From 921bdec52d449a23fc58b726489d7ffce58cd9e8 Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Fri, 28 Mar 2008 23:39:57 +0100 Subject: Add some paranoia fixes for _wkssvc_NetrJoinDomain2/UnjoinDomain2. Guenther (This used to be commit 72101a7d0868b19a413b17f8142637f92c6cdad5) --- source3/rpc_server/srv_wkssvc_nt.c | 24 ++++++++++++++++++++++-- 1 file changed, 22 insertions(+), 2 deletions(-) diff --git a/source3/rpc_server/srv_wkssvc_nt.c b/source3/rpc_server/srv_wkssvc_nt.c index f864aad86a..32d315f96f 100644 --- a/source3/rpc_server/srv_wkssvc_nt.c +++ b/source3/rpc_server/srv_wkssvc_nt.c @@ -4,7 +4,8 @@ * * Copyright (C) Andrew Tridgell 1992-1997, * Copyright (C) Gerald (Jerry) Carter 2006. - * + * Copyright (C) Guenther Deschner 2007-2008. + * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation; either version 3 of the License, or @@ -298,6 +299,10 @@ WERROR _wkssvc_NetrJoinDomain2(pipes_struct *p, return WERR_INVALID_PARAM; } + if (!r->in.admin_account || !r->in.encrypted_password) { + return WERR_INVALID_PARAM; + } + if (!user_has_privileges(token, &se_machine_account) && !nt_token_check_domain_rid(token, DOMAIN_GROUP_RID_ADMINS) && !nt_token_check_domain_rid(token, BUILTIN_ALIAS_RID_ADMINS)) { @@ -306,6 +311,11 @@ WERROR _wkssvc_NetrJoinDomain2(pipes_struct *p, return WERR_ACCESS_DENIED; } + if ((r->in.join_flags & WKSSVC_JOIN_FLAGS_MACHINE_PWD_PASSED) || + (r->in.join_flags & WKSSVC_JOIN_FLAGS_JOIN_UNSECURE)) { + return WERR_NOT_SUPPORTED; + } + werr = decode_wkssvc_join_password_buffer(p->mem_ctx, r->in.encrypted_password, &p->session_key, @@ -336,7 +346,7 @@ WERROR _wkssvc_NetrJoinDomain2(pipes_struct *p, unbecome_root(); if (!W_ERROR_IS_OK(werr)) { - DEBUG(5,("_wkssvc_NetrJoinDomain2: libnet_Join gave %s\n", + DEBUG(5,("_wkssvc_NetrJoinDomain2: libnet_Join failed with: %s\n", j->out.error_string ? j->out.error_string : dos_errstr(werr))); } @@ -359,6 +369,10 @@ WERROR _wkssvc_NetrUnjoinDomain2(pipes_struct *p, WERROR werr; struct nt_user_token *token = p->pipe_user.nt_user_token; + if (!r->in.account || !r->in.encrypted_password) { + return WERR_INVALID_PARAM; + } + if (!user_has_privileges(token, &se_machine_account) && !nt_token_check_domain_rid(token, DOMAIN_GROUP_RID_ADMINS) && !nt_token_check_domain_rid(token, BUILTIN_ALIAS_RID_ADMINS)) { @@ -396,6 +410,12 @@ WERROR _wkssvc_NetrUnjoinDomain2(pipes_struct *p, werr = libnet_Unjoin(p->mem_ctx, u); unbecome_root(); + if (!W_ERROR_IS_OK(werr)) { + DEBUG(5,("_wkssvc_NetrUnjoinDomain2: libnet_Unjoin failed with: %s\n", + u->out.error_string ? u->out.error_string : + dos_errstr(werr))); + } + TALLOC_FREE(u); return werr; } -- cgit From 3fac37d0ff21a36104a066ac7c8049b9d3053a9c Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Fri, 28 Mar 2008 23:44:43 +0100 Subject: Fill in netr_NegotiateFlags. Guenther (This used to be commit 1cd1c27a0e5aa87682820c8dd81188b7bcc6551a) --- source3/librpc/idl/netlogon.idl | 40 ++++++++++++++++++++++++++++++++-------- 1 file changed, 32 insertions(+), 8 deletions(-) diff --git a/source3/librpc/idl/netlogon.idl b/source3/librpc/idl/netlogon.idl index cbf78c779f..6ba342b663 100644 --- a/source3/librpc/idl/netlogon.idl +++ b/source3/librpc/idl/netlogon.idl @@ -865,16 +865,40 @@ interface netlogon ); - /* If this flag is not set, then the passwords and LM session keys are - * encrypted with DES calls. (And the user session key is - * unencrypted) */ - const int NETLOGON_NEG_ARCFOUR = 0x00000004; - const int NETLOGON_NEG_128BIT = 0x00004000; - const int NETLOGON_NEG_SCHANNEL = 0x40000000; + /* If NETLOGON_NEG_ARCFOUR flag is not set, then the passwords and LM + * session keys are encrypted with DES calls. (And the user session key + * is unencrypted) */ /*****************/ /* Function 0x0F */ + typedef [bitmap32bit] bitmap { + NETLOGON_NEG_ACCOUNT_LOCKOUT = 0x00000001, + NETLOGON_NEG_PERSISTENT_SAMREPL = 0x00000002, + NETLOGON_NEG_ARCFOUR = 0x00000004, + NETLOGON_NEG_PROMOTION_COUNT = 0x00000008, + NETLOGON_NEG_CHANGELOG_BDC = 0x00000010, + NETLOGON_NEG_FULL_SYNC_REPL = 0x00000020, + NETLOGON_NEG_MULTIPLE_SIDS = 0x00000040, + NETLOGON_NEG_REDO = 0x00000080, + NETLOGON_NEG_PASSWORD_CHANGE_REFUSAL = 0x00000100, + NETLOGON_NEG_SEND_PASSWORD_INFO_PDC = 0x00000200, + NETLOGON_NEG_GENERIC_PASSTHROUGH = 0x00000400, + NETLOGON_NEG_CONCURRENT_RPC = 0x00000800, + NETLOGON_NEG_AVOID_ACCOUNT_DB_REPL = 0x00001000, + NETLOGON_NEG_AVOID_SECURITYAUTH_DB_REPL = 0x00002000, + NETLOGON_NEG_128BIT = 0x00004000, /* STRONG_KEYS */ + NETLOGON_NEG_TRANSITIVE_TRUSTS = 0x00008000, + NETLOGON_NEG_DNS_DOMAIN_TRUSTS = 0x00010000, + NETLOGON_NEG_PASSWORD_SET2 = 0x00020000, + NETLOGON_NEG_GETDOMAININFO = 0x00040000, + NETLOGON_NEG_CROSS_FOREST_TRUSTS = 0x00080000, + NETLOGON_NEG_NEUTRALIZE_NT4_EMULATION = 0x00100000, + NETLOGON_NEG_RODC_PASSTHROUGH = 0x00200000, + NETLOGON_NEG_AUTHENTICATED_RPC_LSASS = 0x20000000, + NETLOGON_NEG_SCHANNEL = 0x40000000 /* AUTHENTICATED_RPC */ + } netr_NegotiateFlags; + NTSTATUS netr_ServerAuthenticate2( [in,unique] [string,charset(UTF16)] uint16 *server_name, [in] [string,charset(UTF16)] uint16 account_name[], @@ -882,7 +906,7 @@ interface netlogon [in] [string,charset(UTF16)] uint16 computer_name[], [in,ref] netr_Credential *credentials, [out,ref] netr_Credential *return_credentials, - [in,out,ref] uint32 *negotiate_flags + [in,out,ref] netr_NegotiateFlags *negotiate_flags ); @@ -1062,7 +1086,7 @@ interface netlogon [in] netr_SchannelType secure_channel_type, [in] [string,charset(UTF16)] uint16 computer_name[], [in,out,ref] netr_Credential *credentials, - [in,out,ref] uint32 *negotiate_flags, + [in,out,ref] netr_NegotiateFlags *negotiate_flags, [out,ref] uint32 *rid ); -- cgit From 25da02554bb46064008ce2711bf643b192f174c9 Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Fri, 28 Mar 2008 23:46:26 +0100 Subject: Re-run make idl. Guenther (This used to be commit 58018ad7f65409d971e5db7165f1b32b572cc275) --- source3/librpc/gen_ndr/ndr_netlogon.c | 69 +++++++++++++++++++++++++++++------ source3/librpc/gen_ndr/ndr_netlogon.h | 1 + source3/librpc/gen_ndr/netlogon.h | 29 +++++++++++++-- 3 files changed, 84 insertions(+), 15 deletions(-) diff --git a/source3/librpc/gen_ndr/ndr_netlogon.c b/source3/librpc/gen_ndr/ndr_netlogon.c index 7f340b6599..e634151921 100644 --- a/source3/librpc/gen_ndr/ndr_netlogon.c +++ b/source3/librpc/gen_ndr/ndr_netlogon.c @@ -5942,6 +5942,51 @@ _PUBLIC_ void ndr_print_netr_CONTROL_DATA_INFORMATION(struct ndr_print *ndr, con } } +static enum ndr_err_code ndr_push_netr_NegotiateFlags(struct ndr_push *ndr, int ndr_flags, uint32_t r) +{ + NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, r)); + return NDR_ERR_SUCCESS; +} + +static enum ndr_err_code ndr_pull_netr_NegotiateFlags(struct ndr_pull *ndr, int ndr_flags, uint32_t *r) +{ + uint32_t v; + NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &v)); + *r = v; + return NDR_ERR_SUCCESS; +} + +_PUBLIC_ void ndr_print_netr_NegotiateFlags(struct ndr_print *ndr, const char *name, uint32_t r) +{ + ndr_print_uint32(ndr, name, r); + ndr->depth++; + ndr_print_bitmap_flag(ndr, sizeof(uint32_t), "NETLOGON_NEG_ACCOUNT_LOCKOUT", NETLOGON_NEG_ACCOUNT_LOCKOUT, r); + ndr_print_bitmap_flag(ndr, sizeof(uint32_t), "NETLOGON_NEG_PERSISTENT_SAMREPL", NETLOGON_NEG_PERSISTENT_SAMREPL, r); + ndr_print_bitmap_flag(ndr, sizeof(uint32_t), "NETLOGON_NEG_ARCFOUR", NETLOGON_NEG_ARCFOUR, r); + ndr_print_bitmap_flag(ndr, sizeof(uint32_t), "NETLOGON_NEG_PROMOTION_COUNT", NETLOGON_NEG_PROMOTION_COUNT, r); + ndr_print_bitmap_flag(ndr, sizeof(uint32_t), "NETLOGON_NEG_CHANGELOG_BDC", NETLOGON_NEG_CHANGELOG_BDC, r); + ndr_print_bitmap_flag(ndr, sizeof(uint32_t), "NETLOGON_NEG_FULL_SYNC_REPL", NETLOGON_NEG_FULL_SYNC_REPL, r); + ndr_print_bitmap_flag(ndr, sizeof(uint32_t), "NETLOGON_NEG_MULTIPLE_SIDS", NETLOGON_NEG_MULTIPLE_SIDS, r); + ndr_print_bitmap_flag(ndr, sizeof(uint32_t), "NETLOGON_NEG_REDO", NETLOGON_NEG_REDO, r); + ndr_print_bitmap_flag(ndr, sizeof(uint32_t), "NETLOGON_NEG_PASSWORD_CHANGE_REFUSAL", NETLOGON_NEG_PASSWORD_CHANGE_REFUSAL, r); + ndr_print_bitmap_flag(ndr, sizeof(uint32_t), "NETLOGON_NEG_SEND_PASSWORD_INFO_PDC", NETLOGON_NEG_SEND_PASSWORD_INFO_PDC, r); + ndr_print_bitmap_flag(ndr, sizeof(uint32_t), "NETLOGON_NEG_GENERIC_PASSTHROUGH", NETLOGON_NEG_GENERIC_PASSTHROUGH, r); + ndr_print_bitmap_flag(ndr, sizeof(uint32_t), "NETLOGON_NEG_CONCURRENT_RPC", NETLOGON_NEG_CONCURRENT_RPC, r); + ndr_print_bitmap_flag(ndr, sizeof(uint32_t), "NETLOGON_NEG_AVOID_ACCOUNT_DB_REPL", NETLOGON_NEG_AVOID_ACCOUNT_DB_REPL, r); + ndr_print_bitmap_flag(ndr, sizeof(uint32_t), "NETLOGON_NEG_AVOID_SECURITYAUTH_DB_REPL", NETLOGON_NEG_AVOID_SECURITYAUTH_DB_REPL, r); + ndr_print_bitmap_flag(ndr, sizeof(uint32_t), "NETLOGON_NEG_128BIT", NETLOGON_NEG_128BIT, r); + ndr_print_bitmap_flag(ndr, sizeof(uint32_t), "NETLOGON_NEG_TRANSITIVE_TRUSTS", NETLOGON_NEG_TRANSITIVE_TRUSTS, r); + ndr_print_bitmap_flag(ndr, sizeof(uint32_t), "NETLOGON_NEG_DNS_DOMAIN_TRUSTS", NETLOGON_NEG_DNS_DOMAIN_TRUSTS, r); + ndr_print_bitmap_flag(ndr, sizeof(uint32_t), "NETLOGON_NEG_PASSWORD_SET2", NETLOGON_NEG_PASSWORD_SET2, r); + ndr_print_bitmap_flag(ndr, sizeof(uint32_t), "NETLOGON_NEG_GETDOMAININFO", NETLOGON_NEG_GETDOMAININFO, r); + ndr_print_bitmap_flag(ndr, sizeof(uint32_t), "NETLOGON_NEG_CROSS_FOREST_TRUSTS", NETLOGON_NEG_CROSS_FOREST_TRUSTS, r); + ndr_print_bitmap_flag(ndr, sizeof(uint32_t), "NETLOGON_NEG_NEUTRALIZE_NT4_EMULATION", NETLOGON_NEG_NEUTRALIZE_NT4_EMULATION, r); + ndr_print_bitmap_flag(ndr, sizeof(uint32_t), "NETLOGON_NEG_RODC_PASSTHROUGH", NETLOGON_NEG_RODC_PASSTHROUGH, r); + ndr_print_bitmap_flag(ndr, sizeof(uint32_t), "NETLOGON_NEG_AUTHENTICATED_RPC_LSASS", NETLOGON_NEG_AUTHENTICATED_RPC_LSASS, r); + ndr_print_bitmap_flag(ndr, sizeof(uint32_t), "NETLOGON_NEG_SCHANNEL", NETLOGON_NEG_SCHANNEL, r); + ndr->depth--; +} + static enum ndr_err_code ndr_push_netr_Blob(struct ndr_push *ndr, int ndr_flags, const struct netr_Blob *r) { if (ndr_flags & NDR_SCALARS) { @@ -10371,7 +10416,7 @@ static enum ndr_err_code ndr_push_netr_ServerAuthenticate2(struct ndr_push *ndr, if (r->in.negotiate_flags == NULL) { return ndr_push_error(ndr, NDR_ERR_INVALID_POINTER, "NULL [ref] pointer"); } - NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, *r->in.negotiate_flags)); + NDR_CHECK(ndr_push_netr_NegotiateFlags(ndr, NDR_SCALARS, *r->in.negotiate_flags)); } if (flags & NDR_OUT) { if (r->out.return_credentials == NULL) { @@ -10381,7 +10426,7 @@ static enum ndr_err_code ndr_push_netr_ServerAuthenticate2(struct ndr_push *ndr, if (r->out.negotiate_flags == NULL) { return ndr_push_error(ndr, NDR_ERR_INVALID_POINTER, "NULL [ref] pointer"); } - NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, *r->out.negotiate_flags)); + NDR_CHECK(ndr_push_netr_NegotiateFlags(ndr, NDR_SCALARS, *r->out.negotiate_flags)); NDR_CHECK(ndr_push_NTSTATUS(ndr, NDR_SCALARS, r->out.result)); } return NDR_ERR_SUCCESS; @@ -10442,7 +10487,7 @@ static enum ndr_err_code ndr_pull_netr_ServerAuthenticate2(struct ndr_pull *ndr, } _mem_save_negotiate_flags_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->in.negotiate_flags, LIBNDR_FLAG_REF_ALLOC); - NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, r->in.negotiate_flags)); + NDR_CHECK(ndr_pull_netr_NegotiateFlags(ndr, NDR_SCALARS, r->in.negotiate_flags)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_negotiate_flags_0, LIBNDR_FLAG_REF_ALLOC); NDR_PULL_ALLOC(ndr, r->out.return_credentials); ZERO_STRUCTP(r->out.return_credentials); @@ -10462,7 +10507,7 @@ static enum ndr_err_code ndr_pull_netr_ServerAuthenticate2(struct ndr_pull *ndr, } _mem_save_negotiate_flags_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->out.negotiate_flags, LIBNDR_FLAG_REF_ALLOC); - NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, r->out.negotiate_flags)); + NDR_CHECK(ndr_pull_netr_NegotiateFlags(ndr, NDR_SCALARS, r->out.negotiate_flags)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_negotiate_flags_0, LIBNDR_FLAG_REF_ALLOC); NDR_CHECK(ndr_pull_NTSTATUS(ndr, NDR_SCALARS, &r->out.result)); } @@ -10494,7 +10539,7 @@ _PUBLIC_ void ndr_print_netr_ServerAuthenticate2(struct ndr_print *ndr, const ch ndr->depth--; ndr_print_ptr(ndr, "negotiate_flags", r->in.negotiate_flags); ndr->depth++; - ndr_print_uint32(ndr, "negotiate_flags", *r->in.negotiate_flags); + ndr_print_netr_NegotiateFlags(ndr, "negotiate_flags", *r->in.negotiate_flags); ndr->depth--; ndr->depth--; } @@ -10507,7 +10552,7 @@ _PUBLIC_ void ndr_print_netr_ServerAuthenticate2(struct ndr_print *ndr, const ch ndr->depth--; ndr_print_ptr(ndr, "negotiate_flags", r->out.negotiate_flags); ndr->depth++; - ndr_print_uint32(ndr, "negotiate_flags", *r->out.negotiate_flags); + ndr_print_netr_NegotiateFlags(ndr, "negotiate_flags", *r->out.negotiate_flags); ndr->depth--; ndr_print_NTSTATUS(ndr, "result", r->out.result); ndr->depth--; @@ -11585,7 +11630,7 @@ static enum ndr_err_code ndr_push_netr_ServerAuthenticate3(struct ndr_push *ndr, if (r->in.negotiate_flags == NULL) { return ndr_push_error(ndr, NDR_ERR_INVALID_POINTER, "NULL [ref] pointer"); } - NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, *r->in.negotiate_flags)); + NDR_CHECK(ndr_push_netr_NegotiateFlags(ndr, NDR_SCALARS, *r->in.negotiate_flags)); } if (flags & NDR_OUT) { if (r->out.credentials == NULL) { @@ -11595,7 +11640,7 @@ static enum ndr_err_code ndr_push_netr_ServerAuthenticate3(struct ndr_push *ndr, if (r->out.negotiate_flags == NULL) { return ndr_push_error(ndr, NDR_ERR_INVALID_POINTER, "NULL [ref] pointer"); } - NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, *r->out.negotiate_flags)); + NDR_CHECK(ndr_push_netr_NegotiateFlags(ndr, NDR_SCALARS, *r->out.negotiate_flags)); if (r->out.rid == NULL) { return ndr_push_error(ndr, NDR_ERR_INVALID_POINTER, "NULL [ref] pointer"); } @@ -11660,7 +11705,7 @@ static enum ndr_err_code ndr_pull_netr_ServerAuthenticate3(struct ndr_pull *ndr, } _mem_save_negotiate_flags_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->in.negotiate_flags, LIBNDR_FLAG_REF_ALLOC); - NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, r->in.negotiate_flags)); + NDR_CHECK(ndr_pull_netr_NegotiateFlags(ndr, NDR_SCALARS, r->in.negotiate_flags)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_negotiate_flags_0, LIBNDR_FLAG_REF_ALLOC); NDR_PULL_ALLOC(ndr, r->out.credentials); *r->out.credentials = *r->in.credentials; @@ -11682,7 +11727,7 @@ static enum ndr_err_code ndr_pull_netr_ServerAuthenticate3(struct ndr_pull *ndr, } _mem_save_negotiate_flags_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->out.negotiate_flags, LIBNDR_FLAG_REF_ALLOC); - NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, r->out.negotiate_flags)); + NDR_CHECK(ndr_pull_netr_NegotiateFlags(ndr, NDR_SCALARS, r->out.negotiate_flags)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_negotiate_flags_0, LIBNDR_FLAG_REF_ALLOC); if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) { NDR_PULL_ALLOC(ndr, r->out.rid); @@ -11721,7 +11766,7 @@ _PUBLIC_ void ndr_print_netr_ServerAuthenticate3(struct ndr_print *ndr, const ch ndr->depth--; ndr_print_ptr(ndr, "negotiate_flags", r->in.negotiate_flags); ndr->depth++; - ndr_print_uint32(ndr, "negotiate_flags", *r->in.negotiate_flags); + ndr_print_netr_NegotiateFlags(ndr, "negotiate_flags", *r->in.negotiate_flags); ndr->depth--; ndr->depth--; } @@ -11734,7 +11779,7 @@ _PUBLIC_ void ndr_print_netr_ServerAuthenticate3(struct ndr_print *ndr, const ch ndr->depth--; ndr_print_ptr(ndr, "negotiate_flags", r->out.negotiate_flags); ndr->depth++; - ndr_print_uint32(ndr, "negotiate_flags", *r->out.negotiate_flags); + ndr_print_netr_NegotiateFlags(ndr, "negotiate_flags", *r->out.negotiate_flags); ndr->depth--; ndr_print_ptr(ndr, "rid", r->out.rid); ndr->depth++; diff --git a/source3/librpc/gen_ndr/ndr_netlogon.h b/source3/librpc/gen_ndr/ndr_netlogon.h index 3615e07461..a9d36aeacb 100644 --- a/source3/librpc/gen_ndr/ndr_netlogon.h +++ b/source3/librpc/gen_ndr/ndr_netlogon.h @@ -187,6 +187,7 @@ void ndr_print_netr_NETLOGON_INFO_3(struct ndr_print *ndr, const char *name, con void ndr_print_netr_CONTROL_QUERY_INFORMATION(struct ndr_print *ndr, const char *name, const union netr_CONTROL_QUERY_INFORMATION *r); void ndr_print_netr_LogonControlCode(struct ndr_print *ndr, const char *name, enum netr_LogonControlCode r); void ndr_print_netr_CONTROL_DATA_INFORMATION(struct ndr_print *ndr, const char *name, const union netr_CONTROL_DATA_INFORMATION *r); +void ndr_print_netr_NegotiateFlags(struct ndr_print *ndr, const char *name, uint32_t r); void ndr_print_netr_Blob(struct ndr_print *ndr, const char *name, const struct netr_Blob *r); void ndr_print_netr_DsRGetDCName_flags(struct ndr_print *ndr, const char *name, uint32_t r); void ndr_print_netr_DsRGetDCNameInfo_AddressType(struct ndr_print *ndr, const char *name, enum netr_DsRGetDCNameInfo_AddressType r); diff --git a/source3/librpc/gen_ndr/netlogon.h b/source3/librpc/gen_ndr/netlogon.h index bcd9f4d974..b4a3b01a02 100644 --- a/source3/librpc/gen_ndr/netlogon.h +++ b/source3/librpc/gen_ndr/netlogon.h @@ -8,9 +8,6 @@ #ifndef _HEADER_netlogon #define _HEADER_netlogon -#define NETLOGON_NEG_ARCFOUR ( 0x00000004 ) -#define NETLOGON_NEG_128BIT ( 0x00004000 ) -#define NETLOGON_NEG_SCHANNEL ( 0x40000000 ) #define DSGETDC_VALID_FLAGS ( (DS_FORCE_REDISCOVERY|DS_DIRECTORY_SERVICE_REQUIRED|DS_DIRECTORY_SERVICE_PREFERRED|DS_GC_SERVER_REQUIRED|DS_PDC_REQUIRED|DS_BACKGROUND_ONLY|DS_IP_REQUIRED|DS_KDC_REQUIRED|DS_TIMESERV_REQUIRED|DS_WRITABLE_REQUIRED|DS_GOOD_TIMESERV_PREFERRED|DS_AVOID_SELF|DS_ONLY_LDAP_NEEDED|DS_IS_FLAT_NAME|DS_IS_DNS_NAME|DS_RETURN_FLAT_NAME|DS_RETURN_DNS_NAME) ) #define DS_GFTI_UPDATE_TDO ( 0x1 ) struct netr_UasInfo { @@ -644,6 +641,32 @@ union netr_CONTROL_DATA_INFORMATION { uint32_t debug_level;/* [case(NETLOGON_CONTROL_SET_DBFLAG)] */ }; +/* bitmap netr_NegotiateFlags */ +#define NETLOGON_NEG_ACCOUNT_LOCKOUT ( 0x00000001 ) +#define NETLOGON_NEG_PERSISTENT_SAMREPL ( 0x00000002 ) +#define NETLOGON_NEG_ARCFOUR ( 0x00000004 ) +#define NETLOGON_NEG_PROMOTION_COUNT ( 0x00000008 ) +#define NETLOGON_NEG_CHANGELOG_BDC ( 0x00000010 ) +#define NETLOGON_NEG_FULL_SYNC_REPL ( 0x00000020 ) +#define NETLOGON_NEG_MULTIPLE_SIDS ( 0x00000040 ) +#define NETLOGON_NEG_REDO ( 0x00000080 ) +#define NETLOGON_NEG_PASSWORD_CHANGE_REFUSAL ( 0x00000100 ) +#define NETLOGON_NEG_SEND_PASSWORD_INFO_PDC ( 0x00000200 ) +#define NETLOGON_NEG_GENERIC_PASSTHROUGH ( 0x00000400 ) +#define NETLOGON_NEG_CONCURRENT_RPC ( 0x00000800 ) +#define NETLOGON_NEG_AVOID_ACCOUNT_DB_REPL ( 0x00001000 ) +#define NETLOGON_NEG_AVOID_SECURITYAUTH_DB_REPL ( 0x00002000 ) +#define NETLOGON_NEG_128BIT ( 0x00004000 ) +#define NETLOGON_NEG_TRANSITIVE_TRUSTS ( 0x00008000 ) +#define NETLOGON_NEG_DNS_DOMAIN_TRUSTS ( 0x00010000 ) +#define NETLOGON_NEG_PASSWORD_SET2 ( 0x00020000 ) +#define NETLOGON_NEG_GETDOMAININFO ( 0x00040000 ) +#define NETLOGON_NEG_CROSS_FOREST_TRUSTS ( 0x00080000 ) +#define NETLOGON_NEG_NEUTRALIZE_NT4_EMULATION ( 0x00100000 ) +#define NETLOGON_NEG_RODC_PASSTHROUGH ( 0x00200000 ) +#define NETLOGON_NEG_AUTHENTICATED_RPC_LSASS ( 0x20000000 ) +#define NETLOGON_NEG_SCHANNEL ( 0x40000000 ) + struct netr_Blob { uint32_t length; uint8_t *data;/* [unique,size_is(length)] */ -- cgit From 4ce88f719e38ade76f7bcfd2e5b9932d864e4b20 Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Sat, 29 Mar 2008 00:47:42 +0100 Subject: Don't let winbind getgroups crash when we have no gids in the token. Guenther (This used to be commit 6a576cfe9b87e69af6acbe9abc04124b8b743fd3) --- source3/winbindd/winbindd_group.c | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/source3/winbindd/winbindd_group.c b/source3/winbindd/winbindd_group.c index 6a704cf290..5dbd8c55a5 100644 --- a/source3/winbindd/winbindd_group.c +++ b/source3/winbindd/winbindd_group.c @@ -1595,9 +1595,11 @@ static void getgroups_sid2gid_recv(void *private_data, bool success, gid_t gid) } s->state->response.data.num_entries = s->num_token_gids; - /* s->token_gids are talloced */ - s->state->response.extra_data.data = smb_xmemdup(s->token_gids, s->num_token_gids * sizeof(gid_t)); - s->state->response.length += s->num_token_gids * sizeof(gid_t); + if (s->num_token_gids) { + /* s->token_gids are talloced */ + s->state->response.extra_data.data = smb_xmemdup(s->token_gids, s->num_token_gids * sizeof(gid_t)); + s->state->response.length += s->num_token_gids * sizeof(gid_t); + } request_ok(s->state); } -- cgit From 9e328fe94281a0ac35d3fd2117f55aaf329e3972 Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Sat, 29 Mar 2008 00:49:09 +0100 Subject: Zero initial return_authenticator in net rpc samdump. Guenther (This used to be commit 73ead752c5ec7104ea0eed7d963dc36467c81981) --- source3/utils/net_rpc_samsync.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/source3/utils/net_rpc_samsync.c b/source3/utils/net_rpc_samsync.c index 80bc6eeacb..87d35b3ef6 100644 --- a/source3/utils/net_rpc_samsync.c +++ b/source3/utils/net_rpc_samsync.c @@ -337,6 +337,8 @@ static void dump_database(struct rpc_pipe_client *pipe_hnd, uint16_t restart_state = 0; uint32_t sync_context = 0; + ZERO_STRUCT(return_authenticator); + if (!(mem_ctx = talloc_init("dump_database"))) { return; } -- cgit