samba.git/source4/libcli/ldap, branch talloc-2.2.0 Unnamed repository; edit this file 'description' to name the repository. samdb: Add transaction id control 2018-05-10T18:02:23+00:00 Gary Lockyer gary@catalyst.net.nz 2018-04-15T19:59:43+00:00 01fab30a9779c7f2bfd3016c9c482d956cde5198 Signed-off-by: Gary Lockyer <gary@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> 
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
CVE-2018-1057: s4:dsdb/samdb: define DSDB_CONTROL_PASSWORD_ACL_VALIDATION_OID control 2018-03-13T09:24:27+00:00 Ralph Boehme slow@samba.org 2018-02-16T14:30:13+00:00 ab7dc210e9aedc1222055822ff296e4a67cfb27b Will be used to pass "user password change" vs "password reset" from the ACL to the password_hash module, ensuring both modules treat the request identical. Bug: https://bugzilla.samba.org/show_bug.cgi?id=13272 Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> 
Will be used to pass "user password change" vs "password reset" from the
ACL to the password_hash module, ensuring both modules treat the request
identical.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=13272

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
libsocket: Add "mem_ctx" to socket_create() 2018-02-27T08:14:17+00:00 Volker Lendecke vl@samba.org 2018-02-15T15:43:59+00:00 d88f826c7b78d84fef87ab1301b266f11b4162fb Every caller did a talloc_steal() after socket_create(). Just pass in the correct memory context. Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org> 
Every caller did a talloc_steal() after socket_create(). Just pass in the
correct memory context.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
util/rfc1738_unescape(): return end pointer or NULL on error 2018-02-22T00:04:18+00:00 Douglas Bagnall douglas.bagnall@catalyst.net.nz 2018-02-16T21:46:44+00:00 a4c853a7deb080dd44e3c54eb45935ff0df91baf At present we don't detect errors, but when we do we'll return NULL. Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> 
At present we don't detect errors, but when we do we'll return NULL.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
s4:libcli/ldap: just use gensec_update() in ldap_bind_sasl() 2017-05-21T23:12:23+00:00 Stefan Metzmacher metze@samba.org 2017-05-15T21:53:38+00:00 27324112b61039126799d76a33a2883747f01267 We're in a blocking/sync call, we should avoid using nested event loops for this. As far as I can see ldap_bind_sasl() is only called from command line tools, which are ok to block. Resolving this requires also resolving the general case in LDB, as that is the API this is used from. We would need ldb_connect_send() and ldb_connect_recv() at a start. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Autobuild-User(master): Andrew Bartlett <abartlet@samba.org> Autobuild-Date(master): Mon May 22 01:12:23 CEST 2017 on sn-devel-144 
We're in a blocking/sync call, we should avoid using nested event loops for
this. As far as I can see ldap_bind_sasl() is only called from command line
tools, which are ok to block.

Resolving this requires also resolving the general case in LDB, as that is the
API this is used from.  We would need ldb_connect_send() and ldb_connect_recv()
at a start.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Mon May 22 01:12:23 CEST 2017 on sn-devel-144
typo: mplementation => implementation 2016-05-06T03:03:16+00:00 Garming Sam garming@catalyst.net.nz 2016-04-20T05:10:41+00:00 38e08d71740b9f840c6750bef47ffb32889fdf3e Signed-off-by: Garming Sam <garming@catalyst.net.nz> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> 
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
CVE-2016-2113: s4:libcli/ldap: verify the server certificate and hostname if configured 2016-04-12T17:25:25+00:00 Stefan Metzmacher metze@samba.org 2015-12-23T15:17:04+00:00 4b679c350a7fdaab114b6c7d05e6a6b12e903c3d BUG: https://bugzilla.samba.org/show_bug.cgi?id=11752 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Günther Deschner <gd@samba.org> 
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11752

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
CVE-2016-2113: s4:lib/tls: implement infrastructure to do peer verification 2016-04-12T17:25:25+00:00 Stefan Metzmacher metze@samba.org 2015-12-23T15:17:04+00:00 64a9cd2a38d8a9503560524f5a6feea25651f11c BUG: https://bugzilla.samba.org/show_bug.cgi?id=11752 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Günther Deschner <gd@samba.org> 
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11752

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
CVE-2016-2112: s4:libcli/ldap: auto upgrade to SIGN after STRONG_AUTH_REQUIRED 2016-04-12T17:25:24+00:00 Stefan Metzmacher metze@samba.org 2015-12-18T07:29:50+00:00 05692ec958e64cca8ef19795e51bb39a242c3dd4 BUG: https://bugzilla.samba.org/show_bug.cgi?id=11644 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Günther Deschner <gd@samba.org> 
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11644

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
CVE-2016-2112: s4:libcli/ldap: make sure we detect downgrade attacks 2016-04-12T17:25:24+00:00 Stefan Metzmacher metze@samba.org 2015-12-18T07:29:50+00:00 1da744b2f9371c005c68a89f72b475e42e8b2b64 BUG: https://bugzilla.samba.org/show_bug.cgi?id=11644 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Günther Deschner <gd@samba.org> 
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11644

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>