1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-23 17:34:34 +03:00
Commit Graph

98 Commits

Author SHA1 Message Date
Volker Lendecke
e14a5a9167 r4376: Implement samr_AddAliasMember, samr_DeleteAliasMember and
samr_GetMembersInAlias.

Volker
(This used to be commit 78802720ae)
2007-10-10 13:07:40 -05:00
Volker Lendecke
2333ea56f3 r4375: Implement samr_OpenAlias, samr_QueryAliasInfo and samr_SetAliasInfo. Fix IDL
for samr_SetAliasInfo.

Volker
(This used to be commit d70e237190)
2007-10-10 13:07:39 -05:00
Volker Lendecke
296c0d8eac r4374: Follow metzes hint, change LookupRids a bit
(This used to be commit b8fa5b9419)
2007-10-10 13:07:39 -05:00
Volker Lendecke
f0d3e9de7e r4372: Implement samr_LookupRids
(This used to be commit 1bab3254f6)
2007-10-10 13:07:39 -05:00
Volker Lendecke
77529ae792 r4367: Implement samr_AddGroupMember, samr_DeleteGroupMember and
samr_QueryGroupMember.

Volker
(This used to be commit 43581c3711)
2007-10-10 13:07:39 -05:00
Volker Lendecke
e4b8399af6 r4344: Unify memory handling in dcerpc_samr.c a bit
(This used to be commit 79ec28ade8)
2007-10-10 13:07:36 -05:00
Volker Lendecke
61b1620fc4 r4335: Fix some potential memleaks, implement CreateDomAlias. Hmmmm. Isn't there
enough stuff to do in 3_0??? ;-)

Volker
(This used to be commit c0fa7a92d9)
2007-10-10 13:07:35 -05:00
Volker Lendecke
7f773c9ae8 r4332: Fix a potential memleak.
Volker
(This used to be commit 8f2b9c9d32)
2007-10-10 13:07:35 -05:00
Stefan Metzmacher
33cbe33678 r4320: fix locations of new trusting domains and domsin controller
computer accounts

metze
(This used to be commit f75c2004a0)
2007-10-10 13:07:34 -05:00
Stefan Metzmacher
8d0c3eefbc r4096: move the samdb code to source/dsdb/
the idea is to have a directory service db layer
which will be used by the ldap server, samr server, drsuapi server
authentification...

I plan to make different implementations of this interface possible
- current default will be the current samdb code with sam.ldb
- a compat implementation for samba3 (if someone wants to write one)
- a new dsdb implementation which:
  - understands naming contexts (directory parrtitions)
  - do schema and acl checking checking
  - maintain objectGUID, timestamps and USN number,
    maybe linked attributes ('member' and 'memberOf' attributes)
  - store metadata on a attribute=value combination...

metze
(This used to be commit 893a8b8bca)
2007-10-10 13:06:26 -05:00
Andrew Tridgell
990acc9f77 r3977: fixed the lmPwdHash change in the rpc server (we were not fetching the
lm hash from the samdb, and thus not checking the verifier)

fixed the client side to calculate the lm verifier based on the nt
hash, not the lm hash (confirmed using w2k3)
(This used to be commit 27e7fb3baf)
2007-10-10 13:06:10 -05:00
Andrew Tridgell
a99bf33294 r3953: the lm verifier key in passwoed ChangePasswordUser3 is based on the nt
hash, not the lm hash
(This used to be commit 8d4f0dc7d0)
2007-10-10 13:06:07 -05:00
Andrew Tridgell
cf91ad8122 r3952: added validation of the lm and nt verifiers to our server side password change code.
(This used to be commit f70e8f02d6)
2007-10-10 13:06:07 -05:00
Andrew Bartlett
5d35fe6f71 r3885: Add security descriptor comparison to our RPC-SAMSYNC test. We now
verify that the security descriptor found in the SamSync is the same
as what is available over SAMR.

Unfortunately, the administrator seems unable to retrieve the SACL on
the security descriptor, so I've added a new function to compare with
a mask.

Andrew Bartlett
(This used to be commit 39ae5e1dac)
2007-10-10 13:06:01 -05:00
Stefan Metzmacher
856ee66537 r3810: create a LIB_SECURITY subsystem
- move dom_sid, security_descriptor, security_* funtions to one place
  and rename some of them

metze
(This used to be commit b620bdd672)
2007-10-10 13:05:56 -05:00
Andrew Bartlett
5ad5c6cc70 r3807: Cross-check the basic attributes for groups and aliases in RPC-SAMSYNC.
Andrew Bartlett
(This used to be commit 90398fda41)
2007-10-10 13:05:56 -05:00
Andrew Bartlett
9aec081fd9 r3804: Add more comparison tests in RPC-SAMSYNC.
This compares values for the domain and for secrets.  We still have
some problems we need to sort out for secrets.

Also rename a number of structures in samr.idl and netlogon.idl, to
better express their consistancy.

Andrew Bartlett
(This used to be commit 3f52fa3a42)
2007-10-10 13:05:55 -05:00
Stefan Metzmacher
fa8f1c1ffe r3788: give new accounts and groups a objectGUID
metze
(This used to be commit 4839ea156f)
2007-10-10 13:05:53 -05:00
Stefan Metzmacher
8a18778286 r3783: - don't use make proto for ldb anymore
- split ldh.h out of samba's includes.h

- make ldb_context and ldb_module private to the subsystem

- use ltdb_ prefix for all ldb_tdb functions

metze
(This used to be commit f5ee40d6ce)
2007-10-10 13:05:52 -05:00
Andrew Bartlett
50916c8f2f r3724: Rename a number of structures, for better consistance between SAMR and
NETLOGON.

In particular, rename samr_Name to samr_String - given that many
strings in this pipe are not 'names', the previous was just confusing.
(I look forward to PIDL turning these into simple char * some day...).

Also export out a few changes from testjoin.c to allow for how I have
written the new RPC-SAMSYNC test.

Andrew Bartlett
(This used to be commit 9cd666bcfb)
2007-10-10 13:05:47 -05:00
Andrew Tridgell
c051779a0a r3468: split out dcerpc_server.h
(This used to be commit 729e0026e4)
2007-10-10 13:05:17 -05:00
Andrew Tridgell
a1d0b97ed4 r3462: separate out the crypto includes
(This used to be commit 3f75117db9)
2007-10-10 13:05:16 -05:00
Andrew Tridgell
edbfc0f6e7 r3453: - split out the auth and popt includes
- tidied up some of the system includes

- moved a few more structures back from misc.idl to netlogon.idl and samr.idl now that pidl
  knows about inter-IDL dependencies
(This used to be commit 7b7477ac42)
2007-10-10 13:05:13 -05:00
Andrew Tridgell
ead3508ac8 r3447: more include/system/XXX.h include files
(This used to be commit 264ce91810)
2007-10-10 13:05:12 -05:00
Andrew Tridgell
90067934cd r3428: switched to using minimal includes for the auto-generated RPC code.
The thing that finally convinced me that minimal includes was worth
pursuing for rpc was a compiler (tcc) that failed to build Samba due
to reaching internal limits of the size of include files. Also the
fact that includes.h.gch was 16MB, which really seems excessive. This
patch brings it back to 12M, which is still too large, but
better. Note that this patch speeds up compile times for both the pch
and non-pch case.

This change also includes the addition iof a "depends()" option in our
IDL files, allowing you to specify that one IDL file depends on
another. This capability was needed for the auto-includes generation.
(This used to be commit b8f5fa8ac8)
2007-10-10 13:05:09 -05:00
Andrew Tridgell
475c958450 r3425: got rid of a bunch of cruft from rewrite.h
(This used to be commit 3f902f8d85)
2007-10-10 13:05:08 -05:00
Andrew Bartlett
8050be6ea3 r3080: Make the Samba4 SAMR server pass the new, nasty torture test (now that
SAMR_FIELD_PASSWORD has been split up).

Andrew Bartlett
(This used to be commit 5f2295a5fb)
2007-10-10 13:01:57 -05:00
Andrew Bartlett
7afe85725f r3077: Add initial handling of Account Flags in SAMR user info level 21 and 25.
Andrew Bartlett
(This used to be commit 51774a9bca)
2007-10-10 13:01:56 -05:00
Andrew Tridgell
12ea0fd34c r3005: added talloc wrappers around tdb_open() and ldb_connect(), so that the
caller doesn't have to worry about the constraint of only opening a
database a single time in a process. These wrappers will ensure that
only a single open is done, and will auto-close when the last instance
is gone.

When you are finished with a database pointer, use talloc_free() to
close it.

note that this code does not take account of the threads process
model, and does not yet take account of symlinks or hard links to tdb
files.
(This used to be commit 04e1171996)
2007-10-10 12:59:56 -05:00
Andrew Tridgell
1429ed54f1 r2792: got rid of talloc_ldb_alloc() and instead created talloc_realloc_fn(),
so talloc now doesn't contain any ldb specific functions.

allow NULL to be passed to a couple more talloc() functions
(This used to be commit 1246f80d80)
2007-10-10 12:59:34 -05:00
Andrew Tridgell
c567d64d66 r2734: the samdb_destructor can be static
(This used to be commit feb63e74f9)
2007-10-10 12:59:27 -05:00
Andrew Tridgell
aa12305945 r2680: switched the libcli/raw/ code over to use talloc_reference(), which simplifies things quite a bit
(This used to be commit c82a9cf750)
2007-10-10 12:59:21 -05:00
Andrew Tridgell
61a7dfc237 r2675: added a convenience function
void *talloc_reference(const void *context, const void *ptr);

this function makes a secondary reference to ptr, and hangs it off the
given context. This greatly simplifies some of the current reference
counting code in the samr server and I suspect it will be widely used
in other places too.

the way you use it is like this:

	domain_state->connect_state = talloc_reference(domain_state, connect_state);

that makes the element connect_state of domain_state a secondary
reference to connect_state. The connect_state structure will then only
be freed when both domain_state and the original connect_state go
away, allowing you to free them independently and in any order.

you could do this alrady using a talloc destructor, and that is what
the samr server did previously, but that meant this construct was
being reinvented in several places. So this convenience function sets
up the destructor for you, giving a much more convenient and less
error prone API.
(This used to be commit dc53150861)
2007-10-10 12:59:20 -05:00
Andrew Tridgell
f095a8e748 r2670: use a destructor to auto-close the samr ldb when the last user
disconnects. Previously the ldb was always kept open.
(This used to be commit d78eea9eb8)
2007-10-10 12:59:20 -05:00
Andrew Tridgell
223e78990a r2628: got rid of some warnings and converted a few more places to use hierarchical memory allocation
(This used to be commit 26da45a801)
2007-10-10 12:59:14 -05:00
Andrew Tridgell
1954070a7e r2592: this fixes one of the security memory leaks in the server
(This used to be commit efb2b88edd)
2007-10-10 12:59:10 -05:00
Andrew Bartlett
814cd2bc3f r2537: Add static and use strlen_m instead of str_charnum().
Andrew Bartlett
(This used to be commit f3bf57ca6b)
2007-10-10 12:59:04 -05:00
Tim Potter
0e71bf8148 r2458: Rename policy handle parameters for the SAMR pipe. Parameters now
have the handle type implied by the parameter name.  There are four
types of handle: connect, domain, user and group handles.  The
various samr_Connect functions return a connect handle, and the
samr_OpenFoo functions return a foo handle.

There is one exception - the samr_{Get,Set}Security function can
take any type of handle.

Fix up all C callers.
(This used to be commit 32f0f3154a)
2007-10-10 12:58:55 -05:00
Andrew Bartlett
15a96c4298 r2290: Fix 'lsakey' for the server-side, it is static for
'authenticated' connections.

Fix kerberos session key issues - we need to call the
routine for extracting the session key, not just read the cache.

Andrew Bartlett
(This used to be commit b80d849b6b)
2007-10-10 12:58:40 -05:00
Andrew Bartlett
d987a32c8c r2282: Remove one more magic constant from the source, replace with sizeof().
Andrew Bartlett
(This used to be commit a089bcf503)
2007-10-10 12:58:39 -05:00
Andrew Tridgell
fa419c9255 r2280: fixed the session key choice for ncacn_np and ncacn_ip_tcp in the rpc server
(This used to be commit 3b4ed24f4b)
2007-10-10 12:58:38 -05:00
Tim Potter
8293df91bc r2247: talloc_destroy -> talloc_free
(This used to be commit 6c1a72c5d6)
2007-10-10 12:58:34 -05:00
Stefan Metzmacher
275efb936f r2059: abartlet: is there a better way to fix this compiler warning
(the same problem as in -r 2056)

metze
(This used to be commit 98e4b23d45)
2007-10-10 12:58:22 -05:00
Andrew Bartlett
5e869b4eab r2055: Add PRINTF_ATTRIBUTE to many more parts of the code, and a new
--enable-developer warning for when they are missing.

Andrew Bartlett
(This used to be commit 8115e44d47)
2007-10-10 12:58:21 -05:00
Andrew Tridgell
ede02ee038 r2051: switched the samdb over to using the new destructor and reference
count features of talloc, instead of re-implementing both those
features inside of samdb (which is what we did before).

This makes samdb considerably simpler, and also fixes some bugs, as I
found some error paths that didn't call samdb_close(). Those are now
handled by the fact that a talloc_free() will auto-close and destroy
the samdb context, using a destructor.
(This used to be commit da60987a92)
2007-10-10 12:58:21 -05:00
Andrew Tridgell
b83ba93eae r1983: a completely new implementation of talloc
This version does the following:

  1) talloc_free(), talloc_realloc() and talloc_steal() lose their
     (redundent) first arguments

  2) you can use _any_ talloc pointer as a talloc context to allocate
     more memory. This allows you to create complex data structures
     where the top level structure is the logical parent of the next
     level down, and those are the parents of the level below
     that. Then destroy either the lot with a single talloc_free() or
     destroy any sub-part with a talloc_free() of that part

  3) you can name any pointer. Use talloc_named() which is just like
     talloc() but takes the printf style name argument as well as the
     parent context and the size.

The whole thing ends up being a very simple piece of code, although
some of the pointer walking gets hairy.

So far, I'm just using the new talloc() like the old one. The next
step is to actually take advantage of the new interface
properly. Expect some new commits soon that simplify some common
coding styles in samba4 by using the new talloc().
(This used to be commit e35bb094c5)
2007-10-10 12:58:14 -05:00
Stefan Metzmacher
b82881591c r1335: NT_STATUS_INTERNAL_DB_CORRUPTION
should cause DEBUG(0,(...));

metze
(This used to be commit 80851e6778)
2007-10-10 12:56:50 -05:00
Andrew Bartlett
dc9f55dbec r1294: A nice, large, commit...
This implements gensec for Samba's server side, and brings gensec up
to the standards of a full subsystem.

This means that use of the subsystem is by gensec_* functions, not
function pointers in structures (this is internal).  This causes
changes in all the existing gensec users.

Our RPC server no longer contains it's own generalised security
scheme, and now calls gensec directly.

Gensec has also taken over the role of auth/auth_ntlmssp.c

An important part of gensec, is the output of the 'session_info'
struct.  This is now reference counted, so that we can correctly free
it when a pipe is closed, no matter if it was inherited, or created by
per-pipe authentication.

The schannel code is reworked, to be in the same file for client and
server.

ntlm_auth is reworked to use gensec.

The major problem with this code is the way it relies on subsystem
auto-initialisation.  The primary reason for this commit now.is to
allow these problems to be looked at, and fixed.

There are problems with the new code:
- I've tested it with smbtorture, but currently don't have VMware and
  valgrind working (this I'll fix soon).
- The SPNEGO code is client-only at this point.
- We still do not do kerberos.

Andrew Bartlett
(This used to be commit 07fd885fd4)
2007-10-10 12:56:49 -05:00
Tim Potter
d2ac885df0 r1270: Start to break samdb into general bits so we can share code with other
similar dbs.
(This used to be commit 1162e2fcff)
2007-10-10 12:56:47 -05:00
Tim Potter
37fcf22364 r1268: varient -> variant
(This used to be commit de5984c956)
2007-10-10 12:56:46 -05:00