summaryrefslogtreecommitdiffstats
path: root/source4
Commit message (Collapse)AuthorAgeFilesLines
...
* backupkey: Improve function names and comments for clarityAndrew Bartlett2015-02-251-8/+34
| | | | | Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Garming Sam <garming@catalyst.net.nz>
* backupkey: Move SID comparison to inside get_and_verify_access_check()Andrew Bartlett2015-02-251-29/+26
| | | | | Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Garming Sam <garming@catalyst.net.nz>
* backupkey: begin by factoring out the server wrap functionsGarming Sam2015-02-251-3/+15
| | | | | Signed-off-by: Garming Sam <garming@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* torture-backupkey: Assert dcerpc_bkrp_BackupKey_r call was successfulAndrew Bartlett2015-02-251-0/+6
| | | | | Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Garming Sam <garming@catalyst.net.nz>
* torture-backupkey: Add consistent assertions that createRestoreGUIDStruct() ↵Andrew Bartlett2015-02-251-1/+12
| | | | | | | suceeds Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Garming Sam <garming@catalyst.net.nz>
* s4:torture/rpc/backupkey: Require 2048 bit RSA keyArvid Requate2015-02-251-0/+75
| | | | | | | | | | | Signed-off-by: Arvid Requate <requate@univention.de> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Garming Sam <garming@catalyst.net.nz> (fixed cleanup of memory) Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Garming Sam <garming@catalyst.net.nz>
* s4-backupkey: consistent naming of werr variableArvid Requate2015-02-251-10/+10
| | | | | | Signed-off-by: Arvid Requate <requate@univention.de> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Garming Sam <garming@catalyst.net.nz>
* s4-backupkey: improve variable nameArvid Requate2015-02-251-2/+2
| | | | | | Signed-off-by: Arvid Requate <requate@univention.de> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Garming Sam <garming@catalyst.net.nz>
* s4-backupkey: typo fixArvid Requate2015-02-251-2/+2
| | | | | | Signed-off-by: Arvid Requate <requate@univention.de> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Garming Sam <garming@catalyst.net.nz>
* s4-backupkey: IDL for ServerWrap subprotocolArvid Requate2015-02-251-0/+12
| | | | | | | | | | This adds some IDL structs for the ServerWrap subprotocol, allowing parsing of the incoming RPC calls and returning WERR_NOT_SUPPORTED instead of WERR_INVALID_PARAM. Signed-off-by: Arvid Requate <requate@univention.de> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Garming Sam <garming@catalyst.net.nz>
* s4-backupkey: Comply with [MS-BKRP] 2.2.1Arvid Requate2015-02-251-2/+1
| | | | | | | | | | | | | | [MS-BKRP] 2.2.1 specifies "The Common Name field of the Subject name field SHOULD contain the name of the DNS domain assigned to the server." In fact Windows 7 clients don't seem to care. Also in certificates generated by native AD the domain name (after CN=) is encoded as UTF-16LE. Since hx509_parse_name only supports UTF-8 strings currently we just leave the encoding as it is for now. Signed-off-by: Arvid Requate <requate@univention.de> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Garming Sam <garming@catalyst.net.nz>
* s4-backupkey: Set defined cert serialnumberArvid Requate2015-02-251-1/+22
| | | | | | | | | | | | [MS-BKRP] 2.2.1 specifies that the serialnumber of the certificate should be set identical to the subjectUniqueID. In fact certificates generated by native AD have this field encoded in little-endian format. See also https://www.mail-archive.com/cifs-protocol@cifs.org/msg01364.html Signed-off-by: Arvid Requate <requate@univention.de> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Garming Sam <garming@catalyst.net.nz>
* s4-backupkey: de-duplicate error handlingArvid Requate2015-02-251-39/+20
| | | | | | Signed-off-by: Arvid Requate <requate@univention.de> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Garming Sam <garming@catalyst.net.nz>
* s4-backupkey: check for talloc failureArvid Requate2015-02-251-0/+3
| | | | | | | | Check for talloc_memdup failure for uniqueid.data. Signed-off-by: Arvid Requate <requate@univention.de> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Garming Sam <garming@catalyst.net.nz>
* s4-backupkey: Cert lifetime of 365 days, not secsArvid Requate2015-02-251-1/+1
| | | | | | | | | | | | | | | hx509_ca_tbs_set_notAfter_lifetime expects the lifetime value in in seconds. The Windows 7 client didn't seem to care that the lifetime was only 6'03''. Two other TODOs in this implementation: * Since notBefore is not set explicietely to "now", the heimdal code default of now-(24 hours) is applied. * Server side validity checks and cert renewal are missing. Signed-off-by: Arvid Requate <requate@univention.de> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Garming Sam <garming@catalyst.net.nz>
* s4-backupkey: Ensure RSA modulus is 2048 bitsArvid Requate2015-02-251-5/+10
| | | | | | | | | | | | | | | | | | | RSA_generate_key_ex doesn't always generate a modulus of requested bit length. Tests with Windows 7 clients showed that they decline x509 certificates (MS-BKRP 2.2.1) in cases where the modulus length is smaller than the specified 2048 bits. For the user this resulted in DPAPI failing to retrieve stored credentials after the user password has been changed at least two times. On the server side log.samba showed that the client also called the as yet unlimplemented ServerWrap sub- protocol function BACKUPKEY_BACKUP_KEY_GUID after it had called the ClientWarp function BACKUPKEY_RETRIEVE_BACKUP_KEY_GUID. After enabling DPAPI auditing on the Windows Clients the Event Viewer showed Event-ID 4692 failing with a FailureReason value of 0x7a in these cases. Signed-off-by: Arvid Requate <requate@univention.de> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Garming Sam <garming@catalyst.net.nz> BUG: https://bugzilla.samba.org/show_bug.cgi?id=10980
* torture: Add netr_setPassword(2) schannel test.Andreas Schneider2015-02-232-0/+110
| | | | | | | | | | | | Thanks to Florian Weimer <fweimer@redhat.com> for the help to write this torture test. Pair-Programmed-With: Guenther Deschner <gd@samba.org> Signed-off-by: Andreas Schneider <asn@samba.org> Signed-off-by: Guenther Deschner <gd@samba.org> Autobuild-User(master): Karolin Seeger <kseeger@samba.org> Autobuild-Date(master): Mon Feb 23 20:01:01 CET 2015 on sn-devel-104
* s4: smbtorture: leases - show stat opens grant leases and can be broken.Jeremy Allison2015-02-191-0/+79
| | | | | | | | | | https://bugzilla.samba.org/show_bug.cgi?id=11102 Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Ralph Böhme <slow@samba.org> Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Thu Feb 19 23:10:43 CET 2015 on sn-devel-104
* s4-messaging: Unify list of possible messages into messaging.idlAndrew Bartlett2015-02-161-16/+1
| | | | | | | | | | Signed-off-by: Andrew Bartlett <abartlet@samba.org> Pair-programmed-with: Garming Sam <garming@catalyst.net.nz> Signed-off-by: Garming Sam <garming@catalyst.net.nz> Reviewed-by: Volker Lendecke <vl@samba.org> Autobuild-User(master): Volker Lendecke <vl@samba.org> Autobuild-Date(master): Mon Feb 16 14:48:41 CET 2015 on sn-devel-104
* s4-messaging: Remove unused struct imessaging_recAndrew Bartlett2015-02-161-19/+0
| | | | | | | Signed-off-by: Andrew Bartlett <abartlet@samba.org> Pair-programmed-with: Garming Sam <garming@catalyst.net.nz> Signed-off-by: Garming Sam <garming@catalyst.net.nz> Reviewed-by: Volker Lendecke <vl@samba.org>
* messaging4: Enable POOL_USAGEVolker Lendecke2015-02-144-2/+24
| | | | | | | | | | | | | | With this you can watch "samba"'s talloc hierarchy live using smbcontrol <pid> pool-usage Enjoy :-) Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> Autobuild-User(master): Stefan Metzmacher <metze@samba.org> Autobuild-Date(master): Sat Feb 14 01:59:19 CET 2015 on sn-devel-104
* messaging4: Use messages_dgmVolker Lendecke2015-02-132-337/+107
| | | | | | | | | | | | | This replaces the transport mechanism in source4 with calls to the messages_dgm code. It is supposed to enable "smbcontrol samba pool-usage" as an example without having to rewrite smbcontrol using the source4 based messaging subsystem. This moves the source3 based names.tdb (which is unused so far) to the lock directory, source4 does not have a cache directory. Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* messaging4: Use server_id_dbVolker Lendecke2015-02-132-126/+30
| | | | | Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* selftest: run the samba.nss tests against :local environmentsMichael Adam2015-02-131-1/+1
| | | | | Signed-off-by: Michael Adam <obnox@samba.org> Reviewed-by: Guenther Deschner <gd@samba.org>
* torture/ioctl: add test_ioctl_sparse_copy_chunk testDavid Disseldorp2015-02-121-0/+192
| | | | | | | | | | | This test copies unallocated and allocated ranges from a sparse file into a sparse and non-sparse destination file using FSCTL_SRV_COPYCHUNK. Signed-off-by: David Disseldorp <ddiss@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Thu Feb 12 03:19:32 CET 2015 on sn-devel-104
* torture/ioctl: add sparse_compressed testDavid Disseldorp2015-02-121-0/+102
| | | | | | | | This test checks whether a file marked with sparse and compression attributes is deallocated following FSCTL_SET_ZERO_DATA. Signed-off-by: David Disseldorp <ddiss@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* torture/ioctl: extend sparse_hole_dealloc testDavid Disseldorp2015-02-121-0/+76
| | | | | | | Check whether unwritten extents in a sparse file are allocated. Signed-off-by: David Disseldorp <ddiss@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* torture/ioctl: add sparse_hole_dealloc testDavid Disseldorp2015-02-121-1/+189
| | | | | | | | | This test finds the minimum length at which a zeroed range in a sparse file is deallocated by the underlying filesystem. It also checks whether zeroed neighbours are merged for deallocation. Signed-off-by: David Disseldorp <ddiss@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* torture/ioctl: fix check_[zero/pattern]() for len=0David Disseldorp2015-02-121-0/+8
| | | | | | | Subtraction currently triggers an underflow. Signed-off-by: David Disseldorp <ddiss@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* Update mailing list references to point at lists.samba.orgAndrew Bartlett2015-02-102-2/+2
| | | | | | | | | | | | The mailing lists are on lists.samba.org, but there are many references that use the shorthand of samba.org Some references to samba@ have been changed to samba-technical@ where this make more sense. Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Garming Sam <garming@catalyst.net.nz> Autobuild-User(master): Andrew Bartlett <abartlet@samba.org> Autobuild-Date(master): Tue Feb 10 07:08:28 CET 2015 on sn-devel-104
* torture-krb5: Provide a generic handler to catch and print unexpected ↵Andrew Bartlett2015-02-081-10/+22
| | | | | | | | | | | | | KRB_ERROR packets This may aid debugging in the future. Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-By: Jelmer Vernooij <jelmer@samba.org> Reviewed-by: Kamen Mazdrashki <kamenim@samba.org> Autobuild-User(master): Andrew Bartlett <abartlet@samba.org> Autobuild-Date(master): Sun Feb 8 10:37:23 CET 2015 on sn-devel-104
* auth/kerberos: Use talloc_stackframe to avoid memory and FD leak of event ↵Andrew Bartlett2015-02-081-27/+33
| | | | | | | | | | | | | | context The smb_krb5_send_and_recv_func_forced and smb_krb5_send_and_recv_func functions could leak an event context including an epoll FD and some memory. This may explain a flapping test in krb5.kdc Andrew Bartlett Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-By: Jelmer Vernooij <jelmer@samba.org> Reviewed-by: Kamen Mazdrashki <kamenim@samba.org>
* torture-krb5: Add test for TGS-REQ with type KRB5_NT_PRINCIPAL, ↵Andrew Bartlett2015-02-082-26/+158
| | | | | | | | KRB5_NT_SRV_INST, KRB5_NT_SRV_HST Signed-off-by: Andrew Bartlett <abartlet@samba.org> Pair-programmed-with: Garming Sam <garming@catalyst.net.nz> Signed-off-by: Garming Sam <garming@catalyst.net.nz>
* torture-krb5: Add test in for normal TGS-REQAndrew Bartlett2015-02-081-1/+172
| | | | | | | | For example, host/server Signed-off-by: Andrew Bartlett <abartlet@samba.org> Pair-programmed-with: Garming Sam <garming@catalyst.net.nz> Signed-off-by: Garming Sam <garming@catalyst.net.nz>
* torture-krb5: Split out TEST_AS_REQ_SELF recv testing routineAndrew Bartlett2015-02-081-50/+186
| | | | | | | | This duplicates more code, but re-using the callbacks makes it much, much harder to debug Signed-off-by: Andrew Bartlett <abartlet@samba.org> Pair-programmed-with: Garming Sam <garming@catalyst.net.nz> Signed-off-by: Garming Sam <garming@catalyst.net.nz>
* torture-krb5: Add additional assertions for non-canon TGS-REPAndrew Bartlett2015-02-081-0/+9
| | | | | | | | This confirms that the KDC does not modify the returned principal in a TGS-REP unconditionally. Pair-programmed-with: Garming Sam <garming@catalyst.net.nz> Signed-off-by: Garming Sam <garming@catalyst.net.nz> Signed-off-by: Andrew Bartlett <abartlet@samba.org>
* torture-krb5: Further test improvements to cover KRB5_GC_CANONICALIZE on krbtgt/Andrew Bartlett2015-02-081-16/+243
| | | | | | | | This covers more of the protocol, and confirms which tests actually send network packets (and so actually run the assertions in the send_and_recv handlers. Signed-off-by: Garming Sam <garming@catalyst.net.nz> Pair-programmed-with: Garming Sam <garming@catalyst.net.nz> Signed-off-by: Andrew Bartlett <abartlet@samba.org>
* selftest: Run krb5.kdc with an account that has a UPN and an SPNAndrew Bartlett2015-02-081-1/+1
| | | | | | Signed-off-by: Andrew Bartlett <abartlet@samba.org> Pair-programmed-with: Garming Sam <garming@catalyst.net.nz> Signed-off-by: Garming Sam <garming@catalyst.net.nz>
* torture-krb5: Add tests for AS-REQ to our own nameAndrew Bartlett2015-02-081-29/+166
| | | | | | | | | | This allows us to probe the behaviour of AS-REQ requests against a principal other than krbtgt/ This alos allows verification of behaviour of principals of type KRB5_NT_ENTERPRISE_PRINCIPAL Pair-programmed-with: Garming Sam <garming@catalyst.net.nz> Signed-off-by: Garming Sam <garming@catalyst.net.nz> Signed-off-by: Andrew Bartlett <abartlet@samba.org>
* torture-krb5: Improve the assertions in our KDC tests to be more explicitAndrew Bartlett2015-02-081-0/+11
| | | | | | Signed-off-by: Andrew Bartlett <abartlet@samba.org> Pair-programmed-with: Garming Sam <garming@catalyst.net.nz> Signed-off-by: Garming Sam <garming@catalyst.net.nz>
* torture-krb5: Reformat and re-work test to be easier to followAndrew Bartlett2015-02-081-282/+573
| | | | | | | | | | | | | | | | The behaviour is the same as in the previous commit, but it is much easier to follow as the main test code now indicates to the send_and_recv callbacks what stage of the test we are at, and resets the packet counter between stages. This also re-orders the code so that the send and recv callbacks for each stage are next to each other, and uses a case statement in the main send_and_recv driver for clarity. Andrew Bartlett Signed-off-by: Andrew Bartlett <abartlet@samba.org> Pair-programmed-with: Garming Sam <garming@catalyst.net.nz> Signed-off-by: Garming Sam <garming@catalyst.net.nz>
* torture-krb5: Add tests for the canonicalise TGS-REQ caseAndrew Bartlett2015-02-081-26/+173
| | | | | | Signed-off-by: Andrew Bartlett <abartlet@samba.org> Pair-programmed-with: Garming Sam <garming@catalyst.net.nz> Signed-off-by: Garming Sam <garming@catalyst.net.nz>
* torture-krb5: add TGS-REQ testing to krb5.kdc.canon testsuiteAndrew Bartlett2015-02-082-26/+295
| | | | | Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Garming Sam <garming@catalyst.net.nz>
* kdc: make Samba KDC pass new TGS-REQ and AS-REQ (to self) testingAndrew Bartlett2015-02-081-58/+148
| | | | | | | | This also reverts 51b94ab3fd4d13ee38813eb7d20db11edaa667a8 as our testing shows Windows 2012R2 does not have this behaviour. Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Garming Sam <garming@catalyst.net.nz>
* kdc: fixup KDC to use functions portable to MIT krb5Andrew Bartlett2015-02-081-1/+1
| | | | | Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Garming Sam <garming@catalyst.net.nz>
* torture-krb5: Do not do post-recv checks if the packet recv failedAndrew Bartlett2015-02-082-2/+8
| | | | | | | | | This may be the cause of the flapping tests in this code previously, as the recv_buf would be 0 length. Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-By: Jelmer Vernooij <jelmer@samba.org> Reviewed-by: Kamen Mazdrashki <kamenim@samba.org>
* s4-samdb/tests: Assert on expected set of attributes for new User objectKamen Mazdrashki2015-02-031-0/+60
| | | | | | | | | | Change-Id: I225b64ff7492b41852fecb914f464a6c8d504a2c Signed-off-by: Kamen Mazdrashki <kamenim@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Autobuild-User(master): Andrew Bartlett <abartlet@samba.org> Autobuild-Date(master): Tue Feb 3 07:30:17 CET 2015 on sn-devel-104
* s4-dsdb/tests: Assert on expected set of attributes for restored objectsKamen Mazdrashki2015-02-031-5/+104
| | | | | | Change-Id: I788406d9c3839d108cea508cf2a59488d495f141 Signed-off-by: Kamen Mazdrashki <kamenim@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* s4-dsdb: Refactor user objects defaults setter to use attribute/value mapKamen Mazdrashki2015-02-031-28/+49
| | | | | | | Change-Id: Iaa32af4225219a4c5c42c663022e8be429b8a1d2 Signed-off-by: Kamen Mazdrashki <kamenim@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Garming Sam <garming@catalyst.net.nz>
* dsdb: Do not use _ prefix in tombstone_reanimate moduleAndrew Bartlett2015-02-031-6/+6
| | | | | | | | | | This should only be used by the C library. Andrew Bartlett Change-Id: I00da64de1443a7c6b21aafae79e126180eb1a3d4 Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Kamen Mazdrashki <kamenim@samba.org>
generated by cgit (git 2.34.1) at 2025-08-30 15:41:21 +0000