The branch, v3-2-test has been updated
via 090061b73a1c086ff8a7797e1a63532eacd91148 (commit)
via 5f60ed4af680ba2811db8d9f8267348ce05f26d2 (commit)
via 5aadfcdaacd6f136eab9e107a88b8544e6d2105f (commit)
from 7d94f97947b7edfcf3ec52f0125e4593d6d54c05 (commit)
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-2-test
- Log -----------------------------------------------------------------
commit 090061b73a1c086ff8a7797e1a63532eacd91148
Author: Jeremy Allison <[EMAIL PROTECTED]>
Date: Wed Jan 23 15:00:40 2008 -0800
Use strchr_m in seaching for '.' in the hostname to make sure we're mb safe.
Jeremy.
commit 5f60ed4af680ba2811db8d9f8267348ce05f26d2
Author: Andreas Schneider <[EMAIL PROTECTED]>
Date: Thu Jan 17 11:35:40 2008 +0100
Fix Windows 2008 (Longhorn) join.
During 'net ads join' the cli->desthost is a hostname (e.g.
rupert.galaxy.site). Check if we have a hostname and use only the
first part, the machine name, of the string.
commit 5aadfcdaacd6f136eab9e107a88b8544e6d2105f
Author: Andreas Schneider <[EMAIL PROTECTED]>
Date: Thu Jan 17 10:11:11 2008 +0100
Windows 2008 (Longhorn) auth2 flag fixes.
Interop fixes for AD specific flags. Original patch from Todd Stetcher.
-----------------------------------------------------------------------
Summary of changes:
source/auth/auth_domain.c | 2 +-
source/include/rpc_dce.h | 2 ++
source/libsmb/cliconnect.c | 16 +++++++++++++++-
source/libsmb/trusts_util.c | 2 +-
source/rpc_client/cli_pipe.c | 4 ++--
source/rpcclient/rpcclient.c | 2 +-
source/utils/net_rpc_join.c | 4 ++--
source/utils/net_rpc_samsync.c | 2 +-
source/winbindd/winbindd_cm.c | 2 +-
9 files changed, 26 insertions(+), 10 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source/auth/auth_domain.c b/source/auth/auth_domain.c
index 1de9869..40a2985 100644
--- a/source/auth/auth_domain.c
+++ b/source/auth/auth_domain.c
@@ -124,7 +124,7 @@ machine %s. Error was : %s.\n", dc_name,
nt_errstr(result)));
if (!lp_client_schannel()) {
/* We need to set up a creds chain on an unauthenticated
netlogon pipe. */
- uint32 neg_flags = NETLOGON_NEG_AUTH2_FLAGS;
+ uint32 neg_flags = NETLOGON_NEG_SELECT_AUTH2_FLAGS;
uint32 sec_chan_type = 0;
unsigned char machine_pwd[16];
const char *account_name;
diff --git a/source/include/rpc_dce.h b/source/include/rpc_dce.h
index f162196..ec08eb5 100644
--- a/source/include/rpc_dce.h
+++ b/source/include/rpc_dce.h
@@ -106,6 +106,8 @@ enum RPC_PKT_TYPE {
/* these are the flags that ADS clients use */
#define NETLOGON_NEG_AUTH2_ADS_FLAGS (0x200fbffb | NETLOGON_NEG_ARCFOUR |
NETLOGON_NEG_128BIT | NETLOGON_NEG_SCHANNEL)
+#define NETLOGON_NEG_SELECT_AUTH2_FLAGS ((lp_security() == SEC_ADS) ?
NETLOGON_NEG_AUTH2_ADS_FLAGS : NETLOGON_NEG_AUTH2_FLAGS)
+
enum schannel_direction {
SENDER_IS_INITIATOR,
SENDER_IS_ACCEPTOR
diff --git a/source/libsmb/cliconnect.c b/source/libsmb/cliconnect.c
index 4560521..fd860ae 100644
--- a/source/libsmb/cliconnect.c
+++ b/source/libsmb/cliconnect.c
@@ -872,13 +872,26 @@ ADS_STATUS cli_session_setup_spnego(struct cli_state
*cli, const char *user,
!strequal(star_smbserver_name,
cli->desthost)) {
char *realm = NULL;
+ char *machine = NULL;
+ char *host = NULL;
DEBUG(3,("cli_session_setup_spnego: got a "
"bad server principal, trying to guess ...\n"));
+ host = strchr_m(cli->desthost, '.');
+ if (host) {
+ machine = SMB_STRNDUP(cli->desthost,
+ host - cli->desthost);
+ } else {
+ machine = SMB_STRDUP(cli->desthost);
+ }
+ if (machine == NULL) {
+ return ADS_ERROR_NT(NT_STATUS_NO_MEMORY);
+ }
+
realm = kerberos_get_default_realm_from_ccache();
if (realm && *realm) {
if (asprintf(&principal, "[EMAIL PROTECTED]",
- cli->desthost, realm) < 0) {
+ machine, realm) < 0) {
SAFE_FREE(realm);
return
ADS_ERROR_NT(NT_STATUS_NO_MEMORY);
}
@@ -886,6 +899,7 @@ ADS_STATUS cli_session_setup_spnego(struct cli_state *cli,
const char *user,
"server principal=%s\n",
principal ? principal : "<null>"));
}
+ SAFE_FREE(machine);
SAFE_FREE(realm);
}
diff --git a/source/libsmb/trusts_util.c b/source/libsmb/trusts_util.c
index 732dc78..1ca7d56 100644
--- a/source/libsmb/trusts_util.c
+++ b/source/libsmb/trusts_util.c
@@ -40,7 +40,7 @@ static NTSTATUS just_change_the_password(struct
rpc_pipe_client *cli, TALLOC_CTX
already have valid creds. If not we must set them up. */
if (cli->auth.auth_type != PIPE_AUTH_TYPE_SCHANNEL) {
- uint32 neg_flags = NETLOGON_NEG_AUTH2_FLAGS;
+ uint32 neg_flags = NETLOGON_NEG_SELECT_AUTH2_FLAGS;
result = rpccli_netlogon_setup_creds(cli,
cli->cli->desthost, /* server name */
diff --git a/source/rpc_client/cli_pipe.c b/source/rpc_client/cli_pipe.c
index f4cb424..81b2ea5 100644
--- a/source/rpc_client/cli_pipe.c
+++ b/source/rpc_client/cli_pipe.c
@@ -2596,7 +2596,7 @@ struct rpc_pipe_client
*cli_rpc_pipe_open_ntlmssp_auth_schannel(struct cli_state
const char *password,
NTSTATUS *perr)
{
- uint32 neg_flags = NETLOGON_NEG_AUTH2_FLAGS|NETLOGON_NEG_SCHANNEL;
+ uint32 neg_flags =
NETLOGON_NEG_SELECT_AUTH2_FLAGS|NETLOGON_NEG_SCHANNEL;
struct rpc_pipe_client *netlogon_pipe = NULL;
struct rpc_pipe_client *result = NULL;
@@ -2630,7 +2630,7 @@ struct rpc_pipe_client *cli_rpc_pipe_open_schannel(struct
cli_state *cli,
const char *domain,
NTSTATUS *perr)
{
- uint32 neg_flags = NETLOGON_NEG_AUTH2_FLAGS|NETLOGON_NEG_SCHANNEL;
+ uint32 neg_flags =
NETLOGON_NEG_SELECT_AUTH2_FLAGS|NETLOGON_NEG_SCHANNEL;
struct rpc_pipe_client *netlogon_pipe = NULL;
struct rpc_pipe_client *result = NULL;
diff --git a/source/rpcclient/rpcclient.c b/source/rpcclient/rpcclient.c
index 081e0fb..7b49991 100644
--- a/source/rpcclient/rpcclient.c
+++ b/source/rpcclient/rpcclient.c
@@ -605,7 +605,7 @@ static NTSTATUS do_cmd(struct cli_state *cli,
}
if (cmd_entry->pipe_idx == PI_NETLOGON) {
- uint32 neg_flags = NETLOGON_NEG_AUTH2_FLAGS;
+ uint32 neg_flags = NETLOGON_NEG_SELECT_AUTH2_FLAGS;
uint32 sec_channel_type;
uchar trust_password[16];
diff --git a/source/utils/net_rpc_join.c b/source/utils/net_rpc_join.c
index de8ea74..5c3fb2b 100644
--- a/source/utils/net_rpc_join.c
+++ b/source/utils/net_rpc_join.c
@@ -45,7 +45,7 @@ NTSTATUS net_rpc_join_ok(const char *domain, const char
*server,
{
enum security_types sec;
unsigned int conn_flags = NET_FLAGS_PDC;
- uint32 neg_flags = NETLOGON_NEG_AUTH2_FLAGS|NETLOGON_NEG_SCHANNEL;
+ uint32 neg_flags =
NETLOGON_NEG_SELECT_AUTH2_FLAGS|NETLOGON_NEG_SCHANNEL;
struct cli_state *cli = NULL;
struct rpc_pipe_client *pipe_hnd = NULL;
struct rpc_pipe_client *netlogon_pipe = NULL;
@@ -132,7 +132,7 @@ int net_rpc_join_newstyle(int argc, const char **argv)
struct cli_state *cli;
TALLOC_CTX *mem_ctx;
uint32 acb_info = ACB_WSTRUST;
- uint32 neg_flags = NETLOGON_NEG_AUTH2_FLAGS|(lp_client_schannel() ?
NETLOGON_NEG_SCHANNEL : 0);
+ uint32 neg_flags =
NETLOGON_NEG_SELECT_AUTH2_FLAGS|(lp_client_schannel() ? NETLOGON_NEG_SCHANNEL :
0);
uint32 sec_channel_type;
struct rpc_pipe_client *pipe_hnd = NULL;
diff --git a/source/utils/net_rpc_samsync.c b/source/utils/net_rpc_samsync.c
index d0fcfe3..e1f0cd3 100644
--- a/source/utils/net_rpc_samsync.c
+++ b/source/utils/net_rpc_samsync.c
@@ -237,7 +237,7 @@ NTSTATUS rpc_samdump_internals(const DOM_SID *domain_sid,
NTSTATUS nt_status = NT_STATUS_UNSUCCESSFUL;
uchar trust_password[16];
- uint32 neg_flags = NETLOGON_NEG_AUTH2_FLAGS;
+ uint32 neg_flags = NETLOGON_NEG_SELECT_AUTH2_FLAGS;
uint32 sec_channel_type = 0;
if (!secrets_fetch_trust_account_password(domain_name,
diff --git a/source/winbindd/winbindd_cm.c b/source/winbindd/winbindd_cm.c
index ac122fb..dbc664d 100644
--- a/source/winbindd/winbindd_cm.c
+++ b/source/winbindd/winbindd_cm.c
@@ -2302,7 +2302,7 @@ NTSTATUS cm_connect_netlogon(struct winbindd_domain
*domain,
struct winbindd_cm_conn *conn;
NTSTATUS result;
- uint32 neg_flags = NETLOGON_NEG_AUTH2_FLAGS;
+ uint32 neg_flags = NETLOGON_NEG_SELECT_AUTH2_FLAGS;
uint8 mach_pwd[16];
uint32 sec_chan_type;
const char *account_name;
--
Samba Shared Repository
