sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2025-01-11 05:18:09 +03:00
Code
77,537 Commits 60 Branches 1,145 Tags 452 MiB
7ac5c5061e
Commit Graph

28076 Commits

Author SHA1 Message Date
Amitay Isaacs
7ac5c5061e dlz_bind9: Added access check to verify dynamic update 
This creates session info from kerberos ticket and verifies if
the signer has write access to a particular DN corresponding
to the name in dynamic update.

Pair-Programmed-With: Andrew Tridgell <tridge@samba.org>
 2011-11-29 16:00:36 +11:00
Amitay Isaacs
dcc5a7e1f2 dlz_bind9: Use the sam database in dns/ as default 
This change is introduced to access samdb copy directly, rather
than over ildap. The advantage is that the samba server does not
need to be running for bind9 to start.
 2011-11-29 16:00:36 +11:00
Amitay Isaacs
341979cc9a s4-provision: Create a samdb copy for access by dlz_bind9 module 
This creates a copy of rootdse, configuration and schema partitions
for dlz_bind9 use in dns/ directory.  Since dlz_bind9 requires write
access to DNS partitions (DomainDnsZones and ForestDnsZones), those
partitions are hard-linked (or symlinked) to the actual partitions.
An empty domain partition is created so samdb layer can work.
 2011-11-29 16:00:36 +11:00
Amitay Isaacs
6822eae323 s4-provision: Extract security descriptors in separate file 
Need to use domain security descriptor from sambadns.py also.
 2011-11-29 16:00:36 +11:00
Amitay Isaacs
5184fc8893 s4-test: Remove metadata and ldb.d directory on clean up 
When using partitions, metadata.tdb automatically gets created in
${prefix}ldb.d/ directory. To correctly clean up check if metadata.tdb
exists, then remove metadata.tdb and directory.
 2011-11-29 16:00:36 +11:00
Amitay Isaacs
13545d781b s4-samdb: seqence_number() operation must be in a transaction 2011-11-29 16:00:36 +11:00
Amitay Isaacs
49926a2ac6 s4-dsdb: Added metadata to partition module for global sequence number 
This adds support for global sequence number which is independent of
partition information.

Signed-off-by: Andrew Tridgell <tridge@samba.org>
 2011-11-29 16:00:35 +11:00
Amitay Isaacs
349c54528b s4-dsdb: use dsdb_module_extended instead of duplicate code 
Signed-off-by: Andrew Tridgell <tridge@samba.org>
 2011-11-29 16:00:35 +11:00
Amitay Isaacs
422fcbbe72 s4-dsdb: Return ldb_result context in dsdb_module_extended 
The result of the extended operation is now available in the calling
routine.

Signed-off-by: Andrew Tridgell <tridge@samba.org>
 2011-11-29 16:00:35 +11:00
Amitay Isaacs
c199b35dd4 s4-dsdb: Remove LDB_SEQ_HIGHEST_TIMESTAMP sequence number support 
This was a hack for LDAP backends to store a sequence number as a
timestamp. It is still supported in standalone ldb tdb backend.

Signed-off-by: Andrew Tridgell <tridge@samba.org>
 2011-11-29 16:00:35 +11:00
Matthias Dieter Wallnöfer
0e526062a4 s4:torture/ldap/cldap.c - remove the "test_cldap_netlogon_flag_ds_dns_forest" test 
The test is wrong since the DNS_* (DS_DNS_CONTROLLER, DS_DNS_DOMAIN,
DS_DNS_FOREST_ROOT) flags are never set on the plain CLDAP pipe. They
get added only over the DsRGetDCName* calls over NETLOGON RPC.

Signed-off-by: Stefan Metzmacher <metze@samba.org>

Autobuild-User: Stefan Metzmacher <metze@samba.org>
Autobuild-Date: Sun Nov 27 16:23:27 CET 2011 on sn-devel-104
 2011-11-27 16:23:27 +01:00
Matthias Dieter Wallnöfer
6b63d7e618 s4:selftest/test_samba_tool.sh - add a basic unit test for the new "domain info" command 
Signed-off-by: Stefan Metzmacher <metze@samba.org>
 2011-11-27 12:51:57 +01:00
Matthias Dieter Wallnöfer
f57f009bc6 samba-tool: domain info - add basic exception handling 
It is nicer to get an error message rather than a stacktrace on wrong IP
addresses.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
 2011-11-27 12:51:57 +01:00
Matthieu Patou
08ca7d1634 samba-tool: add a domain info command to get basic info 
Signed-off-by: Matthias Dieter Wallnöfer <mdw@samba.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
 2011-11-27 12:51:56 +01:00
Matthias Dieter Wallnöfer
521c708fe4 s4:netlogon RPC server - DsRGetDcNameEx - set the DNS name flags correctly 
The rules are explained in MS-NRPC 2.2.1.2.1.

Patch inspired by Matthieu Patou.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
 2011-11-27 12:51:54 +01:00
Matthieu Patou
1770dafafd s4-netlogon: return WERR_NO_SUCH_DOMAIN instead of WERR_DS_UNAVAILABLE if we are unable to translate the domain to a dn 
Signed-off-by: Matthias Dieter Wallnöfer <mdw@samba.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
 2011-11-27 12:50:49 +01:00
Matthias Dieter Wallnöfer
b89374934f s4:cldap_server/netlogon.c - DS_SERVER_CLOSEST handling 
DS_SERVER_CLOSEST is only set when the client and server site coincide.

MS-NRPC 2.2.1.2.1

Signed-off-by: Stefan Metzmacher <metze@samba.org>
 2011-11-27 12:50:48 +01:00
Matthias Dieter Wallnöfer
fc26e29f8e s4:netcmd/common.py: add a "netcmd" function to do a cldap netlogon request 
This is useful for a new "samba-tool domain info" command.

Patch inspired by Matthieu Patou.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
 2011-11-27 12:50:06 +01:00
Matthias Dieter Wallnöfer
179bf9b51c s4:libnet/py_net.c: "py_net_finddc" - add an "address" parameter 
This is useful for a new "samba-tool domain info" command.

Patch inspired by Matthieu Patou.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
 2011-11-26 10:34:58 +01:00
Matthias Dieter Wallnöfer
dec1435a42 s4:libnet/py_net.c - initialise optional keyword arguments 
Signed-off-by: Stefan Metzmacher <metze@samba.org>
 2011-11-26 10:32:59 +01:00
Matthias Dieter Wallnöfer
ad19aa6331 s4:libcli/finddcs_cldap.c - let "finddcs_cldap" work either with the IP address or the domain name 
This will be useful for a new "samba-tool domain info" command.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
 2011-11-26 10:26:52 +01:00
Matthieu Patou
9e6c88bda5 smbtorture: avoid sigsev if the password is not correct 
Signed-off-by: Matthias Dieter Wallnöfer <mdw@samba.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
 2011-11-26 10:17:39 +01:00
Matthias Dieter Wallnöfer
83c039378b s4:update_keytab LDB module - no need to filter for the DN 
We launch a search request with base scope on exactly the same DN (see
downwards).

Signed-off-by: Stefan Metzmacher <metze@samba.org>
 2011-11-26 10:17:18 +01:00
Stefan Metzmacher
4958d7cb44 s4:libcli/smb2: use talloc_zero() in smb2_request_init() 
metze
 2011-11-24 19:02:33 +01:00
Stefan Metzmacher
f132ad32cc s4:libcli/smb2: fix compiler warning in smb2_push_o16s16_string() 
metze
 2011-11-24 19:02:33 +01:00
Stefan Metzmacher
300343d16c s4:libcli/smb2: implement on top of smbXcli_conn/req 
metze
 2011-11-24 19:02:33 +01:00
Stefan Metzmacher
378c21a72a s4:torture/smb2: use tctx->ev as event context for polling 
metze
 2011-11-24 19:02:33 +01:00
Kai Blin
9f1eb8ab8e s4 dns: Test QCLASS_NONE query 
Autobuild-User: Kai Blin <kai@samba.org>
Autobuild-Date: Thu Nov 24 14:10:45 CET 2011 on sn-devel-104
 2011-11-24 14:10:44 +01:00
Kai Blin
8685a35e9c s4 dns: Test QTYPE_ALL query 2011-11-24 12:35:08 +01:00
Kai Blin
16d9ebb396 s4 dns: Check more of the returned values for the A query 2011-11-24 12:35:08 +01:00
Kai Blin
1a599da550 s4 dns: Move dns_transaction_udp to other helper functions 2011-11-24 12:35:08 +01:00
Andrew Tridgell
b16f539e0e s4-dns: added --no-credentials option to samba_dnsupdate 
this is for a user who is doing DNS updates via key files rather than
GSSAPI. This allows the update to go through without a kerberos error

Autobuild-User: Andrew Tridgell <tridge@samba.org>
Autobuild-Date: Tue Nov 22 06:34:59 CET 2011 on sn-devel-104
 2011-11-22 06:34:59 +01:00
Jeremy Allison
3e6e1aed94 Fix a bunch of "warning: variable ‘XXXX’ set but not used [-Wunused-but-set-variable]" warnings from the new gcc. 
Autobuild-User: Jeremy Allison <jra@samba.org>
Autobuild-Date: Mon Nov 21 23:39:08 CET 2011 on sn-devel-104
 2011-11-21 23:39:08 +01:00
Günther Deschner
1781415196 s4-smbtorture: add ndr test for nbt_netlogon_packet to avoid future regressions. 
Guys, we really should make sure to always add ndr tests like this whenever we
change some sensitive libndr or handmarshalling bits.

Guenther

Autobuild-User: Günther Deschner <gd@samba.org>
Autobuild-Date: Sun Nov 20 23:10:39 CET 2011 on sn-devel-104
 2011-11-20 23:10:39 +01:00
Matthieu Patou
6d29581637 s4-dsdb: Modify the repl_meta_data behavior to allow Metadata change on attribute interSiteTopologyGenerator even if the value didn't change 
Autobuild-User: Matthieu Patou <mat@samba.org>
Autobuild-Date: Sat Nov 19 16:47:53 CET 2011 on sn-devel-104
 2011-11-19 16:47:53 +01:00
Amitay Isaacs
cd3f552f4f s3-py-passdb: Fix handling of uninitialized gid values 
Uninitialized gid value is set to -1 and return as such from python
passdb api.

Autobuild-User: Amitay Isaacs <amitay@samba.org>
Autobuild-Date: Fri Nov 18 06:18:33 CET 2011 on sn-devel-104
 2011-11-18 06:18:33 +01:00
Amitay Isaacs
9318e00a1f dsdb: Fix the password expiry calculation 
As per Section 3.1.1.4.5.26 [MS-ADTS.pdf], password is expired if

  pwdLastSet = null, or
  pwdLastSet = 0, or
  (maxPwdAge != 0x8000000000000000 and (ST - pwdLastSet) > maxPwdAge)
 2011-11-18 14:38:28 +11:00
Amitay Isaacs
d0e9f22654 s3-passdb_test: Policy values are converted to signed integer 
No need to check value for 0xffffffff (4294967295).
 2011-11-18 14:38:28 +11:00
Amitay Isaacs
244ecc844d s4-s3-upgrade: Add --verbose option to print extra details 2011-11-18 14:38:28 +11:00
Andrew Bartlett
f93ec5a027 s4-auth log details about any token we fail to convert to a unix token 
Now that entries are being added into the idmap DB from Samba3, and
may be UID or GID but not BOTH, failures are more likely.

Andrew Bartlett
 2011-11-18 14:38:28 +11:00
Amitay Isaacs
e6c77f523b s4-s3-upgrade: Fix idmap types ID_TYPE_UID/ID_TYPE_GID instead of UID/GID 2011-11-18 14:38:28 +11:00
Amitay Isaacs
6a2a2dfa5f samba-tool: Fix the domain account policy max_pwd_age calculation 
Windows sets maxPwdAge to -0x8000000000000000 when maximum password
age is set to 0 days.
 2011-11-18 14:38:27 +11:00
Amitay Isaacs
c48a2aa438 s4-s3-upgrade: Fix the minimum and maximum password age calculation 
Windows sets maxPwdAge to -0x8000000000000000 when maximum password age
is set to 0 days.
 2011-11-18 14:38:27 +11:00
Andrew Bartlett
e80dbdcab1 s4-s3-upgrade now look for -1 as the special 'not set' value 
this is possible because we know the py_passdb will always set -1
here, not passing though 0xFFFFFFFF.

Andrew Bartlett
 2011-11-18 14:38:27 +11:00
Kai Blin
468fa95df2 s4 dns: Reduce test output noise by upping log level for dns_name_packet logging 
Autobuild-User: Kai Blin <kai@samba.org>
Autobuild-Date: Thu Nov 17 20:10:05 CET 2011 on sn-devel-104
 2011-11-17 20:10:05 +01:00
Kai Blin
e5ebda4156 s4 dns: Add a first test case 2011-11-17 15:25:58 +01:00
Jelmer Vernooij
f7c8af7599 samba.tests.dsdb: Import TestCase from samba.tests. 
Autobuild-User: Jelmer Vernooij <jelmer@samba.org>
Autobuild-Date: Thu Nov 17 08:36:17 CET 2011 on sn-devel-104
 2011-11-17 08:36:17 +01:00
Jelmer Vernooij
1214e5f23d samba.tests: Make sure testtools is available before importing it. 2011-11-17 07:02:15 +01:00
Amitay Isaacs
3bb5af5244 s4-dsdb: Remove unsed variable 2011-11-17 03:49:07 +01:00
Andrew Bartlett
47d34997e8 s4-s3-upgrade Test getdomainsid as well 2011-11-17 00:34:09 +01:00