summaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* s4:torture/netlogon: Test netlogon with additional attrsBenjamin Franzke2013-11-121-0/+83
| | | | | | | | | | Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Nadezhda Ivanova <nivanova@symas.com> se enter the commit message for your changes. Lines starting Autobuild-User(master): Andrew Bartlett <abartlet@samba.org> Autobuild-Date(master): Tue Nov 12 00:57:19 CET 2013 on sn-devel-104
* s4:torture/ldap: Add test for netlogon over tcpBenjamin Franzke2013-11-114-330/+519
| | | | | | | | | | | | | | | This patch moves the udp netlogon tests from cldap.c to netlogon.c and passes a generic netlogon-send function as parameter. Therefore a tcp replacement for cldap_netlogon is also added. The two variants tcp and udp are added as 2 new torture tests: ldap.netlogon-udp & ldap.netlogon-tcp Both tests succeed. Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Nadezhda Ivanova <nivanova@symas.com>
* libcli/cldap: Add utility to create netlogon filterBenjamin Franzke2013-11-112-40/+52
| | | | | | | This utility is splitted of from cldap_netlogon_send. Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Nadezhda Ivanova <nivanova@symas.com>
* s4:dsdb: Move cldap netlogon functions into samdb/ldb_modulesBenjamin Franzke2013-11-1110-34/+10
| | | | | | | | As netlogon is handled by the samdb now, the corresponding functions should live there as well. Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Nadezhda Ivanova <nivanova@symas.com>
* s4:cldap_server: Do not handle netlogon ourself anymoreBenjamin Franzke2013-11-113-62/+5
| | | | | | | | | Netlogon is now handled by the ldb rootdse module. The netlogon files will be moved to dsdb in the next commit. Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Nadezhda Ivanova <nivanova@symas.com>
* s4:dsdb/rootdse: Support netlogon requestBenjamin Franzke2013-11-113-11/+77
| | | | | | | | | | | | | | | | | | | | | | This patch adds support for a netlogon ldap style request over the tcp socket. This is available since win2k3+ [1]. The automatic client join & configuration daemon "realmd" makes use of this ability. Realmd can now be used to join a computer to a samba 4 domain. (See also: https://lists.samba.org/archive/samba-technical/2013-October/095606.html) Tested with: ldapsearch -h samba-srv -x -b '' -s base "(&(NtVer=\06\00\00\00)(AAC=\00\00\00\00))" NetLogon And compared the result in wireshark with cldap request issued by examples/misc/cldap.pl. [1]: http://wiki.wireshark.org/MS-CLDAP?action=recall&rev=8 Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Nadezhda Ivanova <nivanova@symas.com>
* s4:dsdb/rootdse: Pass rootdse context to rootdse_add_dynamicBenjamin Franzke2013-11-111-20/+19
| | | | | | | | This replaced the *module parameter, and uses ac->module in the function instead, same for *req and *attrs. Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Nadezhda Ivanova <nivanova@symas.com>
* s4:cldap_server: Move netlogon parsing into utility functionBenjamin Franzke2013-11-112-34/+73
| | | | | | | To be used later by netlogon-request over ldap. Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Nadezhda Ivanova <nivanova@symas.com>
* provision: Fix string replacement orderingBenjamin Franzke2013-11-111-1/+1
| | | | | Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Nadezhda Ivanova <nivanova@symas.com>
* s4:torture/cldap: Fix a typoBenjamin Franzke2013-11-111-1/+1
| | | | | Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Nadezhda Ivanova <nivanova@symas.com>
* gpo: Fix CID 1034880 Resource leakVolker Lendecke2013-11-111-2/+1
| | | | | | | | Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Ira Cooper <ira@samba.org> Autobuild-User(master): Ira Cooper <ira@samba.org> Autobuild-Date(master): Mon Nov 11 22:59:10 CET 2013 on sn-devel-104
* gpo: Fix CID 1034881 Resource leakVolker Lendecke2013-11-111-0/+1
| | | | | Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Ira Cooper <ira@samba.org>
* ntvfs: Fix CID 1034883 Resource leakVolker Lendecke2013-11-111-1/+4
| | | | | Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Ira Cooper <ira@samba.org>
* backupkey: Fix CID 1034885 Resource leakVolker Lendecke2013-11-111-0/+1
| | | | | Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Ira Cooper <ira@samba.org>
* smbd: Fix CID 1035365 Buffer not null terminatedVolker Lendecke2013-11-111-2/+2
| | | | | Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Ira Cooper <ira@samba.org>
* smbd: Fix CID 1035366 Buffer not null terminatedVolker Lendecke2013-11-111-4/+4
| | | | | Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Ira Cooper <ira@samba.org>
* smbd: Use fstring in conn_tdb.cVolker Lendecke2013-11-111-2/+2
| | | | | | | It might be legacy, but as long as we have it, we can make use of it. Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Ira Cooper <ira@samba.org>
* smbd: Use fstring in conn_tdb.hVolker Lendecke2013-11-111-3/+3
| | | | | | | It might be legacy, but as long as we have it, we can make use of it. Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Ira Cooper <ira@samba.org>
* smbd: Fix CID 1035478 Negative array index readVolker Lendecke2013-11-111-6/+19
| | | | | | | lp_parm_enum can return -1. Add error checking. Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Ira Cooper <ira@samba.org>
* samdb: Fix CID 241968 Uninitialized pointer readVolker Lendecke2013-11-111-1/+1
| | | | | | | Interestingly gcc does not catch this at all. Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Ira Cooper <ira@samba.org>
* heimdal: Fix 241482 Resource leakVolker Lendecke2013-11-111-2/+4
| | | | | Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Ira Cooper <ira@samba.org>
* ldb: Fix CID 241329 Array compared against 0Volker Lendecke2013-11-111-1/+1
| | | | | | | u.generate.remote_names is an array, not a pointer Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Ira Cooper <ira@samba.org>
* libsmb: Fix CID 241313 Array compared against 0Volker Lendecke2013-11-111-4/+2
| | | | | | | userinfo->passwrd is not a pointer, no point in checking for !=NULL Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Ira Cooper <ira@samba.org>
* smbd: Fix CID 1035434 Same on both sidesVolker Lendecke2013-11-111-1/+1
| | | | | | | Looks scary, but the only effect of this bug is too many UNLOCK messages Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Ira Cooper <ira@samba.org>
* iniparser: Fix CID 241908 Copy into fixed size bufferVolker Lendecke2013-11-111-3/+5
| | | | | | | strcpy is never a good idea.... Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Ira Cooper <ira@samba.org>
* libsmb: Fix CID 1127343 Dead default in switchVolker Lendecke2013-11-111-2/+0
| | | | | | | We have checked sec_channel_type a few lines above already Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Ira Cooper <ira@samba.org>
* netapi: Fix CID 1127344 Uninitialized scalar variableVolker Lendecke2013-11-111-0/+1
| | | | | Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Ira Cooper <ira@samba.org>
* net: Fix CID 1035403 Unchecked return valueVolker Lendecke2013-11-111-1/+4
| | | | | Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Ira Cooper <ira@samba.org>
* registry: Fix Coverity ID 1034918 Wrong sizeof argumentVolker Lendecke2013-11-111-2/+2
| | | | | | | | sizeof(data_val) is the size of the pointer. This might well be 8 bytes where the string is only 4 bytes long Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Ira Cooper <ira@samba.org>
* registry: Fix Coverity ID 1034917 Wrong sizeof argumentVolker Lendecke2013-11-111-2/+3
| | | | | | | | sizeof(data_val) is the size of the pointer. This might well be 8 bytes where the string is only 4 bytes long Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Ira Cooper <ira@samba.org>
* registry: Fix Coverity ID 1034916 Wrong sizeof argumentVolker Lendecke2013-11-111-1/+2
| | | | | | | | sizeof(data_val) is the size of the pointer. This might well be 8 bytes where the string is only 4 bytes long Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Ira Cooper <ira@samba.org>
* dsdb: Fix Coverity ID 1034907 Dereference before null checkVolker Lendecke2013-11-111-1/+1
| | | | | | | "module" has already been dereferenced by ldb_module_get_private(module) Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Ira Cooper <ira@samba.org>
* oLschema2ldif: Add some NULL checksVolker Lendecke2013-11-111-0/+6
| | | | | | | This should fix Coverity ID 1034812 Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Ira Cooper <ira@samba.org>
* s4:torture:smb2: add new lease.upgrade3 test to test the contended upgradeMichael Adam2013-11-111-0/+143
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Test what upgrades work when there is another lease already held, in addition to the lease to be upgraded. The summary of the behaviour is this: ------------------------------------- If we have two leases (lease1 and lease2) on the same file, then attempt to upgrade lease1 results in a change if and only if the requested lease state: - is valid, - is strictly a superset of lease1, and - can held together with lease2. In that case, the resuling lease state of the upgraded lease1 is the state requested in the upgrade. lease2 is not broken and remains unchanged. Note that this contrasts the case of directly opening with an initial requested lease state, in which case you get that portion of the requested state that can be shared with the already existing leases (or the states that they get broken to). Signed-off-by: Michael Adam <obnox@samba.org> Reviewed-by: David Disseldorp <ddiss@samba.org> Autobuild-User(master): David Disseldorp <ddiss@samba.org> Autobuild-Date(master): Mon Nov 11 18:04:47 CET 2013 on sn-devel-104
* s4:torture:smb2: add comment explaining lease upgrade in the non-contended caseMichael Adam2013-11-111-0/+11
| | | | | | | | | | | | | | | The summary of the behaviour is this: ------------------------------------- An uncontended lease upgrade results in a change if and only if the requested lease state is - valid, and - strictly a superset of the lease state already held. In that case the resulting lease state is the one requested in the upgrade. Signed-off-by: Michael Adam <obnox@samba.org> Reviewed-by: David Disseldorp <ddiss@samba.org>
* README.Coding: Add __func__Volker Lendecke2013-11-111-0/+14
| | | | | | | | Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Michael Adam <obnox@samba.org> Autobuild-User(master): Michael Adam <obnox@samba.org> Autobuild-Date(master): Mon Nov 11 16:08:09 CET 2013 on sn-devel-104
* smbd: Fix DEBUG in do_break_to_noneVolker Lendecke2013-11-111-8/+6
| | | | | | | | | The name of this function has changed, but the DEBUG statements have not been adapted. This is the case in a lot of our code. With __func__ this problem goes away: __func__ is C99, and we also use it already. Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Michael Adam <obnox@samba.org>
* CVE-2013-4476: s4:libtls: check for safe permissions of tls private key file ↵Björn Baumbach2013-11-112-0/+33
| | | | | | | | | | | | | | | | | | (key.pem) If the tls key is not owned by root or has not mode 0600 samba will not start up. Bug: https://bugzilla.samba.org/show_bug.cgi?id=10234 Pair-Programmed-With: Stefan Metzmacher <metze@samba.org> Signed-off-by: Björn Baumbach <bb@sernet.de> Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> Autobuild-User(master): Karolin Seeger <kseeger@samba.org> Autobuild-Date(master): Mon Nov 11 13:07:16 CET 2013 on sn-devel-104
* CVE-2013-4476: s4:libtls: Create tls private key file (key.pem) with mode 0600Björn Baumbach2013-11-111-1/+1
| | | | | | | Bug: https://bugzilla.samba.org/show_bug.cgi?id=10234 Signed-off-by: Björn Baumbach <bb@sernet.de> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* CVE-2013-4476: selftest/Samba4: use umask 0077 within mk_keyblobs()Stefan Metzmacher2013-11-111-1/+5
| | | | | | | | | | | | We should generate private keys with 0600. Bug: https://bugzilla.samba.org/show_bug.cgi?id=10234 Pair-Programmed-With: Björn Baumbach <bb@sernet.de> Signed-off-by: Stefan Metzmacher <metze@samba.org> Signed-off-by: Björn Baumbach <bb@sernet.de> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* CVE-2013-4476: samba-tool provision: create ${private_dir}/tls with mode 0700Björn Baumbach2013-11-111-1/+1
| | | | | | | Bug: https://bugzilla.samba.org/show_bug.cgi?id=10234 Signed-off-by: Björn Baumbach <bb@sernet.de> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* CVE-2013-4476: lib-util: split out file_save_mode() from file_save()Björn Baumbach2013-11-112-5/+13
| | | | | | | | | file_save_mode() writes files with specified mode. Bug: https://bugzilla.samba.org/show_bug.cgi?id=10234 Signed-off-by: Björn Baumbach <bb@sernet.de> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* CVE-2013-4476: lib-util: add file_check_permissions()Björn Baumbach2013-11-112-0/+53
| | | | | | | Bug: https://bugzilla.samba.org/show_bug.cgi?id=10234 Signed-off-by: Björn Baumbach <bb@sernet.de> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* xattr: fix listing EAs on *BSD for non-root usersBjörn Jacke2013-11-081-0/+4
| | | | | | | | | | | | Thanks to Stefan Rompf for reporting. This fixes bug #10247 Signed-off-by: Bjoern Jacke <bj@sernet.de> Reviewed-by: Jeremy Allison <jra@samba.org> Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Fri Nov 8 20:43:30 CET 2013 on sn-devel-104
* s4-smb_server: Fix a use after free.Andreas Schneider2013-11-081-1/+5
| | | | | | | If we haven't allocated the smbsrv_session then we should not free it. Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* s3-vfs: Fix stream_depot vfs module on btrfs.Andreas Schneider2013-11-081-8/+8
| | | | | | | | | | | | Checking if the directory is empty using 'nlink == 2' only checks if there are no subdirectories. It doesn't indicate if there are files in the directory. However checking link count for no subdirectories is wrong and applications shouldn't rely on it, see: https://lkml.org/lkml/2012/2/1/756 Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* vfstest: fix uninitialised variable usage in openDavid Disseldorp2013-11-081-2/+3
| | | | | | | | The vfstest open command currently fails intermittently due to a read of a potentially uninitialised status variable. Signed-off-by: David Disseldorp <ddiss@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* net: remove net idmap secretAtul Kulkarni2013-11-081-8/+0
| | | | | | | | | | | This is moved to net idmap set secret for consistency. Signed-off-by: Atul Kulkarni <atul.kulkarni@in.ibm.com> Reviewed-by: Michael Adam <obnox@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Fri Nov 8 01:03:25 CET 2013 on sn-devel-104
* doc: update the net manpage for net idmap set, get and deleteAtul Kulkarni2013-11-071-2/+67
| | | | | | Signed-off-by: Atul Kulkarni <atul.kulkarni@in.ibm.com> Reviewed-by: Michael Adam <obnox@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* idmap_autorid: fix failure in reverse lookup if ID is from domain range index #0Abhidnya Joshi2013-11-071-1/+1
| | | | | | | | | Domain range index #0 is not included in the database record. So in this special case we only have the SID, not SID#IDX... Signed-off-by: Abhidnya Joshi <achirmul@in.ibm.com> Reviewed-by: Michael Adam <obnox@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
generated by cgit (git 2.34.1) at 2024-09-29 03:29:48 +0000