1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-24 21:34:56 +03:00
Commit Graph

688 Commits

Author SHA1 Message Date
Andrew Bartlett
c764791100 Clean up provision and rootdse module to hard-code less stuff.
In particular, allow for the server DN to be in a different site
(possible outcome of a DRS replication).

Andrew Bartlett
(This used to be commit 9ee4e39fe1)
2008-04-04 12:25:19 +11:00
Jelmer Vernooij
236fc02913 Reduce the number of installed headers.
(This used to be commit 2243e24024)
2008-04-02 13:41:10 +02:00
Jelmer Vernooij
afe3e8172d Install public header files again and include required prototypes.
(This used to be commit 47ffbbf674)
2008-04-02 04:53:27 +02:00
Andrew Bartlett
1c1c6fca66 Fix more valgrind issues.
This passes down the timeout more consistantly, and ensures that no
matter how the modules screw up, we don't free() the memory we are
going to write into the ASN1 packet until we actually write it out.

Andrew Bartlett
(This used to be commit eefd46289b)
2008-03-29 13:32:15 +11:00
Andrew Bartlett
e0c90d6131 Fix some valgrind issues.
These small changes seem to fix some of the early issues in 'make
valgrindtest'

Previously, the subtree_delete code didn't pass on the timeout,
leaving it uninitialised.

The ldap_server/ldap_backend.c change tidies up the talloc hierarchy a
bit.

Andrew Bartlett
(This used to be commit 95314f29a9)
2008-03-29 11:18:00 +11:00
Andrew Kroeger
8f8c56bfbc Convert some more files to GPLv3.
(This used to be commit ebe5e83994)
2008-03-28 01:08:49 -05:00
Andrew Bartlett
5738491674 Remove pointless cast
(This used to be commit 9a1466abbd)
2008-03-25 16:36:13 +11:00
Andrew Bartlett
dc49ae599e Remove useless extra argument to samdb_result_account_expires().
Andrew Bartlett
(This used to be commit bc607c334f)
2008-03-25 15:25:13 +11:00
Andrew Bartlett
9a1bec0801 More kludge ACLs!
Rather than killing off the nasty 'kludge ACLs' stuff, this patch
extends it, to ensure that LSA secrets and the registry are also
protected.

Andrew Bartlett
(This used to be commit 2f2b110fb8)
2008-03-20 12:12:10 +11:00
Andrew Bartlett
79a25a648d Indent
Andrew Bartlett
(This used to be commit d2b5f40d80)
2008-03-19 12:06:37 +11:00
Andrew Bartlett
de9b3af624 Allow more 'domain' objects when looking for a unqiue SID.
Andrew Bartlett
(This used to be commit db3b5f16ec)
2008-03-14 12:32:07 +11:00
Andrew Bartlett
44628c43ee Don't use 'dn', this attribute does not exist with the LDAP backend,
or in AD.

Andrew Bartlett
(This used to be commit a3e1f28306)
2008-03-13 16:35:53 +11:00
Andrew Bartlett
4a2ba0c047 Bail out, rather than segfault on no domain sid.
Andrew Bartlett
(This used to be commit 7e85f318b5)
2008-03-13 14:12:50 +11:00
Andrew Bartlett
e50d666bf9 Correctly normalise records against OpenLDAP.
Fixing this simple typo allows more of the ldap.js test to pass.

Andrew Bartlett
(This used to be commit 7c80cd18d5)
2008-03-13 14:12:18 +11:00
Andrew Bartlett
536d585c4c Don't search the whole tree for the domains's sid
This change removes a dependency on objectclass=domainDNS, and avoids
a subtree search when we really know exactly where this record is.

Andrew Bartlett
(This used to be commit 52947fc0c0)
2008-03-13 14:11:06 +11:00
Andrew Bartlett
0c88240236 Rework to have member server 'domains' be CN=NETBIOSNAME
This reworks quite a few parts of our provision system to use
CN=NETBIOSNAME as the domain for member servers.

This makes it clear that these domains are not in the DNS structure,
while complying with our own schema (found by OpenLDAP's schema
validation).

Andrew Bartlett
(This used to be commit bda6a38b05)
2008-03-13 11:36:58 +11:00
Andrew Bartlett
58edd6d179 Don't segfault on invalid objectClass input.
If the objectClass found does not include a defaultSecurityDescriptor,
then we should not segfault in the SDDL parser.

Andrew Bartlett
(This used to be commit 5a92771fb5)
2008-03-13 10:27:09 +11:00
Andrew Kroeger
a689d65e4f Treat maxPwdAge == 0 as passwords never expire.
(This used to be commit d28f2cb678)
2008-03-07 05:59:56 -06:00
Andrew Kroeger
01b3d89aec Add samdb_result_account_expires() function.
Windows uses 2 different values to indicate an account doesn't expire: 0 and
9223372036854775807 (0x7FFFFFFFFFFFFFFFULL).

This function looks up the value of the accountExpires attribute and if the
value is either value indicating the account doesn't expire,
0x7FFFFFFFFFFFFFFFULL is returned.

This simplifies the tests for account expiration.  There is no need to check
elsewhere in the code for both values, therefore a simple greater-than
expression can be used.
(This used to be commit 7ce5575a3a)
2008-03-07 05:59:55 -06:00
Andrew Bartlett
7e0ef3fd0e Make Samba4 pass the NET-API-BECOMEDC test against Win2k3 (again).
To make Samba4, using the python provision system, pass this test
required some major rework.  Untested code is broken code, and some of
the refactoring for a seperate provision test (which also now passes)
broke things.

Similarly, the iconv work has compiled, but these codepaths have never
been run (NULL pointer de-reference).

In working to use a local, rather than global, loadparm context, and
to support using a target directory, a few things needed to be
reworked, particularly around path handling.

Andrew Bartlett
(This used to be commit 1169e8d7be)
2008-03-06 21:55:26 +11:00
Andrew Bartlett
8a10979e6b The DN in objectCategory should, if possible, be returned pretty...
This avoids going via the canonicalise_fn(), which will upper case the DN

Andrew Bartlett
(This used to be commit cdff1b0802)
2008-03-04 13:40:50 +11:00
Jelmer Vernooij
489f66cd42 Change remaining prototype headers to be private.
(This used to be commit 2f7ff409e8)
2008-02-29 14:36:51 +01:00
Jelmer Vernooij
1ada710840 Move public header accumulation out of the perl code.
Never install generated prototype files. It's easier to break the
API when using them and they're not easily readable for 3rd party users.

Conflicts:

	source/auth/config.mk
	source/auth/credentials/config.mk
	source/auth/gensec/config.mk
	source/build/smb_build/config_mk.pm
	source/build/smb_build/main.pl
	source/build/smb_build/makefile.pm
	source/dsdb/config.mk
	source/lib/charset/config.mk
	source/lib/tdr/config.mk
	source/lib/util/config.mk
	source/libcli/config.mk
	source/libcli/ldap/config.mk
	source/librpc/config.mk
	source/param/config.mk
	source/rpc_server/config.mk
	source/torture/config.mk
(This used to be commit 6c659689ed)
2008-02-29 14:23:38 +01:00
Jelmer Vernooij
734fea474c Fix typo.
(This used to be commit 2b408e9ed4)
2008-02-29 01:03:31 +01:00
Andrew Bartlett
3abf47fe87 Simplify the 'password must change' logic
This takes the previous patches further, so we catch all the cases
(the KDC looked at the time directly).

Andrew Bartlett
(This used to be commit cda4642a93)
2008-02-29 08:47:42 +11:00
Andrew Bartlett
5043215f21 Generate ACB_PW_EXPIRED correctly
More correctly handle expired passwords, and do not expire machine accounts.

Test that the behaviour is consistant with windows, using the RPC-SAMR test.

Change NETLOGON to directly query the userAccountControl, just because
we don't want to do the extra expiry processing here.

Andrew Bartlett
(This used to be commit acda1f69bc)
2008-02-28 08:50:00 +11:00
Andrew Bartlett
446fb38765 Users and computers now share the same template.
Slowly work away at the samldb module again, it is clear that AD does
not use much of a templating system.  samAccountType is managed, as
far as I can tell, when groupType or userAccountControl changes.

Andrew Bartlett
(This used to be commit 447d5a7954)
2008-02-28 08:43:10 +11:00
Jelmer Vernooij
39a817d310 Fix use of some modules (needed _PUBLIC_).
(This used to be commit ce332130ea)
2008-02-20 04:33:43 +01:00
Jelmer Vernooij
16109a40c0 Use struct-based rather than function-based initialization for ldb modules everywhere.
(This used to be commit 85c96a3258)
2008-02-20 01:54:32 +01:00
Jelmer Vernooij
b617f58cc3 Fix accidently introduced bug - thanks metze.
(This used to be commit d0dfdab85a)
2008-02-19 14:25:20 +01:00
Jelmer Vernooij
87847afce2 Merge branch 'v4-0-test' of ssh://git.samba.org/data/git/samba into v4-0-trivial
(This used to be commit 8238415f3c)
2008-02-19 13:45:17 +01:00
Jelmer Vernooij
7d5987c2e0 Remove uses of global_loadparm.
(This used to be commit 138aaef078)
2008-02-19 13:39:27 +01:00
Andrew Bartlett
e51ec1d8cf Merge branch 'v4-0-test' of git://git.samba.org/samba into 4-0-abartlet
(This used to be commit 837eb8a0bc)
2008-02-19 14:45:23 +11:00
Andrew Bartlett
0fbf1de763 Explain that these OIDs are DNs
Andrew Bartlett
(This used to be commit 69af290c91)
2008-02-19 09:36:56 +11:00
Jelmer Vernooij
ff0315ba85 Rename include to mkinclude to emphasize it is different from make's include.
(This used to be commit 0e1d0a874a)
2008-02-18 20:04:18 +01:00
Andrew Bartlett
19fcdb2e8a Give a more useful error when the templates.ldb can't be found.
Andrew Bartlett
(This used to be commit 26108eb66b)
2008-02-09 14:02:14 +11:00
Andrew Bartlett
5153c67267 Reset error strings
Avoid leaking error strings up to the application, when we are ignoring them.
(This used to be commit 57b4b43b65)
2008-02-08 17:09:49 +11:00
Kai Blin
c9ea65e4ce sidmap: Some source code cleanups.
(This used to be commit 16466b543b)
2008-02-05 11:42:39 +01:00
Andrew Bartlett
0f8eeb81ec Remove useless layer of indirection, where every service called
task_service_init() manually.  Now this is called from service.c for
all services.

Andrew Bartlett
(This used to be commit 9c9a4731ca)
2008-02-04 21:58:29 +11:00
Andrew Bartlett
23d681caf9 Rework service init functions to pass down service name. This is
needed to change prefork behaviour based on what service is being
started.

Andrew Bartlett and David Disseldorp
(This used to be commit 0d830580e3)
2008-02-04 17:48:51 +11:00
Jelmer Vernooij
9ad04b695b ldb: Add ldb_oom() calls in a couple of places.
(This used to be commit 1163c2ad54)
2008-01-26 23:49:33 +01:00
Stefan Metzmacher
b0e286a5be repl_meta_data: add some TODOs to replmd_modify_originating()
metze
(This used to be commit ba495f9d19)
2008-01-25 08:08:50 +01:00
Andrew Bartlett
a2d7a3b627 Use the repl_meta_data module by default.
This means that, except when we back onto LDAP, when it will be
replaced with the mapping backend, we will keep this codepath tested.

Andrew Bartlett
(This used to be commit e8fb5da5a1)
2008-01-24 14:28:25 +11:00
Andrew Bartlett
dc08079d81 Get more information from ldb when reporting a failed replication.
Andrew Bartlett
(This used to be commit 948ee9b7ac)
2008-01-23 15:44:02 +11:00
Andrew Bartlett
4172e09c53 Fix DRSUAPI replication test - NET-API-BECOME-DC.
The main change here is to work with the current module stack,
replacing only the objectGUID module, rather than a number of modules.

However, two changes were key:
 - Fixing a typo search_req->handle -> change_req->handle
 - Allowing an error of NO_SUCH_OBJECT - it is quite valid
   for the object not to exist when being replicated in.

Other small changes were required to the ejs provision to match
changes in that code.

Andrew Bartlett
(This used to be commit 7b87a58502)
2008-01-23 15:43:14 +11:00
Andrew Bartlett
8bceed449d Fix segfaults in codepaths only tested by the NET-API-BECOME-DC test.
(I presume this has resulted from the global variable elimination)

Perhaps the iconv handle argument to ndr_push_struct needs to be
marked as 'not NULL' or similar?

Andrew Bartlett
(This used to be commit e8081333b8)
2008-01-23 15:34:44 +11:00
Andrew Bartlett
593e6fc403 ranged_results: fix use of uninitialised variable (end)
This matches the range parsing in the search and callback - end was
uninitilaised, causing occasional failures in make test.

Andrew Bartlett
(This used to be commit 669f137f0e)
2008-01-23 08:57:16 +11:00
Andrew Bartlett
7e2ea67b21 Only set showOnlyInAdvancedView: TRUE when adding default values.
False is the default, so only set this when the schema requires the
hiding behaviour.

Andrew Bartlett
(This used to be commit 45f6ccefda)
2008-01-18 18:08:49 +11:00
Andrew Bartlett
130db062bf Merge commit 'origin/v4-0-test' into 4-0-local
(This used to be commit 51422414be)
2008-01-18 17:05:17 +11:00
Andrew Bartlett
391f089d71 Add showInAdvancedViewOnly to every new object
Unless already set, the default value for this comes from the
defaultHidingValue in the schema.

Andrew Bartlett
(This used to be commit 673f180500)
2008-01-18 16:56:41 +11:00