Stefan Metzmacher [Fri, 11 May 2012 13:51:42 +0000 (15:51 +0200)]
start source3/smbd/tevent_impersonate.c
Stefan Metzmacher [Mon, 5 Aug 2013 08:46:47 +0000 (10:46 +0200)]
libcli/auth: add more const to spnego_negTokenInit->mechTypes
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Sat Aug 10 11:11:54 CEST 2013 on sn-devel-104
Stefan Metzmacher [Mon, 5 Aug 2013 08:43:38 +0000 (10:43 +0200)]
libcli/auth: avoid possible mem leak in read_negTokenInit()
Also add error checks.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Mon, 5 Aug 2013 09:20:21 +0000 (11:20 +0200)]
auth/gensec: treat struct gensec_security_ops as const if possible.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Mon, 5 Aug 2013 09:10:55 +0000 (11:10 +0200)]
auth/gensec: use 'const char * const *' for function parameters
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Mon, 5 Aug 2013 14:12:13 +0000 (16:12 +0200)]
auth/gensec: make it possible to implement async backends
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Mon, 5 Aug 2013 08:39:16 +0000 (10:39 +0200)]
auth/gensec: avoid talloc_reference in gensec_security_mechs()
We now always copy.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Mon, 5 Aug 2013 08:37:26 +0000 (10:37 +0200)]
auth/gensec: avoid talloc_reference in gensec_use_kerberos_mechs()
We now always copy.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Mon, 5 Aug 2013 05:12:01 +0000 (07:12 +0200)]
auth/gensec: introduce gensec_internal.h
We should treat most gensec related structures private.
It's a long way, but this is a start.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Fri, 2 Aug 2013 13:42:21 +0000 (15:42 +0200)]
libcli/auth/schannel: remove unused schannel_position
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Fri, 2 Aug 2013 11:37:54 +0000 (13:37 +0200)]
libcli/auth/schannel: make struct schannel_state private
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Sat, 3 Aug 2013 09:32:31 +0000 (11:32 +0200)]
s4:gensec/schannel: only require librpc/gen_ndr/dcerpc.h
We just need DCERPC_AUTH_TYPE_SCHANNEL
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Sat, 3 Aug 2013 09:27:55 +0000 (11:27 +0200)]
s4:gensec/schannel: there's no point in having schannel_session_key()
gensec_session_key() will return NT_STATUS_NO_USER_SESSION_KEY
before calling schannel_session_key(), as we don't provide
GENSEC_FEATURE_SESSION_KEY.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Sat, 3 Aug 2013 09:21:32 +0000 (11:21 +0200)]
s4:gensec/schannel: GENSEC_FEATURE_ASYNC_REPLIES is not supported
There's a sequence number attached to the connection,
which needs to be incremented with each message...
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Fri, 2 Aug 2013 11:25:20 +0000 (13:25 +0200)]
s4:gensec/schannel: use the correct computer_name from netlogon_creds_CredentialState
We need to use the same computer_name we used in the netr_Authenticate3
request.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Fri, 2 Aug 2013 11:04:07 +0000 (13:04 +0200)]
s4:gensec/schannel: simplify the code by using netsec_create_state()
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Fri, 2 Aug 2013 10:31:41 +0000 (12:31 +0200)]
s4:gensec/schannel: remove unused dcerpc_schannel_creds()
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Fri, 2 Aug 2013 08:08:54 +0000 (10:08 +0200)]
s4:torture: avoid usage of dcerpc_schannel_creds()
We use cli_credentials_get_netlogon_creds() which returns the same value.
dcerpc_schannel_creds() is a layer violation.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Fri, 2 Aug 2013 08:08:54 +0000 (10:08 +0200)]
s4:libnet: avoid usage of dcerpc_schannel_creds()
We use cli_credentials_get_netlogon_creds() which returns the same value.
dcerpc_schannel_creds() is a layer violation.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Fri, 2 Aug 2013 11:36:30 +0000 (13:36 +0200)]
s3:dcerpc_helpers: remove unused DEBUG message of schannel_state->seq_num.
This is a layer violation and not needed anymore as we know
how the seqnum handling works now.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Fri, 2 Aug 2013 11:33:37 +0000 (13:33 +0200)]
s3:rpc_server: make use of netsec_create_state()
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Sat, 3 Aug 2013 06:50:54 +0000 (08:50 +0200)]
s3:cli_pipe.c: return NO_USER_SESSION_KEY in cli_get_session_key() for schannel
SCHANNEL connections don't have a user session key,
they're like anonymous connections.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Fri, 2 Aug 2013 11:28:59 +0000 (13:28 +0200)]
s3:cli_pipe: pass down creds->computer_name to NL_AUTH_MESSAGE
We need to use the same computer_name value as in the netr_Authenticate3()
request.
We abuse cli->auth->user_name to pass the value down.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Fri, 2 Aug 2013 11:28:11 +0000 (13:28 +0200)]
s3:cli_pipe: make use of netsec_create_state()
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Fri, 2 Aug 2013 10:53:42 +0000 (12:53 +0200)]
libcli/auth: add netsec_create_state()
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Wed, 24 Apr 2013 10:33:28 +0000 (12:33 +0200)]
libcli/auth: maintain the sequence number for the NETLOGON SSP as 64bit
See [MS-NPRC] 3.3.4.2 The Netlogon Signature Token.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Sat, 3 Aug 2013 09:43:58 +0000 (11:43 +0200)]
auth/gensec: add gensec_security_by_auth_type()
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Sat, 3 Aug 2013 09:26:13 +0000 (11:26 +0200)]
auth/gensec: first check GENSEC_FEATURE_SESSION_KEY before returning NOT_IMPLEMENTED
Preferr NT_STATUS_NO_USER_SESSION_KEY as return value of gensec_session_key().
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Thu, 25 Apr 2013 17:33:28 +0000 (19:33 +0200)]
s3:rpc_client: remove unused cli_rpc_pipe_open_ntlmssp_auth_schannel()
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Thu, 25 Apr 2013 16:30:36 +0000 (18:30 +0200)]
s3:rpc_client: remove netr_LogonGetCapabilities check from rpc_pipe_bind*
It's done in the caller now.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Thu, 25 Apr 2013 17:34:13 +0000 (19:34 +0200)]
s3:rpc_client: add netr_LogonGetCapabilities to cli_rpc_pipe_open_schannel_with_key()
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Thu, 25 Apr 2013 17:45:52 +0000 (19:45 +0200)]
s3:rpc_client: use netlogon_creds_copy before rpc_pipe_bind
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Thu, 25 Apr 2013 17:57:09 +0000 (19:57 +0200)]
s3:rpc_client: fix/add AES downgrade detection to rpc_pipe_bind_step_two_done()
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Sat, 15 Jun 2013 07:41:52 +0000 (09:41 +0200)]
s3:rpcclient: try to use NETLOGON_NEG_SUPPORTS_AES
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Sat, 15 Jun 2013 07:41:52 +0000 (09:41 +0200)]
s3:rpc_client: try to use NETLOGON_NEG_SUPPORTS_AES
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Sat, 15 Jun 2013 07:41:52 +0000 (09:41 +0200)]
s3:libnet_join: try to use NETLOGON_NEG_SUPPORTS_AES
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Sat, 15 Jun 2013 07:41:52 +0000 (09:41 +0200)]
s3:auth_domain: try to use NETLOGON_NEG_SUPPORTS_AES
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Mon, 5 Aug 2013 18:26:54 +0000 (20:26 +0200)]
s3:libsmb: remove unused cli_state->is_guestlogin
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
David Disseldorp [Wed, 7 Aug 2013 15:16:12 +0000 (17:16 +0200)]
torture: add smb2 FSCTL_[GET/SET]_COMPRESSION test
This test simply creates a file and checks the compression state before
and after FSCTL_SET_COMPRESSION(COMPRESSION_FORMAT_DEFAULT).
The test expects the compression state to be COMPRESSION_FORMAT_LZNT1
after set, conforming to Windows Server behaviour.
If the server responds to the first FSCTL_GET_COMPRESSION request with
NT_STATUS_NOT_SUPPORTED or NT_STATUS_INVALID_DEVICE_REQUEST, then the
test is skipped. This allows it to run during selftest.
Signed-off-by: David Disseldorp <ddiss@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Fri Aug 9 22:03:39 CEST 2013 on sn-devel-104
David Disseldorp [Wed, 7 Aug 2013 15:16:11 +0000 (17:16 +0200)]
lib: add FSCTL_[GET/SET]_COMPRESSION constants
Values taken from MS-FSCC.
Signed-off-by: David Disseldorp <ddiss@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
David Disseldorp [Wed, 7 Aug 2013 15:16:10 +0000 (17:16 +0200)]
torture: split out ioctl test file creation helper
Signed-off-by: David Disseldorp <ddiss@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Susant Kumar Palai [Tue, 6 Aug 2013 21:45:06 +0000 (14:45 -0700)]
VFS plugin was sending the actual size of the volume instead of the total number of block units because of which windows was getting the wrong volume capacity.
Signed-off-by: Susant Kumar Palai <spalai@redhat.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Christopher R. Hertel <crh@samba.org>
Christof Schmitt [Wed, 7 Aug 2013 17:59:08 +0000 (10:59 -0700)]
doc: Fix prefix parameter name in vfs_full_audit man page
Commit
2314f47 fixed two other instances, but forgot to change the last
one.
Signed-off-by: Christof Schmitt <christof.schmitt@us.ibm.com>
Reviewed-by: David Disseldorp <ddiss@samba.org>
Autobuild-User(master): David Disseldorp <ddiss@samba.org>
Autobuild-Date(master): Fri Aug 9 16:53:28 CEST 2013 on sn-devel-104
Karolin Seeger [Fri, 9 Aug 2013 08:57:51 +0000 (10:57 +0200)]
docs: Add basic man page for vfs_syncops.
Fix bug #7364 - man vfs_syncops missing.
Signed-off-by: Karolin Seeger <kseeger@samba.org>
Reviewed-by: David Disseldorp <ddiss@samba.org>
Autobuild-User(master): David Disseldorp <ddiss@samba.org>
Autobuild-Date(master): Fri Aug 9 13:19:12 CEST 2013 on sn-devel-104
Matthieu Patou [Tue, 30 Jul 2013 23:09:00 +0000 (16:09 -0700)]
drs-cracknames: Add some debugs in the torture to know better which test has failed
Signed-off-by: Matthieu Patou <mat@matws.net>
Reviewed-By: Andrew Bartlett <abarlett@samba.org>
Autobuild-User(master): Matthieu Patou <mat@samba.org>
Autobuild-Date(master): Wed Aug 7 08:10:58 CEST 2013 on sn-devel-104
Matthieu Patou [Mon, 1 Jul 2013 03:45:28 +0000 (20:45 -0700)]
Remove the knownfail flag on cracknames as it didn't fail anymore
Signed-off-by: Matthieu Patou <mat@matws.net>
Reviewed-by: Andrew Bartlett <abarlett@samba.org>
Matthieu Patou [Mon, 1 Jul 2013 03:44:22 +0000 (20:44 -0700)]
drs-cracksname: fix problems that prevented to pass our torture tests
Some of the problems where also reported by Microsoft testing tools
Signed-off-by: Matthieu Patou <mat@matws.net>
Reviewed-by: Andrew Bartlett <abarlett@samba.org>
Matthieu Patou [Sun, 30 Jun 2013 09:04:20 +0000 (02:04 -0700)]
drs-crackname: Fix error code so that we have the same as windows
Signed-off-by: Matthieu Patou <mat@matws.net>
Reviewed-by: Andrew Bartlett <abarlett@samba.org>
Matthieu Patou [Sun, 30 Jun 2013 09:03:02 +0000 (02:03 -0700)]
drs-cracknames: When cracking NT4 names we should just look at netbios for the match
Looking at dnsRoot will yield a result for domain.tld\username when it
shouldn't work.
Signed-off-by: Matthieu Patou <mat@matws.net>
Reviewed-by: Andrew Bartlett <abarlett@samba.org>
Matthieu Patou [Sat, 29 Jun 2013 23:02:32 +0000 (16:02 -0700)]
drs-crackname: Fix cracknames for the format UNKNOWN when the data is actually a GUID
The cannonical crackname expect a "/" or it returns
DRSUAPI_DS_NAME_STATUS_RESOLVE_ERROR, when doing UNKNOWN format it's not
an error to not have a "/" in the name to crack it's just a sign the
name is not a cannonical one.
Signed-off-by: Matthieu Patou <mat@matws.net>
Reviewed-by: Andrew Bartlett <abarlett@samba.org>
Matthieu Patou [Fri, 28 Jun 2013 08:11:46 +0000 (01:11 -0700)]
drs-cracknames: Reorganise the cracknames list so that similar format names are group together
It makes easier when reviewing failed test case in DRSR testsuite
Signed-off-by: Matthieu Patou <mat@matws.net>
Reviewed-by: Andrew Bartlett <abarlett@samba.org>
Matthieu Patou [Fri, 28 Jun 2013 06:58:41 +0000 (23:58 -0700)]
Add Notes related to DRSUAPI
Signed-off-by: Matthieu Patou <mat@matws.net>
Reviewed-by: Andrew Bartlett <abarlett@samba.org>
Matthieu Patou [Tue, 27 Sep 2011 18:06:03 +0000 (14:06 -0400)]
s4-netlogon: honnor DS_RETURN_DNS_NAME flag
Reviewed-By: Andrew Bartlett <abarlett@samba.org>
Matthieu Patou [Mon, 26 Sep 2011 22:54:04 +0000 (18:54 -0400)]
s4-netlogon: do not add \\ it has already be done in the fill_netlogon_samlogon_response
Reviewed-By: Andrew Bartlett <abarlett@samba.org>
Matthieu Patou [Tue, 30 Jul 2013 23:07:56 +0000 (16:07 -0700)]
torture: Quiet a warning about set but not used variable
Signed-off-by: Matthieu Patou <mat@matws.net>
Reviewed-By: Andrew Bartlett <abarlett@samba.org>
Matthieu Patou [Wed, 31 Jul 2013 04:45:59 +0000 (21:45 -0700)]
torture-drsuapi: Make the name of the dc variable
In case some tests fails or if the removal takes sometime to replicate
to all the DCs
Reviewed-By: Andrew Bartlett <abarlett@samba.org>
Andreas Schneider [Tue, 6 Aug 2013 09:10:04 +0000 (11:10 +0200)]
s3-netlogon: Connecting with the system token should be sufficient.
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
Autobuild-User(master): Günther Deschner <gd@samba.org>
Autobuild-Date(master): Tue Aug 6 18:22:06 CEST 2013 on sn-devel-104
Andreas Schneider [Wed, 31 Jul 2013 14:49:36 +0000 (16:49 +0200)]
s3-rpc_server: Grant the system token full access.
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
Andreas Schneider [Tue, 6 Aug 2013 11:26:53 +0000 (13:26 +0200)]
libcli: Add security_token_system_privilege().
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
Christof Schmitt [Mon, 5 Aug 2013 18:21:59 +0000 (11:21 -0700)]
FSCTL_GET_SHADOW_COPY_DATA: Don't return 4 extra bytes at end
labels_data_count already accounts for the unicode null character at the
end of the array. There is no need in adding space for it again.
Signed-off-by: Christof Schmitt <christof.schmitt@us.ibm.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Simo Sorce <idra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Tue Aug 6 04:03:17 CEST 2013 on sn-devel-104
Christof Schmitt [Mon, 5 Aug 2013 18:16:22 +0000 (11:16 -0700)]
FSCTL_GET_SHADOW_COPY_DATA: Initialize output array to zero
Otherwise num_volumes and the end marker can return uninitialized data
to the client.
Signed-off-by: Christof Schmitt <christof.schmitt@us.ibm.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Simo Sorce <idra@samba.org>
Ralph Wuerthner [Wed, 10 Jul 2013 14:43:39 +0000 (16:43 +0200)]
s3:smbd: allow info class SMB_QUERY_FS_ATTRIBUTE_INFO to return partial data
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Volker Lendecke <Volker.Lendecke@SerNet.DE>
Ralph Wuerthner [Wed, 10 Jul 2013 13:52:06 +0000 (15:52 +0200)]
s3:smbd: allow info class SMB_QUERY_FS_VOLUME_INFO to return partial data
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Volker Lendecke <Volker.Lendecke@SerNet.DE>
Ralph Wuerthner [Fri, 5 Jul 2013 09:32:27 +0000 (11:32 +0200)]
s3:smbd: allow status code in smbd_do_qfsinfo() to be set by information class handler
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Volker Lendecke <Volker.Lendecke@SerNet.DE>
Ralph Wuerthner [Fri, 5 Jul 2013 09:03:16 +0000 (11:03 +0200)]
s3:smbd: allow GetInfo responses with STATUS_BUFFER_OVERFLOW to return partial, but valid data
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Volker Lendecke <Volker.Lendecke@SerNet.DE>
Ralph Wuerthner [Wed, 10 Jul 2013 06:59:58 +0000 (08:59 +0200)]
s3:smbd: return NT_STATUS_INFO_LENGTH_MISMATCH for GetInfo in case output_buffer_length is too small
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Volker Lendecke <Volker.Lendecke@SerNet.DE>
Matthieu Patou [Thu, 27 Dec 2012 05:36:50 +0000 (21:36 -0800)]
pyldb: decrement ref counters on py_results and quiet warnings
Signed-off-by: Matthieu Patou <mat@matws.net>
Reviewed-by: Jelmer Vernooij <jelmer@samba.org>
Autobuild-User(master): Matthieu Patou <mat@samba.org>
Autobuild-Date(master): Tue Aug 6 00:32:46 CEST 2013 on sn-devel-104
Jeremy Allison [Thu, 11 Jul 2013 16:36:01 +0000 (09:36 -0700)]
Fix bug #10010 - Missing integer wrap protection in EA list reading can cause server to loop with DOS.
Fix client-side parsing also. Found by David Disseldorp <ddiss@suse.de>
Signed-off-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(master): Mon Aug 5 14:39:04 CEST 2013 on sn-devel-104
Jeremy Allison [Thu, 11 Jul 2013 00:10:17 +0000 (17:10 -0700)]
Fix bug #10010 - Missing integer wrap protection in EA list reading can cause server to loop with DOS.
Ensure we never wrap whilst adding client provided input.
Signed-off-by: Jeremy Allison <jra@samba.org>
Andreas Schneider [Mon, 5 Aug 2013 07:25:11 +0000 (09:25 +0200)]
s3-libads: Print a message if no realm has been specified.
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Mon Aug 5 12:24:44 CEST 2013 on sn-devel-104
Stefan Metzmacher [Thu, 25 Apr 2013 17:43:58 +0000 (19:43 +0200)]
s3:rpc_client: rename same variables in cli_rpc_pipe_open_schannel_with_key()
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Stefan Metzmacher [Thu, 25 Apr 2013 16:29:31 +0000 (18:29 +0200)]
s3:rpc_client: use the correct context for netlogon_creds_copy() in rpccli_schannel_bind_data()
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Stefan Metzmacher [Thu, 25 Apr 2013 16:27:57 +0000 (18:27 +0200)]
s3:rpc_client: make rpccli_schannel_bind_data() static
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Stefan Metzmacher [Wed, 24 Apr 2013 14:00:44 +0000 (16:00 +0200)]
s3:netlogon: make use of netlogon_creds_decrypt_samlogon_logon()
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Stefan Metzmacher [Wed, 24 Apr 2013 14:00:18 +0000 (16:00 +0200)]
s4:netlogon: make use of netlogon_creds_decrypt_samlogon_logon()
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Stefan Metzmacher [Wed, 24 Apr 2013 10:53:27 +0000 (12:53 +0200)]
libcli/auth: add netlogon_creds_shallow_copy_logon()
This can be used before netlogon_creds_encrypt_samlogon_logon()
in order to keep the provided buffers unchanged.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Stefan Metzmacher [Thu, 25 Apr 2013 15:01:00 +0000 (17:01 +0200)]
libcli/auth: add netlogon_creds_[de|en]crypt_samlogon_logon()
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Stefan Metzmacher [Fri, 14 Jun 2013 07:47:50 +0000 (09:47 +0200)]
libcli/auth: fix shadowed declaration in netlogon_creds_crypt_samlogon_validation()
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Stefan Metzmacher [Wed, 24 Apr 2013 10:36:04 +0000 (12:36 +0200)]
libcli/auth: make netlogon_creds_crypt_samlogon_validation more robust
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Stefan Metzmacher [Fri, 22 Mar 2013 14:07:10 +0000 (15:07 +0100)]
s3:rpcclient: use talloc_stackframe() in do_cmd()
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Stefan Metzmacher [Tue, 16 Jul 2013 08:07:30 +0000 (10:07 +0200)]
s4:librpc: fix netlogon connections against servers without AES support
LogonGetCapabilities() only works on the credential chain if
the server supports AES, so we need to work on a temporary copy
until we know the server replied a valid return authenticator.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Stefan Metzmacher [Mon, 15 Jul 2013 11:28:34 +0000 (13:28 +0200)]
s3-net: avoid confusing output in net_rpc_oldjoin() if NET_FLAGS_EXPECT_FALLBACK is passed
"net rpc join" tries net_rpc_oldjoin() first and falls back to
net_rpc_join_newstyle(). We should not print the join failed
if just net_rpc_oldjoin() failed.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Günther Deschner [Tue, 3 Feb 2009 19:21:05 +0000 (20:21 +0100)]
s3-net: use libnetjoin for "net rpc join" newstyle.
Guenther
Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Günther Deschner [Tue, 3 Feb 2009 19:10:05 +0000 (20:10 +0100)]
s3-net: use libnetjoin for "net rpc testjoin".
Guenther
Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Stefan Metzmacher [Thu, 13 Jun 2013 17:12:27 +0000 (19:12 +0200)]
s3:libnet: let the caller truncate the pw in libnet_join_joindomain_rpc_unsecure()
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Günther Deschner [Thu, 6 Nov 2008 12:37:45 +0000 (13:37 +0100)]
s3-libnetjoin: move "net rpc oldjoin" to use libnetjoin.
Guenther
Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Günther Deschner [Thu, 6 Nov 2008 10:40:03 +0000 (11:40 +0100)]
s3-libnetjoin: add machine_name length check.
Guenther
Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Günther Deschner [Wed, 24 Sep 2008 09:05:37 +0000 (11:05 +0200)]
s3: libnet_join: use admin_domain in libnetjoin.
Guenther
Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Günther Deschner [Wed, 24 Sep 2008 09:04:42 +0000 (11:04 +0200)]
s3: libnet_join: add admin_domain.
Guenther
Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Günther Deschner [Wed, 19 Dec 2012 12:53:23 +0000 (13:53 +0100)]
libcli/auth: also set secure channel type in netlogon_creds_client_init().
Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Günther Deschner [Fri, 24 May 2013 11:56:53 +0000 (13:56 +0200)]
s3-rpc_cli: pass down ndr_interface_table to rpc_transport_np_init_send().
Guenther
Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Günther Deschner [Fri, 24 May 2013 11:52:05 +0000 (13:52 +0200)]
s3-rpc_cli: pass down ndr_interface_table to rpc_transport_np_init().
Guenther
Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Günther Deschner [Fri, 24 May 2013 11:47:16 +0000 (13:47 +0200)]
s3-rpc_cli: pass down ndr_interface_table to rpc_pipe_open_tcp_port().
Guenther
Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Günther Deschner [Fri, 24 May 2013 11:46:07 +0000 (13:46 +0200)]
s3-rpc_cli: pass down ndr_interface_table to rpc_pipe_get_tcp_port().
Guenther
Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Günther Deschner [Fri, 24 May 2013 11:44:00 +0000 (13:44 +0200)]
s3-rpc_cli: pass down ndr_interface_table to rpc_pipe_open_tcp().
Guenther
Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Günther Deschner [Fri, 24 May 2013 11:40:45 +0000 (13:40 +0200)]
s3-rpc_cli: pass down ndr_interface_table to rpc_pipe_open_np().
Guenther
Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Günther Deschner [Fri, 24 May 2013 11:38:01 +0000 (13:38 +0200)]
s3-rpc_cli: pass down ndr_interface_table to cli_rpc_pipe_open().
Guenther
Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Günther Deschner [Fri, 24 May 2013 11:33:03 +0000 (13:33 +0200)]
s3-rpc_cli: pass down ndr_interface_table to cli_rpc_pipe_open_noauth_transport().
Guenther
Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Günther Deschner [Fri, 24 May 2013 11:29:28 +0000 (13:29 +0200)]
s3-rpc_cli: pass down ndr_interface_table to cli_rpc_pipe_open_noauth().
Guenther
Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Günther Deschner [Fri, 24 May 2013 11:17:24 +0000 (13:17 +0200)]
s3-rpc_cli: pass down ndr_interface_table to cli_rpc_pipe_open_schannel_with_key().
Guenther
Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
git.samba.org / metze / samba / wip.git / log