summaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
...
* lib: Add iov_advanceVolker Lendecke2014-12-302-0/+35
| | | | | | | This chops off n bytes from an iovec array. Used for short writev's Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* lib: iov_buf does not need talloc.h anymoreVolker Lendecke2014-12-301-1/+0
| | | | | Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* lib: Use talloc_memdup in messaging_rec_dupVolker Lendecke2014-12-281-2/+1
| | | | | | | | Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Sun Dec 28 04:20:48 CET 2014 on sn-devel-104
* lib: Simplify check_log_sizeVolker Lendecke2014-12-281-5/+3
| | | | | Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* lib: Use talloc_zero_array instead of memsetVolker Lendecke2014-12-271-3/+1
| | | | | | | | Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Martin Schwenke <martin@meltin.net> Autobuild-User(master): Martin Schwenke <martins@samba.org> Autobuild-Date(master): Sat Dec 27 01:27:08 CET 2014 on sn-devel-104
* Fix a comment to indicate that TALLOC_FREE must be used to free an allocated ↵Richard Sharpe2014-12-261-1/+1
| | | | | | | | | | array of strings. Signed-off-by: Richard Sharpe <realrichardsharpe@gmail.com> Reviewed-by: Volker Lendecke <vl@samba.org> Autobuild-User(master): Volker Lendecke <vl@samba.org> Autobuild-Date(master): Fri Dec 26 22:54:51 CET 2014 on sn-devel-104
* winbind: Retry LogonControl RPC in ping-dc after session expirationChristof Schmitt2014-12-231-0/+10
| | | | | | | | | | | | When the underlying session expires, the LogonControl RPC call used in ping-dc returns NT_STATUS_IO_DEVICE_ERROR. Retry once in this case, instead of returning the error to the caller. Signed-off-by: Christof Schmitt <cs@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Tue Dec 23 02:46:34 CET 2014 on sn-devel-104
* dsdb: Add tokenGroupsGlobalAndUniversal, tokenGroups, tokenGroupsNoGCAcceptableGarming Sam2014-12-222-15/+399
| | | | | | | | | | | | | | | | This includes additional tests based directly on the docs, rather than simply testing our internal implementation in client and server contexts, that create a user and groups. Bug: https://bugzilla.samba.org/show_bug.cgi?id=11022 Pair-programmed-with: Garming Sam <garming@catalyst.net.nz> Signed-off-by: Garming-Sam <garming@catalyst.net.nz> Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> Autobuild-User(master): Stefan Metzmacher <metze@samba.org> Autobuild-Date(master): Mon Dec 22 17:17:02 CET 2014 on sn-devel-104
* dns.py: Always remove the test zone in tearDown()Andrew Bartlett2014-12-221-0/+8
| | | | | | | | | | Change-Id: Ic6d6c51579f8859b4e396179123974382c253bf7 Signed-off-by: Garming Sam <garming@catalyst.net.nz> Pair-programmed-with: Garming Sam <garming@catalyst.net.nz> Signed-off-by: Andrew Bartlett <abartlet@samba.org> Autobuild-User(master): Garming Sam <garming@samba.org> Autobuild-Date(master): Mon Dec 22 08:21:22 CET 2014 on sn-devel-104
* dsdb: Ignore errors from search in dns_notify moduleAndrew Bartlett2014-12-221-14/+12
| | | | | | | | This ensures the error messages are unchanged Pair-programmed-with: Garming Sam <garming@catalyst.net.nz> Signed-off-by: Garming Sam <garming@catalyst.net.nz> Signed-off-by: Andrew Bartlett <abartlet@samba.org>
* dsdb: Use a fixed set of attributes in search in dns_notify moduleAndrew Bartlett2014-12-221-2/+4
| | | | | | Pair-programmed-with: Garming Sam <garming@catalyst.net.nz> Signed-off-by: Garming Sam <garming@catalyst.net.nz> Signed-off-by: Andrew Bartlett <abartlet@samba.org>
* dsdb: Use ldb_attr_cmp() for comparing objectclass namesAndrew Bartlett2014-12-221-3/+3
| | | | | | | | This is the same as strcasecmp, but it is best to remain consistent. Pair-programmed-with: Garming Sam <garming@catalyst.net.nz> Signed-off-by: Garming Sam <garming@catalyst.net.nz> Signed-off-by: Andrew Bartlett <abartlet@samba.org>
* dns.py: Test dns server reload zones from DSDB when are created or deletedSamuel Cabrero2014-12-221-0/+78
| | | | | | | Signed-off-by: Samuel Cabrero <samuelcabrero@kernevil.me> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Garming Sam <garming@catalyst.net.nz>
* s4-dns: Reload DNS zones from dsdb when zones are modified through RPC or DRSSamuel Cabrero2014-12-225-39/+565
| | | | | | | | | | | | | Setup a RPC management call on the internal DNS server triggered a new LDB module which sniffs dnsZone object add, delete and modify operations. This way the notification is triggered when zones are modified either from RPC or replicated by inbound DRS. Signed-off-by: Samuel Cabrero <samuelcabrero@kernevil.me> (shadowed variable error corrected by abartlet) Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Garming Sam <garming@catalyst.net.nz>
* selftest: Run samba.tests.dns in :local environment so it can access credentialsAndrew Bartlett2014-12-221-1/+1
| | | | | | | | This allows it to access the machine account, and use that to modify the DNS zones Pair-programmed-with: Garming Sam <garming@catalyst.net.nz> Signed-off-by: Garming Sam <garming@catalyst.net.nz> Signed-off-by: Andrew Bartlett <abartlet@samba.org>
* lib/ldb-samba: Add comment dicouraging use of schemaUpgradeInProgressAndrew Bartlett2014-12-221-0/+10
| | | | | | | | | Signed-off-by: Garming Sam <garming@catalyst.net.nz> Pair-programmed-with: Garming Sam <garming@catalyst.net.nz> Signed-off-by: Andrew Bartlett <abartlet@samba.org> Autobuild-User(master): Garming Sam <garming@samba.org> Autobuild-Date(master): Mon Dec 22 02:42:42 CET 2014 on sn-devel-104
* dsdb: Only parse SAMBA_LDAP_MATCH_RULE_TRANSITIVE_EVAL as a DNAndrew Bartlett2014-12-221-1/+3
| | | | | | | | This avoids trying to parse some other rule, like bitwise and, that may be applied to this attribute Signed-off-by: Garming Sam <garming@catalyst.net.nz> Pair-programmed-with: Garming Sam <garming@catalyst.net.nz> Signed-off-by: Andrew Bartlett <abartlet@samba.org>
* s4:dsdb: Fix not freed temp memory contextSamuel Cabrero2014-12-221-0/+1
| | | | | | Signed-off-by: Samuel Cabrero <samuelcabrero@kernevil.me> Reviewed-by: Garming Sam <garming@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* ldb-samba-tests: Add tests for transitive matching ruleSamuel Cabrero2014-12-222-0/+474
| | | | | | | Signed-off-by: Samuel Cabrero <samuelcabrero@kernevil.me> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Garming Sam <garming@catalyst.net.nz>
* ldb-samba: Implement transitive extended matchingSamuel Cabrero2014-12-224-1/+373
| | | | | | | | | | | | | | | | | | Documented in [MS-ADTS] section 3.1.1.3.4.4.3 LDAP_MATCHING_RULE_TRANSITIVE_EVAL This allows a search filter such as: member:1.2.840.113556.1.4.1941:=cn=user,cn=users,dc=samba,dc=example,dc=com This searches not only the member attribute, but also any member attributes that point at an object with this member in them. All the various DN syntax types are supported, not just plain DNs. Signed-off-by: Samuel Cabrero <samuelcabrero@kernevil.me> (abartlet: Fixed compile error: return makes integer from pointer without a cast) Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Garming Sam <garming@catalyst.net.nz>
* dsdb: Define syntax access point oid string as a macroSamuel Cabrero2014-12-222-1/+2
| | | | | | Signed-off-by: Samuel Cabrero <samuelcabrero@kernevil.me> Reviewed-by: Garming Sam <garming@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* ldb: bump to version 1.1.19Andrew Bartlett2014-12-223-1/+266
| | | | | | Signed-off-by: Andrew Bartlett <abartlet@samba.org> Pair-programmed-by: Garming Sam <garming@catalyst.net.nz> Signed-off-by: Garming Sam <garming@catalyst.net.nz>
* ldb: Allow to register extended match rulesSamuel Cabrero2014-12-224-36/+165
| | | | | | | | | | | | This allows to extend LDB by registering extended match rules from outside the library itself. This is necessary when the implementation requires knowledge about syntaxes implemented in samba extensions, like the LDAP_MATCHING_RULE_TRANSITIVE_EVAL match. Signed-off-by: Samuel Cabrero <samuelcabrero@kernevil.me> Singed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Garming Sam <garming@catalyst.net.nz>
* dsdb: Improve code clarity for ldb_extended_dn_in_openldap modeAndrew Bartlett2014-12-221-3/+7
| | | | | | Pair-programmed-with: Garming Sam <garming@catalyst.net.nz> Signed-off-by: Garming Sam <garming@catalyst.net.nz> Signed-off-by: Andrew Bartlett <abartlet@samba.org>
* s4:dsdb/extended_dn_in: Fix DNs and filter expressions in extended match opsSamuel Cabrero2014-12-221-13/+35
| | | | | | Signed-off-by: Samuel Cabrero <samuelcabrero@kernevil.me> Reviewed-by: Garming Sam <garming@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* torture/spoolss: issue GetJob after StartDocPrinterDavid Disseldorp2014-12-191-0/+8
| | | | | | | | | | | | This reflects Windows XP spoolss client behaviour. This fails if the job is not yet instantiated on the server, and prior to the bso#10984 fix resulted in an unsable DCERPC pipe. Signed-off-by: David Disseldorp <ddiss@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org> Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org> Autobuild-Date(master): Fri Dec 19 18:03:20 CET 2014 on sn-devel-104
* spoolss: clear PrinterInfo on GetPrinter errorDavid Disseldorp2014-12-191-7/+12
| | | | | | | | | | If an error is returned without zeroing a pre-allocated @info pointer, then marshalling of the response will fail. Bug: https://bugzilla.samba.org/show_bug.cgi?id=10984 Signed-off-by: David Disseldorp <ddiss@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
* spoolss: clear info on GetPrinterDriverDirectory errorDavid Disseldorp2014-12-191-0/+1
| | | | | | | | | | If an error is returned without zeroing a pre-allocated @info pointer, then marshalling of the response will fail. Bug: https://bugzilla.samba.org/show_bug.cgi?id=10984 Signed-off-by: David Disseldorp <ddiss@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
* spoolss: clear info on GetPrintProcessorDirectory errorDavid Disseldorp2014-12-191-4/+9
| | | | | | | | | | If an error is returned without zeroing a pre-allocated @info pointer, then marshalling of the response will fail. Bug: https://bugzilla.samba.org/show_bug.cgi?id=10984 Signed-off-by: David Disseldorp <ddiss@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
* spoolss: clear FormInfo on GetForm errorDavid Disseldorp2014-12-191-0/+1
| | | | | | | | | | | | In handling a spoolss GetForm request, the handler may return an immediate error if one of the input parameters is invalid. If this is done without zeroing the pre-allocated @info pointer, then marshalling of the response will fail. Bug: https://bugzilla.samba.org/show_bug.cgi?id=10984 Signed-off-by: David Disseldorp <ddiss@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
* spoolss: clear DriverInfo on GetPrinterDriver2 errorDavid Disseldorp2014-12-191-5/+11
| | | | | | | | | | | | In handling a spoolss GetPrinterDriver2 request, the handler may return an immediate error if one of the input parameters is invalid. If this is done without zeroing the pre-allocated @info pointer, then marshalling of the response will fail. Bug: https://bugzilla.samba.org/show_bug.cgi?id=10984 Signed-off-by: David Disseldorp <ddiss@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
* spoolss: clear JobInfo on GetJob errorDavid Disseldorp2014-12-191-10/+18
| | | | | | | | | | | | | | | | In handling a spoolss GetJob request, the _spoolss_GetJob() handler may return an immediate error if one of the input parameters is invalid. If this is done without zeroing the pre-allocated @info pointer, then api_spoolss_GetJob() will attempt to marshall @info, which in the case of an @offered value of zero results in a marshalling error: ndr_push_error(7): Bad subcontext (PUSH) content_size 64 is larger than size_is(0) Bug: https://bugzilla.samba.org/show_bug.cgi?id=10984 Signed-off-by: David Disseldorp <ddiss@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
* s4:kdc: add aes key support for trusted domainsStefan Metzmacher2014-12-191-37/+148
| | | | | | | | | | | We have a look at "msDS-SupportedEncryptionTypes" and >= DS_DOMAIN_FUNCTION_2008 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Günther Deschner <gd@samba.org> Autobuild-User(master): Stefan Metzmacher <metze@samba.org> Autobuild-Date(master): Fri Dec 19 15:39:40 CET 2014 on sn-devel-104
* s4:rpc_server/lsa: fix segfault in check_ft_info()Stefan Metzmacher2014-12-191-0/+2
| | | | | | | | | | | This is triggered by lsa_lsaRSetForestTrustInformation() with ForestTrustInfo elements using FOREST_TRUST_TOP_LEVEL_NAME. The nb_name variable was uninitialized and dereferenced without checking. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Günther Deschner <gd@samba.org>
* s4:rpc_server/lsa: remove unused allow_warnings=TrueStefan Metzmacher2014-12-191-1/+0
| | | | | | | | We compile without warnings now. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Günther Deschner <gd@samba.org>
* s4:rpc_server/lsa: remove trustAuthIncoming/trustAuthOutgoing when the ↵Stefan Metzmacher2014-12-191-12/+20
| | | | | | | | | | | related flag is removed. When LSA_TRUST_DIRECTION_INBOUND or LSA_TRUST_DIRECTION_OUTBOUND flags is cleared we should also remove the related credentials. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Günther Deschner <gd@samba.org>
* s4:rpc_server/lsa: pass the correct variable to setInfoTrustedDomain_base()Stefan Metzmacher2014-12-191-4/+3
| | | | | | | | | | | | This requires 'struct lsa_policy_state', we now pass this directly instead of a instead of an opaque 'struct dcesrv_handle'. dcesrv_lsa_SetInformationTrustedDomain() passes in a 'struct dcesrv_handle' with 'struct lsa_trusted_domain_state' before, which results in segfaults. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Günther Deschner <gd@samba.org>
* s3:pdb_samba_dsdb: use SEC_CHAN_DNS_DOMAIN in ↵Stefan Metzmacher2014-12-191-6/+33
| | | | | | | | | | | | pdb_samba_dsdb_get_trusteddom_creds() If both ends have a dns domain, we can use SEC_CHAN_DNS_DOMAIN in order to match a Windows DC. For kerberos we still need to use MY_NETBIOS_DOMAIN$@REMOTE_REALM. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* s3:pdb_samba_dsdb: add pdb_samba_dsdb_get_trusteddom_credsStefan Metzmacher2014-12-191-1/+225
| | | | | | | | | | We have the password as raw UTF16 blob, which might not be valid utf16, so we need to use cli_credentials_set_utf16_password(). Bug: https://bugzilla.samba.org/show_bug.cgi?id=11016 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* s3:winbindd: make use of cli_rpc_pipe_open_schannel_with_creds()Stefan Metzmacher2014-12-191-17/+40
| | | | | | | This way we pass down enough information for SEC_CHAN_DNS_DOMAIN to work. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* s3:winbindd: make use of rpccli_{create,setup}_netlogon_creds_with_creds()Stefan Metzmacher2014-12-191-23/+9
| | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* s3:winbindd: we only need a an netlogon connection to a rwdc if we're a rodc ↵Stefan Metzmacher2014-12-191-2/+2
| | | | | | | | | | ourself If we're a member or RWDC there's no need to require talking to a rwdc, an rodc will forward the request if required. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* s3:winbindd: make sure we try to use NCACN_IP_TCP in cm_connect_netlogonStefan Metzmacher2014-12-191-0/+5
| | | | | | | | We need to call init_dc_connection_rpc() before we can decide if we want to try NCACN_IP_TCP. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* s3:rpc_client: add cli_rpc_pipe_open_schannel_with_creds() helper functionStefan Metzmacher2014-12-192-0/+93
| | | | | | | | | This will simplify the callers and add potential support for SEC_CHAN_DNS_DOMAIN as cli_credentials_get_realm() will return the correct value compared to cli_credentials_get_domain(). Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* s3:cli_netlogon: add rpccli_{create,setup}_netlogon_creds_with_creds() ↵Stefan Metzmacher2014-12-192-0/+65
| | | | | | | | | helper functions This simplifies the callers, then can just pass in a cli_credentials structure. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* auth/credentials: add cli_credentials_set_utf16_password()Stefan Metzmacher2014-12-193-6/+65
| | | | | | | | | | | | | | We need a way to initialize the cli_credentials from the raw utf16 blob, which might not be completely valid utf16, which means the conversion from CH_UTF16MUNGED to CH_UTF8 might loose information. This would result in an invalid nt_hash, when we convert back from CH_UTF8 to CH_UTF16LE. Bug: https://bugzilla.samba.org/show_bug.cgi?id=11016 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* auth/gensec: add support for SEC_CHAN_DNS_DOMAIN to schannel_update()Stefan Metzmacher2014-12-191-17/+10
| | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* auth/gensec: make sure we keep a DCERPC_AUTH_TYPE_SCHANNEL backend if requiredStefan Metzmacher2014-12-191-0/+8
| | | | | | | | | | | | | Even with CRED_MUST_USE_KERBEROS we should keep the DCERPC_AUTH_TYPE_SCHANNEL backend arround, this can only be specified explicitely by the caller and cli_credentials_get_netlogon_creds() != NULL is the strong indication that the caller is using DCERPC_AUTH_TYPE_SCHANNEL *now*. With trusts against AD domain we can reliable use kerberos and netlogon secure channel for authentication. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* nsswitch/wbinfo: allow 'wbinfo --ping-dc --domain=SOMEDOMAIN'Stefan Metzmacher2014-12-191-4/+13
| | | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* nsswitch: allow passing the domain name to wbcPingDC[2]()Stefan Metzmacher2014-12-192-11/+43
| | | | | | | | winbindd already supports this. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
generated by cgit (git 2.34.1) at 2025-09-16 22:24:41 +0000