diff options
Diffstat (limited to 'source3')
36 files changed, 450 insertions, 669 deletions
diff --git a/source3/Makefile.in b/source3/Makefile.in index 65feb8446b..1b936312ea 100644 --- a/source3/Makefile.in +++ b/source3/Makefile.in @@ -1297,7 +1297,7 @@ TDBTORTURE_OBJ = @tdbdir@/tools/tdbtorture.o $(LIBREPLACE_OBJ) \ NTLM_AUTH_OBJ1 = utils/ntlm_auth.o utils/ntlm_auth_diagnostics.o NTLM_AUTH_OBJ = ${NTLM_AUTH_OBJ1} $(LIBSAMBA_OBJ) $(POPT_LIB_OBJ) \ - ../lib/util/asn1.o libsmb/spnego.o libsmb/clikrb5.o libads/kerberos.o \ + ../lib/util/asn1.o ../libcli/auth/spnego_parse.o libsmb/clikrb5.o libads/kerberos.o \ $(LIBADS_SERVER_OBJ) \ $(PASSDB_OBJ) $(LIBTSOCKET_OBJ) $(GROUPDB_OBJ) \ $(SMBLDAP_OBJ) $(LIBNMB_OBJ) \ diff --git a/source3/configure.in b/source3/configure.in index a922e3fb7e..e298ec658c 100644 --- a/source3/configure.in +++ b/source3/configure.in @@ -4117,12 +4117,12 @@ AC_ARG_WITH(cifsupcall, # /usr/include/pam. with_pam_for_crypt=no -try_pam=no +try_pam=auto AC_MSG_CHECKING(whether to try PAM support) AC_ARG_WITH(pam, -[AS_HELP_STRING([--with-pam], [Include PAM support (default=no)])], +[AS_HELP_STRING([--with-pam], [Include PAM support (default=auto)])], [ case "$withval" in - yes|no) + yes|no|auto) try_pam=$withval ;; esac diff --git a/source3/include/ads.h b/source3/include/ads.h index 9761d54086..6d9b0eebac 100644 --- a/source3/include/ads.h +++ b/source3/include/ads.h @@ -8,6 +8,12 @@ #include "../libds/common/flags.h" +#define TOK_ID_KRB_AP_REQ ((const uint8_t *)"\x01\x00") +#define TOK_ID_KRB_AP_REP ((const uint8_t *)"\x02\x00") +#define TOK_ID_KRB_ERROR ((const uint8_t *)"\x03\x00") +#define TOK_ID_GSS_GETMIC ((const uint8_t *)"\x01\x01") +#define TOK_ID_GSS_WRAP ((const uint8_t *)"\x02\x01") + enum wb_posix_mapping { WB_POSIX_MAP_UNKNOWN = -1, WB_POSIX_MAP_TEMPLATE = 0, diff --git a/source3/include/includes.h b/source3/include/includes.h index d1be3b06a8..71125140be 100644 --- a/source3/include/includes.h +++ b/source3/include/includes.h @@ -688,7 +688,6 @@ struct smb_iconv_convenience *lp_iconv_convenience(void *lp_ctx); #include "mangle.h" #include "module.h" #include "nsswitch/winbind_client.h" -#include "spnego.h" #include "rpc_client.h" #include "dbwrap.h" #include "packet.h" diff --git a/source3/include/proto.h b/source3/include/proto.h index 007ee9f223..1d8a6cd9fa 100644 --- a/source3/include/proto.h +++ b/source3/include/proto.h @@ -3297,12 +3297,6 @@ const char *smb_dos_err_class(uint8 e_class); char *smb_dos_errstr(char *inbuf); WERROR map_werror_from_unix(int error); -/* The following definitions come from libsmb/spnego.c */ - -ssize_t read_spnego_data(DATA_BLOB data, SPNEGO_DATA *token); -ssize_t write_spnego_data(DATA_BLOB *blob, SPNEGO_DATA *spnego); -bool free_spnego_data(SPNEGO_DATA *spnego); - /* The following definitions come from libsmb/trustdom_cache.c */ bool trustdom_cache_enable(void); @@ -5620,6 +5614,10 @@ NTSTATUS serverinfo_to_SamInfo3(struct auth_serversupplied_info *server_info, uint8_t *pipe_session_key, size_t pipe_session_key_len, struct netr_SamInfo3 *sam3); +NTSTATUS serverinfo_to_SamInfo6(struct auth_serversupplied_info *server_info, + uint8_t *pipe_session_key, + size_t pipe_session_key_len, + struct netr_SamInfo6 *sam6); void init_netr_CryptPassword(const char *pwd, unsigned char session_key[16], struct netr_CryptPassword *pwd_buf); @@ -6574,6 +6572,7 @@ void send_nt_replies(connection_struct *conn, char *params, int paramsize, char *pdata, int datasize); void reply_ntcreate_and_X(struct smb_request *req); +struct ea_list *read_nttrans_ea_list(TALLOC_CTX *ctx, const char *pdata, size_t data_size); void reply_ntcancel(struct smb_request *req); void reply_ntrename(struct smb_request *req); void reply_nttrans(struct smb_request *req); diff --git a/source3/include/spnego.h b/source3/include/spnego.h deleted file mode 100644 index f777969d3a..0000000000 --- a/source3/include/spnego.h +++ /dev/null @@ -1,81 +0,0 @@ -/* - Unix SMB/CIFS implementation. - - RFC2478 Compliant SPNEGO implementation - - Copyright (C) Jim McDonough <jmcd@us.ibm.com> 2003 - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 3 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - - You should have received a copy of the GNU General Public License - along with this program. If not, see <http://www.gnu.org/licenses/>. -*/ - -#ifndef SAMBA_SPNEGO_H -#define SAMBA_SPNEGO_H - -#define SPNEGO_DELEG_FLAG 0x01 -#define SPNEGO_MUTUAL_FLAG 0x02 -#define SPNEGO_REPLAY_FLAG 0x04 -#define SPNEGO_SEQUENCE_FLAG 0x08 -#define SPNEGO_ANON_FLAG 0x10 -#define SPNEGO_CONF_FLAG 0x20 -#define SPNEGO_INTEG_FLAG 0x40 -#define SPNEGO_REQ_FLAG 0x80 - -#define SPNEGO_NEG_TOKEN_INIT 0 -#define SPNEGO_NEG_TOKEN_TARG 1 - -/* some well known object IDs */ -#define OID_SPNEGO "1.3.6.1.5.5.2" -#define OID_NTLMSSP "1.3.6.1.4.1.311.2.2.10" -#define OID_KERBEROS5_OLD "1.2.840.48018.1.2.2" -#define OID_KERBEROS5 "1.2.840.113554.1.2.2" - -#define SPNEGO_NEG_RESULT_ACCEPT 0 -#define SPNEGO_NEG_RESULT_INCOMPLETE 1 -#define SPNEGO_NEG_RESULT_REJECT 2 - -/* not really ASN.1, but RFC 1964 */ -#define TOK_ID_KRB_AP_REQ (uchar*)"\x01\x00" -#define TOK_ID_KRB_AP_REP (uchar*)"\x02\x00" -#define TOK_ID_KRB_ERROR (uchar*)"\x03\x00" -#define TOK_ID_GSS_GETMIC (uchar*)"\x01\x01" -#define TOK_ID_GSS_WRAP (uchar*)"\x02\x01" - -typedef enum _spnego_negResult { - SPNEGO_ACCEPT_COMPLETED = 0, - SPNEGO_ACCEPT_INCOMPLETE = 1, - SPNEGO_REJECT = 2 -} negResult_t; - -typedef struct spnego_negTokenInit { - const char **mechTypes; - int reqFlags; - DATA_BLOB mechToken; - DATA_BLOB mechListMIC; -} negTokenInit_t; - -typedef struct spnego_negTokenTarg { - uint8 negResult; - char *supportedMech; - DATA_BLOB responseToken; - DATA_BLOB mechListMIC; -} negTokenTarg_t; - -typedef struct spnego_spnego { - int type; - negTokenInit_t negTokenInit; - negTokenTarg_t negTokenTarg; -} SPNEGO_DATA; - -#endif diff --git a/source3/libads/sasl.c b/source3/libads/sasl.c index 3182b936e0..9b4d8bd2d4 100644 --- a/source3/libads/sasl.c +++ b/source3/libads/sasl.c @@ -18,6 +18,7 @@ */ #include "includes.h" +#include "../libcli/auth/spnego.h" #ifdef HAVE_LDAP diff --git a/source3/libnet/libnet_join.c b/source3/libnet/libnet_join.c index 5315fccff6..cd476868e3 100644 --- a/source3/libnet/libnet_join.c +++ b/source3/libnet/libnet_join.c @@ -1828,7 +1828,7 @@ static WERROR libnet_DomainJoin(TALLOC_CTX *mem_ctx, "failed to find DC for domain %s", r->in.domain_name, get_friendly_nt_error_msg(status)); - return WERR_DOMAIN_CONTROLLER_NOT_FOUND; + return WERR_DC_NOT_FOUND; } dc = strip_hostname(info->dc_unc); @@ -2019,7 +2019,7 @@ static WERROR libnet_DomainUnjoin(TALLOC_CTX *mem_ctx, "failed to find DC for domain %s", r->in.domain_name, get_friendly_nt_error_msg(status)); - return WERR_DOMAIN_CONTROLLER_NOT_FOUND; + return WERR_DC_NOT_FOUND; } dc = strip_hostname(info->dc_unc); diff --git a/source3/librpc/gen_ndr/messaging.h b/source3/librpc/gen_ndr/messaging.h index 3324160938..79b097cc6b 100644 --- a/source3/librpc/gen_ndr/messaging.h +++ b/source3/librpc/gen_ndr/messaging.h @@ -2,6 +2,8 @@ #include <stdint.h> +#include "libcli/util/ntstatus.h" + #ifndef _HEADER_messaging #define _HEADER_messaging @@ -9,58 +11,58 @@ enum messaging_type #ifndef USE_UINT_ENUMS { - MSG_DEBUG=0x0001, - MSG_PING=0x0002, - MSG_PONG=0x0003, - MSG_PROFILE=0x0004, - MSG_REQ_DEBUGLEVEL=0x0005, - MSG_DEBUGLEVEL=0x0006, - MSG_REQ_PROFILELEVEL=0x0007, - MSG_PROFILELEVEL=0x0008, - MSG_REQ_POOL_USAGE=0x0009, - MSG_POOL_USAGE=0x000A, - MSG_REQ_DMALLOC_MARK=0x000B, - MSG_REQ_DMALLOC_LOG_CHANGED=0x000C, - MSG_SHUTDOWN=0x000D, - MSG_FORCE_ELECTION=0x0101, - MSG_WINS_NEW_ENTRY=0x0102, - MSG_SEND_PACKET=0x0103, - MSG_PRINTER_NOTIFY=0x2001, - MSG_PRINTER_NOTIFY2=0x0202, - MSG_PRINTER_DRVUPGRADE=0x0203, - MSG_PRINTERDATA_INIT_RESET=0x0204, - MSG_PRINTER_UPDATE=0x0205, - MSG_PRINTER_MOD=0x0206, - MSG_SMB_CONF_UPDATED=0x0301, - MSG_SMB_FORCE_TDIS=0x0302, - MSG_SMB_SAM_SYNC=0x0303, - MSG_SMB_SAM_REPL=0x0304, - MSG_SMB_UNLOCK=0x0305, - MSG_SMB_BREAK_REQUEST=0x0306, - MSG_SMB_BREAK_RESPONSE=0x0307, - MSG_SMB_ASYNC_LEVEL2_BREAK=0x0308, - MSG_SMB_OPEN_RETRY=0x0309, - MSG_SMB_KERNEL_BREAK=0x030A, - MSG_SMB_FILE_RENAME=0x030B, - MSG_SMB_INJECT_FAULT=0x030C, - MSG_SMB_BLOCKING_LOCK_CANCEL=0x030D, - MSG_SMB_NOTIFY=0x030E, - MSG_SMB_STAT_CACHE_DELETE=0x030F, - MSG_PVFS_NOTIFY=0x0310, - MSG_SMB_BRL_VALIDATE=0x0311, - MSG_SMB_RELEASE_IP=0x0312, - MSG_SMB_CLOSE_FILE=0x0313, - MSG_WINBIND_FINISHED=0x0401, - MSG_WINBIND_FORGET_STATE=0x0402, - MSG_WINBIND_ONLINE=0x0403, - MSG_WINBIND_OFFLINE=0x0404, - MSG_WINBIND_ONLINESTATUS=0x0405, - MSG_WINBIND_TRY_TO_GO_ONLINE=0x0406, - MSG_WINBIND_FAILED_TO_GO_ONLINE=0x0407, - MSG_WINBIND_VALIDATE_CACHE=0x0408, - MSG_WINBIND_DUMP_DOMAIN_LIST=0x0409, - MSG_DUMP_EVENT_LIST=0x0500, - MSG_DBWRAP_TDB2_CHANGES=4001 + MSG_DEBUG=(int)0x0001, + MSG_PING=(int)0x0002, + MSG_PONG=(int)0x0003, + MSG_PROFILE=(int)0x0004, + MSG_REQ_DEBUGLEVEL=(int)0x0005, + MSG_DEBUGLEVEL=(int)0x0006, + MSG_REQ_PROFILELEVEL=(int)0x0007, + MSG_PROFILELEVEL=(int)0x0008, + MSG_REQ_POOL_USAGE=(int)0x0009, + MSG_POOL_USAGE=(int)0x000A, + MSG_REQ_DMALLOC_MARK=(int)0x000B, + MSG_REQ_DMALLOC_LOG_CHANGED=(int)0x000C, + MSG_SHUTDOWN=(int)0x000D, + MSG_FORCE_ELECTION=(int)0x0101, + MSG_WINS_NEW_ENTRY=(int)0x0102, + MSG_SEND_PACKET=(int)0x0103, + MSG_PRINTER_NOTIFY=(int)0x2001, + MSG_PRINTER_NOTIFY2=(int)0x0202, + MSG_PRINTER_DRVUPGRADE=(int)0x0203, + MSG_PRINTERDATA_INIT_RESET=(int)0x0204, + MSG_PRINTER_UPDATE=(int)0x0205, + MSG_PRINTER_MOD=(int)0x0206, + MSG_SMB_CONF_UPDATED=(int)0x0301, + MSG_SMB_FORCE_TDIS=(int)0x0302, + MSG_SMB_SAM_SYNC=(int)0x0303, + MSG_SMB_SAM_REPL=(int)0x0304, + MSG_SMB_UNLOCK=(int)0x0305, + MSG_SMB_BREAK_REQUEST=(int)0x0306, + MSG_SMB_BREAK_RESPONSE=(int)0x0307, + MSG_SMB_ASYNC_LEVEL2_BREAK=(int)0x0308, + MSG_SMB_OPEN_RETRY=(int)0x0309, + MSG_SMB_KERNEL_BREAK=(int)0x030A, + MSG_SMB_FILE_RENAME=(int)0x030B, + MSG_SMB_INJECT_FAULT=(int)0x030C, + MSG_SMB_BLOCKING_LOCK_CANCEL=(int)0x030D, + MSG_SMB_NOTIFY=(int)0x030E, + MSG_SMB_STAT_CACHE_DELETE=(int)0x030F, + MSG_PVFS_NOTIFY=(int)0x0310, + MSG_SMB_BRL_VALIDATE=(int)0x0311, + MSG_SMB_RELEASE_IP=(int)0x0312, + MSG_SMB_CLOSE_FILE=(int)0x0313, + MSG_WINBIND_FINISHED=(int)0x0401, + MSG_WINBIND_FORGET_STATE=(int)0x0402, + MSG_WINBIND_ONLINE=(int)0x0403, + MSG_WINBIND_OFFLINE=(int)0x0404, + MSG_WINBIND_ONLINESTATUS=(int)0x0405, + MSG_WINBIND_TRY_TO_GO_ONLINE=(int)0x0406, + MSG_WINBIND_FAILED_TO_GO_ONLINE=(int)0x0407, + MSG_WINBIND_VALIDATE_CACHE=(int)0x0408, + MSG_WINBIND_DUMP_DOMAIN_LIST=(int)0x0409, + MSG_DUMP_EVENT_LIST=(int)0x0500, + MSG_DBWRAP_TDB2_CHANGES=(int)4001 } #else { __donnot_use_enum_messaging_type=0x7FFFFFFF} diff --git a/source3/libsmb/cliconnect.c b/source3/libsmb/cliconnect.c index 600f8d1b4a..2535de2847 100644 --- a/source3/libsmb/cliconnect.c +++ b/source3/libsmb/cliconnect.c @@ -20,6 +20,7 @@ #include "includes.h" #include "../libcli/auth/libcli_auth.h" +#include "../libcli/auth/spnego.h" static const struct { int prot; diff --git a/source3/libsmb/clifsinfo.c b/source3/libsmb/clifsinfo.c index e0ae948aaf..308a6f7215 100644 --- a/source3/libsmb/clifsinfo.c +++ b/source3/libsmb/clifsinfo.c @@ -19,6 +19,7 @@ */ #include "includes.h" +#include "../libcli/auth/spnego.h" /**************************************************************************** Get UNIX extensions version info. diff --git a/source3/libsmb/clispnego.c b/source3/libsmb/clispnego.c index 74dba56aec..5d7e43d941 100644 --- a/source3/libsmb/clispnego.c +++ b/source3/libsmb/clispnego.c @@ -20,6 +20,7 @@ */ #include "includes.h" +#include "../libcli/auth/spnego.h" /* generate a negTokenInit packet given a GUID, a list of supported @@ -532,11 +533,11 @@ DATA_BLOB spnego_gen_auth_response(DATA_BLOB *reply, NTSTATUS nt_status, uint8 negResult; if (NT_STATUS_IS_OK(nt_status)) { - negResult = SPNEGO_NEG_RESULT_ACCEPT; + negResult = SPNEGO_ACCEPT_COMPLETED; } else if (NT_STATUS_EQUAL(nt_status, NT_STATUS_MORE_PROCESSING_REQUIRED)) { - negResult = SPNEGO_NEG_RESULT_INCOMPLETE; + negResult = SPNEGO_ACCEPT_INCOMPLETE; } else { - negResult = SPNEGO_NEG_RESULT_REJECT; + negResult = SPNEGO_REJECT; } data = asn1_init(talloc_tos()); @@ -581,11 +582,11 @@ bool spnego_parse_auth_response(DATA_BLOB blob, NTSTATUS nt_status, uint8 negResult; if (NT_STATUS_IS_OK(nt_status)) { - negResult = SPNEGO_NEG_RESULT_ACCEPT; + negResult = SPNEGO_ACCEPT_COMPLETED; } else if (NT_STATUS_EQUAL(nt_status, NT_STATUS_MORE_PROCESSING_REQUIRED)) { - negResult = SPNEGO_NEG_RESULT_INCOMPLETE; + negResult = SPNEGO_ACCEPT_INCOMPLETE; } else { - negResult = SPNEGO_NEG_RESULT_REJECT; + negResult = SPNEGO_REJECT; } data = asn1_init(talloc_tos()); @@ -612,7 +613,7 @@ bool spnego_parse_auth_response(DATA_BLOB blob, NTSTATUS nt_status, asn1_read_OctetString(data, talloc_autofree_context(), auth); asn1_end_tag(data); } - } else if (negResult == SPNEGO_NEG_RESULT_INCOMPLETE) { + } else if (negResult == SPNEGO_ACCEPT_INCOMPLETE) { data->has_error = 1; } diff --git a/source3/libsmb/spnego.c b/source3/libsmb/spnego.c deleted file mode 100644 index 528c7f4009..0000000000 --- a/source3/libsmb/spnego.c +++ /dev/null @@ -1,362 +0,0 @@ -/* - Unix SMB/CIFS implementation. - - RFC2478 Compliant SPNEGO implementation - - Copyright (C) Jim McDonough <jmcd@us.ibm.com> 2003 - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 3 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - - You should have received a copy of the GNU General Public License - along with this program. If not, see <http://www.gnu.org/licenses/>. -*/ - -#include "includes.h" - -#undef DBGC_CLASS -#define DBGC_CLASS DBGC_AUTH - -static bool read_negTokenInit(ASN1_DATA *asn1, negTokenInit_t *token) -{ - ZERO_STRUCTP(token); - - asn1_start_tag(asn1, ASN1_CONTEXT(0)); - asn1_start_tag(asn1, ASN1_SEQUENCE(0)); - - while (!asn1->has_error && 0 < asn1_tag_remaining(asn1)) { - int i; - - switch (asn1->data[asn1->ofs]) { - /* Read mechTypes */ - case ASN1_CONTEXT(0): - asn1_start_tag(asn1, ASN1_CONTEXT(0)); - asn1_start_tag(asn1, ASN1_SEQUENCE(0)); - - token->mechTypes = TALLOC_P(talloc_autofree_context(), const char *); - for (i = 0; !asn1->has_error && - 0 < asn1_tag_remaining(asn1); i++) { - const char *p_oid = NULL; - token->mechTypes = - TALLOC_REALLOC_ARRAY(talloc_autofree_context(), - token->mechTypes, const char *, i + 2); - if (!token->mechTypes) { - asn1->has_error = True; - return False; - } - asn1_read_OID(asn1, talloc_autofree_context(), &p_oid); - token->mechTypes[i] = p_oid; - } - token->mechTypes[i] = NULL; - - asn1_end_tag(asn1); - asn1_end_tag(asn1); - break; - /* Read reqFlags */ - case ASN1_CONTEXT(1): - asn1_start_tag(asn1, ASN1_CONTEXT(1)); - asn1_read_Integer(asn1, &token->reqFlags); - token->reqFlags |= SPNEGO_REQ_FLAG; - asn1_end_tag(asn1); - break; - /* Read mechToken */ - case ASN1_CONTEXT(2): - asn1_start_tag(asn1, ASN1_CONTEXT(2)); - asn1_read_OctetString(asn1, - talloc_autofree_context(), &token->mechToken); - asn1_end_tag(asn1); - break; - /* Read mecListMIC */ - case ASN1_CONTEXT(3): - asn1_start_tag(asn1, ASN1_CONTEXT(3)); - if (asn1->data[asn1->ofs] == ASN1_OCTET_STRING) { - asn1_read_OctetString(asn1, talloc_autofree_context(), - &token->mechListMIC); - } else { - /* RFC 2478 says we have an Octet String here, - but W2k sends something different... */ - char *mechListMIC; - asn1_push_tag(asn1, ASN1_SEQUENCE(0)); - asn1_push_tag(asn1, ASN1_CONTEXT(0)); - asn1_read_GeneralString(asn1, - talloc_autofree_context(), &mechListMIC); - asn1_pop_tag(asn1); - asn1_pop_tag(asn1); - - token->mechListMIC = - data_blob(mechListMIC, strlen(mechListMIC)); - TALLOC_FREE(mechListMIC); - } - asn1_end_tag(asn1); - break; - default: - asn1->has_error = True; - break; - } - } - - asn1_end_tag(asn1); - asn1_end_tag(asn1); - - return !asn1->has_error; -} - -static bool write_negTokenInit(ASN1_DATA *asn1, negTokenInit_t *token) -{ - asn1_push_tag(asn1, ASN1_CONTEXT(0)); - asn1_push_tag(asn1, ASN1_SEQUENCE(0)); - - /* Write mechTypes */ - if (token->mechTypes && *token->mechTypes) { - int i; - - asn1_push_tag(asn1, ASN1_CONTEXT(0)); - asn1_push_tag(asn1, ASN1_SEQUENCE(0)); - for (i = 0; token->mechTypes[i]; i++) { - asn1_write_OID(asn1, token->mechTypes[i]); - } - asn1_pop_tag(asn1); - asn1_pop_tag(asn1); - } - - /* write reqFlags */ - if (token->reqFlags & SPNEGO_REQ_FLAG) { - int flags = token->reqFlags & ~SPNEGO_REQ_FLAG; - - asn1_push_tag(asn1, ASN1_CONTEXT(1)); - asn1_write_Integer(asn1, flags); - asn1_pop_tag(asn1); - } - - /* write mechToken */ - if (token->mechToken.data) { - asn1_push_tag(asn1, ASN1_CONTEXT(2)); - asn1_write_OctetString(asn1, token->mechToken.data, - token->mechToken.length); - asn1_pop_tag(asn1); - } - - /* write mechListMIC */ - if (token->mechListMIC.data) { - asn1_push_tag(asn1, ASN1_CONTEXT(3)); -#if 0 - /* This is what RFC 2478 says ... */ - asn1_write_OctetString(asn1, token->mechListMIC.data, - token->mechListMIC.length); -#else - /* ... but unfortunately this is what Windows - sends/expects */ - asn1_push_tag(asn1, ASN1_SEQUENCE(0)); - asn1_push_tag(asn1, ASN1_CONTEXT(0)); - asn1_push_tag(asn1, ASN1_GENERAL_STRING); - asn1_write(asn1, token->mechListMIC.data, - token->mechListMIC.length); - asn1_pop_tag(asn1); - asn1_pop_tag(asn1); - asn1_pop_tag(asn1); -#endif - asn1_pop_tag(asn1); - } - - asn1_pop_tag(asn1); - asn1_pop_tag(asn1); - - return !asn1->has_error; -} - -static bool read_negTokenTarg(ASN1_DATA *asn1, negTokenTarg_t *token) -{ - ZERO_STRUCTP(token); - - asn1_start_tag(asn1, ASN1_CONTEXT(1)); - asn1_start_tag(asn1, ASN1_SEQUENCE(0)); - - while (!asn1->has_error && 0 < asn1_tag_remaining(asn1)) { - switch (asn1->data[asn1->ofs]) { - case ASN1_CONTEXT(0): - asn1_start_tag(asn1, ASN1_CONTEXT(0)); - asn1_start_tag(asn1, ASN1_ENUMERATED); - asn1_read_uint8(asn1, &token->negResult); - asn1_end_tag(asn1); - asn1_end_tag(asn1); - break; - case ASN1_CONTEXT(1): { - const char *mech = NULL; - asn1_start_tag(asn1, ASN1_CONTEXT(1)); - asn1_read_OID(asn1, talloc_autofree_context(), &mech); - asn1_end_tag(asn1); - token->supportedMech = CONST_DISCARD(char *, mech); - } - break; - case ASN1_CONTEXT(2): - asn1_start_tag(asn1, ASN1_CONTEXT(2)); - asn1_read_OctetString(asn1, - talloc_autofree_context(), &token->responseToken); - asn1_end_tag(asn1); - break; - case ASN1_CONTEXT(3): - asn1_start_tag(asn1, ASN1_CONTEXT(3)); - asn1_read_OctetString(asn1, - talloc_autofree_context(), &token->mechListMIC); - asn1_end_tag(asn1); - break; - default: - asn1->has_error = True; - break; - } - } - - asn1_end_tag(asn1); - asn1_end_tag(asn1); - - return !asn1->has_error; -} - -static bool write_negTokenTarg(ASN1_DATA *asn1, negTokenTarg_t *token) -{ - asn1_push_tag(asn1, ASN1_CONTEXT(1)); - asn1_push_tag(asn1, ASN1_SEQUENCE(0)); - - asn1_push_tag(asn1, ASN1_CONTEXT(0)); - asn1_write_enumerated(asn1, token->negResult); - asn1_pop_tag(asn1); - - if (token->supportedMech) { - asn1_push_tag(asn1, ASN1_CONTEXT(1)); - asn1_write_OID(asn1, token->supportedMech); - asn1_pop_tag(asn1); - } - - if (token->responseToken.data) { - asn1_push_tag(asn1, ASN1_CONTEXT(2)); - asn1_write_OctetString(asn1, token->responseToken.data, - token->responseToken.length); - asn1_pop_tag(asn1); - } - - if (token->mechListMIC.data) { - asn1_push_tag(asn1, ASN1_CONTEXT(3)); - asn1_write_OctetString(asn1, token->mechListMIC.data, - token->mechListMIC.length); - asn1_pop_tag(asn1); - } - - asn1_pop_tag(asn1); - asn1_pop_tag(asn1); - - return !asn1->has_error; -} - -ssize_t read_spnego_data(DATA_BLOB data, SPNEGO_DATA *token) -{ - ASN1_DATA *asn1; - ssize_t ret = -1; - - ZERO_STRUCTP(token); - - asn1 = asn1_init(talloc_tos()); - if (asn1 == NULL) { - return -1; - } - - asn1_load(asn1, data); - - switch (asn1->data[asn1->ofs]) { - case ASN1_APPLICATION(0): - asn1_start_tag(asn1, ASN1_APPLICATION(0)); - asn1_check_OID(asn1, OID_SPNEGO); - if (read_negTokenInit(asn1, &token->negTokenInit)) { - token->type = SPNEGO_NEG_TOKEN_INIT; - } - asn1_end_tag(asn1); - break; - case ASN1_CONTEXT(1): - if (read_negTokenTarg(asn1, &token->negTokenTarg)) { - token->type = SPNEGO_NEG_TOKEN_TARG; - } - break; - default: - break; - } - - if (!asn1->has_error) ret = asn1->ofs; - asn1_free(asn1); - - return ret; -} - -ssize_t write_spnego_data(DATA_BLOB *blob, SPNEGO_DATA *spnego) -{ - ASN1_DATA *asn1; - ssize_t ret = -1; - - asn1 = asn1_init(talloc_tos()); - if (asn1 == NULL) { - return -1; - } - - switch (spnego->type) { - case SPNEGO_NEG_TOKEN_INIT: - asn1_push_tag(asn1, ASN1_APPLICATION(0)); - asn1_write_OID(asn1, OID_SPNEGO); - write_negTokenInit(asn1, &spnego->negTokenInit); - asn1_pop_tag(asn1); - break; - case SPNEGO_NEG_TOKEN_TARG: - write_negTokenTarg(asn1, &spnego->negTokenTarg); - break; - default: - asn1->has_error = True; - break; - } - - if (!asn1->has_error) { - *blob = data_blob(asn1->data, asn1->length); - ret = asn1->ofs; - } - asn1_free(asn1); - - return ret; -} - -bool free_spnego_data(SPNEGO_DATA *spnego) -{ - bool ret = True; - - if (!spnego) goto out; - - switch(spnego->type) { - case SPNEGO_NEG_TOKEN_INIT: - if (spnego->negTokenInit.mechTypes) { - int i; - for (i = 0; spnego->negTokenInit.mechTypes[i]; i++) { - talloc_free(CONST_DISCARD(char *,spnego->negTokenInit.mechTypes[i])); - } - talloc_free(spnego->negTokenInit.mechTypes); - } - data_blob_free(&spnego->negTokenInit.mechToken); - data_blob_free(&spnego->negTokenInit.mechListMIC); - break; - case SPNEGO_NEG_TOKEN_TARG: - if (spnego->negTokenTarg.supportedMech) { - talloc_free(spnego->negTokenTarg.supportedMech); - } - data_blob_free(&spnego->negTokenTarg.responseToken); - data_blob_free(&spnego->negTokenTarg.mechListMIC); - break; - default: - ret = False; - break; - } - ZERO_STRUCTP(spnego); -out: - return ret; -} diff --git a/source3/modules/vfs_gpfs.c b/source3/modules/vfs_gpfs.c index 3660bb2d3a..dbed89783e 100644 --- a/source3/modules/vfs_gpfs.c +++ b/source3/modules/vfs_gpfs.c @@ -1059,6 +1059,47 @@ static int vfs_gpfs_lstat(struct vfs_handle_struct *handle, return 0; } +static int vfs_gpfs_ntimes(struct vfs_handle_struct *handle, + const struct smb_filename *smb_fname, + struct smb_file_time *ft) +{ + + struct gpfs_winattr attrs; + int ret; + char *path = NULL; + NTSTATUS status; + + ret = SMB_VFS_NEXT_NTIMES(handle, smb_fname, ft); + if(ret == -1){ + DEBUG(1,("vfs_gpfs_ntimes: SMB_VFS_NEXT_NTIMES failed\n")); + return -1; + } + + if(null_timespec(ft->create_time)){ + DEBUG(10,("vfs_gpfs_ntimes:Create Time is NULL\n")); + return 0; + } + + status = get_full_smb_filename(talloc_tos(), smb_fname, &path); + if (!NT_STATUS_IS_OK) { + errno = map_errno_from_nt_status(status); + return -1; + } + + attrs.winAttrs = 0; + attrs.creationTime.tv_sec = ft->create_time.tv_sec; + attrs.creationTime.tv_nsec = ft->create_time.tv_nsec; + + ret = set_gpfs_winattrs(CONST_DISCARD(char *, path), + GPFS_WINATTR_SET_CREATION_TIME, &attrs); + if(ret == -1){ + DEBUG(1,("vfs_gpfs_ntimes: set GPFS ntimes failed %d\n",ret)); + return -1; + } + return 0; + +} + static struct vfs_fn_pointers vfs_gpfs_fns = { .kernel_flock = vfs_gpfs_kernel_flock, .setlease = vfs_gpfs_setlease, @@ -1079,6 +1120,7 @@ static struct vfs_fn_pointers vfs_gpfs_fns = { .stat = vfs_gpfs_stat, .fstat = vfs_gpfs_fstat, .lstat = vfs_gpfs_lstat, + .ntimes = vfs_gpfs_ntimes, }; NTSTATUS vfs_gpfs_init(void); diff --git a/source3/modules/vfs_tsmsm.c b/source3/modules/vfs_tsmsm.c index b5104329e1..7c63b8c20e 100644 --- a/source3/modules/vfs_tsmsm.c +++ b/source3/modules/vfs_tsmsm.c @@ -314,7 +314,7 @@ static ssize_t tsmsm_pread(struct vfs_handle_struct *handle, struct files_struct } static ssize_t tsmsm_pwrite(struct vfs_handle_struct *handle, struct files_struct *fsp, - void *data, size_t n, SMB_OFF_T offset) { + const void *data, size_t n, SMB_OFF_T offset) { ssize_t result; bool notify_online = tsmsm_aio_force(handle, fsp); @@ -367,7 +367,7 @@ static struct vfs_fn_pointers tsmsm_fns = { .connect_fn = tsmsm_connect, .fs_capabilities = tsmsm_fs_capabilities, .aio_force = tsmsm_aio_force, - .aio_return = tsmsm_aio_return, + .aio_return_fn = tsmsm_aio_return, .pread = tsmsm_pread, .pwrite = tsmsm_pwrite, .sendfile = tsmsm_sendfile, @@ -379,5 +379,5 @@ NTSTATUS vfs_tsmsm_init(void); NTSTATUS vfs_tsmsm_init(void) { return smb_register_vfs(SMB_VFS_INTERFACE_VERSION, - "tsmsm", &vfs_fns); + "tsmsm", &tsmsm_fns); } diff --git a/source3/rpc_client/cli_pipe.c b/source3/rpc_client/cli_pipe.c index 186696fbbc..5392d1f78f 100644 --- a/source3/rpc_client/cli_pipe.c +++ b/source3/rpc_client/cli_pipe.c @@ -23,6 +23,7 @@ #include "../librpc/gen_ndr/ndr_schannel.h" #include "../libcli/auth/schannel.h" #include "../libcli/auth/schannel_proto.h" +#include "../libcli/auth/spnego.h" #undef DBGC_CLASS #define DBGC_CLASS DBGC_RPC_CLI diff --git a/source3/rpc_server/srv_netlog_nt.c b/source3/rpc_server/srv_netlog_nt.c index 33a81fa651..9169c74534 100644 --- a/source3/rpc_server/srv_netlog_nt.c +++ b/source3/rpc_server/srv_netlog_nt.c @@ -910,6 +910,12 @@ static NTSTATUS _netr_LogonSamLogon_base(pipes_struct *p, return NT_STATUS_NO_MEMORY; } break; + case 6: + r->out.validation->sam6 = TALLOC_ZERO_P(p->mem_ctx, struct netr_SamInfo6); + if (!r->out.validation->sam6) { + return NT_STATUS_NO_MEMORY; + } + break; default: DEBUG(0,("%s: bad validation_level value %d.\n", fn, (int)r->in.validation_level)); @@ -918,6 +924,9 @@ static NTSTATUS _netr_LogonSamLogon_base(pipes_struct *p, switch (r->in.logon_level) { case NetlogonInteractiveInformation: + case NetlogonServiceInformation: + case NetlogonInteractiveTransitiveInformation: + case NetlogonServiceTransitiveInformation: nt_username = logon->password->identity_info.account_name.string; nt_domain = logon->password->identity_info.domain_name.string; nt_workstation = logon->password->identity_info.workstation.string; @@ -925,6 +934,7 @@ static NTSTATUS _netr_LogonSamLogon_base(pipes_struct *p, DEBUG(3,("SAM Logon (Interactive). Domain:[%s]. ", lp_workgroup())); break; case NetlogonNetworkInformation: + case NetlogonNetworkTransitiveInformation: nt_username = logon->network->identity_info.account_name.string; nt_domain = logon->network->identity_info.domain_name.string; nt_workstation = logon->network->identity_info.workstation.string; @@ -947,6 +957,7 @@ static NTSTATUS _netr_LogonSamLogon_base(pipes_struct *p, switch (r->in.logon_level) { case NetlogonNetworkInformation: + case NetlogonNetworkTransitiveInformation: { const char *wksname = nt_workstation; @@ -976,6 +987,10 @@ static NTSTATUS _netr_LogonSamLogon_base(pipes_struct *p, break; } case NetlogonInteractiveInformation: + case NetlogonServiceInformation: + case NetlogonInteractiveTransitiveInformation: + case NetlogonServiceTransitiveInformation: + /* 'Interactive' authentication, supplies the password in its MD4 form, encrypted with the session key. We will convert this to challenge/response for the auth subsystem to chew @@ -1066,6 +1081,10 @@ static NTSTATUS _netr_LogonSamLogon_base(pipes_struct *p, status = serverinfo_to_SamInfo3(server_info, pipe_session_key, 16, r->out.validation->sam3); break; + case 6: + status = serverinfo_to_SamInfo6(server_info, pipe_session_key, 16, + r->out.validation->sam6); + break; } TALLOC_FREE(server_info); diff --git a/source3/rpc_server/srv_pipe.c b/source3/rpc_server/srv_pipe.c index 627dac0f82..8611be49e3 100644 --- a/source3/rpc_server/srv_pipe.c +++ b/source3/rpc_server/srv_pipe.c @@ -32,6 +32,7 @@ #include "../librpc/gen_ndr/ndr_schannel.h" #include "../libcli/auth/schannel.h" #include "../libcli/auth/schannel_proto.h" +#include "../libcli/auth/spnego.h" extern struct current_user current_user; diff --git a/source3/rpc_server/srv_pipe_hnd.c b/source3/rpc_server/srv_pipe_hnd.c index b13e34be07..7711d6ced8 100644 --- a/source3/rpc_server/srv_pipe_hnd.c +++ b/source3/rpc_server/srv_pipe_hnd.c @@ -1716,3 +1716,54 @@ NTSTATUS serverinfo_to_SamInfo3(struct auth_serversupplied_info *server_info, return NT_STATUS_OK; } + +/**************************************************************************** + inits a netr_SamInfo6 structure from an auth_serversupplied_info. sam6 must + already be initialized and is used as the talloc parent for its members. +*****************************************************************************/ + +NTSTATUS serverinfo_to_SamInfo6(struct auth_serversupplied_info *server_info, + uint8_t *pipe_session_key, + size_t pipe_session_key_len, + struct netr_SamInfo6 *sam6) +{ + NTSTATUS status; + struct pdb_domain_info *dominfo; + + if ((pdb_capabilities() & PDB_CAP_ADS) == 0) { + DEBUG(10,("Not adding validation info level 6 " + "without ADS passdb backend\n")); + return NT_STATUS_INVALID_INFO_CLASS; + } + + dominfo = pdb_get_domain_info(sam6); + if (dominfo == NULL) { + return NT_STATUS_NO_MEMORY; + } + + status = serverinfo_to_SamInfo_base(sam6, + server_info, + pipe_session_key, + pipe_session_key_len, + &sam6->base); + if (!NT_STATUS_IS_OK(status)) { + return status; + } + + sam6->sidcount = 0; + sam6->sids = NULL; + + sam6->forest.string = talloc_strdup(sam6, dominfo->dns_forest); + if (sam6->forest.string == NULL) { + return NT_STATUS_NO_MEMORY; + } + + sam6->principle.string = talloc_asprintf(sam6, "%s@%s", + pdb_get_username(server_info->sam_account), + dominfo->dns_domain); + if (sam6->principle.string == NULL) { + return NT_STATUS_NO_MEMORY; + } + + return NT_STATUS_OK; +} diff --git a/source3/rpcclient/cmd_netlogon.c b/source3/rpcclient/cmd_netlogon.c index aa493214d7..ae76652113 100644 --- a/source3/rpcclient/cmd_netlogon.c +++ b/source3/rpcclient/cmd_netlogon.c @@ -1127,11 +1127,9 @@ static NTSTATUS cmd_netlogon_capabilities(struct rpc_pipe_client *cli, level = atoi(argv[1]); } -#if 0 + ZERO_STRUCT(return_authenticator); + netlogon_creds_client_authenticator(cli->dc, &credential); -#else - ZERO_STRUCT(credential); -#endif status = rpccli_netr_LogonGetCapabilities(cli, mem_ctx, cli->desthost, @@ -1140,13 +1138,14 @@ static NTSTATUS cmd_netlogon_capabilities(struct rpc_pipe_client *cli, &return_authenticator, level, &capabilities); -#if 0 + if (!netlogon_creds_client_check(cli->dc, &return_authenticator.cred)) { DEBUG(0,("credentials chain check failed\n")); return NT_STATUS_ACCESS_DENIED; } -#endif + + printf("capabilities: 0x%08x\n", capabilities.server_capabilities); return status; } diff --git a/source3/smbd/globals.c b/source3/smbd/globals.c index f680b76369..68fa795ba2 100644 --- a/source3/smbd/globals.c +++ b/source3/smbd/globals.c @@ -95,7 +95,7 @@ time_t last_printer_reload_time = 0; for processing. ****************************************************************************/ struct pending_message_list *deferred_open_queue = NULL; -uint32_t common_flags2 = FLAGS2_LONG_PATH_COMPONENTS|FLAGS2_32_BIT_ERROR_CODES; +uint32_t common_flags2 = FLAGS2_LONG_PATH_COMPONENTS|FLAGS2_32_BIT_ERROR_CODES|FLAGS2_EXTENDED_ATTRIBUTES; struct smb_srv_trans_enc_ctx *partial_srv_trans_enc_ctx = NULL; struct smb_srv_trans_enc_ctx *srv_trans_enc_ctx = NULL; diff --git a/source3/smbd/negprot.c b/source3/smbd/negprot.c index 85dc32447d..372f38eb57 100644 --- a/source3/smbd/negprot.c +++ b/source3/smbd/negprot.c @@ -20,6 +20,7 @@ #include "includes.h" #include "smbd/globals.h" +#include "../libcli/auth/spnego.h" extern fstring remote_proto; extern enum protocol_types Protocol; diff --git a/source3/smbd/nttrans.c b/source3/smbd/nttrans.c index 1b981578e3..cf955d9651 100644 --- a/source3/smbd/nttrans.c +++ b/source3/smbd/nttrans.c @@ -810,7 +810,7 @@ static NTSTATUS set_sd(files_struct *fsp, uint8 *data, uint32 sd_len, Read a list of EA names and data from an incoming data buffer. Create an ea_list with them. ****************************************************************************/ -static struct ea_list *read_nttrans_ea_list(TALLOC_CTX *ctx, const char *pdata, size_t data_size) +struct ea_list *read_nttrans_ea_list(TALLOC_CTX *ctx, const char *pdata, size_t data_size) { struct ea_list *ea_list_head = NULL; size_t offset = 0; diff --git a/source3/smbd/seal.c b/source3/smbd/seal.c index 0d5415b5f4..2d738cbd12 100644 --- a/source3/smbd/seal.c +++ b/source3/smbd/seal.c @@ -19,6 +19,7 @@ #include "includes.h" #include "smbd/globals.h" +#include "../libcli/auth/spnego.h" /****************************************************************************** Server side encryption. diff --git a/source3/smbd/sesssetup.c b/source3/smbd/sesssetup.c index 2d2e5141ee..16ea2ebfa9 100644 --- a/source3/smbd/sesssetup.c +++ b/source3/smbd/sesssetup.c @@ -24,6 +24,7 @@ #include "includes.h" #include "smbd/globals.h" +#include "../libcli/auth/spnego.h" extern enum protocol_types Protocol; diff --git a/source3/smbd/smb2_create.c b/source3/smbd/smb2_create.c index 3090650c3b..e0815049a4 100644 --- a/source3/smbd/smb2_create.c +++ b/source3/smbd/smb2_create.c @@ -450,9 +450,13 @@ static struct tevent_req *smbd_smb2_create_send(TALLOC_CTX *mem_ctx, return tevent_req_post(req, ev); } - /* TODO */ - tevent_req_nterror(req, NT_STATUS_EAS_NOT_SUPPORTED); - return tevent_req_post(req, ev); + ea_list = read_nttrans_ea_list(mem_ctx, + (const char *)exta->data.data, exta->data.length); + if (!ea_list) { + DEBUG(10,("smbd_smb2_create_send: read_ea_name_list failed.\n")); + tevent_req_nterror(req, NT_STATUS_INVALID_PARAMETER); + return tevent_req_post(req, ev); + } } if (mxac) { diff --git a/source3/smbd/smb2_sesssetup.c b/source3/smbd/smb2_sesssetup.c index 4724516f2e..dc24124b54 100644 --- a/source3/smbd/smb2_sesssetup.c +++ b/source3/smbd/smb2_sesssetup.c @@ -21,6 +21,7 @@ #include "includes.h" #include "smbd/globals.h" #include "../libcli/smb/smb_common.h" +#include "../libcli/auth/spnego.h" static NTSTATUS smbd_smb2_session_setup(struct smbd_smb2_request *req, uint64_t in_session_id, diff --git a/source3/smbd/trans2.c b/source3/smbd/trans2.c index f2c025b6c1..85eb73749a 100644 --- a/source3/smbd/trans2.c +++ b/source3/smbd/trans2.c @@ -4379,6 +4379,9 @@ NTSTATUS smbd_do_qfilepathinfo(connection_struct *conn, case 0xFF0F:/*SMB2_INFO_QUERY_ALL_EAS*/ { + /* This is FileFullEaInformation - 0xF which maps to + * 1015 (decimal) in smbd_do_setfilepathinfo. */ + /* We have data_size bytes to put EA's into. */ size_t total_ea_len = 0; struct ea_list *ea_file_list = NULL; @@ -5656,6 +5659,53 @@ static NTSTATUS smb_info_set_ea(connection_struct *conn, } /**************************************************************************** + Deal with SMB_FILE_FULL_EA_INFORMATION set. +****************************************************************************/ + +static NTSTATUS smb_set_file_full_ea_info(connection_struct *conn, + const char *pdata, + int total_data, + files_struct *fsp) +{ + struct ea_list *ea_list = NULL; + NTSTATUS status; + + if (!fsp) { + return NT_STATUS_INVALID_HANDLE; + } + + if (!lp_ea_support(SNUM(conn))) { + DEBUG(10, ("smb_set_file_full_ea_info - ea_len = %u but " + "EA's not supported.\n", + (unsigned int)total_data)); + return NT_STATUS_EAS_NOT_SUPPORTED; + } + + if (total_data < 10) { + DEBUG(10, ("smb_set_file_full_ea_info - ea_len = %u " + "too small.\n", + (unsigned int)total_data)); + return NT_STATUS_INVALID_PARAMETER; + } + + ea_list = read_nttrans_ea_list(talloc_tos(), + pdata, + total_data); + + if (!ea_list) { + return NT_STATUS_INVALID_PARAMETER; + } + status = set_ea(conn, fsp, fsp->fsp_name, ea_list); + + DEBUG(10, ("smb_set_file_full_ea_info on file %s returned %s\n", + smb_fname_str_dbg(fsp->fsp_name), + nt_errstr(status) )); + + return status; +} + + +/**************************************************************************** Deal with SMB_SET_FILE_DISPOSITION_INFO. ****************************************************************************/ @@ -7374,6 +7424,15 @@ NTSTATUS smbd_do_setfilepathinfo(connection_struct *conn, break; } + case SMB_FILE_FULL_EA_INFORMATION: + { + status = smb_set_file_full_ea_info(conn, + pdata, + total_data, + fsp); + break; + } + /* From tridge Samba4 : * MODE_INFORMATION in setfileinfo (I have no * idea what "mode information" on a file is - it takes a value of 0, diff --git a/source3/torture/torture.c b/source3/torture/torture.c index ed592f169b..98694ed3d0 100644 --- a/source3/torture/torture.c +++ b/source3/torture/torture.c @@ -76,6 +76,23 @@ void *shm_setup(int size) int shmid; void *ret; +#ifdef __QNXNTO__ + shmid = shm_open("private", O_RDWR | O_CREAT | O_EXCL, S_IRUSR | S_IWUSR); + if (shmid == -1) { + printf("can't get shared memory\n"); + exit(1); + } + shm_unlink("private"); + if (ftruncate(shmid, size) == -1) { + printf("can't set shared memory size\n"); + exit(1); + } + ret = mmap(0, size, PROT_READ | PROT_WRITE, MAP_SHARED, shmid, 0); + if (ret == MAP_FAILED) { + printf("can't map shared memory\n"); + exit(1); + } +#else shmid = shmget(IPC_PRIVATE, size, S_IRUSR | S_IWUSR); if (shmid == -1) { printf("can't get shared memory\n"); @@ -94,6 +111,7 @@ void *shm_setup(int size) See Stevens "advanced programming in unix env" for details */ shmctl(shmid, IPC_RMID, 0); +#endif return ret; } diff --git a/source3/utils/ntlm_auth.c b/source3/utils/ntlm_auth.c index 6de5ea67e4..3bdc45a6ef 100644 --- a/source3/utils/ntlm_auth.c +++ b/source3/utils/ntlm_auth.c @@ -26,6 +26,7 @@ #include "includes.h" #include "utils/ntlm_auth.h" #include "../libcli/auth/libcli_auth.h" +#include "../libcli/auth/spnego.h" #include <iniparser.h> #ifndef PAM_WINBIND_CONFIG_FILE @@ -1113,7 +1114,7 @@ static void manage_squid_basic_request(struct ntlm_auth_state *state, static void offer_gss_spnego_mechs(void) { DATA_BLOB token; - SPNEGO_DATA spnego; + struct spnego_data spnego; ssize_t len; char *reply_base64; TALLOC_CTX *ctx = talloc_tos(); @@ -1149,8 +1150,8 @@ static void offer_gss_spnego_mechs(void) { spnego.negTokenInit.mechListMIC = data_blob(principal, strlen(principal)); - len = write_spnego_data(&token, &spnego); - free_spnego_data(&spnego); + len = spnego_write_data(ctx, &token, &spnego); + spnego_free_data(&spnego); if (len == -1) { DEBUG(1, ("Could not write SPNEGO data blob\n")); @@ -1171,7 +1172,7 @@ static void manage_gss_spnego_request(struct ntlm_auth_state *state, char *buf, int length) { static NTLMSSP_STATE *ntlmssp_state = NULL; - SPNEGO_DATA request, response; + struct spnego_data request, response; DATA_BLOB token; NTSTATUS status; ssize_t len; @@ -1219,7 +1220,7 @@ static void manage_gss_spnego_request(struct ntlm_auth_state *state, } token = base64_decode_data_blob(buf + 3); - len = read_spnego_data(token, &request); + len = spnego_read_data(ctx, token, &request); data_blob_free(&token); if (len == -1) { @@ -1367,7 +1368,7 @@ static void manage_gss_spnego_request(struct ntlm_auth_state *state, } } - free_spnego_data(&request); + spnego_free_data(&request); if (NT_STATUS_IS_OK(status)) { response.negTokenTarg.negResult = SPNEGO_ACCEPT_COMPLETED; @@ -1393,8 +1394,8 @@ static void manage_gss_spnego_request(struct ntlm_auth_state *state, SAFE_FREE(user); SAFE_FREE(domain); - len = write_spnego_data(&token, &response); - free_spnego_data(&response); + len = spnego_write_data(ctx, &token, &response); + spnego_free_data(&response); if (len == -1) { DEBUG(1, ("Could not write SPNEGO data blob\n")); @@ -1415,13 +1416,14 @@ static void manage_gss_spnego_request(struct ntlm_auth_state *state, static NTLMSSP_STATE *client_ntlmssp_state = NULL; -static bool manage_client_ntlmssp_init(SPNEGO_DATA spnego) +static bool manage_client_ntlmssp_init(struct spnego_data spnego) { NTSTATUS status; DATA_BLOB null_blob = data_blob_null; DATA_BLOB to_server; char *to_server_base64; const char *my_mechs[] = {OID_NTLMSSP, NULL}; + TALLOC_CTX *ctx = talloc_tos(); DEBUG(10, ("Got spnego negTokenInit with NTLMSSP\n")); @@ -1452,7 +1454,8 @@ static bool manage_client_ntlmssp_init(SPNEGO_DATA spnego) spnego.type = SPNEGO_NEG_TOKEN_INIT; spnego.negTokenInit.mechTypes = my_mechs; - spnego.negTokenInit.reqFlags = 0; + spnego.negTokenInit.reqFlags = data_blob_null; + spnego.negTokenInit.reqFlagsPadding = 0; spnego.negTokenInit.mechListMIC = null_blob; status = ntlmssp_update(client_ntlmssp_state, null_blob, @@ -1466,7 +1469,7 @@ static bool manage_client_ntlmssp_init(SPNEGO_DATA spnego) return False; } - write_spnego_data(&to_server, &spnego); + spnego_write_data(ctx, &to_server, &spnego); data_blob_free(&spnego.negTokenInit.mechToken); to_server_base64 = base64_encode_data_blob(talloc_tos(), to_server); @@ -1476,13 +1479,14 @@ static bool manage_client_ntlmssp_init(SPNEGO_DATA spnego) return True; } -static void manage_client_ntlmssp_targ(SPNEGO_DATA spnego) +static void manage_client_ntlmssp_targ(struct spnego_data spnego) { NTSTATUS status; DATA_BLOB null_blob = data_blob_null; DATA_BLOB request; DATA_BLOB to_server; char *to_server_base64; + TALLOC_CTX *ctx = talloc_tos(); DEBUG(10, ("Got spnego negTokenTarg with NTLMSSP\n")); @@ -1525,7 +1529,7 @@ static void manage_client_ntlmssp_targ(SPNEGO_DATA spnego) spnego.negTokenTarg.responseToken = request; spnego.negTokenTarg.mechListMIC = null_blob; - write_spnego_data(&to_server, &spnego); + spnego_write_data(ctx, &to_server, &spnego); data_blob_free(&request); to_server_base64 = base64_encode_data_blob(talloc_tos(), to_server); @@ -1537,17 +1541,18 @@ static void manage_client_ntlmssp_targ(SPNEGO_DATA spnego) #ifdef HAVE_KRB5 -static bool manage_client_krb5_init(SPNEGO_DATA spnego) +static bool manage_client_krb5_init(struct spnego_data spnego) { char *principal; DATA_BLOB tkt, to_server; DATA_BLOB session_key_krb5 = data_blob_null; - SPNEGO_DATA reply; + struct spnego_data reply; char *reply_base64; int retval; const char *my_mechs[] = {OID_KERBEROS5_OLD, NULL}; ssize_t len; + TALLOC_CTX *ctx = talloc_tos(); if ( (spnego.negTokenInit.mechListMIC.data == NULL) || (spnego.negTokenInit.mechListMIC.length == 0) ) { @@ -1605,11 +1610,12 @@ static bool manage_client_krb5_init(SPNEGO_DATA spnego) reply.type = SPNEGO_NEG_TOKEN_INIT; reply.negTokenInit.mechTypes = my_mechs; - reply.negTokenInit.reqFlags = 0; + reply.negTokenInit.reqFlags = data_blob_null; + reply.negTokenInit.reqFlagsPadding = 0; reply.negTokenInit.mechToken = tkt; reply.negTokenInit.mechListMIC = data_blob_null; - len = write_spnego_data(&to_server, &reply); + len = spnego_write_data(ctx, &to_server, &reply); data_blob_free(&tkt); if (len == -1) { @@ -1626,7 +1632,7 @@ static bool manage_client_krb5_init(SPNEGO_DATA spnego) return True; } -static void manage_client_krb5_targ(SPNEGO_DATA spnego) +static void manage_client_krb5_targ(struct spnego_data spnego) { switch (spnego.negTokenTarg.negResult) { case SPNEGO_ACCEPT_INCOMPLETE: @@ -1654,8 +1660,9 @@ static void manage_gss_spnego_client_request(struct ntlm_auth_state *state, char *buf, int length) { DATA_BLOB request; - SPNEGO_DATA spnego; + struct spnego_data spnego; ssize_t len; + TALLOC_CTX *ctx = talloc_tos(); if (!opt_username || !*opt_username) { x_fprintf(x_stderr, "username must be specified!\n\n"); @@ -1700,7 +1707,7 @@ static void manage_gss_spnego_client_request(struct ntlm_auth_state *state, /* So we got a server challenge to generate a SPNEGO client-to-server request... */ - len = read_spnego_data(request, &spnego); + len = spnego_read_data(ctx, request, &spnego); data_blob_free(&request); if (len == -1) { @@ -1786,7 +1793,7 @@ static void manage_gss_spnego_client_request(struct ntlm_auth_state *state, return; out: - free_spnego_data(&spnego); + spnego_free_data(&spnego); return; } diff --git a/source3/winbindd/winbindd_ads.c b/source3/winbindd/winbindd_ads.c index 450d2ee3e5..119e81d3e2 100644 --- a/source3/winbindd/winbindd_ads.c +++ b/source3/winbindd/winbindd_ads.c @@ -983,8 +983,6 @@ static NTSTATUS lookup_groupmem(struct winbindd_domain *domain, int i; size_t num_members = 0; ads_control args; - struct rpc_pipe_client *cli; - struct policy_handle lsa_policy; DOM_SID *sid_mem_nocache = NULL; char **names_nocache = NULL; enum lsa_SidType *name_types_nocache = NULL; @@ -1126,31 +1124,14 @@ static NTSTATUS lookup_groupmem(struct winbindd_domain *domain, /* handle sids not resolved from cache by lsa_lookup_sids */ if (num_nocache > 0) { - unsigned int orig_timeout; - status = cm_connect_lsa(domain, tmp_ctx, &cli, &lsa_policy); - - if (!NT_STATUS_IS_OK(status)) { - goto done; - } - - /* - * This call can take a long time - * allow the server to time out. - * 35 seconds should do it. - */ - orig_timeout = rpccli_set_timeout(cli, 35000); - - status = rpccli_lsa_lookup_sids(cli, tmp_ctx, - &lsa_policy, - num_nocache, - sid_mem_nocache, - &domains_nocache, - &names_nocache, - &name_types_nocache); - - /* And restore our original timeout. */ - rpccli_set_timeout(cli, orig_timeout); + status = winbindd_lookup_sids(tmp_ctx, + domain, + num_nocache, + sid_mem_nocache, + &domains_nocache, + &names_nocache, + &name_types_nocache); if (!(NT_STATUS_IS_OK(status) || NT_STATUS_EQUAL(status, STATUS_SOME_UNMAPPED) || @@ -1159,30 +1140,13 @@ static NTSTATUS lookup_groupmem(struct winbindd_domain *domain, DEBUG(1, ("lsa_lookupsids call failed with %s " "- retrying...\n", nt_errstr(status))); - status = cm_connect_lsa(domain, tmp_ctx, &cli, - &lsa_policy); - - if (!NT_STATUS_IS_OK(status)) { - goto done; - } - - /* - * This call can take a long time - * allow the server to time out. - * 35 seconds should do it. - */ - orig_timeout = rpccli_set_timeout(cli, 35000); - - status = rpccli_lsa_lookup_sids(cli, tmp_ctx, - &lsa_policy, - num_nocache, - sid_mem_nocache, - &domains_nocache, - &names_nocache, - &name_types_nocache); - - /* And restore our original timeout. */ - rpccli_set_timeout(cli, orig_timeout); + status = winbindd_lookup_sids(tmp_ctx, + domain, + num_nocache, + sid_mem_nocache, + &domains_nocache, + &names_nocache, + &name_types_nocache); } if (NT_STATUS_IS_OK(status) || diff --git a/source3/winbindd/winbindd_proto.h b/source3/winbindd/winbindd_proto.h index f1fc0f6a2a..427579faf1 100644 --- a/source3/winbindd/winbindd_proto.h +++ b/source3/winbindd/winbindd_proto.h @@ -63,6 +63,22 @@ int main(int argc, char **argv, char **envp); /* The following definitions come from winbindd/winbindd_ads.c */ +/* The following definitions come from winbindd/winbindd_rpc.c */ + +NTSTATUS winbindd_lookup_sids(TALLOC_CTX *mem_ctx, + struct winbindd_domain *domain, + uint32_t num_sids, + const struct dom_sid *sids, + char ***domains, + char ***names, + enum lsa_SidType **types); +NTSTATUS winbindd_lookup_names(TALLOC_CTX *mem_ctx, + struct winbindd_domain *domain, + uint32_t num_names, + const char **names, + const char ***domains, + struct dom_sid **sids, + enum lsa_SidType **types); /* The following definitions come from winbindd/winbindd_async.c */ diff --git a/source3/winbindd/winbindd_remove_mapping.c b/source3/winbindd/winbindd_remove_mapping.c index e94f6c28a1..055694d63c 100644 --- a/source3/winbindd/winbindd_remove_mapping.c +++ b/source3/winbindd/winbindd_remove_mapping.c @@ -96,7 +96,7 @@ static void winbindd_remove_mapping_done(struct tevent_req *subreq) tevent_req_nterror(req, result); return; } - return tevent_req_done(req); + tevent_req_done(req); } NTSTATUS winbindd_remove_mapping_recv(struct tevent_req *req, diff --git a/source3/winbindd/winbindd_rpc.c b/source3/winbindd/winbindd_rpc.c index f664f22232..70eeae6408 100644 --- a/source3/winbindd/winbindd_rpc.c +++ b/source3/winbindd/winbindd_rpc.c @@ -278,11 +278,8 @@ static NTSTATUS msrpc_name_to_sid(struct winbindd_domain *domain, DOM_SID *sids = NULL; enum lsa_SidType *types = NULL; char *full_name = NULL; - struct rpc_pipe_client *cli; - struct policy_handle lsa_policy; NTSTATUS name_map_status = NT_STATUS_UNSUCCESSFUL; char *mapped_name = NULL; - unsigned int orig_timeout; if (name == NULL || *name=='\0') { full_name = talloc_asprintf(mem_ctx, "%s", domain_name); @@ -312,23 +309,9 @@ static NTSTATUS msrpc_name_to_sid(struct winbindd_domain *domain, DEBUG(3,("name_to_sid [rpc] %s for domain %s\n", full_name?full_name:"", domain_name )); - result = cm_connect_lsa(domain, mem_ctx, &cli, &lsa_policy); - if (!NT_STATUS_IS_OK(result)) - return result; - - /* - * This call can take a long time - * allow the server to time out. - * 35 seconds should do it. - */ - orig_timeout = rpccli_set_timeout(cli, 35000); - - result = rpccli_lsa_lookup_names(cli, mem_ctx, &lsa_policy, 1, - (const char**) &full_name, NULL, 1, &sids, &types); - - /* And restore our original timeout. */ - rpccli_set_timeout(cli, orig_timeout); - + result = winbindd_lookup_names(mem_ctx, domain, 1, + (const char **)&full_name, NULL, + &sids, &types); if (!NT_STATUS_IS_OK(result)) return result; @@ -354,42 +337,26 @@ static NTSTATUS msrpc_sid_to_name(struct winbindd_domain *domain, char **names; enum lsa_SidType *types = NULL; NTSTATUS result; - struct rpc_pipe_client *cli; - struct policy_handle lsa_policy; NTSTATUS name_map_status = NT_STATUS_UNSUCCESSFUL; char *mapped_name = NULL; - unsigned int orig_timeout; DEBUG(3,("sid_to_name [rpc] %s for domain %s\n", sid_string_dbg(sid), domain->name )); - result = cm_connect_lsa(domain, mem_ctx, &cli, &lsa_policy); + result = winbindd_lookup_sids(mem_ctx, + domain, + 1, + sid, + &domains, + &names, + &types); if (!NT_STATUS_IS_OK(result)) { - DEBUG(2,("msrpc_sid_to_name: cm_connect_lsa() failed (%s)\n", - nt_errstr(result))); + DEBUG(2,("msrpc_sid_to_name: failed to lookup sids: %s\n", + nt_errstr(result))); return result; } - /* - * This call can take a long time - * allow the server to time out. - * 35 seconds should do it. - */ - orig_timeout = rpccli_set_timeout(cli, 35000); - - result = rpccli_lsa_lookup_sids(cli, mem_ctx, &lsa_policy, - 1, sid, &domains, &names, &types); - - /* And restore our original timeout. */ - rpccli_set_timeout(cli, orig_timeout); - - if (!NT_STATUS_IS_OK(result)) { - DEBUG(2,("msrpc_sid_to_name: rpccli_lsa_lookup_sids() failed (%s)\n", - nt_errstr(result))); - return result; - } - *type = (enum lsa_SidType)types[0]; *domain_name = domains[0]; *name = names[0]; @@ -419,12 +386,9 @@ static NTSTATUS msrpc_rids_to_names(struct winbindd_domain *domain, { char **domains; NTSTATUS result; - struct rpc_pipe_client *cli; - struct policy_handle lsa_policy; DOM_SID *sids; size_t i; char **ret_names; - unsigned int orig_timeout; DEBUG(3, ("rids_to_names [rpc] for domain %s\n", domain->name )); @@ -443,24 +407,13 @@ static NTSTATUS msrpc_rids_to_names(struct winbindd_domain *domain, } } - result = cm_connect_lsa(domain, mem_ctx, &cli, &lsa_policy); - if (!NT_STATUS_IS_OK(result)) { - return result; - } - - /* - * This call can take a long time - * allow the server to time out. - * 35 seconds should do it. - */ - orig_timeout = rpccli_set_timeout(cli, 35000); - - result = rpccli_lsa_lookup_sids(cli, mem_ctx, &lsa_policy, - num_rids, sids, &domains, - names, types); - - /* And restore our original timeout. */ - rpccli_set_timeout(cli, orig_timeout); + result = winbindd_lookup_sids(mem_ctx, + domain, + num_rids, + sids, + &domains, + names, + types); if (!NT_STATUS_IS_OK(result) && !NT_STATUS_EQUAL(result, STATUS_SOME_UNMAPPED)) { @@ -1225,6 +1178,82 @@ static NTSTATUS msrpc_password_policy(struct winbindd_domain *domain, return result; } +NTSTATUS winbindd_lookup_sids(TALLOC_CTX *mem_ctx, + struct winbindd_domain *domain, + uint32_t num_sids, + const struct dom_sid *sids, + char ***domains, + char ***names, + enum lsa_SidType **types) +{ + NTSTATUS status; + struct rpc_pipe_client *cli = NULL; + struct policy_handle lsa_policy; + unsigned int orig_timeout; + + status = cm_connect_lsa(domain, mem_ctx, &cli, &lsa_policy); + if (!NT_STATUS_IS_OK(status)) { + return status; + } + + /* + * This call can take a long time + * allow the server to time out. + * 35 seconds should do it. + */ + orig_timeout = rpccli_set_timeout(cli, 35000); + + status = rpccli_lsa_lookup_sids(cli, mem_ctx, &lsa_policy, + num_sids, sids, domains, + names, types); + + /* And restore our original timeout. */ + rpccli_set_timeout(cli, orig_timeout); + + if (!NT_STATUS_IS_OK(status)) { + return status; + } + + return status; +} + +NTSTATUS winbindd_lookup_names(TALLOC_CTX *mem_ctx, + struct winbindd_domain *domain, + uint32_t num_names, + const char **names, + const char ***domains, + struct dom_sid **sids, + enum lsa_SidType **types) +{ + NTSTATUS status; + struct rpc_pipe_client *cli = NULL; + struct policy_handle lsa_policy; + unsigned int orig_timeout; + + status = cm_connect_lsa(domain, mem_ctx, &cli, &lsa_policy); + if (!NT_STATUS_IS_OK(status)) { + return status; + } + + /* + * This call can take a long time + * allow the server to time out. + * 35 seconds should do it. + */ + orig_timeout = rpccli_set_timeout(cli, 35000); + + status = rpccli_lsa_lookup_names(cli, mem_ctx, &lsa_policy, num_names, + names, domains, 1, sids, types); + + /* And restore our original timeout. */ + rpccli_set_timeout(cli, orig_timeout); + + if (!NT_STATUS_IS_OK(status)) { + return status; + } + + return status; +} /* the rpc backend methods are exposed via this structure */ struct winbindd_methods msrpc_methods = { diff --git a/source3/winbindd/winbindd_set_hwm.c b/source3/winbindd/winbindd_set_hwm.c index e648ee5bcd..4446ae22f0 100644 --- a/source3/winbindd/winbindd_set_hwm.c +++ b/source3/winbindd/winbindd_set_hwm.c @@ -85,7 +85,7 @@ static void winbindd_set_hwm_done(struct tevent_req *subreq) tevent_req_nterror(req, result); return; } - return tevent_req_done(req); + tevent_req_done(req); } NTSTATUS winbindd_set_hwm_recv(struct tevent_req *req, diff --git a/source3/winbindd/winbindd_set_mapping.c b/source3/winbindd/winbindd_set_mapping.c index 970ba7a4e1..8274c1eb10 100644 --- a/source3/winbindd/winbindd_set_mapping.c +++ b/source3/winbindd/winbindd_set_mapping.c @@ -96,7 +96,7 @@ static void winbindd_set_mapping_done(struct tevent_req *subreq) tevent_req_nterror(req, result); return; } - return tevent_req_done(req); + tevent_req_done(req); } NTSTATUS winbindd_set_mapping_recv(struct tevent_req *req, |