[SCM] Samba Shared Repository - branch master updated
Andreas Schneider
asn at samba.org
Mon Aug 5 04:25:03 MDT 2013
The branch, master has been updated
via 6659f01 s3-libads: Print a message if no realm has been specified.
via 94be8d6 s3:rpc_client: rename same variables in cli_rpc_pipe_open_schannel_with_key()
via 8a302fc s3:rpc_client: use the correct context for netlogon_creds_copy() in rpccli_schannel_bind_data()
via 6ce645e s3:rpc_client: make rpccli_schannel_bind_data() static
via 7b3ddd1 s3:netlogon: make use of netlogon_creds_decrypt_samlogon_logon()
via 9d54831 s4:netlogon: make use of netlogon_creds_decrypt_samlogon_logon()
via 2ea749a libcli/auth: add netlogon_creds_shallow_copy_logon()
via c7319fc libcli/auth: add netlogon_creds_[de|en]crypt_samlogon_logon()
via 291f6a1 libcli/auth: fix shadowed declaration in netlogon_creds_crypt_samlogon_validation()
via 39fedd2 libcli/auth: make netlogon_creds_crypt_samlogon_validation more robust
via d54c908 s3:rpcclient: use talloc_stackframe() in do_cmd()
via 34fa794 s4:librpc: fix netlogon connections against servers without AES support
via 05d9b41 s3-net: avoid confusing output in net_rpc_oldjoin() if NET_FLAGS_EXPECT_FALLBACK is passed
via 3e4ded4 s3-net: use libnetjoin for "net rpc join" newstyle.
via 9cfa625 s3-net: use libnetjoin for "net rpc testjoin".
via 1242ab0 s3:libnet: let the caller truncate the pw in libnet_join_joindomain_rpc_unsecure()
via d398a12 s3-libnetjoin: move "net rpc oldjoin" to use libnetjoin.
via c4d6d75 s3-libnetjoin: add machine_name length check.
via cc0cbd4 s3: libnet_join: use admin_domain in libnetjoin.
via c11a79c s3: libnet_join: add admin_domain.
via a9d5b2f libcli/auth: also set secure channel type in netlogon_creds_client_init().
via b19e7e6 s3-rpc_cli: pass down ndr_interface_table to rpc_transport_np_init_send().
via c41b6e5 s3-rpc_cli: pass down ndr_interface_table to rpc_transport_np_init().
via 7bdcfcb s3-rpc_cli: pass down ndr_interface_table to rpc_pipe_open_tcp_port().
via 0ff8c2d s3-rpc_cli: pass down ndr_interface_table to rpc_pipe_get_tcp_port().
via 5c5cff0 s3-rpc_cli: pass down ndr_interface_table to rpc_pipe_open_tcp().
via 8cd3a06 s3-rpc_cli: pass down ndr_interface_table to rpc_pipe_open_np().
via 34cc4b4 s3-rpc_cli: pass down ndr_interface_table to cli_rpc_pipe_open().
via 9aa99c3 s3-rpc_cli: pass down ndr_interface_table to cli_rpc_pipe_open_noauth_transport().
via 9813fe2 s3-rpc_cli: pass down ndr_interface_table to cli_rpc_pipe_open_noauth().
via 3dc3a6c s3-rpc_cli: pass down ndr_interface_table to cli_rpc_pipe_open_schannel_with_key().
via 7f16947 s3-rpc_cli: pass down ndr_interface_table to cli_rpc_pipe_open_ntlmssp_auth_schannel().
via f6d61b5 s3-rpc_cli: pass down ndr_interface_table to cli_rpc_pipe_open_schannel().
via 6886cff s3-rpc_cli: pass down ndr_interface_table to rpc_pipe_open_interface().
via 9b4fb5b s3-rpc_cli: pass down ndr_interface_table to rpc_pipe_open_ncalrpc().
via 0ce2178 s3-libnetapi: pass down ndr_interface_table to pipe_cm() and friends.
via 77f7f2a s3-libnetapi: pass down ndr_interface_table to libnetapi_open_pipe().
via fa37bbd s3-libnetapi: pass down ndr_interface_table to libnetapi_get_binding_handle().
via a1368ca s3-rpc_cli: remove prototype of nonexisting cli_rpc_pipe_open_krb5().
via 93e92fa s3-net: pass down ndr_interface_table to connect_dst_pipe().
via 6dc7c63 s3-libads: Fail create_local_private_krb5_conf_for_domain() if parameters missing.
from b699d40 auth/credentials: use CRED_CALLBACK_RESULT after a callback
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit 6659f0164c6b8d7ad522bcd6c2c6748c3d9bca81
Author: Andreas Schneider <asn at samba.org>
Date: Mon Aug 5 09:25:11 2013 +0200
s3-libads: Print a message if no realm has been specified.
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
Autobuild-User(master): Andreas Schneider <asn at cryptomilk.org>
Autobuild-Date(master): Mon Aug 5 12:24:44 CEST 2013 on sn-devel-104
commit 94be8d63cd21fbb9e31bf7a92af82e19c596f94f
Author: Stefan Metzmacher <metze at samba.org>
Date: Thu Apr 25 19:43:58 2013 +0200
s3:rpc_client: rename same variables in cli_rpc_pipe_open_schannel_with_key()
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
commit 8a302fc353de8d373a0ec8544da4da6f305ec923
Author: Stefan Metzmacher <metze at samba.org>
Date: Thu Apr 25 18:29:31 2013 +0200
s3:rpc_client: use the correct context for netlogon_creds_copy() in rpccli_schannel_bind_data()
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
commit 6ce645e03c279cbb2ed8a94f033b8e0601b61ef4
Author: Stefan Metzmacher <metze at samba.org>
Date: Thu Apr 25 18:27:57 2013 +0200
s3:rpc_client: make rpccli_schannel_bind_data() static
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
commit 7b3ddd1a0bb41fe84c115555113362044620e484
Author: Stefan Metzmacher <metze at samba.org>
Date: Wed Apr 24 16:00:44 2013 +0200
s3:netlogon: make use of netlogon_creds_decrypt_samlogon_logon()
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
commit 9d548318da11247ffe8acf505cdb5299090c16f0
Author: Stefan Metzmacher <metze at samba.org>
Date: Wed Apr 24 16:00:18 2013 +0200
s4:netlogon: make use of netlogon_creds_decrypt_samlogon_logon()
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
commit 2ea749a1a43a6539b01d36dbe0402a99619444e1
Author: Stefan Metzmacher <metze at samba.org>
Date: Wed Apr 24 12:53:27 2013 +0200
libcli/auth: add netlogon_creds_shallow_copy_logon()
This can be used before netlogon_creds_encrypt_samlogon_logon()
in order to keep the provided buffers unchanged.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
commit c7319fce604d5f89a89094b6b18ef459a347aef8
Author: Stefan Metzmacher <metze at samba.org>
Date: Thu Apr 25 17:01:00 2013 +0200
libcli/auth: add netlogon_creds_[de|en]crypt_samlogon_logon()
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
commit 291f6a1e031dc9db7d03b3ca924c4309b313cae5
Author: Stefan Metzmacher <metze at samba.org>
Date: Fri Jun 14 09:47:50 2013 +0200
libcli/auth: fix shadowed declaration in netlogon_creds_crypt_samlogon_validation()
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
commit 39fedd27182d9e1985418ea79b86aef69999dd57
Author: Stefan Metzmacher <metze at samba.org>
Date: Wed Apr 24 12:36:04 2013 +0200
libcli/auth: make netlogon_creds_crypt_samlogon_validation more robust
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
commit d54c908ff5bef774f5cca038741558089ff6baeb
Author: Stefan Metzmacher <metze at samba.org>
Date: Fri Mar 22 15:07:10 2013 +0100
s3:rpcclient: use talloc_stackframe() in do_cmd()
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
commit 34fa7946993506fde2c6b30e4a41bea27390a814
Author: Stefan Metzmacher <metze at samba.org>
Date: Tue Jul 16 10:07:30 2013 +0200
s4:librpc: fix netlogon connections against servers without AES support
LogonGetCapabilities() only works on the credential chain if
the server supports AES, so we need to work on a temporary copy
until we know the server replied a valid return authenticator.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
commit 05d9b4165af9e7f03d3fbeb64db4fc305fcec4df
Author: Stefan Metzmacher <metze at samba.org>
Date: Mon Jul 15 13:28:34 2013 +0200
s3-net: avoid confusing output in net_rpc_oldjoin() if NET_FLAGS_EXPECT_FALLBACK is passed
"net rpc join" tries net_rpc_oldjoin() first and falls back to
net_rpc_join_newstyle(). We should not print the join failed
if just net_rpc_oldjoin() failed.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
commit 3e4ded48bbeacdcd128f3c667cbdd12a3efca312
Author: Günther Deschner <gd at samba.org>
Date: Tue Feb 3 20:21:05 2009 +0100
s3-net: use libnetjoin for "net rpc join" newstyle.
Guenther
Signed-off-by: Günther Deschner <gd at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
commit 9cfa6251600ddea0e821f2bd3fd359c28eb1b7f9
Author: Günther Deschner <gd at samba.org>
Date: Tue Feb 3 20:10:05 2009 +0100
s3-net: use libnetjoin for "net rpc testjoin".
Guenther
Signed-off-by: Günther Deschner <gd at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
commit 1242ab0cb3bf575b695b39313604af9d0a7f1b3a
Author: Stefan Metzmacher <metze at samba.org>
Date: Thu Jun 13 19:12:27 2013 +0200
s3:libnet: let the caller truncate the pw in libnet_join_joindomain_rpc_unsecure()
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
commit d398a12f7907866189c1b253ca6a40e5454f42a1
Author: Günther Deschner <gd at samba.org>
Date: Thu Nov 6 13:37:45 2008 +0100
s3-libnetjoin: move "net rpc oldjoin" to use libnetjoin.
Guenther
Signed-off-by: Günther Deschner <gd at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
commit c4d6d75cf48aed7b17728e283581366143fa4233
Author: Günther Deschner <gd at samba.org>
Date: Thu Nov 6 11:40:03 2008 +0100
s3-libnetjoin: add machine_name length check.
Guenther
Signed-off-by: Günther Deschner <gd at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
commit cc0cbd4fdc6e07538d67cc41ca07bad1eaebf493
Author: Günther Deschner <gd at samba.org>
Date: Wed Sep 24 11:05:37 2008 +0200
s3: libnet_join: use admin_domain in libnetjoin.
Guenther
Signed-off-by: Günther Deschner <gd at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
commit c11a79c5a054e862f61c97093fa2ce5e5040f111
Author: Günther Deschner <gd at samba.org>
Date: Wed Sep 24 11:04:42 2008 +0200
s3: libnet_join: add admin_domain.
Guenther
Signed-off-by: Günther Deschner <gd at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
commit a9d5b2fdf03a25e7669258de6c83288be3335cef
Author: Günther Deschner <gd at samba.org>
Date: Wed Dec 19 13:53:23 2012 +0100
libcli/auth: also set secure channel type in netlogon_creds_client_init().
Signed-off-by: Günther Deschner <gd at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
commit b19e7e6638a5dd53e3c6e6701f78bf31184ed493
Author: Günther Deschner <gd at samba.org>
Date: Fri May 24 13:56:53 2013 +0200
s3-rpc_cli: pass down ndr_interface_table to rpc_transport_np_init_send().
Guenther
Signed-off-by: Günther Deschner <gd at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
commit c41b6e5c5e7fcdbd98c1eb2bea08378b47d343d4
Author: Günther Deschner <gd at samba.org>
Date: Fri May 24 13:52:05 2013 +0200
s3-rpc_cli: pass down ndr_interface_table to rpc_transport_np_init().
Guenther
Signed-off-by: Günther Deschner <gd at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
commit 7bdcfcb37c5b96ee6aa0cecffd89c6d17291fe62
Author: Günther Deschner <gd at samba.org>
Date: Fri May 24 13:47:16 2013 +0200
s3-rpc_cli: pass down ndr_interface_table to rpc_pipe_open_tcp_port().
Guenther
Signed-off-by: Günther Deschner <gd at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
commit 0ff8c2d508949f732716e24047694cecf38597df
Author: Günther Deschner <gd at samba.org>
Date: Fri May 24 13:46:07 2013 +0200
s3-rpc_cli: pass down ndr_interface_table to rpc_pipe_get_tcp_port().
Guenther
Signed-off-by: Günther Deschner <gd at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
commit 5c5cff0a722a0925ae75ea7aa11ede0d82d5b92d
Author: Günther Deschner <gd at samba.org>
Date: Fri May 24 13:44:00 2013 +0200
s3-rpc_cli: pass down ndr_interface_table to rpc_pipe_open_tcp().
Guenther
Signed-off-by: Günther Deschner <gd at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
commit 8cd3a060514ddcc178c938100edfb0b177c00c8c
Author: Günther Deschner <gd at samba.org>
Date: Fri May 24 13:40:45 2013 +0200
s3-rpc_cli: pass down ndr_interface_table to rpc_pipe_open_np().
Guenther
Signed-off-by: Günther Deschner <gd at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
commit 34cc4b409558f229fba24f59e81ef9100a851d24
Author: Günther Deschner <gd at samba.org>
Date: Fri May 24 13:38:01 2013 +0200
s3-rpc_cli: pass down ndr_interface_table to cli_rpc_pipe_open().
Guenther
Signed-off-by: Günther Deschner <gd at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
commit 9aa99c3cfb0ff7a290dd4df472a4ff30d0efcb76
Author: Günther Deschner <gd at samba.org>
Date: Fri May 24 13:33:03 2013 +0200
s3-rpc_cli: pass down ndr_interface_table to cli_rpc_pipe_open_noauth_transport().
Guenther
Signed-off-by: Günther Deschner <gd at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
commit 9813fe2b04a5b4abaa95ea1d893b3803edbede4d
Author: Günther Deschner <gd at samba.org>
Date: Fri May 24 13:29:28 2013 +0200
s3-rpc_cli: pass down ndr_interface_table to cli_rpc_pipe_open_noauth().
Guenther
Signed-off-by: Günther Deschner <gd at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
commit 3dc3a6c8483a8de22b483ecf164c81232d4a8d65
Author: Günther Deschner <gd at samba.org>
Date: Fri May 24 13:17:24 2013 +0200
s3-rpc_cli: pass down ndr_interface_table to cli_rpc_pipe_open_schannel_with_key().
Guenther
Signed-off-by: Günther Deschner <gd at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
commit 7f169474fc86479abe09a5716b8029c6febcfaa9
Author: Günther Deschner <gd at samba.org>
Date: Fri May 24 13:08:33 2013 +0200
s3-rpc_cli: pass down ndr_interface_table to cli_rpc_pipe_open_ntlmssp_auth_schannel().
Guenther
Signed-off-by: Günther Deschner <gd at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
commit f6d61b571d79ebf1df58513ec728057d00b95f3e
Author: Günther Deschner <gd at samba.org>
Date: Fri May 24 13:03:23 2013 +0200
s3-rpc_cli: pass down ndr_interface_table to cli_rpc_pipe_open_schannel().
Guenther
Signed-off-by: Günther Deschner <gd at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
commit 6886cff0a7e97864e9094af936cbef08a3c8f6f4
Author: Günther Deschner <gd at samba.org>
Date: Fri May 17 16:44:05 2013 +0200
s3-rpc_cli: pass down ndr_interface_table to rpc_pipe_open_interface().
Guenther
Signed-off-by: Günther Deschner <gd at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
commit 9b4fb5b074b035eaef98c4a463c9d68006ed52da
Author: Günther Deschner <gd at samba.org>
Date: Fri May 17 16:16:59 2013 +0200
s3-rpc_cli: pass down ndr_interface_table to rpc_pipe_open_ncalrpc().
Guenther
Signed-off-by: Günther Deschner <gd at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
commit 0ce2178f2ffeaee324c7e8fef7c87727def7bd77
Author: Günther Deschner <gd at samba.org>
Date: Fri May 17 16:13:26 2013 +0200
s3-libnetapi: pass down ndr_interface_table to pipe_cm() and friends.
Guenther
Signed-off-by: Günther Deschner <gd at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
commit 77f7f2a976e5b95f3bd9f542b92926adee4f5fa6
Author: Günther Deschner <gd at samba.org>
Date: Fri May 17 16:10:13 2013 +0200
s3-libnetapi: pass down ndr_interface_table to libnetapi_open_pipe().
Guenther
Signed-off-by: Günther Deschner <gd at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
commit fa37bbd9d06865d265bf554a3c49920f956f2185
Author: Günther Deschner <gd at samba.org>
Date: Fri May 17 16:08:16 2013 +0200
s3-libnetapi: pass down ndr_interface_table to libnetapi_get_binding_handle().
Guenther
Signed-off-by: Günther Deschner <gd at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
commit a1368ca6ef8ab4f158c8b303ad058835f1bbf441
Author: Günther Deschner <gd at samba.org>
Date: Fri May 17 16:24:42 2013 +0200
s3-rpc_cli: remove prototype of nonexisting cli_rpc_pipe_open_krb5().
Guenther
Signed-off-by: Günther Deschner <gd at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
commit 93e92faca9c99cd91878c2f48fb244233b16aa0f
Author: Günther Deschner <gd at samba.org>
Date: Fri May 17 16:02:59 2013 +0200
s3-net: pass down ndr_interface_table to connect_dst_pipe().
Guenther
Signed-off-by: Günther Deschner <gd at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
commit 6dc7c63efa95d0c04b542667d9b6a6621c8139bf
Author: Günther Deschner <gd at samba.org>
Date: Fri May 17 15:14:35 2013 +0200
s3-libads: Fail create_local_private_krb5_conf_for_domain() if parameters missing.
Guenther
Signed-off-by: Günther Deschner <gd at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
-----------------------------------------------------------------------
Summary of changes:
libcli/auth/credentials.c | 207 ++++++++-
libcli/auth/proto.h | 10 +
source3/auth/auth_domain.c | 4 +-
source3/client/client.c | 2 +-
source3/lib/netapi/cm.c | 24 +-
source3/lib/netapi/file.c | 6 +-
source3/lib/netapi/getdc.c | 6 +-
source3/lib/netapi/group.c | 18 +-
source3/lib/netapi/joindomain.c | 10 +-
source3/lib/netapi/localgroup.c | 14 +-
source3/lib/netapi/netapi_private.h | 5 +-
source3/lib/netapi/netlogon.c | 4 +-
source3/lib/netapi/serverinfo.c | 6 +-
source3/lib/netapi/share.c | 10 +-
source3/lib/netapi/shutdown.c | 4 +-
source3/lib/netapi/user.c | 22 +-
source3/libads/kerberos.c | 10 +
source3/libnet/libnet_join.c | 61 ++-
source3/librpc/idl/libnet_join.idl | 2 +
source3/librpc/rpc/dcerpc_ep.c | 2 +-
source3/libsmb/libsmb_dir.c | 2 +-
source3/libsmb/libsmb_server.c | 2 +-
source3/libsmb/passchange.c | 4 +-
source3/libsmb/trustdom_cache.c | 2 +-
source3/libsmb/trusts_util.c | 2 +-
source3/printing/nt_printing_migrate_internal.c | 2 +-
source3/printing/printspoolss.c | 4 +-
source3/rpc_client/cli_netlogon.c | 1 +
source3/rpc_client/cli_pipe.c | 103 +++--
source3/rpc_client/cli_pipe.h | 29 +-
source3/rpc_client/cli_pipe_schannel.c | 10 +-
source3/rpc_client/rpc_transport.h | 4 +-
source3/rpc_client/rpc_transport_np.c | 8 +-
source3/rpc_server/netlogon/srv_netlog_nt.c | 45 +-
source3/rpc_server/rpc_ncacn_np.c | 8 +-
source3/rpc_server/rpc_ncacn_np.h | 2 +-
source3/rpc_server/spoolss/srv_spoolss_nt.c | 2 +-
source3/rpcclient/cmd_spoolss.c | 2 +-
source3/rpcclient/cmd_test.c | 4 +-
source3/rpcclient/rpcclient.c | 14 +-
source3/smbd/lanman.c | 36 +-
source3/smbd/reply.c | 2 +-
source3/torture/rpc_open_tcp.c | 2 +-
source3/torture/test_async_echo.c | 2 +-
source3/utils/net.h | 1 +
source3/utils/net_ads.c | 2 +-
source3/utils/net_proto.h | 11 +-
source3/utils/net_rpc.c | 351 ++++++++++----
source3/utils/net_rpc_join.c | 583 -----------------------
source3/utils/net_rpc_printer.c | 10 +-
source3/utils/net_rpc_shell.c | 2 +-
source3/utils/net_rpc_trust.c | 2 +-
source3/utils/net_util.c | 10 +-
source3/utils/netlookup.c | 2 +-
source3/utils/smbcacls.c | 7 +-
source3/utils/smbcquotas.c | 2 +-
source3/utils/smbtree.c | 2 +-
source3/winbindd/winbindd_cm.c | 18 +-
source3/wscript_build | 2 +-
source4/librpc/rpc/dcerpc_schannel.c | 9 +-
source4/rpc_server/netlogon/dcerpc_netlogon.c | 28 +-
source4/torture/ntp/ntp_signd.c | 1 +
source4/torture/rpc/lsa.c | 1 +
source4/torture/rpc/netlogon.c | 3 +
source4/torture/rpc/samba3rpc.c | 2 +
65 files changed, 788 insertions(+), 980 deletions(-)
delete mode 100644 source3/utils/net_rpc_join.c
Changeset truncated at 500 lines:
diff --git a/libcli/auth/credentials.c b/libcli/auth/credentials.c
index 7c8d53c..1f664d3 100644
--- a/libcli/auth/credentials.c
+++ b/libcli/auth/credentials.c
@@ -263,6 +263,7 @@ next comes the client specific functions
struct netlogon_creds_CredentialState *netlogon_creds_client_init(TALLOC_CTX *mem_ctx,
const char *client_account,
const char *client_computer_name,
+ uint16_t secure_channel_type,
const struct netr_Credential *client_challenge,
const struct netr_Credential *server_challenge,
const struct samr_Password *machine_password,
@@ -277,6 +278,7 @@ struct netlogon_creds_CredentialState *netlogon_creds_client_init(TALLOC_CTX *me
creds->sequence = time(NULL);
creds->negotiate_flags = negotiate_flags;
+ creds->secure_channel_type = secure_channel_type;
creds->computer_name = talloc_strdup(creds, client_computer_name);
if (!creds->computer_name) {
@@ -488,11 +490,15 @@ NTSTATUS netlogon_creds_server_step_check(struct netlogon_creds_CredentialState
static void netlogon_creds_crypt_samlogon_validation(struct netlogon_creds_CredentialState *creds,
uint16_t validation_level,
union netr_Validation *validation,
- bool encrypt)
+ bool do_encrypt)
{
static const char zeros[16];
-
struct netr_SamBaseInfo *base = NULL;
+
+ if (validation == NULL) {
+ return;
+ }
+
switch (validation_level) {
case 2:
if (validation->sam2) {
@@ -525,7 +531,7 @@ static void netlogon_creds_crypt_samlogon_validation(struct netlogon_creds_Crede
/* Don't crypt an all-zero key, it would give away the NETLOGON pipe session key */
if (memcmp(base->key.key, zeros,
sizeof(base->key.key)) != 0) {
- if (encrypt) {
+ if (do_encrypt) {
netlogon_creds_aes_encrypt(creds,
base->key.key,
sizeof(base->key.key));
@@ -538,7 +544,7 @@ static void netlogon_creds_crypt_samlogon_validation(struct netlogon_creds_Crede
if (memcmp(base->LMSessKey.key, zeros,
sizeof(base->LMSessKey.key)) != 0) {
- if (encrypt) {
+ if (do_encrypt) {
netlogon_creds_aes_encrypt(creds,
base->LMSessKey.key,
sizeof(base->LMSessKey.key));
@@ -568,7 +574,7 @@ static void netlogon_creds_crypt_samlogon_validation(struct netlogon_creds_Crede
/* Don't crypt an all-zero key, it would give away the NETLOGON pipe session key */
if (memcmp(base->LMSessKey.key, zeros,
sizeof(base->LMSessKey.key)) != 0) {
- if (encrypt) {
+ if (do_encrypt) {
netlogon_creds_des_encrypt_LMKey(creds,
&base->LMSessKey);
} else {
@@ -595,6 +601,197 @@ void netlogon_creds_encrypt_samlogon_validation(struct netlogon_creds_Credential
validation, true);
}
+static void netlogon_creds_crypt_samlogon_logon(struct netlogon_creds_CredentialState *creds,
+ enum netr_LogonInfoClass level,
+ union netr_LogonLevel *logon,
+ bool encrypt)
+{
+ static const char zeros[16];
+
+ if (logon == NULL) {
+ return;
+ }
+
+ switch (level) {
+ case NetlogonInteractiveInformation:
+ case NetlogonInteractiveTransitiveInformation:
+ case NetlogonServiceInformation:
+ case NetlogonServiceTransitiveInformation:
+ if (logon->password == NULL) {
+ return;
+ }
+
+ if (creds->negotiate_flags & NETLOGON_NEG_SUPPORTS_AES) {
+ uint8_t *h;
+
+ h = logon->password->lmpassword.hash;
+ if (memcmp(h, zeros, 16) != 0) {
+ if (encrypt) {
+ netlogon_creds_aes_encrypt(creds, h, 16);
+ } else {
+ netlogon_creds_aes_decrypt(creds, h, 16);
+ }
+ }
+
+ h = logon->password->ntpassword.hash;
+ if (memcmp(h, zeros, 16) != 0) {
+ if (encrypt) {
+ netlogon_creds_aes_encrypt(creds, h, 16);
+ } else {
+ netlogon_creds_aes_decrypt(creds, h, 16);
+ }
+ }
+ } else if (creds->negotiate_flags & NETLOGON_NEG_ARCFOUR) {
+ uint8_t *h;
+
+ h = logon->password->lmpassword.hash;
+ if (memcmp(h, zeros, 16) != 0) {
+ netlogon_creds_arcfour_crypt(creds, h, 16);
+ }
+
+ h = logon->password->ntpassword.hash;
+ if (memcmp(h, zeros, 16) != 0) {
+ netlogon_creds_arcfour_crypt(creds, h, 16);
+ }
+ } else {
+ struct samr_Password *p;
+
+ p = &logon->password->lmpassword;
+ if (memcmp(p->hash, zeros, 16) != 0) {
+ if (encrypt) {
+ netlogon_creds_des_encrypt(creds, p);
+ } else {
+ netlogon_creds_des_decrypt(creds, p);
+ }
+ }
+ p = &logon->password->ntpassword;
+ if (memcmp(p->hash, zeros, 16) != 0) {
+ if (encrypt) {
+ netlogon_creds_des_encrypt(creds, p);
+ } else {
+ netlogon_creds_des_decrypt(creds, p);
+ }
+ }
+ }
+ break;
+
+ case NetlogonNetworkInformation:
+ case NetlogonNetworkTransitiveInformation:
+ break;
+
+ case NetlogonGenericInformation:
+ if (logon->generic == NULL) {
+ return;
+ }
+
+ if (creds->negotiate_flags & NETLOGON_NEG_SUPPORTS_AES) {
+ if (encrypt) {
+ netlogon_creds_aes_encrypt(creds,
+ logon->generic->data,
+ logon->generic->length);
+ } else {
+ netlogon_creds_aes_decrypt(creds,
+ logon->generic->data,
+ logon->generic->length);
+ }
+ } else if (creds->negotiate_flags & NETLOGON_NEG_ARCFOUR) {
+ netlogon_creds_arcfour_crypt(creds,
+ logon->generic->data,
+ logon->generic->length);
+ } else {
+ /* Using DES to verify kerberos tickets makes no sense */
+ }
+ break;
+ }
+}
+
+void netlogon_creds_decrypt_samlogon_logon(struct netlogon_creds_CredentialState *creds,
+ enum netr_LogonInfoClass level,
+ union netr_LogonLevel *logon)
+{
+ netlogon_creds_crypt_samlogon_logon(creds, level, logon, false);
+}
+
+void netlogon_creds_encrypt_samlogon_logon(struct netlogon_creds_CredentialState *creds,
+ enum netr_LogonInfoClass level,
+ union netr_LogonLevel *logon)
+{
+ netlogon_creds_crypt_samlogon_logon(creds, level, logon, true);
+}
+
+union netr_LogonLevel *netlogon_creds_shallow_copy_logon(TALLOC_CTX *mem_ctx,
+ enum netr_LogonInfoClass level,
+ const union netr_LogonLevel *in)
+{
+ union netr_LogonLevel *out;
+
+ if (in == NULL) {
+ return NULL;
+ }
+
+ out = talloc(mem_ctx, union netr_LogonLevel);
+ if (out == NULL) {
+ return NULL;
+ }
+
+ *out = *in;
+
+ switch (level) {
+ case NetlogonInteractiveInformation:
+ case NetlogonInteractiveTransitiveInformation:
+ case NetlogonServiceInformation:
+ case NetlogonServiceTransitiveInformation:
+ if (in->password == NULL) {
+ return out;
+ }
+
+ out->password = talloc(out, struct netr_PasswordInfo);
+ if (out->password == NULL) {
+ talloc_free(out);
+ return NULL;
+ }
+ *out->password = *in->password;
+
+ return out;
+
+ case NetlogonNetworkInformation:
+ case NetlogonNetworkTransitiveInformation:
+ break;
+
+ case NetlogonGenericInformation:
+ if (in->generic == NULL) {
+ return out;
+ }
+
+ out->generic = talloc(out, struct netr_GenericInfo);
+ if (out->generic == NULL) {
+ talloc_free(out);
+ return NULL;
+ }
+ *out->generic = *in->generic;
+
+ if (in->generic->data == NULL) {
+ return out;
+ }
+
+ if (in->generic->length == 0) {
+ return out;
+ }
+
+ out->generic->data = talloc_memdup(out->generic,
+ in->generic->data,
+ in->generic->length);
+ if (out->generic->data == NULL) {
+ talloc_free(out);
+ return NULL;
+ }
+
+ return out;
+ }
+
+ return out;
+}
+
/*
copy a netlogon_creds_CredentialState struct
*/
diff --git a/libcli/auth/proto.h b/libcli/auth/proto.h
index 89a732e..0c319d3 100644
--- a/libcli/auth/proto.h
+++ b/libcli/auth/proto.h
@@ -26,6 +26,7 @@ next comes the client specific functions
struct netlogon_creds_CredentialState *netlogon_creds_client_init(TALLOC_CTX *mem_ctx,
const char *client_account,
const char *client_computer_name,
+ uint16_t secure_channel_type,
const struct netr_Credential *client_challenge,
const struct netr_Credential *server_challenge,
const struct samr_Password *machine_password,
@@ -63,6 +64,15 @@ void netlogon_creds_decrypt_samlogon_validation(struct netlogon_creds_Credential
void netlogon_creds_encrypt_samlogon_validation(struct netlogon_creds_CredentialState *creds,
uint16_t validation_level,
union netr_Validation *validation);
+void netlogon_creds_decrypt_samlogon_logon(struct netlogon_creds_CredentialState *creds,
+ enum netr_LogonInfoClass level,
+ union netr_LogonLevel *logon);
+void netlogon_creds_encrypt_samlogon_logon(struct netlogon_creds_CredentialState *creds,
+ enum netr_LogonInfoClass level,
+ union netr_LogonLevel *logon);
+union netr_LogonLevel *netlogon_creds_shallow_copy_logon(TALLOC_CTX *mem_ctx,
+ enum netr_LogonInfoClass level,
+ const union netr_LogonLevel *in);
/* The following definitions come from /home/jeremy/src/samba/git/master/source3/../source4/../libcli/auth/session.c */
diff --git a/source3/auth/auth_domain.c b/source3/auth/auth_domain.c
index 286c75c..54ee5a1 100644
--- a/source3/auth/auth_domain.c
+++ b/source3/auth/auth_domain.c
@@ -115,11 +115,11 @@ static NTSTATUS connect_to_domain_password_server(struct cli_state **cli,
if (lp_client_schannel()) {
/* We also setup the creds chain in the open_schannel call. */
result = cli_rpc_pipe_open_schannel(
- *cli, &ndr_table_netlogon.syntax_id, NCACN_NP,
+ *cli, &ndr_table_netlogon, NCACN_NP,
DCERPC_AUTH_LEVEL_PRIVACY, domain, &netlogon_pipe);
} else {
result = cli_rpc_pipe_open_noauth(
- *cli, &ndr_table_netlogon.syntax_id, &netlogon_pipe);
+ *cli, &ndr_table_netlogon, &netlogon_pipe);
}
if (!NT_STATUS_IS_OK(result)) {
diff --git a/source3/client/client.c b/source3/client/client.c
index d03d1a4..1f63052 100644
--- a/source3/client/client.c
+++ b/source3/client/client.c
@@ -4218,7 +4218,7 @@ static bool browse_host_rpc(bool sort)
int i;
struct dcerpc_binding_handle *b;
- status = cli_rpc_pipe_open_noauth(cli, &ndr_table_srvsvc.syntax_id,
+ status = cli_rpc_pipe_open_noauth(cli, &ndr_table_srvsvc,
&pipe_hnd);
if (!NT_STATUS_IS_OK(status)) {
diff --git a/source3/lib/netapi/cm.c b/source3/lib/netapi/cm.c
index 36e8731..cbc93d9 100644
--- a/source3/lib/netapi/cm.c
+++ b/source3/lib/netapi/cm.c
@@ -161,7 +161,7 @@ WERROR libnetapi_shutdown_cm(struct libnetapi_ctx *ctx)
********************************************************************/
static NTSTATUS pipe_cm_find(struct client_ipc_connection *ipc,
- const struct ndr_syntax_id *interface,
+ const struct ndr_interface_table *table,
struct rpc_pipe_client **presult)
{
struct client_pipe_connection *p;
@@ -177,7 +177,7 @@ static NTSTATUS pipe_cm_find(struct client_ipc_connection *ipc,
if (strequal(ipc_remote_name, p->pipe->desthost)
&& ndr_syntax_id_equal(&p->pipe->abstract_syntax,
- interface)) {
+ &table->syntax_id)) {
*presult = p->pipe;
return NT_STATUS_OK;
}
@@ -191,7 +191,7 @@ static NTSTATUS pipe_cm_find(struct client_ipc_connection *ipc,
static NTSTATUS pipe_cm_connect(TALLOC_CTX *mem_ctx,
struct client_ipc_connection *ipc,
- const struct ndr_syntax_id *interface,
+ const struct ndr_interface_table *table,
struct rpc_pipe_client **presult)
{
struct client_pipe_connection *p;
@@ -202,7 +202,7 @@ static NTSTATUS pipe_cm_connect(TALLOC_CTX *mem_ctx,
return NT_STATUS_NO_MEMORY;
}
- status = cli_rpc_pipe_open_noauth(ipc->cli, interface, &p->pipe);
+ status = cli_rpc_pipe_open_noauth(ipc->cli, table, &p->pipe);
if (!NT_STATUS_IS_OK(status)) {
TALLOC_FREE(p);
return status;
@@ -219,14 +219,14 @@ static NTSTATUS pipe_cm_connect(TALLOC_CTX *mem_ctx,
static NTSTATUS pipe_cm_open(TALLOC_CTX *ctx,
struct client_ipc_connection *ipc,
- const struct ndr_syntax_id *interface,
+ const struct ndr_interface_table *table,
struct rpc_pipe_client **presult)
{
- if (NT_STATUS_IS_OK(pipe_cm_find(ipc, interface, presult))) {
+ if (NT_STATUS_IS_OK(pipe_cm_find(ipc, table, presult))) {
return NT_STATUS_OK;
}
- return pipe_cm_connect(ctx, ipc, interface, presult);
+ return pipe_cm_connect(ctx, ipc, table, presult);
}
/********************************************************************
@@ -234,7 +234,7 @@ static NTSTATUS pipe_cm_open(TALLOC_CTX *ctx,
WERROR libnetapi_open_pipe(struct libnetapi_ctx *ctx,
const char *server_name,
- const struct ndr_syntax_id *interface,
+ const struct ndr_interface_table *table,
struct rpc_pipe_client **presult)
{
struct rpc_pipe_client *result = NULL;
@@ -251,10 +251,10 @@ WERROR libnetapi_open_pipe(struct libnetapi_ctx *ctx,
return werr;
}
- status = pipe_cm_open(ctx, ipc, interface, &result);
+ status = pipe_cm_open(ctx, ipc, table, &result);
if (!NT_STATUS_IS_OK(status)) {
libnetapi_set_error_string(ctx, "failed to open PIPE %s: %s",
- get_pipe_name_from_syntax(talloc_tos(), interface),
+ get_pipe_name_from_syntax(talloc_tos(), &table->syntax_id),
get_friendly_nt_error_msg(status));
return WERR_DEST_NOT_FOUND;
}
@@ -269,7 +269,7 @@ WERROR libnetapi_open_pipe(struct libnetapi_ctx *ctx,
WERROR libnetapi_get_binding_handle(struct libnetapi_ctx *ctx,
const char *server_name,
- const struct ndr_syntax_id *interface,
+ const struct ndr_interface_table *table,
struct dcerpc_binding_handle **binding_handle)
{
struct rpc_pipe_client *pipe_cli;
@@ -277,7 +277,7 @@ WERROR libnetapi_get_binding_handle(struct libnetapi_ctx *ctx,
*binding_handle = NULL;
- result = libnetapi_open_pipe(ctx, server_name, interface, &pipe_cli);
+ result = libnetapi_open_pipe(ctx, server_name, table, &pipe_cli);
if (!W_ERROR_IS_OK(result)) {
return result;
}
diff --git a/source3/lib/netapi/file.c b/source3/lib/netapi/file.c
index 1e406d2..551f9ff 100644
--- a/source3/lib/netapi/file.c
+++ b/source3/lib/netapi/file.c
@@ -36,7 +36,7 @@ WERROR NetFileClose_r(struct libnetapi_ctx *ctx,
struct dcerpc_binding_handle *b;
werr = libnetapi_get_binding_handle(ctx, r->in.server_name,
- &ndr_table_srvsvc.syntax_id,
+ &ndr_table_srvsvc,
&b);
if (!W_ERROR_IS_OK(werr)) {
goto done;
@@ -130,7 +130,7 @@ WERROR NetFileGetInfo_r(struct libnetapi_ctx *ctx,
}
werr = libnetapi_get_binding_handle(ctx, r->in.server_name,
- &ndr_table_srvsvc.syntax_id,
+ &ndr_table_srvsvc,
&b);
if (!W_ERROR_IS_OK(werr)) {
goto done;
@@ -201,7 +201,7 @@ WERROR NetFileEnum_r(struct libnetapi_ctx *ctx,
}
werr = libnetapi_get_binding_handle(ctx, r->in.server_name,
- &ndr_table_srvsvc.syntax_id,
+ &ndr_table_srvsvc,
&b);
if (!W_ERROR_IS_OK(werr)) {
goto done;
diff --git a/source3/lib/netapi/getdc.c b/source3/lib/netapi/getdc.c
index 3b26d46..ae976f1 100644
--- a/source3/lib/netapi/getdc.c
+++ b/source3/lib/netapi/getdc.c
@@ -47,7 +47,7 @@ WERROR NetGetDCName_r(struct libnetapi_ctx *ctx,
void *buffer;
werr = libnetapi_get_binding_handle(ctx, r->in.server_name,
- &ndr_table_netlogon.syntax_id,
+ &ndr_table_netlogon,
&b);
if (!W_ERROR_IS_OK(werr)) {
goto done;
@@ -101,7 +101,7 @@ WERROR NetGetAnyDCName_r(struct libnetapi_ctx *ctx,
void *buffer;
werr = libnetapi_get_binding_handle(ctx, r->in.server_name,
- &ndr_table_netlogon.syntax_id,
+ &ndr_table_netlogon,
&b);
if (!W_ERROR_IS_OK(werr)) {
goto done;
@@ -173,7 +173,7 @@ WERROR DsGetDcName_r(struct libnetapi_ctx *ctx,
struct dcerpc_binding_handle *b;
werr = libnetapi_get_binding_handle(ctx, r->in.server_name,
- &ndr_table_netlogon.syntax_id,
+ &ndr_table_netlogon,
&b);
if (!W_ERROR_IS_OK(werr)) {
goto done;
diff --git a/source3/lib/netapi/group.c b/source3/lib/netapi/group.c
index 9813f7e..38ed6df 100644
--- a/source3/lib/netapi/group.c
+++ b/source3/lib/netapi/group.c
@@ -76,7 +76,7 @@ WERROR NetGroupAdd_r(struct libnetapi_ctx *ctx,
}
werr = libnetapi_open_pipe(ctx, r->in.server_name,
- &ndr_table_samr.syntax_id,
+ &ndr_table_samr,
&pipe_cli);
if (!W_ERROR_IS_OK(werr)) {
goto done;
@@ -272,7 +272,7 @@ WERROR NetGroupDel_r(struct libnetapi_ctx *ctx,
}
werr = libnetapi_open_pipe(ctx, r->in.server_name,
- &ndr_table_samr.syntax_id,
--
Samba Shared Repository
More information about the samba-cvs
mailing list