sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2025-01-27 14:04:05 +03:00
Code
63,485 Commits 60 Branches 1,146 Tags
Commit Graph

63485 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Simo Sorce
5da783f4a7 s3:smbd add utility function to check if there are open pipes 2010-06-07 17:25:48 -04:00
Simo Sorce
f9fc4df0c0 s3:rpc make num_pipe_handles get an actual pipe as argument 
Let the function abstract out how handles are counted
 2010-06-07 17:25:48 -04:00
Simo Sorce
22e9015e97 s3:rpc handles are used by all pipes, use better name 2010-06-07 17:25:48 -04:00
Simo Sorce
f7e2e8370b s3:rpc fix potential out of bound memory access 
memcpy copies memory unconditionally, we are passing "" in some cases here.
Use strncpy which will stop reading from src if the null byte is found and
will fill with nulls the destination.
 2010-06-07 17:25:47 -04:00
Björn Jacke
711a30aa61 s3: fix build on platforms without st_blocks and st_blksize stat struct members 
This fixes bug 7474.
 2010-06-07 23:16:48 +02:00
Matthias Dieter Wallnöfer
99c9e358c5 ldb:pyldb.c - we cannot use "ldb_dn_compare" if both message DNs are NULL in "py_ldb_msg_compare" 
Discovered by the testcase.
 2010-06-07 21:26:33 +02:00
Matthieu Patou
0c3dfd7a79 s4 python: add more unit tests to verify the compare tests 2010-06-07 21:06:23 +02:00
Matthias Dieter Wallnöfer
1949864417 s4:objectclass_attrs LDB module - move the single-valued attribute check into this module 
It seems to me more consistent (and also to keep the same behaviour on all
backends).

Also the DRS hack should therefore not be needed anymore since the
"repl_meta_data" module launches requests behind "objectclass_attrs".
 2010-06-07 20:54:10 +02:00
Matthias Dieter Wallnöfer
a75d271373 s4:rdn_name LDB module - move the "distinguishedName" write prevent check here 
In my eyes it fits better here than in the TDB backend code.
 2010-06-07 20:31:22 +02:00
Andrew Bartlett
9a747d500f s3:auth add hooks to indicate if signing or sealing is desired with NTLMSSP 
This allows the right hooks to be called in GENSEC when s3compat
implements the auth_ntlmssp interface.  Otherwise, we can't do the
signing or sealing as we have not negoitated it's use.

Andrew Bartlett
 2010-06-07 23:34:29 +10:00
Andrew Bartlett
edba46ce94 s3:auth Change auth_ntlmssp_server_info API to return NTSTATUS 
It's nicer to have an NTSTATUS return, and in s3compat there may be a
reason other than 'no memory' why this can fail.

Andrew Bartlett
 2010-06-07 23:34:29 +10:00
Andrew Bartlett
0af2dc43ad s3:named pipe proxy Improve error messages when named pipes fail to forward 
I hope this helps the next person who needs to debug this.

Andrew Bartlett
 2010-06-07 23:34:29 +10:00
Andrew Bartlett
4a7f45b7e1 s3:smbd Give the kerberos session key a parent 
I can't see what would free this, so this should prevent a memory leak.

Andrew Bartlett
 2010-06-07 23:34:28 +10:00
Andrew Bartlett
d25e9ab9a1 named_pipe_auth Always lower case the incoming pipe name 
Windows connects to an upper case NETLOGON pipe, and we can't find the
socket to connect to until we lower case the name.

Andrew Bartlett
 2010-06-07 23:34:28 +10:00
Andrew Bartlett
8f1cec5faf s3:smbd Fix segfault if register_existing_vuid() fails 
The register_existing_vuid() call will handle both the ntlmssp_end and
vuid invalidation internally, so we don't want to do it again.

Andrew Bartlett
 2010-06-07 23:34:28 +10:00
Andrew Bartlett
fc956cfcbb s3:auth Rename user_info->domain -> user_info->mapped.domain_name 
This is closer to the structure I want for a common struct
auth_usersupplied_info.

Andrew Bartlett
 2010-06-07 23:34:28 +10:00
Andrew Bartlett
deabae191b s3:auth Rename user_info->client_domain -> user_info->client.domain_name 
This is closer to the structure I want for a common struct
auth_usersupplied_info.

Andrew Bartlett
 2010-06-07 23:34:28 +10:00
Andrew Bartlett
e21935fc74 s3:auth fix header comment for internal_username -> mapped.account_name 2010-06-07 23:34:28 +10:00
Andrew Bartlett
7a021df96d s3:auth Rename user_info->internal_username -> user_info->mapped.account_name 
This is closer to the structure I want for a common struct
auth_usersupplied_info.

Andrew Bartlett
 2010-06-07 23:34:28 +10:00
Andrew Bartlett
23159453d3 s3:auth Rename user_info->smb_name -> user_info->client.account_name 
This is closer to the structure I want for a common struct
auth_usersupplied_info.

Andrew Bartlett
 2010-06-07 23:34:28 +10:00
Matthias Dieter Wallnöfer
0dc88d2745 s4:samba_dsdb LDB module - fix typos 2010-06-07 15:02:38 +02:00
Matthias Dieter Wallnöfer
63a8c65861 s4:samba_dsdb LDB module - enhance/fix module rule comments 2010-06-07 15:00:26 +02:00
Simo Sorce
00089fd74a s3:auth make sure the primary group sid is usable 
This function was previously performed under the cover by converting
back and forth from info3 to samu and then later from samu to info3.

Since we now shortcircuit that in some cases, check explicitly using
get_primary_group_sid()

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
 2010-06-07 22:53:08 +10:00
Simo Sorce
048575defb s3:auth return the full passwd struct from check_account 
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
 2010-06-07 22:53:08 +10:00
Simo Sorce
0a7ff14617 s3:passdb Export function to calculate the proper primary group sid 
Don't keep it buried in passdb, this function need to be available
for use in places where we do not want to construct an artificial
samu struct just to play tricks.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
 2010-06-07 22:53:08 +10:00
Simo Sorce
aaf45cd48e s3:auth remove unused structure member 
sids are now completely handled using info3, remove dead code that fills
server info sids and the structure members themselves

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
 2010-06-07 22:53:07 +10:00
Simo Sorce
aa1a3cbad2 s3:auth create nt token from info3 directly 
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
 2010-06-07 22:53:07 +10:00
Simo Sorce
e6456df148 s3:auth handle unix domain sids in samu 
When we generate a user out of thin air we may end up adding sids
that are not part of the sam domain (unix domain sids).
Handle the case and preserve these sids as extra sids.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
 2010-06-07 22:53:07 +10:00
Simo Sorce
61823fb885 s3:auth set the resolved user sid in the fake sam account 
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
 2010-06-07 22:53:07 +10:00
Simo Sorce
ef942172b9 s3:auth check the user is valid first 
It makes no sense to go through all the hoops to build samu and
convert it to info3, just to discard them later if the user was
not valid.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
 2010-06-07 22:53:06 +10:00
Simo Sorce
1bb0afa662 s3:auth make sure we set the right username 
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
 2010-06-07 22:53:06 +10:00
Matthias Dieter Wallnöfer
aa32725886 s4:ldap.py - add some "objectclass" behaviour tests 2010-06-07 14:47:26 +02:00
Matthias Dieter Wallnöfer
e3c686daec s4:objectclass LDB module - rework the code which handles the objectclasses modification 
Before it has been very incomplete. We try now to match the Windows Server
behaviour as close as possible.
 2010-06-07 14:47:25 +02:00
Matthias Dieter Wallnöfer
17f465a4ac s4:ldap.py - enhance the attributes testcase to demonstrate how the attributes are checked against the schema and the specified objectclasses 
This demonstrates the bew "objectclass_attrs" LDB module behaviour.
 2010-06-07 14:47:24 +02:00
Matthias Dieter Wallnöfer
ee278bf0c4 s4:acl LDB module - LDB attribute names should be compared using "ldb_attr_cmp" or "strcasecmp" 2010-06-07 14:47:24 +02:00
Matthias Dieter Wallnöfer
566d13c5d1 s4:acl LDB module - adaption for "objectclass_attrs" module 
Since the attribute schema checking code moved back we need to give here the
"LDB_ERR_NO_SUCH_ATTRIBUTE" error.
 2010-06-07 14:47:24 +02:00
Matthias Dieter Wallnöfer
e7eef53fe5 s4:objectclass LDB module - remove "fix_check_attributes" 
Also this task is now performed by the "objectclass_attrs" LDB module.
 2010-06-07 14:47:23 +02:00
Matthias Dieter Wallnöfer
227144e050 s4:samldb LDB module - adjust the module to set always a "defaultObjectCategory" on objectclass add operations 
This is needed to make the "objectclass_attrs" LDB module happy. The search
check and case adjustment are done as it was using a second modify operation.
 2010-06-07 14:47:23 +02:00
Matthias Dieter Wallnöfer
bd910952ba s4:remove the "validate_update" LDB module - the task is now handled by the far more complete "objectclass_attrs" LDB module 2010-06-07 14:47:23 +02:00
Matthias Dieter Wallnöfer
2586cbaadc s4:dsdb - introduce a new "objectclass_attrs" LDB module which performs the objectclass attributes checking 
Until now we had no real consistent mechanism which allowed us to check if
attributes belong to the specified objectclasses.
 2010-06-07 14:47:22 +02:00
Matthias Dieter Wallnöfer
9e56b54414 s4:objectclass LDB module - instanciate the schema variable centrally on the "ac" context creation 
This unifies the position when the schema is read and prevents multiple
instanciations (eg on a modification operation).
 2010-06-07 14:47:22 +02:00
Matthias Dieter Wallnöfer
da90868907 s4:samldb LDB module - finally we can remove the RDN check 
This is now dynamically always done by the objectclass LDB module
 2010-06-07 14:47:22 +02:00
Matthias Dieter Wallnöfer
9ab3365fa5 s4:ldap.py - enhance the rename tests to demonstrate the functionality 2010-06-07 14:47:21 +02:00
Matthias Dieter Wallnöfer
ec9b6f3c60 s4:objectclass LDB module - finally implement the correct entry rename protections 
Only the "systemFlags" check is still missing.
 2010-06-07 14:47:21 +02:00
Matthias Dieter Wallnöfer
0ca17eaa15 s4:objectclass LDB module - cosmetic change 2010-06-07 14:47:21 +02:00
Matthias Dieter Wallnöfer
c6020ccb87 s4:objectclass LDB module - remove duplicated code 2010-06-07 14:47:20 +02:00
Matthias Dieter Wallnöfer
95da724325 s4:objectclass LDB module - fix counter variable types 2010-06-07 14:47:20 +02:00
Matthias Dieter Wallnöfer
0408ec11a9 s4:objectclass LDB module - explain why the search can return with an empty return 2010-06-07 14:47:20 +02:00
Matthias Dieter Wallnöfer
6afa5a733c s4:objectclass LDB module - this "talloc_steal" is not necessary 
The "parent_dn" was created on the "ac" context which lives anyway longer
than this child request.
 2010-06-07 14:47:19 +02:00
Matthias Dieter Wallnöfer
2d3760c04c s4:objectclass LDB module - fix error result if an entry doesn't contain a structural objectclass 
We need to return LDB_ERR_UNWILLING_TO_PERFORM (not LDB_ERR_NAMING_VIOLATION).
 2010-06-07 14:47:19 +02:00