1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-23 17:34:34 +03:00
Commit Graph

457 Commits

Author SHA1 Message Date
Andrew Tridgell
9a744c634f s4-doserr: telling our users to "see Windows help" doesn't seem right 2010-11-17 23:55:39 +11:00
Volker Lendecke
eb769f2234 raw.h is only needed in the S4 build
Autobuild-User: Volker Lendecke <vlendec@samba.org>
Autobuild-Date: Tue Nov  9 14:49:14 UTC 2010 on sn-devel-104
2010-11-09 14:49:14 +00:00
Kamen Mazdrashki
717b1158a6 idl: Use DRSUAPI_ATTID_ prefix instead of DRSUAPI_ATTRIBUTE_ for ATTID values
Those values are actually ATTID values and such, they are used
for ATTIDs for Attributes, Classes and Syntaxes.
2010-10-31 23:54:04 +00:00
Jelmer Vernooij
3deece5591 s4: Remove the old perl/m4/make/mk-based build system.
The new waf-based build system now has all the same functionality, and
the old build system has been broken for quite some time.

Autobuild-User: Jelmer Vernooij <jelmer@samba.org>
Autobuild-Date: Sun Oct 31 02:01:44 UTC 2010 on sn-devel-104
2010-10-31 02:01:44 +00:00
Andrew Tridgell
eb0005dfca s4-tdb: make tdb-wrap into a private library
this prevents double linking of the tdb wrap code
2010-10-30 23:49:01 +11:00
Jelmer Vernooij
a74e8be6d1 waf: Stop automaticaly changing dashes to underscores in library names. 2010-10-26 10:17:18 -07:00
Jelmer Vernooij
8cf61377aa waf: Remove lib prefix from libraries manually. 2010-10-26 10:17:17 -07:00
Jelmer Vernooij
d9cbcdd410 s4: Drop duplicate 'lib' prefix for private libraries. 2010-10-26 10:17:16 -07:00
Andrew Bartlett
14686e4b5a libcli/security Remove unused sec_acl_equal()
This was orphaned by changing sec_desc_equal() to the stricter
security_descriptor_equal() by
f4195183a4 in 2009.

(The difference here was that sec_acl_equal allowed for equivilent ordering.  I've checked the callers, and this function is only used to skip actual ACL sets, or to reference a cache, so this seems

Autobuild-User: Andrew Bartlett <abartlet@samba.org>
Autobuild-Date: Sun Oct 24 22:21:23 UTC 2010 on sn-devel-104
2010-10-24 22:21:23 +00:00
Jelmer Vernooij
599afb0651 s4: Rename LIBCLI_NBT -> cli_nbt. 2010-10-24 00:20:04 +00:00
Jelmer Vernooij
5224de3f74 s4: Rename LIBCLI_LDAP to libcli_ldap. 2010-10-24 00:20:04 +00:00
Jelmer Vernooij
833480d3ad s4: Rename LIBSAMBA-* to libsamba-* 2010-10-24 00:20:04 +00:00
Jelmer Vernooij
ca16d805bd s4: Rename LIBSECURITY{_SESSION,} to libsecurity{_session,} 2010-10-24 00:20:04 +00:00
Jelmer Vernooij
9065f9644b s4: Rename LIBNETIF to libnetif. 2010-10-23 22:24:06 +00:00
Matthias Dieter Wallnöfer
18103d34e2 create_descriptor.c - fix comment
The location in MS-DTYPE changed.

Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org>
Autobuild-Date: Sat Oct 23 21:33:46 UTC 2010 on sn-devel-104
2010-10-23 21:33:45 +00:00
Kai Blin
eeac222398 s4 dns: Import DNS win32 error codes from MS-ERREF 2010-10-23 10:17:05 +00:00
Jeremy Allison
3e79cd6856 Fix const warning. Allocate off NULL as we always talloc_free(). 2010-10-22 17:33:03 +00:00
Andrew Tridgell
d98effffe4 libcli: LIBSECURITY depends on NDR_SECURITY
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-10-21 19:03:27 +11:00
Andrew Tridgell
2dcb596e83 s4-waf: removed dependencies on missing subsystems
these were left over from the old config.mk system
2010-10-21 19:03:24 +11:00
Andrew Tridgell
35b61c2365 libcli: make LIBCLI_NBT a private library 2010-10-21 19:03:24 +11:00
Andrew Tridgell
8709c3c0f2 libcli: make the LIBSECURITY subsystem into a private library
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-10-21 19:03:23 +11:00
Jeremy Allison
94dc63056a Now we have SeSystemSecurity, remove the source3-only #ifdef.
Jeremy.

Autobuild-User: Jeremy Allison <jra@samba.org>
Autobuild-Date: Thu Oct 21 01:35:00 UTC 2010 on sn-devel-104
2010-10-21 01:35:00 +00:00
Jeremy Allison
e00c2b3cdf Add code to implement SeSecurityPrivilege in net rpc rights, and in the
open and get/set NT security descriptor code.

Jeremy.

Autobuild-User: Jeremy Allison <jra@samba.org>
Autobuild-Date: Thu Oct 21 00:15:57 UTC 2010 on sn-devel-104
2010-10-21 00:15:57 +00:00
Matthias Dieter Wallnöfer
caf6b3686f libcli/security/access_check.c - fix a memory leak 2010-10-20 12:31:05 +00:00
Andrew Bartlett
4a8c17a41c libcli/ldap Don't try and encode a control with a NULL OID
ctrl->oid is set to NULL by the Samba4 rootDSE module when removing
controls that should not be exposed over LDAP (to avoid a realloc).

Andrew Bartlett

Autobuild-User: Andrew Bartlett <abartlet@samba.org>
Autobuild-Date: Wed Oct 20 04:13:44 UTC 2010 on sn-devel-104
2010-10-20 04:13:44 +00:00
Jeremy Allison
45794dd30a Fix shadow warning for "access" variable.
Autobuild-User: Jeremy Allison <jra@samba.org>
Autobuild-Date: Tue Oct 19 22:53:38 UTC 2010 on sn-devel-104
2010-10-19 22:53:38 +00:00
Andrew Tridgell
7197bcc513 readline: fixed the test for history_list() 2010-10-19 11:22:35 +11:00
Stefan Metzmacher
a610ce4aa6 libcli/nbt: we don't need LIBCLI_COMPOSITE anymore
metze

Autobuild-User: Stefan Metzmacher <metze@samba.org>
Autobuild-Date: Mon Oct 18 16:18:32 UTC 2010 on sn-devel-104
2010-10-18 16:18:32 +00:00
Stefan Metzmacher
820ae3d9a3 libcli/nbt: convert nbt_name_register_bcast_send/recv to tevent_req
metze
2010-10-18 15:36:16 +00:00
Stefan Metzmacher
0b8056d580 libcli/nbt: s/name_register_bcast_handler/nbt_name_register_bcast_handler
metze
2010-10-18 15:36:16 +00:00
Stefan Metzmacher
c654a6c02b libcli/nbt: s/register_bcast_state/nbt_name_register_bcast_state/
metze
2010-10-18 15:36:16 +00:00
Stefan Metzmacher
77d82fe944 libcli/nbt: move nbt_name_register_bcast_send to the top of nbt_name_register_bcast_*
metze
2010-10-18 15:36:16 +00:00
Stefan Metzmacher
e3a0463414 libcli/nbt: convert nbt_name_register_wins_send/recv to tevent_req
metze
2010-10-18 15:36:15 +00:00
Stefan Metzmacher
4f233c7ff8 libcli/nbt: s/name_register_wins_handler/nbt_name_register_wins_handler
metze
2010-10-18 15:36:15 +00:00
Stefan Metzmacher
b16681374c libcli/nbt: s/register_wins_state/nbt_name_register_wins_state
metze
2010-10-18 15:36:15 +00:00
Stefan Metzmacher
549b594c57 libcli/nbt: move nbt_name_register_wins_send() to the top of all nbt_name_register_wins_* related code
metze
2010-10-18 15:36:15 +00:00
Stefan Metzmacher
43fb7f1698 libcli/nbt: convert nbt_name_refresh_wins_send/recv to tevent_req
metze
2010-10-18 15:36:15 +00:00
Stefan Metzmacher
332f261bbf libcli/nbt: s/name_refresh_wins_handler/nbt_name_refresh_wins_handler
metze
2010-10-18 15:36:15 +00:00
Stefan Metzmacher
3ded1da8e9 libcli/nbt: s/refresh_wins_state/nbt_name_refresh_wins_state
metze
2010-10-18 15:36:15 +00:00
Stefan Metzmacher
e36e7295da libcli/nbt: move nbt_name_refresh_wins_send() to the top of all nbt_name_refresh_wins_* related code
metze
2010-10-18 15:36:15 +00:00
Stefan Metzmacher
72a8966499 libcli/util: add pipe related NT_STATUS_RPC_* codes
metze
2010-10-18 14:50:21 +02:00
Andrew Tridgell
40a6e019fd security: ensure the merge of libcli/security doesn't change s3 behaviour
Jeremy, you put a #if 0 around this logic in this commit:

  8344e945 (Jeremy Allison    2008-10-31 10:51:45 -0700 181)

is this still needed?

Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>

Autobuild-User: Andrew Tridgell <tridge@samba.org>
Autobuild-Date: Thu Oct 14 03:16:41 UTC 2010 on sn-devel-104
2010-10-14 03:16:41 +00:00
Andrew Bartlett
f7ffc12e2d libcli/security Use static SIDs rather than parsing from strings
This should make the security_token_is_*() calls a little faster.

Andrew Bartlett

Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-10-14 02:35:05 +00:00
Andrew Bartlett
a879a4610d libcli/auth Merge source4/libcli/security and util_sid.c into the common code
This should ensure we only have one copy of these core functions
in the tree.

Andrew Bartlett

Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-10-14 02:35:05 +00:00
Andrew Bartlett
8b22eefd25 libcli/security Define traditional constants in terms of IDL macros
The source3/ code uses these constants in a lot of places, and it will
take time and care to rename them, if that is desired.  Linking the
macros here will at least allow common code to use the IDL based macros,
and preserve a documentary link between the constants (other than just their value)

Andrew Bartlett

Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-10-14 02:35:05 +00:00
Andrew Bartlett
949541cc6f libcli/security Move source3/lib/util_seaccess.c into the common code
Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-10-14 02:35:05 +00:00
Andrew Bartlett
f768b32e37 libcli/security Provide a common, top level libcli/security/security.h
This will reduce the noise from merges of the rest of the
libcli/security code, without this commit changing what code
is actually used.

This includes (along with other security headers) dom_sid.h and
security_token.h

Andrew Bartlett

Autobuild-User: Andrew Bartlett <abartlet@samba.org>
Autobuild-Date: Tue Oct 12 05:54:10 UTC 2010 on sn-devel-104
2010-10-12 05:54:10 +00:00
Andrew Bartlett
0487ef0a70 libcli/security Add debug class to security_token_debug() et al
This will allow it to replace functions in source3 that use debug classes.

Andrew Bartlett
2010-10-12 02:54:16 +00:00
Andrew Bartlett
ae52f953af libcli/security Move most of security_token.c to common code.
The source4-specific session_info functions have been left in session.c

Andrew Bartlett
2010-10-12 02:54:16 +00:00
Jelmer Vernooij
2c9ebb7646 libsecurity-common: Add missing dependency on libndr. 2010-10-11 01:06:35 +02:00
Jelmer Vernooij
dc47e8dc52 libcli-auth: Remove unnecessary dependency on libsamba-hostconfig. 2010-10-11 01:06:35 +02:00
Jeremy Allison
b69bec03cc Add some const. Needed for my SD work.
Jeremy
2010-10-08 18:05:02 -07:00
Stefan Metzmacher
42d1a84a36 libcli/ldap: ldap_full_packet() requires at least 6 bytes
metze
2010-10-04 14:05:15 +00:00
Günther Deschner
0ff7e0c998 samba: share readline wrappers among all buildsystems.
Guenther
2010-10-01 22:30:22 +02:00
Stefan Metzmacher
9d4df79080 libcli/ldap: correctly marshall LDAP Unbind PDUs
metze
2010-09-27 08:24:35 +02:00
Stefan Metzmacher
95b56aabcb libcli/ldap: let ldap_full_packet() use asn1_peek_tag_needed_size()
This allows us to read a full packet without read byte after byte
or possible read to much.

metze
2010-09-26 06:45:40 +02:00
Stefan Metzmacher
e628bf1081 libcli/util: let tstream_read_pdu_blob_* cope with variable length headers
metze
2010-09-26 06:45:38 +02:00
Simo Sorce
678993470f libcli: fix compile warning
Signed-off-by: Günther Deschner <gd@samba.org>
2010-09-23 10:54:24 -07:00
Steven Danneman
bf1a4b2bc4 s4:libcli:smb2 Rename pending_id to async_id and make 64-bit
Match MS-SMB2 - 2.2.1.1   SMB2 Packet Header - ASYNC
2010-09-22 17:52:53 -07:00
Andrew Bartlett
ccbcffadb6 libcli/ldap Add const to ldap_encode_ndr_dom_sid()
Signed-off-by: Günther Deschner <gd@samba.org>
2010-09-20 15:06:30 -07:00
Günther Deschner
4006160179 libcli: add dom_sid_compare_domain()
Guenther
2010-09-20 14:03:13 -07:00
Kamen Mazdrashki
1fac1f0d28 werror: Add W_ERROR_HAVE_NO_MEMORY_AND_FREE() macro 2010-09-18 15:09:46 +03:00
Andrew Bartlett
6832d5e933 libcli/auth/ntlmssp Be clear about talloc parents for session keys
The previous API was not clear as to who owned the returned session key.
This fixes a valgrind-found use-after-free in the NTLMSSP key derivation code,
and avoids making allocations - we steal and zero instead.

Andrew Bartlett

Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-16 21:09:17 +10:00
Andrew Tridgell
5a0bb2234e cldap: prevent crashes when freeing cldap socket
As a callback may destroy the cldap socket we need to ensure we don't
reference the cldap structure after the callback

Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-09-15 15:39:36 +10:00
Andrew Tridgell
4ff452151a cldap: use ipv4 not up for unbound cldap sockets
If we use "ip" we end up with a PF_INET6 socket which breaks sendto()
for v4 addresses.
2010-09-15 15:39:35 +10:00
Andrew Tridgell
67ac8555b1 s4-auth: set the RODC bit for RODC schannel
When we are using SEC_CHAN_RODC we need to set the
NETLOGON_NEG_RODC_PASSTHROUGH bit in the negotiated flags in
ServerAuthenticate2

Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-09-15 15:39:34 +10:00
Jeremy Allison
55b315094e Fix string_to_sid() to allow non '\0' termination of the string - allows
string_to_sid() to be used in formatted strings like FOO/S-1-5-XXXX-YYYY/BAR.

Jeremy.
2010-09-14 14:48:50 -07:00
Andrew Bartlett
46f585e364 libcli/security Use sid_append_rid() in dom_sid_append_rid()
This ensures that the maximum number of sub-authorities is respected,
otherwise we may run off the end of the array.

Andrew Bartlett
2010-09-14 14:48:49 -07:00
Andrew Bartlett
51ecf79654 libcli/security Merge source3/ string_to_sid() to common code
The source3 code repsects the limit of a maximum of 15 subauths,
while the source4 code does not, creating a security issue as
we parse string-form SIDs from clients.

Andrew Bartlett
2010-09-14 14:48:49 -07:00
Volker Lendecke
8768f627dc ntlm_check: Fix some nonempty blank lines 2010-09-13 18:39:30 +02:00
Matthias Dieter Wallnöfer
b9b93b845c libcli/auth/schannel_state_tdb.c - fix includes
Otherwise we get a "declared inside parameter list" warning.
2010-09-11 12:53:21 +02:00
Andrew Bartlett
fdcadb5c3c libcli/privileges Fix comment 2010-09-11 18:46:13 +10:00
Andrew Bartlett
0eea8ecfe2 s4-privs Seperate rights and privileges
These are related, but slightly different concepts.  The biggest difference
is that rights are not enumerated as a system-wide list.

This moves the rights to security.idl due to dependencies.

Andrew Bartlett
2010-09-11 18:46:13 +10:00
Andrew Bartlett
ee943fb2bf libcli/security Remove unused SE_NONE define
Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-11 18:46:13 +10:00
Andrew Bartlett
eb6a0cc326 libcli/security Move 'private' privileges functions to another header
These functions work on the bitmap, and are only exposed because
the source3/ privileges storage uses the bitmap in account_policy.tdb

Andrew Bartlett

Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-11 18:46:13 +10:00
Andrew Bartlett
6d2b1ef71d libcli/security Remove 'always true' return from se_priv_put_all_privileges
Andrew Bartlett

Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-11 18:46:13 +10:00
Andrew Bartlett
eb84c7ac90 libcli/auth Failure to find the cached session key for SCHANNEL isn't level 0
This happens all the time, particularly now that we don't keep the
db around after a reboot.  Don't scare the admins with the level 0.

Andrew Bartlett

Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-11 18:46:12 +10:00
Andrew Tridgell
382e2b321b privileges: privilege luids are not all below 64
the ones brought across from s3 have higher values

Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-09-11 18:46:12 +10:00
Andrew Bartlett
a32cdadb7c libcli/security Make sec_privilege_from_index() return SEC_PRIV_INVALID on failure
This is clearer and more consistent than using a magic -1 return

Andrew Bartlett

Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-11 18:46:11 +10:00
Andrew Bartlett
0b41ef7895 libcli/security Remove unused declarations from privileges.h
Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-11 18:46:11 +10:00
Andrew Bartlett
71832a404e libcli/security Expose sec_privilege_mask()
Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-11 18:46:11 +10:00
Andrew Bartlett
6d78e11e17 libcli/security make sec_privilege_id() return SEC_PRIV_INVALID on failure.
Andrew Bartlett

Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-11 18:46:10 +10:00
Andrew Bartlett
8ff6bc2350 libcli/security Remove unused functions and constants.
All the callers to these functions have been removed or reworked.

Andrew Bartlett

Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-11 18:46:10 +10:00
Andrew Bartlett
a53a42ffb8 libcli/security Rename all privilege bitmaps constants
The idea here to to make it very clear how they differ from the
enumerated LUID values.

Andrew Bartlett

Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-11 18:46:10 +10:00
Andrew Bartlett
2bb7b827d6 libcli/security Remove luid_to_se_priv() and luid_to_privilege_name()
These functions duplicate other functions in the merged code.

Andrew Bartlett

Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-11 18:46:10 +10:00
Andrew Bartlett
aab0b557b9 libcli/security Improve dump of privileges: Just walk the table
This removes some logic recently added that was just too smart - it
is easier to just walk the table and do a bit match here.

Andrew Bartlett

Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-11 18:46:09 +10:00
Andrew Bartlett
0e2142a927 s3-privs Remove pointer indirection from se_priv_to_privilege_set()
Andrew Bartlett

Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-11 18:46:09 +10:00
Andrew Bartlett
cbd72ab93b libcli/security Don't export privs[] as a global variable
Instead, provide access functions for the LSA and net sam callers
for the information they need.

They still only enumerate the first 8 privileges that have traditionally
been exposed.

Andrew Bartlett

Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-11 18:46:08 +10:00
Andrew Bartlett
3c93d1ecbf libcli/security Merge privilege lists from source3 and source4
The LSA enumeration in source3 will not show the new privileges,
but otherwise, they are now in common, and can be set by name.

Andrew Bartlett

Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-11 18:46:08 +10:00
Andrew Bartlett
d2e41105e2 libcli/security Return number of entries in the old source3 list
This ensures there isn't a behaviour change when the source3 list is combined
with the longer source4 list.

Andrew Bartlett

Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-11 18:46:08 +10:00
Andrew Bartlett
eb8e3155de libcli/privileges Simplify get_privilege_luid() to return just the enum
As Samba only deals with the lower 32 bits of the LUID, just return those
and let the LSA layer deal with the upper 0 bits.

Andrew Bartlett

Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-11 18:46:08 +10:00
Andrew Bartlett
cdda15c062 libcli/security Don't memcpy a uint64_t value, just assign it.
Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-11 18:46:08 +10:00
Andrew Bartlett
780de03f00 libcli/security Use ARRAY_SIZE() consistantly.
This avoids the use of SE_END, and has all callers walking the
array using the same termination condition.

Andrew Bartlett

Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-11 18:46:08 +10:00
Andrew Bartlett
66ac968dd5 libcli/security Fix and clarify privilege manipulation function comments
Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-11 18:46:07 +10:00
Andrew Bartlett
9fb92c6014 libcli/security Make the two privileges tables share a common struct definition
Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-11 18:46:07 +10:00
Andrew Bartlett
dbee98d30f libcli/security Move source4/ privileges code into the common libcli/security
Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-11 18:46:07 +10:00
Andrew Bartlett
0d25212cc1 s3-privs Move manual prototypes to common privileges.h
Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-11 18:46:07 +10:00
Andrew Bartlett
b29b6c13a3 s3-privs Inline dump_se_priv into callers now that it's just a uint64_t
The previous 128 bit structure needed this helper function.

Andrew Bartlett

Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-11 18:46:07 +10:00
Andrew Bartlett
f85b822bd4 libcli/security Use talloc_realloc() not TALLOC_REALLOC_ARRAY()
Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-11 18:46:07 +10:00
Andrew Bartlett
3f589c2155 libcli/security Use C99 types
Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-11 18:46:07 +10:00
Andrew Bartlett
b0690d6da7 libcli/security Use true and false, not True and False
Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-11 18:46:06 +10:00
Andrew Bartlett
f20bba97d8 s3-privs Move source3/ privileges implmentation into common
Andrew Bartlett

Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-11 18:46:06 +10:00
Matthias Dieter Wallnöfer
5c33ef2758 s3/s4:libcli/tstream - add more "char *" casts in order to suppress Solaris warnings 2010-09-10 22:45:49 +02:00
Günther Deschner
fe30e35967 libcli/netlogon: add LOGON_REQUEST handling to pull_nbt_netlogon_response().
Guenther
2010-09-09 23:07:10 +02:00
Günther Deschner
9a1dbe04a8 libcli/netlogon: add LOGON_RESPONSE2 to pull_nbt_netlogon_response().
Guenther
2010-09-09 23:07:10 +02:00
Günther Deschner
daa948df2b libcli/netlogon: add NETLOGON_RESPONSE2 to push_nbt_netlogon_response().
Guenther
2010-09-09 23:07:10 +02:00
Matthias Dieter Wallnöfer
1991c2a8ee libcli/auth/ntlm_check.c - fix parameter indentation 2010-08-26 21:06:07 +02:00
Jelmer Vernooij
e260965929 manpages: Avoid using Samba-Team specific DTD, which requires net access
or modification of /etc/catalogs.
2010-08-26 04:04:37 +02:00
Günther Deschner
898c612335 s3-dcerpc: avoid talloc_move on schannel creds in cli_rpc_pipe_open_schannel_with_key().
Initially, the schannel creds were talloc memduped, then, during the netlogon
creds client merge (baf7274fed) they were first
talloc_referenced and then later (53765c81f7)
talloc_moved.

The issue with using talloc_move here is that users of that function in winbind
will only be able to have two schanneled connections, as the cached schannel
credentials pointer from the netlogon pipe will be set to NULL. Do a deep copy
of the struct instead.

Guenther
2010-08-24 02:04:27 +02:00
Matthias Dieter Wallnöfer
7ffae93762 werror.h - fix order and duplicate DS error codes 2010-08-14 19:41:46 +02:00
Günther Deschner
feb432292e ntlmssp: fix unitialized variable in ntlmssp_server_postauth().
Guenther
2010-08-12 16:28:10 +02:00
Volker Lendecke
f62756e8f0 Fix a typo 2010-08-12 08:07:50 +02:00
Andrew Bartlett
75adca63f2 libcli/auth Make the source3/ implementation of the NTLMSSP server common
This means that the core logic (but not the initialisation) of the
NTLMSSP server is in common, but uses different authentication backends.

Andrew Bartlett

Signed-off-by: Günther Deschner <gd@samba.org>
2010-08-10 16:22:04 +02:00
Günther Deschner
78fa58f8c3 libcli/auth/ntlmssp: remove outdated comment. The version flag is well understood now.
Guenther
2010-08-10 11:56:33 +02:00
Andrew Bartlett
1e83b36afb libcli/auth Move some source3/ NTLMSSP functions to the common code.
libcli/auth Use true and false rather than True and False in common code

Andrew Bartlett

Signed-off-by: Günther Deschner <gd@samba.org>
2010-08-10 11:56:33 +02:00
Andrew Tridgell
6b266b85cf s4-loadparm: 2nd half of lp_ to lpcfg_ conversion
this converts all callers that use the Samba4 loadparm lp_ calling
convention to use the lpcfg_ prefix.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
2010-07-16 18:24:27 +10:00
Günther Deschner
5f8678f34b libcli/netlogon: re-enable debugging.
Now that we do not share binary objects anymore, we can safely enable
debugging here again.

Guenther

This reverts commit 3eb122069b.
2010-07-16 02:37:51 +02:00
Günther Deschner
3f453f73a8 s3-libads: move spnego defines to their appropriate header file.
Guenther
2010-07-01 23:20:40 +02:00
Andreas Schneider
45fc728498 libcli: Fixed a build warning for a missing prototype. 2010-06-30 10:26:59 +02:00
Andrew Bartlett
c84b74dddd schannel Change to TDB_CLEAR_IF_FIRST to reduce fsync()
By making this DB TDB_NOSYNC, and by making that safe with
TDB_CLEAR_IF_FIRST, we greatly reduce the fsync() load on the server.

This particularly helps the source4/ 'make test', which otherwise tries
to disable fsync() in ldb.

Andrew Bartlett

Signed-off-by: Jeremy Allison <jra@samba.org>
2010-06-25 12:00:36 -07:00
Andrew Bartlett
825b2f456c libcli/auth make open_schannel_session_store() public
This will allow TDB_CLEAR_IF_FIRST to be used

Signed-off-by: Jeremy Allison <jra@samba.org>
2010-06-25 11:57:23 -07:00
Stefan Metzmacher
eb3ee7801f libcli/named_pipe_auth: fix error handling in _tstream_npa_connect_recv()
metze
2010-06-21 16:20:25 +02:00
Stefan Metzmacher
67a24fe933 libcli/named_pipe_auth: fix memory handling for temporary data
In a tevent_req based function tevent_req_create() should be the first
function! If it fails it's the only reason, why the function
could every return NULL.

And all temporary data belongs to 'state' and gets free'ed by
tevent_req_received() in the _recv function.

metze
2010-06-21 16:16:15 +02:00
Matthias Dieter Wallnöfer
276a1a7fec s3/s4 - remove "talloc_tos()" from common code since s4 doesn't support it
Please don't use this in common code parts until we change the policy regarding
it.
2010-06-21 12:35:51 +02:00
Brendan Powers
d3a99579f6 libcli: Fixed a segfault in security_acl_dup when the acl is NULL.
This can happen when duplicating a security descriptor that is missing either sacls or dacls.

Signed-off-by: Matthias Dieter Wallnöfer <mdw@samba.org>
2010-06-19 22:20:48 +02:00
Jeremy Allison
c705c35076 Fix warning messages about unused result of talloc_move. We're really talloc_steal'ing here. 2010-06-14 16:26:13 -07:00
Andrew Bartlett
d25e9ab9a1 named_pipe_auth Always lower case the incoming pipe name
Windows connects to an upper case NETLOGON pipe, and we can't find the
socket to connect to until we lower case the name.

Andrew Bartlett
2010-06-07 23:34:28 +10:00
Andrew Bartlett
fdc6db34ca s4:ntlmssp Use common code for ntlmssp_sign.c
The common code does not have a mem_ctx on ntlmssp_check_packet() and
ntlmssp_unseal_packet().

We do however need some internal working of the code exposed, so some
structures are moved to ntlmssp_sign.h

Andrew Bartlett
2010-06-01 17:11:24 +10:00
Andrew Bartlett
62708fbd1b s3:ntlmssp Move ntlmssp_sign.c from source3 to common code.
This needs a small re-arrangement of the supporting code.

Andrew Bartlett

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Günther Deschner <gd@samba.org>
2010-05-31 15:11:36 +02:00
Andrew Bartlett
ebae21f023 ntlmssp: Make the ntlmssp.h from source3/ a common header
The code is not yet in common, but I hope to fix that soon.

Andrew Bartlett

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Günther Deschner <gd@samba.org>
2010-05-31 15:10:56 +02:00
Günther Deschner
c00407bd35 libcli/nbt/lmhosts: fix missing prototype warning.
Andrew, please check.

Guenther
2010-05-31 11:25:24 +02:00
Simo Sorce
b7159e6ffd named_pipe_auth: implement tstream_npa_accept_existing_send/recv
Pair-programmed-with: Stefan Metzmacher <metze@samba.org>
2010-05-26 09:23:47 +02:00
Jeremy Allison
b2a7ad8c95 Make DFS work over SMB2.
Jeremy.
2010-05-21 16:56:10 -07:00
Jeremy Allison
2d46e07c47 Fix what looks like a cut-and-paste error in our read_negTokenInit() function.
We should never be calling asn1_push_XXX functions inside an asn1
reading function. Change asn1_push_tag() -> asn1_start_tag() and
asn1_pop_tag() -> asn1_end_tag(). This allows us to connect to a
NetApp filer at the Microsoft plugfest.

Andrew PLEASE CHECK !

Jeremy.
2010-05-20 14:50:16 -07:00
Jeremy Allison
b0d7a3d123 Thanks to Andrew Bartlett's advice, fix the NTLMSSP version problem the correct way.
No more magic blobs :-). Use ndr_push_struct_blob() to
push a properly formatted VERSION struct.

Jeremy.
2010-05-19 10:36:39 -07:00
Jelmer Vernooij
b8268cf7b0 s3: Remove use of iconv_convenience. 2010-05-18 11:45:31 +02:00
Jelmer Vernooij
f9ca9e46ad Finish removal of iconv_convenience in public API's. 2010-05-18 11:45:30 +02:00
Jelmer Vernooij
fc336590dc Remove the copy of ldb from Samba 3.
There were two utility functions that other parts of Samba 3
still relied on; they have been moved to lib/ldb_compat.[ch].
2010-05-06 11:34:30 +02:00
Stefan Metzmacher
21ec116bbf libcli/named_pipe_auth: we need to hide length of the message mode header from the caller
metze
2010-04-28 15:45:38 +02:00
Matthias Dieter Wallnöfer
eceffe6909 nbt: samlogon/netlogon structures - unify denominations 2010-04-27 18:45:41 +02:00
Günther Deschner
ee1b8e5ede registry: add some shared registry helper functions.
Guenther
2010-04-27 16:42:14 +02:00
Andrew Tridgell
211bf1ea17 s4-waf: removed the unused installdir= option to SAMBA_BINARY()
This was left over from the automatic conversion of the config.mk
files
2010-04-18 21:47:00 +10:00
Volker Lendecke
4d84dab21d libcli/auth: Fix an uninitialized variable
value.dptr was used uninitialized in the "goto done;"
2010-04-11 22:57:25 +02:00
Andrew Tridgell
b690fedef5 s4-waf: removed the AUTOGENERATED markers
we won't be using the mk -> wscript generator again
2010-04-06 20:27:16 +10:00
Andrew Tridgell
b0fb567f04 s4-waf: more dependencies on talloc
these are needed so we can support a system talloc without using the
bundled talloc.h
2010-04-06 20:27:13 +10:00
Andrew Tridgell
b9aa63887c s4-waf: cleanup use of LIBPOPT vs popt dependency 2010-04-06 20:27:13 +10:00
Andrew Tridgell
01682f797f s4-waf: fixed some deps now we don't auto-include tevent and replace
this is preparation for being able to use system versions of these
libraries
2010-04-06 20:27:12 +10:00
Andrew Tridgell
f9eae32f4b s4-waf: mark the wscript files as python so vim/emacs knows how to highlight them 2010-04-06 20:27:11 +10:00
Andrew Tridgell
aa5e08eb83 s4-waf: install the rest of the headers 2010-04-06 20:27:09 +10:00
Andrew Tridgell
844acb2260 build: waf quicktest nearly works
Rewrote wafsamba using a new dependency handling system, and started
adding the waf test code
2010-04-06 20:26:48 +10:00