Andrew Tridgell [Fri, 5 Mar 2010 06:49:11 +0000 (17:49 +1100)]
s4-privs: add root_privileges_original_uid()
This can be used to get the uid we changed away from when we gained
root privileges
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
Günther Deschner [Fri, 5 Mar 2010 10:06:46 +0000 (11:06 +0100)]
s3-selftest: enable RPC-WINREG against Samba 3.
Guenther
Günther Deschner [Fri, 5 Mar 2010 10:06:18 +0000 (11:06 +0100)]
s4-smbtorture: skip NotifyChangeKeyValue test against s3 for now.
Guenther
Matthias Dieter Wallnöfer [Fri, 5 Mar 2010 07:50:08 +0000 (08:50 +0100)]
s4:torture/rpc/samr.c - add some decision possibility constants to some switch
At the moment nothing is done when the enumeration variable is set to one of
those constants as before. This is only to quite nasty warnings.
Matthias Dieter Wallnöfer [Fri, 5 Mar 2010 07:49:25 +0000 (08:49 +0100)]
s4:torture/rpc/samr.c - make some argument of function "test_SamLogon_with_creds" constant
This to quiet warnings.
Matthias Dieter Wallnöfer [Fri, 5 Mar 2010 07:47:48 +0000 (08:47 +0100)]
s4:torture/winbind/struct_based.c - fix up (un)signedness of a function argument
Otherwise always a warning is generated.
Andrew Tridgell [Fri, 5 Mar 2010 03:59:08 +0000 (14:59 +1100)]
s4-pvfs: log more error conditions in NTVFS backend
This should make is easier to track down some bug reports
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
Andrew Tridgell [Fri, 5 Mar 2010 03:57:50 +0000 (14:57 +1100)]
s4-pvfs: move the private ntcreatex flags to private_flags
Re-using two of the create_options bits was bound to eventually
cause problems, and indeed, Windows7 now uses one of those bits
when opening text files.
Fixes bug 7189
Andrew Tridgell [Fri, 5 Mar 2010 02:49:49 +0000 (13:49 +1100)]
s4-rpc: don't use s->credentials after it is freed
Andrew Tridgell [Fri, 5 Mar 2010 02:02:16 +0000 (13:02 +1100)]
s4-torture: fixed commas separating C statements
Bo Yang [Sat, 6 Mar 2010 12:58:23 +0000 (20:58 +0800)]
s3: Fix unnecessary traversing winbindd_cache.tdb in SIGHUP handler.
Signed-off-by: Bo Yang <boyang@samba.org>
Andrew Tridgell [Fri, 5 Mar 2010 00:53:19 +0000 (11:53 +1100)]
s4-python: only install external python libs that are missing
Andrew Tridgell [Fri, 5 Mar 2010 00:45:40 +0000 (11:45 +1100)]
s4-python: import a copy of the python dns library
This library is not installed on enough systems for us to rely
on it being available. We use the system copy if possible, and
fallback to this local copy
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
Andrew Tridgell [Fri, 5 Mar 2010 00:45:10 +0000 (11:45 +1100)]
s4-dns: use samba.external to pull in the dns.resolver library
Andrew Tridgell [Fri, 5 Mar 2010 00:44:45 +0000 (11:44 +1100)]
s4-python: allow us to have samba copies of python libraries we depend on
For python libraries like dns.resolver it is useful to be able to install
a copy of the library with Samba. This set of functions allows us to do that
while using the locally installed version if it is available
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
Andrew Tridgell [Thu, 4 Mar 2010 23:43:34 +0000 (10:43 +1100)]
s4-dns-ex: use autoclose on the dns child pipe
I'm hoping this will fix an occasional segfault I've noticed where
epoll still calls events on a closed fde
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
Andrew Tridgell [Thu, 4 Mar 2010 23:42:41 +0000 (10:42 +1100)]
s4-messaging: use auto-close on the socket
Jeremy Allison [Thu, 4 Mar 2010 22:59:29 +0000 (14:59 -0800)]
srv_pipe.c doesn't reference current_user anymore. Remove it.
Jeremy.
Matthias Dieter Wallnöfer [Thu, 4 Mar 2010 21:18:10 +0000 (22:18 +0100)]
s4:auth/sam.c - change base context for the "tmp_ctx" context in "authsam_expand_nested_groups"
Better use the "res_sids_ctx" as base context for the "tmp_ctx" and not the
long-living "sam_ctx"/"ldb" context to prevent memory leaks.
Matthias Dieter Wallnöfer [Thu, 4 Mar 2010 16:54:45 +0000 (17:54 +0100)]
s4:ldap.py - give the "primaryGroupToken" test a better name
It tests also some other constructed attributes in a basic way.
Matthias Dieter Wallnöfer [Thu, 4 Mar 2010 16:51:09 +0000 (17:51 +0100)]
s4:ldap.py - add test for "tokenGroups"
Matthias Dieter Wallnöfer [Thu, 4 Mar 2010 15:28:03 +0000 (16:28 +0100)]
s4:operational LDB - don't accidentally "ate" search helper attributes if we need them for more constructed attributes
With this patch we delete the helper attributes at the end where all constructed
attributes have already been computed.
Matthias Dieter Wallnöfer [Thu, 4 Mar 2010 14:44:10 +0000 (15:44 +0100)]
s4:operational LDB module - make the counters unsigned
No need to have signed counters here.
Matthias Dieter Wallnöfer [Thu, 4 Mar 2010 12:58:16 +0000 (13:58 +0100)]
s4:operational LDB - implement the "tokenGroups" constructed attribute
It contains the transitive SID closure (expand member/memberOf attributes) of a
certain SAM object. The "tokenGroups" attribute never contains the SID of the
object itself.
References: http://msdn.microsoft.com/en-us/library/ms680275(VS.85).aspx,
http://support.microsoft.com/kb/301916,
MS-ADTS 3.1.1.4.5.19.
Matthias Dieter Wallnöfer [Thu, 4 Mar 2010 12:49:18 +0000 (13:49 +0100)]
s4:sam.c - make "authsam_expand_nested_groups" public
This is needed by the "tokenGroups" work in the operational LDB module.
Matthias Dieter Wallnöfer [Thu, 4 Mar 2010 12:48:17 +0000 (13:48 +0100)]
s4:sam.c - cosmetic indentation fix
Matthias Dieter Wallnöfer [Thu, 4 Mar 2010 12:46:34 +0000 (13:46 +0100)]
s4:sam.c - change variable types to unsigned in "sids_contains_sid"
Should also be unsigned - no need for a signed "i" and "num_sids" here.
Matthias Dieter Wallnöfer [Thu, 4 Mar 2010 13:28:04 +0000 (14:28 +0100)]
s4:operational LDB module - use right memory context int "construct_primary_group_token"
Use the "msg" as temporary context and not "ldb" which lives much longer.
Karolin Seeger [Thu, 4 Mar 2010 15:18:44 +0000 (16:18 +0100)]
Revert "s3:configure: add --enable-as-needed"
This reverts commit
22d316926b9589608d332143c1fa134229b75b3c.
Please see bug #7209 for details.
Nadezhda Ivanova [Thu, 4 Mar 2010 13:22:30 +0000 (15:22 +0200)]
Refactored ACL python tests
Made each type into a separate class to be easily run individually,
removed code duplication
Stefan Metzmacher [Thu, 4 Mar 2010 10:14:51 +0000 (11:14 +0100)]
s3:configure: add --enable-as-needed
On some broken systems like RHEL5, we need to be able
to disable --as-needed.
metze
Matthias Dieter Wallnöfer [Thu, 4 Mar 2010 09:29:33 +0000 (10:29 +0100)]
s4:provision - use the new "interface_ips" python call to detect the right host IPv4 address
Inform the user when there are more possibilities (so he can check for the
right address and otherwise he is able to do an immediate reprovision) and no
possibility at all (then we fall back to the loopback address "127.0.0.1" - this
is thought for testing purposes).
I think this should be enough for closing bug #5484.
Matthias Dieter Wallnöfer [Fri, 6 Nov 2009 19:14:41 +0000 (20:14 +0100)]
s4:ldif_handlers - Use "unsigned int" for counting purposes
I changed "uint32_t" to "unsigned int" since the LDB specification prescrives
"unsigned (int)" for counter variables (number of attributes,
number of values...).
Günther Deschner [Thu, 4 Mar 2010 00:35:33 +0000 (01:35 +0100)]
testprogs: add test_PrinterDataW.
Guenther
Günther Deschner [Thu, 4 Mar 2010 00:33:06 +0000 (01:33 +0100)]
testprogs: use dump_data in dump_printer_data.
Guenther
Günther Deschner [Thu, 4 Mar 2010 00:31:30 +0000 (01:31 +0100)]
testprogs: add print_printer_dataw and dump_data to printlib.
Guenther
Günther Deschner [Thu, 4 Mar 2010 00:29:16 +0000 (01:29 +0100)]
testprogs: add some multibyte versions of PrinterData calls.
Guenther
Bo Yang [Fri, 5 Mar 2010 17:59:55 +0000 (01:59 +0800)]
s3: Rerun genmsg after adding more strings.
Signed-off-by: Bo Yang <boyang@samba.org>
Bo Yang [Fri, 5 Mar 2010 17:53:13 +0000 (01:53 +0800)]
s3: Add i18n/l10n strings in pam_winbind.c coming from winbindd.
Signed-off-by: Bo Yang <boyang@samba.org>
Matthias Dieter Wallnöfer [Fri, 6 Nov 2009 19:14:41 +0000 (20:14 +0100)]
s4:samdb.c - Make it signed-safe
Use an unsigned argument for the numbers of groups and the counter "i" since
the function is called only by "auth_generate_session_info" with an unsigned
number of groups argument.
Matthias Dieter Wallnöfer [Wed, 3 Mar 2010 19:12:30 +0000 (20:12 +0100)]
s4:srvsvc RPC - "srvsvc_create_ntvfs_connect"
Previous commit was incomplete. The "service" parameter in the "tcon" structure
should point to "scfg->name". I'm not sure if "share" is right but the first
was used before commit
f390daef475126b4ff5a3d0ffd2babbd87d4c22b.
Matthias Dieter Wallnöfer [Wed, 3 Mar 2010 17:26:15 +0000 (18:26 +0100)]
s4:srvsvc RPC - fix up the "ntvfs_connect" in "srvsvc_create_ntvfs_connect"
This should be the right fix (set the service name in the tcon union to the
share name/path). That should be the solution for bug #6784.
Matthias Dieter Wallnöfer [Wed, 3 Mar 2010 16:41:43 +0000 (17:41 +0100)]
s4:torture/rpc/samr - Fix up SAMR-USERS test
"QueryDomainInfo" returns only global groups, "QueryDisplayInfo" also universal
ones. Consider MS-SAMR 3.1.5.5.1.1 and 3.1.5.3.1.
Matthias Dieter Wallnöfer [Wed, 3 Mar 2010 11:01:40 +0000 (12:01 +0100)]
s4:torture/rpc/samr - enhance the "EnumDomainGroups" test regarding universal groups
Find the "Enterprise Admins" group which does exist on s4 and Windows
directories and is always per default universal. Test this only when the target
is set to s4 (s3 deployments don't contain this group). If the number of
returned objects is "0" (count) then we are likely testing the builtin domain of
an AD deployment.Then we ignore the inexistent "Enterprise Admins" group.
I didn't enhance the test for "QueryDomainInfo" since this does itself a
comparison of all returned objects with the "EnumDomainGroups" call. Therefore
if the latter passes, and the "QueryDomainInfo" test passes also the
"QueryDomainInfo" call is okay regarding groups.
Matthias Dieter Wallnöfer [Wed, 3 Mar 2010 12:38:34 +0000 (13:38 +0100)]
s4:dcesrv_samr - Also "OpenGroup" needs to support universal groups
Matthias Dieter Wallnöfer [Wed, 3 Mar 2010 10:22:07 +0000 (11:22 +0100)]
s4:dcesrv_samr - Fix up "EnumDomainGroups" and "QueryDisplayInfo" calls
We need to look for both global and universal group types when querying them.
Found by ekacnet (http://lists.samba.org/archive/samba-technical/2010-March/069777.html).
Karolin Seeger [Wed, 3 Mar 2010 15:03:13 +0000 (16:03 +0100)]
Fix typo in comments.
Günther Deschner [Wed, 3 Mar 2010 11:32:41 +0000 (12:32 +0100)]
testprogs: fix boolean return code of test_PrinterData.
Guenther
Andrew Tridgell [Wed, 3 Mar 2010 03:28:42 +0000 (14:28 +1100)]
dns: make dns update script use unbuffered IO
Otherwise we can lose debug output when a timeout happens
Andrew Tridgell [Wed, 3 Mar 2010 03:25:39 +0000 (14:25 +1100)]
s4-posix: allow change ownership of files if the user has the right privileges
When a user has SEC_PRIV_TAKE_OWNERSHIP or SEC_PRIV_RESTORE they have
permission to change the ownership of a file.
This should fix bug 6987
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
Matthieu Patou [Sun, 28 Feb 2010 20:02:00 +0000 (23:02 +0300)]
s4-build: fix SMB_LIBRARY and change its name so it didn't collide with s3 one
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Matthieu Patou [Sun, 28 Feb 2010 21:21:09 +0000 (00:21 +0300)]
s3: Fix build file due to file move. Use the new path of iniparser
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Matthieu Patou [Sun, 28 Feb 2010 19:48:16 +0000 (22:48 +0300)]
s3: Move source3/iniparser to lib/iniparser to allow sharing between s3/s4
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Matthieu Patou [Sun, 28 Feb 2010 21:21:09 +0000 (00:21 +0300)]
s3: Allow pam_winbind.c to build without localedir.c
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Matthieu Patou [Sun, 28 Feb 2010 19:53:04 +0000 (22:53 +0300)]
nsswitch: libpam remove depedance on locale.h use directly LOCALEDIR
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Andreas Schneider [Wed, 20 Jan 2010 13:21:47 +0000 (14:21 +0100)]
s4-winrepl: Migrated the wins replication server to tsocket.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Michael Adam [Tue, 2 Mar 2010 13:43:53 +0000 (14:43 +0100)]
s3:net: add a command "net registry setsd_sdd"
This permits to set the security descriptor of a registry
key from the unix command line.
Michael
Michael Adam [Tue, 2 Mar 2010 13:43:26 +0000 (14:43 +0100)]
s3:net: fix some i18n messages in net_registry_getsd_internal().
Michael
Michael Adam [Fri, 26 Feb 2010 08:41:43 +0000 (09:41 +0100)]
s3:net: add i18n macro _() to one message
Michael
Michael Adam [Fri, 26 Feb 2010 08:37:45 +0000 (09:37 +0100)]
s3:net: add new subcommand "net registry getsd_sddl" to print secdesc in sddl format
Michael
Michael Adam [Fri, 26 Feb 2010 08:31:03 +0000 (09:31 +0100)]
s3:net: refactor getting of secdesc out of net_registry_getsd()
New net_registry_getsd_internal does the work(),
net_registry_getsd() just prints the result.
This in preparation to add support for other output formats
than the currently used display_sec_desc().
Michael
Michael Adam [Sun, 28 Feb 2010 21:20:03 +0000 (22:20 +0100)]
s3:smbcacls: add switch "--sddl" to output acls as sddl encoded strings
Michael Adam [Sun, 28 Feb 2010 21:15:23 +0000 (22:15 +0100)]
s3: build sddl.c in samba3
Michael Adam [Sun, 28 Feb 2010 21:01:49 +0000 (22:01 +0100)]
libcli/security: fix sddl.c to be able to build it from source3
Michael Adam [Fri, 26 Feb 2010 17:32:21 +0000 (18:32 +0100)]
s4:move the sddl code down to the top level
Michael
Kamen Mazdrashki [Wed, 3 Mar 2010 00:33:31 +0000 (02:33 +0200)]
s4/ildap: fine tune ildb_callback()
Actually ildb_context pointer is not supposed to be
valid after calling ildb_request_done().
This is due to the fact that when calling ildb_request_done()
caller will (most probably) free any locally built
ldap_request objects - thus rendering ildb_context invalid.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Holger Hetterich [Tue, 2 Mar 2010 22:17:20 +0000 (23:17 +0100)]
s3: net_share.c: fix argc handling
The "net share" command was no longer possible because it enters
the net_share function with argc == 0.
Günther Deschner [Tue, 2 Mar 2010 17:35:01 +0000 (18:35 +0100)]
s4-smbtorture: fix WINBIND-STRUCT assumptions about getpwent() for s3.
In samba3 it is not an error when no users are returned in getpwent() calls
(e.g. on a DC w/o interdomain trusts).
Kai, please check.
Guenther
Simo Sorce [Mon, 1 Mar 2010 19:50:50 +0000 (14:50 -0500)]
s3:ads fix dn parsing name was always null
While there also use ldap_exploded_dn instead of ldb_dn_validate()
so we can remove a huge dependency that is hanging there only for one very
minor marginal use.
Signed-off-by: Günther Deschner <gd@samba.org>
Günther Deschner [Tue, 2 Mar 2010 16:25:35 +0000 (17:25 +0100)]
testprogs: make sure to do the same tests as in smbtorture in test_PrinterData().
Guenther
Günther Deschner [Tue, 2 Mar 2010 16:24:14 +0000 (17:24 +0100)]
testprogs: fix REG_SZ in print_printer_data.
Guenther
Matthias Dieter Wallnöfer [Fri, 6 Nov 2009 17:35:17 +0000 (18:35 +0100)]
LDB:NSS - make LDB "signed-safe" on counter variables
"i" needs to be unsigned on both places since it counts till a "count" variable
of a "struct ldb_result" object which itself is unsigned.
I see counting variables much better as "unsigned" since in most cases we don't
use negative values at all. We've only to be careful on binary searches and
downto counts regarding them.
Matthias Dieter Wallnöfer [Sat, 21 Nov 2009 17:58:26 +0000 (18:58 +0100)]
s4:echo RPC - make this one "signed-safe"
"i" needs to be unsigned here since it counts until "r->in.len" which itself is
unsigned and not signed.
Günther Deschner [Tue, 2 Mar 2010 14:19:57 +0000 (15:19 +0100)]
testprogs: test result of GetPrinterDataEx against SetPrinterDataEx args.
Guenther
Volker Lendecke [Tue, 2 Mar 2010 13:05:19 +0000 (14:05 +0100)]
s3: Fix some C++ warnings
Volker Lendecke [Tue, 2 Mar 2010 12:51:08 +0000 (13:51 +0100)]
s3: Fix an uninitialized variable warning
Björn Jacke [Tue, 2 Mar 2010 12:00:19 +0000 (13:00 +0100)]
s3:vfs_aixacl2: add missing semicolon
fixes #7197. Thanks to William Jojo for the correction.
Endi S. Dewata [Fri, 29 Jan 2010 22:05:22 +0000 (16:05 -0600)]
s4:provision - Moved default FDS SASL mappings deletion from post_setup() to init().
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Endi S. Dewata [Fri, 29 Jan 2010 09:24:20 +0000 (03:24 -0600)]
s4:provision - Moved setup_db_config() into OpenLDAPBackend class.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Endi S. Dewata [Fri, 29 Jan 2010 01:51:11 +0000 (19:51 -0600)]
s4:provision - Moved backend-specific variables into backend class.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Endi S. Dewata [Fri, 29 Jan 2010 01:35:29 +0000 (19:35 -0600)]
s4:provision - Use netbios name for FDS instance name.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Endi S. Dewata [Tue, 19 Jan 2010 02:57:01 +0000 (20:57 -0600)]
s4-libcli: Added NULL handlers for DSDB_CONTROL_DN_STORAGE_FORMAT_OID and LDB_CONTROL_AS_SYSTEM_OID
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Simo Sorce [Fri, 26 Feb 2010 20:16:23 +0000 (15:16 -0500)]
s3:groupmap revert to tdb storage
Group mapping needs to be cluster aware, and this means using the tdb backend.
Remove ldb group mapping as this is not cluster aware.
Matthias Dieter Wallnöfer [Mon, 1 Mar 2010 20:11:39 +0000 (21:11 +0100)]
s4:srvsvc RPC - revert one unsigned integer "i" back to signed
This is needed since this particular "i" counts until "count" which itself is
signed. "count" is set through a signed integer variable parameter from the
"share_list_all" call.
Günther Deschner [Mon, 1 Mar 2010 20:12:49 +0000 (21:12 +0100)]
testprogs: better usage text.
Guenther
Günther Deschner [Mon, 1 Mar 2010 20:00:20 +0000 (21:00 +0100)]
testprogs: add very basic PrinterData test for printers.
This very basically tests SetPrinterDataEx, GetPrinterDataEx and
DeletePrinterDataEx.
Guenther
Günther Deschner [Mon, 1 Mar 2010 19:58:41 +0000 (20:58 +0100)]
testprogs: rename test_PrinterData to test_PrinterData_Server.
Guenther
Günther Deschner [Mon, 1 Mar 2010 19:57:52 +0000 (20:57 +0100)]
testprogs: add SetPrinterDataEx test.
Guenther
Günther Deschner [Mon, 1 Mar 2010 19:56:36 +0000 (20:56 +0100)]
testprogs: add DeletePrinterKey test.
Guenther
Günther Deschner [Mon, 1 Mar 2010 16:42:19 +0000 (17:42 +0100)]
testprogs: add DeletePrinterDataEx test.
Guenther
Günther Deschner [Mon, 1 Mar 2010 19:15:51 +0000 (20:15 +0100)]
testprogs: allow to test a single printer when given on the cmdline.
Günther Deschner [Mon, 1 Mar 2010 17:01:42 +0000 (18:01 +0100)]
testprogs: add RPC_X_NULL_REF_POINTER error code
Stefan Metzmacher [Sat, 27 Feb 2010 09:16:56 +0000 (10:16 +0100)]
s4:RPC-ECHO: don't ignore errors in the Sleep test now that we support async rpc over ncacn_np
metze
Stefan Metzmacher [Mon, 1 Mar 2010 14:20:19 +0000 (15:20 +0100)]
s4:rpc_server/remote: do async calls
metze
Matthias Dieter Wallnöfer [Sat, 21 Nov 2009 18:08:42 +0000 (19:08 +0100)]
s4:srvsvc RPC - make this one "signed-safe"
Matthias Dieter Wallnöfer [Sat, 21 Nov 2009 18:03:59 +0000 (19:03 +0100)]
s4:unixinfo RPC - make this one "signed-safe"
Matthias Dieter Wallnöfer [Sat, 21 Nov 2009 18:03:18 +0000 (19:03 +0100)]
s4:spoolss RPC - make this one "signed-safe"
Matthias Dieter Wallnöfer [Sat, 21 Nov 2009 18:01:53 +0000 (19:01 +0100)]
s4:remote RPC - make this one "signed-safe"
Matthias Dieter Wallnöfer [Sat, 21 Nov 2009 17:59:30 +0000 (18:59 +0100)]
s4:epmapper RPC - make this one "signed-safe"
Volker Lendecke [Mon, 1 Mar 2010 15:18:23 +0000 (16:18 +0100)]
s3: Abstract access to sessionid.tdb, similar to conn_tdb.c