summaryrefslogtreecommitdiffstats
path: root/source4
Commit message (Collapse)AuthorAgeFilesLines
...
* s4:dsdb/samldb: don't allow 'userParameters' to be modified over LDAP for nowStefan Metzmacher2014-07-091-0/+18
| | | | | | | | | | | | | | | | | For now it's safer to reject setting 'userParameters' via LDAP, as we'll not provide the same behavior as a Windows Server. If someone requires that feature please report this in the following bug reports! Bug: https://bugzilla.samba.org/show_bug.cgi?id=8077 Bug: https://bugzilla.samba.org/show_bug.cgi?id=10130 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Autobuild-User(master): Stefan Metzmacher <metze@samba.org> Autobuild-Date(master): Wed Jul 9 11:07:51 CEST 2014 on sn-devel-104
* dsdb: Always store and return the userParameters as a array of LE 16-bit valuesAndrew Bartlett2014-07-092-18/+58
| | | | | | | | | | | | | | | This is not allowed to be odd length, as otherwise we can not send it over the SAMR transport correctly. Allocating one byte less memory than required causes malloc() heap corruption and then a crash or lockup of the SAMR server. Andrew Bartlett Bug: https://bugzilla.samba.org/show_bug.cgi?id=10130 Change-Id: I5c0c531c1d660141e07f884a4789ebe11c1716f6 Pair-Programmed-With: Stefan Metzmacher <metze@samba.org> Signed-off-by: Andrew Bartlett <abartlet@samba.org> Signed-off-by: Stefan Metzmacher <metze@samba.org>
* dsdb: Set syntax of userParameters to binary string, not unicode stringAndrew Bartlett2014-07-092-0/+12
| | | | | | | | | | | | | | | | | | This means we continue to store the values as given on SAMR, assuming that the SAMR buffer is little endian. The syntax for this specific object is forced to be a binary blob, so that it is not converted on DRSUAPI. This commit does not fix existing databases, nor pdb_samba_dsdb (used by classicupgrade). Andrew Bartlett Bug: https://bugzilla.samba.org/show_bug.cgi?id=8077 Change-Id: I10bb6aaecc381194e3c0ce6b9163f961acbdcee1 Pair-Programmed-With: Stefan Metzmacher <metze@samba.org> Signed-off-by: Andrew Bartlett <abartlet@samba.org> Signed-off-by: Stefan Metzmacher <metze@samba.org>
* s4:dsdb/repl_meta_data: make sure objectGUID can't be deletedStefan Metzmacher2014-07-091-3/+3
| | | | | | | Bug: https://bugzilla.samba.org/show_bug.cgi?id=9763 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* s4:dsdb/extended_dn_in: don't force DSDB_SEARCH_SHOW_RECYCLEDStefan Metzmacher2014-07-091-17/+20
| | | | | | | | | | | | | We should take the controls the caller provided when we search for existing objects. A search with a basedn of '<GUID=....>' should result in LDB_ERR_NO_SUCH_OBJECT is the object has isDeleted=TRUE. Bug: https://bugzilla.samba.org/show_bug.cgi?id=10694 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* s4:dsdb/kcc: use SHOW_RECYCLED instead of SHOW_DELETED in when deleting ↵Stefan Metzmacher2014-07-091-1/+1
| | | | | | | | | | | tombstone/deleted objects SHOW_RECYCLED implies SHOW_DELETED. Bug: https://bugzilla.samba.org/show_bug.cgi?id=10694 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* s4:dsdb/schema_load: make error message more verboseStefan Metzmacher2014-07-091-1/+2
| | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* s4-auth-krb: Fix talloc access after free in smb_krb5_update_keytabSamuel Cabrero2014-07-081-1/+6
| | | | | | | | | | Change-Id: Iaa168d520f124e0c43c7edd649318f0b8ee25020 Signed-off-by: Samuel Cabrero <scabrero@zentyal.com> Reviewed-by: Kamen Mazdrashki <kamenim@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Autobuild-User(master): Kamen Mazdrashki <kamenim@samba.org> Autobuild-Date(master): Tue Jul 8 16:51:09 CEST 2014 on sn-devel-104
* s4: torture: Add a new lock test to show that the Samba SMB1 multi-lock ↵Jeremy Allison2014-07-081-0/+134
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | implementation is (currently) correct. Needed as there was a proposal to re-architect our multi-lock to dispense with lock order precedence, which isn't how Windows does it (unfortunately, as the new code would have been cleaner :-). Tested against the Win2k12 SMB1 implementation. This test is designed to show that lock precedence on the server is based on the order received, not on the ability to grant. For example: A blocked lock request containing 2 locks will be satified before a subsequent blocked lock request over one of the same regions, even if that region is then unlocked. E.g. (a) lock 100->109, 120->129 (granted) (b) lock 100->109, 120-129 (blocks) (c) lock 100->109 (blocks) (d) unlock 100->109 lock (c) will not be granted as lock (b) will take precedence. Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org> Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org> Autobuild-Date(master): Tue Jul 8 10:16:59 CEST 2014 on sn-devel-104
* torture4: Add trivial epoch testVolker Lendecke2014-07-071-0/+54
| | | | | | | | Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> Autobuild-User(master): Volker Lendecke <vl@samba.org> Autobuild-Date(master): Mon Jul 7 18:36:37 CEST 2014 on sn-devel-104
* torture4: Add smb2.lease.nobreakselfVolker Lendecke2014-07-071-0/+87
| | | | | Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* torture4: Add a test to break a handle twiceVolker Lendecke2014-07-071-0/+66
| | | | | Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* torture4: Make sure we copy the parent_lease_keyVolker Lendecke2014-07-071-6/+51
| | | | | Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* Order switch statementsSamuel Cabrero2014-07-076-50/+50
| | | | | | | | | Signed-off-by: Samuel Cabrero <scabrero@zentyal.com> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Kamen Mazdrashki <kamenim@samba.org> Autobuild-User(master): Andrew Bartlett <abartlet@samba.org> Autobuild-Date(master): Mon Jul 7 07:47:44 CEST 2014 on sn-devel-104
* idl:drsuapi: Manage all possible lengths of drsuapi_DsBindInfoSamuel Cabrero2014-07-076-6/+134
| | | | | | | Signed-off-by: Samuel Cabrero <scabrero@zentyal.com> Reviewed-by: Kamen Mazdrashki <kamenim@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Kamen Mazdrashki <kamenim@samba.org>
* s4-auth: Do not override the NT_STATUS_NOT_IMPLEMENTED error for winbinddAndrew Bartlett2014-07-041-3/+7
| | | | | | | | | This changes the auth code in winbindd to use this as a flag, and to therefore contact the RW DC. Change-Id: If4164d27b57b453b398642fdf7d46d03cd0e65f2 Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Nadezhda Ivanova <nivanova@samba.org>
* selftest: Make the wbinfo userinfo tests work properly with the qualified nameGarming Sam2014-07-041-1/+1
| | | | | | | | This eliminates a knownfail. Change-Id: I7331a4e62ef8c1f2a9999a78865023ae19beeaca Signed-off-by: Garming Sam <garming@catalyst.net.nz> Reviewed-by: Nadezhda Ivanova <nivanova@samba.org>
* secrets: Ensure we store the secureChannelType when written to secrets.ldbAndrew Bartlett2014-07-041-0/+1
| | | | | | | | | This will allow winbindd to know when we are an RODC without needing to dig into sam.ldb. Change-Id: Ibdfa37fe6269305ccc5db42479f4a8db5eea53f3 Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Nadezhda Ivanova <nivanova@samba.org>
* torture4: Make raw.lock.multilock fail after 20 secondsVolker Lendecke2014-07-041-1/+1
| | | | | | | | Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Fri Jul 4 00:04:10 CEST 2014 on sn-devel-104
* torture4: Adapt comment to codeVolker Lendecke2014-07-031-1/+1
| | | | | Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* s4: smbtorture: Add multi-lock test. Regression test for bug #10684.Jeremy Allison2014-07-031-0/+97
| | | | | | | | | Bug #10684 - SMB1 blocking locks can fail notification on unlock, causing client timeout. https://bugzilla.samba.org/show_bug.cgi?id=10684 Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Volker Lendecke <Volker.Lendecke@SerNet.DE>
* torture: Add a check to verify MS-SMB2 3.3.5.14.2Volker Lendecke2014-07-021-0/+6
| | | | | | | | | If we have more than one lock and there is any blocking lock, we need to fail with NT_STATUS_INVALID_PARAMETER. At a quick glance I did not find this tested, so add it. Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* torture4: Add a little test that truncate actually works :-)Volker Lendecke2014-06-251-0/+13
| | | | | | | | Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: David Disseldorp <ddiss@samba.org> Autobuild-User(master): David Disseldorp <ddiss@samba.org> Autobuild-Date(master): Wed Jun 25 13:37:24 CEST 2014 on sn-devel-104
* s4: torture: Add regression test case for #10671 - Samba file corruption as ↵Jeremy Allison2014-06-251-0/+73
| | | | | | | | | | | | | | | | | | a result of failed lock check. Adds a new test to raw.open. Opens a file with SHARE_NONE, writes 1 byte at offset 1023, attempts a second open with r/w access+truncate disposition, then checks that open fails with SHARING_VIOLATION, and the file is not truncated (is still size 1024). Correctly detects the bug and fixed smbd for me. https://bugzilla.samba.org/show_bug.cgi?id=10671 Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Volker Lendecke <vl@samba.org> Reviewed-by: David Disseldorp <ddiss@samba.org>
* torture: Remove confusing reference to (1 sec == 0.25)Andrew Bartlett2014-06-241-46/+46
| | | | | | | | | | | | | The write should never update the time, so the fraction of the write time delay we use is not important. Andrew Bartlett Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Tue Jun 24 01:44:06 CEST 2014 on sn-devel-104
* torture: tidy up whitespace for clarityAndrew Bartlett2014-06-231-2/+2
| | | | | Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* selftest: Run base.delaywrite against plugin_s4_dc only, and with kerberos ↵Andrew Bartlett2014-06-231-6/+6
| | | | | | | for faster connections Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* torture-base.delaywrite: assert the for a delayed write, that it just takes ↵Andrew Bartlett2014-06-231-29/+24
| | | | | | | | | | | | longer than our configured delay This removes the hardcoded TIMEDELAY_SECS that was then made variable by the confusing "secs" variable Andrew Bartlett Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* torture: Only error if the write time was updated is less than the expected ↵Andrew Bartlett2014-06-231-19/+19
| | | | | | | | | | | | | | delay The previous test was far, far too tight, it was in seconds 1/4 of the fraction of the normal delay we had configured Samba to use so (1/4) * (500 000 / 2000 000) = 1/16 (sec). This margin appears to just be too tight for our loaded test server. Andrew Bartlett Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* torture: Store writetimeupdatedelay in a double to allow easier comparisonAndrew Bartlett2014-06-231-16/+16
| | | | | | | | | | In particular, this avoids a comparison with double diff = timeval_elapsed() being promoted to an integer. Andrew Bartlett Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* torture: convert raw.mux to use torture_comment() macros instead of printf()Andrew Bartlett2014-06-231-28/+28
| | | | | | Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Kamen Mazdrashki <kamenim@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* torture: convert raw.mux to use torture_assert() macrosAndrew Bartlett2014-06-231-27/+17
| | | | | Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* torture: convert CHECK_STATUS into torture_assert_ntstatus_equal in raw.mux ↵Andrew Bartlett2014-06-231-33/+26
| | | | | | | | tests Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Kamen Mazdrashki <kamenim@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* selftest: Only run samba4.rpc.samr.passwords.{lockout,badpwdcount} onceAndrew Bartlett2014-06-231-1/+1
| | | | | Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* torture: Use torture_assert() macros in rpc.samr testAndrew Bartlett2014-06-231-18/+3
| | | | | | Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Kamen Mazdrashki <kamenim@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* torture: add FSRVP share snapshot ACL testDavid Disseldorp2014-06-211-2/+194
| | | | | | | | | | | The new test_fsrvp_share_sd test sets a unique ACL on the base share, and then confirms that snapshot shares carry the same ACL. Signed-off-by: David Disseldorp <ddiss@samba.org> Reviewed-by: Michael Adam <obnox@samba.org> Autobuild-User(master): Michael Adam <obnox@samba.org> Autobuild-Date(master): Sat Jun 21 15:10:12 CEST 2014 on sn-devel-104
* torture: add FSRVP message sequence timeout testDavid Disseldorp2014-06-211-0/+25
| | | | | | | | | Sleep at various points in the FSRVP snapshot creation state machine, and confirm that the state timeout is reflected in subsequent server responses. Signed-off-by: David Disseldorp <ddiss@samba.org> Reviewed-by: Michael Adam <obnox@samba.org>
* torture: add timeout sleeps to fsrvp create helperDavid Disseldorp2014-06-211-6/+92
| | | | | | | | | | | | Attempt to trip message sequence timeouts at various points in the FSRVP shadow-copy creation state machine. The default timeout-injection sleep durations correspond to those documented in MS-FSRVP (+500ms). They can also be manually set using the "fss: sequence timeout" parameter. Signed-off-by: David Disseldorp <ddiss@samba.org> Reviewed-by: Michael Adam <obnox@samba.org>
* torture: validate FSCTL_SRV_ENUMERATE_SNAPSHOTS responseDavid Disseldorp2014-06-211-0/+10
| | | | | | | | | | Check the NumberOfSnapShotsReturned and SnapShotArraySize fields in the FSCTL_SRV_ENUMERATE_SNAPSHOTS response match expected values. This is a regression test for bso#10549. Signed-off-by: David Disseldorp <ddiss@samba.org> Reviewed-by: Michael Adam <obnox@samba.org>
* s4: torture : Add test case to show that a bad impersonation level causes an ↵Jeremy Allison2014-06-181-0/+46
| | | | | | | | | | | | error on a regular file open. An invalid impersonation level is only allowed for durable handle reopen. Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Ira Cooper <ira@samba.org> Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Wed Jun 18 09:42:43 CEST 2014 on sn-devel-104
* torture: convert torture_comment() -> torture_result() so we can knownfail ↵Andrew Bartlett2014-06-121-34/+34
| | | | | | | | | | | | | flapping base.delaywrite tests This only changes instances directly before a return false, ret = false or goto fail statement. Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Michael Adam <obnox@samba.org> Autobuild-User(master): Michael Adam <obnox@samba.org> Autobuild-Date(master): Thu Jun 12 10:39:38 CEST 2014 on sn-devel-104
* torture: convert torture_comment() -> torture_result() so we can knownfail ↵Andrew Bartlett2014-06-121-82/+82
| | | | | | | | | | flapping base.* tests This only changes instances directly before a return false, ret = false or goto fail statement. Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Michael Adam <obnox@samba.org>
* libsmb: Put the "smb2_lease" struct into idlVolker Lendecke2014-06-121-0/+1
| | | | | | | | | | | | This will make it easier in the future to NDR_PRINT a lease and a lease key Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Ronnie Sahlberg <ronniesahlberg@gmail.com> Reviewed-by: Jeremy Allison <jra@samba.org> Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Thu Jun 12 03:34:41 CEST 2014 on sn-devel-104
* librpc/idl: Merge wbint.idl with winbind.idl so we can forward IRPC requests ↵Andrew Bartlett2014-06-112-14/+3
| | | | | | | | to internal winbind calls Change-Id: Iba3913d5a1c7f851b93f37e9beb6dbb20fbf7e55 Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
* auth: Provide a way to use the auth stack for winbindd authenticationAndrew Bartlett2014-06-113-2/+10
| | | | | | | | | | | | | | This adds in flags that allow winbindd to request authentication without directly calling into the auth_sam module. That in turn will allow winbindd to call auth_samba4 and so permit winbindd operation in the AD DC. Andrew Bartlett Change-Id: I27d11075eb8e1a54f034ee2fdcb05360b4203567 Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
* dsdb: Do not refresh the schema using the wrong event contextAndrew Bartlett2014-06-115-112/+191
| | | | | | | | | | | | | | | | What we now do is have the refresh function and module be on a seperate object to the schema, only referring to the data and not excuting on the original ldb and event loop. That is, we never use another ldb context when calling the refresh function, by binding the refresh handler to the ldb and not the schema. Andrew Bartlett Change-Id: I5c323dda743cf5858badd01147fda6227599bc16 Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
* dsdb: Do not store a struct ldb_dn in struct schema_dataAndrew Bartlett2014-06-119-48/+41
| | | | | | | | | | | | The issue is that the DN contains a pointer to the ldb it belongs to, and if this is not kept around long enough, we might reference memory after it is de-allocated. Andrew Bartlett Change-Id: I040a6c37a3164b3309f370e32e598dd56b1a1bbb Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
* Use GUID_equal in a few placesVolker Lendecke2014-06-107-16/+17
| | | | | Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* s3/s4: smbd, rpc, ldap, cldap, kdc services.Jeremy Allison2014-06-075-6/+39
| | | | | | | | | | | | | | Allow us to start if we bind to *either* :: or 0.0.0.0. Allows us to cope with systems configured as only IPv4 or only IPv6. Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-By: Amitay Isaacs <amitay@gmail.com> Reviewed-By: Alexander Bokovoy <ab@samba.org> Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Sat Jun 7 01:01:44 CEST 2014 on sn-devel-104
* librpc: Fix a "ignoring asprintf return" warningVolker Lendecke2014-06-051-4/+5
| | | | | | | | Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Kamen Mazdrashki <kamenim@samba.org> Autobuild-User(master): Kamen Mazdrashki <kamenim@samba.org> Autobuild-Date(master): Thu Jun 5 22:28:16 CEST 2014 on sn-devel-104
generated by cgit (git 2.34.1) at 2025-09-27 23:35:55 +0000