1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-23 17:34:34 +03:00
Commit Graph

30205 Commits

Author SHA1 Message Date
Andrew Bartlett
038a9a7c5e selftest: Add release-4-1-0rc3 saved provision
This version has the regression where we would, on join, write an
all-zero invocationID in the replPropertyMetaData attribute, on
Deleted Objects in particular.

To demonstrate this regression, this is based on the promoted_dc
environment from make test, with the domain altered to match the
pattern used in these trees.

Andrew Bartlett

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
2013-09-22 14:39:51 -07:00
Andrew Bartlett
9b8e174fe8 selftest: Add script to assist in writing out a tree undump.sh can restore
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
2013-09-22 14:39:50 -07:00
Andrew Bartlett
25d4bafca7 dsdb: Refuse to replicate an all-zero invocationID GUID in replPropertyMetaData
This matches Windows 2008R2.

Andrew Bartlett

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
2013-09-22 11:24:31 -07:00
Andrew Bartlett
334d83e4e7 Remove NEWS file containing confusing information
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
2013-09-22 11:24:31 -07:00
Andrew Bartlett
8d9986a6e9 Remove confusing TODO file
This makes no sense in the merged tree, and only confuses users.

Andrew Bartlett

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
2013-09-22 11:24:09 -07:00
Andrew Bartlett
53c06d03a8 dsdb: Use WERR_DS_ATT_NOT_DEF_IN_SCHEMA for failed schema lookups
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
2013-09-22 11:23:50 -07:00
Michael Adam
d5eb3b225c s4:torture: remove and useless variable and assignment in smb2.session.reauth5
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Sat Sep 21 08:00:02 CEST 2013 on sn-devel-104
2013-09-21 08:00:02 +02:00
Matthieu Patou
ea3db09f69 libcli: continue to read from the socket even if the size is 0
This is an issue found by Codenomicon, with a malicious packet with 0
bytes UDP payload we will continiously be looping trying to react from
the socket event and continiously do nothing as we will bail out
thinking that we had a memory allocation error.

Original fix comes from Volker Lendecke <vl@samba.org>

Signed-off-by: Matthieu Patou <mat@matws.net>
Reviewed-by: Volker Lendecke <vl@samba.org>

Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Fri Sep 20 04:46:47 CEST 2013 on sn-devel-104
2013-09-20 04:46:47 +02:00
Andrew Bartlett
b2b948a1d0 lib/messaging: Check the server_id type correctly
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>

Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Thu Sep 19 23:19:16 CEST 2013 on sn-devel-104
2013-09-19 23:19:15 +02:00
Andrew Bartlett
aa07b5caf9 dsdb-repl_meta_data: Make handling of Deleted Objects DN clearer in delete
This code no longer needs to handle not renaming Deleted Objects
during a re-delete, because it is no longer called in that case.

Andrew Bartlett

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2013-09-19 12:28:04 -07:00
Andrew Bartlett
c42db8975f dsdb-repl_meta_data: Do not re-delete the Deleted Objects DN during replication
We need to ensure we do not re-delete the Deleted Objects DN during replication.

It itself not entirely a deleted object, but has isDeleted set.

Andrew Bartlett

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2013-09-19 12:27:55 -07:00
Andrew Bartlett
4022d8632c dsdb: Refuse to return an all-zero invocationID
This could cause an all-zero GUID to be entered into the
replPropertyMetaData, which will then fail to be replicated to other
DCs.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2013-09-19 12:27:50 -07:00
Andrew Bartlett
40f99625ee dsdb-repl_meta_data: Check for a NULL invocationID and do not proceed
This can happen if we do not find the invocationID, with later patches.

Andrew Bartlett

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2013-09-19 12:27:44 -07:00
Andrew Bartlett
a623359fb8 python/drs: Ensure to pass in the local invocationID during the domain join
This ensures (and asserts) that we never write an all-zero GUID as an invocationID
to the database in replPropertyMetaData.

Andrew Bartlett

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2013-09-19 12:25:41 -07:00
Günther Deschner
4d2ec9e37e gensec: move schannel module to toplevel.
Guenther

Signed-off-by: Günther Deschner <gd@samba.org>
Pair-Programmed-With: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2013-09-19 11:08:44 +02:00
Howard Chu
31ca4fc674 OpenLDAP provisioning tweaks
Remove BerkeleyDB-specific setup.
Streamline cn=samba partition initialization - allow any backend type for it.
Use back-mdb instead of back-ldif for cn=samba partition

Signed-off-by: Howard Chu <hyc@symas.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Nadezhda Ivanova <nivanova@symas.com>

Autobuild-User(master): Nadezhda Ivanova <nivanova@samba.org>
Autobuild-Date(master): Wed Sep 18 21:39:51 CEST 2013 on sn-devel-104
2013-09-18 21:39:51 +02:00
Howard Chu
743d4a474e Use SASL/EXTERNAL over ldapi://
The provision script will map the uid of the user running the
script to the samba-admin LDAP DN.

Signed-off-by: Howard Chu <hyc@symas.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Nadezhda Ivanova <nivanova@symas.com>
2013-09-18 19:47:55 +02:00
Howard Chu
b3bb304036 Prepare for SASL/EXTERNAL support
Signed-off-by: Howard Chu <hyc@symas.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Nadezhda Ivanova <nivanova@symas.com>
2013-09-18 19:47:55 +02:00
Alistair Leslie-Hughes
887f4fbf43 Free memory on error
Reviewed-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Wed Sep 18 19:46:41 CEST 2013 on sn-devel-104
2013-09-18 19:46:41 +02:00
Howard Chu
68a4081dd4 Add an OpenLDAP-specific extended_dn_in module
Don't "fix" plain DNs before sending them to OpenLDAP

Signed-off-by: Howard Chu <hyc@symas.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Nadezhda Ivanova <nivanova@symas.com>
2013-09-18 05:56:19 +02:00
Howard Chu
dcbd4ede2f Fix OpenLDAP partition configs
Update to use LMDB backend, BDB is deprecated
Update to support DomainDNSZones and ForestDNSZones partitions.

Signed-off-by: Howard Chu <hyc@symas.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-09-17 05:56:56 +02:00
Andrew Bartlett
4dacaef2ea dsdb: Use credentials.get_forced_sasl_mech()
This will allow us to force the use of only DIGEST-MD5, for example,
which is useful to avoid hitting GSSAPI, SPNEGO or NTLM when talking
to OpenLDAP and Cyrus-SASL.

Andrew Bartlett

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Nadezhda Ivanova <nivanova@symas.com>

Autobuild-User(master): Nadezhda Ivanova <nivanova@samba.org>
Autobuild-Date(master): Tue Sep 17 01:41:41 CEST 2013 on sn-devel-104
2013-09-17 01:41:41 +02:00
Andrew Bartlett
f75dc8f4a5 s4-rpc_server/drsuapi: Print ldb error showing why we failed to perform the access check
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2013-09-16 19:37:20 +02:00
Andrew Bartlett
35e56d2b71 dsdb: Use dsdb_next_callback() rather than a no-op per-module callback
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2013-09-16 19:36:52 +02:00
Andrew Bartlett
cccc0dee04 dsdb: Add DSDB_SEARCH_ONE_ONLY support to dsdb_module_search*()
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2013-09-16 19:36:36 +02:00
Andrew Bartlett
403ddac6c8 dsdb: When using an LDAP backend, force use of the password from secrets.ldb
This makes testing from the command line much easier, as ldbsearch -H
sam.ldb will now just work as well as it did with a tdb-based
provision.

This code was removed from it's previous location outside the ldb
module stack in aabda85a2f.

Andrew Bartlett

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Signed-off-by: Nadezhda Ivanova <nivanova@symas.com>

Autobuild-User(master): Nadezhda Ivanova <nivanova@samba.org>
Autobuild-Date(master): Wed Sep 11 21:15:50 CEST 2013 on sn-devel-104
2013-09-11 21:15:50 +02:00
Jeroen Dekkers
0af09f0179 ldb: Do not build libldb-cmdline when using system ldb.
Cleanup leftover include and linking of libldb-cmdline in
oLschema2ldif. Do not build libldb-cmdline anymore when using the
system ldb, oLschema2ldif was the only reason for building
libldb-cmdline.

Signed-off-by: Jeroen Dekkers <jeroen@dekkers.ch>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>

Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Tue Sep 10 12:52:26 CEST 2013 on sn-devel-104
2013-09-10 12:52:26 +02:00
Volker Lendecke
196da5925b smbd: Remove FORCE_OPLOCK_BREAK_TO_NONE
This flag existed to break an exclusive or batch oplock in just one
instead of two steps down to "no oplock" when we did an allocation or file
size change.  Running raw.oplock against W2k12 differs in this respect
from W2k3: W2k12 takes two steps (via level2) to break to none. This
removes the special flag that we only had for compatibility with systems
older than W2k12...

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Fri Sep  6 00:47:07 CEST 2013 on sn-devel-104
2013-09-06 00:47:07 +02:00
Volker Lendecke
778636920b torture: Adapt raw.oplock to w2k12
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2013-09-05 13:46:14 -07:00
Volker Lendecke
f6afdcd555 torture: Add a new w2k12 target
W2k12 seems to do the 2-step break to none, try running raw.oplock.batch12
against it.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2013-09-05 13:46:10 -07:00
Andrew Bartlett
38e43961c0 torture: Ensure that GSSAPI and SPNEGO packets are accepted by dlz_bind9
This exercises some more of the dlz_bind9 code outside BIND, by
sending in a ticket to be access checked, wrapped either in SPNEGO or
just in GSSAPI.

Andrew Bartlett

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>

Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Wed Sep  4 11:25:10 CEST 2013 on sn-devel-104
2013-09-04 11:25:10 +02:00
Andrew Bartlett
16b26eafa7 selftest: Add a basic test of samba_upgradedns
This does not check that the command runs correctly, but does at least check
that the command runs to completion without errors.

Andrew Bartlett

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2013-09-04 07:08:16 +02:00
Andrew Bartlett
d19c437a36 scripting/samba_upgradedns: Tighten up exception and attribute list handling
This avoids asking for attributes that will not be used, and looks only for the
expected exceptions, rather than all exceptions.

Andrew Bartlett

Reviewed-by: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
2013-09-04 07:06:05 +02:00
Andrew Bartlett
b106d9090e scripting/join.py: Handle creating the dns-NAME account during a DC join
This will ensure that the DLZ plugin works out of the box when joining a second Samba DC to the
domain.

Andrew Bartlett

Reviewed-by: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
2013-09-04 07:06:05 +02:00
Stefan Metzmacher
9edc0276c7 s4:samba_upgradedns: don't pass linklocal=False to interface_ips_v6()
This is the default...

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Bjoern Jacke <bj@sernet.de>
2013-08-30 15:35:34 +02:00
Andrew Bartlett
0ca9c74f91 provision: Rewrite named.txt to be more useful
We already chown the dns.keytab file, so remove the suggestion to do that,
and instead explain why we can not use chroot (an often-requested feature).

Andrew Bartlett

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Signed-off-by: Björn Jacke <bj@sernet.de>

Autobuild-User(master): Björn Jacke <bj@sernet.de>
Autobuild-Date(master): Thu Aug 29 13:53:25 CEST 2013 on sn-devel-104
2013-08-29 13:53:25 +02:00
Volker Lendecke
6e3650edd3 torture: Add buffercheck tests
Make sure we get the smb2 infolevel fixed portions right

I could not find correct #defines for the infolevels

Bug: https://bugzilla.samba.org/show_bug.cgi?id=10106
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Thu Aug 29 01:27:11 CEST 2013 on sn-devel-104
2013-08-29 01:27:11 +02:00
Volker Lendecke
3ddb77f7d8 torture: Split the fsinfo check into a separate test
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Fri Aug 23 20:53:12 CEST 2013 on sn-devel-104
2013-08-23 20:53:12 +02:00
Volker Lendecke
e1edffc807 torture: Split the buffercheck into a separate test
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2013-08-23 09:48:51 -07:00
Volker Lendecke
8f96d48971 torture: Change smb2.getinfo into a suite
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2013-08-23 09:48:48 -07:00
Volker Lendecke
ad8a1e2a6e libsmb2: Fix opening the rootdirectory, part 2
smb2_push_o16s16_blob is wrong for the blob.data==NULL case. It does
not do the same magic that the rest of the routine does with regards to
padding_fix.  padding_fix is wrong in its own respect, with a 0-length
blob we end up with a negative padding fix. It's wrong, but it seems
to work.

Why am I doing this? I want to make smb2.getinfo work against
w2k12. smb2_util_roothandle() always gives NT_STATUS_INVALID_PARAMETER
without this and the preceding fix.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2013-08-23 09:48:44 -07:00
Volker Lendecke
1927676412 libsmb2: Fix opening the rootdirectory, part 1
[MS-SMB2], 2.2.13 says: In the request, the Buffer field MUST be at least one
byte in length. Implement that for the 0-length filename without create blobs.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2013-08-23 09:48:40 -07:00
Volker Lendecke
971b39bb10 torture: Remove an unused variable
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2013-08-23 09:48:37 -07:00
Volker Lendecke
2055ce1dbe registry4: Fix CID 1034911 Dereference before null check
curbegin is always != NULL here (curend + 1) and is dereferenced by
strchr.

Signed-off-by: Volker Lendecke <vl@samba.org>

Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-08-19 11:15:20 +12:00
Volker Lendecke
6417d9e035 samdb: Fix CID 1034910 Dereference before null check
strncmp("tdb://", sam_name, 6) dereferences sam_name. Check for
NULL before that.

Signed-off-by: Volker Lendecke <vl@samba.org>

Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-08-19 11:08:21 +12:00
Volker Lendecke
8c4e6f0cba samdb: Fix CID 1034910 Dereference before null check
strncmp("tdb://", sam_name, 6) dereferences sam_name. Check for
NULL before that.

Signed-off-by: Volker Lendecke <vl@samba.org>

Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-08-19 11:08:19 +12:00
Volker Lendecke
35330aa2c8 samdb: Fix CID 1034910 Dereference before null check
strncmp("tdb://", secrets_ldb, 6) dereferences secrets_ldb. Check for
NULL before that.

Signed-off-by: Volker Lendecke <vl@samba.org>

Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-08-19 11:08:17 +12:00
Volker Lendecke
f82daa054a registry4: Fix CID 1034911 Dereference before null check
curbegin is always != NULL here (curend + 1) and is dereferenced by
strchr.

Signed-off-by: Volker Lendecke <vl@samba.org>

Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-08-19 11:08:15 +12:00
David Disseldorp
e0bda35cf5 torture: support Windows 2k8 response for compress_invalid_buf
Windows Server 2012 returns NT_STATUS_INVALID_USER_BUFFER, Windows
Server 2008r2 returns NT_STATUS_INVALID_PARAMETER. Don't fail the test
if either status is returned.

Signed-off-by: David Disseldorp <ddiss@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2013-08-15 13:40:49 -07:00
David Disseldorp
2c7c3fd2d6 torture: add more [no-]compress-on-open ioctl tests
compress_create_with_attr: Specifies the FILE_ATTRIBUTE_COMPRESSED
attribute at create time, then checks the created file.

compress_inherit_disable: Creates under a compressed directory, a file
with the NTCREATEX_OPTIONS_NO_COMPRESSION option. Then checks that the
newly created file doesn't inherit the parent compression state.

Signed-off-by: David Disseldorp <ddiss@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2013-08-15 13:40:45 -07:00