The branch, master has been updated
via 4323c1321a1f498541b36169b1a34ea42824c397 (commit)
via a48f884f705de2d08250e00400ae20cd8c677033 (commit)
via 3984738646eaa91c9d03b28f8a535d6eed79c0be (commit)
via de0bf36493ada3d815d4ee03ddb90e9949d4316b (commit)
from 9aa11fdf69199f65dac0e52cf11ff85768ebd4a9 (commit)
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit 4323c1321a1f498541b36169b1a34ea42824c397
Author: Günther Deschner <[email protected]>
Date: Tue Sep 8 17:02:54 2009 +0200
schannel: add missing prototype for ndr_print_nbt_string() in schannel
helper.
Hopefully fixes samba4 build.
Guenther
commit a48f884f705de2d08250e00400ae20cd8c677033
Author: Günther Deschner <[email protected]>
Date: Tue Sep 8 15:32:24 2009 +0200
s3: remove unused RPC_AUTH_SCHANNEL_NEG struct and parsing functions.
Guenther
commit 3984738646eaa91c9d03b28f8a535d6eed79c0be
Author: Günther Deschner <[email protected]>
Date: Tue Sep 8 15:31:01 2009 +0200
s3-rpc_server: use NL_AUTH_MESSAGE in pipe_schannel_auth_bind().
Guenther
commit de0bf36493ada3d815d4ee03ddb90e9949d4316b
Author: Günther Deschner <[email protected]>
Date: Tue Sep 8 15:30:22 2009 +0200
s3-rpc_client: use NL_AUTH_MESSAGE in create_schannel_auth_rpc_bind_req().
Guenther
-----------------------------------------------------------------------
Summary of changes:
librpc/ndr/ndr_schannel.c | 1 +
source3/include/proto.h | 4 ----
source3/include/rpc_dce.h | 10 ----------
source3/rpc_client/cli_pipe.c | 31 ++++++++++++++++++++++++-------
source3/rpc_parse/parse_rpc.c | 41 -----------------------------------------
source3/rpc_server/srv_pipe.c | 29 +++++++++++++++++++++++------
6 files changed, 48 insertions(+), 68 deletions(-)
Changeset truncated at 500 lines:
diff --git a/librpc/ndr/ndr_schannel.c b/librpc/ndr/ndr_schannel.c
index 6fddf33..9cf0e09 100644
--- a/librpc/ndr/ndr_schannel.c
+++ b/librpc/ndr/ndr_schannel.c
@@ -22,6 +22,7 @@
#include "includes.h"
#include "../librpc/gen_ndr/ndr_schannel.h"
#include "../librpc/ndr/ndr_schannel.h"
+#include "../libcli/nbt/libnbt.h"
_PUBLIC_ void ndr_print_NL_AUTH_MESSAGE_BUFFER(struct ndr_print *ndr, const
char *name, const union NL_AUTH_MESSAGE_BUFFER *r)
{
diff --git a/source3/include/proto.h b/source3/include/proto.h
index 4bdd306..be5cfe1 100644
--- a/source3/include/proto.h
+++ b/source3/include/proto.h
@@ -5731,10 +5731,6 @@ void init_rpc_auth_verifier(RPC_AUTH_VERIFIER *rav,
const char *signature, uint32 msg_type);
bool smb_io_rpc_auth_verifier(const char *desc, RPC_AUTH_VERIFIER *rav,
prs_struct *ps, int depth);
bool smb_io_rpc_schannel_verifier(const char *desc, RPC_AUTH_VERIFIER *rav,
prs_struct *ps, int depth);
-void init_rpc_auth_schannel_neg(RPC_AUTH_SCHANNEL_NEG *neg,
- const char *domain, const char *myname);
-bool smb_io_rpc_auth_schannel_neg(const char *desc, RPC_AUTH_SCHANNEL_NEG *neg,
- prs_struct *ps, int depth);
bool smb_io_rpc_auth_schannel_chk(const char *desc, int auth_len,
RPC_AUTH_SCHANNEL_CHK * chk,
prs_struct *ps, int depth);
diff --git a/source3/include/rpc_dce.h b/source3/include/rpc_dce.h
index cd65ac8..684880d 100644
--- a/source3/include/rpc_dce.h
+++ b/source3/include/rpc_dce.h
@@ -174,16 +174,6 @@ typedef struct rpc_hdr_auth_info {
#define RPC_HDR_AUTH_LEN 8
-/* this is TEMPORARILY coded up as a specific structure */
-/* this structure comes after the bind request */
-/* RPC_AUTH_SCHANNEL_NEG */
-typedef struct rpc_auth_schannel_neg_info {
- uint32 type1; /* Always zero ? */
- uint32 type2; /* Types 0x3 and 0x13 seen. Check
AcquireSecurityContext() docs.... */
- fstring domain; /* calling workstations's domain */
- fstring myname; /* calling workstation's name */
-} RPC_AUTH_SCHANNEL_NEG;
-
/* attached to the end of encrypted rpc requests and responses */
/* RPC_AUTH_SCHANNEL_CHK */
typedef struct rpc_auth_schannel_chk_info {
diff --git a/source3/rpc_client/cli_pipe.c b/source3/rpc_client/cli_pipe.c
index 5af2c95..82f6b10 100644
--- a/source3/rpc_client/cli_pipe.c
+++ b/source3/rpc_client/cli_pipe.c
@@ -20,6 +20,7 @@
#include "includes.h"
#include "../libcli/auth/libcli_auth.h"
#include "librpc/gen_ndr/cli_epmapper.h"
+#include "../librpc/gen_ndr/ndr_schannel.h"
#undef DBGC_CLASS
#define DBGC_CLASS DBGC_RPC_CLI
@@ -1611,7 +1612,9 @@ static NTSTATUS create_schannel_auth_rpc_bind_req( struct
rpc_pipe_client *cli,
RPC_HDR_AUTH *pauth_out,
prs_struct *auth_data)
{
- RPC_AUTH_SCHANNEL_NEG schannel_neg;
+ struct NL_AUTH_MESSAGE r;
+ enum ndr_err_code ndr_err;
+ DATA_BLOB blob;
/* We may change the pad length before marshalling. */
init_rpc_hdr_auth(pauth_out, RPC_SCHANNEL_AUTH_TYPE, (int)auth_level,
0, 1);
@@ -1625,16 +1628,30 @@ static NTSTATUS create_schannel_auth_rpc_bind_req(
struct rpc_pipe_client *cli,
}
}
- init_rpc_auth_schannel_neg(&schannel_neg, cli->auth->domain,
- global_myname());
-
/*
* Now marshall the data into the auth parse_struct.
*/
- if(!smb_io_rpc_auth_schannel_neg("schannel_neg",
- &schannel_neg, auth_data, 0)) {
- DEBUG(0,("Failed to marshall RPC_AUTH_SCHANNEL_NEG.\n"));
+ r.MessageType = NL_NEGOTIATE_REQUEST;
+ r.Flags = NL_FLAG_OEM_NETBIOS_DOMAIN_NAME |
+ NL_FLAG_OEM_NETBIOS_COMPUTER_NAME;
+ r.oem_netbios_domain.a = cli->auth->domain;
+ r.oem_netbios_computer.a = global_myname();
+
+ ndr_err = ndr_push_struct_blob(&blob, talloc_tos(), NULL, &r,
+ (ndr_push_flags_fn_t)ndr_push_NL_AUTH_MESSAGE);
+ if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+ DEBUG(0,("Failed to marshall NL_AUTH_MESSAGE.\n"));
+ prs_mem_free(auth_data);
+ return ndr_map_error2ntstatus(ndr_err);
+ }
+
+ if (DEBUGLEVEL >= 10) {
+ NDR_PRINT_DEBUG(NL_AUTH_MESSAGE, &r);
+ }
+
+ if (!prs_copy_data_in(auth_data, (const char *)blob.data, blob.length))
+ {
prs_mem_free(auth_data);
return NT_STATUS_NO_MEMORY;
}
diff --git a/source3/rpc_parse/parse_rpc.c b/source3/rpc_parse/parse_rpc.c
index 651a591..2e7216c 100644
--- a/source3/rpc_parse/parse_rpc.c
+++ b/source3/rpc_parse/parse_rpc.c
@@ -571,47 +571,6 @@ bool smb_io_rpc_schannel_verifier(const char *desc,
RPC_AUTH_VERIFIER *rav, prs_
}
/*******************************************************************
-creates an RPC_AUTH_SCHANNEL_NEG structure.
-********************************************************************/
-
-void init_rpc_auth_schannel_neg(RPC_AUTH_SCHANNEL_NEG *neg,
- const char *domain, const char *myname)
-{
- neg->type1 = 0;
- neg->type2 = 0x3;
- fstrcpy(neg->domain, domain);
- fstrcpy(neg->myname, myname);
-}
-
-/*******************************************************************
- Reads or writes an RPC_AUTH_SCHANNEL_NEG structure.
-********************************************************************/
-
-bool smb_io_rpc_auth_schannel_neg(const char *desc, RPC_AUTH_SCHANNEL_NEG *neg,
- prs_struct *ps, int depth)
-{
- if (neg == NULL)
- return False;
-
- prs_debug(ps, depth, desc, "smb_io_rpc_auth_schannel_neg");
- depth++;
-
- if(!prs_align(ps))
- return False;
-
- if(!prs_uint32("type1", ps, depth, &neg->type1))
- return False;
- if(!prs_uint32("type2", ps, depth, &neg->type2))
- return False;
- if(!prs_string("domain ", ps, depth, neg->domain, sizeof(neg->domain)))
- return False;
- if(!prs_string("myname ", ps, depth, neg->myname, sizeof(neg->myname)))
- return False;
-
- return True;
-}
-
-/*******************************************************************
reads or writes an RPC_AUTH_SCHANNEL_CHK structure.
********************************************************************/
diff --git a/source3/rpc_server/srv_pipe.c b/source3/rpc_server/srv_pipe.c
index bf55d47..e42c81e 100644
--- a/source3/rpc_server/srv_pipe.c
+++ b/source3/rpc_server/srv_pipe.c
@@ -29,6 +29,7 @@
#include "includes.h"
#include "../libcli/auth/libcli_auth.h"
+#include "../librpc/gen_ndr/ndr_schannel.h"
extern struct current_user current_user;
@@ -1326,28 +1327,44 @@ static bool pipe_schannel_auth_bind(pipes_struct *p,
prs_struct *rpc_in_p,
RPC_HDR_AUTH *pauth_info, prs_struct
*pout_auth)
{
RPC_HDR_AUTH auth_info;
- RPC_AUTH_SCHANNEL_NEG neg;
+ struct NL_AUTH_MESSAGE neg;
RPC_AUTH_VERIFIER auth_verifier;
bool ret;
NTSTATUS status;
struct netlogon_creds_CredentialState *creds;
uint32 flags;
DATA_BLOB session_key;
+ enum ndr_err_code ndr_err;
+ DATA_BLOB blob;
+
+ blob = data_blob_const(prs_data_p(rpc_in_p) + prs_offset(rpc_in_p),
+ prs_data_size(rpc_in_p));
- if (!smb_io_rpc_auth_schannel_neg("", &neg, rpc_in_p, 0)) {
+ ndr_err = ndr_pull_struct_blob(&blob, talloc_tos(), NULL, &neg,
+ (ndr_pull_flags_fn_t)ndr_pull_NL_AUTH_MESSAGE);
+ if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
DEBUG(0,("pipe_schannel_auth_bind: Could not unmarshal SCHANNEL
auth neg\n"));
- return False;
+ return false;
+ }
+
+ if (DEBUGLEVEL >= 10) {
+ NDR_PRINT_DEBUG(NL_AUTH_MESSAGE, &neg);
+ }
+
+ if (!(neg.Flags & NL_FLAG_OEM_NETBIOS_COMPUTER_NAME)) {
+ DEBUG(0,("pipe_schannel_auth_bind: Did not receive netbios
computer name\n"));
+ return false;
}
/*
- * The neg.myname key here must match the remote computer name
+ * The neg.oem_netbios_computer.a key here must match the remote
computer name
* given in the DOM_CLNT_SRV.uni_comp_name used on all netlogon pipe
* operations that use credentials.
*/
become_root();
status = schannel_fetch_session_key(p->mem_ctx,
- neg.myname,
+ neg.oem_netbios_computer.a,
&creds);
unbecome_root();
@@ -1419,7 +1436,7 @@ static bool pipe_schannel_auth_bind(pipes_struct *p,
prs_struct *rpc_in_p,
}
DEBUG(10,("pipe_schannel_auth_bind: schannel auth: domain [%s] myname
[%s]\n",
- neg.domain, neg.myname));
+ neg.oem_netbios_domain.a, neg.oem_netbios_computer.a));
/* We're finished with this bind - no more packets. */
p->auth.auth_data_free_func = NULL;
--
Samba Shared Repository
