summaryrefslogtreecommitdiff
AgeCommit message (Collapse)AuthorFilesLines
2012-12-09s3-auth: remove crypto from serverinfo_to_SamInfoX calls.Günther Deschner5-34/+30
All crypto is dealt with within the netlogon samlogon server now. Guenther Signed-off-by: Günther Deschner <gd@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
2012-12-09s3-rpc_server: Remove obsolete process_creds boolean in samlogon server.Günther Deschner1-24/+3
Guenther Signed-off-by: Günther Deschner <gd@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
2012-12-09s3-auth: session keys in validation level 6 samlogon replies are *not* ↵Günther Deschner1-8/+0
encrypted. Guenther Signed-off-by: Günther Deschner <gd@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
2012-12-09s3-rpc_server: support AES for interactive netlogon samlogon password ↵Günther Deschner3-37/+36
decryption. Still need to fix AES support for the returned validation info. Guenther Signed-off-by: Günther Deschner <gd@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
2012-12-09s4-rpc_server: support AES encryption in interactive and generic samlogon.Günther Deschner1-5/+23
Guenther Signed-off-by: Günther Deschner <gd@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
2012-12-09s3-rpc_server: we need to encrypt OWFs using DES in _netr_ServerGetTrustInfo().Günther Deschner1-2/+2
Sumit, please check. Guenther Signed-off-by: Günther Deschner <gd@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
2012-12-09s4-torture: validate owf password hash and negotiate AES in forest trust test.Günther Deschner1-1/+12
Guenther Signed-off-by: Günther Deschner <gd@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
2012-12-09s4-torture: validate owf password hash and negotiate AES ServerGetTrustInfo ↵Günther Deschner1-4/+33
test. Guenther Signed-off-by: Günther Deschner <gd@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
2012-12-09s3-rpc_server: pass down netlogon cred state in _netr_ServerGetTrustInfo().Günther Deschner1-9/+5
Guenther Signed-off-by: Günther Deschner <gd@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
2012-12-09s4-torture: use netlogon_creds_arcfour_crypt() in samba3rpc test.Günther Deschner1-6/+3
Guenther Signed-off-by: Günther Deschner <gd@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
2012-12-09s4-torture: exit early when join fails in samba3rpc tests.Günther Deschner1-2/+4
Guenther Signed-off-by: Günther Deschner <gd@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
2012-12-09s4-torture: support AES encryption in interactive samlogon tests in rpc.samr.Günther Deschner1-2/+5
Guenther Signed-off-by: Günther Deschner <gd@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
2012-12-09s4-torture: support AES encryption in pac_verify/generic samlogon netlogon ↵Günther Deschner1-19/+68
tests. Guenther Signed-off-by: Günther Deschner <gd@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
2012-12-09s4-torture: use names for r.in.logon_level of netlogon samlogon requests.Günther Deschner6-10/+10
Guenther Signed-off-by: Günther Deschner <gd@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
2012-12-09s4-torture: remove trailing whitespace in smbtorture remote_pac test.Günther Deschner1-41/+41
Guenther Signed-off-by: Günther Deschner <gd@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
2012-12-09s3-rpc_client: use netlogon_creds_aes_encrypt in interactive netlogon samlogon.Günther Deschner1-1/+4
Guenther Signed-off-by: Günther Deschner <gd@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
2012-12-09s4-rpc_server: support AES decryption in netr_ServerPasswordSet2 server.Günther Deschner1-1/+6
Guenther Signed-off-by: Günther Deschner <gd@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
2012-12-09s4-torture: add AES support for netr_ServerPasswordSet2 tests.Günther Deschner1-6/+29
Guenther Signed-off-by: Günther Deschner <gd@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
2012-12-09s4-torture: pass down netlogon flags in netr_ServerPasswordSet2 tests.Günther Deschner1-4/+12
Guenther Signed-off-by: Günther Deschner <gd@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
2012-12-09s4-torture: remove trailing whitespace from netlogon test.Günther Deschner1-105/+105
Guenther Signed-off-by: Günther Deschner <gd@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
2012-12-09s3-rpc_server: support AES decryption in netr_ServerPasswordSet2 server.Günther Deschner1-1/+6
Guenther Signed-off-by: Günther Deschner <gd@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
2012-12-09s3-rpc_client: support AES encryption in netr_ServerPasswordSet2 client.Günther Deschner1-2/+6
Guenther Signed-off-by: Günther Deschner <gd@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
2012-12-09s3-rpc_client: use netlogon_creds_arcfour_crypt() in init_netr_CryptPassword.Günther Deschner3-5/+5
Guenther Signed-off-by: Günther Deschner <gd@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
2012-12-09libcli/auth: add netlogon_creds_aes_{en|de}crypt routines.Günther Deschner2-0/+30
Guenther Signed-off-by: Günther Deschner <gd@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
2012-12-08wafsamba: replace try:except: case with explicit comment about FIPS modeAlexander Bokovoy1-8/+7
Since exceptions will be caught be outer try:except: pair anyway, mark the test of MD5 code by the comment that explains why we need to really test it. Do it for both hashlib.md5 and md5 modules. Autobuild-User(master): Alexander Bokovoy <ab@samba.org> Autobuild-Date(master): Sat Dec 8 18:41:07 CET 2012 on sn-devel-104
2012-12-08wafsamba: Make sure md5 is really work before using it or overriding the ↵Alexander Bokovoy1-0/+8
hash function In FIPS mode importing md5 Python module will not cause any error but calling md5.md5() function will throw ValueError since md5 is not available. Make sure md5.md5() actually works and if not, fall back to use hash replacement that we already have in wafsamba. Reviewed-by: Andreas Schneider <asn@samba.org> Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org> Autobuild-Date(master): Sat Dec 8 13:30:07 CET 2012 on sn-devel-104
2012-12-08samba-tool processes: Make the output a bit neaterRicky Nance1-5/+5
Reviewed-By: Jelmer Vernooij <jelmer@samba.org> Autobuild-User(master): Jelmer Vernooij <jelmer@samba.org> Autobuild-Date(master): Sat Dec 8 03:34:29 CET 2012 on sn-devel-104
2012-12-07winbind: Make the code more readable in trustdom_list_done().Andreas Schneider1-15/+19
Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Jim McDonough <jmcd@samba.org> Autobuild-User(master): Jim McDonough <jmcd@samba.org> Autobuild-Date(master): Fri Dec 7 22:38:43 CET 2012 on sn-devel-104
2012-12-07Fix bug #9471 - SEGV when using second vfs module.Tsukasa Hamano1-1/+1
Don't use default_classname_table when we obviously shoud be using classname_table. Reviewed by: Jeremy Allison <jra@samba.org> Reviewed-by: Michael Adam <obnox@samba.org> Autobuild-User(master): Michael Adam <obnox@samba.org> Autobuild-Date(master): Fri Dec 7 17:51:50 CET 2012 on sn-devel-104
2012-12-07s4:dsdb/descriptor: fix replication of NC headsStefan Metzmacher1-2/+2
The sub NC heads maybe replicated with the parent partition, if we don't need to recalculate the nTSecurityDescriptor attribute in that case, the replication of the of the sub partition should handle that. This fixes error messages like this: descriptor_sd_propagation_recursive: DC=ForestDnsZones,DC=s40dom,DC=base not found under DC=s40dom,DC=base Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Michael Adam <obnox@samba.org>
2012-12-07s4:dsdb/acl_read: improve debugging for fatal errorStefan Metzmacher1-3/+18
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Michael Adam <obnox@samba.org>
2012-12-07s4:dsdb/acl_read: keep the ldb_message of the sub search (bug #9470)Stefan Metzmacher1-0/+5
Some modules might not allocate values on the correct memory context. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Michael Adam <obnox@samba.org>
2012-12-07s4:dsdb/schema_data.c: correctly move the CN=Aggregate attributes to ↵Stefan Metzmacher1-6/+18
msg->elements[i].values (bug #9470) We should keep the talloc hierarchy sane. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Michael Adam <obnox@samba.org>
2012-12-07s4:dsdb/schema: fix dsdb_schema_set_el_from_ldb_msg() (bug #9470)Stefan Metzmacher1-7/+7
We should always update the ts_last_change. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Michael Adam <obnox@samba.org>
2012-12-07s3: Fix clear_if_first for the async echo handlerVolker Lendecke1-1/+1
A worker smbd is as not long-lived as the main smbd, but as the async echo handler exits when the worker smbd does, passing "true" here is the right thing to do and fixes our clear_if_first handling when the async echo handler is active. Reviewed-by: Christian Ambach <ambi@samba.org> Autobuild-User(master): Christian Ambach <ambi@samba.org> Autobuild-Date(master): Fri Dec 7 11:29:36 CET 2012 on sn-devel-104
2012-12-06s4:dsdb/password_hash: Honor password complexity settings.Stefan Metzmacher1-1/+7
Honor password complexity settings when creating new users. Without this patch, you could set simple passwords although the complexity settings were enabled. This was an issue with 'samba-tool user add' and also when adding new users via Windows' "Active Directory Users and Computers" MMC Snap-In. The following scenarios were tested successfully after applying the patch: -'samba-tool user add' against s4 -'samba-tool user add -H' against a Windows DC -Adding a new user on a s4 DC using Windows' "Active Directory Users and Computers" MMC Snap-In. Please note that this bug was caused by a mistake in the documentation. Fix bug #9414 - 'samba-tool user add' ignores password complexity settings. Pair-programmed-with: Karolin Seeger <kseeger@samba.org> Signed-off-by: Stefan Metzmacher <metze@samba.org> Signed-off-by: Karolin Seeger <kseeger@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Autobuild-User(master): Andrew Bartlett <abartlet@samba.org> Autobuild-Date(master): Thu Dec 6 05:11:43 CET 2012 on sn-devel-104
2012-12-06build: Install .po files for SWAT intl supportAndrew Bartlett1-0/+3
2012-12-06scripting: Handle missing LDAP entries in samba-tool domain classicupgradeAndrew Bartlett1-0/+6
Reported-by: Thomas Simmons <twsnnva@gmail.com>
2012-12-06Clean up client timeout definitions [rev. 2]Scott Lovenberg4-8/+5
The definitions for default client timeout values have been moved to client.h. When initializing a client struct we use this value instead of the old hardcoded value. The timeout value remains 20 seconds. Signed-off-by: Scott Lovenberg <scott.lovenberg@gmail.com> Reviewed by: Jeremy Allison <jra@samba.org> Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Thu Dec 6 03:25:58 CET 2012 on sn-devel-104
2012-12-05s3:smbd: fix a cut and paste error in a debug messageMichael Adam1-2/+2
Signed-off-by: Michael Adam <obnox@samba.org> Reviewed by: Jeremy Allison <jra@samba.org>
2012-12-05Documentation fixes for bug #9462 - Users can not be given write permissions ↵Jeremy Allison8-36/+4
any more by default Ensure we don't apply the masks + force modes on security setting changes, only on create. Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Michael Adam <obnox@samba.org>
2012-12-05s3:smbd: don't apply create/directory mask and modes in apply_default_perms()Michael Adam1-77/+11
The mask/mode parameters should only apply to a situation with only pure posix permissions. Once we are dealing with ACLs and inheritance, we need to do it correctly. This fixes bug #9462: Users can not be given write permissions any more by default Signed-off-by: Michael Adam <obnox@samba.org> Reviewed by: Jeremy Allison <jra@samba.org>
2012-12-06Fix bug #9460 - Samba 3.6.x and Master respond incorrectly to ↵Richard Sharpe1-1/+22
FILE_STREAM_INFO requests. Ensure we check the buffer size correctly. Reviewed by: Jeremy Allison <jra@samba.org> Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Thu Dec 6 01:31:08 CET 2012 on sn-devel-104
2012-12-05wsgi: Serve '500 Internal Server Error' page when errors occur.Jelmer Vernooij1-0/+19
Autobuild-User(master): Jelmer Vernooij <jelmer@samba.org> Autobuild-Date(master): Wed Dec 5 18:40:25 CET 2012 on sn-devel-104
2012-12-05web_server: Make second argument to websrv_output const.Jelmer Vernooij2-2/+2
2012-12-05wsgi: When encountering error in Python code, print traceback to logs.Jelmer Vernooij1-9/+52
Signed-off-by: Jelmer Vernooij <jelmer@samba.org>
2012-12-04BUG 9459: Install manpages only if we install the target.Andreas Schneider1-4/+5
Reviewed-by: Alexander Bokovoy <ab@samba.org> Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org> Autobuild-Date(master): Tue Dec 4 18:07:47 CET 2012 on sn-devel-104
2012-12-04Remove unused append_parent_acl().Jeremy Allison2-204/+0
Get rid of a large chunk of unused code. Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: David Disseldorp <ddiss@samba.org> Autobuild-User(master): David Disseldorp <ddiss@samba.org> Autobuild-Date(master): Tue Dec 4 11:59:30 CET 2012 on sn-devel-104
2012-12-04s3:smbd:vfs_acl: fix a PANIC when setting an ACL fails with ACCESS_DENIEDMichael Adam1-0/+1
Omission to free the talloc frame causes a panic (at least in developer mode) in the next main event loop due to "Frame not freed in order." (Freed frame ../source3/smbd/process.c:3617, expected ../source3/modules/vfs_acl_common.c:534.) Signed-off-by: Michael Adam <obnox@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> Autobuild-User(master): Stefan Metzmacher <metze@samba.org> Autobuild-Date(master): Tue Dec 4 09:03:25 CET 2012 on sn-devel-104
2012-12-03s3:passdb: fix building pdb_ldap as shared moduleMichael Adam2-2/+3
Signed-off-by: Michael Adam <obnox@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org> Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org> Autobuild-Date(master): Mon Dec 3 19:12:29 CET 2012 on sn-devel-104