svn commit: samba r13459 - in trunk/source: include rpc_parse rpc_server
Author: jra Date: 2006-02-11 05:36:29 + (Sat, 11 Feb 2006) New Revision: 13459 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=13459 Log: Add parsing functions - but stub internals for lookupnames3 and 4. Jeremy. Modified: trunk/source/include/rpc_lsa.h trunk/source/rpc_parse/parse_lsa.c trunk/source/rpc_server/srv_lsa.c trunk/source/rpc_server/srv_lsa_nt.c Changeset: Sorry, the patch is too large (549 lines) to include; please use WebSVN to see it! WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=13459
svn commit: samba r13458 - in branches/SAMBA_3_0/source: include rpc_parse rpc_server
Author: jra Date: 2006-02-11 05:36:27 + (Sat, 11 Feb 2006) New Revision: 13458 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=13458 Log: Add parsing functions - but stub internals for lookupnames3 and 4. Jeremy. Modified: branches/SAMBA_3_0/source/include/rpc_lsa.h branches/SAMBA_3_0/source/rpc_parse/parse_lsa.c branches/SAMBA_3_0/source/rpc_server/srv_lsa.c branches/SAMBA_3_0/source/rpc_server/srv_lsa_nt.c Changeset: Sorry, the patch is too large (549 lines) to include; please use WebSVN to see it! WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=13458
svn commit: samba r13457 - in trunk/source: include rpc_server
Author: jra Date: 2006-02-11 04:25:13 + (Sat, 11 Feb 2006) New Revision: 13457 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=13457 Log: Add lsa_lookup_names2. Jeremy. Modified: trunk/source/include/rpc_lsa.h trunk/source/rpc_server/srv_lsa.c trunk/source/rpc_server/srv_lsa_nt.c Changeset: Modified: trunk/source/include/rpc_lsa.h === --- trunk/source/include/rpc_lsa.h 2006-02-11 04:25:06 UTC (rev 13456) +++ trunk/source/include/rpc_lsa.h 2006-02-11 04:25:13 UTC (rev 13457) @@ -567,7 +567,7 @@ } LSA_Q_LOOKUP_NAMES2; -/* LSA_R_LOOKUP_NAMES - response to LSA Lookup NAMEs by name */ +/* LSA_R_LOOKUP_NAMES2 - response to LSA Lookup NAMEs by name 2 */ typedef struct lsa_r_lookup_names2 { uint32 ptr_dom_ref; Modified: trunk/source/rpc_server/srv_lsa.c === --- trunk/source/rpc_server/srv_lsa.c 2006-02-11 04:25:06 UTC (rev 13456) +++ trunk/source/rpc_server/srv_lsa.c 2006-02-11 04:25:13 UTC (rev 13457) @@ -976,6 +976,37 @@ return True; } +/*** + api_lsa_lookup_names2 + ***/ + +static BOOL api_lsa_lookup_names2(pipes_struct *p) +{ + LSA_Q_LOOKUP_NAMES2 q_u; + LSA_R_LOOKUP_NAMES2 r_u; + prs_struct *data = &p->in_data.data; + prs_struct *rdata = &p->out_data.rdata; + + ZERO_STRUCT(q_u); + ZERO_STRUCT(r_u); + + /* grab the info class and policy handle */ + if(!lsa_io_q_lookup_names2("", &q_u, data, 0)) { + DEBUG(0,("api_lsa_lookup_names2: failed to unmarshall LSA_Q_LOOKUP_NAMES2.\n")); + return False; + } + + r_u.status = _lsa_lookup_names2(p, &q_u, &r_u); + + /* store the response in the SMB stream */ + if(!lsa_io_r_lookup_names2("", &r_u, rdata, 0)) { + DEBUG(0,("api_lsa_lookup_names2: Failed to marshall LSA_R_LOOKUP_NAMES2.\n")); + return False; + } + + return True; +} + #if 0 /* AD DC work in ongoing in Samba 4 */ /*** @@ -1046,6 +1077,7 @@ { "LSA_SETSECRET" , LSA_SETSECRET , api_lsa_set_secret }, { "LSA_DELETEOBJECT", LSA_DELETEOBJECT, api_lsa_delete_object }, { "LSA_LOOKUPSIDS2" , LSA_LOOKUPSIDS2 , api_lsa_lookup_sids2 }, + { "LSA_LOOKUPNAMES2", LSA_LOOKUPNAMES2, api_lsa_lookup_names2 }, { "LSA_LOOKUPSIDS3" , LSA_LOOKUPSIDS3 , api_lsa_lookup_sids3 } #if 0 /* AD DC work in ongoing in Samba 4 */ /* be careful of the adding of new RPC's. See commentrs below about Modified: trunk/source/rpc_server/srv_lsa_nt.c === --- trunk/source/rpc_server/srv_lsa_nt.c2006-02-11 04:25:06 UTC (rev 13456) +++ trunk/source/rpc_server/srv_lsa_nt.c2006-02-11 04:25:13 UTC (rev 13457) @@ -225,6 +225,25 @@ } /*** + init_reply_lookup_names2 + ***/ + +static void init_reply_lookup_names2(LSA_R_LOOKUP_NAMES2 *r_l, +DOM_R_REF *ref, uint32 num_entries, +DOM_RID2 *rid, uint32 mapped_count) +{ + r_l->ptr_dom_ref = 1; + r_l->dom_ref = ref; + + r_l->num_entries = num_entries; + r_l->ptr_entries = 1; + r_l->num_entries2 = num_entries; + r_l->dom_rid = rid; + + r_l->mapped_count = mapped_count; +} + +/*** Init_reply_lookup_sids. ***/ @@ -939,6 +958,76 @@ } /*** +lsa_reply_lookup_names2 + ***/ + +NTSTATUS _lsa_lookup_names2(pipes_struct *p, LSA_Q_LOOKUP_NAMES2 *q_u, LSA_R_LOOKUP_NAMES2 *r_u) +{ + struct lsa_info *handle; + UNISTR2 *names = q_u->uni_name; + int num_entries = q_u->num_entries; + DOM_R_REF *ref; + DOM_RID *rids; + DOM_RID2 *rids2; + int i; + uint32 mapped_count = 0; + int flags = 0; + + if (num_entries > MAX_LOOKUP_SIDS) { + num_entries = MAX_LOOKUP_SIDS; + DEBUG(5,("_lsa_lookup_names: truncating name lookup list to %d\n", num_entries)); + } + + /* Probably the lookup_level is some sort of bitmask. */ + if (q_u->lookup_level == 1) { + flags = LOOKUP_NAME_ALL; + } + + ref = TALLOC_ZERO_P(p->mem_ctx, DOM_R_REF); + rids = T
svn commit: samba r13456 - in branches/SAMBA_3_0/source: include rpc_server
Author: jra Date: 2006-02-11 04:25:06 + (Sat, 11 Feb 2006) New Revision: 13456 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=13456 Log: Add lsa_lookup_names2. Jeremy. Modified: branches/SAMBA_3_0/source/include/rpc_lsa.h branches/SAMBA_3_0/source/rpc_server/srv_lsa.c branches/SAMBA_3_0/source/rpc_server/srv_lsa_nt.c Changeset: Modified: branches/SAMBA_3_0/source/include/rpc_lsa.h === --- branches/SAMBA_3_0/source/include/rpc_lsa.h 2006-02-11 02:46:41 UTC (rev 13455) +++ branches/SAMBA_3_0/source/include/rpc_lsa.h 2006-02-11 04:25:06 UTC (rev 13456) @@ -567,7 +567,7 @@ } LSA_Q_LOOKUP_NAMES2; -/* LSA_R_LOOKUP_NAMES - response to LSA Lookup NAMEs by name */ +/* LSA_R_LOOKUP_NAMES2 - response to LSA Lookup NAMEs by name 2 */ typedef struct lsa_r_lookup_names2 { uint32 ptr_dom_ref; Modified: branches/SAMBA_3_0/source/rpc_server/srv_lsa.c === --- branches/SAMBA_3_0/source/rpc_server/srv_lsa.c 2006-02-11 02:46:41 UTC (rev 13455) +++ branches/SAMBA_3_0/source/rpc_server/srv_lsa.c 2006-02-11 04:25:06 UTC (rev 13456) @@ -976,6 +976,37 @@ return True; } +/*** + api_lsa_lookup_names2 + ***/ + +static BOOL api_lsa_lookup_names2(pipes_struct *p) +{ + LSA_Q_LOOKUP_NAMES2 q_u; + LSA_R_LOOKUP_NAMES2 r_u; + prs_struct *data = &p->in_data.data; + prs_struct *rdata = &p->out_data.rdata; + + ZERO_STRUCT(q_u); + ZERO_STRUCT(r_u); + + /* grab the info class and policy handle */ + if(!lsa_io_q_lookup_names2("", &q_u, data, 0)) { + DEBUG(0,("api_lsa_lookup_names2: failed to unmarshall LSA_Q_LOOKUP_NAMES2.\n")); + return False; + } + + r_u.status = _lsa_lookup_names2(p, &q_u, &r_u); + + /* store the response in the SMB stream */ + if(!lsa_io_r_lookup_names2("", &r_u, rdata, 0)) { + DEBUG(0,("api_lsa_lookup_names2: Failed to marshall LSA_R_LOOKUP_NAMES2.\n")); + return False; + } + + return True; +} + #if 0 /* AD DC work in ongoing in Samba 4 */ /*** @@ -1046,6 +1077,7 @@ { "LSA_SETSECRET" , LSA_SETSECRET , api_lsa_set_secret }, { "LSA_DELETEOBJECT", LSA_DELETEOBJECT, api_lsa_delete_object }, { "LSA_LOOKUPSIDS2" , LSA_LOOKUPSIDS2 , api_lsa_lookup_sids2 }, + { "LSA_LOOKUPNAMES2", LSA_LOOKUPNAMES2, api_lsa_lookup_names2 }, { "LSA_LOOKUPSIDS3" , LSA_LOOKUPSIDS3 , api_lsa_lookup_sids3 } #if 0 /* AD DC work in ongoing in Samba 4 */ /* be careful of the adding of new RPC's. See commentrs below about Modified: branches/SAMBA_3_0/source/rpc_server/srv_lsa_nt.c === --- branches/SAMBA_3_0/source/rpc_server/srv_lsa_nt.c 2006-02-11 02:46:41 UTC (rev 13455) +++ branches/SAMBA_3_0/source/rpc_server/srv_lsa_nt.c 2006-02-11 04:25:06 UTC (rev 13456) @@ -225,6 +225,25 @@ } /*** + init_reply_lookup_names2 + ***/ + +static void init_reply_lookup_names2(LSA_R_LOOKUP_NAMES2 *r_l, +DOM_R_REF *ref, uint32 num_entries, +DOM_RID2 *rid, uint32 mapped_count) +{ + r_l->ptr_dom_ref = 1; + r_l->dom_ref = ref; + + r_l->num_entries = num_entries; + r_l->ptr_entries = 1; + r_l->num_entries2 = num_entries; + r_l->dom_rid = rid; + + r_l->mapped_count = mapped_count; +} + +/*** Init_reply_lookup_sids. ***/ @@ -939,6 +958,76 @@ } /*** +lsa_reply_lookup_names2 + ***/ + +NTSTATUS _lsa_lookup_names2(pipes_struct *p, LSA_Q_LOOKUP_NAMES2 *q_u, LSA_R_LOOKUP_NAMES2 *r_u) +{ + struct lsa_info *handle; + UNISTR2 *names = q_u->uni_name; + int num_entries = q_u->num_entries; + DOM_R_REF *ref; + DOM_RID *rids; + DOM_RID2 *rids2; + int i; + uint32 mapped_count = 0; + int flags = 0; + + if (num_entries > MAX_LOOKUP_SIDS) { + num_entries = MAX_LOOKUP_SIDS; + DEBUG(5,("_lsa_lookup_names: truncating name lookup list to %d\n", num_entries)); + } + + /* Probably the lookup_level is some sort of bitmask. */ + if (q
svn commit: samba r13455 - in branches/SAMBA_3_0/source: include rpc_parse rpc_server
Author: jra Date: 2006-02-11 02:46:41 + (Sat, 11 Feb 2006) New Revision: 13455 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=13455 Log: Prepare to add lookupnames2. Jeremy. Modified: branches/SAMBA_3_0/source/include/rpc_lsa.h branches/SAMBA_3_0/source/include/rpc_misc.h branches/SAMBA_3_0/source/rpc_parse/parse_lsa.c branches/SAMBA_3_0/source/rpc_parse/parse_misc.c branches/SAMBA_3_0/source/rpc_server/srv_lsa_nt.c Changeset: Sorry, the patch is too large (435 lines) to include; please use WebSVN to see it! WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=13455
svn commit: samba r13454 - in trunk/source: include rpc_parse rpc_server
Author: jra Date: 2006-02-11 02:46:39 + (Sat, 11 Feb 2006) New Revision: 13454 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=13454 Log: Prepare to add lookupnames2. Jeremy. Modified: trunk/source/include/rpc_lsa.h trunk/source/include/rpc_misc.h trunk/source/rpc_parse/parse_lsa.c trunk/source/rpc_parse/parse_misc.c trunk/source/rpc_server/srv_lsa_nt.c Changeset: Sorry, the patch is too large (435 lines) to include; please use WebSVN to see it! WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=13454
svn commit: samba r13453 - in branches/tmp/deryck-samba4-swat/source: . auth auth/credentials auth/gensec auth/ntlmssp build/m4 build/smb_build dsdb/samdb dsdb/samdb/ldb_modules gtk/man heimdal/lib/gs
Author: tpot Date: 2006-02-11 01:00:39 + (Sat, 11 Feb 2006) New Revision: 13453 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=13453 Log: Merge up to r13451 from branches/SAMBA_4_0/source. Added: branches/tmp/deryck-samba4-swat/source/gtk/man/gepdump.1.xml branches/tmp/deryck-samba4-swat/source/gtk/man/gwcrontab.1.xml branches/tmp/deryck-samba4-swat/source/ldap_server/devdocs/Index branches/tmp/deryck-samba4-swat/source/ldap_server/devdocs/ldapext-ldapv3-vlv-04.txt branches/tmp/deryck-samba4-swat/source/ldap_server/devdocs/rfc3296.txt branches/tmp/deryck-samba4-swat/source/lib/ldb/Doxyfile branches/tmp/deryck-samba4-swat/source/lib/ldb/examples.dox branches/tmp/deryck-samba4-swat/source/lib/ldb/mainpage.dox branches/tmp/deryck-samba4-swat/source/lib/ldb/man/oLschema2ldif.1.xml branches/tmp/deryck-samba4-swat/source/lib/ldb/modules/asq.c branches/tmp/deryck-samba4-swat/source/libcli/finddcs.c branches/tmp/deryck-samba4-swat/source/libnet/libnet_site.c branches/tmp/deryck-samba4-swat/source/libnet/libnet_site.h branches/tmp/deryck-samba4-swat/source/ntvfs/ipc/ipc.h branches/tmp/deryck-samba4-swat/source/ntvfs/ipc/np_echo.c branches/tmp/deryck-samba4-swat/source/script/tests/test_cifsdd.sh branches/tmp/deryck-samba4-swat/source/script/tests/test_smbclient.sh branches/tmp/deryck-samba4-swat/source/script/tests/tests_client.sh branches/tmp/deryck-samba4-swat/source/smbd/smbd.8.xml branches/tmp/deryck-samba4-swat/source/torture/nbt/browse.c branches/tmp/deryck-samba4-swat/source/utils/man/getntacl.1.xml Removed: branches/tmp/deryck-samba4-swat/source/auth/credentials/credentials_gensec.c branches/tmp/deryck-samba4-swat/source/gtk/man/gepdump.1.xml branches/tmp/deryck-samba4-swat/source/gtk/man/gwcrontab.1.xml branches/tmp/deryck-samba4-swat/source/lib/ldb/Doxyfile branches/tmp/deryck-samba4-swat/source/lib/ldb/examples.dox branches/tmp/deryck-samba4-swat/source/lib/ldb/mainpage.dox branches/tmp/deryck-samba4-swat/source/lib/ldb/man/oLschema2ldif.1.xml branches/tmp/deryck-samba4-swat/source/lib/ldb/modules/asq.c branches/tmp/deryck-samba4-swat/source/libcli/finddcs.c branches/tmp/deryck-samba4-swat/source/libnet/libnet_site.c branches/tmp/deryck-samba4-swat/source/libnet/libnet_site.h branches/tmp/deryck-samba4-swat/source/smbd/smbd.8.xml branches/tmp/deryck-samba4-swat/source/torture/rap/ branches/tmp/deryck-samba4-swat/source/utils/man/getntacl.1.xml Modified: branches/tmp/deryck-samba4-swat/source/auth/auth_sam.c branches/tmp/deryck-samba4-swat/source/auth/credentials/config.mk branches/tmp/deryck-samba4-swat/source/auth/credentials/credentials.c branches/tmp/deryck-samba4-swat/source/auth/credentials/credentials.h branches/tmp/deryck-samba4-swat/source/auth/credentials/credentials_ntlm.c branches/tmp/deryck-samba4-swat/source/auth/gensec/gensec.c branches/tmp/deryck-samba4-swat/source/auth/gensec/gensec.h branches/tmp/deryck-samba4-swat/source/auth/gensec/gensec_gssapi.c branches/tmp/deryck-samba4-swat/source/auth/gensec/gensec_krb5.c branches/tmp/deryck-samba4-swat/source/auth/gensec/schannel.c branches/tmp/deryck-samba4-swat/source/auth/gensec/schannel_sign.c branches/tmp/deryck-samba4-swat/source/auth/gensec/schannel_state.c branches/tmp/deryck-samba4-swat/source/auth/gensec/spnego.c branches/tmp/deryck-samba4-swat/source/auth/ntlmssp/ntlmssp.h branches/tmp/deryck-samba4-swat/source/auth/ntlmssp/ntlmssp_parse.c branches/tmp/deryck-samba4-swat/source/auth/ntlmssp/ntlmssp_server.c branches/tmp/deryck-samba4-swat/source/build/m4/check_cc.m4 branches/tmp/deryck-samba4-swat/source/build/m4/check_path.m4 branches/tmp/deryck-samba4-swat/source/build/m4/env.m4 branches/tmp/deryck-samba4-swat/source/build/m4/rewrite.m4 branches/tmp/deryck-samba4-swat/source/build/smb_build/makefile.pm branches/tmp/deryck-samba4-swat/source/dsdb/samdb/cracknames.c branches/tmp/deryck-samba4-swat/source/dsdb/samdb/ldb_modules/kludge_acl.c branches/tmp/deryck-samba4-swat/source/dsdb/samdb/ldb_modules/password_hash.c branches/tmp/deryck-samba4-swat/source/dsdb/samdb/ldb_modules/rootdse.c branches/tmp/deryck-samba4-swat/source/dsdb/samdb/ldb_modules/samldb.c branches/tmp/deryck-samba4-swat/source/dynconfig.c branches/tmp/deryck-samba4-swat/source/heimdal/lib/gssapi/init_sec_context.c branches/tmp/deryck-samba4-swat/source/include/debug.h branches/tmp/deryck-samba4-swat/source/include/dynconfig.h branches/tmp/deryck-samba4-swat/source/include/system/filesys.h branches/tmp/deryck-samba4-swat/source/kdc/hdb-ldb.c branches/tmp/deryck-samba4-swat/source/kdc/kdc.c branches/tmp/deryck-samba4-swat/source/ldap_server/ldap_bind.c branches/tmp/deryck-samba4-swat/source/lib/charset/charcnv.c branches/tmp/deryck-samba4-swat/source/lib/cmdline/popt_common.c branches/tmp/deryck-samba4-swat/source/lib/c
svn commit: samba r13452 - in trunk/source: . lib passdb
Author: vlendec Date: 2006-02-11 00:24:38 + (Sat, 11 Feb 2006) New Revision: 13452 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=13452 Log: Convert user_in_unix_group to use getgroups_unix_user(), don't list a whole group. -> Remove the second groupmember-listing function. Now the only one left is where we are explicitly asked by samr. Volker Removed: trunk/source/lib/util_getent.c Modified: trunk/source/Makefile.in trunk/source/lib/system_smbd.c trunk/source/lib/username.c trunk/source/passdb/pdb_interface.c Changeset: Sorry, the patch is too large (615 lines) to include; please use WebSVN to see it! WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=13452
svn commit: samba r13451 - branches/SAMBA_3_0/source/rpc_client trunk/source/rpc_client
Author: gd Date: 2006-02-11 00:08:57 + (Sat, 11 Feb 2006) New Revision: 13451 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=13451 Log: Fix build warning. Guenther Modified: branches/SAMBA_3_0/source/rpc_client/cli_samr.c trunk/source/rpc_client/cli_samr.c Changeset: Modified: branches/SAMBA_3_0/source/rpc_client/cli_samr.c === --- branches/SAMBA_3_0/source/rpc_client/cli_samr.c 2006-02-11 00:04:59 UTC (rev 13450) +++ branches/SAMBA_3_0/source/rpc_client/cli_samr.c 2006-02-11 00:08:57 UTC (rev 13451) @@ -1259,7 +1259,6 @@ prs_struct qbuf, rbuf; SAMR_Q_CHGPASSWD_USER3 q; SAMR_R_CHGPASSWD_USER3 r; - NTSTATUS result = NT_STATUS_UNSUCCESSFUL; uchar new_nt_password[516]; uchar new_lm_password[516]; @@ -1323,11 +1322,7 @@ /* Return output parameters */ - result = r.status; - - done: - - return result; + return r.status; } /* This function returns the bizzare set of (max_entries, max_size) required Modified: trunk/source/rpc_client/cli_samr.c === --- trunk/source/rpc_client/cli_samr.c 2006-02-11 00:04:59 UTC (rev 13450) +++ trunk/source/rpc_client/cli_samr.c 2006-02-11 00:08:57 UTC (rev 13451) @@ -1259,7 +1259,6 @@ prs_struct qbuf, rbuf; SAMR_Q_CHGPASSWD_USER3 q; SAMR_R_CHGPASSWD_USER3 r; - NTSTATUS result = NT_STATUS_UNSUCCESSFUL; uchar new_nt_password[516]; uchar new_lm_password[516]; @@ -1323,11 +1322,7 @@ /* Return output parameters */ - result = r.status; - - done: - - return result; + return r.status; } /* This function returns the bizzare set of (max_entries, max_size) required
svn commit: samba r13450 - in trunk/source: include rpc_server
Author: jra Date: 2006-02-11 00:04:59 + (Sat, 11 Feb 2006) New Revision: 13450 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=13450 Log: Ensure we don't crash if no dc struct on pipe. Jeremy. Modified: trunk/source/include/rpc_lsa.h trunk/source/rpc_server/srv_lsa_nt.c trunk/source/rpc_server/srv_netlog_nt.c Changeset: Modified: trunk/source/include/rpc_lsa.h === --- trunk/source/include/rpc_lsa.h 2006-02-11 00:04:39 UTC (rev 13449) +++ trunk/source/include/rpc_lsa.h 2006-02-11 00:04:59 UTC (rev 13450) @@ -78,7 +78,10 @@ #define LSA_OPENTRUSTDOMBYNAME 0x37 #define LSA_LOOKUPSIDS20x39 +#define LSA_LOOKUPNAMES2 0x3a +#define LSA_LOOKUPNAMES3 0x44 #define LSA_LOOKUPSIDS30x4c +#define LSA_LOOKUPNAMES4 0x4d /* these are here to get a compile! */ #define LSA_LOOKUPRIDS 0xFD Modified: trunk/source/rpc_server/srv_lsa_nt.c === --- trunk/source/rpc_server/srv_lsa_nt.c2006-02-11 00:04:39 UTC (rev 13449) +++ trunk/source/rpc_server/srv_lsa_nt.c2006-02-11 00:04:59 UTC (rev 13450) @@ -858,6 +858,11 @@ } /* No policy handle on this call. Restrict to crypto connections. */ + if (p->auth.auth_type != PIPE_AUTH_TYPE_SCHANNEL) { + DEBUG(0,("_lsa_lookup_sids3: client %s not using schannel for netlogon\n", + get_remote_machine_name() )); + return NT_STATUS_INVALID_PARAMETER; + } if (num_sids > MAX_LOOKUP_SIDS) { DEBUG(5,("_lsa_lookup_sids3: limit of %d exceeded, requested %d\n", Modified: trunk/source/rpc_server/srv_netlog_nt.c === --- trunk/source/rpc_server/srv_netlog_nt.c 2006-02-11 00:04:39 UTC (rev 13449) +++ trunk/source/rpc_server/srv_netlog_nt.c 2006-02-11 00:04:59 UTC (rev 13450) @@ -937,7 +937,7 @@ /* Only allow this if the pipe is protected. */ if (p->auth.auth_type != PIPE_AUTH_TYPE_SCHANNEL) { DEBUG(0,("_net_sam_logon_ex: client %s not using schannel for netlogon\n", - p->dc->remote_machine )); + get_remote_machine_name() )); return NT_STATUS_INVALID_PARAMETER; }
svn commit: samba r13449 - in branches/SAMBA_3_0/source: include rpc_server
Author: jra Date: 2006-02-11 00:04:39 + (Sat, 11 Feb 2006) New Revision: 13449 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=13449 Log: Ensure we don't crash if no dc struct on pipe. Jeremy. Modified: branches/SAMBA_3_0/source/include/rpc_lsa.h branches/SAMBA_3_0/source/rpc_server/srv_lsa_nt.c branches/SAMBA_3_0/source/rpc_server/srv_netlog_nt.c Changeset: Modified: branches/SAMBA_3_0/source/include/rpc_lsa.h === --- branches/SAMBA_3_0/source/include/rpc_lsa.h 2006-02-10 23:54:45 UTC (rev 13448) +++ branches/SAMBA_3_0/source/include/rpc_lsa.h 2006-02-11 00:04:39 UTC (rev 13449) @@ -78,7 +78,10 @@ #define LSA_OPENTRUSTDOMBYNAME 0x37 #define LSA_LOOKUPSIDS20x39 +#define LSA_LOOKUPNAMES2 0x3a +#define LSA_LOOKUPNAMES3 0x44 #define LSA_LOOKUPSIDS30x4c +#define LSA_LOOKUPNAMES4 0x4d /* these are here to get a compile! */ #define LSA_LOOKUPRIDS 0xFD Modified: branches/SAMBA_3_0/source/rpc_server/srv_lsa_nt.c === --- branches/SAMBA_3_0/source/rpc_server/srv_lsa_nt.c 2006-02-10 23:54:45 UTC (rev 13448) +++ branches/SAMBA_3_0/source/rpc_server/srv_lsa_nt.c 2006-02-11 00:04:39 UTC (rev 13449) @@ -858,6 +858,11 @@ } /* No policy handle on this call. Restrict to crypto connections. */ + if (p->auth.auth_type != PIPE_AUTH_TYPE_SCHANNEL) { + DEBUG(0,("_lsa_lookup_sids3: client %s not using schannel for netlogon\n", + get_remote_machine_name() )); + return NT_STATUS_INVALID_PARAMETER; + } if (num_sids > MAX_LOOKUP_SIDS) { DEBUG(5,("_lsa_lookup_sids3: limit of %d exceeded, requested %d\n", Modified: branches/SAMBA_3_0/source/rpc_server/srv_netlog_nt.c === --- branches/SAMBA_3_0/source/rpc_server/srv_netlog_nt.c2006-02-10 23:54:45 UTC (rev 13448) +++ branches/SAMBA_3_0/source/rpc_server/srv_netlog_nt.c2006-02-11 00:04:39 UTC (rev 13449) @@ -937,7 +937,7 @@ /* Only allow this if the pipe is protected. */ if (p->auth.auth_type != PIPE_AUTH_TYPE_SCHANNEL) { DEBUG(0,("_net_sam_logon_ex: client %s not using schannel for netlogon\n", - p->dc->remote_machine )); + get_remote_machine_name() )); return NT_STATUS_INVALID_PARAMETER; }
Build status as of Sat Feb 11 00:00:02 2006
URL: http://build.samba.org/ --- /home/build/master/cache/broken_results.txt.old 2006-02-10 00:01:23.0 + +++ /home/build/master/cache/broken_results.txt 2006-02-11 00:00:51.0 + @@ -1,17 +1,17 @@ -Build status as of Fri Feb 10 00:00:02 2006 +Build status as of Sat Feb 11 00:00:02 2006 Build counts: Tree Total Broken Panic ccache 6 2 0 distcc 8 2 0 lorikeet-heimdal 16 16 0 -ppp 16 0 0 +ppp 15 0 0 rsync31 4 0 samba2 0 0 samba-docs 0 0 0 -samba4 33 21 2 -samba_3_032 9 0 -smb-build23 4 0 +samba4 32 20 2 +samba_3_032 18 0 +smb-build20 4 0 talloc 29 11 0 tdb 4 1 0
svn commit: samba r13448 - branches/SAMBA_3_0/source/rpcclient trunk/source/rpcclient
Author: gd Date: 2006-02-10 23:54:45 + (Fri, 10 Feb 2006) New Revision: 13448 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=13448 Log: Fix the build (again). Guenther Modified: branches/SAMBA_3_0/source/rpcclient/cmd_samr.c trunk/source/rpcclient/cmd_samr.c Changeset: Modified: branches/SAMBA_3_0/source/rpcclient/cmd_samr.c === --- branches/SAMBA_3_0/source/rpcclient/cmd_samr.c 2006-02-10 23:52:53 UTC (rev 13447) +++ branches/SAMBA_3_0/source/rpcclient/cmd_samr.c 2006-02-10 23:54:45 UTC (rev 13448) @@ -2021,6 +2021,6 @@ { "getdompwinfo", RPC_RTYPE_NTSTATUS, cmd_samr_get_dom_pwinfo, NULL, PI_SAMR, NULL, "Retrieve domain password info", "" }, { "lookupdomain", RPC_RTYPE_NTSTATUS, cmd_samr_lookup_domain, NULL, PI_SAMR, NULL, "Lookup Domain Name", "" }, - { "chgpasswd3", RPC_RTYPE_NTSTATUS, cmd_samr_chgpasswd, NULL, PI_SAMR, NULL, "Change user password", "" }, + { "chgpasswd3", RPC_RTYPE_NTSTATUS, cmd_samr_chgpasswd3, NULL, PI_SAMR, NULL, "Change user password", "" }, { NULL } }; Modified: trunk/source/rpcclient/cmd_samr.c === --- trunk/source/rpcclient/cmd_samr.c 2006-02-10 23:52:53 UTC (rev 13447) +++ trunk/source/rpcclient/cmd_samr.c 2006-02-10 23:54:45 UTC (rev 13448) @@ -2021,6 +2021,6 @@ { "getdompwinfo", RPC_RTYPE_NTSTATUS, cmd_samr_get_dom_pwinfo, NULL, PI_SAMR, NULL, "Retrieve domain password info", "" }, { "lookupdomain", RPC_RTYPE_NTSTATUS, cmd_samr_lookup_domain, NULL, PI_SAMR, NULL, "Lookup Domain Name", "" }, - { "chgpasswd3", RPC_RTYPE_NTSTATUS, cmd_samr_chgpasswd, NULL, PI_SAMR, NULL, "Change user password", "" }, + { "chgpasswd3", RPC_RTYPE_NTSTATUS, cmd_samr_chgpasswd3, NULL, PI_SAMR, NULL, "Change user password", "" }, { NULL } };
svn commit: samba r13447 - in branches/SAMBA_3_0/source: include rpc_parse rpc_server
Author: jra Date: 2006-02-10 23:52:53 + (Fri, 10 Feb 2006) New Revision: 13447 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=13447 Log: Added LSA_LOOKUPSIDS2 and LSA_LOOKUPSIDS3. Jeremy. Modified: branches/SAMBA_3_0/source/include/rpc_lsa.h branches/SAMBA_3_0/source/rpc_parse/parse_lsa.c branches/SAMBA_3_0/source/rpc_server/srv_lsa.c branches/SAMBA_3_0/source/rpc_server/srv_lsa_nt.c branches/SAMBA_3_0/source/rpc_server/srv_netlog_nt.c Changeset: Sorry, the patch is too large (935 lines) to include; please use WebSVN to see it! WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=13447
svn commit: samba r13446 - in trunk/source: include rpc_parse rpc_server
Author: jra Date: 2006-02-10 23:52:51 + (Fri, 10 Feb 2006) New Revision: 13446 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=13446 Log: Added LSA_LOOKUPSIDS2 and LSA_LOOKUPSIDS3. Jeremy. Modified: trunk/source/include/rpc_lsa.h trunk/source/rpc_parse/parse_lsa.c trunk/source/rpc_server/srv_lsa.c trunk/source/rpc_server/srv_lsa_nt.c trunk/source/rpc_server/srv_netlog_nt.c Changeset: Sorry, the patch is too large (935 lines) to include; please use WebSVN to see it! WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=13446
svn commit: samba r13445 - branches/SAMBA_3_0/source/rpc_parse trunk/source/rpc_parse
Author: gd Date: 2006-02-10 23:49:52 + (Fri, 10 Feb 2006) New Revision: 13445 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=13445 Log: We already made the decision whether to include the dominfo and changereject. Guenther Modified: branches/SAMBA_3_0/source/rpc_parse/parse_samr.c trunk/source/rpc_parse/parse_samr.c Changeset: Modified: branches/SAMBA_3_0/source/rpc_parse/parse_samr.c === --- branches/SAMBA_3_0/source/rpc_parse/parse_samr.c2006-02-10 23:41:41 UTC (rev 13444) +++ branches/SAMBA_3_0/source/rpc_parse/parse_samr.c2006-02-10 23:49:52 UTC (rev 13445) @@ -7422,16 +7422,14 @@ r_u->reject = 0; r_u->ptr_reject = 0; - if (NT_STATUS_EQUAL(r_u->status, NT_STATUS_PASSWORD_RESTRICTION)) { - if (info) { - r_u->info = info; - r_u->ptr_info = 1; - } - if (reject) { - r_u->reject = reject; - r_u->ptr_reject = 1; - } + if (info) { + r_u->info = info; + r_u->ptr_info = 1; } + if (reject && (reject->reject_reason != Undefined)) { + r_u->reject = reject; + r_u->ptr_reject = 1; + } } /*** Modified: trunk/source/rpc_parse/parse_samr.c === --- trunk/source/rpc_parse/parse_samr.c 2006-02-10 23:41:41 UTC (rev 13444) +++ trunk/source/rpc_parse/parse_samr.c 2006-02-10 23:49:52 UTC (rev 13445) @@ -7422,16 +7422,14 @@ r_u->reject = 0; r_u->ptr_reject = 0; - if (NT_STATUS_EQUAL(r_u->status, NT_STATUS_PASSWORD_RESTRICTION)) { - if (info) { - r_u->info = info; - r_u->ptr_info = 1; - } - if (reject) { - r_u->reject = reject; - r_u->ptr_reject = 1; - } + if (info) { + r_u->info = info; + r_u->ptr_info = 1; } + if (reject && (reject->reject_reason != Undefined)) { + r_u->reject = reject; + r_u->ptr_reject = 1; + } } /***
svn commit: samba r13444 - branches/SAMBA_3_0/source/include branches/SAMBA_3_0/source/rpc_server branches/SAMBA_3_0/source/smbd trunk/source/include trunk/source/rpc_server trunk/source/smbd
Author: gd Date: 2006-02-10 23:41:41 + (Fri, 10 Feb 2006) New Revision: 13444 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=13444 Log: Add REJECT_REASON_OTHER for samr_chgpasswd_user3 Guenther Modified: branches/SAMBA_3_0/source/include/rpc_samr.h branches/SAMBA_3_0/source/rpc_server/srv_samr_nt.c branches/SAMBA_3_0/source/smbd/chgpasswd.c trunk/source/include/rpc_samr.h trunk/source/rpc_server/srv_samr_nt.c trunk/source/smbd/chgpasswd.c Changeset: Modified: branches/SAMBA_3_0/source/include/rpc_samr.h === --- branches/SAMBA_3_0/source/include/rpc_samr.h2006-02-10 23:23:10 UTC (rev 13443) +++ branches/SAMBA_3_0/source/include/rpc_samr.h2006-02-10 23:41:41 UTC (rev 13444) @@ -1848,6 +1848,7 @@ } SAMR_Q_CHGPASSWD_USER3; +#define REJECT_REASON_OTHER0x #define REJECT_REASON_TOO_SHORT0x0001 #define REJECT_REASON_IN_HISTORY 0x0002 #define REJECT_REASON_NOT_COMPLEX 0x0005 Modified: branches/SAMBA_3_0/source/rpc_server/srv_samr_nt.c === --- branches/SAMBA_3_0/source/rpc_server/srv_samr_nt.c 2006-02-10 23:23:10 UTC (rev 13443) +++ branches/SAMBA_3_0/source/rpc_server/srv_samr_nt.c 2006-02-10 23:41:41 UTC (rev 13444) @@ -1505,7 +1505,8 @@ r_u->status = pass_oem_change(user_name, q_u->lm_newpass.pass, q_u->lm_oldhash.hash, q_u->nt_newpass.pass, q_u->nt_oldhash.hash, &reject_reason); - if (NT_STATUS_EQUAL(r_u->status, NT_STATUS_PASSWORD_RESTRICTION)) { + if (NT_STATUS_EQUAL(r_u->status, NT_STATUS_PASSWORD_RESTRICTION) || + NT_STATUS_EQUAL(r_u->status, NT_STATUS_ACCOUNT_RESTRICTION)) { uint32 min_pass_len,pass_hist,password_properties; time_t u_expire, u_min_age; Modified: branches/SAMBA_3_0/source/smbd/chgpasswd.c === --- branches/SAMBA_3_0/source/smbd/chgpasswd.c 2006-02-10 23:23:10 UTC (rev 13443) +++ branches/SAMBA_3_0/source/smbd/chgpasswd.c 2006-02-10 23:41:41 UTC (rev 13444) @@ -1016,6 +1016,10 @@ time_t last_change_time = pdb_get_pass_last_set_time(hnd); time_t can_change_time = pdb_get_pass_can_change_time(hnd); + if (samr_reject_reason) { + *samr_reject_reason = Undefined; + } + if (pdb_get_account_policy(AP_MIN_PASSWORD_AGE, &min_age)) { /* * Windows calculates the minimum password age check @@ -1026,6 +1030,9 @@ DEBUG(1, ("user %s cannot change password now, must " "wait until %s\n", username, http_timestring(last_change_time+min_age))); + if (samr_reject_reason) { + *samr_reject_reason = REJECT_REASON_OTHER; + } return NT_STATUS_ACCOUNT_RESTRICTION; } } else { @@ -1033,6 +1040,9 @@ DEBUG(1, ("user %s cannot change password now, must " "wait until %s\n", username, http_timestring(can_change_time))); + if (samr_reject_reason) { + *samr_reject_reason = REJECT_REASON_OTHER; + } return NT_STATUS_ACCOUNT_RESTRICTION; } } Modified: trunk/source/include/rpc_samr.h === --- trunk/source/include/rpc_samr.h 2006-02-10 23:23:10 UTC (rev 13443) +++ trunk/source/include/rpc_samr.h 2006-02-10 23:41:41 UTC (rev 13444) @@ -1848,6 +1848,7 @@ } SAMR_Q_CHGPASSWD_USER3; +#define REJECT_REASON_OTHER0x #define REJECT_REASON_TOO_SHORT0x0001 #define REJECT_REASON_IN_HISTORY 0x0002 #define REJECT_REASON_NOT_COMPLEX 0x0005 Modified: trunk/source/rpc_server/srv_samr_nt.c === --- trunk/source/rpc_server/srv_samr_nt.c 2006-02-10 23:23:10 UTC (rev 13443) +++ trunk/source/rpc_server/srv_samr_nt.c 2006-02-10 23:41:41 UTC (rev 13444) @@ -1505,7 +1505,8 @@ r_u->status = pass_oem_change(user_name, q_u->lm_newpass.pass, q_u->lm_oldhash.hash, q_u->nt_newpass.pass, q_u->nt_oldhash.hash, &reject_reason); - if (NT_STATUS_EQUAL(r_u->status, NT_STATUS_PASSWORD_RESTRICTION)) { + if (NT_STATUS_EQUAL(r_u->status, NT_STATUS_PASSWORD_RESTRICTION) || + NT_STATUS_EQUAL(r_u->status, NT_STATUS_ACCOUNT_RESTRICTION)) { uint32 min_pass_len,pass_hist,password_properties; time_t u_expire, u_min_a
svn commit: samba r13443 - branches/SAMBA_3_0/source/smbd trunk/source/smbd
Author: gd Date: 2006-02-10 23:23:10 + (Fri, 10 Feb 2006) New Revision: 13443 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=13443 Log: Fix the build. Guenther Modified: branches/SAMBA_3_0/source/smbd/lanman.c trunk/source/smbd/lanman.c Changeset: Modified: branches/SAMBA_3_0/source/smbd/lanman.c === --- branches/SAMBA_3_0/source/smbd/lanman.c 2006-02-10 23:09:00 UTC (rev 13442) +++ branches/SAMBA_3_0/source/smbd/lanman.c 2006-02-10 23:23:10 UTC (rev 13443) @@ -2214,7 +2214,7 @@ if (NT_STATUS_IS_OK(check_plaintext_password(user,password,&server_info))) { become_root(); - if (NT_STATUS_IS_OK(change_oem_password(server_info->sam_account, pass1, pass2, False))) { + if (NT_STATUS_IS_OK(change_oem_password(server_info->sam_account, pass1, pass2, False, NULL))) { SSVAL(*rparam,0,NERR_Success); } unbecome_root(); @@ -2297,7 +2297,7 @@ (void)map_username(user); - if (NT_STATUS_IS_OK(pass_oem_change(user, (uchar*) data, (uchar *)&data[516], NULL, NULL))) { + if (NT_STATUS_IS_OK(pass_oem_change(user, (uchar*) data, (uchar *)&data[516], NULL, NULL, NULL))) { SSVAL(*rparam,0,NERR_Success); } Modified: trunk/source/smbd/lanman.c === --- trunk/source/smbd/lanman.c 2006-02-10 23:09:00 UTC (rev 13442) +++ trunk/source/smbd/lanman.c 2006-02-10 23:23:10 UTC (rev 13443) @@ -2214,7 +2214,7 @@ if (NT_STATUS_IS_OK(check_plaintext_password(user,password,&server_info))) { become_root(); - if (NT_STATUS_IS_OK(change_oem_password(server_info->sam_account, pass1, pass2, False))) { + if (NT_STATUS_IS_OK(change_oem_password(server_info->sam_account, pass1, pass2, False, NULL))) { SSVAL(*rparam,0,NERR_Success); } unbecome_root(); @@ -2297,7 +2297,7 @@ (void)map_username(user); - if (NT_STATUS_IS_OK(pass_oem_change(user, (uchar*) data, (uchar *)&data[516], NULL, NULL))) { + if (NT_STATUS_IS_OK(pass_oem_change(user, (uchar*) data, (uchar *)&data[516], NULL, NULL, NULL))) { SSVAL(*rparam,0,NERR_Success); }
svn commit: samba r13442 - branches/SAMBA_3_0/source/include branches/SAMBA_3_0/source/nsswitch branches/SAMBA_3_0/source/rpc_client branches/SAMBA_3_0/source/rpc_parse branches/SAMBA_3_0/source/rpc_s
Author: gd Date: 2006-02-10 23:09:00 + (Fri, 10 Feb 2006) New Revision: 13442 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=13442 Log: Implement samr_chgpasswd_user3 server-side. Guenther Modified: branches/SAMBA_3_0/source/include/rpc_samr.h branches/SAMBA_3_0/source/nsswitch/winbindd_pam.c branches/SAMBA_3_0/source/rpc_client/cli_samr.c branches/SAMBA_3_0/source/rpc_parse/parse_samr.c branches/SAMBA_3_0/source/rpc_server/srv_samr.c branches/SAMBA_3_0/source/rpc_server/srv_samr_nt.c branches/SAMBA_3_0/source/rpcclient/cmd_samr.c branches/SAMBA_3_0/source/smbd/chgpasswd.c trunk/source/include/rpc_samr.h trunk/source/nsswitch/winbindd_pam.c trunk/source/rpc_client/cli_samr.c trunk/source/rpc_parse/parse_samr.c trunk/source/rpc_server/srv_samr.c trunk/source/rpc_server/srv_samr_nt.c trunk/source/rpcclient/cmd_samr.c trunk/source/smbd/chgpasswd.c Changeset: Sorry, the patch is too large (1369 lines) to include; please use WebSVN to see it! WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=13442
svn commit: samba r13441 - in trunk/source: auth lib smbd
Author: vlendec Date: 2006-02-10 23:00:35 + (Fri, 10 Feb 2006) New Revision: 13441 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=13441 Log: For the well-known reasons user_in_group is broken (winbind can't always reliably tell). Replace two uses by an appropriate check going via create_token_from_username. Sounds expensive and probably is, but user_in_group is potentially much more expensive as it lists all group members and checks for membership. Potentially even much more expensive. The change in auth_sam is for the "+" in the list of allowed workstations. This only makes sense on for workstations defined locally anyway, thus unix_in_group->unix_in_user_group. Volker Modified: trunk/source/auth/auth_sam.c trunk/source/auth/auth_util.c trunk/source/lib/username.c trunk/source/smbd/posix_acls.c trunk/source/smbd/service.c Changeset: Modified: trunk/source/auth/auth_sam.c === --- trunk/source/auth/auth_sam.c2006-02-10 21:16:30 UTC (rev 13440) +++ trunk/source/auth/auth_sam.c2006-02-10 23:00:35 UTC (rev 13441) @@ -192,7 +192,7 @@ if (tok[0] == '+') { DEBUG(10,("sam_account_ok: checking for workstation %s in group: %s\n", machine_name, tok + 1)); - if (user_in_group(machine_name, tok + 1)) { + if (user_in_unix_group(machine_name, tok + 1)) { invalid_ws = False; break; } Modified: trunk/source/auth/auth_util.c === --- trunk/source/auth/auth_util.c 2006-02-10 21:16:30 UTC (rev 13440) +++ trunk/source/auth/auth_util.c 2006-02-10 23:00:35 UTC (rev 13441) @@ -1021,6 +1021,46 @@ } /*** + Build upon create_token_from_username: + + Expensive helper function to figure out whether a user given its name is + member of a particular group. + + (Justification: Before this function existed, the callers of this function + called user_in_group() which was potentially even more expensive as + it lists all group members which can be *huge* -- vl ) + +***/ +BOOL username_in_group(const char *username, const DOM_SID *group_sid) +{ + NTSTATUS status; + uid_t uid; + gid_t gid; + char *found_username; + struct nt_user_token *token; + BOOL result; + + TALLOC_CTX *mem_ctx; + + mem_ctx = talloc_new(NULL); + if (mem_ctx == NULL) { + DEBUG(0, ("talloc_new failed\n")); + return False; + } + + status = create_token_from_username(mem_ctx, username, False, + &uid, &gid, &found_username, + &token); + + result = nt_token_check_sid(group_sid, token); + + talloc_free(mem_ctx); + return result; + +} + + +/*** Make (and fill) a user_info struct from a Kerberos PAC logon_info by conversion to a SAM_ACCOUNT ***/ Modified: trunk/source/lib/username.c === --- trunk/source/lib/username.c 2006-02-10 21:16:30 UTC (rev 13440) +++ trunk/source/lib/username.c 2006-02-10 23:00:35 UTC (rev 13441) @@ -529,7 +529,7 @@ Check if a user is in a group list. Ask winbind first, then use UNIX. / -BOOL user_in_group(const char *user, const char *gname) +static BOOL user_in_group(const char *user, const char *gname) { BOOL winbind_answered = False; BOOL ret; Modified: trunk/source/smbd/posix_acls.c === --- trunk/source/smbd/posix_acls.c 2006-02-10 21:16:30 UTC (rev 13440) +++ trunk/source/smbd/posix_acls.c 2006-02-10 23:00:35 UTC (rev 13441) @@ -1015,7 +1015,6 @@ static BOOL uid_entry_in_group( canon_ace *uid_ace, canon_ace *group_ace ) { fstring u_name; - fstring g_name; /* "Everyone" always matches every uid. */ @@ -1028,14 +1027,7 @@ return True; fstrcpy(u_name, uidtoname(uid_ace->unix_ug.uid)); - fstrcpy(g_name, gidtoname(group_ace->unix_ug.gid)); - - /* -* Due to the winbind interfaces we need to do this via names, -* not uids/gids. -*/ - - return user_in_group(u_name, g_name); + return username_in_group(u_name, &group_ace->trustee); } /**
svn commit: samba r13440 - in trunk/source/rpc_server: .
Author: vlendec Date: 2006-02-10 21:16:30 + (Fri, 10 Feb 2006) New Revision: 13440 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=13440 Log: Substitute one of our three (!) routines to get a group's members. This particular incarnation was just to count the group members for query_group_info level 1. Volker Modified: trunk/source/rpc_server/srv_samr_nt.c Changeset: Modified: trunk/source/rpc_server/srv_samr_nt.c === --- trunk/source/rpc_server/srv_samr_nt.c 2006-02-10 19:16:50 UTC (rev 13439) +++ trunk/source/rpc_server/srv_samr_nt.c 2006-02-10 21:16:30 UTC (rev 13440) @@ -3621,70 +3621,6 @@ return NT_STATUS_OK; } -static void add_uid_to_array_unique(uid_t uid, uid_t **uids, int *num) -{ - int i; - - for (i=0; i<*num; i++) { - if ((*uids)[i] == uid) - return; - } - - *uids = SMB_REALLOC_ARRAY(*uids, uid_t, *num+1); - - if (*uids == NULL) - return; - - (*uids)[*num] = uid; - *num += 1; -} - - -static BOOL get_memberuids(gid_t gid, uid_t **uids, int *num) -{ - struct group *grp; - char **gr; - struct sys_pwent *userlist, *user; - - *uids = NULL; - *num = 0; - - /* We only look at our own sam, so don't care about imported stuff */ - - winbind_off(); - - if ((grp = getgrgid(gid)) == NULL) { - winbind_on(); - return False; - } - - /* Primary group members */ - - userlist = getpwent_list(); - - for (user = userlist; user != NULL; user = user->next) { - if (user->pw_gid != gid) - continue; - add_uid_to_array_unique(user->pw_uid, uids, num); - } - - pwent_free(userlist); - - /* Secondary group members */ - - for (gr = grp->gr_mem; (*gr != NULL) && ((*gr)[0] != '\0'); gr += 1) { - struct passwd *pw = getpwnam(*gr); - - if (pw == NULL) - continue; - add_uid_to_array_unique(pw->pw_uid, uids, num); - } - - winbind_on(); - - return True; -} - /* _samr_query_groupmem */ @@ -4476,9 +4412,6 @@ { DOM_SID group_sid; GROUP_MAP map; - DOM_SID *sids=NULL; - uid_t *uids; - int num=0; GROUP_INFO_CTR *ctr; uint32 acc_granted; BOOL ret; @@ -4501,14 +4434,25 @@ return NT_STATUS_NO_MEMORY; switch (q_u->switch_level) { - case 1: + case 1: { + uint32 *members; + size_t num_members; + ctr->switch_value1 = 1; - if(!get_memberuids(map.gid, &uids, &num)) - return NT_STATUS_NO_SUCH_GROUP; - SAFE_FREE(uids); - init_samr_group_info1(&ctr->group.info1, map.nt_name, map.comment, num); - SAFE_FREE(sids); + + become_root(); + r_u->status = pdb_enum_group_members( + p->mem_ctx, &group_sid, &members, &num_members); + unbecome_root(); + + if (!NT_STATUS_IS_OK(r_u->status)) { + return r_u->status; + } + + init_samr_group_info1(&ctr->group.info1, map.nt_name, + map.comment, num_members); break; + } case 3: ctr->switch_value1 = 3; init_samr_group_info3(&ctr->group.info3);
svn commit: samba r13439 - in branches/SAMBA_3_0/source: include rpc_parse rpc_server
Author: jra Date: 2006-02-10 19:16:50 + (Fri, 10 Feb 2006) New Revision: 13439 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=13439 Log: Fix NET_SAM_LOGON_EX. Jeremy. Modified: branches/SAMBA_3_0/source/include/rpc_netlogon.h branches/SAMBA_3_0/source/rpc_parse/parse_misc.c branches/SAMBA_3_0/source/rpc_parse/parse_net.c branches/SAMBA_3_0/source/rpc_server/srv_netlog_nt.c Changeset: Modified: branches/SAMBA_3_0/source/include/rpc_netlogon.h === --- branches/SAMBA_3_0/source/include/rpc_netlogon.h2006-02-10 19:16:48 UTC (rev 13438) +++ branches/SAMBA_3_0/source/include/rpc_netlogon.h2006-02-10 19:16:50 UTC (rev 13439) @@ -574,7 +574,7 @@ /* SAM_INFO - sam logon/off id structure - no creds */ typedef struct sam_info_ex { - DOM_CLNT_INFO2 client; + DOM_CLNT_SRVclient; uint16 logon_level; NET_ID_INFO_CTR *ctr; } DOM_SAM_INFO_EX; Modified: branches/SAMBA_3_0/source/rpc_parse/parse_misc.c === --- branches/SAMBA_3_0/source/rpc_parse/parse_misc.c2006-02-10 19:16:48 UTC (rev 13438) +++ branches/SAMBA_3_0/source/rpc_parse/parse_misc.c2006-02-10 19:16:50 UTC (rev 13439) @@ -1368,7 +1368,7 @@ Inits or writes a DOM_CLNT_SRV structure. / -static BOOL smb_io_clnt_srv(const char *desc, DOM_CLNT_SRV *logcln, prs_struct *ps, int depth) +BOOL smb_io_clnt_srv(const char *desc, DOM_CLNT_SRV *logcln, prs_struct *ps, int depth) { if (logcln == NULL) return False; Modified: branches/SAMBA_3_0/source/rpc_parse/parse_net.c === --- branches/SAMBA_3_0/source/rpc_parse/parse_net.c 2006-02-10 19:16:48 UTC (rev 13438) +++ branches/SAMBA_3_0/source/rpc_parse/parse_net.c 2006-02-10 19:16:50 UTC (rev 13439) @@ -1381,7 +1381,7 @@ if(!prs_align(ps)) return False; - if(!smb_io_clnt_info2("", &sam->client, ps, depth)) + if(!smb_io_clnt_srv("", &sam->client, ps, depth)) return False; if(!prs_uint16("logon_level ", ps, depth, &sam->logon_level)) Modified: branches/SAMBA_3_0/source/rpc_server/srv_netlog_nt.c === --- branches/SAMBA_3_0/source/rpc_server/srv_netlog_nt.c2006-02-10 19:16:48 UTC (rev 13438) +++ branches/SAMBA_3_0/source/rpc_server/srv_netlog_nt.c2006-02-10 19:16:50 UTC (rev 13439) @@ -941,6 +941,7 @@ q.validation_level = q_u->validation_level; /* Map a DOM_SAM_INFO_EX into a DOM_SAM_INFO with no creds. */ + q.sam_id.client.login = q_u->sam_id.client; q.sam_id.logon_level = q_u->sam_id.logon_level; q.sam_id.ctr = q_u->sam_id.ctr;
svn commit: samba r13438 - in trunk/source: include rpc_parse rpc_server
Author: jra Date: 2006-02-10 19:16:48 + (Fri, 10 Feb 2006) New Revision: 13438 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=13438 Log: Fix NET_SAM_LOGON_EX. Jeremy. Modified: trunk/source/include/rpc_netlogon.h trunk/source/rpc_parse/parse_misc.c trunk/source/rpc_parse/parse_net.c trunk/source/rpc_server/srv_netlog_nt.c Changeset: Modified: trunk/source/include/rpc_netlogon.h === --- trunk/source/include/rpc_netlogon.h 2006-02-10 18:51:20 UTC (rev 13437) +++ trunk/source/include/rpc_netlogon.h 2006-02-10 19:16:48 UTC (rev 13438) @@ -574,7 +574,7 @@ /* SAM_INFO - sam logon/off id structure - no creds */ typedef struct sam_info_ex { - DOM_CLNT_INFO2 client; + DOM_CLNT_SRVclient; uint16 logon_level; NET_ID_INFO_CTR *ctr; } DOM_SAM_INFO_EX; Modified: trunk/source/rpc_parse/parse_misc.c === --- trunk/source/rpc_parse/parse_misc.c 2006-02-10 18:51:20 UTC (rev 13437) +++ trunk/source/rpc_parse/parse_misc.c 2006-02-10 19:16:48 UTC (rev 13438) @@ -1368,7 +1368,7 @@ Inits or writes a DOM_CLNT_SRV structure. / -static BOOL smb_io_clnt_srv(const char *desc, DOM_CLNT_SRV *logcln, prs_struct *ps, int depth) +BOOL smb_io_clnt_srv(const char *desc, DOM_CLNT_SRV *logcln, prs_struct *ps, int depth) { if (logcln == NULL) return False; Modified: trunk/source/rpc_parse/parse_net.c === --- trunk/source/rpc_parse/parse_net.c 2006-02-10 18:51:20 UTC (rev 13437) +++ trunk/source/rpc_parse/parse_net.c 2006-02-10 19:16:48 UTC (rev 13438) @@ -1381,7 +1381,7 @@ if(!prs_align(ps)) return False; - if(!smb_io_clnt_info2("", &sam->client, ps, depth)) + if(!smb_io_clnt_srv("", &sam->client, ps, depth)) return False; if(!prs_uint16("logon_level ", ps, depth, &sam->logon_level)) Modified: trunk/source/rpc_server/srv_netlog_nt.c === --- trunk/source/rpc_server/srv_netlog_nt.c 2006-02-10 18:51:20 UTC (rev 13437) +++ trunk/source/rpc_server/srv_netlog_nt.c 2006-02-10 19:16:48 UTC (rev 13438) @@ -941,6 +941,7 @@ q.validation_level = q_u->validation_level; /* Map a DOM_SAM_INFO_EX into a DOM_SAM_INFO with no creds. */ + q.sam_id.client.login = q_u->sam_id.client; q.sam_id.logon_level = q_u->sam_id.logon_level; q.sam_id.ctr = q_u->sam_id.ctr;
svn commit: samba r13437 - in trunk/source/rpc_server: .
Author: jra Date: 2006-02-10 18:51:20 + (Fri, 10 Feb 2006) New Revision: 13437 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=13437 Log: Add in NET_SAM_LOGON_EX. Still needs testing. Jeremy Modified: trunk/source/rpc_server/srv_netlog_nt.c Changeset: Modified: trunk/source/rpc_server/srv_netlog_nt.c === --- trunk/source/rpc_server/srv_netlog_nt.c 2006-02-10 18:51:18 UTC (rev 13436) +++ trunk/source/rpc_server/srv_netlog_nt.c 2006-02-10 18:51:20 UTC (rev 13437) @@ -614,7 +614,10 @@ _net_sam_logon */ -NTSTATUS _net_sam_logon(pipes_struct *p, NET_Q_SAM_LOGON *q_u, NET_R_SAM_LOGON *r_u) +static NTSTATUS _net_sam_logon_internal(pipes_struct *p, + NET_Q_SAM_LOGON *q_u, + NET_R_SAM_LOGON *r_u, + BOOL process_creds) { NTSTATUS status = NT_STATUS_OK; NET_USER_INFO_3 *usr_info = NULL; @@ -648,8 +651,10 @@ if (!get_valid_user_struct(p->vuid)) return NT_STATUS_NO_SUCH_USER; - if (!p->dc || !p->dc->authenticated) { - return NT_STATUS_INVALID_HANDLE; + if (process_creds) { + if (!p->dc || !p->dc->authenticated) { + return NT_STATUS_INVALID_HANDLE; + } } if ( (lp_server_schannel() == True) && (p->auth.auth_type != PIPE_AUTH_TYPE_SCHANNEL) ) { @@ -661,12 +666,14 @@ return NT_STATUS_ACCESS_DENIED; } - /* checks and updates credentials. creates reply credentials */ - if (!creds_server_step(p->dc, &q_u->sam_id.client.cred, &r_u->srv_creds)) { - DEBUG(2,("_net_sam_logon: creds_server_step failed. Rejecting auth " - "request from client %s machine account %s\n", - p->dc->remote_machine, p->dc->mach_acct )); - return NT_STATUS_INVALID_PARAMETER; + if (process_creds) { + /* checks and updates credentials. creates reply credentials */ + if (!creds_server_step(p->dc, &q_u->sam_id.client.cred, &r_u->srv_creds)) { + DEBUG(2,("_net_sam_logon: creds_server_step failed. Rejecting auth " + "request from client %s machine account %s\n", + p->dc->remote_machine, p->dc->mach_acct )); + return NT_STATUS_INVALID_PARAMETER; + } } /* find the username */ @@ -907,13 +914,48 @@ } /* - _net_sam_logon_ex + _net_sam_logon */ +NTSTATUS _net_sam_logon(pipes_struct *p, NET_Q_SAM_LOGON *q_u, NET_R_SAM_LOGON *r_u) +{ + return _net_sam_logon_internal(p, q_u, r_u, True); +} + +/* + _net_sam_logon_ex - no credential chaining. Map into net sam logon. + */ + NTSTATUS _net_sam_logon_ex(pipes_struct *p, NET_Q_SAM_LOGON_EX *q_u, NET_R_SAM_LOGON_EX *r_u) { - setup_fault_pdu(p, NT_STATUS(0x1c010002)); - return NT_STATUS(0x1c010002); + NET_Q_SAM_LOGON q; + NET_R_SAM_LOGON r; + + ZERO_STRUCT(q); + ZERO_STRUCT(r); + + /* Only allow this if the pipe is protected. */ + /* FIXME ! */ + + /* Map a NET_Q_SAM_LOGON_EX to NET_Q_SAM_LOGON. */ + q.validation_level = q_u->validation_level; + + /* Map a DOM_SAM_INFO_EX into a DOM_SAM_INFO with no creds. */ + q.sam_id.logon_level = q_u->sam_id.logon_level; + q.sam_id.ctr = q_u->sam_id.ctr; + + r_u->status = _net_sam_logon_internal(p, &q, &r, False); + + if (!NT_STATUS_IS_OK(r_u->status)) { + return r_u->status; + } + + /* Map the NET_R_SAM_LOGON to NET_R_SAM_LOGON_EX. */ + r_u->switch_value = r.switch_value; + r_u->user = r.user; + r_u->auth_resp = r.auth_resp; + r_u->flags = 0; /* FIXME ! */ + return r_u->status; } /*
svn commit: samba r13436 - in branches/SAMBA_3_0/source/rpc_server: .
Author: jra Date: 2006-02-10 18:51:18 + (Fri, 10 Feb 2006) New Revision: 13436 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=13436 Log: Add in NET_SAM_LOGON_EX. Still needs testing. Jeremy Modified: branches/SAMBA_3_0/source/rpc_server/srv_netlog_nt.c Changeset: Modified: branches/SAMBA_3_0/source/rpc_server/srv_netlog_nt.c === --- branches/SAMBA_3_0/source/rpc_server/srv_netlog_nt.c2006-02-10 18:05:56 UTC (rev 13435) +++ branches/SAMBA_3_0/source/rpc_server/srv_netlog_nt.c2006-02-10 18:51:18 UTC (rev 13436) @@ -614,7 +614,10 @@ _net_sam_logon */ -NTSTATUS _net_sam_logon(pipes_struct *p, NET_Q_SAM_LOGON *q_u, NET_R_SAM_LOGON *r_u) +static NTSTATUS _net_sam_logon_internal(pipes_struct *p, + NET_Q_SAM_LOGON *q_u, + NET_R_SAM_LOGON *r_u, + BOOL process_creds) { NTSTATUS status = NT_STATUS_OK; NET_USER_INFO_3 *usr_info = NULL; @@ -648,8 +651,10 @@ if (!get_valid_user_struct(p->vuid)) return NT_STATUS_NO_SUCH_USER; - if (!p->dc || !p->dc->authenticated) { - return NT_STATUS_INVALID_HANDLE; + if (process_creds) { + if (!p->dc || !p->dc->authenticated) { + return NT_STATUS_INVALID_HANDLE; + } } if ( (lp_server_schannel() == True) && (p->auth.auth_type != PIPE_AUTH_TYPE_SCHANNEL) ) { @@ -661,12 +666,14 @@ return NT_STATUS_ACCESS_DENIED; } - /* checks and updates credentials. creates reply credentials */ - if (!creds_server_step(p->dc, &q_u->sam_id.client.cred, &r_u->srv_creds)) { - DEBUG(2,("_net_sam_logon: creds_server_step failed. Rejecting auth " - "request from client %s machine account %s\n", - p->dc->remote_machine, p->dc->mach_acct )); - return NT_STATUS_INVALID_PARAMETER; + if (process_creds) { + /* checks and updates credentials. creates reply credentials */ + if (!creds_server_step(p->dc, &q_u->sam_id.client.cred, &r_u->srv_creds)) { + DEBUG(2,("_net_sam_logon: creds_server_step failed. Rejecting auth " + "request from client %s machine account %s\n", + p->dc->remote_machine, p->dc->mach_acct )); + return NT_STATUS_INVALID_PARAMETER; + } } /* find the username */ @@ -907,13 +914,48 @@ } /* - _net_sam_logon_ex + _net_sam_logon */ +NTSTATUS _net_sam_logon(pipes_struct *p, NET_Q_SAM_LOGON *q_u, NET_R_SAM_LOGON *r_u) +{ + return _net_sam_logon_internal(p, q_u, r_u, True); +} + +/* + _net_sam_logon_ex - no credential chaining. Map into net sam logon. + */ + NTSTATUS _net_sam_logon_ex(pipes_struct *p, NET_Q_SAM_LOGON_EX *q_u, NET_R_SAM_LOGON_EX *r_u) { - setup_fault_pdu(p, NT_STATUS(0x1c010002)); - return NT_STATUS(0x1c010002); + NET_Q_SAM_LOGON q; + NET_R_SAM_LOGON r; + + ZERO_STRUCT(q); + ZERO_STRUCT(r); + + /* Only allow this if the pipe is protected. */ + /* FIXME ! */ + + /* Map a NET_Q_SAM_LOGON_EX to NET_Q_SAM_LOGON. */ + q.validation_level = q_u->validation_level; + + /* Map a DOM_SAM_INFO_EX into a DOM_SAM_INFO with no creds. */ + q.sam_id.logon_level = q_u->sam_id.logon_level; + q.sam_id.ctr = q_u->sam_id.ctr; + + r_u->status = _net_sam_logon_internal(p, &q, &r, False); + + if (!NT_STATUS_IS_OK(r_u->status)) { + return r_u->status; + } + + /* Map the NET_R_SAM_LOGON to NET_R_SAM_LOGON_EX. */ + r_u->switch_value = r.switch_value; + r_u->user = r.user; + r_u->auth_resp = r.auth_resp; + r_u->flags = 0; /* FIXME ! */ + return r_u->status; } /*
svn commit: samba r13435 - in trunk/source/rpc_server: .
Author: jra Date: 2006-02-10 18:05:56 + (Fri, 10 Feb 2006) New Revision: 13435 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=13435 Log: Add stub for NET_SAM_LOGON_EX. Jeremy. Modified: trunk/source/rpc_server/srv_netlog.c trunk/source/rpc_server/srv_netlog_nt.c Changeset: Modified: trunk/source/rpc_server/srv_netlog.c === --- trunk/source/rpc_server/srv_netlog.c2006-02-10 18:05:55 UTC (rev 13434) +++ trunk/source/rpc_server/srv_netlog.c2006-02-10 18:05:56 UTC (rev 13435) @@ -210,7 +210,7 @@ return False; } -return True; + return True; } /* @@ -307,6 +307,37 @@ } /* + api_net_sam_logon_ex: + */ + +static BOOL api_net_sam_logon_ex(pipes_struct *p) +{ + NET_Q_SAM_LOGON_EX q_u; + NET_R_SAM_LOGON_EX r_u; + prs_struct *data = &p->in_data.data; + prs_struct *rdata = &p->out_data.rdata; + + ZERO_STRUCT(q_u); + ZERO_STRUCT(r_u); + + if(!net_io_q_sam_logon_ex("", &q_u, data, 0)) { + DEBUG(0, ("api_net_sam_logon_ex: Failed to unmarshall NET_Q_SAM_LOGON_EX.\n")); + return False; + } + + r_u.status = _net_sam_logon_ex(p, &q_u, &r_u); + + /* store the response in the SMB stream */ + if(!net_io_r_sam_logon_ex("", &r_u, rdata, 0)) { + DEBUG(0,("api_net_sam_logon_ex: Failed to marshall NET_R_SAM_LOGON_EX.\n")); + return False; + } + + return True; +} + + +/* api_ds_enum_dom_trusts: */ @@ -356,6 +387,7 @@ { "NET_LOGON_CTRL2" , NET_LOGON_CTRL2 , api_net_logon_ctrl2}, { "NET_TRUST_DOM_LIST", NET_TRUST_DOM_LIST, api_net_trust_dom_list }, { "NET_LOGON_CTRL", NET_LOGON_CTRL, api_net_logon_ctrl }, + { "NET_SAMLOGON_EX" , NET_SAMLOGON_EX , api_net_sam_logon_ex }, #if 0 /* JERRY */ { "DS_ENUM_DOM_TRUSTS", DS_ENUM_DOM_TRUSTS, api_ds_enum_dom_trusts } #endif /* JERRY */ Modified: trunk/source/rpc_server/srv_netlog_nt.c === --- trunk/source/rpc_server/srv_netlog_nt.c 2006-02-10 18:05:55 UTC (rev 13434) +++ trunk/source/rpc_server/srv_netlog_nt.c 2006-02-10 18:05:56 UTC (rev 13435) @@ -907,6 +907,16 @@ } /* + _net_sam_logon_ex + */ + +NTSTATUS _net_sam_logon_ex(pipes_struct *p, NET_Q_SAM_LOGON_EX *q_u, NET_R_SAM_LOGON_EX *r_u) +{ + setup_fault_pdu(p, NT_STATUS(0x1c010002)); + return NT_STATUS(0x1c010002); +} + +/* _ds_enum_dom_trusts */ #if 0 /* JERRY -- not correct */
svn commit: samba r13434 - in branches/SAMBA_3_0/source/rpc_server: .
Author: jra Date: 2006-02-10 18:05:55 + (Fri, 10 Feb 2006) New Revision: 13434 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=13434 Log: Add stub for NET_SAM_LOGON_EX. Jeremy. Modified: branches/SAMBA_3_0/source/rpc_server/srv_netlog.c branches/SAMBA_3_0/source/rpc_server/srv_netlog_nt.c Changeset: Modified: branches/SAMBA_3_0/source/rpc_server/srv_netlog.c === --- branches/SAMBA_3_0/source/rpc_server/srv_netlog.c 2006-02-10 17:55:44 UTC (rev 13433) +++ branches/SAMBA_3_0/source/rpc_server/srv_netlog.c 2006-02-10 18:05:55 UTC (rev 13434) @@ -210,7 +210,7 @@ return False; } -return True; + return True; } /* @@ -307,6 +307,37 @@ } /* + api_net_sam_logon_ex: + */ + +static BOOL api_net_sam_logon_ex(pipes_struct *p) +{ + NET_Q_SAM_LOGON_EX q_u; + NET_R_SAM_LOGON_EX r_u; + prs_struct *data = &p->in_data.data; + prs_struct *rdata = &p->out_data.rdata; + + ZERO_STRUCT(q_u); + ZERO_STRUCT(r_u); + + if(!net_io_q_sam_logon_ex("", &q_u, data, 0)) { + DEBUG(0, ("api_net_sam_logon_ex: Failed to unmarshall NET_Q_SAM_LOGON_EX.\n")); + return False; + } + + r_u.status = _net_sam_logon_ex(p, &q_u, &r_u); + + /* store the response in the SMB stream */ + if(!net_io_r_sam_logon_ex("", &r_u, rdata, 0)) { + DEBUG(0,("api_net_sam_logon_ex: Failed to marshall NET_R_SAM_LOGON_EX.\n")); + return False; + } + + return True; +} + + +/* api_ds_enum_dom_trusts: */ @@ -356,6 +387,7 @@ { "NET_LOGON_CTRL2" , NET_LOGON_CTRL2 , api_net_logon_ctrl2}, { "NET_TRUST_DOM_LIST", NET_TRUST_DOM_LIST, api_net_trust_dom_list }, { "NET_LOGON_CTRL", NET_LOGON_CTRL, api_net_logon_ctrl }, + { "NET_SAMLOGON_EX" , NET_SAMLOGON_EX , api_net_sam_logon_ex }, #if 0 /* JERRY */ { "DS_ENUM_DOM_TRUSTS", DS_ENUM_DOM_TRUSTS, api_ds_enum_dom_trusts } #endif /* JERRY */ Modified: branches/SAMBA_3_0/source/rpc_server/srv_netlog_nt.c === --- branches/SAMBA_3_0/source/rpc_server/srv_netlog_nt.c2006-02-10 17:55:44 UTC (rev 13433) +++ branches/SAMBA_3_0/source/rpc_server/srv_netlog_nt.c2006-02-10 18:05:55 UTC (rev 13434) @@ -907,6 +907,16 @@ } /* + _net_sam_logon_ex + */ + +NTSTATUS _net_sam_logon_ex(pipes_struct *p, NET_Q_SAM_LOGON_EX *q_u, NET_R_SAM_LOGON_EX *r_u) +{ + setup_fault_pdu(p, NT_STATUS(0x1c010002)); + return NT_STATUS(0x1c010002); +} + +/* _ds_enum_dom_trusts */ #if 0 /* JERRY -- not correct */
svn commit: samba r13433 - in branches/SAMBA_3_0/source: include rpc_parse
Author: jra Date: 2006-02-10 17:55:44 + (Fri, 10 Feb 2006) New Revision: 13433 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=13433 Log: Get ready to implement NET_SAM_LOGON_EX. Jeremy. Modified: branches/SAMBA_3_0/source/include/rpc_netlogon.h branches/SAMBA_3_0/source/rpc_parse/parse_net.c Changeset: Modified: branches/SAMBA_3_0/source/include/rpc_netlogon.h === --- branches/SAMBA_3_0/source/include/rpc_netlogon.h2006-02-10 17:55:41 UTC (rev 13432) +++ branches/SAMBA_3_0/source/include/rpc_netlogon.h2006-02-10 17:55:44 UTC (rev 13433) @@ -41,6 +41,7 @@ #define NET_DSR_GETDCNAME 0x14 #define NET_AUTH3 0x1a #define NET_DSR_GETSITENAME0x1c +#define NET_SAMLOGON_EX0x27 /* Secure Channel types. used in NetrServerAuthenticate negotiation */ #define SEC_CHAN_WKSTA 2 @@ -571,12 +572,26 @@ NET_ID_INFO_CTR *ctr; } DOM_SAM_INFO; +/* SAM_INFO - sam logon/off id structure - no creds */ +typedef struct sam_info_ex { + DOM_CLNT_INFO2 client; + uint16 logon_level; + NET_ID_INFO_CTR *ctr; +} DOM_SAM_INFO_EX; + /* NET_Q_SAM_LOGON */ typedef struct net_q_sam_logon_info { DOM_SAM_INFO sam_id; uint16 validation_level; } NET_Q_SAM_LOGON; +/* NET_Q_SAM_LOGON_EX */ +typedef struct net_q_sam_logon_info_ex { + DOM_SAM_INFO_EX sam_id; + uint16 validation_level; + uint32 flags; +} NET_Q_SAM_LOGON_EX; + /* NET_R_SAM_LOGON */ typedef struct net_r_sam_logon_info { uint32 buffer_creds; /* undocumented buffer pointer */ @@ -590,7 +605,18 @@ NTSTATUS status; /* return code */ } NET_R_SAM_LOGON; +/* NET_R_SAM_LOGON_EX */ +typedef struct net_r_sam_logon_info_ex { + uint16 switch_value; /* 3 - indicates type of USER INFO */ + NET_USER_INFO_3 *user; + uint32 auth_resp; /* 1 - Authoritative response; 0 - Non-Auth? */ + uint32 flags; + + NTSTATUS status; /* return code */ +} NET_R_SAM_LOGON_EX; + + /* NET_Q_SAM_LOGOFF */ typedef struct net_q_sam_logoff_info { DOM_SAM_INFO sam_id; Modified: branches/SAMBA_3_0/source/rpc_parse/parse_net.c === --- branches/SAMBA_3_0/source/rpc_parse/parse_net.c 2006-02-10 17:55:41 UTC (rev 13432) +++ branches/SAMBA_3_0/source/rpc_parse/parse_net.c 2006-02-10 17:55:44 UTC (rev 13433) @@ -1366,6 +1366,35 @@ return True; } +/*** + Reads or writes a DOM_SAM_INFO_EX structure. + / + +static BOOL smb_io_sam_info_ex(const char *desc, DOM_SAM_INFO_EX *sam, prs_struct *ps, int depth) +{ + if (sam == NULL) + return False; + + prs_debug(ps, depth, desc, "smb_io_sam_info_ex"); + depth++; + + if(!prs_align(ps)) + return False; + + if(!smb_io_clnt_info2("", &sam->client, ps, depth)) + return False; + + if(!prs_uint16("logon_level ", ps, depth, &sam->logon_level)) + return False; + + if (sam->logon_level != 0) { + if(!net_io_id_info_ctr("logon_info", &sam->ctr, ps, depth)) + return False; + } + + return True; +} + /* Inits a NET_USER_INFO_3 structure. @@ -1835,6 +1864,79 @@ Reads or writes a structure. / +BOOL net_io_q_sam_logon_ex(const char *desc, NET_Q_SAM_LOGON_EX *q_l, prs_struct *ps, int depth) +{ + if (q_l == NULL) + return False; + + prs_debug(ps, depth, desc, "net_io_q_sam_logon_ex"); + depth++; + + if(!prs_align(ps)) + return False; + + if(!smb_io_sam_info_ex("", &q_l->sam_id, ps, depth)) + return False; + + if(!prs_align_uint16(ps)) + return False; + + if(!prs_uint16("validation_level", ps, depth, &q_l->validation_level)) + return False; + + if(!prs_uint32("flags ", ps, depth, &q_l->flags)) + return False; + + return True; +} + +/*** + Reads or writes a structure. +/ + +BOOL net_io_r_sam_logon_ex(const char *desc, NET_R_SAM_LOGON_EX *r_l, prs_struct *ps, int depth) +{ + if (r_l == NULL) + return False; + + prs_debug(ps, depth, desc, "net_io_r_sam_logon_ex"); + depth++; + + if(!prs_uint16("switch_value", ps, depth, &r_l->switch_value)) + return False; + if(!prs_align(ps)) + return False; + +#if 1 /* W2k always needs this - even for bad pass
svn commit: samba r13432 - in trunk/source: include rpc_parse
Author: jra Date: 2006-02-10 17:55:41 + (Fri, 10 Feb 2006) New Revision: 13432 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=13432 Log: Get ready to implement NET_SAM_LOGON_EX. Jeremy. Modified: trunk/source/include/rpc_netlogon.h trunk/source/rpc_parse/parse_net.c Changeset: Modified: trunk/source/include/rpc_netlogon.h === --- trunk/source/include/rpc_netlogon.h 2006-02-10 17:42:31 UTC (rev 13431) +++ trunk/source/include/rpc_netlogon.h 2006-02-10 17:55:41 UTC (rev 13432) @@ -41,6 +41,7 @@ #define NET_DSR_GETDCNAME 0x14 #define NET_AUTH3 0x1a #define NET_DSR_GETSITENAME0x1c +#define NET_SAMLOGON_EX0x27 /* Secure Channel types. used in NetrServerAuthenticate negotiation */ #define SEC_CHAN_WKSTA 2 @@ -571,12 +572,26 @@ NET_ID_INFO_CTR *ctr; } DOM_SAM_INFO; +/* SAM_INFO - sam logon/off id structure - no creds */ +typedef struct sam_info_ex { + DOM_CLNT_INFO2 client; + uint16 logon_level; + NET_ID_INFO_CTR *ctr; +} DOM_SAM_INFO_EX; + /* NET_Q_SAM_LOGON */ typedef struct net_q_sam_logon_info { DOM_SAM_INFO sam_id; uint16 validation_level; } NET_Q_SAM_LOGON; +/* NET_Q_SAM_LOGON_EX */ +typedef struct net_q_sam_logon_info_ex { + DOM_SAM_INFO_EX sam_id; + uint16 validation_level; + uint32 flags; +} NET_Q_SAM_LOGON_EX; + /* NET_R_SAM_LOGON */ typedef struct net_r_sam_logon_info { uint32 buffer_creds; /* undocumented buffer pointer */ @@ -590,7 +605,18 @@ NTSTATUS status; /* return code */ } NET_R_SAM_LOGON; +/* NET_R_SAM_LOGON_EX */ +typedef struct net_r_sam_logon_info_ex { + uint16 switch_value; /* 3 - indicates type of USER INFO */ + NET_USER_INFO_3 *user; + uint32 auth_resp; /* 1 - Authoritative response; 0 - Non-Auth? */ + uint32 flags; + + NTSTATUS status; /* return code */ +} NET_R_SAM_LOGON_EX; + + /* NET_Q_SAM_LOGOFF */ typedef struct net_q_sam_logoff_info { DOM_SAM_INFO sam_id; Modified: trunk/source/rpc_parse/parse_net.c === --- trunk/source/rpc_parse/parse_net.c 2006-02-10 17:42:31 UTC (rev 13431) +++ trunk/source/rpc_parse/parse_net.c 2006-02-10 17:55:41 UTC (rev 13432) @@ -1366,6 +1366,35 @@ return True; } +/*** + Reads or writes a DOM_SAM_INFO_EX structure. + / + +static BOOL smb_io_sam_info_ex(const char *desc, DOM_SAM_INFO_EX *sam, prs_struct *ps, int depth) +{ + if (sam == NULL) + return False; + + prs_debug(ps, depth, desc, "smb_io_sam_info_ex"); + depth++; + + if(!prs_align(ps)) + return False; + + if(!smb_io_clnt_info2("", &sam->client, ps, depth)) + return False; + + if(!prs_uint16("logon_level ", ps, depth, &sam->logon_level)) + return False; + + if (sam->logon_level != 0) { + if(!net_io_id_info_ctr("logon_info", &sam->ctr, ps, depth)) + return False; + } + + return True; +} + /* Inits a NET_USER_INFO_3 structure. @@ -1835,6 +1864,79 @@ Reads or writes a structure. / +BOOL net_io_q_sam_logon_ex(const char *desc, NET_Q_SAM_LOGON_EX *q_l, prs_struct *ps, int depth) +{ + if (q_l == NULL) + return False; + + prs_debug(ps, depth, desc, "net_io_q_sam_logon_ex"); + depth++; + + if(!prs_align(ps)) + return False; + + if(!smb_io_sam_info_ex("", &q_l->sam_id, ps, depth)) + return False; + + if(!prs_align_uint16(ps)) + return False; + + if(!prs_uint16("validation_level", ps, depth, &q_l->validation_level)) + return False; + + if(!prs_uint32("flags ", ps, depth, &q_l->flags)) + return False; + + return True; +} + +/*** + Reads or writes a structure. +/ + +BOOL net_io_r_sam_logon_ex(const char *desc, NET_R_SAM_LOGON_EX *r_l, prs_struct *ps, int depth) +{ + if (r_l == NULL) + return False; + + prs_debug(ps, depth, desc, "net_io_r_sam_logon_ex"); + depth++; + + if(!prs_uint16("switch_value", ps, depth, &r_l->switch_value)) + return False; + if(!prs_align(ps)) + return False; + +#if 1 /* W2k always needs this - even for bad passwd. JRA */ + if(!net_io_user_info3("", r_l->user, ps, depth, r_l->switch_value, False)) + return Fa
svn commit: samba r13431 - in branches/tmp/vl-posixacls/source: include lib modules smbd
Author: vlendec Date: 2006-02-10 17:42:31 + (Fri, 10 Feb 2006) New Revision: 13431 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=13431 Log: Get rid of SMB_ACL_PERMSET_T, this is mode_t! Modified: branches/tmp/vl-posixacls/source/include/smb_acls.h branches/tmp/vl-posixacls/source/include/vfs.h branches/tmp/vl-posixacls/source/include/vfs_macros.h branches/tmp/vl-posixacls/source/lib/sysacls.c branches/tmp/vl-posixacls/source/modules/vfs_full_audit.c branches/tmp/vl-posixacls/source/smbd/posix_acls.c branches/tmp/vl-posixacls/source/smbd/trans2.c branches/tmp/vl-posixacls/source/smbd/vfs-wrap.c branches/tmp/vl-posixacls/source/smbd/vfs.c Changeset: Sorry, the patch is too large (1436 lines) to include; please use WebSVN to see it! WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=13431
svn commit: samba r13430 - in branches/tmp/vl-posixacls/source: include lib modules smbd
Author: vlendec Date: 2006-02-10 15:12:28 + (Fri, 10 Feb 2006) New Revision: 13430 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=13430 Log: Step 1: Replace SMB_ACL_TAG_T by 'struct smb_acl_tag'. Using a struct ensures extensibility and enforces a functional interface during the compile. The other types will be handled accordingly. This only compiles for posix acls, and I did not run it once. Jeremy, what do you think? Volker Modified: branches/tmp/vl-posixacls/source/include/smb_acls.h branches/tmp/vl-posixacls/source/include/vfs.h branches/tmp/vl-posixacls/source/include/vfs_macros.h branches/tmp/vl-posixacls/source/lib/sysacls.c branches/tmp/vl-posixacls/source/modules/vfs_full_audit.c branches/tmp/vl-posixacls/source/smbd/posix_acls.c branches/tmp/vl-posixacls/source/smbd/trans2.c branches/tmp/vl-posixacls/source/smbd/vfs-wrap.c branches/tmp/vl-posixacls/source/smbd/vfs.c Changeset: Sorry, the patch is too large (1330 lines) to include; please use WebSVN to see it! WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=13430
svn commit: samba r13429 - in branches/tmp/vl-posixacls: examples/misc packaging/Debian/debian-sarge packaging/Debian/debian-sarge/patches packaging/RHEL source source/include source/lib source/libads
Author: vlendec Date: 2006-02-10 15:02:01 + (Fri, 10 Feb 2006) New Revision: 13429 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=13429 Log: merge -r13390:13428 from 3_0 Removed: branches/tmp/vl-posixacls/packaging/Debian/debian-sarge/patches/VERSION.patch branches/tmp/vl-posixacls/packaging/Debian/debian-sarge/patches/version-fix-vscan.patch Modified: branches/tmp/vl-posixacls/examples/misc/adssearch.pl branches/tmp/vl-posixacls/packaging/Debian/debian-sarge/changelog branches/tmp/vl-posixacls/packaging/Debian/debian-sarge/patches/fhs.patch branches/tmp/vl-posixacls/packaging/Debian/debian-sarge/rules branches/tmp/vl-posixacls/packaging/Debian/debian-sarge/samba.files branches/tmp/vl-posixacls/packaging/RHEL/samba.spec.tmpl branches/tmp/vl-posixacls/source/Makefile.in branches/tmp/vl-posixacls/source/configure.in branches/tmp/vl-posixacls/source/include/ntdomain.h branches/tmp/vl-posixacls/source/include/rpc_dce.h branches/tmp/vl-posixacls/source/include/rpc_netlogon.h branches/tmp/vl-posixacls/source/include/rpc_samr.h branches/tmp/vl-posixacls/source/lib/events.c branches/tmp/vl-posixacls/source/lib/time.c branches/tmp/vl-posixacls/source/lib/util_str.c branches/tmp/vl-posixacls/source/libads/ldap.c branches/tmp/vl-posixacls/source/libsmb/credentials.c branches/tmp/vl-posixacls/source/libsmb/smbdes.c branches/tmp/vl-posixacls/source/libsmb/smbencrypt.c branches/tmp/vl-posixacls/source/locking/locking.c branches/tmp/vl-posixacls/source/nsswitch/pam_winbind.c branches/tmp/vl-posixacls/source/nsswitch/winbindd_cache.c branches/tmp/vl-posixacls/source/nsswitch/winbindd_cm.c branches/tmp/vl-posixacls/source/nsswitch/winbindd_dual.c branches/tmp/vl-posixacls/source/nsswitch/winbindd_pam.c branches/tmp/vl-posixacls/source/param/loadparm.c branches/tmp/vl-posixacls/source/passdb/secrets.c branches/tmp/vl-posixacls/source/printing/print_iprint.c branches/tmp/vl-posixacls/source/rpc_parse/parse_net.c branches/tmp/vl-posixacls/source/rpc_parse/parse_rpc.c branches/tmp/vl-posixacls/source/rpc_parse/parse_samr.c branches/tmp/vl-posixacls/source/rpc_server/srv_netlog.c branches/tmp/vl-posixacls/source/rpc_server/srv_netlog_nt.c branches/tmp/vl-posixacls/source/rpc_server/srv_samr_nt.c branches/tmp/vl-posixacls/source/rpc_server/srv_svcctl_nt.c branches/tmp/vl-posixacls/source/rpcclient/rpcclient.c branches/tmp/vl-posixacls/source/services/services_db.c branches/tmp/vl-posixacls/source/smbd/notify_hash.c Changeset: Sorry, the patch is too large (1647 lines) to include; please use WebSVN to see it! WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=13429