1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-24 21:34:56 +03:00
Commit Graph

1682 Commits

Author SHA1 Message Date
Jelmer Vernooij
6d9b24de78 Remove pstring usages. 2008-10-22 04:25:00 +02:00
Jelmer Vernooij
87ec1d2532 Make sure prototypes are always included, make some functions static and
remove some unused functions.
2008-10-20 18:59:51 +02:00
Jelmer Vernooij
c484b0465c Move SMB-specific attribute function to SMB client library. 2008-10-19 10:45:02 +02:00
Andrew Bartlett
85919c34f4 Improve RPC-SAMR tests to check random passwords
By random I don't mean 'nice stream of ASCII chars, but pure random
passwords containing invalid UTF16 sequences etc.

Andrew Bartlett
2008-10-17 13:00:24 +11:00
Andrew Bartlett
7c88ea8aad Create a 'straight paper path' for UTF16 passwords.
This uses a virtual attribute 'clearTextPassword' (name chosen to
match references in MS-SAMR) that contains the length-limited blob
containing an allegidly UTF16 password.  This ensures we do no
validation or filtering of the password before we get a chance to MD4
it.  We can then do the required munging into UTF8, and in future
implement the rules Microsoft has provided us with for invalid inputs.

All layers in the process now deal with the strings as length-limited
inputs, incluing the krb5 string2key calls.

This commit also includes a small change to samdb_result_passwords()
to ensure that LM passwords are not returned to the application logic
if LM authentication is disabled.

The objectClass module has been modified to allow the
clearTextPassword attribute to pass down the stack.

Andrew Bartlett
2008-10-16 12:48:16 +11:00
Günther Deschner
d242491488 idl: finally fully share nbt.idl in s3 and s4.
Guenther
2008-10-15 21:44:39 +02:00
Günther Deschner
a1b7b6d5b4 idl: more lsa.idl merges.
Guenther
2008-10-15 20:46:35 +02:00
Jelmer Vernooij
652f0e601d Move nmblookup to same location as the rest of the NBT client library. 2008-10-12 17:34:28 +02:00
Jelmer Vernooij
218f482fbf Use common strlist implementation in Samba 3 and Samba 4. 2008-10-12 00:56:56 +02:00
Jelmer Vernooij
9565999755 Fix include paths to new location of libutil. 2008-10-11 21:31:42 +02:00
Jelmer Vernooij
08223692c6 fix libclinbtsrcdir variable. 2008-10-08 12:03:45 +02:00
Jelmer Vernooij
6e493fc631 Add manpage for nmblookup, move nmblookup closer to nbt library. 2008-10-08 11:56:46 +02:00
Andrew Tridgell
f84093df86 Merge branch 'master' of ssh://git.samba.org/data/git/samba 2008-09-30 13:02:09 -07:00
Andrew Tridgell
be050125b6 - make bcast name resolution match other name resolution modules for
host not found errors

- when we have no resolve context return NT_STATUS_OBJECT_NAME_NOT_FOUND
2008-09-30 08:46:00 -07:00
Jelmer Vernooij
a36b6c5a42 Make Sid member variables accessible from Python. 2008-09-30 16:02:09 +02:00
Jelmer Vernooij
ae38514534 Merge branch 'master' of ssh://git.samba.org/data/git/samba 2008-09-30 14:57:51 +02:00
Stefan Metzmacher
394f24b374 s4:drsblob: fix the build
metze
2008-09-30 09:05:45 +02:00
Andrew Bartlett
64195b72be Fix parsing of the trust passwords in LSA CreateTrustedDomainEx* 2008-09-29 22:34:35 -07:00
Andrew Tridgell
8104968004 return a more useful error message when no name resolution methods are
available
2008-09-29 21:59:04 -07:00
Jelmer Vernooij
235b729309 Cope with API changes. 2008-09-30 03:07:08 +02:00
Jelmer Vernooij
181ee01da6 Pass session options around; saves another use of global_loadparm. 2008-09-30 02:47:19 +02:00
Jelmer Vernooij
4e8cb60222 Remove global_loadparm instance. 2008-09-30 02:11:55 +02:00
Jelmer Vernooij
83183bf381 Explicitly pass on session options to session setup function. 2008-09-30 01:38:51 +02:00
Jelmer Vernooij
c8a19f0b83 Pass options struct into session initialization functions rather than
using global_loadparm.
2008-09-30 01:29:53 +02:00
Stefan Metzmacher
95940d75ec s4:libcli/smb2: remove unused header
This hopefully fixes the build with internal popt.

metze
2008-09-29 07:43:50 +02:00
Simo Sorce
b2901da479 LDB ASYNC: misc changes 2008-09-29 04:22:20 +02:00
Andrew Tridgell
0cf7175126 we need different error handling for truncated packets in NETPROT and
other SMB2 operations.
2008-09-24 18:58:38 -07:00
Andrew Tridgell
5a5e2df569 for use in python we need to use global_loadparm 2008-09-24 18:10:23 -07:00
Andrew Tridgell
4904882fed - SMB2 uses INVALID_PARAMETER not BUFFER_TOO_SMALL for buffer size
errors

- added a s32o16 buffer function
2008-09-24 18:10:23 -07:00
Andrew Tridgell
b1f17b23fe - use the current dialect first, for servers that only look at the
first dialect

- allow override of SMB2 port in client code
2008-09-24 18:10:23 -07:00
Andrew Tridgell
9cf3d82d63 added the structure for LINK_INFORMATION setfileinfo call 2008-09-24 18:10:23 -07:00
Andrew Tridgell
38e70dc47a be friendlier in smb2_deltree to some of the SMB2 implementations that
don't handle SEC_FLAG_MAXIMUM_ALLOWED
2008-09-24 18:10:22 -07:00
Andrew Tridgell
094afe614b fixed uninitialised variable bug 2008-09-24 18:10:22 -07:00
Jelmer Vernooij
b9890af546 Merge branch 'master' of ssh://git.samba.org/data/git/samba into crypto 2008-09-24 16:11:13 +02:00
Jelmer Vernooij
6925202bde Move source4/lib/crypto to lib/crypto. 2008-09-24 15:30:23 +02:00
Simo Sorce
83b0c5d43f Fix nasty bug that would come up only if a client connection to a remote
ldap server suddenly dies.
We were creating a wrong talloc hierarchy, so the event.fde was not
freed automatically as expected. This in turn made the event system call
the ldap io handlers with a null packet structure, causing a segfault.
Fix also the ordering in ldap_connection_dead()
Thanks to Metze for the huge help in tracking down this one.
2008-09-24 01:43:57 -04:00
Stefan Metzmacher
b7d2ff38f5 s4:libcli/smb_composite: we only check the signature when the server return OK
We need to manually free the request, otherwise the timeout handler is
triggered later.

metze
2008-09-24 04:08:31 +02:00
Günther Deschner
1ea185a340 s3: fix merged_build.
Guenther
2008-09-24 03:30:50 +02:00
Günther Deschner
ed23c66bf7 s4: remove autogeneration of libcli/netlogon protos.
we do need to have them around for samba3.

Guenther
2008-09-24 01:20:42 +02:00
Günther Deschner
1147d05b47 s4-nbt: use moved libcli netlogon helpers.
Guenther
2008-09-23 23:18:00 +02:00
Günther Deschner
9d541f314f s4-libcli: move nbt/netlogon helper functions up one level.
Guenther
2008-09-23 23:17:51 +02:00
Andrew Tridgell
1c2e6978b8 fixed problem with ACLs with an empty DACL list 2008-09-23 11:17:43 -07:00
Andrew Tridgell
66092ced5e Merge branch 'master' of ssh://git.samba.org/data/git/samba 2008-09-23 11:15:46 -07:00
Stefan Metzmacher
c01426ce73 libcli/smb_composite: for spnego session setups check the smb signature manually
We need to start signing when we got NT_STATUS_OK from the server
and manually check the signature of the servers response.

This is needed as the response might be signed with the krb5 acceptor subkey,
which comes within the server response.

With NTLMSSP this happens for the session setup:

request1  => BSRSPYL		seqnum: 0
response1 => BSRSPYL		seqnum: 0
request2  => BSRSPYL		seqnum: 0
response2  => <SIGNATURE>	seqnum: 1

and with krb5:

request1  => BSRSPYL		seqnum: 0
response1  => <SIGNATURE>	seqnum: 1

metze
2008-09-23 11:30:03 +02:00
Stefan Metzmacher
8c3d969934 libcli/raw: real signing starts at seqnumber 2
metze
2008-09-23 11:30:03 +02:00
Stefan Metzmacher
7deacc615e libcli/raw: in SMB_SIGNING_ENGINE_BSRSPYL state it's ok to accept any signature
Even if signing is mandatory.

With NTLMSSP this happens for the session setup:

request1  => BSRSPYL
response1 => BSRSPYL
request2  => BSRSPYL
response2  => <SIGNATURE>

and with krb5:

request1  => BSRSPYL
response1  => <SIGNATURE>

metze
2008-09-23 11:30:03 +02:00
Stefan Metzmacher
e00ab641b4 libcli/raw: give the caller the chance to do the signing checks on its own.
metze
2008-09-23 11:30:02 +02:00
Stefan Metzmacher
781d7c4c1c libcli/raw: give the caller the chance to prevent the talloc_free(req) in the _recv functions
metze
2008-09-23 11:30:02 +02:00
Günther Deschner
a1a92688ba s4-nbt: use ../libcli/nbt
Guenther
2008-09-23 09:37:24 +02:00
Günther Deschner
6f33f3e4c2 s4-nbt: move libcli/nbt up one level.
Guenther
2008-09-23 09:37:24 +02:00