summaryrefslogtreecommitdiff
AgeCommit message (Collapse)AuthorFilesLines
2011-07-21samba-tool: updated test suite for the new domain dumpkeys optionGiampaolo Lauria1-2/+2
The test suite has been changed to reflect the move from export to "domain dumpkeys" to reflect the object-action model Signed-off-by: Andrew Tridgell <tridge@samba.org>
2011-07-21samba-tool: removed export as it has been moved to domain dumpkeysGiampaolo Lauria2-58/+0
The functionality of export has been moved to domain dumpkeys to fit the object-action model Signed-off-by: Andrew Tridgell <tridge@samba.org>
2011-07-21samba-tool: moved export to domain dumpkeysGiampaolo Lauria1-0/+23
This is part of the samba-tool work to fit the object-action model Signed-off-by: Andrew Tridgell <tridge@samba.org>
2011-07-21samba-tool: updated test suite to reflect the move from domainlevel to ↵Giampaolo Lauria1-1/+1
domain level The test suite needs to reflect the change from domailevel to "domain level" to fit the object-action model Signed-off-by: Andrew Tridgell <tridge@samba.org>
2011-07-21samba-tool: removed domainlevel as it has been moved to domain levelGiampaolo Lauria2-249/+0
The functionality of domainlevel has been moved the "domain level" to fit the object-action model Signed-off-by: Andrew Tridgell <tridge@samba.org>
2011-07-21samba-tool: moved domainlevel to domain levelGiampaolo Lauria1-0/+201
This is part of the samba-tool work to fit the object-action model Signed-off-by: Andrew Tridgell <tridge@samba.org>
2011-07-21samba-tool: removed machinepw as it has been moved to domain machinepasswordGiampaolo Lauria2-58/+0
The functionality of machinepwd has been moved to "domain machinepassword" to fit the object-action model Signed-off-by: Andrew Tridgell <tridge@samba.org>
2011-07-21samba-tool: moved machinepw to domain machinepasswordGiampaolo Lauria1-1/+37
This is part of the samba-tool work to fit the object-action model Signed-off-by: Andrew Tridgell <tridge@samba.org>
2011-07-21samba-tool: update test suite for the new domain objectGiampaolo Lauria3-9/+9
Changed test suite to reflect the changes from setpassword to "domain setpassword" to fit the object-action model Signed-off-by: Andrew Tridgell <tridge@samba.org>
2011-07-21samba-tool: removed pwsettingsGiampaolo Lauria1-197/+0
pwsettings functionality has been moved to user passwordsettings to fit the object-action model Signed-off-by: Andrew Tridgell <tridge@samba.org>
2011-07-21samba-tool: created domain object, moved pwsettings to user passwordsettingsGiampaolo Lauria2-2/+214
This is part of the samba-tool work to fit the object-action model Signed-off-by: Andrew Tridgell <tridge@samba.org>
2011-07-21samba-tool: update test suite for add setpasswordGiampaolo Lauria4-9/+7
The test suite needs to change from setpassword to "user setpassword" to reflect the new cmd syntax Signed-off-by: Andrew Tridgell <tridge@samba.org>
2011-07-21samba-tool: removed setpassword.pyGiampaolo Lauria1-80/+0
The functionality in setppasword has now been moved to "user setpassword" to fit the object-action model Signed-off-by: Andrew Tridgell <tridge@samba.org>
2011-07-21samba-tool: added setpassword to userGiampaolo Lauria1-2/+58
This is part of the samba-tool work to fit the object-action model Signed-off-by: Andrew Tridgell <tridge@samba.org>
2011-07-21samba-tool: fix summary of the fsmo command to be clearerGiampaolo Lauria1-1/+1
fsmo command is for general FSMO management Signed-off-by: Andrew Tridgell <tridge@samba.org>
2011-07-20s3-torture: run_simple_posix_open_test(): replace cli_read_old() withBjörn Baumbach1-2/+9
cli_read() Signed-off-by: Stefan Metzmacher <metze@samba.org> Autobuild-User: Stefan Metzmacher <metze@samba.org> Autobuild-Date: Wed Jul 20 23:22:09 CEST 2011 on sn-devel-104
2011-07-20s3-torture: rw_torture2(): replace cli_read_old() with cli_read()Björn Baumbach1-4/+10
Signed-off-by: Stefan Metzmacher <metze@samba.org>
2011-07-20s3-torture: rw_torture3(): replace cli_read_old() with cli_read()Björn Baumbach1-10/+7
Signed-off-by: Stefan Metzmacher <metze@samba.org>
2011-07-20s3-torture: rw_torture(): replace cli_read_old() with cli_read()Björn Baumbach1-3/+11
Signed-off-by: Stefan Metzmacher <metze@samba.org>
2011-07-20s3-libsmb: introduce new NTSTATUS cli_read()Björn Baumbach2-0/+23
Replacement for cli_read_old() Signed-off-by: Stefan Metzmacher <metze@samba.org>
2011-07-20s3-libsmb: replace cli_read() with cli_read_old()Björn Baumbach10-28/+28
Will introduce new cli_read() function. Signed-off-by: Stefan Metzmacher <metze@samba.org>
2011-07-20s3:libsmb: move cli->cnum to cli->smb1.tid and hide it behind ↵Stefan Metzmacher10-36/+55
cli_state_[g|s]et_tid() metze
2011-07-20s3:libsmb: move cli->pid to cli->smb1.pid and hide it behind cli_[g|s]etpid()Stefan Metzmacher5-12/+18
metze
2011-07-20s3:libsmb: add cli->smb1.vc_num and hide it behind cli_state_get_vc_num()Stefan Metzmacher4-3/+11
This makes it clearer, why we send the pid value in the session setup. metze
2011-07-20s3:libsmb: move cli->mid to cli->smb1.midStefan Metzmacher3-4/+8
metze
2011-07-20s3:libsmb: smb_bytes_talloc_string() doesn't need a cli_stateStefan Metzmacher1-3/+3
metze
2011-07-20s4:kdc: restore the behavior before the last heimdal importStefan Metzmacher1-8/+16
metze Autobuild-User: Stefan Metzmacher <metze@samba.org> Autobuild-Date: Wed Jul 20 12:12:38 CEST 2011 on sn-devel-104
2011-07-20s3-gse Work around the MIT 1.9 gss_krb5_import_credAndrew Bartlett1-6/+16
We detect this function at configure time, but it currently fails to operate the way we need - that is, when the principal is not specified, it gives this error. When the principal is specified we get 'wrong principal in request' in the GSS acceptor, so for now the best option is to fall back to the alternate approach. Andrew Bartlett Autobuild-User: Andrew Bartlett <abartlet@samba.org> Autobuild-Date: Wed Jul 20 06:35:05 CEST 2011 on sn-devel-104
2011-07-20s3-gse Allow printing the partial error stringAndrew Bartlett1-6/+6
We may not be able to obtain the full error string, so print what we can get. This is required when the error is the the GSSAPI layer, not the mechanism. Andrew Bartlett
2011-07-20s3-auth fix dummy function in the not-with-kerberos caseAndrew Bartlett1-1/+1
2011-07-20s3-auth Replace False with false in auth_util.cAndrew Bartlett1-10/+10
Autobuild-User: Andrew Bartlett <abartlet@samba.org> Autobuild-Date: Wed Jul 20 02:31:15 CEST 2011 on sn-devel-104
2011-07-20s3-auth Replace True with true in auth_util.cAndrew Bartlett1-12/+12
2011-07-20s3-auth Fix spellingAndrew Bartlett1-7/+7
2011-07-20s3-auth Remove pointless destructor in make_server_infoAndrew Bartlett1-10/+0
All the callers allocate ->info3 as a talloc child already. As regardes the TALLOC_ZERO(), I added this originally out of parinoia many years ago. We do not consistantly zero session keys in memory, and for NTLMv2 and Kerberos they are random for each sesssion, so breaking into smbd far enough to read an old session key isn't a particularly interesting attack, compared with (say) reading the keytab or the password database. (NTLM and LM session keys are fixed derivitives of the passwords however). Andrew Bartlett
2011-07-20s3-auth inline make_auth_session_info into only callerAndrew Bartlett3-25/+1
2011-07-20security.idl: Use gid_t for gid in security_unix_tokenAndrew Bartlett1-1/+1
2011-07-20s3-auth Remove seperate guest booleanAndrew Bartlett11-22/+31
Instead, we base our guest calculations on the presence or absense of the authenticated users group in the token, ensuring that we have only one canonical source of this important piece of authorization data Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
2011-07-20auth: Set NETLOGON_GUEST and use it to determine guest statusAndrew Bartlett2-1/+5
These additional measures should help ensure we do not accidentily upgrade a guest to an authenticated user in the future. Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
2011-07-20selftest: Add tests to verify that the named pipe proxy works.Andrew Bartlett1-0/+7
This verifies that for NTLM authenticated connections, named pipe forwarding works as expected, including the session keys. Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
2011-07-20selftest: Pass lsass and epmapper across the named pipe proxy to the AD serverAndrew Bartlett1-0/+2
Eventually we will have just one end point mapper, but for now we need to use the source4 one for the AD tests. Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
2011-07-20auth: remove now unused auth3_session_info from auth.idlAndrew Bartlett1-11/+1
Signed-off-by: Andrew Tridgell <tridge@samba.org>
2011-07-20auth: Move make_user_info_SamBaseInfo() to talloc_strdup and out of memory ↵Andrew Bartlett1-9/+31
checking Signed-off-by: Andrew Tridgell <tridge@samba.org>
2011-07-20auth: Split out make_user_info_SamBaseInfo and add authenticated argumentAndrew Bartlett7-45/+77
This will allow the source3 auth code to call this without needing to double-parse the SIDs Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
2011-07-20s3-rpc_server remove per-element copies of auth_session_infoAndrew Bartlett2-44/+4
This is not required any more now that they are the same structure, and shows the value in having a common structure across the codebase. In particular, now any additional state that needs to be added to the auth_session_info will be transparently available across the named pipe proxy, without a need to modify the mapping layer. Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
2011-07-20s3-auth Use the common auth_session_infoAndrew Bartlett42-228/+228
This patch finally has the same structure being used to describe the authorization data of a user across the whole codebase. This will allow of our session handling to be accomplished with common code. Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
2011-07-20s3-auth use auth_user_info not netr_SamInfo3 in auth3_session_infoAndrew Bartlett19-101/+84
This makes auth3_session_info identical to auth_session_info The logic to convert the info3 to a struct auth_user_info is essentially moved up the stack from the named pipe proxy in source3/rpc_server to create_local_token(). Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
2011-07-20s3-rpc_server read and write the unix_token and unix_info across named_pipe_authAndrew Bartlett2-27/+42
This ensures that the exact same token is used on both sides of the pipe, when a full token is passed (ie, source3 to source3, but not yet source4 to to source3 as the unix info isn't calculated there yet). If we do not have unix_token, we fall back to the old behaviour and go via create_local_token(). (However, in this case the security_token is now overwritten, as it is better to have it match the rest of the session_info create_local_token() builds). Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
2011-07-20s3-auth reimplement copy_session_info via NDR pull/pushAndrew Bartlett1-57/+23
This ensures we do not miss elements. Pattern copied from auth_netlogond. Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
2011-07-20auth: use char * pointers in auth.idlAndrew Bartlett1-10/+10
We need to use this, and not utf8string because we need to transport NULL pointers correctly. Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
2011-07-20s3-auth Remove pointless destructorAndrew Bartlett1-10/+0
All the users of this structure allocate info3 on the session_info Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>