sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2025-02-12 21:58:10 +03:00
Code
64,311 Commits 62 Branches 1,150 Tags
Commit Graph

797 Commits

Author SHA1 Message Date
Volker Lendecke
175d9478fe s3: In make_server_info_info3, check the result of copy_netr_SamInfo3 2010-06-25 17:06:08 +02:00
Volker Lendecke
17cd3d06cb s3: In copy_netr_SamInfo3 copy all of the sids array 2010-06-25 16:58:46 +02:00
Günther Deschner
b4364add89 s3-auth: in make_user_info_for_reply_enc make sure to check length and data 
pointer of nt and lm hash.

This fixes kernel cifs client with sec=ntlmv2.

Guenther
 2010-06-16 14:42:23 +02:00
Günther Deschner
06417abc7c s3-auth: fix debug message in check_winbind_security(). 
Guenther
 2010-06-16 14:42:23 +02:00
Günther Deschner
185adc4c81 Revert "s4-smbtorture: only pull info when status code indicates success in smbcli_rap_netprintqgetinfo()." 
This reverts commit 1f1c04010a55e67d8dc2110276eed4cf2a8a0afa.
 2010-06-16 12:18:32 +02:00
Günther Deschner
1f1c04010a s4-smbtorture: only pull info when status code indicates success in smbcli_rap_netprintqgetinfo(). 
Guenther
 2010-06-16 12:15:24 +02:00
Günther Deschner
4bb351ac80 s3-auth: Fix valgrind warning (unitialized var) in samu_to_SamInfo3(). 
Guenther

s3:auth do not fail if there are 0 group sids

Signed-off-by: Günther Deschner <gd@samba.org>
 2010-06-11 15:11:31 +02:00
Simo Sorce
4fc36ca802 s3:auth fix samu->info3 conversion 
Some pdb_get_ functions where missing because of previous mis-patching
 2010-06-11 08:26:39 -04:00
Andreas Schneider
0962763822 s3:misc make use of server_[event/messaging]_context directly 
Untangle these functions from smbd specific dependencies so they can be freely
used in multiple servers.
 2010-06-10 17:30:45 -04:00
Volker Lendecke
34b29b1198 Revert "s3:auth Change auth_ntlmssp_server_info API to return NTSTATUS" 
This reverts commit edba46ce94c335411ab337eeb4ef6f88fb3aae80.

Conflicts:

	source3/auth/auth_ntlmssp.c
 2010-06-08 11:38:08 +02:00
Andrew Bartlett
9a747d500f s3:auth add hooks to indicate if signing or sealing is desired with NTLMSSP 
This allows the right hooks to be called in GENSEC when s3compat
implements the auth_ntlmssp interface.  Otherwise, we can't do the
signing or sealing as we have not negoitated it's use.

Andrew Bartlett
 2010-06-07 23:34:29 +10:00
Andrew Bartlett
edba46ce94 s3:auth Change auth_ntlmssp_server_info API to return NTSTATUS 
It's nicer to have an NTSTATUS return, and in s3compat there may be a
reason other than 'no memory' why this can fail.

Andrew Bartlett
 2010-06-07 23:34:29 +10:00
Andrew Bartlett
fc956cfcbb s3:auth Rename user_info->domain -> user_info->mapped.domain_name 
This is closer to the structure I want for a common struct
auth_usersupplied_info.

Andrew Bartlett
 2010-06-07 23:34:28 +10:00
Andrew Bartlett
deabae191b s3:auth Rename user_info->client_domain -> user_info->client.domain_name 
This is closer to the structure I want for a common struct
auth_usersupplied_info.

Andrew Bartlett
 2010-06-07 23:34:28 +10:00
Andrew Bartlett
7a021df96d s3:auth Rename user_info->internal_username -> user_info->mapped.account_name 
This is closer to the structure I want for a common struct
auth_usersupplied_info.

Andrew Bartlett
 2010-06-07 23:34:28 +10:00
Andrew Bartlett
23159453d3 s3:auth Rename user_info->smb_name -> user_info->client.account_name 
This is closer to the structure I want for a common struct
auth_usersupplied_info.

Andrew Bartlett
 2010-06-07 23:34:28 +10:00
Simo Sorce
00089fd74a s3:auth make sure the primary group sid is usable 
This function was previously performed under the cover by converting
back and forth from info3 to samu and then later from samu to info3.

Since we now shortcircuit that in some cases, check explicitly using
get_primary_group_sid()

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
 2010-06-07 22:53:08 +10:00
Simo Sorce
048575defb s3:auth return the full passwd struct from check_account 
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
 2010-06-07 22:53:08 +10:00
Simo Sorce
aaf45cd48e s3:auth remove unused structure member 
sids are now completely handled using info3, remove dead code that fills
server info sids and the structure members themselves

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
 2010-06-07 22:53:07 +10:00
Simo Sorce
aa1a3cbad2 s3:auth create nt token from info3 directly 
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
 2010-06-07 22:53:07 +10:00
Simo Sorce
e6456df148 s3:auth handle unix domain sids in samu 
When we generate a user out of thin air we may end up adding sids
that are not part of the sam domain (unix domain sids).
Handle the case and preserve these sids as extra sids.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
 2010-06-07 22:53:07 +10:00
Simo Sorce
61823fb885 s3:auth set the resolved user sid in the fake sam account 
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
 2010-06-07 22:53:07 +10:00
Simo Sorce
ef942172b9 s3:auth check the user is valid first 
It makes no sense to go through all the hoops to build samu and
convert it to info3, just to discard them later if the user was
not valid.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
 2010-06-07 22:53:06 +10:00
Simo Sorce
1bb0afa662 s3:auth make sure we set the right username 
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
 2010-06-07 22:53:06 +10:00
Andreas Schneider
9097bdddd0 s3-auth: Moved smbd user functions to a generic place. 
Reviewed-by: Simo Sorce <idra@samba.org>
 2010-06-04 12:12:37 -04:00
Andrew Bartlett
a6e07c22a3 s3:auth Rename wksta_name -> workstation_name in auth_usersupplied_info 2010-06-01 17:11:25 +10:00
Simo Sorce
471ed70c49 s3:smbd map_username() doesn't need sconn anymore 
Signed-off-by: Andreas Schneider <asn@samba.org>
 2010-05-31 18:21:29 +02:00
Günther Deschner
3f24f8d2c6 s3-auth: add "system" bool flag to auth_serversupplied_info. 
Guenther
 2010-05-31 15:30:59 +02:00
Andrew Bartlett
d6fa371b92 s3:ntlmssp Use a TALLOC_CTX for ntlmssp_sign_packet() and ntlmssp_seal_packet() 
This ensures the results can't be easily left to leak.

Andrew Bartlett

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Günther Deschner <gd@samba.org>
 2010-05-31 15:11:27 +02:00
Andrew Bartlett
ebae21f023 ntlmssp: Make the ntlmssp.h from source3/ a common header 
The code is not yet in common, but I hope to fix that soon.

Andrew Bartlett

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Günther Deschner <gd@samba.org>
 2010-05-31 15:10:56 +02:00
Andrew Bartlett
723ea68d3b s3:auth Remove AUTH_NTLMSSP_STATE typedef. 
typedefs are no longer preferred Samba style.

Andrew Bartlett

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Günther Deschner <gd@samba.org>
 2010-05-31 15:10:44 +02:00
Andrew Bartlett
3b706865f6 s3:auth Make AUTH_NTLMSSP_STATE a private structure. 
This makes it a little easier for it to writen in terms of GENSEC in future.

Andrew Bartlett

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Günther Deschner <gd@samba.org>
 2010-05-31 15:10:33 +02:00
Simo Sorce
33c633df0b s3:auth make it easier to trace auth modules 2010-05-29 17:08:10 -04:00
Simo Sorce
bd38c0d47d s3:auth fix info3 duplication function 2010-05-29 17:08:02 -04:00
Andrew Bartlett
b455c5e155 s3:auth Fix segfault when the user cannot be found by getpwnam() 
Add comment to notify when getpwnam() fails.

Reviewed-by: Simo Sorce <idra@samba.org>
 2010-05-29 09:22:53 -04:00
Andreas Schneider
93ac516e15 s3-auth: Added a function to get the server_info from the system user. 
Signed-off-by: Günther Deschner <gd@samba.org>
 2010-05-28 14:31:39 +02:00
Günther Deschner
c5eeb0d155 s3-auth: fix c++ buildwarnings. 
Guenther
 2010-05-28 02:49:37 +02:00
Simo Sorce
20fb373202 s3:auth remove login_server from server info 
It is not used anymore, we have that information in
info3->base.logon_server already
 2010-05-27 19:41:07 -04:00
Simo Sorce
3bb819581b Fix Out of memory checks 
Günther pushed an older version of the patch "s3:auth add function to copy a
netr_SamInfo3 structure" that was missing these fixes.
 2010-05-27 19:23:54 -04:00
Simo Sorce
2a6a696e32 s3:auth add function to convert wbcAuthUserInfo to netr_SamInfo3 
Signed-off-by: Günther Deschner <gd@samba.org>
 2010-05-28 01:20:09 +02:00
Simo Sorce
606be25ecf s3:auth Free sampass as soon as we have server_info 
We don't keep sampass in server_info anymore
So it makes no sense to keep it around.

Signed-off-by: Günther Deschner <gd@samba.org>
 2010-05-28 00:56:02 +02:00
Simo Sorce
d9cffc01be s3:auth use info3 in auth_serversupplied_info 
Signed-off-by: Günther Deschner <gd@samba.org>
 2010-05-28 00:55:53 +02:00
Simo Sorce
6713f3d945 s3:auth add function to copy a netr_SamInfo3 structure 
Signed-off-by: Günther Deschner <gd@samba.org>
 2010-05-28 00:55:27 +02:00
Simo Sorce
605cfef56c s3:auth: add function to convert samu to netr_SamInfo3 
Signed-off-by: Günther Deschner <gd@samba.org>
 2010-05-28 00:55:17 +02:00
Roel van Meer
366333c08f Fix bug #7448 - smbd crash when sambaLMPassword and sambaNTPassword entries missing from ldap. 
Protect SMBsesskeygen_ntv1() from a NULL pointer.
 2010-05-21 14:17:17 -07:00
Andrew Bartlett
cba7f8b827 s3:dom_sid Global replace of DOM_SID with struct dom_sid 
This matches the structure that new code is being written to,
and removes one more of the old-style named structures, and
the need to know that is is just an alias for struct dom_sid.

Andrew Bartlett

Signed-off-by: Günther Deschner <gd@samba.org>
 2010-05-21 10:39:59 +02:00
Günther Deschner
5ed3654112 s3-rpc_client: move protos to cli_netlogon.h 
Guenther
 2010-05-18 21:42:37 +02:00
Günther Deschner
1d2dd47d31 s3-crypto: only include crypto headers when crypto is done. 
Guenther
 2010-05-18 00:44:27 +02:00
Günther Deschner
ca73e03eb7 security: merge builtin rid tables. 
Guenther
 2010-05-18 00:44:26 +02:00
Günther Deschner
3b529d50be s3-rpc_misc: clean out include/rpc_misc.h. 
Well known rids don't really belong into an rpc header, just use the ones
defined in security.idl.

Guenther
 2010-05-18 00:44:26 +02:00