[SCM] Samba Shared Repository - branch master updated
Jeremy Allison
jra at samba.org
Thu Sep 21 00:50:03 UTC 2017
The branch, master has been updated
via 30ffc12 testsuite: Fix the 32-bit test build
via f0df242 WHATSNEW: Mention code removal from "net" and "rpcclient"
via 3a06a7a libnet: Remove libnet_samsync
via a2fc00b net: Don't depend on libnet_samsync anymore
via 66c608a net: Remove NT4-based vampire keytab
via df7e7c6 net: Remove NT4-based rpc vampire ldif
via adecdad net: Remove rpc vampire from NT4 domains
via 4e9877d net: Remove rpc samdump
via fe736f2 rpcclient: Remove sam_sync related commands
via 2d97c8a Make sure smbtorture tests can run if someone has set their min protocol above NT1.
from b092ed3 CVE-2017-12163: s3:smbd: Prevent client short SMB1 write from writing server memory to file.
https://git.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit 30ffc120e299df1b346f664910cf9d73d3fe7dd9
Author: Volker Lendecke <vl at samba.org>
Date: Wed Sep 20 00:12:33 2017 +0000
testsuite: Fix the 32-bit test build
samba_init_module returns 32-bit. For some reason on my
32-bit lxc "return 0" was converted to something but
NT_STATUS_OK, making initialization fail.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Thu Sep 21 02:49:32 CEST 2017 on sn-devel-144
commit f0df2426c0a6428ec1f7b9ede57adfa95e8d8382
Author: Volker Lendecke <vl at samba.org>
Date: Tue Sep 19 15:26:55 2017 -0700
WHATSNEW: Mention code removal from "net" and "rpcclient"
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit 3a06a7a14e66d5f11c7ca0ea52c8f0f59927c75d
Author: Volker Lendecke <vl at samba.org>
Date: Tue Sep 19 15:17:38 2017 -0700
libnet: Remove libnet_samsync
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit a2fc00b1f5321e67a39bd3e834f3fd72af7be337
Author: Volker Lendecke <vl at samba.org>
Date: Tue Sep 19 15:14:32 2017 -0700
net: Don't depend on libnet_samsync anymore
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit 66c608a6baf220a91e80114dbf3ddb7e0fe66732
Author: Volker Lendecke <vl at samba.org>
Date: Tue Sep 19 15:09:05 2017 -0700
net: Remove NT4-based vampire keytab
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit df7e7c65eda88af9c21cd32c95bcb36868321fed
Author: Volker Lendecke <vl at samba.org>
Date: Tue Sep 19 15:06:11 2017 -0700
net: Remove NT4-based rpc vampire ldif
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit adecdad28272b8f4ad426b9af21ae0788ed67d18
Author: Volker Lendecke <vl at samba.org>
Date: Tue Sep 19 15:03:43 2017 -0700
net: Remove rpc vampire from NT4 domains
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit 4e9877d30465baf381ae21a32e485910b02af35d
Author: Volker Lendecke <vl at samba.org>
Date: Tue Sep 19 15:02:09 2017 -0700
net: Remove rpc samdump
This uses the NT4 replication commands. Samba does not have a server
for this, no tests, and whoever needs to migrate a native domain can
use an old Samba version
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit fe736f246bbe155d3621e891c7ea377b6aedf836
Author: Volker Lendecke <vl at samba.org>
Date: Tue Sep 19 14:33:07 2017 -0700
rpcclient: Remove sam_sync related commands
These three commands don't use the netlogon credential chain
correctly. They are missing the netlogon_creds_store after the dcerpc
call, so they destroy the correct use of the netlogon creds.
The only valid server for these calls that I know of would be NT4, and
that should be gone long ago.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit 2d97c8a4a5128cb00386b9799310bdad1f8971ea
Author: Richard Sharpe <richard.sharpe at primarydata.com>
Date: Sun Sep 10 12:50:57 2017 -0700
Make sure smbtorture tests can run if someone has set their min protocol above NT1.
This code is SMB1 only, and already modifies
maxprotocol, so this change is appropriate.
Signed-off-by: Richard Sharpe <richard.sharpe at primarydata.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
-----------------------------------------------------------------------
Summary of changes:
WHATSNEW.txt | 22 +
source3/libnet/libnet_samsync.c | 437 ---------
source3/libnet/libnet_samsync.h | 100 --
source3/libnet/libnet_samsync_display.c | 307 ------
source3/libnet/libnet_samsync_keytab.c | 308 ------
source3/libnet/libnet_samsync_ldif.c | 1378 ---------------------------
source3/libnet/libnet_samsync_passdb.c | 882 -----------------
source3/rpcclient/cmd_netlogon.c | 352 -------
source3/utils/net_proto.h | 9 -
source3/utils/net_rpc.c | 33 -
source3/utils/net_rpc_samsync.c | 385 +-------
source3/utils/wscript_build | 1 -
source3/wscript_build | 13 -
source4/libcli/raw/rawnegotiate.c | 4 +
testsuite/unittests/rpc_test_dummy_module.c | 12 +-
15 files changed, 39 insertions(+), 4204 deletions(-)
delete mode 100644 source3/libnet/libnet_samsync.c
delete mode 100644 source3/libnet/libnet_samsync.h
delete mode 100644 source3/libnet/libnet_samsync_display.c
delete mode 100644 source3/libnet/libnet_samsync_keytab.c
delete mode 100644 source3/libnet/libnet_samsync_ldif.c
delete mode 100644 source3/libnet/libnet_samsync_passdb.c
Changeset truncated at 500 lines:
diff --git a/WHATSNEW.txt b/WHATSNEW.txt
index 428c291..2f2f2f6 100644
--- a/WHATSNEW.txt
+++ b/WHATSNEW.txt
@@ -41,6 +41,28 @@ smb.conf changes
Parameter Name Description Default
-------------- ----------- -------
+NT4-style replication based net commands removed
+================================================
+
+The following commands and sub-commands have been removed from the
+"net" utility:
+
+net rpc samdump
+net rpc vampire ldif
+
+Also, replicating from a real NT4 domain with "net rpc vampire" and
+"net rpc vampire keytab" has been removed.
+
+The NT4-based commands were accidentially broken in 2013, and nobody
+noticed the breakage. So instead of fixing them including tests (which
+would have meant writing a server for the protocols, which we don't
+have) we decided to remove them.
+
+For the same reason, the "samsync", "samdeltas" and "database_redo"
+commands have been removed from rpcclient.
+
+"net rpc vampire keytab" from Active Directory domains continues to be
+supported.
KNOWN ISSUES
============
diff --git a/source3/libnet/libnet_samsync.c b/source3/libnet/libnet_samsync.c
deleted file mode 100644
index e7e1393..0000000
--- a/source3/libnet/libnet_samsync.c
+++ /dev/null
@@ -1,437 +0,0 @@
-/*
- Unix SMB/CIFS implementation.
-
- Extract the user/system database from a remote SamSync server
-
- Copyright (C) Andrew Bartlett <abartlet at samba.org> 2004-2005
- Copyright (C) Guenther Deschner <gd at samba.org> 2008
-
- This program is free software; you can redistribute it and/or modify
- it under the terms of the GNU General Public License as published by
- the Free Software Foundation; either version 3 of the License, or
- (at your option) any later version.
-
- This program is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- GNU General Public License for more details.
-
- You should have received a copy of the GNU General Public License
- along with this program. If not, see <http://www.gnu.org/licenses/>.
-*/
-
-
-#include "includes.h"
-#include "libnet/libnet_samsync.h"
-#include "../libcli/samsync/samsync.h"
-#include "../libcli/auth/libcli_auth.h"
-#include "rpc_client/rpc_client.h"
-#include "../librpc/gen_ndr/ndr_netlogon.h"
-#include "../librpc/gen_ndr/ndr_netlogon_c.h"
-#include "../libcli/security/security.h"
-#include "messages.h"
-#include "../libcli/auth/netlogon_creds_cli.h"
-
-/**
- * Fix up the delta, dealing with encryption issues so that the final
- * callback need only do the printing or application logic
- */
-
-static NTSTATUS samsync_fix_delta_array(TALLOC_CTX *mem_ctx,
- struct netlogon_creds_CredentialState *creds,
- enum netr_SamDatabaseID database_id,
- struct netr_DELTA_ENUM_ARRAY *r)
-{
- NTSTATUS status;
- int i;
-
- for (i = 0; i < r->num_deltas; i++) {
-
- status = samsync_fix_delta(mem_ctx,
- creds,
- database_id,
- &r->delta_enum[i]);
- if (!NT_STATUS_IS_OK(status)) {
- return status;
- }
- }
-
- return NT_STATUS_OK;
-}
-
-/**
- * libnet_samsync_init_context
- */
-
-NTSTATUS libnet_samsync_init_context(TALLOC_CTX *mem_ctx,
- const struct dom_sid *domain_sid,
- struct samsync_context **ctx_p)
-{
- struct samsync_context *ctx;
-
- *ctx_p = NULL;
-
- ctx = talloc_zero(mem_ctx, struct samsync_context);
- NT_STATUS_HAVE_NO_MEMORY(ctx);
-
- if (domain_sid) {
- ctx->domain_sid = dom_sid_dup(mem_ctx, domain_sid);
- NT_STATUS_HAVE_NO_MEMORY(ctx->domain_sid);
-
- ctx->domain_sid_str = sid_string_talloc(mem_ctx, ctx->domain_sid);
- NT_STATUS_HAVE_NO_MEMORY(ctx->domain_sid_str);
- }
-
- ctx->msg_ctx = messaging_init(ctx, samba_tevent_context_init(ctx));
- NT_STATUS_HAVE_NO_MEMORY(ctx->msg_ctx);
-
- *ctx_p = ctx;
-
- return NT_STATUS_OK;
-}
-
-/**
- * samsync_database_str
- */
-
-static const char *samsync_database_str(enum netr_SamDatabaseID database_id)
-{
-
- switch (database_id) {
- case SAM_DATABASE_DOMAIN:
- return "DOMAIN";
- case SAM_DATABASE_BUILTIN:
- return "BUILTIN";
- case SAM_DATABASE_PRIVS:
- return "PRIVS";
- default:
- return "unknown";
- }
-}
-
-/**
- * samsync_debug_str
- */
-
-static const char *samsync_debug_str(TALLOC_CTX *mem_ctx,
- enum net_samsync_mode mode,
- enum netr_SamDatabaseID database_id)
-{
- const char *action = NULL;
-
- switch (mode) {
- case NET_SAMSYNC_MODE_DUMP:
- action = "Dumping (to stdout)";
- break;
- case NET_SAMSYNC_MODE_FETCH_PASSDB:
- action = "Fetching (to passdb)";
- break;
- case NET_SAMSYNC_MODE_FETCH_LDIF:
- action = "Fetching (to ldif)";
- break;
- case NET_SAMSYNC_MODE_FETCH_KEYTAB:
- action = "Fetching (to keytab)";
- break;
- default:
- action = "Unknown";
- break;
- }
-
- return talloc_asprintf(mem_ctx, "%s %s database",
- action, samsync_database_str(database_id));
-}
-
-/**
- * libnet_samsync
- */
-
-static void libnet_init_netr_ChangeLogEntry(struct samsync_object *o,
- struct netr_ChangeLogEntry *e)
-{
- ZERO_STRUCTP(e);
-
- e->db_index = o->database_id;
- e->delta_type = o->object_type;
-
- switch (e->delta_type) {
- case NETR_DELTA_DOMAIN:
- case NETR_DELTA_DELETE_GROUP:
- case NETR_DELTA_RENAME_GROUP:
- case NETR_DELTA_DELETE_USER:
- case NETR_DELTA_RENAME_USER:
- case NETR_DELTA_DELETE_ALIAS:
- case NETR_DELTA_RENAME_ALIAS:
- case NETR_DELTA_DELETE_TRUST:
- case NETR_DELTA_DELETE_ACCOUNT:
- case NETR_DELTA_DELETE_SECRET:
- case NETR_DELTA_DELETE_GROUP2:
- case NETR_DELTA_DELETE_USER2:
- case NETR_DELTA_MODIFY_COUNT:
- break;
- case NETR_DELTA_USER:
- case NETR_DELTA_GROUP:
- case NETR_DELTA_GROUP_MEMBER:
- case NETR_DELTA_ALIAS:
- case NETR_DELTA_ALIAS_MEMBER:
- e->object_rid = o->object_identifier.rid;
- break;
- case NETR_DELTA_SECRET:
- e->object.object_name = o->object_identifier.name;
- e->flags = NETR_CHANGELOG_NAME_INCLUDED;
- break;
- case NETR_DELTA_TRUSTED_DOMAIN:
- case NETR_DELTA_ACCOUNT:
- case NETR_DELTA_POLICY:
- e->object.object_sid = o->object_identifier.sid;
- e->flags = NETR_CHANGELOG_SID_INCLUDED;
- break;
- default:
- break;
- }
-}
-
-/**
- * libnet_samsync_delta
- */
-
-static NTSTATUS libnet_samsync_delta(TALLOC_CTX *mem_ctx,
- enum netr_SamDatabaseID database_id,
- uint64_t *sequence_num,
- struct samsync_context *ctx,
- struct netr_ChangeLogEntry *e)
-{
- NTSTATUS result, status;
- NTSTATUS callback_status;
- const char *logon_server = ctx->cli->desthost;
- const char *computername = lp_netbios_name();
- struct netr_Authenticator credential;
- struct netr_Authenticator return_authenticator;
- uint16_t restart_state = 0;
- uint32_t sync_context = 0;
- struct dcerpc_binding_handle *b = ctx->cli->binding_handle;
-
- ZERO_STRUCT(return_authenticator);
-
- do {
- struct netr_DELTA_ENUM_ARRAY *delta_enum_array = NULL;
- struct netlogon_creds_CredentialState *creds = NULL;
-
- status = netlogon_creds_cli_lock(ctx->netlogon_creds,
- mem_ctx, &creds);
- if (!NT_STATUS_IS_OK(status)) {
- return status;
- }
-
- netlogon_creds_client_authenticator(creds, &credential);
-
- if (ctx->single_object_replication &&
- !ctx->force_full_replication) {
- status = dcerpc_netr_DatabaseRedo(b, mem_ctx,
- logon_server,
- computername,
- &credential,
- &return_authenticator,
- *e,
- 0,
- &delta_enum_array,
- &result);
- } else if (!ctx->force_full_replication &&
- sequence_num && (*sequence_num > 0)) {
- status = dcerpc_netr_DatabaseDeltas(b, mem_ctx,
- logon_server,
- computername,
- &credential,
- &return_authenticator,
- database_id,
- sequence_num,
- &delta_enum_array,
- 0xffff,
- &result);
- } else {
- status = dcerpc_netr_DatabaseSync2(b, mem_ctx,
- logon_server,
- computername,
- &credential,
- &return_authenticator,
- database_id,
- restart_state,
- &sync_context,
- &delta_enum_array,
- 0xffff,
- &result);
- }
-
- if (!NT_STATUS_IS_OK(status)) {
- TALLOC_FREE(creds);
- return status;
- }
-
- /* Check returned credentials. */
- if (!netlogon_creds_client_check(creds,
- &return_authenticator.cred)) {
- TALLOC_FREE(creds);
- DEBUG(0,("credentials chain check failed\n"));
- return NT_STATUS_ACCESS_DENIED;
- }
-
- if (NT_STATUS_EQUAL(result, NT_STATUS_NOT_SUPPORTED)) {
- TALLOC_FREE(creds);
- return result;
- }
-
- if (NT_STATUS_IS_ERR(result)) {
- TALLOC_FREE(creds);
- break;
- }
-
- samsync_fix_delta_array(mem_ctx,
- creds,
- database_id,
- delta_enum_array);
- TALLOC_FREE(creds);
-
- /* Process results */
- callback_status = ctx->ops->process_objects(mem_ctx, database_id,
- delta_enum_array,
- sequence_num,
- ctx);
- if (!NT_STATUS_IS_OK(callback_status)) {
- result = callback_status;
- goto out;
- }
-
- TALLOC_FREE(delta_enum_array);
-
- } while (NT_STATUS_EQUAL(result, STATUS_MORE_ENTRIES));
-
- out:
-
- return result;
-}
-
-/**
- * libnet_samsync
- */
-
-NTSTATUS libnet_samsync(enum netr_SamDatabaseID database_id,
- struct samsync_context *ctx)
-{
- NTSTATUS status = NT_STATUS_OK;
- NTSTATUS callback_status;
- TALLOC_CTX *mem_ctx;
- const char *debug_str;
- uint64_t sequence_num = 0;
- int i = 0;
-
- if (!(mem_ctx = talloc_new(ctx))) {
- return NT_STATUS_NO_MEMORY;
- }
-
- if (!ctx->ops) {
- return NT_STATUS_INVALID_PARAMETER;
- }
-
- if (ctx->ops->startup) {
- status = ctx->ops->startup(mem_ctx, ctx,
- database_id, &sequence_num);
- if (!NT_STATUS_IS_OK(status)) {
- goto done;
- }
- }
-
- debug_str = samsync_debug_str(mem_ctx, ctx->mode, database_id);
- if (debug_str) {
- d_fprintf(stderr, "%s\n", debug_str);
- }
-
- if (!ctx->single_object_replication) {
- status = libnet_samsync_delta(mem_ctx, database_id,
- &sequence_num, ctx, NULL);
- goto done;
- }
-
- for (i=0; i<ctx->num_objects; i++) {
-
- struct netr_ChangeLogEntry e;
-
- if (ctx->objects[i].database_id != database_id) {
- continue;
- }
-
- libnet_init_netr_ChangeLogEntry(&ctx->objects[i], &e);
-
- status = libnet_samsync_delta(mem_ctx, database_id,
- &sequence_num, ctx, &e);
- if (!NT_STATUS_IS_OK(status)) {
- goto done;
- }
- }
-
- done:
-
- if (NT_STATUS_IS_OK(status) && ctx->ops->finish) {
- callback_status = ctx->ops->finish(mem_ctx, ctx,
- database_id, sequence_num);
- if (!NT_STATUS_IS_OK(callback_status)) {
- status = callback_status;
- }
- }
-
- if (NT_STATUS_IS_ERR(status) && !ctx->error_message) {
-
- ctx->error_message = talloc_asprintf(ctx,
- "Failed to fetch %s database: %s",
- samsync_database_str(database_id),
- nt_errstr(status));
-
- if (NT_STATUS_EQUAL(status, NT_STATUS_NOT_SUPPORTED)) {
-
- ctx->error_message =
- talloc_asprintf_append(ctx->error_message,
- "\nPerhaps %s is a Windows native mode domain?",
- ctx->domain_name);
- }
- }
-
- talloc_destroy(mem_ctx);
-
- return status;
-}
-
-/**
- * pull_netr_AcctLockStr
- */
-
-NTSTATUS pull_netr_AcctLockStr(TALLOC_CTX *mem_ctx,
- struct lsa_BinaryString *r,
- struct netr_AcctLockStr **str_p)
-{
- struct netr_AcctLockStr *str;
- enum ndr_err_code ndr_err;
- DATA_BLOB blob;
-
- if (!mem_ctx || !r || !str_p) {
- return NT_STATUS_INVALID_PARAMETER;
- }
-
- *str_p = NULL;
-
- str = talloc_zero(mem_ctx, struct netr_AcctLockStr);
- if (!str) {
- return NT_STATUS_NO_MEMORY;
- }
-
- blob = data_blob_const(r->array, r->length);
-
- ndr_err = ndr_pull_struct_blob(&blob, mem_ctx, str,
- (ndr_pull_flags_fn_t)ndr_pull_netr_AcctLockStr);
-
- if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
- return ndr_map_error2ntstatus(ndr_err);
- }
-
- *str_p = str;
-
- return NT_STATUS_OK;
-}
-
diff --git a/source3/libnet/libnet_samsync.h b/source3/libnet/libnet_samsync.h
deleted file mode 100644
index e1d66ec..0000000
--- a/source3/libnet/libnet_samsync.h
+++ /dev/null
@@ -1,100 +0,0 @@
-/*
- * Unix SMB/CIFS implementation.
- * libnet Support
- * Copyright (C) Guenther Deschner 2008
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 3 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, see <http://www.gnu.org/licenses/>.
- */
--
Samba Shared Repository
More information about the samba-cvs
mailing list