1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-23 17:34:34 +03:00
Commit Graph

156 Commits

Author SHA1 Message Date
Stefan Metzmacher
9e69289b09 CVE-2022-37966 s4:libnet: initialize libnet_SetPassword() arguments explicitly to zero by default.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15237

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2022-12-13 13:07:30 +00:00
Volker Lendecke
b06f0912fc libnet4: Use dom_sid_str_buf
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2019-01-08 03:40:28 +01:00
Swen Schillig
106ea7a1bc Minor cleanup to libnet_join_member
Prevent code duplication by consolidating cleanup task
at the end of the function.

Signed-off-by: Swen Schillig <swen@vnet.ibm.com>
Reviewed-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Sat Feb 24 23:19:05 CET 2018 on sn-devel-144
2018-02-24 23:19:05 +01:00
Swen Schillig
849169a7b6 Fix wrong condition for error string assignment
Signed-off-by: Swen Schillig <swen@vnet.ibm.com>
Reviewed-by: Volker Lendecke <vl@samba.org>
Reviewed-by: David Disseldorp <ddiss@samba.org>

Autobuild-User(master): David Disseldorp <ddiss@samba.org>
Autobuild-Date(master): Thu Jan 25 17:19:12 CET 2018 on sn-devel-144
2018-01-25 17:19:12 +01:00
Volker Lendecke
89c3a1ebbe libnet: Use talloc_zero instead of ZERO_STRUCTP
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: David Disseldorp <ddiss@samba.org>
2018-01-25 12:24:08 +01:00
Gary Lockyer
fa6753d6c2 libnet join: Fix error handling on provision_store_self_join failure
This avoids leaving the error string NULL.

Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Thu May 25 06:28:02 CEST 2017 on sn-devel-144
2017-05-25 06:28:02 +02:00
Stefan Metzmacher
07b1e375e5 s4:libnet: make use of dcerpc_secondary_auth_connection_send/recv()
This avoid the bogus usage of dcerpc_pipe_auth().

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
2015-07-07 14:05:28 +02:00
Stefan Metzmacher
549001fb73 s4:libnet: add const to libnet_JoinDomain->out.samr_binding
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
2014-02-13 11:54:16 +01:00
Stefan Metzmacher
776f5c65bf s4:libnet: use helper functions to access dcerpc_binding->target_hostname
If possible also specify the already known address as dcerpc_binding->host.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
2014-02-13 11:54:16 +01:00
Stefan Metzmacher
98e2b3c28f s4:libnet: make use of dcerpc_binding_[g|s]et_*() in libnet_join.c
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
2014-02-13 11:54:16 +01:00
Stefan Metzmacher
133c5ba063 s4:libnet: use 'const struct dcerpc_binding' for local readonly variables
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
2014-02-13 11:54:16 +01:00
Stefan Metzmacher
e5e8757887 s4:libnet: make use of dcerpc_binding_dup() in libnet_join.c
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
2014-02-11 16:20:32 +01:00
Jeremy Allison
0dc6181894 CVE-2013-4408:s3:Ensure LookupNames replies arrays are range checked.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=10185

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Jeremy Allison <jra@samba.org>
2013-12-09 07:05:46 +01:00
Stefan Metzmacher
fe69c589e8 s4:libnet: make it possible to join with a given machine password
metze
2011-11-29 09:21:25 +01:00
Stefan Metzmacher
5baa44345f s4:libnet: use talloc_zero(struct libnet_JoinDomain) in libnet_Join_member()
metze
2011-11-29 09:21:25 +01:00
Andrew Bartlett
c6cc22adc0 s4-libnet: Remove libnet_Join and create libnet_Join_member
libnet_Join conflicts with a function in the source3 netapi of the
same name, and the ability to join as a DC via this particular method
is unused.

Andrew Bartlett
2011-05-18 16:12:08 +02:00
Matthias Dieter Wallnöfer
ea12adf544 s4/ldb - remove now superflous "ldb_dn_validate" checks
If we immediately afterwards perform an LDB base operation then we don't
need an explicit "ldb_dn_validate" check anymore (only OOM makes sense).

Reviewed by: Tridge
2011-03-04 22:07:24 +01:00
Andrew Tridgell
8dc92c8f71 ldb: use #include <ldb.h> for ldb
thi ensures we are using the header corresponding to the version of
ldb we're linking against. Otherwise we could use the system ldb for
link and the in-tree one for include

Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2011-02-10 06:51:07 +01:00
Matthias Dieter Wallnöfer
d14e0e8ff1 s4:libnet_JoinADSDomain - move away from "samdb_msg_add_string"
These calls can be substituted by "ldb_msg_add_string" without any problems -
only the allocation contexts of the SPNs and the DNS hostnames have to adapted.
2010-12-03 20:09:31 +01:00
Matthias Dieter Wallnöfer
c8aa7d5837 s4:param/secrets.h - fix "enum netr_SchannelType" include correctly 2010-11-27 21:50:41 +01:00
Matthias Dieter Wallnöfer
a5fc9378df s4:libnet_join.c - only write the really essential SPNs
If we are a DC then the others are added by the "samba_spnupdate" script.

This fixes bug #7614.
2010-10-31 18:44:07 +00:00
Matthias Dieter Wallnöfer
49dee0e453 s4:dsdb - use the more safe "samdb_msg_add_(u)int*" calls always where possible
This should prevent all possible integer storage problems in future.
2010-10-24 17:57:06 +00:00
Matthias Dieter Wallnöfer
3ead246062 s4:"util_ldb" - remove some really unused dependancies 2010-10-18 19:35:11 +02:00
Matthias Dieter Wallnöfer
a3f61dea40 Revert "s4:remove "util_ldb" submodule and integrate the three gendb_* calls in "dsdb/common/util.c""
This reverts commit 8a2ce5c47c.

Jelmer pointed out that these are also in use by other LDB databases - not only
SAMDB ones.

Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org>
Autobuild-Date: Sun Oct 17 13:37:16 UTC 2010 on sn-devel-104
2010-10-17 13:37:16 +00:00
Matthias Dieter Wallnöfer
8a2ce5c47c s4:remove "util_ldb" submodule and integrate the three gendb_* calls in "dsdb/common/util.c"
They're only in use by SAMDB code.

Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org>
Autobuild-Date: Sun Oct 17 09:40:13 UTC 2010 on sn-devel-104
2010-10-17 09:40:13 +00:00
Andrew Tridgell
9bae4cd3d9 s4-rpc: added target_principal binding handle option
this allows you to specify a target SPN for a connection

Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-10-01 22:31:57 -07:00
Andrew Bartlett
e823cb8cac s4-libnet_join Use header constant for 'all encryption types' in msDS-SupportedEncryptionTypes 2010-09-24 09:25:44 +10:00
Andrew Tridgell
6b266b85cf s4-loadparm: 2nd half of lp_ to lpcfg_ conversion
this converts all callers that use the Samba4 loadparm lp_ calling
convention to use the lpcfg_ prefix.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
2010-07-16 18:24:27 +10:00
Andrew Bartlett
9fc3f8194d s4:libnet_join Fix typo in msDS-SupportedEncryptionTypes 2010-06-29 16:59:30 +10:00
Matthias Dieter Wallnöfer
b172b7f467 s4:libnet_join.c - always use LDB constants 2010-06-24 10:04:48 +02:00
Andrew Bartlett
ebc2da10cd s4:libnet When joining a domain, update msDS-SupportedEncryptionTypes
We need this for our DC to have clients use AES keys to us
2010-06-23 20:10:04 +10:00
Andrew Bartlett
6324a0f59f s4:provision Remove unused 'account_name' parameter
The python glue code didn't even de-reference this element in the
structure.

Andrew Bartlett
2010-05-18 13:20:18 +10:00
Stefan Metzmacher
146ce6ead1 s4:libnet/libnet_join: don't look at p->last_fault_code for debugging anymore
metze
2010-04-15 09:34:02 +02:00
Stefan Metzmacher
d0efef3f86 s4:libnet/libnet_join.c: add explicit check for NTSTATUS r.out.result
metze
2010-03-29 15:35:51 +02:00
Stefan Metzmacher
bec3d8e7ae s4:libnet/libnet_join.c: make use of dcerpc_binding_handle stubs
metze
2010-03-12 15:25:51 +01:00
Matthias Dieter Wallnöfer
ec6843402c s4:libnet - change variables to "unsigned" where needed 2010-03-10 20:23:43 +01:00
Kamen Mazdrashki
2483ed362b s4/drs: DsCrackNames - Propagating IDL changes to source code
Signed-off-by: Stefan Metzmacher <metze@samba.org>
2010-03-10 17:12:02 +01:00
Stefan Metzmacher
7473ca2d33 s4:libnet: use generate_random_password()
metze
2010-02-26 08:57:28 +01:00
Brad Hards
1e986c1cb3 More spelling fixes across source4/
Signed-off-by: Matthias Dieter Wallnöfer <mwallnoefer@yahoo.de>
2010-02-22 21:45:38 +01:00
Andrew Tridgell
90203f87e7 s4-dsdb: change samdb_replace() to dsdb_replace() and allow for dsdb_flags
This allows for controls to be added easily where they are needed.
2010-02-16 21:10:50 +11:00
Andrew Tridgell
4ad0397d8a s4-ldbwrap: added re-use of ldb contexts in ldb_wrap_connect()
This allows us to reuse a ldb context if it is open twice, instead
of going through the expensive process of a full ldb open. We can
reuse it if all of the parameters are the same.

The change relies on callers using talloc_unlink() or free of a parent
to close a ldb context.
2009-10-23 14:52:17 +11:00
Andrew Bartlett
bfddb6816f s4:provision Use code to store domain join in 'net join' as well
This ensures we only have one codepath to store the secret, and
therefore that we have a single choke point for setting the
saltPrincipal, which we were previously skipping.

Andrew Bartlett
2009-09-20 16:29:38 -07:00
Andrew Tridgell
86f3a2ea09 s4: fixed the secrets.ldb construction in libnet
on a vampire join we were not putting the right attributes and
objectclass on the secrets.ldb record
2009-09-07 10:33:47 +10:00
Stefan Metzmacher
ff37d6631c s4:libnet: use talloc_strdup() instead of talloc_reference()
metze
2009-07-31 14:42:03 +02:00
Andrew Tridgell
0534ae012b use the new talloc_reparent in two places 2009-07-01 15:15:37 +10:00
Andrew Bartlett
58e8db912d s4:libnet Allow 'net password change' to work on expired passwords
We need to pass down flags to the DCE/RPC layer to allow fallback to
anonymous connections, as we can't log in with an expired password.

The anonymous connection can then change the password with SAMR.

Andrew Bartlett
2009-06-18 13:49:30 +10:00
Jelmer Vernooij
ff26cb4b1c Fix compiler warnings in libnet. 2008-12-23 22:11:21 +01:00
Günther Deschner
09998ab89d s4-samr: merge samr_QueryUserInfo{2} from s3 idl. (fixme: python)
Guenther
2008-11-10 21:46:31 +01:00
Günther Deschner
bb1d7684d2 s4-samr: merge samr_LookupDomain from s3 idl. (fixme: python)
Guenther
2008-11-10 21:46:30 +01:00
Günther Deschner
61391d0ade s4-samr: merge samr_LookupNames from s3 idl. (fixme: python)
Guenther
2008-11-10 21:46:30 +01:00