From e16b2242e5f4702ad2800cd7bed46bcea2c1d4ac Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Mon, 21 Jul 2008 12:05:53 +1000 Subject: Remove bogus test in 'enum trusted domains' LSA server. The change to the RPC-LSA test proves that when the remote server has 0 trusted domains, it will return NT_STATUS_NO_MORE_ENTRIES, not NT_STATUS_OK. Andrew Bartlett (This used to be commit 40a55b34c2ce75267cf004dc4cfb8153c061e66b) --- source4/rpc_server/lsa/dcesrv_lsa.c | 6 ------ 1 file changed, 6 deletions(-) (limited to 'source4/rpc_server') diff --git a/source4/rpc_server/lsa/dcesrv_lsa.c b/source4/rpc_server/lsa/dcesrv_lsa.c index eb60f426d8..f02e2325a0 100644 --- a/source4/rpc_server/lsa/dcesrv_lsa.c +++ b/source4/rpc_server/lsa/dcesrv_lsa.c @@ -1130,9 +1130,6 @@ static NTSTATUS dcesrv_lsa_EnumTrustDom(struct dcesrv_call_state *dce_call, TALL if (count == -1) { return NT_STATUS_INTERNAL_DB_CORRUPTION; } - if (count == 0 || r->in.max_size == 0) { - return NT_STATUS_OK; - } /* convert to lsa_TrustInformation format */ entries = talloc_array(mem_ctx, struct lsa_DomainInfo, count); @@ -1218,9 +1215,6 @@ static NTSTATUS dcesrv_lsa_EnumTrustedDomainsEx(struct dcesrv_call_state *dce_ca if (count == -1) { return NT_STATUS_INTERNAL_DB_CORRUPTION; } - if (count == 0 || r->in.max_size == 0) { - return NT_STATUS_OK; - } /* convert to lsa_DomainInformation format */ entries = talloc_array(mem_ctx, struct lsa_TrustDomainInfoInfoEx, count); -- cgit From d626a26374744849f1bc431e02dd5329594589a1 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Mon, 21 Jul 2008 13:42:07 +1000 Subject: Rename structures to better match the names in the WSPP IDL. The 'comment' element in a number of domain structures is called oem_information. This was picked up actually because with OpenLDAP doing the schema checking, it noticed that 'comment' was not a valid attribute. The rename tries to keep this consistant in both the LDB mappings and IDL, so we don't make the same mistake in future. This has no real schema impact, as this value isn't actually used for anything, as 'comment' was not used in the provision. Andrew Bartlett (This used to be commit 65dc0d536590d055a5ee775606ac90ee5fcaee9a) --- source4/rpc_server/samr/dcesrv_samr.c | 66 +++++++++++++++++------------------ 1 file changed, 33 insertions(+), 33 deletions(-) (limited to 'source4/rpc_server') diff --git a/source4/rpc_server/samr/dcesrv_samr.c b/source4/rpc_server/samr/dcesrv_samr.c index 8ee77a6a30..e54d518f76 100644 --- a/source4/rpc_server/samr/dcesrv_samr.c +++ b/source4/rpc_server/samr/dcesrv_samr.c @@ -521,10 +521,10 @@ static NTSTATUS dcesrv_samr_info_DomInfo1(struct samr_domain_state *state, /* return DomInfo2 */ -static NTSTATUS dcesrv_samr_info_DomInfo2(struct samr_domain_state *state, - TALLOC_CTX *mem_ctx, - struct ldb_message **dom_msgs, - struct samr_DomInfo2 *info) +static NTSTATUS dcesrv_samr_info_DomGeneralInformation(struct samr_domain_state *state, + TALLOC_CTX *mem_ctx, + struct ldb_message **dom_msgs, + struct samr_DomGeneralInformation *info) { /* This pulls the NetBIOS name from the cn=NTDS Settings,cn=,.... @@ -538,7 +538,7 @@ static NTSTATUS dcesrv_samr_info_DomInfo2(struct samr_domain_state *state, info->force_logoff_time = ldb_msg_find_attr_as_uint64(dom_msgs[0], "forceLogoff", 0x8000000000000000LL); - info->comment.string = samdb_result_string(dom_msgs[0], "comment", NULL); + info->oem_information.string = samdb_result_string(dom_msgs[0], "oEMInformation", NULL); info->domain_name.string = state->domain_name; info->sequence_num = ldb_msg_find_attr_as_uint64(dom_msgs[0], "modifiedCount", @@ -592,12 +592,12 @@ static NTSTATUS dcesrv_samr_info_DomInfo3(struct samr_domain_state *state, /* return DomInfo4 */ -static NTSTATUS dcesrv_samr_info_DomInfo4(struct samr_domain_state *state, +static NTSTATUS dcesrv_samr_info_DomOEMInformation(struct samr_domain_state *state, TALLOC_CTX *mem_ctx, struct ldb_message **dom_msgs, - struct samr_DomInfo4 *info) + struct samr_DomOEMInformation *info) { - info->comment.string = samdb_result_string(dom_msgs[0], "comment", NULL); + info->oem_information.string = samdb_result_string(dom_msgs[0], "oEMInformation", NULL); return NT_STATUS_OK; } @@ -700,13 +700,13 @@ static NTSTATUS dcesrv_samr_info_DomInfo9(struct samr_domain_state *state, /* return DomInfo11 */ -static NTSTATUS dcesrv_samr_info_DomInfo11(struct samr_domain_state *state, +static NTSTATUS dcesrv_samr_info_DomGeneralInformation2(struct samr_domain_state *state, TALLOC_CTX *mem_ctx, struct ldb_message **dom_msgs, - struct samr_DomInfo11 *info) + struct samr_DomGeneralInformation2 *info) { NTSTATUS status; - status = dcesrv_samr_info_DomInfo2(state, mem_ctx, dom_msgs, &info->info2); + status = dcesrv_samr_info_DomGeneralInformation(state, mem_ctx, dom_msgs, &info->general); if (!NT_STATUS_IS_OK(status)) { return status; } @@ -792,7 +792,7 @@ static NTSTATUS dcesrv_samr_QueryDomainInfo(struct dcesrv_call_state *dce_call, case 2: { static const char * const attrs2[] = {"forceLogoff", - "comment", + "oEMInformation", "modifiedCount", "fSMORoleOwner", NULL}; @@ -808,7 +808,7 @@ static NTSTATUS dcesrv_samr_QueryDomainInfo(struct dcesrv_call_state *dce_call, } case 4: { - static const char * const attrs2[] = {"comment", + static const char * const attrs2[] = {"oEMInformation", NULL}; attrs = attrs2; break; @@ -843,7 +843,7 @@ static NTSTATUS dcesrv_samr_QueryDomainInfo(struct dcesrv_call_state *dce_call, break; case 11: { - static const char * const attrs2[] = { "comment", "forceLogoff", + static const char * const attrs2[] = { "oEMInformation", "forceLogoff", "modifiedCount", "lockoutDuration", "lockOutObservationWindow", @@ -886,42 +886,42 @@ static NTSTATUS dcesrv_samr_QueryDomainInfo(struct dcesrv_call_state *dce_call, switch (r->in.level) { case 1: return dcesrv_samr_info_DomInfo1(d_state, mem_ctx, dom_msgs, - &r->out.info->info1); + &r->out.info->info1); case 2: - return dcesrv_samr_info_DomInfo2(d_state, mem_ctx, dom_msgs, - &r->out.info->info2); + return dcesrv_samr_info_DomGeneralInformation(d_state, mem_ctx, dom_msgs, + &r->out.info->general); case 3: return dcesrv_samr_info_DomInfo3(d_state, mem_ctx, dom_msgs, - &r->out.info->info3); + &r->out.info->info3); case 4: - return dcesrv_samr_info_DomInfo4(d_state, mem_ctx, dom_msgs, - &r->out.info->info4); + return dcesrv_samr_info_DomOEMInformation(d_state, mem_ctx, dom_msgs, + &r->out.info->oem); case 5: return dcesrv_samr_info_DomInfo5(d_state, mem_ctx, dom_msgs, - &r->out.info->info5); + &r->out.info->info5); case 6: return dcesrv_samr_info_DomInfo6(d_state, mem_ctx, dom_msgs, - &r->out.info->info6); + &r->out.info->info6); case 7: return dcesrv_samr_info_DomInfo7(d_state, mem_ctx, dom_msgs, - &r->out.info->info7); + &r->out.info->info7); case 8: return dcesrv_samr_info_DomInfo8(d_state, mem_ctx, dom_msgs, - &r->out.info->info8); + &r->out.info->info8); case 9: return dcesrv_samr_info_DomInfo9(d_state, mem_ctx, dom_msgs, - &r->out.info->info9); + &r->out.info->info9); case 11: - return dcesrv_samr_info_DomInfo11(d_state, mem_ctx, dom_msgs, - &r->out.info->info11); + return dcesrv_samr_info_DomGeneralInformation2(d_state, mem_ctx, dom_msgs, + &r->out.info->general2); case 12: return dcesrv_samr_info_DomInfo12(d_state, mem_ctx, dom_msgs, - &r->out.info->info12); + &r->out.info->info12); case 13: return dcesrv_samr_info_DomInfo13(d_state, mem_ctx, dom_msgs, - &r->out.info->info13); + &r->out.info->info13); } - + return NT_STATUS_INVALID_INFO_CLASS; } @@ -962,10 +962,10 @@ static NTSTATUS dcesrv_samr_SetDomainInfo(struct dcesrv_call_state *dce_call, TA SET_INT64 (msg, info1.min_password_age, "minPwdAge"); break; case 3: - SET_UINT64 (msg, info3.force_logoff_time, "forceLogoff"); + SET_UINT64 (msg, info3.force_logoff_time, "forceLogoff"); break; case 4: - SET_STRING(msg, info4.comment, "comment"); + SET_STRING(msg, oem.oem_information, "oEMInformation"); break; case 6: @@ -2997,7 +2997,7 @@ static NTSTATUS dcesrv_samr_QueryUserInfo(struct dcesrv_call_state *dce_call, TA case 1: { static const char * const attrs2[] = {"sAMAccountName", "displayName", - "primaryGroupID", "description", + "primaryroupID", "description", "comment", NULL}; attrs = attrs2; break; -- cgit From 7fba6c649ba36ca5b76dcfed7b773567c9933077 Mon Sep 17 00:00:00 2001 From: Michael Adam Date: Tue, 22 Jul 2008 15:35:23 +0200 Subject: Change occurrences of the u1 member of DsBindInfo* to pid after idl change. Michael (This used to be commit b91bbc5fe4a47e5823be6be5f2f203f1f14105de) --- source4/rpc_server/drsuapi/dcesrv_drsuapi.c | 15 +++++++++------ 1 file changed, 9 insertions(+), 6 deletions(-) (limited to 'source4/rpc_server') diff --git a/source4/rpc_server/drsuapi/dcesrv_drsuapi.c b/source4/rpc_server/drsuapi/dcesrv_drsuapi.c index e0a222e767..bbb78cb778 100644 --- a/source4/rpc_server/drsuapi/dcesrv_drsuapi.c +++ b/source4/rpc_server/drsuapi/dcesrv_drsuapi.c @@ -45,7 +45,7 @@ static WERROR dcesrv_drsuapi_DsBind(struct dcesrv_call_state *dce_call, TALLOC_C struct ldb_result *ntds_res; struct ldb_dn *ntds_dn; static const char *ntds_attrs[] = { "ms-DS-ReplicationEpoch", NULL }; - uint32_t u1; + uint32_t pid; uint32_t repl_epoch; int ret; @@ -98,9 +98,12 @@ static WERROR dcesrv_drsuapi_DsBind(struct dcesrv_call_state *dce_call, TALLOC_C repl_epoch = samdb_result_uint(ntds_res->msgs[0], "ms-DS-ReplicationEpoch", 0); /* - * TODO: find out what this is... + * The "process identifier" of the client. + * According to the WSPP docs, sectin 5.35, this is + * for informational and debugging purposes only. + * The assignment is implementation specific. */ - u1 = 0; + pid = 0; /* * store the clients bind_guid @@ -119,7 +122,7 @@ static WERROR dcesrv_drsuapi_DsBind(struct dcesrv_call_state *dce_call, TALLOC_C info24 = &r->in.bind_info->info.info24; b_state->remote_info28.supported_extensions = info24->supported_extensions; b_state->remote_info28.site_guid = info24->site_guid; - b_state->remote_info28.u1 = info24->u1; + b_state->remote_info28.pid = info24->pid; b_state->remote_info28.repl_epoch = 0; break; } @@ -171,8 +174,8 @@ static WERROR dcesrv_drsuapi_DsBind(struct dcesrv_call_state *dce_call, TALLOC_C b_state->local_info28.supported_extensions |= DRSUAPI_SUPPORTED_EXTENSION_XPRESS_COMPRESS; #endif b_state->local_info28.site_guid = site_guid; - b_state->local_info28.u1 = u1; - b_state->local_info28.repl_epoch = repl_epoch; + b_state->local_info28.pid = pid; + b_state->local_info28.repl_epoch = repl_epoch; /* * allocate the return bind_info -- cgit From d6fdd13dec854c681ad047d104ccfc2bf0ca5de5 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Wed, 23 Jul 2008 16:14:20 +1000 Subject: Remove the 'accoc_group_id' check in the RPC server. This check breaks more than it fixes, and while technically not correct, is the best solution we have at this time. Otherwise, SCHANNEL binds from WinXP fail. Andrew Bartlett (This used to be commit f8628fa330abcd50923d995d5bda1f4811582ea9) --- source4/rpc_server/dcerpc_server.c | 11 +++++++++++ 1 file changed, 11 insertions(+) (limited to 'source4/rpc_server') diff --git a/source4/rpc_server/dcerpc_server.c b/source4/rpc_server/dcerpc_server.c index d8dafd61f6..91ae5fcd94 100644 --- a/source4/rpc_server/dcerpc_server.c +++ b/source4/rpc_server/dcerpc_server.c @@ -534,9 +534,20 @@ static NTSTATUS dcesrv_bind(struct dcesrv_call_state *call) uint32_t context_id; const struct dcesrv_interface *iface; +#if 0 + /* It is not safe to enable this check - windows clients + * (WinXP in particular) will use it for NETLOGON calls, for + * the subsequent SCHANNEL bind. It turns out that NETLOGON + * calls include no policy handles, so it is safe there. Let + * the failure occour on the attempt to reuse a poilcy handle, + * rather than here */ + + /* Association groups allow policy handles to be shared across + * multiple client connections. We don't implement this yet. */ if (call->pkt.u.bind.assoc_group_id != 0) { return dcesrv_bind_nak(call, 0); } +#endif if (call->pkt.u.bind.num_contexts < 1 || call->pkt.u.bind.ctx_list[0].num_transfer_syntaxes < 1) { -- cgit From 768515f4ad13785729fcd4df7cecaede39b7409a Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Wed, 23 Jul 2008 16:19:54 +1000 Subject: The SMB session key must not be more than 16 bytes in SAMR (and presumably LSA). Tests show that Vista requires the sesion key to be truncated for a domain join. Andrew Bartlett (This used to be commit af629a3738298d27eb2dbecf466ceb503cec9638) --- source4/rpc_server/dcerpc_server.c | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) (limited to 'source4/rpc_server') diff --git a/source4/rpc_server/dcerpc_server.c b/source4/rpc_server/dcerpc_server.c index d8dafd61f6..fb487dfdcf 100644 --- a/source4/rpc_server/dcerpc_server.c +++ b/source4/rpc_server/dcerpc_server.c @@ -270,11 +270,20 @@ NTSTATUS dcesrv_generic_session_key(struct dcesrv_connection *p, /* fetch the user session key - may be default (above) or the SMB session key + + The key is always truncated to 16 bytes */ _PUBLIC_ NTSTATUS dcesrv_fetch_session_key(struct dcesrv_connection *p, DATA_BLOB *session_key) { - return p->auth_state.session_key(p, session_key); + NTSTATUS status = p->auth_state.session_key(p, session_key); + if (!NT_STATUS_IS_OK(status)) { + return status; + } + + session_key->length = MIN(session_key->length, 16); + + return NT_STATUS_OK; } -- cgit From 5bb679aa0fe87b5dd7f7c82d09157bc93b8b54cb Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Wed, 23 Jul 2008 14:41:16 +0200 Subject: rpc_server: be more strict with the incoming assoc_group_id Allow 0 and 0x12345678 only. This fixes the RPC-HANDLES test. metze (This used to be commit c123e597cc84685abf2b0d3564e1a26d80bbef2f) --- source4/rpc_server/dcerpc_server.c | 24 ++++++++++++------------ 1 file changed, 12 insertions(+), 12 deletions(-) (limited to 'source4/rpc_server') diff --git a/source4/rpc_server/dcerpc_server.c b/source4/rpc_server/dcerpc_server.c index a2ca897981..ac36825acd 100644 --- a/source4/rpc_server/dcerpc_server.c +++ b/source4/rpc_server/dcerpc_server.c @@ -543,20 +543,20 @@ static NTSTATUS dcesrv_bind(struct dcesrv_call_state *call) uint32_t context_id; const struct dcesrv_interface *iface; -#if 0 - /* It is not safe to enable this check - windows clients - * (WinXP in particular) will use it for NETLOGON calls, for - * the subsequent SCHANNEL bind. It turns out that NETLOGON - * calls include no policy handles, so it is safe there. Let - * the failure occour on the attempt to reuse a poilcy handle, - * rather than here */ - - /* Association groups allow policy handles to be shared across - * multiple client connections. We don't implement this yet. */ - if (call->pkt.u.bind.assoc_group_id != 0) { + /* + * Association groups allow policy handles to be shared across + * multiple client connections. We don't implement this yet. + * + * So we just allow 0 if the client wants to create a new + * association group. + * + * And we allow the 0x12345678 value, we give away as + * assoc_group_id back to the clients + */ + if (call->pkt.u.bind.assoc_group_id != 0 && + call->pkt.u.bind.assoc_group_id != 0x12345678) { return dcesrv_bind_nak(call, 0); } -#endif if (call->pkt.u.bind.num_contexts < 1 || call->pkt.u.bind.ctx_list[0].num_transfer_syntaxes < 1) { -- cgit