1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-25 23:21:54 +03:00
Commit Graph

33238 Commits

Author SHA1 Message Date
Günther Deschner
e99c8b34fe s4-torture: add test for spoolss_GetPrinterDriverPackagePath().
Signed-off-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2016-08-23 01:06:25 +02:00
Günther Deschner
54eafcaa12 s4-torture: add test for spoolss_CorePrinterDriver().
Signed-off-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2016-08-23 01:06:24 +02:00
Günther Deschner
9c5cd9922b hresult: create enough space for the hresult_errstr message.
Signed-off-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2016-08-23 01:06:24 +02:00
Günther Deschner
beb99b8061 s4-scripting: let gen_hresult.py tolerate empty lines.
Signed-off-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2016-08-23 01:06:24 +02:00
Douglas Bagnall
23765e54e0 vlv tests: remove uninteresting debug message
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
2016-08-19 13:31:27 +02:00
ouyang.xu
98ea4a2219 pvfs_open win10 fix, need return SMB2_CREATE_TAG_QFID
Signed-off-by: kkhaike <kkhaike@gmail.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>

Autobuild-User(master): Uri Simchoni <uri@samba.org>
Autobuild-Date(master): Fri Aug 19 09:35:15 CEST 2016 on sn-devel-144
2016-08-19 09:35:14 +02:00
Uri Simchoni
5bf11f6f5b s4-smbtorture: pin copychunk exec right behavior
Add tests that show copychunk behavior when the
source and dest handles have execute right instead
of read-data right.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12149

Signed-off-by: Uri Simchoni <uri@samba.org>
Reviewed-by: David Disseldorp <ddiss@samba.org>
2016-08-16 11:31:27 +02:00
Uri Simchoni
6ce0304eda seltest: allow opening files with arbitrary rights in smb2.ioctl tests
Separate file creation (which requires write access) from the
opening of the file for the test (which might be without write
access).

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12149

Signed-off-by: Uri Simchoni <uri@samba.org>
Reviewed-by: David Disseldorp <ddiss@samba.org>
2016-08-16 11:31:27 +02:00
Uri Simchoni
7dc9f58206 seltest: implicit FILE_READ_DATA non-reporting
This test (passes against Windows Server 2012R2) shows
that the implicit FILE_READ_DATA that is added whenever
FILE_EXECUTE is granted, is not reported back when querying
the handle.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12149

Signed-off-by: Uri Simchoni <uri@samba.org>
Reviewed-by: David Disseldorp <ddiss@samba.org>
2016-08-16 11:31:27 +02:00
Uri Simchoni
55a9d35cab s4-selftest: add test for read access check
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12149

Signed-off-by: Uri Simchoni <uri@samba.org>
Reviewed-by: David Disseldorp <ddiss@samba.org>
2016-08-16 11:31:27 +02:00
Uri Simchoni
1b06acafa4 s4-selftest: add functions which create with desired access
Add functions which create a file or a directory with
specific desired access.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12149

Signed-off-by: Uri Simchoni <uri@samba.org>
Reviewed-by: David Disseldorp <ddiss@samba.org>
2016-08-16 11:31:27 +02:00
Uri Simchoni
20b9a5bd74 s4-smbtorture: use standard macros in smb2.read test
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12149

Signed-off-by: Uri Simchoni <uri@samba.org>
Reviewed-by: David Disseldorp <ddiss@samba.org>
2016-08-16 11:31:27 +02:00
Andrew Bartlett
3ce5ad1e6c selftest: Move repl_schema test to a distinct OID prefix
We also take the chance to make it clearer that the number
being passed in should be unique.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12128

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2016-08-11 00:49:15 +02:00
Andrew Bartlett
108697402c s4:dsdb/repl_meta_data: Add more info on which DN we failed to find an attid on
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12128

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2016-08-11 00:49:15 +02:00
Stefan Metzmacher
111c5fd83f s4:dsdb/repl: let dsdb_replicated_objects_convert() change remote to local attid for linked attributes
We already do that for objects in dsdb_convert_object_ex().

We need to be consistent and do the same for linked attributes.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12128

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2016-08-11 00:49:15 +02:00
Stefan Metzmacher
cff6111d2f s4:dsdb/repl: set working_schema->resolving_in_progress during schema creation
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12128

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2016-08-11 00:49:15 +02:00
Stefan Metzmacher
6bc007a914 s4:dsdb/schema: move messages for unknown attids to higher debug levels during resolving
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12128

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2016-08-11 00:49:15 +02:00
Stefan Metzmacher
5ee6f93715 s4:dsdb/schema: split out a dsdb_attribute_drsuapi_remote_to_local() function
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12128

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2016-08-11 00:49:14 +02:00
Stefan Metzmacher
2e6860df71 s4:dsdb/schema: don't update the in memory schema->prefixmap without reloading the schema!
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12128

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2016-08-11 00:49:14 +02:00
Stefan Metzmacher
b755ec74e1 s4:dsdb/schema: avoid an implicit prefix map creation in lookup functions
dsdb_create_prefix_mapping() should be the only place that calls
dsdb_schema_pfm_make_attid().

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12128

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2016-08-11 00:49:14 +02:00
Stefan Metzmacher
fa580f255c s4:dsdb/objectclass_attrs: call dsdb_attribute_from_ldb() without a prefixmap
We may not have a prefix mapping for the new attribute definition,
it will be added later.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12128

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2016-08-11 00:49:14 +02:00
Stefan Metzmacher
edeb577a59 s4:dsdb/repl: make sure the working_schema prefix map is populated with the remote prefix map
We should create the working_schema prefix map before we try to
resolve the schema. This allows getting the same mapping (if there's not already
a conflict) and allows us to remove the implicit prefix mapping creation
in the prefix mapping lookup functions.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12128

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2016-08-11 00:49:14 +02:00
Stefan Metzmacher
f905ddc104 s4:dsdb/schema: make dsdb_schema_pfm_add_entry() public and more useful
We allow a hint for the id from the remote prefix map.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12128

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2016-08-11 00:49:14 +02:00
Andrew Bartlett
29caafaf28 s4:dsdb/schema: Remove unused old schema from memory
This avoids confusion when reading the talloc dump from a ldb context that has
been the target of replication, as the dsdb_schema_copy_shallow() memory was
still around, if unused.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12115

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2016-08-11 00:49:14 +02:00
Andrew Bartlett
c533b60ceb s4:dsdb/repl: Improve memory handling in replicated schema code
This attempts to make it clear what memory is short term and what memory is long term

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12115

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2016-08-11 00:49:14 +02:00
Stefan Metzmacher
0a1627de6d s4:dsdb/schema: don't treat an older remote schema as SCHEMA_MISMATCH
It's perfectly valid to replicate from a partner with an older schema
version, otherwise schema changes would block any other replication
until every dc in the forest has the schema changes.

The avoids an endless loop trying to get schema in sync with the partner.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12115

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2016-08-11 00:49:14 +02:00
Stefan Metzmacher
386dbc428b s4:dsdb/schema: store struct dsdb_schema_info instead of a hexstring
This will simplify the schema checking in future.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12115

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2016-08-11 00:49:14 +02:00
Stefan Metzmacher
ab63866e25 s4:dsdb/repl: avoid recursion after fetching schema changes.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12115

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2016-08-11 00:49:14 +02:00
Stefan Metzmacher
7143aed4e4 s4:dsdb/schema: don't change schema->schema_info on originating schema changes.
The next reload will take care of it.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12114

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2016-08-11 00:49:14 +02:00
Uri Simchoni
3fcd937f05 selftest: tests for kerberos encryption types
This test uses tshark and cwrap's packet capturing capability
to observe the Kerberos handshakes and ensure the correct
encryption types are being used.

Signed-off-by: Uri Simchoni <uri@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Tue Aug  9 07:43:52 CEST 2016 on sn-devel-144
2016-08-09 07:43:52 +02:00
Uri Simchoni
1f90983324 heimdal: honor conf enctypes when obtaining a service ticket
This patch removes part of what's categorized in the code as
"hideous glue", which causes Heimdal to ignore krb5.conf
encryption types, and instead use either the application-
supplied values or the default compile-time values.

Signed-off-by: Uri Simchoni <uri@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2016-08-09 04:39:07 +02:00
Ralph Boehme
b17e2f5c74 s4/torture: add a test for ctdb-tombstrone-record deadlock
This tests for a possible deadlock between smbd and ctdb dealing with
ctdb tombstone records.

Commit 925625b528 explains the deadlock in
more details and contains the fix. It's a fix for a regression
introduced by the patch for bug 10008 (1cae59ce11).

If you ever want to use this test against that specific commit:

$ git checkout 925625b528
$ git cherry-pick THIS_COMMIT

This should not deadlock on a ctdb cluster.

$ git revert 925625b528

This will deadlock.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=12005

Pair-Programmed-With: Michael Adam <obnox@samba.org>

Signed-off-by: Ralph Boehme <slow@samba.org>
Signed-off-by: Michael Adam <obnox@samba.org>
2016-08-09 01:31:33 +02:00
Jeremy Allison
1ddd01dd21 s4: repl: Ensure all error paths in dreplsrv_op_pull_source_get_changes_trigger() are protected with tevent returns.
Otherwise dreplsrv_op_pull_source_get_changes_trigger() could infinitely recurse.

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Sat Aug  6 01:24:05 CEST 2016 on sn-devel-144
2016-08-06 01:24:05 +02:00
Volker Lendecke
07d12d2c71 lib: Fix a pointless error check
According to susv4, addr.s6_addr is a

uint8_t s6_addr[16]

which is always != 0

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Martin Schwenke <martin@meltin.net>
2016-08-05 22:20:05 +02:00
Volker Lendecke
63b88a7275 pyrpc: Fix CID 1364169 Explicit null dereferenced
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2016-08-05 22:20:05 +02:00
Stefan Metzmacher
fed029a624 tests:samba_tool: pass stdout and stderr to assertCmdSuccess()
This allows us to generate better assert messages and give the
developer some ideas why the command wasn't able to run.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12108

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
2016-08-04 18:26:06 +02:00
Andrew Bartlett
065dcc8a45 selftest: Merge alternate error codes into backupkey from backupkey_heimdal
This is from cea4a4b9b2 and
613d085a63ee554084cb99d2150921dd108f6b77

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12107

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>

Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Wed Aug  3 21:43:21 CEST 2016 on sn-devel-144
2016-08-03 21:43:21 +02:00
Andrew Bartlett
664bde19bf torture/backupkey: Allow WERR_INVALID_ACCESS, WERR_INVALID_PARAM or WERR_INVALID_DATA
The use of the wrong key can still create structures that parse as a SID,
therefore we can sometimes get an unusual error, which becomes a flapping test

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12107

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2016-08-03 18:00:35 +02:00
Andrew Bartlett
f6e87188b6 ldb: Add ldb_unpack_data_only_attr_list_flags()
This function allows us to control allocation of memory during parse
of the packed ldb data.

This in turn can have an important performance impact as each
small allocation can have a large overhead

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2016-07-28 10:06:12 +02:00
Andrew Bartlett
00f77d10b6 torture: Add tests for ndr_push_struct_into_fixed_blob()
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
2016-07-28 10:06:12 +02:00
Andrew Bartlett
eeb594ce93 dsdb: Limit potential stack use when parsing extended DNs
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
2016-07-28 10:06:12 +02:00
Stefan Metzmacher
caa231ac76 s4:pyrpc: correctly implement .request_timeout
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Garming Sam <garming@samba.org>
2016-07-28 10:06:10 +02:00
Garming Sam
192e54c91d rpc_server/drsuapi: Don't set msDS_IntId as attid for linked attributes if schema
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2016-07-28 10:06:10 +02:00
Garming Sam
dffe66e099 getncchanges: Set is_schema_nc when EXOP_OBJ
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2016-07-28 10:06:10 +02:00
Garming Sam
0555443213 msds_intid: Add test for schema linked attributes
This test only covers the forward link case.

NOTE: We can't confirm this against Windows because they prevent us from
modifying the schema for the schema classes.

Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2016-07-28 10:06:10 +02:00
Garming Sam
fa6411657f replmd: Send replicated update OID for forward links
(The backward link case needs to be tested)

Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2016-07-28 10:06:09 +02:00
Garming Sam
2bb5f7d3ce replmd: Remove data field on DSDB_CONTROL_REPLICATED_UPDATE_OID
There were no users of the data, and it added additional complexity

Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2016-07-28 10:06:09 +02:00
Evgeny Sinelnikov
032fc2762e rpc_server/drsuapi: Set msDS_IntId as attid for linked attributes if exists
We got WERR_DS_DRA_SCHEMA_MISMATCH for linked attributes with 8418 error for
extended attributes when using same attid as attribute object.

Signed-off-by: Evgeny Sinelnikov <sin@altlinux.ru>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2016-07-28 10:06:09 +02:00
Garming Sam
e0b6d6bb10 msds_intid: Add test for (non-schema) linked attributes
Prior to this, none of the linked attributes would be checked for their
ids.

Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2016-07-28 10:06:09 +02:00
Garming Sam
88a4d550ff valgrind: Avoid a warning about uninitialized memory
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2016-07-28 10:06:09 +02:00
Garming Sam
15e621773d replmd: Check dsdb_dn for syntax errors
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2016-07-28 10:06:09 +02:00
Volker Lendecke
9e676b25dd dsdb: Fix CID 1364520 Incorrect expression (EVALUATION_ORDER)
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>

Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Tue Jul 26 23:48:19 CEST 2016 on sn-devel-144
2016-07-26 23:48:19 +02:00
Alexander Bokovoy
f5e749414f Wrap krb5_cc_copy_creds and krb5_cc_copy_cache
Heimdal and MIT Kerberos have different API to copy credentials from a
ccache. Wrap it via lib/krb5_wrap/.

Signed-off-by: Alexander Bokovoy <ab@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>

Autobuild-User(master): Günther Deschner <gd@samba.org>
Autobuild-Date(master): Mon Jul 25 21:27:58 CEST 2016 on sn-devel-144
2016-07-25 21:27:57 +02:00
Garming Sam
1f4d9355a2 AddressSanitizer: Initialize for kcc_topology.c
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Volker Lendecke <vl@samba.org>
2016-07-25 13:56:11 +02:00
Günther Deschner
497658fede s4-torture: fix compile of new NDR PAC tests with MIT Kerberos.
Guenther

Signed-off-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Sat Jul 23 09:50:46 CEST 2016 on sn-devel-144
2016-07-23 09:50:46 +02:00
Jeremy Allison
da47e13323 s4: messaging: Remove bool auto_remove parameter from imessaging_init().
With modern messaging this doesn't do anything (it's an
empty destructor). Clean up so we can add a proper destructor
in future.

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2016-07-23 06:04:11 +02:00
Stefan Metzmacher
32a254d1dd s4:dsdb/replicated_objects: don't skip notifications on resolved conflicts
We should propagate resolved conflicts immediately.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Sat Jul 23 03:18:58 CEST 2016 on sn-devel-144
2016-07-23 03:18:58 +02:00
Stefan Metzmacher
049b50766a s4:dsdb/repl_meta_data: remember originating updates when applying replicated changes
The caller needs to know about them in order to decide about possible
notifications.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2016-07-22 23:34:22 +02:00
Stefan Metzmacher
54d32c262b s4:kdc: provide a PAC_UPN_DNS_INFO element for logons
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2016-07-22 23:34:22 +02:00
Stefan Metzmacher
8b1f5cad95 auth/auth_sam_reply: fill user_principal_* and dns_domain_name in make_user_info_dc_pac()
This is required in order to support netr_SamInfo6 and PAC_UPN_DNS_INFO
correctly.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2016-07-22 23:34:22 +02:00
Stefan Metzmacher
661e1a229e s4:selftest: run the pkinit test in the ad_dc and ad_dc_ntvfs environment
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2016-07-22 23:34:21 +02:00
Stefan Metzmacher
4ab53657cb s4:selftest: run test_pkinit_pac_heimdal.sh test
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2016-07-22 23:34:21 +02:00
Stefan Metzmacher
303906225a test_pkinit_heimdal.sh: add some more tests regarding the UF_SMARTCARD_REQUIRED behavior
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11441

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2016-07-22 23:34:21 +02:00
Stefan Metzmacher
f1bb8f69df s4:dsdb/tests: add UF_SMARTCARD_REQUIRED tests
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11441

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2016-07-22 23:34:21 +02:00
Stefan Metzmacher
acb208625b s4:dsdb/password_hash: add the UF_SMARTCARD_REQUIRED password reset magic
When UF_SMARTCARD_REQUIRED is set to an account we need to remove
the current password and add random NT and LM hashes (without updating
the pwdLastSet field.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11441

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2016-07-22 23:34:21 +02:00
Stefan Metzmacher
af4dc22314 s4:kdc: provide a PAC_CREDENTIAL_INFO element for PKINIT logons
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11441

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2016-07-22 23:34:21 +02:00
Stefan Metzmacher
c2b7bac379 s4:kdc: correctly update the PAC in samba_wdc_reget_pac()
We need to keep unknown PAC elements and just copy them.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11441

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2016-07-22 23:34:21 +02:00
Stefan Metzmacher
6762d6b591 s4:kdc: hook into heimdal's windc.pac_pk_generate hook
This allows PAC_CRENDENTIAL_INFO to be added to the PAC
when using PKINIT. In that case PAC_CRENDENTIAL_INFO contains
an encrypted PAC_CRENDENTIAL_DATA.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11441

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2016-07-22 23:34:21 +02:00
Stefan Metzmacher
0022ea9efb HEIMDAL:kdc: add krb5plugin_windc_pac_pk_generate() hook
This allows PAC_CRENDENTIAL_INFO to be added to the PAC
when using PKINIT. In that case PAC_CRENDENTIAL_INFO contains
an encrypted PAC_CRENDENTIAL_DATA.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11441

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2016-07-22 23:34:21 +02:00
Stefan Metzmacher
f61833082a HEIMDAL:kdc: reset e_text after successful pre-auth verification
This is already fixed in upstream heimdal.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11441

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2016-07-22 23:34:20 +02:00
Stefan Metzmacher
08ead28c69 HEIMDAL:lib/krb5: allow predefined PAC_{LOGON_NAME,PRIVSVR_CHECKSUM,SERVER_CHECKSUM} elements in _krb5_pac_sign()
A caller may want to specify an explicit order of PAC elements,
e.g. the PAC_UPN_DNS_INFO element should be placed after the PAC_LOGON_NAME
element.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11441

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

This is commit 7cd40a610569d5e54ebe323672794fb6415b5dac in heimdal master.
2016-07-22 23:34:20 +02:00
Stefan Metzmacher
fbd0610953 s4:torture/remote_pac: verify the order of PAC elements
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2016-07-22 23:34:20 +02:00
Stefan Metzmacher
2d9958e46c auth/credentials: also do a shallow copy of the krb5_ccache.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2016-07-22 23:34:20 +02:00
Andrew Bartlett
281b73f124 build: Add hints on what libraries to install for gpgme support on failure
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>

Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Fri Jul 22 19:51:09 CEST 2016 on sn-devel-144
2016-07-22 19:51:08 +02:00
Andrew Bartlett
88e968c9cc s4:torture/ndr: Add supplementalCredentials blob from Samba with the new SambaGPG blob
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2016-07-22 16:03:27 +02:00
Stefan Metzmacher
d903338ed6 s4:selftest: run samba.tests.samba_tool.user also against ad_dc:local
In future ad_dc_ntvfs and ad_dc will differ regarding the Primary:SambaGPG
password feature. So we should test both.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
2016-07-22 16:03:27 +02:00
Stefan Metzmacher
763acdc2e7 s4:dsdb/samdb: optionally store package_PrimarySambaGPGBlob in supplementalCredentials
It's important that Primary:SambaGPG is added as the last element.
This is the indication that it matches the current password.
When a password change happens on a Windows DC,
it will keep the old Primary:SambaGPG value, but as the first element.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
2016-07-22 16:03:27 +02:00
Stefan Metzmacher
81190f910a s4:dsdb/samdb: add configure checks for libgpgme
This will be used to store the cleartext utf16 password
GPG encrypted as 'Primary:SambaGPG' in the
supplementalCredentials attribute.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
2016-07-22 16:03:27 +02:00
Jeremy Allison
5e333b5a4e s4: torture: Don't crash if connections fail and treeXX variables are left as NULL.
Correctly log as torture fail.

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2016-07-22 10:32:22 +02:00
Garming Sam
fbc26289e5 samba_kcc: Enable the python samba_kcc
For any reasonably large domain, the old KCC is impractical as the dense
mesh topology causes replication pulses.

Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2016-07-21 06:37:08 +02:00
Garming Sam
56771ec6d0 dbcheck/release-4-1-0rc3: Add a check regarding replica locations
This DC has repsFrom for the DNS partitions, but not the corresponding
link. This ensures that dbcheck has fixed them up. This will currently
fail without the actual changes to dbcheck coming in the following
commit.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=9200

Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2016-07-21 06:37:08 +02:00
Garming Sam
abb8d77c6f kcc: Make debug more scarce
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2016-07-21 06:37:07 +02:00
Garming Sam
c11629b6ad drepl: Fix a typo
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2016-07-21 06:37:07 +02:00
Stefan Metzmacher
5437fdcffb s4:torture/ndr: add more krb5pac tests with PAC blobs from pkinit
We validate everything except the whole LOGON_INFO structure,
we even decrypt the PAC_CREDENTIALS_INFO blob and verify
PAC_CREDENTIAL_DATA_NDR and PAC_CREDENTIAL_NTLM_SECPKG.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>

Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Thu Jul 21 01:07:28 CEST 2016 on sn-devel-144
2016-07-21 01:07:28 +02:00
Stefan Metzmacher
4e4cc8e91d s4:torture/ndr: make use of torture_suite_add_ndr_pull_validate_test() in krb5pac when possible
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
2016-07-20 21:27:19 +02:00
Andrew Bartlett
a6f672d69f torture: Add another sample of a PAC that broke the old PAC_UPN_DNS_INFO handling
This is included because this sample helped us addres issues in the previous attempt at
handling PAC_UPN_DNS_INFO correctly, and I have Tris's permission to include this in our
tests.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2016-07-20 21:27:19 +02:00
Günther Deschner
930dc1a12a s4-torture: add another krb5pac buffer to the ndr test.
This one nicely demonstrates that the strings are really non-null terminated.

Guenther

Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2016-07-20 21:27:19 +02:00
Günther Deschner
7741e02867 s4-torture: add ndr krb5pac testsuite.
Someone changed the PAC buffer union without adding proper tests, now we
sometimes fail to parse the PAC completely due to that...

Guenther

Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2016-07-20 21:27:19 +02:00
Andrew Bartlett
7eab12fa63 s4:torture/ndr: Add supplementalCredentials blob from Win2012R2
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2016-07-20 21:27:18 +02:00
Andrew Bartlett
9e8228692d s4:torture/ndr: Add supplementalCredentials blobs from alpha13 and release_4_1_0rc3
This coveres the case without AES keys, and before the IDL was changed for SambaGPG support

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2016-07-20 21:27:18 +02:00
Stefan Metzmacher
c30dcaee4c s4:torture/ndr: add validation checks for strange supplementalCredentials blobs
From the mail to dochelp:

  I've also got cases (where I created an account with
  UF_NORMAL_ACCOUNT|UF_ACCOUNTDISABLE|UF_SMARTCARD_REQUIRED
  in the LDAP add) with the following strange blobs:

  One time:
  [0000] 00 00 00 00 00 00 00 00 00 00 00 00 00

  and once:
  [0000] 00 00 00 00 00 00 00 00 00 00 00 00 53

  The original issue I reported was the following, a user was created
  with a password and then userAccountControl was changed to
  UF_NORMAL_ACCOUNT|UF_SMARTCARD_REQUIRED. In that case I'm getting:

  [0000] 00 00 00 00 62 00 00 00   00 00 00 00 20 00 20 00
  [0010] 20 00 20 00 20 00 20 00   20 00 20 00 20 00 20 00
  [0020] 20 00 20 00 20 00 20 00   20 00 20 00 20 00 20 00
  [0030] 20 00 20 00 20 00 20 00   20 00 20 00 20 00 20 00
  [0040] 20 00 20 00 20 00 20 00   20 00 20 00 20 00 20 00
  [0050] 20 00 20 00 20 00 20 00   20 00 20 00 20 00 20 00
  [0060] 20 00 20 00 20 00 20 00   20 00 20 00 50 00 30

As you see the last byte (unknown3) is always different on Windows,
but always 0x00 from Samba, so I used 0x00 in order to allow the
test to pass.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
2016-07-20 21:27:18 +02:00
Günther Deschner
5690bc9095 s4-torture: rename torture_suite_add_ndr_pullpush_test to torture_suite_add_ndr_pull_validate_test.
Hoping the new name is not as confusing as the old name.

Guenther

Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2016-07-20 21:27:17 +02:00
Stefan Metzmacher
f9a4d0d2a0 s4:dsdb/password_hash: explicitly set SUPPLEMENTAL_CREDENTIALS_SIGNATURE
Typically this is automatically set in ndr_push_supplementalCredentialsBlob(),
but we need to change that behavior in order to handle strange formated
values.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11441

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
2016-07-20 21:27:17 +02:00
Stefan Metzmacher
1be64cb660 s4:kdc: ignore empty supplementalCredentialsBlob structures
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11441

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
2016-07-20 21:27:17 +02:00
Douglas Bagnall
bbdace4b2c VLV tests: remove vestigial pdb stub
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Tue Jul 19 17:22:51 CEST 2016 on sn-devel-144
2016-07-19 17:22:51 +02:00
Douglas Bagnall
465b7bf827 VLV tests: add tests with show_deleted control
These tests add a few deleted users and ensure they are VLV-able.

In a `make test` context there will be other deleted users lying
around, so we can't assert the expected results of the search without
looking first.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2016-07-19 13:41:12 +02:00
Douglas Bagnall
31707cdeaa VLV: fix handling with show_deleted and similar controls
The first search in each round of VLV performs the search then saves
the results in the form of an array of GUIDs, which subsequent calls
refer to to get different ranges from the same search. These
subsequent calls make an individual search for each GUID. If the
original search had the show_deleted control, the array may contain
GUIDs for deleted items, which would not be seen on the later
searches without the same control.

So we save all controls except the VLV itself and the sort control
(which won't affect the search for a single GUID) and reuse them on
the  subsequent VLV searches.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2016-07-19 13:41:12 +02:00
Douglas Bagnall
8bb14af584 VLV tests: comment typo
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2016-07-19 13:41:12 +02:00
Douglas Bagnall
929ec47c2a VLV tests: reduce test duplication hence elapsed time
This makes before/after lattice sparser for the slower tests. While
we're doing that, some of the  tests are changed to traverse the
lattice in a different order just in case that matters.

There is very little chance that any particular combination of before
and after parameters will behave uniquely wrongly.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2016-07-19 13:41:12 +02:00
Andrew Bartlett
0b3f2c659a selftest: Disable all replication during most replication tests
Rather than just disabling inbound replication, consider that there may be another server
in the test network, and ensure we do not replicate to or from it either.

replica_sync.py is omitted, as it tests some more subtle variations
of the DISABLE_INBOUND_REPL flag.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2016-07-19 13:41:11 +02:00
Andrew Bartlett
e359875d00 selftest: Ensure we can call DRSUAPI_EXOP_REPL_OBJ with replication disabled
We add the forced flag, so that we can leave replication otherwise disabled

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2016-07-19 13:41:11 +02:00
Andrew Bartlett
6b458a1a8c drs: pass the forced-replication flag from DsReplicaSync to GetNCChanges
This ensures we and sync from a server with DISABLE_OUTBOUND_REPL set

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2016-07-19 13:41:11 +02:00
Andrew Bartlett
fcb13cb640 selftest: Disable replication before doing forced pre-test replicate
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2016-07-19 13:41:11 +02:00
Andrew Bartlett
3a787f45cf selftest: Make repl_move more robust by disabling replication before the test
We do this before we ensure the two DCs are in sync, and then force the sync

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2016-07-19 13:41:11 +02:00
Andrew Bartlett
6145da66ef selftest: Make repl_schema more robust by disabling replication before the test
We also ensure the two DCs are in sync before the test starts

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2016-07-19 13:41:11 +02:00
Andrew Bartlett
da66a89bb4 repl: Remove check for parentGUID being NULL in dsdb_convert_object_ex()
We find that Windows 2012R2 sends a NULL parent_guid here, probably when no change to name is replicated.

That is, if there has not been a rename, this is not required information, as we
can just merge with the existing object, not matter where it is

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2016-07-19 13:41:11 +02:00
Andrew Bartlett
c48aef3c11 Remove unused and untested source4 ntptr and spoolss systems
These were never finished, were not tested and clearly will not be revived

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2016-07-19 13:41:11 +02:00
Andrew Bartlett
d183261e68 build: Always build eventlog6. This is not a duplicate of eventlog
The eventlog6 pipe is not a duplicate with the source3 code, so should be built even
for the default build with smbd for file serving

This fixes commit 0b4c741b9c

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12026
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2016-07-19 13:41:11 +02:00
Christof Schmitt
6bb41cf396 smbtorture: Correctly initialize notify request in smb2.notify.tree
Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
2016-07-18 15:14:11 +02:00
Douglas Bagnall
58acf513f9 dbcheck linked attribute tests: save environment with bad links
We save a database snapshot that contains linked attributes that
should have been deleted, and make sure dbcheck fixes those links
without ruining anything else.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2016-07-15 10:01:30 +02:00
Douglas Bagnall
d8e7ffd029 s4/selftest/provisions/dump.sh: dump to target dir if supplied
This is clearly what was meant to happen.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2016-07-15 10:01:29 +02:00
Garming Sam
31ffe97178 extended_dn_out: Force showing of one-way links if they exist
Signed-off-by: Garming Sam <garming@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2016-07-15 10:01:29 +02:00
Garming Sam
00e828a8a8 link_attrs: Add tests for one way links (and pseudo one-way)
Tested against Win2012R2. The deactivated link control has no effect on either
one way links or pseudo ones (only two-way ones presumably).

Signed-off-by: Garming Sam <garming@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2016-07-15 10:01:29 +02:00
Douglas Bagnall
9d8e7666c0 drs tests: querying linked attribute over DRS
Without the deactivated links control, we assert certain conditions over DRS
instead.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2016-07-15 10:01:28 +02:00
Douglas Bagnall
4cb565bc87 dsdb tests: add linked attribute tests
Note that this test will not work properly across ldap as the
marked-deleted linked attributes will not appear.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2016-07-15 10:01:28 +02:00
Douglas Bagnall
5ce969d0c7 dsdb: add vanish links control
Normally linked attributes are deleted by marking them as with RMD flags,
but sometimes we want them to vanish without trace. At those times we
set the DSDB_CONTROL_REPLMD_VANISH_LINKS control.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Signed-off-by: Bob Campbell <bobcampbell@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Pair-programmed-with: Andrew Bartlett <abartlet@samba.org>
2016-07-15 10:01:28 +02:00
Douglas Bagnall
b7b229a424 repl_meta_data: free context on error in replmd_modify_la_delete()
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2016-07-15 10:01:28 +02:00
Douglas Bagnall
5d201591e3 replmd_modify_delete: check talloc_new()
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2016-07-15 10:01:28 +02:00
Douglas Bagnall
ebed182e34 s4/dsdb/repl_meta_data: use local bool version of flag
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2016-07-15 10:01:28 +02:00
Christof Schmitt
f6d4380a9d selftest: Add tunable for smb2.maxfid limit
Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2016-07-14 02:06:10 +02:00
Volker Lendecke
be39b73ccd dsdb: Fix CID 1363810: Null pointer dereferences
The if-condition explicitly tests for new_schema==NULL, so this seems to be a
valid error case. The DEBUG statement would segfault in this case.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ira Cooper <ira@samba.org>

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Wed Jul 13 06:34:33 CEST 2016 on sn-devel-144
2016-07-13 06:34:33 +02:00
Christof Schmitt
f9db6fb893 smbtorture: Add smb2.maxfid
This is the same as base.maxfid, but for the SMB2 protocol: Keep opening
file handles until an error is returned, print the number of file
handles opened and finally close the file handles again.

Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2016-07-13 03:00:15 +02:00
Andrew Bartlett
8a5a9045ad dsdb: Improve debugging during SD recursion failure
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>

Autobuild-User(master): Garming Sam <garming@samba.org>
Autobuild-Date(master): Wed Jul 13 02:59:25 CEST 2016 on sn-devel-144
2016-07-13 02:59:25 +02:00
Andrew Bartlett
ba8e8687bd dsdb: Avoid search on * in replmd_replicated_apply_next()
A search on * can be quite expensive if we have to post-process any of the results

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
2016-07-12 23:24:13 +02:00
Andrew Bartlett
2d3fdc0a45 pyrpc: Allow control of RPC timeout for IRPC
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
2016-07-12 23:24:13 +02:00
Garming Sam
cea4a4b9b2 tests: Allow alternative error code for backupkey test
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2016-07-12 23:24:13 +02:00
Andrew Bartlett
fb9af9727f Revert "dsdb: Disable tombstone_reanimation module until we isolate what causes flaky tests"
This reverts commit 252b62c54e.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2016-07-09 15:06:19 +02:00
Stefan Metzmacher
7ea5ec0f28 s4:dsdb/tests: add RestoreUserPwdObjectTestCase test
This is the same as RestoreUserObjectTestCase, but we
set the password on add and reanimate.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2016-07-09 15:06:19 +02:00
Stefan Metzmacher
55932d7ecd s4:dsdb/tests: improve the RestoreUserObjectTestCase test
We verify attributes, values and their replication metadata after
each step (add, delete, reanimate).

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2016-07-09 15:06:19 +02:00
Stefan Metzmacher
cf19ab651a s4:dsdb/tests: improve tombstone_reanimation varifications
We should do case sensitive checks.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2016-07-09 15:06:19 +02:00
Stefan Metzmacher
16d36603e8 s4:dsdb/tests: make tombstone_reanimation.py executable
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2016-07-09 15:06:19 +02:00
Stefan Metzmacher
7bfefa9ae2 s4:dsdb/tests: make use assertAttributesEqual() in RestoreUserObjectTestCase()
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2016-07-09 15:06:19 +02:00
Stefan Metzmacher
c16b30c411 s4:dsdb/tombstone_reanimate: restructure the module logic
Now we keep all state in struct tr_context and split
the preparation and exectution of sub requests into
helper functions.

The most important change is that we now
pass mod_req to dsdb_user_obj_set_defaults(),
so that it can add controls to it.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2016-07-09 15:06:19 +02:00
Stefan Metzmacher
272d6478a2 s4:dsdb/common: prepare dsdb_user_obj_set_defaults() for tombstone reanimation
accountExpires gets a different value, logonHours is not updated,
operatorCount and adminCount are added.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2016-07-09 15:06:19 +02:00
Stefan Metzmacher
0350e3a42a s4:dsdb/repl_meta_data: remove secret attributes on delete
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2016-07-09 15:06:19 +02:00
Stefan Metzmacher
5287e4046d s4:dsdb/repl_meta_data: sort preserved_attrs and add "msDS-PortLDAP"
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2016-07-09 15:06:19 +02:00
Stefan Metzmacher
73d9f8bef7 s4:password_hash: correctly update pwdLastSet on deleted objects.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2016-07-09 15:06:19 +02:00
Stefan Metzmacher
6d4c4855c9 s4:dsdb/samdb: add const to dsdb_make_object_category()
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2016-07-09 15:06:19 +02:00
Andrew Bartlett
6e4e914c76 selftest: Add more tests for samba-tool drs replicate
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>

Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Fri Jul  8 13:39:01 CEST 2016 on sn-devel-144
2016-07-08 13:39:01 +02:00
Garming Sam
f060811a9f schema: raise debug level
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2016-07-08 10:01:20 +02:00
Garming Sam
657e31450c schema: Remove unnecessary schema reload code
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2016-07-08 10:01:20 +02:00
Stefan Metzmacher
769230a49a s4:torture/drs: verify the whole metadata array to be the same in the repl_move tests
We've removed the difference compared to Windows and store metadata stamps for
some empty attributes.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2016-07-08 10:01:20 +02:00
Stefan Metzmacher
26d117c2a2 s4:dsdb/password_hash: force replication meta data for empty password attributes
BUG: https://bugzilla.samba.org/show_bug.cgi?id=9654

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2016-07-08 10:01:20 +02:00
Stefan Metzmacher
b0501a1cb0 s4:dsdb/common: add a replication metadata stamp for an empty logonHours attribute
When a user object is created it gets a metadata stamp for logonHours,
while the logonHours attribute has no value.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2016-07-08 10:01:20 +02:00
Stefan Metzmacher
d243996341 s4:samba_dsdb: add "dsdb_flags_ignore" module
This module removes internal flags from ldb_message_elements.
Typically the repl_meta_data module handles DSDB_FLAG_INTERNAL_FORCE_META_DATA,
but there're some cases where we don't use that module.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=9654

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2016-07-08 10:01:20 +02:00
Stefan Metzmacher
1ca71aa152 s4:dsdb/samdb: add DSDB_FLAG_INTERNAL_FORCE_META_DATA
With this it's possible to add a replPropertyMetaData entry for an empty
attribute.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=9654

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2016-07-08 10:01:19 +02:00
Andreas Schneider
38b7bed93c s4-dsdb: Add missing header file for write() and close()
This fixes compilation with gcc 4.8.5.

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2016-07-06 19:07:16 +02:00
Andreas Schneider
860d465e2b s4-torture: Add AES and RC4 enctype checks
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlet <abartlet@samba.org>

Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Wed Jul  6 19:06:19 CEST 2016 on sn-devel-144
2016-07-06 19:06:18 +02:00
Andreas Schneider
bc3473e67c s4-torture: Add torture_check_krb5_error() function
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlet <abartlet@samba.org>
2016-07-06 15:35:17 +02:00
Andrew Bartlett
51d2779a60 schema: Reorder dsdb_set_schema() to unlink the old schema last
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
2016-07-06 15:35:17 +02:00
Andrew Bartlett
2a90606417 dsdb: Remove 120 second delay and USN from schema refresh check
We now refresh it once the schema changes, so that replication can
proceed right away.  We use the sequence number in the metadata.tdb.

The previous commit added a cache for this value, protected by
tdb_seqnum().

metadata.tdb is now opened at startup to provide this support.

Note that while still supported, schemaUpdateNow is essentially rudundent:
instead, to ensure we increment the sequence number correctly, we unify that check
into repl_meta_data at the transaction close.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
2016-07-06 15:35:17 +02:00
Andrew Bartlett
5abcdd56ba dsdb: Remove use of schema USN in samldb_add_handle_msDS_IntId
This is not a frequent enough operation to warrent a cache, and the USN will be removed
from the schema code shortly

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
2016-07-06 15:35:17 +02:00
Andrew Bartlett
bad502fd86 schema: Make the fetch of the schema version fast
Use the tdb_seqnum() to avoid needing locks to check if the schema has not changed

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn@samba.org>
2016-07-06 15:35:17 +02:00
Bob Campbell
6e378546ce provision: Ignore duplicate attid and governsID check
During the provision this causes a huge performance hit as these two
attributes are unindexed.

Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Signed-off-by: Bob Campbell <bobcampbell@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Pair-programmed-with: Garming Sam <garming@catalyst.net.nz>
2016-07-06 15:35:17 +02:00
Garming Sam
978bc8681e kerberos: Return enc data on PREAUTH_FAILED
Without the enc data, Windows clients will perform two AS-REQ causing the password
lockout count to increase by two instead of one.

Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11539

Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Tue Jul  5 10:52:32 CEST 2016 on sn-devel-144
2016-07-05 10:52:32 +02:00
Bob Campbell
965361aa92 password_hash: Make an error message clearer
Signed-off-by: Bob Campbell <bobcampbell@catalyst.net.nz>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

Autobuild-User(master): Garming Sam <garming@samba.org>
Autobuild-Date(master): Tue Jul  5 03:47:52 CEST 2016 on sn-devel-144
2016-07-05 03:47:52 +02:00
Bob Campbell
21295155cc check_password_script: Add a DEBUG message for timeouts
Signed-off-by: Bob Campbell <bobcampbell@catalyst.net.nz>
Pair-programmed-with: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2016-07-05 00:00:15 +02:00
Bob Campbell
ef0cbc5560 selftest: add check password script test
Pair-programmed-with: Garming Sam <garming@catalyst.net.nz>
Signed-off-by: Bob Campbell <bobcampbell@catalyst.net.nz>
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2016-07-05 00:00:14 +02:00
Garming Sam
878fa6ef7d check-password-script: Allow AD to execute these scripts
In contrast to source3, this is run as root and without substitution.

Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2016-07-05 00:00:14 +02:00
Uri Simchoni
2352e49f32 selftest: Add test for domain join + kerberos-only auth
Add "net ads join/leave -k" tests to the net_ads test suite.

Shift the test suite from ad_member env to ad_dc env, because:
1. Seems more appropriate (the member server plays no role in this
   test)
2. The -k test breaks against the ntvfs file server for some reason,
   when trying to open the netlogon named pipe after having established
   the session with Kerberos (the create fails).

Signed-off-by: Uri Simchoni <uri@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>

Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Fri Jul  1 15:36:37 CEST 2016 on sn-devel-144
2016-07-01 15:36:37 +02:00
Stefan Metzmacher
3b94fde963 s4:rpc_server/netlogon: make use of auth_convert_user_info_dc_saminfo{2,6}()
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2016-06-30 03:30:27 +02:00
Stefan Metzmacher
5128a874c8 s4:rpc_server/netlogon: initialize pointer to NULL in dcesrv_netr_LogonSamLogon_base()
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2016-06-30 03:30:27 +02:00
Stefan Metzmacher
3eba60aa65 auth/wbc_auth_util: change wbcAuthUserInfo_to_netr_SamInfo* from level 3 to 6
This includes user_principal_name and dns_domain_name.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2016-06-30 03:30:26 +02:00
Stefan Metzmacher
b67ea0e123 s4:auth/kerberos: improve error message in kerberos_pac_to_user_info_dc()
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2016-06-30 03:30:26 +02:00
Stefan Metzmacher
6257003dff s4:auth: fill user_principal_* and dns_domain_name in authsam_make_user_info_dc()
This is required in order to support netr_SamInfo6 and PAC_UPN_DNS_INFO
correctly.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2016-06-30 03:30:26 +02:00
Stefan Metzmacher
432e83bf5b s4:auth: make use of lpcfg_sam_name() in authsam_get_user_info_dc_principal()
This is more generic and matches all other places.

As this is only used in the KDC it's not a real logic change.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2016-06-30 03:30:26 +02:00
Stefan Metzmacher
193de1c0e9 s4:dsdb/tests: let password_lockout.py verify the logonCount values
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2016-06-30 03:30:26 +02:00
Stefan Metzmacher
20ad79fecb s4:dsdb/tests: let password_lockout.py validate the lastLogon and lastLogonTimestamp interaction
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2016-06-30 03:30:26 +02:00
Stefan Metzmacher
72d16f9900 s4:dsdb/tests: let password_lockout.py test with all combinations of krb5, ntlmssp and lockOutObservationWindow
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2016-06-30 03:30:26 +02:00
Stefan Metzmacher
ca874c200e s4:dsdb/tests: let password_lockout.py verify more fields in _readd_user()
The results differ depending on Kerberos or NTLMSSP usage
and the lockOutObservationWindow.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2016-06-30 03:30:26 +02:00
Stefan Metzmacher
4b35d540fa s4:dsdb/tests: let password_lockout.py copy user{name,pass} from the template in insta_creds()
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2016-06-30 03:30:25 +02:00
Stefan Metzmacher
2c4612243a s4:dsdb/tests: let password_lockout.py use creds and other_ldb as function arguments
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2016-06-30 03:30:25 +02:00
Stefan Metzmacher
a37eef6b7d s4:dsdb/tests: let password_lockout.py use userpass variables in all functions
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2016-06-30 03:30:25 +02:00
Stefan Metzmacher
e760319526 s4:dsdb/tests: let password_lockout.py use other_ldb variables instead of self.ldb3
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2016-06-30 03:30:25 +02:00
Stefan Metzmacher
f03d490b7b s4:dsdb/tests: let password_lockout.py use userdn variables in all functions
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2016-06-30 03:30:25 +02:00
Stefan Metzmacher
da4e419adf s4:dsdb/tests: let password_lockout.py make use of self.addCleanup() to cleanup objects
This is easier than doing it by hand...

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2016-06-30 03:30:25 +02:00
Stefan Metzmacher
73fb24c2e4 s4:dsdb/tests: let password_lockout.py use _readd_user() for testuser3 too
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2016-06-30 03:30:25 +02:00
Stefan Metzmacher
860c6b1e8f s4:dsdb/tests: let password_lockout.py pass creds as argument to _readd_user()
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2016-06-30 03:30:25 +02:00
Stefan Metzmacher
f301623550 s4:dsdb/tests: let password_lockout.py use user{name,pass,dn} variables in _readd_user()
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2016-06-30 03:30:25 +02:00
Stefan Metzmacher
a9722a17ee s4:dsdb/tests: let password_lockout.py pass username,userpass optionally to insta_creds()
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2016-06-30 03:30:25 +02:00
Stefan Metzmacher
025e573d84 s4:dsdb/tests: let password_lockout.py let _readd_user() return the ldb connection as user
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2016-06-30 03:30:25 +02:00
Stefan Metzmacher
26a96d2964 s4:dsdb/tests: let password_lockout.py make use of the _readd_user() helper function
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2016-06-30 03:30:25 +02:00
Stefan Metzmacher
7b7d7be244 s4:dsdb/tests: let password_lockout.py add a _readd_user() helper function
This is a complete copy of the code that's currently inline.
I'm doing this in multiple steps in order to keep the diff
in a reviewable state.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2016-06-30 03:30:25 +02:00
Stefan Metzmacher
27d68469e2 s4:dsdb/tests: let password_lockout.py make the LDAP error string checks more useful
We should first check if the error number is as expected and
then check for a specific WERROR in the error string.

We also add the full error string as msg to assertTrue(),
so we'll actually see it if the assertion is wrong.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2016-06-30 03:30:25 +02:00
Stefan Metzmacher
58173f28ae s4:dsdb/tests: let password_lockout.py cross-check the lastLogon value with samr
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2016-06-30 03:30:24 +02:00
Stefan Metzmacher
9e6c22dbbe s4:dsdb/tests: let password_lockout.py reduce the values for lockoutDuration and lockOutObservationWindow
This reduces the runtime of the test while still producing reliable results.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2016-06-30 03:30:24 +02:00
Stefan Metzmacher
853c2a6d8a s4:auth/sam: update the logonCount for interactive logons
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2016-06-30 03:30:24 +02:00
Stefan Metzmacher
869616ceb9 s4:auth/sam: don't update lastLogon just because it's 0 currently
Non interactive logons doesn't trigger an update
unless the (effective) badPwdCount is not 0 and lockoutTime is 0.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2016-06-30 03:30:24 +02:00
Stefan Metzmacher
1acd477960 s4:auth/sam: only reset badPwdCount when the effetive value is not 0 already
Non interactive logons doesn't reset badPwdCount to 0
when the effective badPwdCount is already 0
(with (badPasswordTime + lockOutObservationWindows) < now).

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2016-06-30 03:30:24 +02:00
Stefan Metzmacher
a35a5e9022 s4:dsdb: add some const to {samdb_result,dsdb}_effective_badPwdCount()
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2016-06-30 03:30:24 +02:00
Stefan Metzmacher
8ac4218690 s4:kdc: don't allow interactive password logons with UF_SMARTCARD_REQUIRED
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11441

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2016-06-30 03:30:24 +02:00
Stefan Metzmacher
b73cb40dd2 s4:auth_sam: don't allow interactive logons with UF_SMARTCARD_REQUIRED
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11441

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2016-06-30 03:30:23 +02:00
Stefan Metzmacher
e81d25a870 s4:dsdb/common: remove unused samdb_result_force_password_change()
The logic is incomplete and the correct logic is already available
via the constructed "msDS-UserPasswordExpiryTimeComputed" attribute.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11441

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2016-06-30 03:30:23 +02:00
Stefan Metzmacher
a5efb21a53 s4:kdc: use "msDS-UserPasswordExpiryTimeComputed" instead of samdb_result_force_password_change()
The logic in samdb_result_force_password_change() is incomplete
and the correct logic is already available via the constructed
"msDS-UserPasswordExpiryTimeComputed" attribute.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11441

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2016-06-30 03:30:23 +02:00
Stefan Metzmacher
86b9bf9591 s4:rpc_server/samr: use "msDS-UserPasswordExpiryTimeComputed" instead of samdb_result_force_password_change()
The logic in samdb_result_force_password_change() is incomplete
and the correct logic is already available via the constructed
"msDS-UserPasswordExpiryTimeComputed" attribute.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11441

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2016-06-30 03:30:23 +02:00
Stefan Metzmacher
9be4860511 s4:auth/sam: use "msDS-UserPasswordExpiryTimeComputed" instead of samdb_result_force_password_change()
The logic in samdb_result_force_password_change() is incomplete
and the correct logic is already available via the constructed
"msDS-UserPasswordExpiryTimeComputed" attribute.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11441

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2016-06-30 03:30:23 +02:00
Stefan Metzmacher
92141c6b03 s4:kdc: add some const to samba_get_logon_info_pac_blob()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11441

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2016-06-30 03:30:23 +02:00
Jeremy Allison
1d4b20d4f3 s4: ldb: Ignore case of "range" in sscanf as we've already checked for its presence.
https://bugzilla.samba.org/show_bug.cgi?id=11838

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2016-06-29 23:09:17 +02:00
Richard Sharpe
ed4af82a4f s4/selftests: test net ads dns register/unregister.
Add a new test for the net ads dns commands and the needed self test
setup. Currently tests that we can register a name and that it
turns up. Also, tests that we can register with -P.

Signed-off-by: Richard Sharpe <rsharpe@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>

Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Tue Jun 28 22:35:35 CEST 2016 on sn-devel-144
2016-06-28 22:35:35 +02:00
Volker Lendecke
874a9d9c87 libnet: Fix CID 1362934: CHECKED_RETURN
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2016-06-28 18:48:07 +02:00
Stefan Metzmacher
e0777da00b s4:dsdb/tests: add pwdLastSet tests
BUG: https://bugzilla.samba.org/show_bug.cgi?id=9654

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Mon Jun 27 08:52:48 CEST 2016 on sn-devel-144
2016-06-27 08:52:48 +02:00
Stefan Metzmacher
f77c82d950 s4:dsdb/samldb: pwdLastSet = -1 requires Unexpire-Password right
BUG: https://bugzilla.samba.org/show_bug.cgi?id=9654

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2016-06-27 05:00:18 +02:00
Stefan Metzmacher
bafa0166ee s4:dsdb/samldb: fix comment "lockoutTime" reset as per MS-SAMR 3.1.1.8.10
BUG: https://bugzilla.samba.org/show_bug.cgi?id=9654

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2016-06-27 05:00:18 +02:00
Stefan Metzmacher
1d808bb5d7 s4:dsdb/password_hash: only allow pwdLastSet as "0" or "-1"
BUG: https://bugzilla.samba.org/show_bug.cgi?id=9654

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2016-06-27 05:00:18 +02:00
Stefan Metzmacher
97534fffe6 s4:rpc_server/samr: only set pwdLastSet to "0" or "-1"
The password_hash module will take care of translating "-1"
to the current time.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=9654

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2016-06-27 05:00:18 +02:00
Stefan Metzmacher
b6933b2fda s4:dsdb/password_hash: allow pwdLastSet only changes
BUG: https://bugzilla.samba.org/show_bug.cgi?id=9654

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2016-06-27 05:00:18 +02:00
Stefan Metzmacher
cada33bb97 s4:dsdb/password_hash: make it possible to specify pwdLastSet together with a password change
BUG: https://bugzilla.samba.org/show_bug.cgi?id=9654

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2016-06-27 05:00:18 +02:00
Stefan Metzmacher
e536dbd447 s4:dsdb/password_hash: handle the DSDB_CONTROL_PASSWORD_DEFAULT_LAST_SET control
BUG: https://bugzilla.samba.org/show_bug.cgi?id=9654

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2016-06-27 05:00:17 +02:00
Stefan Metzmacher
9baae34d44 s4:dsdb/password_hash: make the DSDB_CONTROL_PASSWORD_BYPASS_LAST_SET code path more robust
BUG: https://bugzilla.samba.org/show_bug.cgi?id=9654

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2016-06-27 05:00:17 +02:00
Stefan Metzmacher
cad741c714 s4:dsdb/password_hash: only set pwdLastSet if required
BUG: https://bugzilla.samba.org/show_bug.cgi?id=9654

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2016-06-27 05:00:17 +02:00
Stefan Metzmacher
786ee29d4f s4:dsdb/password_hash: create a shallow copy of the client message for the final update
BUG: https://bugzilla.samba.org/show_bug.cgi?id=9654

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2016-06-27 05:00:17 +02:00
Stefan Metzmacher
8262ec92f7 s4:dsdb/password_hash: move ldb_msg_add_empty() calls to update_final_msg()
We should only replace attributes when we're asked to do so.
Currently that's always the case, but that will change soon.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=9654

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2016-06-27 05:00:17 +02:00
Stefan Metzmacher
8ca1c02163 s4:dsdb/password_hash: remember if we need to update the passwords and/or pwdLastSet
BUG: https://bugzilla.samba.org/show_bug.cgi?id=9654

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2016-06-27 05:00:17 +02:00
Stefan Metzmacher
f3ce752043 s4:dsdb/password_hash: call ndr_pull_supplementalCredentialsBlob in setup_io()
We should setup io->o.* (the old password attributes) completely in setup_io().

BUG: https://bugzilla.samba.org/show_bug.cgi?id=9654

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2016-06-27 05:00:17 +02:00
Stefan Metzmacher
02be8a1e8b s4:dsdb/password_hash: move the check for old passwords into setup_io()
We get everything else of the existing object there too.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=9654

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2016-06-27 05:00:17 +02:00
Stefan Metzmacher
5e48dbbf2a s4:dsdb/password_hash: leave the current value of pwdLastSet as 0 an add
BUG: https://bugzilla.samba.org/show_bug.cgi?id=9654

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2016-06-27 05:00:17 +02:00
Stefan Metzmacher
0a7994881f s4:dsdb/password_hash: make the variable names in setup_io() more clear
We get the message from the client and (optional) the existing object.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=9654

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2016-06-27 05:00:17 +02:00
Stefan Metzmacher
fec7d402e1 s4:dsdb/password_hash: split out a update_final_msg() function
BUG: https://bugzilla.samba.org/show_bug.cgi?id=9654

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2016-06-27 05:00:17 +02:00
Stefan Metzmacher
94e0afb98b s4:dsdb/password_hash: split out a password_hash_needed() function
BUG: https://bugzilla.samba.org/show_bug.cgi?id=9654

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2016-06-27 05:00:17 +02:00
Stefan Metzmacher
58e2d6557c s4:dsdb/password_hash: use full NTTIME resolution for pwdLastSet
Windows does the same...

BUG: https://bugzilla.samba.org/show_bug.cgi?id=9654

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2016-06-27 05:00:17 +02:00
Stefan Metzmacher
3b15a7a16b s4:dsdb/common: add some const to helper functions
BUG: https://bugzilla.samba.org/show_bug.cgi?id=9654

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2016-06-27 05:00:16 +02:00
Stefan Metzmacher
b74eac8d77 s4:samldb: pass down DSDB_CONTROL_PASSWORD_USER_ACCOUNT_CONTROL_OID with changed userAccountControl details
BUG: https://bugzilla.samba.org/show_bug.cgi?id=9654

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2016-06-27 05:00:16 +02:00
Stefan Metzmacher
88b7cfa881 s4:dsdb/samdb: allocate DSDB_CONTROL_PASSWORD_USER_ACCOUNT_CONTROL_OID
BUG: https://bugzilla.samba.org/show_bug.cgi?id=9654

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2016-06-27 05:00:16 +02:00
Stefan Metzmacher
5980d123b8 s4:dsdb/samldb: add DSDB_CONTROL_PASSWORD_DEFAULT_LAST_SET_OID when defaulting pwdLastSet=0
BUG: https://bugzilla.samba.org/show_bug.cgi?id=9654

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2016-06-27 05:00:16 +02:00
Stefan Metzmacher
e68a9d2fea s4:dsdb/samdb: allocate DSDB_CONTROL_PASSWORD_DEFAULT_LAST_SET_OID
This will be used to let the "password_hash" module know that
the value of pwdLastSet was defaulted to 0 in the "samldb" module
on add.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=9654

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2016-06-27 05:00:16 +02:00
Stefan Metzmacher
05fec3ef4b s4:dsdb/tests: use more useful userAccountControl/pwdLastSet values in the urgent_replication test
Using UF_SMARDCARD_REQUIRED has some side effects, so we better use
UF_DONT_EXPIRE_PASSWD which doesn't trigger additional actions.

Setting pwdLastSet to "1" is not allowed, only "-1" is able to change
an existing value of "0".

BUG: https://bugzilla.samba.org/show_bug.cgi?id=9654

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2016-06-27 05:00:16 +02:00
Stefan Metzmacher
c38a717681 s4:selftest: run samba4.ldap.password_lockout.python only against ad_dc_ntvfs
This test runs over 4-5 mins.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2016-06-27 05:00:16 +02:00
Stefan Metzmacher
e2a0dd9770 s4:dsdb/repl_meta_data: pass now to replmd_add_fix_la
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2016-06-27 05:00:16 +02:00
Stefan Metzmacher
8156cd736f s4:dsdb/tests: improve error message in test_new_user_default_attributes()
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2016-06-27 05:00:16 +02:00
Stefan Metzmacher
82d2b99718 s4:dsdb/tests: let the user_account_control.py test recover from a previous failure
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2016-06-27 05:00:16 +02:00
Stefan Metzmacher
6a73b5f198 s4:dsdb/tests: use GENSEC_SEAL for ldap connections in sam.py
This allows the tests to pass against a fully patched Windows Server.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2016-06-27 05:00:16 +02:00
Stefan Metzmacher
1bbab37d7c s4:dsdb/tests: use ncacn_ip_tcp:server[seal] for samr connections
This allows the tests to pass against a fully patched Windows Server.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2016-06-27 05:00:16 +02:00
Stefan Metzmacher
1e69c58867 s4:dsdb/tests: make user_account_control.py executable
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2016-06-27 05:00:16 +02:00
Andrew Bartlett
1ce7721b17 Revert "source4/scripting: add an option to samba_dnsupdate to add ns records."
This reverts a totally unnecessary change to samba_dnsupdate. The self test
environment does the correct things with NS records now.

This reverts commit af08cb2eee.

Signed-off-by: Richard Sharpe <rsharpe@samba.org>
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Mon Jun 27 04:13:04 CEST 2016 on sn-devel-144
2016-06-27 04:13:04 +02:00
Andrew Bartlett
552fc4acaa dsdb: Make less talloc() for parsed_dn.guid
This is always allocated, so do not make it a pointer.

This now also uses the talloc-less GUID_buf_string() when printing

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
2016-06-27 00:18:18 +02:00
Andrew Bartlett
bbf0532f07 dsdb: Avoid talloc() calls in dsdb_get_extended_dn_*()
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
2016-06-27 00:18:18 +02:00
Andrew Bartlett
5fe2607693 dsdb: Apply linked attribute backlinks as we apply the forward links
Otherwise, we spend a lot of time checking if the link is in the list, which is pointless
and very costly in large domains

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
2016-06-27 00:18:17 +02:00
Andrew Bartlett
f5ca34e6e8 dsdb: Only fetch changed attributes in replmd_update_rpmd
This avoids fetching every attribute, including in particular links that may
require additional work to resolve, when we will not look at them anyway

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
2016-06-27 00:18:17 +02:00
Andrew Bartlett
ea86f5eb0c dsdb: Fix use-after-free of parent_dn in operational module
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
2016-06-27 00:18:17 +02:00
Andrew Bartlett
2aeae27cb4 dsdb: Provide shortcuut for repl_meta_data avoiding search of link targets
This makes processing of large numbers of linked attributes much faster, as we never care about the
names during that processing

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
2016-06-27 00:18:17 +02:00
Andrew Bartlett
947996b7cb selftest: Do not run winbind tests against ad_dc_ntvfs
This runs the same winbindd as ad_dc, there is no need to duplicate the runs
2016-06-27 00:18:17 +02:00
Ralph Boehme
2db5c10ac5 s4/torture: add a test for dosmode and hidden files
Bug: https://bugzilla.samba.org/show_bug.cgi?id=11992

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2016-06-25 18:47:17 +02:00
Stefan Metzmacher
7d8edcc241 s4:rpc_server: generate the correct error when we got an invalid auth_pad_length on BIND,ALTER,AUTH3
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11982

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2016-06-24 14:09:02 +02:00
Stefan Metzmacher
e05c732c60 s4:librpc/rpc: don't ask for auth_length if we ask for auth data only
dcerpc_pull_auth_trailer() handles auth_length=NULL just fine.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11982

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2016-06-24 14:09:02 +02:00
Stefan Metzmacher
505a4e68d9 s4:rpc_server: parse auth data only for BIND,ALTER_REQ,AUTH3
We should tell dcerpc_pull_auth_trailer() that we only want
auth data.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11982

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2016-06-24 14:09:02 +02:00
Stefan Metzmacher
f360f47363 s4:rpc_server: remove unused dcesrv_connection_context->assoc_group
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
2016-06-24 14:09:01 +02:00
Stefan Metzmacher
8a5eaaf6dd s4:rpc_server: remove unused '_unused_auth_state'
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
2016-06-24 14:09:01 +02:00
Stefan Metzmacher
9f3bdc8cca s4:rpc_server: context_id fields of presentation contexts are just 16bit
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
2016-06-24 14:09:01 +02:00
Stefan Metzmacher
200864fad2 s4:server_named_pipe: make sure we use lower case pipe name
This matches what tstream_npa_connect() expects.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
2016-06-24 14:09:01 +02:00
Stefan Metzmacher
3f36d31c84 s4:rpc_server: use a variable for the max total reassembled request payload
We still use the same limit of 4 MByte (DCERPC_NCACN_REQUEST_DEFAULT_MAX_SIZE)
by default.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11948

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Thu Jun 23 04:51:16 CEST 2016 on sn-devel-144
2016-06-23 04:51:16 +02:00