[SCM] Samba Shared Repository - branch master updated
Ralph Böhme
slow at samba.org
Sat Jan 13 11:54:02 UTC 2018
The branch, master has been updated
via e43ee33 winbindd: set info6 data in append_info3_as_txt
via c8f76bf nsswitch: fill out wbcAuthUserInfo user_principal and dns_domain_name from info6
via 59cb1f6 nsswitch: add "validation_level" and "info6" to winbindd_response
via 7290b5c winbindd: pass validation in append_info3_as_txt
via 194a9e4 winbindd: pass down validation to append_auth_data()
via 7b30f69 winbindd: simplify an if condition in winbindd_dual_pam_auth
via f153c95 winbindd: let winbind_dual_SamLogon return validation
via 1337104 winbindd: remove a space in winbind_dual_SamLogon
via 13d0d52 winbindd: let winbindd_dual_pam_auth_samlogon() return validation info
via cc3ee55 winbindd: let winbind_samlogon_retry_loop return validation info
via aae75d1 winbindd: remove a redundant check from winbindd_dual_pam_auth_samlogon
via 489e942 s3/rpc_client: return validation from rpccli_netlogon functions
via 7082ebb s3/rpc_client: add map_info3_to_validation()
via 7eed166 s3/rpc_client: make map_validation_to_info3() public and move to util_netlogon
via a001f4b s3/rpc_client: in map_validation_to_info3() make a deep copy
via 158c890 s3/rpc_client: move copy_netr_SamInfo3() to util_netlogon
via a1a9feb winbindd: prevent long lines in a later commit
via e9a9a94 winbindd: simplify if condition in find_domain_from_name_noinit()
via 751fa04 winbindd: remove an else branch
via ca4d5ea winbindd: remove a space
via 5812c7c winbindd: fix overly long lines
via ef27942 s3/rpc_client: fix overly long lines
via dcb45d5 s3/torture: fix an error message
via 561a3b7 s3:vfs: remove unused smb_vfs_call_{is,set}_offline() prototypes
via 98ba88a params: mark "ldap ssl ads" as deprecated
via a79df4e7 params: mark "unicode" parameter as deprecated
from f1befc5 s3/smbd: Fix error code for unsupported SET_INFO requests
https://git.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit e43ee33a1b715bbf4026a35ca9b400f8b8b6fec3
Author: Ralph Boehme <slow at samba.org>
Date: Sat Dec 2 10:34:28 2017 +0100
winbindd: set info6 data in append_info3_as_txt
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
Autobuild-User(master): Ralph Böhme <slow at samba.org>
Autobuild-Date(master): Sat Jan 13 12:53:59 CET 2018 on sn-devel-144
commit c8f76bfd7223512074d38379593969595642a0f8
Author: Ralph Boehme <slow at samba.org>
Date: Fri Dec 1 23:26:33 2017 +0100
nsswitch: fill out wbcAuthUserInfo user_principal and dns_domain_name from info6
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
commit 59cb1f6f9c3817bc436746e6f29fd44855451838
Author: Ralph Boehme <slow at samba.org>
Date: Wed Jan 10 10:20:46 2018 +0100
nsswitch: add "validation_level" and "info6" to winbindd_response
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
commit 7290b5cf67e7008cc14ce37a77ea163f47b2183f
Author: Ralph Boehme <slow at samba.org>
Date: Sat Dec 2 10:34:15 2017 +0100
winbindd: pass validation in append_info3_as_txt
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
commit 194a9e4907ade9558e3bf8ebc29d147b5385a3ed
Author: Ralph Boehme <slow at samba.org>
Date: Sat Dec 2 10:27:12 2017 +0100
winbindd: pass down validation to append_auth_data()
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
commit 7b30f698334e2fc7bc237a45057246c122ede826
Author: Ralph Boehme <slow at samba.org>
Date: Tue Jan 9 18:57:53 2018 +0100
winbindd: simplify an if condition in winbindd_dual_pam_auth
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
commit f153c95176b7759e10996b24b66d9917945372ed
Author: Ralph Boehme <slow at samba.org>
Date: Mon Dec 11 16:25:35 2017 +0100
winbindd: let winbind_dual_SamLogon return validation
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
commit 1337104caa26cd3c2155557ae137a7753b15dd83
Author: Ralph Boehme <slow at samba.org>
Date: Fri Dec 1 23:11:44 2017 +0100
winbindd: remove a space in winbind_dual_SamLogon
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
commit 13d0d524c46cc3ec61b73d1e74323b403c8eb040
Author: Ralph Boehme <slow at samba.org>
Date: Mon Dec 11 15:54:36 2017 +0100
winbindd: let winbindd_dual_pam_auth_samlogon() return validation info
Pass up validation info instead of info3. No change in behaviour.
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
commit cc3ee55ae7f9dd3d16a7f580048295559c3c58f1
Author: Ralph Boehme <slow at samba.org>
Date: Mon Dec 11 23:26:38 2017 +0100
winbindd: let winbind_samlogon_retry_loop return validation info
Return the validation info instead of the already mapped info3. Higher
layers need info6 if available, this is the first step in passing the
unmapped info up to callers.
Signed-off-by: Ralph Boehme <slow at samba.org>
commit aae75d124a5555f1cb5bb1b3f081a9f09b51beb3
Author: Ralph Boehme <slow at samba.org>
Date: Tue Jan 9 16:58:06 2018 +0100
winbindd: remove a redundant check from winbindd_dual_pam_auth_samlogon
result is already checked a few lines above.
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
commit 489e942aa99d8f8a37ce2286923d8c97e97a4181
Author: Ralph Boehme <slow at samba.org>
Date: Thu Nov 30 23:35:40 2017 +0100
s3/rpc_client: return validation from rpccli_netlogon functions
Return the validation info instead of the already mapped info3. Higher
layers need info6 if available, this is the first step in passing the
unmapped info up to callers.
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
commit 7082ebbbfb6db036655b63f84c39b6406b963a23
Author: Ralph Boehme <slow at samba.org>
Date: Mon Dec 11 15:18:58 2017 +0100
s3/rpc_client: add map_info3_to_validation()
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
commit 7eed1661f61bdd946457fc1b3a968dbdf827956b
Author: Ralph Boehme <slow at samba.org>
Date: Thu Nov 30 23:19:07 2017 +0100
s3/rpc_client: make map_validation_to_info3() public and move to util_netlogon
Will be needed in the next commit.
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
commit a001f4b5090e391479565e89d16dabe036c54cf0
Author: Ralph Boehme <slow at samba.org>
Date: Sat Dec 2 22:04:47 2017 +0100
s3/rpc_client: in map_validation_to_info3() make a deep copy
In later commits we want to map a validation to info3 without modifying
the validation data. Otherwise no change in behaviour.
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
commit 158c89068b5f0ebd10e41f578530e3210fc1d8b3
Author: Ralph Boehme <slow at samba.org>
Date: Sat Dec 2 22:35:36 2017 +0100
s3/rpc_client: move copy_netr_SamInfo3() to util_netlogon
The next commit will add an additional caller that in rpc_client and I
don't want to pull in AUTH_COMMON. The natural place to consolidate
netlogon related helper functions seems to be util_netlogon.c which
already has copy_netr_SamBaseInfo().
No change in behaviour.
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
commit a1a9feb72001e9107d339555d2d7593c8be637ca
Author: Ralph Boehme <slow at samba.org>
Date: Fri Dec 1 08:26:59 2017 +0100
winbindd: prevent long lines in a later commit
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
commit e9a9a94d84d5ca038c95666da831ea04260b1d17
Author: Ralph Boehme <slow at samba.org>
Date: Fri Dec 1 12:23:50 2017 +0100
winbindd: simplify if condition in find_domain_from_name_noinit()
No change in behaviour.
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
commit 751fa043f35bf165662267c87a81342f282b04f0
Author: Ralph Boehme <slow at samba.org>
Date: Fri Dec 1 11:40:47 2017 +0100
winbindd: remove an else branch
No change in behaviour.
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
commit ca4d5ea362bc8b0f1d348f465831c77922437171
Author: Ralph Boehme <slow at samba.org>
Date: Fri Dec 1 10:32:41 2017 +0100
winbindd: remove a space
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
commit 5812c7cb5cb5aef919302806b871869161d5100e
Author: Ralph Boehme <slow at samba.org>
Date: Fri Dec 1 07:59:50 2017 +0100
winbindd: fix overly long lines
Just another long lines cleanup. Best viewed with git show -w.
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
commit ef27942146a078733b157e64521d98b5499fd837
Author: Ralph Boehme <slow at samba.org>
Date: Fri Dec 1 07:58:07 2017 +0100
s3/rpc_client: fix overly long lines
Just long lines cleanup, no further changes. Best viewed with git show -w.
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
commit dcb45d5c2071ef4d5c7da1534c9e23805a22bc3b
Author: Ralph Boehme <slow at samba.org>
Date: Sat Dec 9 19:27:22 2017 +0100
s3/torture: fix an error message
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
commit 561a3b7e70f7d6840a89ad9757722eb5435eb062
Author: Stefan Metzmacher <metze at samba.org>
Date: Mon Dec 4 15:21:50 2017 +0100
s3:vfs: remove unused smb_vfs_call_{is,set}_offline() prototypes
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
commit 98ba88a7e4dc4c5d5f5bddfc2dd0340b2e4efe78
Author: Björn Jacke <bjacke at samba.org>
Date: Wed Jan 10 16:17:30 2018 +0100
params: mark "ldap ssl ads" as deprecated
Signed-off-by: Bjoern Jacke <bjacke at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
commit a79df4e7ce8d893a17185aac63f185892f45ab62
Author: Björn Jacke <bjacke at samba.org>
Date: Wed Jan 10 16:05:39 2018 +0100
params: mark "unicode" parameter as deprecated
Signed-off-by: Bjoern Jacke <bjacke at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
-----------------------------------------------------------------------
Summary of changes:
docs-xml/smbdotconf/ldap/ldapsslads.xml | 1 +
docs-xml/smbdotconf/protocol/unicode.xml | 1 +
nsswitch/libwbclient/wbc_pam.c | 14 +-
nsswitch/winbind_struct_protocol.h | 10 +-
source3/auth/auth_util.c | 1 +
source3/auth/proto.h | 2 -
source3/auth/server_info.c | 42 ---
source3/include/vfs.h | 5 -
source3/rpc_client/cli_netlogon.c | 74 +-----
source3/rpc_client/cli_netlogon.h | 54 ++--
source3/rpc_client/util_netlogon.c | 141 +++++++++++
source3/rpc_client/util_netlogon.h | 10 +
source3/rpcclient/cmd_netlogon.c | 14 +-
source3/torture/pdbtest.c | 2 +-
source3/winbindd/winbindd_dual_srv.c | 20 +-
source3/winbindd/winbindd_pam.c | 407 +++++++++++++++++++++++-------
source3/winbindd/winbindd_pam_auth_crap.c | 23 +-
source3/winbindd/winbindd_proto.h | 6 +-
source3/winbindd/winbindd_util.c | 10 +-
19 files changed, 587 insertions(+), 250 deletions(-)
Changeset truncated at 500 lines:
diff --git a/docs-xml/smbdotconf/ldap/ldapsslads.xml b/docs-xml/smbdotconf/ldap/ldapsslads.xml
index 4fdf4dc..98c3965 100644
--- a/docs-xml/smbdotconf/ldap/ldapsslads.xml
+++ b/docs-xml/smbdotconf/ldap/ldapsslads.xml
@@ -1,6 +1,7 @@
<samba:parameter name="ldap ssl ads"
context="G"
type="boolean"
+ deprecated="1"
xmlns:samba="http://www.samba.org/samba/DTD/samba-doc">
<description>
<para>This option is used to define whether or not Samba should
diff --git a/docs-xml/smbdotconf/protocol/unicode.xml b/docs-xml/smbdotconf/protocol/unicode.xml
index 86fb06c..25810cd 100644
--- a/docs-xml/smbdotconf/protocol/unicode.xml
+++ b/docs-xml/smbdotconf/protocol/unicode.xml
@@ -1,6 +1,7 @@
<samba:parameter name="unicode"
context="G"
type="boolean"
+ deprecated="1"
xmlns:samba="http://www.samba.org/samba/DTD/samba-doc">
<description>
<para>Specifies whether the server and client should support unicode.</para>
diff --git a/nsswitch/libwbclient/wbc_pam.c b/nsswitch/libwbclient/wbc_pam.c
index c31220a..e4cd296 100644
--- a/nsswitch/libwbclient/wbc_pam.c
+++ b/nsswitch/libwbclient/wbc_pam.c
@@ -100,12 +100,22 @@ static wbcErr wbc_create_auth_info(const struct winbindd_response *resp,
i->account_name = strdup(resp->data.auth.info3.user_name);
BAIL_ON_PTR_ERROR(i->account_name, wbc_status);
- i->user_principal= NULL;
+ if (resp->data.auth.validation_level == 6) {
+ i->user_principal = strdup(resp->data.auth.info6.principal_name);
+ BAIL_ON_PTR_ERROR(i->user_principal, wbc_status);
+ } else {
+ i->user_principal = NULL;
+ }
i->full_name = strdup(resp->data.auth.info3.full_name);
BAIL_ON_PTR_ERROR(i->full_name, wbc_status);
i->domain_name = strdup(resp->data.auth.info3.logon_dom);
BAIL_ON_PTR_ERROR(i->domain_name, wbc_status);
- i->dns_domain_name= NULL;
+ if (resp->data.auth.validation_level == 6) {
+ i->dns_domain_name = strdup(resp->data.auth.info6.dns_domainname);
+ BAIL_ON_PTR_ERROR(i->dns_domain_name, wbc_status);
+ } else {
+ i->dns_domain_name = NULL;
+ }
i->acct_flags = resp->data.auth.info3.acct_flags;
memcpy(i->user_session_key,
diff --git a/nsswitch/winbind_struct_protocol.h b/nsswitch/winbind_struct_protocol.h
index 9100dbc..3f3ebd0 100644
--- a/nsswitch/winbind_struct_protocol.h
+++ b/nsswitch/winbind_struct_protocol.h
@@ -59,8 +59,9 @@ typedef char fstring[FSTRING_LEN];
* removed WINBINDD_GID_TO_SID
* removed WINBINDD_UID_TO_SID
* 29: added "authoritative" to response.data.auth
+ * 30: added "validation_level" and "info6" to response.data.auth
*/
-#define WINBIND_INTERFACE_VERSION 29
+#define WINBIND_INTERFACE_VERSION 30
/* Have to deal with time_t being 4 or 8 bytes due to structure alignment.
On a 64bit Linux box, we have to support a constant structure size
@@ -434,7 +435,8 @@ struct winbindd_response {
fstring krb5ccname;
uint32_t reject_reason;
uint8_t authoritative;
- uint8_t padding[3];
+ uint8_t padding[1];
+ uint16_t validation_level;
struct policy_settings {
uint32_t min_length_password;
uint32_t password_history;
@@ -468,6 +470,10 @@ struct winbindd_response {
fstring logon_srv;
fstring logon_dom;
} info3;
+ struct info6_text {
+ fstring dns_domainname;
+ fstring principal_name;
+ } info6;
fstring unix_username;
} auth;
struct {
diff --git a/source3/auth/auth_util.c b/source3/auth/auth_util.c
index 464fe25..5bb5a69 100644
--- a/source3/auth/auth_util.c
+++ b/source3/auth/auth_util.c
@@ -36,6 +36,7 @@
#include "../librpc/gen_ndr/idmap.h"
#include "lib/param/loadparm.h"
#include "../lib/tsocket/tsocket.h"
+#include "rpc_client/util_netlogon.h"
#undef DBGC_CLASS
#define DBGC_CLASS DBGC_AUTH
diff --git a/source3/auth/proto.h b/source3/auth/proto.h
index 996b432..e774670 100644
--- a/source3/auth/proto.h
+++ b/source3/auth/proto.h
@@ -322,8 +322,6 @@ NTSTATUS passwd_to_SamInfo3(TALLOC_CTX *mem_ctx,
const struct passwd *pwd,
struct netr_SamInfo3 **pinfo3,
struct extra_auth_info *extra);
-struct netr_SamInfo3 *copy_netr_SamInfo3(TALLOC_CTX *mem_ctx,
- const struct netr_SamInfo3 *orig);
/* The following definitions come from auth/pampass.c */
diff --git a/source3/auth/server_info.c b/source3/auth/server_info.c
index 8461d20..20d43d2 100644
--- a/source3/auth/server_info.c
+++ b/source3/auth/server_info.c
@@ -711,45 +711,3 @@ done:
return status;
}
-
-#undef RET_NOMEM
-
-#define RET_NOMEM(ptr) do { \
- if (!ptr) { \
- TALLOC_FREE(info3); \
- return NULL; \
- } } while(0)
-
-struct netr_SamInfo3 *copy_netr_SamInfo3(TALLOC_CTX *mem_ctx,
- const struct netr_SamInfo3 *orig)
-{
- struct netr_SamInfo3 *info3;
- unsigned int i;
- NTSTATUS status;
-
- info3 = talloc_zero(mem_ctx, struct netr_SamInfo3);
- if (!info3) return NULL;
-
- status = copy_netr_SamBaseInfo(info3, &orig->base, &info3->base);
- if (!NT_STATUS_IS_OK(status)) {
- TALLOC_FREE(info3);
- return NULL;
- }
-
- if (orig->sidcount) {
- info3->sidcount = orig->sidcount;
- info3->sids = talloc_array(info3, struct netr_SidAttr,
- orig->sidcount);
- RET_NOMEM(info3->sids);
- for (i = 0; i < orig->sidcount; i++) {
- info3->sids[i].sid = dom_sid_dup(info3->sids,
- orig->sids[i].sid);
- RET_NOMEM(info3->sids[i].sid);
- info3->sids[i].attributes =
- orig->sids[i].attributes;
- }
- }
-
- return info3;
-}
-
diff --git a/source3/include/vfs.h b/source3/include/vfs.h
index a201749..bb4a135 100644
--- a/source3/include/vfs.h
+++ b/source3/include/vfs.h
@@ -1474,11 +1474,6 @@ int smb_vfs_call_fsetxattr(struct vfs_handle_struct *handle,
const void *value, size_t size, int flags);
bool smb_vfs_call_aio_force(struct vfs_handle_struct *handle,
struct files_struct *fsp);
-bool smb_vfs_call_is_offline(struct vfs_handle_struct *handle,
- const struct smb_filename *fname,
- SMB_STRUCT_STAT *sbuf);
-int smb_vfs_call_set_offline(struct vfs_handle_struct *handle,
- const struct smb_filename *fname);
NTSTATUS smb_vfs_call_durable_cookie(struct vfs_handle_struct *handle,
struct files_struct *fsp,
TALLOC_CTX *mem_ctx,
diff --git a/source3/rpc_client/cli_netlogon.c b/source3/rpc_client/cli_netlogon.c
index a67b692..800b995 100644
--- a/source3/rpc_client/cli_netlogon.c
+++ b/source3/rpc_client/cli_netlogon.c
@@ -447,53 +447,6 @@ fail:
return status;
}
-static NTSTATUS map_validation_to_info3(TALLOC_CTX *mem_ctx,
- uint16_t validation_level,
- union netr_Validation *validation,
- struct netr_SamInfo3 **info3_p)
-{
- struct netr_SamInfo3 *info3;
- NTSTATUS status;
-
- if (validation == NULL) {
- return NT_STATUS_INVALID_PARAMETER;
- }
-
- switch (validation_level) {
- case 3:
- if (validation->sam3 == NULL) {
- return NT_STATUS_INVALID_PARAMETER;
- }
-
- info3 = talloc_move(mem_ctx, &validation->sam3);
- break;
- case 6:
- if (validation->sam6 == NULL) {
- return NT_STATUS_INVALID_PARAMETER;
- }
-
- info3 = talloc_zero(mem_ctx, struct netr_SamInfo3);
- if (info3 == NULL) {
- return NT_STATUS_NO_MEMORY;
- }
- status = copy_netr_SamBaseInfo(info3, &validation->sam6->base, &info3->base);
- if (!NT_STATUS_IS_OK(status)) {
- TALLOC_FREE(info3);
- return status;
- }
-
- info3->sidcount = validation->sam6->sidcount;
- info3->sids = talloc_move(info3, &validation->sam6->sids);
- break;
- default:
- return NT_STATUS_BAD_VALIDATION_CLASS;
- }
-
- *info3_p = info3;
-
- return NT_STATUS_OK;
-}
-
/* Logon domain user */
NTSTATUS rpccli_netlogon_password_logon(
@@ -508,7 +461,8 @@ NTSTATUS rpccli_netlogon_password_logon(
enum netr_LogonInfoClass logon_type,
uint8_t *authoritative,
uint32_t *flags,
- struct netr_SamInfo3 **info3)
+ uint16_t *_validation_level,
+ union netr_Validation **_validation)
{
TALLOC_CTX *frame = talloc_stackframe();
NTSTATUS status;
@@ -619,7 +573,7 @@ NTSTATUS rpccli_netlogon_password_logon(
binding_handle,
logon_type,
logon,
- frame,
+ mem_ctx,
&validation_level,
&validation,
authoritative,
@@ -629,14 +583,9 @@ NTSTATUS rpccli_netlogon_password_logon(
return status;
}
- status = map_validation_to_info3(mem_ctx,
- validation_level, validation,
- info3);
TALLOC_FREE(frame);
- if (!NT_STATUS_IS_OK(status)) {
- return status;
- }
-
+ *_validation_level = validation_level;
+ *_validation = validation;
return NT_STATUS_OK;
}
@@ -661,7 +610,8 @@ NTSTATUS rpccli_netlogon_network_logon(
DATA_BLOB nt_response,
uint8_t *authoritative,
uint32_t *flags,
- struct netr_SamInfo3 **info3)
+ uint16_t *_validation_level,
+ union netr_Validation **_validation)
{
NTSTATUS status;
const char *workstation_name_slash;
@@ -672,7 +622,7 @@ NTSTATUS rpccli_netlogon_network_logon(
struct netr_ChallengeResponse lm;
struct netr_ChallengeResponse nt;
- *info3 = NULL;
+ *_validation = NULL;
ZERO_STRUCT(lm);
ZERO_STRUCT(nt);
@@ -733,12 +683,8 @@ NTSTATUS rpccli_netlogon_network_logon(
return status;
}
- status = map_validation_to_info3(mem_ctx,
- validation_level, validation,
- info3);
- if (!NT_STATUS_IS_OK(status)) {
- return status;
- }
+ *_validation_level = validation_level;
+ *_validation = validation;
return NT_STATUS_OK;
}
diff --git a/source3/rpc_client/cli_netlogon.h b/source3/rpc_client/cli_netlogon.h
index da562e0..d31bdee 100644
--- a/source3/rpc_client/cli_netlogon.h
+++ b/source3/rpc_client/cli_netlogon.h
@@ -59,30 +59,34 @@ NTSTATUS rpccli_connect_netlogon(
bool force_reauth,
struct cli_credentials *trust_creds,
struct rpc_pipe_client **_rpccli);
-NTSTATUS rpccli_netlogon_password_logon(struct netlogon_creds_cli_context *creds,
- struct dcerpc_binding_handle *binding_handle,
- TALLOC_CTX *mem_ctx,
- uint32_t logon_parameters,
- const char *domain,
- const char *username,
- const char *password,
- const char *workstation,
- enum netr_LogonInfoClass logon_type,
- uint8_t *authoritative,
- uint32_t *flags,
- struct netr_SamInfo3 **info3);
-NTSTATUS rpccli_netlogon_network_logon(struct netlogon_creds_cli_context *creds,
- struct dcerpc_binding_handle *binding_handle,
- TALLOC_CTX *mem_ctx,
- uint32_t logon_parameters,
- const char *username,
- const char *domain,
- const char *workstation,
- const uint8_t chal[8],
- DATA_BLOB lm_response,
- DATA_BLOB nt_response,
- uint8_t *authoritative,
- uint32_t *flags,
- struct netr_SamInfo3 **info3);
+NTSTATUS rpccli_netlogon_password_logon(
+ struct netlogon_creds_cli_context *creds,
+ struct dcerpc_binding_handle *binding_handle,
+ TALLOC_CTX *mem_ctx,
+ uint32_t logon_parameters,
+ const char *domain,
+ const char *username,
+ const char *password,
+ const char *workstation,
+ enum netr_LogonInfoClass logon_type,
+ uint8_t *authoritative,
+ uint32_t *flags,
+ uint16_t *_validation_level,
+ union netr_Validation **_validation);
+NTSTATUS rpccli_netlogon_network_logon(
+ struct netlogon_creds_cli_context *creds_ctx,
+ struct dcerpc_binding_handle *binding_handle,
+ TALLOC_CTX *mem_ctx,
+ uint32_t logon_parameters,
+ const char *username,
+ const char *domain,
+ const char *workstation,
+ const uint8_t chal[8],
+ DATA_BLOB lm_response,
+ DATA_BLOB nt_response,
+ uint8_t *authoritative,
+ uint32_t *flags,
+ uint16_t *_validation_level,
+ union netr_Validation **_validation);
#endif /* _RPC_CLIENT_CLI_NETLOGON_H_ */
diff --git a/source3/rpc_client/util_netlogon.c b/source3/rpc_client/util_netlogon.c
index d22078b..ac804f8 100644
--- a/source3/rpc_client/util_netlogon.c
+++ b/source3/rpc_client/util_netlogon.c
@@ -61,3 +61,144 @@ NTSTATUS copy_netr_SamBaseInfo(TALLOC_CTX *mem_ctx,
return NT_STATUS_OK;
}
+
+#undef RET_NOMEM
+
+#define RET_NOMEM(ptr) do { \
+ if (!ptr) { \
+ TALLOC_FREE(info3); \
+ return NULL; \
+ } } while(0)
+
+struct netr_SamInfo3 *copy_netr_SamInfo3(TALLOC_CTX *mem_ctx,
+ const struct netr_SamInfo3 *orig)
+{
+ struct netr_SamInfo3 *info3;
+ unsigned int i;
+ NTSTATUS status;
+
+ info3 = talloc_zero(mem_ctx, struct netr_SamInfo3);
+ if (!info3) return NULL;
+
+ status = copy_netr_SamBaseInfo(info3, &orig->base, &info3->base);
+ if (!NT_STATUS_IS_OK(status)) {
+ TALLOC_FREE(info3);
+ return NULL;
+ }
+
+ if (orig->sidcount) {
+ info3->sidcount = orig->sidcount;
+ info3->sids = talloc_array(info3, struct netr_SidAttr,
+ orig->sidcount);
+ RET_NOMEM(info3->sids);
+ for (i = 0; i < orig->sidcount; i++) {
+ info3->sids[i].sid = dom_sid_dup(info3->sids,
+ orig->sids[i].sid);
+ RET_NOMEM(info3->sids[i].sid);
+ info3->sids[i].attributes =
+ orig->sids[i].attributes;
+ }
+ }
+
+ return info3;
+}
+
+NTSTATUS map_validation_to_info3(TALLOC_CTX *mem_ctx,
+ uint16_t validation_level,
+ union netr_Validation *validation,
+ struct netr_SamInfo3 **info3_p)
+{
+ struct netr_SamInfo3 *info3;
+ struct netr_SamInfo6 *info6 = NULL;
+ NTSTATUS status;
+
+ if (validation == NULL) {
+ return NT_STATUS_INVALID_PARAMETER;
+ }
+
+ switch (validation_level) {
+ case 3:
+ if (validation->sam3 == NULL) {
+ return NT_STATUS_INVALID_PARAMETER;
+ }
+
+ info3 = copy_netr_SamInfo3(mem_ctx, validation->sam3);
+ if (info3 == NULL) {
+ return NT_STATUS_NO_MEMORY;
+ }
+ break;
+ case 6:
+ if (validation->sam6 == NULL) {
+ return NT_STATUS_INVALID_PARAMETER;
+ }
+ info6 = validation->sam6;
+
+ info3 = talloc_zero(mem_ctx, struct netr_SamInfo3);
+ if (info3 == NULL) {
+ return NT_STATUS_NO_MEMORY;
+ }
+
+ status = copy_netr_SamBaseInfo(info3,
+ &info6->base,
+ &info3->base);
+ if (!NT_STATUS_IS_OK(status)) {
+ TALLOC_FREE(info3);
+ return status;
+ }
+
+ if (validation->sam6->sidcount > 0) {
+ int i;
+
+ info3->sidcount = info6->sidcount;
+
+ info3->sids = talloc_array(info3,
+ struct netr_SidAttr,
+ info3->sidcount);
+ if (info3->sids == NULL) {
+ TALLOC_FREE(info3);
+ return NT_STATUS_NO_MEMORY;
+ }
+
+ for (i = 0; i < info3->sidcount; i++) {
+ info3->sids[i].sid = dom_sid_dup(
+ info3->sids, info6->sids[i].sid);
+ if (info3->sids[i].sid == NULL) {
+ TALLOC_FREE(info3);
+ return NT_STATUS_NO_MEMORY;
+ }
+ info3->sids[i].attributes =
+ info6->sids[i].attributes;
+ }
+ }
+ break;
+ default:
+ return NT_STATUS_BAD_VALIDATION_CLASS;
+ }
+
+ *info3_p = info3;
+
+ return NT_STATUS_OK;
+}
+
+NTSTATUS map_info3_to_validation(TALLOC_CTX *mem_ctx,
--
Samba Shared Repository
More information about the samba-cvs
mailing list