1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-25 23:21:54 +03:00
Commit Graph

3626 Commits

Author SHA1 Message Date
Volker Lendecke
fc77ee5171 s3: Fix Coverity ID 242710 Untrusted pointer read
According to susv3 we have to make sure that we call isupper with
values only in the range of an unsigned char. This is best achieved
by automatic narrowing through assignment.
2012-05-15 21:37:17 +02:00
Stefan Metzmacher
b4abd3faaf s3-auth: remove "security=server" (depricated since 3.6)
"security=server" has a lot of problems in the world with
modern security (ntlmv2 and krb5). It was also not very
reliable, as it needed a stable connection to the password
server for the lifetime of the whole client connection!

Please use "security=domain" or "security=ads" is you
authentication against remote servers (domain controllers).

metze
                       --------------
                      /              \
                     /      REST      \
                    /        IN        \
                   /       PEACE        \
                  /                      \
                  |      SEC_SERVER      |
                  |    security=server   |
                  |                      |
                  |                      |
                  |       12 May         |
                  |                      |
                  |        2012          |
                 *|     *  *  *          | *
        _________)/\\_//(\/(/\)/\//\/\///|_)_______
2012-05-15 08:18:28 +02:00
Volker Lendecke
aa220c4981 s3: Fix Coverity ID 242725 Uninitialized scalar variable
Not a functional bug, but we copy all of the "key" structure inside
dcerpc_winreg_CreateKey.
2012-05-10 09:11:57 +02:00
Volker Lendecke
dead2168a2 s3: Fix Coverity ID 242726 Uninitialized scalar variable
Not a functional bug, but we copy all of the "key" structure inside
dcerpc_winreg_OpenKey.
2012-05-10 09:11:57 +02:00
Volker Lendecke
4e05717559 s3: Fix Coverity ID 242754 Dereference null return value 2012-05-10 09:11:57 +02:00
Karolin Seeger
48d57d7636 s3-net: Fix typo in comment.
Karolin
2012-05-08 16:46:33 +02:00
Christof Schmitt
be8180e030 net: Let get*sid return error from passdb init
When initialize_password_db returns an error this means that the SID
stored in the backend cannot be read. Return this error directly
instead of creating a random SID through get_global_sam_sid.

Autobuild-User: Volker Lendecke <vl@samba.org>
Autobuild-Date: Mon Apr 30 13:07:20 CEST 2012 on sn-devel-104
2012-04-30 13:07:20 +02:00
Gregor Beck
36cb40ef2b s3:registry: remove usage of reg_objects from net_rpc_printer.c
Signed-off-by: Andreas Schneider <asn@samba.org>
2012-04-25 14:23:04 +02:00
Gregor Beck
4eb4f75371 s3:eventlogadm make a transaction for addsource
Signed-off-by: Andreas Schneider <asn@samba.org>
2012-04-25 14:23:03 +02:00
Gregor Beck
c6224e46aa s3:eventlogadm reimplement addsource using reg_api
Signed-off-by: Andreas Schneider <asn@samba.org>
2012-04-25 14:22:17 +02:00
Volker Lendecke
d38a171a43 s3: Attempt to fix the build without kerberos
Autobuild-User: Volker Lendecke <vl@samba.org>
Autobuild-Date: Tue Apr 24 15:04:14 CEST 2012 on sn-devel-104
2012-04-24 15:04:13 +02:00
Simo Sorce
08c733d75f Make krb5 wrapper library common so they can be used all over 2012-04-23 19:20:38 -04:00
Michael Adam
c0ba8295f2 s3:smbcontrol: remove an unused variable
Autobuild-User: Michael Adam <obnox@samba.org>
Autobuild-Date: Sat Apr 21 00:55:13 CEST 2012 on sn-devel-104
2012-04-21 00:55:09 +02:00
Michael Adam
499e7372be s3:id_cache: do not use the in-memory idmap cache (it is going to be removed)
This also removes the ID_CACHE_FLUSH message.
2012-04-20 23:17:36 +02:00
Volker Lendecke
1be6d849ab s3-g_lock: Use dbwrap_record_watch_send/recv
This simplifies the g_lock implementation. The new implementation tries to
acquire a lock. If that fails due to a lock conflict, wait for the g_lock
record to change. Upon change, just try again. The old logic had to cope with
pending records and an ugly hack into ctdb itself. As a bonus, we now get a
really clean async g_lock_lock_send/recv that can asynchronously wait for a
global lock. This would have been almost impossible to do without the
dbwrap_record_watch infrastructure.
2012-04-19 22:24:19 +02:00
Volker Lendecke
1b5b38a615 s3-dbwrap: Add "listwatchers" to dbwrap_tool 2012-04-19 22:24:19 +02:00
Volker Lendecke
3f18316358 s3: Fix Coverity ID 2727 to 2740 -- UNINIT 2012-04-19 20:52:27 +02:00
Volker Lendecke
9ce9389b29 s3: Fix a "ISO C90 forbids mixed declarations and code"
Autobuild-User: Volker Lendecke <vl@samba.org>
Autobuild-Date: Thu Apr 19 10:32:27 CEST 2012 on sn-devel-104
2012-04-19 10:32:27 +02:00
Volker Lendecke
8ed7ff483c s3: Add smbstatus -N to output the notify db
Autobuild-User: Volker Lendecke <vl@samba.org>
Autobuild-Date: Tue Apr 17 11:54:35 CEST 2012 on sn-devel-104
2012-04-17 11:54:35 +02:00
Volker Lendecke
ee4f2abbda s3: Add "notify-cleanup" to smbcontrol
This triggers a notify cleanup run which would normally only run periodically
2012-04-17 10:21:03 +02:00
Björn Baumbach
7ff42f3746 s3-utils: add do_reload_printers command to smbcontol
Add command to force smbd to reload printers by sending MSG_PRINTER_PCAP.
2012-04-06 08:19:13 +02:00
Andrew Bartlett
f6e0532024 build: Remove SMB_STRUCT_DIR define 2012-04-05 02:39:09 +02:00
Andrew Bartlett
2320b2144f build: Remove SMB_STRUCT_DIRENT define 2012-04-05 02:39:09 +02:00
Andrew Bartlett
3e8a6e5760 build: Remove sys_closedir wrapper 2012-04-05 02:39:09 +02:00
Andrew Bartlett
afdb78075c build: Remove sys_readdir wrapper 2012-04-05 02:39:09 +02:00
Andrew Bartlett
fe526bb32b build: Remove sys_opendir wrapper 2012-04-05 02:39:09 +02:00
Andrew Bartlett
d166b79852 build: Remove sys_open wrapper 2012-04-05 02:39:08 +02:00
Andrew Bartlett
1c7c432874 s3-ntlm_auth: use manage_gensec_request for squid-2.5-ntlmssp
Signed-off-by: Stefan Metzmacher <metze@samba.org>
2012-04-03 17:47:32 +02:00
Andrew Bartlett
f3b005e759 s3-auth: Order GENSEC mechs by priority, krb5 before NTLMSSP
Otherwise, really simple clients (such as the current ntlm_auth gss-spnego client)
will not select krb5.

Andrew Bartlett

Signed-off-by: Stefan Metzmacher <metze@samba.org>
2012-04-03 17:47:32 +02:00
Andrew Bartlett
893387d25f s3-ntlm_auth: add ntlm_auth_generate_session_info_pac()
Andrew Bartlett

Signed-off-by: Stefan Metzmacher <metze@samba.org>
2012-04-03 17:47:32 +02:00
Andrew Bartlett
4ccac90793 s3-ntlm_auth Use GENSEC for gss-spnego server
This imports the gensec handling code from the source4 ntlm_auth, which
will eventually be used for all the NTLMSSP and SPNEGO clients and servers
but which is only used for gss-spnego for now.

Andrew Bartlett

Signed-off-by: Stefan Metzmacher <metze@samba.org>
2012-04-03 17:47:31 +02:00
Jeremy Allison
959516d61b More strlcat/strlcpy truncate checks. 2012-03-30 21:26:07 +02:00
Jelmer Vernooij
c9fb33697d use usleep rather than sys_usleep in various places, in anticipation of usleep moving to libreplace. 2012-03-24 22:41:05 +01:00
Andrew Bartlett
49bb7f248a s3-krb5: Remove GSS_WRAP_IOV conditional
We already confirm that we have this functionality before we set HAVE_KRB5 at
configure time.

Andrew Bartlett
2012-03-15 09:29:02 +11:00
Björn Jacke
7bd1dc5dd5 s3: fix build on AIX
Autobuild-User: Björn Jacke <bj@sernet.de>
Autobuild-Date: Sat Mar 10 19:07:20 CET 2012 on sn-devel-104
2012-03-10 19:07:20 +01:00
Andrew Bartlett
d7bb961859 s3-auth: Remove security=share (depricated since 3.6).
This patch removes security=share, which Samba implemented by matching
the per-share password provided by the client in the Tree Connect with
a selection of usernames supplied by the client, the smb.conf or
guessed from the environment.

The rationale for the removal is that for the bulk of security=share
users, we just we need a very simple way to run a 'trust the network'
Samba server, where users mark shares as guest ok.  This is still
supported, and the smb.conf options are documented at
https://wiki.samba.org/index.php/Public_Samba_Server

At the same time, this closes the door on one of the most arcane areas
of Samba authentication.

Naturally, full user-name/password authentication remain available in
security=user and above.

This includes documentation updates for username and only user, which
now only do a small amount of what they used to do.

Andrew Bartlett

                       --------------
                      /              \
                     /      REST      \
                    /        IN        \
                   /       PEACE        \
                  /                      \
                  |      SEC_SHARE       |
                  |    security=share    |
                  |                      |
                  |                      |
                  |       5 March        |
                  |                      |
                  |        2012          |
                 *|     *  *  *          | *
        _________)/\\_//(\/(/\)/\//\/\///|_)_______
2012-03-04 23:33:05 +01:00
Matthieu Patou
7916d64bbd s3: print a nice warning when HAVE_ADS is not enabled but you still try to do net rpc keytab vampire 2012-03-04 07:55:46 +01:00
Andrew Bartlett
74c6d2bcf4 s3-ntlm_auth fix up gss-spnego-client so as to work with gss-spnego
The SPNEGO code changed since this was last tested.

Andrew Bartlett
2012-03-01 22:04:45 +11:00
Andrew Bartlett
4dae0e7ec5 s3-ntlm_auth: Wrap kerberos token in GSSAPI
While windows will accept this ticket without the wrapping, it is
nicer to follow the standard and wrap it up in GSSAPI.

This should allow the ntlm_auth gss-spnego-client to talk to
the ntlm_auth gss-spengo server.

Reported by Christof Schmitt <christof.schmitt@us.ibm.com>

Andrew Bartlett
2012-03-01 22:04:45 +11:00
Andrew Bartlett
5b700cb0e3 s3-ntlm_auth: Add --target-service and --target-hostname options
This will allow the gss-spnego-client protocol to work with modern
SPNEGO servers that do not send the principal in the mechListMIC.

Andrew Bartlett
2012-03-01 22:04:45 +11:00
Jeremy Allison
0e6213b1ae Remove unused function. 2012-02-24 09:25:30 -08:00
Andrew Bartlett
9de7fb8706 s3-ntlm_auth: Convert ntlm_auth to use gensec_ntlmssp server-side
This uses the common gensec_ntlmssp server code for ntlm_auth, removing
the last non-gensec use of the NTLMSSP server.

Andrew Bartlett
2012-02-24 11:23:18 +11:00
Andrew Bartlett
1c7725ae8a s3-utils: Remove unused connect_to_ipc_krb5()
Found by callcatcher.

Andrew Bartlett
2012-02-23 16:14:19 +11:00
Andrew Bartlett
f91c616176 s3-ntlm_auth: allow ntlm_auth --diagnostics to pass again
This still requires that the server permit LM passwords, but our s3dc test
environment has this enabled.

Andrew Bartlett
2012-02-20 10:50:48 +11:00
Christopher R. Hertel (crh)
b5b204184a Rename obscure defined constants.
Replaced the undescriptive SMB_PORT1 and SMB_PORT2 defined constants
with the slightly more descriptive names NBT_SMB_PORT and TCP_SMB_PORT.
Also replaced several hard-coded references to the well-known port
numbers (139 and 445, respectively) as appropriate.

Small changes to clarify some comments regarding the two transport
types.

Signed-off-by: Simo Sorce <idra@samba.org>

Autobuild-User: Simo Sorce <idra@samba.org>
Autobuild-Date: Thu Feb 16 08:29:41 CET 2012 on sn-devel-104
2012-02-16 08:29:41 +01:00
Andreas Schneider
419e92b149 s3-net: Don't use an internal krb5 for kdc lookup.
This replaces the use of the internal krb5_locate_kdc() function with
our own get_kdc_list() function.

Signed-off-by: Günther Deschner <gd@samba.org>
2012-02-09 12:42:30 +01:00
Jeremy Allison
571ee0b1ff Only ask for specific permissions required when setting an ACL.
Autobuild-User: Jeremy Allison <jra@samba.org>
Autobuild-Date: Fri Feb  3 03:07:33 CET 2012 on sn-devel-104
2012-02-03 03:07:32 +01:00
Michael Adam
8972c92342 s3:net ads join: remove a useless empty comment block
Autobuild-User: Michael Adam <obnox@samba.org>
Autobuild-Date: Tue Jan 31 18:37:45 CET 2012 on sn-devel-104
2012-01-31 18:37:45 +01:00
Michael Adam
976672bf80 s3:net ads join: add a comment for the call to _net_ads_join_dns_update() 2012-01-31 17:00:30 +01:00
Michael Adam
be312e76d2 s3:net ads join: reduce indentation in _net_ads_join_dns_updates() 2012-01-31 17:00:30 +01:00