summaryrefslogtreecommitdiff
path: root/source4/lib
Commit message (Collapse)AuthorAgeFilesLines
* s4: messaging: Remove bool auto_remove parameter from imessaging_init().Jeremy Allison2016-07-235-20/+8
| | | | | | | | | With modern messaging this doesn't do anything (it's an empty destructor). Clean up so we can add a proper destructor in future. Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* pyrpc: Allow control of RPC timeout for IRPCAndrew Bartlett2016-07-121-0/+2
| | | | | Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Garming Sam <garming@catalyst.net.nz>
* s4:regshell: fix O3 error unused result of asprintf in reg_complete_key()Michael Adam2016-05-131-2/+7
| | | | | Signed-off-by: Michael Adam <obnox@samba.org> Reviewed-by: Christian Ambach <ambi@samba.org>
* s4:registry:patchfile: fix O3 error unused result of writeMichael Adam2016-05-131-4/+5
| | | | | Signed-off-by: Michael Adam <obnox@samba.org> Reviewed-by: Christian Ambach <ambi@samba.org>
* source4/registry/local: avoid str_list_length() to check first elementDouglas Bagnall2016-05-101-1/+1
| | | | | | | | We don't need to walk to the end of the list to find out if the first one is NULL. Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* lib: Give base64.c its own .hVolker Lendecke2016-05-042-0/+2
| | | | | Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* lib/http/http_auth: Fix CID 1273428 - Unchecked return valueRobin Hack2016-04-261-0/+3
| | | | | | | | | | | | | | | | | | | | | | | | There is missing check of status value in http_auth.c:http_create_auth_request() which can leave values inside 'DATA_BLOB in' unitialized. http_auth.c:http_create_auth_request() calls http_auth.c:http_parse_auth_response() which can return NT_STATUS_NOT_SUPPORTED and which is not checked by caller and later passed as argument to other functions. For example: 'DATA_BLOB in' can be passed to auth/gensec/spnego.c:gensec_spnego_update() later: ... switch (spnego_state->state_position) { .. case SPNEGO_SERVER_START: if (in.length) { Signed-off-by: Robin Hack <hack.robin@gmail.com> Reviewed-by: Andreas Schneider <asn@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* s4:lib:registry: fix 'Conditional jump or move' valgrind error.Noel Power2016-04-251-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | smbtorture local.registry.diff.dotreg.test_diff_apply produces the following valgrind trace ==18367== Conditional jump or move depends on uninitialised value(s) ==18367== at 0xA02ED96: reg_dotreg_diff_load (patchfile_dotreg.c:252) ==18367== by 0xA031C6C: reg_diff_load (patchfile.c:375) ==18367== by 0xA0323AB: reg_diff_apply (patchfile.c:542) ==18367== by 0x15F116: test_diff_apply (diff.c:72) ==18367== by 0x955460C: wrap_test_with_simple_test (torture.c:731) ==18367== by 0x955366F: internal_torture_run_test (torture.c:442) ==18367== by 0x9553A4B: torture_run_test_restricted (torture.c:542) ==18367== by 0x260074: run_matching (smbtorture.c:110) ==18367== by 0x25FF36: run_matching (smbtorture.c:95) ==18367== by 0x25FF36: run_matching (smbtorture.c:95) ==18367== by 0x25FF36: run_matching (smbtorture.c:95) ==18367== by 0x260195: torture_run_named_tests (smbtorture.c:143) ==18367== Signed-off-by: Noel Power <noel.power@suse.com> Reviewed-by: Volker Lendecke <vl@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
* CVE-2016-2113: s4:lib/tls: implement infrastructure to do peer verificationStefan Metzmacher2016-04-123-0/+277
| | | | | | | BUG: https://bugzilla.samba.org/show_bug.cgi?id=11752 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Günther Deschner <gd@samba.org>
* CVE-2016-2113: s4:lib/tls: create better certificates and sign the host cert ↵Stefan Metzmacher2016-04-121-9/+9
| | | | | | | | | | | | with the ca cert The generated ca cert (in ca.pem) was completely useless, it could be replaced by cert.pem. BUG: https://bugzilla.samba.org/show_bug.cgi?id=11752 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Günther Deschner <gd@samba.org>
* s4/lib/wmi_wrap: use HAVE___ATTRIBUTE__ instead of __GNUC__Douglas Bagnall2016-03-241-7/+1
| | | | | | Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Uri Simchoni <uri@samba.org>
* build: mark explicit dependencies on pytalloc-utilGarming Sam2016-03-151-1/+1
| | | | | | | | | | | | | All subsystems that include pytalloc.h need to link against pytalloc-util. BUG: https://bugzilla.samba.org/show_bug.cgi?id=11789 Signed-off-by: Garming Sam <garming@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Autobuild-User(master): Garming Sam <garming@samba.org> Autobuild-Date(master): Tue Mar 15 07:08:16 CET 2016 on sn-devel-144
* pyregistry: Use pytalloc_BaseObject_PyType_Ready()Andrew Bartlett2016-03-081-14/+3
| | | | | | | This changes pyregistry to use talloc.BaseObject() just like the PIDL output Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Garming Sam <garming@catalyst.net.nz>
* regtree: avoid GCC indentation warningDouglas Bagnall2016-03-031-1/+2
| | | | | | | | This was not actually a bug, but GCC6 (sort of reasonably) thought it could be. Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Volker Lendecke <vl@samba.org> Reviewed-by: Michael Adam <obnox@samba.org>
* s4-libgpo: fix gcc6 build warning.Günther Deschner2016-02-061-6/+0
| | | | | | | | | | source4/lib/policy/gp_ldap.c:48:35: warning: 'gpo_inheritance' defined but not used [-Wunused-const-variable] Guenther Signed-off-by: Guenther Deschner <gd@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* dlist: remove unneeded type argument from DLIST_ADD_END()Michael Adam2016-02-063-3/+3
| | | | | Signed-off-by: Michael Adam <obnox@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* s4:lib:socket: skip extra data in interpret_interface()Michael Adam2016-01-261-0/+9
| | | | | | | | | This is currently smbd-specific. No need to duplicate the extended parsing while these functions have not been merged yet. Signed-off-by: Michael Adam <obnox@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* Rename 'errors' to 'samba-errors' and make it public.Jelmer Vernooij2016-01-131-1/+1
| | | | | | | | | | | This is necessary because it has public headers. Signed-off-by: Jelmer Vernooij <jelmer@jelmer.uk> Reviewed-By: Andrew Bartlett <abartlet@samba.org> Reviewed-By: Stefan Metzmacher <metze@samba.org> Autobuild-User(master): Jelmer Vernooij <jelmer@samba.org> Autobuild-Date(master): Wed Jan 13 07:47:04 CET 2016 on sn-devel-144
* Make libregistry private, for now.Jelmer Vernooij2016-01-132-15/+2
| | | | | | Signed-Off-By: Jelmer Vernooij <jelmer@samba.org> Reviewed-By: Andrew Bartlett <abartlet@samba.org> Reviewed-By: Stefan Metzmacher <metze@samba.org>
* pyregistry: Adjust to use of PY_SSIZE_T_CLEANAndrew Bartlett2016-01-071-1/+1
| | | | | | | This changes the type used for # arguments to PyArg_ParseTuple Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Jelmer Vernooij <jelmer@samba.org>
* pymessaging: Adjust to use of PY_SSIZE_T_CLEANAndrew Bartlett2016-01-071-1/+1
| | | | | | | This changes the type used for # arguments to PyArg_ParseTupleAndKeywords Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Jelmer Vernooij <jelmer@samba.org>
* waf: Check for GnuTLS 3.4.7Andreas Schneider2015-12-101-6/+20
| | | | | Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Garming Sam <garming@catalyst.net.nz>
* Fix various spelling errorsMathieu Parent2015-11-061-1/+1
| | | | | | | | Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Michael Adam <obnox@samba.org> Autobuild-User(master): Andrew Bartlett <abartlet@samba.org> Autobuild-Date(master): Fri Nov 6 13:43:45 CET 2015 on sn-devel-104
* s4:lib/messaging: use a helper variable for tdb flagsRalph Boehme2015-10-201-4/+4
| | | | | | | | | | | | | Small refactoring that eliminates a nested function call. These are a pita when stepping with gdb. Bug: https://bugzilla.samba.org/show_bug.cgi?id=11562 Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> Autobuild-User(master): Stefan Metzmacher <metze@samba.org> Autobuild-Date(master): Tue Oct 20 14:54:57 CEST 2015 on sn-devel-104
* s4:lib/messaging: use correct path for names.tdbRalph Boehme2015-10-201-1/+7
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | source3 messaging_init() calls server_id_db_init() (where names.tdb is created) with lock_path. source4 imessaging_init() otoh wrongly used the special lock_path subdirectory "msg.lock": > find /opt/samba/ -name names.tdb /opt/samba/var/lock/msg.lock/names.tdb /opt/samba/var/lock/names.tdb > tdbdump /opt/samba/var/lock/names.tdb { key(14) = "notify-daemon\00" data(27) = "28609/12756565486113779780\00" } > tdbdump /opt/samba/var/lock/msg.lock/names.tdb { key(15) = "winbind_server\00" data(8) = "28593/0\00" } With this patch both source3 and source4 messaging now use the same names.tdb which is what we want: > find /opt/samba/ -name names.tdb /opt/samba/var/lock/names.tdb > tdbdump /opt/samba/var/lock/names.tdb { key(15) = "winbind_server\00" data(8) = "26434/0\00" } { key(14) = "notify-daemon\00" data(26) = "26452/3454520012124001687\00" } Bug: https://bugzilla.samba.org/show_bug.cgi?id=11562 Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* lib: Push down unique generation one levelVolker Lendecke2015-10-191-1/+1
| | | | | Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
* s4:lib/messaging: use 'msg.lock' and 'msg.sock' for messaging related subdirsStefan Metzmacher2015-09-171-2/+2
| | | | | | | | | | | | | | | | In Samba 4.2, we used lock_path("msg") (with 0700) for the socket directory, while we use lock_path("msg") (with 0755) for the lock file directory. This generates a conflict that prevents samba, smbd, nmbd and winbindd from starting after an upgrade. BUG: https://bugzilla.samba.org/show_bug.cgi?id=11515 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Volker Lendecke <vl@samba.org> Autobuild-User(master): Stefan Metzmacher <metze@samba.org> Autobuild-Date(master): Thu Sep 17 09:04:59 CEST 2015 on sn-devel-104
* tls: increase Diffie-Hellman group size to 2048 bitsBjörn Jacke2015-09-032-2/+2
| | | | | | | | | | | 1024 bits is already the minimum accepted size of current TLS libraries. 2048 is recommended for servers, see https://weakdh.org/ Signed-off-by: Bjoern Jacke <bj@sernet.de> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Autobuild-User(master): Andrew Bartlett <abartlet@samba.org> Autobuild-Date(master): Thu Sep 3 03:47:48 CEST 2015 on sn-devel-104
* lib/tls: Ensure SSLv3 is disabled in the web server by defaultAndrew Bartlett2015-08-311-1/+14
| | | | | | | | By calling gnutls_priority_set_direct() the behaviour should now match the LDAP server BUG: https://bugzilla.samba.org/show_bug.cgi?id=11076 Signed-off-by: Andrew Bartlett <abartlet@samba.org> Pair-programmed-with: Garming Sam <garming@catalyst.net.nz>
* lib/tls: Remove unused tls_init_client codeAndrew Bartlett2015-08-312-80/+0
| | | | | | | | This is unused as the callers have now been migrated to tls_tstream BUG: https://bugzilla.samba.org/show_bug.cgi?id=11076 Signed-off-by: Andrew Bartlett <abartlet@samba.org> Pair-programmed-with: Garming Sam <garming@catalyst.net.nz>
* lib/dcom: use HRESULT in dcom_create_object.Günther Deschner2015-07-314-7/+9
| | | | | | | Guenther Signed-off-by: Günther Deschner <gd@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* lib/tls: Add new 'tls priority' optionAndrew Bartlett2015-07-202-4/+29
| | | | | | | | | | This adds a new option to the smb.conf to allow administrators to disable TLS protocols in GnuTLS without changing the code. BUG: https://bugzilla.samba.org/show_bug.cgi?id=11076 Pair-programmed-with: Garming Sam <garming@catalyst.net.nz> Signed-off-by: Garming Sam <garming@catalyst.net.nz> Signed-off-by: Andrew Bartlett <abartlet@samba.org>
* Remove support for OpenPGP certificates in our TLS client and serverAndrew Bartlett2015-07-201-2/+0
| | | | | | | | We do not provide parameters to configure these, and OpenPGP for TLS (RFC 6091) is not used in AD Pair-programmed-with: Garming Sam <garming@catalyst.net.nz> Signed-off-by: Garming Sam <garming@catalyst.net.nz> Signed-off-by: Andrew Bartlett <abartlet@samba.org>
* s4:lib/tls: ignore non-existing ca and crl files in tstream_tls_params_client()Stefan Metzmacher2015-06-231-2/+2
| | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* s4:lib/tls: fix tstream_tls_connect_send() defineStefan Metzmacher2015-06-231-1/+1
| | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* s4:lib/tls: fix build with gnutls 3.4Evangelos Foutras2015-04-292-8/+2
| | | | | | | | | | | | | gnutls_certificate_type_set_priority() was removed in GnuTLS 3.4.0. Use gnutls_priority_set_direct instead. BUG: https://bugzilla.samba.org/show_bug.cgi?id=8780 Signed-off-by: Björn Jacke <bj@sernet.de> Reviewed-By: Jelmer Vernooij <jelmer@samba.org> Autobuild-User(master): Björn Jacke <bj@sernet.de> Autobuild-Date(master): Wed Apr 29 22:29:02 CEST 2015 on sn-devel-104
* s4:lib/tls: remove allow_warnings=TrueStefan Metzmacher2015-03-201-1/+0
| | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* s4:lib/tls: add tls_cert_generate() prototype to tls.hStefan Metzmacher2015-03-203-2/+6
| | | | | | | This avoids compiler warnings... Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* Transition to waf 1.8: wrapped conf.check_cfgThomas Nagy2015-03-161-2/+2
| | | | | | | | Reviewed-By: Jelmer Vernooij <jelmer@samba.org> (forward ported to current master by abartlet) Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* lib/tls: Fix behaviour of --disable-gnutls and remove link to gcryptAndrew Bartlett2015-03-122-7/+19
| | | | | | | | | | We no longer link against gcrypt if gnutls > 3.0.0 is found, as these versions use libnettle. BUG: https://bugzilla.samba.org/show_bug.cgi?id=11135 Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
* registry: Fix CID 240989 Buffer not null terminatedVolker Lendecke2015-03-101-1/+1
| | | | | | | This makes it clearer that we don't really have a string in .hdr Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Ira Cooper <ira@samba.org>
* registry: Fix CID 241075 Unchecked return valueVolker Lendecke2015-03-101-1/+2
| | | | | Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Ira Cooper <ira@samba.org>
* s4-lib/cmdline: Fix help for -P / --machine-pass: this no longer implies -kAndrew Bartlett2015-03-061-1/+1
| | | | | Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* Fix the O3 developer buildVolker Lendecke2015-03-031-2/+2
| | | | | | | | | | Different gcc versions complain at different places Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Alexander Bokovoy <ab@samba.org> Autobuild-User(master): Volker Lendecke <vl@samba.org> Autobuild-Date(master): Tue Mar 3 13:14:53 CET 2015 on sn-devel-104
* Fix the developer O3 buildVolker Lendecke2015-02-252-4/+4
| | | | | | | | Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Alexander Bokovoy <ab@samba.org> Autobuild-User(master): Alexander Bokovoy <ab@samba.org> Autobuild-Date(master): Wed Feb 25 16:32:29 CET 2015 on sn-devel-104
* build: Require GnuTLS if building with Active DirectoryGarming Sam2015-02-251-0/+3
| | | | | | | | | Without GnuTLS, we don't have ldaps:// support and we are unable to readily create RSA keys of the correct length for the BackupKey protocol. Signed-off-by: Garming Sam <garming@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* s4-messaging: Unify list of possible messages into messaging.idlAndrew Bartlett2015-02-161-16/+1
| | | | | | | | | | Signed-off-by: Andrew Bartlett <abartlet@samba.org> Pair-programmed-with: Garming Sam <garming@catalyst.net.nz> Signed-off-by: Garming Sam <garming@catalyst.net.nz> Reviewed-by: Volker Lendecke <vl@samba.org> Autobuild-User(master): Volker Lendecke <vl@samba.org> Autobuild-Date(master): Mon Feb 16 14:48:41 CET 2015 on sn-devel-104
* s4-messaging: Remove unused struct imessaging_recAndrew Bartlett2015-02-161-19/+0
| | | | | | | Signed-off-by: Andrew Bartlett <abartlet@samba.org> Pair-programmed-with: Garming Sam <garming@catalyst.net.nz> Signed-off-by: Garming Sam <garming@catalyst.net.nz> Reviewed-by: Volker Lendecke <vl@samba.org>
* messaging4: Enable POOL_USAGEVolker Lendecke2015-02-143-2/+22
| | | | | | | | | | | | | | With this you can watch "samba"'s talloc hierarchy live using smbcontrol <pid> pool-usage Enjoy :-) Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> Autobuild-User(master): Stefan Metzmacher <metze@samba.org> Autobuild-Date(master): Sat Feb 14 01:59:19 CET 2015 on sn-devel-104
* messaging4: Use messages_dgmVolker Lendecke2015-02-132-337/+107
| | | | | | | | | | | | | This replaces the transport mechanism in source4 with calls to the messages_dgm code. It is supposed to enable "smbcontrol samba pool-usage" as an example without having to rewrite smbcontrol using the source4 based messaging subsystem. This moves the source3 based names.tdb (which is unused so far) to the lock directory, source4 does not have a cache directory. Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
View Lorry Controller Status