← Back to branch summary

~ubuntu-branches/ubuntu/maverick/samba/maverick-security

« back to all changes in this revision

Viewing changes to source3/include/ads.h

  • Committer: Bazaar Package Importer
  • Author(s): Chuck Short
  • Date: 2010-01-29 06:16:15 UTC
  • mfrom: (0.27.9 upstream) (0.34.4 squeeze)
  • Revision ID: james.westby@ubuntu.com-20100129061615-37hs6xqpsdhjq3ld
Tags: 2:3.4.5~dfsg-1ubuntu1
https://launchpad.net/bugs/462169
https://launchpad.net/bugs/493565
* Merge from debian testing.  Remaining changes:
  + debian/patches/VERSION.patch:
    - set SAMBA_VERSION_SUFFIX to Ubuntu.
  + debian/smb.conf:
    - Add "(Samba, Ubuntu)" to server string.
    - Comment out the default [homes] share, and add a comment about "valid users = %s"
      to show users how to restrict access to \\server\username to only username.
    - Set 'usershare allow guests', so that usershare admins are allowed to create
      public shares in additon to authenticated ones.
    - add map to guest = Bad user, maps bad username to gues access.
  + debian/samba-common.conf:
    - Do not change priority to high if dhclient3 is installed.
    - Use priority medium instead of high for the workgroup question.
  + debian/mksambapasswd.awk:
    - Do not add user with UID less than 1000 to smbpasswd.
  + debian/control: 
    - Make libswbclient0 replace/conflict with hardy's likewise-open.
    - Don't build against ctdb, since its not in main yet.
  + debian/rules:
    - Enable "native" PIE hardening.
    - Add BIND_NOW to maximize benefit of RELRO hardening.
  + Add ufw integration:
    - Created debian/samba.ufw.profile.
    - debian/rules, debian/samba.dirs, debian/samba.files: install
  + Add apoort hook:
    - Created debian/source_samba.py.
    - debian/rules, debian/samba.dirs, debian/samba-common-bin.files: install
  + debian/rules, debian/samba.if-up: allow "NetworkManager" as a recognized address
    family... it's obviously /not/ an address family, but it's what gets
    sent when using NM, so we'll cope for now.  (LP: #462169). Taken from karmic-proposed.
  + debian/control: Recommend keyutils for smbfs (LP: #493565)
  + Dropped patches:
    - debian/patches/security-CVE-2009-3297.patch: No longer needed
    - debian/patches/fix-too-many-open-files.patch: No longer needed

Show diffs side-by-side

added added

removed removed

Lines of Context:
source3/include/ads.h
6
6
  basically this is a wrapper around ldap
7
7
*/
8
8
 
 
9
/*
 
10
 * This should be under the HAVE_KRB5 flag but since they're used
 
11
 * in lp_kerberos_method(), they ned to be always available
 
12
 */
 
13
#define KERBEROS_VERIFY_SECRETS 0
 
14
#define KERBEROS_VERIFY_SYSTEM_KEYTAB 1
 
15
#define KERBEROS_VERIFY_DEDICATED_KEYTAB 2
 
16
#define KERBEROS_VERIFY_SECRETS_AND_KEYTAB 3
 
17
 
 
18
/*
 
19
 * If you add any entries to the above, please modify the below expressions
 
20
 * so they remain accurate.
 
21
 */
 
22
#define USE_KERBEROS_KEYTAB (KERBEROS_VERIFY_SECRETS != lp_kerberos_method())
 
23
#define USE_SYSTEM_KEYTAB \
 
24
    ((KERBEROS_VERIFY_SECRETS_AND_KEYTAB == lp_kerberos_method()) || \
 
25
     (KERBEROS_VERIFY_SYSTEM_KEYTAB == lp_kerberos_method()))
 
26
 
9
27
enum wb_posix_mapping {
10
28
        WB_POSIX_MAP_UNKNOWN    = -1,
11
29
        WB_POSIX_MAP_TEMPLATE   = 0, 
339
357
/* Kerberos environment variable names */
340
358
#define KRB5_ENV_CCNAME "KRB5CCNAME"
341
359
 
342
 
/* Heimdal uses a slightly different name */
343
 
#if defined(HAVE_ENCTYPE_ARCFOUR_HMAC_MD5)
344
 
#define ENCTYPE_ARCFOUR_HMAC ENCTYPE_ARCFOUR_HMAC_MD5
345
 
#endif
346
 
 
347
 
/* The older versions of heimdal that don't have this
348
 
   define don't seem to use it anyway.  I'm told they
349
 
   always use a subkey */
350
 
#ifndef HAVE_AP_OPTS_USE_SUBKEY
351
 
#define AP_OPTS_USE_SUBKEY 0
352
 
#endif
353
 
 
354
360
#define WELL_KNOWN_GUID_COMPUTERS       "AA312825768811D1ADED00C04FD8D5CD" 
355
361
#define WELL_KNOWN_GUID_USERS           "A9D1CA15768811D1ADED00C04FD8D5CD"
356
362
 
357
 
#ifndef KRB5_ADDR_NETBIOS
358
 
#define KRB5_ADDR_NETBIOS 0x14
359
 
#endif
360
 
 
361
 
#ifndef KRB5KRB_ERR_RESPONSE_TOO_BIG
362
 
#define KRB5KRB_ERR_RESPONSE_TOO_BIG (-1765328332L)
363
 
#endif
364
 
 
365
 
#ifdef HAVE_KRB5
366
 
typedef struct {
367
 
#if defined(HAVE_MAGIC_IN_KRB5_ADDRESS) && defined(HAVE_ADDRTYPE_IN_KRB5_ADDRESS) /* MIT */
368
 
        krb5_address **addrs;
369
 
#elif defined(HAVE_KRB5_ADDRESSES) /* Heimdal */
370
 
        krb5_addresses *addrs;
371
 
#else
372
 
#error UNKNOWN_KRB5_ADDRESS_TYPE
373
 
#endif /* defined(HAVE_MAGIC_IN_KRB5_ADDRESS) && defined(HAVE_ADDRTYPE_IN_KRB5_ADDRESS) */
374
 
} smb_krb5_addresses;
375
 
 
376
 
#ifdef HAVE_KRB5_KEYBLOCK_KEYVALUE /* Heimdal */
377
 
#define KRB5_KEY_TYPE(k)        ((k)->keytype)
378
 
#define KRB5_KEY_LENGTH(k)      ((k)->keyvalue.length)
379
 
#define KRB5_KEY_DATA(k)        ((k)->keyvalue.data)
380
 
#define KRB5_KEY_DATA_CAST      void
381
 
#else /* MIT */
382
 
#define KRB5_KEY_TYPE(k)        ((k)->enctype)
383
 
#define KRB5_KEY_LENGTH(k)      ((k)->length)
384
 
#define KRB5_KEY_DATA(k)        ((k)->contents)
385
 
#define KRB5_KEY_DATA_CAST      krb5_octet
386
 
#endif /* HAVE_KRB5_KEYBLOCK_KEYVALUE */
387
 
 
388
 
#ifdef HAVE_KRB5_KEYTAB_ENTRY_KEY               /* MIT */
389
 
#define KRB5_KT_KEY(k)          (&(k)->key)
390
 
#elif HAVE_KRB5_KEYTAB_ENTRY_KEYBLOCK          /* Heimdal */
391
 
#define KRB5_KT_KEY(k)          (&(k)->keyblock)
392
 
#else
393
 
#error krb5_keytab_entry has no key or keyblock member
394
 
#endif /* HAVE_KRB5_KEYTAB_ENTRY_KEY */
395
 
 
396
 
#endif /* HAVE_KRB5 */
397
 
 
398
363
enum ads_extended_dn_flags {
399
364
        ADS_EXTENDED_DN_HEX_STRING      = 0,
400
365
        ADS_EXTENDED_DN_STRING          = 1 /* not supported on win2k */