summaryrefslogtreecommitdiff
AgeCommit message (Collapse)AuthorFilesLines
2013-09-20libcli: continue to read from the socket even if the size is 0Matthieu Patou1-1/+1
This is an issue found by Codenomicon, with a malicious packet with 0 bytes UDP payload we will continiously be looping trying to react from the socket event and continiously do nothing as we will bail out thinking that we had a memory allocation error. Original fix comes from Volker Lendecke <vl@samba.org> Signed-off-by: Matthieu Patou <mat@matws.net> Reviewed-by: Volker Lendecke <vl@samba.org> Autobuild-User(master): Volker Lendecke <vl@samba.org> Autobuild-Date(master): Fri Sep 20 04:46:47 CEST 2013 on sn-devel-104
2013-09-19lib/messaging: Check the server_id type correctlyAndrew Bartlett1-1/+1
Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> Autobuild-User(master): Andrew Bartlett <abartlet@samba.org> Autobuild-Date(master): Thu Sep 19 23:19:16 CEST 2013 on sn-devel-104
2013-09-19dsdb-repl_meta_data: Make handling of Deleted Objects DN clearer in deleteAndrew Bartlett1-5/+10
This code no longer needs to handle not renaming Deleted Objects during a re-delete, because it is no longer called in that case. Andrew Bartlett Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
2013-09-19dsdb-repl_meta_data: Do not re-delete the Deleted Objects DN during replicationAndrew Bartlett1-3/+5
We need to ensure we do not re-delete the Deleted Objects DN during replication. It itself not entirely a deleted object, but has isDeleted set. Andrew Bartlett Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
2013-09-19dsdb: Refuse to return an all-zero invocationIDAndrew Bartlett1-0/+8
This could cause an all-zero GUID to be entered into the replPropertyMetaData, which will then fail to be replicated to other DCs. Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
2013-09-19dsdb-repl_meta_data: Check for a NULL invocationID and do not proceedAndrew Bartlett1-0/+4
This can happen if we do not find the invocationID, with later patches. Andrew Bartlett Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
2013-09-19python/drs: Ensure to pass in the local invocationID during the domain joinAndrew Bartlett6-8/+30
This ensures (and asserts) that we never write an all-zero GUID as an invocationID to the database in replPropertyMetaData. Andrew Bartlett Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
2013-09-19s3-rpc_srv: remove unused schannel calls from srv_pipe.cGünther Deschner1-116/+0
Guenther Signed-off-by: Günther Deschner <gd@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> Autobuild-User(master): Günther Deschner <gd@samba.org> Autobuild-Date(master): Thu Sep 19 12:59:04 CEST 2013 on sn-devel-104
2013-09-19s3-rpc_cli: remove unused schannel calls from cli_pipe.cGünther Deschner1-76/+0
Guenther Signed-off-by: Günther Deschner <gd@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
2013-09-19s3-rpc_cli: remove unused schannel calls from dcerpc_helpers.cGünther Deschner2-127/+0
Guenther Signed-off-by: Günther Deschner <gd@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
2013-09-19s3-rpc: use gensec for schannel footer processing.Günther Deschner1-32/+3
Guenther Signed-off-by: Günther Deschner <gd@samba.org> Pair-Programmed-With: Andreas Schneider <asn@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
2013-09-19s3-rpc_srv: use gensec for schannel bind.Günther Deschner1-2/+7
Guenther Signed-off-by: Günther Deschner <gd@samba.org> Pair-Programmed-With: Andreas Schneider <asn@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
2013-09-19s3-rpc_cli: use gensec for schannel bind.Günther Deschner1-9/+13
Guenther Signed-off-by: Günther Deschner <gd@samba.org> Pair-Programmed-With: Andreas Schneider <asn@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
2013-09-19s3-auth: register schannel gensec module in auth_generic_prepare() as well.Günther Deschner1-1/+4
Guenther Signed-off-by: Günther Deschner <gd@samba.org> Pair-Programmed-With: Andreas Schneider <asn@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
2013-09-19s3-rpc_cli: allow to pass down a netlogon CredentialState struct to gensec.Günther Deschner1-1/+4
Guenther Signed-off-by: Günther Deschner <gd@samba.org> Pair-Programmed-With: Andreas Schneider <asn@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
2013-09-19s3-auth: also load schannel module from auth_generic_client_prepare().Günther Deschner1-1/+2
Guenther Signed-off-by: Günther Deschner <gd@samba.org> Pair-Programmed-With: Andreas Schneider <asn@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
2013-09-19gensec: check for NULL gensec_security in gensec_security_by_auth_type().Günther Deschner1-2/+4
We have equivalent checks in other gensec_security_by_X calls already. Guenther Signed-off-by: Günther Deschner <gd@samba.org> Pair-Programmed-With: Andreas Schneider <asn@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
2013-09-19gensec: remove duplicate gensec_security_by_authtype() call.Günther Deschner1-27/+2
We should use the equivalent gensec_security_by_auth_type() call which is exposed in the public header. Guenther Signed-off-by: Günther Deschner <gd@samba.org> Pair-Programmed-With: Andreas Schneider <asn@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
2013-09-19gensec: move schannel module to toplevel.Günther Deschner3-10/+8
Guenther Signed-off-by: Günther Deschner <gd@samba.org> Pair-Programmed-With: Andreas Schneider <asn@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
2013-09-19Fix SEGV from improperly formed SUBSTRING/PRESENCE filterHoward Chu1-1/+1
Signed-off-by: Howard Chu <hyc@symas.com> Reviewed-by: Simo Sorce <idra@samba.org> Reviewed-by: Volker Lendecke <vl@samba.org> Reviewed-by: Michael Adam <obnox@samba.org> Autobuild-User(master): Michael Adam <obnox@samba.org> Autobuild-Date(master): Thu Sep 19 01:42:43 CEST 2013 on sn-devel-104
2013-09-18OpenLDAP provisioning tweaksHoward Chu5-65/+38
Remove BerkeleyDB-specific setup. Streamline cn=samba partition initialization - allow any backend type for it. Use back-mdb instead of back-ldif for cn=samba partition Signed-off-by: Howard Chu <hyc@symas.com> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Nadezhda Ivanova <nivanova@symas.com> Autobuild-User(master): Nadezhda Ivanova <nivanova@samba.org> Autobuild-Date(master): Wed Sep 18 21:39:51 CEST 2013 on sn-devel-104
2013-09-18Use SASL/EXTERNAL over ldapi://Howard Chu3-53/+86
The provision script will map the uid of the user running the script to the samba-admin LDAP DN. Signed-off-by: Howard Chu <hyc@symas.com> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Nadezhda Ivanova <nivanova@symas.com>
2013-09-18Add SASL/EXTERNAL gensec moduleHoward Chu3-1/+91
Signed-off-by: Howard Chu <hyc@symas.com> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Nadezhda Ivanova <nivanova@symas.com>
2013-09-18Prepare for SASL/EXTERNAL supportHoward Chu2-2/+19
Signed-off-by: Howard Chu <hyc@symas.com> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Nadezhda Ivanova <nivanova@symas.com>
2013-09-18Free memory on errorAlistair Leslie-Hughes1-0/+1
Reviewed-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Wed Sep 18 19:46:41 CEST 2013 on sn-devel-104
2013-09-18s3: libsmb - 10150 - Not all OEM servers support the ALTNAME info level.Jeremy Allison1-3/+4
Sigh. Some OEM servers return NT_STATUS_NOT_IMPLEMENTED not NT_STATUS_NOT_SUPPORTED. Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Volker Lendecke <vl@samba.org>
2013-09-18Give slapd a second to startupHoward Chu1-1/+1
Moving the sleep to the beginning of the loop avoids most occurrences of the "connection failed" message Signed-off-by: Howard Chu <hyc@symas.com> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Nadezhda Ivanova <nivanova@symas.com> Autobuild-User(master): Nadezhda Ivanova <nivanova@samba.org> Autobuild-Date(master): Wed Sep 18 07:43:09 CEST 2013 on sn-devel-104
2013-09-18Add an OpenLDAP-specific extended_dn_in moduleHoward Chu2-5/+37
Don't "fix" plain DNs before sending them to OpenLDAP Signed-off-by: Howard Chu <hyc@symas.com> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Nadezhda Ivanova <nivanova@symas.com>
2013-09-18libcli/smb: only check the SMB2 session setup signature if required and validStefan Metzmacher1-5/+21
This is an update to commit af290a03cef63c3b08446c1980de064a3b1c8804 that skips the scary debug messages. Bug: https://bugzilla.samba.org/show_bug.cgi?id=10146 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> Autobuild-User(master): Stefan Metzmacher <metze@samba.org> Autobuild-Date(master): Wed Sep 18 04:46:00 CEST 2013 on sn-devel-104
2013-09-17s3: libsmb : Bug 10150 - Not all OEM servers support the ALTNAME info level.Jeremy Allison1-1/+9
Just ignore and print error message and an altname of "" if the server returns NT_STATUS_NOT_SUPPORTED. Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Volker Lendecke <vl@samba.org> Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Tue Sep 17 23:40:08 CEST 2013 on sn-devel-104
2013-09-17s3: libsmb SMB2 wrapper layer. cli_smb2_get_ea_list_path() failed to close ↵Jeremy Allison1-0/+4
file on exit. Found at SNIA SDC plugfest. Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Volker Lendecke <vl@samba.org>
2013-09-17s3-rpc_server: fix typo in DEBUG statement.Günther Deschner1-1/+1
Guenther Signed-off-by: Günther Deschner <gd@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org> Autobuild-User(master): Günther Deschner <gd@samba.org> Autobuild-Date(master): Tue Sep 17 18:24:26 CEST 2013 on sn-devel-104
2013-09-17docs: point out side-effects of global "valid users" setting.Günther Deschner1-0/+10
Guenther Signed-off-by: Günther Deschner <gd@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org> Autobuild-User(master): Günther Deschner <gd@samba.org> Autobuild-Date(master): Tue Sep 17 16:20:16 CEST 2013 on sn-devel-104
2013-09-17s3: libsmb : The short name length is only a one byte field.Jeremy Allison1-1/+1
The next byte is "undefined" and some vendors set this to 0xff (discovered in SNIA SDC lab tests). Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> Autobuild-User(master): Stefan Metzmacher <metze@samba.org> Autobuild-Date(master): Tue Sep 17 12:27:18 CEST 2013 on sn-devel-104
2013-09-17libcli/smb: fix non mendatory signing against some vendor SMB2 servers.Stefan Metzmacher1-1/+10
Windows and Samba always sign the final session setup response even if signing is not mendatory, but it ensures that the signing key is correctly in place. Bug: https://bugzilla.samba.org/show_bug.cgi?id=10146 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> Autobuild-User(master): Stefan Metzmacher <metze@samba.org> Autobuild-Date(master): Tue Sep 17 09:40:10 CEST 2013 on sn-devel-104
2013-09-17libcli/smb: use SMB1 MID=0 for the initial NegprotStefan Metzmacher1-0/+8
Bug: https://bugzilla.samba.org/show_bug.cgi?id=10144 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
2013-09-17Cleanup map return codesHoward Chu1-18/+17
-1 was never a valid LDB return code, just use OPERATIONS_ERROR Signed-off-by: Howard Chu <hyc@symas.com> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Autobuild-User(master): Nadezhda Ivanova <nivanova@samba.org> Autobuild-Date(master): Tue Sep 17 07:51:45 CEST 2013 on sn-devel-104
2013-09-17Fix OpenLDAP partition configsHoward Chu2-3/+72
Update to use LMDB backend, BDB is deprecated Update to support DomainDNSZones and ForestDNSZones partitions. Signed-off-by: Howard Chu <hyc@symas.com> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-09-17lib/ldb-samba/ldb_ildap: Also skip special base DNsAndrew Bartlett1-0/+3
This is so we do not search for @REPLCHANGED against ldap Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Nadezhda Ivanova <nivanova@symas.com>
2013-09-17docs-xml: document SMB3_02 as available protocol for the client sideStefan Metzmacher2-1/+4
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Michael Adam <obnox@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> Autobuild-User(master): Stefan Metzmacher <metze@samba.org> Autobuild-Date(master): Tue Sep 17 05:55:04 CEST 2013 on sn-devel-104
2013-09-17s3:torture: add PROTOCOL_SMB3_02 handlingStefan Metzmacher1-0/+3
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Michael Adam <obnox@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
2013-09-17lib/param: add PROTOCOL_SMB3_02 handlingStefan Metzmacher1-0/+1
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Michael Adam <obnox@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
2013-09-17libcli/smb: negotiate SMB3_DIALECT_REVISION_302 if PROTOCOL_SMB3_02 is requestedStefan Metzmacher1-0/+1
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Michael Adam <obnox@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
2013-09-17libcli/smb: add PROTOCOL_SMB3_02Stefan Metzmacher1-2/+3
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Michael Adam <obnox@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
2013-09-17libcli/smb: add SMB3_DIALECT_REVISION_302Stefan Metzmacher1-0/+1
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Michael Adam <obnox@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
2013-09-17dsdb: Use credentials.get_forced_sasl_mech()Andrew Bartlett2-0/+3
This will allow us to force the use of only DIGEST-MD5, for example, which is useful to avoid hitting GSSAPI, SPNEGO or NTLM when talking to OpenLDAP and Cyrus-SASL. Andrew Bartlett Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Nadezhda Ivanova <nivanova@symas.com> Autobuild-User(master): Nadezhda Ivanova <nivanova@samba.org> Autobuild-Date(master): Tue Sep 17 01:41:41 CEST 2013 on sn-devel-104
2013-09-16auth/credentials: Add cli_credentials_{set,get}_forced_sasl_mech()Andrew Bartlett5-0/+60
This will allow us to force the use of only DIGEST-MD5, for example, which is useful to avoid hitting GSSAPI, SPNEGO or NTLM when talking to OpenLDAP and Cyrus-SASL. Andrew Bartlett Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Nadezhda Ivanova <nivanova@symas.com>
2013-09-16samba-tool domain provision: Make ldap_backend_startup.sh +x and take ↵Andrew Bartlett1-2/+5
optional arguments Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Nadezhda Ivanova <nivanova@symas.com>
2013-09-16samba-tool domain join: Set server role correctly to "active directory ↵Andrew Bartlett1-2/+2
domain controller" We changed the magic string when we reworked the list of server roles. Andrew Bartlett Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> Autobuild-User(master): Stefan Metzmacher <metze@samba.org> Autobuild-Date(master): Mon Sep 16 23:33:41 CEST 2013 on sn-devel-104
2013-09-16s4-rpc_server/drsuapi: Print ldb error showing why we failed to perform the ↵Andrew Bartlett1-1/+1
access check Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>