Günther Deschner [Tue, 27 Oct 2009 12:49:21 +0000 (13:49 +0100)]
lsa: add LSA_SECRET access masks.
Guenther
Günther Deschner [Mon, 26 Oct 2009 22:47:01 +0000 (23:47 +0100)]
s3-lsa: use correct function name in_lsa_RemoveAccountRights().
Guenther
Günther Deschner [Mon, 26 Oct 2009 22:37:21 +0000 (23:37 +0100)]
s3-lsa: pure cosmetic indentation fixes.
Guenther
Günther Deschner [Mon, 26 Oct 2009 22:28:30 +0000 (23:28 +0100)]
s3-lsa: use enum lsa_LookupNamesLevel in lsa_lookup_level_to_flags().
Guenther
Matthias Dieter Wallnöfer [Tue, 27 Oct 2009 18:40:57 +0000 (19:40 +0100)]
ldb:tdb backend - be also here more careful with the result value
"msg_delete_attribute" doesn't return an LDB result constant.
Matthias Dieter Wallnöfer [Tue, 27 Oct 2009 18:11:15 +0000 (19:11 +0100)]
ldb:python bindings - make the intention by Jelmer ("int" vs. "enum") more clear
Matthias Dieter Wallnöfer [Tue, 27 Oct 2009 18:07:53 +0000 (19:07 +0100)]
Revert "ldb python bindungs - better use the "enum ldb_scope" for the search scope rather than "int""
This reverts commit
4f8826ff7f4789c5b5f363b733a42053f72aa526.
Jelmer pointed out that the "enum"s don't work so well in combination with python.
Karolin Seeger [Tue, 27 Oct 2009 15:04:35 +0000 (16:04 +0100)]
s3/docs: Document new pdbedit -K option.
Karolin
Michael Adam [Mon, 26 Oct 2009 15:07:58 +0000 (16:07 +0100)]
s3: pdbedit: add option --kickoff-time/-K to set the user's kickoff time
Use "never" as argument to set this to unlimited.
Michael
Andrew Tridgell [Tue, 27 Oct 2009 09:30:53 +0000 (20:30 +1100)]
s4-dsdb: call dsdb_make_schema_global() from ldb_wrap
Calling it from samdb_connect() can cause a stale schema to be put
into the global schema.
Thanks to Andrew Bartlett for spotting this.
Jeremy Allison [Tue, 27 Oct 2009 04:20:22 +0000 (21:20 -0700)]
Second part of the fix for bug 6828 - infinite timeout occurs when byte lock held outside of samba.
Fixes case where a connection with a pending lock can me marked "idle", and ensures
that the lock queue timeout is always recalculated.
Jeremy.
Andrew Tridgell [Tue, 27 Oct 2009 01:13:46 +0000 (12:13 +1100)]
s4-dsdb: always cancel transactions on all partitions
If we get an error ending a transaction on one partition we need to
continue on the other partitions.
Andrew Tridgell [Tue, 27 Oct 2009 00:44:05 +0000 (11:44 +1100)]
s4-ldb: '+' can also happen in base64 encoded index DNs
Andrew Bartlett [Tue, 27 Oct 2009 00:10:49 +0000 (11:10 +1100)]
s4:ldb Add detail to failures in the indexing code
Andrew Bartlett [Mon, 26 Oct 2009 23:54:16 +0000 (10:54 +1100)]
s4:dsdb Rework partitions module for better tracing
This means we need to create a fake 'module' which only has a 'next'
pointer, so that we can now ldb_next_request() (which incorporates
tracing). The remainaing stub of partition_request() is retained so
that we can indicate which partition an operation is destined for.
Similar tracing is added to the transaction handlers.
Andrew Bartlett
Andrew Bartlett [Mon, 26 Oct 2009 23:43:51 +0000 (10:43 +1100)]
s4:ldb Add additional tracing of the ldb API
This helps pin down where errors occour, by printing a call stack and
setting error strings and trace messages in the transaction case.
Andrew Bartlett
Andrew Bartlett [Sun, 25 Oct 2009 23:23:10 +0000 (10:23 +1100)]
s4:dsdb Remove partition_extended_schema_update_now
The schema update now request is now handled above the partitions
module.
Andrew Bartlett
Karolin Seeger [Mon, 26 Oct 2009 11:11:59 +0000 (12:11 +0100)]
s3: Rename new parameter "ldap ref follow" to "ldap follow referral".
This parameter will be introduced with Samba 3.5.0.
Karolin
Karolin Seeger [Mon, 26 Oct 2009 09:14:51 +0000 (10:14 +0100)]
s3:docs: Public is not a synonym for access based shareenum.
Fix build warning.
Karolin
Karolin Seeger [Mon, 26 Oct 2009 08:33:37 +0000 (09:33 +0100)]
s3:docs: fake dir create times is a global parameter.
Karolin
Andrew Tridgell [Sun, 25 Oct 2009 21:38:03 +0000 (08:38 +1100)]
s4-ldb: fixed request handling for schemaUpdateNow op
Andrew Tridgell [Sun, 25 Oct 2009 12:14:56 +0000 (23:14 +1100)]
Merge branch 'master' of ssh://git.samba.org/data/git/samba
Andrew Tridgell [Sun, 25 Oct 2009 11:02:31 +0000 (22:02 +1100)]
s4-ldb: allow for unescaped '=' in a index DN
The ldb_dn_explode code normally enforces all special characters,
including a '=', must be escaped. Unfortunately this conflicts with
the ltdb index DNs, which for binary attributes may be base64
encoded. This allows a unescaped '=' as a special case for index DNs.
Matthias Dieter Wallnöfer [Fri, 23 Oct 2009 15:23:44 +0000 (17:23 +0200)]
ldb:backend "connect" functions - convert result values to LDB constants
I think this is better since "ldb_backend_connect" and "ldb_connect" which
propagate those values should return only LDB constants. Therefore a conversion
(especially for "-1") would be needed.
Andrew Tridgell [Sun, 25 Oct 2009 06:19:03 +0000 (17:19 +1100)]
s4-samdb: reduce the number of samdb opens at startup
Using common parameters means that the ldb_wrap code can return a
reference rather than a new database
Andrew Tridgell [Sun, 25 Oct 2009 02:13:41 +0000 (13:13 +1100)]
s4-ldb: ensure DNs pass validity tests in indexing
Andrew Tridgell [Sun, 25 Oct 2009 02:12:32 +0000 (13:12 +1100)]
s4-ldb: fixed string length handling on index records
Andrew Tridgell [Fri, 23 Oct 2009 11:46:09 +0000 (22:46 +1100)]
s4-dsdb: ensure that new partitions inherit any transaction
Andrew Tridgell [Fri, 23 Oct 2009 11:45:03 +0000 (22:45 +1100)]
tdb: detect tdb store of identical records and skip
This can help with ldb where we rewrite the index records
Andrew Tridgell [Fri, 23 Oct 2009 11:43:24 +0000 (22:43 +1100)]
s4-ldb: don't allow modifies outside a transaction.
Andrew Tridgell [Fri, 23 Oct 2009 11:42:26 +0000 (22:42 +1100)]
s4-ldb: fixed re-index during a complex transaction
We may have modified index objects in the in-memory index tdb
Andrew Tridgell [Fri, 23 Oct 2009 06:12:48 +0000 (17:12 +1100)]
s4-python: fixed annoyance where control-C doesn't kill our python scripts
We want our scripts to die immediately when a user hits
control-C. Otherwise we not only annoy the hell out of the user, we
also risk db corruption as the control-C could get delivered as an
exception which gets mis-interpreted (eg. as a missing db object). We
use transactions for all our databases, so the right thing to do in
all our command line tools is to die immediately.
Stefan Metzmacher [Fri, 23 Oct 2009 15:30:47 +0000 (17:30 +0200)]
s4:dcesrv_samr: always use mem_ctx as initial parent for samr_*_state
We always steal the state to the policy handle on success,
but untill then keep it on the short term context.
metze
Stefan Metzmacher [Fri, 23 Oct 2009 13:12:01 +0000 (15:12 +0200)]
s4:loadparm: don't leak the names of all shares in each lp_service() call
metze
Stefan Metzmacher [Fri, 23 Oct 2009 13:11:08 +0000 (15:11 +0200)]
s4:dsdb/partition_init: don't leak a talloc_new() in case we have no data yet
metze
Stefan Metzmacher [Fri, 23 Oct 2009 15:26:58 +0000 (17:26 +0200)]
libcli/auth: initialize creds in netlogon_creds_client_init_session_key()
metze
Stefan Metzmacher [Fri, 23 Oct 2009 15:25:19 +0000 (17:25 +0200)]
s4:gensec/schannel: remove unused talloc_reference() in schannel_update()
We never expose creds to the caller in schannel_update().
metze
Stefan Metzmacher [Fri, 23 Oct 2009 15:23:56 +0000 (17:23 +0200)]
libcli/auth: fix memory leak in schannel_creds_server_step_check_ldb()
metze
Stefan Metzmacher [Fri, 23 Oct 2009 13:10:20 +0000 (15:10 +0200)]
libcli/auth: don't leak the ldb_msg in schannel_store_session_key_ldb()
metze
Barry Sabsevitz [Fri, 23 Oct 2009 18:50:29 +0000 (11:50 -0700)]
Fix bug 6802 - A created folder does not properly inherit permissions from parent.
Stefan Metzmacher [Fri, 23 Oct 2009 11:51:03 +0000 (13:51 +0200)]
tdb: rename 'struct list_struct' into 'struct tdb_record'
metze
Matthias Dieter Wallnöfer [Fri, 23 Oct 2009 12:26:41 +0000 (14:26 +0200)]
ldb python bindungs - better use the "enum ldb_scope" for the search scope rather than "int"
Bo Yang [Sat, 24 Oct 2009 01:20:00 +0000 (09:20 +0800)]
s3: Fix crash in pam_winbind, another reference to freed memory.
Signed-off-by: Bo Yang <boyang@samba.org>
Andrew Tridgell [Fri, 23 Oct 2009 05:23:01 +0000 (16:23 +1100)]
s4-python: we need to include Python.h first
If we don't include Python.h first then we get a pile of warnings due
to broken redefines of XOPEN_SOURCE in the Python includes.
Andrew Bartlett [Fri, 23 Oct 2009 03:58:09 +0000 (14:58 +1100)]
s4:dsdb 'attrs' must be static (otherwise segv with async)
The async code makes this really easy to mess up...
Andrew Bartlett
Andrew Bartlett [Fri, 23 Oct 2009 02:37:53 +0000 (13:37 +1100)]
s4:dsdb Fix samba3sam test again.
We again need to be careful not to call 'ldb_next_request' based functions in the partitions module.
Or, we need to instead go back to having that work, and ditch the
partition_request stuff...
Andrew Bartlett
Andrew Bartlett [Fri, 23 Oct 2009 01:34:41 +0000 (12:34 +1100)]
s4:dsdb Add error string in 'no such object' because of 0 replies case
Andrew Bartlett [Fri, 23 Oct 2009 00:36:23 +0000 (11:36 +1100)]
s4:dsdb Remove unused variables
Andrew Bartlett [Thu, 22 Oct 2009 23:08:27 +0000 (10:08 +1100)]
s4:dsdb Do less allocation when searching for partitions modules
(it didn't help that the previous allocation was on the wrong long-term context)
Andrew Bartlett
Andrew Bartlett [Thu, 22 Oct 2009 07:22:26 +0000 (18:22 +1100)]
s4:setup Mark 'cn' in secrets as case insensitive
While this does not matter very much, others may later expect 'cn' to be case
insensitive.
Andrew Bartlett
Andrew Bartlett [Thu, 22 Oct 2009 07:21:50 +0000 (18:21 +1100)]
s4:secrets Look for LDAP secret with a name that is indexed
This avoids a very common unindexed lookup
Andrew Bartlett [Thu, 22 Oct 2009 07:21:02 +0000 (18:21 +1100)]
s4:gensec Use an index on computerName in schannel.ldb
Andrew Bartlett [Thu, 22 Oct 2009 07:20:07 +0000 (18:20 +1100)]
util:ldb Allow multiple entries to be added in one LDIF snippit
Andrew Bartlett [Thu, 22 Oct 2009 04:54:57 +0000 (15:54 +1100)]
s4:dsdb Split schema loading and schema data management
By splitting the module this way, we can load the schema at startup, after
the partitions module is operational, but we leave the 'mess with details of
entries in the partitions' module to operate only on the partitions module.
Loading the schema later allows us to set the @ATTRIBUTES correctly on all
the databases.
Andrew Bartlett
Andrew Bartlett [Thu, 22 Oct 2009 04:54:12 +0000 (15:54 +1100)]
s4:dsdb Set partitions metadata as soon as it is set up.
Andrew Tridgell [Fri, 23 Oct 2009 04:38:54 +0000 (15:38 +1100)]
s4-selftest: lower some of the timeouts during make test
This speeds up some of the delay based tests by a lot. There is no
need to have long delays during testing.
Andrew Tridgell [Fri, 23 Oct 2009 03:54:07 +0000 (14:54 +1100)]
s4-samdb: make sure the static credentials are never freed
Andrew Tridgell [Fri, 23 Oct 2009 03:50:56 +0000 (14:50 +1100)]
s4-ldb: move the tdb_reopen_all() calls to ldb_wrap.c
Andrew Tridgell [Fri, 23 Oct 2009 03:46:34 +0000 (14:46 +1100)]
s4-ldb: use ldb_wrap_fork_hook() to cancel child transactions
Andrew Tridgell [Fri, 23 Oct 2009 03:46:08 +0000 (14:46 +1100)]
s4-ldb: added ldb_transaction_cancel_noerr()
This will be used to allow cancelling of transactions in a child after
a fork()
Andrew Tridgell [Fri, 23 Oct 2009 03:31:07 +0000 (14:31 +1100)]
s4-server: call the ldb_wrap_fork_hook() after a fork()
This will be used to allow us to cancel any pending transactions
after a fork.
Andrew Tridgell [Fri, 23 Oct 2009 03:30:00 +0000 (14:30 +1100)]
s4-server: pre-open the main ldb databases in the server
By pre-opening these databases and leaving them open, we allow the new
ldb_wrap_connect() code to share the ldb context between users.
Andrew Tridgell [Fri, 23 Oct 2009 03:27:00 +0000 (14:27 +1100)]
s4-ldbwrap: added re-use of ldb contexts in ldb_wrap_connect()
This allows us to reuse a ldb context if it is open twice, instead
of going through the expensive process of a full ldb open. We can
reuse it if all of the parameters are the same.
The change relies on callers using talloc_unlink() or free of a parent
to close a ldb context.
Andrew Tridgell [Fri, 23 Oct 2009 03:23:40 +0000 (14:23 +1100)]
s4-dsdb: add a static samdb_credentials
Similarly to system_session(), this creates a static
samdb_credentials()
Andrew Tridgell [Fri, 23 Oct 2009 03:19:28 +0000 (14:19 +1100)]
s4-dsdb: create a static system_session context
This patch adds a system_session cache, preventing us from having to
recreate it on every ldb open, and allowing us to detect when the same
session is being used in ldb_wrap
Jeremy Allison [Thu, 22 Oct 2009 22:26:22 +0000 (15:26 -0700)]
Simplify the logic.
Jeremy.
Jeremy Allison [Thu, 22 Oct 2009 22:06:38 +0000 (15:06 -0700)]
Fix bug 6829 - smbclient does not show special characters properly.
All successful calls to cli_session_setup() *must* be followed by
calls to cli_init_creds() to stash the credentials we successfully
connected with. There were 2 codepaths where this was missing. This
caused smbclient to be unable to open the \srvsvc pipe to do an RPC
netserverenum, and cause it to fall back to a RAP netserverenum,
which uses DOS codepage conversion rather than the full UCS2 of
RPC, so the returned characters were not correct (unless the DOS
codepage was set correctly). Phew. That was fun to track down :-).
Jeremy.
Volker Lendecke [Thu, 22 Oct 2009 14:32:13 +0000 (16:32 +0200)]
s3: Remove a pointless #endif/#ifdef pair
Andrew Tridgell [Thu, 22 Oct 2009 08:05:02 +0000 (19:05 +1100)]
s4-lsa: fixed breakage of lsa server
Andrew Tridgell [Thu, 22 Oct 2009 07:45:43 +0000 (18:45 +1100)]
s4-torture: fixed double free in libnet_group test
Matthias Dieter Wallnöfer [Thu, 22 Oct 2009 07:17:27 +0000 (09:17 +0200)]
s4:provision - Reintroduce accidentally removed parameters and checks from "guess_names"
abartlet pointed out that those are essential for a safe and consistent provision.
Andrew Tridgell [Thu, 22 Oct 2009 03:44:47 +0000 (14:44 +1100)]
s4-lsa: fixed the lsa server to cope with the new tests from gd
Andrew Tridgell [Thu, 22 Oct 2009 01:45:48 +0000 (12:45 +1100)]
s4-ldb: added a TODO about checking the indexlist
Andrew Tridgell [Thu, 22 Oct 2009 01:45:26 +0000 (12:45 +1100)]
s4-ldb: fixed some memory leaks in new indexing code
Andrew Tridgell [Thu, 22 Oct 2009 01:29:35 +0000 (12:29 +1100)]
s4-ldb: don't try to index non-indexed attributes
Andrew Tridgell [Thu, 22 Oct 2009 00:19:19 +0000 (11:19 +1100)]
s4-selftest: removed raw.unlink from quicktest
This test takes 40s, and quicktest already covers delete operations in
base.delete
Andrew Tridgell [Thu, 22 Oct 2009 00:16:30 +0000 (11:16 +1100)]
s4-ldb: ensure new dn_list elements are not owned by caller
Andrew Tridgell [Thu, 22 Oct 2009 00:16:00 +0000 (11:16 +1100)]
s4-ldb: over-allocate index records to save on realloc costs
Andrew Tridgell [Thu, 22 Oct 2009 00:15:18 +0000 (11:15 +1100)]
s4-ldb: fixed tdb error handling in ldb_index.c
Andrew Tridgell [Thu, 22 Oct 2009 00:14:36 +0000 (11:14 +1100)]
s4-ldb: delete empty index records
Andrew Tridgell [Thu, 22 Oct 2009 00:13:28 +0000 (11:13 +1100)]
s4-ldb: do more validation of idxptr lists
Andrew Tridgell [Thu, 22 Oct 2009 00:06:33 +0000 (11:06 +1100)]
s4-ldb: expose ltdb_err_map and ltdb_delete_noindex
These will be used by ldb_index.c
Andrew Tridgell [Thu, 22 Oct 2009 00:05:15 +0000 (11:05 +1100)]
s4-ldb: fast path for equal pointers
We compare identical ldb_val values surprisingly often
Andrew Tridgell [Thu, 22 Oct 2009 00:04:40 +0000 (11:04 +1100)]
selftest: make python run unbuffered
This makes some output in make test easier to follow
Andrew Tridgell [Thu, 22 Oct 2009 00:03:27 +0000 (11:03 +1100)]
util: fixed place where we could look one byte past end of string
We need to check the length before the value
Andrew Tridgell [Wed, 21 Oct 2009 23:36:58 +0000 (10:36 +1100)]
idl-drsblobs: mark some more reserved values as value(0)
This prevents valgrind errors when we store these blobs in a database
Andrew Tridgell [Wed, 21 Oct 2009 11:33:58 +0000 (22:33 +1100)]
s4-ldb: when taking a list intersection, the result can be as long as the first list
Intuitively you would think it couldn't be longer than the minimum of
the two lists, but we are deliberately allowing for duplicates at this
level of the indexing code, which means the result can be longer
Andrew Tridgell [Wed, 21 Oct 2009 11:21:26 +0000 (22:21 +1100)]
s4-ldb: ldb indexing rewrite - part1
This gets rid of the @IDXPTR approach to in-transaction indexing,
instead using an in-memory tdb to hold index values during a
transaction. This also cleans up a lot of the internal indexing logic,
hopefully making it easier to understand.
One of the big changes is in memory management, with a lot more use
made of talloc tricks to avoid copying dn lists, and shortcuts used to
avoid high intersection and union calculation costs.
The overall result is that a re-provision on my laptop goes from 48s
to a bit over 10s.
Andrew Tridgell [Wed, 21 Oct 2009 11:18:32 +0000 (22:18 +1100)]
s4-ldb: ldb_oom() for modules
Andrew Bartlett [Wed, 21 Oct 2009 23:17:35 +0000 (10:17 +1100)]
s4:torture Silence const warning by use of data_blob_const()
This was inspired by one of mdw's const patches
Andrew Bartlett
Matthias Dieter Wallnöfer [Sat, 17 Oct 2009 20:20:43 +0000 (22:20 +0200)]
s4:dsdb/samdb/cracknames - Remove unused header and add more "const"
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Matthias Dieter Wallnöfer [Sat, 17 Oct 2009 20:30:22 +0000 (22:30 +0200)]
s4:ldb_sort - Add some more "const"
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Matthias Dieter Wallnöfer [Sat, 17 Oct 2009 20:30:43 +0000 (22:30 +0200)]
s4:libcli/security/access_check - Add "const" in front of "type"
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Matthias Dieter Wallnöfer [Sat, 17 Oct 2009 20:39:15 +0000 (22:39 +0200)]
s4:smbtorture - Add "const" before "value"
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Andrew Bartlett [Wed, 21 Oct 2009 22:45:14 +0000 (09:45 +1100)]
s4:dsdb Use the 'correct' case for the namingContext values in rootDSE
This makes the namingContext attributes in the rootDSE a little more pretty, by
using the exact same values as used in the database DNs.
Andrew Bartlett
Andrew Bartlett [Wed, 21 Oct 2009 22:22:18 +0000 (09:22 +1100)]
s4:dsdb Add default modules list to samba3sam
This is needed because the work to allow existing databases to be loaded now
moves the 'you have an old @PARTITION' record to the presense or absence of
this attribute.
Andrew Bartlett
Matthias Dieter Wallnöfer [Wed, 21 Oct 2009 17:38:52 +0000 (19:38 +0200)]
s4:provision - rework the "guess_names" and "make_smbconf" method
- Cleans it up from unnecessary "lower()/upper()" and parameters which can be
derived through "lp" calls.
- Substitute the "HOSTNAME" caption in the "smb.conf" templates with
"NETBIOS_NAME" which fits better.
- Now the "realm" and "domain" parameter of the provision are totally case
insensitive and the script itself up/downcases them appropriately depending
on the use (e.g. "realm" upcase for KERBEROS, lowcase for DNS domainname).
Björn Jacke [Wed, 21 Oct 2009 20:45:18 +0000 (22:45 +0200)]
s3:Makefile: add some explicit dependencies to libc
Add libc as explicit dependency where we use "-z defs" linker flags. This is
to silence the Sun linker. Otherwise it whines:
malloc ... (symbol belongs to implicit dependency /lib/libc.so.1)
Matthias Dieter Wallnöfer [Wed, 21 Oct 2009 16:46:44 +0000 (18:46 +0200)]
s4:provision - important fix for DNS domainname: lower realm
Matthias Dieter Wallnöfer [Wed, 21 Oct 2009 15:56:17 +0000 (17:56 +0200)]
.gitignore: add "partition_proto.h"