summaryrefslogtreecommitdiff
path: root/source3
AgeCommit message (Collapse)AuthorFilesLines
2012-12-10s3:auth: fix create_token_from_sid() to not fail in the winbindd caseMichael Adam1-2/+10
Commit 1c3c5e2156d9096f60bd53a96b88c2f1001d898a which factored the sid-based variant out of create_token_from_username() broke the case of a user handled by winbindd in that the "found_username" was set to NULL which caused the function to fail with NT_STATUS_NO_MEMORY further down. This patch fixes the function so that the case of found_username == NULL is cleanly separated from the NO_MEMORY case and the caller can provide the username in this case, if required. This fixes bug #9457. Signed-off-by: Michael Adam <obnox@samba.org> Autobuild-User(master): Volker Lendecke <vl@samba.org> Autobuild-Date(master): Mon Dec 10 18:18:54 CET 2012 on sn-devel-104
2012-12-10s3:auth: fix header comment for user_sid_in_group_sid()Michael Adam1-2/+2
This function was created in 1c3c5e2156d9096f60bd53a96b88c2f1001d898a and the header comment contained copy'n'paste errors from the original function user_in_group_sid() that took the user name. Signed-off-by: Michael Adam <obnox@samba.org>
2012-12-09s3-auth: remove crypto from serverinfo_to_SamInfoX calls.Günther Deschner5-34/+30
All crypto is dealt with within the netlogon samlogon server now. Guenther Signed-off-by: Günther Deschner <gd@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
2012-12-09s3-rpc_server: Remove obsolete process_creds boolean in samlogon server.Günther Deschner1-24/+3
Guenther Signed-off-by: Günther Deschner <gd@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
2012-12-09s3-auth: session keys in validation level 6 samlogon replies are *not* ↵Günther Deschner1-8/+0
encrypted. Guenther Signed-off-by: Günther Deschner <gd@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
2012-12-09s3-rpc_server: support AES for interactive netlogon samlogon password ↵Günther Deschner3-37/+36
decryption. Still need to fix AES support for the returned validation info. Guenther Signed-off-by: Günther Deschner <gd@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
2012-12-09s3-rpc_server: we need to encrypt OWFs using DES in _netr_ServerGetTrustInfo().Günther Deschner1-2/+2
Sumit, please check. Guenther Signed-off-by: Günther Deschner <gd@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
2012-12-09s3-rpc_server: pass down netlogon cred state in _netr_ServerGetTrustInfo().Günther Deschner1-9/+5
Guenther Signed-off-by: Günther Deschner <gd@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
2012-12-09s3-rpc_client: use netlogon_creds_aes_encrypt in interactive netlogon samlogon.Günther Deschner1-1/+4
Guenther Signed-off-by: Günther Deschner <gd@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
2012-12-09s3-rpc_server: support AES decryption in netr_ServerPasswordSet2 server.Günther Deschner1-1/+6
Guenther Signed-off-by: Günther Deschner <gd@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
2012-12-09s3-rpc_client: support AES encryption in netr_ServerPasswordSet2 client.Günther Deschner1-2/+6
Guenther Signed-off-by: Günther Deschner <gd@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
2012-12-09s3-rpc_client: use netlogon_creds_arcfour_crypt() in init_netr_CryptPassword.Günther Deschner3-5/+5
Guenther Signed-off-by: Günther Deschner <gd@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
2012-12-07winbind: Make the code more readable in trustdom_list_done().Andreas Schneider1-15/+19
Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Jim McDonough <jmcd@samba.org> Autobuild-User(master): Jim McDonough <jmcd@samba.org> Autobuild-Date(master): Fri Dec 7 22:38:43 CET 2012 on sn-devel-104
2012-12-07s3: Fix clear_if_first for the async echo handlerVolker Lendecke1-1/+1
A worker smbd is as not long-lived as the main smbd, but as the async echo handler exits when the worker smbd does, passing "true" here is the right thing to do and fixes our clear_if_first handling when the async echo handler is active. Reviewed-by: Christian Ambach <ambi@samba.org> Autobuild-User(master): Christian Ambach <ambi@samba.org> Autobuild-Date(master): Fri Dec 7 11:29:36 CET 2012 on sn-devel-104
2012-12-06build: Install .po files for SWAT intl supportAndrew Bartlett1-0/+3
2012-12-06Clean up client timeout definitions [rev. 2]Scott Lovenberg4-8/+5
The definitions for default client timeout values have been moved to client.h. When initializing a client struct we use this value instead of the old hardcoded value. The timeout value remains 20 seconds. Signed-off-by: Scott Lovenberg <scott.lovenberg@gmail.com> Reviewed by: Jeremy Allison <jra@samba.org> Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Thu Dec 6 03:25:58 CET 2012 on sn-devel-104
2012-12-05s3:smbd: fix a cut and paste error in a debug messageMichael Adam1-2/+2
Signed-off-by: Michael Adam <obnox@samba.org> Reviewed by: Jeremy Allison <jra@samba.org>
2012-12-05s3:smbd: don't apply create/directory mask and modes in apply_default_perms()Michael Adam1-77/+11
The mask/mode parameters should only apply to a situation with only pure posix permissions. Once we are dealing with ACLs and inheritance, we need to do it correctly. This fixes bug #9462: Users can not be given write permissions any more by default Signed-off-by: Michael Adam <obnox@samba.org> Reviewed by: Jeremy Allison <jra@samba.org>
2012-12-06Fix bug #9460 - Samba 3.6.x and Master respond incorrectly to ↵Richard Sharpe1-1/+22
FILE_STREAM_INFO requests. Ensure we check the buffer size correctly. Reviewed by: Jeremy Allison <jra@samba.org> Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Thu Dec 6 01:31:08 CET 2012 on sn-devel-104
2012-12-04Remove unused append_parent_acl().Jeremy Allison2-204/+0
Get rid of a large chunk of unused code. Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: David Disseldorp <ddiss@samba.org> Autobuild-User(master): David Disseldorp <ddiss@samba.org> Autobuild-Date(master): Tue Dec 4 11:59:30 CET 2012 on sn-devel-104
2012-12-04s3:smbd:vfs_acl: fix a PANIC when setting an ACL fails with ACCESS_DENIEDMichael Adam1-0/+1
Omission to free the talloc frame causes a panic (at least in developer mode) in the next main event loop due to "Frame not freed in order." (Freed frame ../source3/smbd/process.c:3617, expected ../source3/modules/vfs_acl_common.c:534.) Signed-off-by: Michael Adam <obnox@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> Autobuild-User(master): Stefan Metzmacher <metze@samba.org> Autobuild-Date(master): Tue Dec 4 09:03:25 CET 2012 on sn-devel-104
2012-12-03s3:passdb: fix building pdb_ldap as shared moduleMichael Adam2-2/+3
Signed-off-by: Michael Adam <obnox@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org> Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org> Autobuild-Date(master): Mon Dec 3 19:12:29 CET 2012 on sn-devel-104
2012-12-03smbget: Use new samba_getpass() function.Andreas Schneider1-3/+2
Reviewed-by: Jelmer Vernooij <jelmer@samba.org>
2012-12-03util: Use new samba_getpass() function for passwd util.Andreas Schneider1-1/+8
Reviewed-by: Jelmer Vernooij <jelmer@samba.org>
2012-12-03ntlm_auth: Use new samba_getpass() function.Andreas Schneider1-1/+7
Reviewed-by: Jelmer Vernooij <jelmer@samba.org>
2012-12-03net: Use samba_getpass() function in net util.Andreas Schneider1-3/+7
Reviewed-by: Jelmer Vernooij <jelmer@samba.org>
2012-12-03net: Use new samba_getpass() function for 'net rpc'.Andreas Schneider1-1/+8
Reviewed-by: Jelmer Vernooij <jelmer@samba.org>
2012-12-03net: Use new samba_getpass() function for 'net ads'.Andreas Schneider1-1/+9
Reviewed-by: Jelmer Vernooij <jelmer@samba.org>
2012-12-03torture: Use new samba_getpass() in masktest.Andreas Schneider1-2/+5
Reviewed-by: Jelmer Vernooij <jelmer@samba.org>
2012-12-03torture: Use new samba_getpass() in smbtorture3.Andreas Schneider1-3/+6
Reviewed-by: Jelmer Vernooij <jelmer@samba.org>
2012-12-03torture: Use new samba_getpass() in locktest2.Andreas Schneider1-3/+6
Reviewed-by: Jelmer Vernooij <jelmer@samba.org>
2012-12-03util: Use new samba_getpass() function.Andreas Schneider1-4/+5
Reviewed-by: Jelmer Vernooij <jelmer@samba.org>
2012-12-03smbclient: Use new samba_getpass() function.Andreas Schneider1-3/+6
Reviewed-by: Jelmer Vernooij <jelmer@samba.org>
2012-12-03util: Add a UNIX platform independent samba_getpass().Andreas Schneider1-1/+1
Reviewed-by: Jelmer Vernooij <jelmer@samba.org>
2012-12-03s3:selftest: extend sids2xids test script to cope with "ID_TYPE_BOTH mappingsMichael Adam1-1/+1
Signed-off-by: Michael Adam <obnox@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> Autobuild-User(master): Michael Adam <obnox@samba.org> Autobuild-Date(master): Mon Dec 3 10:47:17 CET 2012 on sn-devel-104
2012-12-03s3:passdb: don't look into group mappings in legacy_sid_to_unixid()Michael Adam1-28/+1
The backends (tdbsam and ldapsam) do this. Signed-off-by: Michael Adam <obnox@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
2012-12-03s3:passdb:pdb_ldap: treat "Unix User" and "Unix Group" in sid_to_id()Michael Adam1-0/+5
Signed-off-by: Michael Adam <obnox@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
2012-12-03s3:passdb:pdb_ldap: pre-validate sid with sid_check_object_is_for_passdb()Michael Adam1-3/+3
instead of sid_check_sid_is_in_our_sam). This allows for builtin sids, wellknown sids and "Unix User" and "Unix Group" domains. This broadens up the check moved here in commit 02e25b2a43ae02205a3412f862a1482d24b70aa4. Signed-off-by: Michael Adam <obnox@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
2012-12-03s3:passdb: add sid_check_object_is_for_passdb()Michael Adam3-0/+35
Variant of sid_check_is_for_passdb() that only checks for objects in the various domains, not for the domain sids themselves. Signed-off-by: Michael Adam <obnox@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
2012-12-03s3:passdb: factor pdb_sid_to_id_unix_users_and_groups() out of ↵Michael Adam2-16/+35
pdb_default_sid_to_id() The special treatment of the "Unix User" and "Unix Group" pseudo domains can be reused. Signed-off-by: Michael Adam <obnox@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
2012-12-03s3:passdb: don't bail out in pdb_default_sid_to_id() if sid is not in our samMichael Adam1-5/+0
This code treats the own sam, builtin, wellknown, and sids from the "Unix User" and "Unix Group" pseudo-domains. This reverts part of commit 02e25b2a43ae02205a3412f862a1482d24b70aa4. Signed-off-by: Michael Adam <obnox@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
2012-12-03s3:winbindd: use the new sid_check_is_for_passdb() in ↵Michael Adam1-6/+2
idmap_find_domain_with_sid() This is more correct than the original one: It also hands the wellknown and "Unix Users" and "Unix Groups" sids to passdb for id mapping. Signed-off-by: Michael Adam <obnox@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
2012-12-03build the new sid_check_is_for_passdb() function into passdbMichael Adam3-0/+3
Signed-off-by: Michael Adam <obnox@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
2012-12-03s3:lib: add utility function sid_check_is_for_passdb()Michael Adam2-0/+102
This function checks whether the given sid should be treated by passdb (e.g. for id mapping). Signed-off-by: Michael Adam <obnox@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
2012-12-03s3:winbindd: remove unused function idmap_backends_sid_to_unixid()Michael Adam2-43/+0
Signed-off-by: Michael Adam <obnox@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
2012-12-03s3:test:wbinfo_sids2xids: test the results with singular calls with filled ↵Michael Adam2-11/+29
and with empty cache Signed-off-by: Michael Adam <obnox@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
2012-12-03s3:test: fix intialization of WBINFO in test_wbinfo_sids2xids.shMichael Adam1-1/+1
Signed-off-by: Michael Adam <obnox@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
2012-12-03s3:idmap_autorid: force mapping type to ID_TYPE_BOTH for sid->unixid mappingMichael Adam1-0/+3
This is to remove problems with the same unix-id being used both as a uid and a gid. The autorid backend will map a given number to the same SID, no matter whether this is a uid or a gid. This will prime the idmap cache with mappings. The sid-to-u/gid mapping, when not going through the cache, instead checks for the type of the sid and only allows unix ids of the corresponding type. Hence the rid backend will give different results, depending on whether the cache is filled or not. This patch lets the autorid backend always create sid->id mappings of type both. Signed-off-by: Michael Adam <obnox@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
2012-12-03s3:idmap_rid: force mapping type to ID_TYPE_BOTH for sid->unixid mappingMichael Adam1-0/+2
This is to remove problems with the same unix-id being used both as a uid and a gid. The rid backend will map a given number to the same SID, no matter whether this is a uid or a gid. This will prime the idmap cache with mappings. The sid-to-u/gid mapping, when not going through the cache, instead checks for the type of the sid and only allows unix ids of the corresponding type. Hence the rid backend will give different results, depending on whether the cache is filled or not. This patch lets the rid backend always create sid->id mappings of type both. Signed-off-by: Michael Adam <obnox@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
2012-12-03s3:winbindd: remove unused idmap_sid_to_gid()Michael Adam2-75/+0
Signed-off-by: Michael Adam <obnox@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>