Matthias Dieter Wallnöfer [Mon, 28 Jun 2010 21:12:10 +0000 (23:12 +0200)]
s4:lib/registry/ldb.c - add a missing brace
Sorry didn't check that earlier.
Matthias Dieter Wallnöfer [Mon, 28 Jun 2010 19:17:37 +0000 (21:17 +0200)]
s4:lib/registry/ldb.c - fix memory handling in "ldb_open_key"
Matthias Dieter Wallnöfer [Mon, 28 Jun 2010 19:15:17 +0000 (21:15 +0200)]
s4:lib/ldb/registry.c - handle the classname in the right way
This is for "ldb_get_key_info".
Matthias Dieter Wallnöfer [Thu, 24 Jun 2010 18:11:09 +0000 (20:11 +0200)]
s4:lib/registry/ldb.c - remove really useless "local_ctx"
"mem_ctx" should fit for these few local allocations.
Matthias Dieter Wallnöfer [Thu, 24 Jun 2010 14:17:16 +0000 (16:17 +0200)]
s4:lib/registry/ldb.c - retrieve the classname correctly in "ldb_get_subkey_by_id"
Matthias Dieter Wallnöfer [Thu, 24 Jun 2010 14:06:39 +0000 (16:06 +0200)]
s4:lib/registry/ldb.c - change the "ldb_get_value" implementation to use the value cache and not an LDB lookup
In addition this fixes the use of special characters in registry object names.
Ira Cooper [Mon, 28 Jun 2010 17:39:28 +0000 (13:39 -0400)]
s3: Change exit on immediate socket failure.
This change makes it so socket errors early in the smbd child
process cause orderly exits not coredumps.
Signed-off-by: Jeremy Allison <jra@samba.org>
Matthias Dieter Wallnöfer [Mon, 28 Jun 2010 18:26:16 +0000 (20:26 +0200)]
s4:auth/sam.c - "authsam_expand_nested_groups" - small performance improvement
We can save one search operation if "only_childs" is false and when we had no
SID passed as extended DN component.
Matthias Dieter Wallnöfer [Mon, 28 Jun 2010 18:25:47 +0000 (20:25 +0200)]
s4:auth/sam.c - "authsam_expand_nested_groups" - cosmetic/comments
Matthias Dieter Wallnöfer [Mon, 28 Jun 2010 17:57:12 +0000 (19:57 +0200)]
s4:auth/sam.c - "authsam_expand_nested_groups" - use "dsdb_search_dn" where possible
And always catch LDB errors
Jelmer Vernooij [Mon, 28 Jun 2010 18:10:08 +0000 (20:10 +0200)]
selftest: Remove accidentally committed dummy test.
Endi S. Dewata [Mon, 28 Jun 2010 16:13:03 +0000 (11:13 -0500)]
s4/spnupdate: Fixed spnupdate to use secrets credentials when accessing SamDB.
Signed-off-by: Matthias Dieter Wallnöfer <mdw@samba.org>
Endi S. Dewata [Mon, 28 Jun 2010 16:18:16 +0000 (11:18 -0500)]
s4/libcli: Register LDB_CONTROL_REVEAL_INTERNALS and DSDB_CONTROL_PASSWORD_CHANGE_STATUS_OID controls.
Signed-off-by: Matthias Dieter Wallnöfer <mdw@samba.org>
Endi S. Dewata [Mon, 28 Jun 2010 15:54:37 +0000 (10:54 -0500)]
s4/dsdb: Fixed partition_search() not to pass special DN's to LDAP backend.
Signed-off-by: Matthias Dieter Wallnöfer <mdw@samba.org>
Endi S. Dewata [Mon, 28 Jun 2010 15:45:04 +0000 (10:45 -0500)]
s4/auth: Fixed authsam_expand_nested_groups() to find entry SID if not available in the DN.
Signed-off-by: Matthias Dieter Wallnöfer <mdw@samba.org>
Volker Lendecke [Mon, 28 Jun 2010 14:54:56 +0000 (16:54 +0200)]
s3: Make some routines static in smbldap
Matthias Dieter Wallnöfer [Mon, 28 Jun 2010 09:25:43 +0000 (11:25 +0200)]
s4:repl_meta_data LDB module - fix counter type
Matthias Dieter Wallnöfer [Mon, 28 Jun 2010 09:25:43 +0000 (11:25 +0200)]
s4:acl LDB module - fix counter type
Matthias Dieter Wallnöfer [Mon, 28 Jun 2010 09:21:56 +0000 (11:21 +0200)]
s4:dcesrv_drsuapi.c - fix a counter variable
Matthias Dieter Wallnöfer [Mon, 28 Jun 2010 09:08:19 +0000 (11:08 +0200)]
s4:selftest - also "rpc.samr.users.privileges" does work now
Matthias Dieter Wallnöfer [Mon, 28 Jun 2010 09:05:59 +0000 (11:05 +0200)]
s4:lsa RPC server - Fix up "dcesrv_lsa_DeleteObject"
- Return always "NT_STATUS_OK" on success
- Remove "talloc_free"s on handles since the frees are automatically performed by
the DCE/RPC server code
Matthias Dieter Wallnöfer [Mon, 28 Jun 2010 08:45:26 +0000 (10:45 +0200)]
s4:knownfail - "pwdLastSet" test does work now
Matthias Dieter Wallnöfer [Mon, 28 Jun 2010 08:43:11 +0000 (10:43 +0200)]
s4:torture/rpc/samr.c - test_SetPassword_LastSet - introduce the delays also for s4
Matthias Dieter Wallnöfer [Sat, 12 Jun 2010 13:47:14 +0000 (15:47 +0200)]
s4:torture - SAMR password tests - activate support for password sets on level "18" and "21"
Matthias Dieter Wallnöfer [Tue, 22 Jun 2010 20:11:00 +0000 (22:11 +0200)]
s4:selftest - activate the lanman password changes
This is needed for a working "OemChangePasswordUser2" operation.
Matthias Dieter Wallnöfer [Mon, 21 Jun 2010 20:26:31 +0000 (22:26 +0200)]
s4:dcesrv_samr_SetUserInfo - implement right "pwdLastSet" behaviour
Behaviour as the torture SAMR passwords tests show.
Matthias Dieter Wallnöfer [Sun, 27 Jun 2010 21:13:14 +0000 (23:13 +0200)]
s4:dcesrv_samr_SetUserInfo - deny operations when "fields_present" is 0
Taken from s3
Matthias Dieter Wallnöfer [Mon, 21 Jun 2010 12:54:19 +0000 (14:54 +0200)]
s4:dcesrv_samr_SetUserInfo - port the "SAMR_FIELD_LAST_PWD_CHANGE" check from s3 to s4
Matthias Dieter Wallnöfer [Mon, 21 Jun 2010 12:41:27 +0000 (14:41 +0200)]
s4:dcesrv_samr_SetUserInfo - implement password set level 21
Matthias Dieter Wallnöfer [Sat, 12 Jun 2010 12:40:11 +0000 (14:40 +0200)]
s4:dcesrv_samr_SetUserInfo - implement case 18 which allows to reset the user password
Matthias Dieter Wallnöfer [Mon, 21 Jun 2010 20:59:11 +0000 (22:59 +0200)]
s4:OemChangePasswordUser2 - return "NT_STATUS_WRONG_PASSWORD" when we haven't activated the the lanman auth
This is what s3 does.
Matthias Dieter Wallnöfer [Mon, 21 Jun 2010 19:16:20 +0000 (21:16 +0200)]
s4:samr_password.c - add a function which sets the password through encrypted password hashes
Used for password sets on "samr_SetUserInfo" level 18 and 21.
Günther Deschner [Mon, 28 Jun 2010 12:47:16 +0000 (14:47 +0200)]
s4-smbtorture: fix typo.
Not my day...
Guenther
Matthias Dieter Wallnöfer [Mon, 28 Jun 2010 08:24:28 +0000 (10:24 +0200)]
s4:torture/rpc/samr.c - test_SetPassword_LastSet - fix "pwdLastSet" test
- Remove superflous checks (on level 18, 24, 26 we do always have "pwdLastSet"
resets if "password_expired" > 0)
- Fixed some bugs
Signed-off-by: Günther Deschner <gd@samba.org>
Günther Deschner [Mon, 28 Jun 2010 12:08:30 +0000 (14:08 +0200)]
s4-smbtorture: add trustDomainPasswords blob test to LOCAL-NDR testsuite.
Our parsing of this struct is incorrect atm. and apparently also causes the s4
server to crash.
Thanks to Sumit Bose <sbose@redhat.com> for providing the auth data retrieved
from a w2k3 domain.msc operation.
Guenther
Günther Deschner [Mon, 28 Jun 2010 12:04:47 +0000 (14:04 +0200)]
s3-registry: missed one perflib keyname delimiter.
Guenther
Volker Lendecke [Mon, 28 Jun 2010 12:08:11 +0000 (14:08 +0200)]
s3: More cleanup in winbindd_ads.c:query_user
We can't ads_msgfree after the ads struct has been killed. Do early returns.
Volker Lendecke [Mon, 28 Jun 2010 11:51:51 +0000 (13:51 +0200)]
s3: Fix a valgrind error
nss_get_info_cached does not necessarily fill in gid
Volker Lendecke [Mon, 28 Jun 2010 09:52:26 +0000 (11:52 +0200)]
s3: Re-arrange winbindd_ads.c:query_user
We can't access the LDAP message after nss_get_info_cached has potentially
destroyed the ads_struct
Volker Lendecke [Mon, 28 Jun 2010 09:21:03 +0000 (11:21 +0200)]
s3: free -> SAFE_FREE
Volker Lendecke [Mon, 28 Jun 2010 09:20:23 +0000 (11:20 +0200)]
s3: Do an early TALLOC_FREE
Günther Deschner [Mon, 28 Jun 2010 11:15:06 +0000 (13:15 +0200)]
s3-registry: fix printing keyname delimiter.
Guenther
Günther Deschner [Mon, 28 Jun 2010 11:14:36 +0000 (13:14 +0200)]
s3-registry: fix perfmon keyname delimiter.
Guenther
Andreas Schneider [Mon, 28 Jun 2010 10:54:11 +0000 (12:54 +0200)]
s3-net: Make sure that the data blob is initialized.
Found by clang-analyzer.
Andreas Schneider [Mon, 28 Jun 2010 09:48:15 +0000 (11:48 +0200)]
s3-eventlog: Fixed the keyname delimiter for the registry key.
Andreas Schneider [Mon, 28 Jun 2010 09:37:28 +0000 (11:37 +0200)]
s3-registry: Fixed keyname delimiter in KEY_CURRENT_VERSION_NORM.
Andreas Schneider [Mon, 28 Jun 2010 09:19:18 +0000 (11:19 +0200)]
s3-smbd: Make sure that status is initialized when used.
Found by clang-analyzer.
Andreas Schneider [Mon, 28 Jun 2010 09:16:19 +0000 (11:16 +0200)]
s3-lanman: Make sure count is not used uninitialized if we jump to out.
Found by clang-analyzer.
Andreas Schneider [Mon, 28 Jun 2010 09:13:24 +0000 (11:13 +0200)]
s3-vfs: Make sure that retval isn't used uninitialized.
Found by clang-analyzer.
Andreas Schneider [Mon, 28 Jun 2010 09:06:22 +0000 (11:06 +0200)]
s3-passdb: Make sure dn is initialized and don't free it.
dn is just a pointer to a memory which hasn't been duplicated.
Found by clang-analyzer.
Andreas Schneider [Mon, 28 Jun 2010 08:58:08 +0000 (10:58 +0200)]
s3-passdb: Make sure we don't call free on a garbage pointer.
Found by clang-analyzer.
Andreas Schneider [Mon, 28 Jun 2010 08:49:55 +0000 (10:49 +0200)]
s3-lanman: Make sure that job_info is not undefined.
Found by clang-analyzer.
Andreas Schneider [Mon, 28 Jun 2010 08:44:58 +0000 (10:44 +0200)]
s3-nmbd: Leave the sync function if there are no syncs.
Found by clang-analyzer.
Andreas Schneider [Mon, 28 Jun 2010 08:33:47 +0000 (10:33 +0200)]
s3-libsmb: Make sure that finfo is initialized.
Found by clang-analyzer.
Günther Deschner [Mon, 28 Jun 2010 10:51:28 +0000 (12:51 +0200)]
s3-eventlog: make sure _eventlog_OpenEventLogW fails when we cannot open the registry key.
Guenther
Volker Lendecke [Mon, 28 Jun 2010 10:26:17 +0000 (12:26 +0200)]
s3: Fix some valgrind errors
Essentially the same change as
15297ee, this time for the client side.
Günther, Andrew B, please check!
Thanks,
Volker
Andreas Schneider [Mon, 7 Jun 2010 08:03:50 +0000 (10:03 +0200)]
s3-passdb: Make sure that we don't assign garbage.
Andreas Schneider [Mon, 7 Jun 2010 08:00:39 +0000 (10:00 +0200)]
librpc: Use switch in GUID_from_data_blob().
Andreas Schneider [Mon, 7 Jun 2010 07:30:29 +0000 (09:30 +0200)]
nss_wrapper: Fixed a possible NULL pointer problem.
Stefan Metzmacher [Mon, 28 Jun 2010 07:57:33 +0000 (09:57 +0200)]
s4:ldap_server: don't start if we can't bind to port 389
metze
Nadezhda Ivanova [Mon, 28 Jun 2010 07:34:14 +0000 (10:34 +0300)]
Implementation of self membership validated right.
When this right is granted, the user can add or remove themselves from a group even
if they dont have write property right.
Kamen Mazdrashki [Mon, 28 Jun 2010 01:37:37 +0000 (04:37 +0300)]
s4/test: Run DrsDeleteObjectTestCase as part of S4 testing
I put this test in the end of the list of tests as it
runs with 'vampire_dc' environment running.
Currently there are tests that are failing when we have
2 DCs constantly replicating in the test environment
(this, of course, should be fixed in the near future)
Kamen Mazdrashki [Mon, 28 Jun 2010 01:33:40 +0000 (04:33 +0300)]
s4/drs: re-implement 'renaming' object replication
We should rename objects only after we make sure, that
changes on the partner DC are newer than what we have.
This fixes a bug, when we have following situation with 2 DCs:
- we have an object O on the two DCs
- we rename (delete) object O on DC1
- DC1 replicates from DC2
In the above scenario, object O will be renamed back
to its original name (i.e. it will be restored).
Now, we check that DC2 state is older than what we have,
so nothing happens with object's DN.
Kamen Mazdrashki [Mon, 28 Jun 2010 01:27:27 +0000 (04:27 +0300)]
s4/drs-test: Add few comments in DrsDeleteObjectTestCase test
Also remove unused code
Matthias Dieter Wallnöfer [Sat, 26 Jun 2010 17:58:45 +0000 (19:58 +0200)]
s4:rpc_server/srvsvc/dcesrv_srvsvc.c - remove unreachable code
Matthias Dieter Wallnöfer [Sat, 26 Jun 2010 17:58:45 +0000 (19:58 +0200)]
s4:rpc_server/wkssvc/dcesrv_wkssvc.c - remove unreachable code
Matthias Dieter Wallnöfer [Sat, 26 Jun 2010 17:58:45 +0000 (19:58 +0200)]
s4:rpc_server/lsa/dcesrv_lsa.c - remove unreachable code
Matthias Dieter Wallnöfer [Sat, 26 Jun 2010 17:55:07 +0000 (19:55 +0200)]
s4:lsa/lsa_lookup.c - use a better type for the "rtype" of the wellknown SIDs
To suppress warnings on Solaris 10
Matthias Dieter Wallnöfer [Sat, 26 Jun 2010 17:45:45 +0000 (19:45 +0200)]
s4:rpc_server/drsuapi/drsutil.c - remove unreachable code
Matthias Dieter Wallnöfer [Sat, 26 Jun 2010 17:45:45 +0000 (19:45 +0200)]
s4:rpc_server/dcesrv_auth.c - remove unreachable code
Matthias Dieter Wallnöfer [Sat, 26 Jun 2010 17:43:51 +0000 (19:43 +0200)]
s4:winbind/wb_samba3_protocol.c - add cast to suppress warnings on Solaris 10 cc
Matthias Dieter Wallnöfer [Sat, 26 Jun 2010 17:43:51 +0000 (19:43 +0200)]
s4:kdc/kdc.c - add cast to suppress warnings on Solaris 10 cc
Matthias Dieter Wallnöfer [Sat, 26 Jun 2010 17:42:29 +0000 (19:42 +0200)]
s4:kdc/kpasswdd.c - remove unreachable code
Matthias Dieter Wallnöfer [Sat, 26 Jun 2010 09:10:55 +0000 (11:10 +0200)]
s4:provision.py - fix comment regarding DNS entries
I think this should mean partially Samba4 specified (all beside the "dns"
account is standard)
Stefan Metzmacher [Fri, 25 Jun 2010 13:10:32 +0000 (15:10 +0200)]
s4:provision: add entries for root dns servers
metze
Stefan Metzmacher [Fri, 25 Jun 2010 11:32:39 +0000 (13:32 +0200)]
s4:provision: move Samba4 specific DNS stuff to its own file
metze
Stefan Metzmacher [Fri, 25 Jun 2010 12:01:21 +0000 (14:01 +0200)]
s4:provision: add --next-rid option
Make it possible to provision a domain with a given next rid counter.
This will be useful for upgrades, where we want to import users
with already given SIDs.
metze
Stefan Metzmacher [Fri, 25 Jun 2010 10:47:34 +0000 (12:47 +0200)]
s4:dsdb/ridalloc: add comment about windows behavior regarding rIDUsedPool
metze
Stefan Metzmacher [Fri, 25 Jun 2010 09:11:56 +0000 (11:11 +0200)]
s4:provision: don't use hardcoded values for 'nextRid' and 'rIDAvailablePool'
On Windows dcpromo imports nextRid from the local SAM,
which means it's not hardcoded to 1000.
The initlal rIDAvailablePool starts at nextRid + 100.
I also found that the RID Set of the local dc
should be created via provision and not at runtime,
when the first rid is needed.
(Tested with dcpromo on w2k8r2, while disabling the DNS
check box).
After provision we should have this (assuming nextRid=1000):
rIDAllocationPool: 1100-1599
rIDPrevAllocationPool: 1100-1599
rIDUsedPool: 0
rIDNextRID: 1100
rIDAvailablePool: 1600-
1073741823
Because provision sets rIDNextRid=1100, the first created account
(typically DNS related accounts) will get 1101 as rid!
metze
Stefan Metzmacher [Fri, 25 Jun 2010 10:27:27 +0000 (12:27 +0200)]
s4:provision: pass relax control also to modify_ldif
metze
Kamen Mazdrashki [Fri, 25 Jun 2010 12:56:35 +0000 (15:56 +0300)]
s4/net-drs: Fix error messages typo and formatting
Kamen Mazdrashki [Fri, 25 Jun 2010 11:56:03 +0000 (14:56 +0300)]
s4/drs-test: Fix whitespaces and permissions for delete_object.py test
Sorry I've missed to do this before
Jelmer Vernooij [Fri, 25 Jun 2010 19:51:23 +0000 (21:51 +0200)]
Move UCS2 macros to common code
Jeremy Allison [Fri, 25 Jun 2010 20:29:00 +0000 (13:29 -0700)]
Don't use frame as the talloc ctx in open_schannel_session_store(), as this breaks running from inetd
(we free frame below). Use NULL instead.
Jeremy.
Jeremy Allison [Fri, 25 Jun 2010 19:02:08 +0000 (12:02 -0700)]
Change talloc_autofree_context() to frame in Andrew's schannel.tdb TDB_CLEAR_IF_FIRST
changes. Using talloc_autofree_context() has undesirable effects when forked
subprocesses exit.
Jeremy.
Andrew Bartlett [Wed, 23 Jun 2010 00:37:13 +0000 (10:37 +1000)]
schannel Change to TDB_CLEAR_IF_FIRST to reduce fsync()
By making this DB TDB_NOSYNC, and by making that safe with
TDB_CLEAR_IF_FIRST, we greatly reduce the fsync() load on the server.
This particularly helps the source4/ 'make test', which otherwise tries
to disable fsync() in ldb.
Andrew Bartlett
Signed-off-by: Jeremy Allison <jra@samba.org>
Andrew Bartlett [Wed, 23 Jun 2010 00:36:32 +0000 (10:36 +1000)]
s3:schannel Open the schannel_state.tdb at startup
This will allow future TDB_CLEAR_IF_FIRST behaviour
Signed-off-by: Jeremy Allison <jra@samba.org>
Andrew Bartlett [Wed, 23 Jun 2010 00:33:15 +0000 (10:33 +1000)]
s4:schannel Open the schannel_store.tdb at startup
This will allow TDB_CLEAR_IF_FIRST behaviour in future
Signed-off-by: Jeremy Allison <jra@samba.org>
Andrew Bartlett [Wed, 23 Jun 2010 00:31:50 +0000 (10:31 +1000)]
libcli/auth make open_schannel_session_store() public
This will allow TDB_CLEAR_IF_FIRST to be used
Signed-off-by: Jeremy Allison <jra@samba.org>
Michael Adam [Fri, 25 Jun 2010 16:13:06 +0000 (18:13 +0200)]
s3:registry: use regdb_store_regdb_version() in regdb_init().
Michael Adam [Fri, 25 Jun 2010 16:12:28 +0000 (18:12 +0200)]
s3:registry: use regdb_store_regdb_version() in regdb_upgrade_v1_to_v2()
Michael Adam [Fri, 25 Jun 2010 16:11:35 +0000 (18:11 +0200)]
s3:registry: add a function regdb_store_regdb_version()
Michael Adam [Fri, 25 Jun 2010 16:04:52 +0000 (18:04 +0200)]
s3:registry: rename regdb_upgrade_to_version_2() -> regdb_upgrade_v1_to_v2()
Michael Adam [Fri, 25 Jun 2010 15:26:34 +0000 (17:26 +0200)]
s3:net [rpc] registry: be as user-friendly as possible wrt to the normalization change
The registry has been changed to use '\' as a key delimiter instead of '/'.
Originally, one could mix both characters in the specification of registry
key for net [rpc] registry. Now this can not work any more, since '/' is
generally treated as a valid character of a key name.
Now, to be as user-friendly as possible, the net [rpc] registry code has
been changed to still support '/' as a key name delimiter if no '\' character
is found in the given registry path string. In that case, all '/' characters
are converted to '\' characters before proceeding. If on the other hand,
a '\' character is found in the path string, then no conversion is assumed,
and it is hence assumed that the path is already in the correct form and
'/' characters are supposed to be part of the key names.
Michael Adam [Fri, 25 Jun 2010 12:34:04 +0000 (14:34 +0200)]
s3:registry: improve logic of upgrade code in regdb_init()
Don't overwrite unknown versions (0 or > 2) of the registry.
Michael Adam [Fri, 25 Jun 2010 10:32:22 +0000 (12:32 +0200)]
s3:registry: fix some debug messages in regdb_ini()
Andreas Schneider [Thu, 24 Jun 2010 14:33:37 +0000 (16:33 +0200)]
s3-registry: Convert registry key delimiter from slash to backslash.
This is needed to support keynames containing a '/' like TCP/IP. Which
is used in serveral standard paths.
Signed-off-by: Michael Adam <obnox@samba.org>
Andreas Schneider [Thu, 24 Jun 2010 13:26:04 +0000 (15:26 +0200)]
s3-registry: Added a db upgrade function to normalize the key delimiter.
This converts the key delimiter from a slash to a blackslash. We need to
support keynames with a backslash.
Signed-off-by: Michael Adam <obnox@samba.org>
Volker Lendecke [Fri, 25 Jun 2010 15:06:00 +0000 (17:06 +0200)]
s3: In make_server_info_info3, check the result of copy_netr_SamInfo3
Volker Lendecke [Fri, 25 Jun 2010 14:56:38 +0000 (16:56 +0200)]
s3: In copy_netr_SamInfo3 copy all of the sids array