1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-23 17:34:34 +03:00
Commit Graph

13061 Commits

Author SHA1 Message Date
Andrew Bartlett
1594b27db8 r24249: Thse generated attributes should not be pushed this far down the stack
in any cse.

Andrew Bartlett
(This used to be commit 5f08a686a6)
2007-10-10 15:01:30 -05:00
Andrew Bartlett
210971d092 r24248: Attempt to fix bug #4830 by <mwallnoefer@yahoo.de>. If there is no
payload to the control, we still need to inialise *value, as otherwise
we read uninitialised data later.

Andrew Bartlett
(This used to be commit f6566480b7)
2007-10-10 15:01:30 -05:00
Andrew Bartlett
85e1975022 r24247: Remove extra newlines from ldb_debug() calls - it already adds one.
Andrew Bartlett
(This used to be commit e5fdcda2a1)
2007-10-10 15:01:30 -05:00
Andrew Bartlett
58d9f6ed9d r24246: Avoid the annoying 'probable memory leak in ldb' messages, by fixing
some issues in the NBT server (this was a false positive, but easily
worked around) and DRSUAPI server.

We should take care not to use the ldb_context as a talloc pool, and
to always ensure that any results from ldb_search() are moved off that
pool with talloc_steal or talloc_free().

To work around the issue in provision, for which I can find no fault
(other than a lot of work being done in provision), I've moved the
detector trigger to 400 additional blocks.

This fixes Bug #4810 by <mwallnoefer@yahoo.de>

Andrew Bartlett
(This used to be commit 42bcf85620)
2007-10-10 15:01:29 -05:00
Andrew Bartlett
b351641c6e r24245: Fix bug #4828 - we need to set the samba LDB debug handler early, so
we catch messages pushed out by modules during startup.

This also sets an explict mapping between ldb and Samba debug levels.

Andrew Bartlett
(This used to be commit 50913a401d)
2007-10-10 15:01:29 -05:00
Kai Blin
e87a0e5f69 r24157: Merge from kai/samba4-gsoc.git;h=728deba680f8cf85cab168a6278a2cf657f65fdb
Make WBSRV_SAMBA3_SET_STRING use safe_strcpy instead of strncpy.
(This used to be commit 6b92b816fc)
2007-10-10 15:01:28 -05:00
Andrew Bartlett
5f6b501f21 r24146: It is not an error for a Win2k3-only server not to support the NT4
replication call.

Andrew Bartlett
(This used to be commit 59cba32c09)
2007-10-10 15:01:28 -05:00
Andrew Bartlett
e0779e2d3b r24127: Set the Domain SID into the libnet context, and have libnet_UserInfo
return full SIDs for the user SID and primary group sid.

This should help kai with his getpwnam work in winbind.

Andrew Bartlett
(This used to be commit 078671d501)
2007-10-10 15:01:27 -05:00
Andrew Bartlett
fc9471c4df r24118: Start fixing #4842 (usrmgr polcies menu not working) by removing range
restriction on the maximum returned size.  There isn't a good reason
to have a limit on this one.

Andrew Bartlett
(This used to be commit 9a8315019e)
2007-10-10 15:01:27 -05:00
Andrew Bartlett
3de02665fe r24112: Complete initialistion of the libnet_ctx when setting up the domain.
We need to set the access_mask and the domain name, or else libnet
will try to do this itself.

This seems to fix the issues Kai was having.

Andrew Bartlett
(This used to be commit 44c193272b)
2007-10-10 15:01:27 -05:00
Andrew Bartlett
07b15cd9fd r24111: Untested code is broken code, untested code is broken code...
Apologies for my previous commit, which should never have been
commited untested.

Andrew Bartlett
(This used to be commit ec69f41d09)
2007-10-10 15:01:26 -05:00
Andrew Bartlett
fa16e28424 r24110: I hate seeing callers manually filling in the composite context. Use
the helper functions instead (and in kai's new code, which just copied
the previous bad practice).

Andrew Bartlett
(This used to be commit 0908d8232e)
2007-10-10 15:01:25 -05:00
Kai Blin
6d10dc296c r24109: Add a wb_name2domain call
(This used to be commit a6a45ab970)
2007-10-10 15:01:25 -05:00
Kai Blin
91750a2825 r24108: Split out samba3_parse_domuser to a seperate file and rename, so it can be
used for a name2domain call.
(This used to be commit 75e41da039)
2007-10-10 15:01:25 -05:00
Andrew Bartlett
50a66a2e81 r24083: Don't fail the test (looking for the user in the enum) if we didn't
create the user in the first place.

Andrew Bartlett
(This used to be commit db0f81734d)
2007-10-10 15:01:24 -05:00
Andrew Bartlett
bd705012b8 r24082: Following the removal of a fanstsy condition from the SAMR testsuite,
allow the server side to enumerate all domain controllers and domain
members...

Andrew Bartlett
(This used to be commit d42150ff0a)
2007-10-10 15:01:24 -05:00
Andrew Bartlett
97859bc760 r24081: Domain Controllers are also shown in this enumeration.
Andrew Bartlett
(This used to be commit 3e332ff771)
2007-10-10 15:01:23 -05:00
Andrew Bartlett
008b840760 r24080: Set the primary group (matching windows) when creating new users in
SAMR.  This can't be done in the ldb templates code, as it doesn't
happen over direct LDAP.

As noted in bug #4829.

Andrew Bartlett
(This used to be commit 3bfa6dbf7d)
2007-10-10 15:01:23 -05:00
Andrew Bartlett
63c20026c4 r24076: Make ldap.js pass against Win2k3 again (looks like we don't match AD
on this error code, but allow both for now).

Also prove that bug #4829 needs a different solution: we can't fix
this by changing the template.  I think this fix needs to be in the
SAMR server.

Andrew Bartlett
(This used to be commit c3554e3ee7)
2007-10-10 15:01:22 -05:00
Andrew Bartlett
bd750a77c0 r24075: As suggested by metze, match the behaviour of ntvfs_posix, and remove
the backend data (effectivly closing the handle) when we close an IPC
FD.

This should fix #4821.

Andrew Bartlett
(This used to be commit efaf91b9d5)
2007-10-10 15:01:22 -05:00
Andrew Bartlett
649d4bf8aa r24074: Test both permitted logon hours and permitted workstations in the
RPC-SAMLOGON test.

This showed that, as noted by bug #4823, we didn't test for invalid
workstations.  In fact, the code had been ported across, but because
untested code is broken code, it never worked...

Andrew Bartlett
(This used to be commit 5e07417ada)
2007-10-10 15:01:21 -05:00
Andrew Bartlett
06a6194ead r24061: Anther part of bug #4823, which is that until now Samba4 didn't parse
the logon hours, even if set.

This code happily stolen from the great work in Samba3 :-)

Andrew Bartlett
(This used to be commit a4939ab629)
2007-10-10 15:01:21 -05:00
Andrew Bartlett
4e697b288b r24060: Fix bug #4806 by Matthias Wallnöfer <mwallnoefer@yahoo.de>: We need to
include the attribute allowedChildClassesEffective for MMC to allow
the creation of containers.

This may need further refinement, but it seems to work for now.

Andrew Bartlett
(This used to be commit d053b8e218)
2007-10-10 15:01:21 -05:00
Andrew Bartlett
fe60cd993d r24059: Fix bug 4822 reported by Matthias Wallnöfer <mwallnoefer@yahoo.de>.
Any SAMR client (usrmgr.exe in this case) that attempted to set a
property to a zero length string found instead the the old value was
kept.

In fixing this, rework the macros to be cleaner (add the
always-present .string) to every macro, and remove the use of the
samdb_modify() and samdb_replace() wrappers where possible.

Andrew Bartlett
(This used to be commit b05fe69304)
2007-10-10 15:01:20 -05:00
Volker Lendecke
6dad5b6e06 r24054: Fix some warnings
(This used to be commit b3473db397)
2007-10-10 15:01:20 -05:00
Andrew Bartlett
41ab04e37c r24053: Ensure we filter EnumDomainUsers with the supplied mask.
Should fix another part (list of domains in usrmgr incorrectly
including accounts) of bug #4815 by mwallnoefer@yahoo.de.

Andrew Bartlett
(This used to be commit 7f7e4fe298)
2007-10-10 15:01:19 -05:00
Andrew Bartlett
32d55960b5 r24052: Fix some of the NT4 usrmgr.exe portions of bug 4815.
- The icons in usermgr were incorrect, because the acct_flags were
   not filled in (due to missing attribute in ldb query)

 - The Full name was missing, and the description used as the full
   name (due to missing attributes in ldb query and incorrect IDL)

To prove the correctness of these fixes, I added a substantial new
test to RPC-SAMR-USERS, to ensure cross-consistancy between
QueryDisplayInfo and QueryUserInfo on each user.

This showed that for some reason, we must add ACB_NORMAL to the
acct_flags on level 2 queries (for machine trust accounts)...

Getting this right is important, because Samba3's RPC winbind methods
uses these queries.

Andrew Bartlett
(This used to be commit 9475d94a61)
2007-10-10 15:01:19 -05:00
Rafal Szczesniak
a47313851f r24051: more monitor function calls and monitor msg names
convention change.

rafal
(This used to be commit 6ab10b2ed2)
2007-10-10 15:01:18 -05:00
Volker Lendecke
890c42045d r24041: After metze's ack, check in torture_comment from Zack Krisch
<zack.kirsch@isilon.com>
(This used to be commit b1148b7ab8)
2007-10-10 15:01:18 -05:00
Andrew Bartlett
a7416c0894 r24012: Remove duplicate code block (from bad merge).
Andrew Bartlett
(This used to be commit 68bdbd732f)
2007-10-10 15:01:18 -05:00
Andrew Bartlett
4a517b1433 r24011: Keep the connect handle around in libnet, in case we want it.
Andrew Bartlett
(This used to be commit e6ccdb6cea)
2007-10-10 15:01:17 -05:00
Andrew Bartlett
276436311f r24010: Fix warning for the function paramter to qsort().
Andrew Bartlett
(This used to be commit 51862c4c52)
2007-10-10 15:01:17 -05:00
Andrew Bartlett
dc25ec5ce7 r23995: Work to allow mimir's libnet code to be called from winbind.
We now setup a libnet_ctx for each domain.  We should then be able to
replace/merge some more of the winbind code with libnet calls,
referencing domain->libnet_ctx.

Andrew Bartlett
(This used to be commit bad2dc14d7)
2007-10-10 15:01:16 -05:00
Andrew Bartlett
ae0115d8db r23994: Finish my work to ensure that non-root and non-administrator users
cannot vampire, provision or upgrade a Samba4 server via SWAT.

(The previous commit was an accident, and not complete).

This should get Samba4 closer to being 'secure' for an alpha release.

Andrew Bartlett
(This used to be commit 3b6695de36)
2007-10-10 15:01:16 -05:00
Andrew Bartlett
b7f9e85db1 r23993: Attempt to fix bug #4808, reported by mwallnoefer@yahoo.de. The issue
is that when we all ldb_msg_add_empty(), we might realloc() the
msg->elements array.  We need to ensure the source pointer (when
copying an element from the same msg) is still valid, or the data
copied.

Andrew Bartlett
(This used to be commit 0fbea30577)
2007-10-10 15:01:16 -05:00
Andrew Bartlett
62b56dc2db r23982: Fix use-after-realloc() found by valgrind and mwallnoefer@yahoo.de.
Should fix bug #4804.

Andrew Bartlett
(This used to be commit 848336dc61)
2007-10-10 15:01:15 -05:00
Michael Adam
0673a18277 r23980: Fix one more use of pwrite in expand_file.
Michael
(This used to be commit b97acdc67b)
2007-10-10 15:01:15 -05:00
Michael Adam
7002ed291a r23979: Fix another occurence of (written != requested) as an
error condition to write. This is in tdb_new_database.

Fix one call to tdb_new_database in tdb_open_ex to not
overwrite the newly propagated errno (typically ENOSPC).

Michael
(This used to be commit eb524df0a5)
2007-10-10 15:01:14 -05:00
Michael Adam
c94cba5b7b r23978: Merge r23161 from Samba3:
Add TDB_VOLATILE as open_flag to activate the per-hashchain dead record
optimization.
(This used to be commit 868cdb1781)
2007-10-10 15:01:14 -05:00
Michael Adam
af8432e692 r23977: Im prove the pwrite-patch to tdb_expand_file of r23972:
* prevent infinite loops due to 0 bytes written:
  try once more. if we still get 0 as return,
  set errno to ENOSPC and return -1 (error)

* replace int by correct types (ssize_t and size_t).

* print a warning log message in case "written < requested to write"
  usually this means, that the next call to pwrite will fail
  with return value -1 and set errno accordingly.

  Note that the former error condition "written != requested to write"
  is not a correct error condition of write/pwrite. If this is due
  to an error, a subsequent call to (p)write will reveal the cause
  (typically "no space left on device" - ENOSPC).

Michael
(This used to be commit 7f415d1223)
2007-10-10 15:01:13 -05:00
Michael Adam
d568e2b1d3 r23972: Fix a bug in pwrite error detection in tdb_expand_file():
The proper error condition is (ret == -1) instead of
(ret != number_of_byte_told_to_write).

Michael
(This used to be commit 4c3c6363f8)
2007-10-10 15:01:13 -05:00
Andrew Bartlett
3a1b90ec75 r23966: It isn't great, but at least now we have some access control in SWAT
This patch prevents non-root and non-administrator users from running
the provision, upgrade and vampire pages.  *I think* the rest of SWAT
is LDB operations, or otherwise authenticated, so we should now be
secure.

I wish I had a better way to 'prove' we got this right, but this is better than nothing, and moves us closer to an alpha.

Andrew Bartlett
(This used to be commit d61061052d)
2007-10-10 15:01:13 -05:00
Andrew Bartlett
bb68118840 r23965: Add testing the 'net time' command to the script.
Andrew Bartlett
(This used to be commit 4fab53432a)
2007-10-10 15:01:12 -05:00
Andrew Bartlett
8172bbb7e4 r23964: Update blackbox selftest scripts to cover more code, and to more
consistantly report errors.  (Some were being lost due to the "echo
foo | cmd" calling convention).

Andrew Bartlett
(This used to be commit d0a994d0ce)
2007-10-10 15:01:12 -05:00
Andrew Bartlett
f8219ec5a8 r23961: Allow SWAT to operate on x86_64 machines.
On machines with a 4 byte int, and a 8 byte pointer, the ESP could would fail.

The problem is that 0 != NULL.  0 is an int (4 bytes) and NULL is a
pointer (8), and this matters critically to varargs functions.

If a 0 was passed as the 'terminating' argument, then only 4 bytes
would be written to the stack, but va_arg(ap, char *) would try and
pull 8, reading uninitalised memory.

Andrew Bartlett
(This used to be commit 72ca8e3b2a)
2007-10-10 15:01:11 -05:00
Andrew Bartlett
3c097f3afb r23960: Don't destory the 'reason' for terminating the service before printing it.
Andrew Bartlett
(This used to be commit 18d2680f35)
2007-10-10 15:01:11 -05:00
Rafal Szczesniak
0d80514173 r23959: add more monitor messages support that's been sitting around on my
laptop for a while.

rafal
(This used to be commit c257363adb)
2007-10-10 15:01:11 -05:00
Michael Adam
5fa17c14a5 r23950: unlink before rename is superfluous.
Michael
(This used to be commit dc0104be9a)
2007-10-10 15:01:10 -05:00
Michael Adam
a45166bae0 r23925: Use NULL instead of 0 for a void * argument.
(This used to be commit bf7774360b)
2007-10-10 15:01:10 -05:00
Andrew Bartlett
1ce5642bae r23912: We always accept / as a seperator, and it is far less confusing
compared with a shell-escape (\).

Fixes bug #4765

Andrew Bartlett
(This used to be commit 417e0ef87f)
2007-10-10 15:01:09 -05:00