Kamen Mazdrashki [Sun, 25 Jan 2015 16:16:58 +0000 (18:16 +0200)]
s4-dsdb/tests: Assert on expected set of attributes for restored objects
Change-Id: I788406d9c3839d108cea508cf2a59488d495f141
Signed-off-by: Kamen Mazdrashki <kamenim@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Kamen Mazdrashki [Tue, 27 Jan 2015 23:43:10 +0000 (01:43 +0200)]
s4-dsdb: Refactor user objects defaults setter to use attribute/value map
Change-Id: Iaa32af4225219a4c5c42c663022e8be429b8a1d2
Signed-off-by: Kamen Mazdrashki <kamenim@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Andrew Bartlett [Thu, 22 Jan 2015 04:22:52 +0000 (17:22 +1300)]
dsdb: Do not use _ prefix in tombstone_reanimate module
This should only be used by the C library.
Andrew Bartlett
Change-Id: I00da64de1443a7c6b21aafae79e126180eb1a3d4
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Kamen Mazdrashki <kamenim@samba.org>
Kamen Mazdrashki [Sun, 18 Jan 2015 21:58:13 +0000 (23:58 +0200)]
s4-dsdb: common helper to determine "primaryGroupID" attribute value
At the moment current implementation does not check if group RID
is existing group RID - this responsibility is left to the caller.
Change-Id: I8c58dd23a7185d63fa2117be0617884eb78d13c1
Signed-off-by: Kamen Mazdrashki <kamenim@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Kamen Mazdrashki [Mon, 12 Jan 2015 02:46:38 +0000 (04:46 +0200)]
s4-dsdb: Common helper for setting "sAMAccountType" on User objects
Change-Id: I4480e7d1ed0c754e960028e0be9a90ee56935e94
Signed-off-by: Kamen Mazdrashki <kamenim@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Kamen Mazdrashki [Mon, 12 Jan 2015 01:30:17 +0000 (03:30 +0200)]
s4-dsdb: Move User object default attribute values in separate helper
Change-Id: I1e291bcf0a5c9b2fca11323dc7f8be29f5145d42
Signed-off-by: Kamen Mazdrashki <kamenim@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Kamen Mazdrashki [Tue, 20 Jan 2015 23:03:13 +0000 (01:03 +0200)]
s4-tests: Add tombstone_reanimation test case to s4 test suite
DC, USERNAME and PASSWORD are passed as environment variables
prefixed with TEST_
Change-Id: I84ff628496bfa3e0538011400328585d080f21b8
Signed-off-by: Kamen Mazdrashki <kamenim@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Kamen Mazdrashki [Sun, 28 Dec 2014 02:23:33 +0000 (04:23 +0200)]
s4-dsdb/tests: Do not pre-create LoadParm - connect_samdb_env() will handle it
Change-Id: I3483c5aa50de2f7aca19e4d7cc4fa49bbe5f889d
Signed-off-by: Kamen Mazdrashki <kamenim@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Kamen Mazdrashki [Thu, 27 Nov 2014 16:49:15 +0000 (17:49 +0100)]
s4-dsdb-test: Use common base method for restoring Deleted objects
Change-Id: I266b58ced814cf7ea3616862506df5b55f4f1d8c
Signed-off-by: Kamen Mazdrashki <kamenim@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Kamen Mazdrashki [Thu, 27 Nov 2014 05:20:33 +0000 (06:20 +0100)]
s4-dsdb/samldb: Don't allow rename requests on Deleted object
Windows behavior in case of renaming Deleted object is:
* return ERR_NO_SUCH_OBJECT in case client is not providing
SHOW_DELETED control
* ERR_UNWILLING_TO_PERFORM otherwise
Renaming of Deleted objects is allowed only through special
Tombstone reanimation modify request
Change-Id: I1eb33fc294a5de44917f6037988ea6362e6e21fc
Signed-off-by: Kamen Mazdrashki <kamenim@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Kamen Mazdrashki [Thu, 27 Nov 2014 04:20:22 +0000 (05:20 +0100)]
s4-dsdb/test: Delete any leftover objects in the beginning of Cross-NC test
This way we ensure that samdb is clean before we make the test
Change-Id: I3c6fc94763807394e52b6df41548e9aba8b452c1
Signed-off-by: Kamen Mazdrashki <kamenim@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Kamen Mazdrashki [Thu, 27 Nov 2014 04:15:58 +0000 (05:15 +0100)]
s4-dsdb/samldb: Relax a bit restrictions in Config partition while restoring deleted object
Change-Id: Iead460d24058b160b46cf3ddedaf4d84b844da4d
Signed-off-by: Kamen Mazdrashki <kamenim@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Kamen Mazdrashki [Wed, 26 Nov 2014 20:53:53 +0000 (21:53 +0100)]
s4-dsdb/samdb: Don't relax contraint checking during rename for Deleted objects
Now we have a module to handle to handle Tombstone reanimation
and it is better we do all the check here as usual
Change-Id: Ia5d28d64e99f7a961cfe8b9aa7cc96e4ca56192e
Signed-off-by: Kamen Mazdrashki <kamenim@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Kamen Mazdrashki [Wed, 26 Nov 2014 05:59:09 +0000 (06:59 +0100)]
s4-dsdb-test/reanimate: Fix whitespaces according to PEP8
Change-Id: I7b46992c80178d40a0531b5afd71a7783068a9dd
Signed-off-by: Kamen Mazdrashki <kamenim@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Kamen Mazdrashki [Wed, 26 Nov 2014 05:23:51 +0000 (06:23 +0100)]
s4-dsdb-tests: Move base tests for Tombstone reanimation in tombstone_reanimation module
So we have them all in one place.
While moving, I have:
* inherited from the base class for Tombstone reanimations
* replace self.ldb with self.samdb
Change-Id: Id3e4f02cc2e0877d736da812c14c91e2311203d2
Signed-off-by: Kamen Mazdrashki <kamenim@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Kamen Mazdrashki [Fri, 21 Nov 2014 18:31:25 +0000 (19:31 +0100)]
s4-dsdb-test: Fix duplicated key in a dictionary in sam.py
Change-Id: Ie33d92bd308262d9bfda553d6d5e2cfd98f6d7b3
Signed-off-by: Kamen Mazdrashki <kamenim@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Kamen Mazdrashki [Sun, 16 Nov 2014 02:35:01 +0000 (03:35 +0100)]
s4-dsdb/objectclass: remove duplicated declaration for objectclass_do_add
Change-Id: Ib88a45cea64fb661a41ca3b4a3df9dabf509fc6c
Signed-off-by: Kamen Mazdrashki <kamenim@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Kamen Mazdrashki [Sun, 16 Nov 2014 02:34:22 +0000 (03:34 +0100)]
s4-dsdb-test: remove trailing ';' in ldap.py
Change-Id: I5edc6e017b576791c1575f71a625c49ccc88fe8f
Signed-off-by: Kamen Mazdrashki <kamenim@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Kamen Mazdrashki [Thu, 13 Nov 2014 03:11:08 +0000 (04:11 +0100)]
s4-dsdb/reanimate: Group objects reanimation implementation
Change-Id: Iea92924ff6b33fa3723b104d5dfff1ce5a7a09b0
Signed-off-by: Kamen Mazdrashki <kamenim@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Kamen Mazdrashki [Fri, 7 Nov 2014 06:11:59 +0000 (07:11 +0100)]
s4-dsdb/reanimate: Swap rename->modify operations to modify->rename sequence
This way it is more visible that we work on 'deleted object' during modify
and also will help us to handle 'stop rename for deletec objects'
propertly in future
[MS-ADTS]: 3.1.1.5.3.7.3 Undelete Processing Specifics
Change-Id: I9bb644e099a4a2afcb261ad22515c9c4ce4875bb
Signed-off-by: Kamen Mazdrashki <kamenim@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Kamen Mazdrashki [Fri, 7 Nov 2014 06:08:29 +0000 (07:08 +0100)]
s4-dsdb/reanimate: Use 'show deleted' control in modify operations too
Before committing changes, object is still deleted - isDeleted = true
Change-Id: Ie1ab53dc594d1bfaf5b9e06316e7a1fc0dd4b8cb
Signed-off-by: Kamen Mazdrashki <kamenim@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Kamen Mazdrashki [Fri, 7 Nov 2014 06:07:07 +0000 (07:07 +0100)]
s4-dsdb/samldb: Skip 'sAMAccountType' and 'primaryGroupID' during Tombstone reanimate
tombstone_reanimate.c module is going to restore those attributes
and it needs a way to propagate them to DB
Change-Id: I36f30b33fa204fd28329eab01044a125f7a3f08e
Signed-off-by: Kamen Mazdrashki <kamenim@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Kamen Mazdrashki [Fri, 7 Nov 2014 06:05:56 +0000 (07:05 +0100)]
s4-dsdb/samldb: Fix type "omputer" -> "computer"
Change-Id: Ic56c6945528b7f60becc4f0b318429f4c22c3d2e
Signed-off-by: Kamen Mazdrashki <kamenim@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Kamen Mazdrashki [Fri, 7 Nov 2014 06:04:30 +0000 (07:04 +0100)]
s4-dsdb/reanimate: Implement attribute_restore function
At the moment it works for objects with objectClass user + a common
case of removing isRecycled attribute
Change-Id: I70b0ef0ef65c13d3def82ca53ace52a85a078a37
Signed-off-by: Kamen Mazdrashki <kamenim@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Kamen Mazdrashki [Fri, 7 Nov 2014 06:02:51 +0000 (07:02 +0100)]
s4-dsdb-util: Mark attributes with ADD flag in samdb_find_or_add_attribute()
At the moment no flags are set and it works fine, since this function
is solely used in samldb during ADD requests handling.
Pre-setting a flag make it usefull for other modules and request
handlers too
Change-Id: I7e43dcbe2a8f34e3b0ec16ae2db80ef436df8bfe
Signed-off-by: Kamen Mazdrashki <kamenim@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Kamen Mazdrashki [Thu, 6 Nov 2014 03:10:42 +0000 (04:10 +0100)]
s4-dsdb-test: Fix Undelete tests after subunit upgrade work
Change-Id: I4712a2a2163a57fde037511afcc1cb7bee05f12e
Signed-off-by: Kamen Mazdrashki <kamenim@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Kamen Mazdrashki [Thu, 6 Nov 2014 02:01:54 +0000 (03:01 +0100)]
s4-dsdb-test: Use case insensitive comparison for DNs in undelete test
Change-Id: I4a009bb7ed58ab857ac74a235bb5f580911f0d92
Signed-off-by: Kamen Mazdrashki <kamenim@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Kamen Mazdrashki [Tue, 20 Jan 2015 22:58:56 +0000 (00:58 +0200)]
s4-dsdb-test: Initial implementation for Tombstone restore test suite
Change-Id: Ib35ff930b6e7cee14317328b6fe25b59eec5262c
Signed-off-by: Kamen Mazdrashki <kamenim@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Kamen Mazdrashki [Wed, 5 Nov 2014 05:26:25 +0000 (06:26 +0100)]
s4-dsdb-test: Implement samdb_connect_env() to rely solely on environment
this is to help me port Python tests to be more Unit test alike
and remove all global handling
Starting from a new test suite - tombstone_reanimation.py
Andrew Bartlett rose his concerns that passing parameters
through environment may make tests hard to trace for
failures. However, passing parameters on command line
is not Unit test alike either. After discussing this with him
offline, we agreed to continue this approach, but prefix
environment variables with "TEST_". So that an env var
should not be used by coincidence.
Change-Id: I29445c42cdcafede3897c8dd1f1529222a74afc9
Signed-off-by: Kamen Mazdrashki <kamenim@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Nadezhda Ivanova [Tue, 4 Nov 2014 18:24:11 +0000 (20:24 +0200)]
s4-dsdb: Some minor fixes in tombstone_reanimate, to make it work with acl
Change-Id: Idad221c7ecf778fd24f6017bb4c6eacac541086a
Signed-off-by: Nadezhda Ivanova <nivanova@symas.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Nadezhda Ivanova [Tue, 4 Nov 2014 18:21:57 +0000 (20:21 +0200)]
s4-dsdb: Implementation of access checks on a undelete operation
Special Reanimate-Tombstone access right is required, as well as most of
the checks on a standard rename.
Change-Id: Idae5101a5df4cd0d54fe4ab2f7e5ad7fc1c23648
Signed-off-by: Nadezhda Ivanova <nivanova@symas.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Nadezhda Ivanova [Tue, 4 Nov 2014 18:08:58 +0000 (20:08 +0200)]
s4-dsdb: Tests for security checks on undelete operation
Implemented according to MS-ADTS 3.1.1.5.3.7.1. Unfortunately it appears
LC is also necessary, and it is not granted by default to anyone but
System and Administrator, so tests had to be done negatively
Signed-off-by: Nadezhda Ivanova <nivanova@symas.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Change-Id: Ic03b8fc4e222e7842ec8a9645a1bb33e7df9c438
Kamen Mazdrashki [Tue, 4 Nov 2014 03:17:35 +0000 (04:17 +0100)]
s4-dsdb: Mark request during Tombstone reanimation with custom LDAP control
We are going to need this so that underlying modules (acl.c)
can treat those requests properly
Change-Id: I6c12069aa6e7e01197dddda6c610d930d3fd9cb0
Signed-off-by: Kamen Mazdrashki <kamenim@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Kamen Mazdrashki [Tue, 4 Nov 2014 03:10:16 +0000 (04:10 +0100)]
s4-dsdb: Implement rename/modify requests as local for the module
The aim is for us to be able to fine tune the implementation
and also add custom LDAP controls to mark all requests as
being part of Reanimation procedure
Change-Id: I9f1c04cd21bf032146eb2626d6495711fcadf10c
Signed-off-by: Kamen Mazdrashki <kamenim@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Kamen Mazdrashki [Mon, 3 Nov 2014 03:58:20 +0000 (04:58 +0100)]
s4-dsdb: Add documentation link for Tombstone Reanimation
Change-Id: Ib779c8b0839889371f25ad5751c9cda1a510eb54
Signed-off-by: Kamen Mazdrashki <kamenim@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Kamen Mazdrashki [Sun, 2 Nov 2014 16:11:20 +0000 (17:11 +0100)]
s4-tests: Print out what the error is in delete_force()
Change-Id: Iaa631179dc79fa756416be8eaf8c55e3b0c1a29f
Signed-off-by: Kamen Mazdrashki <kamenim@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Kamen Mazdrashki [Tue, 28 Oct 2014 14:03:59 +0000 (15:03 +0100)]
s4-dsdb: Define internal dsdb control to mark Tombstone reanimation requests
Tombstone reanimation requries some special handling which is going
to affect several modules. Most notably:
- a bit different access checks in acl.c
- restore certain attributes during modify requests in samldb.c
Control added also to schema_samba4.ldif by Andrew Bartlett
hence the "pair programmed with" tag.
Change-Id: Ief4f7dabbbdc2570924fae48c30ac9c531a701f4
Pair-programmed-with: Andrew Bartlett <abartlet@samba.org>
Signed-off-by: Kamen Mazdrashki <kamenim@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Kamen Mazdrashki [Tue, 28 Oct 2014 05:11:31 +0000 (06:11 +0100)]
s4-dsdb: Make use dsdb_make_object_category() for objectCategory
Change-Id: If65c54a653ad7078ca7a535b5c247db2746b5be7
Signed-off-by: Kamen Mazdrashki <kamenim@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Kamen Mazdrashki [Tue, 28 Oct 2014 05:10:56 +0000 (06:10 +0100)]
s4-dsdb: Make most specific objectCategory for an object
This is lightweight implementation and should be used on objects
with already verified objectClass attribute value - eg. valid classes,
sorted properly, etc.
Checkout objectclass.c module for heavy weight implementation.
Change-Id: Ifa7880d26246f67e2f982496fcc6c77e6648d56f
Signed-off-by: Kamen Mazdrashki <kamenim@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Kamen Mazdrashki [Mon, 27 Oct 2014 04:31:54 +0000 (05:31 +0100)]
s4-dsdb: Initialize module context only we are to handle Tombstone request
Change-Id: I73bd2043e96907e3d1a669bdbd943ddee1df8c0a
Signed-off-by: Kamen Mazdrashki <kamenim@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Kamen Mazdrashki [Sun, 26 Oct 2014 03:31:41 +0000 (04:31 +0100)]
s4-dsdb: Return error codes as windows does for Tombstone reanimation
Tested against Windows Server 2008 R2
In case we try to restore to already existing object, windows
returns: LDB_ERR_ENTRY_ALREADY_EXISTS
Otherwise it is: LDB_ERR_OPERATIONS_ERROR
Change-Id: I6b5fea1e327416ccf5069d97a4a378a527a25f80
Signed-off-by: Kamen Mazdrashki <kamenim@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Kamen Mazdrashki [Sun, 26 Oct 2014 03:29:49 +0000 (04:29 +0100)]
s4-dsdb-tests: Fix whitespace in deletetest.py
Change-Id: Ic2924b0aa9cffd29fe0c857317ccb65ba53a1c21
Signed-off-by: Kamen Mazdrashki <kamenim@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Kamen Mazdrashki [Sun, 26 Oct 2014 03:29:16 +0000 (04:29 +0100)]
s4-dsdb-tests: Make unique object names to test with in deletetest
This way we can re-run the test again and again
Change-Id: I29bd878b77073d94a279c38bd0afc2f0befa6f9d
Signed-off-by: Kamen Mazdrashki <kamenim@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Kamen Mazdrashki [Sun, 26 Oct 2014 02:43:29 +0000 (03:43 +0100)]
s4-dsdb-tests: Remove unused method get_ldap_connection()
Change-Id: Ie50f77dbba724dbd3c2822de5c2cfff41016fac6
Signed-off-by: Kamen Mazdrashki <kamenim@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Kamen Mazdrashki [Sun, 26 Oct 2014 02:42:45 +0000 (03:42 +0100)]
s4-dsdb-tests: Remove trailing ';' in deletetest.py
Change-Id: Ic1ad6bbda55be56cbf7ae78a8ad988b8e479a40c
Signed-off-by: Kamen Mazdrashki <kamenim@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Kamen Mazdrashki [Thu, 23 Oct 2014 06:15:23 +0000 (08:15 +0200)]
s4-dsdb: Insert tombstone_reanimate module in ldb modules chain after objectclass
Change-Id: Id9748f36f0aefe40b1894ecd2e5071e3b9c8a6d6
Signed-off-by: Kamen Mazdrashki <kamenim@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Kamen Mazdrashki [Sat, 27 Dec 2014 19:14:25 +0000 (21:14 +0200)]
s4-dsdb: Initial implementation for Tombstone reanimation module
At the moment it works for basic scenario:
- add user
- delete user
- restore deleted user
TODO:
- security checks
- flags verification
- cross-NC checks
- asynchronous implementation (may not be needed, but anyway)
Change-Id: If396a6dfc766c224acfeb7e93ca75703e08c26e6
Signed-off-by: Kamen Mazdrashki <kamenim@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Nadezhda Ivanova [Tue, 21 Oct 2014 13:35:30 +0000 (16:35 +0300)]
s4-dsdb-tests: Some tests for deleted objects undelete operation
Based on MS-ADTS 3.1.1.5.3.7.2
Signed-off-by: Nadezhda Ivanova <nivanova@symas.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Change-Id: I650b315601fce574f9302435f812d1dd4b177e68
Stefan Metzmacher [Mon, 26 Jan 2015 10:53:12 +0000 (11:53 +0100)]
selftest: fix check for RODC and RID Set allocation
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jelmer Vernooij <jelmer@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Mon Feb 2 01:10:18 CET 2015 on sn-devel-104
Stefan Metzmacher [Mon, 26 Jan 2015 07:31:10 +0000 (08:31 +0100)]
python/samba/tests: don't lower case path names in connect_samdb()
We should not lower case file names, because we may get a path to sam.ldb.
Now we only lower case ldap urls.
For a long time I got failing private autobuild like this:
[1623(9233)/1718 at 1h28m9s] samba4.urgent_replication.python(dc)(dc:local)
Failed to connect to ldap URL
'ldap:///memdisk/metze/w/b12985/samba/bin/ab/dc/private/sam.ldb' - LDAP client
internal error: NT_STATUS_NO_MEMORY
Failed to connect to
'ldap:///memdisk/metze/w/b12985/samba/bin/ab/dc/private/sam.ldb' with backend
'ldap': (null)
UNEXPECTED(error):
samba4.urgent_replication.python(dc).__main__.UrgentReplicationTests.test_attributeSchema_object(dc:local)
REASON: _StringException: _StringException: Content-Type:
text/x-traceback;charset=utf8,language=python
traceback
322
The problem is that /memdisk/metze/W/ is my test directory instead
of /memdisk/metze/w/.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jelmer Vernooij <jelmer@samba.org>
Jelmer Vernooij [Fri, 30 Jan 2015 01:22:46 +0000 (02:22 +0100)]
selftest: Fix typo namerserver -> nameserver.
Signed-off-by: Jelmer Vernooij <jelmer@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Fri Jan 30 19:59:40 CET 2015 on sn-devel-104
Stefan Metzmacher [Thu, 29 Jan 2015 09:12:30 +0000 (10:12 +0100)]
s3:smb2_server: protect against integer wrap with "smb2 max credits = 65535"
Bug: https://bugzilla.samba.org/show_bug.cgi?id=9702
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Thu Jan 29 14:58:40 CET 2015 on sn-devel-104
Stefan Metzmacher [Wed, 28 Jan 2015 14:22:30 +0000 (15:22 +0100)]
s3:smb2_server: always try to grant the credits the client just consumed
It turns out that the effective credits_requested is always at least 1,
even if the client sends credits_requested == 0.
This means the client is not able to reduce the amount of credits
itself.
Without this fix a client (e.g. Windows7) would reach the case
where it has been granted all credits it asked for.
When copying a large file with a lot of parallel requests,
all these requests have credits_requested == 0.
This means the amount of granted credits where reduced by each
request and only when the granted credits reached 0,
the server granted one credit to allow the client to go on.
The client might require more than one credit ([MS-SMB2] says
Windows clients require at least 4 credits) and freezes
with just 1 credit.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=9702
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Wed, 28 Jan 2015 16:16:32 +0000 (16:16 +0000)]
loadparm: Simplify "set_variable"
I usually don't like complicated if/else and in particular the else
piece. But if the alternative is a goto, then else is better I guess :-)
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Autobuild-User(master): Garming Sam <garming@samba.org>
Autobuild-Date(master): Thu Jan 29 00:28:55 CET 2015 on sn-devel-104
Andreas Schneider [Fri, 23 Jan 2015 14:32:05 +0000 (15:32 +0100)]
uwrap: Bump version to 1.1.0.
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Wed Jan 28 19:44:39 CET 2015 on sn-devel-104
Andreas Schneider [Fri, 23 Jan 2015 14:31:17 +0000 (15:31 +0100)]
uwrap: Make sure we leave if the id is NULL.
CID #97616
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Robin Hack [Fri, 23 Jan 2015 14:30:30 +0000 (15:30 +0100)]
uwrap: Support scenario where threads fork or creates threads.
When fork() is called here there is no need to disable uwrap as a whole.
This change disables only uwrap for the thread which called fork().
uwrap catches calls of pthread_create() and pthread_exit() functions
from libpthread library now.
Pair-Programmed-With: Andreas Schneider <asn@samba.org>
Pair-Programmed-With: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Robin Hack <hack.robin@gmail.com>
Signed-off-by: Andreas Schneider <asn@samba.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Robin Hack [Fri, 23 Jan 2015 14:30:03 +0000 (15:30 +0100)]
uwrap: Prepare for overload of libpthread functions.
uwrap_bind_symbol are now renamed to uwrap_bind_symbol_libc
and simlilar uwrap_bind_symbol_libpthread are introduced.
Signed-off-by: Robin Hack <hack.robin@gmail.com>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Robin Hack [Fri, 23 Jan 2015 14:29:35 +0000 (15:29 +0100)]
uwrap: Introduce UWRAP_LOCK_ALL and UWRAP_UNLOCK_ALL macros
Introduce UWRAP_LOCK_ALL and UWRAP_UNLOCK_ALL which make
locking easier.
Signed-off-by: Robin Hack <hack.robin@gmail.com>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Robin Hack [Fri, 23 Jan 2015 14:28:37 +0000 (15:28 +0100)]
uwrap: Rewrite uwrap_libc_fns struct to pass strict aliasing rules.
Also rename struct uwrap_libc_fns fns to uwrap_libc_symbols and
uwrap_load_lib_function to uwrap_bind_symbol (same for _uwrap_load_...
variant.
Signed-off-by: Robin Hack <hack.robin@gmail.com>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Robin Hack [Fri, 23 Jan 2015 14:28:00 +0000 (15:28 +0100)]
uwrap: Fix wrong data types in syscalls switch.
Signed-off-by: Robin Hack <hack.robin@gmail.com>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Robin Hack [Fri, 23 Jan 2015 14:27:25 +0000 (15:27 +0100)]
uwrap: Add support for getresuid() and getresgid() glibc/syscall.
Signed-off-by: Robin Hack <hack.robin@gmail.com>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Robin Hack [Fri, 23 Jan 2015 14:25:16 +0000 (15:25 +0100)]
uwrap: Extend support for (set|get)groups libc functions and syscalls.
Signed-off-by: Robin Hack <hack.robin@gmail.com>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Robin Hack [Fri, 23 Jan 2015 14:24:39 +0000 (15:24 +0100)]
uwrap: Extend support for syscalls called from threads or main process.
We need to distinguish if the syscall is called from main process or
from a thread.
Signed-off-by: Robin Hack <hack.robin@gmail.com>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Robin Hack [Fri, 23 Jan 2015 14:24:04 +0000 (15:24 +0100)]
uwrap: Small uwrap_init optimalization.
Don't call libc_getuid/getgid function twice.
Signed-off-by: Robin Hack <hack.robin@gmail.com>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Andreas Schneider [Fri, 23 Jan 2015 14:22:18 +0000 (15:22 +0100)]
uwrap: Add support for running with address sanitizer.
The address sanitzer will complain about our hack with variable function
attributes. This disables the checking of it.
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Robin Hack [Fri, 23 Jan 2015 14:16:34 +0000 (15:16 +0100)]
uwrap: Reflect changes of uid/gid in threads to main process.
When thread changes uid/gid this change must be reflected to main
process.
Syscalls changes only uid/gid of thread. Call of libc functions changes
also uid/gid of main process.
Signed-off-by: Robin Hack <hack.robin@gmail.com>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Robin Hack [Fri, 23 Jan 2015 14:15:42 +0000 (15:15 +0100)]
uwrap: Small optimalization of uwrap_init().
Don't call getenv("UID_WRAPPER") on start of uwrap_init().
Signed-off-by: Robin Hack <hack.robin@gmail.com>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Robin Hack [Fri, 23 Jan 2015 14:15:04 +0000 (15:15 +0100)]
uwrap: Optimalization of uid_wrapper_enabled() function.
Check only bool variable inside uwrap structure instead
of calling whole uid_init().
In the best case only one mutex lock is need when check.
NOTES:
* This patch uses __atomic_load gcc builtin function.
* uid_init() were moved outside uid_wrapper_enabled() function.
Signed-off-by: Robin Hack <hack.robin@gmail.com>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Robin Hack [Fri, 23 Jan 2015 14:12:43 +0000 (15:12 +0100)]
uid_wrapper: Fix race condition - uwrap_init.
Patch moves uwrap_id_mutex before if (uwrap.initialised) statement
which can be passed by concurrent threads.
Signed-off-by: Robin Hack <hack.robin@gmail.com>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Robin Hack [Fri, 23 Jan 2015 14:12:02 +0000 (15:12 +0100)]
uwrap: Fix race condition - glibc lookups.
Patch adds libc_symbol_binding_mutex which guards global table of libc
functions and their lookup.
Signed-off-by: Robin Hack <hack.robin@gmail.com>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Robin Hack [Fri, 23 Jan 2015 14:10:02 +0000 (15:10 +0100)]
uwrap: Add library constructor and move pthread_atfork inside.
Library constructor is used for pthread_atfork call. Moved here because
pthread_atfork is cumulative and should be called only once.
Signed-off-by: Robin Hack <hack.robin@gmail.com>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Robin Hack [Fri, 23 Jan 2015 13:00:49 +0000 (14:00 +0100)]
uwrap: Use UWRAP_LOCK/UNLOCK macros instead of pthread_mutex_lock/unlock calls.
New macros UWRAP_LOCK/UNLOCK has been created and all calls to
pthread_mutex_lock/unlock has been replaced by these macros.
Signed-off-by: Robin Hack <hack.robin@gmail.com>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Andreas Schneider [Fri, 23 Jan 2015 12:59:14 +0000 (13:59 +0100)]
uwrap: Fix the handle loop for older gcc versions.
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
Andreas Schneider [Mon, 26 Jan 2015 15:16:15 +0000 (16:16 +0100)]
waf: Add address sanitizer configure option.
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Martin Schwenke [Tue, 30 Dec 2014 05:04:00 +0000 (16:04 +1100)]
ctdb-scripts: Call iptables/ip6tables directly from iptables_wrapper
Drops the iptables() and ip6tables() functions and, hence, the
hardcoding of paths /sbin/iptables and /sbin/ip6tables. The latter
avoids problems on openSUSE where (for example) /usr/sbin/iptables is
used instead.
This means that locking around ip*tables commands is only done when
iptables_wrapper is called directly. This is fine because the only
conflict is when "releaseip" or "takeip"/"updateip" events are run in
parallel. The other uses in 11.natgw and 70.iscsi are in events where
there will be no collisions.
Making 11.natgw support IPv6 is unnecessary. Just put a static IPv6
address on each interface - they're plentiful.
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Autobuild-User(master): Amitay Isaacs <amitay@samba.org>
Autobuild-Date(master): Wed Jan 28 08:29:55 CET 2015 on sn-devel-104
Martin Schwenke [Tue, 30 Dec 2014 06:07:09 +0000 (17:07 +1100)]
ctdb-scripts: Error message, comment and whitespace cleanups
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Martin Schwenke [Tue, 30 Dec 2014 06:03:46 +0000 (17:03 +1100)]
ctdb-scripts: iSCSI eventscript should fail when PNN can't be determined
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Martin Schwenke [Tue, 30 Dec 2014 06:01:21 +0000 (17:01 +1100)]
ctdb-scripts: Make 70.iscsi IPv6-aware
Block iSCSI port for families of all address the node is configured to
host.
Could just unconditional add blocking using ip6tables instead.
However, this would produce errors when no IPv6 public addresses are
configured and ip6tables is not installed.
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Günther Deschner [Fri, 28 Nov 2014 16:24:09 +0000 (17:24 +0100)]
auth/credentials_krb5: fix memory leak in cli_credentials_failed_kerberos_login().
Guenther
Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Mon Jan 26 19:56:57 CET 2015 on sn-devel-104
Günther Deschner [Fri, 23 Jan 2015 12:01:27 +0000 (13:01 +0100)]
s4-torture: the new krb5 kdc tests are heimdal, not dc specific.
Guenther
Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Günther Deschner [Fri, 26 Sep 2014 22:06:25 +0000 (00:06 +0200)]
idl: fix IDL for netr_WorkstationInformation().
This structure is used by the netr_LogonGetDomainInfo call as the input.
Guenther
Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Stefan Metzmacher [Thu, 22 Jan 2015 11:24:31 +0000 (11:24 +0000)]
s4:rpc_server: add support for DCERPC_AUTH_TYPE_NCALRPC_AS_SYSTEM
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Mon Jan 26 14:23:50 CET 2015 on sn-devel-104
Stefan Metzmacher [Thu, 22 Jan 2015 13:05:15 +0000 (13:05 +0000)]
s4:rpc_server: pass the remote address to gensec_set_remote_address()
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
Stefan Metzmacher [Thu, 22 Jan 2015 14:57:15 +0000 (14:57 +0000)]
s4:rpc_server/lsa: add dcesrv_lsa_OpenTrustedDomain_common()
dcesrv_lsa_OpenTrustedDomain() and dcesrv_lsa_OpenTrustedDomainByName()
need to use the same logic and make sure trusted_domain_user_dn is valid.
Otherwise dcesrv_lsa_OpenTrustedDomainByName() followed by
dcesrv_lsa_DeleteObject() will leave the trust domain account
in the database.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
Stefan Metzmacher [Thu, 22 Jan 2015 11:22:25 +0000 (11:22 +0000)]
s4:rpc_server/netlogon: fix bugs in dcesrv_netr_DsRGetDCNameEx2()
We should return the our ip address the client is connected too.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
Richard Sharpe [Sat, 24 Jan 2015 23:24:46 +0000 (15:24 -0800)]
Fix a couple of DEBUG statements that were copied from elsewhere. Removed the misleading function name since the DEBUG message will print out the function name anyway.
Signed-of-by: Richard Sharpe <rsharpe@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Sun Jan 25 12:58:08 CET 2015 on sn-devel-104
Stefan Metzmacher [Fri, 9 Jan 2015 07:56:59 +0000 (08:56 +0100)]
s4:dsdb/tests: add test_timevalues1() to verify timestamp values
Bug: https://bugzilla.samba.org/show_bug.cgi?id=9810
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Sat Jan 24 20:17:20 CET 2015 on sn-devel-104
Stefan Metzmacher [Mon, 19 Jan 2015 16:17:13 +0000 (17:17 +0100)]
ldb: version 1.1.20
- Bug 9810 - validate_ldb of String(Generalized-Time) does not accept millisecond format ".000Z"
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
Stefan Metzmacher [Mon, 19 Jan 2015 14:47:58 +0000 (15:47 +0100)]
lib/ldb: fix logic in ldb_val_to_time()
040408072012Z should represent
20040408072012.0Z
as well as
20040408072012.000Z or
20040408072012.RandomIgnoredCharaters...Z
Bug: https://bugzilla.samba.org/show_bug.cgi?id=9810
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
Richard Sharpe [Sat, 24 Jan 2015 05:56:19 +0000 (21:56 -0800)]
Update the tevent_data.dox tutrial stuff to fix some errors, including white
space problems.
Signed-off-by: Richard Sharpe <rsharpe@samba.org>
Reviewed-by: Ralph Boehme <rb@sernet.de>
Autobuild-User(master): Richard Sharpe <sharpe@samba.org>
Autobuild-Date(master): Sat Jan 24 09:33:03 CET 2015 on sn-devel-104
Ira Cooper [Thu, 22 Jan 2015 22:14:31 +0000 (17:14 -0500)]
vfs_glusterfs: Add comments to the pipe(2) code.
The guarantees around read(2) and write(2) and pipes are critical
to understanding this code. Hopefully these comments will help.
Signed-off-by: Ira Cooper <ira@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Fri Jan 23 20:58:51 CET 2015 on sn-devel-104
Andrew Bartlett [Fri, 23 Jan 2015 04:19:41 +0000 (17:19 +1300)]
selftest: Run krb5.kdc test against users with a UPN
This tests both a UPN in our own realm, and a UPN with a non-realm suffix.
Pair-programmed-with: Garming Sam <garming@catalyst.net.nz>
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Fri Jan 23 08:10:07 CET 2015 on sn-devel-104
Andrew Bartlett [Fri, 23 Jan 2015 03:43:48 +0000 (16:43 +1300)]
torture-krb5: Check for UPN hanlding in krb5.kdc.canon test
This allows us to confirm correct behaviour when a UPN is in use, particularly
with the canonicalize flag and with enterprise principal names
Pair-programmed-with: Garming Sam <garming@catalyst.net.nz>
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Andrew Bartlett [Fri, 23 Jan 2015 03:41:50 +0000 (16:41 +1300)]
kdc: Correctly return the krbtgt/realm@REALM principal from our KDC
This needs to vary depending on if the client requested the canonicalize flag
This was found by our new krb5.kdc test
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Pair-programmed-with: Garming Sam <garming@catalyst.net.nz>
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Andrew Bartlett [Fri, 23 Jan 2015 01:28:56 +0000 (14:28 +1300)]
torture-krb5: Move checking of server and client names to krb5.kdc.canon
This keeps this test in one place, rather than duplicated between krb5.kdc and krb5.kdc.canon
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Pair-programmed-with: Garming Sam <garming@catalyst.net.nz>
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Andrew Bartlett [Fri, 23 Jan 2015 01:38:51 +0000 (14:38 +1300)]
torture-krb5: Move test of krb5_get_init_creds_opt_set_win2k to krb5.kdc.canon
This allows the impact of this to be verified with the other options we are setting
This also removes duplication in the kdc.c testsuite.
Pair-programmed-with: Garming Sam <garming@catalyst.net.nz>
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Andrew Bartlett [Fri, 23 Jan 2015 01:28:28 +0000 (14:28 +1300)]
torture-krb5: Split the expected behaviour of the RODC up
The expectations of the cached accounts are different to those of the RODC in general.
Pair-programmed-with: Garming Sam <garming@catalyst.net.nz>
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Andrew Bartlett [Fri, 23 Jan 2015 01:09:33 +0000 (14:09 +1300)]
torture-kdc: Skip the request-pac behaviour for now against an RODC
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Andrew Bartlett [Fri, 23 Jan 2015 01:07:41 +0000 (14:07 +1300)]
torture-krb5: Add comments
Signed-off-by: Andrew Bartlett <abartlet@samba.org>