summaryrefslogtreecommitdiffstats
path: root/source3
Commit message (Collapse)AuthorAgeFilesLines
* s3:unix_msg: rename a variable buflen->data_len in queue_msg()Michael Adam2014-09-301-6/+6
| | | | | | | | | Pair-Programmed-With: Volker Lendecke <vl@samba.org> Pair-Programmed-With: Stefan Metzmacher <metze@samba.org> Signed-off-by: Michael Adam <obnox@samba.org> Signed-off-by: Volker Lendecke <vl@samba.org> Signed-off-by: Stefan Metzmacher <metze@samba.org>
* s3:unix_msg: use a buffer pointer instead of array indexes for the iov bufferMichael Adam2014-09-301-4/+7
| | | | | | | | | | | This is more obvious to read and a preparation for following commits. Pair-Programmed-With: Volker Lendecke <vl@samba.org> Pair-Programmed-With: Stefan Metzmacher <metze@samba.org> Signed-off-by: Michael Adam <obnox@samba.org> Signed-off-by: Volker Lendecke <vl@samba.org> Signed-off-by: Stefan Metzmacher <metze@samba.org>
* s3:unix_msg: remember errno in unix_dgram_send_job in case of send error.Michael Adam2014-09-301-0/+4
| | | | | | | | | Pair-Programmed-With: Volker Lendecke <vl@samba.org> Pair-Programmed-With: Stefan Metzmacher <metze@samba.org> Signed-off-by: Michael Adam <obnox@samba.org> Signed-off-by: Volker Lendecke <vl@samba.org> Signed-off-by: Stefan Metzmacher <metze@samba.org>
* s3:unix_msg: don't close the fd-array at the end of unix_dgram_send_job()Michael Adam2014-09-301-2/+0
| | | | | | | | | | | | These pthread-pool-jobs should be minimal and ideally only do one syscall. The closing of the fds is done in unix_dgram_job_finished(). Pair-Programmed-With: Volker Lendecke <vl@samba.org> Pair-Programmed-With: Stefan Metzmacher <metze@samba.org> Signed-off-by: Michael Adam <obnox@samba.org> Signed-off-by: Volker Lendecke <vl@samba.org> Signed-off-by: Stefan Metzmacher <metze@samba.org>
* s3:unix_msg: add "close_fds" exit point to unix_msg_recv()Michael Adam2014-09-301-10/+10
| | | | | | Signed-off-by: Michael Adam <obnox@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Volker Lendecke <vl@samba.org>
* s3:messaging: msg_type int->uint32_t in struct messaging_hdrMichael Adam2014-09-301-1/+1
| | | | | | Signed-off-by: Michael Adam <obnox@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Volker Lendecke <vl@samba.org>
* s3:messaging: fix uninitialized data introduced by paddingMichael Adam2014-09-301-0/+1
| | | | | | Signed-off-by: Michael Adam <obnox@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Volker Lendecke <vl@samba.org>
* winbindd: Change value of "ldap sasl wrapping" to signAndrew Bartlett2014-09-301-0/+2
| | | | | | | | This is to disrupt MITM attacks between us and our DC Pair-programmed-with: Garming Sam <garming@catalyst.net.nz> Signed-off-by: Garming Sam <garming@catalyst.net.nz> Signed-off-by: Andrew Bartlett <abartlet@samba.org>
* winbindd: Do not make anonymous connections by defaultAndrew Bartlett2014-09-301-0/+29
| | | | | | | | | | | The requirement is that we have "winbind sealed pipes = false" and "require strong key = false" before we make anonymous connections. These are a security risk as we cannot prevent MITM attacks. Andrew Bartlett Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* s3-winbindd: Do not use domain SID from LookupSids for Sids2UnixIDs callChristof Schmitt2014-09-291-3/+30
| | | | | | | | | | | | | | | | | Create a new lsa_RefDomainList and populate it with the domain SID from the original query. That avoids the problem that for migrated objects, LookupSids returns the SID of the new domain, and combining that with the RID from the input results in an invalid SID. A better fix would be querying the RID of the user in the new domain, but the approach here at least avoids id mappings entries for invalid SIDs. Signed-off-by: Christof Schmitt <cs@samba.org> Reviewed-by: Volker Lendecke <vl@samba.org> Autobuild-User(master): Volker Lendecke <vl@samba.org> Autobuild-Date(master): Mon Sep 29 13:15:18 CEST 2014 on sn-devel-104
* s3: Move init_lsa_ref_domain_list to libChristof Schmitt2014-09-295-48/+98
| | | | | | | This will be used in the next patch in winbind. Signed-off-by: Christof Schmitt <cs@samba.org> Reviewed-by: Volker Lendecke <vl@samba.org>
* s3:net_rpc_printer: make use of cli_credentials_get_username()Stefan Metzmacher2014-09-291-19/+13
| | | | | | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Günther Deschner <gd@samba.org> Autobuild-User(master): Stefan Metzmacher <metze@samba.org> Autobuild-Date(master): Mon Sep 29 10:51:37 CEST 2014 on sn-devel-104
* s3-winbindd: Require SMB signing by default to disrupt MITM attacks with our DCAndrew Bartlett2014-09-281-1/+33
| | | | | | | | | | | | | | This makes it much harder to impersonate the DC, but allows this to be turned off or returned to IF_REQUIRED with a simple change to the 'client signing' smb.conf parameter. Andrew Bartlett Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> Autobuild-User(master): Andrew Bartlett <abartlet@samba.org> Autobuild-Date(master): Sun Sep 28 06:25:55 CEST 2014 on sn-devel-104
* fileserver: raise debug level for share connection closing for non-IPC to 2.Jelmer Vernooij2014-09-281-1/+1
| | | | | | | | | | This reduces spamming during 'make test' runs. This change is consistent with aad5eeb9b4f67b03988ceefb7888cb63ecefcf30, which raised the log level for logging of new non-IPC connections. Signed-Off-By: Jelmer Vernooij <jelmer@samba.org> Change-Id: I4343570c8d6158b6715e514a8a7cd323a9c727ae Reviewed-by: Michael Adam <obnox@samba.org>
* s3:passdb: add pdb_get_trust_credentials()Stefan Metzmacher2014-09-275-24/+563
| | | | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Pair-programmed-with: Andrew Bartlett <abartlet@samba.org>
* s3:torture: in LOCAL-MESSAGING-FDPASS2, close fds after passing themMichael Adam2014-09-271-0/+3
| | | | | | | | Signed-off-by: Michael Adam <obnox@samba.org> Reviewed-by: Volker Lendecke <vl@samba.org> Autobuild-User(master): Volker Lendecke <vl@samba.org> Autobuild-Date(master): Sat Sep 27 12:44:55 CEST 2014 on sn-devel-104
* s3:unix_msg: fix a tab<->space mixup in unix_msg_recv()Michael Adam2014-09-271-1/+1
| | | | | Signed-off-by: Michael Adam <obnox@samba.org> Reviewed-by: Volker Lendecke <vl@samba.org>
* smbd:smb2: improve smbd_smb2_protocol_dialect_match(), removing code duplicationMichael Adam2014-09-271-73/+25
| | | | | Signed-off-by: Michael Adam <obnox@samba.org> Reviewed-by: Volker Lendecke <vl@samba.org>
* librpc: gensec is our security provider abstraction, remove a void *Andrew Bartlett2014-09-274-22/+11
| | | | | | | Andrew Bartlett Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* librpc: Remove user/domain from struct pipe_auth_dataAndrew Bartlett2014-09-274-32/+49
| | | | | | | | This does require that we always fill in the gensec pointer, but the simplification is worth the extra allocations. Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* idl: Merge NETR_TRUST and LSA_TRUST definitions into one set only in lsa.idlAndrew Bartlett2014-09-276-12/+13
| | | | | Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* s3-libnet: set list of allowed krb5 encryption types in AD >= 2008.Günther Deschner2014-09-261-0/+65
| | | | | | | | Guenther Signed-off-by: Günther Deschner <gd@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* s3-net: add "net ads enctypes {list,set,delete}".Günther Deschner2014-09-261-0/+308
| | | | | | | | Guenther Signed-off-by: Günther Deschner <gd@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* s3-libnet: Make sure we do not overwrite precreated SPNs.Günther Deschner2014-09-261-3/+36
| | | | | | | | | | BUG: https://bugzilla.samba.org/show_bug.cgi?id=9984 Signed-off-by: Günther Deschner <gd@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org> Autobuild-User(master): Günther Deschner <gd@samba.org> Autobuild-Date(master): Fri Sep 26 08:22:45 CEST 2014 on sn-devel-104
* s3-libnet: Add libnet_join_get_machine_spns().Andreas Schneider2014-09-261-0/+20
| | | | | | | BUG: https://bugzilla.samba.org/show_bug.cgi?id=9984 Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Guenther Deschner <gd@samba.org>
* s3-libads: Add all machine account principals to the keytab.Andreas Schneider2014-09-261-22/+52
| | | | | | | | | | This adds all SPNs defined in the DC for the computer account to the keytab using 'net ads keytab create -P'. BUG: https://bugzilla.samba.org/show_bug.cgi?id=9985 Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Guenther Deschner <gd@samba.org>
* s3-libads: Add function to search for an element in an array.Andreas Schneider2014-09-262-0/+33
| | | | | | | BUG: https://bugzilla.samba.org/show_bug.cgi?id=9984 Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Guenther Deschner <gd@samba.org>
* s3-libads: Add a function to retrieve the SPNs of a computer account.Andreas Schneider2014-09-262-0/+66
| | | | | | | BUG: https://bugzilla.samba.org/show_bug.cgi?id=9984 Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Guenther Deschner <gd@samba.org>
* s3-libads: Improve service principle guessing.Andreas Schneider2014-09-261-58/+66
| | | | | | | | | | | If the name passed to the net command with the -S options is the long hostname of the domaincontroller and not the 15 char NetBIOS name we should construct a FQDN with the realm to get a Kerberos ticket. BUG: https://bugzilla.samba.org/show_bug.cgi?id=10829 Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Guenther Deschner <gd@samba.org>
* s3: tldap_util: Ensure all asn1_XX returns are checked.Jeremy Allison2014-09-261-20/+23
| | | | | Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Ronnie Sahlberg <ronniesahlberg@gmail.com>
* s3: tldap: Ensure all asn1_XX returns are checked.Jeremy Allison2014-09-261-143/+172
| | | | | Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Ronnie Sahlberg <ronniesahlberg@gmail.com>
* s3: libsmb: Ensure all asn1_XX returns are checked.Jeremy Allison2014-09-261-116/+137
| | | | | Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Ronnie Sahlberg <ronniesahlberg@gmail.com>
* vfs_fruit: update rfork size in AppleDouble headerRalph Boehme2014-09-251-0/+8
| | | | | | | | | | | | Update the AppleDouble entry with the new size when ftruncating a resource fork. Signed-off-by: Ralph Boehme <rb@sernet.de> Reviewed-by: Jeremy Allison <jra@samba.org> Reviewed-by: Volker Lendecke <vl@samba.org> Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Thu Sep 25 23:43:35 CEST 2014 on sn-devel-104
* vfs_fruit: ad_write: path may be NULL for rforkRalph Boehme2014-09-251-2/+5
| | | | | | | | | | In preperation of the next commit where we want to call ad_write() on a resource fork without having a name, just an fsp, which is fine for resource forks. Signed-off-by: Ralph Boehme <rb@sernet.de> Reviewed-by: Jeremy Allison <jra@samba.org> Reviewed-by: Volker Lendecke <vl@samba.org>
* vfs_fruit: fix resource fork length calculationRalph Boehme2014-09-251-7/+3
| | | | | | | | Don't add the AppleDouble header size to the resource fork size. Signed-off-by: Ralph Boehme <rb@sernet.de> Reviewed-by: Jeremy Allison <jra@samba.org> Reviewed-by: Volker Lendecke <vl@samba.org>
* vfs_fruit: fix unpacking of AppleDouble filesRalph Boehme2014-09-251-2/+4
| | | | | | | | | | | OS X AppleDouble files may contain a FinderInfo AppleDouble entry larger then 32 bytes containing additional packed xattrs. ad_unpack() must deal with this in a way that allows callers to possibly fixup the entry. Signed-off-by: Ralph Boehme <rb@sernet.de> Reviewed-by: Jeremy Allison <jra@samba.org> Reviewed-by: Volker Lendecke <vl@samba.org>
* s3:torture: in LOCAL-MESSAGING-READ3, print some messages to childMichael Adam2014-09-241-0/+5
| | | | | | | | Signed-off-by: Michael Adam <obnox@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> Autobuild-User(master): Michael Adam <obnox@samba.org> Autobuild-Date(master): Wed Sep 24 11:09:43 CEST 2014 on sn-devel-104
* s3:torture: in LOCAL-MESSAGING-READ3, tell child to exit and waitMichael Adam2014-09-241-0/+17
| | | | | Signed-off-by: Michael Adam <obnox@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* selftest: run smbtorture3 LOCAL-MESSAGING-FDPASS2 testMichael Adam2014-09-241-0/+1
| | | | | Signed-off-by: Michael Adam <obnox@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* s3:torture: work on LOCAL-MESSAGING-FDPASS2Michael Adam2014-09-243-0/+238
| | | | | | | | | | | | | - parent: fork - parent: create up and down pipes, - parent: pass read end of up pipe and write end of down pipe to child - parent: write to up pipe - child: read from up pipe - child: write to down pipe - parent: read from down pipe Signed-off-by: Michael Adam <obnox@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* selftest: run smbtorture3 LOCAL-MESSAGING-FDPASS1 testMichael Adam2014-09-241-0/+1
| | | | | Signed-off-by: Michael Adam <obnox@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* s3:torture: add test LOCAL-MESSAGING-FDPASS1Michael Adam2014-09-244-0/+80
| | | | | | | Verify that a process can not pass an fd to itself. Signed-off-by: Michael Adam <obnox@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* s3:messaging: add fds-array to messaging_send_iov()Michael Adam2014-09-243-5/+19
| | | | | | Pair-Programmed-With: Stefan Metzmacher <metze@samba.org> Signed-off-by: Stefan Metzmacher <metze@samba.org> Signed-off-by: Michael Adam <obnox@samba.org>
* s3:messaging: add fds-array to message-backend send functionMichael Adam2014-09-245-4/+15
| | | | | | Pair-Programmed-With: Stefan Metzmacher <metze@samba.org> Signed-off-by: Stefan Metzmacher <metze@samba.org> Signed-off-by: Michael Adam <obnox@samba.org>
* s3:messaging: make it possible to receive a fd array from another processStefan Metzmacher2014-09-245-13/+85
| | | | | | | | | In order to receive the fd array the caller needs to use messaging_filtered_read_send/recv(). For all higher level methods we silently close/ignore the fd array. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Michael Adam <obnox@samba.org>
* s3:unix_msg: add fds-array to unix_msg_send() for fd passingMichael Adam2014-09-245-14/+39
| | | | | | Pair-Programmed-With: Stefan Metzmacher <metze@samba.org> Signed-off-by: Stefan Metzmacher <metze@samba.org> Signed-off-by: Michael Adam <obnox@samba.org>
* s3:unix_msg: pass the fd array to the unix_msg recv_callback functionStefan Metzmacher2014-09-245-5/+23
| | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Michael Adam <obnox@samba.org>
* s3:unix_msg: add fds-array to unix_dgram_send() for fd-passingMichael Adam2014-09-241-12/+161
| | | | | | Pair-Programmed-With: Stefan Metzmacher <metze@samba.org> Signed-off-by: Stefan Metzmacher <metze@samba.org> Signed-off-by: Michael Adam <obnox@samba.org>
* s3:unix_msg: pass the fd array to the unix_dgram recv_callback functionStefan Metzmacher2014-09-241-7/+13
| | | | | | | | For now unix_msg_recv() will just close the fds, but they will be passed to the unix_msg recv_callback in the next commits. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Michael Adam <obnox@samba.org>
* s3:unix_msg: read fds from recvmsg in unix_dgram_recv_handler()Michael Adam2014-09-241-3/+52
| | | | | | | | | For now we directly close the fds, the next commits will pass them to the recv_callback function. Pair-Programmed-With: Stefan Metzmacher <metze@samba.org> Signed-off-by: Stefan Metzmacher <metze@samba.org> Signed-off-by: Michael Adam <obnox@samba.org>
generated by cgit (git 2.34.1) at 2025-09-26 20:51:07 +0000