sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2025-01-12 09:18:10 +03:00
Code
117,671 Commits 60 Branches 1,145 Tags 452 MiB
a5a2ce953b
Commit Graph

117671 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Andreas Schneider
6eb38daad4 s4:rpc_server: Use GnuTLS RC4 in lsa server 
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
 2019-06-27 12:54:24 +00:00
Andreas Schneider
cd1f418473 s3:utils: Use GnuTLS RC4 in npc_rpc_trust 
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
 2019-06-27 12:54:24 +00:00
Andreas Schneider
acf605f595 s4:rpc_server: Use GnuTLS RC4 in lsa endpoint 
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
 2019-06-27 12:54:24 +00:00
Andreas Schneider
80b6ad51f9 s3:rpc_client: Use C99 inititializer in dcerpc_samr_chgpasswd_user() 
This also cleans up after using them.

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
 2019-06-27 12:54:24 +00:00
Andreas Schneider
0a8a1c9c78 auth:ntlmssp: Use GnuTLS RC4 in ntlmssp server 
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
 2019-06-27 12:54:24 +00:00
Andreas Schneider
ba96534eb3 auth:gensec: Return NTSTATUS for netsec_do_seal() 
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
 2019-06-27 12:54:23 +00:00
Andreas Schneider
6148cd9c97 auth:gensec: Use GnuTLS RC4 in netsec_do_seal() 
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
 2019-06-27 12:54:23 +00:00
Andreas Schneider
d5ca7ff40f auth:gensec: Use GnuTLS RC4 in netsec_do_seq_num() 
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
 2019-06-27 12:54:23 +00:00
Andreas Schneider
67e6a9af2c libcli:auth: Return NTSTATUS for netlogon_creds_arcfour_crypt() 
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
 2019-06-27 12:54:23 +00:00
Andreas Schneider
99d250a3ab libcli:auth: Return NTSTATUS for netlogon_creds_crypt_samlogon_logon() 
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
 2019-06-27 12:54:23 +00:00
Andreas Schneider
cad3adb0b4 libcli:auth: Return NTSTATUS for netlogon_creds_decrypt_samlogon_logon() 
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
 2019-06-27 12:54:23 +00:00
Andreas Schneider
31f110317f libcli:auth: Return NTSTATUS for netlogon_creds_encrypt_samlogon_logon() 
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
 2019-06-27 12:54:23 +00:00
Andreas Schneider
8c9cf56fe9 libcli:auth: Return NTSTATUS for netlogon_creds_server_step_check() 
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
 2019-06-27 12:54:23 +00:00
Andreas Schneider
2e6fe27bad libcli:auth: Return NTSTATUS for netlogon_creds_decrypt_samlogon_validation() 
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
 2019-06-27 12:54:23 +00:00
Andreas Schneider
00dd1a8bf8 libcli:auth: Return NTSTATUS for netlogon_creds_encrypt_samlogon_validation() 
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
 2019-06-27 12:54:23 +00:00
Andreas Schneider
f825fa6d90 libcli:auth: Use GnuTLS RC4 for netlogon credentials 
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
 2019-06-27 12:54:23 +00:00
Andrew Bartlett
ad4505624e lib/crypto: Use GnuTLS RC4 for samba_gnutls_arcfour_confounded_md5() 
This allows Samba to use GnuTLS for drsuapi_{en,de}crypt_attribute_value()

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
 2019-06-27 12:54:23 +00:00
Andrew Bartlett
d5856b993e liblic/drsupai: use samba_gnutls_arcfour_confounded_md5() wrapper 
This common code will reduce duplication, particularly when we move
arcfour_encrypt_buffer() calls to GnuTLS

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
 2019-06-27 12:54:23 +00:00
Andrew Bartlett
31bac316da lib/crypto: Add GnuTLS helper function samba_gnutls_arcfour_confounded_md5() 
This will avoid duplicated code as we convert arcfour_crypt_blob() into
direct GnuTLS calls

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
 2019-06-27 12:54:23 +00:00
Andrew Bartlett
52c87fa165 libcli/drsuapi: Correct comment in drsuapi_decrypt_attribute_value() 
This is not a copy, it is just a pointer assignment.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
 2019-06-27 12:54:23 +00:00
Andrew Bartlett
850e9ffe8a libcli/drsuapi: Add expected value unit tests for drsuapi_{en,de}crypt_attribute_value() 
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
 2019-06-27 12:54:22 +00:00
Andrew Bartlett
4aa217bb06 libcli/drsuapi: Add const to *in parameters to drsuapi_{en,de}crypt_attribute_value() 
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
 2019-06-27 12:54:22 +00:00
Andrew Bartlett
56fb3ce083 libcli/drsuapi: Make drsuapi_decrypt_attribute_value() static 
The last external user was removed in 0980a3471e in 2010

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
 2019-06-27 12:54:22 +00:00
Andreas Schneider
46231a53ef libcli:drsuapi: Use gnutls_error_to_werror() in repl_decrypt 
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
 2019-06-27 12:54:22 +00:00
Andreas Schneider
d4494648dd libcli:auth: Use gnutls_error_to_werror() in smbencrypt 
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
 2019-06-27 12:54:22 +00:00
Andreas Schneider
d1641f3e6a libcli:util: Add gnutls_error_to_werror() 
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
 2019-06-27 12:54:22 +00:00
Andrew Bartlett
8f4c30f785 lib/crypto: move gnutls error wrapper to own subsystem 
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
 2019-06-27 12:54:22 +00:00
Jeremy Allison
29ee235cae s3: torture: Ensure we can always get a POSIX ACL on a directory handle. 
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Wed Jun 26 19:31:28 UTC 2019 on sn-devel-184
 2019-06-26 19:31:28 +00:00
Jeremy Allison
61777349f1 s3: smbd: We also need to open a real directory fd when modifying security. 
Makes the logic identical to file open.

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
 2019-06-26 18:14:23 +00:00
Noel Power
164570fcbb lib/param: clang: Fix 'dereference of a null pointer' warning 
Fixes:

lib/param/loadparm.c:3325:36: warning: Access to field 'szService' results in a dereference of a null pointer (loaded from variable 'service') <--[clang]
        return lpcfg_string((const char *)service->szService)

Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>

Autobuild-User(master): Noel Power <npower@samba.org>
Autobuild-Date(master): Wed Jun 26 11:53:08 UTC 2019 on sn-devel-184
 2019-06-26 11:53:08 +00:00
Noel Power
9c58684566 librpc/ndr: clang: Fix warning 'Value stored to 'towernum' is never read' 
Fixes:

librpc/ndr/ndr_orpc.c:140:2: warning: Value stored to 'towernum' is never read <--[clang]
        towernum = 0;
        ^          ~
1 warning generated.

Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
 2019-06-26 10:30:23 +00:00
Noel Power
fd17d50f7c lib/dwrap: Fix 'Null pointer passed as an argument to a 'nonnull' parameter ' 
Fixes:

lib/dbwrap/dbwrap.c:645:4: warning: Null pointer passed as an argument to a 'nonnull' parameter <--[clang]
                        memcpy(p, dbufs[i].dptr, thislen);

Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
 2019-06-26 10:30:23 +00:00
Noel Power
37add5c8ce lib/dbwrap: clang: Fix 'all argument is an uninitialized value' 
Fixes:

lib/dbwrap/dbwrap.c:533:4: warning: 2nd function call argument is an uninitialized value <--[clang]
                        dbwrap_lock_order_unlock(db, lockptr);
                        ^

Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
 2019-06-26 10:30:23 +00:00
Noel Power
1d00bd9f0b lib/util: clang: Fix Value stored during its initialization is never read 
Fixes:

lib/util/util_tdb.c:385:11: warning: Value stored to 'result' during its initialization is never read <--[clang]

Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
 2019-06-26 10:30:23 +00:00
Noel Power
cf43f1d052 clang: Fix Null pointer passed as argument warning 
Fixes:
lib/tdb/common/transaction.c:354:2: warning: Null pointer passed as an argument to a 'nonnull' parameter <--[clang]
        memcpy(tdb->transaction->blocks[blk] + off, buf, len);
&

Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
 2019-06-26 10:30:23 +00:00
Noel Power
7987e4af96 lib/tdb: clang: Fix warning: Dereference of null pointer 
Fixes:

lib/tdb/common/lock.c:933:6: warning: Dereference of null pointer <--[clang]
        if (tdb->allrecord_lock.count) {
            ^~~~~~~~~~~~~~~~~~~~~~~~~

Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
 2019-06-26 10:30:23 +00:00
Aaron Haslett
e28365c515 selftest: schema version check in provision test 
Modifying blackbox provision test to check schema version.

Signed-off-by: Aaron Haslett <aaronhaslett@catalyst.net.nz>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Wed Jun 26 05:31:03 UTC 2019 on sn-devel-184
 2019-06-26 05:31:03 +00:00
Aaron Haslett
cb16395ab3 schema: changing default base schema to 2012_R2 
Changing default base schema from 2008_R2 to 2012_R2

Signed-off-by: Aaron Haslett <aaronhaslett@catalyst.net.nz>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
 2019-06-26 04:12:34 +00:00
Aaron Haslett
fc9845da69 selftest: specifying 2008_R2 base schema for tests that need it 
We're going to change the default base schema so this patch changes all
tests and testenvs requiring the current default (2008_R2) to specify it
in all provision commands using --base-schema.

Signed-off-by: Aaron Haslett <aaronhaslett@catalyst.net.nz>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
 2019-06-26 04:12:33 +00:00
Tim Beale
295bf73e9b dsdb: Handle DB corner-case where PSO container doesn't exist 
A 2003 AD DB with functional level set to >= 2008 was non-functional
due to the PSO checks.

We already check the functional level is >= 2008 before checking for the
PSO container. However, users could change their functional level
without ensuring their DB conforms to the corresponding base schema.

The objectclass DSDB module should prevent the PSO container from ever
being deleted. So the only way we should be able to hit this case is
through upgrading the functional level (but not the underlying schema
objects). If so, log a low-priority message and continue without errors.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14008
RN: Previously, AD operations such as user authentication could fail
completely with the message 'Error 32 determining PSOs in system' logged
on the samba server. This problem would only affect a domain that was
created using a pre-2008 AD base schema and then had its functional
level manually raised to 2008 or greater. This issue has now been
resolved.

Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
 2019-06-26 04:12:33 +00:00
Andrew Bartlett
5df815cfd2 pidl: Remove the need to always specify --client with --python 
This allows us to avoid generating client code for NDR-only protocols that do
not go over DCE/RPC

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
 2019-06-26 04:12:33 +00:00
Andrew Bartlett
46bf62dd0c librpc: No longer generate or build unused client bindings for frsrpc 
We retain the IDL and NDR parsers for ndrdump.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
 2019-06-26 04:12:33 +00:00
Andrew Bartlett
88bb8fe43a librpc: Do not generate extra unused client or python bindings with PIDL 
This sorts out the idl list into the parts that actually need --python and --client specified
and so speeds up the compile and clarifies the code behaviour.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
 2019-06-26 04:12:33 +00:00
Andrew Bartlett
6f9176e649 librpc: Remove frsblobs.idl 
We can now dump public structures using ndrdump, so helper dump functions
are not required any more.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
 2019-06-26 04:12:33 +00:00
Andrew Bartlett
9c7e8f3a35 librpc: Remove unused RPC_NDR_MDSSVC 
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
 2019-06-26 04:12:33 +00:00
Andrew Bartlett
ba222585ca librpc: Remove unused RPC_NDR_KEYSVC 
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
 2019-06-26 04:12:33 +00:00
Andrew Bartlett
2555692f48 librpc: Remove unused RPC_NDR_TRKWKS 
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
 2019-06-26 04:12:33 +00:00
Andrew Bartlett
634b44c25e librpc: Remove unused RPC_NDR_SCERPC 
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
 2019-06-26 04:12:33 +00:00
Andrew Bartlett
bee87eecb8 librpc: Remove unused RPC_NDR_WZCSVC 
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
 2019-06-26 04:12:33 +00:00
Andrew Bartlett
a162d68f58 librpc: Remove unused RPC_NDR_MSGSVC 
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
 2019-06-26 04:12:33 +00:00