Andrew Bartlett [Wed, 16 Dec 2009 20:54:56 +0000 (07:54 +1100)]
libcli/auth Merge ntlmssp_client_initial() into common code
This very simple function, generating the first packet in the NTLMSSP
exchange, does not need two independent implementations.
Andrew Bartlett
Andrew Bartlett [Mon, 14 Dec 2009 08:53:37 +0000 (19:53 +1100)]
s3:ntlmssp Adapt Samba3 to new shared NTLMSSP code
Andrew Bartlett [Tue, 8 Dec 2009 06:59:31 +0000 (17:59 +1100)]
libcli/auth Merge of the core NTLMSSP code between Samba3 and Samba4
This brings the 'get challenge' and 'check_password' and
post-authentication cryptography parts of the NTLMSSP code in common,
using function pointers to obtain the challenge and direct the
password check to the right place.
This code, and the auth subsystem on which is is based, assumes a sync
callback at this time, but the Samba4 structure the prepared for async
callbacks has been preserved.
The common code can't reference ROLE_STANDALONE or lp_* functions, so
we instead precompute those in the init functions from each branch.
When merging the key derivation routines, care was taken in regard to
the LM_KEY behaviour, when the LM password is not specified by the
client, but LM authentication is permitted by the server. We match
Samba3 behaviour and allow this less secure use.
(This is in a hope to avoid changes to a very difficult to test use
case. lanman auth = false is the default in Samba3 and Samba4).
The biggest changes here are to remove calls to lp_ functions, the
server role enum, and (oddly!) nt_errstr() as these are not yet
common.
Andrew Bartlett
Andrew Bartlett [Mon, 14 Dec 2009 08:43:59 +0000 (19:43 +1100)]
s3:auth Make get_ntlm_challenge more like Samba4
This helps with the upcoming NTLMSSP merge, and allows errors to be returned.
Andrew Bartlett
Andrew Bartlett [Tue, 22 Dec 2009 07:50:55 +0000 (18:50 +1100)]
s4:ntlmssp small compile changes to make Samba3's NTLMSSP more like Samba4
This removes the typedef NTLMSSP_STATE, and only includes ntlmssp.h
where actually needed.
It also moves to C99 integer types in ntlmssp.h
Andrew Bartlett
Andrew Bartlett [Tue, 22 Dec 2009 07:20:02 +0000 (18:20 +1100)]
libcli/auth Make gd's NDR NTLMSSP parsers helpers common
(but not built in Samba4 for now)
Andrew Bartlett [Tue, 8 Dec 2009 05:50:18 +0000 (16:50 +1100)]
s4:gensec Don't give a warning when Windows client connects with NTLM
We have had the workaround for a long time, but at the time the log
warnings remained.
Andrew Bartlett
Andrew Bartlett [Mon, 14 Dec 2009 09:32:47 +0000 (20:32 +1100)]
s4:auth Change 'get_challenge' API to be more like Samba3
It is just easier to fill in the known to be 8 byte challenge than
stuff about with allocated pointers.
Andrew Bartlett
Andrew Bartlett [Tue, 22 Dec 2009 06:21:06 +0000 (17:21 +1100)]
s4:auth generate the prototype file in the right place
Andrew Bartlett [Fri, 18 Dec 2009 04:30:41 +0000 (15:30 +1100)]
Samba4 and LDB requires talloc 2.0.1
reported by ewoud@kohlvanwijngaarden.nl
Jeremy Allison [Tue, 22 Dec 2009 01:46:32 +0000 (17:46 -0800)]
Fix bug reported in mangle_hash code (no bugid yet).
Don't change the contents of a const string via a pointer
alias (or if you do, change it back.....).
Jeremy.
Tim Prouty [Wed, 2 Dec 2009 19:39:50 +0000 (11:39 -0800)]
s4 torture: Add RAW-OPLOCK-EXCLUSIVE7 which is similar to BATCH19
Tim Prouty [Wed, 2 Dec 2009 01:40:30 +0000 (17:40 -0800)]
s4 torture: Update raw oplock to use win7 as the baseline for rename oplock break behavior
Tim Prouty [Mon, 21 Dec 2009 22:48:43 +0000 (14:48 -0800)]
s4 torture: Be more permissive with share modes for oplock testing
Share modes are tested elsewhere, and there is currently an outstanding
issue about share mode contention for nt-passthrough levels:
http://lists.samba.org/archive/cifs-protocol/2009-December/001227.html
Tim Prouty [Mon, 21 Dec 2009 22:38:45 +0000 (14:38 -0800)]
s4 torture: Do a better job of closing open files in RAW-OPLOCK.
Jelmer Vernooij [Tue, 22 Dec 2009 00:24:58 +0000 (01:24 +0100)]
param: Fix build on systems without ldb installed.
Jelmer Vernooij [Sun, 20 Dec 2009 17:31:27 +0000 (18:31 +0100)]
provision/pyldb: Avoid linking in static python ldb module.
Jelmer Vernooij [Sun, 20 Dec 2009 17:05:38 +0000 (18:05 +0100)]
ldb_wrap: Fix compilation when using system ldb.
Jelmer Vernooij [Sun, 20 Dec 2009 17:01:24 +0000 (18:01 +0100)]
tdb: Also build and install tdb manpages from standalone tdb.
Jelmer Vernooij [Sun, 20 Dec 2009 16:51:07 +0000 (17:51 +0100)]
tdb: Fix formatting of API check file.
Jelmer Vernooij [Sun, 20 Dec 2009 16:49:48 +0000 (17:49 +0100)]
Fix initialisation of TypeObject samba.param.LoadparmService.
Found by Ricardo Jorge <rvelhote@gmail.com>.
Volker Lendecke [Mon, 21 Dec 2009 20:50:43 +0000 (21:50 +0100)]
s3:winbind: Add a lower-cost alternative to wbinfo -t: wbinfo --ping-dc
This just does a NULL RPC call through an existing NETLOGON connection. If
someone knows an operation that "just works" and does not return NOT_SUPPORTED,
please tell me :-)
Volker Lendecke [Mon, 21 Dec 2009 21:34:55 +0000 (22:34 +0100)]
s3:winbindd: Fix a brown paper bag bug in wbinfo -t ...
Jeremy Allison [Mon, 21 Dec 2009 19:16:38 +0000 (11:16 -0800)]
Rename reply_doserror() -> reply_force_doserror().
Rewrite all calls to reply_nterror(NT_STATUS_DOS()) to
reply_force_doserror() and update the comment in smbd/error.c
Jeremy.
Jeremy Allison [Mon, 21 Dec 2009 19:05:25 +0000 (11:05 -0800)]
Remove all calls to reply_doserror - turn them into
correct reply_nterror calls. Next rename reply_doserror ->
reply_force_doserror and plumb in when NT_STATUS_DOS is
used.
Jeremy.
Jeremy Allison [Mon, 21 Dec 2009 19:05:11 +0000 (11:05 -0800)]
Rename 282 -> ERReasnotsupported.
Jeremy.
Günther Deschner [Mon, 21 Dec 2009 16:30:07 +0000 (17:30 +0100)]
s3-docs: mention long and undocumented option names in rpcclient manpage.
Guenther
Günther Deschner [Mon, 21 Dec 2009 16:18:53 +0000 (17:18 +0100)]
s3-docs: mention long and undocumented option names in smbcacls manpage.
Guenther
Günther Deschner [Mon, 21 Dec 2009 15:24:31 +0000 (16:24 +0100)]
s3-docs: mention long and undocumented option names in smbclient manpage.
Guenther
Günther Deschner [Mon, 21 Dec 2009 15:07:42 +0000 (16:07 +0100)]
s3-docs: mention -O, --stdout in smbget manpage.
Guenther
Günther Deschner [Mon, 21 Dec 2009 15:04:49 +0000 (16:04 +0100)]
s3-docs: mention long option names in smbtree manpage.
Guenther
Günther Deschner [Thu, 17 Dec 2009 14:51:36 +0000 (15:51 +0100)]
s3-docs: mention long and undocumented option names in pdbedit manpage.
Guenther
Günther Deschner [Mon, 21 Dec 2009 15:04:06 +0000 (16:04 +0100)]
s3-docs: mention all long option names in samba.entities file.
Guenther
Günther Deschner [Mon, 21 Dec 2009 14:41:13 +0000 (15:41 +0100)]
s3-docs: not working for SuSE anymore...
Guenther
Volker Lendecke [Mon, 21 Dec 2009 14:27:39 +0000 (15:27 +0100)]
s3: Shrink winbindd_proto.h a bit
Volker Lendecke [Mon, 21 Dec 2009 14:11:55 +0000 (15:11 +0100)]
s3: Fix some nonempty blank lines
Volker Lendecke [Mon, 21 Dec 2009 14:02:56 +0000 (15:02 +0100)]
s3: Remove unused get_sam_group_entries
Volker Lendecke [Mon, 21 Dec 2009 14:01:44 +0000 (15:01 +0100)]
s3: Remove unused winbindd_dual_getsidaliases
Volker Lendecke [Mon, 21 Dec 2009 13:59:11 +0000 (14:59 +0100)]
s3: Remove an unused struct definition
Volker Lendecke [Mon, 21 Dec 2009 13:58:21 +0000 (14:58 +0100)]
s3: Remove unused winbindd_dual_getuserdomgroups
Volker Lendecke [Mon, 21 Dec 2009 13:57:03 +0000 (14:57 +0100)]
s3: Remove unused winbindd_dual_getdcname
Volker Lendecke [Mon, 21 Dec 2009 13:55:02 +0000 (14:55 +0100)]
s3: Remove unused winbindd_dual_lookupname
Volker Lendecke [Mon, 21 Dec 2009 13:54:15 +0000 (14:54 +0100)]
s3: Remove unused winbindd_dual_lookupsid
Volker Lendecke [Mon, 21 Dec 2009 13:49:48 +0000 (14:49 +0100)]
s3: Remove unused winbindd_dual_userinfo
Volker Lendecke [Mon, 21 Dec 2009 13:47:57 +0000 (14:47 +0100)]
s3: Remove some unused dual functions
Volker Lendecke [Mon, 21 Dec 2009 13:42:18 +0000 (14:42 +0100)]
s3: Remove unused do_async
Volker Lendecke [Mon, 21 Dec 2009 13:40:09 +0000 (14:40 +0100)]
s3: Remove unused winbindd_gid2sid_async
Volker Lendecke [Mon, 21 Dec 2009 13:39:36 +0000 (14:39 +0100)]
s3: Remove unused winbindd_uid2sid_async
Volker Lendecke [Mon, 21 Dec 2009 13:38:31 +0000 (14:38 +0100)]
s3: Remove unused winbindd_sid2gid_async
Volker Lendecke [Mon, 21 Dec 2009 13:37:54 +0000 (14:37 +0100)]
s3: Remove unused winbindd_sid2uid_async
Volker Lendecke [Mon, 21 Dec 2009 13:36:24 +0000 (14:36 +0100)]
s3: Remove unused do_async_domain
Volker Lendecke [Mon, 21 Dec 2009 13:34:15 +0000 (14:34 +0100)]
s3: Remove unused query_user_async
Volker Lendecke [Mon, 21 Dec 2009 13:33:26 +0000 (14:33 +0100)]
s3: Remove unused winbindd_getsidaliases_async
Volker Lendecke [Mon, 21 Dec 2009 13:32:34 +0000 (14:32 +0100)]
s3: Remove unused winbindd_lookupname_async
Volker Lendecke [Mon, 21 Dec 2009 13:31:31 +0000 (14:31 +0100)]
s3: Remove unused winbindd_lookupsid_async
Andrew Tridgell [Mon, 21 Dec 2009 12:36:23 +0000 (23:36 +1100)]
s4-schema: fixed the sorting of schema attributes
another case of unsigned int subtracting breaking sorts. This one
surfaced now as attributeID_id now can be larger than 2^31
Andrew Tridgell [Mon, 21 Dec 2009 12:19:08 +0000 (23:19 +1100)]
s4-torture: update uuid_compare test for new behaviour
Kamen Mazdrashki [Fri, 18 Dec 2009 23:49:31 +0000 (01:49 +0200)]
s4-drs: Implement constraints on ATTID values in prefixMap
Ref: MS-ADTS, 3.1.1.2.6 ATTRTYP
Signed-off-by: Andrew Tridgell <tridge@samba.org>
Kamen Mazdrashki [Fri, 18 Dec 2009 23:48:41 +0000 (01:48 +0200)]
s4-tort: Test handling of different ATTID values in prefixMap interface.
It turns out ATTID values are separated in ranges.
Ref: MS-ADTS, 3.1.1.2.6 ATTRTYP
Signed-off-by: Andrew Tridgell <tridge@samba.org>
Nadezhda Ivanova [Fri, 18 Dec 2009 16:00:15 +0000 (18:00 +0200)]
Adapted acl module to skip checks if as_system control is provided.
Signed-off-by: Andrew Tridgell <tridge@samba.org>
Kamen Mazdrashki [Fri, 18 Dec 2009 16:15:49 +0000 (18:15 +0200)]
s4-drs: Save prefix map using LDB_CONTROL_AS_SYSTEM control
Signed-off-by: Andrew Tridgell <tridge@samba.org>
Kamen Mazdrashki [Fri, 18 Dec 2009 16:14:38 +0000 (18:14 +0200)]
s4-dsdb-util: Execute ldb_request using LDB_CONTROL_AS_SYSTEM
This function is intended to be used when data needs
to be modified skipping access checks.
Signed-off-by: Andrew Tridgell <tridge@samba.org>
Kamen Mazdrashki [Fri, 18 Dec 2009 16:11:48 +0000 (18:11 +0200)]
s4-dsdb-util: Utility function to process ldb_request in transaction
This function is to be used later for manually crafted
ldb_requests from within dsdb layer
Signed-off-by: Andrew Tridgell <tridge@samba.org>
Kamen Mazdrashki [Fri, 18 Dec 2009 01:46:39 +0000 (03:46 +0200)]
s4-schema: Implement msDS-IntId attribute generation
Signed-off-by: Andrew Tridgell <tridge@samba.org>
Kamen Mazdrashki [Thu, 17 Dec 2009 21:26:47 +0000 (23:26 +0200)]
s4-schema: Constraints on msDS-IntId attribute
This attribute can not be modified on existing schema object.
msDS-IntId is not allowed during attribute creation also.
Signed-off-by: Andrew Tridgell <tridge@samba.org>
Kamen Mazdrashki [Fri, 18 Dec 2009 02:08:52 +0000 (04:08 +0200)]
s4-schema: Set ATTID in schema cache from "msDS-IntId"
According to http://msdn.microsoft.com/en-us/library/
cc223224%28PROT.13%29.aspx
some Attributes OIDs may not use prefixMap.
Setting ATTID in Schema Cache here should work, although
this code snippet should be moved in separate function.
Signed-off-by: Andrew Tridgell <tridge@samba.org>
Kamen Mazdrashki [Fri, 18 Dec 2009 01:58:29 +0000 (03:58 +0200)]
Revert "s4-drs: cope with bogus empty attributes from w2k8-r2"
This reverts commit
1287c1d115fb7e8f3954bc05ff65007968403a9c.
Next patch should fix the "not recognized ATTIDs" problem
Signed-off-by: Andrew Tridgell <tridge@samba.org>
Kamen Mazdrashki [Thu, 17 Dec 2009 17:27:47 +0000 (19:27 +0200)]
s4-tort: Tests for "msDS-IntId" attribute implemented
Signed-off-by: Andrew Tridgell <tridge@samba.org>
Kamen Mazdrashki [Sun, 13 Dec 2009 23:52:18 +0000 (01:52 +0200)]
s4-tort: Move Schema tests from ldap.py into separate module
Signed-off-by: Andrew Tridgell <tridge@samba.org>
Kamen Mazdrashki [Fri, 18 Dec 2009 01:53:13 +0000 (03:53 +0200)]
s4-drs: Fix bug - prefixMap is not updated when adding new OIDs.
The bug is that prefixMap is updated only memory when
adding new Classs/Attribute that has and OID not in
prefixMap already.
Signed-off-by: Andrew Tridgell <tridge@samba.org>
Kamen Mazdrashki [Fri, 4 Dec 2009 01:58:59 +0000 (03:58 +0200)]
s4-drstest: Don't remove temp LDB so it can be reviewed if necessary
This test makes temp directory which is not removed
so why not just leave LDB also.
Signed-off-by: Andrew Tridgell <tridge@samba.org>
Andrew Tridgell [Mon, 21 Dec 2009 09:58:09 +0000 (20:58 +1100)]
s4-repl: give a reason why the prepare commit failed
Andrew Tridgell [Mon, 21 Dec 2009 09:57:21 +0000 (20:57 +1100)]
s4-kcc: don't crash with a NULL ntds connection list
Andrew Tridgell [Sun, 20 Dec 2009 00:06:23 +0000 (11:06 +1100)]
s4-repl: only try to replicate for NCs that we are a master for
Andrew Tridgell [Sat, 19 Dec 2009 23:27:17 +0000 (10:27 +1100)]
s4-torture: another unsigned comparison bug
Andrew Tridgell [Sat, 19 Dec 2009 23:26:21 +0000 (10:26 +1100)]
s4-schema: a unsigned comparison bug in the schema code
Andrew Tridgell [Sat, 19 Dec 2009 23:26:06 +0000 (10:26 +1100)]
s4-drs: another two unsigned comparison bugs
Andrew Tridgell [Sat, 19 Dec 2009 23:25:46 +0000 (10:25 +1100)]
librpc: fixed the GUID_compare() function
When comparing two unsigned values you can't just subtract
them.
Imagine you are comparing: "uint32_t u1" and "uint32_t u2". If you use
"u1 - u2" and u2 is zero, then the signed integer result will depend
on the top bit of u1.
This error occurs in a few places in Samba. For DRS replication it
resulted in corrupt uptodateness vectors.
Andrew Tridgell [Sat, 19 Dec 2009 12:32:48 +0000 (23:32 +1100)]
s4-repl: lower debug level of a common message
Andrew Tridgell [Sat, 19 Dec 2009 09:58:00 +0000 (20:58 +1100)]
s4-dsdb: don't use a non-constant format string for a printf format
Andrew Tridgell [Sat, 19 Dec 2009 09:56:41 +0000 (20:56 +1100)]
s4-dsdb: added DSDB_MODIFY_RELAX flag to the dsdb_module_*() calls
Andrew Tridgell [Sat, 19 Dec 2009 01:23:42 +0000 (12:23 +1100)]
s4-dsdb: added dsdb_get_extended_dn_uint64()
Andrew Tridgell [Fri, 18 Dec 2009 09:55:23 +0000 (20:55 +1100)]
s4-dsdb: use varargs expression in dsdb_module_search()
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
Andrew Tridgell [Fri, 18 Dec 2009 09:54:23 +0000 (20:54 +1100)]
s4-dsdb: added two new dsdb_get_extended_dn_*() helper functions
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
Andrew Tridgell [Fri, 18 Dec 2009 03:45:58 +0000 (14:45 +1100)]
s4-provision: added a note about where invocationIDs come from
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
Andrew Tridgell [Fri, 18 Dec 2009 02:47:46 +0000 (13:47 +1100)]
s4-dsdb: give us an invocationID when in standalone mode
To allow us to use the repl_meta_data module in standalone mode (and
thus not have two module stacks to test), we need a invocationID
stored somewhere when standalone. This creates a random one, and
stores it in @SAMBA_DSDB.
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
Volker Lendecke [Sun, 20 Dec 2009 22:29:32 +0000 (23:29 +0100)]
s3: Fix an error case in cli_negprot
Stefan Metzmacher [Sun, 20 Dec 2009 12:59:03 +0000 (13:59 +0100)]
tevent: prefix types and defined with tevent_ and TEVENT_
This fixes the build warnings on some build-farm hosts.
metze
Peter Rosin [Sat, 19 Dec 2009 18:43:52 +0000 (19:43 +0100)]
Output %p as unsigned in snprintf replacement.
Stefan Metzmacher [Wed, 4 Nov 2009 18:22:53 +0000 (19:22 +0100)]
s4:kdc: setup the local and remote tsocket_address at accept time
metze
Stefan Metzmacher [Wed, 4 Nov 2009 18:22:53 +0000 (19:22 +0100)]
s4:kdc: convert UDP based communication to tdgram_context
metze
Jeremy Allison [Fri, 18 Dec 2009 22:28:22 +0000 (14:28 -0800)]
Actually explain the twisty paths of tortured logic behind
reply_doserror(), reply_nterror(), and reply_nterror(NT_STATUS_DOS()).
Fix the call in rely_openerror() to actually force a DOS error
for "too many open files".
Jeremy.
Jeremy Allison [Fri, 18 Dec 2009 22:25:39 +0000 (14:25 -0800)]
reply_doserror() doesn't force DOS errors on the wire.
Start migrating uses of reply_doserror() to reply_nterror() with the
correct mapping. Eventually we'll get to the point where we can
change reply_doserror() to force a DOS error code on the wire,
and can change calls to reply_nterror(req, NT_STATUS_DOS()) - which *does*
force DOS errors on the wire - to reply_doserror(). Which might
actually make the server code look like it's making sense.
Jeremy.
Jeremy Allison [Fri, 18 Dec 2009 22:25:07 +0000 (14:25 -0800)]
reply_force_nterror() is not used anywhere. Remove it.
Jeremy.
Zachary Loafman [Thu, 17 Dec 2009 22:32:58 +0000 (22:32 +0000)]
s4 torture: Add test to show archive bit behavior with directories
Signed-off-by: Tim Prouty <tprouty@samba.org>
Tim Prouty [Fri, 18 Dec 2009 17:35:57 +0000 (09:35 -0800)]
s4 torture: Fix RAW-STREAMS-DELETE to pass against samba3
Nadezhda Ivanova [Fri, 18 Dec 2009 15:57:08 +0000 (17:57 +0200)]
Added freeing a successful req so it doesnt croud the ldb context
Nadezhda Ivanova [Fri, 18 Dec 2009 13:40:11 +0000 (15:40 +0200)]
Added oid for AS_SYSTEM control, used to bypass access checks for system operations.
Günther Deschner [Fri, 18 Dec 2009 12:56:43 +0000 (13:56 +0100)]
s3-docs: mention pam_winbind.conf(5) manpage in pam_winbind(8) manpage.
Guenther
Günther Deschner [Fri, 18 Dec 2009 12:56:01 +0000 (13:56 +0100)]
s3-docs: add new pam_winbind.conf(5) manpage.
Guenther