[Samba] Joining Domain Problem only with XP SP2
I've having trouble getting XP SP2's to join a domain. Whenever I try to join, at the point I'm asked for a user name and password with permission to join the domain, I enter root and root's password, then get the dreaded Unknown user or bad password error message. The clients are a mixed bunch with some 98's, 1 Win2K, a few XP SP1 (I know, I know!, but it's not a priority to management who has me fighting other fires), and the rest being XP SP2. I *ONLY* get the error with XP SP2. The Win2K and SP1 all join no problem, so it shouldn't be a problem with the Samba PDC or the config file else none should be joining. The 98's aren't a problem of course. In fact, for reasons I can't figure out, 2 of the SP2's joined too. What is stopping the SP2's from joining? I've tried creating the machine accounts by hand, but that had no effect. I cranked up the logging and it looks to me like root authenticates correctly, but I still get the error. Background: The original Samba PDC machine was getting old so management decided to trash it. I was tasked with putting together a replacement machine. I am using Kubuntu 7.10 (Gutsy) with Samba 3.0.26a. I disconnected the client machines from the domain (switched them to workgroup), then tried to reconnect with the new server online. The old server is physically gone. As I stated, only the XP SP2's are not joining. I'm including my smb.conf, but considering the XP SP1's and the one Win2K (which is actually running as a virtual machine with XP SP2 as a host OS; this XP SP2 won't join) all join, the config file should be correct, and I have a root user in my smbpassword file, and I'm typing the password correctly. Therefore it has to be something to do with the SP2's. Possibly some registry setting??? Right now the XP SP2's are running as workgroup computers. Yes, the old domain and new domain name are the same, but I've already tried changing the new name to something different then joining but with no luck. #=== Global Settings = [global] debug level = 2 workgroup = hap netbios name = linuxII hosts allow = 192.168.1. 127. printcap name = cups load printers = yes printing = cups guest account = pcguest log file = /var/log/samba/log.%m max log size = 50 security = user encrypt passwords = true passdb backend = tdbsam unix password sync = yes passwd program = /usr/bin/passwd %u passwd chat = *New*UNIX*password* %n\n *ReType*new*UNIX*password* %n\n*passwd:*all*authentication*tokens*updated*successfully* username map = /etc/samba/smbusers socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 interfaces = 192.168.1.8/32 127.0.0.1/32 bind interfaces only = true local master = yes os level = 34 domain master = yes preferred master = yes domain logons = yes logon script = home.bat logon path = \\%L\profiles\%U logon home = \\%L\%U logon drive = H: name resolve order = wins lmhosts bcast wins support = yes wins proxy = yes hide dot files = yes deadtime = 15 disable spoolss = yes show add printer wizard = no add machine script = /usr/sbin/useradd -d /dev/null -s /bin/false %u time server = yes # Share Definitions = [homes] comment = Home Directory browseable = no writable = yes # Un-comment the following and create the netlogon directory for Domain Logons [netlogon] comment = Network Logon Service path = /home/netlogon guest ok = yes writable = no #...Lots more shares...snip #=end config file= -- Fail to learn history-repeat it. Fail to learn rights-lose them. Learn both-get screwed by previous two groups. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Joining Domain Problem only with XP SP2
Robert wrote: I've having trouble getting XP SP2's to join a domain. Whenever I try to join, at the point I'm asked for a user name and password with permission to join the domain, I enter root and root's password, then get the dreaded Unknown user or bad password error message. The clients are a mixed bunch with some 98's, 1 Win2K, a few XP SP1 (I know, I know!, but it's not a priority to management who has me fighting other fires), and the rest being XP SP2. I *ONLY* get the error with XP SP2. The Win2K and SP1 all join no problem, so it shouldn't be a problem with the Samba PDC or the config file else none should be joining. The 98's aren't a problem of course. In fact, for reasons I can't figure out, 2 of the SP2's joined too. What is stopping the SP2's from joining? I've tried creating the machine accounts by hand, but that had no effect. I cranked up the logging and it looks to me like root authenticates correctly, but I still get the error. Background: The original Samba PDC machine was getting old so management decided to trash it. I was tasked with putting together a replacement machine. I am using Kubuntu 7.10 (Gutsy) with Samba 3.0.26a. I disconnected the client machines from the domain (switched them to workgroup), then tried to reconnect with the new server online. The old server is physically gone. As I stated, only the XP SP2's are not joining. I'm including my smb.conf, but considering the XP SP1's and the one Win2K (which is actually running as a virtual machine with XP SP2 as a host OS; this XP SP2 won't join) all join, the config file should be correct, and I have a root user in my smbpassword file, and I'm typing the password correctly. Therefore it has to be something to do with the SP2's. Possibly some registry setting??? Right now the XP SP2's are running as workgroup computers. Yes, the old domain and new domain name are the same, but I've already tried changing the new name to something different then joining but with no luck. #=== Global Settings = [global] debug level = 2 workgroup = hap netbios name = linuxII hosts allow = 192.168.1. 127. printcap name = cups load printers = yes printing = cups guest account = pcguest log file = /var/log/samba/log.%m max log size = 50 security = user encrypt passwords = true passdb backend = tdbsam unix password sync = yes passwd program = /usr/bin/passwd %u passwd chat = *New*UNIX*password* %n\n *ReType*new*UNIX*password* %n\n*passwd:*all*authentication*tokens*updated*successfully* username map = /etc/samba/smbusers socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 interfaces = 192.168.1.8/32 127.0.0.1/32 bind interfaces only = true local master = yes os level = 34 domain master = yes preferred master = yes domain logons = yes logon script = home.bat logon path = \\%L\profiles\%U logon home = \\%L\%U logon drive = H: name resolve order = wins lmhosts bcast wins support = yes wins proxy = yes hide dot files = yes deadtime = 15 disable spoolss = yes show add printer wizard = no add machine script = /usr/sbin/useradd -d /dev/null -s /bin/false %u time server = yes # Share Definitions = [homes] comment = Home Directory browseable = no writable = yes # Un-comment the following and create the netlogon directory for Domain Logons [netlogon] comment = Network Logon Service path = /home/netlogon guest ok = yes writable = no #...Lots more shares...snip #=end config file= Since it's just XP SP2, you might want to look at the XP firewall settings that were added by default during the SP2 update. Get there Control Panel/Windows Firewall. In there is file and printer sharing blocking on by default for notebooks and computers directly on the internet. Maybe you already looked at this. Nothing else stands out. Regards, Doug -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
R: [Samba] Joining a Windows XP pc to Samba / LDAP domain
I tried exactly what you tried last week, and I was happy because everything worked. I folloed a tutorial on suse, also if I am using 10.3 version. What I did differently was NOT to start winbind, NOT to create any groups in linux. What I did wrong first time and gave me problems I posted was that I did't issue the net getlocalsid command and used the tutorial's one...(no comment,please..) When I realize the error I had to go inside ldap, using phpldapadmin, and manually modify the value . I didn't need to create the windows xp account. When I had to join it, I just gave the root/administrator password and everything was fine.: the computer account was created on the ldap, and I can log on to the domain whith an account I created with smbldap-adduser another thing : I created a new domain with a new ldap backend. I thought you where doing the same. But what do you mean when you tried to join the domain from pdc (point 12) ? PDC is the PDC of that domainYou don't have to join it. when creating account with smbldap-adduser , I specify -a and -m (and not only -m as was suggested in the tutorial I followed.) HTH, Andrea p.s. the tutorial(s) I follwed are: Riferimenti http://en.opensuse.org/Howto_setup_SUSE_10.1_as_Samba_PDC http://www.howtoforge.com/openldap-samba-domain-controller-ubuntu7.10 -Messaggio originale- Da: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] ] Per conto di Paul Furness Inviato: venerdì 15 febbraio 2008 18.53 A: Samba Mail List Oggetto: [Samba] Joining a Windows XP pc to Samba / LDAP domain Hi, guys, I'm trying to create a PDC using Samba with an LDAP backend. According to all the guides I read, this should be fairly easy really, but I've done nothing else for the last week and it still doesn't work the way the manual says it should! As far as I can see, everything is set up and working correctly right up to the point when I try and join a machine to the domain. I've posted some extracts of my config files, log files, errors and the versions of various things, below. I pretty much exactly followed the Making Happy Users chapter of the Samba guide. These are the steps I've gone through (in summary), starting with a clean build of linux on the server and WinXP on the client. It starts going wrong at step 8. Oh just for completeness, both the new domain controller and the windows PC are on their own, completely separate network, to ensure that the existing domain / windows clients can have no effect whatsoever. 1. Install samba and LDAP on the server, together with phpldapadmin. 2. Configure slapd and got the ldap server working, and configure phpldapadmin to let me connect and see what's going on, and create LDAP entries directly if needed. Also configured PAM and NSS. 3. Configure samba as a PDC with an LDAP backend. Set the LDAP manager password in samba. Got the SID. 5. Configured smbldap-tools, setting up the SID and LDAP details. 6. Created the linux groups for Domain Admins, Domain Users, Domain Guests and Domain Computers. 7. Started LDAP and did an smbldap-populate. This gave exactly the right response and a look at the ldap database proved it had created all the appropriate entries. tested the ldap with ldapsearch and got the expected response. Also checked NSS with getent and got the right answers. 8. Added a user with smbldap-useradd then set the password for that user with smbldap-passwd. This worked fine. 9. Checked that the root UID is set to 0. It is. 10. Checked that the user account is being read properly using pdbedit -Lv. It is. 11. start nmb, smb and winbind, and checked the logs to see if they are behaving. They are. 12. Tried to join the domain from the pdc (which is named PDC) with net rpc join -S PDC -U root%PASSWORD 13. It fails. The message I get is: Creation of workstation account failed Unable to join domain LDAPTEST. 14. Tried to join a windows XP PC to the domain. It finds the domain controller ok, and then gives the error The username could not be found which, from what I've been able to find out, means that the PC account isn't being created properly on the domain. What's *really* odd is that it seems to be creating the computer accounts correctly in the ldap (you can see that in the ldif export below). And yet, despite actually creating the account, it's insisting that it isn't. I tried deleting the ldap entry for the computer, then creating it by hand (smbldap-adduser -w pdc$) and it works fine. But the client still insists that it's not joined the domain. I *know* I'm typing the password correctly, and the log seems to bear this out. It simply doesn't work, and I've completely run out of steam trying to understand why. I'm presumably missing something significant (and probably very simple). Can anyone offer some pointers - or even the answer- before I quit computing and start
[Samba] wbinfo -a not working
Hello, I'm trying to connect my Debian 4 samba box to my Windows 2003Server Active Directory. I successfully joined the domain, with net ads join. Wireshark captures a lot of packets going over the wire, and I get the message joined the domain successfully. In my AD, under 'computers', the samba box appeared. So that all works. Asking a kerberos ticket for a user with kinit is also successful. So kerberos is working fine. Wbinfo -u gives me all the users I have in my AD, and wbinfo -g does the same with all the groups. wbinfo -t also working fine. But when I try wbinfo -a rutger%rutger, I get plaintext password authentication failed error code was NT_STATUS_NO_SUCH_USER (0xc064) error messsage was: No such user Could not authenticate user rutger%rutger with plaintext password challenge/response password authentication failed error code was NT_STATUS_NO_SUCH_USER (0xc064) error messsage was: No such user Could not authenticate user rutger with challenge/response Same result with wbinfo -K. It says the user does not exist, but it is there when I do a wbinfo -u. Same output with ntlm_auth and with --diagnostics: ntlm_auth --request-nt-key --domain=PROJECT --username=rutger password: NT_STATUS_NO_SUCH_USER: No such user (0xc064) project:/etc# ntlm_auth --request-nt-key --domain=PROJECT --username=rutger --diagnostics password: No such user (0xc064) [2008/02/16 16:42:05, 1] utils/ntlm_auth_diagnostics.c:diagnose_ntlm_auth(597) Test LM failed! No such user (0xc064) [2008/02/16 16:42:05, 1] utils/ntlm_auth_diagnostics.c:diagnose_ntlm_auth(597) Test LM and NTLM failed! No such user (0xc064) [2008/02/16 16:42:05, 1] utils/ntlm_auth_diagnostics.c:diagnose_ntlm_auth(597) Test NTLM failed! No such user (0xc064) [2008/02/16 16:42:05, 1] utils/ntlm_auth_diagnostics.c:diagnose_ntlm_auth(597) Test NTLM in LM failed! No such user (0xc064) [2008/02/16 16:42:05, 1] utils/ntlm_auth_diagnostics.c:diagnose_ntlm_auth(597) Test NTLM in both failed! No such user (0xc064) [2008/02/16 16:42:05, 1] utils/ntlm_auth_diagnostics.c:diagnose_ntlm_auth(597) Test NTLMv2 failed! No such user (0xc064) [2008/02/16 16:42:05, 1] utils/ntlm_auth_diagnostics.c:diagnose_ntlm_auth(597) Test NTLMv2 and LMv2 failed! No such user (0xc064) [2008/02/16 16:42:05, 1] utils/ntlm_auth_diagnostics.c:diagnose_ntlm_auth(597) Test LMv2 failed! No such user (0xc064) [2008/02/16 16:42:05, 1] utils/ntlm_auth_diagnostics.c:diagnose_ntlm_auth(597) Test NTLMv2 and LMv2, LMv2 broken failed! No such user (0xc064) No such user (0xc064) [2008/02/16 16:42:05, 1] utils/ntlm_auth_diagnostics.c:diagnose_ntlm_auth(597) Test NTLM and LM, LM broken failed! No such user (0xc064) No such user (0xc064) [2008/02/16 16:42:05, 1] utils/ntlm_auth_diagnostics.c:diagnose_ntlm_auth(597) Test Plaintext failed! No such user (0xc064) [2008/02/16 16:42:05, 1] utils/ntlm_auth_diagnostics.c:diagnose_ntlm_auth(597) Test Plaintext LM broken failed! No such user (0xc064) No such user (0xc064) [2008/02/16 16:42:05, 1] utils/ntlm_auth_diagnostics.c:diagnose_ntlm_auth(597) Test Plaintext NT only failed! No such user (0xc064) [2008/02/16 16:42:05, 1] utils/ntlm_auth_diagnostics.c:diagnose_ntlm_auth(597) Test Plaintext LM only failed! The wbinfo -a and ntlm_auth result in NO data send over the wire. Is wbinfo not correcty using Kerberos? Why are no packages send over the wire when I do wbinfo -a? The ip of the AD is in /etc/hosts Thanks a lot for your help, I'm really desperate! Rutger Here are the smb.conf and krb5.conf files: --smb.conf-- project:/etc# testparm Load smb config files from /etc/samba/smb.conf Processing section [homes] Processing section [printers] Processing section [print$] Loaded services file OK. Server role: ROLE_DOMAIN_MEMBER Press enter to see a dump of your service definitions [global] workgroup = PROJECT realm = PROJECT.LOCAL server string = %h server security = ADS obey pam restrictions = Yes password server = project-ad.project.local passdb backend = tdbsam passwd program = /usr/bin/passwd %u passwd chat = *Enter\snew\sUNIX\spassword:* %n\n *Retype\snew\sUNIX\spassword:* %n\n *password\supdated\ssuccessfully* . syslog = 0 log file = /var/log/samba/log.%m max log size = 1000 dns proxy = No panic action = /usr/share/samba/panic-action %d idmap uid = 1-2 idmap gid = 1-2 template shell = /bin/bash invalid users = root [homes] comment = Home Directories valid users = %S read only = No create mask = 0700 directory mask = 0700 browseable = No [printers] comment = All Printers path = /var/spool/samba create mask = 0700 printable = Yes
[Samba] configure for rfc2307
I am having problems getting samba to compile the rfc2307 module. I can't seem to find the correct args to ./configure to get it compiled and installed. I would prefer to have it statically compiled as there seem to be some loading issues on solaris at the moment. Can anyone help out? Thanks, Christian -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Re: everyone acl
Christian McHugh [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] Howdy all, I was wondering if there was a known bug with the everyone acl. When looking at the security tab on windows the everyone acl has the read permission. If I unselect it to give everyone no permission and hit apply, read becomes checked again. If I select deny everyone read, then a warning pops up saying this will deny read for all users and it does. If after that I give read to another user, then everyone has read selected again. It seems the only way to unset read on everyone is to do it unix side. Is this a known problem or is there any solution? I'm tried running samba 3.0.27 and 3.0.28 on solaris 10 with these results. Thanks, Christian -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba Perhaps this article will shed some light on the issue. It explains how Samba works with Windows ACL's. http://searchenterpriselinux.techtarget.com/tip/0,289483,sid39_gci1080966,00.html -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] everyone acl
Howdy all, I was wondering if there was a known bug with the everyone acl. When looking at the security tab on windows the everyone acl has the read permission. If I unselect it to give everyone no permission and hit apply, read becomes checked again. If I select deny everyone read, then a warning pops up saying this will deny read for all users and it does. If after that I give read to another user, then everyone has read selected again. It seems the only way to unset read on everyone is to do it unix side. Is this a known problem or is there any solution? I'm tried running samba 3.0.27 and 3.0.28 on solaris 10 with these results. Thanks, Christian -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: everyone acl
Jamrock wrote: Perhaps this article will shed some light on the issue. It explains how Samba works with Windows ACL's. http://searchenterpriselinux.techtarget.com/tip/0,289483,sid39_gci1080966,00.htm I understand how the acls should work. My issue seem to be more of a bug. For example: If I have the following setup... # owner: root # group: root user::rwx user:bin:rwx group::rwx mask::rwx other::r-- The other permission shows up in windows as the everyone acl having read. But If I uncheck the read permission, it just comes back. That is the problem. It should allow me to uncheck the read acl for everyone to perform the equivalent to chmod o-r but it does not work. After unchecking read for everyone, and hitting apply, the permission just returns. If I run chmod o-r from solaris, samba shows the proper permissions (everyone has nothing selected) and honors it. So something is broken with the implementation of the everyone acl. As a side note, I am able to add and remove acl's for other users and set their permissions just fine. It is just the everyone acl that seems to be special. Any ideas? Christian -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Joining Domain Problem only with XP SP2
On Saturday 16 February 2008, Doug VanLeuven wrote: Robert wrote: I've having trouble getting XP SP2's to join a domain. Whenever I try to join, at the point I'm asked for a user name and password with permission to join the domain, I enter root and root's password, then get the dreaded Unknown user or bad password error message. The clients are a mixed bunch with some 98's, 1 Win2K, a few XP SP1 (I know, I know!, but it's not a priority to management who has me fighting other fires), and the rest being XP SP2. I *ONLY* get the error with XP SP2. The Win2K and SP1 all join no problem, so it shouldn't be a problem with the Samba PDC or the config file else none should be joining. The 98's aren't a problem of course. In fact, for reasons I can't figure out, 2 of the SP2's joined too. What is stopping the SP2's from joining? I've tried creating the machine accounts by hand, but that had no effect. I cranked up the logging and it looks to me like root authenticates correctly, but I still get the error. Background: The original Samba PDC machine was getting old so management decided to trash it. I was tasked with putting together a replacement machine. I am using Kubuntu 7.10 (Gutsy) with Samba 3.0.26a. I disconnected the client machines from the domain (switched them to workgroup), then tried to reconnect with the new server online. The old server is physically gone. As I stated, only the XP SP2's are not joining. I'm including my smb.conf, but considering the XP SP1's and the one Win2K (which is actually running as a virtual machine with XP SP2 as a host OS; this XP SP2 won't join) all join, the config file should be correct, and I have a root user in my smbpassword file, and I'm typing the password correctly. Therefore it has to be something to do with the SP2's. Possibly some registry setting??? Right now the XP SP2's are running as workgroup computers. Yes, the old domain and new domain name are the same, but I've already tried changing the new name to something different then joining but with no luck. #=== Global Settings = [global] debug level = 2 workgroup = hap netbios name = linuxII hosts allow = 192.168.1. 127. printcap name = cups load printers = yes printing = cups guest account = pcguest log file = /var/log/samba/log.%m max log size = 50 security = user encrypt passwords = true passdb backend = tdbsam unix password sync = yes passwd program = /usr/bin/passwd %u passwd chat = *New*UNIX*password* %n\n *ReType*new*UNIX*password* %n\n*passwd:*all*authentication*tokens*updated*successfully* username map = /etc/samba/smbusers socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 interfaces = 192.168.1.8/32 127.0.0.1/32 bind interfaces only = true local master = yes os level = 34 domain master = yes preferred master = yes domain logons = yes logon script = home.bat logon path = \\%L\profiles\%U logon home = \\%L\%U logon drive = H: name resolve order = wins lmhosts bcast wins support = yes wins proxy = yes hide dot files = yes deadtime = 15 disable spoolss = yes show add printer wizard = no add machine script = /usr/sbin/useradd -d /dev/null -s /bin/false %u time server = yes # Share Definitions = [homes] comment = Home Directory browseable = no writable = yes # Un-comment the following and create the netlogon directory for Domain Logons [netlogon] comment = Network Logon Service path = /home/netlogon guest ok = yes writable = no #...Lots more shares...snip #=end config file= Since it's just XP SP2, you might want to look at the XP firewall settings that were added by default during the SP2 update. Get there Control Panel/Windows Firewall. In there is file and printer sharing blocking on by default for notebooks and computers directly on the internet. Maybe you already looked at this. Nothing else stands out. Regards, Doug It's a good thought. I'll check it, but I don't think that's the problem. As I said, the XP SP2's are functioning as workgroup computers for now, so the users can access their home shares just fine. Unless I'm badly mistaken, file and printer sharing blocking, if on, should block this too. -- Fail to learn history-repeat it. Fail to learn rights-lose them. Learn both-get screwed by previous two groups. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Re: wbinfo -a not working
Similar problem here, running Ubuntu Workstation 7.10 (so, also Debian). But it looks like I'm failing a stop beyond you. Works kinit wbinfo -u wbinfo -g wbinfo -t Fails - but note last line is a different result: wbinfo -a whit%pass plaintext password authentication failed error code was NT_STATUS_NO_SUCH_USER (0xc064) error messsage was: No such user Could not authenticate user whit%passwith plaintext password challenge/response password authentication succeeded However, despite the succeeded message there, from another box I see: # smbclient //no3/ftp -Uwhit%pass Domain=[ABC] OS=[Unix] Server=[Samba 3.0.26a] tree connect failed: NT_STATUS_ACCESS_DENIED And from samba: [2008/02/16 15:05:30, 2] auth/auth.c:check_ntlm_password(309) check_ntlm_password: authentication for user [whit] -[whit] -[whit] succeeded [2008/02/16 15:05:30, 0] auth/auth_util.c:create_builtin_administrators(792) create_builtin_administrators: Failed to create Administrators [2008/02/16 15:05:30, 2] auth/auth_util.c:create_local_nt_token(914) create_local_nt_token: Failed to create BUILTIN\Administrators group! [2008/02/16 15:05:30, 0] auth/auth_util.c:create_builtin_users(758) create_builtin_users: Failed to create Users [2008/02/16 15:05:30, 2] auth/auth_util.c:create_local_nt_token(941) create_local_nt_token: Failed to create BUILTIN\Users group! [2008/02/16 15:05:30, 2] lib/access.c:check_access(323) Allowed connection from (192.168.1.250) [2008/02/16 15:05:30, 2] lib/access.c:check_access(323) Allowed connection from (192.168.1.250) [2008/02/16 15:05:30, 2] smbd/service.c:make_connection_snum(616) user 'whit' (from session setup) not permitted to access this share (FTP) Despite that in smb.conf there is: [global] winbind separator = \ ... [FTP] valid users = ABC\whit ... In looking around for docs, nothing is complete, nothing is well cross-referenced with the rest, but this seems among the best: http://wiki.samba.org/index.php/Samba__Active_Directory I've found some old posts to this list about the BUILTIN stuff I ran into above, but just the problem reports, no description of the solution - or even if the errors there have anything to do with the subsequent failure to recognize that, yes samba, user 'whit' has explicit permission in smb.conf. It also fails with winbind use default domain which reportedly should mean no need to specify as ABC\whit but just whit should do. I've tried both krb5 and heimdal, with identical results. Curiously I was able to get it working just if my nsswitch.conf listed _only_ winbind for passwd: and group: entries - although of course without compat or files on that line local system users time out and the system becomes unusable after a short. The remote login then went fine though, using AD. WTF? Whit On Sat, Feb 16, 2008 at 05:00:07PM +0100, Rutger Beyen wrote: I'm trying to connect my Debian 4 samba box to my Windows 2003Server Active Directory. I successfully joined the domain, with net ads join. Wireshark captures a lot of packets going over the wire, and I get the message joined the domain successfully. In my AD, under 'computers', the samba box appeared. So that all works. Asking a kerberos ticket for a user with kinit is also successful. So kerberos is working fine. Wbinfo -u gives me all the users I have in my AD, and wbinfo -g does the same with all the groups. wbinfo -t also working fine. But when I try wbinfo -a rutger%rutger, I get plaintext password authentication failed error code was NT_STATUS_NO_SUCH_USER (0xc064) error messsage was: No such user Could not authenticate user rutger%rutger with plaintext password challenge/response password authentication failed error code was NT_STATUS_NO_SUCH_USER (0xc064) error messsage was: No such user Could not authenticate user rutger with challenge/response Same result with wbinfo -K. It says the user does not exist, but it is there when I do a wbinfo -u. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Virtual Servers with sercurity=ads
Hi, Is it possible to include the virtual server function when using AD/Kerberos authentication? In smb.conf on server wsdmirror I've got... [global] . security = ads . . netbios aliases = wtdsrv include = /etc/samba/smb.conf.%L . . . And a share on wsdmirror (not virtual machine) that requires AD authentication, that all works great! Now I want to host a public share \\wtdsrv\Office, read only, so I've got in /etc/samba/smb.conf.wtdsrv [Office] Path = /srv/Office Public = yes Read only = yes And that's all. When I try to go to the virtual server share from a windows client I get the authentication pop box and the following in the logs ...smbd/sesssetup.c:reply_spnego_kerberos(202) Failed to verify incoming ticket! When I run testparm I see include = /etc/samba/smb.conf.WSDMIRROR, but *not* smb.com.wtdsrv?!! Is what I'm trying to do possible? If so, what am I missing? Thanks. Steve R -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] |dirname| in dfs path \boxname\dirname is not a dfs root ?
Hi, It's looking to me like the error in the title is the main thing preventing logging into a share via ADS/winbind c. I see an old note here for someone seeing the same in his error logs: http://lists.samba.org/archive/samba-technical/2007-May/053388.html Ah - this explains a lot. The default for the msdfs root parameter changed between 3.0.24 from True to False. Has this client been restarted since the new Samba load was added and restarted ? If not - try rebooting the client. The clients remember if a server was a dfs root and act accordingly until a restart. The decision was made to change msdfs root = no due to problems detecting that the initial name given in a dfs root path belonged to this server (as I recall). The client for my testing purposes is smbclient on another Linux box. So I'm doubting that the reboot Windows advice is what I'm looking for. So, how the heck do I get around this error? And wtf does the error even mean? Thanks, Whit -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] |dirname| in dfs path \boxname\dirname is not a dfs root ?
Turns out that error can be got rid of with msdfs root = yes in the [share] section. But it doesn't solve my problem. More in another post. Whit -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] winbind problem
I'm trying to do an ADS share. With a sane nsswitch.conf, that is with these settings: passwd: compat winbind group: compat winbind I get this as the result: # smbclient //no3/ftp -Uwhit Password: Domain=[ABC] OS=[Unix] Server=[Samba 3.0.26a] tree connect failed: NT_STATUS_ACCESS_DENIED Yet with an insane nsswitch.conf, this is with these settings: passwd: winbind group: winbind I get a valid connection: # smbclient //no3/ftp -Uwhit Password: Domain=[ABC] OS=[Unix] Server=[Samba 3.0.26a] smb: \ quit So what's going on? It makes no difference if 'whit' is a UNIX user or not in this. The ADS part of the login goes through either way. But with 'compat' there (or 'files') it runs through a bunch of extra stuff that shows in the log for the connection, beginning with: [2008/02/16 20:31:58, 3] auth/auth.c:check_ntlm_password(221) check_ntlm_password: Checking password for unmapped user [EMAIL PROTECTED] with the new password interface [2008/02/16 20:31:58, 3] auth/auth.c:check_ntlm_password(224) check_ntlm_password: mapped user is: [EMAIL PROTECTED] and including: [2008/02/16 20:31:58, 3] auth/auth.c:check_ntlm_password(270) check_ntlm_password: winbind authentication for user [whit] succeeded and: [2008/02/16 20:31:58, 2] auth/auth.c:check_ntlm_password(309) check_ntlm_password: authentication for user [whit] - [whit] - [whit] succeeded and: [2008/02/16 20:31:58, 3] groupdb/mapping.c:pdb_create_builtin_alias(723) pdb_create_builtin_alias: Could not get a gid out of winbind [2008/02/16 20:31:58, 0] auth/auth_util.c:create_builtin_administrators(792) create_builtin_administrators: Failed to create Administrators [2008/02/16 20:31:58, 2] auth/auth_util.c:create_local_nt_token(914) create_local_nt_token: Failed to create BUILTIN\Administrators group! and the same for BUILTIN\users and lots of other stuff up to: [2008/02/16 20:31:58, 2] smbd/service.c:make_connection_snum(616) user 'whit' (from session setup) not permitted to access this share (FTP) [2008/02/16 20:31:58, 3] smbd/error.c:error_packet_set(106) error packet at smbd/reply.c(514) cmd=117 (SMBtconX) NT_STATUS_ACCESS_DENIED Now, I'm not wanting any of whatever winbind is doing here beyond authenticating against the ADS for the SMB shares on the Linux box. There are no home directories desired for the SMB users, just the shared shares, and no sort of login to the box for them outside of Samba. So what do I do to turn off this crap that looks like it must have to do with home directories and mapping the UNIX accounts (I'm guessing), that winbind does only if nsswitch gives it access to 'compat' or 'files,' and that denies users access to shares that without all this garbage they can get to just fine. Pardon my English. Regards, Whit -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[SCM] Samba Shared Repository - branch v3-2-test updated - initial-v3-2-test-2306-g0efaf76
The branch, v3-2-test has been updated via 0efaf76eecacd26edbc6e020230159eb5dd44b15 (commit) via 3a200957b2028198b9ee59f71da0f0b6601c95e2 (commit) via 6564d78c4504c0191c25dba03c381a8b3591aab5 (commit) via 188b81b3e053bbcb01bb13d9f185a45b75ac6365 (commit) from bf598744c5af1a14abd25c316c243d00b94cbbe0 (commit) http://gitweb.samba.org/?samba.git;a=shortlog;h=v3-2-test - Log - commit 0efaf76eecacd26edbc6e020230159eb5dd44b15 Author: Günther Deschner [EMAIL PROTECTED] Date: Sat Feb 16 14:02:03 2008 +0100 Add generated ndr_eventlog leftover produced by recent pidl changes. Guenther commit 3a200957b2028198b9ee59f71da0f0b6601c95e2 Author: Günther Deschner [EMAIL PROTECTED] Date: Sat Feb 16 13:59:55 2008 +0100 Re-run make idl. Guenther commit 6564d78c4504c0191c25dba03c381a8b3591aab5 Author: Günther Deschner [EMAIL PROTECTED] Date: Sat Feb 16 13:58:38 2008 +0100 Fix IDL for netr_LogonSamLogonEx. Guenther commit 188b81b3e053bbcb01bb13d9f185a45b75ac6365 Author: Günther Deschner [EMAIL PROTECTED] Date: Sat Feb 16 13:57:12 2008 +0100 Fix IDL for netr_LogonSamLogon. Guenther --- Summary of changes: source/librpc/gen_ndr/cli_netlogon.c |4 +- source/librpc/gen_ndr/cli_netlogon.h |4 +- source/librpc/gen_ndr/ndr_eventlog.c |2 +- source/librpc/gen_ndr/ndr_netlogon.c | 50 + source/librpc/gen_ndr/netlogon.h |4 +- source/librpc/idl/netlogon.idl |4 +- 6 files changed, 47 insertions(+), 21 deletions(-) Changeset truncated at 500 lines: diff --git a/source/librpc/gen_ndr/cli_netlogon.c b/source/librpc/gen_ndr/cli_netlogon.c index e8b4243..2937cc0 100644 --- a/source/librpc/gen_ndr/cli_netlogon.c +++ b/source/librpc/gen_ndr/cli_netlogon.c @@ -113,7 +113,7 @@ NTSTATUS rpccli_netr_LogonSamLogon(struct rpc_pipe_client *cli, struct netr_Authenticator *credential, struct netr_Authenticator *return_authenticator, uint16_t logon_level, - union netr_LogonLevel logon, + union netr_LogonLevel *logon, uint16_t validation_level, union netr_Validation *validation, uint8_t *authoritative) @@ -1974,7 +1974,7 @@ NTSTATUS rpccli_netr_LogonSamLogonEx(struct rpc_pipe_client *cli, const char *server_name, const char *computer_name, uint16_t logon_level, -union netr_LogonLevel logon, +union netr_LogonLevel *logon, uint16_t validation_level, union netr_Validation *validation, uint8_t *authoritative, diff --git a/source/librpc/gen_ndr/cli_netlogon.h b/source/librpc/gen_ndr/cli_netlogon.h index 706b794..1fdc1f6 100644 --- a/source/librpc/gen_ndr/cli_netlogon.h +++ b/source/librpc/gen_ndr/cli_netlogon.h @@ -22,7 +22,7 @@ NTSTATUS rpccli_netr_LogonSamLogon(struct rpc_pipe_client *cli, struct netr_Authenticator *credential, struct netr_Authenticator *return_authenticator, uint16_t logon_level, - union netr_LogonLevel logon, + union netr_LogonLevel *logon, uint16_t validation_level, union netr_Validation *validation, uint8_t *authoritative); @@ -298,7 +298,7 @@ NTSTATUS rpccli_netr_LogonSamLogonEx(struct rpc_pipe_client *cli, const char *server_name, const char *computer_name, uint16_t logon_level, -union netr_LogonLevel logon, +union netr_LogonLevel *logon, uint16_t validation_level, union netr_Validation *validation, uint8_t *authoritative, diff --git a/source/librpc/gen_ndr/ndr_eventlog.c b/source/librpc/gen_ndr/ndr_eventlog.c index c6a77c5..1b58eb6 100644 --- a/source/librpc/gen_ndr/ndr_eventlog.c +++ b/source/librpc/gen_ndr/ndr_eventlog.c @@ -878,7 +878,7 @@ static enum ndr_err_code ndr_pull_eventlog_ReadEventLogW(struct ndr_pull *ndr, i return ndr_pull_error(ndr, NDR_ERR_RANGE, value out
[SCM] Samba Shared Repository - branch v3-2-test updated - initial-v3-2-test-2302-gbf59874
The branch, v3-2-test has been updated via bf598744c5af1a14abd25c316c243d00b94cbbe0 (commit) from 2123aff75c8db431cb37d132058902287e740a85 (commit) http://gitweb.samba.org/?samba.git;a=shortlog;h=v3-2-test - Log - commit bf598744c5af1a14abd25c316c243d00b94cbbe0 Author: Günther Deschner [EMAIL PROTECTED] Date: Sat Feb 16 13:27:10 2008 +0100 Add init_netr_SamInfo3 routine. Guenther --- Summary of changes: source/Makefile.in|3 +- source/rpc_client/init_netlogon.c | 138 + 2 files changed, 140 insertions(+), 1 deletions(-) create mode 100644 source/rpc_client/init_netlogon.c Changeset truncated at 500 lines: diff --git a/source/Makefile.in b/source/Makefile.in index c3840d7..5257c68 100644 --- a/source/Makefile.in +++ b/source/Makefile.in @@ -411,7 +411,8 @@ LIBMSRPC_OBJ = rpc_client/cli_lsarpc.o rpc_client/cli_samr.o \ rpc_client/cli_spoolss.o rpc_client/cli_spoolss_notify.o \ rpc_client/cli_svcctl.o \ rpc_client/init_samr.o \ - rpc_client/init_lsa.o + rpc_client/init_lsa.o \ + rpc_client/init_netlogon.o LIBMSRPC_GEN_OBJ = librpc/gen_ndr/cli_lsa.o \ librpc/gen_ndr/cli_dfs.o \ diff --git a/source/rpc_client/init_netlogon.c b/source/rpc_client/init_netlogon.c new file mode 100644 index 000..73e8717 --- /dev/null +++ b/source/rpc_client/init_netlogon.c @@ -0,0 +1,138 @@ +/* + * Unix SMB/CIFS implementation. + * RPC Pipe client / server routines + * Copyright (C) Guenther Deschner 2008. + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, see http://www.gnu.org/licenses/. + */ + +#include includes.h + +/*** + inits a structure. +/ + +void init_netr_SamBaseInfo(struct netr_SamBaseInfo *r, + NTTIME last_logon, + NTTIME last_logoff, + NTTIME acct_expiry, + NTTIME last_password_change, + NTTIME allow_password_change, + NTTIME force_password_change, + const char *account_name, + const char *full_name, + const char *logon_script, + const char *profile_path, + const char *home_directory, + const char *home_drive, + uint16_t logon_count, + uint16_t bad_password_count, + uint32_t rid, + uint32_t primary_gid, + struct samr_RidWithAttributeArray groups, + uint32_t user_flags, + struct netr_UserSessionKey key, + const char *logon_server, + const char *domain, + struct dom_sid2 *domain_sid, + struct netr_LMSessionKey LMSessKey, + uint32_t acct_flags) +{ + r-last_logon = last_logon; + r-last_logoff = last_logoff; + r-acct_expiry = acct_expiry; + r-last_password_change = last_password_change; + r-allow_password_change = allow_password_change; + r-force_password_change = force_password_change; + init_lsa_String(r-account_name, account_name); + init_lsa_String(r-full_name, full_name); + init_lsa_String(r-logon_script, logon_script); + init_lsa_String(r-profile_path, profile_path); + init_lsa_String(r-home_directory, home_directory); + init_lsa_String(r-home_drive, home_drive); + r-logon_count = logon_count; + r-bad_password_count = bad_password_count; + r-rid = rid; + r-primary_gid = primary_gid; + r-groups = groups; + r-user_flags = user_flags; + r-key = key; + init_lsa_StringLarge(r-logon_server, logon_server); + init_lsa_StringLarge(r-domain, domain); + r-domain_sid = domain_sid; + r-LMSessKey = LMSessKey; + r-acct_flags = acct_flags; +}
[SCM] Samba Shared Repository - branch v3-2-test updated - initial-v3-2-test-2308-g7845a0d
The branch, v3-2-test has been updated via 7845a0d9a8f938c1be888ab2d9aa6c35d6f1dbad (commit) from 0d0b93995399bba0acf891fab107fd93ecec321f (commit) http://gitweb.samba.org/?samba.git;a=shortlog;h=v3-2-test - Log - commit 7845a0d9a8f938c1be888ab2d9aa6c35d6f1dbad Author: Günther Deschner [EMAIL PROTECTED] Date: Sat Feb 16 13:42:12 2008 +0100 YES! NETLOGON rpc server side migration to pidl finished. Guenther --- Summary of changes: source/Makefile.in |2 +- source/configure.in|4 +- source/rpc_server/srv_netlog.c | 169 source/rpc_server/srv_pipe.c |2 +- 4 files changed, 4 insertions(+), 173 deletions(-) delete mode 100644 source/rpc_server/srv_netlog.c Changeset truncated at 500 lines: diff --git a/source/Makefile.in b/source/Makefile.in index 5257c68..210db6f 100644 --- a/source/Makefile.in +++ b/source/Makefile.in @@ -482,7 +482,7 @@ REG_API_OBJ = registry/reg_api.o \ RPC_LSA_OBJ = rpc_server/srv_lsa.o rpc_server/srv_lsa_nt.o librpc/gen_ndr/srv_lsa.o -RPC_NETLOG_OBJ = rpc_server/srv_netlog.o rpc_server/srv_netlog_nt.o \ +RPC_NETLOG_OBJ = rpc_server/srv_netlog_nt.o \ librpc/gen_ndr/srv_netlogon.o RPC_SAMR_OBJ = rpc_server/srv_samr_nt.o \ diff --git a/source/configure.in b/source/configure.in index aa024c6..1f8efb9 100644 --- a/source/configure.in +++ b/source/configure.in @@ -745,7 +745,7 @@ AC_SUBST(DYNEXP) dnl Add modules that have to be built by default here dnl These have to be built static: -default_static_modules=pdb_smbpasswd pdb_tdbsam rpc_lsa rpc_samr rpc_winreg rpc_initshutdown rpc_dssetup rpc_wkssvc rpc_svcctl2 rpc_ntsvcs rpc_net rpc_netdfs rpc_srvsvc2 rpc_spoolss rpc_eventlog2 auth_sam auth_unix auth_winbind auth_server auth_domain auth_builtin vfs_default nss_info_template +default_static_modules=pdb_smbpasswd pdb_tdbsam rpc_lsa rpc_samr rpc_winreg rpc_initshutdown rpc_dssetup rpc_wkssvc rpc_svcctl2 rpc_ntsvcs rpc_netlogon rpc_netdfs rpc_srvsvc2 rpc_spoolss rpc_eventlog2 auth_sam auth_unix auth_winbind auth_server auth_domain auth_builtin vfs_default nss_info_template dnl These are preferably build shared, and static if dlopen() is not available default_shared_modules=vfs_recycle vfs_audit vfs_extd_audit vfs_full_audit vfs_netatalk vfs_fake_perms vfs_default_quota vfs_readonly vfs_cap vfs_expand_msdfs vfs_shadow_copy vfs_shadow_copy2 charset_CP850 charset_CP437 auth_script vfs_readahead vfs_syncops vfs_xattr_tdb vfs_streams_xattr @@ -6616,7 +6616,7 @@ SMB_MODULE(rpc_dssetup, \$(RPC_DSSETUP_OBJ), bin/librpc_dssetup.$SHLIBEXT, RPC SMB_MODULE(rpc_wkssvc, \$(RPC_WKS_OBJ), bin/librpc_wkssvc.$SHLIBEXT, RPC) SMB_MODULE(rpc_svcctl2, \$(RPC_SVCCTL_OBJ), bin/librpc_svcctl2.$SHLIBEXT, RPC) SMB_MODULE(rpc_ntsvcs, \$(RPC_NTSVCS_OBJ), bin/librpc_ntsvcs.$SHLIBEXT, RPC) -SMB_MODULE(rpc_net, \$(RPC_NETLOG_OBJ), bin/librpc_NETLOGON.$SHLIBEXT, RPC) +SMB_MODULE(rpc_netlogon, \$(RPC_NETLOG_OBJ), bin/librpc_NETLOGON.$SHLIBEXT, RPC) SMB_MODULE(rpc_netdfs, \$(RPC_DFS_OBJ), bin/librpc_netdfs.$SHLIBEXT, RPC) SMB_MODULE(rpc_srvsvc2, \$(RPC_SVC_OBJ), bin/librpc_svcsvc2.$SHLIBEXT, RPC) SMB_MODULE(rpc_spoolss, \$(RPC_SPOOLSS_OBJ), bin/librpc_spoolss.$SHLIBEXT, RPC) diff --git a/source/rpc_server/srv_netlog.c b/source/rpc_server/srv_netlog.c deleted file mode 100644 index ea9408a..000 --- a/source/rpc_server/srv_netlog.c +++ /dev/null @@ -1,169 +0,0 @@ -/* - * Unix SMB/CIFS implementation. - * RPC Pipe client / server routines - * Copyright (C) Andrew Tridgell 1992-1997, - * Copyright (C) Luke Kenneth Casson Leighton 1996-1997, - * Copyright (C) Paul Ashton 1997, - * Copyright (C) Jeremy Allison 1998-2001, - * Copyright (C) Jim McDonough [EMAIL PROTECTED] 2003. - * - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 3 of the License, or - * (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program; if not, see http://www.gnu.org/licenses/. - */ - -/* This is the interface to the netlogon pipe. */ - -#include includes.h - -#undef DBGC_CLASS -#define DBGC_CLASS DBGC_RPC_SRV - -/*** - / - -static bool proxy_netr_call(pipes_struct *p, uint8 opnum) -{ -
[SCM] Samba Shared Repository - branch v3-2-test updated - initial-v3-2-test-2307-g0d0b939
The branch, v3-2-test has been updated via 0d0b93995399bba0acf891fab107fd93ecec321f (commit) from 0efaf76eecacd26edbc6e020230159eb5dd44b15 (commit) http://gitweb.samba.org/?samba.git;a=shortlog;h=v3-2-test - Log - commit 0d0b93995399bba0acf891fab107fd93ecec321f Author: Günther Deschner [EMAIL PROTECTED] Date: Sat Feb 16 13:28:03 2008 +0100 Use pidl for _netr_LogonSamLogon() and _netr_LogonSamLogonEx(). Guenther --- Summary of changes: source/rpc_server/srv_netlog.c| 46 +-- source/rpc_server/srv_netlog_nt.c | 291 ++--- 2 files changed, 147 insertions(+), 190 deletions(-) Changeset truncated at 500 lines: diff --git a/source/rpc_server/srv_netlog.c b/source/rpc_server/srv_netlog.c index 0e386c0..ea9408a 100644 --- a/source/rpc_server/srv_netlog.c +++ b/source/rpc_server/srv_netlog.c @@ -100,28 +100,7 @@ static bool api_net_sam_logoff(pipes_struct *p) static bool api_net_sam_logon(pipes_struct *p) { - NET_Q_SAM_LOGON q_u; - NET_R_SAM_LOGON r_u; - prs_struct *data = p-in_data.data; - prs_struct *rdata = p-out_data.rdata; - - ZERO_STRUCT(q_u); - ZERO_STRUCT(r_u); - - if(!net_io_q_sam_logon(, q_u, data, 0)) { - DEBUG(0, (api_net_sam_logon: Failed to unmarshall NET_Q_SAM_LOGON.\n)); - return False; - } - - r_u.status = _net_sam_logon(p, q_u, r_u); - - /* store the response in the SMB stream */ - if(!net_io_r_sam_logon(, r_u, rdata, 0)) { - DEBUG(0,(api_net_sam_logon: Failed to marshall NET_R_SAM_LOGON.\n)); - return False; - } - - return True; + return proxy_netr_call(p, NDR_NETR_LOGONSAMLOGON); } /* @@ -157,28 +136,7 @@ static bool api_net_logon_ctrl(pipes_struct *p) static bool api_net_sam_logon_ex(pipes_struct *p) { - NET_Q_SAM_LOGON_EX q_u; - NET_R_SAM_LOGON_EX r_u; - prs_struct *data = p-in_data.data; - prs_struct *rdata = p-out_data.rdata; - - ZERO_STRUCT(q_u); - ZERO_STRUCT(r_u); - - if(!net_io_q_sam_logon_ex(, q_u, data, 0)) { - DEBUG(0, (api_net_sam_logon_ex: Failed to unmarshall NET_Q_SAM_LOGON_EX.\n)); - return False; - } - - r_u.status = _net_sam_logon_ex(p, q_u, r_u); - - /* store the response in the SMB stream */ - if(!net_io_r_sam_logon_ex(, r_u, rdata, 0)) { - DEBUG(0,(api_net_sam_logon_ex: Failed to marshall NET_R_SAM_LOGON_EX.\n)); - return False; - } - - return True; + return proxy_netr_call(p, NDR_NETR_LOGONSAMLOGONEX); } /*** diff --git a/source/rpc_server/srv_netlog_nt.c b/source/rpc_server/srv_netlog_nt.c index 017c4fe..c64e5b8 100644 --- a/source/rpc_server/srv_netlog_nt.c +++ b/source/rpc_server/srv_netlog_nt.c @@ -771,52 +771,53 @@ static NTSTATUS nt_token_to_group_list(TALLOC_CTX *mem_ctx, } /* - _net_sam_logon + _netr_LogonSamLogon */ -static NTSTATUS _net_sam_logon_internal(pipes_struct *p, - NET_Q_SAM_LOGON *q_u, - NET_R_SAM_LOGON *r_u, - bool process_creds) +NTSTATUS _netr_LogonSamLogon(pipes_struct *p, +struct netr_LogonSamLogon *r) { NTSTATUS status = NT_STATUS_OK; - NET_USER_INFO_3 *usr_info = NULL; - NET_ID_INFO_CTR *ctr = q_u-sam_id.ctr; - UNISTR2 *uni_samlogon_user = NULL; - UNISTR2 *uni_samlogon_domain = NULL; - UNISTR2 *uni_samlogon_workstation = NULL; + struct netr_SamInfo3 *sam3 = NULL; + union netr_LogonLevel *logon = r-in.logon; fstring nt_username, nt_domain, nt_workstation; auth_usersupplied_info *user_info = NULL; auth_serversupplied_info *server_info = NULL; struct samu *sampw; struct auth_context *auth_context = NULL; + bool process_creds = true; + + switch (p-hdr_req.opnum) { + case NDR_NETR_LOGONSAMLOGON: + process_creds = true; + break; + case NDR_NETR_LOGONSAMLOGONEX: + default: + process_creds = false; + } if ( (lp_server_schannel() == True) (p-auth.auth_type != PIPE_AUTH_TYPE_SCHANNEL) ) { /* 'server schannel = yes' should enforce use of schannel, the client did offer it in auth2, but obviously did not use it. */ -
[SCM] Samba Shared Repository - branch v3-2-test updated - initial-v3-2-test-2311-ge48737f
The branch, v3-2-test has been updated via e48737f04d2324b604f3290904ec6163a6242ae5 (commit) via 33f91c894488687a42500e751eb9016d99d9129c (commit) via 2fb73a3545634982d17d3823cb629f06c5779fc0 (commit) from 7845a0d9a8f938c1be888ab2d9aa6c35d6f1dbad (commit) http://gitweb.samba.org/?samba.git;a=shortlog;h=v3-2-test - Log - commit e48737f04d2324b604f3290904ec6163a6242ae5 Author: Günther Deschner [EMAIL PROTECTED] Date: Sat Feb 16 16:06:55 2008 +0100 Remove unused marshalling for NET_SRV_PWSET. Guenther commit 33f91c894488687a42500e751eb9016d99d9129c Author: Günther Deschner [EMAIL PROTECTED] Date: Sat Feb 16 16:04:01 2008 +0100 Use rpccli_netr_ServerPasswordSet in just_change_the_password(). Guenther commit 2fb73a3545634982d17d3823cb629f06c5779fc0 Author: Günther Deschner [EMAIL PROTECTED] Date: Sat Feb 16 15:14:04 2008 +0100 Remove unused creds_server_check and creds_server_step. Guenther --- Summary of changes: source/include/rpc_netlogon.h| 13 --- source/libsmb/credentials.c | 41 --- source/libsmb/trusts_util.c | 27 ++- source/rpc_client/cli_netlogon.c | 48 -- source/rpc_parse/parse_net.c | 68 -- 5 files changed, 26 insertions(+), 171 deletions(-) Changeset truncated at 500 lines: diff --git a/source/include/rpc_netlogon.h b/source/include/rpc_netlogon.h index e8414ed..044368d 100644 --- a/source/include/rpc_netlogon.h +++ b/source/include/rpc_netlogon.h @@ -309,19 +309,6 @@ typedef struct net_r_auth3_info { } NET_R_AUTH_3; -/* NET_Q_SRV_PWSET */ -typedef struct net_q_srv_pwset_info { - DOM_CLNT_INFO clnt_id; /* client identification/authentication info */ - uint8 pwd[16]; /* new password - undocumented. */ -} NET_Q_SRV_PWSET; - -/* NET_R_SRV_PWSET */ -typedef struct net_r_srv_pwset_info { - DOM_CRED srv_cred; /* server-calculated credentials */ - - NTSTATUS status; /* return code */ -} NET_R_SRV_PWSET; - /* NET_ID_INFO_2 */ typedef struct net_network_info_2 { uint32ptr_id_info2;/* pointer to id_info_2 */ diff --git a/source/libsmb/credentials.c b/source/libsmb/credentials.c index 328b931..2dcbdf3 100644 --- a/source/libsmb/credentials.c +++ b/source/libsmb/credentials.c @@ -213,18 +213,6 @@ void creds_server_init(uint32 neg_flags, Check a credential sent by the client. / -bool creds_server_check(const struct dcinfo *dc, const DOM_CHAL *rcv_cli_chal_in) -{ - if (memcmp(dc-clnt_chal.data, rcv_cli_chal_in-data, 8)) { - DEBUG(5,(creds_server_check: challenge : %s\n, credstr(rcv_cli_chal_in-data))); - DEBUG(5,(calculated: %s\n, credstr(dc-clnt_chal.data))); - DEBUG(2,(creds_server_check: credentials check failed.\n)); - return False; - } - DEBUG(10,(creds_server_check: credentials check OK.\n)); - return True; -} - bool netlogon_creds_server_check(const struct dcinfo *dc, const struct netr_Credential *rcv_cli_chal_in) { @@ -260,35 +248,6 @@ static void creds_reseed(struct dcinfo *dc) Step the server credential chain one forward. / -bool creds_server_step(struct dcinfo *dc, const DOM_CRED *received_cred, DOM_CRED *cred_out) -{ - bool ret; - struct dcinfo tmp_dc = *dc; - - /* Do all operations on a temporary copy of the dc, - which we throw away if the checks fail. */ - - tmp_dc.sequence = received_cred-timestamp.time; - - creds_step(tmp_dc); - - /* Create the outgoing credentials */ - cred_out-timestamp.time = tmp_dc.sequence + 1; - memcpy(cred_out-challenge.data, tmp_dc.srv_chal.data, - sizeof(cred_out-challenge.data)); - - creds_reseed(tmp_dc); - - ret = creds_server_check(tmp_dc, received_cred-challenge); - if (!ret) { - return False; - } - - /* creds step succeeded - replace the current creds. */ - *dc = tmp_dc; - return True; -} - bool netlogon_creds_server_step(struct dcinfo *dc, const struct netr_Authenticator *received_cred, struct netr_Authenticator *cred_out) diff --git a/source/libsmb/trusts_util.c b/source/libsmb/trusts_util.c index 11f691b..1e92bf2 100644 --- a/source/libsmb/trusts_util.c +++ b/source/libsmb/trusts_util.c @@ -58,7 +58,32 @@ static NTSTATUS just_change_the_password(struct rpc_pipe_client *cli, TALLOC_CTX } } - result = rpccli_net_srv_pwset(cli, mem_ctx, global_myname(),
[SCM] Samba Shared Repository - branch v3-2-test updated - initial-v3-2-test-2312-g2c235d2
The branch, v3-2-test has been updated via 2c235d2f37522e3a836524a6a165a930bff099a4 (commit) from e48737f04d2324b604f3290904ec6163a6242ae5 (commit) http://gitweb.samba.org/?samba.git;a=shortlog;h=v3-2-test - Log - commit 2c235d2f37522e3a836524a6a165a930bff099a4 Author: Günther Deschner [EMAIL PROTECTED] Date: Sat Feb 16 16:08:34 2008 +0100 Remove unused netlogon delta defines. Guenther --- Summary of changes: source/include/rpc_netlogon.h | 18 -- 1 files changed, 0 insertions(+), 18 deletions(-) Changeset truncated at 500 lines: diff --git a/source/include/rpc_netlogon.h b/source/include/rpc_netlogon.h index 044368d..e9d9c30 100644 --- a/source/include/rpc_netlogon.h +++ b/source/include/rpc_netlogon.h @@ -45,24 +45,6 @@ #define NET_DSR_GETDCNAMEEX2 0x22 #define NET_SAMLOGON_EX0x27 -/* Returned delta types */ -#define SAM_DELTA_DOMAIN_INFO0x01 -#define SAM_DELTA_GROUP_INFO 0x02 -#define SAM_DELTA_RENAME_GROUP 0x04 -#define SAM_DELTA_ACCOUNT_INFO 0x05 -#define SAM_DELTA_RENAME_USER0x07 -#define SAM_DELTA_GROUP_MEM 0x08 -#define SAM_DELTA_ALIAS_INFO 0x09 -#define SAM_DELTA_RENAME_ALIAS 0x0b -#define SAM_DELTA_ALIAS_MEM 0x0c -#define SAM_DELTA_POLICY_INFO0x0d -#define SAM_DELTA_TRUST_DOMS 0x0e -#define SAM_DELTA_PRIVS_INFO 0x10 /* DT_DELTA_ACCOUNTS */ -#define SAM_DELTA_SECRET_INFO0x12 -#define SAM_DELTA_DELETE_GROUP 0x14 -#define SAM_DELTA_DELETE_USER0x15 -#define SAM_DELTA_MODIFIED_COUNT 0x16 - /* flags use when sending a NETLOGON_CONTROL request */ #define NETLOGON_CONTROL_SYNC 0x2 -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v3-2-test updated - initial-v3-2-test-2313-g5c762c6
The branch, v3-2-test has been updated via 5c762c6d57dce1016ebe2613a75b492eeac84c3d (commit) from 2c235d2f37522e3a836524a6a165a930bff099a4 (commit) http://gitweb.samba.org/?samba.git;a=shortlog;h=v3-2-test - Log - commit 5c762c6d57dce1016ebe2613a75b492eeac84c3d Author: Volker Lendecke [EMAIL PROTECTED] Date: Sat Feb 16 20:29:49 2008 +0100 Remove unused code, make fns static --- Summary of changes: source/rpc_parse/parse_sec.c | 24 1 files changed, 4 insertions(+), 20 deletions(-) Changeset truncated at 500 lines: diff --git a/source/rpc_parse/parse_sec.c b/source/rpc_parse/parse_sec.c index 6ea128d..c71b310 100644 --- a/source/rpc_parse/parse_sec.c +++ b/source/rpc_parse/parse_sec.c @@ -27,28 +27,11 @@ #define DBGC_CLASS DBGC_RPC_PARSE /*** - Reads or writes a SEC_ACCESS structure. -/ - -bool sec_io_access(const char *desc, SEC_ACCESS *t, prs_struct *ps, int depth) -{ - if (t == NULL) - return False; - - prs_debug(ps, depth, desc, sec_io_access); - depth++; - - if(!prs_uint32(mask, ps, depth, t)) - return False; - - return True; -} - -/*** Reads or writes a SEC_ACE structure. / -bool sec_io_ace(const char *desc, SEC_ACE *psa, prs_struct *ps, int depth) +static bool sec_io_ace(const char *desc, SEC_ACE *psa, prs_struct *ps, + int depth) { uint32 old_offset; uint32 offset_ace_size; @@ -130,7 +113,8 @@ bool sec_io_ace(const char *desc, SEC_ACE *psa, prs_struct *ps, int depth) for you as it reads them. / -bool sec_io_acl(const char *desc, SEC_ACL **ppsa, prs_struct *ps, int depth) +static bool sec_io_acl(const char *desc, SEC_ACL **ppsa, prs_struct *ps, + int depth) { unsigned int i; uint32 old_offset; -- Samba Shared Repository
Build status as of Sun Feb 17 00:00:02 2008
URL: http://build.samba.org/ --- /home/build/master/cache/broken_results.txt.old 2008-02-16 00:01:11.0 + +++ /home/build/master/cache/broken_results.txt 2008-02-17 00:00:46.0 + @@ -1,4 +1,4 @@ -Build status as of Sat Feb 16 00:00:03 2008 +Build status as of Sun Feb 17 00:00:02 2008 Build counts: Tree Total Broken Panic @@ -6,7 +6,7 @@ ccache 31 9 0 ctdb 0 0 0 distcc 1 0 0 -ldb 31 15 0 +ldb 30 15 0 libreplace 30 18 0 lorikeet-heimdal 25 13 0 pidl 18 5 0 @@ -14,7 +14,7 @@ rsync31 14 0 samba-docs 0 0 0 samba-gtk4 4 0 -samba_3_2_test 31 28 0 +samba_3_2_test 31 20 0 samba_4_0_test 29 29 0 smb-build29 3 0 talloc 31 8 0
[SCM] Samba Shared Repository - branch v3-2-test updated - initial-v3-2-test-2314-g05e6399
The branch, v3-2-test has been updated via 05e63993184f084139cd9536ae1a6445b601fa1f (commit) from 5c762c6d57dce1016ebe2613a75b492eeac84c3d (commit) http://gitweb.samba.org/?samba.git;a=shortlog;h=v3-2-test - Log - commit 05e63993184f084139cd9536ae1a6445b601fa1f Author: Michael Adam [EMAIL PROTECTED] Date: Sun Feb 17 01:09:15 2008 +0100 Add missing dependency to libtdb to libnss_wins.so Michael --- Summary of changes: source/Makefile.in |4 ++-- 1 files changed, 2 insertions(+), 2 deletions(-) Changeset truncated at 500 lines: diff --git a/source/Makefile.in b/source/Makefile.in index 210db6f..6a7ad28 100644 --- a/source/Makefile.in +++ b/source/Makefile.in @@ -1631,10 +1631,10 @@ bin/[EMAIL PROTECTED]@: $(BINARY_PREREQS) $(VLP_OBJ) @LIBTDB_SHARED@ @LIBWBCLIENT_SHARE @$(SHLD) $(WINBIND_NSS_LDSHFLAGS) -o $@ $(WINBIND_NSS_OBJ) \ @WINBIND_NSS_EXTRA_LIBS@ @WINBIND_NSS_PTHREAD@ @[EMAIL PROTECTED] [EMAIL PROTECTED]@NSSSONAMEVERSIONSUFFIX@ [EMAIL PROTECTED]@: $(BINARY_PREREQS) $(WINBIND_WINS_NSS_OBJ) [EMAIL PROTECTED]@: $(BINARY_PREREQS) $(WINBIND_WINS_NSS_OBJ) @LIBTDB_SHARED@ @echo Linking $@ @$(SHLD) $(LDSHFLAGS) -o $@ $(WINBIND_WINS_NSS_OBJ) \ - $(LDAP_LIBS) $(KRB5LIBS) $(LIBS) \ + $(LDAP_LIBS) $(KRB5LIBS) $(LIBS) @LIBTDB_LIBS@ \ @[EMAIL PROTECTED] [EMAIL PROTECTED]@NSSSONAMEVERSIONSUFFIX@ bin/[EMAIL PROTECTED]@: $(BINARY_PREREQS) $(WINBIND_KRB5_LOCATOR_OBJ) -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v3-2-test updated - initial-v3-2-test-2315-gdc2e563
The branch, v3-2-test has been updated via dc2e563e1fe5a18dc799e195d89199a59e3e05a7 (commit) from 05e63993184f084139cd9536ae1a6445b601fa1f (commit) http://gitweb.samba.org/?samba.git;a=shortlog;h=v3-2-test - Log - commit dc2e563e1fe5a18dc799e195d89199a59e3e05a7 Author: Günther Deschner [EMAIL PROTECTED] Date: Sat Feb 16 17:06:23 2008 +0100 Add krb5pac IDL from samba4. Guenther --- Summary of changes: source/Makefile.in |6 +- source/include/smb.h|1 + source/librpc/gen_ndr/krb5pac.h | 116 + source/librpc/gen_ndr/ndr_krb5pac.c | 840 +++ source/librpc/idl/krb5pac.idl | 98 source/librpc/ndr/ndr_krb5pac.c | 141 ++ 6 files changed, 1200 insertions(+), 2 deletions(-) create mode 100644 source/librpc/gen_ndr/krb5pac.h create mode 100644 source/librpc/gen_ndr/ndr_krb5pac.c create mode 100644 source/librpc/idl/krb5pac.idl create mode 100644 source/librpc/ndr/ndr_krb5pac.c Changeset truncated at 500 lines: diff --git a/source/Makefile.in b/source/Makefile.in index 6a7ad28..a1b8089 100644 --- a/source/Makefile.in +++ b/source/Makefile.in @@ -382,7 +382,9 @@ LIBADS_OBJ = libads/ldap.o libads/ldap_printer.o \ libads/disp_sec.o libads/ads_utils.o libads/ldap_utils.o \ libads/cldap.o libads/ldap_schema.o libads/util.o libads/ndr.o -LIBADS_SERVER_OBJ = libads/kerberos_verify.o libads/authdata.o +LIBADS_SERVER_OBJ = libads/kerberos_verify.o libads/authdata.o \ + librpc/ndr/ndr_krb5pac.o \ + librpc/gen_ndr/ndr_krb5pac.o SECRETS_OBJ = passdb/secrets.o passdb/machine_sid.o @@ -1118,7 +1120,7 @@ modules: SHOWFLAGS $(MODULES) IDL_FILES = unixinfo.idl lsa.idl dfs.idl echo.idl winreg.idl initshutdown.idl \ srvsvc.idl svcctl.idl eventlog.idl wkssvc.idl netlogon.idl notify.idl \ epmapper.idl messaging.idl xattr.idl misc.idl samr.idl security.idl \ - dssetup.idl + dssetup.idl krb5pac.idl idl: @IDL_FILES=$(IDL_FILES) CPP=$(CPP) PERL=$(PERL) \ diff --git a/source/include/smb.h b/source/include/smb.h index 3e0c997..5e524ee 100644 --- a/source/include/smb.h +++ b/source/include/smb.h @@ -308,6 +308,7 @@ extern const DATA_BLOB data_blob_null; #include librpc/gen_ndr/samr.h #include librpc/gen_ndr/dssetup.h #include librpc/gen_ndr/libnet_join.h +#include librpc/gen_ndr/krb5pac.h struct lsa_dom_info { bool valid; diff --git a/source/librpc/gen_ndr/krb5pac.h b/source/librpc/gen_ndr/krb5pac.h new file mode 100644 index 000..a0d75fd --- /dev/null +++ b/source/librpc/gen_ndr/krb5pac.h @@ -0,0 +1,116 @@ +/* header auto-generated by pidl */ + +#include stdint.h + +#include librpc/gen_ndr/security.h +#include librpc/gen_ndr/netlogon.h +#include librpc/gen_ndr/samr.h +#ifndef _HEADER_krb5pac +#define _HEADER_krb5pac + +struct PAC_LOGON_NAME { + NTTIME logon_time; + uint16_t size;/* [value(2*strlen_m(account_name))] */ + const char *account_name;/* [charset(UTF16)] */ +}; + +struct PAC_SIGNATURE_DATA { + uint32_t type; + DATA_BLOB signature;/* [flag(LIBNDR_FLAG_REMAINING)] */ +}/* [public,flag(LIBNDR_PRINT_ARRAY_HEX)] */; + +struct PAC_LOGON_INFO { + struct netr_SamInfo3 info3; + struct dom_sid2 *res_group_dom_sid;/* [unique] */ + struct samr_RidWithAttributeArray res_groups; +}/* [gensize] */; + +struct PAC_LOGON_INFO_CTR { + uint32_t unknown1;/* [value(0x00081001)] */ + uint32_t unknown2;/* [value(0x)] */ + uint32_t _ndr_size;/* [value(NDR_ROUND(ndr_size_PAC_LOGON_INFO(info,ndr-flags)+4,8))] */ + uint32_t unknown3;/* [value(0x)] */ + struct PAC_LOGON_INFO *info;/* [unique] */ +}/* [public] */; + +enum PAC_TYPE +#ifndef USE_UINT_ENUMS + { + PAC_TYPE_LOGON_INFO=1, + PAC_TYPE_SRV_CHECKSUM=6, + PAC_TYPE_KDC_CHECKSUM=7, + PAC_TYPE_LOGON_NAME=10, + PAC_TYPE_CONSTRAINED_DELEGATION=11 +} +#else + { __donnot_use_enum_PAC_TYPE=0x7FFF} +#define PAC_TYPE_LOGON_INFO ( 1 ) +#define PAC_TYPE_SRV_CHECKSUM ( 6 ) +#define PAC_TYPE_KDC_CHECKSUM ( 7 ) +#define PAC_TYPE_LOGON_NAME ( 10 ) +#define PAC_TYPE_CONSTRAINED_DELEGATION ( 11 ) +#endif +; + +union PAC_INFO { + struct PAC_LOGON_INFO_CTR logon_info;/* [case(PAC_TYPE_LOGON_INFO)] */ + struct PAC_SIGNATURE_DATA srv_cksum;/* [case(PAC_TYPE_SRV_CHECKSUM)] */ + struct PAC_SIGNATURE_DATA kdc_cksum;/* [case(PAC_TYPE_KDC_CHECKSUM)] */ + struct PAC_LOGON_NAME logon_name;/* [case(PAC_TYPE_LOGON_NAME)] */ +}/* [gensize,nodiscriminant,public] */; + +struct PAC_BUFFER { + enum PAC_TYPE type; + uint32_t _ndr_size;/* [value(_ndr_size_PAC_INFO(info,type,0))] */ + union PAC_INFO *info;/*
[SCM] Samba Shared Repository - branch v3-2-test updated - initial-v3-2-test-2317-gd0ceb48
The branch, v3-2-test has been updated via d0ceb482eb3ee1f8d8253152bab9de8b086ee76e (commit) via 1bc35cf592f3e5d5873320f8669424a2bbaaa073 (commit) from dc2e563e1fe5a18dc799e195d89199a59e3e05a7 (commit) http://gitweb.samba.org/?samba.git;a=shortlog;h=v3-2-test - Log - commit d0ceb482eb3ee1f8d8253152bab9de8b086ee76e Author: Günther Deschner [EMAIL PROTECTED] Date: Sun Feb 17 01:33:46 2008 +0100 Re-run make idl. Guenther commit 1bc35cf592f3e5d5873320f8669424a2bbaaa073 Author: Günther Deschner [EMAIL PROTECTED] Date: Sun Feb 17 01:33:03 2008 +0100 Add netsamlogoncache_entry to krb5pac IDL, probably not the most accurate place... Guenther --- Summary of changes: source/librpc/gen_ndr/krb5pac.h |5 + source/librpc/gen_ndr/ndr_krb5pac.c | 35 +++ source/librpc/idl/krb5pac.idl |6 ++ 3 files changed, 46 insertions(+), 0 deletions(-) Changeset truncated at 500 lines: diff --git a/source/librpc/gen_ndr/krb5pac.h b/source/librpc/gen_ndr/krb5pac.h index a0d75fd..b8b9054 100644 --- a/source/librpc/gen_ndr/krb5pac.h +++ b/source/librpc/gen_ndr/krb5pac.h @@ -89,6 +89,11 @@ struct PAC_DATA_RAW { struct PAC_BUFFER_RAW *buffers; }/* [public] */; +struct netsamlogoncache_entry { + time_t timestamp; + struct netr_SamInfo3 info3; +}/* [public] */; + struct decode_pac { struct { diff --git a/source/librpc/gen_ndr/ndr_krb5pac.c b/source/librpc/gen_ndr/ndr_krb5pac.c index 722e7ac..82b7803 100644 --- a/source/librpc/gen_ndr/ndr_krb5pac.c +++ b/source/librpc/gen_ndr/ndr_krb5pac.c @@ -655,6 +655,41 @@ _PUBLIC_ void ndr_print_PAC_DATA_RAW(struct ndr_print *ndr, const char *name, co ndr-depth--; } +_PUBLIC_ enum ndr_err_code ndr_push_netsamlogoncache_entry(struct ndr_push *ndr, int ndr_flags, const struct netsamlogoncache_entry *r) +{ + if (ndr_flags NDR_SCALARS) { + NDR_CHECK(ndr_push_align(ndr, 4)); + NDR_CHECK(ndr_push_time_t(ndr, NDR_SCALARS, r-timestamp)); + NDR_CHECK(ndr_push_netr_SamInfo3(ndr, NDR_SCALARS, r-info3)); + } + if (ndr_flags NDR_BUFFERS) { + NDR_CHECK(ndr_push_netr_SamInfo3(ndr, NDR_BUFFERS, r-info3)); + } + return NDR_ERR_SUCCESS; +} + +_PUBLIC_ enum ndr_err_code ndr_pull_netsamlogoncache_entry(struct ndr_pull *ndr, int ndr_flags, struct netsamlogoncache_entry *r) +{ + if (ndr_flags NDR_SCALARS) { + NDR_CHECK(ndr_pull_align(ndr, 4)); + NDR_CHECK(ndr_pull_time_t(ndr, NDR_SCALARS, r-timestamp)); + NDR_CHECK(ndr_pull_netr_SamInfo3(ndr, NDR_SCALARS, r-info3)); + } + if (ndr_flags NDR_BUFFERS) { + NDR_CHECK(ndr_pull_netr_SamInfo3(ndr, NDR_BUFFERS, r-info3)); + } + return NDR_ERR_SUCCESS; +} + +_PUBLIC_ void ndr_print_netsamlogoncache_entry(struct ndr_print *ndr, const char *name, const struct netsamlogoncache_entry *r) +{ + ndr_print_struct(ndr, name, netsamlogoncache_entry); + ndr-depth++; + ndr_print_time_t(ndr, timestamp, r-timestamp); + ndr_print_netr_SamInfo3(ndr, info3, r-info3); + ndr-depth--; +} + static enum ndr_err_code ndr_push_decode_pac(struct ndr_push *ndr, int flags, const struct decode_pac *r) { if (flags NDR_IN) { diff --git a/source/librpc/idl/krb5pac.idl b/source/librpc/idl/krb5pac.idl index 3904272..601e3e1 100644 --- a/source/librpc/idl/krb5pac.idl +++ b/source/librpc/idl/krb5pac.idl @@ -95,4 +95,10 @@ interface krb5pac void decode_login_info( [in] PAC_LOGON_INFO logon_info ); + + /* used for samba3 netsamlogon cache */ + typedef [public] struct { + time_t timestamp; + netr_SamInfo3 info3; + } netsamlogoncache_entry; } -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v3-2-test updated - initial-v3-2-test-2318-g5095c59
The branch, v3-2-test has been updated via 5095c59f8930212c20a0713464c9620220388aeb (commit) from d0ceb482eb3ee1f8d8253152bab9de8b086ee76e (commit) http://gitweb.samba.org/?samba.git;a=shortlog;h=v3-2-test - Log - commit 5095c59f8930212c20a0713464c9620220388aeb Author: Günther Deschner [EMAIL PROTECTED] Date: Sun Feb 17 01:44:39 2008 +0100 Add missing header file. Guenther --- Summary of changes: source/librpc/gen_ndr/ndr_krb5pac.h | 55 +++ 1 files changed, 55 insertions(+), 0 deletions(-) create mode 100644 source/librpc/gen_ndr/ndr_krb5pac.h Changeset truncated at 500 lines: diff --git a/source/librpc/gen_ndr/ndr_krb5pac.h b/source/librpc/gen_ndr/ndr_krb5pac.h new file mode 100644 index 000..f23505d --- /dev/null +++ b/source/librpc/gen_ndr/ndr_krb5pac.h @@ -0,0 +1,55 @@ +/* header auto-generated by pidl */ + +#include librpc/ndr/libndr.h +#include librpc/gen_ndr/krb5pac.h + +#ifndef _HEADER_NDR_krb5pac +#define _HEADER_NDR_krb5pac + +#define NDR_KRB5PAC_UUID 12345778-1234-abcd-- +#define NDR_KRB5PAC_VERSION 0.0 +#define NDR_KRB5PAC_NAME krb5pac +#define NDR_KRB5PAC_HELPSTRING Active Directory KRB5 PAC +extern const struct ndr_interface_table ndr_table_krb5pac; +#define NDR_DECODE_PAC (0x00) + +#define NDR_DECODE_PAC_RAW (0x01) + +#define NDR_DECODE_LOGIN_INFO (0x02) + +#define NDR_KRB5PAC_CALL_COUNT (3) +void ndr_print_PAC_LOGON_NAME(struct ndr_print *ndr, const char *name, const struct PAC_LOGON_NAME *r); +enum ndr_err_code ndr_push_PAC_SIGNATURE_DATA(struct ndr_push *ndr, int ndr_flags, const struct PAC_SIGNATURE_DATA *r); +enum ndr_err_code ndr_pull_PAC_SIGNATURE_DATA(struct ndr_pull *ndr, int ndr_flags, struct PAC_SIGNATURE_DATA *r); +void ndr_print_PAC_SIGNATURE_DATA(struct ndr_print *ndr, const char *name, const struct PAC_SIGNATURE_DATA *r); +void ndr_print_PAC_LOGON_INFO(struct ndr_print *ndr, const char *name, const struct PAC_LOGON_INFO *r); +enum ndr_err_code ndr_push_PAC_LOGON_INFO_CTR(struct ndr_push *ndr, int ndr_flags, const struct PAC_LOGON_INFO_CTR *r); +enum ndr_err_code ndr_pull_PAC_LOGON_INFO_CTR(struct ndr_pull *ndr, int ndr_flags, struct PAC_LOGON_INFO_CTR *r); +void ndr_print_PAC_LOGON_INFO_CTR(struct ndr_print *ndr, const char *name, const struct PAC_LOGON_INFO_CTR *r); +enum ndr_err_code ndr_push_PAC_TYPE(struct ndr_push *ndr, int ndr_flags, enum PAC_TYPE r); +enum ndr_err_code ndr_pull_PAC_TYPE(struct ndr_pull *ndr, int ndr_flags, enum PAC_TYPE *r); +void ndr_print_PAC_TYPE(struct ndr_print *ndr, const char *name, enum PAC_TYPE r); +enum ndr_err_code ndr_push_PAC_INFO(struct ndr_push *ndr, int ndr_flags, const union PAC_INFO *r); +enum ndr_err_code ndr_pull_PAC_INFO(struct ndr_pull *ndr, int ndr_flags, union PAC_INFO *r); +void ndr_print_PAC_INFO(struct ndr_print *ndr, const char *name, const union PAC_INFO *r); +size_t ndr_size_PAC_INFO(const union PAC_INFO *r, uint32_t level, int flags); +enum ndr_err_code ndr_push_PAC_BUFFER(struct ndr_push *ndr, int ndr_flags, const struct PAC_BUFFER *r); +enum ndr_err_code ndr_pull_PAC_BUFFER(struct ndr_pull *ndr, int ndr_flags, struct PAC_BUFFER *r); +void ndr_print_PAC_BUFFER(struct ndr_print *ndr, const char *name, const struct PAC_BUFFER *r); +enum ndr_err_code ndr_push_PAC_DATA(struct ndr_push *ndr, int ndr_flags, const struct PAC_DATA *r); +enum ndr_err_code ndr_pull_PAC_DATA(struct ndr_pull *ndr, int ndr_flags, struct PAC_DATA *r); +void ndr_print_PAC_DATA(struct ndr_print *ndr, const char *name, const struct PAC_DATA *r); +void ndr_print_DATA_BLOB_REM(struct ndr_print *ndr, const char *name, const struct DATA_BLOB_REM *r); +enum ndr_err_code ndr_push_PAC_BUFFER_RAW(struct ndr_push *ndr, int ndr_flags, const struct PAC_BUFFER_RAW *r); +enum ndr_err_code ndr_pull_PAC_BUFFER_RAW(struct ndr_pull *ndr, int ndr_flags, struct PAC_BUFFER_RAW *r); +void ndr_print_PAC_BUFFER_RAW(struct ndr_print *ndr, const char *name, const struct PAC_BUFFER_RAW *r); +enum ndr_err_code ndr_push_PAC_DATA_RAW(struct ndr_push *ndr, int ndr_flags, const struct PAC_DATA_RAW *r); +enum ndr_err_code ndr_pull_PAC_DATA_RAW(struct ndr_pull *ndr, int ndr_flags, struct PAC_DATA_RAW *r); +void ndr_print_PAC_DATA_RAW(struct ndr_print *ndr, const char *name, const struct PAC_DATA_RAW *r); +enum ndr_err_code ndr_push_netsamlogoncache_entry(struct ndr_push *ndr, int ndr_flags, const struct netsamlogoncache_entry *r); +enum ndr_err_code ndr_pull_netsamlogoncache_entry(struct ndr_pull *ndr, int ndr_flags, struct netsamlogoncache_entry *r); +void ndr_print_netsamlogoncache_entry(struct ndr_print *ndr, const char *name, const struct netsamlogoncache_entry *r); +void ndr_print_decode_pac(struct ndr_print *ndr, const char *name, int flags, const struct decode_pac *r); +void ndr_print_decode_pac_raw(struct ndr_print *ndr, const
[SCM] Samba Shared Repository - branch v3-2-test updated - initial-v3-2-test-2331-g9e5b732
The branch, v3-2-test has been updated via 9e5b732d451f6a2f09d2a71e5a3aec59c771db01 (commit) via 92fca97951bf7adf8caaeabdaff21682b18dd91f (commit) via d9502eb75395131d5a8130ff2c4ebace106cb974 (commit) via df90a37c3e765faf69a77522d58e3a5f7f70b418 (commit) via f22ba8aee2ff90e9e34db066d506fec24c52379f (commit) via ea609d1b0e82d7c366dd73013228003136264b64 (commit) via 3b0135d57e1e70175a5eec49b603a2e5f700c770 (commit) via 5483f5fb44bb2138a1348c05845a2b8f3588697a (commit) via c06e507737bb07ff995876e49341de3f60b0da35 (commit) via bf860ae1ac6765b1eb6e2ca9b667b19b4e661fda (commit) via 5866c11b288c217f0c38240c44f8bfeff185890d (commit) via c55160f8e866d9b24a4dad234af78ae46c236a37 (commit) via 06095e8c705fc292323fa8d0110ae3aaeccab949 (commit) from 5095c59f8930212c20a0713464c9620220388aeb (commit) http://gitweb.samba.org/?samba.git;a=shortlog;h=v3-2-test - Log - commit 9e5b732d451f6a2f09d2a71e5a3aec59c771db01 Author: Günther Deschner [EMAIL PROTECTED] Date: Sun Feb 17 02:10:43 2008 +0100 Finally let our samlogon routines call rpccli_netr_LogonSamLogon internally and return netr_SamInfo3. Guenther commit 92fca97951bf7adf8caaeabdaff21682b18dd91f Author: Günther Deschner [EMAIL PROTECTED] Date: Sun Feb 17 02:09:35 2008 +0100 Use netr_SamInfo3 in remaining places. Guenther commit d9502eb75395131d5a8130ff2c4ebace106cb974 Author: Günther Deschner [EMAIL PROTECTED] Date: Sun Feb 17 02:08:12 2008 +0100 Use netr_SamInfo3 everywhere in winbindd. Guenther commit df90a37c3e765faf69a77522d58e3a5f7f70b418 Author: Günther Deschner [EMAIL PROTECTED] Date: Sun Feb 17 02:06:17 2008 +0100 Add some more samlogon related netlogon init functions. Guenther commit f22ba8aee2ff90e9e34db066d506fec24c52379f Author: Günther Deschner [EMAIL PROTECTED] Date: Sun Feb 17 02:04:52 2008 +0100 Getting rid of net_io_user_info3() when sending an NDR encoded netr_SamInfo3. Guenther commit ea609d1b0e82d7c366dd73013228003136264b64 Author: Günther Deschner [EMAIL PROTECTED] Date: Sun Feb 17 02:01:30 2008 +0100 Fix some more callers of PAC_DATA. Guenther commit 3b0135d57e1e70175a5eec49b603a2e5f700c770 Author: Günther Deschner [EMAIL PROTECTED] Date: Sun Feb 17 01:59:02 2008 +0100 Use new IDL based PAC structures in clikrb5.c Guenther commit 5483f5fb44bb2138a1348c05845a2b8f3588697a Author: Günther Deschner [EMAIL PROTECTED] Date: Sun Feb 17 01:57:57 2008 +0100 Some more cleanup in authdata.c. Guenther commit c06e507737bb07ff995876e49341de3f60b0da35 Author: Günther Deschner [EMAIL PROTECTED] Date: Sun Feb 17 01:57:20 2008 +0100 Align our krb5 PAC decoding routines to the samba4 ones. (while keeping all the trans krb5 lib support) Guenther commit bf860ae1ac6765b1eb6e2ca9b667b19b4e661fda Author: Günther Deschner [EMAIL PROTECTED] Date: Sun Feb 17 01:47:01 2008 +0100 Use netr_SamInfo3 in samlogon cache and use ndr functions for storing the blob. Guenther commit 5866c11b288c217f0c38240c44f8bfeff185890d Author: Günther Deschner [EMAIL PROTECTED] Date: Sat Feb 16 19:08:22 2008 +0100 Use netr_SamInfo3 in make_server_info_info3(). Guenther commit c55160f8e866d9b24a4dad234af78ae46c236a37 Author: Günther Deschner [EMAIL PROTECTED] Date: Sat Feb 16 18:55:08 2008 +0100 Use new structs in reply_spnego_kerberos(). Guenther commit 06095e8c705fc292323fa8d0110ae3aaeccab949 Author: Günther Deschner [EMAIL PROTECTED] Date: Sat Feb 16 18:51:01 2008 +0100 Use netr_SamInfo3 in sid_array_from_info3. Guenther --- Summary of changes: source/Makefile.in| 16 +- source/auth/auth_domain.c | 10 +- source/auth/auth_util.c | 52 +- source/include/includes.h |9 +- source/lib/util_sid.c | 30 +- source/libads/authdata.c | 1086 - source/libads/kerberos_verify.c |2 +- source/libsmb/clikrb5.c | 14 +- source/libsmb/samlogon_cache.c| 217 source/passdb/passdb.c|2 +- source/passdb/pdb_get_set.c |2 +- source/rpc_client/cli_netlogon.c | 353 - source/rpc_client/init_netlogon.c | 71 +++ source/smbd/sesssetup.c | 11 +- source/utils/net_ads.c|8 +- source/utils/ntlm_auth.c |2 +- source/winbindd/winbindd_ads.c| 10 +- source/winbindd/winbindd_cache.c |2 +- source/winbindd/winbindd_creds.c | 14 +- source/winbindd/winbindd_pam.c| 237 - source/winbindd/winbindd_rpc.c| 14 +- source/winbindd/winbindd_util.c | 18 +- 22 files changed, 856
[SCM] Samba Shared Repository - branch v3-2-test updated - initial-v3-2-test-2332-geefc6bb
The branch, v3-2-test has been updated via eefc6bb86fb9196818da9d5c6384c85355794981 (commit) from 9e5b732d451f6a2f09d2a71e5a3aec59c771db01 (commit) http://gitweb.samba.org/?samba.git;a=shortlog;h=v3-2-test - Log - commit eefc6bb86fb9196818da9d5c6384c85355794981 Author: Günther Deschner [EMAIL PROTECTED] Date: Sun Feb 17 02:25:33 2008 +0100 Remove unused marshalling for NET_SAM_LOGON. Guenther --- Summary of changes: source/include/rpc_netlogon.h | 28 source/rpc_parse/parse_net.c | 322 - 2 files changed, 0 insertions(+), 350 deletions(-) Changeset truncated at 500 lines: diff --git a/source/include/rpc_netlogon.h b/source/include/rpc_netlogon.h index e9d9c30..ed69cf7 100644 --- a/source/include/rpc_netlogon.h +++ b/source/include/rpc_netlogon.h @@ -338,15 +338,6 @@ typedef struct net_id_info_ctr_info { } auth; } NET_ID_INFO_CTR; -/* SAM_INFO - sam logon/off id structure */ -typedef struct sam_info { - DOM_CLNT_INFO2 client; - uint32 ptr_rtn_cred; /* pointer to return credentials */ - DOM_CREDrtn_cred; /* return credentials */ - uint16 logon_level; - NET_ID_INFO_CTR *ctr; -} DOM_SAM_INFO; - /* SAM_INFO - sam logon/off id structure - no creds */ typedef struct sam_info_ex { DOM_CLNT_SRVclient; @@ -354,12 +345,6 @@ typedef struct sam_info_ex { NET_ID_INFO_CTR *ctr; } DOM_SAM_INFO_EX; -/* NET_Q_SAM_LOGON */ -typedef struct net_q_sam_logon_info { - DOM_SAM_INFO sam_id; - uint16 validation_level; -} NET_Q_SAM_LOGON; - /* NET_Q_SAM_LOGON_EX */ typedef struct net_q_sam_logon_info_ex { DOM_SAM_INFO_EX sam_id; @@ -367,19 +352,6 @@ typedef struct net_q_sam_logon_info_ex { uint32 flags; } NET_Q_SAM_LOGON_EX; -/* NET_R_SAM_LOGON */ -typedef struct net_r_sam_logon_info { - uint32 buffer_creds; /* undocumented buffer pointer */ - DOM_CRED srv_creds; /* server credentials. server time stamp appears to be ignored. */ - - uint16 switch_value; /* 3 - indicates type of USER INFO */ - NET_USER_INFO_3 *user; - - uint32 auth_resp; /* 1 - Authoritative response; 0 - Non-Auth? */ - - NTSTATUS status; /* return code */ -} NET_R_SAM_LOGON; - /* NET_R_SAM_LOGON_EX */ typedef struct net_r_sam_logon_info_ex { uint16 switch_value; /* 3 - indicates type of USER INFO */ diff --git a/source/rpc_parse/parse_net.c b/source/rpc_parse/parse_net.c index eab8e9b..70dc505 100644 --- a/source/rpc_parse/parse_net.c +++ b/source/rpc_parse/parse_net.c @@ -163,62 +163,6 @@ bool net_io_r_auth_3(const char *desc, NET_R_AUTH_3 *r_a, prs_struct *ps, int de return True; } - -/* - Init DOM_SID2 array from a string containing multiple sids - */ - -static int init_dom_sid2s(TALLOC_CTX *ctx, const char *sids_str, DOM_SID2 **ppsids) -{ - const char *ptr; - char *s2; - int count = 0; - - DEBUG(4,(init_dom_sid2s: %s\n, sids_str ? sids_str:)); - - *ppsids = NULL; - - if(sids_str) { - int number; - DOM_SID2 *sids; - TALLOC_CTX *frame = talloc_stackframe(); - - /* Count the number of valid SIDs. */ - for (count = 0, ptr = sids_str; - next_token_talloc(frame,ptr, s2, NULL); ) { - DOM_SID tmpsid; - if (string_to_sid(tmpsid, s2)) - count++; - } - - /* Now allocate space for them. */ - if (count) { - *ppsids = TALLOC_ZERO_ARRAY(ctx, DOM_SID2, count); - if (*ppsids == NULL) { - TALLOC_FREE(frame); - return 0; - } - } else { - *ppsids = NULL; - } - - sids = *ppsids; - - for (number = 0, ptr = sids_str; - next_token_talloc(frame, ptr, s2, NULL); ) { - DOM_SID tmpsid; - if (string_to_sid(tmpsid, s2)) { - /* count only valid sids */ - init_dom_sid2(sids[number], tmpsid); - number++; - } - } - TALLOC_FREE(frame); - } - - return count; -} - /*** Inits a NET_ID_INFO_1 structure. / @@ -439,32 +383,6 @@ static bool
[SCM] Samba Shared Repository - branch v3-2-test updated - initial-v3-2-test-2341-gc396f45
The branch, v3-2-test has been updated via c396f45e7ddc8d6ce0efa0cda2996ca513ecbdb7 (commit) via 1dcb32424d16cff968a8713352c93c48dec58674 (commit) from b9cc5cfaf9a87d342c23fa0f68f29050947b5102 (commit) http://gitweb.samba.org/?samba.git;a=shortlog;h=v3-2-test - Log - commit c396f45e7ddc8d6ce0efa0cda2996ca513ecbdb7 Author: Günther Deschner [EMAIL PROTECTED] Date: Sun Feb 17 03:10:21 2008 +0100 Move policy_handle_is_valid out of parse_lsa.c Guenther commit 1dcb32424d16cff968a8713352c93c48dec58674 Author: Günther Deschner [EMAIL PROTECTED] Date: Sun Feb 17 03:08:42 2008 +0100 Remove unused creds_client_check and creds_client_step. Guenther --- Summary of changes: source/libsmb/credentials.c | 23 --- source/rpc_parse/parse_lsa.c | 12 source/rpc_parse/parse_misc.c | 10 ++ 3 files changed, 10 insertions(+), 35 deletions(-) Changeset truncated at 500 lines: diff --git a/source/libsmb/credentials.c b/source/libsmb/credentials.c index 2dcbdf3..9d33e6d 100644 --- a/source/libsmb/credentials.c +++ b/source/libsmb/credentials.c @@ -322,18 +322,6 @@ void creds_client_init(uint32 neg_flags, Check a credential returned by the server. / -bool creds_client_check(const struct dcinfo *dc, const DOM_CHAL *rcv_srv_chal_in) -{ - if (memcmp(dc-srv_chal.data, rcv_srv_chal_in-data, 8)) { - DEBUG(5,(creds_client_check: challenge : %s\n, credstr(rcv_srv_chal_in-data))); - DEBUG(5,(calculated: %s\n, credstr(dc-srv_chal.data))); - DEBUG(0,(creds_client_check: credentials check failed.\n)); - return False; - } - DEBUG(10,(creds_client_check: credentials check OK.\n)); - return True; -} - bool netlogon_creds_client_check(const struct dcinfo *dc, const struct netr_Credential *rcv_srv_chal_in) { @@ -360,17 +348,6 @@ bool netlogon_creds_client_check(const struct dcinfo *dc, the server / -void creds_client_step(struct dcinfo *dc, DOM_CRED *next_cred_out) -{ -dc-sequence += 2; - creds_step(dc); - creds_reseed(dc); - - memcpy(next_cred_out-challenge.data, dc-clnt_chal.data, - sizeof(next_cred_out-challenge.data)); - next_cred_out-timestamp.time = dc-sequence; -} - void netlogon_creds_client_step(struct dcinfo *dc, struct netr_Authenticator *next_cred_out) { diff --git a/source/rpc_parse/parse_lsa.c b/source/rpc_parse/parse_lsa.c index 80e90a8..3d65b9c 100644 --- a/source/rpc_parse/parse_lsa.c +++ b/source/rpc_parse/parse_lsa.c @@ -1206,15 +1206,3 @@ bool lsa_io_r_lookup_names4(const char *desc, LSA_R_LOOKUP_NAMES4 *out, prs_stru return True; } - -/*** - Reads or writes an LUID_ATTR structure. -/ - -bool policy_handle_is_valid(const POLICY_HND *hnd) -{ - POLICY_HND zero_pol; - - ZERO_STRUCT(zero_pol); - return ((memcmp(zero_pol, hnd, sizeof(POLICY_HND)) == 0) ? False : True ); -} diff --git a/source/rpc_parse/parse_misc.c b/source/rpc_parse/parse_misc.c index 9e1937e..418f857 100644 --- a/source/rpc_parse/parse_misc.c +++ b/source/rpc_parse/parse_misc.c @@ -1859,4 +1859,14 @@ uint32 str_len_uni(UNISTR *source) return i; } +/*** + Verifies policy handle +/ +bool policy_handle_is_valid(const POLICY_HND *hnd) +{ + POLICY_HND zero_pol; + + ZERO_STRUCT(zero_pol); + return ((memcmp(zero_pol, hnd, sizeof(POLICY_HND)) == 0) ? false : true ); +} -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v3-2-test updated - initial-v3-2-test-2339-gb9cc5cf
The branch, v3-2-test has been updated via b9cc5cfaf9a87d342c23fa0f68f29050947b5102 (commit) via ee22ac6bb8e8c5281fc3dd35cb724f6c7a610933 (commit) via 584b2453530deeaa0260d78818fbcf30cea5b702 (commit) via ccf3ba0f5ce30d45a3d644552d1245391bf01754 (commit) from ead1f11dd21b1df9a595295b3513c5f6088397c9 (commit) http://gitweb.samba.org/?samba.git;a=shortlog;h=v3-2-test - Log - commit b9cc5cfaf9a87d342c23fa0f68f29050947b5102 Author: Günther Deschner [EMAIL PROTECTED] Date: Sun Feb 17 02:57:16 2008 +0100 Remove rpc_parse/parse_net.c and some last unused netlogon headers. Guenther commit ee22ac6bb8e8c5281fc3dd35cb724f6c7a610933 Author: Günther Deschner [EMAIL PROTECTED] Date: Sun Feb 17 02:56:09 2008 +0100 Re-run make idl. Guenther commit 584b2453530deeaa0260d78818fbcf30cea5b702 Author: Günther Deschner [EMAIL PROTECTED] Date: Sun Feb 17 02:55:22 2008 +0100 Add sync netr_LogonControlCode from samba3. Guenther commit ccf3ba0f5ce30d45a3d644552d1245391bf01754 Author: Günther Deschner [EMAIL PROTECTED] Date: Sun Feb 17 02:53:23 2008 +0100 Remove unused marshalling for NET_AUTH3. Guenther --- Summary of changes: source/Makefile.in |6 +- source/include/rpc_netlogon.h| 51 --- source/librpc/gen_ndr/ndr_netlogon.c |1 + source/librpc/gen_ndr/netlogon.h |2 + source/librpc/idl/netlogon.idl |1 + source/rpc_client/cli_netlogon.c | 52 --- source/rpc_parse/parse_net.c | 117 -- 7 files changed, 7 insertions(+), 223 deletions(-) delete mode 100644 source/rpc_parse/parse_net.c Changeset truncated at 500 lines: diff --git a/source/Makefile.in b/source/Makefile.in index c0e4578..a28972f 100644 --- a/source/Makefile.in +++ b/source/Makefile.in @@ -296,8 +296,8 @@ RPC_PARSE_OBJ0 = rpc_parse/parse_prs.o rpc_parse/parse_misc.o # that requires knowledge of security contexts RPC_PARSE_OBJ1 = $(RPC_PARSE_OBJ0) rpc_parse/parse_sec.o -RPC_PARSE_OBJ2 = rpc_parse/parse_rpc.o rpc_parse/parse_net.o rpc_parse/parse_srv.o -RPC_PARSE_OBJ2 = rpc_parse/parse_rpc.o rpc_parse/parse_net.o rpc_parse/parse_srv.o \ +RPC_PARSE_OBJ2 = rpc_parse/parse_rpc.o rpc_parse/parse_srv.o +RPC_PARSE_OBJ2 = rpc_parse/parse_rpc.o rpc_parse/parse_srv.o \ rpc_client/init_netlogon.o \ rpc_client/init_lsa.o @@ -1052,7 +1052,7 @@ NTLM_AUTH_OBJ = ${NTLM_AUTH_OBJ1} $(LIBSAMBA_OBJ) $(POPT_LIB_OBJ) \ libsmb/asn1.o libsmb/spnego.o libsmb/clikrb5.o libads/kerberos.o \ $(SECRETS_OBJ) $(SERVER_MUTEX_OBJ) $(LIBADS_SERVER_OBJ) \ $(RPC_PARSE_OBJ1) $(PASSDB_OBJ) $(GROUPDB_OBJ) \ - $(SMBLDAP_OBJ) $(DOSERR_OBJ) rpc_parse/parse_net.o $(LIBNMB_OBJ) \ + $(SMBLDAP_OBJ) $(DOSERR_OBJ) $(LIBNMB_OBJ) \ $(LDB_OBJ) $(ERRORMAP_OBJ) $(WBCOMMON_OBJ) @LIBWBCLIENT_STATIC@ \ librpc/gen_ndr/ndr_samr.o \ librpc/gen_ndr/ndr_lsa.o \ diff --git a/source/include/rpc_netlogon.h b/source/include/rpc_netlogon.h index 8058b71..cd88ffe 100644 --- a/source/include/rpc_netlogon.h +++ b/source/include/rpc_netlogon.h @@ -23,36 +23,6 @@ #ifndef _RPC_NETLOGON_H /* _RPC_NETLOGON_H */ #define _RPC_NETLOGON_H - -/* NETLOGON pipe */ -#define NET_SAMLOGON 0x02 -#define NET_SAMLOGOFF 0x03 -#define NET_REQCHAL0x04 -#define NET_AUTH 0x05 -#define NET_SRVPWSET 0x06 -#define NET_SAM_DELTAS 0x07 -#define NET_GETDCNAME 0x0b -#define NET_LOGON_CTRL 0x0c -#define NET_GETANYDCNAME 0x0d -#define NET_AUTH2 0x0f -#define NET_LOGON_CTRL20x0e -#define NET_SAM_SYNC 0x10 -#define NET_TRUST_DOM_LIST 0x13 -#define NET_DSR_GETDCNAME 0x14 -#define NET_AUTH3 0x1a -#define NET_DSR_GETDCNAMEEX0x1b -#define NET_DSR_GETSITENAME0x1c -#define NET_DSR_GETDCNAMEEX2 0x22 -#define NET_SAMLOGON_EX0x27 - -/* flags use when sending a NETLOGON_CONTROL request */ - -#define NETLOGON_CONTROL_SYNC 0x2 -#define NETLOGON_CONTROL_REDISCOVER0x5 -#define NETLOGON_CONTROL_TC_QUERY 0x6 -#define NETLOGON_CONTROL_TRANSPORT_NOTIFY 0x7 -#define NETLOGON_CONTROL_SET_DBFLAG0xfffe - /* Some flag values reverse engineered from NLTEST.EXE */ /* used in the NETLOGON_CONTROL[2] reply */ @@ -81,27 +51,6 @@ #define MSV1_0_RETURN_PROFILE_PATH 0x0200 #endif -/* NEG_FLAGS */ -typedef struct neg_flags_info { - uint32 neg_flags; /* negotiated flags */ -} NEG_FLAGS; - -/* NET_Q_AUTH_3 */ -typedef struct net_q_auth3_info { - DOM_LOG_INFO clnt_id; /* client identification info
[SCM] Samba Shared Repository - branch v3-2-test updated - initial-v3-2-test-2335-gead1f11
The branch, v3-2-test has been updated via ead1f11dd21b1df9a595295b3513c5f6088397c9 (commit) via 7bbd64c16f8dda85275ddca0fd00849f890c6e4f (commit) via 51a664cd5fc1cecc21a8a515bb959cac87296bcb (commit) from eefc6bb86fb9196818da9d5c6384c85355794981 (commit) http://gitweb.samba.org/?samba.git;a=shortlog;h=v3-2-test - Log - commit ead1f11dd21b1df9a595295b3513c5f6088397c9 Author: Günther Deschner [EMAIL PROTECTED] Date: Sun Feb 17 02:50:11 2008 +0100 Remove unused marshalling for NET_SAM_LOGON_EX and finally NET_USER_INFO_3. Guenther commit 7bbd64c16f8dda85275ddca0fd00849f890c6e4f Author: Günther Deschner [EMAIL PROTECTED] Date: Sun Feb 17 02:39:36 2008 +0100 Remove unused marshalling for NET_AUTH. This must have been forgotten. Guenther commit 51a664cd5fc1cecc21a8a515bb959cac87296bcb Author: Günther Deschner [EMAIL PROTECTED] Date: Sun Feb 17 02:37:12 2008 +0100 Use rpccli_netr_LogonSamLogonEx in rpccli wrapping function. Guenther --- Summary of changes: source/include/authdata.h | 134 +--- source/include/rpc_netlogon.h | 258 -- source/rpc_client/cli_netlogon.c | 96 +++-- source/rpc_client/init_netlogon.c | 11 + source/rpc_parse/parse_net.c | 711 - 5 files changed, 69 insertions(+), 1141 deletions(-) Changeset truncated at 500 lines: diff --git a/source/include/authdata.h b/source/include/authdata.h index 8125f05..59f07fb 100644 --- a/source/include/authdata.h +++ b/source/include/authdata.h @@ -19,7 +19,7 @@ */ #ifndef _AUTHDATA_H -#define _AUTHDATA_H +#define _AUTHDATA_H #include rpc_misc.h #include rpc_netlogon.h @@ -37,136 +37,4 @@ #define KRB5_AUTHDATA_IF_RELEVANT 1 #endif - -typedef struct pac_logon_name { - NTTIME logon_time; - uint16 len; - uint8 *username; /* Actually always little-endian. might not be null terminated, so not UNISTR */ -} PAC_LOGON_NAME; - -typedef struct pac_signature_data { - uint32 type; - RPC_DATA_BLOB signature; /* this not the on-wire-format (!) */ -} PAC_SIGNATURE_DATA; - -typedef struct group_membership { - uint32 rid; - uint32 attrs; -} GROUP_MEMBERSHIP; - -typedef struct group_membership_array { - uint32 count; - GROUP_MEMBERSHIP *group_membership; -} GROUP_MEMBERSHIP_ARRAY; - -#if 0 /* Unused, replaced by NET_USER_INFO_3 - Guenther */ - -typedef struct krb_sid_and_attrs { - uint32 sid_ptr; - uint32 attrs; - DOM_SID2 *sid; -} KRB_SID_AND_ATTRS; - -typedef struct krb_sid_and_attr_array { - uint32 count; - KRB_SID_AND_ATTRS *krb_sid_and_attrs; -} KRB_SID_AND_ATTR_ARRAY; - - -/* This is awfully similar to a samr_user_info_23, but not identical. - Many of the field names have been swiped from there, because it is - so similar that they are likely the same, but many have been verified. - Some are in a different order, though... */ -typedef struct pac_logon_info { - NTTIME logon_time;/* logon time */ - NTTIME logoff_time; /* logoff time */ - NTTIME kickoff_time; /* kickoff time */ - NTTIME pass_last_set_time;/* password last set time */ - NTTIME pass_can_change_time; /* password can change time */ - NTTIME pass_must_change_time; /* password must change time */ - - UNIHDR hdr_user_name;/* user name unicode string header */ - UNIHDR hdr_full_name;/* user's full name unicode string header */ - UNIHDR hdr_logon_script; /* these last 4 appear to be in a different */ - UNIHDR hdr_profile_path; /* order than in the info23 */ - UNIHDR hdr_home_dir; - UNIHDR hdr_dir_drive; - - uint16 logon_count; /* number of times user has logged onto domain */ - uint16 bad_password_count; /* samba4 idl */ - - uint32 user_rid; - uint32 group_rid; - uint32 group_count; - uint32 group_membership_ptr; - uint32 user_flags; - - uint8 session_key[16]; /* samba4 idl */ - UNIHDR hdr_dom_controller; - UNIHDR hdr_dom_name; - - uint32 ptr_dom_sid; - - uint8 lm_session_key[8];/* samba4 idl */ - uint32 acct_flags; /* samba4 idl */ - uint32 unknown[7]; - - uint32 sid_count; - uint32 ptr_extra_sids; - - uint32 ptr_res_group_dom_sid; - uint32 res_group_count; - uint32 ptr_res_groups; - - UNISTR2 uni_user_name;/* user name unicode string header */ - UNISTR2 uni_full_name;/* user's full name unicode string header */ - UNISTR2 uni_logon_script; /* these last 4 appear to be in a different*/ - UNISTR2 uni_profile_path; /* order than in the info23 */ - UNISTR2 uni_home_dir; - UNISTR2
Re: [SCM] Samba Shared Repository - branch v3-2-test updated - initial-v3-2-test-2308-g7845a0d
On Sat, Feb 16, 2008 at 07:54:41AM -0600, Günther Deschner wrote: The branch, v3-2-test has been updated via 7845a0d9a8f938c1be888ab2d9aa6c35d6f1dbad (commit) from 0d0b93995399bba0acf891fab107fd93ecec321f (commit) http://gitweb.samba.org/?samba.git;a=shortlog;h=v3-2-test - Log - commit 7845a0d9a8f938c1be888ab2d9aa6c35d6f1dbad Author: Günther Deschner [EMAIL PROTECTED] Date: Sat Feb 16 13:42:12 2008 +0100 YES! NETLOGON rpc server side migration to pidl finished. Go Guenther ! :-). Just wanted to say how much I appreciate all the work you're doing in removing this old code. Thanks a *lot* ! (Got the flu right now, so don't expect more email for several days :-(). Jeremy.