1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-23 17:34:34 +03:00
Commit Graph

30846 Commits

Author SHA1 Message Date
David Disseldorp
b328bb07ff s4-torture: add print_test_purge
This change adds a regression test for print job purging via
SetPrinter(SPOOLSS_PRINTER_CONTROL_PURGE).

Signed-off-by: David Disseldorp <ddiss@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Thu May 22 01:55:39 CEST 2014 on sn-devel-104
2014-05-22 01:55:39 +02:00
Kai Blin
392ec4d241 bug #10609: CVE-2014-0239 Don't reply to replies
Due to insufficient input checking, the DNS server will reply to a packet that
has the "reply" bit set. Over UDP, this allows to send a packet with a spoofed
sender address and have two servers DOS each other with circular replies.

This patch fixes bug #10609 and adds a test to make sure we don't regress.
CVE-2014-2039 has been assigned to this issue.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=10609

Signed-off-by: Kai Blin <kai@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>

Autobuild-User(master): Kai Blin <kai@samba.org>
Autobuild-Date(master): Tue May 20 04:15:44 CEST 2014 on sn-devel-104
2014-05-20 04:15:44 +02:00
Günther Deschner
93093fa08d s4-torture: fix some build warnings in rpc samr test.
Guenther

Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>

Autobuild-User(master): Günther Deschner <gd@samba.org>
Autobuild-Date(master): Fri May 16 23:48:35 CEST 2014 on sn-devel-104
2014-05-16 23:48:35 +02:00
Günther Deschner
efff779c72 s4-torture: fix test_openprinter_wrap fake test result.
Guenther

Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2014-05-16 21:24:26 +02:00
Andrew Bartlett
c664859a12 selftest: Test auth_wbc, the auth4 winbind and winbind_wbclient modules using pdbtest
This ensures these authentication modules continue to operate correctly, and that the results are consistent.

Andrew Bartlett

Change-Id: I7f63cd93e55c6f73ceeafb14f1dc265291791803
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>

Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Fri May 16 12:50:44 CEST 2014 on sn-devel-104
2014-05-16 12:50:44 +02:00
Andrew Bartlett
6c37cd6544 auth: Allow auth_samba4 to be forced to run a specific auth module
This will allow new tests to be written to validate winbindd authentication results

Andrew Bartlett

Change-Id: I008eba1de349b17ee4eb9f11be08338557dffecc
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2014-05-16 10:23:26 +02:00
Andrew Bartlett
c1507bc101 s4:imessaging: Remove event context from irpc and imessaging structures
The only part of this code with a stored event context is now the
binding_handle created by irpc_binding_handle() when in the client
dcerpc_binding_handle_set_sync_ev() is called,
otherwise a new nested event context is created for sync calls.

Note that the FD event associated with the socket still implies
the long term event context passed to imessaging_[client]_init().

Andrew Bartlett

Change-Id: I9aeae94b26e3736370f449daa96808e6cdc2d55d
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>

Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Tue May 13 02:33:24 CEST 2014 on sn-devel-104
2014-05-13 02:33:24 +02:00
Andrew Bartlett
84139801cf s4:imessaging: Remove dcerpc_binding_handle_set_sync_ev() call from irpc_binding_handle()
The callers do this explicitly now if required.

Change-Id: I0e6f562aac4e3c0a75149c5850eb9f96269a3caf
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2014-05-13 00:08:12 +02:00
Andrew Bartlett
a20c7e6adb s4:irpc/tests: explicitly use dcerpc_binding_handle_set_sync_ev()
This indicates that we're using nested event loops...

Andrew Bartlett

Pair-Programmed-With: Stefan Metzmacher <metze@samba.org>

Change-Id: I17d530a1f338cfdbd2e4e755b6f01a44a3e7ba7a
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
2014-05-13 00:08:12 +02:00
Andrew Bartlett
6cbf3ecd66 s4:pyrpc: explicitly use dcerpc_binding_handle_set_sync_ev() for irpc
This indicates that we may use nested event loops...

Andrew Bartlett

Pair-Programmed-With: Stefan Metzmacher <metze@samba.org>

Change-Id: Id014dcc68699c86cb99015a91a6979e30795f727
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
2014-05-13 00:08:12 +02:00
Andrew Bartlett
ed48c70b90 s4:service_task: explicitly use dcerpc_binding_handle_set_sync_ev() for irpc
This indicates that we're using nested event loops...

Andrew Bartlett

Pair-Programmed-With: Stefan Metzmacher <metze@samba.org>

Change-Id: I7e147850566301a5ef2354b8615a044d121968b5
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
2014-05-13 00:08:12 +02:00
Andrew Bartlett
608d91e300 s4:rpc_server/netlogon: explicitly use dcerpc_binding_handle_set_sync_ev() for irpc
This indicates that we're using nested event loops...

Andrew Bartlett

Pair-Programmed-With: Stefan Metzmacher <metze@samba.org>

Change-Id: I4dcc7bf3c624612980e53b6119a60989fc2ea3b6
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
2014-05-13 00:08:12 +02:00
Andrew Bartlett
a2f3c351fa s4:auth_winbind: explicitly use dcerpc_binding_handle_set_sync_ev() for irpc
This indicates that we're using nested event loops...

Andrew Bartlett

Pair-Programmed-With: Stefan Metzmacher <metze@samba.org>

Change-Id: I08f21876d42197f76fe3ae10b4f464626d70bf5a
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
2014-05-13 00:08:12 +02:00
Andrew Bartlett
7a347327a0 s4:irpc/tests: make use explicit use of the top level event context
Andrew Bartlett

Change-Id: Ia193f97f62a1cb928aa814679578f90bde212013
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2014-05-13 00:08:12 +02:00
Andrew Bartlett
0927b0b01a s4:nbt_server/wins: make use explicit use of the top level event context
Andrew Bartlett

Change-Id: I4b8e5c16bd03a038da6527cfb4c91fc874626b18
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2014-05-13 00:08:12 +02:00
Andrew Bartlett
401f555c28 dsdb: Do not permit nested event loops when in a transaction, use a nested event context
It is never safe to execute arbitary code inside a transaction - we
need to get in and get out, not run other events for the rest of the
server.

This patch avoids that by creating a private event loop during
transactions, so no unexpected operations fire, and returning the
original one when we finish it.

If an event fires during an LDB transaction, an unrelated operation
can occur during the transaction, and if the transaction were to be
cancelled, there would be a silent rollback (despite the client having
been indicated success).

Additionally, other processes could be called via IRPC that need to
operate on the database but are locked out due to the ongoing
transaction.

Andrew Bartlett

BUG: https://bugzilla.samba.org/show_bug.cgi?id=10582
Change-Id: I22322fc006e61d7291da17cdf6431416ebb7b30f
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>

Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Tue May  6 13:36:20 CEST 2014 on sn-devel-104
2014-05-06 13:36:20 +02:00
Andrew Bartlett
543c5bf941 dsdb: Rename private_data to rootdse_private_data in rootdse
Bug: https://bugzilla.samba.org/show_bug.cgi?id=10582

Change-Id: I349a2be67333ada86c19cd6d2ed283cd5bbeb2aa
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2014-05-06 11:14:06 +02:00
Jose A. Rivera
2c9683db4b Fix an empty if statement.
Primarily following the	precedent set by other uses of composite_is_ok(), but
also making sure nothing tries to use c after this point if it is in fact not
ok.

Signed-off-by: Jose A. Rivera <jarrpa@redhat.com>
Reviewed-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2014-05-05 20:19:13 +02:00
Michael Adam
1cfc02d786 s4:samr: allow builtin groups for samr_OpenGroup.
This fixes nsswitch getgrgid for builtins.

Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2014-05-03 07:57:13 +02:00
Andrew Bartlett
7c2bf8d2bc selftest: Add tests for dbcheck detection and removal of partial objects
To avoid listing all the provision snapshots, we use a broader blacklist for waf dist
and a whitelist for dbcheck-oldrelease.sh

Andrew Bartlett

Change-Id: Iab0ff4be0b4287dc128a49302836a6f0f7b39678
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2014-05-03 07:57:13 +02:00
Andrew Bartlett
b19d80d0a9 dsdb: Make it harder to corrupt the database by requiring DBCHECK or RELAX for final object deletion
This kind of deletion can cause us to then replicate back a partial
object.  We allow dbcheck to directly remove totally corrupt objects
(missing an objectclass) by specifying both DBCHECK and RELAX, and the
tombstone sweep after 180 days is done with the RELAX control.

Andrew Bartlett

Change-Id: Ic21f68e507ba9b65e035ca568430e35e2d001c7d
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2014-05-03 07:57:12 +02:00
Stefan Metzmacher
5b22222421 s4:repl_meta_data: fix array assignment in replmd_process_linked_attribute()
Change-Id: I10357236108f68ab749ba0e1f07558302c573887
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2014-05-02 01:19:19 +02:00
Andrew Bartlett
77b04f1df6 winbind: Allow winbindd to be run from inside "samba"
Change-Id: I6b90a9b62ba5821e0feedb23cd20642078ba0ca6
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Kamen Mazdrashki <kamenim@samba.org>

Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Tue Apr 29 05:28:39 CEST 2014 on sn-devel-104
2014-04-29 05:28:39 +02:00
Andrew Bartlett
086c06e361 kerberos: Remove un-used event context argument from smb_krb5_init_context()
The event context here was only specified in the server or admin-tool
context, which does not do network communication, so this only caused
a talloc_reference() and never any useful result.

The actual network communication code sets an event context directly
before making the network call.

Andrew Bartlett

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Mon Apr 28 02:24:57 CEST 2014 on sn-devel-104
2014-04-28 02:24:57 +02:00
Andrew Bartlett
7a26989d4c dsdb: Specify no event context to smb_krb5_init_context() in dsdb
These routines parse principals and generate keys only, no network
communication is done.

Andrew Bartlett

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2014-04-28 00:09:21 +02:00
Alexander Bokovoy
720f7639e4 ad-dc: use exit_daemon() to communicate status of startup to systemd
BUG: https://bugzilla.samba.org/show_bug.cgi?id=10517

Signed-off-by: Alexander Bokovoy <ab@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Wed Apr 23 04:44:46 CEST 2014 on sn-devel-104
2014-04-23 04:44:46 +02:00
Alexander Bokovoy
aa8c8a7b5b add systemd integration
Add --with-systemd / --without-systemd options to check whether
libsystemd-daemon library is available and use it to report service
startup status to systemd for smbd/winbindd/nmbd and AD DC.

The problem it solves is correct reporting of the Samba services
at the point when they are ready to serve clients, important for
high availability software integration.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=10517

Signed-off-by: Alexander Bokovoy <ab@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2014-04-23 02:29:08 +02:00
Kamen Mazdrashki
9006198839 s4:samba_kcc: Use 'dburl' passed from command line rather than lp.samdb_url()
This patch makes '-H, --URL' param to actually work as expected

Change-Id: Ie7f4e9e3fc1f79a938473312e200f36de6886596
Signed-off-by: Kamen Mazdrashki <kamenim@samba.org>
Reviewed-By: Jelmer Vernooij <jelmer@samba.org>
2014-04-22 23:34:15 +02:00
Kamen Mazdrashki
1325e0af6a s4:samba_kcc: fix reference to DSA object while building partial replica list
Change-Id: I33209dfd42d8c3af8d80b862ba0022d15385311b
Signed-off-by: Kamen Mazdrashki <kamenim@samba.org>
Reviewed-By: Jelmer Vernooij <jelmer@samba.org>
2014-04-22 23:34:15 +02:00
Kamen Mazdrashki
b241aacc46 s4:samba_kcc: Fix error handling opening export ldif file
Change-Id: If52440272513ef244e33481476da0e884969153c
Signed-off-by: Kamen Mazdrashki <kamenim@samba.org>
Reviewed-By: Jelmer Vernooij <jelmer@samba.org>
2014-04-22 23:34:15 +02:00
Kamen Mazdrashki
8b68f9b931 s4:KCC: Use dsdb.DS_DOMAIN_FUNCTION_2008 constant for DS-Behavior comparisons
DS_BEHAVIOR_WIN2008 was used so far which is a leftover from previous
KCC implementation in "C"

Change-Id: Id9b6551073c0b17cc27e086faa315b01305f39a5
Signed-off-by: Kamen Mazdrashki <kamenim@samba.org>
Reviewed-By: Jelmer Vernooij <jelmer@samba.org>
2014-04-22 23:34:15 +02:00
Andrew Bartlett
aa79989508 s4-auth: Make the auth_winbind_wbclient use more correct code now in auth/wbc_auth_util.c
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2014-04-18 20:08:09 +02:00
Andreas Schneider
5de011be3f s4-torture: Remove socket_wrapper testsuite.
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2014-04-17 14:56:06 +02:00
Andreas Schneider
2522bb8090 selftest: Rename WINBINDD_SOCKET_DIR environment variable.
It is very confusing if the env var uses the same name as the define in
the source code. So prefix it with SELFTEST.

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2014-04-17 14:56:06 +02:00
Andreas Schneider
b2163f23c0 Remove special nss_wrapper code
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2014-04-17 14:56:06 +02:00
Andreas Schneider
f95e86828a s4-torture: Remove nss_wrapper testsuite.
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2014-04-17 14:56:06 +02:00
Andreas Schneider
28b87dd75e s4-ntfs: Improve uid check in wrapper mode.
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2014-04-17 14:56:05 +02:00
Andreas Schneider
6d23354f72 lib: Change uid_wrapper to preloadable version.
This imports version 1.0.1 of uid_wrapper.

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2014-04-17 14:56:05 +02:00
Björn Baumbach
fae7e5d771 lib-util: rename memdup to smb_memdup and fix all callers
Signed-off-by: Björn Baumbach <bb@sernet.de>
Reviewed-by: Volker Lendecke <vl@samba.org>
2014-04-16 20:39:08 +02:00
Andrew Bartlett
d7ce127de9 auth: Remove support for HAVE_TRUNCATED_SALT from pass_check.c
The comments indicate that this was needed for HP-UX at one point, but
the configure code was never ported to WAF.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>

Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Tue Apr 15 12:32:09 CEST 2014 on sn-devel-104
2014-04-15 12:32:09 +02:00
Andrew Bartlett
634cc8fdff auth: Remove USE_BOTH_CRYPT_CALLS block from pass_check.c
This code is dead since the move to the WAF build system, but was set
for HP-UX 9, 10 and 11 in the autoconf build system.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2014-04-15 10:13:12 +02:00
Andrew Bartlett
6e8eb60545 auth: Remove linux_bigcrypt support from pass_check.c
This is dead code, and probably has been for quite some time.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2014-04-15 10:13:12 +02:00
Andrew Bartlett
e731655f09 auth: Remove support for plaintext auth on systems that use getprpwnam()
The WAF build does not have the code to detect getprpwnam, so this is
dead code.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2014-04-15 10:13:12 +02:00
Andrew Bartlett
3fa67e6346 auth: Remove afs_auth() from pass_check.c and s4's auth_unix
The waf build does not have code to detect support for AFS plaintext
authentication, so this is dead code.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2014-04-15 10:13:12 +02:00
Andrew Bartlett
94f0716fff auth: Remove dfs_auth() from pass_check.c and s4's auth_unix
The waf build has no logic to detect DCE/DFS, so this plaintext
authentication mechanism is dead code.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2014-04-15 10:13:12 +02:00
Jeroen Dekkers
3b82b6f531 Do not install smbclient4 and nmblookup4
Change-Id: I2d91d9c9faa2df084321d10fbdc948acbd2bb735
Signed-off-by: Jeroen Dekkers <jeroen@dekkers.ch>
Reviewed-by: Jelmer Vernooij <jelmer@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

Autobuild-User(master): Jelmer Vernooij <jelmer@samba.org>
Autobuild-Date(master): Tue Apr 15 03:25:13 CEST 2014 on sn-devel-104
2014-04-15 03:25:13 +02:00
Jelmer Vernooij
e0cddcd5c4 Typo: s/preceeded/preceded/
Caught by lintian, the Debian package linter :)

Change-Id: Ia7162ea8c2b1845155345526b66d71ae64f15227
Reviewed-on: https://gerrit.samba.org/216
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

Autobuild-User(master): Jelmer Vernooij <jelmer@samba.org>
Autobuild-Date(master): Mon Apr 14 03:51:15 CEST 2014 on sn-devel-104
2014-04-14 03:51:15 +02:00
Andrew Bartlett
88ba81140e s4-wbclient: Fix wbc_sids_to_xids to correctly indicate the length of the SID list
This uses the fact that we know the end of the string in p to avoid
needing a strlen() call.  Otherwise the winbindd validation that the
extra_data is terminated may fail, if the un-initiliased memory is not
zero.

Andrew Bartlett

Change-Id: I9b28068e4fbd3754c8d14724af93638d657810dd
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>

Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Wed Apr  9 18:26:40 CEST 2014 on sn-devel-104
2014-04-09 18:26:40 +02:00
David Disseldorp
1e1b7b1021 torture: add local verification trailer parsing test
Signed-off-by: David Disseldorp <ddiss@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Wed Apr  9 03:44:15 CEST 2014 on sn-devel-104
2014-04-09 03:44:15 +02:00
Andrew Bartlett
9d91f01b7b s4-wbclient: Cope with winbind returning an error
Change-Id: I8eaf858f9e9e55eec20aa2c585db5459fb73b887
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: David Disseldorp <ddiss@samba.org>

Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Tue Apr  8 12:53:13 CEST 2014 on sn-devel-104
2014-04-08 12:53:13 +02:00