summaryrefslogtreecommitdiffstats
path: root/source4
Commit message (Collapse)AuthorAgeFilesLines
...
* s4:pyrpc: add py_dcerpc_syntax_init_helper()Stefan Metzmacher2014-03-282-0/+26
| | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* s4:librpc: compile python bindings for dcerpc.idlStefan Metzmacher2014-03-282-0/+10
| | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* dcerpc.idl: fix dcerpc_bind_nack definitionStefan Metzmacher2014-03-281-3/+6
| | | | | | | The version array is always present. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* auth/gensec: remove tevent_context argument from gensec_update()Stefan Metzmacher2014-03-274-10/+10
| | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* s4:ntlm_auth: make use of gensec_update_ev()Stefan Metzmacher2014-03-271-1/+1
| | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* s4:rpc_server: make use of gensec_update_ev()Stefan Metzmacher2014-03-271-3/+3
| | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* s4:smb_server: make use of gensec_update_ev()Stefan Metzmacher2014-03-272-2/+2
| | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* s4:librpc: make use of gensec_update_ev()Stefan Metzmacher2014-03-271-2/+2
| | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* s4:libcli: make use of gensec_update_ev()Stefan Metzmacher2014-03-273-6/+6
| | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* s4:ldap_server: make use of gensec_update_ev()Stefan Metzmacher2014-03-271-2/+2
| | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* s4:kdc: make use of gensec_update_ev()Stefan Metzmacher2014-03-271-1/+1
| | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* s4:dns_server: make use of gensec_update_ev()Stefan Metzmacher2014-03-272-3/+3
| | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* s4:pygensec: don't pass an explicit tevent_context to gensec_update()Stefan Metzmacher2014-03-271-9/+1
| | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* dsdb: Improve missing objectClass handlingAndrew Bartlett2014-03-271-13/+13
| | | | | | | | | | | | | | This attempts to permit deletion of objects that have no objectClass to allow dbcheck to clean up a corrupt database. It is not complete, the replmd_replPropertyMetaDataCtr1_sort_and_verify() call will still fail, but this is as much as is safe to do without a way to replicate the original issue. Andrew Bartlett Change-Id: If0b6c7f18e8aee587e6b3b4af878a0145f5eac37 Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* dsdb: Improve errors and checks for missing objectClass valuesAndrew Bartlett2014-03-271-2/+9
| | | | | | Change-Id: I8c4ac679accc90748d20c9c86986b127c939fa75 Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* dsdb: Clarify how the DSDB_REPL_FLAG_PRIORITISE_INCOMING flag worksAndrew Bartlett2014-03-271-5/+13
| | | | | | Signed-off-by: Andrew Bartlett <abartlet@samba.org> Change-Id: Ib9f2f4ba417dbf0ee24b6e7db02d78a9bfe8850c Reviewed-by: Stefan Metzmacher <metze@samba.org>
* dsdb: Do not update notify_uSN until the transaction is genuinely committed ↵Andrew Bartlett2014-03-271-7/+7
| | | | | | | | to the DB Signed-off-by: Andrew Bartlett <abartlet@samba.org> Change-Id: I734bc75ed348de8f0a5ff92e18e08de2340b8951 Reviewed-by: Stefan Metzmacher <metze@samba.org>
* selftest: Remove print_smbtorture4_version and smbtorture4_possible checkAndrew Bartlett2014-03-261-2/+0
| | | | | | | | | | | | | smbtorture is now always the same version as the rest of Samba, and is strictly required. Andrew Bartlett Change-Id: I89d9c52275477177fa8a89050920ff8a2fec9288 Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-By: Jelmer Vernooij <jelmer@samba.org> Autobuild-User(master): Andrew Bartlett <abartlet@samba.org> Autobuild-Date(master): Wed Mar 26 04:20:16 CET 2014 on sn-devel-104
* dsdb: Do checks for invalid renames in samldb, before repl_meta_dataAndrew Bartlett2014-03-262-238/+271
| | | | | | | | | | | | | | | | This ensures that conflict objects can be created in CN=System, and that we do not stop replication just because some other DC allowed a rename we do not like. This is achived by doing the work in the samldb module, which is above repl_meta_data in the stack. Andrew Bartlett Change-Id: I8c1a7d3e0fbd5a470cf1326cc055044ca885f7d9 Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Guenter Kukkukk <kukks@samba.org> Tested-by: Guenter Kukkukk <kukks@samba.org>
* s4:librpc/rpc: use dcerpc_binding_get_object() in order to pass the object ↵Stefan Metzmacher2014-03-251-2/+3
| | | | | | | | | | | | | | to the epmapper This way we'll be able to do epmapper lookups for the DFS-R (MS-FRS2) endpoint, by using "5bc1ed07-f5f5-485f-9dfd-6fd0acf9a23c@ncacn_ip_tcp:hostname.exmple.com[krb5,seal]" as binding. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Autobuild-User(master): Andrew Bartlett <abartlet@samba.org> Autobuild-Date(master): Tue Mar 25 02:43:39 CET 2014 on sn-devel-104
* s4:librpc/tests: assert the the abstract syntax has the expected value (null)Stefan Metzmacher2014-03-251-0/+4
| | | | | | | This makes sure that it's not mixed with the object guid anymore. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* s4:librpc/tests: reset the object on the binding created from the towerStefan Metzmacher2014-03-251-0/+7
| | | | | | | | The tower doesn't contain information about the object only about the abstract syntax. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* s4:torture/raw: fix debug message in torture_raw_qfileinfo_pipe()Stefan Metzmacher2014-03-251-1/+1
| | | | | | | We no longer use dcerpc_pipe_open_smb() there. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* s4:torture/rpc: make use of dcerpc_binding_handle_auth_info() in backupkey.cStefan Metzmacher2014-03-251-22/+55
| | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* s4:torture/rpc: make use of dcerpc_binding_handle_auth_info() in lsa.cStefan Metzmacher2014-03-251-2/+7
| | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* s4:torture/rpc: fix altercontext test against windowsStefan Metzmacher2014-03-251-1/+5
| | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* s4:torture/rpc: remove bogus rpc.multibind testStefan Metzmacher2014-03-253-78/+1
| | | | | | | | | | | | We can later add a more useful test that tests security context multiplexing correctly. And another one that demonstrates that only DCERPC_BIND must be the first (and only the first) PDU on a connection. Otherwise DCERPC_ALTER_CONTEXT is used. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* s4:selftest: don't run rpc.multibind anymoreStefan Metzmacher2014-03-251-3/+3
| | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* s4:dsdb/repl: make use of dcerpc_binding_handle_is_connected()Stefan Metzmacher2014-03-251-7/+10
| | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* s4:librpc/test: test ipv6 addresses in dcerpc_binding stringsStefan Metzmacher2014-03-251-0/+22
| | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* s4:librpc/tests: add more no transport testsStefan Metzmacher2014-03-251-3/+16
| | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* s4:librpc/rpc: correctly map the fault code of alter context to NTSTATUSStefan Metzmacher2014-03-251-1/+2
| | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* s4:librpc/rpc: remove unused dcecli_connection->binding_stringStefan Metzmacher2014-03-253-5/+0
| | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* s4:torture/rpc: avoid using dcecli_connection->binding_stringStefan Metzmacher2014-03-251-5/+3
| | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* s4:torture/rpc: fix error path in torture_leave_domain()Stefan Metzmacher2014-03-251-2/+1
| | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* s4-torture: add some tests for pre-allocated buffers in enumprinterdrivers call.Günther Deschner2014-03-201-0/+10
| | | | | | | Guenther Signed-off-by: Günther Deschner <gd@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
* s4-torture: add test_EnumPrinterDrivers_buffers function.Günther Deschner2014-03-201-11/+31
| | | | | | | | | This will allow to test the enumdriver call with pre-allocated buffer. Guenther Signed-off-by: Günther Deschner <gd@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
* dsdb: Further assert that we always have an objectClass and an rDNAndrew Bartlett2014-03-171-32/+118
| | | | | | | | | | | | | | | | | | | | | | | We must have these two elements in a replPropertyMetaData for it to be valid. We may have to relax this for new partition creation, but for now we want to find and isolate the database corruption. The printing of the LDIF is moved above the checks to make it easier to diagnoise the failures when further reproduced. Based initially on a patch originally by Arvid Requate <requate@univention.de> Andrew Bartlett Signed-off-by: Andrew Bartlett <abartlet@samba.org> Change-Id: I5f583d89e6d4c5e8e2d9667f336a0e8fd8347b25 Reviewed-on: https://gerrit.samba.org/164 Reviewed-by: Kamen Mazdrashki <kamenim@samba.org> Autobuild-User(master): Andrew Bartlett <abartlet@samba.org> Autobuild-Date(master): Mon Mar 17 06:44:17 CET 2014 on sn-devel-104
* ldapsrv: Pass struct ldb_result * rather than void *Andrew Bartlett2014-03-141-8/+8
| | | | | | | Change-Id: Ic521cbfcf922cfe9e14c89116c097b777a86af40 Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-on: https://gerrit.samba.org/35 Reviewed-by: Stefan Metzmacher <metze@samba.org>
* dsdb: Ensure to sort replPropertyMetaData as UNSIGNED, not SIGNED quantitiesAndrew Bartlett2014-03-141-4/+18
| | | | | | | | | | | | | | enum is an int, and therefore signed. Some attributes have the high bit set. Andrew Bartlett Change-Id: I39a5499b7c6bbb763e15977d802cda8c69b94618 Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-on: https://gerrit.samba.org/163 Reviewed-by: Kamen Mazdrashki <kamenim@samba.org> Autobuild-User(master): Andrew Bartlett <abartlet@samba.org> Autobuild-Date(master): Fri Mar 14 10:16:41 CET 2014 on sn-devel-104
* kdc: Use correct KDC include path when building against the system heimdalAndrew Bartlett2014-03-141-5/+11
| | | | | | | | | This ensures we notice any API changes at compile time. Andrew Bartlett Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Jelmer Vernooij <jelmer@samba.org>
* CVE-2013-4496:Revert remainder of ce895609b04380bfc41e4f8fddc84bd2f9324340Andrew Bartlett2014-03-131-34/+35
| | | | | | | | | | | | | | | | | | | | | Part of this was removed when ChangePasswordUser was unimplemented, but remove the remainder of this flawed commit. Fully check the password first, as extract_pw_from_buffer() already does a partial check of the password because it needs a correct old password to correctly decrypt the length. Andrew Bartlett Bug: https://bugzilla.samba.org/show_bug.cgi?id=10245 Change-Id: Ibccc4ada400b5f89a942d79c1a269b493e0adda6 Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> Reviewed-on: https://gerrit.samba.org/38 Autobuild-User(master): Stefan Metzmacher <metze@samba.org> Autobuild-Date(master): Thu Mar 13 15:06:35 CET 2014 on sn-devel-104
* CVE-2013-4496:samr: Remove ChangePasswordUserAndrew Bartlett2014-03-132-139/+12
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This old password change mechanism does not provide the plaintext to validate against password complexity, and it is not used by modern clients. It also has quite difficult semantics to handle regarding password lockout. The missing features in both implementations (by design) were: - the password complexity checks (no plaintext) - the minimum password length (no plaintext) Additionally, the source3 version did not check: - the minimum password age - pdb_get_pass_can_change() which checks the security descriptor for the 'user cannot change password' setting. - the password history - the output of the 'passwd program' if 'unix passwd sync = yes'. Finally, the mechanism was almost useless, as it was incorrectly only made available to administrative users with permission to reset the password. It is removed here so that it is not mistakenly reinstated in the future. Andrew Bartlett Bug: https://bugzilla.samba.org/show_bug.cgi?id=10245 Change-Id: If2edd3183c177e5ff37c9511b0d0ad0dd9038c66 Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> Reviewed-on: https://gerrit.samba.org/37
* s4: smbtorture: Add a proper change_notify going async followed by tdis test.Jeremy Allison2014-03-121-1/+67
| | | | | | | | | | | | [Bug 10344] SessionLogoff on a signed connection with an outstanding notify request crashes smbd. https://bugzilla.samba.org/show_bug.cgi?id=10344 Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Wed Mar 12 20:12:58 CET 2014 on sn-devel-104
* s4: smbtorture: Update the torture_smb2_notify_ulogoff test to demonstrate ↵Jeremy Allison2014-03-121-6/+14
| | | | | | | | | | | | | the problem. [Bug 10344] SessionLogoff on a signed connection with an outstanding notify request crashes smbd. https://bugzilla.samba.org/show_bug.cgi?id=10344 Pair-Programmed-With: Stefan Metzmacher <metze@samba.org> Signed-off-by: Jeremy Allison <jra@samba.org> Signed-off-by: Stefan Metzmacher <metze@samba.org>
* s4:torture/smb2: accept NT_STATUS_RANGE_NOT_LOCKED after smb2_logoff/tdisStefan Metzmacher2014-03-121-11/+13
| | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* samba-tool: make provision check for bind versionGarming Sam2014-03-092-3/+3
| | | | | | | | | | | | (small corrections and TODO added following Jelmer's review by abartlet) Signed-off-by: Garming Sam <garming@catalyst.net.nz> Change-Id: Iba9a709641dad9f2ae05df0b26ac4cd2ebfc84f0 Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Jelmer Vernooij <jelmer@samba.org> Autobuild-User(master): Andrew Bartlett <abartlet@samba.org> Autobuild-Date(master): Sun Mar 9 02:52:50 CET 2014 on sn-devel-104
* s4:lib/socket: simplify iface_list_wildcard() and its callersStefan Metzmacher2014-03-078-16/+16
| | | | | | | | | | | Bug: https://bugzilla.samba.org/show_bug.cgi?id=10464 Signed-off-by: Stefan Metzmacher <metze@samba.org> Change-Id: Ib317d71dea01fc8ef6b6a26455f15a8a175d59f6 Reviewed-by: Andrew Bartlett <abartlet@samba.org> Autobuild-User(master): Andrew Bartlett <abartlet@samba.org> Autobuild-Date(master): Fri Mar 7 02:18:17 CET 2014 on sn-devel-104
* s4:lib/socket: use the same logic in iface_list_wildcard() as in smbdStefan Metzmacher2014-03-071-21/+5
| | | | | | | | | | If we have ipv6 support we should listen on "::" too. Bug: https://bugzilla.samba.org/show_bug.cgi?id=10464 Signed-off-by: Stefan Metzmacher <metze@samba.org> Change-Id: I8ce185d5070280149bee9fd33010443be9031089 Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* Remove all uses of the NT_STATUS_NOT_OK_RETURN_AND_FREE macro from the codebase.Garming Sam2014-03-055-7/+28
| | | | | | | | | | Following the current coding guidelines, it is considered bad practice to return from within a macro and change control flow as they look like normal function calls. Change-Id: I421e169275fe323e2b019c6cc5d386289aec07f7 Signed-off-by: Garming Sam <garming@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
generated by cgit (git 2.34.1) at 2025-09-02 01:58:30 +0000