Günther Deschner [Thu, 13 Aug 2009 22:48:58 +0000 (00:48 +0200)]
ntlmssp: add string helper functions to handle OEM and UNICODE charset.
Guenther
Günther Deschner [Thu, 13 Aug 2009 15:11:07 +0000 (17:11 +0200)]
ntlmssp: add ntlmssp helper skeleton.
Guenther
Günther Deschner [Wed, 12 Aug 2009 13:23:28 +0000 (15:23 +0200)]
ntlmssp: add IDL.
Guenther
Rusty Russell [Fri, 28 Aug 2009 02:41:23 +0000 (12:11 +0930)]
lib/tevent: close pipe_fds on event_context destruction
The "hack_fds" were never closed before; now they're inside event_context
they should be closed when that is destroyed.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
Rusty Russell [Fri, 28 Aug 2009 02:38:47 +0000 (12:08 +0930)]
lib/tevent: handle tevent_common_add_signal on different event contexts.
I don't know if this is a problem in real life.
The code assumes there's only one tevent_context; all signals will notify
the first event context. That's counter-intuitive if you ever use more
than one, and there's nothing else in this code which prevents it AFAICT.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
Rusty Russell [Fri, 28 Aug 2009 02:34:22 +0000 (12:04 +0930)]
lib/tevent: fix race with signals and tevent_common_add_signal
We carefully preserve the old signal handler, but we replace it before
we've set up everything; in particular, if we fail setting up the
pipe_hack we could write a NUL char to stdout (fd 0), instead of
calling the old signal handler.
Replace the signal handler as the very last thing we do.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
Rusty Russell [Fri, 28 Aug 2009 02:26:34 +0000 (11:56 +0930)]
lib/tdb: don't overwrite TDBs with different version numbers.
In future, this may happen, and we don't want to clobber them.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
Rusty Russell [Wed, 26 Aug 2009 08:00:32 +0000 (17:30 +0930)]
lib/tevent: remove spectacularly complicated manual subtraction
To be completely honest, I don't quite know whether to laugh or cry at
this one:
1 + (0xFFFFFFFF & ~(s.seen - s.count))
== 1 + (~(s.seen - s.count)) # s.seen, s.count are uint32_t
== s.count - s.seen # -A == ~A + 1
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
Michael Adam [Wed, 26 Aug 2009 10:58:47 +0000 (12:58 +0200)]
util: fix comment and clarify argument name in DLIST_DEMOTE()
Michael
Stefan Metzmacher [Wed, 19 Aug 2009 07:58:38 +0000 (09:58 +0200)]
s3:smbd: teach filename_convert() about fake files (2nd fix for bug #6642)
metze
Stefan Metzmacher [Wed, 19 Aug 2009 07:57:47 +0000 (09:57 +0200)]
s3:smbd: add is_fake_file_path() that takes only the raw path as string
metze
Stefan Metzmacher [Tue, 18 Aug 2009 09:34:54 +0000 (11:34 +0200)]
s3:streams: check for :$DATA only in the backend (fix bug #6642)
We need to allow "\\$Extend\\$Quota:$Q:$INDEX_ALLOCATION" to pass
check_path(), so that the Quota Dialog works.
metze
Stefan Metzmacher [Tue, 18 Aug 2009 09:32:37 +0000 (11:32 +0200)]
s3:error_map: make NTSTATUS -> errno -> NTSTATUS mapping consistent for NT_STATUS_INVALID_PARAMETER
Why have we mapped EINVAL -> NT_STATUS_INVALID_HANDLE before?
metze
Günther Deschner [Thu, 13 Aug 2009 22:36:21 +0000 (00:36 +0200)]
s3-ntlmssp: remove trailing whitespace.
Guenther
Stefan Metzmacher [Tue, 25 Aug 2009 09:25:47 +0000 (11:25 +0200)]
libcli/auth: add netlogon_creds_step_crypt() and netlogon_creds_first_step()
This abstracts the usage of crypto functions instead of directly calling
des_crypt112().
metze
Signed-off-by: Günther Deschner <gd@samba.org>
Stefan Metzmacher [Tue, 25 Aug 2009 09:12:48 +0000 (11:12 +0200)]
libcli/auth: remove some useless lines
metze
Signed-off-by: Günther Deschner <gd@samba.org>
Stefan Metzmacher [Tue, 25 Aug 2009 10:02:38 +0000 (12:02 +0200)]
libcli/auth: remember schannel type in netlogon_creds_server_init()
metze
Signed-off-by: Günther Deschner <gd@samba.org>
Günther Deschner [Tue, 25 Aug 2009 22:45:02 +0000 (00:45 +0200)]
s3-schannel: remove remaining code that was using "struct dcinfo".
Guenther
Günther Deschner [Tue, 25 Aug 2009 20:45:15 +0000 (22:45 +0200)]
s3-credentials: remove unused code.
Guenther
Günther Deschner [Wed, 26 Aug 2009 09:46:58 +0000 (11:46 +0200)]
s3-schannel: upgrade old format schannel_store.tdb.
Guenther
Günther Deschner [Tue, 25 Aug 2009 20:38:55 +0000 (22:38 +0200)]
s3-netlogon: use shared credential and schannel storage infrastructure for netlogon server.
Guenther
Günther Deschner [Tue, 25 Aug 2009 20:26:34 +0000 (22:26 +0200)]
s3-netlogon: add netr_creds_server_step_check() convenience wrapper.
Guenther
Günther Deschner [Tue, 25 Aug 2009 22:31:27 +0000 (00:31 +0200)]
s3-schannel: add simple wrappers to fetch and store schannel auth info.
Guenther
Günther Deschner [Tue, 25 Aug 2009 19:45:24 +0000 (21:45 +0200)]
s3-schannel: make open_schannel_session_store() public.
Guenther
Günther Deschner [Tue, 25 Aug 2009 19:16:27 +0000 (21:16 +0200)]
libcli/auth: add tdb backend for schannel state.
Guenther
Günther Deschner [Wed, 26 Aug 2009 13:08:32 +0000 (15:08 +0200)]
libcli/auth: move netlogon_creds_CredentialState out of libcli.
Guenther
Günther Deschner [Wed, 26 Aug 2009 12:45:35 +0000 (14:45 +0200)]
schannel: add netlogon_creds_CredentialState to IDL.
Guenther
Günther Deschner [Tue, 25 Aug 2009 19:09:53 +0000 (21:09 +0200)]
s4-schannel: add ldb suffix to schannel functions.
Guenther
Günther Deschner [Tue, 25 Aug 2009 16:59:39 +0000 (18:59 +0200)]
libcli/auth: rename schannel_state.c to schannel_state_ldb.c.
Guenther
Günther Deschner [Wed, 26 Aug 2009 14:48:00 +0000 (16:48 +0200)]
s3-build: add SCHANNEL_OBJ to Makefile.in.
Guenther
Volker Lendecke [Thu, 27 Aug 2009 12:55:41 +0000 (14:55 +0200)]
s3:winbind: Convert WINBINDD_GETUSERSIDS to the new API
Volker Lendecke [Thu, 27 Aug 2009 12:34:59 +0000 (14:34 +0200)]
s3:winbind: Fix a typo
Volker Lendecke [Thu, 27 Aug 2009 12:16:22 +0000 (14:16 +0200)]
s3:winbind: Remove the manual caching for the async wb_ functions
The generic NDR-based cache in winbindd_dual_ndr.c replaces this.
Volker Lendecke [Tue, 25 Aug 2009 10:25:12 +0000 (12:25 +0200)]
s3:winbind: Some calls are not cacheable
Volker Lendecke [Tue, 25 Aug 2009 09:26:14 +0000 (11:26 +0200)]
s3:winbind: Factor out wcache_store_seqnum()
Volker Lendecke [Sun, 23 Aug 2009 22:13:02 +0000 (00:13 +0200)]
s3:winbind: Add a generic cache for NDR based parent-child requests
Volker Lendecke [Sun, 23 Aug 2009 22:08:14 +0000 (00:08 +0200)]
s3:winbind: Factor out wcache_fetch_seqnum
Günther Deschner [Thu, 27 Aug 2009 11:37:06 +0000 (13:37 +0200)]
s4-smbtorture: do not hard code BDC secure channel type into RPC-NETLOGON tests.
Guenther
Günther Deschner [Thu, 27 Aug 2009 10:32:56 +0000 (12:32 +0200)]
s4-smbtorture: add test_SetPassword_flags to RPC-NETLOGON-S3 testsuite.
Guenther
Andrew Bartlett [Thu, 27 Aug 2009 09:38:04 +0000 (19:38 +1000)]
s4:python Add helper to get at the domain SID
Steven Danneman [Wed, 26 Aug 2009 23:17:38 +0000 (16:17 -0700)]
s3/smbd: open the share_info.tdb on startup instead of tconx
This is a small performance optimization. Instead of opening the tdb
on every smb connection in the forked child process, we now open it in
the parent and share the fd.
This also reduces the total fd usage in the system.
Steven Danneman [Wed, 26 Aug 2009 17:36:48 +0000 (10:36 -0700)]
s3/debug: make SPENGO OID list appear under one debug header
Steven Danneman [Wed, 29 Jul 2009 23:13:44 +0000 (16:13 -0700)]
s3/winbindd: Remove unnecessary check for NULL SID
There's a known bug in some Windows implementations of
DsEnumerateDomainTrusts() where domain SIDs are not returned for
transitively trusted domains within the same forest.
Jerry originally worked around this in the winbindd parent by checking
for S-0-0 and converting it to S-1-0 in
8b0fce0b. Guenter later moved
these checks into the child process in commit
3bdfcbac making the
initial patch unecessary.
I've removed it and added a clarifying comment to the child process.
If ever this SID is needed we could add an extra DsEnumerateDomainTrusts()
call in trusted_domains() as suggested by the Microsoft KB.
Günther Deschner [Wed, 26 Aug 2009 21:03:42 +0000 (23:03 +0200)]
s3-selftest: enable running RPC-NETLOGON-S3 against samba3.
Guenther
Günther Deschner [Wed, 26 Aug 2009 20:27:07 +0000 (22:27 +0200)]
s4-smbtorture: add RPC-NETLOGON-S3 to test samba3 netlogon server.
Guenther
tprouty [Wed, 26 Aug 2009 01:38:17 +0000 (01:38 +0000)]
s3 onefs: Canonicalize the ACL in the correct order
tprouty [Wed, 26 Aug 2009 01:38:14 +0000 (01:38 +0000)]
s3: Allow full_audit to play nice with smbd if it's using syslog
Explictly pass the facility from both smbd and full_audit to syslog.
Really the only major change is to not call openlog() in full_audit if
WITH_SYSLOG is defined, which implies that smbd is already using
syslog. This allows full audit to piggy-back on the same ident as
smbd, while still differentiating the logging via the facility.
tprouty [Wed, 26 Aug 2009 01:38:07 +0000 (01:38 +0000)]
s3 audit: Change create_file in full_audit to print whether a directory or file was requested
full_audit will now print out whether the createfile was requested for
a file or directory. The create disposition is also printed out.
Volker Lendecke [Wed, 26 Aug 2009 16:20:06 +0000 (18:20 +0200)]
s3:winbind: Fix Coverity ID 942: Resource Leak
Stefan Metzmacher [Wed, 26 Aug 2009 06:10:35 +0000 (08:10 +0200)]
s4:heimdal_build: lib/hcrypto/evp-aes-cts.o belongs to HEIMDAL_HCRYPTO
metze
Günther Deschner [Wed, 26 Aug 2009 09:35:40 +0000 (11:35 +0200)]
s3-netlogon: let get_md4pw() return a struct dom_sid.
Guenther
Günther Deschner [Tue, 24 Mar 2009 17:33:28 +0000 (18:33 +0100)]
schannel: add generated files.
Guenther
Günther Deschner [Mon, 23 Mar 2009 13:08:09 +0000 (14:08 +0100)]
schannel: move schannel.idl to main directory.
Guenther
Günther Deschner [Wed, 26 Aug 2009 12:46:17 +0000 (14:46 +0200)]
netlogon: make netr_NegotiateFlags a public bitmap.
Guenther
Volker Lendecke [Wed, 26 Aug 2009 12:56:41 +0000 (14:56 +0200)]
Add a parameter to disable the automatic creation of krb5.conf files
This is necessary because MIT 1.5 can't deal with certain types (Tree Root) of
transitive AD trusts. The workaround is to add a [capaths] directive to
/etc/krb5.conf, which we don't automatically put into the krb5.conf winbind
creates.
The alternative would have been something like a "krb5 conf include", but I
think if someone has to mess with /etc/krb5.conf at this level, it should be
easy to add the site-local KDCs as well.
Next alternative is to correctly figure out the [capaths] parameter for all
trusted domains, but for that I don't have the time right now. Sorry :-)
Jeff Layton [Wed, 26 Aug 2009 10:26:02 +0000 (06:26 -0400)]
cifs.upcall: make using ip address conditional on new option
Igor Mammedov pointed out that reverse resolving an IP address to get
the hostname portion of a principal could open a possible attack
vector. If an attacker were to gain control of DNS, then he could
redirect the mount to a server of his choosing, and fix the reverse
resolution to point to a hostname of his choosing (one where he has
the key for the corresponding cifs/ or host/ principal).
That said, we often trust DNS for other reasons and it can be useful
to do so. Make the code that allows trusting DNS to be enabled by
adding --trust-dns to the cifs.upcall invocation.
Signed-off-by: Jeff Layton <jlayton@redhat.com>
Jeff Layton [Wed, 26 Aug 2009 10:15:42 +0000 (06:15 -0400)]
cifs.upcall: switch to getopt_long
...to allow long option names.
Signed-off-by: Jeff Layton <jlayton@redhat.com>
Andrew Bartlett [Wed, 26 Aug 2009 07:31:44 +0000 (17:31 +1000)]
s4:provision Ensure that @OPTIONS is mirrored into each partition
The previous patches to the provision system cut down on the number of
reconnects, and disabled the partition handling for part of the
process. This means we lost the setting of @OPTIONS as a replicated
attribute into the partitions.
Andrew Bartlett
Andrew Bartlett [Wed, 26 Aug 2009 05:59:00 +0000 (15:59 +1000)]
s4:ldb Add ldb_ldif_write_string() and python wrappers
This allows us to turn a python LdbMessage back into a string.
Andrew Bartlett
Andrew Bartlett [Wed, 26 Aug 2009 05:01:12 +0000 (15:01 +1000)]
s4:ldb Add hooks to get/set the flags on a ldb_message_element
Also add tests to prove that we got this correct, and correct the
existing tests which used the wrong constants.
Andrew Bartlett
Andrew Bartlett [Wed, 26 Aug 2009 03:44:50 +0000 (13:44 +1000)]
s4:schema Rework dsdb_write_prefixes_from_schema_to_ldb() to use talloc
This changes dsdb_write_prefixes_from_schema_to_ldb() to use an
internal talloc hirarchy, so we can safely give it a NULL context from
the python.
It also fixes manual construction of the ldb_message - we now use the
right helper functions.
Andrew Bartlett
Andrew Bartlett [Wed, 26 Aug 2009 03:43:33 +0000 (13:43 +1000)]
s4:provison Add prefixes to ldb using same code a later modify will use
This allows us to test out the code that will do the modify of the
prefixMap, and to provide the bindings that may assist a future
upgrade script.
Andrew Bartlett
Andrew Bartlett [Wed, 26 Aug 2009 02:39:44 +0000 (12:39 +1000)]
s4:provision Only create references to our server DN after the self join
This will ensure that the GUID can be filled in correctly, and assist
us to validate DN targets in the future.
Andrew Bartlett
Andrew Bartlett [Wed, 26 Aug 2009 02:32:47 +0000 (12:32 +1000)]
s4:scheam quiet a 'const' warning
Andrew Bartlett [Wed, 26 Aug 2009 02:29:45 +0000 (12:29 +1000)]
s4:dsdb Rework dsdb_write_prefixes_to_ldb() to take a schema
The aim is to create a function that is more easily wrapped for
python, so that we can write the updated prefixMap in an upgrade
script.
Andrew Bartlett
Andrew Bartlett [Wed, 26 Aug 2009 01:01:27 +0000 (11:01 +1000)]
s4:dsdb Use helper function to add 'show deleted' control
This revises tridge's commit
61ca4c491e1c13eb7d97847f743b0f540f1117c4
to use ldb_request_add_control() instead of a manual construction.
Andrew Bartlett
Günther Deschner [Tue, 25 Aug 2009 23:03:47 +0000 (01:03 +0200)]
s3-netlogon: fix default case when _netr_LogonSamLogon is called from other opcodes.
Guenther
Günther Deschner [Tue, 25 Aug 2009 23:01:43 +0000 (01:01 +0200)]
Revert "s3: Fix uninitialized const char *"
Tim, I am reverting this as this eliminates "_netr_LogonSamLogonEx" from the
debug messages completely. Followup fix to come immediately.
This reverts commit
add9b4afb14d3426d1f3bf5b8e7c86926f462578.
Günther Deschner [Tue, 25 Aug 2009 16:47:15 +0000 (18:47 +0200)]
s3-netlogon: get rid of init_net_r_req_chal().
Guenther
Günther Deschner [Tue, 25 Aug 2009 16:44:24 +0000 (18:44 +0200)]
s3-netlogon: let get_md4pw() return a struct samr_Password.
(in preparation of credential merge).
Guenther
Günther Deschner [Tue, 25 Aug 2009 16:36:28 +0000 (18:36 +0200)]
s3-netlogon: make _netr_ServerAuthenticate a callback to _netr_ServerAuthenticate3.
Guenther
Zach Loafman [Tue, 25 Aug 2009 17:46:37 +0000 (10:46 -0700)]
Allow for name array strings that don't end in a slash
Fix set_namearray to allow for strings that don't end in a slash. Also
remove unnecessary strdup()s.
Signed-off-by: Tim Prouty <tprouty@samba.org>
Volker Lendecke [Tue, 25 Aug 2009 15:03:26 +0000 (17:03 +0200)]
Add some const to dsgetdcname
Volker Lendecke [Tue, 25 Aug 2009 15:02:53 +0000 (17:02 +0200)]
Do an early TALLOC_FREE
Günther Deschner [Tue, 25 Aug 2009 09:10:53 +0000 (11:10 +0200)]
netlogon: give netlogon w7/w2k8r2 AES negotiate flag proper name (see bug #6099 for details).
Guenther
Andrew Tridgell [Tue, 25 Aug 2009 07:00:27 +0000 (17:00 +1000)]
fixed DRS rename of deleted objects
The objectclass module checks that the target parent exists, and
refuses renames if it doesn't exist. For this to work for deleted
objects we have to do the search in the objectclass module with the
"show deleted" control enabled.
Andrew Tridgell [Tue, 25 Aug 2009 06:59:25 +0000 (16:59 +1000)]
fixed a double free bug on error in net export
Andrew Bartlett [Tue, 25 Aug 2009 06:27:20 +0000 (16:27 +1000)]
s4:python Fix the reprovision test by deleting 'deleted' objects too.
We were failing because CN=Deleted Objects, which is marked as
'deleted' itself, could not be re-added in a reprovision.
Andrew Bartlett
Andrew Bartlett [Tue, 25 Aug 2009 06:25:55 +0000 (16:25 +1000)]
s4:dsdb Rework show_deleted module not to liniearise the LDAP filter
Instead, use the fact that the ldb_parse_tree structure is public to
construct the 'and not deleted' clause as a structure, and apply each
filter tree to that template.
Andrew Bartlett
Jeremy Allison [Tue, 25 Aug 2009 04:14:52 +0000 (21:14 -0700)]
Help debug for bug 6651 - smbd SIGSEGV when breaking oplocks.
Should help track if we get invoked with an invalid fd from
the signal handler.
Jeremy.
Jeremy Allison [Tue, 25 Aug 2009 03:57:37 +0000 (20:57 -0700)]
Second attempt at fix for bug 6529 - Offline files conflict with Vista and Office 2003.
Confirmation from reporter that this fixes the issue in master on ext3/ext4.
Back-ports to follow.
Jeremy.
Jeremy Allison [Tue, 25 Aug 2009 01:21:23 +0000 (18:21 -0700)]
Allow systems with timestamp granularity of 1sec to work with
this test.
Jeremy.
Jeremy Allison [Mon, 24 Aug 2009 22:09:29 +0000 (15:09 -0700)]
Use existing time_t rounding function, don't invent my own.
Jeremy.
Günther Deschner [Mon, 24 Aug 2009 21:02:20 +0000 (23:02 +0200)]
netlogon: add (yet) undocumented netlogon negotiate bit to bitmap.
This bit is set by the Win7 client while joining.
Guenther
Günther Deschner [Mon, 24 Aug 2009 21:00:47 +0000 (23:00 +0200)]
s3-netlogon: Only hand out rid when netlogon credential chain has been setup sucessfully.
Guenther
Jeremy Allison [Mon, 24 Aug 2009 19:30:05 +0000 (12:30 -0700)]
Second part of fix for 6529 - Offline files conflict with Vista and Office 2003.
ext4 may be able to store ns timestamps, but the only API to *set* timestamps
takes usec, not nsec. Round to usec on set requests.
Jeremy.
Jeremy Allison [Mon, 24 Aug 2009 18:24:10 +0000 (11:24 -0700)]
Fix make test.
Jeremy.
Olaf Flebbe [Mon, 17 Aug 2009 15:31:01 +0000 (17:31 +0200)]
make smbcontrol smbd ping work proper checking for arguments handle short pid_t correctly
Günther Deschner [Mon, 24 Aug 2009 12:28:04 +0000 (14:28 +0200)]
libndr: add missing protoypes for double type.
Guenther
Günther Deschner [Mon, 24 Aug 2009 12:27:13 +0000 (14:27 +0200)]
tevent: avoid using reserved c++ word.
Guenther
Andrew Bartlett [Mon, 24 Aug 2009 10:22:18 +0000 (20:22 +1000)]
s4:dsdb Use talloc_strndup() to ensure OIDs are null terminated
The OIDs are not NULL terminated by the python caller, in line with
the LDB API, but we need them to be here, as we were casting them to a
string.
Andrew Bartlett
Andrew Bartlett [Mon, 24 Aug 2009 10:11:43 +0000 (20:11 +1000)]
s4:ldb Add python binding and test for ldb_msg_diff()
Andrew Bartlett [Mon, 24 Aug 2009 03:15:31 +0000 (13:15 +1000)]
s4:dsdb Add const
Andrew Bartlett [Mon, 24 Aug 2009 03:15:17 +0000 (13:15 +1000)]
s4:dsdb remove unused variable
Andrew Bartlett [Mon, 24 Aug 2009 03:09:10 +0000 (13:09 +1000)]
s4:dsdb use talloc_strndup() in GET_STRING_LDB() rather than walk off the end
The problem is that samdb_result_string() and
ldb_msg_find_attr_as_string() both simply cast the string, rather than
ensuring the return value is NULL terminated. This may be best
regarded as a flaw in LDB, but fixing it there is going to be more
difficult.
Andrew Bartlett
Andrew Tridgell [Mon, 24 Aug 2009 06:33:00 +0000 (16:33 +1000)]
note the semantic change in talloc_free from 2.0
Andrew Tridgell [Mon, 24 Aug 2009 06:27:05 +0000 (16:27 +1000)]
fixed typo in talloc doc XML
Andrew Tridgell [Mon, 24 Aug 2009 06:21:58 +0000 (16:21 +1000)]
LIBREPLACEOBJ now contains the full path
Andrew Tridgell [Mon, 24 Aug 2009 06:01:18 +0000 (16:01 +1000)]
updated XML source for talloc man page
Andrew Tridgell [Mon, 24 Aug 2009 06:01:05 +0000 (16:01 +1000)]
added talloc_set_log_* documentation