1
0
mirror of https://github.com/samba-team/samba.git synced 2025-01-11 05:18:09 +03:00
Commit Graph

3482 Commits

Author SHA1 Message Date
Volker Lendecke
6ee0d866c2 s3: Lift talloc_autofree_context() from make_auth_context_fixed() 2010-09-26 01:12:37 +02:00
Volker Lendecke
242e329610 s3: Lift talloc_autofree_context() from make_auth_context_subsystem() 2010-09-26 01:12:37 +02:00
Jeremy Allison
d8814b1a48 Fix bug 7694 - Crash bug with invalid SPNEGO token.
Found by the CodeNomicon test suites at the SNIA plugfest.

http://www.codenomicon.com/

If an invalid SPNEGO packet contains no OIDs we crash in the SMB1/SMB2 server
as we indirect the first returned value OIDs[0], which is returned as NULL.

Jeremy.
2010-09-23 21:44:24 -07:00
Simo Sorce
76f249fb44 s3-dcerps: check auth_type
make sure the auth type used throught the auth operation is consistent.

Signed-off-by: Günther Deschner <gd@samba.org>
2010-09-23 10:54:25 -07:00
Simo Sorce
b11fff1f48 s3-dcerpc: remove auth_data_free_func
Everything is using a talloc pointer now, no need to have an
accessor function to free data anymore.

Signed-off-by: Günther Deschner <gd@samba.org>
2010-09-23 10:54:24 -07:00
Simo Sorce
3453bc7b11 s3-dcerpc: make auth context opaque
This way we always double check in advance that the context
is of the right type with talloc_get_type_abort instead of
potentially accessing random memory by addressing the wrong
structure in the union.

Signed-off-by: Günther Deschner <gd@samba.org>
2010-09-23 10:54:24 -07:00
Simo Sorce
0ec3720573 srv_pipe: reorganize code so that related functions are close to each other
Signed-off-by: Günther Deschner <gd@samba.org>
2010-09-23 10:54:23 -07:00
Simo Sorce
d10e192b83 s3-dcerpc: finally remove the legaqcy spnego_type variable from pipe_auth_data
Signed-off-by: Günther Deschner <gd@samba.org>
2010-09-23 10:54:23 -07:00
Simo Sorce
b475cfd0b2 s3-dcerpc: use new spnego server code
Signed-off-by: Günther Deschner <gd@samba.org>
2010-09-23 10:54:23 -07:00
Simo Sorce
4cdee9b0ed s3-dcerpc: add spnego server helpers
squashed: add michlistMIC signature checks

Signed-off-by: Günther Deschner <gd@samba.org>
2010-09-23 10:54:23 -07:00
Simo Sorce
62d7226b78 s3-dcesrv: use gssapi helper in srv_pipe.c
Signed-off-by: Günther Deschner <gd@samba.org>
2010-09-23 10:54:22 -07:00
Simo Sorce
28c22d04fb s3-dcerpc: add server helpers for gssapi auth
Signed-off-by: Günther Deschner <gd@samba.org>
2010-09-23 10:54:19 -07:00
Simo Sorce
8efd31ccad s3-dcesrv: use ntlmssp helper in srv_pipe.c
Signed-off-by: Günther Deschner <gd@samba.org>
2010-09-23 10:53:46 -07:00
Simo Sorce
bbf535764b s3-dcerpc: add server helpers for ntlmssp auth
Signed-off-by: Günther Deschner <gd@samba.org>
2010-09-23 10:53:42 -07:00
Simo Sorce
4194383cfe gssapi: remove unused function argument
Signed-off-by: Günther Deschner <gd@samba.org>
2010-09-23 10:36:54 -07:00
Simo Sorce
412ebad02b gssapi: avoid explicit dependency on dcerpc specific structures
Signed-off-by: Günther Deschner <gd@samba.org>
2010-09-23 10:36:54 -07:00
Simo Sorce
0e5eb82a6f s3-dcerpc: move crypto stuff in /librpc/crypto
Signed-off-by: Günther Deschner <gd@samba.org>
2010-09-23 10:36:54 -07:00
Günther Deschner
a233c0c0d2 s3-lsa: Fix sid in DEBUG in_lsa_EnumAccountRights.
Andrew, you removed the sid_copy buit forgot the sid, please check.

Guenther
2010-09-21 21:00:32 -07:00
Michael Adam
4696cd6cbe s3:registry: move reg_api_regf prototypes to their own header file.
These two calls are currently only used in the WINREG rpc server.
And this reqires linking in the regfio code.
2010-09-21 08:52:06 +02:00
Michael Adam
b11cc30508 s3:registry: move the reg_api prototypes to their own header. 2010-09-21 08:52:06 +02:00
Michael Adam
e869af9e0e s3:rpc_server:ntsvcs: registry is not directly used an more. 2010-09-21 06:53:32 +02:00
Michael Adam
d760e543a1 s3:rpc_server:ntsvcs: use svcctl_lookup_dispname instead of legacy svcctl in _PNP_GetDeviceRegProp 2010-09-21 06:53:32 +02:00
Michael Adam
4cee4bbd02 s3:rpc_server: registry is not direclty used in the svcctl server any more 2010-09-21 06:53:31 +02:00
Michael Adam
3cab109754 s3:srv_ntsvcs_nt: make fill_svc_config() use svcctl_get_string_value()
instead of using legacy svcctl_fetch_regvalues()
2010-09-21 06:53:31 +02:00
Michael Adam
9bfd587358 s3:services_db: remove the TALLOC_CTX argument from svcctl_set_secdesc 2010-09-21 06:53:30 +02:00
Günther Deschner
102a70e809 s3-util: use shared dom_sid_dup.
Guenther
2010-09-20 14:05:07 -07:00
Günther Deschner
4dbd743e46 s3-util_sid: use shared dom_sid_compare_auth and dom_sid_equal_X functions.
Guenther
2010-09-20 14:04:37 -07:00
Michael Adam
0f7e503d21 s3:registry: move higher level function reg_open_path to new module reg_api_util
The reg_api.c code should just export functions that direclty relate to winreg
api calls.
2010-09-20 19:58:01 +02:00
Andrew Tridgell
dc59de5627 s4-netlogon: added IDL for netr_DsrUpdateReadOnlyServerDnsRecords
this is used by a RODC to do DNS updates, as TSIG updates are not
allowed by RODCs

Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-09-16 21:09:17 +10:00
Günther Deschner
33d05a85e5 s3-rpc_server: fix some uninitalized variables and c++ build warnings.
Guenther
2010-09-15 13:24:44 +02:00
Andreas Schneider
e580c6d88f s3-rpc_server: Use talloc_stackframe. 2010-09-15 12:53:43 +02:00
Simo Sorce
8ec7aaef48 s3-rpc_server: Moved ncacn_np declarations in common header file.
Signed-off-by: Andreas Schneider <asn@samba.org>
2010-09-15 12:53:42 +02:00
Simo Sorce
390642a9e6 s3-rpc_server: Moved "external" pipe functions to rpc_ncacn_np.c.
Signed-off-by: Andreas Schneider <asn@samba.org>
2010-09-15 12:53:42 +02:00
Andreas Schneider
34225c93af s3-rpc_server: Added new parametric option 'rpc_server'
Signed-off-by: Andreas Schneider <asn@samba.org>
2010-09-15 12:53:42 +02:00
Simo Sorce
738c843e99 s3-rpc_server: Renamed rpc_ncacn_np_internal.c.
Signed-off-by: Andreas Schneider <asn@samba.org>
2010-09-15 12:53:42 +02:00
Simo Sorce
5685914344 s3-rpc_server: Convert rpc_connect_spoolss_pipe into a generic interface.
This way we have one common way to open internal pipes whether they
are shortcircuited or piped to an external process.
2010-09-15 12:53:42 +02:00
Simo Sorce
344260d03e s3-rpc_server: Added support for internal connections to external daemons.
Signed-off-by: Andreas Schneider <asn@samba.org>
2010-09-15 12:53:42 +02:00
Simo Sorce
e7c4555b7c s3-rpc_server: Accept connections and process requests.
Signed-off-by: Andreas Schneider <asn@cynapses.org>
2010-09-15 12:53:42 +02:00
Simo Sorce
f7f9916dc7 s3-rpc_server: Added helper functions to read data from a ncacn socket.
Signed-off-by: Andreas Schneider <asn@cynapses.org>
2010-09-15 12:53:42 +02:00
Simo Sorce
a1f1da7226 s3-rpc_server: Addded function to create custom pipes_struct.
Signed-off-by: Andreas Schneider <asn@cynapses.org>
2010-09-15 12:53:41 +02:00
Simo Sorce
b1fdc5a704 s3-rpc_server: Add generic listener callback.
Signed-off-by: Andreas Schneider <asn@cynapses.org>
2010-09-15 12:53:41 +02:00
Simo Sorce
3c26e95840 s3-rpc_server: Added initial generic RPC server infrastructure.
Signed-off-by: Andreas Schneider <asn@cynapses.org>
2010-09-15 12:53:41 +02:00
Simo Sorce
11721874c3 s3-rpc_server: Added debug to see how much data has been read out.
Signed-off-by: Andreas Schneider <asn@cynapses.org>
2010-09-15 12:53:41 +02:00
Simo Sorce
5ccd7a56fa s3-rpc_server: Make process_incoming_data() public.
Signed-off-by: Andreas Schneider <asn@cynapses.org>
2010-09-15 12:53:41 +02:00
Simo Sorce
2ef693e3c8 s3-rpc_server: Make pipe destructor public.
Signed-off-by: Andreas Schneider <asn@cynapses.org>
2010-09-15 12:53:41 +02:00
Simo Sorce
3f04b54197 s3-rpc_server: Fixed unhandled error condition.
Signed-off-by: Andreas Schneider <asn@samba.org>
2010-09-15 12:53:40 +02:00
Andrew Bartlett
b733d9dee0 s3-samr Explian better the use of two privileges in this call
Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-11 18:46:13 +10:00
Andrew Bartlett
aefe60da8c s3-util_sid Tidy up global struct security_token
This no longer needs to be global, and should be const.  We now also
init it with the C99 style initialisers.

Andrew Bartlett

Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-11 18:46:12 +10:00
Andrew Bartlett
9883993b66 s3-privs Overhaul PRIVILEGE_SET handling, avoid dealing with the bitmap
This avoids us dealing with the privilege bitmap in the LSA server, and
overhauls much of the rest of the handling to be currnet with the modern
world of talloc.

Andrew Bartlett

Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-11 18:46:11 +10:00
Andrew Bartlett
ad5ec58a71 s3-privs Hide the bitmap-based grant_privilege and revoke_privilege
The new wrappers avoid anything but the core privileges code
dealing with the bitmap values directly.

Andrew Bartlett

Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-11 18:46:11 +10:00