Nadezhda Ivanova
980f68a6f2
security: Fixed bugs in expansion of generic information ACEs
...
When an ACE gontaining GA, GE, GR, GW, CO or CG is provided by a user or inherited
the final SD actually has to have 2 ACEs, one is an effective expanded one, and the
original one with IO flag added.
2011-01-11 12:20:43 +02:00
Günther Deschner
45227e96c2
libcli/security: fix sid_type_lookup().
...
It *always* returned "SID *TYPE* is INVALID".
Guenther
Autobuild-User: Günther Deschner <gd@samba.org>
Autobuild-Date: Mon Jan 10 12:47:00 CET 2011 on sn-devel-104
2011-01-10 12:47:00 +01:00
Günther Deschner
3294ccbb6d
netlogon: move netlogon helpers to ../libcli/netlogon.
...
Guenther
2011-01-07 15:02:24 +01:00
Stefan Metzmacher
e22c4c5632
libcli/auth: add netsec_outgoing_sig_size()
...
The size of the signature blob depends on the used
algorithm.
metze
2011-01-03 16:44:28 +01:00
Volker Lendecke
41179c2538
Fix a valgrind error
...
Thanks to Tridge for the hint.
Autobuild-User: Volker Lendecke <vlendec@samba.org>
Autobuild-Date: Sun Jan 2 10:58:51 CET 2011 on sn-devel-104
2011-01-02 10:58:51 +01:00
Jelmer Vernooij
5792fa90ac
s4-python: Only set BASETYPE flag if subclassing is supported.
...
Autobuild-User: Jelmer Vernooij <jelmer@samba.org>
Autobuild-Date: Sat Jan 1 03:39:58 CET 2011 on sn-devel-104
2011-01-01 03:39:58 +01:00
Jelmer Vernooij
f5fe9c32ef
s4-python: Add more prototypes.
2011-01-01 02:54:05 +01:00
Matthias Dieter Wallnöfer
13fa6743d8
s3/s4:auth SPNEGO - adaptions for the removed "const" from OIDs
...
This is needed in order to suppress warnings.
2010-12-21 15:10:37 +11:00
Günther Deschner
10eaad2977
libcli/security: remove unused variable.
...
Guenther
Autobuild-User: Günther Deschner <gd@samba.org>
Autobuild-Date: Fri Dec 17 13:56:27 CET 2010 on sn-devel-104
2010-12-17 13:56:27 +01:00
Andrew Bartlett
4a4d8e4b0f
libcli/security Add sid_blob_parse() to directly parse a binary SID blob
2010-12-16 15:54:30 +11:00
Stefan Metzmacher
aac0c58e04
libcli/echo: fix off by 1 crash bug
...
metze
Autobuild-User: Stefan Metzmacher <metze@samba.org>
Autobuild-Date: Sat Dec 11 13:48:54 CET 2010 on sn-devel-104
2010-12-11 13:48:54 +01:00
Stefan Metzmacher
b6fef94ec1
libcli/echo: lowercase testsuite names
...
metze
2010-12-11 11:06:56 +01:00
Kai Blin
1f2518df5a
s4 libcli: Add libcli_echo lib and torture test
...
Autobuild-User: Kai Blin <kai@samba.org>
Autobuild-Date: Thu Dec 9 23:57:03 CET 2010 on sn-devel-104
2010-12-09 23:57:03 +01:00
Andrew Bartlett
a21cb5a0a1
libcli/auth bring ADS_IGNORE_PRINCIPAL in common
2010-12-08 08:55:04 +01:00
Stefan Metzmacher
15c33ada6b
libcli/auth: let spnego_write_mech_types() check the asn1_load() return
...
metze
Autobuild-User: Stefan Metzmacher <metze@samba.org>
Autobuild-Date: Tue Dec 7 18:23:41 CET 2010 on sn-devel-104
2010-12-07 18:23:41 +01:00
Matthias Dieter Wallnöfer
93d85ca5fd
s4:fix some shadowed declaration warnings on Solaris by renaming the symbols
2010-12-06 11:28:58 +01:00
Jeremy Allison
75508cea4a
Turns out there are lots of places in S3 where token passed in
...
here can be NULL (become_root() sets the current security token to
NULL for example). Ensure we don't crash.
Jeremy.
Autobuild-User: Jeremy Allison <jra@samba.org>
Autobuild-Date: Thu Dec 2 03:26:03 CET 2010 on sn-devel-104
2010-12-02 03:26:03 +01:00
Matthias Dieter Wallnöfer
3035fe041f
libcli/security/object_tree.c - remove unreachable statement
2010-11-29 14:48:12 +01:00
Arnaud Faucher
2ac5cedb71
Avoid the use of PyAPI_DATA, which is for internal Python API's.
...
Signed-off-by: Jelmer Vernooij <jelmer@samba.org>
Autobuild-User: Jelmer Vernooij <jelmer@samba.org>
Autobuild-Date: Mon Nov 22 00:52:56 CET 2010 on sn-devel-104
2010-11-22 00:52:56 +01:00
Andrew Tridgell
9a744c634f
s4-doserr: telling our users to "see Windows help" doesn't seem right
2010-11-17 23:55:39 +11:00
Volker Lendecke
eb769f2234
raw.h is only needed in the S4 build
...
Autobuild-User: Volker Lendecke <vlendec@samba.org>
Autobuild-Date: Tue Nov 9 14:49:14 UTC 2010 on sn-devel-104
2010-11-09 14:49:14 +00:00
Kamen Mazdrashki
717b1158a6
idl: Use DRSUAPI_ATTID_ prefix instead of DRSUAPI_ATTRIBUTE_ for ATTID values
...
Those values are actually ATTID values and such, they are used
for ATTIDs for Attributes, Classes and Syntaxes.
2010-10-31 23:54:04 +00:00
Jelmer Vernooij
3deece5591
s4: Remove the old perl/m4/make/mk-based build system.
...
The new waf-based build system now has all the same functionality, and
the old build system has been broken for quite some time.
Autobuild-User: Jelmer Vernooij <jelmer@samba.org>
Autobuild-Date: Sun Oct 31 02:01:44 UTC 2010 on sn-devel-104
2010-10-31 02:01:44 +00:00
Andrew Tridgell
eb0005dfca
s4-tdb: make tdb-wrap into a private library
...
this prevents double linking of the tdb wrap code
2010-10-30 23:49:01 +11:00
Jelmer Vernooij
a74e8be6d1
waf: Stop automaticaly changing dashes to underscores in library names.
2010-10-26 10:17:18 -07:00
Jelmer Vernooij
8cf61377aa
waf: Remove lib prefix from libraries manually.
2010-10-26 10:17:17 -07:00
Jelmer Vernooij
d9cbcdd410
s4: Drop duplicate 'lib' prefix for private libraries.
2010-10-26 10:17:16 -07:00
Andrew Bartlett
14686e4b5a
libcli/security Remove unused sec_acl_equal()
...
This was orphaned by changing sec_desc_equal() to the stricter
security_descriptor_equal() by
f4195183a4
in 2009.
(The difference here was that sec_acl_equal allowed for equivilent ordering. I've checked the callers, and this function is only used to skip actual ACL sets, or to reference a cache, so this seems
Autobuild-User: Andrew Bartlett <abartlet@samba.org>
Autobuild-Date: Sun Oct 24 22:21:23 UTC 2010 on sn-devel-104
2010-10-24 22:21:23 +00:00
Jelmer Vernooij
599afb0651
s4: Rename LIBCLI_NBT -> cli_nbt.
2010-10-24 00:20:04 +00:00
Jelmer Vernooij
5224de3f74
s4: Rename LIBCLI_LDAP to libcli_ldap.
2010-10-24 00:20:04 +00:00
Jelmer Vernooij
833480d3ad
s4: Rename LIBSAMBA-* to libsamba-*
2010-10-24 00:20:04 +00:00
Jelmer Vernooij
ca16d805bd
s4: Rename LIBSECURITY{_SESSION,} to libsecurity{_session,}
2010-10-24 00:20:04 +00:00
Jelmer Vernooij
9065f9644b
s4: Rename LIBNETIF to libnetif.
2010-10-23 22:24:06 +00:00
Matthias Dieter Wallnöfer
18103d34e2
create_descriptor.c - fix comment
...
The location in MS-DTYPE changed.
Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org>
Autobuild-Date: Sat Oct 23 21:33:46 UTC 2010 on sn-devel-104
2010-10-23 21:33:45 +00:00
Kai Blin
eeac222398
s4 dns: Import DNS win32 error codes from MS-ERREF
2010-10-23 10:17:05 +00:00
Jeremy Allison
3e79cd6856
Fix const warning. Allocate off NULL as we always talloc_free().
2010-10-22 17:33:03 +00:00
Andrew Tridgell
d98effffe4
libcli: LIBSECURITY depends on NDR_SECURITY
...
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-10-21 19:03:27 +11:00
Andrew Tridgell
2dcb596e83
s4-waf: removed dependencies on missing subsystems
...
these were left over from the old config.mk system
2010-10-21 19:03:24 +11:00
Andrew Tridgell
35b61c2365
libcli: make LIBCLI_NBT a private library
2010-10-21 19:03:24 +11:00
Andrew Tridgell
8709c3c0f2
libcli: make the LIBSECURITY subsystem into a private library
...
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-10-21 19:03:23 +11:00
Jeremy Allison
94dc63056a
Now we have SeSystemSecurity, remove the source3-only #ifdef.
...
Jeremy.
Autobuild-User: Jeremy Allison <jra@samba.org>
Autobuild-Date: Thu Oct 21 01:35:00 UTC 2010 on sn-devel-104
2010-10-21 01:35:00 +00:00
Jeremy Allison
e00c2b3cdf
Add code to implement SeSecurityPrivilege in net rpc rights, and in the
...
open and get/set NT security descriptor code.
Jeremy.
Autobuild-User: Jeremy Allison <jra@samba.org>
Autobuild-Date: Thu Oct 21 00:15:57 UTC 2010 on sn-devel-104
2010-10-21 00:15:57 +00:00
Matthias Dieter Wallnöfer
caf6b3686f
libcli/security/access_check.c - fix a memory leak
2010-10-20 12:31:05 +00:00
Andrew Bartlett
4a8c17a41c
libcli/ldap Don't try and encode a control with a NULL OID
...
ctrl->oid is set to NULL by the Samba4 rootDSE module when removing
controls that should not be exposed over LDAP (to avoid a realloc).
Andrew Bartlett
Autobuild-User: Andrew Bartlett <abartlet@samba.org>
Autobuild-Date: Wed Oct 20 04:13:44 UTC 2010 on sn-devel-104
2010-10-20 04:13:44 +00:00
Jeremy Allison
45794dd30a
Fix shadow warning for "access" variable.
...
Autobuild-User: Jeremy Allison <jra@samba.org>
Autobuild-Date: Tue Oct 19 22:53:38 UTC 2010 on sn-devel-104
2010-10-19 22:53:38 +00:00
Andrew Tridgell
7197bcc513
readline: fixed the test for history_list()
2010-10-19 11:22:35 +11:00
Stefan Metzmacher
a610ce4aa6
libcli/nbt: we don't need LIBCLI_COMPOSITE anymore
...
metze
Autobuild-User: Stefan Metzmacher <metze@samba.org>
Autobuild-Date: Mon Oct 18 16:18:32 UTC 2010 on sn-devel-104
2010-10-18 16:18:32 +00:00
Stefan Metzmacher
820ae3d9a3
libcli/nbt: convert nbt_name_register_bcast_send/recv to tevent_req
...
metze
2010-10-18 15:36:16 +00:00
Stefan Metzmacher
0b8056d580
libcli/nbt: s/name_register_bcast_handler/nbt_name_register_bcast_handler
...
metze
2010-10-18 15:36:16 +00:00
Stefan Metzmacher
c654a6c02b
libcli/nbt: s/register_bcast_state/nbt_name_register_bcast_state/
...
metze
2010-10-18 15:36:16 +00:00
Stefan Metzmacher
77d82fe944
libcli/nbt: move nbt_name_register_bcast_send to the top of nbt_name_register_bcast_*
...
metze
2010-10-18 15:36:16 +00:00
Stefan Metzmacher
e3a0463414
libcli/nbt: convert nbt_name_register_wins_send/recv to tevent_req
...
metze
2010-10-18 15:36:15 +00:00
Stefan Metzmacher
4f233c7ff8
libcli/nbt: s/name_register_wins_handler/nbt_name_register_wins_handler
...
metze
2010-10-18 15:36:15 +00:00
Stefan Metzmacher
b16681374c
libcli/nbt: s/register_wins_state/nbt_name_register_wins_state
...
metze
2010-10-18 15:36:15 +00:00
Stefan Metzmacher
549b594c57
libcli/nbt: move nbt_name_register_wins_send() to the top of all nbt_name_register_wins_* related code
...
metze
2010-10-18 15:36:15 +00:00
Stefan Metzmacher
43fb7f1698
libcli/nbt: convert nbt_name_refresh_wins_send/recv to tevent_req
...
metze
2010-10-18 15:36:15 +00:00
Stefan Metzmacher
332f261bbf
libcli/nbt: s/name_refresh_wins_handler/nbt_name_refresh_wins_handler
...
metze
2010-10-18 15:36:15 +00:00
Stefan Metzmacher
3ded1da8e9
libcli/nbt: s/refresh_wins_state/nbt_name_refresh_wins_state
...
metze
2010-10-18 15:36:15 +00:00
Stefan Metzmacher
e36e7295da
libcli/nbt: move nbt_name_refresh_wins_send() to the top of all nbt_name_refresh_wins_* related code
...
metze
2010-10-18 15:36:15 +00:00
Stefan Metzmacher
72a8966499
libcli/util: add pipe related NT_STATUS_RPC_* codes
...
metze
2010-10-18 14:50:21 +02:00
Andrew Tridgell
40a6e019fd
security: ensure the merge of libcli/security doesn't change s3 behaviour
...
Jeremy, you put a #if 0 around this logic in this commit:
8344e945
(Jeremy Allison 2008-10-31 10:51:45 -0700 181)
is this still needed?
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
Autobuild-User: Andrew Tridgell <tridge@samba.org>
Autobuild-Date: Thu Oct 14 03:16:41 UTC 2010 on sn-devel-104
2010-10-14 03:16:41 +00:00
Andrew Bartlett
f7ffc12e2d
libcli/security Use static SIDs rather than parsing from strings
...
This should make the security_token_is_*() calls a little faster.
Andrew Bartlett
Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-10-14 02:35:05 +00:00
Andrew Bartlett
a879a4610d
libcli/auth Merge source4/libcli/security and util_sid.c into the common code
...
This should ensure we only have one copy of these core functions
in the tree.
Andrew Bartlett
Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-10-14 02:35:05 +00:00
Andrew Bartlett
8b22eefd25
libcli/security Define traditional constants in terms of IDL macros
...
The source3/ code uses these constants in a lot of places, and it will
take time and care to rename them, if that is desired. Linking the
macros here will at least allow common code to use the IDL based macros,
and preserve a documentary link between the constants (other than just their value)
Andrew Bartlett
Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-10-14 02:35:05 +00:00
Andrew Bartlett
949541cc6f
libcli/security Move source3/lib/util_seaccess.c into the common code
...
Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-10-14 02:35:05 +00:00
Andrew Bartlett
f768b32e37
libcli/security Provide a common, top level libcli/security/security.h
...
This will reduce the noise from merges of the rest of the
libcli/security code, without this commit changing what code
is actually used.
This includes (along with other security headers) dom_sid.h and
security_token.h
Andrew Bartlett
Autobuild-User: Andrew Bartlett <abartlet@samba.org>
Autobuild-Date: Tue Oct 12 05:54:10 UTC 2010 on sn-devel-104
2010-10-12 05:54:10 +00:00
Andrew Bartlett
0487ef0a70
libcli/security Add debug class to security_token_debug() et al
...
This will allow it to replace functions in source3 that use debug classes.
Andrew Bartlett
2010-10-12 02:54:16 +00:00
Andrew Bartlett
ae52f953af
libcli/security Move most of security_token.c to common code.
...
The source4-specific session_info functions have been left in session.c
Andrew Bartlett
2010-10-12 02:54:16 +00:00
Jelmer Vernooij
2c9ebb7646
libsecurity-common: Add missing dependency on libndr.
2010-10-11 01:06:35 +02:00
Jelmer Vernooij
dc47e8dc52
libcli-auth: Remove unnecessary dependency on libsamba-hostconfig.
2010-10-11 01:06:35 +02:00
Jeremy Allison
b69bec03cc
Add some const. Needed for my SD work.
...
Jeremy
2010-10-08 18:05:02 -07:00
Stefan Metzmacher
42d1a84a36
libcli/ldap: ldap_full_packet() requires at least 6 bytes
...
metze
2010-10-04 14:05:15 +00:00
Günther Deschner
0ff7e0c998
samba: share readline wrappers among all buildsystems.
...
Guenther
2010-10-01 22:30:22 +02:00
Stefan Metzmacher
9d4df79080
libcli/ldap: correctly marshall LDAP Unbind PDUs
...
metze
2010-09-27 08:24:35 +02:00
Stefan Metzmacher
95b56aabcb
libcli/ldap: let ldap_full_packet() use asn1_peek_tag_needed_size()
...
This allows us to read a full packet without read byte after byte
or possible read to much.
metze
2010-09-26 06:45:40 +02:00
Stefan Metzmacher
e628bf1081
libcli/util: let tstream_read_pdu_blob_* cope with variable length headers
...
metze
2010-09-26 06:45:38 +02:00
Simo Sorce
678993470f
libcli: fix compile warning
...
Signed-off-by: Günther Deschner <gd@samba.org>
2010-09-23 10:54:24 -07:00
Steven Danneman
bf1a4b2bc4
s4:libcli:smb2 Rename pending_id to async_id and make 64-bit
...
Match MS-SMB2 - 2.2.1.1 SMB2 Packet Header - ASYNC
2010-09-22 17:52:53 -07:00
Andrew Bartlett
ccbcffadb6
libcli/ldap Add const to ldap_encode_ndr_dom_sid()
...
Signed-off-by: Günther Deschner <gd@samba.org>
2010-09-20 15:06:30 -07:00
Günther Deschner
4006160179
libcli: add dom_sid_compare_domain()
...
Guenther
2010-09-20 14:03:13 -07:00
Kamen Mazdrashki
1fac1f0d28
werror: Add W_ERROR_HAVE_NO_MEMORY_AND_FREE() macro
2010-09-18 15:09:46 +03:00
Andrew Bartlett
6832d5e933
libcli/auth/ntlmssp Be clear about talloc parents for session keys
...
The previous API was not clear as to who owned the returned session key.
This fixes a valgrind-found use-after-free in the NTLMSSP key derivation code,
and avoids making allocations - we steal and zero instead.
Andrew Bartlett
Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-16 21:09:17 +10:00
Andrew Tridgell
5a0bb2234e
cldap: prevent crashes when freeing cldap socket
...
As a callback may destroy the cldap socket we need to ensure we don't
reference the cldap structure after the callback
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-09-15 15:39:36 +10:00
Andrew Tridgell
4ff452151a
cldap: use ipv4 not up for unbound cldap sockets
...
If we use "ip" we end up with a PF_INET6 socket which breaks sendto()
for v4 addresses.
2010-09-15 15:39:35 +10:00
Andrew Tridgell
67ac8555b1
s4-auth: set the RODC bit for RODC schannel
...
When we are using SEC_CHAN_RODC we need to set the
NETLOGON_NEG_RODC_PASSTHROUGH bit in the negotiated flags in
ServerAuthenticate2
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-09-15 15:39:34 +10:00
Jeremy Allison
55b315094e
Fix string_to_sid() to allow non '\0' termination of the string - allows
...
string_to_sid() to be used in formatted strings like FOO/S-1-5-XXXX-YYYY/BAR.
Jeremy.
2010-09-14 14:48:50 -07:00
Andrew Bartlett
46f585e364
libcli/security Use sid_append_rid() in dom_sid_append_rid()
...
This ensures that the maximum number of sub-authorities is respected,
otherwise we may run off the end of the array.
Andrew Bartlett
2010-09-14 14:48:49 -07:00
Andrew Bartlett
51ecf79654
libcli/security Merge source3/ string_to_sid() to common code
...
The source3 code repsects the limit of a maximum of 15 subauths,
while the source4 code does not, creating a security issue as
we parse string-form SIDs from clients.
Andrew Bartlett
2010-09-14 14:48:49 -07:00
Volker Lendecke
8768f627dc
ntlm_check: Fix some nonempty blank lines
2010-09-13 18:39:30 +02:00
Matthias Dieter Wallnöfer
b9b93b845c
libcli/auth/schannel_state_tdb.c - fix includes
...
Otherwise we get a "declared inside parameter list" warning.
2010-09-11 12:53:21 +02:00
Andrew Bartlett
fdcadb5c3c
libcli/privileges Fix comment
2010-09-11 18:46:13 +10:00
Andrew Bartlett
0eea8ecfe2
s4-privs Seperate rights and privileges
...
These are related, but slightly different concepts. The biggest difference
is that rights are not enumerated as a system-wide list.
This moves the rights to security.idl due to dependencies.
Andrew Bartlett
2010-09-11 18:46:13 +10:00
Andrew Bartlett
ee943fb2bf
libcli/security Remove unused SE_NONE define
...
Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-11 18:46:13 +10:00
Andrew Bartlett
eb6a0cc326
libcli/security Move 'private' privileges functions to another header
...
These functions work on the bitmap, and are only exposed because
the source3/ privileges storage uses the bitmap in account_policy.tdb
Andrew Bartlett
Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-11 18:46:13 +10:00
Andrew Bartlett
6d2b1ef71d
libcli/security Remove 'always true' return from se_priv_put_all_privileges
...
Andrew Bartlett
Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-11 18:46:13 +10:00
Andrew Bartlett
eb84c7ac90
libcli/auth Failure to find the cached session key for SCHANNEL isn't level 0
...
This happens all the time, particularly now that we don't keep the
db around after a reboot. Don't scare the admins with the level 0.
Andrew Bartlett
Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-11 18:46:12 +10:00
Andrew Tridgell
382e2b321b
privileges: privilege luids are not all below 64
...
the ones brought across from s3 have higher values
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-09-11 18:46:12 +10:00
Andrew Bartlett
a32cdadb7c
libcli/security Make sec_privilege_from_index() return SEC_PRIV_INVALID on failure
...
This is clearer and more consistent than using a magic -1 return
Andrew Bartlett
Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-11 18:46:11 +10:00
Andrew Bartlett
0b41ef7895
libcli/security Remove unused declarations from privileges.h
...
Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-11 18:46:11 +10:00
Andrew Bartlett
71832a404e
libcli/security Expose sec_privilege_mask()
...
Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-11 18:46:11 +10:00
Andrew Bartlett
6d78e11e17
libcli/security make sec_privilege_id() return SEC_PRIV_INVALID on failure.
...
Andrew Bartlett
Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-11 18:46:10 +10:00
Andrew Bartlett
8ff6bc2350
libcli/security Remove unused functions and constants.
...
All the callers to these functions have been removed or reworked.
Andrew Bartlett
Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-11 18:46:10 +10:00
Andrew Bartlett
a53a42ffb8
libcli/security Rename all privilege bitmaps constants
...
The idea here to to make it very clear how they differ from the
enumerated LUID values.
Andrew Bartlett
Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-11 18:46:10 +10:00
Andrew Bartlett
2bb7b827d6
libcli/security Remove luid_to_se_priv() and luid_to_privilege_name()
...
These functions duplicate other functions in the merged code.
Andrew Bartlett
Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-11 18:46:10 +10:00
Andrew Bartlett
aab0b557b9
libcli/security Improve dump of privileges: Just walk the table
...
This removes some logic recently added that was just too smart - it
is easier to just walk the table and do a bit match here.
Andrew Bartlett
Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-11 18:46:09 +10:00
Andrew Bartlett
0e2142a927
s3-privs Remove pointer indirection from se_priv_to_privilege_set()
...
Andrew Bartlett
Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-11 18:46:09 +10:00
Andrew Bartlett
cbd72ab93b
libcli/security Don't export privs[] as a global variable
...
Instead, provide access functions for the LSA and net sam callers
for the information they need.
They still only enumerate the first 8 privileges that have traditionally
been exposed.
Andrew Bartlett
Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-11 18:46:08 +10:00
Andrew Bartlett
3c93d1ecbf
libcli/security Merge privilege lists from source3 and source4
...
The LSA enumeration in source3 will not show the new privileges,
but otherwise, they are now in common, and can be set by name.
Andrew Bartlett
Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-11 18:46:08 +10:00
Andrew Bartlett
d2e41105e2
libcli/security Return number of entries in the old source3 list
...
This ensures there isn't a behaviour change when the source3 list is combined
with the longer source4 list.
Andrew Bartlett
Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-11 18:46:08 +10:00
Andrew Bartlett
eb8e3155de
libcli/privileges Simplify get_privilege_luid() to return just the enum
...
As Samba only deals with the lower 32 bits of the LUID, just return those
and let the LSA layer deal with the upper 0 bits.
Andrew Bartlett
Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-11 18:46:08 +10:00
Andrew Bartlett
cdda15c062
libcli/security Don't memcpy a uint64_t value, just assign it.
...
Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-11 18:46:08 +10:00
Andrew Bartlett
780de03f00
libcli/security Use ARRAY_SIZE() consistantly.
...
This avoids the use of SE_END, and has all callers walking the
array using the same termination condition.
Andrew Bartlett
Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-11 18:46:08 +10:00
Andrew Bartlett
66ac968dd5
libcli/security Fix and clarify privilege manipulation function comments
...
Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-11 18:46:07 +10:00
Andrew Bartlett
9fb92c6014
libcli/security Make the two privileges tables share a common struct definition
...
Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-11 18:46:07 +10:00
Andrew Bartlett
dbee98d30f
libcli/security Move source4/ privileges code into the common libcli/security
...
Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-11 18:46:07 +10:00
Andrew Bartlett
0d25212cc1
s3-privs Move manual prototypes to common privileges.h
...
Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-11 18:46:07 +10:00
Andrew Bartlett
b29b6c13a3
s3-privs Inline dump_se_priv into callers now that it's just a uint64_t
...
The previous 128 bit structure needed this helper function.
Andrew Bartlett
Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-11 18:46:07 +10:00
Andrew Bartlett
f85b822bd4
libcli/security Use talloc_realloc() not TALLOC_REALLOC_ARRAY()
...
Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-11 18:46:07 +10:00
Andrew Bartlett
3f589c2155
libcli/security Use C99 types
...
Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-11 18:46:07 +10:00
Andrew Bartlett
b0690d6da7
libcli/security Use true and false, not True and False
...
Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-11 18:46:06 +10:00
Andrew Bartlett
f20bba97d8
s3-privs Move source3/ privileges implmentation into common
...
Andrew Bartlett
Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-11 18:46:06 +10:00
Matthias Dieter Wallnöfer
5c33ef2758
s3/s4:libcli/tstream - add more "char *" casts in order to suppress Solaris warnings
2010-09-10 22:45:49 +02:00
Günther Deschner
fe30e35967
libcli/netlogon: add LOGON_REQUEST handling to pull_nbt_netlogon_response().
...
Guenther
2010-09-09 23:07:10 +02:00
Günther Deschner
9a1dbe04a8
libcli/netlogon: add LOGON_RESPONSE2 to pull_nbt_netlogon_response().
...
Guenther
2010-09-09 23:07:10 +02:00
Günther Deschner
daa948df2b
libcli/netlogon: add NETLOGON_RESPONSE2 to push_nbt_netlogon_response().
...
Guenther
2010-09-09 23:07:10 +02:00
Matthias Dieter Wallnöfer
1991c2a8ee
libcli/auth/ntlm_check.c - fix parameter indentation
2010-08-26 21:06:07 +02:00
Jelmer Vernooij
e260965929
manpages: Avoid using Samba-Team specific DTD, which requires net access
...
or modification of /etc/catalogs.
2010-08-26 04:04:37 +02:00
Günther Deschner
898c612335
s3-dcerpc: avoid talloc_move on schannel creds in cli_rpc_pipe_open_schannel_with_key().
...
Initially, the schannel creds were talloc memduped, then, during the netlogon
creds client merge (baf7274fed
) they were first
talloc_referenced and then later (53765c81f7
)
talloc_moved.
The issue with using talloc_move here is that users of that function in winbind
will only be able to have two schanneled connections, as the cached schannel
credentials pointer from the netlogon pipe will be set to NULL. Do a deep copy
of the struct instead.
Guenther
2010-08-24 02:04:27 +02:00
Matthias Dieter Wallnöfer
7ffae93762
werror.h - fix order and duplicate DS error codes
2010-08-14 19:41:46 +02:00
Günther Deschner
feb432292e
ntlmssp: fix unitialized variable in ntlmssp_server_postauth().
...
Guenther
2010-08-12 16:28:10 +02:00
Volker Lendecke
f62756e8f0
Fix a typo
2010-08-12 08:07:50 +02:00
Andrew Bartlett
75adca63f2
libcli/auth Make the source3/ implementation of the NTLMSSP server common
...
This means that the core logic (but not the initialisation) of the
NTLMSSP server is in common, but uses different authentication backends.
Andrew Bartlett
Signed-off-by: Günther Deschner <gd@samba.org>
2010-08-10 16:22:04 +02:00
Günther Deschner
78fa58f8c3
libcli/auth/ntlmssp: remove outdated comment. The version flag is well understood now.
...
Guenther
2010-08-10 11:56:33 +02:00
Andrew Bartlett
1e83b36afb
libcli/auth Move some source3/ NTLMSSP functions to the common code.
...
libcli/auth Use true and false rather than True and False in common code
Andrew Bartlett
Signed-off-by: Günther Deschner <gd@samba.org>
2010-08-10 11:56:33 +02:00
Andrew Tridgell
6b266b85cf
s4-loadparm: 2nd half of lp_ to lpcfg_ conversion
...
this converts all callers that use the Samba4 loadparm lp_ calling
convention to use the lpcfg_ prefix.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
2010-07-16 18:24:27 +10:00
Günther Deschner
5f8678f34b
libcli/netlogon: re-enable debugging.
...
Now that we do not share binary objects anymore, we can safely enable
debugging here again.
Guenther
This reverts commit 3eb122069b
.
2010-07-16 02:37:51 +02:00
Günther Deschner
3f453f73a8
s3-libads: move spnego defines to their appropriate header file.
...
Guenther
2010-07-01 23:20:40 +02:00
Andreas Schneider
45fc728498
libcli: Fixed a build warning for a missing prototype.
2010-06-30 10:26:59 +02:00
Andrew Bartlett
c84b74dddd
schannel Change to TDB_CLEAR_IF_FIRST to reduce fsync()
...
By making this DB TDB_NOSYNC, and by making that safe with
TDB_CLEAR_IF_FIRST, we greatly reduce the fsync() load on the server.
This particularly helps the source4/ 'make test', which otherwise tries
to disable fsync() in ldb.
Andrew Bartlett
Signed-off-by: Jeremy Allison <jra@samba.org>
2010-06-25 12:00:36 -07:00
Andrew Bartlett
825b2f456c
libcli/auth make open_schannel_session_store() public
...
This will allow TDB_CLEAR_IF_FIRST to be used
Signed-off-by: Jeremy Allison <jra@samba.org>
2010-06-25 11:57:23 -07:00
Stefan Metzmacher
eb3ee7801f
libcli/named_pipe_auth: fix error handling in _tstream_npa_connect_recv()
...
metze
2010-06-21 16:20:25 +02:00
Stefan Metzmacher
67a24fe933
libcli/named_pipe_auth: fix memory handling for temporary data
...
In a tevent_req based function tevent_req_create() should be the first
function! If it fails it's the only reason, why the function
could every return NULL.
And all temporary data belongs to 'state' and gets free'ed by
tevent_req_received() in the _recv function.
metze
2010-06-21 16:16:15 +02:00
Matthias Dieter Wallnöfer
276a1a7fec
s3/s4 - remove "talloc_tos()" from common code since s4 doesn't support it
...
Please don't use this in common code parts until we change the policy regarding
it.
2010-06-21 12:35:51 +02:00
Brendan Powers
d3a99579f6
libcli: Fixed a segfault in security_acl_dup when the acl is NULL.
...
This can happen when duplicating a security descriptor that is missing either sacls or dacls.
Signed-off-by: Matthias Dieter Wallnöfer <mdw@samba.org>
2010-06-19 22:20:48 +02:00
Jeremy Allison
c705c35076
Fix warning messages about unused result of talloc_move. We're really talloc_steal'ing here.
2010-06-14 16:26:13 -07:00
Andrew Bartlett
d25e9ab9a1
named_pipe_auth Always lower case the incoming pipe name
...
Windows connects to an upper case NETLOGON pipe, and we can't find the
socket to connect to until we lower case the name.
Andrew Bartlett
2010-06-07 23:34:28 +10:00
Andrew Bartlett
fdc6db34ca
s4:ntlmssp Use common code for ntlmssp_sign.c
...
The common code does not have a mem_ctx on ntlmssp_check_packet() and
ntlmssp_unseal_packet().
We do however need some internal working of the code exposed, so some
structures are moved to ntlmssp_sign.h
Andrew Bartlett
2010-06-01 17:11:24 +10:00
Andrew Bartlett
62708fbd1b
s3:ntlmssp Move ntlmssp_sign.c from source3 to common code.
...
This needs a small re-arrangement of the supporting code.
Andrew Bartlett
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Günther Deschner <gd@samba.org>
2010-05-31 15:11:36 +02:00
Andrew Bartlett
ebae21f023
ntlmssp: Make the ntlmssp.h from source3/ a common header
...
The code is not yet in common, but I hope to fix that soon.
Andrew Bartlett
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Günther Deschner <gd@samba.org>
2010-05-31 15:10:56 +02:00
Günther Deschner
c00407bd35
libcli/nbt/lmhosts: fix missing prototype warning.
...
Andrew, please check.
Guenther
2010-05-31 11:25:24 +02:00
Simo Sorce
b7159e6ffd
named_pipe_auth: implement tstream_npa_accept_existing_send/recv
...
Pair-programmed-with: Stefan Metzmacher <metze@samba.org>
2010-05-26 09:23:47 +02:00
Jeremy Allison
b2a7ad8c95
Make DFS work over SMB2.
...
Jeremy.
2010-05-21 16:56:10 -07:00
Jeremy Allison
2d46e07c47
Fix what looks like a cut-and-paste error in our read_negTokenInit() function.
...
We should never be calling asn1_push_XXX functions inside an asn1
reading function. Change asn1_push_tag() -> asn1_start_tag() and
asn1_pop_tag() -> asn1_end_tag(). This allows us to connect to a
NetApp filer at the Microsoft plugfest.
Andrew PLEASE CHECK !
Jeremy.
2010-05-20 14:50:16 -07:00
Jeremy Allison
b0d7a3d123
Thanks to Andrew Bartlett's advice, fix the NTLMSSP version problem the correct way.
...
No more magic blobs :-). Use ndr_push_struct_blob() to
push a properly formatted VERSION struct.
Jeremy.
2010-05-19 10:36:39 -07:00
Jelmer Vernooij
b8268cf7b0
s3: Remove use of iconv_convenience.
2010-05-18 11:45:31 +02:00
Jelmer Vernooij
f9ca9e46ad
Finish removal of iconv_convenience in public API's.
2010-05-18 11:45:30 +02:00
Jelmer Vernooij
fc336590dc
Remove the copy of ldb from Samba 3.
...
There were two utility functions that other parts of Samba 3
still relied on; they have been moved to lib/ldb_compat.[ch].
2010-05-06 11:34:30 +02:00
Stefan Metzmacher
21ec116bbf
libcli/named_pipe_auth: we need to hide length of the message mode header from the caller
...
metze
2010-04-28 15:45:38 +02:00
Matthias Dieter Wallnöfer
eceffe6909
nbt: samlogon/netlogon structures - unify denominations
2010-04-27 18:45:41 +02:00
Günther Deschner
ee1b8e5ede
registry: add some shared registry helper functions.
...
Guenther
2010-04-27 16:42:14 +02:00
Andrew Tridgell
211bf1ea17
s4-waf: removed the unused installdir= option to SAMBA_BINARY()
...
This was left over from the automatic conversion of the config.mk
files
2010-04-18 21:47:00 +10:00
Volker Lendecke
4d84dab21d
libcli/auth: Fix an uninitialized variable
...
value.dptr was used uninitialized in the "goto done;"
2010-04-11 22:57:25 +02:00
Andrew Tridgell
b690fedef5
s4-waf: removed the AUTOGENERATED markers
...
we won't be using the mk -> wscript generator again
2010-04-06 20:27:16 +10:00
Andrew Tridgell
b0fb567f04
s4-waf: more dependencies on talloc
...
these are needed so we can support a system talloc without using the
bundled talloc.h
2010-04-06 20:27:13 +10:00
Andrew Tridgell
b9aa63887c
s4-waf: cleanup use of LIBPOPT vs popt dependency
2010-04-06 20:27:13 +10:00
Andrew Tridgell
01682f797f
s4-waf: fixed some deps now we don't auto-include tevent and replace
...
this is preparation for being able to use system versions of these
libraries
2010-04-06 20:27:12 +10:00
Andrew Tridgell
f9eae32f4b
s4-waf: mark the wscript files as python so vim/emacs knows how to highlight them
2010-04-06 20:27:11 +10:00
Andrew Tridgell
aa5e08eb83
s4-waf: install the rest of the headers
2010-04-06 20:27:09 +10:00
Andrew Tridgell
844acb2260
build: waf quicktest nearly works
...
Rewrote wafsamba using a new dependency handling system, and started
adding the waf test code
2010-04-06 20:26:48 +10:00
Andrew Tridgell
845e0cbe6f
build: commit all the waf build files in the tree
2010-04-06 20:26:48 +10:00
Matthias Dieter Wallnöfer
818fcfb813
libcli/nbt/dns_hosts_file.c - change "ULONG_MAX" into "UINT32_MAX"
...
This fits better since the variable which is tested is of type "uint32_t".
2010-03-30 19:08:57 +02:00
Volker Lendecke
c377a91373
Attempt to fix the build on AIX, that system seems to have a #define for s_type
2010-03-28 16:23:24 +02:00
Andrew Tridgell
fae84f98e3
libutil: moved the networking defines to util_net.h
...
These were causing thousands of warnings on solaris8
2010-03-26 17:36:02 +11:00
Günther Deschner
e7cc45cb14
error_codes: fix NT_STATUS_RPC_UNKNOWN_IF typo.
...
Metze, please check.
Guenther
2010-03-19 09:30:36 +01:00
Stefan Metzmacher
6a1f8e67eb
libcli/util: add more NT_STATUS_RPC_* defines
...
metze
2010-03-18 14:25:57 +01:00
Matthias Dieter Wallnöfer
36175be5d4
libcli/auth/schannel_state_tdb.c - fix a memory leak
2010-03-16 17:11:47 +01:00
Andrew Bartlett
263d4b5c93
libcli/nbt Add parser for a 'hosts' file that takes DNS record types
2010-03-11 11:27:48 +11:00
Matthias Dieter Wallnöfer
1deefcaee1
libcli/auth/schannel_state_tdb.c - fix an obviously wrong error handling
2010-03-09 17:18:26 +01:00
Stefan Metzmacher
6eedba102b
libcli/auth: add a const to des_crypt112_16()
...
metze
2010-03-05 14:06:18 +01:00
Karolin Seeger
340797f3fa
Fix typo in comments.
2010-03-03 16:03:13 +01:00
Michael Adam
f37030b33a
libcli/security: fix sddl.c to be able to build it from source3
2010-03-03 09:16:34 +01:00
Michael Adam
15b60a7e3f
s4:move the sddl code down to the top level
...
Michael
2010-03-03 09:16:34 +01:00
Stefan Metzmacher
d671b80cf5
libcli/auth: print the error in the debug message
...
metze
2010-02-26 10:43:46 +01:00
Simo Sorce
805f7507e2
s4:cleanup remove unused schannel ldb code
2010-02-23 12:46:51 -05:00
Simo Sorce
1203de99b1
s4:schannel merge code with s3
...
After looking at the s4 side of the (s)channel :) I found out that it makes
more sense to simply make it use the tdb based code than redo the same changes
done to s3 to simplify the interface.
Ldb is slow, to the point it needs haks to pre-open the db to speed it up, yet
that does not solve the lookup speed, with ldb it is always going to be slower.
Looking through the history it is evident that the schannel database doesn't
really need greate expanadability. And lookups are always done with a single
Key. This seem a perfet fit for tdb while ldb looks unnecessarily complicated.
The schannel database is not really a persistent one. It can be discared during
an upgrade without causing any real issue. all it contains is temproary session
data.
2010-02-23 12:46:50 -05:00
Simo Sorce
1d0938c629
schannel_tdb: make code compilable in both trees
2010-02-23 12:46:50 -05:00
Simo Sorce
3b12c38ac0
s3:schannel streamline interface
...
Make calling schannel much easier by removing the need to explicitly open the
database. Let the abstraction do it instead.
2010-02-23 12:46:50 -05:00
Simo Sorce
e5ab64a799
s3:schannel fix memory hierarchy
...
passing mem_ctx was causing creds->sid to be allocated on mem_ctx and not be
child of creds as expected. When later in schannel_check_creds_state() we
stole the creds on a different memory context the sid was left behind and the
memory it points to freed when the temporary context was freed.
2010-02-23 12:46:50 -05:00
Simo Sorce
bb9014d5cb
schannel: merge header files
...
One almost empty header file was simply including another not included by
anything else. Just merge them together.
2010-02-23 12:46:50 -05:00
Simo Sorce
8e2f5fe7c5
s4:schannel more readable check logic
...
Make the initial schannel check logic more understandable.
Make it easy to define different policies depending on the caller's
security requirements (Integrity/Privacy/Both/None)
This is the same change applied to s3
2010-02-23 12:46:50 -05:00
Simo Sorce
b4c9dc3724
s3:schannel more readable check logic
...
Make the initial schannel check logic more understandable.
Make it easy to define different policies depending on ther caller's security
requirements (Integrity/Privacy/Both/None)
2010-02-23 12:46:50 -05:00
Andreas Schneider
975a7a3d1b
tstream: Added a typedef for the function prototype.
2010-02-23 13:48:22 +01:00
Andrew Tridgell
76a7382346
lib: use TYPESAFE_QSORT() in lib/ and libcli/
2010-02-14 18:44:20 +11:00
Andrew Tridgell
6b01ca95a8
nbt: don't reference the event_ctx in nbtsock
...
This causes talloc_free with references errors
2010-02-08 11:04:59 +11:00
Matt Kraai
aa6a507e76
Change uint_t to unsigned int in libcli
...
Signed-off-by: Stefan Metzmacher <metze@samba.org>
2010-02-02 07:18:17 +01:00
Stefan Metzmacher
e37dc56e97
libcli/nbt: fix ndr_push_nbt_string() string labels with a length of 63 (0x3F) are allowed
...
metze
2010-02-01 15:23:32 +01:00
Matthias Dieter Wallnöfer
dfd93fc7e3
s4:libcli/util/tstream.c - Need to include "system/network.h"
...
Otherwise I don't get "struct iovec" through "<sys/uio.h>" on CentOS 4.
2010-01-29 20:01:34 +01:00
Stefan Metzmacher
6442b0fcc1
libcli/nbt: fix off-by-one bug in ndr_pull_wrepl_nbt_name()
...
The scope starts at byte 17 with index 16.
metze
2010-01-29 15:55:11 +01:00
Stefan Metzmacher
c50a17cc8d
libcli/nbt: fix ndr_pull/push_wrepl_nbt_name()
...
[MS-WINSRA] — v20091104 was wrong
regarding section "2.2.10.1 Name Record"
If the name buffer is already 4 byte aligned
Windows (at least 2003 SP1 and 2008) add 4 extra
bytes. This can happen when the name has a scope.
metze
2010-01-29 15:55:10 +01:00
Volker Lendecke
005bbd0826
Revert "libcli/security: Remove a call to strncasecmp"
...
This reverts commit 7c687665ea
.
2010-01-25 16:45:32 +01:00
Volker Lendecke
d86d5be636
Revert "libcli/security: Convert some strtol calls to strtoul"
...
This reverts commit 7fe66e06c4
.
2010-01-25 16:45:32 +01:00
Volker Lendecke
fa47dbb57a
Revert "libcli/security: Fix a valgrind error in dom_sid_parse"
...
This reverts commit f1c889a4e6
.
2010-01-25 16:45:31 +01:00
Volker Lendecke
a53a8ec452
Revert "libcli/security: Prohibit SID formats like S-1-5-32-+545"
...
This reverts commit 1fbeae4165
.
Apparently this breaks the build of Samba4
2010-01-25 12:40:51 +01:00
Volker Lendecke
1fbeae4165
libcli/security: Prohibit SID formats like S-1-5-32-+545
2010-01-23 16:28:11 +01:00
Volker Lendecke
f1c889a4e6
libcli/security: Fix a valgrind error in dom_sid_parse
2010-01-23 16:28:11 +01:00
Volker Lendecke
7fe66e06c4
libcli/security: Convert some strtol calls to strtoul
...
This tightens the dom_sid_parse syntax check a bit: "--" would have been
allowed in sid string
2010-01-23 16:28:11 +01:00
Volker Lendecke
7c687665ea
libcli/security: Remove a call to strncasecmp
2010-01-23 16:28:11 +01:00
Stefan Metzmacher
bbaec01b37
libcli/util: add tstream_read_pdu_blob_send/recv
...
This will take the some full_request callback function
as the Samba4 packet code.
metze
2010-01-08 14:36:43 +01:00
Volker Lendecke
be05d71b9e
Simplify E_md5hash a bit
2010-01-07 11:07:55 +01:00
Andrew Bartlett
ba2cfceb96
libcli/auth Make gd's NDR NTLMSSP parsers helpers common
...
(but not built in Samba4 for now)
2009-12-22 21:07:51 +01:00
Andrew Tridgell
f9302f9e08
ldap: give a debug error when we don't know a control
...
This interface should really have a proper error interface, but at
least a DEBUG() gives the user a chance of finding the error
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2009-12-16 20:56:23 +11:00
Andrew Tridgell
1b20002cc2
libcli: use GUID_to_ndr_blob()
2009-12-10 17:51:28 +11:00
Andrew Tridgell
6eb262f0e8
libcli: allow ntstatus.h to be used by openchange
...
apparently ntstatus.h is used by openchange, but they don't include
replace.h. This makes that possible again.
2009-11-25 15:30:20 +11:00
Andrew Bartlett
b5ce97511a
libcli/nbt Move more of lmhosts lookup into common code
...
This aims to eventually share this with Samba4.
Andrew Bartlett
2009-11-04 14:58:25 +11:00
Stefan Metzmacher
dc8e681755
libcli/auth: initialize creds in netlogon_creds_client_init_session_key()
...
metze
2009-10-24 11:59:15 +02:00
Stefan Metzmacher
f2da9c8c1a
libcli/auth: fix memory leak in schannel_creds_server_step_check_ldb()
...
metze
2009-10-24 11:59:14 +02:00
Stefan Metzmacher
5ae1d700eb
libcli/auth: don't leak the ldb_msg in schannel_store_session_key_ldb()
...
metze
2009-10-24 11:59:13 +02:00
Andrew Tridgell
3050f83288
s4-python: we need to include Python.h first
...
If we don't include Python.h first then we get a pile of warnings due
to broken redefines of XOPEN_SOURCE in the Python includes.
2009-10-23 16:23:01 +11:00
Andrew Tridgell
b6a1beb131
added NT_STATUS_NOT_OK_RETURN_AND_FREE()
...
Try to make it a bit easier to avoid leaks in common code
2009-10-17 13:01:02 +11:00
Matthias Dieter Wallnöfer
19302db6cb
s3/s4 common: fix up header file
2009-10-04 20:18:28 +02:00
Kamen Mazdrashki
1f2490e7d8
w32err: Importing auto-generated Win32 errors and descriptions
...
Error codes and their descriptions are generated
using w32err_code.py script.
Error are downloaded from MS site:
http://msdn.microsoft.com/en-us/library/cc231199%28PROT.10%29.aspx
Signed-off-by: Anatoliy Atanasov <anatoliy.atanasov@postpath.com>
2009-09-30 15:48:41 +03:00
Kamen Mazdrashki
0e1840b84a
w32err: WERR_GROUP_NOT_FOUND renamed to WERR_GROUPNOTFOUND
...
In Win 32 we have
NERR_GroupNotFound which maps to WERR_GROUP_NOT_FOUND currently
and we have
ERROR_GROUP_NOT_FOUND which maps to nothing, so it is to be added
Signed-off-by: Anatoliy Atanasov <anatoliy.atanasov@postpath.com>
2009-09-30 15:48:41 +03:00
Kamen Mazdrashki
948cd70bad
w32err: WERR_USER_EXISTS replace with WERR_USEREXISTS name
...
In Win32 we have
NERR_UserExists which maps to WERR_USER_EXISTS currently
and there is
ERROR_USER_EXISTS which maps to WERR_USER_ALREADY_EXISTS
Signed-off-by: Anatoliy Atanasov <anatoliy.atanasov@postpath.com>
2009-09-30 15:48:40 +03:00
Kamen Mazdrashki
d9994a604b
w32err: WERR_DC_NOT_FOUND replaced with WERR_DCNOTFOUND
...
It turns out in win32 ERROR_DC_NOT_FOUND exists and it is
an error for Device Context (DC), not Domain Controller
Signed-off-by: Anatoliy Atanasov <anatoliy.atanasov@postpath.com>
2009-09-30 15:48:40 +03:00
Kamen Mazdrashki
0e64fcb18f
w32err: FRS_ group of errors replaced with numeric values
...
Signed-off-by: Anatoliy Atanasov <anatoliy.atanasov@postpath.com>
2009-09-30 15:48:40 +03:00
Kamen Mazdrashki
e669113900
w32err: WERR_DOMAIN_CONTROLLER_NOT_FOUND error value fixed
...
Signed-off-by: Anatoliy Atanasov <anatoliy.atanasov@postpath.com>
2009-09-30 15:48:40 +03:00
Nadezhda Ivanova
6283f2caaa
Initial implementation of security descriptor creation in DS
...
TODO's:
ACE sorting and clarifying the inheritance of object specific ace's.
2009-09-20 15:16:17 -07:00
Andrew Bartlett
59bea84362
libcli:nbt move prototypes of lmhosts functions to libnbt.h
2009-09-19 14:34:16 -07:00
Stefan Metzmacher
825484ee6d
libcli/named_pipe_auth: pass gssapi delegated credentials through the named pipe
...
metze
2009-09-18 20:34:42 +02:00
Andrew Tridgell
ec422edab5
util: use likely/unlikely for NT_STATUS_* macros
2009-09-17 21:52:24 -07:00
Kouhei Sutou
f8dae40fc8
spnego: Support ASN.1 BIT STRING and use it in SPNEGO.
...
Signed-off-by: Günther Deschner <gd@samba.org>
2009-09-17 20:10:54 +02:00
Kamen Mazdrashki
8bebce45d3
w32err: Set hex format values for all errors
...
Signed-off-by: Günther Deschner <gd@samba.org>
2009-09-17 07:18:46 +02:00
Kamen Mazdrashki
3f835eb947
w32err: Re-define errors with numeric values
...
Signed-off-by: Günther Deschner <gd@samba.org>
2009-09-17 07:18:41 +02:00
Kamen Mazdrashki
91d3d3c6a2
w32err: Sorting error codes in ascending order
...
Signed-off-by: Günther Deschner <gd@samba.org>
2009-09-17 07:18:36 +02:00
Kamen Mazdrashki
fc1ac736d6
w32err: NERR_ codes grouped together
...
Signed-off-by: Günther Deschner <gd@samba.org>
2009-09-17 07:18:31 +02:00
Kamen Mazdrashki
1cfac63fa4
w32err: WERR_CLASS_NOT_REGISTERED updated
...
Error code move to COM/OLE group.
Error value changed to as REGDB_E_CLASSNOTREG in Windows
Signed-off-by: Günther Deschner <gd@samba.org>
2009-09-17 07:18:29 +02:00
Günther Deschner
43e198c188
spnego: add spnego_proto.h.
...
Guenther
2009-09-17 01:39:12 +02:00
Günther Deschner
503d035814
spnego: share spnego_parse.
...
Guenther
2009-09-17 01:12:20 +02:00
Günther Deschner
83023462f9
libcli/auth: remove trailing whitespace.
...
Guenther
2009-09-16 18:00:16 +02:00
Nadezhda Ivanova
d70e171719
Owner and group defaulting.
...
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
2009-09-16 07:52:05 -07:00
Stefan Metzmacher
033ced60ac
libcli/auth: rewrite schannel sign/seal code to be more generic
...
This prepares support for HMAC-SHA256/AES.
metze
2009-09-16 12:29:06 +02:00
Günther Deschner
5b86a0ac01
schannel: remove last traces of gensec.
...
Guenther
2009-09-16 03:23:05 +02:00
Günther Deschner
799f8d7e13
schannel: fully share schannel sign/seal between s3 and 4.
...
Guenther
2009-09-16 01:55:06 +02:00
Günther Deschner
f3979b50a9
schannel: move schannel_sign to main directory.
...
Guenther
2009-09-16 01:54:59 +02:00
Andrew Bartlett
5a01071692
libcli:nbt put util_net.c protos in new header file
...
This fixed a very odd build problem due to util.h importing
system/network.h being imported before the uid_wapper code.
Andrew Bartlett
2009-09-15 10:38:53 -07:00
Andrew Bartlett
668470c992
libcli:nbt make the lmhosts parsing code and dependicies common
...
This starts the process to have Samba4 use lmhosts.
Andrew Bartlett
2009-09-15 07:42:54 -07:00
Günther Deschner
cac5e64c00
s3-errors: add NT_STATUS_RPC_NT_PROCNUM_OUT_OF_RANGE.
...
Guenther
2009-09-11 02:58:34 +02:00
Andrew Tridgell
2ff4764f8f
libcli: added a drsuapi attribute encryption function
2009-09-10 17:42:13 +10:00
Andrew Bartlett
5283ad11bd
libcli:drsuapi Add function to encrypt data for transport over DRSUAPI
...
This is for the server side of the GetNCChanges call.
Andrew Bartlett
2009-09-10 15:50:32 +10:00
Günther Deschner
5f2ec4b202
s3-nterr: add NT_STATUS_RPC_NT_CALL_FAILED.
...
Guenther
2009-09-08 23:21:14 +02:00