summaryrefslogtreecommitdiff
path: root/source4
Commit message (Collapse)AuthorAgeFilesLines
* s4-netlogon: Escape user-supplied computer name in Bad credentials log lineAndrew Bartlett2017-06-271-3/+3
| | | | | Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* s4-netlogon: Provide logs for machine account success and failuresAndrew Bartlett2017-06-272-3/+31
| | | | | Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* smbtorture: Add more tests around NETLOGON challenge reuseAndrew Bartlett2017-06-271-0/+237
| | | | | | | | | | | The existing tests did not actually demonstrate what they thought they did until the credential values were refreshed. The new test showed this, because Samba fails it (windows passes) due to the way we keep the last challenge on the connection. Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* s4:dsdb/samdb: pass an existing 'struct ldb_context' to ↵Stefan Metzmacher2017-06-262-9/+3
| | | | | | | | | | | crack_auto_name_to_nt4_name() There's no point in creating a temporary ldb_context as the only callers already have a valid struct ldb_context for the local sam. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* s4:dsdb/samdb: pass an existing 'struct ldb_context' to crack_name_to_nt4_name()Stefan Metzmacher2017-06-264-14/+13
| | | | | | | | | There's no point in creating a temporary ldb_context as all direct callers already have a valid struct ldb_context for the local sam. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* s4:auth/unix_token: remove unused tevent_context from ↵Stefan Metzmacher2017-06-262-5/+4
| | | | | | | auth_session_info_fill_unix() Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* s4:auth/unix_token: remove unused tevent_context from ↵Stefan Metzmacher2017-06-262-5/+2
| | | | | | | security_token_to_unix_token() Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* lib: Give util_paths.c its own headerVolker Lendecke2017-06-243-0/+3
| | | | | Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* s4:torture: Do not segfault in torture_rpc_spoolss_printer_teardown_common()Andreas Schneider2017-06-231-3/+8
| | | | | | | | | | Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Guenther Deschner <gd@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org> Autobuild-Date(master): Fri Jun 23 21:00:19 CEST 2017 on sn-devel-144
* add provision performance testsDouglas Bagnall2017-06-231-0/+129
| | | | | | | Because making provision faster makes autobuild faster. Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Garming Sam <garming@catalyst.net.nz>
* perftest: add a new medley testDouglas Bagnall2017-06-231-0/+501
| | | | | | | | | | | | | | | | | | | | This is something of a rewrite of ad_dc_performance.py with more search tests and a rebalancing of others. For example, the users are added in three lots of 2000 using varying methods rather than 5 of 1000 using ldap, reducing duplication thus clarifying the results. Links are added in more realistic patterns with groups of varying size. To save time, the database is not cleaned up. Usually perftests are run with TESTS= restriction to a single suite, but in case this is not done, this suite is run last. The ad_dc_performance suite is not replaced so that comparisons with old test sequences are still possible. Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Garming Sam <garming@catalyst.net.nz>
* dsdb: Rework schema_init module to always use valid memoryAndrew Bartlett2017-06-221-20/+42
| | | | | | | The schema can go away unless the second argument (the memory context) is supplied Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* dnsserver/common: Use cached dnsHostName to reduce database readsGarming Sam2017-06-221-20/+4
| | | | | | | | | | The code to clobber the host name appears to have caused DNS requests to use 3x as much resources Signed-off-by: Garming Sam <garming@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Autobuild-User(master): Andrew Bartlett <abartlet@samba.org> Autobuild-Date(master): Thu Jun 22 13:06:07 CEST 2017 on sn-devel-144
* dsdb: Add a samdb_dns_host_name which avoids searchingGarming Sam2017-06-221-0/+47
| | | | | | | This ideally should also be used in rootDSE. Signed-off-by: Garming Sam <garming@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* s4/dcerpc_netlogon: Logging for dcesrv_netr_LogonGetDomainInfoGary Lockyer2017-06-221-1/+13
| | | | | | | | Log details of the remote machine when bad credentials received. Signed-off-by: Gary Lockyer <gary@catalyst.net.nz> Reviewed-by: Garming Sam <garming@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* pycredentials: add function to return the netr_AuthenticatorGary Lockyer2017-06-221-0/+3
| | | | | | | | | | | Add method new_client_authenticator that returns data to allow a netr_Authenticator to be constructed. Allows python to make netr_LogonSamLogonWithFlags, netr_LogonGetDomainInfo and similar calls Signed-off-by: Gary Lockyer <gary@catalyst.net.nz> Reviewed-by: Garming Sam <garming@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* lsa.String: add String constructor, str and reprGary Lockyer2017-06-221-0/+77
| | | | | | | | | Add a String constructor, str and repr methods to the samba.dcerpc.lsa.String python object Signed-off-by: Gary Lockyer <gary@catalyst.net.nz> Reviewed-by: Garming Sam <garming@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* Tests lsa.String: add String constructor, str and reprGary Lockyer2017-06-221-0/+2
| | | | | | | | | Tests for the String constructor, str and repr methods added to the samba.dcerpc.lsa.String python object Signed-off-by: Gary Lockyer <gary@catalyst.net.nz> Reviewed-by: Garming Sam <garming@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* s4:libcli/smb_composite: make the additional gensec_update steps asyncStefan Metzmacher2017-06-171-23/+128
| | | | | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Autobuild-User(master): Stefan Metzmacher <metze@samba.org> Autobuild-Date(master): Sat Jun 17 20:54:59 CEST 2017 on sn-devel-144
* s4:libcli/smb_composite: add early returns to sesssetup.c:request_handler()Stefan Metzmacher2017-06-171-11/+23
| | | | | | | | This makes it much clearer under which condutions the following code operates. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* s4:libcli/smb_composite: make the first round to gensec asyncStefan Metzmacher2017-06-171-36/+58
| | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* s4:libcli/smb_composite: move gensec_update_ev() out of session_setup_spnego()Stefan Metzmacher2017-06-171-16/+30
| | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* s4:libcli/smb_composite: move session_setup_spnego_restart() to the callers ↵Stefan Metzmacher2017-06-171-7/+21
| | | | | | | of session_setup_spnego() Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* s4:libcli/smb_composite: split out session_setup_spnego_restart() from ↵Stefan Metzmacher2017-06-171-19/+37
| | | | | | | session_setup_spnego() Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* s4:libcli/smb_composite: move chosen_oid to state->chosen_oidStefan Metzmacher2017-06-171-10/+20
| | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* s4:libcli/smb_composite: simplify gensec_update_ev() handling in ↵Stefan Metzmacher2017-06-171-13/+8
| | | | | | | session_setup_spnego() Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* dsdb: Add comment explaining requirements on DSDB_EXTENDED_SCHEMA_UPDATE_NOW_OIDAndrew Bartlett2017-06-161-1/+2
| | | | | | | | Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> Autobuild-User(master): Stefan Metzmacher <metze@samba.org> Autobuild-Date(master): Fri Jun 16 23:43:46 CEST 2017 on sn-devel-144
* dsdb: Do not prevent searches for @ATTRIBUTES because the DB is not set up yetAndrew Bartlett2017-06-161-0/+5
| | | | | Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* dsdb: Do not run dsdb_replace() on the calculated difference between old and ↵Andrew Bartlett2017-06-161-2/+12
| | | | | | | | | | | new schema We can set the database @INDEXLIST and @ATTRIBUTES to the full calculated values, not the difference, and let the ldb layer work it out under the transaction lock. Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* selftest: Fix failure message in dsdb_schema_infoAndrew Bartlett2017-06-161-2/+2
| | | | | | | The rename changes the CN, not the lDAPDisplayName Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* s4:gensec_gssapi: fix CID 1409781: Possible Control flow issues (DEADCODE)Stefan Metzmacher2017-06-161-1/+4
| | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
* dsdb: Remember the last ACL we read during a search and what it expanded toAndrew Bartlett2017-06-161-2/+81
| | | | | | | | | | | It may well be the same as the next one we need to check, so we can avoid parsing it again. Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Autobuild-User(master): Andrew Bartlett <abartlet@samba.org> Autobuild-Date(master): Fri Jun 16 07:39:24 CEST 2017 on sn-devel-144
* dsdb: Cache the result of checking the parent ACLAndrew Bartlett2017-06-161-7/+87
| | | | | | | | This should help a lot for large one-level searches and for subtree searches that are of flat tree structures Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
* repl_meta_data: single valued error codes depend on change typeDouglas Bagnall2017-06-151-4/+8
| | | | | | | | | | A replace leads to CONSTRAINT_VIOLATION while an add causes ATTRIBUTE_OR_VALUE_EXISTS. For this we need to check the mod type before the replmd_modify_la_* calls because they change everything into a replace. Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* replmd: special-case member return value in replmd_add_fix_la()Douglas Bagnall2017-06-151-1/+5
| | | | | | Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Pair-programmed-with: Garming Sam <garming@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* replmd: check duplicate linked attributesDouglas Bagnall2017-06-151-0/+9
| | | | | | | | This is simple enough because we already have the sorted list. Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Pair-programmed-with: Garming Sam <garming@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* replmd: check single values in replmd_add_fix_laGarming Sam2017-06-151-2/+14
| | | | | | | | | repl_meta_data knows whether linked attributes are appropriately [un-]duplicated, and this is how it tells ldb_tdb that. Signed-off-by: Garming Sam <garming@catalyst.net.nz> Pair-programmed-with: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* dsdb/tests/ldap: test single valued linked attributesDouglas Bagnall2017-06-151-0/+67
| | | | | | | This fails, so we add it to selftest/knownfail.d/ Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* s4/linked_attribute tests: test duplicate valuesDouglas Bagnall2017-06-151-1/+19
| | | | | Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* dsdb/tests/ldap: multivalued attributesDouglas Bagnall2017-06-151-0/+72
| | | | | | | Various return codes tested against Windows 2012r2. Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* s4:ldap_server: implement async BindSASLStefan Metzmacher2017-06-151-8/+69
| | | | | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Autobuild-User(master): Andrew Bartlett <abartlet@samba.org> Autobuild-Date(master): Thu Jun 15 13:18:47 CEST 2017 on sn-devel-144
* s4:ldap_server: set result = LDAP_SUCCESS at the end, when we're really doneStefan Metzmacher2017-06-151-3/+2
| | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* s4:ldap_server: avoid using talloc_reference()Stefan Metzmacher2017-06-151-5/+9
| | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* s4:ldap_server: remove useless NT_STATUS_IS_OK(status) checkStefan Metzmacher2017-06-151-1/+1
| | | | | | | | We checked a few lines above already, check with: git show -U10 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* s4:ldap_server: remove useless indentation level arround ldapsrv_backend_Init()Stefan Metzmacher2017-06-151-15/+15
| | | | | | | Check with git show -w Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* s4:ldap_server: remove useless indentation level arround gensec_session_info()Stefan Metzmacher2017-06-151-23/+21
| | | | | | | Check with git show -w Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* s4:ldap_server: make the gensec_create_tstream() error checking more clearStefan Metzmacher2017-06-151-12/+11
| | | | | | | Check with 'git show -w'. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* s4:ldap_server: only touch conn->session_info on success in ldapsrv_BindSASL()Stefan Metzmacher2017-06-151-6/+4
| | | | | | | | The old conn->session_info (as well as conn->ldb) should only be changed after a successful Bind(). Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* s4:ldap_server: terminate the connection if talloc_reference failsStefan Metzmacher2017-06-151-1/+1
| | | | | | | talloc_reference will be removed completely in the next commits... Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* s4:ldap_server: remove pointless (result != LDAP_SUCCESS) checkStefan Metzmacher2017-06-151-2/+1
| | | | | | | | We set result = LDAP_SUCCESS above and have goto do_reply; in all cases where we overwrite 'result'. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
View Lorry Controller Status