summaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* samba-tool: updated test suite to reflect the move from domainlevel to ↵Giampaolo Lauria2011-07-211-1/+1
| | | | | | | | domain level The test suite needs to reflect the change from domailevel to "domain level" to fit the object-action model Signed-off-by: Andrew Tridgell <tridge@samba.org>
* samba-tool: removed domainlevel as it has been moved to domain levelGiampaolo Lauria2011-07-212-249/+0
| | | | | | The functionality of domainlevel has been moved the "domain level" to fit the object-action model Signed-off-by: Andrew Tridgell <tridge@samba.org>
* samba-tool: moved domainlevel to domain levelGiampaolo Lauria2011-07-211-0/+201
| | | | | | This is part of the samba-tool work to fit the object-action model Signed-off-by: Andrew Tridgell <tridge@samba.org>
* samba-tool: removed machinepw as it has been moved to domain machinepasswordGiampaolo Lauria2011-07-212-58/+0
| | | | | | The functionality of machinepwd has been moved to "domain machinepassword" to fit the object-action model Signed-off-by: Andrew Tridgell <tridge@samba.org>
* samba-tool: moved machinepw to domain machinepasswordGiampaolo Lauria2011-07-211-1/+37
| | | | | | This is part of the samba-tool work to fit the object-action model Signed-off-by: Andrew Tridgell <tridge@samba.org>
* samba-tool: update test suite for the new domain objectGiampaolo Lauria2011-07-213-9/+9
| | | | | | Changed test suite to reflect the changes from setpassword to "domain setpassword" to fit the object-action model Signed-off-by: Andrew Tridgell <tridge@samba.org>
* samba-tool: removed pwsettingsGiampaolo Lauria2011-07-211-197/+0
| | | | | | pwsettings functionality has been moved to user passwordsettings to fit the object-action model Signed-off-by: Andrew Tridgell <tridge@samba.org>
* samba-tool: created domain object, moved pwsettings to user passwordsettingsGiampaolo Lauria2011-07-212-2/+214
| | | | | | This is part of the samba-tool work to fit the object-action model Signed-off-by: Andrew Tridgell <tridge@samba.org>
* samba-tool: update test suite for add setpasswordGiampaolo Lauria2011-07-214-9/+7
| | | | | | The test suite needs to change from setpassword to "user setpassword" to reflect the new cmd syntax Signed-off-by: Andrew Tridgell <tridge@samba.org>
* samba-tool: removed setpassword.pyGiampaolo Lauria2011-07-211-80/+0
| | | | | | The functionality in setppasword has now been moved to "user setpassword" to fit the object-action model Signed-off-by: Andrew Tridgell <tridge@samba.org>
* samba-tool: added setpassword to userGiampaolo Lauria2011-07-211-2/+58
| | | | | | This is part of the samba-tool work to fit the object-action model Signed-off-by: Andrew Tridgell <tridge@samba.org>
* samba-tool: fix summary of the fsmo command to be clearerGiampaolo Lauria2011-07-211-1/+1
| | | | | | fsmo command is for general FSMO management Signed-off-by: Andrew Tridgell <tridge@samba.org>
* s3-torture: run_simple_posix_open_test(): replace cli_read_old() withBjörn Baumbach2011-07-201-2/+9
| | | | | | | | | cli_read() Signed-off-by: Stefan Metzmacher <metze@samba.org> Autobuild-User: Stefan Metzmacher <metze@samba.org> Autobuild-Date: Wed Jul 20 23:22:09 CEST 2011 on sn-devel-104
* s3-torture: rw_torture2(): replace cli_read_old() with cli_read()Björn Baumbach2011-07-201-4/+10
| | | | Signed-off-by: Stefan Metzmacher <metze@samba.org>
* s3-torture: rw_torture3(): replace cli_read_old() with cli_read()Björn Baumbach2011-07-201-10/+7
| | | | Signed-off-by: Stefan Metzmacher <metze@samba.org>
* s3-torture: rw_torture(): replace cli_read_old() with cli_read()Björn Baumbach2011-07-201-3/+11
| | | | Signed-off-by: Stefan Metzmacher <metze@samba.org>
* s3-libsmb: introduce new NTSTATUS cli_read()Björn Baumbach2011-07-202-0/+23
| | | | | | Replacement for cli_read_old() Signed-off-by: Stefan Metzmacher <metze@samba.org>
* s3-libsmb: replace cli_read() with cli_read_old()Björn Baumbach2011-07-2010-28/+28
| | | | | | Will introduce new cli_read() function. Signed-off-by: Stefan Metzmacher <metze@samba.org>
* s3:libsmb: move cli->cnum to cli->smb1.tid and hide it behind ↵Stefan Metzmacher2011-07-2010-36/+55
| | | | | | cli_state_[g|s]et_tid() metze
* s3:libsmb: move cli->pid to cli->smb1.pid and hide it behind cli_[g|s]etpid()Stefan Metzmacher2011-07-205-12/+18
| | | | metze
* s3:libsmb: add cli->smb1.vc_num and hide it behind cli_state_get_vc_num()Stefan Metzmacher2011-07-204-3/+11
| | | | | | This makes it clearer, why we send the pid value in the session setup. metze
* s3:libsmb: move cli->mid to cli->smb1.midStefan Metzmacher2011-07-203-4/+8
| | | | metze
* s3:libsmb: smb_bytes_talloc_string() doesn't need a cli_stateStefan Metzmacher2011-07-201-3/+3
| | | | metze
* s4:kdc: restore the behavior before the last heimdal importStefan Metzmacher2011-07-201-8/+16
| | | | | | | metze Autobuild-User: Stefan Metzmacher <metze@samba.org> Autobuild-Date: Wed Jul 20 12:12:38 CEST 2011 on sn-devel-104
* s3-gse Work around the MIT 1.9 gss_krb5_import_credAndrew Bartlett2011-07-201-6/+16
| | | | | | | | | | | | | We detect this function at configure time, but it currently fails to operate the way we need - that is, when the principal is not specified, it gives this error. When the principal is specified we get 'wrong principal in request' in the GSS acceptor, so for now the best option is to fall back to the alternate approach. Andrew Bartlett Autobuild-User: Andrew Bartlett <abartlet@samba.org> Autobuild-Date: Wed Jul 20 06:35:05 CEST 2011 on sn-devel-104
* s3-gse Allow printing the partial error stringAndrew Bartlett2011-07-201-6/+6
| | | | | | | | We may not be able to obtain the full error string, so print what we can get. This is required when the error is the the GSSAPI layer, not the mechanism. Andrew Bartlett
* s3-auth fix dummy function in the not-with-kerberos caseAndrew Bartlett2011-07-201-1/+1
|
* s3-auth Replace False with false in auth_util.cAndrew Bartlett2011-07-201-10/+10
| | | | | Autobuild-User: Andrew Bartlett <abartlet@samba.org> Autobuild-Date: Wed Jul 20 02:31:15 CEST 2011 on sn-devel-104
* s3-auth Replace True with true in auth_util.cAndrew Bartlett2011-07-201-12/+12
|
* s3-auth Fix spellingAndrew Bartlett2011-07-201-7/+7
|
* s3-auth Remove pointless destructor in make_server_infoAndrew Bartlett2011-07-201-10/+0
| | | | | | | | | | | | | | All the callers allocate ->info3 as a talloc child already. As regardes the TALLOC_ZERO(), I added this originally out of parinoia many years ago. We do not consistantly zero session keys in memory, and for NTLMv2 and Kerberos they are random for each sesssion, so breaking into smbd far enough to read an old session key isn't a particularly interesting attack, compared with (say) reading the keytab or the password database. (NTLM and LM session keys are fixed derivitives of the passwords however). Andrew Bartlett
* s3-auth inline make_auth_session_info into only callerAndrew Bartlett2011-07-203-25/+1
|
* security.idl: Use gid_t for gid in security_unix_tokenAndrew Bartlett2011-07-201-1/+1
|
* s3-auth Remove seperate guest booleanAndrew Bartlett2011-07-2011-22/+31
| | | | | | | | | | Instead, we base our guest calculations on the presence or absense of the authenticated users group in the token, ensuring that we have only one canonical source of this important piece of authorization data Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
* auth: Set NETLOGON_GUEST and use it to determine guest statusAndrew Bartlett2011-07-202-1/+5
| | | | | | | | | These additional measures should help ensure we do not accidentily upgrade a guest to an authenticated user in the future. Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
* selftest: Add tests to verify that the named pipe proxy works.Andrew Bartlett2011-07-201-0/+7
| | | | | | | | | This verifies that for NTLM authenticated connections, named pipe forwarding works as expected, including the session keys. Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
* selftest: Pass lsass and epmapper across the named pipe proxy to the AD serverAndrew Bartlett2011-07-201-0/+2
| | | | | | | | | Eventually we will have just one end point mapper, but for now we need to use the source4 one for the AD tests. Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
* auth: remove now unused auth3_session_info from auth.idlAndrew Bartlett2011-07-201-11/+1
| | | | Signed-off-by: Andrew Tridgell <tridge@samba.org>
* auth: Move make_user_info_SamBaseInfo() to talloc_strdup and out of memory ↵Andrew Bartlett2011-07-201-9/+31
| | | | | | checking Signed-off-by: Andrew Tridgell <tridge@samba.org>
* auth: Split out make_user_info_SamBaseInfo and add authenticated argumentAndrew Bartlett2011-07-207-45/+77
| | | | | | | | | This will allow the source3 auth code to call this without needing to double-parse the SIDs Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
* s3-rpc_server remove per-element copies of auth_session_infoAndrew Bartlett2011-07-202-44/+4
| | | | | | | | | | | | | This is not required any more now that they are the same structure, and shows the value in having a common structure across the codebase. In particular, now any additional state that needs to be added to the auth_session_info will be transparently available across the named pipe proxy, without a need to modify the mapping layer. Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
* s3-auth Use the common auth_session_infoAndrew Bartlett2011-07-2042-228/+228
| | | | | | | | | | | This patch finally has the same structure being used to describe the authorization data of a user across the whole codebase. This will allow of our session handling to be accomplished with common code. Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
* s3-auth use auth_user_info not netr_SamInfo3 in auth3_session_infoAndrew Bartlett2011-07-2019-101/+84
| | | | | | | | | | | | This makes auth3_session_info identical to auth_session_info The logic to convert the info3 to a struct auth_user_info is essentially moved up the stack from the named pipe proxy in source3/rpc_server to create_local_token(). Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
* s3-rpc_server read and write the unix_token and unix_info across named_pipe_authAndrew Bartlett2011-07-202-27/+42
| | | | | | | | | | | | | | | This ensures that the exact same token is used on both sides of the pipe, when a full token is passed (ie, source3 to source3, but not yet source4 to to source3 as the unix info isn't calculated there yet). If we do not have unix_token, we fall back to the old behaviour and go via create_local_token(). (However, in this case the security_token is now overwritten, as it is better to have it match the rest of the session_info create_local_token() builds). Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
* s3-auth reimplement copy_session_info via NDR pull/pushAndrew Bartlett2011-07-201-57/+23
| | | | | | | | This ensures we do not miss elements. Pattern copied from auth_netlogond. Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
* auth: use char * pointers in auth.idlAndrew Bartlett2011-07-201-10/+10
| | | | | | | | | We need to use this, and not utf8string because we need to transport NULL pointers correctly. Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
* s3-auth Remove pointless destructorAndrew Bartlett2011-07-201-10/+0
| | | | | | | | All the users of this structure allocate info3 on the session_info Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
* s3-auth import auth3_session_info into IDLAndrew Bartlett2011-07-202-25/+23
| | | | Signed-off-by: Andrew Tridgell <tridge@samba.org>
* s3-auth Avoid redundant copies in create_local_token()Andrew Bartlett2011-07-201-20/+20
| | | | | | | | These values were not read before being overwritten again. Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
* s3-auth Add comments to copy_session_info_serverinfo_guest()Andrew Bartlett2011-07-201-2/+5
| | | | Signed-off-by: Andrew Tridgell <tridge@samba.org>
generated by cgit (git 2.34.1) at 2025-09-25 23:19:54 +0000