[SCM] Samba Shared Repository - branch master updated
Andrew Bartlett
abartlet at samba.org
Fri Sep 26 20:02:04 MDT 2014
The branch, master has been updated
via 043585f WHATSNEW: Update WHATSNEW for new default winbind implementation
via 4281c11 credentials: Allow the secrets.tdb password to be newer than the secrets.ldb password
via 3fc5b22 Fix commented out code in kpasswd server to use correct function
via f807809 provision: explain why this is required
via d0a0af3 librpc: gensec is our security provider abstraction, remove a void *
via f8643b9 librpc: Remove user/domain from struct pipe_auth_data
via a3ecad4 idl: Merge NETR_TRUST and LSA_TRUST definitions into one set only in lsa.idl
via 1ac96a4 librpc/ndr_drsuapi: Allow ndrdump to dump dsinfo52 blobs
via a744dba torture: Fix use-after-free in ldap.nested-search
from edda534 s4-auth/kerberos: fix salting principal, make sure hostname is lowercase.
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit 043585fd1608bbb492e96b4288db698e5eff0aac
Author: Andrew Bartlett <abartlet at samba.org>
Date: Mon Sep 22 12:19:11 2014 -0700
WHATSNEW: Update WHATSNEW for new default winbind implementation
Reviewed-by: Stefan Metzmacher <metze at samba.org>
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet at samba.org>
Autobuild-Date(master): Sat Sep 27 04:01:33 CEST 2014 on sn-devel-104
commit 4281c11e3a6702ad91c34e8722251897340dfdd2
Author: Andrew Bartlett <abartlet at samba.org>
Date: Mon Sep 22 16:43:18 2014 -0700
credentials: Allow the secrets.tdb password to be newer than the secrets.ldb password
Pair-Programmed-With: Stefan Metzmacher <metze at samba.org>
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Signed-off-by: Stefan Metzmacher <metze at samba.org>
commit 3fc5b2269ba8d1d24052c3d4a9794af1b1dbfce4
Author: Andrew Bartlett <abartlet at samba.org>
Date: Sun Sep 21 23:38:10 2014 -0700
Fix commented out code in kpasswd server to use correct function
The fix in ac2d31e24cfa24f6674b645b3661a1a2ce9ab060 picked the wrong function name. This is meant
to be the remote address, not the local one, if we ever have to re-instate this code.
Andrew Bartlett
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
commit f80780925fa1dfd15dc18b5b307d7ff4bd72a795
Author: Andrew Bartlett <abartlet at samba.org>
Date: Wed Aug 27 15:09:22 2014 +1200
provision: explain why this is required
Change-Id: Iaf8b13010b52e03db2eefe1ad565d7ca768ffb48
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
commit d0a0af3550ddb5f08ab683bc54ab99f9e2b1a74c
Author: Andrew Bartlett <abartlet at samba.org>
Date: Mon Sep 22 20:45:55 2014 -0700
librpc: gensec is our security provider abstraction, remove a void *
Andrew Bartlett
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
commit f8643b9f5fcb4854e2e6ba17941df24862f0504b
Author: Andrew Bartlett <abartlet at samba.org>
Date: Mon Sep 22 23:19:46 2014 -0700
librpc: Remove user/domain from struct pipe_auth_data
This does require that we always fill in the gensec pointer, but the
simplification is worth the extra allocations.
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
commit a3ecad4237e1c4094263f31204bb8ae06669c951
Author: Andrew Bartlett <abartlet at samba.org>
Date: Tue Sep 23 10:02:57 2014 -0700
idl: Merge NETR_TRUST and LSA_TRUST definitions into one set only in lsa.idl
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
commit 1ac96a416d7d6db2476f56129166fd9e018e7306
Author: Matthieu Patou <mat at matws.net>
Date: Tue Sep 23 13:45:32 2014 -0700
librpc/ndr_drsuapi: Allow ndrdump to dump dsinfo52 blobs
Change-Id: I6968b25c67587296b928b2193a9d48093c69c01a
Signed-off-by: Matthieu Patou <mat at matws.net>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit a744dba3b9c140117613ddec8affd781ab82da87
Author: Andrew Bartlett <abartlet at samba.org>
Date: Thu Sep 4 14:06:40 2014 +1200
torture: Fix use-after-free in ldap.nested-search
Found by AddressSanitizer
Change-Id: Ie3bb4054201382cacb4b296308d561a3548f8cff
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
-----------------------------------------------------------------------
Summary of changes:
WHATSNEW.txt | 17 +++++++
auth/credentials/credentials_secrets.c | 2 +
librpc/idl/lsa.idl | 5 +-
librpc/idl/netlogon.idl | 21 +-------
librpc/ndr/ndr_drsuapi.c | 34 +++++++++++++
librpc/wscript_build | 2 +-
python/samba/provision/sambadns.py | 8 +++
source3/librpc/rpc/dcerpc.h | 7 +--
source3/librpc/rpc/dcerpc_helpers.c | 9 +--
source3/rpc_client/cli_pipe.c | 65 +++++++++++++-----------
source3/rpc_client/cli_spoolss.c | 8 ++-
source3/rpc_server/srv_pipe.c | 12 +----
source3/utils/net_rpc_printer.c | 13 ++++-
source3/winbindd/winbindd_ads.c | 2 +-
source3/winbindd/winbindd_cm.c | 2 +-
source3/winbindd/winbindd_misc.c | 10 ++--
source3/winbindd/winbindd_ndr.c | 5 +-
source3/winbindd/winbindd_pam.c | 2 +-
source3/winbindd/winbindd_util.c | 4 +-
source4/kdc/kpasswdd.c | 2 +-
source4/rpc_server/lsa/dcesrv_lsa.c | 2 +-
source4/rpc_server/netlogon/dcerpc_netlogon.c | 7 ++-
source4/torture/ldap/nested_search.c | 6 ++-
source4/torture/rpc/lsa.c | 2 +-
source4/torture/rpc/netlogon.c | 2 +-
25 files changed, 152 insertions(+), 97 deletions(-)
Changeset truncated at 500 lines:
diff --git a/WHATSNEW.txt b/WHATSNEW.txt
index 2a4e7b7..0ab0561 100644
--- a/WHATSNEW.txt
+++ b/WHATSNEW.txt
@@ -73,6 +73,23 @@ reliably possible, e.g. if there are trusted domains.
Please consult the smb.conf manpage for more details on these new options.
+Winbindd use on the Samba AD DC
+===============================
+
+Winbindd is now used on the Samba AD DC by default, replacing the
+partial rewrite used for winbind operations in Samba 4.0 and 4.1.
+
+This allows more code to be shared, more options to be honoured, and
+paves the way for support for trusted domains in the AD DC.
+
+If required the old internal winbind can be activated by setting
+'server services = +winbind -winbindd'. Upgrading users with a server
+services parameter specified should ensure they change 'winbind' to
+'winbindd' to obtain the new functionality.
+
+The 'samba' binary still manages the starting of this service, there
+is no need to start the winbindd binary manually.
+
Larger IO sizes for SMB2/3 by default
=====================================
diff --git a/auth/credentials/credentials_secrets.c b/auth/credentials/credentials_secrets.c
index 9fad104..625ce20 100644
--- a/auth/credentials/credentials_secrets.c
+++ b/auth/credentials/credentials_secrets.c
@@ -322,6 +322,8 @@ _PUBLIC_ NTSTATUS cli_credentials_set_machine_account(struct cli_credentials *cr
cli_credentials_set_old_password(cred, secrets_tdb_old_password, CRED_SPECIFIED);
cli_credentials_set_domain(cred, domain, CRED_SPECIFIED);
cli_credentials_set_username(cred, machine_account, CRED_SPECIFIED);
+ cli_credentials_set_password_last_changed_time(cred, secrets_tdb_lct);
+ status = NT_STATUS_OK;
} else if (!NT_STATUS_IS_OK(status)) {
if (db_ctx) {
error_string = talloc_asprintf(cred,
diff --git a/librpc/idl/lsa.idl b/librpc/idl/lsa.idl
index 80efbd5..251b4e2 100644
--- a/librpc/idl/lsa.idl
+++ b/librpc/idl/lsa.idl
@@ -691,10 +691,11 @@ import "misc.idl", "security.idl";
LSA_TRUST_DIRECTION_OUTBOUND = 0x00000002
} lsa_TrustDirection;
- typedef [v1_enum] enum {
+ typedef [public,v1_enum] enum {
LSA_TRUST_TYPE_DOWNLEVEL = 0x00000001,
LSA_TRUST_TYPE_UPLEVEL = 0x00000002,
- LSA_TRUST_TYPE_MIT = 0x00000003
+ LSA_TRUST_TYPE_MIT = 0x00000003,
+ LSA_TRUST_TYPE_DCE = 0x00000004
} lsa_TrustType;
typedef [public,bitmap32bit] bitmap {
diff --git a/librpc/idl/netlogon.idl b/librpc/idl/netlogon.idl
index 504933c..3ff7082 100644
--- a/librpc/idl/netlogon.idl
+++ b/librpc/idl/netlogon.idl
@@ -1502,30 +1502,13 @@ interface netlogon
/****************/
/* Function 0x24 */
- typedef [v1_enum] enum {
- NETR_TRUST_TYPE_DOWNLEVEL = 1,
- NETR_TRUST_TYPE_UPLEVEL = 2,
- NETR_TRUST_TYPE_MIT = 3,
- NETR_TRUST_TYPE_DCE = 4
- } netr_TrustType;
-
- typedef [bitmap32bit] bitmap {
- NETR_TRUST_ATTRIBUTE_NON_TRANSITIVE = 0x00000001,
- NETR_TRUST_ATTRIBUTE_UPLEVEL_ONLY = 0x00000002,
- NETR_TRUST_ATTRIBUTE_QUARANTINED_DOMAIN = 0x00000004,
- NETR_TRUST_ATTRIBUTE_FOREST_TRANSITIVE = 0x00000008,
- NETR_TRUST_ATTRIBUTE_CROSS_ORGANIZATION = 0x00000010,
- NETR_TRUST_ATTRIBUTE_WITHIN_FOREST = 0x00000020,
- NETR_TRUST_ATTRIBUTE_TREAT_AS_EXTERNAL = 0x00000040
- } netr_TrustAttributes;
-
typedef struct {
[string,charset(UTF16)] uint16 *netbios_name;
[string,charset(UTF16)] uint16 *dns_name;
netr_TrustFlags trust_flags;
uint32 parent_index;
- netr_TrustType trust_type;
- netr_TrustAttributes trust_attributes;
+ lsa_TrustType trust_type;
+ lsa_TrustAttributes trust_attributes;
dom_sid2 *sid;
GUID guid;
} netr_DomainTrust;
diff --git a/librpc/ndr/ndr_drsuapi.c b/librpc/ndr/ndr_drsuapi.c
index cef617b..45d3ac0 100644
--- a/librpc/ndr/ndr_drsuapi.c
+++ b/librpc/ndr/ndr_drsuapi.c
@@ -410,6 +410,8 @@ _PUBLIC_ void ndr_print_drsuapi_DsAddEntry_AttrErrListItem_V1(struct ndr_print *
enum ndr_err_code ndr_push_drsuapi_DsBindInfo(struct ndr_push *ndr, int ndr_flags, const union drsuapi_DsBindInfo *r)
{
+ uint32_t _flags_save = ndr->flags;
+ ndr->flags = ndr->flags & ~LIBNDR_FLAG_NDR64;
NDR_PUSH_CHECK_FLAGS(ndr, ndr_flags);
if (ndr_flags & NDR_SCALARS) {
uint32_t level = ndr_push_get_switch_value(ndr, r);
@@ -442,6 +444,15 @@ enum ndr_err_code ndr_push_drsuapi_DsBindInfo(struct ndr_push *ndr, int ndr_flag
}
break; }
+ case 52: {
+ {
+ struct ndr_push *_ndr_info52;
+ NDR_CHECK(ndr_push_subcontext_start(ndr, &_ndr_info52, 0, 52));
+ NDR_CHECK(ndr_push_drsuapi_DsBindInfo52(_ndr_info52, NDR_SCALARS, &r->info52));
+ NDR_CHECK(ndr_push_subcontext_end(ndr, _ndr_info52, 0, 52));
+ }
+ break; }
+
default: {
{
struct ndr_push *_ndr_Fallback;
@@ -465,17 +476,23 @@ enum ndr_err_code ndr_push_drsuapi_DsBindInfo(struct ndr_push *ndr, int ndr_flag
case 48:
break;
+ case 52:
+ break;
+
default:
break;
}
}
+ ndr->flags = _flags_save;
return NDR_ERR_SUCCESS;
}
enum ndr_err_code ndr_pull_drsuapi_DsBindInfo(struct ndr_pull *ndr, int ndr_flags, union drsuapi_DsBindInfo *r)
{
uint32_t level;
+ uint32_t _flags_save = ndr->flags;
+ ndr->flags = ndr->flags & ~LIBNDR_FLAG_NDR64;
level = ndr_pull_get_switch_value(ndr, r);
NDR_PULL_CHECK_FLAGS(ndr, ndr_flags);
if (ndr_flags & NDR_SCALARS) {
@@ -508,6 +525,15 @@ enum ndr_err_code ndr_pull_drsuapi_DsBindInfo(struct ndr_pull *ndr, int ndr_flag
}
break; }
+ case 52: {
+ {
+ struct ndr_pull *_ndr_info52;
+ NDR_CHECK(ndr_pull_subcontext_start(ndr, &_ndr_info52, 0, 52));
+ NDR_CHECK(ndr_pull_drsuapi_DsBindInfo52(_ndr_info52, NDR_SCALARS, &r->info52));
+ NDR_CHECK(ndr_pull_subcontext_end(ndr, _ndr_info52, 0, 52));
+ }
+ break; }
+
default: {
{
struct ndr_pull *_ndr_Fallback;
@@ -530,11 +556,15 @@ enum ndr_err_code ndr_pull_drsuapi_DsBindInfo(struct ndr_pull *ndr, int ndr_flag
case 48:
break;
+ case 52:
+ break;
+
default:
break;
}
}
+ ndr->flags = _flags_save;
return NDR_ERR_SUCCESS;
}
@@ -556,6 +586,10 @@ _PUBLIC_ void ndr_print_drsuapi_DsBindInfo(struct ndr_print *ndr, const char *na
ndr_print_drsuapi_DsBindInfo48(ndr, "info48", &r->info48);
break;
+ case 52:
+ ndr_print_drsuapi_DsBindInfo52(ndr, "info52", &r->info52);
+ break;
+
default:
ndr_print_drsuapi_DsBindInfoFallBack(ndr, "Fallback", &r->Fallback);
break;
diff --git a/librpc/wscript_build b/librpc/wscript_build
index 0a60b62..6f744eb 100644
--- a/librpc/wscript_build
+++ b/librpc/wscript_build
@@ -672,7 +672,7 @@ bld.SAMBA_LIBRARY('dcerpc-binding',
bld.SAMBA_SUBSYSTEM('NDR_WINBIND',
source='gen_ndr/ndr_winbind.c',
- public_deps='ndr'
+ public_deps='ndr NDR_LSA'
)
bld.SAMBA_SUBSYSTEM('RPC_NDR_WINBIND',
diff --git a/python/samba/provision/sambadns.py b/python/samba/provision/sambadns.py
index 9dbea4e..29224c8 100644
--- a/python/samba/provision/sambadns.py
+++ b/python/samba/provision/sambadns.py
@@ -801,6 +801,14 @@ def create_samdb_copy(samdb, logger, paths, names, domainsid, domainguid):
logger.error(
"Failed to setup database for BIND, AD based DNS cannot be used")
raise
+
+ # This line is critical to the security of the whole scheme.
+ # We assume there is no secret data in the (to be left out of
+ # date and essentially read-only) config, schema and metadata partitions.
+ #
+ # Only the stub of the domain partition is created above.
+ #
+ # That way, things like the krbtgt key do not leak.
del partfile[domaindn]
# Link dns partitions and metadata
diff --git a/source3/librpc/rpc/dcerpc.h b/source3/librpc/rpc/dcerpc.h
index 9d0f861..42429a1 100644
--- a/source3/librpc/rpc/dcerpc.h
+++ b/source3/librpc/rpc/dcerpc.h
@@ -33,6 +33,7 @@
#define SMB_RPC_INTERFACE_VERSION 1
struct NL_AUTH_MESSAGE;
+struct gensec_security;
/* auth state for all bind types. */
@@ -43,11 +44,9 @@ struct pipe_auth_data {
bool hdr_signing;
bool verified_bitmask1;
- void *auth_ctx;
+ struct gensec_security *auth_ctx;
- /* Only the client code uses these 3 for now */
- char *domain;
- char *user_name;
+ /* Only the client code uses this for now */
DATA_BLOB transport_session_key;
};
diff --git a/source3/librpc/rpc/dcerpc_helpers.c b/source3/librpc/rpc/dcerpc_helpers.c
index 62358d5..a9b24c8 100644
--- a/source3/librpc/rpc/dcerpc_helpers.c
+++ b/source3/librpc/rpc/dcerpc_helpers.c
@@ -276,8 +276,7 @@ NTSTATUS dcerpc_guess_sizes(struct pipe_auth_data *auth,
case DCERPC_AUTH_TYPE_NTLMSSP:
case DCERPC_AUTH_TYPE_KRB5:
case DCERPC_AUTH_TYPE_SCHANNEL:
- gensec_security = talloc_get_type_abort(auth->auth_ctx,
- struct gensec_security);
+ gensec_security = auth->auth_ctx;
*auth_len = gensec_sig_size(gensec_security, max_len);
break;
default:
@@ -469,8 +468,7 @@ NTSTATUS dcerpc_add_auth_footer(struct pipe_auth_data *auth,
status = NT_STATUS_OK;
break;
default:
- gensec_security = talloc_get_type(auth->auth_ctx,
- struct gensec_security);
+ gensec_security = auth->auth_ctx;
status = add_generic_auth_footer(gensec_security,
auth->auth_level,
rpc_out);
@@ -567,8 +565,7 @@ NTSTATUS dcerpc_check_auth(struct pipe_auth_data *auth,
default:
DEBUG(10, ("GENSEC auth\n"));
- gensec_security = talloc_get_type(auth->auth_ctx,
- struct gensec_security);
+ gensec_security = auth->auth_ctx;
status = get_generic_auth_footer(gensec_security,
auth->auth_level,
&data, &full_pkt,
diff --git a/source3/rpc_client/cli_pipe.c b/source3/rpc_client/cli_pipe.c
index ce247ff..dc07495 100644
--- a/source3/rpc_client/cli_pipe.c
+++ b/source3/rpc_client/cli_pipe.c
@@ -1007,8 +1007,7 @@ static NTSTATUS create_generic_auth_rpc_bind_req(struct rpc_pipe_client *cli,
DATA_BLOB null_blob = data_blob_null;
NTSTATUS status;
- gensec_security = talloc_get_type_abort(cli->auth->auth_ctx,
- struct gensec_security);
+ gensec_security = cli->auth->auth_ctx;
DEBUG(5, ("create_generic_auth_rpc_bind_req: generate first token\n"));
status = gensec_update(gensec_security, mem_ctx, null_blob, auth_token);
@@ -1860,8 +1859,7 @@ static void rpc_pipe_bind_step_one_done(struct tevent_req *subreq)
return;
default:
- gensec_security = talloc_get_type_abort(pauth->auth_ctx,
- struct gensec_security);
+ gensec_security = pauth->auth_ctx;
if (pkt->pfc_flags & DCERPC_PFC_FLAG_SUPPORT_HEADER_SIGN) {
if (pauth->client_hdr_signing) {
@@ -2289,6 +2287,8 @@ NTSTATUS rpccli_anon_bind_data(TALLOC_CTX *mem_ctx,
struct pipe_auth_data **presult)
{
struct pipe_auth_data *result;
+ struct auth_generic_state *auth_generic_ctx;
+ NTSTATUS status;
result = talloc_zero(mem_ctx, struct pipe_auth_data);
if (result == NULL) {
@@ -2298,13 +2298,38 @@ NTSTATUS rpccli_anon_bind_data(TALLOC_CTX *mem_ctx,
result->auth_type = DCERPC_AUTH_TYPE_NONE;
result->auth_level = DCERPC_AUTH_LEVEL_NONE;
- result->user_name = talloc_strdup(result, "");
- result->domain = talloc_strdup(result, "");
- if ((result->user_name == NULL) || (result->domain == NULL)) {
- TALLOC_FREE(result);
- return NT_STATUS_NO_MEMORY;
+ status = auth_generic_client_prepare(result,
+ &auth_generic_ctx);
+ if (!NT_STATUS_IS_OK(status)) {
+ DEBUG(1, ("Failed to create auth_generic context: %s\n",
+ nt_errstr(status)));
+ }
+
+ status = auth_generic_set_username(auth_generic_ctx, "");
+ if (!NT_STATUS_IS_OK(status)) {
+ DEBUG(1, ("Failed to set username: %s\n",
+ nt_errstr(status)));
+ }
+
+ status = auth_generic_set_domain(auth_generic_ctx, "");
+ if (!NT_STATUS_IS_OK(status)) {
+ DEBUG(1, ("Failed to set domain: %s\n",
+ nt_errstr(status)));
+ return status;
}
+ status = gensec_set_credentials(auth_generic_ctx->gensec_security,
+ auth_generic_ctx->credentials);
+ if (!NT_STATUS_IS_OK(status)) {
+ DEBUG(1, ("Failed to set GENSEC credentials: %s\n",
+ nt_errstr(status)));
+ return status;
+ }
+ talloc_unlink(auth_generic_ctx, auth_generic_ctx->credentials);
+ auth_generic_ctx->credentials = NULL;
+
+ result->auth_ctx = talloc_move(result, &auth_generic_ctx->gensec_security);
+ talloc_free(auth_generic_ctx);
*presult = result;
return NT_STATUS_OK;
}
@@ -2333,13 +2358,6 @@ static NTSTATUS rpccli_generic_bind_data(TALLOC_CTX *mem_ctx,
result->auth_type = auth_type;
result->auth_level = auth_level;
- result->user_name = talloc_strdup(result, username);
- result->domain = talloc_strdup(result, domain);
- if ((result->user_name == NULL) || (result->domain == NULL)) {
- status = NT_STATUS_NO_MEMORY;
- goto fail;
- }
-
status = auth_generic_client_prepare(result,
&auth_generic_ctx);
if (!NT_STATUS_IS_OK(status)) {
@@ -2867,18 +2885,6 @@ NTSTATUS cli_rpc_pipe_open_noauth_transport(struct cli_state *cli,
* from the enclosing SMB creds
*/
- TALLOC_FREE(auth->user_name);
- TALLOC_FREE(auth->domain);
-
- auth->user_name = talloc_strdup(auth, cli->user_name);
- auth->domain = talloc_strdup(auth, cli->domain);
-
- if ((cli->user_name != NULL && auth->user_name == NULL)
- || (cli->domain != NULL && auth->domain == NULL)) {
- TALLOC_FREE(result);
- return NT_STATUS_NO_MEMORY;
- }
-
if (transport == NCACN_NP) {
struct smbXcli_session *session;
@@ -3177,8 +3183,7 @@ NTSTATUS cli_get_session_key(TALLOC_CTX *mem_ctx,
make_dup = true;
break;
default:
- gensec_security = talloc_get_type(a->auth_ctx,
- struct gensec_security);
+ gensec_security = a->auth_ctx;
status = gensec_session_key(gensec_security, mem_ctx, &sk);
if (!NT_STATUS_IS_OK(status)) {
return status;
diff --git a/source3/rpc_client/cli_spoolss.c b/source3/rpc_client/cli_spoolss.c
index 1a8903d..f262d88 100644
--- a/source3/rpc_client/cli_spoolss.c
+++ b/source3/rpc_client/cli_spoolss.c
@@ -26,6 +26,8 @@
#include "rpc_client/rpc_client.h"
#include "../librpc/gen_ndr/ndr_spoolss_c.h"
#include "rpc_client/cli_spoolss.h"
+#include "auth/gensec/gensec.h"
+#include "auth/credentials/credentials.h"
/**********************************************************************
convencience wrapper around rpccli_spoolss_OpenPrinterEx
@@ -43,13 +45,14 @@ WERROR rpccli_spoolss_openprinter_ex(struct rpc_pipe_client *cli,
struct spoolss_UserLevelCtr userlevel_ctr;
struct spoolss_UserLevel1 level1;
struct dcerpc_binding_handle *b = cli->binding_handle;
+ struct cli_credentials *creds = gensec_get_credentials(cli->auth->auth_ctx);
ZERO_STRUCT(devmode_ctr);
level1.size = 28;
level1.client = talloc_asprintf(mem_ctx, "\\\\%s", lp_netbios_name());
W_ERROR_HAVE_NO_MEMORY(level1.client);
- level1.user = cli->auth->user_name;
+ level1.user = cli_credentials_get_username(creds);
level1.build = 1381;
level1.major = 2;
level1.minor = 0;
@@ -221,6 +224,7 @@ WERROR rpccli_spoolss_addprinterex(struct rpc_pipe_client *cli,
struct spoolss_UserLevel1 level1;
struct policy_handle handle;
struct dcerpc_binding_handle *b = cli->binding_handle;
+ struct cli_credentials *creds = gensec_get_credentials(cli->auth->auth_ctx);
ZERO_STRUCT(devmode_ctr);
ZERO_STRUCT(secdesc_ctr);
@@ -232,7 +236,7 @@ WERROR rpccli_spoolss_addprinterex(struct rpc_pipe_client *cli,
level1.processor = 0;
level1.client = talloc_asprintf(mem_ctx, "\\\\%s", lp_netbios_name());
W_ERROR_HAVE_NO_MEMORY(level1.client);
- level1.user = cli->auth->user_name;
+ level1.user = cli_credentials_get_username(creds);
userlevel_ctr.level = 1;
userlevel_ctr.user_info.level1 = &level1;
diff --git a/source3/rpc_server/srv_pipe.c b/source3/rpc_server/srv_pipe.c
index 948abf3..fecbae2 100644
--- a/source3/rpc_server/srv_pipe.c
+++ b/source3/rpc_server/srv_pipe.c
@@ -553,11 +553,7 @@ static NTSTATUS pipe_auth_verify_final(struct pipes_struct *p)
return NT_STATUS_OK;
}
- gensec_security = talloc_get_type(p->auth.auth_ctx,
- struct gensec_security);
- if (gensec_security == NULL) {
- return NT_STATUS_INTERNAL_ERROR;
- }
+ gensec_security = p->auth.auth_ctx;
ok = pipe_auth_generic_verify_final(p, gensec_security,
p->auth.auth_level,
@@ -898,8 +894,7 @@ bool api_pipe_bind_auth3(struct pipes_struct *p, struct ncacn_packet *pkt)
goto err;
}
- gensec_security = talloc_get_type(p->auth.auth_ctx,
- struct gensec_security);
+ gensec_security = p->auth.auth_ctx;
status = auth_generic_server_step(gensec_security,
pkt, &auth_info.credentials,
@@ -1025,8 +1020,7 @@ static bool api_pipe_alter_context(struct pipes_struct *p,
goto err_exit;
}
- gensec_security = talloc_get_type(p->auth.auth_ctx,
- struct gensec_security);
+ gensec_security = p->auth.auth_ctx;
status = auth_generic_server_step(gensec_security,
pkt,
&auth_info.credentials,
diff --git a/source3/utils/net_rpc_printer.c b/source3/utils/net_rpc_printer.c
index f5247b2..8b5ea61 100644
--- a/source3/utils/net_rpc_printer.c
+++ b/source3/utils/net_rpc_printer.c
@@ -29,6 +29,8 @@
#include "../libcli/registry/util_reg.h"
#include "libsmb/libsmb.h"
#include "../libcli/smb/smbXcli_base.h"
+#include "auth/gensec/gensec.h"
+#include "auth/credentials/credentials.h"
/* support itanium as well */
static const struct print_architecture_table_node archi_table[]= {
--
Samba Shared Repository
More information about the samba-cvs
mailing list