summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAgeFilesLines
* s4-rpc_server: Add back support for lsa over \\pipe\\netlogon optionallyAndrew Bartlett2016-12-153-1/+46
| | | | | | | | | | The idea here is that perhaps some real client relies on this (and not just Samba torture commands), so we need a way to support it for the 4.6 release. If no such client emerges, it can be deprecated and removed in the normal way. Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* idl: Do not listen for lsarpc on \\pipe\netlogonAndrew Bartlett2016-12-152-1/+2
| | | | | | | | | This prevents making the netlogon process multi-threaded. This works on Windows becuase NETLOGON is part of lsad Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* rpc_server:netlogon Move from memcache to a tdb cacheDouglas Bagnall2016-12-144-47/+325
| | | | | | | | | | | | | | | | This allows the netlogon server to be moved into a multi-process model while still supporting clients that use a challenge from a different network connection. Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org> Pair-Programmed-With: Stefan Metzmacher <metze@samba.org> Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Signed-off-by: Andrew Bartlett <abartlet@samba.org> Signed-off-by: Stefan Metzmacher <metze@samba.org> Autobuild-User(master): Stefan Metzmacher <metze@samba.org> Autobuild-Date(master): Wed Dec 14 20:12:14 CET 2016 on sn-devel-144
* torture: Add ServerReqChallengeReuseGlobal2 to rpc.netlogonAndrew Bartlett2016-12-141-0/+80
| | | | | | | | | | | This test ensures that when the per-pipe challenge is used, the tdb cache is wiped as well Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> Autobuild-User(master): Stefan Metzmacher <metze@samba.org> Autobuild-Date(master): Wed Dec 14 15:56:37 CET 2016 on sn-devel-144
* torture: Add ServerReqChallengeReuse to rpc.netlogonAndrew Bartlett2016-12-141-0/+85
| | | | | | | | | | This test covers credentials reuse on the same process. We test with direct re-use, and for the case where the challenge is reset to zeros. Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* torture: Add new test ServerReqChallengeReuseGlobal to rpc.netlogonAndrew Bartlett2016-12-141-0/+92
| | | | | | | This tests ensures we can not re-use the entries in global challenge table. Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* torture/samba3rpc: Use NETLOGON_NEG_AUTH2_ADS_FLAGSAndrew Bartlett2016-12-141-1/+1
| | | | | | | | | | This allows this test to pass after "allow nt4 crypto" is removed from the default environment. We now only set it in ad_dc Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* torture: Use DCERPC_SCHANNEL_AUTO in rpc.schannel.schannel2 testAndrew Bartlett2016-12-141-1/+1
| | | | | | | This allows it to run against modern servers that do not permit NT4 crypto Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* torture: Add credentials downgrade and challenge reuse test to rpc.netlogonAndrew Bartlett2016-12-143-1/+90
| | | | | | | | | | | | | This test confirms that the challenge set up is available after the ServerAuthenticate has failed at the NT_STATUS_DOWNGRADE_DETECTED check. This is needed for NetApp ONTAP member servers. BUG: https://bugzilla.samba.org/show_bug.cgi?id=11291 Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* librpc/ndr/uuid.c: improve speed and accuracy of GUID string parsingDouglas Bagnall2016-12-142-22/+111
| | | | | | | | | | | | | | GUID_from_data_blob() was relying on sscanf to parse strings, which was slow and quite accepting of invalid GUIDs. Instead we directly read a fixed number of hex bytes for each field. This now passes the samba4.local.ndr.*.guid_from_string_invalid tests. Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Autobuild-User(master): Douglas Bagnall <dbagnall@samba.org> Autobuild-Date(master): Wed Dec 14 08:55:42 CET 2016 on sn-devel-144
* s4-torture: better, failing, tests for GUID_from_stringDouglas Bagnall2016-12-142-9/+56
| | | | | | | | | | | | | | | | | | | | | | These tests reveal that the current implementation accepts all kinds of invalid GUIDs. In particular, we fail on these ones: "00000001-0002-0003-0405--060708090a0" "-0000001-0002-0003-0405-060708090a0b" "-0000001-0002-0003-04-5-060708090a0b" "d0000001-0002-0003-0405-060708090a-b" "00000001- -2-0003-0405-060708090a0b" "00000001-0002-0003-0405- 060708090a0" "0x000001-0002-0003-0405-060708090a0b" "00000001-0x02-0x03-0405-060708090a0b" This test is added to selftest/knownfail. The test for valid string GUIDs is extended to test upper and mixed case GUIDs. Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* cli-quotas: fix potential memory leakUri Simchoni2016-12-131-1/+1
| | | | | | | | | | Fix a memory leak in out-of-memory condition Signed-off-by: Uri Simchoni <uri@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Tue Dec 13 22:30:44 CET 2016 on sn-devel-144
* s3: libsmb: Ensure SMB2 operations correctly set cli->raw_status.Jeremy Allison2016-12-131-6/+51
| | | | | | | | | | Needs to be done even on success (cli_is_error() checks if cli->raw_status was NT_STATUS_OK). BUG: https://bugzilla.samba.org/show_bug.cgi?id=12468 Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Uri Simchoni <uri@samba.org>
* pam: strip trailing whitespaces in pam_winbind.cBjörn Jacke2016-12-131-5/+5
| | | | | | | | Signed-off-by: Bjoern Jacke <bj@sernet.de> Reviewed-by: Karolin Seeger <ks@sernet.de> Autobuild-User(master): Björn Jacke <bj@sernet.de> Autobuild-Date(master): Tue Dec 13 18:01:21 CET 2016 on sn-devel-144
* pam: map more NT password errors to PAM errorsBjörn Jacke2016-12-132-1/+10
| | | | | | | | | | | | | | | | NT_STATUS_ACCOUNT_DISABLED, NT_STATUS_PASSWORD_RESTRICTION, NT_STATUS_PWD_HISTORY_CONFLICT, NT_STATUS_PWD_TOO_RECENT, NT_STATUS_PWD_TOO_SHORT now map to PAM_AUTHTOK_ERR (Authentication token manipulation error), which is the closest match. BUG: https://bugzilla.samba.org/show_bug.cgi?id=2210 Signed-off-by: Bjoern Jacke <bj@sernet.de> Reviewed by: Jeremy Allison <jra@samba.org>
* talloc: Add tests for talloc destructor behaviour after talloc_realloc()Andrew Bartlett2016-12-131-1/+66
| | | | | | | | | | | That this behaved correctly was not clear, so I added tests to prove it to myself. Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Garming Sam <garming@catalyst.net.nz> Autobuild-User(master): Andrew Bartlett <abartlet@samba.org> Autobuild-Date(master): Tue Dec 13 06:47:58 CET 2016 on sn-devel-144
* selftest: Print the POSIX ACL we got when the posixacl test failsAndrew Bartlett2016-12-131-8/+19
| | | | | | | Knowing we have 11 of 15 ACEs is not very helpful Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Garming Sam <garming@catalyst.net.nz>
* smb.conf: add identity mapping sectionAlexander Bokovoy2016-12-131-0/+60
| | | | | | | | | | | | | | Add a generic identity mapping section that points out to the other resources in Samba documentation about idmap modules and their configuration. This should help users to discover corresponding documentation easily. Signed-off-by: Alexander Bokovoy <ab@samba.org> Reviewed-by: Andrea Schneider <asn@samba.org> Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Tue Dec 13 00:14:04 CET 2016 on sn-devel-144
* s3:winbind: Do not start with an invalid default idmap backendAndreas Schneider2016-12-121-0/+19
| | | | | | Pair-Programmed-With: Michael Adam <obnox@samba.org> Signed-off-by: Andreas Schneider <asn@samba.org> Signed-off-by: Michael Adam <obnox@samba.org>
* s3-testparm: Print an error if we have overlapping idmap configAndreas Schneider2016-12-121-0/+146
| | | | | | | Except if both backends are 'ad'. Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Michael Adam <obnox@samba.org>
* s3-testparm: Print error if the default backend is incorrectAndreas Schneider2016-12-121-0/+26
| | | | | Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Michael Adam <obnox@samba.org>
* s3-testparm: Fix trailing whitespacesAndreas Schneider2016-12-121-8/+8
| | | | | Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* libsmb: Correctly report error for rename failureVolker Lendecke2016-12-121-0/+4
| | | | | | | | | This prevents renaming a file over an existing one with SMB2 BUG: https://bugzilla.samba.org/show_bug.cgi?id=12468 Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* tests/dns: Check you cannot add empty CNAMEGarming Sam2016-12-121-0/+9
| | | | | | | | | | | | | | This exercises the dns_check_name case in the DNS server. Directly attempting to add an invalid name with leading . or double .. cannot be done due to ndr_pull_component forcing the check on the client side (leading to a CNAME name of NUL and unexpected data of the actual name). Signed-off-by: Garming Sam <garming@catalyst.net.nz> Pair-programmed-with: Bob Campbell <bobcampbell@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Autobuild-User(master): Garming Sam <garming@samba.org> Autobuild-Date(master): Mon Dec 12 08:46:26 CET 2016 on sn-devel-144
* dnsserver_common: Add name check in name2dnBob Campbell2016-12-121-2/+7
| | | | | | | | | | | | Fills in the missing TODO. Note that this may also prevent deletion of existing corrupted records, but should be resolvable through RPC, or at worst LDAP. Signed-off-by: Bob Campbell <bobcampbell@catalyst.net.nz> Pair-programmed-with: Garming Sam <garming@catalyst.net.nz> Reviewed-by: Garming Sam <garming@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* python/tests: expand samba-tool dns testsBob Campbell2016-12-121-0/+104
| | | | | | | | | | | These new tests concern collisions and lock in current Samba behaviour. They do not pass against Windows Server 2012R2. See dnsserver.py tests for the tests consistent with Windows behaviour. Signed-off-by: Bob Campbell <bobcampbell@catalyst.net.nz> Reviewed-by: Garming Sam <garming@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* python/tests: fix typo to use correct varGarming Sam2016-12-121-1/+1
| | | | | | Signed-off-by: Garming Sam <garming@catalyst.net.nz> Reviewed-by: Bob Campbell <bobcampbell@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* dnsserver: add dns name checkingBob Campbell2016-12-127-44/+283
| | | | | | | | | | | This may also prevent deletion of existing corrupted records through DNS, but should be resolvable through RPC, or at worst LDAP. Signed-off-by: Bob Campbell <bobcampbell@catalyst.net.nz> Pair-programmed-with: Garming Sam <garming@catalyst.net.nz> Reviewed-by: Garming Sam <garming@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* tests/dnsserver: Check security descriptorsGarming Sam2016-12-122-1/+203
| | | | | | | | | | These tests discover that there are some discrepancies between Windows and Samba. Although there are failures, they do not appear to be critical, however some of the SD differences will be important for 2012 support. Signed-off-by: Garming Sam <garming@catalyst.net.nz> Pair-programmed-with: Bob Campbell <bobcampbell@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* samba-tool/dns: remove use of dns_record_match from add and deleteBob Campbell2016-12-122-14/+3
| | | | | | Signed-off-by: Bob Campbell <bobcampbell@catalyst.net.nz> Reviewed-by: Garming Sam <garming@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* samba-tool/dns: reword error messages and make error catching specificBob Campbell2016-12-121-33/+72
| | | | | | Signed-off-by: Bob Campbell <bobcampbell@catalyst.net.nz> Reviewed-by: Garming Sam <garming@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* python/tests: expand tests for dns server over rpcBob Campbell2016-12-122-71/+656
| | | | | | Signed-off-by: Bob Campbell <bobcampbell@catalyst.net.nz> Reviewed-by: Garming Sam <garming@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* python/tests: add tests for samba-tool dnsBob Campbell2016-12-123-0/+562
| | | | | | Signed-off-by: Bob Campbell <bobcampbell@catalyst.net.nz> Reviewed-by: Garming Sam <garming@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* python/netcmd: print traceback through self.errfBob Campbell2016-12-121-1/+1
| | | | | | Signed-off-by: Bob Campbell <bobcampbell@catalyst.net.nz> Reviewed-by: Garming Sam <garming@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* lib: Remove xfileVolker Lendecke2016-12-113-640/+2
| | | | | | | | | | | | | The days of operating systems with a 255 file descriptor limit on FILE (I'm looking at you Solaris - Solaris 10 finally fixed this) are long gone. Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> Autobuild-User(master): Volker Lendecke <vl@samba.org> Autobuild-Date(master): Sun Dec 11 15:01:12 CET 2016 on sn-devel-144
* nmbd: xfile->stdioVolker Lendecke2016-12-116-62/+98
| | | | | | | | Unfortunately this is a larger patch. Doing it in small pieces would have been pretty difficult, as everybody calls everybody else. Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* lib: smbreadline xfile->stdioVolker Lendecke2016-12-111-6/+5
| | | | | Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* libnbt: lmhosts xfile->stdioVolker Lendecke2016-12-113-16/+14
| | | | | Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* printing: Convert aix_cache_reload to stdioVolker Lendecke2016-12-111-12/+15
| | | | | Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* printing: std_pcap_cache_reload xfile->stdioVolker Lendecke2016-12-111-8/+12
| | | | | Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* rpc_server: svcctl xfile->stdioVolker Lendecke2016-12-111-5/+4
| | | | | Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* vfs: expand_msdfs xfile->stdioVolker Lendecke2016-12-111-5/+4
| | | | | Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* ntlm_auth3: xfile->stdioVolker Lendecke2016-12-111-109/+122
| | | | | Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* torture: upload_printer_driver_file xfile->stdioVolker Lendecke2016-12-111-7/+7
| | | | | Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* smbd: username map file handling xfile->stdioVolker Lendecke2016-12-111-7/+6
| | | | | Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* lib: Add fgets_slashVolker Lendecke2016-12-112-0/+84
| | | | | | | | | | Copy x_fgets_slash with conversion to stdio and talloc. Probably I'd do this functionality a bit differently, but for simplicity I chose to make it the same as what is there. Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* lib: popt_common xfile->stdioVolker Lendecke2016-12-111-7/+6
| | | | | Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* idmap_hash: xfile->stdioVolker Lendecke2016-12-111-6/+5
| | | | | Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* smbclient: xfile->stdioVolker Lendecke2016-12-111-17/+16
| | | | | Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* smbclient4: xfile->stdioVolker Lendecke2016-12-111-15/+15
| | | | | Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
View Lorry Controller Status