1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-24 21:34:56 +03:00
Commit Graph

30661 Commits

Author SHA1 Message Date
Stefan Metzmacher
f17b5b2fe4 s4:librpc/tests: assert the the abstract syntax has the expected value (null)
This makes sure that it's not mixed with the object guid anymore.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2014-03-25 00:45:29 +01:00
Stefan Metzmacher
a2ec73050c s4:librpc/tests: reset the object on the binding created from the tower
The tower doesn't contain information about the object only about
the abstract syntax.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2014-03-25 00:45:29 +01:00
Stefan Metzmacher
46eb9fa23c s4:torture/raw: fix debug message in torture_raw_qfileinfo_pipe()
We no longer use dcerpc_pipe_open_smb() there.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2014-03-25 00:45:29 +01:00
Stefan Metzmacher
df088041c8 s4:torture/rpc: make use of dcerpc_binding_handle_auth_info() in backupkey.c
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2014-03-25 00:45:29 +01:00
Stefan Metzmacher
1d819eda5c s4:torture/rpc: make use of dcerpc_binding_handle_auth_info() in lsa.c
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2014-03-25 00:45:29 +01:00
Stefan Metzmacher
08ec25555d s4:torture/rpc: fix altercontext test against windows
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2014-03-25 00:45:28 +01:00
Stefan Metzmacher
495a76b9f6 s4:torture/rpc: remove bogus rpc.multibind test
We can later add a more useful test that tests
security context multiplexing correctly.

And another one that demonstrates that only DCERPC_BIND
must be the first (and only the first) PDU on a connection.
Otherwise DCERPC_ALTER_CONTEXT is used.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2014-03-25 00:45:28 +01:00
Stefan Metzmacher
66624e475d s4:selftest: don't run rpc.multibind anymore
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2014-03-25 00:45:28 +01:00
Stefan Metzmacher
0e902b83b4 s4:dsdb/repl: make use of dcerpc_binding_handle_is_connected()
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2014-03-25 00:45:28 +01:00
Stefan Metzmacher
70fc746235 s4:librpc/test: test ipv6 addresses in dcerpc_binding strings
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2014-03-25 00:45:28 +01:00
Stefan Metzmacher
0ecf01a137 s4:librpc/tests: add more no transport tests
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2014-03-25 00:45:28 +01:00
Stefan Metzmacher
dbf37008e0 s4:librpc/rpc: correctly map the fault code of alter context to NTSTATUS
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2014-03-25 00:45:28 +01:00
Stefan Metzmacher
c2f731e324 s4:librpc/rpc: remove unused dcecli_connection->binding_string
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2014-03-25 00:45:28 +01:00
Stefan Metzmacher
983ec866af s4:torture/rpc: avoid using dcecli_connection->binding_string
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2014-03-25 00:45:28 +01:00
Stefan Metzmacher
ea53ba15ee s4:torture/rpc: fix error path in torture_leave_domain()
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2014-03-25 00:45:28 +01:00
Günther Deschner
1351febcc8 s4-torture: add some tests for pre-allocated buffers in enumprinterdrivers call.
Guenther

Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2014-03-20 16:28:26 +01:00
Günther Deschner
b905523c32 s4-torture: add test_EnumPrinterDrivers_buffers function.
This will allow to test the enumdriver call with pre-allocated buffer.

Guenther

Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2014-03-20 16:28:26 +01:00
Andrew Bartlett
9c9df40220 dsdb: Further assert that we always have an objectClass and an rDN
We must have these two elements in a replPropertyMetaData for it to be
valid.

We may have to relax this for new partition creation, but for now we
want to find and isolate the database corruption.

The printing of the LDIF is moved above the checks to make it easier
to diagnoise the failures when further reproduced.

Based initially on a patch originally by Arvid Requate <requate@univention.de>

Andrew Bartlett

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Change-Id: I5f583d89e6d4c5e8e2d9667f336a0e8fd8347b25
Reviewed-on: https://gerrit.samba.org/164
Reviewed-by: Kamen Mazdrashki <kamenim@samba.org>

Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Mon Mar 17 06:44:17 CET 2014 on sn-devel-104
2014-03-17 06:44:17 +01:00
Andrew Bartlett
7db0defdd2 ldapsrv: Pass struct ldb_result * rather than void *
Change-Id: Ic521cbfcf922cfe9e14c89116c097b777a86af40
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-on: https://gerrit.samba.org/35
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2014-03-14 12:53:11 +01:00
Andrew Bartlett
61b978872f dsdb: Ensure to sort replPropertyMetaData as UNSIGNED, not SIGNED quantities
enum is an int, and therefore signed.  Some attributes have the high bit set.

Andrew Bartlett

Change-Id: I39a5499b7c6bbb763e15977d802cda8c69b94618
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-on: https://gerrit.samba.org/163
Reviewed-by: Kamen Mazdrashki <kamenim@samba.org>

Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Fri Mar 14 10:16:41 CET 2014 on sn-devel-104
2014-03-14 10:16:41 +01:00
Andrew Bartlett
83fbdc81cd kdc: Use correct KDC include path when building against the system heimdal
This ensures we notice any API changes at compile time.

Andrew Bartlett

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Jelmer Vernooij <jelmer@samba.org>
2014-03-14 08:17:29 +01:00
Andrew Bartlett
48ffca0aca CVE-2013-4496:Revert remainder of ce895609b0
Part of this was removed when ChangePasswordUser was unimplemented,
but remove the remainder of this flawed commit.  Fully check the
password first, as extract_pw_from_buffer() already does a partial
check of the password because it needs a correct old password to
correctly decrypt the length.

Andrew Bartlett

Bug: https://bugzilla.samba.org/show_bug.cgi?id=10245

Change-Id: Ibccc4ada400b5f89a942d79c1a269b493e0adda6
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-on: https://gerrit.samba.org/38

Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Thu Mar 13 15:06:35 CET 2014 on sn-devel-104
2014-03-13 15:06:35 +01:00
Andrew Bartlett
9f53b61f06 CVE-2013-4496:samr: Remove ChangePasswordUser
This old password change mechanism does not provide the plaintext to
validate against password complexity, and it is not used by modern
clients.  It also has quite difficult semantics to handle regarding
password lockout.

The missing features in both implementations (by design) were:

 - the password complexity checks (no plaintext)
 - the minimum password length (no plaintext)

Additionally, the source3 version did not check:

 - the minimum password age
 - pdb_get_pass_can_change() which checks the security
   descriptor for the 'user cannot change password' setting.
 - the password history
 - the output of the 'passwd program' if 'unix passwd sync = yes'.

Finally, the mechanism was almost useless, as it was incorrectly
only made available to administrative users with permission
to reset the password.  It is removed here so that it is not
mistakenly reinstated in the future.

Andrew Bartlett

Bug: https://bugzilla.samba.org/show_bug.cgi?id=10245

Change-Id: If2edd3183c177e5ff37c9511b0d0ad0dd9038c66
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-on: https://gerrit.samba.org/37
2014-03-13 10:26:03 +01:00
Jeremy Allison
9c677fff0b s4: smbtorture: Add a proper change_notify going async followed by tdis test.
[Bug 10344] SessionLogoff on a signed connection with an outstanding notify request crashes smbd.

https://bugzilla.samba.org/show_bug.cgi?id=10344

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Wed Mar 12 20:12:58 CET 2014 on sn-devel-104
2014-03-12 20:12:56 +01:00
Jeremy Allison
3a727d5d39 s4: smbtorture: Update the torture_smb2_notify_ulogoff test to demonstrate the problem.
[Bug 10344] SessionLogoff on a signed connection with an outstanding notify request crashes smbd.

https://bugzilla.samba.org/show_bug.cgi?id=10344

Pair-Programmed-With: Stefan Metzmacher <metze@samba.org>

Signed-off-by: Jeremy Allison <jra@samba.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
2014-03-12 09:27:38 -07:00
Stefan Metzmacher
0e4f23991f s4:torture/smb2: accept NT_STATUS_RANGE_NOT_LOCKED after smb2_logoff/tdis
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2014-03-12 09:27:37 -07:00
Garming Sam
cff0f8e75f samba-tool: make provision check for bind version
(small corrections and TODO added following Jelmer's review by abartlet)
Signed-off-by: Garming Sam <garming@catalyst.net.nz>

Change-Id: Iba9a709641dad9f2ae05df0b26ac4cd2ebfc84f0
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Jelmer Vernooij <jelmer@samba.org>

Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Sun Mar  9 02:52:50 CET 2014 on sn-devel-104
2014-03-09 02:52:49 +01:00
Stefan Metzmacher
f7883ae02a s4:lib/socket: simplify iface_list_wildcard() and its callers
Bug: https://bugzilla.samba.org/show_bug.cgi?id=10464
Signed-off-by: Stefan Metzmacher <metze@samba.org>

Change-Id: Ib317d71dea01fc8ef6b6a26455f15a8a175d59f6
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Fri Mar  7 02:18:17 CET 2014 on sn-devel-104
2014-03-07 02:18:17 +01:00
Stefan Metzmacher
a571fe520d s4:lib/socket: use the same logic in iface_list_wildcard() as in smbd
If we have ipv6 support we should listen on "::" too.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=10464
Signed-off-by: Stefan Metzmacher <metze@samba.org>

Change-Id: I8ce185d5070280149bee9fd33010443be9031089
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2014-03-07 11:34:05 +13:00
Garming Sam
0b8213ae1c Remove all uses of the NT_STATUS_NOT_OK_RETURN_AND_FREE macro from the codebase.
Following the current coding guidelines, it is considered bad practice to return from
within a macro and change control flow as they look like normal function calls.

Change-Id: I421e169275fe323e2b019c6cc5d386289aec07f7
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2014-03-05 16:33:22 +01:00
Garming Sam
856c74e013 Remove NT_STATUS_IS_ERR_RETURN macro from the codebase.
Following the current coding guidelines, it is considered bad practice to return from
within a macro and change control flow as they look like normal function calls.

Change-Id: I39b07b3a799331a5faa968629aa95b836cb78600
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2014-03-05 16:33:22 +01:00
Garming Sam
4c9e0d5add Remove NT_STATUS_IS_OK_RETURN macro from the codebase.
Following the current coding guidelines, it is considered bad practice to return from
within a macro and change control flow as they look like normal function calls.

Change-Id: I27e7597f4078f0a6c96b5dadd12454fffe33e6b2
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2014-03-05 16:33:21 +01:00
Garming Sam
d2beff59ec Remove the remaining uses of the macro NT_STATUS_HAVE_NO_MEMORY_AND_FREE in the codebase.
Following the current coding guidelines, it is considered bad practice to return from
within a macro and change control flow as they look like normal function calls.

Change-Id: Id1b540cde127395a7b27385a7c0fe79f3a145c73
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2014-03-05 16:33:21 +01:00
Garming Sam
952bc3cad0 Remove a number of NT_STATUS_HAVE_NO_MEMORY_AND_FREE macros from the codebase.
Following the current coding guidelines, it is considered bad practice to return from
within a macro and change control flow as they look like normal function calls.

Change-Id: I133eb5a699757ae57b87d3bd3ebbcf5b556b0268
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2014-03-05 16:33:21 +01:00
Volker Lendecke
1f60aa8ec2 winbind4: Remove unused winbind_get_idmap irpc operation
Change-Id: Ia5e62d30b277f8a7074d451cfb8675eee8e9d21f
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2014-03-05 16:33:21 +01:00
Volker Lendecke
13affa6109 auth4: Remove unused wbc_context
Signed-off-by: Volker Lendecke <vl@samba.org>

Change-Id: I07d9f7d8028429564d91da39f8d1e73cc13a646c
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2014-03-05 16:33:21 +01:00
Volker Lendecke
5f7b8e42cf ntvfs_unixuid: No wbc_context required
Signed-off-by: Volker Lendecke <vl@samba.org>

Change-Id: I46f5d719005f3ac940482773404702368bbcfa4f
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2014-03-05 16:33:21 +01:00
Volker Lendecke
65c6daf1a5 ntvfs_posix: No wbc_context required
Signed-off-by: Volker Lendecke <vl@samba.org>

Change-Id: Ibce7b25740cc14b0a60ad856f6b18c33115ea6fa
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2014-03-05 16:33:21 +01:00
Volker Lendecke
212216362b dcesrv_unixinfo: No wbc_context required
Signed-off-by: Volker Lendecke <vl@samba.org>

Change-Id: I58f01cf754e6f9a7715c0319a43ec87d8e5df194
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2014-03-05 16:33:21 +01:00
Volker Lendecke
0aa080b0f7 unixuid: Use the tevent_context from the ntvfs_context
Signed-off-by: Volker Lendecke <vl@samba.org>

Change-Id: I4edb0ee4cefdc2f1b309202c9ec70c7c7bbac0b8
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2014-03-05 16:33:21 +01:00
Volker Lendecke
d0dc6dbb2b pvfs: Use the tevent_context from the ntvfs_context
Signed-off-by: Volker Lendecke <vl@samba.org>

Change-Id: Idb3ad8047d5161dd06800df611ea2a9cac84ecaa
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2014-03-05 16:33:21 +01:00
Volker Lendecke
aa048f6e16 auth4: Do not generate just a temporary wbc_context
Signed-off-by: Volker Lendecke <vl@samba.org>

Change-Id: I16e116d7f1fdaf165e1239c10723c51f3828126d
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2014-03-05 16:33:21 +01:00
Volker Lendecke
b2c1394e04 auth4: auth_session_info_fill_unix only needs a tevent_context
Signed-off-by: Volker Lendecke <vl@samba.org>

Change-Id: Id453d68f57bd1dd15aa5778b317d258a6132d3d6
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2014-03-05 16:33:21 +01:00
Volker Lendecke
6edf7a3746 auth4: security_token_to_unix_token only needs a tevent_context
Signed-off-by: Volker Lendecke <vl@samba.org>

Change-Id: I27e5b38fcd3ac899c55c0632ea5d92fad686d9b1
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2014-03-05 16:33:21 +01:00
Volker Lendecke
dcf29a88ba libwbclient4: Remove unused composite-based functions
Signed-off-by: Volker Lendecke <vl@samba.org>

Change-Id: Iff6169e35f7a82e31c42df7b2d30d122b5f67451
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2014-03-05 16:33:21 +01:00
Volker Lendecke
eb8f4b846f source4: Use wbc_xids_to_sids
Signed-off-by: Volker Lendecke <vl@samba.org>

Change-Id: Ib1b1a7fcd881510e3fb4e5da29391e3d9392fa17
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2014-03-05 16:33:21 +01:00
Volker Lendecke
53b7665fc2 libwbclient4: Add wbc_xids_to_sids
Signed-off-by: Volker Lendecke <vl@samba.org>

Change-Id: Ibb67f6aabd9a3fbd023ff9ec1a34d82ae599177c
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2014-03-05 16:33:21 +01:00
Volker Lendecke
7289d1c30b source4: Use wbc_sids_to_xids
Signed-off-by: Volker Lendecke <vl@samba.org>

Change-Id: I86ea6587c436247ce66207c517f9c8d567ecac1d
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2014-03-05 16:33:21 +01:00
Volker Lendecke
22dabda4c6 libwbclient4: Add wbc_sids_to_xids
Signed-off-by: Volker Lendecke <vl@samba.org>

Change-Id: I79f4b87a14e7074970bd024626e5838a4461cc2e
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2014-03-05 16:33:21 +01:00
Kai Blin
d9829df133 bug #10471: Don't respond with NXDOMAIN to records that exist with another type
DNS queries for records with the wrong type need to trigger an empty
response with RCODE_OK instead of returning NXDOMAIN.

This adds a test and fixes bug #10471

Signed-off-by: Kai Blin <kai@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2014-03-04 13:46:34 +01:00