Simo Sorce [Sat, 11 Sep 2010 13:52:42 +0000 (09:52 -0400)]
s3-dcerps: check auth_type
make sure the auth type used throught the auth operation is consistent.
Simo Sorce [Sat, 11 Sep 2010 13:46:08 +0000 (09:46 -0400)]
s3-dcerpc: Use spnego own sign/seal functions
Simo Sorce [Fri, 3 Sep 2010 20:43:38 +0000 (16:43 -0400)]
libcli: fix compile warning
Simo Sorce [Fri, 3 Sep 2010 20:33:45 +0000 (16:33 -0400)]
s3-dcerpc: remove auth_data_free_func
Everything is using a talloc pointer now, no need to have an
accessor function to free data anymore.
Simo Sorce [Fri, 3 Sep 2010 20:27:47 +0000 (16:27 -0400)]
s3-dcerpc: make auth context opaque
This way we always double check in advance that the context
is of the right type with talloc_get_type_abort instead of
potentially accessing random memory by addressing the wrong
structure in the union.
Simo Sorce [Fri, 3 Sep 2010 19:09:34 +0000 (15:09 -0400)]
srv_pipe: reorganize code so that related functions are close to each other
Simo Sorce [Fri, 3 Sep 2010 15:03:49 +0000 (11:03 -0400)]
s3-dcerpc: finally remove the legaqcy spnego_type variable from pipe_auth_data
Simo Sorce [Fri, 3 Sep 2010 14:19:27 +0000 (10:19 -0400)]
s3-dcerpc: use new spnego server code
Simo Sorce [Tue, 31 Aug 2010 19:08:31 +0000 (15:08 -0400)]
s3-dcerpc: add spnego server helpers
squashed: add michlistMIC signature checks
Simo Sorce [Fri, 3 Sep 2010 13:38:57 +0000 (09:38 -0400)]
spnego: make spnego_context public
Simo Sorce [Thu, 2 Sep 2010 21:50:21 +0000 (17:50 -0400)]
s3-dcerpc: move client spnego stuff in /librpc/crypto
Simo Sorce [Thu, 2 Sep 2010 21:43:21 +0000 (17:43 -0400)]
spnego: avoid explicit dependency on dcerpc specific structures
Simo Sorce [Wed, 1 Sep 2010 22:31:05 +0000 (18:31 -0400)]
s3-dcesrv: use gssapi helper in srv_pipe.c
Simo Sorce [Wed, 1 Sep 2010 22:27:53 +0000 (18:27 -0400)]
s3-dcerpc: add server helpers for gssapi auth
Simo Sorce [Wed, 1 Sep 2010 21:09:52 +0000 (17:09 -0400)]
s3-dcesrv: use ntlmssp helper in srv_pipe.c
Simo Sorce [Wed, 1 Sep 2010 19:50:06 +0000 (15:50 -0400)]
s3-dcerpc: add server helpers for ntlmssp auth
Simo Sorce [Wed, 1 Sep 2010 23:05:43 +0000 (19:05 -0400)]
gssapi: remove unused function argument
Simo Sorce [Wed, 1 Sep 2010 21:27:56 +0000 (17:27 -0400)]
gssapi: avoid explicit dependency on dcerpc specific structures
Simo Sorce [Wed, 1 Sep 2010 15:58:33 +0000 (11:58 -0400)]
s3-dcerpc: move crypto stuff in /librpc/crypto
Stefan Metzmacher [Tue, 7 Sep 2010 19:24:07 +0000 (21:24 +0200)]
s3:rpc_client: remove unused rpc_pipe_set_hnd_state()
metze
Stefan Metzmacher [Tue, 7 Sep 2010 18:52:58 +0000 (20:52 +0200)]
s3:rpc_client: use rpc_api_pipe_send() for auth3
metze
Stefan Metzmacher [Tue, 7 Sep 2010 18:51:38 +0000 (20:51 +0200)]
s3:rpc_client: rpc_pipe_bind_step_one_done() doesn't need reply_pdu
metze
Stefan Metzmacher [Tue, 7 Sep 2010 18:39:20 +0000 (20:39 +0200)]
s3:rpc_client: allow DCERPC_PKT_AUTH3 via rpc_api_pipe_send/recv
metze
Björn Jacke [Fri, 17 Sep 2010 12:05:53 +0000 (14:05 +0200)]
lib/util: usec_time_diff takes arguments the other way round than TvalDiff did
Björn Jacke [Fri, 17 Sep 2010 11:47:05 +0000 (13:47 +0200)]
s3: fix order of arguments in nsec_time_diff call
Kamen Mazdrashki [Fri, 17 Sep 2010 02:28:36 +0000 (05:28 +0300)]
s4-test: Add unit test for dsdb_schema_info_cmp()
Kamen Mazdrashki [Thu, 16 Sep 2010 23:54:46 +0000 (02:54 +0300)]
s4-schema: Helper func to compare schemaInfo signitures
Kamen Mazdrashki [Thu, 16 Sep 2010 23:48:50 +0000 (02:48 +0300)]
s4-schema: use dsdb_schema_info_blob_is_valid() to verify schemaInfo blob
instead of parsing it.
Kamen Mazdrashki [Thu, 16 Sep 2010 23:45:59 +0000 (02:45 +0300)]
s4-prefixMap: use dsdb_schema_info_blob_is_valid() for schemaInfo blob validation
This fixes a leaking dsdb_schema_info object also.
Kamen Mazdrashki [Thu, 16 Sep 2010 23:37:46 +0000 (02:37 +0300)]
s4-dsdb: Add dsdb_schema_info_blob_is_valid() to verify schemaInfo blobls
Kamen Mazdrashki [Wed, 15 Sep 2010 23:17:34 +0000 (02:17 +0300)]
s4-pyrpc: Print location and type name we got when checking for types
Sumit Bose [Fri, 17 Sep 2010 08:33:08 +0000 (10:33 +0200)]
Fix array size of a memmber of struct cli_ulogoff_state
The too small array makes UID-REGRESSION-FIX fail on 32bit
architectures.
Signed-off-by: Günther Deschner <gd@samba.org>
Andrew Tridgell [Fri, 17 Sep 2010 07:06:29 +0000 (17:06 +1000)]
s4-devel: developer script for adding DNS entries via netlogon RPC
this calls the netlogon DsrUpdateReadOnlyServerDnsRecords call to add
DNS entries for a RODC via RPC calls. The call is routed via a IRPC
call to winbind, as winbind is the one with the schannel credential
chaining setup.
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
Andrew Tridgell [Fri, 17 Sep 2010 07:04:28 +0000 (17:04 +1000)]
s4-pyrpc: allow python to access irpc interfaces
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
Andrew Tridgell [Fri, 17 Sep 2010 07:03:54 +0000 (17:03 +1000)]
idl: build python interfaces for winbind and idmap IDL
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
Andrew Bartlett [Fri, 17 Sep 2010 00:11:48 +0000 (10:11 +1000)]
s4-winbind Add a proxy method to update DNS records with a read-write DC
This must be done in winbindd as it already has the schannel connection
and the credential chain. If we re-established that elsewhere, we
would break the chain in winbindd.
Andrew Bartlett
Signed-Off-By: Andrew Tridgell <tridge@samba.org>
Günther Deschner [Fri, 17 Sep 2010 08:06:16 +0000 (10:06 +0200)]
testprogs: skip two tests in spoolss tester.
Guenther
Günther Deschner [Fri, 17 Sep 2010 08:02:13 +0000 (10:02 +0200)]
s4-smbtorture: fix winreg querymultiplevalues NDR test warning.
Guenther
Björn Jacke [Thu, 16 Sep 2010 20:18:45 +0000 (22:18 +0200)]
ѕ3: remove smb_msleep prototype from here
Björn Jacke [Thu, 16 Sep 2010 19:36:00 +0000 (21:36 +0200)]
s3: remove TvalDiff macro, we can use the shared usec_time_diff function
Björn Jacke [Thu, 16 Sep 2010 19:36:37 +0000 (21:36 +0200)]
s3/s4: merge msleep and smb_msleep
the merged variant is renamed to smb_msleep as some platforms already have a
msleep function.
Björn Jacke [Thu, 16 Sep 2010 17:45:43 +0000 (19:45 +0200)]
s3: remove TspecDiff macro, we can use the shared nsec_time_diff function
Björn Jacke [Thu, 16 Sep 2010 17:02:27 +0000 (19:02 +0200)]
s3: use nsec_time_diff instead of TspecDiff
Björn Jacke [Thu, 16 Sep 2010 16:52:45 +0000 (18:52 +0200)]
s3/vfs_scannedonly: use smb_msleep instead of nanosleep
Thanks to Joachim Schmitz. This fixes bug #7478
Volker Lendecke [Thu, 16 Sep 2010 07:31:10 +0000 (09:31 +0200)]
s3: Add the PAC info3 struct to the netsamlogon_cache in ntlm_auth
Volker Lendecke [Thu, 16 Sep 2010 08:34:59 +0000 (10:34 +0200)]
s3: Correctly unwrap the krb ticket in gss-spnego
Volker Lendecke [Thu, 16 Sep 2010 08:22:00 +0000 (10:22 +0200)]
s3: Fall back to raw NTLMSSP for the gss-spnego protocol
This is to handle the mod_auth_ntlm_winbind protocol
sending "Negotiate" to IE, which sends raw NTLMSSP
instead of a SPNEGO wrapped NTLMSSP blob.
Volker Lendecke [Thu, 16 Sep 2010 08:21:20 +0000 (10:21 +0200)]
s3: Split off output generation from manage_squid_ntlmssp_request
Volker Lendecke [Thu, 16 Sep 2010 08:36:21 +0000 (10:36 +0200)]
s3: Wrap the ntlm_auth loop with a talloc_stackframe
Günther Deschner [Thu, 16 Sep 2010 16:41:37 +0000 (18:41 +0200)]
s4-smbtorture: add NDR spoolss_GetPrinterDriver2 in and out check functions.
Guenther
Günther Deschner [Thu, 16 Sep 2010 14:49:54 +0000 (16:49 +0200)]
s4-smbtorture: finally enable most of our NDR_OUT NDR tests that we couldnt handle previously.
Guenther
Günther Deschner [Thu, 16 Sep 2010 14:21:39 +0000 (16:21 +0200)]
s4-smbtorture: add functions to do NDR_OUT ndr_pull validation including NDR_IN context.
Guenther
Günther Deschner [Thu, 16 Sep 2010 14:25:51 +0000 (16:25 +0200)]
s4-smbtorture: fix some indentation in NDR testsuite.
Guenther
Günther Deschner [Thu, 16 Sep 2010 14:22:32 +0000 (16:22 +0200)]
s3-smbtorture: fixup trailing whitespace in ndr testsuite.
Guenther
Günther Deschner [Thu, 16 Sep 2010 12:42:22 +0000 (14:42 +0200)]
s4-smbtorture: add spoolss_GetPrinterDriver2 NDR tests.
Guenther
Günther Deschner [Thu, 16 Sep 2010 12:41:37 +0000 (14:41 +0200)]
s4-smbtorture: mention -v switch for hexdump imports into the NDR testsuites.
Guenther
Günther Deschner [Thu, 16 Sep 2010 12:31:53 +0000 (14:31 +0200)]
s4-smbtorture: activate spoolss_GetPrinterData NDR pull test.
Guenther
Andrew Tridgell [Thu, 16 Sep 2010 11:17:54 +0000 (21:17 +1000)]
s4-winbind: fixed two valgrind errors
- allocate the dc info on the right structure
- zero the number of group members when allocating the winbindd_gr
return
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
Andrew Tridgell [Thu, 16 Sep 2010 10:12:20 +0000 (20:12 +1000)]
wbclient: gr_mem can be NULL
if the structure was partly created and an error occurred, then don't
crash
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
Andrew Tridgell [Thu, 16 Sep 2010 10:11:47 +0000 (20:11 +1000)]
wbclient: paranoid check for double free
added while tracking down a crash in the wbinfo blackbox test
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
Andrew Tridgell [Thu, 16 Sep 2010 10:06:44 +0000 (20:06 +1000)]
tdb: added TDB_NO_FSYNC env variable
this might help reduce test times and load on test machines
Andrew Bartlett [Thu, 16 Sep 2010 07:53:36 +0000 (17:53 +1000)]
torture/raw Allow one more 'not implemented' status return as a valid response
The Samba4 server responds to most ioctl calls with NT_STATUS_NOT_SUPPORTED
Andrew Bartlett
Signed-off-by: Andrew Tridgell <tridge@samba.org>
Andrew Bartlett [Thu, 16 Sep 2010 05:47:42 +0000 (15:47 +1000)]
s4-torture assert that we get a temp datagram socket.
I've seen a segfault because we failed to check this isn't NULL
before we use it. This will still of course fail, but not so
spectacularly.
Andrew Bartlett
Signed-off-by: Andrew Tridgell <tridge@samba.org>
Andrew Bartlett [Thu, 16 Sep 2010 04:37:20 +0000 (14:37 +1000)]
libcli/auth/ntlmssp Be clear about talloc parents for session keys
The previous API was not clear as to who owned the returned session key.
This fixes a valgrind-found use-after-free in the NTLMSSP key derivation code,
and avoids making allocations - we steal and zero instead.
Andrew Bartlett
Signed-off-by: Andrew Tridgell <tridge@samba.org>
Andrew Tridgell [Thu, 16 Sep 2010 07:20:08 +0000 (17:20 +1000)]
s4-kdc: prevent segfault on bad trust strings
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
Andrew Tridgell [Thu, 16 Sep 2010 07:05:58 +0000 (17:05 +1000)]
s4-netlogon: added IDL for netr_DsrUpdateReadOnlyServerDnsRecords
this is used by a RODC to do DNS updates, as TSIG updates are not
allowed by RODCs
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
Andrew Tridgell [Thu, 16 Sep 2010 07:04:53 +0000 (17:04 +1000)]
s4-rpcserver: allow saving of bad RPC packets
use:
dcesrv:stubs directory = .
to save files like this:
RPC-netlogon-48-pullfail.dat
when a RPC packet can't be parsed or is unknown. Only enabled in
developer builds
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
Andrew Tridgell [Thu, 16 Sep 2010 06:57:21 +0000 (16:57 +1000)]
pidl: prevent ndr_print_*() dying on NULL pointers
when using ndrdump you can get uninitialised structures containing
pointers. Don't segfault when trying to print them
Andreas Schneider [Mon, 30 Aug 2010 11:22:57 +0000 (13:22 +0200)]
idl: Added EPMAPPER_STATUS_CANT_PERFORM_OP.
Signed-off-by: Günther Deschner <gd@samba.org>
Andrew Tridgell [Thu, 16 Sep 2010 04:13:48 +0000 (14:13 +1000)]
s4-dns: use a non-forwardable ticket in samba_dnsupdate
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
Andrew Tridgell [Thu, 16 Sep 2010 04:13:29 +0000 (14:13 +1000)]
s4-kerberos: obey the credentials setting for forwardable tickets
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
Andrew Tridgell [Thu, 16 Sep 2010 04:12:57 +0000 (14:12 +1000)]
s4-pycredentials: expose forwardable setting via python
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
Andrew Tridgell [Thu, 16 Sep 2010 04:12:37 +0000 (14:12 +1000)]
s4-credentials: added ability to control forwardable attribute on krb5 tickets
with the latest bind9 nsupdate, we need to be able to control if the
ticket we use is forwardable
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
Andrew Tridgell [Thu, 16 Sep 2010 03:02:43 +0000 (13:02 +1000)]
s4-drs: make debugging DsUpdateRefs a bit easier
Andrew Tridgell [Thu, 16 Sep 2010 03:02:23 +0000 (13:02 +1000)]
s4-drs: initial skeleton for DrsReplica{Add,Del,Mod} calls
Andrew Tridgell [Thu, 16 Sep 2010 03:00:20 +0000 (13:00 +1000)]
s4-drs: removed a debug print in repl secret
Andrew Tridgell [Thu, 16 Sep 2010 00:58:03 +0000 (10:58 +1000)]
s4-test: enable valgrind on wbinfo tests
Andrew Tridgell [Wed, 15 Sep 2010 21:38:14 +0000 (07:38 +1000)]
s4-pydrs: fix for python 2.4
thanks to Kamen and David Gonzalez for spotting this
Jelmer Vernooij [Thu, 16 Sep 2010 00:02:14 +0000 (00:02 +0000)]
s3: Add convenience make target buildfarm-test.
Jelmer Vernooij [Thu, 16 Sep 2010 00:01:51 +0000 (00:01 +0000)]
s3-selftest: Move Samba3-specific script to source3/selftest.
Björn Jacke [Wed, 15 Sep 2010 22:57:39 +0000 (00:57 +0200)]
s3/printing: avoid a possible race condition in the cache timeout
Jeremy Allison [Wed, 15 Sep 2010 22:40:15 +0000 (15:40 -0700)]
Fix all sid_parse returns to be checked. Tidy up some checks and error
messages.
Jeremy.
Günther Deschner [Wed, 15 Sep 2010 22:19:51 +0000 (00:19 +0200)]
s3-smbd: prevent call_nt_transact_ioctl() crash in FSCTL_FIND_FILES_BY_SID case.
Jeremy, please check.
Guenther
Günther Deschner [Wed, 15 Sep 2010 21:02:43 +0000 (23:02 +0200)]
s4-smbtorture: try FSCTL_FIND_FILES_BY_SID with random blob data in RAW-IOCTL.
Guenther
Andrew Tridgell [Wed, 15 Sep 2010 10:54:09 +0000 (20:54 +1000)]
s4-repl: if we are an RODC don't set WRIT_REP in replication
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
Andrew Tridgell [Wed, 15 Sep 2010 10:24:50 +0000 (20:24 +1000)]
s4-repl: add partial attribute set to getncchanges calls for RODCs
when we are a RODC we must supply a partial attribute set in the
getncchanges call
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
Andrew Tridgell [Wed, 15 Sep 2010 10:23:47 +0000 (20:23 +1000)]
s4-repl: added min_usn to extended replication call
the repl_secret code needs to set it to avoid too many duplicate
attributes
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
Andrew Tridgell [Wed, 15 Sep 2010 09:00:01 +0000 (19:00 +1000)]
s4-repl: added repl_secret handling
initiate a repl secret extended op when requested
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
Andrew Tridgell [Wed, 15 Sep 2010 08:59:17 +0000 (18:59 +1000)]
s4-repl: cleanup the extended op calls in repl server
- use generic parameter names
- trigger a run of pending ops on all extended ops
- don't prevent parallel fsmo transfers
- moved extended op code into drepl_extended
Andrew Tridgell [Wed, 15 Sep 2010 08:52:11 +0000 (18:52 +1000)]
s4-pyjoin: use new pynet finddc interface
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
Andrew Tridgell [Wed, 15 Sep 2010 08:51:09 +0000 (18:51 +1000)]
s4-pynet: return the full netlogon response from python finddc
this gives the caller the other server parameters
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
Andrew Tridgell [Wed, 15 Sep 2010 08:50:09 +0000 (18:50 +1000)]
s4-pyjoin: fill in the dns name in the python replication method
this is needed to get the repsFrom DNS entry right
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
Andrew Tridgell [Wed, 15 Sep 2010 08:49:34 +0000 (18:49 +1000)]
s4-drs: get lpcfg_dnsdomain() instead of lpcfg_realm()
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
Andrew Tridgell [Wed, 15 Sep 2010 08:49:06 +0000 (18:49 +1000)]
s4-pyrpc: added py_return_ndr_struct()
This can be used to return structures from other python interfaces as
python objects
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
Andrew Tridgell [Wed, 15 Sep 2010 06:19:26 +0000 (16:19 +1000)]
s4-repl: split out the extended op handling
this is not part of the rid allocation logic
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
Andrew Tridgell [Wed, 15 Sep 2010 06:15:12 +0000 (16:15 +1000)]
s4-repl: cleanup getncchanges extended op calls
Multiple calls are allowed to run in parallel as long as they don't
conflict.
This also cleans up the variable names in the extended op calls.
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
Kamen Mazdrashki [Wed, 15 Sep 2010 13:45:37 +0000 (16:45 +0300)]
s4-drs: Wait DsReplicaSync for as long as it takes to complete
In case the caller wants sync execution, we should
not cancel the call for internal timeout reason,
but rather wait for its execution
Kamen Mazdrashki [Wed, 15 Sep 2010 13:53:48 +0000 (16:53 +0300)]
s4-irpc: Don't install endtime-timer in case timeout is INFINITE for the call
Kamen Mazdrashki [Wed, 15 Sep 2010 13:41:47 +0000 (16:41 +0300)]
s4-irpc: Add 'timeout' param for dcesrv_irpc_forward_rpc_call() call
It is to be used when caller wants to explicitly
specify the timeout for the call
Kamen Mazdrashki [Wed, 15 Sep 2010 11:22:27 +0000 (14:22 +0300)]
s4-irpc: Add value for "infinite" timeout for IRPC calls