svn commit: samba r13659 - in branches/SAMBA_3_0_RELEASE/source:
include libads nsswitch rpc_client smbd utils
jerry at samba.org
jerry at samba.org
Thu Feb 23 16:28:34 GMT 2006
Author: jerry
Date: 2006-02-23 16:28:33 +0000 (Thu, 23 Feb 2006)
New Revision: 13659
WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=13659
Log:
Pulling in what I think are the final code changes for 3.0.21c
svn merge -r13639:13641 $SVNURL/branches/SAMBA_3_0
svn merge -r13645:13647 $SVNURL/branches/SAMBA_3_0
svn merge -r13656:13657 $SVNURL/branches/SAMBA_3_0
Modified:
branches/SAMBA_3_0_RELEASE/source/include/ads.h
branches/SAMBA_3_0_RELEASE/source/libads/ads_struct.c
branches/SAMBA_3_0_RELEASE/source/libads/ldap.c
branches/SAMBA_3_0_RELEASE/source/nsswitch/winbindd_ads.c
branches/SAMBA_3_0_RELEASE/source/rpc_client/cli_pipe.c
branches/SAMBA_3_0_RELEASE/source/smbd/negprot.c
branches/SAMBA_3_0_RELEASE/source/utils/net_rpc_join.c
Changeset:
Modified: branches/SAMBA_3_0_RELEASE/source/include/ads.h
===================================================================
--- branches/SAMBA_3_0_RELEASE/source/include/ads.h 2006-02-23 15:52:24 UTC (rev 13658)
+++ branches/SAMBA_3_0_RELEASE/source/include/ads.h 2006-02-23 16:28:33 UTC (rev 13659)
@@ -47,6 +47,7 @@
char *sfu_shell_attr;
char *sfu_uidnumber_attr;
char *sfu_gidnumber_attr;
+ char *sfu_gecos_attr;
} schema;
} ADS_STRUCT;
@@ -97,6 +98,7 @@
#define ADS_ATTR_SFU_GIDNUMBER_OID "1.2.840.113556.1.6.18.1.311"
#define ADS_ATTR_SFU_HOMEDIR_OID "1.2.840.113556.1.6.18.1.344"
#define ADS_ATTR_SFU_SHELL_OID "1.2.840.113556.1.6.18.1.312"
+#define ADS_ATTR_SFU_GECOS_OID "1.2.840.113556.1.6.18.1.337"
/* ldap bitwise searches */
#define ADS_LDAP_MATCHING_RULE_BIT_AND "1.2.840.113556.1.4.803"
Modified: branches/SAMBA_3_0_RELEASE/source/libads/ads_struct.c
===================================================================
--- branches/SAMBA_3_0_RELEASE/source/libads/ads_struct.c 2006-02-23 15:52:24 UTC (rev 13658)
+++ branches/SAMBA_3_0_RELEASE/source/libads/ads_struct.c 2006-02-23 16:28:33 UTC (rev 13659)
@@ -139,6 +139,7 @@
SAFE_FREE((*ads)->schema.sfu_gidnumber_attr);
SAFE_FREE((*ads)->schema.sfu_shell_attr);
SAFE_FREE((*ads)->schema.sfu_homedir_attr);
+ SAFE_FREE((*ads)->schema.sfu_gecos_attr);
ZERO_STRUCTP(*ads);
Modified: branches/SAMBA_3_0_RELEASE/source/libads/ldap.c
===================================================================
--- branches/SAMBA_3_0_RELEASE/source/libads/ldap.c 2006-02-23 15:52:24 UTC (rev 13658)
+++ branches/SAMBA_3_0_RELEASE/source/libads/ldap.c 2006-02-23 16:28:33 UTC (rev 13659)
@@ -2563,7 +2563,7 @@
{
BOOL ret = False;
TALLOC_CTX *ctx = NULL;
- const char *gidnumber, *uidnumber, *homedir, *shell;
+ const char *gidnumber, *uidnumber, *homedir, *shell, *gecos;
ctx = talloc_init("ads_check_sfu_mapping");
if (ctx == NULL)
@@ -2589,6 +2589,11 @@
goto done;
ads->schema.sfu_shell_attr = SMB_STRDUP(shell);
+ gecos = ads_get_attrname_by_oid(ads, ctx, ADS_ATTR_SFU_GECOS_OID);
+ if (gecos == NULL)
+ goto done;
+ ads->schema.sfu_gecos_attr = SMB_STRDUP(gecos);
+
ret = True;
done:
if (ctx)
Modified: branches/SAMBA_3_0_RELEASE/source/nsswitch/winbindd_ads.c
===================================================================
--- branches/SAMBA_3_0_RELEASE/source/nsswitch/winbindd_ads.c 2006-02-23 15:52:24 UTC (rev 13658)
+++ branches/SAMBA_3_0_RELEASE/source/nsswitch/winbindd_ads.c 2006-02-23 16:28:33 UTC (rev 13659)
@@ -151,7 +151,8 @@
"name", "objectSid", "primaryGroupID",
"sAMAccountType",
ADS_ATTR_SFU_HOMEDIR_OID,
- ADS_ATTR_SFU_SHELL_OID,
+ ADS_ATTR_SFU_SHELL_OID,
+ ADS_ATTR_SFU_GECOS_OID,
NULL};
int i, count;
ADS_STATUS rc;
@@ -191,7 +192,7 @@
i = 0;
for (msg = ads_first_entry(ads, res); msg; msg = ads_next_entry(ads, msg)) {
- char *name, *gecos;
+ char *name, *gecos = NULL;
char *homedir = NULL;
char *shell = NULL;
uint32 group;
@@ -204,11 +205,19 @@
}
name = ads_pull_username(ads, mem_ctx, msg);
- gecos = ads_pull_string(ads, mem_ctx, msg, "name");
+
if (use_nss_info("sfu")) {
- homedir = ads_pull_string(ads, mem_ctx, msg, ads->schema.sfu_homedir_attr);
- shell = ads_pull_string(ads, mem_ctx, msg, ads->schema.sfu_shell_attr);
+ homedir = ads_pull_string(ads, mem_ctx, msg,
+ ads->schema.sfu_homedir_attr);
+ shell = ads_pull_string(ads, mem_ctx, msg,
+ ads->schema.sfu_shell_attr);
+ gecos = ads_pull_string(ads, mem_ctx, msg,
+ ads->schema.sfu_gecos_attr);
}
+
+ if (gecos == NULL) {
+ gecos = ads_pull_string(ads, mem_ctx, msg, "name");
+ }
if (!ads_pull_sid(ads, msg, "objectSid",
&(*info)[i].user_sid)) {
@@ -433,7 +442,8 @@
"name",
"primaryGroupID",
ADS_ATTR_SFU_HOMEDIR_OID,
- ADS_ATTR_SFU_SHELL_OID,
+ ADS_ATTR_SFU_SHELL_OID,
+ ADS_ATTR_SFU_GECOS_OID,
NULL};
ADS_STATUS rc;
int count;
@@ -471,13 +481,25 @@
}
info->acct_name = ads_pull_username(ads, mem_ctx, msg);
- info->full_name = ads_pull_string(ads, mem_ctx, msg, "name");
if (use_nss_info("sfu")) {
+<<<<<<< .working
info->homedir = ads_pull_string(ads, mem_ctx, msg, ads->schema.sfu_homedir_attr);
info->shell = ads_pull_string(ads, mem_ctx, msg, ads->schema.sfu_shell_attr);
+=======
+ info->homedir = ads_pull_string(ads, mem_ctx, msg,
+ ads->schema.sfu_homedir_attr);
+ info->shell = ads_pull_string(ads, mem_ctx, msg,
+ ads->schema.sfu_shell_attr);
+ info->full_name = ads_pull_string(ads, mem_ctx, msg,
+ ads->schema.sfu_gecos_attr);
+>>>>>>> .merge-right.r13657
}
+ if (info->full_name == NULL) {
+ info->full_name = ads_pull_string(ads, mem_ctx, msg, "name");
+ }
+
if (!ads_pull_uint32(ads, msg, "primaryGroupID", &group_rid)) {
DEBUG(1,("No primary group for %s !?\n",
sid_string_static(sid)));
Modified: branches/SAMBA_3_0_RELEASE/source/rpc_client/cli_pipe.c
===================================================================
--- branches/SAMBA_3_0_RELEASE/source/rpc_client/cli_pipe.c 2006-02-23 15:52:24 UTC (rev 13658)
+++ branches/SAMBA_3_0_RELEASE/source/rpc_client/cli_pipe.c 2006-02-23 16:28:33 UTC (rev 13659)
@@ -2393,13 +2393,14 @@
/****************************************************************************
Open a netlogon pipe and get the schannel session key.
+ Now exposed to external callers.
****************************************************************************/
-static struct rpc_pipe_client *get_schannel_session_key(struct cli_state *cli,
+struct rpc_pipe_client *get_schannel_session_key(struct cli_state *cli,
const char *domain,
+ uint32 *pneg_flags,
NTSTATUS *perr)
{
- uint32 neg_flags = NETLOGON_NEG_AUTH2_FLAGS|NETLOGON_NEG_SCHANNEL;
struct rpc_pipe_client *netlogon_pipe = NULL;
uint32 sec_chan_type = 0;
unsigned char machine_pwd[16];
@@ -2438,7 +2439,7 @@
machine_account, /* machine account name */
machine_pwd,
sec_chan_type,
- &neg_flags);
+ pneg_flags);
if (!NT_STATUS_IS_OK(*perr)) {
DEBUG(3,("get_schannel_session_key: rpccli_netlogon_setup_creds "
@@ -2448,7 +2449,7 @@
return NULL;
}
- if ((neg_flags & NETLOGON_NEG_SCHANNEL) == 0) {
+ if (((*pneg_flags) & NETLOGON_NEG_SCHANNEL) == 0) {
DEBUG(3, ("get_schannel_session_key: Server %s did not offer schannel\n",
cli->desthost));
cli_rpc_pipe_close(netlogon_pipe);
@@ -2520,9 +2521,9 @@
const char *domain,
const char *username,
const char *password,
+ uint32 *pneg_flags,
NTSTATUS *perr)
{
- uint32 neg_flags = NETLOGON_NEG_AUTH2_FLAGS|NETLOGON_NEG_SCHANNEL;
struct rpc_pipe_client *netlogon_pipe = NULL;
uint32 sec_chan_type = 0;
unsigned char machine_pwd[16];
@@ -2564,7 +2565,7 @@
machine_account, /* machine account name */
machine_pwd,
sec_chan_type,
- &neg_flags);
+ pneg_flags);
if (!NT_STATUS_IS_OK(*perr)) {
DEBUG(3,("get_schannel_session_key_auth_ntlmssp: rpccli_netlogon_setup_creds "
@@ -2574,7 +2575,7 @@
return NULL;
}
- if ((neg_flags & NETLOGON_NEG_SCHANNEL) == 0) {
+ if (((*pneg_flags) & NETLOGON_NEG_SCHANNEL) == 0) {
DEBUG(3, ("get_schannel_session_key_auth_ntlmssp: Server %s did not offer schannel\n",
cli->desthost));
cli_rpc_pipe_close(netlogon_pipe);
@@ -2599,10 +2600,12 @@
const char *password,
NTSTATUS *perr)
{
+ uint32 neg_flags = NETLOGON_NEG_AUTH2_FLAGS|NETLOGON_NEG_SCHANNEL;
struct rpc_pipe_client *netlogon_pipe = NULL;
struct rpc_pipe_client *result = NULL;
- netlogon_pipe = get_schannel_session_key_auth_ntlmssp(cli, domain, username, password, perr);
+ netlogon_pipe = get_schannel_session_key_auth_ntlmssp(cli, domain, username,
+ password, &neg_flags, perr);
if (!netlogon_pipe) {
DEBUG(0,("cli_rpc_pipe_open_ntlmssp_auth_schannel: failed to get schannel session "
"key from server %s for domain %s.\n",
@@ -2631,10 +2634,11 @@
const char *domain,
NTSTATUS *perr)
{
+ uint32 neg_flags = NETLOGON_NEG_AUTH2_FLAGS|NETLOGON_NEG_SCHANNEL;
struct rpc_pipe_client *netlogon_pipe = NULL;
struct rpc_pipe_client *result = NULL;
- netlogon_pipe = get_schannel_session_key(cli, domain, perr);
+ netlogon_pipe = get_schannel_session_key(cli, domain, &neg_flags, perr);
if (!netlogon_pipe) {
DEBUG(0,("cli_rpc_pipe_open_schannel: failed to get schannel session "
"key from server %s for domain %s.\n",
Modified: branches/SAMBA_3_0_RELEASE/source/smbd/negprot.c
===================================================================
--- branches/SAMBA_3_0_RELEASE/source/smbd/negprot.c 2006-02-23 15:52:24 UTC (rev 13658)
+++ branches/SAMBA_3_0_RELEASE/source/smbd/negprot.c 2006-02-23 16:28:33 UTC (rev 13659)
@@ -178,6 +178,7 @@
OID_KERBEROS5_OLD,
OID_NTLMSSP,
NULL};
+ const char *OIDs_plain[] = {OID_NTLMSSP, NULL};
int len;
global_spnego_negotiated = True;
@@ -212,9 +213,13 @@
*/
if (lp_security() != SEC_ADS && !lp_use_kerberos_keytab()) {
- memcpy(p, guid, 16);
- *pkeylen = 0;
- return 16;
+#if 0
+ /* Code for PocketPC client */
+ blob = data_blob(guid, 16);
+#else
+ /* Code for standalone WXP client */
+ blob = spnego_gen_negTokenInit(guid, OIDs_plain, "NONE");
+#endif
} else {
fstring myname;
char *host_princ_s = NULL;
@@ -224,14 +229,20 @@
blob = spnego_gen_negTokenInit(guid, OIDs_krb5, host_princ_s);
SAFE_FREE(host_princ_s);
}
+
memcpy(p, blob.data, blob.length);
len = blob.length;
if (len > 256) {
DEBUG(0,("negprot_spnego: blob length too long (%d)\n", len));
len = 255;
}
- *pkeylen = len;
data_blob_free(&blob);
+
+ if (lp_security() != SEC_ADS && !lp_use_kerberos_keytab()) {
+ *pkeylen = 0;
+ } else {
+ *pkeylen = len;
+ }
return len;
}
Modified: branches/SAMBA_3_0_RELEASE/source/utils/net_rpc_join.c
===================================================================
--- branches/SAMBA_3_0_RELEASE/source/utils/net_rpc_join.c 2006-02-23 15:52:24 UTC (rev 13658)
+++ branches/SAMBA_3_0_RELEASE/source/utils/net_rpc_join.c 2006-02-23 16:28:33 UTC (rev 13659)
@@ -43,31 +43,57 @@
**/
static int net_rpc_join_ok(const char *domain)
{
+ uint32 neg_flags = NETLOGON_NEG_AUTH2_FLAGS|NETLOGON_NEG_SCHANNEL;
struct cli_state *cli = NULL;
struct rpc_pipe_client *pipe_hnd = NULL;
- int retval = 1;
- NTSTATUS ret;
+ struct rpc_pipe_client *netlogon_pipe = NULL;
+ NTSTATUS ntret = NT_STATUS_UNSUCCESSFUL;
/* Connect to remote machine */
if (!(cli = net_make_ipc_connection(NET_FLAGS_ANONYMOUS | NET_FLAGS_PDC))) {
- return 1;
+ return -1;
}
- pipe_hnd = cli_rpc_pipe_open_schannel(cli, PI_NETLOGON,
- PIPE_AUTH_LEVEL_PRIVACY,
- domain, &ret);
+ /* Setup the creds as though we're going to do schannel... */
+ netlogon_pipe = get_schannel_session_key(cli, domain, &neg_flags, &ntret);
+ /* We return NT_STATUS_INVALID_NETWORK_RESPONSE if the server is refusing
+ to negotiate schannel, but the creds were set up ok. That'll have to do. */
+
+ if (!netlogon_pipe) {
+ if (NT_STATUS_EQUAL(ntret, NT_STATUS_INVALID_NETWORK_RESPONSE)) {
+ cli_shutdown(cli);
+ return 0;
+ } else {
+ DEBUG(0,("net_rpc_join_ok: failed to get schannel session "
+ "key from server %s for domain %s. Error was %s\n",
+ cli->desthost, domain, nt_errstr(ntret) ));
+ cli_shutdown(cli);
+ return -1;
+ }
+ }
+
+ /* Only do the rest of the schannel test if the client is allowed to do this. */
+ if (!lp_client_schannel()) {
+ cli_shutdown(cli);
+ /* We're good... */
+ return 0;
+ }
+
+ pipe_hnd = cli_rpc_pipe_open_schannel_with_key(cli, PI_NETLOGON,
+ PIPE_AUTH_LEVEL_PRIVACY,
+ domain, netlogon_pipe->dc, &ntret);
+
if (!pipe_hnd) {
- DEBUG(0,("Error connecting to NETLOGON pipe. Error was %s\n", nt_errstr(ret) ));
- goto done;
+ DEBUG(0,("net_rpc_join_ok: failed to open schannel session "
+ "on netlogon pipe to server %s for domain %s. Error was %s\n",
+ cli->desthost, domain, nt_errstr(ntret) ));
+ cli_shutdown(cli);
+ return -1;
}
- retval = 0; /* Success! */
-
-done:
-
cli_shutdown(cli);
- return retval;
+ return 0;
}
/**
More information about the samba-cvs
mailing list