[SCM] Samba Shared Repository - branch master updated
Simo Sorce
idra at samba.org
Sun Feb 21 09:59:32 MST 2010
The branch, master has been updated
via 0679c77... cleanup
from 15edc96... s3: Use the status from cli_raw_ioctl in torture_ioctl_test
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit 0679c774697563bc0b1f57462018051b75d0e581
Author: Simo Sorce <idra at samba.org>
Date: Sat Feb 20 14:21:36 2010 -0500
cleanup
remove trailing spaces, tabs and blank lines
-----------------------------------------------------------------------
Summary of changes:
source4/rpc_server/netlogon/dcerpc_netlogon.c | 264 ++++++++++++-------------
1 files changed, 131 insertions(+), 133 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source4/rpc_server/netlogon/dcerpc_netlogon.c b/source4/rpc_server/netlogon/dcerpc_netlogon.c
index 314a359..7a7d49b 100644
--- a/source4/rpc_server/netlogon/dcerpc_netlogon.c
+++ b/source4/rpc_server/netlogon/dcerpc_netlogon.c
@@ -1,4 +1,4 @@
-/*
+/*
Unix SMB/CIFS implementation.
endpoint server for the netlogon pipe
@@ -6,17 +6,17 @@
Copyright (C) Andrew Bartlett <abartlet at samba.org> 2004-2008
Copyright (C) Stefan Metzmacher <metze at samba.org> 2005
Copyright (C) Matthias Dieter Wallnöfer 2009
-
+
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 3 of the License, or
(at your option) any later version.
-
+
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
-
+
You should have received a copy of the GNU General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
@@ -39,7 +39,6 @@ struct netlogon_server_pipe_state {
struct netr_Credential server_challenge;
};
-
static NTSTATUS dcesrv_netr_ServerReqChallenge(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
struct netr_ServerReqChallenge *r)
{
@@ -54,13 +53,13 @@ static NTSTATUS dcesrv_netr_ServerReqChallenge(struct dcesrv_call_state *dce_cal
talloc_free(pipe_state);
dce_call->context->private_data = NULL;
}
-
+
pipe_state = talloc(dce_call->context, struct netlogon_server_pipe_state);
NT_STATUS_HAVE_NO_MEMORY(pipe_state);
pipe_state->client_challenge = *r->in.credentials;
- generate_random_buffer(pipe_state->server_challenge.data,
+ generate_random_buffer(pipe_state->server_challenge.data,
sizeof(pipe_state->server_challenge.data));
*r->out.return_credentials = pipe_state->server_challenge;
@@ -83,7 +82,7 @@ static NTSTATUS dcesrv_netr_ServerAuthenticate3(struct dcesrv_call_state *dce_ca
int num_records;
struct ldb_message **msgs;
NTSTATUS nt_status;
- const char *attrs[] = {"unicodePwd", "userAccountControl",
+ const char *attrs[] = {"unicodePwd", "userAccountControl",
"objectSid", NULL};
const char *trust_dom_attrs[] = {"flatname", NULL};
@@ -128,7 +127,7 @@ static NTSTATUS dcesrv_netr_ServerAuthenticate3(struct dcesrv_call_state *dce_ca
return NT_STATUS_ACCESS_DENIED;
}
- sam_ctx = samdb_connect(mem_ctx, dce_call->event_ctx, dce_call->conn->dce_ctx->lp_ctx,
+ sam_ctx = samdb_connect(mem_ctx, dce_call->event_ctx, dce_call->conn->dce_ctx->lp_ctx,
system_session(dce_call->conn->dce_ctx->lp_ctx));
if (sam_ctx == NULL) {
return NT_STATUS_INVALID_SYSTEM_SERVICE;
@@ -149,20 +148,20 @@ static NTSTATUS dcesrv_netr_ServerAuthenticate3(struct dcesrv_call_state *dce_ca
/* pull the user attributes */
num_records = gendb_search(sam_ctx, mem_ctx, NULL, &msgs,
trust_dom_attrs,
- "(&(trustPartner=%s)(objectclass=trustedDomain))",
+ "(&(trustPartner=%s)(objectclass=trustedDomain))",
encoded_account);
-
+
if (num_records == 0) {
- DEBUG(3,("Couldn't find trust [%s] in samdb.\n",
+ DEBUG(3,("Couldn't find trust [%s] in samdb.\n",
encoded_account));
return NT_STATUS_ACCESS_DENIED;
}
-
+
if (num_records > 1) {
DEBUG(0,("Found %d records matching user [%s]\n", num_records, r->in.account_name));
return NT_STATUS_INTERNAL_DB_CORRUPTION;
}
-
+
flatname = ldb_msg_find_attr_as_string(msgs[0], "flatname", NULL);
if (!flatname) {
/* No flatname for this trust - we can't proceed */
@@ -173,18 +172,18 @@ static NTSTATUS dcesrv_netr_ServerAuthenticate3(struct dcesrv_call_state *dce_ca
if (!account_name) {
return NT_STATUS_NO_MEMORY;
}
-
+
} else {
account_name = r->in.account_name;
}
-
+
/* pull the user attributes */
num_records = gendb_search(sam_ctx, mem_ctx, NULL, &msgs, attrs,
- "(&(sAMAccountName=%s)(objectclass=user))",
+ "(&(sAMAccountName=%s)(objectclass=user))",
ldb_binary_encode_string(mem_ctx, account_name));
if (num_records == 0) {
- DEBUG(3,("Couldn't find user [%s] in samdb.\n",
+ DEBUG(3,("Couldn't find user [%s] in samdb.\n",
r->in.account_name));
return NT_STATUS_ACCESS_DENIED;
}
@@ -194,7 +193,6 @@ static NTSTATUS dcesrv_netr_ServerAuthenticate3(struct dcesrv_call_state *dce_ca
return NT_STATUS_INTERNAL_DB_CORRUPTION;
}
-
user_account_control = ldb_msg_find_attr_as_uint(msgs[0], "userAccountControl", 0);
if (user_account_control & UF_ACCOUNTDISABLE) {
@@ -207,11 +205,11 @@ static NTSTATUS dcesrv_netr_ServerAuthenticate3(struct dcesrv_call_state *dce_ca
DEBUG(1, ("Client asked for a workstation secure channel, but is not a workstation (member server) acb flags: 0x%x\n", user_account_control));
return NT_STATUS_ACCESS_DENIED;
}
- } else if (r->in.secure_channel_type == SEC_CHAN_DOMAIN ||
+ } else if (r->in.secure_channel_type == SEC_CHAN_DOMAIN ||
r->in.secure_channel_type == SEC_CHAN_DNS_DOMAIN) {
if (!(user_account_control & UF_INTERDOMAIN_TRUST_ACCOUNT)) {
DEBUG(1, ("Client asked for a trusted domain secure channel, but is not a trusted domain: acb flags: 0x%x\n", user_account_control));
-
+
return NT_STATUS_ACCESS_DENIED;
}
} else if (r->in.secure_channel_type == SEC_CHAN_BDC) {
@@ -220,12 +218,12 @@ static NTSTATUS dcesrv_netr_ServerAuthenticate3(struct dcesrv_call_state *dce_ca
return NT_STATUS_ACCESS_DENIED;
}
} else {
- DEBUG(1, ("Client asked for an invalid secure channel type: %d\n",
+ DEBUG(1, ("Client asked for an invalid secure channel type: %d\n",
r->in.secure_channel_type));
return NT_STATUS_ACCESS_DENIED;
}
- *r->out.rid = samdb_result_rid_from_sid(mem_ctx, msgs[0],
+ *r->out.rid = samdb_result_rid_from_sid(mem_ctx, msgs[0],
"objectSid", 0);
mach_pwd = samdb_result_hash(mem_ctx, msgs[0], "unicodePwd");
@@ -233,17 +231,17 @@ static NTSTATUS dcesrv_netr_ServerAuthenticate3(struct dcesrv_call_state *dce_ca
return NT_STATUS_ACCESS_DENIED;
}
- creds = netlogon_creds_server_init(mem_ctx,
+ creds = netlogon_creds_server_init(mem_ctx,
r->in.account_name,
r->in.computer_name,
r->in.secure_channel_type,
- &pipe_state->client_challenge,
- &pipe_state->server_challenge,
+ &pipe_state->client_challenge,
+ &pipe_state->server_challenge,
mach_pwd,
r->in.credentials,
r->out.return_credentials,
*r->in.negotiate_flags);
-
+
if (!creds) {
return NT_STATUS_ACCESS_DENIED;
}
@@ -260,13 +258,13 @@ static NTSTATUS dcesrv_netr_ServerAuthenticate3(struct dcesrv_call_state *dce_ca
return nt_status;
}
-
+
static NTSTATUS dcesrv_netr_ServerAuthenticate(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
struct netr_ServerAuthenticate *r)
{
struct netr_ServerAuthenticate3 a;
uint32_t rid;
- /* TODO:
+ /* TODO:
* negotiate_flags is used as an [in] parameter
* so it need to be initialised.
*
@@ -304,7 +302,7 @@ static NTSTATUS dcesrv_netr_ServerAuthenticate2(struct dcesrv_call_state *dce_ca
r3.in.negotiate_flags = r->in.negotiate_flags;
r3.out.negotiate_flags = r->out.negotiate_flags;
r3.out.rid = &rid;
-
+
return dcesrv_netr_ServerAuthenticate3(dce_call, mem_ctx, &r3);
}
@@ -319,18 +317,18 @@ static NTSTATUS dcesrv_netr_ServerAuthenticate2(struct dcesrv_call_state *dce_ca
*/
static NTSTATUS dcesrv_netr_creds_server_step_check(struct dcesrv_call_state *dce_call,
- TALLOC_CTX *mem_ctx,
+ TALLOC_CTX *mem_ctx,
const char *computer_name,
struct netr_Authenticator *received_authenticator,
struct netr_Authenticator *return_authenticator,
- struct netlogon_creds_CredentialState **creds_out)
+ struct netlogon_creds_CredentialState **creds_out)
{
NTSTATUS nt_status;
struct ldb_context *ldb;
bool schannel_global_required = false; /* Should be lp_schannel_server() == true */
bool schannel_in_use = dce_call->conn->auth_state.auth_info
&& dce_call->conn->auth_state.auth_info->auth_type == DCERPC_AUTH_TYPE_SCHANNEL
- && (dce_call->conn->auth_state.auth_info->auth_level == DCERPC_AUTH_LEVEL_INTEGRITY
+ && (dce_call->conn->auth_state.auth_info->auth_level == DCERPC_AUTH_LEVEL_INTEGRITY
|| dce_call->conn->auth_state.auth_info->auth_level == DCERPC_AUTH_LEVEL_PRIVACY);
ldb = schannel_db_connect(mem_ctx, dce_call->event_ctx, dce_call->conn->dce_ctx->lp_ctx);
@@ -347,7 +345,7 @@ static NTSTATUS dcesrv_netr_creds_server_step_check(struct dcesrv_call_state *dc
return nt_status;
}
-/*
+/*
Change the machine account password for the currently connected
client. Supplies only the NT#.
*/
@@ -360,8 +358,8 @@ static NTSTATUS dcesrv_netr_ServerPasswordSet(struct dcesrv_call_state *dce_call
NTSTATUS nt_status;
nt_status = dcesrv_netr_creds_server_step_check(dce_call,
- mem_ctx,
- r->in.computer_name,
+ mem_ctx,
+ r->in.computer_name,
r->in.credential, r->out.return_authenticator,
&creds);
NT_STATUS_NOT_OK_RETURN(nt_status);
@@ -374,7 +372,7 @@ static NTSTATUS dcesrv_netr_ServerPasswordSet(struct dcesrv_call_state *dce_call
netlogon_creds_des_decrypt(creds, r->in.new_password);
/* Using the sid for the account as the key, set the password */
- nt_status = samdb_set_password_sid(sam_ctx, mem_ctx,
+ nt_status = samdb_set_password_sid(sam_ctx, mem_ctx,
creds->sid,
NULL, /* Don't have plaintext */
NULL, r->in.new_password,
@@ -383,7 +381,7 @@ static NTSTATUS dcesrv_netr_ServerPasswordSet(struct dcesrv_call_state *dce_call
return nt_status;
}
-/*
+/*
Change the machine account password for the currently connected
client. Supplies new plaintext.
*/
@@ -398,8 +396,8 @@ static NTSTATUS dcesrv_netr_ServerPasswordSet2(struct dcesrv_call_state *dce_cal
struct samr_CryptPassword password_buf;
nt_status = dcesrv_netr_creds_server_step_check(dce_call,
- mem_ctx,
- r->in.computer_name,
+ mem_ctx,
+ r->in.computer_name,
r->in.credential, r->out.return_authenticator,
&creds);
NT_STATUS_NOT_OK_RETURN(nt_status);
@@ -417,7 +415,7 @@ static NTSTATUS dcesrv_netr_ServerPasswordSet2(struct dcesrv_call_state *dce_cal
DEBUG(3,("samr: failed to decode password buffer\n"));
return NT_STATUS_WRONG_PASSWORD;
}
-
+
/* Using the sid for the account as the key, set the password */
nt_status = samdb_set_password_sid(sam_ctx, mem_ctx,
creds->sid,
@@ -429,8 +427,8 @@ static NTSTATUS dcesrv_netr_ServerPasswordSet2(struct dcesrv_call_state *dce_cal
}
-/*
- netr_LogonUasLogon
+/*
+ netr_LogonUasLogon
*/
static WERROR dcesrv_netr_LogonUasLogon(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
struct netr_LogonUasLogon *r)
@@ -439,8 +437,8 @@ static WERROR dcesrv_netr_LogonUasLogon(struct dcesrv_call_state *dce_call, TALL
}
-/*
- netr_LogonUasLogoff
+/*
+ netr_LogonUasLogoff
*/
static WERROR dcesrv_netr_LogonUasLogoff(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
struct netr_LogonUasLogoff *r)
@@ -449,7 +447,7 @@ static WERROR dcesrv_netr_LogonUasLogoff(struct dcesrv_call_state *dce_call, TAL
}
-/*
+/*
netr_LogonSamLogon_base
This version of the function allows other wrappers to say 'do not check the credentials'
@@ -468,7 +466,7 @@ static NTSTATUS dcesrv_netr_LogonSamLogon_base(struct dcesrv_call_state *dce_cal
struct netr_SamInfo2 *sam2;
struct netr_SamInfo3 *sam3;
struct netr_SamInfo6 *sam6;
-
+
user_info = talloc(mem_ctx, struct auth_usersupplied_info);
NT_STATUS_HAVE_NO_MEMORY(user_info);
@@ -482,10 +480,10 @@ static NTSTATUS dcesrv_netr_LogonSamLogon_base(struct dcesrv_call_state *dce_cal
case NetlogonInteractiveTransitiveInformation:
case NetlogonServiceTransitiveInformation:
if (creds->negotiate_flags & NETLOGON_NEG_ARCFOUR) {
- netlogon_creds_arcfour_crypt(creds,
+ netlogon_creds_arcfour_crypt(creds,
r->in.logon->password->lmpassword.hash,
sizeof(r->in.logon->password->lmpassword.hash));
- netlogon_creds_arcfour_crypt(creds,
+ netlogon_creds_arcfour_crypt(creds,
r->in.logon->password->ntpassword.hash,
sizeof(r->in.logon->password->ntpassword.hash));
} else {
@@ -494,7 +492,7 @@ static NTSTATUS dcesrv_netr_LogonSamLogon_base(struct dcesrv_call_state *dce_cal
}
/* TODO: we need to deny anonymous access here */
- nt_status = auth_context_create(mem_ctx,
+ nt_status = auth_context_create(mem_ctx,
dce_call->event_ctx, dce_call->msg_ctx,
dce_call->conn->dce_ctx->lp_ctx,
&auth_context);
@@ -504,7 +502,7 @@ static NTSTATUS dcesrv_netr_LogonSamLogon_base(struct dcesrv_call_state *dce_cal
user_info->client.account_name = r->in.logon->password->identity_info.account_name.string;
user_info->client.domain_name = r->in.logon->password->identity_info.domain_name.string;
user_info->workstation_name = r->in.logon->password->identity_info.workstation.string;
-
+
user_info->flags |= USER_INFO_INTERACTIVE_LOGON;
user_info->password_state = AUTH_PASSWORD_HASH;
@@ -521,7 +519,7 @@ static NTSTATUS dcesrv_netr_LogonSamLogon_base(struct dcesrv_call_state *dce_cal
case NetlogonNetworkTransitiveInformation:
/* TODO: we need to deny anonymous access here */
- nt_status = auth_context_create(mem_ctx,
+ nt_status = auth_context_create(mem_ctx,
dce_call->event_ctx, dce_call->msg_ctx,
dce_call->conn->dce_ctx->lp_ctx,
&auth_context);
@@ -534,18 +532,18 @@ static NTSTATUS dcesrv_netr_LogonSamLogon_base(struct dcesrv_call_state *dce_cal
user_info->client.account_name = r->in.logon->network->identity_info.account_name.string;
user_info->client.domain_name = r->in.logon->network->identity_info.domain_name.string;
user_info->workstation_name = r->in.logon->network->identity_info.workstation.string;
-
+
user_info->password_state = AUTH_PASSWORD_RESPONSE;
user_info->password.response.lanman = data_blob_talloc(mem_ctx, r->in.logon->network->lm.data, r->in.logon->network->lm.length);
user_info->password.response.nt = data_blob_talloc(mem_ctx, r->in.logon->network->nt.data, r->in.logon->network->nt.length);
-
+
break;
-
+
case NetlogonGenericInformation:
{
if (creds->negotiate_flags & NETLOGON_NEG_ARCFOUR) {
- netlogon_creds_arcfour_crypt(creds,
+ netlogon_creds_arcfour_crypt(creds,
r->in.logon->generic->data, r->in.logon->generic->length);
} else {
/* Using DES to verify kerberos tickets makes no sense */
@@ -559,21 +557,21 @@ static NTSTATUS dcesrv_netr_LogonSamLogon_base(struct dcesrv_call_state *dce_cal
struct netr_GenericInfo2 *generic = talloc_zero(mem_ctx, struct netr_GenericInfo2);
NT_STATUS_HAVE_NO_MEMORY(generic);
*r->out.authoritative = 1;
-
+
/* TODO: Describe and deal with these flags */
*r->out.flags = 0;
r->out.validation->generic = generic;
-
+
kdc = irpc_servers_byname(dce_call->msg_ctx, mem_ctx, "kdc_server");
if ((kdc == NULL) || (kdc[0].id == 0)) {
return NT_STATUS_NO_LOGON_SERVERS;
}
-
- check.in.generic_request =
+
+ check.in.generic_request =
data_blob_const(r->in.logon->generic->data,
r->in.logon->generic->length);
-
+
status = irpc_call(dce_call->msg_ctx, kdc[0],
&ndr_table_irpc, NDR_KDC_CHECK_GENERIC_KERBEROS,
&check, mem_ctx);
@@ -591,7 +589,7 @@ static NTSTATUS dcesrv_netr_LogonSamLogon_base(struct dcesrv_call_state *dce_cal
default:
return NT_STATUS_INVALID_PARAMETER;
}
-
+
nt_status = auth_check_password(auth_context, mem_ctx, user_info, &server_info);
NT_STATUS_NOT_OK_RETURN(nt_status);
@@ -604,8 +602,8 @@ static NTSTATUS dcesrv_netr_LogonSamLogon_base(struct dcesrv_call_state *dce_cal
memcmp(sam->key.key, zeros, sizeof(sam->key.key)) != 0) {
/* This key is sent unencrypted without the ARCFOUR flag set */
if (creds->negotiate_flags & NETLOGON_NEG_ARCFOUR) {
- netlogon_creds_arcfour_crypt(creds,
- sam->key.key,
+ netlogon_creds_arcfour_crypt(creds,
+ sam->key.key,
sizeof(sam->key.key));
}
}
@@ -615,11 +613,11 @@ static NTSTATUS dcesrv_netr_LogonSamLogon_base(struct dcesrv_call_state *dce_cal
if ((r->in.validation_level != 6) &&
memcmp(sam->LMSessKey.key, zeros, sizeof(sam->LMSessKey.key)) != 0) {
if (creds->negotiate_flags & NETLOGON_NEG_ARCFOUR) {
- netlogon_creds_arcfour_crypt(creds,
- sam->LMSessKey.key,
+ netlogon_creds_arcfour_crypt(creds,
+ sam->LMSessKey.key,
sizeof(sam->LMSessKey.key));
} else {
- netlogon_creds_des_encrypt_LMKey(creds,
+ netlogon_creds_des_encrypt_LMKey(creds,
&sam->LMSessKey);
}
}
@@ -644,7 +642,7 @@ static NTSTATUS dcesrv_netr_LogonSamLogon_base(struct dcesrv_call_state *dce_cal
NT_STATUS_HAVE_NO_MEMORY(sam6);
sam6->base = *sam;
sam6->forest.string = lp_dnsdomain(dce_call->conn->dce_ctx->lp_ctx);
- sam6->principle.string = talloc_asprintf(mem_ctx, "%s@%s",
+ sam6->principle.string = talloc_asprintf(mem_ctx, "%s@%s",
sam->account_name.string, sam6->forest.string);
NT_STATUS_HAVE_NO_MEMORY(sam6->principle.string);
r->out.validation->sam6 = sam6;
@@ -663,7 +661,7 @@ static NTSTATUS dcesrv_netr_LogonSamLogon_base(struct dcesrv_call_state *dce_cal
}
static NTSTATUS dcesrv_netr_LogonSamLogonEx(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
- struct netr_LogonSamLogonEx *r)
+ struct netr_LogonSamLogonEx *r)
{
NTSTATUS nt_status;
struct netlogon_creds_CredentialState *creds;
@@ -671,7 +669,7 @@ static NTSTATUS dcesrv_netr_LogonSamLogonEx(struct dcesrv_call_state *dce_call,
if (!ldb) {
return NT_STATUS_ACCESS_DENIED;
}
-
+
nt_status = schannel_fetch_session_key_ldb(ldb, mem_ctx, r->in.computer_name, &creds);
if (!NT_STATUS_IS_OK(nt_status)) {
return nt_status;
@@ -684,7 +682,7 @@ static NTSTATUS dcesrv_netr_LogonSamLogonEx(struct dcesrv_call_state *dce_call,
return dcesrv_netr_LogonSamLogon_base(dce_call, mem_ctx, r, creds);
}
-/*
+/*
netr_LogonSamLogonWithFlags
*/
@@ -701,8 +699,8 @@ static NTSTATUS dcesrv_netr_LogonSamLogonWithFlags(struct dcesrv_call_state *dce
NT_STATUS_HAVE_NO_MEMORY(return_authenticator);
nt_status = dcesrv_netr_creds_server_step_check(dce_call,
- mem_ctx,
- r->in.computer_name,
+ mem_ctx,
+ r->in.computer_name,
r->in.credential, return_authenticator,
&creds);
NT_STATUS_NOT_OK_RETURN(nt_status);
@@ -726,7 +724,7 @@ static NTSTATUS dcesrv_netr_LogonSamLogonWithFlags(struct dcesrv_call_state *dce
return nt_status;
--
Samba Shared Repository
More information about the samba-cvs
mailing list