1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-22 13:34:15 +03:00
Commit Graph

1132 Commits

Author SHA1 Message Date
Tim Beale
539daefaf3 libnet/drs: Update replication debug to report link progress
Update the replication debug (for joins/backups) so that it's easier to
see how far through syncing the links we are. E.g. with 150,000 links,
you just get screeds of debug like this, with no real idea how far
through the replication is.

Partition[DC=addom,DC=samba,DC=example,DC=com] objects[11816/11720]
linked_values[1500/150024]
Partition[DC=addom,DC=samba,DC=example,DC=com] objects[11816/11720]
linked_values[1500/150024]
Partition[DC=addom,DC=samba,DC=example,DC=com] objects[11816/11720]
linked_values[1500/150024]

This patch now applies to links the same debug logic we use for objects,
and changes it to look like:

Partition[DC=addom,DC=samba,DC=example,DC=com] objects[11816/11720]
linked_values[57024/150024]
Partition[DC=addom,DC=samba,DC=example,DC=com] objects[11816/11720]
linked_values[58524/150024]
Partition[DC=addom,DC=samba,DC=example,DC=com] objects[11816/11720]
linked_values[60024/150024]

Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2018-10-17 05:40:07 +02:00
Andrew Bartlett
83bde8a49c FIXUP: Improve memory handling on py_net_change_password
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Noel Power <noel.power@suse.com>

Autobuild-User(master): Noel Power <npower@samba.org>
Autobuild-Date(master): Thu May 17 14:28:19 CEST 2018 on sn-devel-144
2018-05-17 14:28:19 +02:00
Noel Power
75e1019f61 s4/libnet: Allow passwords containing non ascii characters to be passed
Although we can pass unicode to py_net_change_password unfortunately in
Python2 unicode strings are encoded with the default encoding (e.g. ascii)
 when extracting the unicode string to buffer.
In Python3 the default encoding for "s" format is utf8. Use the "es"
format instead of "s" so we can specify the encoding so behaviour is
correct in py2/py3.

Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2018-05-17 11:31:28 +02:00
Gary Lockyer
5c0345ea9b samdb: Add remote address to connect
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2018-05-10 20:02:23 +02:00
Noel Power
84f7ead29a s3/libnet/wscript: build samba-net lib for extra-python/py3
python_net needs to link appropriate samba-net library for extra-py/py3
version so we need to build it for extra-python/py3

Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2018-04-13 07:27:11 +02:00
Noel Power
4a58393b2b wscript_build: make sure we link extra-python versions of libraries
Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2018-04-13 07:27:11 +02:00
Noel Power
4f036497f1 python3 port for dckeytab module
Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2018-03-23 07:28:26 +01:00
Andrej Gessel
8e6050587b bugfix memory leak. partition_dn is only used to search and compare and is not freed at the function end.
Signed-off-by: Andrej Gessel <Andrej.Gessel@janztec.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
2018-03-19 07:33:44 +01:00
Swen Schillig
e01d7d9d0f Replace NT_STATUS_HAVE_NO_MEMORY macro
Replaced NT_STATUS_HAVE_NO_MEMORY macro and fixed
memory leaking error-path.

Signed-off-by: Swen Schillig <swen@vnet.ibm.com>
Reviewed-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Christof Schmitt <cs@samba.org>

Autobuild-User(master): Christof Schmitt <cs@samba.org>
Autobuild-Date(master): Sat Mar  3 00:00:34 CET 2018 on sn-devel-144
2018-03-03 00:00:34 +01:00
Swen Schillig
6d0b6e937a Minor cleanup of libnet_LookupName_recv
Reduce indentation level and comply with 80 column rule.

Signed-off-by: Swen Schillig <swen@vnet.ibm.com>
Reviewed-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Christof Schmitt <cs@samba.org>
2018-03-02 19:13:52 +01:00
Swen Schillig
14f83ff835 Zero libnet_LookupName out struct before using
Zero libnet_LookupName out struct before setting results,
preventing false result interpretation.

Signed-off-by: Swen Schillig <swen@vnet.ibm.com>
Reviewed-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Christof Schmitt <cs@samba.org>
2018-03-02 19:13:52 +01:00
Swen Schillig
106ea7a1bc Minor cleanup to libnet_join_member
Prevent code duplication by consolidating cleanup task
at the end of the function.

Signed-off-by: Swen Schillig <swen@vnet.ibm.com>
Reviewed-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Sat Feb 24 23:19:05 CET 2018 on sn-devel-144
2018-02-24 23:19:05 +01:00
Swen Schillig
925dc87a2a talloc_zero libnet_context on init
Zero the libnet_context on initialization
preventing an uninitalized cli_credentials struct.

Signed-off-by: Swen Schillig <swen@vnet.ibm.com>
Reviewed-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Thu Feb  1 00:33:34 CET 2018 on sn-devel-144
2018-02-01 00:33:34 +01:00
Swen Schillig
849169a7b6 Fix wrong condition for error string assignment
Signed-off-by: Swen Schillig <swen@vnet.ibm.com>
Reviewed-by: Volker Lendecke <vl@samba.org>
Reviewed-by: David Disseldorp <ddiss@samba.org>

Autobuild-User(master): David Disseldorp <ddiss@samba.org>
Autobuild-Date(master): Thu Jan 25 17:19:12 CET 2018 on sn-devel-144
2018-01-25 17:19:12 +01:00
Volker Lendecke
89c3a1ebbe libnet: Use talloc_zero instead of ZERO_STRUCTP
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: David Disseldorp <ddiss@samba.org>
2018-01-25 12:24:08 +01:00
Volker Lendecke
3022da1a72 libnet: Add NULL checks to py_net_finddc
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2018-01-09 18:25:07 +01:00
Garming Sam
17f1c6f9f4 schema: Make writing indices flag an enum for a new state
In schema_load_init, we find that the writing of indices is not locked
in any way. This leads to race conditions. To resolve this, we need to
have a new state (SCHEMA_COMPARE) which can report to the caller that we
need to open a transaction to write the indices.

Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2017-11-24 01:13:14 +01:00
Andrew Bartlett
51289a6f9b debug: Add new debug class "drs_repl" for DRS replication processing
This is used in the client and in the server

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2017-09-07 06:56:27 +02:00
Tim Beale
89cf5c3f76 replmd: Don't fail cycle if we get link for deleted object with GET_TGT
We are going to end up supporting 2 different server schemes:
A. the old/default behaviour of sending all the linked attributes last,
   at the end of the replication cycle.
B. the new/Microsoft way of sending the linked attributes interleaved
   with the source/target objects.

Normally if we're talking to a server using the old scheme-A, we won't
ever use the GET_TGT flag. However, there are a couple of cases where
it can happen:
- A link to a new object was added during the replication cycle.
- An object was deleted while the replication was in progress (and
the linked attribute got queued before the object was deleted).

Talking to an Samba DC running the old scheme will just cause it to
start the replication cycle from scratch again, which is fairly
harmless. However, there is a chance that the same thing can happen
again, in which case the replication cycle will fail (because GET_TGT
was already set).

Even if we're using the new scheme (B), we could still potentially hit
this case, as we can still queue up linked attributes between requests
(group memberships can be larger than what can fit into a single
replication chunk).

If GET_TGT is set in the GetNcChanges request, then the local copy of
the target object should always be up-to-date when we process the linked
attribute. So if we still think the target object is deleted/recycled at
this point, then it's safe to ignore the linked attribute (because we
know our local copy is up-to-date). This logic matches the MS spec logic
in ProcessLinkValue().

Not failing the replication cycle may be beneficial if we're trying to
do a full-sync of a large database. Otherwise it might be time-consuming
and frustrating to repeat the sync unnecessarily.

Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Reviewed-by: Garming Sam <garming@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12972
2017-08-18 06:07:12 +02:00
Tim Beale
f69596cd21 drs: Fail replication transaction instead of dropping links
If the DRS client received a linked attribute that it couldn't resolve
the target for, then it would just ignore that link and keep going. That
link would then be lost forever (although a full-sync would resolve
this). Instead of silently ignoring the link, fail the transaction.

This *can* happen on Samba, but it is unusual. The target object and
linked-attribute would need to be added while a replication is still in
progress. It can also happen fairly easily when talking to a Windows DC.

There are two import exceptions to this:

1). Linked attributes that span partitions. We can never guarantee that
we will have received the target object, because it may be in a partition
we haven't replicated yet. Samba doesn't have a great way of handling
this currently, but we shouldn't fail the replication (because that breaks
basic join tests). Just skip that linked attribute and hope that a
subsequent full-sync will fix it.
(I queried Microsoft and they said resolving cross-partition linked
attributes is a implementation-specific problem to solve. GET_TGT won't
resolve it)

2). When the replication involves a subset of objects, e.g.
critical-only. In these cases, we don't increase the highwater-mark, so
it is probably not such a dire problem if we don't add the link. In the
case of critical-only, we will do a subsequent full sync which will then
add the links.

Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Reviewed-by: Garming Sam <garming@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12972
2017-08-18 06:07:11 +02:00
Tim Beale
475a320646 libnet: Initialize req_level in become_dc tests
The net.api.become.dc tests would always pass the request into
libnet_vampire_cb_store_chunk() with req_level=0, which meant that
storing the chunk didn't use the correct replica_flags/exop.

I noticed this problem when working on client-side support for GET_TGT.
My changes relied on the critical-only request flag being passed down
into replmd, but because the request flags weren't passed correctly, my
changes caused the become_dc tests to fail.

Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2017-07-28 00:25:15 +02:00
Alexander Bokovoy
303a52d8d4 py3: Make sure to specify METH_VARARGS together with METH_KEYWORDS
A Python 3 bug https://bugs.python.org/issue15657 explains that one should
always use METH_VARARGS|METH_KEYWORDS when defining a function rather
than a lonely METH_KEYWORDS. We had only one definition like this in
Samba and it was the one that affects FreeIPA when running in Python 3
mode.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12905

Signed-off-by: Alexander Bokovoy <ab@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2017-07-14 07:10:24 +02:00
Gary Lockyer
fa6753d6c2 libnet join: Fix error handling on provision_store_self_join failure
This avoids leaving the error string NULL.

Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Thu May 25 06:28:02 CEST 2017 on sn-devel-144
2017-05-25 06:28:02 +02:00
Andrew Bartlett
83fbd80b3f pynet: Add a hook to decrypt one attribute
This will help with testing GetNCChanges and supplementalCredentials against Windows in Python

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
2017-05-25 02:25:12 +02:00
Andrew Bartlett
5f0e53f1b9 dsdb: Do not write the @INDEXLIST or @ATTRIBUTES records during schema refresh
Instead, write it once in the module init, if required, and after a
modify to the schema partition is detected

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
2017-05-23 01:13:25 +02:00
Gary Lockyer
76692faa9f python net: add username, oldpassword and domain to change_password
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
2017-03-29 02:37:25 +02:00
Ian Stakenvicius
fa829986de waf: disable-python - don't build samba-net
samba-net requires PROVISION, which is disabled when python isn't available.

Signed-off-by: Ian Stakenvicius <axs@gentoo.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2017-03-10 07:31:13 +01:00
Petr Viktorin
8ba2fe54de python: Port the samba.net module to Python 3
Signed-off-by: Petr Viktorin <pviktori@redhat.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2017-03-10 07:31:12 +01:00
Stefan Metzmacher
8b2b721208 py_net: make use of pytalloc_GenericObject_steal()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12601

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2017-02-25 02:39:11 +01:00
Andrew Bartlett
7ed611143f samba-tool drs replicate: Add --single-object
This may help when an object has been incorrectly locally removed from the NC
or there is an urgent need to replicate a specific object (say when full
replication is inoperable).

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
2017-02-23 11:36:21 +01:00
Stefan Metzmacher
26515dca99 s4:libnet: make use of generate_random_machine_password()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12262

Signed-off-by: Stefan Metzmacher <metze@samba.org>
2017-02-21 16:09:22 +01:00
Stefan Metzmacher
2ef7594eca s4:libnet: s/highestCommitedUSN/highestCommittedUSN
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2017-02-08 23:20:17 +01:00
Andrew Bartlett
2a49c74519 python-libnet: Use new NTSTATUSError, WERRORError and DsExtendedError exceptions
This will allow callers to catch specific errors rather than RuntimeException

As this slightly changes the exception, the timecmd test must be updated.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12398
2016-11-04 04:41:19 +01:00
Andrew Bartlett
f72da5ba51 dsdb: Catch errors in extended operations (like allocating a RID Set)
There are cases where allocating a RID Set can reasonably fail.  Catch those nicely.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12398
2016-11-04 04:41:19 +01:00
Andrew Bartlett
46fefb251f dsdb: Rework DSDB code to use WERROR
The WERROR codes are more descriptive for DSDB issues, and almost all the code was
converting from WERROR to NTSTATUS.  This will allow us to better catch specific
errors like WERR_DS_DRA_MISSING_PARENT

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12398
2016-11-04 04:41:19 +01:00
Andreas Schneider
81da37eb90 krb5_wrap: Rename smb_krb5_open_keytab_relative()
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2016-08-31 20:59:15 +02:00
Stefan Metzmacher
cff6111d2f s4:dsdb/repl: set working_schema->resolving_in_progress during schema creation
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12128

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2016-08-11 00:49:15 +02:00
Andrew Bartlett
c533b60ceb s4:dsdb/repl: Improve memory handling in replicated schema code
This attempts to make it clear what memory is short term and what memory is long term

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12115

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2016-08-11 00:49:14 +02:00
Garming Sam
88a4d550ff valgrind: Avoid a warning about uninitialized memory
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2016-07-28 10:06:09 +02:00
Volker Lendecke
874a9d9c87 libnet: Fix CID 1362934: CHECKED_RETURN
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2016-06-28 18:48:07 +02:00
Andrew Bartlett
ca2e038aa5 samba-tool domain join: Set drsuapi.DRSUAPI_DRS_GET_ANC during initial repl
This is needed so that we get parents before children.

We need this to ensure that we always know the correct parent for a
new child object, rather than just trusting the DN string

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
2016-06-06 08:50:09 +02:00
Andrew Bartlett
65a35acbf3 repl: Pass in the full partition DN to dsdb_replicated_objects_convert()
When we were processing an EXOP, we would pass in a DN specific to that
operation, but this stopped repl_meta_data from finding the parent object

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
2016-06-06 08:50:09 +02:00
Noel Power
409cd516ca s4:libnet: fix 'Syscall param writev(vector[...])' valgrind error
running smbtorture rpc.dfs.netdfs.StdRoot yields the following valgrind trace

==18861== Syscall param writev(vector[...]) points to uninitialised byte(s)
==18861==    at 0xFBA2C87: writev (in /lib64/libc-2.19.so)
==18861==    by 0x106CB033: writev_handler (async_sock.c:340)
==18861==    by 0xF67812A: ??? (in /usr/lib64/libtevent.so.0.9.26)
==18861==    by 0xF6765F6: ??? (in /usr/lib64/libtevent.so.0.9.26)
==18861==    by 0xF6727FC: _tevent_loop_once (in /usr/lib64/libtevent.so.0.9.26)
==18861==    by 0xF673ACE: tevent_req_poll (in /usr/lib64/libtevent.so.0.9.26)
==18861==    by 0x5D19325: tevent_req_poll_ntstatus (tevent_ntstatus.c:109)
==18861==    by 0x88B2E0D: dcerpc_binding_handle_call (binding_handle.c:556)
==18861==    by 0xBC6D0D2: dcerpc_srvsvc_NetShareDel_r (ndr_srvsvc_c.c:4272)
==18861==    by 0x9786C0C: libnet_DelShare (libnet_share.c:195)
==18861==    by 0x2E0174: test_NetShareDel (dfs.c:103)
==18861==    by 0x2E126F: test_cleanup_stdroot (dfs.c:488)
==18861==  Address 0x18869b46 is 598 bytes inside a block of size 1,325 alloc'd
==18861==    at 0x4C29110: malloc (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
==18861==    by 0xF464A73: _talloc_pooled_object (in /usr/lib64/libtalloc.so.2.1.5)
==18861==    by 0xF67366D: _tevent_req_create (in /usr/lib64/libtevent.so.0.9.26)
==18861==    by 0xB0D49FF: smb1cli_req_create (smbXcli_base.c:1322)
==18861==    by 0xB0E1E6D: smb1cli_trans_send (smb1cli_trans.c:512)
==18861==    by 0xB0ED47D: tstream_smbXcli_np_readv_trans_start (tstream_smbXcli_np.c:901)
==18861==    by 0xB0EC847: tstream_smbXcli_np_writev_write_next (tstream_smbXcli_np.c:578)
==18861==    by 0xB0EC4D7: tstream_smbXcli_np_writev_send (tstream_smbXcli_np.c:505)
==18861==    by 0xC259DFA: tstream_writev_send (tsocket.c:695)
==18861==    by 0xC25AD64: tstream_writev_queue_trigger (tsocket_helpers.c:513)
==18861==    by 0xF673023: tevent_common_loop_immediate (in /usr/lib64/libtevent.so.0.9.26)
==18861==    by 0xF677EED: ??? (in /usr/lib64/libtevent.so.0.9.26)
==18861==

Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2016-04-25 10:35:14 +02:00
Ralph Boehme
deab6c6df7 s4/libnet: fix exporting to keytab by SPN
Fix a regression introduced by 5c5d586d3e that broke exporting
service principals by their spn with

  samba-tool exportkeytab --principal=<SPN>.

Iterating with samba_kdc_nextkey() only returns UPNs, so this can't work
with SPNs. If we want to search for a specific SPN, we have to use
samba_kdc_fetch().

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2016-04-25 10:35:14 +02:00
Andreas Schneider
c027e3d608 s4-libnet: Link dckeytab.so correctly when is AD DC enabled
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>

Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Thu Mar 24 15:12:21 CET 2016 on sn-devel-144
2016-03-24 15:12:21 +01:00
Alexander Bokovoy
acdfa98ac0 s4-libnet: only build python-dckeytab module for Heimdal in AD DC mode
Signed-off-by: Alexander Bokovoy <ab@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>

Autobuild-User(master): Uri Simchoni <uri@samba.org>
Autobuild-Date(master): Wed Mar 23 23:43:51 CET 2016 on sn-devel-144
2016-03-23 23:43:51 +01:00
Garming Sam
7b431eba22 build: mark explicit dependencies on pytalloc-util
All subsystems that include pytalloc.h need to link against
pytalloc-util.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11789

Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

Autobuild-User(master): Garming Sam <garming@samba.org>
Autobuild-Date(master): Tue Mar 15 07:08:16 CET 2016 on sn-devel-144
2016-03-15 07:08:16 +01:00
Andreas Schneider
5c5d586d3e s4-libnet: Implement export_keytab without HDB
This is used by 'samba-tool domain exportkeytab'. This loads the HDB
Samba backend thus needs access to samdb. To avoid using heimdal
specific code here, we could talk to samdb directly and write a
keytab file.

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2016-03-10 06:52:25 +01:00
Andrew Bartlett
04512d1a9d repl: Use DSDB_REPL_FLAG_PRIORITISE_INCOMING in samba-tool drs replicate --local
Previously this would only be set when we did server-to-server replication

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
2015-10-26 05:11:21 +01:00
Andrew Bartlett
4b25650577 repl: Give an error if we get a secret when not expecting one
We should never get a secret from a server when we specify DRSUAPI_DRS_SPECIAL_SECRET_PROCESSING

This asserts that this is the case.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
2015-10-26 05:11:21 +01:00
Andrew Bartlett
80171ddcff samba-tool: Remove vampire subcommand and now unused libnet_Vampire()
This has been deprecated for a long time now

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
2015-10-26 05:11:21 +01:00
Stefan Metzmacher
07b1e375e5 s4:libnet: make use of dcerpc_secondary_auth_connection_send/recv()
This avoid the bogus usage of dcerpc_pipe_auth().

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
2015-07-07 14:05:28 +02:00
Günther Deschner
1e9e40e1d6 s4-libnet: only build python_dckeytab when heimdal is available.
Guenther

Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2015-03-20 23:25:52 +01:00
Stefan Metzmacher
450dc02d6d s4:py_net: make domain and address fully optional to py_net_finddc
E.g. address=None is now also possible.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
2015-03-12 17:13:43 +01:00
Volker Lendecke
38628b1e32 Fix the O3 developer build
Different gcc versions complain at different places

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>

Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Tue Mar  3 13:14:53 CET 2015 on sn-devel-104
2015-03-03 13:14:53 +01:00
Günther Deschner
bb44710200 s4-libnet: make it possible to join "off-site".
Guenther

Signed-off-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>

Autobuild-User(master): Günther Deschner <gd@samba.org>
Autobuild-Date(master): Fri Oct 24 13:50:30 CEST 2014 on sn-devel-104
2014-10-24 13:50:30 +02:00
Jelmer Vernooij
08ca688d4e py_net: Fix typo in change_password docstring, and indentation in
set_password docstring.

Change-Id: I93e9ed79ee43233fc3c1bb69d8eb0a5c6e0e3940
Signed-off-by: Jelmer Vernooij <jelmer@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2014-10-14 06:44:06 +02:00
Stefan Metzmacher
f65c1f0e2f s4:librpc: use authenticated epmapping for ncacn_http
We need to authenticate against the RpcProxy.
In future we could have a way to specify alternative credentials
for the RpcProxy and HttpProxy.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>

Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Tue Sep 23 01:34:05 CEST 2014 on sn-devel-104
2014-09-23 01:34:05 +02:00
Samuel Cabrero
ee32bc2cfb Order switch statements
Signed-off-by: Samuel Cabrero <scabrero@zentyal.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Kamen Mazdrashki <kamenim@samba.org>

Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Mon Jul  7 07:47:44 CEST 2014 on sn-devel-104
2014-07-07 07:47:44 +02:00
Samuel Cabrero
d747372d28 idl:drsuapi: Manage all possible lengths of drsuapi_DsBindInfo
Signed-off-by: Samuel Cabrero <scabrero@zentyal.com>
Reviewed-by: Kamen Mazdrashki <kamenim@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Kamen Mazdrashki <kamenim@samba.org>
2014-07-07 05:22:33 +02:00
Andrew Bartlett
8327321225 dsdb: Do not store a struct ldb_dn in struct schema_data
The issue is that the DN contains a pointer to the ldb it belongs to,
and if this is not kept around long enough, we might reference memory
after it is de-allocated.

Andrew Bartlett

Change-Id: I040a6c37a3164b3309f370e32e598dd56b1a1bbb
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2014-06-11 10:18:26 +02:00
Jose A. Rivera
2c9683db4b Fix an empty if statement.
Primarily following the	precedent set by other uses of composite_is_ok(), but
also making sure nothing tries to use c after this point if it is in fact not
ok.

Signed-off-by: Jose A. Rivera <jarrpa@redhat.com>
Reviewed-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2014-05-05 20:19:13 +02:00
Andrew Bartlett
086c06e361 kerberos: Remove un-used event context argument from smb_krb5_init_context()
The event context here was only specified in the server or admin-tool
context, which does not do network communication, so this only caused
a talloc_reference() and never any useful result.

The actual network communication code sets an event context directly
before making the network call.

Andrew Bartlett

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Mon Apr 28 02:24:57 CEST 2014 on sn-devel-104
2014-04-28 02:24:57 +02:00
Garming Sam
952bc3cad0 Remove a number of NT_STATUS_HAVE_NO_MEMORY_AND_FREE macros from the codebase.
Following the current coding guidelines, it is considered bad practice to return from
within a macro and change control flow as they look like normal function calls.

Change-Id: I133eb5a699757ae57b87d3bd3ebbcf5b556b0268
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2014-03-05 16:33:21 +01:00
Stefan Metzmacher
549001fb73 s4:libnet: add const to libnet_JoinDomain->out.samr_binding
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
2014-02-13 11:54:16 +01:00
Stefan Metzmacher
776f5c65bf s4:libnet: use helper functions to access dcerpc_binding->target_hostname
If possible also specify the already known address as dcerpc_binding->host.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
2014-02-13 11:54:16 +01:00
Stefan Metzmacher
ab5f89bc72 s4:libnet: make use of dcerpc_binding_get_string_option("host")
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
2014-02-13 11:54:16 +01:00
Stefan Metzmacher
cd0981b2d8 s4:libnet: make use of dcerpc_binding_set_flags()
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
2014-02-13 11:54:16 +01:00
Stefan Metzmacher
98e2b3c28f s4:libnet: make use of dcerpc_binding_[g|s]et_*() in libnet_join.c
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
2014-02-13 11:54:16 +01:00
Stefan Metzmacher
133c5ba063 s4:libnet: use 'const struct dcerpc_binding' for local readonly variables
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
2014-02-13 11:54:16 +01:00
Stefan Metzmacher
de8e013bec s4:libnet: make use of dcerpc_binding_get_*() in libnet_rpc.c
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
2014-02-13 11:54:16 +01:00
Stefan Metzmacher
84528b9ee0 s4:libnet_become_dc: make use of dcerpc_binding_[g|s]et_assoc_group_id()
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
2014-02-13 11:54:15 +01:00
Stefan Metzmacher
6a193326d5 s4:libnet: avoid compiler warnings in libnet_lookup.c
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
2014-02-13 11:54:13 +01:00
Stefan Metzmacher
47fa7c83a2 s4:libnet: use dcerpc_binding_dup() in continue_epm_map_binding_send()
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
2014-02-11 16:20:32 +01:00
Stefan Metzmacher
e5e8757887 s4:libnet: make use of dcerpc_binding_dup() in libnet_join.c
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
2014-02-11 16:20:32 +01:00
Stefan Metzmacher
d9573ae076 s4:libnet: let libnet_rpc_usermod() take tevent_context/dcerpc_binding_handle
This avoids usage/dereferencing 'struct dcerpc_pipe'.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
2014-01-16 16:22:52 +01:00
Stefan Metzmacher
f33a558750 s4:libnet: let libnet_rpc_usermod_send() take tevent_context/dcerpc_binding_handle
This avoids usage/dereferencing 'struct dcerpc_pipe'.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
2014-01-16 16:22:52 +01:00
Stefan Metzmacher
5bbcec0c2a s4:libnet: let libnet_rpc_userdel() take tevent_context/dcerpc_binding_handle
This avoids usage/dereferencing 'struct dcerpc_pipe'.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
2014-01-16 16:22:52 +01:00
Stefan Metzmacher
0fdf392e6a s4:libnet: let libnet_rpc_userdel_send() take tevent_context/dcerpc_binding_handle
This avoids usage/dereferencing 'struct dcerpc_pipe'.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
2014-01-16 16:22:52 +01:00
Stefan Metzmacher
adef841a59 s4:libnet: let libnet_rpc_useradd() take tevent_context/dcerpc_binding_handle
This avoids usage/dereferencing 'struct dcerpc_pipe'.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
2014-01-16 16:22:52 +01:00
Stefan Metzmacher
e3b8df2b09 s4:libnet: let libnet_rpc_useradd_send() take tevent_context/dcerpc_binding_handle
This avoids usage/dereferencing 'struct dcerpc_pipe'.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
2014-01-16 16:22:51 +01:00
Stefan Metzmacher
208991e497 s4:libnet: let libnet_rpc_userinfo() take tevent_context/dcerpc_binding_handle
This avoids usage/dereferencing 'struct dcerpc_pipe'.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
2014-01-16 16:22:51 +01:00
Stefan Metzmacher
59fb19ebc4 s4:libnet: let libnet_rpc_userinfo_send() take tevent_context/dcerpc_binding_handle
This avoids usage/dereferencing 'struct dcerpc_pipe'.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
2014-01-16 16:22:51 +01:00
Stefan Metzmacher
3c02eab248 s4:libnet: remove unused libnet_rpc_groupdel* code
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
2014-01-16 16:22:51 +01:00
Stefan Metzmacher
7a97662bb5 s4:libnet: let libnet_rpc_groupadd() take tevent_context/dcerpc_binding_handle
This avoids usage/dereferencing 'struct dcerpc_pipe'.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
2014-01-16 16:22:51 +01:00
Stefan Metzmacher
1c6a2f8bca s4:libnet: let libnet_rpc_groupadd_send() take tevent_context/dcerpc_binding_handle
This avoids usage/dereferencing 'struct dcerpc_pipe'.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
2014-01-16 16:22:51 +01:00
Stefan Metzmacher
959d94b153 s4:libnet: let libnet_rpc_groupinfo() take tevent_context/dcerpc_binding_handle
This avoids usage/dereferencing 'struct dcerpc_pipe'.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
2014-01-16 16:22:51 +01:00
Stefan Metzmacher
0b3b0d225f s4:libnet: let libnet_rpc_groupinfo_send() take tevent_context/dcerpc_binding_handle
This avoids usage/dereferencing 'struct dcerpc_pipe'.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
2014-01-16 16:22:51 +01:00
Stefan Metzmacher
6e5943af94 s4:libnet: avoid using dcecli_connection->event_ctx
We should avoid per connection tevent_contexts,
the one per libnet_context isn't much better, but a start.

Note the pointers have the same value.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
2014-01-16 16:22:51 +01:00
Stefan Metzmacher
c477850467 s4:libnet: keep a dcerpc_binding_handle for samr and lsa
This completes commit a3ae9802d4.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
2014-01-16 16:22:51 +01:00
Jeremy Allison
0dc6181894 CVE-2013-4408:s3:Ensure LookupNames replies arrays are range checked.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=10185

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Jeremy Allison <jra@samba.org>
2013-12-09 07:05:46 +01:00
Andrew Bartlett
a623359fb8 python/drs: Ensure to pass in the local invocationID during the domain join
This ensures (and asserts) that we never write an all-zero GUID as an invocationID
to the database in replPropertyMetaData.

Andrew Bartlett

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2013-09-19 12:25:41 -07:00
Alistair Leslie-Hughes
887f4fbf43 Free memory on error
Reviewed-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Wed Sep 18 19:46:41 CEST 2013 on sn-devel-104
2013-09-18 19:46:41 +02:00
Stefan Metzmacher
c0144273af s4:libnet: avoid usage of dcerpc_schannel_creds()
We use cli_credentials_get_netlogon_creds() which returns the same value.

dcerpc_schannel_creds() is a layer violation.

Signed-off-by: Stefan Metzmacher <metze@samba.org>

Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-08-10 09:18:59 +02:00
Andrew Bartlett
fc13489c91 build: Build with system md5.h on OpenIndiana
This changes (again...) our system md5 detection to cope with how
OpenIndiana does md5.  I'm becoming increasingly convinced this isn't
worth our while (we should have just done samba_md5...), but for now
this change seems to work on FreeBSD, OpenIndiana and Linux with
libbsd.

This needs us to rename struct MD5Context -> MD5_CTX, but we provide a
config.h define to rename the type bad if MD5_CTX does not exist (it does
however exist in the md5.h from libbsd).

Andrew Bartlett

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Wed Jun 19 21:32:36 CEST 2013 on sn-devel-104
2013-06-19 21:32:36 +02:00
Stefan Metzmacher
e24fe5705e libnet-vampire: make use of dsdb_repl_resolve_working_schema()
Pair-Programmed-With: Matthieu Patou <mat@matws.net>

Signed-off-by: Stefan Metzmacher <metze@samba.org>

Reviewed-by: Andrew Bartlett <abartlet@samba.org>

Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Thu May 23 14:18:03 CEST 2013 on sn-devel-104
2013-05-23 14:18:03 +02:00
Matthieu Patou
c7d4b87512 libnet-vampire: add attributes and classes from the replicated schema to the bootstrap schema (bug #8680)
Replicated schema might have attributes and auxilary classes  on some
critical classes (ie.  top, user, computer ) that are not in the bootstrap
schema. Without those new attributes and classes, bootstrap schema is
unable to translate those critical classes in the schema constructed
from the replicated data. Without thoses classes new schema is useless
and can't be indexed properly.

In order to overcome this problem, we put all new attributes and classes
definitions into the bootstrap schema so that foundations classes can be
translated.

Pair-Programmed-With: Stefan Metzmacher <metze@samba.org>

Signed-off-by: Matthieu Patou <mat@matws.net>
Signed-off-by: Stefan Metzmacher <metze@samba.org>

Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-05-23 20:26:17 +10:00
Matthieu Patou
972417131d Fix warnings about set but unused variables
Signed-off-by: Matthieu Patou <mat@matws.net>

Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-05-20 21:54:06 +10:00
Matthieu Patou
bfce9690bf Fix a warning about a shadowed variable by renaming the shadowing var
Signed-off-by: Matthieu Patou <mat@matws.net>

Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-05-20 21:54:06 +10:00
Matthieu Patou
2cc6f9ce7f libnet-vampire: reports Exops as they rather than sync on some partitions
Instead of showing:
Partition[CN=RODC,OU=Domain Controllers,DC=samba,DC=example,DC=com]
objects[1] linked_values[8]
Report a exop based on CN=RODC,OU=Domain Controllers,DC=samba,DC=example,DC=com
as
Exop on CN=RODC,OU=Domain Controllers,DC=samba,DC=example,DC=com, ...

Signed-off-by: Matthieu Patou <mat@matws.net>
Reviewed-By: Andrew Bartlett <abartlet@samba.org>

Autobuild-User(master): Matthieu Patou <mat@samba.org>
Autobuild-Date(master): Wed Jan  9 09:01:30 CET 2013 on sn-devel-104
2013-01-09 09:01:30 +01:00
Matthieu Patou
0c86126d16 libnet: set the invocation_id earlier in order to avoid annoying messages
At that moment we have all the information to set the invocation id so
let's set it, it will avoid useless messages about missing invocation
id.

Signed-off-by: Matthieu Patou <mat@matws.net>
Reviewed-By: Andrew Bartlett <abartlet@samba.org>
2013-01-09 07:19:54 +01:00
Andreas Schneider
e3eaeb942b s4-libnet: Checkr return codes in samsync_ldb_handle_domain().
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
2012-12-21 13:56:00 +01:00
Andreas Schneider
229d934d2f s4-libnet: Fix setting the group handle and return codes.
Found by Coverity.

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>

Autobuild-User(master): Günther Deschner <gd@samba.org>
Autobuild-Date(master): Thu Dec 13 01:01:14 CET 2012 on sn-devel-104
2012-12-13 01:01:13 +01:00
Andreas Schneider
af18339e03 s4-libnet: Don't call talloc_get_type() for the same struct twice.
Found by Coverity.

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
2012-12-12 15:00:02 +01:00
Michael Adam
06e1fca044 libnet: Fix a typo in dbsync error message.
Signed-off-by: Michael Adam <obnox@samba.org>
2012-11-30 14:02:54 +01:00
Andreas Schneider
7a429367a9 libnet: Fix copy and paste error in dbsync error message. 2012-11-30 14:02:53 +01:00
Matthieu Patou
f8c5f98364 s4-drs: Remove unused var
Signed-off-by: Matthieu Patou <mat@matws.net>
2012-11-09 09:20:11 +01:00
Andrew Bartlett
efec5a9299 s4-libnet: Fix memory leak of lsa_RefDomainList and lsa_String onto libnet_ctx
These are only needed for as long as the call, and should be children of the
private context.

This was found based on a log provided by Ricky Nance
<ricky.nance@weaubleau.k12.mo.us>.  Thanks Ricky!

Andrew Bartlett
2012-08-31 14:30:38 +10:00
Andrew Bartlett
e39cce4214 s4-libnet: Fix passing samba_all_enctypes as a fn rather than the encrypt array it returns
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Wed Aug 29 09:56:27 CEST 2012 on sn-devel-104
2012-08-29 09:56:27 +02:00
Andrew Bartlett
0f7aa3db52 lib/krb5_wrap: Bring list of all enc types into krb5_wrap 2012-08-28 07:57:28 +10:00
Andrew Bartlett
861353972d s4-libnet: Ensure termination of enctype array in libnet_export_keytab() 2012-08-28 07:57:28 +10:00
Andrew Bartlett
b5c2747cad s4-provision: pass use_ntvfs from C wrappers and set to true in tests/vampire
None of these cases need the complexity of the s3fs backend.

Andrew Bartlett
2012-08-22 01:31:57 +02:00
Andrew Bartlett
0668f98d11 s4-libnet: Prepare libnet_BecomeDC for samdb_reference_dn() returning an extended DN
Remote LDAP servers will not accept an extended DN with other components.

Andrew Bartlett
2012-08-14 15:37:22 +02:00
Andrew Bartlett
fd0394d85d s4-libnet: Improve debugging of libnet_BecomeDC LDAP errors 2012-08-14 15:37:22 +02:00
Andreas Schneider
0b93587b7e s4-libnet: Skip calling lsarpc functions over a wrong pipe. 2012-07-06 10:00:58 +02:00
Alexander Bokovoy
2ddf89a2bc Introduce system MIT krb5 build with --with-system-mitkrb5 option.
System MIT krb5 build also enabled by specifying --without-ad-dc

When --with-system-mitkrb5 (or --withou-ad-dc) option is passed to top level
configure in WAF build we are trying to detect and use system-wide MIT krb5
libraries. As result, Samba 4 DC functionality will be disabled due to the fact
that it is currently impossible to implement embedded KDC server with MIT krb5.

Thus, --with-system-mitkrb5/--without-ad-dc build will only produce
  * Samba 4 client libraries and their Python bindings
  * Samba 3 server (smbd, nmbd, winbindd from source3/)
  * Samba 3 client libraries

In addition, Samba 4 DC server-specific tests will not be compiled into smbtorture.
This in particular affects spoolss_win, spoolss_notify, and remote_pac rpc tests.
2012-05-23 17:51:50 +03:00
Andrew Bartlett
887487851f s4-libnet: Add mem_ctx to libnet_rpc_groupdel calls (bug #8889)
Autobuild-User: Andrew Bartlett <abartlet@samba.org>
Autobuild-Date: Mon Apr 30 14:41:36 CEST 2012 on sn-devel-104
2012-04-30 14:41:36 +02:00
Andrew Bartlett
566f066a8d s4-libnet: Add mem_ctx to libnet_rpc_groupadd calls (bug #8889) 2012-04-30 13:08:28 +02:00
Andrew Bartlett
b72597c6e3 s4-libnet: Add mem_ctx to libnet_rpc_usermod calls (bug #8889) 2012-04-30 13:08:28 +02:00
Andrew Bartlett
08f8eb4407 s4-libnet: Add mem_ctx to libnet_rpc_userdel calls (bug #8889) 2012-04-30 13:08:28 +02:00
Andrew Bartlett
fd2b21fc38 s4-libnet: Add mem_ctx to libnet_rpc_useradd calls (bug #8889) 2012-04-30 13:08:28 +02:00
Andrew Bartlett
081e7909fc s4-libnet: Add mem_ctx to libnet_rpc_groupinfo calls (bug #8889) 2012-04-30 13:08:28 +02:00
Andrew Bartlett
a6fa69c1b2 s4-libnet: Add mem_ctx to libnet_DomainClose calls (bug #8889) 2012-04-30 13:08:28 +02:00
Andrew Bartlett
74682826d9 s4-libnet: Add mem_ctx to libnet_DomainOpen calls (bug #8889) 2012-04-30 13:08:28 +02:00
Andrew Bartlett
2d8b6ce1c1 s4-libnet: Add mem_ctx to libnet_Lookup calls (bug #8889) 2012-04-30 13:08:28 +02:00
Matthieu Patou
b019248fe8 Add some debug for FOOBAR return case as they are hard to diagnose
Autobuild-User: Matthieu Patou <mat@samba.org>
Autobuild-Date: Sun Apr 29 09:08:15 CEST 2012 on sn-devel-104
2012-04-29 09:08:15 +02:00
Stefan Metzmacher
84ae92da6b s4:libnet: pass an explicit mem_ctx to libnet_rpc_userinfo_send() (bug #8889)
This hopefully fixes the flakey autobuild.

metze

Autobuild-User: Stefan Metzmacher <metze@samba.org>
Autobuild-Date: Tue Apr 24 16:43:03 CEST 2012 on sn-devel-104
2012-04-24 16:43:03 +02:00
Andrew Bartlett
5960b7b2a4 s4-libnet Always return after composite_error()
These instances should not cause a problem, but make it easier to audit for
this kind of problem in the future with grep.

Andrew Bartlett

Autobuild-User: Andrew Bartlett <abartlet@samba.org>
Autobuild-Date: Mon Apr 23 14:29:45 CEST 2012 on sn-devel-104
2012-04-23 14:29:44 +02:00
Andrew Bartlett
4f7666f971 s4-libnet Always return after composite_error()
This can and does cause crashes as multiple conflicting sets of callbacks run on
memory that may have been destroyed.

Andrew Bartlett
2012-04-23 20:48:02 +10:00
Andrew Bartlett
3ffd0f8423 s4-libnet: Fix continue_groupinfo_openuser to check correct state info
This meant that we would attempt to query the user that we could not open.

This is a mirror of 4ba1647d5db59e5bb4911c399111e9286aac1a8e.

Andrew Bartlett
2012-04-23 20:48:02 +10:00
Stefan Metzmacher
dcf82e5869 s4:libnet_become_dc: add missing 'return' after composite_error()
metze
2012-04-23 09:30:10 +02:00
Andrew Bartlett
832dd41551 s4-libnet: Fix continue_groupinfo_opengroup to check correct state info
This meant that we would attempt to query the group that we could not open.

Andrew Bartlett
2012-04-23 06:12:09 +02:00
Andrew Bartlett
bb3d983f5b s4-libnet: Fix segfault shown by wbinfo --group-info=administrator
The issue was that after the LookupNames call indicated that this was
not a group, the call paths diverged, with both sucess and failure
paths running.

Andrew Bartlett
2012-04-23 06:12:09 +02:00
Alexander Bokovoy
bcc16f1911 s4-libnet: split export_keytab in a separate python module to avoid pulling in HDB dependency
Signed-off-by: Andreas Schneider <asn@samba.org>

Autobuild-User: Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date: Thu Apr 12 15:23:19 CEST 2012 on sn-devel-104
2012-04-12 15:23:19 +02:00
Jelmer Vernooij
b4d35bee38 libndr: Rename policy_handle_empty to ndr_policy_handle_empty.
This makes the NDR namespace a bit clearer, in preparation of ABI checking.
2012-03-20 13:54:07 +01:00
Andrew Bartlett
9c11c0cde0 s4-libnet: Remove set but unused variables
Autobuild-User: Andrew Bartlett <abartlet@samba.org>
Autobuild-Date: Thu Mar  1 13:40:12 CET 2012 on sn-devel-104
2012-03-01 13:40:11 +01:00
Andrew Bartlett
1a5eafba13 s4-libnet: Move to talloc_get_type_abort()
The NULL pointer dereference from talloc_get_type() might be free, but the
information on the actual and expected types from talloc_get_type_abort()
is priceless! :-)

Andrew Bartlett
2012-03-01 22:04:46 +11:00
Matthieu Patou
e34fe4dcb6 s4-becomedc: replicate first with DRS_CRITICAL_ONLY and DRS_GET_ANC objects for the base dn partition
Windows dcpromo do the same: getncchanges with DRS_GET_ANC and
DRS_CRITICAL_ONLY, then it does a getncchanges without those flags for
the rest.

Signed-off-by: Andrew Tridgell <tridge@samba.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
2011-12-19 11:49:19 +01:00
Andrew Bartlett
12ce07e53b s4-kdc: Add hdb plugin for samba4, to allow kadmin to work
This will help users who are used to the kadmin interface, and could
be extended to import existing MIT or Heimdal keys into a Samba4 AD
domain.

To use, add to your krb5.conf

[kdc]

database = {
   dbname = samba4:
}

or

[kdc]

database = {
   dbname = samba4:/usr/local/samba/etc/smb.conf
}

And copy hdb_samba4.so from PREFIX/modules/hdb to your Heimdal lib directory

Andrew Bartlett

Autobuild-User: Andrew Bartlett <abartlet@samba.org>
Autobuild-Date: Wed Nov 30 03:22:11 CET 2011 on sn-devel-104
2011-11-30 03:22:11 +01:00
Stefan Metzmacher
f8fbc4163b s4:py_net: add optional 'machinepass' parameter to py_net_join_member()
metze
2011-11-29 09:21:25 +01:00
Stefan Metzmacher
fe69c589e8 s4:libnet: make it possible to join with a given machine password
metze
2011-11-29 09:21:25 +01:00
Stefan Metzmacher
677f5246f1 s4:libnet/py_net: ZERO_STRUCT() struct libnet_Join_member in py_net_join_member()
metze
2011-11-29 09:21:25 +01:00
Stefan Metzmacher
5baa44345f s4:libnet: use talloc_zero(struct libnet_JoinDomain) in libnet_Join_member()
metze
2011-11-29 09:21:25 +01:00
Andrew Bartlett
2bff209128 s4-samba-tool: Add --principal argument to samba-tool domain exportkeytab
This allows only a particular principal to be exported to the keytab.
This is useful when setting up unix servers in a Samba controlled
domain.

Based on a request by Gémes Géza <geza@kzsdabas.hu>

Andrew Bartlett

Autobuild-User: Andrew Bartlett <abartlet@samba.org>
Autobuild-Date: Tue Nov 29 09:20:55 CET 2011 on sn-devel-104
2011-11-29 09:20:54 +01:00
Matthias Dieter Wallnöfer
179bf9b51c s4:libnet/py_net.c: "py_net_finddc" - add an "address" parameter
This is useful for a new "samba-tool domain info" command.

Patch inspired by Matthieu Patou.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
2011-11-26 10:34:58 +01:00
Matthias Dieter Wallnöfer
dec1435a42 s4:libnet/py_net.c - initialise optional keyword arguments
Signed-off-by: Stefan Metzmacher <metze@samba.org>
2011-11-26 10:32:59 +01:00
Stefan Metzmacher
6d3558a8f6 s4:libnet_vampire: setup base_dn on the self_made_schema
metze
2011-11-15 09:46:28 +01:00
Stefan Metzmacher
b33c711851 s4:libnet_vampire: use dsdb_modify(..., DSDB_FLAG_AS_SYSTEM) to store prefixMap
metze
2011-11-15 09:46:28 +01:00
Stefan Metzmacher
28d573168c s4:param/provision: pass schema_dn to provision_get_schema()
metze
2011-11-15 09:46:27 +01:00
Stefan Metzmacher
236e6fecda s4:libnet: initialize forest structure in py_net_replicate_init()
metze
2011-11-15 09:46:25 +01:00