[SCM] Samba Shared Repository - branch master updated
Günther Deschner
gd at samba.org
Tue Oct 13 02:23:19 MDT 2009
The branch, master has been updated
via ebe0e64... s3: use enum netr_SchannelType all over the place.
via aa8c142... s3-netlogon: allow to change any type of trust account password in trust_pw_find_change_and_store_it().
from 4423173... s4-repl: check that a DsGetNCChanges is a continuation, and fix sorting
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit ebe0e64ba9815b238cccf7d24821bc473d245707
Author: Günther Deschner <gd at samba.org>
Date: Tue Oct 13 10:15:34 2009 +0200
s3: use enum netr_SchannelType all over the place.
Guenther
commit aa8c142b5e1d126b9a5a8e4a6638bc785292fbc2
Author: Günther Deschner <gd at samba.org>
Date: Thu Oct 8 00:39:40 2009 +0200
s3-netlogon: allow to change any type of trust account password in trust_pw_find_change_and_store_it().
Guenther
-----------------------------------------------------------------------
Summary of changes:
source3/auth/auth_domain.c | 2 +-
source3/include/proto.h | 14 +++++-----
source3/libads/util.c | 2 +-
source3/libsmb/trusts_util.c | 49 ++++++++++++++++++++++++++++++------
source3/passdb/passdb.c | 6 +++-
source3/passdb/secrets.c | 11 ++++---
source3/rpc_client/cli_netlogon.c | 2 +-
source3/rpc_client/cli_pipe.c | 2 +-
source3/rpc_server/srv_netlog_nt.c | 2 +-
source3/rpcclient/cmd_netlogon.c | 2 +-
source3/rpcclient/rpcclient.c | 2 +-
source3/utils/net.c | 4 +-
source3/utils/net_proto.h | 2 +-
source3/utils/net_rpc.c | 2 +-
source3/utils/net_rpc_join.c | 2 +-
source3/winbindd/winbindd_cm.c | 2 +-
16 files changed, 71 insertions(+), 35 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source3/auth/auth_domain.c b/source3/auth/auth_domain.c
index 7dec6ad..084d84c 100644
--- a/source3/auth/auth_domain.c
+++ b/source3/auth/auth_domain.c
@@ -195,7 +195,7 @@ machine %s. Error was : %s.\n", dc_name, nt_errstr(result)));
if (!lp_client_schannel()) {
/* We need to set up a creds chain on an unauthenticated netlogon pipe. */
uint32_t neg_flags = NETLOGON_NEG_AUTH2_ADS_FLAGS;
- uint32 sec_chan_type = 0;
+ enum netr_SchannelType sec_chan_type = 0;
unsigned char machine_pwd[16];
const char *account_name;
diff --git a/source3/include/proto.h b/source3/include/proto.h
index 7e31da0..8fc4195 100644
--- a/source3/include/proto.h
+++ b/source3/include/proto.h
@@ -3309,7 +3309,7 @@ NTSTATUS trust_pw_change_and_store_it(struct rpc_pipe_client *cli, TALLOC_CTX *m
const char *domain,
const char *account_name,
unsigned char orig_trust_passwd_hash[16],
- uint32 sec_channel_type);
+ enum netr_SchannelType sec_channel_type);
NTSTATUS trust_pw_find_change_and_store_it(struct rpc_pipe_client *cli,
TALLOC_CTX *mem_ctx,
const char *domain) ;
@@ -4672,14 +4672,14 @@ bool secrets_fetch_domain_sid(const char *domain, DOM_SID *sid);
bool secrets_store_domain_guid(const char *domain, struct GUID *guid);
bool secrets_fetch_domain_guid(const char *domain, struct GUID *guid);
void *secrets_get_trust_account_lock(TALLOC_CTX *mem_ctx, const char *domain);
-uint32 get_default_sec_channel(void);
+enum netr_SchannelType get_default_sec_channel(void);
bool secrets_fetch_trust_account_password_legacy(const char *domain,
uint8 ret_pwd[16],
time_t *pass_last_set_time,
- uint32 *channel);
+ enum netr_SchannelType *channel);
bool secrets_fetch_trust_account_password(const char *domain, uint8 ret_pwd[16],
time_t *pass_last_set_time,
- uint32 *channel);
+ enum netr_SchannelType *channel);
bool secrets_fetch_trusted_domain_password(const char *domain, char** pwd,
DOM_SID *sid, time_t *pass_last_set_time);
bool secrets_store_trusted_domain_password(const char* domain, const char* pwd,
@@ -4687,10 +4687,10 @@ bool secrets_store_trusted_domain_password(const char* domain, const char* pwd,
bool secrets_delete_machine_password(const char *domain);
bool secrets_delete_machine_password_ex(const char *domain);
bool secrets_delete_domain_sid(const char *domain);
-bool secrets_store_machine_password(const char *pass, const char *domain, uint32 sec_channel);
+bool secrets_store_machine_password(const char *pass, const char *domain, enum netr_SchannelType sec_channel);
char *secrets_fetch_machine_password(const char *domain,
time_t *pass_last_set_time,
- uint32 *channel);
+ enum netr_SchannelType *channel);
bool trusted_domain_password_delete(const char *domain);
bool secrets_store_ldap_pw(const char* dn, char* pw);
bool fetch_ldap_pw(char **dn, char** pw);
@@ -5243,7 +5243,7 @@ NTSTATUS rpccli_netlogon_set_trust_password(struct rpc_pipe_client *cli,
const unsigned char orig_trust_passwd_hash[16],
const char *new_trust_pwd_cleartext,
const unsigned char new_trust_passwd_hash[16],
- uint32_t sec_channel_type);
+ enum netr_SchannelType sec_channel_type);
/* The following definitions come from rpc_client/cli_pipe.c */
diff --git a/source3/libads/util.c b/source3/libads/util.c
index 2c7ccfe..9dcb906 100644
--- a/source3/libads/util.c
+++ b/source3/libads/util.c
@@ -26,7 +26,7 @@ ADS_STATUS ads_change_trust_account_password(ADS_STRUCT *ads, char *host_princip
char *password;
char *new_password;
ADS_STATUS ret;
- uint32 sec_channel_type;
+ enum netr_SchannelType sec_channel_type;
if ((password = secrets_fetch_machine_password(lp_workgroup(), NULL, &sec_channel_type)) == NULL) {
DEBUG(1,("Failed to retrieve password for principal %s\n", host_principal));
diff --git a/source3/libsmb/trusts_util.c b/source3/libsmb/trusts_util.c
index e201814..584217d 100644
--- a/source3/libsmb/trusts_util.c
+++ b/source3/libsmb/trusts_util.c
@@ -31,12 +31,20 @@ NTSTATUS trust_pw_change_and_store_it(struct rpc_pipe_client *cli, TALLOC_CTX *m
const char *domain,
const char *account_name,
unsigned char orig_trust_passwd_hash[16],
- uint32 sec_channel_type)
+ enum netr_SchannelType sec_channel_type)
{
unsigned char new_trust_passwd_hash[16];
char *new_trust_passwd;
NTSTATUS nt_status;
+ switch (sec_channel_type) {
+ case SEC_CHAN_WKSTA:
+ case SEC_CHAN_DOMAIN:
+ break;
+ default:
+ return NT_STATUS_NOT_SUPPORTED;
+ }
+
/* Create a random machine account password */
new_trust_passwd = generate_random_str(mem_ctx, DEFAULT_TRUST_ACCOUNT_PASSWORD_LENGTH);
@@ -61,8 +69,33 @@ NTSTATUS trust_pw_change_and_store_it(struct rpc_pipe_client *cli, TALLOC_CTX *m
* Return the result of trying to write the new password
* back into the trust account file.
*/
- if (!secrets_store_machine_password(new_trust_passwd, domain, sec_channel_type)) {
- nt_status = NT_STATUS_UNSUCCESSFUL;
+
+ switch (sec_channel_type) {
+
+ case SEC_CHAN_WKSTA:
+ if (!secrets_store_machine_password(new_trust_passwd, domain, sec_channel_type)) {
+ nt_status = NT_STATUS_UNSUCCESSFUL;
+ }
+ break;
+
+ case SEC_CHAN_DOMAIN: {
+ char *pwd;
+ struct dom_sid sid;
+ time_t pass_last_set_time;
+
+ /* we need to get the sid first for the
+ * pdb_set_trusteddom_pw call */
+
+ if (!pdb_get_trusteddom_pw(domain, &pwd, &sid, &pass_last_set_time)) {
+ nt_status = NT_STATUS_TRUSTED_RELATIONSHIP_FAILURE;
+ }
+ if (!pdb_set_trusteddom_pw(domain, new_trust_passwd, &sid)) {
+ nt_status = NT_STATUS_INTERNAL_DB_CORRUPTION;
+ }
+ break;
+ }
+ default:
+ break;
}
}
@@ -80,17 +113,17 @@ NTSTATUS trust_pw_find_change_and_store_it(struct rpc_pipe_client *cli,
const char *domain)
{
unsigned char old_trust_passwd_hash[16];
- uint32 sec_channel_type = 0;
+ enum netr_SchannelType sec_channel_type = SEC_CHAN_NULL;
+ const char *account_name;
- if (!secrets_fetch_trust_account_password(domain,
- old_trust_passwd_hash,
- NULL, &sec_channel_type)) {
+ if (!get_trust_pw_hash(domain, old_trust_passwd_hash, &account_name,
+ &sec_channel_type)) {
DEBUG(0, ("could not fetch domain secrets for domain %s!\n", domain));
return NT_STATUS_UNSUCCESSFUL;
}
return trust_pw_change_and_store_it(cli, mem_ctx, domain,
- global_myname(),
+ account_name,
old_trust_passwd_hash,
sec_channel_type);
}
diff --git a/source3/passdb/passdb.c b/source3/passdb/passdb.c
index 0678181..b2c3b94 100644
--- a/source3/passdb/passdb.c
+++ b/source3/passdb/passdb.c
@@ -2257,7 +2257,8 @@ bool is_dc_trusted_domain_situation(const char *domain_name)
*******************************************************************/
bool get_trust_pw_clear(const char *domain, char **ret_pwd,
- const char **account_name, uint32 *channel)
+ const char **account_name,
+ enum netr_SchannelType *channel)
{
char *pwd;
time_t last_set_time;
@@ -2329,7 +2330,8 @@ bool get_trust_pw_clear(const char *domain, char **ret_pwd,
*******************************************************************/
bool get_trust_pw_hash(const char *domain, uint8 ret_pwd[16],
- const char **account_name, uint32 *channel)
+ const char **account_name,
+ enum netr_SchannelType *channel)
{
char *pwd = NULL;
time_t last_set_time;
diff --git a/source3/passdb/secrets.c b/source3/passdb/secrets.c
index 36f401b..8b87c2c 100644
--- a/source3/passdb/secrets.c
+++ b/source3/passdb/secrets.c
@@ -392,7 +392,7 @@ void *secrets_get_trust_account_lock(TALLOC_CTX *mem_ctx, const char *domain)
Routine to get the default secure channel type for trust accounts
************************************************************************/
-uint32 get_default_sec_channel(void)
+enum netr_SchannelType get_default_sec_channel(void)
{
if (lp_server_role() == ROLE_DOMAIN_BDC ||
lp_server_role() == ROLE_DOMAIN_PDC) {
@@ -412,7 +412,7 @@ uint32 get_default_sec_channel(void)
bool secrets_fetch_trust_account_password_legacy(const char *domain,
uint8 ret_pwd[16],
time_t *pass_last_set_time,
- uint32 *channel)
+ enum netr_SchannelType *channel)
{
struct machine_acct_pass *pass;
size_t size = 0;
@@ -458,7 +458,7 @@ bool secrets_fetch_trust_account_password_legacy(const char *domain,
bool secrets_fetch_trust_account_password(const char *domain, uint8 ret_pwd[16],
time_t *pass_last_set_time,
- uint32 *channel)
+ enum netr_SchannelType *channel)
{
char *plaintext;
@@ -793,7 +793,8 @@ bool secrets_delete_domain_sid(const char *domain)
the password is assumed to be a null terminated ascii string
************************************************************************/
-bool secrets_store_machine_password(const char *pass, const char *domain, uint32 sec_channel)
+bool secrets_store_machine_password(const char *pass, const char *domain,
+ enum netr_SchannelType sec_channel)
{
bool ret;
uint32 last_change_time;
@@ -819,7 +820,7 @@ bool secrets_store_machine_password(const char *pass, const char *domain, uint32
char *secrets_fetch_machine_password(const char *domain,
time_t *pass_last_set_time,
- uint32 *channel)
+ enum netr_SchannelType *channel)
{
char *ret;
ret = (char *)secrets_fetch(machine_password_keystr(domain), NULL);
diff --git a/source3/rpc_client/cli_netlogon.c b/source3/rpc_client/cli_netlogon.c
index 5e116c9..a5f48d4 100644
--- a/source3/rpc_client/cli_netlogon.c
+++ b/source3/rpc_client/cli_netlogon.c
@@ -513,7 +513,7 @@ NTSTATUS rpccli_netlogon_set_trust_password(struct rpc_pipe_client *cli,
const unsigned char orig_trust_passwd_hash[16],
const char *new_trust_pwd_cleartext,
const unsigned char new_trust_passwd_hash[16],
- uint32_t sec_channel_type)
+ enum netr_SchannelType sec_channel_type)
{
NTSTATUS result;
uint32_t neg_flags = NETLOGON_NEG_AUTH2_ADS_FLAGS;
diff --git a/source3/rpc_client/cli_pipe.c b/source3/rpc_client/cli_pipe.c
index dc4dfbd..c197bd4 100644
--- a/source3/rpc_client/cli_pipe.c
+++ b/source3/rpc_client/cli_pipe.c
@@ -3819,7 +3819,7 @@ static NTSTATUS get_schannel_session_key_common(struct rpc_pipe_client *netlogon
const char *domain,
uint32 *pneg_flags)
{
- uint32 sec_chan_type = 0;
+ enum netr_SchannelType sec_chan_type = 0;
unsigned char machine_pwd[16];
const char *machine_account;
NTSTATUS status;
diff --git a/source3/rpc_server/srv_netlog_nt.c b/source3/rpc_server/srv_netlog_nt.c
index fd90bf8..4b83279 100644
--- a/source3/rpc_server/srv_netlog_nt.c
+++ b/source3/rpc_server/srv_netlog_nt.c
@@ -281,7 +281,7 @@ WERROR _netr_NetrEnumerateTrustedDomains(pipes_struct *p,
******************************************************************/
static NTSTATUS get_md4pw(struct samr_Password *md4pw, const char *mach_acct,
- uint16_t sec_chan_type, struct dom_sid *sid)
+ enum netr_SchannelType sec_chan_type, struct dom_sid *sid)
{
struct samu *sampass = NULL;
const uint8 *pass;
diff --git a/source3/rpcclient/cmd_netlogon.c b/source3/rpcclient/cmd_netlogon.c
index ae76652..2fbadf2 100644
--- a/source3/rpcclient/cmd_netlogon.c
+++ b/source3/rpcclient/cmd_netlogon.c
@@ -1051,7 +1051,7 @@ static NTSTATUS cmd_netlogon_database_redo(struct rpc_pipe_client *cli,
struct netr_Authenticator clnt_creds, srv_cred;
struct netr_DELTA_ENUM_ARRAY *delta_enum_array = NULL;
unsigned char trust_passwd_hash[16];
- uint32_t sec_channel_type = 0;
+ enum netr_SchannelType sec_channel_type = 0;
struct netr_ChangeLogEntry e;
uint32_t rid = 500;
diff --git a/source3/rpcclient/rpcclient.c b/source3/rpcclient/rpcclient.c
index 7a20e48..20ea8a0 100644
--- a/source3/rpcclient/rpcclient.c
+++ b/source3/rpcclient/rpcclient.c
@@ -694,7 +694,7 @@ static NTSTATUS do_cmd(struct cli_state *cli,
if (ndr_syntax_id_equal(cmd_entry->interface,
&ndr_table_netlogon.syntax_id)) {
uint32_t neg_flags = NETLOGON_NEG_AUTH2_ADS_FLAGS;
- uint32 sec_channel_type;
+ enum netr_SchannelType sec_channel_type;
uchar trust_password[16];
const char *machine_account;
diff --git a/source3/utils/net.c b/source3/utils/net.c
index 585661c..e8920e0 100644
--- a/source3/utils/net.c
+++ b/source3/utils/net.c
@@ -53,7 +53,7 @@ extern bool AllowDebugChange;
/* end of internationalization section */
/***********************************************************************/
-uint32 get_sec_channel_type(const char *param)
+enum netr_SchannelType get_sec_channel_type(const char *param)
{
if (!(param && *param)) {
return get_default_sec_channel();
@@ -91,7 +91,7 @@ static int net_changesecretpw(struct net_context *c, int argc,
const char **argv)
{
char *trust_pw;
- uint32 sec_channel_type = SEC_CHAN_WKSTA;
+ enum netr_SchannelType sec_channel_type = SEC_CHAN_WKSTA;
if(c->opt_force) {
if (c->opt_stdin) {
diff --git a/source3/utils/net_proto.h b/source3/utils/net_proto.h
index e1c1817..098e2a2 100644
--- a/source3/utils/net_proto.h
+++ b/source3/utils/net_proto.h
@@ -42,7 +42,7 @@ void debug_unix_user_token(int dbg_class, int dbg_lev, uid_t uid, gid_t gid,
/* The following definitions come from utils/net.c */
-uint32 get_sec_channel_type(const char *param);
+enum netr_SchannelType get_sec_channel_type(const char *param);
/* The following definitions come from utils/net_ads.c */
diff --git a/source3/utils/net_rpc.c b/source3/utils/net_rpc.c
index 896ea8c..afda1a7 100644
--- a/source3/utils/net_rpc.c
+++ b/source3/utils/net_rpc.c
@@ -309,7 +309,7 @@ static NTSTATUS rpc_oldjoin_internals(struct net_context *c,
fstring trust_passwd;
unsigned char orig_trust_passwd_hash[16];
NTSTATUS result;
- uint32 sec_channel_type;
+ enum netr_SchannelType sec_channel_type;
result = cli_rpc_pipe_open_noauth(cli, &ndr_table_netlogon.syntax_id,
&pipe_hnd);
diff --git a/source3/utils/net_rpc_join.c b/source3/utils/net_rpc_join.c
index 2391381..d3a63d3 100644
--- a/source3/utils/net_rpc_join.c
+++ b/source3/utils/net_rpc_join.c
@@ -138,7 +138,7 @@ int net_rpc_join_newstyle(struct net_context *c, int argc, const char **argv)
TALLOC_CTX *mem_ctx;
uint32 acb_info = ACB_WSTRUST;
uint32_t neg_flags = NETLOGON_NEG_AUTH2_ADS_FLAGS;
- uint32 sec_channel_type;
+ enum netr_SchannelType sec_channel_type;
struct rpc_pipe_client *pipe_hnd = NULL;
/* rpc variables */
diff --git a/source3/winbindd/winbindd_cm.c b/source3/winbindd/winbindd_cm.c
index 9a78839..95e1daf 100644
--- a/source3/winbindd/winbindd_cm.c
+++ b/source3/winbindd/winbindd_cm.c
@@ -2370,7 +2370,7 @@ NTSTATUS cm_connect_netlogon(struct winbindd_domain *domain,
uint32_t neg_flags = NETLOGON_NEG_AUTH2_ADS_FLAGS;
uint8 mach_pwd[16];
- uint32 sec_chan_type;
+ enum netr_SchannelType sec_chan_type;
const char *account_name;
struct rpc_pipe_client *netlogon_pipe = NULL;
--
Samba Shared Repository
More information about the samba-cvs
mailing list