Günther Deschner [Thu, 15 Oct 2009 13:45:20 +0000 (15:45 +0200)]
s3-spnego: fix memleak in spnego_parse_auth().
Guenther
Günther Deschner [Thu, 15 Oct 2009 12:13:26 +0000 (14:13 +0200)]
s3-spnego: Fix Bug #6815. Windows 2008 R2 SPNEGO negTokenTarg parsing failure.
When parsing a SPNEGO session setup retry (falling back from KRB5 to NTLMSSP),
we failed to parse the ASN1_ENUMERATED negResult in the negTokenTarg, thus
failing spnego_parse_auth() completely.
By just using the shared spnego/asn1 code, we get the parsing the correct way.
Guenther
Matthias Dieter Wallnöfer [Thu, 15 Oct 2009 09:06:08 +0000 (11:06 +0200)]
s4:w32err_code.py script - put it under "scripting/bin"
I think this is a better location for this script. Since the subdirectory
"script" of "source4" contains only scripts for "make install" and "make
uninstall".
Karolin Seeger [Thu, 15 Oct 2009 10:27:24 +0000 (12:27 +0200)]
s3/docs: Add missing meta data to man ldbrename.
Avoid warnings.
Karolin
Andrew Tridgell [Thu, 15 Oct 2009 09:50:49 +0000 (20:50 +1100)]
s4-smb: fill in fnum as well for root_fid
This helps with the CIFS NTVFS backend, but doesn't solve all problems
Andrew Tridgell [Thu, 15 Oct 2009 09:42:53 +0000 (20:42 +1100)]
s4-selftest: mark some CIFS backend tests as known fail
The CIFS passthru NTVFS doesn't handle some options yet (eg. root_fid)
Andrew Tridgell [Thu, 15 Oct 2009 07:53:23 +0000 (18:53 +1100)]
s4-smbserver: fixed root_fid in nttrans create
Andrew Tridgell [Thu, 15 Oct 2009 07:52:56 +0000 (18:52 +1100)]
s4-libcli: fixed structure element bug in ntcreatexreadx
This one didn't matter until the root_fid changed the alignment of the
two structures.
Andrew Tridgell [Thu, 15 Oct 2009 07:27:57 +0000 (18:27 +1100)]
s4-torture: catch bad command line options
It is annoying when you mistype a command line option and aren't told.
Andrew Tridgell [Thu, 15 Oct 2009 07:27:21 +0000 (18:27 +1100)]
s4-pvfs: implement root_fid support in posix backend
Construct the filename from the old handle and the new name.
Andrew Tridgell [Thu, 15 Oct 2009 07:26:19 +0000 (18:26 +1100)]
s4-smb: declare root_fid as a file handle
In order to implement root_fid in the s4 SMB server we need to declare
it as a handle type, just as for other fnum values in SMB. This
required some extensive (but simple) changes in many bits of code.
Andrew Tridgell [Thu, 15 Oct 2009 07:23:42 +0000 (18:23 +1100)]
s4-pvfs: fixed handling of SEC_FLAG_MAXIMUM_ALLOWED
The CREATEX_ACCESS test shows that this is used as a bit test, not a
equality test
Andrew Tridgell [Thu, 15 Oct 2009 05:11:30 +0000 (16:11 +1100)]
s4-ldaptest: "testgroup" is a bit too common
This failed on one of my test boxes that has a group called
"testgroup". using "testgroupXX" should be a bit better.
Matthias Dieter Wallnöfer [Thu, 15 Oct 2009 08:30:55 +0000 (10:30 +0200)]
s4:ntlmssp server - use also here the new "lp_dnsdomain()" call
Matthias Dieter Wallnöfer [Thu, 15 Oct 2009 08:30:07 +0000 (10:30 +0200)]
s4:auth/credentials/credentials - fix uninitalised pointers
This should fix bug #6755.
Björn Jacke [Thu, 15 Oct 2009 01:19:47 +0000 (03:19 +0200)]
s3: fix outdated proto.h causing build error on AIX
Matthias, please check!
Andrew Tridgell [Thu, 15 Oct 2009 04:54:40 +0000 (15:54 +1100)]
s4-ldap: test the rDN size limit
Andrew Tridgell [Thu, 15 Oct 2009 04:54:20 +0000 (15:54 +1100)]
s4-dsdb: implement limit on rDN length
w2k8 imposes a limit of 64 characters on the rDN
Andrew Tridgell [Thu, 15 Oct 2009 04:53:40 +0000 (15:53 +1100)]
s4-ldb: removed incorrect rDN length test
This is a property of AD, not ldb, so should be in our ldb
modules.
Andrew Tridgell [Wed, 14 Oct 2009 23:01:10 +0000 (10:01 +1100)]
s4-ldb: removed bugus RDN length check
This isn't the rDN !
Andrew Tridgell [Wed, 14 Oct 2009 23:00:46 +0000 (10:00 +1100)]
s4-script: flush DNS after adding new addresses
Andrew Tridgell [Wed, 14 Oct 2009 21:49:21 +0000 (08:49 +1100)]
s4-devel: for devel scripts its better to use bin/ than $PREFIX/bin
This avoids having to do make install after each change when using the
drs devel scripts
Andrew Tridgell [Wed, 14 Oct 2009 09:29:39 +0000 (20:29 +1100)]
s4-drs: support DRSUAPI_DRS_ADD_REF flag
The DRSUAPI_DRS_ADD_REF flag tells the DRS server to run an UpdateRefs
call on behalf of the client after the DsGetNCChanges call. The lack
of support for this option may explain why the repsTo attribute was
not being created for w2k8-r2 replication partners.
Andrew Tridgell [Wed, 14 Oct 2009 09:25:48 +0000 (20:25 +1100)]
s4-drs: implement more of DsUpdateRefs
The DsUpdateRefs calls takes a set of flags that indicates if the
server should ignore specific add/delete error codes.
This patch also exposes the core UpdateRefs call into a public
function, so that it can be called from DsGetNCChanges
Andrew Tridgell [Wed, 14 Oct 2009 04:57:15 +0000 (15:57 +1100)]
ldb: fixed display of replUpToDateVector
Andrew Tridgell [Tue, 13 Oct 2009 08:49:08 +0000 (19:49 +1100)]
drs: improved error checking
Check the validity of the requested options in DsGetNCChanges
Andrew Tridgell [Tue, 13 Oct 2009 08:48:13 +0000 (19:48 +1100)]
s4-dsdb: added samdb_rodc() and samdb_ntds_options()
Later we will need to make samdb_rodc() look in the database, but for
now we should at least have the function in a central place
Andrew Tridgell [Tue, 13 Oct 2009 08:46:18 +0000 (19:46 +1100)]
libds: added nTDSDSA options flags
Andrew Tridgell [Tue, 13 Oct 2009 07:31:21 +0000 (18:31 +1100)]
idl: added WSPP DrsOptions bit names
This should make it much easier to work through the logic in MS-DRSR
Jeremy Allison [Wed, 14 Oct 2009 19:36:02 +0000 (12:36 -0700)]
Fix the build, missing ->.
Jeremy.
Jeremy Allison [Wed, 14 Oct 2009 18:11:26 +0000 (11:11 -0700)]
Final part of fix for bug 6793 - winbindd crash with "INTERNAL ERROR: Signal 6"
Don't use mapped_user uninitialized.
Jeremy.
Volker Lendecke [Tue, 13 Oct 2009 18:56:28 +0000 (20:56 +0200)]
s3:winbind: Fix a double-free
Part of a fix for bug #6793.
Volker Lendecke [Wed, 14 Oct 2009 18:14:57 +0000 (11:14 -0700)]
s3:winbind: Fix bug 6793 -- segfault in winbindd_pam_auth
Günther Deschner [Wed, 14 Oct 2009 15:42:19 +0000 (17:42 +0200)]
s3-build: we need to have talloc 2.0.1 when building with external talloc.
2.0.0 did not got the exports right.
This and the 2.0.1 talloc fixes resolve bug #6808.
Guenther
Simo Sorce [Wed, 14 Oct 2009 14:50:19 +0000 (10:50 -0400)]
talloc: Fix exports and increment talloc version
Simo Sorce [Wed, 14 Oct 2009 14:57:17 +0000 (10:57 -0400)]
talloc: Make abi checks in release script
Make always sure the exports and signature files are up to date before
shipping a release.
Simo Sorce [Wed, 14 Oct 2009 14:55:11 +0000 (10:55 -0400)]
talloc: Move release script under /script too
Simo Sorce [Wed, 14 Oct 2009 14:20:28 +0000 (10:20 -0400)]
talloc: Change the way mksysms work
Make sure we always have a sorted (per file) export file.
This way we can directly compare the real export and the check file w/o having
to further sort things.
Also return error code from abi_checks.sh if warnings were reported
Günther Deschner [Wed, 14 Oct 2009 09:48:59 +0000 (11:48 +0200)]
s3-passdb: missed two prototypes while moving to enum netr_SchannelType.
Guenther
Matthias Dieter Wallnöfer [Wed, 14 Oct 2009 10:27:06 +0000 (12:27 +0200)]
s4:torture cldap test - Add checks for the right forest DNS name
Matthias Dieter Wallnöfer [Wed, 14 Oct 2009 09:40:25 +0000 (11:40 +0200)]
s4:password_hash - load the domain parameters from the "loadparm context"
And don't cut them out from the DNS hostname.
Matthias Dieter Wallnöfer [Wed, 14 Oct 2009 08:50:57 +0000 (10:50 +0200)]
s4:torture - fix up "ldap_basic" test
Matthias Dieter Wallnöfer [Mon, 12 Oct 2009 17:09:18 +0000 (19:09 +0200)]
s4: Changes the old occurences of "lp_realm" in "lp_dnsdomain" where needed
For KERBEROS applications the realm should be upcase (function "lp_realm") but
for DNS ones it should be used lowcase (function "lp_dnsdomain"). This patch
implements the use of both in the right way.
Matthias Dieter Wallnöfer [Tue, 13 Oct 2009 16:18:50 +0000 (18:18 +0200)]
s4:loadparm - adapt "realm" handling
Change "lp_realm" behaviour to return the realm always upcased and add a
function "lp_dnsdomain" which returns it always lowcased.
Bo Yang [Wed, 14 Oct 2009 20:31:26 +0000 (04:31 +0800)]
s3: Fix reference to freed memory in pam_winbind.
Signed-off-by: Bo Yang <boyang@samba.org>
Andrew Bartlett [Tue, 13 Oct 2009 22:10:01 +0000 (09:10 +1100)]
Revert "s4:hdb-samba4 - Don't double-free "db""
This reverts commit
11a8a54c825a52d7dd6ab78bc7aeff2d719327d2.
The actual fix for bug 6801 is in hdb_end_seq_get() - this attempt
leaks 'db' instead.
Andrew Bartlett
Andrew Bartlett [Tue, 13 Oct 2009 22:04:16 +0000 (09:04 +1100)]
s4:heimdal A real fix for bug 6801
The issue was that we would free the entry after the database, not
knowing that the entry was a talloc child of the database.
Andrew Bartlett
Björn Jacke [Tue, 13 Oct 2009 22:22:08 +0000 (00:22 +0200)]
s3:net: simplify padding to single printf call
Björn Jacke [Tue, 13 Oct 2009 22:19:35 +0000 (00:19 +0200)]
s3:net simplify padding to single printf call
Volker Lendecke [Tue, 13 Oct 2009 13:56:00 +0000 (15:56 +0200)]
s3:net: Fix a segfault in "net rpc trustdom list" for overlong domain names
That was a complicated way to say "%-20.s"... But that code was from 2002 ...
Jeremy Allison [Tue, 13 Oct 2009 20:28:57 +0000 (13:28 -0700)]
Remove use of "int ret" when we already have errcode.
Jeremy.
Jeremy Allison [Tue, 13 Oct 2009 20:03:39 +0000 (13:03 -0700)]
Catch one more erroneous use of errno.
Jeremy.
Olaf Flebbe [Tue, 13 Oct 2009 13:48:19 +0000 (15:48 +0200)]
correctly handle aio_error() and errno
Volker Lendecke [Mon, 12 Oct 2009 15:29:45 +0000 (17:29 +0200)]
s3:torture: Add a notify-bench test
This is a test that creates and deletes files in a directory as fast as the
network allows it. At the same time, it opens a filechangenotify. This test is
done to just torture handling a single directory together with the notify
infrastructure.
Volker Lendecke [Mon, 12 Oct 2009 14:43:19 +0000 (16:43 +0200)]
s3:libsmb: Add cli_notify
Volker Lendecke [Sat, 3 Oct 2009 13:33:12 +0000 (15:33 +0200)]
s3:rpc: Fix is_known_pipename for dynamically loaded pipes
Volker Lendecke [Sun, 4 Oct 2009 14:52:08 +0000 (16:52 +0200)]
s3: Fix some nonempty blank lines
Andrew Tridgell [Wed, 16 Sep 2009 01:22:56 +0000 (03:22 +0200)]
s3: Fix vfs_shadow_copy2 to allow in-path @GMT-xxx
Olaf Flebbe [Tue, 13 Oct 2009 12:13:06 +0000 (14:13 +0200)]
s3/loadparm: Fix severe HPUX compiler issue.
Members of struct should be initialized explictly.
Fixes bug #6804.
Matthias Dieter Wallnöfer [Tue, 13 Oct 2009 15:36:58 +0000 (17:36 +0200)]
s4:hdb-samba4 - Don't double-free "db"
"db" is freed anyway after the destructor terminates so this does really make
no sense here (rather it makes code crash).
Should fix bug #6801.
Matthias Dieter Wallnöfer [Tue, 13 Oct 2009 15:29:52 +0000 (17:29 +0200)]
s4:dcesrv_samr - add another constant
Matthias Dieter Wallnöfer [Mon, 12 Oct 2009 22:48:15 +0000 (00:48 +0200)]
s4:dcesrv_samr - prevent "ldb_modify" on a possibly empty message
In this code part under certain circumstances we can end up with an empty message.
Since our new behaviour denies them (like the real AD) we need to bypass them
on LDB modify calls.
Matthias Dieter Wallnöfer [Mon, 12 Oct 2009 22:45:26 +0000 (00:45 +0200)]
s4:dcesrv_samr - Add additional "talloc_free"s
Matthias Dieter Wallnöfer [Mon, 12 Oct 2009 22:15:19 +0000 (00:15 +0200)]
s4:dcesrv_samr - Cosmetics
Make more use of constants and add some braces around "if" blocks
Matthias Dieter Wallnöfer [Mon, 12 Oct 2009 21:39:40 +0000 (23:39 +0200)]
s4:ldb_tdb - Revert some introduced "trivial gotos"
I hope that this makes abartlet & simo happy again (consider mailing list).
Matthias Dieter Wallnöfer [Mon, 12 Oct 2009 21:25:17 +0000 (23:25 +0200)]
Enhance ".gitignore" file for s4
Günther Deschner [Tue, 6 Oct 2009 16:26:33 +0000 (18:26 +0200)]
s3-winbindd: add wbint_ChangeMachineAccount implementation.
Guenther
Günther Deschner [Tue, 6 Oct 2009 16:20:23 +0000 (18:20 +0200)]
docs: document wbinfo -c.
Guenther
Günther Deschner [Tue, 6 Oct 2009 16:18:00 +0000 (18:18 +0200)]
nsswitch: add wbinfo -c (change trust account passwords).
Guenther
Günther Deschner [Tue, 6 Oct 2009 16:15:08 +0000 (18:15 +0200)]
libwbclient: add wbcChangeTrustCredentials.
Guenther
Günther Deschner [Tue, 13 Oct 2009 10:24:57 +0000 (12:24 +0200)]
docs: document wbinfo -t --domain DOMAIN behavior.
Guenther
Günther Deschner [Wed, 7 Oct 2009 22:34:53 +0000 (00:34 +0200)]
netlogon: add NL_PASSWORD_VERSION to IDL.
Guenther
Günther Deschner [Tue, 13 Oct 2009 08:15:34 +0000 (10:15 +0200)]
s3: use enum netr_SchannelType all over the place.
Guenther
Günther Deschner [Wed, 7 Oct 2009 22:39:40 +0000 (00:39 +0200)]
s3-netlogon: allow to change any type of trust account password in trust_pw_find_change_and_store_it().
Guenther
Andrew Tridgell [Tue, 13 Oct 2009 02:09:07 +0000 (13:09 +1100)]
s4-repl: check that a DsGetNCChanges is a continuation, and fix sorting
When we indicate that a getncchanges request is not complete, we set
the more_data flag to true in the response. The client usually then
asks for the next block of data. If the client decides it wants to
skip that replication and do a different replication then we need to
make sure that the next call is in fact a continuation of the existing
call, and not a new call.
This relies on returning the results sorted by uSNChanged, as the
client uses the tmp_highest_usn in each result to see if progress is
being made.
Andrew Tridgell [Mon, 12 Oct 2009 23:03:57 +0000 (10:03 +1100)]
Merge branch 'master' of ssh://git.samba.org/data/git/samba
Andrew Tridgell [Mon, 12 Oct 2009 23:03:27 +0000 (10:03 +1100)]
pidl: don't warn for compatible scalar types in unions
When we have an enum that is used as a union discriminator, what
matters is that the scalar mappings are the same, not if the types are
the same (otherwise we get warnings about uint1632).
Thanks to gd for noticing this.
Günther Deschner [Wed, 7 Oct 2009 22:34:05 +0000 (00:34 +0200)]
s3-netlogon: pass down account name to remote password set functions.
Guenther
Björn Jacke [Mon, 12 Oct 2009 20:37:34 +0000 (22:37 +0200)]
ѕ3: fix domain trust documentation confusion
fix some trusted/trusting mixups, make documentation more precise
and man page more verbose.
Matthias Dieter Wallnöfer [Mon, 12 Oct 2009 17:21:55 +0000 (19:21 +0200)]
s4:provision.py - simplify the "realm" variable handling a bit
(Remove unneeded "upper"s)
Matthias Dieter Wallnöfer [Mon, 12 Oct 2009 15:32:24 +0000 (17:32 +0200)]
s4:objectclass ldb module - Check for empty messages
I think the check for empty messages fits best here.
Matthias Dieter Wallnöfer [Mon, 12 Oct 2009 14:28:34 +0000 (16:28 +0200)]
s4:wbclient.h - add compatibility constants
This is the result of a discussion on samba-technical on how to deal best with
existing programs which don't support my changes in the interface yet. Metze
pointed out this "defines" as a possibility and simo and I agreed.
Matthias Dieter Wallnöfer [Mon, 12 Oct 2009 14:19:04 +0000 (16:19 +0200)]
Revert "s4:ldb - add a check which has to be done on beginning of a "modify" operation"
This reverts commit
f9990e9b391f330a8e6c5c158ee4e4eaa50f6176.
abartlet claims that this behaviour is too AD specific to put here. Btw I had
also some doubts if this is clean enough. I put it only here to make "ldap.py"
pass.
I'll try to find a new solution soon.
Günther Deschner [Mon, 12 Oct 2009 12:28:53 +0000 (14:28 +0200)]
s3-docs: remove xml artefact from net.8.xml.
Guenther
Andrew Bartlett [Mon, 12 Oct 2009 09:11:03 +0000 (20:11 +1100)]
s4:ldb Allow a NULL module list
Karolin Seeger [Mon, 12 Oct 2009 10:52:29 +0000 (12:52 +0200)]
s3/proto.h: Add lp_ldap_ref_follow prototype.
Fix build of smbldap.
Karolin
Jan Engelhardt [Mon, 12 Oct 2009 09:34:58 +0000 (11:34 +0200)]
s3/smbldap: add option to disable following LDAP refs
Fix bug #6717.
Andrew Bartlett [Fri, 9 Oct 2009 22:35:39 +0000 (09:35 +1100)]
Allow (and ignore) distinguishedName on special records
They are not stored, so we can ignore them (makes copying records much
easier)
Andrew Bartlett
Andrew Bartlett [Mon, 12 Oct 2009 02:17:09 +0000 (13:17 +1100)]
s4:schema Add some error checking to the schema load
Andrew Bartlett [Mon, 12 Oct 2009 02:10:00 +0000 (13:10 +1100)]
s4:dsdb Make dsdb_read_prefixes_from_ldb static
Andrew Bartlett [Fri, 9 Oct 2009 22:14:37 +0000 (09:14 +1100)]
s4:ldb Reload the 'ltdb_cache' when @OPTIONS changes
(Otherwise setting the check base on search option is not applied
until after a reload).
Andrew Bartlett
Andrew Bartlett [Fri, 9 Oct 2009 22:12:54 +0000 (09:12 +1100)]
s4:ldb Allow a module string of ""
(We may have no modules set)
Andrew Bartlett
Andrew Bartlett [Fri, 9 Oct 2009 22:10:03 +0000 (09:10 +1100)]
s4:dsdb Search for the schema with dsdb_module_search(), in schema_fsmo
This avoids using an ldb_search(), which would run from the top of the
module stack. This will help us load the schema before the partitions
are initialised.
Andrew Bartlett
Andrew Bartlett [Fri, 9 Oct 2009 22:06:07 +0000 (09:06 +1100)]
s4:dsdb Add new functions to help modules do an ldb_search()
These take an ldb_module argument, and avoid doing the search from the
top of the stack again.
(This will help when modules are initialised before being added to the
partition set)
Andrew Bartlett
Andrew Bartlett [Mon, 12 Oct 2009 05:44:19 +0000 (16:44 +1100)]
s4:provision Remove all references to samba4LocalDomain
This was a bad idea all along, as Simo said at the time. With the
full MS schema and enforcement of it, it is an even worse idea.
This fixes the provision of the member server in 'make test'
Andrew Bartlett
Andrew Bartlett [Tue, 6 Oct 2009 03:12:04 +0000 (14:12 +1100)]
s4:provision Clarify that we set, rather than modify, objectGUID values
Andrew Tridgell [Mon, 12 Oct 2009 05:14:02 +0000 (16:14 +1100)]
s4-selftest: don't run benchmarks on the build farm hosts
Andrew Tridgell [Mon, 12 Oct 2009 05:11:53 +0000 (16:11 +1100)]
torture: fixed socket leak in BENCH-TCON test
The BENCH-TCON test was leaving the socket open. A smbclie_tdis()
closes the tree connection, but does not close the socket.
This caused the build farm to run out of file descriptors
Andrew Tridgell [Mon, 12 Oct 2009 02:31:34 +0000 (13:31 +1100)]
scripts: handle non-C files in minimal_includes.pl
Andrew Tridgell [Mon, 12 Oct 2009 02:30:52 +0000 (13:30 +1100)]
s4-drs: make DsBind a bit less verbose