Simo Sorce [Wed, 18 Aug 2010 08:16:41 +0000 (04:16 -0400)]
s3-ads: Split, simplify and cleanup keytab functions
add helper function for both smb_krb5_kt_add_entry_ext() and
ads_keytab_flush()
Volker Lendecke [Wed, 18 Aug 2010 11:20:50 +0000 (13:20 +0200)]
s3: Fix serverid_register_msg_flags
Thanks, Andreas, for pointing this out! (How drunk have I been?...)
Andreas Schneider [Wed, 18 Aug 2010 10:08:47 +0000 (12:08 +0200)]
s3-lib: Fixed a possible crash bug.
Volker please check!
Andreas Schneider [Thu, 29 Apr 2010 12:00:30 +0000 (14:00 +0200)]
s3-printing: Added function to update the queue.
Andreas Schneider [Thu, 29 Apr 2010 11:43:40 +0000 (13:43 +0200)]
s3-printing: Rename jobs_changed functions to jobs_added.
Volker Lendecke [Wed, 18 Aug 2010 09:17:52 +0000 (11:17 +0200)]
s3: Fix an uninitialized variable
Volker Lendecke [Tue, 17 Aug 2010 07:34:27 +0000 (09:34 +0200)]
s3: Use pipe_struct->client_id->name for pjob.clientmachine
Volker Lendecke [Tue, 17 Aug 2010 07:17:26 +0000 (09:17 +0200)]
s3: Move initializing pjob.clientname to print_job_start()
Volker Lendecke [Mon, 16 Aug 2010 09:01:26 +0000 (11:01 +0200)]
s3: Add "client_id" to pipes_struct
Volker Lendecke [Mon, 16 Aug 2010 07:39:29 +0000 (09:39 +0200)]
s3: Remove unneeded "client_address" from connection_struct
Volker Lendecke [Mon, 16 Aug 2010 06:30:36 +0000 (08:30 +0200)]
s3: Add smbd_server_connection->client_id
Volker Lendecke [Sun, 15 Aug 2010 14:13:00 +0000 (16:13 +0200)]
s3: Lift smbd_server_fd from reload_services()
Günther Deschner [Tue, 17 Aug 2010 13:03:58 +0000 (15:03 +0200)]
s3-build: only include smb_signing.h where needed.
Guenther
Andrew Bartlett [Wed, 18 Aug 2010 03:15:03 +0000 (13:15 +1000)]
s3:selftest This test does not fail anymore (Samba4's smbtorture has been fixed)
James Peach [Thu, 12 Aug 2010 21:31:52 +0000 (14:31 -0700)]
smbtorture: Make SAMBA3CASEINSENSITIVE report failures properly.
James Peach [Thu, 12 Aug 2010 19:36:24 +0000 (12:36 -0700)]
smbtorture: Emit correct test results if setup fails.
If the test setup fails, we still need to format the test result for the
UI. At leas in the subunit case, the format doesn't specify what to do
here, so we fail every test manually with the setup failure message.
James Peach [Thu, 12 Aug 2010 19:35:53 +0000 (12:35 -0700)]
smbtorture: Ensure that the RPC setup returns correct status.
Andrew Bartlett [Wed, 18 Aug 2010 00:00:40 +0000 (10:00 +1000)]
s4:ldap_server use talloc_unlink() to avoid talloc_free() with references
Both the session_info and the ldb can have references.
Andrew Bartlett
Andrew Bartlett [Sat, 14 Aug 2010 10:33:36 +0000 (20:33 +1000)]
s4:auth Change {anonymous,system}_session to use common session_info generation
This also changes the primary group for anonymous to be the anonymous
SID, and adds code to detect and ignore this when constructing the token.
Andrew Bartlett
Andrew Bartlett [Sat, 14 Aug 2010 09:55:30 +0000 (19:55 +1000)]
s4:auth Avoid doing database lookups for NT AUTHORITY users
Andrew Bartlett [Sat, 14 Aug 2010 07:45:57 +0000 (17:45 +1000)]
s4:auth Remove system_session_anon() from python bindings
Andrew Bartlett [Sat, 14 Aug 2010 04:16:41 +0000 (14:16 +1000)]
s4:auth Remove the system:anonymous parameter used for the LDAP backend
This isn't needed any more, and just introduces complexity.
Andrew Bartlett [Sat, 14 Aug 2010 04:15:49 +0000 (14:15 +1000)]
s4:auth Remove special case constructor for admin_session()
There isn't a good reason why this code is duplicated.
Andrew Bartlett
Andrew Bartlett [Sat, 14 Aug 2010 03:30:51 +0000 (13:30 +1000)]
s4:security Remove use of user_sid and group_sid from struct security_token
This makes the structure more like Samba3's NT_USER_TOKEN
Andrew Bartlett [Sat, 14 Aug 2010 03:28:40 +0000 (13:28 +1000)]
s4:ntvfs Don't treat the user SID and primary group SID special for idmap
This simply askes IDMAP about all the user SIDs, rather than the user
and group sid, followed by all but the first two sids from the token.
Andrew Bartlett
Andrew Bartlett [Sat, 14 Aug 2010 03:26:35 +0000 (13:26 +1000)]
s4:security Bring in #defines for the user and primary group token location
This will allow us to stop duplicating the user and primary group SID in the
struct security_token, and therefore make it more like the NT_USER_TOKEN
in Samba3.
Andrew Bartlett
Volker Lendecke [Mon, 16 Aug 2010 06:00:48 +0000 (08:00 +0200)]
s3: Remove smbd_server_fd() from session_claim
Volker Lendecke [Sun, 15 Aug 2010 13:46:29 +0000 (15:46 +0200)]
s3: Remove smbd_server_fd() from read_smb_length()
Volker Lendecke [Sun, 15 Aug 2010 13:45:21 +0000 (15:45 +0200)]
s3: Move read_smb_length() to smbd/reply.c
Volker Lendecke [Sun, 15 Aug 2010 13:40:08 +0000 (15:40 +0200)]
s3: Remove smbd_server_fd from receive_smb_raw
This is only called from client code
Volker Lendecke [Sun, 15 Aug 2010 13:38:31 +0000 (15:38 +0200)]
s3: Lift smbd_server_fd() from receive_smb_raw_talloc
Volker Lendecke [Sun, 15 Aug 2010 13:36:28 +0000 (15:36 +0200)]
s3: Lift smbd_server_fd() from read_smb_length_return_keepalive
Volker Lendecke [Sun, 15 Aug 2010 13:30:21 +0000 (15:30 +0200)]
s3: Lift smbd_server_fd() from read_data()
All callers have appropriate debug messages themselves
Volker Lendecke [Sun, 15 Aug 2010 13:23:47 +0000 (15:23 +0200)]
s3: Lift smbd_server_fd() from read_fd_with_timeout()
Matthias Dieter Wallnöfer [Sun, 15 Aug 2010 19:51:14 +0000 (21:51 +0200)]
s4:netlogon RPC server - "ServerPasswordSet" operations - introduce also here the new password change syntax
Matthias Dieter Wallnöfer [Tue, 6 Jul 2010 16:16:32 +0000 (18:16 +0200)]
s4:kdc/kpasswdd.c - let the user change his own password with his own rights
Now it's finally possible that the user can change his password with a DSDB
connection using his credentials.
NOTICE: I had to extract the old password from the SAMDB since I was unable to
find it somewhere else (authinfo for example).
Matthias Dieter Wallnöfer [Tue, 6 Jul 2010 16:07:31 +0000 (18:07 +0200)]
s4:samr RPC server - samr_password.c - make real user password changes work
Now it's finally possible that the user can change his password with a DSDB
connection using his credentials.
Matthias Dieter Wallnöfer [Sun, 15 Aug 2010 19:06:11 +0000 (21:06 +0200)]
s4:kdc/rpc server - adapt the "samdb_set_password" calls which perform password sets
Matthias Dieter Wallnöfer [Sun, 15 Aug 2010 19:26:07 +0000 (21:26 +0200)]
s4:samdb_set_password/samdb_set_password_sid - make more arguments "const"
Matthias Dieter Wallnöfer [Sun, 15 Aug 2010 18:44:28 +0000 (20:44 +0200)]
s4:samdb_set_password/samdb_set_password_sid - make the adaptions to support the password change control
And introduce parameters to pass the old password hashes.
Matthias Dieter Wallnöfer [Sun, 15 Aug 2010 18:31:30 +0000 (20:31 +0200)]
s4:password_hash LDB module - perform the adaptions to understand the new password change control
Matthias Dieter Wallnöfer [Thu, 8 Jul 2010 14:00:19 +0000 (16:00 +0200)]
s4:acl LDB module - support password changes over the DSDB_CONTROL_PASSWORD_CHANGE_OID control
This control is used from the SAMR and "kpasswd" password changes. It is
strictly private and means "this is a password change and not a password set".
Matthias Dieter Wallnöfer [Sun, 15 Aug 2010 18:01:27 +0000 (20:01 +0200)]
s4:DSDB - DSDB_CONTROL_PASSWORD_CHANGE_OID - add a structure as value to the control
This contains the NT and/or LM hash of the password specified by the user.
Matthias Dieter Wallnöfer [Sun, 15 Aug 2010 17:52:18 +0000 (19:52 +0200)]
s4:DSDB - rename the "DSDB_CONTROL_PASSWORD_CHANGE_OLD_PW_CHECKED_OID"
Rename it to "DSDB_CONTROL_PASSWORD_CHANGE_OID". This control will afterwards
contain a record with the specified old password as NT and/or LM hash.
Stefan Metzmacher [Tue, 17 Aug 2010 15:13:15 +0000 (17:13 +0200)]
Revert "waf: enable gccdeps in developer mode"
This reverts commit
61930f50cbace4741500d8b53fc11a4ef3e0d4f8.
This breaks the build with older gcc versions
gcc --version
gcc (SUSE Linux) 4.3.2 [gcc-4_3-branch revision 141291]
(This is SLES 11)
Please only enable it if thet compiler supports it.
metze
Stefan Metzmacher [Tue, 17 Aug 2010 12:22:35 +0000 (14:22 +0200)]
s4:selftest: recreate $SELFTEST_PREFIX/s4client with each make test run
Otherwise just fill the disks of the build-farm hosts.
metze
Stefan Metzmacher [Tue, 17 Aug 2010 12:18:03 +0000 (14:18 +0200)]
s4:selftest: run ldapi tests in 'dc:local' environment
metze
Nadezhda Ivanova [Tue, 17 Aug 2010 14:05:42 +0000 (17:05 +0300)]
s4-tests: Added tests for acl checks on search requests
Volker Lendecke [Sun, 15 Aug 2010 12:46:46 +0000 (14:46 +0200)]
s3: Directly call write_data from print_job_write()
Volker Lendecke [Sun, 15 Aug 2010 12:45:48 +0000 (14:45 +0200)]
s3: Remove unused "pos" arg from print_job_write
Andreas Schneider [Tue, 17 Aug 2010 11:44:42 +0000 (13:44 +0200)]
s3-samr: Correctly fix the transition from enum to uint32_t.
What type an enum is depends on the implementation, the compiler and
probably the compiler options. sizeof(enum) is normally not sizeof(int)!
Andrew Tridgell [Tue, 17 Aug 2010 10:15:28 +0000 (20:15 +1000)]
s4-ldb: ensure element flags are zero in ldb search return
the distinguishedName element was getting an uninitialised flags value
Andrew Tridgell [Tue, 17 Aug 2010 08:29:42 +0000 (18:29 +1000)]
s4-ldbwrap: ensure session_info in ldb opaque remains valid
A DRS DsBind handle can be re-used in a later connection. This implies
reuse of the session_info for the connection. If the first connection
is shutdown then the session_info in the sam context on the 2nd
connection must remain valid.
Andrew Tridgell [Tue, 17 Aug 2010 08:25:45 +0000 (18:25 +1000)]
s4-rpcserver: log unknown RPC calls at debug level 3
This was added as we are occasionally getting an encrypted unknown
netlogon call, and I'm having trouble looking at it in wireshark
Andrew Tridgell [Tue, 17 Aug 2010 08:24:29 +0000 (18:24 +1000)]
s4-netlogon: added SEC_CHAN_RODC
This seems to be equivalent to SEC_CHAN_BDC, but for RODCs
Andrew Tridgell [Tue, 17 Aug 2010 05:20:11 +0000 (15:20 +1000)]
s4-net: use an encrypted ldap session when setting passwords
this allows for "net setpassword -H ldap://server -Uusername%password USERNAME"
to set a password remotely on a windows DC
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
Andrew Tridgell [Tue, 17 Aug 2010 04:55:23 +0000 (14:55 +1000)]
s4-dsdb: check the type of session_info from the opaque
we saw a crash with a bad pointer here, and this may help track it
down
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
Andrew Tridgell [Tue, 17 Aug 2010 04:21:07 +0000 (14:21 +1000)]
s4-drs: allow getncchanges from RODC with WRIT_REP set
w2k8r2 is setting this bit as a RODC. Instead of refusing the
replication, we now remove the bit from req8, which means other places
in the code that check this bit can stay the same
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
Andrew Tridgell [Tue, 17 Aug 2010 04:12:21 +0000 (14:12 +1000)]
s4-drs: added domain_sid to DRS security checks
we need the domain_sid to determine if the account is a RODC for our
domain
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
Andrew Tridgell [Tue, 17 Aug 2010 04:11:24 +0000 (14:11 +1000)]
s4-drs: fixed check for SECURITY_RO_DOMAIN_CONTROLLER
check more than the user_sid, and also check for the right rid value
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
Andrew Tridgell [Tue, 17 Aug 2010 04:10:34 +0000 (14:10 +1000)]
s4-dsdb: added support for UF_PARTIAL_SECRETS_ACCOUNT
when this is in user_account_control the account is a RODC, and we
need to set the primaryGroupID to be DOMAIN_RID_READONLY_DCS
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
Andrew Tridgell [Tue, 17 Aug 2010 03:19:53 +0000 (13:19 +1000)]
s4-dsdb: cope with cracknames of form dnsdomain\account
this is used by w2k8r2 when doing a RODC dcpromo
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
Andrew Tridgell [Tue, 17 Aug 2010 02:06:24 +0000 (12:06 +1000)]
s4-dsdb: set LDB_FLAG_INTERNAL_DISABLE_VALIDATION for msDS-SecondaryKrbTgtNumber
msDS-SecondaryKrbTgtNumber is setup with a value that is outside the
range allowed by the schema (the schema has
rangeLower==rangeUpper==65536). We need to mark this element as being
internally generated to avoid the range checks
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
Andrew Tridgell [Tue, 17 Aug 2010 02:04:45 +0000 (12:04 +1000)]
s4-ldb: added LDB_FLAG_INTERNAL_DISABLE_VALIDATION
When this flag is set on an element in an add/modify request then the
normal validate_ldb() call that checks the element against schema
constraints is disabled
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
Andrew Tridgell [Tue, 17 Aug 2010 02:03:47 +0000 (12:03 +1000)]
s4-ldb: added LDB_FLAG_INTERNAL_MASK
This ensures that internal bits for the element flags in add/modify
requests are not set via the ldb API
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
Andrew Tridgell [Tue, 17 Aug 2010 01:21:11 +0000 (11:21 +1000)]
s4-ldb: use LDB_FLAG_MOD_TYPE() to extract element type from messages
The flags field of message elements is part of a set of flags. We had
LDB_FLAG_MOD_MASK for extracting the type, but it was only rarely
being used (only 1 call used it correctly). This adds
LDB_FLAG_MOD_MASK() to make it more obvious what is going on.
This will allow us to use some of the other flags bits for internal
markers on elements
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
Andrew Tridgell [Tue, 17 Aug 2010 01:13:59 +0000 (11:13 +1000)]
s4-dsdb: support LDB_CONTROL_RODC_DCPROMO_OID for nTDSDSA add
this control disables the system only check for nTDSDSA add operations
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
Andrew Tridgell [Tue, 17 Aug 2010 01:12:54 +0000 (11:12 +1000)]
s4-dsdb: fixed test for LDB_CONTROL_RODC_DCPROMO_OID
the ldb_msg_add_fmt() call returns LDB_SUCCESS on success
Andrew Tridgell [Tue, 17 Aug 2010 01:12:09 +0000 (11:12 +1000)]
s4-ldapserver: support controls on ldap add and rename
we need to pass the controls down to the add and rename ldb operations
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
Andrew Tridgell [Mon, 16 Aug 2010 23:59:18 +0000 (09:59 +1000)]
s4-dsdb: added support for LDB_CONTROL_RODC_DCPROMO_OID
this control adds a unique msDS-SecondaryKrbTgtNumber attribute to a
user object.
There is some 'interesting' interaction with the rangeLower and
rangeUpper attributes and this add. We don't implementat
rangeLower/rangeUpper yet, but when we do we'll need an override for
this control (or be careful about module ordering).
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
Andrew Tridgell [Mon, 16 Aug 2010 23:17:17 +0000 (09:17 +1000)]
s4-ldap: use common functions for ldap flag controls encode/decode
many controls are simple present/not-present flags, and don't need
their own parsers
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
Günther Deschner [Tue, 17 Aug 2010 11:18:34 +0000 (13:18 +0200)]
s3-dcerpc: try to fix the non gssapi build.
Guenther
Günther Deschner [Tue, 17 Aug 2010 11:06:36 +0000 (13:06 +0200)]
s3-dcerpc: fix c++ build warning.
Guenther
Günther Deschner [Tue, 17 Aug 2010 11:06:13 +0000 (13:06 +0200)]
s3-dcerpc: fix uninitialized variable in cli_get_session_key().
Simo, please check.
Guenther
Günther Deschner [Tue, 17 Aug 2010 11:03:58 +0000 (13:03 +0200)]
s3-util: remove unused variable.
Guenther
Simo Sorce [Tue, 17 Aug 2010 10:40:38 +0000 (06:40 -0400)]
s3-ads: Remove unused function and file
Stefan Metzmacher [Tue, 17 Aug 2010 06:02:46 +0000 (08:02 +0200)]
s3:winbindd: don't ignore 'result' in wb_dsgetdcname_done()
Ignoring it could cause a segfault in winbindd_getdcname_recv()
metze
Volker Lendecke [Sun, 15 Aug 2010 14:02:37 +0000 (16:02 +0200)]
s3: Remove smbd_server_fd() from write_data()
This completely removes the DEBUG(0, ..) error message from write_data(). I've
gone through all callers of write_data() and made sure that they have their own
equivalent error message printing.
Simo Sorce [Tue, 3 Aug 2010 09:11:28 +0000 (05:11 -0400)]
s3-dcerpc: Use common send functions for ntlmssp too
Remove unused function.
Simo Sorce [Mon, 2 Aug 2010 16:15:43 +0000 (12:15 -0400)]
s3-dcerpc: properly implement gse/spnego_get_session_key
Simo Sorce [Mon, 2 Aug 2010 16:05:45 +0000 (12:05 -0400)]
s3-dcerpc: Check data and return appropriate error
Simo Sorce [Mon, 2 Aug 2010 16:18:58 +0000 (12:18 -0400)]
s3-dcerpc: Remove unused function
Simo Sorce [Mon, 2 Aug 2010 14:28:10 +0000 (10:28 -0400)]
s3-dcerpc: make a few local functions as static
Simo Sorce [Mon, 2 Aug 2010 14:14:02 +0000 (10:14 -0400)]
Change debug statements to use __location__
Simo Sorce [Mon, 2 Aug 2010 14:03:04 +0000 (10:03 -0400)]
s3-dcerpc: Pull packet in the caller, before validation
Simo Sorce [Mon, 2 Aug 2010 13:47:01 +0000 (09:47 -0400)]
Add my (c)
Andreas Schneider [Fri, 13 Aug 2010 13:56:49 +0000 (15:56 +0200)]
s3-samr: Fixed some build warnings.
Volker Lendecke [Tue, 17 Aug 2010 06:45:22 +0000 (08:45 +0200)]
s3: Fix a ton of type-punned warnings
Brad Hards [Mon, 16 Aug 2010 22:43:28 +0000 (08:43 +1000)]
build fix
Andrew Tridgell [Mon, 16 Aug 2010 01:38:26 +0000 (11:38 +1000)]
s4-ldb: test the 'displayName=a,b' bug
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
Andrew Tridgell [Tue, 3 Aug 2010 07:15:10 +0000 (17:15 +1000)]
s3-provision: cope with the policy directory already existing
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Andrew Tridgell [Mon, 16 Aug 2010 01:03:58 +0000 (11:03 +1000)]
s4-ldb: fixed the ldb 'displayName=a,b' indexing bug
the problem was the inconsistency between the key form of DNs between
the itdb used for indexing and the on disk form
Thanks to Matthieu Patou for finding this bug!
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Andrew Tridgell [Mon, 16 Aug 2010 01:00:41 +0000 (11:00 +1000)]
s4-ldb: add some comments explaining the ltdb_index_idxptr() function
this function copes with alignment sensitive CPUs
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Volker Lendecke [Sun, 15 Aug 2010 09:43:46 +0000 (11:43 +0200)]
s3: Remove smbd_server_fd() from smbd_process
Volker Lendecke [Sun, 15 Aug 2010 09:41:08 +0000 (11:41 +0200)]
s3: Remove smbd_server_fd() from smbd_echo_loop
Volker Lendecke [Sun, 15 Aug 2010 09:40:28 +0000 (11:40 +0200)]
s3: Remove smbd_server_fd() from smbd_echo_reader
Volker Lendecke [Sun, 15 Aug 2010 09:39:09 +0000 (11:39 +0200)]
s3: Remove smbd_server_fd() from smbd_echo_reply
Volker Lendecke [Sun, 15 Aug 2010 09:36:27 +0000 (11:36 +0200)]
s3: Remove smbd_server_fd() from keepalive_fn
Volker Lendecke [Sun, 15 Aug 2010 09:35:23 +0000 (11:35 +0200)]
s3: Remove smbd_server_fd() from smbd_server_connection_handler
Volker Lendecke [Sun, 15 Aug 2010 09:34:48 +0000 (11:34 +0200)]
s3: Remove smbd_server_fd() from smbd_server_connection_read_handler