Björn Jacke [Tue, 11 May 2010 13:23:54 +0000 (15:23 +0200)]
waf:libreplace: set _OSF_SOURCE to fix build on Tru64
Matthias Dieter Wallnöfer [Tue, 11 May 2010 12:58:19 +0000 (14:58 +0200)]
README.Coding - cosmetic changes
- Fix typos
- Wrap lines
- Remove trailing whitespaces
- use ":" instead of "::" - one colon should in all cases be enough
Kai Blin [Tue, 11 May 2010 12:24:47 +0000 (14:24 +0200)]
build: skip missing executables in testwaf.sh
Günther Deschner [Tue, 11 May 2010 11:40:12 +0000 (13:40 +0200)]
tdb: remove unused variable in tdb_new_database().
Guenther
Anatoliy Atanasov [Tue, 11 May 2010 08:35:54 +0000 (11:35 +0300)]
Revert "s4-rodc: Fix provision warnings by creating ntds objectGUID in provision"
This reverts commit
c3cbb846d0bfbaa11fd255bada7fa5fe502d4d96.
The fix is not correct, we should cache a bool to answer amIRODC
Stefan Metzmacher [Tue, 11 May 2010 06:34:35 +0000 (08:34 +0200)]
Revert "s4:password_hash LDB module - don't break the provision"
This reverts commit
6276343ce1b7dd7d217e5a419c09f209f5f87379.
This is not needed anymore.
metze
Stefan Metzmacher [Tue, 11 May 2010 06:38:02 +0000 (08:38 +0200)]
Revert "s4:password hash LDB module - check that password hashes are != NULL before copying them"
This reverts commit
fa87027592f71179c22f132e375038217bc9d36a.
This check is done one level above now.
metze
Stefan Metzmacher [Tue, 11 May 2010 06:32:40 +0000 (08:32 +0200)]
s4:dsdb/password_hash: only try to handle a hash in the unicodePwd field if it's given
Sorry, I removed this logic while cleaning up indentation levels...
metze
Stefan Metzmacher [Tue, 11 May 2010 06:03:56 +0000 (08:03 +0200)]
README.Coding: fix good example
metze
Günther Deschner [Mon, 10 May 2010 21:41:08 +0000 (23:41 +0200)]
s4-smbtorture: fix smbcli_rap_netuserpasswordset2().
Guenther
Günther Deschner [Mon, 10 May 2010 19:48:10 +0000 (21:48 +0200)]
s4-smbtorture: fix smbcli_rap_netoemchangepassword.
Guenther
Günther Deschner [Mon, 10 May 2010 22:53:41 +0000 (00:53 +0200)]
s4-smbtorture: correctly fill in trans.in.data in rap_cli_do_call().
Guenther
Matthias Dieter Wallnöfer [Mon, 10 May 2010 21:46:21 +0000 (23:46 +0200)]
s4:password_hash LDB module - we might not have a cleartext password at all
When we don't have the cleartext of the new password then don't check it
using "samdb_check_password".
Jeremy Allison [Mon, 10 May 2010 21:23:44 +0000 (14:23 -0700)]
SMB2 always have level2 oplock capability. Correct mapping from break messages to SMB2 oplock levels.
Jeremy.
Jeremy Allison [Mon, 10 May 2010 20:58:41 +0000 (13:58 -0700)]
Stop us crashing in SMB2-OPLOCK test. Don't allow more than one outstanding immediate event.
Jeremy.
Kamen Mazdrashki [Sat, 8 May 2010 07:20:00 +0000 (10:20 +0300)]
s4/tort: Add test for comparing special DNs
Kamen Mazdrashki [Sat, 8 May 2010 07:19:14 +0000 (10:19 +0300)]
s4/dn: handle case 'base' dn has no components
This could if the 'base' dn is special for example.
Günther Deschner [Fri, 7 May 2010 20:10:51 +0000 (22:10 +0200)]
s4-smbtorture: add smbcli_rap_netoemchangepassword().
Guenther
Günther Deschner [Fri, 7 May 2010 17:26:43 +0000 (19:26 +0200)]
rap: add rap_NetOEMChangePassword() to IDL.
Guenther
Jeremy Allison [Mon, 10 May 2010 18:29:34 +0000 (11:29 -0700)]
Fix the processing of unlocks followed by locks. We now pass SMB2-LOCK test.
Jeremy.
Jeremy Allison [Mon, 10 May 2010 18:09:41 +0000 (11:09 -0700)]
Fix more of the SMB2-LOCK tests. Correctly unlock locks on error.
Jeremy.
Matthias Dieter Wallnöfer [Mon, 10 May 2010 18:04:37 +0000 (20:04 +0200)]
s4:password_hash LDB module - quiet a warning
Matthias Dieter Wallnöfer [Mon, 10 May 2010 18:02:21 +0000 (20:02 +0200)]
s4:password hash LDB module - check that password hashes are != NULL before copying them
Matthias Dieter Wallnöfer [Mon, 10 May 2010 17:51:31 +0000 (19:51 +0200)]
s4:password_hash LDB module - don't break the provision
This is to don't break the provision process at the moment. We need to find
a better solution.
Matthias Dieter Wallnöfer [Sat, 10 Apr 2010 18:04:13 +0000 (20:04 +0200)]
s4:passwords.py - add a python unittest for additional testing of my passwords work
This performs checks on direct password changes over LDB/LDAP. Indirect
password changes over the RPCs are already tested by some torture suite (SAMR
passwords). So no need to do this again here.
Matthias Dieter Wallnöfer [Thu, 3 Dec 2009 09:48:44 +0000 (10:48 +0100)]
s4:samdb_set_password - adapt it for the user password change handling
Make use of the new "change old password checked" control.
Matthias Dieter Wallnöfer [Sat, 26 Sep 2009 10:09:07 +0000 (12:09 +0200)]
s4:samdb_set_password/samdb_set_password_sid - Rework
Adapt the two functions for the restructured "password_hash" module. This
means that basically all checks are now performed in the mentioned module.
An exception consists in the SAMR password change calls since they need very
precise NTSTATUS return codes on wrong constraints ("samr_password.c") file
Stefan Metzmacher [Mon, 10 May 2010 15:36:54 +0000 (17:36 +0200)]
s4:password_hash - Implement password restrictions
Based on the Patch from Matthias Dieter Wallnöfer <mwallnoefer@yahoo.de>.
metze
Matthias Dieter Wallnöfer [Wed, 23 Sep 2009 17:25:54 +0000 (19:25 +0200)]
s4:password_hash - Rework to handle password changes
- Implement the password restrictions as specified in "samdb_set_password"
(complexity, minimum password length, minimum password age...).
- We support only (administrative) password reset operations at the moment
- Support password (administrative) reset and change operations (consider
MS-ADTS 3.1.1.3.1.5)
Matthias Dieter Wallnöfer [Fri, 23 Oct 2009 10:51:47 +0000 (12:51 +0200)]
s4:password_hash - Rework unique value checks
Windows Server performs the constraint checks in a different way than we do.
All testing has been done using "passwords.py".
Matthias Dieter Wallnöfer [Fri, 23 Oct 2009 10:51:47 +0000 (12:51 +0200)]
s4:password_hash - Various (mostly cosmetic) prework
- Enhance comments
- Get some more attributes from the domain and user object (needed later)
- Check for right objectclass on change/set operations (instances of
"user" and/or "inetOrgPerson") - otherwise forward the request
- (Cosmetic) cleanup in asynchronous results regarding return values
Matthias Dieter Wallnöfer [Wed, 23 Sep 2009 17:25:54 +0000 (19:25 +0200)]
s4:dsdb: add new controls
- Add a new control for getting status informations (domain informations,
password change status) directly from the module
- Add a new control for allowing direct hash changes
- Introduce an addtional control "change_old password checked" for the password
Stefan Metzmacher [Mon, 10 May 2010 10:25:32 +0000 (12:25 +0200)]
s4:setup: mark DSDB_CONTROL_DN_STORAGE_FORMAT_OID 1.3.6.1.4.1.7165.4.3.4 as allocated
metze
Zahari Zahariev [Mon, 10 May 2010 10:53:56 +0000 (13:53 +0300)]
v2 Latest enhancements in ldapcmp tool
- Added support for replicating hosts versus hosts in different domains
- Added switches for the following modes:
= two - ignores additional attributes that cannot be the same
in two different provisions (domains)
= quiet - display nothing, only return code
= verbose - display all dn objects through compare fase
= default - display only objects with differences
- Added more placeholders for nETBIOSDomainName and ServerName
Anatoliy Atanasov [Mon, 10 May 2010 10:52:27 +0000 (13:52 +0300)]
s4-rodc: Fix provision warnings by creating ntds objectGUID in provision
Günther Deschner [Mon, 10 May 2010 12:44:30 +0000 (14:44 +0200)]
s3-rpcclient: fix two more invalid typecasts in spoolss commands.
Guenther
Jelmer Vernooij [Mon, 10 May 2010 12:48:41 +0000 (14:48 +0200)]
s3: Work around dependency bug in Samba 4 waf build in merged build.
Volker Lendecke [Mon, 10 May 2010 10:05:01 +0000 (12:05 +0200)]
libwbclient: Fix a fd-leak at dlclose-time
__attribute__((destructor)) makes winbind_close_sock() being called at
dlclose() time.
Found while testing apache on Linux with mod_auth_pam.
Other platforms will have to find a different fix. One possibility would be to
always close the socket after each operation, but this badly sucks
performance-wise.
Volker Lendecke [Mon, 10 May 2010 09:53:03 +0000 (11:53 +0200)]
s3: Test for "__attribute__((destructor))"
Matthias Dieter Wallnöfer [Mon, 10 May 2010 10:37:50 +0000 (12:37 +0200)]
s4:acl ldb module - fix typos
Matthias Dieter Wallnöfer [Sun, 4 Oct 2009 17:30:53 +0000 (19:30 +0200)]
s4:dsdb/util.c - Add a new function for retrieving password change attributes
This is needed since we have not only reset operations on password fields
(attributes marked with REPLACE flag) but also change operations which can be
performed by users itself. They have one attribute with the old value marked
with the REMOVE flag and one with the new one marked with the ADD flag.
This function helps to retrieve them (argument "new" is used for the new
password on both reset and change).
Stefan Metzmacher [Sat, 8 May 2010 11:55:09 +0000 (13:55 +0200)]
s4:blackbox password tests - more complex passwords
Matthias Dieter Wallnöfer [Wed, 30 Sep 2009 18:59:42 +0000 (20:59 +0200)]
s4:selftest - change test passwords
The passwords need to be more complex to meet the new complexity criteria.
Stefan Metzmacher [Sat, 8 May 2010 11:55:25 +0000 (13:55 +0200)]
s4:selftest: add --socket-wrapper[-keep]-pcap options to "waf test"
metze
Günther Deschner [Mon, 10 May 2010 09:22:32 +0000 (11:22 +0200)]
testprogs: update Makefile.mingw (although mingw current cant build it).
Guenther
Günther Deschner [Mon, 10 May 2010 09:15:59 +0000 (11:15 +0200)]
testprogs: update README to reflect the util rename.
Guenther
Günther Deschner [Mon, 10 May 2010 09:06:03 +0000 (11:06 +0200)]
testprogs: add readme for testspoolss.exe.
Patch from Kurt Pfeifle <Kurt.Pfeifle@ricoh.de>.
Guenther
Günther Deschner [Mon, 10 May 2010 09:03:49 +0000 (11:03 +0200)]
testprogs: add vcproj and sln files for testspoolss.exe.
Patch from Kurt Pfeifle <Kurt.Pfeifle@ricoh.de>.
Guenther
Günther Deschner [Mon, 10 May 2010 09:01:54 +0000 (11:01 +0200)]
testprogs: rename spoolss.exe to testspoolss.exe.
Patch from Kurt Pfeifle <Kurt.Pfeifle@ricoh.de>.
Guenther
Günther Deschner [Sat, 8 May 2010 00:16:37 +0000 (02:16 +0200)]
s3-net: Fix Bug #7417. 'net rpc user password' can set the wrong password.
Guenther
Andreas Schneider [Mon, 10 May 2010 08:27:42 +0000 (10:27 +0200)]
tevent: Added a description for tevent queue.
Andreas Schneider [Mon, 10 May 2010 08:24:53 +0000 (10:24 +0200)]
tevent: Added an introduction to the tevent_queue tutorial.
Thanks Volker.
Andreas Schneider [Mon, 10 May 2010 07:56:18 +0000 (09:56 +0200)]
tevent: Fixed a doxygen problem with PRINTF_ATTRIBUTE.
Andreas Schneider [Mon, 10 May 2010 07:55:44 +0000 (09:55 +0200)]
talloc: Fixed a doxygen problem with PRINTF_ATTRIBUTE.
Kai Blin [Mon, 10 May 2010 07:58:57 +0000 (09:58 +0200)]
build: Update the waf build to fix python header checks
Matthias Dieter Wallnöfer [Mon, 10 May 2010 07:21:17 +0000 (09:21 +0200)]
s3:provision_basedn_modify.ldif - add "msDS-NcType" attribute and fix comments
Günther Deschner [Sun, 9 May 2010 21:47:56 +0000 (23:47 +0200)]
s3-proto: add missing protoype for dcerpc_fault_to_nt_status().
Guenther
Günther Deschner [Fri, 19 Mar 2010 11:01:54 +0000 (12:01 +0100)]
s3-lanman: use srvsvc for api_RNetServerGetInfo().
Following MS-RAP 3.2.5.3 NetServerGetInfo Command.
Guenther
Simo Sorce [Fri, 7 May 2010 13:26:41 +0000 (09:26 -0400)]
s3-spoolss: Make spoolss_Time_to_time_t public.
Signed-off-by: Günther Deschner <gd@samba.org>
Matthias Dieter Wallnöfer [Thu, 6 May 2010 10:17:08 +0000 (12:17 +0200)]
s4:samldb LDB module - make "samldb_member_check" synchronous again
Matthias Dieter Wallnöfer [Thu, 6 May 2010 09:55:11 +0000 (11:55 +0200)]
s4:samldb LDB module - make "samldb_prim_group_users_check" synchronous again
Matthias Dieter Wallnöfer [Thu, 6 May 2010 09:35:46 +0000 (11:35 +0200)]
s4:samldb LDB module - update the copyright notice
Matthias Dieter Wallnöfer [Sun, 9 May 2010 09:45:24 +0000 (11:45 +0200)]
s4:blackbox/test_kinit.sh - Test the new "net user add <user> [<password>]" syntax
Matthias Dieter Wallnöfer [Sun, 9 May 2010 09:24:10 +0000 (11:24 +0200)]
s4:net utility - make outprinted description comments more consistent
I've added a [server connection needed] when commands won't work on the local
SamDB.
Matthias Dieter Wallnöfer [Sun, 9 May 2010 08:57:03 +0000 (10:57 +0200)]
s4:net utility - remove unixname parameter of samdb.newuser
We don't handle the id mapping stuff manually anymore.
Matthias Dieter Wallnöfer [Sun, 9 May 2010 08:54:19 +0000 (10:54 +0200)]
s4:samdb python bindings - remove idmap creation stuff from this call
The id mapping should now be handled automatically by the s4 daemon.
Matthias Dieter Wallnöfer [Fri, 7 May 2010 22:48:33 +0000 (00:48 +0200)]
s4:net utility - add an optional password attribute to "net user add"
To make it behave similar to "net newuser".
Andrew Bartlett [Fri, 7 May 2010 12:43:36 +0000 (22:43 +1000)]
s4:dsdb Provide an intelegent fallback if not CN=Subnets is found
We may as well fall back rather than return NULL (which callers don't
do useful things with).
Andrew Bartlett
Andrew Bartlett [Fri, 7 May 2010 11:09:40 +0000 (21:09 +1000)]
buildtools: Add 'make testenv' to Samba4 make targets
I'm still too addicted to this as my standard debugging environment, and while I can learn the new command, this helps the muscle-memory.
Andrew Bartlett
Stefan Metzmacher [Fri, 7 May 2010 22:59:12 +0000 (00:59 +0200)]
dsdb/password_hash: remove usage of msDs-KeyVersionNumber
metze
Andrew Bartlett [Fri, 7 May 2010 11:56:15 +0000 (21:56 +1000)]
s4:dsdb Use replPropertyMetaData as the basis for msDS-KeyVersionNumber
This means that the existing kvno will no longer be valid, all
unix-based domain members may need to be rejoined, and
upgradeprovision run to update the local kvno in
secrets.ldb/secrets.keytab.
This is required to match the algorithm used by Windows DCs, which we
may be replicating with. We also need to find a way to generate a
reasonable kvno with the OpenLDAP backend.
Andrew Bartlett
Matthias Dieter Wallnöfer [Fri, 7 May 2010 21:51:06 +0000 (23:51 +0200)]
librpc:dcerpc_error.c - fix a warning
Günther Deschner [Sat, 8 May 2010 22:42:54 +0000 (00:42 +0200)]
s3-libsmb: fix argument order for tevent_req_default_print in cli_pull_print().
Andreas, please check.
Guenther
Günther Deschner [Fri, 7 May 2010 20:54:08 +0000 (22:54 +0200)]
pidl: add NDR_PRINT_DEBUG output to generated s3 server dispatch tables.
This dramatically helps tracking and debugging usage of the
rpc_pipe_open_internal users.
Guenther
Volker Lendecke [Sat, 8 May 2010 20:03:23 +0000 (22:03 +0200)]
s3: Fix the build
Günther Deschner [Fri, 7 May 2010 13:40:49 +0000 (15:40 +0200)]
s4-smbtorture: add smbcli_rap_netuserpasswordset2().
Guenther
Günther Deschner [Thu, 6 May 2010 16:08:41 +0000 (18:08 +0200)]
rap: add rap_NetUserPasswordSet2() to IDL.
Guenther
Günther Deschner [Thu, 6 May 2010 15:49:36 +0000 (17:49 +0200)]
s3: move BASE_RID to main includes.h (in preparation to separate passdb).
Guenther
Günther Deschner [Thu, 6 May 2010 15:17:37 +0000 (17:17 +0200)]
s3-passdb: moving account_pol.c into passdb.
Guenther
Jelmer Vernooij [Fri, 7 May 2010 16:30:46 +0000 (18:30 +0200)]
s3-merged: Make sure bin/ exists when copying in bin/smbtorture4.
Jelmer Vernooij [Thu, 6 May 2010 13:31:48 +0000 (15:31 +0200)]
s3-merged: Use newly added waf reconfigure subcommand.
Jelmer Vernooij [Thu, 6 May 2010 12:08:49 +0000 (14:08 +0200)]
Reintroduce merged build, using waf to build smbtorture4.
Jelmer Vernooij [Thu, 6 May 2010 10:00:01 +0000 (12:00 +0200)]
Revert "Revert "s3-build: Remove --enable-merged support.""
This reverts commit
8f8e7c788a12d1e0bda9183ed765cc1048e105f7.
Jelmer Vernooij [Thu, 6 May 2010 09:49:10 +0000 (11:49 +0200)]
samba3: Generate C files from IDL in source3/librpc/gen_ndr rather than
librpc/gen_ndr.
This is done to make it possible to run waf in the source4/ tree at
the same time, since waf has problems with files that were generated by
something else.
Jeremy Allison [Fri, 7 May 2010 14:25:13 +0000 (07:25 -0700)]
Only MULTIPLE-UNLOCK test left to fix !
Jeremy.
Jeremy Allison [Fri, 7 May 2010 13:54:16 +0000 (06:54 -0700)]
When tearing down the connection make sure we close all files before
freeing the global context, as we close access to the locking db
before freeing the global context.
Jeremy.
Jeremy Allison [Fri, 7 May 2010 13:20:50 +0000 (06:20 -0700)]
This patch looks bigger than it is. It does 2 things. 1). Renames smbpid -> smblctx in our locking code. 2). Widens smblctx to 64-bits internally. Preparing to use the SMB2 handle as the locking context.
Jeremy.
Andrew Tridgell [Fri, 7 May 2010 11:47:37 +0000 (13:47 +0200)]
s4-devel: a very useful script when dealing with library/linking issues
I use this all the time, so I thought I'd put it in the tree for
others
Andrew Tridgell [Fri, 7 May 2010 09:41:50 +0000 (11:41 +0200)]
build: fixed pc file variable substitution
We should not substitute for the first use of each variable
declaration in the pkgconfig file
Björn Jacke [Fri, 7 May 2010 11:45:00 +0000 (13:45 +0200)]
idl: get the logic of the prevous commit right
Björn Jacke [Fri, 7 May 2010 11:38:00 +0000 (13:38 +0200)]
idl: fix Unix builds by replacing bashism
test -nt is not portable - tridge, please check!
Björn Jacke [Fri, 7 May 2010 10:53:53 +0000 (12:53 +0200)]
s3:configure: search fdatasync also in librt
Sun^W Oracle Solaris has it there ...
Björn Jacke [Fri, 7 May 2010 09:56:38 +0000 (11:56 +0200)]
s3:configure: use correct SONAMEFLAG on Solaris depending on which linker is being used
Jeremy Allison [Fri, 7 May 2010 08:20:26 +0000 (01:20 -0700)]
Make us pass all SMB2 lock tests except MULTIPLE-UNLOCK and CONTEXT. Them next :-).
Jeremy.
Jeremy Allison [Fri, 7 May 2010 07:33:59 +0000 (00:33 -0700)]
Fix crash in cancel-tdis lock test. Correctly shut down connection.
Jeremy.
Andrew Tridgell [Fri, 7 May 2010 07:00:53 +0000 (09:00 +0200)]
build: treat a blank --build or --host as not a cross-compile
This matches autoconf behaviour
Jeremy Allison [Thu, 6 May 2010 22:39:21 +0000 (15:39 -0700)]
Fix cancel by close lock test.
Jeremy.
Andreas Schneider [Thu, 6 May 2010 15:50:26 +0000 (17:50 +0200)]
talloc: Documented the missing string functions.
Jeremy Allison [Thu, 6 May 2010 16:07:49 +0000 (09:07 -0700)]
Fix SMB2 lock tests up to cancel-by-close.
Jeremy.
Jeremy Allison [Thu, 6 May 2010 15:22:13 +0000 (08:22 -0700)]
Fix more SMB2 locking. We still crash but this won't last :-).
Jeremy.