1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-25 23:21:54 +03:00
Commit Graph

78507 Commits

Author SHA1 Message Date
Michael Adam
4831b6e6bb s3:net ads join: check for malloc success and react accordingly in dns update block 2012-01-31 17:00:30 +01:00
Michael Adam
ca913c98a6 s3:net ads join: check for success of fetching machine password in dns update block
log and cleanup accordingly if failed
2012-01-31 17:00:30 +01:00
Michael Adam
04fa9a389c s3:net ads join: untangle assignment from check, fix return code and improve error logging
only the dns update failed, not the join.
Also do proper memory cleanup
2012-01-31 17:00:30 +01:00
Michael Adam
63d9b5d75a s3:net ads join: reduce indentation and improve logging in the dns update code block
by doing an early goto done upon error condition
2012-01-31 17:00:30 +01:00
Michael Adam
1d83f2118e s3:net ads join: untangle assignment from check. 2012-01-31 17:00:30 +01:00
Michael Adam
dc4cf82fb5 s3:net registry: fix a copy and paste error in a help text 2012-01-31 17:00:30 +01:00
Amitay Isaacs
2343703985 tevent: Fix python documentation strings
Autobuild-User: Amitay Isaacs <amitay@samba.org>
Autobuild-Date: Tue Jan 31 16:59:29 CET 2012 on sn-devel-104
2012-01-31 16:59:29 +01:00
Jelmer Vernooij
c83ce7bcc6 replace: Only include C files from which there are actually functions used.
Autobuild-User: Jelmer Vernooij <jelmer@samba.org>
Autobuild-Date: Tue Jan 31 15:21:04 CET 2012 on sn-devel-104
2012-01-31 15:21:04 +01:00
Jelmer Vernooij
5c50e08983 replace: use libbsd for strlcat/strlcpy when available. 2012-01-31 13:44:17 +01:00
Amitay Isaacs
bfa951db97 s4-s3-upgrade: Check if there are duplicate sids for users and groups
Autobuild-User: Amitay Isaacs <amitay@samba.org>
Autobuild-Date: Tue Jan 31 02:23:17 CET 2012 on sn-devel-104
2012-01-31 02:23:17 +01:00
Amitay Isaacs
449ca75759 s4-s3-upgrade: Use lowercase hostname as hostname for provision 2012-01-31 00:49:07 +01:00
Jeremy Allison
1fdc96ecaf Fix bug #8139 - smbclient fails if server does not support Echo request.
Based on work by Matthias Scheler <tron@NetBSD.org>

Autobuild-User: Jeremy Allison <jra@samba.org>
Autobuild-Date: Tue Jan 31 00:47:19 CET 2012 on sn-devel-104
2012-01-31 00:47:19 +01:00
Matthieu Patou
56d5cb9386 s3-winbind: don't try to do clever thing if the username is not found while authenticating through winbind
This could cause that we authenticate a user with a bogus domain to
winbind's domain if the password supplied for the PAM_AUTH match.

The problem was reported by Jeff Venable (jvenable@juniper.net).
Patch from Andrew Bartlett (abartlett@samba.org).

Autobuild-User: Matthieu Patou <mat@samba.org>
Autobuild-Date: Mon Jan 30 18:58:12 CET 2012 on sn-devel-104
2012-01-30 18:58:12 +01:00
Matthieu Patou
7350d99409 s3: check that a user in a bogus domain name is mapped to the localnetbios name of a domain member
This means that if we authentify for BOGUS\administrator in AD domain
FOREST with samba being domain member with the netbiosname MEMBER then
BOGUS\administrator will be mapped to MEMBER\administrator if the
password match.
2012-01-30 08:23:11 -08:00
Andrew Bartlett
959d13ac20 s3-auth: Remove duplicate check for NT_STATUS_IS_OK(nt_status)
Autobuild-User: Andrew Bartlett <abartlet@samba.org>
Autobuild-Date: Mon Jan 30 09:38:47 CET 2012 on sn-devel-104
2012-01-30 09:38:46 +01:00
Andrew Bartlett
3ddb983c10 gensec: inline gensec_generate_session_info() into only caller
This avoids casting to and from the struct auth_user_info_dc *user_info_dc

to to this, the

if (user_info_dc->info->authenticated)

is moved into auth_generate_session_info_wrapper(), which is the
function that gensec_security->auth_context->generate_session_info
points to.

Andrew Bartlett
2012-01-30 08:05:14 +01:00
Andrew Bartlett
fc035afb6e s4-auth: Return NT_STATUS_NOT_IMPLEMENTED if the challenge cannot be obtained 2012-01-30 08:05:14 +01:00
Andrew Bartlett
a647df4607 auth: Make check_password and generate_session_info hook generic
gensec_ntlmssp does not need to know the internal form of the
struct user_info_dc or auth_serversupplied_info.  This will allow the
calling logic to be put in common.

Andrew Bartlett
2012-01-30 08:05:14 +01:00
Rusty Russell
7c6713e78f tdb2: make --enable-tdb2 the default.
We still use the tdb1 on-disk format, but we do so via the tdb2 library.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>

Autobuild-User: Rusty Russell <rusty@rustcorp.com.au>
Autobuild-Date: Mon Jan 30 08:02:43 CET 2012 on sn-devel-104
2012-01-30 08:02:42 +01:00
Rusty Russell
e1665c94ac tdb2: add -1 and -2 options to tdbtorture
(For now, -1 is the default).
2012-01-30 15:59:16 +10:30
Rusty Russell
10230829df tdb2:tdbtorture: use TEST_DATA_PREFIX for files
TDB2 version of commit b83672b36c.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2012-01-30 15:31:05 +10:30
Rusty Russell
45ae436b19 tdb2: name tools the same as TDB1 tools.
Otherwise, when we switch everyone's scripts will break (including our
own tests!).

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2012-01-30 10:07:18 +10:30
Rusty Russell
23f1f5e0e3 tdb2: tools/tdb2backup
Minor changes from tdb/tools/tdbbackup.c.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2012-01-30 10:07:17 +10:30
Rusty Russell
641beb35bf samdb: use compat wrappers for tdb_fetch().
TDB2's tdb_fetch() returns an error code; use tdb_fetch_compat() for now.
Similarly, tdb_errorstr() -> tdb_errorstr_compat().

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2012-01-30 10:07:17 +10:30
Rusty Russell
dd1d57370d tdb_compat: only use hashsize attribute when O_CREAT
tdb2 complains if you specify a tdb1 hashsize, and you're not actually
trying to create a new database.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2012-01-30 10:06:55 +10:30
Rusty Russell
ae62d46a9f ldb_wrap.c: fix TDB2-incompatible API usage.
Auditing revealed one place still expecting a -1 return on failure:
tdb2 returns the (negative) errcode directly, so the portable way to
do this is to check for != 0.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2012-01-30 09:25:50 +10:30
Rusty Russell
efbf52b4fe tdb2: copy tdb1's changed expansion logic.
TDB2 uses the same expansion logic as TDB1, which got factored out
recently.  So update TDB2 to match.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
(Imported from CCAN commit c438ec17d7b2efe76e56e5fc5ab88bd4a02735e8)
2012-01-30 09:24:50 +10:30
Rusty Russell
205e198471 tdb2: careful on wrap.
It's much harder to wrap a 64-bit tdb2 than a 32-bit tdb1, but we should still
take care against bugs.

Also, we should *not* cast the length to a size_t when comparing it to
the stat result, in case size_t is 32 bit.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
(Imported from CCAN commit 6f7cb26e589cea081e71c59801eae87178967861)
2012-01-30 09:23:50 +10:30
Andrew Bartlett
697a6e9504 auth: provide private pointer and do not return original PAC signatures
There is no need to return the PAC signatures via the special-purpose
torture element.  Instead, use a private pointer on the auth_context
in conjunction with the private PAC processing method.

Andrew Bartlett

Autobuild-User: Andrew Bartlett <abartlet@samba.org>
Autobuild-Date: Sun Jan 29 23:52:50 CET 2012 on sn-devel-104
2012-01-29 23:52:50 +01:00
Volker Lendecke
0db70861ef s3: Fix unused variable warnings
Autobuild-User: Volker Lendecke <vlendec@samba.org>
Autobuild-Date: Sun Jan 29 16:33:29 CET 2012 on sn-devel-104
2012-01-29 16:33:28 +01:00
Stefan Metzmacher
f6fb55aeae libcli/util: fix typo in nt_errs[] for NT_STATUS_NETWORK_SESSION_EXPIRED
metze

Autobuild-User: Stefan Metzmacher <metze@samba.org>
Autobuild-Date: Sun Jan 29 14:11:12 CET 2012 on sn-devel-104
2012-01-29 14:11:12 +01:00
Andrew Bartlett
965b83158d s3-selftest: Add test for posix large reads and writes
This includes encrypted reads and writes, both NTLM and kerberos.

Andrew Bartlett

Signed-off-by: Jeremy Allison <jra@samba.org>

Autobuild-User: Jeremy Allison <jra@samba.org>
Autobuild-Date: Sat Jan 28 00:13:57 CET 2012 on sn-devel-104
2012-01-28 00:13:56 +01:00
Andrew Bartlett
7d14f89e29 s3-libsmb Do not limit read replies to NBT packet sizes
With the posix extensions, we can read 16MB at a time, so we need to check
the full size of the packet, not the size rounded down to the old NBT
limit.

Andrew Bartlett

Signed-off-by: Jeremy Allison <jra@samba.org>
2012-01-27 13:36:06 -08:00
Simo Sorce
0027cd2409 s3-pdb: Make ADS-type backends updates secrets.tdb.
Make the backends that have ADS capability the only ones that can change the
SID and GUID in secrets.tdb at initialization time.

Signed-off-by: Andreas Schneider <asn@samba.org>

Autobuild-User: Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date: Fri Jan 27 19:42:17 CET 2012 on sn-devel-104
2012-01-27 19:42:17 +01:00
Simo Sorce
e6c39a292c s3-pdb: Break SECRETS3 dependency on PDB.
This is causing circular depdnendcies that bring libpdb in all code and this is
BAD.

This change 'protects' the sid and guid of the domain by adding a special key
that makes them effectively read only.

Limit this temporarily to the samba 4 build, once it gets some good testing the
samba4 ifdefs can be dropped.

fix pdb dependencies

Signed-off-by: Andreas Schneider <asn@samba.org>
2012-01-27 18:11:10 +01:00
Stefan Metzmacher
c543ce1028 libcli/smb: fix smbXcli_negprot(..., PROTOCOL_NT1, PROTOCOL_SMB2_02)
The SMB1 negprot request already consumed the SMB2 sequence '0'.
This also happens for the SMB 2.02 case.

metze

Autobuild-User: Stefan Metzmacher <metze@samba.org>
Autobuild-Date: Fri Jan 27 15:27:41 CET 2012 on sn-devel-104
2012-01-27 15:27:40 +01:00
Andreas Schneider
2dd696a5df s3-waf: Create a subsystem for SERVER_MUTEX.
Autobuild-User: Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date: Fri Jan 27 12:55:01 CET 2012 on sn-devel-104
2012-01-27 12:55:01 +01:00
Andreas Schneider
022c560cea s3-waf: Add missing dependency of ntlmssp to wbclient. 2012-01-27 11:20:26 +01:00
Andreas Schneider
7c723c0529 s3-waf: Add missing dependency of pdb_wbc_sam to wbclient. 2012-01-27 11:20:14 +01:00
Amitay Isaacs
5bdadd1501 build: Add missing dependencies on popt
This fixes compilation issues on freebsd where system popt is installed
under /usr/local.

Autobuild-User: Amitay Isaacs <amitay@samba.org>
Autobuild-Date: Fri Jan 27 08:33:52 CET 2012 on sn-devel-104
2012-01-27 08:33:52 +01:00
Jeremy Allison
a9e03337c1 Finally remove all malloc()'s from the substitute code. Now totally
talloc() based.

Autobuild-User: Jeremy Allison <jra@samba.org>
Autobuild-Date: Fri Jan 27 03:43:21 CET 2012 on sn-devel-104
2012-01-27 03:43:21 +01:00
Jeremy Allison
17a77ea9b4 Fix a really slow memory leak (in master at least). Found by Ira Cooper <ira@wakeful.net>.
Bug #8724 - Memory leak in parent smbd on connection.

Autobuild-User: Jeremy Allison <jra@samba.org>
Autobuild-Date: Fri Jan 27 01:26:28 CET 2012 on sn-devel-104
2012-01-27 01:26:28 +01:00
Stefan Metzmacher
633a28b276 s3:auth/auth_generic: for now call sub_set_smb_name() and lp_load()
This matches the auth_ntlmssp case and the smbd/sesssetup.c code.

metze

Autobuild-User: Stefan Metzmacher <metze@samba.org>
Autobuild-Date: Thu Jan 26 17:58:17 CET 2012 on sn-devel-104
2012-01-26 17:58:17 +01:00
Stefan Metzmacher
01588585b1 s3:gse: return NT_STATUS_LOGON_FAILURE instead of NT_STATUS_INTERNAL_ERROR
This matches the behavior of ads_verify_ticket().

Note that ads_verify_ticket() calls krb5_to_nt_status(), but
as a server it's likely to always returns NT_STATUS_UNSUCCESSFUL.
ads_verify_ticket() maps NT_STATUS_UNSUCCESSFUL to NT_STATUS_LOGON_FAILURE.

metze

Autobuild-User: Stefan Metzmacher <metze@samba.org>
Autobuild-Date: Thu Jan 26 10:48:36 CET 2012 on sn-devel-104
2012-01-26 10:48:36 +01:00
Andrew Bartlett
b7becc0b19 s4-rpc_server: Fix search for existing trust to actually look for the dns name
Found by a eagle-eyed user.

Andrew Bartlett

Autobuild-User: Andrew Bartlett <abartlet@samba.org>
Autobuild-Date: Thu Jan 26 08:39:47 CET 2012 on sn-devel-104
2012-01-26 08:39:47 +01:00
Andrew Bartlett
e203b28777 s3-build: Remove FIXME, bigballofmud is no more 2012-01-26 07:06:06 +01:00
Jeremy Allison
12609c1192 Update man page to fix typo vfs_aio_fork -> vfs_aio_pthread, add
aio read size, aio write size examples.

Autobuild-User: Jeremy Allison <jra@samba.org>
Autobuild-Date: Thu Jan 26 03:51:01 CET 2012 on sn-devel-104
2012-01-26 03:51:01 +01:00
Jeremy Allison
1ca4df58c7 Use sys_pread/sys_pwrite to cope correctly with 64-bit sizes. As in the default VFS case fall back from pread -> read and pwrite -> write on an ESPIPE error in the worker thread.
Autobuild-User: Jeremy Allison <jra@samba.org>
Autobuild-Date: Thu Jan 26 02:11:28 CET 2012 on sn-devel-104
2012-01-26 02:11:28 +01:00
Jeremy Allison
d8c699190d Add man page for vfs_aio_pthread module. 2012-01-25 15:36:03 -08:00
Volker Lendecke
851b2c1774 s3: Fix a panic in aio_pthread
Found by Nir Drang <nir@fabrix.tv>

Thanks!

Autobuild-User: Volker Lendecke <vlendec@samba.org>
Autobuild-Date: Wed Jan 25 18:22:37 CET 2012 on sn-devel-104
2012-01-25 18:22:37 +01:00