Jelmer Vernooij [Fri, 26 Oct 2012 14:55:04 +0000 (06:55 -0800)]
tdr: Strip trailing whitespace.
Andreas Schneider [Thu, 6 Dec 2012 13:45:24 +0000 (14:45 +0100)]
s4-libnet: Fix setting the group handle and return codes.
Found by Coverity.
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
Autobuild-User(master): Günther Deschner <gd@samba.org>
Autobuild-Date(master): Thu Dec 13 01:01:14 CET 2012 on sn-devel-104
Andreas Schneider [Wed, 12 Dec 2012 18:15:58 +0000 (19:15 +0100)]
util: Remove unused fde_stdin in samba_runcmd.
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
Andreas Schneider [Thu, 6 Dec 2012 10:11:15 +0000 (11:11 +0100)]
s3-lib: Don't close the listener twice if we goto failed.
Found by Coverity.
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
Volker Lendecke [Wed, 12 Dec 2012 11:55:45 +0000 (12:55 +0100)]
s3: Fix a typo in a debug message
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
Autobuild-User(master): Günther Deschner <gd@samba.org>
Autobuild-Date(master): Wed Dec 12 16:40:23 CET 2012 on sn-devel-104
Andreas Schneider [Mon, 10 Dec 2012 16:52:50 +0000 (17:52 +0100)]
s3-printing: Correctly create the printing cache path.
Found by Coverity.
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
Andreas Schneider [Mon, 10 Dec 2012 16:45:15 +0000 (17:45 +0100)]
s3-registry: Fix counters_directory() dir creation.
Found by Coverity.
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
Andreas Schneider [Mon, 10 Dec 2012 16:14:12 +0000 (17:14 +0100)]
s4-socket: Make sure unix socket addresses are null terminated.
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
Andreas Schneider [Mon, 10 Dec 2012 16:07:24 +0000 (17:07 +0100)]
s3-ctdb: Make sure addr.sun_path is null terminated.
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
Andreas Schneider [Mon, 10 Dec 2012 16:06:39 +0000 (17:06 +0100)]
torture: Make sure we use the correct size for cxd.
Found by Coverity.
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
Andreas Schneider [Mon, 10 Dec 2012 14:11:23 +0000 (15:11 +0100)]
s3-libsmb: Fix possible comparsion problems.
This makes the code also easier to understand.
Found by Coverity.
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
Andreas Schneider [Mon, 10 Dec 2012 14:02:43 +0000 (15:02 +0100)]
s4-libcli: Fix comparison of chosen_oid.
Found by Coverity.
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
Andreas Schneider [Mon, 10 Dec 2012 13:06:32 +0000 (14:06 +0100)]
s3-utils: Correctly handle getenv() for the later system() call.
The returned string of getenv() has an unknown size. You need to store
the result always in a char array with a certain size to make sure we
don't feed tainted data to the next function call.
Found by Coverity.
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
Andreas Schneider [Thu, 6 Dec 2012 17:04:41 +0000 (18:04 +0100)]
s4-client: Make sure we have a valid count if we goto cleanup.
Found by Coverity.
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
Andreas Schneider [Thu, 6 Dec 2012 14:40:29 +0000 (15:40 +0100)]
s3-utils: Cleanup code in wait_replies().
Found by Coverity.
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
Andreas Schneider [Thu, 6 Dec 2012 14:28:03 +0000 (15:28 +0100)]
nsswitch: Fix pam_get_{item,data} build warnings.
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
Andreas Schneider [Thu, 6 Dec 2012 14:16:52 +0000 (15:16 +0100)]
nsswitch: Remove unused variable in _pam_winbind_change_pwd().
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
Andreas Schneider [Thu, 6 Dec 2012 14:14:07 +0000 (15:14 +0100)]
nsswitch: Cleanup code in parse_wbinfo_domain_user().
Found by Coverity.
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
Andreas Schneider [Thu, 6 Dec 2012 14:11:09 +0000 (15:11 +0100)]
s4-libnet: Don't call talloc_get_type() for the same struct twice.
Found by Coverity.
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
Andreas Schneider [Thu, 6 Dec 2012 14:06:06 +0000 (15:06 +0100)]
s3-nmbd: Cleanup code to make it more readable.
Found by Coverity.
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
Andreas Schneider [Thu, 6 Dec 2012 13:35:48 +0000 (14:35 +0100)]
s3-lib: Remove unsused variable from sys_get_nfs_quota().
testpath is the same a few lines later.
Found by Coverity.
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
Andreas Schneider [Thu, 6 Dec 2012 10:40:35 +0000 (11:40 +0100)]
winbind: Use talloc in resolve_username_to_alias().
Found by Coverity.
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
Andreas Schneider [Thu, 6 Dec 2012 10:24:17 +0000 (11:24 +0100)]
winbind: Use talloc in resolve_alias_to_username().
Found by Coverity.
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
Andreas Schneider [Tue, 11 Dec 2012 16:11:58 +0000 (17:11 +0100)]
tdb: Improve the documentation of tdb_reopen() and tdb_close().
Reviewed-by: Simo Sorce <idra@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Wed Dec 12 14:58:50 CET 2012 on sn-devel-104
Andreas Schneider [Tue, 11 Dec 2012 15:51:01 +0000 (16:51 +0100)]
tdb: Fix possible crash bugs in the python tdb code.
You can't call tdb_error() for tdb_reopen() or tdb_close(), both return
the error code of close(2) and not a TDB_ERROR!
Reviewed-by: Simo Sorce <idra@samba.org>
Reviewed-by: Jelmer Vernooij <jelmer@samba.org>
Andreas Schneider [Thu, 6 Dec 2012 14:06:57 +0000 (15:06 +0100)]
misc: Add a config for clang complete.
See https://github.com/Rip-Rip/clang_complete
Günther Deschner [Tue, 11 Dec 2012 15:43:12 +0000 (16:43 +0100)]
s4-selftest: make sure to test rpc.samr.passwords.validate over ncacn_ip_tcp.
Guenther
Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Wed Dec 12 13:13:47 CET 2012 on sn-devel-104
Günther Deschner [Tue, 11 Dec 2012 15:42:53 +0000 (16:42 +0100)]
s3-selftest: make sure to test rpc.samr.passwords.validate over ncacn_ip_tcp.
Guenther
Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Günther Deschner [Tue, 11 Dec 2012 13:43:07 +0000 (14:43 +0100)]
s4-rpc_server: limit allowed transports for samr_ValidatePassword().
Guenther
Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Günther Deschner [Tue, 11 Dec 2012 13:41:34 +0000 (14:41 +0100)]
s3-rpc_server: limit allowed transports for samr_ValidatePassword().
Guenther
Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Günther Deschner [Tue, 11 Dec 2012 08:25:53 +0000 (09:25 +0100)]
s4-torture: move samr_ValidatePassword test out of main samr test.
Makes it easier to call with ncacn_ip_tcp transport (Windows does not allow
other transports).
Guenther
Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Andreas Schneider [Thu, 6 Dec 2012 13:37:21 +0000 (14:37 +0100)]
dfs_server: Don't allocate a subcontext twice.
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
Autobuild-User(master): Günther Deschner <gd@samba.org>
Autobuild-Date(master): Wed Dec 12 11:28:39 CET 2012 on sn-devel-104
Andreas Schneider [Thu, 6 Dec 2012 15:02:57 +0000 (16:02 +0100)]
util: Don't use the pid ret value uninitialized.
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
Andreas Schneider [Thu, 6 Dec 2012 16:04:47 +0000 (17:04 +0100)]
s3-netapi: Initialize group_handle of NetGroupSetUsers_r().
Found by Coverity.
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
Andreas Schneider [Thu, 6 Dec 2012 17:06:59 +0000 (18:06 +0100)]
s4-netapi: Initialize group_handle of NetGroupGetUsers_r().
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
Andreas Schneider [Thu, 6 Dec 2012 17:13:23 +0000 (18:13 +0100)]
s3-auth: Make sure we work on valid data_blobs.
Found by Coverity.
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
Andreas Schneider [Thu, 6 Dec 2012 17:15:12 +0000 (18:15 +0100)]
s3-netapi: Initialize group_handle of NetUserSetGroups_r.
Found by Coverity.
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
Andreas Schneider [Mon, 10 Dec 2012 12:22:52 +0000 (13:22 +0100)]
torture: Fix torture_rpc_spoolss_printer_teardown_common().
Found by Coverity.
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
Andreas Schneider [Mon, 10 Dec 2012 12:24:46 +0000 (13:24 +0100)]
s3-netapi: Fix zeroing policy handles in NetLocalGroupAdd_r().
Found by Coverity.
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
Andreas Schneider [Mon, 10 Dec 2012 12:35:27 +0000 (13:35 +0100)]
vfs: Make sure we don't call talloc_free on an uninitialized pointer.
Found by Coverity.
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
Andreas Schneider [Mon, 10 Dec 2012 12:42:37 +0000 (13:42 +0100)]
s3-printing: Don't call talloc_free on an uninitialized pointer.
Found by Coverity.
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
Andreas Schneider [Mon, 10 Dec 2012 14:48:28 +0000 (15:48 +0100)]
idl: Fix spoolss check for the size of the struct.
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
Andreas Schneider [Mon, 10 Dec 2012 16:36:39 +0000 (17:36 +0100)]
s3-net: Check the return value of strlower_m().
Found by Coverity.
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
Andreas Schneider [Mon, 10 Dec 2012 16:39:03 +0000 (17:39 +0100)]
s3-net: Check return value of string_to_sid().
Found by Coverity.
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
Andreas Schneider [Mon, 10 Dec 2012 16:41:46 +0000 (17:41 +0100)]
s3-rpcclient: Check return value of add_string_to_array().
Found by Coverity.
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
Andreas Schneider [Mon, 10 Dec 2012 16:47:15 +0000 (17:47 +0100)]
s3-registry: Check return code of push_reg_sz().
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
Jeremy Allison [Mon, 10 Dec 2012 21:22:10 +0000 (13:22 -0800)]
s3:auth: Tidy up some of the API confusion in create_token_from_XXX() calls.
Based on Michaels example, split out the return of NT_STATUS_NO_MEMORY
on talloc fail from other possible errors. Allow the NTSTATUS return
to be the only valid indication of success in these calls.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Tue Dec 11 20:04:25 CET 2012 on sn-devel-104
Michael Adam [Tue, 11 Dec 2012 17:05:31 +0000 (18:05 +0100)]
s3:auth: fix dereference level in talloc checks in create_token_from_sid()
Commit
c5b150b33fc54ed97dbd0736cc6f4c15977d6e70 introduced these checks.
The current check "found_username == NULL" is wrong (we would segfault earlier
in this case). We need to check *found_username == NULL instead as
noted by Günter.
Reported-by: Günter Kukkukk <linux@kukkukk.com>
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Michael Adam [Tue, 11 Dec 2012 15:13:39 +0000 (16:13 +0100)]
selftest: skip the samba4.rpc.samr.passwords test in ncacn_np(dc) and s4member environments
These currently fail in a corner case.
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Karolin Seeger <kseeger@samba.org>
Autobuild-User(master): Michael Adam <obnox@samba.org>
Autobuild-Date(master): Tue Dec 11 17:56:01 CET 2012 on sn-devel-104
Michael Adam [Tue, 11 Dec 2012 12:34:49 +0000 (13:34 +0100)]
s4:torture:rpc:samr: fix password age calculation in test_ChangePasswordUser3()
The min_password_age field is the negative of the age.
Pair-Programmed-With: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Michael Adam <obnox@samba.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Michael Adam [Tue, 11 Dec 2012 12:21:11 +0000 (13:21 +0100)]
s4:torture/samr: allow STATUS_PASSWORD_RESTRICTIONS from ChangePasswordUser
Pair-Programmed-With: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Michael Adam <obnox@samba.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Michael Adam [Tue, 11 Dec 2012 12:18:00 +0000 (13:18 +0100)]
s4:rpc_server/samr: do WRONG_PASSWORD checks after the complexity checks
This matches the windows behavior.
Pair-Programmed-With: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Michael Adam <obnox@samba.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Michael Adam [Tue, 11 Dec 2012 12:04:22 +0000 (13:04 +0100)]
s4:dsdb/password_hash: do the min password age checks first
Pair-Programmed-With: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Michael Adam <obnox@samba.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Stefan Metzmacher [Mon, 10 Dec 2012 22:56:47 +0000 (23:56 +0100)]
s4:dsdb/common: only pass the DSDB_CONTROL_PASSWORD_HASH_VALUES_OID if required
This should give the password_hash module a chance to detect if the called
was the cleartext password or not.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
Michael Adam [Tue, 11 Dec 2012 10:42:11 +0000 (11:42 +0100)]
s4:torture:rpc:samr: add debugging of result of (many) dcerpc_samr_* calls
Pair-Programmed-With: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Michael Adam <obnox@samba.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Stefan Metzmacher [Fri, 23 Nov 2012 10:49:05 +0000 (11:49 +0100)]
s4:dsdb/password_hash: Honor password complexity settings.
Honor password complexity settings when creating new users.
Without this patch, you could set simple passwords although the complexity
settings were enabled. This was an issue with 'samba-tool user add' and also
when adding new users via Windows' "Active Directory Users and Computers"
MMC Snap-In.
The following scenarios were tested successfully after applying the patch:
-'samba-tool user add' against s4
-'samba-tool user add -H' against a Windows DC
-Adding a new user on a s4 DC using Windows' "Active Directory Users and
Computers" MMC Snap-In.
Please note that this bug was caused by a mistake in the documentation.
Fix bug #9414 - 'samba-tool user add' ignores password complexity settings.
Pair-programmed-with: Karolin Seeger <kseeger@samba.org>
Pair-Programmed-With: Michael Adam <obnox@samba.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Michael Adam <obnox@samba.org>
Stefan Metzmacher [Tue, 11 Dec 2012 12:08:28 +0000 (13:08 +0100)]
Revert "s4:dsdb/password_hash: Honor password complexity settings."
This reverts commit
f8056b7a6998e002f473b0ad79eee046236a7032.
A better fix will follow.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
Stefan Metzmacher [Tue, 11 Dec 2012 02:15:26 +0000 (03:15 +0100)]
s4:provision: set the correct nTSecurityDescriptor on CN=Domain Controllers,... (bug #9481)
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
Autobuild-User(master): Michael Adam <obnox@samba.org>
Autobuild-Date(master): Tue Dec 11 07:05:39 CET 2012 on sn-devel-104
Stefan Metzmacher [Tue, 11 Dec 2012 02:15:26 +0000 (03:15 +0100)]
s4:provision: set the correct nTSecurityDescriptor on CN=Users,... (bug #9481)
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
Stefan Metzmacher [Mon, 10 Dec 2012 10:32:07 +0000 (11:32 +0100)]
s4:provision: set the correct nTSecurityDescriptor on CN=Computers,... (bug #9481)
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
Stefan Metzmacher [Mon, 10 Dec 2012 10:32:07 +0000 (11:32 +0100)]
s4:provision: set the correct nTSecurityDescriptor on CN=Builtin,... (bug #9481)
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
Stefan Metzmacher [Mon, 10 Dec 2012 10:32:07 +0000 (11:32 +0100)]
s4:provision: set the correct nTSecurityDescriptor on CN=Infrastructure,... (bug #9481)
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
Stefan Metzmacher [Mon, 10 Dec 2012 10:32:07 +0000 (11:32 +0100)]
s4:provision: set the correct nTSecurityDescriptor on CN=Sites,CN=Configuration... (bug #9481)
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
Stefan Metzmacher [Mon, 10 Dec 2012 10:32:07 +0000 (11:32 +0100)]
s4:provision: set the correct nTSecurityDescriptor on CN=Partitions,CN=Configuration... (bug #9481)
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
Stefan Metzmacher [Tue, 11 Dec 2012 01:01:12 +0000 (02:01 +0100)]
s4:dsdb/descriptor: pass object_list to create_security_descriptor()
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
Stefan Metzmacher [Tue, 11 Dec 2012 02:17:42 +0000 (03:17 +0100)]
libcli/security: calculate the correct inherited_object GUID
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
Stefan Metzmacher [Tue, 11 Dec 2012 01:00:38 +0000 (02:00 +0100)]
libcli/security: implement object_in_list()
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
Michael Adam [Mon, 10 Dec 2012 20:56:42 +0000 (21:56 +0100)]
s3:auth: fix function header comment for user_sid_in_group_sid()
This is embarrassing: the commit
0770a4c01bef26ec51321cd5b97aea4eab9e00a8
which intended to fix an earlier copy'n'paste error, contained another
typo, fixed with this commit...
Signed-off-by: Michael Adam <obnox@samba.org>
Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Tue Dec 11 00:04:45 CET 2012 on sn-devel-104
Michael Adam [Mon, 10 Dec 2012 15:58:43 +0000 (16:58 +0100)]
pidl: change strange spelling __donnot_use_enum_* to __do_not_use_enum_*
Signed-off-by: Michael Adam <obnox@samba.org>
Michael Adam [Mon, 10 Dec 2012 14:06:27 +0000 (15:06 +0100)]
s3:auth: fix create_token_from_sid() to not fail in the winbindd case
Commit
1c3c5e2156d9096f60bd53a96b88c2f1001d898a which factored
the sid-based variant out of create_token_from_username() broke
the case of a user handled by winbindd in that the "found_username"
was set to NULL which caused the function to fail with
NT_STATUS_NO_MEMORY further down.
This patch fixes the function so that the case of found_username == NULL
is cleanly separated from the NO_MEMORY case and the caller can provide
the username in this case, if required.
This fixes bug #9457.
Signed-off-by: Michael Adam <obnox@samba.org>
Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Mon Dec 10 18:18:54 CET 2012 on sn-devel-104
Michael Adam [Mon, 10 Dec 2012 13:48:43 +0000 (14:48 +0100)]
s3:auth: fix header comment for user_sid_in_group_sid()
This function was created in
1c3c5e2156d9096f60bd53a96b88c2f1001d898a
and the header comment contained copy'n'paste errors from the original
function user_in_group_sid() that took the user name.
Signed-off-by: Michael Adam <obnox@samba.org>
Stefan Metzmacher [Fri, 7 Dec 2012 17:58:57 +0000 (18:58 +0100)]
s4:dsdb/tests/sec_descriptor: verify the search of a windows dc join keeps working
This is a regression test for bug #9470.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
Autobuild-User(master): Michael Adam <obnox@samba.org>
Autobuild-Date(master): Mon Dec 10 15:41:12 CET 2012 on sn-devel-104
Stefan Metzmacher [Thu, 6 Dec 2012 13:04:47 +0000 (14:04 +0100)]
s4:dsdb/tests/sec_descriptor: verify the nTSecurityDescriptor and sd_flags interaction
This is a regression test for bug #9470.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
Stefan Metzmacher [Thu, 6 Dec 2012 14:56:26 +0000 (15:56 +0100)]
s4:dsdb/operational: fix stripping of the nTSecurityDescriptor attribute
If the sd_flags control is specified, we should return nTSecurityDescriptor
only if the client asked for all attributes.
If there's a list of only explicit attribute names, we should ignore
the sd_flags control.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
Stefan Metzmacher [Thu, 6 Dec 2012 11:36:09 +0000 (12:36 +0100)]
s4:dsdb/acl_read: return the nTSecurityDescriptor attr if the sd_flags control is given (bug #9470)
Not returning the nTSecurityDescriptor causes a lot of problems.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
Stefan Metzmacher [Thu, 6 Dec 2012 11:29:49 +0000 (12:29 +0100)]
s4:dsdb/acl_read: give some variables a better name
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
Stefan Metzmacher [Fri, 7 Dec 2012 17:40:25 +0000 (18:40 +0100)]
s4:dsdb/acl_read: fix the calculation of the attribute array for the sub search
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
Stefan Metzmacher [Fri, 7 Dec 2012 17:39:29 +0000 (18:39 +0100)]
s4:dsdb/acl_read: check the ldb_attr_list_copy_add() result
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
Stefan Metzmacher [Fri, 7 Dec 2012 18:02:10 +0000 (19:02 +0100)]
s4:dsdb/dirsync: fix potential talloc hierachy problems (bug #9470)
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
Günther Deschner [Fri, 7 Dec 2012 11:51:10 +0000 (12:51 +0100)]
s4-torture: call the s4u2self tests with arcfour and aes.
Guenther
Signed-off-by: Günther Deschner <gd@samba.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Sun Dec 9 21:24:44 CET 2012 on sn-devel-104
Günther Deschner [Fri, 7 Dec 2012 11:57:18 +0000 (12:57 +0100)]
s4-torture: precalculate expected session keys from samlogon in schannel test.
Guenther
Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Günther Deschner [Fri, 7 Dec 2012 11:38:16 +0000 (12:38 +0100)]
libcli/auth: support AES decryption in netlogon_creds_decrypt_samlogon().
Guenther
Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Günther Deschner [Fri, 7 Dec 2012 00:05:00 +0000 (01:05 +0100)]
libcli/auth: remove trailing whitespace.
Guenther
Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Günther Deschner [Thu, 6 Dec 2012 14:21:02 +0000 (15:21 +0100)]
s3-auth: remove crypto from serverinfo_to_SamInfoX calls.
All crypto is dealt with within the netlogon samlogon server now.
Guenther
Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Günther Deschner [Thu, 6 Dec 2012 13:54:25 +0000 (14:54 +0100)]
s3-rpc_server: Remove obsolete process_creds boolean in samlogon server.
Guenther
Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Günther Deschner [Thu, 6 Dec 2012 13:31:32 +0000 (14:31 +0100)]
s3-auth: session keys in validation level 6 samlogon replies are *not* encrypted.
Guenther
Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Günther Deschner [Wed, 5 Dec 2012 18:49:52 +0000 (19:49 +0100)]
s3-rpc_server: support AES for interactive netlogon samlogon password decryption.
Still need to fix AES support for the returned validation info.
Guenther
Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Günther Deschner [Wed, 5 Dec 2012 15:24:24 +0000 (16:24 +0100)]
s4-rpc_server: support AES encryption in interactive and generic samlogon.
Guenther
Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Günther Deschner [Wed, 5 Dec 2012 18:52:54 +0000 (19:52 +0100)]
s3-rpc_server: we need to encrypt OWFs using DES in _netr_ServerGetTrustInfo().
Sumit, please check.
Guenther
Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Günther Deschner [Wed, 5 Dec 2012 17:06:54 +0000 (18:06 +0100)]
s4-torture: validate owf password hash and negotiate AES in forest trust test.
Guenther
Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Günther Deschner [Wed, 5 Dec 2012 16:59:12 +0000 (17:59 +0100)]
s4-torture: validate owf password hash and negotiate AES ServerGetTrustInfo test.
Guenther
Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Günther Deschner [Wed, 5 Dec 2012 15:37:02 +0000 (16:37 +0100)]
s3-rpc_server: pass down netlogon cred state in _netr_ServerGetTrustInfo().
Guenther
Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Günther Deschner [Wed, 5 Dec 2012 17:38:01 +0000 (18:38 +0100)]
s4-torture: use netlogon_creds_arcfour_crypt() in samba3rpc test.
Guenther
Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Günther Deschner [Wed, 5 Dec 2012 15:21:59 +0000 (16:21 +0100)]
s4-torture: exit early when join fails in samba3rpc tests.
Guenther
Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Günther Deschner [Wed, 5 Dec 2012 15:20:14 +0000 (16:20 +0100)]
s4-torture: support AES encryption in interactive samlogon tests in rpc.samr.
Guenther
Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Günther Deschner [Wed, 5 Dec 2012 15:23:34 +0000 (16:23 +0100)]
s4-torture: support AES encryption in pac_verify/generic samlogon netlogon tests.
Guenther
Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Günther Deschner [Wed, 5 Dec 2012 15:11:19 +0000 (16:11 +0100)]
s4-torture: use names for r.in.logon_level of netlogon samlogon requests.
Guenther
Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Günther Deschner [Tue, 4 Dec 2012 22:11:10 +0000 (23:11 +0100)]
s4-torture: remove trailing whitespace in smbtorture remote_pac test.
Guenther
Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Günther Deschner [Fri, 30 Nov 2012 23:59:44 +0000 (00:59 +0100)]
s3-rpc_client: use netlogon_creds_aes_encrypt in interactive netlogon samlogon.
Guenther
Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Günther Deschner [Thu, 29 Nov 2012 21:47:40 +0000 (22:47 +0100)]
s4-rpc_server: support AES decryption in netr_ServerPasswordSet2 server.
Guenther
Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
git.samba.org / kamenim / samba-autobuild / .git / log