1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-24 21:34:56 +03:00
Commit Graph

321 Commits

Author SHA1 Message Date
Stefan Metzmacher
43fb7f1698 libcli/nbt: convert nbt_name_refresh_wins_send/recv to tevent_req
metze
2010-10-18 15:36:15 +00:00
Stefan Metzmacher
332f261bbf libcli/nbt: s/name_refresh_wins_handler/nbt_name_refresh_wins_handler
metze
2010-10-18 15:36:15 +00:00
Stefan Metzmacher
3ded1da8e9 libcli/nbt: s/refresh_wins_state/nbt_name_refresh_wins_state
metze
2010-10-18 15:36:15 +00:00
Stefan Metzmacher
e36e7295da libcli/nbt: move nbt_name_refresh_wins_send() to the top of all nbt_name_refresh_wins_* related code
metze
2010-10-18 15:36:15 +00:00
Stefan Metzmacher
72a8966499 libcli/util: add pipe related NT_STATUS_RPC_* codes
metze
2010-10-18 14:50:21 +02:00
Andrew Tridgell
40a6e019fd security: ensure the merge of libcli/security doesn't change s3 behaviour
Jeremy, you put a #if 0 around this logic in this commit:

  8344e945 (Jeremy Allison    2008-10-31 10:51:45 -0700 181)

is this still needed?

Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>

Autobuild-User: Andrew Tridgell <tridge@samba.org>
Autobuild-Date: Thu Oct 14 03:16:41 UTC 2010 on sn-devel-104
2010-10-14 03:16:41 +00:00
Andrew Bartlett
f7ffc12e2d libcli/security Use static SIDs rather than parsing from strings
This should make the security_token_is_*() calls a little faster.

Andrew Bartlett

Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-10-14 02:35:05 +00:00
Andrew Bartlett
a879a4610d libcli/auth Merge source4/libcli/security and util_sid.c into the common code
This should ensure we only have one copy of these core functions
in the tree.

Andrew Bartlett

Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-10-14 02:35:05 +00:00
Andrew Bartlett
8b22eefd25 libcli/security Define traditional constants in terms of IDL macros
The source3/ code uses these constants in a lot of places, and it will
take time and care to rename them, if that is desired.  Linking the
macros here will at least allow common code to use the IDL based macros,
and preserve a documentary link between the constants (other than just their value)

Andrew Bartlett

Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-10-14 02:35:05 +00:00
Andrew Bartlett
949541cc6f libcli/security Move source3/lib/util_seaccess.c into the common code
Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-10-14 02:35:05 +00:00
Andrew Bartlett
f768b32e37 libcli/security Provide a common, top level libcli/security/security.h
This will reduce the noise from merges of the rest of the
libcli/security code, without this commit changing what code
is actually used.

This includes (along with other security headers) dom_sid.h and
security_token.h

Andrew Bartlett

Autobuild-User: Andrew Bartlett <abartlet@samba.org>
Autobuild-Date: Tue Oct 12 05:54:10 UTC 2010 on sn-devel-104
2010-10-12 05:54:10 +00:00
Andrew Bartlett
0487ef0a70 libcli/security Add debug class to security_token_debug() et al
This will allow it to replace functions in source3 that use debug classes.

Andrew Bartlett
2010-10-12 02:54:16 +00:00
Andrew Bartlett
ae52f953af libcli/security Move most of security_token.c to common code.
The source4-specific session_info functions have been left in session.c

Andrew Bartlett
2010-10-12 02:54:16 +00:00
Jelmer Vernooij
2c9ebb7646 libsecurity-common: Add missing dependency on libndr. 2010-10-11 01:06:35 +02:00
Jelmer Vernooij
dc47e8dc52 libcli-auth: Remove unnecessary dependency on libsamba-hostconfig. 2010-10-11 01:06:35 +02:00
Jeremy Allison
b69bec03cc Add some const. Needed for my SD work.
Jeremy
2010-10-08 18:05:02 -07:00
Stefan Metzmacher
42d1a84a36 libcli/ldap: ldap_full_packet() requires at least 6 bytes
metze
2010-10-04 14:05:15 +00:00
Günther Deschner
0ff7e0c998 samba: share readline wrappers among all buildsystems.
Guenther
2010-10-01 22:30:22 +02:00
Stefan Metzmacher
9d4df79080 libcli/ldap: correctly marshall LDAP Unbind PDUs
metze
2010-09-27 08:24:35 +02:00
Stefan Metzmacher
95b56aabcb libcli/ldap: let ldap_full_packet() use asn1_peek_tag_needed_size()
This allows us to read a full packet without read byte after byte
or possible read to much.

metze
2010-09-26 06:45:40 +02:00
Stefan Metzmacher
e628bf1081 libcli/util: let tstream_read_pdu_blob_* cope with variable length headers
metze
2010-09-26 06:45:38 +02:00
Simo Sorce
678993470f libcli: fix compile warning
Signed-off-by: Günther Deschner <gd@samba.org>
2010-09-23 10:54:24 -07:00
Steven Danneman
bf1a4b2bc4 s4:libcli:smb2 Rename pending_id to async_id and make 64-bit
Match MS-SMB2 - 2.2.1.1   SMB2 Packet Header - ASYNC
2010-09-22 17:52:53 -07:00
Andrew Bartlett
ccbcffadb6 libcli/ldap Add const to ldap_encode_ndr_dom_sid()
Signed-off-by: Günther Deschner <gd@samba.org>
2010-09-20 15:06:30 -07:00
Günther Deschner
4006160179 libcli: add dom_sid_compare_domain()
Guenther
2010-09-20 14:03:13 -07:00
Kamen Mazdrashki
1fac1f0d28 werror: Add W_ERROR_HAVE_NO_MEMORY_AND_FREE() macro 2010-09-18 15:09:46 +03:00
Andrew Bartlett
6832d5e933 libcli/auth/ntlmssp Be clear about talloc parents for session keys
The previous API was not clear as to who owned the returned session key.
This fixes a valgrind-found use-after-free in the NTLMSSP key derivation code,
and avoids making allocations - we steal and zero instead.

Andrew Bartlett

Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-16 21:09:17 +10:00
Andrew Tridgell
5a0bb2234e cldap: prevent crashes when freeing cldap socket
As a callback may destroy the cldap socket we need to ensure we don't
reference the cldap structure after the callback

Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-09-15 15:39:36 +10:00
Andrew Tridgell
4ff452151a cldap: use ipv4 not up for unbound cldap sockets
If we use "ip" we end up with a PF_INET6 socket which breaks sendto()
for v4 addresses.
2010-09-15 15:39:35 +10:00
Andrew Tridgell
67ac8555b1 s4-auth: set the RODC bit for RODC schannel
When we are using SEC_CHAN_RODC we need to set the
NETLOGON_NEG_RODC_PASSTHROUGH bit in the negotiated flags in
ServerAuthenticate2

Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-09-15 15:39:34 +10:00
Jeremy Allison
55b315094e Fix string_to_sid() to allow non '\0' termination of the string - allows
string_to_sid() to be used in formatted strings like FOO/S-1-5-XXXX-YYYY/BAR.

Jeremy.
2010-09-14 14:48:50 -07:00
Andrew Bartlett
46f585e364 libcli/security Use sid_append_rid() in dom_sid_append_rid()
This ensures that the maximum number of sub-authorities is respected,
otherwise we may run off the end of the array.

Andrew Bartlett
2010-09-14 14:48:49 -07:00
Andrew Bartlett
51ecf79654 libcli/security Merge source3/ string_to_sid() to common code
The source3 code repsects the limit of a maximum of 15 subauths,
while the source4 code does not, creating a security issue as
we parse string-form SIDs from clients.

Andrew Bartlett
2010-09-14 14:48:49 -07:00
Volker Lendecke
8768f627dc ntlm_check: Fix some nonempty blank lines 2010-09-13 18:39:30 +02:00
Matthias Dieter Wallnöfer
b9b93b845c libcli/auth/schannel_state_tdb.c - fix includes
Otherwise we get a "declared inside parameter list" warning.
2010-09-11 12:53:21 +02:00
Andrew Bartlett
fdcadb5c3c libcli/privileges Fix comment 2010-09-11 18:46:13 +10:00
Andrew Bartlett
0eea8ecfe2 s4-privs Seperate rights and privileges
These are related, but slightly different concepts.  The biggest difference
is that rights are not enumerated as a system-wide list.

This moves the rights to security.idl due to dependencies.

Andrew Bartlett
2010-09-11 18:46:13 +10:00
Andrew Bartlett
ee943fb2bf libcli/security Remove unused SE_NONE define
Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-11 18:46:13 +10:00
Andrew Bartlett
eb6a0cc326 libcli/security Move 'private' privileges functions to another header
These functions work on the bitmap, and are only exposed because
the source3/ privileges storage uses the bitmap in account_policy.tdb

Andrew Bartlett

Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-11 18:46:13 +10:00
Andrew Bartlett
6d2b1ef71d libcli/security Remove 'always true' return from se_priv_put_all_privileges
Andrew Bartlett

Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-11 18:46:13 +10:00
Andrew Bartlett
eb84c7ac90 libcli/auth Failure to find the cached session key for SCHANNEL isn't level 0
This happens all the time, particularly now that we don't keep the
db around after a reboot.  Don't scare the admins with the level 0.

Andrew Bartlett

Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-11 18:46:12 +10:00
Andrew Tridgell
382e2b321b privileges: privilege luids are not all below 64
the ones brought across from s3 have higher values

Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-09-11 18:46:12 +10:00
Andrew Bartlett
a32cdadb7c libcli/security Make sec_privilege_from_index() return SEC_PRIV_INVALID on failure
This is clearer and more consistent than using a magic -1 return

Andrew Bartlett

Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-11 18:46:11 +10:00
Andrew Bartlett
0b41ef7895 libcli/security Remove unused declarations from privileges.h
Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-11 18:46:11 +10:00
Andrew Bartlett
71832a404e libcli/security Expose sec_privilege_mask()
Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-11 18:46:11 +10:00
Andrew Bartlett
6d78e11e17 libcli/security make sec_privilege_id() return SEC_PRIV_INVALID on failure.
Andrew Bartlett

Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-11 18:46:10 +10:00
Andrew Bartlett
8ff6bc2350 libcli/security Remove unused functions and constants.
All the callers to these functions have been removed or reworked.

Andrew Bartlett

Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-11 18:46:10 +10:00
Andrew Bartlett
a53a42ffb8 libcli/security Rename all privilege bitmaps constants
The idea here to to make it very clear how they differ from the
enumerated LUID values.

Andrew Bartlett

Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-11 18:46:10 +10:00
Andrew Bartlett
2bb7b827d6 libcli/security Remove luid_to_se_priv() and luid_to_privilege_name()
These functions duplicate other functions in the merged code.

Andrew Bartlett

Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-11 18:46:10 +10:00
Andrew Bartlett
aab0b557b9 libcli/security Improve dump of privileges: Just walk the table
This removes some logic recently added that was just too smart - it
is easier to just walk the table and do a bit match here.

Andrew Bartlett

Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-11 18:46:09 +10:00