1
0
mirror of https://github.com/samba-team/samba.git synced 2025-01-14 19:24:43 +03:00

71612 Commits

Author SHA1 Message Date
Volker Lendecke
181b23ceed nsswitch: wbcFreeMemory deals fine with NULL 2011-03-05 14:29:32 +01:00
Volker Lendecke
dcbfb6fc0b s3: Fix a memory leak in check_sam_security_info3
Abartlet, this commit makes check_sam_security_info3 use talloc_tos() and also
cleans up the temporary talloc stackframe.

The old code created a temporary talloc context off "mem_ctx" but failed to
clean up the tmp_ctx in all but one return paths.

talloc_stackframe()/talloc_tos() is designed as a defense against exactly this
error: Even if we failed to free the frame when returning from the routine, it
would be cleaned up very soon, in our main event loop.

Please check this patch!

Thanks,

Volker

Autobuild-User: Volker Lendecke <vlendec@samba.org>
Autobuild-Date: Sat Mar  5 14:08:37 CET 2011 on sn-devel-104
2011-03-05 14:08:37 +01:00
Michael Adam
f1a5109565 s3:test: the registry roundtrip test passes now
Autobuild-User: Michael Adam <obnox@samba.org>
Autobuild-Date: Sat Mar  5 02:19:33 CET 2011 on sn-devel-104
2011-03-05 02:19:33 +01:00
Michael Adam
916ff0bf55 s3:test: mark vanished parameter "postscript" invalid in net registry roundtrip test 2011-03-05 01:31:33 +01:00
Michael Adam
2fd2e2e75d s3:test: in net registry roundtrip test, mark "lock dir" as invalid parameter
This is a synonym of lock directory which is already marked invalid.
2011-03-05 01:31:33 +01:00
Michael Adam
541c580895 s3:test: in net registry roundtrip test, exclude the files from exclude/logon
These files are not samba config files...
2011-03-05 01:31:33 +01:00
Michael Adam
aa8c9ef138 s3:registry: fix invalid write in iconvert_talloc()
For a non-preallocated dest-string and sourcestring of len < 2,
(one or both of the) final two two zero-bytes would be written
after the end of the allocated dest-string. The sourcelen did
not include the source string terminator. For longer strings,
this was not a problem because the dest-string would have been
reallocated in the convert-loop. This is fixed now by allocating
two extra bytes for the terminating 0-bytes that are needed anyways
in the initial allocation.

Pair-Programmed-With: Gregor Beck <gbeck@sernet.de>
2011-03-05 01:31:33 +01:00
Michael Adam
7b4fc4d745 s3:test: correctly react to each failing step in the net registry roundtrip tests 2011-03-05 01:31:33 +01:00
Michael Adam
f5ab9c1e77 s3:test: improve logging in the net registry roundtrip test steps 2011-03-05 01:31:32 +01:00
Matthias Dieter Wallnöfer
eade61ae03 s4:operational LDB module - fix attribute names to be right up/down-cased
Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org>
Autobuild-Date: Fri Mar  4 23:56:07 CET 2011 on sn-devel-104
2011-03-04 23:56:07 +01:00
Matthias Dieter Wallnöfer
5a722f187f s4:ldap.py - rootdse tests should search for the rootDSE not the default DN
Reviewed by: Tridge
2011-03-04 23:09:53 +01:00
Matthias Dieter Wallnöfer
71df279f92 s4:ldap.py - add a test in order to show the operational module fixed
Reviewed by: Tridge
2011-03-04 23:09:44 +01:00
Matthias Dieter Wallnöfer
05d1d0d8a6 s4:operational LDB module - fix display of some constructed attributes
"structuralObjectClass", "createTimestamp" and "modifyTimestamp" weren't
displayed anymore.

Reviewed by: Tridge
2011-03-04 23:09:35 +01:00
Matthias Dieter Wallnöfer
5a98979e0c s4:operational LDB module - add "groupToken" as unsigned int (uint32_t)
Reviewed by: Tridge
2011-03-04 23:09:27 +01:00
Matthias Dieter Wallnöfer
1ff28a2986 s4:operational LDB module - readd "structuralObjectClass" -> "objectClass" mapping
This has been removed accidentally by commit
a093e10896a4768dba0cd793a04b7d5d1366fee2.

Reviewed by: Tridge
2011-03-04 23:09:17 +01:00
Matthias Dieter Wallnöfer
75706a627d ldb:ldb_msg.c - use LDB result constants for checking return values
Reviewed by: Tridge

Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org>
Autobuild-Date: Fri Mar  4 22:51:57 CET 2011 on sn-devel-104
2011-03-04 22:51:57 +01:00
Matthias Dieter Wallnöfer
dabed32ffe s4:ldap.py - other important RDN check testcases
Reviewed by: Tridge
2011-03-04 22:07:24 +01:00
Matthias Dieter Wallnöfer
2275bfb82d s4:ldap.py - remove a debug output
This has only been needed for developing this testcase and has been
forgotten to be removed afterwards.

Reviewed by: Tridge
2011-03-04 22:07:24 +01:00
Matthias Dieter Wallnöfer
736a462c3e ldb:rdn_name LDB module - more RDN constraint checks (from AD)
Reviewed by: Tridge
2011-03-04 22:07:24 +01:00
Matthias Dieter Wallnöfer
ea12adf544 s4/ldb - remove now superflous "ldb_dn_validate" checks
If we immediately afterwards perform an LDB base operation then we don't
need an explicit "ldb_dn_validate" check anymore (only OOM makes sense).

Reviewed by: Tridge
2011-03-04 22:07:24 +01:00
Matthias Dieter Wallnöfer
349b9b72ec s4:dsdb - we don't need to check if a DN != NULL if we call "ldb_dn_validate"
"ldb_dn_validate" is NULL-safe and does the check implicitly.

Reviewed by: Tridge
2011-03-04 22:07:24 +01:00
Matthias Dieter Wallnöfer
746194cfc4 Revert "s4:objectclass LDB module - if we cannot find DN's parent then the DN itself is invalid"
This is not needed anymore with the new DN checking.

This reverts commit 5896b7299331aedd065397d2078c62d85bcf68f6.

Reviewed by: Tridge
2011-03-04 22:07:24 +01:00
Matthias Dieter Wallnöfer
76fb23064e ldb:ldb_request - handle here the DN checks
This is a much better solution than we had before - so all important DN
checks are enforced for each type of LDB database (and not limited to DSDB).

Many "ldb_dn_validate" checks will now become obsolete.

Reviewed by: Tridge
2011-03-04 22:07:24 +01:00
Matthias Dieter Wallnöfer
86707c7cc4 s4:objectclass LDB module - fix a comment
Reviewed by: Tridge
2011-03-04 22:07:24 +01:00
Matthias Dieter Wallnöfer
e4b5bce151 s4:libnet/libnet_site.c - make use of LDB return constants
Reviewed by: Tridge
2011-03-04 22:07:24 +01:00
Christian Ambach
23810dca45 s4:waf-build fix disable-shared build for smbtorture
building smbtorture4 with configure --disable-shared failed
with an error that ldb.h could not be found

Signed-off-by: Matthias Dieter Wallnöfer <mdw@samba.org>
Reviewed by: Tridge
2011-03-04 22:07:24 +01:00
Stefan Metzmacher
4b86beb98b s4:selftest: test using the machine account of the rodc against itself
This should test the non proxy rodc kdc path.

metze

Autobuild-User: Stefan Metzmacher <metze@samba.org>
Autobuild-Date: Fri Mar  4 22:06:10 CET 2011 on sn-devel-104
2011-03-04 22:06:10 +01:00
Stefan Metzmacher
e90d5ab561 selftest/target/Samba4: regenerate the krb5.conf after the rodc join
The RODC should be used as KDC, which will forward requests to the RWDC
if required.

metze
2011-03-04 21:19:05 +01:00
Stefan Metzmacher
a8b3958f38 selftest/target/Samba4: splitout a mk_krb5_conf() function
metze
2011-03-04 21:19:05 +01:00
Stefan Metzmacher
8002406c51 s4:kdc: split the kdc_tcp_proxy() logic from the main kdc logic
By having kdc_tcp_proxy_send/recv(), which just asks any writeable
dc for a reponse blob, we simplify the interaction between
client-local and local-writeable sockets.

This allows us to make kdc_socket, kdc_process_fn_t, kdc_tcp_call and kdc_tcp_socket
private to kdc.c again.

metze
2011-03-04 21:19:05 +01:00
Stefan Metzmacher
e70b09e8f8 s4:kdc: split the kdc_udp_proxy() logic from the main kdc logic
By having kdc_udp_proxy_send/recv(), which just asks any writeable
dc for a reponse blob, we simplify the interaction between
client-local and local-writeable sockets.

This allows us to make kdc_udp_call and kdc_udp_socket private to
kdc.c again.

metze
2011-03-04 21:19:05 +01:00
Stefan Metzmacher
ad9ac99afd s4:kdc: add a kdc_proxy_unavailable_error() helper function
metze
2011-03-04 21:19:05 +01:00
Stefan Metzmacher
0c78640e67 s4:kdc: fix calculation of the rodc kvno
Bit shifting is non-trivial in C:-)

This

	int32_t a = 0x12340000;
	uint32_t b = (a >> 16);

results in 0x00001234, but this

	int32_t a = 0xEDCB0000;
	uint32_t b = (a >> 16);

results in 0xFFFFEDCB, while we expected 0x0000EDCB.

metze
2011-03-04 21:19:05 +01:00
Stefan Metzmacher
a511d37d83 HEIMDAL:kdc: correctly propagate HDB_ERR_NOT_FOUND_HERE to via tgs_parse_request() and _kdc_tgs_rep()
metze
2011-03-04 21:19:05 +01:00
Stefan Metzmacher
2c7c3d03d5 lib/socket_wrapper: try to fix the build on solaris
struct msg does not contain msg_control, msg_controllen and msg_flags
on solaris.

metze
2011-03-04 21:19:05 +01:00
David Disseldorp
9c342c44a4 s3: add two missing vfs disconnect calls
The fix for bug 7976 added a vfs connect call to create_conn_struct.
This change adds two further disconnect calls that were missed by the
original change.

Signed-off-by: Andreas Schneider <asn@samba.org>

Autobuild-User: Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date: Fri Mar  4 16:33:53 CET 2011 on sn-devel-104
2011-03-04 16:33:53 +01:00
David Disseldorp
2b635949a2 s3-printing: fix cups pcap reload with no printers
cups_async_callback() is called to receive new printcap data from a
child process which requests the information from cupsd.
Newly received printcap information is stored in a temporary printcap
cache (tmp_pcap_cache). Once the child process closes the printcap IPC
file descriptor, the system printcap cache is replaced with the newly
populated tmp_pcap_cache, however this only occurs if tmp_pcap_cache is
non null (has at least one printer).

If the printcap cache is empty, which is the case when cups is not
exporting any printers, the printcap cache is not replaced resulting in
stale data.

https://bugzilla.samba.org/show_bug.cgi?id=7915
Signed-off-by: Andreas Schneider <asn@samba.org>
2011-03-04 15:46:23 +01:00
David Disseldorp
624e33f869 s3-printing: remove unneeded local_pcap_copy global
The cups local_pcap_copy global served as a temporary buffer during
asynchronous cups printcap cache updates, as well as indicating when
the printcap cache had not yet been filled and printcap cache update
should block.

As smbd printcap reads are now triggered by the parent smbd following
printcap cache update, the variable and blocking mechanism are no longer
needed.

Signed-off-by: Andreas Schneider <asn@samba.org>
2011-03-04 15:46:20 +01:00
David Disseldorp
61bf4699f0 s3-printing: follow force user/group for driver IO
Configuring force user/group settings for the print$ share currently has
unexpected results, this is explained by how the driver upload/add
process takes place. Consider the following example:

[print$]
        path = /print-drv
        write list = $DRIVER_UPLOAD_USER
        force group = ntadmin

- the client connects to the [print$] share and uploads all driver
  files to the /print-drv/W32X86 directory.

- This is permitted, as /print-drv/W32X86 is owned by group ntadmin, and
  the "force group = ntadmin" takes effect for the [print$] session.

- Once all files are uploaded, the client connects to the [ipc$]
  share and issues an AddPrinterDriverEx spoolss request.

- In handling this request move_driver_to_download_area() is called,
  which attempts to create the directory /print-drv/W32X86/3

- The create directory fails, as it is done as the user connected to
  the [ipc$] share which does not have permission to write to the driver
  directory. The [print$] "force group = ntadmin" has no effect.

This is a regression from previous behaviour prior to the commit:
783ab04 Convert move_driver_to_download_area to use create_conn_struct.

https://bugzilla.samba.org/show_bug.cgi?id=7921
Signed-off-by: Andreas Schneider <asn@samba.org>
2011-03-04 15:46:14 +01:00
Matthias Dieter Wallnöfer
b0c6899973 ldb:ldb tools - remove a superflous "return" (usage internally calls "exit")
Reviewed by: Tridge

Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org>
Autobuild-Date: Fri Mar  4 09:39:22 CET 2011 on sn-devel-104
2011-03-04 09:39:22 +01:00
Matthias Dieter Wallnöfer
b50ebc3228 ldb:ldb tools - return LDB_ERR_INVALID_DN_SYNTAX on wrong DN parameters
Not all LDB databases have further DN checks.

Reviewed by: Tridge
2011-03-04 08:51:57 +01:00
Matthias Dieter Wallnöfer
1b93173813 ldb:ldb tools - ldbtest - convert other result values to LDB codes as well
I've forgotten this in my first patchset.

Reviewed by: Tridge
2011-03-04 08:51:45 +01:00
Matthias Dieter Wallnöfer
1343c0723f s4:LDAP server - remove validation checks of input DNs
We should rather try to let the LDB modules perform these checks
otherwise different backends behaviour differently.

Reviewed by: Tridge
2011-03-04 08:51:38 +01:00
Matthias Dieter Wallnöfer
5896b72993 s4:objectclass LDB module - if we cannot find DN's parent then the DN itself is invalid
ERR_INVALID_DN_SYNTAX fits better than ERR_OPERATION_ERROR in this case. This
one gets triggered if we perform "add" requests without the LDAP server.

Reviewed by: Tridge
2011-03-04 08:51:29 +01:00
Andrew Tridgell
3560db3da3 debug: fixed a valgrind error
Thanks to Volker for spotting this one!

Autobuild-User: Andrew Tridgell <tridge@samba.org>
Autobuild-Date: Fri Mar  4 03:09:52 CET 2011 on sn-devel-104
2011-03-04 03:09:52 +01:00
Günther Deschner
e63f0dfba1 s3-waf: add wildcard commands from main wscript.
Guenther

Autobuild-User: Günther Deschner <gd@samba.org>
Autobuild-Date: Fri Mar  4 02:11:11 CET 2011 on sn-devel-104
2011-03-04 02:11:10 +01:00
Günther Deschner
ef87f970b3 s3-nterr: use strcasecmp in nt_status_string_to_code().
Guenther
2011-03-04 01:18:42 +01:00
Günther Deschner
dc35442fb1 s4-nterr: move auth_nt_status_squash to nt_status_squash and move to nterr.c
Guenther
2011-03-04 01:18:42 +01:00
Günther Deschner
9f4b3b103f s4-nterr: some minor cosmetic edits to further match s3 nterr.
Guenther
2011-03-04 01:18:42 +01:00
Günther Deschner
d367777352 s3-nterr: within nt_errstr() compare codes using NT_STATUS_V().
This is to avoid future very special NT_STATUS_EQUAL semantics within s4.

Guenther
2011-03-04 01:18:42 +01:00