sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2024-12-25 23:21:54 +03:00
Code
60,226 Commits 60 Branches 1,144 Tags 452 MiB
1a10a5949d
Commit Graph

222 Commits

Author SHA1 Message Date
Simo Sorce
1d0938c629 schannel_tdb: make code compilable in both trees 2010-02-23 12:46:50 -05:00
Simo Sorce
3b12c38ac0 s3:schannel streamline interface 
Make calling schannel much easier by removing the need to explicitly open the
database. Let the abstraction do it instead.
 2010-02-23 12:46:50 -05:00
Simo Sorce
b4c9dc3724 s3:schannel more readable check logic 
Make the initial schannel check logic more understandable.
Make it easy to define different policies depending on ther caller's security
requirements (Integrity/Privacy/Both/None)
 2010-02-23 12:46:50 -05:00
Simo Sorce
0c8608bbab s3 Fix the build 
I didn't mean to puch the GetForestTrustInformation patch just yet,
now that it is in fix the s3 build ...
 2010-02-22 21:18:07 -05:00
Volker Lendecke
081573091b s3: Remove the typedef for "auth_serversupplied_info" 2010-01-10 20:56:16 +01:00
Volker Lendecke
9bb4766bba s3: Remove the typedef for "auth_usersupplied_info" 2010-01-10 20:56:16 +01:00
Günther Deschner
5d706a2fd4 s3-rpc: running minimal_includes.pl on rpc_client and rpc_server. 
Guenther
 2009-11-26 20:17:07 +01:00
Günther Deschner
3d679a3b5f s3-rpc: Avoid including every pipe's client and server stubs everywhere in samba. 
Guenther
 2009-11-26 20:03:17 +01:00
Günther Deschner
d7ce873391 s3-netlogon: enable RPC-NETLOGON-ADMIN test against s3. 
Guenther
 2009-11-09 17:36:53 +01:00
Günther Deschner
53d49bb728 s3-netlogon: implement _netr_GetDcName and _netr_GetAnyDcName. 
Guenther
 2009-11-06 15:01:39 +01:00
Günther Deschner
ccdd1462cc s3-netlogon: make sure we protect some function codes in _netr_LogonControl2Ex(). 
Guenther
 2009-11-04 00:55:49 +01:00
Günther Deschner
bb2e1ff631 s3-netlogon: let s3 pass against RPC-NETLOGON-S3 again. 
Guenther
 2009-11-04 00:55:45 +01:00
Günther Deschner
40f3f456bc s3-netlogon: implement _netr_NETLOGON_INFO_4 in netr_LogonControl2Ex() and friends as well. 
Guenther
 2009-11-04 00:55:18 +01:00
Günther Deschner
b3a2147497 s3-netlogon: implement remote trust account changing in netr_LogonControl2Ex() and friends. 
Guenther
 2009-11-04 00:55:09 +01:00
Günther Deschner
8267564e1c s3-netlogon: Fix _netr_ServerPasswordSet2 cleartext blob handling. 
Following Andrew's advice, let's straight md4 the plaintext blob and avoid
trying to get a paintext string out of the input the client sends.

Guenther
 2009-10-16 14:54:57 +02:00
Günther Deschner
ebe0e64ba9 s3: use enum netr_SchannelType all over the place. 
Guenther
 2009-10-13 10:21:46 +02:00
Günther Deschner
3d3134a7d6 s3-netlogon: pure cosmetic indent fixes in _netr_LogonControl2Ex(). 
Guenther
 2009-10-07 10:36:22 +02:00
Günther Deschner
6c0abbdd35 s3-netlogon: properly implement _netr_NetrEnumerateTrustedDomains(). 
Guenther
 2009-09-30 00:37:13 +02:00
Günther Deschner
44e44310d1 s3-netlogon: support validation level 6 in netr_SamLogon calls. 
Guenther
 2009-09-16 18:00:03 +02:00
Günther Deschner
5ddde4e19d s3-netlogon: match all logon levels in netr_SamLogon calls. 
Guenther
 2009-09-16 17:59:56 +02:00
Günther Deschner
799f8d7e13 schannel: fully share schannel sign/seal between s3 and 4. 
Guenther
 2009-09-16 01:55:06 +02:00
Günther Deschner
d3af0346c8 s3-dcerpc: use dcerpc_AuthLevel and remove duplicate set of flags. 
Guenther
 2009-09-15 17:49:34 +02:00
Günther Deschner
15bbae5fd8 s3-netlogon: Fix Coverity #945 UNINIT. 
Guenther
 2009-09-13 21:32:48 +02:00
Günther Deschner
a0b1968167 s3-netlogon: use WERRORs in NETLOGON_INFO structures. 
Guenther
 2009-09-02 15:29:44 +02:00
Günther Deschner
2b8afd2257 s3-netlogon: implement _netr_ServerPasswordSet2. 
Guenther
 2009-09-02 10:47:36 +02:00
Günther Deschner
71e9dfc0cd s3-netlogon: rework _netr_ServerPasswordSet. 
Guenther
 2009-09-02 10:47:35 +02:00
Günther Deschner
931771138a s3-netlogon: implement _netr_LogonSamLogonWithFlags(). 
Guenther
 2009-09-02 10:23:28 +02:00
Günther Deschner
21a93c2ddc s3-netlogon: use shared credential and schannel storage infrastructure for netlogon server. 
Guenther
 2009-08-27 15:55:19 +02:00
Günther Deschner
2d8157fb9e s3-netlogon: add netr_creds_server_step_check() convenience wrapper. 
Guenther
 2009-08-27 15:55:19 +02:00
Günther Deschner
2cbacd5e10 s3-netlogon: let get_md4pw() return a struct dom_sid. 
Guenther
 2009-08-26 15:45:09 +02:00
Günther Deschner
a77b036f3b s3-netlogon: fix default case when _netr_LogonSamLogon is called from other opcodes. 
Guenther
 2009-08-26 01:06:36 +02:00
Günther Deschner
87ce535243 Revert "s3: Fix uninitialized const char *" 
Tim, I am reverting this as this eliminates "_netr_LogonSamLogonEx" from the
debug messages completely. Followup fix to come immediately.

This reverts commit add9b4afb1.
 2009-08-26 01:06:22 +02:00
Günther Deschner
e460c211b0 s3-netlogon: get rid of init_net_r_req_chal(). 
Guenther
 2009-08-26 00:48:13 +02:00
Günther Deschner
5b46e5985e s3-netlogon: let get_md4pw() return a struct samr_Password. 
(in preparation of credential merge).

Guenther
 2009-08-26 00:48:04 +02:00
Günther Deschner
1a53b61771 s3-netlogon: make _netr_ServerAuthenticate a callback to _netr_ServerAuthenticate3. 
Guenther
 2009-08-26 00:47:55 +02:00
Günther Deschner
4799020e9f s3-netlogon: Only hand out rid when netlogon credential chain has been setup sucessfully. 
Guenther
 2009-08-24 23:09:57 +02:00
Günther Deschner
78519b6500 s3-netlogon: remove unneeded fstrings from netlogon server. 
Guenther
 2009-06-30 22:21:09 +02:00
Günther Deschner
f62d9f5b57 s3-netlogon: fix validation level 2 support in netr_SamLogon and friends. 
Guenther
 2009-06-25 12:19:10 +02:00
Andrew Bartlett
33a59921be s3:netlogon Cope with recent rename in netlogon.idl 2009-06-18 15:00:28 +10:00
Günther Deschner
90b3890654 s3-netlogon: Fix _netr_LogonSamLogon{Ex} with validation level != 3. 
Guenther
 2009-05-29 13:17:52 +02:00
Günther Deschner
65f86a644a s3-netlogon: return proper error code for unsupported validation class. 
Guenther
 2009-05-29 13:17:52 +02:00
Jeremy Allison
78fb479325 After getting confirmation from Guenther, add 3 changes we'll 
ultimately need to fix bug #6099 Samba returns incurrate capabilities list.
1). Add a comment to point out that r->in.negotiate_flags is an aliased pointer to
r->out.negotiate_flags.
2). Ensure we return NETLOGON_NEG_STRONG_KEYS in our flags
return if the client requested it.
3). Clean up the error exits so we always return the same
way.
Signed off by Guenther.
Jeremy.
 2009-05-06 16:10:20 -07:00
Günther Deschner
78754ab2c9 s3-netlogon: Fix NETLOGON credential chain. Fixes Bug #6099 (Windows 7 joining Samba3) and probably many, many more. 
Jeremy, with 9a5d5cc1db you alter the in negotiate
flags (which are a pointer to the out negotiate flags assigned in the generated
netlogon server code). So, while you wanted to just set the *out* negflags, you
did in fact reset the *in* negflags, effectively eliminating the
NETLOGON_NEG_STRONG_KEYS bit (formerly known as NETLOGON_NEG_128BIT) which then
caused creds_server_init() to generate 64bit creds instead of 128bit, causing
the whole chain to break. *Please* check.

Guenther
 2009-05-06 19:37:39 +02:00
Andrew Bartlett
f28f113d8e Rework Samba3 to use new libcli/auth code (partial) 
This commit is mostly to cope with the removal of SamOemHash (replaced
by arcfour_crypt()) and other collisions (such as changed function
arguments compared to Samba3).

We still provide creds_hash3 until Samba3 uses the credentials code in
netlogon server

Andrew Bartlett
 2009-04-14 16:23:35 +10:00
Volker Lendecke
4aed9abbf8 Remove the static "chal" from ntlmssp.c:get_challenge() 2009-02-21 14:04:14 +01:00
Yasuma Takeda
e32f946114 Fix bug 5920 
The length of the memcpy was calculated wrong, r->out.return_authenticator is
a pointer
 2009-02-16 14:08:39 +01:00
Stefan Metzmacher
fe417b29bd s3:netlogon: implement _netr_LogonGetCapabilities() with NT_STATUS_NOT_IMPLEMENTED 
This hopefully fixes bug #6100.

metze
 2009-02-16 11:34:35 +01:00
Jeremy Allison
9a5d5cc1db Attempt to fix bug #6099. According to Microsoft 
Windows 7 looks at the negotiate_flags
returned in this structure *even if the
call fails with access denied ! So in order
to allow Win7 to connect to a Samba NT style
PDC we set the flags before we know if it's
an error or not.
Jeremy.
 2009-02-15 18:12:20 -08:00
Tim Prouty
add9b4afb1 s3: Fix uninitialized const char * 2009-02-13 17:56:08 -08:00
Günther Deschner
75562a1e34 s3-netlogon: some more appropriate debug messages. 
Guenther
 2009-02-14 01:21:20 +01:00