summaryrefslogtreecommitdiff
path: root/source4
Commit message (Collapse)AuthorAgeFilesLines
* HEIMDAL: krb5_storage_free(NULL) should workPaul Wise2021-02-161-0/+2
| | | | | | | | | | | BUG: https://bugzilla.samba.org/show_bug.cgi?id=12505 Signed-off-by: Paul Wise <pabs3@bonedaddy.net> Reviewed-by: Jeremy Allison <jra@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Original-author: Nicolas Williams <nico@twosigma.com> (cherry-picked from heimdal commit b3db07d5f0e03f6a1a0a392e70f9675e19a6d6af) (cherry picked from commit f9ed4f7028a5ed29026ac8ef1b47b63755ba98f8)
* s4:selftest: use plansmbtorture4testsuite() for 'rpc.echo'Stefan Metzmacher2021-02-021-1/+2
| | | | | | | | | | | | This makes sure "--basedir=$SELFTEST_TMPDIR" is passed to smbtorture. Tests should not create files in the build nor the source directory! BUG: https://bugzilla.samba.org/show_bug.cgi?id=14628 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org> (cherry picked from commit d06f2c22d726a5ec7bd804d89154ee272ab1a679)
* s4:torture/smb2: add samba3.smb2.ioctl.bug14607Stefan Metzmacher2021-01-151-0/+53
| | | | | | | | | | FSCTL_SMBTORTURE_IOCTL_RESPONSE_BODY_PADDING8 will be used to trigger an SMB2 IOCTL response with extra padding. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14607 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Volker Lendecke <vl@samba.org>
* s4 auth ntlm: Fix integer overflow in authsam_password_check_and_recordGary Lockyer2021-01-131-1/+2
| | | | | | | | | | | | | | | | | | Fix a ubsan detected integer overflow. ../../source4/auth/ntlm/auth_sam.c:445:56: runtime error: signed integer overflow: 60 * 600000000 cannot be represented in type 'int' In practice this meant that the default for the smb.conf parameter "old password allowed period" was approximately 16 seconds, rather than the intended 60 minutes. Similarly the value used would be 22.5 times less than the value specified in smd.conf. Signed-off-by: Gary Lockyer <gary@catalyst.net.nz> Reviewed-by: Jeremy Allison <jra@samba.org> Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Wed Jan 13 23:52:38 UTC 2021 on sn-devel-184
* auth4: Use global_sid_AnonymousVolker Lendecke2021-01-121-1/+1
| | | | | | | dom_sid_dup() is much simpler than dom_sid_parse_talloc() Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* auth4: Use global_sid_SystemVolker Lendecke2021-01-121-1/+1
| | | | | | | dom_sid_dup() is much simpler than dom_sid_parse_talloc() Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* s4:torture/fruit: avoid sleep(10000000); if write_stream() failsStefan Metzmacher2021-01-081-3/+2
| | | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* dsdb: Fix a typoVolker Lendecke2021-01-081-1/+1
| | | | | | Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* dsdb: Fix comment wordingVolker Lendecke2021-01-081-1/+1
| | | | | | Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* auth: Fix a typoVolker Lendecke2021-01-081-1/+1
| | | | | | Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* auth: Reformat a commentVolker Lendecke2021-01-081-4/+5
| | | | | | | | Will fix a typo next Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* Happy New Year 2021!Stefan Metzmacher2021-01-011-1/+1
| | | | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Autobuild-User(master): Stefan Metzmacher <metze@samba.org> Autobuild-Date(master): Fri Jan 1 11:56:23 UTC 2021 on sn-devel-184
* dns_update.c: handle DNS_QTYPE_ALLBjörn Jacke2020-12-191-0/+1
| | | | | | | | | | | | we have code to handle this, we should not refuse the request BUG: https://bugzilla.samba.org/show_bug.cgi?id=14576 Signed-off-by: Bjoern Jacke <bjacke@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> Autobuild-User(master): Björn Jacke <bjacke@samba.org> Autobuild-Date(master): Sat Dec 19 18:20:30 UTC 2020 on sn-devel-184
* gpo: Apply Group Policy Sudo Rights from VGPDavid Mulder2020-12-191-0/+2
| | | | | | | | | | | | This adds a Group Policy extension which applies Sudo rights set by Vintela Group Policy in the SYSVOL. Signed-off-by: David Mulder <dmulder@suse.com> Reviewed-by: Jeremy Allison <jra@samba.org> Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Sat Dec 19 08:11:50 UTC 2020 on sn-devel-184
* selftest: add tests for smb notify, using the a special shareBjörn Baumbach2020-12-171-0/+8
| | | | | | | | | | | That share will get the "honor change notify privilege = yes" option once it's implemented. For now it's marked as knownfail. Pair-Programmed-With: Stefan Metzmacher <metze@samba.org> Signed-off-by: Björn Baumbach <bb@sernet.de> Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* tests python krb5: initial TGS testsGary Lockyer2020-12-161-0/+3
| | | | | | | Initial tests on the KDC TGS Signed-off-by: Gary Lockyer <gary@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* s4:torture:smb2: remove unused fallback defines in oplock.cStefan Metzmacher2020-12-071-8/+0
| | | | | | | | | | | F_SETLEASE/F_SETSIG were all included in the kernel and glibc in 2002, there's no need to have fallbacks 18 years later. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Mon Dec 7 20:07:18 UTC 2020 on sn-devel-184
* s3/wscript: only check for F_SETLEASE being available at compile timeStefan Metzmacher2020-12-071-1/+0
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | F_GETLEASE/F_SETLEASE are available (at least) since Linux 2.4.0 from 2002. We also should not have the configure check depend on the filesystem we find at build time. It's very common that the build-environment is much more restricted than the runtime-environment will be. As a history we had this check on Samba 3.6: AC_CACHE_CHECK([for Linux kernel oplocks],samba_cv_HAVE_KERNEL_OPLOCKS_LINUX,[ AC_TRY_RUN([ #include <sys/types.h> #include <fcntl.h> #ifndef F_GETLEASE #define F_GETLEASE 1025 #endif main() { int fd = open("/dev/null", O_RDONLY); return fcntl(fd, F_GETLEASE, 0) == -1; } ], samba_cv_HAVE_KERNEL_OPLOCKS_LINUX=yes,samba_cv_HAVE_KERNEL_OPLOCKS_LINUX=no,samba_cv_HAVE_KERNEL_OPLOCKS_LINUX=cross)]) if test x"$samba_cv_HAVE_KERNEL_OPLOCKS_LINUX" = x"yes"; then AC_DEFINE(HAVE_KERNEL_OPLOCKS_LINUX,1,[Whether to use linux kernel oplocks]) fi which didn't depend on the filesystem. Then we got a broken check introduced in Samba 4.0 (a copy of the F_NOTIFY check): # Check for Linux kernel oplocks conf.CHECK_CODE(''' #include <sys/types.h> #include <fcntl.h> #include <signal.h> #ifndef F_NOTIFY #define F_NOTIFY 1026 #endif main() { exit(fcntl(open("/tmp", O_RDONLY), F_NOTIFY, 0) == -1 ? 1 : 0); }''', 'HAVE_KERNEL_OPLOCKS_LINUX', addmain=False, execute=True, msg="Checking for Linux kernel oplocks") this got "fixed" in Samba 4.7 (and backports to 4.6, 4.5 and 4.4) into # Check for Linux kernel oplocks conf.CHECK_CODE(''' #include <sys/types.h> #include <fcntl.h> #include <signal.h> #ifndef F_GETLEASE #define F_GETLEASE 1025 #endif main() { exit(fcntl(open("/tmp", O_RDONLY), F_GETLEASE, 0) == -1 ? 1 : 0); }''', 'HAVE_KERNEL_OPLOCKS_LINUX', addmain=False, execute=True, msg="Checking for Linux kernel oplocks") Lately it became dependend on the filesystem in the build-environment: # Check for Linux kernel oplocks conf.CHECK_CODE(''' #include <sys/types.h> #include <fcntl.h> #include <signal.h> #ifndef F_GETLEASE #define F_GETLEASE 1025 #endif main() { const char *fname="/tmp/oplock-test.txt"; int fd = open(fname, O_RDWR|O_CREAT, 0644); int ret = fcntl(fd, F_SETLEASE, F_WRLCK); unlink(fname); return (ret == -1) ? 1 : 0; }''', 'HAVE_KERNEL_OPLOCKS_LINUX', addmain=False, execute=True, msg="Checking for Linux kernel oplocks") Now we just check for F_SETLEASE being available in linux/fcntl.h. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* s4/samba: call force_check_log_size() in standard_new_task()Ralph Boehme2020-12-071-0/+2
| | | | | | | | | | | BUG: https://bugzilla.samba.org/show_bug.cgi?id=14248 RN: samba process does not honor max log size Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Mon Dec 7 18:54:29 UTC 2020 on sn-devel-184
* s4/samba: call force_check_log_size() in standard_accept_connection()Ralph Boehme2020-12-071-0/+2
| | | | | | | BUG: https://bugzilla.samba.org/show_bug.cgi?id=14248 Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* s4/samba: call force_check_log_size() in prefork_reload_after_fork()Ralph Boehme2020-12-071-0/+1
| | | | | | BUG: https://bugzilla.samba.org/show_bug.cgi?id=14248 Signed-off-by: Ralph Boehme <slow@samba.org>
* s4: call reopen_logs_internal() in the SIGHUP handler of the prefork process ↵Ralph Boehme2020-12-071-1/+1
| | | | | | | | | | | | model With debug_schedule_reopen_logs() the actual reopen only takes place at some point in the future when a DEBUG message is processed. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14248 Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* s4: replace low-level SIGUP handler with a tevent handlerRalph Boehme2020-12-071-0/+29
| | | | | | | | | | | Replace the low-level signal handler for SIGHUP with a nice tevent signal handler. The low-level handler sig_hup() installed by setup_signals() remains being used during early startup before a tevent context is available. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14248 Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* s4: install tevent tracing hooks to trigger logfile rotationRalph Boehme2020-12-073-2/+33
| | | | | | | BUG: https://bugzilla.samba.org/show_bug.cgi?id=14248 Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* s4: add samba server tevent trace helper stuffRalph Boehme2020-12-073-0/+131
| | | | | | | BUG: https://bugzilla.samba.org/show_bug.cgi?id=14248 Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* torture: Align integer typesVolker Lendecke2020-11-301-2/+2
| | | | | Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* samldb: Align two integer typesVolker Lendecke2020-11-301-2/+4
| | | | | | | ARRAY_SIZE is size_t Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* s4: rename source4/smbd/ to source4/samba/Ralph Boehme2020-11-2790-114/+114
| | | | | | | | Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Autobuild-User(master): Ralph Böhme <slow@samba.org> Autobuild-Date(master): Fri Nov 27 10:07:18 UTC 2020 on sn-devel-184
* samba_upgradedns: Do not print confusing logs about missing .zone filesAndrew Bartlett2020-11-261-3/+4
| | | | | | | | | | | | | | | | samba_upgradedns prints confusing logs about upgrading zone files and automatically creating DNS zones when the zone already exists. We need to move the logging to later when we know we what we are using the parsed information for. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14580 Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Signed-off-by: Andrew Bartlett <abartlet@samba.org> Autobuild-User(master): Stefan Metzmacher <metze@samba.org> Autobuild-Date(master): Thu Nov 26 08:16:04 UTC 2020 on sn-devel-184
* Do not create an empty DB when accessing a sam.ldbAndrew Bartlett2020-11-261-0/+3
| | | | | | | | | | | | | | | | | | | | | | | Samba already does this for samba-tool and doing this should make our errors more sensible, particularly in BIND9 if not provisioned with the correct --dns-backend=DLZ_BIND9 The old error was like: named[62954]: samba_dlz: Unable to get basedn for /var/lib/samba/private/dns/sam.ldb - NULL Base DN invalid for a base search. The new error will be like (in this case from the torture test): Failed to connect to Failed to connect to ldb:///home/abartlet/samba/st/chgdcpass/bind-dns/dns/sam.ldb: Unable to open tdb '/home/abartlet/samba/st/chgdcpass/bind-dns/dns/sam.ldb': No such file or directory: Operations error BUG: https://bugzilla.samba.org/show_bug.cgi?id=14579 Reviewed-by: Andreas Schneider <asn@samba.org> Signed-off-by: Andrew Bartlett <abartlet@samba.org>
* torture: Do not call destroy_dlz() on uninitialised memoryAndrew Bartlett2020-11-261-4/+14
| | | | | | | BUG: https://bugzilla.samba.org/show_bug.cgi?id=14579 Reviewed-by: Andreas Schneider <asn@samba.org> Signed-off-by: Andrew Bartlett <abartlet@samba.org>
* tests python krb5: Convert kdc-heimdal to pythonGary Lockyer2020-11-121-0/+1
| | | | | | | | | | | | Implement the tests in source4/torture/krb5/kdc-heimdal.c in python. The following tests were not re-implemented as they are client side tests for the "Orpheus Lyre" attack: TORTURE_KRB5_TEST_CHANGE_SERVER_OUT TORTURE_KRB5_TEST_CHANGE_SERVER_IN TORTURE_KRB5_TEST_CHANGE_SERVER_BOTH Signed-off-by: Gary Lockyer <gary@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* torture/sharemode: fix empty initializer compile warningBjörn Jacke2020-11-101-4/+4
| | | | | Signed-off-by: Bjoern Jacke <bjacke@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* heimdal_build: silence warning: macro redefinedBjörn Jacke2020-11-101-0/+5
| | | | | Signed-off-by: Bjoern Jacke <bjacke@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* s4:rpc_server: Allow to use RC4 for creating trustsAndreas Schneider2020-11-091-0/+18
| | | | | | Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Alexander Bokovoy <ab@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* s4:rpc_server: Use gnutls_cipher_decrypt() in get_trustdom_auth_blob()Andreas Schneider2020-11-091-1/+1
| | | | | | It doesn't matter for RC4, but just to be correct. Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Alexander Bokovoy <ab@samba.org>
* tests python krb5: Add python kerberos compatability testsGary Lockyer2020-11-091-0/+1
| | | | | | | | Add new python test to document the differences between the MIT and Heimdal Kerberos implementations. Signed-off-by: Gary Lockyer <gary@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* Remove source4/scripting/devel/createtrust scriptIsaac Boukris2020-11-061-125/+0
| | | | | | | | | | | We now have the 'samba-tool domain trust' command. Signed-off-by: Isaac Boukris <iboukris@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Alexander Bokovoy <ab@samba.org> Autobuild-User(master): Isaac Boukris <iboukris@samba.org> Autobuild-Date(master): Fri Nov 6 11:25:02 UTC 2020 on sn-devel-184
* selftest: add a test for the CreateTrustedDomainRelax wrapperIsaac Boukris2020-11-061-0/+4
| | | | | | | | | | Originally copied from 'source4/scripting/devel/createtrust' (had to drop the TRUST_AUTH_TYPE_VERSION part though, as it fails against samba DC). Signed-off-by: Isaac Boukris <iboukris@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Alexander Bokovoy <ab@samba.org>
* Add py binding for dcerpc_transport_encryptedIsaac Boukris2020-11-061-0/+14
| | | | | | Signed-off-by: Isaac Boukris <iboukris@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Alexander Bokovoy <ab@samba.org>
* Add dcerpc_transport_encrypted()Isaac Boukris2020-11-063-0/+26
| | | | | | Signed-off-by: Isaac Boukris <iboukris@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Alexander Bokovoy <ab@samba.org>
* s4:libnet:py_net - free event context in dealloc fnAndrew Walker2020-11-061-1/+1
| | | | | | | | | | | | | | | Creation of a new Net() object initializes an event context under a NULL talloc context and then creates a new talloc context as a child of the event context. The deallocation function for the net object only frees the child and not the parent. This leaks an fd for the tevent context and associated memory. Signed-off-by: Andrew Walker <awalker@ixsystems.com> Reviewed-by: Jeremy Allison <jra@samba.org> Reviewed-by: Gary Lockyer <gary@catalyst.net.nz> Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Fri Nov 6 04:58:31 UTC 2020 on sn-devel-184
* tests python krb5: Add python kerberos canonicalization testsGary Lockyer2020-11-041-0/+1
| | | | | | | | | | Add python canonicalization tests, loosely based on the code in source4/torture/krb5/kdc-canon-heimdal.c. The long term goal is to move the integration level tests out of kdc-canon-heimdal, leaving it as a heimdal library unit test. Signed-off-by: Gary Lockyer <gary@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* selftest: add test for new "samba-tool user unlock" commandBjörn Baumbach2020-11-042-0/+21
| | | | | | | | Signed-off-by: Björn Baumbach <bb@sernet.de> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Autobuild-User(master): Douglas Bagnall <dbagnall@samba.org> Autobuild-Date(master): Wed Nov 4 00:19:25 UTC 2020 on sn-devel-184
* auth:creds:tests: Migrate test to a cmocka unit testAndreas Schneider2020-11-032-2/+1
| | | | Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Alexander Bokovoy <ab@samba.org>
* auth:creds: Rename CRED_USE_KERBEROS valuesAndreas Schneider2020-11-037-15/+15
| | | | Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Alexander Bokovoy <ab@samba.org>
* dsdb/mod/operational: correct comment arithmeticDouglas Bagnall2020-11-031-1/+4
| | | | | | | E + F is not 1F! E + F is 1D! Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* s4:param: Add 'weak crypto' getter to pyparamAndreas Schneider2020-10-291-0/+22
| | | | Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Alexander Bokovoy <ab@samba.org>
* s4:rpc_server: Allow to use RC4 for setting passwordsAndreas Schneider2020-10-292-1/+31
| | | | Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Alexander Bokovoy <ab@samba.org>
* s4: torture: Add smb2.notify.handle-permissions test.Jeremy Allison2020-10-291-0/+80
| | | | | | | | | | Add knownfail entry. CVE-2020-14318 BUG: https://bugzilla.samba.org/show_bug.cgi?id=14434 Signed-off-by: Jeremy Allison <jra@samba.org>
View Lorry Controller Status