1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-25 23:21:54 +03:00
Commit Graph

84 Commits

Author SHA1 Message Date
Günther Deschner
e792a44c34 s3-lsa: Flesh out the returned info in _lsa_EnumTrustedDomainsEx().
Guenther
2012-09-28 22:44:08 +02:00
Andreas Schneider
d37643c204 s3-lsarpc: Enforce a secure connection for LookupSids3 and LookupNames4.
http://thread.gmane.org/gmane.network.protocol.cifs.general/291
2012-07-06 10:00:57 +02:00
Andreas Schneider
d1e829bbab s3-lsarpc: Restrict lsa_LookupNames4 to ncacn_ip_tcp connections.
See MS-LAT, Section 2.1 Transport.
2012-07-06 10:00:57 +02:00
Andreas Schneider
426cf362ed s3-lsarpc: Restrict lsa_LookupSids3 to ncacn_ip_tcp connections.
See MS-LAT, Section 2.1 Transport.
2012-07-06 10:00:57 +02:00
Andreas Schneider
bbf70e793c s3-lsarpc: Restrict the transport for ncacn_np functions.
See MS-LAT, section 2.1 Transport.
2012-07-06 10:00:57 +02:00
Andreas Schneider
fae6091f1d s3-rpc_server: Make it possible to use more rpc exceptions. 2012-07-06 10:00:56 +02:00
Jeremy Allison
76e2f29389 Fix more "set but not used" warnings. 2012-06-19 10:27:24 -07:00
Jeremy Allison
6f3e011f84 Fix bug #8873 - self granting privileges in security=ads.
Autobuild-User: Stefan Metzmacher <metze@samba.org>
Autobuild-Date: Tue May  1 01:04:46 CEST 2012 on sn-devel-104
2012-05-01 01:04:46 +02:00
Alexander Bokovoy
7d4ed89983 s3-rpc: Decrypt with the proper session key in CreateTrustedDomainEx2.
On LSA and SAMR pipes session_key is truncated to 16 byte when doing encryption/decryption.
However, this was not done for trusted domain-related modifying operations.

As result, Samba 4 client libraries do not work against Samba 3 while working
against Windows 2008 r2.

Solved this by introducing "session_extract_session_key()" function that allows to specify
intent of use of the key.

Signed-off-by: Andreas Schneider <asn@samba.org>

Autobuild-User: Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date: Tue Mar 13 12:23:44 CET 2012 on sn-devel-104
2012-03-13 12:23:44 +01:00
Andrew Bartlett
c9d929af8b s4-lsarpc handle more info levels in SetInfoTrustedDomain calls
This uses the very helpful conversion functions written for the s3 lsa server
and places these in common.

Andrew Bartlett
2011-12-12 12:57:07 +01:00
Volker Lendecke
26d736f1ff s3: Remove two unused variables
Autobuild-User: Volker Lendecke <vlendec@samba.org>
Autobuild-Date: Tue Nov  8 10:14:36 CET 2011 on sn-devel-104
2011-11-08 10:14:36 +01:00
Sumit Bose
f143c24fd0 s3-lsa: Let passdb backend handle the DOMAIN$ user
Signed-off-by: Günther Deschner <gd@samba.org>
2011-11-02 16:59:33 +01:00
Simo Sorce
995d156726 s3-group-mapping: Remove fstrings from GROUP_MAP.
Signed-off-by: Andreas Schneider <asn@samba.org>

Autobuild-User: Günther Deschner <gd@samba.org>
Autobuild-Date: Wed Oct 12 19:28:12 CEST 2011 on sn-devel-104
2011-10-12 19:28:12 +02:00
Sumit Bose
456aee80f5 s3-lsa: Add conversion for auth info structs
struct lsa_TrustDomainInfoAuthInfo and struct
trustAuthInOutBlob can store the same information for different usage. The added
routines can convert one struct into the other.

Signed-off-by: Günther Deschner <gd@samba.org>

Autobuild-User: Günther Deschner <gd@samba.org>
Autobuild-Date: Mon Sep 12 15:52:17 CEST 2011 on sn-devel-104
2011-09-12 15:52:17 +02:00
Sumit Bose
1473e64c7f s3-lsa: Add _lsa_SetInformationTrustedDomain() and related calls
The following LSA calls are added:
 - _lsa_SetInformationTrustedDomain()
 - _lsa_SetTrustedDomainInfo()
 -_lsa_SetTrustedDomainInfoByName()

Signed-off-by: Günther Deschner <gd@samba.org>
2011-08-31 12:55:23 +02:00
Sumit Bose
579cb3dd33 s3-lsa: Update _lsa_QueryTrustedDomainInfo()
Signed-off-by: Günther Deschner <gd@samba.org>
2011-08-31 12:53:57 +02:00
Sumit Bose
3e2711c7e0 s3-lsa: Fix access mapping in_lsa_OpenTrustedDomain_base()
Signed-off-by: Günther Deschner <gd@samba.org>
2011-08-31 11:34:25 +02:00
Sumit Bose
15c7a873c2 s3-lsa: Fix typo and use right pdb interface
Signed-off-by: Günther Deschner <gd@samba.org>
2011-08-31 11:34:25 +02:00
Günther Deschner
95e8f09f6e s3-lsa: Fix crypto prototypes.
Guenther

Autobuild-User: Günther Deschner <gd@samba.org>
Autobuild-Date: Mon Aug  1 00:18:34 CEST 2011 on sn-devel-104
2011-08-01 00:18:34 +02:00
Günther Deschner
6544bde277 s3-lsa: support secret objects in _lsa_QuerySecurity().
Guenther
2011-07-31 22:37:28 +02:00
Günther Deschner
1387095990 s3-lsa: support secret objects in _lsa_DeleteObject().
Guenther
2011-07-31 22:37:27 +02:00
Günther Deschner
caa0cc76b0 s3-lsa: implement _lsa_QuerySecret().
Guenther
2011-07-31 22:37:27 +02:00
Günther Deschner
eb88c7e61e s3-lsa: implement _lsa_SetSecret().
Guenther
2011-07-31 22:37:27 +02:00
Günther Deschner
d2d59ff3ee s3-lsa: implement _lsa_CreateSecret().
Guenther
2011-07-31 22:37:27 +02:00
Günther Deschner
7158e27724 s3-lsa: implement _lsa_OpenSecret().
Guenther
2011-07-31 22:37:27 +02:00
Günther Deschner
b0d9f620aa s3-lsa: add LSA_HANDLE_SECRET_TYPE.
Guenther
2011-07-31 22:37:26 +02:00
Günther Deschner
b98145edc9 s3-lsa: Fix _lsa_DeleteObject to handle trusted domain objects.
Guenther
2011-07-31 22:37:26 +02:00
Andrew Bartlett
6622821063 s3-auth Remove seperate guest boolean
Instead, we base our guest calculations on the presence or absense of the
authenticated users group in the token, ensuring that we have only
one canonical source of this important piece of authorization data

Andrew Bartlett

Signed-off-by: Andrew Tridgell <tridge@samba.org>
2011-07-20 09:17:14 +10:00
Andrew Bartlett
128ae06a61 s3-auth use auth_user_info not netr_SamInfo3 in auth3_session_info
This makes auth3_session_info identical to auth_session_info

The logic to convert the info3 to a struct auth_user_info is
essentially moved up the stack from the named pipe proxy in
source3/rpc_server to create_local_token().

Andrew Bartlett

Signed-off-by: Andrew Tridgell <tridge@samba.org>
2011-07-20 09:17:13 +10:00
Andrew Bartlett
e2049e77e4 s3-auth Use guest boolean in auth_user_info_unix
Signed-off-by: Andrew Tridgell <tridge@samba.org>
2011-07-20 09:17:11 +10:00
Andrew Bartlett
9289537993 s3-auth Use struct auth_user_info_unix for unix_name and sanitized_username
This is closer to the layout of struct auth_session_info in auth.idl

Andrew Bartlett

Signed-off-by: Andrew Tridgell <tridge@samba.org>
2011-07-20 09:17:11 +10:00
Andrew Bartlett
6d741e918f s3-auth Use *unix_token rather than utok in struct auth3_session_info
This brings this structure one step closer to the struct auth_session_info.

A few SMB_ASSERT calls are added in some key places to ensure that
this pointer is initialised, to make tracing any bugs here easier in
future.

NOTE: Many of the users of this structure should be reviewed, as unix
and NT access checks are mixed in a way that should just be done using
the NT ACL.  This patch has not changed this behaviour however.

Andrew Bartlett

Signed-off-by: Andrew Tridgell <tridge@samba.org>
2011-07-20 09:17:10 +10:00
Günther Deschner
ee1f25dc2a lsa: lsa_CreateTrustedDomainEx takes lsa_TrustDomainInfoAuthInfo, not
lsa_TrustDomainInfoAuthInfoInternal.

Guenther
2011-07-15 17:56:39 +02:00
Günther Deschner
3af3e4843f lsa: rename auth info argument in lsa_CreateTrustedDomainEx2
Guenther
2011-07-15 17:55:20 +02:00
Andrew Bartlett
5e26e94092 s3-talloc Change TALLOC_ZERO_ARRAY() to talloc_zero_array()
Using the standard macro makes it easier to move code into common, as
TALLOC_ZERO_ARRAY isn't standard talloc.
2011-06-09 12:40:08 +02:00
Andrew Bartlett
ad0a07c531 s3-talloc Change TALLOC_ZERO_P() to talloc_zero()
Using the standard macro makes it easier to move code into common, as
TALLOC_ZERO_P isn't standard talloc.
2011-06-09 12:40:08 +02:00
Andrew Bartlett
d5e6a47f06 s3-talloc Change TALLOC_P() to talloc()
Using the standard macro makes it easier to move code into common, as
TALLOC_P isn't standard talloc.
2011-06-09 12:40:08 +02:00
Andrew Bartlett
3d15137653 s3-talloc Change TALLOC_ARRAY() to talloc_array()
Using the standard macro makes it easier to move code into common, as
TALLOC_ARRAY isn't standard talloc.
2011-06-09 12:40:08 +02:00
Andrew Bartlett
73b377432c s3-talloc Change TALLOC_REALLOC_ARRAY() to talloc_realloc()
Using the standard macro makes it easier to move code into common, as
TALLOC_REALLOC_ARRAY isn't standard talloc.

Andrew Bartlett
2011-06-09 12:40:08 +02:00
Andrew Bartlett
c615ebed6e s3-lib Replace StrCaseCmp() with strcasecmp_m()
strcasecmp_m() never needs to call to talloc, and via next_codepoint()
still has an ASCII fast-path bypassing iconv() calls.

Andrew Bartlett
2011-05-18 16:12:08 +02:00
Günther Deschner
0e76eddcc8 s3: include ntdomain.h before including generated srv_ headers.
Guenther
2011-05-02 15:03:44 +02:00
Andrew Bartlett
ff9b6682a0 s3-auth Rename user_session_key -> session_key to match auth_session_info 2011-04-05 06:32:07 +10:00
Volker Lendecke
de635fe1f7 s3: Fix Coverity ID 2332: MISSING_BREAK 2011-03-30 09:58:33 +02:00
Günther Deschner
ab9a29eb63 s3-rpc_server: move access check functions out of samr server.
Guenther
2011-03-30 01:13:10 +02:00
Günther Deschner
c2d6260f10 s3: only include lib/privileges.h where needed.
This finally removes the global lsa.h inclusion.

Guenther
2011-03-30 01:13:10 +02:00
Günther Deschner
6e3f0d28a4 s3-includes: only include ntdomain.h where needed.
Guenther
2011-03-30 01:13:09 +02:00
Günther Deschner
146c1aac99 s3-auth: rpc_server needs auth.h
Guenther
2011-03-30 01:13:09 +02:00
Günther Deschner
2f36ef7225 s3-passdb: add passdb.h where needed.
Guenther
2011-03-30 01:13:07 +02:00
Volker Lendecke
1d690e37b7 s3: Fix Coverity ID 2327: FORWARD_NULL
Make check_ft_info robust against an invalid type.

Günther, please check!
2011-03-27 11:25:34 +02:00
Andrew Tridgell
15e84a9a09 charcnv: removed the allow_badcharcnv and allow_bad_conv options to convert_string*()
we shouldn't accept bad multi-byte strings, it just hides problems

Autobuild-User: Andrew Tridgell <tridge@samba.org>
Autobuild-Date: Thu Mar 24 01:47:26 CET 2011 on sn-devel-104
2011-03-24 01:47:26 +01:00