[SCM] Samba Shared Repository - branch v3-6-test updated

Stefan Metzmacher metze at samba.org
Fri Feb 4 02:04:50 MST 2011


The branch, v3-6-test has been updated
       via  da8eb5f s4:rpc_server/netlogon: add dcesrv_netr_LogonSamLogon_check()
       via  fde8450 s4:rpc_server/netlogon: set *r->out.authoritative = 1 even on INVALID_PARAMETER/INFO_CLASS
       via  c1ecb99 s4:rpc_server/netlogon: return INVALID_INFO_CLASS for invalid netr_Validation levels
       via  9df59dd pidl:wscript: don't warn about pidl gammar file changes for now
       via  db59945 pidl/wscript: only warn about grammar file changes
       via  5af6ff3 pidl/wscript: let the developer use the standalone build with yapp
      from  39a3be5 Fix a couple of missing checks on talloc returns.

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-6-test


- Log -----------------------------------------------------------------
commit da8eb5f0d21ffa4f092a8317ed8b8e6005ac4249
Author: Stefan Metzmacher <metze at samba.org>
Date:   Tue Feb 1 14:47:05 2011 +0100

    s4:rpc_server/netlogon: add dcesrv_netr_LogonSamLogon_check()
    
    We need to check for invalid parameters before we check for
    access denied.
    
    metze
    (cherry picked from commit a4d4217dfa03bda9ace25bb4f54be5e94c09abbf)

commit fde8450a210267e315262b78168dabb4e2f4b0cb
Author: Stefan Metzmacher <metze at samba.org>
Date:   Tue Feb 1 10:27:35 2011 +0100

    s4:rpc_server/netlogon: set *r->out.authoritative = 1 even on INVALID_PARAMETER/INFO_CLASS
    
    metze
    (cherry picked from commit 578e87dbf223c2ad529ef5de07630ed5c25a3ad6)

commit c1ecb9930f8fc9e1271d932643d6771765514991
Author: Stefan Metzmacher <metze at samba.org>
Date:   Tue Feb 1 10:21:05 2011 +0100

    s4:rpc_server/netlogon: return INVALID_INFO_CLASS for invalid netr_Validation levels
    
    metze
    (cherry picked from commit 97727e106878fef1a260ab6310992fff36ea5294)

commit 9df59dda6bd2c51f1d9640f9d2979dd1c07b4c0e
Author: Stefan Metzmacher <metze at samba.org>
Date:   Tue Jan 18 07:20:26 2011 +0100

    pidl:wscript: don't warn about pidl gammar file changes for now
    
    We may add some logic that uses git diff HEAD to detect this changes
    in developer mode later again.
    
    metze
    
    Autobuild-User: Stefan Metzmacher <metze at samba.org>
    Autobuild-Date: Tue Jan 18 08:10:06 CET 2011 on sn-devel-104
    (cherry picked from commit d5173ca189a080d0bb3a56200203c32a40c4b6e3)

commit db59945ac15901d90ccd12e20fe649e5f9cc4c49
Author: Stefan Metzmacher <metze at samba.org>
Date:   Thu Jan 6 13:41:08 2011 +0100

    pidl/wscript: only warn about grammar file changes
    
    autobuild should protect us from having grammar files
    and generated files out of sync.
    
    metze
    (cherry picked from commit ce7cb972b0ba7ec20d05bb1c4243fa0e2b5f05c0)

commit 5af6ff3e2c004ac41778cfe97d83e2d3b3abda86
Author: Stefan Metzmacher <metze at samba.org>
Date:   Wed Jan 5 12:00:01 2011 +0100

    pidl/wscript: let the developer use the standalone build with yapp
    
    Waf isn't happy when files in the source directory are changed.
    
    metze
    (cherry picked from commit 5d8f916619b5324e33d4a1bc3c97d6cc784f4bb9)

-----------------------------------------------------------------------

Summary of changes:
 pidl/wscript                                  |   38 +++++++---
 source4/rpc_server/netlogon/dcerpc_netlogon.c |  100 +++++++++++++++++++++---
 2 files changed, 113 insertions(+), 25 deletions(-)


Changeset truncated at 500 lines:

diff --git a/pidl/wscript b/pidl/wscript
index 8cb0c6f..e60ca20 100644
--- a/pidl/wscript
+++ b/pidl/wscript
@@ -1,6 +1,6 @@
 #!/usr/bin/env python
 
-import os
+import os, sys, Logs
 from samba_utils import MODE_755
 
 def set_options(opt):
@@ -46,8 +46,6 @@ def build(bld):
 
     blib_bld = os.path.join(bld.srcnode.abspath(bld.env), 'pidl/blib')
 
-    link_command = 'rm -rf blib && ln -fs blib %s' % blib_bld
-    
     bld.SET_BUILD_GROUP('final')
     if 'POD2MAN' in bld.env and bld.env['POD2MAN'] != '':
         for src, manpage in pidl_manpages.iteritems():
@@ -57,15 +55,31 @@ def build(bld):
                 install_path=os.path.dirname(bld.EXPAND_VARIABLES('${MANDIR}/'+manpage)),
                 target=os.path.basename(manpage))
 
-    # we want to prefer the git version of the parsers if we can. Only if the
-    # source has changed do we want to re-run yapp
-    need_yapp_build = ('YAPP' in bld.env and (
+    # we want to prefer the git version of the parsers if we can.
+    # Only if the source has changed do we want to re-run yapp
+    # But we force the developer to use the pidl standalone build
+    # to regenerate the files.
+    # TODO: only warn in developer mode and if 'git diff HEAD'
+    #       shows a difference
+    warn_about_grammar_changes = ('PIDL_BUILD_WARNINGS' in bld.env and (
         bld.IS_NEWER('idl.yp', 'lib/Parse/Pidl/IDL.pm') or
         bld.IS_NEWER('expr.yp', 'lib/Parse/Pidl/Expr.pm')))
 
-    if need_yapp_build:
-        t = bld.SAMBA_GENERATOR('pidl_parser',
-                                source='idl.yp expr.yp',
-                                target='lib/Parse/Pidl/IDL.pm lib/Parse/Pidl/Expr.pm Makefile.PL',
-                                rule='cd ${pidl_srcdir} && ${LINK_COMMAND} && ${PERL} Makefile.PL && make lib/Parse/Pidl/IDL.pm lib/Parse/Pidl/Expr.pm && rm -f Makefile Makefile.old && rm -f blib')
-        t.env.LINK_COMMAND = link_command
+    if warn_about_grammar_changes:
+        Logs.warn('''
+Pidl grammar files have changed. Please use the pidl standalone build
+to regenerate them with yapp.
+
+$ cd ../pidl
+$ perl Makefile.PL
+$ make lib/Parse/Pidl/IDL.pm lib/Parse/Pidl/Expr.pm
+$ git add lib/Parse/Pidl/IDL.pm lib/Parse/Pidl/Expr.pm
+$ git commit
+$ cd -
+
+If your 100% sure you haven't changed idl.yp and expr.yp
+try this to avoid this message:
+
+$ touch ../pidl/lib/Parse/Pidl/IDL.pm ../pidl/lib/Parse/Pidl/Expr.pm
+''')
+
diff --git a/source4/rpc_server/netlogon/dcerpc_netlogon.c b/source4/rpc_server/netlogon/dcerpc_netlogon.c
index ea4ea23..e060380 100644
--- a/source4/rpc_server/netlogon/dcerpc_netlogon.c
+++ b/source4/rpc_server/netlogon/dcerpc_netlogon.c
@@ -531,6 +531,65 @@ static WERROR dcesrv_netr_LogonUasLogoff(struct dcesrv_call_state *dce_call, TAL
 }
 
 
+static NTSTATUS dcesrv_netr_LogonSamLogon_check(const struct netr_LogonSamLogonEx *r)
+{
+	switch (r->in.logon_level) {
+	case NetlogonInteractiveInformation:
+	case NetlogonServiceInformation:
+	case NetlogonInteractiveTransitiveInformation:
+	case NetlogonServiceTransitiveInformation:
+		if (r->in.logon->password == NULL) {
+			return NT_STATUS_INVALID_PARAMETER;
+		}
+
+		switch (r->in.validation_level) {
+		case NetlogonValidationSamInfo:  /* 2 */
+		case NetlogonValidationSamInfo2: /* 3 */
+		case NetlogonValidationSamInfo4: /* 6 */
+			break;
+		default:
+			return NT_STATUS_INVALID_INFO_CLASS;
+		}
+
+		break;
+	case NetlogonNetworkInformation:
+	case NetlogonNetworkTransitiveInformation:
+		if (r->in.logon->network == NULL) {
+			return NT_STATUS_INVALID_PARAMETER;
+		}
+
+		switch (r->in.validation_level) {
+		case NetlogonValidationSamInfo:  /* 2 */
+		case NetlogonValidationSamInfo2: /* 3 */
+		case NetlogonValidationSamInfo4: /* 6 */
+			break;
+		default:
+			return NT_STATUS_INVALID_INFO_CLASS;
+		}
+
+		break;
+
+	case NetlogonGenericInformation:
+		if (r->in.logon->generic == NULL) {
+			return NT_STATUS_INVALID_PARAMETER;
+		}
+
+		switch (r->in.validation_level) {
+		/* TODO: case NetlogonValidationGenericInfo: 4 */
+		case NetlogonValidationGenericInfo2: /* 5 */
+			break;
+		default:
+			return NT_STATUS_INVALID_INFO_CLASS;
+		}
+
+		break;
+	default:
+		return NT_STATUS_INVALID_PARAMETER;
+	}
+
+	return NT_STATUS_OK;
+}
+
 /*
   netr_LogonSamLogon_base
 
@@ -551,6 +610,8 @@ static NTSTATUS dcesrv_netr_LogonSamLogon_base(struct dcesrv_call_state *dce_cal
 	struct netr_SamInfo3 *sam3;
 	struct netr_SamInfo6 *sam6;
 
+	*r->out.authoritative = 1;
+
 	user_info = talloc_zero(mem_ctx, struct auth_usersupplied_info);
 	NT_STATUS_HAVE_NO_MEMORY(user_info);
 
@@ -674,6 +735,7 @@ static NTSTATUS dcesrv_netr_LogonSamLogon_base(struct dcesrv_call_state *dce_cal
 	}
 
 	nt_status = auth_check_password(auth_context, mem_ctx, user_info, &server_info);
+	/* TODO: set *r->out.authoritative = 0 on specific errors */
 	NT_STATUS_NOT_OK_RETURN(nt_status);
 
 	switch (r->in.validation_level) {
@@ -727,7 +789,7 @@ static NTSTATUS dcesrv_netr_LogonSamLogon_base(struct dcesrv_call_state *dce_cal
 		break;
 
 	default:
-		break;
+		return NT_STATUS_INVALID_INFO_CLASS;
 	}
 
 	/* Don't crypt an all-zero key, it would give away the NETLOGON pipe session key */
@@ -756,8 +818,6 @@ static NTSTATUS dcesrv_netr_LogonSamLogon_base(struct dcesrv_call_state *dce_cal
 		}
 	}
 
-	*r->out.authoritative = 1;
-
 	/* TODO: Describe and deal with these flags */
 	*r->out.flags = 0;
 
@@ -770,6 +830,13 @@ static NTSTATUS dcesrv_netr_LogonSamLogonEx(struct dcesrv_call_state *dce_call,
 	NTSTATUS nt_status;
 	struct netlogon_creds_CredentialState *creds;
 
+	*r->out.authoritative = 1;
+
+	nt_status = dcesrv_netr_LogonSamLogon_check(r);
+	if (!NT_STATUS_IS_OK(nt_status)) {
+		return nt_status;
+	}
+
 	nt_status = schannel_get_creds_state(mem_ctx,
 					     lpcfg_private_dir(dce_call->conn->dce_ctx->lp_ctx),
 					     r->in.computer_name, &creds);
@@ -797,16 +864,6 @@ static NTSTATUS dcesrv_netr_LogonSamLogonWithFlags(struct dcesrv_call_state *dce
 
 	struct netr_Authenticator *return_authenticator;
 
-	return_authenticator = talloc(mem_ctx, struct netr_Authenticator);
-	NT_STATUS_HAVE_NO_MEMORY(return_authenticator);
-
-	nt_status = dcesrv_netr_creds_server_step_check(dce_call,
-							mem_ctx,
-							r->in.computer_name,
-							r->in.credential, return_authenticator,
-							&creds);
-	NT_STATUS_NOT_OK_RETURN(nt_status);
-
 	ZERO_STRUCT(r2);
 
 	r2.in.server_name	= r->in.server_name;
@@ -819,6 +876,23 @@ static NTSTATUS dcesrv_netr_LogonSamLogonWithFlags(struct dcesrv_call_state *dce
 	r2.out.authoritative	= r->out.authoritative;
 	r2.out.flags		= r->out.flags;
 
+	*r->out.authoritative = 1;
+
+	nt_status = dcesrv_netr_LogonSamLogon_check(&r2);
+	if (!NT_STATUS_IS_OK(nt_status)) {
+		return nt_status;
+	}
+
+	return_authenticator = talloc(mem_ctx, struct netr_Authenticator);
+	NT_STATUS_HAVE_NO_MEMORY(return_authenticator);
+
+	nt_status = dcesrv_netr_creds_server_step_check(dce_call,
+							mem_ctx,
+							r->in.computer_name,
+							r->in.credential, return_authenticator,
+							&creds);
+	NT_STATUS_NOT_OK_RETURN(nt_status);
+
 	nt_status = dcesrv_netr_LogonSamLogon_base(dce_call, mem_ctx, &r2, creds);
 
 	r->out.return_authenticator	= return_authenticator;


-- 
Samba Shared Repository


More information about the samba-cvs mailing list