Amitay Isaacs [Mon, 29 Jun 2015 06:00:08 +0000 (16:00 +1000)]
wafsamba: Cache final_libs for each target
The code for saving/loading dependencies does not cache final_libs for
each target. If wafsamba tries to reuse the saved dependencies, then
it does not get the dependencies on the private libraries correctly.
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Autobuild-User(master): Martin Schwenke <martins@samba.org>
Autobuild-Date(master): Tue Jun 30 09:44:10 CEST 2015 on sn-devel-104
Uri Simchoni [Wed, 24 Jun 2015 07:55:06 +0000 (10:55 +0300)]
winbindd: disconnect child process if request is cancelled at main process
When cancelling a request at the main winbindd process, that is currently
being served by a child winbindd process, just freeing all objects related
to the request is not enough, as the next bytes to come through the pipe
from the child process are the response to the cancelled request, and the
object reading those bytes will be the next request. This breaks the protocol.
This change, upon canceling a request that is being served, closes the
connection to the child process, causing the next request to be served
by a new child process (and the detached child to die eventually).
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11358
Signed-off-by: Uri Simchoni <urisimchoni@gmail.com>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Mon Jun 29 14:00:24 CEST 2015 on sn-devel-104
Douglas Bagnall [Fri, 26 Jun 2015 03:33:28 +0000 (15:33 +1200)]
Revert "lib: Fix deps for LIBCRYPTO"
This reverts commit
30bfb8d63804f0c98312fadaadcb104120dadafb.
Talloc is still needed by LIBCRYPTO, because arcfour.h
includes lib/util/data_blob.h which includes talloc.h.
It seems arcfour only uses the DATA_BLOB struct (in e.g. arcfour_crypt
and arcfour_init).
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Sun Jun 28 11:47:16 CEST 2015 on sn-devel-104
Michael Adam [Fri, 26 Jun 2015 14:24:55 +0000 (16:24 +0200)]
ctdb: strip trailing spaces from nodes file.
Signed-off-by: Michael Adam <obnox at samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Sat Jun 27 13:20:18 CEST 2015 on sn-devel-104
Volker Lendecke [Fri, 26 Jun 2015 11:29:27 +0000 (13:29 +0200)]
libsmb: Use fstr_sprint in convert_sid_to_string
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
Autobuild-User(master): Michael Adam <obnox@samba.org>
Autobuild-Date(master): Fri Jun 26 22:35:02 CEST 2015 on sn-devel-104
Volker Lendecke [Fri, 26 Jun 2015 14:15:18 +0000 (16:15 +0200)]
libsmb: Streamline smb1cli_trans a bit
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
Anubhav Rakshit [Fri, 26 Jun 2015 06:54:23 +0000 (12:24 +0530)]
s3:libsmb: Fix a bug in conversion of ea list to ea array.
Bug 11361 - Reading of EA's (Extended Attributes) fails using SMB2 and above
protocols
Tested against Win2k12r2 server.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11361
Signed-off-by: Anubhav Rakshit <anubhav.rakshit@gmail.com>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
Michael Adam [Fri, 26 Jun 2015 11:17:01 +0000 (13:17 +0200)]
ctdbd_conn: use the right error code from ctdbd_connect for debug and return
ctdbd_connect() explicitly returns the errno.
Using errno instead of ret misses some important
manually set return values and might use the
errno that is changed by close(fd).
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Autobuild-User(master): Günther Deschner <gd@samba.org>
Autobuild-Date(master): Fri Jun 26 17:21:26 CEST 2015 on sn-devel-104
Michael Adam [Fri, 26 Jun 2015 11:14:39 +0000 (13:14 +0200)]
ctdbd_conn: lower the debug level 0 for failing connection to ctdbd.
If e.g. samba fails to start because it can not open the
connection to ctdbd, we want to see some indication in the
logs about this.
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Douglas Bagnall [Tue, 23 Jun 2015 23:47:31 +0000 (11:47 +1200)]
Avoid segfault in durable_open tests
There are "goto done"s hiding in CHECK_STATUS in parts of
the code where tree1 is unequivocally NULL.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Michael Adam <obnox@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Fri Jun 26 05:12:02 CEST 2015 on sn-devel-104
Thomas Nagy [Thu, 18 Jun 2015 21:46:04 +0000 (23:46 +0200)]
Always use Samba's CHECK_CFG instead of waf check_cfg
Thomas Nagy [Thu, 18 Jun 2015 21:45:11 +0000 (23:45 +0200)]
Remove PYTHONDIR and PYTHONARCHDIR in a single place
Jeremy Allison [Wed, 17 Jun 2015 17:23:30 +0000 (10:23 -0700)]
s3: smbd: Use separate flag to track become_root()/unbecome_root() state.
Early function exit can mean backup_priv is set but we haven't called
become_root(). *Lots* of work by the reviewers went in to checking this
isn't a security issue.
Found by Codenomicon at the Redmond plugfest.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11339
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Thu Jun 25 22:14:58 CEST 2015 on sn-devel-104
Michael Adam [Thu, 25 Jun 2015 08:31:40 +0000 (10:31 +0200)]
ctdb: remove useless setting of variable domain_socket_name
This was used to unlink the socket at daemon exit, which
was removed in ctdb commit
b18356764cd49d934eab901e596bb75c6e3ecdf8
(Samba master commit
42591560506c7fee977975e261e4790ae1a0f97f).
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Thu Jun 25 18:29:59 CEST 2015 on sn-devel-104
Andrew Bartlett [Fri, 12 Jun 2015 02:41:20 +0000 (14:41 +1200)]
s4-winbindd: Remove the winbind rewrite from the samba4 effort
This winbind implementation is undermaintained, out of date and not the
future of even the AD DC, let alone any other purpose.
Removing it will reduce our security and bug exposure on this
off by default subsystem
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Wed Jun 24 22:34:57 CEST 2015 on sn-devel-104
Andrew Bartlett [Fri, 19 Jun 2015 04:49:41 +0000 (16:49 +1200)]
Allow winbind removal by matching delays to Samba3.pm
When using winbindd with the ntvfs file server, the responses are faster than
they were in the past. Therefore, set:
posix:sharedelay = 100000
posix:writetimeupdatedelay = 500000
to the values used in Samba3.pm to allow the tests to pass against the NTVFS
file server without the internal winbind.
This allows the internal winbind to be removed.
Andrew Bartlett
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Stefan Metzmacher [Wed, 24 Jun 2015 09:54:44 +0000 (11:54 +0200)]
s3:winbindd: remove unused argument 'server' from winbind_samlogon_retry_loop()
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
Andreas Schneider [Tue, 23 Jun 2015 15:39:27 +0000 (17:39 +0200)]
auth: Explain why GSS_KRB5_CRED_NO_CI_FLAGS_X is needed
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Wed Jun 24 13:37:02 CEST 2015 on sn-devel-104
Douglas Bagnall [Wed, 17 Jun 2015 01:21:28 +0000 (13:21 +1200)]
correct sense of macro variable name in SMB2 durable open test
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Wed Jun 24 08:54:23 CEST 2015 on sn-devel-104
Douglas Bagnall [Wed, 17 Jun 2015 01:20:29 +0000 (13:20 +1200)]
Avoid casting pointer to unsigned long long for NULL check
This allows compilation on i386 with -WError. Otherwise we see
this:
../source4/torture/smb2/durable_open.c:41:23: error: cast from pointer to integer of different size [-Werror=pointer-to-int-cast]
__location__, #v, (unsigned long long)v, (unsigned long long)correct); \
because the pointer is 32 bits, while long long is 64.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Douglas Bagnall [Wed, 17 Jun 2015 04:08:18 +0000 (16:08 +1200)]
Use large enough unsigned values in server_id IDL
This matches what we have in struct server_id.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Douglas Bagnall [Wed, 17 Jun 2015 04:07:00 +0000 (16:07 +1200)]
remove trailing whitespace in Pidl/Samba4/Python.pm
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Douglas Bagnall [Tue, 16 Jun 2015 23:37:03 +0000 (11:37 +1200)]
Treat unsigned 64 bit IDL values as unsigned long long in Python
This caused a compilation error on i386:
default/librpc/gen_ndr/py_server_id.c:216:75: error: overflow in implicit constant conversion [-Werror=overflow]
PyModule_AddObject(m, "SERVERID_UNIQUE_ID_NOT_TO_VERIFY", PyInt_FromLong(0xFFFFFFFFFFFFFFFFULL));
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Douglas Bagnall [Tue, 16 Jun 2015 23:01:10 +0000 (11:01 +1200)]
Byte order reversal shouldn't assume size_t is 64 bit.
This fixes compilation on 32 bit i386 with -WError.
../lib/crypto/aes_gcm_128.c:213:2: error: right shift count >= width of type [-Werror]
../lib/crypto/aes_gcm_128.c:213:2: error: left shift count >= width of type [-Werror]
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Tue, 23 Jun 2015 10:32:34 +0000 (12:32 +0200)]
s4:gensec/gssapi: make use of add gssapi_get_sig_size() and gssapi_{seal,unseal,sign,check}_packet() helper functions
This way are able to support GENSEC_FEATURE_SIGN_PKT_HEADER also together with
GENSEC_FEATURE_SEAL.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Wed Jun 24 04:00:43 CEST 2015 on sn-devel-104
Stefan Metzmacher [Sun, 21 Jun 2015 23:23:16 +0000 (01:23 +0200)]
s3:librpc/gse: make use of add gssapi_get_sig_size() and gssapi_{seal,unseal,sign,check}_packet() helper functions
This way are able to support GENSEC_FEATURE_SIGN_PKT_HEADER.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Thu, 25 Sep 2008 06:34:48 +0000 (08:34 +0200)]
auth/kerberos: add gssapi_get_sig_size() and gssapi_{seal,unseal,sign,check}_packet() helper functions
These make use of gss_[un]wrap_iov[_length]() where required and support
header signing.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Tue, 11 Aug 2009 17:48:50 +0000 (19:48 +0200)]
heimdal:lib/gssapi/krb5: implement gss_[un]wrap_iov[_length] with arcfour-hmac-md5
Pair-Programmed-With: Andreas Schneider <asn@samba.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Thu, 18 Jun 2015 12:07:43 +0000 (14:07 +0200)]
heimdal:lib/gssapi/krb5: split out a arcfour_mic_cksum_iov() function
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Thu, 18 Jun 2015 13:42:03 +0000 (15:42 +0200)]
heimdal:lib/gssapi/krb5: add const to arcfour_mic_key()
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Thu, 18 Jun 2015 12:06:57 +0000 (14:06 +0200)]
heimdal:lib/gssapi/krb5: clear temporary buffer with cleartext data.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Thu, 18 Jun 2015 10:20:26 +0000 (12:20 +0200)]
heimdal:lib/gssapi/krb5: fix indentation in _gk_wrap_iov()
Now it matches _gk_unwrap_iov() and _gk_wrap_iov_length().
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Thu, 18 Jun 2015 13:43:32 +0000 (15:43 +0200)]
heimdal:lib/gssapi/krb5: make _gssapi_verify_pad() more robust
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Fri, 27 Mar 2015 13:41:19 +0000 (14:41 +0100)]
s4:selftest: add torture:run_removedollar_test=true to the machine account kdc tests
Bug: https://bugzilla.samba.org/show_bug.cgi?id=11130
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Fri, 27 Mar 2015 13:41:19 +0000 (14:41 +0100)]
s4:torture/krb5: add a --option=torture:run_removedollar_test=true option to kdc-conon
With this option a machine account is tested without the trailing '$'
in the account name.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=11130
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Mon, 23 Mar 2015 22:10:02 +0000 (22:10 +0000)]
s4:selftest: run samba4.rpc.lsa.secrets with more principal combinations
'dcom/SERVER', 'SERVER$' and 'SERVER' as target principal names.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=11130
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Mon, 23 Mar 2015 10:00:51 +0000 (10:00 +0000)]
s4:kdc/db-glue: allow principals in form of computer@EXAMPLE.COM
This should be translated to computer$@EXAMPLE.COM.
Note the behavior differs between client and server lookup.
In samba_kdc_lookup_client() we need to fallback in case of
NO_SUCH_USER. samba_kdc_lookup_server() needs to do a single search
and only use the result if it's unique.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=11130
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Thu, 11 Jun 2015 18:04:09 +0000 (20:04 +0200)]
s4:kdc/db-glue: fix memory leak in samba_kdc_lookup_server()
We need to free enterprise_principal if generated.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Volker Lendecke [Tue, 23 Jun 2015 12:58:11 +0000 (14:58 +0200)]
dsdb: Fix CID
1034902 Dereference before null check
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Wed Jun 24 01:02:22 CEST 2015 on sn-devel-104
Volker Lendecke [Tue, 23 Jun 2015 12:56:50 +0000 (14:56 +0200)]
dsdb: Fix CID
1034687 Logically dead code
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Tue, 23 Jun 2015 12:53:39 +0000 (14:53 +0200)]
dsdb: Fix CID
1034719 Evaluation order violation
We assigned lp_ctx twice...
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Tue, 23 Jun 2015 12:46:12 +0000 (14:46 +0200)]
dsdb: Fix CID
1034802 Dereference null return value
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Tue, 23 Jun 2015 12:44:05 +0000 (14:44 +0200)]
dsdb: Fix CID
1034742 Dereference after null check
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Tue, 23 Jun 2015 12:42:06 +0000 (14:42 +0200)]
dsdb: Fix CID
1034743 Dereference after null check
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Tue, 23 Jun 2015 12:40:42 +0000 (14:40 +0200)]
dsdb: Fix CID
1034803 Dereference null return value
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Tue, 23 Jun 2015 12:39:58 +0000 (14:39 +0200)]
dsdb: Fix CID
1034804 Dereference null return value
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Tue, 23 Jun 2015 10:48:13 +0000 (12:48 +0200)]
dsdb: Fix CID
1034745 Dereference after null check
This is a cut&paste error
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Tue, 23 Jun 2015 10:02:06 +0000 (12:02 +0200)]
smbd: Fix CID
1273096 Dereference before null check
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Tue, 23 Jun 2015 09:22:04 +0000 (11:22 +0200)]
lib: Remove unused functions
This fixes CID
1034629 Unchecked return value
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Tue, 23 Jun 2015 09:06:02 +0000 (11:06 +0200)]
lib: Fix CID
1128556 Dereference after null check
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Tue, 23 Jun 2015 09:03:47 +0000 (11:03 +0200)]
lib: Fix CID
1272858 Copy-paste error
Coverity is wrong here, but it's a good idea to consolidate the close-loop
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Tue, 23 Jun 2015 08:18:31 +0000 (10:18 +0200)]
lib: Fix CID 710685 Unchecked return value from library
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Tue, 23 Jun 2015 08:12:15 +0000 (10:12 +0200)]
lib: Fix CID
1273234 Untrusted value as argument
buf->size has been sanitized in the checks done in talloc_array(). This makes
the "trust" flow more explicit.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Tue, 23 Jun 2015 08:10:19 +0000 (10:10 +0200)]
lib: Fix CID
1034723 Explicit null dereferenced
Do an early return if there's nothing to receive
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Tue, 23 Jun 2015 08:02:17 +0000 (10:02 +0200)]
lib: Fix CID
1272913 Calling risky function
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Tue, 23 Jun 2015 07:56:55 +0000 (09:56 +0200)]
lib: Make genrand independent
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Tue, 23 Jun 2015 08:40:33 +0000 (10:40 +0200)]
lib: Make time-basic a library
The next commit will make genrand depend on time-basic. Without this, we would
link in time-basic twice, from samba-debug and from genrand.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Tue, 23 Jun 2015 07:53:15 +0000 (09:53 +0200)]
lib: Fix deps for LIBCRYPTO
LIBCRYPTO itself does not depend on talloc
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Tue, 23 Jun 2015 07:52:49 +0000 (09:52 +0200)]
lib: Simplify arcfour_crypt
We don't need a dependency on data_blob in crypto
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Tue, 23 Jun 2015 07:28:28 +0000 (09:28 +0200)]
lib: Streamline genrand.c includes
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Tue, 23 Jun 2015 07:05:56 +0000 (09:05 +0200)]
lib: Fix whitespace
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Tue, 23 Jun 2015 07:02:46 +0000 (09:02 +0200)]
lib: Strip genrand.c a bit
This moves for example password complexity checks out of the core random
number generator
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Stefan Metzmacher [Sat, 20 Jun 2015 14:54:33 +0000 (16:54 +0200)]
s3:ntlm_auth: don't start gensec backend twice
ntlm_auth_start_ntlmssp_server() was used in two cases
and both call gensec_start_mech_by_oid() again.
So we remove gensec_start_mech_by_oid() and rename the function
to ntlm_auth_prepare_gensec_server.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Stefan Metzmacher [Fri, 19 Jun 2015 10:47:10 +0000 (12:47 +0200)]
auth/gensec: remove unused gensec_[un]wrap_packets() hooks
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Stefan Metzmacher [Fri, 19 Jun 2015 10:46:27 +0000 (12:46 +0200)]
s4:auth/gensec: remove unused gensec_socket_init()
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Stefan Metzmacher [Fri, 19 Jun 2015 11:47:29 +0000 (13:47 +0200)]
s4:auth/gensec: remove unused include of lib/socket/socket.h
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Stefan Metzmacher [Fri, 19 Jun 2015 11:30:54 +0000 (13:30 +0200)]
s4:auth/gensec: remove unused and untested cyrus_sasl module
There's not a high chance that this module worked at all.
Requesting SASL_SSF in order to get the max input length
is completely broken.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Stefan Metzmacher [Fri, 19 Jun 2015 10:26:06 +0000 (12:26 +0200)]
s4:libcli/ldap: conversion to tstream
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Stefan Metzmacher [Fri, 19 Jun 2015 11:30:10 +0000 (13:30 +0200)]
s4:lib/tls: ignore non-existing ca and crl files in tstream_tls_params_client()
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Stefan Metzmacher [Fri, 19 Jun 2015 10:26:55 +0000 (12:26 +0200)]
s4:lib/tls: fix tstream_tls_connect_send() define
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Stefan Metzmacher [Thu, 18 Jun 2015 23:07:49 +0000 (01:07 +0200)]
s3:libads/sasl: use gensec_max_{input,wrapped}_size() in ads_sasl_spnego_ntlmssp_bind
gensec_sig_size() is for gensec_{sign,seal}_packet() instead of gensec_wrap().
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Stefan Metzmacher [Thu, 18 Jun 2015 19:07:58 +0000 (21:07 +0200)]
s4:gensec/gssapi: make calculation of gensec_gssapi_sig_size() for aes keys more clear
This way the result matches what gss_wrap_iov_length() would return.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Stefan Metzmacher [Thu, 18 Jun 2015 21:18:58 +0000 (23:18 +0200)]
s4:gensec/gssapi: use gensec_gssapi_max_{input,wrapped}_size() for all backends
This avoids calls to gensec_gssapi_sig_size() as fallback in
gensec_max_input_size().
gensec_gssapi_sig_size() needs to report the sig size
gensec_{sign,seal}_packet(), which could be different to the
overhead produced by gensec_wrap().
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Stefan Metzmacher [Tue, 23 Jun 2015 08:27:27 +0000 (10:27 +0200)]
s4:selftest: also run rpc.winreg with kerberos and all possible auth options
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11061
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Tue Jun 23 17:31:08 CEST 2015 on sn-devel-104
Stefan Metzmacher [Thu, 18 Jun 2015 22:35:29 +0000 (00:35 +0200)]
s4:selftest: run rpc.echo tests also with krb5 krb5,sign krb5,seal
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11061
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Stefan Metzmacher [Sat, 20 Jun 2015 15:49:02 +0000 (17:49 +0200)]
s4:rpc_server: fix padding caclucation in dcesrv_auth_response()
This is simplified by using DCERPC_AUTH_PAD_LENGTH() and changes the behaviour
so that we will use no padding if the stub_length is already aligned
to DCERPC_AUTH_PAD_ALIGNMENT (16 bytes).
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11061
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Sat, 20 Jun 2015 15:47:14 +0000 (17:47 +0200)]
s4:rpc_server: let dcesrv_auth_response() handle sig_size == 0 with auth_info as error
Don't send plaintext on the wire because of an internal error...
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11061
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Fri, 19 Jun 2015 20:35:44 +0000 (22:35 +0200)]
s4:rpc_server: let dcesrv_reply() use a sig_size for a padded payload
The sig_size could differ depending on the aligment/padding.
So should use the same alignment as we use for the payload.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Fri, 19 Jun 2015 20:35:44 +0000 (22:35 +0200)]
s4:rpc_server: let dcesrv_reply() use DCERPC_AUTH_PAD_ALIGNMENT define
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Sat, 20 Jun 2015 15:49:02 +0000 (17:49 +0200)]
s4:librpc/rpc: fix padding caclucation in ncacn_push_request_sign()
This is simplified by using DCERPC_AUTH_PAD_LENGTH() and changes the behaviour
so that we will use no padding if the stub_length is already aligned
to DCERPC_AUTH_PAD_ALIGNMENT (16 bytes).
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11061
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Sat, 20 Jun 2015 15:47:14 +0000 (17:47 +0200)]
s4:librpc/rpc: let ncacn_push_request_sign() handle sig_size == 0 with auth_info as internal error
Don't send plaintext on the wire because of an internal error...
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11061
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Fri, 19 Jun 2015 20:35:44 +0000 (22:35 +0200)]
s4:librpc/rpc: let dcerpc_ship_next_request() use a sig_size for a padded payload
The sig_size could differ depending on the aligment/padding.
So should use the same alignment as we use for the payload.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11061
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Fri, 19 Jun 2015 20:35:44 +0000 (22:35 +0200)]
s4:librpc/rpc: let dcerpc_ship_next_request() use DCERPC_AUTH_PAD_ALIGNMENT define
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11061
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Fri, 19 Jun 2015 20:23:01 +0000 (22:23 +0200)]
s3:include: remove used unused {CLIENT,SERVER}_NDR_PADDING_SIZE
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11061
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Fri, 19 Jun 2015 20:09:57 +0000 (22:09 +0200)]
s3:rpc_server: remove pad handling from api_pipe_alter_context()
This is not needed and windows doesn't use it.
The padding is for the payload in request and response.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11061
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Fri, 19 Jun 2015 13:52:11 +0000 (15:52 +0200)]
s3:librpc/rpc: fix padding calculation in dcerpc_guess_sizes()
The padding needs to be relative to the payload start not to the pdu start.
We also need align the padding to DCERPC_AUTH_PAD_ALIGNMENT (16 bytes).
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11061
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Fri, 19 Jun 2015 14:55:39 +0000 (16:55 +0200)]
s3:librpc/rpc: allow up to DCERPC_AUTH_PAD_ALIGNMENT padding bytes in dcerpc_add_auth_footer()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11061
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Sat, 20 Jun 2015 15:43:47 +0000 (17:43 +0200)]
librpc/rpc: add DCERPC_AUTH_PAD_LENGTH(stub_length) helper macro
This calculates the required padding DCERPC_AUTH_PAD_ALIGNMENT
and the stub_length.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11061
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Fri, 19 Jun 2015 14:48:48 +0000 (16:48 +0200)]
dcerpc.idl: add DCERPC_AUTH_PAD_ALIGNMENT (=16)
Windows pads the payload aligned to 16 bytes.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11061
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Sat, 20 Jun 2015 14:19:31 +0000 (16:19 +0200)]
auth/gensec: make sure gensec_start_mech_by_authtype() resets SIGN/SEAL before starting
We want to set GENSEC_FEATURE_SIGN and GENSEC_FEATURE_SEAL based on the given
auth_level and should not have GENSEC_FEATURE_SEAL if
DCERPC_AUTH_LEVEL_INTEGRITY is desired.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11061
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Fri, 19 Jun 2015 12:46:53 +0000 (14:46 +0200)]
auth/gensec: gensec_[un]seal_packet() should only work with GENSEC_FEATURE_DCE_STYLE
gensec_sig_size() also requires GENSEC_FEATURE_DCE_STYLE if
GENSEC_FEATURE_SEAL is negotiated.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Mon, 22 Jun 2015 13:17:33 +0000 (15:17 +0200)]
auth/credentials: use HAVE_GSS_KRB5_CRED_NO_CI_FLAGS_X instead of SAMBA4_USES_HEIMDAL
Newer MIT versions also have this.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
Stefan Metzmacher [Mon, 22 Jun 2015 13:17:10 +0000 (15:17 +0200)]
s4:heimdal_build: define HAVE_GSS_KRB5_CRED_NO_CI_FLAGS_X
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
Ralph Boehme [Wed, 10 Jun 2015 13:30:04 +0000 (15:30 +0200)]
s4:torture:vfs_fruit: copyfile
Bug: https://bugzilla.samba.org/show_bug.cgi?id=11317
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Tue Jun 23 14:37:05 CEST 2015 on sn-devel-104
Ralph Boehme [Wed, 22 Apr 2015 20:29:16 +0000 (22:29 +0200)]
vfs:fruit: implement copyfile style copy_chunk
Implement Apple's special copy_chunk ioctl that requests a copy of the
whole file along with all attached metadata.
These copy_chunk requests have a chunk count of 0 that we translate to a
copy_chunk_send VFS call overloading the parameters src_off = dest_off =
num = 0.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=11317
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Ralph Boehme [Wed, 22 Apr 2015 20:29:16 +0000 (22:29 +0200)]
smb2:ioctl: support for OS X AAPL copyfile style copy_chunk
Apple's special copy_chunk ioctl that requests a copy of the whole file
along with all attached metadata.
These copy_chunk requests have a chunk count of 0 that we translate to a
copy_chunk_send VFS call overloading the parameters src_off = dest_off =
num = 0.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=11317
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Ralph Boehme [Mon, 27 Apr 2015 10:16:16 +0000 (12:16 +0200)]
s3:util: use pread/pwrite in transfer_file
read/write aren't overloaded in the streams VFS modules, using
pread/pwrite instead this makes it possible to use transfer_file() with
named streams.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=11317
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Ralph Boehme [Tue, 9 Jun 2015 15:47:31 +0000 (17:47 +0200)]
smbd/smb2_ioctl: fix error handling
tevent_req_nterror must be called directly as the last step before
returning with tevent_req_post.
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Ralph Boehme [Mon, 15 Jun 2015 16:31:23 +0000 (18:31 +0200)]
vfs_fruit: simplify lp_parm_bool check
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Felix Janda [Sun, 21 Jun 2015 10:03:56 +0000 (12:03 +0200)]
replace: Replace BSD strtoll by wrapping strtoll instead of strtoq
When it is detected that strtoll returns EINVAL not only in the case
that the base is not supported, HAVE_BSD_STRTOLL is declared and
strtoll is replaced. The current replacement code wraps strtoq in
order to replace strtoll and errors out when strtoq is missing.
In order to remove this possible error path, we can use strtoll instead
of strtoq since the code is only used when it is known that strtoll exists.
The fixes a compilation problem on linux systems using musl libc, which
has a BSD-like strtoll but no strtoq.
Signed-off-by: Felix Janda <felix.janda@posteo.de>
Reviewed-by: Volker Lendecke <vl@samba.org>
Reviewed-by: "Stefan (metze) Metzmacher" <metze@samba.org>
Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Mon Jun 22 12:49:10 CEST 2015 on sn-devel-104