aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorJoe MacDonald <joe_macdonald@mentor.com>2016-04-18 17:00:53 -0400
committerJoe MacDonald <joe_macdonald@mentor.com>2016-04-20 08:55:27 -0400
commit70bde9accebb072b42ec5b9557411caef7e9ee54 (patch)
tree17cb72358a4547ef1f2594967d1e68014a7bcfad
parentab62c7437ff28d045ecff3f82621990ff94662e6 (diff)
downloadmeta-openembedded-70bde9accebb072b42ec5b9557411caef7e9ee54.tar.gz
meta-openembedded-70bde9accebb072b42ec5b9557411caef7e9ee54.tar.bz2
meta-openembedded-70bde9accebb072b42ec5b9557411caef7e9ee54.zip
samba: Update to latest stable
The previous version of Samba had many critical security updates that would've required significant backporting effort. Update to the latest stable release instead. Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com> Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
-rw-r--r--meta-networking/recipes-connectivity/samba/samba-4.1.12/0001-waf-sanitize-and-fix-added-cross-answer.patch60
-rw-r--r--meta-networking/recipes-connectivity/samba/samba-4.1.12/0002-Adds-a-new-mode-to-samba-cross-compiling.patch112
-rw-r--r--meta-networking/recipes-connectivity/samba/samba-4.1.12/0003-waf-improve-readability-of-cross-answers-generated-b.patch66
-rw-r--r--meta-networking/recipes-connectivity/samba/samba-4.1.12/0004-build-make-wafsamba-CHECK_SIZEOF-cross-compile-frien.patch72
-rw-r--r--meta-networking/recipes-connectivity/samba/samba-4.1.12/0005-build-unify-and-fix-endian-tests.patch169
-rw-r--r--meta-networking/recipes-connectivity/samba/samba-4.1.12/0007-waf-Fix-parsing-of-cross-answers-file-in-case-answer.patch36
-rw-r--r--meta-networking/recipes-connectivity/samba/samba-4.1.12/01-fix-force-user-sec-ads.patch1448
-rw-r--r--meta-networking/recipes-connectivity/samba/samba-4.1.12/02-fix-ipv6-join.patch266
-rw-r--r--meta-networking/recipes-connectivity/samba/samba-4.1.12/03-net-ads-kerberos-pac.patch962
-rw-r--r--meta-networking/recipes-connectivity/samba/samba-4.1.12/04-ipv6-workaround.patch211
-rw-r--r--meta-networking/recipes-connectivity/samba/samba-4.1.12/05-fix-gecos-field-with-samlogon.patch29894
-rw-r--r--meta-networking/recipes-connectivity/samba/samba-4.1.12/06-fix-nmbd-systemd-status-update.patch97
-rw-r--r--meta-networking/recipes-connectivity/samba/samba-4.1.12/07-fix-idmap-ad-getgroups-without-gid.patch42
-rw-r--r--meta-networking/recipes-connectivity/samba/samba-4.1.12/08-fix-idmap-ad-sfu-with-trusted-domains.patch44
-rw-r--r--meta-networking/recipes-connectivity/samba/samba-4.1.12/09-fix-smbclient-echo-cmd-segfault.patch35
-rw-r--r--meta-networking/recipes-connectivity/samba/samba-4.1.12/10-improve-service-principal-guessing-in-net.patch180
-rw-r--r--meta-networking/recipes-connectivity/samba/samba-4.1.12/11-fix-overwriting-of-spns-during-net-ads-join.patch329
-rw-r--r--meta-networking/recipes-connectivity/samba/samba-4.1.12/12-add-precreated-spns-from-AD-during-keytab-generation.patch159
-rw-r--r--meta-networking/recipes-connectivity/samba/samba-4.1.12/13-fix-aes-enctype.patch988
-rw-r--r--meta-networking/recipes-connectivity/samba/samba-4.1.12/14-fix-dnsupdate.patch51
-rw-r--r--meta-networking/recipes-connectivity/samba/samba-4.1.12/15-fix-netbios-name-truncation.patch154
-rw-r--r--meta-networking/recipes-connectivity/samba/samba-4.1.12/16-do-not-check-xsltproc-manpages.patch52
-rw-r--r--meta-networking/recipes-connectivity/samba/samba-4.1.12/17-execute-prog-by-qemu.patch22
-rw-r--r--meta-networking/recipes-connectivity/samba/samba-4.1.12/18-avoid-get-config-by-native-ncurses.patch22
-rw-r--r--meta-networking/recipes-connectivity/samba/samba-4.1.12/19-systemd-daemon-is-contained-by-libsystemd.patch42
-rw-r--r--meta-networking/recipes-connectivity/samba/samba-4.1.12/21-avoid-sasl-unless-wanted.patch10
-rw-r--r--meta-networking/recipes-connectivity/samba/samba-4.4.2/00-fix-typos-in-man-pages.patch (renamed from meta-networking/recipes-connectivity/samba/samba-4.1.12/00-fix-typos-in-man-pages.patch)0
-rw-r--r--meta-networking/recipes-connectivity/samba/samba-4.4.2/0006-avoid-using-colon-in-the-checking-msg.patch (renamed from meta-networking/recipes-connectivity/samba/samba-4.1.12/0006-avoid-using-colon-in-the-checking-msg.patch)0
-rw-r--r--meta-networking/recipes-connectivity/samba/samba-4.4.2/16-do-not-check-xsltproc-manpages.patch43
-rw-r--r--[-rwxr-xr-x]meta-networking/recipes-connectivity/samba/samba-4.4.2/20-do-not-import-target-module-while-cross-compile.patch (renamed from meta-networking/recipes-connectivity/samba/samba-4.1.12/20-do-not-import-target-module-while-cross-compile.patch)19
-rw-r--r--meta-networking/recipes-connectivity/samba/samba-4.4.2/21-add-config-option-without-valgrind.patch (renamed from meta-networking/recipes-connectivity/samba/samba-4.1.12/21-add-config-option-without-valgrind.patch)0
-rw-r--r--meta-networking/recipes-connectivity/samba/samba_4.4.2.bb (renamed from meta-networking/recipes-connectivity/samba/samba_4.1.12.bb)81
32 files changed, 81 insertions, 35585 deletions
diff --git a/meta-networking/recipes-connectivity/samba/samba-4.1.12/0001-waf-sanitize-and-fix-added-cross-answer.patch b/meta-networking/recipes-connectivity/samba/samba-4.1.12/0001-waf-sanitize-and-fix-added-cross-answer.patch
deleted file mode 100644
index 69668c088..000000000
--- a/meta-networking/recipes-connectivity/samba/samba-4.1.12/0001-waf-sanitize-and-fix-added-cross-answer.patch
+++ /dev/null
@@ -1,60 +0,0 @@
-From 1b32c7d7f148bcf2598799b21dfa3ba1ed824d32 Mon Sep 17 00:00:00 2001
-From: Uri Simchoni <urisimchoni@gmail.com>
-Date: Mon, 18 May 2015 21:12:06 +0300
-Subject: [PATCH 1/7] waf: sanitize and fix added cross answer
-
-When configuring samba for cross-compilation using the cross-answers
-method, the function add_answer receives the standard output and exit code
-of a configuration test and updates the cross-answers file accordingly.
-
-This patch sanitizes the standard output to conform to the cross-answers
-file format - one line of output. It also adds a missing newline.
-
-(Note - at this point add_answer is only ever called with empty output
-but this change is significant for the reminder of this patchset)
-
-Signed-off-by: Uri Simchoni <urisimchoni@gmail.com>
-Reviewed-by: Andrew Bartlett <abartlet@samba.org>
-Reviewed-by: Alexander Bokovoy <ab@samba.org>
-
-Upstream-Status: Backport
-
-Signed-off-by: Jackie Huang <jackie.huang@windriver.com>
----
- buildtools/wafsamba/samba_cross.py | 13 +++++++++++--
- 1 file changed, 11 insertions(+), 2 deletions(-)
-
-diff --git a/buildtools/wafsamba/samba_cross.py b/buildtools/wafsamba/samba_cross.py
-index 3838e34..fc1d78e 100644
---- a/buildtools/wafsamba/samba_cross.py
-+++ b/buildtools/wafsamba/samba_cross.py
-@@ -19,6 +19,16 @@ def add_answer(ca_file, msg, answer):
- except:
- Logs.error("Unable to open cross-answers file %s" % ca_file)
- sys.exit(1)
-+ (retcode, retstring) = answer
-+ # if retstring is more than one line then we probably
-+ # don't care about its actual content (the tests should
-+ # yield one-line output in order to comply with the cross-answer
-+ # format)
-+ retstring = retstring.strip()
-+ if len(retstring.split('\n')) > 1:
-+ retstring = ''
-+ answer = (retcode, retstring)
-+
- if answer == ANSWER_OK:
- f.write('%s: OK\n' % msg)
- elif answer == ANSWER_UNKNOWN:
-@@ -26,8 +36,7 @@ def add_answer(ca_file, msg, answer):
- elif answer == ANSWER_FAIL:
- f.write('%s: FAIL\n' % msg)
- else:
-- (retcode, retstring) = answer
-- f.write('%s: (%d, "%s")' % (msg, retcode, retstring))
-+ f.write('%s: (%d, "%s")\n' % (msg, retcode, retstring))
- f.close()
-
-
---
-1.9.1
-
diff --git a/meta-networking/recipes-connectivity/samba/samba-4.1.12/0002-Adds-a-new-mode-to-samba-cross-compiling.patch b/meta-networking/recipes-connectivity/samba/samba-4.1.12/0002-Adds-a-new-mode-to-samba-cross-compiling.patch
deleted file mode 100644
index fce3abcaa..000000000
--- a/meta-networking/recipes-connectivity/samba/samba-4.1.12/0002-Adds-a-new-mode-to-samba-cross-compiling.patch
+++ /dev/null
@@ -1,112 +0,0 @@
-From add52538b9a0ccf66ca87c7a691bf59901765849 Mon Sep 17 00:00:00 2001
-From: Uri Simchoni <urisimchoni@gmail.com>
-Date: Mon, 18 May 2015 21:15:19 +0300
-Subject: [PATCH 2/7] Adds a new mode to samba cross-compiling.
-
-When both --cross-answers and --cross-execute are set, this means:
-- Use cross-answers
-- If answer is unknown, then instead of adding UNKNOWN to the cross-answers
- file and failing configure, the new mode runs cross-execute to determine the
- answer and adds that to the cross-answers file.
-
-Signed-off-by: Uri Simchoni <urisimchoni@gmail.com>
-Reviewed-by: Andrew Bartlett <abartlet@samba.org>
-Reviewed-by: Alexander Bokovoy <ab@samba.org>
-
-Upstream-Status: Backport
-
-Signed-off-by: Jackie Huang <jackie.huang@windriver.com>
----
- buildtools/wafsamba/samba_cross.py | 46 ++++++++++++++++++++++++++++----------
- 1 file changed, 34 insertions(+), 12 deletions(-)
-
-diff --git a/buildtools/wafsamba/samba_cross.py b/buildtools/wafsamba/samba_cross.py
-index fc1d78e..3f1ef12 100644
---- a/buildtools/wafsamba/samba_cross.py
-+++ b/buildtools/wafsamba/samba_cross.py
-@@ -45,7 +45,6 @@ def cross_answer(ca_file, msg):
- try:
- f = open(ca_file, 'r')
- except:
-- add_answer(ca_file, msg, ANSWER_UNKNOWN)
- return ANSWER_UNKNOWN
- for line in f:
- line = line.strip()
-@@ -78,7 +77,6 @@ def cross_answer(ca_file, msg):
- else:
- raise Utils.WafError("Bad answer format '%s' in %s" % (line, ca_file))
- f.close()
-- add_answer(ca_file, msg, ANSWER_UNKNOWN)
- return ANSWER_UNKNOWN
-
-
-@@ -86,24 +84,47 @@ class cross_Popen(Utils.pproc.Popen):
- '''cross-compilation wrapper for Popen'''
- def __init__(*k, **kw):
- (obj, args) = k
--
-- if '--cross-execute' in args:
-- # when --cross-execute is set, then change the arguments
-- # to use the cross emulator
-- i = args.index('--cross-execute')
-- newargs = args[i+1].split()
-- newargs.extend(args[0:i])
-- args = newargs
-- elif '--cross-answers' in args:
-+ use_answers = False
-+ ans = ANSWER_UNKNOWN
-+
-+ # Three possibilities:
-+ # 1. Only cross-answers - try the cross-answers file, and if
-+ # there's no corresponding answer, add to the file and mark
-+ # the configure process as unfinished.
-+ # 2. Only cross-execute - get the answer from cross-execute
-+ # 3. Both - try the cross-answers file, and if there is no
-+ # corresponding answer - use cross-execute to get an answer,
-+ # and add that answer to the file.
-+ if '--cross-answers' in args:
- # when --cross-answers is set, then change the arguments
- # to use the cross answers if available
-+ use_answers = True
- i = args.index('--cross-answers')
- ca_file = args[i+1]
- msg = args[i+2]
- ans = cross_answer(ca_file, msg)
-+
-+ if '--cross-execute' in args and ans == ANSWER_UNKNOWN:
-+ # when --cross-execute is set, then change the arguments
-+ # to use the cross emulator
-+ i = args.index('--cross-execute')
-+ newargs = args[i+1].split()
-+ newargs.extend(args[0:i])
-+ if use_answers:
-+ p = real_Popen(newargs,
-+ stdout=Utils.pproc.PIPE,
-+ stderr=Utils.pproc.PIPE)
-+ ce_out, ce_err = p.communicate()
-+ ans = (p.returncode, ce_out)
-+ add_answer(ca_file, msg, ans)
-+ else:
-+ args = newargs
-+
-+ if use_answers:
- if ans == ANSWER_UNKNOWN:
- global cross_answers_incomplete
- cross_answers_incomplete = True
-+ add_answer(ca_file, msg, ans)
- (retcode, retstring) = ans
- args = ['/bin/sh', '-c', "echo -n '%s'; exit %d" % (retstring, retcode)]
- real_Popen.__init__(*(obj, args), **kw)
-@@ -124,7 +145,8 @@ def SAMBA_CROSS_ARGS(conf, msg=None):
-
- if conf.env.CROSS_EXECUTE:
- ret.extend(['--cross-execute', conf.env.CROSS_EXECUTE])
-- elif conf.env.CROSS_ANSWERS:
-+
-+ if conf.env.CROSS_ANSWERS:
- if msg is None:
- raise Utils.WafError("Cannot have NULL msg in cross-answers")
- ret.extend(['--cross-answers', os.path.join(Options.launch_dir, conf.env.CROSS_ANSWERS), msg])
---
-1.9.1
-
diff --git a/meta-networking/recipes-connectivity/samba/samba-4.1.12/0003-waf-improve-readability-of-cross-answers-generated-b.patch b/meta-networking/recipes-connectivity/samba/samba-4.1.12/0003-waf-improve-readability-of-cross-answers-generated-b.patch
deleted file mode 100644
index ec17d9d21..000000000
--- a/meta-networking/recipes-connectivity/samba/samba-4.1.12/0003-waf-improve-readability-of-cross-answers-generated-b.patch
+++ /dev/null
@@ -1,66 +0,0 @@
-From f7052d633396005563e44509428503f42c9faa97 Mon Sep 17 00:00:00 2001
-From: Jackie Huang <jackie.huang@windriver.com>
-Date: Thu, 12 Nov 2015 01:00:11 -0500
-Subject: [PATCH 3/7] waf: improve readability of cross-answers generated by cross-execute
-
-When generating a result for cross-answers from the (retcode, retstring) tuple:
-- (0, "output") indicated as "output"
-- 1 is interpreted as generic fail code, instead of 255, because most
- if not all tests fail with 1 as exit code rather than 255
-- For failing test, use NO instead of FAIL, because that's not
- necessarily a failure (it could mean that something is NOT
- broken)
-
-Signed-off-by: Uri Simchoni <urisimchoni@gmail.com>
-Reviewed-by: Andrew Bartlett <abartlet@samba.org>
-Reviewed-by: Alexander Bokovoy <ab@samba.org>
-
-Upstream-Status: Backport
-
-Signed-off-by: Jackie Huang <jackie.huang@windriver.com>
----
- buildtools/wafsamba/samba_cross.py | 13 ++++++++-----
- 1 file changed, 8 insertions(+), 5 deletions(-)
-
-diff --git a/buildtools/wafsamba/samba_cross.py b/buildtools/wafsamba/samba_cross.py
-index 3f1ef12..d1e7006 100644
---- a/buildtools/wafsamba/samba_cross.py
-+++ b/buildtools/wafsamba/samba_cross.py
-@@ -6,7 +6,7 @@ from Configure import conf
- real_Popen = None
-
- ANSWER_UNKNOWN = (254, "")
--ANSWER_FAIL = (255, "")
-+ANSWER_NO = (1, "")
- ANSWER_OK = (0, "")
-
- cross_answers_incomplete = False
-@@ -33,10 +33,13 @@ def add_answer(ca_file, msg, answer):
- f.write('%s: OK\n' % msg)
- elif answer == ANSWER_UNKNOWN:
- f.write('%s: UNKNOWN\n' % msg)
-- elif answer == ANSWER_FAIL:
-- f.write('%s: FAIL\n' % msg)
-+ elif answer == ANSWER_NO:
-+ f.write('%s: NO\n' % msg)
- else:
-- f.write('%s: (%d, "%s")\n' % (msg, retcode, retstring))
-+ if retcode == 0:
-+ f.write('%s: "%s"\n' % (msg, retstring))
-+ else:
-+ f.write('%s: (%d, "%s")\n' % (msg, retcode, retstring))
- f.close()
-
-
-@@ -64,7 +67,7 @@ def cross_answer(ca_file, msg):
- return ANSWER_UNKNOWN
- elif ans == "FAIL" or ans == "NO":
- f.close()
-- return ANSWER_FAIL
-+ return ANSWER_NO
- elif ans[0] == '"':
- return (0, ans.strip('"'))
- elif ans[0] == "'":
---
-1.9.1
-
diff --git a/meta-networking/recipes-connectivity/samba/samba-4.1.12/0004-build-make-wafsamba-CHECK_SIZEOF-cross-compile-frien.patch b/meta-networking/recipes-connectivity/samba/samba-4.1.12/0004-build-make-wafsamba-CHECK_SIZEOF-cross-compile-frien.patch
deleted file mode 100644
index 3fbb770f3..000000000
--- a/meta-networking/recipes-connectivity/samba/samba-4.1.12/0004-build-make-wafsamba-CHECK_SIZEOF-cross-compile-frien.patch
+++ /dev/null
@@ -1,72 +0,0 @@
-From 8ffb1892b5c42d8d29124d274aa4b5f1726d7e9f Mon Sep 17 00:00:00 2001
-From: Gustavo Zacarias <gustavo@zacarias.com.ar>
-Date: Mon, 21 Apr 2014 10:18:16 -0300
-Subject: [PATCH 4/7] build: make wafsamba CHECK_SIZEOF cross-compile friendly
-
-Use the same trick as commit 0d9bb86293c9d39298786df095c73a6251b08b7e
-We do the same array trick iteratively starting from 1 (byte) by powers
-of 2 up to 32.
-
-The new 'critical' option is used to make the invocation die or not
-according to each test.
-The default is True since normally it's expected to find a proper
-result and should error out if not.
-
-Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
-Reviewed-by: Andrew Bartlett <abartlet@samba.org>
-Reviewed-by: David Disseldorp <ddiss@samba.org>
-
-Upstream-Status: Backport
-
-Signed-off-by: Jackie Huang <jackie.huang@windriver.com>
----
- buildtools/wafsamba/samba_autoconf.py | 28 ++++++++++++++++------------
- 1 file changed, 16 insertions(+), 12 deletions(-)
-
-diff --git a/buildtools/wafsamba/samba_autoconf.py b/buildtools/wafsamba/samba_autoconf.py
-index fe110bd..59953d9 100644
---- a/buildtools/wafsamba/samba_autoconf.py
-+++ b/buildtools/wafsamba/samba_autoconf.py
-@@ -304,23 +304,27 @@ def CHECK_FUNCS(conf, list, link=True, lib=None, headers=None):
-
-
- @conf
--def CHECK_SIZEOF(conf, vars, headers=None, define=None):
-+def CHECK_SIZEOF(conf, vars, headers=None, define=None, critical=True):
- '''check the size of a type'''
-- ret = True
- for v in TO_LIST(vars):
- v_define = define
-+ ret = False
- if v_define is None:
- v_define = 'SIZEOF_%s' % v.upper().replace(' ', '_')
-- if not CHECK_CODE(conf,
-- 'printf("%%u", (unsigned)sizeof(%s))' % v,
-- define=v_define,
-- execute=True,
-- define_ret=True,
-- quote=False,
-- headers=headers,
-- local_include=False,
-- msg="Checking size of %s" % v):
-- ret = False
-+ for size in list((1, 2, 4, 8, 16, 32)):
-+ if CHECK_CODE(conf,
-+ 'static int test_array[1 - 2 * !(((long int)(sizeof(%s))) <= %d)];' % (v, size),
-+ define=v_define,
-+ quote=False,
-+ headers=headers,
-+ local_include=False,
-+ msg="Checking if size of %s == %d" % (v, size)):
-+ conf.DEFINE(v_define, size)
-+ ret = True
-+ break
-+ if not ret and critical:
-+ Logs.error("Couldn't determine size of '%s'" % v)
-+ sys.exit(1)
- return ret
-
- @conf
---
-1.9.1
-
diff --git a/meta-networking/recipes-connectivity/samba/samba-4.1.12/0005-build-unify-and-fix-endian-tests.patch b/meta-networking/recipes-connectivity/samba/samba-4.1.12/0005-build-unify-and-fix-endian-tests.patch
deleted file mode 100644
index 5546b6d65..000000000
--- a/meta-networking/recipes-connectivity/samba/samba-4.1.12/0005-build-unify-and-fix-endian-tests.patch
+++ /dev/null
@@ -1,169 +0,0 @@
-From 81379b6b14ea725c72953be2170b382403ed8728 Mon Sep 17 00:00:00 2001
-From: Gustavo Zacarias <gustavo@zacarias.com.ar>
-Date: Mon, 21 Apr 2014 10:18:15 -0300
-Subject: [PATCH 5/7] build: unify and fix endian tests
-
-Unify the endian tests out of lib/ccan/wscript into wafsamba since
-they're almost cross-compile friendly.
-While at it fix them to be so by moving the preprocessor directives out
-of main scope since that will fail.
-And keep the WORDS_BIGENDIAN, HAVE_LITTLE_ENDIAN and HAVE_BIG_ENDIAN
-defines separate because of different codebases.
-
-Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
-Reviewed-by: Andrew Bartlett <abartlet@samba.org>
-Reviewed-by: David Disseldorp <ddiss@samba.org>
-
-Upstream-Status: Backport
-
-Signed-off-by: Jackie Huang <jackie.huang@windriver.com>
----
- buildtools/wafsamba/wscript | 65 ++++++++++++++++++++++++++++++++++++++++++---
- lib/ccan/wscript | 55 --------------------------------------
- 2 files changed, 62 insertions(+), 58 deletions(-)
-
-diff --git a/buildtools/wafsamba/wscript b/buildtools/wafsamba/wscript
-index 7984227..1a2cfe6 100755
---- a/buildtools/wafsamba/wscript
-+++ b/buildtools/wafsamba/wscript
-@@ -390,9 +390,68 @@ def configure(conf):
- else:
- conf.define('SHLIBEXT', "so", quote=True)
-
-- conf.CHECK_CODE('long one = 1; return ((char *)(&one))[0]',
-- execute=True,
-- define='WORDS_BIGENDIAN')
-+ # First try a header check for cross-compile friendlyness
-+ conf.CHECK_CODE(code = """#ifdef __BYTE_ORDER
-+ #define B __BYTE_ORDER
-+ #elif defined(BYTE_ORDER)
-+ #define B BYTE_ORDER
-+ #endif
-+
-+ #ifdef __LITTLE_ENDIAN
-+ #define LITTLE __LITTLE_ENDIAN
-+ #elif defined(LITTLE_ENDIAN)
-+ #define LITTLE LITTLE_ENDIAN
-+ #endif
-+
-+ #if !defined(LITTLE) || !defined(B) || LITTLE != B
-+ #error Not little endian.
-+ #endif
-+ int main(void) { return 0; }""",
-+ addmain=False,
-+ headers="endian.h sys/endian.h",
-+ define="HAVE_LITTLE_ENDIAN")
-+ conf.CHECK_CODE(code = """#ifdef __BYTE_ORDER
-+ #define B __BYTE_ORDER
-+ #elif defined(BYTE_ORDER)
-+ #define B BYTE_ORDER
-+ #endif
-+
-+ #ifdef __BIG_ENDIAN
-+ #define BIG __BIG_ENDIAN
-+ #elif defined(BIG_ENDIAN)
-+ #define BIG BIG_ENDIAN
-+ #endif
-+
-+ #if !defined(BIG) || !defined(B) || BIG != B
-+ #error Not big endian.
-+ #endif
-+ int main(void) { return 0; }""",
-+ addmain=False,
-+ headers="endian.h sys/endian.h",
-+ define="HAVE_BIG_ENDIAN")
-+
-+ if not conf.CONFIG_SET("HAVE_BIG_ENDIAN") and not conf.CONFIG_SET("HAVE_LITTLE_ENDIAN"):
-+ # That didn't work! Do runtime test.
-+ conf.CHECK_CODE("""union { int i; char c[sizeof(int)]; } u;
-+ u.i = 0x01020304;
-+ return u.c[0] == 0x04 && u.c[1] == 0x03 && u.c[2] == 0x02 && u.c[3] == 0x01 ? 0 : 1;""",
-+ addmain=True, execute=True,
-+ define='HAVE_LITTLE_ENDIAN',
-+ msg="Checking for HAVE_LITTLE_ENDIAN - runtime")
-+ conf.CHECK_CODE("""union { int i; char c[sizeof(int)]; } u;
-+ u.i = 0x01020304;
-+ return u.c[0] == 0x01 && u.c[1] == 0x02 && u.c[2] == 0x03 && u.c[3] == 0x04 ? 0 : 1;""",
-+ addmain=True, execute=True,
-+ define='HAVE_BIG_ENDIAN',
-+ msg="Checking for HAVE_BIG_ENDIAN - runtime")
-+
-+ # Extra sanity check.
-+ if conf.CONFIG_SET("HAVE_BIG_ENDIAN") == conf.CONFIG_SET("HAVE_LITTLE_ENDIAN"):
-+ Logs.error("Failed endian determination. The PDP-11 is back?")
-+ sys.exit(1)
-+ else:
-+ if conf.CONFIG_SET("HAVE_BIG_ENDIAN"):
-+ conf.DEFINE('WORDS_BIGENDIAN', 1)
-
- # check if signal() takes a void function
- if conf.CHECK_CODE('return *(signal (0, 0)) (0) == 1',
-diff --git a/lib/ccan/wscript b/lib/ccan/wscript
-index a0b5406..5b3a910 100644
---- a/lib/ccan/wscript
-+++ b/lib/ccan/wscript
-@@ -25,61 +25,6 @@ def configure(conf):
- conf.CHECK_CODE('int __attribute__((used)) func(int x) { return x; }',
- addmain=False, link=False, cflags=conf.env['WERROR_CFLAGS'],
- define='HAVE_ATTRIBUTE_USED')
-- # We try to use headers for a compile-time test.
-- conf.CHECK_CODE(code = """#ifdef __BYTE_ORDER
-- #define B __BYTE_ORDER
-- #elif defined(BYTE_ORDER)
-- #define B BYTE_ORDER
-- #endif
--
-- #ifdef __LITTLE_ENDIAN
-- #define LITTLE __LITTLE_ENDIAN
-- #elif defined(LITTLE_ENDIAN)
-- #define LITTLE LITTLE_ENDIAN
-- #endif
--
-- #if !defined(LITTLE) || !defined(B) || LITTLE != B
-- #error Not little endian.
-- #endif""",
-- headers="endian.h sys/endian.h",
-- define="HAVE_LITTLE_ENDIAN")
-- conf.CHECK_CODE(code = """#ifdef __BYTE_ORDER
-- #define B __BYTE_ORDER
-- #elif defined(BYTE_ORDER)
-- #define B BYTE_ORDER
-- #endif
--
-- #ifdef __BIG_ENDIAN
-- #define BIG __BIG_ENDIAN
-- #elif defined(BIG_ENDIAN)
-- #define BIG BIG_ENDIAN
-- #endif
--
-- #if !defined(BIG) || !defined(B) || BIG != B
-- #error Not big endian.
-- #endif""",
-- headers="endian.h sys/endian.h",
-- define="HAVE_BIG_ENDIAN")
--
-- if not conf.CONFIG_SET("HAVE_BIG_ENDIAN") and not conf.CONFIG_SET("HAVE_LITTLE_ENDIAN"):
-- # That didn't work! Do runtime test.
-- conf.CHECK_CODE("""union { int i; char c[sizeof(int)]; } u;
-- u.i = 0x01020304;
-- return u.c[0] == 0x04 && u.c[1] == 0x03 && u.c[2] == 0x02 && u.c[3] == 0x01 ? 0 : 1;""",
-- addmain=True, execute=True,
-- define='HAVE_LITTLE_ENDIAN',
-- msg="Checking for HAVE_LITTLE_ENDIAN - runtime")
-- conf.CHECK_CODE("""union { int i; char c[sizeof(int)]; } u;
-- u.i = 0x01020304;
-- return u.c[0] == 0x01 && u.c[1] == 0x02 && u.c[2] == 0x03 && u.c[3] == 0x04 ? 0 : 1;""",
-- addmain=True, execute=True,
-- define='HAVE_BIG_ENDIAN',
-- msg="Checking for HAVE_BIG_ENDIAN - runtime")
--
-- # Extra sanity check.
-- if conf.CONFIG_SET("HAVE_BIG_ENDIAN") == conf.CONFIG_SET("HAVE_LITTLE_ENDIAN"):
-- Logs.error("Failed endian determination. The PDP-11 is back?")
-- sys.exit(1)
-
- conf.CHECK_CODE('return __builtin_choose_expr(1, 0, "garbage");',
- link=True,
---
-1.9.1
-
diff --git a/meta-networking/recipes-connectivity/samba/samba-4.1.12/0007-waf-Fix-parsing-of-cross-answers-file-in-case-answer.patch b/meta-networking/recipes-connectivity/samba/samba-4.1.12/0007-waf-Fix-parsing-of-cross-answers-file-in-case-answer.patch
deleted file mode 100644
index de0d32c78..000000000
--- a/meta-networking/recipes-connectivity/samba/samba-4.1.12/0007-waf-Fix-parsing-of-cross-answers-file-in-case-answer.patch
+++ /dev/null
@@ -1,36 +0,0 @@
-From 649c731526dc1473bd1804d2903d7559e63616da Mon Sep 17 00:00:00 2001
-From: Uri Simchoni <urisimchoni@gmail.com>
-Date: Mon, 4 May 2015 09:12:45 +0300
-Subject: [PATCH 7/7] waf: Fix parsing of cross-answers file in case answer includes a colon
-
-The answer provided in the cross-answers file may include a colon,
-as in:
-Checking uname version type: "#57-Ubuntu SMP Tue Jul 15 03:51:08 UTC 2014"
-
-Signed-off-by: Uri Simchoni <urisimchoni@gmail.com>
-Reviewed-by: Andrew Bartlett <abartlet@samba.org>
-Reviewed-by: Alexander Bokovoy <ab@samba.org>
-
-Upstream-Status: Backport
-
-Signed-off-by: Jackie Huang <jackie.huang@windriver.com>
----
- buildtools/wafsamba/samba_cross.py | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/buildtools/wafsamba/samba_cross.py b/buildtools/wafsamba/samba_cross.py
-index d1e7006..7961212 100644
---- a/buildtools/wafsamba/samba_cross.py
-+++ b/buildtools/wafsamba/samba_cross.py
-@@ -54,7 +54,7 @@ def cross_answer(ca_file, msg):
- if line == '' or line[0] == '#':
- continue
- if line.find(':') != -1:
-- a = line.split(':')
-+ a = line.split(':', 1)
- thismsg = a[0].strip()
- if thismsg != msg:
- continue
---
-1.9.1
-
diff --git a/meta-networking/recipes-connectivity/samba/samba-4.1.12/01-fix-force-user-sec-ads.patch b/meta-networking/recipes-connectivity/samba/samba-4.1.12/01-fix-force-user-sec-ads.patch
deleted file mode 100644
index 6c08cccc6..000000000
--- a/meta-networking/recipes-connectivity/samba/samba-4.1.12/01-fix-force-user-sec-ads.patch
+++ /dev/null
@@ -1,1448 +0,0 @@
-From 80f3551d4f594438dcc93dd82a7953c4a913badd Mon Sep 17 00:00:00 2001
-From: Andreas Schneider <asn@samba.org>
-Date: Mon, 16 Dec 2013 12:57:20 +0100
-Subject: [PATCH 1/7] s3-lib: Add winbind_lookup_usersids().
-
-Pair-Programmed-With: Guenther Deschner <gd@samba.org>
-Signed-off-by: Guenther Deschner <gd@samba.org>
-Signed-off-by: Andreas Schneider <asn@samba.org>
-Reviewed-by: Andrew Bartlett <abartlet@samba.org>
-
-(cherry picked from commit 241e98d8ee099f9cc5feb835085b4abd2b1ee663)
----
- source3/lib/winbind_util.c | 34 +++++
- source3/lib/winbind_util.h | 4 +
- source3/passdb/ABI/pdb-0.1.0.sigs | 311 ++++++++++++++++++++++++++++++++++++++
- source3/wscript_build | 2 +-
- 4 files changed, 350 insertions(+), 1 deletion(-)
- create mode 100644 source3/passdb/ABI/pdb-0.1.0.sigs
-
-diff --git a/source3/lib/winbind_util.c b/source3/lib/winbind_util.c
-index b458ebe..f62682b 100644
---- a/source3/lib/winbind_util.c
-+++ b/source3/lib/winbind_util.c
-@@ -342,6 +342,40 @@ bool winbind_get_sid_aliases(TALLOC_CTX *mem_ctx,
- return true;
- }
-
-+bool winbind_lookup_usersids(TALLOC_CTX *mem_ctx,
-+ const struct dom_sid *user_sid,
-+ uint32_t *p_num_sids,
-+ struct dom_sid **p_sids)
-+{
-+ wbcErr ret;
-+ struct wbcDomainSid dom_sid;
-+ struct wbcDomainSid *sid_list = NULL;
-+ uint32_t num_sids;
-+
-+ memcpy(&dom_sid, user_sid, sizeof(dom_sid));
-+
-+ ret = wbcLookupUserSids(&dom_sid,
-+ false,
-+ &num_sids,
-+ &sid_list);
-+ if (ret != WBC_ERR_SUCCESS) {
-+ return false;
-+ }
-+
-+ *p_sids = talloc_array(mem_ctx, struct dom_sid, num_sids);
-+ if (*p_sids == NULL) {
-+ wbcFreeMemory(sid_list);
-+ return false;
-+ }
-+
-+ memcpy(*p_sids, sid_list, sizeof(dom_sid) * num_sids);
-+
-+ *p_num_sids = num_sids;
-+ wbcFreeMemory(sid_list);
-+
-+ return true;
-+}
-+
- #else /* WITH_WINBIND */
-
- struct passwd * winbind_getpwnam(const char * name)
-diff --git a/source3/lib/winbind_util.h b/source3/lib/winbind_util.h
-index 541bb95..abbc5a9 100644
---- a/source3/lib/winbind_util.h
-+++ b/source3/lib/winbind_util.h
-@@ -58,5 +58,9 @@ bool winbind_get_sid_aliases(TALLOC_CTX *mem_ctx,
- size_t num_members,
- uint32_t **pp_alias_rids,
- size_t *p_num_alias_rids);
-+bool winbind_lookup_usersids(TALLOC_CTX *mem_ctx,
-+ const struct dom_sid *user_sid,
-+ uint32_t *p_num_sids,
-+ struct dom_sid **p_sids);
-
- #endif /* __LIB__WINBIND_UTIL_H__ */
-diff --git a/source3/passdb/ABI/pdb-0.1.0.sigs b/source3/passdb/ABI/pdb-0.1.0.sigs
-new file mode 100644
-index 0000000..f4de9c4
---- /dev/null
-+++ b/source3/passdb/ABI/pdb-0.1.0.sigs
-@@ -0,0 +1,311 @@
-+PDB_secrets_clear_domain_protection: bool (const char *)
-+PDB_secrets_fetch_domain_guid: bool (const char *, struct GUID *)
-+PDB_secrets_fetch_domain_sid: bool (const char *, struct dom_sid *)
-+PDB_secrets_mark_domain_protected: bool (const char *)
-+PDB_secrets_store_domain_guid: bool (const char *, struct GUID *)
-+PDB_secrets_store_domain_sid: bool (const char *, const struct dom_sid *)
-+account_policy_get: bool (enum pdb_policy_type, uint32_t *)
-+account_policy_get_default: bool (enum pdb_policy_type, uint32_t *)
-+account_policy_get_desc: const char *(enum pdb_policy_type)
-+account_policy_name_to_typenum: enum pdb_policy_type (const char *)
-+account_policy_names_list: void (TALLOC_CTX *, const char ***, int *)
-+account_policy_set: bool (enum pdb_policy_type, uint32_t)
-+add_initial_entry: NTSTATUS (gid_t, const char *, enum lsa_SidType, const char *, const char *)
-+algorithmic_pdb_gid_to_group_rid: uint32_t (gid_t)
-+algorithmic_pdb_rid_is_user: bool (uint32_t)
-+algorithmic_pdb_uid_to_user_rid: uint32_t (uid_t)
-+algorithmic_pdb_user_rid_to_uid: uid_t (uint32_t)
-+algorithmic_rid_base: int (void)
-+builtin_domain_name: const char *(void)
-+cache_account_policy_get: bool (enum pdb_policy_type, uint32_t *)
-+cache_account_policy_set: bool (enum pdb_policy_type, uint32_t)
-+create_builtin_administrators: NTSTATUS (const struct dom_sid *)
-+create_builtin_users: NTSTATUS (const struct dom_sid *)
-+decode_account_policy_name: const char *(enum pdb_policy_type)
-+get_account_pol_db: struct db_context *(void)
-+get_account_policy_attr: const char *(enum pdb_policy_type)
-+get_domain_group_from_sid: bool (struct dom_sid, GROUP_MAP *)
-+get_primary_group_sid: NTSTATUS (TALLOC_CTX *, const char *, struct passwd **, struct dom_sid **)
-+get_privileges_for_sid_as_set: NTSTATUS (TALLOC_CTX *, PRIVILEGE_SET **, struct dom_sid *)
-+get_privileges_for_sids: bool (uint64_t *, struct dom_sid *, int)
-+get_trust_pw_clear: bool (const char *, char **, const char **, enum netr_SchannelType *)
-+get_trust_pw_hash: bool (const char *, uint8_t *, const char **, enum netr_SchannelType *)
-+gid_to_sid: void (struct dom_sid *, gid_t)
-+gid_to_unix_groups_sid: void (gid_t, struct dom_sid *)
-+grab_named_mutex: struct named_mutex *(TALLOC_CTX *, const char *, int)
-+grant_all_privileges: bool (const struct dom_sid *)
-+grant_privilege_by_name: bool (const struct dom_sid *, const char *)
-+grant_privilege_set: bool (const struct dom_sid *, struct lsa_PrivilegeSet *)
-+groupdb_tdb_init: const struct mapping_backend *(void)
-+init_account_policy: bool (void)
-+init_buffer_from_samu: uint32_t (uint8_t **, struct samu *, bool)
-+init_samu_from_buffer: bool (struct samu *, uint32_t, uint8_t *, uint32_t)
-+initialize_password_db: bool (bool, struct tevent_context *)
-+is_dc_trusted_domain_situation: bool (const char *)
-+is_privileged_sid: bool (const struct dom_sid *)
-+local_password_change: NTSTATUS (const char *, int, const char *, char **, char **)
-+login_cache_delentry: bool (const struct samu *)
-+login_cache_init: bool (void)
-+login_cache_read: bool (struct samu *, struct login_cache *)
-+login_cache_shutdown: bool (void)
-+login_cache_write: bool (const struct samu *, const struct login_cache *)
-+lookup_builtin_name: bool (const char *, uint32_t *)
-+lookup_builtin_rid: bool (TALLOC_CTX *, uint32_t, const char **)
-+lookup_global_sam_name: bool (const char *, int, uint32_t *, enum lsa_SidType *)
-+lookup_name: bool (TALLOC_CTX *, const char *, int, const char **, const char **, struct dom_sid *, enum lsa_SidType *)
-+lookup_name_smbconf: bool (TALLOC_CTX *, const char *, int, const char **, const char **, struct dom_sid *, enum lsa_SidType *)
-+lookup_sid: bool (TALLOC_CTX *, const struct dom_sid *, const char **, const char **, enum lsa_SidType *)
-+lookup_sids: NTSTATUS (TALLOC_CTX *, int, const struct dom_sid **, int, struct lsa_dom_info **, struct lsa_name_info **)
-+lookup_unix_group_name: bool (const char *, struct dom_sid *)
-+lookup_unix_user_name: bool (const char *, struct dom_sid *)
-+lookup_wellknown_name: bool (TALLOC_CTX *, const char *, struct dom_sid *, const char **)
-+lookup_wellknown_sid: bool (TALLOC_CTX *, const struct dom_sid *, const char **, const char **)
-+make_pdb_method: NTSTATUS (struct pdb_methods **)
-+make_pdb_method_name: NTSTATUS (struct pdb_methods **, const char *)
-+max_algorithmic_gid: gid_t (void)
-+max_algorithmic_uid: uid_t (void)
-+my_sam_name: const char *(void)
-+pdb_add_aliasmem: NTSTATUS (const struct dom_sid *, const struct dom_sid *)
-+pdb_add_group_mapping_entry: NTSTATUS (GROUP_MAP *)
-+pdb_add_groupmem: NTSTATUS (TALLOC_CTX *, uint32_t, uint32_t)
-+pdb_add_sam_account: NTSTATUS (struct samu *)
-+pdb_build_fields_present: uint32_t (struct samu *)
-+pdb_capabilities: uint32_t (void)
-+pdb_copy_sam_account: bool (struct samu *, struct samu *)
-+pdb_create_alias: NTSTATUS (const char *, uint32_t *)
-+pdb_create_builtin: NTSTATUS (uint32_t)
-+pdb_create_builtin_alias: NTSTATUS (uint32_t, gid_t)
-+pdb_create_dom_group: NTSTATUS (TALLOC_CTX *, const char *, uint32_t *)
-+pdb_create_user: NTSTATUS (TALLOC_CTX *, const char *, uint32_t, uint32_t *)
-+pdb_decode_acct_ctrl: uint32_t (const char *)
-+pdb_default_add_aliasmem: NTSTATUS (struct pdb_methods *, const struct dom_sid *, const struct dom_sid *)
-+pdb_default_add_group_mapping_entry: NTSTATUS (struct pdb_methods *, GROUP_MAP *)
-+pdb_default_alias_memberships: NTSTATUS (struct pdb_methods *, TALLOC_CTX *, const struct dom_sid *, const struct dom_sid *, size_t, uint32_t **, size_t *)
-+pdb_default_create_alias: NTSTATUS (struct pdb_methods *, const char *, uint32_t *)
-+pdb_default_del_aliasmem: NTSTATUS (struct pdb_methods *, const struct dom_sid *, const struct dom_sid *)
-+pdb_default_delete_alias: NTSTATUS (struct pdb_methods *, const struct dom_sid *)
-+pdb_default_delete_group_mapping_entry: NTSTATUS (struct pdb_methods *, struct dom_sid)
-+pdb_default_enum_aliasmem: NTSTATUS (struct pdb_methods *, const struct dom_sid *, TALLOC_CTX *, struct dom_sid **, size_t *)
-+pdb_default_enum_group_mapping: NTSTATUS (struct pdb_methods *, const struct dom_sid *, enum lsa_SidType, GROUP_MAP ***, size_t *, bool)
-+pdb_default_get_aliasinfo: NTSTATUS (struct pdb_methods *, const struct dom_sid *, struct acct_info *)
-+pdb_default_getgrgid: NTSTATUS (struct pdb_methods *, GROUP_MAP *, gid_t)
-+pdb_default_getgrnam: NTSTATUS (struct pdb_methods *, GROUP_MAP *, const char *)
-+pdb_default_getgrsid: NTSTATUS (struct pdb_methods *, GROUP_MAP *, struct dom_sid)
-+pdb_default_set_aliasinfo: NTSTATUS (struct pdb_methods *, const struct dom_sid *, struct acct_info *)
-+pdb_default_update_group_mapping_entry: NTSTATUS (struct pdb_methods *, GROUP_MAP *)
-+pdb_del_aliasmem: NTSTATUS (const struct dom_sid *, const struct dom_sid *)
-+pdb_del_groupmem: NTSTATUS (TALLOC_CTX *, uint32_t, uint32_t)
-+pdb_del_trusted_domain: NTSTATUS (const char *)
-+pdb_del_trusteddom_pw: bool (const char *)
-+pdb_delete_alias: NTSTATUS (const struct dom_sid *)
-+pdb_delete_dom_group: NTSTATUS (TALLOC_CTX *, uint32_t)
-+pdb_delete_group_mapping_entry: NTSTATUS (struct dom_sid)
-+pdb_delete_sam_account: NTSTATUS (struct samu *)
-+pdb_delete_secret: NTSTATUS (const char *)
-+pdb_delete_user: NTSTATUS (TALLOC_CTX *, struct samu *)
-+pdb_element_is_changed: bool (const struct samu *, enum pdb_elements)
-+pdb_element_is_set_or_changed: bool (const struct samu *, enum pdb_elements)
-+pdb_encode_acct_ctrl: char *(uint32_t, size_t)
-+pdb_enum_alias_memberships: NTSTATUS (TALLOC_CTX *, const struct dom_sid *, const struct dom_sid *, size_t, uint32_t **, size_t *)
-+pdb_enum_aliasmem: NTSTATUS (const struct dom_sid *, TALLOC_CTX *, struct dom_sid **, size_t *)
-+pdb_enum_group_mapping: bool (const struct dom_sid *, enum lsa_SidType, GROUP_MAP ***, size_t *, bool)
-+pdb_enum_group_members: NTSTATUS (TALLOC_CTX *, const struct dom_sid *, uint32_t **, size_t *)
-+pdb_enum_group_memberships: NTSTATUS (TALLOC_CTX *, struct samu *, struct dom_sid **, gid_t **, uint32_t *)
-+pdb_enum_trusted_domains: NTSTATUS (TALLOC_CTX *, uint32_t *, struct pdb_trusted_domain ***)
-+pdb_enum_trusteddoms: NTSTATUS (TALLOC_CTX *, uint32_t *, struct trustdom_info ***)
-+pdb_enum_upn_suffixes: NTSTATUS (TALLOC_CTX *, uint32_t *, char ***)
-+pdb_find_backend_entry: struct pdb_init_function_entry *(const char *)
-+pdb_get_account_policy: bool (enum pdb_policy_type, uint32_t *)
-+pdb_get_acct_ctrl: uint32_t (const struct samu *)
-+pdb_get_acct_desc: const char *(const struct samu *)
-+pdb_get_aliasinfo: NTSTATUS (const struct dom_sid *, struct acct_info *)
-+pdb_get_backend_private_data: void *(const struct samu *, const struct pdb_methods *)
-+pdb_get_backends: const struct pdb_init_function_entry *(void)
-+pdb_get_bad_password_count: uint16_t (const struct samu *)
-+pdb_get_bad_password_time: time_t (const struct samu *)
-+pdb_get_code_page: uint16_t (const struct samu *)
-+pdb_get_comment: const char *(const struct samu *)
-+pdb_get_country_code: uint16_t (const struct samu *)
-+pdb_get_dir_drive: const char *(const struct samu *)
-+pdb_get_domain: const char *(const struct samu *)
-+pdb_get_domain_info: struct pdb_domain_info *(TALLOC_CTX *)
-+pdb_get_fullname: const char *(const struct samu *)
-+pdb_get_group_rid: uint32_t (struct samu *)
-+pdb_get_group_sid: const struct dom_sid *(struct samu *)
-+pdb_get_homedir: const char *(const struct samu *)
-+pdb_get_hours: const uint8_t *(const struct samu *)
-+pdb_get_hours_len: uint32_t (const struct samu *)
-+pdb_get_init_flags: enum pdb_value_state (const struct samu *, enum pdb_elements)
-+pdb_get_kickoff_time: time_t (const struct samu *)
-+pdb_get_lanman_passwd: const uint8_t *(const struct samu *)
-+pdb_get_logoff_time: time_t (const struct samu *)
-+pdb_get_logon_count: uint16_t (const struct samu *)
-+pdb_get_logon_divs: uint16_t (const struct samu *)
-+pdb_get_logon_script: const char *(const struct samu *)
-+pdb_get_logon_time: time_t (const struct samu *)
-+pdb_get_munged_dial: const char *(const struct samu *)
-+pdb_get_nt_passwd: const uint8_t *(const struct samu *)
-+pdb_get_nt_username: const char *(const struct samu *)
-+pdb_get_pass_can_change: bool (const struct samu *)
-+pdb_get_pass_can_change_time: time_t (const struct samu *)
-+pdb_get_pass_can_change_time_noncalc: time_t (const struct samu *)
-+pdb_get_pass_last_set_time: time_t (const struct samu *)
-+pdb_get_pass_must_change_time: time_t (const struct samu *)
-+pdb_get_plaintext_passwd: const char *(const struct samu *)
-+pdb_get_profile_path: const char *(const struct samu *)
-+pdb_get_pw_history: const uint8_t *(const struct samu *, uint32_t *)
-+pdb_get_secret: NTSTATUS (TALLOC_CTX *, const char *, DATA_BLOB *, NTTIME *, DATA_BLOB *, NTTIME *, struct security_descriptor **)
-+pdb_get_seq_num: bool (time_t *)
-+pdb_get_tevent_context: struct tevent_context *(void)
-+pdb_get_trusted_domain: NTSTATUS (TALLOC_CTX *, const char *, struct pdb_trusted_domain **)
-+pdb_get_trusted_domain_by_sid: NTSTATUS (TALLOC_CTX *, struct dom_sid *, struct pdb_trusted_domain **)
-+pdb_get_trusteddom_pw: bool (const char *, char **, struct dom_sid *, time_t *)
-+pdb_get_unknown_6: uint32_t (const struct samu *)
-+pdb_get_user_rid: uint32_t (const struct samu *)
-+pdb_get_user_sid: const struct dom_sid *(const struct samu *)
-+pdb_get_username: const char *(const struct samu *)
-+pdb_get_workstations: const char *(const struct samu *)
-+pdb_getgrgid: bool (GROUP_MAP *, gid_t)
-+pdb_getgrnam: bool (GROUP_MAP *, const char *)
-+pdb_getgrsid: bool (GROUP_MAP *, struct dom_sid)
-+pdb_gethexhours: bool (const char *, unsigned char *)
-+pdb_gethexpwd: bool (const char *, unsigned char *)
-+pdb_getsampwnam: bool (struct samu *, const char *)
-+pdb_getsampwsid: bool (struct samu *, const struct dom_sid *)
-+pdb_gid_to_sid: bool (gid_t, struct dom_sid *)
-+pdb_group_rid_to_gid: gid_t (uint32_t)
-+pdb_increment_bad_password_count: bool (struct samu *)
-+pdb_is_password_change_time_max: bool (time_t)
-+pdb_is_responsible_for_builtin: bool (void)
-+pdb_is_responsible_for_our_sam: bool (void)
-+pdb_is_responsible_for_unix_groups: bool (void)
-+pdb_is_responsible_for_unix_users: bool (void)
-+pdb_is_responsible_for_wellknown: bool (void)
-+pdb_lookup_rids: NTSTATUS (const struct dom_sid *, int, uint32_t *, const char **, enum lsa_SidType *)
-+pdb_new_rid: bool (uint32_t *)
-+pdb_nop_add_group_mapping_entry: NTSTATUS (struct pdb_methods *, GROUP_MAP *)
-+pdb_nop_delete_group_mapping_entry: NTSTATUS (struct pdb_methods *, struct dom_sid)
-+pdb_nop_enum_group_mapping: NTSTATUS (struct pdb_methods *, enum lsa_SidType, GROUP_MAP **, size_t *, bool)
-+pdb_nop_getgrgid: NTSTATUS (struct pdb_methods *, GROUP_MAP *, gid_t)
-+pdb_nop_getgrnam: NTSTATUS (struct pdb_methods *, GROUP_MAP *, const char *)
-+pdb_nop_getgrsid: NTSTATUS (struct pdb_methods *, GROUP_MAP *, struct dom_sid)
-+pdb_nop_update_group_mapping_entry: NTSTATUS (struct pdb_methods *, GROUP_MAP *)
-+pdb_rename_sam_account: NTSTATUS (struct samu *, const char *)
-+pdb_search_aliases: struct pdb_search *(TALLOC_CTX *, const struct dom_sid *)
-+pdb_search_entries: uint32_t (struct pdb_search *, uint32_t, uint32_t, struct samr_displayentry **)
-+pdb_search_groups: struct pdb_search *(TALLOC_CTX *)
-+pdb_search_init: struct pdb_search *(TALLOC_CTX *, enum pdb_search_type)
-+pdb_search_users: struct pdb_search *(TALLOC_CTX *, uint32_t)
-+pdb_set_account_policy: bool (enum pdb_policy_type, uint32_t)
-+pdb_set_acct_ctrl: bool (struct samu *, uint32_t, enum pdb_value_state)
-+pdb_set_acct_desc: bool (struct samu *, const char *, enum pdb_value_state)
-+pdb_set_aliasinfo: NTSTATUS (const struct dom_sid *, struct acct_info *)
-+pdb_set_backend_private_data: bool (struct samu *, void *, void (*)(void **), const struct pdb_methods *, enum pdb_value_state)
-+pdb_set_bad_password_count: bool (struct samu *, uint16_t, enum pdb_value_state)
-+pdb_set_bad_password_time: bool (struct samu *, time_t, enum pdb_value_state)
-+pdb_set_code_page: bool (struct samu *, uint16_t, enum pdb_value_state)
-+pdb_set_comment: bool (struct samu *, const char *, enum pdb_value_state)
-+pdb_set_country_code: bool (struct samu *, uint16_t, enum pdb_value_state)
-+pdb_set_dir_drive: bool (struct samu *, const char *, enum pdb_value_state)
-+pdb_set_domain: bool (struct samu *, const char *, enum pdb_value_state)
-+pdb_set_fullname: bool (struct samu *, const char *, enum pdb_value_state)
-+pdb_set_group_sid: bool (struct samu *, const struct dom_sid *, enum pdb_value_state)
-+pdb_set_group_sid_from_rid: bool (struct samu *, uint32_t, enum pdb_value_state)
-+pdb_set_homedir: bool (struct samu *, const char *, enum pdb_value_state)
-+pdb_set_hours: bool (struct samu *, const uint8_t *, int, enum pdb_value_state)
-+pdb_set_hours_len: bool (struct samu *, uint32_t, enum pdb_value_state)
-+pdb_set_init_flags: bool (struct samu *, enum pdb_elements, enum pdb_value_state)
-+pdb_set_kickoff_time: bool (struct samu *, time_t, enum pdb_value_state)
-+pdb_set_lanman_passwd: bool (struct samu *, const uint8_t *, enum pdb_value_state)
-+pdb_set_logoff_time: bool (struct samu *, time_t, enum pdb_value_state)
-+pdb_set_logon_count: bool (struct samu *, uint16_t, enum pdb_value_state)
-+pdb_set_logon_divs: bool (struct samu *, uint16_t, enum pdb_value_state)
-+pdb_set_logon_script: bool (struct samu *, const char *, enum pdb_value_state)
-+pdb_set_logon_time: bool (struct samu *, time_t, enum pdb_value_state)
-+pdb_set_munged_dial: bool (struct samu *, const char *, enum pdb_value_state)
-+pdb_set_nt_passwd: bool (struct samu *, const uint8_t *, enum pdb_value_state)
-+pdb_set_nt_username: bool (struct samu *, const char *, enum pdb_value_state)
-+pdb_set_pass_can_change: bool (struct samu *, bool)
-+pdb_set_pass_can_change_time: bool (struct samu *, time_t, enum pdb_value_state)
-+pdb_set_pass_last_set_time: bool (struct samu *, time_t, enum pdb_value_state)
-+pdb_set_plaintext_passwd: bool (struct samu *, const char *)
-+pdb_set_plaintext_pw_only: bool (struct samu *, const char *, enum pdb_value_state)
-+pdb_set_profile_path: bool (struct samu *, const char *, enum pdb_value_state)
-+pdb_set_pw_history: bool (struct samu *, const uint8_t *, uint32_t, enum pdb_value_state)
-+pdb_set_secret: NTSTATUS (const char *, DATA_BLOB *, DATA_BLOB *, struct security_descriptor *)
-+pdb_set_trusted_domain: NTSTATUS (const char *, const struct pdb_trusted_domain *)
-+pdb_set_trusteddom_pw: bool (const char *, const char *, const struct dom_sid *)
-+pdb_set_unix_primary_group: NTSTATUS (TALLOC_CTX *, struct samu *)
-+pdb_set_unknown_6: bool (struct samu *, uint32_t, enum pdb_value_state)
-+pdb_set_upn_suffixes: NTSTATUS (uint32_t, const char **)
-+pdb_set_user_sid: bool (struct samu *, const struct dom_sid *, enum pdb_value_state)
-+pdb_set_user_sid_from_rid: bool (struct samu *, uint32_t, enum pdb_value_state)
-+pdb_set_user_sid_from_string: bool (struct samu *, const char *, enum pdb_value_state)
-+pdb_set_username: bool (struct samu *, const char *, enum pdb_value_state)
-+pdb_set_workstations: bool (struct samu *, const char *, enum pdb_value_state)
-+pdb_sethexhours: void (char *, const unsigned char *)
-+pdb_sethexpwd: void (char *, const unsigned char *, uint32_t)
-+pdb_sid_to_id: bool (const struct dom_sid *, struct unixid *)
-+pdb_sid_to_id_unix_users_and_groups: bool (const struct dom_sid *, struct unixid *)
-+pdb_uid_to_sid: bool (uid_t, struct dom_sid *)
-+pdb_update_autolock_flag: bool (struct samu *, bool *)
-+pdb_update_bad_password_count: bool (struct samu *, bool *)
-+pdb_update_group_mapping_entry: NTSTATUS (GROUP_MAP *)
-+pdb_update_login_attempts: NTSTATUS (struct samu *, bool)
-+pdb_update_sam_account: NTSTATUS (struct samu *)
-+privilege_create_account: NTSTATUS (const struct dom_sid *)
-+privilege_delete_account: NTSTATUS (const struct dom_sid *)
-+privilege_enum_sids: NTSTATUS (enum sec_privilege, TALLOC_CTX *, struct dom_sid **, int *)
-+privilege_enumerate_accounts: NTSTATUS (struct dom_sid **, int *)
-+revoke_all_privileges: bool (const struct dom_sid *)
-+revoke_privilege_by_name: bool (const struct dom_sid *, const char *)
-+revoke_privilege_set: bool (const struct dom_sid *, struct lsa_PrivilegeSet *)
-+samu_alloc_rid_unix: NTSTATUS (struct pdb_methods *, struct samu *, const struct passwd *)
-+samu_new: struct samu *(TALLOC_CTX *)
-+samu_set_unix: NTSTATUS (struct samu *, const struct passwd *)
-+secrets_trusted_domains: NTSTATUS (TALLOC_CTX *, uint32_t *, struct trustdom_info ***)
-+sid_check_is_builtin: bool (const struct dom_sid *)
-+sid_check_is_for_passdb: bool (const struct dom_sid *)
-+sid_check_is_in_builtin: bool (const struct dom_sid *)
-+sid_check_is_in_unix_groups: bool (const struct dom_sid *)
-+sid_check_is_in_unix_users: bool (const struct dom_sid *)
-+sid_check_is_in_wellknown_domain: bool (const struct dom_sid *)
-+sid_check_is_unix_groups: bool (const struct dom_sid *)
-+sid_check_is_unix_users: bool (const struct dom_sid *)
-+sid_check_is_wellknown_builtin: bool (const struct dom_sid *)
-+sid_check_is_wellknown_domain: bool (const struct dom_sid *, const char **)
-+sid_check_object_is_for_passdb: bool (const struct dom_sid *)
-+sid_to_gid: bool (const struct dom_sid *, gid_t *)
-+sid_to_uid: bool (const struct dom_sid *, uid_t *)
-+sids_to_unixids: bool (const struct dom_sid *, uint32_t, struct unixid *)
-+smb_add_user_group: int (const char *, const char *)
-+smb_create_group: int (const char *, gid_t *)
-+smb_delete_group: int (const char *)
-+smb_delete_user_group: int (const char *, const char *)
-+smb_nscd_flush_group_cache: void (void)
-+smb_nscd_flush_user_cache: void (void)
-+smb_register_passdb: NTSTATUS (int, const char *, pdb_init_function)
-+smb_set_primary_group: int (const char *, const char *)
-+uid_to_sid: void (struct dom_sid *, uid_t)
-+uid_to_unix_users_sid: void (uid_t, struct dom_sid *)
-+unix_groups_domain_name: const char *(void)
-+unix_users_domain_name: const char *(void)
-+unixid_from_both: void (struct unixid *, uint32_t)
-+unixid_from_gid: void (struct unixid *, uint32_t)
-+unixid_from_uid: void (struct unixid *, uint32_t)
-+wb_is_trusted_domain: wbcErr (const char *)
-+winbind_allocate_gid: bool (gid_t *)
-+winbind_allocate_uid: bool (uid_t *)
-+winbind_get_groups: bool (TALLOC_CTX *, const char *, uint32_t *, gid_t **)
-+winbind_get_sid_aliases: bool (TALLOC_CTX *, const struct dom_sid *, const struct dom_sid *, size_t, uint32_t **, size_t *)
-+winbind_getpwnam: struct passwd *(const char *)
-+winbind_getpwsid: struct passwd *(const struct dom_sid *)
-+winbind_gid_to_sid: bool (struct dom_sid *, gid_t)
-+winbind_lookup_name: bool (const char *, const char *, struct dom_sid *, enum lsa_SidType *)
-+winbind_lookup_rids: bool (TALLOC_CTX *, const struct dom_sid *, int, uint32_t *, const char **, const char ***, enum lsa_SidType **)
-+winbind_lookup_sid: bool (TALLOC_CTX *, const struct dom_sid *, const char **, const char **, enum lsa_SidType *)
-+winbind_lookup_usersids: bool (TALLOC_CTX *, const struct dom_sid *, uint32_t *, struct dom_sid **)
-+winbind_ping: bool (void)
-+winbind_sid_to_gid: bool (gid_t *, const struct dom_sid *)
-+winbind_sid_to_uid: bool (uid_t *, const struct dom_sid *)
-+winbind_uid_to_sid: bool (struct dom_sid *, uid_t)
-diff --git a/source3/wscript_build b/source3/wscript_build
-index e0432bf..6d6b6aa 100755
---- a/source3/wscript_build
-+++ b/source3/wscript_build
-@@ -736,7 +736,7 @@ bld.SAMBA3_LIBRARY('pdb',
- passdb/lookup_sid.h''',
- abi_match=private_pdb_match,
- abi_directory='passdb/ABI',
-- vnum='0',
-+ vnum='0.1.0',
- vars=locals())
-
- bld.SAMBA3_LIBRARY('smbldaphelper',
---
-1.8.5.2
-
-
-From 91debcafd196a9e821efddce0a9d75c48f8e168d Mon Sep 17 00:00:00 2001
-From: Andreas Schneider <asn@samba.org>
-Date: Fri, 13 Dec 2013 19:08:34 +0100
-Subject: [PATCH 2/7] s3-auth: Add passwd_to_SamInfo3().
-
-First this function tries to contacts winbind if the user is a domain
-user to get valid information about it. If winbind isn't running it will
-try to create everything from the passwd struct. This is not always
-reliable but works in most cases. It improves the current situation
-which doesn't talk to winbind at all.
-
-Pair-Programmed-With: Guenther Deschner <gd@samba.org>
-Signed-off-by: Guenther Deschner <gd@samba.org>
-Signed-off-by: Andreas Schneider <asn@samba.org>
-Reviewed-by: Andrew Bartlett <abartlet@samba.org>
-(cherry picked from commit 1bb11c7744df6928cb8a096373ab920366b38770)
----
- source3/auth/proto.h | 4 ++
- source3/auth/server_info.c | 116 +++++++++++++++++++++++++++++++++++++++++++++
- 2 files changed, 120 insertions(+)
-
-diff --git a/source3/auth/proto.h b/source3/auth/proto.h
-index 76661fc..8385e66 100644
---- a/source3/auth/proto.h
-+++ b/source3/auth/proto.h
-@@ -286,6 +286,10 @@ NTSTATUS samu_to_SamInfo3(TALLOC_CTX *mem_ctx,
- const char *login_server,
- struct netr_SamInfo3 **_info3,
- struct extra_auth_info *extra);
-+NTSTATUS passwd_to_SamInfo3(TALLOC_CTX *mem_ctx,
-+ const char *unix_username,
-+ const struct passwd *pwd,
-+ struct netr_SamInfo3 **pinfo3);
- struct netr_SamInfo3 *copy_netr_SamInfo3(TALLOC_CTX *mem_ctx,
- struct netr_SamInfo3 *orig);
- struct netr_SamInfo3 *wbcAuthUserInfo_to_netr_SamInfo3(TALLOC_CTX *mem_ctx,
-diff --git a/source3/auth/server_info.c b/source3/auth/server_info.c
-index d2b7d6e..46d8178 100644
---- a/source3/auth/server_info.c
-+++ b/source3/auth/server_info.c
-@@ -24,6 +24,7 @@
- #include "../libcli/security/security.h"
- #include "rpc_client/util_netlogon.h"
- #include "nsswitch/libwbclient/wbclient.h"
-+#include "lib/winbind_util.h"
- #include "passdb.h"
-
- #undef DBGC_CLASS
-@@ -436,6 +437,121 @@ NTSTATUS samu_to_SamInfo3(TALLOC_CTX *mem_ctx,
- return NT_STATUS_OK;
- }
-
-+NTSTATUS passwd_to_SamInfo3(TALLOC_CTX *mem_ctx,
-+ const char *unix_username,
-+ const struct passwd *pwd,
-+ struct netr_SamInfo3 **pinfo3)
-+{
-+ struct netr_SamInfo3 *info3;
-+ NTSTATUS status;
-+ TALLOC_CTX *tmp_ctx;
-+ const char *domain_name = NULL;
-+ const char *user_name = NULL;
-+ struct dom_sid domain_sid;
-+ struct dom_sid user_sid;
-+ struct dom_sid group_sid;
-+ enum lsa_SidType type;
-+ uint32_t num_sids = 0;
-+ struct dom_sid *user_sids = NULL;
-+ bool ok;
-+
-+ tmp_ctx = talloc_stackframe();
-+
-+ ok = lookup_name_smbconf(tmp_ctx,
-+ unix_username,
-+ LOOKUP_NAME_ALL,
-+ &domain_name,
-+ &user_name,
-+ &user_sid,
-+ &type);
-+ if (!ok) {
-+ status = NT_STATUS_NO_SUCH_USER;
-+ goto done;
-+ }
-+
-+ if (type != SID_NAME_USER) {
-+ status = NT_STATUS_NO_SUCH_USER;
-+ goto done;
-+ }
-+
-+ ok = winbind_lookup_usersids(tmp_ctx,
-+ &user_sid,
-+ &num_sids,
-+ &user_sids);
-+ /* Check if winbind is running */
-+ if (ok) {
-+ /*
-+ * Winbind is running and the first element of the user_sids
-+ * is the primary group.
-+ */
-+ if (num_sids > 0) {
-+ group_sid = user_sids[0];
-+ }
-+ } else {
-+ /*
-+ * Winbind is not running, create the group_sid from the
-+ * group id.
-+ */
-+ gid_to_sid(&group_sid, pwd->pw_gid);
-+ }
-+
-+ /* Make sure we have a valid group sid */
-+ ok = !is_null_sid(&group_sid);
-+ if (!ok) {
-+ status = NT_STATUS_NO_SUCH_USER;
-+ goto done;
-+ }
-+
-+ /* Construct a netr_SamInfo3 from the information we have */
-+ info3 = talloc_zero(tmp_ctx, struct netr_SamInfo3);
-+ if (!info3) {
-+ status = NT_STATUS_NO_MEMORY;
-+ goto done;
-+ }
-+
-+ info3->base.account_name.string = talloc_strdup(info3, unix_username);
-+ if (info3->base.account_name.string == NULL) {
-+ status = NT_STATUS_NO_MEMORY;
-+ goto done;
-+ }
-+
-+ ZERO_STRUCT(domain_sid);
-+
-+ sid_copy(&domain_sid, &user_sid);
-+ sid_split_rid(&domain_sid, &info3->base.rid);
-+ info3->base.domain_sid = dom_sid_dup(info3, &domain_sid);
-+
-+ ok = sid_peek_check_rid(&domain_sid, &group_sid,
-+ &info3->base.primary_gid);
-+ if (!ok) {
-+ DEBUG(1, ("The primary group domain sid(%s) does not "
-+ "match the domain sid(%s) for %s(%s)\n",
-+ sid_string_dbg(&group_sid),
-+ sid_string_dbg(&domain_sid),
-+ unix_username,
-+ sid_string_dbg(&user_sid)));
-+ status = NT_STATUS_INVALID_SID;
-+ goto done;
-+ }
-+
-+ info3->base.acct_flags = ACB_NORMAL;
-+
-+ if (num_sids) {
-+ status = group_sids_to_info3(info3, user_sids, num_sids);
-+ if (!NT_STATUS_IS_OK(status)) {
-+ goto done;
-+ }
-+ }
-+
-+ *pinfo3 = talloc_steal(mem_ctx, info3);
-+
-+ status = NT_STATUS_OK;
-+done:
-+ talloc_free(tmp_ctx);
-+
-+ return status;
-+}
-+
- #undef RET_NOMEM
-
- #define RET_NOMEM(ptr) do { \
---
-1.8.5.2
-
-
-From c7b7670dc5cd8dbf727258666b6417d67afafb33 Mon Sep 17 00:00:00 2001
-From: Andreas Schneider <asn@samba.org>
-Date: Fri, 13 Dec 2013 19:11:01 +0100
-Subject: [PATCH 3/7] s3-auth: Pass talloc context to make_server_info_pw().
-
-Pair-Programmed-With: Guenther Deschner <gd@samba.org>
-Signed-off-by: Guenther Deschner <gd@samba.org>
-Signed-off-by: Andreas Schneider <asn@samba.org>
-Reviewed-by: Andrew Bartlett <abartlet@samba.org>
-(cherry picked from commit 1b59c9743cf3fbd66b0b8b52162b2cc8d922e5cf)
----
- source3/auth/auth_unix.c | 7 +++++--
- source3/auth/auth_util.c | 52 +++++++++++++++++++++++++++++-------------------
- source3/auth/proto.h | 7 ++++---
- source3/auth/user_krb5.c | 5 +----
- 4 files changed, 42 insertions(+), 29 deletions(-)
-
-diff --git a/source3/auth/auth_unix.c b/source3/auth/auth_unix.c
-index c8b5435..7b483a2 100644
---- a/source3/auth/auth_unix.c
-+++ b/source3/auth/auth_unix.c
-@@ -67,8 +67,11 @@ static NTSTATUS check_unix_security(const struct auth_context *auth_context,
- unbecome_root();
-
- if (NT_STATUS_IS_OK(nt_status)) {
-- if (pass) {
-- make_server_info_pw(server_info, pass->pw_name, pass);
-+ if (pass != NULL) {
-+ nt_status = make_server_info_pw(mem_ctx,
-+ pass->pw_name,
-+ pass,
-+ server_info);
- } else {
- /* we need to do somthing more useful here */
- nt_status = NT_STATUS_NO_SUCH_USER;
-diff --git a/source3/auth/auth_util.c b/source3/auth/auth_util.c
-index ceaa706..b225b0d 100644
---- a/source3/auth/auth_util.c
-+++ b/source3/auth/auth_util.c
-@@ -639,14 +639,15 @@ NTSTATUS create_local_token(TALLOC_CTX *mem_ctx,
- to a struct samu
- ***************************************************************************/
-
--NTSTATUS make_server_info_pw(struct auth_serversupplied_info **server_info,
-- char *unix_username,
-- struct passwd *pwd)
-+NTSTATUS make_server_info_pw(TALLOC_CTX *mem_ctx,
-+ const char *unix_username,
-+ const struct passwd *pwd,
-+ struct auth_serversupplied_info **server_info)
- {
- NTSTATUS status;
- struct samu *sampass = NULL;
- char *qualified_name = NULL;
-- TALLOC_CTX *mem_ctx = NULL;
-+ TALLOC_CTX *tmp_ctx;
- struct dom_sid u_sid;
- enum lsa_SidType type;
- struct auth_serversupplied_info *result;
-@@ -664,27 +665,27 @@ NTSTATUS make_server_info_pw(struct auth_serversupplied_info **server_info,
- * plaintext passwords were used with no SAM backend.
- */
-
-- mem_ctx = talloc_init("make_server_info_pw_tmp");
-- if (!mem_ctx) {
-+ tmp_ctx = talloc_stackframe();
-+ if (tmp_ctx == NULL) {
- return NT_STATUS_NO_MEMORY;
- }
-
-- qualified_name = talloc_asprintf(mem_ctx, "%s\\%s",
-+ qualified_name = talloc_asprintf(tmp_ctx, "%s\\%s",
- unix_users_domain_name(),
- unix_username );
- if (!qualified_name) {
-- TALLOC_FREE(mem_ctx);
-+ TALLOC_FREE(tmp_ctx);
- return NT_STATUS_NO_MEMORY;
- }
-
-- if (!lookup_name(mem_ctx, qualified_name, LOOKUP_NAME_ALL,
-+ if (!lookup_name(tmp_ctx, qualified_name, LOOKUP_NAME_ALL,
- NULL, NULL,
- &u_sid, &type)) {
-- TALLOC_FREE(mem_ctx);
-+ TALLOC_FREE(tmp_ctx);
- return NT_STATUS_NO_SUCH_USER;
- }
-
-- TALLOC_FREE(mem_ctx);
-+ TALLOC_FREE(tmp_ctx);
-
- if (type != SID_NAME_USER) {
- return NT_STATUS_NO_SUCH_USER;
-@@ -707,7 +708,7 @@ NTSTATUS make_server_info_pw(struct auth_serversupplied_info **server_info,
- /* set the user sid to be the calculated u_sid */
- pdb_set_user_sid(sampass, &u_sid, PDB_SET);
-
-- result = make_server_info(NULL);
-+ result = make_server_info(mem_ctx);
- if (result == NULL) {
- TALLOC_FREE(sampass);
- return NT_STATUS_NO_MEMORY;
-@@ -992,25 +993,36 @@ NTSTATUS make_session_info_from_username(TALLOC_CTX *mem_ctx,
- struct passwd *pwd;
- NTSTATUS status;
- struct auth_serversupplied_info *result;
-+ TALLOC_CTX *tmp_ctx;
-
-- pwd = Get_Pwnam_alloc(talloc_tos(), username);
-- if (pwd == NULL) {
-- return NT_STATUS_NO_SUCH_USER;
-+ tmp_ctx = talloc_stackframe();
-+ if (tmp_ctx == NULL) {
-+ return NT_STATUS_NO_MEMORY;
- }
-
-- status = make_server_info_pw(&result, pwd->pw_name, pwd);
-+ pwd = Get_Pwnam_alloc(tmp_ctx, username);
-+ if (pwd == NULL) {
-+ status = NT_STATUS_NO_SUCH_USER;
-+ goto done;
-+ }
-
-+ status = make_server_info_pw(tmp_ctx, pwd->pw_name, pwd, &result);
- if (!NT_STATUS_IS_OK(status)) {
-- return status;
-+ goto done;
- }
-
- result->nss_token = true;
- result->guest = is_guest;
-
- /* Now turn the server_info into a session_info with the full token etc */
-- status = create_local_token(mem_ctx, result, NULL, pwd->pw_name, session_info);
-- TALLOC_FREE(result);
-- TALLOC_FREE(pwd);
-+ status = create_local_token(mem_ctx,
-+ result,
-+ NULL,
-+ pwd->pw_name,
-+ session_info);
-+
-+done:
-+ talloc_free(tmp_ctx);
-
- return status;
- }
-diff --git a/source3/auth/proto.h b/source3/auth/proto.h
-index 8385e66..7abca07 100644
---- a/source3/auth/proto.h
-+++ b/source3/auth/proto.h
-@@ -206,9 +206,10 @@ bool user_in_group_sid(const char *username, const struct dom_sid *group_sid);
- bool user_sid_in_group_sid(const struct dom_sid *sid, const struct dom_sid *group_sid);
- bool user_in_group(const char *username, const char *groupname);
- struct passwd;
--NTSTATUS make_server_info_pw(struct auth_serversupplied_info **server_info,
-- char *unix_username,
-- struct passwd *pwd);
-+NTSTATUS make_server_info_pw(TALLOC_CTX *mem_ctx,
-+ const char *unix_username,
-+ const struct passwd *pwd,
-+ struct auth_serversupplied_info **server_info);
- NTSTATUS make_session_info_from_username(TALLOC_CTX *mem_ctx,
- const char *username,
- bool is_guest,
-diff --git a/source3/auth/user_krb5.c b/source3/auth/user_krb5.c
-index 974a8aa..7d44285 100644
---- a/source3/auth/user_krb5.c
-+++ b/source3/auth/user_krb5.c
-@@ -242,7 +242,7 @@ NTSTATUS make_session_info_krb5(TALLOC_CTX *mem_ctx,
- */
- DEBUG(10, ("didn't find user %s in passdb, calling "
- "make_server_info_pw\n", username));
-- status = make_server_info_pw(&tmp, username, pw);
-+ status = make_server_info_pw(mem_ctx, username, pw, &tmp);
- }
-
- TALLOC_FREE(sampass);
-@@ -253,9 +253,6 @@ NTSTATUS make_session_info_krb5(TALLOC_CTX *mem_ctx,
- return status;
- }
-
-- /* Steal tmp server info into the server_info pointer. */
-- server_info = talloc_move(mem_ctx, &tmp);
--
- /* make_server_info_pw does not set the domain. Without this
- * we end up with the local netbios name in substitutions for
- * %D. */
---
-1.8.5.2
-
-
-From 4fbd13598e8bdc6acf41329f71de806de4265f36 Mon Sep 17 00:00:00 2001
-From: Andreas Schneider <asn@samba.org>
-Date: Fri, 13 Dec 2013 19:19:02 +0100
-Subject: [PATCH 4/7] s3-auth: Add passwd_to_SamInfo3().
-
-Correctly lookup users which come from smb.conf. passwd_to_SamInfo3()
-tries to contact winbind if the user is a domain user to get
-valid information about it. If winbind isn't running it will try to
-create everything from the passwd struct. This is not always reliable
-but works in most cases. It improves the current situation which doesn't
-talk to winbind at all.
-
-BUG: https://bugzilla.samba.org/show_bug.cgi?id=8598
-
-Pair-Programmed-With: Guenther Deschner <gd@samba.org>
-Signed-off-by: Andreas Schneider <asn@samba.org>
-Reviewed-by: Andrew Bartlett <abartlet@samba.org>
-
-Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
-Autobuild-Date(master): Wed Feb 5 01:40:38 CET 2014 on sn-devel-104
-
-(cherry picked from commit 40e6456b5896e934fcd581c2cac2389984256e09)
----
- source3/auth/auth_util.c | 87 +++++++++-------------------------------------
- source3/auth/server_info.c | 22 ++++++++++--
- 2 files changed, 36 insertions(+), 73 deletions(-)
-
-diff --git a/source3/auth/auth_util.c b/source3/auth/auth_util.c
-index b225b0d..24190af 100644
---- a/source3/auth/auth_util.c
-+++ b/source3/auth/auth_util.c
-@@ -645,98 +645,43 @@ NTSTATUS make_server_info_pw(TALLOC_CTX *mem_ctx,
- struct auth_serversupplied_info **server_info)
- {
- NTSTATUS status;
-- struct samu *sampass = NULL;
-- char *qualified_name = NULL;
-- TALLOC_CTX *tmp_ctx;
-- struct dom_sid u_sid;
-- enum lsa_SidType type;
-+ TALLOC_CTX *tmp_ctx = NULL;
- struct auth_serversupplied_info *result;
-
-- /*
-- * The SID returned in server_info->sam_account is based
-- * on our SAM sid even though for a pure UNIX account this should
-- * not be the case as it doesn't really exist in the SAM db.
-- * This causes lookups on "[in]valid users" to fail as they
-- * will lookup this name as a "Unix User" SID to check against
-- * the user token. Fix this by adding the "Unix User"\unix_username
-- * SID to the sid array. The correct fix should probably be
-- * changing the server_info->sam_account user SID to be a
-- * S-1-22 Unix SID, but this might break old configs where
-- * plaintext passwords were used with no SAM backend.
-- */
--
- tmp_ctx = talloc_stackframe();
- if (tmp_ctx == NULL) {
- return NT_STATUS_NO_MEMORY;
- }
-
-- qualified_name = talloc_asprintf(tmp_ctx, "%s\\%s",
-- unix_users_domain_name(),
-- unix_username );
-- if (!qualified_name) {
-- TALLOC_FREE(tmp_ctx);
-- return NT_STATUS_NO_MEMORY;
-- }
--
-- if (!lookup_name(tmp_ctx, qualified_name, LOOKUP_NAME_ALL,
-- NULL, NULL,
-- &u_sid, &type)) {
-- TALLOC_FREE(tmp_ctx);
-- return NT_STATUS_NO_SUCH_USER;
-- }
--
-- TALLOC_FREE(tmp_ctx);
--
-- if (type != SID_NAME_USER) {
-- return NT_STATUS_NO_SUCH_USER;
-- }
--
-- if ( !(sampass = samu_new( NULL )) ) {
-- return NT_STATUS_NO_MEMORY;
-- }
--
-- status = samu_set_unix( sampass, pwd );
-- if (!NT_STATUS_IS_OK(status)) {
-- return status;
-- }
--
-- /* In pathological cases the above call can set the account
-- * name to the DOMAIN\username form. Reset the account name
-- * using unix_username */
-- pdb_set_username(sampass, unix_username, PDB_SET);
--
-- /* set the user sid to be the calculated u_sid */
-- pdb_set_user_sid(sampass, &u_sid, PDB_SET);
--
-- result = make_server_info(mem_ctx);
-+ result = make_server_info(tmp_ctx);
- if (result == NULL) {
-- TALLOC_FREE(sampass);
-- return NT_STATUS_NO_MEMORY;
-+ status = NT_STATUS_NO_MEMORY;
-+ goto done;
- }
-
-- status = samu_to_SamInfo3(result, sampass, lp_netbios_name(),
-- &result->info3, &result->extra);
-- TALLOC_FREE(sampass);
-+ status = passwd_to_SamInfo3(result,
-+ unix_username,
-+ pwd,
-+ &result->info3);
- if (!NT_STATUS_IS_OK(status)) {
-- DEBUG(10, ("Failed to convert samu to info3: %s\n",
-- nt_errstr(status)));
-- TALLOC_FREE(result);
-- return status;
-+ goto done;
- }
-
- result->unix_name = talloc_strdup(result, unix_username);
--
- if (result->unix_name == NULL) {
-- TALLOC_FREE(result);
-- return NT_STATUS_NO_MEMORY;
-+ status = NT_STATUS_NO_MEMORY;
-+ goto done;
- }
-
- result->utok.uid = pwd->pw_uid;
- result->utok.gid = pwd->pw_gid;
-
-- *server_info = result;
-+ *server_info = talloc_steal(mem_ctx, result);
-+ status = NT_STATUS_OK;
-+done:
-+ talloc_free(tmp_ctx);
-
-- return NT_STATUS_OK;
-+ return status;
- }
-
- static NTSTATUS get_system_info3(TALLOC_CTX *mem_ctx,
-diff --git a/source3/auth/server_info.c b/source3/auth/server_info.c
-index 46d8178..43711d5 100644
---- a/source3/auth/server_info.c
-+++ b/source3/auth/server_info.c
-@@ -489,10 +489,28 @@ NTSTATUS passwd_to_SamInfo3(TALLOC_CTX *mem_ctx,
- }
- } else {
- /*
-- * Winbind is not running, create the group_sid from the
-- * group id.
-+ * Winbind is not running, try to create the group_sid from the
-+ * passwd group id.
-+ */
-+
-+ /*
-+ * This can lead to a primary group of S-1-22-2-XX which
-+ * will be rejected by other Samba code.
- */
- gid_to_sid(&group_sid, pwd->pw_gid);
-+
-+ ZERO_STRUCT(domain_sid);
-+
-+ /*
-+ * If we are a unix group, set the group_sid to the
-+ * 'Domain Users' RID of 513 which will always resolve to a
-+ * name.
-+ */
-+ if (sid_check_is_in_unix_groups(&group_sid)) {
-+ sid_compose(&group_sid,
-+ get_global_sam_sid(),
-+ DOMAIN_RID_USERS);
-+ }
- }
-
- /* Make sure we have a valid group sid */
---
-1.8.5.2
-
-
-From 76bb5e0888f4131ab773d90160051a51c401c90d Mon Sep 17 00:00:00 2001
-From: Andreas Schneider <asn@samba.org>
-Date: Tue, 18 Feb 2014 10:02:57 +0100
-Subject: [PATCH 5/7] s3-auth: Pass mem_ctx to make_server_info_sam().
-
-Coverity-Id: 1168009
-BUG: https://bugzilla.samba.org/show_bug.cgi?id=8598
-
-Signed-off-by: Andreas Schneider <asn@samba.org>
-
-Change-Id: Ie614b0654c3a7eec1ebb10dbb9763696eec795bd
-Reviewed-by: Andrew Bartlett <abartlet@samba.org>
-(cherry picked from commit 3dc72266005e87a291f5bf9847257e8c54314d39)
----
- source3/auth/check_samsec.c | 2 +-
- source3/auth/proto.h | 5 ++--
- source3/auth/server_info_sam.c | 56 +++++++++++++++++++++++++++---------------
- source3/auth/user_krb5.c | 12 +++++----
- 4 files changed, 47 insertions(+), 28 deletions(-)
-
-diff --git a/source3/auth/check_samsec.c b/source3/auth/check_samsec.c
-index 7ed8cc2..b6cac60 100644
---- a/source3/auth/check_samsec.c
-+++ b/source3/auth/check_samsec.c
-@@ -482,7 +482,7 @@ NTSTATUS check_sam_security(const DATA_BLOB *challenge,
- }
-
- become_root();
-- nt_status = make_server_info_sam(server_info, sampass);
-+ nt_status = make_server_info_sam(mem_ctx, sampass, server_info);
- unbecome_root();
-
- TALLOC_FREE(sampass);
-diff --git a/source3/auth/proto.h b/source3/auth/proto.h
-index 7abca07..eac3e54 100644
---- a/source3/auth/proto.h
-+++ b/source3/auth/proto.h
-@@ -190,8 +190,9 @@ bool make_user_info_guest(const struct tsocket_address *remote_address,
- struct auth_usersupplied_info **user_info);
-
- struct samu;
--NTSTATUS make_server_info_sam(struct auth_serversupplied_info **server_info,
-- struct samu *sampass);
-+NTSTATUS make_server_info_sam(TALLOC_CTX *mem_ctx,
-+ struct samu *sampass,
-+ struct auth_serversupplied_info **pserver_info);
- NTSTATUS create_local_token(TALLOC_CTX *mem_ctx,
- const struct auth_serversupplied_info *server_info,
- DATA_BLOB *session_key,
-diff --git a/source3/auth/server_info_sam.c b/source3/auth/server_info_sam.c
-index 5d657f9..47087b1 100644
---- a/source3/auth/server_info_sam.c
-+++ b/source3/auth/server_info_sam.c
-@@ -58,39 +58,51 @@ static bool is_our_machine_account(const char *username)
- Make (and fill) a user_info struct from a struct samu
- ***************************************************************************/
-
--NTSTATUS make_server_info_sam(struct auth_serversupplied_info **server_info,
-- struct samu *sampass)
-+NTSTATUS make_server_info_sam(TALLOC_CTX *mem_ctx,
-+ struct samu *sampass,
-+ struct auth_serversupplied_info **pserver_info)
- {
- struct passwd *pwd;
-- struct auth_serversupplied_info *result;
-+ struct auth_serversupplied_info *server_info;
- const char *username = pdb_get_username(sampass);
-+ TALLOC_CTX *tmp_ctx;
- NTSTATUS status;
-
-- if ( !(result = make_server_info(NULL)) ) {
-+ tmp_ctx = talloc_stackframe();
-+ if (tmp_ctx == NULL) {
- return NT_STATUS_NO_MEMORY;
- }
-
-- if ( !(pwd = Get_Pwnam_alloc(result, username)) ) {
-+ server_info = make_server_info(tmp_ctx);
-+ if (server_info == NULL) {
-+ return NT_STATUS_NO_MEMORY;
-+ }
-+
-+ pwd = Get_Pwnam_alloc(tmp_ctx, username);
-+ if (pwd == NULL) {
- DEBUG(1, ("User %s in passdb, but getpwnam() fails!\n",
- pdb_get_username(sampass)));
-- TALLOC_FREE(result);
-- return NT_STATUS_NO_SUCH_USER;
-+ status = NT_STATUS_NO_SUCH_USER;
-+ goto out;
- }
-
-- status = samu_to_SamInfo3(result, sampass, lp_netbios_name(),
-- &result->info3, &result->extra);
-+ status = samu_to_SamInfo3(server_info,
-+ sampass,
-+ lp_netbios_name(),
-+ &server_info->info3,
-+ &server_info->extra);
- if (!NT_STATUS_IS_OK(status)) {
-- TALLOC_FREE(result);
-- return status;
-+ goto out;
- }
-
-- result->unix_name = pwd->pw_name;
-- /* Ensure that we keep pwd->pw_name, because we will free pwd below */
-- talloc_steal(result, pwd->pw_name);
-- result->utok.gid = pwd->pw_gid;
-- result->utok.uid = pwd->pw_uid;
-+ server_info->unix_name = talloc_strdup(server_info, pwd->pw_name);
-+ if (server_info->unix_name == NULL) {
-+ status = NT_STATUS_NO_MEMORY;
-+ goto out;
-+ }
-
-- TALLOC_FREE(pwd);
-+ server_info->utok.gid = pwd->pw_gid;
-+ server_info->utok.uid = pwd->pw_uid;
-
- if (IS_DC && is_our_machine_account(username)) {
- /*
-@@ -110,9 +122,13 @@ NTSTATUS make_server_info_sam(struct auth_serversupplied_info **server_info,
- }
-
- DEBUG(5,("make_server_info_sam: made server info for user %s -> %s\n",
-- pdb_get_username(sampass), result->unix_name));
-+ pdb_get_username(sampass), server_info->unix_name));
-+
-+ *pserver_info = talloc_steal(mem_ctx, server_info);
-
-- *server_info = result;
-+ status = NT_STATUS_OK;
-+out:
-+ talloc_free(tmp_ctx);
-
-- return NT_STATUS_OK;
-+ return status;
- }
-diff --git a/source3/auth/user_krb5.c b/source3/auth/user_krb5.c
-index 7d44285..e40c8ac 100644
---- a/source3/auth/user_krb5.c
-+++ b/source3/auth/user_krb5.c
-@@ -223,9 +223,6 @@ NTSTATUS make_session_info_krb5(TALLOC_CTX *mem_ctx,
- * SID consistency with ntlmssp session setup
- */
- struct samu *sampass;
-- /* The stupid make_server_info_XX functions here
-- don't take a talloc context. */
-- struct auth_serversupplied_info *tmp = NULL;
-
- sampass = samu_new(talloc_tos());
- if (sampass == NULL) {
-@@ -235,14 +232,19 @@ NTSTATUS make_session_info_krb5(TALLOC_CTX *mem_ctx,
- if (pdb_getsampwnam(sampass, username)) {
- DEBUG(10, ("found user %s in passdb, calling "
- "make_server_info_sam\n", username));
-- status = make_server_info_sam(&tmp, sampass);
-+ status = make_server_info_sam(mem_ctx,
-+ sampass,
-+ &server_info);
- } else {
- /*
- * User not in passdb, make it up artificially
- */
- DEBUG(10, ("didn't find user %s in passdb, calling "
- "make_server_info_pw\n", username));
-- status = make_server_info_pw(mem_ctx, username, pw, &tmp);
-+ status = make_server_info_pw(mem_ctx,
-+ username,
-+ pw,
-+ &server_info);
- }
-
- TALLOC_FREE(sampass);
---
-1.8.5.2
-
-
-From f9c0adb6237c6e60c33ee6af21f55c0cdefa132c Mon Sep 17 00:00:00 2001
-From: Andreas Schneider <asn@samba.org>
-Date: Tue, 18 Feb 2014 10:19:57 +0100
-Subject: [PATCH 6/7] s3-auth: Pass mem_ctx to auth_check_ntlm_password().
-
-Coverity-Id: 1168009
-BUG: https://bugzilla.samba.org/show_bug.cgi?id=8598
-
-Signed-off-by: Andreas Schneider <asn@samba.org>
-
-Change-Id: Ie01674561a6a75239a13918d3190c2f21c3efc7a
-Reviewed-by: Andrew Bartlett <abartlet@samba.org>
-(cherry picked from commit 4d792db03f18aa164b565c7fdc7b446c174fba28)
----
- source3/auth/auth.c | 50 ++++++++++++++++++-----------
- source3/auth/auth_ntlmssp.c | 6 ++--
- source3/auth/proto.h | 8 +++--
- source3/rpc_server/netlogon/srv_netlog_nt.c | 6 ++--
- source3/torture/pdbtest.c | 5 ++-
- 5 files changed, 48 insertions(+), 27 deletions(-)
-
-diff --git a/source3/auth/auth.c b/source3/auth/auth.c
-index c3797cf..dc9af02 100644
---- a/source3/auth/auth.c
-+++ b/source3/auth/auth.c
-@@ -160,18 +160,19 @@ static bool check_domain_match(const char *user, const char *domain)
- *
- **/
-
--NTSTATUS auth_check_ntlm_password(const struct auth_context *auth_context,
-- const struct auth_usersupplied_info *user_info,
-- struct auth_serversupplied_info **server_info)
-+NTSTATUS auth_check_ntlm_password(TALLOC_CTX *mem_ctx,
-+ const struct auth_context *auth_context,
-+ const struct auth_usersupplied_info *user_info,
-+ struct auth_serversupplied_info **pserver_info)
- {
- /* if all the modules say 'not for me' this is reasonable */
- NTSTATUS nt_status = NT_STATUS_NO_SUCH_USER;
- const char *unix_username;
- auth_methods *auth_method;
-- TALLOC_CTX *mem_ctx;
-
-- if (!user_info || !auth_context || !server_info)
-+ if (user_info == NULL || auth_context == NULL || pserver_info == NULL) {
- return NT_STATUS_LOGON_FAILURE;
-+ }
-
- DEBUG(3, ("check_ntlm_password: Checking password for unmapped user [%s]\\[%s]@[%s] with the new password interface\n",
- user_info->client.domain_name, user_info->client.account_name, user_info->workstation_name));
-@@ -205,17 +206,27 @@ NTSTATUS auth_check_ntlm_password(const struct auth_context *auth_context,
- return NT_STATUS_LOGON_FAILURE;
-
- for (auth_method = auth_context->auth_method_list;auth_method; auth_method = auth_method->next) {
-+ struct auth_serversupplied_info *server_info;
-+ TALLOC_CTX *tmp_ctx;
- NTSTATUS result;
-
-- mem_ctx = talloc_init("%s authentication for user %s\\%s", auth_method->name,
-- user_info->mapped.domain_name, user_info->client.account_name);
-+ tmp_ctx = talloc_named(mem_ctx,
-+ 0,
-+ "%s authentication for user %s\\%s",
-+ auth_method->name,
-+ user_info->mapped.domain_name,
-+ user_info->client.account_name);
-
-- result = auth_method->auth(auth_context, auth_method->private_data, mem_ctx, user_info, server_info);
-+ result = auth_method->auth(auth_context,
-+ auth_method->private_data,
-+ tmp_ctx,
-+ user_info,
-+ &server_info);
-
- /* check if the module did anything */
- if ( NT_STATUS_V(result) == NT_STATUS_V(NT_STATUS_NOT_IMPLEMENTED) ) {
- DEBUG(10,("check_ntlm_password: %s had nothing to say\n", auth_method->name));
-- talloc_destroy(mem_ctx);
-+ TALLOC_FREE(tmp_ctx);
- continue;
- }
-
-@@ -229,19 +240,20 @@ NTSTATUS auth_check_ntlm_password(const struct auth_context *auth_context,
- auth_method->name, user_info->client.account_name, nt_errstr(nt_status)));
- }
-
-- talloc_destroy(mem_ctx);
--
-- if ( NT_STATUS_IS_OK(nt_status))
-- {
-- break;
-+ if (NT_STATUS_IS_OK(nt_status)) {
-+ *pserver_info = talloc_steal(mem_ctx, server_info);
-+ TALLOC_FREE(tmp_ctx);
-+ break;
- }
-+
-+ TALLOC_FREE(tmp_ctx);
- }
-
- /* successful authentication */
-
- if (NT_STATUS_IS_OK(nt_status)) {
-- unix_username = (*server_info)->unix_name;
-- if (!(*server_info)->guest) {
-+ unix_username = (*pserver_info)->unix_name;
-+ if (!(*pserver_info)->guest) {
- const char *rhost;
-
- if (tsocket_address_is_inet(user_info->remote_host, "ip")) {
-@@ -270,9 +282,9 @@ NTSTATUS auth_check_ntlm_password(const struct auth_context *auth_context,
- }
-
- if (NT_STATUS_IS_OK(nt_status)) {
-- DEBUG((*server_info)->guest ? 5 : 2,
-+ DEBUG((*pserver_info)->guest ? 5 : 2,
- ("check_ntlm_password: %sauthentication for user [%s] -> [%s] -> [%s] succeeded\n",
-- (*server_info)->guest ? "guest " : "",
-+ (*pserver_info)->guest ? "guest " : "",
- user_info->client.account_name,
- user_info->mapped.account_name,
- unix_username));
-@@ -286,7 +298,7 @@ NTSTATUS auth_check_ntlm_password(const struct auth_context *auth_context,
- DEBUG(2, ("check_ntlm_password: Authentication for user [%s] -> [%s] FAILED with error %s\n",
- user_info->client.account_name, user_info->mapped.account_name,
- nt_errstr(nt_status)));
-- ZERO_STRUCTP(server_info);
-+ ZERO_STRUCTP(pserver_info);
-
- return nt_status;
- }
-diff --git a/source3/auth/auth_ntlmssp.c b/source3/auth/auth_ntlmssp.c
-index f99bd44..cb7726c 100644
---- a/source3/auth/auth_ntlmssp.c
-+++ b/source3/auth/auth_ntlmssp.c
-@@ -134,8 +134,10 @@ NTSTATUS auth3_check_password(struct auth4_context *auth4_context,
-
- mapped_user_info->flags = user_info->flags;
-
-- nt_status = auth_check_ntlm_password(auth_context,
-- mapped_user_info, &server_info);
-+ nt_status = auth_check_ntlm_password(mem_ctx,
-+ auth_context,
-+ mapped_user_info,
-+ &server_info);
-
- if (!NT_STATUS_IS_OK(nt_status)) {
- DEBUG(5,("Checking NTLMSSP password for %s\\%s failed: %s\n",
-diff --git a/source3/auth/proto.h b/source3/auth/proto.h
-index eac3e54..15b1ba0 100644
---- a/source3/auth/proto.h
-+++ b/source3/auth/proto.h
-@@ -65,6 +65,8 @@ NTSTATUS auth_get_ntlm_challenge(struct auth_context *auth_context,
- * struct. When the return is other than NT_STATUS_OK the contents
- * of that structure is undefined.
- *
-+ * @param mem_ctx The memory context to use to allocate server_info
-+ *
- * @param user_info Contains the user supplied components, including the passwords.
- * Must be created with make_user_info() or one of its wrappers.
- *
-@@ -79,9 +81,9 @@ NTSTATUS auth_get_ntlm_challenge(struct auth_context *auth_context,
- * @return An NTSTATUS with NT_STATUS_OK or an appropriate error.
- *
- **/
--
--NTSTATUS auth_check_ntlm_password(const struct auth_context *auth_context,
-- const struct auth_usersupplied_info *user_info,
-+NTSTATUS auth_check_ntlm_password(TALLOC_CTX *mem_ctx,
-+ const struct auth_context *auth_context,
-+ const struct auth_usersupplied_info *user_info,
- struct auth_serversupplied_info **server_info);
-
- /* The following definitions come from auth/auth_builtin.c */
-diff --git a/source3/rpc_server/netlogon/srv_netlog_nt.c b/source3/rpc_server/netlogon/srv_netlog_nt.c
-index e5ca474..0c8c9a5 100644
---- a/source3/rpc_server/netlogon/srv_netlog_nt.c
-+++ b/source3/rpc_server/netlogon/srv_netlog_nt.c
-@@ -1650,8 +1650,10 @@ static NTSTATUS _netr_LogonSamLogon_base(struct pipes_struct *p,
- } /* end switch */
-
- if ( NT_STATUS_IS_OK(status) ) {
-- status = auth_check_ntlm_password(auth_context,
-- user_info, &server_info);
-+ status = auth_check_ntlm_password(p->mem_ctx,
-+ auth_context,
-+ user_info,
-+ &server_info);
- }
-
- TALLOC_FREE(auth_context);
-diff --git a/source3/torture/pdbtest.c b/source3/torture/pdbtest.c
-index 17da455..14d58b9 100644
---- a/source3/torture/pdbtest.c
-+++ b/source3/torture/pdbtest.c
-@@ -304,7 +304,10 @@ static bool test_auth(TALLOC_CTX *mem_ctx, struct samu *pdb_entry)
- return False;
- }
-
-- status = auth_check_ntlm_password(auth_context, user_info, &server_info);
-+ status = auth_check_ntlm_password(mem_ctx,
-+ auth_context,
-+ user_info,
-+ &server_info);
-
- if (!NT_STATUS_IS_OK(status)) {
- DEBUG(0, ("Failed to test authentication with auth module: %s\n", nt_errstr(status)));
---
-1.8.5.2
-
-
-From a48bcd84c59b5b2cb8c3e0f5d68b35065bed81d7 Mon Sep 17 00:00:00 2001
-From: Andreas Schneider <asn@samba.org>
-Date: Tue, 18 Feb 2014 13:52:49 +0100
-Subject: [PATCH 7/7] s3-auth: Pass mem_ctx to do_map_to_guest_server_info().
-
-Change-Id: If53117023e3ab37c810193edd00a81d247fdde7a
-Reviewed-by: Andrew Bartlett <abartlet@samba.org>
-
-Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
-Autobuild-Date(master): Wed Feb 19 01:28:14 CET 2014 on sn-devel-104
-
-(cherry picked from commit 79e2725f339e7c5336b4053348c4266268de6ca3)
----
- source3/auth/auth_ntlmssp.c | 7 ++++---
- source3/auth/auth_util.c | 12 +++++++-----
- source3/auth/proto.h | 8 +++++---
- 3 files changed, 16 insertions(+), 11 deletions(-)
-
-diff --git a/source3/auth/auth_ntlmssp.c b/source3/auth/auth_ntlmssp.c
-index cb7726c..d4fe901 100644
---- a/source3/auth/auth_ntlmssp.c
-+++ b/source3/auth/auth_ntlmssp.c
-@@ -151,10 +151,11 @@ NTSTATUS auth3_check_password(struct auth4_context *auth4_context,
- free_user_info(&mapped_user_info);
-
- if (!NT_STATUS_IS_OK(nt_status)) {
-- nt_status = do_map_to_guest_server_info(nt_status,
-- &server_info,
-+ nt_status = do_map_to_guest_server_info(mem_ctx,
-+ nt_status,
- user_info->client.account_name,
-- user_info->client.domain_name);
-+ user_info->client.domain_name,
-+ &server_info);
- *server_returned_info = talloc_steal(mem_ctx, server_info);
- return nt_status;
- }
-diff --git a/source3/auth/auth_util.c b/source3/auth/auth_util.c
-index 24190af..8cf5cb7 100644
---- a/source3/auth/auth_util.c
-+++ b/source3/auth/auth_util.c
-@@ -1536,9 +1536,11 @@ bool is_trusted_domain(const char* dom_name)
- on a logon error possibly map the error to success if "map to guest"
- is set approriately
- */
--NTSTATUS do_map_to_guest_server_info(NTSTATUS status,
-- struct auth_serversupplied_info **server_info,
-- const char *user, const char *domain)
-+NTSTATUS do_map_to_guest_server_info(TALLOC_CTX *mem_ctx,
-+ NTSTATUS status,
-+ const char *user,
-+ const char *domain,
-+ struct auth_serversupplied_info **server_info)
- {
- user = user ? user : "";
- domain = domain ? domain : "";
-@@ -1548,13 +1550,13 @@ NTSTATUS do_map_to_guest_server_info(NTSTATUS status,
- (lp_map_to_guest() == MAP_TO_GUEST_ON_BAD_PASSWORD)) {
- DEBUG(3,("No such user %s [%s] - using guest account\n",
- user, domain));
-- return make_server_info_guest(NULL, server_info);
-+ return make_server_info_guest(mem_ctx, server_info);
- }
- } else if (NT_STATUS_EQUAL(status, NT_STATUS_WRONG_PASSWORD)) {
- if (lp_map_to_guest() == MAP_TO_GUEST_ON_BAD_PASSWORD) {
- DEBUG(3,("Registered username %s for guest access\n",
- user));
-- return make_server_info_guest(NULL, server_info);
-+ return make_server_info_guest(mem_ctx, server_info);
- }
- }
-
-diff --git a/source3/auth/proto.h b/source3/auth/proto.h
-index 15b1ba0..7b8959f 100644
---- a/source3/auth/proto.h
-+++ b/source3/auth/proto.h
-@@ -264,9 +264,11 @@ NTSTATUS make_user_info(struct auth_usersupplied_info **ret_user_info,
- enum auth_password_state password_state);
- void free_user_info(struct auth_usersupplied_info **user_info);
-
--NTSTATUS do_map_to_guest_server_info(NTSTATUS status,
-- struct auth_serversupplied_info **server_info,
-- const char *user, const char *domain);
-+NTSTATUS do_map_to_guest_server_info(TALLOC_CTX *mem_ctx,
-+ NTSTATUS status,
-+ const char *user,
-+ const char *domain,
-+ struct auth_serversupplied_info **server_info);
-
- /* The following definitions come from auth/auth_winbind.c */
-
---
-1.8.5.2
-
diff --git a/meta-networking/recipes-connectivity/samba/samba-4.1.12/02-fix-ipv6-join.patch b/meta-networking/recipes-connectivity/samba/samba-4.1.12/02-fix-ipv6-join.patch
deleted file mode 100644
index daa283e67..000000000
--- a/meta-networking/recipes-connectivity/samba/samba-4.1.12/02-fix-ipv6-join.patch
+++ /dev/null
@@ -1,266 +0,0 @@
-From 168627e1877317db86471a4b0360dccd9f469aaa Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?G=C3=BCnther=20Deschner?= <gd@samba.org>
-Date: Mon, 13 Jan 2014 15:59:26 +0100
-Subject: [PATCH 1/2] s3-kerberos: remove print_kdc_line() completely.
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-Just calling print_canonical_sockaddr() is sufficient, as it already deals with
-ipv6 as well. The port handling, which was only done for IPv6 (not IPv4), is
-removed as well. It was pointless because it always derived the port number from
-the provided address which was either a SMB (usually port 445) or LDAP
-connection. No KDC will ever run on port 389 or 445 on a Windows/Samba DC.
-Finally, the kerberos libraries that we support and build with, can deal with
-ipv6 addresses in krb5.conf, so we no longer put the (unnecessary) burden of
-resolving the DC name on the kerberos library anymore.
-
-Guenther
-
-Signed-off-by: Günther Deschner <gd@samba.org>
-Reviewed-by: Andreas Schneider <asn@samba.org>
----
- source3/libads/kerberos.c | 73 ++++-------------------------------------------
- 1 file changed, 5 insertions(+), 68 deletions(-)
-
-diff --git a/source3/libads/kerberos.c b/source3/libads/kerberos.c
-index b026e09..ea14350 100644
---- a/source3/libads/kerberos.c
-+++ b/source3/libads/kerberos.c
-@@ -592,70 +592,6 @@ int kerberos_kinit_password(const char *principal,
- /************************************************************************
- ************************************************************************/
-
--static char *print_kdc_line(char *mem_ctx,
-- const char *prev_line,
-- const struct sockaddr_storage *pss,
-- const char *kdc_name)
--{
-- char addr[INET6_ADDRSTRLEN];
-- uint16_t port = get_sockaddr_port(pss);
--
-- if (pss->ss_family == AF_INET) {
-- return talloc_asprintf(mem_ctx, "%s\tkdc = %s\n",
-- prev_line,
-- print_canonical_sockaddr(mem_ctx, pss));
-- }
--
-- /*
-- * IPv6 starts here
-- */
--
-- DEBUG(10, ("print_kdc_line: IPv6 case for kdc_name: %s, port: %d\n",
-- kdc_name, port));
--
-- if (port != 0 && port != DEFAULT_KRB5_PORT) {
-- /* Currently for IPv6 we can't specify a non-default
-- krb5 port with an address, as this requires a ':'.
-- Resolve to a name. */
-- char hostname[MAX_DNS_NAME_LENGTH];
-- int ret = sys_getnameinfo((const struct sockaddr *)pss,
-- sizeof(*pss),
-- hostname, sizeof(hostname),
-- NULL, 0,
-- NI_NAMEREQD);
-- if (ret) {
-- DEBUG(0,("print_kdc_line: can't resolve name "
-- "for kdc with non-default port %s. "
-- "Error %s\n.",
-- print_canonical_sockaddr(mem_ctx, pss),
-- gai_strerror(ret)));
-- return NULL;
-- }
-- /* Success, use host:port */
-- return talloc_asprintf(mem_ctx,
-- "%s\tkdc = %s:%u\n",
-- prev_line,
-- hostname,
-- (unsigned int)port);
-- }
--
-- /* no krb5 lib currently supports "kdc = ipv6 address"
-- * at all, so just fill in just the kdc_name if we have
-- * it and let the krb5 lib figure out the appropriate
-- * ipv6 address - gd */
--
-- if (kdc_name) {
-- return talloc_asprintf(mem_ctx, "%s\tkdc = %s\n",
-- prev_line, kdc_name);
-- }
--
-- return talloc_asprintf(mem_ctx, "%s\tkdc = %s\n",
-- prev_line,
-- print_sockaddr(addr,
-- sizeof(addr),
-- pss));
--}
--
- /************************************************************************
- Create a string list of available kdc's, possibly searching by sitename.
- Does DNS queries.
-@@ -698,7 +634,8 @@ static char *get_kdc_ip_string(char *mem_ctx,
- char *result = NULL;
- struct netlogon_samlogon_response **responses = NULL;
- NTSTATUS status;
-- char *kdc_str = print_kdc_line(mem_ctx, "", pss, kdc_name);
-+ char *kdc_str = talloc_asprintf(mem_ctx, "%s\tkdc = %s\n", "",
-+ print_canonical_sockaddr(mem_ctx, pss));
-
- if (kdc_str == NULL) {
- TALLOC_FREE(frame);
-@@ -788,9 +725,9 @@ static char *get_kdc_ip_string(char *mem_ctx,
- }
-
- /* Append to the string - inefficient but not done often. */
-- new_kdc_str = print_kdc_line(mem_ctx, kdc_str,
-- &dc_addrs[i],
-- kdc_name);
-+ new_kdc_str = talloc_asprintf(mem_ctx, "%s\tkdc = %s\n",
-+ kdc_str,
-+ print_canonical_sockaddr(mem_ctx, &dc_addrs[i]));
- if (new_kdc_str == NULL) {
- goto fail;
- }
---
-1.8.5.3
-
-
-From 3edb3d4084548960f03356cf4c44a6892e6efb84 Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?G=C3=BCnther=20Deschner?= <gd@samba.org>
-Date: Fri, 7 Mar 2014 14:47:31 +0100
-Subject: [PATCH 2/2] s3-kerberos: remove unused kdc_name from
- create_local_private_krb5_conf_for_domain().
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-Guenther
-
-Signed-off-by: Günther Deschner <gd@samba.org>
-Reviewed-by: Andreas Schneider <asn@samba.org>
----
- source3/libads/kerberos.c | 10 ++++------
- source3/libads/kerberos_proto.h | 3 +--
- source3/libnet/libnet_join.c | 3 +--
- source3/libsmb/namequery_dc.c | 6 ++----
- source3/winbindd/winbindd_cm.c | 6 ++----
- 5 files changed, 10 insertions(+), 18 deletions(-)
-
-diff --git a/source3/libads/kerberos.c b/source3/libads/kerberos.c
-index ea14350..649e568 100644
---- a/source3/libads/kerberos.c
-+++ b/source3/libads/kerberos.c
-@@ -618,8 +618,7 @@ static void add_sockaddr_unique(struct sockaddr_storage *addrs, int *num_addrs,
- static char *get_kdc_ip_string(char *mem_ctx,
- const char *realm,
- const char *sitename,
-- const struct sockaddr_storage *pss,
-- const char *kdc_name)
-+ const struct sockaddr_storage *pss)
- {
- TALLOC_CTX *frame = talloc_stackframe();
- int i;
-@@ -756,8 +755,7 @@ fail:
- bool create_local_private_krb5_conf_for_domain(const char *realm,
- const char *domain,
- const char *sitename,
-- const struct sockaddr_storage *pss,
-- const char *kdc_name)
-+ const struct sockaddr_storage *pss)
- {
- char *dname;
- char *tmpname = NULL;
-@@ -782,7 +780,7 @@ bool create_local_private_krb5_conf_for_domain(const char *realm,
- return false;
- }
-
-- if (domain == NULL || pss == NULL || kdc_name == NULL) {
-+ if (domain == NULL || pss == NULL) {
- return false;
- }
-
-@@ -815,7 +813,7 @@ bool create_local_private_krb5_conf_for_domain(const char *realm,
- goto done;
- }
-
-- kdc_ip_string = get_kdc_ip_string(dname, realm, sitename, pss, kdc_name);
-+ kdc_ip_string = get_kdc_ip_string(dname, realm, sitename, pss);
- if (!kdc_ip_string) {
- goto done;
- }
-diff --git a/source3/libads/kerberos_proto.h b/source3/libads/kerberos_proto.h
-index f7470d2..2559634 100644
---- a/source3/libads/kerberos_proto.h
-+++ b/source3/libads/kerberos_proto.h
-@@ -62,8 +62,7 @@ int kerberos_kinit_password(const char *principal,
- bool create_local_private_krb5_conf_for_domain(const char *realm,
- const char *domain,
- const char *sitename,
-- const struct sockaddr_storage *pss,
-- const char *kdc_name);
-+ const struct sockaddr_storage *pss);
-
- /* The following definitions come from libads/authdata.c */
-
-diff --git a/source3/libnet/libnet_join.c b/source3/libnet/libnet_join.c
-index a87eb38..68884cd 100644
---- a/source3/libnet/libnet_join.c
-+++ b/source3/libnet/libnet_join.c
-@@ -2152,8 +2152,7 @@ static WERROR libnet_DomainJoin(TALLOC_CTX *mem_ctx,
-
- create_local_private_krb5_conf_for_domain(
- r->out.dns_domain_name, r->out.netbios_domain_name,
-- NULL, smbXcli_conn_remote_sockaddr(cli->conn),
-- smbXcli_conn_remote_name(cli->conn));
-+ NULL, smbXcli_conn_remote_sockaddr(cli->conn));
-
- if (r->out.domain_is_ad && r->in.account_ou &&
- !(r->in.join_flags & WKSSVC_JOIN_FLAGS_JOIN_UNSECURE)) {
-diff --git a/source3/libsmb/namequery_dc.c b/source3/libsmb/namequery_dc.c
-index 3cfae79..eb34741 100644
---- a/source3/libsmb/namequery_dc.c
-+++ b/source3/libsmb/namequery_dc.c
-@@ -112,14 +112,12 @@ static bool ads_dc_name(const char *domain,
- create_local_private_krb5_conf_for_domain(realm,
- domain,
- sitename,
-- &ads->ldap.ss,
-- ads->config.ldap_server_name);
-+ &ads->ldap.ss);
- } else {
- create_local_private_krb5_conf_for_domain(realm,
- domain,
- NULL,
-- &ads->ldap.ss,
-- ads->config.ldap_server_name);
-+ &ads->ldap.ss);
- }
- }
- #endif
-diff --git a/source3/winbindd/winbindd_cm.c b/source3/winbindd/winbindd_cm.c
-index 669a43e..be13a57 100644
---- a/source3/winbindd/winbindd_cm.c
-+++ b/source3/winbindd/winbindd_cm.c
-@@ -1233,8 +1233,7 @@ static bool dcip_to_name(TALLOC_CTX *mem_ctx,
- create_local_private_krb5_conf_for_domain(domain->alt_name,
- domain->name,
- sitename,
-- pss,
-- *name);
-+ pss);
-
- SAFE_FREE(sitename);
- } else {
-@@ -1242,8 +1241,7 @@ static bool dcip_to_name(TALLOC_CTX *mem_ctx,
- create_local_private_krb5_conf_for_domain(domain->alt_name,
- domain->name,
- NULL,
-- pss,
-- *name);
-+ pss);
- }
- winbindd_set_locator_kdc_envs(domain);
-
---
-1.8.5.3
-
diff --git a/meta-networking/recipes-connectivity/samba/samba-4.1.12/03-net-ads-kerberos-pac.patch b/meta-networking/recipes-connectivity/samba/samba-4.1.12/03-net-ads-kerberos-pac.patch
deleted file mode 100644
index 26a4caf01..000000000
--- a/meta-networking/recipes-connectivity/samba/samba-4.1.12/03-net-ads-kerberos-pac.patch
+++ /dev/null
@@ -1,962 +0,0 @@
-From 932490ae08578c37523e00e537017603ee00ce7c Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?G=C3=BCnther=20Deschner?= <gd@samba.org>
-Date: Fri, 17 Jan 2014 14:29:03 +0100
-Subject: [PATCH 1/8] s3-libads: pass down local_service to
- kerberos_return_pac().
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-Guenther
-
-Signed-off-by: Günther Deschner <gd@samba.org>
-Reviewed-by: Andreas Schneider <asn@samba.org>
----
- source3/libads/authdata.c | 6 +-----
- source3/libads/kerberos_proto.h | 1 +
- source3/utils/net_ads.c | 8 ++++++++
- source3/winbindd/winbindd_pam.c | 9 +++++++++
- 4 files changed, 19 insertions(+), 5 deletions(-)
-
-diff --git a/source3/libads/authdata.c b/source3/libads/authdata.c
-index 801e551..dd80dc2 100644
---- a/source3/libads/authdata.c
-+++ b/source3/libads/authdata.c
-@@ -101,13 +101,13 @@ NTSTATUS kerberos_return_pac(TALLOC_CTX *mem_ctx,
- bool add_netbios_addr,
- time_t renewable_time,
- const char *impersonate_princ_s,
-+ const char *local_service,
- struct PAC_LOGON_INFO **_logon_info)
- {
- krb5_error_code ret;
- NTSTATUS status = NT_STATUS_INVALID_PARAMETER;
- DATA_BLOB tkt, tkt_wrapped, ap_rep, sesskey1;
- const char *auth_princ = NULL;
-- const char *local_service = NULL;
- const char *cc = "MEMORY:kerberos_return_pac";
- struct auth_session_info *session_info;
- struct gensec_security *gensec_server_context;
-@@ -141,10 +141,6 @@ NTSTATUS kerberos_return_pac(TALLOC_CTX *mem_ctx,
- }
- NT_STATUS_HAVE_NO_MEMORY(auth_princ);
-
-- local_service = talloc_asprintf(mem_ctx, "%s$@%s",
-- lp_netbios_name(), lp_realm());
-- NT_STATUS_HAVE_NO_MEMORY(local_service);
--
- ret = kerberos_kinit_password_ext(auth_princ,
- pass,
- time_offset,
-diff --git a/source3/libads/kerberos_proto.h b/source3/libads/kerberos_proto.h
-index 2559634..1151d66 100644
---- a/source3/libads/kerberos_proto.h
-+++ b/source3/libads/kerberos_proto.h
-@@ -77,6 +77,7 @@ NTSTATUS kerberos_return_pac(TALLOC_CTX *mem_ctx,
- bool add_netbios_addr,
- time_t renewable_time,
- const char *impersonate_princ_s,
-+ const char *local_service,
- struct PAC_LOGON_INFO **logon_info);
-
- /* The following definitions come from libads/krb5_setpw.c */
-diff --git a/source3/utils/net_ads.c b/source3/utils/net_ads.c
-index 89eebf3..5a073b1 100644
---- a/source3/utils/net_ads.c
-+++ b/source3/utils/net_ads.c
-@@ -2604,6 +2604,7 @@ static int net_ads_kerberos_pac(struct net_context *c, int argc, const char **ar
- NTSTATUS status;
- int ret = -1;
- const char *impersonate_princ_s = NULL;
-+ const char *local_service = NULL;
-
- if (c->display_usage) {
- d_printf( "%s\n"
-@@ -2623,6 +2624,12 @@ static int net_ads_kerberos_pac(struct net_context *c, int argc, const char **ar
- impersonate_princ_s = argv[0];
- }
-
-+ local_service = talloc_asprintf(mem_ctx, "%s$@%s",
-+ lp_netbios_name(), lp_realm());
-+ if (local_service == NULL) {
-+ goto out;
-+ }
-+
- c->opt_password = net_prompt_pass(c, c->opt_user_name);
-
- status = kerberos_return_pac(mem_ctx,
-@@ -2636,6 +2643,7 @@ static int net_ads_kerberos_pac(struct net_context *c, int argc, const char **ar
- true,
- 2592000, /* one month */
- impersonate_princ_s,
-+ local_service,
- &info);
- if (!NT_STATUS_IS_OK(status)) {
- d_printf(_("failed to query kerberos PAC: %s\n"),
-diff --git a/source3/winbindd/winbindd_pam.c b/source3/winbindd/winbindd_pam.c
-index 3f3ec70..61e2cef 100644
---- a/source3/winbindd/winbindd_pam.c
-+++ b/source3/winbindd/winbindd_pam.c
-@@ -576,6 +576,7 @@ static NTSTATUS winbindd_raw_kerberos_login(TALLOC_CTX *mem_ctx,
- time_t time_offset = 0;
- const char *user_ccache_file;
- struct PAC_LOGON_INFO *logon_info = NULL;
-+ const char *local_service;
-
- *info3 = NULL;
-
-@@ -632,6 +633,13 @@ static NTSTATUS winbindd_raw_kerberos_login(TALLOC_CTX *mem_ctx,
- return NT_STATUS_NO_MEMORY;
- }
-
-+ local_service = talloc_asprintf(mem_ctx, "%s$@%s",
-+ lp_netbios_name(), lp_realm());
-+ if (local_service == NULL) {
-+ return NT_STATUS_NO_MEMORY;
-+ }
-+
-+
- /* if this is a user ccache, we need to act as the user to let the krb5
- * library handle the chown, etc. */
-
-@@ -653,6 +661,7 @@ static NTSTATUS winbindd_raw_kerberos_login(TALLOC_CTX *mem_ctx,
- true,
- WINBINDD_PAM_AUTH_KRB5_RENEW_TIME,
- NULL,
-+ local_service,
- &logon_info);
- if (user_ccache_file != NULL) {
- gain_root_privilege();
---
-1.8.5.3
-
-
-From baed403983a5bb2e728249443fdfc9167a87f526 Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?G=C3=BCnther=20Deschner?= <gd@samba.org>
-Date: Mon, 3 Mar 2014 12:14:51 +0100
-Subject: [PATCH 2/8] auth/kerberos: fix a typo.
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-Guenther
-
-Signed-off-by: Günther Deschner <gd@samba.org>
-Reviewed-by: Andreas Schneider <asn@samba.org>
----
- auth/kerberos/kerberos_pac.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/auth/kerberos/kerberos_pac.c b/auth/kerberos/kerberos_pac.c
-index 81f7f21..8f55c8f 100644
---- a/auth/kerberos/kerberos_pac.c
-+++ b/auth/kerberos/kerberos_pac.c
-@@ -79,7 +79,7 @@ krb5_error_code check_pac_checksum(DATA_BLOB pac_data,
- }
-
- /**
--* @brief Decode a blob containing a NDR envoded PAC structure
-+* @brief Decode a blob containing a NDR encoded PAC structure
- *
- * @param mem_ctx - The memory context
- * @param pac_data_blob - The data blob containing the NDR encoded data
---
-1.8.5.3
-
-
-From 9725a86e60bb6ef6e912621e81acc955ae2f70a8 Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?G=C3=BCnther=20Deschner?= <gd@samba.org>
-Date: Mon, 10 Mar 2014 15:11:18 +0100
-Subject: [PATCH 3/8] s3-net: change the way impersonation principals are used
- in "net ads kerberos pac".
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-Guenther
-
-Signed-off-by: Günther Deschner <gd@samba.org>
-Reviewed-by: Andreas Schneider <asn@samba.org>
----
- source3/utils/net_ads.c | 14 ++++++++++----
- 1 file changed, 10 insertions(+), 4 deletions(-)
-
-diff --git a/source3/utils/net_ads.c b/source3/utils/net_ads.c
-index 5a073b1..ac6346f 100644
---- a/source3/utils/net_ads.c
-+++ b/source3/utils/net_ads.c
-@@ -2605,6 +2605,7 @@ static int net_ads_kerberos_pac(struct net_context *c, int argc, const char **ar
- int ret = -1;
- const char *impersonate_princ_s = NULL;
- const char *local_service = NULL;
-+ int i;
-
- if (c->display_usage) {
- d_printf( "%s\n"
-@@ -2615,15 +2616,20 @@ static int net_ads_kerberos_pac(struct net_context *c, int argc, const char **ar
- return 0;
- }
-
-+ for (i=0; i<argc; i++) {
-+ if (strnequal(argv[i], "impersonate", strlen("impersonate"))) {
-+ impersonate_princ_s = get_string_param(argv[i]);
-+ if (impersonate_princ_s == NULL) {
-+ return -1;
-+ }
-+ }
-+ }
-+
- mem_ctx = talloc_init("net_ads_kerberos_pac");
- if (!mem_ctx) {
- goto out;
- }
-
-- if (argc > 0) {
-- impersonate_princ_s = argv[0];
-- }
--
- local_service = talloc_asprintf(mem_ctx, "%s$@%s",
- lp_netbios_name(), lp_realm());
- if (local_service == NULL) {
---
-1.8.5.3
-
-
-From 35a1ed22f65473fabb2f4846f6d2b50da1847f6a Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?G=C3=BCnther=20Deschner?= <gd@samba.org>
-Date: Tue, 11 Mar 2014 16:34:36 +0100
-Subject: [PATCH 4/8] s3-net: allow to provide custom local_service in "net ads
- kerberos pac".
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-Guenther
-
-Signed-off-by: Günther Deschner <gd@samba.org>
-Reviewed-by: Andreas Schneider <asn@samba.org>
----
- source3/utils/net_ads.c | 14 +++++++++++---
- 1 file changed, 11 insertions(+), 3 deletions(-)
-
-diff --git a/source3/utils/net_ads.c b/source3/utils/net_ads.c
-index ac6346f..c53c8c6 100644
---- a/source3/utils/net_ads.c
-+++ b/source3/utils/net_ads.c
-@@ -2623,6 +2623,12 @@ static int net_ads_kerberos_pac(struct net_context *c, int argc, const char **ar
- return -1;
- }
- }
-+ if (strnequal(argv[i], "local_service", strlen("local_service"))) {
-+ local_service = get_string_param(argv[i]);
-+ if (local_service == NULL) {
-+ return -1;
-+ }
-+ }
- }
-
- mem_ctx = talloc_init("net_ads_kerberos_pac");
-@@ -2630,10 +2636,12 @@ static int net_ads_kerberos_pac(struct net_context *c, int argc, const char **ar
- goto out;
- }
-
-- local_service = talloc_asprintf(mem_ctx, "%s$@%s",
-- lp_netbios_name(), lp_realm());
- if (local_service == NULL) {
-- goto out;
-+ local_service = talloc_asprintf(mem_ctx, "%s$@%s",
-+ lp_netbios_name(), lp_realm());
-+ if (local_service == NULL) {
-+ goto out;
-+ }
- }
-
- c->opt_password = net_prompt_pass(c, c->opt_user_name);
---
-1.8.5.3
-
-
-From 1270e35ba70a4e4881512d375c767023512f67bd Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?G=C3=BCnther=20Deschner?= <gd@samba.org>
-Date: Fri, 21 Feb 2014 18:56:04 +0100
-Subject: [PATCH 5/8] s3-kerberos: return a full PAC in kerberos_return_pac().
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-Guenther
-
-Signed-off-by: Günther Deschner <gd@samba.org>
-Reviewed-by: Andreas Schneider <asn@samba.org>
----
- source3/libads/authdata.c | 28 +++++++++++++++++-----------
- source3/libads/kerberos_proto.h | 4 ++--
- source3/utils/net_ads.c | 17 ++++++++++++++++-
- source3/winbindd/winbindd_pam.c | 22 +++++++++++++++++++++-
- 4 files changed, 56 insertions(+), 15 deletions(-)
-
-diff --git a/source3/libads/authdata.c b/source3/libads/authdata.c
-index dd80dc2..53e40ef 100644
---- a/source3/libads/authdata.c
-+++ b/source3/libads/authdata.c
-@@ -52,7 +52,7 @@ static NTSTATUS kerberos_fetch_pac(struct auth4_context *auth_ctx,
- struct auth_session_info **session_info)
- {
- TALLOC_CTX *tmp_ctx;
-- struct PAC_LOGON_INFO *logon_info = NULL;
-+ struct PAC_DATA *pac_data = NULL;
- NTSTATUS status = NT_STATUS_INTERNAL_ERROR;
-
- tmp_ctx = talloc_new(mem_ctx);
-@@ -61,16 +61,22 @@ static NTSTATUS kerberos_fetch_pac(struct auth4_context *auth_ctx,
- }
-
- if (pac_blob) {
-- status = kerberos_pac_logon_info(tmp_ctx, *pac_blob, NULL, NULL,
-- NULL, NULL, 0, &logon_info);
-+ status = kerberos_decode_pac(tmp_ctx,
-+ *pac_blob,
-+ NULL,
-+ NULL,
-+ NULL,
-+ NULL,
-+ 0,
-+ &pac_data);
- if (!NT_STATUS_IS_OK(status)) {
- goto done;
- }
- }
-
-- talloc_set_name_const(logon_info, "struct PAC_LOGON_INFO");
-+ talloc_set_name_const(pac_data, "struct PAC_DATA");
-
-- auth_ctx->private_data = talloc_steal(auth_ctx, logon_info);
-+ auth_ctx->private_data = talloc_steal(auth_ctx, pac_data);
- *session_info = talloc_zero(mem_ctx, struct auth_session_info);
- if (!*session_info) {
- status = NT_STATUS_NO_MEMORY;
-@@ -102,7 +108,7 @@ NTSTATUS kerberos_return_pac(TALLOC_CTX *mem_ctx,
- time_t renewable_time,
- const char *impersonate_princ_s,
- const char *local_service,
-- struct PAC_LOGON_INFO **_logon_info)
-+ struct PAC_DATA **_pac_data)
- {
- krb5_error_code ret;
- NTSTATUS status = NT_STATUS_INVALID_PARAMETER;
-@@ -116,7 +122,7 @@ NTSTATUS kerberos_return_pac(TALLOC_CTX *mem_ctx,
- size_t idx = 0;
- struct auth4_context *auth_context;
- struct loadparm_context *lp_ctx;
-- struct PAC_LOGON_INFO *logon_info = NULL;
-+ struct PAC_DATA *pac_data = NULL;
-
- TALLOC_CTX *tmp_ctx = talloc_new(mem_ctx);
- NT_STATUS_HAVE_NO_MEMORY(tmp_ctx);
-@@ -272,15 +278,15 @@ NTSTATUS kerberos_return_pac(TALLOC_CTX *mem_ctx,
- goto out;
- }
-
-- logon_info = talloc_get_type_abort(gensec_server_context->auth_context->private_data,
-- struct PAC_LOGON_INFO);
-- if (logon_info == NULL) {
-+ pac_data = talloc_get_type_abort(gensec_server_context->auth_context->private_data,
-+ struct PAC_DATA);
-+ if (pac_data == NULL) {
- DEBUG(1,("no PAC\n"));
- status = NT_STATUS_INVALID_PARAMETER;
- goto out;
- }
-
-- *_logon_info = talloc_move(mem_ctx, &logon_info);
-+ *_pac_data = talloc_move(mem_ctx, &pac_data);
-
- out:
- talloc_free(tmp_ctx);
-diff --git a/source3/libads/kerberos_proto.h b/source3/libads/kerberos_proto.h
-index 1151d66..b2f7486 100644
---- a/source3/libads/kerberos_proto.h
-+++ b/source3/libads/kerberos_proto.h
-@@ -32,7 +32,7 @@
-
- #include "system/kerberos.h"
-
--struct PAC_LOGON_INFO;
-+struct PAC_DATA;
-
- #include "libads/ads_status.h"
-
-@@ -78,7 +78,7 @@ NTSTATUS kerberos_return_pac(TALLOC_CTX *mem_ctx,
- time_t renewable_time,
- const char *impersonate_princ_s,
- const char *local_service,
-- struct PAC_LOGON_INFO **logon_info);
-+ struct PAC_DATA **pac_data);
-
- /* The following definitions come from libads/krb5_setpw.c */
-
-diff --git a/source3/utils/net_ads.c b/source3/utils/net_ads.c
-index c53c8c6..19da6da 100644
---- a/source3/utils/net_ads.c
-+++ b/source3/utils/net_ads.c
-@@ -2600,6 +2600,7 @@ static int net_ads_kerberos_renew(struct net_context *c, int argc, const char **
- static int net_ads_kerberos_pac(struct net_context *c, int argc, const char **argv)
- {
- struct PAC_LOGON_INFO *info = NULL;
-+ struct PAC_DATA *pac_data = NULL;
- TALLOC_CTX *mem_ctx = NULL;
- NTSTATUS status;
- int ret = -1;
-@@ -2658,13 +2659,27 @@ static int net_ads_kerberos_pac(struct net_context *c, int argc, const char **ar
- 2592000, /* one month */
- impersonate_princ_s,
- local_service,
-- &info);
-+ &pac_data);
- if (!NT_STATUS_IS_OK(status)) {
- d_printf(_("failed to query kerberos PAC: %s\n"),
- nt_errstr(status));
- goto out;
- }
-
-+ for (i=0; i < pac_data->num_buffers; i++) {
-+
-+ if (pac_data->buffers[i].type != PAC_TYPE_LOGON_INFO) {
-+ continue;
-+ }
-+
-+ info = pac_data->buffers[i].info->logon_info.info;
-+ if (!info) {
-+ goto out;
-+ }
-+
-+ break;
-+ }
-+
- if (info) {
- const char *s;
- s = NDR_PRINT_STRUCT_STRING(mem_ctx, PAC_LOGON_INFO, info);
-diff --git a/source3/winbindd/winbindd_pam.c b/source3/winbindd/winbindd_pam.c
-index 61e2cef..a8daae51 100644
---- a/source3/winbindd/winbindd_pam.c
-+++ b/source3/winbindd/winbindd_pam.c
-@@ -576,7 +576,9 @@ static NTSTATUS winbindd_raw_kerberos_login(TALLOC_CTX *mem_ctx,
- time_t time_offset = 0;
- const char *user_ccache_file;
- struct PAC_LOGON_INFO *logon_info = NULL;
-+ struct PAC_DATA *pac_data = NULL;
- const char *local_service;
-+ int i;
-
- *info3 = NULL;
-
-@@ -662,7 +664,7 @@ static NTSTATUS winbindd_raw_kerberos_login(TALLOC_CTX *mem_ctx,
- WINBINDD_PAM_AUTH_KRB5_RENEW_TIME,
- NULL,
- local_service,
-- &logon_info);
-+ &pac_data);
- if (user_ccache_file != NULL) {
- gain_root_privilege();
- }
-@@ -673,6 +675,24 @@ static NTSTATUS winbindd_raw_kerberos_login(TALLOC_CTX *mem_ctx,
- goto failed;
- }
-
-+ if (pac_data == NULL) {
-+ goto failed;
-+ }
-+
-+ for (i=0; i < pac_data->num_buffers; i++) {
-+
-+ if (pac_data->buffers[i].type != PAC_TYPE_LOGON_INFO) {
-+ continue;
-+ }
-+
-+ logon_info = pac_data->buffers[i].info->logon_info.info;
-+ if (!logon_info) {
-+ return NT_STATUS_INVALID_PARAMETER;
-+ }
-+
-+ break;
-+ }
-+
- *info3 = &logon_info->info3;
-
- DEBUG(10,("winbindd_raw_kerberos_login: winbindd validated ticket of %s\n",
---
-1.8.5.3
-
-
-From a8c2807a26d2f1ff094ed7ea5724c0394f79b888 Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?G=C3=BCnther=20Deschner?= <gd@samba.org>
-Date: Tue, 11 Mar 2014 18:07:11 +0100
-Subject: [PATCH 6/8] s3-kerberos: let kerberos_return_pac() return a PAC
- container.
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-Guenther
-
-Signed-off-by: Günther Deschner <gd@samba.org>
-Reviewed-by: Andreas Schneider <asn@samba.org>
----
- source3/libads/authdata.c | 29 +++++++++++++++++++++--------
- source3/libads/kerberos_proto.h | 7 ++++++-
- source3/utils/net_ads.c | 5 ++++-
- source3/winbindd/winbindd_pam.c | 8 +++++++-
- 4 files changed, 38 insertions(+), 11 deletions(-)
-
-diff --git a/source3/libads/authdata.c b/source3/libads/authdata.c
-index 53e40ef..276408d 100644
---- a/source3/libads/authdata.c
-+++ b/source3/libads/authdata.c
-@@ -53,6 +53,7 @@ static NTSTATUS kerberos_fetch_pac(struct auth4_context *auth_ctx,
- {
- TALLOC_CTX *tmp_ctx;
- struct PAC_DATA *pac_data = NULL;
-+ struct PAC_DATA_CTR *pac_data_ctr = NULL;
- NTSTATUS status = NT_STATUS_INTERNAL_ERROR;
-
- tmp_ctx = talloc_new(mem_ctx);
-@@ -74,9 +75,21 @@ static NTSTATUS kerberos_fetch_pac(struct auth4_context *auth_ctx,
- }
- }
-
-- talloc_set_name_const(pac_data, "struct PAC_DATA");
-+ pac_data_ctr = talloc(mem_ctx, struct PAC_DATA_CTR);
-+ if (pac_data_ctr == NULL) {
-+ status = NT_STATUS_NO_MEMORY;
-+ goto done;
-+ }
-+
-+ talloc_set_name_const(pac_data_ctr, "struct PAC_DATA_CTR");
-+
-+ pac_data_ctr->pac_data = talloc_steal(pac_data_ctr, pac_data);
-+ pac_data_ctr->pac_blob = data_blob_talloc(pac_data_ctr,
-+ pac_blob->data,
-+ pac_blob->length);
-+
-+ auth_ctx->private_data = talloc_steal(auth_ctx, pac_data_ctr);
-
-- auth_ctx->private_data = talloc_steal(auth_ctx, pac_data);
- *session_info = talloc_zero(mem_ctx, struct auth_session_info);
- if (!*session_info) {
- status = NT_STATUS_NO_MEMORY;
-@@ -108,7 +121,7 @@ NTSTATUS kerberos_return_pac(TALLOC_CTX *mem_ctx,
- time_t renewable_time,
- const char *impersonate_princ_s,
- const char *local_service,
-- struct PAC_DATA **_pac_data)
-+ struct PAC_DATA_CTR **_pac_data_ctr)
- {
- krb5_error_code ret;
- NTSTATUS status = NT_STATUS_INVALID_PARAMETER;
-@@ -122,7 +135,7 @@ NTSTATUS kerberos_return_pac(TALLOC_CTX *mem_ctx,
- size_t idx = 0;
- struct auth4_context *auth_context;
- struct loadparm_context *lp_ctx;
-- struct PAC_DATA *pac_data = NULL;
-+ struct PAC_DATA_CTR *pac_data_ctr = NULL;
-
- TALLOC_CTX *tmp_ctx = talloc_new(mem_ctx);
- NT_STATUS_HAVE_NO_MEMORY(tmp_ctx);
-@@ -278,15 +291,15 @@ NTSTATUS kerberos_return_pac(TALLOC_CTX *mem_ctx,
- goto out;
- }
-
-- pac_data = talloc_get_type_abort(gensec_server_context->auth_context->private_data,
-- struct PAC_DATA);
-- if (pac_data == NULL) {
-+ pac_data_ctr = talloc_get_type_abort(gensec_server_context->auth_context->private_data,
-+ struct PAC_DATA_CTR);
-+ if (pac_data_ctr == NULL) {
- DEBUG(1,("no PAC\n"));
- status = NT_STATUS_INVALID_PARAMETER;
- goto out;
- }
-
-- *_pac_data = talloc_move(mem_ctx, &pac_data);
-+ *_pac_data_ctr = talloc_move(mem_ctx, &pac_data_ctr);
-
- out:
- talloc_free(tmp_ctx);
-diff --git a/source3/libads/kerberos_proto.h b/source3/libads/kerberos_proto.h
-index b2f7486..3d0ad4b 100644
---- a/source3/libads/kerberos_proto.h
-+++ b/source3/libads/kerberos_proto.h
-@@ -34,6 +34,11 @@
-
- struct PAC_DATA;
-
-+struct PAC_DATA_CTR {
-+ DATA_BLOB pac_blob;
-+ struct PAC_DATA *pac_data;
-+};
-+
- #include "libads/ads_status.h"
-
- /* The following definitions come from libads/kerberos.c */
-@@ -78,7 +83,7 @@ NTSTATUS kerberos_return_pac(TALLOC_CTX *mem_ctx,
- time_t renewable_time,
- const char *impersonate_princ_s,
- const char *local_service,
-- struct PAC_DATA **pac_data);
-+ struct PAC_DATA_CTR **pac_data_ctr);
-
- /* The following definitions come from libads/krb5_setpw.c */
-
-diff --git a/source3/utils/net_ads.c b/source3/utils/net_ads.c
-index 19da6da..19c28b1 100644
---- a/source3/utils/net_ads.c
-+++ b/source3/utils/net_ads.c
-@@ -2601,6 +2601,7 @@ static int net_ads_kerberos_pac(struct net_context *c, int argc, const char **ar
- {
- struct PAC_LOGON_INFO *info = NULL;
- struct PAC_DATA *pac_data = NULL;
-+ struct PAC_DATA_CTR *pac_data_ctr = NULL;
- TALLOC_CTX *mem_ctx = NULL;
- NTSTATUS status;
- int ret = -1;
-@@ -2659,13 +2660,15 @@ static int net_ads_kerberos_pac(struct net_context *c, int argc, const char **ar
- 2592000, /* one month */
- impersonate_princ_s,
- local_service,
-- &pac_data);
-+ &pac_data_ctr);
- if (!NT_STATUS_IS_OK(status)) {
- d_printf(_("failed to query kerberos PAC: %s\n"),
- nt_errstr(status));
- goto out;
- }
-
-+ pac_data = pac_data_ctr->pac_data;
-+
- for (i=0; i < pac_data->num_buffers; i++) {
-
- if (pac_data->buffers[i].type != PAC_TYPE_LOGON_INFO) {
-diff --git a/source3/winbindd/winbindd_pam.c b/source3/winbindd/winbindd_pam.c
-index a8daae51..b41291e 100644
---- a/source3/winbindd/winbindd_pam.c
-+++ b/source3/winbindd/winbindd_pam.c
-@@ -577,6 +577,7 @@ static NTSTATUS winbindd_raw_kerberos_login(TALLOC_CTX *mem_ctx,
- const char *user_ccache_file;
- struct PAC_LOGON_INFO *logon_info = NULL;
- struct PAC_DATA *pac_data = NULL;
-+ struct PAC_DATA_CTR *pac_data_ctr = NULL;
- const char *local_service;
- int i;
-
-@@ -664,7 +665,7 @@ static NTSTATUS winbindd_raw_kerberos_login(TALLOC_CTX *mem_ctx,
- WINBINDD_PAM_AUTH_KRB5_RENEW_TIME,
- NULL,
- local_service,
-- &pac_data);
-+ &pac_data_ctr);
- if (user_ccache_file != NULL) {
- gain_root_privilege();
- }
-@@ -675,6 +676,11 @@ static NTSTATUS winbindd_raw_kerberos_login(TALLOC_CTX *mem_ctx,
- goto failed;
- }
-
-+ if (pac_data_ctr == NULL) {
-+ goto failed;
-+ }
-+
-+ pac_data = pac_data_ctr->pac_data;
- if (pac_data == NULL) {
- goto failed;
- }
---
-1.8.5.3
-
-
-From 9e01f3cbc4752539128e5452f567ff2e73c3ec9d Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?G=C3=BCnther=20Deschner?= <gd@samba.org>
-Date: Tue, 11 Mar 2014 18:14:39 +0100
-Subject: [PATCH 7/8] s3-net: modify the current "net ads kerberos pac"
- command.
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-Rename it to "net ads kerberos pac dump" and add a "type=num" option to allow
-dumping of individial pac buffer types. Ommitting type= or using type=0 will
-dump the whole PAC structure on stdout.
-
-Guenther
-
-Signed-off-by: Günther Deschner <gd@samba.org>
-Reviewed-by: Andreas Schneider <asn@samba.org>
----
- source3/utils/net_ads.c | 115 ++++++++++++++++++++++++++++++++----------------
- 1 file changed, 77 insertions(+), 38 deletions(-)
-
-diff --git a/source3/utils/net_ads.c b/source3/utils/net_ads.c
-index 19c28b1..f54cf23 100644
---- a/source3/utils/net_ads.c
-+++ b/source3/utils/net_ads.c
-@@ -2597,27 +2597,15 @@ static int net_ads_kerberos_renew(struct net_context *c, int argc, const char **
- return ret;
- }
-
--static int net_ads_kerberos_pac(struct net_context *c, int argc, const char **argv)
-+static int net_ads_kerberos_pac_common(struct net_context *c, int argc, const char **argv,
-+ struct PAC_DATA_CTR **pac_data_ctr)
- {
-- struct PAC_LOGON_INFO *info = NULL;
-- struct PAC_DATA *pac_data = NULL;
-- struct PAC_DATA_CTR *pac_data_ctr = NULL;
-- TALLOC_CTX *mem_ctx = NULL;
- NTSTATUS status;
- int ret = -1;
- const char *impersonate_princ_s = NULL;
- const char *local_service = NULL;
- int i;
-
-- if (c->display_usage) {
-- d_printf( "%s\n"
-- "net ads kerberos pac [impersonation_principal]\n"
-- " %s\n",
-- _("Usage:"),
-- _("Dump the Kerberos PAC"));
-- return 0;
-- }
--
- for (i=0; i<argc; i++) {
- if (strnequal(argv[i], "impersonate", strlen("impersonate"))) {
- impersonate_princ_s = get_string_param(argv[i]);
-@@ -2633,13 +2621,8 @@ static int net_ads_kerberos_pac(struct net_context *c, int argc, const char **ar
- }
- }
-
-- mem_ctx = talloc_init("net_ads_kerberos_pac");
-- if (!mem_ctx) {
-- goto out;
-- }
--
- if (local_service == NULL) {
-- local_service = talloc_asprintf(mem_ctx, "%s$@%s",
-+ local_service = talloc_asprintf(c, "%s$@%s",
- lp_netbios_name(), lp_realm());
- if (local_service == NULL) {
- goto out;
-@@ -2648,7 +2631,7 @@ static int net_ads_kerberos_pac(struct net_context *c, int argc, const char **ar
-
- c->opt_password = net_prompt_pass(c, c->opt_user_name);
-
-- status = kerberos_return_pac(mem_ctx,
-+ status = kerberos_return_pac(c,
- c->opt_user_name,
- c->opt_password,
- 0,
-@@ -2660,39 +2643,95 @@ static int net_ads_kerberos_pac(struct net_context *c, int argc, const char **ar
- 2592000, /* one month */
- impersonate_princ_s,
- local_service,
-- &pac_data_ctr);
-+ pac_data_ctr);
- if (!NT_STATUS_IS_OK(status)) {
- d_printf(_("failed to query kerberos PAC: %s\n"),
- nt_errstr(status));
- goto out;
- }
-
-- pac_data = pac_data_ctr->pac_data;
-+ ret = 0;
-+ out:
-+ return ret;
-+}
-
-- for (i=0; i < pac_data->num_buffers; i++) {
-+static int net_ads_kerberos_pac_dump(struct net_context *c, int argc, const char **argv)
-+{
-+ struct PAC_DATA_CTR *pac_data_ctr = NULL;
-+ int i;
-+ int ret = -1;
-+ enum PAC_TYPE type = 0;
-
-- if (pac_data->buffers[i].type != PAC_TYPE_LOGON_INFO) {
-- continue;
-+ if (c->display_usage) {
-+ d_printf( "%s\n"
-+ "net ads kerberos pac dump [impersonate=string] [local_service=string] [pac_buffer_type=int]\n"
-+ " %s\n",
-+ _("Usage:"),
-+ _("Dump the Kerberos PAC"));
-+ return -1;
-+ }
-+
-+ for (i=0; i<argc; i++) {
-+ if (strnequal(argv[i], "pac_buffer_type", strlen("pac_buffer_type"))) {
-+ type = get_int_param(argv[i]);
- }
-+ }
-
-- info = pac_data->buffers[i].info->logon_info.info;
-- if (!info) {
-- goto out;
-+ ret = net_ads_kerberos_pac_common(c, argc, argv, &pac_data_ctr);
-+ if (ret) {
-+ return ret;
-+ }
-+
-+ if (type == 0) {
-+
-+ char *s = NULL;
-+
-+ s = NDR_PRINT_STRUCT_STRING(c, PAC_DATA,
-+ pac_data_ctr->pac_data);
-+ if (s != NULL) {
-+ d_printf(_("The Pac: %s\n"), s);
-+ talloc_free(s);
- }
-
-- break;
-+ return 0;
- }
-
-- if (info) {
-- const char *s;
-- s = NDR_PRINT_STRUCT_STRING(mem_ctx, PAC_LOGON_INFO, info);
-- d_printf(_("The Pac: %s\n"), s);
-+ for (i=0; i < pac_data_ctr->pac_data->num_buffers; i++) {
-+
-+ char *s = NULL;
-+
-+ if (pac_data_ctr->pac_data->buffers[i].type != type) {
-+ continue;
-+ }
-+
-+ s = NDR_PRINT_UNION_STRING(c, PAC_INFO, type,
-+ pac_data_ctr->pac_data->buffers[i].info);
-+ if (s != NULL) {
-+ d_printf(_("The Pac: %s\n"), s);
-+ talloc_free(s);
-+ }
-+ break;
- }
-
-- ret = 0;
-- out:
-- TALLOC_FREE(mem_ctx);
-- return ret;
-+ return 0;
-+}
-+
-+static int net_ads_kerberos_pac(struct net_context *c, int argc, const char **argv)
-+{
-+ struct functable func[] = {
-+ {
-+ "dump",
-+ net_ads_kerberos_pac_dump,
-+ NET_TRANSPORT_ADS,
-+ N_("Dump Kerberos PAC"),
-+ N_("net ads kerberos pac dump\n"
-+ " Dump a Kerberos PAC to stdout")
-+ },
-+
-+ {NULL, NULL, 0, NULL, NULL}
-+ };
-+
-+ return net_run_function(c, argc, argv, "net ads kerberos pac", func);
- }
-
- static int net_ads_kerberos_kinit(struct net_context *c, int argc, const char **argv)
---
-1.8.5.3
-
-
-From 91ceace4ee8fd141cac5dbe5282bed141c38bee7 Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?G=C3=BCnther=20Deschner?= <gd@samba.org>
-Date: Tue, 11 Mar 2014 18:16:40 +0100
-Subject: [PATCH 8/8] s3-net: add a new "net ads kerberos pac save" tool.
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-Use "filename=string" to define a file where to save the unencrypted PAC to.
-
-Guenther
-
-Signed-off-by: Günther Deschner <gd@samba.org>
-Reviewed-by: Andreas Schneider <asn@samba.org>
----
- source3/utils/net_ads.c | 52 +++++++++++++++++++++++++++++++++++++++++++++++++
- 1 file changed, 52 insertions(+)
-
-diff --git a/source3/utils/net_ads.c b/source3/utils/net_ads.c
-index f54cf23..8b8e719 100644
---- a/source3/utils/net_ads.c
-+++ b/source3/utils/net_ads.c
-@@ -2716,6 +2716,50 @@ static int net_ads_kerberos_pac_dump(struct net_context *c, int argc, const char
- return 0;
- }
-
-+static int net_ads_kerberos_pac_save(struct net_context *c, int argc, const char **argv)
-+{
-+ struct PAC_DATA_CTR *pac_data_ctr = NULL;
-+ char *filename = NULL;
-+ int ret = -1;
-+ int i;
-+
-+ if (c->display_usage) {
-+ d_printf( "%s\n"
-+ "net ads kerberos pac save [impersonate=string] [local_service=string] [filename=string]\n"
-+ " %s\n",
-+ _("Usage:"),
-+ _("Save the Kerberos PAC"));
-+ return -1;
-+ }
-+
-+ for (i=0; i<argc; i++) {
-+ if (strnequal(argv[i], "filename", strlen("filename"))) {
-+ filename = get_string_param(argv[i]);
-+ if (filename == NULL) {
-+ return -1;
-+ }
-+ }
-+ }
-+
-+ ret = net_ads_kerberos_pac_common(c, argc, argv, &pac_data_ctr);
-+ if (ret) {
-+ return ret;
-+ }
-+
-+ if (filename == NULL) {
-+ d_printf(_("please define \"filename=<filename>\" to save the PAC\n"));
-+ return -1;
-+ }
-+
-+ /* save the raw format */
-+ if (!file_save(filename, pac_data_ctr->pac_blob.data, pac_data_ctr->pac_blob.length)) {
-+ d_printf(_("failed to save PAC in %s\n"), filename);
-+ return -1;
-+ }
-+
-+ return 0;
-+}
-+
- static int net_ads_kerberos_pac(struct net_context *c, int argc, const char **argv)
- {
- struct functable func[] = {
-@@ -2727,6 +2771,14 @@ static int net_ads_kerberos_pac(struct net_context *c, int argc, const char **ar
- N_("net ads kerberos pac dump\n"
- " Dump a Kerberos PAC to stdout")
- },
-+ {
-+ "save",
-+ net_ads_kerberos_pac_save,
-+ NET_TRANSPORT_ADS,
-+ N_("Save Kerberos PAC"),
-+ N_("net ads kerberos pac save\n"
-+ " Save a Kerberos PAC in a file")
-+ },
-
- {NULL, NULL, 0, NULL, NULL}
- };
---
-1.8.5.3
-
diff --git a/meta-networking/recipes-connectivity/samba/samba-4.1.12/04-ipv6-workaround.patch b/meta-networking/recipes-connectivity/samba/samba-4.1.12/04-ipv6-workaround.patch
deleted file mode 100644
index a2058f115..000000000
--- a/meta-networking/recipes-connectivity/samba/samba-4.1.12/04-ipv6-workaround.patch
+++ /dev/null
@@ -1,211 +0,0 @@
-From 942dedb71437cd89932a7f39ca73d65c09aa59be Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?G=C3=BCnther=20Deschner?= <gd@samba.org>
-Date: Wed, 2 Apr 2014 19:37:34 +0200
-Subject: [PATCH] s3-kerberos: make ipv6 support for generated krb5 config
- files more robust.
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-Older MIT Kerberos libraries will add any secondary ipv6 address as
-ipv4 address, defining the (default) krb5 port 88 circumvents that.
-
-Guenther
-
-Signed-off-by: Günther Deschner <gd@samba.org>
----
- source3/libads/kerberos.c | 29 +++++++++++++++++++++++++++--
- 1 file changed, 27 insertions(+), 2 deletions(-)
-
-diff --git a/source3/libads/kerberos.c b/source3/libads/kerberos.c
-index 649e568..f3c23ea 100644
---- a/source3/libads/kerberos.c
-+++ b/source3/libads/kerberos.c
-@@ -615,6 +615,31 @@ static void add_sockaddr_unique(struct sockaddr_storage *addrs, int *num_addrs,
- *num_addrs += 1;
- }
-
-+/* print_canonical_sockaddr prints an ipv6 addr in the form of
-+* [ipv6.addr]. This string, when put in a generated krb5.conf file is not
-+* always properly dealt with by some older krb5 libraries. Adding the hard-coded
-+* portnumber workarounds the issue. - gd */
-+
-+static char *print_canonical_sockaddr_with_port(TALLOC_CTX *mem_ctx,
-+ const struct sockaddr_storage *pss)
-+{
-+ char *str = NULL;
-+
-+ str = print_canonical_sockaddr(mem_ctx, pss);
-+ if (str == NULL) {
-+ return NULL;
-+ }
-+
-+ if (pss->ss_family != AF_INET6) {
-+ return str;
-+ }
-+
-+#if defined(HAVE_IPV6)
-+ str = talloc_asprintf_append(str, ":88");
-+#endif
-+ return str;
-+}
-+
- static char *get_kdc_ip_string(char *mem_ctx,
- const char *realm,
- const char *sitename,
-@@ -634,7 +659,7 @@ static char *get_kdc_ip_string(char *mem_ctx,
- struct netlogon_samlogon_response **responses = NULL;
- NTSTATUS status;
- char *kdc_str = talloc_asprintf(mem_ctx, "%s\tkdc = %s\n", "",
-- print_canonical_sockaddr(mem_ctx, pss));
-+ print_canonical_sockaddr_with_port(mem_ctx, pss));
-
- if (kdc_str == NULL) {
- TALLOC_FREE(frame);
-@@ -726,7 +751,7 @@ static char *get_kdc_ip_string(char *mem_ctx,
- /* Append to the string - inefficient but not done often. */
- new_kdc_str = talloc_asprintf(mem_ctx, "%s\tkdc = %s\n",
- kdc_str,
-- print_canonical_sockaddr(mem_ctx, &dc_addrs[i]));
-+ print_canonical_sockaddr_with_port(mem_ctx, &dc_addrs[i]));
- if (new_kdc_str == NULL) {
- goto fail;
- }
---
-1.9.0
-
-From 60db71015f84dd242be889576d85ccd5c6a1f73b Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?G=C3=BCnther=20Deschner?= <gd@samba.org>
-Date: Wed, 16 Apr 2014 16:07:14 +0200
-Subject: [PATCH] s3-libads: allow ads_try_connect() to re-use a resolved ip
- address.
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-Pass down a struct sockaddr_storage to ads_try_connect.
-
-Guenther
-
-Signed-off-by: Günther Deschner <gd@samba.org>
-Reviewed-by: Andreas Schneider <asn@samba.org>
-
-Autobuild-User(master): Günther Deschner <gd@samba.org>
-Autobuild-Date(master): Thu Apr 17 19:56:16 CEST 2014 on sn-devel-104
----
- source3/libads/ldap.c | 44 ++++++++++++++++++++++++++------------------
- 1 file changed, 26 insertions(+), 18 deletions(-)
-
-diff --git a/source3/libads/ldap.c b/source3/libads/ldap.c
-index d9bb8e2..8fed8fd 100644
---- a/source3/libads/ldap.c
-+++ b/source3/libads/ldap.c
-@@ -228,33 +228,27 @@ bool ads_closest_dc(ADS_STRUCT *ads)
- try a connection to a given ldap server, returning True and setting the servers IP
- in the ads struct if successful
- */
--static bool ads_try_connect(ADS_STRUCT *ads, const char *server, bool gc)
-+static bool ads_try_connect(ADS_STRUCT *ads, bool gc,
-+ struct sockaddr_storage *ss)
- {
- struct NETLOGON_SAM_LOGON_RESPONSE_EX cldap_reply;
- TALLOC_CTX *frame = talloc_stackframe();
- bool ret = false;
-- struct sockaddr_storage ss;
- char addr[INET6_ADDRSTRLEN];
-
-- if (!server || !*server) {
-+ if (ss == NULL) {
- TALLOC_FREE(frame);
- return False;
- }
-
-- if (!resolve_name(server, &ss, 0x20, true)) {
-- DEBUG(5,("ads_try_connect: unable to resolve name %s\n",
-- server ));
-- TALLOC_FREE(frame);
-- return false;
-- }
-- print_sockaddr(addr, sizeof(addr), &ss);
-+ print_sockaddr(addr, sizeof(addr), ss);
-
- DEBUG(5,("ads_try_connect: sending CLDAP request to %s (realm: %s)\n",
- addr, ads->server.realm));
-
- ZERO_STRUCT( cldap_reply );
-
-- if ( !ads_cldap_netlogon_5(frame, &ss, ads->server.realm, &cldap_reply ) ) {
-+ if ( !ads_cldap_netlogon_5(frame, ss, ads->server.realm, &cldap_reply ) ) {
- DEBUG(3,("ads_try_connect: CLDAP request %s failed.\n", addr));
- ret = false;
- goto out;
-@@ -298,7 +292,7 @@ static bool ads_try_connect(ADS_STRUCT *ads, const char *server, bool gc)
- ads->server.workgroup = SMB_STRDUP(cldap_reply.domain_name);
-
- ads->ldap.port = gc ? LDAP_GC_PORT : LDAP_PORT;
-- ads->ldap.ss = ss;
-+ ads->ldap.ss = *ss;
-
- /* Store our site name. */
- sitename_store( cldap_reply.domain_name, cldap_reply.client_site);
-@@ -330,6 +324,7 @@ static NTSTATUS ads_find_dc(ADS_STRUCT *ads)
- bool use_own_domain = False;
- char *sitename;
- NTSTATUS status = NT_STATUS_UNSUCCESSFUL;
-+ bool ok = false;
-
- /* if the realm and workgroup are both empty, assume they are ours */
-
-@@ -384,12 +379,14 @@ static NTSTATUS ads_find_dc(ADS_STRUCT *ads)
- DEBUG(6,("ads_find_dc: (ldap) looking for %s '%s'\n",
- (got_realm ? "realm" : "domain"), realm));
-
-- if (get_dc_name(domain, realm, srv_name, &ip_out)) {
-+ ok = get_dc_name(domain, realm, srv_name, &ip_out);
-+ if (ok) {
- /*
- * we call ads_try_connect() to fill in the
- * ads->config details
- */
-- if (ads_try_connect(ads, srv_name, false)) {
-+ ok = ads_try_connect(ads, false, &ip_out);
-+ if (ok) {
- return NT_STATUS_OK;
- }
- }
-@@ -445,7 +442,8 @@ static NTSTATUS ads_find_dc(ADS_STRUCT *ads)
- }
- }
-
-- if ( ads_try_connect(ads, server, false) ) {
-+ ok = ads_try_connect(ads, false, &ip_list[i].ss);
-+ if (ok) {
- SAFE_FREE(ip_list);
- SAFE_FREE(sitename);
- return NT_STATUS_OK;
-@@ -630,9 +628,19 @@ ADS_STATUS ads_connect(ADS_STRUCT *ads)
- TALLOC_FREE(s);
- }
-
-- if (ads->server.ldap_server)
-- {
-- if (ads_try_connect(ads, ads->server.ldap_server, ads->server.gc)) {
-+ if (ads->server.ldap_server) {
-+ bool ok = false;
-+ struct sockaddr_storage ss;
-+
-+ ok = resolve_name(ads->server.ldap_server, &ss, 0x20, true);
-+ if (!ok) {
-+ DEBUG(5,("ads_connect: unable to resolve name %s\n",
-+ ads->server.ldap_server));
-+ status = ADS_ERROR_NT(NT_STATUS_NOT_FOUND);
-+ goto out;
-+ }
-+ ok = ads_try_connect(ads, ads->server.gc, &ss);
-+ if (ok) {
- goto got_connection;
- }
-
---
-1.9.0
-
diff --git a/meta-networking/recipes-connectivity/samba/samba-4.1.12/05-fix-gecos-field-with-samlogon.patch b/meta-networking/recipes-connectivity/samba/samba-4.1.12/05-fix-gecos-field-with-samlogon.patch
deleted file mode 100644
index c1dfc06e9..000000000
--- a/meta-networking/recipes-connectivity/samba/samba-4.1.12/05-fix-gecos-field-with-samlogon.patch
+++ /dev/null
@@ -1,29894 +0,0 @@
-From 538f62edb2cc4c17204620d8a9b3075c7453422b Mon Sep 17 00:00:00 2001
-From: Andreas Schneider <asn@samba.org>
-Date: Thu, 4 Sep 2014 12:55:53 +0200
-Subject: [PATCH 002/249] selftest: Fix selftest where pid is used
- uninitialized.
-
-On my system this gets evaluated to 0 so in the end we detect samba to
-be running cause $childpid is set to 0.
-
-BUG: https://bugzilla.samba.org/show_bug.cgi?id=10793
-
-Signed-off-by: Andreas Schneider <asn@samba.org>
-Reviewed-by: Stefan Metzmacher <metze@samba.org>
-
-Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
-Autobuild-Date(master): Thu Sep 4 17:09:17 CEST 2014 on sn-devel-104
-
-(cherry picked from commit 6d2f56dbaf84203b351f33179cc3feaf557e0683)
-Signed-off-by: Andreas Schneider <asn@samba.org>
-
-Autobuild-User(v4-1-test): Karolin Seeger <kseeger@samba.org>
-Autobuild-Date(v4-1-test): Mon Sep 8 23:19:29 CEST 2014 on sn-devel-104
----
- selftest/target/Samba.pm | 7 ++++++-
- 1 file changed, 6 insertions(+), 1 deletion(-)
-
-diff --git a/selftest/target/Samba.pm b/selftest/target/Samba.pm
-index ab3851f..b0817fd 100644
---- a/selftest/target/Samba.pm
-+++ b/selftest/target/Samba.pm
-@@ -188,7 +188,12 @@ sub get_interface($)
- sub cleanup_child($$)
- {
- my ($pid, $name) = @_;
-- my $childpid = waitpid($pid, WNOHANG);
-+ my $childpid = -1;
-+
-+ if (defined($pid)) {
-+ $childpid = waitpid($pid, WNOHANG);
-+ }
-+
- if ($childpid == 0) {
- } elsif ($childpid < 0) {
- printf STDERR "%s child process %d isn't here any more\n",
---
-1.9.3
-
-
-From a14c0878c232dcf674008444f80dc0e5d8aada09 Mon Sep 17 00:00:00 2001
-From: Stefan Metzmacher <metze@samba.org>
-Date: Wed, 31 Jul 2013 12:33:25 +0200
-Subject: [PATCH 003/249] auth/credentials: remove pointless talloc_reference()
- from cli_credentials_get_unparsed_name()
-
-Signed-off-by: Stefan Metzmacher <metze@samba.org>
-
-Reviewed-by: Andrew Bartlett <abartlet@samba.org>
-(cherry picked from commit 953502925863377b5e566edff4ac68c63e8d151f)
----
- auth/credentials/credentials.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/auth/credentials/credentials.c b/auth/credentials/credentials.c
-index e636123..e597809 100644
---- a/auth/credentials/credentials.c
-+++ b/auth/credentials/credentials.c
-@@ -669,7 +669,7 @@ _PUBLIC_ const char *cli_credentials_get_unparsed_name(struct cli_credentials *c
- const char *name;
-
- if (bind_dn) {
-- name = talloc_reference(mem_ctx, bind_dn);
-+ name = talloc_strdup(mem_ctx, bind_dn);
- } else {
- cli_credentials_get_ntlm_username_domain(credentials, mem_ctx, &username, &domain);
- if (domain && domain[0]) {
---
-1.9.3
-
-
-From a9bbf2e55d56b9d2cec944ee32a127fc72e6ce6a Mon Sep 17 00:00:00 2001
-From: Stefan Metzmacher <metze@samba.org>
-Date: Wed, 31 Jul 2013 12:33:25 +0200
-Subject: [PATCH 004/249] auth/credentials: remove pointless talloc_reference()
- from cli_credentials_get_principal_and_obtained()
-
-Signed-off-by: Stefan Metzmacher <metze@samba.org>
-
-Reviewed-by: Andrew Bartlett <abartlet@samba.org>
-(cherry picked from commit b8f09226458dc13cf901f481ede89d8a6bb94ba7)
----
- auth/credentials/credentials.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/auth/credentials/credentials.c b/auth/credentials/credentials.c
-index e597809..7a4b081 100644
---- a/auth/credentials/credentials.c
-+++ b/auth/credentials/credentials.c
-@@ -267,7 +267,7 @@ _PUBLIC_ const char *cli_credentials_get_principal_and_obtained(struct cli_crede
- }
- }
- *obtained = cred->principal_obtained;
-- return talloc_reference(mem_ctx, cred->principal);
-+ return talloc_strdup(mem_ctx, cred->principal);
- }
-
- /**
---
-1.9.3
-
-
-From 5df785eba8389be9129984c6c5a1e59487685938 Mon Sep 17 00:00:00 2001
-From: Stefan Metzmacher <metze@samba.org>
-Date: Wed, 31 Jul 2013 12:52:17 +0200
-Subject: [PATCH 005/249] auth/credentials: add
- cli_credentials_[set_]callback_data*
-
-Signed-off-by: Stefan Metzmacher <metze@samba.org>
-
-Reviewed-by: Andrew Bartlett <abartlet@samba.org>
-(cherry picked from commit 6ff6778bdc60f1cd4d52cba83bd47d3398fe5a20)
----
- auth/credentials/credentials.c | 11 +++++++++++
- auth/credentials/credentials.h | 8 ++++++++
- 2 files changed, 19 insertions(+)
-
-diff --git a/auth/credentials/credentials.c b/auth/credentials/credentials.c
-index 7a4b081..e6a4710 100644
---- a/auth/credentials/credentials.c
-+++ b/auth/credentials/credentials.c
-@@ -114,6 +114,17 @@ _PUBLIC_ struct cli_credentials *cli_credentials_init(TALLOC_CTX *mem_ctx)
- return cred;
- }
-
-+_PUBLIC_ void cli_credentials_set_callback_data(struct cli_credentials *cred,
-+ void *callback_data)
-+{
-+ cred->priv_data = callback_data;
-+}
-+
-+_PUBLIC_ void *_cli_credentials_callback_data(struct cli_credentials *cred)
-+{
-+ return cred->priv_data;
-+}
-+
- /**
- * Create a new anonymous credential
- * @param mem_ctx TALLOC_CTX parent for credentials structure
-diff --git a/auth/credentials/credentials.h b/auth/credentials/credentials.h
-index dbc014f..0f498ad 100644
---- a/auth/credentials/credentials.h
-+++ b/auth/credentials/credentials.h
-@@ -332,6 +332,14 @@ bool cli_credentials_set_realm_callback(struct cli_credentials *cred,
- bool cli_credentials_set_workstation_callback(struct cli_credentials *cred,
- const char *(*workstation_cb) (struct cli_credentials *));
-
-+void cli_credentials_set_callback_data(struct cli_credentials *cred,
-+ void *callback_data);
-+void *_cli_credentials_callback_data(struct cli_credentials *cred);
-+#define cli_credentials_callback_data(_cred, _type) \
-+ talloc_get_type_abort(_cli_credentials_callback_data(_cred), _type)
-+#define cli_credentials_callback_data_void(_cred) \
-+ _cli_credentials_callback_data(_cred)
-+
- /**
- * Return attached NETLOGON credentials
- */
---
-1.9.3
-
-
-From 8fd0244ac8fe4998a0931bc9d51b9dfbb182a2e1 Mon Sep 17 00:00:00 2001
-From: Stefan Metzmacher <metze@samba.org>
-Date: Wed, 31 Jul 2013 13:21:14 +0200
-Subject: [PATCH 006/249] auth/credentials: add cli_credentials_shallow_copy()
-
-This is useful for testing.
-
-Signed-off-by: Stefan Metzmacher <metze@samba.org>
-
-Reviewed-by: Andrew Bartlett <abartlet@samba.org>
-(cherry picked from commit b3cd44d50cff99fa77611679d68d2d57434fefa4)
----
- auth/credentials/credentials.c | 15 +++++++++++++++
- auth/credentials/credentials.h | 3 +++
- 2 files changed, 18 insertions(+)
-
-diff --git a/auth/credentials/credentials.c b/auth/credentials/credentials.c
-index e6a4710..c1c6993 100644
---- a/auth/credentials/credentials.c
-+++ b/auth/credentials/credentials.c
-@@ -125,6 +125,21 @@ _PUBLIC_ void *_cli_credentials_callback_data(struct cli_credentials *cred)
- return cred->priv_data;
- }
-
-+_PUBLIC_ struct cli_credentials *cli_credentials_shallow_copy(TALLOC_CTX *mem_ctx,
-+ struct cli_credentials *src)
-+{
-+ struct cli_credentials *dst;
-+
-+ dst = talloc(mem_ctx, struct cli_credentials);
-+ if (dst == NULL) {
-+ return NULL;
-+ }
-+
-+ *dst = *src;
-+
-+ return dst;
-+}
-+
- /**
- * Create a new anonymous credential
- * @param mem_ctx TALLOC_CTX parent for credentials structure
-diff --git a/auth/credentials/credentials.h b/auth/credentials/credentials.h
-index 0f498ad..1377bfa 100644
---- a/auth/credentials/credentials.h
-+++ b/auth/credentials/credentials.h
-@@ -340,6 +340,9 @@ void *_cli_credentials_callback_data(struct cli_credentials *cred);
- #define cli_credentials_callback_data_void(_cred) \
- _cli_credentials_callback_data(_cred)
-
-+struct cli_credentials *cli_credentials_shallow_copy(TALLOC_CTX *mem_ctx,
-+ struct cli_credentials *src);
-+
- /**
- * Return attached NETLOGON credentials
- */
---
-1.9.3
-
-
-From 52e4028da5db90ce3ee410997ea3464374fec46b Mon Sep 17 00:00:00 2001
-From: Stefan Metzmacher <metze@samba.org>
-Date: Wed, 31 Jul 2013 13:20:13 +0200
-Subject: [PATCH 007/249] s3:ntlm_auth: remove pointless credentials->priv_data
- = NULL;
-
-Signed-off-by: Stefan Metzmacher <metze@samba.org>
-
-Reviewed-by: Andrew Bartlett <abartlet@samba.org>
-(cherry picked from commit cfeeb3ce3de5d1df07299fb83327ae258da0bf8d)
----
- source3/utils/ntlm_auth.c | 1 -
- 1 file changed, 1 deletion(-)
-
-diff --git a/source3/utils/ntlm_auth.c b/source3/utils/ntlm_auth.c
-index b3bbaa4..a5e0cd2 100644
---- a/source3/utils/ntlm_auth.c
-+++ b/source3/utils/ntlm_auth.c
-@@ -228,7 +228,6 @@ static const char *get_password(struct cli_credentials *credentials)
-
- /* Ask for a password */
- x_fprintf(x_stdout, "PW\n");
-- credentials->priv_data = NULL;
-
- manage_squid_request(NUM_HELPER_MODES /* bogus */, NULL, NULL, manage_gensec_get_pw_request, (void **)&password);
- talloc_steal(credentials, password);
---
-1.9.3
-
-
-From bdfb13b91ce8961caeb98b01a75893895e8d484a Mon Sep 17 00:00:00 2001
-From: Stefan Metzmacher <metze@samba.org>
-Date: Wed, 31 Jul 2013 13:22:10 +0200
-Subject: [PATCH 008/249] s4:torture/shell: simplify
- cli_credentials_set_password() call
-
-All we want is to avoid a possible callback...
-
-Signed-off-by: Stefan Metzmacher <metze@samba.org>
-
-Reviewed-by: Andrew Bartlett <abartlet@samba.org>
-(cherry picked from commit 36b3c9506c1ac5549a38140e7ffd57644290069f)
----
- source4/torture/shell.c | 5 +----
- 1 file changed, 1 insertion(+), 4 deletions(-)
-
-diff --git a/source4/torture/shell.c b/source4/torture/shell.c
-index d6cc94c..aa85da3 100644
---- a/source4/torture/shell.c
-+++ b/source4/torture/shell.c
-@@ -110,10 +110,7 @@ void torture_shell(struct torture_context *tctx)
- * stops the credentials system prompting when we use the "auth"
- * command to display the current auth parameters.
- */
-- if (cmdline_credentials->password_obtained != CRED_SPECIFIED) {
-- cli_credentials_set_password(cmdline_credentials, "",
-- CRED_SPECIFIED);
-- }
-+ cli_credentials_set_password(cmdline_credentials, "", CRED_GUESS_ENV);
-
- while (1) {
- cline = smb_readline("torture> ", NULL, NULL);
---
-1.9.3
-
-
-From 91c0d6a26823f3057357c6b31bf1f686e5ed0f5e Mon Sep 17 00:00:00 2001
-From: Stefan Metzmacher <metze@samba.org>
-Date: Wed, 31 Jul 2013 13:23:08 +0200
-Subject: [PATCH 009/249] s4:torture/gentest: make use of
- cli_credentials_get_username()
-
-Signed-off-by: Stefan Metzmacher <metze@samba.org>
-
-Reviewed-by: Andrew Bartlett <abartlet@samba.org>
-(cherry picked from commit d36fcaa5f3c4d1ad54d767f4a7c5fa6c8d69c00e)
----
- source4/torture/gentest.c | 3 ++-
- 1 file changed, 2 insertions(+), 1 deletion(-)
-
-diff --git a/source4/torture/gentest.c b/source4/torture/gentest.c
-index 91b60e2..586a25b 100644
---- a/source4/torture/gentest.c
-+++ b/source4/torture/gentest.c
-@@ -221,7 +221,8 @@ static bool connect_servers(struct tevent_context *ev,
-
- printf("Connecting to \\\\%s\\%s as %s - instance %d\n",
- servers[i].server_name, servers[i].share_name,
-- servers[i].credentials->username, j);
-+ cli_credentials_get_username(servers[i].credentials),
-+ j);
-
- cli_credentials_set_workstation(servers[i].credentials,
- "gentest", CRED_SPECIFIED);
---
-1.9.3
-
-
-From 9687534ac54b732f73c3f4758055a278eaa0cbb2 Mon Sep 17 00:00:00 2001
-From: Stefan Metzmacher <metze@samba.org>
-Date: Wed, 31 Jul 2013 13:23:41 +0200
-Subject: [PATCH 010/249] s4:torture/rpc: make use of
- cli_credentials_set_netlogon_creds()
-
-Signed-off-by: Stefan Metzmacher <metze@samba.org>
-
-Reviewed-by: Andrew Bartlett <abartlet@samba.org>
-(cherry picked from commit d47bf469b8a9064f4f7033918b1fe519adfa0c26)
----
- source4/torture/rpc/schannel.c | 36 ++++++++++++++++--------------------
- 1 file changed, 16 insertions(+), 20 deletions(-)
-
-diff --git a/source4/torture/rpc/schannel.c b/source4/torture/rpc/schannel.c
-index e0862d2..8203749 100644
---- a/source4/torture/rpc/schannel.c
-+++ b/source4/torture/rpc/schannel.c
-@@ -604,9 +604,9 @@ bool torture_rpc_schannel2(struct torture_context *torture)
- torture_assert(torture, join_ctx != NULL,
- "Failed to join domain with acct_flags=ACB_WSTRUST");
-
-- credentials2 = (struct cli_credentials *)talloc_memdup(torture, credentials1, sizeof(*credentials1));
-- credentials1->netlogon_creds = NULL;
-- credentials2->netlogon_creds = NULL;
-+ credentials2 = cli_credentials_shallow_copy(torture, credentials1);
-+ cli_credentials_set_netlogon_creds(credentials1, NULL);
-+ cli_credentials_set_netlogon_creds(credentials2, NULL);
-
- status = dcerpc_parse_binding(torture, binding, &b);
- torture_assert_ntstatus_ok(torture, status, "Bad binding string");
-@@ -624,8 +624,8 @@ bool torture_rpc_schannel2(struct torture_context *torture)
- credentials2, torture->ev, torture->lp_ctx);
- torture_assert_ntstatus_ok(torture, status, "Failed to connect with schannel");
-
-- credentials1->netlogon_creds = NULL;
-- credentials2->netlogon_creds = NULL;
-+ cli_credentials_set_netlogon_creds(credentials1, NULL);
-+ cli_credentials_set_netlogon_creds(credentials2, NULL);
-
- torture_comment(torture, "Testing logon on pipe1\n");
- if (!test_netlogon_ex_ops(p1, torture, credentials1, NULL))
-@@ -827,16 +827,12 @@ bool torture_rpc_schannel_bench1(struct torture_context *torture)
- s->nprocs = torture_setting_int(torture, "nprocs", 4);
- s->conns = talloc_zero_array(s, struct torture_schannel_bench_conn, s->nprocs);
-
-- s->user1_creds = (struct cli_credentials *)talloc_memdup(s,
-- cmdline_credentials,
-- sizeof(*s->user1_creds));
-+ s->user1_creds = cli_credentials_shallow_copy(s, cmdline_credentials);
- tmp = torture_setting_string(s->tctx, "extra_user1", NULL);
- if (tmp) {
- cli_credentials_parse_string(s->user1_creds, tmp, CRED_SPECIFIED);
- }
-- s->user2_creds = (struct cli_credentials *)talloc_memdup(s,
-- cmdline_credentials,
-- sizeof(*s->user1_creds));
-+ s->user2_creds = cli_credentials_shallow_copy(s, cmdline_credentials);
- tmp = torture_setting_string(s->tctx, "extra_user2", NULL);
- if (tmp) {
- cli_credentials_parse_string(s->user1_creds, tmp, CRED_SPECIFIED);
-@@ -855,15 +851,16 @@ bool torture_rpc_schannel_bench1(struct torture_context *torture)
- cli_credentials_set_kerberos_state(s->wks_creds2, CRED_DONT_USE_KERBEROS);
-
- for (i=0; i < s->nprocs; i++) {
-- s->conns[i].s = s;
-- s->conns[i].index = i;
-- s->conns[i].wks_creds = (struct cli_credentials *)talloc_memdup(
-- s->conns, s->wks_creds1,sizeof(*s->wks_creds1));
-+ struct cli_credentials *wks = s->wks_creds1;
-+
- if ((i % 2) && (torture_setting_bool(torture, "multijoin", false))) {
-- memcpy(s->conns[i].wks_creds, s->wks_creds2,
-- talloc_get_size(s->conns[i].wks_creds));
-+ wks = s->wks_creds2;
- }
-- s->conns[i].wks_creds->netlogon_creds = NULL;
-+
-+ s->conns[i].s = s;
-+ s->conns[i].index = i;
-+ s->conns[i].wks_creds = cli_credentials_shallow_copy(s->conns, wks);
-+ cli_credentials_set_netlogon_creds(s->conns[i].wks_creds, NULL);
- }
-
- status = dcerpc_parse_binding(s, binding, &s->b);
-@@ -962,8 +959,7 @@ bool torture_rpc_schannel_bench1(struct torture_context *torture)
-
- /* Just as a test, connect with the new creds */
-
-- talloc_free(s->wks_creds1->netlogon_creds);
-- s->wks_creds1->netlogon_creds = NULL;
-+ cli_credentials_set_netlogon_creds(s->wks_creds1, NULL);
-
- status = dcerpc_pipe_connect_b(s, &net_pipe, s->b,
- &ndr_table_netlogon,
---
-1.9.3
-
-
-From de6c67e98d94d003f36fef5472b8133c578b3c01 Mon Sep 17 00:00:00 2001
-From: Stefan Metzmacher <metze@samba.org>
-Date: Wed, 31 Jul 2013 13:24:21 +0200
-Subject: [PATCH 011/249] s4:ntlm_auth: make use of
- cli_credentials_[set_]callback_data*
-
-Signed-off-by: Stefan Metzmacher <metze@samba.org>
-
-Reviewed-by: Andrew Bartlett <abartlet@samba.org>
-(cherry picked from commit bbd63dd8a17468d3e332969a30c06e2b2f1540fc)
----
- source4/utils/ntlm_auth.c | 10 ++++++----
- 1 file changed, 6 insertions(+), 4 deletions(-)
-
-diff --git a/source4/utils/ntlm_auth.c b/source4/utils/ntlm_auth.c
-index c363c9d..136e238 100644
---- a/source4/utils/ntlm_auth.c
-+++ b/source4/utils/ntlm_auth.c
-@@ -299,10 +299,11 @@ static void manage_gensec_get_pw_request(enum stdio_helper_mode stdio_helper_mod
- static const char *get_password(struct cli_credentials *credentials)
- {
- char *password = NULL;
--
-+ void *cb = cli_credentials_callback_data_void(credentials);
-+
- /* Ask for a password */
-- mux_printf((unsigned int)(uintptr_t)credentials->priv_data, "PW\n");
-- credentials->priv_data = NULL;
-+ mux_printf((unsigned int)(uintptr_t)cb, "PW\n");
-+ cli_credentials_set_callback_data(credentials, NULL);
-
- manage_squid_request(cmdline_lp_ctx, NUM_HELPER_MODES /* bogus */, manage_gensec_get_pw_request, (void **)&password);
- return password;
-@@ -505,8 +506,9 @@ static void manage_gensec_request(enum stdio_helper_mode stdio_helper_mode,
- if (state->set_password) {
- cli_credentials_set_password(creds, state->set_password, CRED_SPECIFIED);
- } else {
-+ void *cb = (void*)(uintptr_t)mux_id;
-+ cli_credentials_set_callback_data(creds, cb);
- cli_credentials_set_password_callback(creds, get_password);
-- creds->priv_data = (void*)(uintptr_t)mux_id;
- }
- if (opt_workstation) {
- cli_credentials_set_workstation(creds, opt_workstation, CRED_SPECIFIED);
---
-1.9.3
-
-
-From 80c611a2b424e4e4a7e6de7ed6b9368bff0d9afb Mon Sep 17 00:00:00 2001
-From: Stefan Metzmacher <metze@samba.org>
-Date: Wed, 31 Jul 2013 12:41:40 +0200
-Subject: [PATCH 012/249] auth/credentials: keep cli_credentials private
-
-Signed-off-by: Stefan Metzmacher <metze@samba.org>
-
-Reviewed-by: Andrew Bartlett <abartlet@samba.org>
-(cherry picked from commit 9325bd9cb6bb942ea989f4e32799c76ea8af3d3e)
----
- auth/credentials/credentials.c | 1 +
- auth/credentials/credentials.h | 101 +++-------------------------
- auth/credentials/credentials_internal.h | 114 ++++++++++++++++++++++++++++++++
- auth/credentials/credentials_krb5.c | 1 +
- auth/credentials/credentials_ntlm.c | 1 +
- auth/credentials/credentials_secrets.c | 1 +
- 6 files changed, 126 insertions(+), 93 deletions(-)
- create mode 100644 auth/credentials/credentials_internal.h
-
-diff --git a/auth/credentials/credentials.c b/auth/credentials/credentials.c
-index c1c6993..f334465 100644
---- a/auth/credentials/credentials.c
-+++ b/auth/credentials/credentials.c
-@@ -24,6 +24,7 @@
- #include "includes.h"
- #include "librpc/gen_ndr/samr.h" /* for struct samrPassword */
- #include "auth/credentials/credentials.h"
-+#include "auth/credentials/credentials_internal.h"
- #include "libcli/auth/libcli_auth.h"
- #include "tevent.h"
- #include "param/param.h"
-diff --git a/auth/credentials/credentials.h b/auth/credentials/credentials.h
-index 1377bfa..cb09dc3 100644
---- a/auth/credentials/credentials.h
-+++ b/auth/credentials/credentials.h
-@@ -25,9 +25,17 @@
- #include "../lib/util/data_blob.h"
- #include "librpc/gen_ndr/misc.h"
-
-+struct cli_credentials;
- struct ccache_container;
- struct tevent_context;
- struct netlogon_creds_CredentialState;
-+struct ldb_context;
-+struct ldb_message;
-+struct loadparm_context;
-+struct ccache_container;
-+struct gssapi_creds_container;
-+struct smb_krb5_context;
-+struct keytab_container;
-
- /* In order of priority */
- enum credentials_obtained {
-@@ -57,99 +65,6 @@ enum credentials_krb_forwardable {
- #define CLI_CRED_NTLM_AUTH 0x08
- #define CLI_CRED_CLEAR_AUTH 0x10 /* TODO: Push cleartext auth with this flag */
-
--struct cli_credentials {
-- enum credentials_obtained workstation_obtained;
-- enum credentials_obtained username_obtained;
-- enum credentials_obtained password_obtained;
-- enum credentials_obtained domain_obtained;
-- enum credentials_obtained realm_obtained;
-- enum credentials_obtained ccache_obtained;
-- enum credentials_obtained client_gss_creds_obtained;
-- enum credentials_obtained principal_obtained;
-- enum credentials_obtained keytab_obtained;
-- enum credentials_obtained server_gss_creds_obtained;
--
-- /* Threshold values (essentially a MAX() over a number of the
-- * above) for the ccache and GSS credentials, to ensure we
-- * regenerate/pick correctly */
--
-- enum credentials_obtained ccache_threshold;
-- enum credentials_obtained client_gss_creds_threshold;
--
-- const char *workstation;
-- const char *username;
-- const char *password;
-- const char *old_password;
-- const char *domain;
-- const char *realm;
-- const char *principal;
-- char *salt_principal;
-- char *impersonate_principal;
-- char *self_service;
-- char *target_service;
--
-- const char *bind_dn;
--
-- /* Allows authentication from a keytab or similar */
-- struct samr_Password *nt_hash;
--
-- /* Allows NTLM pass-though authentication */
-- DATA_BLOB lm_response;
-- DATA_BLOB nt_response;
--
-- struct ccache_container *ccache;
-- struct gssapi_creds_container *client_gss_creds;
-- struct keytab_container *keytab;
-- struct gssapi_creds_container *server_gss_creds;
--
-- const char *(*workstation_cb) (struct cli_credentials *);
-- const char *(*password_cb) (struct cli_credentials *);
-- const char *(*username_cb) (struct cli_credentials *);
-- const char *(*domain_cb) (struct cli_credentials *);
-- const char *(*realm_cb) (struct cli_credentials *);
-- const char *(*principal_cb) (struct cli_credentials *);
--
-- /* Private handle for the callback routines to use */
-- void *priv_data;
--
-- struct netlogon_creds_CredentialState *netlogon_creds;
-- enum netr_SchannelType secure_channel_type;
-- int kvno;
-- time_t password_last_changed_time;
--
-- struct smb_krb5_context *smb_krb5_context;
--
-- /* We are flagged to get machine account details from the
-- * secrets.ldb when we are asked for a username or password */
-- bool machine_account_pending;
-- struct loadparm_context *machine_account_pending_lp_ctx;
--
-- /* Is this a machine account? */
-- bool machine_account;
--
-- /* Should we be trying to use kerberos? */
-- enum credentials_use_kerberos use_kerberos;
--
-- /* Should we get a forwardable ticket? */
-- enum credentials_krb_forwardable krb_forwardable;
--
-- /* gensec features which should be used for connections */
-- uint32_t gensec_features;
--
-- /* Number of retries left before bailing out */
-- int tries;
--
-- /* Whether any callback is currently running */
-- bool callback_running;
--};
--
--struct ldb_context;
--struct ldb_message;
--struct loadparm_context;
--struct ccache_container;
--
--struct gssapi_creds_container;
--
- const char *cli_credentials_get_workstation(struct cli_credentials *cred);
- bool cli_credentials_set_workstation(struct cli_credentials *cred,
- const char *val,
-diff --git a/auth/credentials/credentials_internal.h b/auth/credentials/credentials_internal.h
-new file mode 100644
-index 0000000..5a3655b
---- /dev/null
-+++ b/auth/credentials/credentials_internal.h
-@@ -0,0 +1,114 @@
-+/*
-+ samba -- Unix SMB/CIFS implementation.
-+
-+ Client credentials structure
-+
-+ Copyright (C) Jelmer Vernooij 2004-2006
-+ Copyright (C) Andrew Bartlett <abartlet@samba.org> 2005
-+
-+ This program is free software; you can redistribute it and/or modify
-+ it under the terms of the GNU General Public License as published by
-+ the Free Software Foundation; either version 3 of the License, or
-+ (at your option) any later version.
-+
-+ This program is distributed in the hope that it will be useful,
-+ but WITHOUT ANY WARRANTY; without even the implied warranty of
-+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-+ GNU General Public License for more details.
-+
-+ You should have received a copy of the GNU General Public License
-+ along with this program. If not, see <http://www.gnu.org/licenses/>.
-+*/
-+#ifndef __CREDENTIALS_INTERNAL_H__
-+#define __CREDENTIALS_INTERNAL_H__
-+
-+#include "../lib/util/data_blob.h"
-+#include "librpc/gen_ndr/misc.h"
-+
-+struct cli_credentials {
-+ enum credentials_obtained workstation_obtained;
-+ enum credentials_obtained username_obtained;
-+ enum credentials_obtained password_obtained;
-+ enum credentials_obtained domain_obtained;
-+ enum credentials_obtained realm_obtained;
-+ enum credentials_obtained ccache_obtained;
-+ enum credentials_obtained client_gss_creds_obtained;
-+ enum credentials_obtained principal_obtained;
-+ enum credentials_obtained keytab_obtained;
-+ enum credentials_obtained server_gss_creds_obtained;
-+
-+ /* Threshold values (essentially a MAX() over a number of the
-+ * above) for the ccache and GSS credentials, to ensure we
-+ * regenerate/pick correctly */
-+
-+ enum credentials_obtained ccache_threshold;
-+ enum credentials_obtained client_gss_creds_threshold;
-+
-+ const char *workstation;
-+ const char *username;
-+ const char *password;
-+ const char *old_password;
-+ const char *domain;
-+ const char *realm;
-+ const char *principal;
-+ char *salt_principal;
-+ char *impersonate_principal;
-+ char *self_service;
-+ char *target_service;
-+
-+ const char *bind_dn;
-+
-+ /* Allows authentication from a keytab or similar */
-+ struct samr_Password *nt_hash;
-+
-+ /* Allows NTLM pass-though authentication */
-+ DATA_BLOB lm_response;
-+ DATA_BLOB nt_response;
-+
-+ struct ccache_container *ccache;
-+ struct gssapi_creds_container *client_gss_creds;
-+ struct keytab_container *keytab;
-+ struct gssapi_creds_container *server_gss_creds;
-+
-+ const char *(*workstation_cb) (struct cli_credentials *);
-+ const char *(*password_cb) (struct cli_credentials *);
-+ const char *(*username_cb) (struct cli_credentials *);
-+ const char *(*domain_cb) (struct cli_credentials *);
-+ const char *(*realm_cb) (struct cli_credentials *);
-+ const char *(*principal_cb) (struct cli_credentials *);
-+
-+ /* Private handle for the callback routines to use */
-+ void *priv_data;
-+
-+ struct netlogon_creds_CredentialState *netlogon_creds;
-+ enum netr_SchannelType secure_channel_type;
-+ int kvno;
-+ time_t password_last_changed_time;
-+
-+ struct smb_krb5_context *smb_krb5_context;
-+
-+ /* We are flagged to get machine account details from the
-+ * secrets.ldb when we are asked for a username or password */
-+ bool machine_account_pending;
-+ struct loadparm_context *machine_account_pending_lp_ctx;
-+
-+ /* Is this a machine account? */
-+ bool machine_account;
-+
-+ /* Should we be trying to use kerberos? */
-+ enum credentials_use_kerberos use_kerberos;
-+
-+ /* Should we get a forwardable ticket? */
-+ enum credentials_krb_forwardable krb_forwardable;
-+
-+ /* gensec features which should be used for connections */
-+ uint32_t gensec_features;
-+
-+ /* Number of retries left before bailing out */
-+ int tries;
-+
-+ /* Whether any callback is currently running */
-+ bool callback_running;
-+};
-+
-+#endif /* __CREDENTIALS_INTERNAL_H__ */
-diff --git a/auth/credentials/credentials_krb5.c b/auth/credentials/credentials_krb5.c
-index ec6a695..489a959 100644
---- a/auth/credentials/credentials_krb5.c
-+++ b/auth/credentials/credentials_krb5.c
-@@ -26,6 +26,7 @@
- #include "system/gssapi.h"
- #include "auth/kerberos/kerberos.h"
- #include "auth/credentials/credentials.h"
-+#include "auth/credentials/credentials_internal.h"
- #include "auth/credentials/credentials_proto.h"
- #include "auth/credentials/credentials_krb5.h"
- #include "auth/kerberos/kerberos_credentials.h"
-diff --git a/auth/credentials/credentials_ntlm.c b/auth/credentials/credentials_ntlm.c
-index 8f143bf..8c6be39 100644
---- a/auth/credentials/credentials_ntlm.c
-+++ b/auth/credentials/credentials_ntlm.c
-@@ -26,6 +26,7 @@
- #include "../lib/crypto/crypto.h"
- #include "libcli/auth/libcli_auth.h"
- #include "auth/credentials/credentials.h"
-+#include "auth/credentials/credentials_internal.h"
-
- _PUBLIC_ NTSTATUS cli_credentials_get_ntlm_response(struct cli_credentials *cred, TALLOC_CTX *mem_ctx,
- int *flags,
-diff --git a/auth/credentials/credentials_secrets.c b/auth/credentials/credentials_secrets.c
-index 27ee607..678d167 100644
---- a/auth/credentials/credentials_secrets.c
-+++ b/auth/credentials/credentials_secrets.c
-@@ -28,6 +28,7 @@
- #include "param/secrets.h"
- #include "system/filesys.h"
- #include "auth/credentials/credentials.h"
-+#include "auth/credentials/credentials_internal.h"
- #include "auth/credentials/credentials_proto.h"
- #include "auth/credentials/credentials_krb5.h"
- #include "auth/kerberos/kerberos_util.h"
---
-1.9.3
-
-
-From 96ea01159cfee1e384dbd5966c7eb512d495e322 Mon Sep 17 00:00:00 2001
-From: Stefan Metzmacher <metze@samba.org>
-Date: Wed, 31 Jul 2013 13:39:17 +0200
-Subject: [PATCH 013/249] auth/credentials: get the old password from
- secrets.tdb
-
-Signed-off-by: Stefan Metzmacher <metze@samba.org>
-
-Reviewed-by: Andrew Bartlett <abartlet@samba.org>
-(cherry picked from commit 26a7420c1c4307023b22676cd85d95010ecbf603)
----
- auth/credentials/credentials_secrets.c | 11 +++++++++++
- 1 file changed, 11 insertions(+)
-
-diff --git a/auth/credentials/credentials_secrets.c b/auth/credentials/credentials_secrets.c
-index 678d167..6c1cded 100644
---- a/auth/credentials/credentials_secrets.c
-+++ b/auth/credentials/credentials_secrets.c
-@@ -238,6 +238,7 @@ _PUBLIC_ NTSTATUS cli_credentials_set_machine_account(struct cli_credentials *cr
- bool secrets_tdb_password_more_recent;
- time_t secrets_tdb_lct = 0;
- char *secrets_tdb_password = NULL;
-+ char *secrets_tdb_old_password = NULL;
- char *keystr;
- char *keystr_upper = NULL;
- char *secrets_tdb;
-@@ -285,6 +286,15 @@ _PUBLIC_ NTSTATUS cli_credentials_set_machine_account(struct cli_credentials *cr
- if (NT_STATUS_IS_OK(status)) {
- secrets_tdb_password = (char *)dbuf.dptr;
- }
-+ keystr = talloc_asprintf(tmp_ctx, "%s/%s",
-+ SECRETS_MACHINE_PASSWORD_PREV,
-+ domain);
-+ keystr_upper = strupper_talloc(tmp_ctx, keystr);
-+ status = dbwrap_fetch(db_ctx, tmp_ctx, string_tdb_data(keystr_upper),
-+ &dbuf);
-+ if (NT_STATUS_IS_OK(status)) {
-+ secrets_tdb_old_password = (char *)dbuf.dptr;
-+ }
- }
-
- filter = talloc_asprintf(cred, SECRETS_PRIMARY_DOMAIN_FILTER,
-@@ -308,6 +318,7 @@ _PUBLIC_ NTSTATUS cli_credentials_set_machine_account(struct cli_credentials *cr
- if (secrets_tdb_password_more_recent) {
- char *machine_account = talloc_asprintf(tmp_ctx, "%s$", lpcfg_netbios_name(lp_ctx));
- cli_credentials_set_password(cred, secrets_tdb_password, CRED_SPECIFIED);
-+ cli_credentials_set_old_password(cred, secrets_tdb_old_password, CRED_SPECIFIED);
- cli_credentials_set_domain(cred, domain, CRED_SPECIFIED);
- cli_credentials_set_username(cred, machine_account, CRED_SPECIFIED);
- } else if (!NT_STATUS_IS_OK(status)) {
---
-1.9.3
-
-
-From 74f5c14921f53b95b64dbcbf0352a89d50b20af1 Mon Sep 17 00:00:00 2001
-From: Stefan Metzmacher <metze@samba.org>
-Date: Wed, 31 Jul 2013 14:25:54 +0200
-Subject: [PATCH 014/249] auth/credentials: simplify password_tries state
-
-Signed-off-by: Stefan Metzmacher <metze@samba.org>
-
-Reviewed-by: Andrew Bartlett <abartlet@samba.org>
-(cherry picked from commit 8ea36a8e58d499aa7bf342b365ca00cb39f295b6)
----
- auth/credentials/credentials.c | 19 ++++++++++++++-----
- auth/credentials/credentials_internal.h | 2 +-
- 2 files changed, 15 insertions(+), 6 deletions(-)
-
-diff --git a/auth/credentials/credentials.c b/auth/credentials/credentials.c
-index f334465..4ac5356 100644
---- a/auth/credentials/credentials.c
-+++ b/auth/credentials/credentials.c
-@@ -104,7 +104,7 @@ _PUBLIC_ struct cli_credentials *cli_credentials_init(TALLOC_CTX *mem_ctx)
-
- cred->machine_account = false;
-
-- cred->tries = 3;
-+ cred->password_tries = 0;
-
- cred->callback_running = false;
-
-@@ -397,6 +397,7 @@ _PUBLIC_ bool cli_credentials_set_password(struct cli_credentials *cred,
- enum credentials_obtained obtained)
- {
- if (obtained >= cred->password_obtained) {
-+ cred->password_tries = 0;
- cred->password = talloc_strdup(cred, val);
- if (cred->password) {
- /* Don't print the actual password in talloc memory dumps */
-@@ -418,6 +419,7 @@ _PUBLIC_ bool cli_credentials_set_password_callback(struct cli_credentials *cred
- const char *(*password_cb) (struct cli_credentials *))
- {
- if (cred->password_obtained < CRED_CALLBACK) {
-+ cred->password_tries = 3;
- cred->password_cb = password_cb;
- cred->password_obtained = CRED_CALLBACK;
- cli_credentials_invalidate_ccache(cred, cred->password_obtained);
-@@ -897,12 +899,19 @@ _PUBLIC_ bool cli_credentials_wrong_password(struct cli_credentials *cred)
- if (cred->password_obtained != CRED_CALLBACK_RESULT) {
- return false;
- }
--
-- cred->password_obtained = CRED_CALLBACK;
-
-- cred->tries--;
-+ if (cred->password_tries == 0) {
-+ return false;
-+ }
-+
-+ cred->password_tries--;
-
-- return (cred->tries > 0);
-+ if (cred->password_tries == 0) {
-+ return false;
-+ }
-+
-+ cred->password_obtained = CRED_CALLBACK;
-+ return true;
- }
-
- _PUBLIC_ void cli_credentials_get_ntlm_username_domain(struct cli_credentials *cred, TALLOC_CTX *mem_ctx,
-diff --git a/auth/credentials/credentials_internal.h b/auth/credentials/credentials_internal.h
-index 5a3655b..f2f79b9 100644
---- a/auth/credentials/credentials_internal.h
-+++ b/auth/credentials/credentials_internal.h
-@@ -105,7 +105,7 @@ struct cli_credentials {
- uint32_t gensec_features;
-
- /* Number of retries left before bailing out */
-- int tries;
-+ uint32_t password_tries;
-
- /* Whether any callback is currently running */
- bool callback_running;
---
-1.9.3
-
-
-From 8d2c51caeecebc0b7d16fb7cf7b7fe2f2b5d8edd Mon Sep 17 00:00:00 2001
-From: Stefan Metzmacher <metze@samba.org>
-Date: Wed, 31 Jul 2013 14:32:36 +0200
-Subject: [PATCH 015/249] auth/credentials: use CRED_CALLBACK_RESULT after a
- callback
-
-We only do this if it's still CRED_CALLBACK after the callback,
-this allowes the callback to overwrite it.
-
-Signed-off-by: Stefan Metzmacher <metze@samba.org>
-
-Reviewed-by: Andrew Bartlett <abartlet@samba.org>
-
-Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
-Autobuild-Date(master): Mon Aug 5 09:36:05 CEST 2013 on sn-devel-104
-(cherry picked from commit b699d404bb5d4385a757b5aa5d0e792cf9d5de59)
----
- auth/credentials/credentials.c | 34 +++++++++++++++++++++++-----------
- 1 file changed, 23 insertions(+), 11 deletions(-)
-
-diff --git a/auth/credentials/credentials.c b/auth/credentials/credentials.c
-index 4ac5356..be497bc 100644
---- a/auth/credentials/credentials.c
-+++ b/auth/credentials/credentials.c
-@@ -206,8 +206,10 @@ _PUBLIC_ const char *cli_credentials_get_username(struct cli_credentials *cred)
- cred->callback_running = true;
- cred->username = cred->username_cb(cred);
- cred->callback_running = false;
-- cred->username_obtained = CRED_SPECIFIED;
-- cli_credentials_invalidate_ccache(cred, cred->username_obtained);
-+ if (cred->username_obtained == CRED_CALLBACK) {
-+ cred->username_obtained = CRED_CALLBACK_RESULT;
-+ cli_credentials_invalidate_ccache(cred, cred->username_obtained);
-+ }
- }
-
- return cred->username;
-@@ -275,8 +277,10 @@ _PUBLIC_ const char *cli_credentials_get_principal_and_obtained(struct cli_crede
- cred->callback_running = true;
- cred->principal = cred->principal_cb(cred);
- cred->callback_running = false;
-- cred->principal_obtained = CRED_SPECIFIED;
-- cli_credentials_invalidate_ccache(cred, cred->principal_obtained);
-+ if (cred->principal_obtained == CRED_CALLBACK) {
-+ cred->principal_obtained = CRED_CALLBACK_RESULT;
-+ cli_credentials_invalidate_ccache(cred, cred->principal_obtained);
-+ }
- }
-
- if (cred->principal_obtained < cred->username_obtained
-@@ -382,8 +386,10 @@ _PUBLIC_ const char *cli_credentials_get_password(struct cli_credentials *cred)
- cred->callback_running = true;
- cred->password = cred->password_cb(cred);
- cred->callback_running = false;
-- cred->password_obtained = CRED_CALLBACK_RESULT;
-- cli_credentials_invalidate_ccache(cred, cred->password_obtained);
-+ if (cred->password_obtained == CRED_CALLBACK) {
-+ cred->password_obtained = CRED_CALLBACK_RESULT;
-+ cli_credentials_invalidate_ccache(cred, cred->password_obtained);
-+ }
- }
-
- return cred->password;
-@@ -502,8 +508,10 @@ _PUBLIC_ const char *cli_credentials_get_domain(struct cli_credentials *cred)
- cred->callback_running = true;
- cred->domain = cred->domain_cb(cred);
- cred->callback_running = false;
-- cred->domain_obtained = CRED_SPECIFIED;
-- cli_credentials_invalidate_ccache(cred, cred->domain_obtained);
-+ if (cred->domain_obtained == CRED_CALLBACK) {
-+ cred->domain_obtained = CRED_CALLBACK_RESULT;
-+ cli_credentials_invalidate_ccache(cred, cred->domain_obtained);
-+ }
- }
-
- return cred->domain;
-@@ -561,8 +569,10 @@ _PUBLIC_ const char *cli_credentials_get_realm(struct cli_credentials *cred)
- cred->callback_running = true;
- cred->realm = cred->realm_cb(cred);
- cred->callback_running = false;
-- cred->realm_obtained = CRED_SPECIFIED;
-- cli_credentials_invalidate_ccache(cred, cred->realm_obtained);
-+ if (cred->realm_obtained == CRED_CALLBACK) {
-+ cred->realm_obtained = CRED_CALLBACK_RESULT;
-+ cli_credentials_invalidate_ccache(cred, cred->realm_obtained);
-+ }
- }
-
- return cred->realm;
-@@ -612,7 +622,9 @@ _PUBLIC_ const char *cli_credentials_get_workstation(struct cli_credentials *cre
- cred->callback_running = true;
- cred->workstation = cred->workstation_cb(cred);
- cred->callback_running = false;
-- cred->workstation_obtained = CRED_SPECIFIED;
-+ if (cred->workstation_obtained == CRED_CALLBACK) {
-+ cred->workstation_obtained = CRED_CALLBACK_RESULT;
-+ }
- }
-
- return cred->workstation;
---
-1.9.3
-
-
-From a498324b38326a874616b0bab1e5a9cd29b664ce Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?G=C3=BCnther=20Deschner?= <gd@samba.org>
-Date: Fri, 17 May 2013 16:02:59 +0200
-Subject: [PATCH 016/249] s3-net: pass down ndr_interface_table to
- connect_dst_pipe().
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-Guenther
-
-Signed-off-by: Günther Deschner <gd@samba.org>
-Reviewed-by: Stefan Metzmacher <metze@samba.org>
-Reviewed-by: Andreas Schneider <asn@samba.org>
-(cherry picked from commit 93e92faca9c99cd91878c2f48fb244233b16aa0f)
----
- source3/utils/net_proto.h | 2 +-
- source3/utils/net_rpc.c | 4 ++--
- source3/utils/net_rpc_printer.c | 10 +++++-----
- source3/utils/net_util.c | 4 ++--
- 4 files changed, 10 insertions(+), 10 deletions(-)
-
-diff --git a/source3/utils/net_proto.h b/source3/utils/net_proto.h
-index 3f99e14..03fb312 100644
---- a/source3/utils/net_proto.h
-+++ b/source3/utils/net_proto.h
-@@ -416,7 +416,7 @@ NTSTATUS connect_to_ipc_anonymous(struct net_context *c,
- const char *server_name);
- NTSTATUS connect_dst_pipe(struct net_context *c, struct cli_state **cli_dst,
- struct rpc_pipe_client **pp_pipe_hnd,
-- const struct ndr_syntax_id *interface);
-+ const struct ndr_interface_table *table);
- int net_use_krb_machine_account(struct net_context *c);
- int net_use_machine_account(struct net_context *c);
- bool net_find_server(struct net_context *c,
-diff --git a/source3/utils/net_rpc.c b/source3/utils/net_rpc.c
-index c5c4d6c..4503f59 100644
---- a/source3/utils/net_rpc.c
-+++ b/source3/utils/net_rpc.c
-@@ -3654,7 +3654,7 @@ static NTSTATUS rpc_share_migrate_shares_internals(struct net_context *c,
-
- /* connect destination PI_SRVSVC */
- nt_status = connect_dst_pipe(c, &cli_dst, &srvsvc_pipe,
-- &ndr_table_srvsvc.syntax_id);
-+ &ndr_table_srvsvc);
- if (!NT_STATUS_IS_OK(nt_status))
- return nt_status;
-
-@@ -4140,7 +4140,7 @@ static NTSTATUS rpc_share_migrate_security_internals(struct net_context *c,
-
- /* connect destination PI_SRVSVC */
- nt_status = connect_dst_pipe(c, &cli_dst, &srvsvc_pipe,
-- &ndr_table_srvsvc.syntax_id);
-+ &ndr_table_srvsvc);
- if (!NT_STATUS_IS_OK(nt_status))
- return nt_status;
-
-diff --git a/source3/utils/net_rpc_printer.c b/source3/utils/net_rpc_printer.c
-index ba34de1..1e42e6f 100644
---- a/source3/utils/net_rpc_printer.c
-+++ b/source3/utils/net_rpc_printer.c
-@@ -1578,7 +1578,7 @@ NTSTATUS rpc_printer_migrate_security_internals(struct net_context *c,
-
- /* connect destination PI_SPOOLSS */
- nt_status = connect_dst_pipe(c, &cli_dst, &pipe_hnd_dst,
-- &ndr_table_spoolss.syntax_id);
-+ &ndr_table_spoolss);
- if (!NT_STATUS_IS_OK(nt_status)) {
- return nt_status;
- }
-@@ -1730,7 +1730,7 @@ NTSTATUS rpc_printer_migrate_forms_internals(struct net_context *c,
-
- /* connect destination PI_SPOOLSS */
- nt_status = connect_dst_pipe(c, &cli_dst, &pipe_hnd_dst,
-- &ndr_table_spoolss.syntax_id);
-+ &ndr_table_spoolss);
- if (!NT_STATUS_IS_OK(nt_status)) {
- return nt_status;
- }
-@@ -1907,7 +1907,7 @@ NTSTATUS rpc_printer_migrate_drivers_internals(struct net_context *c,
- DEBUG(3,("copying printer-drivers\n"));
-
- nt_status = connect_dst_pipe(c, &cli_dst, &pipe_hnd_dst,
-- &ndr_table_spoolss.syntax_id);
-+ &ndr_table_spoolss);
- if (!NT_STATUS_IS_OK(nt_status)) {
- return nt_status;
- }
-@@ -2126,7 +2126,7 @@ NTSTATUS rpc_printer_migrate_printers_internals(struct net_context *c,
-
- /* connect destination PI_SPOOLSS */
- nt_status = connect_dst_pipe(c, &cli_dst, &pipe_hnd_dst,
-- &ndr_table_spoolss.syntax_id);
-+ &ndr_table_spoolss);
- if (!NT_STATUS_IS_OK(nt_status)) {
- return nt_status;
- }
-@@ -2301,7 +2301,7 @@ NTSTATUS rpc_printer_migrate_settings_internals(struct net_context *c,
-
- /* connect destination PI_SPOOLSS */
- nt_status = connect_dst_pipe(c, &cli_dst, &pipe_hnd_dst,
-- &ndr_table_spoolss.syntax_id);
-+ &ndr_table_spoolss);
- if (!NT_STATUS_IS_OK(nt_status)) {
- return nt_status;
- }
-diff --git a/source3/utils/net_util.c b/source3/utils/net_util.c
-index 9c4a77e..a4282ec 100644
---- a/source3/utils/net_util.c
-+++ b/source3/utils/net_util.c
-@@ -231,7 +231,7 @@ NTSTATUS connect_to_ipc_anonymous(struct net_context *c,
- **/
- NTSTATUS connect_dst_pipe(struct net_context *c, struct cli_state **cli_dst,
- struct rpc_pipe_client **pp_pipe_hnd,
-- const struct ndr_syntax_id *interface)
-+ const struct ndr_interface_table *table)
- {
- NTSTATUS nt_status;
- char *server_name = SMB_STRDUP("127.0.0.1");
-@@ -256,7 +256,7 @@ NTSTATUS connect_dst_pipe(struct net_context *c, struct cli_state **cli_dst,
- return nt_status;
- }
-
-- nt_status = cli_rpc_pipe_open_noauth(cli_tmp, interface,
-+ nt_status = cli_rpc_pipe_open_noauth(cli_tmp, &table->syntax_id,
- &pipe_hnd);
- if (!NT_STATUS_IS_OK(nt_status)) {
- DEBUG(0, ("couldn't not initialize pipe\n"));
---
-1.9.3
-
-
-From d5273069a42d7234daaf3dd043d0a6e455348385 Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?G=C3=BCnther=20Deschner?= <gd@samba.org>
-Date: Fri, 17 May 2013 16:24:42 +0200
-Subject: [PATCH 017/249] s3-rpc_cli: remove prototype of nonexisting
- cli_rpc_pipe_open_krb5().
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-Guenther
-
-Signed-off-by: Günther Deschner <gd@samba.org>
-Reviewed-by: Stefan Metzmacher <metze@samba.org>
-Reviewed-by: Andreas Schneider <asn@samba.org>
-(cherry picked from commit a1368ca6ef8ab4f158c8b303ad058835f1bbf441)
----
- source3/rpc_client/cli_pipe.h | 9 ---------
- 1 file changed, 9 deletions(-)
-
-diff --git a/source3/rpc_client/cli_pipe.h b/source3/rpc_client/cli_pipe.h
-index bf785fb..34ae542 100644
---- a/source3/rpc_client/cli_pipe.h
-+++ b/source3/rpc_client/cli_pipe.h
-@@ -131,15 +131,6 @@ NTSTATUS cli_rpc_pipe_open_schannel(struct cli_state *cli,
- const char *domain,
- struct rpc_pipe_client **presult);
-
--NTSTATUS cli_rpc_pipe_open_krb5(struct cli_state *cli,
-- const struct ndr_syntax_id *interface,
-- enum dcerpc_transport_t transport,
-- enum dcerpc_AuthLevel auth_level,
-- const char *service_princ,
-- const char *username,
-- const char *password,
-- struct rpc_pipe_client **presult);
--
- NTSTATUS cli_get_session_key(TALLOC_CTX *mem_ctx,
- struct rpc_pipe_client *cli,
- DATA_BLOB *session_key);
---
-1.9.3
-
-
-From 1a6c1ddb44aac3f201bbe2cabab10e409ffd042b Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?G=C3=BCnther=20Deschner?= <gd@samba.org>
-Date: Fri, 17 May 2013 16:08:16 +0200
-Subject: [PATCH 018/249] s3-libnetapi: pass down ndr_interface_table to
- libnetapi_get_binding_handle().
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-Guenther
-
-Signed-off-by: Günther Deschner <gd@samba.org>
-Reviewed-by: Stefan Metzmacher <metze@samba.org>
-Reviewed-by: Andreas Schneider <asn@samba.org>
-(cherry picked from commit fa37bbd9d06865d265bf554a3c49920f956f2185)
----
- source3/lib/netapi/cm.c | 4 ++--
- source3/lib/netapi/file.c | 6 +++---
- source3/lib/netapi/getdc.c | 6 +++---
- source3/lib/netapi/netapi_private.h | 3 ++-
- source3/lib/netapi/netlogon.c | 4 ++--
- source3/lib/netapi/serverinfo.c | 6 +++---
- source3/lib/netapi/share.c | 10 +++++-----
- source3/lib/netapi/shutdown.c | 4 ++--
- 8 files changed, 22 insertions(+), 21 deletions(-)
-
-diff --git a/source3/lib/netapi/cm.c b/source3/lib/netapi/cm.c
-index da3d2e1..c3ae19f 100644
---- a/source3/lib/netapi/cm.c
-+++ b/source3/lib/netapi/cm.c
-@@ -269,7 +269,7 @@ WERROR libnetapi_open_pipe(struct libnetapi_ctx *ctx,
-
- WERROR libnetapi_get_binding_handle(struct libnetapi_ctx *ctx,
- const char *server_name,
-- const struct ndr_syntax_id *interface,
-+ const struct ndr_interface_table *table,
- struct dcerpc_binding_handle **binding_handle)
- {
- struct rpc_pipe_client *pipe_cli;
-@@ -277,7 +277,7 @@ WERROR libnetapi_get_binding_handle(struct libnetapi_ctx *ctx,
-
- *binding_handle = NULL;
-
-- result = libnetapi_open_pipe(ctx, server_name, interface, &pipe_cli);
-+ result = libnetapi_open_pipe(ctx, server_name, &table->syntax_id, &pipe_cli);
- if (!W_ERROR_IS_OK(result)) {
- return result;
- }
-diff --git a/source3/lib/netapi/file.c b/source3/lib/netapi/file.c
-index 1e406d2..551f9ff 100644
---- a/source3/lib/netapi/file.c
-+++ b/source3/lib/netapi/file.c
-@@ -36,7 +36,7 @@ WERROR NetFileClose_r(struct libnetapi_ctx *ctx,
- struct dcerpc_binding_handle *b;
-
- werr = libnetapi_get_binding_handle(ctx, r->in.server_name,
-- &ndr_table_srvsvc.syntax_id,
-+ &ndr_table_srvsvc,
- &b);
- if (!W_ERROR_IS_OK(werr)) {
- goto done;
-@@ -130,7 +130,7 @@ WERROR NetFileGetInfo_r(struct libnetapi_ctx *ctx,
- }
-
- werr = libnetapi_get_binding_handle(ctx, r->in.server_name,
-- &ndr_table_srvsvc.syntax_id,
-+ &ndr_table_srvsvc,
- &b);
- if (!W_ERROR_IS_OK(werr)) {
- goto done;
-@@ -201,7 +201,7 @@ WERROR NetFileEnum_r(struct libnetapi_ctx *ctx,
- }
-
- werr = libnetapi_get_binding_handle(ctx, r->in.server_name,
-- &ndr_table_srvsvc.syntax_id,
-+ &ndr_table_srvsvc,
- &b);
- if (!W_ERROR_IS_OK(werr)) {
- goto done;
-diff --git a/source3/lib/netapi/getdc.c b/source3/lib/netapi/getdc.c
-index 3b26d46..ae976f1 100644
---- a/source3/lib/netapi/getdc.c
-+++ b/source3/lib/netapi/getdc.c
-@@ -47,7 +47,7 @@ WERROR NetGetDCName_r(struct libnetapi_ctx *ctx,
- void *buffer;
-
- werr = libnetapi_get_binding_handle(ctx, r->in.server_name,
-- &ndr_table_netlogon.syntax_id,
-+ &ndr_table_netlogon,
- &b);
- if (!W_ERROR_IS_OK(werr)) {
- goto done;
-@@ -101,7 +101,7 @@ WERROR NetGetAnyDCName_r(struct libnetapi_ctx *ctx,
- void *buffer;
-
- werr = libnetapi_get_binding_handle(ctx, r->in.server_name,
-- &ndr_table_netlogon.syntax_id,
-+ &ndr_table_netlogon,
- &b);
- if (!W_ERROR_IS_OK(werr)) {
- goto done;
-@@ -173,7 +173,7 @@ WERROR DsGetDcName_r(struct libnetapi_ctx *ctx,
- struct dcerpc_binding_handle *b;
-
- werr = libnetapi_get_binding_handle(ctx, r->in.server_name,
-- &ndr_table_netlogon.syntax_id,
-+ &ndr_table_netlogon,
- &b);
- if (!W_ERROR_IS_OK(werr)) {
- goto done;
-diff --git a/source3/lib/netapi/netapi_private.h b/source3/lib/netapi/netapi_private.h
-index 349287b..62aa7ef 100644
---- a/source3/lib/netapi/netapi_private.h
-+++ b/source3/lib/netapi/netapi_private.h
-@@ -30,6 +30,7 @@
- return fn ## _r(ctx, r);
-
- struct dcerpc_binding_handle;
-+struct ndr_interface_table;
-
- struct libnetapi_private_ctx {
- struct {
-@@ -64,7 +65,7 @@ WERROR libnetapi_open_pipe(struct libnetapi_ctx *ctx,
- struct rpc_pipe_client **presult);
- WERROR libnetapi_get_binding_handle(struct libnetapi_ctx *ctx,
- const char *server_name,
-- const struct ndr_syntax_id *interface,
-+ const struct ndr_interface_table *table,
- struct dcerpc_binding_handle **binding_handle);
- WERROR libnetapi_samr_open_domain(struct libnetapi_ctx *mem_ctx,
- struct rpc_pipe_client *pipe_cli,
-diff --git a/source3/lib/netapi/netlogon.c b/source3/lib/netapi/netlogon.c
-index a046fb7..136cb48 100644
---- a/source3/lib/netapi/netlogon.c
-+++ b/source3/lib/netapi/netlogon.c
-@@ -133,7 +133,7 @@ WERROR I_NetLogonControl_r(struct libnetapi_ctx *ctx,
- struct dcerpc_binding_handle *b;
-
- werr = libnetapi_get_binding_handle(ctx, r->in.server_name,
-- &ndr_table_netlogon.syntax_id,
-+ &ndr_table_netlogon,
- &b);
- if (!W_ERROR_IS_OK(werr)) {
- goto done;
-@@ -190,7 +190,7 @@ WERROR I_NetLogonControl2_r(struct libnetapi_ctx *ctx,
- }
-
- werr = libnetapi_get_binding_handle(ctx, r->in.server_name,
-- &ndr_table_netlogon.syntax_id,
-+ &ndr_table_netlogon,
- &b);
- if (!W_ERROR_IS_OK(werr)) {
- goto done;
-diff --git a/source3/lib/netapi/serverinfo.c b/source3/lib/netapi/serverinfo.c
-index 046b693..b2a84d1 100644
---- a/source3/lib/netapi/serverinfo.c
-+++ b/source3/lib/netapi/serverinfo.c
-@@ -503,7 +503,7 @@ WERROR NetServerGetInfo_r(struct libnetapi_ctx *ctx,
- }
-
- werr = libnetapi_get_binding_handle(ctx, r->in.server_name,
-- &ndr_table_srvsvc.syntax_id,
-+ &ndr_table_srvsvc,
- &b);
- if (!W_ERROR_IS_OK(werr)) {
- goto done;
-@@ -616,7 +616,7 @@ WERROR NetServerSetInfo_r(struct libnetapi_ctx *ctx,
- struct dcerpc_binding_handle *b;
-
- werr = libnetapi_get_binding_handle(ctx, r->in.server_name,
-- &ndr_table_srvsvc.syntax_id,
-+ &ndr_table_srvsvc,
- &b);
- if (!W_ERROR_IS_OK(werr)) {
- goto done;
-@@ -658,7 +658,7 @@ WERROR NetRemoteTOD_r(struct libnetapi_ctx *ctx,
- struct dcerpc_binding_handle *b;
-
- werr = libnetapi_get_binding_handle(ctx, r->in.server_name,
-- &ndr_table_srvsvc.syntax_id,
-+ &ndr_table_srvsvc,
- &b);
- if (!W_ERROR_IS_OK(werr)) {
- goto done;
-diff --git a/source3/lib/netapi/share.c b/source3/lib/netapi/share.c
-index d12fa1c..090e1a9 100644
---- a/source3/lib/netapi/share.c
-+++ b/source3/lib/netapi/share.c
-@@ -200,7 +200,7 @@ WERROR NetShareAdd_r(struct libnetapi_ctx *ctx,
- }
-
- werr = libnetapi_get_binding_handle(ctx, r->in.server_name,
-- &ndr_table_srvsvc.syntax_id,
-+ &ndr_table_srvsvc,
- &b);
- if (!W_ERROR_IS_OK(werr)) {
- goto done;
-@@ -258,7 +258,7 @@ WERROR NetShareDel_r(struct libnetapi_ctx *ctx,
- }
-
- werr = libnetapi_get_binding_handle(ctx, r->in.server_name,
-- &ndr_table_srvsvc.syntax_id,
-+ &ndr_table_srvsvc,
- &b);
- if (!W_ERROR_IS_OK(werr)) {
- goto done;
-@@ -321,7 +321,7 @@ WERROR NetShareEnum_r(struct libnetapi_ctx *ctx,
- ZERO_STRUCT(info_ctr);
-
- werr = libnetapi_get_binding_handle(ctx, r->in.server_name,
-- &ndr_table_srvsvc.syntax_id,
-+ &ndr_table_srvsvc,
- &b);
- if (!W_ERROR_IS_OK(werr)) {
- goto done;
-@@ -428,7 +428,7 @@ WERROR NetShareGetInfo_r(struct libnetapi_ctx *ctx,
- }
-
- werr = libnetapi_get_binding_handle(ctx, r->in.server_name,
-- &ndr_table_srvsvc.syntax_id,
-+ &ndr_table_srvsvc,
- &b);
- if (!W_ERROR_IS_OK(werr)) {
- goto done;
-@@ -502,7 +502,7 @@ WERROR NetShareSetInfo_r(struct libnetapi_ctx *ctx,
- }
-
- werr = libnetapi_get_binding_handle(ctx, r->in.server_name,
-- &ndr_table_srvsvc.syntax_id,
-+ &ndr_table_srvsvc,
- &b);
- if (!W_ERROR_IS_OK(werr)) {
- goto done;
-diff --git a/source3/lib/netapi/shutdown.c b/source3/lib/netapi/shutdown.c
-index 78bc2fc..9e1e8e1 100644
---- a/source3/lib/netapi/shutdown.c
-+++ b/source3/lib/netapi/shutdown.c
-@@ -38,7 +38,7 @@ WERROR NetShutdownInit_r(struct libnetapi_ctx *ctx,
- struct dcerpc_binding_handle *b;
-
- werr = libnetapi_get_binding_handle(ctx, r->in.server_name,
-- &ndr_table_initshutdown.syntax_id,
-+ &ndr_table_initshutdown,
- &b);
- if (!W_ERROR_IS_OK(werr)) {
- goto done;
-@@ -82,7 +82,7 @@ WERROR NetShutdownAbort_r(struct libnetapi_ctx *ctx,
- struct dcerpc_binding_handle *b;
-
- werr = libnetapi_get_binding_handle(ctx, r->in.server_name,
-- &ndr_table_initshutdown.syntax_id,
-+ &ndr_table_initshutdown,
- &b);
- if (!W_ERROR_IS_OK(werr)) {
- goto done;
---
-1.9.3
-
-
-From e25e7bfe15bdb89a9680708c27b50e14a8a86ca3 Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?G=C3=BCnther=20Deschner?= <gd@samba.org>
-Date: Fri, 17 May 2013 16:10:13 +0200
-Subject: [PATCH 019/249] s3-libnetapi: pass down ndr_interface_table to
- libnetapi_open_pipe().
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-Guenther
-
-Signed-off-by: Günther Deschner <gd@samba.org>
-Reviewed-by: Stefan Metzmacher <metze@samba.org>
-Reviewed-by: Andreas Schneider <asn@samba.org>
-(cherry picked from commit 77f7f2a976e5b95f3bd9f542b92926adee4f5fa6)
----
- source3/lib/netapi/cm.c | 8 ++++----
- source3/lib/netapi/group.c | 18 +++++++++---------
- source3/lib/netapi/joindomain.c | 10 +++++-----
- source3/lib/netapi/localgroup.c | 14 +++++++-------
- source3/lib/netapi/netapi_private.h | 2 +-
- source3/lib/netapi/user.c | 22 +++++++++++-----------
- 6 files changed, 37 insertions(+), 37 deletions(-)
-
-diff --git a/source3/lib/netapi/cm.c b/source3/lib/netapi/cm.c
-index c3ae19f..dd1f1e3 100644
---- a/source3/lib/netapi/cm.c
-+++ b/source3/lib/netapi/cm.c
-@@ -234,7 +234,7 @@ static NTSTATUS pipe_cm_open(TALLOC_CTX *ctx,
-
- WERROR libnetapi_open_pipe(struct libnetapi_ctx *ctx,
- const char *server_name,
-- const struct ndr_syntax_id *interface,
-+ const struct ndr_interface_table *table,
- struct rpc_pipe_client **presult)
- {
- struct rpc_pipe_client *result = NULL;
-@@ -251,10 +251,10 @@ WERROR libnetapi_open_pipe(struct libnetapi_ctx *ctx,
- return werr;
- }
-
-- status = pipe_cm_open(ctx, ipc, interface, &result);
-+ status = pipe_cm_open(ctx, ipc, &table->syntax_id, &result);
- if (!NT_STATUS_IS_OK(status)) {
- libnetapi_set_error_string(ctx, "failed to open PIPE %s: %s",
-- get_pipe_name_from_syntax(talloc_tos(), interface),
-+ get_pipe_name_from_syntax(talloc_tos(), &table->syntax_id),
- get_friendly_nt_error_msg(status));
- return WERR_DEST_NOT_FOUND;
- }
-@@ -277,7 +277,7 @@ WERROR libnetapi_get_binding_handle(struct libnetapi_ctx *ctx,
-
- *binding_handle = NULL;
-
-- result = libnetapi_open_pipe(ctx, server_name, &table->syntax_id, &pipe_cli);
-+ result = libnetapi_open_pipe(ctx, server_name, table, &pipe_cli);
- if (!W_ERROR_IS_OK(result)) {
- return result;
- }
-diff --git a/source3/lib/netapi/group.c b/source3/lib/netapi/group.c
-index b806fc4..6d9b248 100644
---- a/source3/lib/netapi/group.c
-+++ b/source3/lib/netapi/group.c
-@@ -76,7 +76,7 @@ WERROR NetGroupAdd_r(struct libnetapi_ctx *ctx,
- }
-
- werr = libnetapi_open_pipe(ctx, r->in.server_name,
-- &ndr_table_samr.syntax_id,
-+ &ndr_table_samr,
- &pipe_cli);
- if (!W_ERROR_IS_OK(werr)) {
- goto done;
-@@ -272,7 +272,7 @@ WERROR NetGroupDel_r(struct libnetapi_ctx *ctx,
- }
-
- werr = libnetapi_open_pipe(ctx, r->in.server_name,
-- &ndr_table_samr.syntax_id,
-+ &ndr_table_samr,
- &pipe_cli);
- if (!W_ERROR_IS_OK(werr)) {
- goto done;
-@@ -492,7 +492,7 @@ WERROR NetGroupSetInfo_r(struct libnetapi_ctx *ctx,
- }
-
- werr = libnetapi_open_pipe(ctx, r->in.server_name,
-- &ndr_table_samr.syntax_id,
-+ &ndr_table_samr,
- &pipe_cli);
- if (!W_ERROR_IS_OK(werr)) {
- goto done;
-@@ -770,7 +770,7 @@ WERROR NetGroupGetInfo_r(struct libnetapi_ctx *ctx,
- }
-
- werr = libnetapi_open_pipe(ctx, r->in.server_name,
-- &ndr_table_samr.syntax_id,
-+ &ndr_table_samr,
- &pipe_cli);
- if (!W_ERROR_IS_OK(werr)) {
- goto done;
-@@ -918,7 +918,7 @@ WERROR NetGroupAddUser_r(struct libnetapi_ctx *ctx,
- }
-
- werr = libnetapi_open_pipe(ctx, r->in.server_name,
-- &ndr_table_samr.syntax_id,
-+ &ndr_table_samr,
- &pipe_cli);
- if (!W_ERROR_IS_OK(werr)) {
- goto done;
-@@ -1078,7 +1078,7 @@ WERROR NetGroupDelUser_r(struct libnetapi_ctx *ctx,
- }
-
- werr = libnetapi_open_pipe(ctx, r->in.server_name,
-- &ndr_table_samr.syntax_id,
-+ &ndr_table_samr,
- &pipe_cli);
- if (!W_ERROR_IS_OK(werr)) {
- goto done;
-@@ -1397,7 +1397,7 @@ WERROR NetGroupEnum_r(struct libnetapi_ctx *ctx,
- }
-
- werr = libnetapi_open_pipe(ctx, r->in.server_name,
-- &ndr_table_samr.syntax_id,
-+ &ndr_table_samr,
- &pipe_cli);
- if (!W_ERROR_IS_OK(werr)) {
- goto done;
-@@ -1544,7 +1544,7 @@ WERROR NetGroupGetUsers_r(struct libnetapi_ctx *ctx,
-
-
- werr = libnetapi_open_pipe(ctx, r->in.server_name,
-- &ndr_table_samr.syntax_id,
-+ &ndr_table_samr,
- &pipe_cli);
- if (!W_ERROR_IS_OK(werr)) {
- goto done;
-@@ -1736,7 +1736,7 @@ WERROR NetGroupSetUsers_r(struct libnetapi_ctx *ctx,
- }
-
- werr = libnetapi_open_pipe(ctx, r->in.server_name,
-- &ndr_table_samr.syntax_id,
-+ &ndr_table_samr,
- &pipe_cli);
- if (!W_ERROR_IS_OK(werr)) {
- goto done;
-diff --git a/source3/lib/netapi/joindomain.c b/source3/lib/netapi/joindomain.c
-index b6fb57a..d8e624f 100644
---- a/source3/lib/netapi/joindomain.c
-+++ b/source3/lib/netapi/joindomain.c
-@@ -116,7 +116,7 @@ WERROR NetJoinDomain_r(struct libnetapi_ctx *ctx,
- DATA_BLOB session_key;
-
- werr = libnetapi_open_pipe(ctx, r->in.server,
-- &ndr_table_wkssvc.syntax_id,
-+ &ndr_table_wkssvc,
- &pipe_cli);
- if (!W_ERROR_IS_OK(werr)) {
- goto done;
-@@ -257,7 +257,7 @@ WERROR NetUnjoinDomain_r(struct libnetapi_ctx *ctx,
- DATA_BLOB session_key;
-
- werr = libnetapi_open_pipe(ctx, r->in.server_name,
-- &ndr_table_wkssvc.syntax_id,
-+ &ndr_table_wkssvc,
- &pipe_cli);
- if (!W_ERROR_IS_OK(werr)) {
- goto done;
-@@ -313,7 +313,7 @@ WERROR NetGetJoinInformation_r(struct libnetapi_ctx *ctx,
- struct dcerpc_binding_handle *b;
-
- werr = libnetapi_open_pipe(ctx, r->in.server_name,
-- &ndr_table_wkssvc.syntax_id,
-+ &ndr_table_wkssvc,
- &pipe_cli);
- if (!W_ERROR_IS_OK(werr)) {
- goto done;
-@@ -455,7 +455,7 @@ WERROR NetGetJoinableOUs_r(struct libnetapi_ctx *ctx,
- DATA_BLOB session_key;
-
- werr = libnetapi_open_pipe(ctx, r->in.server_name,
-- &ndr_table_wkssvc.syntax_id,
-+ &ndr_table_wkssvc,
- &pipe_cli);
- if (!W_ERROR_IS_OK(werr)) {
- goto done;
-@@ -508,7 +508,7 @@ WERROR NetRenameMachineInDomain_r(struct libnetapi_ctx *ctx,
- DATA_BLOB session_key;
-
- werr = libnetapi_open_pipe(ctx, r->in.server_name,
-- &ndr_table_wkssvc.syntax_id,
-+ &ndr_table_wkssvc,
- &pipe_cli);
- if (!W_ERROR_IS_OK(werr)) {
- goto done;
-diff --git a/source3/lib/netapi/localgroup.c b/source3/lib/netapi/localgroup.c
-index 17cab68..241970d 100644
---- a/source3/lib/netapi/localgroup.c
-+++ b/source3/lib/netapi/localgroup.c
-@@ -185,7 +185,7 @@ WERROR NetLocalGroupAdd_r(struct libnetapi_ctx *ctx,
- }
-
- werr = libnetapi_open_pipe(ctx, r->in.server_name,
-- &ndr_table_samr.syntax_id,
-+ &ndr_table_samr,
- &pipe_cli);
- if (!W_ERROR_IS_OK(werr)) {
- goto done;
-@@ -319,7 +319,7 @@ WERROR NetLocalGroupDel_r(struct libnetapi_ctx *ctx,
- ZERO_STRUCT(alias_handle);
-
- werr = libnetapi_open_pipe(ctx, r->in.server_name,
-- &ndr_table_samr.syntax_id,
-+ &ndr_table_samr,
- &pipe_cli);
- if (!W_ERROR_IS_OK(werr)) {
- goto done;
-@@ -499,7 +499,7 @@ WERROR NetLocalGroupGetInfo_r(struct libnetapi_ctx *ctx,
- ZERO_STRUCT(alias_handle);
-
- werr = libnetapi_open_pipe(ctx, r->in.server_name,
-- &ndr_table_samr.syntax_id,
-+ &ndr_table_samr,
- &pipe_cli);
- if (!W_ERROR_IS_OK(werr)) {
- goto done;
-@@ -678,7 +678,7 @@ WERROR NetLocalGroupSetInfo_r(struct libnetapi_ctx *ctx,
- ZERO_STRUCT(alias_handle);
-
- werr = libnetapi_open_pipe(ctx, r->in.server_name,
-- &ndr_table_samr.syntax_id,
-+ &ndr_table_samr,
- &pipe_cli);
- if (!W_ERROR_IS_OK(werr)) {
- goto done;
-@@ -828,7 +828,7 @@ WERROR NetLocalGroupEnum_r(struct libnetapi_ctx *ctx,
- ZERO_STRUCT(alias_handle);
-
- werr = libnetapi_open_pipe(ctx, r->in.server_name,
-- &ndr_table_samr.syntax_id,
-+ &ndr_table_samr,
- &pipe_cli);
- if (!W_ERROR_IS_OK(werr)) {
- goto done;
-@@ -1141,7 +1141,7 @@ static WERROR NetLocalGroupModifyMembers_r(struct libnetapi_ctx *ctx,
-
- if (r->in.level == 3) {
- werr = libnetapi_open_pipe(ctx, r->in.server_name,
-- &ndr_table_lsarpc.syntax_id,
-+ &ndr_table_lsarpc,
- &lsa_pipe);
- if (!W_ERROR_IS_OK(werr)) {
- goto done;
-@@ -1160,7 +1160,7 @@ static WERROR NetLocalGroupModifyMembers_r(struct libnetapi_ctx *ctx,
- }
-
- werr = libnetapi_open_pipe(ctx, r->in.server_name,
-- &ndr_table_samr.syntax_id,
-+ &ndr_table_samr,
- &pipe_cli);
- if (!W_ERROR_IS_OK(werr)) {
- goto done;
-diff --git a/source3/lib/netapi/netapi_private.h b/source3/lib/netapi/netapi_private.h
-index 62aa7ef..897cf3d 100644
---- a/source3/lib/netapi/netapi_private.h
-+++ b/source3/lib/netapi/netapi_private.h
-@@ -61,7 +61,7 @@ NET_API_STATUS libnetapi_get_debuglevel(struct libnetapi_ctx *ctx, char **debugl
- WERROR libnetapi_shutdown_cm(struct libnetapi_ctx *ctx);
- WERROR libnetapi_open_pipe(struct libnetapi_ctx *ctx,
- const char *server_name,
-- const struct ndr_syntax_id *interface,
-+ const struct ndr_interface_table *table,
- struct rpc_pipe_client **presult);
- WERROR libnetapi_get_binding_handle(struct libnetapi_ctx *ctx,
- const char *server_name,
-diff --git a/source3/lib/netapi/user.c b/source3/lib/netapi/user.c
-index a971e2d..4a39f69 100644
---- a/source3/lib/netapi/user.c
-+++ b/source3/lib/netapi/user.c
-@@ -400,7 +400,7 @@ WERROR NetUserAdd_r(struct libnetapi_ctx *ctx,
- }
-
- werr = libnetapi_open_pipe(ctx, r->in.server_name,
-- &ndr_table_samr.syntax_id,
-+ &ndr_table_samr,
- &pipe_cli);
- if (!W_ERROR_IS_OK(werr)) {
- goto done;
-@@ -552,7 +552,7 @@ WERROR NetUserDel_r(struct libnetapi_ctx *ctx,
- ZERO_STRUCT(user_handle);
-
- werr = libnetapi_open_pipe(ctx, r->in.server_name,
-- &ndr_table_samr.syntax_id,
-+ &ndr_table_samr,
- &pipe_cli);
-
- if (!W_ERROR_IS_OK(werr)) {
-@@ -1322,7 +1322,7 @@ WERROR NetUserEnum_r(struct libnetapi_ctx *ctx,
- }
-
- werr = libnetapi_open_pipe(ctx, r->in.server_name,
-- &ndr_table_samr.syntax_id,
-+ &ndr_table_samr,
- &pipe_cli);
- if (!W_ERROR_IS_OK(werr)) {
- goto done;
-@@ -1630,7 +1630,7 @@ WERROR NetQueryDisplayInformation_r(struct libnetapi_ctx *ctx,
- }
-
- werr = libnetapi_open_pipe(ctx, r->in.server_name,
-- &ndr_table_samr.syntax_id,
-+ &ndr_table_samr,
- &pipe_cli);
- if (!W_ERROR_IS_OK(werr)) {
- goto done;
-@@ -1764,7 +1764,7 @@ WERROR NetUserGetInfo_r(struct libnetapi_ctx *ctx,
- }
-
- werr = libnetapi_open_pipe(ctx, r->in.server_name,
-- &ndr_table_samr.syntax_id,
-+ &ndr_table_samr,
- &pipe_cli);
- if (!W_ERROR_IS_OK(werr)) {
- goto done;
-@@ -1936,7 +1936,7 @@ WERROR NetUserSetInfo_r(struct libnetapi_ctx *ctx,
- }
-
- werr = libnetapi_open_pipe(ctx, r->in.server_name,
-- &ndr_table_samr.syntax_id,
-+ &ndr_table_samr,
- &pipe_cli);
- if (!W_ERROR_IS_OK(werr)) {
- goto done;
-@@ -2395,7 +2395,7 @@ WERROR NetUserModalsGet_r(struct libnetapi_ctx *ctx,
- }
-
- werr = libnetapi_open_pipe(ctx, r->in.server_name,
-- &ndr_table_samr.syntax_id,
-+ &ndr_table_samr,
- &pipe_cli);
- if (!W_ERROR_IS_OK(werr)) {
- goto done;
-@@ -2880,7 +2880,7 @@ WERROR NetUserModalsSet_r(struct libnetapi_ctx *ctx,
- }
-
- werr = libnetapi_open_pipe(ctx, r->in.server_name,
-- &ndr_table_samr.syntax_id,
-+ &ndr_table_samr,
- &pipe_cli);
- if (!W_ERROR_IS_OK(werr)) {
- goto done;
-@@ -3015,7 +3015,7 @@ WERROR NetUserGetGroups_r(struct libnetapi_ctx *ctx,
- }
-
- werr = libnetapi_open_pipe(ctx, r->in.server_name,
-- &ndr_table_samr.syntax_id,
-+ &ndr_table_samr,
- &pipe_cli);
- if (!W_ERROR_IS_OK(werr)) {
- goto done;
-@@ -3206,7 +3206,7 @@ WERROR NetUserSetGroups_r(struct libnetapi_ctx *ctx,
- }
-
- werr = libnetapi_open_pipe(ctx, r->in.server_name,
-- &ndr_table_samr.syntax_id,
-+ &ndr_table_samr,
- &pipe_cli);
- if (!W_ERROR_IS_OK(werr)) {
- goto done;
-@@ -3547,7 +3547,7 @@ WERROR NetUserGetLocalGroups_r(struct libnetapi_ctx *ctx,
- }
-
- werr = libnetapi_open_pipe(ctx, r->in.server_name,
-- &ndr_table_samr.syntax_id,
-+ &ndr_table_samr,
- &pipe_cli);
- if (!W_ERROR_IS_OK(werr)) {
- goto done;
---
-1.9.3
-
-
-From 4157ba43258373cd995b2ee74dcd4d65782dc2ea Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?G=C3=BCnther=20Deschner?= <gd@samba.org>
-Date: Fri, 17 May 2013 16:13:26 +0200
-Subject: [PATCH 020/249] s3-libnetapi: pass down ndr_interface_table to
- pipe_cm() and friends.
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-Guenther
-
-Signed-off-by: Günther Deschner <gd@samba.org>
-Reviewed-by: Stefan Metzmacher <metze@samba.org>
-Reviewed-by: Andreas Schneider <asn@samba.org>
-(cherry picked from commit 0ce2178f2ffeaee324c7e8fef7c87727def7bd77)
----
- source3/lib/netapi/cm.c | 16 ++++++++--------
- 1 file changed, 8 insertions(+), 8 deletions(-)
-
-diff --git a/source3/lib/netapi/cm.c b/source3/lib/netapi/cm.c
-index dd1f1e3..8551521 100644
---- a/source3/lib/netapi/cm.c
-+++ b/source3/lib/netapi/cm.c
-@@ -161,7 +161,7 @@ WERROR libnetapi_shutdown_cm(struct libnetapi_ctx *ctx)
- ********************************************************************/
-
- static NTSTATUS pipe_cm_find(struct client_ipc_connection *ipc,
-- const struct ndr_syntax_id *interface,
-+ const struct ndr_interface_table *table,
- struct rpc_pipe_client **presult)
- {
- struct client_pipe_connection *p;
-@@ -177,7 +177,7 @@ static NTSTATUS pipe_cm_find(struct client_ipc_connection *ipc,
-
- if (strequal(ipc_remote_name, p->pipe->desthost)
- && ndr_syntax_id_equal(&p->pipe->abstract_syntax,
-- interface)) {
-+ &table->syntax_id)) {
- *presult = p->pipe;
- return NT_STATUS_OK;
- }
-@@ -191,7 +191,7 @@ static NTSTATUS pipe_cm_find(struct client_ipc_connection *ipc,
-
- static NTSTATUS pipe_cm_connect(TALLOC_CTX *mem_ctx,
- struct client_ipc_connection *ipc,
-- const struct ndr_syntax_id *interface,
-+ const struct ndr_interface_table *table,
- struct rpc_pipe_client **presult)
- {
- struct client_pipe_connection *p;
-@@ -202,7 +202,7 @@ static NTSTATUS pipe_cm_connect(TALLOC_CTX *mem_ctx,
- return NT_STATUS_NO_MEMORY;
- }
-
-- status = cli_rpc_pipe_open_noauth(ipc->cli, interface, &p->pipe);
-+ status = cli_rpc_pipe_open_noauth(ipc->cli, &table->syntax_id, &p->pipe);
- if (!NT_STATUS_IS_OK(status)) {
- TALLOC_FREE(p);
- return status;
-@@ -219,14 +219,14 @@ static NTSTATUS pipe_cm_connect(TALLOC_CTX *mem_ctx,
-
- static NTSTATUS pipe_cm_open(TALLOC_CTX *ctx,
- struct client_ipc_connection *ipc,
-- const struct ndr_syntax_id *interface,
-+ const struct ndr_interface_table *table,
- struct rpc_pipe_client **presult)
- {
-- if (NT_STATUS_IS_OK(pipe_cm_find(ipc, interface, presult))) {
-+ if (NT_STATUS_IS_OK(pipe_cm_find(ipc, table, presult))) {
- return NT_STATUS_OK;
- }
-
-- return pipe_cm_connect(ctx, ipc, interface, presult);
-+ return pipe_cm_connect(ctx, ipc, table, presult);
- }
-
- /********************************************************************
-@@ -251,7 +251,7 @@ WERROR libnetapi_open_pipe(struct libnetapi_ctx *ctx,
- return werr;
- }
-
-- status = pipe_cm_open(ctx, ipc, &table->syntax_id, &result);
-+ status = pipe_cm_open(ctx, ipc, table, &result);
- if (!NT_STATUS_IS_OK(status)) {
- libnetapi_set_error_string(ctx, "failed to open PIPE %s: %s",
- get_pipe_name_from_syntax(talloc_tos(), &table->syntax_id),
---
-1.9.3
-
-
-From ec8ba2a371ce4c4cc14d04e852034dcd92862542 Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?G=C3=BCnther=20Deschner?= <gd@samba.org>
-Date: Fri, 17 May 2013 16:16:59 +0200
-Subject: [PATCH 021/249] s3-rpc_cli: pass down ndr_interface_table to
- rpc_pipe_open_ncalrpc().
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-Guenther
-
-Signed-off-by: Günther Deschner <gd@samba.org>
-Reviewed-by: Stefan Metzmacher <metze@samba.org>
-Reviewed-by: Andreas Schneider <asn@samba.org>
-(cherry picked from commit 9b4fb5b074b035eaef98c4a463c9d68006ed52da)
----
- source3/librpc/rpc/dcerpc_ep.c | 2 +-
- source3/rpc_client/cli_pipe.c | 4 ++--
- source3/rpc_client/cli_pipe.h | 2 +-
- 3 files changed, 4 insertions(+), 4 deletions(-)
-
-diff --git a/source3/librpc/rpc/dcerpc_ep.c b/source3/librpc/rpc/dcerpc_ep.c
-index bb080c5..410caa7 100644
---- a/source3/librpc/rpc/dcerpc_ep.c
-+++ b/source3/librpc/rpc/dcerpc_ep.c
-@@ -365,7 +365,7 @@ static NTSTATUS ep_register(TALLOC_CTX *mem_ctx,
-
- status = rpc_pipe_open_ncalrpc(tmp_ctx,
- ncalrpc_sock,
-- &ndr_table_epmapper.syntax_id,
-+ &ndr_table_epmapper,
- &cli);
- if (!NT_STATUS_IS_OK(status)) {
- goto done;
-diff --git a/source3/rpc_client/cli_pipe.c b/source3/rpc_client/cli_pipe.c
-index 385ae25..427b628 100644
---- a/source3/rpc_client/cli_pipe.c
-+++ b/source3/rpc_client/cli_pipe.c
-@@ -2682,7 +2682,7 @@ NTSTATUS rpc_pipe_open_tcp(TALLOC_CTX *mem_ctx, const char *host,
- Create a rpc pipe client struct, connecting to a unix domain socket
- ********************************************************************/
- NTSTATUS rpc_pipe_open_ncalrpc(TALLOC_CTX *mem_ctx, const char *socket_path,
-- const struct ndr_syntax_id *abstract_syntax,
-+ const struct ndr_interface_table *table,
- struct rpc_pipe_client **presult)
- {
- struct rpc_pipe_client *result;
-@@ -2696,7 +2696,7 @@ NTSTATUS rpc_pipe_open_ncalrpc(TALLOC_CTX *mem_ctx, const char *socket_path,
- return NT_STATUS_NO_MEMORY;
- }
-
-- result->abstract_syntax = *abstract_syntax;
-+ result->abstract_syntax = table->syntax_id;
- result->transfer_syntax = ndr_transfer_syntax_ndr;
-
- result->desthost = get_myname(result);
-diff --git a/source3/rpc_client/cli_pipe.h b/source3/rpc_client/cli_pipe.h
-index 34ae542..3415db0 100644
---- a/source3/rpc_client/cli_pipe.h
-+++ b/source3/rpc_client/cli_pipe.h
-@@ -71,7 +71,7 @@ NTSTATUS rpc_pipe_open_tcp(TALLOC_CTX *mem_ctx,
- struct rpc_pipe_client **presult);
-
- NTSTATUS rpc_pipe_open_ncalrpc(TALLOC_CTX *mem_ctx, const char *socket_path,
-- const struct ndr_syntax_id *abstract_syntax,
-+ const struct ndr_interface_table *table,
- struct rpc_pipe_client **presult);
-
- struct dcerpc_binding_handle *rpccli_bh_create(struct rpc_pipe_client *c);
---
-1.9.3
-
-
-From 816b7983c2342ea500e7467f2ab6c04dff89308f Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?G=C3=BCnther=20Deschner?= <gd@samba.org>
-Date: Fri, 17 May 2013 16:44:05 +0200
-Subject: [PATCH 022/249] s3-rpc_cli: pass down ndr_interface_table to
- rpc_pipe_open_interface().
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-Guenther
-
-Signed-off-by: Günther Deschner <gd@samba.org>
-Reviewed-by: Stefan Metzmacher <metze@samba.org>
-Reviewed-by: Andreas Schneider <asn@samba.org>
-(cherry picked from commit 6886cff0a7e97864e9094af936cbef08a3c8f6f4)
----
- source3/printing/nt_printing_migrate_internal.c | 2 +-
- source3/printing/printspoolss.c | 4 +--
- source3/rpc_server/rpc_ncacn_np.c | 8 +++---
- source3/rpc_server/rpc_ncacn_np.h | 2 +-
- source3/smbd/lanman.c | 34 ++++++++++++-------------
- source3/smbd/reply.c | 2 +-
- 6 files changed, 26 insertions(+), 26 deletions(-)
-
-diff --git a/source3/printing/nt_printing_migrate_internal.c b/source3/printing/nt_printing_migrate_internal.c
-index 200db07f..6bc7ea2 100644
---- a/source3/printing/nt_printing_migrate_internal.c
-+++ b/source3/printing/nt_printing_migrate_internal.c
-@@ -211,7 +211,7 @@ bool nt_printing_tdb_migrate(struct messaging_context *msg_ctx)
- }
-
- status = rpc_pipe_open_interface(tmp_ctx,
-- &ndr_table_winreg.syntax_id,
-+ &ndr_table_winreg,
- session_info,
- NULL,
- msg_ctx,
-diff --git a/source3/printing/printspoolss.c b/source3/printing/printspoolss.c
-index fc1e9c1..0507e83 100644
---- a/source3/printing/printspoolss.c
-+++ b/source3/printing/printspoolss.c
-@@ -154,7 +154,7 @@ NTSTATUS print_spool_open(files_struct *fsp,
- * a job id */
-
- status = rpc_pipe_open_interface(fsp->conn,
-- &ndr_table_spoolss.syntax_id,
-+ &ndr_table_spoolss,
- fsp->conn->session_info,
- fsp->conn->sconn->remote_address,
- fsp->conn->sconn->msg_ctx,
-@@ -343,7 +343,7 @@ void print_spool_terminate(struct connection_struct *conn,
- rap_jobid_delete(print_file->svcname, print_file->jobid);
-
- status = rpc_pipe_open_interface(conn,
-- &ndr_table_spoolss.syntax_id,
-+ &ndr_table_spoolss,
- conn->session_info,
- conn->sconn->remote_address,
- conn->sconn->msg_ctx,
-diff --git a/source3/rpc_server/rpc_ncacn_np.c b/source3/rpc_server/rpc_ncacn_np.c
-index b4602a9..7389b3e 100644
---- a/source3/rpc_server/rpc_ncacn_np.c
-+++ b/source3/rpc_server/rpc_ncacn_np.c
-@@ -758,7 +758,7 @@ done:
- */
-
- NTSTATUS rpc_pipe_open_interface(TALLOC_CTX *mem_ctx,
-- const struct ndr_syntax_id *syntax,
-+ const struct ndr_interface_table *table,
- const struct auth_session_info *session_info,
- const struct tsocket_address *remote_address,
- struct messaging_context *msg_ctx,
-@@ -783,7 +783,7 @@ NTSTATUS rpc_pipe_open_interface(TALLOC_CTX *mem_ctx,
- return NT_STATUS_NO_MEMORY;
- }
-
-- pipe_name = get_pipe_name_from_syntax(tmp_ctx, syntax);
-+ pipe_name = get_pipe_name_from_syntax(tmp_ctx, &table->syntax_id);
- if (pipe_name == NULL) {
- status = NT_STATUS_INVALID_PARAMETER;
- goto done;
-@@ -800,7 +800,7 @@ NTSTATUS rpc_pipe_open_interface(TALLOC_CTX *mem_ctx,
- switch (pipe_mode) {
- case RPC_SERVICE_MODE_EMBEDDED:
- status = rpc_pipe_open_internal(tmp_ctx,
-- syntax, session_info,
-+ &table->syntax_id, session_info,
- remote_address, msg_ctx,
- &cli);
- if (!NT_STATUS_IS_OK(status)) {
-@@ -813,7 +813,7 @@ NTSTATUS rpc_pipe_open_interface(TALLOC_CTX *mem_ctx,
- * to spoolssd. */
-
- status = rpc_pipe_open_external(tmp_ctx,
-- pipe_name, syntax,
-+ pipe_name, &table->syntax_id,
- session_info,
- &cli);
- if (!NT_STATUS_IS_OK(status)) {
-diff --git a/source3/rpc_server/rpc_ncacn_np.h b/source3/rpc_server/rpc_ncacn_np.h
-index 586d61b..67cd8a1 100644
---- a/source3/rpc_server/rpc_ncacn_np.h
-+++ b/source3/rpc_server/rpc_ncacn_np.h
-@@ -50,7 +50,7 @@ NTSTATUS rpcint_binding_handle(TALLOC_CTX *mem_ctx,
- struct messaging_context *msg_ctx,
- struct dcerpc_binding_handle **binding_handle);
- NTSTATUS rpc_pipe_open_interface(TALLOC_CTX *mem_ctx,
-- const struct ndr_syntax_id *syntax,
-+ const struct ndr_interface_table *table,
- const struct auth_session_info *session_info,
- const struct tsocket_address *remote_address,
- struct messaging_context *msg_ctx,
-diff --git a/source3/smbd/lanman.c b/source3/smbd/lanman.c
-index d0dae36..3c488ec 100644
---- a/source3/smbd/lanman.c
-+++ b/source3/smbd/lanman.c
-@@ -832,7 +832,7 @@ static bool api_DosPrintQGetInfo(struct smbd_server_connection *sconn,
- }
-
- status = rpc_pipe_open_interface(conn,
-- &ndr_table_spoolss.syntax_id,
-+ &ndr_table_spoolss,
- conn->session_info,
- conn->sconn->remote_address,
- conn->sconn->msg_ctx,
-@@ -1029,7 +1029,7 @@ static bool api_DosPrintQEnum(struct smbd_server_connection *sconn,
- }
-
- status = rpc_pipe_open_interface(conn,
-- &ndr_table_spoolss.syntax_id,
-+ &ndr_table_spoolss,
- conn->session_info,
- conn->sconn->remote_address,
- conn->sconn->msg_ctx,
-@@ -2256,7 +2256,7 @@ static bool api_RNetShareAdd(struct smbd_server_connection *sconn,
- return false;
- }
-
-- status = rpc_pipe_open_interface(mem_ctx, &ndr_table_srvsvc.syntax_id,
-+ status = rpc_pipe_open_interface(mem_ctx, &ndr_table_srvsvc,
- conn->session_info,
- conn->sconn->remote_address,
- conn->sconn->msg_ctx,
-@@ -2368,7 +2368,7 @@ static bool api_RNetGroupEnum(struct smbd_server_connection *sconn,
- }
-
- status = rpc_pipe_open_interface(
-- talloc_tos(), &ndr_table_samr.syntax_id,
-+ talloc_tos(), &ndr_table_samr,
- conn->session_info, conn->sconn->remote_address,
- conn->sconn->msg_ctx, &samr_pipe);
- if (!NT_STATUS_IS_OK(status)) {
-@@ -2574,7 +2574,7 @@ static bool api_NetUserGetGroups(struct smbd_server_connection *sconn,
- endp = *rdata + *rdata_len;
-
- status = rpc_pipe_open_interface(
-- talloc_tos(), &ndr_table_samr.syntax_id,
-+ talloc_tos(), &ndr_table_samr,
- conn->session_info, conn->sconn->remote_address,
- conn->sconn->msg_ctx, &samr_pipe);
- if (!NT_STATUS_IS_OK(status)) {
-@@ -2774,7 +2774,7 @@ static bool api_RNetUserEnum(struct smbd_server_connection *sconn,
- endp = *rdata + *rdata_len;
-
- status = rpc_pipe_open_interface(
-- talloc_tos(), &ndr_table_samr.syntax_id,
-+ talloc_tos(), &ndr_table_samr,
- conn->session_info, conn->sconn->remote_address,
- conn->sconn->msg_ctx, &samr_pipe);
- if (!NT_STATUS_IS_OK(status)) {
-@@ -3037,7 +3037,7 @@ static bool api_SamOEMChangePassword(struct smbd_server_connection *sconn,
- memcpy(password.data, data, 516);
- memcpy(hash.hash, data+516, 16);
-
-- status = rpc_pipe_open_interface(mem_ctx, &ndr_table_samr.syntax_id,
-+ status = rpc_pipe_open_interface(mem_ctx, &ndr_table_samr,
- conn->session_info,
- conn->sconn->remote_address,
- conn->sconn->msg_ctx,
-@@ -3134,7 +3134,7 @@ static bool api_RDosPrintJobDel(struct smbd_server_connection *sconn,
- ZERO_STRUCT(handle);
-
- status = rpc_pipe_open_interface(conn,
-- &ndr_table_spoolss.syntax_id,
-+ &ndr_table_spoolss,
- conn->session_info,
- conn->sconn->remote_address,
- conn->sconn->msg_ctx,
-@@ -3262,7 +3262,7 @@ static bool api_WPrintQueueCtrl(struct smbd_server_connection *sconn,
- ZERO_STRUCT(handle);
-
- status = rpc_pipe_open_interface(conn,
-- &ndr_table_spoolss.syntax_id,
-+ &ndr_table_spoolss,
- conn->session_info,
- conn->sconn->remote_address,
- conn->sconn->msg_ctx,
-@@ -3444,7 +3444,7 @@ static bool api_PrintJobInfo(struct smbd_server_connection *sconn,
- ZERO_STRUCT(handle);
-
- status = rpc_pipe_open_interface(conn,
-- &ndr_table_spoolss.syntax_id,
-+ &ndr_table_spoolss,
- conn->session_info,
- conn->sconn->remote_address,
- conn->sconn->msg_ctx,
-@@ -3621,7 +3621,7 @@ static bool api_RNetServerGetInfo(struct smbd_server_connection *sconn,
- p = *rdata;
- p2 = p + struct_len;
-
-- status = rpc_pipe_open_interface(mem_ctx, &ndr_table_srvsvc.syntax_id,
-+ status = rpc_pipe_open_interface(mem_ctx, &ndr_table_srvsvc,
- conn->session_info,
- conn->sconn->remote_address,
- conn->sconn->msg_ctx,
-@@ -4052,7 +4052,7 @@ static bool api_RNetUserGetInfo(struct smbd_server_connection *sconn,
- ZERO_STRUCT(domain_handle);
- ZERO_STRUCT(user_handle);
-
-- status = rpc_pipe_open_interface(mem_ctx, &ndr_table_samr.syntax_id,
-+ status = rpc_pipe_open_interface(mem_ctx, &ndr_table_samr,
- conn->session_info,
- conn->sconn->remote_address,
- conn->sconn->msg_ctx,
-@@ -4581,7 +4581,7 @@ static bool api_WPrintJobGetInfo(struct smbd_server_connection *sconn,
- ZERO_STRUCT(handle);
-
- status = rpc_pipe_open_interface(conn,
-- &ndr_table_spoolss.syntax_id,
-+ &ndr_table_spoolss,
- conn->session_info,
- conn->sconn->remote_address,
- conn->sconn->msg_ctx,
-@@ -4723,7 +4723,7 @@ static bool api_WPrintJobEnumerate(struct smbd_server_connection *sconn,
- ZERO_STRUCT(handle);
-
- status = rpc_pipe_open_interface(conn,
-- &ndr_table_spoolss.syntax_id,
-+ &ndr_table_spoolss,
- conn->session_info,
- conn->sconn->remote_address,
- conn->sconn->msg_ctx,
-@@ -4923,7 +4923,7 @@ static bool api_WPrintDestGetInfo(struct smbd_server_connection *sconn,
- ZERO_STRUCT(handle);
-
- status = rpc_pipe_open_interface(conn,
-- &ndr_table_spoolss.syntax_id,
-+ &ndr_table_spoolss,
- conn->session_info,
- conn->sconn->remote_address,
- conn->sconn->msg_ctx,
-@@ -5055,7 +5055,7 @@ static bool api_WPrintDestEnum(struct smbd_server_connection *sconn,
- queuecnt = 0;
-
- status = rpc_pipe_open_interface(conn,
-- &ndr_table_spoolss.syntax_id,
-+ &ndr_table_spoolss,
- conn->session_info,
- conn->sconn->remote_address,
- conn->sconn->msg_ctx,
-@@ -5366,7 +5366,7 @@ static bool api_RNetSessionEnum(struct smbd_server_connection *sconn,
- }
-
- status = rpc_pipe_open_interface(conn,
-- &ndr_table_srvsvc.syntax_id,
-+ &ndr_table_srvsvc,
- conn->session_info,
- conn->sconn->remote_address,
- conn->sconn->msg_ctx,
-diff --git a/source3/smbd/reply.c b/source3/smbd/reply.c
-index 3f5b950..eace557 100644
---- a/source3/smbd/reply.c
-+++ b/source3/smbd/reply.c
-@@ -5637,7 +5637,7 @@ void reply_printqueue(struct smb_request *req)
- ZERO_STRUCT(handle);
-
- status = rpc_pipe_open_interface(conn,
-- &ndr_table_spoolss.syntax_id,
-+ &ndr_table_spoolss,
- conn->session_info,
- conn->sconn->remote_address,
- conn->sconn->msg_ctx,
---
-1.9.3
-
-
-From 3dc2d438f0b440f34b7cdd9eeac429a15f679460 Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?G=C3=BCnther=20Deschner?= <gd@samba.org>
-Date: Fri, 24 May 2013 13:03:23 +0200
-Subject: [PATCH 023/249] s3-rpc_cli: pass down ndr_interface_table to
- cli_rpc_pipe_open_schannel().
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-Guenther
-
-Signed-off-by: Günther Deschner <gd@samba.org>
-Reviewed-by: Stefan Metzmacher <metze@samba.org>
-Reviewed-by: Andreas Schneider <asn@samba.org>
-(cherry picked from commit f6d61b571d79ebf1df58513ec728057d00b95f3e)
----
- source3/auth/auth_domain.c | 2 +-
- source3/rpc_client/cli_pipe.h | 2 +-
- source3/rpc_client/cli_pipe_schannel.c | 4 ++--
- source3/rpcclient/rpcclient.c | 2 +-
- source3/utils/net_rpc.c | 2 +-
- 5 files changed, 6 insertions(+), 6 deletions(-)
-
-diff --git a/source3/auth/auth_domain.c b/source3/auth/auth_domain.c
-index 286c75c..a375f11 100644
---- a/source3/auth/auth_domain.c
-+++ b/source3/auth/auth_domain.c
-@@ -115,7 +115,7 @@ static NTSTATUS connect_to_domain_password_server(struct cli_state **cli,
- if (lp_client_schannel()) {
- /* We also setup the creds chain in the open_schannel call. */
- result = cli_rpc_pipe_open_schannel(
-- *cli, &ndr_table_netlogon.syntax_id, NCACN_NP,
-+ *cli, &ndr_table_netlogon, NCACN_NP,
- DCERPC_AUTH_LEVEL_PRIVACY, domain, &netlogon_pipe);
- } else {
- result = cli_rpc_pipe_open_noauth(
-diff --git a/source3/rpc_client/cli_pipe.h b/source3/rpc_client/cli_pipe.h
-index 3415db0..d17322a 100644
---- a/source3/rpc_client/cli_pipe.h
-+++ b/source3/rpc_client/cli_pipe.h
-@@ -125,7 +125,7 @@ NTSTATUS cli_rpc_pipe_open_ntlmssp_auth_schannel(struct cli_state *cli,
- struct rpc_pipe_client **presult);
-
- NTSTATUS cli_rpc_pipe_open_schannel(struct cli_state *cli,
-- const struct ndr_syntax_id *interface,
-+ const struct ndr_interface_table *table,
- enum dcerpc_transport_t transport,
- enum dcerpc_AuthLevel auth_level,
- const char *domain,
-diff --git a/source3/rpc_client/cli_pipe_schannel.c b/source3/rpc_client/cli_pipe_schannel.c
-index c275720..8bc01a5 100644
---- a/source3/rpc_client/cli_pipe_schannel.c
-+++ b/source3/rpc_client/cli_pipe_schannel.c
-@@ -169,7 +169,7 @@ NTSTATUS cli_rpc_pipe_open_ntlmssp_auth_schannel(struct cli_state *cli,
- ****************************************************************************/
-
- NTSTATUS cli_rpc_pipe_open_schannel(struct cli_state *cli,
-- const struct ndr_syntax_id *interface,
-+ const struct ndr_interface_table *table,
- enum dcerpc_transport_t transport,
- enum dcerpc_AuthLevel auth_level,
- const char *domain,
-@@ -190,7 +190,7 @@ NTSTATUS cli_rpc_pipe_open_schannel(struct cli_state *cli,
- }
-
- status = cli_rpc_pipe_open_schannel_with_key(
-- cli, interface, transport, auth_level, domain, &netlogon_pipe->dc,
-+ cli, &table->syntax_id, transport, auth_level, domain, &netlogon_pipe->dc,
- &result);
-
- /* Now we've bound using the session key we can close the netlog pipe. */
-diff --git a/source3/rpcclient/rpcclient.c b/source3/rpcclient/rpcclient.c
-index d204d7f..6b6478e 100644
---- a/source3/rpcclient/rpcclient.c
-+++ b/source3/rpcclient/rpcclient.c
-@@ -734,7 +734,7 @@ static NTSTATUS do_cmd(struct cli_state *cli,
- break;
- case DCERPC_AUTH_TYPE_SCHANNEL:
- ntresult = cli_rpc_pipe_open_schannel(
-- cli, &cmd_entry->table->syntax_id,
-+ cli, cmd_entry->table,
- default_transport,
- pipe_default_auth_level,
- get_cmdline_auth_info_domain(auth_info),
-diff --git a/source3/utils/net_rpc.c b/source3/utils/net_rpc.c
-index 4503f59..dab9fcd 100644
---- a/source3/utils/net_rpc.c
-+++ b/source3/utils/net_rpc.c
-@@ -191,7 +191,7 @@ int run_rpc_command(struct net_context *c,
- &ndr_table_netlogon.syntax_id))) {
- /* Always try and create an schannel netlogon pipe. */
- nt_status = cli_rpc_pipe_open_schannel(
-- cli, &table->syntax_id, NCACN_NP,
-+ cli, table, NCACN_NP,
- DCERPC_AUTH_LEVEL_PRIVACY, domain_name,
- &pipe_hnd);
- if (!NT_STATUS_IS_OK(nt_status)) {
---
-1.9.3
-
-
-From 428596faf89f424c83edb86d45c5a1322e3fb6b5 Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?G=C3=BCnther=20Deschner?= <gd@samba.org>
-Date: Fri, 24 May 2013 13:08:33 +0200
-Subject: [PATCH 024/249] s3-rpc_cli: pass down ndr_interface_table to
- cli_rpc_pipe_open_ntlmssp_auth_schannel().
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-Guenther
-
-Signed-off-by: Günther Deschner <gd@samba.org>
-Reviewed-by: Stefan Metzmacher <metze@samba.org>
-Reviewed-by: Andreas Schneider <asn@samba.org>
-(cherry picked from commit 7f169474fc86479abe09a5716b8029c6febcfaa9)
----
- source3/rpc_client/cli_pipe.h | 2 +-
- source3/rpc_client/cli_pipe_schannel.c | 4 ++--
- 2 files changed, 3 insertions(+), 3 deletions(-)
-
-diff --git a/source3/rpc_client/cli_pipe.h b/source3/rpc_client/cli_pipe.h
-index d17322a..7026692 100644
---- a/source3/rpc_client/cli_pipe.h
-+++ b/source3/rpc_client/cli_pipe.h
-@@ -116,7 +116,7 @@ NTSTATUS cli_rpc_pipe_open_schannel_with_key(struct cli_state *cli,
- struct rpc_pipe_client **presult);
-
- NTSTATUS cli_rpc_pipe_open_ntlmssp_auth_schannel(struct cli_state *cli,
-- const struct ndr_syntax_id *interface,
-+ const struct ndr_interface_table *table,
- enum dcerpc_transport_t transport,
- enum dcerpc_AuthLevel auth_level,
- const char *domain,
-diff --git a/source3/rpc_client/cli_pipe_schannel.c b/source3/rpc_client/cli_pipe_schannel.c
-index 8bc01a5..261a768 100644
---- a/source3/rpc_client/cli_pipe_schannel.c
-+++ b/source3/rpc_client/cli_pipe_schannel.c
-@@ -128,7 +128,7 @@ static NTSTATUS get_schannel_session_key_auth_ntlmssp(struct cli_state *cli,
- ****************************************************************************/
-
- NTSTATUS cli_rpc_pipe_open_ntlmssp_auth_schannel(struct cli_state *cli,
-- const struct ndr_syntax_id *interface,
-+ const struct ndr_interface_table *table,
- enum dcerpc_transport_t transport,
- enum dcerpc_AuthLevel auth_level,
- const char *domain,
-@@ -151,7 +151,7 @@ NTSTATUS cli_rpc_pipe_open_ntlmssp_auth_schannel(struct cli_state *cli,
- }
-
- status = cli_rpc_pipe_open_schannel_with_key(
-- cli, interface, transport, auth_level, domain, &netlogon_pipe->dc,
-+ cli, &table->syntax_id, transport, auth_level, domain, &netlogon_pipe->dc,
- &result);
-
- /* Now we've bound using the session key we can close the netlog pipe. */
---
-1.9.3
-
-
-From cda31f4e490942ffc89513f000fa147f535a2713 Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?G=C3=BCnther=20Deschner?= <gd@samba.org>
-Date: Fri, 24 May 2013 13:17:24 +0200
-Subject: [PATCH 025/249] s3-rpc_cli: pass down ndr_interface_table to
- cli_rpc_pipe_open_schannel_with_key().
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-Guenther
-
-Signed-off-by: Günther Deschner <gd@samba.org>
-Reviewed-by: Stefan Metzmacher <metze@samba.org>
-Reviewed-by: Andreas Schneider <asn@samba.org>
-(cherry picked from commit 3dc3a6c8483a8de22b483ecf164c81232d4a8d65)
----
- source3/libnet/libnet_join.c | 2 +-
- source3/rpc_client/cli_pipe.c | 6 +++---
- source3/rpc_client/cli_pipe.h | 2 +-
- source3/rpc_client/cli_pipe_schannel.c | 4 ++--
- source3/utils/net_rpc_join.c | 4 ++--
- source3/winbindd/winbindd_cm.c | 8 ++++----
- 6 files changed, 13 insertions(+), 13 deletions(-)
-
-diff --git a/source3/libnet/libnet_join.c b/source3/libnet/libnet_join.c
-index 1418385..9f47f3b 100644
---- a/source3/libnet/libnet_join.c
-+++ b/source3/libnet/libnet_join.c
-@@ -1287,7 +1287,7 @@ NTSTATUS libnet_join_ok(const char *netbios_domain_name,
- }
-
- status = cli_rpc_pipe_open_schannel_with_key(
-- cli, &ndr_table_netlogon.syntax_id, NCACN_NP,
-+ cli, &ndr_table_netlogon, NCACN_NP,
- DCERPC_AUTH_LEVEL_PRIVACY,
- netbios_domain_name, &netlogon_pipe->dc, &pipe_hnd);
-
-diff --git a/source3/rpc_client/cli_pipe.c b/source3/rpc_client/cli_pipe.c
-index 427b628..34cef32 100644
---- a/source3/rpc_client/cli_pipe.c
-+++ b/source3/rpc_client/cli_pipe.c
-@@ -3022,7 +3022,7 @@ NTSTATUS cli_rpc_pipe_open_generic_auth(struct cli_state *cli,
- ****************************************************************************/
-
- NTSTATUS cli_rpc_pipe_open_schannel_with_key(struct cli_state *cli,
-- const struct ndr_syntax_id *interface,
-+ const struct ndr_interface_table *table,
- enum dcerpc_transport_t transport,
- enum dcerpc_AuthLevel auth_level,
- const char *domain,
-@@ -3033,7 +3033,7 @@ NTSTATUS cli_rpc_pipe_open_schannel_with_key(struct cli_state *cli,
- struct pipe_auth_data *auth;
- NTSTATUS status;
-
-- status = cli_rpc_pipe_open(cli, transport, interface, &result);
-+ status = cli_rpc_pipe_open(cli, transport, &table->syntax_id, &result);
- if (!NT_STATUS_IS_OK(status)) {
- return status;
- }
-@@ -3070,7 +3070,7 @@ NTSTATUS cli_rpc_pipe_open_schannel_with_key(struct cli_state *cli,
-
- DEBUG(10,("cli_rpc_pipe_open_schannel_with_key: opened pipe %s to machine %s "
- "for domain %s and bound using schannel.\n",
-- get_pipe_name_from_syntax(talloc_tos(), interface),
-+ get_pipe_name_from_syntax(talloc_tos(), &table->syntax_id),
- result->desthost, domain));
-
- *presult = result;
-diff --git a/source3/rpc_client/cli_pipe.h b/source3/rpc_client/cli_pipe.h
-index 7026692..65bfbc8 100644
---- a/source3/rpc_client/cli_pipe.h
-+++ b/source3/rpc_client/cli_pipe.h
-@@ -108,7 +108,7 @@ NTSTATUS cli_rpc_pipe_open_spnego(struct cli_state *cli,
- struct rpc_pipe_client **presult);
-
- NTSTATUS cli_rpc_pipe_open_schannel_with_key(struct cli_state *cli,
-- const struct ndr_syntax_id *interface,
-+ const struct ndr_interface_table *table,
- enum dcerpc_transport_t transport,
- enum dcerpc_AuthLevel auth_level,
- const char *domain,
-diff --git a/source3/rpc_client/cli_pipe_schannel.c b/source3/rpc_client/cli_pipe_schannel.c
-index 261a768..784e63f 100644
---- a/source3/rpc_client/cli_pipe_schannel.c
-+++ b/source3/rpc_client/cli_pipe_schannel.c
-@@ -151,7 +151,7 @@ NTSTATUS cli_rpc_pipe_open_ntlmssp_auth_schannel(struct cli_state *cli,
- }
-
- status = cli_rpc_pipe_open_schannel_with_key(
-- cli, &table->syntax_id, transport, auth_level, domain, &netlogon_pipe->dc,
-+ cli, table, transport, auth_level, domain, &netlogon_pipe->dc,
- &result);
-
- /* Now we've bound using the session key we can close the netlog pipe. */
-@@ -190,7 +190,7 @@ NTSTATUS cli_rpc_pipe_open_schannel(struct cli_state *cli,
- }
-
- status = cli_rpc_pipe_open_schannel_with_key(
-- cli, &table->syntax_id, transport, auth_level, domain, &netlogon_pipe->dc,
-+ cli, table, transport, auth_level, domain, &netlogon_pipe->dc,
- &result);
-
- /* Now we've bound using the session key we can close the netlog pipe. */
-diff --git a/source3/utils/net_rpc_join.c b/source3/utils/net_rpc_join.c
-index 56799cd..4b43769 100644
---- a/source3/utils/net_rpc_join.c
-+++ b/source3/utils/net_rpc_join.c
-@@ -137,7 +137,7 @@ NTSTATUS net_rpc_join_ok(struct net_context *c, const char *domain,
- }
-
- ntret = cli_rpc_pipe_open_schannel_with_key(
-- cli, &ndr_table_netlogon.syntax_id, NCACN_NP,
-+ cli, &ndr_table_netlogon, NCACN_NP,
- DCERPC_AUTH_LEVEL_PRIVACY,
- domain, &netlogon_pipe->dc, &pipe_hnd);
-
-@@ -497,7 +497,7 @@ int net_rpc_join_newstyle(struct net_context *c, int argc, const char **argv)
- struct rpc_pipe_client *netlogon_schannel_pipe;
-
- status = cli_rpc_pipe_open_schannel_with_key(
-- cli, &ndr_table_netlogon.syntax_id, NCACN_NP,
-+ cli, &ndr_table_netlogon, NCACN_NP,
- DCERPC_AUTH_LEVEL_PRIVACY, domain, &pipe_hnd->dc,
- &netlogon_schannel_pipe);
-
-diff --git a/source3/winbindd/winbindd_cm.c b/source3/winbindd/winbindd_cm.c
-index 61917db..f17fc68 100644
---- a/source3/winbindd/winbindd_cm.c
-+++ b/source3/winbindd/winbindd_cm.c
-@@ -2415,7 +2415,7 @@ NTSTATUS cm_connect_sam(struct winbindd_domain *domain, TALLOC_CTX *mem_ctx,
- goto anonymous;
- }
- status = cli_rpc_pipe_open_schannel_with_key
-- (conn->cli, &ndr_table_samr.syntax_id, NCACN_NP,
-+ (conn->cli, &ndr_table_samr, NCACN_NP,
- DCERPC_AUTH_LEVEL_PRIVACY,
- domain->name, &p_creds, &conn->samr_pipe);
-
-@@ -2547,7 +2547,7 @@ NTSTATUS cm_connect_lsa_tcp(struct winbindd_domain *domain,
- }
-
- status = cli_rpc_pipe_open_schannel_with_key(conn->cli,
-- &ndr_table_lsarpc.syntax_id,
-+ &ndr_table_lsarpc,
- NCACN_IP_TCP,
- DCERPC_AUTH_LEVEL_PRIVACY,
- domain->name,
-@@ -2646,7 +2646,7 @@ NTSTATUS cm_connect_lsa(struct winbindd_domain *domain, TALLOC_CTX *mem_ctx,
- goto anonymous;
- }
- result = cli_rpc_pipe_open_schannel_with_key
-- (conn->cli, &ndr_table_lsarpc.syntax_id, NCACN_NP,
-+ (conn->cli, &ndr_table_lsarpc, NCACN_NP,
- DCERPC_AUTH_LEVEL_PRIVACY,
- domain->name, &p_creds, &conn->lsa_pipe);
-
-@@ -2831,7 +2831,7 @@ NTSTATUS cm_connect_netlogon(struct winbindd_domain *domain,
- */
-
- result = cli_rpc_pipe_open_schannel_with_key(
-- conn->cli, &ndr_table_netlogon.syntax_id, NCACN_NP,
-+ conn->cli, &ndr_table_netlogon, NCACN_NP,
- DCERPC_AUTH_LEVEL_PRIVACY, domain->name, &netlogon_pipe->dc,
- &conn->netlogon_pipe);
-
---
-1.9.3
-
-
-From 9b569e91cd22806eedae76d3fb60cdbd7548e4c2 Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?G=C3=BCnther=20Deschner?= <gd@samba.org>
-Date: Fri, 24 May 2013 13:29:28 +0200
-Subject: [PATCH 026/249] s3-rpc_cli: pass down ndr_interface_table to
- cli_rpc_pipe_open_noauth().
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-Guenther
-
-Signed-off-by: Günther Deschner <gd@samba.org>
-Reviewed-by: Stefan Metzmacher <metze@samba.org>
-Reviewed-by: Andreas Schneider <asn@samba.org>
-(cherry picked from commit 9813fe2b04a5b4abaa95ea1d893b3803edbede4d)
----
- source3/auth/auth_domain.c | 2 +-
- source3/client/client.c | 2 +-
- source3/lib/netapi/cm.c | 2 +-
- source3/libnet/libnet_join.c | 8 ++++----
- source3/libsmb/libsmb_dir.c | 2 +-
- source3/libsmb/libsmb_server.c | 2 +-
- source3/libsmb/passchange.c | 4 ++--
- source3/libsmb/trustdom_cache.c | 2 +-
- source3/libsmb/trusts_util.c | 2 +-
- source3/rpc_client/cli_pipe.c | 4 ++--
- source3/rpc_client/cli_pipe.h | 2 +-
- source3/rpc_client/cli_pipe_schannel.c | 2 +-
- source3/rpc_server/spoolss/srv_spoolss_nt.c | 2 +-
- source3/rpcclient/cmd_spoolss.c | 2 +-
- source3/rpcclient/cmd_test.c | 4 ++--
- source3/rpcclient/rpcclient.c | 2 +-
- source3/torture/test_async_echo.c | 2 +-
- source3/utils/net_ads.c | 2 +-
- source3/utils/net_rpc.c | 20 ++++++++++----------
- source3/utils/net_rpc_join.c | 6 +++---
- source3/utils/net_rpc_shell.c | 2 +-
- source3/utils/net_rpc_trust.c | 2 +-
- source3/utils/net_util.c | 8 ++++----
- source3/utils/netlookup.c | 2 +-
- source3/utils/smbcacls.c | 7 +++----
- source3/utils/smbcquotas.c | 2 +-
- source3/utils/smbtree.c | 2 +-
- source3/winbindd/winbindd_cm.c | 10 +++++-----
- 28 files changed, 54 insertions(+), 55 deletions(-)
-
-diff --git a/source3/auth/auth_domain.c b/source3/auth/auth_domain.c
-index a375f11..54ee5a1 100644
---- a/source3/auth/auth_domain.c
-+++ b/source3/auth/auth_domain.c
-@@ -119,7 +119,7 @@ static NTSTATUS connect_to_domain_password_server(struct cli_state **cli,
- DCERPC_AUTH_LEVEL_PRIVACY, domain, &netlogon_pipe);
- } else {
- result = cli_rpc_pipe_open_noauth(
-- *cli, &ndr_table_netlogon.syntax_id, &netlogon_pipe);
-+ *cli, &ndr_table_netlogon, &netlogon_pipe);
- }
-
- if (!NT_STATUS_IS_OK(result)) {
-diff --git a/source3/client/client.c b/source3/client/client.c
-index ab46cb8..dafc5f0 100644
---- a/source3/client/client.c
-+++ b/source3/client/client.c
-@@ -4227,7 +4227,7 @@ static bool browse_host_rpc(bool sort)
- int i;
- struct dcerpc_binding_handle *b;
-
-- status = cli_rpc_pipe_open_noauth(cli, &ndr_table_srvsvc.syntax_id,
-+ status = cli_rpc_pipe_open_noauth(cli, &ndr_table_srvsvc,
- &pipe_hnd);
-
- if (!NT_STATUS_IS_OK(status)) {
-diff --git a/source3/lib/netapi/cm.c b/source3/lib/netapi/cm.c
-index 8551521..1cfdccf 100644
---- a/source3/lib/netapi/cm.c
-+++ b/source3/lib/netapi/cm.c
-@@ -202,7 +202,7 @@ static NTSTATUS pipe_cm_connect(TALLOC_CTX *mem_ctx,
- return NT_STATUS_NO_MEMORY;
- }
-
-- status = cli_rpc_pipe_open_noauth(ipc->cli, &table->syntax_id, &p->pipe);
-+ status = cli_rpc_pipe_open_noauth(ipc->cli, table, &p->pipe);
- if (!NT_STATUS_IS_OK(status)) {
- TALLOC_FREE(p);
- return status;
-diff --git a/source3/libnet/libnet_join.c b/source3/libnet/libnet_join.c
-index 9f47f3b..324c8f3 100644
---- a/source3/libnet/libnet_join.c
-+++ b/source3/libnet/libnet_join.c
-@@ -749,7 +749,7 @@ static NTSTATUS libnet_join_lookup_dc_rpc(TALLOC_CTX *mem_ctx,
- goto done;
- }
-
-- status = cli_rpc_pipe_open_noauth(*cli, &ndr_table_lsarpc.syntax_id,
-+ status = cli_rpc_pipe_open_noauth(*cli, &ndr_table_lsarpc,
- &pipe_hnd);
- if (!NT_STATUS_IS_OK(status)) {
- DEBUG(0,("Error connecting to LSA pipe. Error was %s\n",
-@@ -819,7 +819,7 @@ static NTSTATUS libnet_join_joindomain_rpc_unsecure(TALLOC_CTX *mem_ctx,
- fstring trust_passwd;
- NTSTATUS status;
-
-- status = cli_rpc_pipe_open_noauth(cli, &ndr_table_netlogon.syntax_id,
-+ status = cli_rpc_pipe_open_noauth(cli, &ndr_table_netlogon,
- &pipe_hnd);
- if (!NT_STATUS_IS_OK(status)) {
- return status;
-@@ -908,7 +908,7 @@ static NTSTATUS libnet_join_joindomain_rpc(TALLOC_CTX *mem_ctx,
-
- /* Open the domain */
-
-- status = cli_rpc_pipe_open_noauth(cli, &ndr_table_samr.syntax_id,
-+ status = cli_rpc_pipe_open_noauth(cli, &ndr_table_samr,
- &pipe_hnd);
- if (!NT_STATUS_IS_OK(status)) {
- DEBUG(0,("Error connecting to SAM pipe. Error was %s\n",
-@@ -1377,7 +1377,7 @@ static NTSTATUS libnet_join_unjoindomain_rpc(TALLOC_CTX *mem_ctx,
-
- /* Open the domain */
-
-- status = cli_rpc_pipe_open_noauth(cli, &ndr_table_samr.syntax_id,
-+ status = cli_rpc_pipe_open_noauth(cli, &ndr_table_samr,
- &pipe_hnd);
- if (!NT_STATUS_IS_OK(status)) {
- DEBUG(0,("Error connecting to SAM pipe. Error was %s\n",
-diff --git a/source3/libsmb/libsmb_dir.c b/source3/libsmb/libsmb_dir.c
-index 87e10d8..3a07f11 100644
---- a/source3/libsmb/libsmb_dir.c
-+++ b/source3/libsmb/libsmb_dir.c
-@@ -277,7 +277,7 @@ net_share_enum_rpc(struct cli_state *cli,
- struct dcerpc_binding_handle *b;
-
- /* Open the server service pipe */
-- nt_status = cli_rpc_pipe_open_noauth(cli, &ndr_table_srvsvc.syntax_id,
-+ nt_status = cli_rpc_pipe_open_noauth(cli, &ndr_table_srvsvc,
- &pipe_hnd);
- if (!NT_STATUS_IS_OK(nt_status)) {
- DEBUG(1, ("net_share_enum_rpc pipe open fail!\n"));
-diff --git a/source3/libsmb/libsmb_server.c b/source3/libsmb/libsmb_server.c
-index d4254da..dff0062 100644
---- a/source3/libsmb/libsmb_server.c
-+++ b/source3/libsmb/libsmb_server.c
-@@ -802,7 +802,7 @@ SMBC_attr_server(TALLOC_CTX *ctx,
- ipc_srv->cli = ipc_cli;
-
- nt_status = cli_rpc_pipe_open_noauth(
-- ipc_srv->cli, &ndr_table_lsarpc.syntax_id, &pipe_hnd);
-+ ipc_srv->cli, &ndr_table_lsarpc, &pipe_hnd);
- if (!NT_STATUS_IS_OK(nt_status)) {
- DEBUG(1, ("cli_nt_session_open fail!\n"));
- errno = ENOTSUP;
-diff --git a/source3/libsmb/passchange.c b/source3/libsmb/passchange.c
-index 3933833..9736ada 100644
---- a/source3/libsmb/passchange.c
-+++ b/source3/libsmb/passchange.c
-@@ -169,7 +169,7 @@ NTSTATUS remote_password_change(const char *remote_machine, const char *user_nam
- * way.
- */
- result = cli_rpc_pipe_open_noauth(
-- cli, &ndr_table_samr.syntax_id, &pipe_hnd);
-+ cli, &ndr_table_samr, &pipe_hnd);
- }
-
- if (!NT_STATUS_IS_OK(result)) {
-@@ -230,7 +230,7 @@ NTSTATUS remote_password_change(const char *remote_machine, const char *user_nam
- result = NT_STATUS_UNSUCCESSFUL;
-
- /* OK, this is ugly, but... try an anonymous pipe. */
-- result = cli_rpc_pipe_open_noauth(cli, &ndr_table_samr.syntax_id,
-+ result = cli_rpc_pipe_open_noauth(cli, &ndr_table_samr,
- &pipe_hnd);
-
- if ( NT_STATUS_IS_OK(result) &&
-diff --git a/source3/libsmb/trustdom_cache.c b/source3/libsmb/trustdom_cache.c
-index 8789d30..dadc751 100644
---- a/source3/libsmb/trustdom_cache.c
-+++ b/source3/libsmb/trustdom_cache.c
-@@ -289,7 +289,7 @@ static bool enumerate_domain_trusts( TALLOC_CTX *mem_ctx, const char *domain,
-
- /* open the LSARPC_PIPE */
-
-- status = cli_rpc_pipe_open_noauth(cli, &ndr_table_lsarpc.syntax_id,
-+ status = cli_rpc_pipe_open_noauth(cli, &ndr_table_lsarpc,
- &lsa_pipe);
- if (!NT_STATUS_IS_OK(status)) {
- goto done;
-diff --git a/source3/libsmb/trusts_util.c b/source3/libsmb/trusts_util.c
-index 0d039bc..6156ba0 100644
---- a/source3/libsmb/trusts_util.c
-+++ b/source3/libsmb/trusts_util.c
-@@ -182,7 +182,7 @@ NTSTATUS change_trust_account_password( const char *domain, const char *remote_m
- /* Shouldn't we open this with schannel ? JRA. */
-
- nt_status = cli_rpc_pipe_open_noauth(
-- cli, &ndr_table_netlogon.syntax_id, &netlogon_pipe);
-+ cli, &ndr_table_netlogon, &netlogon_pipe);
- if (!NT_STATUS_IS_OK(nt_status)) {
- DEBUG(0,("modify_trust_password: unable to open the domain client session to machine %s. Error was : %s.\n",
- dc_name, nt_errstr(nt_status)));
-diff --git a/source3/rpc_client/cli_pipe.c b/source3/rpc_client/cli_pipe.c
-index 34cef32..1137abd 100644
---- a/source3/rpc_client/cli_pipe.c
-+++ b/source3/rpc_client/cli_pipe.c
-@@ -2948,11 +2948,11 @@ NTSTATUS cli_rpc_pipe_open_noauth_transport(struct cli_state *cli,
- ****************************************************************************/
-
- NTSTATUS cli_rpc_pipe_open_noauth(struct cli_state *cli,
-- const struct ndr_syntax_id *interface,
-+ const struct ndr_interface_table *table,
- struct rpc_pipe_client **presult)
- {
- return cli_rpc_pipe_open_noauth_transport(cli, NCACN_NP,
-- interface, presult);
-+ &table->syntax_id, presult);
- }
-
- /****************************************************************************
-diff --git a/source3/rpc_client/cli_pipe.h b/source3/rpc_client/cli_pipe.h
-index 65bfbc8..9aae61a 100644
---- a/source3/rpc_client/cli_pipe.h
-+++ b/source3/rpc_client/cli_pipe.h
-@@ -77,7 +77,7 @@ NTSTATUS rpc_pipe_open_ncalrpc(TALLOC_CTX *mem_ctx, const char *socket_path,
- struct dcerpc_binding_handle *rpccli_bh_create(struct rpc_pipe_client *c);
-
- NTSTATUS cli_rpc_pipe_open_noauth(struct cli_state *cli,
-- const struct ndr_syntax_id *interface,
-+ const struct ndr_interface_table *table,
- struct rpc_pipe_client **presult);
-
- NTSTATUS cli_rpc_pipe_open_noauth_transport(struct cli_state *cli,
-diff --git a/source3/rpc_client/cli_pipe_schannel.c b/source3/rpc_client/cli_pipe_schannel.c
-index 784e63f..bc672ef 100644
---- a/source3/rpc_client/cli_pipe_schannel.c
-+++ b/source3/rpc_client/cli_pipe_schannel.c
-@@ -217,7 +217,7 @@ NTSTATUS get_schannel_session_key(struct cli_state *cli,
- struct rpc_pipe_client *netlogon_pipe = NULL;
- NTSTATUS status;
-
-- status = cli_rpc_pipe_open_noauth(cli, &ndr_table_netlogon.syntax_id,
-+ status = cli_rpc_pipe_open_noauth(cli, &ndr_table_netlogon,
- &netlogon_pipe);
- if (!NT_STATUS_IS_OK(status)) {
- return status;
-diff --git a/source3/rpc_server/spoolss/srv_spoolss_nt.c b/source3/rpc_server/spoolss/srv_spoolss_nt.c
-index 335647b..c12cd05 100644
---- a/source3/rpc_server/spoolss/srv_spoolss_nt.c
-+++ b/source3/rpc_server/spoolss/srv_spoolss_nt.c
-@@ -2504,7 +2504,7 @@ static bool spoolss_connect_to_client(struct rpc_pipe_client **pp_pipe,
- * Now start the NT Domain stuff :-).
- */
-
-- ret = cli_rpc_pipe_open_noauth(the_cli, &ndr_table_spoolss.syntax_id, pp_pipe);
-+ ret = cli_rpc_pipe_open_noauth(the_cli, &ndr_table_spoolss, pp_pipe);
- if (!NT_STATUS_IS_OK(ret)) {
- DEBUG(2,("spoolss_connect_to_client: unable to open the spoolss pipe on machine %s. Error was : %s.\n",
- remote_machine, nt_errstr(ret)));
-diff --git a/source3/rpcclient/cmd_spoolss.c b/source3/rpcclient/cmd_spoolss.c
-index 5c499d4..fb011f8 100644
---- a/source3/rpcclient/cmd_spoolss.c
-+++ b/source3/rpcclient/cmd_spoolss.c
-@@ -3453,7 +3453,7 @@ static WERROR cmd_spoolss_printercmp(struct rpc_pipe_client *cli,
- if ( !NT_STATUS_IS_OK(nt_status) )
- return WERR_GENERAL_FAILURE;
-
-- nt_status = cli_rpc_pipe_open_noauth(cli_server2, &ndr_table_spoolss.syntax_id,
-+ nt_status = cli_rpc_pipe_open_noauth(cli_server2, &ndr_table_spoolss,
- &cli2);
- if (!NT_STATUS_IS_OK(nt_status)) {
- printf("failed to open spoolss pipe on server %s (%s)\n",
-diff --git a/source3/rpcclient/cmd_test.c b/source3/rpcclient/cmd_test.c
-index 591ae8c..367dc71 100644
---- a/source3/rpcclient/cmd_test.c
-+++ b/source3/rpcclient/cmd_test.c
-@@ -36,14 +36,14 @@ static NTSTATUS cmd_testme(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx,
- d_printf("testme\n");
-
- status = cli_rpc_pipe_open_noauth(rpc_pipe_np_smb_conn(cli),
-- &ndr_table_lsarpc.syntax_id,
-+ &ndr_table_lsarpc,
- &lsa_pipe);
- if (!NT_STATUS_IS_OK(status)) {
- goto done;
- }
-
- status = cli_rpc_pipe_open_noauth(rpc_pipe_np_smb_conn(cli),
-- &ndr_table_samr.syntax_id,
-+ &ndr_table_samr,
- &samr_pipe);
- if (!NT_STATUS_IS_OK(status)) {
- goto done;
-diff --git a/source3/rpcclient/rpcclient.c b/source3/rpcclient/rpcclient.c
-index 6b6478e..e3b35bb 100644
---- a/source3/rpcclient/rpcclient.c
-+++ b/source3/rpcclient/rpcclient.c
-@@ -167,7 +167,7 @@ static void fetch_machine_sid(struct cli_state *cli)
- goto error;
- }
-
-- result = cli_rpc_pipe_open_noauth(cli, &ndr_table_lsarpc.syntax_id,
-+ result = cli_rpc_pipe_open_noauth(cli, &ndr_table_lsarpc,
- &lsapipe);
- if (!NT_STATUS_IS_OK(result)) {
- fprintf(stderr, "could not initialise lsa pipe. Error was %s\n", nt_errstr(result) );
-diff --git a/source3/torture/test_async_echo.c b/source3/torture/test_async_echo.c
-index 6df95dd..f21daa4 100644
---- a/source3/torture/test_async_echo.c
-+++ b/source3/torture/test_async_echo.c
-@@ -82,7 +82,7 @@ bool run_async_echo(int dummy)
- printf("torture_open_connection failed\n");
- goto fail;
- }
-- status = cli_rpc_pipe_open_noauth(cli, &ndr_table_rpcecho.syntax_id,
-+ status = cli_rpc_pipe_open_noauth(cli, &ndr_table_rpcecho,
- &p);
- if (!NT_STATUS_IS_OK(status)) {
- printf("Could not open echo pipe: %s\n", nt_errstr(status));
-diff --git a/source3/utils/net_ads.c b/source3/utils/net_ads.c
-index 5699943..89eebf3 100644
---- a/source3/utils/net_ads.c
-+++ b/source3/utils/net_ads.c
-@@ -1957,7 +1957,7 @@ static int net_ads_printer_publish(struct net_context *c, int argc, const char *
- SAFE_FREE(srv_cn_escaped);
- SAFE_FREE(printername_escaped);
-
-- nt_status = cli_rpc_pipe_open_noauth(cli, &ndr_table_spoolss.syntax_id, &pipe_hnd);
-+ nt_status = cli_rpc_pipe_open_noauth(cli, &ndr_table_spoolss, &pipe_hnd);
- if (!NT_STATUS_IS_OK(nt_status)) {
- d_fprintf(stderr, _("Unable to open a connection to the spoolss pipe on %s\n"),
- servername);
-diff --git a/source3/utils/net_rpc.c b/source3/utils/net_rpc.c
-index dab9fcd..69ff14d 100644
---- a/source3/utils/net_rpc.c
-+++ b/source3/utils/net_rpc.c
-@@ -82,7 +82,7 @@ NTSTATUS net_get_remote_domain_sid(struct cli_state *cli, TALLOC_CTX *mem_ctx,
- union lsa_PolicyInformation *info = NULL;
- struct dcerpc_binding_handle *b;
-
-- status = cli_rpc_pipe_open_noauth(cli, &ndr_table_lsarpc.syntax_id,
-+ status = cli_rpc_pipe_open_noauth(cli, &ndr_table_lsarpc,
- &lsa_pipe);
- if (!NT_STATUS_IS_OK(status)) {
- d_fprintf(stderr, _("Could not initialise lsa pipe\n"));
-@@ -212,7 +212,7 @@ int run_rpc_command(struct net_context *c,
- c->opt_password, &pipe_hnd);
- } else {
- nt_status = cli_rpc_pipe_open_noauth(
-- cli, &table->syntax_id,
-+ cli, table,
- &pipe_hnd);
- }
- if (!NT_STATUS_IS_OK(nt_status)) {
-@@ -348,7 +348,7 @@ static NTSTATUS rpc_oldjoin_internals(struct net_context *c,
- NTSTATUS result;
- enum netr_SchannelType sec_channel_type;
-
-- result = cli_rpc_pipe_open_noauth(cli, &ndr_table_netlogon.syntax_id,
-+ result = cli_rpc_pipe_open_noauth(cli, &ndr_table_netlogon,
- &pipe_hnd);
- if (!NT_STATUS_IS_OK(result)) {
- DEBUG(0,("rpc_oldjoin_internals: netlogon pipe open to machine %s failed. "
-@@ -1966,7 +1966,7 @@ static NTSTATUS get_sid_from_name(struct cli_state *cli,
- NTSTATUS status, result;
- struct dcerpc_binding_handle *b;
-
-- status = cli_rpc_pipe_open_noauth(cli, &ndr_table_lsarpc.syntax_id,
-+ status = cli_rpc_pipe_open_noauth(cli, &ndr_table_lsarpc,
- &pipe_hnd);
- if (!NT_STATUS_IS_OK(status)) {
- goto done;
-@@ -2980,7 +2980,7 @@ static NTSTATUS rpc_list_alias_members(struct net_context *c,
- }
-
- result = cli_rpc_pipe_open_noauth(rpc_pipe_np_smb_conn(pipe_hnd),
-- &ndr_table_lsarpc.syntax_id,
-+ &ndr_table_lsarpc,
- &lsa_pipe);
- if (!NT_STATUS_IS_OK(result)) {
- d_fprintf(stderr, _("Couldn't open LSA pipe. Error was %s\n"),
-@@ -6232,7 +6232,7 @@ static NTSTATUS rpc_trustdom_get_pdc(struct net_context *c,
-
- /* Try netr_GetDcName */
-
-- status = cli_rpc_pipe_open_noauth(cli, &ndr_table_netlogon.syntax_id,
-+ status = cli_rpc_pipe_open_noauth(cli, &ndr_table_netlogon,
- &netr);
- if (!NT_STATUS_IS_OK(status)) {
- return status;
-@@ -6379,7 +6379,7 @@ static int rpc_trustdom_establish(struct net_context *c, int argc,
- * Call LsaOpenPolicy and LsaQueryInfo
- */
-
-- nt_status = cli_rpc_pipe_open_noauth(cli, &ndr_table_lsarpc.syntax_id,
-+ nt_status = cli_rpc_pipe_open_noauth(cli, &ndr_table_lsarpc,
- &pipe_hnd);
- if (!NT_STATUS_IS_OK(nt_status)) {
- DEBUG(0, ("Could not initialise lsa pipe. Error was %s\n", nt_errstr(nt_status) ));
-@@ -6656,7 +6656,7 @@ static int rpc_trustdom_vampire(struct net_context *c, int argc,
- return -1;
- };
-
-- nt_status = cli_rpc_pipe_open_noauth(cli, &ndr_table_lsarpc.syntax_id,
-+ nt_status = cli_rpc_pipe_open_noauth(cli, &ndr_table_lsarpc,
- &pipe_hnd);
- if (!NT_STATUS_IS_OK(nt_status)) {
- DEBUG(0, ("Could not initialise lsa pipe. Error was %s\n",
-@@ -6834,7 +6834,7 @@ static int rpc_trustdom_list(struct net_context *c, int argc, const char **argv)
- return -1;
- };
-
-- nt_status = cli_rpc_pipe_open_noauth(cli, &ndr_table_lsarpc.syntax_id,
-+ nt_status = cli_rpc_pipe_open_noauth(cli, &ndr_table_lsarpc,
- &pipe_hnd);
- if (!NT_STATUS_IS_OK(nt_status)) {
- DEBUG(0, ("Could not initialise lsa pipe. Error was %s\n",
-@@ -6950,7 +6950,7 @@ static int rpc_trustdom_list(struct net_context *c, int argc, const char **argv)
- /*
- * Open \PIPE\samr and get needed policy handles
- */
-- nt_status = cli_rpc_pipe_open_noauth(cli, &ndr_table_samr.syntax_id,
-+ nt_status = cli_rpc_pipe_open_noauth(cli, &ndr_table_samr,
- &pipe_hnd);
- if (!NT_STATUS_IS_OK(nt_status)) {
- DEBUG(0, ("Could not initialise samr pipe. Error was %s\n", nt_errstr(nt_status)));
-diff --git a/source3/utils/net_rpc_join.c b/source3/utils/net_rpc_join.c
-index 4b43769..aabbe54 100644
---- a/source3/utils/net_rpc_join.c
-+++ b/source3/utils/net_rpc_join.c
-@@ -245,7 +245,7 @@ int net_rpc_join_newstyle(struct net_context *c, int argc, const char **argv)
-
- /* Fetch domain sid */
-
-- status = cli_rpc_pipe_open_noauth(cli, &ndr_table_lsarpc.syntax_id,
-+ status = cli_rpc_pipe_open_noauth(cli, &ndr_table_lsarpc,
- &pipe_hnd);
- if (!NT_STATUS_IS_OK(status)) {
- DEBUG(0, ("Error connecting to LSA pipe. Error was %s\n",
-@@ -280,7 +280,7 @@ int net_rpc_join_newstyle(struct net_context *c, int argc, const char **argv)
- }
-
- /* Create domain user */
-- status = cli_rpc_pipe_open_noauth(cli, &ndr_table_samr.syntax_id,
-+ status = cli_rpc_pipe_open_noauth(cli, &ndr_table_samr,
- &pipe_hnd);
- if (!NT_STATUS_IS_OK(status)) {
- DEBUG(0, ("Error connecting to SAM pipe. Error was %s\n",
-@@ -456,7 +456,7 @@ int net_rpc_join_newstyle(struct net_context *c, int argc, const char **argv)
-
- /* Now check the whole process from top-to-bottom */
-
-- status = cli_rpc_pipe_open_noauth(cli, &ndr_table_netlogon.syntax_id,
-+ status = cli_rpc_pipe_open_noauth(cli, &ndr_table_netlogon,
- &pipe_hnd);
- if (!NT_STATUS_IS_OK(status)) {
- DEBUG(0,("Error connecting to NETLOGON pipe. Error was %s\n",
-diff --git a/source3/utils/net_rpc_shell.c b/source3/utils/net_rpc_shell.c
-index 6086066..120cfa6 100644
---- a/source3/utils/net_rpc_shell.c
-+++ b/source3/utils/net_rpc_shell.c
-@@ -85,7 +85,7 @@ static NTSTATUS net_sh_run(struct net_context *c,
- return NT_STATUS_NO_MEMORY;
- }
-
-- status = cli_rpc_pipe_open_noauth(ctx->cli, &cmd->table->syntax_id,
-+ status = cli_rpc_pipe_open_noauth(ctx->cli, cmd->table,
- &pipe_hnd);
- if (!NT_STATUS_IS_OK(status)) {
- d_fprintf(stderr, _("Could not open pipe: %s\n"),
-diff --git a/source3/utils/net_rpc_trust.c b/source3/utils/net_rpc_trust.c
-index 9060700..5e58103 100644
---- a/source3/utils/net_rpc_trust.c
-+++ b/source3/utils/net_rpc_trust.c
-@@ -210,7 +210,7 @@ static NTSTATUS connect_and_get_info(TALLOC_CTX *mem_ctx,
- return status;
- }
-
-- status = cli_rpc_pipe_open_noauth(*cli, &ndr_table_lsarpc.syntax_id, pipe_hnd);
-+ status = cli_rpc_pipe_open_noauth(*cli, &ndr_table_lsarpc, pipe_hnd);
- if (!NT_STATUS_IS_OK(status)) {
- DEBUG(0, ("Failed to initialise lsa pipe with error [%s]\n",
- nt_errstr(status)));
-diff --git a/source3/utils/net_util.c b/source3/utils/net_util.c
-index a4282ec..13a0ef1 100644
---- a/source3/utils/net_util.c
-+++ b/source3/utils/net_util.c
-@@ -45,7 +45,7 @@ NTSTATUS net_rpc_lookup_name(struct net_context *c,
-
- ZERO_STRUCT(pol);
-
-- status = cli_rpc_pipe_open_noauth(cli, &ndr_table_lsarpc.syntax_id,
-+ status = cli_rpc_pipe_open_noauth(cli, &ndr_table_lsarpc,
- &lsa_pipe);
- if (!NT_STATUS_IS_OK(status)) {
- d_fprintf(stderr, _("Could not initialise lsa pipe\n"));
-@@ -256,7 +256,7 @@ NTSTATUS connect_dst_pipe(struct net_context *c, struct cli_state **cli_dst,
- return nt_status;
- }
-
-- nt_status = cli_rpc_pipe_open_noauth(cli_tmp, &table->syntax_id,
-+ nt_status = cli_rpc_pipe_open_noauth(cli_tmp, table,
- &pipe_hnd);
- if (!NT_STATUS_IS_OK(nt_status)) {
- DEBUG(0, ("couldn't not initialize pipe\n"));
-@@ -571,7 +571,7 @@ static NTSTATUS net_scan_dc_noad(struct net_context *c,
- ZERO_STRUCTP(dc_info);
- ZERO_STRUCT(pol);
-
-- status = cli_rpc_pipe_open_noauth(cli, &ndr_table_lsarpc.syntax_id,
-+ status = cli_rpc_pipe_open_noauth(cli, &ndr_table_lsarpc,
- &pipe_hnd);
- if (!NT_STATUS_IS_OK(status)) {
- return status;
-@@ -634,7 +634,7 @@ NTSTATUS net_scan_dc(struct net_context *c,
-
- ZERO_STRUCTP(dc_info);
-
-- status = cli_rpc_pipe_open_noauth(cli, &ndr_table_dssetup.syntax_id,
-+ status = cli_rpc_pipe_open_noauth(cli, &ndr_table_dssetup,
- &dssetup_pipe);
- if (!NT_STATUS_IS_OK(status)) {
- DEBUG(10,("net_scan_dc: failed to open dssetup pipe with %s, "
-diff --git a/source3/utils/netlookup.c b/source3/utils/netlookup.c
-index b66c34e..56d3bfe 100644
---- a/source3/utils/netlookup.c
-+++ b/source3/utils/netlookup.c
-@@ -122,7 +122,7 @@ static struct con_struct *create_cs(struct net_context *c,
- }
-
- nt_status = cli_rpc_pipe_open_noauth(cs->cli,
-- &ndr_table_lsarpc.syntax_id,
-+ &ndr_table_lsarpc,
- &cs->lsapipe);
-
- if (!NT_STATUS_IS_OK(nt_status)) {
-diff --git a/source3/utils/smbcacls.c b/source3/utils/smbcacls.c
-index 23a1192..f092839 100644
---- a/source3/utils/smbcacls.c
-+++ b/source3/utils/smbcacls.c
-@@ -96,7 +96,7 @@ static NTSTATUS cli_lsa_lookup_sid(struct cli_state *cli,
- goto tcon_fail;
- }
-
-- status = cli_rpc_pipe_open_noauth(cli, &ndr_table_lsarpc.syntax_id,
-+ status = cli_rpc_pipe_open_noauth(cli, &ndr_table_lsarpc,
- &p);
- if (!NT_STATUS_IS_OK(status)) {
- goto fail;
-@@ -146,7 +146,7 @@ static NTSTATUS cli_lsa_lookup_name(struct cli_state *cli,
- goto tcon_fail;
- }
-
-- status = cli_rpc_pipe_open_noauth(cli, &ndr_table_lsarpc.syntax_id,
-+ status = cli_rpc_pipe_open_noauth(cli, &ndr_table_lsarpc,
- &p);
- if (!NT_STATUS_IS_OK(status)) {
- goto fail;
-@@ -187,14 +187,13 @@ static NTSTATUS cli_lsa_lookup_domain_sid(struct cli_state *cli,
- struct policy_handle handle;
- NTSTATUS status, result;
- TALLOC_CTX *frame = talloc_stackframe();
-- const struct ndr_syntax_id *lsarpc_syntax = &ndr_table_lsarpc.syntax_id;
-
- status = cli_tree_connect(cli, "IPC$", "?????", "", 0);
- if (!NT_STATUS_IS_OK(status)) {
- goto done;
- }
-
-- status = cli_rpc_pipe_open_noauth(cli, lsarpc_syntax, &rpc_pipe);
-+ status = cli_rpc_pipe_open_noauth(cli, &ndr_table_lsarpc, &rpc_pipe);
- if (!NT_STATUS_IS_OK(status)) {
- goto tdis;
- }
-diff --git a/source3/utils/smbcquotas.c b/source3/utils/smbcquotas.c
-index bf1f95c..2791b93 100644
---- a/source3/utils/smbcquotas.c
-+++ b/source3/utils/smbcquotas.c
-@@ -58,7 +58,7 @@ static bool cli_open_policy_hnd(void)
- NTSTATUS ret;
- cli_ipc = connect_one("IPC$");
- ret = cli_rpc_pipe_open_noauth(cli_ipc,
-- &ndr_table_lsarpc.syntax_id,
-+ &ndr_table_lsarpc,
- &global_pipe_hnd);
- if (!NT_STATUS_IS_OK(ret)) {
- return False;
-diff --git a/source3/utils/smbtree.c b/source3/utils/smbtree.c
-index 40b1f09..5c07b12 100644
---- a/source3/utils/smbtree.c
-+++ b/source3/utils/smbtree.c
-@@ -177,7 +177,7 @@ static bool get_rpc_shares(struct cli_state *cli,
- return False;
- }
-
-- status = cli_rpc_pipe_open_noauth(cli, &ndr_table_srvsvc.syntax_id,
-+ status = cli_rpc_pipe_open_noauth(cli, &ndr_table_srvsvc,
- &pipe_hnd);
-
- if (!NT_STATUS_IS_OK(status)) {
-diff --git a/source3/winbindd/winbindd_cm.c b/source3/winbindd/winbindd_cm.c
-index f17fc68..facef64 100644
---- a/source3/winbindd/winbindd_cm.c
-+++ b/source3/winbindd/winbindd_cm.c
-@@ -2078,7 +2078,7 @@ static void set_dc_type_and_flags_connect( struct winbindd_domain *domain )
- DEBUG(5, ("set_dc_type_and_flags_connect: domain %s\n", domain->name ));
-
- status = cli_rpc_pipe_open_noauth(domain->conn.cli,
-- &ndr_table_dssetup.syntax_id,
-+ &ndr_table_dssetup,
- &cli);
-
- if (!NT_STATUS_IS_OK(status)) {
-@@ -2129,7 +2129,7 @@ static void set_dc_type_and_flags_connect( struct winbindd_domain *domain )
-
- no_dssetup:
- status = cli_rpc_pipe_open_noauth(domain->conn.cli,
-- &ndr_table_lsarpc.syntax_id, &cli);
-+ &ndr_table_lsarpc, &cli);
-
- if (!NT_STATUS_IS_OK(status)) {
- DEBUG(5, ("set_dc_type_and_flags_connect: Could not bind to "
-@@ -2447,7 +2447,7 @@ NTSTATUS cm_connect_sam(struct winbindd_domain *domain, TALLOC_CTX *mem_ctx,
- anonymous:
-
- /* Finally fall back to anonymous. */
-- status = cli_rpc_pipe_open_noauth(conn->cli, &ndr_table_samr.syntax_id,
-+ status = cli_rpc_pipe_open_noauth(conn->cli, &ndr_table_samr,
- &conn->samr_pipe);
-
- if (!NT_STATUS_IS_OK(status)) {
-@@ -2674,7 +2674,7 @@ NTSTATUS cm_connect_lsa(struct winbindd_domain *domain, TALLOC_CTX *mem_ctx,
- anonymous:
-
- result = cli_rpc_pipe_open_noauth(conn->cli,
-- &ndr_table_lsarpc.syntax_id,
-+ &ndr_table_lsarpc,
- &conn->lsa_pipe);
- if (!NT_STATUS_IS_OK(result)) {
- result = NT_STATUS_PIPE_NOT_AVAILABLE;
-@@ -2765,7 +2765,7 @@ NTSTATUS cm_connect_netlogon(struct winbindd_domain *domain,
- TALLOC_FREE(conn->netlogon_pipe);
-
- result = cli_rpc_pipe_open_noauth(conn->cli,
-- &ndr_table_netlogon.syntax_id,
-+ &ndr_table_netlogon,
- &netlogon_pipe);
- if (!NT_STATUS_IS_OK(result)) {
- return result;
---
-1.9.3
-
-
-From fce35e003f655b3564ee4df5ebfe7f3e6ff6d188 Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?G=C3=BCnther=20Deschner?= <gd@samba.org>
-Date: Fri, 24 May 2013 13:33:03 +0200
-Subject: [PATCH 027/249] s3-rpc_cli: pass down ndr_interface_table to
- cli_rpc_pipe_open_noauth_transport().
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-Guenther
-
-Signed-off-by: Günther Deschner <gd@samba.org>
-Reviewed-by: Stefan Metzmacher <metze@samba.org>
-Reviewed-by: Andreas Schneider <asn@samba.org>
-(cherry picked from commit 9aa99c3cfb0ff7a290dd4df472a4ff30d0efcb76)
----
- source3/rpc_client/cli_pipe.c | 13 +++++++------
- source3/rpc_client/cli_pipe.h | 2 +-
- source3/rpcclient/rpcclient.c | 2 +-
- 3 files changed, 9 insertions(+), 8 deletions(-)
-
-diff --git a/source3/rpc_client/cli_pipe.c b/source3/rpc_client/cli_pipe.c
-index 1137abd..4523ab7 100644
---- a/source3/rpc_client/cli_pipe.c
-+++ b/source3/rpc_client/cli_pipe.c
-@@ -2865,14 +2865,14 @@ static NTSTATUS cli_rpc_pipe_open(struct cli_state *cli,
-
- NTSTATUS cli_rpc_pipe_open_noauth_transport(struct cli_state *cli,
- enum dcerpc_transport_t transport,
-- const struct ndr_syntax_id *interface,
-+ const struct ndr_interface_table *table,
- struct rpc_pipe_client **presult)
- {
- struct rpc_pipe_client *result;
- struct pipe_auth_data *auth;
- NTSTATUS status;
-
-- status = cli_rpc_pipe_open(cli, transport, interface, &result);
-+ status = cli_rpc_pipe_open(cli, transport, &table->syntax_id, &result);
- if (!NT_STATUS_IS_OK(status)) {
- return status;
- }
-@@ -2921,7 +2921,7 @@ NTSTATUS cli_rpc_pipe_open_noauth_transport(struct cli_state *cli,
- status = rpc_pipe_bind(result, auth);
- if (!NT_STATUS_IS_OK(status)) {
- int lvl = 0;
-- if (ndr_syntax_id_equal(interface,
-+ if (ndr_syntax_id_equal(&table->syntax_id,
- &ndr_table_dssetup.syntax_id)) {
- /* non AD domains just don't have this pipe, avoid
- * level 0 statement in that case - gd */
-@@ -2929,7 +2929,8 @@ NTSTATUS cli_rpc_pipe_open_noauth_transport(struct cli_state *cli,
- }
- DEBUG(lvl, ("cli_rpc_pipe_open_noauth: rpc_pipe_bind for pipe "
- "%s failed with error %s\n",
-- get_pipe_name_from_syntax(talloc_tos(), interface),
-+ get_pipe_name_from_syntax(talloc_tos(),
-+ &table->syntax_id),
- nt_errstr(status) ));
- TALLOC_FREE(result);
- return status;
-@@ -2937,7 +2938,7 @@ NTSTATUS cli_rpc_pipe_open_noauth_transport(struct cli_state *cli,
-
- DEBUG(10,("cli_rpc_pipe_open_noauth: opened pipe %s to machine "
- "%s and bound anonymously.\n",
-- get_pipe_name_from_syntax(talloc_tos(), interface),
-+ get_pipe_name_from_syntax(talloc_tos(), &table->syntax_id),
- result->desthost));
-
- *presult = result;
-@@ -2952,7 +2953,7 @@ NTSTATUS cli_rpc_pipe_open_noauth(struct cli_state *cli,
- struct rpc_pipe_client **presult)
- {
- return cli_rpc_pipe_open_noauth_transport(cli, NCACN_NP,
-- &table->syntax_id, presult);
-+ table, presult);
- }
-
- /****************************************************************************
-diff --git a/source3/rpc_client/cli_pipe.h b/source3/rpc_client/cli_pipe.h
-index 9aae61a..f37f8a9 100644
---- a/source3/rpc_client/cli_pipe.h
-+++ b/source3/rpc_client/cli_pipe.h
-@@ -82,7 +82,7 @@ NTSTATUS cli_rpc_pipe_open_noauth(struct cli_state *cli,
-
- NTSTATUS cli_rpc_pipe_open_noauth_transport(struct cli_state *cli,
- enum dcerpc_transport_t transport,
-- const struct ndr_syntax_id *interface,
-+ const struct ndr_interface_table *table,
- struct rpc_pipe_client **presult);
-
- NTSTATUS cli_rpc_pipe_open_generic_auth(struct cli_state *cli,
-diff --git a/source3/rpcclient/rpcclient.c b/source3/rpcclient/rpcclient.c
-index e3b35bb..c23ff2d 100644
---- a/source3/rpcclient/rpcclient.c
-+++ b/source3/rpcclient/rpcclient.c
-@@ -690,7 +690,7 @@ static NTSTATUS do_cmd(struct cli_state *cli,
- case DCERPC_AUTH_TYPE_NONE:
- ntresult = cli_rpc_pipe_open_noauth_transport(
- cli, default_transport,
-- &cmd_entry->table->syntax_id,
-+ cmd_entry->table,
- &cmd_entry->rpc_pipe);
- break;
- case DCERPC_AUTH_TYPE_SPNEGO:
---
-1.9.3
-
-
-From 0d85042853b635486912688102253b2f358b5056 Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?G=C3=BCnther=20Deschner?= <gd@samba.org>
-Date: Fri, 24 May 2013 13:38:01 +0200
-Subject: [PATCH 028/249] s3-rpc_cli: pass down ndr_interface_table to
- cli_rpc_pipe_open().
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-Guenther
-
-Signed-off-by: Günther Deschner <gd@samba.org>
-Reviewed-by: Stefan Metzmacher <metze@samba.org>
-Reviewed-by: Andreas Schneider <asn@samba.org>
-(cherry picked from commit 34cc4b409558f229fba24f59e81ef9100a851d24)
----
- source3/rpc_client/cli_pipe.c | 14 +++++++-------
- 1 file changed, 7 insertions(+), 7 deletions(-)
-
-diff --git a/source3/rpc_client/cli_pipe.c b/source3/rpc_client/cli_pipe.c
-index 4523ab7..4dc7345 100644
---- a/source3/rpc_client/cli_pipe.c
-+++ b/source3/rpc_client/cli_pipe.c
-@@ -2843,7 +2843,7 @@ static NTSTATUS rpc_pipe_open_np(struct cli_state *cli,
-
- static NTSTATUS cli_rpc_pipe_open(struct cli_state *cli,
- enum dcerpc_transport_t transport,
-- const struct ndr_syntax_id *interface,
-+ const struct ndr_interface_table *table,
- struct rpc_pipe_client **presult)
- {
- switch (transport) {
-@@ -2851,9 +2851,9 @@ static NTSTATUS cli_rpc_pipe_open(struct cli_state *cli,
- return rpc_pipe_open_tcp(NULL,
- smbXcli_conn_remote_name(cli->conn),
- smbXcli_conn_remote_sockaddr(cli->conn),
-- interface, presult);
-+ &table->syntax_id, presult);
- case NCACN_NP:
-- return rpc_pipe_open_np(cli, interface, presult);
-+ return rpc_pipe_open_np(cli, &table->syntax_id, presult);
- default:
- return NT_STATUS_NOT_IMPLEMENTED;
- }
-@@ -2872,7 +2872,7 @@ NTSTATUS cli_rpc_pipe_open_noauth_transport(struct cli_state *cli,
- struct pipe_auth_data *auth;
- NTSTATUS status;
-
-- status = cli_rpc_pipe_open(cli, transport, &table->syntax_id, &result);
-+ status = cli_rpc_pipe_open(cli, transport, table, &result);
- if (!NT_STATUS_IS_OK(status)) {
- return status;
- }
-@@ -2977,7 +2977,7 @@ NTSTATUS cli_rpc_pipe_open_generic_auth(struct cli_state *cli,
-
- NTSTATUS status;
-
-- status = cli_rpc_pipe_open(cli, transport, &table->syntax_id, &result);
-+ status = cli_rpc_pipe_open(cli, transport, table, &result);
- if (!NT_STATUS_IS_OK(status)) {
- return status;
- }
-@@ -3034,7 +3034,7 @@ NTSTATUS cli_rpc_pipe_open_schannel_with_key(struct cli_state *cli,
- struct pipe_auth_data *auth;
- NTSTATUS status;
-
-- status = cli_rpc_pipe_open(cli, transport, &table->syntax_id, &result);
-+ status = cli_rpc_pipe_open(cli, transport, table, &result);
- if (!NT_STATUS_IS_OK(status)) {
- return status;
- }
-@@ -3104,7 +3104,7 @@ NTSTATUS cli_rpc_pipe_open_spnego(struct cli_state *cli,
- return NT_STATUS_INVALID_PARAMETER;
- }
-
-- status = cli_rpc_pipe_open(cli, transport, &table->syntax_id, &result);
-+ status = cli_rpc_pipe_open(cli, transport, table, &result);
- if (!NT_STATUS_IS_OK(status)) {
- return status;
- }
---
-1.9.3
-
-
-From d5e312185a7adc8429f8caba29a9808ab7954a27 Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?G=C3=BCnther=20Deschner?= <gd@samba.org>
-Date: Fri, 24 May 2013 13:40:45 +0200
-Subject: [PATCH 029/249] s3-rpc_cli: pass down ndr_interface_table to
- rpc_pipe_open_np().
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-Guenther
-
-Signed-off-by: Günther Deschner <gd@samba.org>
-Reviewed-by: Stefan Metzmacher <metze@samba.org>
-Reviewed-by: Andreas Schneider <asn@samba.org>
-(cherry picked from commit 8cd3a060514ddcc178c938100edfb0b177c00c8c)
----
- source3/rpc_client/cli_pipe.c | 8 ++++----
- 1 file changed, 4 insertions(+), 4 deletions(-)
-
-diff --git a/source3/rpc_client/cli_pipe.c b/source3/rpc_client/cli_pipe.c
-index 4dc7345..0347d76 100644
---- a/source3/rpc_client/cli_pipe.c
-+++ b/source3/rpc_client/cli_pipe.c
-@@ -2775,7 +2775,7 @@ static int rpc_pipe_client_np_ref_destructor(struct rpc_pipe_client_np_ref *np_r
- ****************************************************************************/
-
- static NTSTATUS rpc_pipe_open_np(struct cli_state *cli,
-- const struct ndr_syntax_id *abstract_syntax,
-+ const struct ndr_interface_table *table,
- struct rpc_pipe_client **presult)
- {
- struct rpc_pipe_client *result;
-@@ -2793,7 +2793,7 @@ static NTSTATUS rpc_pipe_open_np(struct cli_state *cli,
- return NT_STATUS_NO_MEMORY;
- }
-
-- result->abstract_syntax = *abstract_syntax;
-+ result->abstract_syntax = table->syntax_id;
- result->transfer_syntax = ndr_transfer_syntax_ndr;
- result->desthost = talloc_strdup(result, smbXcli_conn_remote_name(cli->conn));
- result->srv_name_slash = talloc_asprintf_strupper_m(
-@@ -2807,7 +2807,7 @@ static NTSTATUS rpc_pipe_open_np(struct cli_state *cli,
- return NT_STATUS_NO_MEMORY;
- }
-
-- status = rpc_transport_np_init(result, cli, abstract_syntax,
-+ status = rpc_transport_np_init(result, cli, &table->syntax_id,
- &result->transport);
- if (!NT_STATUS_IS_OK(status)) {
- TALLOC_FREE(result);
-@@ -2853,7 +2853,7 @@ static NTSTATUS cli_rpc_pipe_open(struct cli_state *cli,
- smbXcli_conn_remote_sockaddr(cli->conn),
- &table->syntax_id, presult);
- case NCACN_NP:
-- return rpc_pipe_open_np(cli, &table->syntax_id, presult);
-+ return rpc_pipe_open_np(cli, table, presult);
- default:
- return NT_STATUS_NOT_IMPLEMENTED;
- }
---
-1.9.3
-
-
-From f1fa7838cb933fd0d390a56d823272f8528eb63c Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?G=C3=BCnther=20Deschner?= <gd@samba.org>
-Date: Fri, 24 May 2013 13:44:00 +0200
-Subject: [PATCH 030/249] s3-rpc_cli: pass down ndr_interface_table to
- rpc_pipe_open_tcp().
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-Guenther
-
-Signed-off-by: Günther Deschner <gd@samba.org>
-Reviewed-by: Stefan Metzmacher <metze@samba.org>
-Reviewed-by: Andreas Schneider <asn@samba.org>
-(cherry picked from commit 5c5cff0a722a0925ae75ea7aa11ede0d82d5b92d)
----
- source3/rpc_client/cli_pipe.c | 8 ++++----
- source3/rpc_client/cli_pipe.h | 2 +-
- source3/torture/rpc_open_tcp.c | 2 +-
- 3 files changed, 6 insertions(+), 6 deletions(-)
-
-diff --git a/source3/rpc_client/cli_pipe.c b/source3/rpc_client/cli_pipe.c
-index 0347d76..46adf69 100644
---- a/source3/rpc_client/cli_pipe.c
-+++ b/source3/rpc_client/cli_pipe.c
-@@ -2663,19 +2663,19 @@ done:
- */
- NTSTATUS rpc_pipe_open_tcp(TALLOC_CTX *mem_ctx, const char *host,
- const struct sockaddr_storage *addr,
-- const struct ndr_syntax_id *abstract_syntax,
-+ const struct ndr_interface_table *table,
- struct rpc_pipe_client **presult)
- {
- NTSTATUS status;
- uint16_t port = 0;
-
-- status = rpc_pipe_get_tcp_port(host, addr, abstract_syntax, &port);
-+ status = rpc_pipe_get_tcp_port(host, addr, &table->syntax_id, &port);
- if (!NT_STATUS_IS_OK(status)) {
- return status;
- }
-
- return rpc_pipe_open_tcp_port(mem_ctx, host, addr, port,
-- abstract_syntax, presult);
-+ &table->syntax_id, presult);
- }
-
- /********************************************************************
-@@ -2851,7 +2851,7 @@ static NTSTATUS cli_rpc_pipe_open(struct cli_state *cli,
- return rpc_pipe_open_tcp(NULL,
- smbXcli_conn_remote_name(cli->conn),
- smbXcli_conn_remote_sockaddr(cli->conn),
-- &table->syntax_id, presult);
-+ table, presult);
- case NCACN_NP:
- return rpc_pipe_open_np(cli, table, presult);
- default:
-diff --git a/source3/rpc_client/cli_pipe.h b/source3/rpc_client/cli_pipe.h
-index f37f8a9..6fcc587 100644
---- a/source3/rpc_client/cli_pipe.h
-+++ b/source3/rpc_client/cli_pipe.h
-@@ -67,7 +67,7 @@ NTSTATUS rpccli_schannel_bind_data(TALLOC_CTX *mem_ctx,
- NTSTATUS rpc_pipe_open_tcp(TALLOC_CTX *mem_ctx,
- const char *host,
- const struct sockaddr_storage *ss_addr,
-- const struct ndr_syntax_id *abstract_syntax,
-+ const struct ndr_interface_table *table,
- struct rpc_pipe_client **presult);
-
- NTSTATUS rpc_pipe_open_ncalrpc(TALLOC_CTX *mem_ctx, const char *socket_path,
-diff --git a/source3/torture/rpc_open_tcp.c b/source3/torture/rpc_open_tcp.c
-index d29f4cf..cd27b5f 100644
---- a/source3/torture/rpc_open_tcp.c
-+++ b/source3/torture/rpc_open_tcp.c
-@@ -95,7 +95,7 @@ int main(int argc, const char **argv)
- }
-
- status = rpc_pipe_open_tcp(mem_ctx, argv[2], NULL,
-- &((*table)->syntax_id),
-+ *table,
- &rpc_pipe);
- if (!NT_STATUS_IS_OK(status)) {
- d_printf("ERROR calling rpc_pipe_open_tcp(): %s\n",
---
-1.9.3
-
-
-From 67c01c15af1bbb98916e75f7cad61edcc13c2e2f Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?G=C3=BCnther=20Deschner?= <gd@samba.org>
-Date: Fri, 24 May 2013 13:46:07 +0200
-Subject: [PATCH 031/249] s3-rpc_cli: pass down ndr_interface_table to
- rpc_pipe_get_tcp_port().
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-Guenther
-
-Signed-off-by: Günther Deschner <gd@samba.org>
-Reviewed-by: Stefan Metzmacher <metze@samba.org>
-Reviewed-by: Andreas Schneider <asn@samba.org>
-(cherry picked from commit 0ff8c2d508949f732716e24047694cecf38597df)
----
- source3/rpc_client/cli_pipe.c | 10 +++++-----
- 1 file changed, 5 insertions(+), 5 deletions(-)
-
-diff --git a/source3/rpc_client/cli_pipe.c b/source3/rpc_client/cli_pipe.c
-index 46adf69..15e77db 100644
---- a/source3/rpc_client/cli_pipe.c
-+++ b/source3/rpc_client/cli_pipe.c
-@@ -2518,7 +2518,7 @@ static NTSTATUS rpc_pipe_open_tcp_port(TALLOC_CTX *mem_ctx, const char *host,
- */
- static NTSTATUS rpc_pipe_get_tcp_port(const char *host,
- const struct sockaddr_storage *addr,
-- const struct ndr_syntax_id *abstract_syntax,
-+ const struct ndr_interface_table *table,
- uint16_t *pport)
- {
- NTSTATUS status;
-@@ -2541,7 +2541,7 @@ static NTSTATUS rpc_pipe_get_tcp_port(const char *host,
- goto done;
- }
-
-- if (ndr_syntax_id_equal(abstract_syntax,
-+ if (ndr_syntax_id_equal(&table->syntax_id,
- &ndr_table_epmapper.syntax_id)) {
- *pport = 135;
- return NT_STATUS_OK;
-@@ -2576,7 +2576,7 @@ static NTSTATUS rpc_pipe_get_tcp_port(const char *host,
- }
-
- map_binding->transport = NCACN_IP_TCP;
-- map_binding->object = *abstract_syntax;
-+ map_binding->object = table->syntax_id;
- map_binding->host = host; /* needed? */
- map_binding->endpoint = "0"; /* correct? needed? */
-
-@@ -2612,7 +2612,7 @@ static NTSTATUS rpc_pipe_get_tcp_port(const char *host,
- status = dcerpc_epm_Map(epm_handle,
- tmp_ctx,
- discard_const_p(struct GUID,
-- &(abstract_syntax->uuid)),
-+ &(table->syntax_id.uuid)),
- map_tower,
- entry_handle,
- max_towers,
-@@ -2669,7 +2669,7 @@ NTSTATUS rpc_pipe_open_tcp(TALLOC_CTX *mem_ctx, const char *host,
- NTSTATUS status;
- uint16_t port = 0;
-
-- status = rpc_pipe_get_tcp_port(host, addr, &table->syntax_id, &port);
-+ status = rpc_pipe_get_tcp_port(host, addr, table, &port);
- if (!NT_STATUS_IS_OK(status)) {
- return status;
- }
---
-1.9.3
-
-
-From a032ff8c89e479792947af4315ed6eb59a69f8f5 Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?G=C3=BCnther=20Deschner?= <gd@samba.org>
-Date: Fri, 24 May 2013 13:47:16 +0200
-Subject: [PATCH 032/249] s3-rpc_cli: pass down ndr_interface_table to
- rpc_pipe_open_tcp_port().
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-Guenther
-
-Signed-off-by: Günther Deschner <gd@samba.org>
-Reviewed-by: Stefan Metzmacher <metze@samba.org>
-Reviewed-by: Andreas Schneider <asn@samba.org>
-(cherry picked from commit 7bdcfcb37c5b96ee6aa0cecffd89c6d17291fe62)
----
- source3/rpc_client/cli_pipe.c | 8 ++++----
- 1 file changed, 4 insertions(+), 4 deletions(-)
-
-diff --git a/source3/rpc_client/cli_pipe.c b/source3/rpc_client/cli_pipe.c
-index 15e77db..1b2955f 100644
---- a/source3/rpc_client/cli_pipe.c
-+++ b/source3/rpc_client/cli_pipe.c
-@@ -2447,7 +2447,7 @@ NTSTATUS rpccli_schannel_bind_data(TALLOC_CTX *mem_ctx, const char *domain,
- static NTSTATUS rpc_pipe_open_tcp_port(TALLOC_CTX *mem_ctx, const char *host,
- const struct sockaddr_storage *ss_addr,
- uint16_t port,
-- const struct ndr_syntax_id *abstract_syntax,
-+ const struct ndr_interface_table *table,
- struct rpc_pipe_client **presult)
- {
- struct rpc_pipe_client *result;
-@@ -2460,7 +2460,7 @@ static NTSTATUS rpc_pipe_open_tcp_port(TALLOC_CTX *mem_ctx, const char *host,
- return NT_STATUS_NO_MEMORY;
- }
-
-- result->abstract_syntax = *abstract_syntax;
-+ result->abstract_syntax = table->syntax_id;
- result->transfer_syntax = ndr_transfer_syntax_ndr;
-
- result->desthost = talloc_strdup(result, host);
-@@ -2549,7 +2549,7 @@ static NTSTATUS rpc_pipe_get_tcp_port(const char *host,
-
- /* open the connection to the endpoint mapper */
- status = rpc_pipe_open_tcp_port(tmp_ctx, host, addr, 135,
-- &ndr_table_epmapper.syntax_id,
-+ &ndr_table_epmapper,
- &epm_pipe);
-
- if (!NT_STATUS_IS_OK(status)) {
-@@ -2675,7 +2675,7 @@ NTSTATUS rpc_pipe_open_tcp(TALLOC_CTX *mem_ctx, const char *host,
- }
-
- return rpc_pipe_open_tcp_port(mem_ctx, host, addr, port,
-- &table->syntax_id, presult);
-+ table, presult);
- }
-
- /********************************************************************
---
-1.9.3
-
-
-From 0b4ae5ec146e35c364f01c033d6c22efb99b7314 Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?G=C3=BCnther=20Deschner?= <gd@samba.org>
-Date: Fri, 24 May 2013 13:52:05 +0200
-Subject: [PATCH 033/249] s3-rpc_cli: pass down ndr_interface_table to
- rpc_transport_np_init().
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-Guenther
-
-Signed-off-by: Günther Deschner <gd@samba.org>
-Reviewed-by: Stefan Metzmacher <metze@samba.org>
-Reviewed-by: Andreas Schneider <asn@samba.org>
-(cherry picked from commit c41b6e5c5e7fcdbd98c1eb2bea08378b47d343d4)
----
- source3/rpc_client/cli_pipe.c | 2 +-
- source3/rpc_client/rpc_transport.h | 2 +-
- source3/rpc_client/rpc_transport_np.c | 4 ++--
- 3 files changed, 4 insertions(+), 4 deletions(-)
-
-diff --git a/source3/rpc_client/cli_pipe.c b/source3/rpc_client/cli_pipe.c
-index 1b2955f..1fa8d91 100644
---- a/source3/rpc_client/cli_pipe.c
-+++ b/source3/rpc_client/cli_pipe.c
-@@ -2807,7 +2807,7 @@ static NTSTATUS rpc_pipe_open_np(struct cli_state *cli,
- return NT_STATUS_NO_MEMORY;
- }
-
-- status = rpc_transport_np_init(result, cli, &table->syntax_id,
-+ status = rpc_transport_np_init(result, cli, table,
- &result->transport);
- if (!NT_STATUS_IS_OK(status)) {
- TALLOC_FREE(result);
-diff --git a/source3/rpc_client/rpc_transport.h b/source3/rpc_client/rpc_transport.h
-index bc115dd..2b4a323 100644
---- a/source3/rpc_client/rpc_transport.h
-+++ b/source3/rpc_client/rpc_transport.h
-@@ -89,7 +89,7 @@ NTSTATUS rpc_transport_np_init_recv(struct tevent_req *req,
- TALLOC_CTX *mem_ctx,
- struct rpc_cli_transport **presult);
- NTSTATUS rpc_transport_np_init(TALLOC_CTX *mem_ctx, struct cli_state *cli,
-- const struct ndr_syntax_id *abstract_syntax,
-+ const struct ndr_interface_table *table,
- struct rpc_cli_transport **presult);
-
- /* The following definitions come from rpc_client/rpc_transport_sock.c */
-diff --git a/source3/rpc_client/rpc_transport_np.c b/source3/rpc_client/rpc_transport_np.c
-index f0696ad..7bd1ca3 100644
---- a/source3/rpc_client/rpc_transport_np.c
-+++ b/source3/rpc_client/rpc_transport_np.c
-@@ -152,7 +152,7 @@ NTSTATUS rpc_transport_np_init_recv(struct tevent_req *req,
- }
-
- NTSTATUS rpc_transport_np_init(TALLOC_CTX *mem_ctx, struct cli_state *cli,
-- const struct ndr_syntax_id *abstract_syntax,
-+ const struct ndr_interface_table *table,
- struct rpc_cli_transport **presult)
- {
- TALLOC_CTX *frame = talloc_stackframe();
-@@ -166,7 +166,7 @@ NTSTATUS rpc_transport_np_init(TALLOC_CTX *mem_ctx, struct cli_state *cli,
- goto fail;
- }
-
-- req = rpc_transport_np_init_send(frame, ev, cli, abstract_syntax);
-+ req = rpc_transport_np_init_send(frame, ev, cli, &table->syntax_id);
- if (req == NULL) {
- status = NT_STATUS_NO_MEMORY;
- goto fail;
---
-1.9.3
-
-
-From 739d05d91f23c4c6e17078c84192f30911cbdfcd Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?G=C3=BCnther=20Deschner?= <gd@samba.org>
-Date: Fri, 24 May 2013 13:56:53 +0200
-Subject: [PATCH 034/249] s3-rpc_cli: pass down ndr_interface_table to
- rpc_transport_np_init_send().
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-Guenther
-
-Signed-off-by: Günther Deschner <gd@samba.org>
-Reviewed-by: Stefan Metzmacher <metze@samba.org>
-Reviewed-by: Andreas Schneider <asn@samba.org>
-(cherry picked from commit b19e7e6638a5dd53e3c6e6701f78bf31184ed493)
----
- source3/rpc_client/rpc_transport.h | 2 +-
- source3/rpc_client/rpc_transport_np.c | 6 +++---
- 2 files changed, 4 insertions(+), 4 deletions(-)
-
-diff --git a/source3/rpc_client/rpc_transport.h b/source3/rpc_client/rpc_transport.h
-index 2b4a323..72e7609 100644
---- a/source3/rpc_client/rpc_transport.h
-+++ b/source3/rpc_client/rpc_transport.h
-@@ -84,7 +84,7 @@ struct cli_state;
- struct tevent_req *rpc_transport_np_init_send(TALLOC_CTX *mem_ctx,
- struct tevent_context *ev,
- struct cli_state *cli,
-- const struct ndr_syntax_id *abstract_syntax);
-+ const struct ndr_interface_table *table);
- NTSTATUS rpc_transport_np_init_recv(struct tevent_req *req,
- TALLOC_CTX *mem_ctx,
- struct rpc_cli_transport **presult);
-diff --git a/source3/rpc_client/rpc_transport_np.c b/source3/rpc_client/rpc_transport_np.c
-index 7bd1ca3..c0f313e 100644
---- a/source3/rpc_client/rpc_transport_np.c
-+++ b/source3/rpc_client/rpc_transport_np.c
-@@ -40,7 +40,7 @@ static void rpc_transport_np_init_pipe_open(struct tevent_req *subreq);
- struct tevent_req *rpc_transport_np_init_send(TALLOC_CTX *mem_ctx,
- struct tevent_context *ev,
- struct cli_state *cli,
-- const struct ndr_syntax_id *abstract_syntax)
-+ const struct ndr_interface_table *table)
- {
- struct tevent_req *req;
- struct rpc_transport_np_init_state *state;
-@@ -55,7 +55,7 @@ struct tevent_req *rpc_transport_np_init_send(TALLOC_CTX *mem_ctx,
- state->ev = ev;
- state->cli = cli;
- state->abs_timeout = timeval_current_ofs_msec(cli->timeout);
-- state->pipe_name = get_pipe_name_from_syntax(state, abstract_syntax);
-+ state->pipe_name = get_pipe_name_from_syntax(state, &table->syntax_id);
- if (tevent_req_nomem(state->pipe_name, req)) {
- return tevent_req_post(req, ev);
- }
-@@ -166,7 +166,7 @@ NTSTATUS rpc_transport_np_init(TALLOC_CTX *mem_ctx, struct cli_state *cli,
- goto fail;
- }
-
-- req = rpc_transport_np_init_send(frame, ev, cli, &table->syntax_id);
-+ req = rpc_transport_np_init_send(frame, ev, cli, table);
- if (req == NULL) {
- status = NT_STATUS_NO_MEMORY;
- goto fail;
---
-1.9.3
-
-
-From c5529ee9045c44114ab1716b05d3408baa1b4e42 Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?G=C3=BCnther=20Deschner?= <gd@samba.org>
-Date: Wed, 24 Sep 2008 11:04:42 +0200
-Subject: [PATCH 035/249] s3: libnet_join: add admin_domain.
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-Guenther
-
-Signed-off-by: Günther Deschner <gd@samba.org>
-Reviewed-by: Stefan Metzmacher <metze@samba.org>
-Reviewed-by: Andreas Schneider <asn@samba.org>
-(cherry picked from commit c11a79c5a054e862f61c97093fa2ce5e5040f111)
----
- source3/librpc/idl/libnet_join.idl | 2 ++
- 1 file changed, 2 insertions(+)
-
-diff --git a/source3/librpc/idl/libnet_join.idl b/source3/librpc/idl/libnet_join.idl
-index 4f28bb6..ac0a350 100644
---- a/source3/librpc/idl/libnet_join.idl
-+++ b/source3/librpc/idl/libnet_join.idl
-@@ -21,6 +21,7 @@ interface libnetjoin
- [in,ref] string *domain_name,
- [in] string account_ou,
- [in] string admin_account,
-+ [in] string admin_domain,
- [in,noprint] string admin_password,
- [in] string machine_password,
- [in] wkssvc_joinflags join_flags,
-@@ -51,6 +52,7 @@ interface libnetjoin
- [in] string domain_name,
- [in] string account_ou,
- [in] string admin_account,
-+ [in] string admin_domain,
- [in,noprint] string admin_password,
- [in] string machine_password,
- [in] wkssvc_joinflags unjoin_flags,
---
-1.9.3
-
-
-From a0d8f42ac44d279ae7bc599792cd1d564925dcbf Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?G=C3=BCnther=20Deschner?= <gd@samba.org>
-Date: Wed, 24 Sep 2008 11:05:37 +0200
-Subject: [PATCH 036/249] s3: libnet_join: use admin_domain in libnetjoin.
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-Guenther
-
-Signed-off-by: Günther Deschner <gd@samba.org>
-Reviewed-by: Stefan Metzmacher <metze@samba.org>
-Reviewed-by: Andreas Schneider <asn@samba.org>
-(cherry picked from commit cc0cbd4fdc6e07538d67cc41ca07bad1eaebf493)
----
- source3/libnet/libnet_join.c | 27 ++++++++++++++++++++++++++-
- 1 file changed, 26 insertions(+), 1 deletion(-)
-
-diff --git a/source3/libnet/libnet_join.c b/source3/libnet/libnet_join.c
-index 324c8f3..2253079 100644
---- a/source3/libnet/libnet_join.c
-+++ b/source3/libnet/libnet_join.c
-@@ -701,6 +701,7 @@ static bool libnet_join_joindomain_store_secrets(TALLOC_CTX *mem_ctx,
-
- static NTSTATUS libnet_join_connect_dc_ipc(const char *dc,
- const char *user,
-+ const char *domain,
- const char *pass,
- bool use_kerberos,
- struct cli_state **cli)
-@@ -720,7 +721,7 @@ static NTSTATUS libnet_join_connect_dc_ipc(const char *dc,
- NULL, 0,
- "IPC$", "IPC",
- user,
-- NULL,
-+ domain,
- pass,
- flags,
- SMB_SIGNING_DEFAULT);
-@@ -742,6 +743,7 @@ static NTSTATUS libnet_join_lookup_dc_rpc(TALLOC_CTX *mem_ctx,
-
- status = libnet_join_connect_dc_ipc(r->in.dc_name,
- r->in.admin_account,
-+ r->in.admin_domain,
- r->in.admin_password,
- r->in.use_kerberos,
- cli);
-@@ -1368,6 +1370,7 @@ static NTSTATUS libnet_join_unjoindomain_rpc(TALLOC_CTX *mem_ctx,
-
- status = libnet_join_connect_dc_ipc(r->in.dc_name,
- r->in.admin_account,
-+ r->in.admin_domain,
- r->in.admin_password,
- r->in.use_kerberos,
- &cli);
-@@ -1755,6 +1758,17 @@ static WERROR libnet_join_pre_processing(TALLOC_CTX *mem_ctx,
- return WERR_SETUP_DOMAIN_CONTROLLER;
- }
-
-+ if (!r->in.admin_domain) {
-+ char *admin_domain = NULL;
-+ char *admin_account = NULL;
-+ split_domain_user(mem_ctx,
-+ r->in.admin_account,
-+ &admin_domain,
-+ &admin_account);
-+ r->in.admin_domain = admin_domain;
-+ r->in.admin_account = admin_account;
-+ }
-+
- if (!secrets_init()) {
- libnet_join_set_error_string(mem_ctx, r,
- "Unable to open secrets database");
-@@ -2316,6 +2330,17 @@ static WERROR libnet_unjoin_pre_processing(TALLOC_CTX *mem_ctx,
- return WERR_SETUP_DOMAIN_CONTROLLER;
- }
-
-+ if (!r->in.admin_domain) {
-+ char *admin_domain = NULL;
-+ char *admin_account = NULL;
-+ split_domain_user(mem_ctx,
-+ r->in.admin_account,
-+ &admin_domain,
-+ &admin_account);
-+ r->in.admin_domain = admin_domain;
-+ r->in.admin_account = admin_account;
-+ }
-+
- if (!secrets_init()) {
- libnet_unjoin_set_error_string(mem_ctx, r,
- "Unable to open secrets database");
---
-1.9.3
-
-
-From 46f8496292a12b7acdd045d126b61fa9d8afee74 Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?G=C3=BCnther=20Deschner?= <gd@samba.org>
-Date: Thu, 6 Nov 2008 11:40:03 +0100
-Subject: [PATCH 037/249] s3-libnetjoin: add machine_name length check.
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-Guenther
-
-Signed-off-by: Günther Deschner <gd@samba.org>
-Reviewed-by: Stefan Metzmacher <metze@samba.org>
-Reviewed-by: Andreas Schneider <asn@samba.org>
-(cherry picked from commit c4d6d75cf48aed7b17728e283581366143fa4233)
----
- source3/libnet/libnet_join.c | 9 +++++++++
- 1 file changed, 9 insertions(+)
-
-diff --git a/source3/libnet/libnet_join.c b/source3/libnet/libnet_join.c
-index 2253079..b731d9b 100644
---- a/source3/libnet/libnet_join.c
-+++ b/source3/libnet/libnet_join.c
-@@ -1746,6 +1746,15 @@ static WERROR libnet_join_pre_processing(TALLOC_CTX *mem_ctx,
- return WERR_INVALID_PARAM;
- }
-
-+ if (strlen(r->in.machine_name) > 15) {
-+ libnet_join_set_error_string(mem_ctx, r,
-+ "Our netbios name can be at most 15 chars long, "
-+ "\"%s\" is %u chars long\n",
-+ r->in.machine_name,
-+ (unsigned int)strlen(r->in.machine_name));
-+ return WERR_INVALID_PARAM;
-+ }
-+
- if (!libnet_parse_domain_dc(mem_ctx, r->in.domain_name,
- &r->in.domain_name,
- &r->in.dc_name)) {
---
-1.9.3
-
-
-From a60cf7ddd4e2d41d92cdd35ab05f2d6a30b055c9 Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?G=C3=BCnther=20Deschner?= <gd@samba.org>
-Date: Thu, 6 Nov 2008 13:37:45 +0100
-Subject: [PATCH 038/249] s3-libnetjoin: move "net rpc oldjoin" to use
- libnetjoin.
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-Guenther
-
-Signed-off-by: Günther Deschner <gd@samba.org>
-Reviewed-by: Stefan Metzmacher <metze@samba.org>
-Reviewed-by: Andreas Schneider <asn@samba.org>
-(cherry picked from commit d398a12f7907866189c1b253ca6a40e5454f42a1)
----
- source3/utils/net_rpc.c | 182 ++++++++++++++++++++++--------------------------
- 1 file changed, 84 insertions(+), 98 deletions(-)
-
-diff --git a/source3/utils/net_rpc.c b/source3/utils/net_rpc.c
-index 69ff14d..720e9d2 100644
---- a/source3/utils/net_rpc.c
-+++ b/source3/utils/net_rpc.c
-@@ -37,6 +37,8 @@
- #include "secrets.h"
- #include "lib/netapi/netapi.h"
- #include "lib/netapi/netapi_net.h"
-+#include "librpc/gen_ndr/libnet_join.h"
-+#include "libnet/libnet_join.h"
- #include "rpc_client/init_lsa.h"
- #include "../libcli/security/security.h"
- #include "libsmb/libsmb.h"
-@@ -314,48 +316,46 @@ int net_rpc_changetrustpw(struct net_context *c, int argc, const char **argv)
- }
-
- /**
-- * Join a domain, the old way.
-+ * Join a domain, the old way. This function exists to allow
-+ * the message to be displayed when oldjoin was explicitly
-+ * requested, but not when it was implied by "net rpc join".
- *
- * This uses 'machinename' as the inital password, and changes it.
- *
- * The password should be created with 'server manager' or equiv first.
- *
-- * All parameters are provided by the run_rpc_command function, except for
-- * argc, argv which are passed through.
-- *
-- * @param domain_sid The domain sid acquired from the remote server.
-- * @param cli A cli_state connected to the server.
-- * @param mem_ctx Talloc context, destroyed on completion of the function.
- * @param argc Standard main() style argc.
- * @param argv Standard main() style argv. Initial components are already
- * stripped.
- *
-- * @return Normal NTSTATUS return.
-+ * @return A shell status integer (0 for success).
- **/
-
--static NTSTATUS rpc_oldjoin_internals(struct net_context *c,
-- const struct dom_sid *domain_sid,
-- const char *domain_name,
-- struct cli_state *cli,
-- struct rpc_pipe_client *pipe_hnd,
-- TALLOC_CTX *mem_ctx,
-- int argc,
-- const char **argv)
-+static int net_rpc_oldjoin(struct net_context *c, int argc, const char **argv)
- {
-+ struct libnet_JoinCtx *r = NULL;
-+ TALLOC_CTX *mem_ctx;
-+ WERROR werr;
-+ const char *domain = lp_workgroup(); /* FIXME */
-+ bool modify_config = lp_config_backend_is_registry();
-+ enum netr_SchannelType sec_chan_type;
-+ char *pw = NULL;
-
-- fstring trust_passwd;
-- unsigned char orig_trust_passwd_hash[16];
-- NTSTATUS result;
-- enum netr_SchannelType sec_channel_type;
-+ if (c->display_usage) {
-+ d_printf("Usage:\n"
-+ "net rpc oldjoin\n"
-+ " Join a domain the old way\n");
-+ return 0;
-+ }
-
-- result = cli_rpc_pipe_open_noauth(cli, &ndr_table_netlogon,
-- &pipe_hnd);
-- if (!NT_STATUS_IS_OK(result)) {
-- DEBUG(0,("rpc_oldjoin_internals: netlogon pipe open to machine %s failed. "
-- "error was %s\n",
-- smbXcli_conn_remote_name(cli->conn),
-- nt_errstr(result) ));
-- return result;
-+ mem_ctx = talloc_init("net_rpc_oldjoin");
-+ if (!mem_ctx) {
-+ return -1;
-+ }
-+
-+ werr = libnet_init_JoinCtx(mem_ctx, &r);
-+ if (!W_ERROR_IS_OK(werr)) {
-+ goto fail;
- }
-
- /*
-@@ -363,92 +363,78 @@ static NTSTATUS rpc_oldjoin_internals(struct net_context *c,
- a BDC, the server must agree that we are a BDC.
- */
- if (argc >= 0) {
-- sec_channel_type = get_sec_channel_type(argv[0]);
-+ sec_chan_type = get_sec_channel_type(argv[0]);
- } else {
-- sec_channel_type = get_sec_channel_type(NULL);
-+ sec_chan_type = get_sec_channel_type(NULL);
- }
-
-- fstrcpy(trust_passwd, lp_netbios_name());
-- if (!strlower_m(trust_passwd)) {
-- return NT_STATUS_UNSUCCESSFUL;
-+ if (!c->msg_ctx) {
-+ d_fprintf(stderr, _("Could not initialise message context. "
-+ "Try running as root\n"));
-+ werr = WERR_ACCESS_DENIED;
-+ goto fail;
- }
-
-- /*
-- * Machine names can be 15 characters, but the max length on
-- * a password is 14. --jerry
-- */
--
-- trust_passwd[14] = '\0';
--
-- E_md4hash(trust_passwd, orig_trust_passwd_hash);
--
-- result = trust_pw_change_and_store_it(pipe_hnd, mem_ctx, c->opt_target_workgroup,
-- lp_netbios_name(),
-- orig_trust_passwd_hash,
-- sec_channel_type);
--
-- if (NT_STATUS_IS_OK(result))
-- printf(_("Joined domain %s.\n"), c->opt_target_workgroup);
-+ pw = talloc_strndup(r, lp_netbios_name(), 14);
-+ if (pw == NULL) {
-+ werr = WERR_NOMEM;
-+ goto fail;
-+ }
-
-+ r->in.msg_ctx = c->msg_ctx;
-+ r->in.domain_name = domain;
-+ r->in.secure_channel_type = sec_chan_type;
-+ r->in.dc_name = c->opt_host;
-+ r->in.admin_account = "";
-+ r->in.admin_password = strlower_talloc(r, pw);
-+ if (r->in.admin_password == NULL) {
-+ werr = WERR_NOMEM;
-+ goto fail;
-+ }
-+ r->in.debug = true;
-+ r->in.modify_config = modify_config;
-+ r->in.join_flags = WKSSVC_JOIN_FLAGS_JOIN_TYPE |
-+ WKSSVC_JOIN_FLAGS_JOIN_UNSECURE |
-+ WKSSVC_JOIN_FLAGS_MACHINE_PWD_PASSED;
-
-- if (!secrets_store_domain_sid(c->opt_target_workgroup, domain_sid)) {
-- DEBUG(0, ("error storing domain sid for %s\n", c->opt_target_workgroup));
-- result = NT_STATUS_UNSUCCESSFUL;
-+ werr = libnet_Join(mem_ctx, r);
-+ if (!W_ERROR_IS_OK(werr)) {
-+ goto fail;
- }
-
-- return result;
--}
-+ /* Check the short name of the domain */
-
--/**
-- * Join a domain, the old way.
-- *
-- * @param argc Standard main() style argc.
-- * @param argv Standard main() style argv. Initial components are already
-- * stripped.
-- *
-- * @return A shell status integer (0 for success).
-- **/
-+ if (!modify_config && !strequal(lp_workgroup(), r->out.netbios_domain_name)) {
-+ d_printf("The workgroup in %s does not match the short\n", get_dyn_CONFIGFILE());
-+ d_printf("domain name obtained from the server.\n");
-+ d_printf("Using the name [%s] from the server.\n", r->out.netbios_domain_name);
-+ d_printf("You should set \"workgroup = %s\" in %s.\n",
-+ r->out.netbios_domain_name, get_dyn_CONFIGFILE());
-+ }
-
--static int net_rpc_perform_oldjoin(struct net_context *c, int argc, const char **argv)
--{
-- return run_rpc_command(c, NULL, &ndr_table_netlogon,
-- NET_FLAGS_NO_PIPE | NET_FLAGS_ANONYMOUS | NET_FLAGS_PDC,
-- rpc_oldjoin_internals,
-- argc, argv);
--}
-+ d_printf("Using short domain name -- %s\n", r->out.netbios_domain_name);
-
--/**
-- * Join a domain, the old way. This function exists to allow
-- * the message to be displayed when oldjoin was explicitly
-- * requested, but not when it was implied by "net rpc join".
-- *
-- * @param argc Standard main() style argc.
-- * @param argv Standard main() style argv. Initial components are already
-- * stripped.
-- *
-- * @return A shell status integer (0 for success).
-- **/
-+ if (r->out.dns_domain_name) {
-+ d_printf("Joined '%s' to realm '%s'\n", r->in.machine_name,
-+ r->out.dns_domain_name);
-+ } else {
-+ d_printf("Joined '%s' to domain '%s'\n", r->in.machine_name,
-+ r->out.netbios_domain_name);
-+ }
-
--static int net_rpc_oldjoin(struct net_context *c, int argc, const char **argv)
--{
-- int rc = -1;
-+ TALLOC_FREE(mem_ctx);
-
-- if (c->display_usage) {
-- d_printf( "%s\n"
-- "net rpc oldjoin\n"
-- " %s\n",
-- _("Usage:"),
-- _("Join a domain the old way"));
-- return 0;
-- }
-+ return 0;
-
-- rc = net_rpc_perform_oldjoin(c, argc, argv);
-+fail:
-+ /* issue an overall failure message at the end. */
-+ d_fprintf(stderr, _("Failed to join domain: %s\n"),
-+ r && r->out.error_string ? r->out.error_string :
-+ get_friendly_werror_msg(werr));
-
-- if (rc) {
-- d_fprintf(stderr, _("Failed to join domain\n"));
-- }
-+ TALLOC_FREE(mem_ctx);
-
-- return rc;
-+ return -1;
- }
-
- /**
-@@ -492,7 +478,7 @@ int net_rpc_join(struct net_context *c, int argc, const char **argv)
- return -1;
- }
-
-- if ((net_rpc_perform_oldjoin(c, argc, argv) == 0))
-+ if ((net_rpc_oldjoin(c, argc, argv) == 0))
- return 0;
-
- return net_rpc_join_newstyle(c, argc, argv);
---
-1.9.3
-
-
-From 3185251186366984b5ec06322c75cfda71dccdbc Mon Sep 17 00:00:00 2001
-From: Stefan Metzmacher <metze@samba.org>
-Date: Thu, 13 Jun 2013 19:12:27 +0200
-Subject: [PATCH 039/249] s3:libnet: let the caller truncate the pw in
- libnet_join_joindomain_rpc_unsecure()
-
-Signed-off-by: Stefan Metzmacher <metze@samba.org>
-Reviewed-by: Andreas Schneider <asn@samba.org>
-(cherry picked from commit 1242ab0cb3bf575b695b39313604af9d0a7f1b3a)
----
- source3/libnet/libnet_join.c | 15 +--------------
- 1 file changed, 1 insertion(+), 14 deletions(-)
-
-diff --git a/source3/libnet/libnet_join.c b/source3/libnet/libnet_join.c
-index b731d9b..d8ec235 100644
---- a/source3/libnet/libnet_join.c
-+++ b/source3/libnet/libnet_join.c
-@@ -818,7 +818,6 @@ static NTSTATUS libnet_join_joindomain_rpc_unsecure(TALLOC_CTX *mem_ctx,
- struct rpc_pipe_client *pipe_hnd = NULL;
- unsigned char orig_trust_passwd_hash[16];
- unsigned char new_trust_passwd_hash[16];
-- fstring trust_passwd;
- NTSTATUS status;
-
- status = cli_rpc_pipe_open_noauth(cli, &ndr_table_netlogon,
-@@ -837,19 +836,7 @@ static NTSTATUS libnet_join_joindomain_rpc_unsecure(TALLOC_CTX *mem_ctx,
- E_md4hash(r->in.machine_password, new_trust_passwd_hash);
-
- /* according to WKSSVC_JOIN_FLAGS_MACHINE_PWD_PASSED */
-- fstrcpy(trust_passwd, r->in.admin_password);
-- if (!strlower_m(trust_passwd)) {
-- return NT_STATUS_INVALID_PARAMETER;
-- }
--
-- /*
-- * Machine names can be 15 characters, but the max length on
-- * a password is 14. --jerry
-- */
--
-- trust_passwd[14] = '\0';
--
-- E_md4hash(trust_passwd, orig_trust_passwd_hash);
-+ E_md4hash(r->in.admin_password, orig_trust_passwd_hash);
-
- status = rpccli_netlogon_set_trust_password(pipe_hnd, mem_ctx,
- r->in.machine_name,
---
-1.9.3
-
-
-From e1e15a73a9a5215866f6471c5e583457c516b47e Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?G=C3=BCnther=20Deschner?= <gd@samba.org>
-Date: Tue, 3 Feb 2009 20:10:05 +0100
-Subject: [PATCH 040/249] s3-net: use libnetjoin for "net rpc testjoin".
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-Guenther
-
-Signed-off-by: Günther Deschner <gd@samba.org>
-Reviewed-by: Stefan Metzmacher <metze@samba.org>
-Reviewed-by: Andreas Schneider <asn@samba.org>
-(cherry picked from commit 9cfa6251600ddea0e821f2bd3fd359c28eb1b7f9)
----
- source3/utils/net_proto.h | 2 +-
- source3/utils/net_rpc.c | 66 ++++++++++++++++++++++++++++++++++++++++++++
- source3/utils/net_rpc_join.c | 29 -------------------
- 3 files changed, 67 insertions(+), 30 deletions(-)
-
-diff --git a/source3/utils/net_proto.h b/source3/utils/net_proto.h
-index 03fb312..d791708 100644
---- a/source3/utils/net_proto.h
-+++ b/source3/utils/net_proto.h
-@@ -145,6 +145,7 @@ int run_rpc_command(struct net_context *c,
- int argc,
- const char **argv);
- int net_rpc_changetrustpw(struct net_context *c, int argc, const char **argv);
-+int net_rpc_testjoin(struct net_context *c, int argc, const char **argv);
- int net_rpc_join(struct net_context *c, int argc, const char **argv);
- NTSTATUS rpc_info_internals(struct net_context *c,
- const struct dom_sid *domain_sid,
-@@ -205,7 +206,6 @@ NTSTATUS net_rpc_join_ok(struct net_context *c, const char *domain,
- const char *server,
- const struct sockaddr_storage *server_ss);
- int net_rpc_join_newstyle(struct net_context *c, int argc, const char **argv);
--int net_rpc_testjoin(struct net_context *c, int argc, const char **argv);
-
- /* The following definitions come from utils/net_rpc_printer.c */
-
-diff --git a/source3/utils/net_rpc.c b/source3/utils/net_rpc.c
-index 720e9d2..592be44 100644
---- a/source3/utils/net_rpc.c
-+++ b/source3/utils/net_rpc.c
-@@ -438,6 +438,72 @@ fail:
- }
-
- /**
-+ * check that a join is OK
-+ *
-+ * @return A shell status integer (0 for success)
-+ *
-+ **/
-+int net_rpc_testjoin(struct net_context *c, int argc, const char **argv)
-+{
-+ NTSTATUS status;
-+ TALLOC_CTX *mem_ctx;
-+ const char *domain = c->opt_target_workgroup;
-+ const char *dc = c->opt_host;
-+
-+ if (c->display_usage) {
-+ d_printf("Usage\n"
-+ "net rpc testjoin\n"
-+ " Test if a join is OK\n");
-+ return 0;
-+ }
-+
-+ mem_ctx = talloc_init("net_rpc_testjoin");
-+ if (!mem_ctx) {
-+ return -1;
-+ }
-+
-+ if (!dc) {
-+ struct netr_DsRGetDCNameInfo *info;
-+
-+ if (!c->msg_ctx) {
-+ d_fprintf(stderr, _("Could not initialise message context. "
-+ "Try running as root\n"));
-+ talloc_destroy(mem_ctx);
-+ return -1;
-+ }
-+
-+ status = dsgetdcname(mem_ctx,
-+ c->msg_ctx,
-+ domain,
-+ NULL,
-+ NULL,
-+ DS_RETURN_DNS_NAME,
-+ &info);
-+ if (!NT_STATUS_IS_OK(status)) {
-+ talloc_destroy(mem_ctx);
-+ return -1;
-+ }
-+
-+ dc = strip_hostname(info->dc_unc);
-+ }
-+
-+ /* Display success or failure */
-+ status = libnet_join_ok(c->opt_workgroup, lp_netbios_name(), dc,
-+ c->opt_kerberos);
-+ if (!NT_STATUS_IS_OK(status)) {
-+ fprintf(stderr,"Join to domain '%s' is not valid: %s\n",
-+ domain, nt_errstr(status));
-+ talloc_destroy(mem_ctx);
-+ return -1;
-+ }
-+
-+ printf("Join to '%s' is OK\n",domain);
-+ talloc_destroy(mem_ctx);
-+
-+ return 0;
-+}
-+
-+/**
- * 'net rpc join' entrypoint.
- * @param argc Standard main() style argc.
- * @param argv Standard main() style argv. Initial components are already
-diff --git a/source3/utils/net_rpc_join.c b/source3/utils/net_rpc_join.c
-index aabbe54..ee39a5c 100644
---- a/source3/utils/net_rpc_join.c
-+++ b/source3/utils/net_rpc_join.c
-@@ -561,32 +561,3 @@ done:
-
- return retval;
- }
--
--/**
-- * check that a join is OK
-- *
-- * @return A shell status integer (0 for success)
-- *
-- **/
--int net_rpc_testjoin(struct net_context *c, int argc, const char **argv)
--{
-- NTSTATUS nt_status;
--
-- if (c->display_usage) {
-- d_printf(_("Usage\n"
-- "net rpc testjoin\n"
-- " Test if a join is OK\n"));
-- return 0;
-- }
--
-- /* Display success or failure */
-- nt_status = net_rpc_join_ok(c, c->opt_target_workgroup, NULL, NULL);
-- if (!NT_STATUS_IS_OK(nt_status)) {
-- fprintf(stderr, _("Join to domain '%s' is not valid: %s\n"),
-- c->opt_target_workgroup, nt_errstr(nt_status));
-- return -1;
-- }
--
-- printf(_("Join to '%s' is OK\n"), c->opt_target_workgroup);
-- return 0;
--}
---
-1.9.3
-
-
-From a0474baa59c0991c2b2d8e3f425c9a6845162f45 Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?G=C3=BCnther=20Deschner?= <gd@samba.org>
-Date: Tue, 3 Feb 2009 20:21:05 +0100
-Subject: [PATCH 041/249] s3-net: use libnetjoin for "net rpc join" newstyle.
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-Guenther
-
-Signed-off-by: Günther Deschner <gd@samba.org>
-Reviewed-by: Stefan Metzmacher <metze@samba.org>
-Reviewed-by: Andreas Schneider <asn@samba.org>
-(cherry picked from commit 3e4ded48bbeacdcd128f3c667cbdd12a3efca312)
----
- source3/utils/net_proto.h | 8 +---
- source3/utils/net_rpc.c | 106 ++++++++++++++++++++++++++++++++++++++++++++++
- source3/wscript_build | 2 +-
- 3 files changed, 108 insertions(+), 8 deletions(-)
-
-diff --git a/source3/utils/net_proto.h b/source3/utils/net_proto.h
-index d791708..1809ba9 100644
---- a/source3/utils/net_proto.h
-+++ b/source3/utils/net_proto.h
-@@ -146,6 +146,7 @@ int run_rpc_command(struct net_context *c,
- const char **argv);
- int net_rpc_changetrustpw(struct net_context *c, int argc, const char **argv);
- int net_rpc_testjoin(struct net_context *c, int argc, const char **argv);
-+int net_rpc_join_newstyle(struct net_context *c, int argc, const char **argv);
- int net_rpc_join(struct net_context *c, int argc, const char **argv);
- NTSTATUS rpc_info_internals(struct net_context *c,
- const struct dom_sid *domain_sid,
-@@ -200,13 +201,6 @@ int net_rpc(struct net_context *c, int argc, const char **argv);
-
- int net_rpc_audit(struct net_context *c, int argc, const char **argv);
-
--/* The following definitions come from utils/net_rpc_join.c */
--
--NTSTATUS net_rpc_join_ok(struct net_context *c, const char *domain,
-- const char *server,
-- const struct sockaddr_storage *server_ss);
--int net_rpc_join_newstyle(struct net_context *c, int argc, const char **argv);
--
- /* The following definitions come from utils/net_rpc_printer.c */
-
- NTSTATUS net_copy_fileattr(struct net_context *c,
-diff --git a/source3/utils/net_rpc.c b/source3/utils/net_rpc.c
-index 592be44..6358460 100644
---- a/source3/utils/net_rpc.c
-+++ b/source3/utils/net_rpc.c
-@@ -504,6 +504,112 @@ int net_rpc_testjoin(struct net_context *c, int argc, const char **argv)
- }
-
- /**
-+ * Join a domain using the administrator username and password
-+ *
-+ * @param argc Standard main() style argc
-+ * @param argc Standard main() style argv. Initial components are already
-+ * stripped. Currently not used.
-+ * @return A shell status integer (0 for success)
-+ *
-+ **/
-+
-+int net_rpc_join_newstyle(struct net_context *c, int argc, const char **argv)
-+{
-+ struct libnet_JoinCtx *r = NULL;
-+ TALLOC_CTX *mem_ctx;
-+ WERROR werr;
-+ const char *domain = lp_workgroup(); /* FIXME */
-+ bool modify_config = lp_config_backend_is_registry();
-+ enum netr_SchannelType sec_chan_type;
-+
-+ if (c->display_usage) {
-+ d_printf("Usage:\n"
-+ "net rpc join\n"
-+ " Join a domain the new way\n");
-+ return 0;
-+ }
-+
-+ mem_ctx = talloc_init("net_rpc_join_newstyle");
-+ if (!mem_ctx) {
-+ return -1;
-+ }
-+
-+ werr = libnet_init_JoinCtx(mem_ctx, &r);
-+ if (!W_ERROR_IS_OK(werr)) {
-+ goto fail;
-+ }
-+
-+ /*
-+ check what type of join - if the user want's to join as
-+ a BDC, the server must agree that we are a BDC.
-+ */
-+ if (argc >= 0) {
-+ sec_chan_type = get_sec_channel_type(argv[0]);
-+ } else {
-+ sec_chan_type = get_sec_channel_type(NULL);
-+ }
-+
-+ if (!c->msg_ctx) {
-+ d_fprintf(stderr, _("Could not initialise message context. "
-+ "Try running as root\n"));
-+ werr = WERR_ACCESS_DENIED;
-+ goto fail;
-+ }
-+
-+ r->in.msg_ctx = c->msg_ctx;
-+ r->in.domain_name = domain;
-+ r->in.secure_channel_type = sec_chan_type;
-+ r->in.dc_name = c->opt_host;
-+ r->in.admin_account = c->opt_user_name;
-+ r->in.admin_password = net_prompt_pass(c, c->opt_user_name);
-+ r->in.debug = true;
-+ r->in.use_kerberos = c->opt_kerberos;
-+ r->in.modify_config = modify_config;
-+ r->in.join_flags = WKSSVC_JOIN_FLAGS_JOIN_TYPE |
-+ WKSSVC_JOIN_FLAGS_ACCOUNT_CREATE |
-+ WKSSVC_JOIN_FLAGS_DOMAIN_JOIN_IF_JOINED;
-+
-+ werr = libnet_Join(mem_ctx, r);
-+ if (!W_ERROR_IS_OK(werr)) {
-+ goto fail;
-+ }
-+
-+ /* Check the short name of the domain */
-+
-+ if (!modify_config && !strequal(lp_workgroup(), r->out.netbios_domain_name)) {
-+ d_printf("The workgroup in %s does not match the short\n", get_dyn_CONFIGFILE());
-+ d_printf("domain name obtained from the server.\n");
-+ d_printf("Using the name [%s] from the server.\n", r->out.netbios_domain_name);
-+ d_printf("You should set \"workgroup = %s\" in %s.\n",
-+ r->out.netbios_domain_name, get_dyn_CONFIGFILE());
-+ }
-+
-+ d_printf("Using short domain name -- %s\n", r->out.netbios_domain_name);
-+
-+ if (r->out.dns_domain_name) {
-+ d_printf("Joined '%s' to realm '%s'\n", r->in.machine_name,
-+ r->out.dns_domain_name);
-+ } else {
-+ d_printf("Joined '%s' to domain '%s'\n", r->in.machine_name,
-+ r->out.netbios_domain_name);
-+ }
-+
-+ TALLOC_FREE(mem_ctx);
-+
-+ return 0;
-+
-+fail:
-+ /* issue an overall failure message at the end. */
-+ d_printf("Failed to join domain: %s\n",
-+ r && r->out.error_string ? r->out.error_string :
-+ get_friendly_werror_msg(werr));
-+
-+ TALLOC_FREE(mem_ctx);
-+
-+ return -1;
-+}
-+
-+/**
- * 'net rpc join' entrypoint.
- * @param argc Standard main() style argc.
- * @param argv Standard main() style argv. Initial components are already
-diff --git a/source3/wscript_build b/source3/wscript_build
-index 9461b05..0bf84e2 100755
---- a/source3/wscript_build
-+++ b/source3/wscript_build
-@@ -507,7 +507,7 @@ LIBNET_SAMSYNC_SRC = '''libnet/libnet_samsync.c
-
- NET_SRC1 = '''utils/net.c utils/net_ads.c utils/net_help.c
- utils/net_rap.c utils/net_rpc.c utils/net_rpc_samsync.c
-- utils/net_rpc_join.c utils/net_time.c utils/net_lookup.c
-+ utils/net_time.c utils/net_lookup.c
- utils/net_cache.c utils/net_groupmap.c
- utils/net_idmap.c utils/net_idmap_check.c
- utils/interact.c
---
-1.9.3
-
-
-From b2aad96d2ffd5545c250cce605dfdb7f0852806c Mon Sep 17 00:00:00 2001
-From: Stefan Metzmacher <metze@samba.org>
-Date: Mon, 15 Jul 2013 13:28:34 +0200
-Subject: [PATCH 042/249] s3-net: avoid confusing output in net_rpc_oldjoin()
- if NET_FLAGS_EXPECT_FALLBACK is passed
-
-"net rpc join" tries net_rpc_oldjoin() first and falls back to
-net_rpc_join_newstyle(). We should not print the join failed
-if just net_rpc_oldjoin() failed.
-
-Signed-off-by: Stefan Metzmacher <metze@samba.org>
-Reviewed-by: Andreas Schneider <asn@samba.org>
-(cherry picked from commit 05d9b4165af9e7f03d3fbeb64db4fc305fcec4df)
----
- source3/utils/net.h | 1 +
- source3/utils/net_proto.h | 1 -
- source3/utils/net_rpc.c | 15 +++++++++++++--
- 3 files changed, 14 insertions(+), 3 deletions(-)
-
-diff --git a/source3/utils/net.h b/source3/utils/net.h
-index 2056d89..e97734a 100644
---- a/source3/utils/net.h
-+++ b/source3/utils/net.h
-@@ -182,6 +182,7 @@ enum netdom_domain_t { ND_TYPE_NT4, ND_TYPE_AD };
- #define NET_FLAGS_SIGN 0x00000040 /* sign RPC connection */
- #define NET_FLAGS_SEAL 0x00000080 /* seal RPC connection */
- #define NET_FLAGS_TCP 0x00000100 /* use ncacn_ip_tcp */
-+#define NET_FLAGS_EXPECT_FALLBACK 0x00000200 /* the caller will fallback */
-
- /* net share operation modes */
- #define NET_MODE_SHARE_MIGRATE 1
-diff --git a/source3/utils/net_proto.h b/source3/utils/net_proto.h
-index 1809ba9..25e9db2 100644
---- a/source3/utils/net_proto.h
-+++ b/source3/utils/net_proto.h
-@@ -146,7 +146,6 @@ int run_rpc_command(struct net_context *c,
- const char **argv);
- int net_rpc_changetrustpw(struct net_context *c, int argc, const char **argv);
- int net_rpc_testjoin(struct net_context *c, int argc, const char **argv);
--int net_rpc_join_newstyle(struct net_context *c, int argc, const char **argv);
- int net_rpc_join(struct net_context *c, int argc, const char **argv);
- NTSTATUS rpc_info_internals(struct net_context *c,
- const struct dom_sid *domain_sid,
-diff --git a/source3/utils/net_rpc.c b/source3/utils/net_rpc.c
-index 6358460..dff8801 100644
---- a/source3/utils/net_rpc.c
-+++ b/source3/utils/net_rpc.c
-@@ -427,11 +427,16 @@ static int net_rpc_oldjoin(struct net_context *c, int argc, const char **argv)
- return 0;
-
- fail:
-+ if (c->opt_flags & NET_FLAGS_EXPECT_FALLBACK) {
-+ goto cleanup;
-+ }
-+
- /* issue an overall failure message at the end. */
- d_fprintf(stderr, _("Failed to join domain: %s\n"),
- r && r->out.error_string ? r->out.error_string :
- get_friendly_werror_msg(werr));
-
-+cleanup:
- TALLOC_FREE(mem_ctx);
-
- return -1;
-@@ -513,7 +518,7 @@ int net_rpc_testjoin(struct net_context *c, int argc, const char **argv)
- *
- **/
-
--int net_rpc_join_newstyle(struct net_context *c, int argc, const char **argv)
-+static int net_rpc_join_newstyle(struct net_context *c, int argc, const char **argv)
- {
- struct libnet_JoinCtx *r = NULL;
- TALLOC_CTX *mem_ctx;
-@@ -623,6 +628,8 @@ fail:
-
- int net_rpc_join(struct net_context *c, int argc, const char **argv)
- {
-+ int ret;
-+
- if (c->display_usage) {
- d_printf("%s\n%s",
- _("Usage:"),
-@@ -650,8 +657,12 @@ int net_rpc_join(struct net_context *c, int argc, const char **argv)
- return -1;
- }
-
-- if ((net_rpc_oldjoin(c, argc, argv) == 0))
-+ c->opt_flags |= NET_FLAGS_EXPECT_FALLBACK;
-+ ret = net_rpc_oldjoin(c, argc, argv);
-+ c->opt_flags &= ~NET_FLAGS_EXPECT_FALLBACK;
-+ if (ret == 0) {
- return 0;
-+ }
-
- return net_rpc_join_newstyle(c, argc, argv);
- }
---
-1.9.3
-
-
-From 8e8a2602d1c793f9a46e5219dea91a46e34d24ca Mon Sep 17 00:00:00 2001
-From: Stefan Metzmacher <metze@samba.org>
-Date: Tue, 16 Jul 2013 10:07:30 +0200
-Subject: [PATCH 043/249] s4:librpc: fix netlogon connections against servers
- without AES support
-
-LogonGetCapabilities() only works on the credential chain if
-the server supports AES, so we need to work on a temporary copy
-until we know the server replied a valid return authenticator.
-
-Signed-off-by: Stefan Metzmacher <metze@samba.org>
-Reviewed-by: Andreas Schneider <asn@samba.org>
-(cherry picked from commit 34fa7946993506fde2c6b30e4a41bea27390a814)
----
- source4/librpc/rpc/dcerpc_schannel.c | 8 ++++++--
- 1 file changed, 6 insertions(+), 2 deletions(-)
-
-diff --git a/source4/librpc/rpc/dcerpc_schannel.c b/source4/librpc/rpc/dcerpc_schannel.c
-index 1480486..130ebeb 100644
---- a/source4/librpc/rpc/dcerpc_schannel.c
-+++ b/source4/librpc/rpc/dcerpc_schannel.c
-@@ -385,6 +385,7 @@ struct auth_schannel_state {
- struct loadparm_context *lp_ctx;
- uint8_t auth_level;
- struct netlogon_creds_CredentialState *creds_state;
-+ struct netlogon_creds_CredentialState save_creds_state;
- struct netr_Authenticator auth;
- struct netr_Authenticator return_auth;
- union netr_Capabilities capabilities;
-@@ -449,7 +450,8 @@ static void continue_bind_auth(struct composite_context *ctx)
- s->creds_state = cli_credentials_get_netlogon_creds(s->credentials);
- if (composite_nomem(s->creds_state, c)) return;
-
-- netlogon_creds_client_authenticator(s->creds_state, &s->auth);
-+ s->save_creds_state = *s->creds_state;
-+ netlogon_creds_client_authenticator(&s->save_creds_state, &s->auth);
-
- s->c.in.server_name = talloc_asprintf(c,
- "\\\\%s",
-@@ -519,12 +521,14 @@ static void continue_get_capabilities(struct tevent_req *subreq)
- }
-
- /* verify credentials */
-- if (!netlogon_creds_client_check(s->creds_state,
-+ if (!netlogon_creds_client_check(&s->save_creds_state,
- &s->c.out.return_authenticator->cred)) {
- composite_error(c, NT_STATUS_UNSUCCESSFUL);
- return;
- }
-
-+ *s->creds_state = s->save_creds_state;
-+
- if (!NT_STATUS_IS_OK(s->c.out.result)) {
- composite_error(c, s->c.out.result);
- return;
---
-1.9.3
-
-
-From 300fb415d5a6a60702b0c8464e0e76cf0e11fdeb Mon Sep 17 00:00:00 2001
-From: Stefan Metzmacher <metze@samba.org>
-Date: Fri, 22 Mar 2013 15:07:10 +0100
-Subject: [PATCH 044/249] s3:rpcclient: use talloc_stackframe() in do_cmd()
-
-Signed-off-by: Stefan Metzmacher <metze@samba.org>
-Reviewed-by: Andreas Schneider <asn@samba.org>
-(cherry picked from commit d54c908ff5bef774f5cca038741558089ff6baeb)
----
- source3/rpcclient/rpcclient.c | 8 ++++++--
- 1 file changed, 6 insertions(+), 2 deletions(-)
-
-diff --git a/source3/rpcclient/rpcclient.c b/source3/rpcclient/rpcclient.c
-index c23ff2d..9bf296e 100644
---- a/source3/rpcclient/rpcclient.c
-+++ b/source3/rpcclient/rpcclient.c
-@@ -678,7 +678,7 @@ static NTSTATUS do_cmd(struct cli_state *cli,
-
- /* Create mem_ctx */
-
-- if (!(mem_ctx = talloc_init("do_cmd"))) {
-+ if (!(mem_ctx = talloc_stackframe())) {
- DEBUG(0, ("talloc_init() failed\n"));
- return NT_STATUS_NO_MEMORY;
- }
-@@ -745,12 +745,14 @@ static NTSTATUS do_cmd(struct cli_state *cli,
- "auth type %u\n",
- cmd_entry->table->name,
- pipe_default_auth_type ));
-+ talloc_free(mem_ctx);
- return NT_STATUS_UNSUCCESSFUL;
- }
- if (!NT_STATUS_IS_OK(ntresult)) {
- DEBUG(0, ("Could not initialise %s. Error was %s\n",
- cmd_entry->table->name,
- nt_errstr(ntresult) ));
-+ talloc_free(mem_ctx);
- return ntresult;
- }
-
-@@ -765,6 +767,7 @@ static NTSTATUS do_cmd(struct cli_state *cli,
- trust_password, &machine_account,
- &sec_channel_type))
- {
-+ talloc_free(mem_ctx);
- return NT_STATUS_CANT_ACCESS_DOMAIN_INFO;
- }
-
-@@ -780,6 +783,7 @@ static NTSTATUS do_cmd(struct cli_state *cli,
- if (!NT_STATUS_IS_OK(ntresult)) {
- DEBUG(0, ("Could not initialise credentials for %s.\n",
- cmd_entry->table->name));
-+ talloc_free(mem_ctx);
- return ntresult;
- }
- }
-@@ -803,7 +807,7 @@ static NTSTATUS do_cmd(struct cli_state *cli,
-
- /* Cleanup */
-
-- talloc_destroy(mem_ctx);
-+ talloc_free(mem_ctx);
-
- return ntresult;
- }
---
-1.9.3
-
-
-From 95972ec54aafcf8a66e0164cd1fb478b6f4c58f6 Mon Sep 17 00:00:00 2001
-From: Stefan Metzmacher <metze@samba.org>
-Date: Wed, 24 Apr 2013 12:36:04 +0200
-Subject: [PATCH 045/249] libcli/auth: make
- netlogon_creds_crypt_samlogon_validation more robust
-
-Signed-off-by: Stefan Metzmacher <metze@samba.org>
-Reviewed-by: Andreas Schneider <asn@samba.org>
-(cherry picked from commit 39fedd27182d9e1985418ea79b86aef69999dd57)
----
- libcli/auth/credentials.c | 6 +++++-
- 1 file changed, 5 insertions(+), 1 deletion(-)
-
-diff --git a/libcli/auth/credentials.c b/libcli/auth/credentials.c
-index fb77ede..5c8b25b 100644
---- a/libcli/auth/credentials.c
-+++ b/libcli/auth/credentials.c
-@@ -493,8 +493,12 @@ static void netlogon_creds_crypt_samlogon_validation(struct netlogon_creds_Crede
- bool encrypt)
- {
- static const char zeros[16];
--
- struct netr_SamBaseInfo *base = NULL;
-+
-+ if (validation == NULL) {
-+ return;
-+ }
-+
- switch (validation_level) {
- case 2:
- if (validation->sam2) {
---
-1.9.3
-
-
-From ac092a319c388cc2577bcbd87e16522ba37dc2d0 Mon Sep 17 00:00:00 2001
-From: Stefan Metzmacher <metze@samba.org>
-Date: Fri, 14 Jun 2013 09:47:50 +0200
-Subject: [PATCH 046/249] libcli/auth: fix shadowed declaration in
- netlogon_creds_crypt_samlogon_validation()
-
-Signed-off-by: Stefan Metzmacher <metze@samba.org>
-Reviewed-by: Andreas Schneider <asn@samba.org>
-(cherry picked from commit 291f6a1e031dc9db7d03b3ca924c4309b313cae5)
----
- libcli/auth/credentials.c | 8 ++++----
- 1 file changed, 4 insertions(+), 4 deletions(-)
-
-diff --git a/libcli/auth/credentials.c b/libcli/auth/credentials.c
-index 5c8b25b..2e9c87e 100644
---- a/libcli/auth/credentials.c
-+++ b/libcli/auth/credentials.c
-@@ -490,7 +490,7 @@ NTSTATUS netlogon_creds_server_step_check(struct netlogon_creds_CredentialState
- static void netlogon_creds_crypt_samlogon_validation(struct netlogon_creds_CredentialState *creds,
- uint16_t validation_level,
- union netr_Validation *validation,
-- bool encrypt)
-+ bool do_encrypt)
- {
- static const char zeros[16];
- struct netr_SamBaseInfo *base = NULL;
-@@ -531,7 +531,7 @@ static void netlogon_creds_crypt_samlogon_validation(struct netlogon_creds_Crede
- /* Don't crypt an all-zero key, it would give away the NETLOGON pipe session key */
- if (memcmp(base->key.key, zeros,
- sizeof(base->key.key)) != 0) {
-- if (encrypt) {
-+ if (do_encrypt) {
- netlogon_creds_aes_encrypt(creds,
- base->key.key,
- sizeof(base->key.key));
-@@ -544,7 +544,7 @@ static void netlogon_creds_crypt_samlogon_validation(struct netlogon_creds_Crede
-
- if (memcmp(base->LMSessKey.key, zeros,
- sizeof(base->LMSessKey.key)) != 0) {
-- if (encrypt) {
-+ if (do_encrypt) {
- netlogon_creds_aes_encrypt(creds,
- base->LMSessKey.key,
- sizeof(base->LMSessKey.key));
-@@ -574,7 +574,7 @@ static void netlogon_creds_crypt_samlogon_validation(struct netlogon_creds_Crede
- /* Don't crypt an all-zero key, it would give away the NETLOGON pipe session key */
- if (memcmp(base->LMSessKey.key, zeros,
- sizeof(base->LMSessKey.key)) != 0) {
-- if (encrypt) {
-+ if (do_encrypt) {
- netlogon_creds_des_encrypt_LMKey(creds,
- &base->LMSessKey);
- } else {
---
-1.9.3
-
-
-From c535bfb9ead2175ae68b9d18a1692218a0fcf800 Mon Sep 17 00:00:00 2001
-From: Stefan Metzmacher <metze@samba.org>
-Date: Thu, 25 Apr 2013 17:01:00 +0200
-Subject: [PATCH 047/249] libcli/auth: add
- netlogon_creds_[de|en]crypt_samlogon_logon()
-
-Signed-off-by: Stefan Metzmacher <metze@samba.org>
-Reviewed-by: Andreas Schneider <asn@samba.org>
-(cherry picked from commit c7319fce604d5f89a89094b6b18ef459a347aef8)
----
- libcli/auth/credentials.c | 118 ++++++++++++++++++++++++++++++++++++++++++++++
- libcli/auth/proto.h | 6 +++
- 2 files changed, 124 insertions(+)
-
-diff --git a/libcli/auth/credentials.c b/libcli/auth/credentials.c
-index 2e9c87e..78a8d7a 100644
---- a/libcli/auth/credentials.c
-+++ b/libcli/auth/credentials.c
-@@ -601,6 +601,124 @@ void netlogon_creds_encrypt_samlogon_validation(struct netlogon_creds_Credential
- validation, true);
- }
-
-+static void netlogon_creds_crypt_samlogon_logon(struct netlogon_creds_CredentialState *creds,
-+ enum netr_LogonInfoClass level,
-+ union netr_LogonLevel *logon,
-+ bool encrypt)
-+{
-+ static const char zeros[16];
-+
-+ if (logon == NULL) {
-+ return;
-+ }
-+
-+ switch (level) {
-+ case NetlogonInteractiveInformation:
-+ case NetlogonInteractiveTransitiveInformation:
-+ case NetlogonServiceInformation:
-+ case NetlogonServiceTransitiveInformation:
-+ if (logon->password == NULL) {
-+ return;
-+ }
-+
-+ if (creds->negotiate_flags & NETLOGON_NEG_SUPPORTS_AES) {
-+ uint8_t *h;
-+
-+ h = logon->password->lmpassword.hash;
-+ if (memcmp(h, zeros, 16) != 0) {
-+ if (encrypt) {
-+ netlogon_creds_aes_encrypt(creds, h, 16);
-+ } else {
-+ netlogon_creds_aes_decrypt(creds, h, 16);
-+ }
-+ }
-+
-+ h = logon->password->ntpassword.hash;
-+ if (memcmp(h, zeros, 16) != 0) {
-+ if (encrypt) {
-+ netlogon_creds_aes_encrypt(creds, h, 16);
-+ } else {
-+ netlogon_creds_aes_decrypt(creds, h, 16);
-+ }
-+ }
-+ } else if (creds->negotiate_flags & NETLOGON_NEG_ARCFOUR) {
-+ uint8_t *h;
-+
-+ h = logon->password->lmpassword.hash;
-+ if (memcmp(h, zeros, 16) != 0) {
-+ netlogon_creds_arcfour_crypt(creds, h, 16);
-+ }
-+
-+ h = logon->password->ntpassword.hash;
-+ if (memcmp(h, zeros, 16) != 0) {
-+ netlogon_creds_arcfour_crypt(creds, h, 16);
-+ }
-+ } else {
-+ struct samr_Password *p;
-+
-+ p = &logon->password->lmpassword;
-+ if (memcmp(p->hash, zeros, 16) != 0) {
-+ if (encrypt) {
-+ netlogon_creds_des_encrypt(creds, p);
-+ } else {
-+ netlogon_creds_des_decrypt(creds, p);
-+ }
-+ }
-+ p = &logon->password->ntpassword;
-+ if (memcmp(p->hash, zeros, 16) != 0) {
-+ if (encrypt) {
-+ netlogon_creds_des_encrypt(creds, p);
-+ } else {
-+ netlogon_creds_des_decrypt(creds, p);
-+ }
-+ }
-+ }
-+ break;
-+
-+ case NetlogonNetworkInformation:
-+ case NetlogonNetworkTransitiveInformation:
-+ break;
-+
-+ case NetlogonGenericInformation:
-+ if (logon->generic == NULL) {
-+ return;
-+ }
-+
-+ if (creds->negotiate_flags & NETLOGON_NEG_SUPPORTS_AES) {
-+ if (encrypt) {
-+ netlogon_creds_aes_encrypt(creds,
-+ logon->generic->data,
-+ logon->generic->length);
-+ } else {
-+ netlogon_creds_aes_decrypt(creds,
-+ logon->generic->data,
-+ logon->generic->length);
-+ }
-+ } else if (creds->negotiate_flags & NETLOGON_NEG_ARCFOUR) {
-+ netlogon_creds_arcfour_crypt(creds,
-+ logon->generic->data,
-+ logon->generic->length);
-+ } else {
-+ /* Using DES to verify kerberos tickets makes no sense */
-+ }
-+ break;
-+ }
-+}
-+
-+void netlogon_creds_decrypt_samlogon_logon(struct netlogon_creds_CredentialState *creds,
-+ enum netr_LogonInfoClass level,
-+ union netr_LogonLevel *logon)
-+{
-+ netlogon_creds_crypt_samlogon_logon(creds, level, logon, false);
-+}
-+
-+void netlogon_creds_encrypt_samlogon_logon(struct netlogon_creds_CredentialState *creds,
-+ enum netr_LogonInfoClass level,
-+ union netr_LogonLevel *logon)
-+{
-+ netlogon_creds_crypt_samlogon_logon(creds, level, logon, true);
-+}
-+
- /*
- copy a netlogon_creds_CredentialState struct
- */
-diff --git a/libcli/auth/proto.h b/libcli/auth/proto.h
-index 6bc18d7..110e039 100644
---- a/libcli/auth/proto.h
-+++ b/libcli/auth/proto.h
-@@ -64,6 +64,12 @@ void netlogon_creds_decrypt_samlogon_validation(struct netlogon_creds_Credential
- void netlogon_creds_encrypt_samlogon_validation(struct netlogon_creds_CredentialState *creds,
- uint16_t validation_level,
- union netr_Validation *validation);
-+void netlogon_creds_decrypt_samlogon_logon(struct netlogon_creds_CredentialState *creds,
-+ enum netr_LogonInfoClass level,
-+ union netr_LogonLevel *logon);
-+void netlogon_creds_encrypt_samlogon_logon(struct netlogon_creds_CredentialState *creds,
-+ enum netr_LogonInfoClass level,
-+ union netr_LogonLevel *logon);
-
- /* The following definitions come from /home/jeremy/src/samba/git/master/source3/../source4/../libcli/auth/session.c */
-
---
-1.9.3
-
-
-From d4f36f187d7c87c8daae3f94cdba52225faa19b8 Mon Sep 17 00:00:00 2001
-From: Stefan Metzmacher <metze@samba.org>
-Date: Wed, 24 Apr 2013 12:53:27 +0200
-Subject: [PATCH 048/249] libcli/auth: add netlogon_creds_shallow_copy_logon()
-
-This can be used before netlogon_creds_encrypt_samlogon_logon()
-in order to keep the provided buffers unchanged.
-
-Signed-off-by: Stefan Metzmacher <metze@samba.org>
-Reviewed-by: Andreas Schneider <asn@samba.org>
-(cherry picked from commit 2ea749a1a43a6539b01d36dbe0402a99619444e1)
----
- libcli/auth/credentials.c | 73 +++++++++++++++++++++++++++++++++++++++++++++++
- libcli/auth/proto.h | 3 ++
- 2 files changed, 76 insertions(+)
-
-diff --git a/libcli/auth/credentials.c b/libcli/auth/credentials.c
-index 78a8d7a..1f664d3 100644
---- a/libcli/auth/credentials.c
-+++ b/libcli/auth/credentials.c
-@@ -719,6 +719,79 @@ void netlogon_creds_encrypt_samlogon_logon(struct netlogon_creds_CredentialState
- netlogon_creds_crypt_samlogon_logon(creds, level, logon, true);
- }
-
-+union netr_LogonLevel *netlogon_creds_shallow_copy_logon(TALLOC_CTX *mem_ctx,
-+ enum netr_LogonInfoClass level,
-+ const union netr_LogonLevel *in)
-+{
-+ union netr_LogonLevel *out;
-+
-+ if (in == NULL) {
-+ return NULL;
-+ }
-+
-+ out = talloc(mem_ctx, union netr_LogonLevel);
-+ if (out == NULL) {
-+ return NULL;
-+ }
-+
-+ *out = *in;
-+
-+ switch (level) {
-+ case NetlogonInteractiveInformation:
-+ case NetlogonInteractiveTransitiveInformation:
-+ case NetlogonServiceInformation:
-+ case NetlogonServiceTransitiveInformation:
-+ if (in->password == NULL) {
-+ return out;
-+ }
-+
-+ out->password = talloc(out, struct netr_PasswordInfo);
-+ if (out->password == NULL) {
-+ talloc_free(out);
-+ return NULL;
-+ }
-+ *out->password = *in->password;
-+
-+ return out;
-+
-+ case NetlogonNetworkInformation:
-+ case NetlogonNetworkTransitiveInformation:
-+ break;
-+
-+ case NetlogonGenericInformation:
-+ if (in->generic == NULL) {
-+ return out;
-+ }
-+
-+ out->generic = talloc(out, struct netr_GenericInfo);
-+ if (out->generic == NULL) {
-+ talloc_free(out);
-+ return NULL;
-+ }
-+ *out->generic = *in->generic;
-+
-+ if (in->generic->data == NULL) {
-+ return out;
-+ }
-+
-+ if (in->generic->length == 0) {
-+ return out;
-+ }
-+
-+ out->generic->data = talloc_memdup(out->generic,
-+ in->generic->data,
-+ in->generic->length);
-+ if (out->generic->data == NULL) {
-+ talloc_free(out);
-+ return NULL;
-+ }
-+
-+ return out;
-+ }
-+
-+ return out;
-+}
-+
- /*
- copy a netlogon_creds_CredentialState struct
- */
-diff --git a/libcli/auth/proto.h b/libcli/auth/proto.h
-index 110e039..0c319d3 100644
---- a/libcli/auth/proto.h
-+++ b/libcli/auth/proto.h
-@@ -70,6 +70,9 @@ void netlogon_creds_decrypt_samlogon_logon(struct netlogon_creds_CredentialState
- void netlogon_creds_encrypt_samlogon_logon(struct netlogon_creds_CredentialState *creds,
- enum netr_LogonInfoClass level,
- union netr_LogonLevel *logon);
-+union netr_LogonLevel *netlogon_creds_shallow_copy_logon(TALLOC_CTX *mem_ctx,
-+ enum netr_LogonInfoClass level,
-+ const union netr_LogonLevel *in);
-
- /* The following definitions come from /home/jeremy/src/samba/git/master/source3/../source4/../libcli/auth/session.c */
-
---
-1.9.3
-
-
-From 8cf11ba846fc31ce26020aabcf463817b56580a7 Mon Sep 17 00:00:00 2001
-From: Stefan Metzmacher <metze@samba.org>
-Date: Wed, 24 Apr 2013 16:00:18 +0200
-Subject: [PATCH 049/249] s4:netlogon: make use of
- netlogon_creds_decrypt_samlogon_logon()
-
-Signed-off-by: Stefan Metzmacher <metze@samba.org>
-Reviewed-by: Andreas Schneider <asn@samba.org>
-(cherry picked from commit 9d548318da11247ffe8acf505cdb5299090c16f0)
----
- source4/rpc_server/netlogon/dcerpc_netlogon.c | 28 ++++++---------------------
- 1 file changed, 6 insertions(+), 22 deletions(-)
-
-diff --git a/source4/rpc_server/netlogon/dcerpc_netlogon.c b/source4/rpc_server/netlogon/dcerpc_netlogon.c
-index 70239a4..c41cd02 100644
---- a/source4/rpc_server/netlogon/dcerpc_netlogon.c
-+++ b/source4/rpc_server/netlogon/dcerpc_netlogon.c
-@@ -712,29 +712,15 @@ static NTSTATUS dcesrv_netr_LogonSamLogon_base(struct dcesrv_call_state *dce_cal
- user_info = talloc_zero(mem_ctx, struct auth_usersupplied_info);
- NT_STATUS_HAVE_NO_MEMORY(user_info);
-
-+ netlogon_creds_decrypt_samlogon_logon(creds,
-+ r->in.logon_level,
-+ r->in.logon);
-+
- switch (r->in.logon_level) {
- case NetlogonInteractiveInformation:
- case NetlogonServiceInformation:
- case NetlogonInteractiveTransitiveInformation:
- case NetlogonServiceTransitiveInformation:
-- if (creds->negotiate_flags & NETLOGON_NEG_SUPPORTS_AES) {
-- netlogon_creds_aes_decrypt(creds,
-- r->in.logon->password->lmpassword.hash,
-- sizeof(r->in.logon->password->lmpassword.hash));
-- netlogon_creds_aes_decrypt(creds,
-- r->in.logon->password->ntpassword.hash,
-- sizeof(r->in.logon->password->ntpassword.hash));
-- } else if (creds->negotiate_flags & NETLOGON_NEG_ARCFOUR) {
-- netlogon_creds_arcfour_crypt(creds,
-- r->in.logon->password->lmpassword.hash,
-- sizeof(r->in.logon->password->lmpassword.hash));
-- netlogon_creds_arcfour_crypt(creds,
-- r->in.logon->password->ntpassword.hash,
-- sizeof(r->in.logon->password->ntpassword.hash));
-- } else {
-- netlogon_creds_des_decrypt(creds, &r->in.logon->password->lmpassword);
-- netlogon_creds_des_decrypt(creds, &r->in.logon->password->ntpassword);
-- }
-
- /* TODO: we need to deny anonymous access here */
- nt_status = auth_context_create(mem_ctx,
-@@ -788,11 +774,9 @@ static NTSTATUS dcesrv_netr_LogonSamLogon_base(struct dcesrv_call_state *dce_cal
- case NetlogonGenericInformation:
- {
- if (creds->negotiate_flags & NETLOGON_NEG_SUPPORTS_AES) {
-- netlogon_creds_aes_decrypt(creds,
-- r->in.logon->generic->data, r->in.logon->generic->length);
-+ /* OK */
- } else if (creds->negotiate_flags & NETLOGON_NEG_ARCFOUR) {
-- netlogon_creds_arcfour_crypt(creds,
-- r->in.logon->generic->data, r->in.logon->generic->length);
-+ /* OK */
- } else {
- /* Using DES to verify kerberos tickets makes no sense */
- return NT_STATUS_INVALID_PARAMETER;
---
-1.9.3
-
-
-From 22bdc484af1b1a4ebd9451fd5cde4d3993dd6f0a Mon Sep 17 00:00:00 2001
-From: Stefan Metzmacher <metze@samba.org>
-Date: Wed, 24 Apr 2013 16:00:44 +0200
-Subject: [PATCH 050/249] s3:netlogon: make use of
- netlogon_creds_decrypt_samlogon_logon()
-
-Signed-off-by: Stefan Metzmacher <metze@samba.org>
-Reviewed-by: Andreas Schneider <asn@samba.org>
-(cherry picked from commit 7b3ddd1a0bb41fe84c115555113362044620e484)
----
- source3/rpc_server/netlogon/srv_netlog_nt.c | 45 ++++++++++++++---------------
- 1 file changed, 21 insertions(+), 24 deletions(-)
-
-diff --git a/source3/rpc_server/netlogon/srv_netlog_nt.c b/source3/rpc_server/netlogon/srv_netlog_nt.c
-index e5ca474..09857b6 100644
---- a/source3/rpc_server/netlogon/srv_netlog_nt.c
-+++ b/source3/rpc_server/netlogon/srv_netlog_nt.c
-@@ -1467,6 +1467,15 @@ static NTSTATUS _netr_LogonSamLogon_base(struct pipes_struct *p,
- struct auth_context *auth_context = NULL;
- const char *fn;
-
-+#ifdef DEBUG_PASSWORD
-+ logon = netlogon_creds_shallow_copy_logon(p->mem_ctx,
-+ r->in.logon_level,
-+ r->in.logon);
-+ if (logon == NULL) {
-+ logon = r->in.logon;
-+ }
-+#endif
-+
- switch (p->opnum) {
- case NDR_NETR_LOGONSAMLOGON:
- fn = "_netr_LogonSamLogon";
-@@ -1547,6 +1556,10 @@ static NTSTATUS _netr_LogonSamLogon_base(struct pipes_struct *p,
-
- status = NT_STATUS_OK;
-
-+ netlogon_creds_decrypt_samlogon_logon(creds,
-+ r->in.logon_level,
-+ logon);
-+
- switch (r->in.logon_level) {
- case NetlogonNetworkInformation:
- case NetlogonNetworkTransitiveInformation:
-@@ -1592,32 +1605,16 @@ static NTSTATUS _netr_LogonSamLogon_base(struct pipes_struct *p,
- uint8_t chal[8];
-
- #ifdef DEBUG_PASSWORD
-- DEBUG(100,("lm owf password:"));
-- dump_data(100, logon->password->lmpassword.hash, 16);
--
-- DEBUG(100,("nt owf password:"));
-- dump_data(100, logon->password->ntpassword.hash, 16);
--#endif
-- if (creds->negotiate_flags & NETLOGON_NEG_SUPPORTS_AES) {
-- netlogon_creds_aes_decrypt(creds,
-- logon->password->lmpassword.hash,
-- 16);
-- netlogon_creds_aes_decrypt(creds,
-- logon->password->ntpassword.hash,
-- 16);
-- } else if (creds->negotiate_flags & NETLOGON_NEG_ARCFOUR) {
-- netlogon_creds_arcfour_crypt(creds,
-- logon->password->lmpassword.hash,
-- 16);
-- netlogon_creds_arcfour_crypt(creds,
-- logon->password->ntpassword.hash,
-- 16);
-- } else {
-- netlogon_creds_des_decrypt(creds, &logon->password->lmpassword);
-- netlogon_creds_des_decrypt(creds, &logon->password->ntpassword);
-+ if (logon != r->in.logon) {
-+ DEBUG(100,("lm owf password:"));
-+ dump_data(100,
-+ r->in.logon->password->lmpassword.hash, 16);
-+
-+ DEBUG(100,("nt owf password:"));
-+ dump_data(100,
-+ r->in.logon->password->ntpassword.hash, 16);
- }
-
--#ifdef DEBUG_PASSWORD
- DEBUG(100,("decrypt of lm owf password:"));
- dump_data(100, logon->password->lmpassword.hash, 16);
-
---
-1.9.3
-
-
-From b25c7249bdca17d4b4720a2e8f8ba329c4105e94 Mon Sep 17 00:00:00 2001
-From: Stefan Metzmacher <metze@samba.org>
-Date: Thu, 25 Apr 2013 18:27:57 +0200
-Subject: [PATCH 051/249] s3:rpc_client: make rpccli_schannel_bind_data()
- static
-
-Signed-off-by: Stefan Metzmacher <metze@samba.org>
-Reviewed-by: Andreas Schneider <asn@samba.org>
-(cherry picked from commit 6ce645e03c279cbb2ed8a94f033b8e0601b61ef4)
----
- source3/rpc_client/cli_pipe.c | 9 +++++----
- source3/rpc_client/cli_pipe.h | 6 ------
- 2 files changed, 5 insertions(+), 10 deletions(-)
-
-diff --git a/source3/rpc_client/cli_pipe.c b/source3/rpc_client/cli_pipe.c
-index 1fa8d91..66fa2d2 100644
---- a/source3/rpc_client/cli_pipe.c
-+++ b/source3/rpc_client/cli_pipe.c
-@@ -2401,10 +2401,11 @@ static NTSTATUS rpccli_generic_bind_data(TALLOC_CTX *mem_ctx,
- return status;
- }
-
--NTSTATUS rpccli_schannel_bind_data(TALLOC_CTX *mem_ctx, const char *domain,
-- enum dcerpc_AuthLevel auth_level,
-- struct netlogon_creds_CredentialState *creds,
-- struct pipe_auth_data **presult)
-+static NTSTATUS rpccli_schannel_bind_data(TALLOC_CTX *mem_ctx,
-+ const char *domain,
-+ enum dcerpc_AuthLevel auth_level,
-+ struct netlogon_creds_CredentialState *creds,
-+ struct pipe_auth_data **presult)
- {
- struct schannel_state *schannel_auth;
- struct pipe_auth_data *result;
-diff --git a/source3/rpc_client/cli_pipe.h b/source3/rpc_client/cli_pipe.h
-index 6fcc587..8eb6040 100644
---- a/source3/rpc_client/cli_pipe.h
-+++ b/source3/rpc_client/cli_pipe.h
-@@ -58,12 +58,6 @@ NTSTATUS rpccli_ncalrpc_bind_data(TALLOC_CTX *mem_ctx,
- NTSTATUS rpccli_anon_bind_data(TALLOC_CTX *mem_ctx,
- struct pipe_auth_data **presult);
-
--NTSTATUS rpccli_schannel_bind_data(TALLOC_CTX *mem_ctx,
-- const char *domain,
-- enum dcerpc_AuthLevel auth_level,
-- struct netlogon_creds_CredentialState *creds,
-- struct pipe_auth_data **presult);
--
- NTSTATUS rpc_pipe_open_tcp(TALLOC_CTX *mem_ctx,
- const char *host,
- const struct sockaddr_storage *ss_addr,
---
-1.9.3
-
-
-From 9f56e42ba78ce4e1248f06a0cecfc97789aea260 Mon Sep 17 00:00:00 2001
-From: Stefan Metzmacher <metze@samba.org>
-Date: Thu, 25 Apr 2013 18:29:31 +0200
-Subject: [PATCH 052/249] s3:rpc_client: use the correct context for
- netlogon_creds_copy() in rpccli_schannel_bind_data()
-
-Signed-off-by: Stefan Metzmacher <metze@samba.org>
-Reviewed-by: Andreas Schneider <asn@samba.org>
-(cherry picked from commit 8a302fc353de8d373a0ec8544da4da6f305ec923)
----
- source3/rpc_client/cli_pipe.c | 5 ++++-
- 1 file changed, 4 insertions(+), 1 deletion(-)
-
-diff --git a/source3/rpc_client/cli_pipe.c b/source3/rpc_client/cli_pipe.c
-index 66fa2d2..afe8030 100644
---- a/source3/rpc_client/cli_pipe.c
-+++ b/source3/rpc_client/cli_pipe.c
-@@ -2431,7 +2431,10 @@ static NTSTATUS rpccli_schannel_bind_data(TALLOC_CTX *mem_ctx,
-
- schannel_auth->state = SCHANNEL_STATE_START;
- schannel_auth->initiator = true;
-- schannel_auth->creds = netlogon_creds_copy(result, creds);
-+ schannel_auth->creds = netlogon_creds_copy(schannel_auth, creds);
-+ if (schannel_auth->creds == NULL) {
-+ goto fail;
-+ }
-
- result->auth_ctx = schannel_auth;
- *presult = result;
---
-1.9.3
-
-
-From 08d78b16f0adf1d223f29d613a498878230522be Mon Sep 17 00:00:00 2001
-From: Stefan Metzmacher <metze@samba.org>
-Date: Thu, 25 Apr 2013 19:43:58 +0200
-Subject: [PATCH 053/249] s3:rpc_client: rename same variables in
- cli_rpc_pipe_open_schannel_with_key()
-
-Signed-off-by: Stefan Metzmacher <metze@samba.org>
-Reviewed-by: Andreas Schneider <asn@samba.org>
-(cherry picked from commit 94be8d63cd21fbb9e31bf7a92af82e19c596f94f)
----
- source3/rpc_client/cli_pipe.c | 30 +++++++++++++++---------------
- 1 file changed, 15 insertions(+), 15 deletions(-)
-
-diff --git a/source3/rpc_client/cli_pipe.c b/source3/rpc_client/cli_pipe.c
-index afe8030..ec804e7 100644
---- a/source3/rpc_client/cli_pipe.c
-+++ b/source3/rpc_client/cli_pipe.c
-@@ -3032,32 +3032,32 @@ NTSTATUS cli_rpc_pipe_open_schannel_with_key(struct cli_state *cli,
- enum dcerpc_AuthLevel auth_level,
- const char *domain,
- struct netlogon_creds_CredentialState **pdc,
-- struct rpc_pipe_client **presult)
-+ struct rpc_pipe_client **_rpccli)
- {
-- struct rpc_pipe_client *result;
-- struct pipe_auth_data *auth;
-+ struct rpc_pipe_client *rpccli;
-+ struct pipe_auth_data *rpcauth;
- NTSTATUS status;
-
-- status = cli_rpc_pipe_open(cli, transport, table, &result);
-+ status = cli_rpc_pipe_open(cli, transport, table, &rpccli);
- if (!NT_STATUS_IS_OK(status)) {
- return status;
- }
-
-- status = rpccli_schannel_bind_data(result, domain, auth_level,
-- *pdc, &auth);
-+ status = rpccli_schannel_bind_data(rpccli, domain, auth_level,
-+ *pdc, &rpcauth);
- if (!NT_STATUS_IS_OK(status)) {
- DEBUG(0, ("rpccli_schannel_bind_data returned %s\n",
- nt_errstr(status)));
-- TALLOC_FREE(result);
-+ TALLOC_FREE(rpccli);
- return status;
- }
-
-- status = rpc_pipe_bind(result, auth);
-+ status = rpc_pipe_bind(rpccli, rpcauth);
- if (!NT_STATUS_IS_OK(status)) {
- DEBUG(0, ("cli_rpc_pipe_open_schannel_with_key: "
- "cli_rpc_pipe_bind failed with error %s\n",
- nt_errstr(status) ));
-- TALLOC_FREE(result);
-+ TALLOC_FREE(rpccli);
- return status;
- }
-
-@@ -3065,10 +3065,10 @@ NTSTATUS cli_rpc_pipe_open_schannel_with_key(struct cli_state *cli,
- * The credentials on a new netlogon pipe are the ones we are passed
- * in - copy them over
- */
-- if (result->dc == NULL) {
-- result->dc = netlogon_creds_copy(result, *pdc);
-- if (result->dc == NULL) {
-- TALLOC_FREE(result);
-+ if (rpccli->dc == NULL) {
-+ rpccli->dc = netlogon_creds_copy(rpccli, *pdc);
-+ if (rpccli->dc == NULL) {
-+ TALLOC_FREE(rpccli);
- return NT_STATUS_NO_MEMORY;
- }
- }
-@@ -3076,9 +3076,9 @@ NTSTATUS cli_rpc_pipe_open_schannel_with_key(struct cli_state *cli,
- DEBUG(10,("cli_rpc_pipe_open_schannel_with_key: opened pipe %s to machine %s "
- "for domain %s and bound using schannel.\n",
- get_pipe_name_from_syntax(talloc_tos(), &table->syntax_id),
-- result->desthost, domain));
-+ rpccli->desthost, domain));
-
-- *presult = result;
-+ *_rpccli = rpccli;
- return NT_STATUS_OK;
- }
-
---
-1.9.3
-
-
-From 33991d3ea286fc5da1458ca64aa4fc004547ae04 Mon Sep 17 00:00:00 2001
-From: Stefan Metzmacher <metze@samba.org>
-Date: Mon, 5 Aug 2013 20:26:54 +0200
-Subject: [PATCH 054/249] s3:libsmb: remove unused cli_state->is_guestlogin
-
-Signed-off-by: Stefan Metzmacher <metze@samba.org>
-
-Reviewed-by: Andrew Bartlett <abartlet@samba.org>
-(cherry picked from commit 11e0be0e72cfc4bc65ba2b0ffd10cbae3ad69b2d)
----
- source3/include/client.h | 1 -
- source3/libsmb/cliconnect.c | 5 -----
- 2 files changed, 6 deletions(-)
-
-diff --git a/source3/include/client.h b/source3/include/client.h
-index 3f92d6d..59fb104 100644
---- a/source3/include/client.h
-+++ b/source3/include/client.h
-@@ -72,7 +72,6 @@ struct cli_state {
- int timeout; /* in milliseconds. */
- int initialised;
- int win95;
-- bool is_guestlogin;
- /* What the server offered. */
- uint32_t server_posix_capabilities;
- /* What the client requested. */
-diff --git a/source3/libsmb/cliconnect.c b/source3/libsmb/cliconnect.c
-index 13e7704..81bc028 100644
---- a/source3/libsmb/cliconnect.c
-+++ b/source3/libsmb/cliconnect.c
-@@ -240,7 +240,6 @@ static void cli_session_setup_lanman2_done(struct tevent_req *subreq)
- p = bytes;
-
- cli_state_set_uid(state->cli, SVAL(inhdr, HDR_UID));
-- cli->is_guestlogin = ((SVAL(vwv+2, 0) & 1) != 0);
-
- status = smb_bytes_talloc_string(cli,
- inhdr,
-@@ -448,7 +447,6 @@ static void cli_session_setup_guest_done(struct tevent_req *subreq)
- p = bytes;
-
- cli_state_set_uid(state->cli, SVAL(inhdr, HDR_UID));
-- cli->is_guestlogin = ((SVAL(vwv+2, 0) & 1) != 0);
-
- status = smb_bytes_talloc_string(cli,
- inhdr,
-@@ -613,7 +611,6 @@ static void cli_session_setup_plain_done(struct tevent_req *subreq)
- p = bytes;
-
- cli_state_set_uid(state->cli, SVAL(inhdr, HDR_UID));
-- cli->is_guestlogin = ((SVAL(vwv+2, 0) & 1) != 0);
-
- status = smb_bytes_talloc_string(cli,
- inhdr,
-@@ -930,7 +927,6 @@ static void cli_session_setup_nt1_done(struct tevent_req *subreq)
- p = bytes;
-
- cli_state_set_uid(state->cli, SVAL(inhdr, HDR_UID));
-- cli->is_guestlogin = ((SVAL(vwv+2, 0) & 1) != 0);
-
- status = smb_bytes_talloc_string(cli,
- inhdr,
-@@ -1180,7 +1176,6 @@ static void cli_sesssetup_blob_done(struct tevent_req *subreq)
- state->inbuf = in;
- inhdr = in + NBT_HDR_SIZE;
- cli_state_set_uid(state->cli, SVAL(inhdr, HDR_UID));
-- cli->is_guestlogin = ((SVAL(vwv+2, 0) & 1) != 0);
-
- blob_length = SVAL(vwv+3, 0);
- if (blob_length > num_bytes) {
---
-1.9.3
-
-
-From 937a0f2fc020e12c21c10597a889275614603add Mon Sep 17 00:00:00 2001
-From: Stefan Metzmacher <metze@samba.org>
-Date: Sat, 15 Jun 2013 09:41:52 +0200
-Subject: [PATCH 055/249] s3:auth_domain: try to use NETLOGON_NEG_SUPPORTS_AES
-
-Signed-off-by: Stefan Metzmacher <metze@samba.org>
-
-Reviewed-by: Andrew Bartlett <abartlet@samba.org>
-(cherry picked from commit d82ab70579ff2bcb69f997068482b198f321d1ef)
----
- source3/auth/auth_domain.c | 3 ++-
- 1 file changed, 2 insertions(+), 1 deletion(-)
-
-diff --git a/source3/auth/auth_domain.c b/source3/auth/auth_domain.c
-index 54ee5a1..06078e2 100644
---- a/source3/auth/auth_domain.c
-+++ b/source3/auth/auth_domain.c
-@@ -133,7 +133,8 @@ machine %s. Error was : %s.\n", dc_name, nt_errstr(result)));
-
- if (!lp_client_schannel()) {
- /* We need to set up a creds chain on an unauthenticated netlogon pipe. */
-- uint32_t neg_flags = NETLOGON_NEG_AUTH2_ADS_FLAGS;
-+ uint32_t neg_flags = NETLOGON_NEG_AUTH2_ADS_FLAGS |
-+ NETLOGON_NEG_SUPPORTS_AES;
- enum netr_SchannelType sec_chan_type = 0;
- unsigned char machine_pwd[16];
- const char *account_name;
---
-1.9.3
-
-
-From 981a88bb20cef572e5573ee2f18115a6e395fbf9 Mon Sep 17 00:00:00 2001
-From: Stefan Metzmacher <metze@samba.org>
-Date: Sat, 15 Jun 2013 09:41:52 +0200
-Subject: [PATCH 056/249] s3:libnet_join: try to use NETLOGON_NEG_SUPPORTS_AES
-
-Signed-off-by: Stefan Metzmacher <metze@samba.org>
-
-Reviewed-by: Andrew Bartlett <abartlet@samba.org>
-(cherry picked from commit beba32619a91977543f882432fd08acc9de78fd3)
----
- source3/libnet/libnet_join.c | 3 ++-
- 1 file changed, 2 insertions(+), 1 deletion(-)
-
-diff --git a/source3/libnet/libnet_join.c b/source3/libnet/libnet_join.c
-index d8ec235..c1eccda 100644
---- a/source3/libnet/libnet_join.c
-+++ b/source3/libnet/libnet_join.c
-@@ -1194,7 +1194,8 @@ NTSTATUS libnet_join_ok(const char *netbios_domain_name,
- const char *dc_name,
- const bool use_kerberos)
- {
-- uint32_t neg_flags = NETLOGON_NEG_AUTH2_ADS_FLAGS;
-+ uint32_t neg_flags = NETLOGON_NEG_AUTH2_ADS_FLAGS |
-+ NETLOGON_NEG_SUPPORTS_AES;
- struct cli_state *cli = NULL;
- struct rpc_pipe_client *pipe_hnd = NULL;
- struct rpc_pipe_client *netlogon_pipe = NULL;
---
-1.9.3
-
-
-From 846a35f004850695ca7c9d4597cd8729bb7c99e3 Mon Sep 17 00:00:00 2001
-From: Stefan Metzmacher <metze@samba.org>
-Date: Sat, 15 Jun 2013 09:41:52 +0200
-Subject: [PATCH 057/249] s3:rpc_client: try to use NETLOGON_NEG_SUPPORTS_AES
-
-Signed-off-by: Stefan Metzmacher <metze@samba.org>
-
-Reviewed-by: Andrew Bartlett <abartlet@samba.org>
-(cherry picked from commit 04600634b3e761d7c56f699fd4ba80b4cd2926a1)
----
- source3/rpc_client/cli_netlogon.c | 3 ++-
- source3/rpc_client/cli_pipe_schannel.c | 6 ++++--
- 2 files changed, 6 insertions(+), 3 deletions(-)
-
-diff --git a/source3/rpc_client/cli_netlogon.c b/source3/rpc_client/cli_netlogon.c
-index 3d6a3e1..5e8a2fc 100644
---- a/source3/rpc_client/cli_netlogon.c
-+++ b/source3/rpc_client/cli_netlogon.c
-@@ -610,7 +610,8 @@ NTSTATUS rpccli_netlogon_set_trust_password(struct rpc_pipe_client *cli,
- struct dcerpc_binding_handle *b = cli->binding_handle;
-
- if (!cli->dc) {
-- uint32_t neg_flags = NETLOGON_NEG_AUTH2_ADS_FLAGS;
-+ uint32_t neg_flags = NETLOGON_NEG_AUTH2_ADS_FLAGS |
-+ NETLOGON_NEG_SUPPORTS_AES;
- result = rpccli_netlogon_setup_creds(cli,
- cli->desthost, /* server name */
- lp_workgroup(), /* domain */
-diff --git a/source3/rpc_client/cli_pipe_schannel.c b/source3/rpc_client/cli_pipe_schannel.c
-index bc672ef..de745c0 100644
---- a/source3/rpc_client/cli_pipe_schannel.c
-+++ b/source3/rpc_client/cli_pipe_schannel.c
-@@ -136,7 +136,8 @@ NTSTATUS cli_rpc_pipe_open_ntlmssp_auth_schannel(struct cli_state *cli,
- const char *password,
- struct rpc_pipe_client **presult)
- {
-- uint32_t neg_flags = NETLOGON_NEG_AUTH2_ADS_FLAGS;
-+ uint32_t neg_flags = NETLOGON_NEG_AUTH2_ADS_FLAGS |
-+ NETLOGON_NEG_SUPPORTS_AES;
- struct rpc_pipe_client *netlogon_pipe = NULL;
- struct rpc_pipe_client *result = NULL;
- NTSTATUS status;
-@@ -175,7 +176,8 @@ NTSTATUS cli_rpc_pipe_open_schannel(struct cli_state *cli,
- const char *domain,
- struct rpc_pipe_client **presult)
- {
-- uint32_t neg_flags = NETLOGON_NEG_AUTH2_ADS_FLAGS;
-+ uint32_t neg_flags = NETLOGON_NEG_AUTH2_ADS_FLAGS |
-+ NETLOGON_NEG_SUPPORTS_AES;
- struct rpc_pipe_client *netlogon_pipe = NULL;
- struct rpc_pipe_client *result = NULL;
- NTSTATUS status;
---
-1.9.3
-
-
-From a56391bc8cbe1fa9142d0a20f4bf977538f27e67 Mon Sep 17 00:00:00 2001
-From: Stefan Metzmacher <metze@samba.org>
-Date: Sat, 15 Jun 2013 09:41:52 +0200
-Subject: [PATCH 058/249] s3:rpcclient: try to use NETLOGON_NEG_SUPPORTS_AES
-
-Signed-off-by: Stefan Metzmacher <metze@samba.org>
-
-Reviewed-by: Andrew Bartlett <abartlet@samba.org>
-(cherry picked from commit e77a64f505fc43628e487e832033d0cd8ec4de8e)
----
- source3/rpcclient/cmd_netlogon.c | 3 ++-
- source3/rpcclient/rpcclient.c | 3 ++-
- 2 files changed, 4 insertions(+), 2 deletions(-)
-
-diff --git a/source3/rpcclient/cmd_netlogon.c b/source3/rpcclient/cmd_netlogon.c
-index 01d6da4..d92434b 100644
---- a/source3/rpcclient/cmd_netlogon.c
-+++ b/source3/rpcclient/cmd_netlogon.c
-@@ -1120,7 +1120,8 @@ static NTSTATUS cmd_netlogon_database_redo(struct rpc_pipe_client *cli,
- NTSTATUS status = NT_STATUS_UNSUCCESSFUL;
- NTSTATUS result;
- const char *server_name = cli->desthost;
-- uint32_t neg_flags = NETLOGON_NEG_AUTH2_ADS_FLAGS;
-+ uint32_t neg_flags = NETLOGON_NEG_AUTH2_ADS_FLAGS |
-+ NETLOGON_NEG_SUPPORTS_AES;
- struct netr_Authenticator clnt_creds, srv_cred;
- struct netr_DELTA_ENUM_ARRAY *delta_enum_array = NULL;
- unsigned char trust_passwd_hash[16];
-diff --git a/source3/rpcclient/rpcclient.c b/source3/rpcclient/rpcclient.c
-index 9bf296e..cb7b70f 100644
---- a/source3/rpcclient/rpcclient.c
-+++ b/source3/rpcclient/rpcclient.c
-@@ -758,7 +758,8 @@ static NTSTATUS do_cmd(struct cli_state *cli,
-
- if (ndr_syntax_id_equal(&cmd_entry->table->syntax_id,
- &ndr_table_netlogon.syntax_id)) {
-- uint32_t neg_flags = NETLOGON_NEG_AUTH2_ADS_FLAGS;
-+ uint32_t neg_flags = NETLOGON_NEG_AUTH2_ADS_FLAGS |
-+ NETLOGON_NEG_SUPPORTS_AES;
- enum netr_SchannelType sec_channel_type;
- uchar trust_password[16];
- const char *machine_account;
---
-1.9.3
-
-
-From 06c4ff36efc63ef014c449602dc314ca4e7016bd Mon Sep 17 00:00:00 2001
-From: Stefan Metzmacher <metze@samba.org>
-Date: Thu, 25 Apr 2013 19:57:09 +0200
-Subject: [PATCH 059/249] s3:rpc_client: fix/add AES downgrade detection to
- rpc_pipe_bind_step_two_done()
-
-Signed-off-by: Stefan Metzmacher <metze@samba.org>
-
-Reviewed-by: Andrew Bartlett <abartlet@samba.org>
-(cherry picked from commit 90e28c1825b2c48714d7b34fdb57d3878116d07e)
----
- source3/rpc_client/cli_pipe.c | 19 +++++++------------
- 1 file changed, 7 insertions(+), 12 deletions(-)
-
-diff --git a/source3/rpc_client/cli_pipe.c b/source3/rpc_client/cli_pipe.c
-index ec804e7..c354a6f 100644
---- a/source3/rpc_client/cli_pipe.c
-+++ b/source3/rpc_client/cli_pipe.c
-@@ -1828,8 +1828,7 @@ static void rpc_pipe_bind_step_two_done(struct tevent_req *subreq)
- status = dcerpc_netr_LogonGetCapabilities_r_recv(subreq, talloc_tos());
- TALLOC_FREE(subreq);
- if (NT_STATUS_EQUAL(status, NT_STATUS_RPC_PROCNUM_OUT_OF_RANGE)) {
-- if (state->cli->dc && state->cli->dc->negotiate_flags &
-- NETLOGON_NEG_SUPPORTS_AES) {
-+ if (state->creds->negotiate_flags & NETLOGON_NEG_SUPPORTS_AES) {
- DEBUG(5, ("AES is not supported and the error was %s\n",
- nt_errstr(status)));
- tevent_req_nterror(req,
-@@ -1880,9 +1879,6 @@ static void rpc_pipe_bind_step_two_done(struct tevent_req *subreq)
- return;
- }
-
-- TALLOC_FREE(state->cli->dc);
-- state->cli->dc = talloc_steal(state->cli, state->creds);
--
- if (!NT_STATUS_IS_OK(state->r.out.result)) {
- DEBUG(0, ("dcerpc_netr_LogonGetCapabilities_r_recv failed with %s\n",
- nt_errstr(state->r.out.result)));
-@@ -1890,18 +1886,17 @@ static void rpc_pipe_bind_step_two_done(struct tevent_req *subreq)
- return;
- }
-
-- if (state->creds->negotiate_flags !=
-- state->r.out.capabilities->server_capabilities) {
-- DEBUG(0, ("The client capabilities don't match the server "
-- "capabilities: local[0x%08X] remote[0x%08X]\n",
-- state->creds->negotiate_flags,
-- state->capabilities.server_capabilities));
-+ if (!(state->creds->negotiate_flags & NETLOGON_NEG_SUPPORTS_AES)) {
-+ DEBUG(0, ("netr_LogonGetCapabilities is supported by %s, "
-+ "but AES was not negotiated - downgrade detected",
-+ state->cli->desthost));
- tevent_req_nterror(req,
- NT_STATUS_INVALID_NETWORK_RESPONSE);
- return;
- }
-
-- /* TODO: Add downgrade dectection. */
-+ TALLOC_FREE(state->cli->dc);
-+ state->cli->dc = talloc_move(state->cli, &state->creds);
-
- tevent_req_done(req);
- return;
---
-1.9.3
-
-
-From e6416b9fe5019c3ce1aa8ecf42d73125a049338f Mon Sep 17 00:00:00 2001
-From: Stefan Metzmacher <metze@samba.org>
-Date: Thu, 25 Apr 2013 19:45:52 +0200
-Subject: [PATCH 060/249] s3:rpc_client: use netlogon_creds_copy before
- rpc_pipe_bind
-
-Signed-off-by: Stefan Metzmacher <metze@samba.org>
-
-Reviewed-by: Andrew Bartlett <abartlet@samba.org>
-(cherry picked from commit e9c8e3fb92143525f846523e446e2213e5b55d9d)
----
- source3/rpc_client/cli_pipe.c | 24 ++++++++++++------------
- 1 file changed, 12 insertions(+), 12 deletions(-)
-
-diff --git a/source3/rpc_client/cli_pipe.c b/source3/rpc_client/cli_pipe.c
-index c354a6f..eb172db 100644
---- a/source3/rpc_client/cli_pipe.c
-+++ b/source3/rpc_client/cli_pipe.c
-@@ -3047,6 +3047,18 @@ NTSTATUS cli_rpc_pipe_open_schannel_with_key(struct cli_state *cli,
- return status;
- }
-
-+ /*
-+ * The credentials on a new netlogon pipe are the ones we are passed
-+ * in - copy them over
-+ *
-+ * This may get overwritten... in rpc_pipe_bind()...
-+ */
-+ rpccli->dc = netlogon_creds_copy(rpccli, *pdc);
-+ if (rpccli->dc == NULL) {
-+ TALLOC_FREE(rpccli);
-+ return NT_STATUS_NO_MEMORY;
-+ }
-+
- status = rpc_pipe_bind(rpccli, rpcauth);
- if (!NT_STATUS_IS_OK(status)) {
- DEBUG(0, ("cli_rpc_pipe_open_schannel_with_key: "
-@@ -3056,18 +3068,6 @@ NTSTATUS cli_rpc_pipe_open_schannel_with_key(struct cli_state *cli,
- return status;
- }
-
-- /*
-- * The credentials on a new netlogon pipe are the ones we are passed
-- * in - copy them over
-- */
-- if (rpccli->dc == NULL) {
-- rpccli->dc = netlogon_creds_copy(rpccli, *pdc);
-- if (rpccli->dc == NULL) {
-- TALLOC_FREE(rpccli);
-- return NT_STATUS_NO_MEMORY;
-- }
-- }
--
- DEBUG(10,("cli_rpc_pipe_open_schannel_with_key: opened pipe %s to machine %s "
- "for domain %s and bound using schannel.\n",
- get_pipe_name_from_syntax(talloc_tos(), &table->syntax_id),
---
-1.9.3
-
-
-From 1836ea96ed7dd055278fd6cac3f69a06ea979ea2 Mon Sep 17 00:00:00 2001
-From: Stefan Metzmacher <metze@samba.org>
-Date: Thu, 25 Apr 2013 19:34:13 +0200
-Subject: [PATCH 061/249] s3:rpc_client: add netr_LogonGetCapabilities to
- cli_rpc_pipe_open_schannel_with_key()
-
-Signed-off-by: Stefan Metzmacher <metze@samba.org>
-
-Reviewed-by: Andrew Bartlett <abartlet@samba.org>
-(cherry picked from commit eecb5bafba5b362d4fdf33d6a2a32e4ee56f30a4)
----
- source3/rpc_client/cli_pipe.c | 101 ++++++++++++++++++++++++++++++++++++++++++
- 1 file changed, 101 insertions(+)
-
-diff --git a/source3/rpc_client/cli_pipe.c b/source3/rpc_client/cli_pipe.c
-index eb172db..314eb92 100644
---- a/source3/rpc_client/cli_pipe.c
-+++ b/source3/rpc_client/cli_pipe.c
-@@ -3032,6 +3032,11 @@ NTSTATUS cli_rpc_pipe_open_schannel_with_key(struct cli_state *cli,
- struct rpc_pipe_client *rpccli;
- struct pipe_auth_data *rpcauth;
- NTSTATUS status;
-+ NTSTATUS result;
-+ struct netlogon_creds_CredentialState save_creds;
-+ struct netr_Authenticator auth;
-+ struct netr_Authenticator return_auth;
-+ union netr_Capabilities capabilities;
-
- status = cli_rpc_pipe_open(cli, transport, table, &rpccli);
- if (!NT_STATUS_IS_OK(status)) {
-@@ -3068,6 +3073,102 @@ NTSTATUS cli_rpc_pipe_open_schannel_with_key(struct cli_state *cli,
- return status;
- }
-
-+ if (!ndr_syntax_id_equal(&table->syntax_id, &ndr_table_netlogon.syntax_id)) {
-+ goto done;
-+ }
-+
-+ save_creds = *rpccli->dc;
-+ ZERO_STRUCT(return_auth);
-+ ZERO_STRUCT(capabilities);
-+
-+ netlogon_creds_client_authenticator(&save_creds, &auth);
-+
-+ status = dcerpc_netr_LogonGetCapabilities(rpccli->binding_handle,
-+ talloc_tos(),
-+ rpccli->srv_name_slash,
-+ save_creds.computer_name,
-+ &auth, &return_auth,
-+ 1, &capabilities,
-+ &result);
-+ if (NT_STATUS_EQUAL(status, NT_STATUS_RPC_PROCNUM_OUT_OF_RANGE)) {
-+ if (save_creds.negotiate_flags & NETLOGON_NEG_SUPPORTS_AES) {
-+ DEBUG(5, ("AES was negotiated and the error was %s - "
-+ "downgrade detected\n",
-+ nt_errstr(status)));
-+ TALLOC_FREE(rpccli);
-+ return NT_STATUS_INVALID_NETWORK_RESPONSE;
-+ }
-+
-+ /* This is probably an old Samba Version */
-+ DEBUG(5, ("We are checking against an NT or old Samba - %s\n",
-+ nt_errstr(status)));
-+ goto done;
-+ }
-+
-+ if (!NT_STATUS_IS_OK(status)) {
-+ DEBUG(0, ("dcerpc_netr_LogonGetCapabilities failed with %s\n",
-+ nt_errstr(status)));
-+ TALLOC_FREE(rpccli);
-+ return status;
-+ }
-+
-+ if (NT_STATUS_EQUAL(result, NT_STATUS_NOT_IMPLEMENTED)) {
-+ if (save_creds.negotiate_flags & NETLOGON_NEG_SUPPORTS_AES) {
-+ /* This means AES isn't supported. */
-+ DEBUG(5, ("AES was negotiated and the result was %s - "
-+ "downgrade detected\n",
-+ nt_errstr(result)));
-+ TALLOC_FREE(rpccli);
-+ return NT_STATUS_INVALID_NETWORK_RESPONSE;
-+ }
-+
-+ /* This is probably an old Windows version */
-+ DEBUG(5, ("We are checking against an win2k3 or Samba - %s\n",
-+ nt_errstr(result)));
-+ goto done;
-+ }
-+
-+ /*
-+ * We need to check the credential state here, cause win2k3 and earlier
-+ * returns NT_STATUS_NOT_IMPLEMENTED
-+ */
-+ if (!netlogon_creds_client_check(&save_creds, &return_auth.cred)) {
-+ /*
-+ * Server replied with bad credential. Fail.
-+ */
-+ DEBUG(0,("cli_rpc_pipe_open_schannel_with_key: server %s "
-+ "replied with bad credential\n",
-+ rpccli->desthost));
-+ TALLOC_FREE(rpccli);
-+ return NT_STATUS_INVALID_NETWORK_RESPONSE;
-+ }
-+ *rpccli->dc = save_creds;
-+
-+ if (!NT_STATUS_IS_OK(result)) {
-+ DEBUG(0, ("dcerpc_netr_LogonGetCapabilities failed with %s\n",
-+ nt_errstr(result)));
-+ TALLOC_FREE(rpccli);
-+ return result;
-+ }
-+
-+ if (!(save_creds.negotiate_flags & NETLOGON_NEG_SUPPORTS_AES)) {
-+ /* This means AES isn't supported. */
-+ DEBUG(5, ("AES is not negotiated, but netr_LogonGetCapabilities "
-+ "was OK - downgrade detected\n"));
-+ TALLOC_FREE(rpccli);
-+ return NT_STATUS_INVALID_NETWORK_RESPONSE;
-+ }
-+
-+ if (save_creds.negotiate_flags != capabilities.server_capabilities) {
-+ DEBUG(0, ("The client capabilities don't match the server "
-+ "capabilities: local[0x%08X] remote[0x%08X]\n",
-+ save_creds.negotiate_flags,
-+ capabilities.server_capabilities));
-+ TALLOC_FREE(rpccli);
-+ return NT_STATUS_INVALID_NETWORK_RESPONSE;
-+ }
-+
-+done:
- DEBUG(10,("cli_rpc_pipe_open_schannel_with_key: opened pipe %s to machine %s "
- "for domain %s and bound using schannel.\n",
- get_pipe_name_from_syntax(talloc_tos(), &table->syntax_id),
---
-1.9.3
-
-
-From 675be19880c2ac4bca14d69592ce39bb66a34dec Mon Sep 17 00:00:00 2001
-From: Stefan Metzmacher <metze@samba.org>
-Date: Thu, 25 Apr 2013 18:30:36 +0200
-Subject: [PATCH 062/249] s3:rpc_client: remove netr_LogonGetCapabilities check
- from rpc_pipe_bind*
-
-It's done in the caller now.
-
-Signed-off-by: Stefan Metzmacher <metze@samba.org>
-
-Reviewed-by: Andrew Bartlett <abartlet@samba.org>
-(cherry picked from commit 3302356226cca474f0afab9a129220241c16663f)
----
- source3/rpc_client/cli_pipe.c | 150 +-----------------------------------------
- 1 file changed, 1 insertion(+), 149 deletions(-)
-
-diff --git a/source3/rpc_client/cli_pipe.c b/source3/rpc_client/cli_pipe.c
-index 314eb92..cba055a 100644
---- a/source3/rpc_client/cli_pipe.c
-+++ b/source3/rpc_client/cli_pipe.c
-@@ -1568,15 +1568,9 @@ struct rpc_pipe_bind_state {
- DATA_BLOB rpc_out;
- bool auth3;
- uint32_t rpc_call_id;
-- struct netr_Authenticator auth;
-- struct netr_Authenticator return_auth;
-- struct netlogon_creds_CredentialState *creds;
-- union netr_Capabilities capabilities;
-- struct netr_LogonGetCapabilities r;
- };
-
- static void rpc_pipe_bind_step_one_done(struct tevent_req *subreq);
--static void rpc_pipe_bind_step_two_trigger(struct tevent_req *req);
- static NTSTATUS rpc_bind_next_send(struct tevent_req *req,
- struct rpc_pipe_bind_state *state,
- DATA_BLOB *credentials);
-@@ -1679,14 +1673,11 @@ static void rpc_pipe_bind_step_one_done(struct tevent_req *subreq)
-
- case DCERPC_AUTH_TYPE_NONE:
- case DCERPC_AUTH_TYPE_NCALRPC_AS_SYSTEM:
-+ case DCERPC_AUTH_TYPE_SCHANNEL:
- /* Bind complete. */
- tevent_req_done(req);
- return;
-
-- case DCERPC_AUTH_TYPE_SCHANNEL:
-- rpc_pipe_bind_step_two_trigger(req);
-- return;
--
- case DCERPC_AUTH_TYPE_NTLMSSP:
- case DCERPC_AUTH_TYPE_SPNEGO:
- case DCERPC_AUTH_TYPE_KRB5:
-@@ -1763,145 +1754,6 @@ err_out:
- tevent_req_nterror(req, NT_STATUS_INTERNAL_ERROR);
- }
-
--static void rpc_pipe_bind_step_two_done(struct tevent_req *subreq);
--
--static void rpc_pipe_bind_step_two_trigger(struct tevent_req *req)
--{
-- struct rpc_pipe_bind_state *state =
-- tevent_req_data(req,
-- struct rpc_pipe_bind_state);
-- struct dcerpc_binding_handle *b = state->cli->binding_handle;
-- struct schannel_state *schannel_auth =
-- talloc_get_type_abort(state->cli->auth->auth_ctx,
-- struct schannel_state);
-- struct tevent_req *subreq;
--
-- if (schannel_auth == NULL ||
-- !ndr_syntax_id_equal(&state->cli->abstract_syntax,
-- &ndr_table_netlogon.syntax_id)) {
-- tevent_req_done(req);
-- return;
-- }
--
-- ZERO_STRUCT(state->return_auth);
--
-- state->creds = netlogon_creds_copy(state, schannel_auth->creds);
-- if (state->creds == NULL) {
-- tevent_req_nterror(req, NT_STATUS_NO_MEMORY);
-- return;
-- }
--
-- netlogon_creds_client_authenticator(state->creds, &state->auth);
--
-- state->r.in.server_name = state->cli->srv_name_slash;
-- state->r.in.computer_name = state->creds->computer_name;
-- state->r.in.credential = &state->auth;
-- state->r.in.query_level = 1;
-- state->r.in.return_authenticator = &state->return_auth;
--
-- state->r.out.capabilities = &state->capabilities;
-- state->r.out.return_authenticator = &state->return_auth;
--
-- subreq = dcerpc_netr_LogonGetCapabilities_r_send(talloc_tos(),
-- state->ev,
-- b,
-- &state->r);
-- if (subreq == NULL) {
-- tevent_req_nterror(req, NT_STATUS_NO_MEMORY);
-- return;
-- }
--
-- tevent_req_set_callback(subreq, rpc_pipe_bind_step_two_done, req);
-- return;
--}
--
--static void rpc_pipe_bind_step_two_done(struct tevent_req *subreq)
--{
-- struct tevent_req *req =
-- tevent_req_callback_data(subreq,
-- struct tevent_req);
-- struct rpc_pipe_bind_state *state =
-- tevent_req_data(req,
-- struct rpc_pipe_bind_state);
-- NTSTATUS status;
--
-- status = dcerpc_netr_LogonGetCapabilities_r_recv(subreq, talloc_tos());
-- TALLOC_FREE(subreq);
-- if (NT_STATUS_EQUAL(status, NT_STATUS_RPC_PROCNUM_OUT_OF_RANGE)) {
-- if (state->creds->negotiate_flags & NETLOGON_NEG_SUPPORTS_AES) {
-- DEBUG(5, ("AES is not supported and the error was %s\n",
-- nt_errstr(status)));
-- tevent_req_nterror(req,
-- NT_STATUS_INVALID_NETWORK_RESPONSE);
-- return;
-- }
--
-- /* This is probably NT */
-- DEBUG(5, ("We are checking against an NT - %s\n",
-- nt_errstr(status)));
-- tevent_req_done(req);
-- return;
-- } else if (!NT_STATUS_IS_OK(status)) {
-- DEBUG(0, ("dcerpc_netr_LogonGetCapabilities_r_recv failed with %s\n",
-- nt_errstr(status)));
-- tevent_req_nterror(req, status);
-- return;
-- }
--
-- if (NT_STATUS_EQUAL(state->r.out.result, NT_STATUS_NOT_IMPLEMENTED)) {
-- if (state->creds->negotiate_flags & NETLOGON_NEG_SUPPORTS_AES) {
-- /* This means AES isn't supported. */
-- DEBUG(5, ("AES is not supported and the error was %s\n",
-- nt_errstr(state->r.out.result)));
-- tevent_req_nterror(req,
-- NT_STATUS_INVALID_NETWORK_RESPONSE);
-- return;
-- }
--
-- /* This is probably an old Samba version */
-- DEBUG(5, ("We are checking against an old Samba version - %s\n",
-- nt_errstr(state->r.out.result)));
-- tevent_req_done(req);
-- return;
-- }
--
-- /* We need to check the credential state here, cause win2k3 and earlier
-- * returns NT_STATUS_NOT_IMPLEMENTED */
-- if (!netlogon_creds_client_check(state->creds,
-- &state->r.out.return_authenticator->cred)) {
-- /*
-- * Server replied with bad credential. Fail.
-- */
-- DEBUG(0,("rpc_pipe_bind_step_two_done: server %s "
-- "replied with bad credential\n",
-- state->cli->desthost));
-- tevent_req_nterror(req, NT_STATUS_UNSUCCESSFUL);
-- return;
-- }
--
-- if (!NT_STATUS_IS_OK(state->r.out.result)) {
-- DEBUG(0, ("dcerpc_netr_LogonGetCapabilities_r_recv failed with %s\n",
-- nt_errstr(state->r.out.result)));
-- tevent_req_nterror(req, state->r.out.result);
-- return;
-- }
--
-- if (!(state->creds->negotiate_flags & NETLOGON_NEG_SUPPORTS_AES)) {
-- DEBUG(0, ("netr_LogonGetCapabilities is supported by %s, "
-- "but AES was not negotiated - downgrade detected",
-- state->cli->desthost));
-- tevent_req_nterror(req,
-- NT_STATUS_INVALID_NETWORK_RESPONSE);
-- return;
-- }
--
-- TALLOC_FREE(state->cli->dc);
-- state->cli->dc = talloc_move(state->cli, &state->creds);
--
-- tevent_req_done(req);
-- return;
--}
--
- static NTSTATUS rpc_bind_next_send(struct tevent_req *req,
- struct rpc_pipe_bind_state *state,
- DATA_BLOB *auth_token)
---
-1.9.3
-
-
-From f9b4e38b8458ec905b5f78e402f21f23c4a967e1 Mon Sep 17 00:00:00 2001
-From: Stefan Metzmacher <metze@samba.org>
-Date: Thu, 25 Apr 2013 19:33:28 +0200
-Subject: [PATCH 063/249] s3:rpc_client: remove unused
- cli_rpc_pipe_open_ntlmssp_auth_schannel()
-
-Signed-off-by: Stefan Metzmacher <metze@samba.org>
-
-Reviewed-by: Andrew Bartlett <abartlet@samba.org>
-(cherry picked from commit 04938cbeecc777f7b799a11f1ca0461b351d968a)
----
- source3/rpc_client/cli_pipe.h | 9 ----
- source3/rpc_client/cli_pipe_schannel.c | 80 ----------------------------------
- 2 files changed, 89 deletions(-)
-
-diff --git a/source3/rpc_client/cli_pipe.h b/source3/rpc_client/cli_pipe.h
-index 8eb6040..ab99373 100644
---- a/source3/rpc_client/cli_pipe.h
-+++ b/source3/rpc_client/cli_pipe.h
-@@ -109,15 +109,6 @@ NTSTATUS cli_rpc_pipe_open_schannel_with_key(struct cli_state *cli,
- struct netlogon_creds_CredentialState **pdc,
- struct rpc_pipe_client **presult);
-
--NTSTATUS cli_rpc_pipe_open_ntlmssp_auth_schannel(struct cli_state *cli,
-- const struct ndr_interface_table *table,
-- enum dcerpc_transport_t transport,
-- enum dcerpc_AuthLevel auth_level,
-- const char *domain,
-- const char *username,
-- const char *password,
-- struct rpc_pipe_client **presult);
--
- NTSTATUS cli_rpc_pipe_open_schannel(struct cli_state *cli,
- const struct ndr_interface_table *table,
- enum dcerpc_transport_t transport,
-diff --git a/source3/rpc_client/cli_pipe_schannel.c b/source3/rpc_client/cli_pipe_schannel.c
-index de745c0..aaae44b 100644
---- a/source3/rpc_client/cli_pipe_schannel.c
-+++ b/source3/rpc_client/cli_pipe_schannel.c
-@@ -86,86 +86,6 @@ static NTSTATUS get_schannel_session_key_common(struct rpc_pipe_client *netlogon
-
- /****************************************************************************
- Open a named pipe to an SMB server and bind using schannel (bind type 68).
-- Fetch the session key ourselves using a temporary netlogon pipe. This
-- version uses an ntlmssp auth bound netlogon pipe to get the key.
-- ****************************************************************************/
--
--static NTSTATUS get_schannel_session_key_auth_ntlmssp(struct cli_state *cli,
-- const char *domain,
-- const char *username,
-- const char *password,
-- uint32 *pneg_flags,
-- struct rpc_pipe_client **presult)
--{
-- struct rpc_pipe_client *netlogon_pipe = NULL;
-- NTSTATUS status;
--
-- status = cli_rpc_pipe_open_spnego(
-- cli, &ndr_table_netlogon, NCACN_NP,
-- GENSEC_OID_NTLMSSP,
-- DCERPC_AUTH_LEVEL_PRIVACY,
-- smbXcli_conn_remote_name(cli->conn),
-- domain, username, password, &netlogon_pipe);
-- if (!NT_STATUS_IS_OK(status)) {
-- return status;
-- }
--
-- status = get_schannel_session_key_common(netlogon_pipe, cli, domain,
-- pneg_flags);
-- if (!NT_STATUS_IS_OK(status)) {
-- TALLOC_FREE(netlogon_pipe);
-- return status;
-- }
--
-- *presult = netlogon_pipe;
-- return NT_STATUS_OK;
--}
--
--/****************************************************************************
-- Open a named pipe to an SMB server and bind using schannel (bind type 68).
-- Fetch the session key ourselves using a temporary netlogon pipe. This version
-- uses an ntlmssp bind to get the session key.
-- ****************************************************************************/
--
--NTSTATUS cli_rpc_pipe_open_ntlmssp_auth_schannel(struct cli_state *cli,
-- const struct ndr_interface_table *table,
-- enum dcerpc_transport_t transport,
-- enum dcerpc_AuthLevel auth_level,
-- const char *domain,
-- const char *username,
-- const char *password,
-- struct rpc_pipe_client **presult)
--{
-- uint32_t neg_flags = NETLOGON_NEG_AUTH2_ADS_FLAGS |
-- NETLOGON_NEG_SUPPORTS_AES;
-- struct rpc_pipe_client *netlogon_pipe = NULL;
-- struct rpc_pipe_client *result = NULL;
-- NTSTATUS status;
--
-- status = get_schannel_session_key_auth_ntlmssp(
-- cli, domain, username, password, &neg_flags, &netlogon_pipe);
-- if (!NT_STATUS_IS_OK(status)) {
-- DEBUG(0,("cli_rpc_pipe_open_ntlmssp_auth_schannel: failed to get schannel session "
-- "key from server %s for domain %s.\n",
-- smbXcli_conn_remote_name(cli->conn), domain ));
-- return status;
-- }
--
-- status = cli_rpc_pipe_open_schannel_with_key(
-- cli, table, transport, auth_level, domain, &netlogon_pipe->dc,
-- &result);
--
-- /* Now we've bound using the session key we can close the netlog pipe. */
-- TALLOC_FREE(netlogon_pipe);
--
-- if (NT_STATUS_IS_OK(status)) {
-- *presult = result;
-- }
-- return status;
--}
--
--/****************************************************************************
-- Open a named pipe to an SMB server and bind using schannel (bind type 68).
- Fetch the session key ourselves using a temporary netlogon pipe.
- ****************************************************************************/
-
---
-1.9.3
-
-
-From 35d07a4d7ca15e4cf22f7cc96d6958c9856dc0a0 Mon Sep 17 00:00:00 2001
-From: Stefan Metzmacher <metze@samba.org>
-Date: Sat, 3 Aug 2013 11:26:13 +0200
-Subject: [PATCH 064/249] auth/gensec: first check GENSEC_FEATURE_SESSION_KEY
- before returning NOT_IMPLEMENTED
-
-Preferr NT_STATUS_NO_USER_SESSION_KEY as return value of gensec_session_key().
-
-Signed-off-by: Stefan Metzmacher <metze@samba.org>
-
-Reviewed-by: Andrew Bartlett <abartlet@samba.org>
-(cherry picked from commit 45c74c8084d2db14fef6a79cd98068be2ab73f30)
----
- auth/gensec/gensec.c | 7 ++++---
- 1 file changed, 4 insertions(+), 3 deletions(-)
-
-diff --git a/auth/gensec/gensec.c b/auth/gensec/gensec.c
-index ea62861..9a8f0ef 100644
---- a/auth/gensec/gensec.c
-+++ b/auth/gensec/gensec.c
-@@ -155,13 +155,14 @@ _PUBLIC_ NTSTATUS gensec_session_key(struct gensec_security *gensec_security,
- TALLOC_CTX *mem_ctx,
- DATA_BLOB *session_key)
- {
-- if (!gensec_security->ops->session_key) {
-- return NT_STATUS_NOT_IMPLEMENTED;
-- }
- if (!gensec_have_feature(gensec_security, GENSEC_FEATURE_SESSION_KEY)) {
- return NT_STATUS_NO_USER_SESSION_KEY;
- }
-
-+ if (!gensec_security->ops->session_key) {
-+ return NT_STATUS_NOT_IMPLEMENTED;
-+ }
-+
- return gensec_security->ops->session_key(gensec_security, mem_ctx, session_key);
- }
-
---
-1.9.3
-
-
-From 6eda030bd26347cef3fb670b0876956c97c00bfa Mon Sep 17 00:00:00 2001
-From: Stefan Metzmacher <metze@samba.org>
-Date: Sat, 3 Aug 2013 11:43:58 +0200
-Subject: [PATCH 065/249] auth/gensec: add gensec_security_by_auth_type()
-
-Signed-off-by: Stefan Metzmacher <metze@samba.org>
-
-Reviewed-by: Andrew Bartlett <abartlet@samba.org>
-(cherry picked from commit 59b09564a7edac8dc241269587146342244ce58b)
----
- auth/gensec/gensec.h | 3 +++
- auth/gensec/gensec_start.c | 26 ++++++++++++++++++++++++++
- 2 files changed, 29 insertions(+)
-
-diff --git a/auth/gensec/gensec.h b/auth/gensec/gensec.h
-index 396a16d..c080861 100644
---- a/auth/gensec/gensec.h
-+++ b/auth/gensec/gensec.h
-@@ -268,6 +268,9 @@ const struct gensec_security_ops *gensec_security_by_oid(struct gensec_security
- const char *oid_string);
- const struct gensec_security_ops *gensec_security_by_sasl_name(struct gensec_security *gensec_security,
- const char *sasl_name);
-+const struct gensec_security_ops *gensec_security_by_auth_type(
-+ struct gensec_security *gensec_security,
-+ uint32_t auth_type);
- struct gensec_security_ops **gensec_security_mechs(struct gensec_security *gensec_security,
- TALLOC_CTX *mem_ctx);
- const struct gensec_security_ops_wrapper *gensec_security_by_oid_list(
-diff --git a/auth/gensec/gensec_start.c b/auth/gensec/gensec_start.c
-index e46f0ee..c2cfa1c 100644
---- a/auth/gensec/gensec_start.c
-+++ b/auth/gensec/gensec_start.c
-@@ -246,6 +246,32 @@ _PUBLIC_ const struct gensec_security_ops *gensec_security_by_sasl_name(
- return NULL;
- }
-
-+_PUBLIC_ const struct gensec_security_ops *gensec_security_by_auth_type(
-+ struct gensec_security *gensec_security,
-+ uint32_t auth_type)
-+{
-+ int i;
-+ struct gensec_security_ops **backends;
-+ const struct gensec_security_ops *backend;
-+ TALLOC_CTX *mem_ctx = talloc_new(gensec_security);
-+ if (!mem_ctx) {
-+ return NULL;
-+ }
-+ backends = gensec_security_mechs(gensec_security, mem_ctx);
-+ for (i=0; backends && backends[i]; i++) {
-+ if (!gensec_security_ops_enabled(backends[i], gensec_security))
-+ continue;
-+ if (backends[i]->auth_type == auth_type) {
-+ backend = backends[i];
-+ talloc_free(mem_ctx);
-+ return backend;
-+ }
-+ }
-+ talloc_free(mem_ctx);
-+
-+ return NULL;
-+}
-+
- static const struct gensec_security_ops *gensec_security_by_name(struct gensec_security *gensec_security,
- const char *name)
- {
---
-1.9.3
-
-
-From f4e1506ed3a032d38605207f592cbc4ece93a414 Mon Sep 17 00:00:00 2001
-From: Stefan Metzmacher <metze@samba.org>
-Date: Wed, 24 Apr 2013 12:33:28 +0200
-Subject: [PATCH 066/249] libcli/auth: maintain the sequence number for the
- NETLOGON SSP as 64bit
-
-See [MS-NPRC] 3.3.4.2 The Netlogon Signature Token.
-
-Signed-off-by: Stefan Metzmacher <metze@samba.org>
-
-Reviewed-by: Andrew Bartlett <abartlet@samba.org>
-(cherry picked from commit 9f2e81ae02549369db49c05edf7071612a03a8b8)
----
- libcli/auth/schannel.h | 2 +-
- libcli/auth/schannel_sign.c | 17 +++++++++++++----
- source3/librpc/rpc/dcerpc_helpers.c | 4 ++--
- 3 files changed, 16 insertions(+), 7 deletions(-)
-
-diff --git a/libcli/auth/schannel.h b/libcli/auth/schannel.h
-index bfccd95..271b5bb 100644
---- a/libcli/auth/schannel.h
-+++ b/libcli/auth/schannel.h
-@@ -30,7 +30,7 @@ enum schannel_position {
-
- struct schannel_state {
- enum schannel_position state;
-- uint32_t seq_num;
-+ uint64_t seq_num;
- bool initiator;
- struct netlogon_creds_CredentialState *creds;
- };
-diff --git a/libcli/auth/schannel_sign.c b/libcli/auth/schannel_sign.c
-index 1871da2..6e5d454 100644
---- a/libcli/auth/schannel_sign.c
-+++ b/libcli/auth/schannel_sign.c
-@@ -24,6 +24,17 @@
- #include "../libcli/auth/schannel.h"
- #include "../lib/crypto/crypto.h"
-
-+#define SETUP_SEQNUM(state, buf, initiator) do { \
-+ uint8_t *_buf = buf; \
-+ uint32_t _seq_num_low = (state)->seq_num & UINT32_MAX; \
-+ uint32_t _seq_num_high = (state)->seq_num >> 32; \
-+ if (initiator) { \
-+ _seq_num_high |= 0x80000000; \
-+ } \
-+ RSIVAL(_buf, 0, _seq_num_low); \
-+ RSIVAL(_buf, 4, _seq_num_high); \
-+} while(0)
-+
- static void netsec_offset_and_sizes(struct schannel_state *state,
- bool do_seal,
- uint32_t *_min_sig_size,
-@@ -255,8 +266,7 @@ NTSTATUS netsec_incoming_packet(struct schannel_state *state,
- confounder = NULL;
- }
-
-- RSIVAL(seq_num, 0, state->seq_num);
-- SIVAL(seq_num, 4, state->initiator?0:0x80);
-+ SETUP_SEQNUM(state, seq_num, !state->initiator);
-
- if (do_unseal) {
- netsec_do_seal(state, seq_num,
-@@ -325,8 +335,7 @@ NTSTATUS netsec_outgoing_packet(struct schannel_state *state,
- &checksum_length,
- &confounder_ofs);
-
-- RSIVAL(seq_num, 0, state->seq_num);
-- SIVAL(seq_num, 4, state->initiator?0x80:0);
-+ SETUP_SEQNUM(state, seq_num, state->initiator);
-
- if (do_seal) {
- confounder = _confounder;
-diff --git a/source3/librpc/rpc/dcerpc_helpers.c b/source3/librpc/rpc/dcerpc_helpers.c
-index a55e419..0095990 100644
---- a/source3/librpc/rpc/dcerpc_helpers.c
-+++ b/source3/librpc/rpc/dcerpc_helpers.c
-@@ -462,8 +462,8 @@ static NTSTATUS add_schannel_auth_footer(struct schannel_state *sas,
- return NT_STATUS_INVALID_PARAMETER;
- }
-
-- DEBUG(10,("add_schannel_auth_footer: SCHANNEL seq_num=%d\n",
-- sas->seq_num));
-+ DEBUG(10,("add_schannel_auth_footer: SCHANNEL seq_num=%llu\n",
-+ (unsigned long long)sas->seq_num));
-
- switch (auth_level) {
- case DCERPC_AUTH_LEVEL_PRIVACY:
---
-1.9.3
-
-
-From f99afc1924dbb267e696bbdf26db606a8c77f093 Mon Sep 17 00:00:00 2001
-From: Stefan Metzmacher <metze@samba.org>
-Date: Fri, 2 Aug 2013 12:53:42 +0200
-Subject: [PATCH 067/249] libcli/auth: add netsec_create_state()
-
-Signed-off-by: Stefan Metzmacher <metze@samba.org>
-
-Reviewed-by: Andrew Bartlett <abartlet@samba.org>
-(cherry picked from commit 33215398f32c76f4b8ada7b547c6d0741cb2ac16)
----
- libcli/auth/schannel_proto.h | 3 +++
- libcli/auth/schannel_sign.c | 23 +++++++++++++++++++++++
- 2 files changed, 26 insertions(+)
-
-diff --git a/libcli/auth/schannel_proto.h b/libcli/auth/schannel_proto.h
-index 0414218..da76559 100644
---- a/libcli/auth/schannel_proto.h
-+++ b/libcli/auth/schannel_proto.h
-@@ -28,6 +28,9 @@ struct schannel_state;
- struct db_context *open_schannel_session_store(TALLOC_CTX *mem_ctx,
- struct loadparm_context *lp_ctx);
-
-+struct schannel_state *netsec_create_state(TALLOC_CTX *mem_ctx,
-+ struct netlogon_creds_CredentialState *creds,
-+ bool initiator);
- NTSTATUS netsec_incoming_packet(struct schannel_state *state,
- bool do_unseal,
- uint8_t *data, size_t length,
-diff --git a/libcli/auth/schannel_sign.c b/libcli/auth/schannel_sign.c
-index 6e5d454..518a6a9 100644
---- a/libcli/auth/schannel_sign.c
-+++ b/libcli/auth/schannel_sign.c
-@@ -35,6 +35,29 @@
- RSIVAL(_buf, 4, _seq_num_high); \
- } while(0)
-
-+struct schannel_state *netsec_create_state(TALLOC_CTX *mem_ctx,
-+ struct netlogon_creds_CredentialState *creds,
-+ bool initiator)
-+{
-+ struct schannel_state *state;
-+
-+ state = talloc(mem_ctx, struct schannel_state);
-+ if (state == NULL) {
-+ return NULL;
-+ }
-+
-+ state->state = SCHANNEL_STATE_UPDATE_1;
-+ state->initiator = initiator;
-+ state->seq_num = 0;
-+ state->creds = netlogon_creds_copy(state, creds);
-+ if (state->creds == NULL) {
-+ talloc_free(state);
-+ return NULL;
-+ }
-+
-+ return state;
-+}
-+
- static void netsec_offset_and_sizes(struct schannel_state *state,
- bool do_seal,
- uint32_t *_min_sig_size,
---
-1.9.3
-
-
-From f13417a00173fcde96417773a1a551caced24c8b Mon Sep 17 00:00:00 2001
-From: Stefan Metzmacher <metze@samba.org>
-Date: Fri, 2 Aug 2013 13:28:11 +0200
-Subject: [PATCH 068/249] s3:cli_pipe: make use of netsec_create_state()
-
-Signed-off-by: Stefan Metzmacher <metze@samba.org>
-
-Reviewed-by: Andrew Bartlett <abartlet@samba.org>
-(cherry picked from commit e96142fc439efb7c90719f9c387778c4218ae637)
----
- source3/rpc_client/cli_pipe.c | 9 +--------
- 1 file changed, 1 insertion(+), 8 deletions(-)
-
-diff --git a/source3/rpc_client/cli_pipe.c b/source3/rpc_client/cli_pipe.c
-index cba055a..9e979b0 100644
---- a/source3/rpc_client/cli_pipe.c
-+++ b/source3/rpc_client/cli_pipe.c
-@@ -2271,18 +2271,11 @@ static NTSTATUS rpccli_schannel_bind_data(TALLOC_CTX *mem_ctx,
- goto fail;
- }
-
-- schannel_auth = talloc_zero(result, struct schannel_state);
-+ schannel_auth = netsec_create_state(result, creds, true /* initiator */);
- if (schannel_auth == NULL) {
- goto fail;
- }
-
-- schannel_auth->state = SCHANNEL_STATE_START;
-- schannel_auth->initiator = true;
-- schannel_auth->creds = netlogon_creds_copy(schannel_auth, creds);
-- if (schannel_auth->creds == NULL) {
-- goto fail;
-- }
--
- result->auth_ctx = schannel_auth;
- *presult = result;
- return NT_STATUS_OK;
---
-1.9.3
-
-
-From becf68bc072fdfab4489326d148775ebdbe27fda Mon Sep 17 00:00:00 2001
-From: Stefan Metzmacher <metze@samba.org>
-Date: Fri, 2 Aug 2013 13:28:59 +0200
-Subject: [PATCH 069/249] s3:cli_pipe: pass down creds->computer_name to
- NL_AUTH_MESSAGE
-
-We need to use the same computer_name value as in the netr_Authenticate3()
-request.
-
-We abuse cli->auth->user_name to pass the value down.
-
-Signed-off-by: Stefan Metzmacher <metze@samba.org>
-
-Reviewed-by: Andrew Bartlett <abartlet@samba.org>
-(cherry picked from commit 838cb539621ef19cac6badb4b10678dcc3a6f68a)
----
- source3/rpc_client/cli_pipe.c | 13 ++++++-------
- 1 file changed, 6 insertions(+), 7 deletions(-)
-
-diff --git a/source3/rpc_client/cli_pipe.c b/source3/rpc_client/cli_pipe.c
-index 9e979b0..1de71fb 100644
---- a/source3/rpc_client/cli_pipe.c
-+++ b/source3/rpc_client/cli_pipe.c
-@@ -1027,13 +1027,12 @@ static NTSTATUS create_schannel_auth_rpc_bind_req(struct rpc_pipe_client *cli,
- NTSTATUS status;
- struct NL_AUTH_MESSAGE r;
-
-- /* Use lp_workgroup() if domain not specified */
-+ if (!cli->auth->user_name || !cli->auth->user_name[0]) {
-+ return NT_STATUS_INVALID_PARAMETER_MIX;
-+ }
-
- if (!cli->auth->domain || !cli->auth->domain[0]) {
-- cli->auth->domain = talloc_strdup(cli, lp_workgroup());
-- if (cli->auth->domain == NULL) {
-- return NT_STATUS_NO_MEMORY;
-- }
-+ return NT_STATUS_INVALID_PARAMETER_MIX;
- }
-
- /*
-@@ -1044,7 +1043,7 @@ static NTSTATUS create_schannel_auth_rpc_bind_req(struct rpc_pipe_client *cli,
- r.Flags = NL_FLAG_OEM_NETBIOS_DOMAIN_NAME |
- NL_FLAG_OEM_NETBIOS_COMPUTER_NAME;
- r.oem_netbios_domain.a = cli->auth->domain;
-- r.oem_netbios_computer.a = lp_netbios_name();
-+ r.oem_netbios_computer.a = cli->auth->user_name;
-
- status = dcerpc_push_schannel_bind(cli, &r, auth_token);
- if (!NT_STATUS_IS_OK(status)) {
-@@ -2265,7 +2264,7 @@ static NTSTATUS rpccli_schannel_bind_data(TALLOC_CTX *mem_ctx,
- result->auth_type = DCERPC_AUTH_TYPE_SCHANNEL;
- result->auth_level = auth_level;
-
-- result->user_name = talloc_strdup(result, "");
-+ result->user_name = talloc_strdup(result, creds->computer_name);
- result->domain = talloc_strdup(result, domain);
- if ((result->user_name == NULL) || (result->domain == NULL)) {
- goto fail;
---
-1.9.3
-
-
-From b447ab32047f33d306ee891d1d3fe2ae5a8c56f1 Mon Sep 17 00:00:00 2001
-From: Stefan Metzmacher <metze@samba.org>
-Date: Sat, 3 Aug 2013 08:50:54 +0200
-Subject: [PATCH 070/249] s3:cli_pipe.c: return NO_USER_SESSION_KEY in
- cli_get_session_key() for schannel
-
-SCHANNEL connections don't have a user session key,
-they're like anonymous connections.
-
-Signed-off-by: Stefan Metzmacher <metze@samba.org>
-
-Reviewed-by: Andrew Bartlett <abartlet@samba.org>
-(cherry picked from commit af4dc306846a30a5a1201306cc2cbf4d494e16e7)
----
- source3/rpc_client/cli_pipe.c | 7 -------
- 1 file changed, 7 deletions(-)
-
-diff --git a/source3/rpc_client/cli_pipe.c b/source3/rpc_client/cli_pipe.c
-index 1de71fb..470469f 100644
---- a/source3/rpc_client/cli_pipe.c
-+++ b/source3/rpc_client/cli_pipe.c
-@@ -3091,7 +3091,6 @@ NTSTATUS cli_get_session_key(TALLOC_CTX *mem_ctx,
- {
- NTSTATUS status;
- struct pipe_auth_data *a;
-- struct schannel_state *schannel_auth;
- struct gensec_security *gensec_security;
- DATA_BLOB sk = data_blob_null;
- bool make_dup = false;
-@@ -3107,12 +3106,6 @@ NTSTATUS cli_get_session_key(TALLOC_CTX *mem_ctx,
- }
-
- switch (cli->auth->auth_type) {
-- case DCERPC_AUTH_TYPE_SCHANNEL:
-- schannel_auth = talloc_get_type_abort(a->auth_ctx,
-- struct schannel_state);
-- sk = data_blob_const(schannel_auth->creds->session_key, 16);
-- make_dup = true;
-- break;
- case DCERPC_AUTH_TYPE_SPNEGO:
- case DCERPC_AUTH_TYPE_NTLMSSP:
- case DCERPC_AUTH_TYPE_KRB5:
---
-1.9.3
-
-
-From abebeb10c26f6fa7e61c56553ce1e52b5d45937a Mon Sep 17 00:00:00 2001
-From: Stefan Metzmacher <metze@samba.org>
-Date: Fri, 2 Aug 2013 13:33:37 +0200
-Subject: [PATCH 071/249] s3:rpc_server: make use of netsec_create_state()
-
-Signed-off-by: Stefan Metzmacher <metze@samba.org>
-
-Reviewed-by: Andrew Bartlett <abartlet@samba.org>
-(cherry picked from commit a964309bf7631f4f6953e0d6556f8ed8e5300dcc)
----
- source3/rpc_server/srv_pipe.c | 12 ++++--------
- 1 file changed, 4 insertions(+), 8 deletions(-)
-
-diff --git a/source3/rpc_server/srv_pipe.c b/source3/rpc_server/srv_pipe.c
-index 7daff04..9043a14 100644
---- a/source3/rpc_server/srv_pipe.c
-+++ b/source3/rpc_server/srv_pipe.c
-@@ -462,8 +462,8 @@ static bool pipe_schannel_auth_bind(struct pipes_struct *p,
- */
-
- become_root();
-- status = schannel_get_creds_state(p, lp_ctx,
-- neg.oem_netbios_computer.a, &creds);
-+ status = schannel_get_creds_state(p->mem_ctx, lp_ctx,
-+ neg.oem_netbios_computer.a, &creds);
- unbecome_root();
-
- talloc_unlink(p, lp_ctx);
-@@ -472,16 +472,12 @@ static bool pipe_schannel_auth_bind(struct pipes_struct *p,
- return False;
- }
-
-- schannel_auth = talloc_zero(p, struct schannel_state);
-+ schannel_auth = netsec_create_state(p, creds, false /* not initiator */);
-+ TALLOC_FREE(creds);
- if (!schannel_auth) {
-- TALLOC_FREE(creds);
- return False;
- }
-
-- schannel_auth->state = SCHANNEL_STATE_START;
-- schannel_auth->initiator = false;
-- schannel_auth->creds = creds;
--
- /*
- * JRA. Should we also copy the schannel session key into the pipe session key p->session_key
- * here ? We do that for NTLMSSP, but the session key is already set up from the vuser
---
-1.9.3
-
-
-From b567c4ef93de5c098d724c15b614f5f233903812 Mon Sep 17 00:00:00 2001
-From: Stefan Metzmacher <metze@samba.org>
-Date: Fri, 2 Aug 2013 13:36:30 +0200
-Subject: [PATCH 072/249] s3:dcerpc_helpers: remove unused DEBUG message of
- schannel_state->seq_num.
-
-This is a layer violation and not needed anymore as we know
-how the seqnum handling works now.
-
-Signed-off-by: Stefan Metzmacher <metze@samba.org>
-
-Reviewed-by: Andrew Bartlett <abartlet@samba.org>
-(cherry picked from commit a36ccdc83edb7437dd00601c459421286fd79db4)
----
- source3/librpc/rpc/dcerpc_helpers.c | 3 ---
- 1 file changed, 3 deletions(-)
-
-diff --git a/source3/librpc/rpc/dcerpc_helpers.c b/source3/librpc/rpc/dcerpc_helpers.c
-index 0095990..97999d7 100644
---- a/source3/librpc/rpc/dcerpc_helpers.c
-+++ b/source3/librpc/rpc/dcerpc_helpers.c
-@@ -462,9 +462,6 @@ static NTSTATUS add_schannel_auth_footer(struct schannel_state *sas,
- return NT_STATUS_INVALID_PARAMETER;
- }
-
-- DEBUG(10,("add_schannel_auth_footer: SCHANNEL seq_num=%llu\n",
-- (unsigned long long)sas->seq_num));
--
- switch (auth_level) {
- case DCERPC_AUTH_LEVEL_PRIVACY:
- status = netsec_outgoing_packet(sas,
---
-1.9.3
-
-
-From e044773b51b76b3582669ee7e3a388d6471e2f2e Mon Sep 17 00:00:00 2001
-From: Stefan Metzmacher <metze@samba.org>
-Date: Fri, 2 Aug 2013 10:08:54 +0200
-Subject: [PATCH 073/249] s4:libnet: avoid usage of dcerpc_schannel_creds()
-
-We use cli_credentials_get_netlogon_creds() which returns the same value.
-
-dcerpc_schannel_creds() is a layer violation.
-
-Signed-off-by: Stefan Metzmacher <metze@samba.org>
-
-Reviewed-by: Andrew Bartlett <abartlet@samba.org>
-(cherry picked from commit c0144273af8f0956a05d102113c40cec77069f7a)
----
- source4/libnet/libnet_samsync.c | 7 +++----
- 1 file changed, 3 insertions(+), 4 deletions(-)
-
-diff --git a/source4/libnet/libnet_samsync.c b/source4/libnet/libnet_samsync.c
-index 9629b9f..206d81e 100644
---- a/source4/libnet/libnet_samsync.c
-+++ b/source4/libnet/libnet_samsync.c
-@@ -25,7 +25,6 @@
- #include "libcli/auth/libcli_auth.h"
- #include "../libcli/samsync/samsync.h"
- #include "auth/gensec/gensec.h"
--#include "auth/gensec/schannel.h"
- #include "auth/credentials/credentials.h"
- #include "libcli/auth/schannel.h"
- #include "librpc/gen_ndr/ndr_netlogon.h"
-@@ -183,9 +182,9 @@ NTSTATUS libnet_SamSync_netlogon(struct libnet_context *ctx, TALLOC_CTX *mem_ctx
-
- /* get NETLOGON credentials */
-
-- nt_status = dcerpc_schannel_creds(p->conn->security_state.generic_state, samsync_ctx, &creds);
-- if (!NT_STATUS_IS_OK(nt_status)) {
-- r->out.error_string = talloc_strdup(mem_ctx, "Could not obtain NETLOGON credentials from DCERPC/GENSEC layer");
-+ creds = cli_credentials_get_netlogon_creds(machine_account);
-+ if (creds == NULL) {
-+ r->out.error_string = talloc_strdup(mem_ctx, "Could not obtain NETLOGON credentials from credentials");
- talloc_free(samsync_ctx);
- return nt_status;
- }
---
-1.9.3
-
-
-From 322dc86454fc4e60de641ef02da2c2744c347001 Mon Sep 17 00:00:00 2001
-From: Stefan Metzmacher <metze@samba.org>
-Date: Fri, 2 Aug 2013 10:08:54 +0200
-Subject: [PATCH 074/249] s4:torture: avoid usage of dcerpc_schannel_creds()
-
-We use cli_credentials_get_netlogon_creds() which returns the same value.
-
-dcerpc_schannel_creds() is a layer violation.
-
-Signed-off-by: Stefan Metzmacher <metze@samba.org>
-
-Reviewed-by: Andrew Bartlett <abartlet@samba.org>
-(cherry picked from commit 2ea3a24dced0814100e352bbbca124011be73602)
----
- source4/torture/rpc/samlogon.c | 5 ++---
- source4/torture/rpc/samr.c | 6 +++---
- source4/torture/rpc/samsync.c | 11 ++++-------
- source4/torture/rpc/schannel.c | 6 ++----
- 4 files changed, 11 insertions(+), 17 deletions(-)
-
-diff --git a/source4/torture/rpc/samlogon.c b/source4/torture/rpc/samlogon.c
-index 4861038..886ff39 100644
---- a/source4/torture/rpc/samlogon.c
-+++ b/source4/torture/rpc/samlogon.c
-@@ -29,7 +29,6 @@
- #include "lib/cmdline/popt_common.h"
- #include "torture/rpc/torture_rpc.h"
- #include "auth/gensec/gensec.h"
--#include "auth/gensec/schannel.h"
- #include "libcli/auth/libcli_auth.h"
- #include "param/param.h"
-
-@@ -1764,8 +1763,8 @@ bool torture_rpc_samlogon(struct torture_context *torture)
- torture_assert_ntstatus_ok_goto(torture, status, ret, failed,
- talloc_asprintf(torture, "RPC pipe connect as domain member failed: %s\n", nt_errstr(status)));
-
-- status = dcerpc_schannel_creds(p->conn->security_state.generic_state, mem_ctx, &creds);
-- if (!NT_STATUS_IS_OK(status)) {
-+ creds = cli_credentials_get_netlogon_creds(machine_credentials);
-+ if (creds == NULL) {
- ret = false;
- goto failed;
- }
-diff --git a/source4/torture/rpc/samr.c b/source4/torture/rpc/samr.c
-index cdfa2b8..d4d64f9 100644
---- a/source4/torture/rpc/samr.c
-+++ b/source4/torture/rpc/samr.c
-@@ -37,7 +37,6 @@
- #include "torture/rpc/torture_rpc.h"
- #include "param/param.h"
- #include "auth/gensec/gensec.h"
--#include "auth/gensec/schannel.h"
- #include "auth/gensec/gensec_proto.h"
- #include "../libcli/auth/schannel.h"
-
-@@ -2959,6 +2958,7 @@ static bool test_QueryUserInfo_pwdlastset(struct dcerpc_binding_handle *b,
-
- static bool test_SamLogon(struct torture_context *tctx,
- struct dcerpc_pipe *p,
-+ struct cli_credentials *machine_credentials,
- struct cli_credentials *test_credentials,
- NTSTATUS expected_result,
- bool interactive)
-@@ -2978,7 +2978,7 @@ static bool test_SamLogon(struct torture_context *tctx,
- struct netr_Authenticator a;
- struct dcerpc_binding_handle *b = p->binding_handle;
-
-- torture_assert_ntstatus_ok(tctx, dcerpc_schannel_creds(p->conn->security_state.generic_state, tctx, &creds), "");
-+ torture_assert(tctx, (creds = cli_credentials_get_netlogon_creds(machine_credentials)), "");
-
- if (lpcfg_client_lanman_auth(tctx->lp_ctx)) {
- flags |= CLI_CRED_LANMAN_AUTH;
-@@ -3105,7 +3105,7 @@ static bool test_SamLogon_with_creds(struct torture_context *tctx,
- torture_comment(tctx, "Testing samlogon (%s) as %s password: %s\n",
- interactive ? "interactive" : "network", acct_name, password);
-
-- if (!test_SamLogon(tctx, p, test_credentials,
-+ if (!test_SamLogon(tctx, p, machine_creds, test_credentials,
- expected_samlogon_result, interactive)) {
- torture_warning(tctx, "new password did not work\n");
- ret = false;
-diff --git a/source4/torture/rpc/samsync.c b/source4/torture/rpc/samsync.c
-index 81027d0..15cab73 100644
---- a/source4/torture/rpc/samsync.c
-+++ b/source4/torture/rpc/samsync.c
-@@ -27,7 +27,6 @@
- #include "system/time.h"
- #include "torture/rpc/torture_rpc.h"
- #include "auth/gensec/gensec.h"
--#include "auth/gensec/schannel.h"
- #include "libcli/auth/libcli_auth.h"
- #include "libcli/samsync/samsync.h"
- #include "libcli/security/security.h"
-@@ -1720,9 +1719,8 @@ bool torture_rpc_samsync(struct torture_context *torture)
- }
- samsync_state->b = samsync_state->p->binding_handle;
-
-- status = dcerpc_schannel_creds(samsync_state->p->conn->security_state.generic_state,
-- samsync_state, &samsync_state->creds);
-- if (!NT_STATUS_IS_OK(status)) {
-+ samsync_state->creds = cli_credentials_get_netlogon_creds(credentials);
-+ if (samsync_state->creds == NULL) {
- ret = false;
- }
-
-@@ -1758,9 +1756,8 @@ bool torture_rpc_samsync(struct torture_context *torture)
- goto failed;
- }
-
-- status = dcerpc_schannel_creds(samsync_state->p_netlogon_wksta->conn->security_state.generic_state,
-- samsync_state, &samsync_state->creds_netlogon_wksta);
-- if (!NT_STATUS_IS_OK(status)) {
-+ samsync_state->creds_netlogon_wksta = cli_credentials_get_netlogon_creds(credentials_wksta);
-+ if (samsync_state->creds_netlogon_wksta == NULL) {
- torture_comment(torture, "Failed to obtail schanel creds!\n");
- ret = false;
- }
-diff --git a/source4/torture/rpc/schannel.c b/source4/torture/rpc/schannel.c
-index 8203749..0098dcf 100644
---- a/source4/torture/rpc/schannel.c
-+++ b/source4/torture/rpc/schannel.c
-@@ -26,14 +26,12 @@
- #include "auth/credentials/credentials.h"
- #include "torture/rpc/torture_rpc.h"
- #include "lib/cmdline/popt_common.h"
--#include "auth/gensec/schannel.h"
- #include "../libcli/auth/schannel.h"
- #include "libcli/auth/libcli_auth.h"
- #include "libcli/security/security.h"
- #include "system/filesys.h"
- #include "param/param.h"
- #include "librpc/rpc/dcerpc_proto.h"
--#include "auth/gensec/gensec.h"
- #include "libcli/composite/composite.h"
- #include "lib/events/events.h"
-
-@@ -413,8 +411,8 @@ static bool test_schannel(struct torture_context *tctx,
-
- torture_assert_ntstatus_ok(tctx, status, "bind auth");
-
-- status = dcerpc_schannel_creds(p_netlogon->conn->security_state.generic_state, tctx, &creds);
-- torture_assert_ntstatus_ok(tctx, status, "schannel creds");
-+ creds = cli_credentials_get_netlogon_creds(credentials);
-+ torture_assert(tctx, (creds != NULL), "schannel creds");
-
- /* checks the capabilities */
- torture_assert(tctx, test_netlogon_capabilities(p_netlogon, tctx, credentials, creds),
---
-1.9.3
-
-
-From fa1c5bc2cdff9decd361c919567c502ef0c09385 Mon Sep 17 00:00:00 2001
-From: Stefan Metzmacher <metze@samba.org>
-Date: Fri, 2 Aug 2013 12:31:41 +0200
-Subject: [PATCH 075/249] s4:gensec/schannel: remove unused
- dcerpc_schannel_creds()
-
-Signed-off-by: Stefan Metzmacher <metze@samba.org>
-
-Reviewed-by: Andrew Bartlett <abartlet@samba.org>
-(cherry picked from commit 4cad5dcb6d5e49cc9bb1aa4ca454f369e00e8c6f)
----
- source4/auth/gensec/schannel.c | 23 -----------------------
- source4/auth/gensec/schannel.h | 26 --------------------------
- 2 files changed, 49 deletions(-)
- delete mode 100644 source4/auth/gensec/schannel.h
-
-diff --git a/source4/auth/gensec/schannel.c b/source4/auth/gensec/schannel.c
-index e7c545f..10d2565 100644
---- a/source4/auth/gensec/schannel.c
-+++ b/source4/auth/gensec/schannel.c
-@@ -29,7 +29,6 @@
- #include "../libcli/auth/schannel.h"
- #include "librpc/rpc/dcerpc.h"
- #include "param/param.h"
--#include "auth/gensec/schannel.h"
- #include "auth/gensec/gensec_toplevel_proto.h"
-
- _PUBLIC_ NTSTATUS gensec_schannel_init(void);
-@@ -204,28 +203,6 @@ static NTSTATUS schannel_update(struct gensec_security *gensec_security, TALLOC_
- }
-
- /**
-- * Return the struct netlogon_creds_CredentialState.
-- *
-- * Make sure not to call this unless gensec is using schannel...
-- */
--
--/* TODO: make this non-public */
--
--_PUBLIC_ NTSTATUS dcerpc_schannel_creds(struct gensec_security *gensec_security,
-- TALLOC_CTX *mem_ctx,
-- struct netlogon_creds_CredentialState **creds)
--{
-- struct schannel_state *state = talloc_get_type(gensec_security->private_data, struct schannel_state);
--
-- *creds = talloc_reference(mem_ctx, state->creds);
-- if (!*creds) {
-- return NT_STATUS_NO_MEMORY;
-- }
-- return NT_STATUS_OK;
--}
--
--
--/**
- * Returns anonymous credentials for schannel, matching Win2k3.
- *
- */
-diff --git a/source4/auth/gensec/schannel.h b/source4/auth/gensec/schannel.h
-deleted file mode 100644
-index 88a32a7..0000000
---- a/source4/auth/gensec/schannel.h
-+++ /dev/null
-@@ -1,26 +0,0 @@
--/*
-- Unix SMB/CIFS implementation.
--
-- dcerpc schannel operations
--
-- Copyright (C) Andrew Tridgell 2004
-- Copyright (C) Andrew Bartlett <abartlet@samba.org> 2004-2005
--
-- This program is free software; you can redistribute it and/or modify
-- it under the terms of the GNU General Public License as published by
-- the Free Software Foundation; either version 3 of the License, or
-- (at your option) any later version.
--
-- This program is distributed in the hope that it will be useful,
-- but WITHOUT ANY WARRANTY; without even the implied warranty of
-- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-- GNU General Public License for more details.
--
-- You should have received a copy of the GNU General Public License
-- along with this program. If not, see <http://www.gnu.org/licenses/>.
--*/
--
--struct netlogon_creds_CredentialState;
--NTSTATUS dcerpc_schannel_creds(struct gensec_security *gensec_security,
-- TALLOC_CTX *mem_ctx,
-- struct netlogon_creds_CredentialState **creds);
---
-1.9.3
-
-
-From eeb52af669e963ac856fc77be6a47f7ed33d8580 Mon Sep 17 00:00:00 2001
-From: Stefan Metzmacher <metze@samba.org>
-Date: Fri, 2 Aug 2013 13:04:07 +0200
-Subject: [PATCH 076/249] s4:gensec/schannel: simplify the code by using
- netsec_create_state()
-
-Signed-off-by: Stefan Metzmacher <metze@samba.org>
-
-Reviewed-by: Andrew Bartlett <abartlet@samba.org>
-(cherry picked from commit 49f347eb11bd12a3f25b0fcb8ba36d4a36594868)
----
- source4/auth/gensec/schannel.c | 98 +++++++++++++-----------------------------
- 1 file changed, 30 insertions(+), 68 deletions(-)
-
-diff --git a/source4/auth/gensec/schannel.c b/source4/auth/gensec/schannel.c
-index 10d2565..3896a41 100644
---- a/source4/auth/gensec/schannel.c
-+++ b/source4/auth/gensec/schannel.c
-@@ -35,12 +35,11 @@ _PUBLIC_ NTSTATUS gensec_schannel_init(void);
-
- static size_t schannel_sig_size(struct gensec_security *gensec_security, size_t data_size)
- {
-- struct schannel_state *state = (struct schannel_state *)gensec_security->private_data;
-- uint32_t sig_size;
--
-- sig_size = netsec_outgoing_sig_size(state);
-+ struct schannel_state *state =
-+ talloc_get_type_abort(gensec_security->private_data,
-+ struct schannel_state);
-
-- return sig_size;
-+ return netsec_outgoing_sig_size(state);
- }
-
- static NTSTATUS schannel_session_key(struct gensec_security *gensec_security,
-@@ -54,7 +53,9 @@ static NTSTATUS schannel_update(struct gensec_security *gensec_security, TALLOC_
- struct tevent_context *ev,
- const DATA_BLOB in, DATA_BLOB *out)
- {
-- struct schannel_state *state = (struct schannel_state *)gensec_security->private_data;
-+ struct schannel_state *state =
-+ talloc_get_type(gensec_security->private_data,
-+ struct schannel_state);
- NTSTATUS status;
- enum ndr_err_code ndr_err;
- struct NL_AUTH_MESSAGE bind_schannel;
-@@ -67,24 +68,22 @@ static NTSTATUS schannel_update(struct gensec_security *gensec_security, TALLOC_
-
- switch (gensec_security->gensec_role) {
- case GENSEC_CLIENT:
-- if (state->state != SCHANNEL_STATE_START) {
-+ if (state != NULL) {
- /* we could parse the bind ack, but we don't know what it is yet */
- return NT_STATUS_OK;
- }
-
-- state->creds = cli_credentials_get_netlogon_creds(gensec_security->credentials);
-- if (state->creds == NULL) {
-+ creds = cli_credentials_get_netlogon_creds(gensec_security->credentials);
-+ if (creds == NULL) {
- return NT_STATUS_INVALID_PARAMETER_MIX;
- }
-- /*
-- * We need to create a reference here or we don't get
-- * updates performed on the credentials if we create a
-- * copy.
-- */
-- state->creds = talloc_reference(state, state->creds);
-- if (state->creds == NULL) {
-+
-+ state = netsec_create_state(gensec_security,
-+ creds, true /* initiator */);
-+ if (state == NULL) {
- return NT_STATUS_NO_MEMORY;
- }
-+ gensec_security->private_data = state;
-
- bind_schannel.MessageType = NL_NEGOTIATE_REQUEST;
- #if 0
-@@ -117,12 +116,10 @@ static NTSTATUS schannel_update(struct gensec_security *gensec_security, TALLOC_
- return status;
- }
-
-- state->state = SCHANNEL_STATE_UPDATE_1;
--
- return NT_STATUS_MORE_PROCESSING_REQUIRED;
- case GENSEC_SERVER:
-
-- if (state->state != SCHANNEL_STATE_START) {
-+ if (state != NULL) {
- /* no third leg on this protocol */
- return NT_STATUS_INVALID_PARAMETER;
- }
-@@ -177,7 +174,12 @@ static NTSTATUS schannel_update(struct gensec_security *gensec_security, TALLOC_
- return status;
- }
-
-- state->creds = talloc_steal(state, creds);
-+ state = netsec_create_state(gensec_security,
-+ creds, false /* not initiator */);
-+ if (state == NULL) {
-+ return NT_STATUS_NO_MEMORY;
-+ }
-+ gensec_security->private_data = state;
-
- bind_schannel_ack.MessageType = NL_NEGOTIATE_RESPONSE;
- bind_schannel_ack.Flags = 0;
-@@ -195,8 +197,6 @@ static NTSTATUS schannel_update(struct gensec_security *gensec_security, TALLOC_
- return status;
- }
-
-- state->state = SCHANNEL_STATE_UPDATE_1;
--
- return NT_STATUS_OK;
- }
- return NT_STATUS_INVALID_PARAMETER;
-@@ -214,54 +214,16 @@ static NTSTATUS schannel_session_info(struct gensec_security *gensec_security,
- return auth_anonymous_session_info(mem_ctx, gensec_security->settings->lp_ctx, _session_info);
- }
-
--static NTSTATUS schannel_start(struct gensec_security *gensec_security)
--{
-- struct schannel_state *state;
--
-- state = talloc_zero(gensec_security, struct schannel_state);
-- if (!state) {
-- return NT_STATUS_NO_MEMORY;
-- }
--
-- state->state = SCHANNEL_STATE_START;
-- gensec_security->private_data = state;
--
-- return NT_STATUS_OK;
--}
--
- static NTSTATUS schannel_server_start(struct gensec_security *gensec_security)
- {
-- NTSTATUS status;
-- struct schannel_state *state;
--
-- status = schannel_start(gensec_security);
-- if (!NT_STATUS_IS_OK(status)) {
-- return status;
-- }
--
-- state = (struct schannel_state *)gensec_security->private_data;
-- state->initiator = false;
--
- return NT_STATUS_OK;
- }
-
- static NTSTATUS schannel_client_start(struct gensec_security *gensec_security)
- {
-- NTSTATUS status;
-- struct schannel_state *state;
--
-- status = schannel_start(gensec_security);
-- if (!NT_STATUS_IS_OK(status)) {
-- return status;
-- }
--
-- state = (struct schannel_state *)gensec_security->private_data;
-- state->initiator = true;
--
- return NT_STATUS_OK;
- }
-
--
- static bool schannel_have_feature(struct gensec_security *gensec_security,
- uint32_t feature)
- {
-@@ -287,8 +249,8 @@ static NTSTATUS schannel_unseal_packet(struct gensec_security *gensec_security,
- const DATA_BLOB *sig)
- {
- struct schannel_state *state =
-- talloc_get_type(gensec_security->private_data,
-- struct schannel_state);
-+ talloc_get_type_abort(gensec_security->private_data,
-+ struct schannel_state);
-
- return netsec_incoming_packet(state, true,
- discard_const_p(uint8_t, data),
-@@ -304,8 +266,8 @@ static NTSTATUS schannel_check_packet(struct gensec_security *gensec_security,
- const DATA_BLOB *sig)
- {
- struct schannel_state *state =
-- talloc_get_type(gensec_security->private_data,
-- struct schannel_state);
-+ talloc_get_type_abort(gensec_security->private_data,
-+ struct schannel_state);
-
- return netsec_incoming_packet(state, false,
- discard_const_p(uint8_t, data),
-@@ -321,8 +283,8 @@ static NTSTATUS schannel_seal_packet(struct gensec_security *gensec_security,
- DATA_BLOB *sig)
- {
- struct schannel_state *state =
-- talloc_get_type(gensec_security->private_data,
-- struct schannel_state);
-+ talloc_get_type_abort(gensec_security->private_data,
-+ struct schannel_state);
-
- return netsec_outgoing_packet(state, mem_ctx, true,
- data, length, sig);
-@@ -338,8 +300,8 @@ static NTSTATUS schannel_sign_packet(struct gensec_security *gensec_security,
- DATA_BLOB *sig)
- {
- struct schannel_state *state =
-- talloc_get_type(gensec_security->private_data,
-- struct schannel_state);
-+ talloc_get_type_abort(gensec_security->private_data,
-+ struct schannel_state);
-
- return netsec_outgoing_packet(state, mem_ctx, false,
- discard_const_p(uint8_t, data),
---
-1.9.3
-
-
-From 685f00cfd7be11f4c62441e17d6416b9a668bb47 Mon Sep 17 00:00:00 2001
-From: Stefan Metzmacher <metze@samba.org>
-Date: Fri, 2 Aug 2013 13:25:20 +0200
-Subject: [PATCH 077/249] s4:gensec/schannel: use the correct computer_name
- from netlogon_creds_CredentialState
-
-We need to use the same computer_name we used in the netr_Authenticate3
-request.
-
-Signed-off-by: Stefan Metzmacher <metze@samba.org>
-
-Reviewed-by: Andrew Bartlett <abartlet@samba.org>
-(cherry picked from commit b5104768225ae0308aa3f22f8d9bca389ef3cb3a)
----
- source4/auth/gensec/schannel.c | 6 +++---
- 1 file changed, 3 insertions(+), 3 deletions(-)
-
-diff --git a/source4/auth/gensec/schannel.c b/source4/auth/gensec/schannel.c
-index 3896a41..91f166b 100644
---- a/source4/auth/gensec/schannel.c
-+++ b/source4/auth/gensec/schannel.c
-@@ -94,17 +94,17 @@ static NTSTATUS schannel_update(struct gensec_security *gensec_security, TALLOC_
- NL_FLAG_UTF8_DNS_DOMAIN_NAME |
- NL_FLAG_UTF8_NETBIOS_COMPUTER_NAME;
- bind_schannel.oem_netbios_domain.a = cli_credentials_get_domain(gensec_security->credentials);
-- bind_schannel.oem_netbios_computer.a = cli_credentials_get_workstation(gensec_security->credentials);
-+ bind_schannel.oem_netbios_computer.a = creds->computer_name;
- bind_schannel.utf8_dns_domain = cli_credentials_get_realm(gensec_security->credentials);
- /* w2k3 refuses us if we use the full DNS workstation?
- why? perhaps because we don't fill in the dNSHostName
- attribute in the machine account? */
-- bind_schannel.utf8_netbios_computer = cli_credentials_get_workstation(gensec_security->credentials);
-+ bind_schannel.utf8_netbios_computer = creds->computer_name;
- #else
- bind_schannel.Flags = NL_FLAG_OEM_NETBIOS_DOMAIN_NAME |
- NL_FLAG_OEM_NETBIOS_COMPUTER_NAME;
- bind_schannel.oem_netbios_domain.a = cli_credentials_get_domain(gensec_security->credentials);
-- bind_schannel.oem_netbios_computer.a = cli_credentials_get_workstation(gensec_security->credentials);
-+ bind_schannel.oem_netbios_computer.a = creds->computer_name;
- #endif
-
- ndr_err = ndr_push_struct_blob(out, out_mem_ctx, &bind_schannel,
---
-1.9.3
-
-
-From bd54e89fc5eb4d6afed3ef770dabf14a6ac6b060 Mon Sep 17 00:00:00 2001
-From: Stefan Metzmacher <metze@samba.org>
-Date: Sat, 3 Aug 2013 11:21:32 +0200
-Subject: [PATCH 078/249] s4:gensec/schannel: GENSEC_FEATURE_ASYNC_REPLIES is
- not supported
-
-There's a sequence number attached to the connection,
-which needs to be incremented with each message...
-
-Signed-off-by: Stefan Metzmacher <metze@samba.org>
-
-Reviewed-by: Andrew Bartlett <abartlet@samba.org>
-(cherry picked from commit a07049a839729e29ca888bae353cd37fd6238486)
----
- source4/auth/gensec/schannel.c | 3 ---
- 1 file changed, 3 deletions(-)
-
-diff --git a/source4/auth/gensec/schannel.c b/source4/auth/gensec/schannel.c
-index 91f166b..7fc0c7c 100644
---- a/source4/auth/gensec/schannel.c
-+++ b/source4/auth/gensec/schannel.c
-@@ -234,9 +234,6 @@ static bool schannel_have_feature(struct gensec_security *gensec_security,
- if (feature & GENSEC_FEATURE_DCE_STYLE) {
- return true;
- }
-- if (feature & GENSEC_FEATURE_ASYNC_REPLIES) {
-- return true;
-- }
- return false;
- }
-
---
-1.9.3
-
-
-From afcf626800e8aaf94878d62d1fd7318b2ffe21c1 Mon Sep 17 00:00:00 2001
-From: Stefan Metzmacher <metze@samba.org>
-Date: Sat, 3 Aug 2013 11:27:55 +0200
-Subject: [PATCH 079/249] s4:gensec/schannel: there's no point in having
- schannel_session_key()
-
-gensec_session_key() will return NT_STATUS_NO_USER_SESSION_KEY
-before calling schannel_session_key(), as we don't provide
-GENSEC_FEATURE_SESSION_KEY.
-
-Signed-off-by: Stefan Metzmacher <metze@samba.org>
-
-Reviewed-by: Andrew Bartlett <abartlet@samba.org>
-(cherry picked from commit 9b9ab1ae6963b3819dc2b095cbe9e1432f3459b7)
----
- source4/auth/gensec/schannel.c | 8 --------
- 1 file changed, 8 deletions(-)
-
-diff --git a/source4/auth/gensec/schannel.c b/source4/auth/gensec/schannel.c
-index 7fc0c7c..ebf6469 100644
---- a/source4/auth/gensec/schannel.c
-+++ b/source4/auth/gensec/schannel.c
-@@ -42,13 +42,6 @@ static size_t schannel_sig_size(struct gensec_security *gensec_security, size_t
- return netsec_outgoing_sig_size(state);
- }
-
--static NTSTATUS schannel_session_key(struct gensec_security *gensec_security,
-- TALLOC_CTX *mem_ctx,
-- DATA_BLOB *session_key)
--{
-- return NT_STATUS_NOT_IMPLEMENTED;
--}
--
- static NTSTATUS schannel_update(struct gensec_security *gensec_security, TALLOC_CTX *out_mem_ctx,
- struct tevent_context *ev,
- const DATA_BLOB in, DATA_BLOB *out)
-@@ -315,7 +308,6 @@ static const struct gensec_security_ops gensec_schannel_security_ops = {
- .sign_packet = schannel_sign_packet,
- .check_packet = schannel_check_packet,
- .unseal_packet = schannel_unseal_packet,
-- .session_key = schannel_session_key,
- .session_info = schannel_session_info,
- .sig_size = schannel_sig_size,
- .have_feature = schannel_have_feature,
---
-1.9.3
-
-
-From 56599b7019eabe3656bdba676214c74191ad068f Mon Sep 17 00:00:00 2001
-From: Stefan Metzmacher <metze@samba.org>
-Date: Sat, 3 Aug 2013 11:32:31 +0200
-Subject: [PATCH 080/249] s4:gensec/schannel: only require
- librpc/gen_ndr/dcerpc.h
-
-We just need DCERPC_AUTH_TYPE_SCHANNEL
-
-Signed-off-by: Stefan Metzmacher <metze@samba.org>
-
-Reviewed-by: Andrew Bartlett <abartlet@samba.org>
-(cherry picked from commit e90e1b5c76db4cf589adf8856eb32e5f0d955734)
----
- source4/auth/gensec/schannel.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/source4/auth/gensec/schannel.c b/source4/auth/gensec/schannel.c
-index ebf6469..e67432c 100644
---- a/source4/auth/gensec/schannel.c
-+++ b/source4/auth/gensec/schannel.c
-@@ -27,7 +27,7 @@
- #include "auth/gensec/gensec.h"
- #include "auth/gensec/gensec_proto.h"
- #include "../libcli/auth/schannel.h"
--#include "librpc/rpc/dcerpc.h"
-+#include "librpc/gen_ndr/dcerpc.h"
- #include "param/param.h"
- #include "auth/gensec/gensec_toplevel_proto.h"
-
---
-1.9.3
-
-
-From baa82a6ef22c1761c7206323e90781d008a7888b Mon Sep 17 00:00:00 2001
-From: Stefan Metzmacher <metze@samba.org>
-Date: Fri, 2 Aug 2013 13:37:54 +0200
-Subject: [PATCH 081/249] libcli/auth/schannel: make struct schannel_state
- private
-
-Signed-off-by: Stefan Metzmacher <metze@samba.org>
-
-Reviewed-by: Andrew Bartlett <abartlet@samba.org>
-(cherry picked from commit 4c978b68d9a87001f625c10421e7d4cc140b4554)
----
- libcli/auth/schannel.h | 13 -------------
- libcli/auth/schannel_sign.c | 12 ++++++++++++
- 2 files changed, 12 insertions(+), 13 deletions(-)
-
-diff --git a/libcli/auth/schannel.h b/libcli/auth/schannel.h
-index 271b5bb..c53d68e 100644
---- a/libcli/auth/schannel.h
-+++ b/libcli/auth/schannel.h
-@@ -22,17 +22,4 @@
-
- #include "libcli/auth/libcli_auth.h"
- #include "libcli/auth/schannel_state.h"
--
--enum schannel_position {
-- SCHANNEL_STATE_START = 0,
-- SCHANNEL_STATE_UPDATE_1
--};
--
--struct schannel_state {
-- enum schannel_position state;
-- uint64_t seq_num;
-- bool initiator;
-- struct netlogon_creds_CredentialState *creds;
--};
--
- #include "libcli/auth/schannel_proto.h"
-diff --git a/libcli/auth/schannel_sign.c b/libcli/auth/schannel_sign.c
-index 518a6a9..88a6e1e 100644
---- a/libcli/auth/schannel_sign.c
-+++ b/libcli/auth/schannel_sign.c
-@@ -24,6 +24,18 @@
- #include "../libcli/auth/schannel.h"
- #include "../lib/crypto/crypto.h"
-
-+enum schannel_position {
-+ SCHANNEL_STATE_START = 0,
-+ SCHANNEL_STATE_UPDATE_1
-+};
-+
-+struct schannel_state {
-+ enum schannel_position state;
-+ uint64_t seq_num;
-+ bool initiator;
-+ struct netlogon_creds_CredentialState *creds;
-+};
-+
- #define SETUP_SEQNUM(state, buf, initiator) do { \
- uint8_t *_buf = buf; \
- uint32_t _seq_num_low = (state)->seq_num & UINT32_MAX; \
---
-1.9.3
-
-
-From 29806ef23a9826688ace1dc52cd7af554cf83294 Mon Sep 17 00:00:00 2001
-From: Stefan Metzmacher <metze@samba.org>
-Date: Fri, 2 Aug 2013 15:42:21 +0200
-Subject: [PATCH 082/249] libcli/auth/schannel: remove unused schannel_position
-
-Signed-off-by: Stefan Metzmacher <metze@samba.org>
-
-Reviewed-by: Andrew Bartlett <abartlet@samba.org>
-(cherry picked from commit 57bcbb9c50f0a0252110a1e04a2883b511cd9165)
----
- libcli/auth/schannel_sign.c | 7 -------
- 1 file changed, 7 deletions(-)
-
-diff --git a/libcli/auth/schannel_sign.c b/libcli/auth/schannel_sign.c
-index 88a6e1e..9502cba 100644
---- a/libcli/auth/schannel_sign.c
-+++ b/libcli/auth/schannel_sign.c
-@@ -24,13 +24,7 @@
- #include "../libcli/auth/schannel.h"
- #include "../lib/crypto/crypto.h"
-
--enum schannel_position {
-- SCHANNEL_STATE_START = 0,
-- SCHANNEL_STATE_UPDATE_1
--};
--
- struct schannel_state {
-- enum schannel_position state;
- uint64_t seq_num;
- bool initiator;
- struct netlogon_creds_CredentialState *creds;
-@@ -58,7 +52,6 @@ struct schannel_state *netsec_create_state(TALLOC_CTX *mem_ctx,
- return NULL;
- }
-
-- state->state = SCHANNEL_STATE_UPDATE_1;
- state->initiator = initiator;
- state->seq_num = 0;
- state->creds = netlogon_creds_copy(state, creds);
---
-1.9.3
-
-
-From a6ad9118c250446ea9571f5ce9895b11ab8537ed Mon Sep 17 00:00:00 2001
-From: Stefan Metzmacher <metze@samba.org>
-Date: Mon, 5 Aug 2013 07:12:01 +0200
-Subject: [PATCH 083/249] auth/gensec: introduce gensec_internal.h
-
-We should treat most gensec related structures private.
-
-It's a long way, but this is a start.
-
-Signed-off-by: Stefan Metzmacher <metze@samba.org>
-
-Reviewed-by: Andrew Bartlett <abartlet@samba.org>
-(cherry picked from commit 71c63e85e7a09acb57f6b75284358f2b3b29eeed)
----
- auth/gensec/gensec.c | 1 +
- auth/gensec/gensec.h | 100 ++-------------------------
- auth/gensec/gensec_internal.h | 127 +++++++++++++++++++++++++++++++++++
- auth/gensec/gensec_start.c | 1 +
- auth/gensec/gensec_util.c | 1 +
- auth/gensec/spnego.c | 1 +
- auth/ntlmssp/gensec_ntlmssp.c | 1 +
- auth/ntlmssp/gensec_ntlmssp_server.c | 1 +
- auth/ntlmssp/ntlmssp.c | 1 +
- auth/ntlmssp/ntlmssp_client.c | 1 +
- auth/ntlmssp/ntlmssp_server.c | 1 +
- source3/libads/authdata.c | 1 +
- source3/librpc/crypto/gse.c | 1 +
- source3/libsmb/ntlmssp_wrap.c | 1 +
- source3/utils/ntlm_auth.c | 1 +
- source4/auth/gensec/cyrus_sasl.c | 1 +
- source4/auth/gensec/gensec_gssapi.c | 1 +
- source4/auth/gensec/gensec_krb5.c | 1 +
- source4/auth/gensec/pygensec.c | 1 +
- source4/auth/gensec/schannel.c | 1 +
- source4/ldap_server/ldap_backend.c | 1 +
- source4/libcli/ldap/ldap_bind.c | 1 +
- source4/torture/auth/ntlmssp.c | 1 +
- source4/utils/ntlm_auth.c | 1 +
- 24 files changed, 153 insertions(+), 96 deletions(-)
- create mode 100644 auth/gensec/gensec_internal.h
-
-diff --git a/auth/gensec/gensec.c b/auth/gensec/gensec.c
-index 9a8f0ef..d364a34 100644
---- a/auth/gensec/gensec.c
-+++ b/auth/gensec/gensec.c
-@@ -26,6 +26,7 @@
- #include "lib/tsocket/tsocket.h"
- #include "lib/util/tevent_ntstatus.h"
- #include "auth/gensec/gensec.h"
-+#include "auth/gensec/gensec_internal.h"
- #include "librpc/rpc/dcerpc.h"
-
- /*
-diff --git a/auth/gensec/gensec.h b/auth/gensec/gensec.h
-index c080861..5d39d81 100644
---- a/auth/gensec/gensec.h
-+++ b/auth/gensec/gensec.h
-@@ -76,6 +76,7 @@ struct gensec_settings;
- struct tevent_context;
- struct tevent_req;
- struct smb_krb5_context;
-+struct tsocket_address;
-
- struct gensec_settings {
- struct loadparm_context *lp_ctx;
-@@ -93,106 +94,13 @@ struct gensec_settings {
- const char *server_netbios_name;
- };
-
--struct gensec_security_ops {
-- const char *name;
-- const char *sasl_name;
-- uint8_t auth_type; /* 0 if not offered on DCE-RPC */
-- const char **oid; /* NULL if not offered by SPNEGO */
-- NTSTATUS (*client_start)(struct gensec_security *gensec_security);
-- NTSTATUS (*server_start)(struct gensec_security *gensec_security);
-- /**
-- Determine if a packet has the right 'magic' for this mechanism
-- */
-- NTSTATUS (*magic)(struct gensec_security *gensec_security,
-- const DATA_BLOB *first_packet);
-- NTSTATUS (*update)(struct gensec_security *gensec_security, TALLOC_CTX *out_mem_ctx,
-- struct tevent_context *ev,
-- const DATA_BLOB in, DATA_BLOB *out);
-- NTSTATUS (*seal_packet)(struct gensec_security *gensec_security, TALLOC_CTX *sig_mem_ctx,
-- uint8_t *data, size_t length,
-- const uint8_t *whole_pdu, size_t pdu_length,
-- DATA_BLOB *sig);
-- NTSTATUS (*sign_packet)(struct gensec_security *gensec_security, TALLOC_CTX *sig_mem_ctx,
-- const uint8_t *data, size_t length,
-- const uint8_t *whole_pdu, size_t pdu_length,
-- DATA_BLOB *sig);
-- size_t (*sig_size)(struct gensec_security *gensec_security, size_t data_size);
-- size_t (*max_input_size)(struct gensec_security *gensec_security);
-- size_t (*max_wrapped_size)(struct gensec_security *gensec_security);
-- NTSTATUS (*check_packet)(struct gensec_security *gensec_security,
-- const uint8_t *data, size_t length,
-- const uint8_t *whole_pdu, size_t pdu_length,
-- const DATA_BLOB *sig);
-- NTSTATUS (*unseal_packet)(struct gensec_security *gensec_security,
-- uint8_t *data, size_t length,
-- const uint8_t *whole_pdu, size_t pdu_length,
-- const DATA_BLOB *sig);
-- NTSTATUS (*wrap)(struct gensec_security *gensec_security,
-- TALLOC_CTX *mem_ctx,
-- const DATA_BLOB *in,
-- DATA_BLOB *out);
-- NTSTATUS (*unwrap)(struct gensec_security *gensec_security,
-- TALLOC_CTX *mem_ctx,
-- const DATA_BLOB *in,
-- DATA_BLOB *out);
-- NTSTATUS (*wrap_packets)(struct gensec_security *gensec_security,
-- TALLOC_CTX *mem_ctx,
-- const DATA_BLOB *in,
-- DATA_BLOB *out,
-- size_t *len_processed);
-- NTSTATUS (*unwrap_packets)(struct gensec_security *gensec_security,
-- TALLOC_CTX *mem_ctx,
-- const DATA_BLOB *in,
-- DATA_BLOB *out,
-- size_t *len_processed);
-- NTSTATUS (*packet_full_request)(struct gensec_security *gensec_security,
-- DATA_BLOB blob, size_t *size);
-- NTSTATUS (*session_key)(struct gensec_security *gensec_security, TALLOC_CTX *mem_ctx,
-- DATA_BLOB *session_key);
-- NTSTATUS (*session_info)(struct gensec_security *gensec_security, TALLOC_CTX *mem_ctx,
-- struct auth_session_info **session_info);
-- void (*want_feature)(struct gensec_security *gensec_security,
-- uint32_t feature);
-- bool (*have_feature)(struct gensec_security *gensec_security,
-- uint32_t feature);
-- NTTIME (*expire_time)(struct gensec_security *gensec_security);
-- bool enabled;
-- bool kerberos;
-- enum gensec_priority priority;
--};
--
--struct gensec_security_ops_wrapper {
-- const struct gensec_security_ops *op;
-- const char *oid;
--};
-+struct gensec_security_ops;
-+struct gensec_security_ops_wrapper;
-
- #define GENSEC_INTERFACE_VERSION 0
-
--struct gensec_security {
-- const struct gensec_security_ops *ops;
-- void *private_data;
-- struct cli_credentials *credentials;
-- struct gensec_target target;
-- enum gensec_role gensec_role;
-- bool subcontext;
-- uint32_t want_features;
-- uint32_t max_update_size;
-- uint8_t dcerpc_auth_level;
-- struct tsocket_address *local_addr, *remote_addr;
-- struct gensec_settings *settings;
--
-- /* When we are a server, this may be filled in to provide an
-- * NTLM authentication backend, and user lookup (such as if no
-- * PAC is found) */
-- struct auth4_context *auth_context;
--};
--
- /* this structure is used by backends to determine the size of some critical types */
--struct gensec_critical_sizes {
-- int interface_version;
-- int sizeof_gensec_security_ops;
-- int sizeof_gensec_security;
--};
-+struct gensec_critical_sizes;
- const struct gensec_critical_sizes *gensec_interface_version(void);
-
- /* Socket wrapper */
-diff --git a/auth/gensec/gensec_internal.h b/auth/gensec/gensec_internal.h
-new file mode 100644
-index 0000000..41b6f0d
---- /dev/null
-+++ b/auth/gensec/gensec_internal.h
-@@ -0,0 +1,127 @@
-+/*
-+ Unix SMB/CIFS implementation.
-+
-+ Generic Authentication Interface
-+
-+ Copyright (C) Andrew Tridgell 2003
-+ Copyright (C) Andrew Bartlett <abartlet@samba.org> 2004-2005
-+
-+ This program is free software; you can redistribute it and/or modify
-+ it under the terms of the GNU General Public License as published by
-+ the Free Software Foundation; either version 3 of the License, or
-+ (at your option) any later version.
-+
-+ This program is distributed in the hope that it will be useful,
-+ but WITHOUT ANY WARRANTY; without even the implied warranty of
-+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-+ GNU General Public License for more details.
-+
-+ You should have received a copy of the GNU General Public License
-+ along with this program. If not, see <http://www.gnu.org/licenses/>.
-+*/
-+
-+#ifndef __GENSEC_INTERNAL_H__
-+#define __GENSEC_INTERNAL_H__
-+
-+struct gensec_security;
-+
-+struct gensec_security_ops {
-+ const char *name;
-+ const char *sasl_name;
-+ uint8_t auth_type; /* 0 if not offered on DCE-RPC */
-+ const char **oid; /* NULL if not offered by SPNEGO */
-+ NTSTATUS (*client_start)(struct gensec_security *gensec_security);
-+ NTSTATUS (*server_start)(struct gensec_security *gensec_security);
-+ /**
-+ Determine if a packet has the right 'magic' for this mechanism
-+ */
-+ NTSTATUS (*magic)(struct gensec_security *gensec_security,
-+ const DATA_BLOB *first_packet);
-+ NTSTATUS (*update)(struct gensec_security *gensec_security, TALLOC_CTX *out_mem_ctx,
-+ struct tevent_context *ev,
-+ const DATA_BLOB in, DATA_BLOB *out);
-+ NTSTATUS (*seal_packet)(struct gensec_security *gensec_security, TALLOC_CTX *sig_mem_ctx,
-+ uint8_t *data, size_t length,
-+ const uint8_t *whole_pdu, size_t pdu_length,
-+ DATA_BLOB *sig);
-+ NTSTATUS (*sign_packet)(struct gensec_security *gensec_security, TALLOC_CTX *sig_mem_ctx,
-+ const uint8_t *data, size_t length,
-+ const uint8_t *whole_pdu, size_t pdu_length,
-+ DATA_BLOB *sig);
-+ size_t (*sig_size)(struct gensec_security *gensec_security, size_t data_size);
-+ size_t (*max_input_size)(struct gensec_security *gensec_security);
-+ size_t (*max_wrapped_size)(struct gensec_security *gensec_security);
-+ NTSTATUS (*check_packet)(struct gensec_security *gensec_security,
-+ const uint8_t *data, size_t length,
-+ const uint8_t *whole_pdu, size_t pdu_length,
-+ const DATA_BLOB *sig);
-+ NTSTATUS (*unseal_packet)(struct gensec_security *gensec_security,
-+ uint8_t *data, size_t length,
-+ const uint8_t *whole_pdu, size_t pdu_length,
-+ const DATA_BLOB *sig);
-+ NTSTATUS (*wrap)(struct gensec_security *gensec_security,
-+ TALLOC_CTX *mem_ctx,
-+ const DATA_BLOB *in,
-+ DATA_BLOB *out);
-+ NTSTATUS (*unwrap)(struct gensec_security *gensec_security,
-+ TALLOC_CTX *mem_ctx,
-+ const DATA_BLOB *in,
-+ DATA_BLOB *out);
-+ NTSTATUS (*wrap_packets)(struct gensec_security *gensec_security,
-+ TALLOC_CTX *mem_ctx,
-+ const DATA_BLOB *in,
-+ DATA_BLOB *out,
-+ size_t *len_processed);
-+ NTSTATUS (*unwrap_packets)(struct gensec_security *gensec_security,
-+ TALLOC_CTX *mem_ctx,
-+ const DATA_BLOB *in,
-+ DATA_BLOB *out,
-+ size_t *len_processed);
-+ NTSTATUS (*packet_full_request)(struct gensec_security *gensec_security,
-+ DATA_BLOB blob, size_t *size);
-+ NTSTATUS (*session_key)(struct gensec_security *gensec_security, TALLOC_CTX *mem_ctx,
-+ DATA_BLOB *session_key);
-+ NTSTATUS (*session_info)(struct gensec_security *gensec_security, TALLOC_CTX *mem_ctx,
-+ struct auth_session_info **session_info);
-+ void (*want_feature)(struct gensec_security *gensec_security,
-+ uint32_t feature);
-+ bool (*have_feature)(struct gensec_security *gensec_security,
-+ uint32_t feature);
-+ NTTIME (*expire_time)(struct gensec_security *gensec_security);
-+ bool enabled;
-+ bool kerberos;
-+ enum gensec_priority priority;
-+};
-+
-+struct gensec_security_ops_wrapper {
-+ const struct gensec_security_ops *op;
-+ const char *oid;
-+};
-+
-+struct gensec_security {
-+ const struct gensec_security_ops *ops;
-+ void *private_data;
-+ struct cli_credentials *credentials;
-+ struct gensec_target target;
-+ enum gensec_role gensec_role;
-+ bool subcontext;
-+ uint32_t want_features;
-+ uint32_t max_update_size;
-+ uint8_t dcerpc_auth_level;
-+ struct tsocket_address *local_addr, *remote_addr;
-+ struct gensec_settings *settings;
-+
-+ /* When we are a server, this may be filled in to provide an
-+ * NTLM authentication backend, and user lookup (such as if no
-+ * PAC is found) */
-+ struct auth4_context *auth_context;
-+};
-+
-+/* this structure is used by backends to determine the size of some critical types */
-+struct gensec_critical_sizes {
-+ int interface_version;
-+ int sizeof_gensec_security_ops;
-+ int sizeof_gensec_security;
-+};
-+
-+#endif /* __GENSEC_H__ */
-diff --git a/auth/gensec/gensec_start.c b/auth/gensec/gensec_start.c
-index c2cfa1c..34029f5 100644
---- a/auth/gensec/gensec_start.c
-+++ b/auth/gensec/gensec_start.c
-@@ -27,6 +27,7 @@
- #include "librpc/rpc/dcerpc.h"
- #include "auth/credentials/credentials.h"
- #include "auth/gensec/gensec.h"
-+#include "auth/gensec/gensec_internal.h"
- #include "lib/param/param.h"
- #include "lib/util/tsort.h"
- #include "lib/util/samba_modules.h"
-diff --git a/auth/gensec/gensec_util.c b/auth/gensec/gensec_util.c
-index 64952b1..568128a 100644
---- a/auth/gensec/gensec_util.c
-+++ b/auth/gensec/gensec_util.c
-@@ -22,6 +22,7 @@
-
- #include "includes.h"
- #include "auth/gensec/gensec.h"
-+#include "auth/gensec/gensec_internal.h"
- #include "auth/common_auth.h"
- #include "../lib/util/asn1.h"
-
-diff --git a/auth/gensec/spnego.c b/auth/gensec/spnego.c
-index da1fc0e..38a45f8 100644
---- a/auth/gensec/spnego.c
-+++ b/auth/gensec/spnego.c
-@@ -27,6 +27,7 @@
- #include "librpc/gen_ndr/ndr_dcerpc.h"
- #include "auth/credentials/credentials.h"
- #include "auth/gensec/gensec.h"
-+#include "auth/gensec/gensec_internal.h"
- #include "param/param.h"
- #include "lib/util/asn1.h"
-
-diff --git a/auth/ntlmssp/gensec_ntlmssp.c b/auth/ntlmssp/gensec_ntlmssp.c
-index 9e1d8a8..654c0e3 100644
---- a/auth/ntlmssp/gensec_ntlmssp.c
-+++ b/auth/ntlmssp/gensec_ntlmssp.c
-@@ -22,6 +22,7 @@
- #include "includes.h"
- #include "auth/ntlmssp/ntlmssp.h"
- #include "auth/gensec/gensec.h"
-+#include "auth/gensec/gensec_internal.h"
- #include "auth/ntlmssp/ntlmssp_private.h"
-
- NTSTATUS gensec_ntlmssp_magic(struct gensec_security *gensec_security,
-diff --git a/auth/ntlmssp/gensec_ntlmssp_server.c b/auth/ntlmssp/gensec_ntlmssp_server.c
-index f4dfab3..69c56fb 100644
---- a/auth/ntlmssp/gensec_ntlmssp_server.c
-+++ b/auth/ntlmssp/gensec_ntlmssp_server.c
-@@ -31,6 +31,7 @@
- #include "../libcli/auth/libcli_auth.h"
- #include "../lib/crypto/crypto.h"
- #include "auth/gensec/gensec.h"
-+#include "auth/gensec/gensec_internal.h"
- #include "auth/common_auth.h"
- #include "param/param.h"
-
-diff --git a/auth/ntlmssp/ntlmssp.c b/auth/ntlmssp/ntlmssp.c
-index 1a2d662..916b376 100644
---- a/auth/ntlmssp/ntlmssp.c
-+++ b/auth/ntlmssp/ntlmssp.c
-@@ -29,6 +29,7 @@ struct auth_session_info;
- #include "../libcli/auth/libcli_auth.h"
- #include "librpc/gen_ndr/ndr_dcerpc.h"
- #include "auth/gensec/gensec.h"
-+#include "auth/gensec/gensec_internal.h"
-
- /**
- * Callbacks for NTLMSSP - for both client and server operating modes
-diff --git a/auth/ntlmssp/ntlmssp_client.c b/auth/ntlmssp/ntlmssp_client.c
-index fc66a8d..f99257d 100644
---- a/auth/ntlmssp/ntlmssp_client.c
-+++ b/auth/ntlmssp/ntlmssp_client.c
-@@ -29,6 +29,7 @@ struct auth_session_info;
- #include "../libcli/auth/libcli_auth.h"
- #include "auth/credentials/credentials.h"
- #include "auth/gensec/gensec.h"
-+#include "auth/gensec/gensec_internal.h"
- #include "param/param.h"
- #include "auth/ntlmssp/ntlmssp_private.h"
- #include "../librpc/gen_ndr/ndr_ntlmssp.h"
-diff --git a/auth/ntlmssp/ntlmssp_server.c b/auth/ntlmssp/ntlmssp_server.c
-index 57179e1..2f3f0bb 100644
---- a/auth/ntlmssp/ntlmssp_server.c
-+++ b/auth/ntlmssp/ntlmssp_server.c
-@@ -28,6 +28,7 @@
- #include "../libcli/auth/libcli_auth.h"
- #include "../lib/crypto/crypto.h"
- #include "auth/gensec/gensec.h"
-+#include "auth/gensec/gensec_internal.h"
- #include "auth/common_auth.h"
-
- /**
-diff --git a/source3/libads/authdata.c b/source3/libads/authdata.c
-index 2c667a6..582917d 100644
---- a/source3/libads/authdata.c
-+++ b/source3/libads/authdata.c
-@@ -30,6 +30,7 @@
- #include "lib/param/param.h"
- #include "librpc/crypto/gse.h"
- #include "auth/gensec/gensec.h"
-+#include "auth/gensec/gensec_internal.h" /* TODO: remove this */
- #include "../libcli/auth/spnego.h"
-
- #ifdef HAVE_KRB5
-diff --git a/source3/librpc/crypto/gse.c b/source3/librpc/crypto/gse.c
-index 11a5457..8db3cdd 100644
---- a/source3/librpc/crypto/gse.c
-+++ b/source3/librpc/crypto/gse.c
-@@ -26,6 +26,7 @@
- #include "libads/kerberos_proto.h"
- #include "auth/common_auth.h"
- #include "auth/gensec/gensec.h"
-+#include "auth/gensec/gensec_internal.h"
- #include "auth/credentials/credentials.h"
- #include "../librpc/gen_ndr/dcerpc.h"
-
-diff --git a/source3/libsmb/ntlmssp_wrap.c b/source3/libsmb/ntlmssp_wrap.c
-index 9ce4b12..46f68ae 100644
---- a/source3/libsmb/ntlmssp_wrap.c
-+++ b/source3/libsmb/ntlmssp_wrap.c
-@@ -23,6 +23,7 @@
- #include "auth/ntlmssp/ntlmssp_private.h"
- #include "auth_generic.h"
- #include "auth/gensec/gensec.h"
-+#include "auth/gensec/gensec_internal.h"
- #include "auth/credentials/credentials.h"
- #include "librpc/rpc/dcerpc.h"
- #include "lib/param/param.h"
-diff --git a/source3/utils/ntlm_auth.c b/source3/utils/ntlm_auth.c
-index a5e0cd2..5fcb60e 100644
---- a/source3/utils/ntlm_auth.c
-+++ b/source3/utils/ntlm_auth.c
-@@ -32,6 +32,7 @@
- #include "../libcli/auth/spnego.h"
- #include "auth/ntlmssp/ntlmssp.h"
- #include "auth/gensec/gensec.h"
-+#include "auth/gensec/gensec_internal.h"
- #include "auth/credentials/credentials.h"
- #include "librpc/crypto/gse.h"
- #include "smb_krb5.h"
-diff --git a/source4/auth/gensec/cyrus_sasl.c b/source4/auth/gensec/cyrus_sasl.c
-index 2e733bf..08dccd6 100644
---- a/source4/auth/gensec/cyrus_sasl.c
-+++ b/source4/auth/gensec/cyrus_sasl.c
-@@ -23,6 +23,7 @@
- #include "lib/tsocket/tsocket.h"
- #include "auth/credentials/credentials.h"
- #include "auth/gensec/gensec.h"
-+#include "auth/gensec/gensec_internal.h"
- #include "auth/gensec/gensec_proto.h"
- #include "auth/gensec/gensec_toplevel_proto.h"
- #include <sasl/sasl.h>
-diff --git a/source4/auth/gensec/gensec_gssapi.c b/source4/auth/gensec/gensec_gssapi.c
-index 4fc544f..63a53bf 100644
---- a/source4/auth/gensec/gensec_gssapi.c
-+++ b/source4/auth/gensec/gensec_gssapi.c
-@@ -34,6 +34,7 @@
- #include "auth/credentials/credentials.h"
- #include "auth/credentials/credentials_krb5.h"
- #include "auth/gensec/gensec.h"
-+#include "auth/gensec/gensec_internal.h"
- #include "auth/gensec/gensec_proto.h"
- #include "auth/gensec/gensec_toplevel_proto.h"
- #include "param/param.h"
-diff --git a/source4/auth/gensec/gensec_krb5.c b/source4/auth/gensec/gensec_krb5.c
-index fbec64c..ecc3331 100644
---- a/source4/auth/gensec/gensec_krb5.c
-+++ b/source4/auth/gensec/gensec_krb5.c
-@@ -34,6 +34,7 @@
- #include "auth/credentials/credentials_krb5.h"
- #include "auth/kerberos/kerberos_credentials.h"
- #include "auth/gensec/gensec.h"
-+#include "auth/gensec/gensec_internal.h"
- #include "auth/gensec/gensec_proto.h"
- #include "auth/gensec/gensec_toplevel_proto.h"
- #include "param/param.h"
-diff --git a/source4/auth/gensec/pygensec.c b/source4/auth/gensec/pygensec.c
-index 02e5ae2..fd6daff 100644
---- a/source4/auth/gensec/pygensec.c
-+++ b/source4/auth/gensec/pygensec.c
-@@ -20,6 +20,7 @@
- #include "includes.h"
- #include "param/pyparam.h"
- #include "auth/gensec/gensec.h"
-+#include "auth/gensec/gensec_internal.h" /* TODO: remove this */
- #include "auth/credentials/pycredentials.h"
- #include "libcli/util/pyerrors.h"
- #include "python/modules.h"
-diff --git a/source4/auth/gensec/schannel.c b/source4/auth/gensec/schannel.c
-index e67432c..eb2e100 100644
---- a/source4/auth/gensec/schannel.c
-+++ b/source4/auth/gensec/schannel.c
-@@ -25,6 +25,7 @@
- #include "auth/auth.h"
- #include "auth/credentials/credentials.h"
- #include "auth/gensec/gensec.h"
-+#include "auth/gensec/gensec_internal.h"
- #include "auth/gensec/gensec_proto.h"
- #include "../libcli/auth/schannel.h"
- #include "librpc/gen_ndr/dcerpc.h"
-diff --git a/source4/ldap_server/ldap_backend.c b/source4/ldap_server/ldap_backend.c
-index 4a195e5..f0da82c 100644
---- a/source4/ldap_server/ldap_backend.c
-+++ b/source4/ldap_server/ldap_backend.c
-@@ -23,6 +23,7 @@
- #include "../lib/util/dlinklist.h"
- #include "auth/credentials/credentials.h"
- #include "auth/gensec/gensec.h"
-+#include "auth/gensec/gensec_internal.h" /* TODO: remove this */
- #include "param/param.h"
- #include "smbd/service_stream.h"
- #include "dsdb/samdb/samdb.h"
-diff --git a/source4/libcli/ldap/ldap_bind.c b/source4/libcli/ldap/ldap_bind.c
-index b355e18..f0a498b 100644
---- a/source4/libcli/ldap/ldap_bind.c
-+++ b/source4/libcli/ldap/ldap_bind.c
-@@ -27,6 +27,7 @@
- #include "libcli/ldap/ldap_client.h"
- #include "lib/tls/tls.h"
- #include "auth/gensec/gensec.h"
-+#include "auth/gensec/gensec_internal.h" /* TODO: remove this */
- #include "auth/gensec/gensec_socket.h"
- #include "auth/credentials/credentials.h"
- #include "lib/stream/packet.h"
-diff --git a/source4/torture/auth/ntlmssp.c b/source4/torture/auth/ntlmssp.c
-index bdaa65b..45e5889 100644
---- a/source4/torture/auth/ntlmssp.c
-+++ b/source4/torture/auth/ntlmssp.c
-@@ -19,6 +19,7 @@
-
- #include "includes.h"
- #include "auth/gensec/gensec.h"
-+#include "auth/gensec/gensec_internal.h"
- #include "auth/ntlmssp/ntlmssp.h"
- #include "auth/ntlmssp/ntlmssp_private.h"
- #include "lib/cmdline/popt_common.h"
-diff --git a/source4/utils/ntlm_auth.c b/source4/utils/ntlm_auth.c
-index 136e238..1e2feb0 100644
---- a/source4/utils/ntlm_auth.c
-+++ b/source4/utils/ntlm_auth.c
-@@ -27,6 +27,7 @@
- #include <ldb.h>
- #include "auth/credentials/credentials.h"
- #include "auth/gensec/gensec.h"
-+#include "auth/gensec/gensec_internal.h" /* TODO: remove this */
- #include "auth/auth.h"
- #include "librpc/gen_ndr/ndr_netlogon.h"
- #include "auth/auth_sam.h"
---
-1.9.3
-
-
-From fabdf9f539385d97bc4bf2550e7fd4de2d1b5d01 Mon Sep 17 00:00:00 2001
-From: Stefan Metzmacher <metze@samba.org>
-Date: Mon, 5 Aug 2013 10:37:26 +0200
-Subject: [PATCH 084/249] auth/gensec: avoid talloc_reference in
- gensec_use_kerberos_mechs()
-
-We now always copy.
-
-Signed-off-by: Stefan Metzmacher <metze@samba.org>
-
-Reviewed-by: Andrew Bartlett <abartlet@samba.org>
-(cherry picked from commit 3e3534f882651880093381f5a7846c0938df6501)
----
- auth/gensec/gensec_start.c | 38 ++++++++++++++++++++------------------
- 1 file changed, 20 insertions(+), 18 deletions(-)
-
-diff --git a/auth/gensec/gensec_start.c b/auth/gensec/gensec_start.c
-index 34029f5..096ad36 100644
---- a/auth/gensec/gensec_start.c
-+++ b/auth/gensec/gensec_start.c
-@@ -80,13 +80,6 @@ _PUBLIC_ struct gensec_security_ops **gensec_use_kerberos_mechs(TALLOC_CTX *mem_
- use_kerberos = cli_credentials_get_kerberos_state(creds);
- }
-
-- if (use_kerberos == CRED_AUTO_USE_KERBEROS) {
-- if (!talloc_reference(mem_ctx, old_gensec_list)) {
-- return NULL;
-- }
-- return old_gensec_list;
-- }
--
- for (num_mechs_in=0; old_gensec_list && old_gensec_list[num_mechs_in]; num_mechs_in++) {
- /* noop */
- }
-@@ -99,35 +92,44 @@ _PUBLIC_ struct gensec_security_ops **gensec_use_kerberos_mechs(TALLOC_CTX *mem_
- j = 0;
- for (i=0; old_gensec_list && old_gensec_list[i]; i++) {
- int oid_idx;
-- bool found_spnego = false;
-+ bool keep = false;
-+
- for (oid_idx = 0; old_gensec_list[i]->oid && old_gensec_list[i]->oid[oid_idx]; oid_idx++) {
- if (strcmp(old_gensec_list[i]->oid[oid_idx], GENSEC_OID_SPNEGO) == 0) {
-- new_gensec_list[j] = old_gensec_list[i];
-- j++;
-- found_spnego = true;
-+ keep = true;
- break;
- }
- }
-- if (found_spnego) {
-- continue;
-- }
-+
- switch (use_kerberos) {
-+ case CRED_AUTO_USE_KERBEROS:
-+ keep = true;
-+ break;
-+
- case CRED_DONT_USE_KERBEROS:
- if (old_gensec_list[i]->kerberos == false) {
-- new_gensec_list[j] = old_gensec_list[i];
-- j++;
-+ keep = true;
- }
-+
- break;
-+
- case CRED_MUST_USE_KERBEROS:
- if (old_gensec_list[i]->kerberos == true) {
-- new_gensec_list[j] = old_gensec_list[i];
-- j++;
-+ keep = true;
- }
-+
- break;
- default:
- /* Can't happen or invalid parameter */
- return NULL;
- }
-+
-+ if (!keep) {
-+ continue;
-+ }
-+
-+ new_gensec_list[j] = old_gensec_list[i];
-+ j++;
- }
- new_gensec_list[j] = NULL;
-
---
-1.9.3
-
-
-From b71ed3dd183d64beda108d0881c03978ef4b3892 Mon Sep 17 00:00:00 2001
-From: Stefan Metzmacher <metze@samba.org>
-Date: Mon, 5 Aug 2013 10:39:16 +0200
-Subject: [PATCH 085/249] auth/gensec: avoid talloc_reference in
- gensec_security_mechs()
-
-We now always copy.
-
-Signed-off-by: Stefan Metzmacher <metze@samba.org>
-
-Reviewed-by: Andrew Bartlett <abartlet@samba.org>
-(cherry picked from commit 6a7a44db5999af7262478eb1c186d784d6075beb)
----
- auth/gensec/gensec_start.c | 27 +++++++++------------------
- 1 file changed, 9 insertions(+), 18 deletions(-)
-
-diff --git a/auth/gensec/gensec_start.c b/auth/gensec/gensec_start.c
-index 096ad36..00e2759 100644
---- a/auth/gensec/gensec_start.c
-+++ b/auth/gensec/gensec_start.c
-@@ -140,28 +140,19 @@ _PUBLIC_ struct gensec_security_ops **gensec_security_mechs(
- struct gensec_security *gensec_security,
- TALLOC_CTX *mem_ctx)
- {
-- struct gensec_security_ops **backends;
-- if (!gensec_security) {
-- backends = gensec_security_all();
-- if (!talloc_reference(mem_ctx, backends)) {
-- return NULL;
-- }
-- return backends;
-- } else {
-- struct cli_credentials *creds = gensec_get_credentials(gensec_security);
-+ struct cli_credentials *creds = NULL;
-+ struct gensec_security_ops **backends = gensec_security_all();
-+
-+ if (gensec_security != NULL) {
-+ creds = gensec_get_credentials(gensec_security);
-+
- if (gensec_security->settings->backends) {
- backends = gensec_security->settings->backends;
-- } else {
-- backends = gensec_security_all();
- }
-- if (!creds) {
-- if (!talloc_reference(mem_ctx, backends)) {
-- return NULL;
-- }
-- return backends;
-- }
-- return gensec_use_kerberos_mechs(mem_ctx, backends, creds);
- }
-+
-+ return gensec_use_kerberos_mechs(mem_ctx, backends, creds);
-+
- }
-
- static const struct gensec_security_ops *gensec_security_by_authtype(struct gensec_security *gensec_security,
---
-1.9.3
-
-
-From fe6a14d48b0eb3dfcfc6d7f0b68e8f28b7ad9796 Mon Sep 17 00:00:00 2001
-From: Stefan Metzmacher <metze@samba.org>
-Date: Mon, 5 Aug 2013 16:12:13 +0200
-Subject: [PATCH 086/249] auth/gensec: make it possible to implement async
- backends
-
-Signed-off-by: Stefan Metzmacher <metze@samba.org>
-
-Reviewed-by: Andrew Bartlett <abartlet@samba.org>
-(cherry picked from commit e81550c8117166d0fbf69ba1d3957cb950c42961)
----
- auth/gensec/gensec.c | 202 ++++++++++++++++++++++++++++++++----------
- auth/gensec/gensec_internal.h | 7 ++
- 2 files changed, 160 insertions(+), 49 deletions(-)
-
-diff --git a/auth/gensec/gensec.c b/auth/gensec/gensec.c
-index d364a34..abcbcb9 100644
---- a/auth/gensec/gensec.c
-+++ b/auth/gensec/gensec.c
-@@ -218,61 +218,92 @@ _PUBLIC_ NTSTATUS gensec_update(struct gensec_security *gensec_security, TALLOC_
- const DATA_BLOB in, DATA_BLOB *out)
- {
- NTSTATUS status;
-+ const struct gensec_security_ops *ops = gensec_security->ops;
-+ TALLOC_CTX *frame = NULL;
-+ struct tevent_req *subreq = NULL;
-+ bool ok;
-
-- status = gensec_security->ops->update(gensec_security, out_mem_ctx,
-- ev, in, out);
-- if (!NT_STATUS_IS_OK(status)) {
-- return status;
-- }
-+ if (ops->update_send == NULL) {
-
-- /*
-- * Because callers using the
-- * gensec_start_mech_by_auth_type() never call
-- * gensec_want_feature(), it isn't sensible for them
-- * to have to call gensec_have_feature() manually, and
-- * these are not points of negotiation, but are
-- * asserted by the client
-- */
-- switch (gensec_security->dcerpc_auth_level) {
-- case DCERPC_AUTH_LEVEL_INTEGRITY:
-- if (!gensec_have_feature(gensec_security, GENSEC_FEATURE_SIGN)) {
-- DEBUG(0,("Did not manage to negotiate mandetory feature "
-- "SIGN for dcerpc auth_level %u\n",
-- gensec_security->dcerpc_auth_level));
-- return NT_STATUS_ACCESS_DENIED;
-- }
-- break;
-- case DCERPC_AUTH_LEVEL_PRIVACY:
-- if (!gensec_have_feature(gensec_security, GENSEC_FEATURE_SIGN)) {
-- DEBUG(0,("Did not manage to negotiate mandetory feature "
-- "SIGN for dcerpc auth_level %u\n",
-- gensec_security->dcerpc_auth_level));
-- return NT_STATUS_ACCESS_DENIED;
-+ status = ops->update(gensec_security, out_mem_ctx,
-+ ev, in, out);
-+ if (!NT_STATUS_IS_OK(status)) {
-+ return status;
- }
-- if (!gensec_have_feature(gensec_security, GENSEC_FEATURE_SEAL)) {
-- DEBUG(0,("Did not manage to negotiate mandetory feature "
-- "SEAL for dcerpc auth_level %u\n",
-- gensec_security->dcerpc_auth_level));
-- return NT_STATUS_ACCESS_DENIED;
-+
-+ /*
-+ * Because callers using the
-+ * gensec_start_mech_by_auth_type() never call
-+ * gensec_want_feature(), it isn't sensible for them
-+ * to have to call gensec_have_feature() manually, and
-+ * these are not points of negotiation, but are
-+ * asserted by the client
-+ */
-+ switch (gensec_security->dcerpc_auth_level) {
-+ case DCERPC_AUTH_LEVEL_INTEGRITY:
-+ if (!gensec_have_feature(gensec_security, GENSEC_FEATURE_SIGN)) {
-+ DEBUG(0,("Did not manage to negotiate mandetory feature "
-+ "SIGN for dcerpc auth_level %u\n",
-+ gensec_security->dcerpc_auth_level));
-+ return NT_STATUS_ACCESS_DENIED;
-+ }
-+ break;
-+ case DCERPC_AUTH_LEVEL_PRIVACY:
-+ if (!gensec_have_feature(gensec_security, GENSEC_FEATURE_SIGN)) {
-+ DEBUG(0,("Did not manage to negotiate mandetory feature "
-+ "SIGN for dcerpc auth_level %u\n",
-+ gensec_security->dcerpc_auth_level));
-+ return NT_STATUS_ACCESS_DENIED;
-+ }
-+ if (!gensec_have_feature(gensec_security, GENSEC_FEATURE_SEAL)) {
-+ DEBUG(0,("Did not manage to negotiate mandetory feature "
-+ "SEAL for dcerpc auth_level %u\n",
-+ gensec_security->dcerpc_auth_level));
-+ return NT_STATUS_ACCESS_DENIED;
-+ }
-+ break;
-+ default:
-+ break;
- }
-- break;
-- default:
-- break;
-+
-+ return NT_STATUS_OK;
- }
-
-- return NT_STATUS_OK;
-+ frame = talloc_stackframe();
-+
-+ subreq = ops->update_send(frame, ev, gensec_security, in);
-+ if (subreq == NULL) {
-+ goto fail;
-+ }
-+ ok = tevent_req_poll_ntstatus(subreq, ev, &status);
-+ if (!ok) {
-+ goto fail;
-+ }
-+ status = ops->update_recv(subreq, out_mem_ctx, out);
-+ fail:
-+ TALLOC_FREE(frame);
-+ return status;
- }
-
- struct gensec_update_state {
-- struct tevent_immediate *im;
-+ const struct gensec_security_ops *ops;
-+ struct tevent_req *subreq;
- struct gensec_security *gensec_security;
-- DATA_BLOB in;
- DATA_BLOB out;
-+
-+ /*
-+ * only for sync backends, we should remove this
-+ * once all backends are async.
-+ */
-+ struct tevent_immediate *im;
-+ DATA_BLOB in;
- };
-
- static void gensec_update_async_trigger(struct tevent_context *ctx,
- struct tevent_immediate *im,
- void *private_data);
-+static void gensec_update_subreq_done(struct tevent_req *subreq);
-+
- /**
- * Next state function for the GENSEC state machine async version
- *
-@@ -298,17 +329,31 @@ _PUBLIC_ struct tevent_req *gensec_update_send(TALLOC_CTX *mem_ctx,
- return NULL;
- }
-
-- state->gensec_security = gensec_security;
-- state->in = in;
-- state->out = data_blob(NULL, 0);
-- state->im = tevent_create_immediate(state);
-- if (tevent_req_nomem(state->im, req)) {
-+ state->ops = gensec_security->ops;
-+ state->gensec_security = gensec_security;
-+
-+ if (state->ops->update_send == NULL) {
-+ state->in = in;
-+ state->im = tevent_create_immediate(state);
-+ if (tevent_req_nomem(state->im, req)) {
-+ return tevent_req_post(req, ev);
-+ }
-+
-+ tevent_schedule_immediate(state->im, ev,
-+ gensec_update_async_trigger,
-+ req);
-+
-+ return req;
-+ }
-+
-+ state->subreq = state->ops->update_send(state, ev, gensec_security, in);
-+ if (tevent_req_nomem(state->subreq, req)) {
- return tevent_req_post(req, ev);
- }
-
-- tevent_schedule_immediate(state->im, ev,
-- gensec_update_async_trigger,
-- req);
-+ tevent_req_set_callback(state->subreq,
-+ gensec_update_subreq_done,
-+ req);
-
- return req;
- }
-@@ -323,12 +368,71 @@ static void gensec_update_async_trigger(struct tevent_context *ctx,
- tevent_req_data(req, struct gensec_update_state);
- NTSTATUS status;
-
-- status = gensec_update(state->gensec_security, state, ctx,
-- state->in, &state->out);
-+ status = state->ops->update(state->gensec_security, state, ctx,
-+ state->in, &state->out);
-+ if (tevent_req_nterror(req, status)) {
-+ return;
-+ }
-+
-+ tevent_req_done(req);
-+}
-+
-+static void gensec_update_subreq_done(struct tevent_req *subreq)
-+{
-+ struct tevent_req *req =
-+ tevent_req_callback_data(subreq,
-+ struct tevent_req);
-+ struct gensec_update_state *state =
-+ tevent_req_data(req,
-+ struct gensec_update_state);
-+ NTSTATUS status;
-+
-+ state->subreq = NULL;
-+
-+ status = state->ops->update_recv(subreq, state, &state->out);
-+ TALLOC_FREE(subreq);
- if (tevent_req_nterror(req, status)) {
- return;
- }
-
-+ /*
-+ * Because callers using the
-+ * gensec_start_mech_by_authtype() never call
-+ * gensec_want_feature(), it isn't sensible for them
-+ * to have to call gensec_have_feature() manually, and
-+ * these are not points of negotiation, but are
-+ * asserted by the client
-+ */
-+ switch (state->gensec_security->dcerpc_auth_level) {
-+ case DCERPC_AUTH_LEVEL_INTEGRITY:
-+ if (!gensec_have_feature(state->gensec_security, GENSEC_FEATURE_SIGN)) {
-+ DEBUG(0,("Did not manage to negotiate mandetory feature "
-+ "SIGN for dcerpc auth_level %u\n",
-+ state->gensec_security->dcerpc_auth_level));
-+ tevent_req_nterror(req, NT_STATUS_ACCESS_DENIED);
-+ return;
-+ }
-+ break;
-+ case DCERPC_AUTH_LEVEL_PRIVACY:
-+ if (!gensec_have_feature(state->gensec_security, GENSEC_FEATURE_SIGN)) {
-+ DEBUG(0,("Did not manage to negotiate mandetory feature "
-+ "SIGN for dcerpc auth_level %u\n",
-+ state->gensec_security->dcerpc_auth_level));
-+ tevent_req_nterror(req, NT_STATUS_ACCESS_DENIED);
-+ return;
-+ }
-+ if (!gensec_have_feature(state->gensec_security, GENSEC_FEATURE_SEAL)) {
-+ DEBUG(0,("Did not manage to negotiate mandetory feature "
-+ "SEAL for dcerpc auth_level %u\n",
-+ state->gensec_security->dcerpc_auth_level));
-+ tevent_req_nterror(req, NT_STATUS_ACCESS_DENIED);
-+ return;
-+ }
-+ break;
-+ default:
-+ break;
-+ }
-+
- tevent_req_done(req);
- }
-
-diff --git a/auth/gensec/gensec_internal.h b/auth/gensec/gensec_internal.h
-index 41b6f0d..c04164a 100644
---- a/auth/gensec/gensec_internal.h
-+++ b/auth/gensec/gensec_internal.h
-@@ -40,6 +40,13 @@ struct gensec_security_ops {
- NTSTATUS (*update)(struct gensec_security *gensec_security, TALLOC_CTX *out_mem_ctx,
- struct tevent_context *ev,
- const DATA_BLOB in, DATA_BLOB *out);
-+ struct tevent_req *(*update_send)(TALLOC_CTX *mem_ctx,
-+ struct tevent_context *ev,
-+ struct gensec_security *gensec_security,
-+ const DATA_BLOB in);
-+ NTSTATUS (*update_recv)(struct tevent_req *req,
-+ TALLOC_CTX *out_mem_ctx,
-+ DATA_BLOB *out);
- NTSTATUS (*seal_packet)(struct gensec_security *gensec_security, TALLOC_CTX *sig_mem_ctx,
- uint8_t *data, size_t length,
- const uint8_t *whole_pdu, size_t pdu_length,
---
-1.9.3
-
-
-From aa559f2fc6f228fba268adafa92392dff8152747 Mon Sep 17 00:00:00 2001
-From: Stefan Metzmacher <metze@samba.org>
-Date: Mon, 5 Aug 2013 11:10:55 +0200
-Subject: [PATCH 087/249] auth/gensec: use 'const char * const *' for function
- parameters
-
-Signed-off-by: Stefan Metzmacher <metze@samba.org>
-
-Reviewed-by: Andrew Bartlett <abartlet@samba.org>
-(cherry picked from commit c81b6f7448d7f945635784de645bea4f7f2e230f)
----
- auth/gensec/gensec.h | 2 +-
- auth/gensec/gensec_start.c | 2 +-
- auth/gensec/spnego.c | 2 +-
- 3 files changed, 3 insertions(+), 3 deletions(-)
-
-diff --git a/auth/gensec/gensec.h b/auth/gensec/gensec.h
-index 5d39d81..d0bc451 100644
---- a/auth/gensec/gensec.h
-+++ b/auth/gensec/gensec.h
-@@ -184,7 +184,7 @@ struct gensec_security_ops **gensec_security_mechs(struct gensec_security *gense
- const struct gensec_security_ops_wrapper *gensec_security_by_oid_list(
- struct gensec_security *gensec_security,
- TALLOC_CTX *mem_ctx,
-- const char **oid_strings,
-+ const char * const *oid_strings,
- const char *skip);
- const char **gensec_security_oids(struct gensec_security *gensec_security,
- TALLOC_CTX *mem_ctx,
-diff --git a/auth/gensec/gensec_start.c b/auth/gensec/gensec_start.c
-index 00e2759..2874c13 100644
---- a/auth/gensec/gensec_start.c
-+++ b/auth/gensec/gensec_start.c
-@@ -373,7 +373,7 @@ static const struct gensec_security_ops **gensec_security_by_sasl_list(
- _PUBLIC_ const struct gensec_security_ops_wrapper *gensec_security_by_oid_list(
- struct gensec_security *gensec_security,
- TALLOC_CTX *mem_ctx,
-- const char **oid_strings,
-+ const char * const *oid_strings,
- const char *skip)
- {
- struct gensec_security_ops_wrapper *backends_out;
-diff --git a/auth/gensec/spnego.c b/auth/gensec/spnego.c
-index 38a45f8..0eb6da1 100644
---- a/auth/gensec/spnego.c
-+++ b/auth/gensec/spnego.c
-@@ -417,7 +417,7 @@ static NTSTATUS gensec_spnego_parse_negTokenInit(struct gensec_security *gensec_
- struct spnego_state *spnego_state,
- TALLOC_CTX *out_mem_ctx,
- struct tevent_context *ev,
-- const char **mechType,
-+ const char * const *mechType,
- const DATA_BLOB unwrapped_in, DATA_BLOB *unwrapped_out)
- {
- int i;
---
-1.9.3
-
-
-From a2e14962e1eeebaac2fb4539794a454b0f486869 Mon Sep 17 00:00:00 2001
-From: Stefan Metzmacher <metze@samba.org>
-Date: Mon, 5 Aug 2013 11:20:21 +0200
-Subject: [PATCH 088/249] auth/gensec: treat struct gensec_security_ops as
- const if possible.
-
-Signed-off-by: Stefan Metzmacher <metze@samba.org>
-
-Reviewed-by: Andrew Bartlett <abartlet@samba.org>
-(cherry picked from commit 966faef9c61d2ec02d75fc3ccc82a61524fb77e4)
----
- auth/gensec/gensec.h | 14 +++++-----
- auth/gensec/gensec_start.c | 52 ++++++++++++++++++++------------------
- auth/gensec/spnego.c | 8 +++---
- source3/auth/auth_generic.c | 15 ++++++-----
- source3/libads/authdata.c | 11 ++++----
- source3/libsmb/auth_generic.c | 15 ++++++-----
- source3/utils/ntlm_auth.c | 22 ++++++++--------
- source4/ldap_server/ldap_backend.c | 4 +--
- 8 files changed, 75 insertions(+), 66 deletions(-)
-
-diff --git a/auth/gensec/gensec.h b/auth/gensec/gensec.h
-index d0bc451..ac1fadf 100644
---- a/auth/gensec/gensec.h
-+++ b/auth/gensec/gensec.h
-@@ -85,7 +85,7 @@ struct gensec_settings {
- /* this allows callers to specify a specific set of ops that
- * should be used, rather than those loaded by the plugin
- * mechanism */
-- struct gensec_security_ops **backends;
-+ const struct gensec_security_ops * const *backends;
-
- /* To fill in our own name in the NTLMSSP server */
- const char *server_dns_domain;
-@@ -179,7 +179,7 @@ const struct gensec_security_ops *gensec_security_by_sasl_name(struct gensec_sec
- const struct gensec_security_ops *gensec_security_by_auth_type(
- struct gensec_security *gensec_security,
- uint32_t auth_type);
--struct gensec_security_ops **gensec_security_mechs(struct gensec_security *gensec_security,
-+const struct gensec_security_ops **gensec_security_mechs(struct gensec_security *gensec_security,
- TALLOC_CTX *mem_ctx);
- const struct gensec_security_ops_wrapper *gensec_security_by_oid_list(
- struct gensec_security *gensec_security,
-@@ -243,11 +243,11 @@ NTSTATUS gensec_wrap(struct gensec_security *gensec_security,
- const DATA_BLOB *in,
- DATA_BLOB *out);
-
--struct gensec_security_ops **gensec_security_all(void);
--bool gensec_security_ops_enabled(struct gensec_security_ops *ops, struct gensec_security *security);
--struct gensec_security_ops **gensec_use_kerberos_mechs(TALLOC_CTX *mem_ctx,
-- struct gensec_security_ops **old_gensec_list,
-- struct cli_credentials *creds);
-+const struct gensec_security_ops * const *gensec_security_all(void);
-+bool gensec_security_ops_enabled(const struct gensec_security_ops *ops, struct gensec_security *security);
-+const struct gensec_security_ops **gensec_use_kerberos_mechs(TALLOC_CTX *mem_ctx,
-+ const struct gensec_security_ops * const *old_gensec_list,
-+ struct cli_credentials *creds);
-
- NTSTATUS gensec_start_mech_by_sasl_name(struct gensec_security *gensec_security,
- const char *sasl_name);
-diff --git a/auth/gensec/gensec_start.c b/auth/gensec/gensec_start.c
-index 2874c13..3ae64d5 100644
---- a/auth/gensec/gensec_start.c
-+++ b/auth/gensec/gensec_start.c
-@@ -33,17 +33,17 @@
- #include "lib/util/samba_modules.h"
-
- /* the list of currently registered GENSEC backends */
--static struct gensec_security_ops **generic_security_ops;
-+static const struct gensec_security_ops **generic_security_ops;
- static int gensec_num_backends;
-
- /* Return all the registered mechs. Don't modify the return pointer,
-- * but you may talloc_reference it if convient */
--_PUBLIC_ struct gensec_security_ops **gensec_security_all(void)
-+ * but you may talloc_referen it if convient */
-+_PUBLIC_ const struct gensec_security_ops * const *gensec_security_all(void)
- {
- return generic_security_ops;
- }
-
--bool gensec_security_ops_enabled(struct gensec_security_ops *ops, struct gensec_security *security)
-+bool gensec_security_ops_enabled(const struct gensec_security_ops *ops, struct gensec_security *security)
- {
- return lpcfg_parm_bool(security->settings->lp_ctx, NULL, "gensec", ops->name, ops->enabled);
- }
-@@ -68,11 +68,11 @@ bool gensec_security_ops_enabled(struct gensec_security_ops *ops, struct gensec_
- * more compplex.
- */
-
--_PUBLIC_ struct gensec_security_ops **gensec_use_kerberos_mechs(TALLOC_CTX *mem_ctx,
-- struct gensec_security_ops **old_gensec_list,
-- struct cli_credentials *creds)
-+_PUBLIC_ const struct gensec_security_ops **gensec_use_kerberos_mechs(TALLOC_CTX *mem_ctx,
-+ const struct gensec_security_ops * const *old_gensec_list,
-+ struct cli_credentials *creds)
- {
-- struct gensec_security_ops **new_gensec_list;
-+ const struct gensec_security_ops **new_gensec_list;
- int i, j, num_mechs_in;
- enum credentials_use_kerberos use_kerberos = CRED_AUTO_USE_KERBEROS;
-
-@@ -84,7 +84,9 @@ _PUBLIC_ struct gensec_security_ops **gensec_use_kerberos_mechs(TALLOC_CTX *mem_
- /* noop */
- }
-
-- new_gensec_list = talloc_array(mem_ctx, struct gensec_security_ops *, num_mechs_in + 1);
-+ new_gensec_list = talloc_array(mem_ctx,
-+ const struct gensec_security_ops *,
-+ num_mechs_in + 1);
- if (!new_gensec_list) {
- return NULL;
- }
-@@ -136,12 +138,12 @@ _PUBLIC_ struct gensec_security_ops **gensec_use_kerberos_mechs(TALLOC_CTX *mem_
- return new_gensec_list;
- }
-
--_PUBLIC_ struct gensec_security_ops **gensec_security_mechs(
-+_PUBLIC_ const struct gensec_security_ops **gensec_security_mechs(
- struct gensec_security *gensec_security,
- TALLOC_CTX *mem_ctx)
- {
- struct cli_credentials *creds = NULL;
-- struct gensec_security_ops **backends = gensec_security_all();
-+ const struct gensec_security_ops * const *backends = gensec_security_all();
-
- if (gensec_security != NULL) {
- creds = gensec_get_credentials(gensec_security);
-@@ -159,7 +161,7 @@ static const struct gensec_security_ops *gensec_security_by_authtype(struct gens
- uint8_t auth_type)
- {
- int i;
-- struct gensec_security_ops **backends;
-+ const struct gensec_security_ops **backends;
- const struct gensec_security_ops *backend;
- TALLOC_CTX *mem_ctx = talloc_new(gensec_security);
- if (!mem_ctx) {
-@@ -185,7 +187,7 @@ _PUBLIC_ const struct gensec_security_ops *gensec_security_by_oid(
- const char *oid_string)
- {
- int i, j;
-- struct gensec_security_ops **backends;
-+ const struct gensec_security_ops **backends;
- const struct gensec_security_ops *backend;
- TALLOC_CTX *mem_ctx = talloc_new(gensec_security);
- if (!mem_ctx) {
-@@ -218,7 +220,7 @@ _PUBLIC_ const struct gensec_security_ops *gensec_security_by_sasl_name(
- const char *sasl_name)
- {
- int i;
-- struct gensec_security_ops **backends;
-+ const struct gensec_security_ops **backends;
- const struct gensec_security_ops *backend;
- TALLOC_CTX *mem_ctx = talloc_new(gensec_security);
- if (!mem_ctx) {
-@@ -245,7 +247,7 @@ _PUBLIC_ const struct gensec_security_ops *gensec_security_by_auth_type(
- uint32_t auth_type)
- {
- int i;
-- struct gensec_security_ops **backends;
-+ const struct gensec_security_ops **backends;
- const struct gensec_security_ops *backend;
- TALLOC_CTX *mem_ctx = talloc_new(gensec_security);
- if (!mem_ctx) {
-@@ -270,7 +272,7 @@ static const struct gensec_security_ops *gensec_security_by_name(struct gensec_s
- const char *name)
- {
- int i;
-- struct gensec_security_ops **backends;
-+ const struct gensec_security_ops **backends;
- const struct gensec_security_ops *backend;
- TALLOC_CTX *mem_ctx = talloc_new(gensec_security);
- if (!mem_ctx) {
-@@ -306,7 +308,7 @@ static const struct gensec_security_ops **gensec_security_by_sasl_list(
- const char **sasl_names)
- {
- const struct gensec_security_ops **backends_out;
-- struct gensec_security_ops **backends;
-+ const struct gensec_security_ops **backends;
- int i, k, sasl_idx;
- int num_backends_out = 0;
-
-@@ -377,7 +379,7 @@ _PUBLIC_ const struct gensec_security_ops_wrapper *gensec_security_by_oid_list(
- const char *skip)
- {
- struct gensec_security_ops_wrapper *backends_out;
-- struct gensec_security_ops **backends;
-+ const struct gensec_security_ops **backends;
- int i, j, k, oid_idx;
- int num_backends_out = 0;
-
-@@ -451,7 +453,7 @@ _PUBLIC_ const struct gensec_security_ops_wrapper *gensec_security_by_oid_list(
- static const char **gensec_security_oids_from_ops(
- struct gensec_security *gensec_security,
- TALLOC_CTX *mem_ctx,
-- struct gensec_security_ops **ops,
-+ const struct gensec_security_ops * const *ops,
- const char *skip)
- {
- int i;
-@@ -542,8 +544,10 @@ _PUBLIC_ const char **gensec_security_oids(struct gensec_security *gensec_securi
- TALLOC_CTX *mem_ctx,
- const char *skip)
- {
-- struct gensec_security_ops **ops
-- = gensec_security_mechs(gensec_security, mem_ctx);
-+ const struct gensec_security_ops **ops;
-+
-+ ops = gensec_security_mechs(gensec_security, mem_ctx);
-+
- return gensec_security_oids_from_ops(gensec_security, mem_ctx, ops, skip);
- }
-
-@@ -876,13 +880,13 @@ _PUBLIC_ NTSTATUS gensec_register(const struct gensec_security_ops *ops)
-
- generic_security_ops = talloc_realloc(talloc_autofree_context(),
- generic_security_ops,
-- struct gensec_security_ops *,
-+ const struct gensec_security_ops *,
- gensec_num_backends+2);
- if (!generic_security_ops) {
- return NT_STATUS_NO_MEMORY;
- }
-
-- generic_security_ops[gensec_num_backends] = discard_const_p(struct gensec_security_ops, ops);
-+ generic_security_ops[gensec_num_backends] = ops;
- gensec_num_backends++;
- generic_security_ops[gensec_num_backends] = NULL;
-
-@@ -908,7 +912,7 @@ _PUBLIC_ const struct gensec_critical_sizes *gensec_interface_version(void)
- return &critical_sizes;
- }
-
--static int sort_gensec(struct gensec_security_ops **gs1, struct gensec_security_ops **gs2) {
-+static int sort_gensec(const struct gensec_security_ops **gs1, const struct gensec_security_ops **gs2) {
- return (*gs2)->priority - (*gs1)->priority;
- }
-
-diff --git a/auth/gensec/spnego.c b/auth/gensec/spnego.c
-index 0eb6da1..d90a50c 100644
---- a/auth/gensec/spnego.c
-+++ b/auth/gensec/spnego.c
-@@ -352,9 +352,11 @@ static NTSTATUS gensec_spnego_server_try_fallback(struct gensec_security *gensec
- const DATA_BLOB in, DATA_BLOB *out)
- {
- int i,j;
-- struct gensec_security_ops **all_ops
-- = gensec_security_mechs(gensec_security, out_mem_ctx);
-- for (i=0; all_ops[i]; i++) {
-+ const struct gensec_security_ops **all_ops;
-+
-+ all_ops = gensec_security_mechs(gensec_security, out_mem_ctx);
-+
-+ for (i=0; all_ops && all_ops[i]; i++) {
- bool is_spnego;
- NTSTATUS nt_status;
-
-diff --git a/source3/auth/auth_generic.c b/source3/auth/auth_generic.c
-index a2ba4e3..e15c87e 100644
---- a/source3/auth/auth_generic.c
-+++ b/source3/auth/auth_generic.c
-@@ -203,6 +203,7 @@ NTSTATUS auth_generic_prepare(TALLOC_CTX *mem_ctx,
- return nt_status;
- }
- } else {
-+ const struct gensec_security_ops **backends = NULL;
- struct gensec_settings *gensec_settings;
- struct loadparm_context *lp_ctx;
- size_t idx = 0;
-@@ -259,24 +260,24 @@ NTSTATUS auth_generic_prepare(TALLOC_CTX *mem_ctx,
- return NT_STATUS_NO_MEMORY;
- }
-
-- gensec_settings->backends = talloc_zero_array(gensec_settings,
-- struct gensec_security_ops *, 4);
-- if (gensec_settings->backends == NULL) {
-+ backends = talloc_zero_array(gensec_settings,
-+ const struct gensec_security_ops *, 4);
-+ if (backends == NULL) {
- TALLOC_FREE(tmp_ctx);
- return NT_STATUS_NO_MEMORY;
- }
-+ gensec_settings->backends = backends;
-
- gensec_init();
-
- /* These need to be in priority order, krb5 before NTLMSSP */
- #if defined(HAVE_KRB5)
-- gensec_settings->backends[idx++] = &gensec_gse_krb5_security_ops;
-+ backends[idx++] = &gensec_gse_krb5_security_ops;
- #endif
-
-- gensec_settings->backends[idx++] = gensec_security_by_oid(NULL, GENSEC_OID_NTLMSSP);
-+ backends[idx++] = gensec_security_by_oid(NULL, GENSEC_OID_NTLMSSP);
-
-- gensec_settings->backends[idx++] = gensec_security_by_oid(NULL,
-- GENSEC_OID_SPNEGO);
-+ backends[idx++] = gensec_security_by_oid(NULL, GENSEC_OID_SPNEGO);
-
- /*
- * This is anonymous for now, because we just use it
-diff --git a/source3/libads/authdata.c b/source3/libads/authdata.c
-index 582917d..801e551 100644
---- a/source3/libads/authdata.c
-+++ b/source3/libads/authdata.c
-@@ -111,7 +111,7 @@ NTSTATUS kerberos_return_pac(TALLOC_CTX *mem_ctx,
- const char *cc = "MEMORY:kerberos_return_pac";
- struct auth_session_info *session_info;
- struct gensec_security *gensec_server_context;
--
-+ const struct gensec_security_ops **backends;
- struct gensec_settings *gensec_settings;
- size_t idx = 0;
- struct auth4_context *auth_context;
-@@ -230,16 +230,17 @@ NTSTATUS kerberos_return_pac(TALLOC_CTX *mem_ctx,
- goto out;
- }
-
-- gensec_settings->backends = talloc_zero_array(gensec_settings,
-- struct gensec_security_ops *, 2);
-- if (gensec_settings->backends == NULL) {
-+ backends = talloc_zero_array(gensec_settings,
-+ const struct gensec_security_ops *, 2);
-+ if (backends == NULL) {
- status = NT_STATUS_NO_MEMORY;
- goto out;
- }
-+ gensec_settings->backends = backends;
-
- gensec_init();
-
-- gensec_settings->backends[idx++] = &gensec_gse_krb5_security_ops;
-+ backends[idx++] = &gensec_gse_krb5_security_ops;
-
- status = gensec_server_start(tmp_ctx, gensec_settings,
- auth_context, &gensec_server_context);
-diff --git a/source3/libsmb/auth_generic.c b/source3/libsmb/auth_generic.c
-index ba0a0ce..e30c1b7 100644
---- a/source3/libsmb/auth_generic.c
-+++ b/source3/libsmb/auth_generic.c
-@@ -54,6 +54,7 @@ NTSTATUS auth_generic_client_prepare(TALLOC_CTX *mem_ctx, struct auth_generic_st
- NTSTATUS nt_status;
- size_t idx = 0;
- struct gensec_settings *gensec_settings;
-+ const struct gensec_security_ops **backends = NULL;
- struct loadparm_context *lp_ctx;
-
- ans = talloc_zero(mem_ctx, struct auth_generic_state);
-@@ -76,24 +77,24 @@ NTSTATUS auth_generic_client_prepare(TALLOC_CTX *mem_ctx, struct auth_generic_st
- return NT_STATUS_NO_MEMORY;
- }
-
-- gensec_settings->backends = talloc_zero_array(gensec_settings,
-- struct gensec_security_ops *, 4);
-- if (gensec_settings->backends == NULL) {
-+ backends = talloc_zero_array(gensec_settings,
-+ const struct gensec_security_ops *, 4);
-+ if (backends == NULL) {
- TALLOC_FREE(ans);
- return NT_STATUS_NO_MEMORY;
- }
-+ gensec_settings->backends = backends;
-
- gensec_init();
-
- /* These need to be in priority order, krb5 before NTLMSSP */
- #if defined(HAVE_KRB5)
-- gensec_settings->backends[idx++] = &gensec_gse_krb5_security_ops;
-+ backends[idx++] = &gensec_gse_krb5_security_ops;
- #endif
-
-- gensec_settings->backends[idx++] = &gensec_ntlmssp3_client_ops;
-+ backends[idx++] = &gensec_ntlmssp3_client_ops;
-
-- gensec_settings->backends[idx++] = gensec_security_by_oid(NULL,
-- GENSEC_OID_SPNEGO);
-+ backends[idx++] = gensec_security_by_oid(NULL, GENSEC_OID_SPNEGO);
-
- nt_status = gensec_client_start(ans, &ans->gensec_security, gensec_settings);
-
-diff --git a/source3/utils/ntlm_auth.c b/source3/utils/ntlm_auth.c
-index 5fcb60e..25e717c 100644
---- a/source3/utils/ntlm_auth.c
-+++ b/source3/utils/ntlm_auth.c
-@@ -1035,7 +1035,7 @@ static NTSTATUS ntlm_auth_start_ntlmssp_server(TALLOC_CTX *mem_ctx,
- NTSTATUS nt_status;
-
- TALLOC_CTX *tmp_ctx;
--
-+ const struct gensec_security_ops **backends;
- struct gensec_settings *gensec_settings;
- size_t idx = 0;
- struct cli_credentials *server_credentials;
-@@ -1079,26 +1079,26 @@ static NTSTATUS ntlm_auth_start_ntlmssp_server(TALLOC_CTX *mem_ctx,
- gensec_settings->server_dns_name = strlower_talloc(gensec_settings,
- get_mydnsfullname());
-
-- gensec_settings->backends = talloc_zero_array(gensec_settings,
-- struct gensec_security_ops *, 4);
-+ backends = talloc_zero_array(gensec_settings,
-+ const struct gensec_security_ops *, 4);
-
-- if (gensec_settings->backends == NULL) {
-+ if (backends == NULL) {
- TALLOC_FREE(tmp_ctx);
- return NT_STATUS_NO_MEMORY;
- }
--
-+ gensec_settings->backends = backends;
-+
- gensec_init();
-
- /* These need to be in priority order, krb5 before NTLMSSP */
- #if defined(HAVE_KRB5)
-- gensec_settings->backends[idx++] = &gensec_gse_krb5_security_ops;
-+ backends[idx++] = &gensec_gse_krb5_security_ops;
- #endif
--
-- gensec_settings->backends[idx++] = gensec_security_by_oid(NULL, GENSEC_OID_NTLMSSP);
-
-- gensec_settings->backends[idx++] = gensec_security_by_oid(NULL,
-- GENSEC_OID_SPNEGO);
--
-+ backends[idx++] = gensec_security_by_oid(NULL, GENSEC_OID_NTLMSSP);
-+
-+ backends[idx++] = gensec_security_by_oid(NULL, GENSEC_OID_SPNEGO);
-+
- /*
- * This is anonymous for now, because we just use it
- * to set the kerberos state at the moment
-diff --git a/source4/ldap_server/ldap_backend.c b/source4/ldap_server/ldap_backend.c
-index f0da82c..3432594 100644
---- a/source4/ldap_server/ldap_backend.c
-+++ b/source4/ldap_server/ldap_backend.c
-@@ -192,8 +192,8 @@ NTSTATUS ldapsrv_backend_Init(struct ldapsrv_connection *conn)
-
- if (conn->server_credentials) {
- char **sasl_mechs = NULL;
-- struct gensec_security_ops **backends = gensec_security_all();
-- struct gensec_security_ops **ops
-+ const struct gensec_security_ops * const *backends = gensec_security_all();
-+ const struct gensec_security_ops **ops
- = gensec_use_kerberos_mechs(conn, backends, conn->server_credentials);
- unsigned int i, j = 0;
- for (i = 0; ops && ops[i]; i++) {
---
-1.9.3
-
-
-From 6a58d4f4cb60bf25c1493ef0aedd5978abc06969 Mon Sep 17 00:00:00 2001
-From: Stefan Metzmacher <metze@samba.org>
-Date: Mon, 5 Aug 2013 10:43:38 +0200
-Subject: [PATCH 089/249] libcli/auth: avoid possible mem leak in
- read_negTokenInit()
-
-Also add error checks.
-
-Signed-off-by: Stefan Metzmacher <metze@samba.org>
-
-Reviewed-by: Andrew Bartlett <abartlet@samba.org>
-(cherry picked from commit f1e60142e12deb560e3c62441fd9ff2acd086b60)
----
- libcli/auth/spnego_parse.c | 19 +++++++++++++++----
- 1 file changed, 15 insertions(+), 4 deletions(-)
-
-diff --git a/libcli/auth/spnego_parse.c b/libcli/auth/spnego_parse.c
-index 3bf7aea..2c73613 100644
---- a/libcli/auth/spnego_parse.c
-+++ b/libcli/auth/spnego_parse.c
-@@ -46,13 +46,24 @@ static bool read_negTokenInit(struct asn1_data *asn1, TALLOC_CTX *mem_ctx,
- asn1_start_tag(asn1, ASN1_CONTEXT(0));
- asn1_start_tag(asn1, ASN1_SEQUENCE(0));
-
-- token->mechTypes = talloc(NULL, const char *);
-+ token->mechTypes = talloc(mem_ctx, const char *);
-+ if (token->mechTypes == NULL) {
-+ asn1->has_error = true;
-+ return false;
-+ }
- for (i = 0; !asn1->has_error &&
- 0 < asn1_tag_remaining(asn1); i++) {
- char *oid;
-- token->mechTypes = talloc_realloc(NULL,
-- token->mechTypes,
-- const char *, i+2);
-+ const char **p;
-+ p = talloc_realloc(mem_ctx,
-+ token->mechTypes,
-+ const char *, i+2);
-+ if (p == NULL) {
-+ TALLOC_FREE(token->mechTypes);
-+ asn1->has_error = true;
-+ return false;
-+ }
-+ token->mechTypes = p;
- asn1_read_OID(asn1, token->mechTypes, &oid);
- token->mechTypes[i] = oid;
- }
---
-1.9.3
-
-
-From 8835471a993521e49aa48ef55f324874e1933108 Mon Sep 17 00:00:00 2001
-From: Stefan Metzmacher <metze@samba.org>
-Date: Mon, 5 Aug 2013 10:46:47 +0200
-Subject: [PATCH 090/249] libcli/auth: add more const to
- spnego_negTokenInit->mechTypes
-
-Signed-off-by: Stefan Metzmacher <metze@samba.org>
-
-Reviewed-by: Andrew Bartlett <abartlet@samba.org>
-
-Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
-Autobuild-Date(master): Sat Aug 10 11:11:54 CEST 2013 on sn-devel-104
-(cherry picked from commit 9177a0d1c1c92c45ef92fbda55fc6dd8aeb76b6c)
----
- libcli/auth/spnego.h | 2 +-
- libcli/auth/spnego_parse.c | 27 ++++++++++++++++-----------
- libcli/auth/spnego_proto.h | 2 +-
- source3/utils/ntlm_auth.c | 2 +-
- 4 files changed, 19 insertions(+), 14 deletions(-)
-
-diff --git a/libcli/auth/spnego.h b/libcli/auth/spnego.h
-index 9a93f2e..539b903 100644
---- a/libcli/auth/spnego.h
-+++ b/libcli/auth/spnego.h
-@@ -49,7 +49,7 @@ enum spnego_negResult {
- };
-
- struct spnego_negTokenInit {
-- const char **mechTypes;
-+ const char * const *mechTypes;
- DATA_BLOB reqFlags;
- uint8_t reqFlagsPadding;
- DATA_BLOB mechToken;
-diff --git a/libcli/auth/spnego_parse.c b/libcli/auth/spnego_parse.c
-index 2c73613..b1ca07d 100644
---- a/libcli/auth/spnego_parse.c
-+++ b/libcli/auth/spnego_parse.c
-@@ -42,12 +42,14 @@ static bool read_negTokenInit(struct asn1_data *asn1, TALLOC_CTX *mem_ctx,
-
- switch (context) {
- /* Read mechTypes */
-- case ASN1_CONTEXT(0):
-+ case ASN1_CONTEXT(0): {
-+ const char **mechTypes;
-+
- asn1_start_tag(asn1, ASN1_CONTEXT(0));
- asn1_start_tag(asn1, ASN1_SEQUENCE(0));
-
-- token->mechTypes = talloc(mem_ctx, const char *);
-- if (token->mechTypes == NULL) {
-+ mechTypes = talloc(mem_ctx, const char *);
-+ if (mechTypes == NULL) {
- asn1->has_error = true;
- return false;
- }
-@@ -56,22 +58,25 @@ static bool read_negTokenInit(struct asn1_data *asn1, TALLOC_CTX *mem_ctx,
- char *oid;
- const char **p;
- p = talloc_realloc(mem_ctx,
-- token->mechTypes,
-+ mechTypes,
- const char *, i+2);
- if (p == NULL) {
-- TALLOC_FREE(token->mechTypes);
-+ talloc_free(mechTypes);
- asn1->has_error = true;
- return false;
- }
-- token->mechTypes = p;
-- asn1_read_OID(asn1, token->mechTypes, &oid);
-- token->mechTypes[i] = oid;
-+ mechTypes = p;
-+
-+ asn1_read_OID(asn1, mechTypes, &oid);
-+ mechTypes[i] = oid;
- }
-- token->mechTypes[i] = NULL;
-+ mechTypes[i] = NULL;
-+ token->mechTypes = mechTypes;
-
- asn1_end_tag(asn1);
- asn1_end_tag(asn1);
- break;
-+ }
- /* Read reqFlags */
- case ASN1_CONTEXT(1):
- asn1_start_tag(asn1, ASN1_CONTEXT(1));
-@@ -366,7 +371,7 @@ bool spnego_free_data(struct spnego_data *spnego)
- switch(spnego->type) {
- case SPNEGO_NEG_TOKEN_INIT:
- if (spnego->negTokenInit.mechTypes) {
-- talloc_free(spnego->negTokenInit.mechTypes);
-+ talloc_free(discard_const(spnego->negTokenInit.mechTypes));
- }
- data_blob_free(&spnego->negTokenInit.reqFlags);
- data_blob_free(&spnego->negTokenInit.mechToken);
-@@ -390,7 +395,7 @@ out:
- }
-
- bool spnego_write_mech_types(TALLOC_CTX *mem_ctx,
-- const char **mech_types,
-+ const char * const *mech_types,
- DATA_BLOB *blob)
- {
- struct asn1_data *asn1 = asn1_init(mem_ctx);
-diff --git a/libcli/auth/spnego_proto.h b/libcli/auth/spnego_proto.h
-index 5fd5e59..c0fa934 100644
---- a/libcli/auth/spnego_proto.h
-+++ b/libcli/auth/spnego_proto.h
-@@ -24,5 +24,5 @@ ssize_t spnego_read_data(TALLOC_CTX *mem_ctx, DATA_BLOB data, struct spnego_data
- ssize_t spnego_write_data(TALLOC_CTX *mem_ctx, DATA_BLOB *blob, struct spnego_data *spnego);
- bool spnego_free_data(struct spnego_data *spnego);
- bool spnego_write_mech_types(TALLOC_CTX *mem_ctx,
-- const char **mech_types,
-+ const char * const *mech_types,
- DATA_BLOB *blob);
-diff --git a/source3/utils/ntlm_auth.c b/source3/utils/ntlm_auth.c
-index 25e717c..1df615c 100644
---- a/source3/utils/ntlm_auth.c
-+++ b/source3/utils/ntlm_auth.c
-@@ -2058,7 +2058,7 @@ static void manage_gss_spnego_client_request(enum stdio_helper_mode stdio_helper
-
- /* The server offers a list of mechanisms */
-
-- const char **mechType = (const char **)spnego.negTokenInit.mechTypes;
-+ const char *const *mechType = spnego.negTokenInit.mechTypes;
-
- while (*mechType != NULL) {
-
---
-1.9.3
-
-
-From c06bb0c3d2c032f8b4848c75baa1fd900650866a Mon Sep 17 00:00:00 2001
-From: Stefan Metzmacher <metze@samba.org>
-Date: Fri, 9 Aug 2013 10:15:05 +0200
-Subject: [PATCH 091/249] auth/credentials: make sure
- cli_credentials_get_nt_hash() always returns a talloc object
-
-Signed-off-by: Stefan Metzmacher <metze@samba.org>
----
- auth/credentials/credentials.c | 19 ++++++++++++++-----
- auth/credentials/credentials.h | 4 ++--
- 2 files changed, 16 insertions(+), 7 deletions(-)
-
-diff --git a/auth/credentials/credentials.c b/auth/credentials/credentials.c
-index be497bc..57a7c0b 100644
---- a/auth/credentials/credentials.c
-+++ b/auth/credentials/credentials.c
-@@ -471,8 +471,8 @@ _PUBLIC_ bool cli_credentials_set_old_password(struct cli_credentials *cred,
- * @param cred credentials context
- * @retval If set, the cleartext password, otherwise NULL
- */
--_PUBLIC_ const struct samr_Password *cli_credentials_get_nt_hash(struct cli_credentials *cred,
-- TALLOC_CTX *mem_ctx)
-+_PUBLIC_ struct samr_Password *cli_credentials_get_nt_hash(struct cli_credentials *cred,
-+ TALLOC_CTX *mem_ctx)
- {
- const char *password = cli_credentials_get_password(cred);
-
-@@ -481,13 +481,22 @@ _PUBLIC_ const struct samr_Password *cli_credentials_get_nt_hash(struct cli_cred
- if (!nt_hash) {
- return NULL;
- }
--
-+
- E_md4hash(password, nt_hash->hash);
-
- return nt_hash;
-- } else {
-- return cred->nt_hash;
-+ } else if (cred->nt_hash != NULL) {
-+ struct samr_Password *nt_hash = talloc(mem_ctx, struct samr_Password);
-+ if (!nt_hash) {
-+ return NULL;
-+ }
-+
-+ *nt_hash = *cred->nt_hash;
-+
-+ return nt_hash;
- }
-+
-+ return NULL;
- }
-
- /**
-diff --git a/auth/credentials/credentials.h b/auth/credentials/credentials.h
-index cb09dc3..766a513 100644
---- a/auth/credentials/credentials.h
-+++ b/auth/credentials/credentials.h
-@@ -141,8 +141,8 @@ bool cli_credentials_set_password(struct cli_credentials *cred,
- enum credentials_obtained obtained);
- struct cli_credentials *cli_credentials_init_anon(TALLOC_CTX *mem_ctx);
- void cli_credentials_parse_string(struct cli_credentials *credentials, const char *data, enum credentials_obtained obtained);
--const struct samr_Password *cli_credentials_get_nt_hash(struct cli_credentials *cred,
-- TALLOC_CTX *mem_ctx);
-+struct samr_Password *cli_credentials_get_nt_hash(struct cli_credentials *cred,
-+ TALLOC_CTX *mem_ctx);
- bool cli_credentials_set_realm(struct cli_credentials *cred,
- const char *val,
- enum credentials_obtained obtained);
---
-1.9.3
-
-
-From 8a3ed9f72ef9f9de32da4d454b866d64eb24ee17 Mon Sep 17 00:00:00 2001
-From: Howard Chu <hyc@symas.com>
-Date: Tue, 17 Sep 2013 13:09:50 -0700
-Subject: [PATCH 092/249] Add SASL/EXTERNAL gensec module
-
-Signed-off-by: Howard Chu <hyc@symas.com>
-Reviewed-by: Andrew Bartlett <abartlet@samba.org>
-Reviewed-by: Nadezhda Ivanova <nivanova@symas.com>
-(cherry picked from commit 6bf59b03d72b94b71e53fc2404c11e0d237e41b2)
----
- auth/gensec/external.c | 82 +++++++++++++++++++++++++++++++++++++++++++++++
- auth/gensec/gensec.h | 3 +-
- auth/gensec/wscript_build | 7 ++++
- 3 files changed, 91 insertions(+), 1 deletion(-)
- create mode 100644 auth/gensec/external.c
-
-diff --git a/auth/gensec/external.c b/auth/gensec/external.c
-new file mode 100644
-index 0000000..a26e435
---- /dev/null
-+++ b/auth/gensec/external.c
-@@ -0,0 +1,82 @@
-+/*
-+ Unix SMB/CIFS implementation.
-+
-+ SASL/EXTERNAL authentication.
-+
-+ Copyright (C) Howard Chu <hyc@symas.com> 2013
-+
-+ This program is free software; you can redistribute it and/or modify
-+ it under the terms of the GNU General Public License as published by
-+ the Free Software Foundation; either version 3 of the License, or
-+ (at your option) any later version.
-+
-+ This program is distributed in the hope that it will be useful,
-+ but WITHOUT ANY WARRANTY; without even the implied warranty of
-+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-+ GNU General Public License for more details.
-+
-+ You should have received a copy of the GNU General Public License
-+ along with this program. If not, see <http://www.gnu.org/licenses/>.
-+*/
-+
-+#include "includes.h"
-+#include "auth/credentials/credentials.h"
-+#include "auth/gensec/gensec.h"
-+#include "auth/gensec/gensec_internal.h"
-+#include "auth/gensec/gensec_proto.h"
-+#include "auth/gensec/gensec_toplevel_proto.h"
-+
-+/* SASL/EXTERNAL is essentially a no-op; it is only usable when the transport
-+ * layer is already mutually authenticated.
-+ */
-+
-+NTSTATUS gensec_external_init(void);
-+
-+static NTSTATUS gensec_external_start(struct gensec_security *gensec_security)
-+{
-+ if (gensec_security->want_features & GENSEC_FEATURE_SIGN)
-+ return NT_STATUS_INVALID_PARAMETER;
-+ if (gensec_security->want_features & GENSEC_FEATURE_SEAL)
-+ return NT_STATUS_INVALID_PARAMETER;
-+
-+ return NT_STATUS_OK;
-+}
-+
-+static NTSTATUS gensec_external_update(struct gensec_security *gensec_security,
-+ TALLOC_CTX *out_mem_ctx,
-+ struct tevent_context *ev,
-+ const DATA_BLOB in, DATA_BLOB *out)
-+{
-+ *out = data_blob_talloc(out_mem_ctx, "", 0);
-+ return NT_STATUS_OK;
-+}
-+
-+/* We have no features */
-+static bool gensec_external_have_feature(struct gensec_security *gensec_security,
-+ uint32_t feature)
-+{
-+ return false;
-+}
-+
-+static const struct gensec_security_ops gensec_external_ops = {
-+ .name = "sasl-EXTERNAL",
-+ .sasl_name = "EXTERNAL",
-+ .client_start = gensec_external_start,
-+ .update = gensec_external_update,
-+ .have_feature = gensec_external_have_feature,
-+ .enabled = true,
-+ .priority = GENSEC_EXTERNAL
-+};
-+
-+
-+NTSTATUS gensec_external_init(void)
-+{
-+ NTSTATUS ret;
-+
-+ ret = gensec_register(&gensec_external_ops);
-+ if (!NT_STATUS_IS_OK(ret)) {
-+ DEBUG(0,("Failed to register '%s' gensec backend!\n",
-+ gensec_external_ops.name));
-+ }
-+ return ret;
-+}
-diff --git a/auth/gensec/gensec.h b/auth/gensec/gensec.h
-index ac1fadf..6974f87 100644
---- a/auth/gensec/gensec.h
-+++ b/auth/gensec/gensec.h
-@@ -41,7 +41,8 @@ enum gensec_priority {
- GENSEC_SCHANNEL = 60,
- GENSEC_NTLMSSP = 50,
- GENSEC_SASL = 20,
-- GENSEC_OTHER = 0
-+ GENSEC_OTHER = 10,
-+ GENSEC_EXTERNAL = 0
- };
-
- struct gensec_security;
-diff --git a/auth/gensec/wscript_build b/auth/gensec/wscript_build
-index fcd74a3..71222f7 100755
---- a/auth/gensec/wscript_build
-+++ b/auth/gensec/wscript_build
-@@ -16,3 +16,10 @@ bld.SAMBA_MODULE('gensec_spnego',
- init_function='gensec_spnego_init',
- deps='asn1util samba-credentials SPNEGO_PARSE'
- )
-+
-+bld.SAMBA_MODULE('gensec_external',
-+ source='external.c',
-+ autoproto='external_proto.h',
-+ subsystem='gensec',
-+ init_function='gensec_external_init'
-+ )
---
-1.9.3
-
-
-From 75d9566940069ebeb367191ec6a6641bf7d45a83 Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?G=C3=BCnther=20Deschner?= <gd@samba.org>
-Date: Wed, 18 Sep 2013 17:24:10 +0200
-Subject: [PATCH 093/249] gensec: move schannel module to toplevel.
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-Guenther
-
-Signed-off-by: Günther Deschner <gd@samba.org>
-Pair-Programmed-With: Andreas Schneider <asn@samba.org>
-Reviewed-by: Stefan Metzmacher <metze@samba.org>
-(cherry picked from commit 4d2ec9e37ee9dcf7b521806a1c0aabdffe524d47)
----
- auth/gensec/schannel.c | 330 ++++++++++++++++++++++++++++++++++++++
- auth/gensec/wscript_build | 8 +
- source4/auth/gensec/schannel.c | 330 --------------------------------------
- source4/auth/gensec/wscript_build | 10 --
- 4 files changed, 338 insertions(+), 340 deletions(-)
- create mode 100644 auth/gensec/schannel.c
- delete mode 100644 source4/auth/gensec/schannel.c
-
-diff --git a/auth/gensec/schannel.c b/auth/gensec/schannel.c
-new file mode 100644
-index 0000000..eb2e100
---- /dev/null
-+++ b/auth/gensec/schannel.c
-@@ -0,0 +1,330 @@
-+/*
-+ Unix SMB/CIFS implementation.
-+
-+ dcerpc schannel operations
-+
-+ Copyright (C) Andrew Tridgell 2004
-+ Copyright (C) Andrew Bartlett <abartlet@samba.org> 2004-2005
-+
-+ This program is free software; you can redistribute it and/or modify
-+ it under the terms of the GNU General Public License as published by
-+ the Free Software Foundation; either version 3 of the License, or
-+ (at your option) any later version.
-+
-+ This program is distributed in the hope that it will be useful,
-+ but WITHOUT ANY WARRANTY; without even the implied warranty of
-+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-+ GNU General Public License for more details.
-+
-+ You should have received a copy of the GNU General Public License
-+ along with this program. If not, see <http://www.gnu.org/licenses/>.
-+*/
-+
-+#include "includes.h"
-+#include "librpc/gen_ndr/ndr_schannel.h"
-+#include "auth/auth.h"
-+#include "auth/credentials/credentials.h"
-+#include "auth/gensec/gensec.h"
-+#include "auth/gensec/gensec_internal.h"
-+#include "auth/gensec/gensec_proto.h"
-+#include "../libcli/auth/schannel.h"
-+#include "librpc/gen_ndr/dcerpc.h"
-+#include "param/param.h"
-+#include "auth/gensec/gensec_toplevel_proto.h"
-+
-+_PUBLIC_ NTSTATUS gensec_schannel_init(void);
-+
-+static size_t schannel_sig_size(struct gensec_security *gensec_security, size_t data_size)
-+{
-+ struct schannel_state *state =
-+ talloc_get_type_abort(gensec_security->private_data,
-+ struct schannel_state);
-+
-+ return netsec_outgoing_sig_size(state);
-+}
-+
-+static NTSTATUS schannel_update(struct gensec_security *gensec_security, TALLOC_CTX *out_mem_ctx,
-+ struct tevent_context *ev,
-+ const DATA_BLOB in, DATA_BLOB *out)
-+{
-+ struct schannel_state *state =
-+ talloc_get_type(gensec_security->private_data,
-+ struct schannel_state);
-+ NTSTATUS status;
-+ enum ndr_err_code ndr_err;
-+ struct NL_AUTH_MESSAGE bind_schannel;
-+ struct NL_AUTH_MESSAGE bind_schannel_ack;
-+ struct netlogon_creds_CredentialState *creds;
-+ const char *workstation;
-+ const char *domain;
-+
-+ *out = data_blob(NULL, 0);
-+
-+ switch (gensec_security->gensec_role) {
-+ case GENSEC_CLIENT:
-+ if (state != NULL) {
-+ /* we could parse the bind ack, but we don't know what it is yet */
-+ return NT_STATUS_OK;
-+ }
-+
-+ creds = cli_credentials_get_netlogon_creds(gensec_security->credentials);
-+ if (creds == NULL) {
-+ return NT_STATUS_INVALID_PARAMETER_MIX;
-+ }
-+
-+ state = netsec_create_state(gensec_security,
-+ creds, true /* initiator */);
-+ if (state == NULL) {
-+ return NT_STATUS_NO_MEMORY;
-+ }
-+ gensec_security->private_data = state;
-+
-+ bind_schannel.MessageType = NL_NEGOTIATE_REQUEST;
-+#if 0
-+ /* to support this we'd need to have access to the full domain name */
-+ /* 0x17, 23 */
-+ bind_schannel.Flags = NL_FLAG_OEM_NETBIOS_DOMAIN_NAME |
-+ NL_FLAG_OEM_NETBIOS_COMPUTER_NAME |
-+ NL_FLAG_UTF8_DNS_DOMAIN_NAME |
-+ NL_FLAG_UTF8_NETBIOS_COMPUTER_NAME;
-+ bind_schannel.oem_netbios_domain.a = cli_credentials_get_domain(gensec_security->credentials);
-+ bind_schannel.oem_netbios_computer.a = creds->computer_name;
-+ bind_schannel.utf8_dns_domain = cli_credentials_get_realm(gensec_security->credentials);
-+ /* w2k3 refuses us if we use the full DNS workstation?
-+ why? perhaps because we don't fill in the dNSHostName
-+ attribute in the machine account? */
-+ bind_schannel.utf8_netbios_computer = creds->computer_name;
-+#else
-+ bind_schannel.Flags = NL_FLAG_OEM_NETBIOS_DOMAIN_NAME |
-+ NL_FLAG_OEM_NETBIOS_COMPUTER_NAME;
-+ bind_schannel.oem_netbios_domain.a = cli_credentials_get_domain(gensec_security->credentials);
-+ bind_schannel.oem_netbios_computer.a = creds->computer_name;
-+#endif
-+
-+ ndr_err = ndr_push_struct_blob(out, out_mem_ctx, &bind_schannel,
-+ (ndr_push_flags_fn_t)ndr_push_NL_AUTH_MESSAGE);
-+ if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
-+ status = ndr_map_error2ntstatus(ndr_err);
-+ DEBUG(3, ("Could not create schannel bind: %s\n",
-+ nt_errstr(status)));
-+ return status;
-+ }
-+
-+ return NT_STATUS_MORE_PROCESSING_REQUIRED;
-+ case GENSEC_SERVER:
-+
-+ if (state != NULL) {
-+ /* no third leg on this protocol */
-+ return NT_STATUS_INVALID_PARAMETER;
-+ }
-+
-+ /* parse the schannel startup blob */
-+ ndr_err = ndr_pull_struct_blob(&in, out_mem_ctx, &bind_schannel,
-+ (ndr_pull_flags_fn_t)ndr_pull_NL_AUTH_MESSAGE);
-+ if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
-+ status = ndr_map_error2ntstatus(ndr_err);
-+ DEBUG(3, ("Could not parse incoming schannel bind: %s\n",
-+ nt_errstr(status)));
-+ return status;
-+ }
-+
-+ if (bind_schannel.Flags & NL_FLAG_OEM_NETBIOS_DOMAIN_NAME) {
-+ domain = bind_schannel.oem_netbios_domain.a;
-+ if (strcasecmp_m(domain, lpcfg_workgroup(gensec_security->settings->lp_ctx)) != 0) {
-+ DEBUG(3, ("Request for schannel to incorrect domain: %s != our domain %s\n",
-+ domain, lpcfg_workgroup(gensec_security->settings->lp_ctx)));
-+ return NT_STATUS_LOGON_FAILURE;
-+ }
-+ } else if (bind_schannel.Flags & NL_FLAG_UTF8_DNS_DOMAIN_NAME) {
-+ domain = bind_schannel.utf8_dns_domain.u;
-+ if (strcasecmp_m(domain, lpcfg_dnsdomain(gensec_security->settings->lp_ctx)) != 0) {
-+ DEBUG(3, ("Request for schannel to incorrect domain: %s != our domain %s\n",
-+ domain, lpcfg_dnsdomain(gensec_security->settings->lp_ctx)));
-+ return NT_STATUS_LOGON_FAILURE;
-+ }
-+ } else {
-+ DEBUG(3, ("Request for schannel to without domain\n"));
-+ return NT_STATUS_LOGON_FAILURE;
-+ }
-+
-+ if (bind_schannel.Flags & NL_FLAG_OEM_NETBIOS_COMPUTER_NAME) {
-+ workstation = bind_schannel.oem_netbios_computer.a;
-+ } else if (bind_schannel.Flags & NL_FLAG_UTF8_NETBIOS_COMPUTER_NAME) {
-+ workstation = bind_schannel.utf8_netbios_computer.u;
-+ } else {
-+ DEBUG(3, ("Request for schannel to without netbios workstation\n"));
-+ return NT_STATUS_LOGON_FAILURE;
-+ }
-+
-+ status = schannel_get_creds_state(out_mem_ctx,
-+ gensec_security->settings->lp_ctx,
-+ workstation, &creds);
-+ if (!NT_STATUS_IS_OK(status)) {
-+ DEBUG(3, ("Could not find session key for attempted schannel connection from %s: %s\n",
-+ workstation, nt_errstr(status)));
-+ if (NT_STATUS_EQUAL(status, NT_STATUS_INVALID_HANDLE)) {
-+ return NT_STATUS_LOGON_FAILURE;
-+ }
-+ return status;
-+ }
-+
-+ state = netsec_create_state(gensec_security,
-+ creds, false /* not initiator */);
-+ if (state == NULL) {
-+ return NT_STATUS_NO_MEMORY;
-+ }
-+ gensec_security->private_data = state;
-+
-+ bind_schannel_ack.MessageType = NL_NEGOTIATE_RESPONSE;
-+ bind_schannel_ack.Flags = 0;
-+ bind_schannel_ack.Buffer.dummy = 0x6c0000; /* actually I think
-+ * this does not have
-+ * any meaning here
-+ * - gd */
-+
-+ ndr_err = ndr_push_struct_blob(out, out_mem_ctx, &bind_schannel_ack,
-+ (ndr_push_flags_fn_t)ndr_push_NL_AUTH_MESSAGE);
-+ if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
-+ status = ndr_map_error2ntstatus(ndr_err);
-+ DEBUG(3, ("Could not return schannel bind ack for client %s: %s\n",
-+ workstation, nt_errstr(status)));
-+ return status;
-+ }
-+
-+ return NT_STATUS_OK;
-+ }
-+ return NT_STATUS_INVALID_PARAMETER;
-+}
-+
-+/**
-+ * Returns anonymous credentials for schannel, matching Win2k3.
-+ *
-+ */
-+
-+static NTSTATUS schannel_session_info(struct gensec_security *gensec_security,
-+ TALLOC_CTX *mem_ctx,
-+ struct auth_session_info **_session_info)
-+{
-+ return auth_anonymous_session_info(mem_ctx, gensec_security->settings->lp_ctx, _session_info);
-+}
-+
-+static NTSTATUS schannel_server_start(struct gensec_security *gensec_security)
-+{
-+ return NT_STATUS_OK;
-+}
-+
-+static NTSTATUS schannel_client_start(struct gensec_security *gensec_security)
-+{
-+ return NT_STATUS_OK;
-+}
-+
-+static bool schannel_have_feature(struct gensec_security *gensec_security,
-+ uint32_t feature)
-+{
-+ if (feature & (GENSEC_FEATURE_SIGN |
-+ GENSEC_FEATURE_SEAL)) {
-+ return true;
-+ }
-+ if (feature & GENSEC_FEATURE_DCE_STYLE) {
-+ return true;
-+ }
-+ return false;
-+}
-+
-+/*
-+ unseal a packet
-+*/
-+static NTSTATUS schannel_unseal_packet(struct gensec_security *gensec_security,
-+ uint8_t *data, size_t length,
-+ const uint8_t *whole_pdu, size_t pdu_length,
-+ const DATA_BLOB *sig)
-+{
-+ struct schannel_state *state =
-+ talloc_get_type_abort(gensec_security->private_data,
-+ struct schannel_state);
-+
-+ return netsec_incoming_packet(state, true,
-+ discard_const_p(uint8_t, data),
-+ length, sig);
-+}
-+
-+/*
-+ check the signature on a packet
-+*/
-+static NTSTATUS schannel_check_packet(struct gensec_security *gensec_security,
-+ const uint8_t *data, size_t length,
-+ const uint8_t *whole_pdu, size_t pdu_length,
-+ const DATA_BLOB *sig)
-+{
-+ struct schannel_state *state =
-+ talloc_get_type_abort(gensec_security->private_data,
-+ struct schannel_state);
-+
-+ return netsec_incoming_packet(state, false,
-+ discard_const_p(uint8_t, data),
-+ length, sig);
-+}
-+/*
-+ seal a packet
-+*/
-+static NTSTATUS schannel_seal_packet(struct gensec_security *gensec_security,
-+ TALLOC_CTX *mem_ctx,
-+ uint8_t *data, size_t length,
-+ const uint8_t *whole_pdu, size_t pdu_length,
-+ DATA_BLOB *sig)
-+{
-+ struct schannel_state *state =
-+ talloc_get_type_abort(gensec_security->private_data,
-+ struct schannel_state);
-+
-+ return netsec_outgoing_packet(state, mem_ctx, true,
-+ data, length, sig);
-+}
-+
-+/*
-+ sign a packet
-+*/
-+static NTSTATUS schannel_sign_packet(struct gensec_security *gensec_security,
-+ TALLOC_CTX *mem_ctx,
-+ const uint8_t *data, size_t length,
-+ const uint8_t *whole_pdu, size_t pdu_length,
-+ DATA_BLOB *sig)
-+{
-+ struct schannel_state *state =
-+ talloc_get_type_abort(gensec_security->private_data,
-+ struct schannel_state);
-+
-+ return netsec_outgoing_packet(state, mem_ctx, false,
-+ discard_const_p(uint8_t, data),
-+ length, sig);
-+}
-+
-+static const struct gensec_security_ops gensec_schannel_security_ops = {
-+ .name = "schannel",
-+ .auth_type = DCERPC_AUTH_TYPE_SCHANNEL,
-+ .client_start = schannel_client_start,
-+ .server_start = schannel_server_start,
-+ .update = schannel_update,
-+ .seal_packet = schannel_seal_packet,
-+ .sign_packet = schannel_sign_packet,
-+ .check_packet = schannel_check_packet,
-+ .unseal_packet = schannel_unseal_packet,
-+ .session_info = schannel_session_info,
-+ .sig_size = schannel_sig_size,
-+ .have_feature = schannel_have_feature,
-+ .enabled = true,
-+ .priority = GENSEC_SCHANNEL
-+};
-+
-+_PUBLIC_ NTSTATUS gensec_schannel_init(void)
-+{
-+ NTSTATUS ret;
-+ ret = gensec_register(&gensec_schannel_security_ops);
-+ if (!NT_STATUS_IS_OK(ret)) {
-+ DEBUG(0,("Failed to register '%s' gensec backend!\n",
-+ gensec_schannel_security_ops.name));
-+ return ret;
-+ }
-+
-+ return ret;
-+}
-diff --git a/auth/gensec/wscript_build b/auth/gensec/wscript_build
-index 71222f7..7329eec 100755
---- a/auth/gensec/wscript_build
-+++ b/auth/gensec/wscript_build
-@@ -17,6 +17,14 @@ bld.SAMBA_MODULE('gensec_spnego',
- deps='asn1util samba-credentials SPNEGO_PARSE'
- )
-
-+bld.SAMBA_MODULE('gensec_schannel',
-+ source='schannel.c',
-+ autoproto='schannel_proto.h',
-+ subsystem='gensec',
-+ init_function='gensec_schannel_init',
-+ deps='COMMON_SCHANNEL NDR_SCHANNEL samba-credentials auth_session'
-+ )
-+
- bld.SAMBA_MODULE('gensec_external',
- source='external.c',
- autoproto='external_proto.h',
-diff --git a/source4/auth/gensec/schannel.c b/source4/auth/gensec/schannel.c
-deleted file mode 100644
-index eb2e100..0000000
---- a/source4/auth/gensec/schannel.c
-+++ /dev/null
-@@ -1,330 +0,0 @@
--/*
-- Unix SMB/CIFS implementation.
--
-- dcerpc schannel operations
--
-- Copyright (C) Andrew Tridgell 2004
-- Copyright (C) Andrew Bartlett <abartlet@samba.org> 2004-2005
--
-- This program is free software; you can redistribute it and/or modify
-- it under the terms of the GNU General Public License as published by
-- the Free Software Foundation; either version 3 of the License, or
-- (at your option) any later version.
--
-- This program is distributed in the hope that it will be useful,
-- but WITHOUT ANY WARRANTY; without even the implied warranty of
-- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-- GNU General Public License for more details.
--
-- You should have received a copy of the GNU General Public License
-- along with this program. If not, see <http://www.gnu.org/licenses/>.
--*/
--
--#include "includes.h"
--#include "librpc/gen_ndr/ndr_schannel.h"
--#include "auth/auth.h"
--#include "auth/credentials/credentials.h"
--#include "auth/gensec/gensec.h"
--#include "auth/gensec/gensec_internal.h"
--#include "auth/gensec/gensec_proto.h"
--#include "../libcli/auth/schannel.h"
--#include "librpc/gen_ndr/dcerpc.h"
--#include "param/param.h"
--#include "auth/gensec/gensec_toplevel_proto.h"
--
--_PUBLIC_ NTSTATUS gensec_schannel_init(void);
--
--static size_t schannel_sig_size(struct gensec_security *gensec_security, size_t data_size)
--{
-- struct schannel_state *state =
-- talloc_get_type_abort(gensec_security->private_data,
-- struct schannel_state);
--
-- return netsec_outgoing_sig_size(state);
--}
--
--static NTSTATUS schannel_update(struct gensec_security *gensec_security, TALLOC_CTX *out_mem_ctx,
-- struct tevent_context *ev,
-- const DATA_BLOB in, DATA_BLOB *out)
--{
-- struct schannel_state *state =
-- talloc_get_type(gensec_security->private_data,
-- struct schannel_state);
-- NTSTATUS status;
-- enum ndr_err_code ndr_err;
-- struct NL_AUTH_MESSAGE bind_schannel;
-- struct NL_AUTH_MESSAGE bind_schannel_ack;
-- struct netlogon_creds_CredentialState *creds;
-- const char *workstation;
-- const char *domain;
--
-- *out = data_blob(NULL, 0);
--
-- switch (gensec_security->gensec_role) {
-- case GENSEC_CLIENT:
-- if (state != NULL) {
-- /* we could parse the bind ack, but we don't know what it is yet */
-- return NT_STATUS_OK;
-- }
--
-- creds = cli_credentials_get_netlogon_creds(gensec_security->credentials);
-- if (creds == NULL) {
-- return NT_STATUS_INVALID_PARAMETER_MIX;
-- }
--
-- state = netsec_create_state(gensec_security,
-- creds, true /* initiator */);
-- if (state == NULL) {
-- return NT_STATUS_NO_MEMORY;
-- }
-- gensec_security->private_data = state;
--
-- bind_schannel.MessageType = NL_NEGOTIATE_REQUEST;
--#if 0
-- /* to support this we'd need to have access to the full domain name */
-- /* 0x17, 23 */
-- bind_schannel.Flags = NL_FLAG_OEM_NETBIOS_DOMAIN_NAME |
-- NL_FLAG_OEM_NETBIOS_COMPUTER_NAME |
-- NL_FLAG_UTF8_DNS_DOMAIN_NAME |
-- NL_FLAG_UTF8_NETBIOS_COMPUTER_NAME;
-- bind_schannel.oem_netbios_domain.a = cli_credentials_get_domain(gensec_security->credentials);
-- bind_schannel.oem_netbios_computer.a = creds->computer_name;
-- bind_schannel.utf8_dns_domain = cli_credentials_get_realm(gensec_security->credentials);
-- /* w2k3 refuses us if we use the full DNS workstation?
-- why? perhaps because we don't fill in the dNSHostName
-- attribute in the machine account? */
-- bind_schannel.utf8_netbios_computer = creds->computer_name;
--#else
-- bind_schannel.Flags = NL_FLAG_OEM_NETBIOS_DOMAIN_NAME |
-- NL_FLAG_OEM_NETBIOS_COMPUTER_NAME;
-- bind_schannel.oem_netbios_domain.a = cli_credentials_get_domain(gensec_security->credentials);
-- bind_schannel.oem_netbios_computer.a = creds->computer_name;
--#endif
--
-- ndr_err = ndr_push_struct_blob(out, out_mem_ctx, &bind_schannel,
-- (ndr_push_flags_fn_t)ndr_push_NL_AUTH_MESSAGE);
-- if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
-- status = ndr_map_error2ntstatus(ndr_err);
-- DEBUG(3, ("Could not create schannel bind: %s\n",
-- nt_errstr(status)));
-- return status;
-- }
--
-- return NT_STATUS_MORE_PROCESSING_REQUIRED;
-- case GENSEC_SERVER:
--
-- if (state != NULL) {
-- /* no third leg on this protocol */
-- return NT_STATUS_INVALID_PARAMETER;
-- }
--
-- /* parse the schannel startup blob */
-- ndr_err = ndr_pull_struct_blob(&in, out_mem_ctx, &bind_schannel,
-- (ndr_pull_flags_fn_t)ndr_pull_NL_AUTH_MESSAGE);
-- if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
-- status = ndr_map_error2ntstatus(ndr_err);
-- DEBUG(3, ("Could not parse incoming schannel bind: %s\n",
-- nt_errstr(status)));
-- return status;
-- }
--
-- if (bind_schannel.Flags & NL_FLAG_OEM_NETBIOS_DOMAIN_NAME) {
-- domain = bind_schannel.oem_netbios_domain.a;
-- if (strcasecmp_m(domain, lpcfg_workgroup(gensec_security->settings->lp_ctx)) != 0) {
-- DEBUG(3, ("Request for schannel to incorrect domain: %s != our domain %s\n",
-- domain, lpcfg_workgroup(gensec_security->settings->lp_ctx)));
-- return NT_STATUS_LOGON_FAILURE;
-- }
-- } else if (bind_schannel.Flags & NL_FLAG_UTF8_DNS_DOMAIN_NAME) {
-- domain = bind_schannel.utf8_dns_domain.u;
-- if (strcasecmp_m(domain, lpcfg_dnsdomain(gensec_security->settings->lp_ctx)) != 0) {
-- DEBUG(3, ("Request for schannel to incorrect domain: %s != our domain %s\n",
-- domain, lpcfg_dnsdomain(gensec_security->settings->lp_ctx)));
-- return NT_STATUS_LOGON_FAILURE;
-- }
-- } else {
-- DEBUG(3, ("Request for schannel to without domain\n"));
-- return NT_STATUS_LOGON_FAILURE;
-- }
--
-- if (bind_schannel.Flags & NL_FLAG_OEM_NETBIOS_COMPUTER_NAME) {
-- workstation = bind_schannel.oem_netbios_computer.a;
-- } else if (bind_schannel.Flags & NL_FLAG_UTF8_NETBIOS_COMPUTER_NAME) {
-- workstation = bind_schannel.utf8_netbios_computer.u;
-- } else {
-- DEBUG(3, ("Request for schannel to without netbios workstation\n"));
-- return NT_STATUS_LOGON_FAILURE;
-- }
--
-- status = schannel_get_creds_state(out_mem_ctx,
-- gensec_security->settings->lp_ctx,
-- workstation, &creds);
-- if (!NT_STATUS_IS_OK(status)) {
-- DEBUG(3, ("Could not find session key for attempted schannel connection from %s: %s\n",
-- workstation, nt_errstr(status)));
-- if (NT_STATUS_EQUAL(status, NT_STATUS_INVALID_HANDLE)) {
-- return NT_STATUS_LOGON_FAILURE;
-- }
-- return status;
-- }
--
-- state = netsec_create_state(gensec_security,
-- creds, false /* not initiator */);
-- if (state == NULL) {
-- return NT_STATUS_NO_MEMORY;
-- }
-- gensec_security->private_data = state;
--
-- bind_schannel_ack.MessageType = NL_NEGOTIATE_RESPONSE;
-- bind_schannel_ack.Flags = 0;
-- bind_schannel_ack.Buffer.dummy = 0x6c0000; /* actually I think
-- * this does not have
-- * any meaning here
-- * - gd */
--
-- ndr_err = ndr_push_struct_blob(out, out_mem_ctx, &bind_schannel_ack,
-- (ndr_push_flags_fn_t)ndr_push_NL_AUTH_MESSAGE);
-- if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
-- status = ndr_map_error2ntstatus(ndr_err);
-- DEBUG(3, ("Could not return schannel bind ack for client %s: %s\n",
-- workstation, nt_errstr(status)));
-- return status;
-- }
--
-- return NT_STATUS_OK;
-- }
-- return NT_STATUS_INVALID_PARAMETER;
--}
--
--/**
-- * Returns anonymous credentials for schannel, matching Win2k3.
-- *
-- */
--
--static NTSTATUS schannel_session_info(struct gensec_security *gensec_security,
-- TALLOC_CTX *mem_ctx,
-- struct auth_session_info **_session_info)
--{
-- return auth_anonymous_session_info(mem_ctx, gensec_security->settings->lp_ctx, _session_info);
--}
--
--static NTSTATUS schannel_server_start(struct gensec_security *gensec_security)
--{
-- return NT_STATUS_OK;
--}
--
--static NTSTATUS schannel_client_start(struct gensec_security *gensec_security)
--{
-- return NT_STATUS_OK;
--}
--
--static bool schannel_have_feature(struct gensec_security *gensec_security,
-- uint32_t feature)
--{
-- if (feature & (GENSEC_FEATURE_SIGN |
-- GENSEC_FEATURE_SEAL)) {
-- return true;
-- }
-- if (feature & GENSEC_FEATURE_DCE_STYLE) {
-- return true;
-- }
-- return false;
--}
--
--/*
-- unseal a packet
--*/
--static NTSTATUS schannel_unseal_packet(struct gensec_security *gensec_security,
-- uint8_t *data, size_t length,
-- const uint8_t *whole_pdu, size_t pdu_length,
-- const DATA_BLOB *sig)
--{
-- struct schannel_state *state =
-- talloc_get_type_abort(gensec_security->private_data,
-- struct schannel_state);
--
-- return netsec_incoming_packet(state, true,
-- discard_const_p(uint8_t, data),
-- length, sig);
--}
--
--/*
-- check the signature on a packet
--*/
--static NTSTATUS schannel_check_packet(struct gensec_security *gensec_security,
-- const uint8_t *data, size_t length,
-- const uint8_t *whole_pdu, size_t pdu_length,
-- const DATA_BLOB *sig)
--{
-- struct schannel_state *state =
-- talloc_get_type_abort(gensec_security->private_data,
-- struct schannel_state);
--
-- return netsec_incoming_packet(state, false,
-- discard_const_p(uint8_t, data),
-- length, sig);
--}
--/*
-- seal a packet
--*/
--static NTSTATUS schannel_seal_packet(struct gensec_security *gensec_security,
-- TALLOC_CTX *mem_ctx,
-- uint8_t *data, size_t length,
-- const uint8_t *whole_pdu, size_t pdu_length,
-- DATA_BLOB *sig)
--{
-- struct schannel_state *state =
-- talloc_get_type_abort(gensec_security->private_data,
-- struct schannel_state);
--
-- return netsec_outgoing_packet(state, mem_ctx, true,
-- data, length, sig);
--}
--
--/*
-- sign a packet
--*/
--static NTSTATUS schannel_sign_packet(struct gensec_security *gensec_security,
-- TALLOC_CTX *mem_ctx,
-- const uint8_t *data, size_t length,
-- const uint8_t *whole_pdu, size_t pdu_length,
-- DATA_BLOB *sig)
--{
-- struct schannel_state *state =
-- talloc_get_type_abort(gensec_security->private_data,
-- struct schannel_state);
--
-- return netsec_outgoing_packet(state, mem_ctx, false,
-- discard_const_p(uint8_t, data),
-- length, sig);
--}
--
--static const struct gensec_security_ops gensec_schannel_security_ops = {
-- .name = "schannel",
-- .auth_type = DCERPC_AUTH_TYPE_SCHANNEL,
-- .client_start = schannel_client_start,
-- .server_start = schannel_server_start,
-- .update = schannel_update,
-- .seal_packet = schannel_seal_packet,
-- .sign_packet = schannel_sign_packet,
-- .check_packet = schannel_check_packet,
-- .unseal_packet = schannel_unseal_packet,
-- .session_info = schannel_session_info,
-- .sig_size = schannel_sig_size,
-- .have_feature = schannel_have_feature,
-- .enabled = true,
-- .priority = GENSEC_SCHANNEL
--};
--
--_PUBLIC_ NTSTATUS gensec_schannel_init(void)
--{
-- NTSTATUS ret;
-- ret = gensec_register(&gensec_schannel_security_ops);
-- if (!NT_STATUS_IS_OK(ret)) {
-- DEBUG(0,("Failed to register '%s' gensec backend!\n",
-- gensec_schannel_security_ops.name));
-- return ret;
-- }
--
-- return ret;
--}
-diff --git a/source4/auth/gensec/wscript_build b/source4/auth/gensec/wscript_build
-index 04fccc5..a3eff97 100755
---- a/source4/auth/gensec/wscript_build
-+++ b/source4/auth/gensec/wscript_build
-@@ -32,16 +32,6 @@ bld.SAMBA_MODULE('cyrus_sasl',
- )
-
-
--bld.SAMBA_MODULE('gensec_schannel',
-- source='schannel.c',
-- subsystem='gensec',
-- deps='COMMON_SCHANNEL NDR_SCHANNEL samba-credentials ndr auth_session',
-- internal_module=True,
-- autoproto='schannel_proto.h',
-- init_function='gensec_schannel_init'
-- )
--
--
- bld.SAMBA_PYTHON('pygensec',
- source='pygensec.c',
- deps='gensec pytalloc-util pyparam_util',
---
-1.9.3
-
-
-From c4829848f45db27d6c145b35a20bea2f33bcb4d7 Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?G=C3=BCnther=20Deschner?= <gd@samba.org>
-Date: Wed, 18 Sep 2013 17:24:49 +0200
-Subject: [PATCH 094/249] gensec: remove duplicate
- gensec_security_by_authtype() call.
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-We should use the equivalent gensec_security_by_auth_type() call which is
-exposed in the public header.
-
-Guenther
-
-Signed-off-by: Günther Deschner <gd@samba.org>
-Pair-Programmed-With: Andreas Schneider <asn@samba.org>
-Reviewed-by: Stefan Metzmacher <metze@samba.org>
-(cherry picked from commit d433ad077f354de4fc1d5a155d991f417ae9967c)
----
- auth/gensec/gensec_start.c | 29 ++---------------------------
- 1 file changed, 2 insertions(+), 27 deletions(-)
-
-diff --git a/auth/gensec/gensec_start.c b/auth/gensec/gensec_start.c
-index 3ae64d5..906ef67 100644
---- a/auth/gensec/gensec_start.c
-+++ b/auth/gensec/gensec_start.c
-@@ -157,31 +157,6 @@ _PUBLIC_ const struct gensec_security_ops **gensec_security_mechs(
-
- }
-
--static const struct gensec_security_ops *gensec_security_by_authtype(struct gensec_security *gensec_security,
-- uint8_t auth_type)
--{
-- int i;
-- const struct gensec_security_ops **backends;
-- const struct gensec_security_ops *backend;
-- TALLOC_CTX *mem_ctx = talloc_new(gensec_security);
-- if (!mem_ctx) {
-- return NULL;
-- }
-- backends = gensec_security_mechs(gensec_security, mem_ctx);
-- for (i=0; backends && backends[i]; i++) {
-- if (!gensec_security_ops_enabled(backends[i], gensec_security))
-- continue;
-- if (backends[i]->auth_type == auth_type) {
-- backend = backends[i];
-- talloc_free(mem_ctx);
-- return backend;
-- }
-- }
-- talloc_free(mem_ctx);
--
-- return NULL;
--}
--
- _PUBLIC_ const struct gensec_security_ops *gensec_security_by_oid(
- struct gensec_security *gensec_security,
- const char *oid_string)
-@@ -719,7 +694,7 @@ NTSTATUS gensec_start_mech_by_ops(struct gensec_security *gensec_security,
- _PUBLIC_ NTSTATUS gensec_start_mech_by_authtype(struct gensec_security *gensec_security,
- uint8_t auth_type, uint8_t auth_level)
- {
-- gensec_security->ops = gensec_security_by_authtype(gensec_security, auth_type);
-+ gensec_security->ops = gensec_security_by_auth_type(gensec_security, auth_type);
- if (!gensec_security->ops) {
- DEBUG(3, ("Could not find GENSEC backend for auth_type=%d\n", (int)auth_type));
- return NT_STATUS_INVALID_PARAMETER;
-@@ -746,7 +721,7 @@ _PUBLIC_ NTSTATUS gensec_start_mech_by_authtype(struct gensec_security *gensec_s
- _PUBLIC_ const char *gensec_get_name_by_authtype(struct gensec_security *gensec_security, uint8_t authtype)
- {
- const struct gensec_security_ops *ops;
-- ops = gensec_security_by_authtype(gensec_security, authtype);
-+ ops = gensec_security_by_auth_type(gensec_security, authtype);
- if (ops) {
- return ops->name;
- }
---
-1.9.3
-
-
-From 8c54d2ee4861a35def7cce29b900a68112356f6b Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?G=C3=BCnther=20Deschner?= <gd@samba.org>
-Date: Wed, 18 Sep 2013 17:25:55 +0200
-Subject: [PATCH 095/249] gensec: check for NULL gensec_security in
- gensec_security_by_auth_type().
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-We have equivalent checks in other gensec_security_by_X calls already.
-
-Guenther
-
-Signed-off-by: Günther Deschner <gd@samba.org>
-Pair-Programmed-With: Andreas Schneider <asn@samba.org>
-Reviewed-by: Stefan Metzmacher <metze@samba.org>
-(cherry picked from commit 4f979525e4137c536118a9c2b2b4ef798c270e27)
----
- auth/gensec/gensec_start.c | 6 ++++--
- 1 file changed, 4 insertions(+), 2 deletions(-)
-
-diff --git a/auth/gensec/gensec_start.c b/auth/gensec/gensec_start.c
-index 906ef67..476134a 100644
---- a/auth/gensec/gensec_start.c
-+++ b/auth/gensec/gensec_start.c
-@@ -230,8 +230,10 @@ _PUBLIC_ const struct gensec_security_ops *gensec_security_by_auth_type(
- }
- backends = gensec_security_mechs(gensec_security, mem_ctx);
- for (i=0; backends && backends[i]; i++) {
-- if (!gensec_security_ops_enabled(backends[i], gensec_security))
-- continue;
-+ if (gensec_security != NULL &&
-+ !gensec_security_ops_enabled(backends[i], gensec_security)) {
-+ continue;
-+ }
- if (backends[i]->auth_type == auth_type) {
- backend = backends[i];
- talloc_free(mem_ctx);
---
-1.9.3
-
-
-From 5b941811c7ebd51bf2c8d421517fd92b3065ba47 Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?G=C3=BCnther=20Deschner?= <gd@samba.org>
-Date: Wed, 18 Sep 2013 17:27:28 +0200
-Subject: [PATCH 096/249] s3-auth: also load schannel module from
- auth_generic_client_prepare().
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-Guenther
-
-Signed-off-by: Günther Deschner <gd@samba.org>
-Pair-Programmed-With: Andreas Schneider <asn@samba.org>
-Reviewed-by: Stefan Metzmacher <metze@samba.org>
-(cherry picked from commit 8fce75aa58ec70547ad218bde154e141f2d17303)
----
- source3/libsmb/auth_generic.c | 3 ++-
- 1 file changed, 2 insertions(+), 1 deletion(-)
-
-diff --git a/source3/libsmb/auth_generic.c b/source3/libsmb/auth_generic.c
-index e30c1b7..3130dec 100644
---- a/source3/libsmb/auth_generic.c
-+++ b/source3/libsmb/auth_generic.c
-@@ -78,7 +78,7 @@ NTSTATUS auth_generic_client_prepare(TALLOC_CTX *mem_ctx, struct auth_generic_st
- }
-
- backends = talloc_zero_array(gensec_settings,
-- const struct gensec_security_ops *, 4);
-+ const struct gensec_security_ops *, 5);
- if (backends == NULL) {
- TALLOC_FREE(ans);
- return NT_STATUS_NO_MEMORY;
-@@ -95,6 +95,7 @@ NTSTATUS auth_generic_client_prepare(TALLOC_CTX *mem_ctx, struct auth_generic_st
- backends[idx++] = &gensec_ntlmssp3_client_ops;
-
- backends[idx++] = gensec_security_by_oid(NULL, GENSEC_OID_SPNEGO);
-+ backends[idx++] = gensec_security_by_auth_type(NULL, DCERPC_AUTH_TYPE_SCHANNEL);
-
- nt_status = gensec_client_start(ans, &ans->gensec_security, gensec_settings);
-
---
-1.9.3
-
-
-From 28b5f156bcc03b88f8c0f3e52cd051a0b069334e Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?G=C3=BCnther=20Deschner?= <gd@samba.org>
-Date: Wed, 18 Sep 2013 17:44:10 +0200
-Subject: [PATCH 097/249] s3-rpc_cli: allow to pass down a netlogon
- CredentialState struct to gensec.
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-Guenther
-
-Signed-off-by: Günther Deschner <gd@samba.org>
-Pair-Programmed-With: Andreas Schneider <asn@samba.org>
-Reviewed-by: Stefan Metzmacher <metze@samba.org>
-(cherry picked from commit 7b570b4128f9af212048ce56abd841a1f6fdc259)
----
- source3/rpc_client/cli_pipe.c | 5 ++++-
- 1 file changed, 4 insertions(+), 1 deletion(-)
-
-diff --git a/source3/rpc_client/cli_pipe.c b/source3/rpc_client/cli_pipe.c
-index 470469f..2acbad6 100644
---- a/source3/rpc_client/cli_pipe.c
-+++ b/source3/rpc_client/cli_pipe.c
-@@ -2178,6 +2178,7 @@ static NTSTATUS rpccli_generic_bind_data(TALLOC_CTX *mem_ctx,
- const char *username,
- const char *password,
- enum credentials_use_kerberos use_kerberos,
-+ struct netlogon_creds_CredentialState *creds,
- struct pipe_auth_data **presult)
- {
- struct auth_generic_state *auth_generic_ctx;
-@@ -2231,6 +2232,7 @@ static NTSTATUS rpccli_generic_bind_data(TALLOC_CTX *mem_ctx,
- }
-
- cli_credentials_set_kerberos_state(auth_generic_ctx->credentials, use_kerberos);
-+ cli_credentials_set_netlogon_creds(auth_generic_ctx->credentials, creds);
-
- status = auth_generic_client_start_by_authtype(auth_generic_ctx, auth_type, auth_level);
- if (!NT_STATUS_IS_OK(status)) {
-@@ -2830,6 +2832,7 @@ NTSTATUS cli_rpc_pipe_open_generic_auth(struct cli_state *cli,
- server, target_service,
- domain, username, password,
- CRED_AUTO_USE_KERBEROS,
-+ NULL,
- &auth);
- if (!NT_STATUS_IS_OK(status)) {
- DEBUG(0, ("rpccli_generic_bind_data returned %s\n",
-@@ -3057,7 +3060,7 @@ NTSTATUS cli_rpc_pipe_open_spnego(struct cli_state *cli,
- DCERPC_AUTH_TYPE_SPNEGO, auth_level,
- server, target_service,
- domain, username, password,
-- use_kerberos,
-+ use_kerberos, NULL,
- &auth);
- if (!NT_STATUS_IS_OK(status)) {
- DEBUG(0, ("rpccli_generic_bind_data returned %s\n",
---
-1.9.3
-
-
-From 4775b3fd2905e54b2c824d901fd8a99fb8caae04 Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?G=C3=BCnther=20Deschner?= <gd@samba.org>
-Date: Wed, 18 Sep 2013 18:23:40 +0200
-Subject: [PATCH 098/249] s3-auth: register schannel gensec module in
- auth_generic_prepare() as well.
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-Guenther
-
-Signed-off-by: Günther Deschner <gd@samba.org>
-Pair-Programmed-With: Andreas Schneider <asn@samba.org>
-Reviewed-by: Stefan Metzmacher <metze@samba.org>
-(cherry picked from commit 090671aca5234f47f390054de771198e3c177060)
----
- source3/auth/auth_generic.c | 5 ++++-
- 1 file changed, 4 insertions(+), 1 deletion(-)
-
-diff --git a/source3/auth/auth_generic.c b/source3/auth/auth_generic.c
-index e15c87e..e07d3b7 100644
---- a/source3/auth/auth_generic.c
-+++ b/source3/auth/auth_generic.c
-@@ -32,6 +32,7 @@
- #include "librpc/crypto/gse.h"
- #include "auth/credentials/credentials.h"
- #include "lib/param/loadparm.h"
-+#include "librpc/gen_ndr/dcerpc.h"
-
- static NTSTATUS auth3_generate_session_info_pac(struct auth4_context *auth_ctx,
- TALLOC_CTX *mem_ctx,
-@@ -261,7 +262,7 @@ NTSTATUS auth_generic_prepare(TALLOC_CTX *mem_ctx,
- }
-
- backends = talloc_zero_array(gensec_settings,
-- const struct gensec_security_ops *, 4);
-+ const struct gensec_security_ops *, 5);
- if (backends == NULL) {
- TALLOC_FREE(tmp_ctx);
- return NT_STATUS_NO_MEMORY;
-@@ -279,6 +280,8 @@ NTSTATUS auth_generic_prepare(TALLOC_CTX *mem_ctx,
-
- backends[idx++] = gensec_security_by_oid(NULL, GENSEC_OID_SPNEGO);
-
-+ backends[idx++] = gensec_security_by_auth_type(NULL, DCERPC_AUTH_TYPE_SCHANNEL);
-+
- /*
- * This is anonymous for now, because we just use it
- * to set the kerberos state at the moment
---
-1.9.3
-
-
-From 080c2ac3cbd28318bc6c682dff0aea17fad07a2c Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?G=C3=BCnther=20Deschner?= <gd@samba.org>
-Date: Wed, 18 Sep 2013 18:33:14 +0200
-Subject: [PATCH 099/249] s3-rpc_cli: use gensec for schannel bind.
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-Guenther
-
-Signed-off-by: Günther Deschner <gd@samba.org>
-Pair-Programmed-With: Andreas Schneider <asn@samba.org>
-Reviewed-by: Stefan Metzmacher <metze@samba.org>
-(cherry picked from commit 89d0b89b5d58ceef13bc10036d396b10f8a102ae)
----
- source3/rpc_client/cli_pipe.c | 22 +++++++++++++---------
- 1 file changed, 13 insertions(+), 9 deletions(-)
-
-diff --git a/source3/rpc_client/cli_pipe.c b/source3/rpc_client/cli_pipe.c
-index 2acbad6..8a642e2 100644
---- a/source3/rpc_client/cli_pipe.c
-+++ b/source3/rpc_client/cli_pipe.c
-@@ -1120,12 +1120,6 @@ static NTSTATUS create_rpc_bind_req(TALLOC_CTX *mem_ctx,
-
- switch (auth->auth_type) {
- case DCERPC_AUTH_TYPE_SCHANNEL:
-- ret = create_schannel_auth_rpc_bind_req(cli, &auth_token);
-- if (!NT_STATUS_IS_OK(ret)) {
-- return ret;
-- }
-- break;
--
- case DCERPC_AUTH_TYPE_NTLMSSP:
- case DCERPC_AUTH_TYPE_KRB5:
- case DCERPC_AUTH_TYPE_SPNEGO:
-@@ -2884,16 +2878,26 @@ NTSTATUS cli_rpc_pipe_open_schannel_with_key(struct cli_state *cli,
- struct netr_Authenticator auth;
- struct netr_Authenticator return_auth;
- union netr_Capabilities capabilities;
-+ const char *target_service = table->authservices->names[0];
-
- status = cli_rpc_pipe_open(cli, transport, table, &rpccli);
- if (!NT_STATUS_IS_OK(status)) {
- return status;
- }
-
-- status = rpccli_schannel_bind_data(rpccli, domain, auth_level,
-- *pdc, &rpcauth);
-+ status = rpccli_generic_bind_data(rpccli,
-+ DCERPC_AUTH_TYPE_SCHANNEL,
-+ auth_level,
-+ NULL,
-+ target_service,
-+ domain,
-+ (*pdc)->computer_name,
-+ NULL,
-+ CRED_AUTO_USE_KERBEROS,
-+ *pdc,
-+ &rpcauth);
- if (!NT_STATUS_IS_OK(status)) {
-- DEBUG(0, ("rpccli_schannel_bind_data returned %s\n",
-+ DEBUG(0, ("rpccli_generic_bind_data returned %s\n",
- nt_errstr(status)));
- TALLOC_FREE(rpccli);
- return status;
---
-1.9.3
-
-
-From 40ffd89f975e06821379fbd240187f5e268da5fe Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?G=C3=BCnther=20Deschner?= <gd@samba.org>
-Date: Wed, 18 Sep 2013 18:34:58 +0200
-Subject: [PATCH 100/249] s3-rpc_srv: use gensec for schannel bind.
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-Guenther
-
-Signed-off-by: Günther Deschner <gd@samba.org>
-Pair-Programmed-With: Andreas Schneider <asn@samba.org>
-Reviewed-by: Stefan Metzmacher <metze@samba.org>
-(cherry picked from commit a32a83ba9d6c7b5bbe9077973e5402ba65c068e7)
----
- source3/rpc_server/srv_pipe.c | 9 +++++++--
- 1 file changed, 7 insertions(+), 2 deletions(-)
-
-diff --git a/source3/rpc_server/srv_pipe.c b/source3/rpc_server/srv_pipe.c
-index 9043a14..fd7a90a 100644
---- a/source3/rpc_server/srv_pipe.c
-+++ b/source3/rpc_server/srv_pipe.c
-@@ -808,10 +808,15 @@ static bool api_pipe_bind_req(struct pipes_struct *p,
- break;
-
- case DCERPC_AUTH_TYPE_SCHANNEL:
-- if (!pipe_schannel_auth_bind(p, pkt,
-- &auth_info, &auth_resp)) {
-+ if (!pipe_auth_generic_bind(p, pkt,
-+ &auth_info, &auth_resp)) {
-+ goto err_exit;
-+ }
-+ if (!session_info_set_session_key(p->session_info, generic_session_key())) {
-+ DEBUG(0, ("session_info_set_session_key failed\n"));
- goto err_exit;
- }
-+ p->pipe_bound = true;
- break;
-
- case DCERPC_AUTH_TYPE_SPNEGO:
---
-1.9.3
-
-
-From 285de020b6e284ad5074492d62740ba8a370826a Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?G=C3=BCnther=20Deschner?= <gd@samba.org>
-Date: Wed, 18 Sep 2013 18:36:19 +0200
-Subject: [PATCH 101/249] s3-rpc: use gensec for schannel footer processing.
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-Guenther
-
-Signed-off-by: Günther Deschner <gd@samba.org>
-Pair-Programmed-With: Andreas Schneider <asn@samba.org>
-Reviewed-by: Stefan Metzmacher <metze@samba.org>
-(cherry picked from commit 5a628490e46f428432cd9b32c2b4b3a34a3736ae)
----
- source3/librpc/rpc/dcerpc_helpers.c | 35 +++--------------------------------
- 1 file changed, 3 insertions(+), 32 deletions(-)
-
-diff --git a/source3/librpc/rpc/dcerpc_helpers.c b/source3/librpc/rpc/dcerpc_helpers.c
-index 97999d7..b9e05cb 100644
---- a/source3/librpc/rpc/dcerpc_helpers.c
-+++ b/source3/librpc/rpc/dcerpc_helpers.c
-@@ -273,7 +273,6 @@ NTSTATUS dcerpc_guess_sizes(struct pipe_auth_data *auth,
- size_t max_len;
- size_t mod_len;
- struct gensec_security *gensec_security;
-- struct schannel_state *schannel_auth;
-
- /* no auth token cases first */
- switch (auth->auth_level) {
-@@ -307,16 +306,11 @@ NTSTATUS dcerpc_guess_sizes(struct pipe_auth_data *auth,
- case DCERPC_AUTH_TYPE_SPNEGO:
- case DCERPC_AUTH_TYPE_NTLMSSP:
- case DCERPC_AUTH_TYPE_KRB5:
-+ case DCERPC_AUTH_TYPE_SCHANNEL:
- gensec_security = talloc_get_type_abort(auth->auth_ctx,
- struct gensec_security);
- *auth_len = gensec_sig_size(gensec_security, max_len);
- break;
--
-- case DCERPC_AUTH_TYPE_SCHANNEL:
-- schannel_auth = talloc_get_type_abort(auth->auth_ctx,
-- struct schannel_state);
-- *auth_len = netsec_outgoing_sig_size(schannel_auth);
-- break;
- default:
- return NT_STATUS_INVALID_PARAMETER;
- }
-@@ -548,7 +542,6 @@ static NTSTATUS get_schannel_auth_footer(TALLOC_CTX *mem_ctx,
- NTSTATUS dcerpc_add_auth_footer(struct pipe_auth_data *auth,
- size_t pad_len, DATA_BLOB *rpc_out)
- {
-- struct schannel_state *schannel_auth;
- struct gensec_security *gensec_security;
- char pad[CLIENT_NDR_PADDING_SIZE] = { 0, };
- DATA_BLOB auth_info;
-@@ -600,19 +593,13 @@ NTSTATUS dcerpc_add_auth_footer(struct pipe_auth_data *auth,
- case DCERPC_AUTH_TYPE_SPNEGO:
- case DCERPC_AUTH_TYPE_KRB5:
- case DCERPC_AUTH_TYPE_NTLMSSP:
-+ case DCERPC_AUTH_TYPE_SCHANNEL:
- gensec_security = talloc_get_type_abort(auth->auth_ctx,
- struct gensec_security);
- status = add_generic_auth_footer(gensec_security,
- auth->auth_level,
- rpc_out);
- break;
-- case DCERPC_AUTH_TYPE_SCHANNEL:
-- schannel_auth = talloc_get_type_abort(auth->auth_ctx,
-- struct schannel_state);
-- status = add_schannel_auth_footer(schannel_auth,
-- auth->auth_level,
-- rpc_out);
-- break;
- default:
- status = NT_STATUS_INVALID_PARAMETER;
- break;
-@@ -640,7 +627,6 @@ NTSTATUS dcerpc_check_auth(struct pipe_auth_data *auth,
- DATA_BLOB *raw_pkt,
- size_t *pad_len)
- {
-- struct schannel_state *schannel_auth;
- struct gensec_security *gensec_security;
- NTSTATUS status;
- struct dcerpc_auth auth_info;
-@@ -710,6 +696,7 @@ NTSTATUS dcerpc_check_auth(struct pipe_auth_data *auth,
- case DCERPC_AUTH_TYPE_SPNEGO:
- case DCERPC_AUTH_TYPE_KRB5:
- case DCERPC_AUTH_TYPE_NTLMSSP:
-+ case DCERPC_AUTH_TYPE_SCHANNEL:
-
- DEBUG(10, ("GENSEC auth\n"));
-
-@@ -723,22 +710,6 @@ NTSTATUS dcerpc_check_auth(struct pipe_auth_data *auth,
- return status;
- }
- break;
--
-- case DCERPC_AUTH_TYPE_SCHANNEL:
--
-- DEBUG(10, ("SCHANNEL auth\n"));
--
-- schannel_auth = talloc_get_type_abort(auth->auth_ctx,
-- struct schannel_state);
-- status = get_schannel_auth_footer(pkt, schannel_auth,
-- auth->auth_level,
-- &data, &full_pkt,
-- &auth_info.credentials);
-- if (!NT_STATUS_IS_OK(status)) {
-- return status;
-- }
-- break;
--
- default:
- DEBUG(0, ("process_request_pdu: "
- "unknown auth type %u set.\n",
---
-1.9.3
-
-
-From cfa396d153cedb9b10356540a479ff299c480cae Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?G=C3=BCnther=20Deschner?= <gd@samba.org>
-Date: Thu, 19 Sep 2013 11:03:31 +0200
-Subject: [PATCH 102/249] s3-rpc_cli: remove unused schannel calls from
- dcerpc_helpers.c
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-Guenther
-
-Signed-off-by: Günther Deschner <gd@samba.org>
-Reviewed-by: Stefan Metzmacher <metze@samba.org>
-(cherry picked from commit 639f60b1513a8c877d307ed86b7748250821fb3f)
----
- source3/librpc/rpc/dcerpc.h | 3 -
- source3/librpc/rpc/dcerpc_helpers.c | 124 ------------------------------------
- 2 files changed, 127 deletions(-)
-
-diff --git a/source3/librpc/rpc/dcerpc.h b/source3/librpc/rpc/dcerpc.h
-index b3ae3b4..38d59cd 100644
---- a/source3/librpc/rpc/dcerpc.h
-+++ b/source3/librpc/rpc/dcerpc.h
-@@ -60,9 +60,6 @@ NTSTATUS dcerpc_pull_ncacn_packet(TALLOC_CTX *mem_ctx,
- const DATA_BLOB *blob,
- struct ncacn_packet *r,
- bool bigendian);
--NTSTATUS dcerpc_push_schannel_bind(TALLOC_CTX *mem_ctx,
-- struct NL_AUTH_MESSAGE *r,
-- DATA_BLOB *blob);
- NTSTATUS dcerpc_push_dcerpc_auth(TALLOC_CTX *mem_ctx,
- enum dcerpc_AuthType auth_type,
- enum dcerpc_AuthLevel auth_level,
-diff --git a/source3/librpc/rpc/dcerpc_helpers.c b/source3/librpc/rpc/dcerpc_helpers.c
-index b9e05cb..2400bfd 100644
---- a/source3/librpc/rpc/dcerpc_helpers.c
-+++ b/source3/librpc/rpc/dcerpc_helpers.c
-@@ -21,9 +21,6 @@
- #include "includes.h"
- #include "librpc/rpc/dcerpc.h"
- #include "librpc/gen_ndr/ndr_dcerpc.h"
--#include "librpc/gen_ndr/ndr_schannel.h"
--#include "../libcli/auth/schannel.h"
--#include "../libcli/auth/spnego.h"
- #include "librpc/crypto/gse.h"
- #include "auth/gensec/gensec.h"
-
-@@ -135,34 +132,6 @@ NTSTATUS dcerpc_pull_ncacn_packet(TALLOC_CTX *mem_ctx,
- }
-
- /**
--* @brief NDR Encodes a NL_AUTH_MESSAGE
--*
--* @param mem_ctx The memory context the blob will be allocated on
--* @param r The NL_AUTH_MESSAGE to encode
--* @param blob [out] The encoded blob if successful
--*
--* @return a NTSTATUS error code
--*/
--NTSTATUS dcerpc_push_schannel_bind(TALLOC_CTX *mem_ctx,
-- struct NL_AUTH_MESSAGE *r,
-- DATA_BLOB *blob)
--{
-- enum ndr_err_code ndr_err;
--
-- ndr_err = ndr_push_struct_blob(blob, mem_ctx, r,
-- (ndr_push_flags_fn_t)ndr_push_NL_AUTH_MESSAGE);
-- if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
-- return ndr_map_error2ntstatus(ndr_err);
-- }
--
-- if (DEBUGLEVEL >= 10) {
-- NDR_PRINT_DEBUG(NL_AUTH_MESSAGE, r);
-- }
--
-- return NT_STATUS_OK;
--}
--
--/**
- * @brief NDR Encodes a dcerpc_auth structure
- *
- * @param mem_ctx The memory context the blob will be allocated on
-@@ -437,99 +406,6 @@ static NTSTATUS get_generic_auth_footer(struct gensec_security *gensec_security,
- }
- }
-
--/*******************************************************************
-- Create and add the schannel sign/seal auth data.
-- ********************************************************************/
--
--static NTSTATUS add_schannel_auth_footer(struct schannel_state *sas,
-- enum dcerpc_AuthLevel auth_level,
-- DATA_BLOB *rpc_out)
--{
-- uint8_t *data_p = rpc_out->data + DCERPC_RESPONSE_LENGTH;
-- size_t data_and_pad_len = rpc_out->length
-- - DCERPC_RESPONSE_LENGTH
-- - DCERPC_AUTH_TRAILER_LENGTH;
-- DATA_BLOB auth_blob;
-- NTSTATUS status;
--
-- if (!sas) {
-- return NT_STATUS_INVALID_PARAMETER;
-- }
--
-- switch (auth_level) {
-- case DCERPC_AUTH_LEVEL_PRIVACY:
-- status = netsec_outgoing_packet(sas,
-- rpc_out->data,
-- true,
-- data_p,
-- data_and_pad_len,
-- &auth_blob);
-- break;
-- case DCERPC_AUTH_LEVEL_INTEGRITY:
-- status = netsec_outgoing_packet(sas,
-- rpc_out->data,
-- false,
-- data_p,
-- data_and_pad_len,
-- &auth_blob);
-- break;
-- default:
-- status = NT_STATUS_INTERNAL_ERROR;
-- break;
-- }
--
-- if (!NT_STATUS_IS_OK(status)) {
-- DEBUG(1,("add_schannel_auth_footer: failed to process packet: %s\n",
-- nt_errstr(status)));
-- return status;
-- }
--
-- if (DEBUGLEVEL >= 10) {
-- dump_NL_AUTH_SIGNATURE(talloc_tos(), &auth_blob);
-- }
--
-- /* Finally attach the blob. */
-- if (!data_blob_append(NULL, rpc_out,
-- auth_blob.data, auth_blob.length)) {
-- return NT_STATUS_NO_MEMORY;
-- }
-- data_blob_free(&auth_blob);
--
-- return NT_STATUS_OK;
--}
--
--/*******************************************************************
-- Check/unseal the Schannel auth data. (Unseal in place).
-- ********************************************************************/
--
--static NTSTATUS get_schannel_auth_footer(TALLOC_CTX *mem_ctx,
-- struct schannel_state *auth_state,
-- enum dcerpc_AuthLevel auth_level,
-- DATA_BLOB *data, DATA_BLOB *full_pkt,
-- DATA_BLOB *auth_token)
--{
-- switch (auth_level) {
-- case DCERPC_AUTH_LEVEL_PRIVACY:
-- /* Data portion is encrypted. */
-- return netsec_incoming_packet(auth_state,
-- true,
-- data->data,
-- data->length,
-- auth_token);
--
-- case DCERPC_AUTH_LEVEL_INTEGRITY:
-- /* Data is signed. */
-- return netsec_incoming_packet(auth_state,
-- false,
-- data->data,
-- data->length,
-- auth_token);
--
-- default:
-- return NT_STATUS_INVALID_PARAMETER;
-- }
--}
--
- /**
- * @brief Append an auth footer according to what is the current mechanism
- *
---
-1.9.3
-
-
-From 3c10a3501c04e1f5f9bd2bb1418b95b4b17248a8 Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?G=C3=BCnther=20Deschner?= <gd@samba.org>
-Date: Thu, 19 Sep 2013 11:04:19 +0200
-Subject: [PATCH 103/249] s3-rpc_cli: remove unused schannel calls from
- cli_pipe.c
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-Guenther
-
-Signed-off-by: Günther Deschner <gd@samba.org>
-Reviewed-by: Stefan Metzmacher <metze@samba.org>
-(cherry picked from commit 45949d721892a0e8a6b1a76e221c6b3bfd6a872f)
----
- source3/rpc_client/cli_pipe.c | 76 -------------------------------------------
- 1 file changed, 76 deletions(-)
-
-diff --git a/source3/rpc_client/cli_pipe.c b/source3/rpc_client/cli_pipe.c
-index 8a642e2..b73f2f2 100644
---- a/source3/rpc_client/cli_pipe.c
-+++ b/source3/rpc_client/cli_pipe.c
-@@ -22,11 +22,8 @@
- #include "includes.h"
- #include "../lib/util/tevent_ntstatus.h"
- #include "librpc/gen_ndr/ndr_epmapper_c.h"
--#include "../librpc/gen_ndr/ndr_schannel.h"
- #include "../librpc/gen_ndr/ndr_dssetup.h"
- #include "../libcli/auth/schannel.h"
--#include "../libcli/auth/spnego.h"
--#include "../auth/ntlmssp/ntlmssp.h"
- #include "auth_generic.h"
- #include "librpc/gen_ndr/ndr_dcerpc.h"
- #include "librpc/gen_ndr/ndr_netlogon_c.h"
-@@ -1018,42 +1015,6 @@ static NTSTATUS create_generic_auth_rpc_bind_req(struct rpc_pipe_client *cli,
- }
-
- /*******************************************************************
-- Creates schannel auth bind.
-- ********************************************************************/
--
--static NTSTATUS create_schannel_auth_rpc_bind_req(struct rpc_pipe_client *cli,
-- DATA_BLOB *auth_token)
--{
-- NTSTATUS status;
-- struct NL_AUTH_MESSAGE r;
--
-- if (!cli->auth->user_name || !cli->auth->user_name[0]) {
-- return NT_STATUS_INVALID_PARAMETER_MIX;
-- }
--
-- if (!cli->auth->domain || !cli->auth->domain[0]) {
-- return NT_STATUS_INVALID_PARAMETER_MIX;
-- }
--
-- /*
-- * Now marshall the data into the auth parse_struct.
-- */
--
-- r.MessageType = NL_NEGOTIATE_REQUEST;
-- r.Flags = NL_FLAG_OEM_NETBIOS_DOMAIN_NAME |
-- NL_FLAG_OEM_NETBIOS_COMPUTER_NAME;
-- r.oem_netbios_domain.a = cli->auth->domain;
-- r.oem_netbios_computer.a = cli->auth->user_name;
--
-- status = dcerpc_push_schannel_bind(cli, &r, auth_token);
-- if (!NT_STATUS_IS_OK(status)) {
-- return status;
-- }
--
-- return NT_STATUS_OK;
--}
--
--/*******************************************************************
- Creates the internals of a DCE/RPC bind request or alter context PDU.
- ********************************************************************/
-
-@@ -2243,43 +2204,6 @@ static NTSTATUS rpccli_generic_bind_data(TALLOC_CTX *mem_ctx,
- return status;
- }
-
--static NTSTATUS rpccli_schannel_bind_data(TALLOC_CTX *mem_ctx,
-- const char *domain,
-- enum dcerpc_AuthLevel auth_level,
-- struct netlogon_creds_CredentialState *creds,
-- struct pipe_auth_data **presult)
--{
-- struct schannel_state *schannel_auth;
-- struct pipe_auth_data *result;
--
-- result = talloc(mem_ctx, struct pipe_auth_data);
-- if (result == NULL) {
-- return NT_STATUS_NO_MEMORY;
-- }
--
-- result->auth_type = DCERPC_AUTH_TYPE_SCHANNEL;
-- result->auth_level = auth_level;
--
-- result->user_name = talloc_strdup(result, creds->computer_name);
-- result->domain = talloc_strdup(result, domain);
-- if ((result->user_name == NULL) || (result->domain == NULL)) {
-- goto fail;
-- }
--
-- schannel_auth = netsec_create_state(result, creds, true /* initiator */);
-- if (schannel_auth == NULL) {
-- goto fail;
-- }
--
-- result->auth_ctx = schannel_auth;
-- *presult = result;
-- return NT_STATUS_OK;
--
-- fail:
-- TALLOC_FREE(result);
-- return NT_STATUS_NO_MEMORY;
--}
--
- /**
- * Create an rpc pipe client struct, connecting to a tcp port.
- */
---
-1.9.3
-
-
-From e4b33d6311e051501815199bd6c6dbba33f1bc55 Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?G=C3=BCnther=20Deschner?= <gd@samba.org>
-Date: Thu, 19 Sep 2013 11:05:21 +0200
-Subject: [PATCH 104/249] s3-rpc_srv: remove unused schannel calls from
- srv_pipe.c
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-Guenther
-
-Signed-off-by: Günther Deschner <gd@samba.org>
-Reviewed-by: Stefan Metzmacher <metze@samba.org>
-
-Autobuild-User(master): Günther Deschner <gd@samba.org>
-Autobuild-Date(master): Thu Sep 19 12:59:04 CEST 2013 on sn-devel-104
-(cherry picked from commit 6965f918c04328535c55a0ef9b7fe6392fba193a)
----
- source3/rpc_server/srv_pipe.c | 116 ------------------------------------------
- 1 file changed, 116 deletions(-)
-
-diff --git a/source3/rpc_server/srv_pipe.c b/source3/rpc_server/srv_pipe.c
-index fd7a90a..06752a8 100644
---- a/source3/rpc_server/srv_pipe.c
-+++ b/source3/rpc_server/srv_pipe.c
-@@ -30,11 +30,8 @@
- #include "includes.h"
- #include "system/filesys.h"
- #include "srv_pipe_internal.h"
--#include "../librpc/gen_ndr/ndr_schannel.h"
- #include "../librpc/gen_ndr/dcerpc.h"
- #include "../librpc/rpc/rpc_common.h"
--#include "../libcli/auth/schannel.h"
--#include "../libcli/auth/spnego.h"
- #include "dcesrv_auth_generic.h"
- #include "rpc_server.h"
- #include "rpc_dce.h"
-@@ -415,119 +412,6 @@ bool is_known_pipename(const char *pipename, struct ndr_syntax_id *syntax)
- }
-
- /*******************************************************************
-- Handle an schannel bind auth.
--*******************************************************************/
--
--static bool pipe_schannel_auth_bind(struct pipes_struct *p,
-- TALLOC_CTX *mem_ctx,
-- struct dcerpc_auth *auth_info,
-- DATA_BLOB *response)
--{
-- struct NL_AUTH_MESSAGE neg;
-- struct NL_AUTH_MESSAGE reply;
-- bool ret;
-- NTSTATUS status;
-- struct netlogon_creds_CredentialState *creds;
-- enum ndr_err_code ndr_err;
-- struct schannel_state *schannel_auth;
-- struct loadparm_context *lp_ctx;
--
-- ndr_err = ndr_pull_struct_blob(
-- &auth_info->credentials, mem_ctx, &neg,
-- (ndr_pull_flags_fn_t)ndr_pull_NL_AUTH_MESSAGE);
-- if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
-- DEBUG(0,("pipe_schannel_auth_bind: Could not unmarshal SCHANNEL auth neg\n"));
-- return false;
-- }
--
-- if (DEBUGLEVEL >= 10) {
-- NDR_PRINT_DEBUG(NL_AUTH_MESSAGE, &neg);
-- }
--
-- if (!(neg.Flags & NL_FLAG_OEM_NETBIOS_COMPUTER_NAME)) {
-- DEBUG(0,("pipe_schannel_auth_bind: Did not receive netbios computer name\n"));
-- return false;
-- }
--
-- lp_ctx = loadparm_init_s3(p, loadparm_s3_helpers());
-- if (!lp_ctx) {
-- DEBUG(0,("pipe_schannel_auth_bind: loadparm_init_s3() failed!\n"));
-- return false;
-- }
--
-- /*
-- * The neg.oem_netbios_computer.a key here must match the remote computer name
-- * given in the DOM_CLNT_SRV.uni_comp_name used on all netlogon pipe
-- * operations that use credentials.
-- */
--
-- become_root();
-- status = schannel_get_creds_state(p->mem_ctx, lp_ctx,
-- neg.oem_netbios_computer.a, &creds);
-- unbecome_root();
--
-- talloc_unlink(p, lp_ctx);
-- if (!NT_STATUS_IS_OK(status)) {
-- DEBUG(0, ("pipe_schannel_auth_bind: Attempt to bind using schannel without successful serverauth2\n"));
-- return False;
-- }
--
-- schannel_auth = netsec_create_state(p, creds, false /* not initiator */);
-- TALLOC_FREE(creds);
-- if (!schannel_auth) {
-- return False;
-- }
--
-- /*
-- * JRA. Should we also copy the schannel session key into the pipe session key p->session_key
-- * here ? We do that for NTLMSSP, but the session key is already set up from the vuser
-- * struct of the person who opened the pipe. I need to test this further. JRA.
-- *
-- * VL. As we are mapping this to guest set the generic key
-- * "SystemLibraryDTC" key here. It's a bit difficult to test against
-- * W2k3, as it does not allow schannel binds against SAMR and LSA
-- * anymore.
-- */
--
-- ret = session_info_set_session_key(p->session_info, generic_session_key());
--
-- if (!ret) {
-- DEBUG(0, ("session_info_set_session_key failed\n"));
-- return false;
-- }
--
-- /*** SCHANNEL verifier ***/
--
-- reply.MessageType = NL_NEGOTIATE_RESPONSE;
-- reply.Flags = 0;
-- reply.Buffer.dummy = 5; /* ??? actually I don't think
-- * this has any meaning
-- * here - gd */
--
-- ndr_err = ndr_push_struct_blob(response, mem_ctx, &reply,
-- (ndr_push_flags_fn_t)ndr_push_NL_AUTH_MESSAGE);
-- if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
-- DEBUG(0,("Failed to marshall NL_AUTH_MESSAGE.\n"));
-- return false;
-- }
--
-- if (DEBUGLEVEL >= 10) {
-- NDR_PRINT_DEBUG(NL_AUTH_MESSAGE, &reply);
-- }
--
-- DEBUG(10,("pipe_schannel_auth_bind: schannel auth: domain [%s] myname [%s]\n",
-- neg.oem_netbios_domain.a, neg.oem_netbios_computer.a));
--
-- /* We're finished with this bind - no more packets. */
-- p->auth.auth_ctx = schannel_auth;
-- p->auth.auth_type = DCERPC_AUTH_TYPE_SCHANNEL;
--
-- p->pipe_bound = True;
--
-- return True;
--}
--
--/*******************************************************************
- Handle an NTLMSSP bind auth.
- *******************************************************************/
-
---
-1.9.3
-
-
-From 68fbdf567cb7d0bc3550b826204c0708a771a4dc Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?G=C3=BCnther=20Deschner?= <gd@samba.org>
-Date: Mon, 12 Aug 2013 17:22:15 +0200
-Subject: [PATCH 105/249] librpc/ndr: call ndr_table_list() from all ndr_X
- functions.
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-Guenther
-
-Signed-off-by: Günther Deschner <gd@samba.org>
-Reviewed-by: Stefan Metzmacher <metze@samba.org>
-(cherry picked from commit 88c1dbf722889a2d7379cdcbac1ce9b140a42356)
----
- librpc/ndr/ndr_table.c | 6 +++---
- 1 file changed, 3 insertions(+), 3 deletions(-)
-
-diff --git a/librpc/ndr/ndr_table.c b/librpc/ndr/ndr_table.c
-index 7ca0417..01d9094 100644
---- a/librpc/ndr/ndr_table.c
-+++ b/librpc/ndr/ndr_table.c
-@@ -73,7 +73,7 @@ const char *ndr_interface_name(const struct GUID *uuid, uint32_t if_version)
- int ndr_interface_num_calls(const struct GUID *uuid, uint32_t if_version)
- {
- const struct ndr_interface_list *l;
-- for (l=ndr_interfaces;l;l=l->next){
-+ for (l=ndr_table_list();l;l=l->next){
- if (GUID_equal(&l->table->syntax_id.uuid, uuid) &&
- l->table->syntax_id.if_version == if_version) {
- return l->table->num_calls;
-@@ -89,7 +89,7 @@ int ndr_interface_num_calls(const struct GUID *uuid, uint32_t if_version)
- const struct ndr_interface_table *ndr_table_by_name(const char *name)
- {
- const struct ndr_interface_list *l;
-- for (l=ndr_interfaces;l;l=l->next) {
-+ for (l=ndr_table_list();l;l=l->next) {
- if (strcasecmp(l->table->name, name) == 0) {
- return l->table;
- }
-@@ -103,7 +103,7 @@ const struct ndr_interface_table *ndr_table_by_name(const char *name)
- const struct ndr_interface_table *ndr_table_by_uuid(const struct GUID *uuid)
- {
- const struct ndr_interface_list *l;
-- for (l=ndr_interfaces;l;l=l->next) {
-+ for (l=ndr_table_list();l;l=l->next) {
- if (GUID_equal(&l->table->syntax_id.uuid, uuid)) {
- return l->table;
- }
---
-1.9.3
-
-
-From c936c80f7e567bab6fc749fb35e60176fca020af Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?G=C3=BCnther=20Deschner?= <gd@samba.org>
-Date: Thu, 8 Aug 2013 17:34:56 +0200
-Subject: [PATCH 106/249] librpc/ndr: make sure ndr_table_list() always calls
- ndr_init_table() first.
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-Guenther
-
-Signed-off-by: Günther Deschner <gd@samba.org>
-Reviewed-by: Stefan Metzmacher <metze@samba.org>
-(cherry picked from commit 21200b12dc14673f9a610c5798635b6052370dbe)
----
- librpc/ndr/ndr_table.c | 1 +
- 1 file changed, 1 insertion(+)
-
-diff --git a/librpc/ndr/ndr_table.c b/librpc/ndr/ndr_table.c
-index 01d9094..f73b9fc 100644
---- a/librpc/ndr/ndr_table.c
-+++ b/librpc/ndr/ndr_table.c
-@@ -116,6 +116,7 @@ const struct ndr_interface_table *ndr_table_by_uuid(const struct GUID *uuid)
- */
- const struct ndr_interface_list *ndr_table_list(void)
- {
-+ ndr_table_init();
- return ndr_interfaces;
- }
-
---
-1.9.3
-
-
-From 2ced3243b3589b673967452a6401d665dd514525 Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?G=C3=BCnther=20Deschner?= <gd@samba.org>
-Date: Thu, 8 Aug 2013 17:40:22 +0200
-Subject: [PATCH 107/249] s3-rpc: use table->name directly in DEBUG contexts.
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-Guenther
-
-Signed-off-by: Günther Deschner <gd@samba.org>
-Reviewed-by: Stefan Metzmacher <metze@samba.org>
-(cherry picked from commit a94e278883c58b35d383753e86135ff6a1d14ec7)
----
- source3/lib/netapi/cm.c | 2 +-
- source3/rpc_client/cli_pipe.c | 7 +++----
- 2 files changed, 4 insertions(+), 5 deletions(-)
-
-diff --git a/source3/lib/netapi/cm.c b/source3/lib/netapi/cm.c
-index 1cfdccf..bb5d6b2 100644
---- a/source3/lib/netapi/cm.c
-+++ b/source3/lib/netapi/cm.c
-@@ -254,7 +254,7 @@ WERROR libnetapi_open_pipe(struct libnetapi_ctx *ctx,
- status = pipe_cm_open(ctx, ipc, table, &result);
- if (!NT_STATUS_IS_OK(status)) {
- libnetapi_set_error_string(ctx, "failed to open PIPE %s: %s",
-- get_pipe_name_from_syntax(talloc_tos(), &table->syntax_id),
-+ table->name,
- get_friendly_nt_error_msg(status));
- return WERR_DEST_NOT_FOUND;
- }
-diff --git a/source3/rpc_client/cli_pipe.c b/source3/rpc_client/cli_pipe.c
-index b73f2f2..64e7f1c 100644
---- a/source3/rpc_client/cli_pipe.c
-+++ b/source3/rpc_client/cli_pipe.c
-@@ -2692,8 +2692,7 @@ NTSTATUS cli_rpc_pipe_open_noauth_transport(struct cli_state *cli,
- }
- DEBUG(lvl, ("cli_rpc_pipe_open_noauth: rpc_pipe_bind for pipe "
- "%s failed with error %s\n",
-- get_pipe_name_from_syntax(talloc_tos(),
-- &table->syntax_id),
-+ table->name,
- nt_errstr(status) ));
- TALLOC_FREE(result);
- return status;
-@@ -2701,7 +2700,7 @@ NTSTATUS cli_rpc_pipe_open_noauth_transport(struct cli_state *cli,
-
- DEBUG(10,("cli_rpc_pipe_open_noauth: opened pipe %s to machine "
- "%s and bound anonymously.\n",
-- get_pipe_name_from_syntax(talloc_tos(), &table->syntax_id),
-+ table->name,
- result->desthost));
-
- *presult = result;
-@@ -2946,7 +2945,7 @@ NTSTATUS cli_rpc_pipe_open_schannel_with_key(struct cli_state *cli,
- done:
- DEBUG(10,("cli_rpc_pipe_open_schannel_with_key: opened pipe %s to machine %s "
- "for domain %s and bound using schannel.\n",
-- get_pipe_name_from_syntax(talloc_tos(), &table->syntax_id),
-+ table->name,
- rpccli->desthost, domain));
-
- *_rpccli = rpccli;
---
-1.9.3
-
-
-From cd864f1a3748c219df78600fc826a6e1d81fa07d Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?G=C3=BCnther=20Deschner?= <gd@samba.org>
-Date: Wed, 18 Sep 2013 10:58:16 +0200
-Subject: [PATCH 108/249] s3-rpc: use ndr_interface_name() instead of
- get_pipe_name_from_syntax() in DEBUG.
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-Guenther
-
-Signed-off-by: Günther Deschner <gd@samba.org>
-Reviewed-by: Stefan Metzmacher <metze@samba.org>
-(cherry picked from commit 3135533710b2a1b64aaf6b10d30b86f3c004657d)
----
- source3/rpc_server/rpc_handles.c | 15 +++++++++------
- source3/rpc_server/srv_pipe.c | 22 ++++++++++++++--------
- source3/rpc_server/srv_pipe_hnd.c | 16 +++++++++++-----
- source3/wscript_build | 3 ++-
- 4 files changed, 36 insertions(+), 20 deletions(-)
-
-diff --git a/source3/rpc_server/rpc_handles.c b/source3/rpc_server/rpc_handles.c
-index 70c3919..409299a 100644
---- a/source3/rpc_server/rpc_handles.c
-+++ b/source3/rpc_server/rpc_handles.c
-@@ -27,6 +27,7 @@
- #include "rpc_server/rpc_pipes.h"
- #include "../libcli/security/security.h"
- #include "lib/tsocket/tsocket.h"
-+#include "librpc/ndr/ndr_table.h"
-
- #undef DBGC_CLASS
- #define DBGC_CLASS DBGC_RPC_SRV
-@@ -218,7 +219,8 @@ bool init_pipe_handles(struct pipes_struct *p, const struct ndr_syntax_id *synta
-
- DEBUG(10,("init_pipe_handle_list: created handle list for "
- "pipe %s\n",
-- get_pipe_name_from_syntax(talloc_tos(), syntax)));
-+ ndr_interface_name(&syntax->uuid,
-+ syntax->if_version)));
- }
-
- /*
-@@ -235,7 +237,7 @@ bool init_pipe_handles(struct pipes_struct *p, const struct ndr_syntax_id *synta
-
- DEBUG(10,("init_pipe_handle_list: pipe_handles ref count = %lu for "
- "pipe %s\n", (unsigned long)p->pipe_handles->pipe_ref_count,
-- get_pipe_name_from_syntax(talloc_tos(), syntax)));
-+ ndr_interface_name(&syntax->uuid, syntax->if_version)));
-
- return True;
- }
-@@ -412,8 +414,8 @@ void close_policy_by_pipe(struct pipes_struct *p)
- TALLOC_FREE(p->pipe_handles);
-
- DEBUG(10,("Deleted handle list for RPC connection %s\n",
-- get_pipe_name_from_syntax(talloc_tos(),
-- &p->contexts->syntax)));
-+ ndr_interface_name(&p->contexts->syntax.uuid,
-+ p->contexts->syntax.if_version)));
- }
- }
-
-@@ -456,8 +458,9 @@ void *_policy_handle_create(struct pipes_struct *p, struct policy_handle *hnd,
- if (p->pipe_handles->count > MAX_OPEN_POLS) {
- DEBUG(0, ("ERROR: Too many handles (%d) for RPC connection %s\n",
- (int) p->pipe_handles->count,
-- get_pipe_name_from_syntax(talloc_tos(),
-- &p->contexts->syntax)));
-+ ndr_interface_name(&p->contexts->syntax.uuid,
-+ p->contexts->syntax.if_version)));
-+
- *pstatus = NT_STATUS_INSUFFICIENT_RESOURCES;
- return NULL;
- }
-diff --git a/source3/rpc_server/srv_pipe.c b/source3/rpc_server/srv_pipe.c
-index 06752a8..19dbc37 100644
---- a/source3/rpc_server/srv_pipe.c
-+++ b/source3/rpc_server/srv_pipe.c
-@@ -41,6 +41,7 @@
- #include "rpc_server/srv_pipe.h"
- #include "rpc_server/rpc_contexts.h"
- #include "lib/param/param.h"
-+#include "librpc/ndr/ndr_table.h"
-
- #undef DBGC_CLASS
- #define DBGC_CLASS DBGC_RPC_SRV
-@@ -336,7 +337,8 @@ static bool check_bind_req(struct pipes_struct *p,
- bool ok;
-
- DEBUG(3,("check_bind_req for %s\n",
-- get_pipe_name_from_syntax(talloc_tos(), abstract)));
-+ ndr_interface_name(&abstract->uuid,
-+ abstract->if_version)));
-
- /* we have to check all now since win2k introduced a new UUID on the lsaprpc pipe */
- if (rpc_srv_pipe_exists_by_id(abstract) &&
-@@ -580,7 +582,8 @@ static bool api_pipe_bind_req(struct pipes_struct *p,
- if (NT_STATUS_IS_ERR(status)) {
- DEBUG(3,("api_pipe_bind_req: Unknown rpc service name "
- "%s in bind request.\n",
-- get_pipe_name_from_syntax(talloc_tos(), &id)));
-+ ndr_interface_name(&id.uuid,
-+ id.if_version)));
-
- return setup_bind_nak(p, pkt);
- }
-@@ -595,8 +598,10 @@ static bool api_pipe_bind_req(struct pipes_struct *p,
- } else {
- DEBUG(0, ("module %s doesn't provide functions for "
- "pipe %s!\n",
-- get_pipe_name_from_syntax(talloc_tos(), &id),
-- get_pipe_name_from_syntax(talloc_tos(), &id)));
-+ ndr_interface_name(&id.uuid,
-+ id.if_version),
-+ ndr_interface_name(&id.uuid,
-+ id.if_version)));
- return setup_bind_nak(p, pkt);
- }
- }
-@@ -1206,7 +1211,8 @@ static bool api_pipe_request(struct pipes_struct *p,
- TALLOC_CTX *frame = talloc_stackframe();
-
- DEBUG(5, ("Requested %s rpc service\n",
-- get_pipe_name_from_syntax(talloc_tos(), &pipe_fns->syntax)));
-+ ndr_interface_name(&pipe_fns->syntax.uuid,
-+ pipe_fns->syntax.if_version)));
-
- ret = api_rpcTNP(p, pkt, pipe_fns->cmds, pipe_fns->n_cmds,
- &pipe_fns->syntax);
-@@ -1237,7 +1243,7 @@ static bool api_rpcTNP(struct pipes_struct *p, struct ncacn_packet *pkt,
-
- /* interpret the command */
- DEBUG(4,("api_rpcTNP: %s op 0x%x - ",
-- get_pipe_name_from_syntax(talloc_tos(), syntax),
-+ ndr_interface_name(&syntax->uuid, syntax->if_version),
- pkt->u.request.opnum));
-
- if (DEBUGLEVEL >= 50) {
-@@ -1276,7 +1282,7 @@ static bool api_rpcTNP(struct pipes_struct *p, struct ncacn_packet *pkt,
- /* do the actual command */
- if(!api_rpc_cmds[fn_num].fn(p)) {
- DEBUG(0,("api_rpcTNP: %s: %s failed.\n",
-- get_pipe_name_from_syntax(talloc_tos(), syntax),
-+ ndr_interface_name(&syntax->uuid, syntax->if_version),
- api_rpc_cmds[fn_num].name));
- data_blob_free(&p->out_data.rdata);
- return False;
-@@ -1299,7 +1305,7 @@ static bool api_rpcTNP(struct pipes_struct *p, struct ncacn_packet *pkt,
- }
-
- DEBUG(5,("api_rpcTNP: called %s successfully\n",
-- get_pipe_name_from_syntax(talloc_tos(), syntax)));
-+ ndr_interface_name(&syntax->uuid, syntax->if_version)));
-
- /* Check for buffer underflow in rpc parsing */
- if ((DEBUGLEVEL >= 10) &&
-diff --git a/source3/rpc_server/srv_pipe_hnd.c b/source3/rpc_server/srv_pipe_hnd.c
-index 3f8ff44..fcbfa77 100644
---- a/source3/rpc_server/srv_pipe_hnd.c
-+++ b/source3/rpc_server/srv_pipe_hnd.c
-@@ -30,6 +30,7 @@
- #include "rpc_server/rpc_config.h"
- #include "../lib/tsocket/tsocket.h"
- #include "../lib/util/tevent_ntstatus.h"
-+#include "librpc/ndr/ndr_table.h"
-
- #undef DBGC_CLASS
- #define DBGC_CLASS DBGC_RPC_SRV
-@@ -281,7 +282,8 @@ static ssize_t read_from_internal_pipe(struct pipes_struct *p, char *data,
- }
-
- DEBUG(6,(" name: %s len: %u\n",
-- get_pipe_name_from_syntax(talloc_tos(), &p->contexts->syntax),
-+ ndr_interface_name(&p->contexts->syntax.uuid,
-+ p->contexts->syntax.if_version),
- (unsigned int)n));
-
- /*
-@@ -299,7 +301,8 @@ static ssize_t read_from_internal_pipe(struct pipes_struct *p, char *data,
- DEBUG(5,("read_from_pipe: too large read (%u) requested on "
- "pipe %s. We can only service %d sized reads.\n",
- (unsigned int)n,
-- get_pipe_name_from_syntax(talloc_tos(), &p->contexts->syntax),
-+ ndr_interface_name(&p->contexts->syntax.uuid,
-+ p->contexts->syntax.if_version),
- RPC_MAX_PDU_FRAG_LEN ));
- n = RPC_MAX_PDU_FRAG_LEN;
- }
-@@ -320,7 +323,8 @@ static ssize_t read_from_internal_pipe(struct pipes_struct *p, char *data,
-
- DEBUG(10,("read_from_pipe: %s: current_pdu_len = %u, "
- "current_pdu_sent = %u returning %d bytes.\n",
-- get_pipe_name_from_syntax(talloc_tos(), &p->contexts->syntax),
-+ ndr_interface_name(&p->contexts->syntax.uuid,
-+ p->contexts->syntax.if_version),
- (unsigned int)p->out_data.frag.length,
- (unsigned int)p->out_data.current_pdu_sent,
- (int)data_returned));
-@@ -341,7 +345,8 @@ static ssize_t read_from_internal_pipe(struct pipes_struct *p, char *data,
-
- DEBUG(10,("read_from_pipe: %s: fault_state = %d : data_sent_length "
- "= %u, p->out_data.rdata.length = %u.\n",
-- get_pipe_name_from_syntax(talloc_tos(), &p->contexts->syntax),
-+ ndr_interface_name(&p->contexts->syntax.uuid,
-+ p->contexts->syntax.if_version),
- (int)p->fault_state,
- (unsigned int)p->out_data.data_sent_length,
- (unsigned int)p->out_data.rdata.length));
-@@ -363,7 +368,8 @@ static ssize_t read_from_internal_pipe(struct pipes_struct *p, char *data,
-
- if(!create_next_pdu(p)) {
- DEBUG(0,("read_from_pipe: %s: create_next_pdu failed.\n",
-- get_pipe_name_from_syntax(talloc_tos(), &p->contexts->syntax)));
-+ ndr_interface_name(&p->contexts->syntax.uuid,
-+ p->contexts->syntax.if_version)));
- return -1;
- }
-
-diff --git a/source3/wscript_build b/source3/wscript_build
-index 0bf84e2..bb2e928 100755
---- a/source3/wscript_build
-+++ b/source3/wscript_build
-@@ -672,7 +672,8 @@ bld.SAMBA3_LIBRARY('msrpc3',
- deps='''ndr ndr-standard
- RPC_NDR_EPMAPPER NTLMSSP_COMMON COMMON_SCHANNEL LIBCLI_AUTH
- LIBTSOCKET gse dcerpc-binding
-- libsmb''',
-+ libsmb
-+ ndr-table''',
- vars=locals(),
- private_library=True)
-
---
-1.9.3
-
-
-From 6e6ba9bb34ac4e1d55056ef82e4bad8ab2d65b0d Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?G=C3=BCnther=20Deschner?= <gd@samba.org>
-Date: Thu, 8 Aug 2013 17:33:29 +0200
-Subject: [PATCH 109/249] librpc: add dcerpc_default_transport_endpoint()
- function.
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-Guenther
-
-Signed-off-by: Günther Deschner <gd@samba.org>
-Reviewed-by: Stefan Metzmacher <metze@samba.org>
-(cherry picked from commit 40ee3d8a5f7439b90f1ebf5e40535fad51038fe6)
----
- librpc/rpc/dcerpc_util.c | 55 ++++++++++++++++++++++++++++++++++++++++++++++++
- librpc/rpc/rpc_common.h | 3 +++
- 2 files changed, 58 insertions(+)
-
-diff --git a/librpc/rpc/dcerpc_util.c b/librpc/rpc/dcerpc_util.c
-index 0b9cca3..4046f32 100644
---- a/librpc/rpc/dcerpc_util.c
-+++ b/librpc/rpc/dcerpc_util.c
-@@ -332,3 +332,58 @@ NTSTATUS dcerpc_read_ncacn_packet_recv(struct tevent_req *req,
- tevent_req_received(req);
- return NT_STATUS_OK;
- }
-+
-+const char *dcerpc_default_transport_endpoint(TALLOC_CTX *mem_ctx,
-+ enum dcerpc_transport_t transport,
-+ const struct ndr_interface_table *table)
-+{
-+ NTSTATUS status;
-+ const char *p = NULL;
-+ const char *endpoint = NULL;
-+ int i;
-+ struct dcerpc_binding *default_binding = NULL;
-+ TALLOC_CTX *frame = talloc_stackframe();
-+
-+ /* Find one of the default pipes for this interface */
-+
-+ for (i = 0; i < table->endpoints->count; i++) {
-+
-+ status = dcerpc_parse_binding(frame, table->endpoints->names[i],
-+ &default_binding);
-+ if (NT_STATUS_IS_OK(status)) {
-+ if (transport == NCA_UNKNOWN &&
-+ default_binding->endpoint != NULL) {
-+ p = default_binding->endpoint;
-+ break;
-+ }
-+ if (default_binding->transport == transport &&
-+ default_binding->endpoint != NULL) {
-+ p = default_binding->endpoint;
-+ break;
-+ }
-+ }
-+ }
-+
-+ if (i == table->endpoints->count || p == NULL) {
-+ goto done;
-+ }
-+
-+ /*
-+ * extract the pipe name without \\pipe from for example
-+ * ncacn_np:[\\pipe\\epmapper]
-+ */
-+ if (default_binding->transport == NCACN_NP) {
-+ if (strncasecmp(p, "\\pipe\\", 6) == 0) {
-+ p += 6;
-+ }
-+ if (strncmp(p, "\\", 1) == 0) {
-+ p += 1;
-+ }
-+ }
-+
-+ endpoint = talloc_strdup(mem_ctx, p);
-+
-+ done:
-+ talloc_free(frame);
-+ return endpoint;
-+}
-diff --git a/librpc/rpc/rpc_common.h b/librpc/rpc/rpc_common.h
-index e2b3755..d2816f5 100644
---- a/librpc/rpc/rpc_common.h
-+++ b/librpc/rpc/rpc_common.h
-@@ -143,6 +143,9 @@ void dcerpc_set_frag_length(DATA_BLOB *blob, uint16_t v);
- uint16_t dcerpc_get_frag_length(const DATA_BLOB *blob);
- void dcerpc_set_auth_length(DATA_BLOB *blob, uint16_t v);
- uint8_t dcerpc_get_endian_flag(DATA_BLOB *blob);
-+const char *dcerpc_default_transport_endpoint(TALLOC_CTX *mem_ctx,
-+ enum dcerpc_transport_t transport,
-+ const struct ndr_interface_table *table);
-
- /**
- * @brief Pull a dcerpc_auth structure, taking account of any auth
---
-1.9.3
-
-
-From a71f6912117ef5054cba4346f8bfd555d70d7837 Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?G=C3=BCnther=20Deschner?= <gd@samba.org>
-Date: Wed, 18 Sep 2013 10:59:14 +0200
-Subject: [PATCH 110/249] s3-rpc: use dcerpc_default_transport_endpoint
- function.
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-Guenther
-
-Signed-off-by: Günther Deschner <gd@samba.org>
-Reviewed-by: Stefan Metzmacher <metze@samba.org>
-(cherry picked from commit b73e2d927b2221cb3fde8776789c8ca085cf2b8f)
----
- source3/rpc_client/rpc_transport_np.c | 4 +++-
- source3/rpc_server/rpc_ncacn_np.c | 12 ++++++++++--
- source3/rpc_server/srv_pipe.c | 28 +++++++++++++++++++++-------
- 3 files changed, 34 insertions(+), 10 deletions(-)
-
-diff --git a/source3/rpc_client/rpc_transport_np.c b/source3/rpc_client/rpc_transport_np.c
-index c0f313e..91943f4 100644
---- a/source3/rpc_client/rpc_transport_np.c
-+++ b/source3/rpc_client/rpc_transport_np.c
-@@ -22,6 +22,7 @@
- #include "rpc_client/rpc_transport.h"
- #include "libsmb/cli_np_tstream.h"
- #include "client.h"
-+#include "librpc/ndr/ndr_table.h"
-
- #undef DBGC_CLASS
- #define DBGC_CLASS DBGC_RPC_CLI
-@@ -55,7 +56,8 @@ struct tevent_req *rpc_transport_np_init_send(TALLOC_CTX *mem_ctx,
- state->ev = ev;
- state->cli = cli;
- state->abs_timeout = timeval_current_ofs_msec(cli->timeout);
-- state->pipe_name = get_pipe_name_from_syntax(state, &table->syntax_id);
-+ state->pipe_name = dcerpc_default_transport_endpoint(state, NCACN_NP,
-+ table);
- if (tevent_req_nomem(state->pipe_name, req)) {
- return tevent_req_post(req, ev);
- }
-diff --git a/source3/rpc_server/rpc_ncacn_np.c b/source3/rpc_server/rpc_ncacn_np.c
-index 7389b3e..46b77fd 100644
---- a/source3/rpc_server/rpc_ncacn_np.c
-+++ b/source3/rpc_server/rpc_ncacn_np.c
-@@ -36,6 +36,7 @@
- #include "../lib/util/tevent_ntstatus.h"
- #include "rpc_contexts.h"
- #include "rpc_server/rpc_config.h"
-+#include "librpc/ndr/ndr_table.h"
-
- #undef DBGC_CLASS
- #define DBGC_CLASS DBGC_RPC_SRV
-@@ -54,8 +55,15 @@ struct pipes_struct *make_internal_rpc_pipe_p(TALLOC_CTX *mem_ctx,
- struct pipe_rpc_fns *context_fns;
- const char *pipe_name;
- int ret;
-+ const struct ndr_interface_table *table;
-
-- pipe_name = get_pipe_name_from_syntax(talloc_tos(), syntax);
-+ table = ndr_table_by_uuid(&syntax->uuid);
-+ if (table == NULL) {
-+ DEBUG(0,("unknown interface\n"));
-+ return NULL;
-+ }
-+
-+ pipe_name = dcerpc_default_transport_endpoint(mem_ctx, NCACN_NP, table);
-
- DEBUG(4,("Create pipe requested %s\n", pipe_name));
-
-@@ -783,7 +791,7 @@ NTSTATUS rpc_pipe_open_interface(TALLOC_CTX *mem_ctx,
- return NT_STATUS_NO_MEMORY;
- }
-
-- pipe_name = get_pipe_name_from_syntax(tmp_ctx, &table->syntax_id);
-+ pipe_name = dcerpc_default_transport_endpoint(mem_ctx, NCACN_NP, table);
- if (pipe_name == NULL) {
- status = NT_STATUS_INVALID_PARAMETER;
- goto done;
-diff --git a/source3/rpc_server/srv_pipe.c b/source3/rpc_server/srv_pipe.c
-index 19dbc37..5f834fb 100644
---- a/source3/rpc_server/srv_pipe.c
-+++ b/source3/rpc_server/srv_pipe.c
-@@ -552,6 +552,7 @@ static bool api_pipe_bind_req(struct pipes_struct *p,
- struct dcerpc_ack_ctx bind_ack_ctx;
- DATA_BLOB auth_resp = data_blob_null;
- DATA_BLOB auth_blob = data_blob_null;
-+ const struct ndr_interface_table *table;
-
- /* No rebinds on a bound pipe - use alter context. */
- if (p->pipe_bound) {
-@@ -569,15 +570,21 @@ static bool api_pipe_bind_req(struct pipes_struct *p,
- * that this is a pipe name we support.
- */
- id = pkt->u.bind.ctx_list[0].abstract_syntax;
-+
-+ table = ndr_table_by_uuid(&id.uuid);
-+ if (table == NULL) {
-+ DEBUG(0,("unknown interface\n"));
-+ return false;
-+ }
-+
- if (rpc_srv_pipe_exists_by_id(&id)) {
- DEBUG(3, ("api_pipe_bind_req: %s -> %s rpc service\n",
- rpc_srv_get_pipe_cli_name(&id),
- rpc_srv_get_pipe_srv_name(&id)));
- } else {
- status = smb_probe_module(
-- "rpc", get_pipe_name_from_syntax(
-- talloc_tos(),
-- &id));
-+ "rpc", dcerpc_default_transport_endpoint(pkt,
-+ NCACN_NP, table));
-
- if (NT_STATUS_IS_ERR(status)) {
- DEBUG(3,("api_pipe_bind_req: Unknown rpc service name "
-@@ -589,8 +596,8 @@ static bool api_pipe_bind_req(struct pipes_struct *p,
- }
-
- if (rpc_srv_get_pipe_interface_by_cli_name(
-- get_pipe_name_from_syntax(talloc_tos(),
-- &id),
-+ dcerpc_default_transport_endpoint(pkt,
-+ NCACN_NP, table),
- &id)) {
- DEBUG(3, ("api_pipe_bind_req: %s -> %s rpc service\n",
- rpc_srv_get_pipe_cli_name(&id),
-@@ -1240,16 +1247,23 @@ static bool api_rpcTNP(struct pipes_struct *p, struct ncacn_packet *pkt,
- {
- int fn_num;
- uint32_t offset1;
-+ const struct ndr_interface_table *table;
-
- /* interpret the command */
- DEBUG(4,("api_rpcTNP: %s op 0x%x - ",
- ndr_interface_name(&syntax->uuid, syntax->if_version),
- pkt->u.request.opnum));
-
-+ table = ndr_table_by_uuid(&syntax->uuid);
-+ if (table == NULL) {
-+ DEBUG(0,("unknown interface\n"));
-+ return false;
-+ }
-+
- if (DEBUGLEVEL >= 50) {
- fstring name;
- slprintf(name, sizeof(name)-1, "in_%s",
-- get_pipe_name_from_syntax(talloc_tos(), syntax));
-+ dcerpc_default_transport_endpoint(pkt, NCACN_NP, table));
- dump_pdu_region(name, pkt->u.request.opnum,
- &p->in_data.data, 0,
- p->in_data.data.length);
-@@ -1298,7 +1312,7 @@ static bool api_rpcTNP(struct pipes_struct *p, struct ncacn_packet *pkt,
- if (DEBUGLEVEL >= 50) {
- fstring name;
- slprintf(name, sizeof(name)-1, "out_%s",
-- get_pipe_name_from_syntax(talloc_tos(), syntax));
-+ dcerpc_default_transport_endpoint(pkt, NCACN_NP, table));
- dump_pdu_region(name, pkt->u.request.opnum,
- &p->out_data.rdata, offset1,
- p->out_data.rdata.length);
---
-1.9.3
-
-
-From 8bb6f177b210159ea6317b20e2cc12732b4d273a Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?G=C3=BCnther=20Deschner?= <gd@samba.org>
-Date: Wed, 7 Aug 2013 17:43:08 +0200
-Subject: [PATCH 111/249] s3-rpc: remove unused source3/librpc/rpc/rpc_common.c
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-Guenther
-
-Signed-off-by: Günther Deschner <gd@samba.org>
-Reviewed-by: Stefan Metzmacher <metze@samba.org>
-
-Autobuild-User(master): Günther Deschner <gd@samba.org>
-Autobuild-Date(master): Fri Sep 20 14:57:06 CEST 2013 on sn-devel-104
-(cherry picked from commit 807628ecac445999e75ec9ea1abdc5f2fde356d6)
----
- source3/librpc/rpc/dcerpc.h | 8 --
- source3/librpc/rpc/rpc_common.c | 209 ----------------------------------------
- source3/wscript_build | 1 -
- 3 files changed, 218 deletions(-)
- delete mode 100644 source3/librpc/rpc/rpc_common.c
-
-diff --git a/source3/librpc/rpc/dcerpc.h b/source3/librpc/rpc/dcerpc.h
-index 38d59cd..b18b7ba 100644
---- a/source3/librpc/rpc/dcerpc.h
-+++ b/source3/librpc/rpc/dcerpc.h
-@@ -85,12 +85,4 @@ NTSTATUS dcerpc_check_auth(struct pipe_auth_data *auth,
- DATA_BLOB *raw_pkt,
- size_t *pad_len);
-
--/* The following definitions come from librpc/rpc/rpc_common.c */
--
--bool smb_register_ndr_interface(const struct ndr_interface_table *interface);
--const struct ndr_interface_table *get_iface_from_syntax(
-- const struct ndr_syntax_id *syntax);
--const char *get_pipe_name_from_syntax(TALLOC_CTX *mem_ctx,
-- const struct ndr_syntax_id *syntax);
--
- #endif /* __S3_DCERPC_H__ */
-diff --git a/source3/librpc/rpc/rpc_common.c b/source3/librpc/rpc/rpc_common.c
-deleted file mode 100644
-index 1219b2d..0000000
---- a/source3/librpc/rpc/rpc_common.c
-+++ /dev/null
-@@ -1,209 +0,0 @@
--/*
-- * Unix SMB/CIFS implementation.
-- * RPC Pipe client / server routines
-- * Largely rewritten by Jeremy Allison 2005.
-- *
-- * This program is free software; you can redistribute it and/or modify
-- * it under the terms of the GNU General Public License as published by
-- * the Free Software Foundation; either version 3 of the License, or
-- * (at your option) any later version.
-- *
-- * This program is distributed in the hope that it will be useful,
-- * but WITHOUT ANY WARRANTY; without even the implied warranty of
-- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-- * GNU General Public License for more details.
-- *
-- * You should have received a copy of the GNU General Public License
-- * along with this program; if not, see <http://www.gnu.org/licenses/>.
-- */
--
--#include "includes.h"
--#include "librpc/rpc/dcerpc.h"
--#include "../librpc/gen_ndr/ndr_lsa.h"
--#include "../librpc/gen_ndr/ndr_dssetup.h"
--#include "../librpc/gen_ndr/ndr_samr.h"
--#include "../librpc/gen_ndr/ndr_netlogon.h"
--#include "../librpc/gen_ndr/ndr_srvsvc.h"
--#include "../librpc/gen_ndr/ndr_wkssvc.h"
--#include "../librpc/gen_ndr/ndr_winreg.h"
--#include "../librpc/gen_ndr/ndr_spoolss.h"
--#include "../librpc/gen_ndr/ndr_dfs.h"
--#include "../librpc/gen_ndr/ndr_echo.h"
--#include "../librpc/gen_ndr/ndr_initshutdown.h"
--#include "../librpc/gen_ndr/ndr_svcctl.h"
--#include "../librpc/gen_ndr/ndr_eventlog.h"
--#include "../librpc/gen_ndr/ndr_ntsvcs.h"
--#include "../librpc/gen_ndr/ndr_epmapper.h"
--#include "../librpc/gen_ndr/ndr_drsuapi.h"
--#include "../librpc/gen_ndr/ndr_fsrvp.h"
--
--static const char *get_pipe_name_from_iface(
-- TALLOC_CTX *mem_ctx, const struct ndr_interface_table *interface)
--{
-- int i;
-- const struct ndr_interface_string_array *ep = interface->endpoints;
-- char *p;
--
-- for (i=0; i<ep->count; i++) {
-- if (strncmp(ep->names[i], "ncacn_np:[\\pipe\\", 16) == 0) {
-- break;
-- }
-- }
-- if (i == ep->count) {
-- return NULL;
-- }
--
-- /*
-- * extract the pipe name without \\pipe from for example
-- * ncacn_np:[\\pipe\\epmapper]
-- */
-- p = strchr(ep->names[i]+15, ']');
-- if (p == NULL) {
-- return "PIPE";
-- }
-- return talloc_strndup(mem_ctx, ep->names[i]+15, p - ep->names[i] - 15);
--}
--
--static const struct ndr_interface_table **interfaces;
--
--bool smb_register_ndr_interface(const struct ndr_interface_table *interface)
--{
-- int num_interfaces = talloc_array_length(interfaces);
-- const struct ndr_interface_table **tmp;
-- int i;
--
-- for (i=0; i<num_interfaces; i++) {
-- if (ndr_syntax_id_equal(&interfaces[i]->syntax_id,
-- &interface->syntax_id)) {
-- return true;
-- }
-- }
--
-- tmp = talloc_realloc(NULL, interfaces,
-- const struct ndr_interface_table *,
-- num_interfaces + 1);
-- if (tmp == NULL) {
-- DEBUG(1, ("smb_register_ndr_interface: talloc failed\n"));
-- return false;
-- }
-- interfaces = tmp;
-- interfaces[num_interfaces] = interface;
-- return true;
--}
--
--static bool initialize_interfaces(void)
--{
-- if (!smb_register_ndr_interface(&ndr_table_lsarpc)) {
-- return false;
-- }
-- if (!smb_register_ndr_interface(&ndr_table_dssetup)) {
-- return false;
-- }
-- if (!smb_register_ndr_interface(&ndr_table_samr)) {
-- return false;
-- }
-- if (!smb_register_ndr_interface(&ndr_table_netlogon)) {
-- return false;
-- }
-- if (!smb_register_ndr_interface(&ndr_table_srvsvc)) {
-- return false;
-- }
-- if (!smb_register_ndr_interface(&ndr_table_wkssvc)) {
-- return false;
-- }
-- if (!smb_register_ndr_interface(&ndr_table_winreg)) {
-- return false;
-- }
-- if (!smb_register_ndr_interface(&ndr_table_spoolss)) {
-- return false;
-- }
-- if (!smb_register_ndr_interface(&ndr_table_netdfs)) {
-- return false;
-- }
-- if (!smb_register_ndr_interface(&ndr_table_rpcecho)) {
-- return false;
-- }
-- if (!smb_register_ndr_interface(&ndr_table_initshutdown)) {
-- return false;
-- }
-- if (!smb_register_ndr_interface(&ndr_table_svcctl)) {
-- return false;
-- }
-- if (!smb_register_ndr_interface(&ndr_table_eventlog)) {
-- return false;
-- }
-- if (!smb_register_ndr_interface(&ndr_table_ntsvcs)) {
-- return false;
-- }
-- if (!smb_register_ndr_interface(&ndr_table_epmapper)) {
-- return false;
-- }
-- if (!smb_register_ndr_interface(&ndr_table_drsuapi)) {
-- return false;
-- }
-- if (!smb_register_ndr_interface(&ndr_table_FileServerVssAgent)) {
-- return false;
-- }
-- return true;
--}
--
--const struct ndr_interface_table *get_iface_from_syntax(
-- const struct ndr_syntax_id *syntax)
--{
-- int num_interfaces;
-- int i;
--
-- if (interfaces == NULL) {
-- if (!initialize_interfaces()) {
-- return NULL;
-- }
-- }
-- num_interfaces = talloc_array_length(interfaces);
--
-- for (i=0; i<num_interfaces; i++) {
-- if (ndr_syntax_id_equal(&interfaces[i]->syntax_id, syntax)) {
-- return interfaces[i];
-- }
-- }
--
-- return NULL;
--}
--
--/****************************************************************************
-- Return the pipe name from the interface.
-- ****************************************************************************/
--
--const char *get_pipe_name_from_syntax(TALLOC_CTX *mem_ctx,
-- const struct ndr_syntax_id *syntax)
--{
-- const struct ndr_interface_table *interface;
-- char *guid_str;
-- const char *result;
--
-- interface = get_iface_from_syntax(syntax);
-- if (interface != NULL) {
-- result = get_pipe_name_from_iface(mem_ctx, interface);
-- if (result != NULL) {
-- return result;
-- }
-- }
--
-- /*
-- * Here we should ask \\epmapper, but for now our code is only
-- * interested in the known pipes mentioned in pipe_names[]
-- */
--
-- guid_str = GUID_string(talloc_tos(), &syntax->uuid);
-- if (guid_str == NULL) {
-- return NULL;
-- }
-- result = talloc_asprintf(mem_ctx, "Interface %s.%d", guid_str,
-- (int)syntax->if_version);
-- TALLOC_FREE(guid_str);
--
-- if (result == NULL) {
-- return "PIPE";
-- }
-- return result;
--}
--
-diff --git a/source3/wscript_build b/source3/wscript_build
-index bb2e928..8126cf6 100755
---- a/source3/wscript_build
-+++ b/source3/wscript_build
-@@ -141,7 +141,6 @@ LIBSMB_SRC = '''libsmb/clientgen.c libsmb/cliconnect.c libsmb/clifile.c
-
- LIBMSRPC_SRC = '''
- rpc_client/cli_pipe.c
-- librpc/rpc/rpc_common.c
- rpc_client/rpc_transport_np.c
- rpc_client/rpc_transport_sock.c
- rpc_client/rpc_transport_tstream.c
---
-1.9.3
-
-
-From 2b2d978bd97299371a1fd7798d69ab377a76d389 Mon Sep 17 00:00:00 2001
-From: Volker Lendecke <vl@samba.org>
-Date: Wed, 14 Aug 2013 09:27:59 +0000
-Subject: [PATCH 112/249] winbind3: Fix an invalid free
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-This fixes a warning I've never seen before :-)
-
-../source3/winbindd/winbindd_cm.c:781:59: warning: attempt to free a non-heap object ‘machine_krb5_principal’ [-Wfree-nonheap-object]
-
-Signed-off-by: Volker Lendecke <vl@samba.org>
-Reviewed-by: Stefan Metzmacher <metze@samba.org>
-
-Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
-Autobuild-Date(master): Wed Aug 14 14:04:16 CEST 2013 on sn-devel-104
-(cherry picked from commit 5f75814586f2d6f7c2dc8fd9342cb045c1f7e68c)
----
- source3/winbindd/winbindd_cm.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/source3/winbindd/winbindd_cm.c b/source3/winbindd/winbindd_cm.c
-index facef64..d868826 100644
---- a/source3/winbindd/winbindd_cm.c
-+++ b/source3/winbindd/winbindd_cm.c
-@@ -840,7 +840,7 @@ static NTSTATUS get_trust_creds(const struct winbindd_domain *domain,
- }
-
- if (!strupper_m(*machine_krb5_principal)) {
-- SAFE_FREE(machine_krb5_principal);
-+ SAFE_FREE(*machine_krb5_principal);
- return NT_STATUS_INVALID_PARAMETER;
- }
- }
---
-1.9.3
-
-
-From 1b88903c4f5931397e22874b3751dd05a03a2dea Mon Sep 17 00:00:00 2001
-From: Andrew Bartlett <abartlet@samba.org>
-Date: Fri, 11 Oct 2013 13:34:13 +1300
-Subject: [PATCH 113/249] s3-winbindd: Remove undocumented winbindd:socket dir
- parameter
-
-This uses the documeted "winbindd socket directory" parameter instead.
-
-This came about due to the merge of the two smb.conf tables in s3 and
-s4 for the Samba 4.0 release. The s4 code used a real parameter,
-which caused this to be documented, whereas no automatic procedure
-existed to notice the parametric option and the need to document that.
-The fact that this was not used consistently in both codebases is one
-of the many areas of technical debt we still need to pay off here.
-
-Andrew Bartlett
-
-Signed-off-by: Andrew Bartlett <abartlet@samba.org>
-Reviewed-by: Andreas Schneider <asn@samba.org>
-(cherry picked from commit e512491552d9ed0dc1005a23ffc8f77ba237f863)
----
- selftest/target/Samba3.pm | 2 +-
- source3/include/proto.h | 1 +
- source3/param/loadparm.c | 1 +
- source3/winbindd/winbindd.c | 9 ++-------
- source3/winbindd/winbindd_proto.h | 1 -
- 5 files changed, 5 insertions(+), 9 deletions(-)
-
-diff --git a/selftest/target/Samba3.pm b/selftest/target/Samba3.pm
-index ba01154..d8f0c27 100755
---- a/selftest/target/Samba3.pm
-+++ b/selftest/target/Samba3.pm
-@@ -972,7 +972,7 @@ sub provision($$$$$$)
- printing = bsd
- printcap name = /dev/null
-
-- winbindd:socket dir = $wbsockdir
-+ winbindd socket directory = $wbsockdir
- nmbd:socket dir = $nmbdsockdir
- idmap config * : range = 100000-200000
- winbind enum users = yes
-diff --git a/source3/include/proto.h b/source3/include/proto.h
-index cbad7ac..53cd59d 100644
---- a/source3/include/proto.h
-+++ b/source3/include/proto.h
-@@ -1069,6 +1069,7 @@ char *lp_wins_hook(TALLOC_CTX *ctx);
- const char *lp_template_homedir(void);
- const char *lp_template_shell(void);
- const char *lp_winbind_separator(void);
-+const char *lp_winbindd_socket_directory(void);
- bool lp_winbind_enum_users(void);
- bool lp_winbind_enum_groups(void);
- bool lp_winbind_use_default_domain(void);
-diff --git a/source3/param/loadparm.c b/source3/param/loadparm.c
-index 4b31023..b2804ae 100644
---- a/source3/param/loadparm.c
-+++ b/source3/param/loadparm.c
-@@ -961,6 +961,7 @@ static void init_globals(bool reinit_globals)
- string_set(&Globals.szTemplateShell, "/bin/false");
- string_set(&Globals.szTemplateHomedir, "/home/%D/%U");
- string_set(&Globals.szWinbindSeparator, "\\");
-+ string_set(&Globals.szWinbinddSocketDirectory, dyn_WINBINDD_SOCKET_DIR);
-
- string_set(&Globals.szCupsServer, "");
- string_set(&Globals.szIPrintServer, "");
-diff --git a/source3/winbindd/winbindd.c b/source3/winbindd/winbindd.c
-index f101e52..69a17bf 100644
---- a/source3/winbindd/winbindd.c
-+++ b/source3/winbindd/winbindd.c
-@@ -189,7 +189,7 @@ static void terminate(bool is_parent)
- char *path = NULL;
-
- if (asprintf(&path, "%s/%s",
-- get_winbind_pipe_dir(), WINBINDD_SOCKET_NAME) > 0) {
-+ lp_winbindd_socket_directory(), WINBINDD_SOCKET_NAME) > 0) {
- unlink(path);
- SAFE_FREE(path);
- }
-@@ -1067,11 +1067,6 @@ static void winbindd_listen_fde_handler(struct tevent_context *ev,
- * Winbindd socket accessor functions
- */
-
--const char *get_winbind_pipe_dir(void)
--{
-- return lp_parm_const_string(-1, "winbindd", "socket dir", get_dyn_WINBINDD_SOCKET_DIR());
--}
--
- char *get_winbind_priv_pipe_dir(void)
- {
- return state_path(WINBINDD_PRIV_SOCKET_SUBDIR);
-@@ -1092,7 +1087,7 @@ static bool winbindd_setup_listeners(void)
-
- pub_state->privileged = false;
- pub_state->fd = create_pipe_sock(
-- get_winbind_pipe_dir(), WINBINDD_SOCKET_NAME, 0755);
-+ lp_winbindd_socket_directory(), WINBINDD_SOCKET_NAME, 0755);
- if (pub_state->fd == -1) {
- goto failed;
- }
-diff --git a/source3/winbindd/winbindd_proto.h b/source3/winbindd/winbindd_proto.h
-index 3df7d7c..cfc19d0 100644
---- a/source3/winbindd/winbindd_proto.h
-+++ b/source3/winbindd/winbindd_proto.h
-@@ -34,7 +34,6 @@ bool winbindd_setup_stdin_handler(bool parent, bool foreground);
- bool winbindd_setup_sig_hup_handler(const char *lfile);
- bool winbindd_use_idmap_cache(void);
- bool winbindd_use_cache(void);
--const char *get_winbind_pipe_dir(void);
- char *get_winbind_priv_pipe_dir(void);
- struct tevent_context *winbind_event_context(void);
- int main(int argc, char **argv, char **envp);
---
-1.9.3
-
-
-From d0ae2d10385dea4b8fae3d8932d40f546ff8905b Mon Sep 17 00:00:00 2001
-From: Andrew Bartlett <abartlet@samba.org>
-Date: Mon, 14 Oct 2013 15:33:20 +1300
-Subject: [PATCH 114/249] lib/param: lp_magicchar takes a const struct
- share_params *p so should be FN_LOCAL_PARM_CHAR
-
-This was found when trying to autogenerate prototypes for lp_ functions again.
-
-Andrew Bartlett
-
-Signed-off-by: Andrew Bartlett <abartlet@samba.org>
-Reviewed-by: Stefan Metzmacher <metze@samba.org>
----
- lib/param/loadparm.c | 2 +-
- lib/param/param_functions.c | 2 +-
- source3/param/loadparm.c | 2 +-
- 3 files changed, 3 insertions(+), 3 deletions(-)
-
-diff --git a/lib/param/loadparm.c b/lib/param/loadparm.c
-index 455c5e6..4497dbf 100644
---- a/lib/param/loadparm.c
-+++ b/lib/param/loadparm.c
-@@ -314,7 +314,7 @@ static struct loadparm_context *global_loadparm_context;
-
- #define FN_LOCAL_PARM_INTEGER(fn_name, val) FN_LOCAL_INTEGER(fn_name, val)
-
--#define FN_LOCAL_CHAR(fn_name,val) \
-+#define FN_LOCAL_PARM_CHAR(fn_name,val) \
- _PUBLIC_ char lpcfg_ ## fn_name(struct loadparm_service *service, \
- struct loadparm_service *sDefault) { \
- return((service != NULL)? service->val : sDefault->val); \
-diff --git a/lib/param/param_functions.c b/lib/param/param_functions.c
-index d9d5df6..60f9c07 100644
---- a/lib/param/param_functions.c
-+++ b/lib/param/param_functions.c
-@@ -147,7 +147,7 @@ FN_LOCAL_INTEGER(aio_write_size, iAioWriteSize)
- FN_LOCAL_INTEGER(map_readonly, iMap_readonly)
- FN_LOCAL_INTEGER(directory_name_cache_size, iDirectoryNameCacheSize)
- FN_LOCAL_INTEGER(smb_encrypt, ismb_encrypt)
--FN_LOCAL_CHAR(magicchar, magic_char)
-+FN_LOCAL_PARM_CHAR(magicchar, magic_char)
- FN_LOCAL_STRING(cups_options, szCupsOptions)
- FN_LOCAL_PARM_BOOL(change_notify, bChangeNotify)
- FN_LOCAL_PARM_BOOL(kernel_change_notify, bKernelChangeNotify)
-diff --git a/source3/param/loadparm.c b/source3/param/loadparm.c
-index b2804ae..40f3242 100644
---- a/source3/param/loadparm.c
-+++ b/source3/param/loadparm.c
-@@ -1116,7 +1116,7 @@ char *lp_ ## fn_name(TALLOC_CTX *ctx,int i) {return(lp_string((ctx), (LP_SNUM_OK
- bool lp_ ## fn_name(const struct share_params *p) {return(bool)(LP_SNUM_OK(p->service)? ServicePtrs[(p->service)]->val : sDefault.val);}
- #define FN_LOCAL_PARM_INTEGER(fn_name,val) \
- int lp_ ## fn_name(const struct share_params *p) {return(LP_SNUM_OK(p->service)? ServicePtrs[(p->service)]->val : sDefault.val);}
--#define FN_LOCAL_CHAR(fn_name,val) \
-+#define FN_LOCAL_PARM_CHAR(fn_name,val) \
- char lp_ ## fn_name(const struct share_params *p) {return(LP_SNUM_OK(p->service)? ServicePtrs[(p->service)]->val : sDefault.val);}
-
-
---
-1.9.3
-
-
-From bf5cb3b6c6e2d3171b70fff5deb9a7767d6609a8 Mon Sep 17 00:00:00 2001
-From: Andrew Bartlett <abartlet@samba.org>
-Date: Mon, 14 Oct 2013 13:47:27 +1300
-Subject: [PATCH 115/249] build: Move loadparm-related build rules to
- source3/param/wscript_build
-
-Signed-off-by: Andrew Bartlett <abartlet@samba.org>
-Reviewed-by: Stefan Metzmacher <metze@samba.org>
----
- source3/param/wscript_build | 32 ++++++++++++++++++++++++++++++++
- source3/wscript_build | 36 ++----------------------------------
- 2 files changed, 34 insertions(+), 34 deletions(-)
- create mode 100644 source3/param/wscript_build
-
-diff --git a/source3/param/wscript_build b/source3/param/wscript_build
-new file mode 100644
-index 0000000..278d5f5
---- /dev/null
-+++ b/source3/param/wscript_build
-@@ -0,0 +1,32 @@
-+#!/usr/bin/env python
-+
-+bld.SAMBA3_SUBSYSTEM('PARAM_UTIL',
-+ source='util.c',
-+ deps='talloc')
-+
-+bld.SAMBA3_SUBSYSTEM('LOADPARM_CTX',
-+ source='loadparm_ctx.c',
-+ deps='''talloc s3_param_h param''')
-+
-+bld.SAMBA_GENERATOR('s3_param_global_h',
-+ source= '../../script/mkparamdefs.pl loadparm.c ../../lib/param/param_functions.c',
-+ target='param_global.h',
-+ rule='${PERL} ${SRC[0].abspath(env)} ${SRC[1].abspath(env)} ${SRC[2].abspath(env)} --file ${TGT} --generate-scope=GLOBAL')
-+
-+bld.SAMBA3_PYTHON('pys3param',
-+ source='pyparam.c',
-+ deps='param',
-+ public_deps='samba-hostconfig pytalloc-util talloc',
-+ realname='samba/samba3/param.so')
-+
-+bld.SAMBA3_SUBSYSTEM('param_service',
-+ source='service.c',
-+ deps = 'USER_UTIL param PRINTING')
-+
-+bld.SAMBA3_BINARY('test_lp_load',
-+ source='test_lp_load.c',
-+ deps='''
-+ talloc
-+ param
-+ popt_samba3''',
-+ install=False)
-diff --git a/source3/wscript_build b/source3/wscript_build
-index 8126cf6..13d15c3 100755
---- a/source3/wscript_build
-+++ b/source3/wscript_build
-@@ -751,33 +751,9 @@ bld.SAMBA3_SUBSYSTEM('SERVER_MUTEX',
- source=SERVER_MUTEX_SRC,
- deps='talloc')
-
--bld.SAMBA3_SUBSYSTEM('PARAM_UTIL',
-- source=PARAM_UTIL_SRC,
-- deps='talloc')
--
--bld.SAMBA3_SUBSYSTEM('LOADPARM_CTX',
-- source='param/loadparm_ctx.c',
-- deps='''talloc s3_param_h param''',
-- vars=locals())
--
--bld.SAMBA_GENERATOR('param/param_global_h',
-- source= '../script/mkparamdefs.pl param/loadparm.c ../lib/param/param_functions.c',
-- target='param/param_global.h',
-- rule='${PERL} ${SRC[0].abspath(env)} ${SRC[1].abspath(env)} ${SRC[2].abspath(env)} --file ${TGT} --generate-scope=GLOBAL')
--
- bld.SAMBA3_SUBSYSTEM('param',
- source=PARAM_WITHOUT_REG_SRC,
-- deps='samba-util PARAM_UTIL ldap lber LOADPARM_CTX samba3core smbconf param_local_h param/param_global_h cups''')
--
--bld.SAMBA3_PYTHON('pys3param',
-- source='param/pyparam.c',
-- deps='param',
-- public_deps='samba-hostconfig pytalloc-util talloc',
-- realname='samba/samba3/param.so')
--
--bld.SAMBA3_SUBSYSTEM('param_service',
-- source='param/service.c',
-- deps = 'USER_UTIL param PRINTING')
-+ deps='samba-util PARAM_UTIL ldap lber LOADPARM_CTX samba3core smbconf param_local_h s3_param_global_h cups''')
-
- bld.SAMBA3_SUBSYSTEM('REGFIO',
- source=REGFIO_SRC,
-@@ -1566,15 +1542,6 @@ bld.SAMBA3_BINARY('rpc_open_tcp',
- install=False,
- vars=locals())
-
--bld.SAMBA3_BINARY('test_lp_load',
-- source=TEST_LP_LOAD_SRC,
-- deps='''
-- talloc
-- param
-- popt_samba3''',
-- install=False,
-- vars=locals())
--
- bld.SAMBA3_BINARY('dbwrap_tool',
- source=DBWRAP_TOOL_SRC,
- deps='''
-@@ -1638,6 +1605,7 @@ bld.RECURSE('librpc/idl')
- bld.RECURSE('libsmb')
- bld.RECURSE('modules')
- bld.RECURSE('pam_smbpass')
-+bld.RECURSE('param')
- bld.RECURSE('passdb')
- bld.RECURSE('rpc_server')
- bld.RECURSE('script')
---
-1.9.3
-
-
-From 281cb415404f7044a4bdbc93a21b2f755cbc74ee Mon Sep 17 00:00:00 2001
-From: Andrew Bartlett <abartlet@samba.org>
-Date: Mon, 14 Oct 2013 15:34:40 +1300
-Subject: [PATCH 116/249] lib/param: Do not attempt to access the s3 function
- for allocated and subbed string parameters
-
-This allows us not to generate array entries for these, which in turn allows
-us to avoid initialising them. The issue is that we do not have the
-% macro sub context nor a talloc context handy (yet).
-
-Andrew Bartlett
-
-Signed-off-by: Andrew Bartlett <abartlet@samba.org>
-Reviewed-by: Stefan Metzmacher <metze@samba.org>
----
- lib/param/loadparm.c | 21 ++++++++++-----------
- 1 file changed, 10 insertions(+), 11 deletions(-)
-
-diff --git a/lib/param/loadparm.c b/lib/param/loadparm.c
-index 4497dbf..23b45e2 100644
---- a/lib/param/loadparm.c
-+++ b/lib/param/loadparm.c
-@@ -232,7 +232,16 @@ static struct loadparm_context *global_loadparm_context;
- #define lpcfg_default_service global_loadparm_context->sDefault
- #define lpcfg_global_service(i) global_loadparm_context->services[i]
-
--#define FN_GLOBAL_STRING(fn_name,var_name) \
-+#define FN_GLOBAL_STRING(fn_name,var_name) \
-+ _PUBLIC_ const char *lpcfg_ ## fn_name(struct loadparm_context *lp_ctx) {\
-+ if (lp_ctx == NULL) return NULL; \
-+ if (lp_ctx->s3_fns) { \
-+ smb_panic( __location__ ": " #fn_name " not implemented because it is an allocated and substiuted string"); \
-+ } \
-+ return lp_ctx->globals->var_name ? lp_string(lp_ctx->globals->var_name) : ""; \
-+}
-+
-+#define FN_GLOBAL_CONST_STRING(fn_name,var_name) \
- _PUBLIC_ const char *lpcfg_ ## fn_name(struct loadparm_context *lp_ctx) { \
- if (lp_ctx == NULL) return NULL; \
- if (lp_ctx->s3_fns) { \
-@@ -242,16 +251,6 @@ static struct loadparm_context *global_loadparm_context;
- return lp_ctx->globals->var_name ? lp_string(lp_ctx->globals->var_name) : ""; \
- }
-
--#define FN_GLOBAL_CONST_STRING(fn_name,var_name) \
-- _PUBLIC_ const char *lpcfg_ ## fn_name(struct loadparm_context *lp_ctx) {\
-- if (lp_ctx == NULL) return NULL; \
-- if (lp_ctx->s3_fns) { \
-- SMB_ASSERT(lp_ctx->s3_fns->fn_name); \
-- return lp_ctx->s3_fns->fn_name(); \
-- } \
-- return lp_ctx->globals->var_name ? lp_string(lp_ctx->globals->var_name) : ""; \
-- }
--
- #define FN_GLOBAL_LIST(fn_name,var_name) \
- _PUBLIC_ const char **lpcfg_ ## fn_name(struct loadparm_context *lp_ctx) { \
- if (lp_ctx == NULL) return NULL; \
---
-1.9.3
-
-
-From e610d185d26910e6cb96ddf8507c31c5f1503271 Mon Sep 17 00:00:00 2001
-From: Andrew Bartlett <abartlet@samba.org>
-Date: Mon, 14 Oct 2013 15:36:18 +1300
-Subject: [PATCH 117/249] param: Skip generating hooks for local and string
- parameters
-
-Signed-off-by: Andrew Bartlett <abartlet@samba.org>
-Reviewed-by: Stefan Metzmacher <metze@samba.org>
----
- script/mks3param.pl | 9 ++++++++-
- 1 file changed, 8 insertions(+), 1 deletion(-)
-
-diff --git a/script/mks3param.pl b/script/mks3param.pl
-index 4222ca5..799958c 100644
---- a/script/mks3param.pl
-+++ b/script/mks3param.pl
-@@ -108,7 +108,14 @@ sub handle_loadparm($$)
- {
- my ($file,$line) = @_;
-
-- if ($line =~ /^FN_(GLOBAL|LOCAL)_(CONST_STRING|STRING|BOOL|bool|CHAR|INTEGER|LIST)\((\w+),.*\)/o) {
-+ # Local parameters don't need the ->s3_fns because the struct
-+ # loadparm_service is shared and lpcfg_service() checks the ->s3_fns
-+ # hook
-+ #
-+ # STRING isn't handled as we do not yet have a way to pass in a memory context nor
-+ # do we have a good way of dealing with the % macros yet.
-+
-+ if ($line =~ /^FN_(GLOBAL)_(CONST_STRING|BOOL|bool|CHAR|INTEGER|LIST)\((\w+),.*\)/o) {
- my $scope = $1;
- my $type = $2;
- my $name = $3;
---
-1.9.3
-
-
-From 970290dc75404ab366617210edfca718fe21864b Mon Sep 17 00:00:00 2001
-From: Andrew Bartlett <abartlet@samba.org>
-Date: Mon, 14 Oct 2013 15:39:10 +1300
-Subject: [PATCH 118/249] s3/param: Autogenerate parameters prototypes again
- after proto.h was frozen
-
-This autogenerates the parameters so that we can keep everything in sync easier,
-particularly when adding new parameters. This will also make it easier to move
-to a fully autogenerated system in the future, as it reduces special cases.
-
-Andrew Bartlett
-
-Signed-off-by: Andrew Bartlett <abartlet@samba.org>
-Reviewed-by: Stefan Metzmacher <metze@samba.org>
----
- script/mks3param_proto.pl | 199 ++++++++++++++++++++++++++++++++++++++++++++
- source3/include/proto.h | 2 +
- source3/param/wscript_build | 5 ++
- 3 files changed, 206 insertions(+)
- create mode 100644 script/mks3param_proto.pl
-
-diff --git a/script/mks3param_proto.pl b/script/mks3param_proto.pl
-new file mode 100644
-index 0000000..446e343
---- /dev/null
-+++ b/script/mks3param_proto.pl
-@@ -0,0 +1,199 @@
-+#!/usr/bin/perl
-+# Generate loadparm interfaces tables for Samba3/Samba4 integration
-+# by Andrew Bartlett
-+# based on mkproto.pl Written by Jelmer Vernooij
-+# based on the original mkproto.sh by Andrew Tridgell
-+
-+use strict;
-+
-+# don't use warnings module as it is not portable enough
-+# use warnings;
-+
-+use Getopt::Long;
-+use File::Basename;
-+use File::Path;
-+
-+#####################################################################
-+# read a file into a string
-+
-+my $file = undef;
-+my $public_define = undef;
-+my $_public = "";
-+my $_private = "";
-+my $public_data = \$_public;
-+my $builddir = ".";
-+my $srcdir = ".";
-+
-+sub public($)
-+{
-+ my ($d) = @_;
-+ $$public_data .= $d;
-+}
-+
-+sub usage()
-+{
-+ print "Usage: mks3param.pl [options] [c files]\n";
-+ print "OPTIONS:\n";
-+ print " --srcdir=path Read files relative to this directory\n";
-+ print " --builddir=path Write file relative to this directory\n";
-+ print " --help Print this help message\n\n";
-+ exit 0;
-+}
-+
-+GetOptions(
-+ 'file=s' => sub { my ($f,$v) = @_; $file = $v; },
-+ 'srcdir=s' => sub { my ($f,$v) = @_; $srcdir = $v; },
-+ 'builddir=s' => sub { my ($f,$v) = @_; $builddir = $v; },
-+ 'help' => \&usage
-+) or exit(1);
-+
-+sub normalize_define($$)
-+{
-+ my ($define, $file) = @_;
-+
-+ if (not defined($define) and defined($file)) {
-+ $define = "__" . uc($file) . "__";
-+ $define =~ tr{./}{__};
-+ $define =~ tr{\-}{_};
-+ } elsif (not defined($define)) {
-+ $define = '_S3_PARAM_PROTO_H_';
-+ }
-+
-+ return $define;
-+}
-+
-+$public_define = normalize_define($public_define, $file);
-+
-+sub file_load($)
-+{
-+ my($filename) = @_;
-+ local(*INPUTFILE);
-+ open(INPUTFILE, $filename) or return undef;
-+ my($saved_delim) = $/;
-+ undef $/;
-+ my($data) = <INPUTFILE>;
-+ close(INPUTFILE);
-+ $/ = $saved_delim;
-+ return $data;
-+}
-+
-+sub print_header($$)
-+{
-+ my ($file, $header_name) = @_;
-+ $file->("#ifndef $header_name\n");
-+ $file->("#define $header_name\n\n");
-+ $file->("/* This file was automatically generated by mks3param_proto.pl. DO NOT EDIT */\n\n");
-+}
-+
-+sub print_footer($$)
-+{
-+ my ($file, $header_name) = @_;
-+ $file->("\n#endif /* $header_name */\n\n");
-+}
-+
-+sub handle_loadparm($$)
-+{
-+ my ($file,$line) = @_;
-+
-+ my $scope;
-+ my $type;
-+ my $name;
-+ my $var;
-+ my $param;
-+
-+ if ($line =~ /^FN_(GLOBAL|LOCAL)_(CONST_STRING|STRING|BOOL|bool|CHAR|INTEGER|LIST)\((\w+),(.*)\)/o) {
-+ $scope = $1;
-+ $type = $2;
-+ $name = $3;
-+ $var = $4;
-+ $param = "int";
-+ } elsif ($line =~ /^FN_(GLOBAL|LOCAL)_PARM_(CONST_STRING|STRING|BOOL|bool|CHAR|INTEGER|LIST)\((\w+),(.*)\)/o) {
-+ $scope = $1;
-+ $type = $2;
-+ $name = $3;
-+ $var = $4;
-+ $param = "const struct share_params *p";
-+ } else {
-+ return;
-+ }
-+
-+ my %tmap = (
-+ "BOOL" => "bool ",
-+ "CONST_STRING" => "const char *",
-+ "STRING" => "char *",
-+ "INTEGER" => "int ",
-+ "CHAR" => "char ",
-+ "LIST" => "const char **",
-+ );
-+
-+ my %smap = (
-+ "GLOBAL" => "void",
-+ "LOCAL" => "$param"
-+ );
-+
-+ if (($type eq "STRING") and ($scope eq "GLOBAL")) {
-+ $file->("$tmap{$type}lp_$name(TALLOC_CTX *ctx);\n");
-+ } elsif (($type eq "STRING") and ($scope eq "LOCAL")) {
-+ $file->("$tmap{$type}lp_$name(TALLOC_CTX *ctx, $smap{$scope});\n");
-+ } else {
-+ $file->("$tmap{$type}lp_$name($smap{$scope});\n");
-+ }
-+}
-+
-+sub process_file($$)
-+{
-+ my ($file, $filename) = @_;
-+
-+ $filename =~ s/\.o$/\.c/g;
-+
-+ if ($filename =~ /^\//) {
-+ open(FH, "<$filename") or die("Failed to open $filename");
-+ } elsif (!open(FH, "< $builddir/$filename")) {
-+ open(FH, "< $srcdir/$filename") || die "Failed to open $filename";
-+ }
-+
-+ my $comment = undef;
-+ my $incomment = 0;
-+ while (my $line = <FH>) {
-+ if ($line =~ /^\/\*\*/) {
-+ $comment = "";
-+ $incomment = 1;
-+ }
-+
-+ if ($incomment) {
-+ $comment .= $line;
-+ if ($line =~ /\*\//) {
-+ $incomment = 0;
-+ }
-+ }
-+
-+ # these are ordered for maximum speed
-+ next if ($line =~ /^\s/);
-+
-+ next unless ($line =~ /\(/);
-+
-+ next if ($line =~ /^\/|[;]/);
-+
-+ if ($line =~ /^FN_/) {
-+ handle_loadparm($file, $line);
-+ }
-+ next;
-+ }
-+
-+ close(FH);
-+}
-+
-+
-+print_header(\&public, $public_define);
-+
-+process_file(\&public, $_) foreach (@ARGV);
-+print_footer(\&public, $public_define);
-+
-+if (not defined($file)) {
-+ print STDOUT $$public_data;
-+}
-+
-+mkpath(dirname($file), 0, 0755);
-+open(PUBLIC, ">$file") or die("Can't open `$file': $!");
-+print PUBLIC "$$public_data";
-+close(PUBLIC);
-diff --git a/source3/include/proto.h b/source3/include/proto.h
-index 53cd59d..614baa4 100644
---- a/source3/include/proto.h
-+++ b/source3/include/proto.h
-@@ -993,6 +993,8 @@ NTSTATUS change_trust_account_password( const char *domain, const char *remote_m
-
- /* The following definitions come from param/loadparm.c */
-
-+#include "source3/param/param_proto.h"
-+
- const char **lp_smb_ports(void);
- const char *lp_dos_charset(void);
- const char *lp_unix_charset(void);
-diff --git a/source3/param/wscript_build b/source3/param/wscript_build
-index 278d5f5..643c27e 100644
---- a/source3/param/wscript_build
-+++ b/source3/param/wscript_build
-@@ -13,6 +13,11 @@ bld.SAMBA_GENERATOR('s3_param_global_h',
- target='param_global.h',
- rule='${PERL} ${SRC[0].abspath(env)} ${SRC[1].abspath(env)} ${SRC[2].abspath(env)} --file ${TGT} --generate-scope=GLOBAL')
-
-+bld.SAMBA_GENERATOR('s3_param_proto_h',
-+ source= '../../script/mks3param_proto.pl loadparm.c ../../lib/param/param_functions.c',
-+ target='param_proto.h',
-+ rule='${PERL} ${SRC[0].abspath(env)} ${SRC[1].abspath(env)} ${SRC[2].abspath(env)} --file ${TGT}')
-+
- bld.SAMBA3_PYTHON('pys3param',
- source='pyparam.c',
- deps='param',
---
-1.9.3
-
-
-From 4f87a4ca65b386e90cca479aabdf9051de2c67e3 Mon Sep 17 00:00:00 2001
-From: Andrew Bartlett <abartlet@samba.org>
-Date: Mon, 14 Oct 2013 15:46:43 +1300
-Subject: [PATCH 119/249] param: Autogenerate s3 lp_ctx glue table
-
-This allows us to use more lpcfg_ functions without adding them
-manually.
-
-Signed-off-by: Andrew Bartlett <abartlet@samba.org>
-Reviewed-by: Stefan Metzmacher <metze@samba.org>
----
- lib/param/wscript_build | 1 +
- script/mks3param_ctx_table.pl | 139 ++++++++++++++++++++++++++++++++++++++++++
- source3/param/loadparm_ctx.c | 64 +------------------
- source3/param/wscript_build | 5 ++
- 4 files changed, 146 insertions(+), 63 deletions(-)
- create mode 100644 script/mks3param_ctx_table.pl
-
-diff --git a/lib/param/wscript_build b/lib/param/wscript_build
-index 10e05a3..0e1a2e0 100644
---- a/lib/param/wscript_build
-+++ b/lib/param/wscript_build
-@@ -11,6 +11,7 @@ bld.SAMBA_GENERATOR('s3_param_h',
- target='s3_param.h',
- rule='${PERL} ${SRC[0].abspath(env)} ${SRC[1].abspath(env)} ${SRC[2].abspath(env)} --file ${TGT}')
-
-+
- bld.SAMBA_GENERATOR('param_global_h',
- source= '../../script/mkparamdefs.pl loadparm.c param_functions.c',
- target='param_global.h',
-diff --git a/script/mks3param_ctx_table.pl b/script/mks3param_ctx_table.pl
-new file mode 100644
-index 0000000..cfd6e02
---- /dev/null
-+++ b/script/mks3param_ctx_table.pl
-@@ -0,0 +1,139 @@
-+#!/usr/bin/perl
-+# Generate loadparm interfaces tables for Samba3/Samba4 integration
-+# by Andrew Bartlett
-+# based on mkproto.pl Written by Jelmer Vernooij
-+# based on the original mkproto.sh by Andrew Tridgell
-+
-+use strict;
-+
-+# don't use warnings module as it is not portable enough
-+# use warnings;
-+
-+use Getopt::Long;
-+use File::Basename;
-+use File::Path;
-+
-+#####################################################################
-+# read a file into a string
-+
-+my $file = undef;
-+my $public_define = undef;
-+my $_public = "";
-+my $_private = "";
-+my $public_data = \$_public;
-+my $builddir = ".";
-+my $srcdir = ".";
-+
-+sub public($)
-+{
-+ my ($d) = @_;
-+ $$public_data .= $d;
-+}
-+
-+sub usage()
-+{
-+ print "Usage: mks3param.pl [options] [c files]\n";
-+ print "OPTIONS:\n";
-+ print " --srcdir=path Read files relative to this directory\n";
-+ print " --builddir=path Write file relative to this directory\n";
-+ print " --help Print this help message\n\n";
-+ exit 0;
-+}
-+
-+GetOptions(
-+ 'file=s' => sub { my ($f,$v) = @_; $file = $v; },
-+ 'srcdir=s' => sub { my ($f,$v) = @_; $srcdir = $v; },
-+ 'builddir=s' => sub { my ($f,$v) = @_; $builddir = $v; },
-+ 'help' => \&usage
-+) or exit(1);
-+
-+sub file_load($)
-+{
-+ my($filename) = @_;
-+ local(*INPUTFILE);
-+ open(INPUTFILE, $filename) or return undef;
-+ my($saved_delim) = $/;
-+ undef $/;
-+ my($data) = <INPUTFILE>;
-+ close(INPUTFILE);
-+ $/ = $saved_delim;
-+ return $data;
-+}
-+
-+sub print_header($)
-+{
-+ my ($file) = @_;
-+ $file->("/* This file was automatically generated by mks3param_ctx.pl. DO NOT EDIT */\n\n");
-+ $file->("static const struct loadparm_s3_helpers s3_fns = \n");
-+ $file->("{\n");
-+ $file->("\t.get_parametric = lp_parm_const_string_service,\n");
-+ $file->("\t.get_parm_struct = lp_get_parameter,\n");
-+ $file->("\t.get_parm_ptr = lp_parm_ptr,\n");
-+ $file->("\t.get_service = lp_service_for_s4_ctx,\n");
-+ $file->("\t.get_servicebynum = lp_servicebynum_for_s4_ctx,\n");
-+ $file->("\t.get_default_loadparm_service = lp_default_loadparm_service,\n");
-+ $file->("\t.get_numservices = lp_numservices,\n");
-+ $file->("\t.load = lp_load_for_s4_ctx,\n");
-+ $file->("\t.set_cmdline = lp_set_cmdline,\n");
-+ $file->("\t.dump = lp_dump,\n");
-+}
-+
-+sub print_footer($)
-+{
-+ my ($file) = @_;
-+ $file->("};");
-+}
-+
-+sub handle_loadparm($$)
-+{
-+ my ($file,$line) = @_;
-+
-+ # STRING isn't handled here, as we still don't know what to do with the substituted vars */
-+ # LOCAL also isn't handled here
-+ if ($line =~ /^FN_(GLOBAL)_(CONST_STRING|BOOL|bool|CHAR|INTEGER|LIST)\((\w+),.*\)/o) {
-+ my $scope = $1;
-+ my $type = $2;
-+ my $name = $3;
-+
-+ $file->(".$name = lp_$name,\n");
-+ }
-+}
-+
-+sub process_file($$)
-+{
-+ my ($file, $filename) = @_;
-+
-+ $filename =~ s/\.o$/\.c/g;
-+
-+ if ($filename =~ /^\//) {
-+ open(FH, "<$filename") or die("Failed to open $filename");
-+ } elsif (!open(FH, "< $builddir/$filename")) {
-+ open(FH, "< $srcdir/$filename") || die "Failed to open $filename";
-+ }
-+
-+ my $comment = undef;
-+ my $incomment = 0;
-+ while (my $line = <FH>) {
-+ if ($line =~ /^FN_/) {
-+ handle_loadparm($file, $line);
-+ }
-+ next;
-+ }
-+
-+ close(FH);
-+}
-+
-+
-+print_header(\&public);
-+
-+process_file(\&public, $_) foreach (@ARGV);
-+print_footer(\&public);
-+
-+if (not defined($file)) {
-+ print STDOUT $$public_data;
-+}
-+
-+mkpath(dirname($file), 0, 0755);
-+open(PUBLIC, ">$file") or die("Can't open `$file': $!");
-+print PUBLIC "$$public_data";
-+close(PUBLIC);
-diff --git a/source3/param/loadparm_ctx.c b/source3/param/loadparm_ctx.c
-index 63ead53..5cbc920 100644
---- a/source3/param/loadparm_ctx.c
-+++ b/source3/param/loadparm_ctx.c
-@@ -56,69 +56,7 @@ static bool lp_load_for_s4_ctx(const char *filename)
- return status;
- }
-
--/* These are in the order that they appear in the s4 loadparm file.
-- * All of the s4 loadparm functions should be here eventually, once
-- * they are implemented in the s3 loadparm, have the same format (enum
-- * values in particular) and defaults. */
--static const struct loadparm_s3_helpers s3_fns =
--{
-- .get_parametric = lp_parm_const_string_service,
-- .get_parm_struct = lp_get_parameter,
-- .get_parm_ptr = lp_parm_ptr,
-- .get_service = lp_service_for_s4_ctx,
-- .get_servicebynum = lp_servicebynum_for_s4_ctx,
-- .get_default_loadparm_service = lp_default_loadparm_service,
-- .get_numservices = lp_numservices,
-- .load = lp_load_for_s4_ctx,
-- .set_cmdline = lp_set_cmdline,
-- .dump = lp_dump,
--
-- ._server_role = lp__server_role,
-- ._security = lp__security,
-- ._domain_master = lp__domain_master,
-- ._domain_logons = lp__domain_logons,
--
-- .winbind_separator = lp_winbind_separator,
-- .template_homedir = lp_template_homedir,
-- .template_shell = lp_template_shell,
--
-- .dos_charset = lp_dos_charset,
-- .unix_charset = lp_unix_charset,
--
-- .realm = lp_realm,
-- .dnsdomain = lp_dnsdomain,
-- .socket_options = lp_socket_options,
-- .workgroup = lp_workgroup,
--
-- .netbios_name = lp_netbios_name,
-- .netbios_scope = lp_netbios_scope,
-- .netbios_aliases = lp_netbios_aliases,
--
-- .lanman_auth = lp_lanman_auth,
-- .ntlm_auth = lp_ntlm_auth,
--
-- .client_plaintext_auth = lp_client_plaintext_auth,
-- .client_lanman_auth = lp_client_lanman_auth,
-- .client_ntlmv2_auth = lp_client_ntlmv2_auth,
-- .client_use_spnego_principal = lp_client_use_spnego_principal,
--
-- .private_dir = lp_private_dir,
-- .ncalrpc_dir = lp_ncalrpc_dir,
-- .lockdir = lp_lockdir,
--
-- .passdb_backend = lp_passdb_backend,
--
-- .host_msdfs = lp_host_msdfs,
-- .unix_extensions = lp_unix_extensions,
-- .use_spnego = lp_use_spnego,
-- .use_mmap = lp_use_mmap,
-- .use_ntdb = lp_use_ntdb,
--
-- .srv_minprotocol = lp_srv_minprotocol,
-- .srv_maxprotocol = lp_srv_maxprotocol,
--
-- .passwordserver = lp_passwordserver
--};
-+#include "loadparm_ctx_table.c"
-
- const struct loadparm_s3_helpers *loadparm_s3_helpers(void)
- {
-diff --git a/source3/param/wscript_build b/source3/param/wscript_build
-index 643c27e..673cb4d 100644
---- a/source3/param/wscript_build
-+++ b/source3/param/wscript_build
-@@ -18,6 +18,11 @@ bld.SAMBA_GENERATOR('s3_param_proto_h',
- target='param_proto.h',
- rule='${PERL} ${SRC[0].abspath(env)} ${SRC[1].abspath(env)} ${SRC[2].abspath(env)} --file ${TGT}')
-
-+bld.SAMBA_GENERATOR('s3_loadparm_ctx_table_c',
-+ source= ' ../../script/mks3param_ctx_table.pl ../../lib/param/loadparm.c ../../lib/param/param_functions.c',
-+ target='loadparm_ctx_table.c',
-+ rule='${PERL} ${SRC[0].abspath(env)} ${SRC[1].abspath(env)} ${SRC[2].abspath(env)} --file ${TGT}')
-+
- bld.SAMBA3_PYTHON('pys3param',
- source='pyparam.c',
- deps='param',
---
-1.9.3
-
-
-From 0046f49e1c690cf5b119859650f06559697fd103 Mon Sep 17 00:00:00 2001
-From: Andrew Bartlett <abartlet@samba.org>
-Date: Mon, 14 Oct 2013 15:49:25 +1300
-Subject: [PATCH 120/249] proto: Remove manually written lp_ prototypes
-
-This also ensures we remove prototypes from parameters we remove or
-rename, and easily see how many special cases we have left.
-
-Signed-off-by: Andrew Bartlett <abartlet@samba.org>
-Reviewed-by: Stefan Metzmacher <metze@samba.org>
----
- source3/include/proto.h | 361 +-----------------------------------------------
- 1 file changed, 1 insertion(+), 360 deletions(-)
-
-diff --git a/source3/include/proto.h b/source3/include/proto.h
-index 614baa4..5e068d2 100644
---- a/source3/include/proto.h
-+++ b/source3/include/proto.h
-@@ -995,379 +995,20 @@ NTSTATUS change_trust_account_password( const char *domain, const char *remote_m
-
- #include "source3/param/param_proto.h"
-
--const char **lp_smb_ports(void);
--const char *lp_dos_charset(void);
--const char *lp_unix_charset(void);
--char *lp_logfile(TALLOC_CTX *ctx);
--char *lp_configfile(TALLOC_CTX *ctx);
--const char *lp_smb_passwd_file(void);
--const char *lp_private_dir(void);
--char *lp_serverstring(TALLOC_CTX *ctx);
--int lp_printcap_cache_time(void);
--char *lp_addport_cmd(TALLOC_CTX *ctx);
--char *lp_enumports_cmd(TALLOC_CTX *ctx);
--char *lp_addprinter_cmd(TALLOC_CTX *ctx);
--char *lp_deleteprinter_cmd(TALLOC_CTX *ctx);
--char *lp_os2_driver_map(TALLOC_CTX *ctx);
--const char *lp_lockdir(void);
- const char *lp_statedir(void);
- const char *lp_cachedir(void);
--const char *lp_piddir(void);
--char *lp_mangling_method(TALLOC_CTX *ctx);
--int lp_mangle_prefix(void);
--const char *lp_utmpdir(void);
--const char *lp_wtmpdir(void);
--bool lp_utmp(void);
--char *lp_rootdir(TALLOC_CTX *ctx);
--char *lp_defaultservice(TALLOC_CTX *ctx);
--char *lp_msg_command(TALLOC_CTX *ctx);
--char *lp_get_quota_command(TALLOC_CTX *ctx);
--char *lp_set_quota_command(TALLOC_CTX *ctx);
--char *lp_auto_services(TALLOC_CTX *ctx);
--char *lp_passwd_program(TALLOC_CTX *ctx);
--char *lp_passwd_chat(TALLOC_CTX *ctx);
--const char *lp_passwordserver(void);
--const char **lp_name_resolve_order(void);
--const char *lp_netbios_scope(void);
--const char *lp_netbios_name(void);
--const char *lp_workgroup(void);
--const char *lp_realm(void);
--const char *lp_dnsdomain(void);
--const char *lp_afs_username_map(void);
--int lp_afs_token_lifetime(void);
--char *lp_log_nt_token_command(TALLOC_CTX *ctx);
--char *lp_username_map(TALLOC_CTX *ctx);
--const char *lp_logon_script(void);
--const char *lp_logon_path(void);
--const char *lp_logon_drive(void);
--const char *lp_logon_home(void);
--char *lp_remote_announce(TALLOC_CTX *ctx);
--char *lp_remote_browse_sync(TALLOC_CTX *ctx);
--bool lp_nmbd_bind_explicit_broadcast(void);
--const char **lp_wins_server_list(void);
--const char **lp_interfaces(void);
--const char *lp_nbt_client_socket_address(void);
--char *lp_nis_home_map_name(TALLOC_CTX *ctx);
--const char **lp_netbios_aliases(void);
--const char *lp_passdb_backend(void);
--const char **lp_preload_modules(void);
--char *lp_panic_action(TALLOC_CTX *ctx);
--char *lp_adduser_script(TALLOC_CTX *ctx);
--char *lp_renameuser_script(TALLOC_CTX *ctx);
--char *lp_deluser_script(TALLOC_CTX *ctx);
--const char *lp_guestaccount(void);
--char *lp_addgroup_script(TALLOC_CTX *ctx);
--char *lp_delgroup_script(TALLOC_CTX *ctx);
--char *lp_addusertogroup_script(TALLOC_CTX *ctx);
--char *lp_deluserfromgroup_script(TALLOC_CTX *ctx);
--char *lp_setprimarygroup_script(TALLOC_CTX *ctx);
--char *lp_addmachine_script(TALLOC_CTX *ctx);
--char *lp_shutdown_script(TALLOC_CTX *ctx);
--char *lp_abort_shutdown_script(TALLOC_CTX *ctx);
--char *lp_username_map_script(TALLOC_CTX *ctx);
--int lp_username_map_cache_time(void);
--char *lp_check_password_script(TALLOC_CTX *ctx);
--char *lp_wins_hook(TALLOC_CTX *ctx);
--const char *lp_template_homedir(void);
--const char *lp_template_shell(void);
--const char *lp_winbind_separator(void);
--const char *lp_winbindd_socket_directory(void);
--bool lp_winbind_enum_users(void);
--bool lp_winbind_enum_groups(void);
--bool lp_winbind_use_default_domain(void);
--bool lp_winbind_trusted_domains_only(void);
--bool lp_winbind_nested_groups(void);
--int lp_winbind_expand_groups(void);
--bool lp_winbind_refresh_tickets(void);
--bool lp_winbind_offline_logon(void);
--bool lp_winbind_normalize_names(void);
--bool lp_winbind_rpc_only(void);
--bool lp_create_krb5_conf(void);
- int lp_winbind_max_domain_connections(void);
--int lp_idmap_cache_time(void);
--int lp_idmap_negative_cache_time(void);
- bool lp_idmap_range(const char *domain_name, uint32_t *low, uint32_t *high);
- bool lp_idmap_default_range(uint32_t *low, uint32_t *high);
- const char *lp_idmap_backend(const char *domain_name);
- const char *lp_idmap_default_backend (void);
--int lp_keepalive(void);
--bool lp_passdb_expand_explicit(void);
--char *lp_ldap_suffix(TALLOC_CTX *ctx);
--char *lp_ldap_admin_dn(TALLOC_CTX *ctx);
--int lp_ldap_ssl(void);
--bool lp_ldap_ssl_ads(void);
--int lp_ldap_deref(void);
--int lp_ldap_follow_referral(void);
--int lp_ldap_passwd_sync(void);
--bool lp_ldap_delete_dn(void);
--int lp_ldap_replication_sleep(void);
--int lp_ldap_timeout(void);
--int lp_ldap_connection_timeout(void);
--int lp_ldap_page_size(void);
--int lp_ldap_debug_level(void);
--int lp_ldap_debug_threshold(void);
--char *lp_add_share_cmd(TALLOC_CTX *ctx);
--char *lp_change_share_cmd(TALLOC_CTX *ctx);
--char *lp_delete_share_cmd(TALLOC_CTX *ctx);
--char *lp_usershare_path(TALLOC_CTX *ctx);
--const char **lp_usershare_prefix_allow_list(void);
--const char **lp_usershare_prefix_deny_list(void);
--const char **lp_eventlog_list(void);
--bool lp_registry_shares(void);
--bool lp_usershare_allow_guests(void);
--bool lp_usershare_owner_only(void);
--bool lp_disable_netbios(void);
--bool lp_reset_on_zero_vc(void);
--bool lp_log_writeable_files_on_exit(void);
--bool lp_ms_add_printer_wizard(void);
--bool lp_wins_dns_proxy(void);
--bool lp_we_are_a_wins_server(void);
--bool lp_wins_proxy(void);
--bool lp_local_master(void);
--const char **lp_init_logon_delayed_hosts(void);
--int lp_init_logon_delay(void);
--bool lp_load_printers(void);
- bool lp_readraw(void);
--bool lp_large_readwrite(void);
- bool lp_writeraw(void);
--bool lp_null_passwords(void);
--bool lp_obey_pam_restrictions(void);
--bool lp_encrypted_passwords(void);
--int lp_client_schannel(void);
--int lp_server_schannel(void);
--bool lp_syslog_only(void);
--bool lp_timestamp_logs(void);
--bool lp_debug_prefix_timestamp(void);
--bool lp_debug_hires_timestamp(void);
--bool lp_debug_pid(void);
--bool lp_debug_uid(void);
--bool lp_debug_class(void);
--bool lp_enable_core_files(void);
--bool lp_browse_list(void);
--bool lp_nis_home_map(void);
--bool lp_bind_interfaces_only(void);
--bool lp_pam_password_change(void);
--bool lp_unix_password_sync(void);
--bool lp_passwd_chat_debug(void);
--int lp_passwd_chat_timeout(void);
--bool lp_nt_pipe_support(void);
--bool lp_nt_status_support(void);
--bool lp_stat_cache(void);
--int lp_max_stat_cache_size(void);
--bool lp_allow_trusted_domains(void);
--bool lp_map_untrusted_to_domain(void);
--int lp_restrict_anonymous(void);
--bool lp_lanman_auth(void);
--bool lp_ntlm_auth(void);
--bool lp_client_plaintext_auth(void);
--bool lp_client_lanman_auth(void);
--bool lp_client_ntlmv2_auth(void);
--bool lp_host_msdfs(void);
--bool lp_enhanced_browsing(void);
--bool lp_use_mmap(void);
--bool lp_use_ntdb(void);
--bool lp_unix_extensions(void);
--bool lp_unicode(void);
--bool lp_use_spnego(void);
--bool lp_client_use_spnego(void);
--bool lp_client_use_spnego_principal(void);
--bool lp_hostname_lookups(void);
--bool lp_change_notify(const struct share_params *p );
--bool lp_kernel_change_notify(const struct share_params *p );
--const char * lp_dedicated_keytab_file(void);
--int lp_kerberos_method(void);
--bool lp_defer_sharing_violations(void);
--bool lp_enable_privileges(void);
--bool lp_enable_asu_support(void);
--int lp_os_level(void);
--int lp_max_ttl(void);
--int lp_max_wins_ttl(void);
--int lp_min_wins_ttl(void);
--int lp_max_log_size(void);
--int lp_max_open_files(void);
--int lp_open_files_db_hash_size(void);
--int lp_max_xmit(void);
--int lp_maxmux(void);
--int lp_passwordlevel(void);
--int lp_usernamelevel(void);
--int lp_deadtime(void);
--bool lp_getwd_cache(void);
--int lp_srv_maxprotocol(void);
--int lp_srv_minprotocol(void);
--int lp_cli_maxprotocol(void);
--int lp_cli_minprotocol(void);
- int lp_security(void);
--int lp__server_role(void);
--int lp__security(void);
--int lp__domain_master(void);
--bool lp__domain_logons(void);
--const char **lp_auth_methods(void);
--bool lp_paranoid_server_security(void);
--int lp_maxdisksize(void);
--int lp_lpqcachetime(void);
--int lp_max_smbd_processes(void);
--bool lp__disable_spoolss(void);
--int lp_syslog(void);
--int lp_lm_announce(void);
--int lp_lm_interval(void);
--int lp_machine_password_timeout(void);
--int lp_map_to_guest(void);
--int lp_oplock_break_wait_time(void);
--int lp_lock_spin_time(void);
--int lp_usershare_max_shares(void);
--const char *lp_socket_options(void);
--int lp_config_backend(void);
--int lp_smb2_max_read(void);
--int lp_smb2_max_write(void);
--int lp_smb2_max_trans(void);
- int lp_smb2_max_credits(void);
--char *lp_preexec(TALLOC_CTX *ctx, int );
--char *lp_postexec(TALLOC_CTX *ctx, int );
--char *lp_rootpreexec(TALLOC_CTX *ctx, int );
--char *lp_rootpostexec(TALLOC_CTX *ctx, int );
--char *lp_servicename(TALLOC_CTX *ctx, int );
--const char *lp_const_servicename(int );
--char *lp_pathname(TALLOC_CTX *ctx, int );
--char *lp_dontdescend(TALLOC_CTX *ctx, int );
--char *lp_username(TALLOC_CTX *ctx, int );
--const char **lp_invalid_users(int );
--const char **lp_valid_users(int );
--const char **lp_admin_users(int );
--const char **lp_svcctl_list(void);
--char *lp_cups_options(TALLOC_CTX *ctx, int );
--char *lp_cups_server(TALLOC_CTX *ctx);
- int lp_cups_encrypt(void);
--char *lp_iprint_server(TALLOC_CTX *ctx);
--int lp_cups_connection_timeout(void);
--const char *lp_ctdbd_socket(void);
--const char *_lp_ctdbd_socket(void);
--const char **lp_cluster_addresses(void);
--bool lp_clustering(void);
--int lp_ctdb_timeout(void);
--int lp_ctdb_locktime_warn_threshold(void);
--char *lp_printcommand(TALLOC_CTX *ctx, int );
--char *lp_lpqcommand(TALLOC_CTX *ctx, int );
--char *lp_lprmcommand(TALLOC_CTX *ctx, int );
--char *lp_lppausecommand(TALLOC_CTX *ctx, int );
--char *lp_lpresumecommand(TALLOC_CTX *ctx, int );
--char *lp_queuepausecommand(TALLOC_CTX *ctx, int );
--char *lp_queueresumecommand(TALLOC_CTX *ctx, int );
--const char *lp_printjob_username(int );
--const char **lp_hostsallow(int );
--const char **lp_hostsdeny(int );
--char *lp_magicscript(TALLOC_CTX *ctx, int );
--char *lp_magicoutput(TALLOC_CTX *ctx, int );
--char *lp_comment(TALLOC_CTX *ctx, int );
--char *lp_force_user(TALLOC_CTX *ctx, int );
--char *lp_force_group(TALLOC_CTX *ctx, int );
--const char **lp_readlist(int );
--const char **lp_writelist(int );
--char *lp_fstype(TALLOC_CTX *ctx, int );
--const char **lp_vfs_objects(int );
--char *lp_msdfs_proxy(TALLOC_CTX *ctx, int );
--char *lp_veto_files(TALLOC_CTX *ctx, int );
--char *lp_hide_files(TALLOC_CTX *ctx, int );
--char *lp_veto_oplocks(TALLOC_CTX *ctx, int );
--bool lp_msdfs_root(int );
--char *lp_aio_write_behind(TALLOC_CTX *ctx, int );
--char *lp_dfree_command(TALLOC_CTX *ctx, int );
--bool lp_autoloaded(int );
--bool lp_preexec_close(int );
--bool lp_rootpreexec_close(int );
--int lp_casesensitive(int );
--bool lp_preservecase(int );
--bool lp_shortpreservecase(int );
--bool lp_hide_dot_files(int );
--bool lp_hide_special_files(int );
--bool lp_hideunreadable(int );
--bool lp_hideunwriteable_files(int );
--bool lp_browseable(int );
--bool lp_access_based_share_enum(int );
--bool lp_readonly(int );
--bool lp_guest_ok(int );
--bool lp_guest_only(int );
--bool lp_administrative_share(int );
--bool lp_print_ok(int );
--bool lp_print_notify_backchannel(int );
--bool lp_map_hidden(int );
--bool lp_map_archive(int );
--bool lp_store_dos_attributes(int );
--bool lp_dmapi_support(int );
--bool lp_locking(const struct share_params *p );
--int lp_strict_locking(const struct share_params *p );
--bool lp_posix_locking(const struct share_params *p );
--bool lp_oplocks(int );
--bool lp_kernel_oplocks(int );
--bool lp_level2_oplocks(int );
--bool lp_kernel_share_modes(int);
--bool lp_onlyuser(int );
--bool lp_manglednames(const struct share_params *p );
--bool lp_allow_insecure_widelinks(void);
- bool lp_widelinks(int );
--bool lp_symlinks(int );
--bool lp_syncalways(int );
--bool lp_strict_allocate(int );
--bool lp_strict_sync(int );
--bool lp_map_system(int );
--bool lp_delete_readonly(int );
--bool lp_fake_oplocks(int );
--bool lp_recursive_veto_delete(int );
--bool lp_dos_filemode(int );
--bool lp_dos_filetimes(int );
--bool lp_dos_filetime_resolution(int );
--bool lp_fake_dir_create_times(int);
--bool lp_async_smb_echo_handler(void);
--bool lp_multicast_dns_register(void);
--bool lp_blocking_locks(int );
--bool lp_inherit_perms(int );
--bool lp_inherit_acls(int );
--bool lp_inherit_owner(int );
--bool lp_use_client_driver(int );
--bool lp_default_devmode(int );
--bool lp_force_printername(int );
--bool lp_nt_acl_support(int );
--bool lp_force_unknown_acl_user(int );
--bool lp_ea_support(int );
--bool lp__use_sendfile(int );
--bool lp_profile_acls(int );
--bool lp_map_acl_inherit(int );
--bool lp_afs_share(int );
--bool lp_acl_check_permissions(int );
--bool lp_acl_group_control(int );
--bool lp_acl_map_full_control(int );
--bool lp_acl_allow_execute_always(int);
--bool lp_durable_handles(int);
--int lp_create_mask(int );
--int lp_force_create_mode(int );
--int lp_dir_mask(int );
--int lp_force_dir_mode(int );
--int lp_max_connections(int );
--int lp_defaultcase(int );
--int lp_minprintspace(int );
--int lp_printing(int );
--int lp_max_reported_jobs(int );
--int lp_oplock_contention_limit(int );
--int lp_csc_policy(int );
--int lp_write_cache_size(int );
--int lp_block_size(int );
--int lp_dfree_cache_time(int );
--int lp_allocation_roundup_size(int );
--int lp_aio_read_size(int );
--int lp_aio_write_size(int );
--int lp_map_readonly(int );
--int lp_directory_name_cache_size(int );
--int lp_smb_encrypt(int );
--char lp_magicchar(const struct share_params *p );
--int lp_winbind_cache_time(void);
--int lp_winbind_reconnect_delay(void);
--int lp_winbind_request_timeout(void);
--int lp_winbind_max_clients(void);
--const char **lp_winbind_nss_info(void);
--int lp_algorithmic_rid_base(void);
--int lp_name_cache_timeout(void);
--int lp_client_signing(void);
--int lp_server_signing(void);
--int lp_client_ldap_sasl_wrapping(void);
-+
- char *lp_parm_talloc_string(TALLOC_CTX *ctx, int snum, const char *type, const char *option, const char *def);
- const char *lp_parm_const_string(int snum, const char *type, const char *option, const char *def);
- struct loadparm_service;
---
-1.9.3
-
-
-From 5d2278756b5a7372106cbdf9b8d66fb8a0cf5033 Mon Sep 17 00:00:00 2001
-From: Andrew Bartlett <abartlet@samba.org>
-Date: Wed, 16 Oct 2013 14:45:31 +1300
-Subject: [PATCH 121/249] lib/param: Add documentation on how loadparm works
-
-Signed-off-by: Andrew Bartlett <abartlet@samba.org>
-Reviewed-by: Stefan Metzmacher <metze@samba.org>
-Reviewed-by: Volker Lendecke <vl@samba.org>
----
- lib/param/README | 69 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++
- 1 file changed, 69 insertions(+)
-
-diff --git a/lib/param/README b/lib/param/README
-index 403a217..b567d71 100644
---- a/lib/param/README
-+++ b/lib/param/README
-@@ -1,4 +1,73 @@
-+libsamba-hostconfig
-+-------------------
-+
- This directory contains "libsamba-hostconfig".
-
- The libsamba-hostconfig library provides access to all host-wide configuration
- such as the configured shares, default parameter values and host secret keys.
-+
-+
-+Adding a parameter
-+------------------
-+
-+To add or change an smb.conf option, you only have to modify
-+lib/param/param_table.c and lib/param/param_functions.c. The rest is
-+generated for you.
-+
-+
-+Using smb.conf parameters in the code
-+-------------------------------------
-+
-+Call the lpcfg_*() function. To get the lp_ctx, have the caller pass
-+it to you. To get a lp_ctx for the source3/param loadparm system, use:
-+
-+struct loadparm_context *lp_ctx = loadparm_init_s3(tmp_ctx, loadparm_s3_helpers());
-+
-+Remember to talloc_unlink(tmp_ctx, lp_ctx) the result when you are done!
-+
-+To get a lp_ctx for the lib/param loadparm system, typically the
-+pointer is already set up by popt at startup, and is passed down from
-+cmdline_lp_ctx.
-+
-+In pure source3/ code, you may use lp_*() functions, but are
-+encouraged to use the lpcfg_*() functions so that code can be made
-+common.
-+
-+
-+How does loadparm_init_s3() work?
-+---------------------------------
-+
-+loadparm_s3_helpers() returns a initialised table of function
-+pointers, pointing at all global lp_*() functions, except for those
-+that return substituted strings (% macros). The lpcfg_*() function
-+then calls this plugged in function, allowing the one function and
-+pattern to use either loadparm system.
-+
-+
-+There is a lot of generated code, here, what generates what?
-+------------------------------------------------------------
-+
-+The regular format of the CPP macros in param_functions.c is used to
-+generate up the prototypes (mkproto.pl, mks3param_proto.pl), the service
-+and globals table (mkparamdefs.pl), the glue table (mmks3param.pl) and
-+the initilisation of the glue table (mks3param_ctx_table.pl).
-+
-+I have tried combining some of these, but it just makes the scripts more
-+complex.
-+
-+The CPP macros are defined in and expand in lib/param/loadparm.c and
-+source3/param/loadparm.c to read the values from the generated
-+stuctures. They are CPP #included into these files so that the same
-+macro has two definitions, depending on the system it is loading into.
-+
-+
-+Why was this done, rather than a 'proper' fix, or just using one system or the other?
-+-------------------------------------------------------------------------------------
-+
-+This was done to allow merging from both ends - merging more parts of
-+the loadparm handling, and merging code that needs to read the
-+smb.conf, without having to do it all at once. Ideally
-+param_functions.c would be generated from param_table.c or (even
-+better) our XML manpage source, and the CPP macros would instead be
-+generated expanded as generated C files, but this is a task nobody has
-+taken on yet.
---
-1.9.3
-
-
-From 7734a867500f5b7415f818077229f74486101c51 Mon Sep 17 00:00:00 2001
-From: Stefan Metzmacher <metze@samba.org>
-Date: Mon, 12 Aug 2013 08:19:08 +0200
-Subject: [PATCH 122/249] librpc/rpc: add dcerpc_binding_handle_auth_info()
-
-Signed-off-by: Stefan Metzmacher <metze@samba.org>
----
- librpc/rpc/binding_handle.c | 25 +++++++++++++++++++++++++
- librpc/rpc/rpc_common.h | 8 ++++++++
- 2 files changed, 33 insertions(+)
-
-diff --git a/librpc/rpc/binding_handle.c b/librpc/rpc/binding_handle.c
-index 9354bbd..714baa7 100644
---- a/librpc/rpc/binding_handle.c
-+++ b/librpc/rpc/binding_handle.c
-@@ -98,6 +98,31 @@ uint32_t dcerpc_binding_handle_set_timeout(struct dcerpc_binding_handle *h,
- return h->ops->set_timeout(h, timeout);
- }
-
-+void dcerpc_binding_handle_auth_info(struct dcerpc_binding_handle *h,
-+ enum dcerpc_AuthType *auth_type,
-+ enum dcerpc_AuthLevel *auth_level)
-+{
-+ enum dcerpc_AuthType _auth_type;
-+ enum dcerpc_AuthLevel _auth_level;
-+
-+ if (auth_type == NULL) {
-+ auth_type = &_auth_type;
-+ }
-+
-+ if (auth_level == NULL) {
-+ auth_level = &_auth_level;
-+ }
-+
-+ *auth_type = DCERPC_AUTH_TYPE_NONE;
-+ *auth_level = DCERPC_AUTH_LEVEL_NONE;
-+
-+ if (h->ops->auth_info == NULL) {
-+ return;
-+ }
-+
-+ h->ops->auth_info(h, auth_type, auth_level);
-+}
-+
- struct dcerpc_binding_handle_raw_call_state {
- const struct dcerpc_binding_handle_ops *ops;
- uint8_t *out_data;
-diff --git a/librpc/rpc/rpc_common.h b/librpc/rpc/rpc_common.h
-index d2816f5..978229e 100644
---- a/librpc/rpc/rpc_common.h
-+++ b/librpc/rpc/rpc_common.h
-@@ -189,6 +189,10 @@ struct dcerpc_binding_handle_ops {
- uint32_t (*set_timeout)(struct dcerpc_binding_handle *h,
- uint32_t timeout);
-
-+ void (*auth_info)(struct dcerpc_binding_handle *h,
-+ enum dcerpc_AuthType *auth_type,
-+ enum dcerpc_AuthLevel *auth_level);
-+
- struct tevent_req *(*raw_call_send)(TALLOC_CTX *mem_ctx,
- struct tevent_context *ev,
- struct dcerpc_binding_handle *h,
-@@ -259,6 +263,10 @@ bool dcerpc_binding_handle_is_connected(struct dcerpc_binding_handle *h);
- uint32_t dcerpc_binding_handle_set_timeout(struct dcerpc_binding_handle *h,
- uint32_t timeout);
-
-+void dcerpc_binding_handle_auth_info(struct dcerpc_binding_handle *h,
-+ enum dcerpc_AuthType *auth_type,
-+ enum dcerpc_AuthLevel *auth_level);
-+
- struct tevent_req *dcerpc_binding_handle_raw_call_send(TALLOC_CTX *mem_ctx,
- struct tevent_context *ev,
- struct dcerpc_binding_handle *h,
---
-1.9.3
-
-
-From 04a9531474630c62c3f717e251d9f1469013f5ae Mon Sep 17 00:00:00 2001
-From: Stefan Metzmacher <metze@samba.org>
-Date: Mon, 12 Aug 2013 08:19:35 +0200
-Subject: [PATCH 123/249] s3:rpc_client: implement
- dcerpc_binding_handle_auth_info()
-
-Signed-off-by: Stefan Metzmacher <metze@samba.org>
----
- source3/rpc_client/cli_pipe.c | 20 ++++++++++++++++++++
- 1 file changed, 20 insertions(+)
-
-diff --git a/source3/rpc_client/cli_pipe.c b/source3/rpc_client/cli_pipe.c
-index 64e7f1c..a343997 100644
---- a/source3/rpc_client/cli_pipe.c
-+++ b/source3/rpc_client/cli_pipe.c
-@@ -1867,6 +1867,25 @@ static uint32_t rpccli_bh_set_timeout(struct dcerpc_binding_handle *h,
- return rpccli_set_timeout(hs->rpc_cli, timeout);
- }
-
-+static void rpccli_bh_auth_info(struct dcerpc_binding_handle *h,
-+ enum dcerpc_AuthType *auth_type,
-+ enum dcerpc_AuthLevel *auth_level)
-+{
-+ struct rpccli_bh_state *hs = dcerpc_binding_handle_data(h,
-+ struct rpccli_bh_state);
-+
-+ if (hs->rpc_cli == NULL) {
-+ return;
-+ }
-+
-+ if (hs->rpc_cli->auth == NULL) {
-+ return;
-+ }
-+
-+ *auth_type = hs->rpc_cli->auth->auth_type;
-+ *auth_level = hs->rpc_cli->auth->auth_level;
-+}
-+
- struct rpccli_bh_raw_call_state {
- DATA_BLOB in_data;
- DATA_BLOB out_data;
-@@ -2046,6 +2065,7 @@ static const struct dcerpc_binding_handle_ops rpccli_bh_ops = {
- .name = "rpccli",
- .is_connected = rpccli_bh_is_connected,
- .set_timeout = rpccli_bh_set_timeout,
-+ .auth_info = rpccli_bh_auth_info,
- .raw_call_send = rpccli_bh_raw_call_send,
- .raw_call_recv = rpccli_bh_raw_call_recv,
- .disconnect_send = rpccli_bh_disconnect_send,
---
-1.9.3
-
-
-From 1db891bac30bb6c3bb0a022c5d1529a9f001237d Mon Sep 17 00:00:00 2001
-From: Stefan Metzmacher <metze@samba.org>
-Date: Mon, 12 Aug 2013 08:19:57 +0200
-Subject: [PATCH 124/249] s4:librpc: implement
- dcerpc_binding_handle_auth_info()
-
-Signed-off-by: Stefan Metzmacher <metze@samba.org>
----
- source4/librpc/rpc/dcerpc.c | 24 ++++++++++++++++++++++++
- 1 file changed, 24 insertions(+)
-
-diff --git a/source4/librpc/rpc/dcerpc.c b/source4/librpc/rpc/dcerpc.c
-index 2826160..56b821e 100644
---- a/source4/librpc/rpc/dcerpc.c
-+++ b/source4/librpc/rpc/dcerpc.c
-@@ -200,6 +200,29 @@ static uint32_t dcerpc_bh_set_timeout(struct dcerpc_binding_handle *h,
- return old;
- }
-
-+static void dcerpc_bh_auth_info(struct dcerpc_binding_handle *h,
-+ enum dcerpc_AuthType *auth_type,
-+ enum dcerpc_AuthLevel *auth_level)
-+{
-+ struct dcerpc_bh_state *hs = dcerpc_binding_handle_data(h,
-+ struct dcerpc_bh_state);
-+
-+ if (hs->p == NULL) {
-+ return;
-+ }
-+
-+ i