1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-24 21:34:56 +03:00
Commit Graph

97 Commits

Author SHA1 Message Date
Andreas Schneider
acf605f595 s4:rpc_server: Use GnuTLS RC4 in lsa endpoint
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2019-06-27 12:54:24 +00:00
Volker Lendecke
fa6690e90c lsasrv: Use dom_sid_str_buf
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
2018-12-20 23:40:25 +01:00
Volker Lendecke
b0077bb059 rpc_server3: Use dom_sid_str_buf
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2018-12-11 00:40:31 +01:00
Andreas Schneider
cafe8ac965 s3:lsa: Add FALL_THROUGH statements in srv_lsa_nt.c
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2018-03-01 04:37:43 +01:00
Uri Simchoni
80b4b53fba s3-rpc-server: fix type of enum in lsa server
Signed-off-by: Uri Simchoni <uri@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2017-11-22 10:20:21 +01:00
Mathieu Parent
c315fce17e Fix various spelling errors
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>

Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Fri Nov  6 13:43:45 CET 2015 on sn-devel-104
2015-11-06 13:43:45 +01:00
Richard Sharpe
0dde2106bb Covert all uint32/16/8 to _t in source3/rpc_server.
This can be committed regardless of the state of the PIDL changes.

Signed-off-by: Richard Sharpe <rsharpe@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2015-05-15 19:31:24 +02:00
Stefan Metzmacher
df13bf7b05 s3:rpc_server/lsa: we need to normalize the trustAuth* blobs before storing them
The number of current and previous elements need to match and we have to
fill TRUST_AUTH_TYPE_NONE if needed.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
2015-03-30 13:41:25 +02:00
Stefan Metzmacher
f0a6935b1e s3:rpc_server/lsa: only return collision_info if filled in lsaRSetForestTrustInformation()
If there're no collisions we should not fill the collision_info pointer.

Otherwise Windows fails to create a forest trust.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>

Autobuild-User(master): Günther Deschner <gd@samba.org>
Autobuild-Date(master): Thu Mar 12 19:49:33 CET 2015 on sn-devel-104
2015-03-12 19:49:33 +01:00
Stefan Metzmacher
080db5f60a lsa.idl: improve idl for lsa_ForestTrust*Record*
The meaning of lsa_ForestTrustRecordFlags is based lsa_ForestTrustRecordType,
but the type is not always available so it's not possible to use an union.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
2015-03-12 17:13:44 +01:00
Günther Deschner
a62cc2ce44 samba: pass down size_t instead of int to add_string_to_array().
Guenther

Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>

Autobuild-User(master): Günther Deschner <gd@samba.org>
Autobuild-Date(master): Mon Nov 17 19:53:22 CET 2014 on sn-devel-104
2014-11-17 19:53:22 +01:00
Christof Schmitt
16594e7fc0 s3: Move init_lsa_ref_domain_list to lib
This will be used in the next patch in winbind.

Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
2014-09-29 10:52:47 +02:00
David Disseldorp
b82d436586 s3/rpc_server/lsa: replace dup_sec_desc() usage
Use security_descriptor_copy() instead, which is also provided by
libcli.

Signed-off-by: David Disseldorp <ddiss@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
2014-05-28 17:52:13 +02:00
Günther Deschner
e792a44c34 s3-lsa: Flesh out the returned info in _lsa_EnumTrustedDomainsEx().
Guenther
2012-09-28 22:44:08 +02:00
Andreas Schneider
d37643c204 s3-lsarpc: Enforce a secure connection for LookupSids3 and LookupNames4.
http://thread.gmane.org/gmane.network.protocol.cifs.general/291
2012-07-06 10:00:57 +02:00
Andreas Schneider
d1e829bbab s3-lsarpc: Restrict lsa_LookupNames4 to ncacn_ip_tcp connections.
See MS-LAT, Section 2.1 Transport.
2012-07-06 10:00:57 +02:00
Andreas Schneider
426cf362ed s3-lsarpc: Restrict lsa_LookupSids3 to ncacn_ip_tcp connections.
See MS-LAT, Section 2.1 Transport.
2012-07-06 10:00:57 +02:00
Andreas Schneider
bbf70e793c s3-lsarpc: Restrict the transport for ncacn_np functions.
See MS-LAT, section 2.1 Transport.
2012-07-06 10:00:57 +02:00
Andreas Schneider
fae6091f1d s3-rpc_server: Make it possible to use more rpc exceptions. 2012-07-06 10:00:56 +02:00
Jeremy Allison
76e2f29389 Fix more "set but not used" warnings. 2012-06-19 10:27:24 -07:00
Jeremy Allison
6f3e011f84 Fix bug #8873 - self granting privileges in security=ads.
Autobuild-User: Stefan Metzmacher <metze@samba.org>
Autobuild-Date: Tue May  1 01:04:46 CEST 2012 on sn-devel-104
2012-05-01 01:04:46 +02:00
Alexander Bokovoy
7d4ed89983 s3-rpc: Decrypt with the proper session key in CreateTrustedDomainEx2.
On LSA and SAMR pipes session_key is truncated to 16 byte when doing encryption/decryption.
However, this was not done for trusted domain-related modifying operations.

As result, Samba 4 client libraries do not work against Samba 3 while working
against Windows 2008 r2.

Solved this by introducing "session_extract_session_key()" function that allows to specify
intent of use of the key.

Signed-off-by: Andreas Schneider <asn@samba.org>

Autobuild-User: Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date: Tue Mar 13 12:23:44 CET 2012 on sn-devel-104
2012-03-13 12:23:44 +01:00
Andrew Bartlett
c9d929af8b s4-lsarpc handle more info levels in SetInfoTrustedDomain calls
This uses the very helpful conversion functions written for the s3 lsa server
and places these in common.

Andrew Bartlett
2011-12-12 12:57:07 +01:00
Volker Lendecke
26d736f1ff s3: Remove two unused variables
Autobuild-User: Volker Lendecke <vlendec@samba.org>
Autobuild-Date: Tue Nov  8 10:14:36 CET 2011 on sn-devel-104
2011-11-08 10:14:36 +01:00
Sumit Bose
f143c24fd0 s3-lsa: Let passdb backend handle the DOMAIN$ user
Signed-off-by: Günther Deschner <gd@samba.org>
2011-11-02 16:59:33 +01:00
Simo Sorce
995d156726 s3-group-mapping: Remove fstrings from GROUP_MAP.
Signed-off-by: Andreas Schneider <asn@samba.org>

Autobuild-User: Günther Deschner <gd@samba.org>
Autobuild-Date: Wed Oct 12 19:28:12 CEST 2011 on sn-devel-104
2011-10-12 19:28:12 +02:00
Sumit Bose
456aee80f5 s3-lsa: Add conversion for auth info structs
struct lsa_TrustDomainInfoAuthInfo and struct
trustAuthInOutBlob can store the same information for different usage. The added
routines can convert one struct into the other.

Signed-off-by: Günther Deschner <gd@samba.org>

Autobuild-User: Günther Deschner <gd@samba.org>
Autobuild-Date: Mon Sep 12 15:52:17 CEST 2011 on sn-devel-104
2011-09-12 15:52:17 +02:00
Sumit Bose
1473e64c7f s3-lsa: Add _lsa_SetInformationTrustedDomain() and related calls
The following LSA calls are added:
 - _lsa_SetInformationTrustedDomain()
 - _lsa_SetTrustedDomainInfo()
 -_lsa_SetTrustedDomainInfoByName()

Signed-off-by: Günther Deschner <gd@samba.org>
2011-08-31 12:55:23 +02:00
Sumit Bose
579cb3dd33 s3-lsa: Update _lsa_QueryTrustedDomainInfo()
Signed-off-by: Günther Deschner <gd@samba.org>
2011-08-31 12:53:57 +02:00
Sumit Bose
3e2711c7e0 s3-lsa: Fix access mapping in_lsa_OpenTrustedDomain_base()
Signed-off-by: Günther Deschner <gd@samba.org>
2011-08-31 11:34:25 +02:00
Sumit Bose
15c7a873c2 s3-lsa: Fix typo and use right pdb interface
Signed-off-by: Günther Deschner <gd@samba.org>
2011-08-31 11:34:25 +02:00
Günther Deschner
95e8f09f6e s3-lsa: Fix crypto prototypes.
Guenther

Autobuild-User: Günther Deschner <gd@samba.org>
Autobuild-Date: Mon Aug  1 00:18:34 CEST 2011 on sn-devel-104
2011-08-01 00:18:34 +02:00
Günther Deschner
6544bde277 s3-lsa: support secret objects in _lsa_QuerySecurity().
Guenther
2011-07-31 22:37:28 +02:00
Günther Deschner
1387095990 s3-lsa: support secret objects in _lsa_DeleteObject().
Guenther
2011-07-31 22:37:27 +02:00
Günther Deschner
caa0cc76b0 s3-lsa: implement _lsa_QuerySecret().
Guenther
2011-07-31 22:37:27 +02:00
Günther Deschner
eb88c7e61e s3-lsa: implement _lsa_SetSecret().
Guenther
2011-07-31 22:37:27 +02:00
Günther Deschner
d2d59ff3ee s3-lsa: implement _lsa_CreateSecret().
Guenther
2011-07-31 22:37:27 +02:00
Günther Deschner
7158e27724 s3-lsa: implement _lsa_OpenSecret().
Guenther
2011-07-31 22:37:27 +02:00
Günther Deschner
b0d9f620aa s3-lsa: add LSA_HANDLE_SECRET_TYPE.
Guenther
2011-07-31 22:37:26 +02:00
Günther Deschner
b98145edc9 s3-lsa: Fix _lsa_DeleteObject to handle trusted domain objects.
Guenther
2011-07-31 22:37:26 +02:00
Andrew Bartlett
6622821063 s3-auth Remove seperate guest boolean
Instead, we base our guest calculations on the presence or absense of the
authenticated users group in the token, ensuring that we have only
one canonical source of this important piece of authorization data

Andrew Bartlett

Signed-off-by: Andrew Tridgell <tridge@samba.org>
2011-07-20 09:17:14 +10:00
Andrew Bartlett
128ae06a61 s3-auth use auth_user_info not netr_SamInfo3 in auth3_session_info
This makes auth3_session_info identical to auth_session_info

The logic to convert the info3 to a struct auth_user_info is
essentially moved up the stack from the named pipe proxy in
source3/rpc_server to create_local_token().

Andrew Bartlett

Signed-off-by: Andrew Tridgell <tridge@samba.org>
2011-07-20 09:17:13 +10:00
Andrew Bartlett
e2049e77e4 s3-auth Use guest boolean in auth_user_info_unix
Signed-off-by: Andrew Tridgell <tridge@samba.org>
2011-07-20 09:17:11 +10:00
Andrew Bartlett
9289537993 s3-auth Use struct auth_user_info_unix for unix_name and sanitized_username
This is closer to the layout of struct auth_session_info in auth.idl

Andrew Bartlett

Signed-off-by: Andrew Tridgell <tridge@samba.org>
2011-07-20 09:17:11 +10:00
Andrew Bartlett
6d741e918f s3-auth Use *unix_token rather than utok in struct auth3_session_info
This brings this structure one step closer to the struct auth_session_info.

A few SMB_ASSERT calls are added in some key places to ensure that
this pointer is initialised, to make tracing any bugs here easier in
future.

NOTE: Many of the users of this structure should be reviewed, as unix
and NT access checks are mixed in a way that should just be done using
the NT ACL.  This patch has not changed this behaviour however.

Andrew Bartlett

Signed-off-by: Andrew Tridgell <tridge@samba.org>
2011-07-20 09:17:10 +10:00
Günther Deschner
ee1f25dc2a lsa: lsa_CreateTrustedDomainEx takes lsa_TrustDomainInfoAuthInfo, not
lsa_TrustDomainInfoAuthInfoInternal.

Guenther
2011-07-15 17:56:39 +02:00
Günther Deschner
3af3e4843f lsa: rename auth info argument in lsa_CreateTrustedDomainEx2
Guenther
2011-07-15 17:55:20 +02:00
Andrew Bartlett
5e26e94092 s3-talloc Change TALLOC_ZERO_ARRAY() to talloc_zero_array()
Using the standard macro makes it easier to move code into common, as
TALLOC_ZERO_ARRAY isn't standard talloc.
2011-06-09 12:40:08 +02:00
Andrew Bartlett
ad0a07c531 s3-talloc Change TALLOC_ZERO_P() to talloc_zero()
Using the standard macro makes it easier to move code into common, as
TALLOC_ZERO_P isn't standard talloc.
2011-06-09 12:40:08 +02:00
Andrew Bartlett
d5e6a47f06 s3-talloc Change TALLOC_P() to talloc()
Using the standard macro makes it easier to move code into common, as
TALLOC_P isn't standard talloc.
2011-06-09 12:40:08 +02:00