sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2024-12-27 03:21:53 +03:00
Code
66,622 Commits 60 Branches 1,144 Tags 452 MiB
ec643df212
Commit Graph

24213 Commits

Author SHA1 Message Date
Andrew Tridgell
66460c946a s4-resolve: the file backend should not look at the name type 
this matches the behaviour of our DNS resolver

Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
 2010-09-15 15:39:36 +10:00
Andrew Tridgell
6012f31115 s4-finddcs: show required server type bits on failure 
when we skip a DC because it doesn't have the required server type
bits, show what bits we wanted

Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
 2010-09-15 15:39:36 +10:00
Andrew Tridgell
6c45eeb944 s4-repl: use consistent API calls for getting DN GUID 
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
 2010-09-15 15:39:36 +10:00
Andrew Tridgell
52ae578500 s4-netlogon: fixed logic for setting DS_SERVER_WRITABLE 
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
 2010-09-15 15:39:36 +10:00
Andrew Tridgell
59d415f43f s4-finddc: use NBT lookup for a 1C name if joining a short domain name 
once we get the 1C lookup reply, use a CLDAP query to find the details
for the server

Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
 2010-09-15 15:39:36 +10:00
Andrew Tridgell
4e9f449106 s4-join: give a clear error when using short domain form 
we now require the full domain name, for the DNS/CLDAP lookup

Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
 2010-09-15 15:39:36 +10:00
Andrew Tridgell
011978eb1b s4-rodc: use python finddc code to avoid the need for --server 
The DC is now found via DNS/CLDAP

Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
 2010-09-15 15:39:35 +10:00
Andrew Tridgell
2e92484c60 s4-pynet: added finddc call 
this gives access to the CLDAP/DNS finddc code from python

Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
 2010-09-15 15:39:35 +10:00
Andrew Tridgell
58d59a08ad s4-libcli: change finddcs.h -> finddc.h 
this prevents conflicts with old generated files and we can only even
return one DC with this interface.

Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
 2010-09-15 15:39:35 +10:00
Andrew Tridgell
7f029aad35 s4-finddcs: rename finddcs to finddcs_nbt 
finddcs_nbt is currently unused, but will later be a fallback is a
cldap DC find fails.

Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
 2010-09-15 15:39:35 +10:00
Andrew Tridgell
ee61568be6 s4-winbind: use finddcs_cldap() in winbind 
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
 2010-09-15 15:39:35 +10:00
Andrew Tridgell
0c447e316f s4-libnet: use finddcs_cldap() in libnet_lookup 
this may later be changed to do fallback to NBT as well, but for now
cldap is sufficient

Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
 2010-09-15 15:39:35 +10:00
Andrew Tridgell
fede78f29d s4-cldap: don't set the writable bit when we are a RODC 
when we are a RODC, don't respond with the writable bit in the server
type response of netlogon requests

Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
 2010-09-15 15:39:35 +10:00
Andrew Tridgell
898674cb1c s4-finddcs: added finddcs_cldap() 
this finds DCs with a specified set of server_type bit using SRV
lookups and CLDAP

Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
 2010-09-15 15:39:35 +10:00
Andrew Tridgell
5bbfe2b42f s4-secrets: fixed shadowed variable warning 
we already have a 'v' in scope
 2010-09-15 15:39:35 +10:00
Andrew Tridgell
dbc9b185af s4-resolve: added resolve_name_multiple_recv() 
this allows for multiple replies to a SRV lookup

Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
 2010-09-15 15:39:35 +10:00
Andrew Tridgell
fa7fd4f261 s4-dns: fixed lookup of SRV records using dns_ex 
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
 2010-09-15 15:39:35 +10:00
Andrew Tridgell
ce2004d631 s4: fixed some printf format errors 2010-09-15 15:39:35 +10:00
Andrew Tridgell
041c699f3a s4-libnet: converted finddcs call to tevent_req 
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
 2010-09-15 15:39:34 +10:00
Andrew Tridgell
94fb6120d8 s4-secrets: fetch secure channel type with domain SID 
The secure channel type is needed to work out what DC to connect to

Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
 2010-09-15 15:39:34 +10:00
Andrew Tridgell
bd51d30809 s4-auth: when we are a DC enable winbind auth 
As a RODC we need to forward some auth requests to a writable DC

Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
 2010-09-15 15:39:34 +10:00
Andrew Tridgell
67ac8555b1 s4-auth: set the RODC bit for RODC schannel 
When we are using SEC_CHAN_RODC we need to set the
NETLOGON_NEG_RODC_PASSTHROUGH bit in the negotiated flags in
ServerAuthenticate2

Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
 2010-09-15 15:39:34 +10:00
Andrew Tridgell
52445e1583 s4-schannel: fixed reference to context after free 
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
 2010-09-15 15:39:34 +10:00
Andrew Tridgell
5b02cf1eb0 s4-auth: allow multiple active auth backends 
when we are an RODC we need to be able to allow multiple auth backends
to process a single auth request. First the sam backend will try to
authenticate, using locally stored passwords. If this backend can't
find local passwords then it will try the winbind backend and
authenticate via a writeable DC

Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
 2010-09-15 15:39:34 +10:00
Andrew Tridgell
890a33c99b s4-smb: serialise session setup operations 
the mixture of async and sync code in gensec makes a EOF on a socket
during a session setup cause a crash. The simplest solution is to
stop processing events on the socket until the session setup is
complete.
 2010-09-15 15:39:34 +10:00
Andrew Tridgell
13a8745cae s4-rodc: add a trigger message for REPL_SECRET to auth_sam 
when an RODC tries to authenticate against an account and the account
has no password information it needs to send a message to the drepl
server to tell it to try and replicate the secret information from
a writeable DC

Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
 2010-09-15 15:39:34 +10:00
Andrew Tridgell
f6d85be528 s4-messaging: add support for no_reply in irpc messages 
It can be useful for a irpc message to be one-way, where the client
sends a messages and the server does not reply. This will be used for
things like a triger message from an auth context to the drepl server
to tell it to try a REPL_SECRET on a user in a RODC.

Previously we've used raw messaging for messages that have no reply,
but that doesn't allow us to use messages described by IDL

Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
 2010-09-15 15:39:34 +10:00
Andrew Tridgell
b9393e4896 s4-kcc: removed redundent loop check 
el has already been checked for NULL
 2010-09-15 15:39:34 +10:00
Andrew Tridgell
2fbf10ea1b s4-smb: smbsrv_blob_push_string() can return -1 
need to use ssize_t, not size_t for error handling
 2010-09-15 15:39:34 +10:00
Andrew Tridgell
a17da70785 s4-dsdb: check for invalid backend type 2010-09-15 15:39:34 +10:00
Andrew Tridgell
3e88f3cf33 s4-rootdse: setup length after NULL check 2010-09-15 15:39:34 +10:00
Andrew Tridgell
d00cb8b3d3 s4-dsdb: fixed use after free for RODC 2010-09-15 15:39:33 +10:00
Andrew Tridgell
597372df34 s4-dsdb: free right context on failure 
down_req is not initialised yet
 2010-09-15 15:39:33 +10:00
Andrew Tridgell
cbd8297b4d s4-dsdb: defer ac->msg after check for NULL ac 2010-09-15 15:39:33 +10:00
Andrew Tridgell
5a4a11cb98 s4-anr: check for allocation failure before use 2010-09-15 15:39:33 +10:00
Volker Lendecke
ba726b5580 s4: Fix two typos 2010-09-14 22:26:17 -07:00
Jelmer Vernooij
48976ac497 rpc_server: Remove unnecessary dependency on server modules, build 
system will take care of that.
 2010-09-14 17:24:05 +02:00
Jelmer Vernooij
8209198998 waf: work around circular dependency finder erroneously removing dependency of gensec on dcerpc. 2010-09-14 17:24:05 +02:00
Günther Deschner
73edd661ea s4-smbtorture: try to fix spoolss winreg Form tests on bigendian machines. 
Guenther
 2010-09-14 15:27:38 +02:00
Jelmer Vernooij
8e328c4e32 param: Add prototype for lpcfg_private_dir(), used by openchange. 2010-09-14 10:54:28 +02:00
Matthias Dieter Wallnöfer
6e720ecd25 s4:SID handling - always encode the SID using "ldap_encode_ndr_dom_sid" for LDAP filters 
This makes also lookups through special backends as "samba3sam" work.
 2010-09-13 22:41:06 +02:00
Matthias Dieter Wallnöfer
a4b7fac86d s4:cosmetic - the SID attribute is called objectSid - not objectSID 2010-09-13 22:39:50 +02:00
Jelmer Vernooij
f1b21bee16 param: Only include param_proto.h for Samba builds, provide those 
prototypes necessary for external users (OpenChange) manually.
 2010-09-13 20:42:01 +02:00
Matthias Dieter Wallnöfer
fe958c009b Revert "s4:samldb LDB module - simplify the message handling on add and modify operations" 
This reverts commit 1d94bb3ad4.

This commit causes unconditional behaviour (sometimes it works, sometimes not) -sorry for introducing this.

I will rework this further.
 2010-09-13 10:39:39 +02:00
Matthias Dieter Wallnöfer
123712840f s4:samldb LDB module - remove a disastrous "talloc_free" 
This completely destroys the program logic (async callbacks). Sorry for
introducing this.
 2010-09-12 22:26:10 +02:00
Matthias Dieter Wallnöfer
0939ba4488 Revert "s4:util_samr.c - also here we've now the default primaryGroupID detection working" 
This reverts commit 7e9e35db41.

Sorry, the logic is working differently here. We do still need this.
 2010-09-12 22:25:37 +02:00
Matthias Dieter Wallnöfer
eaa55b4123 s4:torture/rpc/samr.c - fix typos in outputs 2010-09-12 22:10:06 +02:00
Matthias Dieter Wallnöfer
7e9e35db41 s4:util_samr.c - also here we've now the default primaryGroupID detection working 2010-09-12 21:19:27 +02:00
Matthias Dieter Wallnöfer
4a2941535d s4:ldap.py - tests the primary group detection by the "userAccountControl" 2010-09-12 19:23:06 +02:00
Matthias Dieter Wallnöfer
4fd8ce42ce s4:setup/provision_self_join.ldif - now the samldb LDB module detects automatically that this is a DC account 2010-09-12 19:23:06 +02:00
Matthias Dieter Wallnöfer
7f424155e6 s4:samldb LDB module - "samldb_check_primaryGroupID" - support RID derivation from "userAccountControl" 
Specified in MS-SAMR 3.1.1.8.1 and probably fixes also bug #7441.
 2010-09-12 19:23:06 +02:00
Matthias Dieter Wallnöfer
22d42432ac s4:samldb LDB module - free the "ac" context after the delete checks 2010-09-12 19:23:05 +02:00
Matthias Dieter Wallnöfer
1d94bb3ad4 s4:samldb LDB module - simplify the message handling on add and modify operations 
We perform always only one shallow copy operation of the message on the "req"
context. This allows to free the "ac" context when we've prepared all our
changes.
 2010-09-12 19:23:05 +02:00
Matthias Dieter Wallnöfer
79f22e5d70 s4:samldb LDB module - move "samldb_prim_group_users_check" more down to see that it is only in use by the delete operation 
add and modify helpers will stay on the top of the add and modify operation
since they will likely be shared as much as possible.
 2010-09-12 19:23:05 +02:00
Matthias Dieter Wallnöfer
bb1da645ed s4:samldb LDB module - add a comment to mark the beginning of the extended operation handler 2010-09-12 19:23:05 +02:00
Matthias Dieter Wallnöfer
dad7cdad22 s4:samldb LDB module - refactor "samldb_find_for_defaultObjectCategory" to be again synchronous 
Also to make it easier to comprehend
 2010-09-12 19:23:05 +02:00
Matthias Dieter Wallnöfer
6aca09b0b7 s4:samldb LDB module - refactor the "primaryGroupID" check on user creation 
This looks more straight-forward now.
 2010-09-12 19:23:05 +02:00
Matthias Dieter Wallnöfer
e1de425cb8 s4:samldb LDB module - get rid of the SID context variable 
Since we get more and more rid of async stuff we don't need this in the context
anymore.
 2010-09-12 19:23:05 +02:00
Matthias Dieter Wallnöfer
79a98b893a s4:samldb LDB module - use also here the real attribute denomination "sAMAccountName" 
Purely cosmetic - but nicer to read
 2010-09-12 19:23:05 +02:00
Matthias Dieter Wallnöfer
0eb281d8f2 s4:samldb LDB module - rename "check_SamAccountType" into "check_sAMAccountType" 
And a small cosmetic change.
I like to have the real attribute names in the function denominations
 2010-09-12 19:23:04 +02:00
Matthias Dieter Wallnöfer
4ef9760db1 s4:samldb LDB module - make "samldb_check_sAMAccountName" synchronous again 
To make it more understandable
 2010-09-12 19:23:04 +02:00
Matthias Dieter Wallnöfer
64af772b38 s4:fsmo.py - fix an obvious typo 2010-09-12 19:23:04 +02:00
Matthias Dieter Wallnöfer
1ddd63bddb ldb:tools/cmdline.c - reorganise imports 2010-09-11 18:07:47 +02:00
Matthias Dieter Wallnöfer
b5d872704c s4:param/secrets.c - reorganise imports 2010-09-11 18:04:50 +02:00
Matthias Dieter Wallnöfer
7e710c4de9 s4:rpc_server/common/common.h - introduce two forward declarations to suppress parameter declaration warnings 
Always Tru64 in file "param/loadparm.c" and possibly others.
 2010-09-11 18:04:48 +02:00
Matthias Dieter Wallnöfer
5f98d31fc0 ldb:tools/cmdline.c - make a counter unsigned where appropriate 2010-09-11 17:43:44 +02:00
Matthias Dieter Wallnöfer
c0a863b6f3 s4:ldb_register_samba_handlers - fix up and convert result codes to LDB/LDAP results 2010-09-11 17:41:38 +02:00
Matthias Dieter Wallnöfer
83cd3f7630 s4:dcesrv_samr_GetGroupsForUser - also universal group memberships are returned here 
Tested using User Manager for Domains against Windows Server 2008.
MS-SAMR 3.1.5.9.1 is wrong in this case therefore I've informed the dochelp team.
 2010-09-11 14:34:37 +02:00
Andrew Bartlett
e84ab1b35f s4-privs Fix enum privileges in LSARPC server 
We were returning the index, not the LUID value

Andrew Bartlett
 2010-09-11 22:32:43 +10:00
Andrew Bartlett
e13ed6fc78 s4:gensec Put the "NTLM" string for NTLMSSP's SASL name in a header 2010-09-11 22:32:43 +10:00
Andrew Tridgell
2921a888dc s4-param: removed the lp_ varients of the functions 
these made debugging much harder. We should replace these with
generated macros
 2010-09-11 22:32:43 +10:00
Andrew Tridgell
2a93814592 s4-param: move back to auto-generation of loadparm prototypes 2010-09-11 22:32:43 +10:00
Andrew Tridgell
837230f85e s4-credentials: get all attributes in cli_credentials_set_secrets() 
This ensures we get whenChanged, which is needed by the s3 winbind
code to ensure we don't repeatedly try to change the password
 2010-09-11 22:32:43 +10:00
Andrew Bartlett
a02a2c3557 libcli/security Use talloc_zero when making a struct security_token 2010-09-11 18:46:14 +10:00
Andrew Bartlett
0eea8ecfe2 s4-privs Seperate rights and privileges 
These are related, but slightly different concepts.  The biggest difference
is that rights are not enumerated as a system-wide list.

This moves the rights to security.idl due to dependencies.

Andrew Bartlett
 2010-09-11 18:46:13 +10:00
Andrew Bartlett
da9bca6282 s4-rpc_server Put all 'logon failure' messages at the same debug level 4 
Signed-off-by: Andrew Tridgell <tridge@samba.org>
 2010-09-11 18:46:12 +10:00
Andrew Tridgell
45aecc2833 s4-lsa: privilege IDs should use the enum, not an int 
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
 2010-09-11 18:46:12 +10:00
Andrew Bartlett
a32cdadb7c libcli/security Make sec_privilege_from_index() return SEC_PRIV_INVALID on failure 
This is clearer and more consistent than using a magic -1 return

Andrew Bartlett

Signed-off-by: Andrew Tridgell <tridge@samba.org>
 2010-09-11 18:46:11 +10:00
Andrew Bartlett
6d78e11e17 libcli/security make sec_privilege_id() return SEC_PRIV_INVALID on failure. 
Andrew Bartlett

Signed-off-by: Andrew Tridgell <tridge@samba.org>
 2010-09-11 18:46:10 +10:00
Andrew Bartlett
dbee98d30f libcli/security Move source4/ privileges code into the common libcli/security 
Signed-off-by: Andrew Tridgell <tridge@samba.org>
 2010-09-11 18:46:07 +10:00
Andrew Bartlett
9abfd8fe3b s4-privs Add a lookup by index of privilages 
Now that privileges are no longer given luid values sequentially,
we need another way to look them up for enumeration.

Andrew Bartlett

Signed-off-by: Andrew Tridgell <tridge@samba.org>
 2010-09-11 18:46:05 +10:00
Andrew Bartlett
e113af6fb1 privs Add my Copyright 
Signed-off-by: Andrew Tridgell <tridge@samba.org>
 2010-09-11 18:46:05 +10:00
Andrew Bartlett
e655e9f676 s4-privs Remove link between enum sec_privilege and the privilege bitmap 
This allows us to set the enum sec_privilege constants to the LUID
values that are seen from windows, which we need to match, in order
to preserve the support for the NT Print Migrator tool after a merge
with the source3/ privileges code.

Andrew Bartlett

Signed-off-by: Andrew Tridgell <tridge@samba.org>
 2010-09-11 18:46:04 +10:00
Björn Jacke
3eda2815f6 s4/pvfs: use monotonic time for this timeout 2010-09-10 23:10:26 +02:00
Björn Jacke
d320aa1212 s4/ldap: use time_mono for reconnect timeout 2010-09-10 23:10:26 +02:00
Björn Jacke
54ca77183b s4/torture: use time_mono for timeouts 2010-09-10 23:10:25 +02:00
Björn Jacke
478ac36b9c s4/torture: use time_mono for delta time 2010-09-10 23:10:25 +02:00
Matthias Dieter Wallnöfer
07af8f2514 s4:client/client.c - fix wrong return codes in "do_connect" 
Detected by the Solaris cc compiler.
 2010-09-10 22:45:50 +02:00
Matthias Dieter Wallnöfer
9d4dc69627 s4:lib/policy/gp_filesys.c - remove dead code 
Found out by Solaris cc
 2010-09-10 22:45:50 +02:00
Matthias Dieter Wallnöfer
55bc079b9a s4:torture/locktest.c - add a cast in order to quiet a warning on Solaris cc 2010-09-10 22:45:50 +02:00
Matthias Dieter Wallnöfer
ace43d4ccd s4:libcli/wrepl/winsrepl.c - add more "char *" casts in order to suppress Solaris warnings 2010-09-10 22:45:49 +02:00
Matthias Dieter Wallnöfer
ece428f02c s4:torture/ntp/ntp_signd.c - add more "char *" casts in order to suppress Solaris warnings 2010-09-10 22:45:49 +02:00
Matthias Dieter Wallnöfer
55598c4746 s4:torture/rpc/winreg.c - hopefully this attempt fixes Solaris "cc" on the buildfarm 
The Solaris "cc" incompatiblity on this codepart seems to be harder to fix than
it looks like.
 2010-09-10 20:20:26 +02:00
Matthias Dieter Wallnöfer
4fc1319db9 s4:getncchanges_change_master - also in this call "i" needs to be unsigned 2010-09-10 20:20:26 +02:00
Stefan Metzmacher
88f96578cd s4-errormap: map ERRSRV/ERRbaduid to NT_STATUS_USER_SESSION_DELETED 
metze
 2010-09-10 17:21:31 +02:00
Stefan Metzmacher
0ad2890c4e s4:provision: remember the setup directory if it wasn't the default 
This fixes make test without a make install.

metze
 2010-09-10 17:21:31 +02:00
Anatoliy Atanasov
788bfc8a25 s4/fsmo: Change return type from NTSTATUS to WERROR for drepl_takeFSMOrole 
This removed an unnecessary conversion of the return type in
drepl_take_FSMO_role.
 2010-09-10 13:44:20 +03:00
Anatoliy Atanasov
0ad22777ec s4/fsmo: Fix callback declaration 2010-09-10 13:29:38 +03:00
Kamen Mazdrashki
25dd9fae66 s4-drs: return DRSUAPI_EXOP_ERR_SUCCESS in extended_ret 
in case we are handling extended operation.

It seems that windows accept both DRSUAPI_EXOP_ERR_SUCCESS
and DRSUAPI_EXOP_ERR_NONE, but Samba is a little bit
more picky on this.
 2010-09-10 13:08:25 +03:00
Kamen Mazdrashki
611cd51096 s4-drs: Hanlde extended operations only once 
Most of extended operations I know of work like:
1. do extended operation
2. collect a set of objects to return and start replication cycle
3. continue returning object as we have no more to give

This way we ensure we are doing 1. only once
 2010-09-10 13:08:24 +03:00