nivanova/samba-autobuild/.git
6 years agodbckecker: fix nTSecurityDescriptor values from before 4.0.0rc6 (bug #9481)
Stefan Metzmacher [Sat, 19 Jan 2013 08:41:00 +0000 (09:41 +0100)]
dbckecker: fix nTSecurityDescriptor values from before 4.0.0rc6 (bug #9481)

They inherited effective ACE for the wrong object classes.

For SACL ACEs the problem was also present in 4.0.0.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
6 years agodsdb-descriptor: get_default_group() should always return the DAG sid (bug #9481)
Stefan Metzmacher [Thu, 24 Jan 2013 21:59:26 +0000 (22:59 +0100)]
dsdb-descriptor: get_default_group() should always return the DAG sid (bug #9481)

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
6 years agotests/sec_descriptor: the default owner behavior depends on domainControllerFunctiona...
Stefan Metzmacher [Thu, 24 Jan 2013 12:07:32 +0000 (13:07 +0100)]
tests/sec_descriptor: the default owner behavior depends on domainControllerFunctionality (bug #9481)

Not on the domainFunctionality.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
6 years agolibcli/security: calculate INHERIT_ONLY correcty for AUDIT and ALARM aces (bug #9481)
Stefan Metzmacher [Tue, 22 Jan 2013 14:38:07 +0000 (15:38 +0100)]
libcli/security: calculate INHERIT_ONLY correcty for AUDIT and ALARM aces (bug #9481)

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
6 years agos4-process_single: Use pid,task_id as cluster_id in process_single just like process_...
Andrew Bartlett [Fri, 25 Jan 2013 12:00:12 +0000 (23:00 +1100)]
s4-process_single: Use pid,task_id as cluster_id in process_single just like process_prefork

This avoids two different process single task servers (eg the drepl
server) sharing the same server id.  The task id starts at 2^31 to
avoid collision with the fd based scheme for connections.

Fix-bug: https://bugzilla.samba.org/show_bug.cgi?id=9598

Reported-by: Matthieu Patou <mat@matws.net>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Sat Jan 26 16:13:05 CET 2013 on sn-devel-104

6 years agopymessaging: Pass around the server_id struct to python callbacks rather than the...
Andrew Bartlett [Fri, 25 Jan 2013 22:09:23 +0000 (09:09 +1100)]
pymessaging: Pass around the server_id struct to python callbacks rather than the tuple

This is not used currently, but may avoid going to and from the python types when we do not need to.

Andrew Bartlett

Reviewed-by: Stefan Metzmacher <metze@samba.org>
6 years agopymessaging: Use correct unsigned types for server ID tuple elememnts
Andrew Bartlett [Fri, 25 Jan 2013 21:58:46 +0000 (08:58 +1100)]
pymessaging: Use correct unsigned types for server ID tuple elememnts

This is needed if we start using the top bits of these values.

Andrew Bartlett

Reviewed-by: Matthieu Patou <mat@matws.net>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
6 years agoldb: Ensure to decrement the transaction_active whenever we delete a transaction ldb-1.1.15
Andrew Bartlett [Fri, 25 Jan 2013 22:35:21 +0000 (09:35 +1100)]
ldb: Ensure to decrement the transaction_active whenever we delete a transaction

This is in the error path for prepare_commit, which rarely fails, but
when it does we need to ensure that when a new transaction is opened,
that it really starts a new transaction.

We bump the version to recognise critical fix for the AD DC

Without this fix, a single invalid inbound replicated link disables
all subsequent replication as we operate without a transaction (which
is refused by ldb_tdb).

Andrew Bartlett

Reviewed-by: Matthieu Patou <mat@matws.net>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
6 years agoldb: fix a warning by converting from TDB_DATA to struct ldb_val
Stefan Metzmacher [Thu, 24 Jan 2013 13:21:51 +0000 (14:21 +0100)]
ldb: fix a warning by converting from TDB_DATA to struct ldb_val

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
6 years agoRegression test for bug #9587 - archive flag is always set on directories.
Jeremy Allison [Thu, 24 Jan 2013 20:33:53 +0000 (12:33 -0800)]
Regression test for bug #9587 - archive flag is always set on directories.

Ensure we get the correct attributes on files
and directories after a rename.

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: David Disseldorp <ddiss@samba.org>
Autobuild-User(master): David Disseldorp <ddiss@samba.org>
Autobuild-Date(master): Fri Jan 25 13:42:40 CET 2013 on sn-devel-104

6 years agoFix bug #9587 - archive flag is always set on directories.
Jeremy Allison [Thu, 24 Jan 2013 19:02:30 +0000 (11:02 -0800)]
Fix bug #9587 - archive flag is always set on directories.

Creating a directory to a Samba share sets the attributes to 'D' only
(correct) - only when creating a new file should the 'A' attribute
be set.

However, doing a rename of that directory sets the 'A' attribute in error.
This should only be done on a file rename. smbclient regression test to follow.

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: David Disseldorp <ddiss@samba.org>
6 years agobug9598: s4-process_single: Use pid,fd as cluster_id in process_single just like...
Andrew Bartlett [Fri, 25 Jan 2013 02:15:51 +0000 (13:15 +1100)]
bug9598: s4-process_single: Use pid,fd as cluster_id in process_single just like process_prefork

This avoids two different process single servers (say LDAP and the RPC server) sharing the same
server id.

Fix-bug: https://bugzilla.samba.org/show_bug.cgi?id=9598

Reported-by: Matthieu Patou <mat@matws.net>
Reviewed-by: Matthieu Patou <mat@matws.net>
Signed-off-by: Andrew Bartlett <abartlett@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Fri Jan 25 12:00:04 CET 2013 on sn-devel-104

6 years agoAvoid a very small memleak on talloc_tos()
Volker Lendecke [Thu, 24 Jan 2013 15:39:05 +0000 (16:39 +0100)]
Avoid a very small memleak on talloc_tos()

"fname" did leak on talloc_tos(). Not really a bad memleak, but as I
just came across it I thought I might just fix it

Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Fri Jan 25 00:54:01 CET 2013 on sn-devel-104

6 years agoFix bug #9572 - File corruption during SMB1 read by Mac OSX 10.8.2 clients.
Jeremy Allison [Wed, 23 Jan 2013 17:57:50 +0000 (09:57 -0800)]
Fix bug #9572 - File corruption during SMB1 read by Mac OSX 10.8.2 clients.

Accept a large read if we told the client we have UNIX extensions
and the client sent a non-zero upper 16-bit size.

Do the non-zero upper 16-bit size check first to save a function
call in what is a hot path.

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Thu Jan 24 21:01:51 CET 2013 on sn-devel-104

6 years agoRevert "s3:smbd: SMB ReadX with size > 0xffff should only possible for samba clients."
Jeremy Allison [Tue, 22 Jan 2013 20:38:28 +0000 (12:38 -0800)]
Revert "s3:smbd: SMB ReadX with size > 0xffff should only possible for samba clients."

Part of fix for bug #9572 -  File corruption during SMB1 read by Mac OSX 10.8.2 clients

This reverts commit f8c26c16b82989e002b839fc9eba6386fc036f6a.

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
6 years agos4-torture: add some basic tests for PlayGDIScriptOnPrinterIC.
Günther Deschner [Wed, 23 Jan 2013 09:33:21 +0000 (10:33 +0100)]
s4-torture: add some basic tests for PlayGDIScriptOnPrinterIC.

Guenther

Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Thu Jan 24 19:20:52 CET 2013 on sn-devel-104

6 years agos3-rpcclient: add cmd_spoolss_play_gdi_script_on_printer_ic.
Günther Deschner [Wed, 23 Jan 2013 08:31:01 +0000 (09:31 +0100)]
s3-rpcclient: add cmd_spoolss_play_gdi_script_on_printer_ic.

Guenther

Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
6 years agospoolss: add UNIVERSAL_FONT_ID_ctr for debugging.
Günther Deschner [Thu, 24 Jan 2013 16:10:17 +0000 (17:10 +0100)]
spoolss: add UNIVERSAL_FONT_ID_ctr for debugging.

Guenther

Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
6 years agospoolss: Add UNIVERSAL_FONT_ID.
Günther Deschner [Wed, 23 Jan 2013 10:11:26 +0000 (11:11 +0100)]
spoolss: Add UNIVERSAL_FONT_ID.

Guenther

Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
6 years agospoolss: fill in spoolss_PlayGDIScriptOnPrinterIC IDL.
Günther Deschner [Wed, 23 Jan 2013 08:01:05 +0000 (09:01 +0100)]
spoolss: fill in spoolss_PlayGDIScriptOnPrinterIC IDL.

Guenther

Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
6 years agos3-rpcclient: decode OsVersion{Ex} binary blobs when displaying printerdata.
Günther Deschner [Tue, 22 Jan 2013 14:57:22 +0000 (15:57 +0100)]
s3-rpcclient: decode OsVersion{Ex} binary blobs when displaying printerdata.

Guenther

Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
6 years agos3-spoolss: Make it easier to manipulate the returned OSVersion at runtime.
Günther Deschner [Sat, 19 Jan 2013 00:37:29 +0000 (01:37 +0100)]
s3-spoolss: Make it easier to manipulate the returned OSVersion at runtime.

Guenther

Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
6 years agospoolss: make spoolss deal with ndr64 StartDocPrinter by using proper container object.
Günther Deschner [Fri, 18 Jan 2013 21:22:13 +0000 (22:22 +0100)]
spoolss: make spoolss deal with ndr64 StartDocPrinter by using proper container object.

Guenther

Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
6 years agospoolss: add more spoolss_DriverAttributes values.
Günther Deschner [Fri, 18 Jan 2013 12:43:05 +0000 (13:43 +0100)]
spoolss: add more spoolss_DriverAttributes values.

The level5 driver does return only one of these flags with a different value,
will get fixed later.

Guenther

Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
6 years agodocs: ldbsearch.1.xml: Correct meta data.
Karolin Seeger [Thu, 24 Jan 2013 10:52:37 +0000 (11:52 +0100)]
docs: ldbsearch.1.xml: Correct meta data.

Signed-off-by: Karolin Seeger <kseeger@samba.org>
Karolin

Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Thu Jan 24 16:09:37 CET 2013 on sn-devel-104

6 years agodocs: ldbrename.1.xml: Correct meta data.
Karolin Seeger [Thu, 24 Jan 2013 10:52:15 +0000 (11:52 +0100)]
docs: ldbrename.1.xml: Correct meta data.

Signed-off-by: Karolin Seeger <kseeger@samba.org>
Karolin

Reviewed-by: Stefan Metzmacher <metze@samba.org>
6 years agodocs: ldbmodify.1.xml: Correct meta data.
Karolin Seeger [Thu, 24 Jan 2013 10:51:49 +0000 (11:51 +0100)]
docs: ldbmodify.1.xml: Correct meta data.

Signed-off-by: Karolin Seeger <kseeger@samba.org>
Karolin

Reviewed-by: Stefan Metzmacher <metze@samba.org>
6 years agodocs: ldbedit.1.xml: Correct meta data.
Karolin Seeger [Thu, 24 Jan 2013 10:51:28 +0000 (11:51 +0100)]
docs: ldbedit.1.xml: Correct meta data.

Signed-off-by: Karolin Seeger <kseeger@samba.org>
Karolin

Reviewed-by: Stefan Metzmacher <metze@samba.org>
6 years agodocs: ldbdel.1.xml: Correct meta data.
Karolin Seeger [Thu, 24 Jan 2013 10:50:55 +0000 (11:50 +0100)]
docs: ldbdel.1.xml: Correct meta data.

Signed-off-by: Karolin Seeger <kseeger@samba.org>
Karolin

Reviewed-by: Stefan Metzmacher <metze@samba.org>
6 years agodocs: ldbadd.1.xml: Correct meta data.
Karolin Seeger [Thu, 24 Jan 2013 10:50:26 +0000 (11:50 +0100)]
docs: ldbadd.1.xml: Correct meta data.

Signed-off-by: Karolin Seeger <kseeger@samba.org>
Karolin

Reviewed-by: Stefan Metzmacher <metze@samba.org>
6 years agodocs: ldb.3.xml: Correct meta data.
Karolin Seeger [Thu, 24 Jan 2013 10:50:00 +0000 (11:50 +0100)]
docs: ldb.3.xml: Correct meta data.

Signed-off-by: Karolin Seeger <kseeger@samba.org>
Karolin

Reviewed-by: Stefan Metzmacher <metze@samba.org>
6 years agogensec: Allow login without a PAC by default (bug #9581)
Andrew Bartlett [Tue, 22 Jan 2013 03:45:14 +0000 (14:45 +1100)]
gensec: Allow login without a PAC by default (bug #9581)

The sense of this test was inverted.  We only want to take the ACCESS_DENIED error
if gensec:require_pac=true.

Andrew Bartlett

Reviewed-by: Stefan Metzmacher <metze@samba.org>
6 years agoFix bug #9586 - smbd[29175]: disk_free: sys_popen() failed" message logged in /var...
Jeremy Allison [Wed, 23 Jan 2013 22:39:09 +0000 (14:39 -0800)]
Fix bug #9586 - smbd[29175]: disk_free: sys_popen() failed" message logged in /var/log/message many times.

Ensure when reading lines from an interruptible
pipe source we ignore EINTR.

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Thu Jan 24 10:45:48 CET 2013 on sn-devel-104

6 years agodsdb-acl: remove unused variable
Stefan Metzmacher [Thu, 17 Jan 2013 16:19:03 +0000 (17:19 +0100)]
dsdb-acl: remove unused variable

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Wed Jan 23 20:04:09 CET 2013 on sn-devel-104

6 years agosmbd: Fix a NULL vs false return error
Volker Lendecke [Tue, 22 Jan 2013 12:14:41 +0000 (13:14 +0100)]
smbd: Fix a NULL vs false return error

Reviewed-by: Stefan Metzmacher <metze@samba.org>
6 years agowaf: Fix pdb_ldap which cannot be built as a module.
Andreas Schneider [Tue, 22 Jan 2013 08:55:02 +0000 (09:55 +0100)]
waf: Fix pdb_ldap which cannot be built as a module.

The module has two init functions, pdb_ldap_init() and
pdb_ldapsam_init(). As a shared module only one can be found until we
create a symlink.

Reviewed-by: Günther Deschner <gd@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Wed Jan 23 10:51:59 CET 2013 on sn-devel-104

6 years agoldap: Remove obsolete convertSambaAccount script.
Andreas Schneider [Tue, 22 Jan 2013 09:04:07 +0000 (10:04 +0100)]
ldap: Remove obsolete convertSambaAccount script.

We removed ldapsam_compat support which used sambaAccount already some
time ago. See commit 02c239c6d35f47f13143c66baffbd303373b8028.

Reviewed-by: Günther Deschner <gd@samba.org>
6 years agolibcli/auth: fix void function cannot return value error
Andrew Bartlett [Sun, 20 Jan 2013 23:45:10 +0000 (10:45 +1100)]
libcli/auth: fix void function cannot return value error

Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Tue Jan 22 22:32:31 CET 2013 on sn-devel-104

6 years agos3-winbind: fix the build of idmap_ldap.
Günther Deschner [Tue, 22 Jan 2013 10:54:19 +0000 (11:54 +0100)]
s3-winbind: fix the build of idmap_ldap.

Guenther

Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Günther Deschner <gd@samba.org>
Autobuild-Date(master): Tue Jan 22 14:43:40 CET 2013 on sn-devel-104

6 years agoTests: Fix the display of test vars in screen --testenv
Matthieu Patou [Thu, 3 Jan 2013 22:33:45 +0000 (14:33 -0800)]
Tests: Fix the display of test vars in screen --testenv

The form bash -c echo "important stuff blabla bla" && LD_LIBARY_PATH bash
is not working in screen when it's working in xterm and the in_screen
script already wrap all the command within a bash shell so there is no
need to re-force bash as the echo will execute in a bash shell

Signed-off-by: Matthieu Patou <mat@matws.net>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Tue Jan 22 13:03:52 CET 2013 on sn-devel-104

6 years agolibcli-acl: add documentation
Matthieu Patou [Sun, 14 Oct 2012 08:01:08 +0000 (01:01 -0700)]
libcli-acl: add documentation

Reviewed-by: Andrew Bartlett <abartlet@samba.org>
6 years agodrsuapi: Add documentation
Matthieu Patou [Sun, 14 Oct 2012 08:04:51 +0000 (01:04 -0700)]
drsuapi: Add documentation

Reviewed-by: Andrew Bartlett <abartlet@samba.org>
6 years agodrepl-notify: change misleading message
Matthieu Patou [Tue, 16 Oct 2012 05:15:17 +0000 (22:15 -0700)]
drepl-notify: change misleading message

Reviewed-by: Andrew Bartlett <abartlet@samba.org>
6 years agodevel-script: add options for RODC and partial replica for replicate flags
Matthieu Patou [Tue, 30 Oct 2012 05:12:33 +0000 (22:12 -0700)]
devel-script: add options for RODC and partial replica for replicate flags

Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Tue Jan 22 00:12:17 CET 2013 on sn-devel-104

6 years agodevel-scripts: ask with WRIT_REP by default
Matthieu Patou [Tue, 30 Oct 2012 04:43:14 +0000 (21:43 -0700)]
devel-scripts: ask with WRIT_REP by default

Reviewed-by: Andrew Bartlett <abartlet@samba.org>
6 years agodevel-getncchange: try to find the dest_dsa automatically
Matthieu Patou [Wed, 24 Oct 2012 05:12:08 +0000 (22:12 -0700)]
devel-getncchange: try to find the dest_dsa automatically

Reviewed-by: Andrew Bartlett <abartlet@samba.org>
6 years agosecurity: Add documentation
Matthieu Patou [Sat, 13 Oct 2012 22:02:57 +0000 (15:02 -0700)]
security: Add documentation

Names seems to be a bit cryptic and misleading (at least for me).
So documenting them should remove at least partially this problem.

Reviewed-by: Andrew Bartlett <abartlet@samba.org>
6 years agolibcli-security: Add documentation for object_tree_modify_access
Matthieu Patou [Sat, 13 Oct 2012 22:28:08 +0000 (15:28 -0700)]
libcli-security: Add documentation for object_tree_modify_access

Reviewed-by: Andrew Bartlett <abartlet@samba.org>
6 years agodbcheck: look in hasMasterNCs as well for determining the instance type of a NC
Matthieu Patou [Wed, 24 Oct 2012 05:09:20 +0000 (22:09 -0700)]
dbcheck: look in hasMasterNCs as well for determining the instance type of a NC

Forest of level 2000 don't hve the msDS-hasMasterNCs parameter

Reviewed-by: Andrew Bartlett <abartlet@samba.org>
6 years agodsdb: Fix warning about unused var
Matthieu Patou [Sun, 30 Dec 2012 00:43:44 +0000 (16:43 -0800)]
dsdb: Fix warning about unused var

Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Mon Jan 21 17:51:16 CET 2013 on sn-devel-104

6 years agodsdb: Explain ordering constraints on the ACL module as well.
Andrew Bartlett [Tue, 1 Jan 2013 22:27:51 +0000 (09:27 +1100)]
dsdb: Explain ordering constraints on the ACL module as well.

Andrew Bartlett

Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
6 years agodsdb: Ensure "authenticated users" is processed for group memberships
Andrew Bartlett [Sat, 29 Dec 2012 04:13:54 +0000 (15:13 +1100)]
dsdb: Ensure "authenticated users" is processed for group memberships

This change moves the addition of "Authenticated Users" from the very end of the
token processing to the start.  The reason is that we need to see if
"Authenticated Users" is a member of other builtin groups, just as we
would for any other SID.  This picks up the "Pre-Windows 2000 Compatible Access"
group, which is in turn often used in ACLs on LDAP objects.

Without this change, the eventual token does not contain S-1-5-32-554
and users other than "Administrator" are unable to read uidNumber
(in particular).

Andrew Bartlett

Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
6 years agolibcli/security: remove useless if (root->num_of_children > 0) statements
Andrew Bartlett [Thu, 3 Jan 2013 10:30:12 +0000 (21:30 +1100)]
libcli/security: remove useless if (root->num_of_children > 0) statements

The for loop does this implicitly when comparing for (i = 0; i < root->num_of_children; i++)

Andrew Bartlett

Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
6 years agolibcli/security: add init_mask to existing children in insert_in_object_tree
Stefan Metzmacher [Tue, 15 Jan 2013 18:03:00 +0000 (19:03 +0100)]
libcli/security: add init_mask to existing children in insert_in_object_tree

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
6 years agolibcli/security: handle node initialisation in one spot in insert_in_object_tree()
Andrew Bartlett [Thu, 3 Jan 2013 09:40:32 +0000 (20:40 +1100)]
libcli/security: handle node initialisation in one spot in insert_in_object_tree()

This removes special-case for initalising the children array in
insert_in_object_tree().  talloc_realloc() handles the intial allocate
case perfectly well, so there is no need to have this duplicated.

This also restores having just one place were the rest of the elements
are intialised, to ensure uniform behaviour.

To do this, we have to rework insert_in_object_tree to have only one
output variable, both because having both root and new_node as output
variables was too confusing, and because otherwise the two pointers
were being allowed to point at the same memory.

Andrew Bartlett

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
6 years agolibcli/security: avoid usage of dom_sid_parse_talloc() in sec_access_check_ds()
Stefan Metzmacher [Wed, 16 Jan 2013 08:49:20 +0000 (09:49 +0100)]
libcli/security: avoid usage of dom_sid_parse_talloc() in sec_access_check_ds()

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
6 years agolibcli/security: simplify get_ace_object_type()
Stefan Metzmacher [Wed, 16 Jan 2013 09:05:56 +0000 (10:05 +0100)]
libcli/security: simplify get_ace_object_type()

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
6 years agolibcli/security: fix formating in access_check.c
Stefan Metzmacher [Wed, 16 Jan 2013 08:46:48 +0000 (09:46 +0100)]
libcli/security: fix formating in access_check.c

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
6 years agolibcli/security: fix whitespaces in access_check.c
Stefan Metzmacher [Wed, 16 Jan 2013 08:43:44 +0000 (09:43 +0100)]
libcli/security: fix whitespaces in access_check.c

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
6 years agodsdb-acl: the SEC_ADS_DELETE_CHILD checks need objectclass->schemaIDGUID
Stefan Metzmacher [Thu, 17 Jan 2013 15:22:09 +0000 (16:22 +0100)]
dsdb-acl: the SEC_ADS_DELETE_CHILD checks need objectclass->schemaIDGUID

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
6 years agodsdb-acl: make use of acl_check_access_on_objectclass() for the object in acl_delete()
Stefan Metzmacher [Thu, 17 Jan 2013 15:21:10 +0000 (16:21 +0100)]
dsdb-acl: make use of acl_check_access_on_objectclass() for the object in acl_delete()

We should only use dsdb_module_check_access_on_dn() on the parent.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
6 years agodsdb-acl: make use of acl_check_access_on_{attribute,objectclass} in acl_rename()
Stefan Metzmacher [Wed, 16 Jan 2013 15:43:14 +0000 (16:43 +0100)]
dsdb-acl: make use of acl_check_access_on_{attribute,objectclass} in acl_rename()

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
6 years agodsdb-acl: make use of acl_check_access_on_attribute() in acl_modify()
Stefan Metzmacher [Wed, 16 Jan 2013 15:41:51 +0000 (16:41 +0100)]
dsdb-acl: make use of acl_check_access_on_attribute() in acl_modify()

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
6 years agodsdb-acl: remove unused acl_check_access_on_class()
Stefan Metzmacher [Wed, 16 Jan 2013 15:36:07 +0000 (16:36 +0100)]
dsdb-acl: remove unused acl_check_access_on_class()

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
6 years agodsdb-acl: use acl_check_access_on_objectclass() instead of acl_check_access_on_class()
Stefan Metzmacher [Wed, 16 Jan 2013 15:35:33 +0000 (16:35 +0100)]
dsdb-acl: use acl_check_access_on_objectclass() instead of acl_check_access_on_class()

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
6 years agodsdb-acl: Use the structural objectClass in acl_check_access_on_attribute()
Andrew Bartlett [Wed, 2 Jan 2013 04:01:23 +0000 (15:01 +1100)]
dsdb-acl: Use the structural objectClass in acl_check_access_on_attribute()

This commit enters the GUID into the object tree so that that access
rights assigned to the structural objectClass are also available, as
well as rights assigned to the attribute property groups.

Andrew Bartlett

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
6 years agodsdb-acl: Pass the structural objectClass into acl_check_access_on_attribute
Andrew Bartlett [Wed, 2 Jan 2013 04:01:00 +0000 (15:01 +1100)]
dsdb-acl: Pass the structural objectClass into acl_check_access_on_attribute

This will, when the GUID is entered into the object tree (not in this
commit) ensure that access rights assigned to the structural
objectClass are also available, as well as rights assigned to the
attribute property groups.

Andrew Bartlett

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
6 years agodsdb-acl: Remove unused get_oc_guid_from_message()
Andrew Bartlett [Wed, 2 Jan 2013 03:55:36 +0000 (14:55 +1100)]
dsdb-acl: Remove unused get_oc_guid_from_message()

Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
6 years agodsdb-acl: ask for the objectClass attribute if it's not in the scope of the clients...
Andrew Bartlett [Wed, 2 Jan 2013 04:01:00 +0000 (15:01 +1100)]
dsdb-acl: ask for the objectClass attribute if it's not in the scope of the clients search

This will be used later.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
6 years agodsdb-acl: use dsdb_get_structural_oc_from_msg() rather than class_schemaid_guid_by_lD...
Andrew Bartlett [Tue, 1 Jan 2013 22:26:15 +0000 (09:26 +1100)]
dsdb-acl: use dsdb_get_structural_oc_from_msg() rather than class_schemaid_guid_by_lDAPDisplayName

This uses dsdb_get_last_structural_objectclass(), which encodes this ordering
knowledge in one place in the code, rather than using this uncommented
magic expression:

(char *)oc_el->values[oc_el->num_values-1].data

Andrew Bartlett

Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
6 years agodsdb-acl: Use dsdb_get_structural_oc_from_msg() in acl_rename()
Andrew Bartlett [Wed, 2 Jan 2013 03:54:20 +0000 (14:54 +1100)]
dsdb-acl: Use dsdb_get_structural_oc_from_msg() in acl_rename()

Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
6 years agodsdb-acl: Use dsdb_get_structural_oc_from_msg() in acl_modify()
Andrew Bartlett [Wed, 2 Jan 2013 03:53:02 +0000 (14:53 +1100)]
dsdb-acl: Use dsdb_get_structural_oc_from_msg() in acl_modify()

Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
6 years agodsdb-acl: add acl_check_access_on_objectclass() helper
Stefan Metzmacher [Wed, 16 Jan 2013 15:34:56 +0000 (16:34 +0100)]
dsdb-acl: add acl_check_access_on_objectclass() helper

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
6 years agodsdb-acl: Add helper function dsdb_get_structural_oc_from_msg()
Andrew Bartlett [Wed, 2 Jan 2013 03:52:21 +0000 (14:52 +1100)]
dsdb-acl: Add helper function dsdb_get_structural_oc_from_msg()

This will eventually replace get_oc_guid_from_message(), returning the full dsdb_class.

Andrew Bartlett

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
6 years agodsdb-acl: attr is not optional to acl_check_access_on_attribute()
Stefan Metzmacher [Wed, 16 Jan 2013 10:45:46 +0000 (11:45 +0100)]
dsdb-acl: attr is not optional to acl_check_access_on_attribute()

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
6 years agodsdb-acl: dsdb_attribute_by_lDAPDisplayName() is needed for all attributes
Stefan Metzmacher [Wed, 16 Jan 2013 15:39:35 +0000 (16:39 +0100)]
dsdb-acl: dsdb_attribute_by_lDAPDisplayName() is needed for all attributes

"clearTextPassword" is the only exception.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
6 years agodsdb-acl: introduce a 'el' helper variable to acl_modify()
Stefan Metzmacher [Fri, 18 Jan 2013 08:17:25 +0000 (09:17 +0100)]
dsdb-acl: introduce a 'el' helper variable to acl_modify()

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
6 years agodsdb-acl: introduce a 'msg' helper variable to acl_modify()
Stefan Metzmacher [Fri, 18 Jan 2013 08:17:25 +0000 (09:17 +0100)]
dsdb-acl: introduce a 'msg' helper variable to acl_modify()

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
6 years agodsdb-schema: make sure we build [system]PossibleInferiors completely
Stefan Metzmacher [Thu, 17 Jan 2013 13:41:39 +0000 (14:41 +0100)]
dsdb-schema: make sure we build [system]PossibleInferiors completely

Otherwise callers like dsdb_schema_copy_shallow() will corrupt the
talloc hierarchie.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
6 years agodsdb-schema: make sure use clean caches in schema_inferiors.c
Stefan Metzmacher [Thu, 17 Jan 2013 13:40:24 +0000 (14:40 +0100)]
dsdb-schema: make sure use clean caches in schema_inferiors.c

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
6 years agodsdb-schema: make schema_subclasses_order_recurse() static
Stefan Metzmacher [Thu, 17 Jan 2013 13:14:37 +0000 (14:14 +0100)]
dsdb-schema: make schema_subclasses_order_recurse() static

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
6 years agoBUG 9474: Downgrade v4 printer driver requests to v3.
Günther Deschner [Thu, 17 Jan 2013 23:22:31 +0000 (00:22 +0100)]
BUG 9474: Downgrade v4 printer driver requests to v3.

Guenther

Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Mon Jan 21 16:11:02 CET 2013 on sn-devel-104

6 years agoBUG 9574: Fix a possible null pointer dereference in spoolss.
Andreas Schneider [Fri, 18 Jan 2013 17:04:17 +0000 (18:04 +0100)]
BUG 9574: Fix a possible null pointer dereference in spoolss.

If the the client enumerates the printers and didn't specify a
servername we have a null pointer dereference, so the process serving
the connection crashes.

Reviewed-by: David Disseldorp <ddiss@samba.org>
Autobuild-User(master): David Disseldorp <ddiss@samba.org>
Autobuild-Date(master): Mon Jan 21 13:30:11 CET 2013 on sn-devel-104

6 years agoTests: remove redondent testsuites in provision
Matthieu Patou [Thu, 3 Jan 2013 22:34:31 +0000 (14:34 -0800)]
Tests: remove redondent testsuites in provision

Removed provision are already tested somewhere else.

Signed-off-by: Matthieu Patou <mat@matws.net>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Matthieu Patou <mat@samba.org>
Autobuild-Date(master): Mon Jan 21 09:59:43 CET 2013 on sn-devel-104

6 years agoTests: avoid adding python options that are functions in the env
Matthieu Patou [Thu, 3 Jan 2013 22:34:13 +0000 (14:34 -0800)]
Tests: avoid adding python options that are functions in the env

This fix errors when running test --testenv --screen

Signed-off-by: Matthieu Patou <mat@matws.net>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
6 years agoTests: rewrite ldap_schema to specify attributes
Matthieu Patou [Tue, 1 Jan 2013 21:40:44 +0000 (13:40 -0800)]
Tests: rewrite ldap_schema to specify attributes

Signed-off-by: Matthieu Patou <mat@matws.net>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
6 years agoFix warnings with mismatched sizes in arguments to DEBUG statements.
Jeremy Allison [Fri, 18 Jan 2013 21:57:16 +0000 (13:57 -0800)]
Fix warnings with mismatched sizes in arguments to DEBUG statements.

This can cause compile errors on 32-bit systems.

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Sat Jan 19 12:14:13 CET 2013 on sn-devel-104

6 years agoRemove some unused variables.
Jeremy Allison [Thu, 17 Jan 2013 00:12:29 +0000 (16:12 -0800)]
Remove some unused variables.

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
6 years agoheimdal_build: Try again to sort out the strerror_r mess
Andrew Bartlett [Mon, 19 Nov 2012 12:25:45 +0000 (23:25 +1100)]
heimdal_build: Try again to sort out the strerror_r mess

Reviewed-by: Stefan Metzmacher <metze@samba.org>
6 years agoprinting: Free talloc_stackframe() on all exit paths
Andrew Bartlett [Fri, 18 Jan 2013 02:39:13 +0000 (13:39 +1100)]
printing: Free talloc_stackframe() on all exit paths

Reviewed-by: Stefan Metzmacher <metze@samba.org>
6 years agonsswitch: Fix two bitfield constants being the same.
Ira Cooper [Wed, 16 Jan 2013 19:33:31 +0000 (11:33 -0800)]
nsswitch: Fix two bitfield constants being the same.

WBFLAG_PAM_AUTH_PAC and WBFLAG_BIG_NTLMV2_BLOB
are the same causing errors in NTLMv2 authentication.

Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Fri Jan 18 22:13:09 CET 2013 on sn-devel-104

6 years agoSort winbind request flags. Ira saw we have a duplicate.
Jeremy Allison [Wed, 16 Jan 2013 19:31:32 +0000 (11:31 -0800)]
Sort winbind request flags. Ira saw we have a duplicate.

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed by: Ira Cooper <ira@wakeful.net>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
6 years agosmbtorture: Satisfy a linker dependency
Volker Lendecke [Thu, 17 Jan 2013 14:22:32 +0000 (15:22 +0100)]
smbtorture: Satisfy a linker dependency

Reviewed by: Jeremy Allison <jra@samba.org>

6 years agowinbind: Handle child requests in a tevent_fd
Volker Lendecke [Thu, 17 Jan 2013 13:34:35 +0000 (14:34 +0100)]
winbind: Handle child requests in a tevent_fd

This enables the use of standard tevent_loop_once in the child, which
now also uses epoll where available.

Reviewed by: Jeremy Allison <jra@samba.org>

6 years agowinbind: Introduce "struct child_handler_state"
Volker Lendecke [Thu, 17 Jan 2013 12:49:08 +0000 (13:49 +0100)]
winbind: Introduce "struct child_handler_state"

This will make the next patch simpler. child_handler_state contains the
information that the handler for the parent fde needs to pass to
process_child_request

Reviewed by: Jeremy Allison <jra@samba.org>

6 years agowinbind: Use standard tevent_context_init
Volker Lendecke [Wed, 16 Jan 2013 11:00:00 +0000 (12:00 +0100)]
winbind: Use standard tevent_context_init

This makes winbind use epoll instead of poll

Reviewed by: Jeremy Allison <jra@samba.org>

6 years agoBUG 9378: Add extra attributes for AD printer publishing.
David Disseldorp [Thu, 17 Jan 2013 12:21:25 +0000 (13:21 +0100)]
BUG 9378: Add extra attributes for AD printer publishing.

Currently attempting to publish a printer in AD fails with "Object class
violation", due to a number of missing attributes in the LDAP request.

Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Fri Jan 18 17:27:35 CET 2013 on sn-devel-104

6 years agoprinting: Remove invalid free from error path.
David Disseldorp [Fri, 18 Jan 2013 10:48:20 +0000 (11:48 +0100)]
printing: Remove invalid free from error path.

Reviewed-by: Andreas Schneider <asn@samba.org>
6 years agoRemove locking across the lifetime of the copychunk call.
Jeremy Allison [Thu, 17 Jan 2013 00:30:04 +0000 (16:30 -0800)]
Remove locking across the lifetime of the copychunk call.

Previous commit handles this around each read/write call.

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: David Disseldorp <ddiss@samba.org>
Autobuild-User(master): David Disseldorp <ddiss@samba.org>
Autobuild-Date(master): Fri Jan 18 01:47:01 CET 2013 on sn-devel-104

6 years agoMove copychunk locking to be local to the read/write calls.
Jeremy Allison [Thu, 17 Jan 2013 00:29:11 +0000 (16:29 -0800)]
Move copychunk locking to be local to the read/write calls.

Eliminates the need to hold locks across the
entire lifetime of the call.

Next commit will remove these.

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: David Disseldorp <ddiss@samba.org>