summaryrefslogtreecommitdiff
path: root/source4
AgeCommit message (Collapse)AuthorFilesLines
2013-01-15dsdb: Add test for modification of two attributes, one permitted, one denied ↵Andrew Bartlett1-0/+15
(bug #9554 - CVE-2013-0172) Reviewed-by: Stefan Metzmacher <metze@samba.org> (cherry picked from commit 8bafe0871526cd5d5e7fdbe123ab661379f64cb1) Autobuild-User(master): Stefan Metzmacher <metze@samba.org> Autobuild-Date(master): Tue Jan 15 14:03:47 CET 2013 on sn-devel-104
2013-01-15dsdb-acl: Run sec_access_check_ds on each attribute proposed to modify (bug ↵Andrew Bartlett1-28/+27
#9554 - CVE-2013-0172) This seems inefficient, but is needed for correctness. The alternative might be to have the sec_access_check_ds code confirm that *all* of the nodes in the object tree have been cleared to node->remaining_bits == 0. Otherwise, I fear that write access to one attribute will become write access to all attributes. Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> (cherry picked from commit d776fd807e0c9a62f428ce666ff812655f98bc47)
2013-01-12dsdb: Make linked_attributes module GUID based for renamesAndrew Bartlett1-13/+64
This ensures that when we have the backlink out of sync with the forward link (perhaps due to another operation that has put the backlink handling in an end-of-transaction TODO list in repl_meta_data) that we do not error out, we just cope as well as we can. The GUID is the unique identifier, not the DN. Andrew Bartlett Reviewed-by: Stefan Metzmacher <metze@samba.org> Autobuild-User(master): Stefan Metzmacher <metze@samba.org> Autobuild-Date(master): Sat Jan 12 12:52:28 CET 2013 on sn-devel-104
2013-01-12s4-resolve: Fix parsing of IPv6/AAAA in dns_lookup (bug #9555)Arvid Requate1-0/+1
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2013-01-10scripting/samba_upgradedns: Only look for IPv4/IPv6 addresses if we actually ↵Andrew Bartlett1-21/+22
them This allows the script to be used to create/remove the samba-specific dns-SERVER account when we do not need to create the in-directory partition. Andrew Bartlett Reviewed-by: Stefan Metzmacher <metze@samba.org> Autobuild-User(master): Stefan Metzmacher <metze@samba.org> Autobuild-Date(master): Thu Jan 10 20:56:50 CET 2013 on sn-devel-104
2013-01-10samba-tool classicupgrade: Do not print the admin password during upgradeAndrew Bartlett1-1/+10
This changes the code to only set and show a new password if no admin user is found during the upgrade. Andrew Bartlett Reviewed-by: Stefan Metzmacher <metze@samba.org> Autobuild-User(master): Stefan Metzmacher <metze@samba.org> Autobuild-Date(master): Thu Jan 10 16:55:23 CET 2013 on sn-devel-104
2013-01-10s4-idmap: Remove requirement that posixAccount or posixGroup be set for rfc2307Andrew Bartlett1-6/+3
This change matches the source3/idmap/idmap_ad.c code, and allows this feature to work with only the setting of the UID/GID in Active Directory Users and Computers. Andrew Bartlett Reviewed-by: Stefan Metzmacher <metze@samba.org>
2013-01-10selftest: Add test for rfc2307 mapping handlingAndrew Bartlett1-0/+1
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2013-01-10dsdb-acl: give error string if we can not obtain the schemaAndrew Bartlett1-2/+3
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2013-01-10s4-dbcheck: Allow forcing an override of an old @MODULES recordAndrew Bartlett2-4/+29
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2013-01-09Use the new directory_create_or_exist_strict() function.Andreas Schneider4-5/+10
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-01-09samba_dnsupdate: set KRB5_CONFIG for nsupdate commandBjörn Baumbach1-4/+5
Let nslookup use krb5.conf, which is set in our KRB5_CONFIG. Signed-off-by: Björn Baumbach <bb@sernet.de> Reviewed-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-01-09s4:lib/messaging: terminate the irpc_servers_byname() result with ↵Stefan Metzmacher2-4/+4
server_id_set_disconnected() (bug #9540) Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-01-09libnet-vampire: reports Exops as they rather than sync on some partitionsMatthieu Patou1-6/+27
Instead of showing: Partition[CN=RODC,OU=Domain Controllers,DC=samba,DC=example,DC=com] objects[1] linked_values[8] Report a exop based on CN=RODC,OU=Domain Controllers,DC=samba,DC=example,DC=com as Exop on CN=RODC,OU=Domain Controllers,DC=samba,DC=example,DC=com, ... Signed-off-by: Matthieu Patou <mat@matws.net> Reviewed-By: Andrew Bartlett <abartlet@samba.org> Autobuild-User(master): Matthieu Patou <mat@samba.org> Autobuild-Date(master): Wed Jan 9 09:01:30 CET 2013 on sn-devel-104
2013-01-09libnet: set the invocation_id earlier in order to avoid annoying messagesMatthieu Patou1-13/+13
At that moment we have all the information to set the invocation id so let's set it, it will avoid useless messages about missing invocation id. Signed-off-by: Matthieu Patou <mat@matws.net> Reviewed-By: Andrew Bartlett <abartlet@samba.org>
2013-01-08samba-tool Add --service argument to samba-tool ntacl get/setAndrew Bartlett1-6/+10
This also ensures a VFS connect is done to the correct service. Andrew Bartlett Reviewed-by: Jeremy Allison <jra@samba.org> Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Tue Jan 8 03:39:21 CET 2013 on sn-devel-104
2013-01-07pysmbd: Change to keyword based argumentsAndrew Bartlett1-4/+4
Reviewed-by: Jeremy Allison <jra@samba.org>
2013-01-07scripting-provision: Set sysvol ACLs on the sysvol shareAndrew Bartlett1-14/+23
This allows us to correctly load any modules that have been specified by the smb.conf for [sysvol] and issue a VFS connect operation which may be required by some VFS modules. Andrew Bartlett Reviewed-by: Jeremy Allison <jra@samba.org>
2013-01-07scripting-ntacls: Optionally allow the service to be specified.Andrew Bartlett1-6/+6
Providing a service allows a VFS connect to be issued on the correct service, and so ensures that the correct modules are loaded rather than just what is specified in [globals]. Andrew Bartlett Reviewed-by: Jeremy Allison <jra@samba.org>
2013-01-07spoolss: add stubs for new JobNamedProperty dcerpc calls.Günther Deschner1-0/+37
Guenther Signed-off-by: Günther Deschner <gd@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org> Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org> Autobuild-Date(master): Mon Jan 7 19:06:25 CET 2013 on sn-devel-104
2013-01-01s4:drsuapi: try to behave more like windows for usn order (bug #9508)Stefan Metzmacher1-11/+18
We don't behave completely like a Windows server, but it's much more identical than before. The partition head is always the first object followed by the rest sorted by uSNChanged. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Autobuild-User(master): Stefan Metzmacher <metze@samba.org> Autobuild-Date(master): Tue Jan 1 21:09:42 CET 2013 on sn-devel-104
2013-01-01s4:drsuapi: make use of LDB_TYPESAFE_QSORT() and pass getnc_stateStefan Metzmacher1-10/+14
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-01-01s4:drsuapi: make sure we report the meta data from the cycle start (bug #9508)Stefan Metzmacher1-9/+38
We should build the final highwatermark and uptodatevector of a replication cycle at the start of the cycle. Before we search for the currently missing objects. Otherwise we risk that some objects get lost. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-01-01s4:drsuapi: check the source_dsa_invocation_id (bug #9508)Stefan Metzmacher1-0/+15
The given highwatermark is only valid relative to the specified source_dsa_invocation_id. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-01-01s4:drsuapi: make sure we never return the same highwatermark twice in a ↵Stefan Metzmacher1-0/+36
replication cycle (bug #9508) If the highwatermark given by the client is not the one we expect, we need to start a new replication cycle. Otherwise the destination dsa skips objects and linked attribute values. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-01-01s4:drsuapi: add drsuapi_DsReplicaHighWaterMark_cmp()Stefan Metzmacher1-0/+20
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-01-01s4:drsuapi: always use the current uptodateness_vectorStefan Metzmacher1-11/+9
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-01-01s4:drsuapi: avoid a ldb_dn_copy() and use talloc_move() insteadStefan Metzmacher1-3/+3
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-01-01s4:drsuapi: remove unused 'highest_usn' from drsuapi_getncchanges_stateStefan Metzmacher1-4/+0
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-01-01s4:drsuapi: move struct drsuapi_getncchanges_state to the top of getncchanges.cStefan Metzmacher1-17/+17
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-01-01s4:dsdb/drepl: update the source_dsa_obj/invocation_id in repsFromStefan Metzmacher1-0/+4
The highwatermark is relative to the source_dsa_invocation_id. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-01-01s4:dsdb/common: use 01.01.1970 as last_sync_success for our entry in the ↵Stefan Metzmacher1-3/+4
uptodatevector This matches a Windows 2008R2 and 2012 server. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-01-01s4:dsdb/common: use LDB_SEQ_HIGHEST_SEQ for our entry in the uptodatevectorStefan Metzmacher1-2/+2
We should use the global highestCommittedUSN, not the per partition value. This matches a Windows 2008R2 and 2012 server. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-01-01s4:dsdb/repl_meta_data: don't merge highwatermark and uptodatevector (bug #9508)Stefan Metzmacher1-38/+1
We should not do any magic regarding the highwatermark we got from the source dsa. We need to treat it as opaque and not try to be smart and merge it into the uptodatevector. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-01-01s4:dsdb/repl_meta_data: also update the last_sync_success in replUpToDateVectorStefan Metzmacher1-5/+1
This matches Windows 2008R2 and Windows 2012. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-01-01s4:dsdb/repl_meta_data: store the last results and timestamps in the repsFromStefan Metzmacher1-0/+3
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-01-01s4:dsdb/repl_meta_data: always treat the highwatermark as opaque (bug #9508)Stefan Metzmacher1-1/+0
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-01-01s4:scripting/python: always treat the highwatermark as opaque (bug #9508)Stefan Metzmacher3-3/+3
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-01-01Happy New Year 2013Stefan Metzmacher1-1/+1
Signed-off-by: Stefan Metzmacher <metze@samba.org>
2012-12-21s4-libcli: Use a do-while loop.Andreas Schneider1-3/+3
Found by Coverity. Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Günther Deschner <gd@samba.org>
2012-12-21s4-dsdb: Make it clear that we want to fall trough here.Andreas Schneider1-0/+1
Found by Coverity. Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Günther Deschner <gd@samba.org>
2012-12-21s4-librpc: Remove dead code in smb_send_request().Andreas Schneider1-4/+0
If trigger_read we return earlier. Found by Coverity. Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Günther Deschner <gd@samba.org>
2012-12-21s4-libnet: Checkr return codes in samsync_ldb_handle_domain().Andreas Schneider1-3/+15
Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Günther Deschner <gd@samba.org>
2012-12-21s4-regsitry: Check return value of ldb_msg_add_empty().Andreas Schneider1-1/+7
Found by Coverity. Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Günther Deschner <gd@samba.org>
2012-12-21s4-lib: Use directory_create_or_exist() to create messaging dir.Andreas Schneider1-1/+6
Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Günther Deschner <gd@samba.org>
2012-12-21s4-client: Check return codes in do_connect().Andreas Schneider1-2/+18
Found by Coverity. Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Günther Deschner <gd@samba.org>
2012-12-16s4-rpc_server: use netlogon_creds_encrypt_samlogon().Günther Deschner1-34/+3
Guenther Signed-off-by: Günther Deschner <gd@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Autobuild-User(master): Günther Deschner <gd@samba.org> Autobuild-Date(master): Sun Dec 16 01:34:01 CET 2012 on sn-devel-104
2012-12-15libcli/auth: rename netlogon_creds_decrypt_samlogon() to ↵Günther Deschner2-6/+12
netlogon_creds_decrypt_samlogon_validation(). Guenther Signed-off-by: Günther Deschner <gd@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2012-12-13s4-libnet: Fix setting the group handle and return codes.Andreas Schneider1-4/+9
Found by Coverity. Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Günther Deschner <gd@samba.org> Autobuild-User(master): Günther Deschner <gd@samba.org> Autobuild-Date(master): Thu Dec 13 01:01:14 CET 2012 on sn-devel-104
2012-12-12s4-socket: Make sure unix socket addresses are null terminated.Andreas Schneider1-5/+5
Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Günther Deschner <gd@samba.org>