1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-23 17:34:34 +03:00
Commit Graph

6112 Commits

Author SHA1 Message Date
Björn Jacke
7bbec4d871 s4: remove ipv6:enabled parameteric option
this was never disabling ipv6, only v6-only interfaces. This can be achieved
with the interfaces parameter also if wanted.

Signed-off-by: Bjoern Jacke <bjacke@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2017-12-13 20:34:23 +01:00
Uri Simchoni
1a2da5b0f8 s4-lib-policy: fix type of enum
Signed-off-by: Uri Simchoni <uri@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2017-11-22 10:20:20 +01:00
Lumir Balhar
806c1bcacd python: Port samba.messaging module to Python 3 compatible form.
Signed-off-by: Lumir Balhar <lbalhar@redhat.com>
Reviewed-by: Andrew Bartlet <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2017-10-23 11:42:19 +02:00
Lumir Balhar
87154bcfa9 python: Port samba.registry module to Python 3 compatible form
Signed-off-by: Lumir Balhar <lbalhar@redhat.com>
Reviewed-by: Andrew Bartlet <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2017-10-18 10:20:26 +02:00
Jeremy Allison
5473a277e3 lib: talloc: Use the system <talloc.h> include.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Thu Aug 17 00:53:48 CEST 2017 on sn-devel-144
2017-08-17 00:53:48 +02:00
Volker Lendecke
652bf0ca7e libhttp: Remove an unneeded include
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Wed Aug 16 04:11:47 CEST 2017 on sn-devel-144
2017-08-16 04:11:47 +02:00
Andrew Bartlett
5bb341fb9c s4/lib/tls: Use SHA256 to sign the TLS certificates
The use of SHA-1 has been on the "do not" list for a while now, so make our
self-signed certificates use SHA256 using the new
gnutls_x509_crt_sign2 provided since GNUTLS 1.2.0

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12953
2017-08-15 08:07:10 +02:00
Jeremy Allison
f816de5636 s4: com: Replace erroneous inclusion of internal talloc.h header with external.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12932

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Tue Aug 15 08:06:40 CEST 2017 on sn-devel-144
2017-08-15 08:06:40 +02:00
Stefan Metzmacher
77b44fbe36 s4:lib/http: pass down the target service/hostname to gensec
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2017-08-07 15:20:02 +02:00
Stefan Metzmacher
d1f479e73b s4:lib/http: add HTTP_AUTH_NEGOTIATE which maps to the "http_negotiate" gensec backend
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2017-08-07 15:20:02 +02:00
Stefan Metzmacher
9fd27d7a47 s4:http/gensec: implement "http_negotiate" using GENSEC_OID_SPNEGO
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2017-08-07 15:20:02 +02:00
Stefan Metzmacher
8813295e1f s4:http/gensec: make the "NTLM" base64 wrapping more generic
We only need to know the prefix "NTLM" and the submech oid GENSEC_OID_NTLMSSP
everything else can be generic.

This should allow us to implement "Negotiate" with GENSEC_OID_SPNEGO
trivial.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2017-08-07 15:20:02 +02:00
Stefan Metzmacher
a219c359b9 s4:http/gensec: rename ntlm.c to generic.c
Check with git show -C

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2017-08-07 15:20:02 +02:00
Stefan Metzmacher
a6ae9da98d s4:lib/http: pass a generic prefix blob to http_parse_auth_response()
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2017-08-07 15:20:02 +02:00
Stefan Metzmacher
bdece1df9c s4:lib/http: use strcasecmp(h->key, "WWW-Authenticate") instead of strncasecmp()
The key is already normalized and should match completely.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2017-08-07 15:20:02 +02:00
Stefan Metzmacher
56ab5cdbe0 s4:lib/http: remove indentation level from http_parse_auth_response()
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2017-08-07 15:20:02 +02:00
Stefan Metzmacher
e42f12c6be s4:lib/http: let http_read_response_send/recv() also consume the body if it fits into a max value
We need to consume full HTTP responses from the socket during the
authentication exchanges, otherwise our HTTP parser gets out of sync for
the next requests.

This will be important for gensec mechs which use an even number
for authentication packets.

I guess this should be done just based on the Content-Length value and
not based on the response code.

So far I saw bodies with 200 and 401 codes.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2017-08-07 15:20:01 +02:00
Stefan Metzmacher
7b86da08ea s4:lib/http: lower HTTP_MAX_HEADER_SIZE from UINT_MAX to 0x1FFFF
We don't need very large headers, the largest ones are
"Authorization" or "WWW-Authenticate", but 128k should be
more than enough for all headers.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2017-08-07 15:20:01 +02:00
Jeremy Allison
fe2ac3e304 s4: COM: Remove talloc_autofree_context() from (unused) COM code.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12932

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2017-07-26 21:35:21 +02:00
Stefan Metzmacher
8268374c83 s4:lib/http: rewrite http_send_auth_request_*() using gensec_update_send/recv
The new logic makes it much clearer that we have a loop of

gensec_update_send()
gensec_update_recv()
http_send_request_send()
http_send_request_recv()
http_read_response_send()
http_read_response_recv()

Until the local gensec and the server are ready.

I've tested this against Windows 2008R2 like this:

bin/smbtorture \
  -W BLA --realm=BLA.BASE \
  -s /dev/null -Uadministrator%A1b2C3d4 \
  ncacn_http:w2k8r2-219[593,RpcProxy=w2k8r2-219.bla.base,HttpUseTls=false,HttpAuthOption=basic] \
  rpc.epmapper.epmapper.Lookup_simple \

and:

bin/smbtorture \
  -W BLA --realm=BLA.BASE \
  -s /dev/null -Uadministrator%A1b2C3d4 \
  ncacn_http:w2k8r2-219[593,RpcProxy=w2k8r2-219.bla.base,HttpUseTls=false,HttpAuthOption=ntlm] \
  rpc.epmapper.epmapper.Lookup_simple \

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2017-07-25 13:51:11 +02:00
Stefan Metzmacher
13f91927e0 s4:http/gensec: add missing tevent_req_done() to gensec_http_ntlm_update_done()
This was missing in commit d718e92d5e.

Sadly we can't have automated tests for this as we only implement
the client side for this protocol.

I've tested with using:

bin/smbtorture \
  -W BLA --realm=BLA.BASE \
  -s /dev/null -Uadministrator%A1b2C3d4 \
  ncacn_http:w2k8r2-219[593,RpcProxy=w2k8r2-219.bla.base,HttpUseTls=false,HttpAuthOption=basic] \
  rpc.epmapper.epmapper.Lookup_simple \

and:

bin/smbtorture \
  -W BLA --realm=BLA.BASE \
  -s /dev/null -Uadministrator%A1b2C3d4 \
  ncacn_http:w2k8r2-219[593,RpcProxy=w2k8r2-219.bla.base,HttpUseTls=false,HttpAuthOption=ntlm] \
  rpc.epmapper.epmapper.Lookup_simple \

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12919

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Fri Jul 21 23:29:39 CEST 2017 on sn-devel-144
2017-07-21 23:29:39 +02:00
Stefan Metzmacher
41981db0d3 s4:lib/com: remove unused pycom binding
This is completely untested and from reading the code it doesn't really
do anything beside always returning None from the get_class_object() method.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Tue May 30 12:16:57 CEST 2017 on sn-devel-144
2017-05-30 12:16:57 +02:00
Stefan Metzmacher
86f1ca2dad s4:gensec/http_basic: add simple gensec_http_basic_update_send/recv() wrapper functions
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2017-05-21 21:05:09 +02:00
Stefan Metzmacher
d718e92d5e s4:gensec/http_ntlm: add implement gensec_http_ntlm_update_send/recv()
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2017-05-21 21:05:09 +02:00
Jeremy Allison
3cfa58de12 gensec: Add a TALLOC_CTX * to gensec_register().
Pass in the TALLOC_CTX * from the module init to remove
another talloc_autofree_context() use.

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2017-05-13 16:50:13 +02:00
Jeremy Allison
4039e51a6f s4: popt: Change from talloc_autofree_context() to NULL context.
Call popt_free_cmdline_credentials() on successful exit from torture.

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2017-05-11 20:30:13 +02:00
Jeremy Allison
91267449ec s4: popt: Make cmdline_credentials static.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2017-05-11 20:30:13 +02:00
Jeremy Allison
b2de5a81bf s4: popt: Global replace of cmdline_credentials -> popt_get_cmdline_credentials().
Add one use of popt_set_cmdline_credentials().
Fix 80 column limits when cmdline_credentials changes
to popt_get_cmdline_credentials().

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2017-05-11 20:30:13 +02:00
Jeremy Allison
dd4a3ce927 s4: popt: Add set/get/free functions for cmdline_credentials.
Preparing to make this static instead of a global.

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2017-05-11 20:30:13 +02:00
Günther Deschner
84451e8639 s4-lib/policy: remove some dead prototypes
Guenther

Signed-off-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2017-05-10 15:53:21 +02:00
Andreas Schneider
85e3d1774c s4:tls: Do not use deprecated GnuTLS types
Those have been deprecated with GnuTLS 1.0.20 in 2004. I think it is
safe to use them now ;)

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2017-05-09 23:20:08 +02:00
Andrew Bartlett
2f1cc560dc s4-messaging: Add helpful comments
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>

Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Wed Apr 26 03:09:19 CEST 2017 on sn-devel-144
2017-04-26 03:09:19 +02:00
Jeremy Allison
306783d6f5 lib: modules: Change XXX_init interface from XXX_init(void) to XXX_init(TALLOC_CTX *)
Not currently used - no logic changes inside.

This will make it possible to pass down a long-lived talloc
context from the loading function for modules to use instead
of having them internally all use talloc_autofree_context()
which is a hidden global.

Updated all known module interface numbers, and added a
WHATSNEW.

Signed-off-by: Jeremy Allison <jra@samba.org>
Signed-off-by: Ralph Böhme <slow@samba.org>

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Sat Apr 22 01:17:00 CEST 2017 on sn-devel-144
2017-04-22 01:17:00 +02:00
Jeremy Allison
fc8f858c8c s4: messaging: When talloc_free()'ing an event context, only remove msg_dgm_ref's that point to *that* context.
Defensive programming change. Not strictly needed to prevent
any crash/error.

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
2017-04-17 19:13:07 +02:00
Jeremy Allison
61157388e7 s4: messaging. Minor cleanup. Check for error returns on imessaging_register calls.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
2017-04-17 19:13:06 +02:00
Jeremy Allison
3a9ea1873c s4: messaging. Add imessaging_reinit_all() function.
Ensure it is called from process_standard.c after
every fork().

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>

Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Fri Mar 31 14:48:17 CEST 2017 on sn-devel-144
2017-03-31 14:48:17 +02:00
Andrew Bartlett
c008687ffb s4-messaging: split up messaging into a smaller library for send only
This will help avoid a dep loop when the low-level auth code relies on the message
code to deliver authentication messages

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
2017-03-29 02:37:27 +02:00
Gary Lockyer
16e9448174 pymessaging: add single element tupple form of the server_id
This avoids the python code needing to call getpid() internally,
while declaring a stable task_id.

Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
2017-03-28 09:23:11 +02:00
Andrew Bartlett
8c75d9fc73 pymessaging: Add a hook to run the event loop, make callbacks practical
These change allow us to write a messaging server in python.

The previous ping_speed test did not actually test anything, so
we use .loop_once() to make it actually work.  To enable practial use
a context is supplied in the tuple with the callback, and the server_id
for the reply is not placed inside an additional tuple.

In order to get at the internal event context on which to loop, we
expose imessaging_context in messaging_internal.h and allow the python
bindings to use that header.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
2017-03-28 09:23:11 +02:00
Andrew Bartlett
e77c18019a pymessaging: Add irpc_remove_name
This allows tests to be indirectly added for server_id_db_lookup()
and server_id_db_prune_name()

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12705
2017-03-28 09:23:11 +02:00
Andrew Bartlett
3bd9e5f4ed pymessaging: Add support for irpc_add_name
This allows tests to be indirectly added for server_id_db_lookup()

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Pair-Programmed-by: Gary Lockyer <gary@catalyst.net.nz>
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12705
2017-03-28 09:23:11 +02:00
Ian Stakenvicius
dbf97e8d5e waf: disable-python - don't build samba-policy
samba-policy requires samba-net which requires PROVISION, which
is disabled when python isn't available.

Signed-off-by: Ian Stakenvicius <axs@gentoo.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2017-03-10 07:31:13 +01:00
Thomas Nagy
e36e1f7b12 build:wafsamba: Remove ambiguous 'if x in conf.env' constructs
Configuration values such as HAVE_STDDEF_H can be set to 0
to indicate a test failure. Waf 1.5 has a few bugs that
prevent configuration tests from setting such values
consistently on failures.

Consequently, conditions such as 'if conf.env.VARNAME' must be
used to indicate that config test successes are expected.
Note that conf.env.VARNAME always returns an empty list (False value)
when no variable is defined so there are no risk of raising
AttributeError/KeyError exceptions.

Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>

Autobuild-User(master): Uri Simchoni <uri@samba.org>
Autobuild-Date(master): Tue Feb 21 13:47:07 CET 2017 on sn-devel-144
2017-02-21 13:47:07 +01:00
Volker Lendecke
9af73f62ce lib: Add lib/util/server_id.h
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2017-01-22 18:30:11 +01:00
Ralph Boehme
a6bb4e27e7 s4/messaging: register for MSG_REQ_RINGBUF_LOG
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
2017-01-20 18:48:26 +01:00
Douglas Bagnall
28eb49c7ed lib/registry/regf: better initialise nk_block
We were initialising a uint32_t[5] block with memset(..., 5) when we
surely meant memset(..., 5 * sizeof(uint32_t)) or some equivalent.

Thanks go to gcc-7 and -Wmemset-elt-size. The warning looks like this:

../source4/lib/registry/regf.c: In function ‘reg_create_regf_file’:
../source4/lib/registry/regf.c:2095:2: warning: ‘memset’ used with length equal to number of elements without multiplication by element size [-Wmemset-elt-size]
  memset(nk.unk3, 0, 5);
    ^~~~~~

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Ralph Boehme <slow@samba.org>
2016-11-30 20:36:24 +01:00
Jeremy Allison
d333c56700 source4: Change to use lib/util/access functions.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12419

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>

Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Wed Nov 16 16:35:12 CET 2016 on sn-devel-144
2016-11-16 16:35:12 +01:00
Volker Lendecke
978c3792b5 messaging: Fix CID 1373625 Unused value
Hmm. I wonder how that cut&paste happened...

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2016-10-14 21:45:08 +02:00
Volker Lendecke
2a245512b8 messaging: add an overflow check
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2016-10-13 00:40:26 +02:00
Volker Lendecke
fdc52abbf4 messaging4: Postpone messages to the right tevent context
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2016-10-05 00:06:23 +02:00
Volker Lendecke
85c41375fd messages_dgm_ref: Pass receiving "ev" to recv_cb
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2016-10-05 00:06:22 +02:00
Volker Lendecke
f9a84411e8 messaging: add an overflow test
Send 1000 messages without picking them up. Then destroy the sending messaging
context.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2016-10-05 00:06:22 +02:00
Volker Lendecke
85221cd882 messaging4: Fix signed/unsigned hickups
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2016-10-05 00:06:21 +02:00
Volker Lendecke
f1c8786e11 lib: Fix CID 1373388 Uninitialized scalar variable
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
2016-09-28 15:19:21 +02:00
Volker Lendecke
d4884b54ff lib: Fix CID 1373389 Uninitialized scalar variable
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
2016-09-28 15:19:21 +02:00
Günther Deschner
6b1c5b485c werror: replace WERR_CLASS_NOT_REGISTERED with HRES_REGDB_E_CLASSNOTREG
Guenther

Signed-off-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2016-09-28 00:04:35 +02:00
Günther Deschner
6165f46bb4 werror: replace WERR_INVALID_PARAM with WERR_INVALID_PARAMETER in source4/lib/wmi/wbemdata.c
Guenther

Signed-off-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2016-09-28 00:04:23 +02:00
Günther Deschner
de2f32d630 werror: replace WERR_INVALID_PARAM with WERR_INVALID_PARAMETER in source4/lib/registry/
Guenther

Signed-off-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2016-09-28 00:04:23 +02:00
Günther Deschner
b0d21f44e5 werror: replace WERR_GENERAL_FAILURE with WERR_GEN_FAILURE in source4/lib/registry/
Guenther

Signed-off-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2016-09-28 00:04:21 +02:00
Günther Deschner
78d9a1eed9 werror: replace WERR_GENERAL_FAILURE with WERR_GEN_FAILURE in source4/lib/com/
Guenther

Signed-off-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2016-09-28 00:04:21 +02:00
Günther Deschner
4b736f2ad3 werror: replace WERR_NOMEM with WERR_NOT_ENOUGH_MEMORY in source4/lib/registry/
Guenther

Signed-off-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2016-09-28 00:04:19 +02:00
Günther Deschner
70807a4267 werror: replace WERR_BADFILE with WERR_FILE_NOT_FOUND in source4/lib/registry/
Guenther

Signed-off-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2016-09-28 00:04:17 +02:00
Günther Deschner
894d067c14 werror: replace WERR_BADFUNC with WERR_INVALID_FUNCTION in source4/lib/wmi/
Guenther

Signed-off-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2016-09-28 00:04:16 +02:00
Chris Davis
fcbed30a52 s4-registry: properly initialize registry key to be added via RPC
Signed-off-by: Chris Davis <cd.rattan@gmail.com>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
2016-09-26 02:25:07 +02:00
Chris Davis
f1bd44ac50 s4-registry: implement set value and delete value for RPC
Signed-off-by: Chris Davis <cd.rattan@gmail.com>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
2016-09-26 02:25:07 +02:00
Lukas Slebodnik
fa99ae70f1 tls: Fix warning Wunused-variable
The variable error_pos is used only with enabled ENABLE_GNUTLS
There are warnings if compiled witout gnutls

../source4/lib/tls/tls_tstream.c: In function ‘_tstream_tls_connect_send’:
../source4/lib/tls/tls_tstream.c:1053:14:
    warning: unused variable ‘error_pos’ [-Wunused-variable]
  const char *error_pos;
              ^~~~~~~~~
../source4/lib/tls/tls_tstream.c: In function ‘_tstream_tls_accept_send’:
../source4/lib/tls/tls_tstream.c:1333:14:
     warning: unused variable ‘error_pos’ [-Wunused-variable]
  const char *error_pos;
              ^~~~~~~~~

Signed-off-by: Lukas Slebodnik <lslebodn@redhat.com>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>

Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Wed Sep 21 00:01:09 CEST 2016 on sn-devel-144
2016-09-21 00:01:08 +02:00
Ralph Boehme
ee64d3f1d8 s4/messaging: let the imessaging ctx destructor free msg_dgm_ref
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12272

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2016-09-19 03:32:10 +02:00
Ralph Boehme
d2b0694666 messaging: Call messaging_dgm_send under become_root only if necessary
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2016-09-13 00:19:26 +02:00
Ralph Boehme
cfce21281a s4/messaging: messaging_dgm_ref talloc hierarchy fix
Ensure the messaging dgm context goes away *before* the tevent
context. The messaging dgm context will likely have active fd or timer
events, their rundown will touch the associated tevent context.

Otoh, I deliberately don't free the imessaging context here, that's going
to happen as part of freeing the talloc_autofree_context() as before. I
think it suffers the same problem, eg imessaging_deregister() works on
an imessaging_context that might already be freed. But as it works,
don't change it.

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2016-09-13 00:19:26 +02:00
Volker Lendecke
07d12d2c71 lib: Fix a pointless error check
According to susv4, addr.s6_addr is a

uint8_t s6_addr[16]

which is always != 0

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Martin Schwenke <martin@meltin.net>
2016-08-05 22:20:05 +02:00
Jeremy Allison
da47e13323 s4: messaging: Remove bool auto_remove parameter from imessaging_init().
With modern messaging this doesn't do anything (it's an
empty destructor). Clean up so we can add a proper destructor
in future.

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2016-07-23 06:04:11 +02:00
Andrew Bartlett
2d3fdc0a45 pyrpc: Allow control of RPC timeout for IRPC
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
2016-07-12 23:24:13 +02:00
Michael Adam
a6db0527cb s4:regshell: fix O3 error unused result of asprintf in reg_complete_key()
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Christian Ambach <ambi@samba.org>
2016-05-13 00:16:16 +02:00
Michael Adam
2d8a3125f2 s4:registry:patchfile: fix O3 error unused result of write
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Christian Ambach <ambi@samba.org>
2016-05-13 00:16:15 +02:00
Douglas Bagnall
891abcf78f source4/registry/local: avoid str_list_length() to check first element
We don't need to walk to the end of the list to find out if the first
one is NULL.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2016-05-10 01:43:14 +02:00
Volker Lendecke
93b982faad lib: Give base64.c its own .h
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2016-05-04 01:28:23 +02:00
Robin Hack
9a7a38a6dd lib/http/http_auth: Fix CID 1273428 - Unchecked return value
There is missing check of status value in
http_auth.c:http_create_auth_request() which can leave values
inside 'DATA_BLOB in' unitialized.

http_auth.c:http_create_auth_request() calls
http_auth.c:http_parse_auth_response() which can return NT_STATUS_NOT_SUPPORTED
and which is not checked by caller and later passed as argument to other functions.

For example:
'DATA_BLOB in' can be passed to
auth/gensec/spnego.c:gensec_spnego_update() later:

...
switch (spnego_state->state_position) {
..
	case SPNEGO_SERVER_START:
		if (in.length) {

Signed-off-by: Robin Hack <hack.robin@gmail.com>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2016-04-26 22:48:22 +02:00
Noel Power
60b2298a73 s4:lib:registry: fix 'Conditional jump or move' valgrind error.
smbtorture local.registry.diff.dotreg.test_diff_apply produces the following
valgrind trace

==18367== Conditional jump or move depends on uninitialised value(s)
==18367==    at 0xA02ED96: reg_dotreg_diff_load (patchfile_dotreg.c:252)
==18367==    by 0xA031C6C: reg_diff_load (patchfile.c:375)
==18367==    by 0xA0323AB: reg_diff_apply (patchfile.c:542)
==18367==    by 0x15F116: test_diff_apply (diff.c:72)
==18367==    by 0x955460C: wrap_test_with_simple_test (torture.c:731)
==18367==    by 0x955366F: internal_torture_run_test (torture.c:442)
==18367==    by 0x9553A4B: torture_run_test_restricted (torture.c:542)
==18367==    by 0x260074: run_matching (smbtorture.c:110)
==18367==    by 0x25FF36: run_matching (smbtorture.c:95)
==18367==    by 0x25FF36: run_matching (smbtorture.c:95)
==18367==    by 0x25FF36: run_matching (smbtorture.c:95)
==18367==    by 0x260195: torture_run_named_tests (smbtorture.c:143)
==18367==

Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2016-04-25 10:35:14 +02:00
Stefan Metzmacher
64a9cd2a38 CVE-2016-2113: s4:lib/tls: implement infrastructure to do peer verification
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11752

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
2016-04-12 19:25:25 +02:00
Stefan Metzmacher
b5681c4125 CVE-2016-2113: s4:lib/tls: create better certificates and sign the host cert with the ca cert
The generated ca cert (in ca.pem) was completely useless,
it could be replaced by cert.pem.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11752

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
2016-04-12 19:25:25 +02:00
Douglas Bagnall
82258aa2a6 s4/lib/wmi_wrap: use HAVE___ATTRIBUTE__ instead of __GNUC__
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
2016-03-24 15:13:15 +01:00
Garming Sam
7b431eba22 build: mark explicit dependencies on pytalloc-util
All subsystems that include pytalloc.h need to link against
pytalloc-util.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11789

Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

Autobuild-User(master): Garming Sam <garming@samba.org>
Autobuild-Date(master): Tue Mar 15 07:08:16 CET 2016 on sn-devel-144
2016-03-15 07:08:16 +01:00
Andrew Bartlett
6d348c443a pyregistry: Use pytalloc_BaseObject_PyType_Ready()
This changes pyregistry to use talloc.BaseObject() just like the PIDL output

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
2016-03-08 01:58:29 +01:00
Douglas Bagnall
c9836e8121 regtree: avoid GCC indentation warning
This was not actually a bug, but GCC6 (sort of reasonably) thought it could be.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
2016-03-03 13:09:25 +01:00
Günther Deschner
1a4b8cc707 s4-libgpo: fix gcc6 build warning.
source4/lib/policy/gp_ldap.c:48:35: warning: 'gpo_inheritance' defined but not
used [-Wunused-const-variable]

Guenther

Signed-off-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2016-02-06 21:48:18 +01:00
Michael Adam
476672b647 dlist: remove unneeded type argument from DLIST_ADD_END()
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2016-02-06 21:48:17 +01:00
Michael Adam
9fcf87419f s4:lib:socket: skip extra data in interpret_interface()
This is currently smbd-specific.
No need to duplicate the extended parsing
while these functions have not been merged yet.

Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2016-01-26 07:33:16 +01:00
Jelmer Vernooij
da8674c72a Rename 'errors' to 'samba-errors' and make it public.
This is necessary because it has public headers.

Signed-off-by: Jelmer Vernooij <jelmer@jelmer.uk>
Reviewed-By: Andrew Bartlett <abartlet@samba.org>
Reviewed-By: Stefan Metzmacher <metze@samba.org>

Autobuild-User(master): Jelmer Vernooij <jelmer@samba.org>
Autobuild-Date(master): Wed Jan 13 07:47:04 CET 2016 on sn-devel-144
2016-01-13 07:47:04 +01:00
Jelmer Vernooij
232726a4b4 Make libregistry private, for now.
Signed-Off-By: Jelmer Vernooij <jelmer@samba.org>
Reviewed-By: Andrew Bartlett <abartlet@samba.org>
Reviewed-By: Stefan Metzmacher <metze@samba.org>
2016-01-13 04:43:23 +01:00
Andrew Bartlett
5c7822a1e4 pyregistry: Adjust to use of PY_SSIZE_T_CLEAN
This changes the type used for # arguments to PyArg_ParseTuple

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Jelmer Vernooij <jelmer@samba.org>
2016-01-07 23:33:10 +01:00
Andrew Bartlett
6a6aec78c5 pymessaging: Adjust to use of PY_SSIZE_T_CLEAN
This changes the type used for # arguments to PyArg_ParseTupleAndKeywords

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Jelmer Vernooij <jelmer@samba.org>
2016-01-07 23:33:10 +01:00
Andreas Schneider
53e8feeb6a waf: Check for GnuTLS 3.4.7
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
2015-12-10 08:49:20 +01:00
Mathieu Parent
c315fce17e Fix various spelling errors
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>

Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Fri Nov  6 13:43:45 CET 2015 on sn-devel-104
2015-11-06 13:43:45 +01:00
Ralph Boehme
1dba498593 s4:lib/messaging: use a helper variable for tdb flags
Small refactoring that eliminates a nested function call. These are a
pita when stepping with gdb.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=11562

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>

Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Tue Oct 20 14:54:57 CEST 2015 on sn-devel-104
2015-10-20 14:54:56 +02:00
Ralph Boehme
79ec9cbff9 s4:lib/messaging: use correct path for names.tdb
source3 messaging_init() calls server_id_db_init() (where names.tdb is
created) with lock_path. source4 imessaging_init() otoh wrongly used the
special lock_path subdirectory "msg.lock":

> find /opt/samba/ -name names.tdb
/opt/samba/var/lock/msg.lock/names.tdb
/opt/samba/var/lock/names.tdb

> tdbdump /opt/samba/var/lock/names.tdb
{
key(14) = "notify-daemon\00"
data(27) = "28609/12756565486113779780\00"
}

> tdbdump /opt/samba/var/lock/msg.lock/names.tdb
{
key(15) = "winbind_server\00"
data(8) = "28593/0\00"
}

With this patch both source3 and source4 messaging now use the same
names.tdb which is what we want:

> find /opt/samba/ -name names.tdb
/opt/samba/var/lock/names.tdb

> tdbdump /opt/samba/var/lock/names.tdb
{
key(15) = "winbind_server\00"
data(8) = "26434/0\00"
}
{
key(14) = "notify-daemon\00"
data(26) = "26452/3454520012124001687\00"
}

Bug: https://bugzilla.samba.org/show_bug.cgi?id=11562

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2015-10-20 11:51:16 +02:00
Volker Lendecke
01d7e26f7f lib: Push down unique generation one level
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2015-10-19 12:09:10 +02:00
Stefan Metzmacher
1d2a1a685e s4:lib/messaging: use 'msg.lock' and 'msg.sock' for messaging related subdirs
In Samba 4.2, we used lock_path("msg") (with 0700) for the socket directory,
while we use lock_path("msg") (with 0755) for the lock file directory.

This generates a conflict that prevents samba, smbd, nmbd and winbindd
from starting after an upgrade.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11515

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>

Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Thu Sep 17 09:04:59 CEST 2015 on sn-devel-104
2015-09-17 09:04:59 +02:00
Björn Jacke
22a37c453d tls: increase Diffie-Hellman group size to 2048 bits
1024 bits is already the minimum accepted size of current TLS libraries. 2048
is recommended for servers, see https://weakdh.org/

Signed-off-by: Bjoern Jacke <bj@sernet.de>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Thu Sep  3 03:47:48 CEST 2015 on sn-devel-104
2015-09-03 03:47:48 +02:00
Andrew Bartlett
ac25a8ac4f lib/tls: Ensure SSLv3 is disabled in the web server by default
By calling gnutls_priority_set_direct() the behaviour should now match the LDAP server

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11076
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Pair-programmed-with: Garming Sam <garming@catalyst.net.nz>
2015-08-31 01:10:22 +02:00
Andrew Bartlett
cdaa1224c4 lib/tls: Remove unused tls_init_client code
This is unused as the callers have now been migrated to tls_tstream

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11076
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Pair-programmed-with: Garming Sam <garming@catalyst.net.nz>
2015-08-31 01:10:22 +02:00