summaryrefslogtreecommitdiff
path: root/source4
AgeCommit message (Collapse)AuthorFilesLines
2012-12-21s4-libnet: Checkr return codes in samsync_ldb_handle_domain().Andreas Schneider1-3/+15
Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Günther Deschner <gd@samba.org>
2012-12-21s4-regsitry: Check return value of ldb_msg_add_empty().Andreas Schneider1-1/+7
Found by Coverity. Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Günther Deschner <gd@samba.org>
2012-12-21s4-lib: Use directory_create_or_exist() to create messaging dir.Andreas Schneider1-1/+6
Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Günther Deschner <gd@samba.org>
2012-12-21s4-client: Check return codes in do_connect().Andreas Schneider1-2/+18
Found by Coverity. Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Günther Deschner <gd@samba.org>
2012-12-16s4-rpc_server: use netlogon_creds_encrypt_samlogon().Günther Deschner1-34/+3
Guenther Signed-off-by: Günther Deschner <gd@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Autobuild-User(master): Günther Deschner <gd@samba.org> Autobuild-Date(master): Sun Dec 16 01:34:01 CET 2012 on sn-devel-104
2012-12-15libcli/auth: rename netlogon_creds_decrypt_samlogon() to ↵Günther Deschner2-6/+12
netlogon_creds_decrypt_samlogon_validation(). Guenther Signed-off-by: Günther Deschner <gd@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2012-12-13s4-libnet: Fix setting the group handle and return codes.Andreas Schneider1-4/+9
Found by Coverity. Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Günther Deschner <gd@samba.org> Autobuild-User(master): Günther Deschner <gd@samba.org> Autobuild-Date(master): Thu Dec 13 01:01:14 CET 2012 on sn-devel-104
2012-12-12s4-socket: Make sure unix socket addresses are null terminated.Andreas Schneider1-5/+5
Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Günther Deschner <gd@samba.org>
2012-12-12torture: Make sure we use the correct size for cxd.Andreas Schneider1-2/+3
Found by Coverity. Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Günther Deschner <gd@samba.org>
2012-12-12s4-libcli: Fix comparison of chosen_oid.Andreas Schneider1-1/+1
Found by Coverity. Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Günther Deschner <gd@samba.org>
2012-12-12s4-client: Make sure we have a valid count if we goto cleanup.Andreas Schneider1-1/+2
Found by Coverity. Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Günther Deschner <gd@samba.org>
2012-12-12s4-libnet: Don't call talloc_get_type() for the same struct twice.Andreas Schneider1-2/+2
Found by Coverity. Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Günther Deschner <gd@samba.org>
2012-12-12s4-selftest: make sure to test rpc.samr.passwords.validate over ncacn_ip_tcp.Günther Deschner1-1/+1
Guenther Signed-off-by: Günther Deschner <gd@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> Autobuild-User(master): Stefan Metzmacher <metze@samba.org> Autobuild-Date(master): Wed Dec 12 13:13:47 CET 2012 on sn-devel-104
2012-12-12s4-rpc_server: limit allowed transports for samr_ValidatePassword().Günther Deschner1-0/+5
Guenther Signed-off-by: Günther Deschner <gd@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
2012-12-12s4-torture: move samr_ValidatePassword test out of main samr test.Günther Deschner2-4/+18
Makes it easier to call with ncacn_ip_tcp transport (Windows does not allow other transports). Guenther Signed-off-by: Günther Deschner <gd@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
2012-12-12torture: Fix torture_rpc_spoolss_printer_teardown_common().Andreas Schneider1-3/+1
Found by Coverity. Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Guenther Deschner <gd@samba.org>
2012-12-11s4:torture:rpc:samr: fix password age calculation in test_ChangePasswordUser3()Michael Adam1-2/+2
The min_password_age field is the negative of the age. Pair-Programmed-With: Stefan Metzmacher <metze@samba.org> Signed-off-by: Michael Adam <obnox@samba.org> Signed-off-by: Stefan Metzmacher <metze@samba.org>
2012-12-11s4:torture/samr: allow STATUS_PASSWORD_RESTRICTIONS from ChangePasswordUserMichael Adam1-8/+16
Pair-Programmed-With: Stefan Metzmacher <metze@samba.org> Signed-off-by: Michael Adam <obnox@samba.org> Signed-off-by: Stefan Metzmacher <metze@samba.org>
2012-12-11s4:rpc_server/samr: do WRONG_PASSWORD checks after the complexity checksMichael Adam1-47/+65
This matches the windows behavior. Pair-Programmed-With: Stefan Metzmacher <metze@samba.org> Signed-off-by: Michael Adam <obnox@samba.org> Signed-off-by: Stefan Metzmacher <metze@samba.org>
2012-12-11s4:dsdb/password_hash: do the min password age checks firstMichael Adam1-11/+13
Pair-Programmed-With: Stefan Metzmacher <metze@samba.org> Signed-off-by: Michael Adam <obnox@samba.org> Signed-off-by: Stefan Metzmacher <metze@samba.org>
2012-12-11s4:dsdb/common: only pass the DSDB_CONTROL_PASSWORD_HASH_VALUES_OID if requiredStefan Metzmacher1-7/+11
This should give the password_hash module a chance to detect if the called was the cleartext password or not. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Michael Adam <obnox@samba.org>
2012-12-11s4:torture:rpc:samr: add debugging of result of (many) dcerpc_samr_* callsMichael Adam1-1/+106
Pair-Programmed-With: Stefan Metzmacher <metze@samba.org> Signed-off-by: Michael Adam <obnox@samba.org> Signed-off-by: Stefan Metzmacher <metze@samba.org>
2012-12-11s4:dsdb/password_hash: Honor password complexity settings.Stefan Metzmacher1-5/+0
Honor password complexity settings when creating new users. Without this patch, you could set simple passwords although the complexity settings were enabled. This was an issue with 'samba-tool user add' and also when adding new users via Windows' "Active Directory Users and Computers" MMC Snap-In. The following scenarios were tested successfully after applying the patch: -'samba-tool user add' against s4 -'samba-tool user add -H' against a Windows DC -Adding a new user on a s4 DC using Windows' "Active Directory Users and Computers" MMC Snap-In. Please note that this bug was caused by a mistake in the documentation. Fix bug #9414 - 'samba-tool user add' ignores password complexity settings. Pair-programmed-with: Karolin Seeger <kseeger@samba.org> Pair-Programmed-With: Michael Adam <obnox@samba.org> Signed-off-by: Stefan Metzmacher <metze@samba.org> Signed-off-by: Michael Adam <obnox@samba.org>
2012-12-11Revert "s4:dsdb/password_hash: Honor password complexity settings."Stefan Metzmacher1-7/+1
This reverts commit f8056b7a6998e002f473b0ad79eee046236a7032. A better fix will follow. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Michael Adam <obnox@samba.org>
2012-12-11s4:provision: set the correct nTSecurityDescriptor on CN=Domain ↵Stefan Metzmacher3-0/+16
Controllers,... (bug #9481) Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Michael Adam <obnox@samba.org> Autobuild-User(master): Michael Adam <obnox@samba.org> Autobuild-Date(master): Tue Dec 11 07:05:39 CET 2012 on sn-devel-104
2012-12-11s4:provision: set the correct nTSecurityDescriptor on CN=Users,... (bug #9481)Stefan Metzmacher3-1/+19
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Michael Adam <obnox@samba.org>
2012-12-11s4:provision: set the correct nTSecurityDescriptor on CN=Computers,... (bug ↵Stefan Metzmacher3-1/+20
#9481) Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Michael Adam <obnox@samba.org>
2012-12-11s4:provision: set the correct nTSecurityDescriptor on CN=Builtin,... (bug #9481)Stefan Metzmacher3-0/+61
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Michael Adam <obnox@samba.org>
2012-12-11s4:provision: set the correct nTSecurityDescriptor on CN=Infrastructure,... ↵Stefan Metzmacher3-2/+15
(bug #9481) Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Michael Adam <obnox@samba.org>
2012-12-11s4:provision: set the correct nTSecurityDescriptor on ↵Stefan Metzmacher3-0/+19
CN=Sites,CN=Configuration... (bug #9481) Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Michael Adam <obnox@samba.org>
2012-12-11s4:provision: set the correct nTSecurityDescriptor on ↵Stefan Metzmacher3-0/+21
CN=Partitions,CN=Configuration... (bug #9481) Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Michael Adam <obnox@samba.org>
2012-12-11s4:dsdb/descriptor: pass object_list to create_security_descriptor()Stefan Metzmacher1-2/+13
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Michael Adam <obnox@samba.org>
2012-12-10s4:dsdb/tests/sec_descriptor: verify the search of a windows dc join keeps ↵Stefan Metzmacher1-0/+7
working This is a regression test for bug #9470. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Michael Adam <obnox@samba.org> Autobuild-User(master): Michael Adam <obnox@samba.org> Autobuild-Date(master): Mon Dec 10 15:41:12 CET 2012 on sn-devel-104
2012-12-10s4:dsdb/tests/sec_descriptor: verify the nTSecurityDescriptor and sd_flags ↵Stefan Metzmacher1-0/+116
interaction This is a regression test for bug #9470. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Michael Adam <obnox@samba.org>
2012-12-10s4:dsdb/operational: fix stripping of the nTSecurityDescriptor attributeStefan Metzmacher1-2/+12
If the sd_flags control is specified, we should return nTSecurityDescriptor only if the client asked for all attributes. If there's a list of only explicit attribute names, we should ignore the sd_flags control. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Michael Adam <obnox@samba.org>
2012-12-10s4:dsdb/acl_read: return the nTSecurityDescriptor attr if the sd_flags ↵Stefan Metzmacher1-2/+9
control is given (bug #9470) Not returning the nTSecurityDescriptor causes a lot of problems. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Michael Adam <obnox@samba.org>
2012-12-10s4:dsdb/acl_read: give some variables a better nameStefan Metzmacher1-10/+13
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Michael Adam <obnox@samba.org>
2012-12-10s4:dsdb/acl_read: fix the calculation of the attribute array for the sub searchStefan Metzmacher1-14/+19
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Michael Adam <obnox@samba.org>
2012-12-10s4:dsdb/acl_read: check the ldb_attr_list_copy_add() resultStefan Metzmacher1-0/+12
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Michael Adam <obnox@samba.org>
2012-12-10s4:dsdb/dirsync: fix potential talloc hierachy problems (bug #9470)Stefan Metzmacher1-3/+3
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Michael Adam <obnox@samba.org>
2012-12-09s4-torture: call the s4u2self tests with arcfour and aes.Günther Deschner1-12/+47
Guenther Signed-off-by: Günther Deschner <gd@samba.org> Signed-off-by: Stefan Metzmacher <metze@samba.org> Autobuild-User(master): Stefan Metzmacher <metze@samba.org> Autobuild-Date(master): Sun Dec 9 21:24:44 CET 2012 on sn-devel-104
2012-12-09s4-torture: precalculate expected session keys from samlogon in schannel test.Günther Deschner1-7/+111
Guenther Signed-off-by: Günther Deschner <gd@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
2012-12-09s4-rpc_server: support AES encryption in interactive and generic samlogon.Günther Deschner1-5/+23
Guenther Signed-off-by: Günther Deschner <gd@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
2012-12-09s4-torture: validate owf password hash and negotiate AES in forest trust test.Günther Deschner1-1/+12
Guenther Signed-off-by: Günther Deschner <gd@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
2012-12-09s4-torture: validate owf password hash and negotiate AES ServerGetTrustInfo ↵Günther Deschner1-4/+33
test. Guenther Signed-off-by: Günther Deschner <gd@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
2012-12-09s4-torture: use netlogon_creds_arcfour_crypt() in samba3rpc test.Günther Deschner1-6/+3
Guenther Signed-off-by: Günther Deschner <gd@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
2012-12-09s4-torture: exit early when join fails in samba3rpc tests.Günther Deschner1-2/+4
Guenther Signed-off-by: Günther Deschner <gd@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
2012-12-09s4-torture: support AES encryption in interactive samlogon tests in rpc.samr.Günther Deschner1-2/+5
Guenther Signed-off-by: Günther Deschner <gd@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
2012-12-09s4-torture: support AES encryption in pac_verify/generic samlogon netlogon ↵Günther Deschner1-19/+68
tests. Guenther Signed-off-by: Günther Deschner <gd@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
2012-12-09s4-torture: use names for r.in.logon_level of netlogon samlogon requests.Günther Deschner6-10/+10
Guenther Signed-off-by: Günther Deschner <gd@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>