summaryrefslogtreecommitdiffstats
path: root/source4
Commit message (Collapse)AuthorAgeFilesLines
* registry: Fix CID 240989 Buffer not null terminatedVolker Lendecke2015-03-101-1/+1
| | | | | | | This makes it clearer that we don't really have a string in .hdr Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Ira Cooper <ira@samba.org>
* registry: Fix CID 241075 Unchecked return valueVolker Lendecke2015-03-101-1/+2
| | | | | Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Ira Cooper <ira@samba.org>
* torture4: Fix systems with a 32-bit "long"Volker Lendecke2015-03-101-5/+6
| | | | | | | | Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Stefan (metze) Metzmacher <metze@samba.org> Autobuild-User(master): Volker Lendecke <vl@samba.org> Autobuild-Date(master): Tue Mar 10 18:05:13 CET 2015 on sn-devel-104
* Make winbind client library thread-safe by adding contextMatthew Newton2015-03-101-1/+1
| | | | | | | | | | Rather than keep state in global variables, store the current context such as the winbind file descriptor in a struct that is passed in. This makes the winbind client library thread-safe. Signed-off-by: Matthew Newton <matthew-git@newtoncomputing.co.uk> Reviewed-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* torture/ioctl: add range overflow QAR testDavid Disseldorp2015-03-101-0/+51
| | | | | | | | | | | | | Issue a QAR request with an offset and length that generate an integer (uint64_t) overflow when summed together. This should result in an NT_STATUS_INVALID_PARAMETER response, as confirmed against Windows Server 2012 & 2008. Signed-off-by: David Disseldorp <ddiss@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Tue Mar 10 00:02:18 CET 2015 on sn-devel-104
* torture/ioctl: add multi-range QAR testDavid Disseldorp2015-03-091-0/+79
| | | | | | | | Write 10 x 64K ranges, with 64K holes punched in between. Afterwards, check that all ranges are present in the QAR response. Signed-off-by: David Disseldorp <ddiss@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* torture/ioctl: add QAR off-by-one bug paranoia testDavid Disseldorp2015-03-091-0/+156
| | | | | Signed-off-by: David Disseldorp <ddiss@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* torture/ioctl: test sparse file operation lockingDavid Disseldorp2015-03-091-0/+111
| | | | | | | | | An exclusively locked file can still be marked sparse. QAR requests covering the locked-range should also succed. ZERO_DATA requests are blocked. Signed-off-by: David Disseldorp <ddiss@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* torture/ioctl: add ioctl_sparse_perms testDavid Disseldorp2015-03-091-0/+241
| | | | | | | | This test confirms that correct FSCTL_SET_SPARSE permission checks are in place on the server. Signed-off-by: David Disseldorp <ddiss@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* torture/ioctl: rework and reduce pattern helper IO sizesDavid Disseldorp2015-03-091-37/+46
| | | | | | | | | | | | | | | check_pattern() currently attempts to read all data in one go. Fix it to use a 64K maximum IO size so that it works against Windows Server 2008. Additionally, rework write_pattern() so that it only allocates a buffer for the largest IO size (now 64K), rather than for the full write length. Finally, assert that callers are correctly performing pattern IO in 8-byte increments - copy_chunk_tiny was not, so fix it. Signed-off-by: David Disseldorp <ddiss@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* torture/ioctl: add sparse_punch_invalid testDavid Disseldorp2015-03-091-0/+109
| | | | | | | | | | | | | Attempt to extend a file using ZERO_DATA. The operation should succeed, but the file should not be extended, as specified in MS-FSCC <58> Section 2.3.65: This FSCTL sets the range of bytes to zero (0) without extending the file size. Also test zero length and invalid BFZ requests. Signed-off-by: David Disseldorp <ddiss@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* torture/ioctl: remove FS specific sparse copy-chunk expectationsDavid Disseldorp2015-03-091-9/+30
| | | | | | | | | | | | NTFS deallocates an entire file when a sparse zero-data request spans the full length. Other filesystems (e.g. EXT4 and Btrfs) do not. vfs_btrfs is additionally capable of preserving sparse regions for copy-chunk, using the BTRFS_IOC_CLONE_RANGE ioctl. This should not be treated as a failure. Signed-off-by: David Disseldorp <ddiss@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* torture/ioctl: remove FS specific sparse punch checkDavid Disseldorp2015-03-091-7/+21
| | | | | | | | | | | | | Samba uses PUNCH_HOLE to zero a range, and subsequently uses fallocate() to allocate the punched range if the file is marked non-sparse and "strict allocate" is enabled. In both cases, the zeroed range will not be detected by SEEK_DATA, so the range won't be present in QAR responses until the file is marked non-sparse again. Signed-off-by: David Disseldorp <ddiss@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* torture/ioctl: remove 64K chunk size assumptionsDavid Disseldorp2015-03-091-7/+24
| | | | | | | | | These tests assumed that 4K chunks remain allocated following write at a subsequent offset. This is not the case for other filesystems (E.g. XFS, Btrfs, Etc.), which may deallocate the chunk. Signed-off-by: David Disseldorp <ddiss@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* idl/ioctl: change QAR response array to a DATA_BLOBDavid Disseldorp2015-03-091-0/+3
| | | | | | | | | | | | | | | | | [MS-FSCC] specifies: The number of FILE_ALLOCATED_RANGE_BUFFER elements returned is computed by dividing the size of the returned output buffer (from either SMB or SMB2, the lower-layer protocol that carries the FSCTL) by the size of the FILE_ALLOCATED_RANGE_BUFFER element. Ideally, this requirement could be defined in idl with the following: [flag(NDR_REMAINING)] file_alloced_range_buf array[]; However, this is not currently supported by PIDL, so just use an opaque data blob for now. Signed-off-by: David Disseldorp <ddiss@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* torture-krb5: Add an initial test for s4u2self behaviourAndrew Bartlett2015-03-091-3/+15
| | | | | | | | | | | | | This test only checks for S4U2Self of the same user, but shows that a user account is not a valid service for this purpose. Andrew Bartlett Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> Autobuild-User(master): Stefan Metzmacher <metze@samba.org> Autobuild-Date(master): Mon Mar 9 12:10:09 CET 2015 on sn-devel-104
* kdc: Fix S4U2Self handling with KRB5_NT_ENTERPRISE_PRINCIPAL containing a UPNAndrew Bartlett2015-03-091-21/+0
| | | | | | | | | | This is now handled properly by samba_kdc_lookup_server() and this wrapper actually breaks things. Andrew Bartlett Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* torture/fsrvp: remove verification trailer magic fieldDavid Disseldorp2015-03-071-34/+7
| | | | | | | | | | | | | | | During initial wire trace analysis, the DCE/RPC PDU verification trailer was incorrectly identified and tagged in IDL as an FSRVP "magic" blob. This change removes the incorrectly tagged FSRVP request fields and corresponding test code - with 1e1b7b1021b16e3ab61c2fca8328c94e60a2c99c verification trailer parsing is now tested separately. Signed-off-by: David Disseldorp <ddiss@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Sat Mar 7 20:01:20 CET 2015 on sn-devel-104
* s4-lib/cmdline: Fix help for -P / --machine-pass: this no longer implies -kAndrew Bartlett2015-03-061-1/+1
| | | | | Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* heimdal: Fix CID 1273430 Double freeVolker Lendecke2015-03-061-1/+0
| | | | | | | | | | | | | I think Coverity is right here: Before the preceding call to krb5_make_principal we already krb5_free_principal(ctx, tmp_creds.server) without wiping out tmp_creds.server. The call to krb5_make_principal only stores something fresh when it also returns 0 a.k.a. success. Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: David Disseldorp <ddiss@samba.org> Autobuild-User(master): David Disseldorp <ddiss@samba.org> Autobuild-Date(master): Fri Mar 6 17:38:09 CET 2015 on sn-devel-104
* Remove unnecessary python path updates for bundled subunit/testtools.Jelmer Vernooij2015-03-061-3/+2
| | | | | | Change-Id: Idb40fcb564455f16608ea991b086e41e22ae51e3 Signed-Off-By: Jelmer Vernooij <jelmer@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* tests/sam: Remove unnecessary calls for third party module imports.Jelmer Vernooij2015-03-061-2/+0
| | | | | | Change-Id: Iaa1af59005eaee7ea79f3260b250a2c948e07532 Signed-off-by: Jelmer Vernooij <jelmer@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* test_samba3dump: Use Samba subunit emitter.Jelmer Vernooij2015-03-061-1/+1
| | | | | | Change-Id: Ie9a115d131624bfc68e6f40822acade70d145735 Signed-off-by: Jelmer Vernooij <jelmer@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* subunitrun: Update instructions for running subunit tests.Jelmer Vernooij2015-03-061-1/+1
| | | | | | Change-Id: Icaf472198e93e283db2ae6ed99fd7ceae037af87 Signed-Off-By: Jelmer Vernooij <jelmer@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* backupkey: Remove an unused variableVolker Lendecke2015-03-041-1/+1
| | | | | Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: David Disseldorp <ddiss@samba.org>
* backupkey: Fix CID 1273293 Uninitialized scalar variableVolker Lendecke2015-03-041-1/+1
| | | | | Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: David Disseldorp <ddiss@samba.org>
* backupkey: Fix a memleakVolker Lendecke2015-03-041-0/+1
| | | | | Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: David Disseldorp <ddiss@samba.org>
* backupkey: Simplify get_lsa_secretVolker Lendecke2015-03-041-2/+4
| | | | | Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: David Disseldorp <ddiss@samba.org>
* backupkey: Slightly simplify bkrp_do_retrieve_server_wrap_keyVolker Lendecke2015-03-041-1/+2
| | | | | Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: David Disseldorp <ddiss@samba.org>
* Fix whitespaceVolker Lendecke2015-03-041-50/+48
| | | | | Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: David Disseldorp <ddiss@samba.org>
* Fix the O3 developer buildVolker Lendecke2015-03-038-30/+40
| | | | | | | | | | Different gcc versions complain at different places Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Alexander Bokovoy <ab@samba.org> Autobuild-User(master): Volker Lendecke <vl@samba.org> Autobuild-Date(master): Tue Mar 3 13:14:53 CET 2015 on sn-devel-104
* s4-torture: cleanup nsswrapper test a little by removing nwrap references.Günther Deschner2015-03-022-121/+121
| | | | | | | Guenther Signed-off-by: Guenther Deschner <gd@samba.org> Reviewed-by: Michael Adam <obnox@samba.org>
* s4-torture: re-add nss-wrapper torture testsuite.Günther Deschner2015-03-023-1/+957
| | | | | | | | | | | | | | (The testsuite got removed with 5bb410f85312196bb24e62a6a0b8350576433dc6). Although nss_wrapper now also has an upstream testsuite, it is still important to run the older torture testsuite within Samba so we have some testing on nss_winbind correctnes and consistency. Guenther Signed-off-by: Günther Deschner <gd@samba.org> Reviewed-by: Michael Adam <obnox@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
* Fix the developer O3 buildVolker Lendecke2015-02-2519-30/+33
| | | | | | | | Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Alexander Bokovoy <ab@samba.org> Autobuild-User(master): Alexander Bokovoy <ab@samba.org> Autobuild-Date(master): Wed Feb 25 16:32:29 CET 2015 on sn-devel-104
* heimdal: Fix the developer O3 buildVolker Lendecke2015-02-251-1/+1
| | | | | Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Alexander Bokovoy <ab@samba.org>
* s4/scripting/devel: Add tool to roll over the krbtgt passwordAndrew Bartlett2015-02-251-0/+63
| | | | | | | | This may be handy if this key is compromised, or along with chgtdcpass to isolate test copies of production domains in such a way that they cannot mix. Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Jelmer Vernooij <jelmer@samba.org>
* s4/scripting/bin/renamedc: Fix up rename DC scriptAndrew Bartlett2015-02-251-34/+26
| | | | | | | We now have a reliable handler for backlinks so this we can now rename both objects Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Jelmer Vernooij <jelmer@samba.org>
* backupkey: Explain more why we use GnuTLS hereAndrew Bartlett2015-02-251-0/+20
| | | | | | Pair-programmed-with: Garming Sam <garming@catalyst.net.nz> Signed-off-by: Garming Sam <garming@catalyst.net.nz> Signed-off-by: Andrew Bartlett <abartlet@samba.org>
* torture-backupkey: Check the dcerpc call return code before calling ndr pullGarming Sam2015-02-251-3/+5
| | | | | Signed-off-by: Garming Sam <garming@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* backupkey: replace heimdal rsa key generation with GnuTLSGarming Sam2015-02-251-44/+82
| | | | | | | | | | | We use GnuTLS because it can reliably generate 2048 bit keys every time. Windows clients strictly require 2048, no more since it won't fit and no less either. Heimdal would almost always generate a smaller key. Signed-off-by: Garming Sam <garming@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> BUG: https://bugzilla.samba.org/show_bug.cgi?id=10980
* build: Require GnuTLS if building with Active DirectoryGarming Sam2015-02-251-0/+3
| | | | | | | | | Without GnuTLS, we don't have ldaps:// support and we are unable to readily create RSA keys of the correct length for the BackupKey protocol. Signed-off-by: Garming Sam <garming@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* torture-backupkey: Add tests that read the secret from the server, and validateAndrew Bartlett2015-02-251-9/+312
| | | | | | | | | These show that MS-BKRP 3.1.4.1.1 BACKUPKEY_BACKUP_GUID is incorrect when it states that the key must be the leading 64 bytes, it must be the whole 256 byte buffer. Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Garming Sam <garming@catalyst.net.nz>
* backupkey: Better handling for different wrap version headersAndrew Bartlett2015-02-251-12/+19
| | | | | Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Garming Sam <garming@catalyst.net.nz>
* backupkey: Add tests for ServerWrap protocolAndrew Bartlett2015-02-251-2/+645
| | | | | Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Garming Sam <garming@catalyst.net.nz>
* backupkey: Change expected error codes to match Windows 2008R2 and Windows ↵Andrew Bartlett2015-02-252-4/+11
| | | | | | | | | 2012R2 This is done in both smbtoture and in our server Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Garming Sam <garming@catalyst.net.nz>
* backupkey: Implement ServerWrap DecryptAndrew Bartlett2015-02-251-51/+186
| | | | | | | | | | | We implement both modes in BACKUPKEY_RESTORE_GUID, as it may decrypt both ServerWrap and ClientWrap data, and we implement BACKUPKEY_RESTORE_GUID_WIN2K. BUG: https://bugzilla.samba.org/attachment.cgi?bugid=11097 Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Garming Sam <garming@catalyst.net.nz>
* backupkey: Handle more clearly the case where we find the secret, but it has ↵Andrew Bartlett2015-02-251-45/+33
| | | | | | | | | no value This happen on the RODC, a case that we try not to permit at all. Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Garming Sam <garming@catalyst.net.nz>
* backupkey: Improve variable names to make clear this is client-provided dataAndrew Bartlett2015-02-251-13/+13
| | | | | | | The values we return here are client-provided passwords or other keys, that we decrypt for them. Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Garming Sam <garming@catalyst.net.nz>
* backupkey: Use the name lsa_secret rather than just secretAndrew Bartlett2015-02-251-20/+20
| | | | | | | | This makes it clear that this is the data stored on the LSA secrets store and not the client-provided data to be encrypted. Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Garming Sam <garming@catalyst.net.nz>
* backupkey: Implement ServerWrap Encrypt protocolAndrew Bartlett2015-02-251-13/+299
| | | | | | | BUG: https://bugzilla.samba.org/attachment.cgi?bugid=11097 Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Garming Sam <garming@catalyst.net.nz>
generated by cgit (git 2.34.1) at 2024-05-04 06:39:22 +0000