kai/samba.git
8 years agoheimdal Don't dereference NULL in error verify_checksum error path
Andrew Bartlett [Thu, 11 Nov 2010 09:44:16 +0000 (20:44 +1100)]
heimdal Don't dereference NULL in error verify_checksum error path

Autobuild-User: Andrew Bartlett <abartlet@samba.org>
Autobuild-Date: Thu Nov 11 10:37:03 UTC 2010 on sn-devel-104

8 years agos4-provision UTF16 encode the password in sam.ldb, not secrets.ldb
Andrew Bartlett [Thu, 11 Nov 2010 08:55:26 +0000 (19:55 +1100)]
s4-provision UTF16 encode the password in sam.ldb, not secrets.ldb

The password in secrets.ldb is UTF8, while clearTextPassword in
sam.ldb is UTF16.

This corrects commit bd5039546e520b6d6897a658bc0a358f0511f7c7, which
had these the wrong way around.

Andrew Bartlett

8 years agos4-dsdb Remove incorrectly declared ** variable used as *.
Andrew Bartlett [Thu, 11 Nov 2010 07:36:06 +0000 (18:36 +1100)]
s4-dsdb Remove incorrectly declared ** variable used as *.

The cleartext_utf16_str variable was declared char **, but due to the
cast on convert_string_talloc() and the lack of type checking here and
on data_blob_const (due to void *) it was able to be used as if it was
a char *.

The simple solution seems to be to fill in cleartext_utf16 blob directly.

Andrew Bartlett

8 years agos4-dsdb Convert new krbtgt_xxx password into UTF16
Andrew Bartlett [Thu, 11 Nov 2010 07:33:14 +0000 (18:33 +1100)]
s4-dsdb Convert new krbtgt_xxx password into UTF16

The new stricter test on clearTextPassword values caught out that
we did not provide a utf16 password here.

Andrew Bartlett

8 years agos4-dsdb Return an error if we can't convert UTF16MUNGED -> UTF8
Andrew Bartlett [Thu, 11 Nov 2010 06:59:16 +0000 (17:59 +1100)]
s4-dsdb Return an error if we can't convert UTF16MUNGED -> UTF8

The UTF16MUNGED helper will map all invalid sequences (except odd
input length) to valid input sequences, per the rules.  Therefore if
it fails, we need to bail out, somehing serious is wrong.

Andrew Bartlett

8 years agos4:pytevent.c - fix a discard const warning
Matthias Dieter Wallnöfer [Wed, 10 Nov 2010 15:21:41 +0000 (16:21 +0100)]
s4:pytevent.c - fix a discard const warning

Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org>
Autobuild-Date: Thu Nov 11 09:47:55 UTC 2010 on sn-devel-104

8 years agoldb:ldb_ldap.c rename operation - check for the RDN name and value
Matthias Dieter Wallnöfer [Wed, 10 Nov 2010 15:20:38 +0000 (16:20 +0100)]
ldb:ldb_ldap.c rename operation - check for the RDN name and value

Make it more similar to "ldb_ildap.c" and also more save

8 years agos4:dsdb - proof against empty RDN values where expected
Matthias Dieter Wallnöfer [Wed, 10 Nov 2010 15:05:16 +0000 (16:05 +0100)]
s4:dsdb - proof against empty RDN values where expected

This should prevent crashes as pointed out on the mailing list.

8 years agoCannot create OU using custom Schema class
Zahari Zahariev [Tue, 9 Nov 2010 12:55:32 +0000 (14:55 +0200)]
Cannot create OU using custom Schema class

If we define our own child class 'subClassOf' system Schema class
e.g. organizationalUnit then we cannot create OU in the Dafualt
Naming Context that has this custom Schama class in the objectClass
attribute.

8 years agos4:objectclass LDB module - allow RDNs also to come from superclasses
Matthias Dieter Wallnöfer [Wed, 10 Nov 2010 14:12:02 +0000 (15:12 +0100)]
s4:objectclass LDB module - allow RDNs also to come from superclasses

Detected by a testcase written by Zahari Zahariev.

8 years agos4:passwords.py - add a test for the normal "userPassword" behaviour
Matthias Dieter Wallnöfer [Tue, 9 Nov 2010 14:04:47 +0000 (15:04 +0100)]
s4:passwords.py - add a test for the normal "userPassword" behaviour

Just to make sure that this works now too

8 years agos4:password_hash and acl LDB modules - handle the "userPassword" attribute according...
Matthias Dieter Wallnöfer [Tue, 9 Nov 2010 13:39:30 +0000 (14:39 +0100)]
s4:password_hash and acl LDB modules - handle the "userPassword" attribute according to the "dSHeuristics"

8 years agos4:password_hash LDB module - move "samdb_msg_find_old_and_new_ldb_val" into the...
Matthias Dieter Wallnöfer [Tue, 9 Nov 2010 13:45:18 +0000 (14:45 +0100)]
s4:password_hash LDB module - move "samdb_msg_find_old_and_new_ldb_val" into the password_hash LDB module

It's only used there and so I think it doesn't really belong in
"dsdb/common/util.c" (I first thought that it could be useful for ACL checking
but obviously it wasn't).

8 years agos4:libnet/libnet_samsync_ldb.c - remove "userPassword" remove code
Matthias Dieter Wallnöfer [Tue, 9 Nov 2010 17:46:37 +0000 (18:46 +0100)]
s4:libnet/libnet_samsync_ldb.c - remove "userPassword" remove code

It could also be a normal attribute with a normal content, and if it's not
like that then it's for sure empty.

8 years agos4:local_password LDB module - remove schema checking code and fix some typos
Matthias Dieter Wallnöfer [Tue, 9 Nov 2010 17:42:26 +0000 (18:42 +0100)]
s4:local_password LDB module - remove schema checking code and fix some typos

This is now done by the "objectclass_attrs" LDB module.

8 years agos4:ldb_modules/util.c - "dsHeuristics" -> "dSHeuristics"
Matthias Dieter Wallnöfer [Tue, 9 Nov 2010 18:44:27 +0000 (19:44 +0100)]
s4:ldb_modules/util.c - "dsHeuristics" -> "dSHeuristics"

8 years agos4:selftest/tests.py - skip the "passwords.py" suite on Windows 2000 domain function...
Matthias Dieter Wallnöfer [Thu, 11 Nov 2010 09:01:26 +0000 (10:01 +0100)]
s4:selftest/tests.py - skip the "passwords.py" suite on Windows 2000 domain function level

The "userPassword" password change functionality isn't available and so it
causes big parts of the testsuite to fail. On the other hand we've basic tests
in "acl.py" and indirectly also over SAMR and kpasswd so I propose to simply
skip it.

8 years agos4:acl.py - two password change tests are expected to fails on Windows 2000 function...
Matthias Dieter Wallnöfer [Thu, 11 Nov 2010 08:33:06 +0000 (09:33 +0100)]
s4:acl.py - two password change tests are expected to fails on Windows 2000 function level

8 years agos4:upgradehelpers.py - use "clearTextPassword" rather than "userPassword"
Matthias Dieter Wallnöfer [Wed, 10 Nov 2010 13:01:58 +0000 (14:01 +0100)]
s4:upgradehelpers.py - use "clearTextPassword" rather than "userPassword"

It's the default internal s4 password change attribute

8 years agos4:speedtest.py - use "unicodePwd" for setting user's password
Matthias Dieter Wallnöfer [Wed, 10 Nov 2010 12:26:31 +0000 (13:26 +0100)]
s4:speedtest.py - use "unicodePwd" for setting user's password

It's available on all AD hosts (including Windows 2000) and on all configurations!

8 years agos4:speedtest.py - remove duplicated code
Matthias Dieter Wallnöfer [Wed, 10 Nov 2010 12:28:22 +0000 (13:28 +0100)]
s4:speedtest.py - remove duplicated code

8 years agos4:speedtest.py - fix script name in the help text
Matthias Dieter Wallnöfer [Wed, 10 Nov 2010 12:37:46 +0000 (13:37 +0100)]
s4:speedtest.py - fix script name in the help text

8 years agos4:speedtest.py - make it executable
Matthias Dieter Wallnöfer [Wed, 10 Nov 2010 12:29:14 +0000 (13:29 +0100)]
s4:speedtest.py - make it executable

8 years agos4:python tests - fix script names in the help text
Matthias Dieter Wallnöfer [Wed, 10 Nov 2010 12:35:30 +0000 (13:35 +0100)]
s4:python tests - fix script names in the help text

8 years agos4-loadparm: fix the FLAG_DEFAULT settings on specially handled parameters
Andrew Tridgell [Thu, 11 Nov 2010 02:56:44 +0000 (13:56 +1100)]
s4-loadparm: fix the FLAG_DEFAULT settings on specially handled parameters

parameters with special handlers also need to clear the FLAG_DEFAULT
flag when set

Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>

Autobuild-User: Andrew Tridgell <tridge@samba.org>
Autobuild-Date: Thu Nov 11 03:39:23 UTC 2010 on sn-devel-104

8 years agos4-provision: include command line provision options in the generated smb.conf
Andrew Tridgell [Thu, 11 Nov 2010 02:09:29 +0000 (13:09 +1100)]
s4-provision: include command line provision options in the generated smb.conf

this saves the smb.conf using lp.dump_globals() to ensure that any
command line options (for example directory overrides) are saved in
the generated smb.conf

Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>

8 years agos4-devel: useful script for testing join with empty smb.conf
Andrew Tridgell [Thu, 11 Nov 2010 00:18:48 +0000 (11:18 +1100)]
s4-devel: useful script for testing join with empty smb.conf

this sets up all the needed --options for a join with a prefix other
than the one compiled in

8 years agos4-test: use IPC$ instead of ADMIN$ for srvsvc NetShareGetInfo test
Andrew Tridgell [Thu, 11 Nov 2010 00:16:23 +0000 (11:16 +1100)]
s4-test: use IPC$ instead of ADMIN$ for srvsvc NetShareGetInfo test

IPC$ is guaranteed to exist on servers that do RPC, whereas ADMIN$
isn't

Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>

8 years agos4-join: use the command line loadparm in provision during a join
Andrew Tridgell [Wed, 10 Nov 2010 23:45:13 +0000 (10:45 +1100)]
s4-join: use the command line loadparm in provision during a join

this allows a join with an empty smb.conf to override locations of
files correctly with --option

Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>

8 years agos4-loadparm: fixed dumping of non-default parms with testparm
Andrew Tridgell [Wed, 10 Nov 2010 23:39:19 +0000 (10:39 +1100)]
s4-loadparm: fixed dumping of non-default parms with testparm

when using testparm without -v we should only dump non-default
parameters. This patch fixes up the handling of the FLAG_DEFAULT flag
in loadparm to correctly mark parameters as default or not, including
parametric options

Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>

8 years agos4-server: move the creation of the IPC$ share into ntvfs
Andrew Tridgell [Wed, 10 Nov 2010 23:35:38 +0000 (10:35 +1100)]
s4-server: move the creation of the IPC$ share into ntvfs

the IPC$ share is only used by the ntvfs backends, and doesn't need to
be created on every load of smb.conf. This fixes a problem with
testparm showing the ipc$ share when it isn't defined in smb.conf.

This also removes the admin$ share, which really shouldn't be on by
default. The admin$ share is used for remote software installation,
and normally exposes the c:\windows directory on a windows
server. That makes no sense on Samba. If for some reason a admin$
share is needed, then the admin can create one as usual. Exposing /tmp
via admin$ by default seems like a bad idea.

Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>

8 years agoFix bug #7791 - gvfsd-smb (Gnome vfs) fails to copy files from a SMB share using...
Jeremy Allison [Thu, 11 Nov 2010 01:59:05 +0000 (17:59 -0800)]
Fix bug #7791 - gvfsd-smb (Gnome vfs) fails to copy files from a SMB share using SMB signing.

The underlying problem is that the old code invoked by cli_write() increments
cli->mid directly when issuing outstanding writes. This should now be done only
in libsmb/clientgen.c to make metze's new signing engine works correctly. Just
deleting this code fixes the problem.

Jeremy.

Autobuild-User: Jeremy Allison <jra@samba.org>
Autobuild-Date: Thu Nov 11 02:50:08 UTC 2010 on sn-devel-104

8 years agoAdd test that detects problems in the SMB signing code when run through cli_write...
Jeremy Allison [Thu, 11 Nov 2010 01:54:57 +0000 (17:54 -0800)]
Add test that detects problems in the SMB signing code when run through cli_write() (which doesn't use the new async methods).

Unfortunately, and I think due to the socket wrapper code, this doesn't
detect the failure on the build farm, but running the RW-SIGNING test
separately against a Samba or Windows server using signing does.

Jeremy.

8 years agoautobuild: perfer to use git mail address in autobuild comment
Björn JACKE [Wed, 10 Nov 2010 23:12:07 +0000 (10:12 +1100)]
autobuild: perfer to use git mail address in autobuild comment

Signed-off-by: Andrew Tridgell <tridge@samba.org>
Autobuild-User: Andrew Tridgell <tridge@samba.org>
Autobuild-Date: Wed Nov 10 23:56:37 UTC 2010 on sn-devel-104

8 years agos4-smbtorture: use test_GetPrinterData{Ex}_checktype calls in RPC-SPOOLSS tests.
Günther Deschner [Wed, 10 Nov 2010 14:21:15 +0000 (15:21 +0100)]
s4-smbtorture: use test_GetPrinterData{Ex}_checktype calls in RPC-SPOOLSS tests.

Guenther

Autobuild-User: Günther Deschner <gd@samba.org>
Autobuild-Date: Wed Nov 10 15:07:12 UTC 2010 on sn-devel-104

8 years agos3-spoolss: fix spoolss GetPrinterData behaviour
David Disseldorp [Fri, 5 Nov 2010 14:24:22 +0000 (15:24 +0100)]
s3-spoolss: fix spoolss GetPrinterData behaviour

Windows sends spoolss GetPrinterData requests with an offered buffer
size of zero, Model and TrayFormTable data is commonly requested in
this way.

Samba's GetPrinterData response for the above case includes the correct
error code (WERR_MORE_DATA), however the type field is set to REG_NONE.
This causes Windows (seen on XP and 2k3) to give up on the request.

If the type field is retained (not set to REG_NONE) when responding with
WERR_MORE_DATA, Windows reissues the GetPrinterData request with an
increased offered buffer size.

Signed-off-by: Günther Deschner <gd@samba.org>
8 years agos4-smbtorture: allow to test returned type after specific error code in PrinterData...
Günther Deschner [Wed, 10 Nov 2010 09:19:01 +0000 (10:19 +0100)]
s4-smbtorture: allow to test returned type after specific error code in PrinterData tests.

Guenther

8 years agos3/time_audit: fix a change that was just for debuggin purposeѕ
Björn Jacke [Wed, 10 Nov 2010 11:39:41 +0000 (12:39 +0100)]
s3/time_audit: fix a change that was just for debuggin purposeѕ

Autobuild-User: Björn Jacke <bjacke@samba.org>
Autobuild-Date: Wed Nov 10 12:28:41 UTC 2010 on sn-devel-104

8 years agos4-pyldb: Handle internal errors in py_ldb_contains() properly
Kamen Mazdrashki [Mon, 8 Nov 2010 22:21:57 +0000 (00:21 +0200)]
s4-pyldb: Handle internal errors in py_ldb_contains() properly

It is an exceptional condition for ldb_search() to return
more than one results during SCOPE_BASE search on DN

Autobuild-User: Kamen Mazdrashki <kamenim@samba.org>
Autobuild-Date: Wed Nov 10 09:02:00 UTC 2010 on sn-devel-104

8 years agos4-pydsdb: py_dsdb_am_rodc() may call samdb_rodc() only once to get the job done :)
Kamen Mazdrashki [Mon, 8 Nov 2010 21:57:31 +0000 (23:57 +0200)]
s4-pydsdb: py_dsdb_am_rodc() may call samdb_rodc() only once to get the job done :)

8 years agos4-pydsdb: py_dsdb_load_partition_usn() - simplify error handling in
Kamen Mazdrashki [Mon, 8 Nov 2010 21:50:23 +0000 (23:50 +0200)]
s4-pydsdb: py_dsdb_load_partition_usn() - simplify error handling in

and print on which partition error has occured

8 years agos4-pydsdb-py_samdb_ntds_objectGUID(): Avoid potential memory leak
Kamen Mazdrashki [Mon, 8 Nov 2010 21:40:14 +0000 (23:40 +0200)]
s4-pydsdb-py_samdb_ntds_objectGUID(): Avoid potential memory leak

in case py_ldb is not a valid LDB

8 years agos4-pydsdb-py_dsdb_get_oid_from_attid(): Avoid potential memory leak
Kamen Mazdrashki [Mon, 8 Nov 2010 21:36:09 +0000 (23:36 +0200)]
s4-pydsdb-py_dsdb_get_oid_from_attid(): Avoid potential memory leak

in case py_ldb is not a valid LDB

8 years agos4-pydsdb.c: Fix small memory leak in py_samdb_set_domain_sid()
Kamen Mazdrashki [Mon, 8 Nov 2010 21:09:44 +0000 (23:09 +0200)]
s4-pydsdb.c: Fix small memory leak in py_samdb_set_domain_sid()

8 years agos4/syntax: Add tests for DN+String and DN+Binary
Anatoliy Atanasov [Tue, 9 Nov 2010 20:58:39 +0000 (22:58 +0200)]
s4/syntax: Add tests for DN+String and DN+Binary

These tests aim to verify the behavior for 2.5.5.7 and 2.5.5.14 syntaxes.

Autobuild-User: Anatoliy Atanasov <anatoliy@samba.org>
Autobuild-Date: Wed Nov 10 06:57:04 UTC 2010 on sn-devel-104

8 years agoFix memleak I accidently introduced when reading from tdb.
Jeremy Allison [Wed, 10 Nov 2010 00:55:43 +0000 (16:55 -0800)]
Fix memleak I accidently introduced when reading from tdb.

Autobuild-User: Jeremy Allison <jra@samba.org>
Autobuild-Date: Wed Nov 10 01:56:21 UTC 2010 on sn-devel-104

8 years agoFix bug 7781 - Samba transforms ShareName to lowercase (sharename) when adding new...
Jeremy Allison [Tue, 9 Nov 2010 23:07:49 +0000 (15:07 -0800)]
Fix bug 7781 - Samba transforms ShareName to lowercase (sharename) when adding new share via MMC

Change the find_service() interface to not depend on fstring, and
create a useable talloc-based interface.

Jeremy.

8 years agoEnsure we check the return from make_user_info before dereferencing the value returne...
Jeremy Allison [Tue, 9 Nov 2010 21:24:03 +0000 (13:24 -0800)]
Ensure we check the return from make_user_info before dereferencing the value returned by it.

Jeremy.

8 years agoRemove fstring from map_username. Create a more sane interface than the called-parame...
Jeremy Allison [Tue, 9 Nov 2010 20:07:25 +0000 (12:07 -0800)]
Remove fstring from map_username. Create a more sane interface than the called-parameter-is-modified.

Jeremy.

8 years agos3/vfs_time_audit: use monotonic clock for time deltas
Björn Jacke [Tue, 9 Nov 2010 23:40:29 +0000 (00:40 +0100)]
s3/vfs_time_audit: use monotonic clock for time deltas

Autobuild-User: Björn Jacke <bjacke@samba.org>
Autobuild-Date: Wed Nov 10 01:13:22 UTC 2010 on sn-devel-104

8 years agos4: point to the wiki howto for s4
Andrew Tridgell [Tue, 9 Nov 2010 22:57:25 +0000 (09:57 +1100)]
s4: point to the wiki howto for s4

Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>

Autobuild-User: Andrew Tridgell <tridge@samba.org>
Autobuild-Date: Tue Nov  9 23:38:28 UTC 2010 on sn-devel-104

8 years agos4-join: raise mininum password length to 32 in new join code
Andrew Tridgell [Tue, 9 Nov 2010 22:14:57 +0000 (09:14 +1100)]
s4-join: raise mininum password length to 32 in new join code

8 years agos4:dsdb/operational.c: use DSDB_SECRET_ATTRIBUTES_EX()
Stefan Metzmacher [Tue, 9 Nov 2010 18:50:40 +0000 (19:50 +0100)]
s4:dsdb/operational.c: use DSDB_SECRET_ATTRIBUTES_EX()

metze

Autobuild-User: Stefan Metzmacher <metze@samba.org>
Autobuild-Date: Tue Nov  9 22:43:44 UTC 2010 on sn-devel-104

8 years agos4:dsdb/common: add DSDB_SECRET_ATTRIBUTES_EX()
Stefan Metzmacher [Tue, 9 Nov 2010 21:22:40 +0000 (22:22 +0100)]
s4:dsdb/common: add DSDB_SECRET_ATTRIBUTES_EX()

metze

8 years agos4:dsdb/local_password: use DSDB_SECRET_ATTRIBUTES
Stefan Metzmacher [Tue, 9 Nov 2010 18:50:17 +0000 (19:50 +0100)]
s4:dsdb/local_password: use DSDB_SECRET_ATTRIBUTES

metze

8 years agos4:dsdb/schema/schema_filtered.c: make never_in_filtered_attrs static const
Stefan Metzmacher [Tue, 9 Nov 2010 18:49:29 +0000 (19:49 +0100)]
s4:dsdb/schema/schema_filtered.c: make never_in_filtered_attrs static const

metze

8 years agos4:dsdb/schema/schema_filtered.c: use DSDB_SECRET_ATTRIBUTES
Stefan Metzmacher [Tue, 9 Nov 2010 18:48:55 +0000 (19:48 +0100)]
s4:dsdb/schema/schema_filtered.c: use DSDB_SECRET_ATTRIBUTES

metze

8 years agos4:rpc_server/drsuapi: don't ask for constructed "distinguishedName" if we don't...
Stefan Metzmacher [Tue, 9 Nov 2010 18:53:45 +0000 (19:53 +0100)]
s4:rpc_server/drsuapi: don't ask for constructed "distinguishedName" if we don't use it

metze

8 years agos4:rpc_server/drsuapi: make msg_attrs static const
Stefan Metzmacher [Tue, 9 Nov 2010 18:52:49 +0000 (19:52 +0100)]
s4:rpc_server/drsuapi: make msg_attrs static const

metze

8 years agos4:rpc_server/drsuapi: let dcesrv_drsuapi_DsGetNCChanges() use DSDB_SECRET_ATTRIBUTES
Stefan Metzmacher [Tue, 9 Nov 2010 18:45:31 +0000 (19:45 +0100)]
s4:rpc_server/drsuapi: let dcesrv_drsuapi_DsGetNCChanges() use DSDB_SECRET_ATTRIBUTES

We should replicate all secret attributes back to other DCs.

metze

8 years agos4:dsdb/common: create a DSDB_SECRET_ATTRIBUTES define with all secret attributes
Stefan Metzmacher [Tue, 9 Nov 2010 18:44:12 +0000 (19:44 +0100)]
s4:dsdb/common: create a DSDB_SECRET_ATTRIBUTES define with all secret attributes

We should have them just in one place, so that we don't forget some of them.

metze

8 years agos3: Quieten a bogus error message
Volker Lendecke [Tue, 9 Nov 2010 19:29:17 +0000 (20:29 +0100)]
s3: Quieten a bogus error message

This happens if you set "auth methods = winbind" without a fallback method.

The return NT_STATUS_LOGON_FAILURE; is not strictly require here, because we
fall through to the equivalent statement a few lines down, but it makes the
code a bit clearer IMO.

Autobuild-User: Volker Lendecke <vlendec@samba.org>
Autobuild-Date: Tue Nov  9 20:15:59 UTC 2010 on sn-devel-104

8 years agos3: Package autorid module
Volker Lendecke [Tue, 9 Nov 2010 15:38:27 +0000 (08:38 -0700)]
s3: Package autorid module

Autobuild-User: Volker Lendecke <vlendec@samba.org>
Autobuild-Date: Tue Nov  9 16:21:48 UTC 2010 on sn-devel-104

8 years agoraw.h is only needed in the S4 build
Volker Lendecke [Tue, 9 Nov 2010 14:06:48 +0000 (15:06 +0100)]
raw.h is only needed in the S4 build

Autobuild-User: Volker Lendecke <vlendec@samba.org>
Autobuild-Date: Tue Nov  9 14:49:14 UTC 2010 on sn-devel-104

8 years agos4:provision_self_join.ldif - the object SID in AD is called "objectSid"
Matthias Dieter Wallnöfer [Tue, 9 Nov 2010 12:27:57 +0000 (13:27 +0100)]
s4:provision_self_join.ldif - the object SID in AD is called "objectSid"

Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org>
Autobuild-Date: Tue Nov  9 13:18:29 UTC 2010 on sn-devel-104

8 years agos4:provision.py - strip trailing whitespaces
Matthias Dieter Wallnöfer [Tue, 9 Nov 2010 12:25:12 +0000 (13:25 +0100)]
s4:provision.py - strip trailing whitespaces

8 years agos4:provision - switch to "clearTextPassword" for setting passwords
Matthias Dieter Wallnöfer [Tue, 9 Nov 2010 12:22:00 +0000 (13:22 +0100)]
s4:provision - switch to "clearTextPassword" for setting passwords

This is the default password set/change attribute for s4 specific purposes
(otherwise in respect to Windows it's "unicodePwd"). We move away from
"userPassword" since on Windows it's not activated by default - and s4 will
follow soon.

8 years agos4-test: make sure the selftest prefix exists
Andrew Tridgell [Mon, 8 Nov 2010 23:22:48 +0000 (10:22 +1100)]
s4-test: make sure the selftest prefix exists

Autobuild-User: Andrew Tridgell <tridge@samba.org>
Autobuild-Date: Tue Nov  9 00:05:22 UTC 2010 on sn-devel-104

8 years agos4-drs: reduce verbosity of dreplsrv_out_connection_attach
Andrew Tridgell [Mon, 8 Nov 2010 23:05:49 +0000 (10:05 +1100)]
s4-drs: reduce verbosity of dreplsrv_out_connection_attach

8 years agoheimdal: fixed a shadowed variable warning for error_message
Andrew Tridgell [Mon, 8 Nov 2010 21:51:20 +0000 (08:51 +1100)]
heimdal: fixed a shadowed variable warning for error_message

Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>

8 years agos4-attid: Uppercase ATTID type constants
Kamen Mazdrashki [Mon, 8 Nov 2010 14:27:22 +0000 (16:27 +0200)]
s4-attid: Uppercase ATTID type constants

Thanks Metze for noting this!

Autobuild-User: Kamen Mazdrashki <kamenim@samba.org>
Autobuild-Date: Mon Nov  8 23:06:41 UTC 2010 on sn-devel-104

8 years agos4-test: Initial implementation for Schema replication black box test
Kamen Mazdrashki [Sun, 7 Nov 2010 02:41:50 +0000 (04:41 +0200)]
s4-test: Initial implementation for Schema replication black box test

8 years agoSecond part of fix for bug #7777 - When requesting lookups for BUILTIN sids, winbindd...
Jeremy Allison [Mon, 8 Nov 2010 21:41:34 +0000 (13:41 -0800)]
Second part of fix for bug #7777 - When requesting lookups for BUILTIN sids, winbindd allocates new uids/gids in error.

Ensure we return after calling passdb for SID lookups for which we are
authoritative.

Jeremy.

Autobuild-User: Jeremy Allison <jra@samba.org>
Autobuild-Date: Mon Nov  8 22:24:34 UTC 2010 on sn-devel-104

8 years agoEnsure we always have a mapped group for "Domain Users".
Jeremy Allison [Mon, 8 Nov 2010 21:39:51 +0000 (13:39 -0800)]
Ensure we always have a mapped group for "Domain Users".
Needed for DC tests to pass with bugfix for bug #7777.

Jeremy.

8 years agoFirst part of fix for bug #7777 - When requesting lookups for BUILTIN sids, winbindd...
Jeremy Allison [Mon, 8 Nov 2010 21:38:13 +0000 (13:38 -0800)]
First part of fix for bug #7777 - When requesting lookups for BUILTIN sids, winbindd allocates new uids/gids in error.

Ensure idmap_init_passdb_domain() correctly initialized the default
domain first.

Jeremy.

8 years agos3/configure: fix typo and warning
Björn Jacke [Mon, 8 Nov 2010 20:14:44 +0000 (21:14 +0100)]
s3/configure: fix typo and warning

Autobuild-User: Björn Jacke <bjacke@samba.org>
Autobuild-Date: Mon Nov  8 20:58:20 UTC 2010 on sn-devel-104

8 years agos4:password_hash LDB module - introduce a "userPassword" flag which enables/disables...
Matthias Dieter Wallnöfer [Mon, 8 Nov 2010 14:42:29 +0000 (15:42 +0100)]
s4:password_hash LDB module - introduce a "userPassword" flag which enables/disables the two "userPassword" behaviours

- Enabled: "userPassword" password change behaviour (will later be linked to the
  "dSHeuristics")
- Disabled: "userPassword" plain attribute behaviour (default)

Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org>
Autobuild-Date: Mon Nov  8 15:28:06 UTC 2010 on sn-devel-104

8 years agos4:pyldb.c - fix "py_ldb_contains" according to the comment by Jelmer
Matthias Dieter Wallnöfer [Mon, 8 Nov 2010 14:24:41 +0000 (15:24 +0100)]
s4:pyldb.c - fix "py_ldb_contains" according to the comment by Jelmer

8 years agos3-waf: add idmap_autorid to the build.
Günther Deschner [Mon, 8 Nov 2010 13:34:51 +0000 (14:34 +0100)]
s3-waf: add idmap_autorid to the build.

Guenther

Autobuild-User: Günther Deschner <gd@samba.org>
Autobuild-Date: Mon Nov  8 14:17:27 UTC 2010 on sn-devel-104

8 years agos3: Fix an uninitialized variable
Volker Lendecke [Mon, 8 Nov 2010 11:59:59 +0000 (12:59 +0100)]
s3: Fix an uninitialized variable

Autobuild-User: Volker Lendecke <vlendec@samba.org>
Autobuild-Date: Mon Nov  8 13:22:06 UTC 2010 on sn-devel-104

8 years agos3: Build idmap_autorid by default
Volker Lendecke [Mon, 8 Nov 2010 11:54:49 +0000 (12:54 +0100)]
s3: Build idmap_autorid by default

8 years agos3:idmap: add a new ID mapping module autorid
Christian Ambach [Wed, 7 Jul 2010 10:35:36 +0000 (12:35 +0200)]
s3:idmap: add a new ID mapping module autorid

This is an initial implementation of the idmap_autorid module.
It works similar to the idmap_rid module but requires less
configuration. It will automatically pick ranges for each domain,
so you do not have to bother any more about adding an idmap
configuration for all of the domains in the forest.

This is very easy to use and to configure and much more
deterministic and faster than idmap_tdb, the typical choice
of Samba users up to now.

8 years agos3:winbind add wcache_tdc_fetch_domainbysid
Christian Ambach [Fri, 29 Oct 2010 13:53:20 +0000 (15:53 +0200)]
s3:winbind add wcache_tdc_fetch_domainbysid

add a function to lookup a domain in the winbind cache by domain SID

8 years agos3: Put some parentheses around conditionals
Volker Lendecke [Mon, 8 Nov 2010 10:55:07 +0000 (11:55 +0100)]
s3: Put some parentheses around conditionals

8 years agos3: Consistently use stdbool types in new code
Volker Lendecke [Mon, 8 Nov 2010 10:50:51 +0000 (11:50 +0100)]
s3: Consistently use stdbool types in new code

8 years agos3:winbind add timeouts to winbind cache
Christian Ambach [Thu, 4 Nov 2010 16:10:25 +0000 (17:10 +0100)]
s3:winbind add timeouts to winbind cache

This adds a timeout value to cache entries and the NDR records
in the winbind cache.

The previous approach of just comparing the sequence number has some issues,
e.g. when retrying a wbinfo -n operation for a user in a not yet trusted
domain was always failing even after the trusted domain was added.

The new approach compares sequence number and timeout value to
determine if a cache entry is still valid or not.

I increased the cache version number so an old cache will be wiped
automatically after upgrade.

8 years agos4:passwords.py - test empty password attributes behaviour
Matthias Dieter Wallnöfer [Mon, 1 Nov 2010 18:54:07 +0000 (19:54 +0100)]
s4:passwords.py - test empty password attributes behaviour

Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org>
Autobuild-Date: Mon Nov  8 12:09:56 UTC 2010 on sn-devel-104

8 years agos4:password_hash LDB module - deleting password attributes is a little more complicated
Matthias Dieter Wallnöfer [Mon, 8 Nov 2010 10:33:53 +0000 (11:33 +0100)]
s4:password_hash LDB module - deleting password attributes is a little more complicated

8 years agos4:samdb_msg_find_old_and_new_ldb_val - rework
Matthias Dieter Wallnöfer [Sun, 7 Nov 2010 21:08:19 +0000 (22:08 +0100)]
s4:samdb_msg_find_old_and_new_ldb_val - rework

- don't crash when no values where specified
- return ERR_CONSTRAINT_VIOLATION on malformed messages
- only check for flags when we are involved in a LDB modify operation

8 years agos4:password_hash LDB module - clear the fact that a delete of password attributes...
Matthias Dieter Wallnöfer [Mon, 8 Nov 2010 10:31:16 +0000 (11:31 +0100)]
s4:password_hash LDB module - clear the fact that a delete of password attributes isn't possible

8 years agos4:acl LDB module - define the delete passwords special case a bit better
Matthias Dieter Wallnöfer [Sun, 7 Nov 2010 21:37:39 +0000 (22:37 +0100)]
s4:acl LDB module - define the delete passwords special case a bit better

8 years agos4:passwords.py - add another two failure cases
Matthias Dieter Wallnöfer [Sun, 7 Nov 2010 21:35:29 +0000 (22:35 +0100)]
s4:passwords.py - add another two failure cases

8 years agoldb:pyldb.c - "py_ldb_msg_element_get" - here we can safely use "unsigned int" for...
Matthias Dieter Wallnöfer [Sat, 6 Nov 2010 16:50:25 +0000 (17:50 +0100)]
ldb:pyldb.c - "py_ldb_msg_element_get" - here we can safely use "unsigned int" for the element reference

We don't make use of "Py_List*" calls

Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org>
Autobuild-Date: Mon Nov  8 11:21:27 UTC 2010 on sn-devel-104

8 years agoldb:pyldb.c - "py_ldb_contains" - return only "0" not found, "1" found, "-1" error
Matthias Dieter Wallnöfer [Sat, 6 Nov 2010 16:49:18 +0000 (17:49 +0100)]
ldb:pyldb.c - "py_ldb_contains" - return only "0" not found, "1" found, "-1" error

8 years agoldb:pyldb.c - most of the times "time_t" is defined as "long int"
Matthias Dieter Wallnöfer [Sat, 6 Nov 2010 15:29:27 +0000 (16:29 +0100)]
ldb:pyldb.c - most of the times "time_t" is defined as "long int"

Therefore use a signed long int for conversions.

http://stackoverflow.com/questions/471248/what-is-ultimately-a-time-t-typedef-to

8 years agoldb:pyldb.c - fix some "Py_ssize_t" output warnings
Matthias Dieter Wallnöfer [Sat, 6 Nov 2010 17:03:22 +0000 (18:03 +0100)]
ldb:pyldb.c - fix some "Py_ssize_t" output warnings

8 years agoldb:pyldb.c - use "Py_ssize_t" for counting list entries
Matthias Dieter Wallnöfer [Sat, 6 Nov 2010 16:48:39 +0000 (17:48 +0100)]
ldb:pyldb.c - use "Py_ssize_t" for counting list entries

This seems to be the most appopriate type

8 years agoldb:pyldb.c - fix indentation
Matthias Dieter Wallnöfer [Sat, 6 Nov 2010 15:29:06 +0000 (16:29 +0100)]
ldb:pyldb.c - fix indentation

8 years agos4:pydsdb.c - use "Py_ssize_t" for Python list counters
Matthias Dieter Wallnöfer [Sat, 6 Nov 2010 15:28:33 +0000 (16:28 +0100)]
s4:pydsdb.c - use "Py_ssize_t" for Python list counters

Seems to be the most appropriate type

8 years agos4:pydsdb.c - introduce Python 2.4 compatibility defines
Matthias Dieter Wallnöfer [Sat, 6 Nov 2010 16:54:36 +0000 (17:54 +0100)]
s4:pydsdb.c - introduce Python 2.4 compatibility defines