[SCM] Samba Shared Repository - branch master updated
Andrew Bartlett
abartlet at samba.org
Wed Oct 16 15:57:02 MDT 2013
The branch, master has been updated
via 556f66b auth:credentials: avoid talloc_reference in cli_credentials_set_netlogon_creds()
via a62927e s4:librpc: let dcerpc_schannel_key_recv() return netlogon_creds_CredentialState
via 300a186 s4:librpc: make dcerpc_schannel_key_send/recv static
via 2be39c1 s3:libsmb: inline trust_pw_change_and_store_it() into trust_pw_find_change_and_store_it()
via 062df73 s3:libsmb: remove unused change_trust_account_password()
via 6db5aca s3:auth_domain: remove dead code in check_trustdomain_security()
via d221d84 s3:include: fix messaging_send_buf() protype in messages.h
via 9b22628 s3:include: add forward declaration for struct messaging_context; in g_lock.h
via 68ea47c s3:winbindd: don't hide the error in cm_connect_lsa()
via d610339 s4:librpc/rpc: remove unused dcerpc_smb_tree()
via e9998d1 s4:librpc/rpc: make use of dcerpc_secondary_smb_send/recv() in dcerpc_secondary_context()
via 07ec60c s4:librpc/rpc: add dcerpc_secondary_smb_send/recv()
via ecb3150 s4:librpc/rpc: remove unused dcerpc_smb_fnum()
via 3337a68 cli_np_tstream: remove unused tstream_cli_np_get_cli_state()
via a79547c s3:rpcclient: make use of rpcclient_cli_state
via 053b975 s3:rpcclient: introduce global rpcclient_cli_state
via 1974dbe s3:rpc_client: remove unused rpc_pipe_np_smb_conn()
via bd678cd s3-spoolss: do not use rpc_pipe_np_smb_conn()
via a9331e4 s3:lib/netapi: do not use rpc_pipe_np_smb_conn()
via 7f86364 s3-net: do not use rpc_pipe_np_smb_conn()
via 3b53566 s4:tortore:raw/qfileinfo: don't use dcerpc_pipe_open_smb() to open a named pipe
via a307452 s4:torture/samba3rpc: let rpc.authcontext be more robust against low level changes (part2)
via 9d6b6dc s4:torture/samba3rpc: let rpc.authcontext be more robust against low level code changes (part1)
via 872486b s3:rpc_client: pass object and table to rpccli_bh_create()
via d052528 s4:librpc: implement dcerpc_binding_handle_auth_info()
via f773ed2 s3:rpc_client: implement dcerpc_binding_handle_auth_info()
via a33b13b librpc/rpc: add dcerpc_binding_handle_auth_info()
from b92937e doc: add "spoolss: architecture" parameter usage
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit 556f66bd56415d83be936e28d41946c39e379914
Author: Stefan Metzmacher <metze at samba.org>
Date: Fri Sep 20 04:33:07 2013 +0200
auth:credentials: avoid talloc_reference in cli_credentials_set_netlogon_creds()
Typically cli_credentials_set_netlogon_creds() should be used directly
before the DCERPC bind. And cli_credentials_get_netlogon_creds()
should be only used by the gensec layer, which only needs a copy.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet at samba.org>
Autobuild-Date(master): Wed Oct 16 23:56:01 CEST 2013 on sn-devel-104
commit a62927ef882a5ed7bee1c737c44dd29b13e724e0
Author: Stefan Metzmacher <metze at samba.org>
Date: Fri Sep 20 04:16:00 2013 +0200
s4:librpc: let dcerpc_schannel_key_recv() return netlogon_creds_CredentialState
cli_credentials_set_netlogon_creds() should only be used directly before
a DCERPC bind in order to pass the session information to the
gensec layer.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 300a186a7123966d4d47fc1730014ea97cf97049
Author: Stefan Metzmacher <metze at samba.org>
Date: Fri Sep 20 04:14:00 2013 +0200
s4:librpc: make dcerpc_schannel_key_send/recv static
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 2be39c1866eda63beacdb67117e01b094686befb
Author: Stefan Metzmacher <metze at samba.org>
Date: Mon Sep 2 20:19:28 2013 +0200
s3:libsmb: inline trust_pw_change_and_store_it() into trust_pw_find_change_and_store_it()
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 062df736fa1f297a34edc153d735bd479b781565
Author: Stefan Metzmacher <metze at samba.org>
Date: Mon Sep 2 20:18:39 2013 +0200
s3:libsmb: remove unused change_trust_account_password()
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 6db5aca6033477bb6104520d6623cec19a1a9af3
Author: Stefan Metzmacher <metze at samba.org>
Date: Tue Aug 27 12:09:51 2013 +0200
s3:auth_domain: remove dead code in check_trustdomain_security()
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit d221d84e8d4e2eeefaf0fe9869cc127787936e0b
Author: Stefan Metzmacher <metze at samba.org>
Date: Mon Sep 2 19:29:05 2013 +0200
s3:include: fix messaging_send_buf() protype in messages.h
The function already used 'uint8_t' instead of 'uint8'.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 9b22628e2460fde0af2c704acceb62334317d95a
Author: Stefan Metzmacher <metze at samba.org>
Date: Mon Sep 2 09:24:42 2013 +0200
s3:include: add forward declaration for struct messaging_context; in g_lock.h
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 68ea47c27830b831e1be9725dff86bc3e17107cf
Author: Stefan Metzmacher <metze at samba.org>
Date: Tue Sep 17 04:25:39 2013 +0200
s3:winbindd: don't hide the error in cm_connect_lsa()
We should not overwrite the error with NT_STATUS_PIPE_NOT_AVAILABLE.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit d610339028443f74248aec4bb9b4caa62daa1ff4
Author: Stefan Metzmacher <metze at samba.org>
Date: Tue Sep 17 07:19:42 2013 +0200
s4:librpc/rpc: remove unused dcerpc_smb_tree()
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit e9998d16689aaee89746a741fcaa1622147a5890
Author: Stefan Metzmacher <metze at samba.org>
Date: Tue Sep 17 07:18:19 2013 +0200
s4:librpc/rpc: make use of dcerpc_secondary_smb_send/recv() in dcerpc_secondary_context()
This avoids the use of dcerpc_smb_tree(), which is a layer violation.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 07ec60ce72bbf3ff0ac2ddb94de24fb47a48cc1e
Author: Stefan Metzmacher <metze at samba.org>
Date: Tue Sep 17 07:16:29 2013 +0200
s4:librpc/rpc: add dcerpc_secondary_smb_send/recv()
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit ecb31505878be358d1101a42106eda35bb48b4c7
Author: Stefan Metzmacher <metze at samba.org>
Date: Tue Sep 17 07:04:55 2013 +0200
s4:librpc/rpc: remove unused dcerpc_smb_fnum()
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 3337a68e32f8453a8b6706fedd56b78740fa665f
Author: Gregor Beck <gbeck at sernet.de>
Date: Fri Sep 13 11:18:42 2013 +0200
cli_np_tstream: remove unused tstream_cli_np_get_cli_state()
Signed-off-by: Gregor Beck <gbeck at sernet.de>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit a79547cac620eaafd7fabe4264e58eb9276b549d
Author: Stefan Metzmacher <metze at samba.org>
Date: Fri Sep 13 11:06:30 2013 +0200
s3:rpcclient: make use of rpcclient_cli_state
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 053b9759003d3a36856945faaeb9879e8fe445d5
Author: Stefan Metzmacher <metze at samba.org>
Date: Fri Sep 13 11:06:00 2013 +0200
s3:rpcclient: introduce global rpcclient_cli_state
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 1974dbe30c83726a5fce86cbdb31b4375461d30b
Author: Gregor Beck <gbeck at sernet.de>
Date: Fri Sep 13 11:15:18 2013 +0200
s3:rpc_client: remove unused rpc_pipe_np_smb_conn()
Signed-off-by: Gregor Beck <gbeck at sernet.de>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit bd678cdd3b503c013f8384b063b7ba3934b9e4dd
Author: Gregor Beck <gbeck at sernet.de>
Date: Fri Sep 13 11:13:15 2013 +0200
s3-spoolss: do not use rpc_pipe_np_smb_conn()
Signed-off-by: Gregor Beck <gbeck at sernet.de>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit a9331e482c0120d70386edb69d924b1c77fa28c7
Author: Gregor Beck <gbeck at sernet.de>
Date: Fri Sep 13 11:12:25 2013 +0200
s3:lib/netapi: do not use rpc_pipe_np_smb_conn()
Signed-off-by: Gregor Beck <gbeck at sernet.de>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 7f863642dbb5d88361bc937d80ffd7ea8e771e84
Author: Gregor Beck <gbeck at sernet.de>
Date: Fri Sep 13 11:11:55 2013 +0200
s3-net: do not use rpc_pipe_np_smb_conn()
Signed-off-by: Gregor Beck <gbeck at sernet.de>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 3b53566ebb2be28dae82198e35bc27003eaf7b21
Author: Stefan Metzmacher <metze at samba.org>
Date: Tue Sep 17 07:01:57 2013 +0200
s4:tortore:raw/qfileinfo: don't use dcerpc_pipe_open_smb() to open a named pipe
We can directly use smb_raw_open() to open a handle to a named pipe.
This avoids the need for the layer violation functions
dcerpc_smb_tree() and dcerpc_smb_fnum().
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Michael Adam <obnox at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit a3074521d408acc4de8a6f810a99f0d6b0c0e324
Author: Stefan Metzmacher <metze at samba.org>
Date: Tue Sep 17 13:15:38 2013 +0200
s4:torture/samba3rpc: let rpc.authcontext be more robust against low level changes (part2)
We now use smbXcli_conn_is_connected() and
dcerpc_binding_handle_is_connected() to verify only the dcerpc layer
got an error. The expected error is EIO mapped to NT_STATUS_IO_DEVICE_ERROR.
NT_STATUS_INVALID_HANDLE should only be visible at the SMB layer,
but we keep this as allowed return value for now, until
the dcerpc layer is fixed.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Michael Adam <obnox at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 9d6b6dcd963412b33fd5960bd792ae183cc63458
Author: Stefan Metzmacher <metze at samba.org>
Date: Tue Sep 17 13:15:38 2013 +0200
s4:torture/samba3rpc: let rpc.authcontext be more robust against low level code changes (part1)
Some code uses the low level smbXcli_session structure instead of
the smbcli_session structure and doesn't 'see' updates to the
smbcli_session structure.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Michael Adam <obnox at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 872486bbd039c18eed13f30073a99b7a15f6b1b8
Author: Stefan Metzmacher <metze at samba.org>
Date: Tue Aug 27 13:23:04 2013 +0200
s3:rpc_client: pass object and table to rpccli_bh_create()
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit d0525289740522a43db2fb7f1364305eeb595070
Author: Stefan Metzmacher <metze at samba.org>
Date: Mon Aug 12 08:19:57 2013 +0200
s4:librpc: implement dcerpc_binding_handle_auth_info()
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit f773ed2cf7d490f6b1df38cf16a36743408dbd2d
Author: Stefan Metzmacher <metze at samba.org>
Date: Mon Aug 12 08:19:35 2013 +0200
s3:rpc_client: implement dcerpc_binding_handle_auth_info()
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit a33b13bd6133585323129fa248646c4bc0ac4732
Author: Stefan Metzmacher <metze at samba.org>
Date: Mon Aug 12 08:19:08 2013 +0200
librpc/rpc: add dcerpc_binding_handle_auth_info()
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
-----------------------------------------------------------------------
Summary of changes:
auth/credentials/credentials.c | 6 +-
librpc/rpc/binding_handle.c | 25 ++++++
librpc/rpc/rpc_common.h | 8 ++
source3/auth/auth_domain.c | 22 -----
source3/include/g_lock.h | 1 +
source3/include/messages.h | 2 +-
source3/include/proto.h | 6 --
source3/lib/netapi/cm.c | 2 +-
source3/libsmb/cli_np_tstream.c | 8 --
source3/libsmb/cli_np_tstream.h | 2 -
source3/libsmb/trusts_util.c | 122 ++++-----------------------
source3/rpc_client/cli_pipe.c | 34 ++++++--
source3/rpc_client/cli_pipe.h | 4 +-
source3/rpc_client/rpc_transport.h | 1 -
source3/rpc_client/rpc_transport_tstream.c | 19 ----
source3/rpc_server/rpc_ncacn_np.c | 8 +-
source3/rpc_server/spoolss/srv_spoolss_nt.c | 20 ++--
source3/rpcclient/cmd_test.c | 4 +-
source3/rpcclient/rpcclient.c | 4 +-
source3/rpcclient/rpcclient.h | 2 +
source3/utils/net_rpc.c | 49 ++++++-----
source3/winbindd/winbindd_cm.c | 1 -
source4/librpc/rpc/dcerpc.c | 24 +++++
source4/librpc/rpc/dcerpc.h | 6 +-
source4/librpc/rpc/dcerpc_schannel.c | 26 ++++--
source4/librpc/rpc/dcerpc_secondary.c | 12 +--
source4/librpc/rpc/dcerpc_smb.c | 27 ++----
source4/torture/raw/qfileinfo.c | 41 +++++++---
source4/torture/rpc/samba3rpc.c | 24 ++++--
29 files changed, 235 insertions(+), 275 deletions(-)
Changeset truncated at 500 lines:
diff --git a/auth/credentials/credentials.c b/auth/credentials/credentials.c
index 642eef7..78b5955 100644
--- a/auth/credentials/credentials.c
+++ b/auth/credentials/credentials.c
@@ -836,7 +836,11 @@ _PUBLIC_ void cli_credentials_guess(struct cli_credentials *cred,
_PUBLIC_ void cli_credentials_set_netlogon_creds(struct cli_credentials *cred,
struct netlogon_creds_CredentialState *netlogon_creds)
{
- cred->netlogon_creds = talloc_reference(cred, netlogon_creds);
+ TALLOC_FREE(cred->netlogon_creds);
+ if (netlogon_creds == NULL) {
+ return;
+ }
+ cred->netlogon_creds = netlogon_creds_copy(cred, netlogon_creds);
}
/**
diff --git a/librpc/rpc/binding_handle.c b/librpc/rpc/binding_handle.c
index 3c74fdf..1e11b04 100644
--- a/librpc/rpc/binding_handle.c
+++ b/librpc/rpc/binding_handle.c
@@ -98,6 +98,31 @@ uint32_t dcerpc_binding_handle_set_timeout(struct dcerpc_binding_handle *h,
return h->ops->set_timeout(h, timeout);
}
+void dcerpc_binding_handle_auth_info(struct dcerpc_binding_handle *h,
+ enum dcerpc_AuthType *auth_type,
+ enum dcerpc_AuthLevel *auth_level)
+{
+ enum dcerpc_AuthType _auth_type;
+ enum dcerpc_AuthLevel _auth_level;
+
+ if (auth_type == NULL) {
+ auth_type = &_auth_type;
+ }
+
+ if (auth_level == NULL) {
+ auth_level = &_auth_level;
+ }
+
+ *auth_type = DCERPC_AUTH_TYPE_NONE;
+ *auth_level = DCERPC_AUTH_LEVEL_NONE;
+
+ if (h->ops->auth_info == NULL) {
+ return;
+ }
+
+ h->ops->auth_info(h, auth_type, auth_level);
+}
+
struct dcerpc_binding_handle_raw_call_state {
const struct dcerpc_binding_handle_ops *ops;
uint8_t *out_data;
diff --git a/librpc/rpc/rpc_common.h b/librpc/rpc/rpc_common.h
index d2816f5..978229e 100644
--- a/librpc/rpc/rpc_common.h
+++ b/librpc/rpc/rpc_common.h
@@ -189,6 +189,10 @@ struct dcerpc_binding_handle_ops {
uint32_t (*set_timeout)(struct dcerpc_binding_handle *h,
uint32_t timeout);
+ void (*auth_info)(struct dcerpc_binding_handle *h,
+ enum dcerpc_AuthType *auth_type,
+ enum dcerpc_AuthLevel *auth_level);
+
struct tevent_req *(*raw_call_send)(TALLOC_CTX *mem_ctx,
struct tevent_context *ev,
struct dcerpc_binding_handle *h,
@@ -259,6 +263,10 @@ bool dcerpc_binding_handle_is_connected(struct dcerpc_binding_handle *h);
uint32_t dcerpc_binding_handle_set_timeout(struct dcerpc_binding_handle *h,
uint32_t timeout);
+void dcerpc_binding_handle_auth_info(struct dcerpc_binding_handle *h,
+ enum dcerpc_AuthType *auth_type,
+ enum dcerpc_AuthLevel *auth_level);
+
struct tevent_req *dcerpc_binding_handle_raw_call_send(TALLOC_CTX *mem_ctx,
struct tevent_context *ev,
struct dcerpc_binding_handle *h,
diff --git a/source3/auth/auth_domain.c b/source3/auth/auth_domain.c
index 06078e2..9f88c4a 100644
--- a/source3/auth/auth_domain.c
+++ b/source3/auth/auth_domain.c
@@ -378,8 +378,6 @@ static NTSTATUS check_trustdomain_security(const struct auth_context *auth_conte
struct auth_serversupplied_info **server_info)
{
NTSTATUS nt_status = NT_STATUS_LOGON_FAILURE;
- unsigned char trust_md4_password[16];
- char *trust_password;
fstring dc_name;
struct sockaddr_storage dc_ss;
@@ -408,26 +406,6 @@ static NTSTATUS check_trustdomain_security(const struct auth_context *auth_conte
if ( !is_trusted_domain( user_info->mapped.domain_name ) )
return NT_STATUS_NOT_IMPLEMENTED;
- /*
- * Get the trusted account password for the trusted domain
- * No need to become_root() as secrets_init() is done at startup.
- */
-
- if (!pdb_get_trusteddom_pw(user_info->mapped.domain_name, &trust_password,
- NULL, NULL)) {
- DEBUG(0, ("check_trustdomain_security: could not fetch trust "
- "account password for domain %s\n",
- user_info->mapped.domain_name));
- return NT_STATUS_CANT_ACCESS_DOMAIN_INFO;
- }
-
-#ifdef DEBUG_PASSWORD
- DEBUG(100, ("Trust password for domain %s is %s\n", user_info->mapped.domain_name,
- trust_password));
-#endif
- E_md4hash(trust_password, trust_md4_password);
- SAFE_FREE(trust_password);
-
/* use get_dc_name() for consistency even through we know that it will be
a netbios name */
diff --git a/source3/include/g_lock.h b/source3/include/g_lock.h
index 004c452..f513349 100644
--- a/source3/include/g_lock.h
+++ b/source3/include/g_lock.h
@@ -23,6 +23,7 @@
#include "dbwrap/dbwrap.h"
struct g_lock_ctx;
+struct messaging_context;
enum g_lock_type {
G_LOCK_READ = 0,
diff --git a/source3/include/messages.h b/source3/include/messages.h
index 12fc439..cefa279 100644
--- a/source3/include/messages.h
+++ b/source3/include/messages.h
@@ -136,7 +136,7 @@ NTSTATUS messaging_send(struct messaging_context *msg_ctx,
NTSTATUS messaging_send_buf(struct messaging_context *msg_ctx,
struct server_id server, uint32_t msg_type,
- const uint8 *buf, size_t len);
+ const uint8_t *buf, size_t len);
void messaging_dispatch_rec(struct messaging_context *msg_ctx,
struct messaging_rec *rec);
diff --git a/source3/include/proto.h b/source3/include/proto.h
index 1f14362..497828e 100644
--- a/source3/include/proto.h
+++ b/source3/include/proto.h
@@ -972,15 +972,9 @@ void update_trustdom_cache( void );
/* The following definitions come from libsmb/trusts_util.c */
-NTSTATUS trust_pw_change_and_store_it(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx,
- const char *domain,
- const char *account_name,
- unsigned char orig_trust_passwd_hash[16],
- enum netr_SchannelType sec_channel_type);
NTSTATUS trust_pw_find_change_and_store_it(struct rpc_pipe_client *cli,
TALLOC_CTX *mem_ctx,
const char *domain) ;
-NTSTATUS change_trust_account_password( const char *domain, const char *remote_machine);
/* The following definitions come from param/loadparm.c */
diff --git a/source3/lib/netapi/cm.c b/source3/lib/netapi/cm.c
index bb5d6b2..dbb6b6f 100644
--- a/source3/lib/netapi/cm.c
+++ b/source3/lib/netapi/cm.c
@@ -169,7 +169,7 @@ static NTSTATUS pipe_cm_find(struct client_ipc_connection *ipc,
for (p = ipc->pipe_connections; p; p = p->next) {
const char *ipc_remote_name;
- if (!rpc_pipe_np_smb_conn(p->pipe)) {
+ if (!rpccli_is_connected(p->pipe)) {
return NT_STATUS_PIPE_EMPTY;
}
diff --git a/source3/libsmb/cli_np_tstream.c b/source3/libsmb/cli_np_tstream.c
index f3a9962..8921a7f 100644
--- a/source3/libsmb/cli_np_tstream.c
+++ b/source3/libsmb/cli_np_tstream.c
@@ -330,14 +330,6 @@ unsigned int tstream_cli_np_set_timeout(struct tstream_context *stream,
return cli_set_timeout(cli_nps->cli, timeout);
}
-struct cli_state *tstream_cli_np_get_cli_state(struct tstream_context *stream)
-{
- struct tstream_cli_np *cli_nps = tstream_context_data(stream,
- struct tstream_cli_np);
-
- return cli_nps->cli;
-}
-
struct tstream_cli_np_writev_state {
struct tstream_context *stream;
struct tevent_context *ev;
diff --git a/source3/libsmb/cli_np_tstream.h b/source3/libsmb/cli_np_tstream.h
index 5f59d14..6f5e855 100644
--- a/source3/libsmb/cli_np_tstream.h
+++ b/source3/libsmb/cli_np_tstream.h
@@ -43,6 +43,4 @@ NTSTATUS tstream_cli_np_use_trans(struct tstream_context *stream);
unsigned int tstream_cli_np_set_timeout(struct tstream_context *stream,
unsigned int timeout);
-struct cli_state *tstream_cli_np_get_cli_state(struct tstream_context *stream);
-
#endif /* _CLI_NP_TSTREAM_H_ */
diff --git a/source3/libsmb/trusts_util.c b/source3/libsmb/trusts_util.c
index 6156ba0..428e0c1 100644
--- a/source3/libsmb/trusts_util.c
+++ b/source3/libsmb/trusts_util.c
@@ -29,20 +29,27 @@
/*********************************************************
Change the domain password on the PDC.
- Store the password ourselves, but use the supplied password
- Caller must have already setup the connection to the NETLOGON pipe
+ Do most of the legwork ourselfs. Caller must have
+ already setup the connection to the NETLOGON pipe
**********************************************************/
-NTSTATUS trust_pw_change_and_store_it(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx,
- const char *domain,
- const char *account_name,
- unsigned char orig_trust_passwd_hash[16],
- enum netr_SchannelType sec_channel_type)
+NTSTATUS trust_pw_find_change_and_store_it(struct rpc_pipe_client *cli,
+ TALLOC_CTX *mem_ctx,
+ const char *domain)
{
+ unsigned char old_trust_passwd_hash[16];
unsigned char new_trust_passwd_hash[16];
+ enum netr_SchannelType sec_channel_type = SEC_CHAN_NULL;
+ const char *account_name;
char *new_trust_passwd;
NTSTATUS nt_status;
+ if (!get_trust_pw_hash(domain, old_trust_passwd_hash, &account_name,
+ &sec_channel_type)) {
+ DEBUG(0, ("could not fetch domain secrets for domain %s!\n", domain));
+ return NT_STATUS_UNSUCCESSFUL;
+ }
+
switch (sec_channel_type) {
case SEC_CHAN_WKSTA:
case SEC_CHAN_DOMAIN:
@@ -64,7 +71,7 @@ NTSTATUS trust_pw_change_and_store_it(struct rpc_pipe_client *cli, TALLOC_CTX *m
nt_status = rpccli_netlogon_set_trust_password(cli, mem_ctx,
account_name,
- orig_trust_passwd_hash,
+ old_trust_passwd_hash,
new_trust_passwd,
new_trust_passwd_hash,
sec_channel_type);
@@ -108,102 +115,3 @@ NTSTATUS trust_pw_change_and_store_it(struct rpc_pipe_client *cli, TALLOC_CTX *m
return nt_status;
}
-
-/*********************************************************
- Change the domain password on the PDC.
- Do most of the legwork ourselfs. Caller must have
- already setup the connection to the NETLOGON pipe
-**********************************************************/
-
-NTSTATUS trust_pw_find_change_and_store_it(struct rpc_pipe_client *cli,
- TALLOC_CTX *mem_ctx,
- const char *domain)
-{
- unsigned char old_trust_passwd_hash[16];
- enum netr_SchannelType sec_channel_type = SEC_CHAN_NULL;
- const char *account_name;
-
- if (!get_trust_pw_hash(domain, old_trust_passwd_hash, &account_name,
- &sec_channel_type)) {
- DEBUG(0, ("could not fetch domain secrets for domain %s!\n", domain));
- return NT_STATUS_UNSUCCESSFUL;
- }
-
- return trust_pw_change_and_store_it(cli, mem_ctx, domain,
- account_name,
- old_trust_passwd_hash,
- sec_channel_type);
-}
-
-NTSTATUS change_trust_account_password( const char *domain, const char *remote_machine)
-{
- NTSTATUS nt_status = NT_STATUS_UNSUCCESSFUL;
- struct sockaddr_storage pdc_ss;
- fstring dc_name;
- struct cli_state *cli = NULL;
- struct rpc_pipe_client *netlogon_pipe = NULL;
-
- DEBUG(5,("change_trust_account_password: Attempting to change trust account password in domain %s....\n",
- domain));
-
- if (remote_machine == NULL || !strcmp(remote_machine, "*")) {
- /* Use the PDC *only* for this */
-
- if ( !get_pdc_ip(domain, &pdc_ss) ) {
- DEBUG(0,("Can't get IP for PDC for domain %s\n", domain));
- goto failed;
- }
-
- if ( !name_status_find( domain, 0x1b, 0x20, &pdc_ss, dc_name) )
- goto failed;
- } else {
- /* supoport old deprecated "smbpasswd -j DOMAIN -r MACHINE" behavior */
- fstrcpy( dc_name, remote_machine );
- }
-
- /* if this next call fails, then give up. We can't do
- password changes on BDC's --jerry */
-
- if (!NT_STATUS_IS_OK(cli_full_connection(&cli, lp_netbios_name(), dc_name,
- NULL, 0,
- "IPC$", "IPC",
- "", "",
- "", 0, SMB_SIGNING_DEFAULT))) {
- DEBUG(0,("modify_trust_password: Connection to %s failed!\n", dc_name));
- nt_status = NT_STATUS_UNSUCCESSFUL;
- goto failed;
- }
-
- /*
- * Ok - we have an anonymous connection to the IPC$ share.
- * Now start the NT Domain stuff :-).
- */
-
- /* Shouldn't we open this with schannel ? JRA. */
-
- nt_status = cli_rpc_pipe_open_noauth(
- cli, &ndr_table_netlogon, &netlogon_pipe);
- if (!NT_STATUS_IS_OK(nt_status)) {
- DEBUG(0,("modify_trust_password: unable to open the domain client session to machine %s. Error was : %s.\n",
- dc_name, nt_errstr(nt_status)));
- cli_shutdown(cli);
- cli = NULL;
- goto failed;
- }
-
- nt_status = trust_pw_find_change_and_store_it(
- netlogon_pipe, netlogon_pipe, domain);
-
- cli_shutdown(cli);
- cli = NULL;
-
-failed:
- if (!NT_STATUS_IS_OK(nt_status)) {
- DEBUG(0,("%s : change_trust_account_password: Failed to change password for domain %s.\n",
- current_timestring(talloc_tos(), False), domain));
- }
- else
- DEBUG(5,("change_trust_account_password: sucess!\n"));
-
- return nt_status;
-}
diff --git a/source3/rpc_client/cli_pipe.c b/source3/rpc_client/cli_pipe.c
index e7e8610..48ed92c 100644
--- a/source3/rpc_client/cli_pipe.c
+++ b/source3/rpc_client/cli_pipe.c
@@ -1839,6 +1839,25 @@ static uint32_t rpccli_bh_set_timeout(struct dcerpc_binding_handle *h,
return rpccli_set_timeout(hs->rpc_cli, timeout);
}
+static void rpccli_bh_auth_info(struct dcerpc_binding_handle *h,
+ enum dcerpc_AuthType *auth_type,
+ enum dcerpc_AuthLevel *auth_level)
+{
+ struct rpccli_bh_state *hs = dcerpc_binding_handle_data(h,
+ struct rpccli_bh_state);
+
+ if (hs->rpc_cli == NULL) {
+ return;
+ }
+
+ if (hs->rpc_cli->auth == NULL) {
+ return;
+ }
+
+ *auth_type = hs->rpc_cli->auth->auth_type;
+ *auth_level = hs->rpc_cli->auth->auth_level;
+}
+
struct rpccli_bh_raw_call_state {
DATA_BLOB in_data;
DATA_BLOB out_data;
@@ -2018,6 +2037,7 @@ static const struct dcerpc_binding_handle_ops rpccli_bh_ops = {
.name = "rpccli",
.is_connected = rpccli_bh_is_connected,
.set_timeout = rpccli_bh_set_timeout,
+ .auth_info = rpccli_bh_auth_info,
.raw_call_send = rpccli_bh_raw_call_send,
.raw_call_recv = rpccli_bh_raw_call_recv,
.disconnect_send = rpccli_bh_disconnect_send,
@@ -2028,15 +2048,17 @@ static const struct dcerpc_binding_handle_ops rpccli_bh_ops = {
};
/* initialise a rpc_pipe_client binding handle */
-struct dcerpc_binding_handle *rpccli_bh_create(struct rpc_pipe_client *c)
+struct dcerpc_binding_handle *rpccli_bh_create(struct rpc_pipe_client *c,
+ const struct GUID *object,
+ const struct ndr_interface_table *table)
{
struct dcerpc_binding_handle *h;
struct rpccli_bh_state *hs;
h = dcerpc_binding_handle_create(c,
&rpccli_bh_ops,
- NULL,
- NULL, /* TODO */
+ object,
+ table,
&hs,
struct rpccli_bh_state,
__location__);
@@ -2232,7 +2254,7 @@ static NTSTATUS rpc_pipe_open_tcp_port(TALLOC_CTX *mem_ctx, const char *host,
result->transport->transport = NCACN_IP_TCP;
- result->binding_handle = rpccli_bh_create(result);
+ result->binding_handle = rpccli_bh_create(result, NULL, table);
if (result->binding_handle == NULL) {
TALLOC_FREE(result);
return NT_STATUS_NO_MEMORY;
@@ -2471,7 +2493,7 @@ NTSTATUS rpc_pipe_open_ncalrpc(TALLOC_CTX *mem_ctx, const char *socket_path,
result->transport->transport = NCALRPC;
- result->binding_handle = rpccli_bh_create(result);
+ result->binding_handle = rpccli_bh_create(result, NULL, table);
if (result->binding_handle == NULL) {
TALLOC_FREE(result);
return NT_STATUS_NO_MEMORY;
@@ -2562,7 +2584,7 @@ static NTSTATUS rpc_pipe_open_np(struct cli_state *cli,
DLIST_ADD(np_ref->cli->pipe_list, np_ref->pipe);
talloc_set_destructor(np_ref, rpc_pipe_client_np_ref_destructor);
- result->binding_handle = rpccli_bh_create(result);
+ result->binding_handle = rpccli_bh_create(result, NULL, table);
if (result->binding_handle == NULL) {
TALLOC_FREE(result);
return NT_STATUS_NO_MEMORY;
diff --git a/source3/rpc_client/cli_pipe.h b/source3/rpc_client/cli_pipe.h
index ab99373..e38767d 100644
--- a/source3/rpc_client/cli_pipe.h
+++ b/source3/rpc_client/cli_pipe.h
@@ -68,7 +68,9 @@ NTSTATUS rpc_pipe_open_ncalrpc(TALLOC_CTX *mem_ctx, const char *socket_path,
const struct ndr_interface_table *table,
struct rpc_pipe_client **presult);
-struct dcerpc_binding_handle *rpccli_bh_create(struct rpc_pipe_client *c);
+struct dcerpc_binding_handle *rpccli_bh_create(struct rpc_pipe_client *c,
+ const struct GUID *object,
+ const struct ndr_interface_table *table);
NTSTATUS cli_rpc_pipe_open_noauth(struct cli_state *cli,
const struct ndr_interface_table *table,
diff --git a/source3/rpc_client/rpc_transport.h b/source3/rpc_client/rpc_transport.h
index 72e7609..ad22106 100644
--- a/source3/rpc_client/rpc_transport.h
+++ b/source3/rpc_client/rpc_transport.h
@@ -102,6 +102,5 @@ NTSTATUS rpc_transport_sock_init(TALLOC_CTX *mem_ctx, int fd,
NTSTATUS rpc_transport_tstream_init(TALLOC_CTX *mem_ctx,
struct tstream_context **stream,
struct rpc_cli_transport **presult);
-struct cli_state *rpc_pipe_np_smb_conn(struct rpc_pipe_client *p);
#endif /* _RPC_CLIENT_RPC_TRANSPORT_H_ */
diff --git a/source3/rpc_client/rpc_transport_tstream.c b/source3/rpc_client/rpc_transport_tstream.c
index ec37c7d..dd0de08 100644
--- a/source3/rpc_client/rpc_transport_tstream.c
+++ b/source3/rpc_client/rpc_transport_tstream.c
@@ -585,22 +585,3 @@ NTSTATUS rpc_transport_tstream_init(TALLOC_CTX *mem_ctx,
*presult = result;
return NT_STATUS_OK;
}
-
-struct cli_state *rpc_pipe_np_smb_conn(struct rpc_pipe_client *p)
-{
- struct rpc_tstream_state *transp =
- talloc_get_type_abort(p->transport->priv,
- struct rpc_tstream_state);
- bool ok;
-
- ok = rpccli_is_connected(p);
- if (!ok) {
- return NULL;
- }
-
- if (!tstream_is_cli_np(transp->stream)) {
- return NULL;
- }
-
- return tstream_cli_np_get_cli_state(transp->stream);
-}
diff --git a/source3/rpc_server/rpc_ncacn_np.c b/source3/rpc_server/rpc_ncacn_np.c
index 9c1599e..c58f97d 100644
--- a/source3/rpc_server/rpc_ncacn_np.c
--
Samba Shared Repository
More information about the samba-cvs
mailing list