[SCM] Samba Shared Repository - branch master updated
Simo Sorce
idra at samba.org
Wed Feb 24 16:36:28 MST 2010
The branch, master has been updated
via 76f4e6f... idl:lsa change string type
via a7057e6... s4:lsa use the correct way to store a domain sid
via 376fa0d... s4:lsa avoid confusing ourselves over sam_ldb
via 4930de5... s4:lsa cleanup trailing spaces and tabs
via 71c20f7... Revert "s4-smb: Migrate named_pipe_server to tsocket."
from 8d03b5e... s4:install Fix bug #7149 reported by JHT.
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit 76f4e6f16b624c6a680122b4bed7f5922bc1f236
Author: Simo Sorce <idra at samba.org>
Date: Wed Feb 24 17:55:25 2010 -0500
idl:lsa change string type
comapring win<-> traces it looks like this is an lsa_StringLarge
commit a7057e69c72f2c42a76cf67ccdb5927023c6aac2
Author: Simo Sorce <idra at samba.org>
Date: Wed Feb 24 17:10:59 2010 -0500
s4:lsa use the correct way to store a domain sid
Converting the sid to a string and then storing a string does not save the sid
in the right format. Causing following retrievals to fail to read back a sid
with samdb_result_dom_sid().
commit 376fa0d66e61fe8165298b5dc1b49265f666a363
Author: Simo Sorce <idra at samba.org>
Date: Wed Feb 24 17:07:26 2010 -0500
s4:lsa avoid confusing ourselves over sam_ldb
Do not use policy_state->sam_ldb and trusted_domain_state->policy->sam_ldb
interchangeably all over the place. Just use sam_ldb everywhere and make the
code slightly more readable.
commit 4930de5cd922a24eb2ffb88620f23e2260487ec3
Author: Simo Sorce <idra at samba.org>
Date: Wed Feb 24 16:54:16 2010 -0500
s4:lsa cleanup trailing spaces and tabs
commit 71c20f703b0c603d6aada63ed5634070a26df052
Author: Simo Sorce <idra at samba.org>
Date: Wed Feb 24 16:35:35 2010 -0500
Revert "s4-smb: Migrate named_pipe_server to tsocket."
This reverts commit 69d5cea2e59162f19460e7ce4b6382fc5fdd6ca0.
This commit causes issues with the RPC server, revert it until we find the
exact issue and possibly have a torture test to avoid it happening again.
Found playing with w2k8r2 and forest trusts.
-----------------------------------------------------------------------
Summary of changes:
librpc/gen_ndr/lsa.h | 2 +-
librpc/gen_ndr/ndr_lsa.c | 10 +-
librpc/idl/lsa.idl | 2 +-
source4/rpc_server/lsa/dcesrv_lsa.c | 150 ++++++------
source4/smbd/service_named_pipe.c | 488 +++++++++++++++--------------------
source4/smbd/service_stream.c | 2 +-
6 files changed, 293 insertions(+), 361 deletions(-)
Changeset truncated at 500 lines:
diff --git a/librpc/gen_ndr/lsa.h b/librpc/gen_ndr/lsa.h
index 8a389ae..cf3d1bb 100644
--- a/librpc/gen_ndr/lsa.h
+++ b/librpc/gen_ndr/lsa.h
@@ -738,7 +738,7 @@ struct lsa_ForestTrustDomainInfo {
};
union lsa_ForestTrustData {
- struct lsa_String top_level_name;/* [case(LSA_FOREST_TRUST_TOP_LEVEL_NAME)] */
+ struct lsa_StringLarge top_level_name;/* [case(LSA_FOREST_TRUST_TOP_LEVEL_NAME)] */
struct lsa_StringLarge top_level_name_ex;/* [case(LSA_FOREST_TRUST_TOP_LEVEL_NAME_EX)] */
struct lsa_ForestTrustDomainInfo domain_info;/* [case(LSA_FOREST_TRUST_DOMAIN_INFO)] */
struct lsa_ForestTrustBinaryData data;/* [default] */
diff --git a/librpc/gen_ndr/ndr_lsa.c b/librpc/gen_ndr/ndr_lsa.c
index e95784b..662400d 100644
--- a/librpc/gen_ndr/ndr_lsa.c
+++ b/librpc/gen_ndr/ndr_lsa.c
@@ -5054,7 +5054,7 @@ static enum ndr_err_code ndr_push_lsa_ForestTrustData(struct ndr_push *ndr, int
NDR_CHECK(ndr_push_union_align(ndr, 5));
switch (level) {
case LSA_FOREST_TRUST_TOP_LEVEL_NAME: {
- NDR_CHECK(ndr_push_lsa_String(ndr, NDR_SCALARS, &r->top_level_name));
+ NDR_CHECK(ndr_push_lsa_StringLarge(ndr, NDR_SCALARS, &r->top_level_name));
break; }
case LSA_FOREST_TRUST_TOP_LEVEL_NAME_EX: {
@@ -5075,7 +5075,7 @@ static enum ndr_err_code ndr_push_lsa_ForestTrustData(struct ndr_push *ndr, int
int level = ndr_push_get_switch_value(ndr, r);
switch (level) {
case LSA_FOREST_TRUST_TOP_LEVEL_NAME:
- NDR_CHECK(ndr_push_lsa_String(ndr, NDR_BUFFERS, &r->top_level_name));
+ NDR_CHECK(ndr_push_lsa_StringLarge(ndr, NDR_BUFFERS, &r->top_level_name));
break;
case LSA_FOREST_TRUST_TOP_LEVEL_NAME_EX:
@@ -5108,7 +5108,7 @@ static enum ndr_err_code ndr_pull_lsa_ForestTrustData(struct ndr_pull *ndr, int
NDR_CHECK(ndr_pull_union_align(ndr, 5));
switch (level) {
case LSA_FOREST_TRUST_TOP_LEVEL_NAME: {
- NDR_CHECK(ndr_pull_lsa_String(ndr, NDR_SCALARS, &r->top_level_name));
+ NDR_CHECK(ndr_pull_lsa_StringLarge(ndr, NDR_SCALARS, &r->top_level_name));
break; }
case LSA_FOREST_TRUST_TOP_LEVEL_NAME_EX: {
@@ -5128,7 +5128,7 @@ static enum ndr_err_code ndr_pull_lsa_ForestTrustData(struct ndr_pull *ndr, int
if (ndr_flags & NDR_BUFFERS) {
switch (level) {
case LSA_FOREST_TRUST_TOP_LEVEL_NAME:
- NDR_CHECK(ndr_pull_lsa_String(ndr, NDR_BUFFERS, &r->top_level_name));
+ NDR_CHECK(ndr_pull_lsa_StringLarge(ndr, NDR_BUFFERS, &r->top_level_name));
break;
case LSA_FOREST_TRUST_TOP_LEVEL_NAME_EX:
@@ -5155,7 +5155,7 @@ _PUBLIC_ void ndr_print_lsa_ForestTrustData(struct ndr_print *ndr, const char *n
ndr_print_union(ndr, name, level, "lsa_ForestTrustData");
switch (level) {
case LSA_FOREST_TRUST_TOP_LEVEL_NAME:
- ndr_print_lsa_String(ndr, "top_level_name", &r->top_level_name);
+ ndr_print_lsa_StringLarge(ndr, "top_level_name", &r->top_level_name);
break;
case LSA_FOREST_TRUST_TOP_LEVEL_NAME_EX:
diff --git a/librpc/idl/lsa.idl b/librpc/idl/lsa.idl
index bfb465a..6b3536a 100644
--- a/librpc/idl/lsa.idl
+++ b/librpc/idl/lsa.idl
@@ -1279,7 +1279,7 @@ import "misc.idl", "security.idl";
} lsa_ForestTrustDomainInfo;
typedef [switch_type(uint32)] union {
- [case(LSA_FOREST_TRUST_TOP_LEVEL_NAME)] lsa_String top_level_name;
+ [case(LSA_FOREST_TRUST_TOP_LEVEL_NAME)] lsa_StringLarge top_level_name;
[case(LSA_FOREST_TRUST_TOP_LEVEL_NAME_EX)] lsa_StringLarge top_level_name_ex;
[case(LSA_FOREST_TRUST_DOMAIN_INFO)] lsa_ForestTrustDomainInfo domain_info;
[default] lsa_ForestTrustBinaryData data;
diff --git a/source4/rpc_server/lsa/dcesrv_lsa.c b/source4/rpc_server/lsa/dcesrv_lsa.c
index 45fe08e..6a5a907 100644
--- a/source4/rpc_server/lsa/dcesrv_lsa.c
+++ b/source4/rpc_server/lsa/dcesrv_lsa.c
@@ -759,11 +759,13 @@ static NTSTATUS dcesrv_lsa_CreateTrustedDomain_base(struct dcesrv_call_state *dc
int ret;
NTSTATUS nt_status;
enum ndr_err_code ndr_err;
-
+ struct ldb_context *sam_ldb;
+
DCESRV_PULL_HANDLE(policy_handle, r->in.policy_handle, LSA_HANDLE_POLICY);
ZERO_STRUCTP(r->out.trustdom_handle);
-
+
policy_state = policy_handle->data;
+ sam_ldb = policy_state->sam_ldb;
nt_status = dcesrv_fetch_session_key(dce_call->conn, &session_key);
if (!NT_STATUS_IS_OK(nt_status)) {
@@ -774,9 +776,9 @@ static NTSTATUS dcesrv_lsa_CreateTrustedDomain_base(struct dcesrv_call_state *dc
if (!netbios_name) {
return NT_STATUS_INVALID_PARAMETER;
}
-
+
dns_name = r->in.info->domain_name.string;
-
+
trusted_domain_state = talloc_zero(mem_ctx, struct lsa_trusted_domain_state);
if (!trusted_domain_state) {
return NT_STATUS_NO_MEMORY;
@@ -784,14 +786,14 @@ static NTSTATUS dcesrv_lsa_CreateTrustedDomain_base(struct dcesrv_call_state *dc
trusted_domain_state->policy = policy_state;
if (strcasecmp(netbios_name, "BUILTIN") == 0
- || (dns_name && strcasecmp(dns_name, "BUILTIN") == 0)
+ || (dns_name && strcasecmp(dns_name, "BUILTIN") == 0)
|| (dom_sid_in_domain(policy_state->builtin_sid, r->in.info->sid))) {
return NT_STATUS_INVALID_PARAMETER;;
}
if (strcasecmp(netbios_name, policy_state->domain_name) == 0
|| strcasecmp(netbios_name, policy_state->domain_dns) == 0
- || (dns_name && strcasecmp(dns_name, policy_state->domain_dns) == 0)
+ || (dns_name && strcasecmp(dns_name, policy_state->domain_dns) == 0)
|| (dns_name && strcasecmp(dns_name, policy_state->domain_name) == 0)
|| (dom_sid_equal(policy_state->domain_sid, r->in.info->sid))) {
return NT_STATUS_CURRENT_DOMAIN_NOT_ALLOWED;
@@ -805,13 +807,13 @@ static NTSTATUS dcesrv_lsa_CreateTrustedDomain_base(struct dcesrv_call_state *dc
} else {
auth_blob = data_blob_const(r->in.auth_info->auth_blob.data, r->in.auth_info->auth_blob.size);
arcfour_crypt_blob(auth_blob.data, auth_blob.length, &session_key);
- ndr_err = ndr_pull_struct_blob(&auth_blob, mem_ctx,
+ ndr_err = ndr_pull_struct_blob(&auth_blob, mem_ctx,
lp_iconv_convenience(dce_call->conn->dce_ctx->lp_ctx),
&auth_struct,
(ndr_pull_flags_fn_t)ndr_pull_trustDomainPasswords);
if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
return NT_STATUS_INVALID_PARAMETER;
- }
+ }
if (op == NDR_LSA_CREATETRUSTEDDOMAINEX) {
if (auth_struct.incoming.count > 1) {
@@ -823,13 +825,13 @@ static NTSTATUS dcesrv_lsa_CreateTrustedDomain_base(struct dcesrv_call_state *dc
if (auth_struct.incoming.count) {
int i;
struct trustAuthInOutBlob incoming;
-
+
incoming.count = auth_struct.incoming.count;
incoming.current = talloc(mem_ctx, struct AuthenticationInformationArray);
if (!incoming.current) {
return NT_STATUS_NO_MEMORY;
}
-
+
incoming.current->array = *auth_struct.incoming.current;
if (!incoming.current->array) {
return NT_STATUS_NO_MEMORY;
@@ -848,7 +850,7 @@ static NTSTATUS dcesrv_lsa_CreateTrustedDomain_base(struct dcesrv_call_state *dc
incoming.previous->array[i].LastUpdateTime = 0;
incoming.previous->array[i].AuthType = 0;
}
- ndr_err = ndr_push_struct_blob(&trustAuthIncoming, mem_ctx,
+ ndr_err = ndr_push_struct_blob(&trustAuthIncoming, mem_ctx,
lp_iconv_convenience(dce_call->conn->dce_ctx->lp_ctx),
&incoming,
(ndr_push_flags_fn_t)ndr_push_trustAuthInOutBlob);
@@ -858,17 +860,17 @@ static NTSTATUS dcesrv_lsa_CreateTrustedDomain_base(struct dcesrv_call_state *dc
} else {
trustAuthIncoming = data_blob(NULL, 0);
}
-
+
if (auth_struct.outgoing.count) {
int i;
struct trustAuthInOutBlob outgoing;
-
+
outgoing.count = auth_struct.outgoing.count;
outgoing.current = talloc(mem_ctx, struct AuthenticationInformationArray);
if (!outgoing.current) {
return NT_STATUS_NO_MEMORY;
}
-
+
outgoing.current->array = *auth_struct.outgoing.current;
if (!outgoing.current->array) {
return NT_STATUS_NO_MEMORY;
@@ -887,7 +889,7 @@ static NTSTATUS dcesrv_lsa_CreateTrustedDomain_base(struct dcesrv_call_state *dc
outgoing.previous->array[i].LastUpdateTime = 0;
outgoing.previous->array[i].AuthType = 0;
}
- ndr_err = ndr_push_struct_blob(&trustAuthOutgoing, mem_ctx,
+ ndr_err = ndr_push_struct_blob(&trustAuthOutgoing, mem_ctx,
lp_iconv_convenience(dce_call->conn->dce_ctx->lp_ctx),
&outgoing,
(ndr_push_flags_fn_t)ndr_push_trustAuthInOutBlob);
@@ -898,7 +900,7 @@ static NTSTATUS dcesrv_lsa_CreateTrustedDomain_base(struct dcesrv_call_state *dc
trustAuthOutgoing = data_blob(NULL, 0);
}
- ret = ldb_transaction_start(policy_state->sam_ldb);
+ ret = ldb_transaction_start(sam_ldb);
if (ret != LDB_SUCCESS) {
return NT_STATUS_INTERNAL_DB_CORRUPTION;
}
@@ -907,32 +909,32 @@ static NTSTATUS dcesrv_lsa_CreateTrustedDomain_base(struct dcesrv_call_state *dc
char *dns_encoded = ldb_binary_encode_string(mem_ctx, netbios_name);
char *netbios_encoded = ldb_binary_encode_string(mem_ctx, netbios_name);
/* search for the trusted_domain record */
- ret = gendb_search(policy_state->sam_ldb,
+ ret = gendb_search(sam_ldb,
mem_ctx, policy_state->system_dn, &msgs, attrs,
- "(&(|(flatname=%s)(cn=%s)(trustPartner=%s)(flatname=%s)(cn=%s)(trustPartner=%s))(objectclass=trustedDomain))",
+ "(&(|(flatname=%s)(cn=%s)(trustPartner=%s)(flatname=%s)(cn=%s)(trustPartner=%s))(objectclass=trustedDomain))",
dns_encoded, dns_encoded, dns_encoded, netbios_encoded, netbios_encoded, netbios_encoded);
if (ret > 0) {
- ldb_transaction_cancel(policy_state->sam_ldb);
+ ldb_transaction_cancel(sam_ldb);
return NT_STATUS_OBJECT_NAME_COLLISION;
}
} else {
char *netbios_encoded = ldb_binary_encode_string(mem_ctx, netbios_name);
/* search for the trusted_domain record */
- ret = gendb_search(policy_state->sam_ldb,
+ ret = gendb_search(sam_ldb,
mem_ctx, policy_state->system_dn, &msgs, attrs,
- "(&(|(flatname=%s)(cn=%s)(trustPartner=%s))(objectclass=trustedDomain))",
+ "(&(|(flatname=%s)(cn=%s)(trustPartner=%s))(objectclass=trustedDomain))",
netbios_encoded, netbios_encoded, netbios_encoded);
if (ret > 0) {
- ldb_transaction_cancel(policy_state->sam_ldb);
+ ldb_transaction_cancel(sam_ldb);
return NT_STATUS_OBJECT_NAME_COLLISION;
}
}
-
+
if (ret < 0 ) {
- ldb_transaction_cancel(policy_state->sam_ldb);
+ ldb_transaction_cancel(sam_ldb);
return NT_STATUS_INTERNAL_DB_CORRUPTION;
}
-
+
name = dns_name ? dns_name : netbios_name;
msg = ldb_msg_new(mem_ctx);
@@ -942,45 +944,43 @@ static NTSTATUS dcesrv_lsa_CreateTrustedDomain_base(struct dcesrv_call_state *dc
msg->dn = ldb_dn_copy(mem_ctx, policy_state->system_dn);
if ( ! ldb_dn_add_child_fmt(msg->dn, "cn=%s", name)) {
- ldb_transaction_cancel(policy_state->sam_ldb);
+ ldb_transaction_cancel(sam_ldb);
return NT_STATUS_NO_MEMORY;
}
-
- samdb_msg_add_string(trusted_domain_state->policy->sam_ldb, mem_ctx, msg, "flatname", netbios_name);
+
+ samdb_msg_add_string(sam_ldb, mem_ctx, msg, "flatname", netbios_name);
if (r->in.info->sid) {
- const char *sid_string = dom_sid_string(mem_ctx, r->in.info->sid);
- if (!sid_string) {
- ldb_transaction_cancel(policy_state->sam_ldb);
- return NT_STATUS_NO_MEMORY;
+ ret = samdb_msg_add_dom_sid(sam_ldb, mem_ctx, msg, "securityIdentifier", r->in.info->sid);
+ if (ret != LDB_SUCCESS) {
+ ldb_transaction_cancel(sam_ldb);
+ return NT_STATUS_INVALID_PARAMETER;
}
-
- samdb_msg_add_string(trusted_domain_state->policy->sam_ldb, mem_ctx, msg, "securityIdentifier", sid_string);
}
- samdb_msg_add_string(trusted_domain_state->policy->sam_ldb, mem_ctx, msg, "objectClass", "trustedDomain");
+ samdb_msg_add_string(sam_ldb, mem_ctx, msg, "objectClass", "trustedDomain");
- samdb_msg_add_int(trusted_domain_state->policy->sam_ldb, mem_ctx, msg, "trustType", r->in.info->trust_type);
+ samdb_msg_add_int(sam_ldb, mem_ctx, msg, "trustType", r->in.info->trust_type);
- samdb_msg_add_int(trusted_domain_state->policy->sam_ldb, mem_ctx, msg, "trustAttributes", r->in.info->trust_attributes);
+ samdb_msg_add_int(sam_ldb, mem_ctx, msg, "trustAttributes", r->in.info->trust_attributes);
+
+ samdb_msg_add_int(sam_ldb, mem_ctx, msg, "trustDirection", r->in.info->trust_direction);
- samdb_msg_add_int(trusted_domain_state->policy->sam_ldb, mem_ctx, msg, "trustDirection", r->in.info->trust_direction);
-
if (dns_name) {
- samdb_msg_add_string(trusted_domain_state->policy->sam_ldb, mem_ctx, msg, "trustPartner", dns_name);
+ samdb_msg_add_string(sam_ldb, mem_ctx, msg, "trustPartner", dns_name);
}
if (trustAuthIncoming.data) {
ret = ldb_msg_add_value(msg, "trustAuthIncoming", &trustAuthIncoming, NULL);
if (ret != LDB_SUCCESS) {
- ldb_transaction_cancel(policy_state->sam_ldb);
+ ldb_transaction_cancel(sam_ldb);
return NT_STATUS_NO_MEMORY;
}
}
if (trustAuthOutgoing.data) {
ret = ldb_msg_add_value(msg, "trustAuthOutgoing", &trustAuthOutgoing, NULL);
if (ret != LDB_SUCCESS) {
- ldb_transaction_cancel(policy_state->sam_ldb);
+ ldb_transaction_cancel(sam_ldb);
return NT_STATUS_NO_MEMORY;
}
}
@@ -988,34 +988,34 @@ static NTSTATUS dcesrv_lsa_CreateTrustedDomain_base(struct dcesrv_call_state *dc
trusted_domain_state->trusted_domain_dn = talloc_reference(trusted_domain_state, msg->dn);
/* create the trusted_domain */
- ret = ldb_add(trusted_domain_state->policy->sam_ldb, msg);
+ ret = ldb_add(sam_ldb, msg);
switch (ret) {
case LDB_SUCCESS:
break;
case LDB_ERR_ENTRY_ALREADY_EXISTS:
- ldb_transaction_cancel(trusted_domain_state->policy->sam_ldb);
+ ldb_transaction_cancel(sam_ldb);
DEBUG(0,("Failed to create trusted domain record %s: %s\n",
ldb_dn_get_linearized(msg->dn),
- ldb_errstring(trusted_domain_state->policy->sam_ldb)));
+ ldb_errstring(sam_ldb)));
return NT_STATUS_DOMAIN_EXISTS;
case LDB_ERR_INSUFFICIENT_ACCESS_RIGHTS:
- ldb_transaction_cancel(trusted_domain_state->policy->sam_ldb);
+ ldb_transaction_cancel(sam_ldb);
DEBUG(0,("Failed to create trusted domain record %s: %s\n",
ldb_dn_get_linearized(msg->dn),
- ldb_errstring(trusted_domain_state->policy->sam_ldb)));
+ ldb_errstring(sam_ldb)));
return NT_STATUS_ACCESS_DENIED;
default:
- ldb_transaction_cancel(trusted_domain_state->policy->sam_ldb);
+ ldb_transaction_cancel(sam_ldb);
DEBUG(0,("Failed to create user record %s: %s\n",
ldb_dn_get_linearized(msg->dn),
- ldb_errstring(trusted_domain_state->policy->sam_ldb)));
+ ldb_errstring(sam_ldb)));
return NT_STATUS_INTERNAL_DB_CORRUPTION;
}
if (r->in.info->trust_direction & LSA_TRUST_DIRECTION_INBOUND) {
msg_user = ldb_msg_new(mem_ctx);
if (msg_user == NULL) {
- ldb_transaction_cancel(trusted_domain_state->policy->sam_ldb);
+ ldb_transaction_cancel(sam_ldb);
return NT_STATUS_NO_MEMORY;
}
@@ -1024,73 +1024,73 @@ static NTSTATUS dcesrv_lsa_CreateTrustedDomain_base(struct dcesrv_call_state *dc
trusted_domain_state->trusted_domain_user_dn = msg_user->dn
= ldb_dn_copy(trusted_domain_state, policy_state->domain_dn);
if ( ! ldb_dn_add_child_fmt(msg_user->dn, "cn=users")) {
- ldb_transaction_cancel(policy_state->sam_ldb);
+ ldb_transaction_cancel(sam_ldb);
return NT_STATUS_NO_MEMORY;
}
-
+
if ( ! ldb_dn_add_child_fmt(msg_user->dn, "cn=%s", netbios_name)) {
- ldb_transaction_cancel(policy_state->sam_ldb);
+ ldb_transaction_cancel(sam_ldb);
return NT_STATUS_NO_MEMORY;
}
ldb_msg_add_string(msg_user, "objectClass", "user");
- ldb_msg_add_steal_string(msg_user, "samAccountName",
+ ldb_msg_add_steal_string(msg_user, "samAccountName",
talloc_asprintf(mem_ctx, "%s$", netbios_name));
- if (samdb_msg_add_uint(trusted_domain_state->policy->sam_ldb, mem_ctx, msg_user,
- "userAccountControl",
- UF_INTERDOMAIN_TRUST_ACCOUNT) != 0) {
- ldb_transaction_cancel(policy_state->sam_ldb);
- return NT_STATUS_NO_MEMORY;
+ if (samdb_msg_add_uint(sam_ldb, mem_ctx, msg_user,
+ "userAccountControl",
+ UF_INTERDOMAIN_TRUST_ACCOUNT) != 0) {
+ ldb_transaction_cancel(sam_ldb);
+ return NT_STATUS_NO_MEMORY;
}
if (auth_struct.incoming.count) {
int i;
for (i=0; i < auth_struct.incoming.count; i++ ) {
if (auth_struct.incoming.current[i]->AuthType == TRUST_AUTH_TYPE_NT4OWF) {
- samdb_msg_add_hash(trusted_domain_state->policy->sam_ldb,
- mem_ctx, msg_user, "unicodePwd",
+ samdb_msg_add_hash(sam_ldb,
+ mem_ctx, msg_user, "unicodePwd",
&auth_struct.incoming.current[i]->AuthInfo.nt4owf.password);
} else if (auth_struct.incoming.current[i]->AuthType == TRUST_AUTH_TYPE_CLEAR) {
DATA_BLOB new_password = data_blob_const(auth_struct.incoming.current[i]->AuthInfo.clear.password,
auth_struct.incoming.current[i]->AuthInfo.clear.size);
ret = ldb_msg_add_value(msg_user, "clearTextPassword", &new_password, NULL);
if (ret != LDB_SUCCESS) {
- ldb_transaction_cancel(policy_state->sam_ldb);
+ ldb_transaction_cancel(sam_ldb);
return NT_STATUS_NO_MEMORY;
}
- }
+ }
}
}
/* create the cn=users trusted_domain account */
- ret = ldb_add(trusted_domain_state->policy->sam_ldb, msg_user);
+ ret = ldb_add(sam_ldb, msg_user);
switch (ret) {
case LDB_SUCCESS:
break;
case LDB_ERR_ENTRY_ALREADY_EXISTS:
- ldb_transaction_cancel(trusted_domain_state->policy->sam_ldb);
+ ldb_transaction_cancel(sam_ldb);
DEBUG(0,("Failed to create trusted domain record %s: %s\n",
ldb_dn_get_linearized(msg_user->dn),
- ldb_errstring(trusted_domain_state->policy->sam_ldb)));
+ ldb_errstring(sam_ldb)));
return NT_STATUS_DOMAIN_EXISTS;
case LDB_ERR_INSUFFICIENT_ACCESS_RIGHTS:
- ldb_transaction_cancel(trusted_domain_state->policy->sam_ldb);
+ ldb_transaction_cancel(sam_ldb);
DEBUG(0,("Failed to create trusted domain record %s: %s\n",
ldb_dn_get_linearized(msg_user->dn),
- ldb_errstring(trusted_domain_state->policy->sam_ldb)));
+ ldb_errstring(sam_ldb)));
return NT_STATUS_ACCESS_DENIED;
default:
- ldb_transaction_cancel(trusted_domain_state->policy->sam_ldb);
+ ldb_transaction_cancel(sam_ldb);
DEBUG(0,("Failed to create user record %s: %s\n",
ldb_dn_get_linearized(msg_user->dn),
- ldb_errstring(trusted_domain_state->policy->sam_ldb)));
+ ldb_errstring(sam_ldb)));
return NT_STATUS_INTERNAL_DB_CORRUPTION;
}
}
- ret = ldb_transaction_commit(policy_state->sam_ldb);
+ ret = ldb_transaction_commit(sam_ldb);
if (ret != LDB_SUCCESS) {
return NT_STATUS_INTERNAL_DB_CORRUPTION;
}
@@ -1099,14 +1099,14 @@ static NTSTATUS dcesrv_lsa_CreateTrustedDomain_base(struct dcesrv_call_state *dc
if (!handle) {
return NT_STATUS_NO_MEMORY;
}
-
+
handle->data = talloc_steal(handle, trusted_domain_state);
-
+
trusted_domain_state->access_mask = r->in.access_mask;
trusted_domain_state->policy = talloc_reference(trusted_domain_state, policy_state);
-
+
*r->out.trustdom_handle = handle->wire_handle;
-
+
return NT_STATUS_OK;
}
diff --git a/source4/smbd/service_named_pipe.c b/source4/smbd/service_named_pipe.c
index 18ae823..c10f432 100644
--- a/source4/smbd/service_named_pipe.c
+++ b/source4/smbd/service_named_pipe.c
@@ -25,12 +25,9 @@
#include "param/param.h"
#include "auth/session.h"
#include "auth/auth_sam_reply.h"
-#include "lib/socket/socket.h"
-#include "lib/tsocket/tsocket.h"
-#include "libcli/util/tstream.h"
+#include "lib/stream/packet.h"
#include "librpc/gen_ndr/ndr_named_pipe_auth.h"
#include "system/passwd.h"
-#include "system/network.h"
#include "libcli/raw/smb.h"
#include "auth/credentials/credentials.h"
#include "auth/credentials/credentials_krb5.h"
@@ -44,293 +41,224 @@ struct named_pipe_socket {
struct named_pipe_connection {
struct stream_connection *connection;
+ struct packet_context *packet;
const struct named_pipe_socket *pipe_sock;
- struct tstream_context *tstream;
+ NTSTATUS status;
};
-static void named_pipe_terminate_connection(struct named_pipe_connection *pipe_conn, const char *reason)
-{
- stream_terminate_connection(pipe_conn->connection, reason);
-}
-
-static NTSTATUS named_pipe_full_request(void *private_data, DATA_BLOB blob, size_t *size)
+static void named_pipe_handover_connection(void *private_data)
{
--
Samba Shared Repository
More information about the samba-cvs
mailing list