Merge branch 'v3-2-test' of ssh://jra@git.samba.org/data/git/samba into v3-2-test

(This used to be commit 985bd1e642b6e54f1bc95cd4cfcceb96107e383d)
author: Jeremy Allison <jra@samba.org> 2008-03-28 17:31:33 -0700
committer: Jeremy Allison <jra@samba.org> 2008-03-28 17:31:33 -0700
commit: fba9aa4ecf39eee157f5a24e3bc58b68809f092d (patch)
tree: 7439d9e1982fad473330ac0762e2560a2fea143e
parent: e00bfc509219cce65168f9ef4532eeff09e6f5fb (diff)
parent: 9e328fe94281a0ac35d3fd2117f55aaf329e3972 (diff)
download: samba-fba9aa4ecf39eee157f5a24e3bc58b68809f092d.tar.gz
samba-fba9aa4ecf39eee157f5a24e3bc58b68809f092d.tar.bz2
samba-fba9aa4ecf39eee157f5a24e3bc58b68809f092d.zip
7 files changed, 145 insertions, 28 deletions
diff --git a/source3/librpc/gen_ndr/ndr_netlogon.c b/source3/librpc/gen_ndr/ndr_netlogon.c
index 7f340b6599..e634151921 100644
--- a/source3/librpc/gen_ndr/ndr_netlogon.c
+++ b/source3/librpc/gen_ndr/ndr_netlogon.c
@@ -5942,6 +5942,51 @@ _PUBLIC_ void ndr_print_netr_CONTROL_DATA_INFORMATION(struct ndr_print *ndr, con
 	}
 }
 
+static enum ndr_err_code ndr_push_netr_NegotiateFlags(struct ndr_push *ndr, int ndr_flags, uint32_t r)
+{
+	NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, r));
+	return NDR_ERR_SUCCESS;
+}
+
+static enum ndr_err_code ndr_pull_netr_NegotiateFlags(struct ndr_pull *ndr, int ndr_flags, uint32_t *r)
+{
+	uint32_t v;
+	NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &v));
+	*r = v;
+	return NDR_ERR_SUCCESS;
+}
+
+_PUBLIC_ void ndr_print_netr_NegotiateFlags(struct ndr_print *ndr, const char *name, uint32_t r)
+{
+	ndr_print_uint32(ndr, name, r);
+	ndr->depth++;
+	ndr_print_bitmap_flag(ndr, sizeof(uint32_t), "NETLOGON_NEG_ACCOUNT_LOCKOUT", NETLOGON_NEG_ACCOUNT_LOCKOUT, r);
+	ndr_print_bitmap_flag(ndr, sizeof(uint32_t), "NETLOGON_NEG_PERSISTENT_SAMREPL", NETLOGON_NEG_PERSISTENT_SAMREPL, r);
+	ndr_print_bitmap_flag(ndr, sizeof(uint32_t), "NETLOGON_NEG_ARCFOUR", NETLOGON_NEG_ARCFOUR, r);
+	ndr_print_bitmap_flag(ndr, sizeof(uint32_t), "NETLOGON_NEG_PROMOTION_COUNT", NETLOGON_NEG_PROMOTION_COUNT, r);
+	ndr_print_bitmap_flag(ndr, sizeof(uint32_t), "NETLOGON_NEG_CHANGELOG_BDC", NETLOGON_NEG_CHANGELOG_BDC, r);
+	ndr_print_bitmap_flag(ndr, sizeof(uint32_t), "NETLOGON_NEG_FULL_SYNC_REPL", NETLOGON_NEG_FULL_SYNC_REPL, r);
+	ndr_print_bitmap_flag(ndr, sizeof(uint32_t), "NETLOGON_NEG_MULTIPLE_SIDS", NETLOGON_NEG_MULTIPLE_SIDS, r);
+	ndr_print_bitmap_flag(ndr, sizeof(uint32_t), "NETLOGON_NEG_REDO", NETLOGON_NEG_REDO, r);
+	ndr_print_bitmap_flag(ndr, sizeof(uint32_t), "NETLOGON_NEG_PASSWORD_CHANGE_REFUSAL", NETLOGON_NEG_PASSWORD_CHANGE_REFUSAL, r);
+	ndr_print_bitmap_flag(ndr, sizeof(uint32_t), "NETLOGON_NEG_SEND_PASSWORD_INFO_PDC", NETLOGON_NEG_SEND_PASSWORD_INFO_PDC, r);
+	ndr_print_bitmap_flag(ndr, sizeof(uint32_t), "NETLOGON_NEG_GENERIC_PASSTHROUGH", NETLOGON_NEG_GENERIC_PASSTHROUGH, r);
+	ndr_print_bitmap_flag(ndr, sizeof(uint32_t), "NETLOGON_NEG_CONCURRENT_RPC", NETLOGON_NEG_CONCURRENT_RPC, r);
+	ndr_print_bitmap_flag(ndr, sizeof(uint32_t), "NETLOGON_NEG_AVOID_ACCOUNT_DB_REPL", NETLOGON_NEG_AVOID_ACCOUNT_DB_REPL, r);
+	ndr_print_bitmap_flag(ndr, sizeof(uint32_t), "NETLOGON_NEG_AVOID_SECURITYAUTH_DB_REPL", NETLOGON_NEG_AVOID_SECURITYAUTH_DB_REPL, r);
+	ndr_print_bitmap_flag(ndr, sizeof(uint32_t), "NETLOGON_NEG_128BIT", NETLOGON_NEG_128BIT, r);
+	ndr_print_bitmap_flag(ndr, sizeof(uint32_t), "NETLOGON_NEG_TRANSITIVE_TRUSTS", NETLOGON_NEG_TRANSITIVE_TRUSTS, r);
+	ndr_print_bitmap_flag(ndr, sizeof(uint32_t), "NETLOGON_NEG_DNS_DOMAIN_TRUSTS", NETLOGON_NEG_DNS_DOMAIN_TRUSTS, r);
+	ndr_print_bitmap_flag(ndr, sizeof(uint32_t), "NETLOGON_NEG_PASSWORD_SET2", NETLOGON_NEG_PASSWORD_SET2, r);
+	ndr_print_bitmap_flag(ndr, sizeof(uint32_t), "NETLOGON_NEG_GETDOMAININFO", NETLOGON_NEG_GETDOMAININFO, r);
+	ndr_print_bitmap_flag(ndr, sizeof(uint32_t), "NETLOGON_NEG_CROSS_FOREST_TRUSTS", NETLOGON_NEG_CROSS_FOREST_TRUSTS, r);
+	ndr_print_bitmap_flag(ndr, sizeof(uint32_t), "NETLOGON_NEG_NEUTRALIZE_NT4_EMULATION", NETLOGON_NEG_NEUTRALIZE_NT4_EMULATION, r);
+	ndr_print_bitmap_flag(ndr, sizeof(uint32_t), "NETLOGON_NEG_RODC_PASSTHROUGH", NETLOGON_NEG_RODC_PASSTHROUGH, r);
+	ndr_print_bitmap_flag(ndr, sizeof(uint32_t), "NETLOGON_NEG_AUTHENTICATED_RPC_LSASS", NETLOGON_NEG_AUTHENTICATED_RPC_LSASS, r);
+	ndr_print_bitmap_flag(ndr, sizeof(uint32_t), "NETLOGON_NEG_SCHANNEL", NETLOGON_NEG_SCHANNEL, r);
+	ndr->depth--;
+}
+
 static enum ndr_err_code ndr_push_netr_Blob(struct ndr_push *ndr, int ndr_flags, const struct netr_Blob *r)
 {
 	if (ndr_flags & NDR_SCALARS) {
@@ -10371,7 +10416,7 @@ static enum ndr_err_code ndr_push_netr_ServerAuthenticate2(struct ndr_push *ndr,
 		if (r->in.negotiate_flags == NULL) {
 			return ndr_push_error(ndr, NDR_ERR_INVALID_POINTER, "NULL [ref] pointer");
 		}
-		NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, *r->in.negotiate_flags));
+		NDR_CHECK(ndr_push_netr_NegotiateFlags(ndr, NDR_SCALARS, *r->in.negotiate_flags));
 	}
 	if (flags & NDR_OUT) {
 		if (r->out.return_credentials == NULL) {
@@ -10381,7 +10426,7 @@ static enum ndr_err_code ndr_push_netr_ServerAuthenticate2(struct ndr_push *ndr,
 		if (r->out.negotiate_flags == NULL) {
 			return ndr_push_error(ndr, NDR_ERR_INVALID_POINTER, "NULL [ref] pointer");
 		}
-		NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, *r->out.negotiate_flags));
+		NDR_CHECK(ndr_push_netr_NegotiateFlags(ndr, NDR_SCALARS, *r->out.negotiate_flags));
 		NDR_CHECK(ndr_push_NTSTATUS(ndr, NDR_SCALARS, r->out.result));
 	}
 	return NDR_ERR_SUCCESS;
@@ -10442,7 +10487,7 @@ static enum ndr_err_code ndr_pull_netr_ServerAuthenticate2(struct ndr_pull *ndr,
 		}
 		_mem_save_negotiate_flags_0 = NDR_PULL_GET_MEM_CTX(ndr);
 		NDR_PULL_SET_MEM_CTX(ndr, r->in.negotiate_flags, LIBNDR_FLAG_REF_ALLOC);
-		NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, r->in.negotiate_flags));
+		NDR_CHECK(ndr_pull_netr_NegotiateFlags(ndr, NDR_SCALARS, r->in.negotiate_flags));
 		NDR_PULL_SET_MEM_CTX(ndr, _mem_save_negotiate_flags_0, LIBNDR_FLAG_REF_ALLOC);
 		NDR_PULL_ALLOC(ndr, r->out.return_credentials);
 		ZERO_STRUCTP(r->out.return_credentials);
@@ -10462,7 +10507,7 @@ static enum ndr_err_code ndr_pull_netr_ServerAuthenticate2(struct ndr_pull *ndr,
 		}
 		_mem_save_negotiate_flags_0 = NDR_PULL_GET_MEM_CTX(ndr);
 		NDR_PULL_SET_MEM_CTX(ndr, r->out.negotiate_flags, LIBNDR_FLAG_REF_ALLOC);
-		NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, r->out.negotiate_flags));
+		NDR_CHECK(ndr_pull_netr_NegotiateFlags(ndr, NDR_SCALARS, r->out.negotiate_flags));
 		NDR_PULL_SET_MEM_CTX(ndr, _mem_save_negotiate_flags_0, LIBNDR_FLAG_REF_ALLOC);
 		NDR_CHECK(ndr_pull_NTSTATUS(ndr, NDR_SCALARS, &r->out.result));
 	}
@@ -10494,7 +10539,7 @@ _PUBLIC_ void ndr_print_netr_ServerAuthenticate2(struct ndr_print *ndr, const ch
 		ndr->depth--;
 		ndr_print_ptr(ndr, "negotiate_flags", r->in.negotiate_flags);
 		ndr->depth++;
-		ndr_print_uint32(ndr, "negotiate_flags", *r->in.negotiate_flags);
+		ndr_print_netr_NegotiateFlags(ndr, "negotiate_flags", *r->in.negotiate_flags);
 		ndr->depth--;
 		ndr->depth--;
 	}
@@ -10507,7 +10552,7 @@ _PUBLIC_ void ndr_print_netr_ServerAuthenticate2(struct ndr_print *ndr, const ch
 		ndr->depth--;
 		ndr_print_ptr(ndr, "negotiate_flags", r->out.negotiate_flags);
 		ndr->depth++;
-		ndr_print_uint32(ndr, "negotiate_flags", *r->out.negotiate_flags);
+		ndr_print_netr_NegotiateFlags(ndr, "negotiate_flags", *r->out.negotiate_flags);
 		ndr->depth--;
 		ndr_print_NTSTATUS(ndr, "result", r->out.result);
 		ndr->depth--;
@@ -11585,7 +11630,7 @@ static enum ndr_err_code ndr_push_netr_ServerAuthenticate3(struct ndr_push *ndr,
 		if (r->in.negotiate_flags == NULL) {
 			return ndr_push_error(ndr, NDR_ERR_INVALID_POINTER, "NULL [ref] pointer");
 		}
-		NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, *r->in.negotiate_flags));
+		NDR_CHECK(ndr_push_netr_NegotiateFlags(ndr, NDR_SCALARS, *r->in.negotiate_flags));
 	}
 	if (flags & NDR_OUT) {
 		if (r->out.credentials == NULL) {
@@ -11595,7 +11640,7 @@ static enum ndr_err_code ndr_push_netr_ServerAuthenticate3(struct ndr_push *ndr,
 		if (r->out.negotiate_flags == NULL) {
 			return ndr_push_error(ndr, NDR_ERR_INVALID_POINTER, "NULL [ref] pointer");
 		}
-		NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, *r->out.negotiate_flags));
+		NDR_CHECK(ndr_push_netr_NegotiateFlags(ndr, NDR_SCALARS, *r->out.negotiate_flags));
 		if (r->out.rid == NULL) {
 			return ndr_push_error(ndr, NDR_ERR_INVALID_POINTER, "NULL [ref] pointer");
 		}
@@ -11660,7 +11705,7 @@ static enum ndr_err_code ndr_pull_netr_ServerAuthenticate3(struct ndr_pull *ndr,
 		}
 		_mem_save_negotiate_flags_0 = NDR_PULL_GET_MEM_CTX(ndr);
 		NDR_PULL_SET_MEM_CTX(ndr, r->in.negotiate_flags, LIBNDR_FLAG_REF_ALLOC);
-		NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, r->in.negotiate_flags));
+		NDR_CHECK(ndr_pull_netr_NegotiateFlags(ndr, NDR_SCALARS, r->in.negotiate_flags));
 		NDR_PULL_SET_MEM_CTX(ndr, _mem_save_negotiate_flags_0, LIBNDR_FLAG_REF_ALLOC);
 		NDR_PULL_ALLOC(ndr, r->out.credentials);
 		*r->out.credentials = *r->in.credentials;
@@ -11682,7 +11727,7 @@ static enum ndr_err_code ndr_pull_netr_ServerAuthenticate3(struct ndr_pull *ndr,
 		}
 		_mem_save_negotiate_flags_0 = NDR_PULL_GET_MEM_CTX(ndr);
 		NDR_PULL_SET_MEM_CTX(ndr, r->out.negotiate_flags, LIBNDR_FLAG_REF_ALLOC);
-		NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, r->out.negotiate_flags));
+		NDR_CHECK(ndr_pull_netr_NegotiateFlags(ndr, NDR_SCALARS, r->out.negotiate_flags));
 		NDR_PULL_SET_MEM_CTX(ndr, _mem_save_negotiate_flags_0, LIBNDR_FLAG_REF_ALLOC);
 		if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) {
 			NDR_PULL_ALLOC(ndr, r->out.rid);
@@ -11721,7 +11766,7 @@ _PUBLIC_ void ndr_print_netr_ServerAuthenticate3(struct ndr_print *ndr, const ch
 		ndr->depth--;
 		ndr_print_ptr(ndr, "negotiate_flags", r->in.negotiate_flags);
 		ndr->depth++;
-		ndr_print_uint32(ndr, "negotiate_flags", *r->in.negotiate_flags);
+		ndr_print_netr_NegotiateFlags(ndr, "negotiate_flags", *r->in.negotiate_flags);
 		ndr->depth--;
 		ndr->depth--;
 	}
@@ -11734,7 +11779,7 @@ _PUBLIC_ void ndr_print_netr_ServerAuthenticate3(struct ndr_print *ndr, const ch
 		ndr->depth--;
 		ndr_print_ptr(ndr, "negotiate_flags", r->out.negotiate_flags);
 		ndr->depth++;
-		ndr_print_uint32(ndr, "negotiate_flags", *r->out.negotiate_flags);
+		ndr_print_netr_NegotiateFlags(ndr, "negotiate_flags", *r->out.negotiate_flags);
 		ndr->depth--;
 		ndr_print_ptr(ndr, "rid", r->out.rid);
 		ndr->depth++;
diff --git a/source3/librpc/gen_ndr/ndr_netlogon.h b/source3/librpc/gen_ndr/ndr_netlogon.h
index 3615e07461..a9d36aeacb 100644
--- a/source3/librpc/gen_ndr/ndr_netlogon.h
+++ b/source3/librpc/gen_ndr/ndr_netlogon.h
@@ -187,6 +187,7 @@ void ndr_print_netr_NETLOGON_INFO_3(struct ndr_print *ndr, const char *name, con
 void ndr_print_netr_CONTROL_QUERY_INFORMATION(struct ndr_print *ndr, const char *name, const union netr_CONTROL_QUERY_INFORMATION *r);
 void ndr_print_netr_LogonControlCode(struct ndr_print *ndr, const char *name, enum netr_LogonControlCode r);
 void ndr_print_netr_CONTROL_DATA_INFORMATION(struct ndr_print *ndr, const char *name, const union netr_CONTROL_DATA_INFORMATION *r);
+void ndr_print_netr_NegotiateFlags(struct ndr_print *ndr, const char *name, uint32_t r);
 void ndr_print_netr_Blob(struct ndr_print *ndr, const char *name, const struct netr_Blob *r);
 void ndr_print_netr_DsRGetDCName_flags(struct ndr_print *ndr, const char *name, uint32_t r);
 void ndr_print_netr_DsRGetDCNameInfo_AddressType(struct ndr_print *ndr, const char *name, enum netr_DsRGetDCNameInfo_AddressType r);
diff --git a/source3/librpc/gen_ndr/netlogon.h b/source3/librpc/gen_ndr/netlogon.h
index bcd9f4d974..b4a3b01a02 100644
--- a/source3/librpc/gen_ndr/netlogon.h
+++ b/source3/librpc/gen_ndr/netlogon.h
@@ -8,9 +8,6 @@
 #ifndef _HEADER_netlogon
 #define _HEADER_netlogon
 
-#define NETLOGON_NEG_ARCFOUR	( 0x00000004 )
-#define NETLOGON_NEG_128BIT	( 0x00004000 )
-#define NETLOGON_NEG_SCHANNEL	( 0x40000000 )
 #define DSGETDC_VALID_FLAGS	( (DS_FORCE_REDISCOVERY|DS_DIRECTORY_SERVICE_REQUIRED|DS_DIRECTORY_SERVICE_PREFERRED|DS_GC_SERVER_REQUIRED|DS_PDC_REQUIRED|DS_BACKGROUND_ONLY|DS_IP_REQUIRED|DS_KDC_REQUIRED|DS_TIMESERV_REQUIRED|DS_WRITABLE_REQUIRED|DS_GOOD_TIMESERV_PREFERRED|DS_AVOID_SELF|DS_ONLY_LDAP_NEEDED|DS_IS_FLAT_NAME|DS_IS_DNS_NAME|DS_RETURN_FLAT_NAME|DS_RETURN_DNS_NAME) )
 #define DS_GFTI_UPDATE_TDO	( 0x1 )
 struct netr_UasInfo {
@@ -644,6 +641,32 @@ union netr_CONTROL_DATA_INFORMATION {
 	uint32_t debug_level;/* [case(NETLOGON_CONTROL_SET_DBFLAG)] */
 };
 
+/* bitmap netr_NegotiateFlags */
+#define NETLOGON_NEG_ACCOUNT_LOCKOUT ( 0x00000001 )
+#define NETLOGON_NEG_PERSISTENT_SAMREPL ( 0x00000002 )
+#define NETLOGON_NEG_ARCFOUR ( 0x00000004 )
+#define NETLOGON_NEG_PROMOTION_COUNT ( 0x00000008 )
+#define NETLOGON_NEG_CHANGELOG_BDC ( 0x00000010 )
+#define NETLOGON_NEG_FULL_SYNC_REPL ( 0x00000020 )
+#define NETLOGON_NEG_MULTIPLE_SIDS ( 0x00000040 )
+#define NETLOGON_NEG_REDO ( 0x00000080 )
+#define NETLOGON_NEG_PASSWORD_CHANGE_REFUSAL ( 0x00000100 )
+#define NETLOGON_NEG_SEND_PASSWORD_INFO_PDC ( 0x00000200 )
+#define NETLOGON_NEG_GENERIC_PASSTHROUGH ( 0x00000400 )
+#define NETLOGON_NEG_CONCURRENT_RPC ( 0x00000800 )
+#define NETLOGON_NEG_AVOID_ACCOUNT_DB_REPL ( 0x00001000 )
+#define NETLOGON_NEG_AVOID_SECURITYAUTH_DB_REPL ( 0x00002000 )
+#define NETLOGON_NEG_128BIT ( 0x00004000 )
+#define NETLOGON_NEG_TRANSITIVE_TRUSTS ( 0x00008000 )
+#define NETLOGON_NEG_DNS_DOMAIN_TRUSTS ( 0x00010000 )
+#define NETLOGON_NEG_PASSWORD_SET2 ( 0x00020000 )
+#define NETLOGON_NEG_GETDOMAININFO ( 0x00040000 )
+#define NETLOGON_NEG_CROSS_FOREST_TRUSTS ( 0x00080000 )
+#define NETLOGON_NEG_NEUTRALIZE_NT4_EMULATION ( 0x00100000 )
+#define NETLOGON_NEG_RODC_PASSTHROUGH ( 0x00200000 )
+#define NETLOGON_NEG_AUTHENTICATED_RPC_LSASS ( 0x20000000 )
+#define NETLOGON_NEG_SCHANNEL ( 0x40000000 )
+
 struct netr_Blob {
 	uint32_t length;
 	uint8_t *data;/* [unique,size_is(length)] */
diff --git a/source3/librpc/idl/netlogon.idl b/source3/librpc/idl/netlogon.idl
index cbf78c779f..6ba342b663 100644
--- a/source3/librpc/idl/netlogon.idl
+++ b/source3/librpc/idl/netlogon.idl
@@ -865,16 +865,40 @@ interface netlogon
 		);
 
 
-	/* If this flag is not set, then the passwords and LM session keys are
-	 * encrypted with DES calls.  (And the user session key is
-	 * unencrypted) */ 
-	const int NETLOGON_NEG_ARCFOUR  = 0x00000004;
-	const int NETLOGON_NEG_128BIT   = 0x00004000;
-	const int NETLOGON_NEG_SCHANNEL = 0x40000000;
+	/* If NETLOGON_NEG_ARCFOUR flag is not set, then the passwords and LM
+	 * session keys are encrypted with DES calls.  (And the user session key
+	 * is unencrypted) */
 
 	/*****************/
 	/* Function 0x0F */
 
+	typedef [bitmap32bit] bitmap {
+		NETLOGON_NEG_ACCOUNT_LOCKOUT		= 0x00000001,
+		NETLOGON_NEG_PERSISTENT_SAMREPL		= 0x00000002,
+		NETLOGON_NEG_ARCFOUR			= 0x00000004,
+		NETLOGON_NEG_PROMOTION_COUNT		= 0x00000008,
+		NETLOGON_NEG_CHANGELOG_BDC		= 0x00000010,
+		NETLOGON_NEG_FULL_SYNC_REPL		= 0x00000020,
+		NETLOGON_NEG_MULTIPLE_SIDS		= 0x00000040,
+		NETLOGON_NEG_REDO			= 0x00000080,
+		NETLOGON_NEG_PASSWORD_CHANGE_REFUSAL	= 0x00000100,
+		NETLOGON_NEG_SEND_PASSWORD_INFO_PDC	= 0x00000200,
+		NETLOGON_NEG_GENERIC_PASSTHROUGH	= 0x00000400,
+		NETLOGON_NEG_CONCURRENT_RPC		= 0x00000800,
+		NETLOGON_NEG_AVOID_ACCOUNT_DB_REPL	= 0x00001000,
+		NETLOGON_NEG_AVOID_SECURITYAUTH_DB_REPL	= 0x00002000,
+		NETLOGON_NEG_128BIT			= 0x00004000, /* STRONG_KEYS */
+		NETLOGON_NEG_TRANSITIVE_TRUSTS		= 0x00008000,
+		NETLOGON_NEG_DNS_DOMAIN_TRUSTS		= 0x00010000,
+		NETLOGON_NEG_PASSWORD_SET2		= 0x00020000,
+		NETLOGON_NEG_GETDOMAININFO		= 0x00040000,
+		NETLOGON_NEG_CROSS_FOREST_TRUSTS	= 0x00080000,
+		NETLOGON_NEG_NEUTRALIZE_NT4_EMULATION	= 0x00100000,
+		NETLOGON_NEG_RODC_PASSTHROUGH		= 0x00200000,
+		NETLOGON_NEG_AUTHENTICATED_RPC_LSASS	= 0x20000000,
+		NETLOGON_NEG_SCHANNEL			= 0x40000000 /* AUTHENTICATED_RPC */
+	} netr_NegotiateFlags;
+
 	NTSTATUS netr_ServerAuthenticate2(
 		[in,unique]  [string,charset(UTF16)] uint16 *server_name,
 		[in]         [string,charset(UTF16)] uint16 account_name[],
@@ -882,7 +906,7 @@ interface netlogon
 		[in]         [string,charset(UTF16)] uint16 computer_name[],
 		[in,ref]     netr_Credential *credentials,
 		[out,ref]    netr_Credential *return_credentials,
-		[in,out,ref] uint32 *negotiate_flags
+		[in,out,ref] netr_NegotiateFlags *negotiate_flags
 		);
 
 
@@ -1062,7 +1086,7 @@ interface netlogon
 		[in]         netr_SchannelType secure_channel_type,
 		[in]         [string,charset(UTF16)] uint16 computer_name[],
 		[in,out,ref] netr_Credential *credentials,
-		[in,out,ref] uint32 *negotiate_flags,
+		[in,out,ref] netr_NegotiateFlags *negotiate_flags,
 		[out,ref]    uint32 *rid
 		);
 
diff --git a/source3/rpc_server/srv_wkssvc_nt.c b/source3/rpc_server/srv_wkssvc_nt.c
index f864aad86a..32d315f96f 100644
--- a/source3/rpc_server/srv_wkssvc_nt.c
+++ b/source3/rpc_server/srv_wkssvc_nt.c
@@ -4,7 +4,8 @@
  *
  *  Copyright (C) Andrew Tridgell		1992-1997,
  *  Copyright (C) Gerald (Jerry) Carter		2006.
- *  
+ *  Copyright (C) Guenther Deschner		2007-2008.
+ *
  *  This program is free software; you can redistribute it and/or modify
  *  it under the terms of the GNU General Public License as published by
  *  the Free Software Foundation; either version 3 of the License, or
@@ -298,6 +299,10 @@ WERROR _wkssvc_NetrJoinDomain2(pipes_struct *p,
 		return WERR_INVALID_PARAM;
 	}
 
+	if (!r->in.admin_account || !r->in.encrypted_password) {
+		return WERR_INVALID_PARAM;
+	}
+
 	if (!user_has_privileges(token, &se_machine_account) &&
 	    !nt_token_check_domain_rid(token, DOMAIN_GROUP_RID_ADMINS) &&
 	    !nt_token_check_domain_rid(token, BUILTIN_ALIAS_RID_ADMINS)) {
@@ -306,6 +311,11 @@ WERROR _wkssvc_NetrJoinDomain2(pipes_struct *p,
 		return WERR_ACCESS_DENIED;
 	}
 
+	if ((r->in.join_flags & WKSSVC_JOIN_FLAGS_MACHINE_PWD_PASSED) ||
+	    (r->in.join_flags & WKSSVC_JOIN_FLAGS_JOIN_UNSECURE)) {
+		return WERR_NOT_SUPPORTED;
+	}
+
 	werr = decode_wkssvc_join_password_buffer(p->mem_ctx,
 						  r->in.encrypted_password,
 						  &p->session_key,
@@ -336,7 +346,7 @@ WERROR _wkssvc_NetrJoinDomain2(pipes_struct *p,
 	unbecome_root();
 
 	if (!W_ERROR_IS_OK(werr)) {
-		DEBUG(5,("_wkssvc_NetrJoinDomain2: libnet_Join gave %s\n",
+		DEBUG(5,("_wkssvc_NetrJoinDomain2: libnet_Join failed with: %s\n",
 			j->out.error_string ? j->out.error_string :
 			dos_errstr(werr)));
 	}
@@ -359,6 +369,10 @@ WERROR _wkssvc_NetrUnjoinDomain2(pipes_struct *p,
 	WERROR werr;
 	struct nt_user_token *token = p->pipe_user.nt_user_token;
 
+	if (!r->in.account || !r->in.encrypted_password) {
+		return WERR_INVALID_PARAM;
+	}
+
 	if (!user_has_privileges(token, &se_machine_account) &&
 	    !nt_token_check_domain_rid(token, DOMAIN_GROUP_RID_ADMINS) &&
 	    !nt_token_check_domain_rid(token, BUILTIN_ALIAS_RID_ADMINS)) {
@@ -396,6 +410,12 @@ WERROR _wkssvc_NetrUnjoinDomain2(pipes_struct *p,
 	werr = libnet_Unjoin(p->mem_ctx, u);
 	unbecome_root();
 
+	if (!W_ERROR_IS_OK(werr)) {
+		DEBUG(5,("_wkssvc_NetrUnjoinDomain2: libnet_Unjoin failed with: %s\n",
+			u->out.error_string ? u->out.error_string :
+			dos_errstr(werr)));
+	}
+
 	TALLOC_FREE(u);
 	return werr;
 }
diff --git a/source3/utils/net_rpc_samsync.c b/source3/utils/net_rpc_samsync.c
index 80bc6eeacb..87d35b3ef6 100644
--- a/source3/utils/net_rpc_samsync.c
+++ b/source3/utils/net_rpc_samsync.c
@@ -337,6 +337,8 @@ static void dump_database(struct rpc_pipe_client *pipe_hnd,
 	uint16_t restart_state = 0;
 	uint32_t sync_context = 0;
 
+	ZERO_STRUCT(return_authenticator);
+
 	if (!(mem_ctx = talloc_init("dump_database"))) {
 		return;
 	}
diff --git a/source3/winbindd/winbindd_group.c b/source3/winbindd/winbindd_group.c
index 6a704cf290..5dbd8c55a5 100644
--- a/source3/winbindd/winbindd_group.c
+++ b/source3/winbindd/winbindd_group.c
@@ -1595,9 +1595,11 @@ static void getgroups_sid2gid_recv(void *private_data, bool success, gid_t gid)
 	}
 
 	s->state->response.data.num_entries = s->num_token_gids;
-	/* s->token_gids are talloced */
-	s->state->response.extra_data.data = smb_xmemdup(s->token_gids, s->num_token_gids * sizeof(gid_t));
-	s->state->response.length += s->num_token_gids * sizeof(gid_t);
+	if (s->num_token_gids) {
+		/* s->token_gids are talloced */
+		s->state->response.extra_data.data = smb_xmemdup(s->token_gids, s->num_token_gids * sizeof(gid_t));
+		s->state->response.length += s->num_token_gids * sizeof(gid_t);
+	}
 	request_ok(s->state);
 }
author	Jeremy Allison <jra@samba.org>	2008-03-28 17:31:33 -0700
committer	Jeremy Allison <jra@samba.org>	2008-03-28 17:31:33 -0700
commit	fba9aa4ecf39eee157f5a24e3bc58b68809f092d (patch)
tree	7439d9e1982fad473330ac0762e2560a2fea143e
parent	e00bfc509219cce65168f9ef4532eeff09e6f5fb (diff)
parent	9e328fe94281a0ac35d3fd2117f55aaf329e3972 (diff)
download	samba-fba9aa4ecf39eee157f5a24e3bc58b68809f092d.tar.gz samba-fba9aa4ecf39eee157f5a24e3bc58b68809f092d.tar.bz2 samba-fba9aa4ecf39eee157f5a24e3bc58b68809f092d.zip