1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-24 21:34:56 +03:00
Commit Graph

304 Commits

Author SHA1 Message Date
Günther Deschner
0ff7e0c998 samba: share readline wrappers among all buildsystems.
Guenther
2010-10-01 22:30:22 +02:00
Stefan Metzmacher
9d4df79080 libcli/ldap: correctly marshall LDAP Unbind PDUs
metze
2010-09-27 08:24:35 +02:00
Stefan Metzmacher
95b56aabcb libcli/ldap: let ldap_full_packet() use asn1_peek_tag_needed_size()
This allows us to read a full packet without read byte after byte
or possible read to much.

metze
2010-09-26 06:45:40 +02:00
Stefan Metzmacher
e628bf1081 libcli/util: let tstream_read_pdu_blob_* cope with variable length headers
metze
2010-09-26 06:45:38 +02:00
Simo Sorce
678993470f libcli: fix compile warning
Signed-off-by: Günther Deschner <gd@samba.org>
2010-09-23 10:54:24 -07:00
Steven Danneman
bf1a4b2bc4 s4:libcli:smb2 Rename pending_id to async_id and make 64-bit
Match MS-SMB2 - 2.2.1.1   SMB2 Packet Header - ASYNC
2010-09-22 17:52:53 -07:00
Andrew Bartlett
ccbcffadb6 libcli/ldap Add const to ldap_encode_ndr_dom_sid()
Signed-off-by: Günther Deschner <gd@samba.org>
2010-09-20 15:06:30 -07:00
Günther Deschner
4006160179 libcli: add dom_sid_compare_domain()
Guenther
2010-09-20 14:03:13 -07:00
Kamen Mazdrashki
1fac1f0d28 werror: Add W_ERROR_HAVE_NO_MEMORY_AND_FREE() macro 2010-09-18 15:09:46 +03:00
Andrew Bartlett
6832d5e933 libcli/auth/ntlmssp Be clear about talloc parents for session keys
The previous API was not clear as to who owned the returned session key.
This fixes a valgrind-found use-after-free in the NTLMSSP key derivation code,
and avoids making allocations - we steal and zero instead.

Andrew Bartlett

Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-16 21:09:17 +10:00
Andrew Tridgell
5a0bb2234e cldap: prevent crashes when freeing cldap socket
As a callback may destroy the cldap socket we need to ensure we don't
reference the cldap structure after the callback

Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-09-15 15:39:36 +10:00
Andrew Tridgell
4ff452151a cldap: use ipv4 not up for unbound cldap sockets
If we use "ip" we end up with a PF_INET6 socket which breaks sendto()
for v4 addresses.
2010-09-15 15:39:35 +10:00
Andrew Tridgell
67ac8555b1 s4-auth: set the RODC bit for RODC schannel
When we are using SEC_CHAN_RODC we need to set the
NETLOGON_NEG_RODC_PASSTHROUGH bit in the negotiated flags in
ServerAuthenticate2

Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-09-15 15:39:34 +10:00
Jeremy Allison
55b315094e Fix string_to_sid() to allow non '\0' termination of the string - allows
string_to_sid() to be used in formatted strings like FOO/S-1-5-XXXX-YYYY/BAR.

Jeremy.
2010-09-14 14:48:50 -07:00
Andrew Bartlett
46f585e364 libcli/security Use sid_append_rid() in dom_sid_append_rid()
This ensures that the maximum number of sub-authorities is respected,
otherwise we may run off the end of the array.

Andrew Bartlett
2010-09-14 14:48:49 -07:00
Andrew Bartlett
51ecf79654 libcli/security Merge source3/ string_to_sid() to common code
The source3 code repsects the limit of a maximum of 15 subauths,
while the source4 code does not, creating a security issue as
we parse string-form SIDs from clients.

Andrew Bartlett
2010-09-14 14:48:49 -07:00
Volker Lendecke
8768f627dc ntlm_check: Fix some nonempty blank lines 2010-09-13 18:39:30 +02:00
Matthias Dieter Wallnöfer
b9b93b845c libcli/auth/schannel_state_tdb.c - fix includes
Otherwise we get a "declared inside parameter list" warning.
2010-09-11 12:53:21 +02:00
Andrew Bartlett
fdcadb5c3c libcli/privileges Fix comment 2010-09-11 18:46:13 +10:00
Andrew Bartlett
0eea8ecfe2 s4-privs Seperate rights and privileges
These are related, but slightly different concepts.  The biggest difference
is that rights are not enumerated as a system-wide list.

This moves the rights to security.idl due to dependencies.

Andrew Bartlett
2010-09-11 18:46:13 +10:00
Andrew Bartlett
ee943fb2bf libcli/security Remove unused SE_NONE define
Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-11 18:46:13 +10:00
Andrew Bartlett
eb6a0cc326 libcli/security Move 'private' privileges functions to another header
These functions work on the bitmap, and are only exposed because
the source3/ privileges storage uses the bitmap in account_policy.tdb

Andrew Bartlett

Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-11 18:46:13 +10:00
Andrew Bartlett
6d2b1ef71d libcli/security Remove 'always true' return from se_priv_put_all_privileges
Andrew Bartlett

Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-11 18:46:13 +10:00
Andrew Bartlett
eb84c7ac90 libcli/auth Failure to find the cached session key for SCHANNEL isn't level 0
This happens all the time, particularly now that we don't keep the
db around after a reboot.  Don't scare the admins with the level 0.

Andrew Bartlett

Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-11 18:46:12 +10:00
Andrew Tridgell
382e2b321b privileges: privilege luids are not all below 64
the ones brought across from s3 have higher values

Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-09-11 18:46:12 +10:00
Andrew Bartlett
a32cdadb7c libcli/security Make sec_privilege_from_index() return SEC_PRIV_INVALID on failure
This is clearer and more consistent than using a magic -1 return

Andrew Bartlett

Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-11 18:46:11 +10:00
Andrew Bartlett
0b41ef7895 libcli/security Remove unused declarations from privileges.h
Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-11 18:46:11 +10:00
Andrew Bartlett
71832a404e libcli/security Expose sec_privilege_mask()
Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-11 18:46:11 +10:00
Andrew Bartlett
6d78e11e17 libcli/security make sec_privilege_id() return SEC_PRIV_INVALID on failure.
Andrew Bartlett

Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-11 18:46:10 +10:00
Andrew Bartlett
8ff6bc2350 libcli/security Remove unused functions and constants.
All the callers to these functions have been removed or reworked.

Andrew Bartlett

Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-11 18:46:10 +10:00
Andrew Bartlett
a53a42ffb8 libcli/security Rename all privilege bitmaps constants
The idea here to to make it very clear how they differ from the
enumerated LUID values.

Andrew Bartlett

Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-11 18:46:10 +10:00
Andrew Bartlett
2bb7b827d6 libcli/security Remove luid_to_se_priv() and luid_to_privilege_name()
These functions duplicate other functions in the merged code.

Andrew Bartlett

Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-11 18:46:10 +10:00
Andrew Bartlett
aab0b557b9 libcli/security Improve dump of privileges: Just walk the table
This removes some logic recently added that was just too smart - it
is easier to just walk the table and do a bit match here.

Andrew Bartlett

Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-11 18:46:09 +10:00
Andrew Bartlett
0e2142a927 s3-privs Remove pointer indirection from se_priv_to_privilege_set()
Andrew Bartlett

Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-11 18:46:09 +10:00
Andrew Bartlett
cbd72ab93b libcli/security Don't export privs[] as a global variable
Instead, provide access functions for the LSA and net sam callers
for the information they need.

They still only enumerate the first 8 privileges that have traditionally
been exposed.

Andrew Bartlett

Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-11 18:46:08 +10:00
Andrew Bartlett
3c93d1ecbf libcli/security Merge privilege lists from source3 and source4
The LSA enumeration in source3 will not show the new privileges,
but otherwise, they are now in common, and can be set by name.

Andrew Bartlett

Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-11 18:46:08 +10:00
Andrew Bartlett
d2e41105e2 libcli/security Return number of entries in the old source3 list
This ensures there isn't a behaviour change when the source3 list is combined
with the longer source4 list.

Andrew Bartlett

Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-11 18:46:08 +10:00
Andrew Bartlett
eb8e3155de libcli/privileges Simplify get_privilege_luid() to return just the enum
As Samba only deals with the lower 32 bits of the LUID, just return those
and let the LSA layer deal with the upper 0 bits.

Andrew Bartlett

Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-11 18:46:08 +10:00
Andrew Bartlett
cdda15c062 libcli/security Don't memcpy a uint64_t value, just assign it.
Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-11 18:46:08 +10:00
Andrew Bartlett
780de03f00 libcli/security Use ARRAY_SIZE() consistantly.
This avoids the use of SE_END, and has all callers walking the
array using the same termination condition.

Andrew Bartlett

Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-11 18:46:08 +10:00
Andrew Bartlett
66ac968dd5 libcli/security Fix and clarify privilege manipulation function comments
Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-11 18:46:07 +10:00
Andrew Bartlett
9fb92c6014 libcli/security Make the two privileges tables share a common struct definition
Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-11 18:46:07 +10:00
Andrew Bartlett
dbee98d30f libcli/security Move source4/ privileges code into the common libcli/security
Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-11 18:46:07 +10:00
Andrew Bartlett
0d25212cc1 s3-privs Move manual prototypes to common privileges.h
Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-11 18:46:07 +10:00
Andrew Bartlett
b29b6c13a3 s3-privs Inline dump_se_priv into callers now that it's just a uint64_t
The previous 128 bit structure needed this helper function.

Andrew Bartlett

Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-11 18:46:07 +10:00
Andrew Bartlett
f85b822bd4 libcli/security Use talloc_realloc() not TALLOC_REALLOC_ARRAY()
Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-11 18:46:07 +10:00
Andrew Bartlett
3f589c2155 libcli/security Use C99 types
Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-11 18:46:07 +10:00
Andrew Bartlett
b0690d6da7 libcli/security Use true and false, not True and False
Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-11 18:46:06 +10:00
Andrew Bartlett
f20bba97d8 s3-privs Move source3/ privileges implmentation into common
Andrew Bartlett

Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-11 18:46:06 +10:00
Matthias Dieter Wallnöfer
5c33ef2758 s3/s4:libcli/tstream - add more "char *" casts in order to suppress Solaris warnings 2010-09-10 22:45:49 +02:00