1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-24 21:34:56 +03:00
Commit Graph

295 Commits

Author SHA1 Message Date
Simo Sorce
2e28edd233 r1771: OK Let's add tests for ldap.
Thanks to Metze and Volker for their unvaluable support :)
(This used to be commit e6a6c0737a)
2007-10-10 12:57:56 -05:00
Stefan Metzmacher
fa8d37adae r1756: merge volkers ldap client lib to samba4 for simo to start with the
ldap server code

it's not compiled in yet...

metze
(This used to be commit 48939adca1)
2007-10-10 12:57:54 -05:00
Andrew Bartlett
8ed563cfbb r1723: Make sure we bail out on error in reading a OID.
Andrew Bartlett
(This used to be commit 6da7b65851)
2007-10-10 12:57:50 -05:00
Stefan Metzmacher
c5fbb6f23c r1654: rename cli_ -> smbcli_
rename CLI_ -> SMBCLI_

metze
(This used to be commit 8441750fd9)
2007-10-10 12:57:47 -05:00
Andrew Bartlett
f607197054 r1498: (merge from 3.0)
Rework our random number generation system.

On systems with /dev/urandom, this avoids a change to secrets.tdb for every fork().

For other systems, we now only re-seed after a fork, and on startup.
No need to do it per-operation.  This removes the 'need_reseed'
parameter from generate_random_buffer().

This also requires that we start the secrets subsystem, as that is
where the reseed value is stored, for systems without /dev/urandom.

In order to aviod identical streams in forked children, the random
state is re-initialised after the fork(), at the same point were we do
that to the tdbs.

Andrew Bartlett
(This used to be commit b97d3cb2ef)
2007-10-10 12:57:35 -05:00
Andrew Bartlett
b359f5d893 r1352: Add a 'peek' function to our ASN1 code, so we can safely perform the
various switches without looking one byte past te end of the buffer.
(This used to be commit 5bce188d42)
2007-10-10 12:56:52 -05:00
Volker Lendecke
0fa0eaa383 r1342: When fixing _lsa_lookupsids in samba3 I wanted to find out the number of SIDs
w2k3 can handle in a single request. With the samba3 client rpc libs I can do
about 21000 SIDs in a single request. test_many_LookupSIDs with 10000 SIDs
fails on the subsequent request with a NET_WRITE_FAULT. Maybe the Samba4 DCE
people want to take a look at this -- I don't see the problem.

Bug fix: SID components should be treated as unsigned when parsing

Volker
(This used to be commit 8c997a2ad2)
2007-10-10 12:56:51 -05:00
Stefan Metzmacher
25bf685da5 r1274: revert -r 1239 as discussed with abartlet
metze
(This used to be commit 52e2d03825)
2007-10-10 12:56:48 -05:00
Tim Potter
37fcf22364 r1268: varient -> variant
(This used to be commit de5984c956)
2007-10-10 12:56:46 -05:00
Stefan Metzmacher
81db9ef442 r1239: move the old msrpc_<gen|parse>() functions to ndr_<push|pull>_format_blob()
simular to ndr_<push|pull>_struct_blob()

metze
(This used to be commit b25dd341e0)
2007-10-10 12:56:46 -05:00
Andrew Bartlett
be081037e0 r1200: Add 'gensec', our generic security layer.
This layer is used for DCERPC security, as well as ntlm_auth at this
time.  It expect things like SASL and the CIFS layer to use it as
well.

The particular purpose of this layer is to introduce SPENGO, which
needs generic access to the actual implementation mechanisms.

Schannel, due to it's 'interesting' setup properties is in GENSEC, but
is only in the RPC code.

Andrew Bartlett
(This used to be commit 902af49006)
2007-10-10 12:56:44 -05:00
Andrew Bartlett
bf598954f7 r1198: Merge the Samba 3.0 ntlm_auth, including the kerberos and SPENGO parts.
I have moved the SPNEGO and Kerberos code into libcli/auth, and intend
to refactor them into the same format as NTLMSSP.

Andrew Bartlett
(This used to be commit 58da78a746)
2007-10-10 12:56:44 -05:00
Andrew Bartlett
9f38798509 r1129: Remove unused function.
Andrew Bartlett
(This used to be commit 4d23b9e039)
2007-10-10 12:56:39 -05:00
Andrew Bartlett
46c88d561f r1061: The start of the SamLogon call for the NETLOGON pipe.
Changes:

- Check for a valid 'pipe_state' in netr_ServerAuthenticate3 before
  we dereference it

- removes the expansionroom[7] in the netr_SamInfo* structs to 7
individual elements.
- renames netr_SamInfo -> netr_SamInfo2
          netr_SamInfo2 -> netr_SamInfo3
  - Having the thing we always called an 'info3' being 'netr_SamInfo2'
    was just too confusing.

- Expand and fill in extra details about users from the SAM, into
  the server_info, for processing into the SamLogon reply.

- Add a dum_sid_dup() function to duplicate a struct dom_sid

The SamLogon code currently does not return supplementary groups, and is
only tested with Samba4 smbtorture.

Andrew Bartlett
(This used to be commit 6c92563b79)
2007-10-10 12:56:35 -05:00
Andrew Tridgell
8087d844ef r995: - renamed many of our crypto routines to use the industry standard
names rather than our crazy naming scheme. So DES is now called
  des_crypt() rather than smbhash()

- added the code from the solution of the ADS crypto challenge that
  allows Samba to correctly handle a 128 bit session key in all of the
  netr_ServerAuthenticateX() varients. A huge thanks to Luke Howard
  from PADL for solving this one!

- restructured the server side rpc authentication to allow for other
  than NTLMSSP sign and seal. This commit just adds the structure, the
  next commit will add schannel server side support.

- added 128 bit session key support to our client side code, and
  testing against w2k3 with smbtorture. Works well.
(This used to be commit 729b2f41c9)
2007-10-10 12:56:25 -05:00
Andrew Tridgell
dfbf620129 r975: slight improvemet to nt_errstr(), still needs to be fixed properly
(getting rid of the static buffer)
(This used to be commit 86a6236c2a)
2007-10-10 12:56:24 -05:00
Stefan Metzmacher
770e3307ce r962: convert 'unsigned' and 'unsigned int' to uint_t
metze
(This used to be commit 57151e80eb)
2007-10-10 12:56:23 -05:00
Stefan Metzmacher
98d291423f r961: convert 'uchar' to 'uint8_t'
metze
(This used to be commit 9f914e4af9)
2007-10-10 12:56:23 -05:00
Stefan Metzmacher
fa2e9ec311 r960: convert 'unsigned int' to uint_t in the most places
metze
(This used to be commit 18062d2ed9)
2007-10-10 12:56:23 -05:00
Stefan Metzmacher
45e93c19ef r943: change samba4 to use 'uint8_t' instead of 'unsigned char'
metze
(This used to be commit b5378803fd)
2007-10-10 12:56:21 -05:00
Andrew Tridgell
8b3f08cefc r898: - remove some unused macros
- remove unused lib/smbpasswd.c

- don't set the pkt size twice when doing SMB signing
(This used to be commit 69a2942f79)
2007-10-10 12:56:18 -05:00
Stefan Metzmacher
fcd718c7d8 r890: convert samba4 to use [u]int8_t instead of [u]int8
metze
(This used to be commit 2986c5f08c)
2007-10-10 12:56:16 -05:00
Stefan Metzmacher
f88bf54c7f r889: convert samba4 to use [u]int16_t instead of [u]int16
metze
(This used to be commit af6f1f8a01)
2007-10-10 12:56:16 -05:00
Stefan Metzmacher
f9d8f8843d r884: convert samba4 to use [u]int32_t instead of [u]int32
metze
(This used to be commit 0e5517d937)
2007-10-10 12:56:15 -05:00
Andrew Bartlett
5b0ab386cb r874: This patch is a pile of work on NTLMSSP:
Samba's NTLMSSP code is now fully talloc based, which should go a long
way to cleaning up the memory leaks in this code.  This also avoids a
lot of extra copies of data, as we now allocate the 'return' blobs on
a caller-supplied context.

I have also been doing a lot of work towards NTLM2 signing and
sealing.  I have this working for sealing, but not for the verifier
(MD5 integrity check on the stream) which is still incorrect.

(I can aim a rpcecho sinkdata from a Win2k3 box to my server, and the
data arrives intact, but the signature check fails.  It does however
match the test values I have...).

The new torture test is cludged in - when we get a unit test suite
back, I'll happliy put it in the 'right' place....

Andrew Bartlett
(This used to be commit 399e2e2b11)
2007-10-10 12:56:14 -05:00
Andrew Tridgell
579c13da43 r873: converted samba4 to use real 64 bit integers instead of
structures. This was suggested by metze recently.

I checked on the build farm and all the machines we have support 64
bit ints, and support the LL suffix for 64 bit constants. I suspect
some won't support strtoll() and related functions, so we will
probably need replacements for those.
(This used to be commit 9a9244a1c6)
2007-10-10 12:56:14 -05:00
Andrew Tridgell
5767c10773 r718: removed some more unused code, and two source files
(This used to be commit a9768c25fd)
2007-10-10 12:53:44 -05:00
Andrew Bartlett
dce84ffd37 r610: - Merge the Samba3 'ntlm_auth --diagnostics' testsuite to Samba4.
- This required using NETLOGON_NEG_AUTH2_FLAGS for the
    SetupCredentials2 negotiation flags, which is what Samba3 does,
    because otherwise the server uses different crypto.
  - This tests the returned session keys, which we decrypt.

 - Update the Samba4 notion of a 'session key' to be a DATA_BLOB in
   most places.

 - Fix session key code to return NT_STATUS_NO_SESSION_KEY if none is
   available.

 - Remove a useless argument to SMBsesskeygen_ntv1

 - move netr_CredentialState from the .idl to the new credentials.h

Andrew Bartlett
(This used to be commit 44f8b5b53e)
2007-10-10 12:51:51 -05:00
Andrew Bartlett
d8bb3d81a6 r451: More NTLMSSP work.
The work here is trying to get the LM_KEY option for NLTMSSP
operating, however until that functions properly, it is now controlled
by some new smb.conf options, defaulting off.

Andrew Bartlett
(This used to be commit c63eb35b45)
2007-10-10 12:51:43 -05:00
Andrew Bartlett
9f084101dd r443: Update Samba4 to the auth and NTLMSSP code from Samba3.
Not all the auth code is merged - only those parts that are actually
being used in Samba4.

There is a lot more work to do in the NTLMSSP area, and I hope to
develop that work here.  There is a start on this here - splitting
NTLMSSP into two parts that my operate in an async fashion (before and
after the actual authentication)

Andrew Bartlett
(This used to be commit 5876c78806)
2007-10-10 12:51:42 -05:00
Andrew Tridgell
2b9fb9618a r324: - don't reseed on every password generate
- check for overflow (very unlikely) in random buffer generation
(This used to be commit 548ec1efef)
2007-10-10 12:51:32 -05:00
Andrew Tridgell
5f545543f0 r305: - added IDL and test code for samr_RidToSid()
- completed the IDL and test code for the various set user password
  mechanisms in samr. Three password mechanisms are now working, the
  UserInfo24 method, the OemChangePasswordUser2() method (which only
  sets the LM password) and the ChangePasswordUser2() method which sets
  both the LM and NT passwords.

- updated some crypto routines to support the password change tests
(This used to be commit 051efa2abf)
2007-10-10 12:51:19 -05:00
Andrew Tridgell
8fce9e3c54 r275: added IDL and test code for samr_QueryDisplayInfo3(),
samr_AddMultipleMembersToAlias(),
samr_RemoveMultipleMembersFromAlias(), samr_OemChangePasswordUser2(),
and samr_ChangePasswordUser2()

The password change functions don't actually work yet (but should
soon). At this stage I have just completed the IDL for them. Next step
is to get the hash verifiers right and the torture test should be able
to do password changes.
(This used to be commit 849d0d314a)
2007-10-10 12:51:19 -05:00
Andrew Tridgell
b9411f8aca r265: fixed a bug in the string to sid conversion code
(This used to be commit 117aa5cab7)
2007-10-10 12:51:18 -05:00
Andrew Tridgell
ac193579e7 r152: a quick airport commit ....
added ldbedit, a _really_ useful command

added ldbadd, ldbdel, ldbsearch and ldbmodify to build

solved lots of timezone issues, we now pass the torture tests with
client and server in different zones

fixed several build issues

I know this breaks the no-LDAP build. Wait till I arrive in San Jose for that
fix.
(This used to be commit af34710d4d)
2007-10-10 12:51:11 -05:00
Andrew Tridgell
984bfce2d9 r101: added lsa_SetSecret() and lsa_QuerySecret()
this required some crypto infrastructure and some sid utilities
(This used to be commit 37d0efa9c2)
2007-10-10 12:51:06 -05:00
Andrew Tridgell
b087ed4821 r23: get rid of def_finfo
(This used to be commit 25b7ec390a)
2007-10-10 12:50:33 -05:00
Tim Potter
4639eb5a58 Convert libcli routines to use cli_tree instead of cli_state. Port
smbtorture to use the new interface.

Part 2 will be to eliminate cli_state from smbtorture as this is now
the only place where it is used.
(This used to be commit db1cc96af6)
2004-02-08 00:51:07 +00:00
Andrew Tridgell
8b30b0071c * another small API change in the credentials code
* don't use static variables in the smbdes code
(This used to be commit e6e0906464)
2003-12-01 22:13:11 +00:00
Andrew Tridgell
b4b0177fdb added netr_ServerAuthenticate() and test code
I would like the netlogon test suite to eventually do a new domain
join using a fake workstation name, then remove itself afterwards, but
for now I'm assuming we are already joined to the domain when the
testsuite runs. This means you need to use the Samba3 net command to
do a join before running RPC-NETLOGON
(This used to be commit 8c7a9446a0)
2003-12-01 04:13:43 +00:00
Andrew Tridgell
7602aa50fd * got rid of UNISTR2 and everything that depends on it
* removed a bunch of code that needs to be rewritten using the new
    interfaces
(This used to be commit 9b02b486ef)
2003-12-01 00:17:30 +00:00
Andrew Tridgell
e0ac659917 signed DCERPC over TCP now works !
* moved ntlmssp code into libcli/auth/, and updated to latest ntlmssp
   code from samba3 (thanks Andrew! the new interface is great)

 * added signing/ntlmssp support in the dcerpc code

 * added a dcerpc_auth.c module for the various dcerpc auth mechanisms
(This used to be commit c18c9b5585)
2003-11-26 01:16:41 +00:00
Andrew Tridgell
d47d14f2ff reduced the number of magic types we need in mkproto.pl
In general I prefer "struct foo" to just "foo" for most
structures. There are exceptions.
(This used to be commit 04eb12b56c)
2003-11-23 01:53:54 +00:00
Andrew Tridgell
d285c6f14f * add another WERR err code
* use the top-level function argument printing to show more detail in
   RPC-* tests
(This used to be commit 33bb878562)
2003-11-17 11:55:56 +00:00
Andrew Tridgell
ef2e26c91b first public release of samba4 code
(This used to be commit b0510b5428)
2003-08-13 01:53:07 +00:00