Michael Adam [Tue, 18 Jan 2011 13:18:08 +0000 (14:18 +0100)]
release-scripts: add gpl header comment to build-manpages-git
Michael Adam [Tue, 18 Jan 2011 13:17:15 +0000 (14:17 +0100)]
release-scripts: remove commented out line from git-version
Michael Adam [Tue, 18 Jan 2011 00:06:32 +0000 (01:06 +0100)]
packaging/RHEL-CTDB: add the smbta-util manpage
Michael Adam [Tue, 18 Jan 2011 00:06:18 +0000 (01:06 +0100)]
packaging/RHEL-CTDB: add the pam_winbind.conf manpage
Michael Adam [Thu, 9 Sep 2010 15:56:03 +0000 (17:56 +0200)]
packaging/RHEL-CTDB: do not use an external docs tarball but build the manpages
Michael Adam [Thu, 9 Sep 2010 15:14:20 +0000 (17:14 +0200)]
packaging/RHEL-CTDB: untangle the various %doc entries to single lines
Michael Adam [Tue, 18 Jan 2011 12:00:51 +0000 (13:00 +0100)]
docs: Remove template "itemizedlist/listitem" from man.xsl
This seems to have been basically taken from the manpages/lists.xls
from the docbook-xsl stylesheets. But it references a variable list-indent
that older versions of docbook-xsl (e.g. 1.69) do not provide.
This makes the manpage build break on older systems. Removing
the definition lets the build succeed, using the system-definition
of the itemizedlist/listitem.
The diff between the docbook's (version 1.75.1) definition of
itemizedlist/listitem and the definition in our man.xls is this:
-- with this patch
-- without this patch
@@ -53,5 +53,7 @@
<!-- * seems to require the extra space. -->
<xsl:call-template name="roff-if-end"/>
<xsl:apply-templates/>
- <xsl:text>.RE </xsl:text>
+ <xsl:if test=" following-sibling::listitem">
+ <xsl:text> .RE </xsl:text>
+ </xsl:if>
</xsl:template>
I.e. the version of man.xsl made insertion if ".RE" conditional.
I hope this does not break anything severely.
The diff for e.g. the resulting winbindd.8 manpage is this:
--- with this patch
+++ witout this patch:
@@ -375,7 +375,6 @@
\m[blue]\fBwinbind: rpc only\fR\m[]
Setting this parameter forces winbindd to use RPC instead of LDAP to retrieve information from Domain Controllers\&.
-.RE
.SH "EXAMPLE SETUP"
.PP
To setup winbindd for user and group lookups plus authentication from a domain controller use something like the following setup\&. This was tested on an early Red Hat Linux box\&.
Cheers
Andrew Bartlett [Tue, 18 Jan 2011 08:14:45 +0000 (19:14 +1100)]
s4-gensec Extend python bindings for GENSEC and the associated test
This now tests a real GENSEC exchange, including wrap and unwrap,
using GSSAPI. Therefore, it now needs to access a KDC.
Andrew Bartlett
Autobuild-User: Andrew Bartlett <abartlet@samba.org>
Autobuild-Date: Tue Jan 18 11:41:26 CET 2011 on sn-devel-104
Andrew Bartlett [Tue, 18 Jan 2011 08:13:19 +0000 (19:13 +1100)]
s4-auth Extend python bindings to allow ldb and message to be specified
This will allow for some more tokenGroups tests in future.
Andrew Bartlett
Andrew Bartlett [Mon, 17 Jan 2011 05:26:21 +0000 (16:26 +1100)]
s4-pygensec Fix indentation of py_gensec_start_mech_by_name()
Andrew Bartlett [Mon, 17 Jan 2011 05:24:16 +0000 (16:24 +1100)]
s4-torture Remove unused temp dirs from the RPC-PAC test.
The code previously required the creation of a messaging context, but
this isn't done any more, so we don't need the tmp dir to put it in.
Andrew Bartlett
Andrew Bartlett [Mon, 17 Jan 2011 05:23:23 +0000 (16:23 +1100)]
s4-pyldb Fix tp_basicsize for PyLdbDn
This wasn't actually causing problems before, as the structures were
the same size.
Andrew Bartlett
Andrew Bartlett [Mon, 17 Jan 2011 05:23:02 +0000 (16:23 +1100)]
s4-pygensec Add bindings for server_start() and update()
Andrew Bartlett [Mon, 17 Jan 2011 05:22:31 +0000 (16:22 +1100)]
s4-pyauth Add bindings for auth_context_create() as AuthContext()
Andrew Bartlett [Mon, 17 Jan 2011 05:21:28 +0000 (16:21 +1100)]
s4-pyauth Use py_talloc_get_type() for greater talloc binding safety
This does a talloc check of the returned pointer before casting it.
Andrew Bartlett
Andrew Bartlett [Mon, 17 Jan 2011 05:20:09 +0000 (16:20 +1100)]
s4-gensec Don't steal the auth_context, reference it.
We don't want to steal this pointer away from the caller if it's been
set up from python.
Andrew Bartlett
Stefan Metzmacher [Tue, 18 Jan 2011 06:20:26 +0000 (07:20 +0100)]
pidl:wscript: don't warn about pidl gammar file changes for now
We may add some logic that uses git diff HEAD to detect this changes
in developer mode later again.
metze
Autobuild-User: Stefan Metzmacher <metze@samba.org>
Autobuild-Date: Tue Jan 18 08:10:06 CET 2011 on sn-devel-104
Kamen Mazdrashki [Mon, 17 Jan 2011 22:51:30 +0000 (00:51 +0200)]
s4-ldb_ldif: Take into account LDB_FLG_SHOW_BINARY
when user requires binary data to be displayed
using samba user-friendly ldif handlers
Found using following test search:
bin/ldbsearch -H st/dc/private/sam.ldb -b "CN=Deleted Objects,DC=samba,DC=example,DC=com" \
"(objectGUID=
97b52eac-6d89-434d-b935-
1e5f2e086ffc)" replPropertyMetaData --show-deleted --show-binary
Autobuild-User: Kamen Mazdrashki <kamenim@samba.org>
Autobuild-Date: Tue Jan 18 00:40:01 CET 2011 on sn-devel-104
Kamen Mazdrashki [Mon, 17 Jan 2011 22:49:17 +0000 (00:49 +0200)]
s4-ldb_ldif: Don't check for LDB_FLG_SHOW_BINARY in ldb_should_b64_encode
LDB_FLG_SHOW_BINARY is data representation flag and should
not modify behavior of data checking functions.
This lead to a bug in lib/ldb/ldb_tdb/ldb_index.c as ltdb_index_key()
function relies on ldb_should_b64_encode function to determine
how to process index keys.
Found using following test search:
bin/ldbsearch -H st/dc/private/sam.ldb -b "CN=Deleted Objects,DC=samba,DC=example,DC=com" \
"(objectGUID=
97b52eac-6d89-434d-b935-
1e5f2e086ffc)" replPropertyMetaData --show-deleted --show-binary
Nadezhda Ivanova [Mon, 17 Jan 2011 15:48:36 +0000 (17:48 +0200)]
s4-provision: Fixed owner/group for hard-coded Sites descriptor.
We must not specify explicitly owner and group. As there is a difference between WIN_2003 and WIN_2008, we should let descriptor
module compute the correct default ones. Also removed inherited ACEs, they are ignored during SD creation anyway.
Autobuild-User: Nadezhda Ivanova <nivanova@samba.org>
Autobuild-Date: Mon Jan 17 18:23:24 CET 2011 on sn-devel-104
Nadezhda Ivanova [Mon, 17 Jan 2011 15:44:10 +0000 (17:44 +0200)]
s4-tools: Fixed a bug in ldapcmp - DACL was not retrieved correctly if the object had no SACL.
--Pair-Programmed-With: Zahari Zahariev
Andreas Schneider [Mon, 17 Jan 2011 12:40:12 +0000 (13:40 +0100)]
s3-rpc_client: Fixed status check of dcerpc_lsa_lookup_sids_noalloc.
Autobuild-User: Andreas Schneider <asn@samba.org>
Autobuild-Date: Mon Jan 17 17:35:50 CET 2011 on sn-devel-104
Andreas Schneider [Mon, 17 Jan 2011 12:39:21 +0000 (13:39 +0100)]
s3-rpc_client: Fixed return values of dcerpc_lsa_lookup_sids_generic.
Andreas Schneider [Mon, 17 Jan 2011 11:53:40 +0000 (12:53 +0100)]
s3-auth: Fixed account lockout check.
Volker Lendecke [Fri, 14 Jan 2011 12:14:22 +0000 (05:14 -0700)]
s3: Make sure we call wbcAuthenticateUserEx correctly
There are cases where we fill in params.password.response.lm_data with non-NULL
where params.password.response.lm_length is 0. wbcAuthenticateUserEx does not
like that.
I haven't been able to reproduce this with smbclient yet, I've seen it with a
proprietary smb client implementation.
Autobuild-User: Volker Lendecke <vlendec@samba.org>
Autobuild-Date: Mon Jan 17 16:30:11 CET 2011 on sn-devel-104
Nadezhda Ivanova [Mon, 17 Jan 2011 12:22:22 +0000 (14:22 +0200)]
s4-tools: Added a --sort-aces option to ldapcmp
This option sorts the ACE lists during SD comparison in collision view to make it easier to
determine of a difference is only in ACE order, and if not, where do differences start.
Autobuild-User: Nadezhda Ivanova <nivanova@samba.org>
Autobuild-Date: Mon Jan 17 14:09:09 CET 2011 on sn-devel-104
Stefan Metzmacher [Sat, 15 Jan 2011 08:17:55 +0000 (09:17 +0100)]
s3:build: don't use librpc/gen_ndr/cli_echo.[ch] anymore
metze
Autobuild-User: Stefan Metzmacher <metze@samba.org>
Autobuild-Date: Mon Jan 17 09:34:12 CET 2011 on sn-devel-104
Stefan Metzmacher [Sat, 15 Jan 2011 08:15:34 +0000 (09:15 +0100)]
s3:torture: use dcerpc_echo_X() functions
metze
Stefan Metzmacher [Sat, 15 Jan 2011 08:14:56 +0000 (09:14 +0100)]
s3:rpcclient: use dcerpc_echo_X() functions
metze
Volker Lendecke [Sun, 16 Jan 2011 20:13:29 +0000 (21:13 +0100)]
s3: Avoid a few calls to cli_errstr
Autobuild-User: Volker Lendecke <vlendec@samba.org>
Autobuild-Date: Mon Jan 17 08:47:25 CET 2011 on sn-devel-104
Volker Lendecke [Sun, 16 Jan 2011 19:16:25 +0000 (20:16 +0100)]
s3: Remove some unused code
Volker Lendecke [Sun, 16 Jan 2011 19:09:17 +0000 (20:09 +0100)]
s3: Convert cli_lock64 to cli_smb
Volker Lendecke [Sun, 16 Jan 2011 19:04:17 +0000 (20:04 +0100)]
s3: Convert cli_lock to use cli_locktype
Volker Lendecke [Sun, 16 Jan 2011 18:50:46 +0000 (19:50 +0100)]
s3: Convert cli_locktype to cli_smb
Volker Lendecke [Sun, 16 Jan 2011 18:20:43 +0000 (19:20 +0100)]
s3: Make passing up "result_parent" from cli_smb optional
Volker Lendecke [Sun, 16 Jan 2011 18:11:45 +0000 (19:11 +0100)]
s3: Remove unused cli_send_keepalive
Volker Lendecke [Sun, 16 Jan 2011 12:13:20 +0000 (13:13 +0100)]
s3: Remove unused cli_send/receive_trans
Volker Lendecke [Sun, 16 Jan 2011 12:12:16 +0000 (13:12 +0100)]
s3: Convert try_trans2 to cli_trans
Volker Lendecke [Sun, 16 Jan 2011 12:07:35 +0000 (13:07 +0100)]
s3: Convert cli_api to cli_trans
Volker Lendecke [Sun, 16 Jan 2011 11:56:09 +0000 (12:56 +0100)]
s3: Make cli_setpathinfo_basic use cli_setpathinfo
Volker Lendecke [Sun, 16 Jan 2011 11:49:59 +0000 (12:49 +0100)]
s3: Add cli_setpathinfo
Volker Lendecke [Sun, 16 Jan 2011 11:45:22 +0000 (12:45 +0100)]
s3: Rename cli_setpathinfo->cli_setpathinfo_basic
Volker Lendecke [Sun, 16 Jan 2011 11:34:43 +0000 (12:34 +0100)]
s3: Remove unused cli_send/receive_nt_trans
Volker Lendecke [Sun, 16 Jan 2011 11:33:24 +0000 (12:33 +0100)]
s3: Convert try_nttrans to cli_trans
Volker Lendecke [Sun, 16 Jan 2011 11:26:45 +0000 (12:26 +0100)]
s3: Move dump_ntquota* to smbcquotas.c
Volker Lendecke [Sun, 16 Jan 2011 11:14:26 +0000 (12:14 +0100)]
s3: Convert cli_set_fs_quota_info to cli_trans
Volker Lendecke [Sun, 16 Jan 2011 11:03:07 +0000 (12:03 +0100)]
s3: Convert cli_get_fs_quota_info to cli_trans
Volker Lendecke [Sun, 16 Jan 2011 10:53:03 +0000 (11:53 +0100)]
s3: Convert cli_list_user_quota to cli_trans
Volker Lendecke [Sun, 16 Jan 2011 10:33:35 +0000 (11:33 +0100)]
s3: Convert cli_set_user_quota to cli_trans
Volker Lendecke [Sun, 16 Jan 2011 07:34:58 +0000 (08:34 +0100)]
s3: Convert cli_get_user_quota to cli_trans
Volker Lendecke [Sat, 15 Jan 2011 15:07:31 +0000 (16:07 +0100)]
s3: Fix some nonempty blank lines
Volker Lendecke [Sun, 9 Jan 2011 18:54:33 +0000 (19:54 +0100)]
s3: Fix a C++ warning
Volker Lendecke [Sun, 9 Jan 2011 18:44:13 +0000 (19:44 +0100)]
s3: Remove cli_send_trans from cli_qpathinfo_alt_name
Volker Lendecke [Sun, 9 Jan 2011 18:13:15 +0000 (19:13 +0100)]
s3: Remove cli_send_trans from cli_oem_change_password
Andrew Tridgell [Mon, 17 Jan 2011 04:24:52 +0000 (15:24 +1100)]
ldb: new ABI sigs file
Autobuild-User: Andrew Tridgell <tridge@samba.org>
Autobuild-Date: Mon Jan 17 06:09:23 CET 2011 on sn-devel-104
Andrew Tridgell [Mon, 17 Jan 2011 02:39:46 +0000 (13:39 +1100)]
s4-dsdb: replaced the calls to ldb_search() in dsdb modules with dsdb_module_search()
this ensures we follow the module stack, and set the parent on child
requests
Andrew Tridgell [Mon, 17 Jan 2011 02:12:15 +0000 (13:12 +1100)]
s4-dsdb: pass parent request to dsdb_module_*() functions
this preserves the request hierarchy for dsdb_module_*() calls inside
dsdb ldb modules
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
Andrew Tridgell [Mon, 17 Jan 2011 02:11:08 +0000 (13:11 +1100)]
ldb: added ldb_req_mark_trusted()
this is used to mark a ldb child request trusted, if the caller has
validated all inputs. This will be used when creating new child
requests with trusted inputs.
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
Matthias Dieter Wallnöfer [Mon, 17 Jan 2011 00:42:35 +0000 (11:42 +1100)]
ldb: inherit parent flags on child requests in modules
Jelmer Vernooij [Sun, 16 Jan 2011 23:43:04 +0000 (00:43 +0100)]
web_server: Display trivial placeholder page if SWAT could not be found.
Autobuild-User: Jelmer Vernooij <jelmer@samba.org>
Autobuild-Date: Mon Jan 17 01:27:10 CET 2011 on sn-devel-104
Jelmer Vernooij [Sun, 16 Jan 2011 23:30:49 +0000 (00:30 +0100)]
web_server: Fix initialization.
Jelmer Vernooij [Sun, 16 Jan 2011 23:25:42 +0000 (00:25 +0100)]
web_server: Avoid references to swat. Load samba.web_server instead.
Jelmer Vernooij [Sun, 16 Jan 2011 23:25:29 +0000 (00:25 +0100)]
param: Load web service by default.
Matthias Dieter Wallnöfer [Sat, 15 Jan 2011 17:12:09 +0000 (18:12 +0100)]
s4:dsdb_find_nc_root - fix it up to let the provisioning work correctly
Use the temporary list unless we have at least the three main
"namingContexts" from the rootDSE available (Default, Configuration, Schema -
these are mandatory on all AD deployments!).
This bug has been discovered by Nadya in relation with her SD work.
Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org>
Autobuild-Date: Sat Jan 15 19:01:11 CET 2011 on sn-devel-104
Matthias Dieter Wallnöfer [Sat, 15 Jan 2011 15:54:23 +0000 (16:54 +0100)]
s4:auth/ntlm/auth_sam.c - fix call to "get_server_info_principal"
This should obviously point to the wrapper not the call itself.
Found out by Tru64 host build warning.
Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org>
Autobuild-Date: Sat Jan 15 18:05:59 CET 2011 on sn-devel-104
Volker Lendecke [Sat, 15 Jan 2011 15:32:00 +0000 (16:32 +0100)]
s3: Avoid some calls to cli_errstr
Autobuild-User: Volker Lendecke <vlendec@samba.org>
Autobuild-Date: Sat Jan 15 17:18:54 CET 2011 on sn-devel-104
Volker Lendecke [Sat, 15 Jan 2011 15:20:37 +0000 (16:20 +0100)]
s3: Convert cli_set_secdesc to cli_trans
Volker Lendecke [Sat, 15 Jan 2011 15:07:31 +0000 (16:07 +0100)]
s3: Fix some nonempty blank lines
Matthias Dieter Wallnöfer [Sat, 15 Jan 2011 12:15:54 +0000 (13:15 +0100)]
s4:samr RPC server - always interpret filter integer values as signed
To prevent platform-dependant problems.
Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org>
Autobuild-Date: Sat Jan 15 14:54:14 CET 2011 on sn-devel-104
Jeremy Allison [Fri, 14 Jan 2011 23:15:01 +0000 (15:15 -0800)]
Add OPLOCK4 test which explores how Windows copes with oplock and share mode breaks on hard links.
Jeremy.
Autobuild-User: Jeremy Allison <jra@samba.org>
Autobuild-Date: Sat Jan 15 00:59:46 CET 2011 on sn-devel-104
Matthias Dieter Wallnöfer [Fri, 14 Jan 2011 20:46:37 +0000 (21:46 +0100)]
s4:web_server - immeditately assign "wdata" as private data for the stream socket
This fixes bug #7887.
Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org>
Autobuild-Date: Fri Jan 14 22:33:13 CET 2011 on sn-devel-104
Matthias Dieter Wallnöfer [Fri, 14 Jan 2011 17:45:32 +0000 (18:45 +0100)]
s4:urgent_replication.py - remove a now superflous RELAX control
The LSA object creation protection changed to the trusted/untrusted
connection model.
Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org>
Autobuild-Date: Fri Jan 14 19:30:52 CET 2011 on sn-devel-104
Matthias Dieter Wallnöfer [Fri, 14 Jan 2011 11:10:25 +0000 (12:10 +0100)]
s4:samldb LDB module - fix "userAccountControl" handling
"UF_ACCOUNTDISABLE" is only added automatically if no "userAccountControl" flags
are set on LDAP add operations.
Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org>
Autobuild-Date: Fri Jan 14 18:29:07 CET 2011 on sn-devel-104
Volker Lendecke [Fri, 14 Jan 2011 15:43:00 +0000 (16:43 +0100)]
s3: Fix bug 7917: Yet another bug in chain_reply
Found by Michael Hanscho <samba@micha.priv.at> with a WinCE client.
Autobuild-User: Volker Lendecke <vlendec@samba.org>
Autobuild-Date: Fri Jan 14 17:42:05 CET 2011 on sn-devel-104
Günther Deschner [Fri, 14 Jan 2011 09:53:17 +0000 (10:53 +0100)]
s3-waf: fix the build after rpc_winreg removal.
Guenther
Autobuild-User: Günther Deschner <gd@samba.org>
Autobuild-Date: Fri Jan 14 11:38:40 CET 2011 on sn-devel-104
Matthias Dieter Wallnöfer [Fri, 14 Jan 2011 08:38:41 +0000 (09:38 +0100)]
ldb:ldb_dn.c - fix counter type in "ldb_dn_minimise"
Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org>
Autobuild-Date: Fri Jan 14 10:43:29 CET 2011 on sn-devel-104
Christian Ambach [Thu, 13 Jan 2011 15:04:36 +0000 (16:04 +0100)]
s3:vfs aio_fork children do not go away
on RHEL 5.5, recvmsg() does not return when it is reading
from the socket and the process on the other side closes
its connection. This left aio children around that should
have gone already and were just wasting system resources.
This patch makes the child go away by writing invalid
data to it so that the child exits.
Pair-Programmed-With: Volker Lendecke <vl@samba.org>
Autobuild-User: Volker Lendecke <vlendec@samba.org>
Autobuild-Date: Fri Jan 14 09:57:18 CET 2011 on sn-devel-104
Christian Ambach [Thu, 13 Jan 2011 14:59:18 +0000 (15:59 +0100)]
s3:vfs fix children cleanup in aio_fork
the cleanup loop in aio_fork always stopped operation
on the first inactive child it found. In case lots of
children need to be reaped, it will take multiple runs
before all children are gone
Andrew Tridgell [Fri, 14 Jan 2011 07:18:25 +0000 (18:18 +1100)]
waf: this script does need bash
this is a developer test script. It is not meant to be portable.
Autobuild-User: Andrew Tridgell <tridge@samba.org>
Autobuild-Date: Fri Jan 14 09:10:20 CET 2011 on sn-devel-104
Andrew Tridgell [Fri, 14 Jan 2011 06:20:01 +0000 (17:20 +1100)]
waf: use PYTHONARCHDIR for installing python shared libs
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
Autobuild-User: Andrew Tridgell <tridge@samba.org>
Autobuild-Date: Fri Jan 14 08:19:40 CET 2011 on sn-devel-104
Andrew Tridgell [Fri, 14 Jan 2011 06:19:22 +0000 (17:19 +1100)]
waf: new version of waf
this one adds PYTHONARCHDIR to fix bug 7905
thanks to Thomas Nagy for the fix!
Andrew Tridgell [Fri, 14 Jan 2011 05:39:28 +0000 (16:39 +1100)]
s4-dsdb: only enforce the extended dn rules over ldap
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
Autobuild-User: Andrew Tridgell <tridge@samba.org>
Autobuild-Date: Fri Jan 14 07:23:31 CET 2011 on sn-devel-104
Andrew Tridgell [Fri, 14 Jan 2011 04:46:32 +0000 (15:46 +1100)]
s4-dsdb: removed the last use of samdb_search_*() from the dsdb ldb modules
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
Andrew Tridgell [Fri, 14 Jan 2011 04:21:42 +0000 (15:21 +1100)]
s4-dsdb: removed some more samdb_search_*() calls from samldb.c
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
Andrew Tridgell [Fri, 14 Jan 2011 00:47:49 +0000 (11:47 +1100)]
s4-dsdb: replaced another use of samdb_search in a ldb module
we should be using the dsdb_module_search*() calls
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
Andrew Tridgell [Fri, 14 Jan 2011 00:37:09 +0000 (11:37 +1100)]
s4-dsdb: fixed primaryGroupID to use dsdb_module_search_dn()
this avoids using a multi-part extended DN in a search that hits the
check in extended_dn_in
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
Andrew Tridgell [Thu, 13 Jan 2011 23:41:47 +0000 (10:41 +1100)]
s4-dsdb: fixed filtering of tokengroups
builtin groups are shown in user tokenGroups searches
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
Andrew Tridgell [Thu, 13 Jan 2011 06:59:14 +0000 (17:59 +1100)]
ldb: new ABI file for 0.9.23
Andrew Tridgell [Thu, 13 Jan 2011 06:40:29 +0000 (17:40 +1100)]
s4-kdc: don't ask for an extended DN for krbtgt_dn
otherwise msg->dn would be non-minimal and would fail in searches
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
Andrew Tridgell [Thu, 13 Jan 2011 05:56:13 +0000 (16:56 +1100)]
s4-test: added a tokengroups test
this tests that the remote tokenGroups match the internally calculated
ones
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
Andrew Tridgell [Thu, 13 Jan 2011 05:55:34 +0000 (16:55 +1100)]
s4-samdb: give a more useful debug when we can't open the privileges db
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
Andrew Tridgell [Thu, 13 Jan 2011 05:55:05 +0000 (16:55 +1100)]
s4-auth: fixed status return
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
Andrew Tridgell [Thu, 13 Jan 2011 04:09:03 +0000 (15:09 +1100)]
s4-samba-tool: fixed the gpo command to use the right DN for access checks
Andrew Tridgell [Thu, 13 Jan 2011 01:26:24 +0000 (12:26 +1100)]
s4-dsdb: minimise the DN in group expansion
this DN we have came from an extended DN search, which means it may
have multiple extended components. We need to minimise the DN before
AD will accept it
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
Andrew Tridgell [Thu, 13 Jan 2011 01:13:42 +0000 (12:13 +1100)]
ldb: added ldb_dn_minimise()
this removes any extraneous components from a DN. For an extended DN,
this means removing the string DN and all but the first extended
component.
This is needed as AD returns "invalid syntax" if you don't use
a minimal DN as the base DN for a search. A non-minimal DN also
doesn't ever match in a search expression.
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
Andrew Tridgell [Thu, 13 Jan 2011 00:10:27 +0000 (11:10 +1100)]
s4-dns: renamed DNS_TYPE_ZERO to DNS_TYPE_TOMBSTONE
we now know that these are tombstone records, with a timestamp
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
Andrew Tridgell [Thu, 13 Jan 2011 00:08:40 +0000 (11:08 +1100)]
s4-dsdb: validate number of extended components
this checks that the number of extended components in a DN is valid,
to match MS AD behaviour. We need to do this to ensure that our tools
don't try to do operations that will be invalid when used against MS
servers
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
Andrew Tridgell [Thu, 13 Jan 2011 00:07:15 +0000 (11:07 +1100)]
ldb: added ldb_dn_get_extended_comp_num()
this returns the number of extended components. We need this to
validate a DN in the extended_dn_in module
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
Andrew Bartlett [Tue, 11 Jan 2011 07:40:54 +0000 (18:40 +1100)]
s4-samba_tool Added ACL checking to python GPO management tool
Andrew Bartlett [Tue, 11 Jan 2011 06:39:25 +0000 (17:39 +1100)]
libcli/security Add python bindings for se_access_check
Andrew Bartlett