1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-24 21:34:56 +03:00
Commit Graph

66397 Commits

Author SHA1 Message Date
Matthias Dieter Wallnöfer
64af772b38 s4:fsmo.py - fix an obvious typo 2010-09-12 19:23:04 +02:00
Volker Lendecke
adfa071c5a s3: Remove a nesting level in winbindd_dual_pam_chauthtok 2010-09-12 18:30:38 +02:00
Matthieu Patou
6bd6fdcd72 s4:unittest: Test wbinfo --group-info and --gid-info
Signed-off-by: Matthias Dieter Wallnöfer <mdw@samba.org>
2010-09-11 19:13:46 +02:00
Matthias Dieter Wallnöfer
8a0db43ad8 test_wbinfo.c - count more possible failures 2010-09-11 19:13:13 +02:00
Matthias Dieter Wallnöfer
1ddd63bddb ldb:tools/cmdline.c - reorganise imports 2010-09-11 18:07:47 +02:00
Matthias Dieter Wallnöfer
b5d872704c s4:param/secrets.c - reorganise imports 2010-09-11 18:04:50 +02:00
Matthias Dieter Wallnöfer
7e710c4de9 s4:rpc_server/common/common.h - introduce two forward declarations to suppress parameter declaration warnings
Always Tru64 in file "param/loadparm.c" and possibly others.
2010-09-11 18:04:48 +02:00
Matthias Dieter Wallnöfer
5f98d31fc0 ldb:tools/cmdline.c - make a counter unsigned where appropriate 2010-09-11 17:43:44 +02:00
Matthias Dieter Wallnöfer
c0a863b6f3 s4:ldb_register_samba_handlers - fix up and convert result codes to LDB/LDAP results 2010-09-11 17:41:38 +02:00
Matthias Dieter Wallnöfer
ea3f21dff6 lib/replace/wscript:Tru64 build - Better use version 600 for _XOPEN_SOURCE
This means we request the "Single UNIX Specification, Version 3" with C99
compatibility as the Python 2.5 release on the system. This prevents
redefinitions with different values.

> [ 451/1918] Compiling scripting/python/pyglue.c
> cc: Warning: /usr/local/include/python2.5/pyconfig.h, line 951: The redefinition of the macro "_XOPEN_SOURCE" conflicts with a current definition because the replacement lists differ.  The redefinition is now in effect. (macroredef)
> #define _XOPEN_SOURCE 600
> ----------------------^
> cc: Warning: default/source4/include/config.h, line 54: The redefinition of the macro "_XOPEN_SOURCE" conflicts with a current definition because the replacement lists differ.  The redefinition is now in effect. (macroredef)
> #define _XOPEN_SOURCE 500
> ----------------------^
2010-09-11 17:23:55 +02:00
Matthias Dieter Wallnöfer
83cd3f7630 s4:dcesrv_samr_GetGroupsForUser - also universal group memberships are returned here
Tested using User Manager for Domains against Windows Server 2008.
MS-SAMR 3.1.5.9.1 is wrong in this case therefore I've informed the dochelp team.
2010-09-11 14:34:37 +02:00
Andrew Bartlett
e84ab1b35f s4-privs Fix enum privileges in LSARPC server
We were returning the index, not the LUID value

Andrew Bartlett
2010-09-11 22:32:43 +10:00
Andrew Bartlett
07cf3ba5c4 s3-auth Fix typo in comment 2010-09-11 22:32:43 +10:00
Andrew Tridgell
6d6158617c nss-waf: use the right winbind pipe path
s4 uses a different location for the winbind pipe to s3
2010-09-11 22:32:43 +10:00
Andrew Tridgell
a82fe6f472 winbind-waf: the installed name is libnss_winbind.so.2
the .2 is what libc adds to the name for this version of the nss API
2010-09-11 22:32:43 +10:00
Andrew Bartlett
e13ed6fc78 s4:gensec Put the "NTLM" string for NTLMSSP's SASL name in a header 2010-09-11 22:32:43 +10:00
Andrew Tridgell
2921a888dc s4-param: removed the lp_ varients of the functions
these made debugging much harder. We should replace these with
generated macros
2010-09-11 22:32:43 +10:00
Andrew Tridgell
2a93814592 s4-param: move back to auto-generation of loadparm prototypes 2010-09-11 22:32:43 +10:00
Andrew Tridgell
837230f85e s4-credentials: get all attributes in cli_credentials_set_secrets()
This ensures we get whenChanged, which is needed by the s3 winbind
code to ensure we don't repeatedly try to change the password
2010-09-11 22:32:43 +10:00
Andrew Bartlett
bc6a3a2e3f security.idl Clarify that this is not a network structure 2010-09-11 22:32:42 +10:00
Matthias Dieter Wallnöfer
b9b93b845c libcli/auth/schannel_state_tdb.c - fix includes
Otherwise we get a "declared inside parameter list" warning.
2010-09-11 12:53:21 +02:00
Matthias Dieter Wallnöfer
2442d25636 lib/replace:wscript - additional attempt to fix the build on Tru64
Obviously we really need both definitions ("socklen_t" has been found by
"_XOPEN_SOURCE"=500). But now FIONREAD wasn't accessible.
2010-09-11 12:18:33 +02:00
Andrew Bartlett
a02a2c3557 libcli/security Use talloc_zero when making a struct security_token 2010-09-11 18:46:14 +10:00
Andrew Bartlett
fdcadb5c3c libcli/privileges Fix comment 2010-09-11 18:46:13 +10:00
Andrew Bartlett
0eea8ecfe2 s4-privs Seperate rights and privileges
These are related, but slightly different concepts.  The biggest difference
is that rights are not enumerated as a system-wide list.

This moves the rights to security.idl due to dependencies.

Andrew Bartlett
2010-09-11 18:46:13 +10:00
Andrew Bartlett
3b4db34011 s3-krb5 Fix Kerberos on FreeBSD with Samba4 DCs
The idea of this patch is: Don't support a mix of different kerberos
features.

Either we should prepare a GSSAPI (8003) checksum and mark the request as
such, or we should use the old behaviour (a normal kerberos checksum of 0 data).

Sending the GSSAPI checksum data, but without marking it as GSSAPI broke
Samba4, and seems well outside the expected behaviour, even if Windows accepts it.

Andrew Bartlett
2010-09-11 18:46:13 +10:00
Andrew Bartlett
ee943fb2bf libcli/security Remove unused SE_NONE define
Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-11 18:46:13 +10:00
Andrew Bartlett
eb6a0cc326 libcli/security Move 'private' privileges functions to another header
These functions work on the bitmap, and are only exposed because
the source3/ privileges storage uses the bitmap in account_policy.tdb

Andrew Bartlett

Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-11 18:46:13 +10:00
Andrew Bartlett
b733d9dee0 s3-samr Explian better the use of two privileges in this call
Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-11 18:46:13 +10:00
Andrew Bartlett
6d2b1ef71d libcli/security Remove 'always true' return from se_priv_put_all_privileges
Andrew Bartlett

Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-11 18:46:13 +10:00
Andrew Bartlett
aefe60da8c s3-util_sid Tidy up global struct security_token
This no longer needs to be global, and should be const.  We now also
init it with the C99 style initialisers.

Andrew Bartlett

Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-11 18:46:12 +10:00
Andrew Bartlett
da9bca6282 s4-rpc_server Put all 'logon failure' messages at the same debug level 4
Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-11 18:46:12 +10:00
Andrew Bartlett
eb84c7ac90 libcli/auth Failure to find the cached session key for SCHANNEL isn't level 0
This happens all the time, particularly now that we don't keep the
db around after a reboot.  Don't scare the admins with the level 0.

Andrew Bartlett

Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-11 18:46:12 +10:00
Andrew Bartlett
e3edd7ca3a s3-privs Add const
Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-11 18:46:12 +10:00
Andrew Bartlett
4bf09967a4 s3-privs Remove extra pointer on privilege mask
Now that this is a scalar, this isn't required.

Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-11 18:46:12 +10:00
Andrew Tridgell
86fdb4c152 s3-privileges: add handling of both old and new formats in database
We update privileges on a per-record basis instead of all at once, as
this maintains maximum compatibility is someone uses old tools with a
new version of Samba. The also auto-detects the byte order of the old
entries in the database, and copes with either native or reversed byte
order.

Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-09-11 18:46:12 +10:00
Andrew Tridgell
45aecc2833 s4-lsa: privilege IDs should use the enum, not an int
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-09-11 18:46:12 +10:00
Andrew Tridgell
382e2b321b privileges: privilege luids are not all below 64
the ones brought across from s3 have higher values

Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-09-11 18:46:12 +10:00
Andrew Bartlett
a32cdadb7c libcli/security Make sec_privilege_from_index() return SEC_PRIV_INVALID on failure
This is clearer and more consistent than using a magic -1 return

Andrew Bartlett

Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-11 18:46:11 +10:00
Andrew Bartlett
0b41ef7895 libcli/security Remove unused declarations from privileges.h
Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-11 18:46:11 +10:00
Andrew Bartlett
96e59faa62 s3-privs Remove unused function
Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-11 18:46:11 +10:00
Andrew Bartlett
9883993b66 s3-privs Overhaul PRIVILEGE_SET handling, avoid dealing with the bitmap
This avoids us dealing with the privilege bitmap in the LSA server, and
overhauls much of the rest of the handling to be currnet with the modern
world of talloc.

Andrew Bartlett

Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-11 18:46:11 +10:00
Andrew Bartlett
ad5ec58a71 s3-privs Hide the bitmap-based grant_privilege and revoke_privilege
The new wrappers avoid anything but the core privileges code
dealing with the bitmap values directly.

Andrew Bartlett

Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-11 18:46:11 +10:00
Andrew Bartlett
4080ff7af5 s3-privs Make privilege_enum_sids() take an LUID, not a bitmap
This moves one more privileges call away from direct bitmap manipuation.

Andrew Bartlett

Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-11 18:46:11 +10:00
Andrew Bartlett
71832a404e libcli/security Expose sec_privilege_mask()
Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-11 18:46:11 +10:00
Andrew Bartlett
6d78e11e17 libcli/security make sec_privilege_id() return SEC_PRIV_INVALID on failure.
Andrew Bartlett

Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-11 18:46:10 +10:00
Andrew Bartlett
8ff6bc2350 libcli/security Remove unused functions and constants.
All the callers to these functions have been removed or reworked.

Andrew Bartlett

Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-11 18:46:10 +10:00
Andrew Bartlett
62e5900cd1 s3-privs Rework access_check_object() to take two privileges
This allows the privileges bitmap to be used only when setting
privileges, and uses an the LUID constant for all 'does this user
have this privilege' operations.

The advantage is that we now only need one API to determine if a
token has a privilege, and much less code needs to know what type
is used for the underlying bitmap.

Andrew Bartlett

Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-11 18:46:10 +10:00
Andrew Bartlett
a53a42ffb8 libcli/security Rename all privilege bitmaps constants
The idea here to to make it very clear how they differ from the
enumerated LUID values.

Andrew Bartlett

Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-11 18:46:10 +10:00
Andrew Bartlett
e0cbc68c0a s3-privs Rework privilege enumeration to also use new DB format
Andrew Bartlett

Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-11 18:46:10 +10:00