summaryrefslogtreecommitdiff
path: root/source4
AgeCommit message (Collapse)AuthorFilesLines
2013-11-05cldap_server: Do not handle netlogon ourself anymoreBenjamin Franzke2-62/+0
Netlogon is now handled by the ldb rootdse module. The netlogon files are moved to dsdb in the next commit.
2013-11-01s4:torture/netlogon: Test with attrs: "netlogon *"Benjamin Franzke1-1/+10
2013-11-01s4:torture/netlogon: Test netlogon with additional attrsBenjamin Franzke1-0/+45
2013-11-01s4:torture/netlogon: Add more genereric tcp netlogon functionBenjamin Franzke1-16/+35
To be able to query custom attrs and filters later.
2013-11-01s4:torture/ldap: Add test for netlogon over tcpBenjamin Franzke4-330/+483
This patch moves the udp netlogon tests from cldap.c to netlogon.c and passes a generic netlogon-send function as parameter. Therefore a tcp replacement for cldap_netlogon is also added. The two variants tcp and udp are added as 2 new torture tests: ldap.netlogon-udp & ldap.netlogon-tcp Both tests succeed.
2013-11-01s4:rootdse/netlogon: Pass client ip addressBenjamin Franzke3-1/+15
This patch may be squashed into "s4:dsdb/rootdse: Support netlogon request".
2013-11-01s4:dsdb/rootdse: Netlogon maybe requested with other attrsBenjamin Franzke1-53/+17
MS AD allows netlogon requests to request other attributes, as long as the search parameter is correct, e.g: ldapsearch -h 192.168.122.2 -x -b '' -s base \ "(&(NtVer=\06\00\00\00)(AAC=\00\00\00\00))" \ supportedLDAPPolicies netlogon This also removes an old check that for requests having a netlogon attribute returned zero elements. This is not true, if there is a valid netlogon filter. This patch is to be squashed into "s4:dsdb/rootdse: Support netlogon request".
2013-11-01s4:dsdb/rootdse: Support netlogon requestBenjamin Franzke2-1/+91
This patch adds support for a netlogon ldap style request over the tcp socket. This is available since win2k3+ [1]. The automatic client join & configuration daemon "realmd" makes use of this ability. Realmd can now be used to join a computer to a samba 4 domain. (See also: https://lists.samba.org/archive/samba-technical/2013-October/095606.html) Tested with: ldapsearch -h samba-srv -x -b '' -s base "(&(NtVer=\06\00\00\00)(AAC=\00\00\00\00))" NetLogon And compared the result in wireshark with cldap request issued by examples/misc/cldap.pl. [1]: http://wiki.wireshark.org/MS-CLDAP?action=recall&rev=8
2013-11-01s4:dsdb/rootdse: Pass rootdse context to rootdse_add_dynamicBenjamin Franzke1-20/+19
This replaced the *module parameter, and uses ac->module in the function instead, same for *req and *attrs.
2013-11-01s4:cldap_server: Move netlogon parsing into utility functionBenjamin Franzke2-34/+73
To be used later by netlogon-request over ldap.
2013-10-27auth-kerberos: add the credentials.h so that enum credentials_obtained is ↵Matthieu Patou1-0/+1
defined We had a warning about the enum being defined in the parameter list: warning: ‘enum credentials_obtained’ declared inside parameter list Signed-off-by: Matthieu Patou <mat@matws.net> Reviewed-by: Andrew Bartlet <abartlet@samba.org> Autobuild-User(master): Matthieu Patou <mat@samba.org> Autobuild-Date(master): Sun Oct 27 02:25:47 CET 2013 on sn-devel-104
2013-10-25torture: add FSCTL_SRV_COPYCHUNK_WRITE access testDavid Disseldorp1-2/+51
Check that FSCTL_SRV_COPYCHUNK_WRITE succeeds when the copy-chunk target is opened with SEC_RIGHTS_FILE_WRITE only. Signed-off-by: David Disseldorp <ddiss@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Fri Oct 25 22:48:59 CEST 2013 on sn-devel-104
2013-10-25s4-dsacl: Fixed incorrect handling of privileges in sec_access_check_dsNadezhda Ivanova2-1/+31
Restore and backup privileges are not relevant to ldap access checks, and the TakeOwnership privilege should grant write_owner right Signed-off-by: Nadezhda Ivanova <nivanova@symas.com> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-10-24torture: Add smb2.oplock.levelII501 testVolker Lendecke1-1/+256
Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: David Disseldorp <ddiss@samba.org> Autobuild-User(master): David Disseldorp <ddiss@samba.org> Autobuild-Date(master): Thu Oct 24 16:15:50 CEST 2013 on sn-devel-104
2013-10-23torture: Extend the raw.oplock.level_ii_1 testVolker Lendecke1-0/+14
smbd broke to none twice. Make sure this won't happen again :-) This used to happen before the MSG_SMB_BREAK_RESPONSE merge. In process_oplock_break_message we did not call remove_oplock, which would have prevented this. Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> Autobuild-User(master): Stefan Metzmacher <metze@samba.org> Autobuild-Date(master): Wed Oct 23 14:06:13 CEST 2013 on sn-devel-104
2013-10-23torture: Add a test showing we have to break L2 at open timeVolker Lendecke1-0/+105
Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
2013-10-23torture: Add oplock break to l2/none testsVolker Lendecke2-0/+179
The level we have to break to depends on the create disposition of the second opener. If it's overwriting, break to none. If it's not, break to level2. Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
2013-10-23torture: Check break level in raw.oplock.exclusive5Volker Lendecke1-0/+1
This is what Windows does in this case, we don't survive that. We break to LEVEL2 here. Fixes and more precise test to follow. We don't survive this anymore. Re-enable later. Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
2013-10-23torture: Add reproducer for bug 10216Volker Lendecke1-0/+12
Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
2013-10-21ntvfs: Fix CID 1107225 Resource leakVolker Lendecke1-1/+3
After the talloc_strdup, we don't need cwd anymore. Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
2013-10-21ntvfs: Fix Coverity ID 1107224 Resource leakVolker Lendecke1-1/+3
In this error path we were leaking "fd". Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
2013-10-17libcli/smb: move Filesystem Attributes defines to smb_constants.hStefan Metzmacher1-14/+0
Bug: https://bugzilla.samba.org/show_bug.cgi?id=10200 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Michael Adam <obnox@samba.org>
2013-10-17s4:librpc: let dcerpc_schannel_key_recv() return netlogon_creds_CredentialStateStefan Metzmacher1-9/+15
cli_credentials_set_netlogon_creds() should only be used directly before a DCERPC bind in order to pass the session information to the gensec layer. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-10-17s4:librpc: make dcerpc_schannel_key_send/recv staticStefan Metzmacher1-2/+2
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-10-17s4:librpc/rpc: remove unused dcerpc_smb_tree()Stefan Metzmacher2-16/+0
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-10-17s4:librpc/rpc: make use of dcerpc_secondary_smb_send/recv() in ↵Stefan Metzmacher1-10/+2
dcerpc_secondary_context() This avoids the use of dcerpc_smb_tree(), which is a layer violation. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-10-17s4:librpc/rpc: add dcerpc_secondary_smb_send/recv()Stefan Metzmacher2-0/+23
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-10-17s4:librpc/rpc: remove unused dcerpc_smb_fnum()Stefan Metzmacher2-16/+0
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-10-17s4:tortore:raw/qfileinfo: don't use dcerpc_pipe_open_smb() to open a named pipeStefan Metzmacher1-12/+29
We can directly use smb_raw_open() to open a handle to a named pipe. This avoids the need for the layer violation functions dcerpc_smb_tree() and dcerpc_smb_fnum(). Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Michael Adam <obnox@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-10-17s4:torture/samba3rpc: let rpc.authcontext be more robust against low level ↵Stefan Metzmacher1-7/+15
changes (part2) We now use smbXcli_conn_is_connected() and dcerpc_binding_handle_is_connected() to verify only the dcerpc layer got an error. The expected error is EIO mapped to NT_STATUS_IO_DEVICE_ERROR. NT_STATUS_INVALID_HANDLE should only be visible at the SMB layer, but we keep this as allowed return value for now, until the dcerpc layer is fixed. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Michael Adam <obnox@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-10-17s4:torture/samba3rpc: let rpc.authcontext be more robust against low level ↵Stefan Metzmacher1-0/+4
code changes (part1) Some code uses the low level smbXcli_session structure instead of the smbcli_session structure and doesn't 'see' updates to the smbcli_session structure. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Michael Adam <obnox@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-10-17s4:librpc: implement dcerpc_binding_handle_auth_info()Stefan Metzmacher1-0/+24
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-10-15s4:torture: add smb2.session.reauth6 : test failing reauthMichael Adam1-0/+103
This attempts reauth with invalid creds, hence triggering the error path in the reauth code. This invalidates the session and subsequente requests on that connection fail. https://bugzilla.samba.org/show_bug.cgi?id=10208 Signed-off-by: Michael Adam <obnox@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Tue Oct 15 22:50:27 CEST 2013 on sn-devel-104
2013-10-15torture: Extend raw.oplock.batch10Volker Lendecke1-0/+12
With FAKE_LEVEL_II_OPLOCKS around we did not grant LEVEL2 after a NO_OPLOCK file got written to. Windows does grant LEVEL2 in this case. With the have_level2_oplocks in brlocks.tdb we can now grant LEVEL2 in this case as well. Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
2013-10-15auth4: Remove an unused variableVolker Lendecke1-1/+0
Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-10-14s4-samldb: Do not allow deletion of objects with RID < 1000Nadezhda Ivanova3-3/+40
According to [MS-SAMR] 3.1.5.7 Delete Pattern we should not allow deletion of security objects with RID < 1000. This patch will prevent deletion of well-known accounts and groups. Signed-off-by: Nadezhda Ivanova <nivanova@symas.com> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Autobuild-User(master): Nadezhda Ivanova <nivanova@samba.org> Autobuild-Date(master): Mon Oct 14 13:31:50 CEST 2013 on sn-devel-104
2013-10-13libcli4: Remove an unused variableVolker Lendecke1-1/+0
Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> Autobuild-User(master): Stefan Metzmacher <metze@samba.org> Autobuild-Date(master): Sun Oct 13 17:58:23 CEST 2013 on sn-devel-104
2013-10-11torture: Extend the smb2.oplock.doc1 testVolker Lendecke1-6/+28
If delete_on_close is set, there is no oplock break. Check that. Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
2013-10-11torture: Extend the raw.oplock.doc1 testVolker Lendecke1-7/+21
If delete_on_close is set, there is no oplock break. Check that. Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
2013-10-11samba-tool domain join subdomain: Rework sambadns.py to allow setup of ↵Andrew Bartlett4-77/+19
DomainDNSZone only This skips handling the ForestDNSZone when we are setting up a subdomain. Andrew Bartlett Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> Autobuild-User(master): Stefan Metzmacher <metze@samba.org> Autobuild-Date(master): Fri Oct 11 10:27:49 CEST 2013 on sn-devel-104
2013-10-11provision: Remove --username and --password options from samba-tool domain ↵Andrew Bartlett2-2/+2
provision This avoids confusion, because the LDAP backend does not use these, and they do not set the password for the administrator account either! This may break support for the 'existing' backend LDAP backend, but that is nothing more than a stub for future development anyway, and new work in this area should use EXTERNAL in any case. Signed-off-by: Andrew Bartlett <abartlet@samba.org> Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
2013-10-10dsdb: Provide a clearer error when we fail to store the sequence number in ↵Andrew Bartlett1-6/+19
metadata.tdb Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
2013-10-10dsdb/tests/ldap: fix test_distinguished_name against w2k8r2Stefan Metzmacher1-2/+2
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-10-10s4:dsdb/rootdse: report 'dnsHostName' instead of 'dNSHostName'Stefan Metzmacher1-1/+1
The attribute on the RootDSE object is called 'dnsHostName' instead of 'dNSHostName' (which is used in the schema and on all other directory objects). Bug: https://bugzilla.samba.org/show_bug.cgi?id=10193 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-10-10dsdb/tests/ldap: fix test_ldapServiceName against w2k8r2Stefan Metzmacher1-4/+8
Bug: https://bugzilla.samba.org/show_bug.cgi?id=10193 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-10-06torture: Remove an unused variableVolker Lendecke1-1/+0
Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
2013-10-06torture: Continue buffer check after NOT_IMPLEMENTED infolevelsVolker Lendecke1-0/+3
Patch from the SDC plugfest. Not every implementation supports every infolevel, and we want to be able to test buffersize error behaviour for all supported infolevels Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
2013-10-06torture: Fix a typoVolker Lendecke1-1/+1
Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
2013-10-05s4:torture:smb2: add durable-v2-open.reopen2cMichael Adam1-0/+75
- create durable with v1 request - reconnect with v2 reconnect request ==> fails Signed-off-by: Michael Adam <obnox@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
2013-10-05s4:torture:smb2: add durable-v2-open.reopen2bMichael Adam1-0/+91
- connect with durable v2 - reconnect with durable v1 => succeeds Signed-off-by: Michael Adam <obnox@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>