1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-24 21:34:56 +03:00
Commit Graph

470 Commits

Author SHA1 Message Date
Stefan Metzmacher
332f261bbf libcli/nbt: s/name_refresh_wins_handler/nbt_name_refresh_wins_handler
metze
2010-10-18 15:36:15 +00:00
Stefan Metzmacher
3ded1da8e9 libcli/nbt: s/refresh_wins_state/nbt_name_refresh_wins_state
metze
2010-10-18 15:36:15 +00:00
Stefan Metzmacher
e36e7295da libcli/nbt: move nbt_name_refresh_wins_send() to the top of all nbt_name_refresh_wins_* related code
metze
2010-10-18 15:36:15 +00:00
Stefan Metzmacher
72a8966499 libcli/util: add pipe related NT_STATUS_RPC_* codes
metze
2010-10-18 14:50:21 +02:00
Andrew Tridgell
40a6e019fd security: ensure the merge of libcli/security doesn't change s3 behaviour
Jeremy, you put a #if 0 around this logic in this commit:

  8344e945 (Jeremy Allison    2008-10-31 10:51:45 -0700 181)

is this still needed?

Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>

Autobuild-User: Andrew Tridgell <tridge@samba.org>
Autobuild-Date: Thu Oct 14 03:16:41 UTC 2010 on sn-devel-104
2010-10-14 03:16:41 +00:00
Andrew Bartlett
f7ffc12e2d libcli/security Use static SIDs rather than parsing from strings
This should make the security_token_is_*() calls a little faster.

Andrew Bartlett

Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-10-14 02:35:05 +00:00
Andrew Bartlett
a879a4610d libcli/auth Merge source4/libcli/security and util_sid.c into the common code
This should ensure we only have one copy of these core functions
in the tree.

Andrew Bartlett

Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-10-14 02:35:05 +00:00
Andrew Bartlett
8b22eefd25 libcli/security Define traditional constants in terms of IDL macros
The source3/ code uses these constants in a lot of places, and it will
take time and care to rename them, if that is desired.  Linking the
macros here will at least allow common code to use the IDL based macros,
and preserve a documentary link between the constants (other than just their value)

Andrew Bartlett

Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-10-14 02:35:05 +00:00
Andrew Bartlett
949541cc6f libcli/security Move source3/lib/util_seaccess.c into the common code
Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-10-14 02:35:05 +00:00
Andrew Bartlett
f768b32e37 libcli/security Provide a common, top level libcli/security/security.h
This will reduce the noise from merges of the rest of the
libcli/security code, without this commit changing what code
is actually used.

This includes (along with other security headers) dom_sid.h and
security_token.h

Andrew Bartlett

Autobuild-User: Andrew Bartlett <abartlet@samba.org>
Autobuild-Date: Tue Oct 12 05:54:10 UTC 2010 on sn-devel-104
2010-10-12 05:54:10 +00:00
Andrew Bartlett
0487ef0a70 libcli/security Add debug class to security_token_debug() et al
This will allow it to replace functions in source3 that use debug classes.

Andrew Bartlett
2010-10-12 02:54:16 +00:00
Andrew Bartlett
ae52f953af libcli/security Move most of security_token.c to common code.
The source4-specific session_info functions have been left in session.c

Andrew Bartlett
2010-10-12 02:54:16 +00:00
Jelmer Vernooij
2c9ebb7646 libsecurity-common: Add missing dependency on libndr. 2010-10-11 01:06:35 +02:00
Jelmer Vernooij
dc47e8dc52 libcli-auth: Remove unnecessary dependency on libsamba-hostconfig. 2010-10-11 01:06:35 +02:00
Jeremy Allison
b69bec03cc Add some const. Needed for my SD work.
Jeremy
2010-10-08 18:05:02 -07:00
Stefan Metzmacher
42d1a84a36 libcli/ldap: ldap_full_packet() requires at least 6 bytes
metze
2010-10-04 14:05:15 +00:00
Günther Deschner
0ff7e0c998 samba: share readline wrappers among all buildsystems.
Guenther
2010-10-01 22:30:22 +02:00
Stefan Metzmacher
9d4df79080 libcli/ldap: correctly marshall LDAP Unbind PDUs
metze
2010-09-27 08:24:35 +02:00
Stefan Metzmacher
95b56aabcb libcli/ldap: let ldap_full_packet() use asn1_peek_tag_needed_size()
This allows us to read a full packet without read byte after byte
or possible read to much.

metze
2010-09-26 06:45:40 +02:00
Stefan Metzmacher
e628bf1081 libcli/util: let tstream_read_pdu_blob_* cope with variable length headers
metze
2010-09-26 06:45:38 +02:00
Simo Sorce
678993470f libcli: fix compile warning
Signed-off-by: Günther Deschner <gd@samba.org>
2010-09-23 10:54:24 -07:00
Steven Danneman
bf1a4b2bc4 s4:libcli:smb2 Rename pending_id to async_id and make 64-bit
Match MS-SMB2 - 2.2.1.1   SMB2 Packet Header - ASYNC
2010-09-22 17:52:53 -07:00
Andrew Bartlett
ccbcffadb6 libcli/ldap Add const to ldap_encode_ndr_dom_sid()
Signed-off-by: Günther Deschner <gd@samba.org>
2010-09-20 15:06:30 -07:00
Günther Deschner
4006160179 libcli: add dom_sid_compare_domain()
Guenther
2010-09-20 14:03:13 -07:00
Kamen Mazdrashki
1fac1f0d28 werror: Add W_ERROR_HAVE_NO_MEMORY_AND_FREE() macro 2010-09-18 15:09:46 +03:00
Andrew Bartlett
6832d5e933 libcli/auth/ntlmssp Be clear about talloc parents for session keys
The previous API was not clear as to who owned the returned session key.
This fixes a valgrind-found use-after-free in the NTLMSSP key derivation code,
and avoids making allocations - we steal and zero instead.

Andrew Bartlett

Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-16 21:09:17 +10:00
Andrew Tridgell
5a0bb2234e cldap: prevent crashes when freeing cldap socket
As a callback may destroy the cldap socket we need to ensure we don't
reference the cldap structure after the callback

Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-09-15 15:39:36 +10:00
Andrew Tridgell
4ff452151a cldap: use ipv4 not up for unbound cldap sockets
If we use "ip" we end up with a PF_INET6 socket which breaks sendto()
for v4 addresses.
2010-09-15 15:39:35 +10:00
Andrew Tridgell
67ac8555b1 s4-auth: set the RODC bit for RODC schannel
When we are using SEC_CHAN_RODC we need to set the
NETLOGON_NEG_RODC_PASSTHROUGH bit in the negotiated flags in
ServerAuthenticate2

Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-09-15 15:39:34 +10:00
Jeremy Allison
55b315094e Fix string_to_sid() to allow non '\0' termination of the string - allows
string_to_sid() to be used in formatted strings like FOO/S-1-5-XXXX-YYYY/BAR.

Jeremy.
2010-09-14 14:48:50 -07:00
Andrew Bartlett
46f585e364 libcli/security Use sid_append_rid() in dom_sid_append_rid()
This ensures that the maximum number of sub-authorities is respected,
otherwise we may run off the end of the array.

Andrew Bartlett
2010-09-14 14:48:49 -07:00
Andrew Bartlett
51ecf79654 libcli/security Merge source3/ string_to_sid() to common code
The source3 code repsects the limit of a maximum of 15 subauths,
while the source4 code does not, creating a security issue as
we parse string-form SIDs from clients.

Andrew Bartlett
2010-09-14 14:48:49 -07:00
Volker Lendecke
8768f627dc ntlm_check: Fix some nonempty blank lines 2010-09-13 18:39:30 +02:00
Matthias Dieter Wallnöfer
b9b93b845c libcli/auth/schannel_state_tdb.c - fix includes
Otherwise we get a "declared inside parameter list" warning.
2010-09-11 12:53:21 +02:00
Andrew Bartlett
fdcadb5c3c libcli/privileges Fix comment 2010-09-11 18:46:13 +10:00
Andrew Bartlett
0eea8ecfe2 s4-privs Seperate rights and privileges
These are related, but slightly different concepts.  The biggest difference
is that rights are not enumerated as a system-wide list.

This moves the rights to security.idl due to dependencies.

Andrew Bartlett
2010-09-11 18:46:13 +10:00
Andrew Bartlett
ee943fb2bf libcli/security Remove unused SE_NONE define
Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-11 18:46:13 +10:00
Andrew Bartlett
eb6a0cc326 libcli/security Move 'private' privileges functions to another header
These functions work on the bitmap, and are only exposed because
the source3/ privileges storage uses the bitmap in account_policy.tdb

Andrew Bartlett

Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-11 18:46:13 +10:00
Andrew Bartlett
6d2b1ef71d libcli/security Remove 'always true' return from se_priv_put_all_privileges
Andrew Bartlett

Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-11 18:46:13 +10:00
Andrew Bartlett
eb84c7ac90 libcli/auth Failure to find the cached session key for SCHANNEL isn't level 0
This happens all the time, particularly now that we don't keep the
db around after a reboot.  Don't scare the admins with the level 0.

Andrew Bartlett

Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-11 18:46:12 +10:00
Andrew Tridgell
382e2b321b privileges: privilege luids are not all below 64
the ones brought across from s3 have higher values

Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-09-11 18:46:12 +10:00
Andrew Bartlett
a32cdadb7c libcli/security Make sec_privilege_from_index() return SEC_PRIV_INVALID on failure
This is clearer and more consistent than using a magic -1 return

Andrew Bartlett

Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-11 18:46:11 +10:00
Andrew Bartlett
0b41ef7895 libcli/security Remove unused declarations from privileges.h
Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-11 18:46:11 +10:00
Andrew Bartlett
71832a404e libcli/security Expose sec_privilege_mask()
Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-11 18:46:11 +10:00
Andrew Bartlett
6d78e11e17 libcli/security make sec_privilege_id() return SEC_PRIV_INVALID on failure.
Andrew Bartlett

Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-11 18:46:10 +10:00
Andrew Bartlett
8ff6bc2350 libcli/security Remove unused functions and constants.
All the callers to these functions have been removed or reworked.

Andrew Bartlett

Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-11 18:46:10 +10:00
Andrew Bartlett
a53a42ffb8 libcli/security Rename all privilege bitmaps constants
The idea here to to make it very clear how they differ from the
enumerated LUID values.

Andrew Bartlett

Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-11 18:46:10 +10:00
Andrew Bartlett
2bb7b827d6 libcli/security Remove luid_to_se_priv() and luid_to_privilege_name()
These functions duplicate other functions in the merged code.

Andrew Bartlett

Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-11 18:46:10 +10:00
Andrew Bartlett
aab0b557b9 libcli/security Improve dump of privileges: Just walk the table
This removes some logic recently added that was just too smart - it
is easier to just walk the table and do a bit match here.

Andrew Bartlett

Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-11 18:46:09 +10:00
Andrew Bartlett
0e2142a927 s3-privs Remove pointer indirection from se_priv_to_privilege_set()
Andrew Bartlett

Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-11 18:46:09 +10:00
Andrew Bartlett
cbd72ab93b libcli/security Don't export privs[] as a global variable
Instead, provide access functions for the LSA and net sam callers
for the information they need.

They still only enumerate the first 8 privileges that have traditionally
been exposed.

Andrew Bartlett

Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-11 18:46:08 +10:00
Andrew Bartlett
3c93d1ecbf libcli/security Merge privilege lists from source3 and source4
The LSA enumeration in source3 will not show the new privileges,
but otherwise, they are now in common, and can be set by name.

Andrew Bartlett

Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-11 18:46:08 +10:00
Andrew Bartlett
d2e41105e2 libcli/security Return number of entries in the old source3 list
This ensures there isn't a behaviour change when the source3 list is combined
with the longer source4 list.

Andrew Bartlett

Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-11 18:46:08 +10:00
Andrew Bartlett
eb8e3155de libcli/privileges Simplify get_privilege_luid() to return just the enum
As Samba only deals with the lower 32 bits of the LUID, just return those
and let the LSA layer deal with the upper 0 bits.

Andrew Bartlett

Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-11 18:46:08 +10:00
Andrew Bartlett
cdda15c062 libcli/security Don't memcpy a uint64_t value, just assign it.
Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-11 18:46:08 +10:00
Andrew Bartlett
780de03f00 libcli/security Use ARRAY_SIZE() consistantly.
This avoids the use of SE_END, and has all callers walking the
array using the same termination condition.

Andrew Bartlett

Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-11 18:46:08 +10:00
Andrew Bartlett
66ac968dd5 libcli/security Fix and clarify privilege manipulation function comments
Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-11 18:46:07 +10:00
Andrew Bartlett
9fb92c6014 libcli/security Make the two privileges tables share a common struct definition
Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-11 18:46:07 +10:00
Andrew Bartlett
dbee98d30f libcli/security Move source4/ privileges code into the common libcli/security
Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-11 18:46:07 +10:00
Andrew Bartlett
0d25212cc1 s3-privs Move manual prototypes to common privileges.h
Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-11 18:46:07 +10:00
Andrew Bartlett
b29b6c13a3 s3-privs Inline dump_se_priv into callers now that it's just a uint64_t
The previous 128 bit structure needed this helper function.

Andrew Bartlett

Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-11 18:46:07 +10:00
Andrew Bartlett
f85b822bd4 libcli/security Use talloc_realloc() not TALLOC_REALLOC_ARRAY()
Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-11 18:46:07 +10:00
Andrew Bartlett
3f589c2155 libcli/security Use C99 types
Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-11 18:46:07 +10:00
Andrew Bartlett
b0690d6da7 libcli/security Use true and false, not True and False
Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-11 18:46:06 +10:00
Andrew Bartlett
f20bba97d8 s3-privs Move source3/ privileges implmentation into common
Andrew Bartlett

Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-11 18:46:06 +10:00
Matthias Dieter Wallnöfer
5c33ef2758 s3/s4:libcli/tstream - add more "char *" casts in order to suppress Solaris warnings 2010-09-10 22:45:49 +02:00
Günther Deschner
fe30e35967 libcli/netlogon: add LOGON_REQUEST handling to pull_nbt_netlogon_response().
Guenther
2010-09-09 23:07:10 +02:00
Günther Deschner
9a1dbe04a8 libcli/netlogon: add LOGON_RESPONSE2 to pull_nbt_netlogon_response().
Guenther
2010-09-09 23:07:10 +02:00
Günther Deschner
daa948df2b libcli/netlogon: add NETLOGON_RESPONSE2 to push_nbt_netlogon_response().
Guenther
2010-09-09 23:07:10 +02:00
Matthias Dieter Wallnöfer
1991c2a8ee libcli/auth/ntlm_check.c - fix parameter indentation 2010-08-26 21:06:07 +02:00
Jelmer Vernooij
e260965929 manpages: Avoid using Samba-Team specific DTD, which requires net access
or modification of /etc/catalogs.
2010-08-26 04:04:37 +02:00
Günther Deschner
898c612335 s3-dcerpc: avoid talloc_move on schannel creds in cli_rpc_pipe_open_schannel_with_key().
Initially, the schannel creds were talloc memduped, then, during the netlogon
creds client merge (baf7274fed) they were first
talloc_referenced and then later (53765c81f7)
talloc_moved.

The issue with using talloc_move here is that users of that function in winbind
will only be able to have two schanneled connections, as the cached schannel
credentials pointer from the netlogon pipe will be set to NULL. Do a deep copy
of the struct instead.

Guenther
2010-08-24 02:04:27 +02:00
Matthias Dieter Wallnöfer
7ffae93762 werror.h - fix order and duplicate DS error codes 2010-08-14 19:41:46 +02:00
Günther Deschner
feb432292e ntlmssp: fix unitialized variable in ntlmssp_server_postauth().
Guenther
2010-08-12 16:28:10 +02:00
Volker Lendecke
f62756e8f0 Fix a typo 2010-08-12 08:07:50 +02:00
Andrew Bartlett
75adca63f2 libcli/auth Make the source3/ implementation of the NTLMSSP server common
This means that the core logic (but not the initialisation) of the
NTLMSSP server is in common, but uses different authentication backends.

Andrew Bartlett

Signed-off-by: Günther Deschner <gd@samba.org>
2010-08-10 16:22:04 +02:00
Günther Deschner
78fa58f8c3 libcli/auth/ntlmssp: remove outdated comment. The version flag is well understood now.
Guenther
2010-08-10 11:56:33 +02:00
Andrew Bartlett
1e83b36afb libcli/auth Move some source3/ NTLMSSP functions to the common code.
libcli/auth Use true and false rather than True and False in common code

Andrew Bartlett

Signed-off-by: Günther Deschner <gd@samba.org>
2010-08-10 11:56:33 +02:00
Andrew Tridgell
6b266b85cf s4-loadparm: 2nd half of lp_ to lpcfg_ conversion
this converts all callers that use the Samba4 loadparm lp_ calling
convention to use the lpcfg_ prefix.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
2010-07-16 18:24:27 +10:00
Günther Deschner
5f8678f34b libcli/netlogon: re-enable debugging.
Now that we do not share binary objects anymore, we can safely enable
debugging here again.

Guenther

This reverts commit 3eb122069b.
2010-07-16 02:37:51 +02:00
Günther Deschner
3f453f73a8 s3-libads: move spnego defines to their appropriate header file.
Guenther
2010-07-01 23:20:40 +02:00
Andreas Schneider
45fc728498 libcli: Fixed a build warning for a missing prototype. 2010-06-30 10:26:59 +02:00
Andrew Bartlett
c84b74dddd schannel Change to TDB_CLEAR_IF_FIRST to reduce fsync()
By making this DB TDB_NOSYNC, and by making that safe with
TDB_CLEAR_IF_FIRST, we greatly reduce the fsync() load on the server.

This particularly helps the source4/ 'make test', which otherwise tries
to disable fsync() in ldb.

Andrew Bartlett

Signed-off-by: Jeremy Allison <jra@samba.org>
2010-06-25 12:00:36 -07:00
Andrew Bartlett
825b2f456c libcli/auth make open_schannel_session_store() public
This will allow TDB_CLEAR_IF_FIRST to be used

Signed-off-by: Jeremy Allison <jra@samba.org>
2010-06-25 11:57:23 -07:00
Stefan Metzmacher
eb3ee7801f libcli/named_pipe_auth: fix error handling in _tstream_npa_connect_recv()
metze
2010-06-21 16:20:25 +02:00
Stefan Metzmacher
67a24fe933 libcli/named_pipe_auth: fix memory handling for temporary data
In a tevent_req based function tevent_req_create() should be the first
function! If it fails it's the only reason, why the function
could every return NULL.

And all temporary data belongs to 'state' and gets free'ed by
tevent_req_received() in the _recv function.

metze
2010-06-21 16:16:15 +02:00
Matthias Dieter Wallnöfer
276a1a7fec s3/s4 - remove "talloc_tos()" from common code since s4 doesn't support it
Please don't use this in common code parts until we change the policy regarding
it.
2010-06-21 12:35:51 +02:00
Brendan Powers
d3a99579f6 libcli: Fixed a segfault in security_acl_dup when the acl is NULL.
This can happen when duplicating a security descriptor that is missing either sacls or dacls.

Signed-off-by: Matthias Dieter Wallnöfer <mdw@samba.org>
2010-06-19 22:20:48 +02:00
Jeremy Allison
c705c35076 Fix warning messages about unused result of talloc_move. We're really talloc_steal'ing here. 2010-06-14 16:26:13 -07:00
Andrew Bartlett
d25e9ab9a1 named_pipe_auth Always lower case the incoming pipe name
Windows connects to an upper case NETLOGON pipe, and we can't find the
socket to connect to until we lower case the name.

Andrew Bartlett
2010-06-07 23:34:28 +10:00
Andrew Bartlett
fdc6db34ca s4:ntlmssp Use common code for ntlmssp_sign.c
The common code does not have a mem_ctx on ntlmssp_check_packet() and
ntlmssp_unseal_packet().

We do however need some internal working of the code exposed, so some
structures are moved to ntlmssp_sign.h

Andrew Bartlett
2010-06-01 17:11:24 +10:00
Andrew Bartlett
62708fbd1b s3:ntlmssp Move ntlmssp_sign.c from source3 to common code.
This needs a small re-arrangement of the supporting code.

Andrew Bartlett

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Günther Deschner <gd@samba.org>
2010-05-31 15:11:36 +02:00
Andrew Bartlett
ebae21f023 ntlmssp: Make the ntlmssp.h from source3/ a common header
The code is not yet in common, but I hope to fix that soon.

Andrew Bartlett

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Günther Deschner <gd@samba.org>
2010-05-31 15:10:56 +02:00
Günther Deschner
c00407bd35 libcli/nbt/lmhosts: fix missing prototype warning.
Andrew, please check.

Guenther
2010-05-31 11:25:24 +02:00
Simo Sorce
b7159e6ffd named_pipe_auth: implement tstream_npa_accept_existing_send/recv
Pair-programmed-with: Stefan Metzmacher <metze@samba.org>
2010-05-26 09:23:47 +02:00
Jeremy Allison
b2a7ad8c95 Make DFS work over SMB2.
Jeremy.
2010-05-21 16:56:10 -07:00
Jeremy Allison
2d46e07c47 Fix what looks like a cut-and-paste error in our read_negTokenInit() function.
We should never be calling asn1_push_XXX functions inside an asn1
reading function. Change asn1_push_tag() -> asn1_start_tag() and
asn1_pop_tag() -> asn1_end_tag(). This allows us to connect to a
NetApp filer at the Microsoft plugfest.

Andrew PLEASE CHECK !

Jeremy.
2010-05-20 14:50:16 -07:00
Jeremy Allison
b0d7a3d123 Thanks to Andrew Bartlett's advice, fix the NTLMSSP version problem the correct way.
No more magic blobs :-). Use ndr_push_struct_blob() to
push a properly formatted VERSION struct.

Jeremy.
2010-05-19 10:36:39 -07:00
Jelmer Vernooij
b8268cf7b0 s3: Remove use of iconv_convenience. 2010-05-18 11:45:31 +02:00
Jelmer Vernooij
f9ca9e46ad Finish removal of iconv_convenience in public API's. 2010-05-18 11:45:30 +02:00
Jelmer Vernooij
fc336590dc Remove the copy of ldb from Samba 3.
There were two utility functions that other parts of Samba 3
still relied on; they have been moved to lib/ldb_compat.[ch].
2010-05-06 11:34:30 +02:00
Stefan Metzmacher
21ec116bbf libcli/named_pipe_auth: we need to hide length of the message mode header from the caller
metze
2010-04-28 15:45:38 +02:00
Matthias Dieter Wallnöfer
eceffe6909 nbt: samlogon/netlogon structures - unify denominations 2010-04-27 18:45:41 +02:00
Günther Deschner
ee1b8e5ede registry: add some shared registry helper functions.
Guenther
2010-04-27 16:42:14 +02:00
Andrew Tridgell
211bf1ea17 s4-waf: removed the unused installdir= option to SAMBA_BINARY()
This was left over from the automatic conversion of the config.mk
files
2010-04-18 21:47:00 +10:00
Volker Lendecke
4d84dab21d libcli/auth: Fix an uninitialized variable
value.dptr was used uninitialized in the "goto done;"
2010-04-11 22:57:25 +02:00
Andrew Tridgell
b690fedef5 s4-waf: removed the AUTOGENERATED markers
we won't be using the mk -> wscript generator again
2010-04-06 20:27:16 +10:00
Andrew Tridgell
b0fb567f04 s4-waf: more dependencies on talloc
these are needed so we can support a system talloc without using the
bundled talloc.h
2010-04-06 20:27:13 +10:00
Andrew Tridgell
b9aa63887c s4-waf: cleanup use of LIBPOPT vs popt dependency 2010-04-06 20:27:13 +10:00
Andrew Tridgell
01682f797f s4-waf: fixed some deps now we don't auto-include tevent and replace
this is preparation for being able to use system versions of these
libraries
2010-04-06 20:27:12 +10:00
Andrew Tridgell
f9eae32f4b s4-waf: mark the wscript files as python so vim/emacs knows how to highlight them 2010-04-06 20:27:11 +10:00
Andrew Tridgell
aa5e08eb83 s4-waf: install the rest of the headers 2010-04-06 20:27:09 +10:00
Andrew Tridgell
844acb2260 build: waf quicktest nearly works
Rewrote wafsamba using a new dependency handling system, and started
adding the waf test code
2010-04-06 20:26:48 +10:00
Andrew Tridgell
845e0cbe6f build: commit all the waf build files in the tree 2010-04-06 20:26:48 +10:00
Matthias Dieter Wallnöfer
818fcfb813 libcli/nbt/dns_hosts_file.c - change "ULONG_MAX" into "UINT32_MAX"
This fits better since the variable which is tested is of type "uint32_t".
2010-03-30 19:08:57 +02:00
Volker Lendecke
c377a91373 Attempt to fix the build on AIX, that system seems to have a #define for s_type 2010-03-28 16:23:24 +02:00
Andrew Tridgell
fae84f98e3 libutil: moved the networking defines to util_net.h
These were causing thousands of warnings on solaris8
2010-03-26 17:36:02 +11:00
Günther Deschner
e7cc45cb14 error_codes: fix NT_STATUS_RPC_UNKNOWN_IF typo.
Metze, please check.

Guenther
2010-03-19 09:30:36 +01:00
Stefan Metzmacher
6a1f8e67eb libcli/util: add more NT_STATUS_RPC_* defines
metze
2010-03-18 14:25:57 +01:00
Matthias Dieter Wallnöfer
36175be5d4 libcli/auth/schannel_state_tdb.c - fix a memory leak 2010-03-16 17:11:47 +01:00
Andrew Bartlett
263d4b5c93 libcli/nbt Add parser for a 'hosts' file that takes DNS record types 2010-03-11 11:27:48 +11:00
Matthias Dieter Wallnöfer
1deefcaee1 libcli/auth/schannel_state_tdb.c - fix an obviously wrong error handling 2010-03-09 17:18:26 +01:00
Stefan Metzmacher
6eedba102b libcli/auth: add a const to des_crypt112_16()
metze
2010-03-05 14:06:18 +01:00
Karolin Seeger
340797f3fa Fix typo in comments. 2010-03-03 16:03:13 +01:00
Michael Adam
f37030b33a libcli/security: fix sddl.c to be able to build it from source3 2010-03-03 09:16:34 +01:00
Michael Adam
15b60a7e3f s4:move the sddl code down to the top level
Michael
2010-03-03 09:16:34 +01:00
Stefan Metzmacher
d671b80cf5 libcli/auth: print the error in the debug message
metze
2010-02-26 10:43:46 +01:00
Simo Sorce
805f7507e2 s4:cleanup remove unused schannel ldb code 2010-02-23 12:46:51 -05:00
Simo Sorce
1203de99b1 s4:schannel merge code with s3
After looking at the s4 side of the (s)channel :) I found out that it makes
more sense to simply make it use the tdb based code than redo the same changes
done to s3 to simplify the interface.

Ldb is slow, to the point it needs haks to pre-open the db to speed it up, yet
that does not solve the lookup speed, with ldb it is always going to be slower.

Looking through the history it is evident that the schannel database doesn't
really need greate expanadability. And lookups are always done with a single
Key. This seem a perfet fit for tdb while ldb looks unnecessarily complicated.

The schannel database is not really a persistent one. It can be discared during
an upgrade without causing any real issue. all it contains is temproary session
data.
2010-02-23 12:46:50 -05:00
Simo Sorce
1d0938c629 schannel_tdb: make code compilable in both trees 2010-02-23 12:46:50 -05:00
Simo Sorce
3b12c38ac0 s3:schannel streamline interface
Make calling schannel much easier by removing the need to explicitly open the
database. Let the abstraction do it instead.
2010-02-23 12:46:50 -05:00
Simo Sorce
e5ab64a799 s3:schannel fix memory hierarchy
passing mem_ctx was causing creds->sid to be allocated on mem_ctx and not be
child of creds as expected. When later in schannel_check_creds_state() we
stole the creds on a different memory context the sid was left behind and the
memory it points to freed when the temporary context was freed.
2010-02-23 12:46:50 -05:00
Simo Sorce
bb9014d5cb schannel: merge header files
One almost empty header file was simply including another not included by
anything else. Just merge them together.
2010-02-23 12:46:50 -05:00
Simo Sorce
8e2f5fe7c5 s4:schannel more readable check logic
Make the initial schannel check logic more understandable.
Make it easy to define different policies depending on the caller's
security requirements (Integrity/Privacy/Both/None)

This is the same change applied to s3
2010-02-23 12:46:50 -05:00
Simo Sorce
b4c9dc3724 s3:schannel more readable check logic
Make the initial schannel check logic more understandable.
Make it easy to define different policies depending on ther caller's security
requirements (Integrity/Privacy/Both/None)
2010-02-23 12:46:50 -05:00
Andreas Schneider
975a7a3d1b tstream: Added a typedef for the function prototype. 2010-02-23 13:48:22 +01:00
Andrew Tridgell
76a7382346 lib: use TYPESAFE_QSORT() in lib/ and libcli/ 2010-02-14 18:44:20 +11:00
Andrew Tridgell
6b01ca95a8 nbt: don't reference the event_ctx in nbtsock
This causes talloc_free with references errors
2010-02-08 11:04:59 +11:00
Matt Kraai
aa6a507e76 Change uint_t to unsigned int in libcli
Signed-off-by: Stefan Metzmacher <metze@samba.org>
2010-02-02 07:18:17 +01:00
Stefan Metzmacher
e37dc56e97 libcli/nbt: fix ndr_push_nbt_string() string labels with a length of 63 (0x3F) are allowed
metze
2010-02-01 15:23:32 +01:00
Matthias Dieter Wallnöfer
dfd93fc7e3 s4:libcli/util/tstream.c - Need to include "system/network.h"
Otherwise I don't get "struct iovec" through "<sys/uio.h>" on CentOS 4.
2010-01-29 20:01:34 +01:00
Stefan Metzmacher
6442b0fcc1 libcli/nbt: fix off-by-one bug in ndr_pull_wrepl_nbt_name()
The scope starts at byte 17 with index 16.

metze
2010-01-29 15:55:11 +01:00
Stefan Metzmacher
c50a17cc8d libcli/nbt: fix ndr_pull/push_wrepl_nbt_name()
[MS-WINSRA] — v20091104 was wrong
regarding section "2.2.10.1 Name Record"

If the name buffer is already 4 byte aligned
Windows (at least 2003 SP1 and 2008) add 4 extra
bytes. This can happen when the name has a scope.

metze
2010-01-29 15:55:10 +01:00
Volker Lendecke
005bbd0826 Revert "libcli/security: Remove a call to strncasecmp"
This reverts commit 7c687665ea.
2010-01-25 16:45:32 +01:00
Volker Lendecke
d86d5be636 Revert "libcli/security: Convert some strtol calls to strtoul"
This reverts commit 7fe66e06c4.
2010-01-25 16:45:32 +01:00
Volker Lendecke
fa47dbb57a Revert "libcli/security: Fix a valgrind error in dom_sid_parse"
This reverts commit f1c889a4e6.
2010-01-25 16:45:31 +01:00
Volker Lendecke
a53a8ec452 Revert "libcli/security: Prohibit SID formats like S-1-5-32-+545"
This reverts commit 1fbeae4165.

Apparently this breaks the build of Samba4
2010-01-25 12:40:51 +01:00
Volker Lendecke
1fbeae4165 libcli/security: Prohibit SID formats like S-1-5-32-+545 2010-01-23 16:28:11 +01:00
Volker Lendecke
f1c889a4e6 libcli/security: Fix a valgrind error in dom_sid_parse 2010-01-23 16:28:11 +01:00
Volker Lendecke
7fe66e06c4 libcli/security: Convert some strtol calls to strtoul
This tightens the dom_sid_parse syntax check a bit: "--" would have been
allowed in sid string
2010-01-23 16:28:11 +01:00
Volker Lendecke
7c687665ea libcli/security: Remove a call to strncasecmp 2010-01-23 16:28:11 +01:00
Stefan Metzmacher
bbaec01b37 libcli/util: add tstream_read_pdu_blob_send/recv
This will take the some full_request callback function
as the Samba4 packet code.

metze
2010-01-08 14:36:43 +01:00
Volker Lendecke
be05d71b9e Simplify E_md5hash a bit 2010-01-07 11:07:55 +01:00
Andrew Bartlett
ba2cfceb96 libcli/auth Make gd's NDR NTLMSSP parsers helpers common
(but not built in Samba4 for now)
2009-12-22 21:07:51 +01:00
Andrew Tridgell
f9302f9e08 ldap: give a debug error when we don't know a control
This interface should really have a proper error interface, but at
least a DEBUG() gives the user a chance of finding the error

Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2009-12-16 20:56:23 +11:00
Andrew Tridgell
1b20002cc2 libcli: use GUID_to_ndr_blob() 2009-12-10 17:51:28 +11:00
Andrew Tridgell
6eb262f0e8 libcli: allow ntstatus.h to be used by openchange
apparently ntstatus.h is used by openchange, but they don't include
replace.h. This makes that possible again.
2009-11-25 15:30:20 +11:00
Andrew Bartlett
b5ce97511a libcli/nbt Move more of lmhosts lookup into common code
This aims to eventually share this with Samba4.

Andrew Bartlett
2009-11-04 14:58:25 +11:00
Stefan Metzmacher
dc8e681755 libcli/auth: initialize creds in netlogon_creds_client_init_session_key()
metze
2009-10-24 11:59:15 +02:00
Stefan Metzmacher
f2da9c8c1a libcli/auth: fix memory leak in schannel_creds_server_step_check_ldb()
metze
2009-10-24 11:59:14 +02:00
Stefan Metzmacher
5ae1d700eb libcli/auth: don't leak the ldb_msg in schannel_store_session_key_ldb()
metze
2009-10-24 11:59:13 +02:00
Andrew Tridgell
3050f83288 s4-python: we need to include Python.h first
If we don't include Python.h first then we get a pile of warnings due
to broken redefines of XOPEN_SOURCE in the Python includes.
2009-10-23 16:23:01 +11:00
Andrew Tridgell
b6a1beb131 added NT_STATUS_NOT_OK_RETURN_AND_FREE()
Try to make it a bit easier to avoid leaks in common code
2009-10-17 13:01:02 +11:00
Matthias Dieter Wallnöfer
19302db6cb s3/s4 common: fix up header file 2009-10-04 20:18:28 +02:00
Kamen Mazdrashki
1f2490e7d8 w32err: Importing auto-generated Win32 errors and descriptions
Error codes and their descriptions are generated
using w32err_code.py script.
Error are downloaded from MS site:
http://msdn.microsoft.com/en-us/library/cc231199%28PROT.10%29.aspx

Signed-off-by: Anatoliy Atanasov <anatoliy.atanasov@postpath.com>
2009-09-30 15:48:41 +03:00
Kamen Mazdrashki
0e1840b84a w32err: WERR_GROUP_NOT_FOUND renamed to WERR_GROUPNOTFOUND
In Win 32 we have
NERR_GroupNotFound which maps to WERR_GROUP_NOT_FOUND currently
and we have
ERROR_GROUP_NOT_FOUND which maps to nothing, so it is to be added

Signed-off-by: Anatoliy Atanasov <anatoliy.atanasov@postpath.com>
2009-09-30 15:48:41 +03:00
Kamen Mazdrashki
948cd70bad w32err: WERR_USER_EXISTS replace with WERR_USEREXISTS name
In Win32 we have
NERR_UserExists which maps to WERR_USER_EXISTS currently
and there is
ERROR_USER_EXISTS which maps to WERR_USER_ALREADY_EXISTS

Signed-off-by: Anatoliy Atanasov <anatoliy.atanasov@postpath.com>
2009-09-30 15:48:40 +03:00
Kamen Mazdrashki
d9994a604b w32err: WERR_DC_NOT_FOUND replaced with WERR_DCNOTFOUND
It turns out in win32 ERROR_DC_NOT_FOUND exists and it is
an error for Device Context (DC), not Domain Controller

Signed-off-by: Anatoliy Atanasov <anatoliy.atanasov@postpath.com>
2009-09-30 15:48:40 +03:00
Kamen Mazdrashki
0e64fcb18f w32err: FRS_ group of errors replaced with numeric values
Signed-off-by: Anatoliy Atanasov <anatoliy.atanasov@postpath.com>
2009-09-30 15:48:40 +03:00
Kamen Mazdrashki
e669113900 w32err: WERR_DOMAIN_CONTROLLER_NOT_FOUND error value fixed
Signed-off-by: Anatoliy Atanasov <anatoliy.atanasov@postpath.com>
2009-09-30 15:48:40 +03:00
Nadezhda Ivanova
6283f2caaa Initial implementation of security descriptor creation in DS
TODO's:
ACE sorting and clarifying the inheritance of object specific ace's.
2009-09-20 15:16:17 -07:00
Andrew Bartlett
59bea84362 libcli:nbt move prototypes of lmhosts functions to libnbt.h 2009-09-19 14:34:16 -07:00
Stefan Metzmacher
825484ee6d libcli/named_pipe_auth: pass gssapi delegated credentials through the named pipe
metze
2009-09-18 20:34:42 +02:00
Andrew Tridgell
ec422edab5 util: use likely/unlikely for NT_STATUS_* macros 2009-09-17 21:52:24 -07:00
Kouhei Sutou
f8dae40fc8 spnego: Support ASN.1 BIT STRING and use it in SPNEGO.
Signed-off-by: Günther Deschner <gd@samba.org>
2009-09-17 20:10:54 +02:00
Kamen Mazdrashki
8bebce45d3 w32err: Set hex format values for all errors
Signed-off-by: Günther Deschner <gd@samba.org>
2009-09-17 07:18:46 +02:00
Kamen Mazdrashki
3f835eb947 w32err: Re-define errors with numeric values
Signed-off-by: Günther Deschner <gd@samba.org>
2009-09-17 07:18:41 +02:00
Kamen Mazdrashki
91d3d3c6a2 w32err: Sorting error codes in ascending order
Signed-off-by: Günther Deschner <gd@samba.org>
2009-09-17 07:18:36 +02:00
Kamen Mazdrashki
fc1ac736d6 w32err: NERR_ codes grouped together
Signed-off-by: Günther Deschner <gd@samba.org>
2009-09-17 07:18:31 +02:00
Kamen Mazdrashki
1cfac63fa4 w32err: WERR_CLASS_NOT_REGISTERED updated
Error code move to COM/OLE group.
Error value changed to as REGDB_E_CLASSNOTREG in Windows

Signed-off-by: Günther Deschner <gd@samba.org>
2009-09-17 07:18:29 +02:00
Günther Deschner
43e198c188 spnego: add spnego_proto.h.
Guenther
2009-09-17 01:39:12 +02:00
Günther Deschner
503d035814 spnego: share spnego_parse.
Guenther
2009-09-17 01:12:20 +02:00
Günther Deschner
83023462f9 libcli/auth: remove trailing whitespace.
Guenther
2009-09-16 18:00:16 +02:00
Nadezhda Ivanova
d70e171719 Owner and group defaulting.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
2009-09-16 07:52:05 -07:00
Stefan Metzmacher
033ced60ac libcli/auth: rewrite schannel sign/seal code to be more generic
This prepares support for HMAC-SHA256/AES.

metze
2009-09-16 12:29:06 +02:00
Günther Deschner
5b86a0ac01 schannel: remove last traces of gensec.
Guenther
2009-09-16 03:23:05 +02:00
Günther Deschner
799f8d7e13 schannel: fully share schannel sign/seal between s3 and 4.
Guenther
2009-09-16 01:55:06 +02:00
Günther Deschner
f3979b50a9 schannel: move schannel_sign to main directory.
Guenther
2009-09-16 01:54:59 +02:00
Andrew Bartlett
5a01071692 libcli:nbt put util_net.c protos in new header file
This fixed a very odd build problem due to util.h importing
system/network.h being imported before the uid_wapper code.

Andrew Bartlett
2009-09-15 10:38:53 -07:00
Andrew Bartlett
668470c992 libcli:nbt make the lmhosts parsing code and dependicies common
This starts the process to have Samba4 use lmhosts.

Andrew Bartlett
2009-09-15 07:42:54 -07:00
Günther Deschner
cac5e64c00 s3-errors: add NT_STATUS_RPC_NT_PROCNUM_OUT_OF_RANGE.
Guenther
2009-09-11 02:58:34 +02:00
Andrew Tridgell
2ff4764f8f libcli: added a drsuapi attribute encryption function 2009-09-10 17:42:13 +10:00
Andrew Bartlett
5283ad11bd libcli:drsuapi Add function to encrypt data for transport over DRSUAPI
This is for the server side of the GetNCChanges call.

Andrew Bartlett
2009-09-10 15:50:32 +10:00
Günther Deschner
5f2ec4b202 s3-nterr: add NT_STATUS_RPC_NT_CALL_FAILED.
Guenther
2009-09-08 23:21:14 +02:00
Günther Deschner
2287849074 s4: fix the build after ntlmssp header change.
Guenther
2009-08-28 11:37:44 +02:00
Günther Deschner
b7a5e7a5d6 libcli/auth: remove unused NTLMSSP_NAME_TYPE_ flags.
Guenther
2009-08-28 10:09:19 +02:00
Stefan Metzmacher
8d58472706 libcli/auth: add netlogon_creds_step_crypt() and netlogon_creds_first_step()
This abstracts the usage of crypto functions instead of directly calling
des_crypt112().

metze

Signed-off-by: Günther Deschner <gd@samba.org>
2009-08-27 15:55:20 +02:00
Stefan Metzmacher
a69d8ab35c libcli/auth: remove some useless lines
metze

Signed-off-by: Günther Deschner <gd@samba.org>
2009-08-27 15:55:20 +02:00
Stefan Metzmacher
e115cb5cb1 libcli/auth: remember schannel type in netlogon_creds_server_init()
metze

Signed-off-by: Günther Deschner <gd@samba.org>
2009-08-27 15:55:20 +02:00
Günther Deschner
04310cc1c5 libcli/auth: add tdb backend for schannel state.
Guenther
2009-08-27 15:55:19 +02:00