1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-23 17:34:34 +03:00
Commit Graph

97738 Commits

Author SHA1 Message Date
Günther Deschner
975073adc1 s4-torture: cleanup nsswrapper test a little by removing nwrap references.
Guenther

Signed-off-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
2015-03-02 17:17:09 +01:00
Günther Deschner
64e0231c52 s4-torture: re-add nss-wrapper torture testsuite.
(The testsuite got removed with 5bb410f853).

Although nss_wrapper now also has an upstream testsuite, it is still important
to run the older torture testsuite within Samba so we have some testing on
nss_winbind correctnes and consistency.

Guenther

Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2015-03-02 17:17:09 +01:00
Andreas Schneider
e2ed224653 doc-xml: Add 'sharesec' reference to 'access based share enum'
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11127

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>

Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Mon Mar  2 14:33:33 CET 2015 on sn-devel-104
2015-03-02 14:33:33 +01:00
David Disseldorp
debf8ff316 selftest: shuffle msdfs-share DFS referral responses
Add a secondary server path to the msdfs-src1 DFS link, and test "msdfs
shuffle referrals" behaviour during selftest using the existing
samba3.blackbox.smbclient_s3 suite.

Signed-off-by: David Disseldorp <ddiss@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Sat Feb 28 01:22:36 CET 2015 on sn-devel-104
2015-02-28 01:22:36 +01:00
Robin McCorkell
13c9774662 MSDFS referral shuffling
Shuffle MSDFS referral list in smbd in accordance with [MS-DFSC] 3.2.1.1
When parsing an MSDFS symlink, the names are shuffled with a Fisher-Yates
algorithm.

Signed-off-by: Robin McCorkell <rmccorkell@karoshi.org.uk>
Reviewed-by: David Disseldorp <ddiss@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2015-02-27 22:53:06 +01:00
Volker Lendecke
200d0bc3a8 winbind: Slightly simplify wb_sids2xids
We only needs "names" and "domains" wb_sids2xids_lookupsids_done. It confused
me when reading this code that these variables are stored in "state".

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2015-02-27 22:53:06 +01:00
Volker Lendecke
c6577f3043 lib: Fix talloc hierarchy in init_lsa_ref_domain_list
The sid is copied, so the name should also be copied.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2015-02-27 22:53:06 +01:00
Amitay Isaacs
d76f800a0e lib/util: Build iov_buf library only when building samba
lib/util can be built with SAMBA_UTIL_CORE_ONLY for building standalone
ctdb.  Any new libraries if not required by ctdb should be built only
when SAMBA_UTIL_CORE_ONLY is not specified.

Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Michael Adam <obnox@samba.org>
Reviewed-by: Martin Schwenke <martin@meltin.net>

Autobuild-User(master): Martin Schwenke <martins@samba.org>
Autobuild-Date(master): Fri Feb 27 09:06:01 CET 2015 on sn-devel-104
2015-02-27 09:06:01 +01:00
Volker Lendecke
9750eb7bab libsmb: Make "ip_service_compare" static
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Fri Feb 27 06:20:58 CET 2015 on sn-devel-104
2015-02-27 06:20:58 +01:00
Michael Adam
04b8e19e17 tevent: version 0.9.23
* Add Solaris ports as tevent backend.
* Improvements to the tevent_data tutorial.
* Remove use of the 'staticforward' macro.

Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>

Autobuild-User(master): Michael Adam <obnox@samba.org>
Autobuild-Date(master): Fri Feb 27 03:48:57 CET 2015 on sn-devel-104
2015-02-27 03:48:57 +01:00
Volker Lendecke
1cb753ae4e winbind: Simplify winbindd_dsgetdcname_recv
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Fri Feb 27 01:16:10 CET 2015 on sn-devel-104
2015-02-27 01:16:10 +01:00
Volker Lendecke
3ec06454e1 vfs_catia: Simplify init_mappings()
No else required after return

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Thu Feb 26 21:22:30 CET 2015 on sn-devel-104
2015-02-26 21:22:30 +01:00
Volker Lendecke
f2f9acc113 smbd: Simplify ReadDirName
In the if-branches we return, so no "else" necessary

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2015-02-26 18:51:10 +01:00
Volker Lendecke
4cdbf81243 smbd: ZERO_STRUCT -> struct init
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2015-02-26 18:51:10 +01:00
Volker Lendecke
6ed53d4967 smbd: ZERO_STRUCT -> struct assignment
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2015-02-26 18:51:10 +01:00
Volker Lendecke
09c00923ba smbd: ZERO_STRUCT -> struct assignment
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2015-02-26 18:51:10 +01:00
Volker Lendecke
9e810b2fbe smbd: ZERO_STRUCTP -> talloc_zero()
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2015-02-26 18:51:10 +01:00
Volker Lendecke
9455344e66 param: Remove lib/param/generic.c
This seems completely unused.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2015-02-26 18:51:10 +01:00
Volker Lendecke
e4bded6551 libsmb: Use tevent_req_poll_ntstatus
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2015-02-26 18:51:10 +01:00
Volker Lendecke
1237b006d5 lib: Simplify pidfile.c
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Thu Feb 26 18:28:31 CET 2015 on sn-devel-104
2015-02-26 18:28:31 +01:00
Volker Lendecke
bd6bc30693 Fix whitespace
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2015-02-26 15:58:05 +01:00
David Disseldorp
079c301c01 ntdb: always return int from tdb_store_flag_to_ntdb()
Signed-off-by: David Disseldorp <ddiss@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>

Autobuild-User(master): David Disseldorp <ddiss@samba.org>
Autobuild-Date(master): Thu Feb 26 13:49:05 CET 2015 on sn-devel-104
2015-02-26 13:49:05 +01:00
Volker Lendecke
3e9e5e6d6f registry: Fix an aligment increase warning
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Thu Feb 26 05:35:33 CET 2015 on sn-devel-104
2015-02-26 05:35:33 +01:00
Volker Lendecke
53486f00e9 smbd: Fix a typo
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2015-02-26 03:02:07 +01:00
Günther Deschner
1b39c688cc vfs: Add a brief vfs_ceph manpage.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=11088

Guenther

Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>

Autobuild-User(master): Günther Deschner <gd@samba.org>
Autobuild-Date(master): Wed Feb 25 20:56:01 CET 2015 on sn-devel-104
2015-02-25 20:56:01 +01:00
Volker Lendecke
a99a5a34a5 Fix the developer O3 build
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>

Autobuild-User(master): Alexander Bokovoy <ab@samba.org>
Autobuild-Date(master): Wed Feb 25 16:32:29 CET 2015 on sn-devel-104
2015-02-25 16:32:29 +01:00
Volker Lendecke
b72cc326f6 heimdal: Fix the developer O3 build
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
2015-02-25 14:02:09 +01:00
Andreas Schneider
f6b929e721 s3-pam_smbpass: Add a deprecation warning.
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Wed Feb 25 03:37:34 CET 2015 on sn-devel-104
2015-02-25 03:37:34 +01:00
Andrew Bartlett
e5f8b49e21 s4/scripting/devel: Add tool to roll over the krbtgt password
This may be handy if this key is compromised, or along with chgtdcpass to isolate test copies
of production domains in such a way that they cannot mix.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Jelmer Vernooij <jelmer@samba.org>
2015-02-25 01:08:12 +01:00
Andrew Bartlett
fb250d1328 testprogs-test_chgdcpass.sh: Improve comments to explain why we check about changing the password twice
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Jelmer Vernooij <jelmer@samba.org>
2015-02-25 01:08:12 +01:00
Andrew Bartlett
e189e9ed4b selftest: Improve renamedc tests to confirm more than just the exit code
This now confirms that the DC has been renamed

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Jelmer Vernooij <jelmer@samba.org>
2015-02-25 01:08:12 +01:00
Andrew Bartlett
a49ee57ec3 s4/scripting/bin/renamedc: Fix up rename DC script
We now have a reliable handler for backlinks so this we can now rename both objects

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Jelmer Vernooij <jelmer@samba.org>
2015-02-25 01:08:12 +01:00
Michael Ledford
dab8eca590 lib/crypto: Document nettle supported crypto
Signed-off-by: Michael Ledford <michael@ledford.cc>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
2015-02-25 01:08:12 +01:00
Andrew Bartlett
927ea9791e backupkey: Explain more why we use GnuTLS here
Pair-programmed-with: Garming Sam <garming@catalyst.net.nz>
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
2015-02-25 01:08:12 +01:00
Garming Sam
63609eba99 build: amend typo for address sanitizer help
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2015-02-25 01:08:12 +01:00
Garming Sam
5ca9a4ebe5 torture-backupkey: Check the dcerpc call return code before calling ndr pull
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2015-02-25 01:08:12 +01:00
Garming Sam
43d3e90418 backupkey: replace heimdal rsa key generation with GnuTLS
We use GnuTLS because it can reliably generate 2048 bit keys every time.

Windows clients strictly require 2048, no more since it won't fit and no
less either. Heimdal would almost always generate a smaller key.

Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=10980
2015-02-25 01:08:12 +01:00
Garming Sam
a1f1db277a build: Require GnuTLS if building with Active Directory
Without GnuTLS, we don't have ldaps:// support and we are unable to
readily create RSA keys of the correct length for the BackupKey
protocol.

Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2015-02-25 01:08:12 +01:00
Andrew Bartlett
f7b6e696ed torture-backupkey: Add tests that read the secret from the server, and validate
These show that MS-BKRP 3.1.4.1.1 BACKUPKEY_BACKUP_GUID is incorrect when it
states that the key must be the leading 64 bytes, it must be the whole 256 byte
buffer.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
2015-02-25 01:08:12 +01:00
Andrew Bartlett
3254f9bc00 backupkey: Better handling for different wrap version headers
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
2015-02-25 01:08:12 +01:00
Andrew Bartlett
d8cc370d01 backupkey: Add tests for ServerWrap protocol
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
2015-02-25 01:08:12 +01:00
Andrew Bartlett
93510eb513 backupkey: Change expected error codes to match Windows 2008R2 and Windows 2012R2
This is done in both smbtoture and in our server

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
2015-02-25 01:08:12 +01:00
Andrew Bartlett
c3c54b9bf3 backupkey: Implement ServerWrap Decrypt
We implement both modes in BACKUPKEY_RESTORE_GUID, as it may decrypt
both ServerWrap and ClientWrap data, and we implement
BACKUPKEY_RESTORE_GUID_WIN2K.

BUG: https://bugzilla.samba.org/attachment.cgi?bugid=11097

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
2015-02-25 01:08:12 +01:00
Andrew Bartlett
cdecd8540a backupkey: Handle more clearly the case where we find the secret, but it has no value
This happen on the RODC, a case that we try not to permit at all.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
2015-02-25 01:08:12 +01:00
Andrew Bartlett
51086f30dd backupkey: Improve variable names to make clear this is client-provided data
The values we return here are client-provided passwords or other keys, that we decrypt for them.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
2015-02-25 01:08:11 +01:00
Andrew Bartlett
0ff9733479 backupkey: Use the name lsa_secret rather than just secret
This makes it clear that this is the data stored on the LSA secrets store
and not the client-provided data to be encrypted.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
2015-02-25 01:08:11 +01:00
Andrew Bartlett
33c6164067 backupkey: Implement ServerWrap Encrypt protocol
BUG: https://bugzilla.samba.org/attachment.cgi?bugid=11097

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
2015-02-25 01:08:11 +01:00
Andrew Bartlett
c55f393649 backupkey: Improve function names and comments for clarity
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
2015-02-25 01:08:11 +01:00
Andrew Bartlett
f69b180cf8 backupkey: Move SID comparison to inside get_and_verify_access_check()
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
2015-02-25 01:08:11 +01:00
Garming Sam
bc0b90a300 backupkey: Improve IDL
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2015-02-25 01:08:11 +01:00