summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJeremy Allison <jra@samba.org>2008-03-28 17:31:33 -0700
committerJeremy Allison <jra@samba.org>2008-03-28 17:31:33 -0700
commitfba9aa4ecf39eee157f5a24e3bc58b68809f092d (patch)
tree7439d9e1982fad473330ac0762e2560a2fea143e
parente00bfc509219cce65168f9ef4532eeff09e6f5fb (diff)
parent9e328fe94281a0ac35d3fd2117f55aaf329e3972 (diff)
downloadsamba-fba9aa4ecf39eee157f5a24e3bc58b68809f092d.tar.gz
samba-fba9aa4ecf39eee157f5a24e3bc58b68809f092d.tar.bz2
samba-fba9aa4ecf39eee157f5a24e3bc58b68809f092d.zip
Merge branch 'v3-2-test' of ssh://jra@git.samba.org/data/git/samba into v3-2-test
(This used to be commit 985bd1e642b6e54f1bc95cd4cfcceb96107e383d)
-rw-r--r--source3/librpc/gen_ndr/ndr_netlogon.c69
-rw-r--r--source3/librpc/gen_ndr/ndr_netlogon.h1
-rw-r--r--source3/librpc/gen_ndr/netlogon.h29
-rw-r--r--source3/librpc/idl/netlogon.idl40
-rw-r--r--source3/rpc_server/srv_wkssvc_nt.c24
-rw-r--r--source3/utils/net_rpc_samsync.c2
-rw-r--r--source3/winbindd/winbindd_group.c8
7 files changed, 145 insertions, 28 deletions
diff --git a/source3/librpc/gen_ndr/ndr_netlogon.c b/source3/librpc/gen_ndr/ndr_netlogon.c
index 7f340b6599..e634151921 100644
--- a/source3/librpc/gen_ndr/ndr_netlogon.c
+++ b/source3/librpc/gen_ndr/ndr_netlogon.c
@@ -5942,6 +5942,51 @@ _PUBLIC_ void ndr_print_netr_CONTROL_DATA_INFORMATION(struct ndr_print *ndr, con
}
}
+static enum ndr_err_code ndr_push_netr_NegotiateFlags(struct ndr_push *ndr, int ndr_flags, uint32_t r)
+{
+ NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, r));
+ return NDR_ERR_SUCCESS;
+}
+
+static enum ndr_err_code ndr_pull_netr_NegotiateFlags(struct ndr_pull *ndr, int ndr_flags, uint32_t *r)
+{
+ uint32_t v;
+ NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &v));
+ *r = v;
+ return NDR_ERR_SUCCESS;
+}
+
+_PUBLIC_ void ndr_print_netr_NegotiateFlags(struct ndr_print *ndr, const char *name, uint32_t r)
+{
+ ndr_print_uint32(ndr, name, r);
+ ndr->depth++;
+ ndr_print_bitmap_flag(ndr, sizeof(uint32_t), "NETLOGON_NEG_ACCOUNT_LOCKOUT", NETLOGON_NEG_ACCOUNT_LOCKOUT, r);
+ ndr_print_bitmap_flag(ndr, sizeof(uint32_t), "NETLOGON_NEG_PERSISTENT_SAMREPL", NETLOGON_NEG_PERSISTENT_SAMREPL, r);
+ ndr_print_bitmap_flag(ndr, sizeof(uint32_t), "NETLOGON_NEG_ARCFOUR", NETLOGON_NEG_ARCFOUR, r);
+ ndr_print_bitmap_flag(ndr, sizeof(uint32_t), "NETLOGON_NEG_PROMOTION_COUNT", NETLOGON_NEG_PROMOTION_COUNT, r);
+ ndr_print_bitmap_flag(ndr, sizeof(uint32_t), "NETLOGON_NEG_CHANGELOG_BDC", NETLOGON_NEG_CHANGELOG_BDC, r);
+ ndr_print_bitmap_flag(ndr, sizeof(uint32_t), "NETLOGON_NEG_FULL_SYNC_REPL", NETLOGON_NEG_FULL_SYNC_REPL, r);
+ ndr_print_bitmap_flag(ndr, sizeof(uint32_t), "NETLOGON_NEG_MULTIPLE_SIDS", NETLOGON_NEG_MULTIPLE_SIDS, r);
+ ndr_print_bitmap_flag(ndr, sizeof(uint32_t), "NETLOGON_NEG_REDO", NETLOGON_NEG_REDO, r);
+ ndr_print_bitmap_flag(ndr, sizeof(uint32_t), "NETLOGON_NEG_PASSWORD_CHANGE_REFUSAL", NETLOGON_NEG_PASSWORD_CHANGE_REFUSAL, r);
+ ndr_print_bitmap_flag(ndr, sizeof(uint32_t), "NETLOGON_NEG_SEND_PASSWORD_INFO_PDC", NETLOGON_NEG_SEND_PASSWORD_INFO_PDC, r);
+ ndr_print_bitmap_flag(ndr, sizeof(uint32_t), "NETLOGON_NEG_GENERIC_PASSTHROUGH", NETLOGON_NEG_GENERIC_PASSTHROUGH, r);
+ ndr_print_bitmap_flag(ndr, sizeof(uint32_t), "NETLOGON_NEG_CONCURRENT_RPC", NETLOGON_NEG_CONCURRENT_RPC, r);
+ ndr_print_bitmap_flag(ndr, sizeof(uint32_t), "NETLOGON_NEG_AVOID_ACCOUNT_DB_REPL", NETLOGON_NEG_AVOID_ACCOUNT_DB_REPL, r);
+ ndr_print_bitmap_flag(ndr, sizeof(uint32_t), "NETLOGON_NEG_AVOID_SECURITYAUTH_DB_REPL", NETLOGON_NEG_AVOID_SECURITYAUTH_DB_REPL, r);
+ ndr_print_bitmap_flag(ndr, sizeof(uint32_t), "NETLOGON_NEG_128BIT", NETLOGON_NEG_128BIT, r);
+ ndr_print_bitmap_flag(ndr, sizeof(uint32_t), "NETLOGON_NEG_TRANSITIVE_TRUSTS", NETLOGON_NEG_TRANSITIVE_TRUSTS, r);
+ ndr_print_bitmap_flag(ndr, sizeof(uint32_t), "NETLOGON_NEG_DNS_DOMAIN_TRUSTS", NETLOGON_NEG_DNS_DOMAIN_TRUSTS, r);
+ ndr_print_bitmap_flag(ndr, sizeof(uint32_t), "NETLOGON_NEG_PASSWORD_SET2", NETLOGON_NEG_PASSWORD_SET2, r);
+ ndr_print_bitmap_flag(ndr, sizeof(uint32_t), "NETLOGON_NEG_GETDOMAININFO", NETLOGON_NEG_GETDOMAININFO, r);
+ ndr_print_bitmap_flag(ndr, sizeof(uint32_t), "NETLOGON_NEG_CROSS_FOREST_TRUSTS", NETLOGON_NEG_CROSS_FOREST_TRUSTS, r);
+ ndr_print_bitmap_flag(ndr, sizeof(uint32_t), "NETLOGON_NEG_NEUTRALIZE_NT4_EMULATION", NETLOGON_NEG_NEUTRALIZE_NT4_EMULATION, r);
+ ndr_print_bitmap_flag(ndr, sizeof(uint32_t), "NETLOGON_NEG_RODC_PASSTHROUGH", NETLOGON_NEG_RODC_PASSTHROUGH, r);
+ ndr_print_bitmap_flag(ndr, sizeof(uint32_t), "NETLOGON_NEG_AUTHENTICATED_RPC_LSASS", NETLOGON_NEG_AUTHENTICATED_RPC_LSASS, r);
+ ndr_print_bitmap_flag(ndr, sizeof(uint32_t), "NETLOGON_NEG_SCHANNEL", NETLOGON_NEG_SCHANNEL, r);
+ ndr->depth--;
+}
+
static enum ndr_err_code ndr_push_netr_Blob(struct ndr_push *ndr, int ndr_flags, const struct netr_Blob *r)
{
if (ndr_flags & NDR_SCALARS) {
@@ -10371,7 +10416,7 @@ static enum ndr_err_code ndr_push_netr_ServerAuthenticate2(struct ndr_push *ndr,
if (r->in.negotiate_flags == NULL) {
return ndr_push_error(ndr, NDR_ERR_INVALID_POINTER, "NULL [ref] pointer");
}
- NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, *r->in.negotiate_flags));
+ NDR_CHECK(ndr_push_netr_NegotiateFlags(ndr, NDR_SCALARS, *r->in.negotiate_flags));
}
if (flags & NDR_OUT) {
if (r->out.return_credentials == NULL) {
@@ -10381,7 +10426,7 @@ static enum ndr_err_code ndr_push_netr_ServerAuthenticate2(struct ndr_push *ndr,
if (r->out.negotiate_flags == NULL) {
return ndr_push_error(ndr, NDR_ERR_INVALID_POINTER, "NULL [ref] pointer");
}
- NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, *r->out.negotiate_flags));
+ NDR_CHECK(ndr_push_netr_NegotiateFlags(ndr, NDR_SCALARS, *r->out.negotiate_flags));
NDR_CHECK(ndr_push_NTSTATUS(ndr, NDR_SCALARS, r->out.result));
}
return NDR_ERR_SUCCESS;
@@ -10442,7 +10487,7 @@ static enum ndr_err_code ndr_pull_netr_ServerAuthenticate2(struct ndr_pull *ndr,
}
_mem_save_negotiate_flags_0 = NDR_PULL_GET_MEM_CTX(ndr);
NDR_PULL_SET_MEM_CTX(ndr, r->in.negotiate_flags, LIBNDR_FLAG_REF_ALLOC);
- NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, r->in.negotiate_flags));
+ NDR_CHECK(ndr_pull_netr_NegotiateFlags(ndr, NDR_SCALARS, r->in.negotiate_flags));
NDR_PULL_SET_MEM_CTX(ndr, _mem_save_negotiate_flags_0, LIBNDR_FLAG_REF_ALLOC);
NDR_PULL_ALLOC(ndr, r->out.return_credentials);
ZERO_STRUCTP(r->out.return_credentials);
@@ -10462,7 +10507,7 @@ static enum ndr_err_code ndr_pull_netr_ServerAuthenticate2(struct ndr_pull *ndr,
}
_mem_save_negotiate_flags_0 = NDR_PULL_GET_MEM_CTX(ndr);
NDR_PULL_SET_MEM_CTX(ndr, r->out.negotiate_flags, LIBNDR_FLAG_REF_ALLOC);
- NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, r->out.negotiate_flags));
+ NDR_CHECK(ndr_pull_netr_NegotiateFlags(ndr, NDR_SCALARS, r->out.negotiate_flags));
NDR_PULL_SET_MEM_CTX(ndr, _mem_save_negotiate_flags_0, LIBNDR_FLAG_REF_ALLOC);
NDR_CHECK(ndr_pull_NTSTATUS(ndr, NDR_SCALARS, &r->out.result));
}
@@ -10494,7 +10539,7 @@ _PUBLIC_ void ndr_print_netr_ServerAuthenticate2(struct ndr_print *ndr, const ch
ndr->depth--;
ndr_print_ptr(ndr, "negotiate_flags", r->in.negotiate_flags);
ndr->depth++;
- ndr_print_uint32(ndr, "negotiate_flags", *r->in.negotiate_flags);
+ ndr_print_netr_NegotiateFlags(ndr, "negotiate_flags", *r->in.negotiate_flags);
ndr->depth--;
ndr->depth--;
}
@@ -10507,7 +10552,7 @@ _PUBLIC_ void ndr_print_netr_ServerAuthenticate2(struct ndr_print *ndr, const ch
ndr->depth--;
ndr_print_ptr(ndr, "negotiate_flags", r->out.negotiate_flags);
ndr->depth++;
- ndr_print_uint32(ndr, "negotiate_flags", *r->out.negotiate_flags);
+ ndr_print_netr_NegotiateFlags(ndr, "negotiate_flags", *r->out.negotiate_flags);
ndr->depth--;
ndr_print_NTSTATUS(ndr, "result", r->out.result);
ndr->depth--;
@@ -11585,7 +11630,7 @@ static enum ndr_err_code ndr_push_netr_ServerAuthenticate3(struct ndr_push *ndr,
if (r->in.negotiate_flags == NULL) {
return ndr_push_error(ndr, NDR_ERR_INVALID_POINTER, "NULL [ref] pointer");
}
- NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, *r->in.negotiate_flags));
+ NDR_CHECK(ndr_push_netr_NegotiateFlags(ndr, NDR_SCALARS, *r->in.negotiate_flags));
}
if (flags & NDR_OUT) {
if (r->out.credentials == NULL) {
@@ -11595,7 +11640,7 @@ static enum ndr_err_code ndr_push_netr_ServerAuthenticate3(struct ndr_push *ndr,
if (r->out.negotiate_flags == NULL) {
return ndr_push_error(ndr, NDR_ERR_INVALID_POINTER, "NULL [ref] pointer");
}
- NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, *r->out.negotiate_flags));
+ NDR_CHECK(ndr_push_netr_NegotiateFlags(ndr, NDR_SCALARS, *r->out.negotiate_flags));
if (r->out.rid == NULL) {
return ndr_push_error(ndr, NDR_ERR_INVALID_POINTER, "NULL [ref] pointer");
}
@@ -11660,7 +11705,7 @@ static enum ndr_err_code ndr_pull_netr_ServerAuthenticate3(struct ndr_pull *ndr,
}
_mem_save_negotiate_flags_0 = NDR_PULL_GET_MEM_CTX(ndr);
NDR_PULL_SET_MEM_CTX(ndr, r->in.negotiate_flags, LIBNDR_FLAG_REF_ALLOC);
- NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, r->in.negotiate_flags));
+ NDR_CHECK(ndr_pull_netr_NegotiateFlags(ndr, NDR_SCALARS, r->in.negotiate_flags));
NDR_PULL_SET_MEM_CTX(ndr, _mem_save_negotiate_flags_0, LIBNDR_FLAG_REF_ALLOC);
NDR_PULL_ALLOC(ndr, r->out.credentials);
*r->out.credentials = *r->in.credentials;
@@ -11682,7 +11727,7 @@ static enum ndr_err_code ndr_pull_netr_ServerAuthenticate3(struct ndr_pull *ndr,
}
_mem_save_negotiate_flags_0 = NDR_PULL_GET_MEM_CTX(ndr);
NDR_PULL_SET_MEM_CTX(ndr, r->out.negotiate_flags, LIBNDR_FLAG_REF_ALLOC);
- NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, r->out.negotiate_flags));
+ NDR_CHECK(ndr_pull_netr_NegotiateFlags(ndr, NDR_SCALARS, r->out.negotiate_flags));
NDR_PULL_SET_MEM_CTX(ndr, _mem_save_negotiate_flags_0, LIBNDR_FLAG_REF_ALLOC);
if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) {
NDR_PULL_ALLOC(ndr, r->out.rid);
@@ -11721,7 +11766,7 @@ _PUBLIC_ void ndr_print_netr_ServerAuthenticate3(struct ndr_print *ndr, const ch
ndr->depth--;
ndr_print_ptr(ndr, "negotiate_flags", r->in.negotiate_flags);
ndr->depth++;
- ndr_print_uint32(ndr, "negotiate_flags", *r->in.negotiate_flags);
+ ndr_print_netr_NegotiateFlags(ndr, "negotiate_flags", *r->in.negotiate_flags);
ndr->depth--;
ndr->depth--;
}
@@ -11734,7 +11779,7 @@ _PUBLIC_ void ndr_print_netr_ServerAuthenticate3(struct ndr_print *ndr, const ch
ndr->depth--;
ndr_print_ptr(ndr, "negotiate_flags", r->out.negotiate_flags);
ndr->depth++;
- ndr_print_uint32(ndr, "negotiate_flags", *r->out.negotiate_flags);
+ ndr_print_netr_NegotiateFlags(ndr, "negotiate_flags", *r->out.negotiate_flags);
ndr->depth--;
ndr_print_ptr(ndr, "rid", r->out.rid);
ndr->depth++;
diff --git a/source3/librpc/gen_ndr/ndr_netlogon.h b/source3/librpc/gen_ndr/ndr_netlogon.h
index 3615e07461..a9d36aeacb 100644
--- a/source3/librpc/gen_ndr/ndr_netlogon.h
+++ b/source3/librpc/gen_ndr/ndr_netlogon.h
@@ -187,6 +187,7 @@ void ndr_print_netr_NETLOGON_INFO_3(struct ndr_print *ndr, const char *name, con
void ndr_print_netr_CONTROL_QUERY_INFORMATION(struct ndr_print *ndr, const char *name, const union netr_CONTROL_QUERY_INFORMATION *r);
void ndr_print_netr_LogonControlCode(struct ndr_print *ndr, const char *name, enum netr_LogonControlCode r);
void ndr_print_netr_CONTROL_DATA_INFORMATION(struct ndr_print *ndr, const char *name, const union netr_CONTROL_DATA_INFORMATION *r);
+void ndr_print_netr_NegotiateFlags(struct ndr_print *ndr, const char *name, uint32_t r);
void ndr_print_netr_Blob(struct ndr_print *ndr, const char *name, const struct netr_Blob *r);
void ndr_print_netr_DsRGetDCName_flags(struct ndr_print *ndr, const char *name, uint32_t r);
void ndr_print_netr_DsRGetDCNameInfo_AddressType(struct ndr_print *ndr, const char *name, enum netr_DsRGetDCNameInfo_AddressType r);
diff --git a/source3/librpc/gen_ndr/netlogon.h b/source3/librpc/gen_ndr/netlogon.h
index bcd9f4d974..b4a3b01a02 100644
--- a/source3/librpc/gen_ndr/netlogon.h
+++ b/source3/librpc/gen_ndr/netlogon.h
@@ -8,9 +8,6 @@
#ifndef _HEADER_netlogon
#define _HEADER_netlogon
-#define NETLOGON_NEG_ARCFOUR ( 0x00000004 )
-#define NETLOGON_NEG_128BIT ( 0x00004000 )
-#define NETLOGON_NEG_SCHANNEL ( 0x40000000 )
#define DSGETDC_VALID_FLAGS ( (DS_FORCE_REDISCOVERY|DS_DIRECTORY_SERVICE_REQUIRED|DS_DIRECTORY_SERVICE_PREFERRED|DS_GC_SERVER_REQUIRED|DS_PDC_REQUIRED|DS_BACKGROUND_ONLY|DS_IP_REQUIRED|DS_KDC_REQUIRED|DS_TIMESERV_REQUIRED|DS_WRITABLE_REQUIRED|DS_GOOD_TIMESERV_PREFERRED|DS_AVOID_SELF|DS_ONLY_LDAP_NEEDED|DS_IS_FLAT_NAME|DS_IS_DNS_NAME|DS_RETURN_FLAT_NAME|DS_RETURN_DNS_NAME) )
#define DS_GFTI_UPDATE_TDO ( 0x1 )
struct netr_UasInfo {
@@ -644,6 +641,32 @@ union netr_CONTROL_DATA_INFORMATION {
uint32_t debug_level;/* [case(NETLOGON_CONTROL_SET_DBFLAG)] */
};
+/* bitmap netr_NegotiateFlags */
+#define NETLOGON_NEG_ACCOUNT_LOCKOUT ( 0x00000001 )
+#define NETLOGON_NEG_PERSISTENT_SAMREPL ( 0x00000002 )
+#define NETLOGON_NEG_ARCFOUR ( 0x00000004 )
+#define NETLOGON_NEG_PROMOTION_COUNT ( 0x00000008 )
+#define NETLOGON_NEG_CHANGELOG_BDC ( 0x00000010 )
+#define NETLOGON_NEG_FULL_SYNC_REPL ( 0x00000020 )
+#define NETLOGON_NEG_MULTIPLE_SIDS ( 0x00000040 )
+#define NETLOGON_NEG_REDO ( 0x00000080 )
+#define NETLOGON_NEG_PASSWORD_CHANGE_REFUSAL ( 0x00000100 )
+#define NETLOGON_NEG_SEND_PASSWORD_INFO_PDC ( 0x00000200 )
+#define NETLOGON_NEG_GENERIC_PASSTHROUGH ( 0x00000400 )
+#define NETLOGON_NEG_CONCURRENT_RPC ( 0x00000800 )
+#define NETLOGON_NEG_AVOID_ACCOUNT_DB_REPL ( 0x00001000 )
+#define NETLOGON_NEG_AVOID_SECURITYAUTH_DB_REPL ( 0x00002000 )
+#define NETLOGON_NEG_128BIT ( 0x00004000 )
+#define NETLOGON_NEG_TRANSITIVE_TRUSTS ( 0x00008000 )
+#define NETLOGON_NEG_DNS_DOMAIN_TRUSTS ( 0x00010000 )
+#define NETLOGON_NEG_PASSWORD_SET2 ( 0x00020000 )
+#define NETLOGON_NEG_GETDOMAININFO ( 0x00040000 )
+#define NETLOGON_NEG_CROSS_FOREST_TRUSTS ( 0x00080000 )
+#define NETLOGON_NEG_NEUTRALIZE_NT4_EMULATION ( 0x00100000 )
+#define NETLOGON_NEG_RODC_PASSTHROUGH ( 0x00200000 )
+#define NETLOGON_NEG_AUTHENTICATED_RPC_LSASS ( 0x20000000 )
+#define NETLOGON_NEG_SCHANNEL ( 0x40000000 )
+
struct netr_Blob {
uint32_t length;
uint8_t *data;/* [unique,size_is(length)] */
diff --git a/source3/librpc/idl/netlogon.idl b/source3/librpc/idl/netlogon.idl
index cbf78c779f..6ba342b663 100644
--- a/source3/librpc/idl/netlogon.idl
+++ b/source3/librpc/idl/netlogon.idl
@@ -865,16 +865,40 @@ interface netlogon
);
- /* If this flag is not set, then the passwords and LM session keys are
- * encrypted with DES calls. (And the user session key is
- * unencrypted) */
- const int NETLOGON_NEG_ARCFOUR = 0x00000004;
- const int NETLOGON_NEG_128BIT = 0x00004000;
- const int NETLOGON_NEG_SCHANNEL = 0x40000000;
+ /* If NETLOGON_NEG_ARCFOUR flag is not set, then the passwords and LM
+ * session keys are encrypted with DES calls. (And the user session key
+ * is unencrypted) */
/*****************/
/* Function 0x0F */
+ typedef [bitmap32bit] bitmap {
+ NETLOGON_NEG_ACCOUNT_LOCKOUT = 0x00000001,
+ NETLOGON_NEG_PERSISTENT_SAMREPL = 0x00000002,
+ NETLOGON_NEG_ARCFOUR = 0x00000004,
+ NETLOGON_NEG_PROMOTION_COUNT = 0x00000008,
+ NETLOGON_NEG_CHANGELOG_BDC = 0x00000010,
+ NETLOGON_NEG_FULL_SYNC_REPL = 0x00000020,
+ NETLOGON_NEG_MULTIPLE_SIDS = 0x00000040,
+ NETLOGON_NEG_REDO = 0x00000080,
+ NETLOGON_NEG_PASSWORD_CHANGE_REFUSAL = 0x00000100,
+ NETLOGON_NEG_SEND_PASSWORD_INFO_PDC = 0x00000200,
+ NETLOGON_NEG_GENERIC_PASSTHROUGH = 0x00000400,
+ NETLOGON_NEG_CONCURRENT_RPC = 0x00000800,
+ NETLOGON_NEG_AVOID_ACCOUNT_DB_REPL = 0x00001000,
+ NETLOGON_NEG_AVOID_SECURITYAUTH_DB_REPL = 0x00002000,
+ NETLOGON_NEG_128BIT = 0x00004000, /* STRONG_KEYS */
+ NETLOGON_NEG_TRANSITIVE_TRUSTS = 0x00008000,
+ NETLOGON_NEG_DNS_DOMAIN_TRUSTS = 0x00010000,
+ NETLOGON_NEG_PASSWORD_SET2 = 0x00020000,
+ NETLOGON_NEG_GETDOMAININFO = 0x00040000,
+ NETLOGON_NEG_CROSS_FOREST_TRUSTS = 0x00080000,
+ NETLOGON_NEG_NEUTRALIZE_NT4_EMULATION = 0x00100000,
+ NETLOGON_NEG_RODC_PASSTHROUGH = 0x00200000,
+ NETLOGON_NEG_AUTHENTICATED_RPC_LSASS = 0x20000000,
+ NETLOGON_NEG_SCHANNEL = 0x40000000 /* AUTHENTICATED_RPC */
+ } netr_NegotiateFlags;
+
NTSTATUS netr_ServerAuthenticate2(
[in,unique] [string,charset(UTF16)] uint16 *server_name,
[in] [string,charset(UTF16)] uint16 account_name[],
@@ -882,7 +906,7 @@ interface netlogon
[in] [string,charset(UTF16)] uint16 computer_name[],
[in,ref] netr_Credential *credentials,
[out,ref] netr_Credential *return_credentials,
- [in,out,ref] uint32 *negotiate_flags
+ [in,out,ref] netr_NegotiateFlags *negotiate_flags
);
@@ -1062,7 +1086,7 @@ interface netlogon
[in] netr_SchannelType secure_channel_type,
[in] [string,charset(UTF16)] uint16 computer_name[],
[in,out,ref] netr_Credential *credentials,
- [in,out,ref] uint32 *negotiate_flags,
+ [in,out,ref] netr_NegotiateFlags *negotiate_flags,
[out,ref] uint32 *rid
);
diff --git a/source3/rpc_server/srv_wkssvc_nt.c b/source3/rpc_server/srv_wkssvc_nt.c
index f864aad86a..32d315f96f 100644
--- a/source3/rpc_server/srv_wkssvc_nt.c
+++ b/source3/rpc_server/srv_wkssvc_nt.c
@@ -4,7 +4,8 @@
*
* Copyright (C) Andrew Tridgell 1992-1997,
* Copyright (C) Gerald (Jerry) Carter 2006.
- *
+ * Copyright (C) Guenther Deschner 2007-2008.
+ *
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 3 of the License, or
@@ -298,6 +299,10 @@ WERROR _wkssvc_NetrJoinDomain2(pipes_struct *p,
return WERR_INVALID_PARAM;
}
+ if (!r->in.admin_account || !r->in.encrypted_password) {
+ return WERR_INVALID_PARAM;
+ }
+
if (!user_has_privileges(token, &se_machine_account) &&
!nt_token_check_domain_rid(token, DOMAIN_GROUP_RID_ADMINS) &&
!nt_token_check_domain_rid(token, BUILTIN_ALIAS_RID_ADMINS)) {
@@ -306,6 +311,11 @@ WERROR _wkssvc_NetrJoinDomain2(pipes_struct *p,
return WERR_ACCESS_DENIED;
}
+ if ((r->in.join_flags & WKSSVC_JOIN_FLAGS_MACHINE_PWD_PASSED) ||
+ (r->in.join_flags & WKSSVC_JOIN_FLAGS_JOIN_UNSECURE)) {
+ return WERR_NOT_SUPPORTED;
+ }
+
werr = decode_wkssvc_join_password_buffer(p->mem_ctx,
r->in.encrypted_password,
&p->session_key,
@@ -336,7 +346,7 @@ WERROR _wkssvc_NetrJoinDomain2(pipes_struct *p,
unbecome_root();
if (!W_ERROR_IS_OK(werr)) {
- DEBUG(5,("_wkssvc_NetrJoinDomain2: libnet_Join gave %s\n",
+ DEBUG(5,("_wkssvc_NetrJoinDomain2: libnet_Join failed with: %s\n",
j->out.error_string ? j->out.error_string :
dos_errstr(werr)));
}
@@ -359,6 +369,10 @@ WERROR _wkssvc_NetrUnjoinDomain2(pipes_struct *p,
WERROR werr;
struct nt_user_token *token = p->pipe_user.nt_user_token;
+ if (!r->in.account || !r->in.encrypted_password) {
+ return WERR_INVALID_PARAM;
+ }
+
if (!user_has_privileges(token, &se_machine_account) &&
!nt_token_check_domain_rid(token, DOMAIN_GROUP_RID_ADMINS) &&
!nt_token_check_domain_rid(token, BUILTIN_ALIAS_RID_ADMINS)) {
@@ -396,6 +410,12 @@ WERROR _wkssvc_NetrUnjoinDomain2(pipes_struct *p,
werr = libnet_Unjoin(p->mem_ctx, u);
unbecome_root();
+ if (!W_ERROR_IS_OK(werr)) {
+ DEBUG(5,("_wkssvc_NetrUnjoinDomain2: libnet_Unjoin failed with: %s\n",
+ u->out.error_string ? u->out.error_string :
+ dos_errstr(werr)));
+ }
+
TALLOC_FREE(u);
return werr;
}
diff --git a/source3/utils/net_rpc_samsync.c b/source3/utils/net_rpc_samsync.c
index 80bc6eeacb..87d35b3ef6 100644
--- a/source3/utils/net_rpc_samsync.c
+++ b/source3/utils/net_rpc_samsync.c
@@ -337,6 +337,8 @@ static void dump_database(struct rpc_pipe_client *pipe_hnd,
uint16_t restart_state = 0;
uint32_t sync_context = 0;
+ ZERO_STRUCT(return_authenticator);
+
if (!(mem_ctx = talloc_init("dump_database"))) {
return;
}
diff --git a/source3/winbindd/winbindd_group.c b/source3/winbindd/winbindd_group.c
index 6a704cf290..5dbd8c55a5 100644
--- a/source3/winbindd/winbindd_group.c
+++ b/source3/winbindd/winbindd_group.c
@@ -1595,9 +1595,11 @@ static void getgroups_sid2gid_recv(void *private_data, bool success, gid_t gid)
}
s->state->response.data.num_entries = s->num_token_gids;
- /* s->token_gids are talloced */
- s->state->response.extra_data.data = smb_xmemdup(s->token_gids, s->num_token_gids * sizeof(gid_t));
- s->state->response.length += s->num_token_gids * sizeof(gid_t);
+ if (s->num_token_gids) {
+ /* s->token_gids are talloced */
+ s->state->response.extra_data.data = smb_xmemdup(s->token_gids, s->num_token_gids * sizeof(gid_t));
+ s->state->response.length += s->num_token_gids * sizeof(gid_t);
+ }
request_ok(s->state);
}