summaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
...
* torture-backupkey: Assert dcerpc_bkrp_BackupKey_r call was successfulAndrew Bartlett2015-02-251-0/+6
| | | | | Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Garming Sam <garming@catalyst.net.nz>
* torture-backupkey: Add consistent assertions that createRestoreGUIDStruct() ↵Andrew Bartlett2015-02-251-1/+12
| | | | | | | suceeds Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Garming Sam <garming@catalyst.net.nz>
* s4:torture/rpc/backupkey: Require 2048 bit RSA keyArvid Requate2015-02-251-0/+75
| | | | | | | | | | | Signed-off-by: Arvid Requate <requate@univention.de> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Garming Sam <garming@catalyst.net.nz> (fixed cleanup of memory) Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Garming Sam <garming@catalyst.net.nz>
* s4-backupkey: consistent naming of werr variableArvid Requate2015-02-251-10/+10
| | | | | | Signed-off-by: Arvid Requate <requate@univention.de> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Garming Sam <garming@catalyst.net.nz>
* s4-backupkey: improve variable nameArvid Requate2015-02-251-2/+2
| | | | | | Signed-off-by: Arvid Requate <requate@univention.de> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Garming Sam <garming@catalyst.net.nz>
* s4-backupkey: typo fixArvid Requate2015-02-251-2/+2
| | | | | | Signed-off-by: Arvid Requate <requate@univention.de> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Garming Sam <garming@catalyst.net.nz>
* s4-backupkey: IDL for ServerWrap subprotocolArvid Requate2015-02-252-1/+37
| | | | | | | | | | This adds some IDL structs for the ServerWrap subprotocol, allowing parsing of the incoming RPC calls and returning WERR_NOT_SUPPORTED instead of WERR_INVALID_PARAM. Signed-off-by: Arvid Requate <requate@univention.de> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Garming Sam <garming@catalyst.net.nz>
* s4-backupkey: fix ndr_pull error on empty inputArvid Requate2015-02-251-1/+4
| | | | | | | | | | [MS-BKRP] 3.1.4.1 specifies for BACKUPKEY_RETRIEVE_BACKUP_KEY_GUID that the server must ignore the input data. This patch fixes ndr_pull_error(11): Pull bytes 4 (../librpc/ndr/ndr_basic.c:148) Signed-off-by: Arvid Requate <requate@univention.de> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Garming Sam <garming@catalyst.net.nz>
* s4-backupkey: Initialize ndr->switchlist for printArvid Requate2015-02-251-0/+5
| | | | | | | | | ndr_print_bkrp_data_in_blob requires the level to be set in the proper ndr->switch_list context. Signed-off-by: Arvid Requate <requate@univention.de> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Garming Sam <garming@catalyst.net.nz>
* s4-backupkey: Comply with [MS-BKRP] 2.2.1Arvid Requate2015-02-251-2/+1
| | | | | | | | | | | | | | [MS-BKRP] 2.2.1 specifies "The Common Name field of the Subject name field SHOULD contain the name of the DNS domain assigned to the server." In fact Windows 7 clients don't seem to care. Also in certificates generated by native AD the domain name (after CN=) is encoded as UTF-16LE. Since hx509_parse_name only supports UTF-8 strings currently we just leave the encoding as it is for now. Signed-off-by: Arvid Requate <requate@univention.de> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Garming Sam <garming@catalyst.net.nz>
* s4-backupkey: Set defined cert serialnumberArvid Requate2015-02-251-1/+22
| | | | | | | | | | | | [MS-BKRP] 2.2.1 specifies that the serialnumber of the certificate should be set identical to the subjectUniqueID. In fact certificates generated by native AD have this field encoded in little-endian format. See also https://www.mail-archive.com/cifs-protocol@cifs.org/msg01364.html Signed-off-by: Arvid Requate <requate@univention.de> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Garming Sam <garming@catalyst.net.nz>
* s4-backupkey: de-duplicate error handlingArvid Requate2015-02-251-39/+20
| | | | | | Signed-off-by: Arvid Requate <requate@univention.de> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Garming Sam <garming@catalyst.net.nz>
* s4-backupkey: check for talloc failureArvid Requate2015-02-251-0/+3
| | | | | | | | Check for talloc_memdup failure for uniqueid.data. Signed-off-by: Arvid Requate <requate@univention.de> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Garming Sam <garming@catalyst.net.nz>
* s4-backupkey: Cert lifetime of 365 days, not secsArvid Requate2015-02-251-1/+1
| | | | | | | | | | | | | | | hx509_ca_tbs_set_notAfter_lifetime expects the lifetime value in in seconds. The Windows 7 client didn't seem to care that the lifetime was only 6'03''. Two other TODOs in this implementation: * Since notBefore is not set explicietely to "now", the heimdal code default of now-(24 hours) is applied. * Server side validity checks and cert renewal are missing. Signed-off-by: Arvid Requate <requate@univention.de> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Garming Sam <garming@catalyst.net.nz>
* s4-backupkey: Ensure RSA modulus is 2048 bitsArvid Requate2015-02-251-5/+10
| | | | | | | | | | | | | | | | | | | RSA_generate_key_ex doesn't always generate a modulus of requested bit length. Tests with Windows 7 clients showed that they decline x509 certificates (MS-BKRP 2.2.1) in cases where the modulus length is smaller than the specified 2048 bits. For the user this resulted in DPAPI failing to retrieve stored credentials after the user password has been changed at least two times. On the server side log.samba showed that the client also called the as yet unlimplemented ServerWrap sub- protocol function BACKUPKEY_BACKUP_KEY_GUID after it had called the ClientWarp function BACKUPKEY_RETRIEVE_BACKUP_KEY_GUID. After enabling DPAPI auditing on the Windows Clients the Event Viewer showed Event-ID 4692 failing with a FailureReason value of 0x7a in these cases. Signed-off-by: Arvid Requate <requate@univention.de> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Garming Sam <garming@catalyst.net.nz> BUG: https://bugzilla.samba.org/show_bug.cgi?id=10980
* wafsamba: make sure build fails when uninitialized variable is detectedAlexander Bokovoy2015-02-241-0/+2
| | | | | | | | | | | In developer build, fail if uninitialized variable is found by GCC. Signed-off-by: Alexander Bokovoy <ab@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Tue Feb 24 20:21:52 CET 2015 on sn-devel-104
* lib: Use iov_buflen in smb1cli_req_chain_submitVolker Lendecke2015-02-241-3/+3
| | | | | Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* lib: Use iov_buflen in smb1cli_req_writev_submitVolker Lendecke2015-02-241-1/+7
| | | | | Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* lib: Use iov_buflen in smb1cli_req_createVolker Lendecke2015-02-241-1/+12
| | | | | Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* lib: Use iov_buf in smbXcli_iov_concatVolker Lendecke2015-02-241-9/+10
| | | | | Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* libcli: Use iov_buflen in smbXcli_iov_lenVolker Lendecke2015-02-242-7/+6
| | | | | Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* smbd: Fix a typoVolker Lendecke2015-02-241-1/+1
| | | | | Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* smb2_server: Use iov_advanceVolker Lendecke2015-02-241-24/+4
| | | | | Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* smb2_server: Add range checking to nbt_lengthVolker Lendecke2015-02-241-13/+48
| | | | | Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* tsocket: Use iov_advanceVolker Lendecke2015-02-242-51/+18
| | | | | Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* iov_buf: Add an explaining commentVolker Lendecke2015-02-241-0/+4
| | | | | Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* tsocket: Fix a typoVolker Lendecke2015-02-241-1/+1
| | | | | Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* lib: Move "iov_buf.[ch]" to lib/utilVolker Lendecke2015-02-2411-12/+12
| | | | | Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* rpc: Use tevent_req_poll_ntstatusVolker Lendecke2015-02-241-2/+1
| | | | | Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* ctdb-io: Do not use sys_write to write to client socketsAmitay Isaacs2015-02-241-3/+3
| | | | | | | | | | | | | | | | | | | | | | When sending messages to clients, ctdb checks for EAGAIN error code and schedules next write in the subsequent event loop. Using sys_write in these places causes ctdb to loop hard till a client is able to read from the socket. With real time scheduling, ctdb daemon spins consuming 100% of CPU trying to write to the client sockets. This can be quite harmful when running under VMs or machines with single CPU. This regression was introduced when all read/write calls were replaced to use sys_read/sys_write wrappers (c1558adeaa980fb4bd6177d36250ec8262e9b9fe). The existing code backs off in case of EAGAIN failures and waits for an event loop to process the write again. This should give ctdb clients a chance to get scheduled and to process the ctdb socket. Signed-off-by: Amitay Isaacs <amitay@gmail.com> Reviewed-by: Martin Schwenke <martin@meltin.net> Autobuild-User(master): Martin Schwenke <martins@samba.org> Autobuild-Date(master): Tue Feb 24 12:29:30 CET 2015 on sn-devel-104
* nmblookup: Warn user if netbios name is too long.Andreas Schneider2015-02-242-0/+22
| | | | | | | | Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Tue Feb 24 01:01:10 CET 2015 on sn-devel-104
* nss-wins: Do not lookup invalid netbios namesAndreas Schneider2015-02-231-1/+13
| | | | | Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* libsmb: Do not lookup invalid netbios names.Andreas Schneider2015-02-231-3/+14
| | | | | Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* Revert "s3: smbd: signing. Ensure we respond correctly to an SMB2 negprot ↵Jeremy Allison2015-02-232-5/+2
| | | | | | | | | | | | with SMB2_NEGOTIATE_SIGNING_REQUIRED." Even though the MS-SMB2 spec says so, Windows doesn't behave like this. This reverts commit 1cea6e5b6f8c0e28d5ba2d296c831c4878fca304. Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: "Stefan (metze) Metzmacher" <metze@samba.org>
* waf: Only build the wrappers if we enable selftestAndreas Schneider2015-02-232-8/+14
| | | | | | | | Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Michael Adam <obnox@samba.org> Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org> Autobuild-Date(master): Mon Feb 23 22:31:22 CET 2015 on sn-devel-104
* swrap: Bump version to 1.1.3Andreas Schneider2015-02-231-1/+1
| | | | | Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Michael Adam <obnox@samba.org>
* swrap: If we remove the socket_info also unlink the unix socketAndreas Schneider2015-02-231-0/+3
| | | | | Signed-off-by: Andreas Schneider <asn@cryptomilk.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* swrap: Do not leak the socket_info we just removed.Andreas Schneider2015-02-231-0/+1
| | | | | Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Michael Adam <obnox@samba.org>
* src: Add support for running with address sanitizer.Andreas Schneider2015-02-231-0/+8
| | | | | | | | If address sanitzer will complain about our hack with variable function attributes. This disables the checking of it. Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Guenther Deschner <gd@samba.org>
* swrap: Fix the loop for older gcc versions.Andreas Schneider2015-02-231-2/+8
| | | | | Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Michael Adam <obnox@samba.org>
* torture: Add netr_setPassword(2) schannel test.Andreas Schneider2015-02-235-1/+166
| | | | | | | | | | | | Thanks to Florian Weimer <fweimer@redhat.com> for the help to write this torture test. Pair-Programmed-With: Guenther Deschner <gd@samba.org> Signed-off-by: Andreas Schneider <asn@samba.org> Signed-off-by: Guenther Deschner <gd@samba.org> Autobuild-User(master): Karolin Seeger <kseeger@samba.org> Autobuild-Date(master): Mon Feb 23 20:01:01 CET 2015 on sn-devel-104
* s3-netlogon: Make sure we do not deference a NULL pointer.Andreas Schneider2015-02-231-1/+6
| | | | | | | | | | | | This is an additional patch for CVE-2015-0240. BUG: https://bugzilla.samba.org/show_bug.cgi?id=11077#c32 Pair-Programmed-With: Michael Adam <obnox@samba.org> Pair-Programmed-With: Andreas Schneider <asn@samba.org> Signed-off-by: Michael Adam <obnox@samba.org> Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Volker Lendecke <vl@samba.org>
* CVE-2015-0240: s3: netlogon: Ensure we don't call talloc_free on an ↵Jeremy Allison2015-02-231-1/+5
| | | | | | | | | uninitialized pointer. Bug: https://bugzilla.samba.org/show_bug.cgi?id=11077 Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* s3: smbd: SMB2 close. If a file has delete on close, store the return info ↵Jeremy Allison2015-02-201-0/+20
| | | | | | | | | | | | | | | | | before deleting. If we delete the file on close, the stat after the close will fail so we fail to return the attributes requested. Bug 11104 - SMB2/SMB3 close response does not include attributes when requested. https://bugzilla.samba.org/show_bug.cgi?id=11104 Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Steve French <sfrench@samba.org> Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Fri Feb 20 20:54:18 CET 2015 on sn-devel-104
* s3: smbd: SMB2 close. Call utility function setup_close_full_information()Jeremy Allison2015-02-201-26/+11
| | | | | | | | | | | Replaces existing inline code. Bug 11104 - SMB2/SMB3 close response does not include attributes when requested. https://bugzilla.samba.org/show_bug.cgi?id=11104 Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Steve French <sfrench@samba.org>
* s3: smbd: SMB2 close. Add utility function setup_close_full_information()Jeremy Allison2015-02-201-0/+42
| | | | | | | | | | | Not yet used. Bug 11104 - SMB2/SMB3 close response does not include attributes when requested. https://bugzilla.samba.org/show_bug.cgi?id=11104 Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Steve French <sfrench@samba.org>
* doc:man:vfs_glusterfs: improve the configuration section.Michael Adam2015-02-201-2/+21
| | | | | | | | Signed-off-by: Michael Adam <obnox@samba.org> Reviewed-by: Guenther Deschner <gd@samba.org> Autobuild-User(master): Günther Deschner <gd@samba.org> Autobuild-Date(master): Fri Feb 20 14:29:21 CET 2015 on sn-devel-104
* doc:man:vfs_glusterfs: improve and update description.Michael Adam2015-02-201-16/+17
| | | | | Signed-off-by: Michael Adam <obnox@samba.org> Reviewed-by: Guenther Deschner <gd@samba.org>
* doc:man:vfs_glusterfs: remove extra % signs.Michael Adam2015-02-201-3/+2
| | | | | Signed-off-by: Michael Adam <obnox@samba.org> Reviewed-by: Guenther Deschner <gd@samba.org>
* s4: smbtorture: leases - show stat opens grant leases and can be broken.Jeremy Allison2015-02-191-0/+79
| | | | | | | | | | https://bugzilla.samba.org/show_bug.cgi?id=11102 Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Ralph Böhme <slow@samba.org> Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Thu Feb 19 23:10:43 CET 2015 on sn-devel-104
generated by cgit (git 2.34.1) at 2025-09-26 15:26:59 +0000