| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
security blob size is greater than 16 kB
We were not correctly checking the output of asn1_start_tag().
asn1_start_tag() returns -1 and sets data->has_error if the
remaining blob size is too short to contain the tag length.
We were checking data->has_error and returning NT_STATUS_OK
(to allow the second asn.1 parse to fail in that case). We
should not be checking data->has_error in this case, but
falling through to the code that already checks the length.
Thanks to Jim for reproducing this for me. We don't get bitten
by this as we announce a max buffer size of 16k, greater than
Windows's 4k, which means that most krb5 spnego packets already
fit.
Jeremy.
Autobuild-User: Jeremy Allison <jra@samba.org>
Autobuild-Date: Fri May 27 02:57:27 CEST 2011 on sn-devel-104
|
|
Autobuild-User: Volker Lendecke <vlendec@samba.org>
Autobuild-Date: Thu May 26 12:50:55 CEST 2011 on sn-devel-104
|
|
Found by freeserif@yahoo.com.
Autobuild-User: Jeremy Allison <jra@samba.org>
Autobuild-Date: Wed May 25 22:37:23 CEST 2011 on sn-devel-104
|
|
With the recent consolidation of code between s3 and s4, a number of new
dependencies have been implicitly introduced. For example, previous s3
code gained an implicit dependency on talloc after the charset related
consolidation (lib/util/charset/charset.h now includes talloc.h). When
building against the embedded version of talloc this isn't a problem
since the paths are automatically added to the search path, but when
building against the external libraries build failures will occur for
all components that don't directly or indirectly include talloc as
a dependency.
Since charset.h is included from util.h, which in turn is included from
includes.h, this means most of the codebase (s3 and s4) has such an
undeclared dependency.
Therefore, samba-util-common and samba-util have been added as
dependencies to the s3 and s4 code respectively, for all cases where
the source would otherwise fail to build. Additionally, a few other
dependencies are added in specific wscript_build files to address
similar dependency-related problems.
https://bugzilla.samba.org/show_bug.cgi?id=8128
Signed-off-by: Sean Finney <seanius@seanius.net>
Signed-off-by: Matthias Dieter Wallnöfer <mdw@samba.org>
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org>
Autobuild-Date: Wed May 25 19:22:13 CEST 2011 on sn-devel-104
|
|
Windows does not track bad password attempts when offline. We were locking users out but not honoring the lockout duration.
Autobuild-User: Jim McDonough <jmcd@samba.org>
Autobuild-Date: Wed May 25 18:11:10 CEST 2011 on sn-devel-104
|
|
Older AD deployments simply don't have it and hence there is no RODC
support.
Reviewed-by: abartlet
Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org>
Autobuild-Date: Wed May 25 10:26:37 CEST 2011 on sn-devel-104
|
|
"samldb_prim_group_trigger" which as a wrapper calls "samldb_prim_group_change"
for a LDB modify operation.
Reviewed-by: abartlet
|
|
"dsdb_module_search_dn"
It saves us from checking the number of returned entries.
Reviewed-by: abartlet
|
|
Reviewed-by: abartlet
|
|
types of account
Reviewed-by: abartlet
|
|
Reviewed-by: abartlet
|
|
Tests against Windows Server show that it gets set to "FALSE" (not
deleted) if we change the account type to a domain member.
Reviewed-by: abartlet
|
|
Enhance the testcase with a workstation example.
Reviewed-by: abartlet
|
|
Ekacnet was not quite right yet but his patch made me think further.
This primary group changing is only needed if the account type changes.
With this patch we do one more search if the "userAccountControl"
changes but we save us from doing these unneeded and wrong modify replace
operations most of the time.
Reviewed-by: abartlet
|
|
This merges master with v3-6-test
Autobuild-User: Andrew Bartlett <abartlet@samba.org>
Autobuild-Date: Wed May 25 05:20:57 CEST 2011 on sn-devel-104
|
|
This was originally intended to allow the LDAP port on a DC to be
varied, but makes little sense to change one port when in an
environment where krb5, ldap, smb and potentially DCE/RPC over TCP are
involved.
Andrew Bartlett
|
|
I think this new version is more clear.
Andrew Bartlett
|
|
We changed to ${DNSNAME} (the fully qualified domain name) a while
back, and while it's usually functionally idential to the previous
setting, this breaks down if there is more than one DNS server.
Andrew Bartlett
|
|
|
|
Except in one case (where we mark printing tests as knownfail), this
has all our regular expressions start with ^, which ensures we don't
accidentially mix up the samba3/samba4 prefix here.
Because of the particular values in these files at the moment, this
should not change the set of tests, but it will help to ensure that
future edits follow the correct pattern.
Andrew Bartlett
|
|
Autobuild-User: Jeremy Allison <jra@samba.org>
Autobuild-Date: Tue May 24 22:57:16 CEST 2011 on sn-devel-104
|
|
The comfychair test harness isn't hooked up, and with the current
infrustructure C code is better tested directly here.
Andrew Bartlett
|
|
This will allow to introduce new features or fixes into the protocol after the 3.6.0 release. The client software is designed to take care for the subrelease number.
Autobuild-User: Jeremy Allison <jra@samba.org>
Autobuild-Date: Tue May 24 21:23:22 CEST 2011 on sn-devel-104
|
|
Don't allow pass_last_set_time to be set to zero (which means
"user must change password on next logon") if user object doesn't
allow password change.
Don't automatically allow user object password change if
"user must change password on next logon" is set.
Jim please check.
Jeremy.
|
|
same issue as with the audit modules:
using a wrong parameter leads to smbd crash as lp_enum()
will not terminate on last entry of the array
Autobuild-User: Christian Ambach <ambi@samba.org>
Autobuild-Date: Tue May 24 20:13:39 CEST 2011 on sn-devel-104
|
|
without the proper terminations of the enums, invalid arguments
for the audit modules will lead to a smbd crash as the loop in
lp_enum() will attempt to access memory behind the array
|
|
Autobuild-User: Jeremy Allison <jra@samba.org>
Autobuild-Date: Tue May 24 03:52:50 CEST 2011 on sn-devel-104
|
|
Autobuild-User: Volker Lendecke <vlendec@samba.org>
Autobuild-Date: Mon May 23 16:54:21 CEST 2011 on sn-devel-104
|
|
|
|
|
|
This is only used for utf16 alignment calculations, "rdata" is aligned the
same way as cli->inbuf is.
|
|
|
|
Jeremy, please check!
|
|
We need to reset the umask in order to set to the desired permissions.
metze
Autobuild-User: Stefan Metzmacher <metze@samba.org>
Autobuild-Date: Mon May 23 13:26:33 CEST 2011 on sn-devel-104
|
|
Autobuild-User: Volker Lendecke <vlendec@samba.org>
Autobuild-Date: Mon May 23 12:15:33 CEST 2011 on sn-devel-104
|
|
|
|
A moment of silence is due here, R.I.P.
Autobuild-User: Volker Lendecke <vlendec@samba.org>
Autobuild-Date: Sun May 22 22:17:12 CEST 2011 on sn-devel-104
|
|
This is the last user of cli_receive_smb. Oplocks are nowadays tested
in smbtorture4, this mainly has historic value
|
|
This removes a caller of cli_receive_smb
|
|
Autobuild-User: Volker Lendecke <vlendec@samba.org>
Autobuild-Date: Sat May 21 23:31:12 CEST 2011 on sn-devel-104
|
|
Autobuild-User: Volker Lendecke <vlendec@samba.org>
Autobuild-Date: Sat May 21 21:24:13 CEST 2011 on sn-devel-104
|
|
impact the "primaryGroupID" attribute
Notice: The domain administrators groups isn't referenced as "Domain Admins"
since this name could differ.
Signed-off-by: Matthias Dieter Wallnöfer <mdw@samba.org>
Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org>
Autobuild-Date: Sat May 21 19:19:57 CEST 2011 on sn-devel-104
|
|
modifications unless we are a computer/dc/rodc
Signed-off-by: Matthias Dieter Wallnöfer <mdw@samba.org>
|
|
Signed-off-by: Metze
|
|
unsigned
The LDB API ("ldb_connect") prescribes that they should be "unsigned".
Signed-off-by: Metze
|
|
Adapt it to the previous commits
Reviewed-by: Jelmer + Metze
|
|
Signed-off-by: Metze
|
|
"unsigned"
Signed-off-by: Metze
|
|
Signed-off-by: Metze
|
|
Signed-off-by: Metze
|
