sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2025-01-06 13:18:07 +03:00
Code
64,308 Commits 60 Branches 1,144 Tags 452 MiB
a27bd84bf8
Commit Graph

23561 Commits

Author SHA1 Message Date
Günther Deschner
a329dd0267 s4-smbtorture: add some more multiple_values_tests to RPC-WINREG. 
Guenther
 2010-06-30 21:46:07 +02:00
Stefan Metzmacher
14f8953aa4 s4:dsdb: move dsdb python tests from lib/ldb/ to dsdb/ 
metze
 2010-06-30 11:10:28 +02:00
Stefan Metzmacher
19d93c6a1e s4:ldb/python: make it possible to run tests standalone 
metze
 2010-06-30 10:59:57 +02:00
Matthias Dieter Wallnöfer
bf844aed5b s4:auth/session.c - suppress a warning when freeing "group_string" 2010-06-30 09:38:12 +02:00
Anatoliy Atanasov
6abfe8904a s4:schema/schema_set.c - free LDB message diffs 
Especially the "free"s after "ldb_msg_diff" are very important since the diff
message is allocated on the long-living LDB context.

Signed-off-by: Matthias Dieter Wallnöfer <mdw@samba.org>
 2010-06-30 09:17:44 +02:00
Anatoliy Atanasov
2821abee1f s4:auth/session.c - free "group_string" when not needed 
Signed-off-by: Matthias Dieter Wallnöfer <mdw@samba.org>
 2010-06-30 09:17:06 +02:00
Andrew Bartlett
32b8b401d6 s4:dsdb Fix possible schema segfaults for DRS-replication based schema 
The problem here is that if the schema has been modified on the source
domain, there may be attributes that appear over DRS with 0 values (to
indicate that any existing values on the target should be deleted).
This would confuse the previous version of this macro.

Andrew Bartlett
 2010-06-30 10:22:59 +10:00
Günther Deschner
73fbc9c179 s4-smbtorture: remove duplicate torture_assert_sid_equal macro. 
Guenther
 2010-06-29 23:35:45 +02:00
Günther Deschner
1fb8e192ca s4-smbtorture: add more sophisticated tests for winreg_QueryMultipleValues{2}. 
Guenther
 2010-06-29 23:10:16 +02:00
Matthias Dieter Wallnöfer
f6f21202eb s4:ntvfs/ipc/vfs_ipc.c - remove unused code 
Spotted by the Solaris 10 compiler
 2010-06-29 22:36:03 +02:00
Matthias Dieter Wallnöfer
146dad103b s4:ntvfs/ipc/vfs_ipc.c - add casts to suppress warnings on Solaris 10 2010-06-29 22:35:20 +02:00
Matthias Dieter Wallnöfer
645c3d200c s4:ntp_signd/ntp_signd.c - add casts to suppress warnings on Solaris 10 2010-06-29 22:33:32 +02:00
Matthias Dieter Wallnöfer
95127b3f5f s4:rpc_server/browser.c - remove unused code 
Spotted by the Solaris 10 compiler
 2010-06-29 22:32:05 +02:00
Matthias Dieter Wallnöfer
06bafb7596 s4:smb_server/smb2/find.c - remove unused code 
Spotted by the Solaris 10 compiler
 2010-06-29 22:31:00 +02:00
Matthias Dieter Wallnöfer
00f189f78c s4:smb_server/blob.c - remove unused code 
Spotted by the Solaris 10 compiler
 2010-06-29 22:30:05 +02:00
Matthias Dieter Wallnöfer
4f029f6f1b s4:dsdb/new_partition.c - remove the "ldb_next_request" call which we find also below the "if" block 2010-06-29 22:23:15 +02:00
Matthias Dieter Wallnöfer
17a5c876a6 ldb:ldb_map_outbound.c - "ldb_parse_tree_collect_attrs" - remove unneeded return value 2010-06-29 22:21:22 +02:00
Matthias Dieter Wallnöfer
8e9d7e84f6 ldb:ldb_modules.c - "ldb_dso_load_symbol" - remove unneeded caste before "dlsym" 2010-06-29 22:16:15 +02:00
Matthias Dieter Wallnöfer
657045ca9a s4:ldb - "ldb_dn_update_components" - fix free of invalid DN parts 
Use "LDB_FREE" for such free operations and in addition wipe also the casefolded
DN out.
 2010-06-29 22:13:05 +02:00
Matthias Dieter Wallnöfer
f1e92c91b2 ldb:ldb_dn.c - "ldb_dn_set_extended_component" - free the linearized string when the components change 2010-06-29 22:07:51 +02:00
Matthias Dieter Wallnöfer
0f0d9aa9b5 s4:ldb_dn.c - make the code parts which free extended components consistent 
Cosmetic
 2010-06-29 22:07:01 +02:00
Matthias Dieter Wallnöfer
1e04f49ddb ldb:ldb_dn - "ldb_dn_explode" - move the "dn->comp_num" initalisation upwards and use "LDB_FREE" for freeing "dn->components" 
Mostly cosmetic - no behaviour change
 2010-06-29 21:59:37 +02:00
Günther Deschner
be7bff5eb5 s4-smbtorture: remove some pointless mem_equal tests in LOCAL-NDR-WINREG testsuite. 
Guenther
 2010-06-29 19:57:06 +02:00
Günther Deschner
92f3e143b7 s4-smbtorture: handle NT_STATUS_NOT_IMPLEMENTED in GetForestTrustInformation test. 
When skipping over it, we can at least verify the credential chain.

Guenther
 2010-06-29 17:19:28 +02:00
Günther Deschner
5bc77c8778 s4-smbtorture: use TEST_MACHINE_NAME in test_netr_GetForestTrustInformation(). 
Guenther
 2010-06-29 17:16:25 +02:00
Günther Deschner
b31ff0537a s4-smbtorture: add netr_GetForestTrustInformation test to RPC-NETLOGON. 
Guenther
 2010-06-29 17:13:01 +02:00
Matthias Dieter Wallnöfer
0e21b4ffa0 Revert "s4/dsdb: Fixed partition_search() not to pass special DN's to LDAP backend." 
This reverts commit ed4c107bc1.

See post "Endi's Bug 7530 patches (LDAP backend)" on samba-technical.
 2010-06-29 15:14:32 +02:00
Matthias Dieter Wallnöfer
2198831e6b Revert "s4/auth: Fixed authsam_expand_nested_groups() to find entry SID if not available in the DN." 
This reverts commit fa9557fee3.

See post "Endi's Bug 7530 patches (LDAP backend)" on samba-technical.
 2010-06-29 15:14:01 +02:00
Günther Deschner
1662e383dd s4-smbtorture: add NDR torture test for winreg_QueryMultipleValues2. 
Guenther
 2010-06-29 12:27:08 +02:00
Günther Deschner
7ae7750c40 s4-smbtorture: add RPC torture test for winreg_QueryMultipleValues2. 
Guenther
 2010-06-29 12:27:02 +02:00
Günther Deschner
bf07bf2857 winreg: fix winreg_QueryMultipleValues() IDL and torture tests. 
Guenther
 2010-06-29 11:48:53 +02:00
Nadezhda Ivanova
845e7a609d Fixed incorrect use of cn instead of lDAPDisplayName 2010-06-29 11:46:22 +03:00
Andrew Bartlett
cc7c572b3d s4:secrets Ensure secrets.ldb uses the same hooks as the rest of Samba 
This ensures that, for example, the utf8 functions are the same,
the GUID handler is the same and the NOSYNC flag is applied.

Andrew Bartlett
 2010-06-29 16:59:31 +10:00
Andrew Bartlett
48c8896f2e s4:selftest Split out PKINIT tests from test_kinit.sh and test enc types 
This allows us to run the PKINIT tests only against the main DC (for
which the certificates were generated), while testing the available
encryption types in each functional level.

In particular, we need to assert that AES encryption is available in
the 2008 functional level.

Andrew Bartlett
 2010-06-29 16:59:31 +10:00
Andrew Bartlett
d76e4852eb s4:kdc Rework the 'allowed enc types' calculation 
This changes the calculation to apply the allowed enc types to all
uses of the key (no point allowing a weak kinit to a key the server
wanted strongly protected).  It also ensures that all the non-DES keys
are available on the krbtgt in particular, even as it does not have a
msds-SupportedEncryptionTypes attributes.

Andrew Bartlett
 2010-06-29 16:59:30 +10:00
Andrew Bartlett
f41e711097 s4:auth Query LDB for msds-SupportedEncryptionTypes for the KDC 
The KDC needs this to determine what encryption types an entry supports

Andrew Bartlett
 2010-06-29 16:59:30 +10:00
Andrew Bartlett
5167b97ff2 s4:kerberos Add functions to convert msDS-SupportedEncryptionTypes 
This will allow us to interpret this attibute broadly in Samba.

Andrew Bartlett
 2010-06-29 16:59:30 +10:00
Andrew Bartlett
9fc3f8194d s4:libnet_join Fix typo in msDS-SupportedEncryptionTypes 2010-06-29 16:59:30 +10:00
Andrew Bartlett
94637e5fe4 s4:provision Add an msDS-SupportedEncryptionTypes entry to our DC 
This ensures that our DC will use all the available encyption types.

(The KDC reads this entry to determine what the server supports)

Andrew Bartlett
 2010-06-29 16:59:22 +10:00
Andrew Tridgell
30dc87dab9 build: only use git when found by configure 
this rebuilds version.h whenever the git version changes, so we always
get the right version with samba -V. That adds about 15s to the build
time on each git commit, which shouldn't be too onerous
 2010-06-29 14:28:08 +10:00
Kamen Mazdrashki
1e8876a4f1 s4/repl_meta_data: remove duplicated (and commented out) log 2010-06-29 00:35:23 +03:00
Kamen Mazdrashki
12bc68d4d0 s4/ndr: Fix tuncating of constant to a 'long' type 2010-06-29 00:35:22 +03:00
Matthias Dieter Wallnöfer
e6371246ef s4:lib/registry/ldb.c - add a missing brace 
Sorry didn't check that earlier.
 2010-06-28 23:13:04 +02:00
Matthias Dieter Wallnöfer
ba01b216e2 s4:lib/registry/ldb.c - fix memory handling in "ldb_open_key" 2010-06-28 23:02:56 +02:00
Matthias Dieter Wallnöfer
094c1034d2 s4:lib/ldb/registry.c - handle the classname in the right way 
This is for "ldb_get_key_info".
 2010-06-28 23:02:56 +02:00
Matthias Dieter Wallnöfer
2fb3d8a6cc s4:lib/registry/ldb.c - remove really useless "local_ctx" 
"mem_ctx" should fit for these few local allocations.
 2010-06-28 23:02:56 +02:00
Matthias Dieter Wallnöfer
3935502c67 s4:lib/registry/ldb.c - retrieve the classname correctly in "ldb_get_subkey_by_id" 2010-06-28 23:02:56 +02:00
Matthias Dieter Wallnöfer
77e87e66b0 s4:lib/registry/ldb.c - change the "ldb_get_value" implementation to use the value cache and not an LDB lookup 
In addition this fixes the use of special characters in registry object names.
 2010-06-28 23:02:55 +02:00
Matthias Dieter Wallnöfer
b6eb17eb1e s4:auth/sam.c - "authsam_expand_nested_groups" - small performance improvement 
We can save one search operation if "only_childs" is false and when we had no
SID passed as extended DN component.
 2010-06-28 20:31:37 +02:00
Matthias Dieter Wallnöfer
a782eaa2fd s4:auth/sam.c - "authsam_expand_nested_groups" - cosmetic/comments 2010-06-28 20:31:37 +02:00
Matthias Dieter Wallnöfer
03ffed73db s4:auth/sam.c - "authsam_expand_nested_groups" - use "dsdb_search_dn" where possible 
And always catch LDB errors
 2010-06-28 20:31:37 +02:00
Jelmer Vernooij
5f9a053d63 selftest: Remove accidentally committed dummy test. 2010-06-28 20:10:08 +02:00
Endi S. Dewata
7cb98a0cdc s4/spnupdate: Fixed spnupdate to use secrets credentials when accessing SamDB. 
Signed-off-by: Matthias Dieter Wallnöfer <mdw@samba.org>
 2010-06-28 19:33:47 +02:00
Endi S. Dewata
5bee3efaca s4/libcli: Register LDB_CONTROL_REVEAL_INTERNALS and DSDB_CONTROL_PASSWORD_CHANGE_STATUS_OID controls. 
Signed-off-by: Matthias Dieter Wallnöfer <mdw@samba.org>
 2010-06-28 19:33:46 +02:00
Endi S. Dewata
ed4c107bc1 s4/dsdb: Fixed partition_search() not to pass special DN's to LDAP backend. 
Signed-off-by: Matthias Dieter Wallnöfer <mdw@samba.org>
 2010-06-28 19:33:45 +02:00
Endi S. Dewata
fa9557fee3 s4/auth: Fixed authsam_expand_nested_groups() to find entry SID if not available in the DN. 
Signed-off-by: Matthias Dieter Wallnöfer <mdw@samba.org>
 2010-06-28 19:33:44 +02:00
Matthias Dieter Wallnöfer
4fc51ad07a s4:repl_meta_data LDB module - fix counter type 2010-06-28 14:51:09 +02:00
Matthias Dieter Wallnöfer
fc2d8fcb83 s4:acl LDB module - fix counter type 2010-06-28 14:51:09 +02:00
Matthias Dieter Wallnöfer
e5c5d371d1 s4:dcesrv_drsuapi.c - fix a counter variable 2010-06-28 14:51:09 +02:00
Matthias Dieter Wallnöfer
666b611182 s4:selftest - also "rpc.samr.users.privileges" does work now 2010-06-28 14:51:08 +02:00
Matthias Dieter Wallnöfer
4826fdf95f s4:lsa RPC server - Fix up "dcesrv_lsa_DeleteObject" 
- Return always "NT_STATUS_OK" on success
- Remove "talloc_free"s on handles since the frees are automatically performed by
  the DCE/RPC server code
 2010-06-28 14:51:08 +02:00
Matthias Dieter Wallnöfer
d01e36e647 s4:knownfail - "pwdLastSet" test does work now 2010-06-28 14:51:08 +02:00
Matthias Dieter Wallnöfer
5606173997 s4:torture/rpc/samr.c - test_SetPassword_LastSet - introduce the delays also for s4 2010-06-28 14:51:07 +02:00
Matthias Dieter Wallnöfer
c0160d0614 s4:torture - SAMR password tests - activate support for password sets on level "18" and "21" 2010-06-28 14:51:06 +02:00
Matthias Dieter Wallnöfer
d6098de507 s4:dcesrv_samr_SetUserInfo - implement right "pwdLastSet" behaviour 
Behaviour as the torture SAMR passwords tests show.
 2010-06-28 14:51:05 +02:00
Matthias Dieter Wallnöfer
3c1a9fb87f s4:dcesrv_samr_SetUserInfo - deny operations when "fields_present" is 0 
Taken from s3
 2010-06-28 14:51:05 +02:00
Matthias Dieter Wallnöfer
ea83d21341 s4:dcesrv_samr_SetUserInfo - port the "SAMR_FIELD_LAST_PWD_CHANGE" check from s3 to s4 2010-06-28 14:51:04 +02:00
Matthias Dieter Wallnöfer
4c63bb312f s4:dcesrv_samr_SetUserInfo - implement password set level 21 2010-06-28 14:51:04 +02:00
Matthias Dieter Wallnöfer
b705026771 s4:dcesrv_samr_SetUserInfo - implement case 18 which allows to reset the user password 2010-06-28 14:51:04 +02:00
Matthias Dieter Wallnöfer
8feda76d4f s4:OemChangePasswordUser2 - return "NT_STATUS_WRONG_PASSWORD" when we haven't activated the the lanman auth 
This is what s3 does.
 2010-06-28 14:51:03 +02:00
Matthias Dieter Wallnöfer
8f20a5512a s4:samr_password.c - add a function which sets the password through encrypted password hashes 
Used for password sets on "samr_SetUserInfo" level 18 and 21.
 2010-06-28 14:51:03 +02:00
Günther Deschner
427c953273 s4-smbtorture: fix typo. 
Not my day...

Guenther
 2010-06-28 14:47:16 +02:00
Matthias Dieter Wallnöfer
f2e0ca2662 s4:torture/rpc/samr.c - test_SetPassword_LastSet - fix "pwdLastSet" test 
- Remove superflous checks (on level 18, 24, 26 we do always have "pwdLastSet"
  resets if "password_expired" > 0)
- Fixed some bugs

Signed-off-by: Günther Deschner <gd@samba.org>
 2010-06-28 14:33:17 +02:00
Günther Deschner
c5bab3ea33 s4-smbtorture: add trustDomainPasswords blob test to LOCAL-NDR testsuite. 
Our parsing of this struct is incorrect atm. and apparently also causes the s4
server to crash.

Thanks to Sumit Bose <sbose@redhat.com> for providing the auth data retrieved
from a w2k3 domain.msc operation.

Guenther
 2010-06-28 14:18:04 +02:00
Stefan Metzmacher
bdfba236e9 s4:ldap_server: don't start if we can't bind to port 389 
metze
 2010-06-28 09:58:13 +02:00
Nadezhda Ivanova
5a18fc2b2a Implementation of self membership validated right. 
When this right is granted, the user can add or remove themselves from a group even
if they dont have write property right.
 2010-06-28 10:43:50 +03:00
Kamen Mazdrashki
a0bb31df5d s4/test: Run DrsDeleteObjectTestCase as part of S4 testing 
I put this test in the end of the list of tests as it
runs with 'vampire_dc' environment running.

Currently there are tests that are failing when we have
2 DCs constantly replicating in the test environment
(this, of course, should be fixed in the near future)
 2010-06-28 04:43:29 +03:00
Kamen Mazdrashki
431386f327 s4/drs: re-implement 'renaming' object replication 
We should rename objects only after we make sure, that
changes on the partner DC are newer than what we have.
This fixes a bug, when we have following situation with 2 DCs:
- we have an object O on the two DCs
- we rename (delete) object O on DC1
- DC1 replicates from DC2
In the above scenario, object O will be renamed back
to its original name (i.e. it will be restored).

Now, we check that DC2 state is older than what we have,
so nothing happens with object's DN.
 2010-06-28 04:43:29 +03:00
Kamen Mazdrashki
46556432c0 s4/drs-test: Add few comments in DrsDeleteObjectTestCase test 
Also remove unused code
 2010-06-28 04:43:28 +03:00
Matthias Dieter Wallnöfer
6f6365daba s4:rpc_server/srvsvc/dcesrv_srvsvc.c - remove unreachable code 2010-06-26 20:08:47 +02:00
Matthias Dieter Wallnöfer
f12dab8e00 s4:rpc_server/wkssvc/dcesrv_wkssvc.c - remove unreachable code 2010-06-26 20:08:47 +02:00
Matthias Dieter Wallnöfer
3c3ecf40e5 s4:rpc_server/lsa/dcesrv_lsa.c - remove unreachable code 2010-06-26 20:08:46 +02:00
Matthias Dieter Wallnöfer
d85d6054c9 s4:lsa/lsa_lookup.c - use a better type for the "rtype" of the wellknown SIDs 
To suppress warnings on Solaris 10
 2010-06-26 20:08:45 +02:00
Matthias Dieter Wallnöfer
3f2e9ce2b4 s4:rpc_server/drsuapi/drsutil.c - remove unreachable code 2010-06-26 19:46:33 +02:00
Matthias Dieter Wallnöfer
e5e4184e5a s4:rpc_server/dcesrv_auth.c - remove unreachable code 2010-06-26 19:45:45 +02:00
Matthias Dieter Wallnöfer
75d6842c40 s4:winbind/wb_samba3_protocol.c - add cast to suppress warnings on Solaris 10 cc 2010-06-26 19:45:07 +02:00
Matthias Dieter Wallnöfer
0c29224da3 s4:kdc/kdc.c - add cast to suppress warnings on Solaris 10 cc 2010-06-26 19:43:51 +02:00
Matthias Dieter Wallnöfer
c8a5ed8db9 s4:kdc/kpasswdd.c - remove unreachable code 2010-06-26 19:42:29 +02:00
Matthias Dieter Wallnöfer
c7b52b233e s4:provision.py - fix comment regarding DNS entries 
I think this should mean partially Samba4 specified (all beside the "dns"
account is standard)
 2010-06-26 11:11:46 +02:00
Stefan Metzmacher
50da834f13 s4:provision: add entries for root dns servers 
metze
 2010-06-26 09:50:56 +02:00
Stefan Metzmacher
6ab234cec9 s4:provision: move Samba4 specific DNS stuff to its own file 
metze
 2010-06-26 09:50:56 +02:00
Stefan Metzmacher
c6b21931c6 s4:provision: add --next-rid option 
Make it possible to provision a domain with a given next rid counter.
This will be useful for upgrades, where we want to import users
with already given SIDs.

metze
 2010-06-26 09:50:55 +02:00
Stefan Metzmacher
7905901bc0 s4:dsdb/ridalloc: add comment about windows behavior regarding rIDUsedPool 
metze
 2010-06-26 09:50:55 +02:00
Stefan Metzmacher
712a149802 s4:provision: don't use hardcoded values for 'nextRid' and 'rIDAvailablePool' 
On Windows dcpromo imports nextRid from the local SAM,
which means it's not hardcoded to 1000.

The initlal rIDAvailablePool starts at nextRid + 100.

I also found that the RID Set of the local dc
should be created via provision and not at runtime,
when the first rid is needed.
(Tested with dcpromo on w2k8r2, while disabling the DNS
 check box).

After provision we should have this (assuming nextRid=1000):

rIDAllocationPool: 1100-1599
rIDPrevAllocationPool: 1100-1599
rIDUsedPool: 0
rIDNextRID: 1100

rIDAvailablePool: 1600-1073741823

Because provision sets rIDNextRid=1100, the first created account
(typically DNS related accounts) will get 1101 as rid!

metze
 2010-06-26 09:50:54 +02:00
Stefan Metzmacher
89f94a43d8 s4:provision: pass relax control also to modify_ldif 
metze
 2010-06-26 09:50:54 +02:00
Kamen Mazdrashki
2f7fe9db02 s4/net-drs: Fix error messages typo and formatting 2010-06-26 01:16:01 +03:00
Kamen Mazdrashki
0c8ffc9f15 s4/drs-test: Fix whitespaces and permissions for delete_object.py test 
Sorry I've  missed to do this before
 2010-06-26 01:15:50 +03:00
Andrew Bartlett
58d0b638c8 s4:schannel Open the schannel_store.tdb at startup 
This will allow TDB_CLEAR_IF_FIRST behaviour in future

Signed-off-by: Jeremy Allison <jra@samba.org>
 2010-06-25 11:57:52 -07:00
Matthieu Patou
5c98ccd706 s4 python: Add unit tests related to PyLong/PyInt handling 
Signed-off-by: Jelmer Vernooij <jelmer@samba.org>
 2010-06-25 11:33:33 +02:00
Matthieu Patou
3fc9675e93 ldb: Fix a wrong changetype in unit test 
Signed-off-by: Jelmer Vernooij <jelmer@samba.org>
 2010-06-25 11:33:26 +02:00