1
0
mirror of https://github.com/samba-team/samba.git synced 2025-01-14 19:24:43 +03:00

54330 Commits

Author SHA1 Message Date
Volker Lendecke
a3eb0a32a9 Reorganize retrieving errors and server-sent controls
This attaches the data to the tldap_message instead of the tevent_req.

It adds tldap_ctx_lastmsg() to retrieve the last message for the users of
the sync wrappers.
2009-06-20 18:54:07 +02:00
Volker Lendecke
22cb9bdfd3 Move asn1_load_nocopy() to lib/util/asn1.c 2009-06-20 18:54:07 +02:00
Volker Lendecke
ecf8cebf32 Move asn1_blob() to lib/util/asn1.c 2009-06-20 18:54:07 +02:00
Volker Lendecke
361db18668 Add tldap_supports_control 2009-06-20 18:54:07 +02:00
Volker Lendecke
6abd9e42ff Add tldap_entry_has_attrvalue 2009-06-20 18:54:06 +02:00
Volker Lendecke
d45cf0146b tldap control support 2009-06-20 18:54:06 +02:00
Volker Lendecke
63a70ba0ad Prepare control support
We will have arrays of controls passed to tldap.c. Follow a mantra from the
classic book "Thinking Forth" by Leo Brodie: Favor counts over terminators :-)

This makes the parameter lists to tldap pretty long, but everyone will have
wrapper routines anyway, see for example tldap_search_fmt. And the OpenLDAP
manpages call the non-_ext routines deprecated, probably for a reason.
2009-06-20 18:54:06 +02:00
Volker Lendecke
62eb817c06 Fix setting passwords in pdb_ads
The samba4 password_hash module does not allow changing the password fields via
the "delete oldval" -> "add newval" set of modify operations, it requires a
single "replace with newval" operation.

Andrew, Samba3 by default uses that delete/add pair to detect if between
fetching the old value and storing the new one the old value has changed. This
is lost by using the "replace" operation.

Would it make sense to add this to the password_hash module?

Volker
2009-06-20 12:15:21 +02:00
Volker Lendecke
f24e63af2c Fix empty lines 2009-06-20 12:15:21 +02:00
Volker Lendecke
eb8c081771 talloc_tos() aborts if it can not get a stackframe 2009-06-20 12:15:21 +02:00
Jeremy Allison
661f0ba73b Fix coverity #729. Resource leak in error path.
Jeremy.
2009-06-19 17:26:53 -07:00
Jeremy Allison
271d09f599 Fix coverity #740. Resource leak in error paths. We should
always return queue here as the caller will free.
Jeremy.
2009-06-19 17:20:00 -07:00
Jeremy Allison
d9eb1d9764 Fix coverity #900. Resource leak.
Jeremy.
2009-06-19 16:44:15 -07:00
Jeremy Allison
f262f80a1c Fix coverity #920. Possible NULL deref.
Jeremy.
2009-06-19 15:29:35 -07:00
Jeremy Allison
1e989dbb91 Fix coverity #676. Forward NULL.
Jeremy.
2009-06-19 14:55:00 -07:00
Michael Adam
8925778a61 s3: fix make test with external libtalloc or libtdb.
This skips the talloctort and tdbtorture tests when the
corresponding binaries are not present.
There might be more clever ways of detecting wether samba
has been linked with internal or external libraries, but
as a first approximation, this seems valid.

Michael
2009-06-19 21:13:38 +02:00
Michael Adam
23c7eccc27 s3:build: build talloctort only when using the internal liballoc
Fixes the build with the external libtalloc.
And is the reasonable thing to do anyways.

Michael
2009-06-19 21:13:38 +02:00
Michael Adam
bd70351b94 s3:build: build the tdb tools only when using the internal libtdb
This fixes the build when internal libtdb is used.

Michael
2009-06-19 21:13:38 +02:00
Michael Adam
e3c7720bfd s3:build: remove LIBTDB_OBJ from TDBTORTURE_OBJ collection
tdbtorture is linked with LIBTDB_LIBS, which is whatever
configure has determined to be (-ltdb or LIBTDB_OBJ ...).

Michael
2009-06-19 21:13:38 +02:00
Michael Adam
5ceda58b8d s3:build: check for availability of external libtdb and use it if available
Link internal libtalloc statiaclly if extenal libtalloc is not found
or does not have appropriate version.

Michael
2009-06-19 21:13:37 +02:00
Michael Adam
ec154a1d81 s3:build: link libtalloc statically if using internal libtalloc
Michael
2009-06-19 21:13:37 +02:00
Jim McDonough
7930f15f5d Don't require "Modify property" perms to unjoin bug #6481)
"net ads leave" stopped working when "modify properties"
permissions were not granted (meaning you had to be allowed
to disable the account that you were about to delete).

Libnetapi should not delete machine accounts, as this does not
happen on win32.  The WKSSVC_JOIN_FLAGS_ACCOUNT_DELETE flag
really means "disable" (both in practice and docs).

However, to keep the functionality in "net ads leave", we
will still try to do the delete.  If this fails, we try
to do the disable.

Additionally, it is possible in windows to not disable or
delete the account, but just tell the local machine that it
is no longer in the account.  libnet can now do this as well.
2009-06-19 13:46:07 -04:00
Volker Lendecke
0524d24fb2 Add a missing talloc_move() in tldap_search_recv 2009-06-19 17:37:30 +02:00
Volker Lendecke
8d1b81926d Fix Coverity IDs 922 and 933
In copy_internals(), if the !CAN_WRITE(conn) kicks in, we end up
dereferencing a NULL smb_filename.

This adds a simple protection around it.

Tim, please check!

Volker
2009-06-19 16:25:10 +02:00
Karolin Seeger
4ad43a2134 s3/docs: Fix typo.
This fixes bug #6412.
Thanks to Carsten Dumke <carsten [at] cdumke.de> for reporting!

Karolin
2009-06-19 15:23:22 +02:00
Volker Lendecke
756f83796f Add tiny tldap test 2009-06-19 14:28:22 +02:00
Volker Lendecke
b9c99a2928 Add tldap_fetch_rootdse 2009-06-19 14:28:22 +02:00
Volker Lendecke
663e841ecd Make tevent_req_is_ldap_error public 2009-06-19 14:28:22 +02:00
Volker Lendecke
5cb6bf6f9d Add tldap_context_[gs]etattr
This adds the ability to attach extended information to a tldap_context. This
will become useful once we start to do automatic reconnects for example, a
callback function might want attach a pointer to credentials so that it can
rebind.

The initial user of this will be a cached rootdse, so that things like the
ability to do paged searches can be cached.
2009-06-19 14:28:22 +02:00
Björn Jacke
862ae382b8 s3:dmapi: prefer dmapi libs from gpfs over system libs
Patch from William Jojo sent to samba-technical:

This is based on some pain felt when building 32-bit and 64-bit Clustered Samba
on AIX with GPFS support.

Part of the problem lies in AIX only providing 32-bit shared object in
libxdsm.a(shr.o). So without libdmapi.a from gpfs.base, you get no DMAPI
support under 64-bit.
2009-06-19 11:56:33 +02:00
Günther Deschner
e6cb82a7da s4-smbtorture: fix test_GetInfoLevel crash bug in RPC-DFS.
Guenther
2009-06-19 11:14:51 +02:00
Andrew Bartlett
d9498aaf1b Merge branch 'master' of ssh://git.samba.org/data/git/samba into master-devel 2009-06-19 15:38:33 +10:00
Andrew Bartlett
ec47444a7e Allow developers access the the privilaged ldapi socket for the moment
This allows us some time to get the EXTERNAL bind working
2009-06-19 15:31:54 +10:00
Andrew Bartlett
c0d681a73f On our way to alpha9! 2009-06-19 14:43:51 +10:00
Andrew Bartlett
4ceae35d7e Mark as release version samba-4.0.0alpha8 2009-06-19 14:36:48 +10:00
Andrew Bartlett
17e1cbb6d3 Partially revert restriction of socket_wrapper to 1500 byte writes
This keeps the restriction for stream sockets (where the caller will
retry), without creating problems on datagram sockets (CLDAP is not
defined, as far as I know, across multiple UDP packets).

The commit adding this restriction was
47b106c0ae8b91c9cccfc21bf8e4e416b1abfd5d

Andrew Bartlett
2009-06-19 14:36:06 +10:00
Andrew Bartlett
dcc9ae6995 s4:ldapsrv Place the 'privilaged' ldapi socket under an #ifdef
This makes it clear to our users that this particular implementation
isn't final (all parties are agreed that an EXTERNAL bind is the right
way to do this, but it has not been implemented yet).

Andrew Bartlett
2009-06-19 14:36:06 +10:00
Andrew Tridgell
4c23a95565 added some basic documentation for the idmap script option 2009-06-19 13:58:28 +10:00
Andrew Tridgell
e5a15e6589 added a sample script for the "idmap script" option 2009-06-19 13:58:28 +10:00
Andrew Bartlett
19723ed0fc Partially revert restriction of socket_wrapper to 1500 byte writes
This keeps the restriction for stream sockets (where the caller will
retry), without creating problems on datagram sockets (CLDAP is not
defined, as far as I know, across multiple UDP packets).

The commit adding this restriction was
47b106c0ae8b91c9cccfc21bf8e4e416b1abfd5d

Andrew Bartlett
2009-06-19 13:25:28 +10:00
Andrew Bartlett
5c19c60c57 s4:ldb Add test for integer normalisation behaviour
This uses groupType as the example, but this actually applies to all
integer types in AD.

Andrew Bartlett
2009-06-19 11:32:01 +10:00
Matthias Dieter Wallnöfer
a8e757ba4c A fix in the ACL code used by both SAMBA 3 and 4
This fixes an uninitialised structure. It has been found through valgrind
in the RAW-ACLs test suite (Bug #6397).
2009-06-19 11:32:01 +10:00
Matthias Dieter Wallnöfer
2627c6c0c2 Fixed some uninitialised variables
I tried hard to not change the program logic. Should fix bug #6439.
2009-06-19 11:32:01 +10:00
Matthias Dieter Wallnöfer
0376d056e5 Correct handling of 32-bit integer attributes in SAMBA 4
- LDB handles now all 32-bit integer attributes correctly (also with overflows)
  according to the schema
- LDAP backends handle the attributes "groupType", "userAccountControl" and
  "sAMAccountType" correctly. This handling doesn't yet use the schema but
  the conversion file "simple_ldap.map.c" which contains them hardcoded.
  Did also a refactoring of the conversion function there.
- Bug #6136 should be gone
2009-06-19 11:32:01 +10:00
Günther Deschner
5d40677a9b s3-pam_winbind: Fix Bug 6253: Use correct value for password expiry calculation.
Based on patch from Blindauer Emmanuel <samba@mooby.net>.

Guenther
2009-06-19 01:59:17 +02:00
Volker Lendecke
5a9ca3db03 Fix bug 4699: Remove pidfile on clean shutdown 2009-06-18 16:17:57 -07:00
Jeremy Allison
31885822ae acl_group_override() doesn't need to call stat. Pass this
down from above (as const).
Jeremy.
2009-06-18 15:40:14 -07:00
Jeremy Allison
d2da9dee68 Add some const to the stat struct in the dosmode calls.
Fix a couple more unix_convert uses to filename_convert.
Fix bug in acl_group_override() where an uninitialized
struct could be used. Move unix_convert with wildcard
use in SMBsearch reply to boilerplate code.
Jeremy.
2009-06-18 15:07:14 -07:00
Jeremy Allison
34267482d5 Replace the boilerplate calls to :
resolve_dfspath() -> unix_convert() -> get_full_smb_filename() -> check_name()
with a new function filename_convert().
This restores the check_name() calls that had gone missing
since the default create_file was changed. All "standard"
pathname processing now goes through filename_convert().
I'll take a look at the non-standard pathname processing
next. As a benefit, fixed a missing resolve_dfspath()
in the trans2 mkdir call.
Jeremy.
2009-06-18 13:13:38 -07:00
Günther Deschner
e7e98ba480 libwbclient: fix returned LogonInfo in wbc_LogonUser().
That function could return emtpy blobs for username and ccache for e.g. cached
logins.

Guenther
2009-06-18 16:37:45 +02:00