The branch, master has been updated via 606a447 s4:torture/rpc/samr.c - fix NTTIME warnings by casts via 25301b7 s4:torture/rpc/samr.c - test the "ReplicaSourceNodeName" only against s3 via af4c9cc s4:samr RPC server - fix trailing whitespaces via 5d835c8 s4:samr RPC server - fix indentation of function parameters via fc6f8be s4:samr RPC server - DomainGeneralInformation - never return NULL on the oem name via ebe78c4 s4:samr RPC server - provide the right "ReplicaSourceNodeName" via 45cd2e4 s4:samr RPC server - remove wrong implementation of ReplicaSourceNodeName from c5c6935 s4-drs_tests: drs_util_DsAttributeId_to_string() is not used anymore
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log ----------------------------------------------------------------- commit 606a447503defdeddc84ae03e06b392517c840c5 Author: Matthias Dieter Wallnöfer <m...@samba.org> Date: Fri Oct 29 11:26:47 2010 +0200 s4:torture/rpc/samr.c - fix NTTIME warnings by casts And also the format specifier is wrong since NTTIME is "uint64_t" and therefore unsigned. Autobuild-User: Matthias Dieter Wallnöfer <m...@samba.org> Autobuild-Date: Fri Oct 29 10:36:46 UTC 2010 on sn-devel-104 commit 25301b7bf926c5f6f1e688e201d9dc9eee9f60ee Author: Matthias Dieter Wallnöfer <m...@samba.org> Date: Sun Sep 19 10:54:29 2010 +0200 s4:torture/rpc/samr.c - test the "ReplicaSourceNodeName" only against s3 AD handles this differently (see MS-SAMR 2.2.4.1) commit af4c9cc7c24fad8ccd96d0e2cb0c0cd0138eea9d Author: Matthias Dieter Wallnöfer <m...@samba.org> Date: Fri Oct 29 10:55:07 2010 +0200 s4:samr RPC server - fix trailing whitespaces commit 5d835c8a29cc2cf184412ca91fe48e28da2521d4 Author: Matthias Dieter Wallnöfer <m...@samba.org> Date: Fri Oct 29 10:53:39 2010 +0200 s4:samr RPC server - fix indentation of function parameters commit fc6f8be523de65bbcf0586d56bbccd27069ad852 Author: Matthias Dieter Wallnöfer <m...@samba.org> Date: Fri Oct 29 11:03:26 2010 +0200 s4:samr RPC server - DomainGeneralInformation - never return NULL on the oem name As far as I can tell Windows SAMR never returns NULL on unknown values in this call. commit ebe78c444c1220829f34488aa5d7f11437785f54 Author: Matthias Dieter Wallnöfer <m...@samba.org> Date: Fri Oct 29 10:45:47 2010 +0200 s4:samr RPC server - provide the right "ReplicaSourceNodeName" It's the content of the "domainReplica" attribute if it exists and has only a meaning on interim/mixed domain function levels (with NT4 dcs). commit 45cd2e445d75429fbd84a95ff4a0fa0852279cd3 Author: Matthias Dieter Wallnöfer <m...@samba.org> Date: Sun Sep 19 10:50:28 2010 +0200 s4:samr RPC server - remove wrong implementation of ReplicaSourceNodeName This should represent a replication partner - never the DC iself ----------------------------------------------------------------------- Summary of changes: source4/dsdb/common/util.c | 22 -- source4/rpc_server/samr/dcesrv_samr.c | 562 +++++++++++++++---------------- source4/rpc_server/samr/dcesrv_samr.h | 8 +- source4/rpc_server/samr/samr_password.c | 74 ++-- source4/torture/rpc/samr.c | 35 ++- 5 files changed, 340 insertions(+), 361 deletions(-) Changeset truncated at 500 lines: diff --git a/source4/dsdb/common/util.c b/source4/dsdb/common/util.c index 39589e5..39fcc4d 100644 --- a/source4/dsdb/common/util.c +++ b/source4/dsdb/common/util.c @@ -1347,28 +1347,6 @@ failed: return false; } -/* Obtain the short name of the flexible single master operator - * (FSMO), such as the PDC Emulator */ -const char *samdb_result_fsmo_name(struct ldb_context *ldb, TALLOC_CTX *mem_ctx, const struct ldb_message *msg, - const char *attr) -{ - /* Format is cn=NTDS Settings,cn=<NETBIOS name of FSMO>,.... */ - struct ldb_dn *fsmo_dn = ldb_msg_find_attr_as_dn(ldb, mem_ctx, msg, attr); - const struct ldb_val *val = ldb_dn_get_component_val(fsmo_dn, 1); - const char *name = ldb_dn_get_component_name(fsmo_dn, 1); - - if (!name || (ldb_attr_cmp(name, "cn") != 0)) { - /* Ensure this matches the format. This gives us a - * bit more confidence that a 'cn' value will be a - * ascii string */ - return NULL; - } - if (val) { - return (char *)val->data; - } - return NULL; -} - /* work out the ntds settings dn for the current open ldb */ diff --git a/source4/rpc_server/samr/dcesrv_samr.c b/source4/rpc_server/samr/dcesrv_samr.c index e419485..3c08851 100644 --- a/source4/rpc_server/samr/dcesrv_samr.c +++ b/source4/rpc_server/samr/dcesrv_samr.c @@ -1,4 +1,4 @@ -/* +/* Unix SMB/CIFS implementation. endpoint server for the samr pipe @@ -7,17 +7,17 @@ Copyright (C) Volker Lendecke 2004 Copyright (C) Andrew Bartlett <abart...@samba.org> 2004-2005 Copyright (C) Matthias Dieter Wallnöfer 2009 - + This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version. - + This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. - + You should have received a copy of the GNU General Public License along with this program. If not, see <http://www.gnu.org/licenses/>. */ @@ -88,8 +88,8 @@ } \ set_el = ldb_msg_find_element(msg, attr); \ set_el->flags = LDB_FLAG_MOD_REPLACE; \ -} while (0) - +} while (0) + #define SET_INT64(msg, field, attr) do { \ struct ldb_message_element *set_el; \ if (samdb_msg_add_int64(sam_ctx, mem_ctx, msg, attr, r->in.info->field) != LDB_SUCCESS) { \ @@ -97,8 +97,8 @@ } \ set_el = ldb_msg_find_element(msg, attr); \ set_el->flags = LDB_FLAG_MOD_REPLACE; \ -} while (0) - +} while (0) + #define SET_UINT64(msg, field, attr) do { \ struct ldb_message_element *set_el; \ if (samdb_msg_add_uint64(sam_ctx, mem_ctx, msg, attr, r->in.info->field) != LDB_SUCCESS) { \ @@ -106,7 +106,7 @@ } \ set_el = ldb_msg_find_element(msg, attr); \ set_el->flags = LDB_FLAG_MOD_REPLACE; \ -} while (0) +} while (0) #define CHECK_FOR_MULTIPLES(value, flag, poss_flags) \ do { \ @@ -114,8 +114,8 @@ return NT_STATUS_INVALID_PARAMETER; \ } \ } while (0) \ - -/* Set account flags, discarding flags that cannot be set with SAMR */ + +/* Set account flags, discarding flags that cannot be set with SAMR */ #define SET_AFLAGS(msg, field, attr) do { \ struct ldb_message_element *set_el; \ if ((r->in.info->field & (ACB_NORMAL | ACB_DOMTRUST | ACB_WSTRUST | ACB_SVRTRUST)) == 0) { \ @@ -130,8 +130,8 @@ } \ set_el = ldb_msg_find_element(msg, attr); \ set_el->flags = LDB_FLAG_MOD_REPLACE; \ -} while (0) - +} while (0) + #define SET_LHOURS(msg, field, attr) do { \ struct ldb_message_element *set_el; \ if (samdb_msg_add_logon_hours(sam_ctx, mem_ctx, msg, attr, &r->in.info->field) != LDB_SUCCESS) { \ @@ -154,8 +154,8 @@ -/* - samr_Connect +/* + samr_Connect create a connection to the SAM database */ @@ -195,8 +195,8 @@ static NTSTATUS dcesrv_samr_Connect(struct dcesrv_call_state *dce_call, TALLOC_C } -/* - samr_Close +/* + samr_Close */ static NTSTATUS dcesrv_samr_Close(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx, struct samr_Close *r) @@ -215,8 +215,8 @@ static NTSTATUS dcesrv_samr_Close(struct dcesrv_call_state *dce_call, TALLOC_CTX } -/* - samr_SetSecurity +/* + samr_SetSecurity */ static NTSTATUS dcesrv_samr_SetSecurity(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx, struct samr_SetSecurity *r) @@ -225,8 +225,8 @@ static NTSTATUS dcesrv_samr_SetSecurity(struct dcesrv_call_state *dce_call, TALL } -/* - samr_QuerySecurity +/* + samr_QuerySecurity */ static NTSTATUS dcesrv_samr_QuerySecurity(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx, struct samr_QuerySecurity *r) @@ -251,8 +251,8 @@ static NTSTATUS dcesrv_samr_QuerySecurity(struct dcesrv_call_state *dce_call, TA } -/* - samr_Shutdown +/* + samr_Shutdown we refuse this operation completely. If a admin wants to shutdown samr in Samba then they should use the samba admin tools to disable the samr pipe @@ -264,8 +264,8 @@ static NTSTATUS dcesrv_samr_Shutdown(struct dcesrv_call_state *dce_call, TALLOC_ } -/* - samr_LookupDomain +/* + samr_LookupDomain this maps from a domain name to a SID */ @@ -295,7 +295,7 @@ static NTSTATUS dcesrv_samr_LookupDomain(struct dcesrv_call_state *dce_call, TAL "(objectClass=builtinDomain)"); } else if (strcasecmp_m(r->in.domain_name->string, lpcfg_sam_name(dce_call->conn->dce_ctx->lp_ctx)) == 0) { ret = gendb_search_dn(c_state->sam_ctx, - mem_ctx, ldb_get_default_basedn(c_state->sam_ctx), + mem_ctx, ldb_get_default_basedn(c_state->sam_ctx), &dom_msgs, dom_attrs); } else { return NT_STATUS_NO_SUCH_DOMAIN; @@ -303,10 +303,10 @@ static NTSTATUS dcesrv_samr_LookupDomain(struct dcesrv_call_state *dce_call, TAL if (ret != 1) { return NT_STATUS_NO_SUCH_DOMAIN; } - + sid = samdb_result_dom_sid(mem_ctx, dom_msgs[0], "objectSid"); - + if (sid == NULL) { return NT_STATUS_NO_SUCH_DOMAIN; } @@ -317,8 +317,8 @@ static NTSTATUS dcesrv_samr_LookupDomain(struct dcesrv_call_state *dce_call, TAL } -/* - samr_EnumDomains +/* + samr_EnumDomains list the domains in the SAM */ @@ -351,7 +351,7 @@ static NTSTATUS dcesrv_samr_EnumDomains(struct dcesrv_call_state *dce_call, TALL if (array == NULL) { return NT_STATUS_NO_MEMORY; } - + array->count = 0; array->entries = NULL; @@ -377,8 +377,8 @@ static NTSTATUS dcesrv_samr_EnumDomains(struct dcesrv_call_state *dce_call, TALL } -/* - samr_OpenDomain +/* + samr_OpenDomain */ static NTSTATUS dcesrv_samr_OpenDomain(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx, struct samr_OpenDomain *r) @@ -417,9 +417,9 @@ static NTSTATUS dcesrv_samr_OpenDomain(struct dcesrv_call_state *dce_call, TALLO ret = gendb_search(c_state->sam_ctx, mem_ctx, ldb_get_default_basedn(c_state->sam_ctx), &dom_msgs, dom_attrs, - "(objectSid=%s)", + "(objectSid=%s)", ldap_encode_ndr_dom_sid(mem_ctx, r->in.sid)); - + if (ret == 0) { talloc_free(d_state); return NT_STATUS_NO_SUCH_DOMAIN; @@ -445,7 +445,7 @@ static NTSTATUS dcesrv_samr_OpenDomain(struct dcesrv_call_state *dce_call, TALLO talloc_free(d_state); return NT_STATUS_NO_MEMORY; } - + h_domain->data = talloc_steal(h_domain, d_state); *r->out.domain_handle = h_domain->wire_handle; @@ -457,19 +457,19 @@ static NTSTATUS dcesrv_samr_OpenDomain(struct dcesrv_call_state *dce_call, TALLO return DomInfo1 */ static NTSTATUS dcesrv_samr_info_DomInfo1(struct samr_domain_state *state, - TALLOC_CTX *mem_ctx, - struct ldb_message **dom_msgs, - struct samr_DomInfo1 *info) + TALLOC_CTX *mem_ctx, + struct ldb_message **dom_msgs, + struct samr_DomInfo1 *info) { info->min_password_length = ldb_msg_find_attr_as_uint(dom_msgs[0], "minPwdLength", 0); info->password_history_length = ldb_msg_find_attr_as_uint(dom_msgs[0], "pwdHistoryLength", 0); - info->password_properties = + info->password_properties = ldb_msg_find_attr_as_uint(dom_msgs[0], "pwdProperties", 0); - info->max_password_age = + info->max_password_age = ldb_msg_find_attr_as_int64(dom_msgs[0], "maxPwdAge", 0); - info->min_password_age = + info->min_password_age = ldb_msg_find_attr_as_int64(dom_msgs[0], "minPwdAge", 0); return NT_STATUS_OK; @@ -478,31 +478,29 @@ static NTSTATUS dcesrv_samr_info_DomInfo1(struct samr_domain_state *state, /* return DomInfo2 */ -static NTSTATUS dcesrv_samr_info_DomGeneralInformation(struct samr_domain_state *state, +static NTSTATUS dcesrv_samr_info_DomGeneralInformation(struct samr_domain_state *state, TALLOC_CTX *mem_ctx, struct ldb_message **dom_msgs, struct samr_DomGeneralInformation *info) { - /* This pulls the NetBIOS name from the - cn=NTDS Settings,cn=<NETBIOS name of PDC>,.... - string */ - info->primary.string = samdb_result_fsmo_name(state->sam_ctx, mem_ctx, dom_msgs[0], "fSMORoleOwner"); - - if (!info->primary.string) { - info->primary.string = lpcfg_netbios_name(state->lp_ctx); - } + /* MS-SAMR 2.2.4.1 - ReplicaSourceNodeName: "domainReplica" attribute */ + info->primary.string = ldb_msg_find_attr_as_string(dom_msgs[0], + "domainReplica", + ""); - info->force_logoff_time = ldb_msg_find_attr_as_uint64(dom_msgs[0], "forceLogoff", + info->force_logoff_time = ldb_msg_find_attr_as_uint64(dom_msgs[0], "forceLogoff", 0x8000000000000000LL); - info->oem_information.string = ldb_msg_find_attr_as_string(dom_msgs[0], "oEMInformation", NULL); + info->oem_information.string = ldb_msg_find_attr_as_string(dom_msgs[0], + "oEMInformation", + ""); info->domain_name.string = state->domain_name; - info->sequence_num = ldb_msg_find_attr_as_uint64(dom_msgs[0], "modifiedCount", + info->sequence_num = ldb_msg_find_attr_as_uint64(dom_msgs[0], "modifiedCount", 0); switch (state->role) { case ROLE_DOMAIN_CONTROLLER: - /* This pulls the NetBIOS name from the + /* This pulls the NetBIOS name from the cn=NTDS Settings,cn=<NETBIOS name of PDC>,.... string */ if (samdb_is_pdc(state->sam_ctx)) { @@ -540,11 +538,11 @@ static NTSTATUS dcesrv_samr_info_DomGeneralInformation(struct samr_domain_state return DomInfo3 */ static NTSTATUS dcesrv_samr_info_DomInfo3(struct samr_domain_state *state, - TALLOC_CTX *mem_ctx, - struct ldb_message **dom_msgs, - struct samr_DomInfo3 *info) + TALLOC_CTX *mem_ctx, + struct ldb_message **dom_msgs, + struct samr_DomInfo3 *info) { - info->force_logoff_time = ldb_msg_find_attr_as_uint64(dom_msgs[0], "forceLogoff", + info->force_logoff_time = ldb_msg_find_attr_as_uint64(dom_msgs[0], "forceLogoff", 0x8000000000000000LL); return NT_STATUS_OK; @@ -558,7 +556,9 @@ static NTSTATUS dcesrv_samr_info_DomOEMInformation(struct samr_domain_state *sta struct ldb_message **dom_msgs, struct samr_DomOEMInformation *info) { - info->oem_information.string = ldb_msg_find_attr_as_string(dom_msgs[0], "oEMInformation", NULL); + info->oem_information.string = ldb_msg_find_attr_as_string(dom_msgs[0], + "oEMInformation", + ""); return NT_STATUS_OK; } @@ -567,9 +567,9 @@ static NTSTATUS dcesrv_samr_info_DomOEMInformation(struct samr_domain_state *sta return DomInfo5 */ static NTSTATUS dcesrv_samr_info_DomInfo5(struct samr_domain_state *state, - TALLOC_CTX *mem_ctx, - struct ldb_message **dom_msgs, - struct samr_DomInfo5 *info) + TALLOC_CTX *mem_ctx, + struct ldb_message **dom_msgs, + struct samr_DomInfo5 *info) { info->domain_name.string = state->domain_name; @@ -580,19 +580,14 @@ static NTSTATUS dcesrv_samr_info_DomInfo5(struct samr_domain_state *state, return DomInfo6 */ static NTSTATUS dcesrv_samr_info_DomInfo6(struct samr_domain_state *state, - TALLOC_CTX *mem_ctx, - struct ldb_message **dom_msgs, - struct samr_DomInfo6 *info) + TALLOC_CTX *mem_ctx, + struct ldb_message **dom_msgs, + struct samr_DomInfo6 *info) { - /* This pulls the NetBIOS name from the - cn=NTDS Settings,cn=<NETBIOS name of PDC>,.... - string */ - info->primary.string = samdb_result_fsmo_name(state->sam_ctx, mem_ctx, - dom_msgs[0], "fSMORoleOwner"); - - if (!info->primary.string) { - info->primary.string = lpcfg_netbios_name(state->lp_ctx); - } + /* MS-SAMR 2.2.4.1 - ReplicaSourceNodeName: "domainReplica" attribute */ + info->primary.string = ldb_msg_find_attr_as_string(dom_msgs[0], + "domainReplica", + ""); return NT_STATUS_OK; } @@ -601,14 +596,14 @@ static NTSTATUS dcesrv_samr_info_DomInfo6(struct samr_domain_state *state, return DomInfo7 */ static NTSTATUS dcesrv_samr_info_DomInfo7(struct samr_domain_state *state, - TALLOC_CTX *mem_ctx, - struct ldb_message **dom_msgs, - struct samr_DomInfo7 *info) + TALLOC_CTX *mem_ctx, + struct ldb_message **dom_msgs, + struct samr_DomInfo7 *info) { switch (state->role) { case ROLE_DOMAIN_CONTROLLER: - /* This pulls the NetBIOS name from the + /* This pulls the NetBIOS name from the cn=NTDS Settings,cn=<NETBIOS name of PDC>,.... string */ if (samdb_is_pdc(state->sam_ctx)) { @@ -632,11 +627,11 @@ static NTSTATUS dcesrv_samr_info_DomInfo7(struct samr_domain_state *state, return DomInfo8 */ static NTSTATUS dcesrv_samr_info_DomInfo8(struct samr_domain_state *state, - TALLOC_CTX *mem_ctx, - struct ldb_message **dom_msgs, - struct samr_DomInfo8 *info) + TALLOC_CTX *mem_ctx, + struct ldb_message **dom_msgs, + struct samr_DomInfo8 *info) { - info->sequence_num = ldb_msg_find_attr_as_uint64(dom_msgs[0], "modifiedCount", + info->sequence_num = ldb_msg_find_attr_as_uint64(dom_msgs[0], "modifiedCount", time(NULL)); info->domain_create_time = ldb_msg_find_attr_as_uint(dom_msgs[0], "creationTime", @@ -649,9 +644,9 @@ static NTSTATUS dcesrv_samr_info_DomInfo8(struct samr_domain_state *state, return DomInfo9 */ static NTSTATUS dcesrv_samr_info_DomInfo9(struct samr_domain_state *state, - TALLOC_CTX *mem_ctx, - struct ldb_message **dom_msgs, - struct samr_DomInfo9 *info) + TALLOC_CTX *mem_ctx, + struct ldb_message **dom_msgs, + struct samr_DomInfo9 *info) { info->domain_server_state = DOMAIN_SERVER_ENABLED; @@ -662,17 +657,17 @@ static NTSTATUS dcesrv_samr_info_DomInfo9(struct samr_domain_state *state, return DomInfo11 */ static NTSTATUS dcesrv_samr_info_DomGeneralInformation2(struct samr_domain_state *state, - TALLOC_CTX *mem_ctx, - struct ldb_message **dom_msgs, - struct samr_DomGeneralInformation2 *info) + TALLOC_CTX *mem_ctx, + struct ldb_message **dom_msgs, + struct samr_DomGeneralInformation2 *info) { NTSTATUS status; status = dcesrv_samr_info_DomGeneralInformation(state, mem_ctx, dom_msgs, &info->general); if (!NT_STATUS_IS_OK(status)) { return status; } - - info->lockout_duration = ldb_msg_find_attr_as_int64(dom_msgs[0], "lockoutDuration", + + info->lockout_duration = ldb_msg_find_attr_as_int64(dom_msgs[0], "lockoutDuration", -18000000000LL); info->lockout_window = ldb_msg_find_attr_as_int64(dom_msgs[0], "lockOutObservationWindow", -18000000000LL); @@ -685,11 +680,11 @@ static NTSTATUS dcesrv_samr_info_DomGeneralInformation2(struct samr_domain_state return DomInfo12 */ static NTSTATUS dcesrv_samr_info_DomInfo12(struct samr_domain_state *state, - TALLOC_CTX *mem_ctx, - struct ldb_message **dom_msgs, - struct samr_DomInfo12 *info) + TALLOC_CTX *mem_ctx, + struct ldb_message **dom_msgs, + struct samr_DomInfo12 *info) { - info->lockout_duration = ldb_msg_find_attr_as_int64(dom_msgs[0], "lockoutDuration", + info->lockout_duration = ldb_msg_find_attr_as_int64(dom_msgs[0], "lockoutDuration", -18000000000LL); info->lockout_window = ldb_msg_find_attr_as_int64(dom_msgs[0], "lockOutObservationWindow", -18000000000LL); @@ -702,11 +697,11 @@ static NTSTATUS dcesrv_samr_info_DomInfo12(struct samr_domain_state *state, return DomInfo13 */ static NTSTATUS dcesrv_samr_info_DomInfo13(struct samr_domain_state *state, - TALLOC_CTX *mem_ctx, - struct ldb_message **dom_msgs, - struct samr_DomInfo13 *info) + TALLOC_CTX *mem_ctx, + struct ldb_message **dom_msgs, + struct samr_DomInfo13 *info) { - info->sequence_num = ldb_msg_find_attr_as_uint64(dom_msgs[0], "modifiedCount", + info->sequence_num = ldb_msg_find_attr_as_uint64(dom_msgs[0], "modifiedCount", time(NULL)); info->domain_create_time = ldb_msg_find_attr_as_uint(dom_msgs[0], "creationTime", @@ -717,11 +712,12 @@ static NTSTATUS dcesrv_samr_info_DomInfo13(struct samr_domain_state *state, return NT_STATUS_OK; } -- Samba Shared Repository