sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2025-01-12 09:18:10 +03:00
Code
67,551 Commits 60 Branches 1,145 Tags 452 MiB
5548d3d41e
Commit Graph

24626 Commits

Author SHA1 Message Date
Andrew Tridgell
4e0a3ea705 s4-kdc: RODC DCs should be able to produce forwardable tickets 
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
 2010-09-28 19:25:51 -07:00
Andrew Tridgell
04e3e27fd1 heimdal: fixed timegm UTC/GMT bug 
This was a wonderful bug!

On some Fedora systems, but not on Ubuntu, there is a difference
between UTC and GMT. Heimdal replaced timegm() with _der_timegm()
which did not account for that difference (which is 24 seconds at the
moment). This led to a mutual authentication failure.

Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
 2010-09-28 19:25:51 -07:00
Andrew Tridgell
dacfe67a0e s4-sam: fixed termination of krbtgt_attrs (comma and NULL) 
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
 2010-09-28 19:25:51 -07:00
Andrew Tridgell
c83775d524 ldb-dn: don't crash on NULL in ldb_binary_encode_string() 
Thanks to Nadya for finding this one!
 2010-09-28 19:25:51 -07:00
Andrew Bartlett
3d4576b170 s4-kdc Ensure that an RODC may act as a server (needed to fill 
the krbtgt role).

Andrew Bartlett
 2010-09-28 19:25:50 -07:00
Andrew Bartlett
f84bdf91d8 heimdal Use a seperate krb5_auth_context for the delegated credentials 
If we re-use this context, we overwrite the timestamp while talking
to the KDC and fail the mutual authentiation with the target server.

Andrew Bartlett
 2010-09-28 19:25:50 -07:00
Andrew Tridgell
f4177b66c5 s4-drs: added support for DRSUAPI_EXOP_REPL_OBJ 
this extended getncchanges operation replicates a single object
 2010-09-28 11:36:40 -07:00
Andrew Tridgell
491e89fa1c ldb-tdb: ignore failure to register control on rootdse 
this is expected for non-sam LDBs
 2010-09-28 11:36:40 -07:00
Andrew Tridgell
9aa07e72c8 s4-drs: use drs_ObjectIdentifier_*() calls in getncchanges 
this allows for replication by GUID or SID
 2010-09-28 11:36:40 -07:00
Andrew Tridgell
d4939ce4fc s4-drs: moved the drs_ObjectIdentifier handling to dsdb_dn.c 
this will be used outside of the drs server.

This also fixes the handling of the ndr_size elements of the
drs_ObjectIdentifier
 2010-09-28 11:36:40 -07:00
Andrew Tridgell
cd3eddbb59 waf: we don't need the preprocessor recursion limit any more 
thanks to ita for this
 2010-09-28 11:36:40 -07:00
Nadezhda Ivanova
8045b35b1b s4-drs: Added check for drs-manage-topology to updateRefs. 2010-09-28 11:36:40 -07:00
Nadezhda Ivanova
440cee48b9 s4-drs: Added drs_security_access_check function 
It takes a security token, an ldb_context, and the desired CAR and checks
if the principal has this CAR granted
 2010-09-28 11:36:40 -07:00
Nadezhda Ivanova
6caa512815 s4-dsdb: adapted check_access_on_dn for use in drs. 2010-09-28 11:36:40 -07:00
Andrew Bartlett
4be2696644 heimdal Fix DNS name qualification to not mangle IP addresses 
If the host running this code used IPv6 forms for IPv4 addreses
then the check for '.' would not be sufficient to determine that this
isn't a name we should mangle.  Instead, check if it can be parsed
as a numeric address first, and only then mangle.

Andrew Bartlett
 2010-09-29 04:23:07 +10:00
Andrew Bartlett
89ee9e6518 s4-kdc Handle the case where we may be given a ticket from an RODC in db layer 
This includes rewriting the PAC if the original krbtgt isn't to be
trusted, and reading different entries from the DB for the krbtgt
depending on the krbtgt number.

Andrew Bartlett
 2010-09-29 04:23:07 +10:00
Andrew Bartlett
9d33929d76 heimdal Add an error code for use in the RODC 
In this case, the whole request packet should be forwarded to
a real KDC, with full secrets, as we don't have the password.

This could also be used to implement 'play dead when the LDAP
server is down'.

Andrew Bartlett
 2010-09-29 04:23:07 +10:00
Andrew Bartlett
9b5e304cce heimdal Add support for extracting a particular KVNO from the database 
This should allow master key rollover.

(but the real reason is to allow multiple krbtgt accounts, as used by
Active Directory to implement RODC support)

Andrew Bartlett
 2010-09-29 04:23:07 +10:00
Andrew Bartlett
3021af2777 s4-kdc Add common setup, handle RODC setup case 
This means we just set up the system_session etc in one place
and don't diverge between the MIT and Heimdal plugins.

We also now determine if we are an RODC and store some details
that we will need later.

Andrew Bartlett
 2010-09-29 04:23:07 +10:00
Andrew Bartlett
88abf441d0 s4-dsdb Add ldb_reset_err_string() when we set error codes. 
If we don't we could show an old, incrorrect error
 2010-09-29 04:23:07 +10:00
Andrew Bartlett
063b61289d s4-dsdb Make samdb_reference_dn() use dsdb_search() and DSDB_SEARCH_ONE_ONLY 
This simplifies the function.  While doing so, also change the error
string setting to set a really clear error string for the failure to find
and failure to parse cases.

Andrew Bartlett
 2010-09-29 04:23:07 +10:00
Andrew Bartlett
990720b8cd s4-kdc Add function to determine if a hdb entry is a RODC 
This is important, as we must ignore the PAC from an RODC.

Andrew Bartlett
 2010-09-29 04:23:07 +10:00
Andrew Bartlett
85f7bce865 s4-kdc Use msDS-SecondaryKrbTgtNumber to fill in the full KVNO 
Andrew Bartlett
 2010-09-29 04:23:07 +10:00
Andrew Bartlett
8b57482fa8 s4-dsdb Fix segfault in error case in rootdse module 2010-09-29 04:23:07 +10:00
Jelmer Vernooij
b4a5ece84a ldb: Fix path to alternative buildtools. 2010-09-28 09:16:03 +02:00
Jelmer Vernooij
0688c5b2f1 samba4: Don't update Makefile/configure from autogen.sh. 2010-09-28 09:12:42 +02:00
Jelmer Vernooij
63928c82c1 ldb/tevent: Fix detection of waf paths. 2010-09-28 09:12:41 +02:00
Jelmer Vernooij
85443e0850 ldb: Update autogen-waf.sh to no longer overwrite existing files. 2010-09-28 09:12:40 +02:00
Jelmer Vernooij
72a41cc820 ldb: Remove samba-specific targets from Makefile. 2010-09-28 09:12:40 +02:00
Jelmer Vernooij
78b4b21b40 ldb: Bump version because of addition of ldb_req_location. 2010-09-28 09:12:40 +02:00
Andrew Tridgell
c12f1a1e91 s4-selftest: added a --fail-immediately option to s4 test 
this can be used to force an immediate test failure on the first
failed test case. You can also use:
 
  make test FAIL_IMMEDIATELY=1
 2010-09-28 09:12:39 +02:00
Andrew Tridgell
c7f6ab890e s4-provision: fixed the authority response for our SOA record 
some clients rely on this being the hostname, not the domain

Autobuild-User: Andrew Tridgell <tridge@samba.org>
Autobuild-Date: Tue Sep 28 06:39:19 UTC 2010 on sn-devel-104
 2010-09-28 06:39:19 +00:00
Andrew Tridgell
0bbbfa04f6 s4-dns: implemented RODC DNS update in dns update task 
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
 2010-09-27 22:55:05 -07:00
Andrew Tridgell
c4d2b6fbc2 s4-netlogon: added RODC DNS update call fwded to dnsupdate task 
when we get a netlogon RODC DNS update, we send it to the dnsupdate
task
 2010-09-27 22:55:05 -07:00
Andrew Tridgell
6237d56027 s4-dns: added --update-list option to samba_dnsupdate 
this allows us to use it for RODC netlogon updates
 2010-09-27 22:55:05 -07:00
Andrew Tridgell
bc47af50eb s4-kdc: added ifdef guards in kdc.h 
this prevents too much recursion in the compiler preprocessor
 2010-09-27 22:55:04 -07:00
Andrew Tridgell
1587b46fa0 s4-ldb: removed an unused variable 2010-09-27 22:55:04 -07:00
Andrew Tridgell
17aa2b3294 s4-kcc: fixed a incorrect context to kcctpl_get_all_bridgehead_dcs 2010-09-27 22:55:04 -07:00
Andrew Tridgell
e313667983 s4-dsdb: added samdb_find_site_for_computer() and samdb_find_ntdsguid_for_computer() 
these will be used by the new RODC dns update code

Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
 2010-09-27 22:55:04 -07:00
Andrew Tridgell
c972790249 s4-auth: removed unused variable dom_sid 2010-09-27 22:55:04 -07:00
Stefan Metzmacher
491102c1ce s4:gensec_tstream: remove plain socket handling 
metze

Autobuild-User: Stefan Metzmacher <metze@samba.org>
Autobuild-Date: Tue Sep 28 04:54:24 UTC 2010 on sn-devel-104
 2010-09-28 04:54:24 +00:00
Stefan Metzmacher
ca360fba10 s4:lib/tls: add gnutls backend for tstream 
metze

Autobuild-User: Stefan Metzmacher <metze@samba.org>
Autobuild-Date: Tue Sep 28 02:29:42 UTC 2010 on sn-devel-104
 2010-09-28 02:29:42 +00:00
Stefan Metzmacher
381f0fcd19 s4:gensec: add gensec_create_tstream() 
Based on the initial patch from Andreas Schneider <asn@redhat.com>.

metze
 2010-09-28 03:48:11 +02:00
Stefan Metzmacher
d6c48b4a5f s4:wrepl_server: use SOCKET_FLAG_NOCLOSE instead of a dup() 
The key thing is that we might have to turn the incomming
connection into a outgoing connection.

This change makes sense anyway, because we donate the fd to
tstream.

metze
 2010-09-28 03:48:10 +02:00
Stefan Metzmacher
9d8b886b3e s4:rpc_server: use SOCKET_FLAG_NOCLOSE to avoid calling close() on the socket fd twice. 
metze
 2010-09-28 03:48:10 +02:00
Andrew Tridgell
6676142347 s4-ildap: two more places that need talloc_reparent() 
these contexts can have references

Autobuild-User: Andrew Tridgell <tridge@samba.org>
Autobuild-Date: Tue Sep 28 00:04:03 UTC 2010 on sn-devel-104
 2010-09-28 00:04:03 +00:00
Andrew Tridgell
396cdd6343 s4-kcc: don't print "Testing kcctpl_create_intersite_connections" 
log level 0 is excessive for this!
 2010-09-27 23:18:23 +00:00
Andrew Tridgell
8e1a3c8cca s4-drs: make getncchanges debug less verbose 
quieten make test a little
 2010-09-27 23:18:23 +00:00
Andrew Tridgell
8edf3d7131 s4-dns: avoid search domains expansion in DNS resolver 
add a '.' if the name contains a '.' already, but not at the end
 2010-09-27 23:18:23 +00:00
Andrew Tridgell
43d0c2e9ea heimdal: avoid DNS search domain expansion 
When you have a domain search list in resolv.conf, and one of the DNS
servers for a searched domain is uncontactable then we would timeout
resolving DNS names.

Avoid this by adding a '.' to the hostname if the hostname already has
a '.' in it, which we assume to mean it is fully qualified.
 2010-09-27 23:18:23 +00:00
Günther Deschner
93d7230d25 s4-smbtorture: rework spoolss_EnumPrintProcDataTypes test. 
Guenther
 2010-09-28 01:17:13 +02:00
Günther Deschner
a335848a88 s4-smbtorture: rework test_EnumPrintProcessors to let it test more combinations. 
Guenther
 2010-09-28 01:17:09 +02:00
Andrew Tridgell
7fbe700753 s4-ildap: fixed a talloc_steal with references error 
We need talloc_reparent() instead

Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>

Autobuild-User: Andrew Tridgell <tridge@samba.org>
Autobuild-Date: Mon Sep 27 20:38:00 UTC 2010 on sn-devel-104
 2010-09-27 20:38:00 +00:00
Nadezhda Ivanova
aeedd29d39 s4-ldb: Added ldb_request_replace_control 
It is the same as ldb_request_add_control, except it will replace
an existing control.

Autobuild-User: Andrew Tridgell <tridge@samba.org>
Autobuild-Date: Mon Sep 27 19:00:38 UTC 2010 on sn-devel-104
 2010-09-27 19:00:38 +00:00
Anatoliy Atanasov
2cf0525b23 s4/irpc: Add security token to the binding handle when doing irp call forwarding 2010-09-27 09:59:21 -07:00
Anatoliy Atanasov
ed7bbc993d s4/irpc: Add function to add security token to the binding handle 2010-09-27 09:59:21 -07:00
Stefan Metzmacher
d9d4ded71a s4:irpc: optionaly pass the security_token via IRPC requests. 
metze
 2010-09-27 09:59:21 -07:00
Stefan Metzmacher
b32625b79f s4:torture/ldap: close connections with an UnbindRequest 
metze

Autobuild-User: Stefan Metzmacher <metze@samba.org>
Autobuild-Date: Mon Sep 27 07:14:23 UTC 2010 on sn-devel-104
 2010-09-27 07:14:23 +00:00
Stefan Metzmacher
b1ffacb437 LDAP-BASIC: test AbandonRequest 
metze
 2010-09-27 08:24:36 +02:00
Stefan Metzmacher
b65a164f3e s4:libcli/ldap: fix sending oneway requests 
metze
 2010-09-27 08:24:36 +02:00
Günther Deschner
f2310cacde waf: add more NDR subsystems for shared IDL files. 
Guenther
 2010-09-27 07:12:09 +02:00
Günther Deschner
611c8310ab s4-waf: remove NDR-SRVSVC alias. 
Thanks tridge, this was driving me nuts...

Guenther
 2010-09-27 07:12:08 +02:00
Günther Deschner
d834671f68 s4-smbtorture: remove unneeded dcerpc_mgmt alias. 
Guenther
 2010-09-27 07:12:08 +02:00
Andrew Tridgell
785410c493 s4-drs: fixed comment in getncchanges code 
Autobuild-User: Andrew Tridgell <tridge@samba.org>
Autobuild-Date: Mon Sep 27 04:54:43 UTC 2010 on sn-devel-104
 2010-09-27 04:54:43 +00:00
Andrew Tridgell
06274bd870 s4-gensec: fixed a valgrind error in gensec 
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
 2010-09-26 21:12:09 -07:00
Andrew Tridgell
a40dcd161c s4-dns: use the generated krb5.conf in samba_dnsupdate 
this gives one less thing that an admin can get wrong

Autobuild-User: Andrew Tridgell <tridge@samba.org>
Autobuild-Date: Mon Sep 27 02:35:29 UTC 2010 on sn-devel-104
 2010-09-27 02:35:29 +00:00
Andrew Tridgell
93be0d6178 s4-provision: fixed the generation of the krb5.conf for vampire 
we need a correct krb5.conf for nsupdate from bind9
 2010-09-27 01:53:45 +00:00
Nadezhda Ivanova
99ac4e92ff s4-ldbmodules: Added new module aclread to handle access checks on LDAP search 
It is currently enabled only if the request comes from the LDAP server, and is
disabled  by default. Use acl:search=true in smb.conf to enable it.
It filters out all objects the user is not allowed to see, and all attributes
the user does not have RP on. Extended access not supported yet.
 2010-09-26 15:36:09 -07:00
Nadezhda Ivanova
93ba17285d s4-tests: Added tests for search checks on attributes 
The ACL reach tests are in the knowfail because aclread module is not
enabled by default
 2010-09-26 15:36:09 -07:00
Nadezhda Ivanova
3e08965369 s4-tests: Removed search tests with anonymous credentials as they fail againts Windows 
These tests will fail in make test as well if the acl_read module is enabled.
 2010-09-26 15:36:09 -07:00
Nadezhda Ivanova
dc9991ab0e s4-dsdb: Added a function to check access on a particular object by its guid 
Similar to dsdb_check_access_on_dn, only it searches by guid.
 2010-09-26 15:36:09 -07:00
Nadezhda Ivanova
4d3f528411 s4-dsdb: A helper to determine if an attribute is part of the search filter 2010-09-26 15:36:09 -07:00
Nadezhda Ivanova
b77edca7f8 s4-dsdb: Moved some helper functions to a separate file 
We need these to be accessible to the aclread module as well.
 2010-09-26 15:36:09 -07:00
Nadezhda Ivanova
3d0e36bc87 s4-ldap: Added a control to apply the access checks on read via LDAP 2010-09-26 15:36:09 -07:00
Stefan Metzmacher
80f8419ef2 s4:schannel: handle move flag combinations in the server 
This fixes some testsuites in the CIFS plugfest.

metze
 2010-09-26 09:40:36 +02:00
Andrew Tridgell
7dbfeb0dc0 s4-auth: fixed the SID list for DCs in the PAC 
the S-1-5-9 SID is added in the PAC by the KDC, not on the server that
receives the PAC

Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
Pair-Programmed-With: Stefan Metzmacher <metze@samba.org>

Autobuild-User: Andrew Tridgell <tridge@samba.org>
Autobuild-Date: Sun Sep 26 07:09:08 UTC 2010 on sn-devel-104
 2010-09-26 07:09:08 +00:00
Andrew Tridgell
f33fc39f37 s4-drs: use the system sam_ctx for updaterefs 
this is needed for RODC clients calling updaterefs
 2010-09-26 06:29:06 +00:00
Andrew Tridgell
f3ceec9b1b s4-spn: don't try to do SPN updates as a RODC 
we don't have the permissions to do it
 2010-09-26 06:29:06 +00:00
Andrew Bartlett
0b5a556b76 s4-kerberos Don't segfault if the password isn't specified in keytab generation 
Andrew Bartlett

Autobuild-User: Andrew Bartlett <abartlet@samba.org>
Autobuild-Date: Sun Sep 26 03:29:34 UTC 2010 on sn-devel-104
 2010-09-26 03:29:34 +00:00
Matthieu Patou
c680a42504 upgradeprovision: fix a typo 2010-09-26 06:22:43 +04:00
Matthieu Patou
873bd98904 upgradeprovision: Fix a bug with renamed entries 
The SD was not refetched for renamed entries, resulting with a try to
add an additional SD when there was already one.
 2010-09-26 06:22:43 +04:00
Matthieu Patou
43274c9071 upgradeprovision: fix a bug with not updated links 2010-09-26 06:22:43 +04:00
Matthieu Patou
a8f8f277ff s4 provision: start with gpo of version 0 and be consistent between different policies 2010-09-26 06:22:43 +04:00
Matthieu Patou
76d87b7fb5 s4 upgradeprovision: fix a bug with empty reference objects 
Thanks to lukas@eecs.qmul.ac.uk for poiting it to me
 2010-09-26 06:22:43 +04:00
Matthieu Patou
3c95d4d313 s4 upgradeprovision: Copy versionNumber if not present it helps to make gpo valid 2010-09-26 06:22:43 +04:00
Matthieu Patou
dfa468fd08 s4 provision: Make GPO folder group writable 
The group of this folder is domain administrator and it seems sensible
that all domain administrators have the right to modify the gpo (they
have it at the NT ACLs level ...)
 2010-09-26 06:22:43 +04:00
Matthieu Patou
69ef2b3705 upgradeprovision: use the same case for hostname in reference provision as in the current provision 
Autobuild-User: Andrew Tridgell <tridge@samba.org>
Autobuild-Date: Sun Sep 26 01:21:52 UTC 2010 on sn-devel-104
 2010-09-26 01:21:52 +00:00
Andrew Tridgell
e8fec1d3c6 s4-dns: the DNS/${HOSTNAME} SPN should be on the DNS account only 2010-09-26 01:21:50 +00:00
Andrew Tridgell
b8444b64a3 s4-provision: switch to dns-HOSTNAME instead of dns 
We now use a host specific account name for the DNS account, which is
the account used for dynamic DNS updates. We also setup the
servicePrincipalName for automatic update, and add both DNS/${DNSDOMAIN}
and DNS/${DNSNAME} for compatibility with both the old and new SPNs

Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
 2010-09-26 01:21:49 +00:00
Kamen Mazdrashki
f1b3c4dd38 s4-possibleinferiors.py: Fix usage of 'paged_search' module for remote LDB connections 2010-09-26 02:25:13 +03:00
Kamen Mazdrashki
11785600be s4-fsmo.py: Fix usage of 'paged_search' module for remote LDB connections 2010-09-26 02:25:12 +03:00
Kamen Mazdrashki
cf57771116 s4-delete_object.py: Fix usage of 'paged_search' module for remote LDB connections 2010-09-26 02:25:12 +03:00
Kamen Mazdrashki
04826b65f6 s4-sec_descriptor.py: Fix usage of 'paged_search' module for remote LDB connections 2010-09-26 02:25:12 +03:00
Kamen Mazdrashki
7a7068f2ed s4-ldap_schema.py: Remove unused LDB connection to GC port 2010-09-26 02:25:11 +03:00
Kamen Mazdrashki
8780d2934b s4-dsdb_schema_info.py: Fix usage of 'paged_search' module for remote LDB connections 2010-09-26 02:25:11 +03:00
Kamen Mazdrashki
7e1e7b16f6 s4-ldapcmp: Fix usage of 'paged_search' module for remote LDB connections 2010-09-26 02:25:10 +03:00
Kamen Mazdrashki
9e6fa8553c s4-ldapcmp: Extend ldapcmp to be able to compare more than one context at a time 
If no arguments given, ldapcmp will compare all NCs
 2010-09-26 02:25:03 +03:00
Jelmer Vernooij
296ff486e4 Check in configure/Makefile for those projects that have waf as primary build system. 2010-09-25 12:20:57 -07:00
Andrew Tridgell
85ba79063f ldb: mark the location of a lot more ldb requests 2010-09-25 10:38:45 -07:00
Andrew Tridgell
5568fcd88b s4-dsdb: added tagging of requests in dsdb modules 
this allows you to call dsdb_req_chain_debug() in gdb or when writing
debug code to see the request chain
 2010-09-25 10:38:45 -07:00
Andrew Tridgell
f4893e7d33 ldb: added request location tracking 
this is used to help debug async ldb requests. The ldb request handle
now contains a location string and the parent request pointer. This
allows us to print a backtrace of ldb requests in the dsdb modules.
 2010-09-25 10:38:45 -07:00
Andrew Tridgell
d72dbe847e s4-repl: make getncchanges a bit less verbose 
this should reduce some of the clutter in make test
 2010-09-25 10:38:45 -07:00
Andrew Tridgell
c53210bf06 s4-net: added --ipaddress option to net commands 
this allows override of server IP address, bypassing NBT or DNS name
resolution of DCs

Pair-Programmed-With: Stefan Metzmacher <metze@samba.org>
 2010-09-25 10:38:45 -07:00
Andrew Tridgell
3d7a4cf5b6 s4-pynet: added server keyword to Net() initialisation 
this sets up server_address in the libnet context

Pair-Programmed-With: Stefan Metzmacher <metze@samba.org>
 2010-09-25 10:38:45 -07:00
Andrew Tridgell
805d9425c2 s4-libnet: added server_address option in libnet context 
this is used by libnet_LookupDCs 

Pair-Programmed-With: Stefan Metzmacher <metze@samba.org>
 2010-09-25 10:38:45 -07:00
Andrew Tridgell
a360428588 s4-finddcs: allow override of server IP address 
this will be used to implement --ipaddress option to net commands

Pair-Programmed-With: Stefan Metzmacher <metze@samba.org>
 2010-09-25 10:38:45 -07:00
Andrew Tridgell
bd228f9858 s4-repl: don't store repsFrom on DNs other than NC heads 
we don't want a refsFrom on the Rid Manage$ DN 

Pair-Programmed-With: Anatoliy Atanasov <anatoliy.atanasov@postpath.com>
 2010-09-25 10:38:45 -07:00
Andrew Tridgell
781796c557 s4-pycredentials: avoid a tallloc_free on ref 
with the new py object structure, we need to unlink not free
 2010-09-25 10:38:44 -07:00
Andrew Tridgell
a1d52540a3 s4-repl: use namingContexts from rootDSE to initialise partition list 
this is preferable to looking for the hasMasterNCs attribute on
nTDSDSA objects.
 2010-09-25 10:38:44 -07:00
Andrew Tridgell
370446769d s4-repl: force on WRIT_REP when we are a writable replica 
this ensures we always mark ourselves as writeable when we are not
an RODC
 2010-09-25 10:38:44 -07:00
Andrew Tridgell
3aea12d0ab s4-repl: use dreplsrv_partition_source_dsa_by_guid to find source dsa 
this avoids a list walk in the calling code
 2010-09-25 10:38:44 -07:00
Andrew Tridgell
ca847b593d torture: fixed a valgrind error in SMB2-CREATE 
the lock structure had uninitialised elements, so we sent a random
length.

This also adds a 1 byte write, so there is real data that is being
truncated with the 2nd open
 2010-09-25 10:38:44 -07:00
Nadezhda Ivanova
99f0891944 s4-dsdb: Fixed a call to the wrong ops function in dsdb_module_search_dn. 2010-09-25 10:19:11 -07:00
Günther Deschner
bd5f932eef s4-waf: add NDR_EVENTLOG. 
Guenther
 2010-09-24 21:10:47 -07:00
Günther Deschner
204ba65772 s4-waf: rename subsystem NDR_LSAPRC to NDR_LSA. 
Guenther
 2010-09-24 21:10:47 -07:00
Andrew Bartlett
c9b19d9b69 s4-kerberos Rework keytab handling to export servicePrincipalName entries 
This creates keytab entries with all the servicePrincipalNames listed
in the secrets.ldb entry.

Andrew Bartlett
 2010-09-24 15:07:56 +10:00
Andrew Bartlett
b00dc83992 s4-selftest Run slow tests less often 
These tests don't need to be run twice - basic parsing errors that
will show up with the various options will be caught quite well
by other tests.

Andrew Bartlett
 2010-09-24 09:25:44 +10:00
Andrew Bartlett
e823cb8cac s4-libnet_join Use header constant for 'all encryption types' in msDS-SupportedEncryptionTypes 2010-09-24 09:25:44 +10:00
Andrew Bartlett
f03913e2cc s4-kerberos Move 'set key into keytab' code out of credentials. 
This code never really belonged in the credentials layer, and
is easier done with direct access to the ldb_message that is
in secrets.ldb.

Andrew Bartlett
 2010-09-24 09:25:44 +10:00
Andrew Bartlett
062b0ebc04 s4-libnet Remove libnet_samdump_keytab() and net samdump keytab 
There is a beter implementation of this in Samba3, and this uses
functions in the credentials code that I want to remove.

The same functionality is available by running 'net samsync' and
'net export keytab'.  This isn't a DRS-backed utility, it only
used netlogon replication.

Andrew Bartlett
 2010-09-24 09:25:43 +10:00
Andrew Bartlett
f9698cfc97 s4-kerberos Fix kerberos_enctype_bitmap_to_enctypes() 
The previous code never worked

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
 2010-09-24 09:25:43 +10:00
Matthias Dieter Wallnöfer
964f992779 s4:repl_meta_data - also on delete operations the new RDN attribute has to be casefolded correctly 
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
 2010-09-24 09:25:43 +10:00
Matthias Dieter Wallnöfer
30afa65785 s4:lazy_commit LDB module - the "show_deleted" control is initialised by the "show_deleted" LDB module 
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
 2010-09-24 09:25:43 +10:00
Matthias Dieter Wallnöfer
29e3806b0e s4:rootdse LDB module - make use of "dsdb_forest_functional_level" 
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
 2010-09-24 09:25:43 +10:00
Matthias Dieter Wallnöfer
9123bcbf77 s4:ldap.py - add tests for the "dsServiceName", "serverName", "dnsHostName" and "ldapServiceName" rootDSE attributes 
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
 2010-09-24 09:25:43 +10:00
Matthias Dieter Wallnöfer
76c346dfc1 s4:provision - rootdse - remove static "ldapServiceName" attribute 
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
 2010-09-24 09:25:43 +10:00
Matthias Dieter Wallnöfer
1d9a348144 s4:rootdse LDB module - introduce dynamic "ldapServiceName" 
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
 2010-09-24 09:25:43 +10:00
Matthias Dieter Wallnöfer
ccc67a03d6 s4:provision - rootdse - remove static "dnsHostName" attribute 
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
 2010-09-24 09:25:43 +10:00
Matthias Dieter Wallnöfer
681106af4f s4:rootdse LDB module - introduce dynamic "dnsHostName" attribute 
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
 2010-09-24 09:25:43 +10:00
Matthias Dieter Wallnöfer
5f60f5e5e7 s4:provision - rootdse - remove the static attribute "serverName" 
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
 2010-09-24 09:25:43 +10:00
Matthias Dieter Wallnöfer
5fd7bc8564 s4:rootdse LDB module - make "serverName" dynamic 
This helps to fix bug #7347. "dsServiceName" cannot be made dynamic in such a
simple way since it's already needed on LDB initialisation time.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
 2010-09-24 09:25:43 +10:00
Matthias Dieter Wallnöfer
e446ef1c3f s4:rootdse LDB module - remove "priv" checks where not needed 
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
 2010-09-24 09:25:42 +10:00
Matthias Dieter Wallnöfer
f1535694f7 s4:rootdse LDB module - better that the "edn" control handling is done last 
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
 2010-09-24 09:25:42 +10:00
Matthias Dieter Wallnöfer
b6eb1b2072 s4:torture/rpc/netlogon.c - remove the dependency on "samdb_server_site_name" 
Since this one relies on the right server loadparm context which we aren't able
to provide over torture.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
 2010-09-24 09:25:42 +10:00
Matthias Dieter Wallnöfer
65ca9e691b s4:provision.py - support still not fully provisioned trees regarding the rootDSE module 
We simply override the NTDS settings path manually

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
 2010-09-24 09:25:42 +10:00
Matthias Dieter Wallnöfer
439d7ff935 s4:provision.py - make more use of "names.serverdn" on NTDS settings location 
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
 2010-09-24 09:25:42 +10:00
Matthias Dieter Wallnöfer
679eb33e79 s4:samldb LDB module - it isn't allowed to create user/computer accounts with a primary group specified 
It can only be changed afterwards. We allow a "relax"ed exception for the
provision state since we need this for the guest account.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
 2010-09-24 09:25:42 +10:00
Matthias Dieter Wallnöfer
2e913994f2 s4:dsdb/common/util_samr.c - remove the primary group specifications 
Now also the primary group detection/change on modify operations does work

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
 2010-09-24 09:25:42 +10:00
Matthias Dieter Wallnöfer
c03ec03212 s4:ldap.py - test default primary groups on modify operations 
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
 2010-09-24 09:25:42 +10:00
Matthias Dieter Wallnöfer
f46c6233e7 s4:samldb LDB module - support the "userAccountControl" -> "primaryGroupID" detection also on modify operations 
Also requested by MS-SAMR 3.1.1.8.1.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
 2010-09-24 09:25:42 +10:00
Matthias Dieter Wallnöfer
72bb8c3fb3 s4:ldap.py - enhance SAM user/groups behaviour test regarding default primary groups 
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
 2010-09-24 09:25:42 +10:00
Matthias Dieter Wallnöfer
f45848e33a s4:python/samba/join.py - add a comment to point out that NCs have to be assigned dynamically 
We could also have DNS partitions (only to make one example).

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
 2010-09-24 09:25:42 +10:00
Matthias Dieter Wallnöfer
8223342e50 s4:python/samba/join.py - use constant for DC function level 
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
 2010-09-24 09:25:42 +10:00
Matthias Dieter Wallnöfer
f84724cebc s4:rootdse LDB module - make more use of LDB result constants 
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
 2010-09-24 09:25:41 +10:00
Matthias Dieter Wallnöfer
08298457d4 s4:rootdse LDB module - fix comment typo 
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
 2010-09-24 09:25:41 +10:00
Matthias Dieter Wallnöfer
7a1a0cde2e s4:password_hash LDB module - don't assign "lp_ctx" twice 
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
 2010-09-24 09:25:41 +10:00
Matthias Dieter Wallnöfer
9ca8214978 ldb:ldb_match.c - fix counter variable type 
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
 2010-09-24 09:25:41 +10:00
Matthias Dieter Wallnöfer
0f163eb611 ldb:ldb_msg_add_linearized_dn - handle NULL DNs 
Don't let the routine crash

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
 2010-09-24 09:25:41 +10:00
Matthias Dieter Wallnöfer
e59cdaf40e s4:rootdse LDB module - fix counter types 
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
 2010-09-24 09:25:41 +10:00
Matthias Dieter Wallnöfer
1a1be71eb8 s4:extended_dn_in LDB module - fix a counter type 
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
 2010-09-24 09:25:41 +10:00
Matthias Dieter Wallnöfer
6c349d479f s4:drepl_out_helpers.c - fix a counter type 
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
 2010-09-24 09:25:41 +10:00
Matthias Dieter Wallnöfer
80f3e92d0a s4:rpc_server/dcerpc_server.c - fix a "const" warning 
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
 2010-09-24 09:25:41 +10:00
Matthias Dieter Wallnöfer
ae60328b1c s4:libcli/resolve/file.c - fix "const" warning 
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
 2010-09-24 09:25:41 +10:00
Günther Deschner
0261b96bd8 s4-waf: move the RPC_NDR subsystems to main librpc wscript_build. 
Guenther
 2010-09-23 14:48:34 -07:00
Anatoliy Atanasov
859f3cdd4a s4/eventlog6: Add dummy implementation for calls 0x5 and 0xB 
The code is enough to let us run all dcdiag tests against samba4 server
 2010-09-23 13:34:09 -07:00
Anatoliy Atanasov
411e6bc3f2 s4/eventlog6: Build and hook EventLog6 RPC endpont mapper and idl 2010-09-23 13:34:08 -07:00
Anatoliy Atanasov
b23609812a s4/eventlog6: Add endpoint server for EventLog6 RPC 
The file is generated using PIDL --template command.
 2010-09-23 13:34:08 -07:00
Anatoliy Atanasov
67b6252eed s4/dsdb:kcc: cleanup and improve readability 2010-09-23 08:41:05 -07:00
Stefan Metzmacher
519180c341 s4:dsdb/kcc: we don't need to manually allocate [out,ref] pointers anymore 
metze

Signed-off-by: Anatoliy Atanasov <anatoliy.atanasov@postpath.com>
 2010-09-23 08:41:05 -07:00
Stefan Metzmacher
224fbbe33f s4:irpc: use LIBNDR_FLAG_REF_ALLOC for the server side when pulling 
The dcerpc server also uses it, so it was surprising that the
IRPC server side doesn't used it.

The reason to have this is that we want to handle error cases
and returns like NT_STATUS_NOT_SUPPORTED sane, without crashing
while marshalling the response.

metze

Signed-off-by: Anatoliy Atanasov <anatoliy.atanasov@postpath.com>
 2010-09-23 08:41:05 -07:00
Stefan Metzmacher
be0ed310b3 s4:irpc: add padding to the IPRC header for 8 byte alignment 
As we marshall the iprc header and the payload to the ndr_push
context, we should pad the irpc header to let the payload start
at an 8 byte boundary.

This way we get the alignment still be correct if we remove the
header before passing the raw payload to the caller.

As we use IRPC more and more for complex NDR marshalled structures
we need to get this right, in order to not get random ndr_pull failures.

metze

Signed-off-by: Anatoliy Atanasov <anatoliy.atanasov@postpath.com>
 2010-09-23 08:41:04 -07:00
Günther Deschner
ce6ef803ce s4-waf: add NDR_LSARPC and NDR_SAMR. 
Guenther
 2010-09-23 08:13:15 -07:00
Günther Deschner
43e3555ed9 s4-waf: move two more NDR_ subsystems to main directory. 
Guenther
 2010-09-23 08:13:14 -07:00
Günther Deschner
031dd8cc62 waf: move majority of shared NDR_ subsystems to main wscript_build. 
(so they can be used by s3 waf later)

Guenther
 2010-09-23 01:01:40 -07:00
Andrew Tridgell
8ccbbe042b lib-subunit: fixed build on systems without subunit devel library 
Pair-Programmed-With: Jelmer Vernooij <jelmer@samba.org>
 2010-09-23 07:17:57 +00:00
Andrew Tridgell
d2008fbbb9 s4-kcc: the kcc should not be setting the repsTo attribute 
repsTo is set by other DCs, when they ask to be notified about changes
in a partition
 2010-09-23 07:17:57 +00:00
Andrew Tridgell
7a05e04dfc s4-gensec: fixed a client side bug in GENSEC/SASL/SSF negotiation 
this is the client side equivalent change for the previous fix

Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
 2010-09-23 07:17:57 +00:00
Andrew Tridgell
c0ff93b033 s4-drs: we don't need to decode to utf8 in python dcerpc strings any more 
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
 2010-09-23 07:17:57 +00:00
Andrew Tridgell
bf1f2d4eb8 s4-gensec: prevent a double free in the error path of GSSAPI auth 
the caller frees mem_ctx, so we shouldn't

Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
 2010-09-23 07:17:57 +00:00
Andrew Tridgell
202525db13 s4-gensec: fixed a GSSAPI SASL negotiation bug 
Fixed a bug that affected mismatched negotiation between the GSSAPI
layer and the SASL SSF subsequent negotiation. This caused some ldap
clients to hang when trying to authentication with a Samba LDAP
server. The client thought the connection should be signed, the server
thought it should be in plain text

Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
 2010-09-23 07:17:57 +00:00
Andrew Tridgell
d1cbd68bb1 s4-kcc: added service->am_rodc 
use a rodc flag on the service instead of calling samdb_rodc each time
 2010-09-23 07:17:57 +00:00
Andrew Tridgell
c166b44b47 s4-kcc: pass the service context into the kcc connection code 
this will be used for the RODC changes needed for the kcc
 2010-09-23 07:17:56 +00:00
Jelmer Vernooij
7378b6d2a2 s4-selftest: Move credentials tests to standard python directory. 2010-09-22 22:29:09 -07:00
Jelmer Vernooij
cc5b673e18 s4-selftest: Move samba3sam test to standard python directory. 2010-09-22 22:29:09 -07:00
Jelmer Vernooij
5651f8a9a7 s4-selftest: Fix prefixes for ldb tests - they're samba4 specific. 2010-09-22 22:29:09 -07:00
Jelmer Vernooij
136aa0d5ac smbtorture: Report times. 2010-09-22 22:29:09 -07:00
Jelmer Vernooij
a15a33a9a8 torture: Use system subunit library if available. 2010-09-22 22:29:09 -07:00
Jelmer Vernooij
3d0e6db9dc selftest: Fix idlist running. 2010-09-22 22:29:09 -07:00
Jelmer Vernooij
f9ed11c756 s4-selftest: For idlist tests, leave out environment name. 2010-09-22 22:29:08 -07:00
Jelmer Vernooij
0dde34ffc7 s4-selftest: Add environment name to test suite manually, so we can 
leave it out if we want to.
 2010-09-22 22:29:08 -07:00
Jelmer Vernooij
9bce783878 selftest: Fix use of --load-list. 2010-09-22 22:29:08 -07:00
Jelmer Vernooij
cd8d780420 s4-selftest: Cleanup formatting. 2010-09-22 22:29:08 -07:00
Jelmer Vernooij
a171816672 selftest: Add prefix on a higher level, so it can be more easily 
excluded.
 2010-09-22 22:29:08 -07:00
Steven Danneman
bf1a4b2bc4 s4:libcli:smb2 Rename pending_id to async_id and make 64-bit 
Match MS-SMB2 - 2.2.1.1   SMB2 Packet Header - ASYNC
 2010-09-22 17:52:53 -07:00
Jelmer Vernooij
1716cdbef3 dsdb: Use short path for ldb_handlers.h, in case ldb is installed in the 
system.
 2010-09-22 17:48:24 -07:00
Jelmer Vernooij
8dd0c8c546 ldb: Use waf as default build system. 2010-09-22 17:48:24 -07:00
Jelmer Vernooij
c031329af1 ldb: Depend directly on replace, fixes the build on systems with 
tdb and tevent installed in the system.
 2010-09-22 17:48:24 -07:00
Jelmer Vernooij
1c3c9a483b s4-param: Fix more memory leaks, invalid memory context. 2010-09-22 17:48:24 -07:00
Jelmer Vernooij
3fea9df85a s4-param: Check type when converting python object to lp_ctx, fix some 
memory leaks.
 2010-09-22 17:48:23 -07:00
Jelmer Vernooij
63031a2a78 pygensec: Implement start_mech_by_name(). 2010-09-22 17:48:23 -07:00
Jelmer Vernooij
5a75fb194a ndrdump: Move blackbox test to standard python namespace. 2010-09-22 17:48:23 -07:00
Jelmer Vernooij
18f10eec0e s4/selftest: Simplify running of python tests. 2010-09-22 17:48:23 -07:00
Jelmer Vernooij
31d5ac0540 selftest: Let tests add prefix to tests by themselve. 2010-09-22 17:48:23 -07:00
Günther Deschner
a1ced10196 s4-smbtorture: print out membership in RPC-SPOOLSS-ACCESS. 
Guenther
 2010-09-22 12:24:29 -07:00
Kamen Mazdrashki
0027af02d2 s4-drs-test: Relax a check that may possibly fail 
This check may fail due to automatic replication between DCs
during the test execution.
Ideally we should block automatic replications (somehow)
during this test. But until then, we need just to skip
this check, it is not *that* important anyway
 2010-09-22 15:07:24 +03:00
Kamen Mazdrashki
e3b81c6062 s4-ldapcmp: Enable comparisons between LDBs too 
This will enable us to compare two LDBs or and LDB with running
AD server. Comparing LDB against running running server
may come into handy when one want to see if 'net vampire'
command does what it does the right way
 2010-09-22 15:07:24 +03:00
Jelmer Vernooij
e12e661f35 s4-selftest: Move more tests to scripting/python, simplifies running of tests. 2010-09-21 22:54:38 -07:00
Jelmer Vernooij
118c6548bb selftest: Fix run for systems without testtools installed. 2010-09-21 22:54:37 -07:00
Jelmer Vernooij
7c1b00f4a8 selftest: Use idlist testing for python tests. 2010-09-21 22:54:37 -07:00
Jelmer Vernooij
bf907d2c4a selftest: Support running individual tests using idlists, for testsuites that support them. 2010-09-21 22:54:35 -07:00