[SCM] Samba Shared Repository - branch v3-0-test updated - release-3-0-28-101-gb2127d2

Jeremy Allison jra at samba.org
Wed Jan 23 23:25:29 GMT 2008


The branch, v3-0-test has been updated
       via  b2127d271a1396c37727a57503db8dd130482b87 (commit)
      from  00845002a60b541e290aee40626af4b5d522f553 (commit)

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-0-test


- Log -----------------------------------------------------------------
commit b2127d271a1396c37727a57503db8dd130482b87
Author: Jeremy Allison <jra at samba.org>
Date:   Wed Jan 23 15:24:57 2008 -0800

    Added :
    
    Author: Jeremy Allison <jra at samba.org>
    Date:   Wed Jan 23 15:23:16 2008 -0800
    
        Don't leak memory in error path.
        Jeremy.
    
    Author: Jeremy Allison <jra at samba.org>
    Date:   Wed Jan 23 15:00:40 2008 -0800
    
        Use strchr_m in seaching for '.' in the hostname to make sure we're mb safe.
        Jeremy.
    
    Author: Andreas Schneider <anschneider at suse.de>
    Date:   Thu Jan 17 11:35:40 2008 +0100
    
        Fix Windows 2008 (Longhorn) join.
    
        During 'net ads join' the cli->desthost is a hostname (e.g.
        rupert.galaxy.site). Check if we have a hostname and use only the
        first part, the machine name, of the string.
    
    Author: Andreas Schneider <anschneider at suse.de>
    Date:   Thu Jan 17 10:11:11 2008 +0100
    
        Windows 2008 (Longhorn) auth2 flag fixes.
    
        Interop fixes for AD specific flags. Original patch from Todd Stetcher.

-----------------------------------------------------------------------

Summary of changes:
 source/auth/auth_domain.c      |    2 +-
 source/include/rpc_dce.h       |    2 ++
 source/libsmb/cliconnect.c     |   17 ++++++++++++++++-
 source/libsmb/trusts_util.c    |    2 +-
 source/nsswitch/winbindd_cm.c  |    2 +-
 source/rpc_client/cli_pipe.c   |    4 ++--
 source/rpcclient/rpcclient.c   |    2 +-
 source/utils/net_rpc_join.c    |    2 +-
 source/utils/net_rpc_samsync.c |    2 +-
 9 files changed, 26 insertions(+), 9 deletions(-)


Changeset truncated at 500 lines:

diff --git a/source/auth/auth_domain.c b/source/auth/auth_domain.c
index 3fae8b4..115c57f 100644
--- a/source/auth/auth_domain.c
+++ b/source/auth/auth_domain.c
@@ -125,7 +125,7 @@ machine %s. Error was : %s.\n", dc_name, nt_errstr(result)));
 
 	if (!lp_client_schannel()) {
 		/* We need to set up a creds chain on an unauthenticated netlogon pipe. */
-		uint32 neg_flags = NETLOGON_NEG_AUTH2_FLAGS;
+		uint32 neg_flags = NETLOGON_NEG_SELECT_AUTH2_FLAGS;
 		uint32 sec_chan_type = 0;
 		unsigned char machine_pwd[16];
 		const char *account_name;
diff --git a/source/include/rpc_dce.h b/source/include/rpc_dce.h
index 09e5f25..8a7934c 100644
--- a/source/include/rpc_dce.h
+++ b/source/include/rpc_dce.h
@@ -112,6 +112,8 @@ enum RPC_PKT_TYPE {
 /* these are the flags that ADS clients use */
 #define NETLOGON_NEG_AUTH2_ADS_FLAGS (0x200fbffb | NETLOGON_NEG_ARCFOUR | NETLOGON_NEG_128BIT | NETLOGON_NEG_SCHANNEL)
 
+#define NETLOGON_NEG_SELECT_AUTH2_FLAGS ((lp_security() == SEC_ADS) ? NETLOGON_NEG_AUTH2_ADS_FLAGS : NETLOGON_NEG_AUTH2_FLAGS)
+
 enum schannel_direction {
 	SENDER_IS_INITIATOR,
 	SENDER_IS_ACCEPTOR
diff --git a/source/libsmb/cliconnect.c b/source/libsmb/cliconnect.c
index fb94ff8..3168dd1 100644
--- a/source/libsmb/cliconnect.c
+++ b/source/libsmb/cliconnect.c
@@ -875,13 +875,27 @@ ADS_STATUS cli_session_setup_spnego(struct cli_state *cli, const char *user,
 			!strequal(star_smbserver_name,
 				cli->desthost)) {
 			char *realm = NULL;
+			char *machine = NULL;
+			char *host = NULL;
 			DEBUG(3,("cli_session_setup_spnego: got a "
 				"bad server principal, trying to guess ...\n"));
 
+			host = strchr_m(cli->desthost, '.');
+			if (host) {
+				machine = SMB_STRNDUP(cli->desthost,
+					host - cli->desthost);
+			} else {
+				machine = SMB_STRDUP(cli->desthost);
+			}
+			if (machine == NULL) {
+				return ADS_ERROR_NT(NT_STATUS_NO_MEMORY);
+			}
+
 			realm = kerberos_get_default_realm_from_ccache();
 			if (realm && *realm) {
 				if (asprintf(&principal, "%s$@%s",
-						cli->desthost, realm) < 0) {
+						machine, realm) < 0) {
+					SAFE_FREE(machine);
 					SAFE_FREE(realm);
 					return ADS_ERROR_NT(NT_STATUS_NO_MEMORY);
 				}
@@ -889,6 +903,7 @@ ADS_STATUS cli_session_setup_spnego(struct cli_state *cli, const char *user,
 					"server principal=%s\n",
 					principal ? principal : "<null>"));
 			}
+			SAFE_FREE(machine);
 			SAFE_FREE(realm);
 		}
 
diff --git a/source/libsmb/trusts_util.c b/source/libsmb/trusts_util.c
index e406188..2580b50 100644
--- a/source/libsmb/trusts_util.c
+++ b/source/libsmb/trusts_util.c
@@ -41,7 +41,7 @@ static NTSTATUS just_change_the_password(struct rpc_pipe_client *cli, TALLOC_CTX
 	   already have valid creds. If not we must set them up. */
 
 	if (cli->auth.auth_type != PIPE_AUTH_TYPE_SCHANNEL) {
-		uint32 neg_flags = NETLOGON_NEG_AUTH2_FLAGS;
+		uint32 neg_flags = NETLOGON_NEG_SELECT_AUTH2_FLAGS;
 
 		result = rpccli_netlogon_setup_creds(cli, 
 					cli->cli->desthost, /* server name */
diff --git a/source/nsswitch/winbindd_cm.c b/source/nsswitch/winbindd_cm.c
index 3ca625e..14c3fc1 100644
--- a/source/nsswitch/winbindd_cm.c
+++ b/source/nsswitch/winbindd_cm.c
@@ -2027,7 +2027,7 @@ NTSTATUS cm_connect_netlogon(struct winbindd_domain *domain,
 	struct winbindd_cm_conn *conn;
 	NTSTATUS result;
 
-	uint32 neg_flags = NETLOGON_NEG_AUTH2_FLAGS;
+	uint32 neg_flags = NETLOGON_NEG_SELECT_AUTH2_FLAGS;
 	uint8  mach_pwd[16];
 	uint32  sec_chan_type;
 	const char *account_name;
diff --git a/source/rpc_client/cli_pipe.c b/source/rpc_client/cli_pipe.c
index baf3f8c..bfcc20b 100644
--- a/source/rpc_client/cli_pipe.c
+++ b/source/rpc_client/cli_pipe.c
@@ -2595,7 +2595,7 @@ struct rpc_pipe_client *cli_rpc_pipe_open_ntlmssp_auth_schannel(struct cli_state
 						const char *password,
 						NTSTATUS *perr)
 {
-	uint32 neg_flags = NETLOGON_NEG_AUTH2_FLAGS|NETLOGON_NEG_SCHANNEL;
+	uint32 neg_flags = NETLOGON_NEG_SELECT_AUTH2_FLAGS|NETLOGON_NEG_SCHANNEL;
 	struct rpc_pipe_client *netlogon_pipe = NULL;
 	struct rpc_pipe_client *result = NULL;
 
@@ -2629,7 +2629,7 @@ struct rpc_pipe_client *cli_rpc_pipe_open_schannel(struct cli_state *cli,
                                                 const char *domain,
 						NTSTATUS *perr)
 {
-	uint32 neg_flags = NETLOGON_NEG_AUTH2_FLAGS|NETLOGON_NEG_SCHANNEL;
+	uint32 neg_flags = NETLOGON_NEG_SELECT_AUTH2_FLAGS|NETLOGON_NEG_SCHANNEL;
 	struct rpc_pipe_client *netlogon_pipe = NULL;
 	struct rpc_pipe_client *result = NULL;
 
diff --git a/source/rpcclient/rpcclient.c b/source/rpcclient/rpcclient.c
index f671e89..0f7ff63 100644
--- a/source/rpcclient/rpcclient.c
+++ b/source/rpcclient/rpcclient.c
@@ -568,7 +568,7 @@ static NTSTATUS do_cmd(struct cli_state *cli,
 		}
 
 		if (cmd_entry->pipe_idx == PI_NETLOGON) {
-			uint32 neg_flags = NETLOGON_NEG_AUTH2_FLAGS;
+			uint32 neg_flags = NETLOGON_NEG_SELECT_AUTH2_FLAGS;
 			uint32 sec_channel_type;
 			uchar trust_password[16];
 	
diff --git a/source/utils/net_rpc_join.c b/source/utils/net_rpc_join.c
index d2c25eb..1780535 100644
--- a/source/utils/net_rpc_join.c
+++ b/source/utils/net_rpc_join.c
@@ -114,7 +114,7 @@ int net_rpc_join_newstyle(int argc, const char **argv)
 	struct cli_state *cli;
 	TALLOC_CTX *mem_ctx;
         uint32 acb_info = ACB_WSTRUST;
-	uint32 neg_flags = NETLOGON_NEG_AUTH2_FLAGS|(lp_client_schannel() ? NETLOGON_NEG_SCHANNEL : 0);
+	uint32 neg_flags = NETLOGON_NEG_SELECT_AUTH2_FLAGS|(lp_client_schannel() ? NETLOGON_NEG_SCHANNEL : 0);
 	uint32 sec_channel_type;
 	struct rpc_pipe_client *pipe_hnd = NULL;
 
diff --git a/source/utils/net_rpc_samsync.c b/source/utils/net_rpc_samsync.c
index d8ddff2..bd209de 100644
--- a/source/utils/net_rpc_samsync.c
+++ b/source/utils/net_rpc_samsync.c
@@ -238,7 +238,7 @@ NTSTATUS rpc_samdump_internals(const DOM_SID *domain_sid,
 
 	NTSTATUS nt_status = NT_STATUS_UNSUCCESSFUL;
 	uchar trust_password[16];
-	uint32 neg_flags = NETLOGON_NEG_AUTH2_FLAGS;
+	uint32 neg_flags = NETLOGON_NEG_SELECT_AUTH2_FLAGS;
 	uint32 sec_channel_type = 0;
 
 	if (!secrets_fetch_trust_account_password(domain_name,


-- 
Samba Shared Repository


More information about the samba-cvs mailing list