Merge branch 'master' of ssh://git.samba.org/data/git/samba
authorSimo Sorce <idra@samba.org>
Mon, 19 Jul 2010 00:04:42 +0000 (20:04 -0400)
committerSimo Sorce <idra@samba.org>
Mon, 19 Jul 2010 00:04:42 +0000 (20:04 -0400)
35 files changed:
docs-xml/smbdotconf/protocol/smb2maxread.xml [new file with mode: 0644]
docs-xml/smbdotconf/protocol/smb2maxtrans.xml [new file with mode: 0644]
docs-xml/smbdotconf/protocol/smb2maxwrite.xml [new file with mode: 0644]
examples/perfcounter/perf.h
lib/iniparser/src/wscript_build [new file with mode: 0644]
librpc/idl/schannel.idl
librpc/rpc/dcerpc_util.c
nsswitch/pam_winbind.c
nsswitch/wscript_build
release-scripts/create-tarball
source3/Makefile.in
source3/configure.in
source3/include/proto.h
source3/include/rpc_dce.h
source3/librpc/rpc/dcerpc.h
source3/librpc/rpc/dcerpc_helpers.c
source3/librpc/rpc/rpc_common.c [new file with mode: 0644]
source3/modules/vfs_aio_fork.c
source3/rpc_client/cli_pipe.c
source3/rpc_client/cli_samr.c
source3/rpc_server/rpc_server.h [new file with mode: 0644]
source3/rpc_server/srv_pipe.c
source3/rpc_server/srv_pipe_hnd.c
source3/smbd/aio.c
source3/smbd/sesssetup.c
source3/smbd/smb2_sesssetup.c
source3/utils/net_dns.c
source3/winbindd/winbindd_dual.c
source3/wscript_build
source4/scripting/bin/ktpass.sh [new file with mode: 0755]
source4/selftest/tests.sh
source4/torture/rpc/bind.c
source4/torture/shell.c
source4/wscript_build
testprogs/blackbox/test_ktpass.sh [new file with mode: 0755]

diff --git a/docs-xml/smbdotconf/protocol/smb2maxread.xml b/docs-xml/smbdotconf/protocol/smb2maxread.xml
new file mode 100644 (file)
index 0000000..f4bcb4b
--- /dev/null
@@ -0,0 +1,17 @@
+<samba:parameter name="smb2 max read"
+               type="integer"
+               context="G"
+               advanced="1" developer="1"
+               xmlns:samba="http://www.samba.org/samba/DTD/samba-doc">
+<description>
+<para>This option specifies the protocol value that <citerefentry><refentrytitle>smbd</refentrytitle>
+<manvolnum>8</manvolnum></citerefentry> will return to a client, informing the client of the largest
+size that may be returned by a single SMB2 read call.
+</para>
+<para>The default is 1048576 bytes (1MB), which is the same as a Windows7 SMB2 server.</para>
+</description>
+
+<related>smb2 max write</related>
+<related>smb2 max trans</related>
+<value type="default">1048576</value>
+</samba:parameter>
diff --git a/docs-xml/smbdotconf/protocol/smb2maxtrans.xml b/docs-xml/smbdotconf/protocol/smb2maxtrans.xml
new file mode 100644 (file)
index 0000000..dd654f4
--- /dev/null
@@ -0,0 +1,17 @@
+<samba:parameter name="smb2 max trans"
+               type="integer"
+               context="G"
+               advanced="1" developer="1"
+               xmlns:samba="http://www.samba.org/samba/DTD/samba-doc">
+<description>
+<para>This option specifies the protocol value that <citerefentry><refentrytitle>smbd</refentrytitle>
+<manvolnum>8</manvolnum></citerefentry> will return to a client, informing the client of the largest
+size of buffer that may be used in querying file meta-data via QUERY_INFO and related SMB2 calls.
+</para>
+<para>The default is 1048576 bytes (1MB), which is the same as a Windows7 SMB2 server.</para>
+</description>
+
+<related>smb2 max read</related>
+<related>smb2 max write</related>
+<value type="default">1048576</value>
+</samba:parameter>
diff --git a/docs-xml/smbdotconf/protocol/smb2maxwrite.xml b/docs-xml/smbdotconf/protocol/smb2maxwrite.xml
new file mode 100644 (file)
index 0000000..cdbc47a
--- /dev/null
@@ -0,0 +1,17 @@
+<samba:parameter name="smb2 max write"
+               type="integer"
+               context="G"
+               advanced="1" developer="1"
+               xmlns:samba="http://www.samba.org/samba/DTD/samba-doc">
+<description>
+<para>This option specifies the protocol value that <citerefentry><refentrytitle>smbd</refentrytitle>
+<manvolnum>8</manvolnum></citerefentry> will return to a client, informing the client of the largest
+size that may be sent to the server by a single SMB2 write call.
+</para>
+<para>The default is 1048576 bytes (1MB), which is the same as a Windows7 SMB2 server.</para>
+</description>
+
+<related>smb2 max read</related>
+<related>smb2 max trans</related>
+<value type="default">1048576</value>
+</samba:parameter>
index 7f06b05027ffb616605cb8bd05d1dbebdc9b4bd8..b2968a08cf7aea4ad601f941fa228f81ff88611c 100644 (file)
 #ifndef __PERF_H__
 #define __PERF_H__
 
+#define _PUBLIC_
+
+#ifdef HAVE_STDBOOL_H
+#include <stdbool.h>
+#endif
+
+#if !defined(HAVE_BOOL)
+#ifdef HAVE__Bool
+#define bool _Bool
+#else
+typedef int bool;
+#endif
+#endif
+
+
 #include <stdlib.h>
 #include <time.h>
 #include <math.h>
diff --git a/lib/iniparser/src/wscript_build b/lib/iniparser/src/wscript_build
new file mode 100644 (file)
index 0000000..aa15c9f
--- /dev/null
@@ -0,0 +1,7 @@
+#!/usr/bin/env python
+
+bld.SAMBA_SUBSYSTEM('LIBINIPARSER',
+                    source='../../iniparser_build/iniparser.c ../../iniparser_build/dictionary.c ../../iniparser_build/strlib.c',
+                    deps='replace',
+                    cflags=''
+                    )
index a30e2928e0cc0dba8adb679b1de73b6feb653ad7..b597a4395d28d9d52554bb35b94a12e336206945 100644 (file)
@@ -90,6 +90,8 @@ interface schannel
                uint8 Confounder[8];
        } NL_AUTH_SIGNATURE;
 
+       const int NL_AUTH_SIGNATURE_SIZE = 0x20;
+
        /* MS-NRPC 2.2.1.3.3 NL_AUTH_SHA2_SIGNATURE */
 
        typedef [public,flag(NDR_PAHEX)] struct {
index a4bc096ddde968390c6ab84d3015e92f56501629..c79cfd506a5d5d92b9903f9e0a0965388bfe6580 100644 (file)
@@ -52,6 +52,11 @@ void dcerpc_set_auth_length(DATA_BLOB *blob, uint16_t v)
        }
 }
 
+uint8_t dcerpc_get_endian_flag(DATA_BLOB *blob)
+{
+       return blob->data[DCERPC_DREP_OFFSET];
+}
+
 /*
   pull an dcerpc_auth structure, taking account of any auth padding in
   the blob at the end of the structure
index b2d74dec4b18bae363b31a9ac0b4a3c9548a9b66..e651ce0e498796a4c78c2b640c316f8fcad53634 100644 (file)
@@ -1432,12 +1432,12 @@ static void _pam_warn_krb5_failure(struct pwb_context *ctx,
 static bool _pam_check_remark_auth_err(struct pwb_context *ctx,
                                       const struct wbcAuthErrorInfo *e,
                                       const char *nt_status_string,
-                                      int *pam_error)
+                                      int *pam_err)
 {
        const char *ntstatus = NULL;
        const char *error_string = NULL;
 
-       if (!e || !pam_error) {
+       if (!e || !pam_err) {
                return false;
        }
 
@@ -1451,18 +1451,18 @@ static bool _pam_check_remark_auth_err(struct pwb_context *ctx,
                error_string = _get_ntstatus_error_string(nt_status_string);
                if (error_string) {
                        _make_remark(ctx, PAM_ERROR_MSG, error_string);
-                       *pam_error = e->pam_error;
+                       *pam_err = e->pam_error;
                        return true;
                }
 
                if (e->display_string) {
                        _make_remark(ctx, PAM_ERROR_MSG, _(e->display_string));
-                       *pam_error = e->pam_error;
+                       *pam_err = e->pam_error;
                        return true;
                }
 
                _make_remark(ctx, PAM_ERROR_MSG, nt_status_string);
-               *pam_error = e->pam_error;
+               *pam_err = e->pam_error;
 
                return true;
        }
index 80f11871c90292ed7c35d9953e8587591046933c..d70866280193f44fd8b63da77727ab47832c886c 100644 (file)
@@ -18,3 +18,16 @@ bld.SAMBA_BINARY('wbinfo',
        deps='LIBSAMBA-UTIL LIBCLI_AUTH popt POPT_SAMBA LIBWINBIND-CLIENT LIBWBCLIENT tevent UTIL_TEVENT LIBASYNC_REQ UID_WRAPPER'
        )
 
+bld.SAMBA_LIBRARY('nsswinbind',
+    source='../nsswitch/winbind_nss_linux.c',
+    deps='LIBWINBIND-CLIENT',
+    realname='libnss_winbind.so',
+    vnum='2')
+
+if bld.CONFIG_SET('HAVE_PAM_START'):
+    bld.SAMBA_LIBRARY('pamwinbind',
+        source='../nsswitch/pam_winbind.c',
+        deps='talloc LIBWBCLIENT LIBWINBIND-CLIENT LIBINIPARSER pam',
+        cflags='-DLOCALEDIR=\"%s/locale\"' % bld.env.DATADIR,
+        realname='pam_winbind.so',
+        )
index 94525e0821e5f9c3dff163f16c6739fea64fcf3a..213e35e36e89989f24cddd7979b33ccc24be1d27 100755 (executable)
@@ -100,7 +100,7 @@ function parseOptions
 }
 
 ##
-## Build the dopcumentation (may be a no-op)
+## Build the documentation (may be a no-op)
 ##
 
 function buildDocs
index 9676b379270b1aaaf9fe51f227caf6292f339722..26879c4412b12f82989e98e87e37d1d005a0d7d5 100644 (file)
@@ -334,6 +334,9 @@ LIBNDR_NTPRINTING_OBJ = librpc/gen_ndr/ndr_ntprinting.o \
 LIBNDR_PREG_OBJ = librpc/gen_ndr/ndr_preg.o \
                  librpc/ndr/ndr_preg.o
 
+LIBNDR_XATTR_OBJ = librpc/gen_ndr/ndr_xattr.o \
+                  ../librpc/ndr/ndr_xattr.o
+
 LIBNDR_GEN_OBJ = librpc/gen_ndr/ndr_wkssvc.o \
                 $(LIBNDR_GEN_OBJ0) \
                 librpc/gen_ndr/ndr_dfs.o \
@@ -345,8 +348,7 @@ LIBNDR_GEN_OBJ = librpc/gen_ndr/ndr_wkssvc.o \
                 $(LIBNDR_NETLOGON_OBJ) \
                 librpc/gen_ndr/ndr_dssetup.o \
                 librpc/gen_ndr/ndr_notify.o \
-                librpc/gen_ndr/ndr_xattr.o \
-                ../librpc/ndr/ndr_xattr.o \
+                $(LIBNDR_XATTR_OBJ) \
                 librpc/gen_ndr/ndr_epmapper.o \
                 librpc/gen_ndr/ndr_named_pipe_auth.o \
                 librpc/gen_ndr/ndr_ntsvcs.o \
@@ -673,8 +675,10 @@ RPC_SERVER_OBJ = @RPC_STATIC@ $(RPC_PIPE_OBJ) $(NPA_TSTREAM_OBJ)
 
 RPC_PARSE_OBJ = $(RPC_PARSE_OBJ2)
 
-RPC_CLIENT_OBJ = rpc_client/cli_pipe.o rpc_client/rpc_transport_np.o \
-       rpc_client/rpc_transport_sock.o rpc_client/rpc_transport_smbd.o
+RPC_CLIENT_OBJ = rpc_client/cli_pipe.o librpc/rpc/rpc_common.o \
+                rpc_client/rpc_transport_np.o \
+                rpc_client/rpc_transport_sock.o \
+                rpc_client/rpc_transport_smbd.o
 
 LOCKING_OBJ = locking/locking.o locking/brlock.o locking/posix.o
 
@@ -1341,6 +1345,7 @@ RPC_OPEN_TCP_OBJ = torture/rpc_open_tcp.o \
                   $(KRBCLIENT_OBJ) \
                   $(RPC_PARSE_OBJ2) \
                   $(RPC_CLIENT_OBJ1) \
+                  librpc/rpc/rpc_common.o \
                   rpc_client/cli_pipe.o \
                   ../librpc/rpc/binding.o \
                   $(LIBMSRPC_GEN_OBJ)
index 4c17e4c928ba24c9525bccdb080a72504dd7f351..43119fb246c20ecde364c18b473ffe7c22717908 100644 (file)
@@ -1799,39 +1799,6 @@ fi
 
 AC_MSG_RESULT($BLDSHARED)
 
-saved_before_as_needed_ldflags="$LDFLAGS"
-for flags in "-Wl,--as-needed" "-Wl,-z,ignore" "-z ignore" ; do
-       saved_ldflags="$LDFLAGS"
-       AC_MSG_CHECKING([if $flags works])
-       LDFLAGS="$flags $saved_ldflags"
-       AC_TRY_LINK([],[],
-               [AC_MSG_RESULT([yes])
-               LD_AS_NEEDED_FLAG=$flags
-               ld_as_needed_flag_found=yes],
-               AC_MSG_RESULT([no]))
-       LDFLAGS="$LD_AS_NEEDED_FLAG $saved_ldflags"
-       test x"$ld_as_needed_flag_found" = xyes && break
-done
-
-# check if we have to disable LD_AS_NEEDED_FLAG:
-# On some systems for a veriety of reasons linking with
-# -Wl,--as-needed -lreadline -lncurses fails
-# we have to retest, if these combination is detected before.
-# Bugzilla #7209
-
-if test x$ac_cv_lib_readline_rl_callback_handler_install = xyes ; then
-       if test x$ld_as_needed_flag_found = xyes ; then
-               AC_MSG_CHECKING([if $LD_AS_NEEDED_FLAG works with readline])
-               # try if check no fails
-               save_LIBS=$LIBS
-               LIBS="$LIBS $TERMLIBS"
-               AC_TRY_LINK([], [rl_callback_handler_install();], [AC_MSG_RESULT([yes])],[ AC_MSG_RESULT([no]); LDFLAGS="$saved_before_as_needed_ldflags"])
-               LIBS="$save_LIBS"
-        fi
-fi
-
-
-
 # for historical reasons almost all linkers don't complain about unresolved
 # symbols in shared libs. Except for the internal samba modules we want to get
 # errors when we produce a shared lib with unresolved symbols. On some
@@ -6855,17 +6822,7 @@ if test -f Makefile-noincludes -a ! -f Makefile -a ! -h Makefile ; then
 fi
 ])
 
-AC_SUBST(MAKEFILE)
-if test x$samba_cv_gnu_make = xyes; then
-       MAKEFILE=Makefile
-else
-       # When we don't have GNU Make, generate a copy of Makefile.in 
-       # that doesn't have the "include " statements but just includes 
-       # the files verbatim.
-       MAKEFILE=Makefile-noincludes
-       $PERL ./script/expand-includes.pl Makefile.in > $MAKEFILE.in
-fi
-AC_OUTPUT($MAKEFILE
+AC_OUTPUT(Makefile
          script/findsmb smbadduser script/gen-8bit-gap.sh script/installbin.sh script/uninstallbin.sh
          lib/netapi/examples/Makefile
          lib/netapi/tests/Makefile
index ad16e7e52f7740a2682f1c0903320319e05c88e1..9471f63195d10498d953b31657294ce903e8af99 100644 (file)
@@ -2937,6 +2937,7 @@ NTSTATUS dcerpc_fault_to_nt_status(uint32_t fault_code);
 void dcerpc_set_frag_length(DATA_BLOB *blob, uint16_t v);
 uint16_t dcerpc_get_frag_length(const DATA_BLOB *blob);
 void dcerpc_set_auth_length(DATA_BLOB *blob, uint16_t v);
+uint8_t dcerpc_get_endian_flag(DATA_BLOB *blob);
 NTSTATUS dcerpc_pull_auth_trailer(struct ncacn_packet *pkt,
                                  TALLOC_CTX *mem_ctx,
                                  DATA_BLOB *pkt_auth_blob,
@@ -6166,6 +6167,10 @@ int sessionid_traverse_read(int (*fn)(const char *key,
 
 /* The following definitions come from smbd/sesssetup.c  */
 
+NTSTATUS do_map_to_guest(NTSTATUS status,
+               struct auth_serversupplied_info **server_info,
+               const char *user, const char *domain);
+
 NTSTATUS parse_spnego_mechanisms(DATA_BLOB blob_in,
                DATA_BLOB *pblob_out,
                char **kerb_mechOID);
index 7be8a8a6f74fd68605e56de88f6eb7af557d61ce..2cc770e11ca4e39a178439bc45d0a9ec8a956b6d 100644 (file)
@@ -22,8 +22,6 @@
 #ifndef _DCE_RPC_H /* _DCE_RPC_H */
 #define _DCE_RPC_H 
 
-#define SCHANNEL_SIG_SIZE 0x20
-
 /* Maximum size of the signing data in a fragment. */
 #define RPC_MAX_SIGN_SIZE 0x38 /* 56 */
 
index d18920ca0dba5cf58331ef91f0a8a497ca541c04..bb7bd34de8a0174824eb738ecdaf1d13f256e6bd 100644 (file)
@@ -123,7 +123,8 @@ NTSTATUS dcerpc_push_ncacn_packet(TALLOC_CTX *mem_ctx,
                                  DATA_BLOB *blob);
 NTSTATUS dcerpc_pull_ncacn_packet(TALLOC_CTX *mem_ctx,
                                  const DATA_BLOB *blob,
-                                 struct ncacn_packet *r);
+                                 struct ncacn_packet *r,
+                                 bool bigendian);
 NTSTATUS dcerpc_push_schannel_bind(TALLOC_CTX *mem_ctx,
                                   struct NL_AUTH_MESSAGE *r,
                                   DATA_BLOB *blob);
@@ -136,6 +137,7 @@ NTSTATUS dcerpc_push_dcerpc_auth(TALLOC_CTX *mem_ctx,
                                 DATA_BLOB *blob);
 NTSTATUS dcerpc_pull_dcerpc_auth(TALLOC_CTX *mem_ctx,
                                 const DATA_BLOB *blob,
-                                struct dcerpc_auth *r);
+                                struct dcerpc_auth *r,
+                                bool bigendian);
 
 #endif /* __DCERPC_H__ */
index ce48a691ac6e383cbce623b4253027d893cd6ed2..5c92a792e978f1548729e2bc5b070a2295d9521b 100644 (file)
@@ -92,15 +92,27 @@ NTSTATUS dcerpc_push_ncacn_packet(TALLOC_CTX *mem_ctx,
 */
 NTSTATUS dcerpc_pull_ncacn_packet(TALLOC_CTX *mem_ctx,
                                  const DATA_BLOB *blob,
-                                 struct ncacn_packet *r)
+                                 struct ncacn_packet *r,
+                                 bool bigendian)
 {
        enum ndr_err_code ndr_err;
+       struct ndr_pull *ndr;
+
+       ndr = ndr_pull_init_blob(blob, mem_ctx);
+       if (!ndr) {
+               return NT_STATUS_NO_MEMORY;
+       }
+       if (bigendian) {
+               ndr->flags |= LIBNDR_FLAG_BIGENDIAN;
+       }
+
+       ndr_err = ndr_pull_ncacn_packet(ndr, NDR_SCALARS|NDR_BUFFERS, r);
 
-       ndr_err = ndr_pull_struct_blob(blob, mem_ctx, r,
-               (ndr_pull_flags_fn_t)ndr_pull_ncacn_packet);
        if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+               talloc_free(ndr);
                return ndr_map_error2ntstatus(ndr_err);
        }
+       talloc_free(ndr);
 
        if (DEBUGLEVEL >= 10) {
                NDR_PRINT_DEBUG(ncacn_packet, r);
@@ -194,15 +206,27 @@ NTSTATUS dcerpc_push_dcerpc_auth(TALLOC_CTX *mem_ctx,
 */
 NTSTATUS dcerpc_pull_dcerpc_auth(TALLOC_CTX *mem_ctx,
                                 const DATA_BLOB *blob,
-                                struct dcerpc_auth *r)
+                                struct dcerpc_auth *r,
+                                bool bigendian)
 {
        enum ndr_err_code ndr_err;
+       struct ndr_pull *ndr;
+
+       ndr = ndr_pull_init_blob(blob, mem_ctx);
+       if (!ndr) {
+               return NT_STATUS_NO_MEMORY;
+       }
+       if (bigendian) {
+               ndr->flags |= LIBNDR_FLAG_BIGENDIAN;
+       }
+
+       ndr_err = ndr_pull_dcerpc_auth(ndr, NDR_SCALARS|NDR_BUFFERS, r);
 
-       ndr_err = ndr_pull_struct_blob(blob, mem_ctx, r,
-               (ndr_pull_flags_fn_t)ndr_pull_dcerpc_auth);
        if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+               talloc_free(ndr);
                return ndr_map_error2ntstatus(ndr_err);
        }
+       talloc_free(ndr);
 
        if (DEBUGLEVEL >= 10) {
                NDR_PRINT_DEBUG(dcerpc_auth, r);
diff --git a/source3/librpc/rpc/rpc_common.c b/source3/librpc/rpc/rpc_common.c
new file mode 100644 (file)
index 0000000..78b88f7
--- /dev/null
@@ -0,0 +1,238 @@
+/* 
+ *  Unix SMB/CIFS implementation.
+ *  RPC Pipe client / server routines
+ *  Largely rewritten by Jeremy Allison                    2005.
+ *  
+ *  This program is free software; you can redistribute it and/or modify
+ *  it under the terms of the GNU General Public License as published by
+ *  the Free Software Foundation; either version 3 of the License, or
+ *  (at your option) any later version.
+ *  
+ *  This program is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *  GNU General Public License for more details.
+ *  
+ *  You should have received a copy of the GNU General Public License
+ *  along with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include "includes.h"
+#include "../librpc/gen_ndr/ndr_schannel.h"
+#include "../librpc/gen_ndr/ndr_lsa.h"
+#include "../librpc/gen_ndr/ndr_dssetup.h"
+#include "../librpc/gen_ndr/ndr_samr.h"
+#include "../librpc/gen_ndr/ndr_netlogon.h"
+#include "../librpc/gen_ndr/ndr_srvsvc.h"
+#include "../librpc/gen_ndr/ndr_wkssvc.h"
+#include "../librpc/gen_ndr/ndr_winreg.h"
+#include "../librpc/gen_ndr/ndr_spoolss.h"
+#include "../librpc/gen_ndr/ndr_dfs.h"
+#include "../librpc/gen_ndr/ndr_echo.h"
+#include "../librpc/gen_ndr/ndr_initshutdown.h"
+#include "../librpc/gen_ndr/ndr_svcctl.h"
+#include "../librpc/gen_ndr/ndr_eventlog.h"
+#include "../librpc/gen_ndr/ndr_ntsvcs.h"
+#include "../librpc/gen_ndr/ndr_epmapper.h"
+#include "../librpc/gen_ndr/ndr_drsuapi.h"
+
+static const char *get_pipe_name_from_iface(
+       TALLOC_CTX *mem_ctx, const struct ndr_interface_table *interface)
+{
+       int i;
+       const struct ndr_interface_string_array *ep = interface->endpoints;
+       char *p;
+
+       for (i=0; i<ep->count; i++) {
+               if (strncmp(ep->names[i], "ncacn_np:[\\pipe\\", 16) == 0) {
+                       break;
+               }
+       }
+       if (i == ep->count) {
+               return NULL;
+       }
+
+       /*
+        * extract the pipe name without \\pipe from for example
+        * ncacn_np:[\\pipe\\epmapper]
+        */
+       p = strchr(ep->names[i]+15, ']');
+       if (p == NULL) {
+               return "PIPE";
+       }
+       return talloc_strndup(mem_ctx, ep->names[i]+15, p - ep->names[i] - 15);
+}
+
+static const struct ndr_interface_table **interfaces;
+
+bool smb_register_ndr_interface(const struct ndr_interface_table *interface)
+{
+       int num_interfaces = talloc_array_length(interfaces);
+       const struct ndr_interface_table **tmp;
+       int i;
+
+       for (i=0; i<num_interfaces; i++) {
+               if (ndr_syntax_id_equal(&interfaces[i]->syntax_id,
+                                       &interface->syntax_id)) {
+                       return true;
+               }
+       }
+
+       tmp = talloc_realloc(NULL, interfaces,
+                            const struct ndr_interface_table *,
+                            num_interfaces + 1);
+       if (tmp == NULL) {
+               DEBUG(1, ("smb_register_ndr_interface: talloc failed\n"));
+               return false;
+       }
+       interfaces = tmp;
+       interfaces[num_interfaces] = interface;
+       return true;
+}
+
+static bool initialize_interfaces(void)
+{
+       if (!smb_register_ndr_interface(&ndr_table_lsarpc)) {
+               return false;
+       }
+       if (!smb_register_ndr_interface(&ndr_table_dssetup)) {
+               return false;
+       }
+       if (!smb_register_ndr_interface(&ndr_table_samr)) {
+               return false;
+       }
+       if (!smb_register_ndr_interface(&ndr_table_netlogon)) {
+               return false;
+       }
+       if (!smb_register_ndr_interface(&ndr_table_srvsvc)) {
+               return false;
+       }
+       if (!smb_register_ndr_interface(&ndr_table_wkssvc)) {
+               return false;
+       }
+       if (!smb_register_ndr_interface(&ndr_table_winreg)) {
+               return false;
+       }
+       if (!smb_register_ndr_interface(&ndr_table_spoolss)) {
+               return false;
+       }
+       if (!smb_register_ndr_interface(&ndr_table_netdfs)) {
+               return false;
+       }
+       if (!smb_register_ndr_interface(&ndr_table_rpcecho)) {
+               return false;
+       }
+       if (!smb_register_ndr_interface(&ndr_table_initshutdown)) {
+               return false;
+       }
+       if (!smb_register_ndr_interface(&ndr_table_svcctl)) {
+               return false;
+       }
+       if (!smb_register_ndr_interface(&ndr_table_eventlog)) {
+               return false;
+       }
+       if (!smb_register_ndr_interface(&ndr_table_ntsvcs)) {
+               return false;
+       }
+       if (!smb_register_ndr_interface(&ndr_table_epmapper)) {
+               return false;
+       }
+       if (!smb_register_ndr_interface(&ndr_table_drsuapi)) {
+               return false;
+       }
+       return true;
+}
+
+const struct ndr_interface_table *get_iface_from_syntax(
+       const struct ndr_syntax_id *syntax)
+{
+       int num_interfaces;
+       int i;
+
+       if (interfaces == NULL) {
+               if (!initialize_interfaces()) {
+                       return NULL;
+               }
+       }
+       num_interfaces = talloc_array_length(interfaces);
+
+       for (i=0; i<num_interfaces; i++) {
+               if (ndr_syntax_id_equal(&interfaces[i]->syntax_id, syntax)) {
+                       return interfaces[i];
+               }
+       }
+
+       return NULL;
+}
+
+/****************************************************************************
+ Return the pipe name from the interface.
+ ****************************************************************************/
+
+const char *get_pipe_name_from_syntax(TALLOC_CTX *mem_ctx,
+                                     const struct ndr_syntax_id *syntax)
+{
+       const struct ndr_interface_table *interface;
+       char *guid_str;
+       const char *result;
+
+       interface = get_iface_from_syntax(syntax);
+       if (interface != NULL) {
+               result = get_pipe_name_from_iface(mem_ctx, interface);
+               if (result != NULL) {
+                       return result;
+               }
+       }
+
+       /*
+        * Here we should ask \\epmapper, but for now our code is only
+        * interested in the known pipes mentioned in pipe_names[]
+        */
+
+       guid_str = GUID_string(talloc_tos(), &syntax->uuid);
+       if (guid_str == NULL) {
+               return NULL;
+       }
+       result = talloc_asprintf(mem_ctx, "Interface %s.%d", guid_str,
+                                (int)syntax->if_version);
+       TALLOC_FREE(guid_str);
+
+       if (result == NULL) {
+               return "PIPE";
+       }
+       return result;
+}
+
+/********************************************************************
+ Map internal value to wire value.
+ ********************************************************************/
+
+enum dcerpc_AuthType map_pipe_auth_type_to_rpc_auth_type(enum pipe_auth_type auth_type)
+{
+       switch (auth_type) {
+
+       case PIPE_AUTH_TYPE_NONE:
+               return DCERPC_AUTH_TYPE_NONE;
+
+       case PIPE_AUTH_TYPE_NTLMSSP:
+               return DCERPC_AUTH_TYPE_NTLMSSP;
+
+       case PIPE_AUTH_TYPE_SPNEGO_NTLMSSP:
+       case PIPE_AUTH_TYPE_SPNEGO_KRB5:
+               return DCERPC_AUTH_TYPE_SPNEGO;
+
+       case PIPE_AUTH_TYPE_SCHANNEL:
+               return DCERPC_AUTH_TYPE_SCHANNEL;
+
+       case PIPE_AUTH_TYPE_KRB5:
+               return DCERPC_AUTH_TYPE_KRB5;
+
+       default:
+               DEBUG(0,("map_pipe_auth_type_to_rpc_type: unknown pipe "
+                       "auth type %u\n",
+                       (unsigned int)auth_type ));
+               break;
+       }
+       return -1;
+}
+
index b43aad2df46a2a62c91484d370c50991582ae67d..02b1394216cef6964f07e5eb8a51a28471e11f12 100644 (file)
@@ -765,10 +765,11 @@ static int aio_fork_suspend(struct vfs_handle_struct *handle,
        }
 
        if (timeout) {
-               struct timeval tv;
+               struct timeval tv = convert_timespec_to_timeval(*timeout);
                struct tevent_timer *te = tevent_add_timer(ev,
                                                frame,
-                                               timeval_current_ofs(tv.tv_sec,0),
+                                               timeval_current_ofs(tv.tv_sec,
+                                                                   tv.tv_usec),
                                                aio_fork_suspend_timed_out,
                                                &timed_out);
                if (!te) {
index c90e06095ca3f3e0e9dd4dc74786ed7ba0ed1b0a..a61200a10459c6bfcf4155d042ad1274281e2098 100644 (file)
 #include "includes.h"
 #include "librpc/gen_ndr/cli_epmapper.h"
 #include "../librpc/gen_ndr/ndr_schannel.h"
-#include "../librpc/gen_ndr/ndr_lsa.h"
 #include "../librpc/gen_ndr/ndr_dssetup.h"
-#include "../librpc/gen_ndr/ndr_samr.h"
 #include "../librpc/gen_ndr/ndr_netlogon.h"
-#include "../librpc/gen_ndr/ndr_srvsvc.h"
-#include "../librpc/gen_ndr/ndr_wkssvc.h"
-#include "../librpc/gen_ndr/ndr_winreg.h"
-#include "../librpc/gen_ndr/ndr_spoolss.h"
-#include "../librpc/gen_ndr/ndr_dfs.h"
-#include "../librpc/gen_ndr/ndr_echo.h"
-#include "../librpc/gen_ndr/ndr_initshutdown.h"
-#include "../librpc/gen_ndr/ndr_svcctl.h"
-#include "../librpc/gen_ndr/ndr_eventlog.h"
-#include "../librpc/gen_ndr/ndr_ntsvcs.h"
-#include "../librpc/gen_ndr/ndr_epmapper.h"
-#include "../librpc/gen_ndr/ndr_drsuapi.h"
 #include "../libcli/auth/schannel.h"
 #include "../libcli/auth/spnego.h"
 #include "smb_krb5.h"
 #undef DBGC_CLASS
 #define DBGC_CLASS DBGC_RPC_CLI
 
-static const char *get_pipe_name_from_iface(
-       TALLOC_CTX *mem_ctx, const struct ndr_interface_table *interface)
-{
-       int i;
-       const struct ndr_interface_string_array *ep = interface->endpoints;
-       char *p;
-
-       for (i=0; i<ep->count; i++) {
-               if (strncmp(ep->names[i], "ncacn_np:[\\pipe\\", 16) == 0) {
-                       break;
-               }
-       }
-       if (i == ep->count) {
-               return NULL;
-       }
-
-       /*
-        * extract the pipe name without \\pipe from for example
-        * ncacn_np:[\\pipe\\epmapper]
-        */
-       p = strchr(ep->names[i]+15, ']');
-       if (p == NULL) {
-               return "PIPE";
-       }
-       return talloc_strndup(mem_ctx, ep->names[i]+15, p - ep->names[i] - 15);
-}
-
-static const struct ndr_interface_table **interfaces;
-
-bool smb_register_ndr_interface(const struct ndr_interface_table *interface)
-{
-       int num_interfaces = talloc_array_length(interfaces);
-       const struct ndr_interface_table **tmp;
-       int i;
-
-       for (i=0; i<num_interfaces; i++) {
-               if (ndr_syntax_id_equal(&interfaces[i]->syntax_id,
-                                       &interface->syntax_id)) {
-                       return true;
-               }
-       }
-
-       tmp = talloc_realloc(NULL, interfaces,
-                            const struct ndr_interface_table *,
-                            num_interfaces + 1);
-       if (tmp == NULL) {
-               DEBUG(1, ("smb_register_ndr_interface: talloc failed\n"));
-               return false;
-       }
-       interfaces = tmp;
-       interfaces[num_interfaces] = interface;
-       return true;
-}
-
-static bool initialize_interfaces(void)
-{
-       if (!smb_register_ndr_interface(&ndr_table_lsarpc)) {
-               return false;
-       }
-       if (!smb_register_ndr_interface(&ndr_table_dssetup)) {
-               return false;
-       }
-       if (!smb_register_ndr_interface(&ndr_table_samr)) {
-               return false;
-       }
-       if (!smb_register_ndr_interface(&ndr_table_netlogon)) {
-               return false;
-       }
-       if (!smb_register_ndr_interface(&ndr_table_srvsvc)) {
-               return false;
-       }
-       if (!smb_register_ndr_interface(&ndr_table_wkssvc)) {
-               return false;
-       }
-       if (!smb_register_ndr_interface(&ndr_table_winreg)) {
-               return false;
-       }
-       if (!smb_register_ndr_interface(&ndr_table_spoolss)) {
-               return false;
-       }
-       if (!smb_register_ndr_interface(&ndr_table_netdfs)) {
-               return false;
-       }
-       if (!smb_register_ndr_interface(&ndr_table_rpcecho)) {
-               return false;
-       }
-       if (!smb_register_ndr_interface(&ndr_table_initshutdown)) {
-               return false;
-       }
-       if (!smb_register_ndr_interface(&ndr_table_svcctl)) {
-               return false;
-       }
-       if (!smb_register_ndr_interface(&ndr_table_eventlog)) {
-               return false;
-       }
-       if (!smb_register_ndr_interface(&ndr_table_ntsvcs)) {
-               return false;
-       }
-       if (!smb_register_ndr_interface(&ndr_table_epmapper)) {
-               return false;
-       }
-       if (!smb_register_ndr_interface(&ndr_table_drsuapi)) {
-               return false;
-       }
-       return true;
-}
-
-const struct ndr_interface_table *get_iface_from_syntax(
-       const struct ndr_syntax_id *syntax)
-{
-       int num_interfaces;
-       int i;
-
-       if (interfaces == NULL) {
-               if (!initialize_interfaces()) {
-                       return NULL;
-               }
-       }
-       num_interfaces = talloc_array_length(interfaces);
-
-       for (i=0; i<num_interfaces; i++) {
-               if (ndr_syntax_id_equal(&interfaces[i]->syntax_id, syntax)) {
-                       return interfaces[i];
-               }
-       }
-
-       return NULL;
-}
-
-/****************************************************************************
- Return the pipe name from the interface.
- ****************************************************************************/
-
-const char *get_pipe_name_from_syntax(TALLOC_CTX *mem_ctx,
-                                     const struct ndr_syntax_id *syntax)
-{
-       const struct ndr_interface_table *interface;
-       char *guid_str;
-       const char *result;
-
-       interface = get_iface_from_syntax(syntax);
-       if (interface != NULL) {
-               result = get_pipe_name_from_iface(mem_ctx, interface);
-               if (result != NULL) {
-                       return result;
-               }
-       }
-
-       /*
-        * Here we should ask \\epmapper, but for now our code is only
-        * interested in the known pipes mentioned in pipe_names[]
-        */
-
-       guid_str = GUID_string(talloc_tos(), &syntax->uuid);
-       if (guid_str == NULL) {
-               return NULL;
-       }
-       result = talloc_asprintf(mem_ctx, "Interface %s.%d", guid_str,
-                                (int)syntax->if_version);
-       TALLOC_FREE(guid_str);
-
-       if (result == NULL) {
-               return "PIPE";
-       }
-       return result;
-}
-
-/********************************************************************
- Map internal value to wire value.
- ********************************************************************/
-
-enum dcerpc_AuthType map_pipe_auth_type_to_rpc_auth_type(enum pipe_auth_type auth_type)
-{
-       switch (auth_type) {
-
-       case PIPE_AUTH_TYPE_NONE:
-               return DCERPC_AUTH_TYPE_NONE;
-
-       case PIPE_AUTH_TYPE_NTLMSSP:
-               return DCERPC_AUTH_TYPE_NTLMSSP;
-
-       case PIPE_AUTH_TYPE_SPNEGO_NTLMSSP:
-       case PIPE_AUTH_TYPE_SPNEGO_KRB5:
-               return DCERPC_AUTH_TYPE_SPNEGO;
-
-       case PIPE_AUTH_TYPE_SCHANNEL:
-               return DCERPC_AUTH_TYPE_SCHANNEL;
-
-       case PIPE_AUTH_TYPE_KRB5:
-               return DCERPC_AUTH_TYPE_KRB5;
-
-       default:
-               DEBUG(0,("map_pipe_auth_type_to_rpc_type: unknown pipe "
-                       "auth type %u\n",
-                       (unsigned int)auth_type ));
-               break;
-       }
-       return -1;
-}
-
 /********************************************************************
  Pipe description for a DEBUG
  ********************************************************************/
@@ -619,7 +405,7 @@ static NTSTATUS cli_pipe_verify_ntlmssp(struct rpc_pipe_client *cli,
                               DCERPC_AUTH_TRAILER_LENGTH
                                + pkt->auth_length);
 
-       status = dcerpc_pull_dcerpc_auth(cli, &blob, &auth_info);
+       status = dcerpc_pull_dcerpc_auth(cli, &blob, &auth_info, false);
        if (!NT_STATUS_IS_OK(status)) {
                DEBUG(0,("cli_pipe_verify_ntlmssp: failed to unmarshall dcerpc_auth.\n"));
                return status;
@@ -722,7 +508,7 @@ static NTSTATUS cli_pipe_verify_schannel(struct rpc_pipe_client *cli,
                return NT_STATUS_OK;
        }
 
-       if (pkt->auth_length < SCHANNEL_SIG_SIZE) {
+       if (pkt->auth_length < NL_AUTH_SIGNATURE_SIZE) {
                DEBUG(0, ("auth_len %u.\n", (unsigned int)pkt->auth_length));
                return NT_STATUS_INVALID_PARAMETER;
        }
@@ -749,7 +535,7 @@ static NTSTATUS cli_pipe_verify_schannel(struct rpc_pipe_client *cli,
                                + pkt->auth_length);
 
 
-       status = dcerpc_pull_dcerpc_auth(cli, &blob, &auth_info);
+       status = dcerpc_pull_dcerpc_auth(cli, &blob, &auth_info, false);
        if (!NT_STATUS_IS_OK(status)) {
                DEBUG(0,("cli_pipe_verify_ntlmssp: failed to unmarshall dcerpc_auth.\n"));
                return status;
@@ -915,7 +701,7 @@ static NTSTATUS cli_pipe_validate_current_pdu(TALLOC_CTX *mem_ctx,
        NTSTATUS ret = NT_STATUS_OK;
        uint8 ss_padding_len = 0;
 
-       ret = dcerpc_pull_ncacn_packet(cli, pdu, pkt);
+       ret = dcerpc_pull_ncacn_packet(cli, pdu, pkt, false);
        if (!NT_STATUS_IS_OK(ret)) {
                return ret;
        }
@@ -976,7 +762,9 @@ static NTSTATUS cli_pipe_validate_current_pdu(TALLOC_CTX *mem_ctx,
                }
 
                DEBUG(10, ("Got pdu len %lu, data_len %lu, ss_len %u\n",
-                          pdu->length, rdata->length, ss_padding_len));
+                          (long unsigned int)pdu->length,
+                          (long unsigned int)rdata->length,
+                          (unsigned int)ss_padding_len));
 
                /*
                 * If this is the first reply, and the allocation hint is
@@ -1991,7 +1779,7 @@ static uint32 calculate_data_len_tosend(struct rpc_pipe_client *cli,
                                        *p_auth_len = NTLMSSP_SIG_SIZE;
                                        break;
                                case PIPE_AUTH_TYPE_SCHANNEL:
-                                       *p_auth_len = SCHANNEL_SIG_SIZE;
+                                       *p_auth_len = NL_AUTH_SIGNATURE_SIZE;
                                        break;
                                default:
                                        smb_panic("bad auth type");
@@ -2612,7 +2400,7 @@ static NTSTATUS rpc_finish_auth3_bind_send(struct tevent_req *req,
 
        status = dcerpc_pull_dcerpc_auth(talloc_tos(),
                                         &r->u.bind_ack.auth_info,
-                                        &auth);
+                                        &auth, false);
        if (!NT_STATUS_IS_OK(status)) {
                DEBUG(0, ("Failed to pull dcerpc auth: %s.\n",
                          nt_errstr(status)));
@@ -2694,7 +2482,7 @@ static NTSTATUS rpc_finish_spnego_ntlmssp_bind_send(struct tevent_req *req,
                                    DCERPC_AUTH_TRAILER_LENGTH
                                        + r->auth_length);
 
-       status = dcerpc_pull_dcerpc_auth(state, &auth_blob, &auth_info);
+       status = dcerpc_pull_dcerpc_auth(state, &auth_blob, &auth_info, false);
        if (!NT_STATUS_IS_OK(status)) {
                DEBUG(0, ("Failed to unmarshall dcerpc_auth.\n"));
                return status;
@@ -2778,7 +2566,7 @@ static void rpc_bind_ntlmssp_api_done(struct tevent_req *subreq)
 
        status = dcerpc_pull_dcerpc_auth(pkt,
                                         &pkt->u.alter_resp.auth_info,
-                                        &auth);
+                                        &auth, false);
        if (!NT_STATUS_IS_OK(status)) {
                tevent_req_nterror(req, status);
                return;
index 8c92ebb059c3a54bb0c923e49e9259740e940cb7..8c1011293afb6b67e963c3b90042318fa2466e1f 100644 (file)
@@ -165,10 +165,29 @@ NTSTATUS rpccli_samr_chng_pswd_auth_crap(struct rpc_pipe_client *cli,
        init_lsa_String(&server, cli->srv_name_slash);
        init_lsa_String(&account, username);
 
-       memcpy(&new_nt_password.data, new_nt_password_blob.data, 516);
-       memcpy(&new_lm_password.data, new_lm_password_blob.data, 516);
-       memcpy(&old_nt_hash_enc.hash, old_nt_hash_enc_blob.data, 16);
-       memcpy(&old_lm_hash_enc.hash, old_lm_hash_enc_blob.data, 16);
+       if (new_nt_password_blob.length > 0) {
+               memcpy(&new_nt_password.data, new_nt_password_blob.data, 516);
+       } else {
+               ZERO_STRUCT(new_nt_password_blob);
+       }
+
+       if (new_lm_password_blob.length > 0) {
+               memcpy(&new_lm_password.data, new_lm_password_blob.data, 516);
+       } else {
+               ZERO_STRUCT(new_lm_password);
+       }
+
+       if (old_nt_hash_enc_blob.length > 0) {
+               memcpy(&old_nt_hash_enc.hash, old_nt_hash_enc_blob.data, 16);
+       } else {
+               ZERO_STRUCT(old_nt_hash_enc);
+       }
+
+       if (old_lm_hash_enc_blob.length > 0) {
+               memcpy(&old_lm_hash_enc.hash, old_lm_hash_enc_blob.data, 16);
+       } else {
+               ZERO_STRUCT(old_lm_hash_enc);
+       }
 
        result = rpccli_samr_ChangePasswordUser2(cli, mem_ctx,
                                                 &server,
diff --git a/source3/rpc_server/rpc_server.h b/source3/rpc_server/rpc_server.h
new file mode 100644 (file)
index 0000000..f212773
--- /dev/null
@@ -0,0 +1,26 @@
+/*
+ *  RPC Pipe server helper headers
+ *  Almost completely rewritten by (C) Jeremy Allison 2005 - 2010
+ *  Copyright (C) Simo Sorce <idra@samba.org> - 2010
+ *
+ *  This program is free software; you can redistribute it and/or modify
+ *  it under the terms of the GNU General Public License as published by
+ *  the Free Software Foundation; either version 3 of the License, or
+ *  (at your option) any later version.
+ *
+ *  This program is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *  GNU General Public License for more details.
+ *
+ *  You should have received a copy of the GNU General Public License
+ *  along with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+#ifndef _RPC_SERVER_H_
+#define _RPC_SERVER_H_
+
+void set_incoming_fault(pipes_struct *p);
+void process_complete_pdu(pipes_struct *p);
+
+#endif /* _PRC_SERVER_H_ */
index 6d37ec2bc2bc1342bfa0f15767d015503ce3b464..a7a5f4d6765e8d9180667ff5449b992100ad4726 100644 (file)
@@ -33,6 +33,7 @@
 #include "../libcli/auth/schannel.h"
 #include "../libcli/auth/spnego.h"
 #include "../libcli/auth/ntlmssp.h"
+#include "rpc_server.h"
 
 #undef DBGC_CLASS
 #define DBGC_CLASS DBGC_RPC_SRV
@@ -427,7 +428,7 @@ bool create_next_pdu(pipes_struct *p)
                case PIPE_AUTH_TYPE_SCHANNEL:
                        if (!create_next_packet(p, auth_type,
                                                p->auth.auth_level,
-                                               SCHANNEL_SIG_SIZE)) {
+                                               NL_AUTH_SIGNATURE_SIZE)) {
                                return false;
                        }
                        return add_schannel_auth(p);
@@ -568,7 +569,7 @@ bool api_pipe_bind_auth3(pipes_struct *p, struct ncacn_packet *pkt)
 
        status = dcerpc_pull_dcerpc_auth(pkt,
                                         &pkt->u.auth3.auth_info,
-                                        &auth_info);
+                                        &auth_info, p->endian);
        if (!NT_STATUS_IS_OK(status)) {
                DEBUG(0, ("Failed to unmarshall dcerpc_auth.\n"));
                goto err;
@@ -1303,7 +1304,7 @@ bool api_pipe_bind_req(pipes_struct *p, struct ncacn_packet *pkt)
                 */
                status = dcerpc_pull_dcerpc_auth(pkt,
                                                 &pkt->u.bind.auth_info,
-                                                &auth_info);
+                                                &auth_info, p->endian);
                if (!NT_STATUS_IS_OK(status)) {
                        DEBUG(0, ("Unable to unmarshall dcerpc_auth.\n"));
                        goto err_exit;
@@ -1524,7 +1525,7 @@ bool api_pipe_alter_context(pipes_struct *p, struct ncacn_packet *pkt)
 
                status = dcerpc_pull_dcerpc_auth(pkt,
                                                 &pkt->u.bind.auth_info,
-                                                &auth_info);
+                                                &auth_info, p->endian);
                if (!NT_STATUS_IS_OK(status)) {
                        DEBUG(0, ("Unable to unmarshall dcerpc_auth.\n"));
                        goto err_exit;
@@ -1838,3 +1839,467 @@ static bool api_rpcTNP(pipes_struct *p, struct ncacn_packet *pkt,
 
        return True;
 }
+
+/****************************************************************************
+ Initialise an outgoing packet.
+****************************************************************************/
+
+static bool pipe_init_outgoing_data(pipes_struct *p)
+{
+       output_data *o_data = &p->out_data;
+
+       /* Reset the offset counters. */
+       o_data->data_sent_length = 0;
+       o_data->current_pdu_sent = 0;
+
+       data_blob_free(&o_data->frag);
+
+       /* Free any memory in the current return data buffer. */
+       data_blob_free(&o_data->rdata);
+
+       return True;
+}
+
+/****************************************************************************
+ Sets the fault state on incoming packets.
+****************************************************************************/
+
+void set_incoming_fault(pipes_struct *p)
+{
+       data_blob_free(&p->in_data.data);
+       p->in_data.pdu_needed_len = 0;
+       p->in_data.pdu.length = 0;
+       p->fault_state = True;
+       DEBUG(10, ("set_incoming_fault: Setting fault state on pipe %s\n",
+                  get_pipe_name_from_syntax(talloc_tos(), &p->syntax)));
+}
+
+static bool dcesrv_auth_request(pipes_struct *p, struct ncacn_packet *pkt)
+{
+       NTSTATUS status;
+       size_t hdr_size = DCERPC_REQUEST_LENGTH;
+       struct dcerpc_auth auth;
+       uint32_t auth_length;
+       DATA_BLOB data;
+       DATA_BLOB full_pkt;
+
+       DEBUG(10, ("Checking request auth.\n"));
+
+       if (pkt->pfc_flags & DCERPC_PFC_FLAG_OBJECT_UUID) {
+               hdr_size += 16;
+       }
+
+       switch (p->auth.auth_level) {
+       case DCERPC_AUTH_LEVEL_PRIVACY:
+               DEBUG(10, ("Requested Privacy.\n"));
+               break;
+
+       case DCERPC_AUTH_LEVEL_INTEGRITY:
+               DEBUG(10, ("Requested Integrity.\n"));
+               break;
+
+       case DCERPC_AUTH_LEVEL_CONNECT:
+               if (pkt->auth_length != 0) {
+                       break;
+               }
+               return true;
+       case DCERPC_AUTH_LEVEL_NONE:
+               if (pkt->auth_length != 0) {
+                       return false;
+               }
+               return true;
+
+       default:
+               return false;
+       }
+
+       status = dcerpc_pull_auth_trailer(pkt, pkt,
+                                         &pkt->u.request.stub_and_verifier,
+                                         &auth, &auth_length, false);
+       if (!NT_STATUS_IS_OK(status)) {
+               return false;
+       }
+
+       pkt->u.request.stub_and_verifier.length -= auth_length;
+
+       data.data = p->in_data.pdu.data + hdr_size;
+       data.length = pkt->u.request.stub_and_verifier.length;
+       full_pkt.data = p->in_data.pdu.data;
+       full_pkt.length = p->in_data.pdu.length - auth.credentials.length;
+
+       switch (p->auth.auth_type) {
+       case PIPE_AUTH_TYPE_NONE:
+               return true;
+
+       case PIPE_AUTH_TYPE_SPNEGO_NTLMSSP:
+       case PIPE_AUTH_TYPE_NTLMSSP:
+
+               DEBUG(10, ("NTLMSSP auth\n"));
+
+               if (!p->auth.a_u.auth_ntlmssp_state) {
+                       DEBUG(0, ("Invalid auth level, "
+                                 "failed to process packet auth.\n"));
+                       return false;
+               }
+
+               switch (p->auth.auth_level) {
+               case DCERPC_AUTH_LEVEL_PRIVACY:
+                       status = auth_ntlmssp_unseal_packet(
+                                       p->auth.a_u.auth_ntlmssp_state,
+                                       data.data, data.length,
+                                       full_pkt.data, full_pkt.length,
+                                       &auth.credentials);
+                       if (!NT_STATUS_IS_OK(status)) {
+                               return false;
+                       }
+                       memcpy(pkt->u.request.stub_and_verifier.data,
+                               data.data, data.length);
+                       break;
+
+               case DCERPC_AUTH_LEVEL_INTEGRITY:
+                       status = auth_ntlmssp_check_packet(
+                                       p->auth.a_u.auth_ntlmssp_state,
+                                       data.data, data.length,
+                                       full_pkt.data, full_pkt.length,
+                                       &auth.credentials);
+                       if (!NT_STATUS_IS_OK(status)) {
+                               return false;
+                       }
+                       break;
+
+               default:
+                       DEBUG(0, ("Invalid auth level, "
+                                 "failed to process packet auth.\n"));
+                       return false;
+               }
+               break;
+
+       case PIPE_AUTH_TYPE_SCHANNEL:
+
+               DEBUG(10, ("SCHANNEL auth\n"));
+
+               switch (p->auth.auth_level) {
+               case DCERPC_AUTH_LEVEL_PRIVACY:
+                       status = netsec_incoming_packet(
+                                       p->auth.a_u.schannel_auth,
+                                       pkt, true,
+                                       data.data, data.length,
+                                       &auth.credentials);
+                       if (!NT_STATUS_IS_OK(status)) {
+                               return false;
+                       }
+                       memcpy(pkt->u.request.stub_and_verifier.data,
+                               data.data, data.length);
+                       break;
+
+               case DCERPC_AUTH_LEVEL_INTEGRITY:
+                       status = netsec_incoming_packet(
+                                       p->auth.a_u.schannel_auth,
+                                       pkt, false,
+                                       data.data, data.length,
+                                       &auth.credentials);
+                       if (!NT_STATUS_IS_OK(status)) {
+                               return false;
+                       }
+                       break;
+
+               default:
+                       DEBUG(0, ("Invalid auth level, "
+                                 "failed to process packet auth.\n"));
+                       return false;
+               }
+               break;
+
+       default:
+               DEBUG(0, ("process_request_pdu: "
+                         "unknown auth type %u set.\n",
+                         (unsigned int)p->auth.auth_type));
+               set_incoming_fault(p);
+               return false;
+       }
+
+       /* remove the indicated amount of padding */
+       if (pkt->u.request.stub_and_verifier.length < auth.auth_pad_length) {
+               return false;
+       }
+       pkt->u.request.stub_and_verifier.length -= auth.auth_pad_length;
+
+       return true;
+}
+
+/****************************************************************************
+ Processes a request pdu. This will do auth processing if needed, and
+ appends the data into the complete stream if the LAST flag is not set.
+****************************************************************************/
+
+static bool process_request_pdu(pipes_struct *p, struct ncacn_packet *pkt)
+{
+       DATA_BLOB data;
+
+       if (!p->pipe_bound) {
+               DEBUG(0,("process_request_pdu: rpc request with no bind.\n"));
+               set_incoming_fault(p);
+               return False;
+       }
+
+       /* Store the opnum */
+       p->opnum = pkt->u.request.opnum;
+
+       if (!dcesrv_auth_request(p, pkt)) {
+               DEBUG(0,("Failed to check packet auth.\n"));
+               set_incoming_fault(p);
+               return false;
+       }
+
+       data = pkt->u.request.stub_and_verifier;
+
+       /*
+        * Check the data length doesn't go over the 15Mb limit.
+        * increased after observing a bug in the Windows NT 4.0 SP6a
+        * spoolsv.exe when the response to a GETPRINTERDRIVER2 RPC
+        * will not fit in the initial buffer of size 0x1068   --jerry 22/01/2002
+        */
+
+       if (p->in_data.data.length + data.length > MAX_RPC_DATA_SIZE) {
+               DEBUG(0, ("process_request_pdu: "
+                         "rpc data buffer too large (%u) + (%u)\n",
+                         (unsigned int)p->in_data.data.length,
+                         (unsigned int)data.length));
+               set_incoming_fault(p);
+               return False;
+       }
+
+       /*
+        * Append the data portion into the buffer and return.
+        */
+
+       if (data.length) {
+               if (!data_blob_append(p->mem_ctx, &p->in_data.data,
+                                         data.data, data.length)) {
+                       DEBUG(0, ("Unable to append data size %u "
+                                 "to parse buffer of size %u.\n",
+                                 (unsigned int)data.length,
+                                 (unsigned int)p->in_data.data.length));
+                       set_incoming_fault(p);
+                       return False;
+               }
+       }
+
+       if (pkt->pfc_flags & DCERPC_PFC_FLAG_LAST) {
+               bool ret = False;
+               /*
+                * Ok - we finally have a complete RPC stream.
+                * Call the rpc command to process it.
+                */
+
+               /*
+                * Process the complete data stream here.
+                */
+               if (pipe_init_outgoing_data(p)) {
+                       ret = api_pipe_request(p, pkt);
+               }
+
+               return ret;
+       }
+
+       return True;
+}
+
+/****************************************************************************
+ Processes a finished PDU stored in p->in_data.pdu.
+****************************************************************************/
+
+void process_complete_pdu(pipes_struct *p)
+{
+       struct ncacn_packet *pkt = NULL;
+       NTSTATUS status;
+       bool reply = False;
+
+       if(p->fault_state) {
+               DEBUG(10,("process_complete_pdu: pipe %s in fault state.\n",
+                         get_pipe_name_from_syntax(talloc_tos(), &p->syntax)));
+               goto done;
+       }
+
+       pkt = talloc(p->mem_ctx, struct ncacn_packet);
+       if (!pkt) {
+               DEBUG(0, ("Out of memory!\n"));
+               goto done;
+       }
+
+       /*
+        * Ensure we're using the corrent endianness for both the
+        * RPC header flags and the raw data we will be reading from.
+        */
+       if (dcerpc_get_endian_flag(&p->in_data.pdu) & DCERPC_DREP_LE) {
+               p->endian = RPC_LITTLE_ENDIAN;
+       } else {
+               p->endian = RPC_BIG_ENDIAN;
+       }
+       DEBUG(10, ("PDU is in %s Endian format!\n", p->endian?"Big":"Little"));
+
+       status = dcerpc_pull_ncacn_packet(pkt, &p->in_data.pdu,
+                                         pkt, p->endian);
+       if (!NT_STATUS_IS_OK(status)) {
+               DEBUG(0, ("Failed to unmarshal rpc packet: %s!\n",
+                         nt_errstr(status)));
+               goto done;
+       }
+
+       /* Store the call_id */
+       p->call_id = pkt->call_id;
+
+       DEBUG(10, ("Processing packet type %d\n", (int)pkt->ptype));
+
+       switch (pkt->ptype) {
+       case DCERPC_PKT_REQUEST:
+               reply = process_request_pdu(p, pkt);
+               break;
+
+       case DCERPC_PKT_PING: /* CL request - ignore... */
+               DEBUG(0, ("process_complete_pdu: Error. "
+                         "Connectionless packet type %d received on "
+                         "pipe %s.\n", (int)pkt->ptype,
+                        get_pipe_name_from_syntax(talloc_tos(),
+                                                  &p->syntax)));
+               break;
+
+       case DCERPC_PKT_RESPONSE: /* No responses here. */
+               DEBUG(0, ("process_complete_pdu: Error. "
+                         "DCERPC_PKT_RESPONSE received from client "
+                         "on pipe %s.\n",
+                        get_pipe_name_from_syntax(talloc_tos(),
+                                                  &p->syntax)));
+               break;
+
+       case DCERPC_PKT_FAULT:
+       case DCERPC_PKT_WORKING:
+               /* CL request - reply to a ping when a call in process. */
+       case DCERPC_PKT_NOCALL:
+               /* CL - server reply to a ping call. */
+       case DCERPC_PKT_REJECT:
+       case DCERPC_PKT_ACK:
+       case DCERPC_PKT_CL_CANCEL:
+       case DCERPC_PKT_FACK:
+       case DCERPC_PKT_CANCEL_ACK:
+               DEBUG(0, ("process_complete_pdu: Error. "
+                         "Connectionless packet type %u received on "
+                         "pipe %s.\n", (unsigned int)pkt->ptype,
+                        get_pipe_name_from_syntax(talloc_tos(),
+                                                  &p->syntax)));
+               break;
+
+       case DCERPC_PKT_BIND:
+               /*
+                * We assume that a pipe bind is only in one pdu.
+                */
+               if (pipe_init_outgoing_data(p)) {
+                       reply = api_pipe_bind_req(p, pkt);
+               }
+               break;
+
+       case DCERPC_PKT_BIND_ACK:
+       case DCERPC_PKT_BIND_NAK:
+               DEBUG(0, ("process_complete_pdu: Error. "
+                         "DCERPC_PKT_BINDACK/DCERPC_PKT_BINDNACK "
+                         "packet type %u received on pipe %s.\n",
+                         (unsigned int)pkt->ptype,
+                        get_pipe_name_from_syntax(talloc_tos(),
+                                                  &p->syntax)));
+               break;
+
+
+       case DCERPC_PKT_ALTER:
+               /*
+                * We assume that a pipe bind is only in one pdu.
+                */
+               if (pipe_init_outgoing_data(p)) {
+                       reply = api_pipe_alter_context(p, pkt);
+               }
+               break;
+
+       case DCERPC_PKT_ALTER_RESP:
+               DEBUG(0, ("process_complete_pdu: Error. "
+                         "DCERPC_PKT_ALTER_RESP on pipe %s: "
+                         "Should only be server -> client.\n",
+                        get_pipe_name_from_syntax(talloc_tos(),
+                                                  &p->syntax)));
+               break;
+
+       case DCERPC_PKT_AUTH3:
+               /*
+                * The third packet in an NTLMSSP auth exchange.
+                */
+               if (pipe_init_outgoing_data(p)) {
+                       reply = api_pipe_bind_auth3(p, pkt);
+               }
+               break;
+
+       case DCERPC_PKT_SHUTDOWN:
+               DEBUG(0, ("process_complete_pdu: Error. "
+                         "DCERPC_PKT_SHUTDOWN on pipe %s: "
+                         "Should only be server -> client.\n",
+                        get_pipe_name_from_syntax(talloc_tos(),
+                                                  &p->syntax)));
+               break;
+
+       case DCERPC_PKT_CO_CANCEL:
+               /* For now just free all client data and continue
+                * processing. */
+               DEBUG(3,("process_complete_pdu: DCERPC_PKT_CO_CANCEL."
+                        " Abandoning rpc call.\n"));
+               /* As we never do asynchronous RPC serving, we can
+                * never cancel a call (as far as I know).
+                * If we ever did we'd have to send a cancel_ack reply.
+                * For now, just free all client data and continue
+                * processing. */
+               reply = True;
+               break;
+
+#if 0
+               /* Enable this if we're doing async rpc. */
+               /* We must check the outstanding callid matches. */
+               if (pipe_init_outgoing_data(p)) {
+                       /* Send a cancel_ack PDU reply. */
+                       /* We should probably check the auth-verifier here. */
+                       reply = setup_cancel_ack_reply(p, pkt);
+               }
+               break;
+#endif
+
+       case DCERPC_PKT_ORPHANED:
+               /* We should probably check the auth-verifier here.
+                * For now just free all client data and continue
+                * processing. */
+               DEBUG(3, ("process_complete_pdu: DCERPC_PKT_ORPHANED."
+                         " Abandoning rpc call.\n"));
+               reply = True;
+               break;
+
+       default:
+               DEBUG(0, ("process_complete_pdu: "
+                         "Unknown rpc type = %u received.\n",
+                         (unsigned int)pkt->ptype));
+               break;
+       }
+
+done:
+       if (!reply) {
+               DEBUG(3,("process_complete_pdu: DCE/RPC fault sent on "
+                        "pipe %s\n", get_pipe_name_from_syntax(talloc_tos(),
+                                                               &p->syntax)));
+               set_incoming_fault(p);
+               setup_fault_pdu(p, NT_STATUS(DCERPC_FAULT_OP_RNG_ERROR));
+               TALLOC_FREE(pkt);
+       } else {
+               /*
+                * Reset the lengths. We're ready for a new pdu.
+                */
+               TALLOC_FREE(p->in_data.pdu.data);
+               p->in_data.pdu_needed_len = 0;
+               p->in_data.pdu.length = 0;
+       }
+
+       TALLOC_FREE(pkt);
+}
+
index 3055e1a29c966b13779b16aeba4a334304803e53..7c4895fe7c7d20bcdae54d7d34976c3d4371066d 100644 (file)
 #include "../librpc/gen_ndr/srv_spoolss.h"
 #include "librpc/gen_ndr/ndr_named_pipe_auth.h"
 #include "../libcli/named_pipe_auth/npa_tstream.h"
-#include "../libcli/auth/schannel.h"
-#include "../libcli/auth/spnego.h"
-#include "../libcli/auth/ntlmssp.h"
+#include "rpc_server.h"
 
 #undef DBGC_CLASS
 #define DBGC_CLASS DBGC_RPC_SRV
 
-/****************************************************************************
- Initialise an outgoing packet.
-****************************************************************************/
-
-static bool pipe_init_outgoing_data(pipes_struct *p)
-{
-       output_data *o_data = &p->out_data;
-
-       /* Reset the offset counters. */
-       o_data->data_sent_length = 0;
-       o_data->current_pdu_sent = 0;
-
-       data_blob_free(&o_data->frag);
-
-       /* Free any memory in the current return data buffer. */
-       data_blob_free(&o_data->rdata);
-
-       return True;
-}
-
-/****************************************************************************
- Sets the fault state on incoming packets.
-****************************************************************************/
-
-static void set_incoming_fault(pipes_struct *p)
-{
-       data_blob_free(&p->in_data.data);
-       p->in_data.pdu_needed_len = 0;
-       p->in_data.pdu.length = 0;
-       p->fault_state = True;
-       DEBUG(10, ("set_incoming_fault: Setting fault state on pipe %s\n",
-                  get_pipe_name_from_syntax(talloc_tos(), &p->syntax)));
-}
-
 /****************************************************************************
  Ensures we have at least RPC_HEADER_LEN amount of data in the incoming buffer.
 ****************************************************************************/
@@ -153,433 +117,6 @@ static void free_pipe_context(pipes_struct *p)
        talloc_free_children(p->mem_ctx);
 }
 
-/****************************************************************************
- Processes a request pdu. This will do auth processing if needed, and
- appends the data into the complete stream if the LAST flag is not set.
-****************************************************************************/
-
-static bool dcesrv_auth_request(pipes_struct *p, struct ncacn_packet *pkt)
-{
-       NTSTATUS status;
-       size_t hdr_size = DCERPC_REQUEST_LENGTH;
-       struct dcerpc_auth auth;
-       uint32_t auth_length;
-       DATA_BLOB data;
-       DATA_BLOB full_pkt;
-
-       DEBUG(10, ("Checking request auth.\n"));
-
-       if (pkt->pfc_flags & DCERPC_PFC_FLAG_OBJECT_UUID) {
-               hdr_size += 16;
-       }
-
-       switch (p->auth.auth_level) {
-       case DCERPC_AUTH_LEVEL_PRIVACY:
-               DEBUG(10, ("Requested Privacy.\n"));
-               break;
-
-       case DCERPC_AUTH_LEVEL_INTEGRITY:
-               DEBUG(10, ("Requested Integrity.\n"));
-               break;
-
-       case DCERPC_AUTH_LEVEL_CONNECT:
-               if (pkt->auth_length != 0) {
-                       break;
-               }
-               return true;
-       case DCERPC_AUTH_LEVEL_NONE:
-               if (pkt->auth_length != 0) {
-                       return false;
-               }
-               return true;
-
-       default:
-               return false;
-       }
-
-       status = dcerpc_pull_auth_trailer(pkt, pkt,
-                                         &pkt->u.request.stub_and_verifier,
-                                         &auth, &auth_length, false);
-       if (!NT_STATUS_IS_OK(status)) {
-               return false;
-       }
-
-       pkt->u.request.stub_and_verifier.length -= auth_length;
-
-       data.data = p->in_data.pdu.data + hdr_size;
-       data.length = pkt->u.request.stub_and_verifier.length;
-       full_pkt.data = p->in_data.pdu.data;
-       full_pkt.length = p->in_data.pdu.length - auth.credentials.length;
-
-       switch (p->auth.auth_type) {
-       case PIPE_AUTH_TYPE_NONE:
-               return true;
-
-       case PIPE_AUTH_TYPE_SPNEGO_NTLMSSP:
-       case PIPE_AUTH_TYPE_NTLMSSP:
-
-               DEBUG(10, ("NTLMSSP auth\n"));
-
-               if (!p->auth.a_u.auth_ntlmssp_state) {
-                       DEBUG(0, ("Invalid auth level, "
-                                 "failed to process packet auth.\n"));
-                       return false;
-               }
-
-               switch (p->auth.auth_level) {
-               case DCERPC_AUTH_LEVEL_PRIVACY:
-                       status = auth_ntlmssp_unseal_packet(
-                                       p->auth.a_u.auth_ntlmssp_state,
-                                       data.data, data.length,
-                                       full_pkt.data, full_pkt.length,
-                                       &auth.credentials);
-                       if (!NT_STATUS_IS_OK(status)) {
-                               return false;
-                       }
-                       memcpy(pkt->u.request.stub_and_verifier.data,
-                               data.data, data.length);
-                       break;
-
-               case DCERPC_AUTH_LEVEL_INTEGRITY:
-                       status = auth_ntlmssp_check_packet(
-                                       p->auth.a_u.auth_ntlmssp_state,
-                                       data.data, data.length,
-                                       full_pkt.data, full_pkt.length,
-                                       &auth.credentials);
-                       if (!NT_STATUS_IS_OK(status)) {
-                               return false;
-                       }
-                       break;
-
-               default:
-                       DEBUG(0, ("Invalid auth level, "
-                                 "failed to process packet auth.\n"));
-                       return false;
-               }
-               break;
-
-       case PIPE_AUTH_TYPE_SCHANNEL:
-
-               DEBUG(10, ("SCHANNEL auth\n"));
-
-               switch (p->auth.auth_level) {
-               case DCERPC_AUTH_LEVEL_PRIVACY:
-                       status = netsec_incoming_packet(
-                                       p->auth.a_u.schannel_auth,
-                                       pkt, true,
-                                       data.data, data.length,
-                                       &auth.credentials);
-                       if (!NT_STATUS_IS_OK(status)) {
-                               return false;
-                       }
-                       memcpy(pkt->u.request.stub_and_verifier.data,
-                               data.data, data.length);
-                       break;
-
-               case DCERPC_AUTH_LEVEL_INTEGRITY:
-                       status = netsec_incoming_packet(
-                                       p->auth.a_u.schannel_auth,
-                                       pkt, false,
-                                       data.data, data.length,
-                                       &auth.credentials);
-                       if (!NT_STATUS_IS_OK(status)) {
-                               return false;
-                       }
-                       break;
-
-               default:
-                       DEBUG(0, ("Invalid auth level, "
-                                 "failed to process packet auth.\n"));
-                       return false;
-               }
-               break;
-
-       default:
-               DEBUG(0, ("process_request_pdu: "
-                         "unknown auth type %u set.\n",
-                         (unsigned int)p->auth.auth_type));
-               set_incoming_fault(p);
-               return false;
-       }
-
-       /* remove the indicated amount of padding */
-       if (pkt->u.request.stub_and_verifier.length < auth.auth_pad_length) {
-               return false;
-       }
-       pkt->u.request.stub_and_verifier.length -= auth.auth_pad_length;
-
-       return true;
-}
-
-static bool process_request_pdu(pipes_struct *p, struct ncacn_packet *pkt)
-{
-       DATA_BLOB data;
-
-       if (!p->pipe_bound) {
-               DEBUG(0,("process_request_pdu: rpc request with no bind.\n"));
-               set_incoming_fault(p);
-               return False;
-       }
-
-       /* Store the opnum */
-       p->opnum = pkt->u.request.opnum;
-
-       if (!dcesrv_auth_request(p, pkt)) {
-               DEBUG(0,("Failed to check packet auth.\n"));
-               set_incoming_fault(p);
-               return false;
-       }
-
-       data = pkt->u.request.stub_and_verifier;
-
-       /*
-        * Check the data length doesn't go over the 15Mb limit.
-        * increased after observing a bug in the Windows NT 4.0 SP6a
-        * spoolsv.exe when the response to a GETPRINTERDRIVER2 RPC
-        * will not fit in the initial buffer of size 0x1068   --jerry 22/01/2002
-        */
-
-       if (p->in_data.data.length + data.length > MAX_RPC_DATA_SIZE) {
-               DEBUG(0, ("process_request_pdu: "
-                         "rpc data buffer too large (%u) + (%u)\n",
-                         (unsigned int)p->in_data.data.length,
-                         (unsigned int)data.length));
-               set_incoming_fault(p);
-               return False;
-       }
-
-       /*
-        * Append the data portion into the buffer and return.
-        */
-
-       if (data.length) {
-               if (!data_blob_append(p->mem_ctx, &p->in_data.data,
-                                         data.data, data.length)) {
-                       DEBUG(0, ("Unable to append data size %u "
-                                 "to parse buffer of size %u.\n",
-                                 (unsigned int)data.length,
-                                 (unsigned int)p->in_data.data.length));
-                       set_incoming_fault(p);
-                       return False;
-               }
-       }
-
-       if (pkt->pfc_flags & DCERPC_PFC_FLAG_LAST) {
-               bool ret = False;
-               /*
-                * Ok - we finally have a complete RPC stream.
-                * Call the rpc command to process it.
-                */
-
-               /*
-                * Process the complete data stream here.
-                */
-               if (pipe_init_outgoing_data(p)) {
-                       ret = api_pipe_request(p, pkt);
-               }
-
-               return ret;
-       }
-
-       return True;
-}
-
-/****************************************************************************
- Processes a finished PDU stored in p->in_data.pdu.
-****************************************************************************/
-
-static void process_complete_pdu(pipes_struct *p)
-{
-       struct ncacn_packet *pkt = NULL;
-       NTSTATUS status;
-       bool reply = False;
-
-       if(p->fault_state) {
-               DEBUG(10,("process_complete_pdu: pipe %s in fault state.\n",
-                         get_pipe_name_from_syntax(talloc_tos(), &p->syntax)));
-               goto done;
-       }
-
-       pkt = talloc(p->mem_ctx, struct ncacn_packet);
-       if (!pkt) {
-               DEBUG(0, ("Out of memory!\n"));
-               goto done;
-       }
-
-       status = dcerpc_pull_ncacn_packet(pkt, &p->in_data.pdu, pkt);
-       if (!NT_STATUS_IS_OK(status)) {
-               DEBUG(0, ("Failed to unmarshal rpc packet: %s!\n",
-                         nt_errstr(status)));
-               goto done;
-       }
-
-       /* Store the call_id */
-       p->call_id = pkt->call_id;
-
-       /*
-        * Ensure we're using the corrent endianness for both the
-        * RPC header flags and the raw data we will be reading from.
-        */
-       if (pkt->drep[0] == DCERPC_DREP_LE) {
-               p->endian = RPC_LITTLE_ENDIAN;
-       } else {
-               p->endian = RPC_BIG_ENDIAN;
-       }
-
-       DEBUG(10, ("Processing packet type %d\n", (int)pkt->ptype));
-
-       switch (pkt->ptype) {
-       case DCERPC_PKT_REQUEST:
-               reply = process_request_pdu(p, pkt);
-               break;
-
-       case DCERPC_PKT_PING: /* CL request - ignore... */
-               DEBUG(0, ("process_complete_pdu: Error. "
-                         "Connectionless packet type %d received on "
-                         "pipe %s.\n", (int)pkt->ptype,
-                        get_pipe_name_from_syntax(talloc_tos(),
-                                                  &p->syntax)));
-               break;
-
-       case DCERPC_PKT_RESPONSE: /* No responses here. */
-               DEBUG(0, ("process_complete_pdu: Error. "
-                         "DCERPC_PKT_RESPONSE received from client "
-                         "on pipe %s.\n",
-                        get_pipe_name_from_syntax(talloc_tos(),
-                                                  &p->syntax)));
-               break;
-
-       case DCERPC_PKT_FAULT:
-       case DCERPC_PKT_WORKING:
-               /* CL request - reply to a ping when a call in process. */
-       case DCERPC_PKT_NOCALL:
-               /* CL - server reply to a ping call. */
-       case DCERPC_PKT_REJECT:
-       case DCERPC_PKT_ACK:
-       case DCERPC_PKT_CL_CANCEL:
-       case DCERPC_PKT_FACK:
-       case DCERPC_PKT_CANCEL_ACK:
-               DEBUG(0, ("process_complete_pdu: Error. "
-                         "Connectionless packet type %u received on "
-                         "pipe %s.\n", (unsigned int)pkt->ptype,
-                        get_pipe_name_from_syntax(talloc_tos(),
-                                                  &p->syntax)));
-               break;
-
-       case DCERPC_PKT_BIND:
-               /*
-                * We assume that a pipe bind is only in one pdu.
-                */
-               if (pipe_init_outgoing_data(p)) {
-                       reply = api_pipe_bind_req(p, pkt);
-               }
-               break;
-
-       case DCERPC_PKT_BIND_ACK:
-       case DCERPC_PKT_BIND_NAK:
-               DEBUG(0, ("process_complete_pdu: Error. "
-                         "DCERPC_PKT_BINDACK/DCERPC_PKT_BINDNACK "
-                         "packet type %u received on pipe %s.\n",
-                         (unsigned int)pkt->ptype,
-                        get_pipe_name_from_syntax(talloc_tos(),
-                                                  &p->syntax)));
-               break;
-
-
-       case DCERPC_PKT_ALTER:
-               /*
-                * We assume that a pipe bind is only in one pdu.
-                */
-               if (pipe_init_outgoing_data(p)) {
-                       reply = api_pipe_alter_context(p, pkt);
-               }
-               break;
-
-       case DCERPC_PKT_ALTER_RESP:
-               DEBUG(0, ("process_complete_pdu: Error. "
-                         "DCERPC_PKT_ALTER_RESP on pipe %s: "
-                         "Should only be server -> client.\n",
-                        get_pipe_name_from_syntax(talloc_tos(),
-                                                  &p->syntax)));
-               break;
-
-       case DCERPC_PKT_AUTH3:
-               /*
-                * The third packet in an NTLMSSP auth exchange.
-                */
-               if (pipe_init_outgoing_data(p)) {
-                       reply = api_pipe_bind_auth3(p, pkt);
-               }
-               break;
-
-       case DCERPC_PKT_SHUTDOWN:
-               DEBUG(0, ("process_complete_pdu: Error. "
-                         "DCERPC_PKT_SHUTDOWN on pipe %s: "
-                         "Should only be server -> client.\n",
-                        get_pipe_name_from_syntax(talloc_tos(),
-                                                  &p->syntax)));
-               break;
-
-       case DCERPC_PKT_CO_CANCEL:
-               /* For now just free all client data and continue
-                * processing. */
-               DEBUG(3,("process_complete_pdu: DCERPC_PKT_CO_CANCEL."
-                        " Abandoning rpc call.\n"));
-               /* As we never do asynchronous RPC serving, we can
-                * never cancel a call (as far as I know).
-                * If we ever did we'd have to send a cancel_ack reply.
-                * For now, just free all client data and continue
-                * processing. */
-               reply = True;
-               break;
-
-#if 0
-               /* Enable this if we're doing async rpc. */
-               /* We must check the outstanding callid matches. */
-               if (pipe_init_outgoing_data(p)) {
-                       /* Send a cancel_ack PDU reply. */
-                       /* We should probably check the auth-verifier here. */
-                       reply = setup_cancel_ack_reply(p, pkt);
-               }
-               break;
-#endif
-
-       case DCERPC_PKT_ORPHANED:
-               /* We should probably check the auth-verifier here.
-                * For now just free all client data and continue
-                * processing. */
-               DEBUG(3, ("process_complete_pdu: DCERPC_PKT_ORPHANED."
-                         " Abandoning rpc call.\n"));
-               reply = True;
-               break;
-
-       default:
-               DEBUG(0, ("process_complete_pdu: "
-                         "Unknown rpc type = %u received.\n",
-                         (unsigned int)pkt->ptype));
-               break;
-       }
-
-done:
-       if (!reply) {
-               DEBUG(3,("process_complete_pdu: DCE/RPC fault sent on "
-                        "pipe %s\n", get_pipe_name_from_syntax(talloc_tos(),
-                                                               &p->syntax)));
-               set_incoming_fault(p);
-               setup_fault_pdu(p, NT_STATUS(DCERPC_FAULT_OP_RNG_ERROR));
-               TALLOC_FREE(pkt);
-       } else {
-               /*
-                * Reset the lengths. We're ready for a new pdu.
-                */
-               TALLOC_FREE(p->in_data.pdu.data);
-               p->in_data.pdu_needed_len = 0;
-               p->in_data.pdu.length = 0;
-       }
-
-       TALLOC_FREE(pkt);
-}
-
 /****************************************************************************
  Accepts incoming data on an rpc pipe. Processes the data in pdu sized units.
 ****************************************************************************/
index a5a0e44738d4f54ee1217bfdaddf674c36d41e93..dbce120dc60c0dc17bad919ca90898674fea3583 100644 (file)
@@ -67,11 +67,17 @@ static void smbd_aio_signal_handler(struct tevent_context *ev_ctx,
 }
 
 
-static void initialize_async_io_handler(void)
+static bool initialize_async_io_handler(void)
 {
+       static bool tried_signal_setup = false;
+
        if (aio_signal_event) {
-               return;
+               return true;
+       }
+       if (tried_signal_setup) {
+               return false;
        }
+       tried_signal_setup = true;
 
        aio_signal_event = tevent_add_signal(smbd_event_context(),
                                             smbd_event_context(),
@@ -79,7 +85,8 @@ static void initialize_async_io_handler(void)
                                             smbd_aio_signal_handler,
                                             NULL);
        if (!aio_signal_event) {
-               exit_server("Failed to setup RT_SIGNAL_AIO handler");
+               DEBUG(10, ("Failed to setup RT_SIGNAL_AIO handler\n"));
+               return false;
        }
 
        /* tevent supports 100 signal with SA_SIGINFO */
@@ -145,7 +152,9 @@ NTSTATUS schedule_aio_read_and_X(connection_struct *conn,
        int ret;
 
        /* Ensure aio is initialized. */
-       initialize_async_io_handler();
+       if (!initialize_async_io_handler()) {
+               return NT_STATUS_RETRY;
+       }
 
        if (fsp->base_fsp != NULL) {
                /* No AIO on streams yet */
@@ -250,7 +259,9 @@ NTSTATUS schedule_aio_write_and_X(connection_struct *conn,
        int ret;
 
        /* Ensure aio is initialized. */
-       initialize_async_io_handler();
+       if (!initialize_async_io_handler()) {
+               return NT_STATUS_RETRY;
+       }
 
        if (fsp->base_fsp != NULL) {
                /* No AIO on streams yet */
@@ -382,7 +393,9 @@ NTSTATUS schedule_smb2_aio_read(connection_struct *conn,
        int ret;
 
        /* Ensure aio is initialized. */
-       initialize_async_io_handler();
+       if (!initialize_async_io_handler()) {
+               return NT_STATUS_RETRY;
+       }
 
        if (fsp->base_fsp != NULL) {
                /* No AIO on streams yet */
@@ -478,7 +491,9 @@ NTSTATUS schedule_aio_smb2_write(connection_struct *conn,
        int ret;
 
        /* Ensure aio is initialized. */
-       initialize_async_io_handler();
+       if (!initialize_async_io_handler()) {
+               return NT_STATUS_RETRY;
+       }
 
        if (fsp->base_fsp != NULL) {
                /* No AIO on streams yet */
index 80a5239de31c486727ea032a954100f1c1eb61b0..52fcd282a66e5e08ac3dd46e8afafc453d6f83c7 100644 (file)
@@ -41,10 +41,13 @@ struct pending_auth_data {
   on a logon error possibly map the error to success if "map to guest"
   is set approriately
 */
-static NTSTATUS do_map_to_guest(NTSTATUS status,
-                               struct auth_serversupplied_info **server_info,
-                               const char *user, const char *domain)
+NTSTATUS do_map_to_guest(NTSTATUS status,
+                       struct auth_serversupplied_info **server_info,
+                       const char *user, const char *domain)
 {
+       user = user ? user : "";
+       domain = domain ? domain : "";
+
        if (NT_STATUS_EQUAL(status, NT_STATUS_NO_SUCH_USER)) {
                if ((lp_map_to_guest() == MAP_TO_GUEST_ON_BAD_USER) ||
                    (lp_map_to_guest() == MAP_TO_GUEST_ON_BAD_PASSWORD)) {
index 6586a454395d431a9c561ca24a2197ba3dc5dfe9..493e74802d501710948349e9bdc235065a878a74 100644 (file)
@@ -143,6 +143,26 @@ static int smbd_smb2_session_destructor(struct smbd_smb2_session *session)
        return 0;
 }
 
+static NTSTATUS setup_ntlmssp_server_info(struct smbd_smb2_session *session,
+                               NTSTATUS status)
+{
+       if (NT_STATUS_IS_OK(status)) {
+               status = auth_ntlmssp_server_info(session,
+                               session->auth_ntlmssp_state,
+                               &session->server_info);
+       } else {
+               /* Note that this server_info won't have a session
+                * key.  But for map to guest, that's exactly the right
+                * thing - we can't reasonably guess the key the
+                * client wants, as the password was wrong */
+               status = do_map_to_guest(status,
+                       &session->server_info,
+                       auth_ntlmssp_get_username(session->auth_ntlmssp_state),
+                       auth_ntlmssp_get_domain(session->auth_ntlmssp_state));
+       }
+       return status;
+}
+
 #ifdef HAVE_KRB5
 static NTSTATUS smbd_smb2_session_setup_krb5(struct smbd_smb2_session *session,
                                        struct smbd_smb2_request *smb2req,
@@ -615,13 +635,6 @@ static NTSTATUS smbd_smb2_common_ntlmssp_auth_return(struct smbd_smb2_session *s
                                        uint64_t *out_session_id)
 {
        fstring tmp;
-       NTSTATUS status = auth_ntlmssp_server_info(session, session->auth_ntlmssp_state,
-                                                  &session->server_info);
-       if (!NT_STATUS_IS_OK(status)) {
-               auth_ntlmssp_end(&session->auth_ntlmssp_state);
-               TALLOC_FREE(session);
-               return status;
-       }
 
        if ((in_security_mode & SMB2_NEGOTIATE_SIGNING_REQUIRED) ||
            lp_server_signing() == Required) {
@@ -773,6 +786,11 @@ static NTSTATUS smbd_smb2_spnego_auth(struct smbd_smb2_session *session,
        status = auth_ntlmssp_update(session->auth_ntlmssp_state,
                                     auth,
                                     &auth_out);
+       if (!NT_STATUS_IS_OK(status) &&
+                       !NT_STATUS_EQUAL(status, NT_STATUS_MORE_PROCESSING_REQUIRED)) {
+               status = setup_ntlmssp_server_info(session, status);
+       }
+
        if (!NT_STATUS_IS_OK(status) &&
                        !NT_STATUS_EQUAL(status, NT_STATUS_MORE_PROCESSING_REQUIRED)) {
                auth_ntlmssp_end(&session->auth_ntlmssp_state);
@@ -850,6 +868,9 @@ static NTSTATUS smbd_smb2_raw_ntlmssp_auth(struct smbd_smb2_session *session,
                *out_session_id = session->vuid;
                return status;
        }
+
+       status = setup_ntlmssp_server_info(session, status);
+
        if (!NT_STATUS_IS_OK(status)) {
                auth_ntlmssp_end(&session->auth_ntlmssp_state);
                TALLOC_FREE(session);
index f4ad6f7b4761188b5f908f4ae25989041cec6c95..61cb89d0f7b041ee566c06ec80f35f48b77b64ef 100644 (file)
@@ -1,4 +1,3 @@
-
 /* 
    Samba Unix/Linux Dynamic DNS Update
    net ads commands
    it under the terms of the GNU General Public License as published by
    the Free Software Foundation; either version 3 of the License, or
    (at your option) any later version.
-   
+
    This program is distributed in the hope that it will be useful,
    but WITHOUT ANY WARRANTY; without even the implied warranty of
    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
    GNU General Public License for more details.
-   
+
    You should have received a copy of the GNU General Public License
    along with this program.  If not, see <http://www.gnu.org/licenses/>.  
 */
@@ -55,7 +54,7 @@ DNS_ERROR DoDNSUpdate(char *pszServerName,
        if (!(mem_ctx = talloc_init("DoDNSUpdate"))) {
                return ERROR_DNS_NO_MEMORY;
        }
-               
+
        err = dns_open_connection( pszServerName, DNS_TCP, mem_ctx, &conn );
        if (!ERR_DNS_IS_OK(err)) {
                goto error;
@@ -114,10 +113,9 @@ DNS_ERROR DoDNSUpdate(char *pszServerName,
                                                     keyname, &gss_context, 
                                                     DNS_SRV_WIN2000 );
                }
-               
+
                if (!ERR_DNS_IS_OK(err))
                        goto error;
-               
 
                err = dns_sign_update(req, gss_context, keyname,
                                      "gss.microsoft.com", time(NULL), 3600);
index ed8eb1339f38f25bef658c8913a8d062780d5fc5..47348b997f502d74bad0882ad7d3abb339db87a7 100644 (file)
@@ -1129,9 +1129,11 @@ bool winbindd_reinit_after_fork(const char *logfilename)
        struct winbindd_child *cl;
        NTSTATUS status;
 
-       status = reinit_after_fork(winbind_messaging_context(),
-                                  winbind_event_context(),
-                                  procid_self(), true);
+       status = reinit_after_fork(
+               winbind_messaging_context(),
+               winbind_event_context(),
+               messaging_server_id(winbind_messaging_context()),
+               true);
        if (!NT_STATUS_IS_OK(status)) {
                DEBUG(0,("reinit_after_fork() failed\n"));
                return false;
index 38d680518f2edabe0de731e6f962de6cc27b95a2..f5265011f732b7739fe4108e6d7e1ae440e43624 100644 (file)
@@ -68,6 +68,9 @@ LIBNDR_SCHANNEL_SRC = '''../librpc/gen_ndr/ndr_schannel.c
 LIBNDR_SPOOLSS_SRC = '''../librpc/gen_ndr/ndr_spoolss.c
                   ../librpc/ndr/ndr_spoolss_buf.c'''
 
+LIBNDR_XATTR_SRC = '''../librpc/gen_ndr/ndr_xattr.c
+                  ../librpc/ndr/ndr_xattr.c'''
+
 LIBNDR_GEN_SRC = '''../librpc/gen_ndr/ndr_wkssvc.c
                  ${LIBNDR_GEN_SRC0}
                  ../librpc/gen_ndr/ndr_dfs.c
@@ -79,8 +82,7 @@ LIBNDR_GEN_SRC = '''../librpc/gen_ndr/ndr_wkssvc.c
                  ${LIBNDR_NETLOGON_SRC}
                  ../librpc/gen_ndr/ndr_dssetup.c
                  librpc/gen_ndr/ndr_notify.c
-                 ../librpc/gen_ndr/ndr_xattr.c
-                 ../librpc/ndr/ndr_xattr.c
+                 ${LIBNDR_XATTR_SRC}
                  ../librpc/gen_ndr/ndr_epmapper.c
                  ../librpc/gen_ndr/ndr_named_pipe_auth.c
                  ../librpc/gen_ndr/ndr_ntsvcs.c
@@ -413,8 +415,10 @@ RPC_SERVER_SRC = '''${RPC_PIPE_SRC} ${NPA_TSTREAM_SRC}'''
 
 RPC_PARSE_SRC = '''${RPC_PARSE_SRC2}'''
 
-RPC_CLIENT_SRC = '''rpc_client/cli_pipe.c rpc_client/rpc_transport_np.c
-        rpc_client/rpc_transport_sock.c rpc_client/rpc_transport_smbd.c'''
+RPC_CLIENT_SRC = '''rpc_client/cli_pipe.c librpc/rpc/rpc_common.c
+                    rpc_client/rpc_transport_np.c
+                   rpc_client/rpc_transport_sock.c
+                   rpc_client/rpc_transport_smbd.c'''
 
 LOCKING_SRC = '''locking/locking.c locking/brlock.c locking/posix.c'''
 
diff --git a/source4/scripting/bin/ktpass.sh b/source4/scripting/bin/ktpass.sh
new file mode 100755 (executable)
index 0000000..92b1976
--- /dev/null
@@ -0,0 +1,93 @@
+#!/usr/bin/env bash
+# vim: expandtab
+#
+# Copyright (C) Matthieu Patou <mat@matws.net>  2010
+#
+#
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+name="ktpass.sh"
+TEMP=`getopt -o h --long princ:,pass:,out:,host:,ptype:,enc:,path-to-ldbsearch: \
+     -n "$name" -- "$@"`
+eval set -- "$TEMP"
+
+function usage {
+  echo -ne "$name --out <keytabfile> --princ <principal> --pass <password>|*\n"
+  echo -ne "      [--host hostname] [--enc <encryption>]\n"
+  echo -ne "      [--ptype <type>] [--path-to-ldbsearch <path>]\n"
+  echo -ne "\nEncoding should be one of:\n"
+  echo -ne " * des-cbc-crc\n"
+  echo -ne " * des-cbc-md5\n"
+  echo -ne " * rc4-hmac (default)\n"
+  echo -ne " * aes128-cts\n"
+  echo -ne " * aes256-cts\n"
+  exit 0
+}
+while true ; do
+  case "$1" in
+    --out) outfile=$2 ; shift 2 ;;
+    --princ) princ=$2 ; shift 2 ;;
+    --pass) pass=$2 ; shift 2 ;;
+    --host) host=$2 ; shift 2 ;;
+    --ptype) shift 2 ;;
+    --enc) enc=$2; shift 2;;
+    --path-to-ldbsearch) path="$2/"; shift 2;;
+    -h) usage;;
+    --) shift ; break ;;
+    *) echo "Internal error!" ; exit 1 ;;
+  esac
+done
+#RC4-HMAC-NT|AES256-SHA1|AES128-SHA
+if [ -z "$enc" ]; then
+    enc="rc4-hmac"
+fi
+if [ -z "$path" ]; then
+  path=`dirname $0`/../bin/
+fi
+if [ -z "$outfile" -o -z "$princ" -o -z "$pass" ]; then
+  echo "At least one mandatory parameter (--out, --princ, --pass) was not specified"
+  usage
+fi
+if [ -z $host ]; then
+  host=`hostname`
+fi
+kvno=`${path}ldbsearch -H ldap://$host "(|(samaccountname=$princ)(serviceprincipalname=$princ))" msds-keyversionnumber  -k 1 -N 2>/dev/null| grep -i msds-keyversionnumber`
+if [ "$kvno" == "" ]; then
+  echo -ne "Unable to find kvno for principal $princ\n"
+  echo -ne " check that you are authentified with kerberos\n"
+  exit 1
+else
+  kvno=`echo $kvno | sed 's/^.*: //'`
+fi
+
+if [ "$pass" == "*" ]; then
+  echo -n "Enter password for $princ: "
+  stty -echo
+  read pass
+  stty echo
+  echo ""
+fi
+
+ktutil >/dev/null <<EOF
+add_entry -password -p $princ -k $kvno -e $enc
+$pass
+wkt $outfile
+EOF
+
+if [ $? -eq 0 ]; then
+   echo "Keytab file $outfile created with success"
+else
+  echo "Error while creating the keytab file $outfile"
+fi
index 52d1d3963e7a9cf23dd56642297cec861ef7dc89..1dd507eaed9b365601686b6bd4b44816b7e3cf93 100755 (executable)
@@ -368,6 +368,7 @@ plantestsuite "blackbox.pkinit" dc:local $bbdir/test_pkinit.sh "\$SERVER" "\$USE
 plantestsuite "blackbox.kinit" dc:local $bbdir/test_kinit.sh "\$SERVER" "\$USERNAME" "\$PASSWORD" "\$REALM" "\$DOMAIN" "$PREFIX" aes256-cts-hmac-sha1-96 $CONFIGURATION
 plantestsuite "blackbox.kinit" fl2000dc:local $bbdir/test_kinit.sh "\$SERVER" "\$USERNAME" "\$PASSWORD" "\$REALM" "\$DOMAIN" "$PREFIX" arcfour-hmac-md5 $CONFIGURATION
 plantestsuite "blackbox.kinit" fl2008r2dc:local $bbdir/test_kinit.sh "\$SERVER" "\$USERNAME" "\$PASSWORD" "\$REALM" "\$DOMAIN" "$PREFIX" aes256-cts-hmac-sha1-96 $CONFIGURATION
+plantestsuite "blackbox.ktpass" dc $bbdir/test_ktpass.sh $PREFIX
 plantestsuite "blackbox.passwords" dc:local $bbdir/test_passwords.sh "\$SERVER" "\$USERNAME" "\$PASSWORD" "\$REALM" "\$DOMAIN" "$PREFIX"
 plantestsuite "blackbox.export.keytab" dc:local $bbdir/test_export_keytab.sh "\$SERVER" "\$USERNAME" "\$REALM" "\$DOMAIN" "$PREFIX"
 plantestsuite "blackbox.cifsdd" dc $samba4srcdir/client/tests/test_cifsdd.sh "\$SERVER" "\$USERNAME" "\$PASSWORD" "\$DOMAIN" 
index b36e54cac07931d30a1bedb1c2226490f4a27cb0..f6470595e31ef5ac430efaa35561e2c6bf7566fa 100644 (file)
@@ -52,6 +52,7 @@ static bool test_bind(struct torture_context *tctx,
                torture_rpc_binding(tctx, &binding),
                "failed to parse binding string");
 
+       binding->flags &= ~DCERPC_AUTH_OPTIONS;
        binding->flags |= *flags;
 
        torture_assert_ntstatus_ok(tctx,
@@ -86,11 +87,32 @@ static void test_bind_op(struct torture_suite *suite,
 struct torture_suite *torture_rpc_bind(TALLOC_CTX *mem_ctx)
 {
        struct torture_suite *suite = torture_suite_create(mem_ctx, "BIND");
-
-       test_bind_op(suite, "ntlm,sign", DCERPC_AUTH_NTLM | DCERPC_SIGN);
-       test_bind_op(suite, "ntlm,sign,seal", DCERPC_AUTH_NTLM | DCERPC_SIGN | DCERPC_SEAL);
-       test_bind_op(suite, "spnego,sign", DCERPC_AUTH_SPNEGO | DCERPC_SIGN);
-       test_bind_op(suite, "spnego,sign,seal", DCERPC_AUTH_SPNEGO | DCERPC_SIGN | DCERPC_SEAL);
+       struct {
+               const char *test_name;
+               uint32_t flags;
+       } tests[] = {
+               {
+                       .test_name      = "ntlm,sign",
+                       .flags          = DCERPC_AUTH_NTLM | DCERPC_SIGN
+               },{
+                       .test_name      = "ntlm,sign,seal",
+                       .flags          = DCERPC_AUTH_NTLM | DCERPC_SIGN | DCERPC_SEAL
+               },{
+                       .test_name      = "spnego,sign",
+                       .flags          = DCERPC_AUTH_SPNEGO | DCERPC_SIGN
+               },{
+                       .test_name      = "spnego,sign,seal",
+                       .flags          = DCERPC_AUTH_SPNEGO | DCERPC_SIGN | DCERPC_SEAL
+               }
+       };
+       int i;
+
+       for (i=0; i < ARRAY_SIZE(tests); i++) {
+               test_bind_op(suite, tests[i].test_name, tests[i].flags);
+       }
+       for (i=0; i < ARRAY_SIZE(tests); i++) {
+               test_bind_op(suite, talloc_asprintf(suite, "bigendian,%s", tests[i].test_name), tests[i].flags | DCERPC_PUSH_BIGENDIAN);
+       }
 
        return suite;
 }
index 7c313af1785b28745c59f96c2c4b29c1f6e68650..03c670a90230c08368d25db8299a8e20c455abaa 100644 (file)
@@ -175,8 +175,6 @@ static void shell_help(const struct shell_command * command,
 static void shell_set(const struct shell_command *command,
        struct torture_context *tctx, int argc, const char **argv)
 {
-       char * name;
-
        switch (argc) {
        case 0:
            lpcfg_dump(tctx->lp_ctx, stdout,
@@ -185,9 +183,12 @@ static void shell_set(const struct shell_command *command,
            break;
 
        case 2:
-           name = talloc_asprintf(NULL, "torture:%s", argv[0]);
-           lpcfg_set_cmdline(tctx->lp_ctx, name, argv[1]);
-           talloc_free(name);
+           /* We want to allow users to set any config option. Top level
+            * options will get checked against their static definition, but
+            * parametric options can't be checked and will just get stashed
+            * as they are provided.
+            */
+           lpcfg_set_cmdline(tctx->lp_ctx, argv[0], argv[1]);
            break;
 
        default:
index 6c1eac69054c8ecd3279aff46bcdeaff7244b933..090c914ae73ea9b6c36ff0b8642c5bec497e836c 100644 (file)
@@ -56,6 +56,7 @@ bld.RECURSE('cluster')
 bld.RECURSE('smbd')
 bld.RECURSE('libnet')
 bld.RECURSE('auth')
+bld.RECURSE('../lib/iniparser/src')
 bld.RECURSE('../nsswitch')
 bld.RECURSE('../nsswitch/libwbclient')
 bld.RECURSE('lib/samba3')
diff --git a/testprogs/blackbox/test_ktpass.sh b/testprogs/blackbox/test_ktpass.sh
new file mode 100755 (executable)
index 0000000..b106d50
--- /dev/null
@@ -0,0 +1,37 @@
+#!/bin/sh
+
+if [ $# -lt 1 ]; then
+cat <<EOF
+Usage: blackbox_newuser.sh PREFIX
+EOF
+exit 1;
+fi
+
+PREFIX="$1"
+shift 1
+
+. `dirname $0`/subunit.sh
+
+
+net="$BUILDDIR/bin/net"
+samba4bindir="$BUILDDIR/bin"
+samba4kinit="$samba4bindir/samba4kinit$EXEEXT"
+CONFIG="--configfile=$PREFIX/dc/etc/smb.conf"
+
+#two test for creating new user
+#newuser  account is created with cn=Given Name Initials. Surname
+#newuser1 account is created using cn=username
+testit "newuser" $net newuser $CONFIG --given-name="User" --surname="Tester" --initials="T" --profile-path="\\\\myserver\\my\\profile" --script-path="\\\\myserver\\my\\script" --home-directory="\\\\myserver\\my\\homedir" --job-title="Tester" --department="Testing" --company="Samba.org" --description="Description" --mail-address="tester@samba.org" --internet-address="http://samba.org" --telephone-number="001122334455" --physical-delivery-office="101" --home-drive="H:" testuser testp@ssw0Rd|| failed=`expr $failed + 1`
+
+KRB5CCNAME="$PREFIX/tmpccache"
+export KRB5CCNAME
+echo "testp@ssw0Rd" >$PREFIX/tmppassfile
+testit "kinit with passwd" $samba4kinit -e arcfour-hmac-md5 --password-file=$PREFIX/tmppassfile   testuser@SAMBA.EXAMPLE.COM   || failed=`expr $failed + 1`
+testit "ktpass" $BUILDDIR/scripting/bin/ktpass.sh --host LOCALDC --out $PREFIX/testuser.kt --princ testuser --pass "testp@ssw0Rd" --path-to-ldbsearch=$BUILDDIR/bin|| failed=`expr $failed + 1`
+
+rm -f $KRB5CCNAME
+
+testit "kinit with keytab" $samba4kinit -e arcfour-hmac-md5 --use-keytab -t $PREFIX/testuser.kt testuser@SAMBA.EXAMPLE.COM   || failed=`expr $failed + 1`
+
+rm -f $PREFIX/tmpccache $PREFIX/testuser.kt
+exit $failed