Christof Schmitt [Wed, 10 Dec 2014 22:51:17 +0000 (15:51 -0700)]
gpfs: Move get_gpfs_quota to vfs_gpfs.c
Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Ralph Böhme <slow@samba.org>
Christof Schmitt [Wed, 10 Dec 2014 22:50:14 +0000 (15:50 -0700)]
gpfs: Move set_gpfs_lease to vfs_gpfs.c
Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Ralph Böhme <slow@samba.org>
Christof Schmitt [Wed, 10 Dec 2014 22:49:25 +0000 (15:49 -0700)]
gpfs: Move set_gpfs_sharemode to vfs_gpfs.c
Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Ralph Böhme <slow@samba.org>
Christof Schmitt [Wed, 10 Dec 2014 22:47:46 +0000 (15:47 -0700)]
gpfs: Introduce wrapper for gpfs_getfilesetid
Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Ralph Böhme <slow@samba.org>
Christof Schmitt [Wed, 10 Dec 2014 22:46:07 +0000 (15:46 -0700)]
gpfs: Introduce wrapper for gpfs_fcntl
Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Ralph Böhme <slow@samba.org>
Christof Schmitt [Wed, 10 Dec 2014 22:42:32 +0000 (15:42 -0700)]
gpfs: Introduce wrapper for gpfs_quotactl
Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Ralph Böhme <slow@samba.org>
Christof Schmitt [Wed, 10 Dec 2014 22:40:16 +0000 (15:40 -0700)]
gpfs: Introduce wrapper for gpfs_set_times_path
Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Ralph Böhme <slow@samba.org>
Christof Schmitt [Wed, 10 Dec 2014 22:34:59 +0000 (15:34 -0700)]
gpfs: Rename wrapper for gpfs_lib_init
Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Ralph Böhme <slow@samba.org>
Christof Schmitt [Wed, 10 Dec 2014 22:33:23 +0000 (15:33 -0700)]
gpfs: Rename wrapper for gpfs_ftruncate
Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Ralph Böhme <slow@samba.org>
Christof Schmitt [Wed, 10 Dec 2014 22:31:42 +0000 (15:31 -0700)]
gpfs: Rename wrapper for gpfs_prealloc
Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Ralph Böhme <slow@samba.org>
Christof Schmitt [Wed, 10 Dec 2014 22:29:19 +0000 (15:29 -0700)]
gpfs: Rename wrapper for gpfs_get_winattrs
Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Ralph Böhme <slow@samba.org>
Christof Schmitt [Wed, 10 Dec 2014 22:27:05 +0000 (15:27 -0700)]
gpfs: Rename wrapper for gpfs_get_winattrs_path
Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Ralph Böhme <slow@samba.org>
Christof Schmitt [Wed, 10 Dec 2014 22:22:27 +0000 (15:22 -0700)]
gpfs: Rename wrapper for gpfs_set_winattrs_path
Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Ralph Böhme <slow@samba.org>
Christof Schmitt [Wed, 10 Dec 2014 22:15:53 +0000 (15:15 -0700)]
gpfs: Rename wrapper for gpfs_get_realfilename_path
Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Ralph Böhme <slow@samba.org>
Christof Schmitt [Wed, 10 Dec 2014 22:11:18 +0000 (15:11 -0700)]
gpfs: Rename wrapper for gpfs_putacl
Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Ralph Böhme <slow@samba.org>
Christof Schmitt [Wed, 10 Dec 2014 22:09:07 +0000 (15:09 -0700)]
gpfs: Rename wrapper for gpfs_getacl
Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Ralph Böhme <slow@samba.org>
Christof Schmitt [Wed, 10 Dec 2014 22:06:02 +0000 (15:06 -0700)]
gpfs: Introduce wrapper for gpfs_set_lease
Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Ralph Böhme <slow@samba.org>
Christof Schmitt [Wed, 18 Feb 2015 21:22:55 +0000 (14:22 -0700)]
gpfs: Introduce wrapper for gpfs_set_share
Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Ralph Böhme <slow@samba.org>
Christof Schmitt [Wed, 18 Feb 2015 17:14:22 +0000 (10:14 -0700)]
gpfs: Simplify initialization for gpfs library wrapper
Merge the code for initializing the function pointers in one function.
Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Ralph Böhme <slow@samba.org>
Christof Schmitt [Wed, 18 Feb 2015 17:13:55 +0000 (10:13 -0700)]
gpfs: Remove search for libgpfs_gpl.so
Similar to the header files, libgpfs_gpl.so no longer exists. The
library is now always called libgpfs.so.
Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Ralph Böhme <slow@samba.org>
Christof Schmitt [Wed, 18 Feb 2015 17:13:33 +0000 (10:13 -0700)]
gpfs: Look for gpfs header files also in /usr/lpp/mmfs/include/
That is the default directory for the gpfs header files.
Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Ralph Böhme <slow@samba.org>
Christof Schmitt [Wed, 18 Feb 2015 17:12:43 +0000 (10:12 -0700)]
gpfs: Always use gpfs_fcntl.h headerfile
gpfs_gpl.h no longer exists, everything from that header file has been
merged to gpfs.h. gpfs_fcntl.h implicitly includes gpfs.h. Simplify the
code by only looking for gpfs_fcntl.h and including that file.
Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Ralph Böhme <slow@samba.org>
Michael Adam [Mon, 2 Feb 2015 15:16:45 +0000 (16:16 +0100)]
selftest: re-enable nsswrapper integration testing for dc and member environments.
There are some failures:
- The dc environment fails consistently due to duplicate uid,
(for the calling user and the domain administrator).
==> Marked as knownfail.
- The s3member environment only fails under very strange
circumstances:
- one needs to run the unix.whoami test in the
member and s3member environment for the local.nss
test to fail in the s3member:local env. The failure
is then related to builtin administrators sharing
a gid with a different group.
--> This is really really strange!!!
==> Marked as knownfail.
Pair-Programmed-With: Guenther Deschner <gd@samba.org>
Signed-off-by: Michael Adam <obnox@samba.org>
Signed-off-by: Günther Deschner <gd@samba.org>
Autobuild-User(master): Günther Deschner <gd@samba.org>
Autobuild-Date(master): Mon Mar 2 19:50:55 CET 2015 on sn-devel-104
Günther Deschner [Sat, 7 Feb 2015 13:10:01 +0000 (14:10 +0100)]
s4-torture: cleanup nsswrapper test a little by removing nwrap references.
Guenther
Signed-off-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
Günther Deschner [Mon, 2 Feb 2015 13:50:30 +0000 (14:50 +0100)]
s4-torture: re-add nss-wrapper torture testsuite.
(The testsuite got removed with
5bb410f85312196bb24e62a6a0b8350576433dc6).
Although nss_wrapper now also has an upstream testsuite, it is still important
to run the older torture testsuite within Samba so we have some testing on
nss_winbind correctnes and consistency.
Guenther
Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Andreas Schneider [Mon, 2 Mar 2015 10:55:01 +0000 (11:55 +0100)]
doc-xml: Add 'sharesec' reference to 'access based share enum'
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11127
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Mon Mar 2 14:33:33 CET 2015 on sn-devel-104
David Disseldorp [Fri, 27 Feb 2015 14:52:47 +0000 (14:52 +0000)]
selftest: shuffle msdfs-share DFS referral responses
Add a secondary server path to the msdfs-src1 DFS link, and test "msdfs
shuffle referrals" behaviour during selftest using the existing
samba3.blackbox.smbclient_s3 suite.
Signed-off-by: David Disseldorp <ddiss@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Sat Feb 28 01:22:36 CET 2015 on sn-devel-104
Robin McCorkell [Fri, 27 Feb 2015 14:52:46 +0000 (14:52 +0000)]
MSDFS referral shuffling
Shuffle MSDFS referral list in smbd in accordance with [MS-DFSC] 3.2.1.1
When parsing an MSDFS symlink, the names are shuffled with a Fisher-Yates
algorithm.
Signed-off-by: Robin McCorkell <rmccorkell@karoshi.org.uk>
Reviewed-by: David Disseldorp <ddiss@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Fri, 23 Jan 2015 13:32:45 +0000 (13:32 +0000)]
winbind: Slightly simplify wb_sids2xids
We only needs "names" and "domains" wb_sids2xids_lookupsids_done. It confused
me when reading this code that these variables are stored in "state".
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Fri, 27 Feb 2015 14:04:36 +0000 (14:04 +0000)]
lib: Fix talloc hierarchy in init_lsa_ref_domain_list
The sid is copied, so the name should also be copied.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Amitay Isaacs [Thu, 26 Feb 2015 00:09:09 +0000 (11:09 +1100)]
lib/util: Build iov_buf library only when building samba
lib/util can be built with SAMBA_UTIL_CORE_ONLY for building standalone
ctdb. Any new libraries if not required by ctdb should be built only
when SAMBA_UTIL_CORE_ONLY is not specified.
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Michael Adam <obnox@samba.org>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Autobuild-User(master): Martin Schwenke <martins@samba.org>
Autobuild-Date(master): Fri Feb 27 09:06:01 CET 2015 on sn-devel-104
Volker Lendecke [Wed, 25 Feb 2015 21:17:57 +0000 (21:17 +0000)]
libsmb: Make "ip_service_compare" static
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Fri Feb 27 06:20:58 CET 2015 on sn-devel-104
Michael Adam [Thu, 26 Feb 2015 23:27:29 +0000 (00:27 +0100)]
tevent: version 0.9.23
* Add Solaris ports as tevent backend.
* Improvements to the tevent_data tutorial.
* Remove use of the 'staticforward' macro.
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Michael Adam <obnox@samba.org>
Autobuild-Date(master): Fri Feb 27 03:48:57 CET 2015 on sn-devel-104
Volker Lendecke [Fri, 12 Dec 2014 22:00:41 +0000 (23:00 +0100)]
winbind: Simplify winbindd_dsgetdcname_recv
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Fri Feb 27 01:16:10 CET 2015 on sn-devel-104
Volker Lendecke [Tue, 24 Feb 2015 14:03:11 +0000 (14:03 +0000)]
vfs_catia: Simplify init_mappings()
No else required after return
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Thu Feb 26 21:22:30 CET 2015 on sn-devel-104
Volker Lendecke [Tue, 24 Feb 2015 13:46:09 +0000 (13:46 +0000)]
smbd: Simplify ReadDirName
In the if-branches we return, so no "else" necessary
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Mon, 23 Feb 2015 11:17:59 +0000 (11:17 +0000)]
smbd: ZERO_STRUCT -> struct init
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Mon, 23 Feb 2015 11:08:30 +0000 (11:08 +0000)]
smbd: ZERO_STRUCT -> struct assignment
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Mon, 23 Feb 2015 11:07:32 +0000 (11:07 +0000)]
smbd: ZERO_STRUCT -> struct assignment
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Mon, 23 Feb 2015 11:04:58 +0000 (11:04 +0000)]
smbd: ZERO_STRUCTP -> talloc_zero()
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Fri, 2 Jan 2015 10:46:28 +0000 (11:46 +0100)]
param: Remove lib/param/generic.c
This seems completely unused.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Wed, 25 Feb 2015 20:42:33 +0000 (20:42 +0000)]
libsmb: Use tevent_req_poll_ntstatus
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Mon, 19 Jan 2015 09:52:11 +0000 (10:52 +0100)]
lib: Simplify pidfile.c
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Thu Feb 26 18:28:31 CET 2015 on sn-devel-104
Volker Lendecke [Wed, 14 Jan 2015 16:11:12 +0000 (17:11 +0100)]
Fix whitespace
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
David Disseldorp [Wed, 25 Feb 2015 10:33:25 +0000 (11:33 +0100)]
ntdb: always return int from tdb_store_flag_to_ntdb()
Signed-off-by: David Disseldorp <ddiss@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Autobuild-User(master): David Disseldorp <ddiss@samba.org>
Autobuild-Date(master): Thu Feb 26 13:49:05 CET 2015 on sn-devel-104
Volker Lendecke [Wed, 21 Jan 2015 10:44:58 +0000 (11:44 +0100)]
registry: Fix an aligment increase warning
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Thu Feb 26 05:35:33 CET 2015 on sn-devel-104
Volker Lendecke [Wed, 25 Feb 2015 13:00:49 +0000 (13:00 +0000)]
smbd: Fix a typo
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Günther Deschner [Thu, 5 Feb 2015 14:59:52 +0000 (15:59 +0100)]
vfs: Add a brief vfs_ceph manpage.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=11088
Guenther
Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
Autobuild-User(master): Günther Deschner <gd@samba.org>
Autobuild-Date(master): Wed Feb 25 20:56:01 CET 2015 on sn-devel-104
Volker Lendecke [Wed, 25 Feb 2015 12:19:44 +0000 (12:19 +0000)]
Fix the developer O3 build
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
Autobuild-User(master): Alexander Bokovoy <ab@samba.org>
Autobuild-Date(master): Wed Feb 25 16:32:29 CET 2015 on sn-devel-104
Volker Lendecke [Wed, 25 Feb 2015 12:19:40 +0000 (12:19 +0000)]
heimdal: Fix the developer O3 build
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
Andreas Schneider [Fri, 23 Jan 2015 09:38:31 +0000 (10:38 +0100)]
s3-pam_smbpass: Add a deprecation warning.
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Wed Feb 25 03:37:34 CET 2015 on sn-devel-104
Andrew Bartlett [Mon, 23 Feb 2015 03:50:43 +0000 (16:50 +1300)]
s4/scripting/devel: Add tool to roll over the krbtgt password
This may be handy if this key is compromised, or along with chgtdcpass to isolate test copies
of production domains in such a way that they cannot mix.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Jelmer Vernooij <jelmer@samba.org>
Andrew Bartlett [Mon, 23 Feb 2015 03:22:29 +0000 (16:22 +1300)]
testprogs-test_chgdcpass.sh: Improve comments to explain why we check about changing the password twice
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Jelmer Vernooij <jelmer@samba.org>
Andrew Bartlett [Mon, 23 Feb 2015 02:45:53 +0000 (15:45 +1300)]
selftest: Improve renamedc tests to confirm more than just the exit code
This now confirms that the DC has been renamed
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Jelmer Vernooij <jelmer@samba.org>
Andrew Bartlett [Mon, 23 Feb 2015 03:10:31 +0000 (16:10 +1300)]
s4/scripting/bin/renamedc: Fix up rename DC script
We now have a reliable handler for backlinks so this we can now rename both objects
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Jelmer Vernooij <jelmer@samba.org>
Michael Ledford [Tue, 24 Feb 2015 01:46:31 +0000 (20:46 -0500)]
lib/crypto: Document nettle supported crypto
Signed-off-by: Michael Ledford <michael@ledford.cc>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Andrew Bartlett [Sun, 15 Feb 2015 22:26:37 +0000 (11:26 +1300)]
backupkey: Explain more why we use GnuTLS here
Pair-programmed-with: Garming Sam <garming@catalyst.net.nz>
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Garming Sam [Wed, 11 Feb 2015 23:13:39 +0000 (12:13 +1300)]
build: amend typo for address sanitizer help
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Garming Sam [Fri, 13 Feb 2015 03:55:07 +0000 (16:55 +1300)]
torture-backupkey: Check the dcerpc call return code before calling ndr pull
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Garming Sam [Thu, 12 Feb 2015 20:54:50 +0000 (09:54 +1300)]
backupkey: replace heimdal rsa key generation with GnuTLS
We use GnuTLS because it can reliably generate 2048 bit keys every time.
Windows clients strictly require 2048, no more since it won't fit and no
less either. Heimdal would almost always generate a smaller key.
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=10980
Garming Sam [Fri, 13 Feb 2015 03:49:58 +0000 (16:49 +1300)]
build: Require GnuTLS if building with Active Directory
Without GnuTLS, we don't have ldaps:// support and we are unable to
readily create RSA keys of the correct length for the BackupKey
protocol.
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Andrew Bartlett [Thu, 12 Feb 2015 23:59:45 +0000 (12:59 +1300)]
torture-backupkey: Add tests that read the secret from the server, and validate
These show that MS-BKRP 3.1.4.1.1 BACKUPKEY_BACKUP_GUID is incorrect when it
states that the key must be the leading 64 bytes, it must be the whole 256 byte
buffer.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Andrew Bartlett [Thu, 12 Feb 2015 03:15:41 +0000 (16:15 +1300)]
backupkey: Better handling for different wrap version headers
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Andrew Bartlett [Wed, 11 Feb 2015 04:46:42 +0000 (17:46 +1300)]
backupkey: Add tests for ServerWrap protocol
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Andrew Bartlett [Wed, 11 Feb 2015 00:37:16 +0000 (13:37 +1300)]
backupkey: Change expected error codes to match Windows 2008R2 and Windows 2012R2
This is done in both smbtoture and in our server
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Andrew Bartlett [Tue, 10 Feb 2015 20:53:58 +0000 (09:53 +1300)]
backupkey: Implement ServerWrap Decrypt
We implement both modes in BACKUPKEY_RESTORE_GUID, as it may decrypt
both ServerWrap and ClientWrap data, and we implement
BACKUPKEY_RESTORE_GUID_WIN2K.
BUG: https://bugzilla.samba.org/attachment.cgi?bugid=11097
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Andrew Bartlett [Tue, 10 Feb 2015 03:26:23 +0000 (16:26 +1300)]
backupkey: Handle more clearly the case where we find the secret, but it has no value
This happen on the RODC, a case that we try not to permit at all.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Andrew Bartlett [Tue, 10 Feb 2015 03:23:17 +0000 (16:23 +1300)]
backupkey: Improve variable names to make clear this is client-provided data
The values we return here are client-provided passwords or other keys, that we decrypt for them.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Andrew Bartlett [Tue, 10 Feb 2015 03:16:20 +0000 (16:16 +1300)]
backupkey: Use the name lsa_secret rather than just secret
This makes it clear that this is the data stored on the LSA secrets store
and not the client-provided data to be encrypted.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Andrew Bartlett [Tue, 10 Feb 2015 03:02:00 +0000 (16:02 +1300)]
backupkey: Implement ServerWrap Encrypt protocol
BUG: https://bugzilla.samba.org/attachment.cgi?bugid=11097
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Andrew Bartlett [Tue, 10 Feb 2015 02:50:15 +0000 (15:50 +1300)]
backupkey: Improve function names and comments for clarity
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Andrew Bartlett [Tue, 10 Feb 2015 02:48:06 +0000 (15:48 +1300)]
backupkey: Move SID comparison to inside get_and_verify_access_check()
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Garming Sam [Thu, 5 Feb 2015 05:17:58 +0000 (18:17 +1300)]
backupkey: Improve IDL
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Garming Sam [Wed, 4 Feb 2015 22:07:30 +0000 (11:07 +1300)]
backupkey: begin by factoring out the server wrap functions
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Andrew Bartlett [Tue, 10 Feb 2015 22:45:45 +0000 (11:45 +1300)]
torture-backupkey: Assert dcerpc_bkrp_BackupKey_r call was successful
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Andrew Bartlett [Tue, 10 Feb 2015 20:51:27 +0000 (09:51 +1300)]
torture-backupkey: Add consistent assertions that createRestoreGUIDStruct() suceeds
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Arvid Requate [Tue, 23 Dec 2014 17:56:20 +0000 (18:56 +0100)]
s4:torture/rpc/backupkey: Require 2048 bit RSA key
Signed-off-by: Arvid Requate <requate@univention.de>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
(fixed cleanup of memory)
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Arvid Requate [Tue, 8 Jul 2014 15:25:53 +0000 (17:25 +0200)]
s4-backupkey: consistent naming of werr variable
Signed-off-by: Arvid Requate <requate@univention.de>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Arvid Requate [Tue, 8 Jul 2014 14:12:13 +0000 (16:12 +0200)]
s4-backupkey: improve variable name
Signed-off-by: Arvid Requate <requate@univention.de>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Arvid Requate [Mon, 7 Jul 2014 16:56:39 +0000 (18:56 +0200)]
s4-backupkey: typo fix
Signed-off-by: Arvid Requate <requate@univention.de>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Arvid Requate [Mon, 7 Jul 2014 16:48:41 +0000 (18:48 +0200)]
s4-backupkey: IDL for ServerWrap subprotocol
This adds some IDL structs for the ServerWrap subprotocol, allowing
parsing of the incoming RPC calls and returning WERR_NOT_SUPPORTED
instead of WERR_INVALID_PARAM.
Signed-off-by: Arvid Requate <requate@univention.de>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Arvid Requate [Mon, 7 Jul 2014 16:43:05 +0000 (18:43 +0200)]
s4-backupkey: fix ndr_pull error on empty input
[MS-BKRP] 3.1.4.1 specifies for BACKUPKEY_RETRIEVE_BACKUP_KEY_GUID that
the server must ignore the input data. This patch fixes
ndr_pull_error(11): Pull bytes 4 (../librpc/ndr/ndr_basic.c:148)
Signed-off-by: Arvid Requate <requate@univention.de>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Arvid Requate [Mon, 7 Jul 2014 16:36:49 +0000 (18:36 +0200)]
s4-backupkey: Initialize ndr->switchlist for print
ndr_print_bkrp_data_in_blob requires the level to be set in the
proper ndr->switch_list context.
Signed-off-by: Arvid Requate <requate@univention.de>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Arvid Requate [Mon, 7 Jul 2014 16:25:29 +0000 (18:25 +0200)]
s4-backupkey: Comply with [MS-BKRP] 2.2.1
[MS-BKRP] 2.2.1 specifies "The Common Name field of the Subject name
field SHOULD contain the name of the DNS domain assigned to the server."
In fact Windows 7 clients don't seem to care. Also in certificates
generated by native AD the domain name (after CN=) is encoded as
UTF-16LE. Since hx509_parse_name only supports UTF-8 strings currently
we just leave the encoding as it is for now.
Signed-off-by: Arvid Requate <requate@univention.de>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Arvid Requate [Mon, 7 Jul 2014 16:18:30 +0000 (18:18 +0200)]
s4-backupkey: Set defined cert serialnumber
[MS-BKRP] 2.2.1 specifies that the serialnumber of the certificate
should be set identical to the subjectUniqueID. In fact certificates
generated by native AD have this field encoded in little-endian format.
See also
https://www.mail-archive.com/cifs-protocol@cifs.org/msg01364.html
Signed-off-by: Arvid Requate <requate@univention.de>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Arvid Requate [Mon, 7 Jul 2014 16:15:37 +0000 (18:15 +0200)]
s4-backupkey: de-duplicate error handling
Signed-off-by: Arvid Requate <requate@univention.de>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Arvid Requate [Mon, 7 Jul 2014 16:12:47 +0000 (18:12 +0200)]
s4-backupkey: check for talloc failure
Check for talloc_memdup failure for uniqueid.data.
Signed-off-by: Arvid Requate <requate@univention.de>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Arvid Requate [Mon, 7 Jul 2014 15:59:29 +0000 (17:59 +0200)]
s4-backupkey: Cert lifetime of 365 days, not secs
hx509_ca_tbs_set_notAfter_lifetime expects the lifetime value in
in seconds. The Windows 7 client didn't seem to care that the lifetime
was only 6'03''. Two other TODOs in this implementation:
* Since notBefore is not set explicietely to "now", the heimdal code
default of now-(24 hours) is applied.
* Server side validity checks and cert renewal are missing.
Signed-off-by: Arvid Requate <requate@univention.de>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Arvid Requate [Mon, 7 Jul 2014 15:39:51 +0000 (17:39 +0200)]
s4-backupkey: Ensure RSA modulus is 2048 bits
RSA_generate_key_ex doesn't always generate a modulus of requested
bit length. Tests with Windows 7 clients showed that they decline
x509 certificates (MS-BKRP 2.2.1) in cases where the modulus length
is smaller than the specified 2048 bits. For the user this resulted
in DPAPI failing to retrieve stored credentials after the user password
has been changed at least two times. On the server side log.samba showed
that the client also called the as yet unlimplemented ServerWrap sub-
protocol function BACKUPKEY_BACKUP_KEY_GUID after it had called the
ClientWarp function BACKUPKEY_RETRIEVE_BACKUP_KEY_GUID. After
enabling DPAPI auditing on the Windows Clients the Event Viewer showed
Event-ID 4692 failing with a FailureReason value of 0x7a in these cases.
Signed-off-by: Arvid Requate <requate@univention.de>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=10980
Alexander Bokovoy [Tue, 24 Feb 2015 13:12:39 +0000 (15:12 +0200)]
wafsamba: make sure build fails when uninitialized variable is detected
In developer build, fail if uninitialized variable is found by GCC.
Signed-off-by: Alexander Bokovoy <ab@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Tue Feb 24 20:21:52 CET 2015 on sn-devel-104
Volker Lendecke [Tue, 17 Feb 2015 20:19:33 +0000 (20:19 +0000)]
lib: Use iov_buflen in smb1cli_req_chain_submit
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Tue, 17 Feb 2015 20:19:10 +0000 (20:19 +0000)]
lib: Use iov_buflen in smb1cli_req_writev_submit
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Tue, 17 Feb 2015 20:18:37 +0000 (20:18 +0000)]
lib: Use iov_buflen in smb1cli_req_create
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Tue, 17 Feb 2015 20:17:35 +0000 (20:17 +0000)]
lib: Use iov_buf in smbXcli_iov_concat
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Tue, 17 Feb 2015 20:16:45 +0000 (20:16 +0000)]
libcli: Use iov_buflen in smbXcli_iov_len
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Mon, 16 Feb 2015 14:36:28 +0000 (14:36 +0000)]
smbd: Fix a typo
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Mon, 16 Feb 2015 14:35:03 +0000 (14:35 +0000)]
smb2_server: Use iov_advance
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Mon, 16 Feb 2015 14:29:36 +0000 (14:29 +0000)]
smb2_server: Add range checking to nbt_length
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Mon, 16 Feb 2015 13:50:25 +0000 (13:50 +0000)]
tsocket: Use iov_advance
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Mon, 16 Feb 2015 13:26:29 +0000 (13:26 +0000)]
iov_buf: Add an explaining comment
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>