| Commit message (Collapse) | Author | Age | Files | Lines |
... | |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
event context
It is never safe to execute arbitary code inside a transaction - we
need to get in and get out, not run other events for the rest of the
server.
This patch avoids that by creating a private event loop during
transactions, so no unexpected operations fire, and returning the
original one when we finish it.
If an event fires during an LDB transaction, an unrelated operation
can occur during the transaction, and if the transaction were to be
cancelled, there would be a silent rollback (despite the client having
been indicated success).
Additionally, other processes could be called via IRPC that need to
operate on the database but are locked out due to the ongoing
transaction.
Andrew Bartlett
BUG: https://bugzilla.samba.org/show_bug.cgi?id=10582
Change-Id: I22322fc006e61d7291da17cdf6431416ebb7b30f
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Tue May 6 13:36:20 CEST 2014 on sn-devel-104
|
|
|
|
|
|
|
|
| |
Bug: https://bugzilla.samba.org/show_bug.cgi?id=10582
Change-Id: I349a2be67333ada86c19cd6d2ed283cd5bbeb2aa
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
|
|
|
|
|
|
|
|
|
|
| |
Primarily following the precedent set by other uses of composite_is_ok(), but
also making sure nothing tries to use c after this point if it is in fact not
ok.
Signed-off-by: Jose A. Rivera <jarrpa@redhat.com>
Reviewed-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
|
|
|
|
|
|
|
| |
This fixes nsswitch getgrgid for builtins.
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
|
|
|
|
|
|
|
|
|
|
|
| |
To avoid listing all the provision snapshots, we use a broader blacklist for waf dist
and a whitelist for dbcheck-oldrelease.sh
Andrew Bartlett
Change-Id: Iab0ff4be0b4287dc128a49302836a6f0f7b39678
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
for final object deletion
This kind of deletion can cause us to then replicate back a partial
object. We allow dbcheck to directly remove totally corrupt objects
(missing an objectclass) by specifying both DBCHECK and RELAX, and the
tombstone sweep after 180 days is done with the RELAX control.
Andrew Bartlett
Change-Id: Ic21f68e507ba9b65e035ca568430e35e2d001c7d
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
|
|
|
|
|
|
| |
Change-Id: I10357236108f68ab749ba0e1f07558302c573887
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
|
|
|
|
|
|
|
|
|
| |
Change-Id: I6b90a9b62ba5821e0feedb23cd20642078ba0ca6
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Kamen Mazdrashki <kamenim@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Tue Apr 29 05:28:39 CEST 2014 on sn-devel-104
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The event context here was only specified in the server or admin-tool
context, which does not do network communication, so this only caused
a talloc_reference() and never any useful result.
The actual network communication code sets an event context directly
before making the network call.
Andrew Bartlett
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Mon Apr 28 02:24:57 CEST 2014 on sn-devel-104
|
|
|
|
|
|
|
|
|
|
| |
These routines parse principals and generate keys only, no network
communication is done.
Andrew Bartlett
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
|
|
|
|
|
|
|
|
|
|
| |
BUG: https://bugzilla.samba.org/show_bug.cgi?id=10517
Signed-off-by: Alexander Bokovoy <ab@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Wed Apr 23 04:44:46 CEST 2014 on sn-devel-104
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Add --with-systemd / --without-systemd options to check whether
libsystemd-daemon library is available and use it to report service
startup status to systemd for smbd/winbindd/nmbd and AD DC.
The problem it solves is correct reporting of the Samba services
at the point when they are ready to serve clients, important for
high availability software integration.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=10517
Signed-off-by: Alexander Bokovoy <ab@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
|
|
|
|
|
|
|
|
| |
This patch makes '-H, --URL' param to actually work as expected
Change-Id: Ie7f4e9e3fc1f79a938473312e200f36de6886596
Signed-off-by: Kamen Mazdrashki <kamenim@samba.org>
Reviewed-By: Jelmer Vernooij <jelmer@samba.org>
|
|
|
|
|
|
| |
Change-Id: I33209dfd42d8c3af8d80b862ba0022d15385311b
Signed-off-by: Kamen Mazdrashki <kamenim@samba.org>
Reviewed-By: Jelmer Vernooij <jelmer@samba.org>
|
|
|
|
|
|
| |
Change-Id: If52440272513ef244e33481476da0e884969153c
Signed-off-by: Kamen Mazdrashki <kamenim@samba.org>
Reviewed-By: Jelmer Vernooij <jelmer@samba.org>
|
|
|
|
|
|
|
|
|
| |
DS_BEHAVIOR_WIN2008 was used so far which is a leftover from previous
KCC implementation in "C"
Change-Id: Id9b6551073c0b17cc27e086faa315b01305f39a5
Signed-off-by: Kamen Mazdrashki <kamenim@samba.org>
Reviewed-By: Jelmer Vernooij <jelmer@samba.org>
|
|
|
|
|
|
|
| |
auth/wbc_auth_util.c
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
|
|
|
|
|
| |
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
|
|
|
|
|
|
|
|
| |
It is very confusing if the env var uses the same name as the define in
the source code. So prefix it with SELFTEST.
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
|
|
|
|
|
| |
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
|
|
|
|
|
| |
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
|
|
|
|
|
| |
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
|
|
|
|
|
|
|
| |
This imports version 1.0.1 of uid_wrapper.
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
|
|
|
|
|
| |
Signed-off-by: Björn Baumbach <bb@sernet.de>
Reviewed-by: Volker Lendecke <vl@samba.org>
|
|
|
|
|
|
|
|
|
|
|
| |
The comments indicate that this was needed for HP-UX at one point, but
the configure code was never ported to WAF.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Tue Apr 15 12:32:09 CEST 2014 on sn-devel-104
|
|
|
|
|
|
|
|
| |
This code is dead since the move to the WAF build system, but was set
for HP-UX 9, 10 and 11 in the autoconf build system.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
|
|
|
|
|
|
|
| |
This is dead code, and probably has been for quite some time.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
|
|
|
|
|
|
|
|
| |
The WAF build does not have the code to detect getprpwnam, so this is
dead code.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
|
|
|
|
|
|
|
|
| |
The waf build does not have code to detect support for AFS plaintext
authentication, so this is dead code.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
|
|
|
|
|
|
|
|
| |
The waf build has no logic to detect DCE/DFS, so this plaintext
authentication mechanism is dead code.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
|
|
|
|
|
|
|
|
|
|
| |
Change-Id: I2d91d9c9faa2df084321d10fbdc948acbd2bb735
Signed-off-by: Jeroen Dekkers <jeroen@dekkers.ch>
Reviewed-by: Jelmer Vernooij <jelmer@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Jelmer Vernooij <jelmer@samba.org>
Autobuild-Date(master): Tue Apr 15 03:25:13 CEST 2014 on sn-devel-104
|
|
|
|
|
|
|
|
|
|
|
| |
Caught by lintian, the Debian package linter :)
Change-Id: Ia7162ea8c2b1845155345526b66d71ae64f15227
Reviewed-on: https://gerrit.samba.org/216
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Jelmer Vernooij <jelmer@samba.org>
Autobuild-Date(master): Mon Apr 14 03:51:15 CEST 2014 on sn-devel-104
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
SID list
This uses the fact that we know the end of the string in p to avoid
needing a strlen() call. Otherwise the winbindd validation that the
extra_data is terminated may fail, if the un-initiliased memory is not
zero.
Andrew Bartlett
Change-Id: I9b28068e4fbd3754c8d14724af93638d657810dd
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Wed Apr 9 18:26:40 CEST 2014 on sn-devel-104
|
|
|
|
|
|
|
|
| |
Signed-off-by: David Disseldorp <ddiss@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Wed Apr 9 03:44:15 CEST 2014 on sn-devel-104
|
|
|
|
|
|
|
|
|
| |
Change-Id: I8eaf858f9e9e55eec20aa2c585db5459fb73b887
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: David Disseldorp <ddiss@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Tue Apr 8 12:53:13 CEST 2014 on sn-devel-104
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
A ropey script to generate some missing NT_STATUS error codes and
and descriptions. The script generates ntstatus.c & ntstatus.h
whose contents are used to extend the existing contents of
libcli/util/nterr.c & libcli/util/ntstatus.h
Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: David Disseldorp <ddiss@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Wed Apr 2 22:40:06 CEST 2014 on sn-devel-104
|
|
|
|
|
|
|
|
|
|
|
| |
This hacky script was used to generate the contents of libcli/util/hresult.c
& libcli/util/hresult.h. It expects the table contents of
http://msdn.microsoft.com/en-us/library/cc704587.aspx cut'n'pasted into
the text file specified as it's single required input param
Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: David Disseldorp <ddiss@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
|
|
|
|
|
|
|
|
|
|
|
|
| |
FSRVP can possibly return any HRESULT error in addition to it's own
specific errors. This change searches the HRESULT errors for a description
if the error doesn't match any of the known FSRVP ones.
Also removed some errors defined in fsrvp.idl (now that they are defined
in hresult.h)
Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: David Disseldorp <ddiss@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This is the regression test to avoid a repeat of CVE-2013-4496
This includes confirming that badPwdCount is updated on login, not just on first failure
However the badPwdCount is not updated if the account is disabled
Note: that samr_QueryUserInfo return the effective bad_password_count in level
5, 16 and 21, while it returns the raw value in level 3.
(Sadly the s3 code does not do this correctly, so a knownfail is added)
Change-Id: I4fd8ac5c3b1357e7a98386756dac2a43eb778ecf
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Wed Apr 2 19:30:59 CEST 2014 on sn-devel-104
|
|
|
|
|
|
| |
Change-Id: I6f4b3e92feabe4ff09839329b0db3d33cc6c73b4
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
|
|
|
|
|
|
| |
Change-Id: I89ac30d715e89f14aca049e0e5c5043a39ab93c7
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
|
|
|
|
|
|
| |
Change-Id: Ia690b83f82b5ad7b02b203ffdecd2e05066b6711
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
|
|
|
|
|
|
|
|
|
|
|
|
| |
This matters after the lockout observation period has expired.
Note: that QueryUserInfo level 3 returns the raw badPwdCount value.
Andrew Bartlett
Change-Id: I7b304a50984072bc6cb1daf3315b4427443632a9
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
|
|
|
|
|
|
|
|
| |
The samldb module will handle the verification and magic.
Change-Id: If38e0ed229b98eac4db9b39988de4a25f9a352f2
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
|
|
|
|
|
|
|
|
|
|
|
|
| |
- Removing ACB_AUTOLOCK/UF_LOCKOUT from the effective userAccountControl flags
(combined with msDS-User-Account-Control-Computed) results in
lockoutTime=0 (implying badPadCount=0).
- We also do more validation of the account type flags now.
Change-Id: If7f224cf60920037a0ae19a10d116ac265771a4c
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
|
|
|
|
|
|
|
|
| |
Setting UF_PASSWORD_EXPIRED doesn't reset "pwdLastSet" to "0"!
Change-Id: I9e004195ad864b8b3fe036986b1087398d1f6fc5
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
|
|
|
|
|
|
| |
Change-Id: I99945f0b86ea2862c88c00ad39c809ef1101ca9b
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
using the old password
This is only done during a 1 hour allowed period, by default.
We only update bad password count when not one of the last 3 passwords
Andrew Bartlett
Change-Id: I76fd8010ce273a21efb55f9601d17b9978a0acf0
Pair-Programmed-With: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
|
|
|
|
|
|
| |
Change-Id: Ie5b534c70dd87ecf58d6a830e38750ecf16eb855
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
To do this, and have the badPwdCount update stick, we must abort,
open, close and reopen transactions such that the badPwdCount update
is in it's own transaction.
To ensure the tests can confirm the correct behaviour here, we must
output the Windows error code in the error message.
Andrew Bartlett
Change-Id: I5b1515b26b308301cf90ce8a3c848a3cedee85a2
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
|