Age | Commit message (Collapse) | Author | Files | Lines | |
---|---|---|---|---|---|
2010-03-03 | libcli/security: fix sddl.c to be able to build it from source3 | Michael Adam | 1 | -1/+1 | |
2010-03-03 | s4:move the sddl code down to the top level | Michael Adam | 3 | -1/+659 | |
Michael | |||||
2010-02-26 | libcli/auth: print the error in the debug message | Stefan Metzmacher | 1 | -1/+2 | |
metze | |||||
2010-02-23 | s4:cleanup remove unused schannel ldb code | Simo Sorce | 2 | -339/+0 | |
2010-02-23 | s4:schannel merge code with s3 | Simo Sorce | 1 | -2/+2 | |
After looking at the s4 side of the (s)channel :) I found out that it makes more sense to simply make it use the tdb based code than redo the same changes done to s3 to simplify the interface. Ldb is slow, to the point it needs haks to pre-open the db to speed it up, yet that does not solve the lookup speed, with ldb it is always going to be slower. Looking through the history it is evident that the schannel database doesn't really need greate expanadability. And lookups are always done with a single Key. This seem a perfet fit for tdb while ldb looks unnecessarily complicated. The schannel database is not really a persistent one. It can be discared during an upgrade without causing any real issue. all it contains is temproary session data. | |||||
2010-02-23 | schannel_tdb: make code compilable in both trees | Simo Sorce | 2 | -51/+98 | |
2010-02-23 | s3:schannel streamline interface | Simo Sorce | 2 | -42/+181 | |
Make calling schannel much easier by removing the need to explicitly open the database. Let the abstraction do it instead. | |||||
2010-02-23 | s3:schannel fix memory hierarchy | Simo Sorce | 1 | -1/+1 | |
passing mem_ctx was causing creds->sid to be allocated on mem_ctx and not be child of creds as expected. When later in schannel_check_creds_state() we stole the creds on a different memory context the sid was left behind and the memory it points to freed when the temporary context was freed. | |||||
2010-02-23 | schannel: merge header files | Simo Sorce | 2 | -48/+34 | |
One almost empty header file was simply including another not included by anything else. Just merge them together. | |||||
2010-02-23 | s4:schannel more readable check logic | Simo Sorce | 2 | -12/+0 | |
Make the initial schannel check logic more understandable. Make it easy to define different policies depending on the caller's security requirements (Integrity/Privacy/Both/None) This is the same change applied to s3 | |||||
2010-02-23 | s3:schannel more readable check logic | Simo Sorce | 2 | -17/+0 | |
Make the initial schannel check logic more understandable. Make it easy to define different policies depending on ther caller's security requirements (Integrity/Privacy/Both/None) | |||||
2010-02-23 | tstream: Added a typedef for the function prototype. | Andreas Schneider | 2 | -9/+19 | |
2010-02-14 | lib: use TYPESAFE_QSORT() in lib/ and libcli/ | Andrew Tridgell | 1 | -5/+4 | |
2010-02-08 | nbt: don't reference the event_ctx in nbtsock | Andrew Tridgell | 1 | -1/+1 | |
This causes talloc_free with references errors | |||||
2010-02-02 | Change uint_t to unsigned int in libcli | Matt Kraai | 5 | -5/+5 | |
Signed-off-by: Stefan Metzmacher <metze@samba.org> | |||||
2010-02-01 | libcli/nbt: fix ndr_push_nbt_string() string labels with a length of 63 ↵ | Stefan Metzmacher | 1 | -2/+2 | |
(0x3F) are allowed metze | |||||
2010-01-29 | s4:libcli/util/tstream.c - Need to include "system/network.h" | Matthias Dieter Wallnöfer | 1 | -0/+1 | |
Otherwise I don't get "struct iovec" through "<sys/uio.h>" on CentOS 4. | |||||
2010-01-29 | libcli/nbt: fix off-by-one bug in ndr_pull_wrepl_nbt_name() | Stefan Metzmacher | 1 | -2/+2 | |
The scope starts at byte 17 with index 16. metze | |||||
2010-01-29 | libcli/nbt: fix ndr_pull/push_wrepl_nbt_name() | Stefan Metzmacher | 1 | -0/+25 | |
[MS-WINSRA] — v20091104 was wrong regarding section "2.2.10.1 Name Record" If the name buffer is already 4 byte aligned Windows (at least 2003 SP1 and 2008) add 4 extra bytes. This can happen when the name has a scope. metze | |||||
2010-01-25 | Revert "libcli/security: Remove a call to strncasecmp" | Volker Lendecke | 1 | -1/+5 | |
This reverts commit 7c687665eaf16b0c6f83c130f6d9e5459e0b2a32. | |||||
2010-01-25 | Revert "libcli/security: Convert some strtol calls to strtoul" | Volker Lendecke | 1 | -2/+2 | |
This reverts commit 7fe66e06c4df575c410d4d70ff38f120c2f4363b. | |||||
2010-01-25 | Revert "libcli/security: Fix a valgrind error in dom_sid_parse" | Volker Lendecke | 1 | -4/+0 | |
This reverts commit f1c889a4e61d6d751cbabd8014b4345b8051b97c. | |||||
2010-01-25 | Revert "libcli/security: Prohibit SID formats like S-1-5-32-+545" | Volker Lendecke | 1 | -13/+0 | |
This reverts commit 1fbeae41655b8305834f2149b1268077eba8633d. Apparently this breaks the build of Samba4 | |||||
2010-01-23 | libcli/security: Prohibit SID formats like S-1-5-32-+545 | Volker Lendecke | 1 | -0/+13 | |
2010-01-23 | libcli/security: Fix a valgrind error in dom_sid_parse | Volker Lendecke | 1 | -0/+4 | |
2010-01-23 | libcli/security: Convert some strtol calls to strtoul | Volker Lendecke | 1 | -2/+2 | |
This tightens the dom_sid_parse syntax check a bit: "--" would have been allowed in sid string | |||||
2010-01-23 | libcli/security: Remove a call to strncasecmp | Volker Lendecke | 1 | -5/+1 | |
2010-01-08 | libcli/util: add tstream_read_pdu_blob_send/recv | Stefan Metzmacher | 2 | -0/+246 | |
This will take the some full_request callback function as the Samba4 packet code. metze | |||||
2010-01-07 | Simplify E_md5hash a bit | Volker Lendecke | 1 | -6/+2 | |
2009-12-22 | libcli/auth Make gd's NDR NTLMSSP parsers helpers common | Andrew Bartlett | 2 | -0/+189 | |
(but not built in Samba4 for now) | |||||
2009-12-16 | ldap: give a debug error when we don't know a control | Andrew Tridgell | 1 | -0/+2 | |
This interface should really have a proper error interface, but at least a DEBUG() gives the user a chance of finding the error Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org> | |||||
2009-12-10 | libcli: use GUID_to_ndr_blob() | Andrew Tridgell | 1 | -4/+3 | |
2009-11-25 | libcli: allow ntstatus.h to be used by openchange | Andrew Tridgell | 1 | -0/+8 | |
apparently ntstatus.h is used by openchange, but they don't include replace.h. This makes that possible again. | |||||
2009-11-04 | libcli/nbt Move more of lmhosts lookup into common code | Andrew Bartlett | 2 | -0/+85 | |
This aims to eventually share this with Samba4. Andrew Bartlett | |||||
2009-10-24 | libcli/auth: initialize creds in netlogon_creds_client_init_session_key() | Stefan Metzmacher | 1 | -2/+3 | |
metze | |||||
2009-10-24 | libcli/auth: fix memory leak in schannel_creds_server_step_check_ldb() | Stefan Metzmacher | 1 | -24/+37 | |
metze | |||||
2009-10-24 | libcli/auth: don't leak the ldb_msg in schannel_store_session_key_ldb() | Stefan Metzmacher | 1 | -1/+1 | |
metze | |||||
2009-10-23 | s4-python: we need to include Python.h first | Andrew Tridgell | 1 | -1/+1 | |
If we don't include Python.h first then we get a pile of warnings due to broken redefines of XOPEN_SOURCE in the Python includes. | |||||
2009-10-17 | added NT_STATUS_NOT_OK_RETURN_AND_FREE() | Andrew Tridgell | 1 | -0/+7 | |
Try to make it a bit easier to avoid leaks in common code | |||||
2009-10-04 | s3/s4 common: fix up header file | Matthias Dieter Wallnöfer | 1 | -2/+1 | |
2009-09-30 | w32err: Importing auto-generated Win32 errors and descriptions | Kamen Mazdrashki | 2 | -1/+7222 | |
Error codes and their descriptions are generated using w32err_code.py script. Error are downloaded from MS site: http://msdn.microsoft.com/en-us/library/cc231199%28PROT.10%29.aspx Signed-off-by: Anatoliy Atanasov <anatoliy.atanasov@postpath.com> | |||||
2009-09-30 | w32err: WERR_GROUP_NOT_FOUND renamed to WERR_GROUPNOTFOUND | Kamen Mazdrashki | 2 | -2/+2 | |
In Win 32 we have NERR_GroupNotFound which maps to WERR_GROUP_NOT_FOUND currently and we have ERROR_GROUP_NOT_FOUND which maps to nothing, so it is to be added Signed-off-by: Anatoliy Atanasov <anatoliy.atanasov@postpath.com> | |||||
2009-09-30 | w32err: WERR_USER_EXISTS replace with WERR_USEREXISTS name | Kamen Mazdrashki | 2 | -3/+3 | |
In Win32 we have NERR_UserExists which maps to WERR_USER_EXISTS currently and there is ERROR_USER_EXISTS which maps to WERR_USER_ALREADY_EXISTS Signed-off-by: Anatoliy Atanasov <anatoliy.atanasov@postpath.com> | |||||
2009-09-30 | w32err: WERR_DC_NOT_FOUND replaced with WERR_DCNOTFOUND | Kamen Mazdrashki | 2 | -3/+3 | |
It turns out in win32 ERROR_DC_NOT_FOUND exists and it is an error for Device Context (DC), not Domain Controller Signed-off-by: Anatoliy Atanasov <anatoliy.atanasov@postpath.com> | |||||
2009-09-30 | w32err: FRS_ group of errors replaced with numeric values | Kamen Mazdrashki | 1 | -3/+3 | |
Signed-off-by: Anatoliy Atanasov <anatoliy.atanasov@postpath.com> | |||||
2009-09-30 | w32err: WERR_DOMAIN_CONTROLLER_NOT_FOUND error value fixed | Kamen Mazdrashki | 1 | -1/+1 | |
Signed-off-by: Anatoliy Atanasov <anatoliy.atanasov@postpath.com> | |||||
2009-09-20 | Initial implementation of security descriptor creation in DS | Nadezhda Ivanova | 2 | -0/+54 | |
TODO's: ACE sorting and clarifying the inheritance of object specific ace's. | |||||
2009-09-19 | libcli:nbt move prototypes of lmhosts functions to libnbt.h | Andrew Bartlett | 1 | -1/+6 | |
2009-09-18 | libcli/named_pipe_auth: pass gssapi delegated credentials through the named pipe | Stefan Metzmacher | 2 | -22/+32 | |
metze | |||||
2009-09-17 | util: use likely/unlikely for NT_STATUS_* macros | Andrew Tridgell | 1 | -3/+3 | |