1
0
mirror of https://github.com/samba-team/samba.git synced 2025-01-13 13:18:06 +03:00
Commit Graph

35675 Commits

Author SHA1 Message Date
Tim Beale
da33c2c4e4 tests: Run GPO commands against testenv with SMBv1 disabled
Just to prove that they work across SMBv2.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13676

Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Reviewed-by: Jeremy Allison <jra@samba.org>
2019-01-17 01:40:30 +01:00
Tim Beale
2a7372da7b tests: Run samba_tool.gpo tests against backup testenvs
Run the GPO tests against the backup/restore testenvs.

Because the backup/restore preserves the NTACLs of the sysvol files,
running the GPO tests against the backup testenvs is a good sanity-
check. If fact it highlights that there is currently a problem with
restoring the GPO files - this shows up in 'samba-tool gpo aclcheck',
but we never noticed it until now.

NTACL backup works slightly different for offline backups, and rename
backups end up with more sysvol files, so run the tests against both
these envs.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13676

Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Reviewed-by: Jeremy Allison <jra@samba.org>
2019-01-17 01:40:30 +01:00
Tim Beale
6a29e63f32 s4:pysmb: Add error log that the s4 bindings are deprecated
We plan to delete the s4 SMB Python bindings in the next Samba release
after v4.10, but first give external consumers a heads-up, just in case
they are currently using the s4 bindings.

Note the auth_log tests still use the s4 bindings, but all user-facing
tools should now be updated to use the s3 bindings.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13676

Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Reviewed-by: Jeremy Allison <jra@samba.org>
2019-01-17 01:40:30 +01:00
Volker Lendecke
9563fcf6ff samba_dnsupdate: With dns_hub, we don't need resolv_wrap
Best viewed with git show -b

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2019-01-15 07:53:22 +01:00
Volker Lendecke
ff2dbe24b8 dns_update: samba_dnsupdate's exit code is not an errno
This avoids confusing messages, samba_dnsupdate returns the number of
failed updates

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2019-01-15 07:53:21 +01:00
Noel Power
b6c8ef5fb7 s4/libnet: use 'et' as format for ParseTuple with python2
Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2019-01-13 00:40:26 +01:00
Stefan Metzmacher
ea0a704177 selftest:Samba4: run the raw_protocol test with a limit of 8 auth contexts
This is much faster than exploring the limit of 2049 during autobuild.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=7113
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11892

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2019-01-12 03:13:42 +01:00
Stefan Metzmacher
7bc6ec81c8 s4:rpc_server: implement security context multiplexing
There're some systems like Cisco ISE use security multiplexing
without checking (via bind time feature negotiation)
the server supports it.

Others like VMWare View, fallback to NT4 style netlogon
connections without using netlogon secure channel,
which then triggers an error, with "server schannel = yes",
see https://bugzilla.samba.org/show_bug.cgi?id=13464.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=7113
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11892

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2019-01-12 03:13:41 +01:00
Stefan Metzmacher
8bd0f4405a s4:pyrpc: add py_dcerpc_ndr_pointer_deref/wrap() infrastructure
Some idl files use more than one layer of unique pointers. e.g.

    NTSTATUS lsa_GetUserName(
            [in,unique] [string,charset(UTF16)] uint16 *system_name,
            [in,out,ref] lsa_String **account_name,
            [in,out,unique] lsa_String **authority_name
            );

In order to specify *io.in.authority_name = NULL,
we need to wrap the pointer value (lsa_String or None)
into an base.ndr_pointer() object.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=7113
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11892

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2019-01-12 03:13:41 +01:00
Stefan Metzmacher
ae467704f3 s4:pyrpc: make use of pytalloc_get_type() in py_dcerpc_syntax_init_helper()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=7113
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11892

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2019-01-12 03:13:41 +01:00
Stefan Metzmacher
4bb3a66ae1 s4:rpc_server/lsa: specify \\pipe\lsass as ncacn_np_secondary_endpoint
BUG: https://bugzilla.samba.org/show_bug.cgi?id=7113
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11892

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2019-01-12 03:13:41 +01:00
Stefan Metzmacher
98d5872293 s4:rpc_server: make it possible to specify ncacn_np_secondary_endpoint
Even a connect to \\pipe\lsarpc should return a secondary_address
of '\\pipe\\lsass'. But that will be implemented in a following commit.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=7113
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11892

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2019-01-12 03:13:41 +01:00
Stefan Metzmacher
b3659fb52d s4:rpc_server: only share assoc group ids on the same transport
BUG: https://bugzilla.samba.org/show_bug.cgi?id=7113
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11892

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2019-01-12 03:13:41 +01:00
Stefan Metzmacher
c192dc1c9d s4:rpc_server: don't replace '\\pipe\\' with '\\PIPE\\'
This is not what Windows returns (at least for \\pipe\lsass).

BUG: https://bugzilla.samba.org/show_bug.cgi?id=7113
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11892

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2019-01-12 03:13:40 +01:00
Stefan Metzmacher
975e8e1f25 s4:rpc_server: fix DCERPC_PFC_FLAG_SUPPORT_HEADER_SIGN negotiation to match Windows
BUG: https://bugzilla.samba.org/show_bug.cgi?id=7113
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11892

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2019-01-12 03:13:40 +01:00
Stefan Metzmacher
6f53c99372 s4:rpc_server: SMB_ASSERT(auth->auth_finished); in order to get auth details
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2019-01-12 03:13:39 +01:00
Stefan Metzmacher
e9eb8e6a44 s4:rpc_server: only pass context to op_bind() hooks
BUG: https://bugzilla.samba.org/show_bug.cgi?id=7113
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11892

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2019-01-12 03:13:39 +01:00
Stefan Metzmacher
70b00c7567 s4:rpc_server: only use context within op_bind() hooks and dcesrv_interface_bind_*() functions
BUG: https://bugzilla.samba.org/show_bug.cgi?id=7113
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11892

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2019-01-12 03:13:39 +01:00
Stefan Metzmacher
28f4cb442c s4:rpc_server: remove unused dcesrv_connection_context->private_date
dcesrv_iface_state_{create,find}_{assoc,conn}() should be used instead.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=7113
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11892

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2019-01-12 03:13:39 +01:00
Stefan Metzmacher
792b6b9d69 s4:rpc_server: remove unused dcesrv_assoc_group->proxied_id
BUG: https://bugzilla.samba.org/show_bug.cgi?id=7113
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11892

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2019-01-12 03:13:39 +01:00
Stefan Metzmacher
2ed7db445b s4:rpc_server/winreg: don't cache an ldb connection per presentation context
We should do this per context handle, as these are available on all
connections of the association group.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=7113
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11892

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2019-01-12 03:13:39 +01:00
Stefan Metzmacher
9616f6b8bc s4:rpc_server/remote: make use dcesrv_iface_state_{store,find}_{assoc,conn}() helpers
BUG: https://bugzilla.samba.org/show_bug.cgi?id=7113
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11892

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2019-01-12 03:13:39 +01:00
Stefan Metzmacher
9d387919f6 s4:rpc_server/remote: introduce struct dcesrv_remote_call
This holds the state for async requests.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=7113
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11892

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2019-01-12 03:13:39 +01:00
Stefan Metzmacher
a8134191ec s4:rpc_server/remote: defer the connect to the first client request
This means we have a chance to use delegated credentials from the client
if available, as the authentication is already completed.

Before we only ever used the transport inherited credentials
via SMB or anonymous.

Note: most times we still fallback to anonymous...

BUG: https://bugzilla.samba.org/show_bug.cgi?id=7113
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11892

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2019-01-12 03:13:39 +01:00
Stefan Metzmacher
199d4ba7ac s4:rpc_server/remote: fail the connection if the remote server don't support MPX
If we already negotiated with our client to support concurent multiplexing (MPX),
we need a remote connection that also supports it.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=7113
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11892

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2019-01-12 03:13:39 +01:00
Stefan Metzmacher
3a17389e1b s4:rpc_server/remote: add dcerpc_remote:allow_anonymous_fallback option
BUG: https://bugzilla.samba.org/show_bug.cgi?id=7113
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11892

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2019-01-12 03:13:38 +01:00
Stefan Metzmacher
23d1393a5f s4:rpc_server/remote: reformat code to get "dcerpc_remote:use_machine_account"
BUG: https://bugzilla.samba.org/show_bug.cgi?id=7113
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11892

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2019-01-12 03:13:38 +01:00
Stefan Metzmacher
d9b88ccd81 s4:rpc_server/remote: reformat code to get "dcerpc_remote:binding"
BUG: https://bugzilla.samba.org/show_bug.cgi?id=7113
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11892

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2019-01-12 03:13:38 +01:00
Stefan Metzmacher
1f348d077b s4:rpc_server/remote: remote_op_bind already has the table available
BUG: https://bugzilla.samba.org/show_bug.cgi?id=7113
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11892

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2019-01-12 03:13:38 +01:00
Stefan Metzmacher
965abe8e1a s4:rpc_server/remote: introduce remote_get_private()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=7113
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11892

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2019-01-12 03:13:38 +01:00
Stefan Metzmacher
245a0ef73f s4:rpc_server/dnsserver: make use of dcesrv_iface_state_{create,find}_conn()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=7113
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11892

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2019-01-12 03:13:38 +01:00
Stefan Metzmacher
5cbcc78a40 s4:rpc_server/netlogon: make use of dcesrv_iface_state_{create,find}_conn()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=7113
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11892

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2019-01-12 03:13:38 +01:00
Stefan Metzmacher
c76a5be87b s4:rpc_server: add dcesrv_iface_state_{store,find}_{assoc,conn}() helpers
They can be used instead of
dcesrv_connection_context->private_data and
dcesrv_assoc_group->proxied_id.

This is the first step to hide internal details of
the core dcerpc server from the interface implementations.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=7113
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11892

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2019-01-12 03:13:38 +01:00
Stefan Metzmacher
38e0c06abc s4:rpc_server: move bind_time_features to dcesrv_assoc_group
BUG: https://bugzilla.samba.org/show_bug.cgi?id=7113
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11892

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2019-01-12 03:13:37 +01:00
Stefan Metzmacher
6b02b94d03 s4:rpc_server: add a min_auth_level to context handles
BUG: https://bugzilla.samba.org/show_bug.cgi?id=7113
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11892

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2019-01-12 03:13:37 +01:00
Stefan Metzmacher
d8293acdb4 s4:rpc_server: replace dce_conn->allow_request with auth->auth_finished
They both had the same lifetime and the disconnect case is now
caught by auth->auth_invalid = true.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=7113
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11892

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2019-01-12 03:13:37 +01:00
Stefan Metzmacher
13e52cc929 s4:rpc_server: replace dce_conn->allow_auth3 with auth->auth_started
auth3 is allowed if auth_started is true and auth_finished is false.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=7113
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11892

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2019-01-12 03:13:37 +01:00
Stefan Metzmacher
0191516efc s4:rpc_server: set auth_invalid = true on disconnect
BUG: https://bugzilla.samba.org/show_bug.cgi?id=7113
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11892

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2019-01-12 03:13:37 +01:00
Stefan Metzmacher
b46df3a85c s4:rpc_server: split out log_successful_dcesrv_authz_event()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=7113
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11892

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2019-01-12 03:13:37 +01:00
Stefan Metzmacher
76976eab01 s4:rpc_server: add some protection checks to dcesrv_auth_prepare_gensec()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=7113
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11892

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2019-01-12 03:13:37 +01:00
Stefan Metzmacher
2640f60e88 s4:rpc_server: split out dcesrv_auth_prepare_gensec()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=7113
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11892

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2019-01-12 03:13:37 +01:00
Stefan Metzmacher
e2a05c3ad8 s4:rpc_server: allocate struct dcesrv_auth with talloc
BUG: https://bugzilla.samba.org/show_bug.cgi?id=7113
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11892

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2019-01-12 03:13:37 +01:00
Stefan Metzmacher
5802161258 s4:rpc_server: make use of dcesrv_call_state->auth_state in dcerpc_server.c
BUG: https://bugzilla.samba.org/show_bug.cgi?id=7113
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11892

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2019-01-12 03:13:36 +01:00
Stefan Metzmacher
097299ae7a s4:rpc_server: make use of dcesrv_call_state->auth_state in common/reply.c
BUG: https://bugzilla.samba.org/show_bug.cgi?id=7113
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11892

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2019-01-12 03:13:36 +01:00
Stefan Metzmacher
8ec932923b s4:rpc_server: make use of dcesrv_call_state->auth_state in dcesrv_auth.c
BUG: https://bugzilla.samba.org/show_bug.cgi?id=7113
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11892

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2019-01-12 03:13:36 +01:00
Stefan Metzmacher
9a3ea90cc5 s4:rpc_server: introduce dcesrv_call_state->auth_state
BUG: https://bugzilla.samba.org/show_bug.cgi?id=7113
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11892

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2019-01-12 03:13:36 +01:00
Stefan Metzmacher
93ae817a02 s4:rpc_server: use helper variables to access 'struct dcesrv_auth' in dcerpc_server.c
BUG: https://bugzilla.samba.org/show_bug.cgi?id=7113
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11892

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2019-01-12 03:13:36 +01:00
Stefan Metzmacher
b8d384177c s4:rpc_server: use helper variables to access 'struct dcesrv_auth' in common/reply.c
BUG: https://bugzilla.samba.org/show_bug.cgi?id=7113
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11892

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2019-01-12 03:13:36 +01:00
Stefan Metzmacher
72643248d9 s4:rpc_server: use helper variables to access 'struct dcesrv_auth' in dcesrv_auth.c
BUG: https://bugzilla.samba.org/show_bug.cgi?id=7113
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11892

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2019-01-12 03:13:36 +01:00
Stefan Metzmacher
c621a87322 s4:rpc_server/remote: make use of dcesrv_call_credentials()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=7113
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11892

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2019-01-12 03:13:36 +01:00
Stefan Metzmacher
6b49e325f1 s4:rpc_server/netlogon: make use of dcesrv_call_auth_info()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=7113
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11892

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2019-01-12 03:13:36 +01:00
Stefan Metzmacher
cd380d8ada s4:rpc_server/netlogon: simplify logic of dcesrv_netr_creds_server_step_check()
It's enough to check the auth_type for DCERPC_AUTH_TYPE_SCHANNEL,
there's no need to also check the auth_level for integrity or privacy.

The gensec layer already required at least DCERPC_AUTH_LEVEL_INTEGRITY,
see schannel_update_internal().

BUG: https://bugzilla.samba.org/show_bug.cgi?id=7113
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11892

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2019-01-12 03:13:35 +01:00
Stefan Metzmacher
fc596ef1c7 s4:rpc_server/lsa: make use of dcesrv_call_auth_info()
It's enough to check the auth_type for DCERPC_AUTH_TYPE_SCHANNEL,
there's no need to also check the auth_level for integrity or privacy.

The gensec layer already required at least DCERPC_AUTH_LEVEL_INTEGRITY,
see schannel_update_internal().

BUG: https://bugzilla.samba.org/show_bug.cgi?id=7113
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11892

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2019-01-12 03:13:35 +01:00
Stefan Metzmacher
10816794c0 s4:rpc_server/samr: make use of dcesrv_call_auth_info()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=7113
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11892

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2019-01-12 03:13:35 +01:00
Stefan Metzmacher
62d45e16e0 s4:rpc_server: add dcesrv_call_auth_info()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=7113
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11892

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2019-01-12 03:13:35 +01:00
Stefan Metzmacher
f6a296863f s4:rpc_server/handles: make use dcesrv_call_session_info()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=7113
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11892

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2019-01-12 03:13:35 +01:00
Stefan Metzmacher
8639d73025 s4:rpc_server: remove the old dcesrv_handle_{new,fetch}() api
BUG: https://bugzilla.samba.org/show_bug.cgi?id=7113
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11892

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2019-01-12 03:13:35 +01:00
Stefan Metzmacher
237ae037f4 s4:rpc_server: only use the new dcesrv_handle_{create,lookup}() api
BUG: https://bugzilla.samba.org/show_bug.cgi?id=7113
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11892

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2019-01-12 03:13:35 +01:00
Stefan Metzmacher
86661abacf s4:rpc_server/winreg: make use of dcesrv_handle_create()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=7113
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11892

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2019-01-12 03:13:35 +01:00
Stefan Metzmacher
70a5d21d74 s4:rpc_server/samr: make use of dcesrv_handle_create()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=7113
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11892

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2019-01-12 03:13:35 +01:00
Stefan Metzmacher
884a18fa39 s4:rpc_server/lsa: make use of dcesrv_handle_create()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=7113
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11892

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2019-01-12 03:13:35 +01:00
Stefan Metzmacher
89a42fc011 s4:rpc_server/eventlog: make use of dcesrv_handle_create()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=7113
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11892

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2019-01-12 03:13:34 +01:00
Stefan Metzmacher
ec3e404a80 s4:rpc_server/drsuapi: make use of dcesrv_handle_create()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=7113
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11892

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2019-01-12 03:13:34 +01:00
Stefan Metzmacher
47a941cafb s4:rpc_server: add dcesrv_handle_{create,lookup}() functions
They take struct dcesrv_call_state as argument and will replace
dcesrv_handle_{new,fetch}() which take dcesrv_connection_context
as argument.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=7113
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11892

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2019-01-12 03:13:34 +01:00
Stefan Metzmacher
d1f5e5d5b4 s4:rpc_server: add some const to dcesrv_handle_fetch()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=7113
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11892

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2019-01-12 03:13:34 +01:00
Stefan Metzmacher
ace0672968 s4:rpc_server: merge dcesrv_fetch_session_key() into dcesrv_transport_session_key()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=7113
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11892

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2019-01-12 03:13:34 +01:00
Stefan Metzmacher
b8eae043dd s4:rpc_server: remove unused dcesrv_inherited_session_key()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=7113
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11892

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2019-01-12 03:13:34 +01:00
Stefan Metzmacher
57edc9a0d5 s4:rpc_server: only pass dcesrv_auth to auth_state.session_key_fn()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=7113
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11892

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2019-01-12 03:13:34 +01:00
Stefan Metzmacher
e0a963a7ce s4:rpc_server: only setup the auth_state.session_key fn in dcesrv_endpoint_connect()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=7113
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11892

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2019-01-12 03:13:34 +01:00
Stefan Metzmacher
00e9204567 s4:rpc_server: make dcesrv_endpoint_connect() static
BUG: https://bugzilla.samba.org/show_bug.cgi?id=7113
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11892

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2019-01-12 03:13:34 +01:00
Stefan Metzmacher
d2aecd8755 s4:rpc_server: only AUTH_TYPE_NONE should get a transport session key
There's only a logic change for NCALRPC and NCACN_UNIX_STREAM.
dcesrv_generic_session_key() already returned
NT_STATUS_NO_USER_SESSION_KEY for all other cases.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=7113
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11892

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2019-01-12 03:13:34 +01:00
Stefan Metzmacher
6df7143606 s4:rpc_server: split out a dcesrv_session_info_session_key() helper function
BUG: https://bugzilla.samba.org/show_bug.cgi?id=7113
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11892

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2019-01-12 03:13:33 +01:00
Stefan Metzmacher
851c06f40b s4:rpc_server: allow a NULL function pointer in dcesrv_fetch_session_key()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=7113
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11892

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2019-01-12 03:13:33 +01:00
Stefan Metzmacher
2f5c344bfc s4:rpc_server/drsuapi: make use of dcesrv_auth_session_key()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=7113
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11892

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2019-01-12 03:13:33 +01:00
Stefan Metzmacher
dbb381ad37 s4:rpc_server/samr: make use of dcesrv_transport_session_key()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=7113
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11892

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2019-01-12 03:13:33 +01:00
Stefan Metzmacher
8a171c692f s4:rpc_server/lsa: make use of dcesrv_transport_session_key()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=7113
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11892

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2019-01-12 03:13:33 +01:00
Stefan Metzmacher
13c534bd93 s4:rpc_server: add dcesrv_{auth,transport}_session_key() functions
They take struct dcesrv_call_state as argument and will replace
dcesrv_{inherited,fetch}_session_key() which take dcesrv_connection
as argument.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=7113
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11892

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2019-01-12 03:13:33 +01:00
Stefan Metzmacher
905417c2a7 s4:rpc_server/common: make use dcesrv_call_session_info()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=7113
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11892

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2019-01-12 03:13:33 +01:00
Stefan Metzmacher
014e55b8e9 s4:rpc_server/winreq: make use dcesrv_call_session_info()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=7113
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11892

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2019-01-12 03:13:33 +01:00
Stefan Metzmacher
ba127cab2c s4:rpc_server/srvsvc: make use dcesrv_call_session_info()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=7113
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11892

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2019-01-12 03:13:33 +01:00
Stefan Metzmacher
89c8870c6a s4:rpc_server/samr: make use dcesrv_call_session_info()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=7113
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11892

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2019-01-12 03:13:33 +01:00
Stefan Metzmacher
aa6d9e49bb s4:rpc_server/netlogon: make use dcesrv_call_session_info()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=7113
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11892

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2019-01-12 03:13:32 +01:00
Stefan Metzmacher
73bda4b6d6 s4:rpc_server/lsa: make use dcesrv_call_session_info()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=7113
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11892

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2019-01-12 03:13:32 +01:00
Stefan Metzmacher
e1caa51146 s4:rpc_server/drsuapi: make use dcesrv_call_session_info()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=7113
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11892

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2019-01-12 03:13:32 +01:00
Stefan Metzmacher
c989e35c63 s4:rpc_server/dnsserver: make use dcesrv_call_session_info()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=7113
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11892

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2019-01-12 03:13:32 +01:00
Stefan Metzmacher
707105d0de s4:rpc_server/backupkey: make use dcesrv_call_session_info()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=7113
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11892

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2019-01-12 03:13:32 +01:00
Stefan Metzmacher
961ebf229a s4:rpc_server: add dcesrv_call_session_info()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=7113
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11892

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2019-01-12 03:13:32 +01:00
Stefan Metzmacher
5f33379ee8 s4:rpc_server: remove unused dcesrv_connection->transport_session_key
BUG: https://bugzilla.samba.org/show_bug.cgi?id=7113
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11892

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2019-01-12 03:13:32 +01:00
Stefan Metzmacher
a71558cf8f s4:rpc_server: move dcesrv_auth.c and common/reply.c to dcerpc_server
They belong to the core dcerpc server.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=7113
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11892

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2019-01-12 03:13:32 +01:00
Stefan Metzmacher
6739d1b8e4 s4:rpc_server: let test_rpc_dns_server_dnsutils depend on dcerpc_server
The core dcerpc server is required here, which also implies
DCERPC_COMMON.

This is required to move common/reply.c dcesrv_auth.c from
DCERPC_COMMON to dcerpc_server in the next commit.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=7113
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11892

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2019-01-12 03:13:32 +01:00
Stefan Metzmacher
f17cd47802 s4:rpc_server: remove dcerpc_remote dependency from dcerpc_server
dcerpc_remote is just an implementation and does not belong to the
core dcerpc server.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=7113
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11892

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2019-01-12 03:13:32 +01:00
Stefan Metzmacher
0b972ec694 s4:rpc_server/samr: Fix the O3 developer build
Different gcc versions complain at different places.

I recently got these:

../source4/rpc_server/samr/dcesrv_samr.c: In function
‘dcesrv_samr_QueryDisplayInfo2’:
../source4/rpc_server/samr/dcesrv_samr.c:4117:2: error: ‘q.out.result.v’
may be used uninitialized in this function [-Werror=maybe-uninitialized]
  return result;
  ^
../source4/rpc_server/samr/dcesrv_samr.c: In function
‘dcesrv_samr_QueryDisplayInfo3’:
../source4/rpc_server/samr/dcesrv_samr.c:4151:2: error: ‘q.out.result.v’
may be used uninitialized in this function [-Werror=maybe-uninitialized]
  return result;
  ^
cc1: all warnings being treated as errors

../source4/rpc_server/samr/dcesrv_samr.c: In function
‘dcesrv_samr_QueryDisplayInfo3’:
../source4/rpc_server/samr/dcesrv_samr.c:4151:2: error: ‘q.out.result.v’
may be used uninitialized in this function [-Werror=maybe-uninitialized]
  return result;
  ^
In file included from ../source4/rpc_server/samr/dcesrv_samr.c:4447:0:
default/librpc/gen_ndr/ndr_samr_s.c: In function ‘samr__op_dispatch’:
default/librpc/gen_ndr/ndr_samr_s.c:597:18: error: ‘q.out.result.v’ may
be used uninitialized in this function [-Werror=maybe-uninitialized]
   r2->out.result = dcesrv_samr_QueryDisplayInfo2(dce_call, mem_ctx,
r2);
                  ^
cc1: all warnings being treated as errors

BUG: https://bugzilla.samba.org/show_bug.cgi?id=7113
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11892

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2019-01-12 03:13:32 +01:00
Stefan Metzmacher
36d5268a94 s4:torture: make test_GetUserName() more strict
BUG: https://bugzilla.samba.org/show_bug.cgi?id=7113
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11892

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2019-01-12 03:13:31 +01:00
Ralph Boehme
0bd10a48e4 Revert "s4:messaging: make sure only imessaging_client_init() can be used with a wrapper tevent_context wrapper"
This reverts commit e186d6a06b.

See the discussion in

https://lists.samba.org/archive/samba-technical/2018-December/131731.html

for the reasoning behind this revert.

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2019-01-11 23:11:16 +01:00
Aaron Haslett
ef37988003 dns: changing onelevel search for wildcard to subtree
SCOPE_ONELEVEL is used on wildcard dns searches, but onelevel searches
currently have a performance problem related to GUID indexing, so this
patch changes the search scope to SCOPE_SUBTREE.
In this case, as the onelevel and subtree sets of records are roughly
the same, and the query is matching against the DN itself, we don't
believe there's any benefit in using SCOPE_ONELEVEL over SCOPE_SUBTREE.

The onelevel performance problem will be fixed separately later, but in
the meantime this solves the DNS performance problem.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13738

Signed-off-by: Aaron Haslett <aaronhaslett@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
2019-01-11 02:55:01 +01:00
Swen Schillig
e29cb5095b Fix typos and ban the rams from samba
Signed-off-by: Swen Schillig <swen@linux.ibm.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Volker Lendecke <Volker.Lendecke@SerNet.DE>
2019-01-10 02:41:29 +01:00
Volker Lendecke
78214d3ccb dsdb: Print strerror in addition to errno
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2019-01-10 02:41:29 +01:00
Volker Lendecke
f1ff407524 dns: Do NULL checks in dns_sign_tsig
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2019-01-10 02:41:29 +01:00
Volker Lendecke
b06f0912fc libnet4: Use dom_sid_str_buf
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2019-01-08 03:40:28 +01:00
Volker Lendecke
f1e71a2c1e winbind4: Use dom_sid_str_buf
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2019-01-08 03:40:28 +01:00
Volker Lendecke
6f4b2cc965 pysecurity: Use dom_sid_str_buf
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2019-01-08 03:40:28 +01:00
Volker Lendecke
186fff5fc3 auth4: Use dom_sid_str_buf
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2019-01-08 03:40:28 +01:00
Volker Lendecke
62bc70d18c ntpd: Use dom_sid_str_buf
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2019-01-08 03:40:28 +01:00
Volker Lendecke
0d208f42cc pydsdb: Use dom_sid_str_buf
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2019-01-08 03:40:27 +01:00
Volker Lendecke
6b8c77152e libcli: Simplify smblsa_lookup_name
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2019-01-08 03:40:27 +01:00
Aliaksei Karaliou
facd6f2daf s4:torture:base:bench-readwrite: fix uninitialized memory causing segfault
Allocation of 'struct smb_composite_connect' happens without zeroing
so that smb_composite_connect_send() thinks that connection
already exists and fails on its handling.

Signed-off-by: Aliaksei Karaliou <akaraliou@panasas.com>
Reviewed-by: Douglas Bagnall <dbagnall@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2019-01-08 03:40:26 +01:00
Tim Beale
bd66d46a39 tests: Rename libsmb_samba_internal test to libsmb
So that it better matches the updated Python bindings name.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13676

Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2019-01-07 22:48:27 +01:00
Tim Beale
01079b50a9 tests: Run SMB Py bindings tests against testenv with SMBv1-disabled
Sanity-check that the SMBv2 connection actually works by running it
against a testenv with SMBv1 disabled.

I've dropped 'local' from the ad_dc target, because it shouldn't be
needed. We're trying to test the client-side SMB connection, so running
it without 'local' is probably a better test.

Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

Autobuild-User(master): Tim Beale <timbeale@samba.org>
Autobuild-Date(master): Mon Jan  7 04:29:51 CET 2019 on sn-devel-144
2019-01-07 04:29:51 +01:00
Stefan Metzmacher
3d016d6f32 Happy New Year 2019!
Signed-off-by: Stefan Metzmacher <metze@samba.org>

Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Tue Jan  1 16:02:05 CET 2019 on sn-devel-144
2019-01-01 16:02:05 +01:00
Stefan Metzmacher
e27b62762d s4:librpc: add python winspool bindings
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2018-12-23 18:15:19 +01:00
Stefan Metzmacher
8b153f8440 s4:librpc: add python spoolss bindings
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2018-12-23 18:15:19 +01:00
Stefan Metzmacher
4114d2d044 s4:librpc: add python witness bindings
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2018-12-23 18:15:19 +01:00
Andrew Bartlett
42dde0bdd3 group_audit: Ensure we still log membership changes (with an error) where status != LDB_SUCCESS
This restores the previous behaviour.  It causes (only) the event ID
to be omitted if status != LDB_SUCCESS or there was a problem getting
the group type.

Errors at this stage are exceedingly rare, because the values have
already been checked by the repl_meta_data module, but this is
cosistent with the rest of the module again.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>

Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Sat Dec 22 01:58:48 CET 2018 on sn-devel-144
2018-12-22 01:58:48 +01:00
Gary Lockyer
87a8325a0d s4 group_audit: Add Windows Event Id's to Group membership changes
Generate a GroupChange event when a user is created with a PrimaryGroup
membership.  Log the windows event id in the JSON GroupChange message.

Event Id's supported are:
	4728	A member was added to a security enabled global group
	4729	A member was removed from a security enabled global
		group
	4732	A member was added to a security enabled local group
	4733	A member was removed from a security enabled local group
	4746	A member was added to a security disabled local group
	4747	A member was removed from a security disabled local group
	4751	A member was added to a security disabled global group
	4752	A member was removed from a security disabled global
		group
	4756	A member was added to a security enabled universal
		group
	4757	A member was removed from a security enabled universal
		group
	4761	A member was added to a security disabled universal
		group
	4762	A member was removed from a security disabled universal
		group

Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2018-12-21 22:16:09 +01:00
Aaron Haslett
22f1c4005c paged results: testing suite for new paged results module
Testing the new GUID list based paged results module

Signed-off-by: Aaron Haslett <aaronhaslett@catalyst.net.nz>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

Autobuild-User(master): Gary Lockyer <gary@samba.org>
Autobuild-Date(master): Fri Dec 21 11:10:30 CET 2018 on sn-devel-144
2018-12-21 11:10:30 +01:00
Aaron Haslett
975807001e paged results: new paged results module using GUID list
Replacing paged results module to use GUID list instead of storing
result list in memory, in order to improve memory performance.

Signed-off-by: Aaron Haslett <aaronhaslett@catalyst.net.nz>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2018-12-21 07:21:19 +01:00
Aaron Haslett
96c03c7532 vlv: tests for delete, add, and modify cases
More vlv testing for cases involving modifying, deleting, and adding records
while observing the effect on already initialised views.

Signed-off-by: Aaron Haslett <aaronhaslett@catalyst.net.nz>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2018-12-21 07:21:19 +01:00
Aaron Haslett
ebc42cb140 dns: treating fully qualified and unqualified zone as identical.
"zone.com." and "zone.com" should be treated as the same zone.  This patch
picks the unqualified representation as standard and enforces it, in order to
match BIND9 behaviour.
Note: This fixes the failing test added previously, but that test still fails
on the rodc test target so we modify the expected failure but don't remove it.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13442
Signed-off-by: Aaron Haslett <aaronhaslett@catalyst.net.nz>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2018-12-20 23:40:26 +01:00
Swen Schillig
357fe04bd4 s4: Add kerberos tracing
Replace kerberos context initialization from
raw krb5_init_context() to smb_krb5_init_context_basic()
which is adding common tracing as well.

Signed-off-by: Swen Schillig <swen@linux.ibm.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Christof Schmitt <cs@samba.org>

Autobuild-User(master): Christof Schmitt <cs@samba.org>
Autobuild-Date(master): Thu Dec 20 01:31:17 CET 2018 on sn-devel-144
2018-12-20 01:31:17 +01:00
Swen Schillig
a800baece7 Add MIT kerberos tracing capability
HEIMDAL kerberos offers already tracing via a logging facility
through smb_krb5_init_context().
MIT kerberos offers to register a callback via krb5_set_trace_callback
with which tracing information can be routed to a common logging facility.
This is now integrated into smb_krb5_init_context_basic() offering
the same functionality for both kerberos fragrances.

Signed-off-by: Swen Schillig <swen@linux.ibm.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Christof Schmitt <cs@samba.org>
2018-12-19 21:49:29 +01:00
Samuel Cabrero
fe7ab7d513 tests/ntlm_auth: Port ntlm_auth_diagnostics tests to python
Port ntlm_auth_diagnostics bash script tests to python

Signed-off-by: Samuel Cabrero <scabrero@suse.de>
Reviewed-by: Noel Power <npower@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

Autobuild-User(master): Noel Power <npower@samba.org>
Autobuild-Date(master): Wed Dec 19 16:21:32 CET 2018 on sn-devel-144
2018-12-19 16:21:32 +01:00
Samuel Cabrero
129ab34baf tests/ntlm_auth: Port ntlm_auth_krb5 tests to python
Port ntlm_auth_krb5 bash script tests to python

Signed-off-by: Samuel Cabrero <scabrero@suse.de>
Reviewed-by: Noel Power <npower@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2018-12-19 12:42:14 +01:00
Samuel Cabrero
91c4f26036 tests/ntlm_auth: Port ntlm_auth tests to python: ntlm_auth ntlm-server-1 with incorrect fixed password against winbind
Port ntlm_auth bash script tests to python and remove bash test script

Signed-off-by: Samuel Cabrero <scabrero@suse.de>
Reviewed-by: Noel Power <npower@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2018-12-19 12:42:14 +01:00
Samuel Cabrero
247592f716 tests/ntlm_auth: Port ntlm_auth tests to python: ntlm_auth and ntlm_auth with specified domain
Port ntlm_auth bash script tests to python

Signed-off-by: Samuel Cabrero <scabrero@suse.de>
Reviewed-by: Noel Power <npower@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2018-12-19 12:42:09 +01:00
Gary Lockyer
b3e4e09426 s4 messaging: Add support for smbcontrol sleep
Add a sleep command that pauses the target process for the specified
number of seconds

This command is only enabled on developer and self test builds.

Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2018-12-19 04:52:59 +01:00
Gary Lockyer
8167486b99 s4 messaging: support smbcontrol inject fault command
Add support of the smbcontrol inject fault command to the samba daemon.
This is useful for manual testing of process restart etc.

command is only enabled for developer and self test builds

Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2018-12-19 04:52:59 +01:00
Gary Lockyer
8741af7af6 s4 messaging tests: Add inject fault command
Test for processing of the smbcontrol inject fault message in the samba
daemon.

Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2018-12-19 04:52:59 +01:00
Swen Schillig
c817deca0c s4: Remove double init of kerberos error table
The initialization of the kerberos error table
is already performed in smb_krb5_init_context_basic(),
therefore, it can be removed from of its callees.

Signed-off-by: Swen Schillig <swen@linux.ibm.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Wed Dec 19 04:51:27 CET 2018 on sn-devel-144
2018-12-19 04:51:26 +01:00
Andrew Bartlett
1cff50febe dsdb: sort DSDB_EXTENDED defines by OID
This helps avoid duplicate values and clearly indicates what value to select next.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>

Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Mon Dec 17 04:30:39 CET 2018 on sn-devel-144
2018-12-17 04:30:39 +01:00
Aaron Haslett
1fd4cdfafa drepl: schema repl race condition fix
Adds final schema consistency check before committing changes.
Aborts if corruption found.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12889
Signed-off-by: Aaron Haslett <aaronhaslett@catalyst.net.nz>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2018-12-17 01:24:15 +01:00
Will
f460bb52ed Conditionally disable macOS incompatible tests
Symbols _getgrent_r and _getpwent_r in
source4/torture/local/nss_tests.c are undefined in macOS. It seems
that checking HAVE_GETGRENT_R and HAVE_GETPWENT_R and conditionally
disabling those tests as suggested by hirochachacha in the referenced
bug allows samba on both `master` and `samba-4.7.1` to build properly
on macOS/darwin.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11984

Signed-off-by: Will Haley <willhy@gmail.com>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2018-12-17 01:24:15 +01:00
Guo Qiao
0a449c2b74 s4:scripting:bin: rm rpcclient
This file only works in py2, and no one use it. Just delete it.

Signed-off-by: Joe Guo <joeg@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
2018-12-17 01:24:14 +01:00
Andrew Bartlett
ce33dd1196 dsdb: Remove readOnlySchema concept from Samba
This is a hold-over from the LDAP backend project, which has not yet been revived.

There will be bigger issues than what to do if the schema changes if this ever comes back
and our schema code is way to complex at the moment.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
2018-12-17 01:24:14 +01:00
Gary Lockyer
e97acc714d dsdb audit_log: Add windows event codes to password changes
Add a new "eventId" element to the PasswordChange JSON log messages.
This contains a Windows Event Code Id either:
	4723	Password changed
	4724	Password reset

Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2018-12-14 18:57:52 +01:00
Gary Lockyer
cb23a0345f idl: Add Windows event code ids
Add idl definitions for Windows Event Code Ids, and Logon Types. This
intial commit adds:

Event Ids
	4264	Successful logon
	4625	Unsuccessful logon

Logon Types
	 2	Interactive
	 3	Network
	 4	Batch
	 5	Service
	 7	Unlock
	 8	NetworkCleartext
	 9	NewCredentials
	10	RemoteInteractive
	11	CachedInteractive

The intention is to add Windows Event Codes to the JSON log messages, to
provide a common event identifier in mixed Windows and Samba networks.
And to assist security personnel with a windows background.

Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2018-12-14 18:57:52 +01:00
Joe Guo
8e3c194453 PY3: change shebang to python3 in source4/dsdb dir
Signed-off-by: Joe Guo <joeg@catalyst.net.nz>
Reviewed-by: Noel Power <npower@samba.org>
2018-12-14 14:40:20 +01:00
Joe Guo
338413ad5a PY3: change shebang to python3 in source4/scripting dir
Signed-off-by: Joe Guo <joeg@catalyst.net.nz>
Reviewed-by: Noel Power <npower@samba.org>
2018-12-14 14:40:20 +01:00
Joe Guo
359d832e89 PY3: change shebang to python3 in source4/torture dir
Signed-off-by: Joe Guo <joeg@catalyst.net.nz>
Reviewed-by: Noel Power <npower@samba.org>
2018-12-14 14:40:20 +01:00
Joe Guo
a19d5bd771 PY3: change shebang to python3 in source4/scripting/bin dir
Samba default python is 3 now.

Signed-off-by: Joe Guo <joeg@catalyst.net.nz>
Reviewed-by: Noel Power <npower@samba.org>
2018-12-14 14:40:20 +01:00
Andrew Bartlett
edab1318f9 audit_logging: Remove debug log header and JSON Authentication: prefix
Feedback from real-world users is that they really want raw JSON
strings in the log.

We can not easily remove the leading "  " but the other strings above
and before the JSON are really annoying to strip back off

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13714

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
2018-12-14 10:27:18 +01:00
Noel Power
9116cc8cc8 s4/scripting: python3 fix string.find instance
string.find doesn't exist in python3. Instead use the 'find' method
    of the string instance itself

Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2018-12-14 00:51:33 +01:00
Noel Power
2b3c9b8e6a s4/dsdb/tests/python: Restore embed NULL tests for Python3
commit: 34ca15fb04 changed the
test so embedded NULLs were avoided when python3 was used.
This was due to the fact the string comparison function
'locale.strcoll' cannot handle embedded NULLs. This commit

a) Restores the test data using embedded NULLs which was
   not used depending on the python runtime version
b) Removes the problematic calculation of expected sorting order
   and instead uses sort order data stored in files.

Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2018-12-14 00:51:32 +01:00
Noel Power
d20f06986e selftest: Convert samba4.ldap.sort.python to planoldpythontest
Currently the test only runs fully under python2. As an interim
measure while we figure out how to get this to work property under
python3 I have converted the test to planoldpythontest so it also
can run under python2

Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2018-12-14 00:51:32 +01:00
Andreas Schneider
55b2f247f9 s4:torture: Do not check if the alloc_size is 0 on empty files
The allocation size might not be zero. This depends on the file system
behavior and also on the size of the extended attributes stored on the
file. E.g. If a large user.DOSATTRIB xattr is stored on XFS/ext4 then 8
blocks are used and we will round up to several megabytes.

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: David Disseldorp <ddiss@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2018-12-12 09:13:23 +01:00
Tim Beale
31d4f692ad s4:libcli: Fix error in smbcli_deltree()
Commit 094afe614b fixed an uninitialized variable, which meant we
tried to delete the file twice. The 2nd time fails, so the function
returns an error, instead of success (even though the file is now gone).

Note we want to be using the source3 SMB library code going forward.
However, fixing this bug makes it easier to write tests against the
(currently s4) SMB python bindings.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13676

Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2018-12-12 04:38:13 +01:00
Noel Power
923010d99b various: Remove references to about to be deleted thirdparty/dnspython
Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2018-12-11 20:07:18 +01:00
Andreas Schneider
884eeca39e s4:web_server: Fix build error
source4/web_server/wsgi.c:149:8: error: assignment discards 'const'
qualifier from pointer target type [-Werror=discarded-qualifiers]
    str = PyStr_AsUTF8AndSize(item, &size);
            ^

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: David Disseldorp <ddiss@samba.org>

Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Tue Dec 11 13:58:30 CET 2018 on sn-devel-144
2018-12-11 13:58:30 +01:00
Noel Power
e3c37bbad4 selftest: don't hardcode '.python3' for extra-python tests
Instead of hardcoding '.python3' we now hardcode the extra python
exe (which will be python2 for a default python3 build)

Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2018-12-10 10:38:25 +01:00
Noel Power
b209def154 s4/selftest: Reenable samba.tests.gpo to run with --extra-python
Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2018-12-10 10:38:24 +01:00
Noel Power
34ca15fb04 s4/dsdb/tests/python: PY3 allow test samba4.ldap.sort pass
Adjust test data to remove use of embedded NULLs.

We are getting the following exception when running the test
under python3

Exception: Exception: Traceback (most recent call last):
  File "source4/dsdb/tests/python/sort.py", line 181, in setUp
    key=cmp_to_key_fn(locale.strcoll))
ValueError: embedded null character

Looking at the source code for locale.strcoll the lhs & rhs
params are processed using 'PyUnicode_AsWideCharString(s, NULL)'

Documentation for PyUnicode_AsWideCharString states:

"Convert the Unicode object to a wide character string.
 The output string always ends with a null character. If size is
 not NULL, write the number of wide characters (excluding the
 trailing null termination character) into *size. Note that the
 resulting wchar_t string might contain null characters, which
 would cause the string to be truncated when used with most C
 functions. If size is NULL and the wchar_t* string contains null
 characters a ValueError is raised."

Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2018-12-10 10:38:24 +01:00