sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2025-01-12 09:18:10 +03:00
Code
130,390 Commits 60 Branches 1,145 Tags 452 MiB
f2591ff727
Commit Graph

130390 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Andreas Schneider
5797d59bfc s4:torture: Implement test for SAMR SetUserInfo(2) level 31 
We can't apply this patch earlier as there are no individual tests we could
mark as knownfail. Reorganizing the whole test is a too big task for now.
However this test is working and also found some bugs.

make test TESTS="samba4.rpc.samr.passwords"

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
 2022-07-28 11:51:29 +00:00
Andreas Schneider
3f72918a16 s3:rpc_server: Implement support for SAMR SetUserInfo level 31 
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
 2022-07-28 11:51:29 +00:00
Andreas Schneider
c26f696169 s3:rpc_server: Remove obosolete copy_id26_to_sam_passwd() 
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
 2022-07-28 11:51:29 +00:00
Andreas Schneider
c975394edf s3:rpc_server: Use copy_pwd_expired_to_sam_passwd() in set_user_info_26() 
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
 2022-07-28 11:51:29 +00:00
Andreas Schneider
cb2d9429a8 s3:rpc_server: Add copy_pwd_expired_to_sam_passwd() for SAMR 
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
 2022-07-28 11:51:29 +00:00
Andreas Schneider
b54188cbe3 s3:rpc_server: Set missing debug class for srv_samr_chgpasswd 
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
 2022-07-28 11:51:29 +00:00
Andreas Schneider
63c4b16d2f libcli:auth: Add test for decode_pwd_string_from_buffer514() 
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
 2022-07-28 11:51:29 +00:00
Andreas Schneider
2f4a80322b libcli:auth: Add decode_pwd_string_from_buffer514() 
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
 2022-07-28 11:51:29 +00:00
Andreas Schneider
cef5bb0223 s4:rpc_server: Implement support for SAMR SetUserInfo(2) level 31 
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
 2022-07-28 11:51:29 +00:00
Andreas Schneider
835de358ec s4:rpc_server: Add samr_set_password_aes() 
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
 2022-07-28 11:51:29 +00:00
Andreas Schneider
1aa403517f s4:rpc_server: Add transaction for dcesrv_samr_SetUserInfo() 
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
 2022-07-28 11:51:29 +00:00
Andreas Schneider
1b3d7f8116 s4:rpc_server: Use sam_ctx consistently in dcesrv_samr_SetUserInfo() 
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
 2022-07-28 11:51:29 +00:00
Andreas Schneider
a246ae993f s3:rpc_server: Use a done goto label for dcesrv_samr_SetUserInfo() 
This will be used in the following commits.

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
 2022-07-28 11:51:29 +00:00
Andreas Schneider
2226806ce0 libcli:auth: Add test for extract_pwd_blob_from_buffer514() 
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
 2022-07-28 11:51:29 +00:00
Andreas Schneider
12f4bb9cc1 libcli:auth: Add extract_pwd_blob_from_buffer514() 
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
 2022-07-28 11:51:29 +00:00
Andreas Schneider
b39abe916d libcli:auth: Implment a common create_pw_buffer_from_blob() 
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
 2022-07-28 11:51:29 +00:00
Andreas Schneider
626b0f4891 libcli:auth: Use extract_pw_from_buffer() in decode_pw_buffer() 
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
 2022-07-28 11:51:29 +00:00
Andreas Schneider
e87facfd89 libcli:auth: Keep data of extract_pw_from_buffer() secret 
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
 2022-07-28 11:51:29 +00:00
Andreas Schneider
9112107167 s3:rpcclient: Implement setuserinfo2 level 31 
Manually tested against Windows Server 2022.

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
 2022-07-28 11:51:29 +00:00
Andreas Schneider
6f60c98c08 s3:rpcclient: Encrypt the password buffers only if really needed 
If we are in FIPS mode certain ciphers like RC4 are not available, so
we should make sure we do not call them. We will add AES support in the
next patch.

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
 2022-07-28 11:51:29 +00:00
Andreas Schneider
2454b86c88 s3:rpc_client: Implement init_samr_CryptPasswordAES() 
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
 2022-07-28 11:51:29 +00:00
Andreas Schneider
2ecdbe17e8 samr.idl: Add samr_ChangePasswordUser4() 
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
 2022-07-28 11:51:29 +00:00
Andreas Schneider
308f89ce6a samr:idl: add samr_SupportedFeatures for samr_Connect5() 
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
 2022-07-28 11:51:28 +00:00
Andreas Schneider
e845afe11a samr.idl: Add support for new AES encrypted password buffer 
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
 2022-07-28 11:51:28 +00:00
Andreas Schneider
e181dd7b76 libcli:auth: Add test for encode_pwd_buffer514_from_str() 
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
 2022-07-28 11:51:28 +00:00
Andreas Schneider
1b142b72bd libcli:auth: Add encode_pw_buffer_from_str() 
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
 2022-07-28 11:51:28 +00:00
Andreas Schneider
5da60573b5 libcli:auth: Implement a generic encode_pwd_buffer_from_str() 
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
 2022-07-28 11:51:28 +00:00
Andreas Schneider
ed22f0c43c libcli:auth: Remove trailing spaces from proto.h 
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
 2022-07-28 11:51:28 +00:00
Andreas Schneider
0813ea5bf8 lib:crypto: Add test for samba_gnutls_aead_aes_256_cbc_hmac_sha512_decrypt() 
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
 2022-07-28 11:51:28 +00:00
Andreas Schneider
0d059e4425 lib:crypto: Add samba_gnutls_aead_aes_256_cbc_hmac_sha512_decrypt() 
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
 2022-07-28 11:51:28 +00:00
Andreas Schneider
10249fbb1c lib:crypto: Add test for samba_gnutls_aead_aes_256_cbc_hmac_sha512_encrypt() 
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
 2022-07-28 11:51:28 +00:00
Andreas Schneider
e42ebd22e9 librpc:rpc: Add SAMR encryption and mac key salt definitions 
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
 2022-07-28 11:51:28 +00:00
Andreas Schneider
dc7f0f15ce lib:crypto: Implement samba_gnutls_aead_aes_256_cbc_hmac_sha512_encrypt() 
This is for [MS-SAMR] 3.2.2.4 AES Cipher Usage

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
 2022-07-28 11:51:28 +00:00
Andreas Schneider
8b22b448e8 lib:replace: Add macros to burn data from memory 
This will explicitly zero data from memory. This is guaranteed to be not
optimized away.

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
 2022-07-28 11:51:28 +00:00
Andreas Schneider
61aeb77407 lib:crypto: Merge wscript_build into wscript 
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
 2022-07-28 11:51:28 +00:00
Andreas Schneider
a519d57cef lib:crypto: Merge wscript_configure into wscript 
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
 2022-07-28 11:51:28 +00:00
Andreas Schneider
b24c8f540f lib:crypto: Reformat wscript 
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
 2022-07-28 11:51:28 +00:00
Martin Schwenke
dde461868f ctdb-tests: Add tests for cluster mutex I/O timeout 
Block the locker helper child by taking a lock on the 2nd byte of the
lock file.  This will cause a ping timeout if the process is blocked
for long enough.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>

Autobuild-User(master): Martin Schwenke <martins@samba.org>
Autobuild-Date(master): Thu Jul 28 11:10:54 UTC 2022 on sn-devel-184
 2022-07-28 11:10:54 +00:00
Martin Schwenke
25d32ae97a ctdb-tests: Terminate event loop if lock is no longer held 
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
 2022-07-28 10:09:34 +00:00
Martin Schwenke
061315cc79 ctdb-mutex: Test the lock by locking a 2nd byte range 
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
 2022-07-28 10:09:34 +00:00
Martin Schwenke
97a1714ee9 ctdb-mutex: open() and fstat() when testing lock file 
This makes a file descriptor available for other I/O.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
 2022-07-28 10:09:34 +00:00
Martin Schwenke
c07e81abf0 ctdb-mutex: Factor out function fcntl_lock_fd() 
Allows blocking mode and start offset to be specified.  Always locks a
1-byte range.

Make the lock structure static to avoid initialising the whole
structure each time.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
 2022-07-28 10:09:34 +00:00
Martin Schwenke
9daf22a5c9 ctdb-mutex: Handle pings from lock checking child to parent 
The ping timeout is specified by passing an extra argument to the
mutex helper, representing the ping timeout in seconds.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
 2022-07-28 10:09:34 +00:00
Martin Schwenke
b5db286791 ctdb-mutex: Do inode checks in a child process 
In future this will allow extra I/O tests and a timeout in the parent
to (hopefully) release the lock if the child gets wedged.  For
simplicity, use tmon only to detect when either parent or child goes
away.  Plumbing a timeout for pings from child to parent will be done
later.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
 2022-07-28 10:09:34 +00:00
Martin Schwenke
2ecdbcb22c ctdb-mutex: Rename wait_for_lost to lock_io_check 
This will be generalised to do more I/O-based checks.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
 2022-07-28 10:09:34 +00:00
Martin Schwenke
7ab2e8f127 ctdb-mutex: Rename recheck_time to recheck_interval 
There will be more timeouts so clarify the intent of this one.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
 2022-07-28 10:09:34 +00:00
Martin Schwenke
c396b61504 ctdb-mutex: Consistently use progname in error messages 
To avoid error messages having ridiculously long paths, set progname
to basename(argv[0]).

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
 2022-07-28 10:09:34 +00:00
Martin Schwenke
a8da8810f1 ctdb-tests: Add tests for trivial FD monitoring 
tmon_ping_test covers complex 2-way interaction between processes
using tmon_ping_send(), including via a socketpair().  tmon_test
covers the more general functionality of tmon_send() but uses a
simpler 1-way harness with wide coverage.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
 2022-07-28 10:09:34 +00:00
Martin Schwenke
8d04235f46 ctdb-common: Add trivial FD monitoring abstraction 
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
 2022-07-28 10:09:34 +00:00
Martin Schwenke
f9467cdf3b ctdb-build: Link in backtrace support for ctdb_util_tests 
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
 2022-07-28 10:09:34 +00:00