summaryrefslogtreecommitdiff
path: root/source4
Commit message (Collapse)AuthorAgeFilesLines
* dsdb: Correctly handle memory in objectclass_attrsAndrew Bartlett2020-02-261-1/+16
| | | | | | | | | | | | | | | el->values is caller-provided memory that should be thought of as constant, it should not be assumed to be a talloc context. Otherwise, if the caller gives constant memory or a stack pointer we will get an abort() in talloc when it expects a talloc magic in the memory preceeding the el->values. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14258 Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> (cherry picked from commit 3657bbc21182d764ddfcd603025f24ec240fd263)
* s4:torture: Skip the deltest20 as user rootAndreas Schneider2020-01-311-0/+4
| | | | | | | | | | | | | | | | | The test is meant to be run as a user and not root. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14257 Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org> Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org> Autobuild-Date(master): Thu Jan 30 16:54:33 UTC 2020 on sn-devel-184 (cherry picked from commit 677bc1b18420e717154dc73f632044239ac3ff9e) Autobuild-User(v4-12-test): Karolin Seeger <kseeger@samba.org> Autobuild-Date(v4-12-test): Fri Jan 31 13:57:54 UTC 2020 on sn-devel-184
* selftest: add test for samba-tool groupmember --member-base-dn optionBjörn Baumbach2020-01-211-0/+7
| | | | | Signed-off-by: Björn Baumbach <bb@sernet.de> Reviewed-by: Ralph Boehme <slow@samba.org>
* selftest: add tests for samba-tool group addmembers --object-types optionBjörn Baumbach2020-01-211-1/+59
| | | | | Signed-off-by: Björn Baumbach <bb@sernet.de> Reviewed-by: Ralph Boehme <slow@samba.org>
* selftest: add test for new samba-tool group addmembers --member-dn optionBjörn Baumbach2020-01-211-0/+46
| | | | | Signed-off-by: Björn Baumbach <bb@sernet.de> Reviewed-by: Ralph Boehme <slow@samba.org>
* samba-tool tests: add test-case for 'user getgrouops --full-dn'Björn Baumbach2020-01-211-0/+17
| | | | | Signed-off-by: Björn Baumbach <bb@sernet.de> Reviewed-by: Ralph Boehme <slow@samba.org>
* CVE-2019-19344 kcc dns scavenging: Fix use after free in ↵Gary Lockyer2020-01-211-9/+42
| | | | | | | | | | | | | | | | | dns_tombstone_records_zone ldb_msg_add_empty reallocates the underlying element array, leaving old_el pointing to freed memory. This patch takes two defensive copies of the ldb message, and performs the updates on them rather than the ldb messages in the result. Bug: https://bugzilla.samba.org/show_bug.cgi?id=14050 Signed-off-by: Gary Lockyer <gary@catalyst.net.nz> Autobuild-User(master): Karolin Seeger <kseeger@samba.org> Autobuild-Date(master): Tue Jan 21 11:38:38 UTC 2020 on sn-devel-184
* repl_meta_data: Only reset replMetaData entry for name if we made a conflict ↵Andrew Bartlett2020-01-211-8/+7
| | | | | | | | name here We previously set it for any rename Signed-off-by: Andrew Bartlett <abartlet@samba.org>
* repl_meta_data: Do not set *rename = true unless there has been a conflict ↵Andrew Bartlett2020-01-211-1/+0
| | | | | | | | on the incoming DN The normal case of a partner-sent rename is not a cause for updating the replPropertyMetaData Signed-off-by: Andrew Bartlett <abartlet@samba.org>
* repl_meta_data: Add comment explaining what is being renamed after the ↵Andrew Bartlett2020-01-211-1/+4
| | | | | | conflict is resolved Signed-off-by: Andrew Bartlett <abartlet@samba.org>
* CVE-2019-14902 dsdb: Change basis of descriptor module deferred processing ↵Andrew Bartlett2020-01-214-153/+156
| | | | | | | | | | | | | | | | to be GUIDs We can not process on the basis of a DN, as the DN may have changed in a rename, not only that this module can see, but also from repl_meta_data below. Therefore remove all the complex tree-based change processing, leaving only a tree-based sort of the possible objects to be changed, and a single stopped_dn variable containing the DN to stop processing below (after a no-op change). BUG: https://bugzilla.samba.org/show_bug.cgi?id=12497 Signed-off-by: Andrew Bartlett <abartlet@samba.org>
* CVE-2019-14902 repl_meta_data: Set renamed = true (and so do SD inheritance) ↵Andrew Bartlett2020-01-211-0/+13
| | | | | | | | | | | after any rename Previously if there was a conflict, but the incoming object would still win, this was not marked as a rename, and so inheritence was not done. BUG: https://bugzilla.samba.org/show_bug.cgi?id=12497 Signed-off-by: Andrew Bartlett <abartlet@samba.org>
* CVE-2019-14902 repl_meta_data: Fix issue where inherited Security ↵Andrew Bartlett2020-01-211-1/+21
| | | | | | | | Descriptors were not replicated. BUG: https://bugzilla.samba.org/show_bug.cgi?id=12497 Signed-off-by: Andrew Bartlett <abartlet@samba.org>
* CVE-2019-14902 repl_meta_data: schedule SD propagation to a renamed DNAndrew Bartlett2020-01-211-1/+16
| | | | | | | | We need to check the SD of the parent if we rename, it is not the same as an incoming SD change. BUG: https://bugzilla.samba.org/show_bug.cgi?id=12497 Signed-off-by: Andrew Bartlett <abartlet@samba.org>
* CVE-2019-14902 dsdb: Ensure we honour both change->force_self and ↵Andrew Bartlett2020-01-211-0/+7
| | | | | | | | | | change->force_children If we are renaming a DN we can be in a situation where we need to BUG: https://bugzilla.samba.org/show_bug.cgi?id=12497 Signed-off-by: Andrew Bartlett <abartlet@samba.org>
* CVE-2019-14902 dsdb: Add comments explaining why SD propagation needs to be ↵Andrew Bartlett2020-01-211-0/+7
| | | | | | | | done here BUG: https://bugzilla.samba.org/show_bug.cgi?id=12497 Signed-off-by: Andrew Bartlett <abartlet@samba.org>
* CVE-2019-14902 dsdb: Explain that descriptor_sd_propagation_recursive() is ↵Andrew Bartlett2020-01-211-0/+3
| | | | | | | | | | | proctected by a transaction This means we can trust the DB did not change between the two search requests. BUG: https://bugzilla.samba.org/show_bug.cgi?id=12497 Signed-off-by: Andrew Bartlett <abartlet@samba.org>
* selftest: Add test to confirm ACL inheritence really happensAndrew Bartlett2020-01-211-21/+94
| | | | | | | | While we have a seperate test (sec_descriptor.py) that confirms inheritance in general we want to lock in these specific patterns as this test covers rename. Signed-off-by: Andrew Bartlett <abartlet@samba.org>
* CVE-2019-14902 selftest: Add test for a special case around replicated renamesAndrew Bartlett2020-01-211-0/+69
| | | | | | | | It appears Samba is currently string-name based in the ACL inheritence code. BUG: https://bugzilla.samba.org/show_bug.cgi?id=12497 Signed-off-by: Andrew Bartlett <abartlet@samba.org>
* CVE-2019-14902 selftest: Add test for replication of inherited security ↵Andrew Bartlett2020-01-212-0/+263
| | | | | | | | descriptors BUG: https://bugzilla.samba.org/show_bug.cgi?id=12497 Signed-off-by: Andrew Bartlett <abartlet@samba.org>
* dsdb: Use write_data() to write to the password check scriptVolker Lendecke2020-01-191-3/+4
| | | | | | | | A simple write() might be interrupted or do short writes. Highly unlikely, but if it happens, it will be impossible to diagnose. Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* dsdb: Align integer typesVolker Lendecke2020-01-191-2/+4
| | | | | Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* heimdal_build: Remove bashism from --address-sanitizer build ruleAndrew Bartlett2020-01-181-3/+3
| | | | | | | | | | | export FOO=bar is a Bash extension, and is not required in this case, we only need the asn1_compile to run under the variable, there are no further commands in this sub-shell. Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Isaac Boukris <iboukris@samba.org> Autobuild-User(master): Isaac Boukris <iboukris@samba.org> Autobuild-Date(master): Sat Jan 18 12:25:16 UTC 2020 on sn-devel-184
* s4-torture: increase various bufsizes to better deal with Windows 2019 clustersGünther Deschner2020-01-161-3/+3
| | | | | | | Guenther Signed-off-by: Guenther Deschner <gd@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* s4-torture: fix copy/paste error in clusapi group testGünther Deschner2020-01-161-3/+3
| | | | | | | Guenther Signed-off-by: Guenther Deschner <gd@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* s4-torture: add clusapi GroupSet testsGünther Deschner2020-01-161-0/+162
| | | | | | | Guenther Signed-off-by: Guenther Deschner <gd@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* s4-torture: fix asserts in clusapi_NodeControl testsGünther Deschner2020-01-161-2/+2
| | | | | | | Guenther Signed-off-by: Guenther Deschner <gd@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* s4-torture: save cluster version in clusapi test contextGünther Deschner2020-01-161-2/+27
| | | | | | | Guenther Signed-off-by: Guenther Deschner <gd@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* tests: Test samba-tool user setprimarygroup commandBjörn Baumbach2020-01-151-0/+17
| | | | | | | | Signed-off-by: Björn Baumbach <bb@sernet.de> Reviewed-by: Andreas Schneider <asn@samba.org> Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org> Autobuild-Date(master): Wed Jan 15 13:30:53 UTC 2020 on sn-devel-184
* tests: Test samba-tool user getgroups commandBjörn Baumbach2020-01-151-0/+24
| | | | | Signed-off-by: Björn Baumbach <bb@sernet.de> Reviewed-by: Andreas Schneider <asn@samba.org>
* selftest: create working directory for blackbox testBjörn Baumbach2020-01-151-0/+1
| | | | | | Required to run test separately. Signed-off-by: Björn Baumbach <bb@sernet.de> Reviewed-by: Andreas Schneider <asn@samba.org>
* librpc: pidlify spoolss_EnumPerMachineConnectionsGünther Deschner2020-01-081-1/+1
| | | | | | | Guenther Signed-off-by: Guenther Deschner <gd@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* s4-torture: add test for spoolss_EnumPerMachineConnectionsGünther Deschner2020-01-081-0/+47
| | | | | | | Guenther Signed-off-by: Guenther Deschner <gd@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* s4-torture: add test for spoolss AddPerMachineConnectionGünther Deschner2020-01-081-0/+154
| | | | | | | Guenther Signed-off-by: Guenther Deschner <gd@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* librpc: fix IDL for spoolss_GetCorePrinterDrivers()Günther Deschner2020-01-081-6/+6
| | | | | | | | | | The charset determination makes it more difficult to deal with the real REG_MULTI_SZ nature of that element. Guenther Signed-off-by: Guenther Deschner <gd@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* dsdb: Align integer typesVolker Lendecke2020-01-032-8/+8
| | | | | Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: David Disseldorp <ddiss@samba.org>
* audit_log: Align integer typesVolker Lendecke2020-01-031-1/+1
| | | | | Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: David Disseldorp <ddiss@samba.org>
* Happy New Year 2020!Stefan Metzmacher2020-01-011-1/+1
| | | | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Autobuild-User(master): Stefan Metzmacher <metze@samba.org> Autobuild-Date(master): Wed Jan 1 12:04:52 UTC 2020 on sn-devel-184
* Convert samba4.base.rw1 test to smb2David Mulder2019-12-203-0/+165
| | | | | | Signed-off-by: David Mulder <dmulder@suse.com> Reviewed-by: Ralph Böhme <slow@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* Convert samba4.base.*attr tests to smb2David Mulder2019-12-204-0/+545
| | | | | | Signed-off-by: David Mulder <dmulder@suse.com> Reviewed-by: Ralph Böhme <slow@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* selftest: Confirm parse of dnsProperty recordsAndrew Bartlett2019-12-201-0/+32
| | | | | | | This confirms a name of "." will round-trip correctly. Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
* s4-smbd: Also restart prefork children lost to SIGKILL (-9)Andrew Bartlett2019-12-201-1/+2
| | | | | | | | | | | | | | | | | | | Samba 4.10 and later versions have a process restart capability to greatly reduce the impact of crashes due to a NULL pointer de-reference or abort(). However SIGKILL was deliberatly omitted. Sadly this is the most likely case, due to the OOM killer, as raised here: https://lists.samba.org/archive/samba-technical/2019-November/134529.html Subsequent discussion (offline) has been to agree that we should restart in this case. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14221 Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
* test upgradedns: ensure lmdb lock files linkedGary Lockyer2019-12-201-0/+2
| | | | | | | | | | | | | Add tests to check that the '-lock' files for the dns partitions as well as the data files are linked when running samba_dnsupgrade --dns-backend=BIND9_DLZ failure to create these links can cause corruption of the corresponding data file. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14199 Signed-off-by: Gary Lockyer <gary@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* selftest: run samba.tests.samba_tool.user against ad_dc_ntvfs:local explicitlyRalph Boehme2019-12-201-1/+1
| | | | | | | No change in behaviour. Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
* selftest: run samba.ldap.referrals against ad_dc_ntvfs explicitlyRalph Boehme2019-12-201-1/+1
| | | | | | | No change in behaviour. Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
* selftest: run samba4.ldap.dirsync.python against ad_dc_ntvfs explicitlyRalph Boehme2019-12-201-1/+1
| | | | | | | No change in behaviour. Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
* selftest: run samba.tests.dcerpc.srvsvc against ad_dc_ntvfs explicitlyRalph Boehme2019-12-201-1/+1
| | | | | | | No change in behaviour. Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
* selftest: run rpc.srvsvc and rpc.mgmt against ad_dc_ntvfs explicitlyRalph Boehme2019-12-201-1/+4
| | | | | | | No change in behaviour. Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
* selftest: hardcode ad_dc_ntvfs for the rpc.netlogon testsuiteRalph Boehme2019-12-201-0/+2
| | | | | | | | The rpc.netlogon testsuite has a test that verifies LSA over netlogon which is only enabled in the ad_dc_ntvfs env. Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
* selftest: make testenv name logic more flexible for the rpc testcasesRalph Boehme2019-12-201-3/+4
| | | | | Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
View Lorry Controller Status