1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-28 07:21:54 +03:00
Commit Graph

117 Commits

Author SHA1 Message Date
Gerald Carter
d34f6bb969 r22852: merge fixes for CVE-2007-2446 and CVE-2007-2447 to all branches
(This used to be commit f65214be68)
2007-10-10 12:22:02 -05:00
Jeremy Allison
61f95f1f97 r22585: Get us into a consistent state with TALLOC_ZERO_ARRAY also.
Jeremy.
(This used to be commit c622fb8536)
2007-10-10 12:19:47 -05:00
Jeremy Allison
138668d5d2 r22577: Change all of parse/*.c to use standard form. Fix some
marshalling bugs.
Jeremy.
(This used to be commit 3df99006f8)
2007-10-10 12:19:46 -05:00
Günther Deschner
1f3b19d569 r18678: Fix the build. (never commit before breakfeast).
Guenther
(This used to be commit e1e9b57ce2)
2007-10-10 12:00:46 -05:00
Volker Lendecke
8cfb182bdb r17136: Fix alignment on lsaquery. This broke in particular level 6, where the client
tried to figure out which role we are.

Needs to go into 23a.

Thanks to Karolin for insisting and setting up the test case :-)

Volker
(This used to be commit 3482bb1ef5)
2007-10-10 11:38:14 -05:00
Jeremy Allison
fbdcf2663b r16945: Sync trunk -> 3.0 for 3.0.24 code. Still need
to do the upper layer directories but this is what
everyone is waiting for....

Jeremy.
(This used to be commit 9dafb7f48c)
2007-10-10 11:19:14 -05:00
Jeremy Allison
96a54e7d23 r16369: Klocwork #1035.
Jeremy.
(This used to be commit 6924d1cd44)
2007-10-10 11:18:49 -05:00
Jeremy Allison
9a38c05154 r15884: Fix bug #3803 from jason@ncac.gwu.edu - bad comparison.
Jeremy.
(This used to be commit 1d9dbe3b66)
2007-10-10 11:17:11 -05:00
Günther Deschner
655b04e4f8 r15041: Adding rpc client calls to manipulate auditing policies on remote CIFS
servers. Also add a new "net rpc audit" tool. The lsa query infolevels
were taken from samb4 IDL, the lsa policy flags and categories are
partly documented on msdn. I need to cleanup the double
lsa_query_info_policy{2}{_new} calls next.

Guenther
(This used to be commit 0fed66926f)
2007-10-10 11:15:59 -05:00
Jeremy Allison
4d9ad70060 r14774: Fix null deref coverity bugs #260, #261, #262.
Jeremy.
(This used to be commit 46e575af17)
2007-10-10 11:15:47 -05:00
Volker Lendecke
2a7601fcb4 r14134: Fix Coverity bug # 137
(This used to be commit 62e58d939b)
2007-10-10 11:15:13 -05:00
Jeremy Allison
8d5ef34aa3 r13521: Implement LOOKUPNAME3 and 4.
Jeremy.
(This used to be commit 6ec0e9124a)
2007-10-10 11:10:09 -05:00
Jeremy Allison
85160e654e r13458: Add parsing functions - but stub internals for lookupnames3 and 4.
Jeremy.
(This used to be commit f1a362580a)
2007-10-10 11:10:04 -05:00
Jeremy Allison
e22d38bdde r13455: Prepare to add lookupnames2.
Jeremy.
(This used to be commit 2274709587)
2007-10-10 11:10:04 -05:00
Jeremy Allison
06cf1e18e5 r13447: Added LSA_LOOKUPSIDS2 and LSA_LOOKUPSIDS3.
Jeremy.
(This used to be commit a164cfab42)
2007-10-10 11:10:03 -05:00
Gerald Carter
0af1500fc0 r13316: Let the carnage begin....
Sync with trunk as off r13315
(This used to be commit 17e63ac4ed)
2007-10-10 11:06:23 -05:00
Günther Deschner
1b624b69bd r11858: Fill in the clientside TRUSTED_DOMAIN_INFO_EX query.
Guenther
(This used to be commit 02f13dee6d)
2007-10-10 11:05:31 -05:00
James Peach
8c072021ef r9780: Clean up a bunch of compiler warnings.
(This used to be commit 623d2e6931)
2007-10-10 11:03:26 -05:00
Günther Deschner
4bc39f05b7 r7391: - Added client-support for various lsa_query_trust_dom_info-calls and a
rpcclient-tester for some info-levels.

  Jerry, I tried to adopt to prs_pointer() where possible and to not
  interfere with your work for usrmgr.

- Add "net rpc trustdom vampire"-tool.

  This allows to retrieve Interdomain Trust(ed)-Relationships from
  NT4-Servers including cleartext-passwords (still stored in the local
  secrets.tdb).

  The net-hook was done in cooperation with Lars Mueller
  <lmuelle@suse.de>.

  To vampire trusted domains simply call:

        net rpc trustdom vampire -S nt4dc -Uadmin%pass

Guenther
(This used to be commit 5125852939)
2007-10-10 10:57:07 -05:00
Gerald Carter
f24d88cf9d r7139: trying to reduce the number of diffs between trunk and 3.0; changing version to 3.0.20pre1
(This used to be commit 9727d05241)
2007-10-10 10:57:02 -05:00
Gerald Carter
b137b7cc47 r6228: remove BUFHDR2 and clean up LsaEnumTrustedDomains()
Tested client and server code.
(This used to be commit efb3ac4c69)
2007-10-10 10:56:30 -05:00
Gerald Carter
0aa89db947 r6071: * clean up UNISTR2_ARRAY ( really just an array of UNISTR4 + count )
* add some backwards compatibility to 'net rpc rights list'
* verify privilege name in 'net rpc rights privileges <name>' in order
  to give back better error messages.
(This used to be commit 0e29dc8aa3)
2007-10-10 10:56:20 -05:00
Gerald Carter
5d1cb8e79e r6014: rather large change set....
pulling back all recent rpc changes from trunk into
3.0.  I've tested a compile and so don't think I've missed
any files.  But if so, just mail me and I'll clean backup
in a couple of hours.

Changes include \winreg, \eventlog, \svcctl, and
general parse_misc.c updates.

I am planning on bracketing the event code with an
#ifdef ENABLE_EVENTLOG until I finish merging Marcin's
changes (very soon).
(This used to be commit 4e0ac63c36)
2007-10-10 10:56:15 -05:00
Gerald Carter
66df8431ec r5726: merge LsaLookupPrivValue() code from trunk
(This used to be commit 277203b535)
2007-10-10 10:55:57 -05:00
Volker Lendecke
c23c9bfd67 r5125: Fix bug 2113 -- thanks to jason@ncac.gwu.edu
(This used to be commit 0c205bcc86)
2007-10-10 10:55:28 -05:00
Gerald Carter
ff90927478 r4746: add server support for lsa_enum_acct_rights(); last checkin for the night
(This used to be commit ccdff4a998)
2007-10-10 10:53:54 -05:00
Gerald Carter
c727866172 r4742: add server support for lsa_add/remove_account_rights() and fix some parsing bugs related to that code
(This used to be commit 7bf1312287)
2007-10-10 10:53:53 -05:00
Gerald Carter
d94d87472c r4724: Add support for Windows privileges in Samba 3.0
(based on Simo's code in trunk).  Rewritten with the
following changes:

* privilege set is based on a 32-bit mask instead of strings
  (plans are to extend this to a 64 or 128-bit mask before
   the next 3.0.11preX release).
* Remove the privilege code from the passdb API
  (replication to come later)
* Only support the minimum amount of privileges that make
  sense.
* Rewrite the domain join checks to use the SeMachineAccountPrivilege
  instead of the 'is a member of "Domain Admins"?' check that started
  all this.

Still todo:

* Utilize the SePrintOperatorPrivilege in addition to the 'printer admin'
  parameter
* Utilize the SeAddUserPrivilege for adding users and groups
* Fix some of the hard coded _lsa_*() calls
* Start work on enough of SAM replication to get privileges from one
  Samba DC to another.
* Come up with some management tool for manipultaing privileges
  instead of user manager since it is buggy when run on a 2k client
  (haven't tried xp).  Works ok on NT4.
(This used to be commit 77c10ff9aa)
2007-10-10 10:53:51 -05:00
Jeremy Allison
acf9d61421 r4088: Get medieval on our ass about malloc.... :-). Take control of all our allocation
functions so we can funnel through some well known functions. Should help greatly with
malloc checking.
HEAD patch to follow.
Jeremy.
(This used to be commit 620f2e608f)
2007-10-10 10:53:32 -05:00
Gerald Carter
8ad3d8c9b0 r196: merging struct uuid from trunk
(This used to be commit 911a28361b)
2007-10-10 10:51:13 -05:00
Andrew Bartlett
614c18d24b rpc_client/cli_lsarpc.c:
rpc_parse/parse_lsa.c:
nsswitch/winbindd_rpc.c:
nsswitch/winbindd.h:
 - Add const

libads/ads_ldap.c:
 - Cleanup function for use

nsswitch/winbindd_ads.c:
 - Use new utility function ads_sid_to_dn
 - Don't search for 'dn=', rather call the ads_search_retry_dn()

nsswitch/winbindd_ads.c:
include/rpc_ds.h:
rpc_client/cli_ds.c:
 - Fixup braindamage in cli_ds_enum_domain_trusts():
    - This function was returning a UNISTR2 up to the caller, and
      was doing nasty (invalid, per valgrind) things with memcpy()
    - Create a new structure that represents this informaiton in a useful way
      and use talloc.

Andrew Bartlett
(This used to be commit 06c3f15aa1)
2004-01-05 02:04:37 +00:00
Jeremy Allison
764c03b9b8 Tut tut - always run with max warnings on gcc...
Jeremy.
(This used to be commit 3ebbd67dec)
2003-10-07 05:06:58 +00:00
Simo Sorce
b1f610ebb1 split some security related functions in their own files.
(no need to include all of smbd files to use some basic sec functions)

also minor compile fixes
couldn't compile to test these due to some kerberos problems wirh 3.0,
but on HEAD they're working well, so I suppose it's ok to commit
(This used to be commit c78f2d0bd1)
2003-10-06 01:38:46 +00:00
Jeremy Allison
d3b9384308 Fix for #480. Change the interface for init_unistr2 to not take a length
but a flags field. We were assuming that 2*strlen(mb_string) == length of ucs2-le string.
This is not the case. Count it after conversion.
Jeremy.
(This used to be commit f82c273a42)
2003-09-25 21:26:16 +00:00
Jim McDonough
8c64504f7c Update my copyrights according to my agreement with IBM
(This used to be commit a2bd8f0bfa)
2003-08-01 15:30:44 +00:00
Jeremy Allison
ead7ad7f80 Fix debug message merge.
Jeremy.
(This used to be commit d6f2316642)
2003-06-03 07:21:09 +00:00
Andrew Bartlett
e88eab35bc Merge from HEAD:
signed/unsigned (mostly i counters)

a little bit of const.

Andrew Bartlett
(This used to be commit 50f0ca752e)
2003-03-17 23:04:03 +00:00
Jeremy Allison
438b5c92d4 Merge tridge's client priv code from HEAD.
Jeremy
(This used to be commit 49739be1e2)
2003-01-29 02:24:12 +00:00
Jeremy Allison
734c6d8a51 Merging tridge's privillage client changes from HEAD.
Jeremy.
(This used to be commit 30a33920b4)
2003-01-28 21:09:56 +00:00
Gerald Carter
4242eda183 merging some rpcclient and net functionality from HEAD
(This used to be commit 7a4c874842)
2003-01-15 17:22:48 +00:00
Andrew Bartlett
634c54310c Merge from HEAD - make Samba compile with -Wwrite-strings without additional
warnings.  (Adds a lot of const).

Andrew Bartlett
(This used to be commit 3a7458f947)
2003-01-03 08:28:12 +00:00
Jelmer Vernooij
b2edf254ed sync 3.0 branch with head
(This used to be commit 3928578b52)
2002-08-17 17:00:51 +00:00
Andrew Tridgell
e90b652848 updated the 3.0 branch from the head branch - ready for alpha18
(This used to be commit 03ac082dcb)
2002-07-15 10:35:28 +00:00
Jeremy Allison
adc57a79d9 Fixed the handle leak in the connection management code (this code is crap
and should be rewritten, just not now... :-).
Jeremy.
(This used to be commit 5de792e7e9)
2002-04-04 02:39:57 +00:00
Tim Potter
cd68afe312 Removed version number from file header.
Changed "SMB/Netbios" to "SMB/CIFS" in file header.
(This used to be commit 6a58c9bd06)
2002-01-30 06:08:46 +00:00
Andrew Bartlett
ba8c1c6e45 Back out some of the less well thought out ideas from last weeks work on
winbind default domains, particulary now I understand whats going on a lot
better.  This ensures that the RPC client code does as little 'magic' as
possible - this is up to the application/user.  (Where - for to name->sid code
- it was all along).  This leaves the change that allows the sid->name code to
return domains and usernames in seperate paramaters.

Andrew Bartlett
(This used to be commit 5dfba2cf53)
2002-01-26 11:48:42 +00:00
Andrew Bartlett
33cf9ba4b7 We may as well not use these temporary variables - they are only used once and
just make it harder to debug (gcc stips optomises them away).
(This used to be commit 100d2705dd)
2002-01-26 09:58:11 +00:00
Andrew Bartlett
93a8358910 This patch makes the 'winbind use default domain' code interact better with
smbd, and also makes it much cleaner inside winbindd.

It is mostly my code, with a few changes and testing performed by Alexander
Bokovoy <a.bokovoy@sam-solutions.net>.  ab has tested it in security=domain and
security=ads, but more testing is always appricatiated.

The idea is that we no longer cart around a 'domain\user' string, we keep them
seperate until the last moment - when we push that string into a pwent on onto
the socket.

This removes the need to be constantly parsing that string - the domain prefix
is almost always already provided, (only a couple of functions actually changed
arguments in all this).

Some consequential changes to the RPC client code, to stop it concatonating the
two strings (it now passes them both back as params).

I havn't changed the cache code, however the usernames will no longer have a
double domain prefix in the key string.  The actual structures are unchanged
 - but the meaning of 'username' in the 'rid' will have changed.  (The cache is
invalidated at startup, so on-disk formats are not an issue here).

Andrew Bartlett
(This used to be commit e870f0e727)
2002-01-20 01:24:59 +00:00
Jean-François Micouleau
6e76486505 there is no unknown field in LSA_SEC_QOS
some cleanup of the lsa_open_policy and lsa_open_policy2 parser. the
length fields are not correct but that's what NT send. We don't anymore
underflow or overflow the decoding.

added the domain admins group to the default SD.

we are now checking the desired access flag in the lsa_open_policy_X()
calls and in most functions also.

        J.F.
(This used to be commit a217c4e4ff)
2001-12-17 23:03:23 +00:00
Andrew Tridgell
b6b84cf709 const religion
(This used to be commit 359ca8f246)
2001-12-03 08:16:51 +00:00