The branch, v4-8-test has been updated
via ca87709 winbindd: WBFLAG_PAM_AUTH_PAC should call
add_trusted_domain_from_auth() is the result is trusted
via 7e8ee67 winbindd: rename winbindd_pam_auth_pac_send and let it
return validation
via df6062e winbindd: complete WBFLAG_PAM_AUTH_PAC handling in
winbindd_pam_auth_crap_send()
via c1ab6c5 winbindd: let winbindd_pam_auth_pac_send() compute info6
from PAC
via be33ac4 winbindd: call add_trusted_domain_from_auth() in
winbindd_pam_auth_crap_done()
via 8269dc9 winbindd: get netr_SamInfo6 out of
winbindd_dual_pam_auth_kerberos()
via 95ca85d s3/rpc_client: add map_info6_to_validation()
via e57baf7 s3/auth: add create_info6_from_pac()
via f85ff76 s4/auth_winbind: ask for validation level 6
via 974b4ea winbindd: allow validation level 6 in winbind_SamLogon
via dafb614 s3/rpc_client: add copy_netr_SamInfo6() and
map_validation_to_info6()
via b06743e winbindd: introduce a cm_connect_netlogon_secure() which
gives a valid netlogon_creds_ctx
via 4dac164 winbindd: handle interactive logons in _winbind_SamLogon()
via 41c0698 winbindd: pass 'bool interactive' to winbind_dual_SamLogon()
via ce965d3 winbindd: add a comment to a parameter in
_winbind_SamLogon()
via fb14f0f winbindd: separate plaintext given and interactive in
winbind_samlogon_retry_loop()
via 05b7972 s3/rpc_client: add rpccli_netlogon_interactive_logon()
via 6fac545 winbindd: add_trusted_domain_from_auth() should not use
dns_name = ""
via c549aa4 wbinfo: avoid segfault in wbinfo_auth_crap() if winbindd is
not available
via 2fae412 winbindd: fix debug message in find_default_route_domain()
on a DC
via bf361c5 s4/rpc_server: trigger trusts reload in winbindd after
successfull trust info acquisition
via bf8e88d winbindd: rename MSG_WINBIND_NEW_TRUSTED_DOMAIN to
MSG_WINBIND_RELOAD_TRUSTED_DOMAINS
via cc7592e s4/rpc_server: remove unused data argument from
MSG_WINBIND_NEW_TRUSTED_DOMAIN
via e465b1f winbindd: use add_trusted_domains_dc in
wb_imsg_new_trusted_domain
via 523ca1b winbindd: move loading of trusted domains on a DC to a
seperate function
via 304c95c winbindd: don't force using LSA_LOOKUP_NAMES_ALL for non
workstation trusts.
via 5db31e7 s3:rpc_client: pass down lsa_LookupNamesLevel to
dcerpc_lsa_lookup_sids_generic()
via 33d901b winbindd: prepare find_lookup_domain_from_{name,sid}()
transitive trusts on a DC
via 296f677 winbindd: prepare find_auth_domain() transitive trusts on a
DC
via d103727 winbindd: remove const from set_routing_domain()
via 74bbba0 winbindd: use
Netlogon{Interactive,Network}TransitiveInformation on transitive trusts
via 5dc2e89 s3:rpc_client: allow passing
NetlogonNetwork[Transitive]Information to rpccli_netlogon_network_logon()
via a895873 s3:rpc_client: allow
Netlogon{Network,Interactive}TransitiveInformation in
rpccli_netlogon_password_logon()
via 0f86338 winbindd: add routing_domain as parameter to
add_trusted_domain
via 8cd948f winbindd: add missing can_do_ncacn_ip_tcp initialisation
via 3a78306 winbindd: remove useless calls to get_trust_credentials()
before cli_rpc_pipe_open_schannel_with_creds()
via ae13d62 winbindd: fix LSA connections via DCERPC_AUTH_SCHANNEL
via 099b720 winbind: Fix CID 1427626 Uninitialized scalar variable
via d800e1c pdb: Fix CID 1427620 Resource leak
via 4360d83 winbind: Fix CID 1427626 Uninitialized scalar variable
via 8ee283a pdb: Fix CID 1427624 Resource leak
from b368ad2 docs-xml: Add 'samba-tool visualize' to man samba-tool.8.
https://git.samba.org/?p=samba.git;a=shortlog;h=v4-8-test
- Log -----------------------------------------------------------------
commit ca87709326280a34a35fdb577d48ad339cb21a64
Author: Stefan Metzmacher <me...@samba.org>
Date: Tue Jan 23 23:13:12 2018 +0100
winbindd: WBFLAG_PAM_AUTH_PAC should call add_trusted_domain_from_auth() is
the result is trusted
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13262
Signed-off-by: Stefan Metzmacher <me...@samba.org>
Reviewed-by: Ralph Boehme <s...@samba.org>
Autobuild-User(master): Ralph Böhme <s...@samba.org>
Autobuild-Date(master): Sat Feb 10 13:08:50 CET 2018 on sn-devel-144
(cherry picked from commit 597e755328940fc964b861333b557b0650666b24)
Autobuild-User(v4-8-test): Stefan Metzmacher <me...@samba.org>
Autobuild-Date(v4-8-test): Sun Feb 11 15:37:51 CET 2018 on sn-devel-144
commit 7e8ee67c5bce9d901cb5c222744465ffad970c72
Author: Stefan Metzmacher <me...@samba.org>
Date: Fri Feb 9 08:38:18 2018 +0100
winbindd: rename winbindd_pam_auth_pac_send and let it return validation
Just a preperational step. The next commit will update the caller to
make use of the validation info.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13262
Signed-off-by: Stefan Metzmacher <me...@samba.org>
Reviewed-by: Ralph Boehme <s...@samba.org>
(cherry picked from commit 8422c001bec169a73657b1d638ec8ec4c35c243a)
commit df6062e18d849f4ab1ca2f0c95e0395918ae4f4f
Author: Stefan Metzmacher <me...@samba.org>
Date: Tue Jan 23 23:10:42 2018 +0100
winbindd: complete WBFLAG_PAM_AUTH_PAC handling in
winbindd_pam_auth_crap_send()
winbindd_pam_auth_crap_recv() should not have any real logic.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13262
Signed-off-by: Stefan Metzmacher <me...@samba.org>
Reviewed-by: Ralph Boehme <s...@samba.org>
(cherry picked from commit 5444cc4e7ed8ea0c063110f3b78f360d91b0b0a5)
commit c1ab6c5ee26cd9862c09776ec41e55da82233520
Author: Stefan Metzmacher <me...@samba.org>
Date: Tue Jan 23 23:02:26 2018 +0100
winbindd: let winbindd_pam_auth_pac_send() compute info6 from PAC
This way we don't loose the DNS info and UPN. A subsequent commit will
let winbindd_pam_auth_pac_send() return the full validation info.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13262
Signed-off-by: Stefan Metzmacher <me...@samba.org>
Reviewed-by: Ralph Boehme <s...@samba.org>
(cherry picked from commit 5ce3cb2fb468d8798980b49d84568782becf25ea)
commit be33ac40bf35b3c9d94c938a62802002e29ddca1
Author: Stefan Metzmacher <me...@samba.org>
Date: Tue Jan 23 22:00:35 2018 +0100
winbindd: call add_trusted_domain_from_auth() in
winbindd_pam_auth_crap_done()
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13262
Signed-off-by: Stefan Metzmacher <me...@samba.org>
Reviewed-by: Ralph Boehme <s...@samba.org>
(cherry picked from commit 42e445396881c5b6651a0dde0abde3d6bb0740bf)
commit 8269dc95f089cb317987d558086c5424605388b1
Author: Stefan Metzmacher <me...@samba.org>
Date: Tue Jan 23 21:34:46 2018 +0100
winbindd: get netr_SamInfo6 out of winbindd_dual_pam_auth_kerberos()
This way we don't loose dns_domain_name and user principal.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13261
Signed-off-by: Stefan Metzmacher <me...@samba.org>
Reviewed-by: Ralph Boehme <s...@samba.org>
(cherry picked from commit 021d75fb223630d06a256a605659abda9ece853f)
commit 95ca85d0b0daa90199b0182f86cf4b073604d4d3
Author: Stefan Metzmacher <me...@samba.org>
Date: Tue Jan 23 21:32:53 2018 +0100
s3/rpc_client: add map_info6_to_validation()
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13261
Signed-off-by: Stefan Metzmacher <me...@samba.org>
Reviewed-by: Ralph Boehme <s...@samba.org>
(cherry picked from commit 2b0181877806f171eee053c246dcb2eda2300261)
commit e57baf76e3c33e9f55cb8afa3b70a7eac4de426e
Author: Stefan Metzmacher <me...@samba.org>
Date: Tue Jan 23 21:32:25 2018 +0100
s3/auth: add create_info6_from_pac()
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13261
Signed-off-by: Stefan Metzmacher <me...@samba.org>
Reviewed-by: Ralph Boehme <s...@samba.org>
(cherry picked from commit d4ba23fd353ad387a374a5d7f6f6d085a0699d2c)
commit f85ff761905fb74a466c8dee985a12a27c4e65a6
Author: Stefan Metzmacher <me...@samba.org>
Date: Tue Jan 23 17:58:07 2018 +0100
s4/auth_winbind: ask for validation level 6
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13260
Signed-off-by: Stefan Metzmacher <me...@samba.org>
Reviewed-by: Ralph Boehme <s...@samba.org>
(cherry picked from commit e1ba81996033e7c2cfeba13124ee7f404ded2031)
commit 974b4eadd9f90fee930b0d4349c38a10d863642b
Author: Stefan Metzmacher <me...@samba.org>
Date: Tue Jan 23 17:57:37 2018 +0100
winbindd: allow validation level 6 in winbind_SamLogon
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13260
Signed-off-by: Stefan Metzmacher <me...@samba.org>
Reviewed-by: Ralph Boehme <s...@samba.org>
(cherry picked from commit 1a9857369d2fae08fefef613cf6cbd3354092a4a)
commit dafb6140ccf679ae4402c3f3d086cca9f026a714
Author: Stefan Metzmacher <me...@samba.org>
Date: Tue Jan 23 17:53:49 2018 +0100
s3/rpc_client: add copy_netr_SamInfo6() and map_validation_to_info6()
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13260
Signed-off-by: Stefan Metzmacher <me...@samba.org>
Reviewed-by: Ralph Boehme <s...@samba.org>
(cherry picked from commit 60aa5e7657608c1a5519c03e690cce58efd67abd)
commit b06743ec693b0da6ed997ad6738bf87e953b33b6
Author: Stefan Metzmacher <me...@samba.org>
Date: Fri Feb 2 15:24:00 2018 +0100
winbindd: introduce a cm_connect_netlogon_secure() which gives a valid
netlogon_creds_ctx
At lot of callers require a valid schannel connection.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13259
Signed-off-by: Stefan Metzmacher <me...@samba.org>
Reviewed-by: Ralph Boehme <s...@samba.org>
(cherry picked from commit b60c634123ee00021efc5b5aaa03e1663474d3da)
commit 4dac16450fa28c7165f2f9c31ba7e70d2a6d8b17
Author: Stefan Metzmacher <me...@samba.org>
Date: Tue Jan 23 17:39:15 2018 +0100
winbindd: handle interactive logons in _winbind_SamLogon()
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13258
Signed-off-by: Stefan Metzmacher <me...@samba.org>
Reviewed-by: Ralph Boehme <s...@samba.org>
(cherry picked from commit d76bcdb0854cff9b08010d47469fd48324d902bc)
commit 41c06989895c74fe2a66b804da90abb43ab2f839
Author: Stefan Metzmacher <me...@samba.org>
Date: Tue Jan 23 17:37:54 2018 +0100
winbindd: pass 'bool interactive' to winbind_dual_SamLogon()
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13258
Signed-off-by: Stefan Metzmacher <me...@samba.org>
Reviewed-by: Ralph Boehme <s...@samba.org>
(cherry picked from commit 8c6c47aec0e91ab3944bea5f6eda8072f5db959d)
commit ce965d3b8d3d0df1685a31f5daf6ee43c141da91
Author: Stefan Metzmacher <me...@samba.org>
Date: Thu Feb 8 17:23:49 2018 +0100
winbindd: add a comment to a parameter in _winbind_SamLogon()
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13258
Signed-off-by: Stefan Metzmacher <me...@samba.org>
Reviewed-by: Ralph Boehme <s...@samba.org>
(cherry picked from commit 2268f1c0dd1e8543c126553f80d94e80a1e32487)
commit fb14f0ff18059319ea8830234fba5a6f4b9b0a82
Author: Stefan Metzmacher <me...@samba.org>
Date: Tue Jan 23 16:36:45 2018 +0100
winbindd: separate plaintext given and interactive in
winbind_samlogon_retry_loop()
We need to handle 4 cases:
plaintext_given=true interactive=true
plaintext_given=false interactive=true
plaintext_given=true interactive=false
plaintext_given=false interactive=false
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13258
Signed-off-by: Stefan Metzmacher <me...@samba.org>
Reviewed-by: Ralph Boehme <s...@samba.org>
(cherry picked from commit d1c3676197032487505e9069c0655427b5fd385c)
commit 05b797206cffbb4428d2dba11f0857b94579b7fc
Author: Stefan Metzmacher <me...@samba.org>
Date: Fri Feb 9 16:15:18 2018 +0100
s3/rpc_client: add rpccli_netlogon_interactive_logon()
This will be used in a subsequent commit.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13258
Signed-off-by: Stefan Metzmacher <me...@samba.org>
Reviewed-by: Ralph Boehme <s...@samba.org>
(cherry picked from commit be26a472ae082d612f9aec28c932d25e2317f9ba)
commit 6fac5451885937652969a26a19d6162433154148
Author: Stefan Metzmacher <me...@samba.org>
Date: Tue Jan 23 23:19:32 2018 +0100
winbindd: add_trusted_domain_from_auth() should not use dns_name = ""
Check whether the DNS domain name in the info6 struct is actually more
then just an empty string. If it is we want to call add_trusted_domain()
with NULL as DNS domain name argument.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13257
Signed-off-by: Stefan Metzmacher <me...@samba.org>
Reviewed-by: Ralph Boehme <s...@samba.org>
(cherry picked from commit 2ee2551409e0bd0cd5bf130cc1e3736e58b8c14d)
commit c549aa4f1d89c30fd9af49627182b402d406a472
Author: Stefan Metzmacher <me...@samba.org>
Date: Sun Feb 4 22:48:01 2018 +0100
wbinfo: avoid segfault in wbinfo_auth_crap() if winbindd is not available
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13256
Signed-off-by: Stefan Metzmacher <me...@samba.org>
Reviewed-by: Ralph Boehme <s...@samba.org>
(cherry picked from commit 8b0e1a77ae5f7ef6d8db9a05718afa8d472a971b)
commit 2fae4128318004354135d2a7d570855eab114d60
Author: Stefan Metzmacher <me...@samba.org>
Date: Wed Jan 31 08:22:07 2018 +0100
winbindd: fix debug message in find_default_route_domain() on a DC
As we don't support multiple domains in a forest yet,
we don't need to print a warning a log level 0.
This also adds a missing \n.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13255
Signed-off-by: Stefan Metzmacher <me...@samba.org>
Reviewed-by: Ralph Boehme <s...@samba.org>
(cherry picked from commit b112cbc2462edf810473026c133b0802d1e18468)
commit bf361c561465911500b7392b00b52a8746a732ea
Author: Ralph Boehme <s...@samba.org>
Date: Thu Jan 18 16:35:52 2018 +0100
s4/rpc_server: trigger trusts reload in winbindd after successfull trust
info acquisition
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13237
Signed-off-by: Ralph Boehme <s...@samba.org>
Reviewed-by: Stefan Metzmacher <me...@samba.org>
(cherry picked from commit 6151909c823016417f863c22e77c8a136f3fbb95)
commit bf8e88d250cb6a56bf45e9477fee507c546f82a6
Author: Ralph Boehme <s...@samba.org>
Date: Thu Jan 18 16:35:13 2018 +0100
winbindd: rename MSG_WINBIND_NEW_TRUSTED_DOMAIN to
MSG_WINBIND_RELOAD_TRUSTED_DOMAINS
This reflects the new implementation in winbindd.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13237
Signed-off-by: Ralph Boehme <s...@samba.org>
Reviewed-by: Stefan Metzmacher <me...@samba.org>
(cherry picked from commit 9f96ede6f500cc1a7c76e67ee785b44a99244d0d)
commit cc7592e52c3135dc6eba9c222c11cb7eccec1ba1
Author: Ralph Boehme <s...@samba.org>
Date: Thu Jan 18 11:32:30 2018 +0100
s4/rpc_server: remove unused data argument from
MSG_WINBIND_NEW_TRUSTED_DOMAIN
winbindd doesn't use that data anymore.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13237
Signed-off-by: Ralph Boehme <s...@samba.org>
Reviewed-by: Stefan Metzmacher <me...@samba.org>
(cherry picked from commit ffa9eb7d6453eb6c6f3a50ad72288d3891361752)
commit e465b1fc48fb11bf67a92754aeeea6288cecee71
Author: Ralph Boehme <s...@samba.org>
Date: Thu Jan 18 11:30:53 2018 +0100
winbindd: use add_trusted_domains_dc in wb_imsg_new_trusted_domain
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13237
Signed-off-by: Ralph Boehme <s...@samba.org>
Reviewed-by: Stefan Metzmacher <me...@samba.org>
(cherry picked from commit d8e4e7cae57eb192c6fcab6b9aef95fb10eeb5a8)
commit 523ca1b477a14337c1fc0da1fd037a69f6c0e22d
Author: Ralph Boehme <s...@samba.org>
Date: Thu Jan 18 11:28:20 2018 +0100
winbindd: move loading of trusted domains on a DC to a seperate function
This allows using the split out function in a subsequent commit in the
MSG_WINBIND_NEW_TRUSTED_DOMAIN message handler.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13237
Signed-off-by: Ralph Boehme <s...@samba.org>
Reviewed-by: Stefan Metzmacher <me...@samba.org>
(cherry picked from commit 4274ef681bf3b974ce99b8f21fda3a86a5b305bc)
commit 304c95c2f27cadfe24adad652810c63792999a84
Author: Stefan Metzmacher <me...@samba.org>
Date: Mon Jan 15 13:02:04 2018 +0100
winbindd: don't force using LSA_LOOKUP_NAMES_ALL for non workstation trusts.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13236
Signed-off-by: Stefan Metzmacher <me...@samba.org>
Reviewed-by: Ralph Boehme <s...@samba.org>
(cherry picked from commit 728fb7c593230abeb681854d924e4619d6f4cf37)
commit 5db31e7d043b7825fb961034de7f5babbb832a60
Author: Stefan Metzmacher <me...@samba.org>
Date: Mon Jan 15 12:57:11 2018 +0100
s3:rpc_client: pass down lsa_LookupNamesLevel to
dcerpc_lsa_lookup_sids_generic()
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13236
Signed-off-by: Stefan Metzmacher <me...@samba.org>
Reviewed-by: Ralph Boehme <s...@samba.org>
(cherry picked from commit 7fc19747ef346df9cc72bb516b45a8309f462dd8)
commit 33d901ba3d3df00834c0e2dc6df62c06e21210f1
Author: Stefan Metzmacher <me...@samba.org>
Date: Mon Jan 15 12:06:50 2018 +0100
winbindd: prepare find_lookup_domain_from_{name,sid}() transitive trusts on
a DC
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13235
Signed-off-by: Stefan Metzmacher <me...@samba.org>
Reviewed-by: Ralph Boehme <s...@samba.org>
(cherry picked from commit 8b7bf6d4d81cde099d78cd9cc03aa085cec672d4)
commit 296f677b4aeb97234980cf46e008c96894f941bf
Author: Stefan Metzmacher <me...@samba.org>
Date: Mon Jan 15 12:06:50 2018 +0100
winbindd: prepare find_auth_domain() transitive trusts on a DC
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13235
Signed-off-by: Stefan Metzmacher <me...@samba.org>
Reviewed-by: Ralph Boehme <s...@samba.org>
(cherry picked from commit af9a37aa1925a18709365ceb93460d8ae0f66f51)
commit d1037277e0ee299f1353f0c18c400a07fb947a0d
Author: Stefan Metzmacher <me...@samba.org>
Date: Mon Jan 15 12:03:11 2018 +0100
winbindd: remove const from set_routing_domain()
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13235
Signed-off-by: Stefan Metzmacher <me...@samba.org>
Reviewed-by: Ralph Boehme <s...@samba.org>
(cherry picked from commit c5bd18c0021b428c669dbbc35f65a3d436b4add5)
commit 74bbba0ec5573d3dc4ad188df2d480dd5e3aa4fa
Author: Stefan Metzmacher <me...@samba.org>
Date: Mon Jan 15 12:02:05 2018 +0100
winbindd: use Netlogon{Interactive,Network}TransitiveInformation on
transitive trusts
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13234
Signed-off-by: Stefan Metzmacher <me...@samba.org>
Reviewed-by: Ralph Boehme <s...@samba.org>
(cherry picked from commit 70bb9c27cf8c464d5af79acbe11a0d2d0e20f5a8)
commit 5dc2e891f1b497e62fb4b0cdcc198428bd97362b
Author: Stefan Metzmacher <me...@samba.org>
Date: Mon Jan 15 12:00:19 2018 +0100
s3:rpc_client: allow passing NetlogonNetwork[Transitive]Information to
rpccli_netlogon_network_logon()
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13234
Signed-off-by: Stefan Metzmacher <me...@samba.org>
Reviewed-by: Ralph Boehme <s...@samba.org>
(cherry picked from commit 7329706a037fef75e8ced63bfb7ab93b64482eda)
commit a8958733fecec3f673240c0d7dfe7e042fe5d713
Author: Stefan Metzmacher <me...@samba.org>
Date: Mon Jan 15 11:58:31 2018 +0100
s3:rpc_client: allow Netlogon{Network,Interactive}TransitiveInformation in
rpccli_netlogon_password_logon()
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13234
Signed-off-by: Stefan Metzmacher <me...@samba.org>
Reviewed-by: Ralph Boehme <s...@samba.org>
(cherry picked from commit fe47041b4bf8d2ef6f6f9ba15a80038f1c60da3f)
commit 0f86338b39b244b2d112dc112891ff1d072a2d79
Author: Ralph Boehme <s...@samba.org>
Date: Thu Jan 18 08:38:59 2018 +0100
winbindd: add routing_domain as parameter to add_trusted_domain
This also fixes the following CIDs:
CID 1427622: Null pointer dereferences (REVERSE_INULL)
CID 1427619: Null pointer dereferences (REVERSE_INULL)
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13233
Signed-off-by: Ralph Boehme <s...@samba.org>
Reviewed-by: Stefan Metzmacher <me...@samba.org>
(cherry picked from commit 9a613f4bccf171c40ede3e6ead9236463fcc5883)
commit 8cd948fe5e9c8562373f3d78e3806a81befc849f
Author: Stefan Metzmacher <me...@samba.org>
Date: Mon Jan 15 14:30:48 2018 +0100
winbindd: add missing can_do_ncacn_ip_tcp initialisation
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13232
Signed-off-by: Stefan Metzmacher <me...@samba.org>
Reviewed-by: Ralph Boehme <s...@samba.org>
(cherry picked from commit 9fef5d1891e6c1aebea29fbfbb90e77631b7836c)
commit 3a78306d5118143fb43ee95c0bca3178251fa001
Author: Stefan Metzmacher <me...@samba.org>
Date: Mon Jan 15 14:30:12 2018 +0100
winbindd: remove useless calls to get_trust_credentials() before
cli_rpc_pipe_open_schannel_with_creds()
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13231
Signed-off-by: Stefan Metzmacher <me...@samba.org>
Reviewed-by: Ralph Boehme <s...@samba.org>
(cherry picked from commit 1918a870c38c29bd3a05cd3f660ffe6623121bf3)
commit ae13d62d4eb200f470fcbd2fa3bc7948609d9024
Author: Stefan Metzmacher <me...@samba.org>
Date: Mon Jan 15 14:24:47 2018 +0100
winbindd: fix LSA connections via DCERPC_AUTH_SCHANNEL
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13231
Signed-off-by: Stefan Metzmacher <me...@samba.org>
Reviewed-by: Ralph Boehme <s...@samba.org>
(cherry picked from commit 53484d0d98475f55ae3bd02e1a86b9c45b20e33d)
commit 099b72018c802f6e7c023db5e81797472419ee69
Author: Volker Lendecke <v...@samba.org>
Date: Wed Jan 17 14:45:49 2018 +0100
winbind: Fix CID 1427626 Uninitialized scalar variable
Likely a false positive, but Coverity can't follow all the paths leading
to line 1598.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13263
Signed-off-by: Volker Lendecke <v...@samba.org>
Reviewed-by: Ralph Boehme <s...@samba.org>
Autobuild-User(master): Ralph Böhme <s...@samba.org>
Autobuild-Date(master): Wed Jan 17 23:58:34 CET 2018 on sn-devel-144
(cherry picked from commit 3be1e68ce69f7ab8ac2cac97920c0e7f65b5ed6f)
commit d800e1cd81e575ecc61c5a14b127e8156a098257
Author: Volker Lendecke <v...@samba.org>
Date: Wed Jan 17 14:38:41 2018 +0100
pdb: Fix CID 1427620 Resource leak
It's not exactly a resource leak (we only really realloc if we shrink
dramatically), but assigning the result from tdb_realloc looks nicer.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13263
Signed-off-by: Volker Lendecke <v...@samba.org>
Reviewed-by: Ralph Boehme <s...@samba.org>
(cherry picked from commit 4e5c9427085f001941adaf761b18740a2e169240)
commit 4360d83f77aeb54d6124bbc50e34def4884dcf5a
Author: Volker Lendecke <v...@samba.org>
Date: Wed Jan 17 14:42:31 2018 +0100
winbind: Fix CID 1427626 Uninitialized scalar variable
Likely a false positive, but Coverity can't follow all the paths leading
to line 2030
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13263
Signed-off-by: Volker Lendecke <v...@samba.org>
Reviewed-by: Ralph Boehme <s...@samba.org>
(cherry picked from commit 92131d08987ac7c2fb219bf2e8300f3bc7b702f9)
commit 8ee283ab47ffed4ac1004c74ca200dc1e7bbff1e
Author: Volker Lendecke <v...@samba.org>
Date: Wed Jan 17 14:38:41 2018 +0100
pdb: Fix CID 1427624 Resource leak
It's not exactly a resource leak (we only really realloc if we shrink
dramatically), but assigning the result from tdb_realloc looks nicer.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13263
Signed-off-by: Volker Lendecke <v...@samba.org>
Reviewed-by: Ralph Boehme <s...@samba.org>
(cherry picked from commit e4f62d4e4b91395d46c99c2a5313b0536793cca7)
-----------------------------------------------------------------------
Summary of changes:
librpc/idl/messaging.idl | 2 +-
nsswitch/wbinfo.c | 13 +-
source3/auth/proto.h | 4 +
source3/auth/server_info.c | 56 +++
source3/passdb/pdb_samba_dsdb.c | 5 +-
source3/rpc_client/cli_lsarpc.c | 10 +-
source3/rpc_client/cli_lsarpc.h | 1 +
source3/rpc_client/cli_netlogon.c | 131 ++++++-
source3/rpc_client/cli_netlogon.h | 16 +
source3/rpc_client/util_netlogon.c | 171 +++++++++
source3/rpc_client/util_netlogon.h | 11 +
source3/winbindd/winbindd.h | 3 +-
source3/winbindd/winbindd_cm.c | 59 ++--
source3/winbindd/winbindd_dual.c | 7 +-
source3/winbindd/winbindd_dual_srv.c | 182 +++++++---
source3/winbindd/winbindd_msrpc.c | 63 +++-
source3/winbindd/winbindd_pam.c | 252 +++++++++-----
source3/winbindd/winbindd_pam_auth_crap.c | 106 +++---
source3/winbindd/winbindd_proto.h | 12 +-
source3/winbindd/winbindd_util.c | 556 ++++++++++++++----------------
source4/auth/ntlm/auth_winbind.c | 2 +-
source4/rpc_server/lsa/dcesrv_lsa.c | 28 +-
22 files changed, 1168 insertions(+), 522 deletions(-)
Changeset truncated at 500 lines:
diff --git a/librpc/idl/messaging.idl b/librpc/idl/messaging.idl
index 37f8fcc..b35f1e1 100644
--- a/librpc/idl/messaging.idl
+++ b/librpc/idl/messaging.idl
@@ -123,7 +123,7 @@ interface messaging
MSG_WINBIND_IP_DROPPED = 0x040A,
MSG_WINBIND_DOMAIN_ONLINE = 0x040B,
MSG_WINBIND_DOMAIN_OFFLINE = 0x040C,
- MSG_WINBIND_NEW_TRUSTED_DOMAIN = 0x040D,
+ MSG_WINBIND_RELOAD_TRUSTED_DOMAINS = 0x040D,
/* event messages */
MSG_DUMP_EVENT_LIST = 0x0500,
diff --git a/nsswitch/wbinfo.c b/nsswitch/wbinfo.c
index 54d5758..82863c2 100644
--- a/nsswitch/wbinfo.c
+++ b/nsswitch/wbinfo.c
@@ -1798,13 +1798,22 @@ static bool wbinfo_auth_crap(char *username, bool
use_ntlmv2, bool use_lanman)
if (use_ntlmv2) {
DATA_BLOB server_chal;
DATA_BLOB names_blob;
+ const char *netbios_name = NULL;
+ const char *domain = NULL;
+
+ netbios_name = get_winbind_netbios_name(),
+ domain = get_winbind_domain();
+ if (domain == NULL) {
+ d_fprintf(stderr, "Failed to get domain from
winbindd\n");
+ return false;
+ }
server_chal = data_blob(params.password.response.challenge, 8);
/* Pretend this is a login to 'us', for blob purposes */
names_blob = NTLMv2_generate_names_blob(NULL,
- get_winbind_netbios_name(),
- get_winbind_domain());
+ netbios_name,
+ domain);
if (pass != NULL &&
!SMBNTLMv2encrypt(NULL, name_user, name_domain, pass,
diff --git a/source3/auth/proto.h b/source3/auth/proto.h
index e774670..ca851c2 100644
--- a/source3/auth/proto.h
+++ b/source3/auth/proto.h
@@ -312,6 +312,10 @@ NTSTATUS serverinfo_to_SamInfo6(struct
auth_serversupplied_info *server_info,
NTSTATUS create_info3_from_pac_logon_info(TALLOC_CTX *mem_ctx,
const struct PAC_LOGON_INFO
*logon_info,
struct netr_SamInfo3 **pp_info3);
+NTSTATUS create_info6_from_pac(TALLOC_CTX *mem_ctx,
+ const struct PAC_LOGON_INFO *logon_info,
+ const struct PAC_UPN_DNS_INFO *upn_dns_info,
+ struct netr_SamInfo6 **pp_info6);
NTSTATUS samu_to_SamInfo3(TALLOC_CTX *mem_ctx,
struct samu *samu,
const char *login_server,
diff --git a/source3/auth/server_info.c b/source3/auth/server_info.c
index 7898175..339cce6 100644
--- a/source3/auth/server_info.c
+++ b/source3/auth/server_info.c
@@ -363,6 +363,62 @@ NTSTATUS create_info3_from_pac_logon_info(TALLOC_CTX
*mem_ctx,
}
/*
+ * Create a copy of an info6 struct from the PAC_UPN_DNS_INFO and
PAC_LOGON_INFO
+ * then merge resource SIDs, if any, into it. If successful return the created
+ * info6 struct.
+ */
+NTSTATUS create_info6_from_pac(TALLOC_CTX *mem_ctx,
+ const struct PAC_LOGON_INFO *logon_info,
+ const struct PAC_UPN_DNS_INFO *upn_dns_info,
+ struct netr_SamInfo6 **pp_info6)
+{
+ NTSTATUS status;
+ struct netr_SamInfo6 *info6 = NULL;
+ struct netr_SamInfo3 *info3 = NULL;
+
+ info6 = talloc_zero(mem_ctx, struct netr_SamInfo6);
+ if (info6 == NULL) {
+ return NT_STATUS_NO_MEMORY;
+ }
+
+ status = copy_netr_SamInfo3(info6,
+ &logon_info->info3,
+ &info3);
+ if (!NT_STATUS_IS_OK(status)) {
+ TALLOC_FREE(info6);
+ return status;
+ }
+
+ status = merge_resource_sids(logon_info, info3);
+ if (!NT_STATUS_IS_OK(status)) {
+ TALLOC_FREE(info6);
+ return status;
+ }
+
+ info6->base = info3->base;
+ info6->sids = info3->sids;
+ info6->sidcount = info3->sidcount;
+
+ if (upn_dns_info != NULL) {
+ info6->dns_domainname.string = talloc_strdup(info6,
+ upn_dns_info->dns_domain_name);
+ if (info6->dns_domainname.string == NULL) {
+ TALLOC_FREE(info6);
+ return NT_STATUS_NO_MEMORY;
+ }
+ info6->principal_name.string = talloc_strdup(info6,
+ upn_dns_info->upn_name);
+ if (info6->principal_name.string == NULL) {
+ TALLOC_FREE(info6);
+ return NT_STATUS_NO_MEMORY;
+ }
+ }
+
+ *pp_info6 = info6;
+ return NT_STATUS_OK;
+}
+
+/*
* Check if this is a "Unix Users" domain user, or a
* "Unix Groups" domain group, we need to handle it
* in a special way if that's the case.
diff --git a/source3/passdb/pdb_samba_dsdb.c b/source3/passdb/pdb_samba_dsdb.c
index 16a7a85..4e55a15 100644
--- a/source3/passdb/pdb_samba_dsdb.c
+++ b/source3/passdb/pdb_samba_dsdb.c
@@ -2959,7 +2959,7 @@ static NTSTATUS pdb_samba_dsdb_enum_trusteddoms(struct
pdb_methods *m,
domains[di++] = d;
}
- talloc_realloc(domains, domains, struct trustdom_info *, di);
+ domains = talloc_realloc(domains, domains, struct trustdom_info *, di);
*_domains = talloc_move(mem_ctx, &domains);
*_num_domains = di;
TALLOC_FREE(tmp_ctx);
@@ -3741,7 +3741,8 @@ static NTSTATUS
pdb_samba_dsdb_enum_trusted_domains(struct pdb_methods *m,
domains[di++] = d;
}
- talloc_realloc(domains, domains, struct pdb_trusted_domain *, di);
+ domains = talloc_realloc(domains, domains, struct pdb_trusted_domain *,
+ di);
*_domains = talloc_move(mem_ctx, &domains);
*_num_domains = di;
TALLOC_FREE(tmp_ctx);
diff --git a/source3/rpc_client/cli_lsarpc.c b/source3/rpc_client/cli_lsarpc.c
index 41c1ef4..65c6ca0 100644
--- a/source3/rpc_client/cli_lsarpc.c
+++ b/source3/rpc_client/cli_lsarpc.c
@@ -172,6 +172,7 @@ static NTSTATUS dcerpc_lsa_lookup_sids_noalloc(struct
dcerpc_binding_handle *h,
struct policy_handle *pol,
int num_sids,
const struct dom_sid *sids,
+ enum lsa_LookupNamesLevel level,
char **domains,
char **names,
enum lsa_SidType *types,
@@ -183,7 +184,6 @@ static NTSTATUS dcerpc_lsa_lookup_sids_noalloc(struct
dcerpc_binding_handle *h,
struct lsa_SidArray sid_array;
struct lsa_RefDomainList *ref_domains = NULL;
struct lsa_TransNameArray lsa_names;
- enum lsa_LookupNamesLevel level = LSA_LOOKUP_NAMES_ALL;
uint32_t count = 0;
int i;
@@ -348,6 +348,7 @@ NTSTATUS dcerpc_lsa_lookup_sids_generic(struct
dcerpc_binding_handle *h,
struct policy_handle *pol,
int num_sids,
const struct dom_sid *sids,
+ enum lsa_LookupNamesLevel level,
char ***pdomains,
char ***pnames,
enum lsa_SidType **ptypes,
@@ -414,6 +415,7 @@ NTSTATUS dcerpc_lsa_lookup_sids_generic(struct
dcerpc_binding_handle *h,
pol,
hunk_num_sids,
hunk_sids,
+ level,
hunk_domains,
hunk_names,
hunk_types,
@@ -489,11 +491,13 @@ NTSTATUS dcerpc_lsa_lookup_sids(struct
dcerpc_binding_handle *h,
enum lsa_SidType **ptypes,
NTSTATUS *result)
{
+ enum lsa_LookupNamesLevel level = LSA_LOOKUP_NAMES_ALL;
return dcerpc_lsa_lookup_sids_generic(h,
mem_ctx,
pol,
num_sids,
sids,
+ level,
pdomains,
pnames,
ptypes,
@@ -512,12 +516,14 @@ NTSTATUS rpccli_lsa_lookup_sids(struct rpc_pipe_client
*cli,
{
NTSTATUS status;
NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
+ enum lsa_LookupNamesLevel level = LSA_LOOKUP_NAMES_ALL;
status = dcerpc_lsa_lookup_sids_generic(cli->binding_handle,
mem_ctx,
pol,
num_sids,
sids,
+ level,
pdomains,
pnames,
ptypes,
@@ -540,11 +546,13 @@ NTSTATUS dcerpc_lsa_lookup_sids3(struct
dcerpc_binding_handle *h,
enum lsa_SidType **ptypes,
NTSTATUS *result)
{
+ enum lsa_LookupNamesLevel level = LSA_LOOKUP_NAMES_ALL;
return dcerpc_lsa_lookup_sids_generic(h,
mem_ctx,
pol,
num_sids,
sids,
+ level,
pdomains,
pnames,
ptypes,
diff --git a/source3/rpc_client/cli_lsarpc.h b/source3/rpc_client/cli_lsarpc.h
index 4f9464d..f716b04 100644
--- a/source3/rpc_client/cli_lsarpc.h
+++ b/source3/rpc_client/cli_lsarpc.h
@@ -130,6 +130,7 @@ NTSTATUS dcerpc_lsa_lookup_sids_generic(struct
dcerpc_binding_handle *h,
struct policy_handle *pol,
int num_sids,
const struct dom_sid *sids,
+ enum lsa_LookupNamesLevel level,
char ***pdomains,
char ***pnames,
enum lsa_SidType **ptypes,
diff --git a/source3/rpc_client/cli_netlogon.c
b/source3/rpc_client/cli_netlogon.c
index 800b995..2aa0f5e 100644
--- a/source3/rpc_client/cli_netlogon.c
+++ b/source3/rpc_client/cli_netlogon.c
@@ -490,7 +490,8 @@ NTSTATUS rpccli_netlogon_password_logon(
/* Initialise input parameters */
switch (logon_type) {
- case NetlogonInteractiveInformation: {
+ case NetlogonInteractiveInformation:
+ case NetlogonInteractiveTransitiveInformation: {
struct netr_PasswordInfo *password_info;
@@ -519,7 +520,8 @@ NTSTATUS rpccli_netlogon_password_logon(
break;
}
- case NetlogonNetworkInformation: {
+ case NetlogonNetworkInformation:
+ case NetlogonNetworkTransitiveInformation: {
struct netr_NetworkInfo *network_info;
uint8_t chal[8];
unsigned char local_lm_response[24];
@@ -608,6 +610,7 @@ NTSTATUS rpccli_netlogon_network_logon(
const uint8_t chal[8],
DATA_BLOB lm_response,
DATA_BLOB nt_response,
+ enum netr_LogonInfoClass logon_type,
uint8_t *authoritative,
uint32_t *flags,
uint16_t *_validation_level,
@@ -627,6 +630,16 @@ NTSTATUS rpccli_netlogon_network_logon(
ZERO_STRUCT(lm);
ZERO_STRUCT(nt);
+ switch (logon_type) {
+ case NetlogonNetworkInformation:
+ case NetlogonNetworkTransitiveInformation:
+ break;
+ default:
+ DEBUG(0, ("switch value %d not supported\n",
+ logon_type));
+ return NT_STATUS_INVALID_INFO_CLASS;
+ }
+
logon = talloc_zero(mem_ctx, union netr_LogonLevel);
if (!logon) {
return NT_STATUS_NO_MEMORY;
@@ -672,7 +685,117 @@ NTSTATUS rpccli_netlogon_network_logon(
status = netlogon_creds_cli_LogonSamLogon(creds_ctx,
binding_handle,
- NetlogonNetworkInformation,
+ logon_type,
+ logon,
+ mem_ctx,
+ &validation_level,
+ &validation,
+ authoritative,
+ flags);
+ if (!NT_STATUS_IS_OK(status)) {
+ return status;
+ }
+
+ *_validation_level = validation_level;
+ *_validation = validation;
+
+ return NT_STATUS_OK;
+}
+
+NTSTATUS rpccli_netlogon_interactive_logon(
+ struct netlogon_creds_cli_context *creds_ctx,
+ struct dcerpc_binding_handle *binding_handle,
+ TALLOC_CTX *mem_ctx,
+ uint32_t logon_parameters,
+ const char *username,
+ const char *domain,
+ const char *workstation,
+ DATA_BLOB lm_hash,
+ DATA_BLOB nt_hash,
+ enum netr_LogonInfoClass logon_type,
+ uint8_t *authoritative,
+ uint32_t *flags,
+ uint16_t *_validation_level,
+ union netr_Validation **_validation)
+{
+ TALLOC_CTX *frame = talloc_stackframe();
+ NTSTATUS status;
+ const char *workstation_name_slash;
+ union netr_LogonLevel *logon = NULL;
+ struct netr_PasswordInfo *password_info = NULL;
+ uint16_t validation_level = 0;
+ union netr_Validation *validation = NULL;
+ struct netr_ChallengeResponse lm;
+ struct netr_ChallengeResponse nt;
+
+ *_validation = NULL;
+
+ ZERO_STRUCT(lm);
+ ZERO_STRUCT(nt);
+
+ switch (logon_type) {
+ case NetlogonInteractiveInformation:
+ case NetlogonInteractiveTransitiveInformation:
+ break;
+ default:
+ DEBUG(0, ("switch value %d not supported\n",
+ logon_type));
+ TALLOC_FREE(frame);
+ return NT_STATUS_INVALID_INFO_CLASS;
+ }
+
+ logon = talloc_zero(mem_ctx, union netr_LogonLevel);
+ if (logon == NULL) {
+ TALLOC_FREE(frame);
+ return NT_STATUS_NO_MEMORY;
+ }
+
+ password_info = talloc_zero(logon, struct netr_PasswordInfo);
+ if (password_info == NULL) {
+ TALLOC_FREE(frame);
+ return NT_STATUS_NO_MEMORY;
+ }
+
+ if (workstation[0] != '\\' && workstation[1] != '\\') {
+ workstation_name_slash = talloc_asprintf(frame, "\\\\%s",
workstation);
+ } else {
+ workstation_name_slash = workstation;
+ }
+
+ if (workstation_name_slash == NULL) {
+ TALLOC_FREE(frame);
+ return NT_STATUS_NO_MEMORY;
+ }
+
+ /* Initialise input parameters */
+
+ password_info->identity_info.domain_name.string = domain;
+ password_info->identity_info.parameter_control =
logon_parameters;
+ password_info->identity_info.logon_id_low = 0xdead;
+ password_info->identity_info.logon_id_high = 0xbeef;
+ password_info->identity_info.account_name.string = username;
+ password_info->identity_info.workstation.string =
workstation_name_slash;
+
+ if (nt_hash.length != sizeof(password_info->ntpassword.hash)) {
+ TALLOC_FREE(frame);
+ return NT_STATUS_INVALID_PARAMETER;
+ }
+ memcpy(password_info->ntpassword.hash, nt_hash.data, nt_hash.length);
+ if (lm_hash.length != 0) {
+ if (lm_hash.length != sizeof(password_info->lmpassword.hash)) {
+ TALLOC_FREE(frame);
+ return NT_STATUS_INVALID_PARAMETER;
+ }
+ memcpy(password_info->lmpassword.hash, lm_hash.data,
lm_hash.length);
+ }
+
+ logon->password = password_info;
+
+ /* Marshall data and send request */
+
+ status = netlogon_creds_cli_LogonSamLogon(creds_ctx,
+ binding_handle,
+ logon_type,
logon,
mem_ctx,
&validation_level,
@@ -680,11 +803,13 @@ NTSTATUS rpccli_netlogon_network_logon(
authoritative,
flags);
if (!NT_STATUS_IS_OK(status)) {
+ TALLOC_FREE(frame);
return status;
}
*_validation_level = validation_level;
*_validation = validation;
+ TALLOC_FREE(frame);
return NT_STATUS_OK;
}
diff --git a/source3/rpc_client/cli_netlogon.h
b/source3/rpc_client/cli_netlogon.h
index d31bdee..d0232b5 100644
--- a/source3/rpc_client/cli_netlogon.h
+++ b/source3/rpc_client/cli_netlogon.h
@@ -84,6 +84,22 @@ NTSTATUS rpccli_netlogon_network_logon(
const uint8_t chal[8],
DATA_BLOB lm_response,
DATA_BLOB nt_response,
+ enum netr_LogonInfoClass logon_type,
+ uint8_t *authoritative,
+ uint32_t *flags,
+ uint16_t *_validation_level,
+ union netr_Validation **_validation);
+NTSTATUS rpccli_netlogon_interactive_logon(
+ struct netlogon_creds_cli_context *creds_ctx,
+ struct dcerpc_binding_handle *binding_handle,
+ TALLOC_CTX *mem_ctx,
+ uint32_t logon_parameters,
+ const char *username,
+ const char *domain,
+ const char *workstation,
+ DATA_BLOB lm_hash,
+ DATA_BLOB nt_hash,
+ enum netr_LogonInfoClass logon_type,
uint8_t *authoritative,
uint32_t *flags,
uint16_t *_validation_level,
diff --git a/source3/rpc_client/util_netlogon.c
b/source3/rpc_client/util_netlogon.c
index 15c769f..2d73bc9 100644
--- a/source3/rpc_client/util_netlogon.c
+++ b/source3/rpc_client/util_netlogon.c
@@ -190,6 +190,152 @@ NTSTATUS map_validation_to_info3(TALLOC_CTX *mem_ctx,
return NT_STATUS_OK;
}
+NTSTATUS copy_netr_SamInfo6(TALLOC_CTX *mem_ctx,
+ const struct netr_SamInfo6 *in,
+ struct netr_SamInfo6 **pout)
+{
+ struct netr_SamInfo6 *info6 = NULL;
+ unsigned int i;
+ NTSTATUS status = NT_STATUS_UNSUCCESSFUL;
+
+ info6 = talloc_zero(mem_ctx, struct netr_SamInfo6);
+ if (info6 == NULL) {
+ status = NT_STATUS_NO_MEMORY;
+ goto out;
+ }
+
+ status = copy_netr_SamBaseInfo(info6, &in->base, &info6->base);
+ if (!NT_STATUS_IS_OK(status)) {
+ goto out;
+ }
+
+ if (in->sidcount) {
+ info6->sidcount = in->sidcount;
+ info6->sids = talloc_array(info6, struct netr_SidAttr,
+ in->sidcount);
+ if (info6->sids == NULL) {
+ status = NT_STATUS_NO_MEMORY;
+ goto out;
+ }
+
+ for (i = 0; i < in->sidcount; i++) {
+ info6->sids[i].sid = dom_sid_dup(info6->sids,
+ in->sids[i].sid);
+ if (info6->sids[i].sid == NULL) {
+ status = NT_STATUS_NO_MEMORY;
+ goto out;
+ }
+ info6->sids[i].attributes = in->sids[i].attributes;
+ }
+ }
+
+ if (in->dns_domainname.string != NULL) {
+ info6->dns_domainname.string = talloc_strdup(info6,
+ in->dns_domainname.string);
+ if (info6->dns_domainname.string == NULL) {
+ status = NT_STATUS_NO_MEMORY;
+ goto out;
--
Samba Shared Repository
