summaryrefslogtreecommitdiff
AgeCommit message (Collapse)AuthorFilesLines
2012-12-12tdb: Improve the documentation of tdb_reopen() and tdb_close().Andreas Schneider1-2/+8
Reviewed-by: Simo Sorce <idra@samba.org> Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org> Autobuild-Date(master): Wed Dec 12 14:58:50 CET 2012 on sn-devel-104
2012-12-12tdb: Fix possible crash bugs in the python tdb code.Andreas Schneider1-2/+15
You can't call tdb_error() for tdb_reopen() or tdb_close(), both return the error code of close(2) and not a TDB_ERROR! Reviewed-by: Simo Sorce <idra@samba.org> Reviewed-by: Jelmer Vernooij <jelmer@samba.org>
2012-12-12misc: Add a config for clang complete.Andreas Schneider1-0/+99
See https://github.com/Rip-Rip/clang_complete
2012-12-12s4-selftest: make sure to test rpc.samr.passwords.validate over ncacn_ip_tcp.Günther Deschner1-1/+1
Guenther Signed-off-by: Günther Deschner <gd@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> Autobuild-User(master): Stefan Metzmacher <metze@samba.org> Autobuild-Date(master): Wed Dec 12 13:13:47 CET 2012 on sn-devel-104
2012-12-12s3-selftest: make sure to test rpc.samr.passwords.validate over ncacn_ip_tcp.Günther Deschner1-1/+4
Guenther Signed-off-by: Günther Deschner <gd@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
2012-12-12s4-rpc_server: limit allowed transports for samr_ValidatePassword().Günther Deschner1-0/+5
Guenther Signed-off-by: Günther Deschner <gd@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
2012-12-12s3-rpc_server: limit allowed transports for samr_ValidatePassword().Günther Deschner1-0/+5
Guenther Signed-off-by: Günther Deschner <gd@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
2012-12-12s4-torture: move samr_ValidatePassword test out of main samr test.Günther Deschner2-4/+18
Makes it easier to call with ncacn_ip_tcp transport (Windows does not allow other transports). Guenther Signed-off-by: Günther Deschner <gd@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
2012-12-12dfs_server: Don't allocate a subcontext twice.Andreas Schneider1-1/+1
Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Guenther Deschner <gd@samba.org> Autobuild-User(master): Günther Deschner <gd@samba.org> Autobuild-Date(master): Wed Dec 12 11:28:39 CET 2012 on sn-devel-104
2012-12-12util: Don't use the pid ret value uninitialized.Andreas Schneider1-1/+1
Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Guenther Deschner <gd@samba.org>
2012-12-12s3-netapi: Initialize group_handle of NetGroupSetUsers_r().Andreas Schneider1-0/+1
Found by Coverity. Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Guenther Deschner <gd@samba.org>
2012-12-12s4-netapi: Initialize group_handle of NetGroupGetUsers_r().Andreas Schneider1-0/+1
Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Guenther Deschner <gd@samba.org>
2012-12-12s3-auth: Make sure we work on valid data_blobs.Andreas Schneider1-2/+2
Found by Coverity. Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Guenther Deschner <gd@samba.org>
2012-12-12s3-netapi: Initialize group_handle of NetUserSetGroups_r.Andreas Schneider1-0/+1
Found by Coverity. Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Guenther Deschner <gd@samba.org>
2012-12-12torture: Fix torture_rpc_spoolss_printer_teardown_common().Andreas Schneider1-3/+1
Found by Coverity. Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Guenther Deschner <gd@samba.org>
2012-12-12s3-netapi: Fix zeroing policy handles in NetLocalGroupAdd_r().Andreas Schneider1-5/+5
Found by Coverity. Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Guenther Deschner <gd@samba.org>
2012-12-12vfs: Make sure we don't call talloc_free on an uninitialized pointer.Andreas Schneider1-1/+1
Found by Coverity. Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Guenther Deschner <gd@samba.org>
2012-12-12s3-printing: Don't call talloc_free on an uninitialized pointer.Andreas Schneider1-1/+1
Found by Coverity. Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Guenther Deschner <gd@samba.org>
2012-12-12idl: Fix spoolss check for the size of the struct.Andreas Schneider1-4/+4
Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Guenther Deschner <gd@samba.org>
2012-12-12s3-net: Check the return value of strlower_m().Andreas Schneider1-1/+3
Found by Coverity. Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Guenther Deschner <gd@samba.org>
2012-12-12s3-net: Check return value of string_to_sid().Andreas Schneider1-1/+7
Found by Coverity. Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Guenther Deschner <gd@samba.org>
2012-12-12s3-rpcclient: Check return value of add_string_to_array().Andreas Schneider1-1/+5
Found by Coverity. Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Guenther Deschner <gd@samba.org>
2012-12-12s3-registry: Check return code of push_reg_sz().Andreas Schneider1-2/+11
Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Guenther Deschner <gd@samba.org>
2012-12-11s3:auth: Tidy up some of the API confusion in create_token_from_XXX() calls.Jeremy Allison1-6/+9
Based on Michaels example, split out the return of NT_STATUS_NO_MEMORY on talloc fail from other possible errors. Allow the NTSTATUS return to be the only valid indication of success in these calls. Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Michael Adam <obnox@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org> Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org> Autobuild-Date(master): Tue Dec 11 20:04:25 CET 2012 on sn-devel-104
2012-12-11s3:auth: fix dereference level in talloc checks in create_token_from_sid()Michael Adam1-2/+2
Commit c5b150b33fc54ed97dbd0736cc6f4c15977d6e70 introduced these checks. The current check "found_username == NULL" is wrong (we would segfault earlier in this case). We need to check *found_username == NULL instead as noted by Günter. Reported-by: Günter Kukkukk <linux@kukkukk.com> Signed-off-by: Michael Adam <obnox@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
2012-12-11selftest: skip the samba4.rpc.samr.passwords test in ncacn_np(dc) and ↵Michael Adam1-0/+2
s4member environments These currently fail in a corner case. Signed-off-by: Michael Adam <obnox@samba.org> Reviewed-by: Karolin Seeger <kseeger@samba.org> Autobuild-User(master): Michael Adam <obnox@samba.org> Autobuild-Date(master): Tue Dec 11 17:56:01 CET 2012 on sn-devel-104
2012-12-11s4:torture:rpc:samr: fix password age calculation in test_ChangePasswordUser3()Michael Adam1-2/+2
The min_password_age field is the negative of the age. Pair-Programmed-With: Stefan Metzmacher <metze@samba.org> Signed-off-by: Michael Adam <obnox@samba.org> Signed-off-by: Stefan Metzmacher <metze@samba.org>
2012-12-11s4:torture/samr: allow STATUS_PASSWORD_RESTRICTIONS from ChangePasswordUserMichael Adam1-8/+16
Pair-Programmed-With: Stefan Metzmacher <metze@samba.org> Signed-off-by: Michael Adam <obnox@samba.org> Signed-off-by: Stefan Metzmacher <metze@samba.org>
2012-12-11s4:rpc_server/samr: do WRONG_PASSWORD checks after the complexity checksMichael Adam1-47/+65
This matches the windows behavior. Pair-Programmed-With: Stefan Metzmacher <metze@samba.org> Signed-off-by: Michael Adam <obnox@samba.org> Signed-off-by: Stefan Metzmacher <metze@samba.org>
2012-12-11s4:dsdb/password_hash: do the min password age checks firstMichael Adam1-11/+13
Pair-Programmed-With: Stefan Metzmacher <metze@samba.org> Signed-off-by: Michael Adam <obnox@samba.org> Signed-off-by: Stefan Metzmacher <metze@samba.org>
2012-12-11s4:dsdb/common: only pass the DSDB_CONTROL_PASSWORD_HASH_VALUES_OID if requiredStefan Metzmacher1-7/+11
This should give the password_hash module a chance to detect if the called was the cleartext password or not. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Michael Adam <obnox@samba.org>
2012-12-11s4:torture:rpc:samr: add debugging of result of (many) dcerpc_samr_* callsMichael Adam1-1/+106
Pair-Programmed-With: Stefan Metzmacher <metze@samba.org> Signed-off-by: Michael Adam <obnox@samba.org> Signed-off-by: Stefan Metzmacher <metze@samba.org>
2012-12-11s4:dsdb/password_hash: Honor password complexity settings.Stefan Metzmacher1-5/+0
Honor password complexity settings when creating new users. Without this patch, you could set simple passwords although the complexity settings were enabled. This was an issue with 'samba-tool user add' and also when adding new users via Windows' "Active Directory Users and Computers" MMC Snap-In. The following scenarios were tested successfully after applying the patch: -'samba-tool user add' against s4 -'samba-tool user add -H' against a Windows DC -Adding a new user on a s4 DC using Windows' "Active Directory Users and Computers" MMC Snap-In. Please note that this bug was caused by a mistake in the documentation. Fix bug #9414 - 'samba-tool user add' ignores password complexity settings. Pair-programmed-with: Karolin Seeger <kseeger@samba.org> Pair-Programmed-With: Michael Adam <obnox@samba.org> Signed-off-by: Stefan Metzmacher <metze@samba.org> Signed-off-by: Michael Adam <obnox@samba.org>
2012-12-11Revert "s4:dsdb/password_hash: Honor password complexity settings."Stefan Metzmacher1-7/+1
This reverts commit f8056b7a6998e002f473b0ad79eee046236a7032. A better fix will follow. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Michael Adam <obnox@samba.org>
2012-12-11s4:provision: set the correct nTSecurityDescriptor on CN=Domain ↵Stefan Metzmacher3-0/+16
Controllers,... (bug #9481) Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Michael Adam <obnox@samba.org> Autobuild-User(master): Michael Adam <obnox@samba.org> Autobuild-Date(master): Tue Dec 11 07:05:39 CET 2012 on sn-devel-104
2012-12-11s4:provision: set the correct nTSecurityDescriptor on CN=Users,... (bug #9481)Stefan Metzmacher3-1/+19
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Michael Adam <obnox@samba.org>
2012-12-11s4:provision: set the correct nTSecurityDescriptor on CN=Computers,... (bug ↵Stefan Metzmacher3-1/+20
#9481) Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Michael Adam <obnox@samba.org>
2012-12-11s4:provision: set the correct nTSecurityDescriptor on CN=Builtin,... (bug #9481)Stefan Metzmacher3-0/+61
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Michael Adam <obnox@samba.org>
2012-12-11s4:provision: set the correct nTSecurityDescriptor on CN=Infrastructure,... ↵Stefan Metzmacher3-2/+15
(bug #9481) Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Michael Adam <obnox@samba.org>
2012-12-11s4:provision: set the correct nTSecurityDescriptor on ↵Stefan Metzmacher3-0/+19
CN=Sites,CN=Configuration... (bug #9481) Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Michael Adam <obnox@samba.org>
2012-12-11s4:provision: set the correct nTSecurityDescriptor on ↵Stefan Metzmacher3-0/+21
CN=Partitions,CN=Configuration... (bug #9481) Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Michael Adam <obnox@samba.org>
2012-12-11s4:dsdb/descriptor: pass object_list to create_security_descriptor()Stefan Metzmacher1-2/+13
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Michael Adam <obnox@samba.org>
2012-12-11libcli/security: calculate the correct inherited_object GUIDStefan Metzmacher1-1/+7
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Michael Adam <obnox@samba.org>
2012-12-11libcli/security: implement object_in_list()Stefan Metzmacher1-2/+23
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Michael Adam <obnox@samba.org>
2012-12-11s3:auth: fix function header comment for user_sid_in_group_sid()Michael Adam1-1/+1
This is embarrassing: the commit 0770a4c01bef26ec51321cd5b97aea4eab9e00a8 which intended to fix an earlier copy'n'paste error, contained another typo, fixed with this commit... Signed-off-by: Michael Adam <obnox@samba.org> Autobuild-User(master): Volker Lendecke <vl@samba.org> Autobuild-Date(master): Tue Dec 11 00:04:45 CET 2012 on sn-devel-104
2012-12-10pidl: change strange spelling __donnot_use_enum_* to __do_not_use_enum_*Michael Adam1-1/+1
Signed-off-by: Michael Adam <obnox@samba.org>
2012-12-10s3:auth: fix create_token_from_sid() to not fail in the winbindd caseMichael Adam1-2/+10
Commit 1c3c5e2156d9096f60bd53a96b88c2f1001d898a which factored the sid-based variant out of create_token_from_username() broke the case of a user handled by winbindd in that the "found_username" was set to NULL which caused the function to fail with NT_STATUS_NO_MEMORY further down. This patch fixes the function so that the case of found_username == NULL is cleanly separated from the NO_MEMORY case and the caller can provide the username in this case, if required. This fixes bug #9457. Signed-off-by: Michael Adam <obnox@samba.org> Autobuild-User(master): Volker Lendecke <vl@samba.org> Autobuild-Date(master): Mon Dec 10 18:18:54 CET 2012 on sn-devel-104
2012-12-10s3:auth: fix header comment for user_sid_in_group_sid()Michael Adam1-2/+2
This function was created in 1c3c5e2156d9096f60bd53a96b88c2f1001d898a and the header comment contained copy'n'paste errors from the original function user_in_group_sid() that took the user name. Signed-off-by: Michael Adam <obnox@samba.org>
2012-12-10s4:dsdb/tests/sec_descriptor: verify the search of a windows dc join keeps ↵Stefan Metzmacher1-0/+7
working This is a regression test for bug #9470. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Michael Adam <obnox@samba.org> Autobuild-User(master): Michael Adam <obnox@samba.org> Autobuild-Date(master): Mon Dec 10 15:41:12 CET 2012 on sn-devel-104
2012-12-10s4:dsdb/tests/sec_descriptor: verify the nTSecurityDescriptor and sd_flags ↵Stefan Metzmacher1-0/+116
interaction This is a regression test for bug #9470. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Michael Adam <obnox@samba.org>