summaryrefslogtreecommitdiff
path: root/libcli
AgeCommit message (Collapse)AuthorFilesLines
2010-10-12libcli/security Move most of security_token.c to common code.Andrew Bartlett3-1/+203
The source4-specific session_info functions have been left in session.c Andrew Bartlett
2010-10-11libsecurity-common: Add missing dependency on libndr.Jelmer Vernooij1-1/+1
2010-10-11libcli-auth: Remove unnecessary dependency on libsamba-hostconfig.Jelmer Vernooij1-2/+2
2010-10-08Add some const. Needed for my SD work.Jeremy Allison2-14/+14
Jeremy
2010-10-04libcli/ldap: ldap_full_packet() requires at least 6 bytesStefan Metzmacher1-0/+7
metze
2010-10-01samba: share readline wrappers among all buildsystems.Günther Deschner5-0/+346
Guenther
2010-09-27libcli/ldap: correctly marshall LDAP Unbind PDUsStefan Metzmacher1-0/+2
metze
2010-09-26libcli/ldap: let ldap_full_packet() use asn1_peek_tag_needed_size()Stefan Metzmacher1-1/+1
This allows us to read a full packet without read byte after byte or possible read to much. metze
2010-09-26libcli/util: let tstream_read_pdu_blob_* cope with variable length headersStefan Metzmacher1-5/+13
metze
2010-09-23libcli: fix compile warningSimo Sorce1-0/+2
Signed-off-by: Günther Deschner <gd@samba.org>
2010-09-22s4:libcli:smb2 Rename pending_id to async_id and make 64-bitSteven Danneman1-1/+4
Match MS-SMB2 - 2.2.1.1 SMB2 Packet Header - ASYNC
2010-09-20libcli/ldap Add const to ldap_encode_ndr_dom_sid()Andrew Bartlett2-2/+2
Signed-off-by: Günther Deschner <gd@samba.org>
2010-09-20libcli: add dom_sid_compare_domain()Günther Deschner2-0/+20
Guenther
2010-09-18werror: Add W_ERROR_HAVE_NO_MEMORY_AND_FREE() macroKamen Mazdrashki1-0/+7
2010-09-16libcli/auth/ntlmssp Be clear about talloc parents for session keysAndrew Bartlett2-9/+7
The previous API was not clear as to who owned the returned session key. This fixes a valgrind-found use-after-free in the NTLMSSP key derivation code, and avoids making allocations - we steal and zero instead. Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-15cldap: prevent crashes when freeing cldap socketAndrew Tridgell1-6/+15
As a callback may destroy the cldap socket we need to ensure we don't reference the cldap structure after the callback Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-09-15cldap: use ipv4 not up for unbound cldap socketsAndrew Tridgell1-1/+5
If we use "ip" we end up with a PF_INET6 socket which breaks sendto() for v4 addresses.
2010-09-15s4-auth: set the RODC bit for RODC schannelAndrew Tridgell1-0/+1
When we are using SEC_CHAN_RODC we need to set the NETLOGON_NEG_RODC_PASSTHROUGH bit in the negotiated flags in ServerAuthenticate2 Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-09-14Fix string_to_sid() to allow non '\0' termination of the string - allowsJeremy Allison1-11/+6
string_to_sid() to be used in formatted strings like FOO/S-1-5-XXXX-YYYY/BAR. Jeremy.
2010-09-14libcli/security Use sid_append_rid() in dom_sid_append_rid()Andrew Bartlett1-5/+5
This ensures that the maximum number of sub-authorities is respected, otherwise we may run off the end of the array. Andrew Bartlett
2010-09-14libcli/security Merge source3/ string_to_sid() to common codeAndrew Bartlett1-37/+92
The source3 code repsects the limit of a maximum of 15 subauths, while the source4 code does not, creating a security issue as we parse string-form SIDs from clients. Andrew Bartlett
2010-09-13ntlm_check: Fix some nonempty blank linesVolker Lendecke1-21/+21
2010-09-11libcli/auth/schannel_state_tdb.c - fix includesMatthias Dieter Wallnöfer1-3/+1
Otherwise we get a "declared inside parameter list" warning.
2010-09-11libcli/privileges Fix commentAndrew Bartlett1-1/+1
2010-09-11s4-privs Seperate rights and privilegesAndrew Bartlett2-14/+60
These are related, but slightly different concepts. The biggest difference is that rights are not enumerated as a system-wide list. This moves the rights to security.idl due to dependencies. Andrew Bartlett
2010-09-11libcli/security Remove unused SE_NONE defineAndrew Bartlett1-1/+0
Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-11libcli/security Move 'private' privileges functions to another headerAndrew Bartlett3-24/+42
These functions work on the bitmap, and are only exposed because the source3/ privileges storage uses the bitmap in account_policy.tdb Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-11libcli/security Remove 'always true' return from se_priv_put_all_privilegesAndrew Bartlett2-3/+2
Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-11libcli/auth Failure to find the cached session key for SCHANNEL isn't level 0Andrew Bartlett1-1/+1
This happens all the time, particularly now that we don't keep the db around after a reboot. Don't scare the admins with the level 0. Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-11privileges: privilege luids are not all below 64Andrew Tridgell1-3/+0
the ones brought across from s3 have higher values Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-09-11libcli/security Make sec_privilege_from_index() return SEC_PRIV_INVALID on ↵Andrew Bartlett1-1/+1
failure This is clearer and more consistent than using a magic -1 return Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-11libcli/security Remove unused declarations from privileges.hAndrew Bartlett1-51/+1
Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-11libcli/security Expose sec_privilege_mask()Andrew Bartlett2-1/+6
Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-11libcli/security make sec_privilege_id() return SEC_PRIV_INVALID on failure.Andrew Bartlett1-1/+1
Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-11libcli/security Remove unused functions and constants.Andrew Bartlett2-242/+14
All the callers to these functions have been removed or reworked. Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-11libcli/security Rename all privilege bitmaps constantsAndrew Bartlett1-28/+28
The idea here to to make it very clear how they differ from the enumerated LUID values. Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-11libcli/security Remove luid_to_se_priv() and luid_to_privilege_name()Andrew Bartlett1-43/+4
These functions duplicate other functions in the merged code. Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-11libcli/security Improve dump of privileges: Just walk the tableAndrew Bartlett1-5/+4
This removes some logic recently added that was just too smart - it is easier to just walk the table and do a bit match here. Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-11s3-privs Remove pointer indirection from se_priv_to_privilege_set()Andrew Bartlett2-3/+3
Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-11libcli/security Don't export privs[] as a global variableAndrew Bartlett2-41/+27
Instead, provide access functions for the LSA and net sam callers for the information they need. They still only enumerate the first 8 privileges that have traditionally been exposed. Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-11libcli/security Merge privilege lists from source3 and source4Andrew Bartlett1-169/+126
The LSA enumeration in source3 will not show the new privileges, but otherwise, they are now in common, and can be set by name. Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-11libcli/security Return number of entries in the old source3 listAndrew Bartlett1-3/+4
This ensures there isn't a behaviour change when the source3 list is combined with the longer source4 list. Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-11libcli/privileges Simplify get_privilege_luid() to return just the enumAndrew Bartlett2-9/+4
As Samba only deals with the lower 32 bits of the LUID, just return those and let the LSA layer deal with the upper 0 bits. Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-11libcli/security Don't memcpy a uint64_t value, just assign it.Andrew Bartlett1-1/+1
Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-11libcli/security Use ARRAY_SIZE() consistantly.Andrew Bartlett1-15/+16
This avoids the use of SE_END, and has all callers walking the array using the same termination condition. Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-11libcli/security Fix and clarify privilege manipulation function commentsAndrew Bartlett1-9/+9
Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-11libcli/security Make the two privileges tables share a common struct definitionAndrew Bartlett2-27/+22
Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-11libcli/security Move source4/ privileges code into the common libcli/securityAndrew Bartlett3-4/+331
Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-11s3-privs Move manual prototypes to common privileges.hAndrew Bartlett1-0/+88
Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-11s3-privs Inline dump_se_priv into callers now that it's just a uint64_tAndrew Bartlett1-9/+0
The previous 128 bit structure needed this helper function. Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>