sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2025-01-12 09:18:10 +03:00
Code
102,284 Commits 60 Branches 1,145 Tags 452 MiB
f50c3fb1c5
Commit Graph

102284 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Volker Lendecke
f50c3fb1c5 libsmb: Fix CID 1356312 Explicit null dereferenced 
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
 2016-03-18 00:29:14 +01:00
Volker Lendecke
deaab95b8d ctdb: Fix CID 1356313 Explicit null dereferenced 
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
 2016-03-18 00:29:14 +01:00
Volker Lendecke
a243a9012f lib: Fix CID 1356315 Dereference before null check 
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
 2016-03-18 00:29:14 +01:00
Volker Lendecke
3940d4e386 crypto: Fix CID 1356314 Resource leak 
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
 2016-03-18 00:29:13 +01:00
Volker Lendecke
dcaa88158e libads: Fix CID 1356316 Uninitialized pointer read 
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
 2016-03-18 00:29:13 +01:00
Günther Deschner
c06058a99b s3-auth: check for return code of cli_credentials_set_machine_account(). 
Guenther

Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>

Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Thu Mar 17 20:43:19 CET 2016 on sn-devel-144
 2016-03-17 20:43:17 +01:00
Günther Deschner
fe93a09889 s4-smb_server: check for return code of cli_credentials_set_machine_account(). 
We keep anonymous server_credentials structure in order to let
the rpc.spoolss.notify start it's test server.

Pair-Programmed-With: Stefan Metzmacher <metze@samba.org>

Signed-off-by: Günther Deschner <gd@samba.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
 2016-03-17 17:17:16 +01:00
Stefan Metzmacher
31f07d0562 s4:rpc_server: require access to the machine account credentials 
Even a standalone server should be selfjoined.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
 2016-03-17 17:17:16 +01:00
Stefan Metzmacher
57946ac7c1 auth/gensec: split out a gensec_verify_dcerpc_auth_level() function 
We only need this logic once.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
 2016-03-17 17:17:16 +01:00
Stefan Metzmacher
cc3dea5a81 auth/gensec: make sure gensec_security_by_auth_type() returns NULL for AUTH_TYPE_NONE 
ops->auth_type == 0, means the backend doesn't support DCERPC.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
 2016-03-17 17:17:16 +01:00
Stefan Metzmacher
733ccd1320 s4:torture/rpc/schannel: don't use validation level 6 without privacy 
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
 2016-03-17 17:17:16 +01:00
Stefan Metzmacher
50581689d9 s4:torture/rpc: correctly use torture_skip() for test_ManyGetDCName() without NCACN_NP 
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
 2016-03-17 17:17:16 +01:00
Stefan Metzmacher
050a1d0653 s4:torture/rpc/samlogon: use DCERPC_SEAL for netr_LogonSamLogonEx and validation level 6 
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
 2016-03-17 17:17:16 +01:00
Stefan Metzmacher
26e5ef6818 s4:torture/rpc/samr: use DCERPC_SEAL in setup_schannel_netlogon_pipe() 
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
 2016-03-17 17:17:16 +01:00
Stefan Metzmacher
1a7d8b8602 s4:torture/netlogon: add/use test_SetupCredentialsPipe() helper function 
This create a schannel connection to netlogon, this makes the tests
more realistic.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
 2016-03-17 17:17:16 +01:00
Stefan Metzmacher
f9a1915238 s3:test_rpcclient_samlogon.sh: test samlogon with schannel 
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
 2016-03-17 17:17:16 +01:00
Stefan Metzmacher
2c36501640 s3:selftest: rpc.samr.passwords.validate should run with [seal] in order to be realistic 
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
 2016-03-17 17:17:16 +01:00
Stefan Metzmacher
b00c38afc6 selftest: setup information of new samba.example.com CA in the client environment 
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
 2016-03-17 17:17:16 +01:00
Stefan Metzmacher
b2c0f71db0 selftest: set tls crlfile if it exist 
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
 2016-03-17 17:17:16 +01:00
Stefan Metzmacher
c321a59f26 selftest: use Samba::prepare_keyblobs() and use the certs from the new CA 
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
 2016-03-17 17:17:15 +01:00
Stefan Metzmacher
a6447fd6d0 selftest: add Samba::prepare_keyblobs() helper function 
This copies the certificates from the samba.example.com CA if they
exist.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
 2016-03-17 17:17:15 +01:00
Stefan Metzmacher
2a96885ac7 selftest: mark commands in manage-CA-samba.example.com.sh as DONE 
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
 2016-03-17 17:17:15 +01:00
Stefan Metzmacher
1928f08106 selftest: add CA-samba.example.com binary files (currently unused by Samba) 
This patch can be skipped, when it causes problems with tools like 'patch'.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
 2016-03-17 17:17:15 +01:00
Stefan Metzmacher
520c85a15f selftest: add CA-samba.example.com (non-binary) files 
The binary files will follow in the next, this allows the next
commit to be skipped as the binary files are not used by samba yet.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
 2016-03-17 17:17:15 +01:00
Stefan Metzmacher
bdc1f036a8 selftest: add config and script to create a samba.example.com CA 
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
 2016-03-17 17:17:15 +01:00
Stefan Metzmacher
b0bdbeeef4 selftest: add some helper scripts to mange a CA 
This is partly based on the SmartCard HowTo from:
https://wiki.samba.org/index.php/Samba_AD_Smart_Card_Login

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
 2016-03-17 17:17:15 +01:00
Stefan Metzmacher
c561a42ff6 selftest: s!addc.samba.example.com!addom.samba.example.com! 
It's confusing to have addc.samba.example.com as domain name
and addc.addc.samba.example.com as hostname.

We now have addom.samba.example.com as domain name
and addc.addom.samba.example.com as hostname.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
 2016-03-17 17:17:15 +01:00
Amitay Isaacs
bcb671421b ctdb-tests: Add a utility to parse ctdb packets 
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>

Autobuild-User(master): Martin Schwenke <martins@samba.org>
Autobuild-Date(master): Thu Mar 17 13:56:41 CET 2016 on sn-devel-144
 2016-03-17 13:56:41 +01:00
Amitay Isaacs
6cdb927e76 ctdb-protocol: Add protocol debug routines 
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
 2016-03-17 10:17:47 +01:00
Amitay Isaacs
0fa2853ce1 ctdb-protocol: Check header is not null before copying 
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
 2016-03-17 10:17:47 +01:00
Andreas Schneider
abfa8e335c mit-kdb: Add missing SDB_F_FOR_AS_REQ for AS requests 
This correctly handles enterprise principals and ticket renewal.

Signed-off-by: Andreas Schneider <asn@samba.org>
Signed-off-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Pair-Programmed-With: Guenther Deschner <gd@samba.org>
Reviewed-by: Sumit Bose <sbose@redhat.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Thu Mar 17 07:57:49 CET 2016 on sn-devel-144
 2016-03-17 07:57:49 +01:00
Andreas Schneider
859c625c82 mit-kdb: Fix segfault in krb5kdc dereferencing an invalid pointer 
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Sumit Bose <sbose@redhat.com>
Reviewed-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
 2016-03-17 04:32:29 +01:00
Andreas Schneider
bb72aec13f mit-kdb: Add support for KDB version 8 
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Sumit Bose <sbose@redhat.com>
Reviewed-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
 2016-03-17 04:32:29 +01:00
Andreas Schneider
b0f2165901 mit-kdb: Add support for bad password count 
This fixes the samba4.ldap.password_lockout.python test.

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Sumit Bose <sbose@redhat.com>
Reviewed-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
 2016-03-17 04:32:29 +01:00
Günther Deschner
05cc9b0af9 mit-kdb: Restrict admin/changepw principal db_entry with some flags 
Signed-off-by: Andreas Schneider <asn@samba.org>
Signed-off-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Pair-Programmed-With: Guenther Deschner <gd@samba.org>
Reviewed-by: Sumit Bose <sbose@redhat.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
 2016-03-17 04:32:29 +01:00
Günther Deschner
b76cf191d9 mit-kdb: Return 0 in kdb_samba_db_put_principal() 
This allows the kadmin server to assume an update of a db_entry has
succeeded (while in fact the update_pwd call did the update already).

Guenther

Signed-off-by: Guenther Deschner <gd@samba.org>
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Pair-Programmed-With: Andreas Schneider <asn@samba.org>
Reviewed-by: Sumit Bose <sbose@redhat.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
 2016-03-17 04:32:29 +01:00
Andreas Schneider
5a6819dbee mit-kdb: Implement KDB function to change passwords 
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Sumit Bose <sbose@redhat.com>
Reviewed-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
 2016-03-17 04:32:29 +01:00
Günther Deschner
f5e86db147 mit-kdb: Use calloc to initialize master keylists. 
Guenther

Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Sumit Bose <sbose@redhat.com>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
 2016-03-17 04:32:29 +01:00
Andreas Schneider
fab9fe0177 mit-kdb: Add ks_get_admin_principal() and use it for kadmin users. 
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Sumit Bose <sbose@redhat.com>
Reviewed-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
 2016-03-17 04:32:29 +01:00
Andreas Schneider
5a4e3adbda mit-kdb: Add ks_create_principal(). 
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Sumit Bose <sbose@redhat.com>
Reviewed-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
 2016-03-17 04:32:29 +01:00
Andreas Schneider
742b4c3da8 mit-kdb: Do not allow to get a kadmin ticket as a client. 
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Sumit Bose <sbose@redhat.com>
Reviewed-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
 2016-03-17 04:32:28 +01:00
Andreas Schneider
e13e9c54f5 mit-kdb: Add more ks_is_kadmin* functions. 
Signed-off-by: Andreas Schneider <asn@samba.org>
Signed-off-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Pair-Programmed-With: Guenther Deschner <gd@samba.org>
Reviewed-by: Sumit Bose <sbose@redhat.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
 2016-03-17 04:32:28 +01:00
Günther Deschner
d787d35d97 mit-kdb: Use calloc so both authdata elements are zeroed 
Guenther

Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Sumit Bose <sbose@redhat.com>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
 2016-03-17 04:32:28 +01:00
Günther Deschner
1b6a085b7f mit-kdb: Do not overwrite the error code in failure case. 
Guenther

Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Sumit Bose <sbose@redhat.com>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
 2016-03-17 04:32:28 +01:00
Andreas Schneider
ade958e20b mit-kdb: Add initial MIT KDB Samba driver 
Signed-off-by: Andreas Schneider <asn@samba.org>
Signed-off-by: Simo Sorce <idra@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Pair-Programmed-With: Simo Sorce <idra@samba.org>
Reviewed-by: Sumit Bose <sbose@redhat.com>
Reviewed-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
 2016-03-17 04:32:28 +01:00
Andreas Schneider
7feb650a37 wscript: Build the KDC code if we have the AD DC build enabled 
Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Sumit Bose <sbose@redhat.com>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
 2016-03-17 04:32:28 +01:00
Andreas Schneider
4865867f59 mit_samba: Setup logging to stdout 
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Sumit Bose <sbose@redhat.com>
Reviewed-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
 2016-03-17 04:32:28 +01:00
Andreas Schneider
23c249a88b mit_samba: Add function for handling bad password count 
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Sumit Bose <sbose@redhat.com>
Reviewed-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
 2016-03-17 04:32:28 +01:00
Andreas Schneider
9734b5d9ed mit_samba: Add functions to generate random password and salt. 
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Sumit Bose <sbose@redhat.com>
Reviewed-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
 2016-03-17 04:32:28 +01:00
Andreas Schneider
909e7f9ff6 mit_samba: Add function to change the password 
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Sumit Bose <sbose@redhat.com>
Reviewed-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
 2016-03-17 04:32:28 +01:00