samba-mirror

mirror of https://github.com/samba-team/samba.git synced 2025-01-11 05:18:09 +03:00

Author	SHA1	Message	Date
Andreas Schneider	3fb40b4bec	s4-process_model: Panic if the standard init function fails Pair-Programmed-With: Michael Adam <obnox@samba.org> Signed-off-by: Andreas Schneider <asn@samba.org> Signed-off-by: Michael Adam <obnox@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>	2015-03-27 04:03:14 +01:00
Andreas Schneider	f75182841d	s4-process_model: Do not close random fds while forking. BUG: https://bugzilla.samba.org/show_bug.cgi?id=11180 The issue has been found with nss_wrapper debug output running: samba4.ntvfs.cifs.krb5.base.lock In the case here, we fork a child and close the fd without resetting the pipe fd variable. Then the fd was used to open the nss_wrapper hosts file which got the same fd. We forked again in the process model called close() on the re-used fd (of the pipe variable) again without nss_wrapper noticing. Now Samba opened the secrets tdb and got the same fd as nss_wrapper was using for the hosts file and next nss_wrapper tried to parse a TDB ... Pair-Programmed-With: Michael Adam <obnox@samba.org> Signed-off-by: Andreas Schneider <asn@samba.org> Signed-off-by: Michael Adam <obnox@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>	2015-03-27 04:03:14 +01:00
Stefan Metzmacher	14b6e0a599	s4:kdc/db-glue: samba_kdc_trust_message2entry() should use the normalized principal as salt smbclient //w2012r2-183.w2012r2-l4.base/netlogon -c 'ls' -k yes -Uadministrator@S4XDOM.BASE%A1b2C3d4 worked while smbclient //w2012r2-183.w2012r2-l4.base/netlogon -c 'ls' -k yes -Uadministrator@s4xdom.base failed, if aes keys are used across the trust. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Guenther Deschner <gd@samba.org> Autobuild-User(master): Günther Deschner <gd@samba.org> Autobuild-Date(master): Fri Mar 27 04:02:05 CET 2015 on sn-devel-104	2015-03-27 04:02:05 +01:00
Günther Deschner	4b12fcebaf	s4-kdc/db_glue: avoid accessing private struct members when there are accessor funcs. Guenther Signed-off-by: Guenther Deschner <gd@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>	2015-03-27 01:26:16 +01:00
Günther Deschner	e2eef86431	s4-kdc/db_glue: use smb_krb5_principal_set_type(). Guenther Signed-off-by: Günther Deschner <gd@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>	2015-03-27 01:26:16 +01:00
Günther Deschner	e38acb344a	krb5_wrap: add smb_krb5_principal_set_type(). Guenther Signed-off-by: Günther Deschner <gd@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>	2015-03-27 01:26:16 +01:00
Günther Deschner	34ef6b8d20	s4-auth: fix DEBUG statement. Guenther Signed-off-by: Günther Deschner <gd@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>	2015-03-27 01:26:16 +01:00
Günther Deschner	de6021127d	gensec: map KRB5KRB_AP_ERR_BAD_INTEGRITY to logon failure. When requesting initiator credentials fails, we need to map the error code KRB5KRB_AP_ERR_BAD_INTEGRITY to NT_STATUS_LOGON_FAILURE as well. This is what current MIT kerberos returns. Guenther Signed-off-by: Günther Deschner <gd@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>	2015-03-27 01:26:16 +01:00
Günther Deschner	ac23b7dd52	s4-kdc/db-glue: make sure to use smb_krb5_get_pw_salt and smb_krb5_create_key_from_string. Guenther Signed-off-by: Günther Deschner <gd@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>	2015-03-27 01:26:16 +01:00
Günther Deschner	a616df1848	lib/krb5_wrap: use krb5_const_principal in smb_krb5_create_key_from_string. Guenther Signed-off-by: Günther Deschner <gd@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>	2015-03-27 01:26:16 +01:00
Günther Deschner	b7abdbb0a1	s4-auth: avoid double free of krb5 kt_entries when compiling with MIT kerberos library. Guenther Pair-Programmed-With: Andreas Schneider <asn@samba.org> Signed-off-by: Guenther Deschner <gd@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>	2015-03-27 01:26:16 +01:00
Andreas Schneider	f05fbc1410	s4-gensec: Check if we have delegated credentials. With MIT Kerberos it is possible that the GSS_C_DELEG_FLAG is set, but the delegated_cred_handle is NULL which results in a NULL-pointer dereference. This way we fix it. Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>	2015-03-27 01:26:16 +01:00
Günther Deschner	cebecffd98	s4-kdc/db-glue: use smb_krb5_principal_get_comp_string in dbglue. Guenther Signed-off-by: Günther Deschner <gd@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>	2015-03-27 01:26:16 +01:00
Günther Deschner	2a0e2dd52a	s4-kdc/db-glue: use principal_comp_str{case}cmp. Guenther Signed-off-by: Günther Deschner <gd@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>	2015-03-27 01:26:16 +01:00
Günther Deschner	6d6e411fb8	s4-kdc/db-glue: add principal_comp_str{case}cmp Guenther Signed-off-by: Günther Deschner <gd@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>	2015-03-27 01:26:16 +01:00
Günther Deschner	714862defd	s4-kdc: pass down only a samba_kdc_entry to samba_krbtgt_is_in_db(). Guenther Signed-off-by: Günther Deschner <gd@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>	2015-03-27 01:26:16 +01:00
Günther Deschner	0501db1a67	s4-kdc: pass down only a samba_kdc_entry to samba_kdc_get_pac_blob(). Guenther Signed-off-by: Günther Deschner <gd@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>	2015-03-27 01:26:16 +01:00
Günther Deschner	78c0cf292b	s4-kdc: pass down only a samba_kdc_entry to samba_princ_needs_pac(). Guenther Signed-off-by: Günther Deschner <gd@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>	2015-03-27 01:26:16 +01:00
Günther Deschner	ba1838300c	s4-kdc/db_glue: pass down only a samba_kdc_entry to samba_kdc_check_s4u2proxy(). Guenther Signed-off-by: Günther Deschner <gd@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>	2015-03-27 01:26:16 +01:00
Günther Deschner	f4b087b483	s4-kdc/db_glue: pass down only a samba_kdc_entry to samba_kdc_check_pkinit_ms_upn_match(). Guenther Signed-off-by: Günther Deschner <gd@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>	2015-03-27 01:26:16 +01:00
Günther Deschner	7afd9e6aca	s4-kdc/db_glue: pass down only a samba_kdc_entry to samba_kdc_check_s4u2self(). Guenther Signed-off-by: Günther Deschner <gd@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>	2015-03-27 01:26:16 +01:00
Günther Deschner	1afd3d3262	s4-kdc: build some kdc components only for Heimdal KDCs. Guenther Signed-off-by: Günther Deschner <gd@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>	2015-03-27 01:26:16 +01:00
Günther Deschner	77ede580e9	lib/krb5_wrap: provide KRB5KDC_ERR_KEY_EXPIRED error code matching MIT. Guenther Signed-off-by: Günther Deschner <gd@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>	2015-03-27 01:26:16 +01:00
Günther Deschner	9a0263a7c3	s4-kdc/db_glue: workaround different CLIENT_NAME_MISMATCH error codes. Guenther Signed-off-by: Günther Deschner <gd@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>	2015-03-27 01:26:16 +01:00
Stefan Metzmacher	c9f68df798	s4:selftest: run rpc.netlogon.admin against also ad_dc Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Guenther Deschner <gd@samba.org>	2015-03-27 01:26:15 +01:00
Andrew Bartlett	2ec4a626b7	torture: Run lsa.trusted.domains auth tests against samba4 We only need to skip th CreateTrustedDomainEx, which the docs strongly suggested not to use in any case. Andrew Bartlett Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Guenther Deschner <gd@samba.org>	2015-03-27 01:26:15 +01:00
Andrew Bartlett	f13f75f7f0	torture-lsa: Allow rpc.lsa.trusted.domains to run successfully We need to create a new binding, as the old binding has the wrong pipe in it (lsa, not netlogon). Otherwise, we try to bind using the LSA UUID on the netlogon pipe, and Samba rejects that Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Guenther Deschner <gd@samba.org>	2015-03-27 01:26:15 +01:00
Stefan Metzmacher	e5163dfd57	s4:torture/rpc: use torture_skip() if torture:Forest_Trust_Dom2_Binding isn't specified for rpc.lsa.forest.trust We should exit 0 in this case, as it's not really an error. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Guenther Deschner <gd@samba.org>	2015-03-27 01:26:15 +01:00
Stefan Metzmacher	9b5c699ef0	s4:torture/rpc: test the old password in test_validate_trust() for rpc.lsa.forest.trust Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Guenther Deschner <gd@samba.org>	2015-03-27 01:26:15 +01:00
Stefan Metzmacher	0133841da0	s4:torture/rpc: really use LSA_TRUST_ATTRIBUTE_FOREST_TRANSITIVE in rpc.lsa.forest.trust We really want to test forest trust and not external trusts here! Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Guenther Deschner <gd@samba.org>	2015-03-27 01:26:15 +01:00
Stefan Metzmacher	8094bfa2f4	s4:torture/rpc: use torture_assert*() macros for rpc.lsa.forest.trust Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Guenther Deschner <gd@samba.org>	2015-03-27 01:26:15 +01:00
Stefan Metzmacher	281969ddb2	s4:torture/rpc: fix test_EnumTrustDomEx() with existing domains Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Guenther Deschner <gd@samba.org>	2015-03-27 01:26:15 +01:00
Stefan Metzmacher	a15600727f	s4:rpc_server/lsa: correctly set *r->out.resume_handle with NT_STATUS_OK in lsa_EnumTrustedDomainsEx() Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Guenther Deschner <gd@samba.org>	2015-03-27 01:26:15 +01:00
Stefan Metzmacher	08f91a1f29	s4:torture/rpc: use unique sids and names for trusted domains Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Guenther Deschner <gd@samba.org>	2015-03-27 01:26:15 +01:00
Stefan Metzmacher	1e782d9695	s4:torture/rpc: sync test_LogonControl2Ex with test_LogonControl2 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Guenther Deschner <gd@samba.org>	2015-03-27 01:26:15 +01:00
Stefan Metzmacher	30cb12e7d2	s4:torture/rpc: let rpc.netlogon.admin pass against windows 2012r2 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Guenther Deschner <gd@samba.org>	2015-03-27 01:26:15 +01:00
Stefan Metzmacher	9134681e9f	s4:torture/rpc: let test_LogonControl() also accept WERR_NOT_SUPPORTED for NETLOGON_CONTROL_TRUNCATE_LOG There's no reason to have this implemented in samba. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Guenther Deschner <gd@samba.org>	2015-03-27 01:26:15 +01:00
Stefan Metzmacher	01cb90ad12	s4:torture/rpc: don't use the same names for 3 different tests Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Guenther Deschner <gd@samba.org>	2015-03-27 01:26:15 +01:00
Stefan Metzmacher	dcb22590ca	s4:heimdal_build: remove allow_warnings=True from HEIMDAL_ASN1() Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Guenther Deschner <gd@samba.org>	2015-03-27 01:26:15 +01:00
Richard Sharpe	f0e9ba91c0	Rename SMB2_OP_FIND to SMB2_OP_QUERY_DIRECTORY so that it conforms with the MS document MS-SMB2. Signed-off-by: Richard Sharpe <rsharpe@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Fri Mar 27 01:24:47 CET 2015 on sn-devel-104	2015-03-27 01:24:47 +01:00
Julien Kerihuel	caaf89e899	Add multiplex state to dcerpc flags and control over multiplex PFC flag in bind_ack and and dcesrv_alter replies Signed-off-by: Julien Kerihuel <j.kerihuel@openchange.org> Reviewed-by: "Stefan (metze) Metzmacher" <metze@samba.org> Reviewed-by: Jelmer Vernooij <jelmer@samba.org>	2015-03-25 22:21:13 +01:00
Michael Adam	8de2164835	s4:torture: avoid use of uninitialized variable in error case. Signed-off-by: Michael Adam <obnox@samba.org> Reviewed-by: Volker Lendecke <vl@samba.org> Autobuild-User(master): Michael Adam <obnox@samba.org> Autobuild-Date(master): Mon Mar 23 18:40:18 CET 2015 on sn-devel-104	2015-03-23 18:40:18 +01:00
Michael Adam	1dc770ce81	s4:torture: avoid free of uninitialized variable in error case. Signed-off-by: Michael Adam <obnox@samba.org> Reviewed-by: Volker Lendecke <vl@samba.org>	2015-03-23 16:04:19 +01:00
Michael Adam	2bf66d95d8	s4:torture: avoid free of uninitialized variable in error case. Signed-off-by: Michael Adam <obnox@samba.org> Reviewed-by: Volker Lendecke <vl@samba.org>	2015-03-23 16:04:19 +01:00
Michael Adam	b92d51f98c	s4:torture: avoid free of uninitialized variables in error-case. Signed-off-by: Michael Adam <obnox@samba.org> Reviewed-by: Volker Lendecke <vl@samba.org>	2015-03-23 16:04:19 +01:00
Volker Lendecke	b024ea84ff	dsdb: Fix CID 1034681 Copy-paste error Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Michael Adam <obnox@samba.org>	2015-03-23 16:04:18 +01:00
Andreas Schneider	c07a54b294	torture: Fix the usage of the MEMORY credential cache. Pair-Programmed-With: Guenther Deschner <gd@samba.org> Pair-Programmed-With: Stefan Metzmacher <metze@samba.org> Signed-off-by: Andreas Schneider <asn@samba.org> Signed-off-by: Guenther Deschner <gd@samba.org> Signed-off-by: Stefan Metzmacher <metze@samba.org> Autobuild-User(master): Stefan Metzmacher <metze@samba.org> Autobuild-Date(master): Sat Mar 21 02:03:34 CET 2015 on sn-devel-104	2015-03-21 02:03:34 +01:00
Andreas Schneider	a9bcc86504	kdc-db-glue: Remove unused code. Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>	2015-03-20 23:25:54 +01:00
Andreas Schneider	b21b2d596e	kdc-db-glue: Do not allocate memory for the principal The function we are calling already allocate memory. Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>	2015-03-20 23:25:54 +01:00
Andreas Schneider	aa1431e53f	kdc-db-glue: Fix memory cleanup to avoid crashes. Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>	2015-03-20 23:25:54 +01:00

1 2 3 4 5 ...

31642 Commits