Simo Sorce [Thu, 8 Jul 2010 22:38:25 +0000 (18:38 -0400)]
s3-dcerpc: Use dcerpc_pull_dcerpc_auth in api_pipe_bind_auth3()
Simo Sorce [Thu, 8 Jul 2010 20:02:08 +0000 (16:02 -0400)]
s3-dcerpc: Use dcerpc_auth in api_pipe_bind_req()
Simo Sorce [Thu, 8 Jul 2010 19:18:08 +0000 (15:18 -0400)]
s3-dcerpc: make dcerpc_pull_dcerpc_auth() public
Simo Sorce [Thu, 8 Jul 2010 15:36:03 +0000 (11:36 -0400)]
s3-dcerpc: make dceprc_push_dcerpc_auth public
Simo Sorce [Thu, 8 Jul 2010 19:16:32 +0000 (15:16 -0400)]
s3-dcerpc: use dcerpc_pull_dcerpc_auth() in rpc_finish_spnego_ntlmssp_bind_send()
Simo Sorce [Thu, 8 Jul 2010 19:04:40 +0000 (15:04 -0400)]
s3-dcerpc: use dcerpc_push_dcerpc_auth in add_schannel_auth_footer()
Simo Sorce [Thu, 8 Jul 2010 18:55:20 +0000 (14:55 -0400)]
s3-dcerpc: use dcerpc_push_dcerpc_auth() in add_ntlmssp_auth_footer()
Simo Sorce [Thu, 8 Jul 2010 18:00:54 +0000 (14:00 -0400)]
s3-dcerpc: use dcerpc_pull_dcerpc_auth() in cli_pipe_verify_schannel()
Simo Sorce [Thu, 8 Jul 2010 17:30:50 +0000 (13:30 -0400)]
s3-dcerpc: use dcerpc_push_ncacn_packet() in create_rpc_bind_auth3()
Jeremy Allison [Thu, 8 Jul 2010 22:18:30 +0000 (15:18 -0700)]
Change one more use of "struct rpc_hdr_info" -> "struct ncacn_packet_header"
Jeremy
Matthias Dieter Wallnöfer [Thu, 8 Jul 2010 12:51:49 +0000 (14:51 +0200)]
s4:acl LDB module - password attributes - check also the "dBCSPwd" attribute
It's also a possible password change/set attribute candidate.
Matthias Dieter Wallnöfer [Wed, 7 Jul 2010 16:01:34 +0000 (18:01 +0200)]
s4:acl LDB module - move a "mem_ctx" creation to the place where it is actually checked
Memory allocations and their result checks should be as tight as possible.
Matthias Dieter Wallnöfer [Wed, 7 Jul 2010 17:03:13 +0000 (19:03 +0200)]
s4:drsuapi RPC server - "result_site_name" - fix variable denomination
Matthias Dieter Wallnöfer [Thu, 8 Jul 2010 07:36:30 +0000 (09:36 +0200)]
s4:samdb.py - "setpassword" - performs password sets using the "unicodePwd" attribute
This does work per default on each AD-compatible DC. "userPassword" support on
Windows however has to be activated explicitly by the "dSHeuristics".
Matthieu Patou [Mon, 5 Jul 2010 19:41:13 +0000 (23:41 +0400)]
s4 upgradeprovision: For SID > 1000 do not copy them, let the system regenerated a new one
This should avoid colliion with newly added objects that use the same
SID as existing users in the upgraded provision.
Signed-off-by: Matthias Dieter Wallnöfer <mdw@samba.org>
Günther Deschner [Fri, 2 Jul 2010 08:17:44 +0000 (10:17 +0200)]
s3-rpc: when using rpc_pipe_open_internal, make sure to go through NDR.
Otherwise a lot of information that is usually generated in the ndr_push remains
in an uninitialized state.
Guenther
Günther Deschner [Thu, 8 Jul 2010 13:58:12 +0000 (15:58 +0200)]
s4-smbtorture: skip wbcChangeUserPassword test when no oldpass is set in environment.
Guenther
Nadezhda Ivanova [Thu, 8 Jul 2010 12:38:16 +0000 (15:38 +0300)]
Added a test to prove by default users can change each other's pass if the old is known
Volker Lendecke [Thu, 8 Jul 2010 11:32:48 +0000 (13:32 +0200)]
s3: Slightly simplify make_server_info_pw
Günther Deschner [Thu, 8 Jul 2010 09:46:48 +0000 (11:46 +0200)]
s3-rpcclient: add another usage display to sign and seal commands.
Guenther
Günther Deschner [Thu, 8 Jul 2010 08:59:16 +0000 (10:59 +0200)]
Revert "s4-smbtorture: skip bigendian tests against s3 in RPC-LSA-SECRETS."
This reverts commit
3587bb63e21c3f033a17bb493dceb64b05fe85d6.
Andrew Tridgell [Thu, 8 Jul 2010 06:42:39 +0000 (16:42 +1000)]
s4-net: the net binary depends on the auth subsystem
This helps with the OpenChange build
Simo Sorce [Thu, 8 Jul 2010 05:48:05 +0000 (01:48 -0400)]
s3:dcerpc Remove unused structure and functions
Simo Sorce [Thu, 8 Jul 2010 05:14:16 +0000 (01:14 -0400)]
s3:dcerpc Use prs_parse_dcerpc_bind
Simo Sorce [Thu, 8 Jul 2010 05:13:57 +0000 (01:13 -0400)]
s3:dcerpc Add prs_parse_dcerpc_bind
Simo Sorce [Wed, 7 Jul 2010 21:14:27 +0000 (17:14 -0400)]
s3:rpc user idl define dcerpc_ctx_list instead of custom RPC_CONTEXT
Günther Deschner [Wed, 1 Apr 2009 23:05:55 +0000 (01:05 +0200)]
s3-dcerpc: use dcerpc_pull_ncacn_packet() for rpc_pipe_bind_step_one_done().
Guenther
Signed-off-by: Simo Sorce <idra@samba.org>
Günther Deschner [Wed, 1 Apr 2009 22:35:19 +0000 (00:35 +0200)]
s3-dcerpc: use dcerpc_push_ncacn_packet() in push_next_frag().
Guenther
Signed-off-by: Simo Sorce <idra@samba.org>
Günther Deschner [Wed, 1 Apr 2009 22:34:42 +0000 (00:34 +0200)]
s3-dcerpc: use dcerpc_pull_ncacn_packet() in cli_pipe_validate_current_pdu().
Guenther
Signed-off-by: Simo Sorce <idra@samba.org>
Günther Deschner [Wed, 1 Apr 2009 22:33:52 +0000 (00:33 +0200)]
s3-dcerpc: use dcerpc_pull_dcerpc_auth() in cli_pipe_verify_ntlmssp().
Guenther
Signed-off-by: Simo Sorce <idra@samba.org>
Günther Deschner [Wed, 1 Apr 2009 21:39:20 +0000 (23:39 +0200)]
s3-dcerpc: add dcerpc_pull_dcerpc_auth().
Guenther
Signed-off-by: Simo Sorce <idra@samba.org>
Günther Deschner [Wed, 1 Apr 2009 21:18:25 +0000 (23:18 +0200)]
s3-dcerpc: use struct ncacn_packet_header instead of struct rpc_hdr_info.
Guenther
Signed-off-by: Simo Sorce <idra@samba.org>
Günther Deschner [Wed, 1 Apr 2009 21:07:03 +0000 (23:07 +0200)]
s3-dcerpc: add dcerpc_pull_ncacn_packet_header().
Guenther
Signed-off-by: Simo Sorce <idra@samba.org>
Günther Deschner [Wed, 1 Apr 2009 21:04:23 +0000 (23:04 +0200)]
dcerpc: add ncacn_packet_header to IDL.
Guenther
Signed-off-by: Simo Sorce <idra@samba.org>
Günther Deschner [Tue, 24 Mar 2009 22:56:42 +0000 (23:56 +0100)]
s3-dcerpc: use dcerpc_push_dcerpc_auth() for all authenticated binds.
Guenther
Signed-off-by: Simo Sorce <idra@samba.org>
Günther Deschner [Tue, 24 Mar 2009 22:50:32 +0000 (23:50 +0100)]
s3-dcerpc: add dcerpc_push_schannel_bind().
Guenther
Signed-off-by: Simo Sorce <idra@samba.org>
Günther Deschner [Tue, 24 Mar 2009 18:09:29 +0000 (19:09 +0100)]
s3-dcerpc: add dcerpc_push_dcerpc_auth().
Guenther
Signed-off-by: Simo Sorce <idra@samba.org>
Günther Deschner [Tue, 24 Mar 2009 19:29:59 +0000 (20:29 +0100)]
s3-dcerpc: remove unused init_rpc_hdr_rb and init_rpc_context.
Guenther
Signed-off-by: Simo Sorce <idra@samba.org>
Günther Deschner [Tue, 24 Mar 2009 17:21:18 +0000 (18:21 +0100)]
s3-dcerpc: use dcerpc_push_ncacn_packet() for create_bind_or_alt_ctx_internal().
Guenther
Signed-off-by: Simo Sorce <idra@samba.org>
Günther Deschner [Mon, 23 Mar 2009 11:45:09 +0000 (12:45 +0100)]
s3-dcerpc: remove unused smb_io_rpc_hdr_fault.
Guenther
Signed-off-by: Simo Sorce <idra@samba.org>
Günther Deschner [Mon, 23 Mar 2009 11:00:40 +0000 (12:00 +0100)]
s3-dcerpc: use dcerpc_pull_ncacn_packet() for pulling a RPC fault pdu.
Guenther
Signed-off-by: Simo Sorce <idra@samba.org>
Günther Deschner [Mon, 23 Mar 2009 11:00:12 +0000 (12:00 +0100)]
s3-dcerpc: add dcerpc_pull_ncacn_packet().
Guenther
Signed-off-by: Simo Sorce <idra@samba.org>
Günther Deschner [Mon, 23 Mar 2009 10:05:21 +0000 (11:05 +0100)]
s3-dcerpc: use dcerpc_push_ncacn_packet() for setup_fault_pdu().
Guenther
Signed-off-by: Simo Sorce <idra@samba.org>
Günther Deschner [Fri, 20 Mar 2009 23:11:15 +0000 (00:11 +0100)]
s3-dcerpc: use dcerpc_push_ncacn_packet() for setup_bind_nak().
Guenther
Signed-off-by: Simo Sorce <idra@samba.org>
Günther Deschner [Mon, 23 Mar 2009 10:04:34 +0000 (11:04 +0100)]
s3-dcerpc: add dcerpc_push_ncacn_packet().
Guenther
Signed-off-by: Simo Sorce <idra@samba.org>
Simo Sorce [Thu, 8 Jul 2010 03:43:47 +0000 (23:43 -0400)]
s3:winbindd_samr Do not use static contexts
It is a very bad idea to use a static context within the open function.
Use the memory hierarchy to keep track of a client connection.
Ira Cooper [Thu, 1 Jul 2010 21:51:41 +0000 (17:51 -0400)]
s3: Add SMB2 performance counters.
A performance counter was added for every base type of SMB2 op.
Kamen Mazdrashki [Tue, 6 Jul 2010 01:06:23 +0000 (04:06 +0300)]
s4-dsdb/util: Reorder DSDB_FLAG_* checks
On good thing about having more clear function interfaces
(and forcing callers to specify clearly what they want)
is that now I can execute following search:
git grep DSDB_FLAG_NEXT_MODULE | wc -l
This showed that DSDB_FLAG_NEXT_MODULE flag is about 6 times
more frequently used than DSDB_FLAG_OWN_MODULE.
So this should reduce branch prediction by six times
in this part of the code, right :)
Kamen Mazdrashki [Tue, 6 Jul 2010 00:31:17 +0000 (03:31 +0300)]
s4-dsdb: Implement module switching in dsdb_module_search_dn()
This allows caller to choose from where to start DN search
Kamen Mazdrashki [Tue, 6 Jul 2010 00:26:03 +0000 (03:26 +0300)]
s4-source4/dsdb/samdb/ldb_modules/acl.c Use DSDB_FLAG_NEXT_MODULE flag
Kamen Mazdrashki [Tue, 6 Jul 2010 00:25:41 +0000 (03:25 +0300)]
s4-source4/dsdb/samdb/ldb_modules/linked_attributes.c Use DSDB_FLAG_NEXT_MODULE flag
Kamen Mazdrashki [Tue, 6 Jul 2010 00:25:28 +0000 (03:25 +0300)]
s4-source4/dsdb/samdb/ldb_modules/naming_fsmo.c Use DSDB_FLAG_NEXT_MODULE flag
Kamen Mazdrashki [Tue, 6 Jul 2010 00:25:11 +0000 (03:25 +0300)]
s4-source4/dsdb/samdb/ldb_modules/operational.c Use DSDB_FLAG_NEXT_MODULE flag
Kamen Mazdrashki [Tue, 6 Jul 2010 00:24:59 +0000 (03:24 +0300)]
s4-source4/dsdb/samdb/ldb_modules/partition_init.c Use DSDB_FLAG_NEXT_MODULE flag
Kamen Mazdrashki [Tue, 6 Jul 2010 00:24:15 +0000 (03:24 +0300)]
s4-source4/dsdb/samdb/ldb_modules/pdc_fsmo.c Use DSDB_FLAG_NEXT_MODULE flag
Kamen Mazdrashki [Tue, 6 Jul 2010 00:23:58 +0000 (03:23 +0300)]
s4-source4/dsdb/samdb/ldb_modules/repl_meta_data.c Use DSDB_FLAG_NEXT_MODULE flag
Kamen Mazdrashki [Tue, 6 Jul 2010 00:23:43 +0000 (03:23 +0300)]
s4-source4/dsdb/samdb/ldb_modules/ridalloc.c Use DSDB_FLAG_NEXT_MODULE flag
Kamen Mazdrashki [Tue, 6 Jul 2010 00:23:21 +0000 (03:23 +0300)]
s4-source4/dsdb/samdb/ldb_modules/samba_dsdb.c Use DSDB_FLAG_NEXT_MODULE flag
Kamen Mazdrashki [Tue, 6 Jul 2010 00:22:28 +0000 (03:22 +0300)]
s4-source4/dsdb/samdb/ldb_modules/schema_load.c Use DSDB_FLAG_NEXT_MODULE flag
Kamen Mazdrashki [Tue, 6 Jul 2010 00:22:09 +0000 (03:22 +0300)]
s4-source4/dsdb/samdb/ldb_modules/util.c Use DSDB_FLAG_NEXT_MODULE flag
Günther Deschner [Wed, 7 Jul 2010 15:01:09 +0000 (17:01 +0200)]
s3-winbindd: Fix child logfile handling which broke with
c67cff0372.
Andreas, please check.
Guenther
Günther Deschner [Tue, 6 Jul 2010 15:02:33 +0000 (17:02 +0200)]
s3-winbindd: route samr chgpwd ops for own domain over internal samr pipe as well.
Guenther
Günther Deschner [Wed, 7 Jul 2010 10:40:41 +0000 (12:40 +0200)]
s3-rpc_misc: remove unused UNISTR.
Guenther
Günther Deschner [Wed, 7 Jul 2010 10:39:46 +0000 (12:39 +0200)]
s3-rpc_parse: remove finally unused prs_unistr().
Guenther
Günther Deschner [Wed, 7 Jul 2010 10:36:33 +0000 (12:36 +0200)]
s3-libgpo: remove handmarshalled PReg parser from registry CSE.
Guenther
Günther Deschner [Wed, 7 Jul 2010 00:45:01 +0000 (02:45 +0200)]
s3-registry: add preg.idl.
Guenther
Günther Deschner [Wed, 7 Jul 2010 12:56:14 +0000 (14:56 +0200)]
s3-rpc_parse: fix c++ buildwarning in prs_init().
Guenther
Günther Deschner [Tue, 6 Jul 2010 23:50:56 +0000 (01:50 +0200)]
s3-notify: use autogenerated FILE_NOTIFY_INFORMATION marshalling in smbd.
Guenther
Günther Deschner [Tue, 6 Jul 2010 23:50:18 +0000 (01:50 +0200)]
s3-notify: add MS-CIFS 2.2.7.4.2 FILE_NOTIFY_INFORMATION to IDL.
Guenther
Günther Deschner [Wed, 7 Jul 2010 11:40:48 +0000 (13:40 +0200)]
s3-build: some makefile cosmetics.
Guenther
Günther Deschner [Wed, 7 Jul 2010 11:44:42 +0000 (13:44 +0200)]
s3-build: add IDL_FILES variable.
Guenther
Andrew Tridgell [Tue, 6 Jul 2010 03:21:54 +0000 (13:21 +1000)]
s4-dsdb: use ldb_operr() in the dsdb code
this replaces "return LDB_ERR_OPERATIONS_ERROR" with "return ldb_operr(ldb)"
in places in the dsdb code where we don't already explicitly set an
error string. This should make is much easier to track down dsdb
module bugs that result in an operations error.
Andrew Tridgell [Tue, 6 Jul 2010 03:20:19 +0000 (13:20 +1000)]
s4-ldb: added ldb_error() and ldb_operr()
These will be used to help avoid the problem we have with hundreds of
places that do "return LDB_ERR_OPERATIONS_ERROR" without an
explanation. It is very difficult to track down ldb errors which don't
have any explanation.
By replacing "return LDB_ERR_OPERATIONS_ERROR;" with "return ldb_operr(ldb);"
we at least get a file:line message in the ldb error string. It isn't
an ideal error message, but it is much better than just "operations
error"
This change also makes ldb_oom() return the error code
(LDB_ERR_OPERATIONS_ERROR) so you can do:
return ldb_oom(ldb);
instead of:
ldb_oom(ldb);
return LDB_ERR_OPERATIONS_ERROR;
Kai Blin [Fri, 2 Jul 2010 20:35:28 +0000 (22:35 +0200)]
s3 build: Fix *netgrent prototype detection on opensolaris
Andrew Tridgell [Tue, 6 Jul 2010 05:36:21 +0000 (15:36 +1000)]
s4-ldb: added support for simple binds on ldb_ldap backend
this uses the options[] array to pass in bindMech, bindID and
bindSecret. Currently only "simple" is supported.
Andrew Tridgell [Tue, 6 Jul 2010 05:35:16 +0000 (15:35 +1000)]
s4-ldb: added ldb_options_find()
ldb_options_find() allows backends to find options in the options[]
array passed to the connect operation.
This will be used by the ldb_ldap bind code
Steven Danneman [Mon, 28 Jun 2010 23:06:33 +0000 (16:06 -0700)]
s4:libcli: Modify S4 client library to check for proper CN alignment
MS-CIFS 2.2.7.4.2 states that FILE_NOTIFY_INFORMATION structures in
change notify replies must be aligned to 4-byte boundaries.
This updates s4 client to check for this restriction and also adds a
torture test which should tickle a server into giving unaligned
structures if it doesn't follow the spec.
Chere Zhou [Tue, 6 Jul 2010 00:18:35 +0000 (17:18 -0700)]
s3:smbd: Align change notify replies on 4-byte boundary
MS-CIFS section 2.2.7.4.2 states this is mandatory. WinXP clients
don't seem to care, but a Win7 client will send an immediate Close()
to the directory handle when receiving an incorrectly aligned
change notify response.
Matthias Dieter Wallnöfer [Tue, 6 Jul 2010 15:51:00 +0000 (17:51 +0200)]
s4:new_partition LDB module - fix an uninitalised variable warning
> [ 651/1946] Compiling dsdb/samdb/ldb_modules/new_partition.c
> ../dsdb/samdb/ldb_modules/new_partition.c: In function 'new_partition_add':
> ../dsdb/samdb/ldb_modules/new_partition.c:195: warning: 'down_req' may be used uninitialized in this function
The "down_req" variable isn't used anymore.
Matthias Dieter Wallnöfer [Mon, 5 Jul 2010 15:42:40 +0000 (17:42 +0200)]
s4:SAMR rpc server - "SetUserInfo" - fix the implementation of the expire flag
It has to consider the "password_expires" flag to known if the "pwdLastSet" has
to be updated or to be resetted.
Matthias Dieter Wallnöfer [Mon, 5 Jul 2010 13:54:21 +0000 (15:54 +0200)]
s4:SAMR rpc server - "QueryUserInfo" - send back the password expired flag on level 21
Taken from the s3 server code
Matthias Dieter Wallnöfer [Mon, 5 Jul 2010 14:55:50 +0000 (16:55 +0200)]
s4:dsdb - samdb_result_force_password_change - also when "pwdLastSet" is "-1" we shouldn't force a password change
This value is set by the ADUC console.
Günther Deschner [Tue, 6 Jul 2010 17:53:37 +0000 (19:53 +0200)]
s3-selftest: add "make testenv" target to Makefile.
Guenther
Björn Jacke [Tue, 6 Jul 2010 16:39:26 +0000 (18:39 +0200)]
s3:pdb_ldap: change LDAP password before samba password hashes
this way we can catch up with password change refuses from ldap password policy
overlays and abort the password change early.
Thanks to Andy Hanton <andyhanton@gmail.com> for the initial patch.
Andreas Schneider [Tue, 6 Jul 2010 12:56:50 +0000 (14:56 +0200)]
s3-winbind: Handle aliases in rpc_lookup_groupmem().
Günther Deschner [Tue, 6 Jul 2010 10:50:48 +0000 (12:50 +0200)]
s3-winbind: Fixed the winbind caching.
Andreas Schneider [Tue, 6 Jul 2010 08:58:46 +0000 (10:58 +0200)]
s3-winbind: Use same format for all msrpc debug messages.
Andreas Schneider [Tue, 6 Jul 2010 08:53:01 +0000 (10:53 +0200)]
s3-winbind: Fixed debug messages of open_internal_lsa_pipe().
Andreas Schneider [Tue, 6 Jul 2010 13:33:50 +0000 (15:33 +0200)]
s3-winbind: Make sure that the policy handles are closed.
Andreas Schneider [Mon, 5 Jul 2010 23:05:39 +0000 (01:05 +0200)]
s3-winbind: Make sure we close all policy handles in sam.
Andreas Schneider [Mon, 5 Jul 2010 17:43:25 +0000 (19:43 +0200)]
s3-winbind: Create all logfiles in the same directory.
If log file is set in the config file, we should create the log files of
the winbind child processes in the same directory.
Volker Lendecke [Tue, 6 Jul 2010 14:55:14 +0000 (16:55 +0200)]
s3: Fix another aspect of bug 7262 and make paged results work again
Sumit Bose [Tue, 6 Jul 2010 18:55:32 +0000 (14:55 -0400)]
s4:rpc_server/lsa/dcesrv_lsa.c - fix typo
Signed-off-by: Günther Deschner <gd@samba.org>
Volker Lendecke [Tue, 6 Jul 2010 13:07:05 +0000 (15:07 +0200)]
s3: Fix a segfault in the RPC server
After converting the rpc infratructure to talloc, read_from_internal_pipe freed
the outdata too early. If the last fragment was read in two pieces (as
rpcclient does it), all the outdata was freed during the read of the first
piece of the read of the last fragment. Later read&x calls, trying to read the
rest of the last fragment stepped into p->out_data.frag with non-zero offset
when this was already freed.
Volker Lendecke [Tue, 6 Jul 2010 09:54:31 +0000 (11:54 +0200)]
s3: Fix another winbind crash
This is similar to
09a9cc3, this re-arranges winbindd_ads.c:query_user_list()
so that "ads" is not accessed anymore across a call to nss_get_info_cached()
call which can destroy it behind the scenes.
Günther Deschner [Mon, 5 Jul 2010 15:34:19 +0000 (17:34 +0200)]
pidl: s3 server stubs: make sure LIBNDR_FLAG_BIGENDIAN is set when negotiated.
Guenther
Günther Deschner [Mon, 5 Jul 2010 14:39:44 +0000 (16:39 +0200)]
s4-smbtorture: add my (C) to rap torture lib.
Guenther
Stefan Metzmacher [Wed, 30 Jun 2010 06:26:08 +0000 (08:26 +0200)]
s4:dsdb/password_hash: implement DSDB_CONTROL_BYPASS_PASSWORD_HASH_OID
metze
Stefan Metzmacher [Wed, 30 Jun 2010 06:24:35 +0000 (08:24 +0200)]
s4:dsdb: allocate DSDB_CONTROL_BYPASS_PASSWORD_HASH_OID
When importing users from Samba3 we need to control all values.
metze
Stefan Metzmacher [Wed, 30 Jun 2010 10:08:30 +0000 (12:08 +0200)]
s4:dsdb/password_hash: fix some c++ compiler warnings
metze