summaryrefslogtreecommitdiff
AgeCommit message (Collapse)AuthorFilesLines
2012-12-11libcli/security: implement object_in_list()Stefan Metzmacher1-2/+23
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Michael Adam <obnox@samba.org>
2012-12-11s3:auth: fix function header comment for user_sid_in_group_sid()Michael Adam1-1/+1
This is embarrassing: the commit 0770a4c01bef26ec51321cd5b97aea4eab9e00a8 which intended to fix an earlier copy'n'paste error, contained another typo, fixed with this commit... Signed-off-by: Michael Adam <obnox@samba.org> Autobuild-User(master): Volker Lendecke <vl@samba.org> Autobuild-Date(master): Tue Dec 11 00:04:45 CET 2012 on sn-devel-104
2012-12-10pidl: change strange spelling __donnot_use_enum_* to __do_not_use_enum_*Michael Adam1-1/+1
Signed-off-by: Michael Adam <obnox@samba.org>
2012-12-10s3:auth: fix create_token_from_sid() to not fail in the winbindd caseMichael Adam1-2/+10
Commit 1c3c5e2156d9096f60bd53a96b88c2f1001d898a which factored the sid-based variant out of create_token_from_username() broke the case of a user handled by winbindd in that the "found_username" was set to NULL which caused the function to fail with NT_STATUS_NO_MEMORY further down. This patch fixes the function so that the case of found_username == NULL is cleanly separated from the NO_MEMORY case and the caller can provide the username in this case, if required. This fixes bug #9457. Signed-off-by: Michael Adam <obnox@samba.org> Autobuild-User(master): Volker Lendecke <vl@samba.org> Autobuild-Date(master): Mon Dec 10 18:18:54 CET 2012 on sn-devel-104
2012-12-10s3:auth: fix header comment for user_sid_in_group_sid()Michael Adam1-2/+2
This function was created in 1c3c5e2156d9096f60bd53a96b88c2f1001d898a and the header comment contained copy'n'paste errors from the original function user_in_group_sid() that took the user name. Signed-off-by: Michael Adam <obnox@samba.org>
2012-12-10s4:dsdb/tests/sec_descriptor: verify the search of a windows dc join keeps ↵Stefan Metzmacher1-0/+7
working This is a regression test for bug #9470. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Michael Adam <obnox@samba.org> Autobuild-User(master): Michael Adam <obnox@samba.org> Autobuild-Date(master): Mon Dec 10 15:41:12 CET 2012 on sn-devel-104
2012-12-10s4:dsdb/tests/sec_descriptor: verify the nTSecurityDescriptor and sd_flags ↵Stefan Metzmacher1-0/+116
interaction This is a regression test for bug #9470. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Michael Adam <obnox@samba.org>
2012-12-10s4:dsdb/operational: fix stripping of the nTSecurityDescriptor attributeStefan Metzmacher1-2/+12
If the sd_flags control is specified, we should return nTSecurityDescriptor only if the client asked for all attributes. If there's a list of only explicit attribute names, we should ignore the sd_flags control. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Michael Adam <obnox@samba.org>
2012-12-10s4:dsdb/acl_read: return the nTSecurityDescriptor attr if the sd_flags ↵Stefan Metzmacher1-2/+9
control is given (bug #9470) Not returning the nTSecurityDescriptor causes a lot of problems. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Michael Adam <obnox@samba.org>
2012-12-10s4:dsdb/acl_read: give some variables a better nameStefan Metzmacher1-10/+13
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Michael Adam <obnox@samba.org>
2012-12-10s4:dsdb/acl_read: fix the calculation of the attribute array for the sub searchStefan Metzmacher1-14/+19
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Michael Adam <obnox@samba.org>
2012-12-10s4:dsdb/acl_read: check the ldb_attr_list_copy_add() resultStefan Metzmacher1-0/+12
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Michael Adam <obnox@samba.org>
2012-12-10s4:dsdb/dirsync: fix potential talloc hierachy problems (bug #9470)Stefan Metzmacher1-3/+3
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Michael Adam <obnox@samba.org>
2012-12-09s4-torture: call the s4u2self tests with arcfour and aes.Günther Deschner1-12/+47
Guenther Signed-off-by: Günther Deschner <gd@samba.org> Signed-off-by: Stefan Metzmacher <metze@samba.org> Autobuild-User(master): Stefan Metzmacher <metze@samba.org> Autobuild-Date(master): Sun Dec 9 21:24:44 CET 2012 on sn-devel-104
2012-12-09s4-torture: precalculate expected session keys from samlogon in schannel test.Günther Deschner1-7/+111
Guenther Signed-off-by: Günther Deschner <gd@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
2012-12-09libcli/auth: support AES decryption in netlogon_creds_decrypt_samlogon().Günther Deschner1-0/+14
Guenther Signed-off-by: Günther Deschner <gd@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
2012-12-09libcli/auth: remove trailing whitespace.Günther Deschner1-38/+38
Guenther Signed-off-by: Günther Deschner <gd@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
2012-12-09s3-auth: remove crypto from serverinfo_to_SamInfoX calls.Günther Deschner5-34/+30
All crypto is dealt with within the netlogon samlogon server now. Guenther Signed-off-by: Günther Deschner <gd@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
2012-12-09s3-rpc_server: Remove obsolete process_creds boolean in samlogon server.Günther Deschner1-24/+3
Guenther Signed-off-by: Günther Deschner <gd@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
2012-12-09s3-auth: session keys in validation level 6 samlogon replies are *not* ↵Günther Deschner1-8/+0
encrypted. Guenther Signed-off-by: Günther Deschner <gd@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
2012-12-09s3-rpc_server: support AES for interactive netlogon samlogon password ↵Günther Deschner3-37/+36
decryption. Still need to fix AES support for the returned validation info. Guenther Signed-off-by: Günther Deschner <gd@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
2012-12-09s4-rpc_server: support AES encryption in interactive and generic samlogon.Günther Deschner1-5/+23
Guenther Signed-off-by: Günther Deschner <gd@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
2012-12-09s3-rpc_server: we need to encrypt OWFs using DES in _netr_ServerGetTrustInfo().Günther Deschner1-2/+2
Sumit, please check. Guenther Signed-off-by: Günther Deschner <gd@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
2012-12-09s4-torture: validate owf password hash and negotiate AES in forest trust test.Günther Deschner1-1/+12
Guenther Signed-off-by: Günther Deschner <gd@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
2012-12-09s4-torture: validate owf password hash and negotiate AES ServerGetTrustInfo ↵Günther Deschner1-4/+33
test. Guenther Signed-off-by: Günther Deschner <gd@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
2012-12-09s3-rpc_server: pass down netlogon cred state in _netr_ServerGetTrustInfo().Günther Deschner1-9/+5
Guenther Signed-off-by: Günther Deschner <gd@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
2012-12-09s4-torture: use netlogon_creds_arcfour_crypt() in samba3rpc test.Günther Deschner1-6/+3
Guenther Signed-off-by: Günther Deschner <gd@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
2012-12-09s4-torture: exit early when join fails in samba3rpc tests.Günther Deschner1-2/+4
Guenther Signed-off-by: Günther Deschner <gd@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
2012-12-09s4-torture: support AES encryption in interactive samlogon tests in rpc.samr.Günther Deschner1-2/+5
Guenther Signed-off-by: Günther Deschner <gd@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
2012-12-09s4-torture: support AES encryption in pac_verify/generic samlogon netlogon ↵Günther Deschner1-19/+68
tests. Guenther Signed-off-by: Günther Deschner <gd@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
2012-12-09s4-torture: use names for r.in.logon_level of netlogon samlogon requests.Günther Deschner6-10/+10
Guenther Signed-off-by: Günther Deschner <gd@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
2012-12-09s4-torture: remove trailing whitespace in smbtorture remote_pac test.Günther Deschner1-41/+41
Guenther Signed-off-by: Günther Deschner <gd@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
2012-12-09s3-rpc_client: use netlogon_creds_aes_encrypt in interactive netlogon samlogon.Günther Deschner1-1/+4
Guenther Signed-off-by: Günther Deschner <gd@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
2012-12-09s4-rpc_server: support AES decryption in netr_ServerPasswordSet2 server.Günther Deschner1-1/+6
Guenther Signed-off-by: Günther Deschner <gd@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
2012-12-09s4-torture: add AES support for netr_ServerPasswordSet2 tests.Günther Deschner1-6/+29
Guenther Signed-off-by: Günther Deschner <gd@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
2012-12-09s4-torture: pass down netlogon flags in netr_ServerPasswordSet2 tests.Günther Deschner1-4/+12
Guenther Signed-off-by: Günther Deschner <gd@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
2012-12-09s4-torture: remove trailing whitespace from netlogon test.Günther Deschner1-105/+105
Guenther Signed-off-by: Günther Deschner <gd@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
2012-12-09s3-rpc_server: support AES decryption in netr_ServerPasswordSet2 server.Günther Deschner1-1/+6
Guenther Signed-off-by: Günther Deschner <gd@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
2012-12-09s3-rpc_client: support AES encryption in netr_ServerPasswordSet2 client.Günther Deschner1-2/+6
Guenther Signed-off-by: Günther Deschner <gd@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
2012-12-09s3-rpc_client: use netlogon_creds_arcfour_crypt() in init_netr_CryptPassword.Günther Deschner3-5/+5
Guenther Signed-off-by: Günther Deschner <gd@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
2012-12-09libcli/auth: add netlogon_creds_aes_{en|de}crypt routines.Günther Deschner2-0/+30
Guenther Signed-off-by: Günther Deschner <gd@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
2012-12-08wafsamba: replace try:except: case with explicit comment about FIPS modeAlexander Bokovoy1-8/+7
Since exceptions will be caught be outer try:except: pair anyway, mark the test of MD5 code by the comment that explains why we need to really test it. Do it for both hashlib.md5 and md5 modules. Autobuild-User(master): Alexander Bokovoy <ab@samba.org> Autobuild-Date(master): Sat Dec 8 18:41:07 CET 2012 on sn-devel-104
2012-12-08wafsamba: Make sure md5 is really work before using it or overriding the ↵Alexander Bokovoy1-0/+8
hash function In FIPS mode importing md5 Python module will not cause any error but calling md5.md5() function will throw ValueError since md5 is not available. Make sure md5.md5() actually works and if not, fall back to use hash replacement that we already have in wafsamba. Reviewed-by: Andreas Schneider <asn@samba.org> Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org> Autobuild-Date(master): Sat Dec 8 13:30:07 CET 2012 on sn-devel-104
2012-12-08samba-tool processes: Make the output a bit neaterRicky Nance1-5/+5
Reviewed-By: Jelmer Vernooij <jelmer@samba.org> Autobuild-User(master): Jelmer Vernooij <jelmer@samba.org> Autobuild-Date(master): Sat Dec 8 03:34:29 CET 2012 on sn-devel-104
2012-12-07winbind: Make the code more readable in trustdom_list_done().Andreas Schneider1-15/+19
Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Jim McDonough <jmcd@samba.org> Autobuild-User(master): Jim McDonough <jmcd@samba.org> Autobuild-Date(master): Fri Dec 7 22:38:43 CET 2012 on sn-devel-104
2012-12-07Fix bug #9471 - SEGV when using second vfs module.Tsukasa Hamano1-1/+1
Don't use default_classname_table when we obviously shoud be using classname_table. Reviewed by: Jeremy Allison <jra@samba.org> Reviewed-by: Michael Adam <obnox@samba.org> Autobuild-User(master): Michael Adam <obnox@samba.org> Autobuild-Date(master): Fri Dec 7 17:51:50 CET 2012 on sn-devel-104
2012-12-07s4:dsdb/descriptor: fix replication of NC headsStefan Metzmacher1-2/+2
The sub NC heads maybe replicated with the parent partition, if we don't need to recalculate the nTSecurityDescriptor attribute in that case, the replication of the of the sub partition should handle that. This fixes error messages like this: descriptor_sd_propagation_recursive: DC=ForestDnsZones,DC=s40dom,DC=base not found under DC=s40dom,DC=base Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Michael Adam <obnox@samba.org>
2012-12-07s4:dsdb/acl_read: improve debugging for fatal errorStefan Metzmacher1-3/+18
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Michael Adam <obnox@samba.org>
2012-12-07s4:dsdb/acl_read: keep the ldb_message of the sub search (bug #9470)Stefan Metzmacher1-0/+5
Some modules might not allocate values on the correct memory context. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Michael Adam <obnox@samba.org>
2012-12-07s4:dsdb/schema_data.c: correctly move the CN=Aggregate attributes to ↵Stefan Metzmacher1-6/+18
msg->elements[i].values (bug #9470) We should keep the talloc hierarchy sane. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Michael Adam <obnox@samba.org>