1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-27 03:21:53 +03:00
Commit Graph

86757 Commits

Author SHA1 Message Date
Günther Deschner
25be92b925 s3-libnetjoin: Fix Bug #10262: use upper-case realm when composing default upn.
In case we are about to generate a keytab during the join make sure the default
upn we create is usable with kinit -k.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=10262

Guenther

Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>

Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Tue Nov 12 16:39:03 CET 2013 on sn-devel-104
2013-11-12 16:39:03 +01:00
Benjamin Franzke
0dd512eead s4:torture/netlogon: Test netlogon with additional attrs
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Nadezhda Ivanova <nivanova@symas.com>

se enter the commit message for your changes. Lines starting

Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Tue Nov 12 00:57:19 CET 2013 on sn-devel-104
2013-11-12 00:57:19 +01:00
Benjamin Franzke
767bd6a4d4 s4:torture/ldap: Add test for netlogon over tcp
This patch moves the udp netlogon tests from cldap.c
to netlogon.c and passes a generic netlogon-send
function as parameter.

Therefore a tcp replacement for cldap_netlogon is also added.
The two variants tcp and udp are added as 2 new torture tests:

ldap.netlogon-udp & ldap.netlogon-tcp
Both tests succeed.

Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Nadezhda Ivanova <nivanova@symas.com>
2013-11-11 23:00:55 +01:00
Benjamin Franzke
e306250a25 libcli/cldap: Add utility to create netlogon filter
This utility is splitted of from cldap_netlogon_send.

Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Nadezhda Ivanova <nivanova@symas.com>
2013-11-11 23:00:55 +01:00
Benjamin Franzke
68ebb09193 s4:dsdb: Move cldap netlogon functions into samdb/ldb_modules
As netlogon is handled by the samdb now,
the corresponding functions should live there as well.

Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Nadezhda Ivanova <nivanova@symas.com>
2013-11-11 23:00:54 +01:00
Benjamin Franzke
7106dcf2b8 s4:cldap_server: Do not handle netlogon ourself anymore
Netlogon is now handled by the ldb rootdse module.

The netlogon files will be moved to dsdb in the next commit.

Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Nadezhda Ivanova <nivanova@symas.com>
2013-11-11 23:00:54 +01:00
Benjamin Franzke
0620c79d76 s4:dsdb/rootdse: Support netlogon request
This patch adds support for a netlogon ldap style request
over the tcp socket.  This is available since win2k3+ [1].

The automatic client join & configuration daemon "realmd" makes
use of this ability.
Realmd can now be used to join a computer to a samba 4 domain.
(See also:
https://lists.samba.org/archive/samba-technical/2013-October/095606.html)

Tested with:
ldapsearch -h samba-srv -x -b '' -s base "(&(NtVer=\06\00\00\00)(AAC=\00\00\00\00))" NetLogon

And compared the result in wireshark with cldap request issued by
examples/misc/cldap.pl.

[1]: http://wiki.wireshark.org/MS-CLDAP?action=recall&rev=8

Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Nadezhda Ivanova <nivanova@symas.com>
2013-11-11 23:00:54 +01:00
Benjamin Franzke
7a5a62547b s4:dsdb/rootdse: Pass rootdse context to rootdse_add_dynamic
This replaced the *module parameter, and uses ac->module in the function
instead, same for *req and *attrs.

Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Nadezhda Ivanova <nivanova@symas.com>
2013-11-11 23:00:54 +01:00
Benjamin Franzke
3721274168 s4:cldap_server: Move netlogon parsing into utility function
To be used later by netlogon-request over ldap.

Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Nadezhda Ivanova <nivanova@symas.com>
2013-11-11 23:00:54 +01:00
Benjamin Franzke
ca8acb681a provision: Fix string replacement ordering
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Nadezhda Ivanova <nivanova@symas.com>
2013-11-11 23:00:54 +01:00
Benjamin Franzke
32ee231da5 s4:torture/cldap: Fix a typo
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Nadezhda Ivanova <nivanova@symas.com>
2013-11-11 23:00:54 +01:00
Volker Lendecke
490418d636 gpo: Fix CID 1034880 Resource leak
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ira Cooper <ira@samba.org>

Autobuild-User(master): Ira Cooper <ira@samba.org>
Autobuild-Date(master): Mon Nov 11 22:59:10 CET 2013 on sn-devel-104
2013-11-11 22:59:10 +01:00
Volker Lendecke
4d97b5dcca gpo: Fix CID 1034881 Resource leak
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ira Cooper <ira@samba.org>
2013-11-11 21:04:09 +01:00
Volker Lendecke
b7420e44b1 ntvfs: Fix CID 1034883 Resource leak
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ira Cooper <ira@samba.org>
2013-11-11 21:04:09 +01:00
Volker Lendecke
144428058a backupkey: Fix CID 1034885 Resource leak
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ira Cooper <ira@samba.org>
2013-11-11 21:04:09 +01:00
Volker Lendecke
0e19812782 smbd: Fix CID 1035365 Buffer not null terminated
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ira Cooper <ira@samba.org>
2013-11-11 21:04:09 +01:00
Volker Lendecke
2a73a4985e smbd: Fix CID 1035366 Buffer not null terminated
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ira Cooper <ira@samba.org>
2013-11-11 21:04:09 +01:00
Volker Lendecke
a60f513e89 smbd: Use fstring in conn_tdb.c
It might be legacy, but as long as we have it, we can make use of it.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ira Cooper <ira@samba.org>
2013-11-11 21:04:09 +01:00
Volker Lendecke
3b8c3e5dde smbd: Use fstring in conn_tdb.h
It might be legacy, but as long as we have it, we can make use of it.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ira Cooper <ira@samba.org>
2013-11-11 21:04:09 +01:00
Volker Lendecke
ea83ac6b01 smbd: Fix CID 1035478 Negative array index read
lp_parm_enum can return -1. Add error checking.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ira Cooper <ira@samba.org>
2013-11-11 21:04:09 +01:00
Volker Lendecke
df8dff7dd2 samdb: Fix CID 241968 Uninitialized pointer read
Interestingly gcc does not catch this at all.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ira Cooper <ira@samba.org>
2013-11-11 21:04:09 +01:00
Volker Lendecke
c6ca14a78b heimdal: Fix 241482 Resource leak
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ira Cooper <ira@samba.org>
2013-11-11 21:04:09 +01:00
Volker Lendecke
d2731ad5aa ldb: Fix CID 241329 Array compared against 0
u.generate.remote_names is an array, not a pointer

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ira Cooper <ira@samba.org>
2013-11-11 21:04:09 +01:00
Volker Lendecke
6b7b007a67 libsmb: Fix CID 241313 Array compared against 0
userinfo->passwrd is not a pointer, no point in checking for !=NULL

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ira Cooper <ira@samba.org>
2013-11-11 21:04:09 +01:00
Volker Lendecke
c85deeed32 smbd: Fix CID 1035434 Same on both sides
Looks scary, but the only effect of this bug is too many UNLOCK messages

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ira Cooper <ira@samba.org>
2013-11-11 21:04:09 +01:00
Volker Lendecke
43ac7e81ec iniparser: Fix CID 241908 Copy into fixed size buffer
strcpy is never a good idea....

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ira Cooper <ira@samba.org>
2013-11-11 21:04:08 +01:00
Volker Lendecke
1cae867f72 libsmb: Fix CID 1127343 Dead default in switch
We have checked sec_channel_type a few lines above already

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ira Cooper <ira@samba.org>
2013-11-11 21:04:08 +01:00
Volker Lendecke
70dbb893cf netapi: Fix CID 1127344 Uninitialized scalar variable
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ira Cooper <ira@samba.org>
2013-11-11 21:04:08 +01:00
Volker Lendecke
4ddb9cfd95 net: Fix CID 1035403 Unchecked return value
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ira Cooper <ira@samba.org>
2013-11-11 21:04:08 +01:00
Volker Lendecke
55b0a16e9b registry: Fix Coverity ID 1034918 Wrong sizeof argument
sizeof(data_val) is the size of the pointer. This might well be 8 bytes
where the string is only 4 bytes long

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ira Cooper <ira@samba.org>
2013-11-11 21:04:08 +01:00
Volker Lendecke
ba370ae630 registry: Fix Coverity ID 1034917 Wrong sizeof argument
sizeof(data_val) is the size of the pointer. This might well be 8 bytes
where the string is only 4 bytes long

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ira Cooper <ira@samba.org>
2013-11-11 21:04:08 +01:00
Volker Lendecke
4e80a30daa registry: Fix Coverity ID 1034916 Wrong sizeof argument
sizeof(data_val) is the size of the pointer. This might well be 8 bytes
where the string is only 4 bytes long

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ira Cooper <ira@samba.org>
2013-11-11 21:04:08 +01:00
Volker Lendecke
0c8d5df5ca dsdb: Fix Coverity ID 1034907 Dereference before null check
"module" has already been dereferenced by ldb_module_get_private(module)

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ira Cooper <ira@samba.org>
2013-11-11 21:04:08 +01:00
Volker Lendecke
096358f4e1 oLschema2ldif: Add some NULL checks
This should fix Coverity ID 1034812

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ira Cooper <ira@samba.org>
2013-11-11 21:04:08 +01:00
Michael Adam
97bbd631d8 s4:torture:smb2: add new lease.upgrade3 test to test the contended upgrade
Test what upgrades work when there is another lease already held,
in addition to the lease to be upgraded.

 The summary of the behaviour is this:
 -------------------------------------

 If we have two leases (lease1 and lease2) on the same file,
 then attempt to upgrade lease1 results in a change if and only
 if the requested lease state:
 - is valid,
 - is strictly a superset of lease1, and
 - can held together with lease2.

 In that case, the resuling lease state of the upgraded lease1
 is the state requested in the upgrade. lease2 is not broken
 and remains unchanged.

 Note that this contrasts the case of directly opening with
 an initial requested lease state, in which case you get that
 portion of the requested state that can be shared with the
 already existing leases (or the states that they get broken to).

Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: David Disseldorp <ddiss@samba.org>

Autobuild-User(master): David Disseldorp <ddiss@samba.org>
Autobuild-Date(master): Mon Nov 11 18:04:47 CET 2013 on sn-devel-104
2013-11-11 18:04:47 +01:00
Michael Adam
363c4ade52 s4:torture:smb2: add comment explaining lease upgrade in the non-contended case
The summary of the behaviour is this:
-------------------------------------
An uncontended lease upgrade results in a change
if and only if the requested lease state is
- valid, and
- strictly a superset of the lease state already held.

In that case the resulting lease state is the one
requested in the upgrade.

Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: David Disseldorp <ddiss@samba.org>
2013-11-11 16:09:38 +01:00
Volker Lendecke
0eaae1a87f README.Coding: Add __func__
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>

Autobuild-User(master): Michael Adam <obnox@samba.org>
Autobuild-Date(master): Mon Nov 11 16:08:09 CET 2013 on sn-devel-104
2013-11-11 16:08:09 +01:00
Volker Lendecke
bbb5f66bcd smbd: Fix DEBUG in do_break_to_none
The name of this function has changed, but the DEBUG statements have
not been adapted. This is the case in a lot of our code. With __func__
this problem goes away: __func__ is C99, and we also use it already.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
2013-11-11 14:13:58 +01:00
Björn Baumbach
22af043d2f CVE-2013-4476: s4:libtls: check for safe permissions of tls private key file (key.pem)
If the tls key is not owned by root or has not mode 0600 samba will not
start up.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=10234

Pair-Programmed-With: Stefan Metzmacher <metze@samba.org>

Signed-off-by: Björn Baumbach <bb@sernet.de>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>

Autobuild-User(master): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(master): Mon Nov 11 13:07:16 CET 2013 on sn-devel-104
2013-11-11 13:07:16 +01:00
Björn Baumbach
e0248cde8d CVE-2013-4476: s4:libtls: Create tls private key file (key.pem) with mode 0600
Bug: https://bugzilla.samba.org/show_bug.cgi?id=10234

Signed-off-by: Björn Baumbach <bb@sernet.de>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2013-11-11 11:14:36 +01:00
Stefan Metzmacher
cf29fb2cf4 CVE-2013-4476: selftest/Samba4: use umask 0077 within mk_keyblobs()
We should generate private keys with 0600.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=10234

Pair-Programmed-With: Björn Baumbach <bb@sernet.de>

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Björn Baumbach <bb@sernet.de>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2013-11-11 11:14:36 +01:00
Björn Baumbach
83a3ae18dd CVE-2013-4476: samba-tool provision: create ${private_dir}/tls with mode 0700
Bug: https://bugzilla.samba.org/show_bug.cgi?id=10234

Signed-off-by: Björn Baumbach <bb@sernet.de>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2013-11-11 11:14:36 +01:00
Björn Baumbach
63d98ed904 CVE-2013-4476: lib-util: split out file_save_mode() from file_save()
file_save_mode() writes files with specified mode.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=10234

Signed-off-by: Björn Baumbach <bb@sernet.de>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2013-11-11 11:14:36 +01:00
Björn Baumbach
8eae8d28bc CVE-2013-4476: lib-util: add file_check_permissions()
Bug: https://bugzilla.samba.org/show_bug.cgi?id=10234

Signed-off-by: Björn Baumbach <bb@sernet.de>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2013-11-11 11:14:36 +01:00
Björn Jacke
374b2cfde7 xattr: fix listing EAs on *BSD for non-root users
Thanks to Stefan Rompf for reporting.

This fixes bug #10247

Signed-off-by: Bjoern Jacke <bj@sernet.de>
Reviewed-by: Jeremy Allison <jra@samba.org>

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Fri Nov  8 20:43:30 CET 2013 on sn-devel-104
2013-11-08 20:43:29 +01:00
Andreas Schneider
12a2230581 s4-smb_server: Fix a use after free.
If we haven't allocated the smbsrv_session then we should not free it.

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2013-11-08 09:45:10 -08:00
Andreas Schneider
29f12e7d59 s3-vfs: Fix stream_depot vfs module on btrfs.
Checking if the directory is empty using 'nlink == 2' only checks if
there are no subdirectories. It doesn't indicate if there are files in
the directory. However checking link count for no subdirectories is
wrong and applications shouldn't rely on it, see:

https://lkml.org/lkml/2012/2/1/756

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2013-11-08 09:42:20 -08:00
David Disseldorp
c7aab6e520 vfstest: fix uninitialised variable usage in open
The vfstest open command currently fails intermittently due to a read of
a potentially uninitialised status variable.

Signed-off-by: David Disseldorp <ddiss@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2013-11-08 09:40:37 -08:00
Atul Kulkarni
15b0c39bef net: remove net idmap secret
This is moved to net idmap set secret for consistency.

Signed-off-by: Atul Kulkarni <atul.kulkarni@in.ibm.com>
Reviewed-by: Michael Adam <obnox@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Fri Nov  8 01:03:25 CET 2013 on sn-devel-104
2013-11-08 01:03:25 +01:00
Atul Kulkarni
d6979eea80 doc: update the net manpage for net idmap set, get and delete
Signed-off-by: Atul Kulkarni <atul.kulkarni@in.ibm.com>
Reviewed-by: Michael Adam <obnox@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2013-11-07 14:01:36 -08:00