void dump_NL_AUTH_SIGNATURE(TALLOC_CTX *mem_ctx, const DATA_BLOB *blob) { enum ndr_err_code ndr_err; uint16_t signature_algorithm; if (blob->length < 2) { return; } signature_algorithm = SVAL(blob->data, 0); switch (signature_algorithm) { case NL_SIGN_HMAC_MD5: { struct NL_AUTH_SIGNATURE r; ndr_err = ndr_pull_struct_blob(blob, mem_ctx, NULL, &r, (ndr_pull_flags_fn_t)ndr_pull_NL_AUTH_SIGNATURE); if (NDR_ERR_CODE_IS_SUCCESS(ndr_err)) { NDR_PRINT_DEBUG(NL_AUTH_SIGNATURE, &r); } break; } case NL_SIGN_HMAC_SHA256: { struct NL_AUTH_SHA2_SIGNATURE r; ndr_err = ndr_pull_struct_blob(blob, mem_ctx, NULL, &r, (ndr_pull_flags_fn_t)ndr_pull_NL_AUTH_SHA2_SIGNATURE); if (NDR_ERR_CODE_IS_SUCCESS(ndr_err)) { NDR_PRINT_DEBUG(NL_AUTH_SHA2_SIGNATURE, &r); } break; } default: break; } }
_PUBLIC_ void ndr_print_ntlmssp_lm_response(TALLOC_CTX *mem_ctx, const DATA_BLOB *lm_response, bool ntlmv2) { enum ndr_err_code ndr_err; if (ntlmv2) { struct LMv2_RESPONSE lm; if (lm_response->length == 24) { ndr_err = ndr_pull_struct_blob(lm_response, mem_ctx, &lm, (ndr_pull_flags_fn_t)ndr_pull_LMv2_RESPONSE); if (NDR_ERR_CODE_IS_SUCCESS(ndr_err)) { NDR_PRINT_DEBUG(LMv2_RESPONSE, &lm); } } } else { struct LM_RESPONSE lm; if (lm_response->length == 24) { ndr_err = ndr_pull_struct_blob(lm_response, mem_ctx, &lm, (ndr_pull_flags_fn_t)ndr_pull_LM_RESPONSE); if (NDR_ERR_CODE_IS_SUCCESS(ndr_err)) { NDR_PRINT_DEBUG(LM_RESPONSE, &lm); } } } }
/* receive some data on a WREPL connection */ static NTSTATUS wreplsrv_process(struct wreplsrv_in_connection *wrepl_conn, struct wreplsrv_in_call **_call) { struct wrepl_wrap packet_out_wrap; NTSTATUS status; enum ndr_err_code ndr_err; struct wreplsrv_in_call *call = *_call; ndr_err = ndr_pull_struct_blob(&call->in, call, &call->req_packet, (ndr_pull_flags_fn_t)ndr_pull_wrepl_packet); if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) { return ndr_map_error2ntstatus(ndr_err); } if (DEBUGLVL(10)) { DEBUG(10,("Received WINS-Replication packet of length %u\n", (unsigned int) call->in.length + 4)); NDR_PRINT_DEBUG(wrepl_packet, &call->req_packet); } status = wreplsrv_in_call(call); NT_STATUS_IS_ERR_RETURN(status); if (!NT_STATUS_IS_OK(status)) { /* w2k just ignores invalid packets, so we do */ DEBUG(10,("Received WINS-Replication packet was invalid, we just ignore it\n")); TALLOC_FREE(call); *_call = NULL; return NT_STATUS_OK; } /* and now encode the reply */ packet_out_wrap.packet = call->rep_packet; ndr_err = ndr_push_struct_blob(&call->out, call, &packet_out_wrap, (ndr_push_flags_fn_t) ndr_push_wrepl_wrap); if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) { return ndr_map_error2ntstatus(ndr_err); } if (DEBUGLVL(10)) { DEBUG(10,("Sending WINS-Replication packet of length %u\n", (unsigned int) call->out.length)); NDR_PRINT_DEBUG(wrepl_packet, &call->rep_packet); } return NT_STATUS_OK; }
static TDB_DATA unparse_share_modes(struct share_mode_data *d) { DATA_BLOB blob; enum ndr_err_code ndr_err; if (DEBUGLEVEL >= 10) { DEBUG(10, ("unparse_share_modes:\n")); NDR_PRINT_DEBUG(share_mode_data, d); } remove_stale_share_mode_entries(d); if (d->num_share_modes == 0) { DEBUG(10, ("No used share mode found\n")); return make_tdb_data(NULL, 0); } ndr_err = ndr_push_struct_blob( &blob, d, d, (ndr_push_flags_fn_t)ndr_push_share_mode_data); if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) { smb_panic("ndr_push_share_mode_lock failed"); } return make_tdb_data(blob.data, blob.length); }
static bool leases_db_key(TALLOC_CTX *mem_ctx, const struct GUID *client_guid, const struct smb2_lease_key *lease_key, TDB_DATA *key) { struct leases_db_key db_key = { .client_guid = *client_guid, .lease_key = *lease_key }; DATA_BLOB blob; enum ndr_err_code ndr_err; if (DEBUGLEVEL >= 10) { DEBUG(10, ("%s:\n", __func__)); NDR_PRINT_DEBUG(leases_db_key, &db_key); } ndr_err = ndr_push_struct_blob( &blob, mem_ctx, &db_key, (ndr_push_flags_fn_t)ndr_push_leases_db_key); if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) { DEBUG(10, ("%s: ndr_push_struct_blob_failed: %s\n", __func__, ndr_errstr(ndr_err))); return false; } *key = make_tdb_data(blob.data, blob.length); return true; }
/** * @brief Decodes a ncacn_packet * * @param mem_ctx The memory context on which to allocate the packet * elements * @param blob The blob of data to decode * @param r An empty ncacn_packet, must not be NULL * @param bigendian Whether the packet is bignedian encoded * * @return a NTSTATUS error code */ NTSTATUS dcerpc_pull_ncacn_packet(TALLOC_CTX *mem_ctx, const DATA_BLOB *blob, struct ncacn_packet *r, bool bigendian) { enum ndr_err_code ndr_err; struct ndr_pull *ndr; ndr = ndr_pull_init_blob(blob, mem_ctx); if (!ndr) { return NT_STATUS_NO_MEMORY; } if (bigendian) { ndr->flags |= LIBNDR_FLAG_BIGENDIAN; } ndr_err = ndr_pull_ncacn_packet(ndr, NDR_SCALARS|NDR_BUFFERS, r); if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) { talloc_free(ndr); return ndr_map_error2ntstatus(ndr_err); } talloc_free(ndr); if (DEBUGLEVEL >= 10) { NDR_PRINT_DEBUG(ncacn_packet, r); } return NT_STATUS_OK; }
static bool prep_getdc_request(const struct sockaddr_storage *dc_ss, const char *domain_name, const struct dom_sid *sid, uint32_t nt_version, const char *my_mailslot, int dgm_id, struct packet_struct *p) { TALLOC_CTX *frame = talloc_stackframe(); const char *my_acct_name; struct nbt_netlogon_packet packet; struct NETLOGON_SAM_LOGON_REQUEST *s; enum ndr_err_code ndr_err; DATA_BLOB blob = data_blob_null; struct dom_sid my_sid; bool ret = false; ZERO_STRUCT(packet); ZERO_STRUCT(my_sid); if (sid != NULL) { my_sid = *sid; } my_acct_name = talloc_asprintf(talloc_tos(), "%s$", lp_netbios_name()); if (my_acct_name == NULL) { goto fail; } packet.command = LOGON_SAM_LOGON_REQUEST; s = &packet.req.logon; s->request_count = 0; s->computer_name = lp_netbios_name(); s->user_name = my_acct_name; s->mailslot_name = my_mailslot; s->acct_control = ACB_WSTRUST; s->sid = my_sid; s->nt_version = nt_version; s->lmnt_token = 0xffff; s->lm20_token = 0xffff; if (DEBUGLEVEL >= 10) { NDR_PRINT_DEBUG(nbt_netlogon_packet, &packet); } ndr_err = ndr_push_struct_blob(&blob, talloc_tos(), &packet, (ndr_push_flags_fn_t)ndr_push_nbt_netlogon_packet); if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) { goto fail; } ret = cli_prep_mailslot(false, NBT_MAILSLOT_NTLOGON, 0, (char *)blob.data, blob.length, lp_netbios_name(), 0, domain_name, 0x1c, dc_ss, dgm_id, p); fail: TALLOC_FREE(frame); return ret; }
static NTSTATUS ntlmssp3_client_initial(struct ntlmssp_state *ntlmssp_state, TALLOC_CTX *out_mem_ctx, DATA_BLOB in, DATA_BLOB *out) { const char *domain = ntlmssp_state->client.netbios_domain; const char *workstation = ntlmssp_state->client.netbios_name; NTSTATUS status; /* These don't really matter in the initial packet, so don't panic if they are not set */ if (!domain) { domain = ""; } if (!workstation) { workstation = ""; } if (ntlmssp_state->unicode) { ntlmssp_state->neg_flags |= NTLMSSP_NEGOTIATE_UNICODE; } else { ntlmssp_state->neg_flags |= NTLMSSP_NEGOTIATE_OEM; } if (ntlmssp_state->use_ntlmv2) { ntlmssp_state->neg_flags |= NTLMSSP_NEGOTIATE_NTLM2; } /* generate the ntlmssp negotiate packet */ status = msrpc_gen(out_mem_ctx, out, "CddAA", "NTLMSSP", NTLMSSP_NEGOTIATE, ntlmssp_state->neg_flags, domain, workstation); if (!NT_STATUS_IS_OK(status)) { DEBUG(0, ("ntlmssp_client_initial: failed to generate " "ntlmssp negotiate packet\n")); return status; } if (DEBUGLEVEL >= 10) { struct NEGOTIATE_MESSAGE *negotiate = talloc( talloc_tos(), struct NEGOTIATE_MESSAGE); if (negotiate != NULL) { status = ntlmssp_pull_NEGOTIATE_MESSAGE( out, negotiate, negotiate); if (NT_STATUS_IS_OK(status)) { NDR_PRINT_DEBUG(NEGOTIATE_MESSAGE, negotiate); } TALLOC_FREE(negotiate); } } ntlmssp_state->expected_state = NTLMSSP_CHALLENGE; return NT_STATUS_MORE_PROCESSING_REQUIRED; }
/** * @brief NDR Encodes a dcerpc_auth structure * * @param mem_ctx The memory context the blob will be allocated on * @param auth_type The DCERPC Authentication Type * @param auth_level The DCERPC Authentication Level * @param auth_pad_length The padding added to the packet this blob will be * appended to. * @param auth_context_id The context id * @param credentials The authentication credentials blob (signature) * @param blob [out] The encoded blob if successful * * @return a NTSTATUS error code */ NTSTATUS dcerpc_push_dcerpc_auth(TALLOC_CTX *mem_ctx, enum dcerpc_AuthType auth_type, enum dcerpc_AuthLevel auth_level, uint8_t auth_pad_length, uint32_t auth_context_id, const DATA_BLOB *credentials, DATA_BLOB *blob) { struct dcerpc_auth r; enum ndr_err_code ndr_err; r.auth_type = auth_type; r.auth_level = auth_level; r.auth_pad_length = auth_pad_length; r.auth_reserved = 0; r.auth_context_id = auth_context_id; r.credentials = *credentials; ndr_err = ndr_push_struct_blob(blob, mem_ctx, &r, (ndr_push_flags_fn_t)ndr_push_dcerpc_auth); if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) { return ndr_map_error2ntstatus(ndr_err); } if (DEBUGLEVEL >= 10) { NDR_PRINT_DEBUG(dcerpc_auth, &r); } return NT_STATUS_OK; }
/* receive an incoming dgram request. This is used for general datagram requests. Mailslot requests for our listening mailslots are handled in the specific mailslot handlers */ void dgram_request_handler(struct nbt_dgram_socket *dgmsock, struct nbt_dgram_packet *packet, struct socket_address *src) { DEBUG(0,("General datagram request from %s:%d\n", src->addr, src->port)); NDR_PRINT_DEBUG(nbt_dgram_packet, packet); }
/* handle incoming browse mailslot requests */ void nbtd_mailslot_browse_handler(struct dgram_mailslot_handler *dgmslot, struct nbt_dgram_packet *packet, struct socket_address *src) { struct nbt_browse_packet *browse = talloc(dgmslot, struct nbt_browse_packet); struct nbt_name *name = &packet->data.msg.dest_name; NTSTATUS status; if (browse == NULL) { status = NT_STATUS_INVALID_PARAMETER; goto failed; } status = dgram_mailslot_browse_parse(dgmslot, browse, packet, browse); if (!NT_STATUS_IS_OK(status)) goto failed; DEBUG(4,("Browse %s (Op %d) on '%s' '%s' from %s:%d\n", nbt_browse_opcode_string(browse->opcode), browse->opcode, nbt_name_string(browse, name), dgmslot->mailslot_name, src->addr, src->port)); if (DEBUGLEVEL >= 10) { NDR_PRINT_DEBUG(nbt_browse_packet, browse); } talloc_free(browse); return; failed: DEBUG(2,("nbtd browse handler failed from %s:%d to %s - %s\n", src->addr, src->port, nbt_name_string(browse, name), nt_errstr(status))); talloc_free(browse); }
/* we received a badly formed packet - log it */ void nbtd_bad_packet(struct nbt_name_packet *packet, const struct socket_address *src, const char *reason) { DEBUG(2,("nbtd: bad packet '%s' from %s:%d\n", reason, src->addr, src->port)); if (DEBUGLVL(5)) { NDR_PRINT_DEBUG(nbt_name_packet, packet); } }
static NTSTATUS inherit_new_acl(vfs_handle_struct *handle, files_struct *fsp, struct security_descriptor *parent_desc, bool is_directory) { TALLOC_CTX *ctx = talloc_tos(); NTSTATUS status = NT_STATUS_OK; struct security_descriptor *psd = NULL; size_t size; if (!sd_has_inheritable_components(parent_desc, is_directory)) { return NT_STATUS_OK; } /* Create an inherited descriptor from the parent. */ if (DEBUGLEVEL >= 10) { DEBUG(10,("inherit_new_acl: parent acl for %s is:\n", fsp_str_dbg(fsp) )); NDR_PRINT_DEBUG(security_descriptor, parent_desc); } status = se_create_child_secdesc(ctx, &psd, &size, parent_desc, &handle->conn->server_info->ptok->user_sids[PRIMARY_USER_SID_INDEX], &handle->conn->server_info->ptok->user_sids[PRIMARY_GROUP_SID_INDEX], is_directory); if (!NT_STATUS_IS_OK(status)) { return status; } if (DEBUGLEVEL >= 10) { DEBUG(10,("inherit_new_acl: child acl for %s is:\n", fsp_str_dbg(fsp) )); NDR_PRINT_DEBUG(security_descriptor, parent_desc); } return SMB_VFS_FSET_NT_ACL(fsp, (OWNER_SECURITY_INFORMATION | GROUP_SECURITY_INFORMATION | DACL_SECURITY_INFORMATION), psd); }
static struct share_mode_data *parse_share_modes(TALLOC_CTX *mem_ctx, const TDB_DATA dbuf) { struct share_mode_data *d; enum ndr_err_code ndr_err; uint32_t i; DATA_BLOB blob; d = talloc(mem_ctx, struct share_mode_data); if (d == NULL) { DEBUG(0, ("talloc failed\n")); goto fail; } blob.data = dbuf.dptr; blob.length = dbuf.dsize; ndr_err = ndr_pull_struct_blob_all( &blob, d, d, (ndr_pull_flags_fn_t)ndr_pull_share_mode_data); if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) { DEBUG(1, ("ndr_pull_share_mode_lock failed: %s\n", ndr_errstr(ndr_err))); goto fail; } /* * Initialize the values that are [skip] in the idl. The NDR code does * not initialize them. */ for (i=0; i<d->num_share_modes; i++) { struct share_mode_entry *e = &d->share_modes[i]; e->stale = false; e->lease = NULL; if (e->op_type != LEASE_OPLOCK) { continue; } if (e->lease_idx >= d->num_leases) { continue; } e->lease = &d->leases[e->lease_idx]; } d->modified = false; d->fresh = false; if (DEBUGLEVEL >= 10) { DEBUG(10, ("parse_share_modes:\n")); NDR_PRINT_DEBUG(share_mode_data, d); } return d; fail: TALLOC_FREE(d); return NULL; }
static NTSTATUS schannel_store_session_key_tdb(struct tdb_wrap *tdb_sc, TALLOC_CTX *mem_ctx, struct netlogon_creds_CredentialState *creds) { enum ndr_err_code ndr_err; DATA_BLOB blob; TDB_DATA value; int ret; char *keystr; char *name_upper; name_upper = strupper_talloc(mem_ctx, creds->computer_name); if (!name_upper) { return NT_STATUS_NO_MEMORY; } keystr = talloc_asprintf(mem_ctx, "%s/%s", SECRETS_SCHANNEL_STATE, name_upper); TALLOC_FREE(name_upper); if (!keystr) { return NT_STATUS_NO_MEMORY; } ndr_err = ndr_push_struct_blob(&blob, mem_ctx, creds, (ndr_push_flags_fn_t)ndr_push_netlogon_creds_CredentialState); if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) { talloc_free(keystr); return ndr_map_error2ntstatus(ndr_err); } value.dptr = blob.data; value.dsize = blob.length; ret = tdb_store_bystring(tdb_sc->tdb, keystr, value, TDB_REPLACE); if (ret != TDB_SUCCESS) { DEBUG(0,("Unable to add %s to session key db - %s\n", keystr, tdb_errorstr_compat(tdb_sc->tdb))); talloc_free(keystr); return NT_STATUS_INTERNAL_DB_CORRUPTION; } DEBUG(3,("schannel_store_session_key_tdb: stored schannel info with key %s\n", keystr)); if (DEBUGLEVEL >= 10) { NDR_PRINT_DEBUG(netlogon_creds_CredentialState, creds); } talloc_free(keystr); return NT_STATUS_OK; }
/* handle incoming netlogon mailslot requests */ void nbtd_mailslot_netlogon_handler(struct dgram_mailslot_handler *dgmslot, struct nbt_dgram_packet *packet, struct socket_address *src) { NTSTATUS status = NT_STATUS_NO_MEMORY; struct nbtd_interface *iface = talloc_get_type(dgmslot->private_data, struct nbtd_interface); struct nbt_netlogon_packet *netlogon = talloc(dgmslot, struct nbt_netlogon_packet); struct nbtd_iface_name *iname; struct nbt_name *name = &packet->data.msg.dest_name; if (netlogon == NULL) goto failed; /* see if the we are listening on the destination netbios name */ iname = nbtd_find_iname(iface, name, 0); if (iname == NULL) { status = NT_STATUS_BAD_NETWORK_NAME; goto failed; } DEBUG(5,("netlogon request to %s from %s:%d\n", nbt_name_string(netlogon, name), src->addr, src->port)); status = dgram_mailslot_netlogon_parse_request(dgmslot, netlogon, packet, netlogon); if (!NT_STATUS_IS_OK(status)) goto failed; switch (netlogon->command) { case LOGON_PRIMARY_QUERY: nbtd_netlogon_getdc(dgmslot, iface, packet, src, netlogon); break; case LOGON_SAM_LOGON_REQUEST: nbtd_netlogon_samlogon(dgmslot, iface, packet, src, netlogon); break; default: DEBUG(2,("unknown netlogon op %d from %s:%d\n", netlogon->command, src->addr, src->port)); NDR_PRINT_DEBUG(nbt_netlogon_packet, netlogon); break; } talloc_free(netlogon); return; failed: DEBUG(2,("nbtd netlogon handler failed from %s:%d to %s - %s\n", src->addr, src->port, nbt_name_string(netlogon, name), nt_errstr(status))); talloc_free(netlogon); }
static NTSTATUS keytab_finish(struct dssync_context *ctx, TALLOC_CTX *mem_ctx, struct replUpToDateVectorBlob *new_utdv) { NTSTATUS status = NT_STATUS_OK; krb5_error_code ret = 0; struct libnet_keytab_context *keytab_ctx = (struct libnet_keytab_context *)ctx->private_data; if (new_utdv) { enum ndr_err_code ndr_err; DATA_BLOB blob; if (DEBUGLEVEL >= 10) { NDR_PRINT_DEBUG(replUpToDateVectorBlob, new_utdv); } ndr_err = ndr_push_struct_blob(&blob, mem_ctx, new_utdv, (ndr_push_flags_fn_t)ndr_push_replUpToDateVectorBlob); if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) { status = ndr_map_error2ntstatus(ndr_err); ctx->error_message = talloc_asprintf(ctx, "Failed to push UpToDateVector: %s", nt_errstr(status)); goto done; } status = libnet_keytab_add_to_keytab_entries(mem_ctx, keytab_ctx, 0, ctx->nc_dn, "UTDV", ENCTYPE_NULL, blob); if (!NT_STATUS_IS_OK(status)) { goto done; } } ret = libnet_keytab_add(keytab_ctx); if (ret) { status = krb5_to_nt_status(ret); ctx->error_message = talloc_asprintf(ctx, "Failed to add entries to keytab %s: %s", keytab_ctx->keytab_name, error_message(ret)); goto done; } ctx->result_message = talloc_asprintf(ctx, "Vampired %d accounts to keytab %s", keytab_ctx->count, keytab_ctx->keytab_name); done: TALLOC_FREE(keytab_ctx); return status; }
/* load the notify array */ static NTSTATUS notify_load(struct notify_context *notify, struct db_record *rec) { TDB_DATA dbuf; DATA_BLOB blob; NTSTATUS status; int seqnum; seqnum = notify->db->get_seqnum(notify->db); if (seqnum == notify->seqnum && notify->array != NULL) { return NT_STATUS_OK; } notify->seqnum = seqnum; talloc_free(notify->array); notify->array = TALLOC_ZERO_P(notify, struct notify_array); NT_STATUS_HAVE_NO_MEMORY(notify->array); if (!rec) { if (notify->db->fetch(notify->db, notify, notify->key, &dbuf) != 0) { return NT_STATUS_INTERNAL_DB_CORRUPTION; } } else { dbuf = rec->value; } blob.data = (uint8 *)dbuf.dptr; blob.length = dbuf.dsize; status = NT_STATUS_OK; if (blob.length > 0) { enum ndr_err_code ndr_err; ndr_err = ndr_pull_struct_blob(&blob, notify->array, notify->array, (ndr_pull_flags_fn_t)ndr_pull_notify_array); if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) { status = ndr_map_error2ntstatus(ndr_err); } } if (DEBUGLEVEL >= 10) { DEBUG(10, ("notify_load:\n")); NDR_PRINT_DEBUG(notify_array, notify->array); } if (!rec) { talloc_free(dbuf.dptr); } return status; }
NTSTATUS smbXsrv_tcon_update(struct smbXsrv_tcon *tcon) { struct smbXsrv_tcon_table *table = tcon->table; NTSTATUS status; uint8_t key_buf[SMBXSRV_TCON_GLOBAL_TDB_KEY_SIZE]; TDB_DATA key; if (tcon->global->db_rec != NULL) { DEBUG(0, ("smbXsrv_tcon_update(0x%08x): " "Called with db_rec != NULL'\n", tcon->global->tcon_global_id)); return NT_STATUS_INTERNAL_ERROR; } key = smbXsrv_tcon_global_id_to_key(tcon->global->tcon_global_id, key_buf); tcon->global->db_rec = dbwrap_fetch_locked(table->global.db_ctx, tcon->global, key); if (tcon->global->db_rec == NULL) { DEBUG(0, ("smbXsrv_tcon_update(0x%08x): " "Failed to lock global key '%s'\n", tcon->global->tcon_global_id, hex_encode_talloc(talloc_tos(), key.dptr, key.dsize))); return NT_STATUS_INTERNAL_DB_ERROR; } status = smbXsrv_tcon_global_store(tcon->global); if (!NT_STATUS_IS_OK(status)) { DEBUG(0,("smbXsrv_tcon_update: " "global_id (0x%08x) store failed - %s\n", tcon->global->tcon_global_id, nt_errstr(status))); return status; } if (DEBUGLVL(10)) { struct smbXsrv_tconB tcon_blob; ZERO_STRUCT(tcon_blob); tcon_blob.version = SMBXSRV_VERSION_0; tcon_blob.info.info0 = tcon; DEBUG(10,("smbXsrv_tcon_update: global_id (0x%08x) stored\n", tcon->global->tcon_global_id)); NDR_PRINT_DEBUG(smbXsrv_tconB, &tcon_blob); } return NT_STATUS_OK; }
struct eventlog_Record_tdb *evlog_pull_record_tdb(TALLOC_CTX *mem_ctx, TDB_CONTEXT *tdb, uint32_t record_number) { struct eventlog_Record_tdb *r; TDB_DATA data, key; int32_t srecno; enum ndr_err_code ndr_err; DATA_BLOB blob; srecno = record_number; key.dptr = (unsigned char *)&srecno; key.dsize = sizeof(int32_t); data = tdb_fetch(tdb, key); if (data.dsize == 0) { DEBUG(8,("evlog_pull_record_tdb: " "Can't find a record for the key, record %d\n", record_number)); return NULL; } r = talloc_zero(mem_ctx, struct eventlog_Record_tdb); if (!r) { goto done; } blob = data_blob_const(data.dptr, data.dsize); ndr_err = ndr_pull_struct_blob(&blob, mem_ctx, NULL, r, (ndr_pull_flags_fn_t)ndr_pull_eventlog_Record_tdb); if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) { DEBUG(10,("evlog_pull_record_tdb: failed to decode record %d\n", record_number)); TALLOC_FREE(r); goto done; } if (DEBUGLEVEL >= 10) { NDR_PRINT_DEBUG(eventlog_Record_tdb, r); } DEBUG(10,("evlog_pull_record_tdb: retrieved entry for record %d\n", record_number)); done: SAFE_FREE(data.dptr); return r; }
static NTSTATUS keytab_startup(struct dssync_context *ctx, TALLOC_CTX *mem_ctx, struct replUpToDateVectorBlob **pold_utdv) { krb5_error_code ret = 0; struct libnet_keytab_context *keytab_ctx; struct libnet_keytab_entry *entry; struct replUpToDateVectorBlob *old_utdv = NULL; char *principal; ret = libnet_keytab_init(mem_ctx, ctx->output_filename, &keytab_ctx); if (ret) { return krb5_to_nt_status(ret); } keytab_ctx->dns_domain_name = ctx->dns_domain_name; keytab_ctx->clean_old_entries = ctx->clean_old_entries; ctx->private_data = keytab_ctx; principal = talloc_asprintf(mem_ctx, "UTDV/%s@%s", ctx->nc_dn, ctx->dns_domain_name); NT_STATUS_HAVE_NO_MEMORY(principal); entry = libnet_keytab_search(keytab_ctx, principal, 0, ENCTYPE_NULL, mem_ctx); if (entry) { enum ndr_err_code ndr_err; old_utdv = talloc(mem_ctx, struct replUpToDateVectorBlob); ndr_err = ndr_pull_struct_blob(&entry->password, old_utdv, old_utdv, (ndr_pull_flags_fn_t)ndr_pull_replUpToDateVectorBlob); if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) { NTSTATUS status = ndr_map_error2ntstatus(ndr_err); ctx->error_message = talloc_asprintf(ctx, "Failed to pull UpToDateVector: %s", nt_errstr(status)); return status; } if (DEBUGLEVEL >= 10) { NDR_PRINT_DEBUG(replUpToDateVectorBlob, old_utdv); } } if (pold_utdv) { *pold_utdv = old_utdv; } return NT_STATUS_OK; }
/** * @brief NDR Encodes a NL_AUTH_MESSAGE * * @param mem_ctx The memory context the blob will be allocated on * @param r The NL_AUTH_MESSAGE to encode * @param blob [out] The encoded blob if successful * * @return a NTSTATUS error code */ NTSTATUS dcerpc_push_schannel_bind(TALLOC_CTX *mem_ctx, struct NL_AUTH_MESSAGE *r, DATA_BLOB *blob) { enum ndr_err_code ndr_err; ndr_err = ndr_push_struct_blob(blob, mem_ctx, r, (ndr_push_flags_fn_t)ndr_push_NL_AUTH_MESSAGE); if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) { return ndr_map_error2ntstatus(ndr_err); } if (DEBUGLEVEL >= 10) { NDR_PRINT_DEBUG(NL_AUTH_MESSAGE, r); } return NT_STATUS_OK; }
NTSTATUS ntlmssp_client_initial(struct gensec_security *gensec_security, TALLOC_CTX *out_mem_ctx, DATA_BLOB in, DATA_BLOB *out) { struct gensec_ntlmssp_context *gensec_ntlmssp = talloc_get_type_abort(gensec_security->private_data, struct gensec_ntlmssp_context); struct ntlmssp_state *ntlmssp_state = gensec_ntlmssp->ntlmssp_state; NTSTATUS status; const DATA_BLOB version_blob = ntlmssp_version_blob(); /* generate the ntlmssp negotiate packet */ status = msrpc_gen(out_mem_ctx, out, "CddAAb", "NTLMSSP", NTLMSSP_NEGOTIATE, ntlmssp_state->neg_flags, "", /* domain */ "", /* workstation */ version_blob.data, version_blob.length); if (!NT_STATUS_IS_OK(status)) { DEBUG(0, ("ntlmssp_client_initial: failed to generate " "ntlmssp negotiate packet\n")); return status; } if (DEBUGLEVEL >= 10) { struct NEGOTIATE_MESSAGE *negotiate = talloc( ntlmssp_state, struct NEGOTIATE_MESSAGE); if (negotiate != NULL) { status = ntlmssp_pull_NEGOTIATE_MESSAGE( out, negotiate, negotiate); if (NT_STATUS_IS_OK(status)) { NDR_PRINT_DEBUG(NEGOTIATE_MESSAGE, negotiate); } TALLOC_FREE(negotiate); } } ntlmssp_state->expected_state = NTLMSSP_CHALLENGE; return NT_STATUS_MORE_PROCESSING_REQUIRED; }
NTSTATUS smbXsrv_tcon_update(struct smbXsrv_tcon *tcon) { struct smbXsrv_tcon_table *table = tcon->table; NTSTATUS status; if (tcon->global->db_rec != NULL) { DEBUG(0, ("smbXsrv_tcon_update(0x%08x): " "Called with db_rec != NULL'\n", tcon->global->tcon_global_id)); return NT_STATUS_INTERNAL_ERROR; } tcon->global->db_rec = smbXsrv_tcon_global_fetch_locked( table->global.db_ctx, tcon->global->tcon_global_id, tcon->global /* TALLOC_CTX */); if (tcon->global->db_rec == NULL) { return NT_STATUS_INTERNAL_DB_ERROR; } status = smbXsrv_tcon_global_store(tcon->global); if (!NT_STATUS_IS_OK(status)) { DEBUG(0,("smbXsrv_tcon_update: " "global_id (0x%08x) store failed - %s\n", tcon->global->tcon_global_id, nt_errstr(status))); return status; } if (DEBUGLVL(10)) { struct smbXsrv_tconB tcon_blob; ZERO_STRUCT(tcon_blob); tcon_blob.version = SMBXSRV_VERSION_0; tcon_blob.info.info0 = tcon; DEBUG(10,("smbXsrv_tcon_update: global_id (0x%08x) stored\n", tcon->global->tcon_global_id)); NDR_PRINT_DEBUG(smbXsrv_tconB, &tcon_blob); } return NT_STATUS_OK; }
/* save the notify array */ static NTSTATUS notify_save(struct notify_context *notify, struct db_record *rec) { TDB_DATA dbuf; DATA_BLOB blob; NTSTATUS status; enum ndr_err_code ndr_err; TALLOC_CTX *tmp_ctx; /* if possible, remove some depth arrays */ while (notify->array->num_depths > 0 && notify->array->depth[notify->array->num_depths-1].num_entries == 0) { notify->array->num_depths--; } /* we might just be able to delete the record */ if (notify->array->num_depths == 0) { return rec->delete_rec(rec); } tmp_ctx = talloc_new(notify); NT_STATUS_HAVE_NO_MEMORY(tmp_ctx); ndr_err = ndr_push_struct_blob(&blob, tmp_ctx, notify->array, (ndr_push_flags_fn_t)ndr_push_notify_array); if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) { talloc_free(tmp_ctx); return ndr_map_error2ntstatus(ndr_err); } if (DEBUGLEVEL >= 10) { DEBUG(10, ("notify_save:\n")); NDR_PRINT_DEBUG(notify_array, notify->array); } dbuf.dptr = blob.data; dbuf.dsize = blob.length; status = rec->store(rec, dbuf, TDB_REPLACE); talloc_free(tmp_ctx); return status; }
static NTSTATUS get_nt_acl_xattr(vfs_handle_struct *handle, const char *name, uint32 security_info, struct security_descriptor **ppdesc) { NTSTATUS status = get_nt_acl_xattr_internal(handle, NULL, name, security_info, ppdesc); if (NT_STATUS_IS_OK(status)) { if (DEBUGLEVEL >= 10) { DEBUG(10,("get_nt_acl_xattr: returning xattr sd for file %s\n", name)); NDR_PRINT_DEBUG(security_descriptor, *ppdesc); } return NT_STATUS_OK; } DEBUG(10,("get_nt_acl_xattr: failed to get xattr sd for file %s, Error %s\n", name, nt_errstr(status) )); return SMB_VFS_NEXT_GET_NT_ACL(handle, name, security_info, ppdesc); }
static NTSTATUS fget_nt_acl_tdb(vfs_handle_struct *handle, files_struct *fsp, uint32 security_info, struct security_descriptor **ppdesc) { NTSTATUS status = get_nt_acl_tdb_internal(handle, fsp, NULL, security_info, ppdesc); if (NT_STATUS_IS_OK(status)) { if (DEBUGLEVEL >= 10) { DEBUG(10,("fget_nt_acl_tdb: returning tdb sd for file %s\n", fsp->fsp_name)); NDR_PRINT_DEBUG(security_descriptor, *ppdesc); } return NT_STATUS_OK; } DEBUG(10,("fget_nt_acl_tdb: failed to get tdb sd for file %s, Error %s\n", fsp->fsp_name, nt_errstr(status) )); return SMB_VFS_NEXT_FGET_NT_ACL(handle, fsp, security_info, ppdesc); }
/* test one SDDL example */ static bool test_sddl(struct torture_context *tctx, const void *test_data) { struct security_descriptor *sd, *sd2; struct dom_sid *domain; const char *sddl = (const char *)test_data; const char *sddl2; TALLOC_CTX *mem_ctx = tctx; domain = dom_sid_parse_talloc(mem_ctx, "S-1-2-3-4"); sd = sddl_decode(mem_ctx, sddl, domain); torture_assert(tctx, sd != NULL, talloc_asprintf(tctx, "Failed to decode '%s'\n", sddl)); sddl2 = sddl_encode(mem_ctx, sd, domain); torture_assert(tctx, sddl2 != NULL, talloc_asprintf(tctx, "Failed to re-encode '%s'\n", sddl)); sd2 = sddl_decode(mem_ctx, sddl2, domain); torture_assert(tctx, sd2 != NULL, talloc_asprintf(tctx, "Failed to decode2 '%s'\n", sddl2)); torture_assert(tctx, security_descriptor_equal(sd, sd2), talloc_asprintf(tctx, "Failed equality test for '%s'\n", sddl)); #if 0 /* flags don't have a canonical order ... */ if (strcmp(sddl, sddl2) != 0) { printf("Failed sddl equality test\norig: %s\n new: %s\n", sddl, sddl2); } #endif if (DEBUGLVL(2)) { NDR_PRINT_DEBUG(security_descriptor, sd); } talloc_free(sd); talloc_free(domain); return true; }
/** * @brief NDR Encodes a ncacn_packet * * @param mem_ctx The memory context the blob will be allocated on * @param ptype The DCERPC packet type * @param pfc_flags The DCERPC PFC Falgs * @param auth_length The length of the trailing auth blob * @param call_id The call ID * @param u The payload of the packet * @param blob [out] The encoded blob if successful * * @return an NTSTATUS error code */ NTSTATUS dcerpc_push_ncacn_packet(TALLOC_CTX *mem_ctx, enum dcerpc_pkt_type ptype, uint8_t pfc_flags, uint16_t auth_length, uint32_t call_id, union dcerpc_payload *u, DATA_BLOB *blob) { struct ncacn_packet r; enum ndr_err_code ndr_err; r.rpc_vers = 5; r.rpc_vers_minor = 0; r.ptype = ptype; r.pfc_flags = pfc_flags; r.drep[0] = DCERPC_DREP_LE; r.drep[1] = 0; r.drep[2] = 0; r.drep[3] = 0; r.auth_length = auth_length; r.call_id = call_id; r.u = *u; ndr_err = ndr_push_struct_blob(blob, mem_ctx, &r, (ndr_push_flags_fn_t)ndr_push_ncacn_packet); if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) { return ndr_map_error2ntstatus(ndr_err); } dcerpc_set_frag_length(blob, blob->length); if (DEBUGLEVEL >= 10) { /* set frag len for print function */ r.frag_length = blob->length; NDR_PRINT_DEBUG(ncacn_packet, &r); } return NT_STATUS_OK; }
NTSTATUS _eventlog_GetLogInformation(pipes_struct *p, struct eventlog_GetLogInformation *r) { EVENTLOG_INFO *info = find_eventlog_info_by_hnd(p, r->in.handle); struct EVENTLOG_FULL_INFORMATION f; enum ndr_err_code ndr_err; DATA_BLOB blob; if (!info) { return NT_STATUS_INVALID_HANDLE; } if (r->in.level != 0) { return NT_STATUS_INVALID_LEVEL; } *r->out.bytes_needed = 4; if (r->in.buf_size < 4) { return NT_STATUS_BUFFER_TOO_SMALL; } /* FIXME: this should be retrieved from the handle */ f.full = false; ndr_err = ndr_push_struct_blob(&blob, p->mem_ctx, NULL, &f, (ndr_push_flags_fn_t)ndr_push_EVENTLOG_FULL_INFORMATION); if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) { return ndr_map_error2ntstatus(ndr_err); } if (DEBUGLEVEL >= 10) { NDR_PRINT_DEBUG(EVENTLOG_FULL_INFORMATION, &f); } memcpy(r->out.buffer, blob.data, 4); return NT_STATUS_OK; }