samba-cvs.cvs
[Top] [All Lists]

svn commit: samba r13659 - in branches/SAMBA_3_0_RELEASE/source: include

Subject: svn commit: samba r13659 - in branches/SAMBA_3_0_RELEASE/source: include libads nsswitch rpc_client smbd utils
From:
Date: Thu, 23 Feb 2006 16:28:34 +0000 GMT
Author: jerry
Date: 2006-02-23 16:28:33 +0000 (Thu, 23 Feb 2006)
New Revision: 13659

WebSVN: 
http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=13659

Log:
Pulling in what I think are the final code changes for 3.0.21c

svn merge -r13639:13641 $SVNURL/branches/SAMBA_3_0
svn merge -r13645:13647 $SVNURL/branches/SAMBA_3_0
svn merge -r13656:13657 $SVNURL/branches/SAMBA_3_0


Modified:
   branches/SAMBA_3_0_RELEASE/source/include/ads.h
   branches/SAMBA_3_0_RELEASE/source/libads/ads_struct.c
   branches/SAMBA_3_0_RELEASE/source/libads/ldap.c
   branches/SAMBA_3_0_RELEASE/source/nsswitch/winbindd_ads.c
   branches/SAMBA_3_0_RELEASE/source/rpc_client/cli_pipe.c
   branches/SAMBA_3_0_RELEASE/source/smbd/negprot.c
   branches/SAMBA_3_0_RELEASE/source/utils/net_rpc_join.c


Changeset:
Modified: branches/SAMBA_3_0_RELEASE/source/include/ads.h
===================================================================
--- branches/SAMBA_3_0_RELEASE/source/include/ads.h     2006-02-23 15:52:24 UTC 
(rev 13658)
+++ branches/SAMBA_3_0_RELEASE/source/include/ads.h     2006-02-23 16:28:33 UTC 
(rev 13659)
@@ -47,6 +47,7 @@
                char *sfu_shell_attr;
                char *sfu_uidnumber_attr;
                char *sfu_gidnumber_attr;
+               char *sfu_gecos_attr;
        } schema;
 
 } ADS_STRUCT;
@@ -97,6 +98,7 @@
 #define ADS_ATTR_SFU_GIDNUMBER_OID     "1.2.840.113556.1.6.18.1.311"
 #define ADS_ATTR_SFU_HOMEDIR_OID       "1.2.840.113556.1.6.18.1.344"
 #define ADS_ATTR_SFU_SHELL_OID                 "1.2.840.113556.1.6.18.1.312"
+#define ADS_ATTR_SFU_GECOS_OID                 "1.2.840.113556.1.6.18.1.337"
 
 /* ldap bitwise searches */
 #define ADS_LDAP_MATCHING_RULE_BIT_AND "1.2.840.113556.1.4.803"

Modified: branches/SAMBA_3_0_RELEASE/source/libads/ads_struct.c
===================================================================
--- branches/SAMBA_3_0_RELEASE/source/libads/ads_struct.c       2006-02-23 
15:52:24 UTC (rev 13658)
+++ branches/SAMBA_3_0_RELEASE/source/libads/ads_struct.c       2006-02-23 
16:28:33 UTC (rev 13659)
@@ -139,6 +139,7 @@
                SAFE_FREE((*ads)->schema.sfu_gidnumber_attr);
                SAFE_FREE((*ads)->schema.sfu_shell_attr);
                SAFE_FREE((*ads)->schema.sfu_homedir_attr);
+               SAFE_FREE((*ads)->schema.sfu_gecos_attr);
                
                ZERO_STRUCTP(*ads);
 

Modified: branches/SAMBA_3_0_RELEASE/source/libads/ldap.c
===================================================================
--- branches/SAMBA_3_0_RELEASE/source/libads/ldap.c     2006-02-23 15:52:24 UTC 
(rev 13658)
+++ branches/SAMBA_3_0_RELEASE/source/libads/ldap.c     2006-02-23 16:28:33 UTC 
(rev 13659)
@@ -2563,7 +2563,7 @@
 { 
        BOOL ret = False; 
        TALLOC_CTX *ctx = NULL; 
-       const char *gidnumber, *uidnumber, *homedir, *shell;
+       const char *gidnumber, *uidnumber, *homedir, *shell, *gecos;
 
        ctx = talloc_init("ads_check_sfu_mapping");
        if (ctx == NULL)
@@ -2589,6 +2589,11 @@
                goto done;
        ads->schema.sfu_shell_attr = SMB_STRDUP(shell);
 
+       gecos = ads_get_attrname_by_oid(ads, ctx, ADS_ATTR_SFU_GECOS_OID);
+       if (gecos == NULL)
+               goto done;
+       ads->schema.sfu_gecos_attr = SMB_STRDUP(gecos);
+
        ret = True;
 done:
        if (ctx)

Modified: branches/SAMBA_3_0_RELEASE/source/nsswitch/winbindd_ads.c
===================================================================
--- branches/SAMBA_3_0_RELEASE/source/nsswitch/winbindd_ads.c   2006-02-23 
15:52:24 UTC (rev 13658)
+++ branches/SAMBA_3_0_RELEASE/source/nsswitch/winbindd_ads.c   2006-02-23 
16:28:33 UTC (rev 13659)
@@ -151,7 +151,8 @@
                               "name", "objectSid", "primaryGroupID", 
                               "sAMAccountType", 
                               ADS_ATTR_SFU_HOMEDIR_OID, 
-                              ADS_ATTR_SFU_SHELL_OID, 
+                              ADS_ATTR_SFU_SHELL_OID,
+                              ADS_ATTR_SFU_GECOS_OID,
                               NULL};
        int i, count;
        ADS_STATUS rc;
@@ -191,7 +192,7 @@
        i = 0;
 
        for (msg = ads_first_entry(ads, res); msg; msg = ads_next_entry(ads, 
msg)) {
-               char *name, *gecos;
+               char *name, *gecos = NULL;
                char *homedir = NULL;
                char *shell = NULL;
                uint32 group;
@@ -204,11 +205,19 @@
                }
 
                name = ads_pull_username(ads, mem_ctx, msg);
-               gecos = ads_pull_string(ads, mem_ctx, msg, "name");
+
                if (use_nss_info("sfu")) {
-                       homedir = ads_pull_string(ads, mem_ctx, msg, 
ads->schema.sfu_homedir_attr);
-                       shell = ads_pull_string(ads, mem_ctx, msg, 
ads->schema.sfu_shell_attr);
+                       homedir = ads_pull_string(ads, mem_ctx, msg, 
+                                                 ads->schema.sfu_homedir_attr);
+                       shell   = ads_pull_string(ads, mem_ctx, msg, 
+                                                 ads->schema.sfu_shell_attr);
+                       gecos   = ads_pull_string(ads, mem_ctx, msg, 
+                                                 ads->schema.sfu_gecos_attr);
                }
+
+               if (gecos == NULL) {
+                       gecos = ads_pull_string(ads, mem_ctx, msg, "name");
+               }
        
                if (!ads_pull_sid(ads, msg, "objectSid",
                                  &(*info)[i].user_sid)) {
@@ -433,7 +442,8 @@
                               "name", 
                               "primaryGroupID", 
                               ADS_ATTR_SFU_HOMEDIR_OID, 
-                              ADS_ATTR_SFU_SHELL_OID, 
+                              ADS_ATTR_SFU_SHELL_OID,
+                              ADS_ATTR_SFU_GECOS_OID,
                               NULL};
        ADS_STATUS rc;
        int count;
@@ -471,13 +481,25 @@
        }
 
        info->acct_name = ads_pull_username(ads, mem_ctx, msg);
-       info->full_name = ads_pull_string(ads, mem_ctx, msg, "name");
 
        if (use_nss_info("sfu")) {
+<<<<<<< .working
                info->homedir = ads_pull_string(ads, mem_ctx, msg, 
ads->schema.sfu_homedir_attr);
                info->shell = ads_pull_string(ads, mem_ctx, msg, 
ads->schema.sfu_shell_attr);
+=======
+               info->homedir   = ads_pull_string(ads, mem_ctx, msg, 
+                                                 ads->schema.sfu_homedir_attr);
+               info->shell     = ads_pull_string(ads, mem_ctx, msg, 
+                                                 ads->schema.sfu_shell_attr);
+               info->full_name = ads_pull_string(ads, mem_ctx, msg,
+                                                 ads->schema.sfu_gecos_attr);
+>>>>>>> .merge-right.r13657
        }
 
+       if (info->full_name == NULL) {
+               info->full_name = ads_pull_string(ads, mem_ctx, msg, "name");
+       }
+
        if (!ads_pull_uint32(ads, msg, "primaryGroupID", &group_rid)) {
                DEBUG(1,("No primary group for %s !?\n",
                         sid_string_static(sid)));

Modified: branches/SAMBA_3_0_RELEASE/source/rpc_client/cli_pipe.c
===================================================================
--- branches/SAMBA_3_0_RELEASE/source/rpc_client/cli_pipe.c     2006-02-23 
15:52:24 UTC (rev 13658)
+++ branches/SAMBA_3_0_RELEASE/source/rpc_client/cli_pipe.c     2006-02-23 
16:28:33 UTC (rev 13659)
@@ -2393,13 +2393,14 @@
 
 /****************************************************************************
  Open a netlogon pipe and get the schannel session key.
+ Now exposed to external callers.
  ****************************************************************************/
 
-static struct rpc_pipe_client *get_schannel_session_key(struct cli_state *cli,
+struct rpc_pipe_client *get_schannel_session_key(struct cli_state *cli,
                                                        const char *domain,
+                                                       uint32 *pneg_flags,
                                                        NTSTATUS *perr)
 {
-       uint32 neg_flags = NETLOGON_NEG_AUTH2_FLAGS|NETLOGON_NEG_SCHANNEL;
        struct rpc_pipe_client *netlogon_pipe = NULL;
        uint32 sec_chan_type = 0;
        unsigned char machine_pwd[16];
@@ -2438,7 +2439,7 @@
                                        machine_account, /* machine account 
name */
                                        machine_pwd,
                                        sec_chan_type,
-                                       &neg_flags);
+                                       pneg_flags);
 
        if (!NT_STATUS_IS_OK(*perr)) {
                DEBUG(3,("get_schannel_session_key: rpccli_netlogon_setup_creds 
"
@@ -2448,7 +2449,7 @@
                return NULL;
        }
 
-       if ((neg_flags & NETLOGON_NEG_SCHANNEL) == 0) {
+       if (((*pneg_flags) & NETLOGON_NEG_SCHANNEL) == 0) {
                DEBUG(3, ("get_schannel_session_key: Server %s did not offer 
schannel\n",
                        cli->desthost));
                cli_rpc_pipe_close(netlogon_pipe);
@@ -2520,9 +2521,9 @@
                                                        const char *domain,
                                                        const char *username,
                                                        const char *password,
+                                                       uint32 *pneg_flags,
                                                        NTSTATUS *perr)
 {
-       uint32 neg_flags = NETLOGON_NEG_AUTH2_FLAGS|NETLOGON_NEG_SCHANNEL;
        struct rpc_pipe_client *netlogon_pipe = NULL;
        uint32 sec_chan_type = 0;
        unsigned char machine_pwd[16];
@@ -2564,7 +2565,7 @@
                                        machine_account,   /* machine account 
name */
                                        machine_pwd,
                                        sec_chan_type,
-                                       &neg_flags);
+                                       pneg_flags);
 
        if (!NT_STATUS_IS_OK(*perr)) {
                DEBUG(3,("get_schannel_session_key_auth_ntlmssp: 
rpccli_netlogon_setup_creds "
@@ -2574,7 +2575,7 @@
                return NULL;
        }
 
-       if ((neg_flags & NETLOGON_NEG_SCHANNEL) == 0) {
+       if (((*pneg_flags) & NETLOGON_NEG_SCHANNEL) == 0) {
                DEBUG(3, ("get_schannel_session_key_auth_ntlmssp: Server %s did 
not offer schannel\n",
                        cli->desthost));
                cli_rpc_pipe_close(netlogon_pipe);
@@ -2599,10 +2600,12 @@
                                                const char *password,
                                                NTSTATUS *perr)
 {
+       uint32 neg_flags = NETLOGON_NEG_AUTH2_FLAGS|NETLOGON_NEG_SCHANNEL;
        struct rpc_pipe_client *netlogon_pipe = NULL;
        struct rpc_pipe_client *result = NULL;
 
-       netlogon_pipe = get_schannel_session_key_auth_ntlmssp(cli, domain, 
username, password, perr);
+       netlogon_pipe = get_schannel_session_key_auth_ntlmssp(cli, domain, 
username,
+                                                       password, &neg_flags, 
perr);
        if (!netlogon_pipe) {
                DEBUG(0,("cli_rpc_pipe_open_ntlmssp_auth_schannel: failed to 
get schannel session "
                        "key from server %s for domain %s.\n",
@@ -2631,10 +2634,11 @@
                                                 const char *domain,
                                                NTSTATUS *perr)
 {
+       uint32 neg_flags = NETLOGON_NEG_AUTH2_FLAGS|NETLOGON_NEG_SCHANNEL;
        struct rpc_pipe_client *netlogon_pipe = NULL;
        struct rpc_pipe_client *result = NULL;
 
-       netlogon_pipe = get_schannel_session_key(cli, domain, perr);
+       netlogon_pipe = get_schannel_session_key(cli, domain, &neg_flags, perr);
        if (!netlogon_pipe) {
                DEBUG(0,("cli_rpc_pipe_open_schannel: failed to get schannel 
session "
                        "key from server %s for domain %s.\n",

Modified: branches/SAMBA_3_0_RELEASE/source/smbd/negprot.c
===================================================================
--- branches/SAMBA_3_0_RELEASE/source/smbd/negprot.c    2006-02-23 15:52:24 UTC 
(rev 13658)
+++ branches/SAMBA_3_0_RELEASE/source/smbd/negprot.c    2006-02-23 16:28:33 UTC 
(rev 13659)
@@ -178,6 +178,7 @@
                                   OID_KERBEROS5_OLD,
                                   OID_NTLMSSP,
                                   NULL};
+       const char *OIDs_plain[] = {OID_NTLMSSP, NULL};
        int len;
 
        global_spnego_negotiated = True;
@@ -212,9 +213,13 @@
        */
 
        if (lp_security() != SEC_ADS && !lp_use_kerberos_keytab()) {
-               memcpy(p, guid, 16);
-               *pkeylen = 0;
-               return 16;
+#if 0
+               /* Code for PocketPC client */
+               blob = data_blob(guid, 16);
+#else
+               /* Code for standalone WXP client */
+               blob = spnego_gen_negTokenInit(guid, OIDs_plain, "NONE");
+#endif
        } else {
                fstring myname;
                char *host_princ_s = NULL;
@@ -224,14 +229,20 @@
                blob = spnego_gen_negTokenInit(guid, OIDs_krb5, host_princ_s);
                SAFE_FREE(host_princ_s);
        }
+
        memcpy(p, blob.data, blob.length);
        len = blob.length;
        if (len > 256) {
                DEBUG(0,("negprot_spnego: blob length too long (%d)\n", len));
                len = 255;
        }
-       *pkeylen = len;
        data_blob_free(&blob);
+
+       if (lp_security() != SEC_ADS && !lp_use_kerberos_keytab()) {
+               *pkeylen = 0;
+       } else {
+               *pkeylen = len;
+       }
        return len;
 }
 

Modified: branches/SAMBA_3_0_RELEASE/source/utils/net_rpc_join.c
===================================================================
--- branches/SAMBA_3_0_RELEASE/source/utils/net_rpc_join.c      2006-02-23 
15:52:24 UTC (rev 13658)
+++ branches/SAMBA_3_0_RELEASE/source/utils/net_rpc_join.c      2006-02-23 
16:28:33 UTC (rev 13659)
@@ -43,31 +43,57 @@
  **/
 static int net_rpc_join_ok(const char *domain)
 {
+       uint32 neg_flags = NETLOGON_NEG_AUTH2_FLAGS|NETLOGON_NEG_SCHANNEL;
        struct cli_state *cli = NULL;
        struct rpc_pipe_client *pipe_hnd = NULL;
-       int retval = 1;
-       NTSTATUS ret;
+       struct rpc_pipe_client *netlogon_pipe = NULL;
+       NTSTATUS ntret = NT_STATUS_UNSUCCESSFUL;
 
        /* Connect to remote machine */
        if (!(cli = net_make_ipc_connection(NET_FLAGS_ANONYMOUS | 
NET_FLAGS_PDC))) {
-               return 1;
+               return -1;
        }
 
-       pipe_hnd = cli_rpc_pipe_open_schannel(cli, PI_NETLOGON,
-                                               PIPE_AUTH_LEVEL_PRIVACY,
-                                               domain, &ret);
+       /* Setup the creds as though we're going to do schannel... */
+        netlogon_pipe = get_schannel_session_key(cli, domain, &neg_flags, 
&ntret);
 
+       /* We return NT_STATUS_INVALID_NETWORK_RESPONSE if the server is 
refusing
+          to negotiate schannel, but the creds were set up ok. That'll have to 
do. */
+
+        if (!netlogon_pipe) {
+               if (NT_STATUS_EQUAL(ntret, NT_STATUS_INVALID_NETWORK_RESPONSE)) 
{
+                       cli_shutdown(cli);
+                       return 0;
+               } else {
+                       DEBUG(0,("net_rpc_join_ok: failed to get schannel 
session "
+                                       "key from server %s for domain %s. 
Error was %s\n",
+                               cli->desthost, domain, nt_errstr(ntret) ));
+                       cli_shutdown(cli);
+                       return -1;
+               }
+       }
+
+       /* Only do the rest of the schannel test if the client is allowed to do 
this. */
+       if (!lp_client_schannel()) {
+               cli_shutdown(cli);
+               /* We're good... */
+               return 0;
+       }
+
+       pipe_hnd = cli_rpc_pipe_open_schannel_with_key(cli, PI_NETLOGON,
+                               PIPE_AUTH_LEVEL_PRIVACY,
+                               domain, netlogon_pipe->dc, &ntret);
+
        if (!pipe_hnd) {
-               DEBUG(0,("Error connecting to NETLOGON pipe. Error was %s\n", 
nt_errstr(ret) ));
-               goto done;
+               DEBUG(0,("net_rpc_join_ok: failed to open schannel session "
+                               "on netlogon pipe to server %s for domain %s. 
Error was %s\n",
+                       cli->desthost, domain, nt_errstr(ntret) ));
+               cli_shutdown(cli);
+               return -1;
        }
 
-       retval = 0;             /* Success! */
-       
-done:
-
        cli_shutdown(cli);
-       return retval;
+       return 0;
 }
 
 /**

<Prev in Thread] Current Thread [Next in Thread>
  • svn commit: samba r13659 - in branches/SAMBA_3_0_RELEASE/source: include libads nsswitch rpc_client smbd utils, jerry <=