summaryrefslogtreecommitdiff
path: root/source4
AgeCommit message (Collapse)AuthorFilesLines
2013-08-10auth/gensec: introduce gensec_internal.hStefan Metzmacher9-0/+9
We should treat most gensec related structures private. It's a long way, but this is a start. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-08-10s4:gensec/schannel: only require librpc/gen_ndr/dcerpc.hStefan Metzmacher1-1/+1
We just need DCERPC_AUTH_TYPE_SCHANNEL Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-08-10s4:gensec/schannel: there's no point in having schannel_session_key()Stefan Metzmacher1-8/+0
gensec_session_key() will return NT_STATUS_NO_USER_SESSION_KEY before calling schannel_session_key(), as we don't provide GENSEC_FEATURE_SESSION_KEY. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-08-10s4:gensec/schannel: GENSEC_FEATURE_ASYNC_REPLIES is not supportedStefan Metzmacher1-3/+0
There's a sequence number attached to the connection, which needs to be incremented with each message... Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-08-10s4:gensec/schannel: use the correct computer_name from ↵Stefan Metzmacher1-3/+3
netlogon_creds_CredentialState We need to use the same computer_name we used in the netr_Authenticate3 request. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-08-10s4:gensec/schannel: simplify the code by using netsec_create_state()Stefan Metzmacher1-68/+30
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-08-10s4:gensec/schannel: remove unused dcerpc_schannel_creds()Stefan Metzmacher2-49/+0
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-08-10s4:torture: avoid usage of dcerpc_schannel_creds()Stefan Metzmacher4-17/+11
We use cli_credentials_get_netlogon_creds() which returns the same value. dcerpc_schannel_creds() is a layer violation. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-08-10s4:libnet: avoid usage of dcerpc_schannel_creds()Stefan Metzmacher1-4/+3
We use cli_credentials_get_netlogon_creds() which returns the same value. dcerpc_schannel_creds() is a layer violation. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-08-09torture: add smb2 FSCTL_[GET/SET]_COMPRESSION testDavid Disseldorp1-0/+84
This test simply creates a file and checks the compression state before and after FSCTL_SET_COMPRESSION(COMPRESSION_FORMAT_DEFAULT). The test expects the compression state to be COMPRESSION_FORMAT_LZNT1 after set, conforming to Windows Server behaviour. If the server responds to the first FSCTL_GET_COMPRESSION request with NT_STATUS_NOT_SUPPORTED or NT_STATUS_INVALID_DEVICE_REQUEST, then the test is skipped. This allows it to run during selftest. Signed-off-by: David Disseldorp <ddiss@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Fri Aug 9 22:03:39 CEST 2013 on sn-devel-104
2013-08-09torture: split out ioctl test file creation helperDavid Disseldorp1-56/+43
Signed-off-by: David Disseldorp <ddiss@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
2013-08-07drs-cracknames: Add some debugs in the torture to know better which test has ↵Matthieu Patou1-0/+4
failed Signed-off-by: Matthieu Patou <mat@matws.net> Reviewed-By: Andrew Bartlett <abarlett@samba.org> Autobuild-User(master): Matthieu Patou <mat@samba.org> Autobuild-Date(master): Wed Aug 7 08:10:58 CEST 2013 on sn-devel-104
2013-08-06drs-cracksname: fix problems that prevented to pass our torture testsMatthieu Patou1-6/+21
Some of the problems where also reported by Microsoft testing tools Signed-off-by: Matthieu Patou <mat@matws.net> Reviewed-by: Andrew Bartlett <abarlett@samba.org>
2013-08-06drs-crackname: Fix error code so that we have the same as windowsMatthieu Patou1-0/+1
Signed-off-by: Matthieu Patou <mat@matws.net> Reviewed-by: Andrew Bartlett <abarlett@samba.org>
2013-08-06drs-cracknames: When cracking NT4 names we should just look at netbios for ↵Matthieu Patou1-2/+1
the match Looking at dnsRoot will yield a result for domain.tld\username when it shouldn't work. Signed-off-by: Matthieu Patou <mat@matws.net> Reviewed-by: Andrew Bartlett <abarlett@samba.org>
2013-08-06drs-crackname: Fix cracknames for the format UNKNOWN when the data is ↵Matthieu Patou1-1/+4
actually a GUID The cannonical crackname expect a "/" or it returns DRSUAPI_DS_NAME_STATUS_RESOLVE_ERROR, when doing UNKNOWN format it's not an error to not have a "/" in the name to crack it's just a sign the name is not a cannonical one. Signed-off-by: Matthieu Patou <mat@matws.net> Reviewed-by: Andrew Bartlett <abarlett@samba.org>
2013-08-06drs-cracknames: Reorganise the cracknames list so that similar format names ↵Matthieu Patou1-6/+6
are group together It makes easier when reviewing failed test case in DRSR testsuite Signed-off-by: Matthieu Patou <mat@matws.net> Reviewed-by: Andrew Bartlett <abarlett@samba.org>
2013-08-06Add Notes related to DRSUAPIMatthieu Patou1-0/+1
Signed-off-by: Matthieu Patou <mat@matws.net> Reviewed-by: Andrew Bartlett <abarlett@samba.org>
2013-08-06s4-netlogon: honnor DS_RETURN_DNS_NAME flagMatthieu Patou1-0/+9
Reviewed-By: Andrew Bartlett <abarlett@samba.org>
2013-08-06s4-netlogon: do not add \\ it has already be done in the ↵Matthieu Patou1-1/+3
fill_netlogon_samlogon_response Reviewed-By: Andrew Bartlett <abarlett@samba.org>
2013-08-06torture: Quiet a warning about set but not used variableMatthieu Patou1-8/+7
Signed-off-by: Matthieu Patou <mat@matws.net> Reviewed-By: Andrew Bartlett <abarlett@samba.org>
2013-08-06torture-drsuapi: Make the name of the dc variableMatthieu Patou1-3/+5
In case some tests fails or if the removal takes sometime to replicate to all the DCs Reviewed-By: Andrew Bartlett <abarlett@samba.org>
2013-08-05Fix bug #10010 - Missing integer wrap protection in EA list reading can ↵Jeremy Allison1-2/+5
cause server to loop with DOS. Fix client-side parsing also. Found by David Disseldorp <ddiss@suse.de> Signed-off-by: Jeremy Allison <jra@samba.org> Autobuild-User(master): Karolin Seeger <kseeger@samba.org> Autobuild-Date(master): Mon Aug 5 14:39:04 CEST 2013 on sn-devel-104
2013-08-05s4:netlogon: make use of netlogon_creds_decrypt_samlogon_logon()Stefan Metzmacher1-22/+6
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
2013-08-05s4:librpc: fix netlogon connections against servers without AES supportStefan Metzmacher1-2/+6
LogonGetCapabilities() only works on the credential chain if the server supports AES, so we need to work on a temporary copy until we know the server replied a valid return authenticator. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
2013-08-05libcli/auth: also set secure channel type in netlogon_creds_client_init().Günther Deschner5-0/+8
Signed-off-by: Günther Deschner <gd@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
2013-08-05s4:ntlm_auth: make use of cli_credentials_[set_]callback_data*Stefan Metzmacher1-4/+6
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-08-05s4:torture/rpc: make use of cli_credentials_set_netlogon_creds()Stefan Metzmacher1-20/+16
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-08-05s4:torture/gentest: make use of cli_credentials_get_username()Stefan Metzmacher1-1/+2
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-08-05s4:torture/shell: simplify cli_credentials_set_password() callStefan Metzmacher1-4/+1
All we want is to avoid a possible callback... Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-07-30dsdb: Include MS-ADTS doc references on deleted object contstraintsAndrew Bartlett1-0/+16
Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
2013-07-30dsdb tests: Add member/memberOf checking to delete_objects testingAndrew Bartlett1-21/+257
Pair-Programmed-With: Stefan Metzmacher <metze@samba.org> Signed-off-by: Andrew Bartlett <abartlet@samba.org> Signed-off-by: Stefan Metzmacher <metze@samba.org>
2013-07-30dsdb: Improve DRS deleted link source/target handing in repl_meta_dataAndrew Bartlett1-8/+97
We now correctly ignore the link updates if the source or target is deleted locally. This fixes the long-standing failure in the vampire_dc dbcheck test. Pair-Programmed-With: Stefan Metzmacher <metze@samba.org> Andrew Bartlett Signed-off-by: Andrew Bartlett <abartlet@samba.org> Signed-off-by: Stefan Metzmacher <metze@samba.org>
2013-07-30dsdb: Ensure we always force deleted objects back under the deleted objects DNAndrew Bartlett1-26/+65
Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
2013-07-30dsdb/repl_meta_data: split out replmd_deletion_state()Stefan Metzmacher1-31/+71
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-07-30dsdb: Prune deleted objects of links and extra attributes of replicated deletesAndrew Bartlett1-71/+199
When an object is deleted, the links to be removed are not propogated, you have to watch out for them manually! We do this by calling back into the originating update delete code (ie what is called if you ldb_delete() locally) so that any extra attribute found locally and not on the remote server becomes removed remotely too. We currently do the same with links, but that isn't strictly correct, but for now our getNCChanges server code filters these out, so only the usn is bumped. Andrew Bartlett Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
2013-07-29dns: Update TODO listKai Blin1-8/+5
A lot of the todo items have been resolved, avoid confusing people. Signed-off-by: Kai Blin <kai@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Autobuild-User(master): Andrew Bartlett <abartlet@samba.org> Autobuild-Date(master): Mon Jul 29 09:12:17 CEST 2013 on sn-devel-104
2013-07-25torture/drs: Expand an error message to aid debuggingAndrew Bartlett1-1/+1
Reviewed-by: Stefan Metzmacher <metze@samba.org> Autobuild-User(master): Stefan Metzmacher <metze@samba.org> Autobuild-Date(master): Thu Jul 25 13:51:44 CEST 2013 on sn-devel-104
2013-07-25dsdb/samdb: use RECYCLED it implies DELETED...Stefan Metzmacher2-3/+3
Signed-off-by: Stefan Metzmacher <metze@samba.org>
2013-07-24rpc_server-drsuapi: Improve comments and DEBUG linesAndrew Bartlett1-4/+3
Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
2013-07-24dsdb: Add assert in drepl_take_FSMO_roleAndrew Bartlett1-4/+3
Pair-Programmed-With: Stefan Metzmacher <metze@samba.org> Signed-off-by: Andrew Bartlett <abartlet@samba.org> Signed-off-by: Stefan Metzmacher <metze@samba.org>
2013-07-24dsdb-ridalloc: Rework ridalloc to return error strings where RID allocation ↵Andrew Bartlett1-15/+41
fails We now also only poke the RID manager once per request. This may help track down why RID allocation can fail, as while we never wait for the RID set to be created/updated, it may be the only clue the admin gets as to why the async allocations were failing. Andrew Bartlett Pair-Programmed-With: Stefan Metzmacher <metze@samba.org> Signed-off-by: Andrew Bartlett <abartlet@samba.org> Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
2013-07-24dsdb: Rework subtree_rename module to use recursive LDB_SCOPE_ONELEVEL searchesAndrew Bartlett2-104/+99
This should be more efficient, particularly in the leaf node case when renaming and deleting entries on large databases. Andrew Bartlett Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
2013-07-24dsdb-descriptor: Do not do a subtree search unless we have child entriesAndrew Bartlett1-1/+32
This avoids a subtree search here in most cases where an object is deleted. Andrew Bartlett Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
2013-07-24s4-lib/socket: Allocate a the larger sockaddr_un and not just a sockaddr_in ↵Stefan Metzmacher1-2/+2
in unixdom_get_my_addr() This caused crashes in _tsocket_address_bsd_from_sockaddr() when we read past the end of the allocation. (similar to commit e9ae36e9683372b86f1efbd29904722a33fea083) Bug: https://bugzilla.samba.org/show_bug.cgi?id=10042 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Autobuild-User(master): Andrew Bartlett <abartlet@samba.org> Autobuild-Date(master): Wed Jul 24 14:37:43 CEST 2013 on sn-devel-104
2013-07-23s4-lib/socket: Allocate a the larger sockaddr_un and not just a sockaddr_in ↵Andrew Bartlett1-2/+2
in unixdom_get_peer_addr() This caused crashes in _tsocket_address_bsd_from_sockaddr() when we read past the end of the allocation. Andrew Bartlett Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
2013-07-19Add torture tests to raw.eas to check sending Windows invalid names in the ↵Jeremy Allison1-0/+114
middle of an EA list. Add torture tests to probe the set of invalid Windows EA names. Bug 9992 - Windows error 0x800700FE when copying files with xattr names containing ":" Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Autobuild-User(master): Andrew Bartlett <abartlet@samba.org> Autobuild-Date(master): Fri Jul 19 11:50:25 CEST 2013 on sn-devel-104
2013-07-17Fix bug 10025 - Lack of Sanity Checking in calls to malloc()/calloc().Bill Parker2-0/+11
In reviewing various files in Samba-4.0.7, I found a number of instances where malloc()/calloc() were called without the checking the return value for a value of NULL, which would indicate failure. (NB. The changes needed to ccan, iniparser, popt and heimdal will be reported upstream, not patched inside Samba). Reviewed-by: Jeremy Allison <jra@samba.org> Reviewed-by: Simo Source <idra@samba.org>
2013-07-10s4:server: avoid calling into nss_winbind from within 'samba'Stefan Metzmacher1-0/+7
The most important part is that the 'winbind_server' doesn't recurse into itself. This could happen if the krb5 libraries call getlogin(). As we may run in single process mode, we need to set _NO_WINBINDD=1 everywhere, the only exception is the forked 'smbd'. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Autobuild-User(master): Stefan Metzmacher <metze@samba.org> Autobuild-Date(master): Wed Jul 10 23:18:06 CEST 2013 on sn-devel-104
2013-07-10s4:rpc_server: make sure we don't terminate a connection with pending ↵Stefan Metzmacher2-3/+60
requests (bug #9820) Sadly we may have nested event loops, which won't work correctly with broken connections, that's why we have to do this... Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Autobuild-User(master): Stefan Metzmacher <metze@samba.org> Autobuild-Date(master): Wed Jul 10 08:47:38 CEST 2013 on sn-devel-104