[SCM] Samba Shared Repository - branch v3-2-test updated -
release-3-2-0pre2-516-gcc65489
Günther Deschner
gd at samba.org
Fri Mar 28 13:16:05 GMT 2008
The branch, v3-2-test has been updated
via cc654892c0d76dea001cd8f7bd6f50cf9e89e9c9 (commit)
via 9e7d673ac44f500863bcbd0198452adc7c5027f9 (commit)
via 2134d80c05fd7a37f44317335b40d7961c429c7b (commit)
from 40d1d64c6a2ae128eb3fce0e7f5351b0c5942f30 (commit)
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-2-test
- Log -----------------------------------------------------------------
commit cc654892c0d76dea001cd8f7bd6f50cf9e89e9c9
Author: Günther Deschner <gd at samba.org>
Date: Fri Mar 28 14:13:27 2008 +0100
Add Support for DOMAIN\DCNAME syntax in libnetjoin.
This format is used by Windows to enforce joining to a specific DC.
Guenther
commit 9e7d673ac44f500863bcbd0198452adc7c5027f9
Author: Günther Deschner <gd at samba.org>
Date: Fri Mar 28 13:53:33 2008 +0100
Let libnetjoin find the dc in wkssvc NetrJoinDomain2/UnjoinDomain2.
Guenther
commit 2134d80c05fd7a37f44317335b40d7961c429c7b
Author: Günther Deschner <gd at samba.org>
Date: Fri Mar 28 13:40:13 2008 +0100
Check for buffer in decode_wkssvc_join_password_buffer.
Guenther
-----------------------------------------------------------------------
Summary of changes:
source/libnet/libnet_join.c | 58 +++++++++++++++++++++++++++++++++++++
source/libsmb/smbencrypt.c | 11 ++++++-
source/rpc_server/srv_wkssvc_nt.c | 30 -------------------
3 files changed, 68 insertions(+), 31 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source/libnet/libnet_join.c b/source/libnet/libnet_join.c
index 6d5449f..f55d558 100644
--- a/source/libnet/libnet_join.c
+++ b/source/libnet/libnet_join.c
@@ -1314,6 +1314,48 @@ static WERROR libnet_unjoin_config(struct libnet_UnjoinCtx *r)
/****************************************************************
****************************************************************/
+static bool libnet_parse_domain_dc(TALLOC_CTX *mem_ctx,
+ const char *domain_str,
+ const char **domain_p,
+ const char **dc_p)
+{
+ char *domain = NULL;
+ char *dc = NULL;
+ const char *p = NULL;
+
+ if (!domain_str || !domain_p || !dc_p) {
+ return false;
+ }
+
+ p = strchr_m(domain_str, '\\');
+
+ if (p != NULL) {
+ domain = talloc_strndup(mem_ctx, domain_str,
+ PTR_DIFF(p, domain_str));
+ dc = talloc_strdup(mem_ctx, p+1);
+ if (!dc) {
+ return false;
+ }
+ } else {
+ domain = talloc_strdup(mem_ctx, domain_str);
+ dc = NULL;
+ }
+ if (!domain) {
+ return false;
+ }
+
+ *domain_p = domain;
+
+ if (!*dc_p && dc) {
+ *dc_p = dc;
+ }
+
+ return true;
+}
+
+/****************************************************************
+****************************************************************/
+
static WERROR libnet_join_pre_processing(TALLOC_CTX *mem_ctx,
struct libnet_JoinCtx *r)
{
@@ -1323,6 +1365,14 @@ static WERROR libnet_join_pre_processing(TALLOC_CTX *mem_ctx,
return WERR_INVALID_PARAM;
}
+ if (!libnet_parse_domain_dc(mem_ctx, r->in.domain_name,
+ &r->in.domain_name,
+ &r->in.dc_name)) {
+ libnet_join_set_error_string(mem_ctx, r,
+ "Failed to parse domain name");
+ return WERR_INVALID_PARAM;
+ }
+
if (r->in.modify_config && !lp_config_backend_is_registry()) {
libnet_join_set_error_string(mem_ctx, r,
"Configuration manipulation requested but not "
@@ -1654,6 +1704,14 @@ static WERROR libnet_unjoin_pre_processing(TALLOC_CTX *mem_ctx,
return WERR_INVALID_PARAM;
}
+ if (!libnet_parse_domain_dc(mem_ctx, r->in.domain_name,
+ &r->in.domain_name,
+ &r->in.dc_name)) {
+ libnet_unjoin_set_error_string(mem_ctx, r,
+ "Failed to parse domain name");
+ return WERR_INVALID_PARAM;
+ }
+
if (r->in.modify_config && !lp_config_backend_is_registry()) {
libnet_unjoin_set_error_string(mem_ctx, r,
"Configuration manipulation requested but not "
diff --git a/source/libsmb/smbencrypt.c b/source/libsmb/smbencrypt.c
index c547a4a..e7198b8 100644
--- a/source/libsmb/smbencrypt.c
+++ b/source/libsmb/smbencrypt.c
@@ -748,16 +748,24 @@ WERROR decode_wkssvc_join_password_buffer(TALLOC_CTX *mem_ctx,
struct MD5Context ctx;
uint32_t pwd_len;
- DATA_BLOB confounded_session_key = data_blob_talloc(mem_ctx, NULL, 16);
+ DATA_BLOB confounded_session_key;
int confounder_len = 8;
uint8_t confounder[8];
+ *pwd = NULL;
+
+ if (!pwd_buf) {
+ return WERR_BAD_PASSWORD;
+ }
+
if (session_key->length != 16) {
DEBUG(10,("invalid session key\n"));
return WERR_BAD_PASSWORD;
}
+ confounded_session_key = data_blob_talloc(mem_ctx, NULL, 16);
+
memcpy(&confounder, &pwd_buf->data[0], confounder_len);
memcpy(&buffer, &pwd_buf->data[8], 516);
@@ -769,6 +777,7 @@ WERROR decode_wkssvc_join_password_buffer(TALLOC_CTX *mem_ctx,
SamOEMhashBlob(buffer, 516, &confounded_session_key);
if (!decode_pw_buffer(mem_ctx, buffer, pwd, &pwd_len, STR_UNICODE)) {
+ data_blob_free(&confounded_session_key);
return WERR_BAD_PASSWORD;
}
diff --git a/source/rpc_server/srv_wkssvc_nt.c b/source/rpc_server/srv_wkssvc_nt.c
index 6d03009..f864aad 100644
--- a/source/rpc_server/srv_wkssvc_nt.c
+++ b/source/rpc_server/srv_wkssvc_nt.c
@@ -292,9 +292,7 @@ WERROR _wkssvc_NetrJoinDomain2(pipes_struct *p,
char *admin_domain = NULL;
char *admin_account = NULL;
WERROR werr;
- NTSTATUS status;
struct nt_user_token *token = p->pipe_user.nt_user_token;
- struct netr_DsRGetDCNameInfo *info = NULL;
if (!r->in.domain_name) {
return WERR_INVALID_PARAM;
@@ -321,24 +319,11 @@ WERROR _wkssvc_NetrJoinDomain2(pipes_struct *p,
&admin_domain,
&admin_account);
- status = dsgetdcname(p->mem_ctx,
- r->in.domain_name,
- NULL,
- NULL,
- DS_DIRECTORY_SERVICE_REQUIRED |
- DS_WRITABLE_REQUIRED |
- DS_RETURN_DNS_NAME,
- &info);
- if (!NT_STATUS_IS_OK(status)) {
- return ntstatus_to_werror(status);
- }
-
werr = libnet_init_JoinCtx(p->mem_ctx, &j);
if (!W_ERROR_IS_OK(werr)) {
return werr;
}
- j->in.dc_name = info->dc_unc;
j->in.domain_name = r->in.domain_name;
j->in.account_ou = r->in.account_ou;
j->in.join_flags = r->in.join_flags;
@@ -372,9 +357,7 @@ WERROR _wkssvc_NetrUnjoinDomain2(pipes_struct *p,
char *admin_domain = NULL;
char *admin_account = NULL;
WERROR werr;
- NTSTATUS status;
struct nt_user_token *token = p->pipe_user.nt_user_token;
- struct netr_DsRGetDCNameInfo *info = NULL;
if (!user_has_privileges(token, &se_machine_account) &&
!nt_token_check_domain_rid(token, DOMAIN_GROUP_RID_ADMINS) &&
@@ -397,24 +380,11 @@ WERROR _wkssvc_NetrUnjoinDomain2(pipes_struct *p,
&admin_domain,
&admin_account);
- status = dsgetdcname(p->mem_ctx,
- lp_realm(),
- NULL,
- NULL,
- DS_DIRECTORY_SERVICE_REQUIRED |
- DS_WRITABLE_REQUIRED |
- DS_RETURN_DNS_NAME,
- &info);
- if (!NT_STATUS_IS_OK(status)) {
- return ntstatus_to_werror(status);
- }
-
werr = libnet_init_UnjoinCtx(p->mem_ctx, &u);
if (!W_ERROR_IS_OK(werr)) {
return werr;
}
- u->in.dc_name = info->dc_unc;
u->in.domain_name = lp_realm();
u->in.unjoin_flags = r->in.unjoin_flags |
WKSSVC_JOIN_FLAGS_JOIN_TYPE;
--
Samba Shared Repository
More information about the samba-cvs
mailing list