1
0
mirror of https://github.com/samba-team/samba.git synced 2025-01-26 10:04:02 +03:00

55328 Commits

Author SHA1 Message Date
Andrew Tridgell
341477347d fixed the updateNow schema test to use a canonical OID
The expression time.strftime("%s", time.gmtime())[3:] leads to a
string with a leading 0. When added then read back from the prefix map
this leads to a different string, so it is never found.

Use the simpler str(random.randint(a,b)) expression instead
2009-08-17 11:14:07 +10:00
Andrew Bartlett
ca526fbb3e s4:selftest Remove the 'subunit filter' from make testenv etc
The extra filter is no use for 'testenv', as we are not running tests,
but an xterm.  The filter also breaks running 'GDB_PROVISION=yes make
test', but at least if we can run 'GDB_PROVISION=yes make testenv'
then we can debug provision.

Andrew Bartlett
2009-08-17 11:08:42 +10:00
Andrew Bartlett
7496095c1b s4:libcli/ldap Explain why we set a hostname for ldapi:// connections
It is a pretty odd thing to do, and it's only because of the
restrictions of DIGEST-MD5 in Cyrus SASL that we do it.

Andrew Bartlett
2009-08-17 11:08:42 +10:00
Andrew Bartlett
df3ef12cf8 s4:provision Fix existing ldapi:// backend detection exception
Found by Oliver Liebel <oliver@itc.li>

Andrew Bartlett
2009-08-17 09:52:09 +10:00
Andrew Bartlett
498faae1a3 s4:install Remove provision-backend script from 'make install'
Spotted by MICHAEL BROWN <mbrown@mesainc.com>

Andrew Bartlett
2009-08-17 09:51:01 +10:00
Andrew Bartlett
2af06385ed s4:provision Make sure that we don't use Kerberos to our LDAP backend
This makes no sense, and just causes trouble - we are aiming for
DIGEST-MD5 or NTLM.

Andrew Bartlett
2009-08-17 09:51:01 +10:00
Andrew Bartlett
84ee0af244 s4:provison Print the LDAP backend admin username/password 2009-08-17 09:51:00 +10:00
Andrew Bartlett
5255ba3c4f s4:selftest Confirm that there isn't a listener on the ldapi:// socket
This should help debug problems with 'make test' of the LDAP backend,
if a stray listener is still around.

Andrew Bartlett
2009-08-17 09:51:00 +10:00
Andrew Bartlett
e7bae2eb0a s4: Re-add --ldapadminpass as an option to provision
This should make setting up LDAP servers more predictable.

When not specified, it is random

Andrew Bartlett
2009-08-17 09:51:00 +10:00
Andrew Bartlett
052da4e4d7 s4:python Allow 'no such object' on the delete of the DN
This fixes the recursive delete in erase_partitions()

For reasons I cannot understand, it is possible to get 'no such
object' trying to delete a DN I just search for without error.  Oh
well...

Andrew Bartlett
2009-08-17 09:50:59 +10:00
Andrew Bartlett
410114e41c s4:provision Keep a single transaction for the erase and rebuild
Using a single transaction to both erase the bulk of the data and the
rebuild of that data means that the in-memory index list is
maintained, and not written out to disk until it is all compleated.
All the writes then occour at the end.

Andrew Bartlett
2009-08-17 09:50:59 +10:00
Andrew Bartlett
ecd234a0f1 s4:provision A crude update of the OpenLDAP backend HOWTO 2009-08-17 09:50:59 +10:00
Endi Sukma Dewata
a6c9233a12 s4:provision Fixes for Fedora DS schema mapping with full AD schema 2009-08-17 09:50:59 +10:00
Andrew Bartlett
f87811f6b3 s4:provision Rework provision-backend into provision
This removes a *lot* of duplicated code and the cause of much
administrator frustration.  We now handle starting and stopping the
slapd (at least for the provision), and ensure that there is only one
'right' way to configure the OpenLDAP and Fedora DS backend

We now run OpenLDAP in 'cn=config' mode for online configuration.

To test what was the provision-backend code, a new --ldap-dryrun-mode
option has been added to provision.  It quits the provision just
before it would start the LDAP binaries

Andrew Bartlett
2009-08-17 09:50:58 +10:00
Andrew Bartlett
7a9030b7ce s4:provision Move helper functions back to provision
(These will be added back in a future commit)
2009-08-17 09:50:57 +10:00
Andrew Bartlett
a58b4f8cc2 s4:setup Don't manually set @ATTRIBUTES any more
We now set these as part of the schema load, and we now load the
schema before the provision loads the DB, so setting them here is
pointless

Andrew Bartlett
2009-08-17 09:50:57 +10:00
Andrew Bartlett
14aff84adc s4:python Push some helper functions from SamDB into samba.Ldb
This makes it possible to do a bit more of the provision with Samba
helpers, but without some of the otherwise useful things (such as
loading in the global schema) that SamDB does.

Rewrite provision_erase to use a recursive search, rather than a
looping subtree search.  This is much more efficient, particularly now
we have one-level indexes enabled.

Delete the @INDEX and similar records *after* deleting all other
visible records, this hopefully also assists performance.

Andrew Bartlett
2009-08-17 09:50:57 +10:00
Andrew Bartlett
51d2d3df6d s4:schema Allow a schema load on an unconnected database
This helps ensure we don't load the schema too often in the provision
(allowing a reference in of the schema before the modules load).

Andrew Bartlett
2009-08-17 09:50:56 +10:00
Andrew Bartlett
e1e99a7c7b s4:provision Remove the ACI element from the provision templates
We need to find a better way to apply this (used in the Fedora DS LDAP
backend), not by trying to tunnel this down the module stack.

Andrew Bartlett
2009-08-17 09:50:56 +10:00
Andrew Bartlett
346aa6e093 s4:schema Provide a way to reference a loaded schema between ldbs
This allows us to load the schema against one ldb context, but apply
it to another.  This will be useful in the provision script, as we
need the schema before we start the LDAP server backend.

Adnrew Bartlett
2009-08-17 09:50:56 +10:00
Volker Lendecke
2c23e7dc5a s3:winbind: The get[gr|pw]end functions need access to the client state 2009-08-16 13:28:14 +02:00
Volker Lendecke
459233e630 s3:winbind: Convert WINBINDD_GETGRNAM to the new API 2009-08-16 12:39:08 +02:00
Volker Lendecke
a511a87519 s3:winbind: Convert WINBINDD_GETGRGID to the new API 2009-08-16 12:39:07 +02:00
Volker Lendecke
3f3f49d5e2 s3:winbind: Add winbindd_print_groupmem
This converts a talloc_dict retrieved from wb_group_members to the string
that the pipe protocol expects
2009-08-16 12:39:02 +02:00
Volker Lendecke
27dd290d3f s3:winbind: Make fill_grent publically available 2009-08-16 12:38:19 +02:00
Volker Lendecke
886e183b0e s3:winbind: Add const to normalize_name_map 2009-08-16 12:38:19 +02:00
Volker Lendecke
c83bf9cd7e s3:winbind: Add async wb_getgrsid 2009-08-16 12:38:19 +02:00
Volker Lendecke
8a683f4896 s3:winbind: Add async wb_group_members 2009-08-16 12:38:19 +02:00
Volker Lendecke
3d46eaf411 s3:winbind: Make wcache_lookup_groupmem available publically 2009-08-16 12:38:19 +02:00
Volker Lendecke
1a22baa817 s3: Add talloc_dict.[ch] 2009-08-16 12:38:19 +02:00
Volker Lendecke
5ae122ed7a s3:winbind: Fix a potential segfault in libwbclient 2009-08-16 10:38:24 +02:00
Volker Lendecke
0f64bb5b7e s3:winbind: Convert winbindd_show_sequence to the new API 2009-08-16 10:38:24 +02:00
Volker Lendecke
e54503e82f s3:winbind: Add async wb_seqnums
This is something that would have been very difficult with the old style of
async requests: Send the request to all children simultaneously.
2009-08-16 10:38:24 +02:00
Volker Lendecke
1d110e0ef6 s3:winbind: Add async wb_seqnum 2009-08-16 10:38:24 +02:00
Volker Lendecke
c6b36ce573 s3:winbind: WINBIND_USERINFO -> wbint_userinfo 2009-08-16 10:38:24 +02:00
Volker Lendecke
6d100a6b20 s3:winbind: Simplify _wbint_[GU]id2Sid 2009-08-16 10:38:24 +02:00
Stefan Metzmacher
95c3d3b5d8 tevent: add some more doxygen comments for tevent_req functions
metze
2009-08-15 10:46:36 +02:00
Stefan Metzmacher
a3cdd7949c s3:Makefile: build ../libcli/smb/smb2_create_blob.o as part of smbd
metze
2009-08-15 10:46:36 +02:00
Stefan Metzmacher
e2845b8089 libcli/smb: add smb2_create_blob_find()
metze
2009-08-15 10:46:35 +02:00
Jeremy Allison
a023b6c64b Use defined names rather than numeric constants to make code
clearer.
Jeremy.
2009-08-14 15:06:11 -07:00
Michael Adam
12864ffd51 gpfs.so: map the file_inherit and dir_inherit flags away for files
GPFS sets inherits dir_inhert and file_inherit flags
to files, too, which confuses windows, and seems to
be wrong anyways.

So when mapping a nfs4 acl to a windows acl, we map these
flags away for files.

Michael
2009-08-14 23:23:20 +02:00
Jeff Layton
19553e1552 cifs.upcall: fix IPv6 addrs sent to upcall to have colon delimiters
Current kernels don't send IPv6 addresses with the colon delimiters, add
a routine to add them when they're not present.

Signed-off-by: Jeff Layton <jlayton@redhat.com>
2009-08-14 07:59:51 -04:00
Jeff Layton
2f95ccc1e2 cifs.upcall: use ip address passed by kernel to get server's hostname
Instead of using the hostname given by the upcall to get the server's
principal, take the IP address given in the upcall and reverse resolve
it to a hostname.

Signed-off-by: Jeff Layton <jlayton@redhat.com>
2009-08-14 07:59:50 -04:00
Jeff Layton
acbf026012 cifs.upcall: clean up flag handling
Add a new stack var to hold the flags returned by the decoder routine
so that we don't need to worry so much about preserving "rc".

With this, we can drop privs before trying to find the location of
the credcache.

Signed-off-by: Jeff Layton <jlayton@redhat.com>
2009-08-14 07:59:50 -04:00
Jeff Layton
b10bdef4e7 cifs.upcall: try getting a "cifs/" principal and fall back to "host/"
cifs.upcall takes a "-c" flag that tells the upcall to get a principal
in the form of "cifs/hostname.example.com@REALM" instead of
"host/hostname.example.com@REALM". This has turned out to be a source of
great confusion for users.

Instead of requiring this flag, have the upcall try to get a "cifs/"
principal first. If that fails, fall back to getting a "host/"
principal.

Signed-off-by: Jeff Layton <jlayton@redhat.com>
2009-08-14 07:59:50 -04:00
Jeff Layton
750ceb8239 cifs.upcall: declare a structure for holding decoded args
The argument list for the decoder is becoming rather long. Declare an
args structure and use that for holding the args. This also simplifies
pointer handling a bit.

Signed-off-by: Jeff Layton <jlayton@redhat.com>
2009-08-14 07:59:49 -04:00
Jeff Layton
685fdc33d7 cifs.upcall: formatting cleanup
Clean up some unneeded curly braces, and fix some indentation.

Signed-off-by: Jeff Layton <jlayton@redhat.com>
2009-08-14 07:59:49 -04:00
Jeff Layton
378a2d9aa5 cifs.upcall: clean up logging and add debug messages
Change the log levels to be more appropriate to the messages being
logged. Error messages should be LOG_ERR and not LOG_WARNING, for
instance.

Add some LOG_DEBUG messages that we can use to diagnose problems with
krb5 upcalls. With these, someone can set up syslog to log daemon.debug
and should be able to get more info when things aren't working.

Signed-off-by: Jeff Layton <jlayton@redhat.com>
2009-08-14 07:59:49 -04:00
Stefan Metzmacher
168a7cb6a8 s3:smbd: allow SMB2 Cancel to have the async flag set
metze
2009-08-14 13:27:50 +02:00
Stefan Metzmacher
86ea1c4d24 s3:smbd: fix parsing of the SMB2 body
Maybe there's no dynamic part on the wire.

metze
2009-08-14 13:27:49 +02:00