sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2025-01-12 09:18:10 +03:00
Code
98,379 Commits 60 Branches 1,145 Tags 452 MiB
34ef6b8d20
Commit Graph

98379 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Günther Deschner
34ef6b8d20 s4-auth: fix DEBUG statement. 
Guenther

Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
 2015-03-27 01:26:16 +01:00
Günther Deschner
de6021127d gensec: map KRB5KRB_AP_ERR_BAD_INTEGRITY to logon failure. 
When requesting initiator credentials fails, we need to map the error code
KRB5KRB_AP_ERR_BAD_INTEGRITY to NT_STATUS_LOGON_FAILURE as well. This is what
current MIT kerberos returns.

Guenther

Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
 2015-03-27 01:26:16 +01:00
Günther Deschner
ac23b7dd52 s4-kdc/db-glue: make sure to use smb_krb5_get_pw_salt and smb_krb5_create_key_from_string. 
Guenther

Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
 2015-03-27 01:26:16 +01:00
Günther Deschner
023b5af639 lib/krb5_wrap: use krb5_const_principal in smb_krb5_get_pw_salt(). 
Guenther

Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
 2015-03-27 01:26:16 +01:00
Günther Deschner
a616df1848 lib/krb5_wrap: use krb5_const_principal in smb_krb5_create_key_from_string. 
Guenther

Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
 2015-03-27 01:26:16 +01:00
Günther Deschner
b7abdbb0a1 s4-auth: avoid double free of krb5 kt_entries when compiling with MIT kerberos library. 
Guenther

Pair-Programmed-With: Andreas Schneider <asn@samba.org>

Signed-off-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
 2015-03-27 01:26:16 +01:00
Andreas Schneider
f05fbc1410 s4-gensec: Check if we have delegated credentials. 
With MIT Kerberos it is possible that the GSS_C_DELEG_FLAG is set, but
the delegated_cred_handle is NULL which results in a NULL-pointer
dereference. This way we fix it.

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
 2015-03-27 01:26:16 +01:00
Günther Deschner
cebecffd98 s4-kdc/db-glue: use smb_krb5_principal_get_comp_string in dbglue. 
Guenther

Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
 2015-03-27 01:26:16 +01:00
Günther Deschner
2a0e2dd52a s4-kdc/db-glue: use principal_comp_str{case}cmp. 
Guenther

Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
 2015-03-27 01:26:16 +01:00
Günther Deschner
6d6e411fb8 s4-kdc/db-glue: add principal_comp_str{case}cmp 
Guenther

Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
 2015-03-27 01:26:16 +01:00
Günther Deschner
714862defd s4-kdc: pass down only a samba_kdc_entry to samba_krbtgt_is_in_db(). 
Guenther

Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
 2015-03-27 01:26:16 +01:00
Günther Deschner
0501db1a67 s4-kdc: pass down only a samba_kdc_entry to samba_kdc_get_pac_blob(). 
Guenther

Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
 2015-03-27 01:26:16 +01:00
Günther Deschner
78c0cf292b s4-kdc: pass down only a samba_kdc_entry to samba_princ_needs_pac(). 
Guenther

Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
 2015-03-27 01:26:16 +01:00
Günther Deschner
ba1838300c s4-kdc/db_glue: pass down only a samba_kdc_entry to samba_kdc_check_s4u2proxy(). 
Guenther

Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
 2015-03-27 01:26:16 +01:00
Günther Deschner
f4b087b483 s4-kdc/db_glue: pass down only a samba_kdc_entry to samba_kdc_check_pkinit_ms_upn_match(). 
Guenther

Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
 2015-03-27 01:26:16 +01:00
Günther Deschner
7afd9e6aca s4-kdc/db_glue: pass down only a samba_kdc_entry to samba_kdc_check_s4u2self(). 
Guenther

Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
 2015-03-27 01:26:16 +01:00
Günther Deschner
1afd3d3262 s4-kdc: build some kdc components only for Heimdal KDCs. 
Guenther

Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
 2015-03-27 01:26:16 +01:00
Günther Deschner
77ede580e9 lib/krb5_wrap: provide KRB5KDC_ERR_KEY_EXPIRED error code matching MIT. 
Guenther

Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
 2015-03-27 01:26:16 +01:00
Günther Deschner
9a0263a7c3 s4-kdc/db_glue: workaround different CLIENT_NAME_MISMATCH error codes. 
Guenther

Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
 2015-03-27 01:26:16 +01:00
Stefan Metzmacher
e6e2ec0001 librpc/ndr_nbt: we need to keep a trailing '.' in the last component of an nbt_string 
Windows uses a username of 'domain.example.com.' as username and we need to
return it that way in the NETLOGON_SAM_LOGON_RESPONSE_EX reply.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
 2015-03-27 01:26:15 +01:00
Stefan Metzmacher
1a78713552 lsa.idl: add LSA_POLICY_NOTIFICATION to LSA_POLICY_ALL_ACCESS 
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
 2015-03-27 01:26:15 +01:00
Stefan Metzmacher
c9f68df798 s4:selftest: run rpc.netlogon.admin against also ad_dc 
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
 2015-03-27 01:26:15 +01:00
Andrew Bartlett
2ec4a626b7 torture: Run lsa.trusted.domains auth tests against samba4 
We only need to skip th CreateTrustedDomainEx, which the docs strongly suggested not to use
in any case.

Andrew Bartlett

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
 2015-03-27 01:26:15 +01:00
Andrew Bartlett
f13f75f7f0 torture-lsa: Allow rpc.lsa.trusted.domains to run successfully 
We need to create a new binding, as the old binding has the wrong pipe in it (lsa, not netlogon).

Otherwise, we try to bind using the LSA UUID on the netlogon pipe, and Samba rejects that

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
 2015-03-27 01:26:15 +01:00
Stefan Metzmacher
e5163dfd57 s4:torture/rpc: use torture_skip() if torture:Forest_Trust_Dom2_Binding isn't specified for rpc.lsa.forest.trust 
We should exit 0 in this case, as it's not really an error.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
 2015-03-27 01:26:15 +01:00
Stefan Metzmacher
9b5c699ef0 s4:torture/rpc: test the old password in test_validate_trust() for rpc.lsa.forest.trust 
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
 2015-03-27 01:26:15 +01:00
Stefan Metzmacher
0133841da0 s4:torture/rpc: really use LSA_TRUST_ATTRIBUTE_FOREST_TRANSITIVE in rpc.lsa.forest.trust 
We really want to test forest trust and not external trusts here!

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
 2015-03-27 01:26:15 +01:00
Stefan Metzmacher
8094bfa2f4 s4:torture/rpc: use torture_assert*() macros for rpc.lsa.forest.trust 
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
 2015-03-27 01:26:15 +01:00
Stefan Metzmacher
281969ddb2 s4:torture/rpc: fix test_EnumTrustDomEx() with existing domains 
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
 2015-03-27 01:26:15 +01:00
Stefan Metzmacher
a15600727f s4:rpc_server/lsa: correctly set *r->out.resume_handle with NT_STATUS_OK in lsa_EnumTrustedDomainsEx() 
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
 2015-03-27 01:26:15 +01:00
Stefan Metzmacher
08f91a1f29 s4:torture/rpc: use unique sids and names for trusted domains 
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
 2015-03-27 01:26:15 +01:00
Stefan Metzmacher
1e782d9695 s4:torture/rpc: sync test_LogonControl2Ex with test_LogonControl2 
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
 2015-03-27 01:26:15 +01:00
Stefan Metzmacher
30cb12e7d2 s4:torture/rpc: let rpc.netlogon.admin pass against windows 2012r2 
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
 2015-03-27 01:26:15 +01:00
Stefan Metzmacher
038659dcbb s3:rpc_server/netlogon: improve the netr_LogonControl*() error returns 
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
 2015-03-27 01:26:15 +01:00
Stefan Metzmacher
9134681e9f s4:torture/rpc: let test_LogonControl() also accept WERR_NOT_SUPPORTED for NETLOGON_CONTROL_TRUNCATE_LOG 
There's no reason to have this implemented in samba.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
 2015-03-27 01:26:15 +01:00
Stefan Metzmacher
01cb90ad12 s4:torture/rpc: don't use the same names for 3 different tests 
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
 2015-03-27 01:26:15 +01:00
Stefan Metzmacher
d620f462ff libcli/util: let WERR_UNKNOWN_LEVEL be an alias to WERR_INVALID_LEVEL 
WERR_INVALID_LEVEL is the documented name that should be printed
in logs.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
 2015-03-27 01:26:15 +01:00
Stefan Metzmacher
da4f31e1c9 nsswitch: improve error messages in wbinfo calls 
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
 2015-03-27 01:26:15 +01:00
Stefan Metzmacher
dcb22590ca s4:heimdal_build: remove allow_warnings=True from HEIMDAL_ASN1() 
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
 2015-03-27 01:26:15 +01:00
Richard Sharpe
f0e9ba91c0 Rename SMB2_OP_FIND to SMB2_OP_QUERY_DIRECTORY so that it conforms with the MS document MS-SMB2. 
Signed-off-by: Richard Sharpe <rsharpe@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Fri Mar 27 01:24:47 CET 2015 on sn-devel-104
 2015-03-27 01:24:47 +01:00
Jelmer Vernooij
70d20da561 Move update-external.sh to third_party/ 
Signed-Off-By: Jelmer Vernooij <jelmer@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
 2015-03-26 22:47:22 +01:00
Jelmer Vernooij
483bb682a8 Merge update-waf.sh into update-external.sh 
Signed-off-by: Jelmer Vernooij <jelmer@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
 2015-03-26 22:47:22 +01:00
Jelmer Vernooij
90ec37cf90 Move waf into third_party/. 
Signed-Off-By: Jelmer Vernooij <jelmer@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
 2015-03-26 22:47:22 +01:00
Jeremy Allison
32cbbed979 s3: libsmbclient: Add missing talloc stackframe. 
Bug 11177 - no talloc stackframe at ../source3/libsmb/clifsinfo.c:444, leaking memory

https://bugzilla.samba.org/show_bug.cgi?id=11177

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>

Autobuild-User(master): Michael Adam <obnox@samba.org>
Autobuild-Date(master): Thu Mar 26 22:21:30 CET 2015 on sn-devel-104
 2015-03-26 22:21:30 +01:00
Michael Adam
d932964d5b docs: fix duplicate word in explanation of parameter 'logging'. 
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Christof Schmitt <cs@samba.org>
 2015-03-26 19:46:08 +01:00
Anoop C S
b0a9a69bcc libnetapi: Fix 241166 Fixing logically dead code 
Signed-off-by: Anoop C S <achiraya@redhat.com>
Reviewed-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>

Autobuild-User(master): Michael Adam <obnox@samba.org>
Autobuild-Date(master): Thu Mar 26 17:30:27 CET 2015 on sn-devel-104
 2015-03-26 17:30:27 +01:00
Anoop C S
fbb2d4929f registry: Fix 1273042 Identical code for if/else branch 
Signed-off-by: Anoop C S <achiraya@redhat.com>
Reviewed-by: Michael Adam <obnox@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ira Cooper <ira@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
 2015-03-26 14:54:20 +01:00
Volker Lendecke
508b45fca9 ctdb: Fix CID 1125615 Copy into fixed size buffer 
Might be a "can't happen", but strcpy always looks fishy

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
 2015-03-26 14:54:20 +01:00
Volker Lendecke
93d4e80129 ctdb: Fix CID 1125634 Out-of-bounds write 
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
 2015-03-26 14:54:20 +01:00
Volker Lendecke
c7cc3adca2 lib: Fix CID 1273009 Dereference after null check 
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
 2015-03-26 14:54:20 +01:00