summaryrefslogtreecommitdiff
path: root/source4
Commit message (Collapse)AuthorAgeFilesLines
* s4/selftest: convert print func to be py2/py3 compatibleNoel Power2018-03-231-1/+2
| | | | | | Signed-off-by: Noel Power <noel.power@suse.com> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
* s4/torture/drs: convert print func to be py2/py3 compatibleNoel Power2018-03-236-56/+62
| | | | | | Signed-off-by: Noel Power <noel.power@suse.com> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
* s4/scripting: convert print func to be py2/py3 compatibleNoel Power2018-03-236-60/+66
| | | | | | Signed-off-by: Noel Power <noel.power@suse.com> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
* s4/script: convert print func to be py2/py3 compatibleNoel Power2018-03-231-4/+5
| | | | | | Signed-off-by: Noel Power <noel.power@suse.com> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
* s3/dsdb: convert print func to be py2/py3 compatibleNoel Power2018-03-2325-202/+235
| | | | | | Signed-off-by: Noel Power <noel.power@suse.com> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
* Fix invocation of gnutls_aead_cipher_encrypt()Timur I. Bakeyev2018-03-231-3/+3
| | | | | | | | | | | | | | Which was failing with GNUTLS_E_SHORT_MEMORY_BUFFER - The given memory buffer is too short to hold parameters. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13352 Signed-off-by: Timur I. Bakeyev <timur@iXsystems.com> Reviewed-by: Garming Sam <garming@catalyst.net.nz> Reviewed-by: Gary Lockyer <gary@catalyst.net.nz> Autobuild-User(master): Garming Sam <garming@samba.org> Autobuild-Date(master): Fri Mar 23 07:25:30 CET 2018 on sn-devel-144
* selftest: consistently produce high-res UTC timeJamie McClymont2018-03-221-2/+2
| | | | | | | | | | | | | | | Currently some subunit reporters throughout the codebase provide low-res time, meaning timestamps jump back and forth in the subunit file. Also, some subunit reporters produce UTC timestamps while others produce local time. UTC was chosen as the standard for this commit since all of the timestamps end with a Z (= Zulu = UTC). Signed-off-by: Jamie McClymont <jamiemcclymont@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org> Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org> Autobuild-Date(master): Thu Mar 22 13:26:44 CET 2018 on sn-devel-144
* samba_dnsupdate: Introduce automatic site coverageGarming Sam2018-03-211-0/+27
| | | | | | | | This uses the underlying function in kcc_utils.py which already has tests. Signed-off-by: Garming Sam <garming@catalyst.net.nz> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
* tests/kcc_util: Add unit tests for automatic site coverageGarming Sam2018-03-211-0/+2
| | | | | Signed-off-by: Garming Sam <garming@catalyst.net.nz> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
* s4:dsdb: Fix integer operationsAndreas Schneider2018-03-201-3/+3
| | | | | | | This fixes compilation with -Wstrict-overflow=2 Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* s4:client: Fix size typesAndreas Schneider2018-03-201-4/+4
| | | | | | | This fixes compilation with -Wstrict-overflow=2 Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* s4:torture: Fix size types in nss testsAndreas Schneider2018-03-201-2/+2
| | | | | | | This fixes compilation with -Wstrict-overflow=2 Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* s3:torture: Fix size types in spoolss testAndreas Schneider2018-03-201-1/+1
| | | | | | | This fixes compilation with -Wstrict-overflow=2 Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* s4:torture: Fix size types in qfileinfo testAndreas Schneider2018-03-201-3/+3
| | | | | | | This fixes compilation with -Wstrict-overflow=2 Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* s4:torture: Fix size types in qsinfo testAndreas Schneider2018-03-201-3/+3
| | | | | | | This fixes compilation with -Wstrict-overflow=2 Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* s4:rpc_server: Fix size typesAndreas Schneider2018-03-201-2/+2
| | | | | | | This fixes compilation with -Wstrict-overflow=2 Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* s4:utils: Fix size typesAndreas Schneider2018-03-201-1/+1
| | | | | | | This fixes compilation with -Wstrict-overflow=2 Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* s4:cldap_server: Fix size typesAndreas Schneider2018-03-201-1/+1
| | | | | | | This fixes compilation with -Wstrict-overflow=2 Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* s4:ldap_server: Fix size typesAndreas Schneider2018-03-201-2/+2
| | | | | | | This fixes compilation with -Wstrict-overflow=2 Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* s4:rpc_server: Fix size types in dcerpc dnsserverAndreas Schneider2018-03-202-3/+3
| | | | | | | This fixes compilation with -Wstrict-overflow=2 Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* s4:dns_server: Fix size typesAndreas Schneider2018-03-201-2/+2
| | | | | | | This fixes compilation with -Wstrict-overflow=2 Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* s4:ntvfs: Fix size type in pvfs functionsAndreas Schneider2018-03-201-4/+4
| | | | | | | This fixes compilation with -Wstrict-overflow=2 Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* heimdal: Fix size typesAndreas Schneider2018-03-205-6/+7
| | | | | | | | | | This fixes compilation with -Wstrict-overflow=2 Upstream pull request: https://github.com/heimdal/heimdal/pull/354 Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* s4:rpc_server/lsa: make use of dom_sid_is_valid_account_domain()Stefan Metzmacher2018-03-191-31/+1
| | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
* s4:kdc: make sure we expand group memberships of the local domainStefan Metzmacher2018-03-191-0/+11
| | | | | | | BUG: https://bugzilla.samba.org/show_bug.cgi?id=13300 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
* s4:kdc: pass krbtgt and server to samba_kdc_update_pac_blob()Stefan Metzmacher2018-03-194-1/+16
| | | | | | | | | This will be used for SID expanding and filtering. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13300 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
* s4:kdc: remember is_krbtgt, is_rodc and is_trust samba_kdc_entryStefan Metzmacher2018-03-192-1/+8
| | | | | | | | | This can later be used for sid filtering and similar things. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13300 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
* s4:auth_winbind: make sure we expand group memberships of the local domainStefan Metzmacher2018-03-191-0/+12
| | | | | | | BUG: https://bugzilla.samba.org/show_bug.cgi?id=13300 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
* s4:auth_winbind: only call authsam_logon_success_accounting() for local usersStefan Metzmacher2018-03-191-34/+23
| | | | | | | | | | | | | | There's no need to do a crack_name_to_nt4_name(), as the authentication already provides the nt4 domain and account names. This should only happen on an RODC, that we use the winbind auth module for local users. So we should make sure we only try to reset the badPwdCount for users of our own domain. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13300 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
* s4:auth: add authsam_update_user_info_dc() that implements SID expanding for ↵Stefan Metzmacher2018-03-192-0/+65
| | | | | | | | | the local domain BUG: https://bugzilla.samba.org/show_bug.cgi?id=13300 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
* s4:auth: split out a authsam_domain_group_filter() functionStefan Metzmacher2018-03-191-6/+44
| | | | | | | BUG: https://bugzilla.samba.org/show_bug.cgi?id=13300 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
* s4:selftest: run samba4.blackbox.trust_token against fl2003dc and fl2008r2dcStefan Metzmacher2018-03-191-0/+2
| | | | | | | | | This fails currently as we don't expand groups on the trust boundary. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13300 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
* dsdb:repl_meta_data: improve error message in get_parsed_dns()Stefan Metzmacher2018-03-191-2/+6
| | | | | | | | | | We may have a dn in '<SID=...>' form and ldb_dn_get_linearized() just gives in empty string. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13300 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
* dsdb:extended_dn_store: add support for FPO (foreignSecurityPrincipal) ↵Stefan Metzmacher2018-03-191-32/+206
| | | | | | | | | | | | | | | | | | | | | | | | | | enabled attributes This implements the handling for FPO-enabled attributes, see [MS-ADTS] 3.1.1.5.2.3 Special Classes and Attributes: FPO-enabled attributes: member, msDS-MembersForAzRole, msDS-NeverRevealGroup, msDS-NonMembers, msDS-RevealOnDemandGroup, msDS-ServiceAccount. Note there's no msDS-ServiceAccount in any schema (only msDS-HostServiceAccount and that's not an FPO-enabled attribute at least not in W2008R2) msDS-NonMembers always generates NOT_SUPPORTED against W2008R2. See also [MS-SAMR] 3.1.1.8.9 member. We now create foreignSeurityPrincipal objects on the fly (as needed). BUG: https://bugzilla.samba.org/show_bug.cgi?id=13300 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
* dsdb:samldb: require as_system or provision control to create ↵Stefan Metzmacher2018-03-191-4/+42
| | | | | | | | | | | foreignSecurityPrincipal objects Windows rejects creating foreignSecurityPrincipal objects directly. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13300 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
* dsdb:extended_dn_store: make sure reject storing references to deleted ↵Stefan Metzmacher2018-03-191-2/+134
| | | | | | | | | objects in linked attributes BUG: https://bugzilla.samba.org/show_bug.cgi?id=13307 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
* dsdb:extended_dn_store: split out a extended_replace_dn() functionStefan Metzmacher2018-03-191-18/+36
| | | | | | | BUG: https://bugzilla.samba.org/show_bug.cgi?id=13307 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
* dsdb:extended_dn_store: rename extended_replace_dn to extended_replace_callbackStefan Metzmacher2018-03-191-2/+2
| | | | | | | BUG: https://bugzilla.samba.org/show_bug.cgi?id=13307 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
* dsdb:extended_dn_store: We need to ignore self references on add operationStefan Metzmacher2018-03-191-2/+20
| | | | | | | | | | We have several schema related tests, which already prove that for the defaultObjectCategory attribute. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13307 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
* dsdb:extended_dn_store: pass the full 'struct dsdb_attribute' to ↵Stefan Metzmacher2018-03-191-3/+4
| | | | | | | | | extended_store_replace() BUG: https://bugzilla.samba.org/show_bug.cgi?id=13307 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
* dsdb:extended_dn_store: we need to pass down our altered request down on ↵Stefan Metzmacher2018-03-191-1/+1
| | | | | | | | | | | | NO_SUCH_OBJECT It's quite likely that there're more than one attribute and we may already altered values. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13307 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
* dsdb:extended_dn_store: ignore DRSUAPI_ATTID_distinguishedName attributesStefan Metzmacher2018-03-191-0/+10
| | | | | | | | | | We have several tests which already test that, we can avoid doing searches at all in that case. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13307 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
* Remove dead codeSimo Sorce2018-03-192-2/+0
| | | | | | | Signed-off-by: Simo Sorce <idra@samba.org> Autobuild-User(master): Simo Sorce <idra@samba.org> Autobuild-Date(master): Mon Mar 19 20:29:28 CET 2018 on sn-devel-144
* bugfix memory leak. partition_dn is only used to search and compare and is ↵Andrej Gessel2018-03-191-2/+2
| | | | | | | | not freed at the function end. Signed-off-by: Andrej Gessel <Andrej.Gessel@janztec.com> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Garming Sam <garming@catalyst.net.nz>
* s4: vfs: fruit tests: Add regression test for dealing with NFS ACE entries.Jeremy Allison2018-03-171-0/+171
| | | | | | | | | | BUG: https://bugzilla.samba.org/show_bug.cgi?id=13319 Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org> Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Sat Mar 17 04:04:32 CET 2018 on sn-devel-144
* s4: dsdb/password_hash: use UF_TRUST_ACCOUNT_MASKRalph Boehme2018-03-131-3/+1
| | | | | | | | Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Autobuild-User(master): Andrew Bartlett <abartlet@samba.org> Autobuild-Date(master): Tue Mar 13 23:48:28 CET 2018 on sn-devel-144
* CVE-2018-1057: s4:dsdb/acl: changing dBCSPwd is only allowed with a controlRalph Boehme2018-03-131-1/+10
| | | | | | | | | | This is not strictly needed to fig bug 13272, but it makes sense to also fix this while fixing the overall ACL checking logic. Bug: https://bugzilla.samba.org/show_bug.cgi?id=13272 Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* CVE-2018-1057: s4:dsdb: use DSDB_CONTROL_PASSWORD_ACL_VALIDATION_OIDRalph Boehme2018-03-132-4/+67
| | | | | | | | | | | | This is used to pass information about which password change operation (change or reset) the acl module validated, down to the password_hash module. It's very important that both modules treat the request identical. Bug: https://bugzilla.samba.org/show_bug.cgi?id=13272 Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* CVE-2018-1057: s4:dsdb/samdb: define ↵Ralph Boehme2018-03-133-0/+11
| | | | | | | | | | | | | DSDB_CONTROL_PASSWORD_ACL_VALIDATION_OID control Will be used to pass "user password change" vs "password reset" from the ACL to the password_hash module, ensuring both modules treat the request identical. Bug: https://bugzilla.samba.org/show_bug.cgi?id=13272 Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* CVE-2018-1057: s4:dsdb/acl: run password checking only onceRalph Boehme2018-03-131-0/+5
| | | | | | | | | | | This is needed, because a later commit will let the acl module add a control to the change request msg and we must ensure that this is only done once. Bug: https://bugzilla.samba.org/show_bug.cgi?id=13272 Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
View Lorry Controller Status