[SCM] Samba Shared Repository - branch v3-6-test updated
Stefan Metzmacher
metze at samba.org
Fri Feb 4 02:04:50 MST 2011
The branch, v3-6-test has been updated
via da8eb5f s4:rpc_server/netlogon: add dcesrv_netr_LogonSamLogon_check()
via fde8450 s4:rpc_server/netlogon: set *r->out.authoritative = 1 even on INVALID_PARAMETER/INFO_CLASS
via c1ecb99 s4:rpc_server/netlogon: return INVALID_INFO_CLASS for invalid netr_Validation levels
via 9df59dd pidl:wscript: don't warn about pidl gammar file changes for now
via db59945 pidl/wscript: only warn about grammar file changes
via 5af6ff3 pidl/wscript: let the developer use the standalone build with yapp
from 39a3be5 Fix a couple of missing checks on talloc returns.
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-6-test
- Log -----------------------------------------------------------------
commit da8eb5f0d21ffa4f092a8317ed8b8e6005ac4249
Author: Stefan Metzmacher <metze at samba.org>
Date: Tue Feb 1 14:47:05 2011 +0100
s4:rpc_server/netlogon: add dcesrv_netr_LogonSamLogon_check()
We need to check for invalid parameters before we check for
access denied.
metze
(cherry picked from commit a4d4217dfa03bda9ace25bb4f54be5e94c09abbf)
commit fde8450a210267e315262b78168dabb4e2f4b0cb
Author: Stefan Metzmacher <metze at samba.org>
Date: Tue Feb 1 10:27:35 2011 +0100
s4:rpc_server/netlogon: set *r->out.authoritative = 1 even on INVALID_PARAMETER/INFO_CLASS
metze
(cherry picked from commit 578e87dbf223c2ad529ef5de07630ed5c25a3ad6)
commit c1ecb9930f8fc9e1271d932643d6771765514991
Author: Stefan Metzmacher <metze at samba.org>
Date: Tue Feb 1 10:21:05 2011 +0100
s4:rpc_server/netlogon: return INVALID_INFO_CLASS for invalid netr_Validation levels
metze
(cherry picked from commit 97727e106878fef1a260ab6310992fff36ea5294)
commit 9df59dda6bd2c51f1d9640f9d2979dd1c07b4c0e
Author: Stefan Metzmacher <metze at samba.org>
Date: Tue Jan 18 07:20:26 2011 +0100
pidl:wscript: don't warn about pidl gammar file changes for now
We may add some logic that uses git diff HEAD to detect this changes
in developer mode later again.
metze
Autobuild-User: Stefan Metzmacher <metze at samba.org>
Autobuild-Date: Tue Jan 18 08:10:06 CET 2011 on sn-devel-104
(cherry picked from commit d5173ca189a080d0bb3a56200203c32a40c4b6e3)
commit db59945ac15901d90ccd12e20fe649e5f9cc4c49
Author: Stefan Metzmacher <metze at samba.org>
Date: Thu Jan 6 13:41:08 2011 +0100
pidl/wscript: only warn about grammar file changes
autobuild should protect us from having grammar files
and generated files out of sync.
metze
(cherry picked from commit ce7cb972b0ba7ec20d05bb1c4243fa0e2b5f05c0)
commit 5af6ff3e2c004ac41778cfe97d83e2d3b3abda86
Author: Stefan Metzmacher <metze at samba.org>
Date: Wed Jan 5 12:00:01 2011 +0100
pidl/wscript: let the developer use the standalone build with yapp
Waf isn't happy when files in the source directory are changed.
metze
(cherry picked from commit 5d8f916619b5324e33d4a1bc3c97d6cc784f4bb9)
-----------------------------------------------------------------------
Summary of changes:
pidl/wscript | 38 +++++++---
source4/rpc_server/netlogon/dcerpc_netlogon.c | 100 +++++++++++++++++++++---
2 files changed, 113 insertions(+), 25 deletions(-)
Changeset truncated at 500 lines:
diff --git a/pidl/wscript b/pidl/wscript
index 8cb0c6f..e60ca20 100644
--- a/pidl/wscript
+++ b/pidl/wscript
@@ -1,6 +1,6 @@
#!/usr/bin/env python
-import os
+import os, sys, Logs
from samba_utils import MODE_755
def set_options(opt):
@@ -46,8 +46,6 @@ def build(bld):
blib_bld = os.path.join(bld.srcnode.abspath(bld.env), 'pidl/blib')
- link_command = 'rm -rf blib && ln -fs blib %s' % blib_bld
-
bld.SET_BUILD_GROUP('final')
if 'POD2MAN' in bld.env and bld.env['POD2MAN'] != '':
for src, manpage in pidl_manpages.iteritems():
@@ -57,15 +55,31 @@ def build(bld):
install_path=os.path.dirname(bld.EXPAND_VARIABLES('${MANDIR}/'+manpage)),
target=os.path.basename(manpage))
- # we want to prefer the git version of the parsers if we can. Only if the
- # source has changed do we want to re-run yapp
- need_yapp_build = ('YAPP' in bld.env and (
+ # we want to prefer the git version of the parsers if we can.
+ # Only if the source has changed do we want to re-run yapp
+ # But we force the developer to use the pidl standalone build
+ # to regenerate the files.
+ # TODO: only warn in developer mode and if 'git diff HEAD'
+ # shows a difference
+ warn_about_grammar_changes = ('PIDL_BUILD_WARNINGS' in bld.env and (
bld.IS_NEWER('idl.yp', 'lib/Parse/Pidl/IDL.pm') or
bld.IS_NEWER('expr.yp', 'lib/Parse/Pidl/Expr.pm')))
- if need_yapp_build:
- t = bld.SAMBA_GENERATOR('pidl_parser',
- source='idl.yp expr.yp',
- target='lib/Parse/Pidl/IDL.pm lib/Parse/Pidl/Expr.pm Makefile.PL',
- rule='cd ${pidl_srcdir} && ${LINK_COMMAND} && ${PERL} Makefile.PL && make lib/Parse/Pidl/IDL.pm lib/Parse/Pidl/Expr.pm && rm -f Makefile Makefile.old && rm -f blib')
- t.env.LINK_COMMAND = link_command
+ if warn_about_grammar_changes:
+ Logs.warn('''
+Pidl grammar files have changed. Please use the pidl standalone build
+to regenerate them with yapp.
+
+$ cd ../pidl
+$ perl Makefile.PL
+$ make lib/Parse/Pidl/IDL.pm lib/Parse/Pidl/Expr.pm
+$ git add lib/Parse/Pidl/IDL.pm lib/Parse/Pidl/Expr.pm
+$ git commit
+$ cd -
+
+If your 100% sure you haven't changed idl.yp and expr.yp
+try this to avoid this message:
+
+$ touch ../pidl/lib/Parse/Pidl/IDL.pm ../pidl/lib/Parse/Pidl/Expr.pm
+''')
+
diff --git a/source4/rpc_server/netlogon/dcerpc_netlogon.c b/source4/rpc_server/netlogon/dcerpc_netlogon.c
index ea4ea23..e060380 100644
--- a/source4/rpc_server/netlogon/dcerpc_netlogon.c
+++ b/source4/rpc_server/netlogon/dcerpc_netlogon.c
@@ -531,6 +531,65 @@ static WERROR dcesrv_netr_LogonUasLogoff(struct dcesrv_call_state *dce_call, TAL
}
+static NTSTATUS dcesrv_netr_LogonSamLogon_check(const struct netr_LogonSamLogonEx *r)
+{
+ switch (r->in.logon_level) {
+ case NetlogonInteractiveInformation:
+ case NetlogonServiceInformation:
+ case NetlogonInteractiveTransitiveInformation:
+ case NetlogonServiceTransitiveInformation:
+ if (r->in.logon->password == NULL) {
+ return NT_STATUS_INVALID_PARAMETER;
+ }
+
+ switch (r->in.validation_level) {
+ case NetlogonValidationSamInfo: /* 2 */
+ case NetlogonValidationSamInfo2: /* 3 */
+ case NetlogonValidationSamInfo4: /* 6 */
+ break;
+ default:
+ return NT_STATUS_INVALID_INFO_CLASS;
+ }
+
+ break;
+ case NetlogonNetworkInformation:
+ case NetlogonNetworkTransitiveInformation:
+ if (r->in.logon->network == NULL) {
+ return NT_STATUS_INVALID_PARAMETER;
+ }
+
+ switch (r->in.validation_level) {
+ case NetlogonValidationSamInfo: /* 2 */
+ case NetlogonValidationSamInfo2: /* 3 */
+ case NetlogonValidationSamInfo4: /* 6 */
+ break;
+ default:
+ return NT_STATUS_INVALID_INFO_CLASS;
+ }
+
+ break;
+
+ case NetlogonGenericInformation:
+ if (r->in.logon->generic == NULL) {
+ return NT_STATUS_INVALID_PARAMETER;
+ }
+
+ switch (r->in.validation_level) {
+ /* TODO: case NetlogonValidationGenericInfo: 4 */
+ case NetlogonValidationGenericInfo2: /* 5 */
+ break;
+ default:
+ return NT_STATUS_INVALID_INFO_CLASS;
+ }
+
+ break;
+ default:
+ return NT_STATUS_INVALID_PARAMETER;
+ }
+
+ return NT_STATUS_OK;
+}
+
/*
netr_LogonSamLogon_base
@@ -551,6 +610,8 @@ static NTSTATUS dcesrv_netr_LogonSamLogon_base(struct dcesrv_call_state *dce_cal
struct netr_SamInfo3 *sam3;
struct netr_SamInfo6 *sam6;
+ *r->out.authoritative = 1;
+
user_info = talloc_zero(mem_ctx, struct auth_usersupplied_info);
NT_STATUS_HAVE_NO_MEMORY(user_info);
@@ -674,6 +735,7 @@ static NTSTATUS dcesrv_netr_LogonSamLogon_base(struct dcesrv_call_state *dce_cal
}
nt_status = auth_check_password(auth_context, mem_ctx, user_info, &server_info);
+ /* TODO: set *r->out.authoritative = 0 on specific errors */
NT_STATUS_NOT_OK_RETURN(nt_status);
switch (r->in.validation_level) {
@@ -727,7 +789,7 @@ static NTSTATUS dcesrv_netr_LogonSamLogon_base(struct dcesrv_call_state *dce_cal
break;
default:
- break;
+ return NT_STATUS_INVALID_INFO_CLASS;
}
/* Don't crypt an all-zero key, it would give away the NETLOGON pipe session key */
@@ -756,8 +818,6 @@ static NTSTATUS dcesrv_netr_LogonSamLogon_base(struct dcesrv_call_state *dce_cal
}
}
- *r->out.authoritative = 1;
-
/* TODO: Describe and deal with these flags */
*r->out.flags = 0;
@@ -770,6 +830,13 @@ static NTSTATUS dcesrv_netr_LogonSamLogonEx(struct dcesrv_call_state *dce_call,
NTSTATUS nt_status;
struct netlogon_creds_CredentialState *creds;
+ *r->out.authoritative = 1;
+
+ nt_status = dcesrv_netr_LogonSamLogon_check(r);
+ if (!NT_STATUS_IS_OK(nt_status)) {
+ return nt_status;
+ }
+
nt_status = schannel_get_creds_state(mem_ctx,
lpcfg_private_dir(dce_call->conn->dce_ctx->lp_ctx),
r->in.computer_name, &creds);
@@ -797,16 +864,6 @@ static NTSTATUS dcesrv_netr_LogonSamLogonWithFlags(struct dcesrv_call_state *dce
struct netr_Authenticator *return_authenticator;
- return_authenticator = talloc(mem_ctx, struct netr_Authenticator);
- NT_STATUS_HAVE_NO_MEMORY(return_authenticator);
-
- nt_status = dcesrv_netr_creds_server_step_check(dce_call,
- mem_ctx,
- r->in.computer_name,
- r->in.credential, return_authenticator,
- &creds);
- NT_STATUS_NOT_OK_RETURN(nt_status);
-
ZERO_STRUCT(r2);
r2.in.server_name = r->in.server_name;
@@ -819,6 +876,23 @@ static NTSTATUS dcesrv_netr_LogonSamLogonWithFlags(struct dcesrv_call_state *dce
r2.out.authoritative = r->out.authoritative;
r2.out.flags = r->out.flags;
+ *r->out.authoritative = 1;
+
+ nt_status = dcesrv_netr_LogonSamLogon_check(&r2);
+ if (!NT_STATUS_IS_OK(nt_status)) {
+ return nt_status;
+ }
+
+ return_authenticator = talloc(mem_ctx, struct netr_Authenticator);
+ NT_STATUS_HAVE_NO_MEMORY(return_authenticator);
+
+ nt_status = dcesrv_netr_creds_server_step_check(dce_call,
+ mem_ctx,
+ r->in.computer_name,
+ r->in.credential, return_authenticator,
+ &creds);
+ NT_STATUS_NOT_OK_RETURN(nt_status);
+
nt_status = dcesrv_netr_LogonSamLogon_base(dce_call, mem_ctx, &r2, creds);
r->out.return_authenticator = return_authenticator;
--
Samba Shared Repository
More information about the samba-cvs
mailing list