diff options
39 files changed, 583 insertions, 499 deletions
diff --git a/lib/util/util.h b/lib/util/util.h index c0e87a2705..385a3ae07a 100644 --- a/lib/util/util.h +++ b/lib/util/util.h @@ -21,8 +21,6 @@ #ifndef _SAMBA_UTIL_H_ #define _SAMBA_UTIL_H_ -#include <netinet/in.h> - #if _SAMBA_BUILD_ == 4 #include "../lib/util/charset/charset.h" #endif @@ -842,4 +840,5 @@ bool add_uid_to_array_unique(TALLOC_CTX *mem_ctx, uid_t uid, bool add_gid_to_array_unique(TALLOC_CTX *mem_ctx, gid_t gid, gid_t **gids, size_t *num_gids); + #endif /* _SAMBA_UTIL_H_ */ diff --git a/lib/util/util_net.c b/lib/util/util_net.c index d1dadc2494..0ce495e57c 100644 --- a/lib/util/util_net.c +++ b/lib/util/util_net.c @@ -3,10 +3,11 @@ Samba utility functions Copyright (C) Jelmer Vernooij <jelmer@samba.org> 2008 Copyright (C) Andrew Tridgell 1992-1998 - Copyright (C) Jeremy Allison 2001-2007 + Copyright (C) Jeremy Allison 1992-2007 Copyright (C) Simo Sorce 2001 Copyright (C) Jim McDonough (jmcd@us.ibm.com) 2003. Copyright (C) James J Myers 2003 + Copyright (C) Tim Potter 2000-2001 This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -28,6 +29,17 @@ #include "system/filesys.h" #undef strcasecmp +/******************************************************************* + Set an address to INADDR_ANY. +******************************************************************/ + +void zero_sockaddr(struct sockaddr_storage *pss) +{ + memset(pss, '\0', sizeof(*pss)); + /* Ensure we're at least a valid sockaddr-storage. */ + pss->ss_family = AF_INET; +} + /** * Wrap getaddrinfo... */ @@ -59,6 +71,110 @@ bool interpret_string_addr_internal(struct addrinfo **ppres, return true; } +/******************************************************************* + Map a text hostname or IP address (IPv4 or IPv6) into a + struct sockaddr_storage. Takes a flag which allows it to + prefer an IPv4 address (needed for DC's). +******************************************************************/ + +static bool interpret_string_addr_pref(struct sockaddr_storage *pss, + const char *str, + int flags, + bool prefer_ipv4) +{ + struct addrinfo *res = NULL; +#if defined(HAVE_IPV6) + char addr[INET6_ADDRSTRLEN]; + unsigned int scope_id = 0; + + if (strchr_m(str, ':')) { + char *p = strchr_m(str, '%'); + + /* + * Cope with link-local. + * This is IP:v6:addr%ifname. + */ + + if (p && (p > str) && ((scope_id = if_nametoindex(p+1)) != 0)) { + strlcpy(addr, str, + MIN(PTR_DIFF(p,str)+1, + sizeof(addr))); + str = addr; + } + } +#endif + + zero_sockaddr(pss); + + if (!interpret_string_addr_internal(&res, str, flags|AI_ADDRCONFIG)) { + return false; + } + if (!res) { + return false; + } + + if (prefer_ipv4) { + struct addrinfo *p; + + for (p = res; p; p = p->ai_next) { + if (p->ai_family == AF_INET) { + memcpy(pss, p->ai_addr, p->ai_addrlen); + break; + } + } + if (p == NULL) { + /* Copy the first sockaddr. */ + memcpy(pss, res->ai_addr, res->ai_addrlen); + } + } else { + /* Copy the first sockaddr. */ + memcpy(pss, res->ai_addr, res->ai_addrlen); + } + +#if defined(HAVE_IPV6) + if (pss->ss_family == AF_INET6 && scope_id) { + struct sockaddr_in6 *ps6 = (struct sockaddr_in6 *)pss; + if (IN6_IS_ADDR_LINKLOCAL(&ps6->sin6_addr) && + ps6->sin6_scope_id == 0) { + ps6->sin6_scope_id = scope_id; + } + } +#endif + + freeaddrinfo(res); + return true; +} + +/******************************************************************* + Map a text hostname or IP address (IPv4 or IPv6) into a + struct sockaddr_storage. Address agnostic version. +******************************************************************/ + +bool interpret_string_addr(struct sockaddr_storage *pss, + const char *str, + int flags) +{ + return interpret_string_addr_pref(pss, + str, + flags, + false); +} + +/******************************************************************* + Map a text hostname or IP address (IPv4 or IPv6) into a + struct sockaddr_storage. Version that prefers IPv4. +******************************************************************/ + +bool interpret_string_addr_prefer_ipv4(struct sockaddr_storage *pss, + const char *str, + int flags) +{ + return interpret_string_addr_pref(pss, + str, + flags, + true); +} + /** * Interpret an internet address or name into an IP address in 4 byte form. * RETURNS IN NETWORK BYTE ORDER (big endian). diff --git a/lib/util/util_net.h b/lib/util/util_net.h new file mode 100644 index 0000000000..6eacfc395f --- /dev/null +++ b/lib/util/util_net.h @@ -0,0 +1,46 @@ +/* + Unix SMB/CIFS implementation. + Utility functions for Samba + Copyright (C) Andrew Tridgell 1992-1999 + Copyright (C) Jelmer Vernooij 2005 + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 3 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program. If not, see <http://www.gnu.org/licenses/>. +*/ + +#ifndef _SAMBA_UTIL_NET_H_ +#define _SAMBA_UTIL_NET_H_ + +#include "system/network.h" + +/* The following definitions come from lib/util/util_net.c */ + +void zero_sockaddr(struct sockaddr_storage *pss); + +bool interpret_string_addr_internal(struct addrinfo **ppres, + const char *str, int flags); + +bool interpret_string_addr(struct sockaddr_storage *pss, + const char *str, + int flags); + +/******************************************************************* + Map a text hostname or IP address (IPv4 or IPv6) into a + struct sockaddr_storage. Version that prefers IPv4. +******************************************************************/ + +bool interpret_string_addr_prefer_ipv4(struct sockaddr_storage *pss, + const char *str, + int flags); + +#endif /* _SAMBA_UTIL_NET_H_ */ diff --git a/libcli/nbt/config.mk b/libcli/nbt/config.mk new file mode 100644 index 0000000000..c26118ec50 --- /dev/null +++ b/libcli/nbt/config.mk @@ -0,0 +1,50 @@ +[SUBSYSTEM::NDR_NBT_BUF] + +NDR_NBT_BUF_OBJ_FILES = $(libclinbtsrcdir)/nbtname.o + +$(eval $(call proto_header_template,$(libclinbtsrcdir)/nbtname.h,$(NDR_NBT_BUF_OBJ_FILES:.o=.c))) + +[SUBSYSTEM::LIBCLI_NBT] +PUBLIC_DEPENDENCIES = LIBNDR NDR_NBT LIBCLI_COMPOSITE LIBEVENTS \ + NDR_SECURITY samba_socket LIBSAMBA-UTIL + +LIBCLI_NBT_OBJ_FILES = $(addprefix $(libclinbtsrcdir)/, \ + lmhosts.o \ + nbtsocket.o \ + namequery.o \ + nameregister.o \ + namerefresh.o \ + namerelease.o) + +[BINARY::nmblookup] +INSTALLDIR = BINDIR +PRIVATE_DEPENDENCIES = \ + LIBSAMBA-HOSTCONFIG \ + LIBSAMBA-UTIL \ + LIBCLI_NBT \ + LIBPOPT \ + POPT_SAMBA \ + LIBNETIF \ + LIBCLI_RESOLVE + +nmblookup_OBJ_FILES = $(libclinbtsrcdir)/tools/nmblookup.o +MANPAGES += $(libclinbtsrcdir)/man/nmblookup.1 + +[SUBSYSTEM::LIBCLI_NDR_NETLOGON] +PUBLIC_DEPENDENCIES = LIBNDR \ + NDR_SECURITY + +LIBCLI_NDR_NETLOGON_OBJ_FILES = $(addprefix $(libclinbtsrcdir)/../, ndr_netlogon.o) + +[SUBSYSTEM::LIBCLI_NETLOGON] +PUBLIC_DEPENDENCIES = LIBSAMBA-UTIL LIBCLI_NDR_NETLOGON + +LIBCLI_NETLOGON_OBJ_FILES = $(addprefix $(libclinbtsrcdir)/, \ + ../netlogon.o) + +[PYTHON::python_netbios] +LIBRARY_REALNAME = samba/netbios.$(SHLIBEXT) +PUBLIC_DEPENDENCIES = LIBCLI_NBT DYNCONFIG LIBSAMBA-HOSTCONFIG + +python_netbios_OBJ_FILES = $(libclinbtsrcdir)/pynbt.o + diff --git a/libcli/nbt/lmhosts.c b/libcli/nbt/lmhosts.c new file mode 100644 index 0000000000..11703a27e8 --- /dev/null +++ b/libcli/nbt/lmhosts.c @@ -0,0 +1,157 @@ +/* + Unix SMB/CIFS implementation. + + manipulate nbt name structures + + Copyright (C) Andrew Tridgell 1994-1998 + Copyright (C) Jeremy Allison 2007 + Copyright (C) Andrew Bartlett 2009. + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 3 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program. If not, see <http://www.gnu.org/licenses/>. +*/ + +#include "includes.h" +#include "lib/util/xfile.h" +#include "lib/util/util_net.h" +#include "system/filesys.h" +#include "system/network.h" + +/******************************************************** + Start parsing the lmhosts file. +*********************************************************/ + +XFILE *startlmhosts(const char *fname) +{ + XFILE *fp = x_fopen(fname,O_RDONLY, 0); + if (!fp) { + DEBUG(4,("startlmhosts: Can't open lmhosts file %s. " + "Error was %s\n", + fname, strerror(errno))); + return NULL; + } + return fp; +} + +/******************************************************** + Parse the next line in the lmhosts file. +*********************************************************/ + +bool getlmhostsent(TALLOC_CTX *ctx, XFILE *fp, char **pp_name, int *name_type, + struct sockaddr_storage *pss) +{ + char line[1024]; + + *pp_name = NULL; + + while(!x_feof(fp) && !x_ferror(fp)) { + char *ip = NULL; + char *flags = NULL; + char *extra = NULL; + char *name = NULL; + const char *ptr; + char *ptr1 = NULL; + int count = 0; + + *name_type = -1; + + if (!fgets_slash(line,sizeof(line),fp)) { + continue; + } + + if (*line == '#') { + continue; + } + + ptr = line; + + if (next_token_talloc(ctx, &ptr, &ip, NULL)) + ++count; + if (next_token_talloc(ctx, &ptr, &name, NULL)) + ++count; + if (next_token_talloc(ctx, &ptr, &flags, NULL)) + ++count; + if (next_token_talloc(ctx, &ptr, &extra, NULL)) + ++count; + + if (count <= 0) + continue; + + if (count > 0 && count < 2) { + DEBUG(0,("getlmhostsent: Ill formed hosts line [%s]\n", + line)); + continue; + } + + if (count >= 4) { + DEBUG(0,("getlmhostsent: too many columns " + "in lmhosts file (obsolete syntax)\n")); + continue; + } + + if (!flags) { + flags = talloc_strdup(ctx, ""); + if (!flags) { + continue; + } + } + + DEBUG(4, ("getlmhostsent: lmhost entry: %s %s %s\n", + ip, name, flags)); + + if (strchr_m(flags,'G') || strchr_m(flags,'S')) { + DEBUG(0,("getlmhostsent: group flag " + "in lmhosts ignored (obsolete)\n")); + continue; + } + + if (!interpret_string_addr(pss, ip, AI_NUMERICHOST)) { + DEBUG(0,("getlmhostsent: invalid address " + "%s.\n", ip)); + } + + /* Extra feature. If the name ends in '#XX', + * where XX is a hex number, then only add that name type. */ + if((ptr1 = strchr_m(name, '#')) != NULL) { + char *endptr; + ptr1++; + + *name_type = (int)strtol(ptr1, &endptr, 16); + if(!*ptr1 || (endptr == ptr1)) { + DEBUG(0,("getlmhostsent: invalid name " + "%s containing '#'.\n", name)); + continue; + } + + *(--ptr1) = '\0'; /* Truncate at the '#' */ + } + + *pp_name = talloc_strdup(ctx, name); + if (!*pp_name) { + return false; + } + return true; + } + + return false; +} + +/******************************************************** + Finish parsing the lmhosts file. +*********************************************************/ + +void endlmhosts(XFILE *fp) +{ + x_fclose(fp); +} + diff --git a/librpc/gen_ndr/ndr_ntlmssp.c b/librpc/gen_ndr/ndr_ntlmssp.c index b593d9e7e3..2b4e70e363 100644 --- a/librpc/gen_ndr/ndr_ntlmssp.c +++ b/librpc/gen_ndr/ndr_ntlmssp.c @@ -250,22 +250,6 @@ static enum ndr_err_code ndr_pull_ntlmssp_Version(struct ndr_pull *ndr, int ndr_ return NDR_ERR_SUCCESS; } -_PUBLIC_ void ndr_print_ntlmssp_Version(struct ndr_print *ndr, const char *name, const union ntlmssp_Version *r) -{ - int level; - level = ndr_print_get_switch_value(ndr, r); - ndr_print_union(ndr, name, level, "ntlmssp_Version"); - switch (level) { - case NTLMSSP_NEGOTIATE_VERSION: - ndr_print_VERSION(ndr, "version", &r->version); - break; - - default: - break; - - } -} - _PUBLIC_ enum ndr_err_code ndr_push_NEGOTIATE_MESSAGE(struct ndr_push *ndr, int ndr_flags, const struct NEGOTIATE_MESSAGE *r) { if (ndr_flags & NDR_SCALARS) { diff --git a/librpc/gen_ndr/ndr_ntlmssp.h b/librpc/gen_ndr/ndr_ntlmssp.h index ab095d1cc2..de31c6c83c 100644 --- a/librpc/gen_ndr/ndr_ntlmssp.h +++ b/librpc/gen_ndr/ndr_ntlmssp.h @@ -50,7 +50,6 @@ void ndr_print_LM_RESPONSE(struct ndr_print *ndr, const char *name, const struct enum ndr_err_code ndr_push_LMv2_RESPONSE(struct ndr_push *ndr, int ndr_flags, const struct LMv2_RESPONSE *r); enum ndr_err_code ndr_pull_LMv2_RESPONSE(struct ndr_pull *ndr, int ndr_flags, struct LMv2_RESPONSE *r); void ndr_print_LMv2_RESPONSE(struct ndr_print *ndr, const char *name, const struct LMv2_RESPONSE *r); -void ndr_print_ntlmssp_LM_RESPONSE(struct ndr_print *ndr, const char *name, const union ntlmssp_LM_RESPONSE *r); enum ndr_err_code ndr_push_NTLM_RESPONSE(struct ndr_push *ndr, int ndr_flags, const struct NTLM_RESPONSE *r); enum ndr_err_code ndr_pull_NTLM_RESPONSE(struct ndr_pull *ndr, int ndr_flags, struct NTLM_RESPONSE *r); void ndr_print_NTLM_RESPONSE(struct ndr_print *ndr, const char *name, const struct NTLM_RESPONSE *r); diff --git a/librpc/gen_ndr/ntlmssp.h b/librpc/gen_ndr/ntlmssp.h index 4509915974..5205dce57d 100644 --- a/librpc/gen_ndr/ntlmssp.h +++ b/librpc/gen_ndr/ntlmssp.h @@ -104,7 +104,7 @@ struct VERSION { union ntlmssp_Version { struct VERSION version;/* [case(NTLMSSP_NEGOTIATE_VERSION)] */ -}/* [nodiscriminant] */; +}/* [noprint,nodiscriminant] */; struct NEGOTIATE_MESSAGE { const char *Signature;/* [value("NTLMSSP"),charset(DOS)] */ diff --git a/librpc/idl/ntlmssp.idl b/librpc/idl/ntlmssp.idl index 0bb30bb22e..8cabec33da 100644 --- a/librpc/idl/ntlmssp.idl +++ b/librpc/idl/ntlmssp.idl @@ -18,6 +18,8 @@ interface ntlmssp NtLmAuthenticate = 0x00000003 } ntlmssp_MessageType; + /* [MS-NLMP] 2.2.2.5 NEGOTIATE */ + typedef [bitmap32bit] bitmap { NTLMSSP_NEGOTIATE_UNICODE = 0x00000001, NTLMSSP_NEGOTIATE_OEM = 0x00000002, /* NTLM_NEGOTIATE_OEM in MS-NLMP */ @@ -82,6 +84,8 @@ interface ntlmssp NTLMSSP_REVISION_W2K3 = 0x0F } ntlmssp_NTLMRevisionCurrent; + /* [MS-NLMP] 2.2.2.10 VERSION */ + typedef struct { ntlmssp_WindowsMajorVersion ProductMajorVersion; ntlmssp_WindowsMinorVersion ProductMinorVersion; @@ -90,12 +94,12 @@ interface ntlmssp ntlmssp_NTLMRevisionCurrent NTLMRevisionCurrent; } VERSION; - typedef [nodiscriminant] union { + typedef [noprint,nodiscriminant] union { [case(NTLMSSP_NEGOTIATE_VERSION)] VERSION version; [default]; } ntlmssp_Version; - /* NTLMSSP negotiate message */ + /* [MS-NLMP] 2.2.1.1 NEGOTIATE_MESSAGE */ typedef [public] struct { [charset(DOS),value("NTLMSSP")] uint8 Signature[8]; @@ -124,6 +128,8 @@ interface ntlmssp MsvChannelBindings = 10 } ntlmssp_AvId; + /* [MS-NLMP] 2.2.2.2 Restriction_Encoding */ + typedef struct { uint32 Size; [value(0)] uint32 Z4; @@ -152,6 +158,8 @@ interface ntlmssp [default] [flag(NDR_REMAINING)] DATA_BLOB blob; } ntlmssp_AvValue; + /* [MS-NLMP] 2.2.2.1 AV_PAIR */ + typedef [public,flag(NDR_NOALIGN)] struct { ntlmssp_AvId AvId; [value(ndr_size_ntlmssp_AvValue(&r->Value, r->AvId, ndr->iconv_convenience, 0))] uint16 AvLen; @@ -163,7 +171,7 @@ interface ntlmssp AV_PAIR pair[count]; } AV_PAIR_LIST; - /* NTLMSSP challenge message */ + /* [MS-NLMP] 2.2.1.2 CHALLENGE_MESSAGE */ typedef [public,flag(NDR_PAHEX)] struct { [charset(DOS),value("NTLMSSP")] uint8 Signature[8]; @@ -180,10 +188,14 @@ interface ntlmssp [switch_is(NegotiateFlags & NTLMSSP_NEGOTIATE_VERSION)] ntlmssp_Version Version; } CHALLENGE_MESSAGE; + /* [MS-NLMP] 2.2.2.3 LM_RESPONSE */ + typedef [public,flag(NDR_PAHEX)] struct { uint8 Response[24]; } LM_RESPONSE; + /* [MS-NLMP] 2.2.2.4 LMv2_RESPONSE */ + typedef [public,flag(NDR_PAHEX)] struct { uint8 Response[16]; uint8 ChallengeFromClient[8]; @@ -194,10 +206,14 @@ interface ntlmssp [default]; } ntlmssp_LM_RESPONSE; + /* [MS-NLMP] 2.2.2.6 NTLM_RESPONSE */ + typedef [public,flag(NDR_PAHEX)] struct { uint8 Response[24]; } NTLM_RESPONSE; + /* [MS-NLMP] 2.2.2.7 NTLMv2_CLIENT_CHALLENGE */ + typedef [flag(NDR_PAHEX)] struct { [value(1)] uint8 RespType; [value(1)] uint8 HiRespType; @@ -209,6 +225,8 @@ interface ntlmssp [subcontext(0)] [flag(NDR_REMAINING)] AV_PAIR_LIST AvPairs; } NTLMv2_CLIENT_CHALLENGE; + /* [MS-NLMP] 2.2.2.8 NTLMv2_RESPONSE */ + typedef [public,flag(NDR_PAHEX)] struct { uint8 Response[16]; NTLMv2_CLIENT_CHALLENGE Challenge; @@ -224,7 +242,7 @@ interface ntlmssp uint8 MIC[16]; } MIC; - /* NTLMSSP authenticate message */ + /* [MS-NLMP] 2.2.1.3 AUTHENTICATE_MESSAGE */ typedef [public,flag(NDR_REMAINING)] struct { [charset(DOS),value("NTLMSSP")] uint8 Signature[8]; @@ -260,6 +278,8 @@ interface ntlmssp /* NTLMSSP signature size */ const int NTLMSSP_SIG_SIZE = 16; + /* [MS-NLMP] 2.2.2.9.1 NTLMSSP_MESSAGE_SIGNATURE */ + typedef [public] struct { [value(NTLMSSP_SIGN_VERSION)] uint32 Version; uint32 RandomPad; @@ -267,6 +287,8 @@ interface ntlmssp uint32 SeqNum; } NTLMSSP_MESSAGE_SIGNATURE; + /* [MS-NLMP] 2.2.2.9.2 NTLMSSP_MESSAGE_SIGNATURE for Extended Session Security */ + typedef [public,flag(NDR_PAHEX)] struct { [value(NTLMSSP_SIGN_VERSION)] uint32 Version; uint8 Checksum[8]; diff --git a/librpc/ndr/ndr_ntlmssp.c b/librpc/ndr/ndr_ntlmssp.c index 5c28726f55..4808aa5f5f 100644 --- a/librpc/ndr/ndr_ntlmssp.c +++ b/librpc/ndr/ndr_ntlmssp.c @@ -162,3 +162,20 @@ _PUBLIC_ void ndr_print_ntlmssp_lm_response(TALLOC_CTX *mem_ctx, } } } + +_PUBLIC_ void ndr_print_ntlmssp_Version(struct ndr_print *ndr, const char *name, const union ntlmssp_Version *r) +{ + int level; + level = ndr_print_get_switch_value(ndr, r); + switch (level) { + case NTLMSSP_NEGOTIATE_VERSION: + ndr_print_VERSION(ndr, name, &r->version); + break; + + default: + break; + + } +} + + diff --git a/librpc/ndr/ndr_ntlmssp.h b/librpc/ndr/ndr_ntlmssp.h index 6d76be20ca..b574f15495 100644 --- a/librpc/ndr/ndr_ntlmssp.h +++ b/librpc/ndr/ndr_ntlmssp.h @@ -31,3 +31,5 @@ _PUBLIC_ void ndr_print_ntlmssp_lm_response(TALLOC_CTX *mem_ctx, struct smb_iconv_convenience *ic, const DATA_BLOB *lm_response, bool ntlmv2); +_PUBLIC_ void ndr_print_ntlmssp_Version(struct ndr_print *ndr, const char *name, const union ntlmssp_Version *r); + diff --git a/source3/Makefile.in b/source3/Makefile.in index 1908257c93..a89bbae6ab 100644 --- a/source3/Makefile.in +++ b/source3/Makefile.in @@ -455,7 +455,7 @@ LIBNBT_OBJ = ../libcli/nbt/nbtname.o \ ../librpc/ndr/ndr_svcctl.o LIBNMB_OBJ = libsmb/unexpected.o libsmb/namecache.o libsmb/nmblib.o \ - libsmb/namequery.o libsmb/conncache.o libads/dns.o + libsmb/namequery.o ../libcli/nbt/lmhosts.o libsmb/conncache.o libads/dns.o NTERR_OBJ = libsmb/nterr.o libsmb/smberr.o DOSERR_OBJ = ../libcli/util/doserr.o diff --git a/source3/auth/auth_domain.c b/source3/auth/auth_domain.c index 85210e6f70..7dec6ad84b 100644 --- a/source3/auth/auth_domain.c +++ b/source3/auth/auth_domain.c @@ -177,7 +177,7 @@ static NTSTATUS connect_to_domain_password_server(struct cli_state **cli, /* We also setup the creds chain in the open_schannel call. */ result = cli_rpc_pipe_open_schannel( *cli, &ndr_table_netlogon.syntax_id, NCACN_NP, - PIPE_AUTH_LEVEL_PRIVACY, domain, &netlogon_pipe); + DCERPC_AUTH_LEVEL_PRIVACY, domain, &netlogon_pipe); } else { result = cli_rpc_pipe_open_noauth( *cli, &ndr_table_netlogon.syntax_id, &netlogon_pipe); diff --git a/source3/auth/auth_netlogond.c b/source3/auth/auth_netlogond.c index 3947873aaa..5f4d2f16e3 100644 --- a/source3/auth/auth_netlogond.c +++ b/source3/auth/auth_netlogond.c @@ -47,7 +47,7 @@ static NTSTATUS netlogond_validate(TALLOC_CTX *mem_ctx, } status = rpccli_schannel_bind_data(p, lp_workgroup(), - PIPE_AUTH_LEVEL_PRIVACY, + DCERPC_AUTH_LEVEL_PRIVACY, schannel_key, &auth); if (!NT_STATUS_IS_OK(status)) { DEBUG(10, ("rpccli_schannel_bind_data failed: %s\n", diff --git a/source3/configure.in b/source3/configure.in index 4eaebcab6d..a922e3fb7e 100644 --- a/source3/configure.in +++ b/source3/configure.in @@ -743,7 +743,7 @@ if test x$enable_cups != xno; then ac_save_PRINT_LIBS=$PRINT_LIBS CFLAGS="$CFLAGS `$CUPS_CONFIG --cflags`" LDFLAGS="$LDFLAGS `$CUPS_CONFIG --ldflags`" - PRINT_LIBS="$PRINT_LIBS `$CUPS_CONFIG --libs`" + PRINT_LIBS="-lcups" AC_CHECK_HEADERS(cups/cups.h cups/language.h) if test x"$ac_cv_header_cups_cups_h" = xyes -a \ x"$ac_cv_header_cups_language_h" = xyes; then diff --git a/source3/include/client.h b/source3/include/client.h index 5b64b9be3a..e83927cfe5 100644 --- a/source3/include/client.h +++ b/source3/include/client.h @@ -48,7 +48,7 @@ struct print_job_info { struct cli_pipe_auth_data { enum pipe_auth_type auth_type; /* switch for the union below. Defined in ntdomain.h */ - enum pipe_auth_level auth_level; /* defined in ntdomain.h */ + enum dcerpc_AuthLevel auth_level; /* defined in ntdomain.h */ char *domain; char *user_name; diff --git a/source3/include/includes.h b/source3/include/includes.h index 31dfc00545..d1be3b06a8 100644 --- a/source3/include/includes.h +++ b/source3/include/includes.h @@ -612,6 +612,7 @@ struct smb_iconv_convenience *lp_iconv_convenience(void *lp_ctx); /* Lists, trees, caching, database... */ #include "../lib/util/util.h" +#include "../lib/util/util_net.h" #include "../lib/util/xfile.h" #include "../lib/util/memory.h" #include "../lib/util/attr.h" diff --git a/source3/include/ntdomain.h b/source3/include/ntdomain.h index 53e89a8751..1d303ca64a 100644 --- a/source3/include/ntdomain.h +++ b/source3/include/ntdomain.h @@ -132,13 +132,6 @@ typedef struct pipe_rpc_fns { enum pipe_auth_type { PIPE_AUTH_TYPE_NONE = 0, PIPE_AUTH_TYPE_NTLMSSP, PIPE_AUTH_TYPE_SCHANNEL, PIPE_AUTH_TYPE_SPNEGO_NTLMSSP, PIPE_AUTH_TYPE_KRB5, PIPE_AUTH_TYPE_SPNEGO_KRB5 }; -/* Possible auth levels - keep these in sync with the wire values. */ -enum pipe_auth_level { PIPE_AUTH_LEVEL_NONE = 0, - PIPE_AUTH_LEVEL_CONNECT = 1, /* We treat as NONE. */ - PIPE_AUTH_LEVEL_INTEGRITY = 5, /* Sign. */ - PIPE_AUTH_LEVEL_PRIVACY = 6 /* Seal. */ -}; - /* auth state for krb5. */ struct kerberos_auth_struct { const char *service_principal; @@ -155,7 +148,7 @@ struct schannel_auth_struct { struct pipe_auth_data { enum pipe_auth_type auth_type; /* switch for union below. */ - enum pipe_auth_level auth_level; + enum dcerpc_AuthLevel auth_level; union { struct schannel_auth_struct *schannel_auth; AUTH_NTLMSSP_STATE *auth_ntlmssp_state; diff --git a/source3/include/proto.h b/source3/include/proto.h index 5da13ca0d7..35d1a9929d 100644 --- a/source3/include/proto.h +++ b/source3/include/proto.h @@ -1342,20 +1342,11 @@ NTSTATUS sid_array_from_info3(TALLOC_CTX *mem_ctx, /* The following definitions come from lib/util_sock.c */ -bool interpret_string_addr_internal(struct addrinfo **ppres, - const char *str, int flags); bool is_broadcast_addr(const struct sockaddr *pss); -bool interpret_string_addr(struct sockaddr_storage *pss, - const char *str, - int flags); -bool interpret_string_addr_prefer_ipv4(struct sockaddr_storage *pss, - const char *str, - int flags); bool is_loopback_ip_v4(struct in_addr ip); bool is_loopback_addr(const struct sockaddr *pss); bool is_zero_addr(const struct sockaddr *pss); void zero_ip_v4(struct in_addr *ip); -void zero_sockaddr(struct sockaddr_storage *pss); void in_addr_to_sockaddr_storage(struct sockaddr_storage *ss, struct in_addr ip); bool same_net(const struct sockaddr *ip1, @@ -5300,17 +5291,17 @@ NTSTATUS rpccli_anon_bind_data(TALLOC_CTX *mem_ctx, struct cli_pipe_auth_data **presult); NTSTATUS rpccli_ntlmssp_bind_data(TALLOC_CTX *mem_ctx, enum pipe_auth_type auth_type, - enum pipe_auth_level auth_level, + enum dcerpc_AuthLevel auth_level, const char *domain, const char *username, const char *password, struct cli_pipe_auth_data **presult); NTSTATUS rpccli_schannel_bind_data(TALLOC_CTX *mem_ctx, const char *domain, - enum pipe_auth_level auth_level, + enum dcerpc_AuthLevel auth_level, const uint8_t sess_key[16], struct cli_pipe_auth_data **presult); NTSTATUS rpccli_kerberos_bind_data(TALLOC_CTX *mem_ctx, - enum pipe_auth_level auth_level, + enum dcerpc_AuthLevel auth_level, const char *service_princ, const char *username, const char *password, @@ -5335,7 +5326,7 @@ NTSTATUS cli_rpc_pipe_open_noauth_transport(struct cli_state *cli, NTSTATUS cli_rpc_pipe_open_ntlmssp(struct cli_state *cli, const struct ndr_syntax_id *interface, enum dcerpc_transport_t transport, - enum pipe_auth_level auth_level, + enum dcerpc_AuthLevel auth_level, const char *domain, const char *username, const char *password, @@ -5343,7 +5334,7 @@ NTSTATUS cli_rpc_pipe_open_ntlmssp(struct cli_state *cli, NTSTATUS cli_rpc_pipe_open_spnego_ntlmssp(struct cli_state *cli, const struct ndr_syntax_id *interface, enum dcerpc_transport_t transport, - enum pipe_auth_level auth_level, + enum dcerpc_AuthLevel auth_level, const char *domain, const char *username, const char *password, @@ -5355,14 +5346,14 @@ NTSTATUS get_schannel_session_key(struct cli_state *cli, NTSTATUS cli_rpc_pipe_open_schannel_with_key(struct cli_state *cli, const struct ndr_syntax_id *interface, enum dcerpc_transport_t transport, - enum pipe_auth_level auth_level, + enum dcerpc_AuthLevel auth_level, const char *domain, struct netlogon_creds_CredentialState **pdc, struct rpc_pipe_client **presult); NTSTATUS cli_rpc_pipe_open_ntlmssp_auth_schannel(struct cli_state *cli, const struct ndr_syntax_id *interface, enum dcerpc_transport_t transport, - enum pipe_auth_level auth_level, + enum dcerpc_AuthLevel auth_level, const char *domain, const char *username, const char *password, @@ -5370,12 +5361,12 @@ NTSTATUS cli_rpc_pipe_open_ntlmssp_auth_schannel(struct cli_state *cli, NTSTATUS cli_rpc_pipe_open_schannel(struct cli_state *cli, const struct ndr_syntax_id *interface, enum dcerpc_transport_t transport, - enum pipe_auth_level auth_level, + enum dcerpc_AuthLevel auth_level, const char *domain, struct rpc_pipe_client **presult); NTSTATUS cli_rpc_pipe_open_krb5(struct cli_state *cli, const struct ndr_syntax_id *interface, - enum pipe_auth_level auth_level, + enum dcerpc_AuthLevel auth_level, const char *service_princ, const char *username, const char *password, @@ -5715,11 +5706,11 @@ bool prs_uint16s(bool charmode, const char *name, prs_struct *ps, int depth, uin bool prs_uint32s(bool charmode, const char *name, prs_struct *ps, int depth, uint32 *data32s, int len); bool prs_unistr(const char *name, prs_struct *ps, int depth, UNISTR *str); bool prs_string(const char *name, prs_struct *ps, int depth, char *str, int max_buf_size); -void schannel_encode(struct schannel_auth_struct *a, enum pipe_auth_level auth_level, +void schannel_encode(struct schannel_auth_struct *a, enum dcerpc_AuthLevel auth_level, enum schannel_direction direction, struct NL_AUTH_SIGNATURE *verf, char *data, size_t data_len); -bool schannel_decode(struct schannel_auth_struct *a, enum pipe_auth_level auth_level, +bool schannel_decode(struct schannel_auth_struct *a, enum dcerpc_AuthLevel auth_level, enum schannel_direction direction, struct NL_AUTH_SIGNATURE *verf, char *data, size_t data_len); bool prs_init_data_blob(prs_struct *prs, DATA_BLOB *blob, TALLOC_CTX *mem_ctx); diff --git a/source3/include/rpc_dce.h b/source3/include/rpc_dce.h index 7992658a72..fc2d8809b9 100644 --- a/source3/include/rpc_dce.h +++ b/source3/include/rpc_dce.h @@ -53,31 +53,6 @@ enum RPC_PKT_TYPE { #define RPC_FLG_LAST 0x02 #define RPC_FLG_NOCALL 0x20 - -#define SMBD_NTLMSSP_NEG_FLAGS 0x000082b1 /* ALWAYS_SIGN|NEG_NTLM|NEG_LM|NEG_SEAL|NEG_SIGN|NEG_UNICODE */ - -/* DCE RPC auth types - extended by Microsoft. */ -#define RPC_ANONYMOUS_AUTH_TYPE 0 -#define RPC_AUTH_TYPE_KRB5_1 1 -#define RPC_SPNEGO_AUTH_TYPE 9 -#define RPC_NTLMSSP_AUTH_TYPE 10 -#define RPC_KRB5_AUTH_TYPE 16 /* Not yet implemented. */ -#define RPC_SCHANNEL_AUTH_TYPE 68 /* 0x44 */ - -/* DCE-RPC standard identifiers to indicate - signing or sealing of an RPC pipe */ -#define RPC_AUTH_LEVEL_NONE 1 -#define RPC_AUTH_LEVEL_CONNECT 2 -#define RPC_AUTH_LEVEL_CALL 3 -#define RPC_AUTH_LEVEL_PACKET 4 -#define RPC_AUTH_LEVEL_INTEGRITY 5 -#define RPC_AUTH_LEVEL_PRIVACY 6 - -#if 0 -#define RPC_PIPE_AUTH_SIGN_LEVEL 0x5 -#define RPC_PIPE_AUTH_SEAL_LEVEL 0x6 -#endif - /* Netlogon schannel auth type and level */ #define SCHANNEL_SIGN_SIGNATURE { 0x77, 0x00, 0xff, 0xff, 0xff, 0xff, 0x00, 0x00 } #define SCHANNEL_SEAL_SIGNATURE { 0x77, 0x00, 0x7a, 0x00, 0xff, 0xff, 0x00, 0x00 } @@ -174,15 +149,6 @@ typedef struct rpc_hdr_auth_info { #define RPC_HDR_AUTH_LEN 8 -/* attached to the end of encrypted rpc requests and responses */ -/* RPC_AUTH_SCHANNEL_CHK */ -typedef struct rpc_auth_schannel_chk_info { - uint8 sig [8]; /* 77 00 7a 00 ff ff 00 00 */ - uint8 packet_digest[8]; /* checksum over the packet, MD5'ed with session key */ - uint8 seq_num[8]; /* verifier, seq num */ - uint8 confounder[8]; /* random 8-byte nonce */ -} RPC_AUTH_SCHANNEL_CHK; - typedef struct rpc_context { uint16 context_id; /* presentation context identifier. */ uint8 num_transfer_syntaxes; /* the number of syntaxes */ diff --git a/source3/lib/util_sock.c b/source3/lib/util_sock.c index 6cc2e53811..08cbced1e5 100644 --- a/source3/lib/util_sock.c +++ b/source3/lib/util_sock.c @@ -21,121 +21,6 @@ #include "includes.h" -/******************************************************************* - Map a text hostname or IP address (IPv4 or IPv6) into a - struct sockaddr_storage. Takes a flag which allows it to - prefer an IPv4 address (needed for DC's). -******************************************************************/ - -static bool interpret_string_addr_pref(struct sockaddr_storage *pss, - const char *str, - int flags, - bool prefer_ipv4) -{ - struct addrinfo *res = NULL; -#if defined(HAVE_IPV6) - char addr[INET6_ADDRSTRLEN]; - unsigned int scope_id = 0; - - if (strchr_m(str, ':')) { - char *p = strchr_m(str, '%'); - - /* - * Cope with link-local. - * This is IP:v6:addr%ifname. - */ - - if (p && (p > str) && ((scope_id = if_nametoindex(p+1)) != 0)) { - strlcpy(addr, str, - MIN(PTR_DIFF(p,str)+1, - sizeof(addr))); - str = addr; - } - } -#endif - - zero_sockaddr(pss); - - if (!interpret_string_addr_internal(&res, str, flags|AI_ADDRCONFIG)) { - return false; - } - if (!res) { - return false; - } - - if (prefer_ipv4) { - struct addrinfo *p; - - for (p = res; p; p = p->ai_next) { - if (p->ai_family == AF_INET) { - memcpy(pss, p->ai_addr, p->ai_addrlen); - break; - } - } - if (p == NULL) { - /* Copy the first sockaddr. */ - memcpy(pss, res->ai_addr, res->ai_addrlen); - } - } else { - /* Copy the first sockaddr. */ - memcpy(pss, res->ai_addr, res->ai_addrlen); - } - -#if defined(HAVE_IPV6) - if (pss->ss_family == AF_INET6 && scope_id) { - struct sockaddr_in6 *ps6 = (struct sockaddr_in6 *)pss; - if (IN6_IS_ADDR_LINKLOCAL(&ps6->sin6_addr) && - ps6->sin6_scope_id == 0) { - ps6->sin6_scope_id = scope_id; - } - } -#endif - - freeaddrinfo(res); - return true; -} - -/******************************************************************* - Map a text hostname or IP address (IPv4 or IPv6) into a - struct sockaddr_storage. Address agnostic version. -******************************************************************/ - -bool interpret_string_addr(struct sockaddr_storage *pss, - const char *str, - int flags) -{ - return interpret_string_addr_pref(pss, - str, - flags, - false); -} - -/******************************************************************* - Map a text hostname or IP address (IPv4 or IPv6) into a - struct sockaddr_storage. Version that prefers IPv4. -******************************************************************/ - -bool interpret_string_addr_prefer_ipv4(struct sockaddr_storage *pss, - const char *str, - int flags) -{ - return interpret_string_addr_pref(pss, - str, - flags, - true); -} - -/******************************************************************* - Set an address to INADDR_ANY. -******************************************************************/ - -void zero_sockaddr(struct sockaddr_storage *pss) -{ - memset(pss, '\0', sizeof(*pss)); - /* Ensure we're at least a valid sockaddr-storage. */ - pss->ss_family = AF_INET; -} - /**************************************************************************** Get a port number in host byte order from a sockaddr_storage. ****************************************************************************/ diff --git a/source3/libnet/libnet_join.c b/source3/libnet/libnet_join.c index 7794e0367a..5315fccff6 100644 --- a/source3/libnet/libnet_join.c +++ b/source3/libnet/libnet_join.c @@ -1136,7 +1136,7 @@ NTSTATUS libnet_join_ok(const char *netbios_domain_name, status = cli_rpc_pipe_open_schannel_with_key( cli, &ndr_table_netlogon.syntax_id, NCACN_NP, - PIPE_AUTH_LEVEL_PRIVACY, + DCERPC_AUTH_LEVEL_PRIVACY, netbios_domain_name, &netlogon_pipe->dc, &pipe_hnd); cli_shutdown(cli); diff --git a/source3/libsmb/namequery.c b/source3/libsmb/namequery.c index 1a641ac791..930f0a54f4 100644 --- a/source3/libsmb/namequery.c +++ b/source3/libsmb/namequery.c @@ -847,134 +847,6 @@ struct sockaddr_storage *name_query(int fd, } /******************************************************** - Start parsing the lmhosts file. -*********************************************************/ - -XFILE *startlmhosts(const char *fname) -{ - XFILE *fp = x_fopen(fname,O_RDONLY, 0); - if (!fp) { - DEBUG(4,("startlmhosts: Can't open lmhosts file %s. " - "Error was %s\n", - fname, strerror(errno))); - return NULL; - } - return fp; -} - -/******************************************************** - Parse the next line in the lmhosts file. -*********************************************************/ - -bool getlmhostsent(TALLOC_CTX *ctx, XFILE *fp, char **pp_name, int *name_type, - struct sockaddr_storage *pss) -{ - char line[1024]; - - *pp_name = NULL; - - while(!x_feof(fp) && !x_ferror(fp)) { - char *ip = NULL; - char *flags = NULL; - char *extra = NULL; - char *name = NULL; - const char *ptr; - char *ptr1 = NULL; - int count = 0; - - *name_type = -1; - - if (!fgets_slash(line,sizeof(line),fp)) { - continue; - } - - if (*line == '#') { - continue; - } - - ptr = line; - - if (next_token_talloc(ctx, &ptr, &ip, NULL)) - ++count; - if (next_token_talloc(ctx, &ptr, &name, NULL)) - ++count; - if (next_token_talloc(ctx, &ptr, &flags, NULL)) - ++count; - if (next_token_talloc(ctx, &ptr, &extra, NULL)) - ++count; - - if (count <= 0) - continue; - - if (count > 0 && count < 2) { - DEBUG(0,("getlmhostsent: Ill formed hosts line [%s]\n", - line)); - continue; - } - - if (count >= 4) { - DEBUG(0,("getlmhostsent: too many columns " - "in lmhosts file (obsolete syntax)\n")); - continue; - } - - if (!flags) { - flags = talloc_strdup(ctx, ""); - if (!flags) { - continue; - } - } - - DEBUG(4, ("getlmhostsent: lmhost entry: %s %s %s\n", - ip, name, flags)); - - if (strchr_m(flags,'G') || strchr_m(flags,'S')) { - DEBUG(0,("getlmhostsent: group flag " - "in lmhosts ignored (obsolete)\n")); - continue; - } - - if (!interpret_string_addr(pss, ip, AI_NUMERICHOST)) { - DEBUG(0,("getlmhostsent: invalid address " - "%s.\n", ip)); - } - - /* Extra feature. If the name ends in '#XX', - * where XX is a hex number, then only add that name type. */ - if((ptr1 = strchr_m(name, '#')) != NULL) { - char *endptr; - ptr1++; - - *name_type = (int)strtol(ptr1, &endptr, 16); - if(!*ptr1 || (endptr == ptr1)) { - DEBUG(0,("getlmhostsent: invalid name " - "%s containing '#'.\n", name)); - continue; - } - - *(--ptr1) = '\0'; /* Truncate at the '#' */ - } - - *pp_name = talloc_strdup(ctx, name); - if (!*pp_name) { - return false; - } - return true; - } - - return false; -} - -/******************************************************** - Finish parsing the lmhosts file. -*********************************************************/ - -void endlmhosts(XFILE *fp) -{ - x_fclose(fp); -} - -/******************************************************** convert an array if struct sockaddr_storage to struct ip_service return false on failure. Port is set to PORT_NONE; *********************************************************/ diff --git a/source3/libsmb/passchange.c b/source3/libsmb/passchange.c index ab951618fe..570a048502 100644 --- a/source3/libsmb/passchange.c +++ b/source3/libsmb/passchange.c @@ -177,7 +177,7 @@ NTSTATUS remote_password_change(const char *remote_machine, const char *user_nam result = cli_rpc_pipe_open_ntlmssp(cli, &ndr_table_samr.syntax_id, NCACN_NP, - PIPE_AUTH_LEVEL_PRIVACY, + DCERPC_AUTH_LEVEL_PRIVACY, domain, user, old_passwd, &pipe_hnd); diff --git a/source3/rpc_client/cli_pipe.c b/source3/rpc_client/cli_pipe.c index ab9b5fee33..a667a9fb13 100644 --- a/source3/rpc_client/cli_pipe.c +++ b/source3/rpc_client/cli_pipe.c @@ -123,20 +123,20 @@ static int map_pipe_auth_type_to_rpc_auth_type(enum pipe_auth_type auth_type) switch (auth_type) { case PIPE_AUTH_TYPE_NONE: - return RPC_ANONYMOUS_AUTH_TYPE; + return DCERPC_AUTH_TYPE_NONE; case PIPE_AUTH_TYPE_NTLMSSP: - return RPC_NTLMSSP_AUTH_TYPE; + return DCERPC_AUTH_TYPE_NTLMSSP; case PIPE_AUTH_TYPE_SPNEGO_NTLMSSP: case PIPE_AUTH_TYPE_SPNEGO_KRB5: - return RPC_SPNEGO_AUTH_TYPE; + return DCERPC_AUTH_TYPE_SPNEGO; case PIPE_AUTH_TYPE_SCHANNEL: - return RPC_SCHANNEL_AUTH_TYPE; + return DCERPC_AUTH_TYPE_SCHANNEL; case PIPE_AUTH_TYPE_KRB5: - return RPC_KRB5_AUTH_TYPE; + return DCERPC_AUTH_TYPE_KRB5; default: DEBUG(0,("map_pipe_auth_type_to_rpc_type: unknown pipe " @@ -559,8 +559,8 @@ static NTSTATUS cli_pipe_verify_ntlmssp(struct rpc_pipe_client *cli, RPC_HDR *pr DATA_BLOB auth_blob; NTSTATUS status; - if (cli->auth->auth_level == PIPE_AUTH_LEVEL_NONE - || cli->auth->auth_level == PIPE_AUTH_LEVEL_CONNECT) { + if (cli->auth->auth_level == DCERPC_AUTH_LEVEL_NONE + || cli->auth->auth_level == DCERPC_AUTH_LEVEL_CONNECT) { return NT_STATUS_OK; } @@ -605,7 +605,7 @@ static NTSTATUS cli_pipe_verify_ntlmssp(struct rpc_pipe_client *cli, RPC_HDR *pr auth_blob.length = auth_len; switch (cli->auth->auth_level) { - case PIPE_AUTH_LEVEL_PRIVACY: + case DCERPC_AUTH_LEVEL_PRIVACY: /* Data is encrypted. */ status = ntlmssp_unseal_packet(ntlmssp_state, data, data_len, @@ -620,7 +620,7 @@ static NTSTATUS cli_pipe_verify_ntlmssp(struct rpc_pipe_client *cli, RPC_HDR *pr return status; } break; - case PIPE_AUTH_LEVEL_INTEGRITY: + case DCERPC_AUTH_LEVEL_INTEGRITY: /* Data is signed. */ status = ntlmssp_check_packet(ntlmssp_state, data, data_len, @@ -679,8 +679,8 @@ static NTSTATUS cli_pipe_verify_schannel(struct rpc_pipe_client *cli, RPC_HDR *p enum ndr_err_code ndr_err; DATA_BLOB blob; - if (cli->auth->auth_level == PIPE_AUTH_LEVEL_NONE - || cli->auth->auth_level == PIPE_AUTH_LEVEL_CONNECT) { + if (cli->auth->auth_level == DCERPC_AUTH_LEVEL_NONE + || cli->auth->auth_level == DCERPC_AUTH_LEVEL_CONNECT) { return NT_STATUS_OK; } @@ -714,7 +714,7 @@ static NTSTATUS cli_pipe_verify_schannel(struct rpc_pipe_client *cli, RPC_HDR *p return NT_STATUS_BUFFER_TOO_SMALL; } - if (auth_info.auth_type != RPC_SCHANNEL_AUTH_TYPE) { + if (auth_info.auth_type != DCERPC_AUTH_TYPE_SCHANNEL) { DEBUG(0,("cli_pipe_verify_schannel: Invalid auth info %d on schannel\n", auth_info.auth_type)); return NT_STATUS_BUFFER_TOO_SMALL; @@ -1470,7 +1470,7 @@ static NTSTATUS rpc_api_pipe_recv(struct tevent_req *req, TALLOC_CTX *mem_ctx, ********************************************************************/ static NTSTATUS create_krb5_auth_bind_req( struct rpc_pipe_client *cli, - enum pipe_auth_level auth_level, + enum dcerpc_AuthLevel auth_level, RPC_HDR_AUTH *pauth_out, prs_struct *auth_data) { @@ -1481,7 +1481,7 @@ static NTSTATUS create_krb5_auth_bind_req( struct rpc_pipe_client *cli, DATA_BLOB tkt_wrapped = data_blob_null; /* We may change the pad length before marshalling. */ - init_rpc_hdr_auth(pauth_out, RPC_KRB5_AUTH_TYPE, (int)auth_level, 0, 1); + init_rpc_hdr_auth(pauth_out, DCERPC_AUTH_TYPE_KRB5, (int)auth_level, 0, 1); DEBUG(5, ("create_krb5_auth_bind_req: creating a service ticket for principal %s\n", a->service_principal )); @@ -1529,7 +1529,7 @@ static NTSTATUS create_krb5_auth_bind_req( struct rpc_pipe_client *cli, ********************************************************************/ static NTSTATUS create_spnego_ntlmssp_auth_rpc_bind_req( struct rpc_pipe_client *cli, - enum pipe_auth_level auth_level, + enum dcerpc_AuthLevel auth_level, RPC_HDR_AUTH *pauth_out, prs_struct *auth_data) { @@ -1539,7 +1539,7 @@ static NTSTATUS create_spnego_ntlmssp_auth_rpc_bind_req( struct rpc_pipe_client DATA_BLOB spnego_msg = data_blob_null; /* We may change the pad length before marshalling. */ - init_rpc_hdr_auth(pauth_out, RPC_SPNEGO_AUTH_TYPE, (int)auth_level, 0, 1); + init_rpc_hdr_auth(pauth_out, DCERPC_AUTH_TYPE_SPNEGO, (int)auth_level, 0, 1); DEBUG(5, ("create_spnego_ntlmssp_auth_rpc_bind_req: Processing NTLMSSP Negotiate\n")); nt_status = ntlmssp_update(cli->auth->a_u.ntlmssp_state, @@ -1576,7 +1576,7 @@ static NTSTATUS create_spnego_ntlmssp_auth_rpc_bind_req( struct rpc_pipe_client ********************************************************************/ static NTSTATUS create_ntlmssp_auth_rpc_bind_req( struct rpc_pipe_client *cli, - enum pipe_auth_level auth_level, + enum dcerpc_AuthLevel auth_level, RPC_HDR_AUTH *pauth_out, prs_struct *auth_data) { @@ -1585,7 +1585,7 @@ static NTSTATUS create_ntlmssp_auth_rpc_bind_req( struct rpc_pipe_client *cli, DATA_BLOB request = data_blob_null; /* We may change the pad length before marshalling. */ - init_rpc_hdr_auth(pauth_out, RPC_NTLMSSP_AUTH_TYPE, (int)auth_level, 0, 1); + init_rpc_hdr_auth(pauth_out, DCERPC_AUTH_TYPE_NTLMSSP, (int)auth_level, 0, 1); DEBUG(5, ("create_ntlmssp_auth_rpc_bind_req: Processing NTLMSSP Negotiate\n")); nt_status = ntlmssp_update(cli->auth->a_u.ntlmssp_state, @@ -1617,7 +1617,7 @@ static NTSTATUS create_ntlmssp_auth_rpc_bind_req( struct rpc_pipe_client *cli, ********************************************************************/ static NTSTATUS create_schannel_auth_rpc_bind_req( struct rpc_pipe_client *cli, - enum pipe_auth_level auth_level, + enum dcerpc_AuthLevel auth_level, RPC_HDR_AUTH *pauth_out, prs_struct *auth_data) { @@ -1626,7 +1626,7 @@ static NTSTATUS create_schannel_auth_rpc_bind_req( struct rpc_pipe_client *cli, DATA_BLOB blob; /* We may change the pad length before marshalling. */ - init_rpc_hdr_auth(pauth_out, RPC_SCHANNEL_AUTH_TYPE, (int)auth_level, 0, 1); + init_rpc_hdr_auth(pauth_out, DCERPC_AUTH_TYPE_SCHANNEL, (int)auth_level, 0, 1); /* Use lp_workgroup() if domain not specified */ @@ -1760,7 +1760,7 @@ static NTSTATUS create_rpc_bind_req(struct rpc_pipe_client *cli, const struct ndr_syntax_id *abstract, const struct ndr_syntax_id *transfer, enum pipe_auth_type auth_type, - enum pipe_auth_level auth_level) + enum dcerpc_AuthLevel auth_level) { RPC_HDR_AUTH hdr_auth; prs_struct auth_info; @@ -1856,7 +1856,7 @@ static NTSTATUS add_ntlmssp_auth_footer(struct rpc_pipe_client *cli, } switch (cli->auth->auth_level) { - case PIPE_AUTH_LEVEL_PRIVACY: + case DCERPC_AUTH_LEVEL_PRIVACY: /* Data portion is encrypted. */ status = ntlmssp_seal_packet(cli->auth->a_u.ntlmssp_state, (unsigned char *)prs_data_p(outgoing_pdu) + RPC_HEADER_LEN + RPC_HDR_RESP_LEN, @@ -1870,7 +1870,7 @@ static NTSTATUS add_ntlmssp_auth_footer(struct rpc_pipe_client *cli, } break; - case PIPE_AUTH_LEVEL_INTEGRITY: + case DCERPC_AUTH_LEVEL_INTEGRITY: /* Data is signed. */ status = ntlmssp_sign_packet(cli->auth->a_u.ntlmssp_state, (unsigned char *)prs_data_p(outgoing_pdu) + RPC_HEADER_LEN + RPC_HDR_RESP_LEN, @@ -1938,8 +1938,8 @@ static NTSTATUS add_schannel_auth_footer(struct rpc_pipe_client *cli, } switch (cli->auth->auth_level) { - case PIPE_AUTH_LEVEL_PRIVACY: - case PIPE_AUTH_LEVEL_INTEGRITY: + case DCERPC_AUTH_LEVEL_PRIVACY: + case DCERPC_AUTH_LEVEL_INTEGRITY: DEBUG(10,("add_schannel_auth_footer: SCHANNEL seq_num=%d\n", sas->seq_num)); @@ -1998,8 +1998,8 @@ static uint32 calculate_data_len_tosend(struct rpc_pipe_client *cli, #endif switch (cli->auth->auth_level) { - case PIPE_AUTH_LEVEL_NONE: - case PIPE_AUTH_LEVEL_CONNECT: + case DCERPC_AUTH_LEVEL_NONE: + case DCERPC_AUTH_LEVEL_CONNECT: data_space = cli->max_xmit_frag - RPC_HEADER_LEN - RPC_HDR_REQ_LEN; data_len = MIN(data_space, data_left); *p_ss_padding = 0; @@ -2007,8 +2007,8 @@ static uint32 calculate_data_len_tosend(struct rpc_pipe_client *cli, *p_frag_len = RPC_HEADER_LEN + RPC_HDR_REQ_LEN + data_len; return data_len; - case PIPE_AUTH_LEVEL_INTEGRITY: - case PIPE_AUTH_LEVEL_PRIVACY: + case DCERPC_AUTH_LEVEL_INTEGRITY: + case DCERPC_AUTH_LEVEL_PRIVACY: /* Treat the same for all authenticated rpc requests. */ switch(cli->auth->auth_type) { case PIPE_AUTH_TYPE_SPNEGO_NTLMSSP: @@ -2404,7 +2404,7 @@ static bool check_bind_response(RPC_HDR_BA *hdr_ba, static NTSTATUS create_rpc_bind_auth3(struct rpc_pipe_client *cli, uint32 rpc_call_id, enum pipe_auth_type auth_type, - enum pipe_auth_level auth_level, + enum dcerpc_AuthLevel auth_level, DATA_BLOB *pauth_blob, prs_struct *rpc_out) { @@ -2464,7 +2464,7 @@ static NTSTATUS create_rpc_bind_auth3(struct rpc_pipe_client *cli, static NTSTATUS create_rpc_alter_context(uint32 rpc_call_id, const struct ndr_syntax_id *abstract, const struct ndr_syntax_id *transfer, - enum pipe_auth_level auth_level, + enum dcerpc_AuthLevel auth_level, const DATA_BLOB *pauth_blob, /* spnego auth blob already created. */ prs_struct *rpc_out) { @@ -2477,7 +2477,7 @@ static NTSTATUS create_rpc_alter_context(uint32 rpc_call_id, return NT_STATUS_NO_MEMORY; /* We may change the pad length before marshalling. */ - init_rpc_hdr_auth(&hdr_auth, RPC_SPNEGO_AUTH_TYPE, (int)auth_level, 0, 1); + init_rpc_hdr_auth(&hdr_auth, DCERPC_AUTH_TYPE_SPNEGO, (int)auth_level, 0, 1); if (pauth_blob->length) { if (!prs_copy_data_in(&auth_info, (const char *)pauth_blob->data, pauth_blob->length)) { @@ -2980,7 +2980,7 @@ NTSTATUS rpccli_anon_bind_data(TALLOC_CTX *mem_ctx, } result->auth_type = PIPE_AUTH_TYPE_NONE; - result->auth_level = PIPE_AUTH_LEVEL_NONE; + result->auth_level = DCERPC_AUTH_LEVEL_NONE; result->user_name = talloc_strdup(result, ""); result->domain = talloc_strdup(result, ""); @@ -3001,7 +3001,7 @@ static int cli_auth_ntlmssp_data_destructor(struct cli_pipe_auth_data *auth) NTSTATUS rpccli_ntlmssp_bind_data(TALLOC_CTX *mem_ctx, enum pipe_auth_type auth_type, - enum pipe_auth_level auth_level, + enum dcerpc_AuthLevel auth_level, const char *domain, const char *username, const char *password, @@ -3053,9 +3053,9 @@ NTSTATUS rpccli_ntlmssp_bind_data(TALLOC_CTX *mem_ctx, result->a_u.ntlmssp_state->neg_flags &= ~(NTLMSSP_NEGOTIATE_SIGN | NTLMSSP_NEGOTIATE_SEAL); - if (auth_level == PIPE_AUTH_LEVEL_INTEGRITY) { + if (auth_level == DCERPC_AUTH_LEVEL_INTEGRITY) { result->a_u.ntlmssp_state->neg_flags |= NTLMSSP_NEGOTIATE_SIGN; - } else if (auth_level == PIPE_AUTH_LEVEL_PRIVACY) { + } else if (auth_level == DCERPC_AUTH_LEVEL_PRIVACY) { result->a_u.ntlmssp_state->neg_flags |= NTLMSSP_NEGOTIATE_SEAL | NTLMSSP_NEGOTIATE_SIGN; } @@ -3069,7 +3069,7 @@ NTSTATUS rpccli_ntlmssp_bind_data(TALLOC_CTX *mem_ctx, } NTSTATUS rpccli_schannel_bind_data(TALLOC_CTX *mem_ctx, const char *domain, - enum pipe_auth_level auth_level, + enum dcerpc_AuthLevel auth_level, const uint8_t sess_key[16], struct cli_pipe_auth_data **presult) { @@ -3116,7 +3116,7 @@ static int cli_auth_kerberos_data_destructor(struct kerberos_auth_struct *auth) #endif NTSTATUS rpccli_kerberos_bind_data(TALLOC_CTX *mem_ctx, - enum pipe_auth_level auth_level, + enum dcerpc_AuthLevel auth_level, const char *service_princ, const char *username, const char *password, @@ -3702,7 +3702,7 @@ static NTSTATUS cli_rpc_pipe_open_ntlmssp_internal(struct cli_state *cli, const struct ndr_syntax_id *interface, enum dcerpc_transport_t transport, enum pipe_auth_type auth_type, - enum pipe_auth_level auth_level, + enum dcerpc_AuthLevel auth_level, const char *domain, const char *username, const char *password, @@ -3755,7 +3755,7 @@ static NTSTATUS cli_rpc_pipe_open_ntlmssp_internal(struct cli_state *cli, NTSTATUS cli_rpc_pipe_open_ntlmssp(struct cli_state *cli, const struct ndr_syntax_id *interface, enum dcerpc_transport_t transport, - enum pipe_auth_level auth_level, + enum dcerpc_AuthLevel auth_level, const char *domain, const char *username, const char *password, @@ -3780,7 +3780,7 @@ NTSTATUS cli_rpc_pipe_open_ntlmssp(struct cli_state *cli, NTSTATUS cli_rpc_pipe_open_spnego_ntlmssp(struct cli_state *cli, const struct ndr_syntax_id *interface, enum dcerpc_transport_t transport, - enum pipe_auth_level auth_level, + enum dcerpc_AuthLevel auth_level, const char *domain, const char *username, const char *password, @@ -3889,7 +3889,7 @@ NTSTATUS get_schannel_session_key(struct cli_state *cli, NTSTATUS cli_rpc_pipe_open_schannel_with_key(struct cli_state *cli, const struct ndr_syntax_id *interface, enum dcerpc_transport_t transport, - enum pipe_auth_level auth_level, + enum dcerpc_AuthLevel auth_level, const char *domain, struct netlogon_creds_CredentialState **pdc, struct rpc_pipe_client **presult) @@ -3959,7 +3959,7 @@ static NTSTATUS get_schannel_session_key_auth_ntlmssp(struct cli_state *cli, status = cli_rpc_pipe_open_spnego_ntlmssp( cli, &ndr_table_netlogon.syntax_id, NCACN_NP, - PIPE_AUTH_LEVEL_PRIVACY, + DCERPC_AUTH_LEVEL_PRIVACY, domain, username, password, &netlogon_pipe); if (!NT_STATUS_IS_OK(status)) { return status; @@ -3985,7 +3985,7 @@ static NTSTATUS get_schannel_session_key_auth_ntlmssp(struct cli_state *cli, NTSTATUS cli_rpc_pipe_open_ntlmssp_auth_schannel(struct cli_state *cli, const struct ndr_syntax_id *interface, enum dcerpc_transport_t transport, - enum pipe_auth_level auth_level, + enum dcerpc_AuthLevel auth_level, const char *domain, const char *username, const char *password, @@ -4026,7 +4026,7 @@ NTSTATUS cli_rpc_pipe_open_ntlmssp_auth_schannel(struct cli_state *cli, NTSTATUS cli_rpc_pipe_open_schannel(struct cli_state *cli, const struct ndr_syntax_id *interface, enum dcerpc_transport_t transport, - enum pipe_auth_level auth_level, + enum dcerpc_AuthLevel auth_level, const char *domain, struct rpc_pipe_client **presult) { @@ -4066,7 +4066,7 @@ NTSTATUS cli_rpc_pipe_open_schannel(struct cli_state *cli, NTSTATUS cli_rpc_pipe_open_krb5(struct cli_state *cli, const struct ndr_syntax_id *interface, - enum pipe_auth_level auth_level, + enum dcerpc_AuthLevel auth_level, const char *service_princ, const char *username, const char *password, diff --git a/source3/rpc_parse/parse_prs.c b/source3/rpc_parse/parse_prs.c index c5c0c02090..09263b45d4 100644 --- a/source3/rpc_parse/parse_prs.c +++ b/source3/rpc_parse/parse_prs.c @@ -1071,7 +1071,7 @@ bool prs_string(const char *name, prs_struct *ps, int depth, char *str, int max_ ********************************************************************/ static void schannel_digest(struct schannel_auth_struct *a, - enum pipe_auth_level auth_level, + enum dcerpc_AuthLevel auth_level, struct NL_AUTH_SIGNATURE *verf, char *data, size_t data_len, uchar digest_final[16]) @@ -1095,7 +1095,7 @@ static void schannel_digest(struct schannel_auth_struct *a, out of order */ MD5Update(&ctx3, zeros, sizeof(zeros)); MD5Update(&ctx3, sig, 8); - if (auth_level == PIPE_AUTH_LEVEL_PRIVACY) { + if (auth_level == DCERPC_AUTH_LEVEL_PRIVACY) { MD5Update(&ctx3, verf->Confounder, sizeof(verf->Confounder)); } MD5Update(&ctx3, (const unsigned char *)data, data_len); @@ -1169,7 +1169,7 @@ static void schannel_deal_with_seq_num(struct schannel_auth_struct *a, quite compatible with what MS does. ********************************************************************/ -void schannel_encode(struct schannel_auth_struct *a, enum pipe_auth_level auth_level, +void schannel_encode(struct schannel_auth_struct *a, enum dcerpc_AuthLevel auth_level, enum schannel_direction direction, struct NL_AUTH_SIGNATURE *verf, char *data, size_t data_len) @@ -1199,7 +1199,7 @@ void schannel_encode(struct schannel_auth_struct *a, enum pipe_auth_level auth_l dump_data_pw("verf->SequenceNumber:\n", verf->SequenceNumber, sizeof(verf->SequenceNumber)); - if (auth_level == PIPE_AUTH_LEVEL_PRIVACY) { + if (auth_level == DCERPC_AUTH_LEVEL_PRIVACY) { verf->SealAlgorithm = NL_SEAL_RC4; } else { verf->SealAlgorithm = NL_SEAL_NONE; @@ -1217,7 +1217,7 @@ void schannel_encode(struct schannel_auth_struct *a, enum pipe_auth_level auth_l schannel_digest(a, auth_level, verf, data, data_len, digest_final); memcpy(verf->Checksum, digest_final, sizeof(verf->Checksum)); - if (auth_level == PIPE_AUTH_LEVEL_PRIVACY) { + if (auth_level == DCERPC_AUTH_LEVEL_PRIVACY) { uchar sealing_key[16]; /* get the key to encode the data with */ @@ -1249,7 +1249,7 @@ void schannel_encode(struct schannel_auth_struct *a, enum pipe_auth_level auth_l as well as decode sealed messages ********************************************************************/ -bool schannel_decode(struct schannel_auth_struct *a, enum pipe_auth_level auth_level, +bool schannel_decode(struct schannel_auth_struct *a, enum dcerpc_AuthLevel auth_level, enum schannel_direction direction, struct NL_AUTH_SIGNATURE *verf, char *data, size_t data_len) { @@ -1263,7 +1263,7 @@ bool schannel_decode(struct schannel_auth_struct *a, enum pipe_auth_level auth_l DEBUG(10,("SCHANNEL: schannel_decode seq_num=%d data_len=%lu\n", a->seq_num, (unsigned long)data_len)); - if (auth_level == PIPE_AUTH_LEVEL_PRIVACY) { + if (auth_level == DCERPC_AUTH_LEVEL_PRIVACY) { schannel_sig = schannel_seal_sig; } else { schannel_sig = schannel_sign_sig; @@ -1317,7 +1317,7 @@ bool schannel_decode(struct schannel_auth_struct *a, enum pipe_auth_level auth_l return False; } - if (auth_level == PIPE_AUTH_LEVEL_PRIVACY) { + if (auth_level == DCERPC_AUTH_LEVEL_PRIVACY) { uchar sealing_key[16]; /* get the key to extract the data with */ diff --git a/source3/rpc_server/srv_netlog_nt.c b/source3/rpc_server/srv_netlog_nt.c index 07a0b971a0..06d4937261 100644 --- a/source3/rpc_server/srv_netlog_nt.c +++ b/source3/rpc_server/srv_netlog_nt.c @@ -595,8 +595,8 @@ static NTSTATUS netr_creds_server_step_check(pipes_struct *p, struct tdb_context *tdb; bool schannel_global_required = (lp_server_schannel() == true) ? true:false; bool schannel_in_use = (p->auth.auth_type == PIPE_AUTH_TYPE_SCHANNEL) ? true:false; /* && - (p->auth.auth_level == PIPE_AUTH_LEVEL_INTEGRITY || - p->auth.auth_level == PIPE_AUTH_LEVEL_PRIVACY); */ + (p->auth.auth_level == DCERPC_AUTH_LEVEL_INTEGRITY || + p->auth.auth_level == DCERPC_AUTH_LEVEL_PRIVACY); */ tdb = open_schannel_session_store(mem_ctx); if (!tdb) { diff --git a/source3/rpc_server/srv_pipe.c b/source3/rpc_server/srv_pipe.c index ce7df63972..3bd68c4e72 100644 --- a/source3/rpc_server/srv_pipe.c +++ b/source3/rpc_server/srv_pipe.c @@ -192,14 +192,14 @@ static bool create_next_pdu_ntlmssp(pipes_struct *p) /* Now write out the auth header and null blob. */ if (p->auth.auth_type == PIPE_AUTH_TYPE_NTLMSSP) { - auth_type = RPC_NTLMSSP_AUTH_TYPE; + auth_type = DCERPC_AUTH_TYPE_NTLMSSP; } else { - auth_type = RPC_SPNEGO_AUTH_TYPE; + auth_type = DCERPC_AUTH_TYPE_SPNEGO; } - if (p->auth.auth_level == PIPE_AUTH_LEVEL_PRIVACY) { - auth_level = RPC_AUTH_LEVEL_PRIVACY; + if (p->auth.auth_level == DCERPC_AUTH_LEVEL_PRIVACY) { + auth_level = DCERPC_AUTH_LEVEL_PRIVACY; } else { - auth_level = RPC_AUTH_LEVEL_INTEGRITY; + auth_level = DCERPC_AUTH_LEVEL_INTEGRITY; } init_rpc_hdr_auth(&auth_info, auth_type, auth_level, ss_padding_len, 1 /* context id. */); @@ -213,7 +213,7 @@ static bool create_next_pdu_ntlmssp(pipes_struct *p) /* Generate the sign blob. */ switch (p->auth.auth_level) { - case PIPE_AUTH_LEVEL_PRIVACY: + case DCERPC_AUTH_LEVEL_PRIVACY: /* Data portion is encrypted. */ status = ntlmssp_seal_packet( a->ntlmssp_state, @@ -229,7 +229,7 @@ static bool create_next_pdu_ntlmssp(pipes_struct *p) return False; } break; - case PIPE_AUTH_LEVEL_INTEGRITY: + case DCERPC_AUTH_LEVEL_INTEGRITY: /* Data is signed. */ status = ntlmssp_sign_packet( a->ntlmssp_state, @@ -414,9 +414,9 @@ static bool create_next_pdu_schannel(pipes_struct *p) /* Check it's the type of reply we were expecting to decode */ init_rpc_hdr_auth(&auth_info, - RPC_SCHANNEL_AUTH_TYPE, - p->auth.auth_level == PIPE_AUTH_LEVEL_PRIVACY ? - RPC_AUTH_LEVEL_PRIVACY : RPC_AUTH_LEVEL_INTEGRITY, + DCERPC_AUTH_TYPE_SCHANNEL, + p->auth.auth_level == DCERPC_AUTH_LEVEL_PRIVACY ? + DCERPC_AUTH_LEVEL_PRIVACY : DCERPC_AUTH_LEVEL_INTEGRITY, ss_padding_len, 1); if(!smb_io_rpc_hdr_auth("hdr_auth", &auth_info, @@ -589,8 +589,8 @@ static bool create_next_pdu_noauth(pipes_struct *p) bool create_next_pdu(pipes_struct *p) { switch(p->auth.auth_level) { - case PIPE_AUTH_LEVEL_NONE: - case PIPE_AUTH_LEVEL_CONNECT: + case DCERPC_AUTH_LEVEL_NONE: + case DCERPC_AUTH_LEVEL_CONNECT: /* This is incorrect for auth level connect. Fixme. JRA */ return create_next_pdu_noauth(p); @@ -647,7 +647,7 @@ static bool pipe_ntlmssp_verify_final(pipes_struct *p, DATA_BLOB *p_resp_blob) ensure the underlying NTLMSSP flags are also set. If not we should refuse the bind. */ - if (p->auth.auth_level == PIPE_AUTH_LEVEL_INTEGRITY) { + if (p->auth.auth_level == DCERPC_AUTH_LEVEL_INTEGRITY) { if (!(a->ntlmssp_state->neg_flags & NTLMSSP_NEGOTIATE_SIGN)) { DEBUG(0,("pipe_ntlmssp_verify_final: pipe %s : packet integrity requested " "but client declined signing.\n", @@ -655,7 +655,7 @@ static bool pipe_ntlmssp_verify_final(pipes_struct *p, DATA_BLOB *p_resp_blob) return False; } } - if (p->auth.auth_level == PIPE_AUTH_LEVEL_PRIVACY) { + if (p->auth.auth_level == DCERPC_AUTH_LEVEL_PRIVACY) { if (!(a->ntlmssp_state->neg_flags & NTLMSSP_NEGOTIATE_SEAL)) { DEBUG(0,("pipe_ntlmssp_verify_final: pipe %s : packet privacy requested " "but client declined sealing.\n", @@ -750,7 +750,7 @@ bool api_pipe_bind_auth3(pipes_struct *p, prs_struct *rpc_in_p) goto err; } - if (auth_info.auth_type != RPC_NTLMSSP_AUTH_TYPE) { + if (auth_info.auth_type != DCERPC_AUTH_TYPE_NTLMSSP) { DEBUG(0,("api_pipe_bind_auth3: incorrect auth type (%u).\n", (unsigned int)auth_info.auth_type )); return False; @@ -840,7 +840,7 @@ static bool setup_bind_nak(pipes_struct *p) if (p->auth.auth_data_free_func) { (*p->auth.auth_data_free_func)(&p->auth); } - p->auth.auth_level = PIPE_AUTH_LEVEL_NONE; + p->auth.auth_level = DCERPC_AUTH_LEVEL_NONE; p->auth.auth_type = PIPE_AUTH_TYPE_NONE; p->pipe_bound = False; @@ -1204,7 +1204,7 @@ static bool pipe_spnego_auth_bind_negotiate(pipes_struct *p, prs_struct *rpc_in_ } /* Copy the blob into the pout_auth parse struct */ - init_rpc_hdr_auth(&auth_info, RPC_SPNEGO_AUTH_TYPE, pauth_info->auth_level, RPC_HDR_AUTH_LEN, 1); + init_rpc_hdr_auth(&auth_info, DCERPC_AUTH_TYPE_SPNEGO, pauth_info->auth_level, RPC_HDR_AUTH_LEN, 1); if(!smb_io_rpc_hdr_auth("", &auth_info, pout_auth, 0)) { DEBUG(0,("pipe_spnego_auth_bind_negotiate: marshalling of RPC_HDR_AUTH failed.\n")); goto err; @@ -1302,7 +1302,7 @@ static bool pipe_spnego_auth_bind_continue(pipes_struct *p, prs_struct *rpc_in_p response = spnego_gen_auth_response(&auth_reply, NT_STATUS_OK, OID_NTLMSSP); /* Copy the blob into the pout_auth parse struct */ - init_rpc_hdr_auth(&auth_info, RPC_SPNEGO_AUTH_TYPE, pauth_info->auth_level, RPC_HDR_AUTH_LEN, 1); + init_rpc_hdr_auth(&auth_info, DCERPC_AUTH_TYPE_SPNEGO, pauth_info->auth_level, RPC_HDR_AUTH_LEN, 1); if(!smb_io_rpc_hdr_auth("", &auth_info, pout_auth, 0)) { DEBUG(0,("pipe_spnego_auth_bind_continue: marshalling of RPC_HDR_AUTH failed.\n")); goto err; @@ -1427,7 +1427,7 @@ static bool pipe_schannel_auth_bind(pipes_struct *p, prs_struct *rpc_in_p, return false; } - init_rpc_hdr_auth(&auth_info, RPC_SCHANNEL_AUTH_TYPE, pauth_info->auth_level, RPC_HDR_AUTH_LEN, 1); + init_rpc_hdr_auth(&auth_info, DCERPC_AUTH_TYPE_SCHANNEL, pauth_info->auth_level, RPC_HDR_AUTH_LEN, 1); if(!smb_io_rpc_hdr_auth("", &auth_info, pout_auth, 0)) { DEBUG(0,("pipe_schannel_auth_bind: marshalling of RPC_HDR_AUTH failed.\n")); return False; @@ -1516,7 +1516,7 @@ static bool pipe_ntlmssp_auth_bind(pipes_struct *p, prs_struct *rpc_in_p, data_blob_free(&blob); /* Copy the blob into the pout_auth parse struct */ - init_rpc_hdr_auth(&auth_info, RPC_NTLMSSP_AUTH_TYPE, pauth_info->auth_level, RPC_HDR_AUTH_LEN, 1); + init_rpc_hdr_auth(&auth_info, DCERPC_AUTH_TYPE_NTLMSSP, pauth_info->auth_level, RPC_HDR_AUTH_LEN, 1); if(!smb_io_rpc_hdr_auth("", &auth_info, pout_auth, 0)) { DEBUG(0,("pipe_ntlmssp_auth_bind: marshalling of RPC_HDR_AUTH failed.\n")); goto err; @@ -1564,7 +1564,7 @@ bool api_pipe_bind_req(pipes_struct *p, prs_struct *rpc_in_p) prs_struct out_auth; int i = 0; int auth_len = 0; - unsigned int auth_type = RPC_ANONYMOUS_AUTH_TYPE; + unsigned int auth_type = DCERPC_AUTH_TYPE_NONE; /* No rebinds on a bound pipe - use alter context. */ if (p->pipe_bound) { @@ -1689,11 +1689,11 @@ bool api_pipe_bind_req(pipes_struct *p, prs_struct *rpc_in_p) /* Work out if we have to sign or seal etc. */ switch (auth_info.auth_level) { - case RPC_AUTH_LEVEL_INTEGRITY: - p->auth.auth_level = PIPE_AUTH_LEVEL_INTEGRITY; + case DCERPC_AUTH_LEVEL_INTEGRITY: + p->auth.auth_level = DCERPC_AUTH_LEVEL_INTEGRITY; break; - case RPC_AUTH_LEVEL_PRIVACY: - p->auth.auth_level = PIPE_AUTH_LEVEL_PRIVACY; + case DCERPC_AUTH_LEVEL_PRIVACY: + p->auth.auth_level = DCERPC_AUTH_LEVEL_PRIVACY; break; default: DEBUG(0,("api_pipe_bind_req: unexpected auth level (%u).\n", @@ -1707,31 +1707,31 @@ bool api_pipe_bind_req(pipes_struct *p, prs_struct *rpc_in_p) assoc_gid = hdr_rb.bba.assoc_gid ? hdr_rb.bba.assoc_gid : 0x53f0; switch(auth_type) { - case RPC_NTLMSSP_AUTH_TYPE: + case DCERPC_AUTH_TYPE_NTLMSSP: if (!pipe_ntlmssp_auth_bind(p, rpc_in_p, &auth_info, &out_auth)) { goto err_exit; } assoc_gid = 0x7a77; break; - case RPC_SCHANNEL_AUTH_TYPE: + case DCERPC_AUTH_TYPE_SCHANNEL: if (!pipe_schannel_auth_bind(p, rpc_in_p, &auth_info, &out_auth)) { goto err_exit; } break; - case RPC_SPNEGO_AUTH_TYPE: + case DCERPC_AUTH_TYPE_SPNEGO: if (!pipe_spnego_auth_bind_negotiate(p, rpc_in_p, &auth_info, &out_auth)) { goto err_exit; } break; - case RPC_ANONYMOUS_AUTH_TYPE: + case DCERPC_AUTH_TYPE_NONE: /* Unauthenticated bind request. */ /* We're finished - no more packets. */ p->auth.auth_type = PIPE_AUTH_TYPE_NONE; /* We must set the pipe auth_level here also. */ - p->auth.auth_level = PIPE_AUTH_LEVEL_NONE; + p->auth.auth_level = DCERPC_AUTH_LEVEL_NONE; p->pipe_bound = True; /* The session key was initialized from the SMB * session in make_internal_rpc_pipe_p */ @@ -1914,7 +1914,7 @@ bool api_pipe_alter_context(pipes_struct *p, prs_struct *rpc_in_p) * response in place of the NTLMSSP auth3 type. */ - if (auth_info.auth_type == RPC_SPNEGO_AUTH_TYPE) { + if (auth_info.auth_type == DCERPC_AUTH_TYPE_SPNEGO) { /* We can only finish if the pipe is unbound. */ if (!p->pipe_bound) { if (!pipe_spnego_auth_bind_continue(p, rpc_in_p, &auth_info, &out_auth)) { @@ -2042,7 +2042,7 @@ bool api_pipe_ntlmssp_auth_process(pipes_struct *p, prs_struct *rpc_in, *pstatus = NT_STATUS_OK; - if (p->auth.auth_level == PIPE_AUTH_LEVEL_NONE || p->auth.auth_level == PIPE_AUTH_LEVEL_CONNECT) { + if (p->auth.auth_level == DCERPC_AUTH_LEVEL_NONE || p->auth.auth_level == DCERPC_AUTH_LEVEL_CONNECT) { return True; } @@ -2091,7 +2091,7 @@ bool api_pipe_ntlmssp_auth_process(pipes_struct *p, prs_struct *rpc_in, auth_blob.length = auth_len; switch (p->auth.auth_level) { - case PIPE_AUTH_LEVEL_PRIVACY: + case DCERPC_AUTH_LEVEL_PRIVACY: /* Data is encrypted. */ *pstatus = ntlmssp_unseal_packet(a->ntlmssp_state, data, data_len, @@ -2102,7 +2102,7 @@ bool api_pipe_ntlmssp_auth_process(pipes_struct *p, prs_struct *rpc_in, return False; } break; - case PIPE_AUTH_LEVEL_INTEGRITY: + case DCERPC_AUTH_LEVEL_INTEGRITY: /* Data is signed. */ *pstatus = ntlmssp_check_packet(a->ntlmssp_state, data, data_len, @@ -2193,7 +2193,7 @@ bool api_pipe_schannel_process(pipes_struct *p, prs_struct *rpc_in, uint32 *p_ss return False; } - if (auth_info.auth_type != RPC_SCHANNEL_AUTH_TYPE) { + if (auth_info.auth_type != DCERPC_AUTH_TYPE_SCHANNEL) { DEBUG(0,("Invalid auth info %d on schannel\n", auth_info.auth_type)); return False; diff --git a/source3/rpc_server/srv_samr_nt.c b/source3/rpc_server/srv_samr_nt.c index 058bd12f61..9e95c48033 100644 --- a/source3/rpc_server/srv_samr_nt.c +++ b/source3/rpc_server/srv_samr_nt.c @@ -2741,7 +2741,7 @@ static NTSTATUS get_user_info_18(pipes_struct *p, return NT_STATUS_ACCESS_DENIED; } - if (p->auth.auth_level != PIPE_AUTH_LEVEL_PRIVACY) { + if (p->auth.auth_level != DCERPC_AUTH_LEVEL_PRIVACY) { return NT_STATUS_ACCESS_DENIED; } diff --git a/source3/rpcclient/rpcclient.c b/source3/rpcclient/rpcclient.c index c0268f348e..7a20e487f2 100644 --- a/source3/rpcclient/rpcclient.c +++ b/source3/rpcclient/rpcclient.c @@ -26,7 +26,7 @@ DOM_SID domain_sid; static enum pipe_auth_type pipe_default_auth_type = PIPE_AUTH_TYPE_NONE; -static enum pipe_auth_level pipe_default_auth_level = PIPE_AUTH_LEVEL_NONE; +static enum dcerpc_AuthLevel pipe_default_auth_level = DCERPC_AUTH_LEVEL_NONE; static unsigned int timeout = 0; static enum dcerpc_transport_t default_transport = NCACN_NP; @@ -380,7 +380,7 @@ static NTSTATUS cmd_sign(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx, { const char *type = "NTLMSSP"; - pipe_default_auth_level = PIPE_AUTH_LEVEL_INTEGRITY; + pipe_default_auth_level = DCERPC_AUTH_LEVEL_INTEGRITY; pipe_default_auth_type = PIPE_AUTH_TYPE_NTLMSSP; if (argc > 2) { @@ -412,7 +412,7 @@ static NTSTATUS cmd_seal(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx, { const char *type = "NTLMSSP"; - pipe_default_auth_level = PIPE_AUTH_LEVEL_PRIVACY; + pipe_default_auth_level = DCERPC_AUTH_LEVEL_PRIVACY; pipe_default_auth_type = PIPE_AUTH_TYPE_NTLMSSP; if (argc > 2) { @@ -475,7 +475,7 @@ static NTSTATUS cmd_timeout(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx, static NTSTATUS cmd_none(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx, int argc, const char **argv) { - pipe_default_auth_level = PIPE_AUTH_LEVEL_NONE; + pipe_default_auth_level = DCERPC_AUTH_LEVEL_NONE; pipe_default_auth_type = PIPE_AUTH_TYPE_NONE; return cmd_set_ss_level(); @@ -485,7 +485,7 @@ static NTSTATUS cmd_schannel(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx, int argc, const char **argv) { d_printf("Setting schannel - sign and seal\n"); - pipe_default_auth_level = PIPE_AUTH_LEVEL_PRIVACY; + pipe_default_auth_level = DCERPC_AUTH_LEVEL_PRIVACY; pipe_default_auth_type = PIPE_AUTH_TYPE_SCHANNEL; return cmd_set_ss_level(); @@ -495,7 +495,7 @@ static NTSTATUS cmd_schannel_sign(struct rpc_pipe_client *cli, TALLOC_CTX *mem_c int argc, const char **argv) { d_printf("Setting schannel - sign only\n"); - pipe_default_auth_level = PIPE_AUTH_LEVEL_INTEGRITY; + pipe_default_auth_level = DCERPC_AUTH_LEVEL_INTEGRITY; pipe_default_auth_type = PIPE_AUTH_TYPE_SCHANNEL; return cmd_set_ss_level(); diff --git a/source3/utils/net_rpc.c b/source3/utils/net_rpc.c index 549539298f..b4505347b1 100644 --- a/source3/utils/net_rpc.c +++ b/source3/utils/net_rpc.c @@ -159,7 +159,7 @@ int run_rpc_command(struct net_context *c, /* Always try and create an schannel netlogon pipe. */ nt_status = cli_rpc_pipe_open_schannel( cli, interface, NCACN_NP, - PIPE_AUTH_LEVEL_PRIVACY, domain_name, + DCERPC_AUTH_LEVEL_PRIVACY, domain_name, &pipe_hnd); if (!NT_STATUS_IS_OK(nt_status)) { DEBUG(0, ("Could not initialise schannel netlogon pipe. Error was %s\n", @@ -172,7 +172,7 @@ int run_rpc_command(struct net_context *c, cli, interface, (conn_flags & NET_FLAGS_TCP) ? NCACN_IP_TCP : NCACN_NP, - PIPE_AUTH_LEVEL_PRIVACY, + DCERPC_AUTH_LEVEL_PRIVACY, lp_workgroup(), c->opt_user_name, c->opt_password, &pipe_hnd); } else { diff --git a/source3/utils/net_rpc_join.c b/source3/utils/net_rpc_join.c index dbe77355c8..23913812b0 100644 --- a/source3/utils/net_rpc_join.c +++ b/source3/utils/net_rpc_join.c @@ -102,7 +102,7 @@ NTSTATUS net_rpc_join_ok(struct net_context *c, const char *domain, ntret = cli_rpc_pipe_open_schannel_with_key( cli, &ndr_table_netlogon.syntax_id, NCACN_NP, - PIPE_AUTH_LEVEL_PRIVACY, + DCERPC_AUTH_LEVEL_PRIVACY, domain, &netlogon_pipe->dc, &pipe_hnd); if (!NT_STATUS_IS_OK(ntret)) { @@ -420,7 +420,7 @@ int net_rpc_join_newstyle(struct net_context *c, int argc, const char **argv) result = cli_rpc_pipe_open_schannel_with_key( cli, &ndr_table_netlogon.syntax_id, NCACN_NP, - PIPE_AUTH_LEVEL_PRIVACY, domain, &pipe_hnd->dc, + DCERPC_AUTH_LEVEL_PRIVACY, domain, &pipe_hnd->dc, &netlogon_schannel_pipe); if (!NT_STATUS_IS_OK(result)) { diff --git a/source3/winbindd/winbindd_cm.c b/source3/winbindd/winbindd_cm.c index 3418022c62..450bb1bc06 100644 --- a/source3/winbindd/winbindd_cm.c +++ b/source3/winbindd/winbindd_cm.c @@ -2056,7 +2056,7 @@ NTSTATUS cm_connect_sam(struct winbindd_domain *domain, TALLOC_CTX *mem_ctx, result = cli_rpc_pipe_open_spnego_ntlmssp(conn->cli, &ndr_table_samr.syntax_id, NCACN_NP, - PIPE_AUTH_LEVEL_PRIVACY, + DCERPC_AUTH_LEVEL_PRIVACY, domain_name, machine_account, machine_password, @@ -2100,7 +2100,7 @@ NTSTATUS cm_connect_sam(struct winbindd_domain *domain, TALLOC_CTX *mem_ctx, } result = cli_rpc_pipe_open_schannel_with_key (conn->cli, &ndr_table_samr.syntax_id, NCACN_NP, - PIPE_AUTH_LEVEL_PRIVACY, + DCERPC_AUTH_LEVEL_PRIVACY, domain->name, &p_creds, &conn->samr_pipe); if (!NT_STATUS_IS_OK(result)) { @@ -2196,7 +2196,7 @@ NTSTATUS cm_connect_lsa(struct winbindd_domain *domain, TALLOC_CTX *mem_ctx, * authenticated LSA pipe with sign & seal. */ result = cli_rpc_pipe_open_spnego_ntlmssp (conn->cli, &ndr_table_lsarpc.syntax_id, NCACN_NP, - PIPE_AUTH_LEVEL_PRIVACY, + DCERPC_AUTH_LEVEL_PRIVACY, conn->cli->domain, conn->cli->user_name, conn->cli->password, &conn->lsa_pipe); @@ -2237,7 +2237,7 @@ NTSTATUS cm_connect_lsa(struct winbindd_domain *domain, TALLOC_CTX *mem_ctx, } result = cli_rpc_pipe_open_schannel_with_key (conn->cli, &ndr_table_lsarpc.syntax_id, NCACN_NP, - PIPE_AUTH_LEVEL_PRIVACY, + DCERPC_AUTH_LEVEL_PRIVACY, domain->name, &p_creds, &conn->lsa_pipe); if (!NT_STATUS_IS_OK(result)) { @@ -2384,7 +2384,7 @@ NTSTATUS cm_connect_netlogon(struct winbindd_domain *domain, result = cli_rpc_pipe_open_schannel_with_key( conn->cli, &ndr_table_netlogon.syntax_id, NCACN_NP, - PIPE_AUTH_LEVEL_PRIVACY, domain->name, &netlogon_pipe->dc, + DCERPC_AUTH_LEVEL_PRIVACY, domain->name, &netlogon_pipe->dc, &conn->netlogon_pipe); /* We can now close the initial netlogon pipe. */ diff --git a/source4/dsdb/samdb/ldb_modules/repl_meta_data.c b/source4/dsdb/samdb/ldb_modules/repl_meta_data.c index f9411fe95f..26703528a7 100644 --- a/source4/dsdb/samdb/ldb_modules/repl_meta_data.c +++ b/source4/dsdb/samdb/ldb_modules/repl_meta_data.c @@ -1352,16 +1352,6 @@ static int replmd_replicated_apply_merge(struct replmd_replicated_request *ar) replmd_replPropertyMetaDataCtr1_sort(&nmd.ctr.ctr1, &rdn_p->attid); } - /* create the meta data value */ - ndr_err = ndr_push_struct_blob(&nmd_value, msg, - lp_iconv_convenience(ldb_get_opaque(ldb, "loadparm")), - &nmd, - (ndr_push_flags_fn_t)ndr_push_replPropertyMetaDataBlob); - if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) { - NTSTATUS nt_status = ndr_map_error2ntstatus(ndr_err); - return replmd_replicated_request_werror(ar, ntstatus_to_werror(nt_status)); - } - /* * check if some replicated attributes left, otherwise skip the ldb_modify() call */ @@ -1385,6 +1375,16 @@ static int replmd_replicated_apply_merge(struct replmd_replicated_request *ar) nmd.ctr.ctr1.array[i].local_usn = seq_num; } + /* create the meta data value */ + ndr_err = ndr_push_struct_blob(&nmd_value, msg, + lp_iconv_convenience(ldb_get_opaque(ldb, "loadparm")), + &nmd, + (ndr_push_flags_fn_t)ndr_push_replPropertyMetaDataBlob); + if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) { + NTSTATUS nt_status = ndr_map_error2ntstatus(ndr_err); + return replmd_replicated_request_werror(ar, ntstatus_to_werror(nt_status)); + } + /* * when we know that we'll modify the record, add the whenChanged, uSNChanged * and replPopertyMetaData attributes diff --git a/source4/dsdb/schema/schema.h b/source4/dsdb/schema/schema.h index a605e2f707..4e7e503931 100644 --- a/source4/dsdb/schema/schema.h +++ b/source4/dsdb/schema/schema.h @@ -146,6 +146,13 @@ struct dsdb_class { uint32_t *mustContain_ids; uint32_t *mayContain_ids; uint32_t *systemPossSuperiors_ids; + + /* An ordered index showing how this subClass fits into the + * subClass tree. that is, an objectclass that is not + * subClassOf anything is 0 (just in case), and top is 1, and + * subClasses of top are 2, subclasses of those classes are + * 3 */ + uint32_t subClass_order; }; struct dsdb_schema_oid_prefix { diff --git a/source4/dsdb/schema/schema_inferiors.c b/source4/dsdb/schema/schema_inferiors.c index b0ecc08600..493b425b72 100644 --- a/source4/dsdb/schema/schema_inferiors.c +++ b/source4/dsdb/schema/schema_inferiors.c @@ -127,6 +127,20 @@ static char **schema_subclasses_recurse(struct dsdb_schema *schema, struct dsdb_ return list; } +/* Walk down the subClass tree, setting a higher index as we go down + * each level. top is 1, subclasses of top are 2, etc */ +void schema_subclasses_order_recurse(struct dsdb_schema *schema, struct dsdb_class *schema_class, int order) +{ + const char **list = schema_class->subclasses_direct; + int i; + schema_class->subClass_order = order; + for (i=0;list && list[i]; i++) { + struct dsdb_class *schema_class2 = dsdb_class_by_lDAPDisplayName(schema, list[i]); + schema_subclasses_order_recurse(schema, schema_class2, order+1); + } + return; +} + static void schema_create_subclasses(struct dsdb_schema *schema) { struct dsdb_class *schema_class; @@ -148,7 +162,12 @@ static void schema_create_subclasses(struct dsdb_schema *schema) for (schema_class=schema->classes; schema_class; schema_class=schema_class->next) { schema_class->subclasses = str_list_unique(schema_subclasses_recurse(schema, schema_class)); - } + + /* Initilise the subClass order, to ensure we can't have uninitilised sort on the subClass hirarchy */ + schema_class->subClass_order = 0; + } + + schema_subclasses_order_recurse(schema, dsdb_class_by_lDAPDisplayName(schema, "top"), 1); } static void schema_fill_possible_inferiors(struct dsdb_schema *schema, struct dsdb_class *schema_class) diff --git a/source4/libcli/config.mk b/source4/libcli/config.mk index b6a9f112a0..340cd2ae41 100644 --- a/source4/libcli/config.mk +++ b/source4/libcli/config.mk @@ -37,49 +37,6 @@ LIBCLI_SMB_COMPOSITE_OBJ_FILES = $(addprefix $(libclisrcdir)/smb_composite/, \ $(eval $(call proto_header_template,$(libclisrcdir)/smb_composite/proto.h,$(LIBCLI_SMB_COMPOSITE_OBJ_FILES:.o=.c))) -[SUBSYSTEM::NDR_NBT_BUF] - -NDR_NBT_BUF_OBJ_FILES = $(libclinbtsrcdir)/nbtname.o - -$(eval $(call proto_header_template,$(libclinbtsrcdir)/nbtname.h,$(NDR_NBT_BUF_OBJ_FILES:.o=.c))) - -[SUBSYSTEM::LIBCLI_NBT] -PUBLIC_DEPENDENCIES = LIBNDR NDR_NBT LIBCLI_COMPOSITE LIBEVENTS \ - NDR_SECURITY samba_socket LIBSAMBA-UTIL - -LIBCLI_NBT_OBJ_FILES = $(addprefix $(libclinbtsrcdir)/, \ - nbtsocket.o \ - namequery.o \ - nameregister.o \ - namerefresh.o \ - namerelease.o) - -[BINARY::nmblookup] -INSTALLDIR = BINDIR -PRIVATE_DEPENDENCIES = \ - LIBSAMBA-HOSTCONFIG \ - LIBSAMBA-UTIL \ - LIBCLI_NBT \ - LIBPOPT \ - POPT_SAMBA \ - LIBNETIF \ - LIBCLI_RESOLVE - -nmblookup_OBJ_FILES = $(libclinbtsrcdir)/tools/nmblookup.o -MANPAGES += $(libclinbtsrcdir)/man/nmblookup.1 - -[SUBSYSTEM::LIBCLI_NDR_NETLOGON] -PUBLIC_DEPENDENCIES = LIBNDR \ - NDR_SECURITY - -LIBCLI_NDR_NETLOGON_OBJ_FILES = $(addprefix $(libclinbtsrcdir)/../, ndr_netlogon.o) - -[SUBSYSTEM::LIBCLI_NETLOGON] -PUBLIC_DEPENDENCIES = LIBSAMBA-UTIL LIBCLI_NDR_NETLOGON - -LIBCLI_NETLOGON_OBJ_FILES = $(addprefix $(libclinbtsrcdir)/, \ - ../netlogon.o) - [PYTHON::python_netbios] LIBRARY_REALNAME = samba/netbios.$(SHLIBEXT) PUBLIC_DEPENDENCIES = LIBCLI_NBT DYNCONFIG LIBSAMBA-HOSTCONFIG diff --git a/source4/main.mk b/source4/main.mk index 63eea36cdf..880d877e50 100644 --- a/source4/main.mk +++ b/source4/main.mk @@ -56,6 +56,7 @@ mkinclude ../lib/smbconf/config.mk mkinclude ../lib/async_req/config.mk mkinclude ../libcli/security/config.mk mkinclude ../libcli/ldap/config.mk +mkinclude ../libcli/nbt/config.mk mkinclude ../libcli/auth/config.mk mkinclude ../libcli/drsuapi/config.mk mkinclude ../libcli/samsync/config.mk diff --git a/source4/rpc_server/drsuapi/getncchanges.c b/source4/rpc_server/drsuapi/getncchanges.c index 165e485d45..a05ddb9a5d 100644 --- a/source4/rpc_server/drsuapi/getncchanges.c +++ b/source4/rpc_server/drsuapi/getncchanges.c @@ -86,7 +86,7 @@ static WERROR get_nc_changes_build_object(struct drsuapi_DsReplicaObjectListItem obj->meta_data_ctr->meta_data = talloc_array(obj, struct drsuapi_DsReplicaMetaData, md.ctr.ctr1.count); for (n=i=0; i<md.ctr.ctr1.count; i++) { - if (md.ctr.ctr1.array[i].originating_usn < highest_usn) continue; + if (md.ctr.ctr1.array[i].local_usn < highest_usn) continue; obj->meta_data_ctr->meta_data[n].originating_change_time = md.ctr.ctr1.array[i].originating_change_time; obj->meta_data_ctr->meta_data[n].version = md.ctr.ctr1.array[i].version; obj->meta_data_ctr->meta_data[n].originating_invocation_id = md.ctr.ctr1.array[i].originating_invocation_id; |