- > > > - source3/lib/dbwrap/dbwrap_open.c | 25 +++++++++++++++++++++++++ > > > - 1 file changed, 25 insertions(+) > > > - > > > -diff --git a/source3/lib/dbwrap/dbwrap_open.c b/source3/lib/dbwrap/d= bwrap_open.c > > > -index 61324f7..7f3cddf 100644 > > > ---- a/source3/lib/dbwrap/dbwrap_open.c > > > -+++ b/source3/lib/dbwrap/dbwrap_open.c > > > -@@ -81,6 +81,31 @@ struct db_context *db_open(TALLOC_CTX *mem_ctx, > > > - return NULL; > > > - } > > > -=20 > > > -+ if (tdb_flags & TDB_CLEAR_IF_FIRST) { > > > -+ const char *base; > > > -+ bool try_readonly =3D false; > > > -+ > > > -+ base =3D strrchr_m(name, '/'); > > > -+ if (base !=3D NULL) { > > > -+ base +=3D 1; > > > -+ } else { > > > -+ base =3D name; > > > -+ } > > > -+ > > > -+ if (dbwrap_flags & DBWRAP_FLAG_OPTIMIZE_READONLY_ACCESS) { > > > -+ try_readonly =3D true; > > > -+ } > > > -+ > > > -+ try_readonly =3D lp_parm_bool(-1, "dbwrap_optimize_readonly", "*"= , try_readonly); > > > -+ try_readonly =3D lp_parm_bool(-1, "dbwrap_optimize_readonly", bas= e, try_readonly); > > > -+ > > > -+ if (try_readonly) { > > > -+ dbwrap_flags |=3D DBWRAP_FLAG_OPTIMIZE_READONLY_ACCESS; > > > -+ } else { > > > -+ dbwrap_flags &=3D ~DBWRAP_FLAG_OPTIMIZE_READONLY_ACCESS; > > > -+ } > > > -+ } > > > -+ > > > - #ifdef CLUSTER_SUPPORT > > > - sockname =3D lp_ctdbd_socket(); > > > -=20 > > > ---=20 > > > -1.9.3 > > > - > > > - > > > -From ce06399f9fab90623a2166d69f1bbfc46f124d73 Mon Sep 17 00:00:00 20= 01 > > > -From: Michael Adam > > > -Date: Mon, 27 Jan 2014 16:21:14 +0100 > > > -Subject: [PATCH 240/249] s3:rpc_client: optimize the netlogon_creds_= cli.tdb > > > - for read-only access > > > - > > > -Usually a record in this DB will be written once and then read > > > -many times by winbindd processes on multiple nodes (when run in > > > -a cluster). In order not to introduce a big performance penalty > > > -with the increased correctness achieved by storing the netlogon > > > -creds, in a cluster setup, we should activate ctdb's read only > > > -record copies on this db. > > > - > > > -Signed-off-by: Michael Adam > > > -Reviewed-by: Stefan Metzmacher > > > -(cherry picked from commit 020fab300d2f4f19301eff19ad810c71f77bbb78) > > > ---- > > > - source3/rpc_client/cli_netlogon.c | 2 +- > > > - 1 file changed, 1 insertion(+), 1 deletion(-) > > > - > > > -diff --git a/source3/rpc_client/cli_netlogon.c b/source3/rpc_client/= cli_netlogon.c > > > -index 9e3c1bd..746c7b6 100644 > > > ---- a/source3/rpc_client/cli_netlogon.c > > > -+++ b/source3/rpc_client/cli_netlogon.c > > > -@@ -70,7 +70,7 @@ NTSTATUS rpccli_pre_open_netlogon_creds(void) > > > - global_db =3D db_open(talloc_autofree_context(), fname, > > > - 0, TDB_CLEAR_IF_FIRST|TDB_INCOMPATIBLE_HASH, > > > - O_RDWR|O_CREAT, 0600, DBWRAP_LOCK_ORDER_2, > > > -- DBWRAP_FLAG_NONE); > > > -+ DBWRAP_FLAG_OPTIMIZE_READONLY_ACCESS); > > > - if (global_db =3D=3D NULL) { > > > - TALLOC_FREE(frame); > > > - return NT_STATUS_NO_MEMORY; > > > ---=20 > > > -1.9.3 > > > - > > > - > > > -From e39b8c0e22e609db117285d47cdbd1d854fe8d02 Mon Sep 17 00:00:00 20= 01 > > > -From: Ira Cooper > > > -Date: Thu, 13 Feb 2014 14:45:23 -0500 > > > -Subject: [PATCH 241/249] libcli: Overflow array index read possible,= in auth > > > - code. > > > - > > > -Changed the if condtion to detect when we'd improperly overflow. > > > - > > > -Coverity-Id: 1167990 > > > -Signed-off-by: Ira Cooper > > > -Reviewed-by: Stefan Metzmacher > > > - > > > -Autobuild-User(master): Ira Cooper > > > -Autobuild-Date(master): Mon Feb 24 11:56:38 CET 2014 on sn-devel-104 > > > - > > > -(cherry picked from commit 8cd8aa6686c21e8c43a6d14c0ae1a21954d6e8cd) > > > ---- > > > - libcli/auth/netlogon_creds_cli.c | 2 +- > > > - 1 file changed, 1 insertion(+), 1 deletion(-) > > > - > > > -diff --git a/libcli/auth/netlogon_creds_cli.c b/libcli/auth/netlogon= _creds_cli.c > > > -index 88893ad..e3cf91c 100644 > > > ---- a/libcli/auth/netlogon_creds_cli.c > > > -+++ b/libcli/auth/netlogon_creds_cli.c > > > -@@ -1769,7 +1769,7 @@ struct tevent_req *netlogon_creds_cli_ServerPa= sswordSet_send(TALLOC_CTX *mem_ctx > > > - uint32_t ofs =3D 512 - len; > > > - uint8_t *p; > > > -=20 > > > -- if (ofs < 12) { > > > -+ if (len > 500) { > > > - tevent_req_nterror(req, NT_STATUS_INVALID_PARAMETER_MIX); > > > - return tevent_req_post(req, ev); > > > - } > > > ---=20 > > > -1.9.3 > > > - > > > - > > > -From 4e15aa86c44e906ca30cfa4589e4f45f23625953 Mon Sep 17 00:00:00 20= 01 > > > -From: =3D?UTF-8?q?G=3DC3=3DBCnther=3D20Deschner?=3D > > > -Date: Tue, 15 Jul 2014 08:28:42 +0200 > > > -Subject: [PATCH 242/249] s3-rpc_client: return info3 in > > > - rpccli_netlogon_password_logon(). > > > -MIME-Version: 1.0 > > > -Content-Type: text/plain; charset=3DUTF-8 > > > -Content-Transfer-Encoding: 8bit > > > - > > > -Guenther > > > - > > > -Signed-off-by: G=C3=BCnther Deschner > > > -Pair-Programmed-With: Andreas Schneider > > > -Reviewed-by: Andreas Schneider > > > ---- > > > - source3/rpc_client/cli_netlogon.c | 103 +++++++++++++++++++++------= ----------- > > > - source3/rpc_client/cli_netlogon.h | 4 +- > > > - source3/rpcclient/cmd_netlogon.c | 5 +- > > > - 3 files changed, 64 insertions(+), 48 deletions(-) > > > - > > > -diff --git a/source3/rpc_client/cli_netlogon.c b/source3/rpc_client/= cli_netlogon.c > > > -index 746c7b6..7063351 100644 > > > ---- a/source3/rpc_client/cli_netlogon.c > > > -+++ b/source3/rpc_client/cli_netlogon.c > > > -@@ -193,16 +193,65 @@ NTSTATUS rpccli_setup_netlogon_creds(struct cl= i_state *cli, > > > - return NT_STATUS_OK; > > > - } > > > -=20 > > > -+static NTSTATUS map_validation_to_info3(TALLOC_CTX *mem_ctx, > > > -+ uint16_t validation_level, > > > -+ union netr_Validation *validation, > > > -+ struct netr_SamInfo3 **info3_p) > > > -+{ > > > -+ struct netr_SamInfo3 *info3; > > > -+ NTSTATUS status; > > > -+ > > > -+ if (validation =3D=3D NULL) { > > > -+ return NT_STATUS_INVALID_PARAMETER; > > > -+ } > > > -+ > > > -+ switch (validation_level) { > > > -+ case 3: > > > -+ if (validation->sam3 =3D=3D NULL) { > > > -+ return NT_STATUS_INVALID_PARAMETER; > > > -+ } > > > -+ > > > -+ info3 =3D talloc_move(mem_ctx, &validation->sam3); > > > -+ break; > > > -+ case 6: > > > -+ if (validation->sam6 =3D=3D NULL) { > > > -+ return NT_STATUS_INVALID_PARAMETER; > > > -+ } > > > -+ > > > -+ info3 =3D talloc_zero(mem_ctx, struct netr_SamInfo3); > > > -+ if (info3 =3D=3D NULL) { > > > -+ return NT_STATUS_NO_MEMORY; > > > -+ } > > > -+ status =3D copy_netr_SamBaseInfo(info3, &validation->sam6->base, = &info3->base); > > > -+ if (!NT_STATUS_IS_OK(status)) { > > > -+ TALLOC_FREE(info3); > > > -+ return status; > > > -+ } > > > -+ > > > -+ info3->sidcount =3D validation->sam6->sidcount; > > > -+ info3->sids =3D talloc_move(info3, &validation->sam6->sids); > > > -+ break; > > > -+ default: > > > -+ return NT_STATUS_BAD_VALIDATION_CLASS; > > > -+ } > > > -+ > > > -+ *info3_p =3D info3; > > > -+ > > > -+ return NT_STATUS_OK; > > > -+} > > > -+ > > > - /* Logon domain user */ > > > -=20 > > > - NTSTATUS rpccli_netlogon_password_logon(struct netlogon_creds_cli_c= ontext *creds, > > > - struct dcerpc_binding_handle *binding_handle, > > > -+ TALLOC_CTX *mem_ctx, > > > - uint32_t logon_parameters, > > > - const char *domain, > > > - const char *username, > > > - const char *password, > > > - const char *workstation, > > > -- enum netr_LogonInfoClass logon_type) > > > -+ enum netr_LogonInfoClass logon_type, > > > -+ struct netr_SamInfo3 **info3) > > > - { > > > - TALLOC_CTX *frame =3D talloc_stackframe(); > > > - NTSTATUS status; > > > -@@ -320,57 +369,19 @@ NTSTATUS rpccli_netlogon_password_logon(struct= netlogon_creds_cli_context *creds > > > - &validation, > > > - &authoritative, > > > - &flags); > > > -- TALLOC_FREE(frame); > > > - if (!NT_STATUS_IS_OK(status)) { > > > -+ TALLOC_FREE(frame); > > > - return status; > > > - } > > > -=20 > > > -- return NT_STATUS_OK; > > > --} > > > -- > > > --static NTSTATUS map_validation_to_info3(TALLOC_CTX *mem_ctx, > > > -- uint16_t validation_level, > > > -- union netr_Validation *validation, > > > -- struct netr_SamInfo3 **info3_p) > > > --{ > > > -- struct netr_SamInfo3 *info3; > > > -- NTSTATUS status; > > > -- > > > -- if (validation =3D=3D NULL) { > > > -- return NT_STATUS_INVALID_PARAMETER; > > > -- } > > > -- > > > -- switch (validation_level) { > > > -- case 3: > > > -- if (validation->sam3 =3D=3D NULL) { > > > -- return NT_STATUS_INVALID_PARAMETER; > > > -- } > > > -- > > > -- info3 =3D talloc_move(mem_ctx, &validation->sam3); > > > -- break; > > > -- case 6: > > > -- if (validation->sam6 =3D=3D NULL) { > > > -- return NT_STATUS_INVALID_PARAMETER; > > > -- } > > > -- > > > -- info3 =3D talloc_zero(mem_ctx, struct netr_SamInfo3); > > > -- if (info3 =3D=3D NULL) { > > > -- return NT_STATUS_NO_MEMORY; > > > -- } > > > -- status =3D copy_netr_SamBaseInfo(info3, &validation->sam6->base, = &info3->base); > > > -- if (!NT_STATUS_IS_OK(status)) { > > > -- TALLOC_FREE(info3); > > > -- return status; > > > -- } > > > -- > > > -- info3->sidcount =3D validation->sam6->sidcount; > > > -- info3->sids =3D talloc_move(info3, &validation->sam6->sids); > > > -- break; > > > -- default: > > > -- return NT_STATUS_BAD_VALIDATION_CLASS; > > > -+ status =3D map_validation_to_info3(mem_ctx, > > > -+ validation_level, validation, > > > -+ info3); > > > -+ TALLOC_FREE(frame); > > > -+ if (!NT_STATUS_IS_OK(status)) { > > > -+ return status; > > > - } > > > -=20 > > > -- *info3_p =3D info3; > > > -=20 > > > - return NT_STATUS_OK; > > > - } > > > -diff --git a/source3/rpc_client/cli_netlogon.h b/source3/rpc_client/= cli_netlogon.h > > > -index 61fed4a..fee0801 100644 > > > ---- a/source3/rpc_client/cli_netlogon.h > > > -+++ b/source3/rpc_client/cli_netlogon.h > > > -@@ -45,12 +45,14 @@ NTSTATUS rpccli_setup_netlogon_creds(struct cli_= state *cli, > > > - const struct samr_Password *previous_nt_hash); > > > - NTSTATUS rpccli_netlogon_password_logon(struct netlogon_creds_cli_c= ontext *creds, > > > - struct dcerpc_binding_handle *binding_handle, > > > -+ TALLOC_CTX *mem_ctx, > > > - uint32_t logon_parameters, > > > - const char *domain, > > > - const char *username, > > > - const char *password, > > > - const char *workstation, > > > -- enum netr_LogonInfoClass logon_type); > > > -+ enum netr_LogonInfoClass logon_type, > > > -+ struct netr_SamInfo3 **info3); > > > - NTSTATUS rpccli_netlogon_network_logon(struct netlogon_creds_cli_co= ntext *creds, > > > - struct dcerpc_binding_handle *binding_handle, > > > - TALLOC_CTX *mem_ctx, > > > -diff --git a/source3/rpcclient/cmd_netlogon.c b/source3/rpcclient/cm= d_netlogon.c > > > -index b637b3e..2d1c351 100644 > > > ---- a/source3/rpcclient/cmd_netlogon.c > > > -+++ b/source3/rpcclient/cmd_netlogon.c > > > -@@ -778,6 +778,7 @@ static NTSTATUS cmd_netlogon_sam_logon(struct rp= c_pipe_client *cli, > > > - const char *username, *password; > > > - uint32 logon_param =3D 0; > > > - const char *workstation =3D NULL; > > > -+ struct netr_SamInfo3 *info3 =3D NULL; > > > -=20 > > > - /* Check arguments */ > > > -=20 > > > -@@ -803,12 +804,14 @@ static NTSTATUS cmd_netlogon_sam_logon(struct = rpc_pipe_client *cli, > > > -=20 > > > - result =3D rpccli_netlogon_password_logon(rpcclient_netlogon_creds, > > > - cli->binding_handle, > > > -+ mem_ctx, > > > - logon_param, > > > - lp_workgroup(), > > > - username, > > > - password, > > > - workstation, > > > -- logon_type); > > > -+ logon_type, > > > -+ &info3); > > > - if (!NT_STATUS_IS_OK(result)) > > > - goto done; > > > -=20 > > > ---=20 > > > -1.9.3 > > > - > > > - > > > -From 3459fada96951a57a787944aedc01caabe873c9d Mon Sep 17 00:00:00 20= 01 > > > -From: =3D?UTF-8?q?G=3DC3=3DBCnther=3D20Deschner?=3D > > > -Date: Tue, 15 Jul 2014 08:29:55 +0200 > > > -Subject: [PATCH 243/249] s3-winbindd: call interactive samlogon via > > > - rpccli_netlogon_password_logon. > > > - > > > -Guenther > > > - > > > -Signed-off-by: Guenther Deschner > > > -Pair-Programmed-With: Andreas Schneider > > > -Reviewed-by: Andreas Schneider > > > - > > > -Conflicts: > > > - source3/winbindd/winbindd_pam.c > > > ---- > > > - source3/winbindd/winbindd_pam.c | 45 +++++++++++++++++++++++++++++-= ----------- > > > - 1 file changed, 32 insertions(+), 13 deletions(-) > > > - > > > -diff --git a/source3/winbindd/winbindd_pam.c b/source3/winbindd/winb= indd_pam.c > > > -index 3f3ec70..2a1b74a 100644 > > > ---- a/source3/winbindd/winbindd_pam.c > > > -+++ b/source3/winbindd/winbindd_pam.c > > > -@@ -1214,11 +1214,13 @@ static NTSTATUS winbind_samlogon_retry_loop(= struct winbindd_domain *domain, > > > - uint32_t logon_parameters, > > > - const char *server, > > > - const char *username, > > > -+ const char *password, > > > - const char *domainname, > > > - const char *workstation, > > > - const uint8_t chal[8], > > > - DATA_BLOB lm_response, > > > - DATA_BLOB nt_response, > > > -+ bool interactive, > > > - struct netr_SamInfo3 **info3) > > > - { > > > - int attempts =3D 0; > > > -@@ -1278,19 +1280,32 @@ static NTSTATUS winbind_samlogon_retry_loop(= struct winbindd_domain *domain, > > > - } > > > - netr_attempts =3D 0; > > > -=20 > > > -- result =3D rpccli_netlogon_network_logon(domain->conn.netlogon_cr= eds, > > > -- netlogon_pipe->binding_handle, > > > -- mem_ctx, > > > -- logon_parameters, > > > -- username, > > > -- domainname, > > > -- workstation, > > > -- chal, > > > -- lm_response, > > > -- nt_response, > > > -- &authoritative, > > > -- &flags, > > > -- info3); > > > -+ if (interactive && username !=3D NULL && password !=3D NULL) { > > > -+ result =3D rpccli_netlogon_password_logon(domain->conn.netlogon_= creds, > > > -+ netlogon_pipe->binding_handle, > > > -+ mem_ctx, > > > -+ logon_parameters, > > > -+ domainname, > > > -+ username, > > > -+ password, > > > -+ workstation, > > > -+ NetlogonInteractiveInformation, > > > -+ info3); > > > -+ } else { > > > -+ result =3D rpccli_netlogon_network_logon(domain->conn.netlogon_c= reds, > > > -+ netlogon_pipe->binding_handle, > > > -+ mem_ctx, > > > -+ logon_parameters, > > > -+ username, > > > -+ domainname, > > > -+ workstation, > > > -+ chal, > > > -+ lm_response, > > > -+ nt_response, > > > -+ &authoritative, > > > -+ &flags, > > > -+ info3); > > > -+ } > > > -=20 > > > - /* > > > - * we increment this after the "feature negotiation" > > > -@@ -1433,11 +1448,13 @@ static NTSTATUS winbindd_dual_pam_auth_samlo= gon(TALLOC_CTX *mem_ctx, > > > - 0, > > > - domain->dcname, > > > - name_user, > > > -+ pass, > > > - name_domain, > > > - lp_netbios_name(), > > > - chal, > > > - lm_resp, > > > - nt_resp, > > > -+ true, /* interactive */ > > > - &my_info3); > > > - if (!NT_STATUS_IS_OK(result)) { > > > - goto done; > > > -@@ -1856,12 +1873,14 @@ enum winbindd_result winbindd_dual_pam_auth_= crap(struct winbindd_domain *domain, > > > - state->request->data.auth_crap.logon_parameters, > > > - domain->dcname, > > > - name_user, > > > -+ NULL, /* password */ > > > - name_domain, > > > - /* Bug #3248 - found by Stefan Burkei. */ > > > - workstation, /* We carefully set this above so use it... = */ > > > - state->request->data.auth_crap.chal, > > > - lm_resp, > > > - nt_resp, > > > -+ false, /* interactive */ > > > - &info3); > > > - if (!NT_STATUS_IS_OK(result)) { > > > - goto done; > > > ---=20 > > > -1.9.3 > > > - > > > - > > > -From ad27b750ea3766581e528a41c132bb57927cc64c Mon Sep 17 00:00:00 20= 01 > > > -From: =3D?UTF-8?q?G=3DC3=3DBCnther=3D20Deschner?=3D > > > -Date: Mon, 7 Jul 2014 17:14:37 +0200 > > > -Subject: [PATCH 244/249] s3-winbindd: add wcache_query_user_fullname= (). > > > -MIME-Version: 1.0 > > > -Content-Type: text/plain; charset=3DUTF-8 > > > -Content-Transfer-Encoding: 8bit > > > - > > > -This helper function is used to query the full name of a cached user= object (for > > > -further gecos processing). > > > - > > > -Thanks to Matt Rogers . > > > - > > > -BUG: https://bugzilla.samba.org/show_bug.cgi?id=3D10440 > > > - > > > -Guenther > > > - > > > -Pair-Programmed-With: Andreas Schneider > > > -Signed-off-by: G=C3=BCnther Deschner > > > -Reviewed-by: Andreas Schneider > > > ---- > > > - source3/winbindd/winbindd_cache.c | 34 ++++++++++++++++++++++++++++= ++++++ > > > - source3/winbindd/winbindd_proto.h | 4 ++++ > > > - 2 files changed, 38 insertions(+) > > > - > > > -diff --git a/source3/winbindd/winbindd_cache.c b/source3/winbindd/wi= nbindd_cache.c > > > -index 59ce515..d1e10e6c 100644 > > > ---- a/source3/winbindd/winbindd_cache.c > > > -+++ b/source3/winbindd/winbindd_cache.c > > > -@@ -2309,6 +2309,40 @@ NTSTATUS wcache_query_user(struct winbindd_do= main *domain, > > > - return status; > > > - } > > > -=20 > > > -+ > > > -+/** > > > -+* @brief Query a fullname from the username cache (for further geco= s processing) > > > -+* > > > -+* @param domain A pointer to the winbindd_domain struct. > > > -+* @param mem_ctx The talloc context. > > > -+* @param user_sid The user sid. > > > -+* @param full_name A pointer to the full_name string. > > > -+* > > > -+* @return NTSTATUS code > > > -+*/ > > > -+NTSTATUS wcache_query_user_fullname(struct winbindd_domain *domain, > > > -+ TALLOC_CTX *mem_ctx, > > > -+ const struct dom_sid *user_sid, > > > -+ const char **full_name) > > > -+{ > > > -+ NTSTATUS status; > > > -+ struct wbint_userinfo info; > > > -+ > > > -+ status =3D wcache_query_user(domain, mem_ctx, user_sid, &info); > > > -+ if (!NT_STATUS_IS_OK(status)) { > > > -+ return status; > > > -+ } > > > -+ > > > -+ if (info.full_name !=3D NULL) { > > > -+ *full_name =3D talloc_strdup(mem_ctx, info.full_name); > > > -+ if (*full_name =3D=3D NULL) { > > > -+ return NT_STATUS_NO_MEMORY; > > > -+ } > > > -+ } > > > -+ > > > -+ return NT_STATUS_OK; > > > -+} > > > -+ > > > - /* Lookup user information from a rid */ > > > - static NTSTATUS query_user(struct winbindd_domain *domain, > > > - TALLOC_CTX *mem_ctx, > > > -diff --git a/source3/winbindd/winbindd_proto.h b/source3/winbindd/wi= nbindd_proto.h > > > -index cfc19d0..cfb7812 100644 > > > ---- a/source3/winbindd/winbindd_proto.h > > > -+++ b/source3/winbindd/winbindd_proto.h > > > -@@ -105,6 +105,10 @@ NTSTATUS wcache_query_user(struct winbindd_doma= in *domain, > > > - TALLOC_CTX *mem_ctx, > > > - const struct dom_sid *user_sid, > > > - struct wbint_userinfo *info); > > > -+NTSTATUS wcache_query_user_fullname(struct winbindd_domain *domain, > > > -+ TALLOC_CTX *mem_ctx, > > > -+ const struct dom_sid *user_sid, > > > -+ const char **full_name); > > > - NTSTATUS wcache_lookup_useraliases(struct winbindd_domain *domain, > > > - TALLOC_CTX *mem_ctx, > > > - uint32 num_sids, const struct dom_sid *sids, > > > ---=20 > > > -1.9.3 > > > - > > > - > > > -From e89ca0b90887930a2f86dcaa4f6d3d05565f919c Mon Sep 17 00:00:00 20= 01 > > > -From: =3D?UTF-8?q?G=3DC3=3DBCnther=3D20Deschner?=3D > > > -Date: Mon, 7 Jul 2014 17:16:32 +0200 > > > -Subject: [PATCH 245/249] s3-winbindd: use wcache_query_user_fullname= after > > > - inspecting samlogon cache. > > > - > > > -The reason for this followup query is that very often the samlogon c= ache only > > > -contains a info3 netlogon user structure that has been retrieved dur= ing a > > > -netlogon samlogon authentication using "network" logon level. With t= hat logon > > > -level only a few info3 fields are filled in; the user's fullname is = never filled > > > -in that case. This is problematic when the cache is used to fill in = the user's > > > -gecos field (for NSS queries). When we have retrieved the user's ful= lname during > > > -other queries, reuse it from the other caches. > > > - > > > -Thanks to Matt Rogers . > > > - > > > -BUG: https://bugzilla.samba.org/show_bug.cgi?id=3D10440 > > > - > > > -Guenther > > > - > > > -Pair-Programmed-With: Andreas Schneider > > > -Signed-off-by: Guenther Deschner > > > -Reviewed-by: Andreas Schneider > > > ---- > > > - source3/winbindd/winbindd_ads.c | 8 ++++++++ > > > - source3/winbindd/winbindd_msrpc.c | 8 ++++++++ > > > - source3/winbindd/winbindd_pam.c | 20 ++++++++++++++++++++ > > > - 3 files changed, 36 insertions(+) > > > - > > > -diff --git a/source3/winbindd/winbindd_ads.c b/source3/winbindd/winb= indd_ads.c > > > -index 4c26389..a20fba5 100644 > > > ---- a/source3/winbindd/winbindd_ads.c > > > -+++ b/source3/winbindd/winbindd_ads.c > > > -@@ -619,6 +619,14 @@ static NTSTATUS query_user(struct winbindd_doma= in *domain, > > > -=20 > > > - TALLOC_FREE(user); > > > -=20 > > > -+ if (info->full_name =3D=3D NULL) { > > > -+ /* this might fail so we dont check the return code */ > > > -+ wcache_query_user_fullname(domain, > > > -+ mem_ctx, > > > -+ sid, > > > -+ &info->full_name); > > > -+ } > > > -+ > > > - return NT_STATUS_OK; > > > - } > > > -=20 > > > -diff --git a/source3/winbindd/winbindd_msrpc.c b/source3/winbindd/wi= nbindd_msrpc.c > > > -index 426d64c..c097bf3 100644 > > > ---- a/source3/winbindd/winbindd_msrpc.c > > > -+++ b/source3/winbindd/winbindd_msrpc.c > > > -@@ -439,6 +439,14 @@ static NTSTATUS msrpc_query_user(struct winbind= d_domain *domain, > > > - user_info->full_name =3D talloc_strdup(user_info, > > > - user->base.full_name.string); > > > -=20 > > > -+ if (user_info->full_name =3D=3D NULL) { > > > -+ /* this might fail so we dont check the return code */ > > > -+ wcache_query_user_fullname(domain, > > > -+ mem_ctx, > > > -+ user_sid, > > > -+ &user_info->full_name); > > > -+ } > > > -+ > > > - status =3D NT_STATUS_OK; > > > - goto done; > > > - } > > > -diff --git a/source3/winbindd/winbindd_pam.c b/source3/winbindd/winb= indd_pam.c > > > -index 2a1b74a..bf71d97 100644 > > > ---- a/source3/winbindd/winbindd_pam.c > > > -+++ b/source3/winbindd/winbindd_pam.c > > > -@@ -1720,6 +1720,26 @@ process_result: > > > - sid_compose(&user_sid, info3->base.domain_sid, > > > - info3->base.rid); > > > -=20 > > > -+ if (info3->base.full_name.string =3D=3D NULL) { > > > -+ struct netr_SamInfo3 *cached_info3; > > > -+ > > > -+ cached_info3 =3D netsamlogon_cache_get(state->mem_ctx, > > > -+ &user_sid); > > > -+ if (cached_info3 !=3D NULL && > > > -+ cached_info3->base.full_name.string !=3D NULL) { > > > -+ info3->base.full_name.string =3D > > > -+ talloc_strdup(info3, > > > -+ cached_info3->base.full_name.string); > > > -+ } else { > > > -+ > > > -+ /* this might fail so we dont check the return code */ > > > -+ wcache_query_user_fullname(domain, > > > -+ info3, > > > -+ &user_sid, > > > -+ &info3->base.full_name.string); > > > -+ } > > > -+ } > > > -+ > > > - wcache_invalidate_samlogon(find_domain_from_name(name_domain), > > > - &user_sid); > > > - netsamlogon_cache_store(name_user, info3); > > > ---=20 > > > -1.9.3 > > > - > > > - > > > -From aa042d490b2cccb7b6cc394e024004321a6c156c Mon Sep 17 00:00:00 20= 01 > > > -From: =3D?UTF-8?q?G=3DC3=3DBCnther=3D20Deschner?=3D > > > -Date: Wed, 9 Jul 2014 13:36:06 +0200 > > > -Subject: [PATCH 246/249] samlogon_cache: use a talloc_stackframe ins= ide > > > - netsamlogon_cache_store. > > > -MIME-Version: 1.0 > > > -Content-Type: text/plain; charset=3DUTF-8 > > > -Content-Transfer-Encoding: 8bit > > > - > > > -Guenther > > > - > > > -Signed-off-by: G=C3=BCnther Deschner > > > -Reviewed-by: Andreas Schneider > > > ---- > > > - source3/libsmb/samlogon_cache.c | 13 ++++--------- > > > - 1 file changed, 4 insertions(+), 9 deletions(-) > > > - > > > -diff --git a/source3/libsmb/samlogon_cache.c b/source3/libsmb/samlog= on_cache.c > > > -index b04cf0a..f7457ae 100644 > > > ---- a/source3/libsmb/samlogon_cache.c > > > -+++ b/source3/libsmb/samlogon_cache.c > > > -@@ -125,7 +125,7 @@ bool netsamlogon_cache_store(const char *usernam= e, struct netr_SamInfo3 *info3) > > > - bool result =3D false; > > > - struct dom_sid user_sid; > > > - time_t t =3D time(NULL); > > > -- TALLOC_CTX *mem_ctx; > > > -+ TALLOC_CTX *tmp_ctx =3D talloc_stackframe(); > > > - DATA_BLOB blob; > > > - enum ndr_err_code ndr_err; > > > - struct netsamlogoncache_entry r; > > > -@@ -149,11 +149,6 @@ bool netsamlogon_cache_store(const char *userna= me, struct netr_SamInfo3 *info3) > > > -=20 > > > - /* Prepare data */ > > > -=20 > > > -- if (!(mem_ctx =3D talloc( NULL, int))) { > > > -- DEBUG(0,("netsamlogon_cache_store: talloc() failed!\n")); > > > -- return false; > > > -- } > > > -- > > > - /* only Samba fills in the username, not sure why NT doesn't */ > > > - /* so we fill it in since winbindd_getpwnam() makes use of it */ > > > -=20 > > > -@@ -168,11 +163,11 @@ bool netsamlogon_cache_store(const char *usern= ame, struct netr_SamInfo3 *info3) > > > - NDR_PRINT_DEBUG(netsamlogoncache_entry, &r); > > > - } > > > -=20 > > > -- ndr_err =3D ndr_push_struct_blob(&blob, mem_ctx, &r, > > > -+ ndr_err =3D ndr_push_struct_blob(&blob, tmp_ctx, &r, > > > - (ndr_push_flags_fn_t)ndr_push_netsamlogoncache_entry); > > > - if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) { > > > - DEBUG(0,("netsamlogon_cache_store: failed to push entry to cache\= n")); > > > -- TALLOC_FREE(mem_ctx); > > > -+ TALLOC_FREE(tmp_ctx); > > > - return false; > > > - } > > > -=20 > > > -@@ -183,7 +178,7 @@ bool netsamlogon_cache_store(const char *usernam= e, struct netr_SamInfo3 *info3) > > > - result =3D true; > > > - } > > > -=20 > > > -- TALLOC_FREE(mem_ctx); > > > -+ TALLOC_FREE(tmp_ctx); > > > -=20 > > > - return result; > > > - } > > > ---=20 > > > -1.9.3 > > > - > > > - > > > -From 8283d1acec0c0afd17197339a4986975d05abf29 Mon Sep 17 00:00:00 20= 01 > > > -From: Andreas Schneider > > > -Date: Thu, 3 Jul 2014 16:17:46 +0200 > > > -Subject: [PATCH 247/249] samlogon_cache: avoid overwriting > > > - info3->base.full_name.string. > > > -MIME-Version: 1.0 > > > -Content-Type: text/plain; charset=3DUTF-8 > > > -Content-Transfer-Encoding: 8bit > > > - > > > -This field servers as a source for the gecos field. We should not ov= erwrite it > > > -when a info3 struct from a samlogon network level gets saved in whic= h case this > > > -field is always NULL. > > > - > > > -BUG: https://bugzilla.samba.org/show_bug.cgi?id=3D10440 > > > - > > > -Signed-off-by: Andreas Schneider > > > -Reviewed-by: Guenther Deschner > > > - > > > -Autobuild-User(master): G=C3=BCnther Deschner > > > -Autobuild-Date(master): Tue Jul 15 18:25:28 CEST 2014 on sn-devel-104 > > > ---- > > > - source3/libsmb/samlogon_cache.c | 14 ++++++++++++++ > > > - 1 file changed, 14 insertions(+) > > > - > > > -diff --git a/source3/libsmb/samlogon_cache.c b/source3/libsmb/samlog= on_cache.c > > > -index f7457ae..0a157d4 100644 > > > ---- a/source3/libsmb/samlogon_cache.c > > > -+++ b/source3/libsmb/samlogon_cache.c > > > -@@ -149,6 +149,20 @@ bool netsamlogon_cache_store(const char *userna= me, struct netr_SamInfo3 *info3) > > > -=20 > > > - /* Prepare data */ > > > -=20 > > > -+ if (info3->base.full_name.string =3D=3D NULL) { > > > -+ struct netr_SamInfo3 *cached_info3; > > > -+ const char *full_name =3D NULL; > > > -+ > > > -+ cached_info3 =3D netsamlogon_cache_get(tmp_ctx, &user_sid); > > > -+ if (cached_info3 !=3D NULL) { > > > -+ full_name =3D cached_info3->base.full_name.string; > > > -+ } > > > -+ > > > -+ if (full_name !=3D NULL) { > > > -+ info3->base.full_name.string =3D talloc_strdup(info3, full_name); > > > -+ } > > > -+ } > > > -+ > > > - /* only Samba fills in the username, not sure why NT doesn't */ > > > - /* so we fill it in since winbindd_getpwnam() makes use of it */ > > > -=20 > > > ---=20 > > > -1.9.3 > > > - > > > - > > > -From fe9d7458001a952d1df23dcd584a1835df5d43d1 Mon Sep 17 00:00:00 20= 01 > > > -From: Andreas Schneider > > > -Date: Thu, 3 Jul 2014 16:19:42 +0200 > > > -Subject: [PATCH 248/249] s3-winbind: Don't set the gecos field to NU= LL. > > > - > > > -The value is loaded from the cache anyway. So it will be set to NULL= if > > > -it is not available. > > > - > > > -BUG: https://bugzilla.samba.org/show_bug.cgi?id=3D10440 > > > - > > > -Signed-off-by: Andreas Schneider > > > -Reviewed-by: Guenther Deschner > > > ---- > > > - source3/winbindd/nss_info_template.c | 1 - > > > - 1 file changed, 1 deletion(-) > > > - > > > -diff --git a/source3/winbindd/nss_info_template.c b/source3/winbindd= /nss_info_template.c > > > -index 5fdfd9b..de93803 100644 > > > ---- a/source3/winbindd/nss_info_template.c > > > -+++ b/source3/winbindd/nss_info_template.c > > > -@@ -48,7 +48,6 @@ static NTSTATUS nss_template_get_info( struct nss_= domain_entry *e, > > > - username */ > > > - *homedir =3D talloc_strdup( ctx, lp_template_homedir() ); > > > - *shell =3D talloc_strdup( ctx, lp_template_shell() ); > > > -- *gecos =3D NULL; > > > -=20 > > > - if ( !*homedir || !*shell ) { > > > - return NT_STATUS_NO_MEMORY; > > > ---=20 > > > -1.9.3 > > > - > > > - > > > -From d2f3347a264bb7b8b0335404348990f52320b672 Mon Sep 17 00:00:00 20= 01 > > > -From: =3D?UTF-8?q?G=3DC3=3DBCnther=3D20Deschner?=3D > > > -Date: Mon, 14 Jul 2014 18:22:26 +0200 > > > -Subject: [PATCH 249/249] s3-winbindd: prefer "displayName" over "nam= e" in ads > > > - user queries for the fullname. > > > - > > > -This makes use more consistent with security=3Ddomain as well where = the gecos > > > -field is also filled using the displayName field. > > > - > > > -Guenther > > > - > > > -Signed-off-by: Guenther Deschner > > > -Pair-Programmed-With: Andreas Schneider > > > -Reviewed-by: Andreas Schneider > > > ---- > > > - source3/winbindd/winbindd_ads.c | 16 +++++++++++----- > > > - 1 file changed, 11 insertions(+), 5 deletions(-) > > > - > > > -diff --git a/source3/winbindd/winbindd_ads.c b/source3/winbindd/winb= indd_ads.c > > > -index a20fba5..4b5b2fa 100644 > > > ---- a/source3/winbindd/winbindd_ads.c > > > -+++ b/source3/winbindd/winbindd_ads.c > > > -@@ -327,7 +327,10 @@ static NTSTATUS query_user_list(struct winbindd= _domain *domain, > > > - } > > > -=20 > > > - info->acct_name =3D ads_pull_username(ads, mem_ctx, msg); > > > -- info->full_name =3D ads_pull_string(ads, mem_ctx, msg, "name"); > > > -+ info->full_name =3D ads_pull_string(ads, mem_ctx, msg, "displayNa= me"); > > > -+ if (info->full_name =3D=3D NULL) { > > > -+ info->full_name =3D ads_pull_string(ads, mem_ctx, msg, "name"); > > > -+ } > > > - info->homedir =3D NULL; > > > - info->shell =3D NULL; > > > - info->primary_gid =3D (gid_t)-1; > > > -@@ -592,7 +595,7 @@ static NTSTATUS query_user(struct winbindd_domai= n *domain, > > > - struct netr_SamInfo3 *user =3D NULL; > > > - gid_t gid =3D -1; > > > - int ret; > > > -- char *ads_name; > > > -+ char *full_name; > > > -=20 > > > - DEBUG(3,("ads: query_user\n")); > > > -=20 > > > -@@ -704,7 +707,10 @@ static NTSTATUS query_user(struct winbindd_doma= in *domain, > > > - * nss_get_info_cached call. nss_get_info_cached might destroy > > > - * the ads struct, potentially invalidating the ldap message. > > > - */ > > > -- ads_name =3D ads_pull_string(ads, mem_ctx, msg, "name"); > > > -+ full_name =3D ads_pull_string(ads, mem_ctx, msg, "displayName"); > > > -+ if (full_name =3D=3D NULL) { > > > -+ full_name =3D ads_pull_string(ads, mem_ctx, msg, "name"); > > > -+ } > > > -=20 > > > - ads_msgfree(ads, msg); > > > - msg =3D NULL; > > > -@@ -720,9 +726,9 @@ static NTSTATUS query_user(struct winbindd_domai= n *domain, > > > - } > > > -=20 > > > - if (info->full_name =3D=3D NULL) { > > > -- info->full_name =3D ads_name; > > > -+ info->full_name =3D full_name; > > > - } else { > > > -- TALLOC_FREE(ads_name); > > > -+ TALLOC_FREE(full_name); > > > - } > > > -=20 > > > - status =3D NT_STATUS_OK; > > > ---=20 > > > -1.9.3 > > > - > > > diff --git a/meta-networking/recipes-connectivity/samba/samba-4.1.12/= 06-fix-nmbd-systemd-status-update.patch b/meta-networking/recipes-connectiv= ity/samba/samba-4.1.12/06-fix-nmbd-systemd-status-update.patch > > > deleted file mode 100644 > > > index 7a7bdf5..0000000 > > > --- a/meta-networking/recipes-connectivity/samba/samba-4.1.12/06-fix-= nmbd-systemd-status-update.patch > > > +++ /dev/null > > > @@ -1,97 +0,0 @@ > > > -From f73c906237aa0c9d45900d69d31c9b39261f062a Mon Sep 17 00:00:00 20= 01 > > > -From: Andreas Schneider > > > -Date: Tue, 16 Sep 2014 18:02:30 +0200 > > > -Subject: [PATCH 1/2] lib: Add daemon_status() to util library. > > > - > > > -BUG: https://bugzilla.samba.org/show_bug.cgi?id=3D10816 > > > - > > > -Signed-off-by: Andreas Schneider > > > -Reviewed-by: Alexander Bokovoy > > > -(cherry picked from commit 9f5f5fa8ebf845c53b7a92557d7aec56ed820320) > > > ---- > > > - lib/util/become_daemon.c | 11 +++++++++++ > > > - lib/util/samba_util.h | 6 ++++++ > > > - 2 files changed, 17 insertions(+) > > > - > > > -diff --git a/lib/util/become_daemon.c b/lib/util/become_daemon.c > > > -index 35c8b32..688bedd 100644 > > > ---- a/lib/util/become_daemon.c > > > -+++ b/lib/util/become_daemon.c > > > -@@ -135,3 +135,14 @@ _PUBLIC_ void daemon_ready(const char *daemon) > > > - #endif > > > - DEBUG(0, ("STATUS=3Ddaemon '%s' finished starting up and ready to = serve connections", daemon)); > > > - } > > > -+ > > > -+_PUBLIC_ void daemon_status(const char *name, const char *msg) > > > -+{ > > > -+ if (name =3D=3D NULL) { > > > -+ name =3D "Samba"; > > > -+ } > > > -+#ifdef HAVE_SYSTEMD > > > -+ sd_notifyf(0, "\nSTATUS=3D%s: %s", name, msg); > > > -+#endif > > > -+ DEBUG(0, ("STATUS=3Ddaemon '%s' : %s", name, msg)); > > > -+} > > > -diff --git a/lib/util/samba_util.h b/lib/util/samba_util.h > > > -index e3fe6a6..f4216d8 100644 > > > ---- a/lib/util/samba_util.h > > > -+++ b/lib/util/samba_util.h > > > -@@ -853,6 +853,12 @@ _PUBLIC_ void exit_daemon(const char *msg, int = error); > > > - **/ > > > - _PUBLIC_ void daemon_ready(const char *daemon); > > > -=20 > > > -+/* > > > -+ * Report the daemon status. For example if it is not ready to serv= e connections > > > -+ * and is waiting for some event to happen. > > > -+ */ > > > -+_PUBLIC_ void daemon_status(const char *name, const char *msg); > > > -+ > > > - /** > > > - * @brief Get a password from the console. > > > - * > > > ---=20 > > > -2.1.0 > > > - > > > - > > > -From 7fcd74039961fa0fb02934bc87ce41fd98234f1a Mon Sep 17 00:00:00 20= 01 > > > -From: Andreas Schneider > > > -Date: Tue, 16 Sep 2014 18:03:51 +0200 > > > -Subject: [PATCH 2/2] nmbd: Send waiting status to systemd. > > > - > > > -This tells the Administrator what's going on and we should log that = IPv6 > > > -is not supported. > > > - > > > -BUG: https://bugzilla.samba.org/show_bug.cgi?id=3D10816 > > > - > > > -Signed-off-by: Andreas Schneider > > > -Reviewed-by: Alexander Bokovoy > > > - > > > -Autobuild-User(master): Andreas Schneider > > > -Autobuild-Date(master): Wed Sep 17 13:16:43 CEST 2014 on sn-devel-104 > > > - > > > -(cherry picked from commit 2df601bff0d949e66c79366b8248b9d950c0b430) > > > ---- > > > - source3/nmbd/nmbd_subnetdb.c | 7 +++++-- > > > - 1 file changed, 5 insertions(+), 2 deletions(-) > > > - > > > -diff --git a/source3/nmbd/nmbd_subnetdb.c b/source3/nmbd/nmbd_subnet= db.c > > > -index 311a240..6c483af 100644 > > > ---- a/source3/nmbd/nmbd_subnetdb.c > > > -+++ b/source3/nmbd/nmbd_subnetdb.c > > > -@@ -247,8 +247,11 @@ bool create_subnets(void) > > > -=20 > > > - /* Only count IPv4, non-loopback interfaces. */ > > > - if (iface_count_v4_nl() =3D=3D 0) { > > > -- DEBUG(0,("create_subnets: No local IPv4 non-loopback interfaces != \n")); > > > -- DEBUG(0,("create_subnets: Waiting for an interface to appear ...\= n")); > > > -+ daemon_status("nmbd", > > > -+ "No local IPv4 non-loopback interfaces " > > > -+ "available, waiting for interface ..."); > > > -+ DEBUG(0,("NOTE: NetBIOS name resolution is not supported for " > > > -+ "Internet Protocol Version 6 (IPv6).\n")); > > > - } > > > -=20 > > > - /* We only count IPv4, non-loopback interfaces here. */ > > > ---=20 > > > -2.1.0 > > > - > > > diff --git a/meta-networking/recipes-connectivity/samba/samba-4.1.12/= 07-fix-idmap-ad-getgroups-without-gid.patch b/meta-networking/recipes-conne= ctivity/samba/samba-4.1.12/07-fix-idmap-ad-getgroups-without-gid.patch > > > deleted file mode 100644 > > > index 3215f2c..0000000 > > > --- a/meta-networking/recipes-connectivity/samba/samba-4.1.12/07-fix-= idmap-ad-getgroups-without-gid.patch > > > +++ /dev/null > > > @@ -1,42 +0,0 @@ > > > -From 23dfa2e35bec9c0f6c3d579e7dc2e1d0ce636aa2 Mon Sep 17 00:00:00 20= 01 > > > -From: Andreas Schneider > > > -Date: Fri, 19 Sep 2014 13:33:10 +0200 > > > -Subject: [PATCH] nsswitch: Skip groups we were not able to map. > > > - > > > -If we have configured the idmap_ad backend it is possible that the u= ser > > > -is in a group without a gid set. This will result in (uid_t)-1 as the > > > -gid. We return this invalid gid to NSS which is wrong. > > > - > > > -BUG: https://bugzilla.samba.org/show_bug.cgi?id=3D10824 > > > - > > > -Signed-off-by: Andreas Schneider > > > -Reviewed-by: David Disseldorp > > > - > > > -Autobuild-User(master): David Disseldorp > > > -Autobuild-Date(master): Fri Sep 19 17:57:14 CEST 2014 on sn-devel-104 > > > - > > > -(cherry picked from commit 7f59711f076e98ece099f6b38ff6da8c80fa6d5e) > > > -Signed-off-by: Andreas Schneider > > > ---- > > > - nsswitch/winbind_nss_linux.c | 5 +++++ > > > - 1 file changed, 5 insertions(+) > > > - > > > -diff --git a/nsswitch/winbind_nss_linux.c b/nsswitch/winbind_nss_lin= ux.c > > > -index 8d66a74..70ede3e 100644 > > > ---- a/nsswitch/winbind_nss_linux.c > > > -+++ b/nsswitch/winbind_nss_linux.c > > > -@@ -1101,6 +1101,11 @@ _nss_winbind_initgroups_dyn(char *user, gid_t= group, long int *start, > > > - continue; > > > - } > > > -=20 > > > -+ /* Skip groups without a mapping */ > > > -+ if (gid_list[i] =3D=3D (uid_t)-1) { > > > -+ continue; > > > -+ } > > > -+ > > > - /* Filled buffer ? If so, resize. */ > > > -=20 > > > - if (*start =3D=3D *size) { > > > ---=20 > > > -2.1.0 > > > - > > > diff --git a/meta-networking/recipes-connectivity/samba/samba-4.1.12/= 08-fix-idmap-ad-sfu-with-trusted-domains.patch b/meta-networking/recipes-co= nnectivity/samba/samba-4.1.12/08-fix-idmap-ad-sfu-with-trusted-domains.patch > > > deleted file mode 100644 > > > index 394a640..0000000 > > > --- a/meta-networking/recipes-connectivity/samba/samba-4.1.12/08-fix-= idmap-ad-sfu-with-trusted-domains.patch > > > +++ /dev/null > > > @@ -1,44 +0,0 @@ > > > -From dc6b86b93c8f059b0cc96c364ffad05c88b7d92e Mon Sep 17 00:00:00 20= 01 > > > -From: Christof Schmitt > > > -Date: Fri, 22 Aug 2014 09:15:59 -0700 > > > -Subject: [PATCH] s3-winbindd: Use correct realm for trusted domains = in idmap child > > > - > > > -When authenticating users in a trusted domain, the idmap_ad module > > > -always connects to a local DC instead of one in the trusted domain. > > > - > > > -Fix this by passing the correct realm to connect to. > > > - > > > -Also Comment parameters passed to ads_cached_connection_connect > > > - > > > -Signed-off-by: Christof Schmitt > > > -Reviewed-by: Jeremy Allison > > > -(cherry picked from commit c203c722e7e22f9146f2ecf6f42452c0e82042e4) > > > ---- > > > - source3/winbindd/winbindd_ads.c | 11 +++++++++-- > > > - 1 files changed, 9 insertions(+), 2 deletions(-) > > > - > > > -diff --git a/source3/winbindd/winbindd_ads.c b/source3/winbindd/winb= indd_ads.c > > > -index 4c26389..e47613e 100644 > > > ---- a/source3/winbindd/winbindd_ads.c > > > -+++ b/source3/winbindd/winbindd_ads.c > > > -@@ -187,8 +187,15 @@ ADS_STATUS ads_idmap_cached_connection(ADS_STRU= CT **adsp, const char *dom_name) > > > - } > > > - } > > > -=20 > > > -- status =3D ads_cached_connection_connect(adsp, realm, dom_name, ld= ap_server, > > > -- password, realm, 0); > > > -+ status =3D ads_cached_connection_connect( > > > -+ adsp, /* Returns ads struct. */ > > > -+ wb_dom->alt_name, /* realm to connect to. */ > > > -+ dom_name, /* 'workgroup' name for ads_init */ > > > -+ ldap_server, /* DNS name to connect to. */ > > > -+ password, /* password for auth realm. */ > > > -+ realm, /* realm used for krb5 ticket. */ > > > -+ 0); /* renewable ticket time. */ > > > -+ > > > - SAFE_FREE(realm); > > > -=20 > > > - return status; > > > ---=20 > > > -1.7.1 > > > - > > > diff --git a/meta-networking/recipes-connectivity/samba/samba-4.1.12/= 09-fix-smbclient-echo-cmd-segfault.patch b/meta-networking/recipes-connecti= vity/samba/samba-4.1.12/09-fix-smbclient-echo-cmd-segfault.patch > > > deleted file mode 100644 > > > index a1b05b8..0000000 > > > --- a/meta-networking/recipes-connectivity/samba/samba-4.1.12/09-fix-= smbclient-echo-cmd-segfault.patch > > > +++ /dev/null > > > @@ -1,35 +0,0 @@ > > > -From 0aab8ae3c137e5900d22160555bcef57cd62ca21 Mon Sep 17 00:00:00 20= 01 > > > -From: Andreas Schneider > > > -Date: Wed, 17 Sep 2014 15:17:50 +0200 > > > -Subject: [PATCH 2/2] libcli: Fix a segfault calling smbXcli_req_set_= pending() > > > - on NULL. > > > - > > > -BUG: https://bugzilla.samba.org/show_bug.cgi?id=3D10817 > > > - > > > -Signed-off-by: Andreas Schneider > > > -Reviewed-by: Jeremy Allison > > > - > > > -Autobuild-User(master): Jeremy Allison > > > -Autobuild-Date(master): Tue Sep 23 04:23:05 CEST 2014 on sn-devel-104 > > > - > > > -(cherry picked from commit f92086f4a347dcc8fa948aa2614a2c12f1115e5a) > > > -Signed-off-by: Andreas Schneider > > > ---- > > > - libcli/smb/smb1cli_echo.c | 1 - > > > - 1 file changed, 1 deletion(-) > > > - > > > -diff --git a/libcli/smb/smb1cli_echo.c b/libcli/smb/smb1cli_echo.c > > > -index 4fb7c60..10dff2d 100644 > > > ---- a/libcli/smb/smb1cli_echo.c > > > -+++ b/libcli/smb/smb1cli_echo.c > > > -@@ -96,7 +96,6 @@ static void smb1cli_echo_done(struct tevent_req *s= ubreq) > > > - NULL, /* pbytes_offset */ > > > - NULL, /* pinbuf */ > > > - expected, ARRAY_SIZE(expected)); > > > -- TALLOC_FREE(subreq); > > > - if (!NT_STATUS_IS_OK(status)) { > > > - tevent_req_nterror(req, status); > > > - return; > > > ---=20 > > > -2.1.0 > > > - > > > diff --git a/meta-networking/recipes-connectivity/samba/samba-4.1.12/= 10-improve-service-principal-guessing-in-net.patch b/meta-networking/recipe= s-connectivity/samba/samba-4.1.12/10-improve-service-principal-guessing-in-= net.patch > > > deleted file mode 100644 > > > index 35f4d8c..0000000 > > > --- a/meta-networking/recipes-connectivity/samba/samba-4.1.12/10-impr= ove-service-principal-guessing-in-net.patch > > > +++ /dev/null > > > @@ -1,180 +0,0 @@ > > > -From 579901faf787d8d787c978324bdec87c349e3d9b Mon Sep 17 00:00:00 20= 01 > > > -From: Andreas Schneider > > > -Date: Tue, 23 Sep 2014 14:09:41 +0200 > > > -Subject: [PATCH] s3-libads: Improve service principle guessing. > > > - > > > -If the name passed to the net command with the -S options is the long > > > -hostname of the domaincontroller and not the 15 char NetBIOS name we > > > -should construct a FQDN with the realm to get a Kerberos ticket. > > > - > > > -BUG: https://bugzilla.samba.org/show_bug.cgi?id=3D10829 > > > - > > > -Signed-off-by: Andreas Schneider > > > -Reviewed-by: Guenther Deschner > > > -(cherry picked from commit 83c62bd3f5945bbe295cbfbd153736d4c709b3a6) > > > ---- > > > - source3/libads/sasl.c | 124 +++++++++++++++++++++++++++------------= ----------- > > > - 1 file changed, 66 insertions(+), 58 deletions(-) > > > - > > > -diff --git a/source3/libads/sasl.c b/source3/libads/sasl.c > > > -index 33f4e24..1450ff1 100644 > > > ---- a/source3/libads/sasl.c > > > -+++ b/source3/libads/sasl.c > > > -@@ -714,88 +714,96 @@ static void ads_free_service_principal(struct = ads_service_principal *p) > > > - static ADS_STATUS ads_guess_service_principal(ADS_STRUCT *ads, > > > - char **returned_principal) > > > - { > > > -+ ADS_STATUS status =3D ADS_ERROR(LDAP_NO_MEMORY); > > > - char *princ =3D NULL; > > > -+ TALLOC_CTX *frame; > > > -+ char *server =3D NULL; > > > -+ char *realm =3D NULL; > > > -+ int rc; > > > -=20 > > > -- if (ads->server.realm && ads->server.ldap_server) { > > > -- char *server, *server_realm; > > > -- > > > -- server =3D SMB_STRDUP(ads->server.ldap_server); > > > -- server_realm =3D SMB_STRDUP(ads->server.realm); > > > -- > > > -- if (!server || !server_realm) { > > > -- SAFE_FREE(server); > > > -- SAFE_FREE(server_realm); > > > -- return ADS_ERROR(LDAP_NO_MEMORY); > > > -- } > > > -+ frame =3D talloc_stackframe(); > > > -+ if (frame =3D=3D NULL) { > > > -+ return ADS_ERROR(LDAP_NO_MEMORY); > > > -+ } > > > -=20 > > > -- if (!strlower_m(server)) { > > > -- SAFE_FREE(server); > > > -- SAFE_FREE(server_realm); > > > -- return ADS_ERROR(LDAP_NO_MEMORY); > > > -+ if (ads->server.realm && ads->server.ldap_server) { > > > -+ server =3D strlower_talloc(frame, ads->server.ldap_server); > > > -+ if (server =3D=3D NULL) { > > > -+ goto out; > > > - } > > > -=20 > > > -- if (!strupper_m(server_realm)) { > > > -- SAFE_FREE(server); > > > -- SAFE_FREE(server_realm); > > > -- return ADS_ERROR(LDAP_NO_MEMORY); > > > -+ realm =3D strupper_talloc(frame, ads->server.realm); > > > -+ if (realm =3D=3D NULL) { > > > -+ goto out; > > > - } > > > -=20 > > > -- if (asprintf(&princ, "ldap/%s@%s", server, server_realm) =3D=3D -= 1) { > > > -- SAFE_FREE(server); > > > -- SAFE_FREE(server_realm); > > > -- return ADS_ERROR(LDAP_NO_MEMORY); > > > -- } > > > -+ /* > > > -+ * If we got a name which is bigger than a NetBIOS name, > > > -+ * but isn't a FQDN, create one. > > > -+ */ > > > -+ if (strlen(server) > 15 && strstr(server, ".") =3D=3D NULL) { > > > -+ char *dnsdomain; > > > -=20 > > > -- SAFE_FREE(server); > > > -- SAFE_FREE(server_realm); > > > -+ dnsdomain =3D strlower_talloc(frame, ads->server.realm); > > > -+ if (dnsdomain =3D=3D NULL) { > > > -+ goto out; > > > -+ } > > > -=20 > > > -- if (!princ) { > > > -- return ADS_ERROR(LDAP_NO_MEMORY); > > > -+ server =3D talloc_asprintf(frame, > > > -+ "%s.%s", > > > -+ server, dnsdomain); > > > -+ if (server =3D=3D NULL) { > > > -+ goto out; > > > -+ } > > > - } > > > - } else if (ads->config.realm && ads->config.ldap_server_name) { > > > -- char *server, *server_realm; > > > -- > > > -- server =3D SMB_STRDUP(ads->config.ldap_server_name); > > > -- server_realm =3D SMB_STRDUP(ads->config.realm); > > > -- > > > -- if (!server || !server_realm) { > > > -- SAFE_FREE(server); > > > -- SAFE_FREE(server_realm); > > > -- return ADS_ERROR(LDAP_NO_MEMORY); > > > -+ server =3D strlower_talloc(frame, ads->config.ldap_server_name); > > > -+ if (server =3D=3D NULL) { > > > -+ goto out; > > > - } > > > -=20 > > > -- if (!strlower_m(server)) { > > > -- SAFE_FREE(server); > > > -- SAFE_FREE(server_realm); > > > -- return ADS_ERROR(LDAP_NO_MEMORY); > > > -+ realm =3D strupper_talloc(frame, ads->config.realm); > > > -+ if (realm =3D=3D NULL) { > > > -+ goto out; > > > - } > > > -=20 > > > -- if (!strupper_m(server_realm)) { > > > -- SAFE_FREE(server); > > > -- SAFE_FREE(server_realm); > > > -- return ADS_ERROR(LDAP_NO_MEMORY); > > > -- } > > > -- if (asprintf(&princ, "ldap/%s@%s", server, server_realm) =3D=3D -= 1) { > > > -- SAFE_FREE(server); > > > -- SAFE_FREE(server_realm); > > > -- return ADS_ERROR(LDAP_NO_MEMORY); > > > -- } > > > -+ /* > > > -+ * If we got a name which is bigger than a NetBIOS name, > > > -+ * but isn't a FQDN, create one. > > > -+ */ > > > -+ if (strlen(server) > 15 && strstr(server, ".") =3D=3D NULL) { > > > -+ char *dnsdomain; > > > -=20 > > > -- SAFE_FREE(server); > > > -- SAFE_FREE(server_realm); > > > -+ dnsdomain =3D strlower_talloc(frame, ads->server.realm); > > > -+ if (dnsdomain =3D=3D NULL) { > > > -+ goto out; > > > -+ } > > > -=20 > > > -- if (!princ) { > > > -- return ADS_ERROR(LDAP_NO_MEMORY); > > > -+ server =3D talloc_asprintf(frame, > > > -+ "%s.%s", > > > -+ server, dnsdomain); > > > -+ if (server =3D=3D NULL) { > > > -+ goto out; > > > -+ } > > > - } > > > - } > > > -=20 > > > -- if (!princ) { > > > -- return ADS_ERROR(LDAP_PARAM_ERROR); > > > -+ if (server =3D=3D NULL || realm =3D=3D NULL) { > > > -+ goto out; > > > -+ } > > > -+ > > > -+ rc =3D asprintf(&princ, "ldap/%s@%s", server, realm); > > > -+ if (rc =3D=3D -1 || princ =3D=3D NULL) { > > > -+ status =3D ADS_ERROR(LDAP_PARAM_ERROR); > > > -+ goto out; > > > - } > > > -=20 > > > - *returned_principal =3D princ; > > > -=20 > > > -- return ADS_SUCCESS; > > > -+ status =3D ADS_SUCCESS; > > > -+out: > > > -+ TALLOC_FREE(frame); > > > -+ return status; > > > - } > > > -=20 > > > - static ADS_STATUS ads_generate_service_principal(ADS_STRUCT *ads, > > > ---=20 > > > -2.1.0 > > > - > > > diff --git a/meta-networking/recipes-connectivity/samba/samba-4.1.12/= 11-fix-overwriting-of-spns-during-net-ads-join.patch b/meta-networking/reci= pes-connectivity/samba/samba-4.1.12/11-fix-overwriting-of-spns-during-net-a= ds-join.patch > > > deleted file mode 100644 > > > index 5d309f1..0000000 > > > --- a/meta-networking/recipes-connectivity/samba/samba-4.1.12/11-fix-= overwriting-of-spns-during-net-ads-join.patch > > > +++ /dev/null > > > @@ -1,329 +0,0 @@ > > > -From 1925edc67e223d73d672af48c2ebd3e5865e01d9 Mon Sep 17 00:00:00 20= 01 > > > -From: Andreas Schneider > > > -Date: Wed, 24 Sep 2014 09:22:03 +0200 > > > -Subject: [PATCH 1/4] s3-libads: Add a function to retrieve the SPNs = of a > > > - computer account. > > > - > > > -BUG: https://bugzilla.samba.org/show_bug.cgi?id=3D9984 > > > - > > > -Signed-off-by: Andreas Schneider > > > -Reviewed-by: Guenther Deschner > > > -(cherry picked from commit 4eaa4ccbdf279f1ff6d8218b36d92aeea0114cd8) > > > ---- > > > - source3/libads/ads_proto.h | 6 +++++ > > > - source3/libads/ldap.c | 60 +++++++++++++++++++++++++++++++++++= +++++++++++ > > > - 2 files changed, 66 insertions(+) > > > - > > > -diff --git a/source3/libads/ads_proto.h b/source3/libads/ads_proto.h > > > -index 17a84d1..6a22807 100644 > > > ---- a/source3/libads/ads_proto.h > > > -+++ b/source3/libads/ads_proto.h > > > -@@ -87,6 +87,12 @@ ADS_STATUS ads_add_strlist(TALLOC_CTX *ctx, ADS_M= ODLIST *mods, > > > - const char *name, const char **vals); > > > - uint32 ads_get_kvno(ADS_STRUCT *ads, const char *account_name); > > > - uint32_t ads_get_machine_kvno(ADS_STRUCT *ads, const char *machine_= name); > > > -+ > > > -+ADS_STATUS ads_get_service_principal_names(TALLOC_CTX *mem_ctx, > > > -+ ADS_STRUCT *ads, > > > -+ const char *machine_name, > > > -+ char ***spn_array, > > > -+ size_t *num_spns); > > > - ADS_STATUS ads_clear_service_principal_names(ADS_STRUCT *ads, const= char *machine_name); > > > - ADS_STATUS ads_add_service_principal_name(ADS_STRUCT *ads, const ch= ar *machine_name, > > > - const char *my_fqdn, cons= t char *spn); > > > -diff --git a/source3/libads/ldap.c b/source3/libads/ldap.c > > > -index fb99132..51a0883 100644 > > > ---- a/source3/libads/ldap.c > > > -+++ b/source3/libads/ldap.c > > > -@@ -1927,6 +1927,66 @@ ADS_STATUS ads_clear_service_principal_names(= ADS_STRUCT *ads, const char *machin > > > - } > > > -=20 > > > - /** > > > -+ * @brief This gets the service principal names of an existing comp= uter account. > > > -+ * > > > -+ * @param[in] mem_ctx The memory context to use to allocate t= he spn array. > > > -+ * > > > -+ * @param[in] ads The ADS context to use. > > > -+ * > > > -+ * @param[in] machine_name The NetBIOS name of the computer, which= is used to > > > -+ * identify the computer account. > > > -+ * > > > -+ * @param[in] spn_array A pointer to store the array for SPNs. > > > -+ * > > > -+ * @param[in] num_spns The number of principals stored in the = array. > > > -+ * > > > -+ * @return 0 on success, or a ADS error if a failu= re occured. > > > -+ */ > > > -+ADS_STATUS ads_get_service_principal_names(TALLOC_CTX *mem_ctx, > > > -+ ADS_STRUCT *ads, > > > -+ const char *machine_name, > > > -+ char ***spn_array, > > > -+ size_t *num_spns) > > > -+{ > > > -+ ADS_STATUS status; > > > -+ LDAPMessage *res =3D NULL; > > > -+ char *dn; > > > -+ int count; > > > -+ > > > -+ status =3D ads_find_machine_acct(ads, > > > -+ &res, > > > -+ machine_name); > > > -+ if (!ADS_ERR_OK(status)) { > > > -+ DEBUG(1,("Host Account for %s not found... skipping operation.\n", > > > -+ machine_name)); > > > -+ return status; > > > -+ } > > > -+ > > > -+ count =3D ads_count_replies(ads, res); > > > -+ if (count !=3D 1) { > > > -+ status =3D ADS_ERROR(LDAP_NO_SUCH_OBJECT); > > > -+ goto done; > > > -+ } > > > -+ > > > -+ dn =3D ads_get_dn(ads, mem_ctx, res); > > > -+ if (dn =3D=3D NULL) { > > > -+ status =3D ADS_ERROR_LDAP(LDAP_NO_MEMORY); > > > -+ goto done; > > > -+ } > > > -+ > > > -+ *spn_array =3D ads_pull_strings(ads, > > > -+ mem_ctx, > > > -+ res, > > > -+ "servicePrincipalName", > > > -+ num_spns); > > > -+ > > > -+done: > > > -+ ads_msgfree(ads, res); > > > -+ > > > -+ return status; > > > -+} > > > -+ > > > -+/** > > > - * This adds a service principal name to an existing computer accou= nt > > > - * (found by hostname) in AD. > > > - * @param ads An initialized ADS_STRUCT > > > ---=20 > > > -2.1.0 > > > - > > > - > > > -From ed3b6536e1027a26d7983942f62677aa2bc0e93c Mon Sep 17 00:00:00 20= 01 > > > -From: Andreas Schneider > > > -Date: Wed, 24 Sep 2014 09:23:58 +0200 > > > -Subject: [PATCH 2/4] s3-libads: Add function to search for an elemen= t in an > > > - array. > > > - > > > -BUG: https://bugzilla.samba.org/show_bug.cgi?id=3D9984 > > > - > > > -Signed-off-by: Andreas Schneider > > > -Reviewed-by: Guenther Deschner > > > -(cherry picked from commit e1ee4c8bc7018db7787dd9a0be6d3aa40a477ee2) > > > ---- > > > - source3/libads/ads_proto.h | 2 ++ > > > - source3/libads/ldap.c | 31 +++++++++++++++++++++++++++++++ > > > - 2 files changed, 33 insertions(+) > > > - > > > -diff --git a/source3/libads/ads_proto.h b/source3/libads/ads_proto.h > > > -index 6a22807..1e34247 100644 > > > ---- a/source3/libads/ads_proto.h > > > -+++ b/source3/libads/ads_proto.h > > > -@@ -88,6 +88,8 @@ ADS_STATUS ads_add_strlist(TALLOC_CTX *ctx, ADS_MO= DLIST *mods, > > > - uint32 ads_get_kvno(ADS_STRUCT *ads, const char *account_name); > > > - uint32_t ads_get_machine_kvno(ADS_STRUCT *ads, const char *machine_= name); > > > -=20 > > > -+bool ads_element_in_array(const char **el_array, size_t num_el, con= st char *el); > > > -+ > > > - ADS_STATUS ads_get_service_principal_names(TALLOC_CTX *mem_ctx, > > > - ADS_STRUCT *ads, > > > - const char *machine_name, > > > -diff --git a/source3/libads/ldap.c b/source3/libads/ldap.c > > > -index 51a0883..8d104c2 100644 > > > ---- a/source3/libads/ldap.c > > > -+++ b/source3/libads/ldap.c > > > -@@ -1927,6 +1927,37 @@ ADS_STATUS ads_clear_service_principal_names(= ADS_STRUCT *ads, const char *machin > > > - } > > > -=20 > > > - /** > > > -+ * @brief Search for an element in a string array. > > > -+ * > > > -+ * @param[in] el_array The string array to search. > > > -+ * > > > -+ * @param[in] num_el The number of elements in the string array. > > > -+ * > > > -+ * @param[in] el The string to search. > > > -+ * > > > -+ * @return True if found, false if not. > > > -+ */ > > > -+bool ads_element_in_array(const char **el_array, size_t num_el, con= st char *el) > > > -+{ > > > -+ size_t i; > > > -+ > > > -+ if (el_array =3D=3D NULL || num_el =3D=3D 0 || el =3D=3D NULL) { > > > -+ return false; > > > -+ } > > > -+ > > > -+ for (i =3D 0; i < num_el && el_array[i] !=3D NULL; i++) { > > > -+ int cmp; > > > -+ > > > -+ cmp =3D strcasecmp_m(el_array[i], el); > > > -+ if (cmp =3D=3D 0) { > > > -+ return true; > > > -+ } > > > -+ } > > > -+ > > > -+ return false; > > > -+} > > > -+ > > > -+/** > > > - * @brief This gets the service principal names of an existing comp= uter account. > > > - * > > > - * @param[in] mem_ctx The memory context to use to allocate t= he spn array. > > > ---=20 > > > -2.1.0 > > > - > > > - > > > -From 11700f1398d6197a99c686f1a43b45d6305ceae8 Mon Sep 17 00:00:00 20= 01 > > > -From: Andreas Schneider > > > -Date: Fri, 26 Sep 2014 03:09:08 +0200 > > > -Subject: [PATCH 3/4] s3-libnet: Add libnet_join_get_machine_spns(). > > > - > > > -BUG: https://bugzilla.samba.org/show_bug.cgi?id=3D9984 > > > - > > > -Signed-off-by: Andreas Schneider > > > -Reviewed-by: Guenther Deschner > > > -(cherry picked from commit 7e0b8fcce5572c88d50993a1dbd90f65638ba90f) > > > ---- > > > - source3/libnet/libnet_join.c | 20 ++++++++++++++++++++ > > > - 1 file changed, 20 insertions(+) > > > - > > > -diff --git a/source3/libnet/libnet_join.c b/source3/libnet/libnet_jo= in.c > > > -index 1418385..3611cc7 100644 > > > ---- a/source3/libnet/libnet_join.c > > > -+++ b/source3/libnet/libnet_join.c > > > -@@ -358,6 +358,26 @@ static ADS_STATUS libnet_join_find_machine_acct= (TALLOC_CTX *mem_ctx, > > > - return status; > > > - } > > > -=20 > > > -+static ADS_STATUS libnet_join_get_machine_spns(TALLOC_CTX *mem_ctx, > > > -+ struct libnet_JoinCtx *r, > > > -+ char ***spn_array, > > > -+ size_t *num_spns) > > > -+{ > > > -+ ADS_STATUS status; > > > -+ > > > -+ if (r->in.machine_name =3D=3D NULL) { > > > -+ return ADS_ERROR_SYSTEM(EINVAL); > > > -+ } > > > -+ > > > -+ status =3D ads_get_service_principal_names(mem_ctx, > > > -+ r->in.ads, > > > -+ r->in.machine_name, > > > -+ spn_array, > > > -+ num_spns); > > > -+ > > > -+ return status; > > > -+} > > > -+ > > > - /**************************************************************** > > > - Set a machines dNSHostName and servicePrincipalName attributes > > > - ****************************************************************/ > > > ---=20 > > > -2.1.0 > > > - > > > - > > > -From 472256e27ad5cb5e7657efaece71744269ca8d16 Mon Sep 17 00:00:00 20= 01 > > > -From: =3D?UTF-8?q?G=3DC3=3DBCnther=3D20Deschner?=3D > > > -Date: Fri, 26 Sep 2014 03:35:43 +0200 > > > -Subject: [PATCH 4/4] s3-libnet: Make sure we do not overwrite precre= ated SPNs. > > > -MIME-Version: 1.0 > > > -Content-Type: text/plain; charset=3DUTF-8 > > > -Content-Transfer-Encoding: 8bit > > > - > > > -BUG: https://bugzilla.samba.org/show_bug.cgi?id=3D9984 > > > - > > > -Signed-off-by: G=C3=BCnther Deschner > > > -Reviewed-by: Andreas Schneider > > > - > > > -Autobuild-User(master): G=C3=BCnther Deschner > > > -Autobuild-Date(master): Fri Sep 26 08:22:45 CEST 2014 on sn-devel-104 > > > - > > > -(cherry picked from commit 0aacbe78bb40d76b65087c2a197c92b0101e625e) > > > ---- > > > - source3/libnet/libnet_join.c | 39 +++++++++++++++++++++++++++++++++= +++--- > > > - 1 file changed, 36 insertions(+), 3 deletions(-) > > > - > > > -diff --git a/source3/libnet/libnet_join.c b/source3/libnet/libnet_jo= in.c > > > -index 3611cc7..aa7b5cb 100644 > > > ---- a/source3/libnet/libnet_join.c > > > -+++ b/source3/libnet/libnet_join.c > > > -@@ -388,8 +388,10 @@ static ADS_STATUS libnet_join_set_machine_spn(T= ALLOC_CTX *mem_ctx, > > > - ADS_STATUS status; > > > - ADS_MODLIST mods; > > > - fstring my_fqdn; > > > -- const char *spn_array[3] =3D {NULL, NULL, NULL}; > > > -+ const char **spn_array =3D NULL; > > > -+ size_t num_spns =3D 0; > > > - char *spn =3D NULL; > > > -+ bool ok; > > > -=20 > > > - /* Find our DN */ > > > -=20 > > > -@@ -398,6 +400,14 @@ static ADS_STATUS libnet_join_set_machine_spn(T= ALLOC_CTX *mem_ctx, > > > - return status; > > > - } > > > -=20 > > > -+ status =3D libnet_join_get_machine_spns(mem_ctx, > > > -+ r, > > > -+ discard_const_p(char **, &spn_array), > > > -+ &num_spns); > > > -+ if (!ADS_ERR_OK(status)) { > > > -+ DEBUG(5, ("Retrieving the servicePrincipalNames failed.\n")); > > > -+ } > > > -+ > > > - /* Windows only creates HOST/shortname & HOST/fqdn. */ > > > -=20 > > > - spn =3D talloc_asprintf(mem_ctx, "HOST/%s", r->in.machine_name); > > > -@@ -407,7 +417,15 @@ static ADS_STATUS libnet_join_set_machine_spn(T= ALLOC_CTX *mem_ctx, > > > - if (!strupper_m(spn)) { > > > - return ADS_ERROR_LDAP(LDAP_NO_MEMORY); > > > - } > > > -- spn_array[0] =3D spn; > > > -+ > > > -+ ok =3D ads_element_in_array(spn_array, num_spns, spn); > > > -+ if (!ok) { > > > -+ ok =3D add_string_to_array(spn_array, spn, > > > -+ &spn_array, (int *)&num_spns); > > > -+ if (!ok) { > > > -+ return ADS_ERROR_LDAP(LDAP_NO_MEMORY); > > > -+ } > > > -+ } > > > -=20 > > > - if (!name_to_fqdn(my_fqdn, r->in.machine_name) > > > - || (strchr(my_fqdn, '.') =3D=3D NULL)) { > > > -@@ -424,8 +442,23 @@ static ADS_STATUS libnet_join_set_machine_spn(T= ALLOC_CTX *mem_ctx, > > > - if (!spn) { > > > - return ADS_ERROR_LDAP(LDAP_NO_MEMORY); > > > - } > > > -- spn_array[1] =3D spn; > > > -+ > > > -+ ok =3D ads_element_in_array(spn_array, num_spns, spn); > > > -+ if (!ok) { > > > -+ ok =3D add_string_to_array(spn_array, spn, > > > -+ &spn_array, (int *)&num_spns); > > > -+ if (!ok) { > > > -+ return ADS_ERROR_LDAP(LDAP_NO_MEMORY); > > > -+ } > > > -+ } > > > -+ } > > > -+ > > > -+ /* make sure to NULL terminate the array */ > > > -+ spn_array =3D talloc_realloc(mem_ctx, spn_array, const char *, num= _spns + 1); > > > -+ if (spn_array =3D=3D NULL) { > > > -+ return ADS_ERROR_LDAP(LDAP_NO_MEMORY); > > > - } > > > -+ spn_array[num_spns] =3D NULL; > > > -=20 > > > - mods =3D ads_init_mods(mem_ctx); > > > - if (!mods) { > > > ---=20 > > > -2.1.0 > > > - > > > diff --git a/meta-networking/recipes-connectivity/samba/samba-4.1.12/= 12-add-precreated-spns-from-AD-during-keytab-generation.patch b/meta-networ= king/recipes-connectivity/samba/samba-4.1.12/12-add-precreated-spns-from-AD= -during-keytab-generation.patch > > > deleted file mode 100644 > > > index 2174e15..0000000 > > > --- a/meta-networking/recipes-connectivity/samba/samba-4.1.12/12-add-= precreated-spns-from-AD-during-keytab-generation.patch > > > +++ /dev/null > > > @@ -1,159 +0,0 @@ > > > -From 3516236ec6eb42f29eda42542b109fa10217e68c Mon Sep 17 00:00:00 20= 01 > > > -From: Andreas Schneider > > > -Date: Wed, 24 Sep 2014 10:51:33 +0200 > > > -Subject: [PATCH] s3-libads: Add all machine account principals to th= e keytab. > > > - > > > -This adds all SPNs defined in the DC for the computer account to the > > > -keytab using 'net ads keytab create -P'. > > > - > > > -BUG: https://bugzilla.samba.org/show_bug.cgi?id=3D9985 > > > - > > > -Signed-off-by: Andreas Schneider > > > -Reviewed-by: Guenther Deschner > > > -(cherry picked from commit 5d58b92f8fcbc509f4fe2bd3617bcaeada1806b6) > > > ---- > > > - source3/libads/kerberos_keytab.c | 74 ++++++++++++++++++++++++++++-= ----------- > > > - 1 file changed, 52 insertions(+), 22 deletions(-) > > > - > > > -diff --git a/source3/libads/kerberos_keytab.c b/source3/libads/kerbe= ros_keytab.c > > > -index 83df088..d13625b 100644 > > > ---- a/source3/libads/kerberos_keytab.c > > > -+++ b/source3/libads/kerberos_keytab.c > > > -@@ -507,20 +507,57 @@ int ads_keytab_create_default(ADS_STRUCT *ads) > > > - krb5_kt_cursor cursor; > > > - krb5_keytab_entry kt_entry; > > > - krb5_kvno kvno; > > > -- int i, found =3D 0; > > > -+ size_t found =3D 0; > > > - char *sam_account_name, *upn; > > > - char **oldEntries =3D NULL, *princ_s[26]; > > > -- TALLOC_CTX *tmpctx =3D NULL; > > > -+ TALLOC_CTX *frame; > > > - char *machine_name; > > > -+ char **spn_array; > > > -+ size_t num_spns; > > > -+ size_t i; > > > -+ ADS_STATUS status; > > > -=20 > > > -- /* these are the main ones we need */ > > > -- ret =3D ads_keytab_add_entry(ads, "host"); > > > -- if (ret !=3D 0) { > > > -- DEBUG(1, (__location__ ": ads_keytab_add_entry failed while " > > > -- "adding 'host' principal.\n")); > > > -- return ret; > > > -+ frame =3D talloc_stackframe(); > > > -+ if (frame =3D=3D NULL) { > > > -+ ret =3D -1; > > > -+ goto done; > > > -+ } > > > -+ > > > -+ status =3D ads_get_service_principal_names(frame, > > > -+ ads, > > > -+ lp_netbios_name(), > > > -+ &spn_array, > > > -+ &num_spns); > > > -+ if (!ADS_ERR_OK(status)) { > > > -+ ret =3D -1; > > > -+ goto done; > > > - } > > > -=20 > > > -+ for (i =3D 0; i < num_spns; i++) { > > > -+ char *srv_princ; > > > -+ char *p; > > > -+ > > > -+ srv_princ =3D strlower_talloc(frame, spn_array[i]); > > > -+ if (srv_princ =3D=3D NULL) { > > > -+ ret =3D -1; > > > -+ goto done; > > > -+ } > > > -+ > > > -+ p =3D strchr_m(srv_princ, '/'); > > > -+ if (p =3D=3D NULL) { > > > -+ continue; > > > -+ } > > > -+ p[0] =3D '\0'; > > > -+ > > > -+ /* Add the SPNs found on the DC */ > > > -+ ret =3D ads_keytab_add_entry(ads, srv_princ); > > > -+ if (ret !=3D 0) { > > > -+ DEBUG(1, ("ads_keytab_add_entry failed while " > > > -+ "adding '%s' principal.\n", > > > -+ spn_array[i])); > > > -+ goto done; > > > -+ } > > > -+ } > > > -=20 > > > - #if 0 /* don't create the CIFS/... keytab entries since no one exce= pt smbd > > > - really needs them and we will fall back to verifying against > > > -@@ -543,24 +580,17 @@ int ads_keytab_create_default(ADS_STRUCT *ads) > > > - if (ret) { > > > - DEBUG(1, (__location__ ": could not krb5_init_context: %s\n", > > > - error_message(ret))); > > > -- return ret; > > > -- } > > > -- > > > -- tmpctx =3D talloc_init(__location__); > > > -- if (!tmpctx) { > > > -- DEBUG(0, (__location__ ": talloc_init() failed!\n")); > > > -- ret =3D -1; > > > - goto done; > > > - } > > > -=20 > > > -- machine_name =3D talloc_strdup(tmpctx, lp_netbios_name()); > > > -+ machine_name =3D talloc_strdup(frame, lp_netbios_name()); > > > - if (!machine_name) { > > > - ret =3D -1; > > > - goto done; > > > - } > > > -=20 > > > - /* now add the userPrincipalName and sAMAccountName entries */ > > > -- sam_account_name =3D ads_get_samaccountname(ads, tmpctx, machine_n= ame); > > > -+ sam_account_name =3D ads_get_samaccountname(ads, frame, machine_na= me); > > > - if (!sam_account_name) { > > > - DEBUG(0, (__location__ ": unable to determine machine " > > > - "account's name in AD!\n")); > > > -@@ -584,7 +614,7 @@ int ads_keytab_create_default(ADS_STRUCT *ads) > > > - } > > > -=20 > > > - /* remember that not every machine account will have a upn */ > > > -- upn =3D ads_get_upn(ads, tmpctx, machine_name); > > > -+ upn =3D ads_get_upn(ads, frame, machine_name); > > > - if (upn) { > > > - ret =3D ads_keytab_add_entry(ads, upn); > > > - if (ret !=3D 0) { > > > -@@ -596,7 +626,7 @@ int ads_keytab_create_default(ADS_STRUCT *ads) > > > -=20 > > > - /* Now loop through the keytab and update any other existing entri= es */ > > > - kvno =3D (krb5_kvno)ads_get_machine_kvno(ads, machine_name); > > > -- if (kvno =3D=3D -1) { > > > -+ if (kvno =3D=3D (krb5_kvno)-1) { > > > - DEBUG(1, (__location__ ": ads_get_machine_kvno() failed to " > > > - "determine the system's kvno.\n")); > > > - goto done; > > > -@@ -629,12 +659,12 @@ int ads_keytab_create_default(ADS_STRUCT *ads) > > > - * have a race condition where someone else could add entries after > > > - * we've counted them. Re-open asap to minimise the race. JRA. > > > - */ > > > -- DEBUG(3, (__location__ ": Found %d entries in the keytab.\n", foun= d)); > > > -+ DEBUG(3, (__location__ ": Found %zd entries in the keytab.\n", fou= nd)); > > > - if (!found) { > > > - goto done; > > > - } > > > -=20 > > > -- oldEntries =3D talloc_array(tmpctx, char *, found); > > > -+ oldEntries =3D talloc_array(frame, char *, found); > > > - if (!oldEntries) { > > > - DEBUG(1, (__location__ ": Failed to allocate space to store " > > > - "the old keytab entries (talloc failed?).\n")); > > > -@@ -708,7 +738,7 @@ int ads_keytab_create_default(ADS_STRUCT *ads) > > > -=20 > > > - done: > > > - TALLOC_FREE(oldEntries); > > > -- TALLOC_FREE(tmpctx); > > > -+ TALLOC_FREE(frame); > > > -=20 > > > - { > > > - krb5_keytab_entry zero_kt_entry; > > > ---=20 > > > -2.1.0 > > > - > > > diff --git a/meta-networking/recipes-connectivity/samba/samba-4.1.12/= 13-fix-aes-enctype.patch b/meta-networking/recipes-connectivity/samba/samba= -4.1.12/13-fix-aes-enctype.patch > > > deleted file mode 100644 > > > index a939e70..0000000 > > > --- a/meta-networking/recipes-connectivity/samba/samba-4.1.12/13-fix-= aes-enctype.patch > > > +++ /dev/null > > > @@ -1,988 +0,0 @@ > > > -From cbef7b5e10f4477d9f2e648ac6c654eef1165b82 Mon Sep 17 00:00:00 20= 01 > > > -From: =3D?UTF-8?q?G=3DC3=3DBCnther=3D20Deschner?=3D > > > -Date: Wed, 24 Sep 2014 22:16:20 +0200 > > > -Subject: [PATCH 1/4] s3-net: add "net ads enctypes {list,set,delete}= ". > > > -MIME-Version: 1.0 > > > -Content-Type: text/plain; charset=3DUTF-8 > > > -Content-Transfer-Encoding: 8bit > > > - > > > -Guenther > > > - > > > -Signed-off-by: G=C3=BCnther Deschner > > > -Reviewed-by: Andreas Schneider > > > -Reviewed-by: Stefan Metzmacher > > > ---- > > > - source3/utils/net_ads.c | 308 +++++++++++++++++++++++++++++++++++++= +++++++++++ > > > - 1 file changed, 308 insertions(+) > > > - > > > -diff --git a/source3/utils/net_ads.c b/source3/utils/net_ads.c > > > -index 8b8e719..5f18bf4 100644 > > > ---- a/source3/utils/net_ads.c > > > -+++ b/source3/utils/net_ads.c > > > -@@ -2860,6 +2860,306 @@ int net_ads_kerberos(struct net_context *c, = int argc, const char **argv) > > > - return net_run_function(c, argc, argv, "net ads kerberos", func); > > > - } > > > -=20 > > > -+static int net_ads_enctype_lookup_account(struct net_context *c, > > > -+ ADS_STRUCT *ads, > > > -+ const char *account, > > > -+ LDAPMessage **res, > > > -+ const char **enctype_str) > > > -+{ > > > -+ const char *filter; > > > -+ const char *attrs[] =3D { > > > -+ "msDS-SupportedEncryptionTypes", > > > -+ NULL > > > -+ }; > > > -+ int count; > > > -+ int ret =3D -1; > > > -+ ADS_STATUS status; > > > -+ > > > -+ filter =3D talloc_asprintf(c, "(&(objectclass=3Duser)(sAMAccountNa= me=3D%s))", > > > -+ account); > > > -+ if (filter =3D=3D NULL) { > > > -+ goto done; > > > -+ } > > > -+ > > > -+ status =3D ads_search(ads, res, filter, attrs); > > > -+ if (!ADS_ERR_OK(status)) { > > > -+ d_printf(_("no account found with filter: %s\n"), filter); > > > -+ goto done; > > > -+ } > > > -+ > > > -+ count =3D ads_count_replies(ads, *res); > > > -+ switch (count) { > > > -+ case 1: > > > -+ break; > > > -+ case 0: > > > -+ d_printf(_("no account found with filter: %s\n"), filter); > > > -+ goto done; > > > -+ default: > > > -+ d_printf(_("multiple accounts found with filter: %s\n"), filter); > > > -+ goto done; > > > -+ } > > > -+ > > > -+ if (enctype_str) { > > > -+ *enctype_str =3D ads_pull_string(ads, c, *res, > > > -+ "msDS-SupportedEncryptionTypes"); > > > -+ if (*enctype_str =3D=3D NULL) { > > > -+ d_printf(_("no msDS-SupportedEncryptionTypes attribute found\n")= ); > > > -+ goto done; > > > -+ } > > > -+ } > > > -+ > > > -+ ret =3D 0; > > > -+ done: > > > -+ return ret; > > > -+} > > > -+ > > > -+static void net_ads_enctype_dump_enctypes(const char *username, > > > -+ const char *enctype_str) > > > -+{ > > > -+ int enctypes; > > > -+ > > > -+ d_printf(_("'%s' uses \"msDS-SupportedEncryptionTypes\":\n"), user= name); > > > -+ > > > -+ enctypes =3D atoi(enctype_str); > > > -+ > > > -+ printf("[%s] 0x%08x DES-CBC-CRC\n", > > > -+ enctypes & ENC_CRC32 ? "X" : " ", > > > -+ ENC_CRC32); > > > -+ printf("[%s] 0x%08x DES-CBC-MD5\n", > > > -+ enctypes & ENC_RSA_MD5 ? "X" : " ", > > > -+ ENC_RSA_MD5); > > > -+ printf("[%s] 0x%08x RC4-HMAC\n", > > > -+ enctypes & ENC_RC4_HMAC_MD5 ? "X" : " ", > > > -+ ENC_RC4_HMAC_MD5); > > > -+ printf("[%s] 0x%08x AES128-CTS-HMAC-SHA1-96\n", > > > -+ enctypes & ENC_HMAC_SHA1_96_AES128 ? "X" : " ", > > > -+ ENC_HMAC_SHA1_96_AES128); > > > -+ printf("[%s] 0x%08x AES256-CTS-HMAC-SHA1-96\n", > > > -+ enctypes & ENC_HMAC_SHA1_96_AES256 ? "X" : " ", > > > -+ ENC_HMAC_SHA1_96_AES256); > > > -+} > > > -+ > > > -+static int net_ads_enctypes_list(struct net_context *c, int argc, c= onst char **argv) > > > -+{ > > > -+ int ret =3D -1; > > > -+ ADS_STATUS status; > > > -+ ADS_STRUCT *ads =3D NULL; > > > -+ LDAPMessage *res =3D NULL; > > > -+ const char *str =3D NULL; > > > -+ > > > -+ if (c->display_usage || (argc < 1)) { > > > -+ d_printf( "%s\n" > > > -+ "net ads enctypes list\n" > > > -+ " %s\n", > > > -+ _("Usage:"), > > > -+ _("List supported enctypes")); > > > -+ return 0; > > > -+ } > > > -+ > > > -+ status =3D ads_startup(c, false, &ads); > > > -+ if (!ADS_ERR_OK(status)) { > > > -+ printf("startup failed\n"); > > > -+ return ret; > > > -+ } > > > -+ > > > -+ ret =3D net_ads_enctype_lookup_account(c, ads, argv[0], &res, &str= ); > > > -+ if (ret) { > > > -+ goto done; > > > -+ } > > > -+ > > > -+ net_ads_enctype_dump_enctypes(argv[0], str); > > > -+ > > > -+ ret =3D 0; > > > -+ done: > > > -+ ads_msgfree(ads, res); > > > -+ ads_destroy(&ads); > > > -+ > > > -+ return ret; > > > -+} > > > -+ > > > -+static int net_ads_enctypes_set(struct net_context *c, int argc, co= nst char **argv) > > > -+{ > > > -+ int ret =3D -1; > > > -+ ADS_STATUS status; > > > -+ ADS_STRUCT *ads; > > > -+ LDAPMessage *res =3D NULL; > > > -+ const char *etype_list_str; > > > -+ const char *dn; > > > -+ ADS_MODLIST mods; > > > -+ uint32_t etype_list; > > > -+ const char *str; > > > -+ > > > -+ if (c->display_usage || argc < 1) { > > > -+ d_printf( "%s\n" > > > -+ "net ads enctypes set [enctypes]\n" > > > -+ " %s\n", > > > -+ _("Usage:"), > > > -+ _("Set supported enctypes")); > > > -+ return 0; > > > -+ } > > > -+ > > > -+ status =3D ads_startup(c, false, &ads); > > > -+ if (!ADS_ERR_OK(status)) { > > > -+ printf("startup failed\n"); > > > -+ return ret; > > > -+ } > > > -+ > > > -+ ret =3D net_ads_enctype_lookup_account(c, ads, argv[0], &res, NULL= ); > > > -+ if (ret) { > > > -+ goto done; > > > -+ } > > > -+ > > > -+ dn =3D ads_get_dn(ads, c, res); > > > -+ if (dn =3D=3D NULL) { > > > -+ goto done; > > > -+ } > > > -+ > > > -+ etype_list =3D ENC_CRC32 | ENC_RSA_MD5 | ENC_RC4_HMAC_MD5; > > > -+#ifdef HAVE_ENCTYPE_AES128_CTS_HMAC_SHA1_96 > > > -+ etype_list |=3D ENC_HMAC_SHA1_96_AES128; > > > -+#endif > > > -+#ifdef HAVE_ENCTYPE_AES256_CTS_HMAC_SHA1_96 > > > -+ etype_list |=3D ENC_HMAC_SHA1_96_AES256; > > > -+#endif > > > -+ > > > -+ if (argv[1] !=3D NULL) { > > > -+ sscanf(argv[1], "%i", &etype_list); > > > -+ } > > > -+ > > > -+ etype_list_str =3D talloc_asprintf(c, "%d", etype_list); > > > -+ if (!etype_list_str) { > > > -+ goto done; > > > -+ } > > > -+ > > > -+ mods =3D ads_init_mods(c); > > > -+ if (!mods) { > > > -+ goto done; > > > -+ } > > > -+ > > > -+ status =3D ads_mod_str(c, &mods, "msDS-SupportedEncryptionTypes", > > > -+ etype_list_str); > > > -+ if (!ADS_ERR_OK(status)) { > > > -+ goto done; > > > -+ } > > > -+ > > > -+ status =3D ads_gen_mod(ads, dn, mods); > > > -+ if (!ADS_ERR_OK(status)) { > > > -+ d_printf(_("failed to add msDS-SupportedEncryptionTypes: %s\n"), > > > -+ ads_errstr(status)); > > > -+ goto done; > > > -+ } > > > -+ > > > -+ ads_msgfree(ads, res); > > > -+ > > > -+ ret =3D net_ads_enctype_lookup_account(c, ads, argv[0], &res, &str= ); > > > -+ if (ret) { > > > -+ goto done; > > > -+ } > > > -+ > > > -+ net_ads_enctype_dump_enctypes(argv[0], str); > > > -+ > > > -+ ret =3D 0; > > > -+ done: > > > -+ ads_msgfree(ads, res); > > > -+ ads_destroy(&ads); > > > -+ > > > -+ return ret; > > > -+} > > > -+ > > > -+static int net_ads_enctypes_delete(struct net_context *c, int argc,= const char **argv) > > > -+{ > > > -+ int ret =3D -1; > > > -+ ADS_STATUS status; > > > -+ ADS_STRUCT *ads; > > > -+ LDAPMessage *res =3D NULL; > > > -+ const char *dn; > > > -+ ADS_MODLIST mods; > > > -+ > > > -+ if (c->display_usage || argc < 1) { > > > -+ d_printf( "%s\n" > > > -+ "net ads enctypes delete \n" > > > -+ " %s\n", > > > -+ _("Usage:"), > > > -+ _("Delete supported enctypes")); > > > -+ return 0; > > > -+ } > > > -+ > > > -+ status =3D ads_startup(c, false, &ads); > > > -+ if (!ADS_ERR_OK(status)) { > > > -+ printf("startup failed\n"); > > > -+ return ret; > > > -+ } > > > -+ > > > -+ ret =3D net_ads_enctype_lookup_account(c, ads, argv[0], &res, NULL= ); > > > -+ if (ret) { > > > -+ goto done; > > > -+ } > > > -+ > > > -+ dn =3D ads_get_dn(ads, c, res); > > > -+ if (dn =3D=3D NULL) { > > > -+ goto done; > > > -+ } > > > -+ > > > -+ mods =3D ads_init_mods(c); > > > -+ if (!mods) { > > > -+ goto done; > > > -+ } > > > -+ > > > -+ status =3D ads_mod_str(c, &mods, "msDS-SupportedEncryptionTypes", = NULL); > > > -+ if (!ADS_ERR_OK(status)) { > > > -+ goto done; > > > -+ } > > > -+ > > > -+ status =3D ads_gen_mod(ads, dn, mods); > > > -+ if (!ADS_ERR_OK(status)) { > > > -+ d_printf(_("failed to remove msDS-SupportedEncryptionTypes: %s\n"= ), > > > -+ ads_errstr(status)); > > > -+ goto done; > > > -+ } > > > -+ > > > -+ ret =3D 0; > > > -+ > > > -+ done: > > > -+ ads_msgfree(ads, res); > > > -+ ads_destroy(&ads); > > > -+ return ret; > > > -+} > > > -+ > > > -+static int net_ads_enctypes(struct net_context *c, int argc, const = char **argv) > > > -+{ > > > -+ struct functable func[] =3D { > > > -+ { > > > -+ "list", > > > -+ net_ads_enctypes_list, > > > -+ NET_TRANSPORT_ADS, > > > -+ N_("List the supported encryption types"), > > > -+ N_("net ads enctypes list\n" > > > -+ " List the supported encryption types") > > > -+ }, > > > -+ { > > > -+ "set", > > > -+ net_ads_enctypes_set, > > > -+ NET_TRANSPORT_ADS, > > > -+ N_("Set the supported encryption types"), > > > -+ N_("net ads enctypes set\n" > > > -+ " Set the supported encryption types") > > > -+ }, > > > -+ { > > > -+ "delete", > > > -+ net_ads_enctypes_delete, > > > -+ NET_TRANSPORT_ADS, > > > -+ N_("Delete the supported encryption types"), > > > -+ N_("net ads enctypes delete\n" > > > -+ " Delete the supported encryption types") > > > -+ }, > > > -+ > > > -+ {NULL, NULL, 0, NULL, NULL} > > > -+ }; > > > -+ > > > -+ return net_run_function(c, argc, argv, "net ads enctypes", func); > > > -+} > > > -+ > > > -+ > > > - int net_ads(struct net_context *c, int argc, const char **argv) > > > - { > > > - struct functable func[] =3D { > > > -@@ -3015,6 +3315,14 @@ int net_ads(struct net_context *c, int argc, = const char **argv) > > > - N_("net ads kerberos\n" > > > - " Manage kerberos keytab") > > > - }, > > > -+ { > > > -+ "enctypes", > > > -+ net_ads_enctypes, > > > -+ NET_TRANSPORT_ADS, > > > -+ N_("List/modify supported encryption types"), > > > -+ N_("net ads enctypes\n" > > > -+ " List/modify enctypes") > > > -+ }, > > > - {NULL, NULL, 0, NULL, NULL} > > > - }; > > > -=20 > > > ---=20 > > > -1.9.3 > > > - > > > - > > > -From a19f1e51bd7d48b238ad22ec9e27af53dfa5bf44 Mon Sep 17 00:00:00 20= 01 > > > -From: =3D?UTF-8?q?G=3DC3=3DBCnther=3D20Deschner?=3D > > > -Date: Wed, 24 Sep 2014 23:36:19 +0200 > > > -Subject: [PATCH 2/4] s3-net: add manpage documentation for "net ads = enctypes". > > > -MIME-Version: 1.0 > > > -Content-Type: text/plain; charset=3DUTF-8 > > > -Content-Transfer-Encoding: 8bit > > > - > > > -Guenther > > > - > > > -Signed-off-by: G=C3=BCnther Deschner > > > -Reviewed-by: Andreas Schneider > > > -Reviewed-by: Stefan Metzmacher > > > ---- > > > - docs-xml/manpages/net.8.xml | 53 ++++++++++++++++++++++++++++++++++= +++++++++++ > > > - 1 file changed, 53 insertions(+) > > > - > > > -diff --git a/docs-xml/manpages/net.8.xml b/docs-xml/manpages/net.8.x= ml > > > -index f39b420..9e982e3 100644 > > > ---- a/docs-xml/manpages/net.8.xml > > > -+++ b/docs-xml/manpages/net.8.xml > > > -@@ -1339,6 +1339,59 @@ to show in the result. > > > - > > > -=20 > > > - > > > -+ ADS ENCTYPES > > > -+ > > > -+ > > > -+ List, modify or delete the value of the "msDS-SupportedEncryptionT= ypes" attribute of an account in AD. > > > -+ > > > -+ > > > -+ > > > -+ This attribute allows to control which Kerberos encryption types a= re used for the generation of initial and service tickets. The value consis= ts of an integer bitmask with the following values: > > > -+ > > > -+ > > > -+0x00000001 DES-CBC-CRC > > > -+0x00000002 DES-CBC-MD5 > > > -+0x00000004 RC4-HMAC > > > -+0x00000008 AES128-CTS-HMAC-SHA1-96 > > > -+0x00000010 AES256-CTS-HMAC-SHA1-96 > > > -+ > > > -+ > > > -+ > > > -+ > > > -+ ADS ENCTYPES LIST <replaceable><ACCOUNTNAME></replace= able> > > > -+ > > > -+ > > > -+ List the value of the "msDS-SupportedEncryptionTypes" attribute of= a given account. > > > -+ > > > -+ > > > -+Example: net ads enctypes list Computername > > > -+ > > > -+ > > > -+ > > > -+ > > > -+ ADS ENCTYPES SET <replaceable><ACCOUNTNAME></replacea= ble> <replaceable>[enctypes]</replaceable> > > > -+ > > > -+ > > > -+ Set the value of the "msDS-SupportedEncryptionTypes" attribute of = the LDAP object of ACCOUNTNAME to a given value. If the value is ommitted, = the value is set to 31 which enables all the currently supported encryption= types. > > > -+ > > > -+ > > > -+Example: net ads enctypes set Computername 24 > > > -+ > > > -+ > > > -+ > > > -+ > > > -+ ADS ENCTYPES DELETE <replaceable><ACCOUNTNAME></repla= ceable> > > > -+ > > > -+ > > > -+ Deletes the "msDS-SupportedEncryptionTypes" attribute of the LDAP = object of ACCOUNTNAME. > > > -+ > > > -+ > > > -+Example: net ads enctypes set Computername 24 > > > -+ > > > -+ > > > -+ > > > -+ > > > -+ > > > - SAM CREATEBUILTINGROUP <NAME> > > > -=20 > > > - > > > ---=20 > > > -1.9.3 > > > - > > > - > > > -From 0f42d123afde57ee74d89bdc742185cef718cf0f Mon Sep 17 00:00:00 20= 01 > > > -From: =3D?UTF-8?q?G=3DC3=3DBCnther=3D20Deschner?=3D > > > -Date: Fri, 23 Nov 2012 12:34:27 +0100 > > > -Subject: [PATCH 3/4] s3-libnet: set list of allowed krb5 encryption = types in > > > - AD >=3D 2008. > > > -MIME-Version: 1.0 > > > -Content-Type: text/plain; charset=3DUTF-8 > > > -Content-Transfer-Encoding: 8bit > > > - > > > -Guenther > > > - > > > -Signed-off-by: G=C3=BCnther Deschner > > > -Reviewed-by: Andreas Schneider > > > -Reviewed-by: Stefan Metzmacher > > > ---- > > > - source3/libnet/libnet_join.c | 65 +++++++++++++++++++++++++++++++++= +++++++++++ > > > - 1 file changed, 65 insertions(+) > > > - > > > -diff --git a/source3/libnet/libnet_join.c b/source3/libnet/libnet_jo= in.c > > > -index 381a59c..e70e11a 100644 > > > ---- a/source3/libnet/libnet_join.c > > > -+++ b/source3/libnet/libnet_join.c > > > -@@ -605,6 +605,52 @@ static ADS_STATUS libnet_join_set_os_attributes= (TALLOC_CTX *mem_ctx, > > > - /**************************************************************** > > > - ****************************************************************/ > > > -=20 > > > -+static ADS_STATUS libnet_join_set_etypes(TALLOC_CTX *mem_ctx, > > > -+ struct libnet_JoinCtx *r) > > > -+{ > > > -+ ADS_STATUS status; > > > -+ ADS_MODLIST mods; > > > -+ uint32_t etype_list =3D ENC_CRC32 | ENC_RSA_MD5 | ENC_RC4_HMAC_MD5; > > > -+ const char *etype_list_str; > > > -+ > > > -+#ifdef HAVE_ENCTYPE_AES128_CTS_HMAC_SHA1_96 > > > -+ etype_list |=3D ENC_HMAC_SHA1_96_AES128; > > > -+#endif > > > -+#ifdef HAVE_ENCTYPE_AES256_CTS_HMAC_SHA1_96 > > > -+ etype_list |=3D ENC_HMAC_SHA1_96_AES256; > > > -+#endif > > > -+ > > > -+ etype_list_str =3D talloc_asprintf(mem_ctx, "%d", etype_list); > > > -+ if (!etype_list_str) { > > > -+ return ADS_ERROR(LDAP_NO_MEMORY); > > > -+ } > > > -+ > > > -+ /* Find our DN */ > > > -+ > > > -+ status =3D libnet_join_find_machine_acct(mem_ctx, r); > > > -+ if (!ADS_ERR_OK(status)) { > > > -+ return status; > > > -+ } > > > -+ > > > -+ /* now do the mods */ > > > -+ > > > -+ mods =3D ads_init_mods(mem_ctx); > > > -+ if (!mods) { > > > -+ return ADS_ERROR(LDAP_NO_MEMORY); > > > -+ } > > > -+ > > > -+ status =3D ads_mod_str(mem_ctx, &mods, "msDS-SupportedEncryptionTy= pes", > > > -+ etype_list_str); > > > -+ if (!ADS_ERR_OK(status)) { > > > -+ return status; > > > -+ } > > > -+ > > > -+ return ads_gen_mod(r->in.ads, r->out.dn, mods); > > > -+} > > > -+ > > > -+/**************************************************************** > > > -+****************************************************************/ > > > -+ > > > - static bool libnet_join_create_keytab(TALLOC_CTX *mem_ctx, > > > - struct libnet_JoinCtx *r) > > > - { > > > -@@ -679,6 +725,7 @@ static ADS_STATUS libnet_join_post_processing_ad= s(TALLOC_CTX *mem_ctx, > > > - struct libnet_JoinCtx *r) > > > - { > > > - ADS_STATUS status; > > > -+ uint32_t func_level =3D 0; > > > -=20 > > > - if (!r->in.ads) { > > > - status =3D libnet_join_connect_ads(mem_ctx, r); > > > -@@ -713,6 +760,24 @@ static ADS_STATUS libnet_join_post_processing_a= ds(TALLOC_CTX *mem_ctx, > > > - return status; > > > - } > > > -=20 > > > -+ status =3D ads_domain_func_level(r->in.ads, &func_level); > > > -+ if (!ADS_ERR_OK(status)) { > > > -+ libnet_join_set_error_string(mem_ctx, r, > > > -+ "failed to query domain controller functional level: %s", > > > -+ ads_errstr(status)); > > > -+ return status; > > > -+ } > > > -+ > > > -+ if (func_level >=3D DS_DOMAIN_FUNCTION_2008) { > > > -+ status =3D libnet_join_set_etypes(mem_ctx, r); > > > -+ if (!ADS_ERR_OK(status)) { > > > -+ libnet_join_set_error_string(mem_ctx, r, > > > -+ "failed to set machine kerberos encryption types: %s", > > > -+ ads_errstr(status)); > > > -+ return status; > > > -+ } > > > -+ } > > > -+ > > > - if (!libnet_join_derive_salting_principal(mem_ctx, r)) { > > > - return ADS_ERROR_NT(NT_STATUS_UNSUCCESSFUL); > > > - } > > > ---=20 > > > -1.9.3 > > > - > > > - > > > -From adb206481ac56c8f438e70f7b9e986aeba9586b1 Mon Sep 17 00:00:00 20= 01 > > > -From: =3D?UTF-8?q?G=3DC3=3DBCnther=3D20Deschner?=3D > > > -Date: Fri, 26 Sep 2014 21:06:38 +0200 > > > -Subject: [PATCH 4/4] s4-auth/kerberos: fix salting principal, make s= ure > > > - hostname is lowercase. > > > -MIME-Version: 1.0 > > > -Content-Type: text/plain; charset=3DUTF-8 > > > -Content-Transfer-Encoding: 8bit > > > - > > > -Found at MS interop event while working on AES kerberos key support. > > > - > > > -Guenther > > > - > > > -Signed-off-by: G=C3=BCnther Deschner > > > -Reviewed-by: Andrew Bartlett > > > ---- > > > - source4/auth/kerberos/srv_keytab.c | 2 +- > > > - 1 file changed, 1 insertion(+), 1 deletion(-) > > > - > > > -diff --git a/source4/auth/kerberos/srv_keytab.c b/source4/auth/kerbe= ros/srv_keytab.c > > > -index d81e27d..3baba14 100644 > > > ---- a/source4/auth/kerberos/srv_keytab.c > > > -+++ b/source4/auth/kerberos/srv_keytab.c > > > -@@ -143,7 +143,7 @@ static krb5_error_code salt_principal(TALLOC_CTX= *parent_ctx, > > > - return ENOMEM; > > > - } > > > -=20 > > > -- machine_username =3D talloc_strdup(tmp_ctx, samAccountName); > > > -+ machine_username =3D strlower_talloc(tmp_ctx, samAccountName); > > > - if (!machine_username) { > > > - *error_string =3D "Cannot duplicate samAccountName"; > > > - talloc_free(tmp_ctx); > > > ---=20 > > > -1.9.3 > > > - > > > -From d423e8b759af2e0a7cdce39d3f7a6c8d9c1764b4 Mon Sep 17 00:00:00 20= 01 > > > -From: Jeremy Allison > > > -Date: Mon, 16 Jun 2014 22:49:29 -0700 > > > -Subject: [PATCH 1/5] s3: auth: Add some const to the struct netr_Sam= Info3 * > > > - arguments of copy_netr_SamInfo3() and make_server_info_info3() > > > - > > > -Both functions only read from the struct netr_SamInfo3 * argument. > > > - > > > -Signed-off-by: Jeremy Allison > > > -Reviewed-by: Richard Sharpe > > > -Reviewed-by: Simo Sorce > > > - > > > -Conflicts: > > > - source3/auth/proto.h > > > - source3/auth/server_info.c > > > ---- > > > - source3/auth/auth_util.c | 2 +- > > > - source3/auth/proto.h | 4 ++-- > > > - source3/auth/server_info.c | 2 +- > > > - 3 files changed, 4 insertions(+), 4 deletions(-) > > > - > > > -diff --git a/source3/auth/auth_util.c b/source3/auth/auth_util.c > > > -index ceaa706..afa78ec 100644 > > > ---- a/source3/auth/auth_util.c > > > -+++ b/source3/auth/auth_util.c > > > -@@ -1369,7 +1369,7 @@ NTSTATUS make_server_info_info3(TALLOC_CTX *me= m_ctx, > > > - const char *sent_nt_username, > > > - const char *domain, > > > - struct auth_serversupplied_info **server_info, > > > -- struct netr_SamInfo3 *info3) > > > -+ const struct netr_SamInfo3 *info3) > > > - { > > > - static const char zeros[16] =3D {0, }; > > > -=20 > > > -diff --git a/source3/auth/proto.h b/source3/auth/proto.h > > > -index 76661fc..6ec206e 100644 > > > ---- a/source3/auth/proto.h > > > -+++ b/source3/auth/proto.h > > > -@@ -232,7 +232,7 @@ NTSTATUS make_server_info_info3(TALLOC_CTX *mem_= ctx, > > > - const char *sent_nt_username, > > > - const char *domain, > > > - struct auth_serversupplied_info **server_info, > > > -- struct netr_SamInfo3 *info3); > > > -+ const struct netr_SamInfo3 *info3); > > > - struct wbcAuthUserInfo; > > > - NTSTATUS make_server_info_wbcAuthUserInfo(TALLOC_CTX *mem_ctx, > > > - const char *sent_nt_username, > > > -@@ -287,7 +287,7 @@ NTSTATUS samu_to_SamInfo3(TALLOC_CTX *mem_ctx, > > > - const struct passwd *pwd, > > > - struct netr_SamInfo3 **pinfo3); > > > - struct netr_SamInfo3 *copy_netr_SamInfo3(TALLOC_CTX *mem_ctx, > > > -- struct netr_SamInfo3 *orig); > > > -+ const struct netr_SamInfo3 *orig); > > > - struct netr_SamInfo3 *wbcAuthUserInfo_to_netr_SamInfo3(TALLOC_CTX *= mem_ctx, > > > - const struct wbcAuthUserInfo *info); > > > -=20 > > > -diff --git a/source3/auth/server_info.c b/source3/auth/server_info.c > > > -index d2b7d6e..066b9a8 100644 > > > ---- a/source3/auth/server_info.c > > > -+++ b/source3/auth/server_info.c > > > -@@ -445,7 +445,7 @@ NTSTATUS samu_to_SamInfo3(TALLOC_CTX *mem_ctx, > > > - } } while(0) > > > -=20 > > > - struct netr_SamInfo3 *copy_netr_SamInfo3(TALLOC_CTX *mem_ctx, > > > -- struct netr_SamInfo3 *orig) > > > -+ const struct netr_SamInfo3 *orig) > > > - { > > > - struct netr_SamInfo3 *info3; > > > - unsigned int i; > > > ---=20 > > > -1.9.3 > > > - > > > - > > > -From cab0cda9df0bb0eda2d7957c0bb8dbcb51ba7ef7 Mon Sep 17 00:00:00 20= 01 > > > -From: Jeremy Allison > > > -Date: Mon, 16 Jun 2014 22:54:45 -0700 > > > -Subject: [PATCH 2/5] s3: auth: Change make_server_info_info3() to ta= ke a const > > > - struct netr_SamInfo3 pointer instead of a struct PAC_LOGON_INFO. > > > - > > > -make_server_info_info3() only reads from the info3 pointer. > > > - > > > -Signed-off-by: Jeremy Allison > > > -Reviewed-by: Richard Sharpe > > > -Reviewed-by: Simo Sorce > > > ---- > > > - source3/auth/auth_generic.c | 2 +- > > > - source3/auth/proto.h | 2 +- > > > - source3/auth/user_krb5.c | 8 ++++---- > > > - 3 files changed, 6 insertions(+), 6 deletions(-) > > > - > > > -diff --git a/source3/auth/auth_generic.c b/source3/auth/auth_generic= =2Ec > > > -index a2ba4e3..2880bc9 100644 > > > ---- a/source3/auth/auth_generic.c > > > -+++ b/source3/auth/auth_generic.c > > > -@@ -112,7 +112,7 @@ static NTSTATUS auth3_generate_session_info_pac(= struct auth4_context *auth_ctx, > > > -=20 > > > - status =3D make_session_info_krb5(mem_ctx, > > > - ntuser, ntdomain, username, pw, > > > -- logon_info, is_guest, is_mapped, NULL /* No session key for no= w, caller will sort it out */, > > > -+ &logon_info->info3, is_guest, is_mapped, NULL /* No session ke= y for now, caller will sort it out */, > > > - session_info); > > > - if (!NT_STATUS_IS_OK(status)) { > > > - DEBUG(1, ("Failed to map kerberos pac to server info (%s)\n", > > > -diff --git a/source3/auth/proto.h b/source3/auth/proto.h > > > -index 6ec206e..75d1097 100644 > > > ---- a/source3/auth/proto.h > > > -+++ b/source3/auth/proto.h > > > -@@ -357,7 +357,7 @@ NTSTATUS make_session_info_krb5(TALLOC_CTX *mem_= ctx, > > > - char *ntdomain, > > > - char *username, > > > - struct passwd *pw, > > > -- struct PAC_LOGON_INFO *logon_info, > > > -+ const struct netr_SamInfo3 *info3, > > > - bool mapped_to_guest, bool username_was_mapped, > > > - DATA_BLOB *session_key, > > > - struct auth_session_info **session_info); > > > -diff --git a/source3/auth/user_krb5.c b/source3/auth/user_krb5.c > > > -index 974a8aa..0a538b4 100644 > > > ---- a/source3/auth/user_krb5.c > > > -+++ b/source3/auth/user_krb5.c > > > -@@ -186,7 +186,7 @@ NTSTATUS make_session_info_krb5(TALLOC_CTX *mem_= ctx, > > > - char *ntdomain, > > > - char *username, > > > - struct passwd *pw, > > > -- struct PAC_LOGON_INFO *logon_info, > > > -+ const struct netr_SamInfo3 *info3, > > > - bool mapped_to_guest, bool username_was_mapped, > > > - DATA_BLOB *session_key, > > > - struct auth_session_info **session_info) > > > -@@ -202,14 +202,14 @@ NTSTATUS make_session_info_krb5(TALLOC_CTX *me= m_ctx, > > > - return status; > > > - } > > > -=20 > > > -- } else if (logon_info) { > > > -+ } else if (info3) { > > > - /* pass the unmapped username here since map_username() > > > - will be called again in make_server_info_info3() */ > > > -=20 > > > - status =3D make_server_info_info3(mem_ctx, > > > - ntuser, ntdomain, > > > - &server_info, > > > -- &logon_info->info3); > > > -+ info3); > > > - if (!NT_STATUS_IS_OK(status)) { > > > - DEBUG(1, ("make_server_info_info3 failed: %s!\n", > > > - nt_errstr(status))); > > > -@@ -299,7 +299,7 @@ NTSTATUS make_session_info_krb5(TALLOC_CTX *mem_= ctx, > > > - char *ntdomain, > > > - char *username, > > > - struct passwd *pw, > > > -- struct PAC_LOGON_INFO *logon_info, > > > -+ const struct netr_SamInfo3 *info3, > > > - bool mapped_to_guest, bool username_was_mapped, > > > - DATA_BLOB *session_key, > > > - struct auth_session_info **session_info) > > > ---=20 > > > -1.9.3 > > > - > > > - > > > -From 102335441aaa7967367abcc5690fe7229807546a Mon Sep 17 00:00:00 20= 01 > > > -From: Jeremy Allison > > > -Date: Mon, 16 Jun 2014 23:11:58 -0700 > > > -Subject: [PATCH 3/5] s3: auth: Add create_info3_from_pac_logon_info(= ) to > > > - create a new info3 and merge resource group SIDs into it. > > > - > > > -Originally written by Richard Sharpe Richard Sharpe . > > > - > > > -Signed-off-by: Jeremy Allison > > > -Reviewed-by: Richard Sharpe > > > -Reviewed-by: Simo Sorce > > > ---- > > > - source3/auth/proto.h | 3 ++ > > > - source3/auth/server_info.c | 77 +++++++++++++++++++++++++++++++++++= +++++++++++ > > > - 2 files changed, 80 insertions(+) > > > - > > > -diff --git a/source3/auth/proto.h b/source3/auth/proto.h > > > -index 75d1097..cc51698 100644 > > > ---- a/source3/auth/proto.h > > > -+++ b/source3/auth/proto.h > > > -@@ -281,6 +281,9 @@ NTSTATUS serverinfo_to_SamInfo3(const struct aut= h_serversupplied_info *server_in > > > - struct netr_SamInfo3 *sam3); > > > - NTSTATUS serverinfo_to_SamInfo6(struct auth_serversupplied_info *se= rver_info, > > > - struct netr_SamInfo6 *sam6); > > > -+NTSTATUS create_info3_from_pac_logon_info(TALLOC_CTX *mem_ctx, > > > -+ const struct PAC_LOGON_INFO= *logon_info, > > > -+ struct netr_SamInfo3 **pp_i= nfo3); > > > - NTSTATUS samu_to_SamInfo3(TALLOC_CTX *mem_ctx, > > > - struct samu *samu, > > > - const char *login_server, > > > -diff --git a/source3/auth/server_info.c b/source3/auth/server_info.c > > > -index 066b9a8..dc84794 100644 > > > ---- a/source3/auth/server_info.c > > > -+++ b/source3/auth/server_info.c > > > -@@ -252,6 +252,83 @@ static NTSTATUS group_sids_to_info3(struct netr= _SamInfo3 *info3, > > > - return NT_STATUS_OK; > > > - } > > > -=20 > > > -+/* > > > -+ * Merge resource SIDs, if any, into the passed in info3 structure. > > > -+ */ > > > -+ > > > -+static NTSTATUS merge_resource_sids(const struct PAC_LOGON_INFO *lo= gon_info, > > > -+ struct netr_SamInfo3 *info3) > > > -+{ > > > -+ uint32_t i =3D 0; > > > -+ > > > -+ if (!(logon_info->info3.base.user_flags & NETLOGON_RESOURCE_GROUPS= )) { > > > -+ return NT_STATUS_OK; > > > -+ } > > > -+ > > > -+ /* > > > -+ * If there are any resource groups (SID Compression) add > > > -+ * them to the extra sids portion of the info3 in the PAC. > > > -+ * > > > -+ * This makes the info3 look like it would if we got the info > > > -+ * from the DC rather than the PAC. > > > -+ */ > > > -+ > > > -+ /* > > > -+ * Construct a SID for each RID in the list and then append it > > > -+ * to the info3. > > > -+ */ > > > -+ for (i =3D 0; i < logon_info->res_groups.count; i++) { > > > -+ NTSTATUS status; > > > -+ struct dom_sid new_sid; > > > -+ uint32_t attributes =3D logon_info->res_groups.rids[i].attributes; > > > -+ > > > -+ sid_compose(&new_sid, > > > -+ logon_info->res_group_dom_sid, > > > -+ logon_info->res_groups.rids[i].rid); > > > -+ > > > -+ DEBUG(10, ("Adding SID %s to extra SIDS\n", > > > -+ sid_string_dbg(&new_sid))); > > > -+ > > > -+ status =3D append_netr_SidAttr(info3, &info3->sids, > > > -+ &info3->sidcount, > > > -+ &new_sid, > > > -+ attributes); > > > -+ if (!NT_STATUS_IS_OK(status)) { > > > -+ DEBUG(1, ("failed to append SID %s to extra SIDS: %s\n", > > > -+ sid_string_dbg(&new_sid), > > > -+ nt_errstr(status))); > > > -+ return status; > > > -+ } > > > -+ } > > > -+ > > > -+ return NT_STATUS_OK; > > > -+} > > > -+ > > > -+/* > > > -+ * Create a copy of an info3 struct from the struct PAC_LOGON_INFO, > > > -+ * then merge resource SIDs, if any, into it. If successful return > > > -+ * the created info3 struct. > > > -+ */ > > > -+ > > > -+NTSTATUS create_info3_from_pac_logon_info(TALLOC_CTX *mem_ctx, > > > -+ const struct PAC_LOGON_INFO *logon_info, > > > -+ struct netr_SamInfo3 **pp_info3) > > > -+{ > > > -+ NTSTATUS status; > > > -+ struct netr_SamInfo3 *info3 =3D copy_netr_SamInfo3(mem_ctx, > > > -+ &logon_info->info3); > > > -+ if (info3 =3D=3D NULL) { > > > -+ return NT_STATUS_NO_MEMORY; > > > -+ } > > > -+ status =3D merge_resource_sids(logon_info, info3); > > > -+ if (!NT_STATUS_IS_OK(status)) { > > > -+ TALLOC_FREE(info3); > > > -+ return status; > > > -+ } > > > -+ *pp_info3 =3D info3; > > > -+ return NT_STATUS_OK; > > > -+} > > > -+ > > > - #define RET_NOMEM(ptr) do { \ > > > - if (!ptr) { \ > > > - TALLOC_FREE(info3); \ > > > ---=20 > > > -1.9.3 > > > - > > > - > > > -From fda9cefd3d4a0808af67595631dd755d5b73aacf Mon Sep 17 00:00:00 20= 01 > > > -From: Jeremy Allison > > > -Date: Mon, 16 Jun 2014 23:15:21 -0700 > > > -Subject: [PATCH 4/5] s3: auth: Change auth3_generate_session_info_pa= c() to use > > > - a copy of the info3 struct from the struct PAC_LOGON_INFO. > > > - > > > -Call create_info3_from_pac_logon_info() to add in any resource SIDs > > > -from the struct PAC_LOGON_INFO to the info3. > > > - > > > -Signed-off-by: Jeremy Allison > > > -Reviewed-by: Richard Sharpe > > > -Reviewed-by: Simo Sorce > > > ---- > > > - source3/auth/auth_generic.c | 11 +++++++++-- > > > - 1 file changed, 9 insertions(+), 2 deletions(-) > > > - > > > -diff --git a/source3/auth/auth_generic.c b/source3/auth/auth_generic= =2Ec > > > -index 2880bc9..f841f0c 100644 > > > ---- a/source3/auth/auth_generic.c > > > -+++ b/source3/auth/auth_generic.c > > > -@@ -44,6 +44,7 @@ static NTSTATUS auth3_generate_session_info_pac(st= ruct auth4_context *auth_ctx, > > > - { > > > - TALLOC_CTX *tmp_ctx; > > > - struct PAC_LOGON_INFO *logon_info =3D NULL; > > > -+ struct netr_SamInfo3 *info3_copy =3D NULL; > > > - bool is_mapped; > > > - bool is_guest; > > > - char *ntuser; > > > -@@ -101,7 +102,13 @@ static NTSTATUS auth3_generate_session_info_pac= (struct auth4_context *auth_ctx, > > > -=20 > > > - /* save the PAC data if we have it */ > > > - if (logon_info) { > > > -- netsamlogon_cache_store(ntuser, &logon_info->info3); > > > -+ status =3D create_info3_from_pac_logon_info(tmp_ctx, > > > -+ logon_info, > > > -+ &info3_copy); > > > -+ if (!NT_STATUS_IS_OK(status)) { > > > -+ goto done; > > > -+ } > > > -+ netsamlogon_cache_store(ntuser, info3_copy); > > > - } > > > -=20 > > > - /* setup the string used by %U */ > > > -@@ -112,7 +119,7 @@ static NTSTATUS auth3_generate_session_info_pac(= struct auth4_context *auth_ctx, > > > -=20 > > > - status =3D make_session_info_krb5(mem_ctx, > > > - ntuser, ntdomain, username, pw, > > > -- &logon_info->info3, is_guest, is_mapped, NULL /* No session ke= y for now, caller will sort it out */, > > > -+ info3_copy, is_guest, is_mapped, NULL /* No session key for no= w, caller will sort it out */, > > > - session_info); > > > - if (!NT_STATUS_IS_OK(status)) { > > > - DEBUG(1, ("Failed to map kerberos pac to server info (%s)\n", > > > ---=20 > > > -1.9.3 > > > - > > > - > > > -From 9ed711f88685fc2d4860c9d6b7fa651bd2a52558 Mon Sep 17 00:00:00 20= 01 > > > -From: Jeremy Allison > > > -Date: Mon, 16 Jun 2014 23:27:35 -0700 > > > -Subject: [PATCH 5/5] s3: auth: Fix winbindd_pam_auth_pac_send() to c= reate a > > > - new info3 and merge in resource groups from a trusted PAC. > > > - > > > -Based on a patch from Richard Sharpe . > > > - > > > -Signed-off-by: Jeremy Allison > > > -Reviewed-by: Richard Sharpe > > > -Reviewed-by: Simo Sorce > > > - > > > -Autobuild-User(master): Jeremy Allison > > > -Autobuild-Date(master): Wed Jun 18 03:30:36 CEST 2014 on sn-devel-104 > > > ---- > > > - source3/winbindd/winbindd_pam.c | 24 ++++++++++++++++++++++-- > > > - 1 file changed, 22 insertions(+), 2 deletions(-) > > > - > > > -diff --git a/source3/winbindd/winbindd_pam.c b/source3/winbindd/winb= indd_pam.c > > > -index c356686..0f1ca28 100644 > > > ---- a/source3/winbindd/winbindd_pam.c > > > -+++ b/source3/winbindd/winbindd_pam.c > > > -@@ -2421,6 +2421,7 @@ NTSTATUS winbindd_pam_auth_pac_send(struct win= bindd_cli_state *state, > > > - struct winbindd_request *req =3D state->request; > > > - DATA_BLOB pac_blob; > > > - struct PAC_LOGON_INFO *logon_info =3D NULL; > > > -+ struct netr_SamInfo3 *info3_copy =3D NULL; > > > - NTSTATUS result; > > > -=20 > > > - pac_blob =3D data_blob_const(req->extra_data.data, req->extra_len); > > > -@@ -2434,7 +2435,13 @@ NTSTATUS winbindd_pam_auth_pac_send(struct wi= nbindd_cli_state *state, > > > -=20 > > > - if (logon_info) { > > > - /* Signature verification succeeded, trust the PAC */ > > > -- netsamlogon_cache_store(NULL, &logon_info->info3); > > > -+ result =3D create_info3_from_pac_logon_info(state->mem_ctx, > > > -+ logon_info, > > > -+ &info3_copy); > > > -+ if (!NT_STATUS_IS_OK(result)) { > > > -+ return result; > > > -+ } > > > -+ netsamlogon_cache_store(NULL, info3_copy); > > > -=20 > > > - } else { > > > - /* Try without signature verification */ > > > -@@ -2446,9 +2453,22 @@ NTSTATUS winbindd_pam_auth_pac_send(struct wi= nbindd_cli_state *state, > > > - nt_errstr(result))); > > > - return result; > > > - } > > > -+ if (logon_info) { > > > -+ /* > > > -+ * Don't strictly need to copy here, > > > -+ * but it makes it explicit we're > > > -+ * returning a copy talloc'ed off > > > -+ * the state->mem_ctx. > > > -+ */ > > > -+ info3_copy =3D copy_netr_SamInfo3(state->mem_ctx, > > > -+ &logon_info->info3); > > > -+ if (info3_copy =3D=3D NULL) { > > > -+ return NT_STATUS_NO_MEMORY; > > > -+ } > > > -+ } > > > - } > > > -=20 > > > -- *info3 =3D &logon_info->info3; > > > -+ *info3 =3D info3_copy; > > > -=20 > > > - return NT_STATUS_OK; > > > - } > > > ---=20 > > > -1.9.3 > > > - > > > diff --git a/meta-networking/recipes-connectivity/samba/samba-4.1.12/= 14-fix-dnsupdate.patch b/meta-networking/recipes-connectivity/samba/samba-4= =2E1.12/14-fix-dnsupdate.patch > > > deleted file mode 100644 > > > index 071069b..0000000 > > > --- a/meta-networking/recipes-connectivity/samba/samba-4.1.12/14-fix-= dnsupdate.patch > > > +++ /dev/null > > > @@ -1,51 +0,0 @@ > > > -From 3bf805a38a1b901a55b08118ec04097d9787497c Mon Sep 17 00:00:00 20= 01 > > > -From: =3D?UTF-8?q?G=3DC3=3DBCnther=3D20Deschner?=3D > > > -Date: Mon, 29 Sep 2014 17:16:15 +0200 > > > -Subject: [PATCH] s3-net: Force libkrb5 locator to use the same KDC f= or join > > > - and DNS update. > > > -MIME-Version: 1.0 > > > -Content-Type: text/plain; charset=3DUTF-8 > > > -Content-Transfer-Encoding: 8bit > > > - > > > -Guenther > > > - > > > -Signed-off-by: G=C3=BCnther Deschner > > > ---- > > > - source3/utils/net_ads.c | 21 +++++++++++++++++++++ > > > - 1 file changed, 21 insertions(+) > > > - > > > -diff --git a/source3/utils/net_ads.c b/source3/utils/net_ads.c > > > -index e96377f..efbc3d2 100644 > > > ---- a/source3/utils/net_ads.c > > > -+++ b/source3/utils/net_ads.c > > > -@@ -1566,6 +1566,27 @@ int net_ads_join(struct net_context *c, int a= rgc, const char **argv) > > > - * If the dns update fails, we still consider the join > > > - * operation as succeeded if we came this far. > > > - */ > > > -+ > > > -+ if (r->out.dns_domain_name !=3D NULL) { > > > -+ > > > -+ /* Avoid potential libkrb5 issues finding a good KDC when we > > > -+ * already found one during the join. When the locator plugin is > > > -+ * installed (but winbind is not yet running) make sure we can > > > -+ * force libkrb5 to reuse that KDC. - gd */ > > > -+ > > > -+ char *env; > > > -+ > > > -+ env =3D talloc_asprintf_strupper_m(r, > > > -+ "WINBINDD_LOCATOR_KDC_ADDRESS_%s", > > > -+ r->out.dns_domain_name); > > > -+ if (env =3D=3D NULL) { > > > -+ return -1; > > > -+ } > > > -+ > > > -+ setenv(env, r->in.ads->auth.kdc_server, 0); > > > -+ setenv("_NO_WINBINDD", "1", 0); > > > -+ } > > > -+ > > > - _net_ads_join_dns_updates(c, ctx, r); > > > -=20 > > > - TALLOC_FREE(r); > > > ---=20 > > > -1.9.3 > > > - > > > diff --git a/meta-networking/recipes-connectivity/samba/samba-4.1.12/= 15-fix-netbios-name-truncation.patch b/meta-networking/recipes-connectivity= /samba/samba-4.1.12/15-fix-netbios-name-truncation.patch > > > deleted file mode 100644 > > > index 9721afa..0000000 > > > --- a/meta-networking/recipes-connectivity/samba/samba-4.1.12/15-fix-= netbios-name-truncation.patch > > > +++ /dev/null > > > @@ -1,154 +0,0 @@ > > > -From 170166b8a0076089c6a8505f53a22f5b72c15786 Mon Sep 17 00:00:00 20= 01 > > > -From: Jeremy Allison > > > -Date: Tue, 28 Oct 2014 11:55:30 -0700 > > > -Subject: [PATCH] s3-nmbd: Fix netbios name truncation. > > > - > > > -Try and cope with truncation more intelligently. > > > - > > > -BUG: https://bugzilla.samba.org/show_bug.cgi?id=3D10896 > > > - > > > -Signed-off-by: Jeremy Allison > > > -Reviewed-by: Andreas Schneider > > > -(cherry picked from commit 6adcc7bffd5e1474ecba04d2328955c0b208cabc) > > > -Signed-off-by: Andreas Schneider > > > ---- > > > - source3/nmbd/nmbd_nameregister.c | 76 +++++++++++++++++++++++++++++= ++++++----- > > > - 1 file changed, 68 insertions(+), 8 deletions(-) > > > - > > > -diff --git a/source3/nmbd/nmbd_nameregister.c b/source3/nmbd/nmbd_na= meregister.c > > > -index 71c4751..8b078e6 100644 > > > ---- a/source3/nmbd/nmbd_nameregister.c > > > -+++ b/source3/nmbd/nmbd_nameregister.c > > > -@@ -482,17 +482,77 @@ void register_name(struct subnet_record *subre= c, > > > - { > > > - struct nmb_name nmbname; > > > - nstring nname; > > > -+ size_t converted_size; > > > -=20 > > > - errno =3D 0; > > > -- push_ascii_nstring(nname, name); > > > -- if (errno =3D=3D E2BIG) { > > > -- unstring tname; > > > -- pull_ascii_nstring(tname, sizeof(tname), nname); > > > -- DEBUG(0,("register_name: NetBIOS name %s is too long. Truncating = to %s\n", > > > -- name, tname)); > > > -- make_nmb_name(&nmbname, tname, type); > > > -- } else { > > > -+ converted_size =3D push_ascii_nstring(nname, name); > > > -+ if (converted_size !=3D (size_t)-1) { > > > -+ /* Success. */ > > > - make_nmb_name(&nmbname, name, type); > > > -+ } else if (errno =3D=3D E2BIG) { > > > -+ /* > > > -+ * Name converted to CH_DOS is too large. > > > -+ * try to truncate. > > > -+ */ > > > -+ char *converted_str_dos =3D NULL; > > > -+ char *converted_str_unix =3D NULL; > > > -+ bool ok; > > > -+ > > > -+ converted_size =3D 0; > > > -+ > > > -+ ok =3D convert_string_talloc(talloc_tos(), > > > -+ CH_UNIX, > > > -+ CH_DOS, > > > -+ name, > > > -+ strlen(name)+1, > > > -+ &converted_str_dos, > > > -+ &converted_size); > > > -+ if (!ok) { > > > -+ DEBUG(0,("register_name: NetBIOS name %s cannot be " > > > -+ "converted. Failing to register name.\n", > > > -+ name)); > > > -+ return; > > > -+ } > > > -+ > > > -+ /* > > > -+ * As it's now CH_DOS codepage > > > -+ * we truncate by writing '\0' at > > > -+ * MAX_NETBIOSNAME_LEN-1 and then > > > -+ * convert back to CH_UNIX which we > > > -+ * need for the make_nmb_name() call. > > > -+ */ > > > -+ if (converted_size >=3D MAX_NETBIOSNAME_LEN) { > > > -+ converted_str_dos[MAX_NETBIOSNAME_LEN-1] =3D '\0'; > > > -+ } > > > -+ > > > -+ ok =3D convert_string_talloc(talloc_tos(), > > > -+ CH_DOS, > > > -+ CH_UNIX, > > > -+ converted_str_dos, > > > -+ strlen(converted_str_dos)+1, > > > -+ &converted_str_unix, > > > -+ &converted_size); > > > -+ if (!ok) { > > > -+ DEBUG(0,("register_name: NetBIOS name %s cannot be " > > > -+ "converted back to CH_UNIX. " > > > -+ "Failing to register name.\n", > > > -+ converted_str_dos)); > > > -+ TALLOC_FREE(converted_str_dos); > > > -+ return; > > > -+ } > > > -+ > > > -+ make_nmb_name(&nmbname, converted_str_unix, type); > > > -+ > > > -+ TALLOC_FREE(converted_str_dos); > > > -+ TALLOC_FREE(converted_str_unix); > > > -+ } else { > > > -+ /* > > > -+ * Generic conversion error. Fail to register. > > > -+ */ > > > -+ DEBUG(0,("register_name: NetBIOS name %s cannot be " > > > -+ "converted (%s). Failing to register name.\n", > > > -+ name, strerror(errno))); > > > -+ return; > > > - } > > > -=20 > > > - /* Always set the NB_ACTIVE flag on the name we are > > > ---=20 > > > -2.1.2 > > > - > > > -From 653a1c312e6b85f1d8113beec52a27e0ba71ef79 Mon Sep 17 00:00:00 20= 01 > > > -From: Jeremy Allison > > > -Date: Fri, 31 Oct 2014 11:01:26 -0700 > > > -Subject: [PATCH] s3: nmbd: Ensure NetBIOS names are only 15 characte= rs stored. > > > - > > > -This screws up if the name is greater than MAX_NETBIOSNAME_LEN-1 in = the > > > -unix charset, but less than or equal to MAX_NETBIOSNAME_LEN-1 in the= DOS > > > -charset, but this is so old we have to live with that. > > > - > > > -BUG: https://bugzilla.samba.org/show_bug.cgi?id=3D10920 > > > - > > > -Signed-off-by: Jeremy Allison > > > -Reviewed-by: Andreas Schneider > > > - > > > -(cherry picked from commit 7467f6e72cba214eeca75c34e9d9fba354c7ef31) > > > -Signed-off-by: Andreas Schneider > > > ---- > > > - source3/lib/util_names.c | 10 +++++++++- > > > - 1 file changed, 9 insertions(+), 1 deletion(-) > > > - > > > -diff --git a/source3/lib/util_names.c b/source3/lib/util_names.c > > > -index cf54a0e..1392b48 100644 > > > ---- a/source3/lib/util_names.c > > > -+++ b/source3/lib/util_names.c > > > -@@ -60,7 +60,15 @@ static bool set_my_netbios_names(const char *name= , int i) > > > - { > > > - SAFE_FREE(smb_my_netbios_names[i]); > > > -=20 > > > -- smb_my_netbios_names[i] =3D SMB_STRDUP(name); > > > -+ /* > > > -+ * Don't include space for terminating '\0' in strndup, > > > -+ * it is automatically added. This screws up if the name > > > -+ * is greater than MAX_NETBIOSNAME_LEN-1 in the unix > > > -+ * charset, but less than or equal to MAX_NETBIOSNAME_LEN-1 > > > -+ * in the DOS charset, but this is so old we have to live > > > -+ * with that. > > > -+ */ > > > -+ smb_my_netbios_names[i] =3D SMB_STRNDUP(name, MAX_NETBIOSNAME_LEN-= 1); > > > - if (!smb_my_netbios_names[i]) > > > - return False; > > > - return strupper_m(smb_my_netbios_names[i]); > > > ---=20 > > > -2.1.2 > > > - > > > diff --git a/meta-networking/recipes-connectivity/samba/samba-4.1.12/= 16-do-not-check-xsltproc-manpages.patch b/meta-networking/recipes-connectiv= ity/samba/samba-4.1.12/16-do-not-check-xsltproc-manpages.patch > > > deleted file mode 100644 > > > index 447e243..0000000 > > > --- a/meta-networking/recipes-connectivity/samba/samba-4.1.12/16-do-n= ot-check-xsltproc-manpages.patch > > > +++ /dev/null > > > @@ -1,52 +0,0 @@ > > > -Don't check xsltproc manpages > > > - > > > -Signed-off-by: Bian Naimeng > > > - > > > -diff -Nurp samba-4.1.12.orig/lib/ldb/wscript samba-4.1.12/lib/ldb/ws= cript > > > ---- samba-4.1.12.orig/lib/ldb/wscript 2014-07-28 16:13:45.000000000 = +0900 > > > -+++ samba-4.1.12/lib/ldb/wscript 2015-04-23 17:08:45.277000225 +0900 > > > -@@ -56,7 +56,7 @@ def configure(conf): > > > - conf.define('USING_SYSTEM_PYLDB_UTIL', 1) > > > -=20 > > > - if conf.env.standalone_ldb: > > > -- conf.CHECK_XSLTPROC_MANPAGES() > > > -+ #conf.CHECK_XSLTPROC_MANPAGES() > > > -=20 > > > - # we need this for the ldap backend > > > - if conf.CHECK_FUNCS_IN('ber_flush ldap_open ldap_initialize= ', 'lber ldap', headers=3D'lber.h ldap.h'): > > > -diff -Nurp samba-4.1.12.orig/lib/ntdb/wscript samba-4.1.12/lib/ntdb/= wscript > > > ---- samba-4.1.12.orig/lib/ntdb/wscript 2013-12-05 18:16:48.000000000= +0900 > > > -+++ samba-4.1.12/lib/ntdb/wscript 2015-04-23 17:09:17.680000274 +0900 > > > -@@ -121,7 +121,7 @@ def configure(conf): > > > - Logs.warn('Disabling pyntdb as python devel libs not fo= und') > > > - conf.env.disable_python =3D True > > > -=20 > > > -- conf.CHECK_XSLTPROC_MANPAGES() > > > -+ #conf.CHECK_XSLTPROC_MANPAGES() > > > -=20 > > > - # This make #include work. > > > - conf.ADD_EXTRA_INCLUDES('''#lib''') > > > -diff -Nurp samba-4.1.12.orig/lib/talloc/wscript samba-4.1.12/lib/tal= loc/wscript > > > ---- samba-4.1.12.orig/lib/talloc/wscript 2013-12-05 18:16:48.0000000= 00 +0900 > > > -+++ samba-4.1.12/lib/talloc/wscript 2015-04-23 17:08:21.781000339 +0= 900 > > > -@@ -55,7 +55,7 @@ def configure(conf): > > > - if conf.env.standalone_talloc: > > > - conf.env.TALLOC_COMPAT1 =3D Options.options.TALLOC_COMPAT1 > > > -=20 > > > -- conf.CHECK_XSLTPROC_MANPAGES() > > > -+ #conf.CHECK_XSLTPROC_MANPAGES() > > > -=20 > > > - if not conf.env.disable_python: > > > - # also disable if we don't have the python libs installed > > > -diff -Nurp samba-4.1.12.orig/lib/tdb/wscript samba-4.1.12/lib/tdb/ws= cript > > > ---- samba-4.1.12.orig/lib/tdb/wscript 2013-12-05 18:16:48.000000000 = +0900 > > > -+++ samba-4.1.12/lib/tdb/wscript 2015-04-23 17:09:02.538000343 +0900 > > > -@@ -43,7 +43,7 @@ def configure(conf): > > > -=20 > > > - conf.env.disable_python =3D getattr(Options.options, 'disable_p= ython', False) > > > -=20 > > > -- conf.CHECK_XSLTPROC_MANPAGES() > > > -+ #conf.CHECK_XSLTPROC_MANPAGES() > > > -=20 > > > - if not conf.env.disable_python: > > > - # also disable if we don't have the python libs installed > > > diff --git a/meta-networking/recipes-connectivity/samba/samba-4.1.12/= 17-execute-prog-by-qemu.patch b/meta-networking/recipes-connectivity/samba/= samba-4.1.12/17-execute-prog-by-qemu.patch > > > deleted file mode 100644 > > > index 1a31e0d..0000000 > > > --- a/meta-networking/recipes-connectivity/samba/samba-4.1.12/17-exec= ute-prog-by-qemu.patch > > > +++ /dev/null > > > @@ -1,22 +0,0 @@ > > > -samba: execute prog on target directly is impossible. > > > - > > > -Signed-off-by: Bian Naimeng > > > - > > > -diff -Nurp samba-4.1.12.orig/lib/ccan/wscript samba-4.1.12/lib/ccan/= wscript > > > ---- samba-4.1.12.orig/lib/ccan/wscript 2013-06-13 18:21:02.000000000= +0900 > > > -+++ samba-4.1.12/lib/ccan/wscript 2015-04-27 14:26:25.123000238 +0900 > > > -@@ -127,10 +127,10 @@ def configure(conf): > > > - # Only check for FILE_OFFSET_BITS=3D64 if off_t is normally sma= ll: > > > - # use raw routines because wrappers include previous _GNU_SOURCE > > > - # or _FILE_OFFSET_BITS defines. > > > -- conf.check(fragment=3D"""#include > > > -- int main(void) { return !(sizeof(off_t) < 8); }""", > > > -- execute=3DTrue, msg=3D'Checking for small off_t', > > > -- define_name=3D'SMALL_OFF_T') > > > -+ conf.CHECK_CODE("""#include > > > -+ int main(void) { return !(sizeof(off_t) < 8); }""", > > > -+ link=3DTrue, execute=3DTrue, addmain=3DFalse, m= sg=3D'Checking for small off_t', > > > -+ define=3D'HAVE_SMALL_OFF_T') > > > - # Unreliable return value above, hence use define. > > > - if conf.CONFIG_SET('SMALL_OFF_T'): > > > - conf.check(fragment=3D"""#include > > > diff --git a/meta-networking/recipes-connectivity/samba/samba-4.1.12/= 18-avoid-get-config-by-native-ncurses.patch b/meta-networking/recipes-conne= ctivity/samba/samba-4.1.12/18-avoid-get-config-by-native-ncurses.patch > > > deleted file mode 100644 > > > index 83c42eb..0000000 > > > --- a/meta-networking/recipes-connectivity/samba/samba-4.1.12/18-avoi= d-get-config-by-native-ncurses.patch > > > +++ /dev/null > > > @@ -1,22 +0,0 @@ > > > -waf trys to get package's configuration by native ncurses6-config. > > > -it will make native header files and library be used. > > > - > > > -Signed-off-by: Bian Naimeng > > > - > > > ---- samba-4.1.12.orig/source3/wscript_configure_system_ncurses 2013-= 12-05 18:16:48.000000000 +0900 > > > -+++ samba-4.1.12/source3/wscript_configure_system_ncurses 2015-04-29= 16:12:22.619000250 +0900 > > > -@@ -2,14 +2,6 @@ import Logs, Options, sys > > > -=20 > > > - Logs.info("Looking for ncurses features") > > > -=20 > > > --conf.find_program('ncurses5-config', var=3D'NCURSES_CONFIG') > > > --if not conf.env.NCURSES_CONFIG: > > > -- conf.find_program('ncurses6-config', var=3D'NCURSES_CONFIG') > > > -- > > > --if conf.env.NCURSES_CONFIG: > > > -- conf.check_cfg(path=3Dconf.env.NCURSES_CONFIG, args=3D"--cflags= --libs", > > > -- package=3D"", uselib_store=3D"NCURSES") > > > -- > > > - conf.CHECK_HEADERS('ncurses.h menu.h panel.h form.h', lib=3D'ncurse= s') > > > -=20 > > > - conf.CHECK_FUNCS_IN('initscr', 'ncurses') > > > diff --git a/meta-networking/recipes-connectivity/samba/samba-4.1.12/= 19-systemd-daemon-is-contained-by-libsystemd.patch b/meta-networking/recipe= s-connectivity/samba/samba-4.1.12/19-systemd-daemon-is-contained-by-libsyst= emd.patch > > > deleted file mode 100644 > > > index 8c4e2ad..0000000 > > > --- a/meta-networking/recipes-connectivity/samba/samba-4.1.12/19-syst= emd-daemon-is-contained-by-libsystemd.patch > > > +++ /dev/null > > > @@ -1,42 +0,0 @@ > > > -systemd-daemon is contained by libsystemd, so we just need link libs= ystemd to=20 > > > -obtain the implementation of systemd-daemon's function. > > > - > > > -Signed-off-by: Bian Naimeng > > > - > > > -diff -Nurp samba-4.1.12.orig/lib/util/wscript_build samba-4.1.12/lib= /util/wscript_build > > > ---- samba-4.1.12.orig/lib/util/wscript_build 2014-09-08 18:26:14.000= 000000 +0900 > > > -+++ samba-4.1.12/lib/util/wscript_build 2015-04-29 16:16:58.30300020= 7 +0900 > > > -@@ -10,7 +10,7 @@ bld.SAMBA_LIBRARY('samba-util', > > > - server_id.c dprintf.c parmlist.c bitmap.c pidfi= le.c > > > - tevent_debug.c util_process.c memcache.c''', > > > - deps=3D'DYNCONFIG', > > > -- public_deps=3D'talloc tevent execinfo uid_wrapper= pthread LIBCRYPTO charset util_setid systemd-daemon', > > > -+ public_deps=3D'talloc tevent execinfo uid_wrapper= pthread LIBCRYPTO charset util_setid systemd', > > > - public_headers=3D'debug.h attr.h byteorder.h data= _blob.h memory.h safe_string.h time.h talloc_stack.h xfile.h dlinklist.h sa= mba_util.h string_wrappers.h', > > > - header_path=3D [ ('dlinklist.h samba_util.h', '.'= ), ('*', 'util') ], > > > - local_include=3DFalse, > > > -diff -Nurp samba-4.1.12.orig/wscript samba-4.1.12/wscript > > > ---- samba-4.1.12.orig/wscript 2014-07-28 16:13:45.000000000 +0900 > > > -+++ samba-4.1.12/wscript 2015-04-29 16:17:52.338000264 +0900 > > > -@@ -183,16 +183,16 @@ def configure(conf): > > > - conf.env['ENABLE_PIE'] =3D True > > > -=20 > > > - if Options.options.enable_systemd !=3D False: > > > -- conf.check_cfg(package=3D'libsystemd-daemon', args=3D'--cfl= ags --libs', > > > -- msg=3D'Checking for libsystemd-daemon', usel= ib_store=3D"SYSTEMD-DAEMON") > > > -- conf.CHECK_HEADERS('systemd/sd-daemon.h', lib=3D'systemd-da= emon') > > > -- conf.CHECK_LIB('systemd-daemon', shlib=3DTrue) > > > -+ conf.check_cfg(package=3D'libsystemd', args=3D'--cflags --l= ibs', > > > -+ msg=3D'Checking for libsystemd', uselib_stor= e=3D"SYSTEMD-DAEMON") > > > -+ conf.CHECK_HEADERS('systemd/sd-daemon.h', lib=3D'systemd') > > > -+ conf.CHECK_LIB('systemd', shlib=3DTrue) > > > -=20 > > > - if conf.CONFIG_SET('HAVE_SYSTEMD_SD_DAEMON_H'): > > > - conf.DEFINE('HAVE_SYSTEMD', '1') > > > - conf.env['ENABLE_SYSTEMD'] =3D True > > > - else: > > > -- conf.SET_TARGET_TYPE('systemd-daemon', 'EMPTY') > > > -+ conf.SET_TARGET_TYPE('systemd', 'EMPTY') > > > - conf.undefine('HAVE_SYSTEMD') > > > -=20 > > > - conf.SAMBA_CONFIG_H('include/config.h') > > > diff --git a/meta-networking/recipes-connectivity/samba/samba-4.1.12/= 21-avoid-sasl-unless-wanted.patch b/meta-networking/recipes-connectivity/sa= mba/samba-4.1.12/21-avoid-sasl-unless-wanted.patch > > > deleted file mode 100644 > > > index 4254e11..0000000 > > > --- a/meta-networking/recipes-connectivity/samba/samba-4.1.12/21-avoi= d-sasl-unless-wanted.patch > > > +++ /dev/null > > > @@ -1,10 +0,0 @@ > > > ---- ./source4/auth/wscript_configure.orig 2015-11-19 19:53:11.022212= 181 +0100 > > > -+++ ./source4/auth/wscript_configure 2015-11-19 19:53:17.466212205 += 0100 > > > -@@ -2,7 +2,3 @@ > > > -=20 > > > - conf.CHECK_HEADERS('security/pam_appl.h') > > > - conf.CHECK_FUNCS_IN('pam_start', 'pam', checklibc=3DTrue) > > > -- > > > --if (conf.CHECK_HEADERS('sasl/sasl.h') and > > > -- conf.CHECK_FUNCS_IN('sasl_client_init', 'sasl2')): > > > -- conf.DEFINE('HAVE_SASL', 1) > > > diff --git a/meta-networking/recipes-connectivity/samba/samba-4.1.12/= 00-fix-typos-in-man-pages.patch b/meta-networking/recipes-connectivity/samb= a/samba-4.4.2/00-fix-typos-in-man-pages.patch > > > similarity index 100% > > > rename from meta-networking/recipes-connectivity/samba/samba-4.1.12/0= 0-fix-typos-in-man-pages.patch > > > rename to meta-networking/recipes-connectivity/samba/samba-4.4.2/00-f= ix-typos-in-man-pages.patch > > > diff --git a/meta-networking/recipes-connectivity/samba/samba-4.1.12/= 0006-avoid-using-colon-in-the-checking-msg.patch b/meta-networking/recipes-= connectivity/samba/samba-4.4.2/0006-avoid-using-colon-in-the-checking-msg.p= atch > > > similarity index 100% > > > rename from meta-networking/recipes-connectivity/samba/samba-4.1.12/0= 006-avoid-using-colon-in-the-checking-msg.patch > > > rename to meta-networking/recipes-connectivity/samba/samba-4.4.2/0006= -avoid-using-colon-in-the-checking-msg.patch > > > diff --git a/meta-networking/recipes-connectivity/samba/samba-4.4.2/1= 6-do-not-check-xsltproc-manpages.patch b/meta-networking/recipes-connectivi= ty/samba/samba-4.4.2/16-do-not-check-xsltproc-manpages.patch > > > new file mode 100644 > > > index 0000000..c37cfcd > > > --- /dev/null > > > +++ b/meta-networking/recipes-connectivity/samba/samba-4.4.2/16-do-no= t-check-xsltproc-manpages.patch > > > @@ -0,0 +1,43 @@ > > > +Don't check xsltproc manpages > > > + > > > +Signed-off-by: Bian Naimeng > > > + > > > +Index: samba-4.4.2/lib/ldb/wscript > > > +=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D > > > +--- samba-4.4.2.orig/lib/ldb/wscript > > > ++++ samba-4.4.2/lib/ldb/wscript > > > +@@ -65,7 +65,7 @@ def configure(conf): > > > + conf.define('USING_SYSTEM_LDB', 1) > > > +=20 > > > + if conf.env.standalone_ldb: > > > +- conf.CHECK_XSLTPROC_MANPAGES() > > > ++ #conf.CHECK_XSLTPROC_MANPAGES() > > > +=20 > > > + # we need this for the ldap backend > > > + if conf.CHECK_FUNCS_IN('ber_flush ldap_open ldap_initialize= ', 'lber ldap', headers=3D'lber.h ldap.h'): > > > +Index: samba-4.4.2/lib/talloc/wscript > > > +=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D > > > +--- samba-4.4.2.orig/lib/talloc/wscript > > > ++++ samba-4.4.2/lib/talloc/wscript > > > +@@ -56,7 +56,7 @@ def configure(conf): > > > + if conf.env.standalone_talloc: > > > + conf.env.TALLOC_COMPAT1 =3D Options.options.TALLOC_COMPAT1 > > > +=20 > > > +- conf.CHECK_XSLTPROC_MANPAGES() > > > ++ #conf.CHECK_XSLTPROC_MANPAGES() > > > +=20 > > > + if not conf.env.disable_python: > > > + # also disable if we don't have the python libs installed > > > +Index: samba-4.4.2/lib/tdb/wscript > > > +=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D > > > +--- samba-4.4.2.orig/lib/tdb/wscript > > > ++++ samba-4.4.2/lib/tdb/wscript > > > +@@ -92,7 +92,7 @@ def configure(conf): > > > + not conf.env.disable_tdb_mutex_locking): > > > + conf.define('USE_TDB_MUTEX_LOCKING', 1) > > > +=20 > > > +- conf.CHECK_XSLTPROC_MANPAGES() > > > ++ #conf.CHECK_XSLTPROC_MANPAGES() > > > +=20 > > > + if not conf.env.disable_python: > > > + # also disable if we don't have the python libs installed > > > diff --git a/meta-networking/recipes-connectivity/samba/samba-4.1.12/= 20-do-not-import-target-module-while-cross-compile.patch b/meta-networking/= recipes-connectivity/samba/samba-4.4.2/20-do-not-import-target-module-while= -cross-compile.patch > > > old mode 100755 > > > new mode 100644 > > > similarity index 79% > > > rename from meta-networking/recipes-connectivity/samba/samba-4.1.12/2= 0-do-not-import-target-module-while-cross-compile.patch > > > rename to meta-networking/recipes-connectivity/samba/samba-4.4.2/20-d= o-not-import-target-module-while-cross-compile.patch > > > index 5c20d31..e112b3b > > > --- a/meta-networking/recipes-connectivity/samba/samba-4.1.12/20-do-n= ot-import-target-module-while-cross-compile.patch > > > +++ b/meta-networking/recipes-connectivity/samba/samba-4.4.2/20-do-no= t-import-target-module-while-cross-compile.patch > > > @@ -3,18 +3,19 @@ we just check whether does the module exist. > > > =20 > > > Signed-off-by: Bian Naimeng > > > =20 > > > ---- samba-4.1.12.orig/buildtools/wafsamba/samba_bundled.py 2013-06-1= 3 17:21:02.000000000 +0800 > > > -+++ samba-4.1.12/buildtools/wafsamba/samba_bundled.py 2015-07-16 16:= 57:06.649092158 +0800 > > > -@@ -1,7 +1,7 @@ > > > - # functions to support bundled libraries > > > +Index: samba-4.4.2/buildtools/wafsamba/samba_bundled.py > > > +=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D > > > +--- samba-4.4.2.orig/buildtools/wafsamba/samba_bundled.py > > > ++++ samba-4.4.2/buildtools/wafsamba/samba_bundled.py > > > +@@ -2,6 +2,7 @@ > > > =20 > > > + import sys > > > + import Build, Options, Logs > > > ++import imp, os > > > from Configure import conf > > > --import sys, Logs > > > -+import sys, Logs, imp > > > - from samba_utils import * > > > + from samba_utils import TO_LIST > > > =20 > > > - def PRIVATE_NAME(bld, name, private_extension, private_library): > > > -@@ -228,17 +228,32 @@ def CHECK_BUNDLED_SYSTEM_PYTHON(conf, li > > > +@@ -230,17 +231,32 @@ def CHECK_BUNDLED_SYSTEM_PYTHON(conf, li > > > # versions > > > minversion =3D minimum_library_version(conf, libname, minversio= n) > > > =20 > > > diff --git a/meta-networking/recipes-connectivity/samba/samba-4.1.12/= 21-add-config-option-without-valgrind.patch b/meta-networking/recipes-conne= ctivity/samba/samba-4.4.2/21-add-config-option-without-valgrind.patch > > > similarity index 100% > > > rename from meta-networking/recipes-connectivity/samba/samba-4.1.12/2= 1-add-config-option-without-valgrind.patch > > > rename to meta-networking/recipes-connectivity/samba/samba-4.4.2/21-a= dd-config-option-without-valgrind.patch > > > diff --git a/meta-networking/recipes-connectivity/samba/samba_4.1.12.= bb b/meta-networking/recipes-connectivity/samba/samba_4.4.2.bb > > > similarity index 82% > > > rename from meta-networking/recipes-connectivity/samba/samba_4.1.12.bb > > > rename to meta-networking/recipes-connectivity/samba/samba_4.4.2.bb > > > index ff58dae..585df9d 100644 > > > --- a/meta-networking/recipes-connectivity/samba/samba_4.1.12.bb > > > +++ b/meta-networking/recipes-connectivity/samba/samba_4.4.2.bb > > > @@ -13,38 +13,14 @@ ${SAMBA_MIRROR} http://www.mirrorservice.org/s= ites/ftp.samba.org \n \ > > > =20 > > > SRC_URI =3D "${SAMBA_MIRROR}/stable/samba-${PV}.tar.gz \ > > > file://00-fix-typos-in-man-pages.patch \ > > > - file://01-fix-force-user-sec-ads.patch \ > > > - file://02-fix-ipv6-join.patch \ > > > - file://03-net-ads-kerberos-pac.patch \ > > > - file://04-ipv6-workaround.patch \ > > > - file://05-fix-gecos-field-with-samlogon.patch \ > > > - file://06-fix-nmbd-systemd-status-update.patch \ > > > - file://07-fix-idmap-ad-getgroups-without-gid.patch \ > > > - file://08-fix-idmap-ad-sfu-with-trusted-domains.patch \ > > > - file://09-fix-smbclient-echo-cmd-segfault.patch \ > > > - file://10-improve-service-principal-guessing-in-net.patch= \ > > > - file://11-fix-overwriting-of-spns-during-net-ads-join.pat= ch \ > > > - file://12-add-precreated-spns-from-AD-during-keytab-gener= ation.patch \ > > > - file://13-fix-aes-enctype.patch \ > > > - file://14-fix-dnsupdate.patch \ > > > - file://15-fix-netbios-name-truncation.patch \ > > > file://16-do-not-check-xsltproc-manpages.patch \ > > > - file://17-execute-prog-by-qemu.patch \ > > > - file://18-avoid-get-config-by-native-ncurses.patch \ > > > - file://19-systemd-daemon-is-contained-by-libsystemd.patch= \ > > > file://20-do-not-import-target-module-while-cross-compile= =2Epatch \ > > > file://21-add-config-option-without-valgrind.patch \ > > > - file://0001-waf-sanitize-and-fix-added-cross-answer.patch= \ > > > - file://0002-Adds-a-new-mode-to-samba-cross-compiling.patc= h \ > > > - file://0003-waf-improve-readability-of-cross-answers-gene= rated-b.patch \ > > > - file://0004-build-make-wafsamba-CHECK_SIZEOF-cross-compil= e-frien.patch \ > > > - file://0005-build-unify-and-fix-endian-tests.patch \ > > > file://0006-avoid-using-colon-in-the-checking-msg.patch \ > > > - file://0007-waf-Fix-parsing-of-cross-answers-file-in-case= -answer.patch \ > > > " > > > =20 > > > -SRC_URI[md5sum] =3D "232016d7581a1ba11e991ec2674553c4" > > > -SRC_URI[sha256sum] =3D "033604674936bf5c77d7df299b0626052b84a41505a6= a6afe902f6274fc29898" > > > +SRC_URI[md5sum] =3D "03a65a3adf08ceb1636ad59d234d7f9d" > > > +SRC_URI[sha256sum] =3D "eaecd41a85ebb9507b8db9856ada2a949376e9d53cf7= 5664b5493658f6e5926a" > > > =20 > > > inherit systemd waf-samba cpan-base perlnative > > > # remove default added RDEPENDS on perl > > > @@ -59,15 +35,15 @@ PACKAGECONFIG ??=3D "${@base_contains('DISTRO_FEA= TURES', 'pam', 'pam', '', d)} \ > > > ${@bb.utils.contains('DISTRO_FEATURES', 'sysvinit= ', '${SYSVINITTYPE}', '', d)} \ > > > ${@base_contains('DISTRO_FEATURES', 'systemd', 's= ystemd', '', d)} \ > > > ${@base_contains('DISTRO_FEATURES', 'zeroconf', '= zeroconf', '', d)} \ > > > - acl aio cups ldap \ > > > + acl cups ldap \ > > > " > > > =20 > > > RDEPENDS_${PN}-base +=3D "${@bb.utils.contains('PACKAGECONFIG', 'lsb= ', 'lsb', '', d)}" > > > +RDEPENDS_${PN}-ctdb-tests +=3D "bash" > > > =20 > > > PACKAGECONFIG[acl] =3D "--with-acl-support,--without-acl-support,acl" > > > -PACKAGECONFIG[aio] =3D "--with-aio-support,--without-aio-support,lib= aio" > > > PACKAGECONFIG[fam] =3D "--with-fam,--without-fam,gamin" > > > -PACKAGECONFIG[pam] =3D "--with-pam --with-pam_smbpass --with-pammodu= lesdir=3D${base_libdir}/security,--without-pam --without-pam_smbpass,libpam" > > > +PACKAGECONFIG[pam] =3D "--with-pam --with-pammodulesdir=3D${base_lib= dir}/security,--without-pam --without-pam_smbpass,libpam" > > > PACKAGECONFIG[lsb] =3D ",,lsb" > > > PACKAGECONFIG[sysv] =3D ",,sysvinit" > > > PACKAGECONFIG[cups] =3D "--enable-cups,--disable-cups,cups" > > > @@ -78,8 +54,6 @@ PACKAGECONFIG[dmapi] =3D "--with-dmapi,--without-dm= api,dmapi" > > > PACKAGECONFIG[zeroconf] =3D "--enable-avahi,--disable-avahi,avahi" > > > PACKAGECONFIG[valgrind] =3D ",--without-valgrind,valgrind," > > > =20 > > > -SRC_URI +=3D "${@bb.utils.contains('PACKAGECONFIG', 'sasl', '', 'fil= e://21-avoid-sasl-unless-wanted.patch', d)}" > > > - > > > SAMBA4_IDMAP_MODULES=3D"idmap_ad,idmap_rid,idmap_adex,idmap_hash,idm= ap_tdb2" > > > SAMBA4_PDB_MODULES=3D"pdb_tdbsam,${@bb.utils.contains('PACKAGECONFIG= ', 'ldap', 'pdb_ldap,', '', d)}pdb_ads,pdb_smbpasswd,pdb_wbc_sam,pdb_samba4" > > > SAMBA4_AUTH_MODULES=3D"auth_unix,auth_wbc,auth_server,auth_netlogond= ,auth_script,auth_samba4" > > > @@ -87,15 +61,12 @@ SAMBA4_MODULES=3D"${SAMBA4_IDMAP_MODULES},${SAMBA= 4_PDB_MODULES},${SAMBA4_AUTH_MODU > > > =20 > > > SAMBA4_LIBS=3D"heimdal,!zlib,!popt,!talloc,!pytalloc,!pytalloc-util,= !tevent,!pytevent,!tdb,!pytdb,!ldb,!pyldb" > > > =20 > > > -PERL_VERNDORLIB=3D"${libdir}/perl5/vendor_perl/${PERLVERSION}" > > > - > > > EXTRA_OECONF +=3D "--enable-fhs \ > > > --with-piddir=3D/run \ > > > --with-sockets-dir=3D/run/samba \ > > > --with-modulesdir=3D${libdir}/samba \ > > > --with-lockdir=3D${localstatedir}/lib/samba \ > > > --with-cachedir=3D${localstatedir}/lib/samba \ > > > - --with-perl-lib-install-dir=3D${PERL_VERNDORLIB} \ > > > --disable-gnutls \ > > > --disable-rpath-install \ > > > --with-shared-modules=3D${SAMBA4_MODULES} \ > > > @@ -104,7 +75,6 @@ EXTRA_OECONF +=3D "--enable-fhs \ > > > --without-ad-dc \ > > > ${@base_conditional('TARGET_ARCH', 'x86_64', '', '-= -disable-glusterfs', d)} \ > > > --with-cluster-support \ > > > - --enable-old-ctdb \ > > > --with-profiling-data \ > > > --with-libiconv=3D${STAGING_DIR_HOST}${prefix} \ > > > " > > > @@ -113,13 +83,6 @@ DISABLE_STATIC =3D "" > > > LDFLAGS +=3D "-Wl,-z,relro,-z,now" > > > =20 > > > do_install_append() { > > > - if [ -d "${D}/run" ]; then > > > - if [ -d "${D}/run/samba" ]; then > > > - rmdir --ignore-fail-on-non-empty "${D}/run/samba" > > > - fi > > > - rmdir --ignore-fail-on-non-empty "${D}/run" > > > - fi > > > - > > > if ${@bb.utils.contains('PACKAGECONFIG', 'systemd', 'true', 'fal= se', d)}; then > > > install -d ${D}${systemd_unitdir}/system > > > for i in nmb smb winbind; do > > > @@ -127,20 +90,20 @@ do_install_append() { > > > done > > > sed -i 's,\(ExecReload=3D\).*\(/kill\),\1${base_bindir}\2,' = ${D}${systemd_unitdir}/system/*.service > > > =20 > > > - install -d ${D}${sysconfdir}/tmpfiles.d > > > + install -d ${D}${sysconfdir}/tmpfiles.d > > > install -m644 packaging/systemd/samba.conf.tmp ${D}${sysconf= dir}/tmpfiles.d/samba.conf > > > echo "d ${localstatedir}/log/samba 0755 root root -" \ > > > >> ${D}${sysconfdir}/tmpfiles.d/samba.conf > > > elif ${@bb.utils.contains('PACKAGECONFIG', 'lsb', 'true', 'false= ', d)}; then > > > - install -d ${D}${sysconfdir}/init.d > > > - install -m 0755 packaging/LSB/samba.sh ${D}${sysconfdir}/init.d > > > - update-rc.d -r ${D} samba.sh start 20 3 5 . > > > - update-rc.d -r ${D} samba.sh start 20 0 1 6 . > > > + install -d ${D}${sysconfdir}/init.d > > > + install -m 0755 packaging/LSB/samba.sh ${D}${sysconfdir}/ini= t.d > > > + update-rc.d -r ${D} samba.sh start 20 3 5 . > > > + update-rc.d -r ${D} samba.sh start 20 0 1 6 . > > > elif ${@bb.utils.contains('PACKAGECONFIG', 'sysv', 'true', 'fals= e', d)}; then > > > - install -d ${D}${sysconfdir}/init.d > > > - install -m 0755 packaging/sysv/samba.init ${D}${sysconfdir}/init.d/= samba.sh > > > - update-rc.d -r ${D} samba.sh start 20 3 5 . > > > - update-rc.d -r ${D} samba.sh start 20 0 1 6 . > > > + install -d ${D}${sysconfdir}/init.d > > > + install -m 0755 packaging/sysv/samba.init ${D}${sysconfdir}/= init.d/samba.sh > > > + update-rc.d -r ${D} samba.sh start 20 3 5 . > > > + update-rc.d -r ${D} samba.sh start 20 0 1 6 . > > > fi > > > =20 > > > install -d ${D}${sysconfdir}/samba > > > @@ -149,11 +112,13 @@ do_install_append() { > > > =20 > > > install -d ${D}${sysconfdir}/sysconfig/ > > > install -m644 packaging/systemd/samba.sysconfig ${D}${sysconfdir= }/sysconfig/samba > > > + > > > + rm -rf ${D}/run ${D}${localstatedir}/run > > > } > > > =20 > > > PACKAGES +=3D "${PN}-python ${PN}-python-dbg ${PN}-pidl libwinbind l= ibwinbind-dbg libwinbind-krb5-locator" > > > PACKAGES =3D+ "libwbclient libnss-winbind winbind winbind-dbg libnet= api libsmbsharemodes \ > > > - libsmbclient libsmbclient-dev lib${PN}-base ${PN}-base" > > > + libsmbclient libsmbclient-dev lib${PN}-base ${PN}-base = ${PN}-ctdb-tests" > > > =20 > > > RDEPENDS_${PN} +=3D "${PN}-base" > > > =20 > > > @@ -166,6 +131,12 @@ FILES_${PN}-base =3D "${sbindir}/nmbd \ > > > ${localstatedir}/spool/samba \ > > > " > > > =20 > > > +FILES_${PN}-ctdb-tests =3D "${bindir}/ctdb_run_tests \ > > > + ${libdir}/ctdb-tests \ > > > + ${datadir}/ctdb-tests \ > > > + /run/ctdb \ > > > + " > > > + > > > # figured out by > > > # FILES=3D"tmp/work/cortexa9hf-vfp-neon-poky-linux-gnueabi/samba/4.1= =2E12-r0/image/usr/sbin/smbd tmp/work/cortexa9hf-vfp-neon-poky-linux-gnueab= i/samba/4.1.12-r0/image/usr/sbin/nmbd" > > > # > > > @@ -312,16 +283,20 @@ FILES_libwinbind-dbg =3D "${base_libdir}/securi= ty/.debug/pam_winbind.so" > > > FILES_libwinbind-krb5-locator =3D "${libdir}/winbind_krb5_locator.so" > > > =20 > > > FILES_${PN}-python =3D "${libdir}/python${PYTHON_BASEVERSION}/site-p= ackages/*.so \ > > > + ${libdir}/python${PYTHON_BASEVERSION}/site-pac= kages/_ldb_text.py \ > > > ${libdir}/python${PYTHON_BASEVERSION}/site-pac= kages/samba/*.py \ > > > ${libdir}/python${PYTHON_BASEVERSION}/site-pac= kages/samba/*.so \ > > > ${libdir}/python${PYTHON_BASEVERSION}/site-pac= kages/samba/dcerpc/*.so \ > > > ${libdir}/python${PYTHON_BASEVERSION}/site-pac= kages/samba/dcerpc/*.py \ > > > ${libdir}/python${PYTHON_BASEVERSION}/site-pac= kages/samba/external/* \ > > > + ${libdir}/python${PYTHON_BASEVERSION}/site-pac= kages/samba/kcc/* \ > > > ${libdir}/python${PYTHON_BASEVERSION}/site-pac= kages/samba/netcmd/*.py \ > > > ${libdir}/python${PYTHON_BASEVERSION}/site-pac= kages/samba/provision/*.py \ > > > ${libdir}/python${PYTHON_BASEVERSION}/site-pac= kages/samba/samba3/*.py \ > > > ${libdir}/python${PYTHON_BASEVERSION}/site-pac= kages/samba/samba3/*.so \ > > > + ${libdir}/python${PYTHON_BASEVERSION}/site-pac= kages/samba/subunit/* \ > > > ${libdir}/python${PYTHON_BASEVERSION}/site-pac= kages/samba/tests/* \ > > > + ${libdir}/python${PYTHON_BASEVERSION}/site-pac= kages/samba/third_party/* \ > > > ${libdir}/python${PYTHON_BASEVERSION}/site-pac= kages/samba/web_server/* \ > > > " > > > =20 > > > @@ -332,4 +307,4 @@ FILES_${PN}-python-dbg =3D "${libdir}/python${PYT= HON_BASEVERSION}/site-packages/.d > > > " > > > =20 > > > RDEPENDS_${PN}-pidl_append =3D " perl" > > > -FILES_${PN}-pidl =3D "${bindir}/pidl ${PERL_VERNDORLIB}/*" > > > +FILES_${PN}-pidl =3D "${bindir}/pidl ${datadir}/perl5/Parse" > > > --=20 > > > 1.9.1 > > >=20 > > > --=20 > > > _______________________________________________ > > > Openembedded-devel mailing list > > > Openembedded-devel@lists.openembedded.org > > > http://lists.openembedded.org/mailman/listinfo/openembedded-devel > >=20 > > --=20 > > Martin 'JaMa' Jansa jabber: Martin.Jansa@gmail.com >=20 >=20 >=20 > --=20 > -Joe MacDonald. > :wq > --=20 > _______________________________________________ > Openembedded-devel mailing list > Openembedded-devel@lists.openembedded.org > http://lists.openembedded.org/mailman/listinfo/openembedded-devel --=20 Martin 'JaMa' Jansa jabber: Martin.Jansa@gmail.com --OBd5C1Lgu00Gd/Tn Content-Type: application/pgp-signature; name="signature.asc" Content-Description: Digital signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iEYEARECAAYFAlcXS5sACgkQN1Ujt2V2gByV/gCfdNMqZIfCUacIK8ytZ1gNqdbo N8MAn3R/1IxYrU2RTq3IJRiqhUDKuocG =ouUA -----END PGP SIGNATURE----- --OBd5C1Lgu00Gd/Tn--