summaryrefslogtreecommitdiffstats
path: root/source4
Commit message (Collapse)AuthorAgeFilesLines
...
* s4:cldap_server: Do not handle netlogon ourself anymoreBenjamin Franzke2013-11-113-62/+5
| | | | | | | | | Netlogon is now handled by the ldb rootdse module. The netlogon files will be moved to dsdb in the next commit. Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Nadezhda Ivanova <nivanova@symas.com>
* s4:dsdb/rootdse: Support netlogon requestBenjamin Franzke2013-11-113-11/+77
| | | | | | | | | | | | | | | | | | | | | | This patch adds support for a netlogon ldap style request over the tcp socket. This is available since win2k3+ [1]. The automatic client join & configuration daemon "realmd" makes use of this ability. Realmd can now be used to join a computer to a samba 4 domain. (See also: https://lists.samba.org/archive/samba-technical/2013-October/095606.html) Tested with: ldapsearch -h samba-srv -x -b '' -s base "(&(NtVer=\06\00\00\00)(AAC=\00\00\00\00))" NetLogon And compared the result in wireshark with cldap request issued by examples/misc/cldap.pl. [1]: http://wiki.wireshark.org/MS-CLDAP?action=recall&rev=8 Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Nadezhda Ivanova <nivanova@symas.com>
* s4:dsdb/rootdse: Pass rootdse context to rootdse_add_dynamicBenjamin Franzke2013-11-111-20/+19
| | | | | | | | This replaced the *module parameter, and uses ac->module in the function instead, same for *req and *attrs. Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Nadezhda Ivanova <nivanova@symas.com>
* s4:cldap_server: Move netlogon parsing into utility functionBenjamin Franzke2013-11-112-34/+73
| | | | | | | To be used later by netlogon-request over ldap. Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Nadezhda Ivanova <nivanova@symas.com>
* s4:torture/cldap: Fix a typoBenjamin Franzke2013-11-111-1/+1
| | | | | Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Nadezhda Ivanova <nivanova@symas.com>
* gpo: Fix CID 1034880 Resource leakVolker Lendecke2013-11-111-2/+1
| | | | | | | | Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Ira Cooper <ira@samba.org> Autobuild-User(master): Ira Cooper <ira@samba.org> Autobuild-Date(master): Mon Nov 11 22:59:10 CET 2013 on sn-devel-104
* gpo: Fix CID 1034881 Resource leakVolker Lendecke2013-11-111-0/+1
| | | | | Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Ira Cooper <ira@samba.org>
* ntvfs: Fix CID 1034883 Resource leakVolker Lendecke2013-11-111-1/+4
| | | | | Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Ira Cooper <ira@samba.org>
* backupkey: Fix CID 1034885 Resource leakVolker Lendecke2013-11-111-0/+1
| | | | | Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Ira Cooper <ira@samba.org>
* samdb: Fix CID 241968 Uninitialized pointer readVolker Lendecke2013-11-111-1/+1
| | | | | | | Interestingly gcc does not catch this at all. Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Ira Cooper <ira@samba.org>
* heimdal: Fix 241482 Resource leakVolker Lendecke2013-11-111-2/+4
| | | | | Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Ira Cooper <ira@samba.org>
* registry: Fix Coverity ID 1034918 Wrong sizeof argumentVolker Lendecke2013-11-111-2/+2
| | | | | | | | sizeof(data_val) is the size of the pointer. This might well be 8 bytes where the string is only 4 bytes long Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Ira Cooper <ira@samba.org>
* registry: Fix Coverity ID 1034917 Wrong sizeof argumentVolker Lendecke2013-11-111-2/+3
| | | | | | | | sizeof(data_val) is the size of the pointer. This might well be 8 bytes where the string is only 4 bytes long Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Ira Cooper <ira@samba.org>
* registry: Fix Coverity ID 1034916 Wrong sizeof argumentVolker Lendecke2013-11-111-1/+2
| | | | | | | | sizeof(data_val) is the size of the pointer. This might well be 8 bytes where the string is only 4 bytes long Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Ira Cooper <ira@samba.org>
* dsdb: Fix Coverity ID 1034907 Dereference before null checkVolker Lendecke2013-11-111-1/+1
| | | | | | | "module" has already been dereferenced by ldb_module_get_private(module) Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Ira Cooper <ira@samba.org>
* oLschema2ldif: Add some NULL checksVolker Lendecke2013-11-111-0/+6
| | | | | | | This should fix Coverity ID 1034812 Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Ira Cooper <ira@samba.org>
* s4:torture:smb2: add new lease.upgrade3 test to test the contended upgradeMichael Adam2013-11-111-0/+143
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Test what upgrades work when there is another lease already held, in addition to the lease to be upgraded. The summary of the behaviour is this: ------------------------------------- If we have two leases (lease1 and lease2) on the same file, then attempt to upgrade lease1 results in a change if and only if the requested lease state: - is valid, - is strictly a superset of lease1, and - can held together with lease2. In that case, the resuling lease state of the upgraded lease1 is the state requested in the upgrade. lease2 is not broken and remains unchanged. Note that this contrasts the case of directly opening with an initial requested lease state, in which case you get that portion of the requested state that can be shared with the already existing leases (or the states that they get broken to). Signed-off-by: Michael Adam <obnox@samba.org> Reviewed-by: David Disseldorp <ddiss@samba.org> Autobuild-User(master): David Disseldorp <ddiss@samba.org> Autobuild-Date(master): Mon Nov 11 18:04:47 CET 2013 on sn-devel-104
* s4:torture:smb2: add comment explaining lease upgrade in the non-contended caseMichael Adam2013-11-111-0/+11
| | | | | | | | | | | | | | | The summary of the behaviour is this: ------------------------------------- An uncontended lease upgrade results in a change if and only if the requested lease state is - valid, and - strictly a superset of the lease state already held. In that case the resulting lease state is the one requested in the upgrade. Signed-off-by: Michael Adam <obnox@samba.org> Reviewed-by: David Disseldorp <ddiss@samba.org>
* CVE-2013-4476: s4:libtls: check for safe permissions of tls private key file ↵Björn Baumbach2013-11-112-0/+33
| | | | | | | | | | | | | | | | | | (key.pem) If the tls key is not owned by root or has not mode 0600 samba will not start up. Bug: https://bugzilla.samba.org/show_bug.cgi?id=10234 Pair-Programmed-With: Stefan Metzmacher <metze@samba.org> Signed-off-by: Björn Baumbach <bb@sernet.de> Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> Autobuild-User(master): Karolin Seeger <kseeger@samba.org> Autobuild-Date(master): Mon Nov 11 13:07:16 CET 2013 on sn-devel-104
* CVE-2013-4476: s4:libtls: Create tls private key file (key.pem) with mode 0600Björn Baumbach2013-11-111-1/+1
| | | | | | | Bug: https://bugzilla.samba.org/show_bug.cgi?id=10234 Signed-off-by: Björn Baumbach <bb@sernet.de> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* s4-smb_server: Fix a use after free.Andreas Schneider2013-11-081-1/+5
| | | | | | | If we haven't allocated the smbsrv_session then we should not free it. Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* s4-lsa: Make sure we also duplicate the domain_name.Andreas Schneider2013-11-071-4/+20
| | | | | | | | Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Volker Lendecke <vl@samba.org> Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org> Autobuild-Date(master): Thu Nov 7 18:58:44 CET 2013 on sn-devel-104
* s4-lsa: Add missing null checks in dcesrv_lsa_lookup_name().Andreas Schneider2013-11-071-0/+12
| | | | | Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Volker Lendecke <vl@samba.org>
* s4-lsa: Fix a user after free in dcesrv_lsa_lookup_name().Andreas Schneider2013-11-071-3/+9
| | | | | | Pair-Programmed-With: Volker Lendecke <vl@samba.org> Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Volker Lendecke <vl@samba.org>
* Add regression test for bug #10229 - No access check verification on stream ↵Jeremy Allison2013-11-041-0/+181
| | | | | | | | | | | | | | files. Checks against a file with attribute READONLY, and a security descriptor denying WRITE_DATA access. Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: David Disseldorp <ddiss@suse.de> Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Mon Nov 4 23:10:10 CET 2013 on sn-devel-104
* torture: Add smb2.rename.rename_dir_benchVolker Lendecke2013-11-041-0/+375
| | | | | | | | | This is a little benchmark test excercising parallel directory renames. With lots of open files directory renames get pretty slow against some SMB server implementations. Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* s4-dsdb: instanceType NC_HEAD is only allowed combined with WRITE for an ↵Nadezhda Ivanova2013-11-032-5/+15
| | | | | | | | | | | | originating add operation As described in MS-ATDS 3.1.1.5.2.8. Signed-off-by: Nadezhda Ivanova <nivanova@symas.com> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Autobuild-User(master): Nadezhda Ivanova <nivanova@samba.org> Autobuild-Date(master): Sun Nov 3 16:17:30 CET 2013 on sn-devel-104
* auth-kerberos: add the credentials.h so that enum credentials_obtained is ↵Matthieu Patou2013-10-271-0/+1
| | | | | | | | | | | | | defined We had a warning about the enum being defined in the parameter list: warning: ‘enum credentials_obtained’ declared inside parameter list Signed-off-by: Matthieu Patou <mat@matws.net> Reviewed-by: Andrew Bartlet <abartlet@samba.org> Autobuild-User(master): Matthieu Patou <mat@samba.org> Autobuild-Date(master): Sun Oct 27 02:25:47 CET 2013 on sn-devel-104
* torture: add FSCTL_SRV_COPYCHUNK_WRITE access testDavid Disseldorp2013-10-251-2/+51
| | | | | | | | | | | Check that FSCTL_SRV_COPYCHUNK_WRITE succeeds when the copy-chunk target is opened with SEC_RIGHTS_FILE_WRITE only. Signed-off-by: David Disseldorp <ddiss@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Fri Oct 25 22:48:59 CEST 2013 on sn-devel-104
* s4-dsacl: Fixed incorrect handling of privileges in sec_access_check_dsNadezhda Ivanova2013-10-252-1/+31
| | | | | | | | | | Restore and backup privileges are not relevant to ldap access checks, and the TakeOwnership privilege should grant write_owner right Signed-off-by: Nadezhda Ivanova <nivanova@symas.com> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* torture: Add smb2.oplock.levelII501 testVolker Lendecke2013-10-241-1/+256
| | | | | | | | Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: David Disseldorp <ddiss@samba.org> Autobuild-User(master): David Disseldorp <ddiss@samba.org> Autobuild-Date(master): Thu Oct 24 16:15:50 CEST 2013 on sn-devel-104
* torture: Extend the raw.oplock.level_ii_1 testVolker Lendecke2013-10-231-0/+14
| | | | | | | | | | | | | | smbd broke to none twice. Make sure this won't happen again :-) This used to happen before the MSG_SMB_BREAK_RESPONSE merge. In process_oplock_break_message we did not call remove_oplock, which would have prevented this. Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> Autobuild-User(master): Stefan Metzmacher <metze@samba.org> Autobuild-Date(master): Wed Oct 23 14:06:13 CEST 2013 on sn-devel-104
* torture: Add a test showing we have to break L2 at open timeVolker Lendecke2013-10-231-0/+105
| | | | | Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* torture: Add oplock break to l2/none testsVolker Lendecke2013-10-232-0/+179
| | | | | | | | | The level we have to break to depends on the create disposition of the second opener. If it's overwriting, break to none. If it's not, break to level2. Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* torture: Check break level in raw.oplock.exclusive5Volker Lendecke2013-10-231-0/+1
| | | | | | | | | | This is what Windows does in this case, we don't survive that. We break to LEVEL2 here. Fixes and more precise test to follow. We don't survive this anymore. Re-enable later. Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* torture: Add reproducer for bug 10216Volker Lendecke2013-10-231-0/+12
| | | | | Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* ntvfs: Fix CID 1107225 Resource leakVolker Lendecke2013-10-211-1/+3
| | | | | | | After the talloc_strdup, we don't need cwd anymore. Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* ntvfs: Fix Coverity ID 1107224 Resource leakVolker Lendecke2013-10-211-1/+3
| | | | | | | In this error path we were leaking "fd". Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* libcli/smb: move Filesystem Attributes defines to smb_constants.hStefan Metzmacher2013-10-171-14/+0
| | | | | | | Bug: https://bugzilla.samba.org/show_bug.cgi?id=10200 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Michael Adam <obnox@samba.org>
* s4:librpc: let dcerpc_schannel_key_recv() return netlogon_creds_CredentialStateStefan Metzmacher2013-10-171-9/+15
| | | | | | | | | | cli_credentials_set_netlogon_creds() should only be used directly before a DCERPC bind in order to pass the session information to the gensec layer. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* s4:librpc: make dcerpc_schannel_key_send/recv staticStefan Metzmacher2013-10-171-2/+2
| | | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* s4:librpc/rpc: remove unused dcerpc_smb_tree()Stefan Metzmacher2013-10-172-16/+0
| | | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* s4:librpc/rpc: make use of dcerpc_secondary_smb_send/recv() in ↵Stefan Metzmacher2013-10-171-10/+2
| | | | | | | | | | dcerpc_secondary_context() This avoids the use of dcerpc_smb_tree(), which is a layer violation. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* s4:librpc/rpc: add dcerpc_secondary_smb_send/recv()Stefan Metzmacher2013-10-172-0/+23
| | | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* s4:librpc/rpc: remove unused dcerpc_smb_fnum()Stefan Metzmacher2013-10-172-16/+0
| | | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* s4:tortore:raw/qfileinfo: don't use dcerpc_pipe_open_smb() to open a named pipeStefan Metzmacher2013-10-171-12/+29
| | | | | | | | | | | We can directly use smb_raw_open() to open a handle to a named pipe. This avoids the need for the layer violation functions dcerpc_smb_tree() and dcerpc_smb_fnum(). Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Michael Adam <obnox@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* s4:torture/samba3rpc: let rpc.authcontext be more robust against low level ↵Stefan Metzmacher2013-10-171-7/+15
| | | | | | | | | | | | | | | | | changes (part2) We now use smbXcli_conn_is_connected() and dcerpc_binding_handle_is_connected() to verify only the dcerpc layer got an error. The expected error is EIO mapped to NT_STATUS_IO_DEVICE_ERROR. NT_STATUS_INVALID_HANDLE should only be visible at the SMB layer, but we keep this as allowed return value for now, until the dcerpc layer is fixed. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Michael Adam <obnox@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* s4:torture/samba3rpc: let rpc.authcontext be more robust against low level ↵Stefan Metzmacher2013-10-171-0/+4
| | | | | | | | | | | | | code changes (part1) Some code uses the low level smbXcli_session structure instead of the smbcli_session structure and doesn't 'see' updates to the smbcli_session structure. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Michael Adam <obnox@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* s4:librpc: implement dcerpc_binding_handle_auth_info()Stefan Metzmacher2013-10-171-0/+24
| | | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* s4:torture: add smb2.session.reauth6 : test failing reauthMichael Adam2013-10-151-0/+103
| | | | | | | | | | | | | | | This attempts reauth with invalid creds, hence triggering the error path in the reauth code. This invalidates the session and subsequente requests on that connection fail. https://bugzilla.samba.org/show_bug.cgi?id=10208 Signed-off-by: Michael Adam <obnox@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Tue Oct 15 22:50:27 CEST 2013 on sn-devel-104
generated by cgit (git 2.34.1) at 2025-09-27 06:19:50 +0000