IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
The potential previous lp_load of $HOME/.smb/smb.conf might have failed
halfway through and might have left globals initialized in an unwanted state.
So we should make sure to clean up before loading the dyn_CONFIGFILE()
the 'pdb' name is builtin to the passdb module loading code as a fixed
string. We need to call the subsystem pdb so that external passdb
modules end up in bin/modules/pdb/ where they can be found by the
Samba3 module loader
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
we should not merge ACEs with different flags (e.g. CI/OI/I/)
Otherwise ACLs get wrong entries and thus wrong semantics
Example:
ACL:BUILTIN\Users:ALLOWED/0x0/FULL
ACL:BUILTIN\Users:ALLOWED/I/READ
got merged to
ACL:BUILTIN\Users:ALLOWED/I/FULL
This is not the same and also leads to wrong displays
in the Windows ACL dialog
Autobuild-User: Christian Ambach <ambi@samba.org>
Autobuild-Date: Wed Jul 27 16:03:51 CEST 2011 on sn-devel-104
p->mem_ctx is a relatively long lived context as it will not be freed until
a full request is served. In spoolss we do a lot of operations including
opening new pipes to connect to winreg.
Use more shortlived temporary contexts to avoid leaking a lot of memory on
p->mem_ctx and carrying it around untill all the operations in the current call
are done.
Signed-off-by: Andreas Schneider <asn@samba.org>
In ancient times, when ctdb had not support for persistent databases and
tdb2 was introduced as a two-layer solution and it was more important than
today to be able to change the location of the permanent database file
because it had to reside on shared storage.
But these were times when idmap_tdb2 was not even officially released.
Nowadays, with ctdb handling the persistent idmap2.tdb database, the path
is stripped anyways, so this undocumented option has become unnecessary
and is hence removed.
Autobuild-User: Michael Adam <obnox@samba.org>
Autobuild-Date: Wed Jul 27 05:37:57 CEST 2011 on sn-devel-104
With this patch, "idmap config * : script" will override "idmap : script".
If "idmap : script" is present, a deprecation warning will be printed in any
case. If "idmap config * : script" is not set, then the value of "idmap :script"
will be used for backwards compatibility.
Two uses of the setup array are not being correctly byte-swapped to little
endian.
Autobuild-User: Jeremy Allison <jra@samba.org>
Autobuild-Date: Wed Jul 27 03:14:48 CEST 2011 on sn-devel-104
In cli_echo with more than one response we ended up with more than one read_smb
request. One from the call to cli_smb_req_set_pending called from
cli_smb_received. The other one from cli_smb_received itself. I don't really
see another way to deal with this than to hold the read_smb request in the
cli_state.
Metze, please check!
Volker
In CGI mode, we don't get access to the user's password, which would
reduce the hash used so far to parameters an attacker can easily guess.
To work around this, read the nonce from secrets.tdb or generate one if
it's not there.
Also populate the C_user field so we can use that for token creation.
Signed-off-by: Kai Blin <kai@samba.org>
Autobuild-User: Jeremy Allison <jra@samba.org>
Autobuild-Date: Tue Jul 26 23:33:24 CEST 2011 on sn-devel-104
Nobuhiro Tsuji of NTT DATA SECURITY CORPORATION reported a possible XSS attack
against SWAT, the Samba Web Administration Tool. The attack uses reflection to
insert arbitrary content into the "change password" page.
This patch fixes the reflection issue by not printing user-specified content on
the website anymore.
Signed-off-by: Kai Blin <kai@samba.org>
This prevents errors about it by 'make SYMBOLCHECK=1' if there is a
system ldb present.
Autobuild-User: Jelmer Vernooij <jelmer@samba.org>
Autobuild-Date: Tue Jul 26 18:21:48 CEST 2011 on sn-devel-104
when there is no share SD set, the default share SD that
is used e.g. for the output of sharesec -v defaults to a
value that is not equivalent to the desired FULL access.
This is a more or less a cosmetical follow-up for the patches
in Bug #8201 that makes them more consumeable by printing
FULL (that is what the user expects) instead of a bitmask
in hexadecimal form.
previous output:
REVISION:1
OWNER:(NULL SID)
GROUP:(NULL SID)
ACL:S-1-1-0:ALLOWED/0/0x101f01ff
with patch:
REVISION:1
OWNER:(NULL SID)
GROUP:(NULL SID)
ACL:S-1-1-0:ALLOWED/0/FULL
Autobuild-User: Christian Ambach <ambi@samba.org>
Autobuild-Date: Tue Jul 26 15:57:55 CEST 2011 on sn-devel-104
Winbind can't really cope with trusts that don't have a SID associated. This
happens with external MIT trusts for example. This filters them out when
sending the trust list from child to parent.
Autobuild-User: Volker Lendecke <vlendec@samba.org>
Autobuild-Date: Tue Jul 26 11:39:53 CEST 2011 on sn-devel-104
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User: Stefan Metzmacher <metze@samba.org>
Autobuild-Date: Sun Jul 24 19:01:47 CEST 2011 on sn-devel-104
All other auth modules code with being called with
auth_method->private_data being NULL, make the auth_server
module cope with this too.
Autobuild-User: Jeremy Allison <jra@samba.org>
Autobuild-Date: Sat Jul 23 02:55:01 CEST 2011 on sn-devel-104
msg_ctx was already passed to make_base_pipes_struct,
no need to set it again.
Autobuild-User: Simo Sorce <idra@samba.org>
Autobuild-Date: Fri Jul 22 00:47:28 CEST 2011 on sn-devel-104
If we got a connection, we don't need to check what
address family it uses.
metze
Autobuild-User: Stefan Metzmacher <metze@samba.org>
Autobuild-Date: Thu Jul 21 23:33:48 CEST 2011 on sn-devel-104
cli->called.name is never initialized, so this change doesn't change
the behavior. And this behavior seems to be correct, see
commit 29c0c37691
s4/libcli: do not use netbios name in NTLMv2 blobs w/o spnego.
metze
Avoid code duplication and fix bug where a new pipe was not added to
InternalPipes upon creation in make_server_pipes_struct()
Signed-off-by: Andreas Schneider <asn@samba.org>
Autobuild-User: Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date: Thu Jul 21 19:50:02 CEST 2011 on sn-devel-104
Put InternalPipes related functions in rpc_handles.c and out of rpc_ncacn_np.c
rpc_handles.c is the only file that really uses them after all and ncacn_np.c
is the wrong place for that stuff.
While ther remove unnecessary wrapper functions now that the InternalPipes
static variable is directly accessible.
Also move all pipes_struct related header stuff in its own rpc_pipes.h header.
Signed-off-by: Andreas Schneider <asn@samba.org>
the parameters to conf.CHECK_FUNCS_IN were in the wrong order
Autobuild-User: Christian Ambach <ambi@samba.org>
Autobuild-Date: Thu Jul 21 16:49:52 CEST 2011 on sn-devel-104
cli_read()
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User: Stefan Metzmacher <metze@samba.org>
Autobuild-Date: Wed Jul 20 23:22:09 CEST 2011 on sn-devel-104
We detect this function at configure time, but it currently fails to
operate the way we need - that is, when the principal is not
specified, it gives this error. When the principal is specified we
get 'wrong principal in request' in the GSS acceptor, so for now the
best option is to fall back to the alternate approach.
Andrew Bartlett
Autobuild-User: Andrew Bartlett <abartlet@samba.org>
Autobuild-Date: Wed Jul 20 06:35:05 CEST 2011 on sn-devel-104
We may not be able to obtain the full error string, so print what we can get.
This is required when the error is the the GSSAPI layer, not the mechanism.
Andrew Bartlett
All the callers allocate ->info3 as a talloc child already.
As regardes the TALLOC_ZERO(), I added this originally out of parinoia
many years ago. We do not consistantly zero session keys in memory,
and for NTLMv2 and Kerberos they are random for each sesssion, so
breaking into smbd far enough to read an old session key isn't a
particularly interesting attack, compared with (say) reading the
keytab or the password database. (NTLM and LM session keys are fixed
derivitives of the passwords however).
Andrew Bartlett
Instead, we base our guest calculations on the presence or absense of the
authenticated users group in the token, ensuring that we have only
one canonical source of this important piece of authorization data
Andrew Bartlett
Signed-off-by: Andrew Tridgell <tridge@samba.org>
These additional measures should help ensure we do not accidentily upgrade
a guest to an authenticated user in the future.
Andrew Bartlett
Signed-off-by: Andrew Tridgell <tridge@samba.org>
This will allow the source3 auth code to call this without needing to
double-parse the SIDs
Andrew Bartlett
Signed-off-by: Andrew Tridgell <tridge@samba.org>
This is not required any more now that they are the same structure,
and shows the value in having a common structure across the codebase.
In particular, now any additional state that needs to be added to the
auth_session_info will be transparently available across the named
pipe proxy, without a need to modify the mapping layer.
Andrew Bartlett
Signed-off-by: Andrew Tridgell <tridge@samba.org>
This patch finally has the same structure being used to describe the
authorization data of a user across the whole codebase.
This will allow of our session handling to be accomplished with common code.
Andrew Bartlett
Signed-off-by: Andrew Tridgell <tridge@samba.org>
This makes auth3_session_info identical to auth_session_info
The logic to convert the info3 to a struct auth_user_info is
essentially moved up the stack from the named pipe proxy in
source3/rpc_server to create_local_token().
Andrew Bartlett
Signed-off-by: Andrew Tridgell <tridge@samba.org>
This ensures that the exact same token is used on both sides of the
pipe, when a full token is passed (ie, source3 to source3, but not yet
source4 to to source3 as the unix info isn't calculated there yet).
If we do not have unix_token, we fall back to the old behaviour and go
via create_local_token(). (However, in this case the security_token
is now overwritten, as it is better to have it match the rest of the
session_info create_local_token() builds).
Andrew Bartlett
Signed-off-by: Andrew Tridgell <tridge@samba.org>
This allows us not the put all of these elements into the auth3_session_info
if they are only used as inputs to these functions.
Andrew Bartlett
Signed-off-by: Andrew Tridgell <tridge@samba.org>
The long term authorization state needs only the final, negotiated
session key, and not the original LM key that may possibly have been
an input.
The special case of the guest account simply needs both values filled
back in with the zeros to avoid changing behaviour in the cached
server_info.
Signed-off-by: Andrew Tridgell <tridge@samba.org>
This brings this structure one step closer to the struct auth_session_info.
A few SMB_ASSERT calls are added in some key places to ensure that
this pointer is initialised, to make tracing any bugs here easier in
future.
NOTE: Many of the users of this structure should be reviewed, as unix
and NT access checks are mixed in a way that should just be done using
the NT ACL. This patch has not changed this behaviour however.
Andrew Bartlett
Signed-off-by: Andrew Tridgell <tridge@samba.org>
This seperation between the structure used inside the auth modules and
in the wider codebase allows for a gradual migration from struct
auth_serversupplied_info -> struct auth_session_info (from auth.idl)
The idea here is that we keep a clear seperation between the structure
before and after the local groups, local user lookup and the session
key modifications have been processed, as the lack of this seperation
has caused issues in the past.
Andrew Bartlett
Signed-off-by: Andrew Tridgell <tridge@samba.org>
This will allow a gradual conversion of the required elements from the
current struct auth_serversupplied_info.
This commit adds the structure definition and some helper functions to
copy between the two structures.
At this stage these structures and functions are IDENTICAL to the
existing code, and so show the past history of that code. The plan is
to slowly modify them over the course of the patch series, so that the
changes being made a clear.
By using a seperate structure to auth_serversupplied_info we can
remove elements that are not needed after the authentication, and we
can choose a layout that best reflects the needs of runtime users,
rather than the internals of the authentication subsystem.
By eventually using the auth_session_info from auth.idl, we will gain
a single session authorization structure across the whole codebase,
allowing more code to be shared, and a much more transparent process
for forwarding authorization credentials over the named pipe proxy.
Andrew Bartlett
Signed-off-by: Andrew Tridgell <tridge@samba.org>
The implementation of copy_serverinfo(), used to copy server_info into
session_info never copied the nss_token variable, and so
17d8f0ad30 introduced this regression.
Andrew Bartlett
Signed-off-by: Andrew Tridgell <tridge@samba.org>
The --log-stdout option was compromised by the log file descriptors being
closed once the file process forked.
Andrew Bartlett
Signed-off-by: Andrew Tridgell <tridge@samba.org>
Re-add:
smb_ucs2_t toupper_w(smb_ucs2_t v);
and ensure it is called whenever we are operating on smb_ucs2_t
variables. I'd like to make the definition of smb_ucs2_t incompatible
with int and codepoint_t so they can't be mixed, but that's a patch
for another time.
Autobuild-User: Jeremy Allison <jra@samba.org>
Autobuild-Date: Tue Jul 19 23:48:05 CEST 2011 on sn-devel-104
