sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2025-01-12 09:18:10 +03:00
Code
98,379 Commits 60 Branches 1,145 Tags 452 MiB
34ef6b8d20
Commit Graph

31636 Commits

Author SHA1 Message Date
Günther Deschner
34ef6b8d20 s4-auth: fix DEBUG statement. 
Guenther

Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
 2015-03-27 01:26:16 +01:00
Günther Deschner
de6021127d gensec: map KRB5KRB_AP_ERR_BAD_INTEGRITY to logon failure. 
When requesting initiator credentials fails, we need to map the error code
KRB5KRB_AP_ERR_BAD_INTEGRITY to NT_STATUS_LOGON_FAILURE as well. This is what
current MIT kerberos returns.

Guenther

Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
 2015-03-27 01:26:16 +01:00
Günther Deschner
ac23b7dd52 s4-kdc/db-glue: make sure to use smb_krb5_get_pw_salt and smb_krb5_create_key_from_string. 
Guenther

Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
 2015-03-27 01:26:16 +01:00
Günther Deschner
a616df1848 lib/krb5_wrap: use krb5_const_principal in smb_krb5_create_key_from_string. 
Guenther

Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
 2015-03-27 01:26:16 +01:00
Günther Deschner
b7abdbb0a1 s4-auth: avoid double free of krb5 kt_entries when compiling with MIT kerberos library. 
Guenther

Pair-Programmed-With: Andreas Schneider <asn@samba.org>

Signed-off-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
 2015-03-27 01:26:16 +01:00
Andreas Schneider
f05fbc1410 s4-gensec: Check if we have delegated credentials. 
With MIT Kerberos it is possible that the GSS_C_DELEG_FLAG is set, but
the delegated_cred_handle is NULL which results in a NULL-pointer
dereference. This way we fix it.

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
 2015-03-27 01:26:16 +01:00
Günther Deschner
cebecffd98 s4-kdc/db-glue: use smb_krb5_principal_get_comp_string in dbglue. 
Guenther

Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
 2015-03-27 01:26:16 +01:00
Günther Deschner
2a0e2dd52a s4-kdc/db-glue: use principal_comp_str{case}cmp. 
Guenther

Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
 2015-03-27 01:26:16 +01:00
Günther Deschner
6d6e411fb8 s4-kdc/db-glue: add principal_comp_str{case}cmp 
Guenther

Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
 2015-03-27 01:26:16 +01:00
Günther Deschner
714862defd s4-kdc: pass down only a samba_kdc_entry to samba_krbtgt_is_in_db(). 
Guenther

Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
 2015-03-27 01:26:16 +01:00
Günther Deschner
0501db1a67 s4-kdc: pass down only a samba_kdc_entry to samba_kdc_get_pac_blob(). 
Guenther

Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
 2015-03-27 01:26:16 +01:00
Günther Deschner
78c0cf292b s4-kdc: pass down only a samba_kdc_entry to samba_princ_needs_pac(). 
Guenther

Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
 2015-03-27 01:26:16 +01:00
Günther Deschner
ba1838300c s4-kdc/db_glue: pass down only a samba_kdc_entry to samba_kdc_check_s4u2proxy(). 
Guenther

Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
 2015-03-27 01:26:16 +01:00
Günther Deschner
f4b087b483 s4-kdc/db_glue: pass down only a samba_kdc_entry to samba_kdc_check_pkinit_ms_upn_match(). 
Guenther

Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
 2015-03-27 01:26:16 +01:00
Günther Deschner
7afd9e6aca s4-kdc/db_glue: pass down only a samba_kdc_entry to samba_kdc_check_s4u2self(). 
Guenther

Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
 2015-03-27 01:26:16 +01:00
Günther Deschner
1afd3d3262 s4-kdc: build some kdc components only for Heimdal KDCs. 
Guenther

Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
 2015-03-27 01:26:16 +01:00
Günther Deschner
77ede580e9 lib/krb5_wrap: provide KRB5KDC_ERR_KEY_EXPIRED error code matching MIT. 
Guenther

Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
 2015-03-27 01:26:16 +01:00
Günther Deschner
9a0263a7c3 s4-kdc/db_glue: workaround different CLIENT_NAME_MISMATCH error codes. 
Guenther

Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
 2015-03-27 01:26:16 +01:00
Stefan Metzmacher
c9f68df798 s4:selftest: run rpc.netlogon.admin against also ad_dc 
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
 2015-03-27 01:26:15 +01:00
Andrew Bartlett
2ec4a626b7 torture: Run lsa.trusted.domains auth tests against samba4 
We only need to skip th CreateTrustedDomainEx, which the docs strongly suggested not to use
in any case.

Andrew Bartlett

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
 2015-03-27 01:26:15 +01:00
Andrew Bartlett
f13f75f7f0 torture-lsa: Allow rpc.lsa.trusted.domains to run successfully 
We need to create a new binding, as the old binding has the wrong pipe in it (lsa, not netlogon).

Otherwise, we try to bind using the LSA UUID on the netlogon pipe, and Samba rejects that

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
 2015-03-27 01:26:15 +01:00
Stefan Metzmacher
e5163dfd57 s4:torture/rpc: use torture_skip() if torture:Forest_Trust_Dom2_Binding isn't specified for rpc.lsa.forest.trust 
We should exit 0 in this case, as it's not really an error.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
 2015-03-27 01:26:15 +01:00
Stefan Metzmacher
9b5c699ef0 s4:torture/rpc: test the old password in test_validate_trust() for rpc.lsa.forest.trust 
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
 2015-03-27 01:26:15 +01:00
Stefan Metzmacher
0133841da0 s4:torture/rpc: really use LSA_TRUST_ATTRIBUTE_FOREST_TRANSITIVE in rpc.lsa.forest.trust 
We really want to test forest trust and not external trusts here!

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
 2015-03-27 01:26:15 +01:00
Stefan Metzmacher
8094bfa2f4 s4:torture/rpc: use torture_assert*() macros for rpc.lsa.forest.trust 
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
 2015-03-27 01:26:15 +01:00
Stefan Metzmacher
281969ddb2 s4:torture/rpc: fix test_EnumTrustDomEx() with existing domains 
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
 2015-03-27 01:26:15 +01:00
Stefan Metzmacher
a15600727f s4:rpc_server/lsa: correctly set *r->out.resume_handle with NT_STATUS_OK in lsa_EnumTrustedDomainsEx() 
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
 2015-03-27 01:26:15 +01:00
Stefan Metzmacher
08f91a1f29 s4:torture/rpc: use unique sids and names for trusted domains 
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
 2015-03-27 01:26:15 +01:00
Stefan Metzmacher
1e782d9695 s4:torture/rpc: sync test_LogonControl2Ex with test_LogonControl2 
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
 2015-03-27 01:26:15 +01:00
Stefan Metzmacher
30cb12e7d2 s4:torture/rpc: let rpc.netlogon.admin pass against windows 2012r2 
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
 2015-03-27 01:26:15 +01:00
Stefan Metzmacher
9134681e9f s4:torture/rpc: let test_LogonControl() also accept WERR_NOT_SUPPORTED for NETLOGON_CONTROL_TRUNCATE_LOG 
There's no reason to have this implemented in samba.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
 2015-03-27 01:26:15 +01:00
Stefan Metzmacher
01cb90ad12 s4:torture/rpc: don't use the same names for 3 different tests 
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
 2015-03-27 01:26:15 +01:00
Stefan Metzmacher
dcb22590ca s4:heimdal_build: remove allow_warnings=True from HEIMDAL_ASN1() 
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
 2015-03-27 01:26:15 +01:00
Richard Sharpe
f0e9ba91c0 Rename SMB2_OP_FIND to SMB2_OP_QUERY_DIRECTORY so that it conforms with the MS document MS-SMB2. 
Signed-off-by: Richard Sharpe <rsharpe@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Fri Mar 27 01:24:47 CET 2015 on sn-devel-104
 2015-03-27 01:24:47 +01:00
Julien Kerihuel
caaf89e899 Add multiplex state to dcerpc flags and control over multiplex PFC flag in bind_ack and and dcesrv_alter replies 
Signed-off-by: Julien Kerihuel <j.kerihuel@openchange.org>
Reviewed-by: "Stefan (metze) Metzmacher" <metze@samba.org>
Reviewed-by: Jelmer Vernooij <jelmer@samba.org>
 2015-03-25 22:21:13 +01:00
Michael Adam
8de2164835 s4:torture: avoid use of uninitialized variable in error case. 
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>

Autobuild-User(master): Michael Adam <obnox@samba.org>
Autobuild-Date(master): Mon Mar 23 18:40:18 CET 2015 on sn-devel-104
 2015-03-23 18:40:18 +01:00
Michael Adam
1dc770ce81 s4:torture: avoid free of uninitialized variable in error case. 
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
 2015-03-23 16:04:19 +01:00
Michael Adam
2bf66d95d8 s4:torture: avoid free of uninitialized variable in error case. 
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
 2015-03-23 16:04:19 +01:00
Michael Adam
b92d51f98c s4:torture: avoid free of uninitialized variables in error-case. 
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
 2015-03-23 16:04:19 +01:00
Volker Lendecke
b024ea84ff dsdb: Fix CID 1034681 Copy-paste error 
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
 2015-03-23 16:04:18 +01:00
Andreas Schneider
c07a54b294 torture: Fix the usage of the MEMORY credential cache. 
Pair-Programmed-With: Guenther Deschner <gd@samba.org>
Pair-Programmed-With: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Andreas Schneider <asn@samba.org>
Signed-off-by: Guenther Deschner <gd@samba.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org>

Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Sat Mar 21 02:03:34 CET 2015 on sn-devel-104
 2015-03-21 02:03:34 +01:00
Andreas Schneider
a9bcc86504 kdc-db-glue: Remove unused code. 
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
 2015-03-20 23:25:54 +01:00
Andreas Schneider
b21b2d596e kdc-db-glue: Do not allocate memory for the principal 
The function we are calling already allocate memory.

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
 2015-03-20 23:25:54 +01:00
Andreas Schneider
aa1431e53f kdc-db-glue: Fix memory cleanup to avoid crashes. 
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
 2015-03-20 23:25:54 +01:00
Andreas Schneider
6ada266dcf kdc-db-glue: Fix function format of samba_kdc_message2entry() 
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
 2015-03-20 23:25:54 +01:00
Andreas Schneider
b9072d9741 kdc-db-glue: Fix a NULL pointer dereference. 
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
 2015-03-20 23:25:54 +01:00
Günther Deschner
13cd1d5c58 s4-kdc/db_glue: bad idea to free parent mem_ctx when sub function got a failure. 
Guenther

Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
 2015-03-20 23:25:54 +01:00
Günther Deschner
6d6712fdde s4-kdc/pac_glue: only include required headers. 
Guenther

Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
 2015-03-20 23:25:54 +01:00
Günther Deschner
c5965c41ae s4-kdc/pac_glue: use ENCTYPE_ARCFOUR_HMAC just like in db_glue. 
Guenther

Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
 2015-03-20 23:25:54 +01:00
Günther Deschner
e49802a02d s4-kdc/db-glue: use krb5_copy_data_contents in samba_kdc_message2entry_keys(). 
Guenther

Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
 2015-03-20 23:25:54 +01:00