From 2c029a8b96ae476f1d5c2abe14ee25f98a1513d8 Mon Sep 17 00:00:00 2001 From: Gerald Carter Date: Fri, 12 May 2006 15:17:35 +0000 Subject: r15543: New implementation of 'net ads join' to be more like Windows XP. The motivating factor is to not require more privileges for the user account than Windows does when joining a domain. The points of interest are * net_ads_join() uses same rpc mechanisms as net_rpc_join() * Enable CLDAP queries for filling in the majority of the ADS_STRUCT->config information * Remove ldap_initialized() from sam/idmap_ad.c and libads/ldap.c * Remove some unnecessary fields from ADS_STRUCT * Manually set the dNSHostName and servicePrincipalName attribute using the machine account after the join Thanks to Guenther and Simo for the review. Still to do: * Fix the userAccountControl for DES only systems * Set the userPrincipalName in order to support things like 'kinit -k' (although we might be able to just use the sAMAccountName instead) * Re-add support for pre-creating the machine account in a specific OU (This used to be commit 4c4ea7b20f44cd200cef8c7b389d51b72eccc39b) --- source3/libads/cldap.c | 278 +++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 278 insertions(+) create mode 100644 source3/libads/cldap.c (limited to 'source3/libads/cldap.c') diff --git a/source3/libads/cldap.c b/source3/libads/cldap.c new file mode 100644 index 0000000000..6a62f573c9 --- /dev/null +++ b/source3/libads/cldap.c @@ -0,0 +1,278 @@ +/* + Samba Unix/Linux SMB client library + net ads cldap functions + Copyright (C) 2001 Andrew Tridgell (tridge@samba.org) + Copyright (C) 2003 Jim McDonough (jmcd@us.ibm.com) + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 2 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. +*/ + +#include "includes.h" + +/* + These seem to be strings as described in RFC1035 4.1.4 and can be: + + - a sequence of labels ending in a zero octet + - a pointer + - a sequence of labels ending with a pointer + + A label is a byte where the first two bits must be zero and the remaining + bits represent the length of the label followed by the label itself. + Therefore, the length of a label is at max 64 bytes. Under RFC1035, a + sequence of labels cannot exceed 255 bytes. + + A pointer consists of a 14 bit offset from the beginning of the data. + + struct ptr { + unsigned ident:2; // must be 11 + unsigned offset:14; // from the beginning of data + }; + + This is used as a method to compress the packet by eliminated duplicate + domain components. Since a UDP packet should probably be < 512 bytes and a + DNS name can be up to 255 bytes, this actually makes a lot of sense. +*/ +static unsigned pull_netlogon_string(char *ret, const char *ptr, + const char *data) +{ + char *pret = ret; + int followed_ptr = 0; + unsigned ret_len = 0; + + memset(pret, 0, MAX_DNS_LABEL); + do { + if ((*ptr & 0xc0) == 0xc0) { + uint16 len; + + if (!followed_ptr) { + ret_len += 2; + followed_ptr = 1; + } + len = ((ptr[0] & 0x3f) << 8) | ptr[1]; + ptr = data + len; + } else if (*ptr) { + uint8 len = (uint8)*(ptr++); + + if ((pret - ret + len + 1) >= MAX_DNS_LABEL) { + d_fprintf(stderr, "DC returning too long DNS name\n"); + return 0; + } + + if (pret != ret) { + *pret = '.'; + pret++; + } + memcpy(pret, ptr, len); + pret += len; + ptr += len; + + if (!followed_ptr) { + ret_len += (len + 1); + } + } + } while (*ptr); + + return followed_ptr ? ret_len : ret_len + 1; +} + +/* + do a cldap netlogon query +*/ +static int send_cldap_netlogon(int sock, const char *domain, + const char *hostname, unsigned ntversion) +{ + ASN1_DATA data; + char ntver[4]; +#ifdef CLDAP_USER_QUERY + char aac[4]; + + SIVAL(aac, 0, 0x00000180); +#endif + SIVAL(ntver, 0, ntversion); + + memset(&data, 0, sizeof(data)); + + asn1_push_tag(&data,ASN1_SEQUENCE(0)); + asn1_write_Integer(&data, 4); + asn1_push_tag(&data, ASN1_APPLICATION(3)); + asn1_write_OctetString(&data, NULL, 0); + asn1_write_enumerated(&data, 0); + asn1_write_enumerated(&data, 0); + asn1_write_Integer(&data, 0); + asn1_write_Integer(&data, 0); + asn1_write_BOOLEAN2(&data, False); + asn1_push_tag(&data, ASN1_CONTEXT(0)); + + asn1_push_tag(&data, ASN1_CONTEXT(3)); + asn1_write_OctetString(&data, "DnsDomain", 9); + asn1_write_OctetString(&data, domain, strlen(domain)); + asn1_pop_tag(&data); + + asn1_push_tag(&data, ASN1_CONTEXT(3)); + asn1_write_OctetString(&data, "Host", 4); + asn1_write_OctetString(&data, hostname, strlen(hostname)); + asn1_pop_tag(&data); + +#ifdef CLDAP_USER_QUERY + asn1_push_tag(&data, ASN1_CONTEXT(3)); + asn1_write_OctetString(&data, "User", 4); + asn1_write_OctetString(&data, "SAMBA$", 6); + asn1_pop_tag(&data); + + asn1_push_tag(&data, ASN1_CONTEXT(3)); + asn1_write_OctetString(&data, "AAC", 4); + asn1_write_OctetString(&data, aac, 4); + asn1_pop_tag(&data); +#endif + + asn1_push_tag(&data, ASN1_CONTEXT(3)); + asn1_write_OctetString(&data, "NtVer", 5); + asn1_write_OctetString(&data, ntver, 4); + asn1_pop_tag(&data); + + asn1_pop_tag(&data); + + asn1_push_tag(&data,ASN1_SEQUENCE(0)); + asn1_write_OctetString(&data, "NetLogon", 8); + asn1_pop_tag(&data); + asn1_pop_tag(&data); + asn1_pop_tag(&data); + + if (data.has_error) { + d_fprintf(stderr, "Failed to build cldap netlogon at offset %d\n", (int)data.ofs); + asn1_free(&data); + return -1; + } + + if (write(sock, data.data, data.length) != (ssize_t)data.length) { + d_fprintf(stderr, "failed to send cldap query (%s)\n", strerror(errno)); + } + + asn1_free(&data); + + return 0; +} + + +/* + receive a cldap netlogon reply +*/ +static int recv_cldap_netlogon(int sock, struct cldap_netlogon_reply *reply) +{ + int ret; + ASN1_DATA data; + DATA_BLOB blob; + DATA_BLOB os1, os2, os3; + int i1; + char *p; + + blob = data_blob(NULL, 8192); + + ret = read(sock, blob.data, blob.length); + + if (ret <= 0) { + d_fprintf(stderr, "no reply received to cldap netlogon\n"); + return -1; + } + blob.length = ret; + + asn1_load(&data, blob); + asn1_start_tag(&data, ASN1_SEQUENCE(0)); + asn1_read_Integer(&data, &i1); + asn1_start_tag(&data, ASN1_APPLICATION(4)); + asn1_read_OctetString(&data, &os1); + asn1_start_tag(&data, ASN1_SEQUENCE(0)); + asn1_start_tag(&data, ASN1_SEQUENCE(0)); + asn1_read_OctetString(&data, &os2); + asn1_start_tag(&data, ASN1_SET); + asn1_read_OctetString(&data, &os3); + asn1_end_tag(&data); + asn1_end_tag(&data); + asn1_end_tag(&data); + asn1_end_tag(&data); + asn1_end_tag(&data); + + if (data.has_error) { + d_fprintf(stderr, "Failed to parse cldap reply\n"); + return -1; + } + + p = (char *)os3.data; + + reply->type = IVAL(p, 0); p += 4; + reply->flags = IVAL(p, 0); p += 4; + + memcpy(&reply->guid.info, p, UUID_FLAT_SIZE); + p += UUID_FLAT_SIZE; + + p += pull_netlogon_string(reply->forest, p, (const char *)os3.data); + p += pull_netlogon_string(reply->domain, p, (const char *)os3.data); + p += pull_netlogon_string(reply->hostname, p, (const char *)os3.data); + p += pull_netlogon_string(reply->netbios_domain, p, (const char *)os3.data); + p += pull_netlogon_string(reply->netbios_hostname, p, (const char *)os3.data); + p += pull_netlogon_string(reply->unk, p, (const char *)os3.data); + + if (reply->type == SAMLOGON_AD_R) { + p += pull_netlogon_string(reply->user_name, p, (const char *)os3.data); + } else { + *reply->user_name = 0; + } + + p += pull_netlogon_string(reply->site_name, p, (const char *)os3.data); + p += pull_netlogon_string(reply->site_name_2, p, (const char *)os3.data); + + reply->version = IVAL(p, 0); + reply->lmnt_token = SVAL(p, 4); + reply->lm20_token = SVAL(p, 6); + + data_blob_free(&os1); + data_blob_free(&os2); + data_blob_free(&os3); + data_blob_free(&blob); + + return 0; +} + +/******************************************************************* + do a cldap netlogon query. Always 389/udp +*******************************************************************/ + +BOOL ads_cldap_netlogon(const char *server, const char *realm, struct cldap_netlogon_reply *reply) +{ + int sock; + int ret; + + sock = open_udp_socket(server, LDAP_PORT ); + if (sock == -1) { + DEBUG(2,("ads_cldap_netlogon: Failed to open udp socket to %s\n", + server)); + return False; + } + + ret = send_cldap_netlogon(sock, realm, global_myname(), 6); + if (ret != 0) { + return False; + } + ret = recv_cldap_netlogon(sock, reply); + close(sock); + + if (ret == -1) { + return False; + } + + return True; +} + + -- cgit From bae13fd8c834f79cf42faae0bc963ac96d505baf Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Fri, 12 May 2006 23:20:39 +0000 Subject: r15558: Do not wait endless for a CLDAP reply when the LDAP server is unavailable; use "ldap timeout" handling. Jerry, please check. Guenther (This used to be commit 821bbb4566c4b3f9798054ed3bf772db0c9ae3f2) --- source3/libads/cldap.c | 22 +++++++++++++++++++++- 1 file changed, 21 insertions(+), 1 deletion(-) (limited to 'source3/libads/cldap.c') diff --git a/source3/libads/cldap.c b/source3/libads/cldap.c index 6a62f573c9..775d43dc3f 100644 --- a/source3/libads/cldap.c +++ b/source3/libads/cldap.c @@ -165,7 +165,17 @@ static int send_cldap_netlogon(int sock, const char *domain, return 0; } - +static SIG_ATOMIC_T gotalarm; + +/*************************************************************** + Signal function to tell us we timed out. +****************************************************************/ + +static void gotalarm_sig(void) +{ + gotalarm = 1; +} + /* receive a cldap netlogon reply */ @@ -180,8 +190,18 @@ static int recv_cldap_netlogon(int sock, struct cldap_netlogon_reply *reply) blob = data_blob(NULL, 8192); + /* Setup timeout */ + gotalarm = 0; + CatchSignal(SIGALRM, SIGNAL_CAST gotalarm_sig); + alarm(lp_ldap_timeout()); + /* End setup timeout. */ + ret = read(sock, blob.data, blob.length); + /* Teardown timeout. */ + CatchSignal(SIGALRM, SIGNAL_CAST SIG_IGN); + alarm(0); + if (ret <= 0) { d_fprintf(stderr, "no reply received to cldap netlogon\n"); return -1; -- cgit From 453e4b50aae52089eb2c2ae6a2abc3b48425ee55 Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Sat, 13 May 2006 01:29:04 +0000 Subject: r15559: Smaller fixes for the new cldap code: * replace printf to stderr with DEBUG statements as they get printed in daemons * "net ads lookup" return code Guenther (This used to be commit 8dd925c5fbfcbe711c596d08e8eadc19607d5492) --- source3/libads/cldap.c | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) (limited to 'source3/libads/cldap.c') diff --git a/source3/libads/cldap.c b/source3/libads/cldap.c index 775d43dc3f..f438f98599 100644 --- a/source3/libads/cldap.c +++ b/source3/libads/cldap.c @@ -66,7 +66,7 @@ static unsigned pull_netlogon_string(char *ret, const char *ptr, uint8 len = (uint8)*(ptr++); if ((pret - ret + len + 1) >= MAX_DNS_LABEL) { - d_fprintf(stderr, "DC returning too long DNS name\n"); + DEBUG(1,("DC returning too long DNS name\n")); return 0; } @@ -151,13 +151,13 @@ static int send_cldap_netlogon(int sock, const char *domain, asn1_pop_tag(&data); if (data.has_error) { - d_fprintf(stderr, "Failed to build cldap netlogon at offset %d\n", (int)data.ofs); + DEBUG(2,("Failed to build cldap netlogon at offset %d\n", (int)data.ofs)); asn1_free(&data); return -1; } if (write(sock, data.data, data.length) != (ssize_t)data.length) { - d_fprintf(stderr, "failed to send cldap query (%s)\n", strerror(errno)); + DEBUG(2,("failed to send cldap query (%s)\n", strerror(errno))); } asn1_free(&data); @@ -203,7 +203,7 @@ static int recv_cldap_netlogon(int sock, struct cldap_netlogon_reply *reply) alarm(0); if (ret <= 0) { - d_fprintf(stderr, "no reply received to cldap netlogon\n"); + DEBUG(1,("no reply received to cldap netlogon\n")); return -1; } blob.length = ret; @@ -225,7 +225,7 @@ static int recv_cldap_netlogon(int sock, struct cldap_netlogon_reply *reply) asn1_end_tag(&data); if (data.has_error) { - d_fprintf(stderr, "Failed to parse cldap reply\n"); + DEBUG(1,("Failed to parse cldap reply\n")); return -1; } -- cgit From 1b12b48a093147036e85c2fd48eda0d0fb55f385 Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Wed, 21 Jun 2006 23:43:33 +0000 Subject: r16452: Fix memleak in the CLDAP processing (found by valgrind). Guenther (This used to be commit 479dec68459df606ff566ac86eb3b4bbbd2ca77a) --- source3/libads/cldap.c | 3 +++ 1 file changed, 3 insertions(+) (limited to 'source3/libads/cldap.c') diff --git a/source3/libads/cldap.c b/source3/libads/cldap.c index f438f98599..11c083a56a 100644 --- a/source3/libads/cldap.c +++ b/source3/libads/cldap.c @@ -225,6 +225,7 @@ static int recv_cldap_netlogon(int sock, struct cldap_netlogon_reply *reply) asn1_end_tag(&data); if (data.has_error) { + asn1_free(&data); DEBUG(1,("Failed to parse cldap reply\n")); return -1; } @@ -262,6 +263,8 @@ static int recv_cldap_netlogon(int sock, struct cldap_netlogon_reply *reply) data_blob_free(&os3); data_blob_free(&blob); + asn1_free(&data); + return 0; } -- cgit From f3e71c60727366eca0f5023c83c661c36512153d Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Fri, 7 Jul 2006 11:43:47 +0000 Subject: r16861: Fixing crash bug when passing no domain/realm name to the CLDAP request. Guenther (This used to be commit 863aeb621afa7dcec1bfef8e503ef8ed363e3742) --- source3/libads/cldap.c | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) (limited to 'source3/libads/cldap.c') diff --git a/source3/libads/cldap.c b/source3/libads/cldap.c index 11c083a56a..f67372805f 100644 --- a/source3/libads/cldap.c +++ b/source3/libads/cldap.c @@ -115,10 +115,12 @@ static int send_cldap_netlogon(int sock, const char *domain, asn1_write_BOOLEAN2(&data, False); asn1_push_tag(&data, ASN1_CONTEXT(0)); - asn1_push_tag(&data, ASN1_CONTEXT(3)); - asn1_write_OctetString(&data, "DnsDomain", 9); - asn1_write_OctetString(&data, domain, strlen(domain)); - asn1_pop_tag(&data); + if (domain) { + asn1_push_tag(&data, ASN1_CONTEXT(3)); + asn1_write_OctetString(&data, "DnsDomain", 9); + asn1_write_OctetString(&data, domain, strlen(domain)); + asn1_pop_tag(&data); + } asn1_push_tag(&data, ASN1_CONTEXT(3)); asn1_write_OctetString(&data, "Host", 4); -- cgit From 846e939260c30d902952d95413d9cc3d06a82173 Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Mon, 17 Jul 2006 15:00:49 +0000 Subject: r17089: Fix a possible null dereference and some memleaks. Jerry, please check. Thanks, Volker (This used to be commit b87c4952216b6302b0e1f22689b5a36b6aa65349) --- source3/libads/cldap.c | 7 +++++++ 1 file changed, 7 insertions(+) (limited to 'source3/libads/cldap.c') diff --git a/source3/libads/cldap.c b/source3/libads/cldap.c index f67372805f..2e96270e90 100644 --- a/source3/libads/cldap.c +++ b/source3/libads/cldap.c @@ -191,6 +191,11 @@ static int recv_cldap_netlogon(int sock, struct cldap_netlogon_reply *reply) char *p; blob = data_blob(NULL, 8192); + if (blob.data == NULL) { + DEBUG(1, ("data_blob failed\n")); + errno = ENOMEM; + return -1; + } /* Setup timeout */ gotalarm = 0; @@ -206,6 +211,7 @@ static int recv_cldap_netlogon(int sock, struct cldap_netlogon_reply *reply) if (ret <= 0) { DEBUG(1,("no reply received to cldap netlogon\n")); + data_blob_free(&blob); return -1; } blob.length = ret; @@ -227,6 +233,7 @@ static int recv_cldap_netlogon(int sock, struct cldap_netlogon_reply *reply) asn1_end_tag(&data); if (data.has_error) { + data_blob_free(&blob); asn1_free(&data); DEBUG(1,("Failed to parse cldap reply\n")); return -1; -- cgit From 2abab7ee6d04a62017d99578c274244a1cdd27b2 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Wed, 30 Aug 2006 04:40:03 +0000 Subject: r17928: Implement the basic store for CLDAP sitename support when looking up DC's. On every CLDAP call store the returned client sitename (if present, delete store if not) in gencache with infinate timeout. On AD DNS DC lookup, try looking for sitename DC's first, only try generic if sitename DNS lookup failed. I still haven't figured out yet how to ensure we fetch the sitename with a CLDAP query before doing the generic DC list lookup. This code is difficult to understand. I'll do some experiments and backtraces tomorrow to try and work out where to force a CLDAP site query first. Jeremy. (This used to be commit ab3f0c5b1e9c5fd192c5514cbe9451b938f9cd5d) --- source3/libads/cldap.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'source3/libads/cldap.c') diff --git a/source3/libads/cldap.c b/source3/libads/cldap.c index 2e96270e90..3a6083558f 100644 --- a/source3/libads/cldap.c +++ b/source3/libads/cldap.c @@ -260,8 +260,8 @@ static int recv_cldap_netlogon(int sock, struct cldap_netlogon_reply *reply) *reply->user_name = 0; } - p += pull_netlogon_string(reply->site_name, p, (const char *)os3.data); - p += pull_netlogon_string(reply->site_name_2, p, (const char *)os3.data); + p += pull_netlogon_string(reply->server_site_name, p, (const char *)os3.data); + p += pull_netlogon_string(reply->client_site_name, p, (const char *)os3.data); reply->version = IVAL(p, 0); reply->lmnt_token = SVAL(p, 4); -- cgit From 6fada7a82aa67e7b80ff003bd527092da68542c8 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Thu, 31 Aug 2006 01:20:21 +0000 Subject: r17943: The horror, the horror. Add KDC site support by writing out a custom krb5.conf file containing the KDC I need. This may suck.... Needs some testing :-). Jeremy. (This used to be commit d500e1f96d92dfcc6292c448d1b399195f762d89) --- source3/libads/cldap.c | 2 -- 1 file changed, 2 deletions(-) (limited to 'source3/libads/cldap.c') diff --git a/source3/libads/cldap.c b/source3/libads/cldap.c index 3a6083558f..da1dec6b93 100644 --- a/source3/libads/cldap.c +++ b/source3/libads/cldap.c @@ -306,5 +306,3 @@ BOOL ads_cldap_netlogon(const char *server, const char *realm, struct cldap_net return True; } - - -- cgit From fea5d59b8411244b31df7980bdcdab9ed20dc712 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Sat, 2 Sep 2006 23:06:21 +0000 Subject: r18010: Ensure we don't timeout twice to the same server in winbindd when it's down and listed in the -ve connection cache. Fix memory leak, reduce timeout for cldap calls - minimum 3 secs. Jeremy. (This used to be commit 10b32cb6de234fa17fdd691bb294864d4d40f782) --- source3/libads/cldap.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) (limited to 'source3/libads/cldap.c') diff --git a/source3/libads/cldap.c b/source3/libads/cldap.c index da1dec6b93..8e34e27353 100644 --- a/source3/libads/cldap.c +++ b/source3/libads/cldap.c @@ -188,6 +188,8 @@ static int recv_cldap_netlogon(int sock, struct cldap_netlogon_reply *reply) DATA_BLOB blob; DATA_BLOB os1, os2, os3; int i1; + /* half the time of a regular ldap timeout, not less than 3 seconds. */ + unsigned int al_secs = MAX(3,lp_ldap_timeout()/2); char *p; blob = data_blob(NULL, 8192); @@ -200,7 +202,7 @@ static int recv_cldap_netlogon(int sock, struct cldap_netlogon_reply *reply) /* Setup timeout */ gotalarm = 0; CatchSignal(SIGALRM, SIGNAL_CAST gotalarm_sig); - alarm(lp_ldap_timeout()); + alarm(al_secs); /* End setup timeout. */ ret = read(sock, blob.data, blob.length); -- cgit From 30c0e93156817a469a125f5fe7bb466f3bee4cb7 Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Wed, 6 Sep 2006 11:53:13 +0000 Subject: r18162: Close socket when the CLDAP request has failed. Guenther (This used to be commit 714ea3ceab714e23e97eb3e4d7261456a18abbac) --- source3/libads/cldap.c | 1 + 1 file changed, 1 insertion(+) (limited to 'source3/libads/cldap.c') diff --git a/source3/libads/cldap.c b/source3/libads/cldap.c index 8e34e27353..5f7f1b179f 100644 --- a/source3/libads/cldap.c +++ b/source3/libads/cldap.c @@ -297,6 +297,7 @@ BOOL ads_cldap_netlogon(const char *server, const char *realm, struct cldap_net ret = send_cldap_netlogon(sock, realm, global_myname(), 6); if (ret != 0) { + close(sock); return False; } ret = recv_cldap_netlogon(sock, reply); -- cgit From 4bc83e60de829f57f4587b91d5da51efa49f26f4 Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Wed, 6 Sep 2006 13:10:20 +0000 Subject: r18174: Do not return "success" when we failed to write in the CLDAP code. Guenther (This used to be commit 1fe4724f57f4f25ed486240cb1e741da60f0c997) --- source3/libads/cldap.c | 1 + 1 file changed, 1 insertion(+) (limited to 'source3/libads/cldap.c') diff --git a/source3/libads/cldap.c b/source3/libads/cldap.c index 5f7f1b179f..81901d2fd3 100644 --- a/source3/libads/cldap.c +++ b/source3/libads/cldap.c @@ -160,6 +160,7 @@ static int send_cldap_netlogon(int sock, const char *domain, if (write(sock, data.data, data.length) != (ssize_t)data.length) { DEBUG(2,("failed to send cldap query (%s)\n", strerror(errno))); + return -1; } asn1_free(&data); -- cgit From 171a5cd5c01e120cac6c9dadaccd90e98ad836e4 Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Wed, 6 Sep 2006 13:13:12 +0000 Subject: r18175: Forgot to call asn1_free() in previous commit. Guenther (This used to be commit af3779a51624977088c322ac98f52c02e9291b54) --- source3/libads/cldap.c | 1 + 1 file changed, 1 insertion(+) (limited to 'source3/libads/cldap.c') diff --git a/source3/libads/cldap.c b/source3/libads/cldap.c index 81901d2fd3..72018c620d 100644 --- a/source3/libads/cldap.c +++ b/source3/libads/cldap.c @@ -160,6 +160,7 @@ static int send_cldap_netlogon(int sock, const char *domain, if (write(sock, data.data, data.length) != (ssize_t)data.length) { DEBUG(2,("failed to send cldap query (%s)\n", strerror(errno))); + asn1_free(&data); return -1; } -- cgit From aab1dd4ddbe45c625a6e4502cecd20da5762739b Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Wed, 7 Mar 2007 22:29:21 +0000 Subject: r21755: Memory leak fixes from Zack Kirsch . Jeremy. (This used to be commit 02d08ca0be8c374e30c3c0e665853fa9e57f043a) --- source3/libads/cldap.c | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) (limited to 'source3/libads/cldap.c') diff --git a/source3/libads/cldap.c b/source3/libads/cldap.c index 72018c620d..3cb98c59c5 100644 --- a/source3/libads/cldap.c +++ b/source3/libads/cldap.c @@ -187,8 +187,10 @@ static int recv_cldap_netlogon(int sock, struct cldap_netlogon_reply *reply) { int ret; ASN1_DATA data; - DATA_BLOB blob; - DATA_BLOB os1, os2, os3; + DATA_BLOB blob = data_blob(NULL, 0); + DATA_BLOB os1 = data_blob(NULL, 0); + DATA_BLOB os2 = data_blob(NULL, 0); + DATA_BLOB os3 = data_blob(NULL, 0); int i1; /* half the time of a regular ldap timeout, not less than 3 seconds. */ unsigned int al_secs = MAX(3,lp_ldap_timeout()/2); @@ -238,6 +240,9 @@ static int recv_cldap_netlogon(int sock, struct cldap_netlogon_reply *reply) if (data.has_error) { data_blob_free(&blob); + data_blob_free(&os1); + data_blob_free(&os2); + data_blob_free(&os3); asn1_free(&data); DEBUG(1,("Failed to parse cldap reply\n")); return -1; -- cgit From b4a7b7a8889737e2891fc1176feabd4ce47f2737 Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Mon, 14 May 2007 12:16:20 +0000 Subject: r22844: Introduce const DATA_BLOB data_blob_null = { NULL, 0, NULL }; and replace all data_blob(NULL, 0) calls. (This used to be commit 3d3d61687ef00181f4f04e001d42181d93ac931e) --- source3/libads/cldap.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) (limited to 'source3/libads/cldap.c') diff --git a/source3/libads/cldap.c b/source3/libads/cldap.c index 3cb98c59c5..227bbc2a0a 100644 --- a/source3/libads/cldap.c +++ b/source3/libads/cldap.c @@ -187,10 +187,10 @@ static int recv_cldap_netlogon(int sock, struct cldap_netlogon_reply *reply) { int ret; ASN1_DATA data; - DATA_BLOB blob = data_blob(NULL, 0); - DATA_BLOB os1 = data_blob(NULL, 0); - DATA_BLOB os2 = data_blob(NULL, 0); - DATA_BLOB os3 = data_blob(NULL, 0); + DATA_BLOB blob = data_blob_null; + DATA_BLOB os1 = data_blob_null; + DATA_BLOB os2 = data_blob_null; + DATA_BLOB os3 = data_blob_null; int i1; /* half the time of a regular ldap timeout, not less than 3 seconds. */ unsigned int al_secs = MAX(3,lp_ldap_timeout()/2); -- cgit From d824b98f80ba186030cbb70b3a1e5daf80469ecd Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Mon, 9 Jul 2007 19:25:36 +0000 Subject: r23779: Change from v2 or later to v3 or later. Jeremy. (This used to be commit 407e6e695b8366369b7c76af1ff76869b45347b3) --- source3/libads/cldap.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source3/libads/cldap.c') diff --git a/source3/libads/cldap.c b/source3/libads/cldap.c index 227bbc2a0a..041a92d5c9 100644 --- a/source3/libads/cldap.c +++ b/source3/libads/cldap.c @@ -6,7 +6,7 @@ This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 2 of the License, or + the Free Software Foundation; either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, -- cgit From 5e54558c6dea67b56bbfaba5698f3a434d3dffb6 Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Tue, 10 Jul 2007 00:52:41 +0000 Subject: r23784: use the GPLv3 boilerplate as recommended by the FSF and the license text (This used to be commit b0132e94fc5fef936aa766fb99a306b3628e9f07) --- source3/libads/cldap.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) (limited to 'source3/libads/cldap.c') diff --git a/source3/libads/cldap.c b/source3/libads/cldap.c index 041a92d5c9..de0e2e71e4 100644 --- a/source3/libads/cldap.c +++ b/source3/libads/cldap.c @@ -15,8 +15,7 @@ GNU General Public License for more details. You should have received a copy of the GNU General Public License - along with this program; if not, write to the Free Software - Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. + along with this program. If not, see . */ #include "includes.h" -- cgit From 30191d1a5704ad2b158386b511558972d539ce47 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Thu, 18 Oct 2007 17:40:25 -0700 Subject: RIP BOOL. Convert BOOL -> bool. I found a few interesting bugs in various places whilst doing this (places that assumed BOOL == int). I also need to fix the Samba4 pidl generation (next checkin). Jeremy. (This used to be commit f35a266b3cbb3e5fa6a86be60f34fe340a3ca71f) --- source3/libads/cldap.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source3/libads/cldap.c') diff --git a/source3/libads/cldap.c b/source3/libads/cldap.c index de0e2e71e4..39e736f28a 100644 --- a/source3/libads/cldap.c +++ b/source3/libads/cldap.c @@ -289,7 +289,7 @@ static int recv_cldap_netlogon(int sock, struct cldap_netlogon_reply *reply) do a cldap netlogon query. Always 389/udp *******************************************************************/ -BOOL ads_cldap_netlogon(const char *server, const char *realm, struct cldap_netlogon_reply *reply) +bool ads_cldap_netlogon(const char *server, const char *realm, struct cldap_netlogon_reply *reply) { int sock; int ret; -- cgit From ba98dd4989db16028a2690d382ab178524ce765b Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Mon, 21 Apr 2008 19:26:32 +0200 Subject: libads: Use libnbt for CLDAP reply parsing. Guenther (This used to be commit 751f3064a508341c0ebae45e8de9f5311d915d70) --- source3/libads/cldap.c | 105 ++++++------------------------------------------- 1 file changed, 12 insertions(+), 93 deletions(-) (limited to 'source3/libads/cldap.c') diff --git a/source3/libads/cldap.c b/source3/libads/cldap.c index 39e736f28a..6068ca4faf 100644 --- a/source3/libads/cldap.c +++ b/source3/libads/cldap.c @@ -20,72 +20,6 @@ #include "includes.h" -/* - These seem to be strings as described in RFC1035 4.1.4 and can be: - - - a sequence of labels ending in a zero octet - - a pointer - - a sequence of labels ending with a pointer - - A label is a byte where the first two bits must be zero and the remaining - bits represent the length of the label followed by the label itself. - Therefore, the length of a label is at max 64 bytes. Under RFC1035, a - sequence of labels cannot exceed 255 bytes. - - A pointer consists of a 14 bit offset from the beginning of the data. - - struct ptr { - unsigned ident:2; // must be 11 - unsigned offset:14; // from the beginning of data - }; - - This is used as a method to compress the packet by eliminated duplicate - domain components. Since a UDP packet should probably be < 512 bytes and a - DNS name can be up to 255 bytes, this actually makes a lot of sense. -*/ -static unsigned pull_netlogon_string(char *ret, const char *ptr, - const char *data) -{ - char *pret = ret; - int followed_ptr = 0; - unsigned ret_len = 0; - - memset(pret, 0, MAX_DNS_LABEL); - do { - if ((*ptr & 0xc0) == 0xc0) { - uint16 len; - - if (!followed_ptr) { - ret_len += 2; - followed_ptr = 1; - } - len = ((ptr[0] & 0x3f) << 8) | ptr[1]; - ptr = data + len; - } else if (*ptr) { - uint8 len = (uint8)*(ptr++); - - if ((pret - ret + len + 1) >= MAX_DNS_LABEL) { - DEBUG(1,("DC returning too long DNS name\n")); - return 0; - } - - if (pret != ret) { - *pret = '.'; - pret++; - } - memcpy(pret, ptr, len); - pret += len; - ptr += len; - - if (!followed_ptr) { - ret_len += (len + 1); - } - } - } while (*ptr); - - return followed_ptr ? ret_len : ret_len + 1; -} - /* do a cldap netlogon query */ @@ -182,7 +116,7 @@ static void gotalarm_sig(void) /* receive a cldap netlogon reply */ -static int recv_cldap_netlogon(int sock, struct cldap_netlogon_reply *reply) +static int recv_cldap_netlogon(int sock, struct nbt_cldap_netlogon_5 *reply) { int ret; ASN1_DATA data; @@ -193,7 +127,8 @@ static int recv_cldap_netlogon(int sock, struct cldap_netlogon_reply *reply) int i1; /* half the time of a regular ldap timeout, not less than 3 seconds. */ unsigned int al_secs = MAX(3,lp_ldap_timeout()/2); - char *p; + union nbt_cldap_netlogon p; + enum ndr_err_code ndr_err; blob = data_blob(NULL, 8192); if (blob.data == NULL) { @@ -247,33 +182,17 @@ static int recv_cldap_netlogon(int sock, struct cldap_netlogon_reply *reply) return -1; } - p = (char *)os3.data; - - reply->type = IVAL(p, 0); p += 4; - reply->flags = IVAL(p, 0); p += 4; - - memcpy(&reply->guid.info, p, UUID_FLAT_SIZE); - p += UUID_FLAT_SIZE; - - p += pull_netlogon_string(reply->forest, p, (const char *)os3.data); - p += pull_netlogon_string(reply->domain, p, (const char *)os3.data); - p += pull_netlogon_string(reply->hostname, p, (const char *)os3.data); - p += pull_netlogon_string(reply->netbios_domain, p, (const char *)os3.data); - p += pull_netlogon_string(reply->netbios_hostname, p, (const char *)os3.data); - p += pull_netlogon_string(reply->unk, p, (const char *)os3.data); - - if (reply->type == SAMLOGON_AD_R) { - p += pull_netlogon_string(reply->user_name, p, (const char *)os3.data); - } else { - *reply->user_name = 0; + ndr_err = ndr_pull_union_blob_all(&os3, talloc_tos(), &p, 5, + (ndr_pull_flags_fn_t)ndr_pull_nbt_cldap_netlogon); + if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) { + return -1; } - p += pull_netlogon_string(reply->server_site_name, p, (const char *)os3.data); - p += pull_netlogon_string(reply->client_site_name, p, (const char *)os3.data); + *reply = p.logon5; - reply->version = IVAL(p, 0); - reply->lmnt_token = SVAL(p, 4); - reply->lm20_token = SVAL(p, 6); + if (DEBUGLEVEL >= 10) { + NDR_PRINT_UNION_DEBUG(nbt_cldap_netlogon, 5, &p); + } data_blob_free(&os1); data_blob_free(&os2); @@ -289,7 +208,7 @@ static int recv_cldap_netlogon(int sock, struct cldap_netlogon_reply *reply) do a cldap netlogon query. Always 389/udp *******************************************************************/ -bool ads_cldap_netlogon(const char *server, const char *realm, struct cldap_netlogon_reply *reply) +bool ads_cldap_netlogon(const char *server, const char *realm, struct nbt_cldap_netlogon_5 *reply) { int sock; int ret; -- cgit From 1dd7ab38e7f7b5dae46cef4567957c71d6b5cc23 Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Mon, 21 Apr 2008 19:47:13 +0200 Subject: cldap: add talloc context to ads_cldap_netlogon(). Guenther (This used to be commit 4cee7b1bd5cd97c414b73d6f39238958480cdcf3) --- source3/libads/cldap.c | 13 +++++++++---- 1 file changed, 9 insertions(+), 4 deletions(-) (limited to 'source3/libads/cldap.c') diff --git a/source3/libads/cldap.c b/source3/libads/cldap.c index 6068ca4faf..be084c9df6 100644 --- a/source3/libads/cldap.c +++ b/source3/libads/cldap.c @@ -116,7 +116,9 @@ static void gotalarm_sig(void) /* receive a cldap netlogon reply */ -static int recv_cldap_netlogon(int sock, struct nbt_cldap_netlogon_5 *reply) +static int recv_cldap_netlogon(TALLOC_CTX *mem_ctx, + int sock, + struct nbt_cldap_netlogon_5 *reply) { int ret; ASN1_DATA data; @@ -182,7 +184,7 @@ static int recv_cldap_netlogon(int sock, struct nbt_cldap_netlogon_5 *reply) return -1; } - ndr_err = ndr_pull_union_blob_all(&os3, talloc_tos(), &p, 5, + ndr_err = ndr_pull_union_blob_all(&os3, mem_ctx, &p, 5, (ndr_pull_flags_fn_t)ndr_pull_nbt_cldap_netlogon); if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) { return -1; @@ -208,7 +210,10 @@ static int recv_cldap_netlogon(int sock, struct nbt_cldap_netlogon_5 *reply) do a cldap netlogon query. Always 389/udp *******************************************************************/ -bool ads_cldap_netlogon(const char *server, const char *realm, struct nbt_cldap_netlogon_5 *reply) +bool ads_cldap_netlogon(TALLOC_CTX *mem_ctx, + const char *server, + const char *realm, + struct nbt_cldap_netlogon_5 *reply) { int sock; int ret; @@ -225,7 +230,7 @@ bool ads_cldap_netlogon(const char *server, const char *realm, struct nbt_cldap close(sock); return False; } - ret = recv_cldap_netlogon(sock, reply); + ret = recv_cldap_netlogon(mem_ctx, sock, reply); close(sock); if (ret == -1) { -- cgit From 1f6065765c148251488acd068fdea98717f7233f Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Mon, 5 May 2008 18:04:41 +0200 Subject: mailslot/cldap: use nt_version bits in queries. Guenther (This used to be commit b261f063125f8454d8f4e8f6b6f8aa5bc393ea34) --- source3/libads/cldap.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'source3/libads/cldap.c') diff --git a/source3/libads/cldap.c b/source3/libads/cldap.c index be084c9df6..8b23ff9022 100644 --- a/source3/libads/cldap.c +++ b/source3/libads/cldap.c @@ -217,6 +217,7 @@ bool ads_cldap_netlogon(TALLOC_CTX *mem_ctx, { int sock; int ret; + uint32_t nt_version = NETLOGON_VERSION_5 | NETLOGON_VERSION_5EX; sock = open_udp_socket(server, LDAP_PORT ); if (sock == -1) { @@ -225,7 +226,7 @@ bool ads_cldap_netlogon(TALLOC_CTX *mem_ctx, return False; } - ret = send_cldap_netlogon(sock, realm, global_myname(), 6); + ret = send_cldap_netlogon(sock, realm, global_myname(), nt_version); if (ret != 0) { close(sock); return False; -- cgit From cdd9913c4a7d254ab3ef677737493f9f540272c7 Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Wed, 7 May 2008 15:49:09 +0200 Subject: cldap: let ads_cldap_netlogon() return all possible cldap replies. Guenther (This used to be commit 6f9d5e1cc94bc90685b54c04622b8f3357bd2f69) --- source3/libads/cldap.c | 69 ++++++++++++++++++++++++++++++++++++++++---------- 1 file changed, 55 insertions(+), 14 deletions(-) (limited to 'source3/libads/cldap.c') diff --git a/source3/libads/cldap.c b/source3/libads/cldap.c index 8b23ff9022..e4fa965a0f 100644 --- a/source3/libads/cldap.c +++ b/source3/libads/cldap.c @@ -3,6 +3,7 @@ net ads cldap functions Copyright (C) 2001 Andrew Tridgell (tridge@samba.org) Copyright (C) 2003 Jim McDonough (jmcd@us.ibm.com) + Copyright (C) 2008 Guenther Deschner (gd@samba.org) This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -118,7 +119,8 @@ static void gotalarm_sig(void) */ static int recv_cldap_netlogon(TALLOC_CTX *mem_ctx, int sock, - struct nbt_cldap_netlogon_5 *reply) + uint32_t *nt_version, + union nbt_cldap_netlogon **reply) { int ret; ASN1_DATA data; @@ -129,8 +131,7 @@ static int recv_cldap_netlogon(TALLOC_CTX *mem_ctx, int i1; /* half the time of a regular ldap timeout, not less than 3 seconds. */ unsigned int al_secs = MAX(3,lp_ldap_timeout()/2); - union nbt_cldap_netlogon p; - enum ndr_err_code ndr_err; + union nbt_cldap_netlogon *r = NULL; blob = data_blob(NULL, 8192); if (blob.data == NULL) { @@ -184,16 +185,23 @@ static int recv_cldap_netlogon(TALLOC_CTX *mem_ctx, return -1; } - ndr_err = ndr_pull_union_blob_all(&os3, mem_ctx, &p, 5, - (ndr_pull_flags_fn_t)ndr_pull_nbt_cldap_netlogon); - if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) { + r = TALLOC_ZERO_P(mem_ctx, union nbt_cldap_netlogon); + if (!r) { + errno = ENOMEM; + data_blob_free(&os1); + data_blob_free(&os2); + data_blob_free(&os3); + data_blob_free(&blob); return -1; } - *reply = p.logon5; - - if (DEBUGLEVEL >= 10) { - NDR_PRINT_UNION_DEBUG(nbt_cldap_netlogon, 5, &p); + if (!pull_mailslot_cldap_reply(mem_ctx, &os3, r, nt_version)) { + data_blob_free(&os1); + data_blob_free(&os2); + data_blob_free(&os3); + data_blob_free(&blob); + TALLOC_FREE(r); + return -1; } data_blob_free(&os1); @@ -203,6 +211,12 @@ static int recv_cldap_netlogon(TALLOC_CTX *mem_ctx, asn1_free(&data); + if (reply) { + *reply = r; + } else { + TALLOC_FREE(r); + } + return 0; } @@ -213,11 +227,11 @@ static int recv_cldap_netlogon(TALLOC_CTX *mem_ctx, bool ads_cldap_netlogon(TALLOC_CTX *mem_ctx, const char *server, const char *realm, - struct nbt_cldap_netlogon_5 *reply) + uint32_t *nt_version, + union nbt_cldap_netlogon **reply) { int sock; int ret; - uint32_t nt_version = NETLOGON_VERSION_5 | NETLOGON_VERSION_5EX; sock = open_udp_socket(server, LDAP_PORT ); if (sock == -1) { @@ -226,12 +240,12 @@ bool ads_cldap_netlogon(TALLOC_CTX *mem_ctx, return False; } - ret = send_cldap_netlogon(sock, realm, global_myname(), nt_version); + ret = send_cldap_netlogon(sock, realm, global_myname(), *nt_version); if (ret != 0) { close(sock); return False; } - ret = recv_cldap_netlogon(mem_ctx, sock, reply); + ret = recv_cldap_netlogon(mem_ctx, sock, nt_version, reply); close(sock); if (ret == -1) { @@ -240,3 +254,30 @@ bool ads_cldap_netlogon(TALLOC_CTX *mem_ctx, return True; } + +/******************************************************************* + do a cldap netlogon query. Always 389/udp +*******************************************************************/ + +bool ads_cldap_netlogon_5(TALLOC_CTX *mem_ctx, + const char *server, + const char *realm, + struct nbt_cldap_netlogon_5 *reply5) +{ + uint32_t nt_version = NETLOGON_VERSION_5 | NETLOGON_VERSION_5EX; + union nbt_cldap_netlogon *reply = NULL; + bool ret; + + ret = ads_cldap_netlogon(mem_ctx, server, realm, &nt_version, &reply); + if (!ret) { + return false; + } + + if (nt_version != (NETLOGON_VERSION_5 | NETLOGON_VERSION_5EX)) { + return false; + } + + *reply5 = reply->logon5; + + return true; +} -- cgit From 4bd94c8338bef61477170bc41a8073739d55d812 Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Wed, 7 May 2008 21:31:59 +0200 Subject: cldap: move out cldap object to fix the build. Guenther (This used to be commit 56be9c98d24e64bf855439df21766d30f448f407) --- source3/libads/cldap.c | 84 ++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 84 insertions(+) (limited to 'source3/libads/cldap.c') diff --git a/source3/libads/cldap.c b/source3/libads/cldap.c index e4fa965a0f..3a5a8b0647 100644 --- a/source3/libads/cldap.c +++ b/source3/libads/cldap.c @@ -281,3 +281,87 @@ bool ads_cldap_netlogon_5(TALLOC_CTX *mem_ctx, return true; } + +/**************************************************************** +****************************************************************/ + +bool pull_mailslot_cldap_reply(TALLOC_CTX *mem_ctx, + const DATA_BLOB *blob, + union nbt_cldap_netlogon *r, + uint32_t *nt_version) +{ + enum ndr_err_code ndr_err; + uint32_t nt_version_query = ((*nt_version) & 0x000000ff); + uint16_t command = 0; + + ndr_err = ndr_pull_struct_blob(blob, mem_ctx, &command, + (ndr_pull_flags_fn_t)ndr_pull_uint16); + if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) { + return false; + } + + switch (command) { + case 0x13: /* 19 */ + case 0x15: /* 21 */ + case 0x17: /* 23 */ + break; + default: + DEBUG(1,("got unexpected command: %d (0x%08x)\n", + command, command)); + return false; + } + + ndr_err = ndr_pull_union_blob_all(blob, mem_ctx, r, nt_version_query, + (ndr_pull_flags_fn_t)ndr_pull_nbt_cldap_netlogon); + if (NDR_ERR_CODE_IS_SUCCESS(ndr_err)) { + goto done; + } + + /* when the caller requested just those nt_version bits that the server + * was able to reply to, we are fine and all done. otherwise we need to + * assume downgraded replies which are painfully parsed here - gd */ + + if (nt_version_query & NETLOGON_VERSION_WITH_CLOSEST_SITE) { + nt_version_query &= ~NETLOGON_VERSION_WITH_CLOSEST_SITE; + } + ndr_err = ndr_pull_union_blob_all(blob, mem_ctx, r, nt_version_query, + (ndr_pull_flags_fn_t)ndr_pull_nbt_cldap_netlogon); + if (NDR_ERR_CODE_IS_SUCCESS(ndr_err)) { + goto done; + } + if (nt_version_query & NETLOGON_VERSION_5EX_WITH_IP) { + nt_version_query &= ~NETLOGON_VERSION_5EX_WITH_IP; + } + ndr_err = ndr_pull_union_blob_all(blob, mem_ctx, r, nt_version_query, + (ndr_pull_flags_fn_t)ndr_pull_nbt_cldap_netlogon); + if (NDR_ERR_CODE_IS_SUCCESS(ndr_err)) { + goto done; + } + if (nt_version_query & NETLOGON_VERSION_5EX) { + nt_version_query &= ~NETLOGON_VERSION_5EX; + } + ndr_err = ndr_pull_union_blob_all(blob, mem_ctx, r, nt_version_query, + (ndr_pull_flags_fn_t)ndr_pull_nbt_cldap_netlogon); + if (NDR_ERR_CODE_IS_SUCCESS(ndr_err)) { + goto done; + } + if (nt_version_query & NETLOGON_VERSION_5) { + nt_version_query &= ~NETLOGON_VERSION_5; + } + ndr_err = ndr_pull_union_blob_all(blob, mem_ctx, r, nt_version_query, + (ndr_pull_flags_fn_t)ndr_pull_nbt_cldap_netlogon); + if (NDR_ERR_CODE_IS_SUCCESS(ndr_err)) { + goto done; + } + + return false; + + done: + if (DEBUGLEVEL >= 10) { + NDR_PRINT_UNION_DEBUG(nbt_cldap_netlogon, nt_version_query, r); + } + + *nt_version = nt_version_query; + + return true; +} -- cgit From d59cf703ba5d6ac18e4399d12b043d5e68230403 Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Fri, 9 May 2008 17:41:50 +0200 Subject: dsgetdcname: make use of nbt_cldap_netlogon_15. Guenther (This used to be commit 5b0eda98f3d127399770f7a037ad3277dbe23393) --- source3/libads/cldap.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source3/libads/cldap.c') diff --git a/source3/libads/cldap.c b/source3/libads/cldap.c index 3a5a8b0647..efe13cc756 100644 --- a/source3/libads/cldap.c +++ b/source3/libads/cldap.c @@ -291,7 +291,7 @@ bool pull_mailslot_cldap_reply(TALLOC_CTX *mem_ctx, uint32_t *nt_version) { enum ndr_err_code ndr_err; - uint32_t nt_version_query = ((*nt_version) & 0x000000ff); + uint32_t nt_version_query = ((*nt_version) & 0x0000001f); uint16_t command = 0; ndr_err = ndr_pull_struct_blob(blob, mem_ctx, &command, -- cgit From 21e759ef64ce75958c52c5c5215ee6f4d5151f25 Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Thu, 5 Jun 2008 18:54:14 +0200 Subject: mailslot: always pull a command 25 type reply. Guenther (This used to be commit 1ce726b951621cb4b34069c31d1318fc04ad2389) --- source3/libads/cldap.c | 1 + 1 file changed, 1 insertion(+) (limited to 'source3/libads/cldap.c') diff --git a/source3/libads/cldap.c b/source3/libads/cldap.c index efe13cc756..11565065af 100644 --- a/source3/libads/cldap.c +++ b/source3/libads/cldap.c @@ -304,6 +304,7 @@ bool pull_mailslot_cldap_reply(TALLOC_CTX *mem_ctx, case 0x13: /* 19 */ case 0x15: /* 21 */ case 0x17: /* 23 */ + case 0x19: /* 25 */ break; default: DEBUG(1,("got unexpected command: %d (0x%08x)\n", -- cgit