Anatoliy Atanasov [Thu, 24 Jun 2010 17:48:07 +0000 (20:48 +0300)]
s4:schema/schema_set.c - free LDB message diffs
Especially the "free"s after "ldb_msg_diff" are very important since the diff
message is allocated on the long-living LDB context.
Signed-off-by: Matthias Dieter Wallnöfer <mdw@samba.org>
Anatoliy Atanasov [Thu, 24 Jun 2010 17:48:07 +0000 (20:48 +0300)]
s4:auth/session.c - free "group_string" when not needed
Signed-off-by: Matthias Dieter Wallnöfer <mdw@samba.org>
Andrew Bartlett [Wed, 30 Jun 2010 00:20:11 +0000 (10:20 +1000)]
s4:dsdb Fix possible schema segfaults for DRS-replication based schema
The problem here is that if the schema has been modified on the source
domain, there may be attributes that appear over DRS with 0 values (to
indicate that any existing values on the target should be deleted).
This would confuse the previous version of this macro.
Andrew Bartlett
Günther Deschner [Tue, 29 Jun 2010 21:35:45 +0000 (23:35 +0200)]
s4-smbtorture: remove duplicate torture_assert_sid_equal macro.
Guenther
Günther Deschner [Tue, 29 Jun 2010 21:10:47 +0000 (23:10 +0200)]
s4-smbtorture: fix incorrect IDL for QueryMultipleValue (aka RVALENT).
Found by torture test.
Guenther
Günther Deschner [Tue, 29 Jun 2010 19:53:00 +0000 (21:53 +0200)]
s4-smbtorture: add more sophisticated tests for winreg_QueryMultipleValues{2}.
Guenther
Matthias Dieter Wallnöfer [Tue, 29 Jun 2010 20:30:05 +0000 (22:30 +0200)]
s4:ntvfs/ipc/vfs_ipc.c - remove unused code
Spotted by the Solaris 10 compiler
Matthias Dieter Wallnöfer [Tue, 29 Jun 2010 20:33:32 +0000 (22:33 +0200)]
s4:ntvfs/ipc/vfs_ipc.c - add casts to suppress warnings on Solaris 10
Matthias Dieter Wallnöfer [Tue, 29 Jun 2010 20:33:32 +0000 (22:33 +0200)]
s4:ntp_signd/ntp_signd.c - add casts to suppress warnings on Solaris 10
Matthias Dieter Wallnöfer [Tue, 29 Jun 2010 20:30:05 +0000 (22:30 +0200)]
s4:rpc_server/browser.c - remove unused code
Spotted by the Solaris 10 compiler
Matthias Dieter Wallnöfer [Tue, 29 Jun 2010 20:30:05 +0000 (22:30 +0200)]
s4:smb_server/smb2/find.c - remove unused code
Spotted by the Solaris 10 compiler
Matthias Dieter Wallnöfer [Tue, 29 Jun 2010 20:30:05 +0000 (22:30 +0200)]
s4:smb_server/blob.c - remove unused code
Spotted by the Solaris 10 compiler
Matthias Dieter Wallnöfer [Tue, 29 Jun 2010 20:23:15 +0000 (22:23 +0200)]
s4:dsdb/new_partition.c - remove the "ldb_next_request" call which we find also below the "if" block
Matthias Dieter Wallnöfer [Tue, 29 Jun 2010 20:21:22 +0000 (22:21 +0200)]
ldb:ldb_map_outbound.c - "ldb_parse_tree_collect_attrs" - remove unneeded return value
Matthias Dieter Wallnöfer [Tue, 29 Jun 2010 20:16:15 +0000 (22:16 +0200)]
ldb:ldb_modules.c - "ldb_dso_load_symbol" - remove unneeded caste before "dlsym"
Matthias Dieter Wallnöfer [Tue, 29 Jun 2010 20:10:14 +0000 (22:10 +0200)]
s4:ldb - "ldb_dn_update_components" - fix free of invalid DN parts
Use "LDB_FREE" for such free operations and in addition wipe also the casefolded
DN out.
Matthias Dieter Wallnöfer [Tue, 29 Jun 2010 20:07:51 +0000 (22:07 +0200)]
ldb:ldb_dn.c - "ldb_dn_set_extended_component" - free the linearized string when the components change
Matthias Dieter Wallnöfer [Tue, 29 Jun 2010 20:04:24 +0000 (22:04 +0200)]
s4:ldb_dn.c - make the code parts which free extended components consistent
Cosmetic
Matthias Dieter Wallnöfer [Tue, 29 Jun 2010 19:59:37 +0000 (21:59 +0200)]
ldb:ldb_dn - "ldb_dn_explode" - move the "dn->comp_num" initalisation upwards and use "LDB_FREE" for freeing "dn->components"
Mostly cosmetic - no behaviour change
Günther Deschner [Tue, 29 Jun 2010 17:57:06 +0000 (19:57 +0200)]
s4-smbtorture: remove some pointless mem_equal tests in LOCAL-NDR-WINREG testsuite.
Guenther
Günther Deschner [Tue, 29 Jun 2010 15:19:28 +0000 (17:19 +0200)]
s4-smbtorture: handle NT_STATUS_NOT_IMPLEMENTED in GetForestTrustInformation test.
When skipping over it, we can at least verify the credential chain.
Guenther
Günther Deschner [Tue, 29 Jun 2010 15:16:25 +0000 (17:16 +0200)]
s4-smbtorture: use TEST_MACHINE_NAME in test_netr_GetForestTrustInformation().
Guenther
Günther Deschner [Tue, 29 Jun 2010 15:13:01 +0000 (17:13 +0200)]
s4-smbtorture: add netr_GetForestTrustInformation test to RPC-NETLOGON.
Guenther
Günther Deschner [Tue, 29 Jun 2010 12:54:43 +0000 (14:54 +0200)]
s3-utils: remove rpccheck.
Impossible to get this to compile after the conversion to pidl.
Guenther
Matthias Dieter Wallnöfer [Tue, 29 Jun 2010 12:48:25 +0000 (14:48 +0200)]
Revert "s4/dsdb: Fixed partition_search() not to pass special DN's to LDAP backend."
This reverts commit
ed4c107bc1eac8531fdd8d09f7698efcbc7ecb14.
See post "Endi's Bug 7530 patches (LDAP backend)" on samba-technical.
Matthias Dieter Wallnöfer [Tue, 29 Jun 2010 12:52:43 +0000 (14:52 +0200)]
Revert "s4/auth: Fixed authsam_expand_nested_groups() to find entry SID if not available in the DN."
This reverts commit
fa9557fee3ca546878d99b77f1ff37f724c37024.
See post "Endi's Bug 7530 patches (LDAP backend)" on samba-technical.
Günther Deschner [Tue, 29 Jun 2010 10:26:24 +0000 (12:26 +0200)]
s4-smbtorture: add NDR torture test for winreg_QueryMultipleValues2.
Guenther
Günther Deschner [Tue, 29 Jun 2010 10:14:02 +0000 (12:14 +0200)]
s4-smbtorture: add RPC torture test for winreg_QueryMultipleValues2.
Guenther
Günther Deschner [Tue, 29 Jun 2010 10:04:56 +0000 (12:04 +0200)]
winreg: fix winreg_QueryMultipleValues2 IDL.
Guenther
Günther Deschner [Tue, 29 Jun 2010 09:40:24 +0000 (11:40 +0200)]
winreg: fix winreg_QueryMultipleValues() IDL and torture tests.
Guenther
Andreas Schneider [Tue, 29 Jun 2010 08:42:36 +0000 (10:42 +0200)]
s3-client: Make sure we only write to an opened file.
Found by clang-analyzer.
Andreas Schneider [Tue, 29 Jun 2010 08:34:17 +0000 (10:34 +0200)]
s3-winbind: Make sure we crash if domain is really not found.
Found by clang-analyzer.
Andreas Schneider [Tue, 29 Jun 2010 08:07:22 +0000 (10:07 +0200)]
s3-net: Make sure we don't call free on garbage.
Found by clang-analyzer.
Andreas Schneider [Mon, 28 Jun 2010 11:20:18 +0000 (13:20 +0200)]
s3-net: Use talloc_asprintf and return if file is in wrong format.
Found by clang-analyzer.
Andreas Schneider [Mon, 28 Jun 2010 19:00:30 +0000 (21:00 +0200)]
s3-librpc: Fixed GUID_from_data_blob() with length of 32.
If we hit the case that the blob length is 32. The code goes to the end
of the function and generates a GUID with garbage.
So try to convert the blob to the GUID and return.
Nadezhda Ivanova [Tue, 29 Jun 2010 08:46:22 +0000 (11:46 +0300)]
Fixed incorrect use of cn instead of lDAPDisplayName
Andrew Bartlett [Wed, 23 Jun 2010 11:15:43 +0000 (21:15 +1000)]
s4:secrets Ensure secrets.ldb uses the same hooks as the rest of Samba
This ensures that, for example, the utf8 functions are the same,
the GUID handler is the same and the NOSYNC flag is applied.
Andrew Bartlett
Andrew Bartlett [Wed, 23 Jun 2010 23:42:40 +0000 (09:42 +1000)]
s4:selftest Split out PKINIT tests from test_kinit.sh and test enc types
This allows us to run the PKINIT tests only against the main DC (for
which the certificates were generated), while testing the available
encryption types in each functional level.
In particular, we need to assert that AES encryption is available in
the 2008 functional level.
Andrew Bartlett
Andrew Bartlett [Wed, 23 Jun 2010 23:40:16 +0000 (09:40 +1000)]
s4:kdc Rework the 'allowed enc types' calculation
This changes the calculation to apply the allowed enc types to all
uses of the key (no point allowing a weak kinit to a key the server
wanted strongly protected). It also ensures that all the non-DES keys
are available on the krbtgt in particular, even as it does not have a
msds-SupportedEncryptionTypes attributes.
Andrew Bartlett
Andrew Bartlett [Thu, 24 Jun 2010 00:03:29 +0000 (10:03 +1000)]
s4:auth Query LDB for msds-SupportedEncryptionTypes for the KDC
The KDC needs this to determine what encryption types an entry supports
Andrew Bartlett
Andrew Bartlett [Mon, 28 Jun 2010 13:19:16 +0000 (23:19 +1000)]
s4:kerberos Add functions to convert msDS-SupportedEncryptionTypes
This will allow us to interpret this attibute broadly in Samba.
Andrew Bartlett
Andrew Bartlett [Mon, 28 Jun 2010 13:17:28 +0000 (23:17 +1000)]
s4:libnet_join Fix typo in msDS-SupportedEncryptionTypes
Andrew Bartlett [Mon, 28 Jun 2010 13:14:23 +0000 (23:14 +1000)]
s4:provision Add an msDS-SupportedEncryptionTypes entry to our DC
This ensures that our DC will use all the available encyption types.
(The KDC reads this entry to determine what the server supports)
Andrew Bartlett
Andrew Tridgell [Mon, 28 Jun 2010 03:40:32 +0000 (13:40 +1000)]
build: only use git when found by configure
this rebuilds version.h whenever the git version changes, so we always
get the right version with samba -V. That adds about 15s to the build
time on each git commit, which shouldn't be too onerous
Andrew Tridgell [Mon, 28 Jun 2010 03:39:00 +0000 (13:39 +1000)]
build: allow LOAD_ENVIRONMENT() to pass when no configure has been run
this returns an empty environment
Andrew Tridgell [Mon, 28 Jun 2010 02:07:55 +0000 (12:07 +1000)]
build: allow always=True/False on SAMBA_GENERATOR()
this allows us to force a rule to always run. Will be used by
samba_version
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Kamen Mazdrashki [Mon, 28 Jun 2010 17:46:39 +0000 (20:46 +0300)]
s4/repl_meta_data: remove duplicated (and commented out) log
Kamen Mazdrashki [Mon, 28 Jun 2010 17:43:11 +0000 (20:43 +0300)]
s4/ndr: Fix tuncating of constant to a 'long' type
Matthias Dieter Wallnöfer [Mon, 28 Jun 2010 21:12:10 +0000 (23:12 +0200)]
s4:lib/registry/ldb.c - add a missing brace
Sorry didn't check that earlier.
Matthias Dieter Wallnöfer [Mon, 28 Jun 2010 19:17:37 +0000 (21:17 +0200)]
s4:lib/registry/ldb.c - fix memory handling in "ldb_open_key"
Matthias Dieter Wallnöfer [Mon, 28 Jun 2010 19:15:17 +0000 (21:15 +0200)]
s4:lib/ldb/registry.c - handle the classname in the right way
This is for "ldb_get_key_info".
Matthias Dieter Wallnöfer [Thu, 24 Jun 2010 18:11:09 +0000 (20:11 +0200)]
s4:lib/registry/ldb.c - remove really useless "local_ctx"
"mem_ctx" should fit for these few local allocations.
Matthias Dieter Wallnöfer [Thu, 24 Jun 2010 14:17:16 +0000 (16:17 +0200)]
s4:lib/registry/ldb.c - retrieve the classname correctly in "ldb_get_subkey_by_id"
Matthias Dieter Wallnöfer [Thu, 24 Jun 2010 14:06:39 +0000 (16:06 +0200)]
s4:lib/registry/ldb.c - change the "ldb_get_value" implementation to use the value cache and not an LDB lookup
In addition this fixes the use of special characters in registry object names.
Ira Cooper [Mon, 28 Jun 2010 17:39:28 +0000 (13:39 -0400)]
s3: Change exit on immediate socket failure.
This change makes it so socket errors early in the smbd child
process cause orderly exits not coredumps.
Signed-off-by: Jeremy Allison <jra@samba.org>
Matthias Dieter Wallnöfer [Mon, 28 Jun 2010 18:26:16 +0000 (20:26 +0200)]
s4:auth/sam.c - "authsam_expand_nested_groups" - small performance improvement
We can save one search operation if "only_childs" is false and when we had no
SID passed as extended DN component.
Matthias Dieter Wallnöfer [Mon, 28 Jun 2010 18:25:47 +0000 (20:25 +0200)]
s4:auth/sam.c - "authsam_expand_nested_groups" - cosmetic/comments
Matthias Dieter Wallnöfer [Mon, 28 Jun 2010 17:57:12 +0000 (19:57 +0200)]
s4:auth/sam.c - "authsam_expand_nested_groups" - use "dsdb_search_dn" where possible
And always catch LDB errors
Jelmer Vernooij [Mon, 28 Jun 2010 18:10:08 +0000 (20:10 +0200)]
selftest: Remove accidentally committed dummy test.
Endi S. Dewata [Mon, 28 Jun 2010 16:13:03 +0000 (11:13 -0500)]
s4/spnupdate: Fixed spnupdate to use secrets credentials when accessing SamDB.
Signed-off-by: Matthias Dieter Wallnöfer <mdw@samba.org>
Endi S. Dewata [Mon, 28 Jun 2010 16:18:16 +0000 (11:18 -0500)]
s4/libcli: Register LDB_CONTROL_REVEAL_INTERNALS and DSDB_CONTROL_PASSWORD_CHANGE_STATUS_OID controls.
Signed-off-by: Matthias Dieter Wallnöfer <mdw@samba.org>
Endi S. Dewata [Mon, 28 Jun 2010 15:54:37 +0000 (10:54 -0500)]
s4/dsdb: Fixed partition_search() not to pass special DN's to LDAP backend.
Signed-off-by: Matthias Dieter Wallnöfer <mdw@samba.org>
Endi S. Dewata [Mon, 28 Jun 2010 15:45:04 +0000 (10:45 -0500)]
s4/auth: Fixed authsam_expand_nested_groups() to find entry SID if not available in the DN.
Signed-off-by: Matthias Dieter Wallnöfer <mdw@samba.org>
Volker Lendecke [Mon, 28 Jun 2010 14:54:56 +0000 (16:54 +0200)]
s3: Make some routines static in smbldap
Matthias Dieter Wallnöfer [Mon, 28 Jun 2010 09:25:43 +0000 (11:25 +0200)]
s4:repl_meta_data LDB module - fix counter type
Matthias Dieter Wallnöfer [Mon, 28 Jun 2010 09:25:43 +0000 (11:25 +0200)]
s4:acl LDB module - fix counter type
Matthias Dieter Wallnöfer [Mon, 28 Jun 2010 09:21:56 +0000 (11:21 +0200)]
s4:dcesrv_drsuapi.c - fix a counter variable
Matthias Dieter Wallnöfer [Mon, 28 Jun 2010 09:08:19 +0000 (11:08 +0200)]
s4:selftest - also "rpc.samr.users.privileges" does work now
Matthias Dieter Wallnöfer [Mon, 28 Jun 2010 09:05:59 +0000 (11:05 +0200)]
s4:lsa RPC server - Fix up "dcesrv_lsa_DeleteObject"
- Return always "NT_STATUS_OK" on success
- Remove "talloc_free"s on handles since the frees are automatically performed by
the DCE/RPC server code
Matthias Dieter Wallnöfer [Mon, 28 Jun 2010 08:45:26 +0000 (10:45 +0200)]
s4:knownfail - "pwdLastSet" test does work now
Matthias Dieter Wallnöfer [Mon, 28 Jun 2010 08:43:11 +0000 (10:43 +0200)]
s4:torture/rpc/samr.c - test_SetPassword_LastSet - introduce the delays also for s4
Matthias Dieter Wallnöfer [Sat, 12 Jun 2010 13:47:14 +0000 (15:47 +0200)]
s4:torture - SAMR password tests - activate support for password sets on level "18" and "21"
Matthias Dieter Wallnöfer [Tue, 22 Jun 2010 20:11:00 +0000 (22:11 +0200)]
s4:selftest - activate the lanman password changes
This is needed for a working "OemChangePasswordUser2" operation.
Matthias Dieter Wallnöfer [Mon, 21 Jun 2010 20:26:31 +0000 (22:26 +0200)]
s4:dcesrv_samr_SetUserInfo - implement right "pwdLastSet" behaviour
Behaviour as the torture SAMR passwords tests show.
Matthias Dieter Wallnöfer [Sun, 27 Jun 2010 21:13:14 +0000 (23:13 +0200)]
s4:dcesrv_samr_SetUserInfo - deny operations when "fields_present" is 0
Taken from s3
Matthias Dieter Wallnöfer [Mon, 21 Jun 2010 12:54:19 +0000 (14:54 +0200)]
s4:dcesrv_samr_SetUserInfo - port the "SAMR_FIELD_LAST_PWD_CHANGE" check from s3 to s4
Matthias Dieter Wallnöfer [Mon, 21 Jun 2010 12:41:27 +0000 (14:41 +0200)]
s4:dcesrv_samr_SetUserInfo - implement password set level 21
Matthias Dieter Wallnöfer [Sat, 12 Jun 2010 12:40:11 +0000 (14:40 +0200)]
s4:dcesrv_samr_SetUserInfo - implement case 18 which allows to reset the user password
Matthias Dieter Wallnöfer [Mon, 21 Jun 2010 20:59:11 +0000 (22:59 +0200)]
s4:OemChangePasswordUser2 - return "NT_STATUS_WRONG_PASSWORD" when we haven't activated the the lanman auth
This is what s3 does.
Matthias Dieter Wallnöfer [Mon, 21 Jun 2010 19:16:20 +0000 (21:16 +0200)]
s4:samr_password.c - add a function which sets the password through encrypted password hashes
Used for password sets on "samr_SetUserInfo" level 18 and 21.
Günther Deschner [Mon, 28 Jun 2010 12:47:16 +0000 (14:47 +0200)]
s4-smbtorture: fix typo.
Not my day...
Guenther
Matthias Dieter Wallnöfer [Mon, 28 Jun 2010 08:24:28 +0000 (10:24 +0200)]
s4:torture/rpc/samr.c - test_SetPassword_LastSet - fix "pwdLastSet" test
- Remove superflous checks (on level 18, 24, 26 we do always have "pwdLastSet"
resets if "password_expired" > 0)
- Fixed some bugs
Signed-off-by: Günther Deschner <gd@samba.org>
Günther Deschner [Mon, 28 Jun 2010 12:08:30 +0000 (14:08 +0200)]
s4-smbtorture: add trustDomainPasswords blob test to LOCAL-NDR testsuite.
Our parsing of this struct is incorrect atm. and apparently also causes the s4
server to crash.
Thanks to Sumit Bose <sbose@redhat.com> for providing the auth data retrieved
from a w2k3 domain.msc operation.
Guenther
Günther Deschner [Mon, 28 Jun 2010 12:04:47 +0000 (14:04 +0200)]
s3-registry: missed one perflib keyname delimiter.
Guenther
Volker Lendecke [Mon, 28 Jun 2010 12:08:11 +0000 (14:08 +0200)]
s3: More cleanup in winbindd_ads.c:query_user
We can't ads_msgfree after the ads struct has been killed. Do early returns.
Volker Lendecke [Mon, 28 Jun 2010 11:51:51 +0000 (13:51 +0200)]
s3: Fix a valgrind error
nss_get_info_cached does not necessarily fill in gid
Volker Lendecke [Mon, 28 Jun 2010 09:52:26 +0000 (11:52 +0200)]
s3: Re-arrange winbindd_ads.c:query_user
We can't access the LDAP message after nss_get_info_cached has potentially
destroyed the ads_struct
Volker Lendecke [Mon, 28 Jun 2010 09:21:03 +0000 (11:21 +0200)]
s3: free -> SAFE_FREE
Volker Lendecke [Mon, 28 Jun 2010 09:20:23 +0000 (11:20 +0200)]
s3: Do an early TALLOC_FREE
Günther Deschner [Mon, 28 Jun 2010 11:15:06 +0000 (13:15 +0200)]
s3-registry: fix printing keyname delimiter.
Guenther
Günther Deschner [Mon, 28 Jun 2010 11:14:36 +0000 (13:14 +0200)]
s3-registry: fix perfmon keyname delimiter.
Guenther
Andreas Schneider [Mon, 28 Jun 2010 10:54:11 +0000 (12:54 +0200)]
s3-net: Make sure that the data blob is initialized.
Found by clang-analyzer.
Andreas Schneider [Mon, 28 Jun 2010 09:48:15 +0000 (11:48 +0200)]
s3-eventlog: Fixed the keyname delimiter for the registry key.
Andreas Schneider [Mon, 28 Jun 2010 09:37:28 +0000 (11:37 +0200)]
s3-registry: Fixed keyname delimiter in KEY_CURRENT_VERSION_NORM.
Andreas Schneider [Mon, 28 Jun 2010 09:19:18 +0000 (11:19 +0200)]
s3-smbd: Make sure that status is initialized when used.
Found by clang-analyzer.
Andreas Schneider [Mon, 28 Jun 2010 09:16:19 +0000 (11:16 +0200)]
s3-lanman: Make sure count is not used uninitialized if we jump to out.
Found by clang-analyzer.
Andreas Schneider [Mon, 28 Jun 2010 09:13:24 +0000 (11:13 +0200)]
s3-vfs: Make sure that retval isn't used uninitialized.
Found by clang-analyzer.
Andreas Schneider [Mon, 28 Jun 2010 09:06:22 +0000 (11:06 +0200)]
s3-passdb: Make sure dn is initialized and don't free it.
dn is just a pointer to a memory which hasn't been duplicated.
Found by clang-analyzer.
Andreas Schneider [Mon, 28 Jun 2010 08:58:08 +0000 (10:58 +0200)]
s3-passdb: Make sure we don't call free on a garbage pointer.
Found by clang-analyzer.
Andreas Schneider [Mon, 28 Jun 2010 08:49:55 +0000 (10:49 +0200)]
s3-lanman: Make sure that job_info is not undefined.
Found by clang-analyzer.