summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAndrew Tridgell <tridge@samba.org>2009-09-15 11:48:23 -0700
committerAndrew Tridgell <tridge@samba.org>2009-09-15 11:48:23 -0700
commitdac0fb0b7c369255e0d07e47a11f6a0288019da1 (patch)
tree63b513e26972b3c5286a015b6dc110b4b20b1305
parentefe9f952504a5a3114cada5f0caed315c4bc654d (diff)
parente44c4141fdfa07bb3bd09f28e5f093d27f170dc8 (diff)
downloadsamba-dac0fb0b7c369255e0d07e47a11f6a0288019da1.tar.gz
samba-dac0fb0b7c369255e0d07e47a11f6a0288019da1.tar.bz2
samba-dac0fb0b7c369255e0d07e47a11f6a0288019da1.zip
Merge branch 'master' of /home/tridge/samba/git/combined
-rw-r--r--lib/util/util.h3
-rw-r--r--lib/util/util_net.c118
-rw-r--r--lib/util/util_net.h46
-rw-r--r--libcli/nbt/config.mk50
-rw-r--r--libcli/nbt/lmhosts.c157
-rw-r--r--librpc/gen_ndr/ndr_ntlmssp.c16
-rw-r--r--librpc/gen_ndr/ndr_ntlmssp.h1
-rw-r--r--librpc/gen_ndr/ntlmssp.h2
-rw-r--r--librpc/idl/ntlmssp.idl30
-rw-r--r--librpc/ndr/ndr_ntlmssp.c17
-rw-r--r--librpc/ndr/ndr_ntlmssp.h2
-rw-r--r--source3/Makefile.in2
-rw-r--r--source3/auth/auth_domain.c2
-rw-r--r--source3/auth/auth_netlogond.c2
-rw-r--r--source3/configure.in2
-rw-r--r--source3/include/client.h2
-rw-r--r--source3/include/includes.h1
-rw-r--r--source3/include/ntdomain.h9
-rw-r--r--source3/include/proto.h31
-rw-r--r--source3/include/rpc_dce.h34
-rw-r--r--source3/lib/util_sock.c115
-rw-r--r--source3/libnet/libnet_join.c2
-rw-r--r--source3/libsmb/namequery.c128
-rw-r--r--source3/libsmb/passchange.c2
-rw-r--r--source3/rpc_client/cli_pipe.c92
-rw-r--r--source3/rpc_parse/parse_prs.c16
-rw-r--r--source3/rpc_server/srv_netlog_nt.c4
-rw-r--r--source3/rpc_server/srv_pipe.c70
-rw-r--r--source3/rpc_server/srv_samr_nt.c2
-rw-r--r--source3/rpcclient/rpcclient.c12
-rw-r--r--source3/utils/net_rpc.c4
-rw-r--r--source3/utils/net_rpc_join.c4
-rw-r--r--source3/winbindd/winbindd_cm.c10
-rw-r--r--source4/dsdb/samdb/ldb_modules/repl_meta_data.c20
-rw-r--r--source4/dsdb/schema/schema.h7
-rw-r--r--source4/dsdb/schema/schema_inferiors.c21
-rw-r--r--source4/libcli/config.mk43
-rw-r--r--source4/main.mk1
-rw-r--r--source4/rpc_server/drsuapi/getncchanges.c2
39 files changed, 583 insertions, 499 deletions
diff --git a/lib/util/util.h b/lib/util/util.h
index c0e87a2705..385a3ae07a 100644
--- a/lib/util/util.h
+++ b/lib/util/util.h
@@ -21,8 +21,6 @@
#ifndef _SAMBA_UTIL_H_
#define _SAMBA_UTIL_H_
-#include <netinet/in.h>
-
#if _SAMBA_BUILD_ == 4
#include "../lib/util/charset/charset.h"
#endif
@@ -842,4 +840,5 @@ bool add_uid_to_array_unique(TALLOC_CTX *mem_ctx, uid_t uid,
bool add_gid_to_array_unique(TALLOC_CTX *mem_ctx, gid_t gid,
gid_t **gids, size_t *num_gids);
+
#endif /* _SAMBA_UTIL_H_ */
diff --git a/lib/util/util_net.c b/lib/util/util_net.c
index d1dadc2494..0ce495e57c 100644
--- a/lib/util/util_net.c
+++ b/lib/util/util_net.c
@@ -3,10 +3,11 @@
Samba utility functions
Copyright (C) Jelmer Vernooij <jelmer@samba.org> 2008
Copyright (C) Andrew Tridgell 1992-1998
- Copyright (C) Jeremy Allison 2001-2007
+ Copyright (C) Jeremy Allison 1992-2007
Copyright (C) Simo Sorce 2001
Copyright (C) Jim McDonough (jmcd@us.ibm.com) 2003.
Copyright (C) James J Myers 2003
+ Copyright (C) Tim Potter 2000-2001
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
@@ -28,6 +29,17 @@
#include "system/filesys.h"
#undef strcasecmp
+/*******************************************************************
+ Set an address to INADDR_ANY.
+******************************************************************/
+
+void zero_sockaddr(struct sockaddr_storage *pss)
+{
+ memset(pss, '\0', sizeof(*pss));
+ /* Ensure we're at least a valid sockaddr-storage. */
+ pss->ss_family = AF_INET;
+}
+
/**
* Wrap getaddrinfo...
*/
@@ -59,6 +71,110 @@ bool interpret_string_addr_internal(struct addrinfo **ppres,
return true;
}
+/*******************************************************************
+ Map a text hostname or IP address (IPv4 or IPv6) into a
+ struct sockaddr_storage. Takes a flag which allows it to
+ prefer an IPv4 address (needed for DC's).
+******************************************************************/
+
+static bool interpret_string_addr_pref(struct sockaddr_storage *pss,
+ const char *str,
+ int flags,
+ bool prefer_ipv4)
+{
+ struct addrinfo *res = NULL;
+#if defined(HAVE_IPV6)
+ char addr[INET6_ADDRSTRLEN];
+ unsigned int scope_id = 0;
+
+ if (strchr_m(str, ':')) {
+ char *p = strchr_m(str, '%');
+
+ /*
+ * Cope with link-local.
+ * This is IP:v6:addr%ifname.
+ */
+
+ if (p && (p > str) && ((scope_id = if_nametoindex(p+1)) != 0)) {
+ strlcpy(addr, str,
+ MIN(PTR_DIFF(p,str)+1,
+ sizeof(addr)));
+ str = addr;
+ }
+ }
+#endif
+
+ zero_sockaddr(pss);
+
+ if (!interpret_string_addr_internal(&res, str, flags|AI_ADDRCONFIG)) {
+ return false;
+ }
+ if (!res) {
+ return false;
+ }
+
+ if (prefer_ipv4) {
+ struct addrinfo *p;
+
+ for (p = res; p; p = p->ai_next) {
+ if (p->ai_family == AF_INET) {
+ memcpy(pss, p->ai_addr, p->ai_addrlen);
+ break;
+ }
+ }
+ if (p == NULL) {
+ /* Copy the first sockaddr. */
+ memcpy(pss, res->ai_addr, res->ai_addrlen);
+ }
+ } else {
+ /* Copy the first sockaddr. */
+ memcpy(pss, res->ai_addr, res->ai_addrlen);
+ }
+
+#if defined(HAVE_IPV6)
+ if (pss->ss_family == AF_INET6 && scope_id) {
+ struct sockaddr_in6 *ps6 = (struct sockaddr_in6 *)pss;
+ if (IN6_IS_ADDR_LINKLOCAL(&ps6->sin6_addr) &&
+ ps6->sin6_scope_id == 0) {
+ ps6->sin6_scope_id = scope_id;
+ }
+ }
+#endif
+
+ freeaddrinfo(res);
+ return true;
+}
+
+/*******************************************************************
+ Map a text hostname or IP address (IPv4 or IPv6) into a
+ struct sockaddr_storage. Address agnostic version.
+******************************************************************/
+
+bool interpret_string_addr(struct sockaddr_storage *pss,
+ const char *str,
+ int flags)
+{
+ return interpret_string_addr_pref(pss,
+ str,
+ flags,
+ false);
+}
+
+/*******************************************************************
+ Map a text hostname or IP address (IPv4 or IPv6) into a
+ struct sockaddr_storage. Version that prefers IPv4.
+******************************************************************/
+
+bool interpret_string_addr_prefer_ipv4(struct sockaddr_storage *pss,
+ const char *str,
+ int flags)
+{
+ return interpret_string_addr_pref(pss,
+ str,
+ flags,
+ true);
+}
+
/**
* Interpret an internet address or name into an IP address in 4 byte form.
* RETURNS IN NETWORK BYTE ORDER (big endian).
diff --git a/lib/util/util_net.h b/lib/util/util_net.h
new file mode 100644
index 0000000000..6eacfc395f
--- /dev/null
+++ b/lib/util/util_net.h
@@ -0,0 +1,46 @@
+/*
+ Unix SMB/CIFS implementation.
+ Utility functions for Samba
+ Copyright (C) Andrew Tridgell 1992-1999
+ Copyright (C) Jelmer Vernooij 2005
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#ifndef _SAMBA_UTIL_NET_H_
+#define _SAMBA_UTIL_NET_H_
+
+#include "system/network.h"
+
+/* The following definitions come from lib/util/util_net.c */
+
+void zero_sockaddr(struct sockaddr_storage *pss);
+
+bool interpret_string_addr_internal(struct addrinfo **ppres,
+ const char *str, int flags);
+
+bool interpret_string_addr(struct sockaddr_storage *pss,
+ const char *str,
+ int flags);
+
+/*******************************************************************
+ Map a text hostname or IP address (IPv4 or IPv6) into a
+ struct sockaddr_storage. Version that prefers IPv4.
+******************************************************************/
+
+bool interpret_string_addr_prefer_ipv4(struct sockaddr_storage *pss,
+ const char *str,
+ int flags);
+
+#endif /* _SAMBA_UTIL_NET_H_ */
diff --git a/libcli/nbt/config.mk b/libcli/nbt/config.mk
new file mode 100644
index 0000000000..c26118ec50
--- /dev/null
+++ b/libcli/nbt/config.mk
@@ -0,0 +1,50 @@
+[SUBSYSTEM::NDR_NBT_BUF]
+
+NDR_NBT_BUF_OBJ_FILES = $(libclinbtsrcdir)/nbtname.o
+
+$(eval $(call proto_header_template,$(libclinbtsrcdir)/nbtname.h,$(NDR_NBT_BUF_OBJ_FILES:.o=.c)))
+
+[SUBSYSTEM::LIBCLI_NBT]
+PUBLIC_DEPENDENCIES = LIBNDR NDR_NBT LIBCLI_COMPOSITE LIBEVENTS \
+ NDR_SECURITY samba_socket LIBSAMBA-UTIL
+
+LIBCLI_NBT_OBJ_FILES = $(addprefix $(libclinbtsrcdir)/, \
+ lmhosts.o \
+ nbtsocket.o \
+ namequery.o \
+ nameregister.o \
+ namerefresh.o \
+ namerelease.o)
+
+[BINARY::nmblookup]
+INSTALLDIR = BINDIR
+PRIVATE_DEPENDENCIES = \
+ LIBSAMBA-HOSTCONFIG \
+ LIBSAMBA-UTIL \
+ LIBCLI_NBT \
+ LIBPOPT \
+ POPT_SAMBA \
+ LIBNETIF \
+ LIBCLI_RESOLVE
+
+nmblookup_OBJ_FILES = $(libclinbtsrcdir)/tools/nmblookup.o
+MANPAGES += $(libclinbtsrcdir)/man/nmblookup.1
+
+[SUBSYSTEM::LIBCLI_NDR_NETLOGON]
+PUBLIC_DEPENDENCIES = LIBNDR \
+ NDR_SECURITY
+
+LIBCLI_NDR_NETLOGON_OBJ_FILES = $(addprefix $(libclinbtsrcdir)/../, ndr_netlogon.o)
+
+[SUBSYSTEM::LIBCLI_NETLOGON]
+PUBLIC_DEPENDENCIES = LIBSAMBA-UTIL LIBCLI_NDR_NETLOGON
+
+LIBCLI_NETLOGON_OBJ_FILES = $(addprefix $(libclinbtsrcdir)/, \
+ ../netlogon.o)
+
+[PYTHON::python_netbios]
+LIBRARY_REALNAME = samba/netbios.$(SHLIBEXT)
+PUBLIC_DEPENDENCIES = LIBCLI_NBT DYNCONFIG LIBSAMBA-HOSTCONFIG
+
+python_netbios_OBJ_FILES = $(libclinbtsrcdir)/pynbt.o
+
diff --git a/libcli/nbt/lmhosts.c b/libcli/nbt/lmhosts.c
new file mode 100644
index 0000000000..11703a27e8
--- /dev/null
+++ b/libcli/nbt/lmhosts.c
@@ -0,0 +1,157 @@
+/*
+ Unix SMB/CIFS implementation.
+
+ manipulate nbt name structures
+
+ Copyright (C) Andrew Tridgell 1994-1998
+ Copyright (C) Jeremy Allison 2007
+ Copyright (C) Andrew Bartlett 2009.
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "lib/util/xfile.h"
+#include "lib/util/util_net.h"
+#include "system/filesys.h"
+#include "system/network.h"
+
+/********************************************************
+ Start parsing the lmhosts file.
+*********************************************************/
+
+XFILE *startlmhosts(const char *fname)
+{
+ XFILE *fp = x_fopen(fname,O_RDONLY, 0);
+ if (!fp) {
+ DEBUG(4,("startlmhosts: Can't open lmhosts file %s. "
+ "Error was %s\n",
+ fname, strerror(errno)));
+ return NULL;
+ }
+ return fp;
+}
+
+/********************************************************
+ Parse the next line in the lmhosts file.
+*********************************************************/
+
+bool getlmhostsent(TALLOC_CTX *ctx, XFILE *fp, char **pp_name, int *name_type,
+ struct sockaddr_storage *pss)
+{
+ char line[1024];
+
+ *pp_name = NULL;
+
+ while(!x_feof(fp) && !x_ferror(fp)) {
+ char *ip = NULL;
+ char *flags = NULL;
+ char *extra = NULL;
+ char *name = NULL;
+ const char *ptr;
+ char *ptr1 = NULL;
+ int count = 0;
+
+ *name_type = -1;
+
+ if (!fgets_slash(line,sizeof(line),fp)) {
+ continue;
+ }
+
+ if (*line == '#') {
+ continue;
+ }
+
+ ptr = line;
+
+ if (next_token_talloc(ctx, &ptr, &ip, NULL))
+ ++count;
+ if (next_token_talloc(ctx, &ptr, &name, NULL))
+ ++count;
+ if (next_token_talloc(ctx, &ptr, &flags, NULL))
+ ++count;
+ if (next_token_talloc(ctx, &ptr, &extra, NULL))
+ ++count;
+
+ if (count <= 0)
+ continue;
+
+ if (count > 0 && count < 2) {
+ DEBUG(0,("getlmhostsent: Ill formed hosts line [%s]\n",
+ line));
+ continue;
+ }
+
+ if (count >= 4) {
+ DEBUG(0,("getlmhostsent: too many columns "
+ "in lmhosts file (obsolete syntax)\n"));
+ continue;
+ }
+
+ if (!flags) {
+ flags = talloc_strdup(ctx, "");
+ if (!flags) {
+ continue;
+ }
+ }
+
+ DEBUG(4, ("getlmhostsent: lmhost entry: %s %s %s\n",
+ ip, name, flags));
+
+ if (strchr_m(flags,'G') || strchr_m(flags,'S')) {
+ DEBUG(0,("getlmhostsent: group flag "
+ "in lmhosts ignored (obsolete)\n"));
+ continue;
+ }
+
+ if (!interpret_string_addr(pss, ip, AI_NUMERICHOST)) {
+ DEBUG(0,("getlmhostsent: invalid address "
+ "%s.\n", ip));
+ }
+
+ /* Extra feature. If the name ends in '#XX',
+ * where XX is a hex number, then only add that name type. */
+ if((ptr1 = strchr_m(name, '#')) != NULL) {
+ char *endptr;
+ ptr1++;
+
+ *name_type = (int)strtol(ptr1, &endptr, 16);
+ if(!*ptr1 || (endptr == ptr1)) {
+ DEBUG(0,("getlmhostsent: invalid name "
+ "%s containing '#'.\n", name));
+ continue;
+ }
+
+ *(--ptr1) = '\0'; /* Truncate at the '#' */
+ }
+
+ *pp_name = talloc_strdup(ctx, name);
+ if (!*pp_name) {
+ return false;
+ }
+ return true;
+ }
+
+ return false;
+}
+
+/********************************************************
+ Finish parsing the lmhosts file.
+*********************************************************/
+
+void endlmhosts(XFILE *fp)
+{
+ x_fclose(fp);
+}
+
diff --git a/librpc/gen_ndr/ndr_ntlmssp.c b/librpc/gen_ndr/ndr_ntlmssp.c
index b593d9e7e3..2b4e70e363 100644
--- a/librpc/gen_ndr/ndr_ntlmssp.c
+++ b/librpc/gen_ndr/ndr_ntlmssp.c
@@ -250,22 +250,6 @@ static enum ndr_err_code ndr_pull_ntlmssp_Version(struct ndr_pull *ndr, int ndr_
return NDR_ERR_SUCCESS;
}
-_PUBLIC_ void ndr_print_ntlmssp_Version(struct ndr_print *ndr, const char *name, const union ntlmssp_Version *r)
-{
- int level;
- level = ndr_print_get_switch_value(ndr, r);
- ndr_print_union(ndr, name, level, "ntlmssp_Version");
- switch (level) {
- case NTLMSSP_NEGOTIATE_VERSION:
- ndr_print_VERSION(ndr, "version", &r->version);
- break;
-
- default:
- break;
-
- }
-}
-
_PUBLIC_ enum ndr_err_code ndr_push_NEGOTIATE_MESSAGE(struct ndr_push *ndr, int ndr_flags, const struct NEGOTIATE_MESSAGE *r)
{
if (ndr_flags & NDR_SCALARS) {
diff --git a/librpc/gen_ndr/ndr_ntlmssp.h b/librpc/gen_ndr/ndr_ntlmssp.h
index ab095d1cc2..de31c6c83c 100644
--- a/librpc/gen_ndr/ndr_ntlmssp.h
+++ b/librpc/gen_ndr/ndr_ntlmssp.h
@@ -50,7 +50,6 @@ void ndr_print_LM_RESPONSE(struct ndr_print *ndr, const char *name, const struct
enum ndr_err_code ndr_push_LMv2_RESPONSE(struct ndr_push *ndr, int ndr_flags, const struct LMv2_RESPONSE *r);
enum ndr_err_code ndr_pull_LMv2_RESPONSE(struct ndr_pull *ndr, int ndr_flags, struct LMv2_RESPONSE *r);
void ndr_print_LMv2_RESPONSE(struct ndr_print *ndr, const char *name, const struct LMv2_RESPONSE *r);
-void ndr_print_ntlmssp_LM_RESPONSE(struct ndr_print *ndr, const char *name, const union ntlmssp_LM_RESPONSE *r);
enum ndr_err_code ndr_push_NTLM_RESPONSE(struct ndr_push *ndr, int ndr_flags, const struct NTLM_RESPONSE *r);
enum ndr_err_code ndr_pull_NTLM_RESPONSE(struct ndr_pull *ndr, int ndr_flags, struct NTLM_RESPONSE *r);
void ndr_print_NTLM_RESPONSE(struct ndr_print *ndr, const char *name, const struct NTLM_RESPONSE *r);
diff --git a/librpc/gen_ndr/ntlmssp.h b/librpc/gen_ndr/ntlmssp.h
index 4509915974..5205dce57d 100644
--- a/librpc/gen_ndr/ntlmssp.h
+++ b/librpc/gen_ndr/ntlmssp.h
@@ -104,7 +104,7 @@ struct VERSION {
union ntlmssp_Version {
struct VERSION version;/* [case(NTLMSSP_NEGOTIATE_VERSION)] */
-}/* [nodiscriminant] */;
+}/* [noprint,nodiscriminant] */;
struct NEGOTIATE_MESSAGE {
const char *Signature;/* [value("NTLMSSP"),charset(DOS)] */
diff --git a/librpc/idl/ntlmssp.idl b/librpc/idl/ntlmssp.idl
index 0bb30bb22e..8cabec33da 100644
--- a/librpc/idl/ntlmssp.idl
+++ b/librpc/idl/ntlmssp.idl
@@ -18,6 +18,8 @@ interface ntlmssp
NtLmAuthenticate = 0x00000003
} ntlmssp_MessageType;
+ /* [MS-NLMP] 2.2.2.5 NEGOTIATE */
+
typedef [bitmap32bit] bitmap {
NTLMSSP_NEGOTIATE_UNICODE = 0x00000001,
NTLMSSP_NEGOTIATE_OEM = 0x00000002, /* NTLM_NEGOTIATE_OEM in MS-NLMP */
@@ -82,6 +84,8 @@ interface ntlmssp
NTLMSSP_REVISION_W2K3 = 0x0F
} ntlmssp_NTLMRevisionCurrent;
+ /* [MS-NLMP] 2.2.2.10 VERSION */
+
typedef struct {
ntlmssp_WindowsMajorVersion ProductMajorVersion;
ntlmssp_WindowsMinorVersion ProductMinorVersion;
@@ -90,12 +94,12 @@ interface ntlmssp
ntlmssp_NTLMRevisionCurrent NTLMRevisionCurrent;
} VERSION;
- typedef [nodiscriminant] union {
+ typedef [noprint,nodiscriminant] union {
[case(NTLMSSP_NEGOTIATE_VERSION)] VERSION version;
[default];
} ntlmssp_Version;
- /* NTLMSSP negotiate message */
+ /* [MS-NLMP] 2.2.1.1 NEGOTIATE_MESSAGE */
typedef [public] struct {
[charset(DOS),value("NTLMSSP")] uint8 Signature[8];
@@ -124,6 +128,8 @@ interface ntlmssp
MsvChannelBindings = 10
} ntlmssp_AvId;
+ /* [MS-NLMP] 2.2.2.2 Restriction_Encoding */
+
typedef struct {
uint32 Size;
[value(0)] uint32 Z4;
@@ -152,6 +158,8 @@ interface ntlmssp
[default] [flag(NDR_REMAINING)] DATA_BLOB blob;
} ntlmssp_AvValue;
+ /* [MS-NLMP] 2.2.2.1 AV_PAIR */
+
typedef [public,flag(NDR_NOALIGN)] struct {
ntlmssp_AvId AvId;
[value(ndr_size_ntlmssp_AvValue(&r->Value, r->AvId, ndr->iconv_convenience, 0))] uint16 AvLen;
@@ -163,7 +171,7 @@ interface ntlmssp
AV_PAIR pair[count];
} AV_PAIR_LIST;
- /* NTLMSSP challenge message */
+ /* [MS-NLMP] 2.2.1.2 CHALLENGE_MESSAGE */
typedef [public,flag(NDR_PAHEX)] struct {
[charset(DOS),value("NTLMSSP")] uint8 Signature[8];
@@ -180,10 +188,14 @@ interface ntlmssp
[switch_is(NegotiateFlags & NTLMSSP_NEGOTIATE_VERSION)] ntlmssp_Version Version;
} CHALLENGE_MESSAGE;
+ /* [MS-NLMP] 2.2.2.3 LM_RESPONSE */
+
typedef [public,flag(NDR_PAHEX)] struct {
uint8 Response[24];
} LM_RESPONSE;
+ /* [MS-NLMP] 2.2.2.4 LMv2_RESPONSE */
+
typedef [public,flag(NDR_PAHEX)] struct {
uint8 Response[16];
uint8 ChallengeFromClient[8];
@@ -194,10 +206,14 @@ interface ntlmssp
[default];
} ntlmssp_LM_RESPONSE;
+ /* [MS-NLMP] 2.2.2.6 NTLM_RESPONSE */
+
typedef [public,flag(NDR_PAHEX)] struct {
uint8 Response[24];
} NTLM_RESPONSE;
+ /* [MS-NLMP] 2.2.2.7 NTLMv2_CLIENT_CHALLENGE */
+
typedef [flag(NDR_PAHEX)] struct {
[value(1)] uint8 RespType;
[value(1)] uint8 HiRespType;
@@ -209,6 +225,8 @@ interface ntlmssp
[subcontext(0)] [flag(NDR_REMAINING)] AV_PAIR_LIST AvPairs;
} NTLMv2_CLIENT_CHALLENGE;
+ /* [MS-NLMP] 2.2.2.8 NTLMv2_RESPONSE */
+
typedef [public,flag(NDR_PAHEX)] struct {
uint8 Response[16];
NTLMv2_CLIENT_CHALLENGE Challenge;
@@ -224,7 +242,7 @@ interface ntlmssp
uint8 MIC[16];
} MIC;
- /* NTLMSSP authenticate message */
+ /* [MS-NLMP] 2.2.1.3 AUTHENTICATE_MESSAGE */
typedef [public,flag(NDR_REMAINING)] struct {
[charset(DOS),value("NTLMSSP")] uint8 Signature[8];
@@ -260,6 +278,8 @@ interface ntlmssp
/* NTLMSSP signature size */
const int NTLMSSP_SIG_SIZE = 16;
+ /* [MS-NLMP] 2.2.2.9.1 NTLMSSP_MESSAGE_SIGNATURE */
+
typedef [public] struct {
[value(NTLMSSP_SIGN_VERSION)] uint32 Version;
uint32 RandomPad;
@@ -267,6 +287,8 @@ interface ntlmssp
uint32 SeqNum;
} NTLMSSP_MESSAGE_SIGNATURE;
+ /* [MS-NLMP] 2.2.2.9.2 NTLMSSP_MESSAGE_SIGNATURE for Extended Session Security */
+
typedef [public,flag(NDR_PAHEX)] struct {
[value(NTLMSSP_SIGN_VERSION)] uint32 Version;
uint8 Checksum[8];
diff --git a/librpc/ndr/ndr_ntlmssp.c b/librpc/ndr/ndr_ntlmssp.c
index 5c28726f55..4808aa5f5f 100644
--- a/librpc/ndr/ndr_ntlmssp.c
+++ b/librpc/ndr/ndr_ntlmssp.c
@@ -162,3 +162,20 @@ _PUBLIC_ void ndr_print_ntlmssp_lm_response(TALLOC_CTX *mem_ctx,
}
}
}
+
+_PUBLIC_ void ndr_print_ntlmssp_Version(struct ndr_print *ndr, const char *name, const union ntlmssp_Version *r)
+{
+ int level;
+ level = ndr_print_get_switch_value(ndr, r);
+ switch (level) {
+ case NTLMSSP_NEGOTIATE_VERSION:
+ ndr_print_VERSION(ndr, name, &r->version);
+ break;
+
+ default:
+ break;
+
+ }
+}
+
+
diff --git a/librpc/ndr/ndr_ntlmssp.h b/librpc/ndr/ndr_ntlmssp.h
index 6d76be20ca..b574f15495 100644
--- a/librpc/ndr/ndr_ntlmssp.h
+++ b/librpc/ndr/ndr_ntlmssp.h
@@ -31,3 +31,5 @@ _PUBLIC_ void ndr_print_ntlmssp_lm_response(TALLOC_CTX *mem_ctx,
struct smb_iconv_convenience *ic,
const DATA_BLOB *lm_response,
bool ntlmv2);
+_PUBLIC_ void ndr_print_ntlmssp_Version(struct ndr_print *ndr, const char *name, const union ntlmssp_Version *r);
+
diff --git a/source3/Makefile.in b/source3/Makefile.in
index 1908257c93..a89bbae6ab 100644
--- a/source3/Makefile.in
+++ b/source3/Makefile.in
@@ -455,7 +455,7 @@ LIBNBT_OBJ = ../libcli/nbt/nbtname.o \
../librpc/ndr/ndr_svcctl.o
LIBNMB_OBJ = libsmb/unexpected.o libsmb/namecache.o libsmb/nmblib.o \
- libsmb/namequery.o libsmb/conncache.o libads/dns.o
+ libsmb/namequery.o ../libcli/nbt/lmhosts.o libsmb/conncache.o libads/dns.o
NTERR_OBJ = libsmb/nterr.o libsmb/smberr.o
DOSERR_OBJ = ../libcli/util/doserr.o
diff --git a/source3/auth/auth_domain.c b/source3/auth/auth_domain.c
index 85210e6f70..7dec6ad84b 100644
--- a/source3/auth/auth_domain.c
+++ b/source3/auth/auth_domain.c
@@ -177,7 +177,7 @@ static NTSTATUS connect_to_domain_password_server(struct cli_state **cli,
/* We also setup the creds chain in the open_schannel call. */
result = cli_rpc_pipe_open_schannel(
*cli, &ndr_table_netlogon.syntax_id, NCACN_NP,
- PIPE_AUTH_LEVEL_PRIVACY, domain, &netlogon_pipe);
+ DCERPC_AUTH_LEVEL_PRIVACY, domain, &netlogon_pipe);
} else {
result = cli_rpc_pipe_open_noauth(
*cli, &ndr_table_netlogon.syntax_id, &netlogon_pipe);
diff --git a/source3/auth/auth_netlogond.c b/source3/auth/auth_netlogond.c
index 3947873aaa..5f4d2f16e3 100644
--- a/source3/auth/auth_netlogond.c
+++ b/source3/auth/auth_netlogond.c
@@ -47,7 +47,7 @@ static NTSTATUS netlogond_validate(TALLOC_CTX *mem_ctx,
}
status = rpccli_schannel_bind_data(p, lp_workgroup(),
- PIPE_AUTH_LEVEL_PRIVACY,
+ DCERPC_AUTH_LEVEL_PRIVACY,
schannel_key, &auth);
if (!NT_STATUS_IS_OK(status)) {
DEBUG(10, ("rpccli_schannel_bind_data failed: %s\n",
diff --git a/source3/configure.in b/source3/configure.in
index 4eaebcab6d..a922e3fb7e 100644
--- a/source3/configure.in
+++ b/source3/configure.in
@@ -743,7 +743,7 @@ if test x$enable_cups != xno; then
ac_save_PRINT_LIBS=$PRINT_LIBS
CFLAGS="$CFLAGS `$CUPS_CONFIG --cflags`"
LDFLAGS="$LDFLAGS `$CUPS_CONFIG --ldflags`"
- PRINT_LIBS="$PRINT_LIBS `$CUPS_CONFIG --libs`"
+ PRINT_LIBS="-lcups"
AC_CHECK_HEADERS(cups/cups.h cups/language.h)
if test x"$ac_cv_header_cups_cups_h" = xyes -a \
x"$ac_cv_header_cups_language_h" = xyes; then
diff --git a/source3/include/client.h b/source3/include/client.h
index 5b64b9be3a..e83927cfe5 100644
--- a/source3/include/client.h
+++ b/source3/include/client.h
@@ -48,7 +48,7 @@ struct print_job_info {
struct cli_pipe_auth_data {
enum pipe_auth_type auth_type; /* switch for the union below. Defined in ntdomain.h */
- enum pipe_auth_level auth_level; /* defined in ntdomain.h */
+ enum dcerpc_AuthLevel auth_level; /* defined in ntdomain.h */
char *domain;
char *user_name;
diff --git a/source3/include/includes.h b/source3/include/includes.h
index 31dfc00545..d1be3b06a8 100644
--- a/source3/include/includes.h
+++ b/source3/include/includes.h
@@ -612,6 +612,7 @@ struct smb_iconv_convenience *lp_iconv_convenience(void *lp_ctx);
/* Lists, trees, caching, database... */
#include "../lib/util/util.h"
+#include "../lib/util/util_net.h"
#include "../lib/util/xfile.h"
#include "../lib/util/memory.h"
#include "../lib/util/attr.h"
diff --git a/source3/include/ntdomain.h b/source3/include/ntdomain.h
index 53e89a8751..1d303ca64a 100644
--- a/source3/include/ntdomain.h
+++ b/source3/include/ntdomain.h
@@ -132,13 +132,6 @@ typedef struct pipe_rpc_fns {
enum pipe_auth_type { PIPE_AUTH_TYPE_NONE = 0, PIPE_AUTH_TYPE_NTLMSSP, PIPE_AUTH_TYPE_SCHANNEL,
PIPE_AUTH_TYPE_SPNEGO_NTLMSSP, PIPE_AUTH_TYPE_KRB5, PIPE_AUTH_TYPE_SPNEGO_KRB5 };
-/* Possible auth levels - keep these in sync with the wire values. */
-enum pipe_auth_level { PIPE_AUTH_LEVEL_NONE = 0,
- PIPE_AUTH_LEVEL_CONNECT = 1, /* We treat as NONE. */
- PIPE_AUTH_LEVEL_INTEGRITY = 5, /* Sign. */
- PIPE_AUTH_LEVEL_PRIVACY = 6 /* Seal. */
-};
-
/* auth state for krb5. */
struct kerberos_auth_struct {
const char *service_principal;
@@ -155,7 +148,7 @@ struct schannel_auth_struct {
struct pipe_auth_data {
enum pipe_auth_type auth_type; /* switch for union below. */
- enum pipe_auth_level auth_level;
+ enum dcerpc_AuthLevel auth_level;
union {
struct schannel_auth_struct *schannel_auth;
AUTH_NTLMSSP_STATE *auth_ntlmssp_state;
diff --git a/source3/include/proto.h b/source3/include/proto.h
index 5da13ca0d7..35d1a9929d 100644
--- a/source3/include/proto.h
+++ b/source3/include/proto.h
@@ -1342,20 +1342,11 @@ NTSTATUS sid_array_from_info3(TALLOC_CTX *mem_ctx,
/* The following definitions come from lib/util_sock.c */
-bool interpret_string_addr_internal(struct addrinfo **ppres,
- const char *str, int flags);
bool is_broadcast_addr(const struct sockaddr *pss);
-bool interpret_string_addr(struct sockaddr_storage *pss,
- const char *str,
- int flags);
-bool interpret_string_addr_prefer_ipv4(struct sockaddr_storage *pss,
- const char *str,
- int flags);
bool is_loopback_ip_v4(struct in_addr ip);
bool is_loopback_addr(const struct sockaddr *pss);
bool is_zero_addr(const struct sockaddr *pss);
void zero_ip_v4(struct in_addr *ip);
-void zero_sockaddr(struct sockaddr_storage *pss);
void in_addr_to_sockaddr_storage(struct sockaddr_storage *ss,
struct in_addr ip);
bool same_net(const struct sockaddr *ip1,
@@ -5300,17 +5291,17 @@ NTSTATUS rpccli_anon_bind_data(TALLOC_CTX *mem_ctx,
struct cli_pipe_auth_data **presult);
NTSTATUS rpccli_ntlmssp_bind_data(TALLOC_CTX *mem_ctx,
enum pipe_auth_type auth_type,
- enum pipe_auth_level auth_level,
+ enum dcerpc_AuthLevel auth_level,
const char *domain,
const char *username,
const char *password,
struct cli_pipe_auth_data **presult);
NTSTATUS rpccli_schannel_bind_data(TALLOC_CTX *mem_ctx, const char *domain,
- enum pipe_auth_level auth_level,
+ enum dcerpc_AuthLevel auth_level,
const uint8_t sess_key[16],
struct cli_pipe_auth_data **presult);
NTSTATUS rpccli_kerberos_bind_data(TALLOC_CTX *mem_ctx,
- enum pipe_auth_level auth_level,
+ enum dcerpc_AuthLevel auth_level,
const char *service_princ,
const char *username,
const char *password,
@@ -5335,7 +5326,7 @@ NTSTATUS cli_rpc_pipe_open_noauth_transport(struct cli_state *cli,
NTSTATUS cli_rpc_pipe_open_ntlmssp(struct cli_state *cli,
const struct ndr_syntax_id *interface,
enum dcerpc_transport_t transport,
- enum pipe_auth_level auth_level,
+ enum dcerpc_AuthLevel auth_level,
const char *domain,
const char *username,
const char *password,
@@ -5343,7 +5334,7 @@ NTSTATUS cli_rpc_pipe_open_ntlmssp(struct cli_state *cli,
NTSTATUS cli_rpc_pipe_open_spnego_ntlmssp(struct cli_state *cli,
const struct ndr_syntax_id *interface,
enum dcerpc_transport_t transport,
- enum pipe_auth_level auth_level,
+ enum dcerpc_AuthLevel auth_level,
const char *domain,
const char *username,
const char *password,
@@ -5355,14 +5346,14 @@ NTSTATUS get_schannel_session_key(struct cli_state *cli,
NTSTATUS cli_rpc_pipe_open_schannel_with_key(struct cli_state *cli,
const struct ndr_syntax_id *interface,
enum dcerpc_transport_t transport,
- enum pipe_auth_level auth_level,
+ enum dcerpc_AuthLevel auth_level,
const char *domain,
struct netlogon_creds_CredentialState **pdc,
struct rpc_pipe_client **presult);
NTSTATUS cli_rpc_pipe_open_ntlmssp_auth_schannel(struct cli_state *cli,
const struct ndr_syntax_id *interface,
enum dcerpc_transport_t transport,
- enum pipe_auth_level auth_level,
+ enum dcerpc_AuthLevel auth_level,
const char *domain,
const char *username,
const char *password,
@@ -5370,12 +5361,12 @@ NTSTATUS cli_rpc_pipe_open_ntlmssp_auth_schannel(struct cli_state *cli,
NTSTATUS cli_rpc_pipe_open_schannel(struct cli_state *cli,
const struct ndr_syntax_id *interface,
enum dcerpc_transport_t transport,
- enum pipe_auth_level auth_level,
+ enum dcerpc_AuthLevel auth_level,
const char *domain,
struct rpc_pipe_client **presult);
NTSTATUS cli_rpc_pipe_open_krb5(struct cli_state *cli,
const struct ndr_syntax_id *interface,
- enum pipe_auth_level auth_level,
+ enum dcerpc_AuthLevel auth_level,
const char *service_princ,
const char *username,
const char *password,
@@ -5715,11 +5706,11 @@ bool prs_uint16s(bool charmode, const char *name, prs_struct *ps, int depth, uin
bool prs_uint32s(bool charmode, const char *name, prs_struct *ps, int depth, uint32 *data32s, int len);
bool prs_unistr(const char *name, prs_struct *ps, int depth, UNISTR *str);
bool prs_string(const char *name, prs_struct *ps, int depth, char *str, int max_buf_size);
-void schannel_encode(struct schannel_auth_struct *a, enum pipe_auth_level auth_level,
+void schannel_encode(struct schannel_auth_struct *a, enum dcerpc_AuthLevel auth_level,
enum schannel_direction direction,
struct NL_AUTH_SIGNATURE *verf,
char *data, size_t data_len);
-bool schannel_decode(struct schannel_auth_struct *a, enum pipe_auth_level auth_level,
+bool schannel_decode(struct schannel_auth_struct *a, enum dcerpc_AuthLevel auth_level,
enum schannel_direction direction,
struct NL_AUTH_SIGNATURE *verf, char *data, size_t data_len);
bool prs_init_data_blob(prs_struct *prs, DATA_BLOB *blob, TALLOC_CTX *mem_ctx);
diff --git a/source3/include/rpc_dce.h b/source3/include/rpc_dce.h
index 7992658a72..fc2d8809b9 100644
--- a/source3/include/rpc_dce.h
+++ b/source3/include/rpc_dce.h
@@ -53,31 +53,6 @@ enum RPC_PKT_TYPE {
#define RPC_FLG_LAST 0x02
#define RPC_FLG_NOCALL 0x20
-
-#define SMBD_NTLMSSP_NEG_FLAGS 0x000082b1 /* ALWAYS_SIGN|NEG_NTLM|NEG_LM|NEG_SEAL|NEG_SIGN|NEG_UNICODE */
-
-/* DCE RPC auth types - extended by Microsoft. */
-#define RPC_ANONYMOUS_AUTH_TYPE 0
-#define RPC_AUTH_TYPE_KRB5_1 1
-#define RPC_SPNEGO_AUTH_TYPE 9
-#define RPC_NTLMSSP_AUTH_TYPE 10
-#define RPC_KRB5_AUTH_TYPE 16 /* Not yet implemented. */
-#define RPC_SCHANNEL_AUTH_TYPE 68 /* 0x44 */
-
-/* DCE-RPC standard identifiers to indicate
- signing or sealing of an RPC pipe */
-#define RPC_AUTH_LEVEL_NONE 1
-#define RPC_AUTH_LEVEL_CONNECT 2
-#define RPC_AUTH_LEVEL_CALL 3
-#define RPC_AUTH_LEVEL_PACKET 4
-#define RPC_AUTH_LEVEL_INTEGRITY 5
-#define RPC_AUTH_LEVEL_PRIVACY 6
-
-#if 0
-#define RPC_PIPE_AUTH_SIGN_LEVEL 0x5
-#define RPC_PIPE_AUTH_SEAL_LEVEL 0x6
-#endif
-
/* Netlogon schannel auth type and level */
#define SCHANNEL_SIGN_SIGNATURE { 0x77, 0x00, 0xff, 0xff, 0xff, 0xff, 0x00, 0x00 }
#define SCHANNEL_SEAL_SIGNATURE { 0x77, 0x00, 0x7a, 0x00, 0xff, 0xff, 0x00, 0x00 }
@@ -174,15 +149,6 @@ typedef struct rpc_hdr_auth_info {
#define RPC_HDR_AUTH_LEN 8
-/* attached to the end of encrypted rpc requests and responses */
-/* RPC_AUTH_SCHANNEL_CHK */
-typedef struct rpc_auth_schannel_chk_info {
- uint8 sig [8]; /* 77 00 7a 00 ff ff 00 00 */
- uint8 packet_digest[8]; /* checksum over the packet, MD5'ed with session key */
- uint8 seq_num[8]; /* verifier, seq num */
- uint8 confounder[8]; /* random 8-byte nonce */
-} RPC_AUTH_SCHANNEL_CHK;
-
typedef struct rpc_context {
uint16 context_id; /* presentation context identifier. */
uint8 num_transfer_syntaxes; /* the number of syntaxes */
diff --git a/source3/lib/util_sock.c b/source3/lib/util_sock.c
index 6cc2e53811..08cbced1e5 100644
--- a/source3/lib/util_sock.c
+++ b/source3/lib/util_sock.c
@@ -21,121 +21,6 @@
#include "includes.h"
-/*******************************************************************
- Map a text hostname or IP address (IPv4 or IPv6) into a
- struct sockaddr_storage. Takes a flag which allows it to
- prefer an IPv4 address (needed for DC's).
-******************************************************************/
-
-static bool interpret_string_addr_pref(struct sockaddr_storage *pss,
- const char *str,
- int flags,
- bool prefer_ipv4)
-{
- struct addrinfo *res = NULL;
-#if defined(HAVE_IPV6)
- char addr[INET6_ADDRSTRLEN];
- unsigned int scope_id = 0;
-
- if (strchr_m(str, ':')) {
- char *p = strchr_m(str, '%');
-
- /*
- * Cope with link-local.
- * This is IP:v6:addr%ifname.
- */
-
- if (p && (p > str) && ((scope_id = if_nametoindex(p+1)) != 0)) {
- strlcpy(addr, str,
- MIN(PTR_DIFF(p,str)+1,
- sizeof(addr)));
- str = addr;
- }
- }
-#endif
-
- zero_sockaddr(pss);
-
- if (!interpret_string_addr_internal(&res, str, flags|AI_ADDRCONFIG)) {
- return false;
- }
- if (!res) {
- return false;
- }
-
- if (prefer_ipv4) {
- struct addrinfo *p;
-
- for (p = res; p; p = p->ai_next) {
- if (p->ai_family == AF_INET) {
- memcpy(pss, p->ai_addr, p->ai_addrlen);
- break;
- }
- }
- if (p == NULL) {
- /* Copy the first sockaddr. */
- memcpy(pss, res->ai_addr, res->ai_addrlen);
- }
- } else {
- /* Copy the first sockaddr. */
- memcpy(pss, res->ai_addr, res->ai_addrlen);
- }
-
-#if defined(HAVE_IPV6)
- if (pss->ss_family == AF_INET6 && scope_id) {
- struct sockaddr_in6 *ps6 = (struct sockaddr_in6 *)pss;
- if (IN6_IS_ADDR_LINKLOCAL(&ps6->sin6_addr) &&
- ps6->sin6_scope_id == 0) {
- ps6->sin6_scope_id = scope_id;
- }
- }
-#endif
-
- freeaddrinfo(res);
- return true;
-}
-
-/*******************************************************************
- Map a text hostname or IP address (IPv4 or IPv6) into a
- struct sockaddr_storage. Address agnostic version.
-******************************************************************/
-
-bool interpret_string_addr(struct sockaddr_storage *pss,
- const char *str,
- int flags)
-{
- return interpret_string_addr_pref(pss,
- str,
- flags,
- false);
-}
-
-/*******************************************************************
- Map a text hostname or IP address (IPv4 or IPv6) into a
- struct sockaddr_storage. Version that prefers IPv4.
-******************************************************************/
-
-bool interpret_string_addr_prefer_ipv4(struct sockaddr_storage *pss,
- const char *str,
- int flags)
-{
- return interpret_string_addr_pref(pss,
- str,
- flags,
- true);
-}
-
-/*******************************************************************
- Set an address to INADDR_ANY.
-******************************************************************/
-
-void zero_sockaddr(struct sockaddr_storage *pss)
-{
- memset(pss, '\0', sizeof(*pss));
- /* Ensure we're at least a valid sockaddr-storage. */
- pss->ss_family = AF_INET;
-}
-
/****************************************************************************
Get a port number in host byte order from a sockaddr_storage.
****************************************************************************/
diff --git a/source3/libnet/libnet_join.c b/source3/libnet/libnet_join.c
index 7794e0367a..5315fccff6 100644
--- a/source3/libnet/libnet_join.c
+++ b/source3/libnet/libnet_join.c
@@ -1136,7 +1136,7 @@ NTSTATUS libnet_join_ok(const char *netbios_domain_name,
status = cli_rpc_pipe_open_schannel_with_key(
cli, &ndr_table_netlogon.syntax_id, NCACN_NP,
- PIPE_AUTH_LEVEL_PRIVACY,
+ DCERPC_AUTH_LEVEL_PRIVACY,
netbios_domain_name, &netlogon_pipe->dc, &pipe_hnd);
cli_shutdown(cli);
diff --git a/source3/libsmb/namequery.c b/source3/libsmb/namequery.c
index 1a641ac791..930f0a54f4 100644
--- a/source3/libsmb/namequery.c
+++ b/source3/libsmb/namequery.c
@@ -847,134 +847,6 @@ struct sockaddr_storage *name_query(int fd,
}
/********************************************************
- Start parsing the lmhosts file.
-*********************************************************/
-
-XFILE *startlmhosts(const char *fname)
-{
- XFILE *fp = x_fopen(fname,O_RDONLY, 0);
- if (!fp) {
- DEBUG(4,("startlmhosts: Can't open lmhosts file %s. "
- "Error was %s\n",
- fname, strerror(errno)));
- return NULL;
- }
- return fp;
-}
-
-/********************************************************
- Parse the next line in the lmhosts file.
-*********************************************************/
-
-bool getlmhostsent(TALLOC_CTX *ctx, XFILE *fp, char **pp_name, int *name_type,
- struct sockaddr_storage *pss)
-{
- char line[1024];
-
- *pp_name = NULL;
-
- while(!x_feof(fp) && !x_ferror(fp)) {
- char *ip = NULL;
- char *flags = NULL;
- char *extra = NULL;
- char *name = NULL;
- const char *ptr;
- char *ptr1 = NULL;
- int count = 0;
-
- *name_type = -1;
-
- if (!fgets_slash(line,sizeof(line),fp)) {
- continue;
- }
-
- if (*line == '#') {
- continue;
- }
-
- ptr = line;
-
- if (next_token_talloc(ctx, &ptr, &ip, NULL))
- ++count;
- if (next_token_talloc(ctx, &ptr, &name, NULL))
- ++count;
- if (next_token_talloc(ctx, &ptr, &flags, NULL))
- ++count;
- if (next_token_talloc(ctx, &ptr, &extra, NULL))
- ++count;
-
- if (count <= 0)
- continue;
-
- if (count > 0 && count < 2) {
- DEBUG(0,("getlmhostsent: Ill formed hosts line [%s]\n",
- line));
- continue;
- }
-
- if (count >= 4) {
- DEBUG(0,("getlmhostsent: too many columns "
- "in lmhosts file (obsolete syntax)\n"));
- continue;
- }
-
- if (!flags) {
- flags = talloc_strdup(ctx, "");
- if (!flags) {
- continue;
- }
- }
-
- DEBUG(4, ("getlmhostsent: lmhost entry: %s %s %s\n",
- ip, name, flags));
-
- if (strchr_m(flags,'G') || strchr_m(flags,'S')) {
- DEBUG(0,("getlmhostsent: group flag "
- "in lmhosts ignored (obsolete)\n"));
- continue;
- }
-
- if (!interpret_string_addr(pss, ip, AI_NUMERICHOST)) {
- DEBUG(0,("getlmhostsent: invalid address "
- "%s.\n", ip));
- }
-
- /* Extra feature. If the name ends in '#XX',
- * where XX is a hex number, then only add that name type. */
- if((ptr1 = strchr_m(name, '#')) != NULL) {
- char *endptr;
- ptr1++;
-
- *name_type = (int)strtol(ptr1, &endptr, 16);
- if(!*ptr1 || (endptr == ptr1)) {
- DEBUG(0,("getlmhostsent: invalid name "
- "%s containing '#'.\n", name));
- continue;
- }
-
- *(--ptr1) = '\0'; /* Truncate at the '#' */
- }
-
- *pp_name = talloc_strdup(ctx, name);
- if (!*pp_name) {
- return false;
- }
- return true;
- }
-
- return false;
-}
-
-/********************************************************
- Finish parsing the lmhosts file.
-*********************************************************/
-
-void endlmhosts(XFILE *fp)
-{
- x_fclose(fp);
-}
-
-/********************************************************
convert an array if struct sockaddr_storage to struct ip_service
return false on failure. Port is set to PORT_NONE;
*********************************************************/
diff --git a/source3/libsmb/passchange.c b/source3/libsmb/passchange.c
index ab951618fe..570a048502 100644
--- a/source3/libsmb/passchange.c
+++ b/source3/libsmb/passchange.c
@@ -177,7 +177,7 @@ NTSTATUS remote_password_change(const char *remote_machine, const char *user_nam
result = cli_rpc_pipe_open_ntlmssp(cli,
&ndr_table_samr.syntax_id,
NCACN_NP,
- PIPE_AUTH_LEVEL_PRIVACY,
+ DCERPC_AUTH_LEVEL_PRIVACY,
domain, user,
old_passwd,
&pipe_hnd);
diff --git a/source3/rpc_client/cli_pipe.c b/source3/rpc_client/cli_pipe.c
index ab9b5fee33..a667a9fb13 100644
--- a/source3/rpc_client/cli_pipe.c
+++ b/source3/rpc_client/cli_pipe.c
@@ -123,20 +123,20 @@ static int map_pipe_auth_type_to_rpc_auth_type(enum pipe_auth_type auth_type)
switch (auth_type) {
case PIPE_AUTH_TYPE_NONE:
- return RPC_ANONYMOUS_AUTH_TYPE;
+ return DCERPC_AUTH_TYPE_NONE;
case PIPE_AUTH_TYPE_NTLMSSP:
- return RPC_NTLMSSP_AUTH_TYPE;
+ return DCERPC_AUTH_TYPE_NTLMSSP;
case PIPE_AUTH_TYPE_SPNEGO_NTLMSSP:
case PIPE_AUTH_TYPE_SPNEGO_KRB5:
- return RPC_SPNEGO_AUTH_TYPE;
+ return DCERPC_AUTH_TYPE_SPNEGO;
case PIPE_AUTH_TYPE_SCHANNEL:
- return RPC_SCHANNEL_AUTH_TYPE;
+ return DCERPC_AUTH_TYPE_SCHANNEL;
case PIPE_AUTH_TYPE_KRB5:
- return RPC_KRB5_AUTH_TYPE;
+ return DCERPC_AUTH_TYPE_KRB5;
default:
DEBUG(0,("map_pipe_auth_type_to_rpc_type: unknown pipe "
@@ -559,8 +559,8 @@ static NTSTATUS cli_pipe_verify_ntlmssp(struct rpc_pipe_client *cli, RPC_HDR *pr
DATA_BLOB auth_blob;
NTSTATUS status;
- if (cli->auth->auth_level == PIPE_AUTH_LEVEL_NONE
- || cli->auth->auth_level == PIPE_AUTH_LEVEL_CONNECT) {
+ if (cli->auth->auth_level == DCERPC_AUTH_LEVEL_NONE
+ || cli->auth->auth_level == DCERPC_AUTH_LEVEL_CONNECT) {
return NT_STATUS_OK;
}
@@ -605,7 +605,7 @@ static NTSTATUS cli_pipe_verify_ntlmssp(struct rpc_pipe_client *cli, RPC_HDR *pr
auth_blob.length = auth_len;
switch (cli->auth->auth_level) {
- case PIPE_AUTH_LEVEL_PRIVACY:
+ case DCERPC_AUTH_LEVEL_PRIVACY:
/* Data is encrypted. */
status = ntlmssp_unseal_packet(ntlmssp_state,
data, data_len,
@@ -620,7 +620,7 @@ static NTSTATUS cli_pipe_verify_ntlmssp(struct rpc_pipe_client *cli, RPC_HDR *pr
return status;
}
break;
- case PIPE_AUTH_LEVEL_INTEGRITY:
+ case DCERPC_AUTH_LEVEL_INTEGRITY:
/* Data is signed. */
status = ntlmssp_check_packet(ntlmssp_state,
data, data_len,
@@ -679,8 +679,8 @@ static NTSTATUS cli_pipe_verify_schannel(struct rpc_pipe_client *cli, RPC_HDR *p
enum ndr_err_code ndr_err;
DATA_BLOB blob;
- if (cli->auth->auth_level == PIPE_AUTH_LEVEL_NONE
- || cli->auth->auth_level == PIPE_AUTH_LEVEL_CONNECT) {
+ if (cli->auth->auth_level == DCERPC_AUTH_LEVEL_NONE
+ || cli->auth->auth_level == DCERPC_AUTH_LEVEL_CONNECT) {
return NT_STATUS_OK;
}
@@ -714,7 +714,7 @@ static NTSTATUS cli_pipe_verify_schannel(struct rpc_pipe_client *cli, RPC_HDR *p
return NT_STATUS_BUFFER_TOO_SMALL;
}
- if (auth_info.auth_type != RPC_SCHANNEL_AUTH_TYPE) {
+ if (auth_info.auth_type != DCERPC_AUTH_TYPE_SCHANNEL) {
DEBUG(0,("cli_pipe_verify_schannel: Invalid auth info %d on schannel\n",
auth_info.auth_type));
return NT_STATUS_BUFFER_TOO_SMALL;
@@ -1470,7 +1470,7 @@ static NTSTATUS rpc_api_pipe_recv(struct tevent_req *req, TALLOC_CTX *mem_ctx,
********************************************************************/
static NTSTATUS create_krb5_auth_bind_req( struct rpc_pipe_client *cli,
- enum pipe_auth_level auth_level,
+ enum dcerpc_AuthLevel auth_level,
RPC_HDR_AUTH *pauth_out,
prs_struct *auth_data)
{
@@ -1481,7 +1481,7 @@ static NTSTATUS create_krb5_auth_bind_req( struct rpc_pipe_client *cli,
DATA_BLOB tkt_wrapped = data_blob_null;
/* We may change the pad length before marshalling. */
- init_rpc_hdr_auth(pauth_out, RPC_KRB5_AUTH_TYPE, (int)auth_level, 0, 1);
+ init_rpc_hdr_auth(pauth_out, DCERPC_AUTH_TYPE_KRB5, (int)auth_level, 0, 1);
DEBUG(5, ("create_krb5_auth_bind_req: creating a service ticket for principal %s\n",
a->service_principal ));
@@ -1529,7 +1529,7 @@ static NTSTATUS create_krb5_auth_bind_req( struct rpc_pipe_client *cli,
********************************************************************/
static NTSTATUS create_spnego_ntlmssp_auth_rpc_bind_req( struct rpc_pipe_client *cli,
- enum pipe_auth_level auth_level,
+ enum dcerpc_AuthLevel auth_level,
RPC_HDR_AUTH *pauth_out,
prs_struct *auth_data)
{
@@ -1539,7 +1539,7 @@ static NTSTATUS create_spnego_ntlmssp_auth_rpc_bind_req( struct rpc_pipe_client
DATA_BLOB spnego_msg = data_blob_null;
/* We may change the pad length before marshalling. */
- init_rpc_hdr_auth(pauth_out, RPC_SPNEGO_AUTH_TYPE, (int)auth_level, 0, 1);
+ init_rpc_hdr_auth(pauth_out, DCERPC_AUTH_TYPE_SPNEGO, (int)auth_level, 0, 1);
DEBUG(5, ("create_spnego_ntlmssp_auth_rpc_bind_req: Processing NTLMSSP Negotiate\n"));
nt_status = ntlmssp_update(cli->auth->a_u.ntlmssp_state,
@@ -1576,7 +1576,7 @@ static NTSTATUS create_spnego_ntlmssp_auth_rpc_bind_req( struct rpc_pipe_client
********************************************************************/
static NTSTATUS create_ntlmssp_auth_rpc_bind_req( struct rpc_pipe_client *cli,
- enum pipe_auth_level auth_level,
+ enum dcerpc_AuthLevel auth_level,
RPC_HDR_AUTH *pauth_out,
prs_struct *auth_data)
{
@@ -1585,7 +1585,7 @@ static NTSTATUS create_ntlmssp_auth_rpc_bind_req( struct rpc_pipe_client *cli,
DATA_BLOB request = data_blob_null;
/* We may change the pad length before marshalling. */
- init_rpc_hdr_auth(pauth_out, RPC_NTLMSSP_AUTH_TYPE, (int)auth_level, 0, 1);
+ init_rpc_hdr_auth(pauth_out, DCERPC_AUTH_TYPE_NTLMSSP, (int)auth_level, 0, 1);
DEBUG(5, ("create_ntlmssp_auth_rpc_bind_req: Processing NTLMSSP Negotiate\n"));
nt_status = ntlmssp_update(cli->auth->a_u.ntlmssp_state,
@@ -1617,7 +1617,7 @@ static NTSTATUS create_ntlmssp_auth_rpc_bind_req( struct rpc_pipe_client *cli,
********************************************************************/
static NTSTATUS create_schannel_auth_rpc_bind_req( struct rpc_pipe_client *cli,
- enum pipe_auth_level auth_level,
+ enum dcerpc_AuthLevel auth_level,
RPC_HDR_AUTH *pauth_out,
prs_struct *auth_data)
{
@@ -1626,7 +1626,7 @@ static NTSTATUS create_schannel_auth_rpc_bind_req( struct rpc_pipe_client *cli,
DATA_BLOB blob;
/* We may change the pad length before marshalling. */
- init_rpc_hdr_auth(pauth_out, RPC_SCHANNEL_AUTH_TYPE, (int)auth_level, 0, 1);
+ init_rpc_hdr_auth(pauth_out, DCERPC_AUTH_TYPE_SCHANNEL, (int)auth_level, 0, 1);
/* Use lp_workgroup() if domain not specified */
@@ -1760,7 +1760,7 @@ static NTSTATUS create_rpc_bind_req(struct rpc_pipe_client *cli,
const struct ndr_syntax_id *abstract,
const struct ndr_syntax_id *transfer,
enum pipe_auth_type auth_type,
- enum pipe_auth_level auth_level)
+ enum dcerpc_AuthLevel auth_level)
{
RPC_HDR_AUTH hdr_auth;
prs_struct auth_info;
@@ -1856,7 +1856,7 @@ static NTSTATUS add_ntlmssp_auth_footer(struct rpc_pipe_client *cli,
}
switch (cli->auth->auth_level) {
- case PIPE_AUTH_LEVEL_PRIVACY:
+ case DCERPC_AUTH_LEVEL_PRIVACY:
/* Data portion is encrypted. */
status = ntlmssp_seal_packet(cli->auth->a_u.ntlmssp_state,
(unsigned char *)prs_data_p(outgoing_pdu) + RPC_HEADER_LEN + RPC_HDR_RESP_LEN,
@@ -1870,7 +1870,7 @@ static NTSTATUS add_ntlmssp_auth_footer(struct rpc_pipe_client *cli,
}
break;
- case PIPE_AUTH_LEVEL_INTEGRITY:
+ case DCERPC_AUTH_LEVEL_INTEGRITY:
/* Data is signed. */
status = ntlmssp_sign_packet(cli->auth->a_u.ntlmssp_state,
(unsigned char *)prs_data_p(outgoing_pdu) + RPC_HEADER_LEN + RPC_HDR_RESP_LEN,
@@ -1938,8 +1938,8 @@ static NTSTATUS add_schannel_auth_footer(struct rpc_pipe_client *cli,
}
switch (cli->auth->auth_level) {
- case PIPE_AUTH_LEVEL_PRIVACY:
- case PIPE_AUTH_LEVEL_INTEGRITY:
+ case DCERPC_AUTH_LEVEL_PRIVACY:
+ case DCERPC_AUTH_LEVEL_INTEGRITY:
DEBUG(10,("add_schannel_auth_footer: SCHANNEL seq_num=%d\n",
sas->seq_num));
@@ -1998,8 +1998,8 @@ static uint32 calculate_data_len_tosend(struct rpc_pipe_client *cli,
#endif
switch (cli->auth->auth_level) {
- case PIPE_AUTH_LEVEL_NONE:
- case PIPE_AUTH_LEVEL_CONNECT:
+ case DCERPC_AUTH_LEVEL_NONE:
+ case DCERPC_AUTH_LEVEL_CONNECT:
data_space = cli->max_xmit_frag - RPC_HEADER_LEN - RPC_HDR_REQ_LEN;
data_len = MIN(data_space, data_left);
*p_ss_padding = 0;
@@ -2007,8 +2007,8 @@ static uint32 calculate_data_len_tosend(struct rpc_pipe_client *cli,
*p_frag_len = RPC_HEADER_LEN + RPC_HDR_REQ_LEN + data_len;
return data_len;
- case PIPE_AUTH_LEVEL_INTEGRITY:
- case PIPE_AUTH_LEVEL_PRIVACY:
+ case DCERPC_AUTH_LEVEL_INTEGRITY:
+ case DCERPC_AUTH_LEVEL_PRIVACY:
/* Treat the same for all authenticated rpc requests. */
switch(cli->auth->auth_type) {
case PIPE_AUTH_TYPE_SPNEGO_NTLMSSP:
@@ -2404,7 +2404,7 @@ static bool check_bind_response(RPC_HDR_BA *hdr_ba,
static NTSTATUS create_rpc_bind_auth3(struct rpc_pipe_client *cli,
uint32 rpc_call_id,
enum pipe_auth_type auth_type,
- enum pipe_auth_level auth_level,
+ enum dcerpc_AuthLevel auth_level,
DATA_BLOB *pauth_blob,
prs_struct *rpc_out)
{
@@ -2464,7 +2464,7 @@ static NTSTATUS create_rpc_bind_auth3(struct rpc_pipe_client *cli,
static NTSTATUS create_rpc_alter_context(uint32 rpc_call_id,
const struct ndr_syntax_id *abstract,
const struct ndr_syntax_id *transfer,
- enum pipe_auth_level auth_level,
+ enum dcerpc_AuthLevel auth_level,
const DATA_BLOB *pauth_blob, /* spnego auth blob already created. */
prs_struct *rpc_out)
{
@@ -2477,7 +2477,7 @@ static NTSTATUS create_rpc_alter_context(uint32 rpc_call_id,
return NT_STATUS_NO_MEMORY;
/* We may change the pad length before marshalling. */
- init_rpc_hdr_auth(&hdr_auth, RPC_SPNEGO_AUTH_TYPE, (int)auth_level, 0, 1);
+ init_rpc_hdr_auth(&hdr_auth, DCERPC_AUTH_TYPE_SPNEGO, (int)auth_level, 0, 1);
if (pauth_blob->length) {
if (!prs_copy_data_in(&auth_info, (const char *)pauth_blob->data, pauth_blob->length)) {
@@ -2980,7 +2980,7 @@ NTSTATUS rpccli_anon_bind_data(TALLOC_CTX *mem_ctx,
}
result->auth_type = PIPE_AUTH_TYPE_NONE;
- result->auth_level = PIPE_AUTH_LEVEL_NONE;
+ result->auth_level = DCERPC_AUTH_LEVEL_NONE;
result->user_name = talloc_strdup(result, "");
result->domain = talloc_strdup(result, "");
@@ -3001,7 +3001,7 @@ static int cli_auth_ntlmssp_data_destructor(struct cli_pipe_auth_data *auth)
NTSTATUS rpccli_ntlmssp_bind_data(TALLOC_CTX *mem_ctx,
enum pipe_auth_type auth_type,
- enum pipe_auth_level auth_level,
+ enum dcerpc_AuthLevel auth_level,
const char *domain,
const char *username,
const char *password,
@@ -3053,9 +3053,9 @@ NTSTATUS rpccli_ntlmssp_bind_data(TALLOC_CTX *mem_ctx,
result->a_u.ntlmssp_state->neg_flags &=
~(NTLMSSP_NEGOTIATE_SIGN | NTLMSSP_NEGOTIATE_SEAL);
- if (auth_level == PIPE_AUTH_LEVEL_INTEGRITY) {
+ if (auth_level == DCERPC_AUTH_LEVEL_INTEGRITY) {
result->a_u.ntlmssp_state->neg_flags |= NTLMSSP_NEGOTIATE_SIGN;
- } else if (auth_level == PIPE_AUTH_LEVEL_PRIVACY) {
+ } else if (auth_level == DCERPC_AUTH_LEVEL_PRIVACY) {
result->a_u.ntlmssp_state->neg_flags
|= NTLMSSP_NEGOTIATE_SEAL | NTLMSSP_NEGOTIATE_SIGN;
}
@@ -3069,7 +3069,7 @@ NTSTATUS rpccli_ntlmssp_bind_data(TALLOC_CTX *mem_ctx,
}
NTSTATUS rpccli_schannel_bind_data(TALLOC_CTX *mem_ctx, const char *domain,
- enum pipe_auth_level auth_level,
+ enum dcerpc_AuthLevel auth_level,
const uint8_t sess_key[16],
struct cli_pipe_auth_data **presult)
{
@@ -3116,7 +3116,7 @@ static int cli_auth_kerberos_data_destructor(struct kerberos_auth_struct *auth)
#endif
NTSTATUS rpccli_kerberos_bind_data(TALLOC_CTX *mem_ctx,
- enum pipe_auth_level auth_level,
+ enum dcerpc_AuthLevel auth_level,
const char *service_princ,
const char *username,
const char *password,
@@ -3702,7 +3702,7 @@ static NTSTATUS cli_rpc_pipe_open_ntlmssp_internal(struct cli_state *cli,
const struct ndr_syntax_id *interface,
enum dcerpc_transport_t transport,
enum pipe_auth_type auth_type,
- enum pipe_auth_level auth_level,
+ enum dcerpc_AuthLevel auth_level,
const char *domain,
const char *username,
const char *password,
@@ -3755,7 +3755,7 @@ static NTSTATUS cli_rpc_pipe_open_ntlmssp_internal(struct cli_state *cli,
NTSTATUS cli_rpc_pipe_open_ntlmssp(struct cli_state *cli,
const struct ndr_syntax_id *interface,
enum dcerpc_transport_t transport,
- enum pipe_auth_level auth_level,
+ enum dcerpc_AuthLevel auth_level,
const char *domain,
const char *username,
const char *password,
@@ -3780,7 +3780,7 @@ NTSTATUS cli_rpc_pipe_open_ntlmssp(struct cli_state *cli,
NTSTATUS cli_rpc_pipe_open_spnego_ntlmssp(struct cli_state *cli,
const struct ndr_syntax_id *interface,
enum dcerpc_transport_t transport,
- enum pipe_auth_level auth_level,
+ enum dcerpc_AuthLevel auth_level,
const char *domain,
const char *username,
const char *password,
@@ -3889,7 +3889,7 @@ NTSTATUS get_schannel_session_key(struct cli_state *cli,
NTSTATUS cli_rpc_pipe_open_schannel_with_key(struct cli_state *cli,
const struct ndr_syntax_id *interface,
enum dcerpc_transport_t transport,
- enum pipe_auth_level auth_level,
+ enum dcerpc_AuthLevel auth_level,
const char *domain,
struct netlogon_creds_CredentialState **pdc,
struct rpc_pipe_client **presult)
@@ -3959,7 +3959,7 @@ static NTSTATUS get_schannel_session_key_auth_ntlmssp(struct cli_state *cli,
status = cli_rpc_pipe_open_spnego_ntlmssp(
cli, &ndr_table_netlogon.syntax_id, NCACN_NP,
- PIPE_AUTH_LEVEL_PRIVACY,
+ DCERPC_AUTH_LEVEL_PRIVACY,
domain, username, password, &netlogon_pipe);
if (!NT_STATUS_IS_OK(status)) {
return status;
@@ -3985,7 +3985,7 @@ static NTSTATUS get_schannel_session_key_auth_ntlmssp(struct cli_state *cli,
NTSTATUS cli_rpc_pipe_open_ntlmssp_auth_schannel(struct cli_state *cli,
const struct ndr_syntax_id *interface,
enum dcerpc_transport_t transport,
- enum pipe_auth_level auth_level,
+ enum dcerpc_AuthLevel auth_level,
const char *domain,
const char *username,
const char *password,
@@ -4026,7 +4026,7 @@ NTSTATUS cli_rpc_pipe_open_ntlmssp_auth_schannel(struct cli_state *cli,
NTSTATUS cli_rpc_pipe_open_schannel(struct cli_state *cli,
const struct ndr_syntax_id *interface,
enum dcerpc_transport_t transport,
- enum pipe_auth_level auth_level,
+ enum dcerpc_AuthLevel auth_level,
const char *domain,
struct rpc_pipe_client **presult)
{
@@ -4066,7 +4066,7 @@ NTSTATUS cli_rpc_pipe_open_schannel(struct cli_state *cli,
NTSTATUS cli_rpc_pipe_open_krb5(struct cli_state *cli,
const struct ndr_syntax_id *interface,
- enum pipe_auth_level auth_level,
+ enum dcerpc_AuthLevel auth_level,
const char *service_princ,
const char *username,
const char *password,
diff --git a/source3/rpc_parse/parse_prs.c b/source3/rpc_parse/parse_prs.c
index c5c0c02090..09263b45d4 100644
--- a/source3/rpc_parse/parse_prs.c
+++ b/source3/rpc_parse/parse_prs.c
@@ -1071,7 +1071,7 @@ bool prs_string(const char *name, prs_struct *ps, int depth, char *str, int max_
********************************************************************/
static void schannel_digest(struct schannel_auth_struct *a,
- enum pipe_auth_level auth_level,
+ enum dcerpc_AuthLevel auth_level,
struct NL_AUTH_SIGNATURE *verf,
char *data, size_t data_len,
uchar digest_final[16])
@@ -1095,7 +1095,7 @@ static void schannel_digest(struct schannel_auth_struct *a,
out of order */
MD5Update(&ctx3, zeros, sizeof(zeros));
MD5Update(&ctx3, sig, 8);
- if (auth_level == PIPE_AUTH_LEVEL_PRIVACY) {
+ if (auth_level == DCERPC_AUTH_LEVEL_PRIVACY) {
MD5Update(&ctx3, verf->Confounder, sizeof(verf->Confounder));
}
MD5Update(&ctx3, (const unsigned char *)data, data_len);
@@ -1169,7 +1169,7 @@ static void schannel_deal_with_seq_num(struct schannel_auth_struct *a,
quite compatible with what MS does.
********************************************************************/
-void schannel_encode(struct schannel_auth_struct *a, enum pipe_auth_level auth_level,
+void schannel_encode(struct schannel_auth_struct *a, enum dcerpc_AuthLevel auth_level,
enum schannel_direction direction,
struct NL_AUTH_SIGNATURE *verf,
char *data, size_t data_len)
@@ -1199,7 +1199,7 @@ void schannel_encode(struct schannel_auth_struct *a, enum pipe_auth_level auth_l
dump_data_pw("verf->SequenceNumber:\n", verf->SequenceNumber, sizeof(verf->SequenceNumber));
- if (auth_level == PIPE_AUTH_LEVEL_PRIVACY) {
+ if (auth_level == DCERPC_AUTH_LEVEL_PRIVACY) {
verf->SealAlgorithm = NL_SEAL_RC4;
} else {
verf->SealAlgorithm = NL_SEAL_NONE;
@@ -1217,7 +1217,7 @@ void schannel_encode(struct schannel_auth_struct *a, enum pipe_auth_level auth_l
schannel_digest(a, auth_level, verf, data, data_len, digest_final);
memcpy(verf->Checksum, digest_final, sizeof(verf->Checksum));
- if (auth_level == PIPE_AUTH_LEVEL_PRIVACY) {
+ if (auth_level == DCERPC_AUTH_LEVEL_PRIVACY) {
uchar sealing_key[16];
/* get the key to encode the data with */
@@ -1249,7 +1249,7 @@ void schannel_encode(struct schannel_auth_struct *a, enum pipe_auth_level auth_l
as well as decode sealed messages
********************************************************************/
-bool schannel_decode(struct schannel_auth_struct *a, enum pipe_auth_level auth_level,
+bool schannel_decode(struct schannel_auth_struct *a, enum dcerpc_AuthLevel auth_level,
enum schannel_direction direction,
struct NL_AUTH_SIGNATURE *verf, char *data, size_t data_len)
{
@@ -1263,7 +1263,7 @@ bool schannel_decode(struct schannel_auth_struct *a, enum pipe_auth_level auth_l
DEBUG(10,("SCHANNEL: schannel_decode seq_num=%d data_len=%lu\n", a->seq_num, (unsigned long)data_len));
- if (auth_level == PIPE_AUTH_LEVEL_PRIVACY) {
+ if (auth_level == DCERPC_AUTH_LEVEL_PRIVACY) {
schannel_sig = schannel_seal_sig;
} else {
schannel_sig = schannel_sign_sig;
@@ -1317,7 +1317,7 @@ bool schannel_decode(struct schannel_auth_struct *a, enum pipe_auth_level auth_l
return False;
}
- if (auth_level == PIPE_AUTH_LEVEL_PRIVACY) {
+ if (auth_level == DCERPC_AUTH_LEVEL_PRIVACY) {
uchar sealing_key[16];
/* get the key to extract the data with */
diff --git a/source3/rpc_server/srv_netlog_nt.c b/source3/rpc_server/srv_netlog_nt.c
index 07a0b971a0..06d4937261 100644
--- a/source3/rpc_server/srv_netlog_nt.c
+++ b/source3/rpc_server/srv_netlog_nt.c
@@ -595,8 +595,8 @@ static NTSTATUS netr_creds_server_step_check(pipes_struct *p,
struct tdb_context *tdb;
bool schannel_global_required = (lp_server_schannel() == true) ? true:false;
bool schannel_in_use = (p->auth.auth_type == PIPE_AUTH_TYPE_SCHANNEL) ? true:false; /* &&
- (p->auth.auth_level == PIPE_AUTH_LEVEL_INTEGRITY ||
- p->auth.auth_level == PIPE_AUTH_LEVEL_PRIVACY); */
+ (p->auth.auth_level == DCERPC_AUTH_LEVEL_INTEGRITY ||
+ p->auth.auth_level == DCERPC_AUTH_LEVEL_PRIVACY); */
tdb = open_schannel_session_store(mem_ctx);
if (!tdb) {
diff --git a/source3/rpc_server/srv_pipe.c b/source3/rpc_server/srv_pipe.c
index ce7df63972..3bd68c4e72 100644
--- a/source3/rpc_server/srv_pipe.c
+++ b/source3/rpc_server/srv_pipe.c
@@ -192,14 +192,14 @@ static bool create_next_pdu_ntlmssp(pipes_struct *p)
/* Now write out the auth header and null blob. */
if (p->auth.auth_type == PIPE_AUTH_TYPE_NTLMSSP) {
- auth_type = RPC_NTLMSSP_AUTH_TYPE;
+ auth_type = DCERPC_AUTH_TYPE_NTLMSSP;
} else {
- auth_type = RPC_SPNEGO_AUTH_TYPE;
+ auth_type = DCERPC_AUTH_TYPE_SPNEGO;
}
- if (p->auth.auth_level == PIPE_AUTH_LEVEL_PRIVACY) {
- auth_level = RPC_AUTH_LEVEL_PRIVACY;
+ if (p->auth.auth_level == DCERPC_AUTH_LEVEL_PRIVACY) {
+ auth_level = DCERPC_AUTH_LEVEL_PRIVACY;
} else {
- auth_level = RPC_AUTH_LEVEL_INTEGRITY;
+ auth_level = DCERPC_AUTH_LEVEL_INTEGRITY;
}
init_rpc_hdr_auth(&auth_info, auth_type, auth_level, ss_padding_len, 1 /* context id. */);
@@ -213,7 +213,7 @@ static bool create_next_pdu_ntlmssp(pipes_struct *p)
/* Generate the sign blob. */
switch (p->auth.auth_level) {
- case PIPE_AUTH_LEVEL_PRIVACY:
+ case DCERPC_AUTH_LEVEL_PRIVACY:
/* Data portion is encrypted. */
status = ntlmssp_seal_packet(
a->ntlmssp_state,
@@ -229,7 +229,7 @@ static bool create_next_pdu_ntlmssp(pipes_struct *p)
return False;
}
break;
- case PIPE_AUTH_LEVEL_INTEGRITY:
+ case DCERPC_AUTH_LEVEL_INTEGRITY:
/* Data is signed. */
status = ntlmssp_sign_packet(
a->ntlmssp_state,
@@ -414,9 +414,9 @@ static bool create_next_pdu_schannel(pipes_struct *p)
/* Check it's the type of reply we were expecting to decode */
init_rpc_hdr_auth(&auth_info,
- RPC_SCHANNEL_AUTH_TYPE,
- p->auth.auth_level == PIPE_AUTH_LEVEL_PRIVACY ?
- RPC_AUTH_LEVEL_PRIVACY : RPC_AUTH_LEVEL_INTEGRITY,
+ DCERPC_AUTH_TYPE_SCHANNEL,
+ p->auth.auth_level == DCERPC_AUTH_LEVEL_PRIVACY ?
+ DCERPC_AUTH_LEVEL_PRIVACY : DCERPC_AUTH_LEVEL_INTEGRITY,
ss_padding_len, 1);
if(!smb_io_rpc_hdr_auth("hdr_auth", &auth_info,
@@ -589,8 +589,8 @@ static bool create_next_pdu_noauth(pipes_struct *p)
bool create_next_pdu(pipes_struct *p)
{
switch(p->auth.auth_level) {
- case PIPE_AUTH_LEVEL_NONE:
- case PIPE_AUTH_LEVEL_CONNECT:
+ case DCERPC_AUTH_LEVEL_NONE:
+ case DCERPC_AUTH_LEVEL_CONNECT:
/* This is incorrect for auth level connect. Fixme. JRA */
return create_next_pdu_noauth(p);
@@ -647,7 +647,7 @@ static bool pipe_ntlmssp_verify_final(pipes_struct *p, DATA_BLOB *p_resp_blob)
ensure the underlying NTLMSSP flags are also set. If not we should
refuse the bind. */
- if (p->auth.auth_level == PIPE_AUTH_LEVEL_INTEGRITY) {
+ if (p->auth.auth_level == DCERPC_AUTH_LEVEL_INTEGRITY) {
if (!(a->ntlmssp_state->neg_flags & NTLMSSP_NEGOTIATE_SIGN)) {
DEBUG(0,("pipe_ntlmssp_verify_final: pipe %s : packet integrity requested "
"but client declined signing.\n",
@@ -655,7 +655,7 @@ static bool pipe_ntlmssp_verify_final(pipes_struct *p, DATA_BLOB *p_resp_blob)
return False;
}
}
- if (p->auth.auth_level == PIPE_AUTH_LEVEL_PRIVACY) {
+ if (p->auth.auth_level == DCERPC_AUTH_LEVEL_PRIVACY) {
if (!(a->ntlmssp_state->neg_flags & NTLMSSP_NEGOTIATE_SEAL)) {
DEBUG(0,("pipe_ntlmssp_verify_final: pipe %s : packet privacy requested "
"but client declined sealing.\n",
@@ -750,7 +750,7 @@ bool api_pipe_bind_auth3(pipes_struct *p, prs_struct *rpc_in_p)
goto err;
}
- if (auth_info.auth_type != RPC_NTLMSSP_AUTH_TYPE) {
+ if (auth_info.auth_type != DCERPC_AUTH_TYPE_NTLMSSP) {
DEBUG(0,("api_pipe_bind_auth3: incorrect auth type (%u).\n",
(unsigned int)auth_info.auth_type ));
return False;
@@ -840,7 +840,7 @@ static bool setup_bind_nak(pipes_struct *p)
if (p->auth.auth_data_free_func) {
(*p->auth.auth_data_free_func)(&p->auth);
}
- p->auth.auth_level = PIPE_AUTH_LEVEL_NONE;
+ p->auth.auth_level = DCERPC_AUTH_LEVEL_NONE;
p->auth.auth_type = PIPE_AUTH_TYPE_NONE;
p->pipe_bound = False;
@@ -1204,7 +1204,7 @@ static bool pipe_spnego_auth_bind_negotiate(pipes_struct *p, prs_struct *rpc_in_
}
/* Copy the blob into the pout_auth parse struct */
- init_rpc_hdr_auth(&auth_info, RPC_SPNEGO_AUTH_TYPE, pauth_info->auth_level, RPC_HDR_AUTH_LEN, 1);
+ init_rpc_hdr_auth(&auth_info, DCERPC_AUTH_TYPE_SPNEGO, pauth_info->auth_level, RPC_HDR_AUTH_LEN, 1);
if(!smb_io_rpc_hdr_auth("", &auth_info, pout_auth, 0)) {
DEBUG(0,("pipe_spnego_auth_bind_negotiate: marshalling of RPC_HDR_AUTH failed.\n"));
goto err;
@@ -1302,7 +1302,7 @@ static bool pipe_spnego_auth_bind_continue(pipes_struct *p, prs_struct *rpc_in_p
response = spnego_gen_auth_response(&auth_reply, NT_STATUS_OK, OID_NTLMSSP);
/* Copy the blob into the pout_auth parse struct */
- init_rpc_hdr_auth(&auth_info, RPC_SPNEGO_AUTH_TYPE, pauth_info->auth_level, RPC_HDR_AUTH_LEN, 1);
+ init_rpc_hdr_auth(&auth_info, DCERPC_AUTH_TYPE_SPNEGO, pauth_info->auth_level, RPC_HDR_AUTH_LEN, 1);
if(!smb_io_rpc_hdr_auth("", &auth_info, pout_auth, 0)) {
DEBUG(0,("pipe_spnego_auth_bind_continue: marshalling of RPC_HDR_AUTH failed.\n"));
goto err;
@@ -1427,7 +1427,7 @@ static bool pipe_schannel_auth_bind(pipes_struct *p, prs_struct *rpc_in_p,
return false;
}
- init_rpc_hdr_auth(&auth_info, RPC_SCHANNEL_AUTH_TYPE, pauth_info->auth_level, RPC_HDR_AUTH_LEN, 1);
+ init_rpc_hdr_auth(&auth_info, DCERPC_AUTH_TYPE_SCHANNEL, pauth_info->auth_level, RPC_HDR_AUTH_LEN, 1);
if(!smb_io_rpc_hdr_auth("", &auth_info, pout_auth, 0)) {
DEBUG(0,("pipe_schannel_auth_bind: marshalling of RPC_HDR_AUTH failed.\n"));
return False;
@@ -1516,7 +1516,7 @@ static bool pipe_ntlmssp_auth_bind(pipes_struct *p, prs_struct *rpc_in_p,
data_blob_free(&blob);
/* Copy the blob into the pout_auth parse struct */
- init_rpc_hdr_auth(&auth_info, RPC_NTLMSSP_AUTH_TYPE, pauth_info->auth_level, RPC_HDR_AUTH_LEN, 1);
+ init_rpc_hdr_auth(&auth_info, DCERPC_AUTH_TYPE_NTLMSSP, pauth_info->auth_level, RPC_HDR_AUTH_LEN, 1);
if(!smb_io_rpc_hdr_auth("", &auth_info, pout_auth, 0)) {
DEBUG(0,("pipe_ntlmssp_auth_bind: marshalling of RPC_HDR_AUTH failed.\n"));
goto err;
@@ -1564,7 +1564,7 @@ bool api_pipe_bind_req(pipes_struct *p, prs_struct *rpc_in_p)
prs_struct out_auth;
int i = 0;
int auth_len = 0;
- unsigned int auth_type = RPC_ANONYMOUS_AUTH_TYPE;
+ unsigned int auth_type = DCERPC_AUTH_TYPE_NONE;
/* No rebinds on a bound pipe - use alter context. */
if (p->pipe_bound) {
@@ -1689,11 +1689,11 @@ bool api_pipe_bind_req(pipes_struct *p, prs_struct *rpc_in_p)
/* Work out if we have to sign or seal etc. */
switch (auth_info.auth_level) {
- case RPC_AUTH_LEVEL_INTEGRITY:
- p->auth.auth_level = PIPE_AUTH_LEVEL_INTEGRITY;
+ case DCERPC_AUTH_LEVEL_INTEGRITY:
+ p->auth.auth_level = DCERPC_AUTH_LEVEL_INTEGRITY;
break;
- case RPC_AUTH_LEVEL_PRIVACY:
- p->auth.auth_level = PIPE_AUTH_LEVEL_PRIVACY;
+ case DCERPC_AUTH_LEVEL_PRIVACY:
+ p->auth.auth_level = DCERPC_AUTH_LEVEL_PRIVACY;
break;
default:
DEBUG(0,("api_pipe_bind_req: unexpected auth level (%u).\n",
@@ -1707,31 +1707,31 @@ bool api_pipe_bind_req(pipes_struct *p, prs_struct *rpc_in_p)
assoc_gid = hdr_rb.bba.assoc_gid ? hdr_rb.bba.assoc_gid : 0x53f0;
switch(auth_type) {
- case RPC_NTLMSSP_AUTH_TYPE:
+ case DCERPC_AUTH_TYPE_NTLMSSP:
if (!pipe_ntlmssp_auth_bind(p, rpc_in_p, &auth_info, &out_auth)) {
goto err_exit;
}
assoc_gid = 0x7a77;
break;
- case RPC_SCHANNEL_AUTH_TYPE:
+ case DCERPC_AUTH_TYPE_SCHANNEL:
if (!pipe_schannel_auth_bind(p, rpc_in_p, &auth_info, &out_auth)) {
goto err_exit;
}
break;
- case RPC_SPNEGO_AUTH_TYPE:
+ case DCERPC_AUTH_TYPE_SPNEGO:
if (!pipe_spnego_auth_bind_negotiate(p, rpc_in_p, &auth_info, &out_auth)) {
goto err_exit;
}
break;
- case RPC_ANONYMOUS_AUTH_TYPE:
+ case DCERPC_AUTH_TYPE_NONE:
/* Unauthenticated bind request. */
/* We're finished - no more packets. */
p->auth.auth_type = PIPE_AUTH_TYPE_NONE;
/* We must set the pipe auth_level here also. */
- p->auth.auth_level = PIPE_AUTH_LEVEL_NONE;
+ p->auth.auth_level = DCERPC_AUTH_LEVEL_NONE;
p->pipe_bound = True;
/* The session key was initialized from the SMB
* session in make_internal_rpc_pipe_p */
@@ -1914,7 +1914,7 @@ bool api_pipe_alter_context(pipes_struct *p, prs_struct *rpc_in_p)
* response in place of the NTLMSSP auth3 type.
*/
- if (auth_info.auth_type == RPC_SPNEGO_AUTH_TYPE) {
+ if (auth_info.auth_type == DCERPC_AUTH_TYPE_SPNEGO) {
/* We can only finish if the pipe is unbound. */
if (!p->pipe_bound) {
if (!pipe_spnego_auth_bind_continue(p, rpc_in_p, &auth_info, &out_auth)) {
@@ -2042,7 +2042,7 @@ bool api_pipe_ntlmssp_auth_process(pipes_struct *p, prs_struct *rpc_in,
*pstatus = NT_STATUS_OK;
- if (p->auth.auth_level == PIPE_AUTH_LEVEL_NONE || p->auth.auth_level == PIPE_AUTH_LEVEL_CONNECT) {
+ if (p->auth.auth_level == DCERPC_AUTH_LEVEL_NONE || p->auth.auth_level == DCERPC_AUTH_LEVEL_CONNECT) {
return True;
}
@@ -2091,7 +2091,7 @@ bool api_pipe_ntlmssp_auth_process(pipes_struct *p, prs_struct *rpc_in,
auth_blob.length = auth_len;
switch (p->auth.auth_level) {
- case PIPE_AUTH_LEVEL_PRIVACY:
+ case DCERPC_AUTH_LEVEL_PRIVACY:
/* Data is encrypted. */
*pstatus = ntlmssp_unseal_packet(a->ntlmssp_state,
data, data_len,
@@ -2102,7 +2102,7 @@ bool api_pipe_ntlmssp_auth_process(pipes_struct *p, prs_struct *rpc_in,
return False;
}
break;
- case PIPE_AUTH_LEVEL_INTEGRITY:
+ case DCERPC_AUTH_LEVEL_INTEGRITY:
/* Data is signed. */
*pstatus = ntlmssp_check_packet(a->ntlmssp_state,
data, data_len,
@@ -2193,7 +2193,7 @@ bool api_pipe_schannel_process(pipes_struct *p, prs_struct *rpc_in, uint32 *p_ss
return False;
}
- if (auth_info.auth_type != RPC_SCHANNEL_AUTH_TYPE) {
+ if (auth_info.auth_type != DCERPC_AUTH_TYPE_SCHANNEL) {
DEBUG(0,("Invalid auth info %d on schannel\n",
auth_info.auth_type));
return False;
diff --git a/source3/rpc_server/srv_samr_nt.c b/source3/rpc_server/srv_samr_nt.c
index 058bd12f61..9e95c48033 100644
--- a/source3/rpc_server/srv_samr_nt.c
+++ b/source3/rpc_server/srv_samr_nt.c
@@ -2741,7 +2741,7 @@ static NTSTATUS get_user_info_18(pipes_struct *p,
return NT_STATUS_ACCESS_DENIED;
}
- if (p->auth.auth_level != PIPE_AUTH_LEVEL_PRIVACY) {
+ if (p->auth.auth_level != DCERPC_AUTH_LEVEL_PRIVACY) {
return NT_STATUS_ACCESS_DENIED;
}
diff --git a/source3/rpcclient/rpcclient.c b/source3/rpcclient/rpcclient.c
index c0268f348e..7a20e487f2 100644
--- a/source3/rpcclient/rpcclient.c
+++ b/source3/rpcclient/rpcclient.c
@@ -26,7 +26,7 @@
DOM_SID domain_sid;
static enum pipe_auth_type pipe_default_auth_type = PIPE_AUTH_TYPE_NONE;
-static enum pipe_auth_level pipe_default_auth_level = PIPE_AUTH_LEVEL_NONE;
+static enum dcerpc_AuthLevel pipe_default_auth_level = DCERPC_AUTH_LEVEL_NONE;
static unsigned int timeout = 0;
static enum dcerpc_transport_t default_transport = NCACN_NP;
@@ -380,7 +380,7 @@ static NTSTATUS cmd_sign(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx,
{
const char *type = "NTLMSSP";
- pipe_default_auth_level = PIPE_AUTH_LEVEL_INTEGRITY;
+ pipe_default_auth_level = DCERPC_AUTH_LEVEL_INTEGRITY;
pipe_default_auth_type = PIPE_AUTH_TYPE_NTLMSSP;
if (argc > 2) {
@@ -412,7 +412,7 @@ static NTSTATUS cmd_seal(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx,
{
const char *type = "NTLMSSP";
- pipe_default_auth_level = PIPE_AUTH_LEVEL_PRIVACY;
+ pipe_default_auth_level = DCERPC_AUTH_LEVEL_PRIVACY;
pipe_default_auth_type = PIPE_AUTH_TYPE_NTLMSSP;
if (argc > 2) {
@@ -475,7 +475,7 @@ static NTSTATUS cmd_timeout(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx,
static NTSTATUS cmd_none(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx,
int argc, const char **argv)
{
- pipe_default_auth_level = PIPE_AUTH_LEVEL_NONE;
+ pipe_default_auth_level = DCERPC_AUTH_LEVEL_NONE;
pipe_default_auth_type = PIPE_AUTH_TYPE_NONE;
return cmd_set_ss_level();
@@ -485,7 +485,7 @@ static NTSTATUS cmd_schannel(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx,
int argc, const char **argv)
{
d_printf("Setting schannel - sign and seal\n");
- pipe_default_auth_level = PIPE_AUTH_LEVEL_PRIVACY;
+ pipe_default_auth_level = DCERPC_AUTH_LEVEL_PRIVACY;
pipe_default_auth_type = PIPE_AUTH_TYPE_SCHANNEL;
return cmd_set_ss_level();
@@ -495,7 +495,7 @@ static NTSTATUS cmd_schannel_sign(struct rpc_pipe_client *cli, TALLOC_CTX *mem_c
int argc, const char **argv)
{
d_printf("Setting schannel - sign only\n");
- pipe_default_auth_level = PIPE_AUTH_LEVEL_INTEGRITY;
+ pipe_default_auth_level = DCERPC_AUTH_LEVEL_INTEGRITY;
pipe_default_auth_type = PIPE_AUTH_TYPE_SCHANNEL;
return cmd_set_ss_level();
diff --git a/source3/utils/net_rpc.c b/source3/utils/net_rpc.c
index 549539298f..b4505347b1 100644
--- a/source3/utils/net_rpc.c
+++ b/source3/utils/net_rpc.c
@@ -159,7 +159,7 @@ int run_rpc_command(struct net_context *c,
/* Always try and create an schannel netlogon pipe. */
nt_status = cli_rpc_pipe_open_schannel(
cli, interface, NCACN_NP,
- PIPE_AUTH_LEVEL_PRIVACY, domain_name,
+ DCERPC_AUTH_LEVEL_PRIVACY, domain_name,
&pipe_hnd);
if (!NT_STATUS_IS_OK(nt_status)) {
DEBUG(0, ("Could not initialise schannel netlogon pipe. Error was %s\n",
@@ -172,7 +172,7 @@ int run_rpc_command(struct net_context *c,
cli, interface,
(conn_flags & NET_FLAGS_TCP) ?
NCACN_IP_TCP : NCACN_NP,
- PIPE_AUTH_LEVEL_PRIVACY,
+ DCERPC_AUTH_LEVEL_PRIVACY,
lp_workgroup(), c->opt_user_name,
c->opt_password, &pipe_hnd);
} else {
diff --git a/source3/utils/net_rpc_join.c b/source3/utils/net_rpc_join.c
index dbe77355c8..23913812b0 100644
--- a/source3/utils/net_rpc_join.c
+++ b/source3/utils/net_rpc_join.c
@@ -102,7 +102,7 @@ NTSTATUS net_rpc_join_ok(struct net_context *c, const char *domain,
ntret = cli_rpc_pipe_open_schannel_with_key(
cli, &ndr_table_netlogon.syntax_id, NCACN_NP,
- PIPE_AUTH_LEVEL_PRIVACY,
+ DCERPC_AUTH_LEVEL_PRIVACY,
domain, &netlogon_pipe->dc, &pipe_hnd);
if (!NT_STATUS_IS_OK(ntret)) {
@@ -420,7 +420,7 @@ int net_rpc_join_newstyle(struct net_context *c, int argc, const char **argv)
result = cli_rpc_pipe_open_schannel_with_key(
cli, &ndr_table_netlogon.syntax_id, NCACN_NP,
- PIPE_AUTH_LEVEL_PRIVACY, domain, &pipe_hnd->dc,
+ DCERPC_AUTH_LEVEL_PRIVACY, domain, &pipe_hnd->dc,
&netlogon_schannel_pipe);
if (!NT_STATUS_IS_OK(result)) {
diff --git a/source3/winbindd/winbindd_cm.c b/source3/winbindd/winbindd_cm.c
index 3418022c62..450bb1bc06 100644
--- a/source3/winbindd/winbindd_cm.c
+++ b/source3/winbindd/winbindd_cm.c
@@ -2056,7 +2056,7 @@ NTSTATUS cm_connect_sam(struct winbindd_domain *domain, TALLOC_CTX *mem_ctx,
result = cli_rpc_pipe_open_spnego_ntlmssp(conn->cli,
&ndr_table_samr.syntax_id,
NCACN_NP,
- PIPE_AUTH_LEVEL_PRIVACY,
+ DCERPC_AUTH_LEVEL_PRIVACY,
domain_name,
machine_account,
machine_password,
@@ -2100,7 +2100,7 @@ NTSTATUS cm_connect_sam(struct winbindd_domain *domain, TALLOC_CTX *mem_ctx,
}
result = cli_rpc_pipe_open_schannel_with_key
(conn->cli, &ndr_table_samr.syntax_id, NCACN_NP,
- PIPE_AUTH_LEVEL_PRIVACY,
+ DCERPC_AUTH_LEVEL_PRIVACY,
domain->name, &p_creds, &conn->samr_pipe);
if (!NT_STATUS_IS_OK(result)) {
@@ -2196,7 +2196,7 @@ NTSTATUS cm_connect_lsa(struct winbindd_domain *domain, TALLOC_CTX *mem_ctx,
* authenticated LSA pipe with sign & seal. */
result = cli_rpc_pipe_open_spnego_ntlmssp
(conn->cli, &ndr_table_lsarpc.syntax_id, NCACN_NP,
- PIPE_AUTH_LEVEL_PRIVACY,
+ DCERPC_AUTH_LEVEL_PRIVACY,
conn->cli->domain, conn->cli->user_name, conn->cli->password,
&conn->lsa_pipe);
@@ -2237,7 +2237,7 @@ NTSTATUS cm_connect_lsa(struct winbindd_domain *domain, TALLOC_CTX *mem_ctx,
}
result = cli_rpc_pipe_open_schannel_with_key
(conn->cli, &ndr_table_lsarpc.syntax_id, NCACN_NP,
- PIPE_AUTH_LEVEL_PRIVACY,
+ DCERPC_AUTH_LEVEL_PRIVACY,
domain->name, &p_creds, &conn->lsa_pipe);
if (!NT_STATUS_IS_OK(result)) {
@@ -2384,7 +2384,7 @@ NTSTATUS cm_connect_netlogon(struct winbindd_domain *domain,
result = cli_rpc_pipe_open_schannel_with_key(
conn->cli, &ndr_table_netlogon.syntax_id, NCACN_NP,
- PIPE_AUTH_LEVEL_PRIVACY, domain->name, &netlogon_pipe->dc,
+ DCERPC_AUTH_LEVEL_PRIVACY, domain->name, &netlogon_pipe->dc,
&conn->netlogon_pipe);
/* We can now close the initial netlogon pipe. */
diff --git a/source4/dsdb/samdb/ldb_modules/repl_meta_data.c b/source4/dsdb/samdb/ldb_modules/repl_meta_data.c
index f9411fe95f..26703528a7 100644
--- a/source4/dsdb/samdb/ldb_modules/repl_meta_data.c
+++ b/source4/dsdb/samdb/ldb_modules/repl_meta_data.c
@@ -1352,16 +1352,6 @@ static int replmd_replicated_apply_merge(struct replmd_replicated_request *ar)
replmd_replPropertyMetaDataCtr1_sort(&nmd.ctr.ctr1, &rdn_p->attid);
}
- /* create the meta data value */
- ndr_err = ndr_push_struct_blob(&nmd_value, msg,
- lp_iconv_convenience(ldb_get_opaque(ldb, "loadparm")),
- &nmd,
- (ndr_push_flags_fn_t)ndr_push_replPropertyMetaDataBlob);
- if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
- NTSTATUS nt_status = ndr_map_error2ntstatus(ndr_err);
- return replmd_replicated_request_werror(ar, ntstatus_to_werror(nt_status));
- }
-
/*
* check if some replicated attributes left, otherwise skip the ldb_modify() call
*/
@@ -1385,6 +1375,16 @@ static int replmd_replicated_apply_merge(struct replmd_replicated_request *ar)
nmd.ctr.ctr1.array[i].local_usn = seq_num;
}
+ /* create the meta data value */
+ ndr_err = ndr_push_struct_blob(&nmd_value, msg,
+ lp_iconv_convenience(ldb_get_opaque(ldb, "loadparm")),
+ &nmd,
+ (ndr_push_flags_fn_t)ndr_push_replPropertyMetaDataBlob);
+ if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+ NTSTATUS nt_status = ndr_map_error2ntstatus(ndr_err);
+ return replmd_replicated_request_werror(ar, ntstatus_to_werror(nt_status));
+ }
+
/*
* when we know that we'll modify the record, add the whenChanged, uSNChanged
* and replPopertyMetaData attributes
diff --git a/source4/dsdb/schema/schema.h b/source4/dsdb/schema/schema.h
index a605e2f707..4e7e503931 100644
--- a/source4/dsdb/schema/schema.h
+++ b/source4/dsdb/schema/schema.h
@@ -146,6 +146,13 @@ struct dsdb_class {
uint32_t *mustContain_ids;
uint32_t *mayContain_ids;
uint32_t *systemPossSuperiors_ids;
+
+ /* An ordered index showing how this subClass fits into the
+ * subClass tree. that is, an objectclass that is not
+ * subClassOf anything is 0 (just in case), and top is 1, and
+ * subClasses of top are 2, subclasses of those classes are
+ * 3 */
+ uint32_t subClass_order;
};
struct dsdb_schema_oid_prefix {
diff --git a/source4/dsdb/schema/schema_inferiors.c b/source4/dsdb/schema/schema_inferiors.c
index b0ecc08600..493b425b72 100644
--- a/source4/dsdb/schema/schema_inferiors.c
+++ b/source4/dsdb/schema/schema_inferiors.c
@@ -127,6 +127,20 @@ static char **schema_subclasses_recurse(struct dsdb_schema *schema, struct dsdb_
return list;
}
+/* Walk down the subClass tree, setting a higher index as we go down
+ * each level. top is 1, subclasses of top are 2, etc */
+void schema_subclasses_order_recurse(struct dsdb_schema *schema, struct dsdb_class *schema_class, int order)
+{
+ const char **list = schema_class->subclasses_direct;
+ int i;
+ schema_class->subClass_order = order;
+ for (i=0;list && list[i]; i++) {
+ struct dsdb_class *schema_class2 = dsdb_class_by_lDAPDisplayName(schema, list[i]);
+ schema_subclasses_order_recurse(schema, schema_class2, order+1);
+ }
+ return;
+}
+
static void schema_create_subclasses(struct dsdb_schema *schema)
{
struct dsdb_class *schema_class;
@@ -148,7 +162,12 @@ static void schema_create_subclasses(struct dsdb_schema *schema)
for (schema_class=schema->classes; schema_class; schema_class=schema_class->next) {
schema_class->subclasses = str_list_unique(schema_subclasses_recurse(schema, schema_class));
- }
+
+ /* Initilise the subClass order, to ensure we can't have uninitilised sort on the subClass hirarchy */
+ schema_class->subClass_order = 0;
+ }
+
+ schema_subclasses_order_recurse(schema, dsdb_class_by_lDAPDisplayName(schema, "top"), 1);
}
static void schema_fill_possible_inferiors(struct dsdb_schema *schema, struct dsdb_class *schema_class)
diff --git a/source4/libcli/config.mk b/source4/libcli/config.mk
index b6a9f112a0..340cd2ae41 100644
--- a/source4/libcli/config.mk
+++ b/source4/libcli/config.mk
@@ -37,49 +37,6 @@ LIBCLI_SMB_COMPOSITE_OBJ_FILES = $(addprefix $(libclisrcdir)/smb_composite/, \
$(eval $(call proto_header_template,$(libclisrcdir)/smb_composite/proto.h,$(LIBCLI_SMB_COMPOSITE_OBJ_FILES:.o=.c)))
-[SUBSYSTEM::NDR_NBT_BUF]
-
-NDR_NBT_BUF_OBJ_FILES = $(libclinbtsrcdir)/nbtname.o
-
-$(eval $(call proto_header_template,$(libclinbtsrcdir)/nbtname.h,$(NDR_NBT_BUF_OBJ_FILES:.o=.c)))
-
-[SUBSYSTEM::LIBCLI_NBT]
-PUBLIC_DEPENDENCIES = LIBNDR NDR_NBT LIBCLI_COMPOSITE LIBEVENTS \
- NDR_SECURITY samba_socket LIBSAMBA-UTIL
-
-LIBCLI_NBT_OBJ_FILES = $(addprefix $(libclinbtsrcdir)/, \
- nbtsocket.o \
- namequery.o \
- nameregister.o \
- namerefresh.o \
- namerelease.o)
-
-[BINARY::nmblookup]
-INSTALLDIR = BINDIR
-PRIVATE_DEPENDENCIES = \
- LIBSAMBA-HOSTCONFIG \
- LIBSAMBA-UTIL \
- LIBCLI_NBT \
- LIBPOPT \
- POPT_SAMBA \
- LIBNETIF \
- LIBCLI_RESOLVE
-
-nmblookup_OBJ_FILES = $(libclinbtsrcdir)/tools/nmblookup.o
-MANPAGES += $(libclinbtsrcdir)/man/nmblookup.1
-
-[SUBSYSTEM::LIBCLI_NDR_NETLOGON]
-PUBLIC_DEPENDENCIES = LIBNDR \
- NDR_SECURITY
-
-LIBCLI_NDR_NETLOGON_OBJ_FILES = $(addprefix $(libclinbtsrcdir)/../, ndr_netlogon.o)
-
-[SUBSYSTEM::LIBCLI_NETLOGON]
-PUBLIC_DEPENDENCIES = LIBSAMBA-UTIL LIBCLI_NDR_NETLOGON
-
-LIBCLI_NETLOGON_OBJ_FILES = $(addprefix $(libclinbtsrcdir)/, \
- ../netlogon.o)
-
[PYTHON::python_netbios]
LIBRARY_REALNAME = samba/netbios.$(SHLIBEXT)
PUBLIC_DEPENDENCIES = LIBCLI_NBT DYNCONFIG LIBSAMBA-HOSTCONFIG
diff --git a/source4/main.mk b/source4/main.mk
index 63eea36cdf..880d877e50 100644
--- a/source4/main.mk
+++ b/source4/main.mk
@@ -56,6 +56,7 @@ mkinclude ../lib/smbconf/config.mk
mkinclude ../lib/async_req/config.mk
mkinclude ../libcli/security/config.mk
mkinclude ../libcli/ldap/config.mk
+mkinclude ../libcli/nbt/config.mk
mkinclude ../libcli/auth/config.mk
mkinclude ../libcli/drsuapi/config.mk
mkinclude ../libcli/samsync/config.mk
diff --git a/source4/rpc_server/drsuapi/getncchanges.c b/source4/rpc_server/drsuapi/getncchanges.c
index 165e485d45..a05ddb9a5d 100644
--- a/source4/rpc_server/drsuapi/getncchanges.c
+++ b/source4/rpc_server/drsuapi/getncchanges.c
@@ -86,7 +86,7 @@ static WERROR get_nc_changes_build_object(struct drsuapi_DsReplicaObjectListItem
obj->meta_data_ctr->meta_data = talloc_array(obj, struct drsuapi_DsReplicaMetaData, md.ctr.ctr1.count);
for (n=i=0; i<md.ctr.ctr1.count; i++) {
- if (md.ctr.ctr1.array[i].originating_usn < highest_usn) continue;
+ if (md.ctr.ctr1.array[i].local_usn < highest_usn) continue;
obj->meta_data_ctr->meta_data[n].originating_change_time = md.ctr.ctr1.array[i].originating_change_time;
obj->meta_data_ctr->meta_data[n].version = md.ctr.ctr1.array[i].version;
obj->meta_data_ctr->meta_data[n].originating_invocation_id = md.ctr.ctr1.array[i].originating_invocation_id;