summaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
...
* s4-dsdb: extend the extended_dn_in module to handle DN linksAndrew Tridgell2011-08-041-44/+104
| | | | | | | | | this replaces DN components in incoming filter expressions with the full extended DN of the target, which allows search expressions based on <GUID=> and <SID=> DNs, as well as fixing the problem with one-way links in search expressions Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
* ldb: rule_id in ldb_parse_tree should be constAndrew Tridgell2011-08-041-1/+1
| | | | | | this allows assignment to a constant string without allocation Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
* ldb: added a new always-fail ldap extended match OIDAndrew Tridgell2011-08-043-1/+22
| | | | | | | this is used when rewriting filter rules to replace a filter rule with one that is guaranteed not to match Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
* ldb: changed DN matching rules to obey GUID/SID/string orderingAndrew Tridgell2011-08-041-0/+54
| | | | | | | | when matching two DNs, the GUID takes priority, then the SID, then the string component Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org> Pair-Programmed-With: Amitay Isaacs <amitay@gmail.com>
* s4-dsdb: handle search expressions containing extended DNsAndrew Tridgell2011-08-042-1/+167
| | | | | | | this allows for searches like member=<SID=S-1-2-3> Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org> Pair-Programmed-With: Amitay Isaacs <amitay@gmail.com>
* s4-dsdb: added dn_format attribute of a dsdb_attributeAndrew Tridgell2011-08-043-9/+14
| | | | | | | this is faster than string comparisons during searches at runtime Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org> Pair-Programmed-With: Amitay Isaacs <amitay@gmail.com>
* s4-dsdb: fixed outgoing one way link DNsAndrew Tridgell2011-08-042-3/+63
| | | | | | | | when we return a DN which is a one way link, fix the string DN component by searching for the GUID and replacing the DN components Pair-Programmed-With: Amitay Isaacs <amitay@gmail.com> Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
* s4-dsdb: setup a one_way_link attribute on schema attributesAndrew Tridgell2011-08-042-0/+30
| | | | | | | this allows us to quickly determine if a DN is a one way link Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org> Pair-Programmed-With: Amitay Isaacs <amitay@gmail.com>
* s4-dsdb: fixed a warning on dsdb_delete()Andrew Tridgell2011-08-041-1/+1
| | | | | | | struct ldb_dn is never const Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org> Pair-Programmed-With: Amitay Isaacs <amitay@gmail.com>
* s4-dsdb: make requests for STORAGE_FORMAT control non-criticalAndrew Tridgell2011-08-041-1/+1
| | | | | | | | this allows us to use dsdb_module_dn_by_guid() from levels below the extended_dn_out module Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org> Pair-Programmed-With: Amitay Isaacs <amitay@gmail.com>
* ldb: added signatures for 1.1.2Andrew Tridgell2011-08-041-0/+256
|
* ldb: raise minor versionldb-1.1.2Andrew Tridgell2011-08-041-1/+1
| | | | | | | needed for new module function ldb_dn_replace_components() Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org> Pair-Programmed-With: Amitay Isaacs <amitay@gmail.com>
* ldb: added ldb_parse_tree_walk()Andrew Tridgell2011-08-042-16/+77
| | | | | | | this walks a ldb parse tree, calling a callback on each node Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org> Pair-Programmed-With: Amitay Isaacs <amitay@gmail.com>
* ldb: added ldb_dn_replace_components()Andrew Tridgell2011-08-042-0/+63
| | | | | | | | | | this allows you to replace the string part of a DN with the string part from another DN. This is useful when you want to fix a DN that has the right GUID but the wrong string part, because the target object has moved. Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org> Pair-Programmed-With: Amitay Isaacs <amitay@gmail.com>
* s3-ntlmssp void function cannot return valueAndrew Bartlett2011-08-041-3/+3
| | | | | | | | | Removing the return is reasonable here because while no callers currently specify more than one flag at a time, the ntlmssp_want_feature code allows it. Autobuild-User: Andrew Bartlett <abartlet@samba.org> Autobuild-Date: Thu Aug 4 02:19:46 CEST 2011 on sn-devel-104
* s3: Fix some nonempty blank linesVolker Lendecke2011-08-031-19/+18
| | | | | Autobuild-User: Volker Lendecke <vlendec@samba.org> Autobuild-Date: Wed Aug 3 22:00:19 CEST 2011 on sn-devel-104
* s3-printing: fix some build warnings in queue_process.cGünther Deschner2011-08-031-1/+2
| | | | | | | Guenther Autobuild-User: Günther Deschner <gd@samba.org> Autobuild-Date: Wed Aug 3 17:48:33 CEST 2011 on sn-devel-104
* ntlmssp: Add ntlmssp_blob_matches_magic()Andrew Bartlett2011-08-035-3/+15
| | | | | | | | | This avoids having the same check in 3 different parts of the code Andrew Bartlett Autobuild-User: Andrew Bartlett <abartlet@samba.org> Autobuild-Date: Wed Aug 3 12:45:04 CEST 2011 on sn-devel-104
* s3-ntlmssp Remove rudundent commentAndrew Bartlett2011-08-031-1/+0
| | | | | | This is explained where SESSION_KEY maps to SIGN at the NTLMSSP layer Andrew Bartlett
* s3-ntlmssp Remove a level of nesting in if/else statementAndrew Bartlett2011-08-031-3/+2
|
* selftest: test plugin_s4_dc against all ncacn_np testsAndrew Bartlett2011-08-037-2/+46
| | | | | | | Changes to the s3 epmapper behaviour seem to have fixed the rest of these tests. Andrew Bartlett
* s3-ntlmssp clarify session key behaviour after create_local_token() changesAndrew Bartlett2011-08-031-2/+1
|
* s3-ntlmssp Remove auth_ntlmssp_state_destructor, use the talloc tree insteadAndrew Bartlett2011-08-031-16/+5
|
* ldb-samba: Explain the current behaviour of ldif_canonicalise_objectCategoryAndrew Bartlett2011-08-031-2/+7
|
* s3-auth directly return the result of make_server_info_guest()Andrew Bartlett2011-08-031-2/+2
|
* s3-auth rename auth_ntlmssp_steal_session_info()Andrew Bartlett2011-08-035-14/+14
| | | | | | | | There is no longer any theft of memory as the underlying routines now produce a new auth_session_info for this caller, allocating it on the supplied memory context. Andrew Bartlett
* selftest: print %U in smbclient -L output to allow testingAndrew Bartlett2011-08-031-0/+1
|
* s3-smbd Be consistent with %U subs on guest loginsAndrew Bartlett2011-08-031-1/+1
| | | | | | | The NTLMSSP code always specified "" as the username, and this makes guest logins via the old-style session setup do the same. Andrew Bartlett
* selftest: Add kerberos tests to plugin_s4_dc testsAndrew Bartlett2011-08-031-3/+4
| | | | Signed-off-by: Andrew Tridgell <tridge@samba.org>
* s3-auth use auth_generic_start to get full GENSEC in Samba3 session setupAndrew Bartlett2011-08-034-30/+80
| | | | | | | | | | This tests if the auth_generic_start() hook is available on the auth context during the negprot, and if so it uses auth_generic_start() to hook to GENSEC to handle the full SPNEGO blob. Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
* s3-auth Add function to start any GENSEC mech by OIDAndrew Bartlett2011-08-032-5/+22
| | | | Signed-off-by: Andrew Tridgell <tridge@samba.org>
* s3-smbd clarify behaviour by not passing an OID that will not be usedAndrew Bartlett2011-08-031-1/+1
| | | | Signed-off-by: Andrew Tridgell <tridge@samba.org>
* s3-smbd Ensure we do not read past the end of a possible NTLMSSP blobAndrew Bartlett2011-08-032-2/+2
| | | | Signed-off-by: Andrew Tridgell <tridge@samba.org>
* s3-auth clarify the role of these session keysAndrew Bartlett2011-08-031-8/+6
| | | | | | | | | This comment can be clarified now the auth subsystem does not use the same structure as the rest of the code. Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
* s3-auth remove sanitized_username from auth_serversupplied_infoAndrew Bartlett2011-08-035-41/+1
| | | | | | | | | | | This structure element was only written to, not read. It is filled into the companion structure, auth_session_info() by create_local_token(). Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
* s3-auth set session_info->sanitized_username in create_local_token()Andrew Bartlett2011-08-0311-60/+23
| | | | | | | | | | | Rather than passing this value around the callers, and eventually setting it in register_existing_vuid(), we simply pass it to create_local_token(). This also removes the need for auth_ntlmssp_get_username(). Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
* s3-ntlmssp Split auth_ntlmssp_start into two functionsAndrew Bartlett2011-08-036-25/+93
| | | | | | | | | This helps map on to the GENSEC semantics better, and ensures that the full set of desired features are set before the mechanism starts. Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
* s3-ntlmssp Split calls to gensec plugin into prepare and startAndrew Bartlett2011-08-034-21/+23
| | | | | | | | | | GENSEC has the concept of starting the GENSEC subsystem before starting the actual mechansim. Between these two stages is when most context methods are called, to specify credentials and features. Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
* gensec: Don't keep a second copy of the auth4_context in gensec_ntlmssp_stateAndrew Bartlett2011-08-032-7/+4
| | | | | | | | | The auth4_context is already in the gensec_security structure, which is available by de-reference here anyway. Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
* s3-ntlmssp Remove auth_ntlmssp_and_flags()Andrew Bartlett2011-08-035-20/+0
| | | | | | | | | | | There is no need to mask out these flags as they simply are not set yet. The correct abstraction is to ask for NTLMSSP features. Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
* s3-ntlmssp Remove rpccli_get_pwd_hash and auth_ntlmssp_get_nt_hashAndrew Bartlett2011-08-036-74/+26
| | | | | | | | | | | | | | | | | | | The session key we want here (the only one that is availble to the encryption layer) is the one obtained by cli_get_session_key(), as NTLMSSP creates a per-session session key via key exchange and NTLMv2 negotiation. The key was never directly the NT hash anyway (this is simply a mistake, the extra MD4() was lost during my previous cleanup f28f113d8e76824b080359c90efd9c92de533740 in 2008), but was MD4(NT hash) in early implementations of NTLMSSP. However, regardless this call is not available on domain trusts between AD domains and Windows 2003 R2, making this less useful. Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
* selftest: Test encrypted RPC pipes against plugin_s4_dcAndrew Bartlett2011-08-031-4/+5
| | | | Signed-off-by: Andrew Tridgell <tridge@samba.org>
* selftest: use the s4 winbindd in plugin_s4_dc testAndrew Bartlett2011-08-032-2/+2
| | | | Signed-off-by: Andrew Tridgell <tridge@samba.org>
* s3-auth Add hook to start a GENSEC mech to auth_samba4Andrew Bartlett2011-08-032-1/+89
| | | | Signed-off-by: Andrew Tridgell <tridge@samba.org>
* s3-ntlmssp Remove auth_ntlmssp_or_flagsAndrew Bartlett2011-08-035-15/+7
| | | | | | | | | We now just use auth_ntlmssp_want_feature to get extra flags on the NTLMSSP context Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
* s3-ntlmssp Remove calls to auth_ntlmssp_and_flags from the serverAndrew Bartlett2011-08-037-11/+15
| | | | | | | | | | | | This is changed so that the callers ask for the additional flags that they need, starting with no additional flags. This helps to create a proper abstraction layer in ntlmssp_wrap/auth_ntlmssp. Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
* s3-ntlmssp Add mem_ctx argument to auth_ntlmssp_updateAndrew Bartlett2011-08-039-37/+36
| | | | | | | | This clarifies the lifetime of the returned token. Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
* s3-ntlmssp NTLMSSP sealing implies signing, so set both flagsAndrew Bartlett2011-08-031-0/+1
| | | | Signed-off-by: Andrew Tridgell <tridge@samba.org>
* s3-ntlmssp Add hooks to optionally call into GENSEC in auth_ntlmsspAndrew Bartlett2011-08-037-15/+95
| | | | | | | | | | This allows the current behaviour of the NTLMSSP code to be unchanged while adding a way to hook in an alternate implementation via an auth module. Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
* s3-ntlmssp Add mem_ctx argument to auth_ntlmssp_get_session_key()Andrew Bartlett2011-08-034-8/+8
|
generated by cgit (git 2.34.1) at 2025-08-27 22:08:05 +0000