1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-22 13:34:15 +03:00
Commit Graph

83849 Commits

Author SHA1 Message Date
Andreas Schneider
014512f564 dfs_server: Don't allocate a subcontext twice.
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>

Autobuild-User(master): Günther Deschner <gd@samba.org>
Autobuild-Date(master): Wed Dec 12 11:28:39 CET 2012 on sn-devel-104
2012-12-12 11:28:39 +01:00
Andreas Schneider
ac434c4223 util: Don't use the pid ret value uninitialized.
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
2012-12-12 09:42:33 +01:00
Andreas Schneider
f1fe877d07 s3-netapi: Initialize group_handle of NetGroupSetUsers_r().
Found by Coverity.

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
2012-12-12 09:42:33 +01:00
Andreas Schneider
7d20934693 s4-netapi: Initialize group_handle of NetGroupGetUsers_r().
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
2012-12-12 09:42:33 +01:00
Andreas Schneider
5bc5761c06 s3-auth: Make sure we work on valid data_blobs.
Found by Coverity.

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
2012-12-12 09:42:33 +01:00
Andreas Schneider
d020c51978 s3-netapi: Initialize group_handle of NetUserSetGroups_r.
Found by Coverity.

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
2012-12-12 09:42:33 +01:00
Andreas Schneider
dc9fa1a026 torture: Fix torture_rpc_spoolss_printer_teardown_common().
Found by Coverity.

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
2012-12-12 09:42:33 +01:00
Andreas Schneider
33d1d52508 s3-netapi: Fix zeroing policy handles in NetLocalGroupAdd_r().
Found by Coverity.

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
2012-12-12 09:42:32 +01:00
Andreas Schneider
4c0b4894d5 vfs: Make sure we don't call talloc_free on an uninitialized pointer.
Found by Coverity.

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
2012-12-12 09:42:32 +01:00
Andreas Schneider
e039676fe2 s3-printing: Don't call talloc_free on an uninitialized pointer.
Found by Coverity.

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
2012-12-12 09:42:32 +01:00
Andreas Schneider
c83f9330a4 idl: Fix spoolss check for the size of the struct.
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
2012-12-12 09:42:32 +01:00
Andreas Schneider
e4e3293b48 s3-net: Check the return value of strlower_m().
Found by Coverity.

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
2012-12-12 09:42:32 +01:00
Andreas Schneider
f70c56b747 s3-net: Check return value of string_to_sid().
Found by Coverity.

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
2012-12-12 09:42:32 +01:00
Andreas Schneider
785cc6f3f3 s3-rpcclient: Check return value of add_string_to_array().
Found by Coverity.

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
2012-12-12 09:42:32 +01:00
Andreas Schneider
ff32391808 s3-registry: Check return code of push_reg_sz().
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
2012-12-12 09:42:32 +01:00
Jeremy Allison
0f75d9274c s3:auth: Tidy up some of the API confusion in create_token_from_XXX() calls.
Based on Michaels example, split out the return of NT_STATUS_NO_MEMORY
on talloc fail from other possible errors. Allow the NTSTATUS return
to be the only valid indication of success in these calls.

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>

Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Tue Dec 11 20:04:25 CET 2012 on sn-devel-104
2012-12-11 20:04:25 +01:00
Michael Adam
a20c47410f s3:auth: fix dereference level in talloc checks in create_token_from_sid()
Commit c5b150b33f introduced these checks.
The current check "found_username == NULL" is wrong (we would segfault earlier
in this case). We need to check *found_username == NULL instead as
noted by Günter.

Reported-by: Günter Kukkukk <linux@kukkukk.com>
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2012-12-11 18:22:15 +01:00
Michael Adam
9ee3343529 selftest: skip the samba4.rpc.samr.passwords test in ncacn_np(dc) and s4member environments
These currently fail in a corner case.

Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Karolin Seeger <kseeger@samba.org>

Autobuild-User(master): Michael Adam <obnox@samba.org>
Autobuild-Date(master): Tue Dec 11 17:56:01 CET 2012 on sn-devel-104
2012-12-11 17:56:01 +01:00
Michael Adam
498f98f126 s4:torture:rpc:samr: fix password age calculation in test_ChangePasswordUser3()
The min_password_age field is the negative of the age.

Pair-Programmed-With: Stefan Metzmacher <metze@samba.org>

Signed-off-by: Michael Adam <obnox@samba.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
2012-12-11 14:00:00 +01:00
Michael Adam
1a4adcfcb3 s4:torture/samr: allow STATUS_PASSWORD_RESTRICTIONS from ChangePasswordUser
Pair-Programmed-With: Stefan Metzmacher <metze@samba.org>

Signed-off-by: Michael Adam <obnox@samba.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
2012-12-11 14:00:00 +01:00
Michael Adam
ce895609b0 s4:rpc_server/samr: do WRONG_PASSWORD checks after the complexity checks
This matches the windows behavior.

Pair-Programmed-With: Stefan Metzmacher <metze@samba.org>

Signed-off-by: Michael Adam <obnox@samba.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
2012-12-11 13:59:59 +01:00
Michael Adam
da066ec1d7 s4:dsdb/password_hash: do the min password age checks first
Pair-Programmed-With: Stefan Metzmacher <metze@samba.org>

Signed-off-by: Michael Adam <obnox@samba.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
2012-12-11 13:59:59 +01:00
Stefan Metzmacher
7c6b10fbb0 s4:dsdb/common: only pass the DSDB_CONTROL_PASSWORD_HASH_VALUES_OID if required
This should give the password_hash module a chance to detect if the called
was the cleartext password or not.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
2012-12-11 13:59:59 +01:00
Michael Adam
18a306e2f2 s4:torture:rpc:samr: add debugging of result of (many) dcerpc_samr_* calls
Pair-Programmed-With: Stefan Metzmacher <metze@samba.org>

Signed-off-by: Michael Adam <obnox@samba.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
2012-12-11 13:59:59 +01:00
Stefan Metzmacher
48ac5842dd s4:dsdb/password_hash: Honor password complexity settings.
Honor password complexity settings when creating new users.
Without this patch, you could set simple passwords although the complexity
settings were enabled. This was an issue with 'samba-tool user add' and also
when adding new users via Windows' "Active Directory Users and Computers"
MMC Snap-In.

The following scenarios were tested successfully after applying the patch:
-'samba-tool user add' against s4
-'samba-tool user add -H' against a Windows DC
-Adding a new user on a s4 DC using Windows' "Active Directory Users and
 Computers" MMC Snap-In.

Please note that this bug was caused by a mistake in the documentation.

Fix bug #9414 - 'samba-tool user add' ignores password complexity settings.

Pair-programmed-with: Karolin Seeger <kseeger@samba.org>
Pair-Programmed-With: Michael Adam <obnox@samba.org>

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Michael Adam <obnox@samba.org>
2012-12-11 13:59:58 +01:00
Stefan Metzmacher
a5e6b05edc Revert "s4:dsdb/password_hash: Honor password complexity settings."
This reverts commit f8056b7a69.

A better fix will follow.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
2012-12-11 13:58:56 +01:00
Stefan Metzmacher
914a61d9e5 s4:provision: set the correct nTSecurityDescriptor on CN=Domain Controllers,... (bug #9481)
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>

Autobuild-User(master): Michael Adam <obnox@samba.org>
Autobuild-Date(master): Tue Dec 11 07:05:39 CET 2012 on sn-devel-104
2012-12-11 07:05:39 +01:00
Stefan Metzmacher
8eb359c23c s4:provision: set the correct nTSecurityDescriptor on CN=Users,... (bug #9481)
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
2012-12-11 05:20:32 +01:00
Stefan Metzmacher
19b03834f0 s4:provision: set the correct nTSecurityDescriptor on CN=Computers,... (bug #9481)
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
2012-12-11 05:04:48 +01:00
Stefan Metzmacher
e1301fef73 s4:provision: set the correct nTSecurityDescriptor on CN=Builtin,... (bug #9481)
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
2012-12-11 05:04:44 +01:00
Stefan Metzmacher
ebb0a88722 s4:provision: set the correct nTSecurityDescriptor on CN=Infrastructure,... (bug #9481)
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
2012-12-11 05:02:03 +01:00
Stefan Metzmacher
999c068113 s4:provision: set the correct nTSecurityDescriptor on CN=Sites,CN=Configuration... (bug #9481)
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
2012-12-11 04:56:39 +01:00
Stefan Metzmacher
649fb5b614 s4:provision: set the correct nTSecurityDescriptor on CN=Partitions,CN=Configuration... (bug #9481)
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
2012-12-11 04:56:07 +01:00
Stefan Metzmacher
a97b5f2196 s4:dsdb/descriptor: pass object_list to create_security_descriptor()
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
2012-12-11 04:50:50 +01:00
Stefan Metzmacher
d20c46a520 libcli/security: calculate the correct inherited_object GUID
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
2012-12-11 04:49:48 +01:00
Stefan Metzmacher
75729e6703 libcli/security: implement object_in_list()
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
2012-12-11 04:45:54 +01:00
Michael Adam
1d949cb0e5 s3:auth: fix function header comment for user_sid_in_group_sid()
This is embarrassing: the commit 0770a4c01b
which intended to fix an earlier copy'n'paste error, contained another
typo, fixed with this commit...

Signed-off-by: Michael Adam <obnox@samba.org>

Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Tue Dec 11 00:04:45 CET 2012 on sn-devel-104
2012-12-11 00:04:45 +01:00
Michael Adam
cbc6a2f5e4 pidl: change strange spelling __donnot_use_enum_* to __do_not_use_enum_*
Signed-off-by: Michael Adam <obnox@samba.org>
2012-12-10 22:15:24 +01:00
Michael Adam
c5b150b33f s3:auth: fix create_token_from_sid() to not fail in the winbindd case
Commit 1c3c5e2156 which factored
the sid-based variant out of create_token_from_username() broke
the case of a user handled by winbindd in that the "found_username"
was set to NULL which caused the function to fail with
NT_STATUS_NO_MEMORY further down.

This patch fixes the function so that the case of found_username == NULL
is cleanly separated from the NO_MEMORY case and the caller can provide
the username in this case, if required.

This fixes bug #9457.

Signed-off-by: Michael Adam <obnox@samba.org>

Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Mon Dec 10 18:18:54 CET 2012 on sn-devel-104
2012-12-10 18:18:54 +01:00
Michael Adam
0770a4c01b s3:auth: fix header comment for user_sid_in_group_sid()
This function was created in 1c3c5e2156
and the header comment contained copy'n'paste errors from the original
function user_in_group_sid() that took the user name.

Signed-off-by: Michael Adam <obnox@samba.org>
2012-12-10 16:34:22 +01:00
Stefan Metzmacher
53b736444d s4:dsdb/tests/sec_descriptor: verify the search of a windows dc join keeps working
This is a regression test for bug #9470.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>

Autobuild-User(master): Michael Adam <obnox@samba.org>
Autobuild-Date(master): Mon Dec 10 15:41:12 CET 2012 on sn-devel-104
2012-12-10 15:41:11 +01:00
Stefan Metzmacher
e617a3fecb s4:dsdb/tests/sec_descriptor: verify the nTSecurityDescriptor and sd_flags interaction
This is a regression test for bug #9470.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
2012-12-10 13:53:48 +01:00
Stefan Metzmacher
6bc2caed8b s4:dsdb/operational: fix stripping of the nTSecurityDescriptor attribute
If the sd_flags control is specified, we should return nTSecurityDescriptor
only if the client asked for all attributes.

If there's a list of only explicit attribute names, we should ignore
the sd_flags control.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
2012-12-10 13:53:48 +01:00
Stefan Metzmacher
22bb2fd868 s4:dsdb/acl_read: return the nTSecurityDescriptor attr if the sd_flags control is given (bug #9470)
Not returning the nTSecurityDescriptor causes a lot of problems.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
2012-12-10 13:53:47 +01:00
Stefan Metzmacher
4f8558ffaf s4:dsdb/acl_read: give some variables a better name
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
2012-12-10 13:53:47 +01:00
Stefan Metzmacher
db15fcfa89 s4:dsdb/acl_read: fix the calculation of the attribute array for the sub search
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
2012-12-10 13:53:47 +01:00
Stefan Metzmacher
e2181617a0 s4:dsdb/acl_read: check the ldb_attr_list_copy_add() result
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
2012-12-10 13:53:46 +01:00
Stefan Metzmacher
6bcafceb75 s4:dsdb/dirsync: fix potential talloc hierachy problems (bug #9470)
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
2012-12-10 13:53:46 +01:00
Günther Deschner
ade5bfd304 s4-torture: call the s4u2self tests with arcfour and aes.
Guenther

Signed-off-by: Günther Deschner <gd@samba.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org>

Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Sun Dec  9 21:24:44 CET 2012 on sn-devel-104
2012-12-09 21:24:44 +01:00
Günther Deschner
d0bad6c335 s4-torture: precalculate expected session keys from samlogon in schannel test.
Guenther

Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2012-12-09 19:39:08 +01:00