From 0e9008be35a5b334bd65e6417193d4b8f27bdc36 Mon Sep 17 00:00:00 2001
From: Jelmer Vernooij <jelmer@samba.org>
Date: Sun, 21 Sep 2008 21:26:40 +0200
Subject: Rename smbd -> samba.

---
 source4/rpc_server/config.mk | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'source4/rpc_server')

diff --git a/source4/rpc_server/config.mk b/source4/rpc_server/config.mk
index 6b1813544e..fb697d0c0f 100644
--- a/source4/rpc_server/config.mk
+++ b/source4/rpc_server/config.mk
@@ -206,7 +206,7 @@ PUBLIC_HEADERS += $(rpc_serversrcdir)/dcerpc_server.h
 
 [MODULE::DCESRV]
 INIT_FUNCTION = server_service_rpc_init
-SUBSYSTEM = smbd
+SUBSYSTEM = samba
 PRIVATE_DEPENDENCIES = dcerpc_server
 
 DCESRV_OBJ_FILES = $(rpc_serversrcdir)/service_rpc.o
-- 
cgit 


From 05ea5e23cf4e70de0bd658b1c5c0ead133967091 Mon Sep 17 00:00:00 2001
From: Jelmer Vernooij <jelmer@samba.org>
Date: Sun, 21 Sep 2008 21:32:40 +0200
Subject: Revert "Rename smbd -> samba."

This reverts commit 0e9008be35a5b334bd65e6417193d4b8f27bdc36.
---
 source4/rpc_server/config.mk | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'source4/rpc_server')

diff --git a/source4/rpc_server/config.mk b/source4/rpc_server/config.mk
index fb697d0c0f..6b1813544e 100644
--- a/source4/rpc_server/config.mk
+++ b/source4/rpc_server/config.mk
@@ -206,7 +206,7 @@ PUBLIC_HEADERS += $(rpc_serversrcdir)/dcerpc_server.h
 
 [MODULE::DCESRV]
 INIT_FUNCTION = server_service_rpc_init
-SUBSYSTEM = samba
+SUBSYSTEM = smbd
 PRIVATE_DEPENDENCIES = dcerpc_server
 
 DCESRV_OBJ_FILES = $(rpc_serversrcdir)/service_rpc.o
-- 
cgit 


From c39d1b829b02d275ea1052afec58ab40f22267a3 Mon Sep 17 00:00:00 2001
From: Andrew Bartlett <abartlet@samba.org>
Date: Mon, 22 Sep 2008 17:50:43 -0700
Subject: Remove unused parameter from decode_pw_buffer and fail on invalid
 UTF-16 input

The input checking is important, as otherwise we could set the wrong
password.

Andrew Bartlett
---
 source4/rpc_server/netlogon/dcerpc_netlogon.c |  3 +--
 source4/rpc_server/samr/samr_password.c       | 10 ++++------
 2 files changed, 5 insertions(+), 8 deletions(-)

(limited to 'source4/rpc_server')

diff --git a/source4/rpc_server/netlogon/dcerpc_netlogon.c b/source4/rpc_server/netlogon/dcerpc_netlogon.c
index 6f4287f9d8..cceb2a62ac 100644
--- a/source4/rpc_server/netlogon/dcerpc_netlogon.c
+++ b/source4/rpc_server/netlogon/dcerpc_netlogon.c
@@ -337,7 +337,6 @@ static NTSTATUS dcesrv_netr_ServerPasswordSet2(struct dcesrv_call_state *dce_cal
 	struct ldb_context *sam_ctx;
 	NTSTATUS nt_status;
 	char new_pass[512];
-	uint32_t new_pass_len;
 	bool ret;
 
 	struct samr_CryptPassword password_buf;
@@ -358,7 +357,7 @@ static NTSTATUS dcesrv_netr_ServerPasswordSet2(struct dcesrv_call_state *dce_cal
 	creds_arcfour_crypt(creds, password_buf.data, 516);
 
 	ret = decode_pw_buffer(password_buf.data, new_pass, sizeof(new_pass),
-			       &new_pass_len, STR_UNICODE);
+			       STR_UNICODE);
 	if (!ret) {
 		DEBUG(3,("netr_ServerPasswordSet2: failed to decode password buffer\n"));
 		return NT_STATUS_ACCESS_DENIED;
diff --git a/source4/rpc_server/samr/samr_password.c b/source4/rpc_server/samr/samr_password.c
index b78a9ceaa7..5b8e92583b 100644
--- a/source4/rpc_server/samr/samr_password.c
+++ b/source4/rpc_server/samr/samr_password.c
@@ -243,7 +243,7 @@ NTSTATUS dcesrv_samr_OemChangePasswordUser2(struct dcesrv_call_state *dce_call,
 	data_blob_free(&lm_pwd_blob);
 	
 	if (!decode_pw_buffer(pwbuf->data, new_pass, sizeof(new_pass),
-			      &new_pass_len, STR_ASCII)) {
+			      STR_ASCII)) {
 		ldb_transaction_cancel(sam_ctx);
 		DEBUG(3,("samr: failed to decode password buffer\n"));
 		return NT_STATUS_WRONG_PASSWORD;
@@ -321,7 +321,6 @@ NTSTATUS dcesrv_samr_ChangePasswordUser3(struct dcesrv_call_state *dce_call,
 {	
 	NTSTATUS status;
 	char new_pass[512];
-	uint32_t new_pass_len;
 	struct ldb_context *sam_ctx = NULL;
 	struct ldb_dn *user_dn;
 	int ret;
@@ -386,7 +385,7 @@ NTSTATUS dcesrv_samr_ChangePasswordUser3(struct dcesrv_call_state *dce_call,
 	data_blob_free(&nt_pwd_blob);
 
 	if (!decode_pw_buffer(r->in.nt_password->data, new_pass, sizeof(new_pass),
-			      &new_pass_len, STR_UNICODE)) {
+			      STR_UNICODE)) {
 		DEBUG(3,("samr: failed to decode password buffer\n"));
 		status = NT_STATUS_WRONG_PASSWORD;
 		goto failed;
@@ -519,7 +518,6 @@ NTSTATUS samr_set_password(struct dcesrv_call_state *dce_call,
 {
 	NTSTATUS nt_status;
 	char new_pass[512];
-	uint32_t new_pass_len;
 	DATA_BLOB session_key = data_blob(NULL, 0);
 
 	nt_status = dcesrv_fetch_session_key(dce_call->conn, &session_key);
@@ -530,7 +528,7 @@ NTSTATUS samr_set_password(struct dcesrv_call_state *dce_call,
 	arcfour_crypt_blob(pwbuf->data, 516, &session_key);
 
 	if (!decode_pw_buffer(pwbuf->data, new_pass, sizeof(new_pass),
-			      &new_pass_len, STR_UNICODE)) {
+			      STR_UNICODE)) {
 		DEBUG(3,("samr: failed to decode password buffer\n"));
 		return NT_STATUS_WRONG_PASSWORD;
 	}
@@ -583,7 +581,7 @@ NTSTATUS samr_set_password_ex(struct dcesrv_call_state *dce_call,
 	arcfour_crypt_blob(pwbuf->data, 516, &co_session_key);
 
 	if (!decode_pw_buffer(pwbuf->data, new_pass, sizeof(new_pass),
-			      &new_pass_len, STR_UNICODE)) {
+			      STR_UNICODE)) {
 		DEBUG(3,("samr: failed to decode password buffer\n"));
 		return NT_STATUS_WRONG_PASSWORD;
 	}
-- 
cgit 


From 508527890adc7bedd47522a7dae0c96d2b2e4bae Mon Sep 17 00:00:00 2001
From: Simo Sorce <idra@samba.org>
Date: Tue, 23 Sep 2008 14:30:06 -0400
Subject: Merge ldb_search() and ldb_search_exp_fmt() into a simgle function.
 The previous ldb_search() interface made it way too easy to leak results, and
 being able to use a printf-like expression turns to be really useful.

---
 source4/rpc_server/drsuapi/dcesrv_drsuapi.c | 18 +++++++++---------
 source4/rpc_server/lsa/lsa_init.c           |  9 ++++-----
 source4/rpc_server/samr/dcesrv_samr.c       | 12 ++++++------
 3 files changed, 19 insertions(+), 20 deletions(-)

(limited to 'source4/rpc_server')

diff --git a/source4/rpc_server/drsuapi/dcesrv_drsuapi.c b/source4/rpc_server/drsuapi/dcesrv_drsuapi.c
index bbb78cb778..d555ba27bf 100644
--- a/source4/rpc_server/drsuapi/dcesrv_drsuapi.c
+++ b/source4/rpc_server/drsuapi/dcesrv_drsuapi.c
@@ -69,7 +69,7 @@ static WERROR dcesrv_drsuapi_DsBind(struct dcesrv_call_state *dce_call, TALLOC_C
 	server_site_dn = samdb_server_site_dn(b_state->sam_ctx, mem_ctx);
 	W_ERROR_HAVE_NO_MEMORY(server_site_dn);
 
-	ret = ldb_search_exp_fmt(b_state->sam_ctx, mem_ctx, &site_res,
+	ret = ldb_search(b_state->sam_ctx, mem_ctx, &site_res,
 				 server_site_dn, LDB_SCOPE_BASE, site_attrs,
 				 "(objectClass=*)");
 	if (ret != LDB_SUCCESS) {
@@ -86,7 +86,7 @@ static WERROR dcesrv_drsuapi_DsBind(struct dcesrv_call_state *dce_call, TALLOC_C
 	ntds_dn = samdb_ntds_settings_dn(b_state->sam_ctx);
 	W_ERROR_HAVE_NO_MEMORY(ntds_dn);
 
-	ret = ldb_search_exp_fmt(b_state->sam_ctx, mem_ctx, &ntds_res,
+	ret = ldb_search(b_state->sam_ctx, mem_ctx, &ntds_res,
 				 ntds_dn, LDB_SCOPE_BASE, ntds_attrs,
 				 "(objectClass=*)");
 	if (ret != LDB_SUCCESS) {
@@ -540,7 +540,7 @@ static WERROR dcesrv_drsuapi_DsGetDomainControllerInfo_1(struct drsuapi_bind_sta
 		return WERR_UNKNOWN_LEVEL;
 	}
 
-	ret = ldb_search_exp_fmt(b_state->sam_ctx, mem_ctx, &res, sites_dn, LDB_SCOPE_SUBTREE, attrs, 
+	ret = ldb_search(b_state->sam_ctx, mem_ctx, &res, sites_dn, LDB_SCOPE_SUBTREE, attrs,
 				 "objectClass=server");
 	
 	if (ret) {
@@ -571,7 +571,7 @@ static WERROR dcesrv_drsuapi_DsGetDomainControllerInfo_1(struct drsuapi_bind_sta
 				return WERR_NOMEM;
 			}
 
-			ret = ldb_search_exp_fmt(b_state->sam_ctx, mem_ctx, &res_account, ref_dn, 
+			ret = ldb_search(b_state->sam_ctx, mem_ctx, &res_account, ref_dn,
 						 LDB_SCOPE_BASE, attrs_account_1, "objectClass=computer");
 			if (ret == LDB_SUCCESS && res_account->count == 1) {
 				const char *errstr;
@@ -588,7 +588,7 @@ static WERROR dcesrv_drsuapi_DsGetDomainControllerInfo_1(struct drsuapi_bind_sta
 								     &domain_dn, &errstr);
 				
 				if (ret == LDB_SUCCESS) {
-					ret = ldb_search_exp_fmt(b_state->sam_ctx, mem_ctx, &res_domain, domain_dn, 
+					ret = ldb_search(b_state->sam_ctx, mem_ctx, &res_domain, domain_dn,
 								 LDB_SCOPE_BASE, attrs_none, "fSMORoleOwner=%s",
 								 ldb_dn_get_linearized(ntds_dn));
 					if (ret) {
@@ -641,7 +641,7 @@ static WERROR dcesrv_drsuapi_DsGetDomainControllerInfo_1(struct drsuapi_bind_sta
 				return WERR_NOMEM;
 			}
 
-			ret = ldb_search_exp_fmt(b_state->sam_ctx, mem_ctx, &res_ntds, ntds_dn, 
+			ret = ldb_search(b_state->sam_ctx, mem_ctx, &res_ntds, ntds_dn,
 						 LDB_SCOPE_BASE, attrs_ntds, "objectClass=nTDSDSA");
 			if (ret == LDB_SUCCESS && res_ntds->count == 1) {
 				ctr2->array[i].is_gc
@@ -655,7 +655,7 @@ static WERROR dcesrv_drsuapi_DsGetDomainControllerInfo_1(struct drsuapi_bind_sta
 					  ldb_dn_get_linearized(ntds_dn), ldb_errstring(b_state->sam_ctx)));
 			}
 
-			ret = ldb_search_exp_fmt(b_state->sam_ctx, mem_ctx, &res_site, site_dn, 
+			ret = ldb_search(b_state->sam_ctx, mem_ctx, &res_site, site_dn,
 						 LDB_SCOPE_BASE, attrs_site, "objectClass=site");
 			if (ret == LDB_SUCCESS && res_site->count == 1) {
 				ctr2->array[i].site_guid 
@@ -667,7 +667,7 @@ static WERROR dcesrv_drsuapi_DsGetDomainControllerInfo_1(struct drsuapi_bind_sta
 					  ldb_dn_get_linearized(site_dn), ldb_errstring(b_state->sam_ctx)));
 			}
 
-			ret = ldb_search_exp_fmt(b_state->sam_ctx, mem_ctx, &res_account, ref_dn, 
+			ret = ldb_search(b_state->sam_ctx, mem_ctx, &res_account, ref_dn,
 						 LDB_SCOPE_BASE, attrs_account_2, "objectClass=computer");
 			if (ret == LDB_SUCCESS && res_account->count == 1) {
 				const char *errstr;
@@ -685,7 +685,7 @@ static WERROR dcesrv_drsuapi_DsGetDomainControllerInfo_1(struct drsuapi_bind_sta
 								     &domain_dn, &errstr);
 				
 				if (ret == LDB_SUCCESS) {
-					ret = ldb_search_exp_fmt(b_state->sam_ctx, mem_ctx, &res_domain, domain_dn, 
+					ret = ldb_search(b_state->sam_ctx, mem_ctx, &res_domain, domain_dn,
 								 LDB_SCOPE_BASE, attrs_none, "fSMORoleOwner=%s",
 								 ldb_dn_get_linearized(ntds_dn));
 					if (ret == LDB_SUCCESS && res_domain->count == 1) {
diff --git a/source4/rpc_server/lsa/lsa_init.c b/source4/rpc_server/lsa/lsa_init.c
index 0dc21fd9c5..e5e31c74f8 100644
--- a/source4/rpc_server/lsa/lsa_init.c
+++ b/source4/rpc_server/lsa/lsa_init.c
@@ -71,12 +71,11 @@ NTSTATUS dcesrv_lsa_get_policy_state(struct dcesrv_call_state *dce_call, TALLOC_
 		return NT_STATUS_NO_MEMORY;		
 	}
 
-	ret = ldb_search(state->sam_ldb, state->domain_dn, LDB_SCOPE_BASE, NULL, dom_attrs, &dom_res);
-	
+	ret = ldb_search(state->sam_ldb, mem_ctx, &dom_res,
+			 state->domain_dn, LDB_SCOPE_BASE, dom_attrs, NULL);
 	if (ret != LDB_SUCCESS) {
 		return NT_STATUS_INVALID_SYSTEM_SERVICE;
 	}
-	talloc_steal(mem_ctx, dom_res);
 	if (dom_res->count != 1) {
 		return NT_STATUS_NO_SUCH_DOMAIN;		
 	}
@@ -95,7 +94,7 @@ NTSTATUS dcesrv_lsa_get_policy_state(struct dcesrv_call_state *dce_call, TALLOC_
 	
 	talloc_free(dom_res);
 
-	ret = ldb_search_exp_fmt(state->sam_ldb, state, &ref_res,
+	ret = ldb_search(state->sam_ldb, state, &ref_res,
 				 partitions_basedn, LDB_SCOPE_SUBTREE, ref_attrs,
 				 "(&(objectclass=crossRef)(ncName=%s))",
 				 ldb_dn_get_linearized(state->domain_dn));
@@ -125,7 +124,7 @@ NTSTATUS dcesrv_lsa_get_policy_state(struct dcesrv_call_state *dce_call, TALLOC_
 
 	talloc_free(ref_res);
 
-	ret = ldb_search_exp_fmt(state->sam_ldb, state, &forest_ref_res,
+	ret = ldb_search(state->sam_ldb, state, &forest_ref_res,
 				 partitions_basedn, LDB_SCOPE_SUBTREE, ref_attrs,
 				 "(&(objectclass=crossRef)(ncName=%s))",
 				 ldb_dn_get_linearized(state->forest_dn));
diff --git a/source4/rpc_server/samr/dcesrv_samr.c b/source4/rpc_server/samr/dcesrv_samr.c
index e54d518f76..9daf4f2194 100644
--- a/source4/rpc_server/samr/dcesrv_samr.c
+++ b/source4/rpc_server/samr/dcesrv_samr.c
@@ -341,7 +341,7 @@ static NTSTATUS dcesrv_samr_EnumDomains(struct dcesrv_call_state *dce_call, TALL
 
 	partitions_basedn = samdb_partitions_dn(c_state->sam_ctx, mem_ctx);
 
-	ret = ldb_search_exp_fmt(c_state->sam_ctx, mem_ctx, &dom_res, ldb_get_default_basedn(c_state->sam_ctx),
+	ret = ldb_search(c_state->sam_ctx, mem_ctx, &dom_res, ldb_get_default_basedn(c_state->sam_ctx),
 				 LDB_SCOPE_SUBTREE, dom_attrs, "(|(|(objectClass=domain)(objectClass=builtinDomain))(objectClass=samba4LocalDomain))");
 	if (ret != LDB_SUCCESS) {
 		DEBUG(0,("samdb: unable to find domains: %s\n", ldb_errstring(c_state->sam_ctx)));
@@ -373,7 +373,7 @@ static NTSTATUS dcesrv_samr_EnumDomains(struct dcesrv_call_state *dce_call, TALL
 	for (i=0;i<dom_res->count-start_i;i++) {
 		array->entries[i].idx = start_i + i;
 		/* try and find the domain */
-		ret = ldb_search_exp_fmt(c_state->sam_ctx, mem_ctx, &ref_res, partitions_basedn,
+		ret = ldb_search(c_state->sam_ctx, mem_ctx, &ref_res, partitions_basedn,
 					 LDB_SCOPE_SUBTREE, ref_attrs, "(&(objectClass=crossRef)(ncName=%s))", 
 					 ldb_dn_get_linearized(dom_res->msgs[i]->dn));
 
@@ -1502,7 +1502,7 @@ static NTSTATUS dcesrv_samr_EnumDomainUsers(struct dcesrv_call_state *dce_call,
 	d_state = h->data;
 	
 	/* don't have to worry about users in the builtin domain, as there are none */
-	ret = ldb_search_exp_fmt(d_state->sam_ctx, mem_ctx, &res, d_state->domain_dn, LDB_SCOPE_SUBTREE, attrs, "objectClass=user");
+	ret = ldb_search(d_state->sam_ctx, mem_ctx, &res, d_state->domain_dn, LDB_SCOPE_SUBTREE, attrs, "objectClass=user");
 
 	if (ret != LDB_SUCCESS) {
 		DEBUG(3, ("Failed to search for Domain Users in %s: %s\n", 
@@ -2110,7 +2110,7 @@ static NTSTATUS dcesrv_samr_QueryGroupInfo(struct dcesrv_call_state *dce_call, T
 
 	a_state = h->data;
 	
-	ret = ldb_search_exp_fmt(a_state->sam_ctx, mem_ctx, &res, a_state->account_dn, LDB_SCOPE_SUBTREE, attrs, "objectClass=*");
+	ret = ldb_search(a_state->sam_ctx, mem_ctx, &res, a_state->account_dn, LDB_SCOPE_SUBTREE, attrs, "objectClass=*");
 	
 	if (ret == LDB_ERR_NO_SUCH_OBJECT) {
 		return NT_STATUS_NO_SUCH_GROUP;
@@ -2246,7 +2246,7 @@ static NTSTATUS dcesrv_samr_AddGroupMember(struct dcesrv_call_state *dce_call, T
 
 	/* In native mode, AD can also nest domain groups. Not sure yet
 	 * whether this is also available via RPC. */
-	ret = ldb_search_exp_fmt(d_state->sam_ctx, mem_ctx, &res,
+	ret = ldb_search(d_state->sam_ctx, mem_ctx, &res,
 				 d_state->domain_dn, LDB_SCOPE_SUBTREE, attrs,
 				 "(&(objectSid=%s)(objectclass=user))",
 				 ldap_encode_ndr_dom_sid(mem_ctx, membersid));
@@ -2348,7 +2348,7 @@ static NTSTATUS dcesrv_samr_DeleteGroupMember(struct dcesrv_call_state *dce_call
 
 	/* In native mode, AD can also nest domain groups. Not sure yet
 	 * whether this is also available via RPC. */
-	ret = ldb_search_exp_fmt(d_state->sam_ctx, mem_ctx, &res,
+	ret = ldb_search(d_state->sam_ctx, mem_ctx, &res,
 				 d_state->domain_dn, LDB_SCOPE_SUBTREE, attrs,
 				 "(&(objectSid=%s)(objectclass=user))",
 				 ldap_encode_ndr_dom_sid(mem_ctx, membersid));
-- 
cgit 


From 6a689c23e83fef71a562a9009b92983d750f63cc Mon Sep 17 00:00:00 2001
From: Jelmer Vernooij <jelmer@samba.org>
Date: Wed, 24 Sep 2008 03:16:15 +0200
Subject: Rename smbd -> samba.

This reverts commit 05ea5e23cf4e70de0bd658b1c5c0ead133967091.

Conflicts:

	source4/smbd/server.c
---
 source4/rpc_server/config.mk | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'source4/rpc_server')

diff --git a/source4/rpc_server/config.mk b/source4/rpc_server/config.mk
index 6b1813544e..fb697d0c0f 100644
--- a/source4/rpc_server/config.mk
+++ b/source4/rpc_server/config.mk
@@ -206,7 +206,7 @@ PUBLIC_HEADERS += $(rpc_serversrcdir)/dcerpc_server.h
 
 [MODULE::DCESRV]
 INIT_FUNCTION = server_service_rpc_init
-SUBSYSTEM = smbd
+SUBSYSTEM = samba
 PRIVATE_DEPENDENCIES = dcerpc_server
 
 DCESRV_OBJ_FILES = $(rpc_serversrcdir)/service_rpc.o
-- 
cgit 


From 6925202bdee75d191bb5743659c53155ba1605ea Mon Sep 17 00:00:00 2001
From: Jelmer Vernooij <jelmer@samba.org>
Date: Wed, 24 Sep 2008 15:30:23 +0200
Subject: Move source4/lib/crypto to lib/crypto.

---
 source4/rpc_server/lsa/dcesrv_lsa.c     | 2 +-
 source4/rpc_server/samr/samr_password.c | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

(limited to 'source4/rpc_server')

diff --git a/source4/rpc_server/lsa/dcesrv_lsa.c b/source4/rpc_server/lsa/dcesrv_lsa.c
index a1ca3b4a46..3b70f3e934 100644
--- a/source4/rpc_server/lsa/dcesrv_lsa.c
+++ b/source4/rpc_server/lsa/dcesrv_lsa.c
@@ -27,7 +27,7 @@
 #include "auth/kerberos/kerberos.h"
 #include "librpc/gen_ndr/ndr_drsblobs.h"
 #include "librpc/gen_ndr/ndr_lsa.h"
-#include "lib/crypto/crypto.h"
+#include "../lib/crypto/crypto.h"
 
 /*
   this type allows us to distinguish handle types
diff --git a/source4/rpc_server/samr/samr_password.c b/source4/rpc_server/samr/samr_password.c
index 5b8e92583b..98d998acc3 100644
--- a/source4/rpc_server/samr/samr_password.c
+++ b/source4/rpc_server/samr/samr_password.c
@@ -25,7 +25,7 @@
 #include "rpc_server/common/common.h"
 #include "rpc_server/samr/dcesrv_samr.h"
 #include "system/time.h"
-#include "lib/crypto/crypto.h"
+#include "../lib/crypto/crypto.h"
 #include "dsdb/common/flags.h"
 #include "libcli/ldap/ldap.h"
 #include "dsdb/samdb/samdb.h"
-- 
cgit 


From 750a848d0dbae8ea66a9f265294d7f95556c0c27 Mon Sep 17 00:00:00 2001
From: Andrew Tridgell <tridge@samba.org>
Date: Mon, 29 Sep 2008 16:01:07 -0700
Subject: added some more well known SIDs - thanks to the WSPP LSAT test suite

---
 source4/rpc_server/lsa/lsa_lookup.c | 43 ++++++++++++++++++++++++++++++++++++-
 1 file changed, 42 insertions(+), 1 deletion(-)

(limited to 'source4/rpc_server')

diff --git a/source4/rpc_server/lsa/lsa_lookup.c b/source4/rpc_server/lsa/lsa_lookup.c
index 30bceb8139..acd3164b69 100644
--- a/source4/rpc_server/lsa/lsa_lookup.c
+++ b/source4/rpc_server/lsa/lsa_lookup.c
@@ -43,6 +43,11 @@ static const struct {
 		.sid = SID_CREATOR_GROUP,
 		.rtype = SID_NAME_WKN_GRP,
 	},
+	{
+		.name = "Owner Rights",
+		.sid = SID_OWNER_RIGHTS,
+		.rtype = SID_NAME_WKN_GRP,
+	},
 	{
 		.domain = "NT AUTHORITY",
 		.name = "Dialup",
@@ -111,7 +116,7 @@ static const struct {
 	},
 	{
 		.domain = "NT AUTHORITY",
-		.name = "Termainal Server User",
+		.name = "Terminal Server User",
 		.sid = SID_NT_TERMINAL_SERVER_USERS,
 		.rtype = SID_NAME_WKN_GRP,
 	},
@@ -145,6 +150,42 @@ static const struct {
 		.sid = SID_NT_NETWORK_SERVICE,
 		.rtype = SID_NAME_WKN_GRP,
 	},
+	{
+		.domain = "NT AUTHORITY",
+		.name = "Digest Authentication",
+		.sid = SID_NT_DIGEST_AUTHENTICATION,
+		.rtype = SID_NAME_WKN_GRP,
+	},
+	{
+		.domain = "NT AUTHORITY",
+		.name = "Enterprise Domain Controllers",
+		.sid = SID_NT_ENTERPRISE_DCS,
+		.rtype = SID_NAME_WKN_GRP,
+	},
+	{
+		.domain = "NT AUTHORITY",
+		.name = "NTLM Authentication",
+		.sid = SID_NT_NTLM_AUTHENTICATION,
+		.rtype = SID_NAME_WKN_GRP,
+	},
+	{
+		.domain = "NT AUTHORITY",
+		.name = "Other Organization",
+		.sid = SID_NT_OTHER_ORGANISATION,
+		.rtype = SID_NAME_WKN_GRP,
+	},
+	{
+		.domain = "NT AUTHORITY",
+		.name = "SChannel Authentication",
+		.sid = SID_NT_SCHANNEL_AUTHENTICATION,
+		.rtype = SID_NAME_WKN_GRP,
+	},
+	{
+		.domain = "NT AUTHORITY",
+		.name = "IUSR",
+		.sid = SID_NT_IUSR,
+		.rtype = SID_NAME_WKN_GRP,
+	},
 	{
 		.sid = NULL,
 	}
-- 
cgit 


From 385015f8f2ea44e8f846e72c7bc74d4c489ae49e Mon Sep 17 00:00:00 2001
From: Andrew Tridgell <tridge@samba.org>
Date: Mon, 29 Sep 2008 16:10:54 -0700
Subject: unmapped SIDs should be rid 0 not rid -1

---
 source4/rpc_server/lsa/lsa_lookup.c | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

(limited to 'source4/rpc_server')

diff --git a/source4/rpc_server/lsa/lsa_lookup.c b/source4/rpc_server/lsa/lsa_lookup.c
index acd3164b69..5f080e6da2 100644
--- a/source4/rpc_server/lsa/lsa_lookup.c
+++ b/source4/rpc_server/lsa/lsa_lookup.c
@@ -892,7 +892,10 @@ NTSTATUS dcesrv_lsa_LookupNames2(struct dcesrv_call_state *dce_call,
 		r->out.sids->count++;
 
 		r->out.sids->sids[i].sid_type    = SID_NAME_UNKNOWN;
-		r->out.sids->sids[i].rid         = 0xFFFFFFFF;
+		/* MS-LSAT 3.1.4.7 - rid zero is considered equivalent
+		   to sid NULL - so we should return 0 rid for
+		   unmapped entries */
+		r->out.sids->sids[i].rid         = 0;
 		r->out.sids->sids[i].sid_index   = 0xFFFFFFFF;
 		r->out.sids->sids[i].unknown     = 0;
 
-- 
cgit 


From 40fa4c4154aa572f39fddf16b2fefbe370910360 Mon Sep 17 00:00:00 2001
From: Andrew Tridgell <tridge@samba.org>
Date: Mon, 29 Sep 2008 16:50:46 -0700
Subject: we need to return NT_STATUS_INVALID_PARAMETER for bad levels in
 lsalookupnames2

---
 source4/rpc_server/lsa/lsa_lookup.c | 5 +++++
 1 file changed, 5 insertions(+)

(limited to 'source4/rpc_server')

diff --git a/source4/rpc_server/lsa/lsa_lookup.c b/source4/rpc_server/lsa/lsa_lookup.c
index 5f080e6da2..7bf7d849b7 100644
--- a/source4/rpc_server/lsa/lsa_lookup.c
+++ b/source4/rpc_server/lsa/lsa_lookup.c
@@ -862,6 +862,11 @@ NTSTATUS dcesrv_lsa_LookupNames2(struct dcesrv_call_state *dce_call,
 
 	DCESRV_PULL_HANDLE(h, r->in.handle, LSA_HANDLE_POLICY);
 
+	if (r->in.level < LSA_LOOKUP_NAMES_ALL ||
+	    r->in.level > LSA_LOOKUP_NAMES_RODC_REFERRAL_TO_FULL_DC) {
+		return NT_STATUS_INVALID_PARAMETER;
+	}
+
 	state = h->data;
 
 	r->out.domains = talloc_zero(mem_ctx,  struct lsa_RefDomainList);
-- 
cgit 


From 28482efa5ceebdea821b9368a2761e93ee2fff59 Mon Sep 17 00:00:00 2001
From: Andrew Tridgell <tridge@samba.org>
Date: Mon, 29 Sep 2008 16:51:05 -0700
Subject: WSPP docs say we need to check that root_dir is NULL

---
 source4/rpc_server/lsa/lsa_init.c | 6 ++++++
 1 file changed, 6 insertions(+)

(limited to 'source4/rpc_server')

diff --git a/source4/rpc_server/lsa/lsa_init.c b/source4/rpc_server/lsa/lsa_init.c
index e5e31c74f8..a95cb10f9f 100644
--- a/source4/rpc_server/lsa/lsa_init.c
+++ b/source4/rpc_server/lsa/lsa_init.c
@@ -199,6 +199,12 @@ NTSTATUS dcesrv_lsa_OpenPolicy2(struct dcesrv_call_state *dce_call, TALLOC_CTX *
 
 	ZERO_STRUCTP(r->out.handle);
 
+	if (r->in.attr == NULL ||
+	    r->in.attr->root_dir != NULL) {
+		/* MS-LSAD 3.1.4.4.1 */
+		return NT_STATUS_INVALID_PARAMETER;
+	}
+
 	status = dcesrv_lsa_get_policy_state(dce_call, mem_ctx, &state);
 	if (!NT_STATUS_IS_OK(status)) {
 		return status;
-- 
cgit 


From ac5e69a999c4dcd337c5b8467aba3018df50126b Mon Sep 17 00:00:00 2001
From: Jelmer Vernooij <jelmer@samba.org>
Date: Tue, 30 Sep 2008 06:10:32 +0200
Subject: dcesrv: Remove use of global_loadparm.

---
 source4/rpc_server/service_rpc.c | 38 +++++++++++++++++++-------------------
 1 file changed, 19 insertions(+), 19 deletions(-)

(limited to 'source4/rpc_server')

diff --git a/source4/rpc_server/service_rpc.c b/source4/rpc_server/service_rpc.c
index b68cec4c7d..2ef8591c32 100644
--- a/source4/rpc_server/service_rpc.c
+++ b/source4/rpc_server/service_rpc.c
@@ -436,6 +436,25 @@ static void dcesrv_task_init(struct task_server *task)
 	NTSTATUS status;
 	struct dcesrv_context *dce_ctx;
 	struct dcesrv_endpoint *e;
+	extern NTSTATUS dcerpc_server_wkssvc_init(void);
+	extern NTSTATUS dcerpc_server_drsuapi_init(void);
+	extern NTSTATUS dcerpc_server_winreg_init(void);
+	extern NTSTATUS dcerpc_server_spoolss_init(void);
+	extern NTSTATUS dcerpc_server_epmapper_init(void);
+	extern NTSTATUS dcerpc_server_srvsvc_init(void);
+	extern NTSTATUS dcerpc_server_netlogon_init(void);
+	extern NTSTATUS dcerpc_server_rpcecho_init(void);
+	extern NTSTATUS dcerpc_server_unixinfo_init(void);
+	extern NTSTATUS dcerpc_server_samr_init(void);
+	extern NTSTATUS dcerpc_server_remote_init(void);
+	extern NTSTATUS dcerpc_server_lsa_init(void);
+	init_module_fn static_init[] = { STATIC_DCESRV_MODULES };
+	init_module_fn *shared_init = load_samba_modules(NULL, task->lp_ctx, "dcerpc_server");
+
+	run_init_functions(static_init);
+	run_init_functions(shared_init);
+
+	talloc_free(shared_init);
 
 	task_server_set_title(task, "task[dcesrv]");
 
@@ -462,25 +481,6 @@ failed:
 
 NTSTATUS server_service_rpc_init(void)
 {
-	extern NTSTATUS dcerpc_server_wkssvc_init(void);
-	extern NTSTATUS dcerpc_server_drsuapi_init(void);
-	extern NTSTATUS dcerpc_server_winreg_init(void);
-	extern NTSTATUS dcerpc_server_spoolss_init(void);
-	extern NTSTATUS dcerpc_server_epmapper_init(void);
-	extern NTSTATUS dcerpc_server_srvsvc_init(void);
-	extern NTSTATUS dcerpc_server_netlogon_init(void);
-	extern NTSTATUS dcerpc_server_rpcecho_init(void);
-	extern NTSTATUS dcerpc_server_unixinfo_init(void);
-	extern NTSTATUS dcerpc_server_samr_init(void);
-	extern NTSTATUS dcerpc_server_remote_init(void);
-	extern NTSTATUS dcerpc_server_lsa_init(void);
-	init_module_fn static_init[] = { STATIC_DCESRV_MODULES };
-	init_module_fn *shared_init = load_samba_modules(NULL, global_loadparm, "dcerpc_server");
 
-	run_init_functions(static_init);
-	run_init_functions(shared_init);
-
-	talloc_free(shared_init);
-	
 	return register_server_service("rpc", dcesrv_task_init);
 }
-- 
cgit 


From 844b331d257b02c073cc0dc4a6e229e6b9645949 Mon Sep 17 00:00:00 2001
From: Stefan Metzmacher <metze@samba.org>
Date: Tue, 30 Sep 2008 05:01:19 +0200
Subject: s4:rpc_server: correctly handle dcerpc requests with object uuids

metze
---
 source4/rpc_server/dcerpc_server.c |  8 ++++----
 source4/rpc_server/dcesrv_auth.c   | 10 ++++++++--
 2 files changed, 12 insertions(+), 6 deletions(-)

(limited to 'source4/rpc_server')

diff --git a/source4/rpc_server/dcerpc_server.c b/source4/rpc_server/dcerpc_server.c
index e5f59d0cf9..893055d3b1 100644
--- a/source4/rpc_server/dcerpc_server.c
+++ b/source4/rpc_server/dcerpc_server.c
@@ -870,10 +870,6 @@ static NTSTATUS dcesrv_request(struct dcesrv_call_state *call)
 	call->context	= context;
 	call->ndr_pull	= pull;
 
-	if (call->pkt.pfc_flags & DCERPC_PFC_FLAG_OBJECT_UUID) {
-		pull->flags |= LIBNDR_FLAG_OBJECT_PRESENT;
-	}
-
 	if (!(call->pkt.drep[0] & DCERPC_DREP_LE)) {
 		pull->flags |= LIBNDR_FLAG_BIGENDIAN;
 	}
@@ -1112,6 +1108,10 @@ NTSTATUS dcesrv_input_process(struct dcesrv_connection *dce_conn)
 		ndr->flags |= LIBNDR_FLAG_BIGENDIAN;
 	}
 
+	if (CVAL(blob.data, DCERPC_PFC_OFFSET) & DCERPC_PFC_FLAG_OBJECT_UUID) {
+		ndr->flags |= LIBNDR_FLAG_OBJECT_PRESENT;
+	}
+
 	ndr_err = ndr_pull_ncacn_packet(ndr, NDR_SCALARS|NDR_BUFFERS, &call->pkt);
 	if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
 		talloc_free(dce_conn->partial_input.data);
diff --git a/source4/rpc_server/dcesrv_auth.c b/source4/rpc_server/dcesrv_auth.c
index 16bf4eb7ed..52d5631cfd 100644
--- a/source4/rpc_server/dcesrv_auth.c
+++ b/source4/rpc_server/dcesrv_auth.c
@@ -287,6 +287,7 @@ bool dcesrv_auth_request(struct dcesrv_call_state *call, DATA_BLOB *full_packet)
 	struct ndr_pull *ndr;
 	NTSTATUS status;
 	enum ndr_err_code ndr_err;
+	size_t hdr_size = DCERPC_REQUEST_LENGTH;
 
 	if (!dce_conn->auth_state.auth_info ||
 	    !dce_conn->auth_state.gensec_security) {
@@ -335,6 +336,11 @@ bool dcesrv_auth_request(struct dcesrv_call_state *call, DATA_BLOB *full_packet)
 		ndr->flags |= LIBNDR_FLAG_BIGENDIAN;
 	}
 
+	if (pkt->pfc_flags & DCERPC_PFC_FLAG_OBJECT_UUID) {
+		ndr->flags |= LIBNDR_FLAG_OBJECT_PRESENT;
+		hdr_size += 16;
+	}
+
 	ndr_err = ndr_pull_dcerpc_auth(ndr, NDR_SCALARS|NDR_BUFFERS, &auth);
 	if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
 		talloc_free(ndr);
@@ -346,13 +352,13 @@ bool dcesrv_auth_request(struct dcesrv_call_state *call, DATA_BLOB *full_packet)
 	case DCERPC_AUTH_LEVEL_PRIVACY:
 		status = gensec_unseal_packet(dce_conn->auth_state.gensec_security,
 					      call,
-					      full_packet->data + DCERPC_REQUEST_LENGTH,
+					      full_packet->data + hdr_size,
 					      pkt->u.request.stub_and_verifier.length, 
 					      full_packet->data,
 					      full_packet->length-auth.credentials.length,
 					      &auth.credentials);
 		memcpy(pkt->u.request.stub_and_verifier.data, 
-		       full_packet->data + DCERPC_REQUEST_LENGTH,
+		       full_packet->data + hdr_size,
 		       pkt->u.request.stub_and_verifier.length);
 		break;
 
-- 
cgit 


From 64195b72be6c251412500984c2a5c103e376d3c6 Mon Sep 17 00:00:00 2001
From: Andrew Bartlett <abartlet@samba.org>
Date: Mon, 29 Sep 2008 21:36:21 -0700
Subject: Fix parsing of the trust passwords in LSA CreateTrustedDomainEx*

---
 source4/rpc_server/lsa/dcesrv_lsa.c | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

(limited to 'source4/rpc_server')

diff --git a/source4/rpc_server/lsa/dcesrv_lsa.c b/source4/rpc_server/lsa/dcesrv_lsa.c
index 3b70f3e934..4c3c708d4a 100644
--- a/source4/rpc_server/lsa/dcesrv_lsa.c
+++ b/source4/rpc_server/lsa/dcesrv_lsa.c
@@ -626,7 +626,7 @@ static NTSTATUS dcesrv_lsa_CreateTrustedDomain_base(struct dcesrv_call_state *dc
 	const char *name;
 	DATA_BLOB session_key = data_blob(NULL, 0);
 	DATA_BLOB trustAuthIncoming, trustAuthOutgoing, auth_blob;
-	struct trustAuthInAndOutBlob auth_struct;
+	struct trustDomainPasswords auth_struct;
 	int ret;
 	NTSTATUS nt_status;
 	enum ndr_err_code ndr_err;
@@ -679,7 +679,7 @@ static NTSTATUS dcesrv_lsa_CreateTrustedDomain_base(struct dcesrv_call_state *dc
 		ndr_err = ndr_pull_struct_blob(&auth_blob, mem_ctx, 
 					       lp_iconv_convenience(dce_call->conn->dce_ctx->lp_ctx),
 					       &auth_struct,
-					       (ndr_pull_flags_fn_t)ndr_pull_trustAuthInAndOutBlob);
+					       (ndr_pull_flags_fn_t)ndr_pull_trustDomainPasswords);
 		if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
 			return NT_STATUS_INVALID_PARAMETER;
 		}				
@@ -689,7 +689,7 @@ static NTSTATUS dcesrv_lsa_CreateTrustedDomain_base(struct dcesrv_call_state *dc
 		ndr_err = ndr_push_struct_blob(&trustAuthIncoming, mem_ctx, 
 					       lp_iconv_convenience(dce_call->conn->dce_ctx->lp_ctx),
 					       &auth_struct.incoming,
-					       (ndr_push_flags_fn_t)ndr_push_trustAuthInOutBlob);
+					       (ndr_push_flags_fn_t)ndr_push_trustDomainPasswords);
 		if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
 			return NT_STATUS_INVALID_PARAMETER;
 		}
@@ -701,7 +701,7 @@ static NTSTATUS dcesrv_lsa_CreateTrustedDomain_base(struct dcesrv_call_state *dc
 		ndr_err = ndr_push_struct_blob(&trustAuthOutgoing, mem_ctx, 
 					       lp_iconv_convenience(dce_call->conn->dce_ctx->lp_ctx),
 					       &auth_struct.outgoing,
-					       (ndr_push_flags_fn_t)ndr_push_trustAuthInOutBlob);
+					       (ndr_push_flags_fn_t)ndr_push_trustDomainPasswords);
 		if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
 			return NT_STATUS_INVALID_PARAMETER;
 		}
-- 
cgit 


From 04edf11bee9f248241c46ce809870163a16d3ba0 Mon Sep 17 00:00:00 2001
From: Andrew Bartlett <abartlet@samba.org>
Date: Mon, 29 Sep 2008 22:34:30 -0700
Subject: Rework to match new trustDomainPasswords IDL

---
 source4/rpc_server/lsa/dcesrv_lsa.c | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

(limited to 'source4/rpc_server')

diff --git a/source4/rpc_server/lsa/dcesrv_lsa.c b/source4/rpc_server/lsa/dcesrv_lsa.c
index 4c3c708d4a..7b15241b96 100644
--- a/source4/rpc_server/lsa/dcesrv_lsa.c
+++ b/source4/rpc_server/lsa/dcesrv_lsa.c
@@ -859,11 +859,11 @@ static NTSTATUS dcesrv_lsa_CreateTrustedDomain_base(struct dcesrv_call_state *dc
 		if (auth_struct.incoming.count) {
 			int i;
 			for (i=0; i < auth_struct.incoming.count; i++ ) {
-				if (auth_struct.incoming.current->array[i].AuthType == TRUST_AUTH_TYPE_NT4OWF) {
+				if (auth_struct.incoming.current[i]->AuthType == TRUST_AUTH_TYPE_NT4OWF) {
 					samdb_msg_add_hash(trusted_domain_state->policy->sam_ldb, 
 							   mem_ctx, msg_user, "unicodePwd", 
-							   &auth_struct.incoming.current->array[i].AuthInfo.nt4owf.password);
-				} else if (auth_struct.incoming.current->array[i].AuthType == TRUST_AUTH_TYPE_CLEAR) {
+							   &auth_struct.incoming.current[i]->AuthInfo.nt4owf.password);
+				} else if (auth_struct.incoming.current[i]->AuthType == TRUST_AUTH_TYPE_CLEAR) {
 					struct samr_Password hash;
 /*
                                       . We cannot do this, as windows chooses to send in random passwords here, that won't convert to UTF8 
@@ -871,8 +871,8 @@ static NTSTATUS dcesrv_lsa_CreateTrustedDomain_base(struct dcesrv_call_state *dc
 							     mem_ctx, msg_user, "userPassword", 
 							     auth_struct.incoming.current->array[i].AuthInfo.clear.password);
 */
-					mdfour(hash.hash, auth_struct.incoming.current->array[i].AuthInfo.clear.password,
-					       auth_struct.incoming.current->array[i].AuthInfo.clear.size);
+					mdfour(hash.hash, auth_struct.incoming.current[i]->AuthInfo.clear.password,
+					       auth_struct.incoming.current[i]->AuthInfo.clear.size);
 					samdb_msg_add_hash(trusted_domain_state->policy->sam_ldb, 
 							   mem_ctx, msg_user, "unicodePwd", 
 							   &hash);
-- 
cgit 


From dab5d4abbce7fc54427e5eb130e36860ffa74685 Mon Sep 17 00:00:00 2001
From: Andrew Tridgell <tridge@samba.org>
Date: Tue, 30 Sep 2008 08:44:06 -0700
Subject: cope with NULL attr

---
 source4/rpc_server/lsa/lsa_init.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

(limited to 'source4/rpc_server')

diff --git a/source4/rpc_server/lsa/lsa_init.c b/source4/rpc_server/lsa/lsa_init.c
index a95cb10f9f..8d8417109f 100644
--- a/source4/rpc_server/lsa/lsa_init.c
+++ b/source4/rpc_server/lsa/lsa_init.c
@@ -199,7 +199,7 @@ NTSTATUS dcesrv_lsa_OpenPolicy2(struct dcesrv_call_state *dce_call, TALLOC_CTX *
 
 	ZERO_STRUCTP(r->out.handle);
 
-	if (r->in.attr == NULL ||
+	if (r->in.attr != NULL &&
 	    r->in.attr->root_dir != NULL) {
 		/* MS-LSAD 3.1.4.4.1 */
 		return NT_STATUS_INVALID_PARAMETER;
@@ -217,6 +217,8 @@ NTSTATUS dcesrv_lsa_OpenPolicy2(struct dcesrv_call_state *dce_call, TALLOC_CTX *
 
 	handle->data = talloc_steal(handle, state);
 
+	/* need to check the access mask against - need ACLs - fails
+	   WSPP test */
 	state->access_mask = r->in.access_mask;
 	state->handle = handle;
 	*r->out.handle = handle->wire_handle;
-- 
cgit 


From ef6fc37add1fd9164eb143c953fde0d5a9fc584a Mon Sep 17 00:00:00 2001
From: Andrew Tridgell <tridge@samba.org>
Date: Tue, 30 Sep 2008 08:44:31 -0700
Subject: check call status not rpc fault code when calling to different levels
 of calls

---
 source4/rpc_server/lsa/lsa_lookup.c | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

(limited to 'source4/rpc_server')

diff --git a/source4/rpc_server/lsa/lsa_lookup.c b/source4/rpc_server/lsa/lsa_lookup.c
index 7bf7d849b7..a71bd57516 100644
--- a/source4/rpc_server/lsa/lsa_lookup.c
+++ b/source4/rpc_server/lsa/lsa_lookup.c
@@ -649,7 +649,7 @@ NTSTATUS dcesrv_lsa_LookupSids3(struct dcesrv_call_state *dce_call,
 	r2.out.names   = r->out.names;
 
 	status = dcesrv_lsa_LookupSids2(dce_call, mem_ctx, &r2);
-	if (dce_call->fault_code != 0) {
+	if (NT_STATUS_IS_ERR(status)) {
 		return status;
 	}
 
@@ -682,7 +682,7 @@ NTSTATUS dcesrv_lsa_LookupSids(struct dcesrv_call_state *dce_call, TALLOC_CTX *m
 	r2.out.names   = NULL;
 
 	status = dcesrv_lsa_LookupSids2(dce_call, mem_ctx, &r2);
-	if (dce_call->fault_code != 0) {
+	if (NT_STATUS_IS_ERR(status)) {
 		return status;
 	}
 
@@ -836,7 +836,7 @@ NTSTATUS dcesrv_lsa_LookupNames4(struct dcesrv_call_state *dce_call, TALLOC_CTX
 	r2.out.count = r->out.count;
 	
 	status = dcesrv_lsa_LookupNames3(dce_call, mem_ctx, &r2);
-	if (dce_call->fault_code != 0) {
+	if (NT_STATUS_IS_ERR(status)) {
 		return status;
 	}
 	
@@ -955,7 +955,7 @@ NTSTATUS dcesrv_lsa_LookupNames(struct dcesrv_call_state *dce_call, TALLOC_CTX *
 	r2.out.count    = r->out.count;
 
 	status = dcesrv_lsa_LookupNames2(dce_call, mem_ctx, &r2);
-	if (dce_call->fault_code != 0) {
+	if (NT_STATUS_IS_ERR(status)) {
 		return status;
 	}
 
-- 
cgit 


From 69fe3a5ddd6af872bc686ff2161b9b6a5e5c62a2 Mon Sep 17 00:00:00 2001
From: Andrew Tridgell <tridge@samba.org>
Date: Tue, 30 Sep 2008 13:42:30 -0700
Subject: fixed a number of places in our LSA server where we should return the
 sid/name array even when all are unmapped. If we don't fill in the array then
 the windows client runtime crashes

---
 source4/rpc_server/lsa/lsa_lookup.c | 24 +++++++++++++-----------
 1 file changed, 13 insertions(+), 11 deletions(-)

(limited to 'source4/rpc_server')

diff --git a/source4/rpc_server/lsa/lsa_lookup.c b/source4/rpc_server/lsa/lsa_lookup.c
index a71bd57516..0ffb0572ee 100644
--- a/source4/rpc_server/lsa/lsa_lookup.c
+++ b/source4/rpc_server/lsa/lsa_lookup.c
@@ -620,6 +620,8 @@ NTSTATUS dcesrv_lsa_LookupSids3(struct dcesrv_call_state *dce_call,
 	NTSTATUS status;
 	struct dcesrv_handle *h;
 
+	ZERO_STRUCT(r2);
+	
 	/* No policy handle on the wire, so make one up here */
 	r2.in.handle = talloc(mem_ctx, struct policy_handle);
 	if (!r2.in.handle) {
@@ -649,9 +651,6 @@ NTSTATUS dcesrv_lsa_LookupSids3(struct dcesrv_call_state *dce_call,
 	r2.out.names   = r->out.names;
 
 	status = dcesrv_lsa_LookupSids2(dce_call, mem_ctx, &r2);
-	if (NT_STATUS_IS_ERR(status)) {
-		return status;
-	}
 
 	r->out.domains = r2.out.domains;
 	r->out.names   = r2.out.names;
@@ -671,6 +670,8 @@ NTSTATUS dcesrv_lsa_LookupSids(struct dcesrv_call_state *dce_call, TALLOC_CTX *m
 	NTSTATUS status;
 	int i;
 
+	ZERO_STRUCT(r2);
+
 	r2.in.handle   = r->in.handle;
 	r2.in.sids     = r->in.sids;
 	r2.in.names    = NULL;
@@ -761,7 +762,7 @@ NTSTATUS dcesrv_lsa_LookupNames3(struct dcesrv_call_state *dce_call,
 		r->out.sids->sids[i].sid_type    = SID_NAME_UNKNOWN;
 		r->out.sids->sids[i].sid         = NULL;
 		r->out.sids->sids[i].sid_index   = 0xFFFFFFFF;
-		r->out.sids->sids[i].unknown     = 0;
+		r->out.sids->sids[i].flags       = 0;
 
 		status2 = dcesrv_lsa_lookup_name(dce_call->event_ctx, lp_ctx, policy_state, mem_ctx, name, &authority_name, &sid, &rtype);
 		if (!NT_STATUS_IS_OK(status2) || sid->num_auths == 0) {
@@ -771,13 +772,13 @@ NTSTATUS dcesrv_lsa_LookupNames3(struct dcesrv_call_state *dce_call,
 		status2 = dcesrv_lsa_authority_list(policy_state, mem_ctx, rtype, authority_name, 
 						    sid, r->out.domains, &sid_index);
 		if (!NT_STATUS_IS_OK(status2)) {
-			return status2;
+			continue;
 		}
 
 		r->out.sids->sids[i].sid_type    = rtype;
 		r->out.sids->sids[i].sid         = sid;
 		r->out.sids->sids[i].sid_index   = sid_index;
-		r->out.sids->sids[i].unknown     = 0;
+		r->out.sids->sids[i].flags       = 0;
 
 		(*r->out.count)++;
 	}
@@ -806,6 +807,8 @@ NTSTATUS dcesrv_lsa_LookupNames4(struct dcesrv_call_state *dce_call, TALLOC_CTX
 	NTSTATUS status;
 	struct dcesrv_handle *h;
 
+	ZERO_STRUCT(r2);
+
 	/* No policy handle on the wire, so make one up here */
 	r2.in.handle = talloc(mem_ctx, struct policy_handle);
 	if (!r2.in.handle) {
@@ -836,9 +839,6 @@ NTSTATUS dcesrv_lsa_LookupNames4(struct dcesrv_call_state *dce_call, TALLOC_CTX
 	r2.out.count = r->out.count;
 	
 	status = dcesrv_lsa_LookupNames3(dce_call, mem_ctx, &r2);
-	if (NT_STATUS_IS_ERR(status)) {
-		return status;
-	}
 	
 	r->out.domains = r2.out.domains;
 	r->out.sids = r2.out.sids;
@@ -913,7 +913,7 @@ NTSTATUS dcesrv_lsa_LookupNames2(struct dcesrv_call_state *dce_call,
 		status2 = dcesrv_lsa_authority_list(state, mem_ctx, rtype, authority_name, 
 						    sid, r->out.domains, &sid_index);
 		if (!NT_STATUS_IS_OK(status2)) {
-			return status2;
+			continue;
 		}
 
 		r->out.sids->sids[i].sid_type    = rtype;
@@ -944,6 +944,8 @@ NTSTATUS dcesrv_lsa_LookupNames(struct dcesrv_call_state *dce_call, TALLOC_CTX *
 	NTSTATUS status;
 	int i;
 
+	ZERO_STRUCT(r2);
+
 	r2.in.handle    = r->in.handle;
 	r2.in.num_names = r->in.num_names;
 	r2.in.names     = r->in.names;
@@ -955,7 +957,7 @@ NTSTATUS dcesrv_lsa_LookupNames(struct dcesrv_call_state *dce_call, TALLOC_CTX *
 	r2.out.count    = r->out.count;
 
 	status = dcesrv_lsa_LookupNames2(dce_call, mem_ctx, &r2);
-	if (NT_STATUS_IS_ERR(status)) {
+	if (r2.out.sids == NULL) {
 		return status;
 	}
 
-- 
cgit 


From bfb3bf6eb0ac1790c79e5b57cda099503f6084d5 Mon Sep 17 00:00:00 2001
From: Andrew Tridgell <tridge@samba.org>
Date: Thu, 2 Oct 2008 21:57:27 -0700
Subject: fixed a talloc error in the rpc handle desctructor - destructors
 should not try to free the ptr they are given

---
 source4/rpc_server/handles.c | 1 -
 1 file changed, 1 deletion(-)

(limited to 'source4/rpc_server')

diff --git a/source4/rpc_server/handles.c b/source4/rpc_server/handles.c
index 47174b6eeb..4831fb063d 100644
--- a/source4/rpc_server/handles.c
+++ b/source4/rpc_server/handles.c
@@ -29,7 +29,6 @@
 static int dcesrv_handle_destructor(struct dcesrv_handle *h)
 {
 	DLIST_REMOVE(h->context->handles, h);
-	talloc_free(h);
 	return 0;
 }
 
-- 
cgit 


From ba5ef49f831dbbfec1a360cd4644999de822e2bc Mon Sep 17 00:00:00 2001
From: Andrew Tridgell <tridge@samba.org>
Date: Fri, 3 Oct 2008 17:52:59 -0700
Subject: updated the LSA and NETLOGON servers with fixes resulting from the AD
 plugfest in Redmond

---
 source4/rpc_server/lsa/dcesrv_lsa.c           | 57 ++++++++++++++++++++++++---
 source4/rpc_server/lsa/lsa_lookup.c           | 32 +++++++++++----
 source4/rpc_server/netlogon/dcerpc_netlogon.c | 44 ++++++++++++++++++---
 3 files changed, 113 insertions(+), 20 deletions(-)

(limited to 'source4/rpc_server')

diff --git a/source4/rpc_server/lsa/dcesrv_lsa.c b/source4/rpc_server/lsa/dcesrv_lsa.c
index 7b15241b96..5e3be84cc5 100644
--- a/source4/rpc_server/lsa/dcesrv_lsa.c
+++ b/source4/rpc_server/lsa/dcesrv_lsa.c
@@ -1,3 +1,5 @@
+/* need access mask/acl implementation */
+
 /* 
    Unix SMB/CIFS implementation.
 
@@ -141,7 +143,8 @@ static NTSTATUS dcesrv_lsa_DeleteObject(struct dcesrv_call_state *dce_call, TALL
 
 		return NT_STATUS_OK;
 	} else if (h->wire_handle.handle_type == LSA_HANDLE_TRUSTED_DOMAIN) {
-		struct lsa_trusted_domain_state *trusted_domain_state = h->data;
+		struct lsa_trusted_domain_state *trusted_domain_state = 
+			talloc_get_type(h->data, struct lsa_trusted_domain_state);
 		ret = ldb_transaction_start(trusted_domain_state->policy->sam_ldb);
 		if (ret != 0) {
 			return NT_STATUS_INTERNAL_DB_CORRUPTION;
@@ -187,6 +190,9 @@ static NTSTATUS dcesrv_lsa_DeleteObject(struct dcesrv_call_state *dce_call, TALL
 		r2.in.sid = astate->account_sid;
 		r2.out.rights = rights;
 
+		/* dcesrv_lsa_EnumAccountRights takes a LSA_HANDLE_POLICY,
+		   but we have a LSA_HANDLE_ACCOUNT here, so this call
+		   will always fail */
 		status = dcesrv_lsa_EnumAccountRights(dce_call, mem_ctx, &r2);
 		if (NT_STATUS_EQUAL(status, NT_STATUS_OBJECT_NAME_NOT_FOUND)) {
 			return NT_STATUS_OK;
@@ -444,18 +450,46 @@ static NTSTATUS dcesrv_lsa_QueryInfoPolicy2(struct dcesrv_call_state *dce_call,
 	ZERO_STRUCTP(r->out.info);
 
 	switch (r->in.level) {
+	case LSA_POLICY_INFO_AUDIT_LOG:
+		/* we don't need to fill in any of this */
+		ZERO_STRUCT(r->out.info->audit_log);
+		return NT_STATUS_OK;
+	case LSA_POLICY_INFO_AUDIT_EVENTS:
+		/* we don't need to fill in any of this */
+		ZERO_STRUCT(r->out.info->audit_events);
+		return NT_STATUS_OK;
+	case LSA_POLICY_INFO_PD:
+		/* we don't need to fill in any of this */
+		ZERO_STRUCT(r->out.info->pd);
+		return NT_STATUS_OK;
 	case LSA_POLICY_INFO_DOMAIN:
 	case LSA_POLICY_INFO_ACCOUNT_DOMAIN:
 		return dcesrv_lsa_info_AccountDomain(state, mem_ctx, &r->out.info->account_domain);
+	case LSA_POLICY_INFO_ROLE:
+		r->out.info->role.role = LSA_ROLE_PRIMARY;
+		return NT_STATUS_OK;
 
 	case LSA_POLICY_INFO_DNS:
+	case LSA_POLICY_INFO_DNS_INT:
 		return dcesrv_lsa_info_DNS(state, mem_ctx, &r->out.info->dns);
-	case LSA_POLICY_INFO_DB:
+
+	case LSA_POLICY_INFO_REPLICA:
+		ZERO_STRUCT(r->out.info->replica);
+		return NT_STATUS_OK;
+
+	case LSA_POLICY_INFO_QUOTA:
+		ZERO_STRUCT(r->out.info->quota);
+		return NT_STATUS_OK;
+
 	case LSA_POLICY_INFO_AUDIT_FULL_SET:
+	case LSA_POLICY_INFO_DB:
 	case LSA_POLICY_INFO_AUDIT_FULL_QUERY:
+		/* windows gives INVALID_PARAMETER */
+		r->out.info = NULL;
 		return NT_STATUS_INVALID_PARAMETER;
 	}
 
+	r->out.info = NULL;
 	return NT_STATUS_INVALID_INFO_CLASS;
 }
 
@@ -468,6 +502,8 @@ static NTSTATUS dcesrv_lsa_QueryInfoPolicy(struct dcesrv_call_state *dce_call, T
 	struct lsa_QueryInfoPolicy2 r2;
 	NTSTATUS status;
 
+	ZERO_STRUCT(r2);
+
 	r2.in.handle = r->in.handle;
 	r2.in.level = r->in.level;
 	
@@ -484,6 +520,7 @@ static NTSTATUS dcesrv_lsa_QueryInfoPolicy(struct dcesrv_call_state *dce_call, T
 static NTSTATUS dcesrv_lsa_SetInfoPolicy(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
 				  struct lsa_SetInfoPolicy *r)
 {
+	/* need to support this */
 	DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
 }
 
@@ -502,6 +539,13 @@ static NTSTATUS dcesrv_lsa_ClearAuditLog(struct dcesrv_call_state *dce_call, TAL
   lsa_CreateAccount 
 
   This call does not seem to have any long-term effects, hence no database operations
+
+  we need to talk to the MS product group to find out what this account database means!
+
+  answer is that the lsa database is totally separate from the SAM and
+  ldap databases. We are going to need a separate ldb to store these
+  accounts. The SIDs on this account bear no relation to the SIDs in
+  AD
 */
 static NTSTATUS dcesrv_lsa_CreateAccount(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
 				  struct lsa_CreateAccount *r)
@@ -648,7 +692,7 @@ static NTSTATUS dcesrv_lsa_CreateTrustedDomain_base(struct dcesrv_call_state *dc
 	
 	dns_name = r->in.info->domain_name.string;
 	
-	trusted_domain_state = talloc(mem_ctx, struct lsa_trusted_domain_state);
+	trusted_domain_state = talloc_zero(mem_ctx, struct lsa_trusted_domain_state);
 	if (!trusted_domain_state) {
 		return NT_STATUS_NO_MEMORY;
 	}
@@ -1004,7 +1048,7 @@ static NTSTATUS dcesrv_lsa_OpenTrustedDomain(struct dcesrv_call_state *dce_call,
 	ZERO_STRUCTP(r->out.trustdom_handle);
 	policy_state = policy_handle->data;
 
-	trusted_domain_state = talloc(mem_ctx, struct lsa_trusted_domain_state);
+	trusted_domain_state = talloc_zero(mem_ctx, struct lsa_trusted_domain_state);
 	if (!trusted_domain_state) {
 		return NT_STATUS_NO_MEMORY;
 	}
@@ -1088,7 +1132,7 @@ static NTSTATUS dcesrv_lsa_OpenTrustedDomainByName(struct dcesrv_call_state *dce
 		return NT_STATUS_INVALID_PARAMETER;
 	}
 	
-	trusted_domain_state = talloc(mem_ctx, struct lsa_trusted_domain_state);
+	trusted_domain_state = talloc_zero(mem_ctx, struct lsa_trusted_domain_state);
 	if (!trusted_domain_state) {
 		return NT_STATUS_NO_MEMORY;
 	}
@@ -1228,7 +1272,7 @@ static NTSTATUS dcesrv_lsa_QueryTrustedDomainInfo(struct dcesrv_call_state *dce_
 
 	DCESRV_PULL_HANDLE(h, r->in.trustdom_handle, LSA_HANDLE_TRUSTED_DOMAIN);
 
-	trusted_domain_state = h->data;
+	trusted_domain_state = talloc_get_type(h->data, struct lsa_trusted_domain_state);
 
 	/* pull all the user attributes */
 	ret = gendb_search_dn(trusted_domain_state->policy->sam_ldb, mem_ctx,
@@ -2786,6 +2830,7 @@ static NTSTATUS dcesrv_lsa_SetInfoPolicy2(struct dcesrv_call_state *dce_call,
 				   TALLOC_CTX *mem_ctx,
 				   struct lsa_SetInfoPolicy2 *r)
 {
+	/* need to support these */
 	DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
 }
 
diff --git a/source4/rpc_server/lsa/lsa_lookup.c b/source4/rpc_server/lsa/lsa_lookup.c
index 0ffb0572ee..2375a6d27a 100644
--- a/source4/rpc_server/lsa/lsa_lookup.c
+++ b/source4/rpc_server/lsa/lsa_lookup.c
@@ -525,8 +525,19 @@ NTSTATUS dcesrv_lsa_LookupSids2(struct dcesrv_call_state *dce_call,
 	int i;
 	NTSTATUS status = NT_STATUS_OK;
 
+	if (r->in.level < LSA_LOOKUP_NAMES_ALL ||
+	    r->in.level > LSA_LOOKUP_NAMES_RODC_REFERRAL_TO_FULL_DC) {
+		return NT_STATUS_INVALID_PARAMETER;
+	}
+
 	r->out.domains = NULL;
 
+	/* NOTE: the WSPP test suite tries SIDs with invalid revision numbers,
+	   and expects NT_STATUS_INVALID_PARAMETER back - we just treat it as 
+	   an unknown SID. We could add a SID validator here. (tridge) 
+	   MS-DTYP 2.4.2
+	*/
+
 	status = dcesrv_lsa_get_policy_state(dce_call, mem_ctx, &state);
 	if (!NT_STATUS_IS_OK(status)) {
 		return status;
@@ -583,7 +594,7 @@ NTSTATUS dcesrv_lsa_LookupSids2(struct dcesrv_call_state *dce_call,
 						    authority_name, sid, 
 						    r->out.domains, &sid_index);
 		if (!NT_STATUS_IS_OK(status2)) {
-			return status2;
+			continue;
 		}
 
 		r->out.names->names[i].sid_type    = rtype;
@@ -683,9 +694,8 @@ NTSTATUS dcesrv_lsa_LookupSids(struct dcesrv_call_state *dce_call, TALLOC_CTX *m
 	r2.out.names   = NULL;
 
 	status = dcesrv_lsa_LookupSids2(dce_call, mem_ctx, &r2);
-	if (NT_STATUS_IS_ERR(status)) {
-		return status;
-	}
+	/* we deliberately don't check for error from the above,
+	   as even on error we are supposed to return the names  */
 
 	r->out.domains = r2.out.domains;
 	if (!r2.out.names) {
@@ -727,6 +737,11 @@ NTSTATUS dcesrv_lsa_LookupNames3(struct dcesrv_call_state *dce_call,
 
 	DCESRV_PULL_HANDLE(policy_handle, r->in.handle, LSA_HANDLE_POLICY);
 
+	if (r->in.level < LSA_LOOKUP_NAMES_ALL ||
+	    r->in.level > LSA_LOOKUP_NAMES_RODC_REFERRAL_TO_FULL_DC) {
+		return NT_STATUS_INVALID_PARAMETER;
+	}
+
 	policy_state = policy_handle->data;
 
 	r->out.domains = NULL;
@@ -830,10 +845,11 @@ NTSTATUS dcesrv_lsa_LookupNames4(struct dcesrv_call_state *dce_call, TALLOC_CTX
 
 	r2.in.num_names = r->in.num_names;
 	r2.in.names = r->in.names;
+	r2.in.level = r->in.level;
 	r2.in.sids = r->in.sids;
 	r2.in.count = r->in.count;
-	r2.in.unknown1 = r->in.unknown1;
-	r2.in.unknown2 = r->in.unknown2;
+	r2.in.lookup_options = r->in.lookup_options;
+	r2.in.client_revision = r->in.client_revision;
 	r2.out.domains = r->out.domains;
 	r2.out.sids = r->out.sids;
 	r2.out.count = r->out.count;
@@ -952,8 +968,8 @@ NTSTATUS dcesrv_lsa_LookupNames(struct dcesrv_call_state *dce_call, TALLOC_CTX *
 	r2.in.sids      = NULL;
 	r2.in.level     = r->in.level;
 	r2.in.count     = r->in.count;
-	r2.in.unknown1  = 0;
-	r2.in.unknown2  = 0;
+	r2.in.lookup_options = 0;
+	r2.in.client_revision = 0;
 	r2.out.count    = r->out.count;
 
 	status = dcesrv_lsa_LookupNames2(dce_call, mem_ctx, &r2);
diff --git a/source4/rpc_server/netlogon/dcerpc_netlogon.c b/source4/rpc_server/netlogon/dcerpc_netlogon.c
index cceb2a62ac..beb1c4eb06 100644
--- a/source4/rpc_server/netlogon/dcerpc_netlogon.c
+++ b/source4/rpc_server/netlogon/dcerpc_netlogon.c
@@ -36,6 +36,7 @@
 #include "param/param.h"
 #include "lib/messaging/irpc.h"
 #include "librpc/gen_ndr/ndr_irpc.h"
+#include "librpc/gen_ndr/ndr_netlogon.h"
 
 struct server_pipe_state {
 	struct netr_Credential client_challenge;
@@ -898,20 +899,36 @@ static NTSTATUS fill_domain_trust_info(TALLOC_CTX *mem_ctx,
 				       struct ldb_message *res,
 				       struct ldb_message *ref_res,
 				       struct netr_DomainTrustInfo *info, 
-				       bool is_local)
+				       bool is_local, bool is_trust_list)
 {
 	ZERO_STRUCTP(info);
 
+	info->trust_extension.info = talloc_zero(mem_ctx, struct netr_trust_extension);
+	info->trust_extension.length = 16;
+	info->trust_extension.info->flags = 
+		NETR_TRUST_FLAG_TREEROOT | 
+		NETR_TRUST_FLAG_IN_FOREST | 
+		NETR_TRUST_FLAG_PRIMARY;
+	info->trust_extension.info->parent_index = 0; /* should be index into array
+							 of parent */
+	info->trust_extension.info->trust_type = LSA_TRUST_TYPE_UPLEVEL; /* should be based on ldb search for trusts */
+	info->trust_extension.info->trust_attributes = LSA_TRUST_ATTRIBUTE_NON_TRANSITIVE; /* needs to be based on ldb search */
+
+	if (is_trust_list) {
+		/* MS-NRPC 3.5.4.3.9 - must be set to NULL for trust list */
+		info->forest.string = NULL;
+	} else {
+		info->forest.string = "bludom.tridgell.net"; /* need ldb search */
+	}
+
 	if (is_local) {
 		info->domainname.string = samdb_result_string(ref_res, "nETBIOSName", NULL);
 		info->fulldomainname.string = samdb_result_string(ref_res, "dnsRoot", NULL);
-		info->forest.string = NULL;
 		info->guid = samdb_result_guid(res, "objectGUID");
 		info->sid = samdb_result_dom_sid(mem_ctx, res, "objectSid");
 	} else {
 		info->domainname.string = samdb_result_string(res, "flatName", NULL);
 		info->fulldomainname.string = samdb_result_string(res, "trustPartner", NULL);
-		info->forest.string = NULL;
 		info->guid = samdb_result_guid(res, "objectGUID");
 		info->sid = samdb_result_dom_sid(mem_ctx, res, "securityIdentifier");
 	}
@@ -942,11 +959,16 @@ static NTSTATUS dcesrv_netr_LogonGetDomainInfo(struct dcesrv_call_state *dce_cal
 
 	const char *local_domain;
 
+	NDR_PRINT_IN_DEBUG(netr_LogonGetDomainInfo, r);
+
 	status = dcesrv_netr_creds_server_step_check(dce_call->event_ctx, dce_call->conn->dce_ctx->lp_ctx,
 						     r->in.computer_name, mem_ctx, 
 					      r->in.credential, 
 					      r->out.return_authenticator,
 					      NULL);
+	if (!NT_STATUS_IS_OK(status)) {
+		DEBUG(0,(__location__ " Bad credentials - error\n"));
+	}
 	NT_STATUS_NOT_OK_RETURN(status);
 
 	sam_ctx = samdb_connect(mem_ctx, dce_call->event_ctx, dce_call->conn->dce_ctx->lp_ctx, dce_call->conn->auth_state.session_info);
@@ -992,19 +1014,29 @@ static NTSTATUS dcesrv_netr_LogonGetDomainInfo(struct dcesrv_call_state *dce_cal
 				       info1->num_trusts);
 	NT_STATUS_HAVE_NO_MEMORY(info1->trusts);
 
-	status = fill_domain_trust_info(mem_ctx, res1[0], ref_res[0], &info1->domaininfo, true);
+	status = fill_domain_trust_info(mem_ctx, res1[0], ref_res[0], &info1->domaininfo, 
+					true, false);
 	NT_STATUS_NOT_OK_RETURN(status);
 
 	for (i=0;i<ret2;i++) {
-		status = fill_domain_trust_info(mem_ctx, res2[i], NULL, &info1->trusts[i], false);
+		status = fill_domain_trust_info(mem_ctx, res2[i], NULL, &info1->trusts[i], 
+						false, true);
 		NT_STATUS_NOT_OK_RETURN(status);
 	}
 
-	status = fill_domain_trust_info(mem_ctx, res1[0], ref_res[0], &info1->trusts[i], true);
+	status = fill_domain_trust_info(mem_ctx, res1[0], ref_res[0], &info1->trusts[i], 
+					true, true);
 	NT_STATUS_NOT_OK_RETURN(status);
 
+	info1->dns_hostname.string = "blu.bludom.tridgell.net";
+	info1->workstation_flags = 
+		NETR_WS_FLAG_HANDLES_INBOUND_TRUSTS | NETR_WS_FLAG_HANDLES_SPN_UPDATE;
+	info1->supported_enc_types = 0; /* w2008 gives this 0 */
+
 	r->out.info.info1 = info1;
 
+	NDR_PRINT_OUT_DEBUG(netr_LogonGetDomainInfo, r);
+
 	return NT_STATUS_OK;
 }
 
-- 
cgit 


From fe67306fc626333da4f03f6f2a823de9cc2b6cc2 Mon Sep 17 00:00:00 2001
From: Andrew Tridgell <tridge@samba.org>
Date: Sun, 5 Oct 2008 08:17:16 +1100
Subject: removed some debug lines I left in the last commit

---
 source4/rpc_server/netlogon/dcerpc_netlogon.c | 4 ----
 1 file changed, 4 deletions(-)

(limited to 'source4/rpc_server')

diff --git a/source4/rpc_server/netlogon/dcerpc_netlogon.c b/source4/rpc_server/netlogon/dcerpc_netlogon.c
index beb1c4eb06..64d0f77303 100644
--- a/source4/rpc_server/netlogon/dcerpc_netlogon.c
+++ b/source4/rpc_server/netlogon/dcerpc_netlogon.c
@@ -959,8 +959,6 @@ static NTSTATUS dcesrv_netr_LogonGetDomainInfo(struct dcesrv_call_state *dce_cal
 
 	const char *local_domain;
 
-	NDR_PRINT_IN_DEBUG(netr_LogonGetDomainInfo, r);
-
 	status = dcesrv_netr_creds_server_step_check(dce_call->event_ctx, dce_call->conn->dce_ctx->lp_ctx,
 						     r->in.computer_name, mem_ctx, 
 					      r->in.credential, 
@@ -1035,8 +1033,6 @@ static NTSTATUS dcesrv_netr_LogonGetDomainInfo(struct dcesrv_call_state *dce_cal
 
 	r->out.info.info1 = info1;
 
-	NDR_PRINT_OUT_DEBUG(netr_LogonGetDomainInfo, r);
-
 	return NT_STATUS_OK;
 }
 
-- 
cgit 


From de5edb1d0c0d60b337d2cbb7151db47d31bfa8d4 Mon Sep 17 00:00:00 2001
From: Andrew Tridgell <tridge@samba.org>
Date: Sun, 5 Oct 2008 15:48:46 +1100
Subject: remove dependencies on my home domain

(in other words, don't do commits in airports)
---
 source4/rpc_server/netlogon/dcerpc_netlogon.c | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

(limited to 'source4/rpc_server')

diff --git a/source4/rpc_server/netlogon/dcerpc_netlogon.c b/source4/rpc_server/netlogon/dcerpc_netlogon.c
index 64d0f77303..d5f7d2afae 100644
--- a/source4/rpc_server/netlogon/dcerpc_netlogon.c
+++ b/source4/rpc_server/netlogon/dcerpc_netlogon.c
@@ -918,7 +918,8 @@ static NTSTATUS fill_domain_trust_info(TALLOC_CTX *mem_ctx,
 		/* MS-NRPC 3.5.4.3.9 - must be set to NULL for trust list */
 		info->forest.string = NULL;
 	} else {
-		info->forest.string = "bludom.tridgell.net"; /* need ldb search */
+		/* TODO: we need a common function for pulling the forest */
+		info->forest.string = samdb_result_string(ref_res, "dnsRoot", NULL);
 	}
 
 	if (is_local) {
@@ -1026,7 +1027,7 @@ static NTSTATUS dcesrv_netr_LogonGetDomainInfo(struct dcesrv_call_state *dce_cal
 					true, true);
 	NT_STATUS_NOT_OK_RETURN(status);
 
-	info1->dns_hostname.string = "blu.bludom.tridgell.net";
+	info1->dns_hostname.string = samdb_result_string(ref_res[0], "dnsRoot", NULL);
 	info1->workstation_flags = 
 		NETR_WS_FLAG_HANDLES_INBOUND_TRUSTS | NETR_WS_FLAG_HANDLES_SPN_UPDATE;
 	info1->supported_enc_types = 0; /* w2008 gives this 0 */
-- 
cgit 


From 9e492b1ba2ccf2d7c62ef7295b33260687e3aeae Mon Sep 17 00:00:00 2001
From: Stefan Metzmacher <metze@samba.org>
Date: Mon, 6 Oct 2008 19:39:53 +0200
Subject: s4:rpc_server: tell the gensec layer that we want to do header
 signing

Note: header signing is still off by default, as the gensec backends
      don't support it together with seal yet.

metze
---
 source4/rpc_server/dcesrv_auth.c | 4 ++++
 1 file changed, 4 insertions(+)

(limited to 'source4/rpc_server')

diff --git a/source4/rpc_server/dcesrv_auth.c b/source4/rpc_server/dcesrv_auth.c
index 52d5631cfd..bef7e4be78 100644
--- a/source4/rpc_server/dcesrv_auth.c
+++ b/source4/rpc_server/dcesrv_auth.c
@@ -95,6 +95,10 @@ bool dcesrv_auth_bind(struct dcesrv_call_state *call)
 		return false;
 	}
 
+	if (call->conn->state_flags & DCESRV_CALL_STATE_FLAG_HEADER_SIGNING) {
+		gensec_want_feature(auth->gensec_security, GENSEC_FEATURE_SIGN_PKT_HEADER);
+	}
+
 	return true;
 }
 
-- 
cgit 


From 1a29fd1cf5436c850c7de180668a7a33f9b034d8 Mon Sep 17 00:00:00 2001
From: Andrew Bartlett <abartlet@samba.org>
Date: Wed, 1 Oct 2008 13:12:15 -0700
Subject: Store trusted domain passwords in the LSA server

---
 source4/rpc_server/lsa/dcesrv_lsa.c | 68 ++++++++++++++++++++++++++++++++++---
 1 file changed, 64 insertions(+), 4 deletions(-)

(limited to 'source4/rpc_server')

diff --git a/source4/rpc_server/lsa/dcesrv_lsa.c b/source4/rpc_server/lsa/dcesrv_lsa.c
index 5e3be84cc5..836fd8dc62 100644
--- a/source4/rpc_server/lsa/dcesrv_lsa.c
+++ b/source4/rpc_server/lsa/dcesrv_lsa.c
@@ -727,13 +727,46 @@ static NTSTATUS dcesrv_lsa_CreateTrustedDomain_base(struct dcesrv_call_state *dc
 		if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
 			return NT_STATUS_INVALID_PARAMETER;
 		}				
+
+		if (op == NDR_LSA_CREATETRUSTEDDOMAINEX) {
+			if (auth_struct.incoming.count > 1) {
+				return NT_STATUS_INVALID_PARAMETER;
+			}
+		}
 	}
 
 	if (auth_struct.incoming.count) {
+		int i;
+		struct trustAuthInOutBlob incoming;
+		
+		incoming.count = auth_struct.incoming.count;
+		incoming.current = talloc(mem_ctx, struct AuthenticationInformationArray);
+		if (!incoming.current) {
+			return NT_STATUS_NO_MEMORY;
+		}
+		
+		incoming.current->array = *auth_struct.incoming.current;
+		if (!incoming.current->array) {
+			return NT_STATUS_NO_MEMORY;
+		}
+
+		incoming.previous = talloc(mem_ctx, struct AuthenticationInformationArray);
+		if (!incoming.previous) {
+			return NT_STATUS_NO_MEMORY;
+		}
+		incoming.previous->array = talloc_array(mem_ctx, struct AuthenticationInformation, incoming.count);
+		if (!incoming.previous->array) {
+			return NT_STATUS_NO_MEMORY;
+		}
+
+		for (i = 0; i < incoming.count; i++) {
+			incoming.previous->array[i].LastUpdateTime = 0;
+			incoming.previous->array[i].AuthType = 0;
+		}
 		ndr_err = ndr_push_struct_blob(&trustAuthIncoming, mem_ctx, 
 					       lp_iconv_convenience(dce_call->conn->dce_ctx->lp_ctx),
-					       &auth_struct.incoming,
-					       (ndr_push_flags_fn_t)ndr_push_trustDomainPasswords);
+					       &incoming,
+					       (ndr_push_flags_fn_t)ndr_push_trustAuthInOutBlob);
 		if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
 			return NT_STATUS_INVALID_PARAMETER;
 		}
@@ -742,10 +775,37 @@ static NTSTATUS dcesrv_lsa_CreateTrustedDomain_base(struct dcesrv_call_state *dc
 	}
 	
 	if (auth_struct.outgoing.count) {
+		int i;
+		struct trustAuthInOutBlob outgoing;
+		
+		outgoing.count = auth_struct.outgoing.count;
+		outgoing.current = talloc(mem_ctx, struct AuthenticationInformationArray);
+		if (!outgoing.current) {
+			return NT_STATUS_NO_MEMORY;
+		}
+		
+		outgoing.current->array = *auth_struct.outgoing.current;
+		if (!outgoing.current->array) {
+			return NT_STATUS_NO_MEMORY;
+		}
+
+		outgoing.previous = talloc(mem_ctx, struct AuthenticationInformationArray);
+		if (!outgoing.previous) {
+			return NT_STATUS_NO_MEMORY;
+		}
+		outgoing.previous->array = talloc_array(mem_ctx, struct AuthenticationInformation, outgoing.count);
+		if (!outgoing.previous->array) {
+			return NT_STATUS_NO_MEMORY;
+		}
+
+		for (i = 0; i < outgoing.count; i++) {
+			outgoing.previous->array[i].LastUpdateTime = 0;
+			outgoing.previous->array[i].AuthType = 0;
+		}
 		ndr_err = ndr_push_struct_blob(&trustAuthOutgoing, mem_ctx, 
 					       lp_iconv_convenience(dce_call->conn->dce_ctx->lp_ctx),
-					       &auth_struct.outgoing,
-					       (ndr_push_flags_fn_t)ndr_push_trustDomainPasswords);
+					       &outgoing,
+					       (ndr_push_flags_fn_t)ndr_push_trustAuthInOutBlob);
 		if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
 			return NT_STATUS_INVALID_PARAMETER;
 		}
-- 
cgit 


From 320d402180ac2d8505aec2664feaddbd63e5b17e Mon Sep 17 00:00:00 2001
From: Andrew Bartlett <abartlet@samba.org>
Date: Wed, 1 Oct 2008 13:31:22 -0700
Subject: Start implementing AD-style trusted domains in Samba4's NETLOGON
 server

---
 source4/rpc_server/netlogon/dcerpc_netlogon.c | 52 +++++++++++++++++++++++++--
 1 file changed, 50 insertions(+), 2 deletions(-)

(limited to 'source4/rpc_server')

diff --git a/source4/rpc_server/netlogon/dcerpc_netlogon.c b/source4/rpc_server/netlogon/dcerpc_netlogon.c
index d5f7d2afae..b948d1210e 100644
--- a/source4/rpc_server/netlogon/dcerpc_netlogon.c
+++ b/source4/rpc_server/netlogon/dcerpc_netlogon.c
@@ -87,6 +87,9 @@ static NTSTATUS dcesrv_netr_ServerAuthenticate3(struct dcesrv_call_state *dce_ca
 	const char *attrs[] = {"unicodePwd", "userAccountControl", 
 			       "objectSid", NULL};
 
+	const char *trust_dom_attrs[] = {"flatname", NULL};
+	const char *account_name;
+
 	ZERO_STRUCTP(r->out.credentials);
 	*r->out.rid = 0;
 	*r->out.negotiate_flags = *r->in.negotiate_flags;
@@ -101,10 +104,54 @@ static NTSTATUS dcesrv_netr_ServerAuthenticate3(struct dcesrv_call_state *dce_ca
 	if (sam_ctx == NULL) {
 		return NT_STATUS_INVALID_SYSTEM_SERVICE;
 	}
+
+	if (r->in.secure_channel_type == SEC_CHAN_DNS_DOMAIN) {
+		char *encoded_account = ldb_binary_encode_string(mem_ctx, r->in.account_name);
+		char *flatname;
+		if (!encoded_account) {
+			return NT_STATUS_NO_MEMORY;
+		}
+
+		/* Kill the trailing dot */
+		if (encoded_account[strlen(encoded_account)-1] == '.') {
+			encoded_account[strlen(encoded_account)-1] = '\0';
+		}
+
+		/* pull the user attributes */
+		num_records = gendb_search(sam_ctx, mem_ctx, NULL, &msgs, trust_dom_attrs,
+					   "(&(trustPartner=%s)(objectclass=trustedDomain))", 
+					   encoded_account);
+		
+		if (num_records == 0) {
+			DEBUG(3,("Couldn't find trust [%s] in samdb.\n", 
+				 encoded_account));
+			return NT_STATUS_ACCESS_DENIED;
+		}
+		
+		if (num_records > 1) {
+			DEBUG(0,("Found %d records matching user [%s]\n", num_records, r->in.account_name));
+			return NT_STATUS_INTERNAL_DB_CORRUPTION;
+		}
+		
+		flatname = ldb_msg_find_attr_as_string(msgs[0], "flatname", NULL);
+		if (!flatname) {
+			/* No flatname for this trust - we can't proceed */
+			return NT_STATUS_ACCESS_DENIED;
+		}
+		account_name = talloc_asprintf(mem_ctx, "%s$", flatname);
+
+		if (!account_name) {
+			return NT_STATUS_NO_MEMORY;
+		}
+		
+	} else {
+		account_name = r->in.account_name;
+	}
+	
 	/* pull the user attributes */
 	num_records = gendb_search(sam_ctx, mem_ctx, NULL, &msgs, attrs,
 				   "(&(sAMAccountName=%s)(objectclass=user))", 
-				   r->in.account_name);
+				   ldb_binary_encode_string(mem_ctx, account_name));
 
 	if (num_records == 0) {
 		DEBUG(3,("Couldn't find user [%s] in samdb.\n", 
@@ -130,7 +177,8 @@ static NTSTATUS dcesrv_netr_ServerAuthenticate3(struct dcesrv_call_state *dce_ca
 			DEBUG(1, ("Client asked for a workstation secure channel, but is not a workstation (member server) acb flags: 0x%x\n", user_account_control));
 			return NT_STATUS_ACCESS_DENIED;
 		}
-	} else if (r->in.secure_channel_type == SEC_CHAN_DOMAIN) {
+	} else if (r->in.secure_channel_type == SEC_CHAN_DOMAIN || 
+		   r->in.secure_channel_type == SEC_CHAN_DNS_DOMAIN) {
 		if (!(user_account_control & UF_INTERDOMAIN_TRUST_ACCOUNT)) {
 			DEBUG(1, ("Client asked for a trusted domain secure channel, but is not a trusted domain: acb flags: 0x%x\n", user_account_control));
 			
-- 
cgit 


From 956599975573044f5f930ef23ce54c11db156ebe Mon Sep 17 00:00:00 2001
From: Jelmer Vernooij <jelmer@samba.org>
Date: Sat, 11 Oct 2008 21:31:42 +0200
Subject: Fix include paths to new location of libutil.

---
 source4/rpc_server/dcerpc_server.c            | 2 +-
 source4/rpc_server/handles.c                  | 2 +-
 source4/rpc_server/lsa/dcesrv_lsa.c           | 2 +-
 source4/rpc_server/lsa/lsa.h                  | 2 +-
 source4/rpc_server/netlogon/dcerpc_netlogon.c | 2 +-
 source4/rpc_server/samr/dcesrv_samr.c         | 2 +-
 source4/rpc_server/samr/samr_password.c       | 2 +-
 source4/rpc_server/service_rpc.c              | 2 +-
 8 files changed, 8 insertions(+), 8 deletions(-)

(limited to 'source4/rpc_server')

diff --git a/source4/rpc_server/dcerpc_server.c b/source4/rpc_server/dcerpc_server.c
index 893055d3b1..1d1efa7480 100644
--- a/source4/rpc_server/dcerpc_server.c
+++ b/source4/rpc_server/dcerpc_server.c
@@ -24,7 +24,7 @@
 #include "librpc/gen_ndr/ndr_dcerpc.h"
 #include "auth/auth.h"
 #include "auth/gensec/gensec.h"
-#include "lib/util/dlinklist.h"
+#include "../lib/util/dlinklist.h"
 #include "rpc_server/dcerpc_server.h"
 #include "rpc_server/dcerpc_server_proto.h"
 #include "librpc/rpc/dcerpc_proto.h"
diff --git a/source4/rpc_server/handles.c b/source4/rpc_server/handles.c
index 4831fb063d..284354feb4 100644
--- a/source4/rpc_server/handles.c
+++ b/source4/rpc_server/handles.c
@@ -20,7 +20,7 @@
 */
 
 #include "includes.h"
-#include "lib/util/dlinklist.h"
+#include "../lib/util/dlinklist.h"
 #include "rpc_server/dcerpc_server.h"
 
 /*
diff --git a/source4/rpc_server/lsa/dcesrv_lsa.c b/source4/rpc_server/lsa/dcesrv_lsa.c
index 836fd8dc62..9cda7d0d89 100644
--- a/source4/rpc_server/lsa/dcesrv_lsa.c
+++ b/source4/rpc_server/lsa/dcesrv_lsa.c
@@ -23,7 +23,7 @@
 */
 
 #include "rpc_server/lsa/lsa.h"
-#include "util/util_ldb.h"
+#include "../lib/util/util_ldb.h"
 #include "libcli/ldap/ldap_ndr.h"
 #include "system/kerberos.h"
 #include "auth/kerberos/kerberos.h"
diff --git a/source4/rpc_server/lsa/lsa.h b/source4/rpc_server/lsa/lsa.h
index b7c41486a2..ffdf96d091 100644
--- a/source4/rpc_server/lsa/lsa.h
+++ b/source4/rpc_server/lsa/lsa.h
@@ -30,7 +30,7 @@
 #include "libcli/security/security.h"
 #include "libcli/auth/libcli_auth.h"
 #include "param/secrets.h"
-#include "util/util_ldb.h"
+#include "../lib/util/util_ldb.h"
 #include "librpc/gen_ndr/ndr_dssetup.h"
 #include "param/param.h"
 
diff --git a/source4/rpc_server/netlogon/dcerpc_netlogon.c b/source4/rpc_server/netlogon/dcerpc_netlogon.c
index b948d1210e..470c27a075 100644
--- a/source4/rpc_server/netlogon/dcerpc_netlogon.c
+++ b/source4/rpc_server/netlogon/dcerpc_netlogon.c
@@ -29,7 +29,7 @@
 #include "dsdb/samdb/samdb.h"
 #include "dsdb/common/flags.h"
 #include "rpc_server/samr/proto.h"
-#include "util/util_ldb.h"
+#include "../lib/util/util_ldb.h"
 #include "libcli/auth/libcli_auth.h"
 #include "auth/gensec/schannel_state.h"
 #include "libcli/security/security.h"
diff --git a/source4/rpc_server/samr/dcesrv_samr.c b/source4/rpc_server/samr/dcesrv_samr.c
index 9daf4f2194..0fe7928cb5 100644
--- a/source4/rpc_server/samr/dcesrv_samr.c
+++ b/source4/rpc_server/samr/dcesrv_samr.c
@@ -34,7 +34,7 @@
 #include "libcli/ldap/ldap_ndr.h"
 #include "libcli/security/security.h"
 #include "rpc_server/samr/proto.h"
-#include "util/util_ldb.h"
+#include "../lib/util/util_ldb.h"
 #include "param/param.h"
 
 /* these query macros make samr_Query[User|Group]Info a bit easier to read */
diff --git a/source4/rpc_server/samr/samr_password.c b/source4/rpc_server/samr/samr_password.c
index 98d998acc3..8a855a7bdb 100644
--- a/source4/rpc_server/samr/samr_password.c
+++ b/source4/rpc_server/samr/samr_password.c
@@ -32,7 +32,7 @@
 #include "auth/auth.h"
 #include "rpc_server/samr/proto.h"
 #include "libcli/auth/libcli_auth.h"
-#include "util/util_ldb.h"
+#include "../lib/util/util_ldb.h"
 #include "param/param.h"
 
 /* 
diff --git a/source4/rpc_server/service_rpc.c b/source4/rpc_server/service_rpc.c
index 2ef8591c32..f168614ad5 100644
--- a/source4/rpc_server/service_rpc.c
+++ b/source4/rpc_server/service_rpc.c
@@ -25,7 +25,7 @@
 #include "librpc/gen_ndr/ndr_dcerpc.h"
 #include "auth/auth.h"
 #include "auth/gensec/gensec.h"
-#include "lib/util/dlinklist.h"
+#include "../lib/util/dlinklist.h"
 #include "rpc_server/dcerpc_server.h"
 #include "lib/events/events.h"
 #include "smbd/service_task.h"
-- 
cgit 


From 218f482fbfe96b2cddec8c05f6b8f174481d2e27 Mon Sep 17 00:00:00 2001
From: Jelmer Vernooij <jelmer@samba.org>
Date: Sun, 12 Oct 2008 00:56:56 +0200
Subject: Use common strlist implementation in Samba 3 and Samba 4.

---
 source4/rpc_server/remote/dcesrv_remote.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'source4/rpc_server')

diff --git a/source4/rpc_server/remote/dcesrv_remote.c b/source4/rpc_server/remote/dcesrv_remote.c
index cd32160d88..3cf8fbe8fb 100644
--- a/source4/rpc_server/remote/dcesrv_remote.c
+++ b/source4/rpc_server/remote/dcesrv_remote.c
@@ -225,7 +225,7 @@ static NTSTATUS remote_register_one_iface(struct dcesrv_context *dce_ctx, const
 static NTSTATUS remote_op_init_server(struct dcesrv_context *dce_ctx, const struct dcesrv_endpoint_server *ep_server)
 {
 	int i;
-	const char **ifaces = str_list_make(dce_ctx, lp_parm_string(dce_ctx->lp_ctx, NULL, "dcerpc_remote", "interfaces"),NULL);
+	const char **ifaces = (const char **)str_list_make(dce_ctx, lp_parm_string(dce_ctx->lp_ctx, NULL, "dcerpc_remote", "interfaces"),NULL);
 
 	if (!ifaces) {
 		DEBUG(3,("remote_op_init_server: no interfaces configured\n"));
-- 
cgit 


From aaa3e0425d8394c36a6211ddbd76837b5b3e3e56 Mon Sep 17 00:00:00 2001
From: Jelmer Vernooij <jelmer@samba.org>
Date: Wed, 15 Oct 2008 02:52:10 +0200
Subject: Fix includes.

---
 source4/rpc_server/dcerpc_server.h | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'source4/rpc_server')

diff --git a/source4/rpc_server/dcerpc_server.h b/source4/rpc_server/dcerpc_server.h
index b5672b41ac..59a4bab083 100644
--- a/source4/rpc_server/dcerpc_server.h
+++ b/source4/rpc_server/dcerpc_server.h
@@ -23,7 +23,7 @@
 #ifndef SAMBA_DCERPC_SERVER_H
 #define SAMBA_DCERPC_SERVER_H
 
-#include "librpc/gen_ndr/misc.h"
+#include "librpc/gen_ndr/security.h"
 #include "librpc/rpc/dcerpc.h"
 #include "librpc/ndr/libndr.h"
 
-- 
cgit 


From fed4658c1bb7112b32653cbb4ce1856d6fbc7b34 Mon Sep 17 00:00:00 2001
From: Jelmer Vernooij <jelmer@samba.org>
Date: Wed, 15 Oct 2008 17:34:55 +0200
Subject: winreg.idl: Sync ref change from Samba 3.

---
 source4/rpc_server/winreg/rpc_winreg.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'source4/rpc_server')

diff --git a/source4/rpc_server/winreg/rpc_winreg.c b/source4/rpc_server/winreg/rpc_winreg.c
index 22c60c354c..3b226c8341 100644
--- a/source4/rpc_server/winreg/rpc_winreg.c
+++ b/source4/rpc_server/winreg/rpc_winreg.c
@@ -457,7 +457,7 @@ static WERROR dcesrv_winreg_QueryValue(struct dcesrv_call_state *dce_call,
 	case SECURITY_USER:
 		key = h->data;
 		
-		result = reg_key_get_value_by_name(mem_ctx, key, r->in.value_name.name,
+		result = reg_key_get_value_by_name(mem_ctx, key, r->in.value_name->name,
 						   &value_type, &value_data);
 		
 		if (!W_ERROR_IS_OK(result)) {
-- 
cgit 


From ada0e343b2225471a8e623aca7d9aa314857af6c Mon Sep 17 00:00:00 2001
From: Jelmer Vernooij <jelmer@samba.org>
Date: Wed, 15 Oct 2008 17:38:51 +0200
Subject: Sync parameter names with samba 3.

---
 source4/rpc_server/winreg/rpc_winreg.c | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

(limited to 'source4/rpc_server')

diff --git a/source4/rpc_server/winreg/rpc_winreg.c b/source4/rpc_server/winreg/rpc_winreg.c
index 3b226c8341..e295634c62 100644
--- a/source4/rpc_server/winreg/rpc_winreg.c
+++ b/source4/rpc_server/winreg/rpc_winreg.c
@@ -470,16 +470,16 @@ static WERROR dcesrv_winreg_QueryValue(struct dcesrv_call_state *dce_call,
 			return WERR_NOMEM;
 		}
 		*r->out.type = value_type;
-		r->out.length = talloc(mem_ctx, uint32_t);
-		if (!r->out.length) {
+		r->out.data_length = talloc(mem_ctx, uint32_t);
+		if (!r->out.data_length) {
 			return WERR_NOMEM;
 		}
-		*r->out.length = value_data.length;
+		*r->out.data_length = value_data.length;
 		if (r->in.data == NULL) {
-			r->out.size = talloc(mem_ctx, uint32_t);
-			*r->out.size = value_data.length;
+			r->out.data_size = talloc(mem_ctx, uint32_t);
+			*r->out.data_size = value_data.length;
 		} else {
-			r->out.size = r->in.size;
+			r->out.data_size = r->in.data_size;
 			r->out.data = value_data.data;
 		}
 		
-- 
cgit 


From 11ecd5acfdd2af476e03b2818f218e7fbc4d3414 Mon Sep 17 00:00:00 2001
From: Günther Deschner <gd@samba.org>
Date: Wed, 15 Oct 2008 17:42:33 +0200
Subject: s4: merge from s3 samr.idl.

Guenther
---
 source4/rpc_server/samr/dcesrv_samr.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'source4/rpc_server')

diff --git a/source4/rpc_server/samr/dcesrv_samr.c b/source4/rpc_server/samr/dcesrv_samr.c
index 0fe7928cb5..22d201e58e 100644
--- a/source4/rpc_server/samr/dcesrv_samr.c
+++ b/source4/rpc_server/samr/dcesrv_samr.c
@@ -4262,7 +4262,7 @@ static NTSTATUS dcesrv_samr_Connect5(struct dcesrv_call_state *dce_call, TALLOC_
 
 	status = dcesrv_samr_Connect(dce_call, mem_ctx, &c);
 
-	r->out.info->info1.unknown1 = 3;
+	r->out.info->info1.client_version = SAMR_CONNECT_AFTER_W2K;
 	r->out.info->info1.unknown2 = 0;
 	r->out.level = r->in.level;
 
-- 
cgit 


From 7c88ea8aadfc2be0726cbe555543cfab8804c470 Mon Sep 17 00:00:00 2001
From: Andrew Bartlett <abartlet@samba.org>
Date: Thu, 16 Oct 2008 12:48:16 +1100
Subject: Create a 'straight paper path' for UTF16 passwords.

This uses a virtual attribute 'clearTextPassword' (name chosen to
match references in MS-SAMR) that contains the length-limited blob
containing an allegidly UTF16 password.  This ensures we do no
validation or filtering of the password before we get a chance to MD4
it.  We can then do the required munging into UTF8, and in future
implement the rules Microsoft has provided us with for invalid inputs.

All layers in the process now deal with the strings as length-limited
inputs, incluing the krb5 string2key calls.

This commit also includes a small change to samdb_result_passwords()
to ensure that LM passwords are not returned to the application logic
if LM authentication is disabled.

The objectClass module has been modified to allow the
clearTextPassword attribute to pass down the stack.

Andrew Bartlett
---
 source4/rpc_server/lsa/dcesrv_lsa.c           | 21 +++----
 source4/rpc_server/netlogon/dcerpc_netlogon.c | 27 ++++----
 source4/rpc_server/samr/samr_password.c       | 88 +++++++++++++++------------
 3 files changed, 70 insertions(+), 66 deletions(-)

(limited to 'source4/rpc_server')

diff --git a/source4/rpc_server/lsa/dcesrv_lsa.c b/source4/rpc_server/lsa/dcesrv_lsa.c
index 9cda7d0d89..4c596f1f03 100644
--- a/source4/rpc_server/lsa/dcesrv_lsa.c
+++ b/source4/rpc_server/lsa/dcesrv_lsa.c
@@ -968,19 +968,14 @@ static NTSTATUS dcesrv_lsa_CreateTrustedDomain_base(struct dcesrv_call_state *dc
 							   mem_ctx, msg_user, "unicodePwd", 
 							   &auth_struct.incoming.current[i]->AuthInfo.nt4owf.password);
 				} else if (auth_struct.incoming.current[i]->AuthType == TRUST_AUTH_TYPE_CLEAR) {
-					struct samr_Password hash;
-/*
-                                      . We cannot do this, as windows chooses to send in random passwords here, that won't convert to UTF8 
-					samdb_msg_add_string(trusted_domain_state->policy->sam_ldb, 
-							     mem_ctx, msg_user, "userPassword", 
-							     auth_struct.incoming.current->array[i].AuthInfo.clear.password);
-*/
-					mdfour(hash.hash, auth_struct.incoming.current[i]->AuthInfo.clear.password,
-					       auth_struct.incoming.current[i]->AuthInfo.clear.size);
-					samdb_msg_add_hash(trusted_domain_state->policy->sam_ldb, 
-							   mem_ctx, msg_user, "unicodePwd", 
-							   &hash);
-				}
+					DATA_BLOB new_password = data_blob_const(auth_struct.incoming.current[i]->AuthInfo.clear.password,
+										 auth_struct.incoming.current[i]->AuthInfo.clear.size);
+					ret = ldb_msg_add_value(msg_user, "clearTextPassword", &new_password, NULL);
+					if (ret != LDB_SUCCESS) {
+						ldb_transaction_cancel(policy_state->sam_ldb);
+						return NT_STATUS_NO_MEMORY;
+					}
+				} 
 			}
 		}
 
diff --git a/source4/rpc_server/netlogon/dcerpc_netlogon.c b/source4/rpc_server/netlogon/dcerpc_netlogon.c
index 470c27a075..9d4c897892 100644
--- a/source4/rpc_server/netlogon/dcerpc_netlogon.c
+++ b/source4/rpc_server/netlogon/dcerpc_netlogon.c
@@ -107,7 +107,7 @@ static NTSTATUS dcesrv_netr_ServerAuthenticate3(struct dcesrv_call_state *dce_ca
 
 	if (r->in.secure_channel_type == SEC_CHAN_DNS_DOMAIN) {
 		char *encoded_account = ldb_binary_encode_string(mem_ctx, r->in.account_name);
-		char *flatname;
+		const char *flatname;
 		if (!encoded_account) {
 			return NT_STATUS_NO_MEMORY;
 		}
@@ -370,7 +370,7 @@ static NTSTATUS dcesrv_netr_ServerPasswordSet(struct dcesrv_call_state *dce_call
 					   creds->sid,
 					   NULL, /* Don't have plaintext */
 					   NULL, &r->in.new_password,
-					   false, /* This is not considered a password change */
+					   true, /* Password change */
 					   NULL, NULL);
 	return nt_status;
 }
@@ -385,15 +385,14 @@ static NTSTATUS dcesrv_netr_ServerPasswordSet2(struct dcesrv_call_state *dce_cal
 	struct creds_CredentialState *creds;
 	struct ldb_context *sam_ctx;
 	NTSTATUS nt_status;
-	char new_pass[512];
-	bool ret;
+	DATA_BLOB new_password;
 
 	struct samr_CryptPassword password_buf;
 
 	nt_status = dcesrv_netr_creds_server_step_check(dce_call->event_ctx, dce_call->conn->dce_ctx->lp_ctx,
 							r->in.computer_name, mem_ctx, 
-						 &r->in.credential, &r->out.return_authenticator,
-						 &creds);
+							&r->in.credential, &r->out.return_authenticator,
+							&creds);
 	NT_STATUS_NOT_OK_RETURN(nt_status);
 
 	sam_ctx = samdb_connect(mem_ctx, dce_call->event_ctx, dce_call->conn->dce_ctx->lp_ctx, system_session(mem_ctx, dce_call->conn->dce_ctx->lp_ctx));
@@ -402,22 +401,20 @@ static NTSTATUS dcesrv_netr_ServerPasswordSet2(struct dcesrv_call_state *dce_cal
 	}
 
 	memcpy(password_buf.data, r->in.new_password.data, 512);
-	SIVAL(password_buf.data,512,r->in.new_password.length);
+	SIVAL(password_buf.data, 512, r->in.new_password.length);
 	creds_arcfour_crypt(creds, password_buf.data, 516);
 
-	ret = decode_pw_buffer(password_buf.data, new_pass, sizeof(new_pass),
-			       STR_UNICODE);
-	if (!ret) {
-		DEBUG(3,("netr_ServerPasswordSet2: failed to decode password buffer\n"));
-		return NT_STATUS_ACCESS_DENIED;
+	if (!extract_pw_from_buffer(mem_ctx, password_buf.data, &new_password)) {
+		DEBUG(3,("samr: failed to decode password buffer\n"));
+		return NT_STATUS_WRONG_PASSWORD;
 	}
-
+		
 	/* Using the sid for the account as the key, set the password */
 	nt_status = samdb_set_password_sid(sam_ctx, mem_ctx,
 					   creds->sid,
-					   new_pass, /* we have plaintext */
+					   &new_password, /* we have plaintext */
 					   NULL, NULL,
-					   false, /* This is not considered a password change */
+					   true, /* Password change */
 					   NULL, NULL);
 	return nt_status;
 }
diff --git a/source4/rpc_server/samr/samr_password.c b/source4/rpc_server/samr/samr_password.c
index 8a855a7bdb..336720ecc7 100644
--- a/source4/rpc_server/samr/samr_password.c
+++ b/source4/rpc_server/samr/samr_password.c
@@ -86,7 +86,8 @@ NTSTATUS dcesrv_samr_ChangePasswordUser(struct dcesrv_call_state *dce_call,
 	}
 	msg = res[0];
 
-	status = samdb_result_passwords(mem_ctx, msg, &lm_pwd, &nt_pwd);
+	status = samdb_result_passwords(mem_ctx, dce_call->conn->dce_ctx->lp_ctx,
+					msg, &lm_pwd, &nt_pwd);
 	if (!NT_STATUS_IS_OK(status) || !lm_pwd || !nt_pwd) {
 		ldb_transaction_cancel(sam_ctx);
 		return NT_STATUS_WRONG_PASSWORD;
@@ -183,8 +184,8 @@ NTSTATUS dcesrv_samr_OemChangePasswordUser2(struct dcesrv_call_state *dce_call,
 				     struct samr_OemChangePasswordUser2 *r)
 {
 	NTSTATUS status;
-	char new_pass[512];
-	uint32_t new_pass_len;
+	DATA_BLOB new_password;
+	char *new_pass;
 	struct samr_CryptPassword *pwbuf = r->in.password;
 	struct ldb_context *sam_ctx;
 	struct ldb_dn *user_dn;
@@ -231,7 +232,8 @@ NTSTATUS dcesrv_samr_OemChangePasswordUser2(struct dcesrv_call_state *dce_call,
 
 	user_dn = res[0]->dn;
 
-	status = samdb_result_passwords(mem_ctx, res[0], &lm_pwd, NULL);
+	status = samdb_result_passwords(mem_ctx, dce_call->conn->dce_ctx->lp_ctx,
+					res[0], &lm_pwd, NULL);
 	if (!NT_STATUS_IS_OK(status) || !lm_pwd) {
 		ldb_transaction_cancel(sam_ctx);
 		return NT_STATUS_WRONG_PASSWORD;
@@ -242,15 +244,18 @@ NTSTATUS dcesrv_samr_OemChangePasswordUser2(struct dcesrv_call_state *dce_call,
 	arcfour_crypt_blob(pwbuf->data, 516, &lm_pwd_blob);
 	data_blob_free(&lm_pwd_blob);
 	
-	if (!decode_pw_buffer(pwbuf->data, new_pass, sizeof(new_pass),
-			      STR_ASCII)) {
+	if (!extract_pw_from_buffer(mem_ctx, pwbuf->data, &new_password)) {
 		ldb_transaction_cancel(sam_ctx);
 		DEBUG(3,("samr: failed to decode password buffer\n"));
 		return NT_STATUS_WRONG_PASSWORD;
 	}
-
-	/* check LM verifier */
-	if (lm_pwd == NULL) {
+		
+	if (convert_string_talloc(mem_ctx, lp_iconv_convenience(dce_call->conn->dce_ctx->lp_ctx), 
+				  CH_DOS, CH_UNIX, 
+				  (const char *)new_password.data, 
+				  new_password.length,
+				  (void **)&new_pass) == -1) {
+		DEBUG(3,("samr: failed to convert incoming password buffer to unix charset\n"));
 		ldb_transaction_cancel(sam_ctx);
 		return NT_STATUS_WRONG_PASSWORD;
 	}
@@ -278,7 +283,7 @@ NTSTATUS dcesrv_samr_OemChangePasswordUser2(struct dcesrv_call_state *dce_call,
 	 * due to password policies */
 	status = samdb_set_password(sam_ctx, mem_ctx,
 				    user_dn, NULL, 
-				    mod, new_pass, 
+				    mod, &new_password, 
 				    NULL, NULL,
 				    true, /* this is a user password change */
 				    NULL, 
@@ -320,7 +325,7 @@ NTSTATUS dcesrv_samr_ChangePasswordUser3(struct dcesrv_call_state *dce_call,
 				  struct samr_ChangePasswordUser3 *r)
 {	
 	NTSTATUS status;
-	char new_pass[512];
+	DATA_BLOB new_password;
 	struct ldb_context *sam_ctx = NULL;
 	struct ldb_dn *user_dn;
 	int ret;
@@ -369,7 +374,8 @@ NTSTATUS dcesrv_samr_ChangePasswordUser3(struct dcesrv_call_state *dce_call,
 
 	user_dn = res[0]->dn;
 
-	status = samdb_result_passwords(mem_ctx, res[0], &lm_pwd, &nt_pwd);
+	status = samdb_result_passwords(mem_ctx, dce_call->conn->dce_ctx->lp_ctx, 
+					res[0], &lm_pwd, &nt_pwd);
 	if (!NT_STATUS_IS_OK(status) ) {
 		goto failed;
 	}
@@ -384,40 +390,49 @@ NTSTATUS dcesrv_samr_ChangePasswordUser3(struct dcesrv_call_state *dce_call,
 	arcfour_crypt_blob(r->in.nt_password->data, 516, &nt_pwd_blob);
 	data_blob_free(&nt_pwd_blob);
 
-	if (!decode_pw_buffer(r->in.nt_password->data, new_pass, sizeof(new_pass),
-			      STR_UNICODE)) {
+	if (!extract_pw_from_buffer(mem_ctx, r->in.nt_password->data, &new_password)) {
+		ldb_transaction_cancel(sam_ctx);
 		DEBUG(3,("samr: failed to decode password buffer\n"));
-		status = NT_STATUS_WRONG_PASSWORD;
-		goto failed;
+		return NT_STATUS_WRONG_PASSWORD;
 	}
-
+		
 	if (r->in.nt_verifier == NULL) {
 		status = NT_STATUS_WRONG_PASSWORD;
 		goto failed;
 	}
 
 	/* check NT verifier */
-	E_md4hash(new_pass, new_nt_hash);
+	mdfour(new_nt_hash, new_password.data, new_password.length);
+
 	E_old_pw_hash(new_nt_hash, nt_pwd->hash, nt_verifier.hash);
 	if (memcmp(nt_verifier.hash, r->in.nt_verifier->hash, 16) != 0) {
 		status = NT_STATUS_WRONG_PASSWORD;
 		goto failed;
 	}
 
-	/* check LM verifier */
+	/* check LM verifier (really not needed as we just checked the
+	 * much stronger NT hash, but the RPC-SAMR test checks for
+	 * this) */
 	if (lm_pwd && r->in.lm_verifier != NULL) {
-		E_deshash(new_pass, new_lm_hash);
-		E_old_pw_hash(new_nt_hash, lm_pwd->hash, lm_verifier.hash);
-		if (memcmp(lm_verifier.hash, r->in.lm_verifier->hash, 16) != 0) {
-			status = NT_STATUS_WRONG_PASSWORD;
-			goto failed;
+		char *new_pass;
+		if (convert_string_talloc(mem_ctx, lp_iconv_convenience(dce_call->conn->dce_ctx->lp_ctx), 
+					  CH_UTF16, CH_UNIX, 
+					  (const char *)new_password.data, 
+					  new_password.length,
+					  (void **)&new_pass) != -1) {
+			E_deshash(new_pass, new_lm_hash);
+			E_old_pw_hash(new_nt_hash, lm_pwd->hash, lm_verifier.hash);
+			if (memcmp(lm_verifier.hash, r->in.lm_verifier->hash, 16) != 0) {
+				status = NT_STATUS_WRONG_PASSWORD;
+				goto failed;
+			}
 		}
 	}
 
-
 	mod = ldb_msg_new(mem_ctx);
 	if (mod == NULL) {
-		return NT_STATUS_NO_MEMORY;
+		status = NT_STATUS_NO_MEMORY;
+		goto failed;
 	}
 
 	mod->dn = ldb_dn_copy(mod, user_dn);
@@ -430,7 +445,7 @@ NTSTATUS dcesrv_samr_ChangePasswordUser3(struct dcesrv_call_state *dce_call,
 	 * due to password policies */
 	status = samdb_set_password(sam_ctx, mem_ctx,
 				    user_dn, NULL, 
-				    mod, new_pass, 
+				    mod, &new_password, 
 				    NULL, NULL,
 				    true, /* this is a user password change */
 				    &reason, 
@@ -517,7 +532,7 @@ NTSTATUS samr_set_password(struct dcesrv_call_state *dce_call,
 			   struct samr_CryptPassword *pwbuf)
 {
 	NTSTATUS nt_status;
-	char new_pass[512];
+	DATA_BLOB new_password;
 	DATA_BLOB session_key = data_blob(NULL, 0);
 
 	nt_status = dcesrv_fetch_session_key(dce_call->conn, &session_key);
@@ -527,17 +542,16 @@ NTSTATUS samr_set_password(struct dcesrv_call_state *dce_call,
 
 	arcfour_crypt_blob(pwbuf->data, 516, &session_key);
 
-	if (!decode_pw_buffer(pwbuf->data, new_pass, sizeof(new_pass),
-			      STR_UNICODE)) {
+	if (!extract_pw_from_buffer(mem_ctx, pwbuf->data, &new_password)) {
 		DEBUG(3,("samr: failed to decode password buffer\n"));
 		return NT_STATUS_WRONG_PASSWORD;
 	}
-
+		
 	/* set the password - samdb needs to know both the domain and user DNs,
 	   so the domain password policy can be used */
 	return samdb_set_password(sam_ctx, mem_ctx,
 				  account_dn, domain_dn, 
-				  msg, new_pass, 
+				  msg, &new_password, 
 				  NULL, NULL,
 				  false, /* This is a password set, not change */
 				  NULL, NULL);
@@ -557,8 +571,7 @@ NTSTATUS samr_set_password_ex(struct dcesrv_call_state *dce_call,
 			      struct samr_CryptPasswordEx *pwbuf)
 {
 	NTSTATUS nt_status;
-	char new_pass[512];
-	uint32_t new_pass_len;
+	DATA_BLOB new_password;
 	DATA_BLOB co_session_key;
 	DATA_BLOB session_key = data_blob(NULL, 0);
 	struct MD5Context ctx;
@@ -580,17 +593,16 @@ NTSTATUS samr_set_password_ex(struct dcesrv_call_state *dce_call,
 	
 	arcfour_crypt_blob(pwbuf->data, 516, &co_session_key);
 
-	if (!decode_pw_buffer(pwbuf->data, new_pass, sizeof(new_pass),
-			      STR_UNICODE)) {
+	if (!extract_pw_from_buffer(mem_ctx, pwbuf->data, &new_password)) {
 		DEBUG(3,("samr: failed to decode password buffer\n"));
 		return NT_STATUS_WRONG_PASSWORD;
 	}
-
+		
 	/* set the password - samdb needs to know both the domain and user DNs,
 	   so the domain password policy can be used */
 	return samdb_set_password(sam_ctx, mem_ctx,
 				  account_dn, domain_dn, 
-				  msg, new_pass, 
+				  msg, &new_password, 
 				  NULL, NULL,
 				  false, /* This is a password set, not change */
 				  NULL, NULL);
-- 
cgit 


From 99315a19be4d28146e18dac7104ee2d18b798a48 Mon Sep 17 00:00:00 2001
From: Andrew Bartlett <abartlet@samba.org>
Date: Fri, 17 Oct 2008 12:41:02 +1100
Subject: Fix errrors in new password handling code found by RPC-SAMR.

I'm very glad we have such a comprehensive testsuite for the SAMR
password change process, as it makes this a much easier task to get
right.

Andrew Bartlett
---
 source4/rpc_server/samr/samr_password.c | 17 +++++++++++++++--
 1 file changed, 15 insertions(+), 2 deletions(-)

(limited to 'source4/rpc_server')

diff --git a/source4/rpc_server/samr/samr_password.c b/source4/rpc_server/samr/samr_password.c
index 336720ecc7..859fd03801 100644
--- a/source4/rpc_server/samr/samr_password.c
+++ b/source4/rpc_server/samr/samr_password.c
@@ -184,7 +184,7 @@ NTSTATUS dcesrv_samr_OemChangePasswordUser2(struct dcesrv_call_state *dce_call,
 				     struct samr_OemChangePasswordUser2 *r)
 {
 	NTSTATUS status;
-	DATA_BLOB new_password;
+	DATA_BLOB new_password, new_unicode_password;
 	char *new_pass;
 	struct samr_CryptPassword *pwbuf = r->in.password;
 	struct ldb_context *sam_ctx;
@@ -196,6 +196,7 @@ NTSTATUS dcesrv_samr_OemChangePasswordUser2(struct dcesrv_call_state *dce_call,
 	DATA_BLOB lm_pwd_blob;
 	uint8_t new_lm_hash[16];
 	struct samr_Password lm_verifier;
+	ssize_t unicode_pw_len;
 
 	if (pwbuf == NULL) {
 		return NT_STATUS_INVALID_PARAMETER;
@@ -260,6 +261,18 @@ NTSTATUS dcesrv_samr_OemChangePasswordUser2(struct dcesrv_call_state *dce_call,
 		return NT_STATUS_WRONG_PASSWORD;
 	}
 
+	unicode_pw_len = convert_string_talloc(mem_ctx, lp_iconv_convenience(dce_call->conn->dce_ctx->lp_ctx), 
+					       CH_DOS, CH_UTF16, 
+					       (const char *)new_password.data, 
+					       new_password.length,
+					       (void **)&new_unicode_password.data);
+	if (unicode_pw_len == -1) {
+		DEBUG(3,("samr: failed to convert incoming password buffer to UTF16 charset\n"));
+		ldb_transaction_cancel(sam_ctx);
+		return NT_STATUS_WRONG_PASSWORD;
+	}
+	new_unicode_password.length = unicode_pw_len;
+
 	E_deshash(new_pass, new_lm_hash);
 	E_old_pw_hash(new_lm_hash, lm_pwd->hash, lm_verifier.hash);
 	if (memcmp(lm_verifier.hash, r->in.hash->hash, 16) != 0) {
@@ -283,7 +296,7 @@ NTSTATUS dcesrv_samr_OemChangePasswordUser2(struct dcesrv_call_state *dce_call,
 	 * due to password policies */
 	status = samdb_set_password(sam_ctx, mem_ctx,
 				    user_dn, NULL, 
-				    mod, &new_password, 
+				    mod, &new_unicode_password, 
 				    NULL, NULL,
 				    true, /* this is a user password change */
 				    NULL, 
-- 
cgit 


From 32a1d55797f96e043310004bb091ef5887aa501d Mon Sep 17 00:00:00 2001
From: Günther Deschner <gd@samba.org>
Date: Fri, 17 Oct 2008 18:59:31 +0200
Subject: s4-drsuapi: merge drsuapi_DsWriteAccountSpn from s3 drsuapi idl.

Guenther
---
 source4/rpc_server/drsuapi/dcesrv_drsuapi.c | 13 ++++++++-----
 1 file changed, 8 insertions(+), 5 deletions(-)

(limited to 'source4/rpc_server')

diff --git a/source4/rpc_server/drsuapi/dcesrv_drsuapi.c b/source4/rpc_server/drsuapi/dcesrv_drsuapi.c
index d555ba27bf..de1fefb186 100644
--- a/source4/rpc_server/drsuapi/dcesrv_drsuapi.c
+++ b/source4/rpc_server/drsuapi/dcesrv_drsuapi.c
@@ -389,17 +389,20 @@ static WERROR dcesrv_drsuapi_DsWriteAccountSpn(struct dcesrv_call_state *dce_cal
 	struct drsuapi_bind_state *b_state;
 	struct dcesrv_handle *h;
 
-	r->out.level = r->in.level;
+	*r->out.level_out = r->in.level;
 
 	DCESRV_PULL_HANDLE_WERR(h, r->in.bind_handle, DRSUAPI_BIND_HANDLE);
 	b_state = h->data;
 
+	r->out.res = talloc(mem_ctx, union drsuapi_DsWriteAccountSpnResult);
+	W_ERROR_HAVE_NO_MEMORY(r->out.res);
+
 	switch (r->in.level) {
 		case 1: {
 			struct drsuapi_DsWriteAccountSpnRequest1 *req;
 			struct ldb_message *msg;
 			int count, i, ret;
-			req = &r->in.req.req1;
+			req = &r->in.req->req1;
 			count = req->count;
 
 			msg = ldb_msg_new(mem_ctx);
@@ -409,7 +412,7 @@ static WERROR dcesrv_drsuapi_DsWriteAccountSpn(struct dcesrv_call_state *dce_cal
 
 			msg->dn = ldb_dn_new(msg, b_state->sam_ctx, req->object_dn);
 			if ( ! ldb_dn_validate(msg->dn)) {
-				r->out.res.res1.status = WERR_OK;
+				r->out.res->res1.status = WERR_OK;
 				return WERR_OK;
 			}
 			
@@ -440,9 +443,9 @@ static WERROR dcesrv_drsuapi_DsWriteAccountSpn(struct dcesrv_call_state *dce_cal
 				DEBUG(0,("Failed to modify SPNs on %s: %s\n",
 					 ldb_dn_get_linearized(msg->dn), 
 					 ldb_errstring(b_state->sam_ctx)));
-				r->out.res.res1.status = WERR_ACCESS_DENIED;
+				r->out.res->res1.status = WERR_ACCESS_DENIED;
 			} else {
-				r->out.res.res1.status = WERR_OK;
+				r->out.res->res1.status = WERR_OK;
 			}
 
 			return WERR_OK;
-- 
cgit 


From ca84c406d3a2335beb27006c54b68820f7a5594a Mon Sep 17 00:00:00 2001
From: Günther Deschner <gd@samba.org>
Date: Fri, 17 Oct 2008 19:10:22 +0200
Subject: s4-drsuapi: merge drsuapi_DsGetDomainControllerInfo from s3 drsuapi
 idl.

Guenther
---
 source4/rpc_server/drsuapi/dcesrv_drsuapi.c | 12 +++++++-----
 1 file changed, 7 insertions(+), 5 deletions(-)

(limited to 'source4/rpc_server')

diff --git a/source4/rpc_server/drsuapi/dcesrv_drsuapi.c b/source4/rpc_server/drsuapi/dcesrv_drsuapi.c
index de1fefb186..4408b17b8c 100644
--- a/source4/rpc_server/drsuapi/dcesrv_drsuapi.c
+++ b/source4/rpc_server/drsuapi/dcesrv_drsuapi.c
@@ -522,14 +522,16 @@ static WERROR dcesrv_drsuapi_DsGetDomainControllerInfo_1(struct drsuapi_bind_sta
 
 	int ret, i;
 
-	r->out.level_out = r->in.req.req1.level;
+	*r->out.level_out = r->in.req->req1.level;
+	r->out.ctr = talloc(mem_ctx, union drsuapi_DsGetDCInfoCtr);
+	W_ERROR_HAVE_NO_MEMORY(r->out.ctr);
 
 	sites_dn = samdb_sites_dn(b_state->sam_ctx, mem_ctx);
 	if (!sites_dn) {
 		return WERR_DS_OBJ_NOT_FOUND;
 	}
 
-	switch (r->out.level_out) {
+	switch (*r->out.level_out) {
 	case -1:
 		/* this level is not like the others */
 		return WERR_UNKNOWN_LEVEL;
@@ -552,9 +554,9 @@ static WERROR dcesrv_drsuapi_DsGetDomainControllerInfo_1(struct drsuapi_bind_sta
 		return WERR_GENERAL_FAILURE;
 	}
 
-	switch (r->out.level_out) {
+	switch (*r->out.level_out) {
 	case 1:
-		ctr1 = &r->out.ctr.ctr1;
+		ctr1 = &r->out.ctr->ctr1;
 		ctr1->count = res->count;
 		ctr1->array = talloc_zero_array(mem_ctx, 
 						struct drsuapi_DsGetDCInfo1, 
@@ -617,7 +619,7 @@ static WERROR dcesrv_drsuapi_DsGetDomainControllerInfo_1(struct drsuapi_bind_sta
 		}
 		break;
 	case 2:
-		ctr2 = &r->out.ctr.ctr2;
+		ctr2 = &r->out.ctr->ctr2;
 		ctr2->count = res->count;
 		ctr2->array = talloc_zero_array(mem_ctx, 
 						 struct drsuapi_DsGetDCInfo2, 
-- 
cgit 


From 6ddaf5f160ff96cb6d17bcd78588cab594b8f151 Mon Sep 17 00:00:00 2001
From: Günther Deschner <gd@samba.org>
Date: Fri, 17 Oct 2008 20:08:59 +0200
Subject: s4-drsuapi: merge drsuapi_DsCrackNames from s3 drsuapi idl.

Guenther
---
 source4/rpc_server/drsuapi/dcesrv_drsuapi.c | 18 ++++++++++--------
 1 file changed, 10 insertions(+), 8 deletions(-)

(limited to 'source4/rpc_server')

diff --git a/source4/rpc_server/drsuapi/dcesrv_drsuapi.c b/source4/rpc_server/drsuapi/dcesrv_drsuapi.c
index 4408b17b8c..a84f24a3e8 100644
--- a/source4/rpc_server/drsuapi/dcesrv_drsuapi.c
+++ b/source4/rpc_server/drsuapi/dcesrv_drsuapi.c
@@ -337,12 +337,14 @@ WERROR dcesrv_drsuapi_DsCrackNames(struct dcesrv_call_state *dce_call, TALLOC_CT
 	struct drsuapi_bind_state *b_state;
 	struct dcesrv_handle *h;
 
-	r->out.level = r->in.level;
-	ZERO_STRUCT(r->out.ctr);
+	*r->out.level_out = r->in.level;
 
 	DCESRV_PULL_HANDLE_WERR(h, r->in.bind_handle, DRSUAPI_BIND_HANDLE);
 	b_state = h->data;
 
+	r->out.ctr = talloc_zero(mem_ctx, union drsuapi_DsNameCtr);
+	W_ERROR_HAVE_NO_MEMORY(r->out.ctr);
+
 	switch (r->in.level) {
 		case 1: {
 			struct drsuapi_DsNameCtr1 *ctr1;
@@ -353,16 +355,16 @@ WERROR dcesrv_drsuapi_DsCrackNames(struct dcesrv_call_state *dce_call, TALLOC_CT
 			ctr1 = talloc(mem_ctx, struct drsuapi_DsNameCtr1);
 			W_ERROR_HAVE_NO_MEMORY(ctr1);
 
-			count = r->in.req.req1.count;
+			count = r->in.req->req1.count;
 			names = talloc_array(mem_ctx, struct drsuapi_DsNameInfo1, count);
 			W_ERROR_HAVE_NO_MEMORY(names);
 
 			for (i=0; i < count; i++) {
 				status = DsCrackNameOneName(b_state->sam_ctx, mem_ctx,
-							    r->in.req.req1.format_flags,
-							    r->in.req.req1.format_offered,
-							    r->in.req.req1.format_desired,
-							    r->in.req.req1.names[i].str,
+							    r->in.req->req1.format_flags,
+							    r->in.req->req1.format_offered,
+							    r->in.req->req1.format_desired,
+							    r->in.req->req1.names[i].str,
 							    &names[i]);
 				if (!W_ERROR_IS_OK(status)) {
 					return status;
@@ -371,7 +373,7 @@ WERROR dcesrv_drsuapi_DsCrackNames(struct dcesrv_call_state *dce_call, TALLOC_CT
 
 			ctr1->count = count;
 			ctr1->array = names;
-			r->out.ctr.ctr1 = ctr1;
+			r->out.ctr->ctr1 = ctr1;
 
 			return WERR_OK;
 		}
-- 
cgit 


From b789ff950f054ede2ef1dfaf94f8ddff062c092b Mon Sep 17 00:00:00 2001
From: Matthias Dieter Wallnöfer <mwallnoefer@yahoo.de>
Date: Mon, 20 Oct 2008 15:50:07 +1100
Subject: LSA Patch for User Manager

New (major) patch
=================
- Enhances the "lsa.idl" file in the sense that it adds more values to
"PolicyInformation" to improve the "lsa_QueryInfoPolicy*" calls.
- Adds a minimal implementation for "AuditEvents" (also lsa_QueryInfoPolicy*
calls) to enable the "Audit" option in the "User Manager for Domains" (at least
readable).
- Adds to the "lsa.idl" file the system access mode flags needed for the calls
"lsa_*SystemAccessAccount".
- Fill in the "lsa_GetSystemAccessAccount" for enabling the "User Rights"
option in the "User Manager for Domains" (at least readable).
- Merge the two similar torture tests of the "lsa_QueryInfoPolicy*" calls in
one using "if"'s for a few separations.
- Add a torture test for "lsa_GetSystemAccessAccount".
- Some cosmetic-only changes (unifications) in output strings in the "LSA"
torture test.

The work has been done using the Microsoft WSPP docs.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
---
 source4/rpc_server/lsa/dcesrv_lsa.c | 41 +++++++++++++++++++++++++++++++++----
 1 file changed, 37 insertions(+), 4 deletions(-)

(limited to 'source4/rpc_server')

diff --git a/source4/rpc_server/lsa/dcesrv_lsa.c b/source4/rpc_server/lsa/dcesrv_lsa.c
index 4c596f1f03..84f11ef3a8 100644
--- a/source4/rpc_server/lsa/dcesrv_lsa.c
+++ b/source4/rpc_server/lsa/dcesrv_lsa.c
@@ -399,7 +399,6 @@ static WERROR dcesrv_dssetup_DsRoleGetPrimaryDomainInformation(struct dcesrv_cal
 	return WERR_INVALID_PARAM;
 }
 
-
 /*
   fill in the AccountDomain info
 */
@@ -462,9 +461,15 @@ static NTSTATUS dcesrv_lsa_QueryInfoPolicy2(struct dcesrv_call_state *dce_call,
 		/* we don't need to fill in any of this */
 		ZERO_STRUCT(r->out.info->pd);
 		return NT_STATUS_OK;
+
 	case LSA_POLICY_INFO_DOMAIN:
+		return dcesrv_lsa_info_AccountDomain(state, mem_ctx, &r->out.info->domain);
 	case LSA_POLICY_INFO_ACCOUNT_DOMAIN:
 		return dcesrv_lsa_info_AccountDomain(state, mem_ctx, &r->out.info->account_domain);
+	case LSA_POLICY_INFO_L_ACCOUNT_DOMAIN:
+		return dcesrv_lsa_info_AccountDomain(state, mem_ctx, &r->out.info->l_account_domain);
+
+
 	case LSA_POLICY_INFO_ROLE:
 		r->out.info->role.role = LSA_ROLE_PRIMARY;
 		return NT_STATUS_OK;
@@ -481,9 +486,8 @@ static NTSTATUS dcesrv_lsa_QueryInfoPolicy2(struct dcesrv_call_state *dce_call,
 		ZERO_STRUCT(r->out.info->quota);
 		return NT_STATUS_OK;
 
+	case LSA_POLICY_INFO_MOD:
 	case LSA_POLICY_INFO_AUDIT_FULL_SET:
-	case LSA_POLICY_INFO_DB:
-	case LSA_POLICY_INFO_AUDIT_FULL_QUERY:
 		/* windows gives INVALID_PARAMETER */
 		r->out.info = NULL;
 		return NT_STATUS_INVALID_PARAMETER;
@@ -2050,7 +2054,36 @@ static NTSTATUS dcesrv_lsa_SetQuotasForAccount(struct dcesrv_call_state *dce_cal
 static NTSTATUS dcesrv_lsa_GetSystemAccessAccount(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
 		       struct lsa_GetSystemAccessAccount *r)
 {
-	DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
+	int i;
+	NTSTATUS status;
+	struct lsa_EnumPrivsAccount enumPrivs;
+
+	enumPrivs.in.handle = r->in.handle;
+
+	status = dcesrv_lsa_EnumPrivsAccount(dce_call, mem_ctx, &enumPrivs);
+	if (!NT_STATUS_IS_OK(status)) {
+		return status;
+	}	
+
+	*(r->out.access_mask) = 0x00000000;
+
+	for (i = 0; i < enumPrivs.out.privs->count; i++) {
+		int priv = enumPrivs.out.privs->set[i].luid.low;
+
+		switch (priv) {
+		case SEC_PRIV_INTERACTIVE_LOGON:
+			*(r->out.access_mask) |= LSA_POLICY_MODE_INTERACTIVE;
+			break;
+		case SEC_PRIV_NETWORK_LOGON:
+			*(r->out.access_mask) |= LSA_POLICY_MODE_NETWORK;
+			break;
+		case SEC_PRIV_REMOTE_INTERACTIVE_LOGON:
+			*(r->out.access_mask) |= LSA_POLICY_MODE_REMOTE_INTERACTIVE;
+			break;
+		}
+	}
+
+	return NT_STATUS_OK;
 }
 
 
-- 
cgit 


From 85acd7eccca127ab701f1515a27747b8af089cab Mon Sep 17 00:00:00 2001
From: Andrew Bartlett <abartlet@samba.org>
Date: Mon, 20 Oct 2008 16:12:37 +1100
Subject: Make the updated RPC-LSA pass against Win2008, and Samba4 to match

---
 source4/rpc_server/lsa/dcesrv_lsa.c | 1 +
 1 file changed, 1 insertion(+)

(limited to 'source4/rpc_server')

diff --git a/source4/rpc_server/lsa/dcesrv_lsa.c b/source4/rpc_server/lsa/dcesrv_lsa.c
index 84f11ef3a8..b009d2f2f8 100644
--- a/source4/rpc_server/lsa/dcesrv_lsa.c
+++ b/source4/rpc_server/lsa/dcesrv_lsa.c
@@ -488,6 +488,7 @@ static NTSTATUS dcesrv_lsa_QueryInfoPolicy2(struct dcesrv_call_state *dce_call,
 
 	case LSA_POLICY_INFO_MOD:
 	case LSA_POLICY_INFO_AUDIT_FULL_SET:
+	case LSA_POLICY_INFO_AUDIT_FULL_QUERY:
 		/* windows gives INVALID_PARAMETER */
 		r->out.info = NULL;
 		return NT_STATUS_INVALID_PARAMETER;
-- 
cgit 


From 87ec1d2532eb17dfd7f98431bdfa4071be57f683 Mon Sep 17 00:00:00 2001
From: Jelmer Vernooij <jelmer@samba.org>
Date: Mon, 20 Oct 2008 18:59:51 +0200
Subject: Make sure prototypes are always included, make some functions static
 and remove some unused functions.

---
 source4/rpc_server/common/server_info.c     | 2 ++
 source4/rpc_server/common/share_info.c      | 2 ++
 source4/rpc_server/drsuapi/dcesrv_drsuapi.c | 4 ++--
 3 files changed, 6 insertions(+), 2 deletions(-)

(limited to 'source4/rpc_server')

diff --git a/source4/rpc_server/common/server_info.c b/source4/rpc_server/common/server_info.c
index da034e85ea..ab04b3af1f 100644
--- a/source4/rpc_server/common/server_info.c
+++ b/source4/rpc_server/common/server_info.c
@@ -26,6 +26,8 @@
 #include "dsdb/samdb/samdb.h"
 #include "auth/auth.h"
 #include "param/param.h"
+#include "rpc_server/common/common.h"
+#include "rpc_server/common/proto.h"
 
 /* 
     Here are common server info functions used by some dcerpc server interfaces
diff --git a/source4/rpc_server/common/share_info.c b/source4/rpc_server/common/share_info.c
index b27dc37949..130babd175 100644
--- a/source4/rpc_server/common/share_info.c
+++ b/source4/rpc_server/common/share_info.c
@@ -23,6 +23,8 @@
 #include "param/share.h"
 #include "librpc/gen_ndr/srvsvc.h"
 #include "rpc_server/dcerpc_server.h"
+#include "rpc_server/common/common.h"
+#include "rpc_server/common/proto.h"
 
 /* 
     Here are common server info functions used by some dcerpc server interfaces
diff --git a/source4/rpc_server/drsuapi/dcesrv_drsuapi.c b/source4/rpc_server/drsuapi/dcesrv_drsuapi.c
index a84f24a3e8..6af8ea50b5 100644
--- a/source4/rpc_server/drsuapi/dcesrv_drsuapi.c
+++ b/source4/rpc_server/drsuapi/dcesrv_drsuapi.c
@@ -330,7 +330,7 @@ static WERROR dcesrv_drsuapi_DsGetNT4ChangeLog(struct dcesrv_call_state *dce_cal
 /* 
   drsuapi_DsCrackNames 
 */
-WERROR dcesrv_drsuapi_DsCrackNames(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
+static WERROR dcesrv_drsuapi_DsCrackNames(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
 			    struct drsuapi_DsCrackNames *r)
 {
 	WERROR status;
@@ -478,7 +478,7 @@ static WERROR dcesrv_DRSUAPI_REMOVE_DS_DOMAIN(struct dcesrv_call_state *dce_call
 }
 
 /* Obtain the site name from a server DN */
-const char *result_site_name(struct ldb_dn *site_dn)
+static const char *result_site_name(struct ldb_dn *site_dn)
 {
 	/* Format is cn=<NETBIOS name>,cn=Servers,cn=<site>,cn=sites.... */
 	const struct ldb_val *val = ldb_dn_get_component_val(site_dn, 2);
-- 
cgit