summaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
...
* ctdb-scripts: iSCSI eventscript should fail when PNN can't be determinedMartin Schwenke2015-01-281-4/+1
| | | | | Signed-off-by: Martin Schwenke <martin@meltin.net> Reviewed-by: Amitay Isaacs <amitay@gmail.com>
* ctdb-scripts: Make 70.iscsi IPv6-awareMartin Schwenke2015-01-281-5/+29
| | | | | | | | | | | | Block iSCSI port for families of all address the node is configured to host. Could just unconditional add blocking using ip6tables instead. However, this would produce errors when no IPv6 public addresses are configured and ip6tables is not installed. Signed-off-by: Martin Schwenke <martin@meltin.net> Reviewed-by: Amitay Isaacs <amitay@gmail.com>
* auth/credentials_krb5: fix memory leak in ↵Günther Deschner2015-01-261-0/+2
| | | | | | | | | | | | cli_credentials_failed_kerberos_login(). Guenther Signed-off-by: Günther Deschner <gd@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org> Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org> Autobuild-Date(master): Mon Jan 26 19:56:57 CET 2015 on sn-devel-104
* s4-torture: the new krb5 kdc tests are heimdal, not dc specific.Günther Deschner2015-01-261-1/+1
| | | | | | | Guenther Signed-off-by: Günther Deschner <gd@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
* idl: fix IDL for netr_WorkstationInformation().Günther Deschner2015-01-261-1/+1
| | | | | | | | | This structure is used by the netr_LogonGetDomainInfo call as the input. Guenther Signed-off-by: Günther Deschner <gd@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
* s4:rpc_server: add support for DCERPC_AUTH_TYPE_NCALRPC_AS_SYSTEMStefan Metzmacher2015-01-262-0/+39
| | | | | | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org> Reviewed-by: Günther Deschner <gd@samba.org> Autobuild-User(master): Stefan Metzmacher <metze@samba.org> Autobuild-Date(master): Mon Jan 26 14:23:50 CET 2015 on sn-devel-104
* s4:rpc_server: pass the remote address to gensec_set_remote_address()Stefan Metzmacher2015-01-261-1/+15
| | | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org> Reviewed-by: Günther Deschner <gd@samba.org>
* s4:rpc_server/lsa: add dcesrv_lsa_OpenTrustedDomain_common()Stefan Metzmacher2015-01-261-75/+101
| | | | | | | | | | | | | dcesrv_lsa_OpenTrustedDomain() and dcesrv_lsa_OpenTrustedDomainByName() need to use the same logic and make sure trusted_domain_user_dn is valid. Otherwise dcesrv_lsa_OpenTrustedDomainByName() followed by dcesrv_lsa_DeleteObject() will leave the trust domain account in the database. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org> Reviewed-by: Günther Deschner <gd@samba.org>
* s4:rpc_server/netlogon: fix bugs in dcesrv_netr_DsRGetDCNameEx2()Stefan Metzmacher2015-01-261-8/+14
| | | | | | | | We should return the our ip address the client is connected too. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org> Reviewed-by: Günther Deschner <gd@samba.org>
* Fix a couple of DEBUG statements that were copied from elsewhere. Removed ↵Richard Sharpe2015-01-251-4/+2
| | | | | | | | | | the misleading function name since the DEBUG message will print out the function name anyway. Signed-of-by: Richard Sharpe <rsharpe@samba.org> Reviewed-by: Volker Lendecke <vl@samba.org> Autobuild-User(master): Volker Lendecke <vl@samba.org> Autobuild-Date(master): Sun Jan 25 12:58:08 CET 2015 on sn-devel-104
* s4:dsdb/tests: add test_timevalues1() to verify timestamp valuesStefan Metzmacher2015-01-241-0/+40
| | | | | | | | | | | Bug: https://bugzilla.samba.org/show_bug.cgi?id=9810 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org> Reviewed-by: Günther Deschner <gd@samba.org> Autobuild-User(master): Stefan Metzmacher <metze@samba.org> Autobuild-Date(master): Sat Jan 24 20:17:20 CET 2015 on sn-devel-104
* ldb: version 1.1.20Stefan Metzmacher2015-01-243-1/+266
| | | | | | | | - Bug 9810 - validate_ldb of String(Generalized-Time) does not accept millisecond format ".000Z" Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org> Reviewed-by: Günther Deschner <gd@samba.org>
* lib/ldb: fix logic in ldb_val_to_time()Stefan Metzmacher2015-01-241-6/+32
| | | | | | | | | | | | 040408072012Z should represent 20040408072012.0Z as well as 20040408072012.000Z or 20040408072012.RandomIgnoredCharaters...Z Bug: https://bugzilla.samba.org/show_bug.cgi?id=9810 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org> Reviewed-by: Günther Deschner <gd@samba.org>
* Update the tevent_data.dox tutrial stuff to fix some errors, including whiteRichard Sharpe2015-01-241-13/+17
| | | | | | | | | | space problems. Signed-off-by: Richard Sharpe <rsharpe@samba.org> Reviewed-by: Ralph Boehme <rb@sernet.de> Autobuild-User(master): Richard Sharpe <sharpe@samba.org> Autobuild-Date(master): Sat Jan 24 09:33:03 CET 2015 on sn-devel-104
* vfs_glusterfs: Add comments to the pipe(2) code.Ira Cooper2015-01-231-0/+17
| | | | | | | | | | | The guarantees around read(2) and write(2) and pipes are critical to understanding this code. Hopefully these comments will help. Signed-off-by: Ira Cooper <ira@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Fri Jan 23 20:58:51 CET 2015 on sn-devel-104
* selftest: Run krb5.kdc test against users with a UPNAndrew Bartlett2015-01-232-2/+24
| | | | | | | | | | | This tests both a UPN in our own realm, and a UPN with a non-realm suffix. Pair-programmed-with: Garming Sam <garming@catalyst.net.nz> Signed-off-by: Garming Sam <garming@catalyst.net.nz> Signed-off-by: Andrew Bartlett <abartlet@samba.org> Autobuild-User(master): Andrew Bartlett <abartlet@samba.org> Autobuild-Date(master): Fri Jan 23 08:10:07 CET 2015 on sn-devel-104
* torture-krb5: Check for UPN hanlding in krb5.kdc.canon testAndrew Bartlett2015-01-231-18/+90
| | | | | | | | | This allows us to confirm correct behaviour when a UPN is in use, particularly with the canonicalize flag and with enterprise principal names Pair-programmed-with: Garming Sam <garming@catalyst.net.nz> Signed-off-by: Garming Sam <garming@catalyst.net.nz> Signed-off-by: Andrew Bartlett <abartlet@samba.org>
* kdc: Correctly return the krbtgt/realm@REALM principal from our KDCAndrew Bartlett2015-01-231-25/+31
| | | | | | | | | | This needs to vary depending on if the client requested the canonicalize flag This was found by our new krb5.kdc test Signed-off-by: Garming Sam <garming@catalyst.net.nz> Pair-programmed-with: Garming Sam <garming@catalyst.net.nz> Signed-off-by: Andrew Bartlett <abartlet@samba.org>
* torture-krb5: Move checking of server and client names to krb5.kdc.canonAndrew Bartlett2015-01-232-20/+25
| | | | | | | | This keeps this test in one place, rather than duplicated between krb5.kdc and krb5.kdc.canon Signed-off-by: Garming Sam <garming@catalyst.net.nz> Pair-programmed-with: Garming Sam <garming@catalyst.net.nz> Signed-off-by: Andrew Bartlett <abartlet@samba.org>
* torture-krb5: Move test of krb5_get_init_creds_opt_set_win2k to krb5.kdc.canonAndrew Bartlett2015-01-232-25/+11
| | | | | | | | | | This allows the impact of this to be verified with the other options we are setting This also removes duplication in the kdc.c testsuite. Pair-programmed-with: Garming Sam <garming@catalyst.net.nz> Signed-off-by: Garming Sam <garming@catalyst.net.nz> Signed-off-by: Andrew Bartlett <abartlet@samba.org>
* torture-krb5: Split the expected behaviour of the RODC upAndrew Bartlett2015-01-233-7/+14
| | | | | | | | The expectations of the cached accounts are different to those of the RODC in general. Pair-programmed-with: Garming Sam <garming@catalyst.net.nz> Signed-off-by: Garming Sam <garming@catalyst.net.nz> Signed-off-by: Andrew Bartlett <abartlet@samba.org>
* torture-kdc: Skip the request-pac behaviour for now against an RODCAndrew Bartlett2015-01-231-0/+3
| | | | Signed-off-by: Andrew Bartlett <abartlet@samba.org>
* torture-krb5: Add commentsAndrew Bartlett2015-01-232-0/+79
| | | | Signed-off-by: Andrew Bartlett <abartlet@samba.org>
* kdc: Add TODO to remind us where we need to hook for RODC to get secretsAndrew Bartlett2015-01-231-0/+1
| | | | | | Pair-programmed-with: Garming Sam <garming@catalyst.net.nz> Signed-off-by: Garming Sam <garming@catalyst.net.nz> Signed-off-by: Andrew Bartlett <abartlet@samba.org>
* kdc: Fix Samba's KDC to only change the principal in the right casesAndrew Bartlett2015-01-231-9/+23
| | | | | | | | | | | | | | | | If we are set to canonicalize, we get back the fixed UPPER case realm, and the real username (ie matching LDAP samAccountName) Otherwise, if we are set to enterprise, we get back the whole principal as-sent Finally, if we are not set to canonicalize, we get back the fixed UPPER case realm, but the as-sent username Signed-off-by: Garming Sam <garming@catalyst.net.nz> Pair-programmed-with: Garming Sam <garming@catalyst.net.nz> Signed-off-by: Andrew Bartlett <abartlet@samba.org>
* torture-krb5: Add tests for combinations of enterprise, cannon, and ↵Andrew Bartlett2015-01-235-7/+415
| | | | | | | | | | | different input principals This combinational test confirms the interactions between a number of differnet kerberos flags and principal types. Signed-off-by: Andrew Bartlett <abartlet@samba.org> Pair-programmed-with: Garming Sam <garming@catalyst.net.nz> Signed-off-by: Garming Sam <garming@catalyst.net.nz>
* torture: Extend krb5.kdc test to confirm correct RODC proxy behaviourAndrew Bartlett2015-01-233-5/+37
| | | | | | | | | | | The RODC should answer some requests locally, and others it should defer to the main DC. We can tell which KDC we talk do by the KVNO of the encrypted parts that are returned to the KDC. Pair-programmed-with: Garming Sam <garming@catalyst.net.nz> Signed-off-by: Garming Sam <garming@catalyst.net.nz> Signed-off-by: Andrew Bartlett <abartlet@samba.org>
* sefltest: Add test for enterprise UPN in a different domainAndrew Bartlett2015-01-231-5/+18
| | | | | | Pair-programmed-with: Garming Sam <garming@catalyst.net.nz> Signed-off-by: Garming Sam <garming@catalyst.net.nz> Signed-off-by: Andrew Bartlett <abartlet@samba.org>
* kdc: Fix enterpise principal name handlingAndrew Bartlett2015-01-232-11/+24
| | | | | | | | | | | | Based on a patch by Samuel Cabrero <scabrero@zentyal.com> This ensures we write the correct (implict, samAccountName) based UPN into the ticket, rather than the userPrincipalName, which will have a different realm. Pair-programmed-with: Garming Sam <garming@catalyst.net.nz> Signed-off-by: Andrew Bartlett <abartlet@samba.org> Signed-off-by: Garming Sam <garming@catalyst.net.nz>
* heimdal: Ensure that HDB_ERR_NOT_FOUND_HERE, critical for the RODC, is not ↵Andrew Bartlett2015-01-231-4/+19
| | | | | | | | | | | overwritten This change ensures that our RODC will correctly proxy when asked to provide a ticket for a service or user where the keys are not on this RODC. Signed-off-by: Garming Sam <garming@catalyst.net.nz> Pair-programmed-with: Garming Sam <garming@catalyst.net.nz> Signed-off-by: Andrew Bartlett <abartlet@samba.org>
* heimdal: Really bug in KDC handling of enterprise princsNicolas Williams2015-01-231-3/+2
| | | | | | | | | | | | | | | The value of this commit to Samba is to continue to match Heimdal's upstream code in this area. Because we set HDB_CAP_F_HANDLE_ENTERPRISE_PRINCIPAL there is no runtime difference. (commit message by Andrew Bartlett) Cherry-pick of Heimdal commit 9aa7883ff2efb3e0a60016c9090c577acfd0779f Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Garming Sam <garming@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* heimdal: Fix bug in KDC handling of enterprise principalsNicolas Williams2015-01-231-35/+38
| | | | | | | | | | | | | | The useful change in Samba from this commit is that we gain validation of the enterprise principal name. (commit message by Andrew Bartlett) Cherry-pick of Heimdal commit c76ec8ec6a507a6f34ca80c11e5297146acff83f Reviewed-by: Garming Sam <garming@catalyst.net.nz> Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* torture: Extend KDC test to cover more options and modesAndrew Bartlett2015-01-232-7/+151
| | | | | | Signed-off-by: Garming Sam <garming@catalyst.net.nz> Pair-programmed-with: Garming Sam <garming@catalyst.net.nz> Signed-off-by: Andrew Bartlett <abartlet@samba.org>
* torture: Decode expected packets and test KDC behaviour for wrong passwordsAndrew Bartlett2015-01-231-9/+164
| | | | | | Pair-programmed-with: Garming Sam <garming@catalyst.net.nz> Signed-off-by: Garming Sam <garming@catalyst.net.nz> Signed-off-by: Andrew Bartlett <abartlet@samba.org>
* torture: Additionally run testsuite for krb5 and KDC behaviour against all ↵Andrew Bartlett2015-01-231-5/+5
| | | | | | | | the DC envs Pair-programmed-with: Garming Sam <garming@catalyst.net.nz> Signed-off-by: Garming Sam <garming@catalyst.net.nz> Signed-off-by: Andrew Bartlett <abartlet@samba.org>
* torture: Additionally run testsuite for krb5 and KDC behaviour with ↵Andrew Bartlett2015-01-232-0/+25
| | | | | | | | unprivileged accounts Pair-programmed-with: Garming Sam <garming@catalyst.net.nz> Signed-off-by: Garming Sam <garming@catalyst.net.nz> Signed-off-by: Andrew Bartlett <abartlet@samba.org>
* torture: Run new testsuite for krb5 and KDC behaviour with machine account alsoAndrew Bartlett2015-01-232-6/+15
| | | | | | Pair-programmed-with: Garming Sam <garming@catalyst.net.nz> Signed-off-by: Garming Sam <garming@catalyst.net.nz> Signed-off-by: Andrew Bartlett <abartlet@samba.org>
* torture: Start a new testsuite for krb5 and KDC behaviourAndrew Bartlett2015-01-236-37/+226
| | | | | | Pair-programmed-with: Garming Sam <garming@catalyst.net.nz> Signed-off-by: Garming Sam <garming@catalyst.net.nz> Signed-off-by: Andrew Bartlett <abartlet@samba.org>
* s3-pam_smbpass: Correctly initialize variables.Andreas Schneider2015-01-221-2/+2
| | | | | | | | | | This fixes a coverity warning. Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Thu Jan 22 22:51:59 CET 2015 on sn-devel-104
* s3-pam_smbpass: Remove superfluous NULL check for pam functions.Andreas Schneider2015-01-221-3/+0
| | | | | Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* s3-pam_smbpass: Make sure PAM_MAXTRIES can be returned.Andreas Schneider2015-01-221-1/+2
| | | | | Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* s3-pam_smbpass: Check the return code of secrets_init().Andreas Schneider2015-01-221-1/+5
| | | | | | | This fixes a coverity warning. Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* s3-pam_smbpass: Fix set_ctrl() return value.Andreas Schneider2015-01-222-2/+5
| | | | | | | This fixes a cppcheck warning. Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* s3-pam_smbpass: Make sure variables are initialized.Andreas Schneider2015-01-221-3/+3
| | | | | | | This fixes cppcheck warnings. Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* s3-smbspool: Use strtol() instead of atoi().Andreas Schneider2015-01-221-1/+8
| | | | | | | This fixes a coverity warning. Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* winbind: Fix idmap initializationVolker Lendecke2015-01-221-6/+8
| | | | | | | | | | | | | | | | | | The fix is in the sscanf line: %u in the sscanf format mandates the use of a pointer to an "unsigned". idmap_domain->[low|high]_id are uint32_t. On little endian 64-bit this might at least put the correct values into low_id and high_id, but might overwrite the read_only bit set earlier, depending on structure alignment and packing. On big endian 64-bit, this will just fail. Automatic conversion to uint32_t will happen only at assignment, not when you take a pointer of such a thing. Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org> Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org> Autobuild-Date(master): Thu Jan 22 17:58:16 CET 2015 on sn-devel-104
* s3-pam_smbpass: Fix memory leak in pam_sm_authenticate().Andreas Schneider2015-01-221-2/+9
| | | | | | | BUG: https://bugzilla.samba.org/show_bug.cgi?id=11066 Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Volker Lendecke <vl@samba.org>
* vfs: Fix a typoVolker Lendecke2015-01-221-1/+1
| | | | | | | | Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org> Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org> Autobuild-Date(master): Thu Jan 22 13:14:38 CET 2015 on sn-devel-104
* Remove use of the "staticforward" macroPetr Viktorin2015-01-228-22/+22
| | | | | | | | | | This macro was used for compatibility with broken compilers. Since Python 2.3, it is always defined as `static`, and only exists "for source compatibility with old C extensions". Signed-off-by: Petr Viktorin <pviktori@redhat.com> Reviewed-by: Jelmer Vernooij <jelmer@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
* dsdb-tests: Clarify that accounts really do fall back to UF_NORMAL_ACCOUNT ↵Andrew Bartlett2015-01-221-3/+63
| | | | | | | | | | | | | | | if no account set Also confirm what bits have to be ignored, or otherwise processed Bug: https://bugzilla.samba.org/show_bug.cgi?id=10993 Pair-programmed-with: Garming Sam <garming@catalyst.net.nz> Signed-off-by: Garming Sam <garming@catalyst.net.nz> Signed-off-by: Andrew Bartlett <abartlet@samba.org> Autobuild-User(master): Andrew Bartlett <abartlet@samba.org> Autobuild-Date(master): Thu Jan 22 10:16:42 CET 2015 on sn-devel-104
generated by cgit (git 2.34.1) at 2025-09-26 20:05:18 +0000