[SCM] Samba Shared Repository - branch v4-0-test updated -
release-4-0-0alpha3-1610-g69bac90
Andrew Bartlett
abartlet at samba.org
Mon May 19 22:28:01 GMT 2008
The branch, v4-0-test has been updated
via 69bac908bec3216d2f17042aa05ab8d4b55b0918 (commit)
via cf60a9b34ec2419b2bc03a37190cb17ad4cf3d5f (commit)
via 6a1c76f29f78183f44dfac6f468c5e728d2cb2cf (commit)
via a8ec36eba79f96940f314520f97d23181bc9cfc5 (commit)
via 60579269d1e0bebce5b595ef95d68fd4bf781cfd (commit)
via 8f99a4b94e95f8bde0f80f92d4e57020c62cfaab (commit)
via ca1b3fe3add06dc22361d5a5fe7e63a6abb1697c (commit)
via 89fdd77891529aa74bb920994b8b5959aae8ac2d (commit)
via a7983387f7a624f6bf5c2fbfa41f849ac4471147 (commit)
via 7ed4ba8d1a2ced013feafc1f0ca95595ac66bcbc (commit)
via 8b00a9429470c9ad3646255c340e6a963bd226bd (commit)
via 25ab0ad0a0216ef18e0aaeec27c7833d8c68ca30 (commit)
via d2d3d15a8edd58cda7543feebdeb52178400615b (commit)
via 431d0c03965cbee85691cd0dc1e2a509c1a2b717 (commit)
via 618400fe7d1f469150b82e0aebc89b2104de116f (commit)
via 97427731a520283fdd3c8e582ac1f8be7699013e (commit)
via 61c31dc7cf649bc6f2d14bc8637e50ead9b9210a (commit)
via 2db0e86fb4abc27eed2d35e1d41122bc89a2c5fe (commit)
via c21dd40bc73acafe6bd28cfd0de60f2a4b03853a (commit)
via 5f36a605a9accfba1125bbae0e79bb14b936173c (commit)
from 205699ed663a3c6d27695dee25bf26978615b475 (commit)
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v4-0-test
- Log -----------------------------------------------------------------
commit 69bac908bec3216d2f17042aa05ab8d4b55b0918
Merge: cf60a9b34ec2419b2bc03a37190cb17ad4cf3d5f 205699ed663a3c6d27695dee25bf26978615b475
Author: Andrew Bartlett <abartlet at samba.org>
Date: Tue May 20 08:27:08 2008 +1000
Merge branch 'v4-0-test' of ssh://git.samba.org/data/git/samba into 4-0-local
commit cf60a9b34ec2419b2bc03a37190cb17ad4cf3d5f
Author: Andrew Bartlett <abartlet at samba.org>
Date: Tue May 20 08:06:50 2008 +1000
Don't regenerate pam_errors.h any more.
Due to the new rules on prototypes, it must be a static header file.
Andrew Bartlett
commit 6a1c76f29f78183f44dfac6f468c5e728d2cb2cf
Merge: a8ec36eba79f96940f314520f97d23181bc9cfc5 49b04ca7aadf264e500d83bc8d3cb5173a86184e
Author: Andrew Bartlett <abartlet at samba.org>
Date: Tue May 20 08:03:35 2008 +1000
Merge branch 'v4-0-test' of ssh://git.samba.org/data/git/samba into 4-0-local
Fix config.mk due to changing syntax.
Conflicts:
source/libcli/config.mk
source/nbt_server/config.mk
commit a8ec36eba79f96940f314520f97d23181bc9cfc5
Author: Andrew Bartlett <abartlet at samba.org>
Date: Sat May 17 21:30:36 2008 +1000
Ensure we don't send a reply if we couldn't push the CLDAP blob
Andrew Bartlett
commit 60579269d1e0bebce5b595ef95d68fd4bf781cfd
Merge: 8f99a4b94e95f8bde0f80f92d4e57020c62cfaab 91e9062265a68e3a1fe5e092503ec44ae5ea034e
Author: Andrew Bartlett <abartlet at samba.org>
Date: Sat May 17 21:16:22 2008 +1000
Merge branch 'v4-0-test' of ssh://git.samba.org/data/git/samba into 4-0-local
commit 8f99a4b94e95f8bde0f80f92d4e57020c62cfaab
Author: Andrew Bartlett <abartlet at samba.org>
Date: Sat May 17 20:53:29 2008 +1000
Handle netbios domains in the CLDAP server too.
This commit also fixes a number of issues found by the NBT-DGRAM and
LDAP-CLDAP tests.
Andrew Bartlett
commit ca1b3fe3add06dc22361d5a5fe7e63a6abb1697c
Author: Andrew Bartlett <abartlet at samba.org>
Date: Sat May 17 20:52:23 2008 +1000
Modify the LDAP-CLDAP test for better coverage.
This fixes up some compiled in constants and checks a couple more NT
versions.
Andrew Bartlett
commit 89fdd77891529aa74bb920994b8b5959aae8ac2d
Author: Andrew Bartlett <abartlet at samba.org>
Date: Sat May 17 13:24:29 2008 +1000
Show that the NTLOGON and NETLOGON mailslots are *very* similar.
Rework the mailslot infrustructure to cope, passing down the mailslot
name so that we can implement both in the same callback function.
Andrew Bartlett
commit a7983387f7a624f6bf5c2fbfa41f849ac4471147
Author: Andrew Bartlett <abartlet at samba.org>
Date: Sat May 17 12:44:35 2008 +1000
Explain that the sid must be absent on the NTLOGON mailslot.
Andrew Bartlett
commit 7ed4ba8d1a2ced013feafc1f0ca95595ac66bcbc
Author: Andrew Bartlett <abartlet at samba.org>
Date: Sat May 17 12:43:42 2008 +1000
Make the IRPC GetDC request use SAM_LOGON packets.
This also moves the request to the new netlogon structures.
Andrew Bartlett
commit 8b00a9429470c9ad3646255c340e6a963bd226bd
Author: Andrew Bartlett <abartlet at samba.org>
Date: Sat May 17 12:41:42 2008 +1000
Convert the CLDAP server to use the new netlogon structures.
This also makes the CLDAP server the place where we create the
NETLOGON SAMLOGON replies, regardless of protocol (NBT mailslots or
CLDAP).
Andrew Bartlett
commit 25ab0ad0a0216ef18e0aaeec27c7833d8c68ca30
Author: Andrew Bartlett <abartlet at samba.org>
Date: Sat May 17 12:39:38 2008 +1000
Test the use of the domain SID on the NETLOGON mailslot
Interestingly, despite these packets being very similar, this fails on
NTLOGON - no reply is received.
Andrew Bartlett
commit d2d3d15a8edd58cda7543feebdeb52178400615b
Author: Andrew Bartlett <abartlet at samba.org>
Date: Sat May 17 12:38:58 2008 +1000
Put back the old netlogn parsing code - for the request only
This gives us seperate parsing functions for requests and replies.
Andrew Bartlett
commit 431d0c03965cbee85691cd0dc1e2a509c1a2b717
Author: Andrew Bartlett <abartlet at samba.org>
Date: Fri May 16 13:03:01 2008 +1000
Rework the CLDAP and NBT netlogon requests and responses.
This now matches section 7.3.3 of the MS-ATDS specification, and all
our current tests pass against windows. There is still more testing
to do, and the server implementation to complete.
Andrew Bartlett
commit 618400fe7d1f469150b82e0aebc89b2104de116f
Merge: 97427731a520283fdd3c8e582ac1f8be7699013e 0c09d28acf42400d26cc27675e37226060de26d3
Author: Andrew Bartlett <abartlet at samba.org>
Date: Thu May 15 08:08:43 2008 +1000
Merge branch 'v4-0-test' of ssh://git.samba.org/data/git/samba into 4-0-local
commit 97427731a520283fdd3c8e582ac1f8be7699013e
Author: Andrew Bartlett <abartlet at samba.org>
Date: Mon May 12 09:46:50 2008 +1000
Remove JavaScript provision-backend script
The library it relied on has already been removed.
Andrew Bartlett
commit 61c31dc7cf649bc6f2d14bc8637e50ead9b9210a
Merge: 2db0e86fb4abc27eed2d35e1d41122bc89a2c5fe 2e8766145ad2e8c666ecdc6c39e97ba302b16e04
Author: Andrew Bartlett <abartlet at samba.org>
Date: Mon May 12 09:44:27 2008 +1000
Merge branch 'v4-0-test' of ssh://git.samba.org/data/git/samba into 4-0-local
commit 2db0e86fb4abc27eed2d35e1d41122bc89a2c5fe
Merge: c21dd40bc73acafe6bd28cfd0de60f2a4b03853a bd089818a3182698dfe85039c1b2e22d8c2835bb
Author: Andrew Bartlett <abartlet at samba.org>
Date: Fri May 9 10:47:23 2008 +1000
Merge branch 'v4-0-test' of ssh://git.samba.org/data/git/samba into 4-0-local
commit c21dd40bc73acafe6bd28cfd0de60f2a4b03853a
Merge: 5f36a605a9accfba1125bbae0e79bb14b936173c 334d76c3559870bd9dc9ef55c9b1a7ce21ee9d4c
Author: Andrew Bartlett <abartlet at samba.org>
Date: Wed May 7 08:12:16 2008 +1000
Merge branch 'v4-0-test' of ssh://git.samba.org/data/git/samba into 4-0-local
commit 5f36a605a9accfba1125bbae0e79bb14b936173c
Author: Andrew Bartlett <abartlet at samba.org>
Date: Tue May 6 11:02:40 2008 +1000
Cope with an empty mapping file in ad2oLschema
-----------------------------------------------------------------------
Summary of changes:
.gitignore | 1 -
source/auth/ntlm/config.mk | 2 -
source/auth/ntlm/pam_errors.h | 32 +++--
source/cldap_server/netlogon.c | 249 +++++++++++++++++-----------
source/lib/ldb/tools/ad2oLschema.c | 4 +-
source/libcli/cldap/cldap.c | 35 ++---
source/libcli/cldap/cldap.h | 7 +-
source/libcli/config.mk | 14 ++-
source/libcli/dgram/dgramsocket.c | 2 +-
source/libcli/dgram/libdgram.h | 35 ++---
source/libcli/dgram/netlogon.c | 45 ++++--
source/libcli/dgram/ntlogon.c | 128 --------------
source/libnet/libnet_become_dc.c | 24 ++--
source/libnet/libnet_site.c | 7 +-
source/libnet/libnet_unbecome_dc.c | 21 ++-
source/librpc/config.mk | 2 +-
source/librpc/idl/nbt.idl | 326 +++++++++++++++---------------------
source/nbt_server/config.mk | 2 +-
source/nbt_server/dgram/browse.c | 1 +
source/nbt_server/dgram/netlogon.c | 153 ++++++-----------
source/nbt_server/dgram/request.c | 4 +-
source/nbt_server/irpc.c | 82 ++++-----
source/setup/provision-backend.js | 188 ---------------------
source/torture/ldap/cldap.c | 75 +++++----
source/torture/nbt/dgram.c | 146 +++++++++++-----
source/torture/rpc/dssync.c | 7 +-
26 files changed, 656 insertions(+), 936 deletions(-)
delete mode 100644 source/libcli/dgram/ntlogon.c
delete mode 100644 source/setup/provision-backend.js
Changeset truncated at 500 lines:
diff --git a/.gitignore b/.gitignore
index 1ad2e25..5ed4eed 100644
--- a/.gitignore
+++ b/.gitignore
@@ -22,7 +22,6 @@ source/heimdal/lib/des/hcrypto
source/build/smb_build/config.pm
source/auth/auth_proto.h
source/auth/auth_sam.h
-source/auth/pam_errors.h
source/auth/credentials/credentials_proto.h
source/auth/gensec/gensec_proto.h
source/auth/gensec/schannel_proto.h
diff --git a/source/auth/ntlm/config.mk b/source/auth/ntlm/config.mk
index d812816..f31c2b7 100644
--- a/source/auth/ntlm/config.mk
+++ b/source/auth/ntlm/config.mk
@@ -70,8 +70,6 @@ auth_unix_OBJ_FILES = $(addprefix $(authsrcdir)/ntlm/, auth_unix.o)
[SUBSYSTEM::PAM_ERRORS]
-$(eval $(call proto_header_template,$(authsrcdir)/ntlm/pam_errors.h,$(auth_unix_OBJ_FILES:.o=.c)))
-
#VERSION = 0.0.1
#SO_VERSION = 0
PAM_ERRORS_OBJ_FILES = $(addprefix $(authsrcdir)/ntlm/, pam_errors.o)
diff --git a/source/auth/ntlm/pam_errors.h b/source/auth/ntlm/pam_errors.h
index 904950c..959e1f3 100644
--- a/source/auth/ntlm/pam_errors.h
+++ b/source/auth/ntlm/pam_errors.h
@@ -1,16 +1,26 @@
+/*
+ * Unix SMB/CIFS implementation.
+ * PAM error mapping functions
+ * Copyright (C) Andrew Bartlett 2002
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
#ifndef __AUTH_NTLM_PAM_ERRORS_H__
#define __AUTH_NTLM_PAM_ERRORS_H__
-#undef _PRINTF_ATTRIBUTE
-#define _PRINTF_ATTRIBUTE(a1, a2) PRINTF_ATTRIBUTE(a1, a2)
-/* This file was automatically generated by mkproto.pl. DO NOT EDIT */
-
-/* this file contains prototypes for functions that are private
- * to this subsystem or library. These functions should not be
- * used outside this particular subsystem! */
-
-
-/* The following definitions come from auth/ntlm/pam_errors.c */
+/* The following definitions come from auth/pam_errors.c */
/*****************************************************************************
@@ -32,8 +42,6 @@ NTSTATUS pam_to_nt_status(int pam_error);
convert an NT status32 code to a PAM error
*****************************************************************************/
int nt_status_to_pam(NTSTATUS nt_status);
-#undef _PRINTF_ATTRIBUTE
-#define _PRINTF_ATTRIBUTE(a1, a2)
#endif /* __AUTH_NTLM_PAM_ERRORS_H__ */
diff --git a/source/cldap_server/netlogon.c b/source/cldap_server/netlogon.c
index a524a6f..b2a034d 100644
--- a/source/cldap_server/netlogon.c
+++ b/source/cldap_server/netlogon.c
@@ -4,6 +4,7 @@
CLDAP server - netlogon handling
Copyright (C) Andrew Tridgell 2005
+ Copyright (C) Andrew Bartlett <abartlet at samba.org> 2008
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
@@ -28,25 +29,27 @@
#include "cldap_server/cldap_server.h"
#include "librpc/gen_ndr/ndr_misc.h"
#include "libcli/ldap/ldap_ndr.h"
+#include "libcli/security/security.h"
#include "dsdb/samdb/samdb.h"
#include "auth/auth.h"
#include "ldb_wrap.h"
#include "system/network.h"
#include "lib/socket/netif.h"
#include "param/param.h"
-
/*
fill in the cldap netlogon union for a given version
*/
-static NTSTATUS cldapd_netlogon_fill(struct cldapd_server *cldapd,
- TALLOC_CTX *mem_ctx,
- const char *domain,
- const char *domain_guid,
- const char *user,
- const char *src_address,
- uint32_t version,
- struct loadparm_context *lp_ctx,
- union nbt_cldap_netlogon *netlogon)
+NTSTATUS fill_netlogon_samlogon_response(struct ldb_context *sam_ctx,
+ TALLOC_CTX *mem_ctx,
+ const char *domain,
+ const char *netbios_domain,
+ struct dom_sid *domain_sid,
+ const char *domain_guid,
+ const char *user,
+ const char *src_address,
+ uint32_t version,
+ struct loadparm_context *lp_ctx,
+ struct netlogon_samlogon_response *netlogon)
{
const char *ref_attrs[] = {"nETBIOSName", "dnsRoot", "ncName", NULL};
const char *dom_attrs[] = {"objectGUID", NULL};
@@ -66,7 +69,7 @@ static NTSTATUS cldapd_netlogon_fill(struct cldapd_server *cldapd,
struct ldb_dn *partitions_basedn;
struct interface *ifaces;
- partitions_basedn = samdb_partitions_dn(cldapd->samctx, mem_ctx);
+ partitions_basedn = samdb_partitions_dn(sam_ctx, mem_ctx);
/* the domain has an optional trailing . */
if (domain && domain[strlen(domain)-1] == '.') {
@@ -77,7 +80,7 @@ static NTSTATUS cldapd_netlogon_fill(struct cldapd_server *cldapd,
struct ldb_dn *dom_dn;
/* try and find the domain */
- ret = ldb_search_exp_fmt(cldapd->samctx, mem_ctx, &ref_res,
+ ret = ldb_search_exp_fmt(sam_ctx, mem_ctx, &ref_res,
partitions_basedn, LDB_SCOPE_ONELEVEL,
ref_attrs,
"(&(&(objectClass=crossRef)(dnsRoot=%s))(nETBIOSName=*))",
@@ -86,19 +89,19 @@ static NTSTATUS cldapd_netlogon_fill(struct cldapd_server *cldapd,
if (ret != LDB_SUCCESS) {
DEBUG(2,("Unable to find referece to '%s' in sam: %s\n",
domain,
- ldb_errstring(cldapd->samctx)));
+ ldb_errstring(sam_ctx)));
return NT_STATUS_NO_SUCH_DOMAIN;
} else if (ref_res->count == 1) {
talloc_steal(mem_ctx, dom_res);
- dom_dn = ldb_msg_find_attr_as_dn(cldapd->samctx, mem_ctx, ref_res->msgs[0], "ncName");
+ dom_dn = ldb_msg_find_attr_as_dn(sam_ctx, mem_ctx, ref_res->msgs[0], "ncName");
if (!dom_dn) {
return NT_STATUS_NO_SUCH_DOMAIN;
}
- ret = ldb_search(cldapd->samctx, dom_dn,
+ ret = ldb_search(sam_ctx, dom_dn,
LDB_SCOPE_BASE, "objectClass=domain",
dom_attrs, &dom_res);
if (ret != LDB_SUCCESS) {
- DEBUG(2,("Error finding domain '%s'/'%s' in sam: %s\n", domain, ldb_dn_get_linearized(dom_dn), ldb_errstring(cldapd->samctx)));
+ DEBUG(2,("Error finding domain '%s'/'%s' in sam: %s\n", domain, ldb_dn_get_linearized(dom_dn), ldb_errstring(sam_ctx)));
return NT_STATUS_NO_SUCH_DOMAIN;
}
talloc_steal(mem_ctx, dom_res);
@@ -112,23 +115,70 @@ static NTSTATUS cldapd_netlogon_fill(struct cldapd_server *cldapd,
}
}
- if ((dom_res == NULL || dom_res->count == 0) && domain_guid) {
+ if (netbios_domain) {
+ struct ldb_dn *dom_dn;
+ /* try and find the domain */
+
+ ret = ldb_search_exp_fmt(sam_ctx, mem_ctx, &ref_res,
+ partitions_basedn, LDB_SCOPE_ONELEVEL,
+ ref_attrs,
+ "(&(objectClass=crossRef)(ncName=*)(nETBIOSName=%s))",
+ netbios_domain);
+
+ if (ret != LDB_SUCCESS) {
+ DEBUG(2,("Unable to find referece to '%s' in sam: %s\n",
+ netbios_domain,
+ ldb_errstring(sam_ctx)));
+ return NT_STATUS_NO_SUCH_DOMAIN;
+ } else if (ref_res->count == 1) {
+ talloc_steal(mem_ctx, dom_res);
+ dom_dn = ldb_msg_find_attr_as_dn(sam_ctx, mem_ctx, ref_res->msgs[0], "ncName");
+ if (!dom_dn) {
+ return NT_STATUS_NO_SUCH_DOMAIN;
+ }
+ ret = ldb_search(sam_ctx, dom_dn,
+ LDB_SCOPE_BASE, "objectClass=domain",
+ dom_attrs, &dom_res);
+ if (ret != LDB_SUCCESS) {
+ DEBUG(2,("Error finding domain '%s'/'%s' in sam: %s\n", domain, ldb_dn_get_linearized(dom_dn), ldb_errstring(sam_ctx)));
+ return NT_STATUS_NO_SUCH_DOMAIN;
+ }
+ talloc_steal(mem_ctx, dom_res);
+ if (dom_res->count != 1) {
+ DEBUG(2,("Error finding domain '%s'/'%s' in sam\n", domain, ldb_dn_get_linearized(dom_dn)));
+ return NT_STATUS_NO_SUCH_DOMAIN;
+ }
+ } else if (ref_res->count > 1) {
+ talloc_free(ref_res);
+ return NT_STATUS_NO_SUCH_DOMAIN;
+ }
+ }
+
+ if ((dom_res == NULL || dom_res->count == 0) && (domain_guid || domain_sid)) {
ref_res = NULL;
- ret = ldb_search_exp_fmt(cldapd->samctx, mem_ctx, &dom_res,
- NULL, LDB_SCOPE_SUBTREE,
- dom_attrs,
- "(&(objectClass=domainDNS)(objectGUID=%s))",
- domain_guid);
+ if (domain_guid) {
+ ret = ldb_search_exp_fmt(sam_ctx, mem_ctx, &dom_res,
+ NULL, LDB_SCOPE_SUBTREE,
+ dom_attrs,
+ "(&(objectClass=domainDNS)(objectGUID=%s))",
+ domain_guid);
+ } else { /* domain_sid case */
+ ret = ldb_search_exp_fmt(sam_ctx, mem_ctx, &dom_res,
+ NULL, LDB_SCOPE_SUBTREE,
+ dom_attrs,
+ "(&(objectClass=domainDNS)(objectSID=%s))",
+ dom_sid_string(mem_ctx, domain_sid));
+ }
if (ret != LDB_SUCCESS) {
- DEBUG(2,("Unable to find referece to GUID '%s' in sam: %s\n",
- domain_guid,
- ldb_errstring(cldapd->samctx)));
+ DEBUG(2,("Unable to find referece to GUID '%s' or SID %s in sam: %s\n",
+ domain_guid, dom_sid_string(mem_ctx, domain_sid),
+ ldb_errstring(sam_ctx)));
return NT_STATUS_NO_SUCH_DOMAIN;
} else if (dom_res->count == 1) {
/* try and find the domain */
- ret = ldb_search_exp_fmt(cldapd->samctx, mem_ctx, &ref_res,
+ ret = ldb_search_exp_fmt(sam_ctx, mem_ctx, &ref_res,
partitions_basedn, LDB_SCOPE_ONELEVEL,
ref_attrs,
"(&(objectClass=crossRef)(ncName=%s))",
@@ -137,7 +187,7 @@ static NTSTATUS cldapd_netlogon_fill(struct cldapd_server *cldapd,
if (ret != LDB_SUCCESS) {
DEBUG(2,("Unable to find referece to '%s' in sam: %s\n",
ldb_dn_get_linearized(dom_res->msgs[0]->dn),
- ldb_errstring(cldapd->samctx)));
+ ldb_errstring(sam_ctx)));
return NT_STATUS_NO_SUCH_DOMAIN;
} else if (ref_res->count != 1) {
@@ -166,11 +216,11 @@ static NTSTATUS cldapd_netlogon_fill(struct cldapd_server *cldapd,
NBT_SERVER_CLOSEST | NBT_SERVER_WRITABLE |
NBT_SERVER_GOOD_TIMESERV;
- if (samdb_is_pdc(cldapd->samctx)) {
+ if (samdb_is_pdc(sam_ctx)) {
server_type |= NBT_SERVER_PDC;
}
- if (samdb_is_gc(cldapd->samctx)) {
+ if (samdb_is_gc(sam_ctx)) {
server_type |= NBT_SERVER_GC;
}
@@ -200,68 +250,77 @@ static NTSTATUS cldapd_netlogon_fill(struct cldapd_server *cldapd,
ZERO_STRUCTP(netlogon);
- switch (version & 0xF) {
- case 0:
- case 1:
- netlogon->logon1.type = (user?19+2:19);
- netlogon->logon1.pdc_name = pdc_name;
- netlogon->logon1.user_name = user;
- netlogon->logon1.domain_name = flatname;
- netlogon->logon1.nt_version = 1;
- netlogon->logon1.lmnt_token = 0xFFFF;
- netlogon->logon1.lm20_token = 0xFFFF;
- break;
- case 2:
- case 3:
- netlogon->logon3.type = (user?19+2:19);
- netlogon->logon3.pdc_name = pdc_name;
- netlogon->logon3.user_name = user;
- netlogon->logon3.domain_name = flatname;
- netlogon->logon3.domain_uuid = domain_uuid;
- netlogon->logon3.forest = realm;
- netlogon->logon3.dns_domain = dns_domain;
- netlogon->logon3.pdc_dns_name = pdc_dns_name;
- netlogon->logon3.pdc_ip = pdc_ip;
- netlogon->logon3.server_type = server_type;
- netlogon->logon3.lmnt_token = 0xFFFF;
- netlogon->logon3.lm20_token = 0xFFFF;
- break;
- case 4:
- case 5:
- case 6:
- case 7:
- netlogon->logon5.type = (user?NETLOGON_RESPONSE_FROM_PDC_USER:NETLOGON_RESPONSE_FROM_PDC2);
- netlogon->logon5.server_type = server_type;
- netlogon->logon5.domain_uuid = domain_uuid;
- netlogon->logon5.forest = realm;
- netlogon->logon5.dns_domain = dns_domain;
- netlogon->logon5.pdc_dns_name = pdc_dns_name;
- netlogon->logon5.domain = flatname;
- netlogon->logon5.pdc_name = lp_netbios_name(lp_ctx);
- netlogon->logon5.user_name = user;
- netlogon->logon5.server_site = server_site;
- netlogon->logon5.client_site = client_site;
- netlogon->logon5.lmnt_token = 0xFFFF;
- netlogon->logon5.lm20_token = 0xFFFF;
- break;
- default:
- netlogon->logon13.type = (user?NETLOGON_RESPONSE_FROM_PDC_USER:NETLOGON_RESPONSE_FROM_PDC2);
- netlogon->logon13.server_type = server_type;
- netlogon->logon13.domain_uuid = domain_uuid;
- netlogon->logon13.forest = realm;
- netlogon->logon13.dns_domain = dns_domain;
- netlogon->logon13.pdc_dns_name = pdc_dns_name;
- netlogon->logon13.domain = flatname;
- netlogon->logon13.pdc_name = lp_netbios_name(lp_ctx);
- netlogon->logon13.user_name = user;
- netlogon->logon13.server_site = server_site;
- netlogon->logon13.client_site = client_site;
- netlogon->logon13.unknown = 10;
- netlogon->logon13.unknown2 = 2;
- netlogon->logon13.pdc_ip = pdc_ip;
- netlogon->logon13.lmnt_token = 0xFFFF;
- netlogon->logon13.lm20_token = 0xFFFF;
- break;
+ if (version & NETLOGON_NT_VERSION_5EX) {
+ uint32_t extra_flags = 0;
+ netlogon->ntver = NETLOGON_NT_VERSION_5EX;
+
+ /* could check if the user exists */
+ if (!user) {
+ user = "";
+ netlogon->nt5_ex.command = LOGON_SAM_LOGON_RESPONSE_EX;
+ } else {
+ netlogon->nt5_ex.command = LOGON_SAM_LOGON_USER_UNKNOWN_EX;
+ }
+ netlogon->nt5_ex.server_type = server_type;
+ netlogon->nt5_ex.domain_uuid = domain_uuid;
+ netlogon->nt5_ex.forest = realm;
+ netlogon->nt5_ex.dns_domain = dns_domain;
+ netlogon->nt5_ex.pdc_dns_name = pdc_dns_name;
+ netlogon->nt5_ex.domain = flatname;
+ netlogon->nt5_ex.pdc_name = lp_netbios_name(lp_ctx);
+ netlogon->nt5_ex.user_name = user;
+ netlogon->nt5_ex.server_site = server_site;
+ netlogon->nt5_ex.client_site = client_site;
+
+ if (version & NETLOGON_NT_VERSION_5EX_WITH_IP) {
+ /* Clearly this needs to be fixed up for IPv6 */
+ extra_flags = NETLOGON_NT_VERSION_5EX_WITH_IP;
+ netlogon->nt5_ex.sockaddr.sa_family = 2;
+ netlogon->nt5_ex.sockaddr.pdc_ip = pdc_ip;
+ netlogon->nt5_ex.sockaddr.remaining = data_blob(NULL, 4);
+ }
+ netlogon->nt5_ex.nt_version = NETLOGON_NT_VERSION_1|NETLOGON_NT_VERSION_5EX|extra_flags;
+ netlogon->nt5_ex.lmnt_token = 0xFFFF;
+ netlogon->nt5_ex.lm20_token = 0xFFFF;
+
+ } else if (version & NETLOGON_NT_VERSION_5) {
+ netlogon->ntver = NETLOGON_NT_VERSION_5;
+
+ /* could check if the user exists */
+ if (!user) {
+ user = "";
+ netlogon->nt5.command = LOGON_SAM_LOGON_RESPONSE;
+ } else {
+ netlogon->nt5.command = LOGON_SAM_LOGON_USER_UNKNOWN;
+ }
+ netlogon->nt5.pdc_name = pdc_name;
+ netlogon->nt5.user_name = user;
+ netlogon->nt5.domain_name = flatname;
+ netlogon->nt5.domain_uuid = domain_uuid;
+ netlogon->nt5.forest = realm;
+ netlogon->nt5.dns_domain = dns_domain;
+ netlogon->nt5.pdc_dns_name = pdc_dns_name;
+ netlogon->nt5.pdc_ip = pdc_ip;
+ netlogon->nt5.server_type = server_type;
+ netlogon->nt5.nt_version = NETLOGON_NT_VERSION_1|NETLOGON_NT_VERSION_5;
+ netlogon->nt5.lmnt_token = 0xFFFF;
+ netlogon->nt5.lm20_token = 0xFFFF;
+
+ } else /* (version & NETLOGON_NT_VERSION_1) and all other cases */ {
+ netlogon->ntver = NETLOGON_NT_VERSION_1;
+ /* could check if the user exists */
+ if (!user) {
+ user = "";
+ netlogon->nt4.command = LOGON_SAM_LOGON_RESPONSE;
+ } else {
+ netlogon->nt4.command = LOGON_SAM_LOGON_USER_UNKNOWN;
+ }
+ netlogon->nt4.server = pdc_name;
+ netlogon->nt4.user_name = user;
+ netlogon->nt4.domain = flatname;
+ netlogon->nt4.nt_version = NETLOGON_NT_VERSION_1;
+ netlogon->nt4.lmnt_token = 0xFFFF;
+ netlogon->nt4.lm20_token = 0xFFFF;
}
return NT_STATUS_OK;
@@ -285,7 +344,7 @@ void cldapd_netlogon_request(struct cldap_socket *cldap,
const char *domain_sid = NULL;
int acct_control = -1;
int version = -1;
- union nbt_cldap_netlogon netlogon;
+ struct netlogon_samlogon_response netlogon;
NTSTATUS status = NT_STATUS_INVALID_PARAMETER;
TALLOC_CTX *tmp_ctx = talloc_new(cldap);
@@ -346,9 +405,9 @@ void cldapd_netlogon_request(struct cldap_socket *cldap,
DEBUG(5,("cldap netlogon query domain=%s host=%s user=%s version=%d guid=%s\n",
domain, host, user, version, domain_guid));
- status = cldapd_netlogon_fill(cldapd, tmp_ctx, domain, domain_guid,
- user, src->addr,
- version, cldapd->task->lp_ctx, &netlogon);
+ status = fill_netlogon_samlogon_response(cldapd->samctx, tmp_ctx, domain, NULL, NULL, domain_guid,
+ user, src->addr,
+ version, cldapd->task->lp_ctx, &netlogon);
if (!NT_STATUS_IS_OK(status)) {
goto failed;
}
diff --git a/source/lib/ldb/tools/ad2oLschema.c b/source/lib/ldb/tools/ad2oLschema.c
index 67b16dd..0a89656 100644
--- a/source/lib/ldb/tools/ad2oLschema.c
+++ b/source/lib/ldb/tools/ad2oLschema.c
@@ -429,7 +429,7 @@ static struct schema_conv process_convert(struct ldb_context *ldb, enum convert_
/* We might have been asked to remap this oid,
* due to a conflict, or lack of
* implementation */
- for (j=0; syntax_oid && oid_map[j].old_oid; j++) {
+ for (j=0; syntax_oid && oid_map && oid_map[j].old_oid; j++) {
if (strcasecmp(syntax_oid, oid_map[j].old_oid) == 0) {
syntax_oid = oid_map[j].new_oid;
break;
@@ -494,7 +494,7 @@ static struct schema_conv process_convert(struct ldb_context *ldb, enum convert_
}
/* We might have been asked to remap this oid, due to a conflict */
- for (j=0; oid_map[j].old_oid; j++) {
+ for (j=0; oid_map && oid_map[j].old_oid; j++) {
if (strcasecmp(oid, oid_map[j].old_oid) == 0) {
oid = oid_map[j].new_oid;
break;
diff --git a/source/libcli/cldap/cldap.c b/source/libcli/cldap/cldap.c
index 614bd51..860bd35 100644
--- a/source/libcli/cldap/cldap.c
+++ b/source/libcli/cldap/cldap.c
@@ -595,7 +595,6 @@ NTSTATUS cldap_netlogon_recv(struct cldap_request *req,
struct cldap_netlogon *io)
{
NTSTATUS status;
- enum ndr_err_code ndr_err;
struct cldap_search search;
struct cldap_socket *cldap;
DATA_BLOB *data;
@@ -618,18 +617,15 @@ NTSTATUS cldap_netlogon_recv(struct cldap_request *req,
}
data = search.out.response->attributes[0].values;
- ndr_err = ndr_pull_union_blob_all(data, mem_ctx,
- cldap->iconv_convenience,
- &io->out.netlogon,
- io->in.version & 0xF,
- (ndr_pull_flags_fn_t)ndr_pull_nbt_cldap_netlogon);
- if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
- DEBUG(2,("cldap failed to parse netlogon response of type 0x%02x\n",
- SVAL(data->data, 0)));
- dump_data(10, data->data, data->length);
- return ndr_map_error2ntstatus(ndr_err);
+ status = pull_netlogon_samlogon_response(data, mem_ctx, req->cldap->iconv_convenience,
+ &io->out.netlogon);
+ if (!NT_STATUS_IS_OK(status)) {
+ return status;
+ }
+
+ if (io->in.map_response) {
+ map_netlogon_samlogon_response(&io->out.netlogon);
}
-
return NT_STATUS_OK;
}
@@ -704,25 +700,20 @@ NTSTATUS cldap_netlogon_reply(struct cldap_socket *cldap,
uint32_t message_id,
struct socket_address *src,
uint32_t version,
- union nbt_cldap_netlogon *netlogon)
+ struct netlogon_samlogon_response *netlogon)
--
Samba Shared Repository
More information about the samba-cvs
mailing list