summaryrefslogtreecommitdiff
AgeCommit message (Collapse)AuthorFilesLines
2013-08-10auth/gensec: treat struct gensec_security_ops as const if possible.Stefan Metzmacher8-66/+75
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-08-10auth/gensec: use 'const char * const *' for function parametersStefan Metzmacher3-3/+3
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-08-10auth/gensec: make it possible to implement async backendsStefan Metzmacher2-49/+160
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-08-10auth/gensec: avoid talloc_reference in gensec_security_mechs()Stefan Metzmacher1-18/+9
We now always copy. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-08-10auth/gensec: avoid talloc_reference in gensec_use_kerberos_mechs()Stefan Metzmacher1-18/+20
We now always copy. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-08-10auth/gensec: introduce gensec_internal.hStefan Metzmacher24-96/+153
We should treat most gensec related structures private. It's a long way, but this is a start. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-08-10libcli/auth/schannel: remove unused schannel_positionStefan Metzmacher1-7/+0
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-08-10libcli/auth/schannel: make struct schannel_state privateStefan Metzmacher2-13/+12
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-08-10s4:gensec/schannel: only require librpc/gen_ndr/dcerpc.hStefan Metzmacher1-1/+1
We just need DCERPC_AUTH_TYPE_SCHANNEL Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-08-10s4:gensec/schannel: there's no point in having schannel_session_key()Stefan Metzmacher1-8/+0
gensec_session_key() will return NT_STATUS_NO_USER_SESSION_KEY before calling schannel_session_key(), as we don't provide GENSEC_FEATURE_SESSION_KEY. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-08-10s4:gensec/schannel: GENSEC_FEATURE_ASYNC_REPLIES is not supportedStefan Metzmacher1-3/+0
There's a sequence number attached to the connection, which needs to be incremented with each message... Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-08-10s4:gensec/schannel: use the correct computer_name from ↵Stefan Metzmacher1-3/+3
netlogon_creds_CredentialState We need to use the same computer_name we used in the netr_Authenticate3 request. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-08-10s4:gensec/schannel: simplify the code by using netsec_create_state()Stefan Metzmacher1-68/+30
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-08-10s4:gensec/schannel: remove unused dcerpc_schannel_creds()Stefan Metzmacher2-49/+0
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-08-10s4:torture: avoid usage of dcerpc_schannel_creds()Stefan Metzmacher4-17/+11
We use cli_credentials_get_netlogon_creds() which returns the same value. dcerpc_schannel_creds() is a layer violation. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-08-10s4:libnet: avoid usage of dcerpc_schannel_creds()Stefan Metzmacher1-4/+3
We use cli_credentials_get_netlogon_creds() which returns the same value. dcerpc_schannel_creds() is a layer violation. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-08-10s3:dcerpc_helpers: remove unused DEBUG message of schannel_state->seq_num.Stefan Metzmacher1-3/+0
This is a layer violation and not needed anymore as we know how the seqnum handling works now. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-08-10s3:rpc_server: make use of netsec_create_state()Stefan Metzmacher1-8/+4
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-08-10s3:cli_pipe.c: return NO_USER_SESSION_KEY in cli_get_session_key() for schannelStefan Metzmacher1-7/+0
SCHANNEL connections don't have a user session key, they're like anonymous connections. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-08-10s3:cli_pipe: pass down creds->computer_name to NL_AUTH_MESSAGEStefan Metzmacher1-7/+6
We need to use the same computer_name value as in the netr_Authenticate3() request. We abuse cli->auth->user_name to pass the value down. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-08-10s3:cli_pipe: make use of netsec_create_state()Stefan Metzmacher1-8/+1
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-08-10libcli/auth: add netsec_create_state()Stefan Metzmacher2-0/+26
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-08-10libcli/auth: maintain the sequence number for the NETLOGON SSP as 64bitStefan Metzmacher3-7/+16
See [MS-NPRC] 3.3.4.2 The Netlogon Signature Token. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-08-10auth/gensec: add gensec_security_by_auth_type()Stefan Metzmacher2-0/+29
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-08-10auth/gensec: first check GENSEC_FEATURE_SESSION_KEY before returning ↵Stefan Metzmacher1-3/+4
NOT_IMPLEMENTED Preferr NT_STATUS_NO_USER_SESSION_KEY as return value of gensec_session_key(). Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-08-10s3:rpc_client: remove unused cli_rpc_pipe_open_ntlmssp_auth_schannel()Stefan Metzmacher2-89/+0
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-08-10s3:rpc_client: remove netr_LogonGetCapabilities check from rpc_pipe_bind*Stefan Metzmacher1-149/+1
It's done in the caller now. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-08-10s3:rpc_client: add netr_LogonGetCapabilities to ↵Stefan Metzmacher1-0/+101
cli_rpc_pipe_open_schannel_with_key() Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-08-10s3:rpc_client: use netlogon_creds_copy before rpc_pipe_bindStefan Metzmacher1-12/+12
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-08-10s3:rpc_client: fix/add AES downgrade detection to rpc_pipe_bind_step_two_done()Stefan Metzmacher1-12/+7
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-08-10s3:rpcclient: try to use NETLOGON_NEG_SUPPORTS_AESStefan Metzmacher2-2/+4
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-08-10s3:rpc_client: try to use NETLOGON_NEG_SUPPORTS_AESStefan Metzmacher2-3/+6
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-08-10s3:libnet_join: try to use NETLOGON_NEG_SUPPORTS_AESStefan Metzmacher1-1/+2
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-08-10s3:auth_domain: try to use NETLOGON_NEG_SUPPORTS_AESStefan Metzmacher1-1/+2
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-08-10s3:libsmb: remove unused cli_state->is_guestloginStefan Metzmacher2-6/+0
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-08-09torture: add smb2 FSCTL_[GET/SET]_COMPRESSION testDavid Disseldorp1-0/+84
This test simply creates a file and checks the compression state before and after FSCTL_SET_COMPRESSION(COMPRESSION_FORMAT_DEFAULT). The test expects the compression state to be COMPRESSION_FORMAT_LZNT1 after set, conforming to Windows Server behaviour. If the server responds to the first FSCTL_GET_COMPRESSION request with NT_STATUS_NOT_SUPPORTED or NT_STATUS_INVALID_DEVICE_REQUEST, then the test is skipped. This allows it to run during selftest. Signed-off-by: David Disseldorp <ddiss@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Fri Aug 9 22:03:39 CEST 2013 on sn-devel-104
2013-08-09lib: add FSCTL_[GET/SET]_COMPRESSION constantsDavid Disseldorp2-0/+14
Values taken from MS-FSCC. Signed-off-by: David Disseldorp <ddiss@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
2013-08-09torture: split out ioctl test file creation helperDavid Disseldorp1-56/+43
Signed-off-by: David Disseldorp <ddiss@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
2013-08-09VFS plugin was sending the actual size of the volume instead of the total ↵Susant Kumar Palai1-7/+4
number of block units because of which windows was getting the wrong volume capacity. Signed-off-by: Susant Kumar Palai <spalai@redhat.com> Reviewed-by: Jeremy Allison <jra@samba.org> Reviewed-by: Christopher R. Hertel <crh@samba.org>
2013-08-09doc: Fix prefix parameter name in vfs_full_audit man pageChristof Schmitt1-1/+1
Commit 2314f47 fixed two other instances, but forgot to change the last one. Signed-off-by: Christof Schmitt <christof.schmitt@us.ibm.com> Reviewed-by: David Disseldorp <ddiss@samba.org> Autobuild-User(master): David Disseldorp <ddiss@samba.org> Autobuild-Date(master): Fri Aug 9 16:53:28 CEST 2013 on sn-devel-104
2013-08-09docs: Add basic man page for vfs_syncops.Karolin Seeger1-0/+99
Fix bug #7364 - man vfs_syncops missing. Signed-off-by: Karolin Seeger <kseeger@samba.org> Reviewed-by: David Disseldorp <ddiss@samba.org> Autobuild-User(master): David Disseldorp <ddiss@samba.org> Autobuild-Date(master): Fri Aug 9 13:19:12 CEST 2013 on sn-devel-104
2013-08-07drs-cracknames: Add some debugs in the torture to know better which test has ↵Matthieu Patou1-0/+4
failed Signed-off-by: Matthieu Patou <mat@matws.net> Reviewed-By: Andrew Bartlett <abarlett@samba.org> Autobuild-User(master): Matthieu Patou <mat@samba.org> Autobuild-Date(master): Wed Aug 7 08:10:58 CEST 2013 on sn-devel-104
2013-08-06Remove the knownfail flag on cracknames as it didn't fail anymoreMatthieu Patou1-2/+0
Signed-off-by: Matthieu Patou <mat@matws.net> Reviewed-by: Andrew Bartlett <abarlett@samba.org>
2013-08-06drs-cracksname: fix problems that prevented to pass our torture testsMatthieu Patou1-6/+21
Some of the problems where also reported by Microsoft testing tools Signed-off-by: Matthieu Patou <mat@matws.net> Reviewed-by: Andrew Bartlett <abarlett@samba.org>
2013-08-06drs-crackname: Fix error code so that we have the same as windowsMatthieu Patou1-0/+1
Signed-off-by: Matthieu Patou <mat@matws.net> Reviewed-by: Andrew Bartlett <abarlett@samba.org>
2013-08-06drs-cracknames: When cracking NT4 names we should just look at netbios for ↵Matthieu Patou1-2/+1
the match Looking at dnsRoot will yield a result for domain.tld\username when it shouldn't work. Signed-off-by: Matthieu Patou <mat@matws.net> Reviewed-by: Andrew Bartlett <abarlett@samba.org>
2013-08-06drs-crackname: Fix cracknames for the format UNKNOWN when the data is ↵Matthieu Patou1-1/+4
actually a GUID The cannonical crackname expect a "/" or it returns DRSUAPI_DS_NAME_STATUS_RESOLVE_ERROR, when doing UNKNOWN format it's not an error to not have a "/" in the name to crack it's just a sign the name is not a cannonical one. Signed-off-by: Matthieu Patou <mat@matws.net> Reviewed-by: Andrew Bartlett <abarlett@samba.org>
2013-08-06drs-cracknames: Reorganise the cracknames list so that similar format names ↵Matthieu Patou1-6/+6
are group together It makes easier when reviewing failed test case in DRSR testsuite Signed-off-by: Matthieu Patou <mat@matws.net> Reviewed-by: Andrew Bartlett <abarlett@samba.org>
2013-08-06Add Notes related to DRSUAPIMatthieu Patou1-0/+1
Signed-off-by: Matthieu Patou <mat@matws.net> Reviewed-by: Andrew Bartlett <abarlett@samba.org>
2013-08-06s4-netlogon: honnor DS_RETURN_DNS_NAME flagMatthieu Patou1-0/+9
Reviewed-By: Andrew Bartlett <abarlett@samba.org>