samba-mirror

mirror of https://github.com/samba-team/samba.git synced 2025-01-12 09:18:10 +03:00

Author	SHA1	Message	Date
Stefan Metzmacher	571a05c649	heimdal:lib/gssapi/krb5: split out a arcfour_mic_cksum_iov() function Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>	2015-06-24 01:03:16 +02:00
Stefan Metzmacher	688c537ab1	heimdal:lib/gssapi/krb5: add const to arcfour_mic_key() Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>	2015-06-24 01:03:16 +02:00
Stefan Metzmacher	3269ebfcbf	heimdal:lib/gssapi/krb5: clear temporary buffer with cleartext data. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>	2015-06-24 01:03:16 +02:00
Stefan Metzmacher	01350c76ad	heimdal:lib/gssapi/krb5: fix indentation in _gk_wrap_iov() Now it matches _gk_unwrap_iov() and _gk_wrap_iov_length(). Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>	2015-06-24 01:03:16 +02:00
Stefan Metzmacher	9414d9867c	heimdal:lib/gssapi/krb5: make _gssapi_verify_pad() more robust Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>	2015-06-24 01:03:16 +02:00
Stefan Metzmacher	3b9e5cfd23	s4:selftest: add torture:run_removedollar_test=true to the machine account kdc tests Bug: https://bugzilla.samba.org/show_bug.cgi?id=11130 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>	2015-06-24 01:03:16 +02:00
Stefan Metzmacher	0ba6e0dc2a	s4:torture/krb5: add a --option=torture:run_removedollar_test=true option to kdc-conon With this option a machine account is tested without the trailing '$' in the account name. Bug: https://bugzilla.samba.org/show_bug.cgi?id=11130 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>	2015-06-24 01:03:16 +02:00
Stefan Metzmacher	65355d694c	s4:selftest: run samba4.rpc.lsa.secrets with more principal combinations 'dcom/SERVER', 'SERVER$' and 'SERVER' as target principal names. Bug: https://bugzilla.samba.org/show_bug.cgi?id=11130 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>	2015-06-24 01:03:16 +02:00
Stefan Metzmacher	61de10240e	s4:kdc/db-glue: allow principals in form of computer@EXAMPLE.COM This should be translated to computer$@EXAMPLE.COM. Note the behavior differs between client and server lookup. In samba_kdc_lookup_client() we need to fallback in case of NO_SUCH_USER. samba_kdc_lookup_server() needs to do a single search and only use the result if it's unique. Bug: https://bugzilla.samba.org/show_bug.cgi?id=11130 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>	2015-06-24 01:03:16 +02:00
Stefan Metzmacher	ccb6495445	s4:kdc/db-glue: fix memory leak in samba_kdc_lookup_server() We need to free enterprise_principal if generated. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>	2015-06-24 01:03:16 +02:00
Volker Lendecke	a924399b91	dsdb: Fix CID 1034902 Dereference before null check Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Wed Jun 24 01:02:22 CEST 2015 on sn-devel-104	2015-06-24 01:02:22 +02:00
Volker Lendecke	8253549264	dsdb: Fix CID 1034687 Logically dead code Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>	2015-06-23 22:12:09 +02:00
Volker Lendecke	7613174e7b	dsdb: Fix CID 1034719 Evaluation order violation We assigned lp_ctx twice... Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>	2015-06-23 22:12:09 +02:00
Volker Lendecke	d09d428c5e	dsdb: Fix CID 1034802 Dereference null return value Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>	2015-06-23 22:12:09 +02:00
Volker Lendecke	22d4d91649	dsdb: Fix CID 1034742 Dereference after null check Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>	2015-06-23 22:12:09 +02:00
Volker Lendecke	5c30ed470d	dsdb: Fix CID 1034743 Dereference after null check Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>	2015-06-23 22:12:09 +02:00
Volker Lendecke	77c6cdcbd5	dsdb: Fix CID 1034803 Dereference null return value Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>	2015-06-23 22:12:09 +02:00
Volker Lendecke	6ed5b4ec8b	dsdb: Fix CID 1034804 Dereference null return value Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>	2015-06-23 22:12:09 +02:00
Volker Lendecke	4b80851568	dsdb: Fix CID 1034745 Dereference after null check This is a cut&paste error Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>	2015-06-23 22:12:09 +02:00
Volker Lendecke	246cb1961f	smbd: Fix CID 1273096 Dereference before null check Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>	2015-06-23 22:12:09 +02:00
Volker Lendecke	6438339b2a	lib: Remove unused functions This fixes CID 1034629 Unchecked return value Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>	2015-06-23 22:12:09 +02:00
Volker Lendecke	e6564bf663	lib: Fix CID 1128556 Dereference after null check Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>	2015-06-23 22:12:09 +02:00
Volker Lendecke	252f8137d3	lib: Fix CID 1272858 Copy-paste error Coverity is wrong here, but it's a good idea to consolidate the close-loop Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>	2015-06-23 22:12:09 +02:00
Volker Lendecke	ddd61126fb	lib: Fix CID 710685 Unchecked return value from library Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>	2015-06-23 22:12:08 +02:00
Volker Lendecke	1f99ba7749	lib: Fix CID 1273234 Untrusted value as argument buf->size has been sanitized in the checks done in talloc_array(). This makes the "trust" flow more explicit. Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>	2015-06-23 22:12:08 +02:00
Volker Lendecke	4bd430e05d	lib: Fix CID 1034723 Explicit null dereferenced Do an early return if there's nothing to receive Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>	2015-06-23 22:12:08 +02:00
Volker Lendecke	69160e55db	lib: Fix CID 1272913 Calling risky function Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>	2015-06-23 22:12:08 +02:00
Volker Lendecke	ea919567e9	lib: Make genrand independent Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>	2015-06-23 22:12:08 +02:00
Volker Lendecke	a08dee14aa	lib: Make time-basic a library The next commit will make genrand depend on time-basic. Without this, we would link in time-basic twice, from samba-debug and from genrand. Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>	2015-06-23 22:12:08 +02:00
Volker Lendecke	30bfb8d638	lib: Fix deps for LIBCRYPTO LIBCRYPTO itself does not depend on talloc Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>	2015-06-23 22:12:08 +02:00
Volker Lendecke	a4d4cc2550	lib: Simplify arcfour_crypt We don't need a dependency on data_blob in crypto Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>	2015-06-23 22:12:08 +02:00
Volker Lendecke	0934134d2e	lib: Streamline genrand.c includes Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>	2015-06-23 22:12:08 +02:00
Volker Lendecke	95cd4b1708	lib: Fix whitespace Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>	2015-06-23 22:12:08 +02:00
Volker Lendecke	39a1894bf4	lib: Strip genrand.c a bit This moves for example password complexity checks out of the core random number generator Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>	2015-06-23 22:12:08 +02:00
Stefan Metzmacher	965d9ce555	s3:ntlm_auth: don't start gensec backend twice ntlm_auth_start_ntlmssp_server() was used in two cases and both call gensec_start_mech_by_oid() again. So we remove gensec_start_mech_by_oid() and rename the function to ntlm_auth_prepare_gensec_server. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>	2015-06-23 22:12:08 +02:00
Stefan Metzmacher	2cd3e51e19	auth/gensec: remove unused gensec_[un]wrap_packets() hooks Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>	2015-06-23 22:12:08 +02:00
Stefan Metzmacher	37041e4158	s4:auth/gensec: remove unused gensec_socket_init() Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>	2015-06-23 22:12:08 +02:00
Stefan Metzmacher	7943ffbb77	s4:auth/gensec: remove unused include of lib/socket/socket.h Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>	2015-06-23 22:12:08 +02:00
Stefan Metzmacher	beb84d0c26	s4:auth/gensec: remove unused and untested cyrus_sasl module There's not a high chance that this module worked at all. Requesting SASL_SSF in order to get the max input length is completely broken. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>	2015-06-23 22:12:08 +02:00
Stefan Metzmacher	67c5d5849e	s4:libcli/ldap: conversion to tstream Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>	2015-06-23 22:12:08 +02:00
Stefan Metzmacher	6f2c29a13c	s4:lib/tls: ignore non-existing ca and crl files in tstream_tls_params_client() Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>	2015-06-23 22:12:08 +02:00
Stefan Metzmacher	3d298b994d	s4:lib/tls: fix tstream_tls_connect_send() define Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>	2015-06-23 22:12:07 +02:00
Stefan Metzmacher	8dbe9d785b	s3:libads/sasl: use gensec_max_{input,wrapped}_size() in ads_sasl_spnego_ntlmssp_bind gensec_sig_size() is for gensec_{sign,seal}_packet() instead of gensec_wrap(). Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>	2015-06-23 22:12:07 +02:00
Stefan Metzmacher	7b916b5f9a	s4:gensec/gssapi: make calculation of gensec_gssapi_sig_size() for aes keys more clear This way the result matches what gss_wrap_iov_length() would return. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>	2015-06-23 22:12:07 +02:00
Stefan Metzmacher	ac5283f788	s4:gensec/gssapi: use gensec_gssapi_max_{input,wrapped}_size() for all backends This avoids calls to gensec_gssapi_sig_size() as fallback in gensec_max_input_size(). gensec_gssapi_sig_size() needs to report the sig size gensec_{sign,seal}_packet(), which could be different to the overhead produced by gensec_wrap(). Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>	2015-06-23 22:12:07 +02:00
Stefan Metzmacher	6dd117b21e	s4:selftest: also run rpc.winreg with kerberos and all possible auth options BUG: https://bugzilla.samba.org/show_bug.cgi?id=11061 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org> Autobuild-User(master): Stefan Metzmacher <metze@samba.org> Autobuild-Date(master): Tue Jun 23 17:31:08 CEST 2015 on sn-devel-104	2015-06-23 17:31:07 +02:00
Stefan Metzmacher	5b917fd622	s4:selftest: run rpc.echo tests also with krb5 krb5,sign krb5,seal BUG: https://bugzilla.samba.org/show_bug.cgi?id=11061 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>	2015-06-23 14:38:53 +02:00
Stefan Metzmacher	69c1b4b7c1	s4:rpc_server: fix padding caclucation in dcesrv_auth_response() This is simplified by using DCERPC_AUTH_PAD_LENGTH() and changes the behaviour so that we will use no padding if the stub_length is already aligned to DCERPC_AUTH_PAD_ALIGNMENT (16 bytes). BUG: https://bugzilla.samba.org/show_bug.cgi?id=11061 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>	2015-06-23 14:38:53 +02:00
Stefan Metzmacher	1bf7ab49b4	s4:rpc_server: let dcesrv_auth_response() handle sig_size == 0 with auth_info as error Don't send plaintext on the wire because of an internal error... BUG: https://bugzilla.samba.org/show_bug.cgi?id=11061 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>	2015-06-23 14:38:53 +02:00
Stefan Metzmacher	16f3837e02	s4:rpc_server: let dcesrv_reply() use a sig_size for a padded payload The sig_size could differ depending on the aligment/padding. So should use the same alignment as we use for the payload. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>	2015-06-23 14:38:53 +02:00

1 2 3 4 5 ...

99382 Commits