13 years agoRevert "s4:LDB/LDAP - Re-allow renames"
Matthias Dieter Wallnöfer [Fri, 2 Oct 2009 22:06:41 +0000 (00:06 +0200)]
Revert "s4:LDB/LDAP - Re-allow renames"

This reverts commit 767fce6fccf484b547219abd5e6abc941eacaf92.

Simo pointed out that the patch generates race conditions. We need to solve this
using a new control.

13 years agos4:repl_meta_data - various
Matthias Dieter Wallnöfer [Fri, 2 Oct 2009 21:26:35 +0000 (23:26 +0200)]
s4:repl_meta_data - various

- Add more "talloc_free"s and right error values where needed
- Add a pre-lookup for entries before searching for metadata attribute
  (also suggested by TODO list)
- Now the most part of "" works again

13 years agoRemove lots of duplicate code and move it into one
Jeremy Allison [Fri, 2 Oct 2009 20:45:38 +0000 (13:45 -0700)]
Remove lots of duplicate code and move it into one
function vfs_stat_fsp(). Stops code looking at fsp->posix_open
except for exceptional circumstances.

13 years - add a very special rename test (with invalid - empty RDN)
Matthias Dieter Wallnöfer [Fri, 2 Oct 2009 19:26:35 +0000 (21:26 +0200)] - add a very special rename test (with invalid - empty RDN)

13 years agos4:ldb_ildap - Don't segfault on a empty RDN
Matthias Dieter Wallnöfer [Fri, 2 Oct 2009 19:26:12 +0000 (21:26 +0200)]
s4:ldb_ildap - Don't segfault on a empty RDN

13 years agos4:LDB/LDAP - Re-allow renames
Matthias Dieter Wallnöfer [Fri, 2 Oct 2009 19:23:23 +0000 (21:23 +0200)]
s4:LDB/LDAP - Re-allow renames

The main problem is that the "rdn_name" module launches on a rename request also
a modification one with the "special attributes" which can't be changed directly.
An introduced flag helps to bypass the restriction.

13 years agoMissed one VFS_STAT -> VFS_LSTAT
Jeremy Allison [Fri, 2 Oct 2009 18:07:17 +0000 (11:07 -0700)]
Missed one VFS_STAT -> VFS_LSTAT

13 years agoFix more use of VFS_STAT when posix pathnames selected.
Jeremy Allison [Fri, 2 Oct 2009 18:05:03 +0000 (11:05 -0700)]
Fix more use of VFS_STAT when posix pathnames selected.

13 years - major enhancements
Matthias Dieter Wallnöfer [Fri, 2 Oct 2009 16:31:38 +0000 (18:31 +0200)] - major enhancements

- Clean up and reorder it a bit
- Test which adds invalid attributes
- Test which makes sure that the 'distinguishedName' attribute cannot be modified
- Test which makes sure that we cannot change the RDN/'name' attribute through a modify request

13 years agos4:ldb Don't allow RDN to be modified with an LDB modify message
Andrew Bartlett [Thu, 24 Sep 2009 04:12:00 +0000 (21:12 -0700)]
s4:ldb Don't allow RDN to be modified with an LDB modify message

Found by the Microsoft testsuite at the AD interop event.

Andrew Bartlett

13 years agos4:rdn_name module - a normal error message should be enough for this failure
Matthias Dieter Wallnöfer [Fri, 2 Oct 2009 17:09:13 +0000 (19:09 +0200)]
s4:rdn_name module - a normal error message should be enough for this failure

I don't think that we really want to have this error printed out on the server
console (stdout) since this hasn't serious results as DB or data corruption
and similar.

13 years agos4:ldb Don't allow modifcation of distinguishedName
Andrew Bartlett [Fri, 25 Sep 2009 00:20:55 +0000 (17:20 -0700)]
s4:ldb Don't allow modifcation of distinguishedName

13 years agos4:dsdb Return correct error on invalid attribute
Andrew Bartlett [Fri, 25 Sep 2009 23:40:30 +0000 (16:40 -0700)]
s4:dsdb Return correct error on invalid attribute

This error per the Microsoft testsuite

13 years agos4:dsdb Pass down the exact error code on failure in repl_meta_data
Andrew Bartlett [Thu, 24 Sep 2009 04:13:22 +0000 (21:13 -0700)]
s4:dsdb Pass down the exact error code on failure in repl_meta_data

13 years agos4:samdb_set_password - Return the maximum password age when requested (not the minim...
Matthias Dieter Wallnöfer [Fri, 25 Sep 2009 16:03:31 +0000 (18:03 +0200)]
s4:samdb_set_password - Return the maximum password age when requested (not the minimum one)

13 years agos4:samdb_set_password - cosmetic fixes
Matthias Dieter Wallnöfer [Wed, 23 Sep 2009 17:23:17 +0000 (19:23 +0200)]
s4:samdb_set_password - cosmetic fixes

13 years agos4: fix various warnings (not "const" related ones)
Matthias Dieter Wallnöfer [Tue, 29 Sep 2009 09:49:50 +0000 (11:49 +0200)]
s4: fix various warnings (not "const" related ones)

13 years agos4/srvsvc: deactivate a "ntvfs_connect" with a wrong parameter
Matthias Dieter Wallnöfer [Tue, 29 Sep 2009 09:49:50 +0000 (11:49 +0200)]
s4/srvsvc: deactivate a "ntvfs_connect" with a wrong parameter

In the srvsvc code for s4 (NTVFS module) there exists a call to "ntvfs_connect"
which is performed with a totally wrong argument. Since I'm not able to fix
this, I commented it out and added a "FIXME" comment.

13 years agos4:provision_users.ldif - Put potential primary groups in front of the file
Matthias Dieter Wallnöfer [Fri, 2 Oct 2009 13:21:17 +0000 (15:21 +0200)]
s4:provision_users.ldif - Put potential primary groups in front of the file

(So they can be always found by the SAMLDB module)

13 years agoRevert "s4:ldb-samba Use temp talloc contexts and talloc_steal avoid leaks."
Andrew Tridgell [Fri, 2 Oct 2009 12:40:50 +0000 (22:40 +1000)]
Revert "s4:ldb-samba Use temp talloc contexts and talloc_steal avoid leaks."

This reverts commit 38f87f40bfd7892043d49009067ae28431279580.

13 years agoRevert "s4:ldb Fix ldb_list_find() folowing the change from char * to TDB_DATA"
Andrew Tridgell [Fri, 2 Oct 2009 12:40:31 +0000 (22:40 +1000)]
Revert "s4:ldb Fix ldb_list_find() folowing the change from char * to TDB_DATA"

This reverts commit f0c2c9854c7659221fe9480110a7d9b2b48afbf9.

13 years agoRevert "s4:ldb always talloc_free() the ldb_ldif_write context, even on success"
Andrew Tridgell [Fri, 2 Oct 2009 12:40:02 +0000 (22:40 +1000)]
Revert "s4:ldb always talloc_free() the ldb_ldif_write context, even on success"

This reverts commit a610843e9f21ee77fd29356313d2ef05fe25a1ed.

13 years agoRevert "s4:ldb Remove LTDB_PACKING_FORMAT_NODN"
Andrew Tridgell [Fri, 2 Oct 2009 12:39:44 +0000 (22:39 +1000)]
Revert "s4:ldb Remove LTDB_PACKING_FORMAT_NODN"

This reverts commit bcbf0ae1e707c2355824800dc213d364070f070a.

13 years agoRevert "s4-ldb: merged with master"
Andrew Tridgell [Fri, 2 Oct 2009 12:39:19 +0000 (22:39 +1000)]
Revert "s4-ldb: merged with master"

This reverts commit 14c9070322d089dd96b389e8087c4f4bf1a6c7cc.

13 years agoRevert "s4-ldb: overallocate idxptr to reduce memory fragmentation"
Andrew Tridgell [Fri, 2 Oct 2009 12:39:10 +0000 (22:39 +1000)]
Revert "s4-ldb: overallocate idxptr to reduce memory fragmentation"

This reverts commit e7846f69cacdd0551fcd777a71bf833a2fc9ca2b.

13 years agoRevert "s4-ldb: fixed a memory leak"
Andrew Tridgell [Fri, 2 Oct 2009 12:38:58 +0000 (22:38 +1000)]
Revert "s4-ldb: fixed a memory leak"

This reverts commit c7358d989034c9d936c04f2a7e4f89db252b798e.

13 years agos4-winbind: support the s3 response flags on krb5 auth too
Andrew Tridgell [Fri, 2 Oct 2009 12:17:42 +0000 (22:17 +1000)]
s4-winbind: support the s3 response flags on krb5 auth too

This fixes the samba4.blackbox.wbinfo test, which was failing on a
wbinfo -K command

13 years agos4-winbind: support the Samba3 TXT form of the info3 for wbinfo -a
Andrew Tridgell [Fri, 2 Oct 2009 11:31:05 +0000 (21:31 +1000)]
s4-winbind: support the Samba3 TXT form of the info3 for wbinfo -a

This sends the info3 as hand marshalled data

13 years agos4:ldb.h - cosmetic - add whitespace
Matthias Dieter Wallnöfer [Fri, 2 Oct 2009 10:23:25 +0000 (12:23 +0200)]
s4:ldb.h - cosmetic - add whitespace

13 years agos4:provision - Cosmetic - right indentations
Matthias Dieter Wallnöfer [Fri, 2 Oct 2009 10:18:03 +0000 (12:18 +0200)]
s4:provision - Cosmetic - right indentations

13 years agos4:dsdb Fix crash from LDAP login of DOM\\
Andrew Bartlett [Sat, 26 Sep 2009 00:37:21 +0000 (17:37 -0700)]
s4:dsdb Fix crash from LDAP login of DOM\\

The issue here is that when we resolve DOM\\ into an NT4 name, we
would not initilise the nt4_account output.

Andrew Bartlett

13 years agos4:dsdb rework instanceType module - put instanceType in provision
Andrew Bartlett [Thu, 24 Sep 2009 22:06:11 +0000 (15:06 -0700)]
s4:dsdb rework instanceType module - put instanceType in provision

The instanceType needs to be specified in future because that's how
the partitions are actually created.

13 years agos4:dsdb Don't allow creating of new objects with an isDefunct schema class
Andrew Bartlett [Fri, 25 Sep 2009 15:34:33 +0000 (08:34 -0700)]
s4:dsdb Don't allow creating of new objects with an isDefunct schema class

13 years agos4:dsdb Add 'lazy_commit' module to swallow the 'lazy commit' OID
Andrew Bartlett [Fri, 25 Sep 2009 15:08:18 +0000 (08:08 -0700)]
s4:dsdb Add 'lazy_commit' module to swallow the 'lazy commit' OID

This allows this control to be specified as critical.  We support the
control because we choose to always be durable in our transactions.

We really, really need a 'duplicate request' API, as at the
moment we can't do this without a large, error-prone set of code that
cannot cope with new request fields or types.

Andrew Bartlett

13 years agos4:ldap_server Ensure we don't segfault when sent a NULL new RDN
Andrew Bartlett [Fri, 25 Sep 2009 15:06:37 +0000 (08:06 -0700)]
s4:ldap_server Ensure we don't segfault when sent a NULL new RDN

The Microsoft testsuite tried to rename
cn=administrator,cn=users,... into "",cn=users... which didn't go so well.

Andrew Bartlett

13 years agos4:provision Ensure we add the schema with the 'relax' control
Andrew Bartlett [Fri, 25 Sep 2009 00:21:47 +0000 (17:21 -0700)]
s4:provision Ensure we add the schema with the 'relax' control

(allows addition of systemOnly classes)

13 years agos4-ldb: fixed a memory leak
Andrew Tridgell [Wed, 23 Sep 2009 05:15:11 +0000 (22:15 -0700)]
s4-ldb: fixed a memory leak

13 years agos4-ldb: overallocate idxptr to reduce memory fragmentation
Andrew Tridgell [Wed, 23 Sep 2009 05:14:30 +0000 (22:14 -0700)]
s4-ldb: overallocate idxptr to reduce memory fragmentation

13 years agos4-ldb: merged with master
Andrew Bartlett [Wed, 23 Sep 2009 04:11:41 +0000 (21:11 -0700)]
s4-ldb: merged with master

13 years agos4:ldb Remove LTDB_PACKING_FORMAT_NODN
Andrew Bartlett [Tue, 1 Sep 2009 09:55:30 +0000 (19:55 +1000)]

The restructured code makes this hader to support, and we have not had
this kind of LDB for a very long time now.

Andrew Bartlett

13 years agos4:ldb always talloc_free() the ldb_ldif_write context, even on success
Andrew Bartlett [Tue, 1 Sep 2009 02:07:49 +0000 (12:07 +1000)]
s4:ldb always talloc_free() the ldb_ldif_write context, even on success

13 years agos4:ldb Fix ldb_list_find() folowing the change from char * to TDB_DATA
Andrew Bartlett [Tue, 1 Sep 2009 02:01:03 +0000 (12:01 +1000)]
s4:ldb Fix ldb_list_find() folowing the change from char * to TDB_DATA

(The format of index records in the internal manipulation changed)

Andrew Bartlett

13 years agos4:ldb-samba Use temp talloc contexts and talloc_steal avoid leaks.
Andrew Bartlett [Tue, 1 Sep 2009 01:59:50 +0000 (11:59 +1000)]
s4:ldb-samba Use temp talloc contexts and talloc_steal avoid leaks.

We would use the mem_ctx for internal work, but previously we did not
clean it up on exit.

Andrew Bartlett

13 years agos4: Improve provisioning: use relax control
Matthieu Patou [Tue, 22 Sep 2009 21:49:22 +0000 (01:49 +0400)]
s4: Improve provisioning: use relax control

Give the possibility to specify controls when loading ldif files.
  Relax control is specified by default for all ldb_add_diff (request Andrew B).
  Set domainguid if specified at the creation of object instead of modifying afterward
  Allow to specify objectGUID for NTDS object of the first DC this option is used during provision upgrade.

13 years agopythonbindings: allow add() to have an array of controls as second parameter
Matthieu Patou [Tue, 22 Sep 2009 20:51:25 +0000 (00:51 +0400)]
pythonbindings: allow add() to have an array of controls as second parameter

13 years agos4-ldb: Use relax control to check in replace metadata module if we accept request...
Matthieu Patou [Wed, 23 Sep 2009 09:36:40 +0000 (13:36 +0400)]
s4-ldb: Use relax control to check in replace metadata module if we accept request that specify objectGUID attribute.

13 years agos4-ldb: Add new relax controls that allow relaxed x500 constraints checks
Matthieu Patou [Wed, 23 Sep 2009 09:34:58 +0000 (13:34 +0400)]
s4-ldb: Add new relax controls that allow relaxed x500 constraints checks

13 years agos4:ntvfs Don't attempt to follow NULL in unixuid_setup_security()
Andrew Bartlett [Tue, 22 Sep 2009 21:14:19 +0000 (14:14 -0700)]
s4:ntvfs Don't attempt to follow NULL in unixuid_setup_security()

This segfault occoured in cases where we rejected (or never attempted)
the tree connect, so had an invalid private pointer for the logoff

Andrew Bartlett

13 years agos4:Ensure the selected RDN is the right one per the schema
Andrew Bartlett [Tue, 22 Sep 2009 00:24:43 +0000 (17:24 -0700)]
s4:Ensure the selected RDN is the right one per the schema

The relative DN must be the one that the most specific structural
objectclass specifies.

Andrew Bartlett

13 years agos4-samldb: the samldb module requires that the primary group exists
Andrew Tridgell [Fri, 2 Oct 2009 10:00:42 +0000 (20:00 +1000)]
s4-samldb: the samldb module requires that the primary group exists

We need to create Domain Users in the test ldb

13 years agos4-samdb: added some debugging
Andrew Tridgell [Fri, 2 Oct 2009 10:00:08 +0000 (20:00 +1000)]
s4-samdb: added some debugging

This helped track down the failures

13 years agos4-test: skip python gensec test until its finished
Andrew Tridgell [Fri, 2 Oct 2009 08:52:51 +0000 (18:52 +1000)]
s4-test: skip python gensec test until its finished

13 years agos4-pygensec: a bit closer to working
Andrew Tridgell [Fri, 2 Oct 2009 08:50:59 +0000 (18:50 +1000)]
s4-pygensec: a bit closer to working

I'll need help from Andrew on how to get gensec to initialise it's ops

13 years agopidl: fixed unit tests for trailer alignment
Andrew Tridgell [Fri, 2 Oct 2009 07:14:15 +0000 (17:14 +1000)]
pidl: fixed unit tests for trailer alignment

13 years agopid: update ndr testsuite for new union alignment
Andrew Tridgell [Fri, 2 Oct 2009 07:11:26 +0000 (17:11 +1000)]
pid: update ndr testsuite for new union alignment

13 years agos4-torture: added a very simple samr ValidatePassword test
Andrew Tridgell [Fri, 2 Oct 2009 06:03:02 +0000 (16:03 +1000)]
s4-torture: added a very simple samr ValidatePassword test

13 years agos4-samr: fake up a samr_ValidatePassword response
Andrew Tridgell [Fri, 2 Oct 2009 06:02:42 +0000 (16:02 +1000)]
s4-samr: fake up a samr_ValidatePassword response

mdw is working on the correct call to check the password strength

13 years agoidl: rebuilt the IDL for the build farm
Andrew Tridgell [Fri, 2 Oct 2009 05:11:02 +0000 (15:11 +1000)]
idl: rebuilt the IDL for the build farm

13 years agos4-libnet: give sane error messages when functional levels don't match
Andrew Tridgell [Fri, 2 Oct 2009 05:09:59 +0000 (15:09 +1000)]
s4-libnet: give sane error messages when functional levels don't match

It is nice to tell the user why their command failed :-)

13 years agos4:dsdb/common/sidmap - Remove
Matthias Dieter Wallnöfer [Wed, 30 Sep 2009 18:34:35 +0000 (20:34 +0200)]
s4:dsdb/common/sidmap - Remove

As metze pointed out - this seems to be completely dead code. I too didn't find
any dependencies in other code parts. Therefore remove it.

13 years agos4:provision - Change the default forest/domain function level back to Windows 2003...
Matthias Dieter Wallnöfer [Tue, 29 Sep 2009 08:50:45 +0000 (10:50 +0200)]
s4:provision - Change the default forest/domain function level back to Windows 2003 Native

13 years agos4:libnet_become_dc - add checks for valid domain/forest function levels
Matthias Dieter Wallnöfer [Fri, 25 Sep 2009 08:44:19 +0000 (10:44 +0200)]
s4:libnet_become_dc - add checks for valid domain/forest function levels

Add checks to make sure that we join only supported AD domains (we agreed that
those are >= (Windows) 2003 Native per default - this is changeable with the
"ads:function level" option).
Add also checks to make sure that we cannot join domains which have a bigger
function level than our DC capable function level (e.g. a (Windows) 2008 DC
cannot join a (Windows) 2008 R2 domain).

13 years agondr64: added support for trailing gap alignment
Andrew Tridgell [Thu, 1 Oct 2009 06:08:02 +0000 (16:08 +1000)]
ndr64: added support for trailing gap alignment

NDR64 has a 'trailing gap' alignment, which aligns the end of a
structure on the overall structure alignment.

This explains the discrepancy we had with the RPC-SAMR test and NDR64

13 years agos4-ldb: accept the binary DN OIDs in extended DN modules
Andrew Tridgell [Thu, 24 Sep 2009 14:06:03 +0000 (07:06 -0700)]
s4-ldb: accept the binary DN OIDs in extended DN modules

13 years agos4-ldb: Add support for binary blobs in DNs
Andrew Tridgell [Fri, 2 Oct 2009 02:03:05 +0000 (12:03 +1000)]
s4-ldb: Add support for binary blobs in DNs

AD has the concept of a DN prefixed with B:NN:XXXXXX: that contains a
binary blob. We need to support those in order to give correctly
formatted binary blobs for things like wellKnownObjects

This implementation is not ideal, as it allows for binary blobs on all
DNs, whereas it should only allow them on those with a syntax of We should clean this up in the future, but meanwhile this
implementation at least gets us a working DC join of w2k8 to s4.

This patch also uses a static function for marking DNs as invalid,
which is very useful when debugging this code, as you can break on it
in gdb.

13 years agos4-cldap: match w2k8-r2 for cldap netlogon bits
Andrew Tridgell [Fri, 2 Oct 2009 01:52:16 +0000 (11:52 +1000)]
s4-cldap: match w2k8-r2 for cldap netlogon bits

Windows does not set the 3 high bits, which is strange given their
meaning. I've submitted a CAR on this.

13 years agods-flags: use the new name DS_DNS_FOREST_ROOT
Andrew Tridgell [Fri, 2 Oct 2009 02:02:00 +0000 (12:02 +1000)]
ds-flags: use the new name DS_DNS_FOREST_ROOT

Update to use the new DS_DNS_FOREST_ROOT name, which makes it clearer
what this bit means (according to MS-ADTS doc)

13 years agos3-ads: removed 3 unused defines
Andrew Tridgell [Fri, 2 Oct 2009 01:49:58 +0000 (11:49 +1000)]
s3-ads: removed 3 unused defines

These are in nbt.idl and netlogon.idl as well, no need to have them
here under different names, especially when the comments are wrong

13 years agoidl: use common netlogon bit definitions
Andrew Tridgell [Thu, 1 Oct 2009 07:29:56 +0000 (17:29 +1000)]
idl: use common netlogon bit definitions

The DS_ bits had got a bit ahead of the NBT_ bits.

Ideally we'd make these a single set of bits at some point.

This also removes NBT_SERVER_DNS_FOREST as this bit doesn't exist. I
think it came from someone mis-reading the docs, which show the bits
in reverse order within bytes (one of the worst bit table
representations I have ever seen!)

13 years agos4/torture: Add two new SMB RAW-OPEN tests
Aravind Srinivasan [Thu, 1 Oct 2009 23:13:37 +0000 (16:13 -0700)]
s4/torture: Add two new SMB RAW-OPEN tests

* Add chained NTCREATEX_READX test which first tries to open/read
  a non-existant file failing on the open, then attempts the same
  operation on a file that does exist, opening and reading

* Add test for open_dispositions on directories.

13 years agos4/torture: convert printf to torture_comment() in RAW-OPEN
Aravind Srinivasan [Thu, 1 Oct 2009 23:11:59 +0000 (16:11 -0700)]
s4/torture: convert printf to torture_comment() in RAW-OPEN

Allows "make test" and other harnesses to print cleaner output.

13 years agoFix bug #6769 - symlink unlink does nothing.
Jeremy Allison [Thu, 1 Oct 2009 23:54:06 +0000 (16:54 -0700)]
Fix bug #6769 - symlink unlink does nothing.
Always use LSTAT for POSIX pathnames.

13 years agos4/torture: second try on renaming oplocks.c to oplock.c
Steven Danneman [Thu, 1 Oct 2009 23:38:40 +0000 (16:38 -0700)]
s4/torture: second try on renaming oplocks.c to oplock.c

Forgot to "git add" the new file in commit b2bcfaae

13 years agoNULL is not a valid event context.
Jeremy Allison [Thu, 1 Oct 2009 23:18:33 +0000 (16:18 -0700)]
NULL is not a valid event context.

13 years agos4/torture: rename oplocks.c to oplock.c to match SMB1 file layout
Steven Danneman [Thu, 1 Oct 2009 20:47:28 +0000 (13:47 -0700)]
s4/torture: rename oplocks.c to oplock.c to match SMB1 file layout

13 years agos4/torture: Ported SMB oplock torture tests to SMB2
Steven Danneman [Thu, 30 Jul 2009 22:10:50 +0000 (15:10 -0700)]
s4/torture: Ported SMB oplock torture tests to SMB2

I've ported all applicable SMB oplock torture tests to SMB2, giving us
a good base for SMB2 oplock testing.

There are several differences between oplocks in SMB and SMB2, mostly
because of differences in W2K3 and W2K8.  The existing SMB oplock
tests all pass against W2K3, but several fail against W2K8.  These
same tests were failing in SMB2, util I reworked them.

BATCH19, BATCH20: In W2K3/SMB a setfileinfo - rename command wouldn't
cause a sharing violation or break an existing oplock.  It appears that
in W2K8/SMB2 a sharing violation is raised.

BATCH22: In W2K3/SMB when a second opener was waiting the full timeout
of an oplock break, it would receive NT_STATUS_SHARING_VIOLATION after
about 35 seconds.  This bug has been fixed in W2K8/SMB2 and instead
the second opener succeeds.

LEVELII500: Added 1 new test checking that the server returns a proper
error code when a client improperly replies to a levelII to none break

STREAM1: W2K8 now grants oplocks on alternate data streams.

13 years agos4/torture: fix typo in test comment
Steven Danneman [Thu, 1 Oct 2009 18:35:17 +0000 (11:35 -0700)]
s4/torture: fix typo in test comment

13 years agos4/asn1: ber_read_OID_String() to be based on _ber_read_OID_String_impl()
Kamen Mazdrashki [Fri, 25 Sep 2009 22:41:18 +0000 (01:41 +0300)]
s4/asn1: ber_read_OID_String() to be based on _ber_read_OID_String_impl()

13 years agos4/asn1: local TALLOC_CTX should be child of torture_context
Kamen Mazdrashki [Fri, 25 Sep 2009 22:36:01 +0000 (01:36 +0300)]
s4/asn1: local TALLOC_CTX should be child of torture_context

13 years agos4/asn1: fixed typo in torture messages
Kamen Mazdrashki [Fri, 25 Sep 2009 22:34:17 +0000 (01:34 +0300)]
s4/asn1: fixed typo in torture messages

13 years agos4/asn1: Added test for ber_read_partial_OID_String()
Kamen Mazdrashki [Fri, 25 Sep 2009 22:32:40 +0000 (01:32 +0300)]
s4/asn1: Added test for ber_read_partial_OID_String()

13 years agos4/asn1: Added test for ber_read_OID_String()
Kamen Mazdrashki [Fri, 25 Sep 2009 22:25:28 +0000 (01:25 +0300)]
s4/asn1: Added test for ber_read_OID_String()

13 years agos4/asn1: Added test for ber_write_partial_OID_String()
Kamen Mazdrashki [Fri, 25 Sep 2009 20:46:52 +0000 (23:46 +0300)]
s4/asn1: Added test for ber_write_partial_OID_String()

13 years agos4/asn1: Added test for ber_write_OID_String()
Kamen Mazdrashki [Fri, 25 Sep 2009 20:46:07 +0000 (23:46 +0300)]
s4/asn1: Added test for ber_write_OID_String()

13 years agos4/asn1: Added torture suite for ASN1
Kamen Mazdrashki [Fri, 25 Sep 2009 20:43:56 +0000 (23:43 +0300)]
s4/asn1: Added torture suite for ASN1

13 years agoutil: strhex_to_str() fixed to handle '0x' correctly
Kamen Mazdrashki [Fri, 25 Sep 2009 20:40:55 +0000 (23:40 +0300)]
util: strhex_to_str() fixed to handle '0x' correctly

13 years agoutil: fixed compile time "discards qualifiers" warning
Kamen Mazdrashki [Fri, 25 Sep 2009 20:40:04 +0000 (23:40 +0300)]
util: fixed compile time "discards qualifiers" warning

13 years agos4/drsuapi: ber_read_partial_OID_String() implementation
Kamen Mazdrashki [Fri, 25 Sep 2009 14:29:05 +0000 (17:29 +0300)]
s4/drsuapi: ber_read_partial_OID_String() implementation

13 years agos4/drsuapi: Internal implementation for ber_read_OID_String
Kamen Mazdrashki [Fri, 25 Sep 2009 14:28:33 +0000 (17:28 +0300)]
s4/drsuapi: Internal implementation for ber_read_OID_String

Modified implementation _ber_read_OID_String_impl()
returns how much bytes are converted.
The intentation is to use this implementation both for
reading OIDs and partial-OIDs in the future

13 years agos4/drsuapi: ber_write_partial_OID_String() implementation
Kamen Mazdrashki [Fri, 25 Sep 2009 13:38:54 +0000 (16:38 +0300)]
s4/drsuapi: ber_write_partial_OID_String() implementation

13 years agos3:Makefile: fix talloc dependencies with static build
Björn Jacke [Thu, 1 Oct 2009 16:57:38 +0000 (18:57 +0200)]
s3:Makefile: fix talloc dependencies with static build

When configure options --with-libtalloc=no --enable-shared-libs=no are used,
LIBTALLOC_TARGET stays empty. Actually LIBTALLOC_TARGET which is only used for
Makefile dependencies is obsolete as LIBTALLOC contains exactly the targets
that make the dependencies are. Obnox, pleaѕe check!

13 years agos3:configure: don't throw away PRINT_LIBS
Björn Jacke [Thu, 1 Oct 2009 17:08:51 +0000 (19:08 +0200)]
s3:configure: don't throw away PRINT_LIBS

PRINT_LIBS might have been set before intentionally, so don't thow it away.

13 years agos3: update comment about (deprecated) a6 records
Björn Jacke [Wed, 23 Sep 2009 12:40:25 +0000 (14:40 +0200)]
s3: update comment about (deprecated) a6 records

13 years agoFix for CVE-2009-2813.
Jeremy Allison [Thu, 1 Oct 2009 17:23:29 +0000 (10:23 -0700)]
Fix for CVE-2009-2813.

== Subject:     Misconfigured /etc/passwd file may share folders unexpectedly
== CVE ID#:     CVE-2009-2813
== Versions:    All versions of Samba later than 3.0.11
== Summary:     If a user in /etc/passwd is misconfigured to have
==              an empty home directory then connecting to the home
==              share of this user will use the root of the filesystem
==              as the home directory.

13 years agos3/VERSION: Raise version number up to 3.6.0.
Karolin Seeger [Thu, 1 Oct 2009 12:50:28 +0000 (14:50 +0200)]
s3/VERSION: Raise version number up to 3.6.0.


13 years agoFix for CVE-2009-2906.
Jeremy Allison [Thu, 1 Oct 2009 12:32:36 +0000 (14:32 +0200)]
Fix for CVE-2009-2906.

Specially crafted SMB requests on
authenticated SMB connections can send smbd
into a 100% CPU loop, causing a DoS on the
Samba server.

13 years agomount.cifs: don't leak passwords with verbose option
Jeff Layton [Fri, 25 Sep 2009 11:07:40 +0000 (07:07 -0400)]
mount.cifs: don't leak passwords with verbose option

When running mount.cifs with the --verbose option, it'll print out the
option string that it passes to the kernel...including the mount
password if there is one. Print a placeholder string instead to help
ensure that this info can't be used for nefarious purposes.

Also, the --verbose option printed the option string before it was
completely assembled anyway. This patch should also make sure that
the complete option string is printed out.

Finally, strndup passwords passed in on the command line to ensure that
they aren't shown by --verbose as well. Passwords used this way can
never be truly kept private from other users on the machine of course,
but it's simple enough to do it this way for completeness sake.

Reported-by: Ronald Volgers <>
Signed-off-by: Jeff Layton <>
Acked-by: Steve French <>
13 years agomount.cifs: check access of credential files before opening
Jeff Layton [Fri, 25 Sep 2009 10:45:10 +0000 (06:45 -0400)]
mount.cifs: check access of credential files before opening

It's possible for an unprivileged user to pass a setuid mount.cifs a
credential or password file to which he does not have access. This can cause
mount.cifs to open the file on his behalf and possibly leak the info in the
first few lines of the file.

Check the access permissions of the file before opening it.

Reported-by: Ronald Volgers <>
Signed-off-by: Jeff Layton <>
Acked-by: Steve French <>
13 years agos4:pyldb - Wrong error type (found only after the push)
Matthias Dieter Wallnöfer [Thu, 1 Oct 2009 12:02:59 +0000 (14:02 +0200)]
s4:pyldb - Wrong error type (found only after the push)

13 years agos4:ldb_msg_diff - Fixes up possible memory leaks and the python binding of it
Matthias Dieter Wallnöfer [Thu, 1 Oct 2009 11:59:02 +0000 (13:59 +0200)]
s4:ldb_msg_diff - Fixes up possible memory leaks and the python binding of it