[SCM] Samba Shared Repository - branch master updated
Andrew Tridgell
tridge at samba.org
Wed Feb 9 23:36:02 MST 2011
The branch, master has been updated
via 14edbf7 s4-build: need EXPAND_VARIABLES() for terminal in make test
via 172e0a1 s4-auth: install gen_ndr/auth.h, used by public session.h
via 11f5d7c s4-torture: not having an output dir is not a fatal error
via 8dc92c8 ldb: use #include <ldb.h> for ldb
via e26b1a6 s4-krb5: authkrb5 should depend on ldb
via cc77ea7 s3-auth Remove unused pam_handle
via 2b05ba7 s3-auth Rename cryptic 'ptok' to security_token
via d66150c libcli/named_pipe_auth Change from 'info3' to auth_session_info_transport
via 248c821 auth.idl fix size_is() reference in IDL
via 543ef3b libcli/named_pipe_auth Remove support for unused levels 0-2.
via 4cfee6f auth Move auth_sam_reply into the top level.
via 8220a7e ldb: added ldb 1.0.0 ABI signatures
via 2a6f345 ldb: change version number to 1.0.0
via 8720811 ldb: fixed two warnings in the ldb_ldap backend
via 7fac325 ldb: added a include/ldb_version.h
from 0122a4f Put OpenDir() back the way it was - don't overload with an fsp arg. Create OpenDir_fsp for new usage.
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit 14edbf71593f2d713050e77ee1d6daf8d8d2b37e
Author: Andrew Tridgell <tridge at samba.org>
Date: Thu Feb 10 16:49:10 2011 +1100
s4-build: need EXPAND_VARIABLES() for terminal in make test
Pair-Programmed-With: Andrew Bartlett <abartlet at samba.org>
Autobuild-User: Andrew Tridgell <tridge at samba.org>
Autobuild-Date: Thu Feb 10 07:35:26 CET 2011 on sn-devel-104
commit 172e0a177dff87043eca649a39e4269edf6111c3
Author: Andrew Tridgell <tridge at samba.org>
Date: Thu Feb 10 16:46:35 2011 +1100
s4-auth: install gen_ndr/auth.h, used by public session.h
needed for openchange. Thanks to Brad for reporting this.
Pair-Programmed-With: Andrew Bartlett <abartlet at samba.org>
commit 11f5d7c2f55f58ef7991d2ec2c4841e4492d4144
Author: Andrew Tridgell <tridge at samba.org>
Date: Thu Feb 10 15:05:08 2011 +1100
s4-torture: not having an output dir is not a fatal error
just return NT_STATUS_OK, as nothing to cleanup
Pair-Programmed-With: Andrew Bartlett <abartlet at samba.org>
Signed-off-by: Andrew Tridgell <tridge at samba.org>
commit 8dc92c8f71311e95a3a3c297b32ed46477228f56
Author: Andrew Tridgell <tridge at samba.org>
Date: Thu Feb 10 14:12:51 2011 +1100
ldb: use #include <ldb.h> for ldb
thi ensures we are using the header corresponding to the version of
ldb we're linking against. Otherwise we could use the system ldb for
link and the in-tree one for include
Pair-Programmed-With: Andrew Bartlett <abartlet at samba.org>
commit e26b1a69689c8123bddf33830e9659d460815531
Author: Andrew Tridgell <tridge at samba.org>
Date: Thu Feb 10 14:12:15 2011 +1100
s4-krb5: authkrb5 should depend on ldb
this fixes the include path to add ldb
Pair-Programmed-With: Andrew Bartlett <abartlet at samba.org>
commit cc77ea720b479badd0ab98d269fa6e7489a1d4c8
Author: Andrew Bartlett <abartlet at samba.org>
Date: Wed Feb 9 17:02:58 2011 +1100
s3-auth Remove unused pam_handle
Signed-off-by: Andrew Tridgell <tridge at samba.org>
commit 2b05ba77b4e072bb1c584738cc79538166444fd3
Author: Andrew Bartlett <abartlet at samba.org>
Date: Wed Feb 9 16:52:35 2011 +1100
s3-auth Rename cryptic 'ptok' to security_token
This will allow the auth_serversupplied_info struct to be migrated
to auth_session_info easier.
Adnrew Bartlett
Signed-off-by: Andrew Tridgell <tridge at samba.org>
commit d66150c14def46711a15a35b4734e8f438b6dad6
Author: Andrew Bartlett <abartlet at samba.org>
Date: Wed Feb 9 14:22:16 2011 +1100
libcli/named_pipe_auth Change from 'info3' to auth_session_info_transport
This changes the structure being used to convey the current user state
from the netlogon-derived 'netr_SamInfo3' structure to a purpose-built
structure that matches the internals of the Samba auth subsystem and
contains the final group list, as well as the final privilege set and
session key.
These previously had to be re-created on the server side of the pipe
each time.
Andrew Bartlett
Signed-off-by: Andrew Tridgell <tridge at samba.org>
commit 248c8217803341aa48626f5b68cc939d28aea5ab
Author: Andrew Bartlett <abartlet at samba.org>
Date: Wed Feb 9 14:22:02 2011 +1100
auth.idl fix size_is() reference in IDL
Signed-off-by: Andrew Tridgell <tridge at samba.org>
commit 543ef3b5bf29f564e19e6264bb03c7daba005236
Author: Andrew Bartlett <abartlet at samba.org>
Date: Wed Feb 9 11:59:50 2011 +1100
libcli/named_pipe_auth Remove support for unused levels 0-2.
The only client and server for this code uses level 3 exclusively.
Andrew Bartlett
Signed-off-by: Andrew Tridgell <tridge at samba.org>
commit 4cfee6f88e4befaae33095178c10932cd5337439
Author: Andrew Bartlett <abartlet at samba.org>
Date: Wed Feb 9 16:05:54 2011 +1100
auth Move auth_sam_reply into the top level.
These functions provide conversions between some netlogon.idl and
auth.idl structures
Andrew Bartlett
Signed-off-by: Andrew Tridgell <tridge at samba.org>
commit 8220a7ebae5c8b1fcc16b2565fbfd84c12b04984
Author: Andrew Tridgell <tridge at samba.org>
Date: Thu Feb 10 12:35:10 2011 +1100
ldb: added ldb 1.0.0 ABI signatures
commit 2a6f345723b1ba3b7399bc9e0fb65b4a6566082e
Author: Andrew Tridgell <tridge at samba.org>
Date: Thu Feb 10 12:06:34 2011 +1100
ldb: change version number to 1.0.0
Simo pointed out that the module loading change should have been
combined with a major version number. That seems like a good excuse
for a 1.0 release
Pair-Programmed-With: Andrew Bartlett <abartlet at samba.org>
commit 8720811598aa691f6c09910a329a601f9ad130cc
Author: Andrew Tridgell <tridge at samba.org>
Date: Thu Feb 10 12:05:48 2011 +1100
ldb: fixed two warnings in the ldb_ldap backend
commit 7fac3258f7ec52e44998276e848a27c03d7fe0b6
Author: Andrew Tridgell <tridge at samba.org>
Date: Thu Feb 10 12:04:36 2011 +1100
ldb: added a include/ldb_version.h
this fixes a problem with the installed ldb_modules.h header, which
depended on LDB_VERSION being defined.
Thanks to Simo for noticing this!
Pair-Programmed-With: Andrew Bartlett <abartlet at samba.org>
-----------------------------------------------------------------------
Summary of changes:
{source4/auth => auth}/auth_sam_reply.c | 26 +-
auth/auth_sam_reply.h | 38 +++
auth/wscript_build | 5 +
lib/torture/torture.c | 4 +-
lib/util/util_ldb.c | 2 +-
libcli/ldap/ldap_message.h | 2 +-
libcli/ldap/ldap_ndr.c | 2 +-
libcli/named_pipe_auth/npa_tstream.c | 275 +++++++-------------
libcli/named_pipe_auth/npa_tstream.h | 32 +--
librpc/idl/auth.idl | 2 +-
librpc/idl/named_pipe_auth.idl | 41 +---
librpc/wscript_build | 9 +-
source3/Makefile.in | 3 +-
source3/auth/auth_util.c | 37 ++--
source3/include/auth.h | 4 +-
source3/lib/afs.c | 2 +-
source3/modules/vfs_acl_common.c | 4 +-
source3/modules/vfs_smb_traffic_analyzer.c | 2 +-
source3/printing/nt_printing.c | 6 +-
source3/rpc_server/rpc_ncacn_np.c | 45 ++--
source3/rpc_server/rpc_server.c | 49 +++-
source3/rpc_server/srv_epmapper.c | 2 +-
source3/rpc_server/srv_eventlog_nt.c | 4 +-
source3/rpc_server/srv_lsa_nt.c | 16 +-
source3/rpc_server/srv_netlog_nt.c | 4 +-
source3/rpc_server/srv_pipe.c | 4 +-
source3/rpc_server/srv_samr_nt.c | 36 ++--
source3/rpc_server/srv_spoolss_nt.c | 38 ++--
source3/rpc_server/srv_srvsvc_nt.c | 18 +-
source3/rpc_server/srv_svcctl_nt.c | 4 +-
source3/rpc_server/srv_winreg_nt.c | 8 +-
source3/rpc_server/srv_wkssvc_nt.c | 16 +-
source3/smbd/password.c | 2 +-
source3/smbd/service.c | 8 +-
source3/smbd/sesssetup.c | 4 +-
source3/smbd/smb2_sesssetup.c | 2 +-
source3/smbd/trans2.c | 18 +-
source3/smbd/uid.c | 18 +-
source4/auth/credentials/credentials_secrets.c | 2 +-
source4/auth/gensec/gensec_gssapi.c | 2 +-
source4/auth/kerberos/kerberos_pac.c | 2 +-
source4/auth/kerberos/wscript_build | 2 +-
source4/auth/ntlm/auth_sam.c | 2 +-
source4/auth/session.c | 147 +++++++++++
source4/auth/session.h | 10 +
source4/auth/wscript_build | 7 -
source4/cldap_server/cldap_server.c | 4 +-
source4/cldap_server/netlogon.c | 4 +-
source4/cldap_server/rootdse.c | 4 +-
source4/dsdb/common/dsdb_dn.c | 2 +-
source4/dsdb/common/tests/dsdb_dn.c | 4 +-
source4/dsdb/kcc/kcc_connection.c | 2 +-
source4/dsdb/kcc/kcc_deleted.c | 2 +-
source4/dsdb/kcc/kcc_drs_replica_info.c | 2 +-
source4/dsdb/kcc/kcc_periodic.c | 2 +-
source4/dsdb/kcc/kcc_service.c | 2 +-
source4/dsdb/repl/drepl_notify.c | 2 +-
source4/dsdb/repl/drepl_out_helpers.c | 2 +-
source4/dsdb/repl/drepl_out_pull.c | 2 +-
source4/dsdb/repl/drepl_partitions.c | 2 +-
source4/dsdb/repl/drepl_periodic.c | 2 +-
source4/dsdb/repl/drepl_service.c | 2 +-
source4/dsdb/repl/replicated_objects.c | 2 +-
source4/dsdb/samdb/cracknames.c | 4 +-
source4/dsdb/samdb/ldb_modules/extended_dn_in.c | 6 +-
source4/dsdb/samdb/ldb_modules/extended_dn_out.c | 6 +-
source4/dsdb/samdb/ldb_modules/extended_dn_store.c | 6 +-
source4/dsdb/samdb/ldb_modules/partition.h | 6 +-
source4/dsdb/samdb/ldb_modules/rootdse.c | 4 +-
source4/dsdb/samdb/ldb_modules/samba_dsdb.c | 6 +-
source4/dsdb/samdb/ldb_modules/samba_secrets.c | 6 +-
source4/dsdb/samdb/ldb_modules/schema_util.c | 2 +-
source4/dsdb/samdb/ldb_modules/show_deleted.c | 2 +-
source4/dsdb/samdb/ldb_modules/simple_ldap_map.c | 2 +-
source4/dsdb/samdb/samdb.c | 4 +-
source4/dsdb/samdb/samdb.h | 2 +-
source4/dsdb/schema/dsdb_dn.c | 2 +-
source4/dsdb/schema/schema_filtered.c | 2 +-
source4/dsdb/schema/schema_info_attr.c | 2 +-
source4/dsdb/schema/schema_init.c | 4 +-
source4/dsdb/schema/schema_set.c | 2 +-
source4/dsdb/schema/schema_syntax.c | 4 +-
source4/dsdb/schema/tests/schema_syntax.c | 4 +-
source4/kdc/pac-glue.c | 2 +-
source4/ldap_server/ldap_backend.c | 4 +-
source4/ldap_server/ldap_bind.c | 4 +-
source4/ldap_server/ldap_server.c | 4 +-
source4/lib/ldb-samba/ldb_wrap.c | 4 +-
source4/lib/ldb-samba/ldif_handlers.c | 4 +-
.../ldb/ABI/{ldb-0.9.24.sigs => ldb-1.0.0.sigs} | 0
source4/lib/ldb/include/ldb.h | 1 +
source4/lib/ldb/ldb_ldap/ldb_ldap.c | 4 +-
source4/lib/ldb/wscript | 13 +-
source4/lib/policy/gp_ldap.c | 2 +-
source4/lib/registry/ldb.c | 4 +-
source4/libnet/libnet.h | 2 +-
source4/libnet/libnet_become_dc.c | 4 +-
source4/libnet/libnet_join.c | 4 +-
source4/libnet/libnet_site.c | 4 +-
source4/libnet/libnet_unbecome_dc.c | 4 +-
source4/libnet/libnet_vampire.c | 4 +-
source4/nbt_server/dgram/netlogon.c | 2 +-
source4/nbt_server/wins/wins_ldb.c | 2 +-
source4/nbt_server/wins/winsdb.c | 4 +-
source4/nbt_server/wins/winsserver.c | 2 +-
source4/ntp_signd/ntp_signd.c | 4 +-
source4/ntptr/simple_ldb/ntptr_simple_ldb.c | 2 +-
source4/ntvfs/ipc/vfs_ipc.c | 56 +----
source4/param/secrets.c | 2 +-
source4/param/share_ldb.c | 4 +-
source4/rpc_server/lsa/lsa.h | 2 +-
source4/rpc_server/samr/dcesrv_samr.c | 4 +-
source4/samba_tool/gpo.c | 2 +-
source4/samba_tool/samba_tool.c | 2 +-
source4/selftest/wscript | 2 +-
source4/smbd/service_named_pipe.c | 138 +---------
source4/torture/drs/unit/schemainfo_tests.c | 2 +-
source4/torture/ldap/ldap_sort.c | 4 +-
source4/torture/ldb/ldb.c | 4 +-
source4/torture/local/dbspeed.c | 4 +-
source4/torture/rpc/drsuapi_cracknames.c | 2 +-
source4/torture/rpc/netlogon.c | 2 +-
source4/utils/ntlm_auth.c | 2 +-
source4/winbind/idmap.c | 2 +-
source4/wrepl_server/wrepl_in_call.c | 4 +-
source4/wrepl_server/wrepl_scavenging.c | 4 +-
source4/wrepl_server/wrepl_server.c | 4 +-
wscript_build | 1 +
128 files changed, 691 insertions(+), 724 deletions(-)
rename {source4/auth => auth}/auth_sam_reply.c (98%)
create mode 100644 auth/auth_sam_reply.h
create mode 100644 auth/wscript_build
copy source4/lib/ldb/ABI/{ldb-0.9.24.sigs => ldb-1.0.0.sigs} (100%)
Changeset truncated at 500 lines:
diff --git a/source4/auth/auth_sam_reply.c b/auth/auth_sam_reply.c
similarity index 98%
rename from source4/auth/auth_sam_reply.c
rename to auth/auth_sam_reply.c
index eb9a834..52abb8a 100644
--- a/source4/auth/auth_sam_reply.c
+++ b/auth/auth_sam_reply.c
@@ -1,27 +1,27 @@
-/*
+/*
Unix SMB/CIFS implementation.
Convert a server info struct into the form for PAC and NETLOGON replies
Copyright (C) Andrew Bartlett <abartlet at samba.org> 2004
Copyright (C) Stefan Metzmacher <metze at samba.org> 2005
-
+
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 3 of the License, or
(at your option) any later version.
-
+
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
-
+
You should have received a copy of the GNU General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
#include "includes.h"
-#include "auth/auth.h"
+#include "librpc/gen_ndr/auth.h"
#include "libcli/security/security.h"
#include "auth/auth_sam_reply.h"
@@ -94,8 +94,8 @@ NTSTATUS auth_convert_user_info_dc_sambaseinfo(TALLOC_CTX *mem_ctx,
}
sam->groups.rids[sam->groups.count].rid =
group_sid->sub_auths[group_sid->num_auths-1];
-
- sam->groups.rids[sam->groups.count].attributes =
+
+ sam->groups.rids[sam->groups.count].attributes =
SE_GROUP_MANDATORY | SE_GROUP_ENABLED_BY_DEFAULT | SE_GROUP_ENABLED;
sam->groups.count += 1;
}
@@ -118,11 +118,11 @@ NTSTATUS auth_convert_user_info_dc_sambaseinfo(TALLOC_CTX *mem_ctx,
memcpy(sam->LMSessKey.key, user_info_dc->lm_session_key.data,
sizeof(sam->LMSessKey.key));
}
-
+
*_sam = sam;
return NT_STATUS_OK;
-}
+}
/* Note that the validity of the _sam3 structure is only as long as
* the user_info_dc it was generated from */
@@ -145,7 +145,7 @@ NTSTATUS auth_convert_user_info_dc_saminfo3(TALLOC_CTX *mem_ctx,
sam3->sidcount = 0;
sam3->sids = NULL;
-
+
sam3->sids = talloc_array(sam, struct netr_SidAttr,
user_info_dc->num_sids);
NT_STATUS_HAVE_NO_MEMORY_AND_FREE(sam3->sids, sam3);
@@ -169,7 +169,7 @@ NTSTATUS auth_convert_user_info_dc_saminfo3(TALLOC_CTX *mem_ctx,
*_sam3 = sam3;
return NT_STATUS_OK;
-}
+}
/**
* Make a user_info_dc struct from the info3 returned by a domain logon
@@ -213,7 +213,7 @@ NTSTATUS make_user_info_dc_netlogon_validation(TALLOC_CTX *mem_ctx,
/*
Here is where we should check the list of
- trusted domains, and verify that the SID
+ trusted domains, and verify that the SID
matches.
*/
if (!base->domain_sid) {
@@ -251,7 +251,7 @@ NTSTATUS make_user_info_dc_netlogon_validation(TALLOC_CTX *mem_ctx,
}
/* Copy 'other' sids. We need to do sid filtering here to
- prevent possible elevation of privileges. See:
+ prevent possible elevation of privileges. See:
http://www.microsoft.com/windows2000/techinfo/administration/security/sidfilter.asp
*/
diff --git a/auth/auth_sam_reply.h b/auth/auth_sam_reply.h
new file mode 100644
index 0000000..dea6501
--- /dev/null
+++ b/auth/auth_sam_reply.h
@@ -0,0 +1,38 @@
+#ifndef __AUTH_AUTH_SAM_REPLY_H__
+#define __AUTH_AUTH_SAM_REPLY_H__
+
+#undef _PRINTF_ATTRIBUTE
+#define _PRINTF_ATTRIBUTE(a1, a2) PRINTF_ATTRIBUTE(a1, a2)
+/* this file contains prototypes for functions that are private
+ * to this subsystem or library. These functions should not be
+ * used outside this particular subsystem! */
+
+
+/* The following definitions come from auth/auth_sam_reply.c */
+
+NTSTATUS auth_convert_user_info_dc_sambaseinfo(TALLOC_CTX *mem_ctx,
+ struct auth_user_info_dc *user_info_dc,
+ struct netr_SamBaseInfo **_sam);
+NTSTATUS auth_convert_user_info_dc_saminfo3(TALLOC_CTX *mem_ctx,
+ struct auth_user_info_dc *user_info_dc,
+ struct netr_SamInfo3 **_sam3);
+
+/**
+ * Make a user_info_dc struct from the info3 returned by a domain logon
+ */
+NTSTATUS make_user_info_dc_netlogon_validation(TALLOC_CTX *mem_ctx,
+ const char *account_name,
+ uint16_t validation_level,
+ union netr_Validation *validation,
+ struct auth_user_info_dc **_user_info_dc);
+
+/**
+ * Make a user_info_dc struct from the PAC_LOGON_INFO supplied in the krb5 logon
+ */
+NTSTATUS make_user_info_dc_pac(TALLOC_CTX *mem_ctx,
+ struct PAC_LOGON_INFO *pac_logon_info,
+ struct auth_user_info_dc **_user_info_dc);
+#undef _PRINTF_ATTRIBUTE
+#define _PRINTF_ATTRIBUTE(a1, a2)
+
+#endif /* __AUTH_AUTH_SAM_REPLY_H__ */
diff --git a/auth/wscript_build b/auth/wscript_build
new file mode 100644
index 0000000..b124887
--- /dev/null
+++ b/auth/wscript_build
@@ -0,0 +1,5 @@
+bld.SAMBA_SUBSYSTEM('auth_sam_reply',
+ source='auth_sam_reply.c',
+ deps='talloc',
+ autoproto='auth_sam_reply.h'
+ )
diff --git a/lib/torture/torture.c b/lib/torture/torture.c
index 1f55cd0..a12ce65 100644
--- a/lib/torture/torture.c
+++ b/lib/torture/torture.c
@@ -143,7 +143,9 @@ static int local_deltree(const char *path)
_PUBLIC_ NTSTATUS torture_deltree_outputdir(struct torture_context *tctx)
{
- SMB_ASSERT(tctx->outputdir != NULL);
+ if (tctx->outputdir == NULL) {
+ return NT_STATUS_OK;
+ }
if ((strcmp(tctx->outputdir, "/") == 0)
|| (strcmp(tctx->outputdir, "") == 0)) {
return NT_STATUS_INVALID_PARAMETER;
diff --git a/lib/util/util_ldb.c b/lib/util/util_ldb.c
index a928245..25ae510 100644
--- a/lib/util/util_ldb.c
+++ b/lib/util/util_ldb.c
@@ -21,7 +21,7 @@
*/
#include "includes.h"
-#include "lib/ldb/include/ldb.h"
+#include <ldb.h>
#include "../lib/util/util_ldb.h"
/*
diff --git a/libcli/ldap/ldap_message.h b/libcli/ldap/ldap_message.h
index 3354fad..94eaed2 100644
--- a/libcli/ldap/ldap_message.h
+++ b/libcli/ldap/ldap_message.h
@@ -25,7 +25,7 @@
#if _SAMBA_BUILD_ == 3
#include "lib/ldb_compat.h"
#else
-#include "lib/ldb/include/ldb.h"
+#include <ldb.h>
#endif
enum ldap_request_tag {
diff --git a/libcli/ldap/ldap_ndr.c b/libcli/ldap/ldap_ndr.c
index 6daaba3..f77a6f2 100644
--- a/libcli/ldap/ldap_ndr.c
+++ b/libcli/ldap/ldap_ndr.c
@@ -24,7 +24,7 @@
#if _SAMBA_BUILD_ == 3
#include "lib/ldb_compat.h"
#else
-#include "lib/ldb/include/ldb.h"
+#include <ldb.h>
#endif
#include "librpc/gen_ndr/ndr_security.h"
#include "librpc/gen_ndr/ndr_misc.h"
diff --git a/libcli/named_pipe_auth/npa_tstream.c b/libcli/named_pipe_auth/npa_tstream.c
index 1f29a90..2aeea5b 100644
--- a/libcli/named_pipe_auth/npa_tstream.c
+++ b/libcli/named_pipe_auth/npa_tstream.c
@@ -59,16 +59,14 @@ struct tstream_npa_connect_state {
static void tstream_npa_connect_unix_done(struct tevent_req *subreq);
struct tevent_req *tstream_npa_connect_send(TALLOC_CTX *mem_ctx,
- struct tevent_context *ev,
- const char *directory,
- const char *npipe,
- const struct tsocket_address *client,
- const char *client_name_in,
- const struct tsocket_address *server,
- const char *server_name,
- const struct netr_SamInfo3 *sam_info3,
- DATA_BLOB session_key,
- DATA_BLOB delegated_creds)
+ struct tevent_context *ev,
+ const char *directory,
+ const char *npipe,
+ const struct tsocket_address *client,
+ const char *client_name_in,
+ const struct tsocket_address *server,
+ const char *server_name,
+ const struct auth_session_info_transport *session_info)
{
struct tevent_req *req;
struct tstream_npa_connect_state *state;
@@ -76,6 +74,7 @@ struct tevent_req *tstream_npa_connect_send(TALLOC_CTX *mem_ctx,
int ret;
enum ndr_err_code ndr_err;
char *lower_case_npipe;
+ struct named_pipe_auth_req_info4 *info4;
req = tevent_req_create(mem_ctx, &state,
struct tstream_npa_connect_state);
@@ -115,52 +114,39 @@ struct tevent_req *tstream_npa_connect_send(TALLOC_CTX *mem_ctx,
}
ZERO_STRUCT(state->auth_req);
- if (client) {
- struct named_pipe_auth_req_info3 *info3;
-
- if (!server) {
- tevent_req_error(req, EINVAL);
- goto post;
- }
- state->auth_req.level = 3;
- info3 = &state->auth_req.info.info3;
-
- info3->client_name = client_name_in;
- info3->client_addr = tsocket_address_inet_addr_string(client, state);
- if (!info3->client_addr) {
- /* errno might be EINVAL */
- tevent_req_error(req, errno);
- goto post;
- }
- info3->client_port = tsocket_address_inet_port(client);
- if (!info3->client_name) {
- info3->client_name = info3->client_addr;
- }
+ if (!server) {
+ tevent_req_error(req, EINVAL);
+ goto post;
+ }
- info3->server_addr = tsocket_address_inet_addr_string(server, state);
- if (!info3->server_addr) {
- /* errno might be EINVAL */
- tevent_req_error(req, errno);
- goto post;
- }
- info3->server_port = tsocket_address_inet_port(server);
- if (!info3->server_name) {
- info3->server_name = info3->server_addr;
- }
+ state->auth_req.level = 4;
+ info4 = &state->auth_req.info.info4;
- info3->sam_info3 = discard_const_p(struct netr_SamInfo3, sam_info3);
- info3->session_key_length = session_key.length;
- info3->session_key = session_key.data;
- info3->gssapi_delegated_creds_length = delegated_creds.length;
- info3->gssapi_delegated_creds = delegated_creds.data;
+ info4->client_name = client_name_in;
+ info4->client_addr = tsocket_address_inet_addr_string(client, state);
+ if (!info4->client_addr) {
+ /* errno might be EINVAL */
+ tevent_req_error(req, errno);
+ goto post;
+ }
+ info4->client_port = tsocket_address_inet_port(client);
+ if (!info4->client_name) {
+ info4->client_name = info4->client_addr;
+ }
- } else if (sam_info3) {
- state->auth_req.level = 1;
- state->auth_req.info.info1 = *sam_info3;
- } else {
- state->auth_req.level = 0;
+ info4->server_addr = tsocket_address_inet_addr_string(server, state);
+ if (!info4->server_addr) {
+ /* errno might be EINVAL */
+ tevent_req_error(req, errno);
+ goto post;
}
+ info4->server_port = tsocket_address_inet_port(server);
+ if (!info4->server_name) {
+ info4->server_name = info4->server_addr;
+ }
+
+ info4->session_info = discard_const_p(struct auth_session_info_transport, session_info);
if (DEBUGLVL(10)) {
NDR_PRINT_DEBUG(named_pipe_auth_req, &state->auth_req);
@@ -430,21 +416,10 @@ int _tstream_npa_connect_recv(struct tevent_req *req,
npas->unix_stream = talloc_move(stream, &state->unix_stream);
switch (state->auth_rep.level) {
- case 0:
- case 1:
- npas->file_type = FILE_TYPE_BYTE_MODE_PIPE;
- device_state = 0x00ff;
- allocation_size = 2048;
- break;
- case 2:
- npas->file_type = state->auth_rep.info.info2.file_type;
- device_state = state->auth_rep.info.info2.device_state;
- allocation_size = state->auth_rep.info.info2.allocation_size;
- break;
- case 3:
- npas->file_type = state->auth_rep.info.info3.file_type;
- device_state = state->auth_rep.info.info3.device_state;
- allocation_size = state->auth_rep.info.info3.allocation_size;
+ case 4:
+ npas->file_type = state->auth_rep.info.info4.file_type;
+ device_state = state->auth_rep.info.info4.device_state;
+ allocation_size = state->auth_rep.info.info4.allocation_size;
break;
}
@@ -1105,9 +1080,7 @@ struct tstream_npa_accept_state {
char *client_name;
struct tsocket_address *server;
char *server_name;
- struct netr_SamInfo3 *info3;
- DATA_BLOB session_key;
- DATA_BLOB delegated_creds;
+ struct auth_session_info_transport *session_info;
};
static int tstream_npa_accept_next_vector(struct tstream_context *unix_stream,
@@ -1257,7 +1230,7 @@ static void tstream_npa_accept_existing_reply(struct tevent_req *subreq)
tevent_req_data(req, struct tstream_npa_accept_state);
struct named_pipe_auth_req *pipe_request;
struct named_pipe_auth_rep pipe_reply;
- struct named_pipe_auth_req_info3 i3;
+ struct named_pipe_auth_req_info4 i4;
enum ndr_err_code ndr_err;
DATA_BLOB out;
int sys_errno;
@@ -1302,128 +1275,62 @@ static void tstream_npa_accept_existing_reply(struct tevent_req *subreq)
NDR_PRINT_DEBUG(named_pipe_auth_req, pipe_request);
}
- ZERO_STRUCT(i3);
-
- switch (pipe_request->level) {
- case 0:
- pipe_reply.level = 0;
- pipe_reply.status = NT_STATUS_OK;
+ ZERO_STRUCT(i4);
- /* we need to force byte mode in this level */
- state->file_type = FILE_TYPE_BYTE_MODE_PIPE;
- break;
-
- case 1:
- pipe_reply.level = 1;
- pipe_reply.status = NT_STATUS_OK;
-
- /* We must copy net3_SamInfo3, so that
- * info3 is an actual talloc pointer, then we steal
- * pipe_request on info3 so that all the allocated memory
- * pointed by the structrue members is preserved */
- state->info3 = (struct netr_SamInfo3 *)talloc_memdup(state,
- &pipe_request->info.info1,
- sizeof(struct netr_SamInfo3));
- if (!state->info3) {
- pipe_reply.status = NT_STATUS_NO_MEMORY;
- DEBUG(0, ("Out of memory!\n"));
- goto reply;
- }
- talloc_steal(state->info3, pipe_request);
-
- /* we need to force byte mode in this level */
- state->file_type = FILE_TYPE_BYTE_MODE_PIPE;
- break;
-
- case 2:
- pipe_reply.level = 2;
- pipe_reply.status = NT_STATUS_OK;
- pipe_reply.info.info2.file_type = state->file_type;
- pipe_reply.info.info2.device_state = state->device_state;
- pipe_reply.info.info2.allocation_size = state->alloc_size;
-
- i3.client_name = pipe_request->info.info2.client_name;
- i3.client_addr = pipe_request->info.info2.client_addr;
- i3.client_port = pipe_request->info.info2.client_port;
- i3.server_name = pipe_request->info.info2.server_name;
- i3.server_addr = pipe_request->info.info2.server_addr;
- i3.server_port = pipe_request->info.info2.server_port;
- i3.sam_info3 = pipe_request->info.info2.sam_info3;
- i3.session_key_length =
- pipe_request->info.info2.session_key_length;
- i3.session_key = pipe_request->info.info2.session_key;
- break;
-
- case 3:
- pipe_reply.level = 3;
- pipe_reply.status = NT_STATUS_OK;
- pipe_reply.info.info3.file_type = state->file_type;
- pipe_reply.info.info3.device_state = state->device_state;
- pipe_reply.info.info3.allocation_size = state->alloc_size;
-
- i3 = pipe_request->info.info3;
- break;
-
- default:
+ if (pipe_request->level != 4) {
DEBUG(0, ("Unknown level %u\n", pipe_request->level));
pipe_reply.level = 0;
pipe_reply.status = NT_STATUS_INVALID_LEVEL;
goto reply;
}
- if (pipe_reply.level >=2) {
-
- if (i3.server_addr == NULL) {
- pipe_reply.status = NT_STATUS_INVALID_ADDRESS;
- DEBUG(2, ("Missing server address\n"));
- goto reply;
- }
- if (i3.client_addr == NULL) {
- pipe_reply.status = NT_STATUS_INVALID_ADDRESS;
- DEBUG(2, ("Missing client address\n"));
- goto reply;
- }
-
- state->server_name = discard_const_p(char,
- talloc_move(state, &i3.server_name));
- ret = tsocket_address_inet_from_strings(state, "ip",
- i3.server_addr,
- i3.server_port,
- &state->server);
- if (ret != 0) {
- DEBUG(2, ("Invalid server address[%s:%u] - %s\n",
- i3.server_addr, i3.server_port,
- strerror(errno)));
- pipe_reply.status = NT_STATUS_INVALID_ADDRESS;
- goto reply;
- }
+ pipe_reply.level = 4;
+ pipe_reply.status = NT_STATUS_OK;
+ pipe_reply.info.info4.file_type = state->file_type;
+ pipe_reply.info.info4.device_state = state->device_state;
+ pipe_reply.info.info4.allocation_size = state->alloc_size;
- state->client_name = discard_const_p(char,
- talloc_move(state, &i3.client_name));
- ret = tsocket_address_inet_from_strings(state, "ip",
- i3.client_addr,
- i3.client_port,
- &state->client);
- if (ret != 0) {
- DEBUG(2, ("Invalid server address[%s:%u] - %s\n",
- i3.client_addr, i3.client_port,
- strerror(errno)));
- pipe_reply.status = NT_STATUS_INVALID_ADDRESS;
- goto reply;
- }
+ i4 = pipe_request->info.info4;
+ if (i4.server_addr == NULL) {
+ pipe_reply.status = NT_STATUS_INVALID_ADDRESS;
+ DEBUG(2, ("Missing server address\n"));
+ goto reply;
+ }
--
Samba Shared Repository
More information about the samba-cvs
mailing list