summaryrefslogtreecommitdiff
path: root/source4
diff options
context:
space:
mode:
authorGünther Deschner <gd@samba.org>2010-07-16 04:06:48 +0200
committerGünther Deschner <gd@samba.org>2010-08-25 13:27:50 +0200
commite2f15d2a25302ee529006b2d1d6b99993c7102e8 (patch)
tree0189ae9cc476c77cb1f0dde4aa7274cd4a7cc043 /source4
parent2eff142cce536a8966e63bdf9e514bc22d03acc4 (diff)
downloadsamba-e2f15d2a25302ee529006b2d1d6b99993c7102e8.tar.gz
samba-e2f15d2a25302ee529006b2d1d6b99993c7102e8.tar.bz2
samba-e2f15d2a25302ee529006b2d1d6b99993c7102e8.zip
s4-trusts: fix trustDomainPasswords drsblobs IDL and server side support.
Also remove bogus trustCurrentPasswords struct which we just had because our IDL was incorrect. Guenther
Diffstat (limited to 'source4')
-rw-r--r--source4/kdc/db-glue.c14
-rw-r--r--source4/rpc_server/lsa/dcesrv_lsa.c54
2 files changed, 19 insertions, 49 deletions
diff --git a/source4/kdc/db-glue.c b/source4/kdc/db-glue.c
index c8bbea7531..8e311b439b 100644
--- a/source4/kdc/db-glue.c
+++ b/source4/kdc/db-glue.c
@@ -834,15 +834,15 @@ static krb5_error_code samba_kdc_trust_message2entry(krb5_context context,
entry_ex->entry.kvno = -1;
for (i=0; i < password_blob.count; i++) {
- if (password_blob.current->array[i].AuthType == TRUST_AUTH_TYPE_VERSION) {
- entry_ex->entry.kvno = password_blob.current->array[i].AuthInfo.version.version;
+ if (password_blob.current.array[i].AuthType == TRUST_AUTH_TYPE_VERSION) {
+ entry_ex->entry.kvno = password_blob.current.array[i].AuthInfo.version.version;
}
}
for (i=0; i < password_blob.count; i++) {
- if (password_blob.current->array[i].AuthType == TRUST_AUTH_TYPE_CLEAR) {
- password_utf16 = data_blob_const(password_blob.current->array[i].AuthInfo.clear.password,
- password_blob.current->array[i].AuthInfo.clear.size);
+ if (password_blob.current.array[i].AuthType == TRUST_AUTH_TYPE_CLEAR) {
+ password_utf16 = data_blob_const(password_blob.current.array[i].AuthInfo.clear.password,
+ password_blob.current.array[i].AuthInfo.clear.size);
/* In the future, generate all sorts of
* hashes, but for now we can't safely convert
* the random strings windows uses into
@@ -851,8 +851,8 @@ static krb5_error_code samba_kdc_trust_message2entry(krb5_context context,
/* but as it is utf16 already, we can get the NT password/arcfour-hmac-md5 key */
mdfour(password_hash.hash, password_utf16.data, password_utf16.length);
break;
- } else if (password_blob.current->array[i].AuthType == TRUST_AUTH_TYPE_NT4OWF) {
- password_hash = password_blob.current->array[i].AuthInfo.nt4owf.password;
+ } else if (password_blob.current.array[i].AuthType == TRUST_AUTH_TYPE_NT4OWF) {
+ password_hash = password_blob.current.array[i].AuthInfo.nt4owf.password;
break;
}
}
diff --git a/source4/rpc_server/lsa/dcesrv_lsa.c b/source4/rpc_server/lsa/dcesrv_lsa.c
index 9c9ad4590b..51b6339a12 100644
--- a/source4/rpc_server/lsa/dcesrv_lsa.c
+++ b/source4/rpc_server/lsa/dcesrv_lsa.c
@@ -762,43 +762,13 @@ static NTSTATUS get_trustdom_auth_blob(struct dcesrv_call_state *dce_call,
static NTSTATUS get_trustauth_inout_blob(struct dcesrv_call_state *dce_call,
TALLOC_CTX *mem_ctx,
- struct trustCurrentPasswords *iopw,
+ struct trustAuthInOutBlob *iopw,
DATA_BLOB *trustauth_blob)
{
- uint32_t i;
- struct trustAuthInOutBlob ioblob;
enum ndr_err_code ndr_err;
- ioblob.count = iopw->count;
- ioblob.current = talloc(mem_ctx,
- struct AuthenticationInformationArray);
- if (!ioblob.current) {
- return NT_STATUS_NO_MEMORY;
- }
-
- ioblob.current->array = *iopw->current;
- if (!ioblob.current->array) {
- return NT_STATUS_NO_MEMORY;
- }
-
- ioblob.previous = talloc(mem_ctx,
- struct AuthenticationInformationArray);
- if (!ioblob.previous) {
- return NT_STATUS_NO_MEMORY;
- }
- ioblob.previous->array = talloc_array(mem_ctx,
- struct AuthenticationInformation,
- ioblob.count);
- if (!ioblob.previous->array) {
- return NT_STATUS_NO_MEMORY;
- }
-
- for (i = 0; i < ioblob.count; i++) {
- ioblob.previous->array[i].LastUpdateTime = 0;
- ioblob.previous->array[i].AuthType = 0;
- }
ndr_err = ndr_push_struct_blob(trustauth_blob, mem_ctx,
- &ioblob,
+ iopw,
(ndr_push_flags_fn_t)ndr_push_trustAuthInOutBlob);
if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
return NT_STATUS_INVALID_PARAMETER;
@@ -811,7 +781,7 @@ static NTSTATUS add_trust_user(TALLOC_CTX *mem_ctx,
struct ldb_context *sam_ldb,
struct ldb_dn *base_dn,
const char *netbios_name,
- struct trustCurrentPasswords *in,
+ struct trustAuthInOutBlob *in,
struct ldb_dn **user_dn)
{
struct ldb_message *msg;
@@ -852,16 +822,16 @@ static NTSTATUS add_trust_user(TALLOC_CTX *mem_ctx,
for (i = 0; i < in->count; i++) {
const char *attribute;
struct ldb_val v;
- switch (in->current[i]->AuthType) {
+ switch (in->current.array[i].AuthType) {
case TRUST_AUTH_TYPE_NT4OWF:
attribute = "unicodePwd";
- v.data = (uint8_t *)&in->current[i]->AuthInfo.nt4owf.password;
+ v.data = (uint8_t *)&in->current.array[i].AuthInfo.nt4owf.password;
v.length = 16;
break;
case TRUST_AUTH_TYPE_CLEAR:
attribute = "clearTextPassword";
- v.data = in->current[i]->AuthInfo.clear.password;
- v.length = in->current[i]->AuthInfo.clear.size;
+ v.data = in->current.array[i].AuthInfo.clear.password;
+ v.length = in->current.array[i].AuthInfo.clear.size;
break;
default:
continue;
@@ -1505,7 +1475,7 @@ static NTSTATUS update_trust_user(TALLOC_CTX *mem_ctx,
struct ldb_dn *base_dn,
bool delete_user,
const char *netbios_name,
- struct trustCurrentPasswords *in)
+ struct trustAuthInOutBlob *in)
{
const char *attrs[] = { "userAccountControl", NULL };
struct ldb_message **msgs;
@@ -1564,16 +1534,16 @@ static NTSTATUS update_trust_user(TALLOC_CTX *mem_ctx,
for (i = 0; i < in->count; i++) {
const char *attribute;
struct ldb_val v;
- switch (in->current[i]->AuthType) {
+ switch (in->current.array[i].AuthType) {
case TRUST_AUTH_TYPE_NT4OWF:
attribute = "unicodePwd";
- v.data = (uint8_t *)&in->current[i]->AuthInfo.nt4owf.password;
+ v.data = (uint8_t *)&in->current.array[i].AuthInfo.nt4owf.password;
v.length = 16;
break;
case TRUST_AUTH_TYPE_CLEAR:
attribute = "clearTextPassword";
- v.data = in->current[i]->AuthInfo.clear.password;
- v.length = in->current[i]->AuthInfo.clear.size;
+ v.data = in->current.array[i].AuthInfo.clear.password;
+ v.length = in->current.array[i].AuthInfo.clear.size;
break;
default:
continue;