The branch, v4-5-stable has been updated
via 3c9bc04 VERSION: Disable GIT_SNAPSHOTS for the 4.5.13 release.
via 0247ece WHATSNEW: Add release notes for Samba 4.5.13.
via 2339d4b vfs_fruit: factor out common code from ad_get() and
ad_fget()
via b559efc vfs_fruit: return fake pipe fd in fruit_open_meta_netatalk()
via 379dbb5 vfs_fruit: don't open basefile in ad_open() and simplify API
via d6c9916 vfs_fruit: use path based setxattr call in ad_fset()
via 12c818b s4/torture: additional tests for kernel-oplocks
via c03af9f s4/torture: reproducer for kernel oplocks issue with streams
via 38d8b62 vfs_streams_xattr: return a fake fd in streams_xattr_open()
via f7e96ae vfs_streams_xattr: implement all missing handle based VFS
functions
via 62c9719 vfs_streams_xattr: always pass NULL as fsp arg to
get_ea_value()
via 10b04e9 vfs_streams_xattr: remove fsp argument from get_xattr_size()
via c642283 vfs_streams_xattr: remove all uses of fd, use name based
functions
via da22be9 vfs_streams_xattr: invalidate stat info if xattr was not
found
via 715e1c9 s3: torture: Add a test for cli_setpathinfo_basic() to
smbtorture3.
via 57f129b s3: libsmb: Implement cli_smb2_setatr() by calling
cli_smb2_setpathinfo().
via a6f4924 s3: libsmb: Add cli_smb2_setpathinfo(), to be called by
cli_setpathinfo_basic().
via bfa7ac0 s3: libsmbclient: Fix cli_setpathinfo_basic() to treat mode
== -1 as no change.
via ad113e0 vfs_gpfs: handle EACCES when fetching DOS attributes from
xattr
via c493d8e s3/smbd: handle EACCES when fetching DOS attributes from
xattr
via 5b3f031 s3/smbd: handling of failed DOS attributes reading
via 9792ec2 s3: libsmb: Reverse sense of 'clear all attributes', ignore
attribute change in SMB2 to match SMB1.
via 3475d11 vfs_ceph: fix cephwrap_chdir()
via cfa8c18 s3: smbd: Fix a read after free if a chained SMB1 call goes
async.
via 5d740e4 s3: libsmb: Fix use-after-free when accessing pointer *p.
via 5659328 s3/notifyd: ensure notifyd doesn't return from
smbd_notifyd_init
via dbb2814 vfs_fruit: don't use MS NFS ACEs with Windows clients
via 35cba47 vfs_fruit: add fruit:model = <modelname> parametric option
via 6512059 selftest:Samba3: call "net primarytrust dumpinfo"
setup_nt4_member() after the join
via 6c728cc s3:secrets: remove unused
secrets_store_[prev_]machine_password()
via ad1e456 s3:libads: make use of secrets_*_password_change() in
ads_change_trust_account_password()
via 7d86014 net: make use of secrets_*_password_change() for "net
changesecretpw"
via ab5109f s3:trusts_util: make use the workstation password change
more robust
via 75a05ad s3:libnet: make use of secrets_store_JoinCtx()
via d9a2394 net: add "net primarytrust dumpinfo" command that dumps the
details of the workstation trust
via f3da295 s3:secrets: add infrastructure to use secrets_domain_infoB
to store credentials
via 97b72e3 secrets.idl: add secrets_domain_info that will be used in
secrets.tdb for machine account trusts
via 4d66652 netlogon.idl: use lsa_TrustType and lsa_TrustAttributes in
netr_trust_extension
via 19addd1 netlogon.idl: make netr_TrustFlags [public]
via e635a4f lsa.idl: make lsa_DnsDomainInfo [public]
via 1e5489d s3:trusts_util: also pass the previous_nt_hash to
netlogon_creds_cli_auth()
via 399945b libcli/auth: pass the cleartext blob to
netlogon_creds_cli_ServerPasswordSet*()
via 0c7de3c libcli/auth: add const to set_pw_in_buffer()
via 09461fe libcli/auth: pass an array of nt_hashes to
netlogon_creds_cli_auth*()
via c1d6f18 s3:trusts_util: pass dcname to trust_pw_change()
via 9afd00e s3:secrets: use secrets_delete for all keys in
secrets_delete_machine_password_ex()
via 3c3765f s3:secrets: let secrets_delete_machine_password_ex() also
remove the des_salt key
via 64b3919 s3:secrets: let secrets_delete_machine_password_ex() remove
SID and GUID too
via 04384a4 s3:secrets: rewrite secrets_delete_machine_password_ex()
using helper variables
via a920733 s3:secrets: replace secrets_delete_prev_machine_password()
by secrets_delete()
via fdbf0de s3:secrets: let secrets_store_machine_pw_sync() delete the
des_salt_key when there's no value
via 96319f6 s3:secrets: make use of secrets_delete() in
secrets_store_machine_pw_sync()
via 1bbefc1 s3:secrets: re-add secrets_delete() helper to simplify
deleting optional keys
via f5dc61c s3:secrets: rename secrets_delete() to
secrets_delete_entry()
via f30adda s3:secrets: make use of des_salt_key() in
secrets_store_machine_pw_sync()
via 0a36325 s3:secrets: add some const to secrets_store_domain_guid()
via ec6b939 s3:secrets: split out a domain_guid_keystr() function
via de0f730 s3:secrets: rework des_salt_key() to take the realm as
argument
via fd161f1 s3:secrets: move kerberos_secrets_*salt related functions
to machine_account_secrets.c
via 701361c s3:libads: remove unused
kerberos_fetch_salt_princ_for_host_princ()
via 24478a5 s3:libads: make use of kerberos_secrets_fetch_salt_princ()
in ads_keytab_add_entry()
via aa2f79b s3:libnet: make use of kerberos_secrets_fetch_salt_princ()
via 0aa6bfd s3:gse_krb5: simplify fill_keytab_from_password() by using
kerberos_fetch_salt_princ()
via 2ef7d5a s3:libads: provide a simpler kerberos_fetch_salt_princ()
function
via 0f4d181 s3:libads: remove
kerberos_secrets_fetch_salting_principal() fallback
via 87b27a5 s3:libnet_join: move kerberos_secrets_store_des_salt() to
libnet_join_joindomain_store_secrets()
via 00a2ce6 s3:libnet_join: move libnet_join_joindomain_store_secrets()
to libnet_join_post_processing()
via a210289 s3:libnet_join: call do_JoinConfig() after we did remote
changes on the server
via 7110ea3 s3:libnet_join: split libnet_join_post_processing_ads()
into modify/sync
via 4765cb4 s3:libnet_join: move kerberos_secrets_store_des_salt() out
of libnet_join_derive_salting_principal()
via 9d818ce s3:libnet_join: remember r->out.krb5_salt in
libnet_join_derive_salting_principal()
via 18cd978 s3:libnet_join.idl: add krb5_salt to libnet_JoinCtx
via f18c0ca s3:libnet_join: remember the domain_guid for AD domains
via d68b34b s3:libnet_join.idl: return the domain_guid in libnet_JoinCtx
via 35b6d50 s3:libnet_join: calculate r->out.account_name in
libnet_join_pre_processing()
via 77980ad s3:libnet_join: remove dead code from
libnet_join_connect_ads()
via cef8c67 krb5_wrap: add smb_krb5_salt_principal2data()
via 5b96252 krb5_wrap: add smb_krb5_salt_principal()
via 88abba9 s3:libads: remove unused
kerberos_secrets_store_salting_principal()
via 208c771 s3:librpc: let NDR_SECRETS depend on NDR_SECURITY
via 899c0d5 idl_types.h: add NDR_SECRET shortcut
via 9bbacf5 librpc/ndr: add LIBNDR_FLAG_IS_SECRET handling
via 7b3bfd5 librpc/ndr: align the definition of LIBNDR_STRING_FLAGS
with currently defined flags
via 0c8ae83 pidl:NDR/Parser: add missing {start,end}_flags() to
ParseElementPrint()
via 941aaa9 werror: replace WERR_SETUP_NOT_JOINED with
WERR_NERR_SETUPNOTJOINED in source3/libnet/libnet_join.c
via 3a491cd krb5_wrap: add smb_krb5_free_data_contents() compat define
(for v4-5)
via 82f9cba s3:smbd: consistently use talloc_tos() memory for
rpc_pipe_open_interface()
via 2cae38b selftest: add a test for accessing previous version of
directories with snapdirseverywhere
via 911e3ab s3/smbd: let non_widelink_open() chdir() to directories
directly
via 3de773e VERSION: Bump version up to 4.5.13...
from 6e6361e VERSION: Release Samba 4.5.12 for CVE-2017-11103
https://git.samba.org/?p=samba.git;a=shortlog;h=v4-5-stable
- Log -----------------------------------------------------------------
-----------------------------------------------------------------------
Summary of changes:
VERSION | 2 +-
WHATSNEW.txt | 70 +-
docs-xml/manpages/vfs_fruit.8.xml | 9 +
lib/krb5_wrap/krb5_samba.c | 187 ++++
lib/krb5_wrap/krb5_samba.h | 12 +
libcli/auth/netlogon_creds_cli.c | 78 +-
libcli/auth/netlogon_creds_cli.h | 16 +-
libcli/auth/proto.h | 2 +-
libcli/auth/smbencrypt.c | 2 +-
librpc/idl/idl_types.h | 6 +
librpc/idl/lsa.idl | 2 +-
librpc/idl/netlogon.idl | 6 +-
librpc/ndr/libndr.h | 24 +-
librpc/ndr/ndr.c | 23 +
librpc/ndr/ndr_basic.c | 44 +
pidl/lib/Parse/Pidl/Samba4/NDR/Parser.pm | 4 +
selftest/target/Samba3.pm | 10 +
source3/include/proto.h | 1 +
source3/include/secrets.h | 38 +-
source3/libads/kerberos.c | 200 ----
source3/libads/kerberos_keytab.c | 14 +-
source3/libads/kerberos_proto.h | 8 -
source3/libads/util.c | 106 +-
source3/libnet/libnet_join.c | 133 ++-
source3/libnet/libnet_keytab.c | 5 +-
source3/librpc/crypto/gse_krb5.c | 40 +-
source3/librpc/idl/libnet_join.idl | 4 +-
source3/librpc/idl/secrets.idl | 92 +-
source3/librpc/wscript_build | 2 +-
source3/libsmb/cli_smb2_fnum.c | 94 +-
source3/libsmb/cli_smb2_fnum.h | 5 +
source3/libsmb/clirap.c | 27 +-
source3/libsmb/libsmb_dir.c | 6 +-
source3/libsmb/trusts_util.c | 276 ++++-
source3/modules/vfs_ceph.c | 7 -
source3/modules/vfs_fruit.c | 270 ++---
source3/modules/vfs_gpfs.c | 69 +-
source3/modules/vfs_streams_xattr.c | 574 +++++++++--
source3/passdb/machine_account_secrets.c | 1661 ++++++++++++++++++++++++++++--
source3/passdb/secrets.c | 25 +-
source3/passdb/secrets_lsa.c | 2 +-
source3/rpc_client/cli_netlogon.c | 15 +-
source3/rpcclient/cmd_netlogon.c | 2 +
source3/script/tests/test_shadow_copy.sh | 23 +
source3/smbd/dosmode.c | 43 +-
source3/smbd/lanman.c | 20 +-
source3/smbd/open.c | 30 +-
source3/smbd/process.c | 2 +-
source3/smbd/reply.c | 2 +-
source3/smbd/server.c | 8 +-
source3/torture/torture.c | 137 +++
source3/utils/net.c | 142 ++-
source3/utils/net_rpc.c | 8 +
source3/winbindd/winbindd_dual.c | 1 +
source3/winbindd/winbindd_dual_srv.c | 2 +
source4/torture/smb2/oplock.c | 346 +++++++
source4/torture/vfs/fruit.c | 8 +-
57 files changed, 4113 insertions(+), 832 deletions(-)
Changeset truncated at 500 lines:
diff --git a/VERSION b/VERSION
index b5eaa03..6c1c849 100644
--- a/VERSION
+++ b/VERSION
@@ -25,7 +25,7 @@
########################################################
SAMBA_VERSION_MAJOR=4
SAMBA_VERSION_MINOR=5
-SAMBA_VERSION_RELEASE=12
+SAMBA_VERSION_RELEASE=13
########################################################
# If a official release has a serious bug #
diff --git a/WHATSNEW.txt b/WHATSNEW.txt
index a519b6c..f3fccf7 100644
--- a/WHATSNEW.txt
+++ b/WHATSNEW.txt
@@ -1,4 +1,70 @@
==============================
+ Release Notes for Samba 4.5.13
+ August 31, 2017
+ ==============================
+
+
+This is the latest stable release of the Samba 4.5 release series.
+
+
+Changes since 4.5.12:
+---------------------
+
+o Jeremy Allison <j...@samba.org>
+ * BUG 12836: s3: smbd: Fix a read after free if a chained SMB1 call goes
+ async.
+ * BUG 12899: 'smbclient setmode' no longer works to clear attribute bits due
+ to dialect upgrade.
+ * BUG 12913: SMBC_setatr() initially uses an SMB1 call before falling back.
+
+o Ralph Boehme <s...@samba.org>
+ * BUG 12791: Fix kernel oplock issues with named streams.
+ * BUG 12897: vfs_fruit: Don't use MS NFS ACEs with Windows clients.
+ * BUG 12910: s3/notifyd: Ensure notifyd doesn't return from
+ smbd_notifyd_init.
+ * BUG 12944: vfs_gpfs: handle EACCES when fetching DOS attributes from
xattr.
+ * BUG 12885: Let non_widelink_open() chdir() to directories directly.
+
+o Günther Deschner <g...@samba.org>
+ * BUG 12840: vfs_fruit: Add fruit:model = <modelname> parametric option.
+
+o David Disseldorp <dd...@samba.org>
+ * BUG 12911: vfs_ceph: fix cephwrap_chdir().
+
+o Thomas Jarosch <thomas.jaro...@intra2net.com>
+ * BUG 12927: s3: libsmb: Fix use-after-free when accessing pointer *p.
+
+o Stefan Metzmacher <me...@samba.org>
+ * BUG 12782: winbindd changes the local password and gets
+ NT_STATUS_WRONG_PASSWORD for the remote change.
+ * BUG 12890: s3:smbd: consistently use talloc_tos() memory for
+ rpc_pipe_open_interface().
+
+
+#######################################
+Reporting bugs & Development Discussion
+#######################################
+
+Please discuss this release on the samba-technical mailing list or by
+joining the #samba-technical IRC channel on irc.freenode.net.
+
+If you do report problems then please try to send high quality
+feedback. If you don't provide vital information to help us track down
+the problem then you will probably be ignored. All bug reports should
+be filed under the "Samba 4.1 and newer" product in the project's Bugzilla
+database (https://bugzilla.samba.org/).
+
+
+======================================================================
+== Our Code, Our Bugs, Our Responsibility.
+== The Samba Team
+======================================================================
+
+
+Release notes for older releases follow:
+----------------------------------------
+
+ ==============================
Release Notes for Samba 4.5.12
July 12, 2017
==============================
@@ -48,8 +114,8 @@ database (https://bugzilla.samba.org/).
======================================================================
-Release notes for older releases follow:
-----------------------------------------
+----------------------------------------------------------------------
+
==============================
Release Notes for Samba 4.5.11
diff --git a/docs-xml/manpages/vfs_fruit.8.xml
b/docs-xml/manpages/vfs_fruit.8.xml
index e2e696c..08b8700 100644
--- a/docs-xml/manpages/vfs_fruit.8.xml
+++ b/docs-xml/manpages/vfs_fruit.8.xml
@@ -162,6 +162,15 @@
</listitem>
</varlistentry>
+ <varlistentry>
+ <term>fruit:model = MacSamba</term>
+ <listitem>
+ <para>This option defines the model string inside the AAPL
+ extension and will determine the appearance of the icon
representing the
+ Samba server in the Finder window.</para>
+ <para>The default is <emphasis>MacSamba</emphasis>.</para>
+ </listitem>
+ </varlistentry>
</variablelist>
</refsect1>
diff --git a/lib/krb5_wrap/krb5_samba.c b/lib/krb5_wrap/krb5_samba.c
index 76e8795..fe29386 100644
--- a/lib/krb5_wrap/krb5_samba.c
+++ b/lib/krb5_wrap/krb5_samba.c
@@ -324,6 +324,193 @@ int smb_krb5_get_pw_salt(krb5_context context,
#error UNKNOWN_SALT_FUNCTIONS
#endif
+/**
+ * @brief This constructs the salt principal used by active directory
+ *
+ * Most Kerberos encryption types require a salt in order to
+ * calculate the long term private key for user/computer object
+ * based on a password.
+ *
+ * The returned _salt_principal is a string in forms like this:
+ * - host/somehost.example....@example.com
+ * - someacco...@example.com
+ * - someprinci...@example.com
+ *
+ * This is not the form that's used as salt, it's just
+ * the human readable form. It needs to be converted by
+ * smb_krb5_salt_principal2data().
+ *
+ * @param[in] realm The realm the user/computer is added too.
+ *
+ * @param[in] sAMAccountName The sAMAccountName attribute of the object.
+ *
+ * @param[in] userPrincipalName The userPrincipalName attribute of the object
+ * or NULL is not available.
+ *
+ * @param[in] is_computer The indication of the object includes
+ * objectClass=computer.
+ *
+ * @param[in] mem_ctx The TALLOC_CTX to allocate _salt_principal.
+ *
+ * @param[out] _salt_principal The resulting principal as string.
+ *
+ * @retval 0 Success; otherwise - Kerberos error codes
+ *
+ * @see smb_krb5_salt_principal2data
+ */
+int smb_krb5_salt_principal(const char *realm,
+ const char *sAMAccountName,
+ const char *userPrincipalName,
+ bool is_computer,
+ TALLOC_CTX *mem_ctx,
+ char **_salt_principal)
+{
+ TALLOC_CTX *frame = talloc_stackframe();
+ char *upper_realm = NULL;
+ const char *principal = NULL;
+ int principal_len = 0;
+
+ *_salt_principal = NULL;
+
+ if (sAMAccountName == NULL) {
+ TALLOC_FREE(frame);
+ return EINVAL;
+ }
+
+ if (realm == NULL) {
+ TALLOC_FREE(frame);
+ return EINVAL;
+ }
+
+ upper_realm = strupper_talloc(frame, realm);
+ if (upper_realm == NULL) {
+ TALLOC_FREE(frame);
+ return ENOMEM;
+ }
+
+ /* Many, many thanks to lu...@padl.com for this
+ * algorithm, described in his Nov 10 2004 mail to
+ * samba-techni...@lists.samba.org */
+
+ /*
+ * Determine a salting principal
+ */
+ if (is_computer) {
+ int computer_len = 0;
+ char *tmp = NULL;
+
+ computer_len = strlen(sAMAccountName);
+ if (sAMAccountName[computer_len-1] == '$') {
+ computer_len -= 1;
+ }
+
+ tmp = talloc_asprintf(frame, "host/%*.*s.%s",
+ computer_len, computer_len,
+ sAMAccountName, realm);
+ if (tmp == NULL) {
+ TALLOC_FREE(frame);
+ return ENOMEM;
+ }
+
+ principal = strlower_talloc(frame, tmp);
+ TALLOC_FREE(tmp);
+ if (principal == NULL) {
+ TALLOC_FREE(frame);
+ return ENOMEM;
+ }
+ principal_len = strlen(principal);
+
+ } else if (userPrincipalName != NULL) {
+ char *p;
+
+ principal = userPrincipalName;
+ p = strchr(principal, '@');
+ if (p != NULL) {
+ principal_len = PTR_DIFF(p, principal);
+ } else {
+ principal_len = strlen(principal);
+ }
+ } else {
+ principal = sAMAccountName;
+ principal_len = strlen(principal);
+ }
+
+ *_salt_principal = talloc_asprintf(mem_ctx, "%*.*s@%s",
+ principal_len, principal_len,
+ principal, upper_realm);
+ if (*_salt_principal == NULL) {
+ TALLOC_FREE(frame);
+ return ENOMEM;
+ }
+
+ TALLOC_FREE(frame);
+ return 0;
+}
+
+/**
+ * @brief Converts the salt principal string into the salt data blob
+ *
+ * This function takes a salt_principal as string in forms like this:
+ * - host/somehost.example....@example.com
+ * - someacco...@example.com
+ * - someprinci...@example.com
+ *
+ * It generates values like:
+ * - EXAMPLE.COMhost/somehost.example.com
+ * - EXAMPLE.COMSomeAccount
+ * - EXAMPLE.COMSomePrincipal
+ *
+ * @param[in] realm The realm the user/computer is added too.
+ *
+ * @param[in] sAMAccountName The sAMAccountName attribute of the object.
+ *
+ * @param[in] userPrincipalName The userPrincipalName attribute of the object
+ * or NULL is not available.
+ *
+ * @param[in] is_computer The indication of the object includes
+ * objectClass=computer.
+ *
+ * @param[in] mem_ctx The TALLOC_CTX to allocate _salt_principal.
+ *
+ * @param[out] _salt_principal The resulting principal as string.
+ *
+ * @retval 0 Success; otherwise - Kerberos error codes
+ *
+ * @see smb_krb5_salt_principal
+ */
+int smb_krb5_salt_principal2data(krb5_context context,
+ const char *salt_principal,
+ TALLOC_CTX *mem_ctx,
+ char **_salt_data)
+{
+ krb5_error_code ret;
+ krb5_principal salt_princ = NULL;
+ krb5_data salt;
+
+ *_salt_data = NULL;
+
+ ret = krb5_parse_name(context, salt_principal, &salt_princ);
+ if (ret != 0) {
+ return ret;
+ }
+
+ ret = smb_krb5_get_pw_salt(context, salt_princ, &salt);
+ krb5_free_principal(context, salt_princ);
+ if (ret != 0) {
+ return ret;
+ }
+
+ *_salt_data = talloc_strndup(mem_ctx,
+ (char *)salt.data,
+ salt.length);
+ smb_krb5_free_data_contents(context, &salt);
+ if (*_salt_data == NULL) {
+ return ENOMEM;
+ }
+
+ return 0;
+}
+
#if defined(HAVE_KRB5_GET_PERMITTED_ENCTYPES)
krb5_error_code get_kerberos_allowed_etypes(krb5_context context,
krb5_enctype **enctypes)
diff --git a/lib/krb5_wrap/krb5_samba.h b/lib/krb5_wrap/krb5_samba.h
index 2d31619..116bffc 100644
--- a/lib/krb5_wrap/krb5_samba.h
+++ b/lib/krb5_wrap/krb5_samba.h
@@ -362,6 +362,16 @@ krb5_error_code ms_suptypes_to_ietf_enctypes(TALLOC_CTX
*mem_ctx,
int smb_krb5_get_pw_salt(krb5_context context,
krb5_const_principal host_princ,
krb5_data *psalt);
+int smb_krb5_salt_principal(const char *realm,
+ const char *sAMAccountName,
+ const char *userPrincipalName,
+ bool is_computer,
+ TALLOC_CTX *mem_ctx,
+ char **_salt_principal);
+int smb_krb5_salt_principal2data(krb5_context context,
+ const char *salt_principal,
+ TALLOC_CTX *mem_ctx,
+ char **_salt_data);
int smb_krb5_create_key_from_string(krb5_context context,
krb5_const_principal host_princ,
@@ -408,4 +418,6 @@ int cli_krb5_get_ticket(TALLOC_CTX *mem_ctx,
time_t *tgs_expire,
const char *impersonate_princ_s);
+#define smb_krb5_free_data_contents(a, b) kerberos_free_data_contents(a, b)
+
#endif /* _KRB5_SAMBA_H */
diff --git a/libcli/auth/netlogon_creds_cli.c b/libcli/auth/netlogon_creds_cli.c
index d55142e..29baae4 100644
--- a/libcli/auth/netlogon_creds_cli.c
+++ b/libcli/auth/netlogon_creds_cli.c
@@ -36,6 +36,7 @@
#include "source3/include/messages.h"
#include "source3/include/g_lock.h"
#include "libds/common/roles.h"
+#include "lib/crypto/crypto.h"
struct netlogon_creds_cli_locked_state;
@@ -942,9 +943,10 @@ struct netlogon_creds_cli_auth_state {
struct tevent_context *ev;
struct netlogon_creds_cli_context *context;
struct dcerpc_binding_handle *binding_handle;
- struct samr_Password current_nt_hash;
- struct samr_Password previous_nt_hash;
- struct samr_Password used_nt_hash;
+ uint8_t num_nt_hashes;
+ uint8_t idx_nt_hashes;
+ const struct samr_Password * const *nt_hashes;
+ const struct samr_Password *used_nt_hash;
char *srv_name_slash;
uint32_t current_flags;
struct netr_Credential client_challenge;
@@ -956,7 +958,6 @@ struct netlogon_creds_cli_auth_state {
bool try_auth3;
bool try_auth2;
bool require_auth2;
- bool try_previous_nt_hash;
struct netlogon_creds_cli_locked_state *locked_state;
};
@@ -967,8 +968,8 @@ struct tevent_req *netlogon_creds_cli_auth_send(TALLOC_CTX
*mem_ctx,
struct tevent_context *ev,
struct netlogon_creds_cli_context *context,
struct dcerpc_binding_handle *b,
- struct samr_Password current_nt_hash,
- const struct samr_Password *previous_nt_hash)
+ uint8_t num_nt_hashes,
+ const struct samr_Password * const *nt_hashes)
{
struct tevent_req *req;
struct netlogon_creds_cli_auth_state *state;
@@ -984,12 +985,19 @@ struct tevent_req
*netlogon_creds_cli_auth_send(TALLOC_CTX *mem_ctx,
state->ev = ev;
state->context = context;
state->binding_handle = b;
- state->current_nt_hash = current_nt_hash;
- if (previous_nt_hash != NULL) {
- state->previous_nt_hash = *previous_nt_hash;
- state->try_previous_nt_hash = true;
+ if (num_nt_hashes < 1) {
+ tevent_req_nterror(req, NT_STATUS_INVALID_PARAMETER_MIX);
+ return tevent_req_post(req, ev);
+ }
+ if (num_nt_hashes > 4) {
+ tevent_req_nterror(req, NT_STATUS_INVALID_PARAMETER_MIX);
+ return tevent_req_post(req, ev);
}
+ state->num_nt_hashes = num_nt_hashes;
+ state->idx_nt_hashes = 0;
+ state->nt_hashes = nt_hashes;
+
if (context->db.locked_state != NULL) {
tevent_req_nterror(req, NT_STATUS_LOCK_NOT_GRANTED);
return tevent_req_post(req, ev);
@@ -1019,7 +1027,7 @@ struct tevent_req
*netlogon_creds_cli_auth_send(TALLOC_CTX *mem_ctx,
state->require_auth2 = true;
}
- state->used_nt_hash = state->current_nt_hash;
+ state->used_nt_hash = state->nt_hashes[state->idx_nt_hashes];
state->current_flags = context->client.proposed_flags;
if (context->db.g_ctx != NULL) {
@@ -1141,7 +1149,7 @@ static void netlogon_creds_cli_auth_challenge_done(struct
tevent_req *subreq)
state->context->client.type,
&state->client_challenge,
&state->server_challenge,
- &state->used_nt_hash,
+ state->used_nt_hash,
&state->client_credential,
state->current_flags);
if (tevent_req_nomem(state->creds, req)) {
@@ -1283,7 +1291,8 @@ static void netlogon_creds_cli_auth_srvauth_done(struct
tevent_req *subreq)
return;
}
- if (!state->try_previous_nt_hash) {
+ state->idx_nt_hashes += 1;
+ if (state->idx_nt_hashes >= state->num_nt_hashes) {
/*
* we already retried, giving up...
*/
@@ -1294,8 +1303,7 @@ static void netlogon_creds_cli_auth_srvauth_done(struct
tevent_req *subreq)
/*
* lets retry with the old nt hash.
*/
- state->try_previous_nt_hash = false;
- state->used_nt_hash = state->previous_nt_hash;
+ state->used_nt_hash = state->nt_hashes[state->idx_nt_hashes];
state->current_flags = state->context->client.proposed_flags;
netlogon_creds_cli_auth_challenge_start(req);
return;
@@ -1330,43 +1338,52 @@ static void netlogon_creds_cli_auth_srvauth_done(struct
tevent_req *subreq)
tevent_req_done(req);
}
-NTSTATUS netlogon_creds_cli_auth_recv(struct tevent_req *req)
+NTSTATUS netlogon_creds_cli_auth_recv(struct tevent_req *req,
+ uint8_t *idx_nt_hashes)
{
+ struct netlogon_creds_cli_auth_state *state =
+ tevent_req_data(req,
+ struct netlogon_creds_cli_auth_state);
NTSTATUS status;
+ *idx_nt_hashes = 0;
+
if (tevent_req_is_nterror(req, &status)) {
tevent_req_received(req);
return status;
}
+ *idx_nt_hashes = state->idx_nt_hashes;
tevent_req_received(req);
return NT_STATUS_OK;
}
NTSTATUS netlogon_creds_cli_auth(struct netlogon_creds_cli_context *context,
struct dcerpc_binding_handle *b,
- struct samr_Password current_nt_hash,
- const struct samr_Password *previous_nt_hash)
+ uint8_t num_nt_hashes,
+ const struct samr_Password * const *nt_hashes,
+ uint8_t *idx_nt_hashes)
{
TALLOC_CTX *frame = talloc_stackframe();
struct tevent_context *ev;
struct tevent_req *req;
NTSTATUS status = NT_STATUS_NO_MEMORY;
+ *idx_nt_hashes = 0;
+
ev = samba_tevent_context_init(frame);
if (ev == NULL) {
goto fail;
}
req = netlogon_creds_cli_auth_send(frame, ev, context, b,
- current_nt_hash,
- previous_nt_hash);
+ num_nt_hashes, nt_hashes);
--
Samba Shared Repository
