Andrew Tridgell [Tue, 14 Sep 2010 08:28:44 +0000 (18:28 +1000)]
s4-selftest: use the full domain name in joins
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
Andrew Tridgell [Tue, 14 Sep 2010 08:28:27 +0000 (18:28 +1000)]
s4-join: give a clear error when using short domain form
we now require the full domain name, for the DNS/CLDAP lookup
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
Andrew Tridgell [Tue, 14 Sep 2010 08:22:13 +0000 (18:22 +1000)]
s4-rodc: use python finddc code to avoid the need for --server
The DC is now found via DNS/CLDAP
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
Andrew Tridgell [Tue, 14 Sep 2010 08:21:38 +0000 (18:21 +1000)]
s4-pynet: added finddc call
this gives access to the CLDAP/DNS finddc code from python
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
Andrew Tridgell [Tue, 14 Sep 2010 07:48:52 +0000 (17:48 +1000)]
s4-libcli: change finddcs.h -> finddc.h
this prevents conflicts with old generated files and we can only even
return one DC with this interface.
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
Andrew Tridgell [Tue, 14 Sep 2010 07:37:01 +0000 (17:37 +1000)]
s4-finddcs: rename finddcs to finddcs_nbt
finddcs_nbt is currently unused, but will later be a fallback is a
cldap DC find fails.
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
Andrew Tridgell [Tue, 14 Sep 2010 07:36:23 +0000 (17:36 +1000)]
s4-winbind: use finddcs_cldap() in winbind
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
Andrew Tridgell [Tue, 14 Sep 2010 07:34:55 +0000 (17:34 +1000)]
s4-libnet: use finddcs_cldap() in libnet_lookup
this may later be changed to do fallback to NBT as well, but for now
cldap is sufficient
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
Andrew Tridgell [Tue, 14 Sep 2010 05:48:19 +0000 (15:48 +1000)]
s4-cldap: don't set the writable bit when we are a RODC
when we are a RODC, don't respond with the writable bit in the server
type response of netlogon requests
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
Andrew Tridgell [Tue, 14 Sep 2010 05:46:31 +0000 (15:46 +1000)]
s4-finddcs: added finddcs_cldap()
this finds DCs with a specified set of server_type bit using SRV
lookups and CLDAP
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
Andrew Tridgell [Tue, 14 Sep 2010 03:12:00 +0000 (13:12 +1000)]
s4-secrets: fixed shadowed variable warning
we already have a 'v' in scope
Andrew Tridgell [Mon, 13 Sep 2010 21:49:12 +0000 (07:49 +1000)]
cldap: use ipv4 not up for unbound cldap sockets
If we use "ip" we end up with a PF_INET6 socket which breaks sendto()
for v4 addresses.
Andrew Tridgell [Mon, 13 Sep 2010 13:08:28 +0000 (23:08 +1000)]
s4-resolve: added resolve_name_multiple_recv()
this allows for multiple replies to a SRV lookup
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
Andrew Tridgell [Mon, 13 Sep 2010 13:07:44 +0000 (23:07 +1000)]
s4-dns: fixed lookup of SRV records using dns_ex
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
Andrew Tridgell [Mon, 13 Sep 2010 13:07:10 +0000 (23:07 +1000)]
s4: fixed some printf format errors
Andrew Tridgell [Mon, 13 Sep 2010 06:37:10 +0000 (16:37 +1000)]
s4-libnet: converted finddcs call to tevent_req
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
Andrew Tridgell [Mon, 13 Sep 2010 02:15:52 +0000 (12:15 +1000)]
s4-secrets: fetch secure channel type with domain SID
The secure channel type is needed to work out what DC to connect to
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
Andrew Tridgell [Mon, 13 Sep 2010 01:38:12 +0000 (11:38 +1000)]
s4-auth: when we are a DC enable winbind auth
As a RODC we need to forward some auth requests to a writable DC
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
Andrew Tridgell [Mon, 13 Sep 2010 01:36:43 +0000 (11:36 +1000)]
s4-auth: set the RODC bit for RODC schannel
When we are using SEC_CHAN_RODC we need to set the
NETLOGON_NEG_RODC_PASSTHROUGH bit in the negotiated flags in
ServerAuthenticate2
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
Andrew Tridgell [Sun, 12 Sep 2010 21:44:06 +0000 (07:44 +1000)]
s4-schannel: fixed reference to context after free
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
Andrew Tridgell [Sun, 12 Sep 2010 21:41:56 +0000 (07:41 +1000)]
s4-auth: allow multiple active auth backends
when we are an RODC we need to be able to allow multiple auth backends
to process a single auth request. First the sam backend will try to
authenticate, using locally stored passwords. If this backend can't
find local passwords then it will try the winbind backend and
authenticate via a writeable DC
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
Andrew Tridgell [Sun, 12 Sep 2010 12:24:46 +0000 (22:24 +1000)]
s4-smb: serialise session setup operations
the mixture of async and sync code in gensec makes a EOF on a socket
during a session setup cause a crash. The simplest solution is to
stop processing events on the socket until the session setup is
complete.
Andrew Tridgell [Sun, 12 Sep 2010 12:17:01 +0000 (22:17 +1000)]
talloc: fixed spelling errors in comment
Andrew Tridgell [Sun, 12 Sep 2010 00:06:39 +0000 (10:06 +1000)]
s4-rodc: add a trigger message for REPL_SECRET to auth_sam
when an RODC tries to authenticate against an account and the account
has no password information it needs to send a message to the drepl
server to tell it to try and replicate the secret information from
a writeable DC
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
Andrew Tridgell [Sun, 12 Sep 2010 00:02:02 +0000 (10:02 +1000)]
s4-messaging: add support for no_reply in irpc messages
It can be useful for a irpc message to be one-way, where the client
sends a messages and the server does not reply. This will be used for
things like a triger message from an auth context to the drepl server
to tell it to try a REPL_SECRET on a user in a RODC.
Previously we've used raw messaging for messages that have no reply,
but that doesn't allow us to use messages described by IDL
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
Andrew Tridgell [Fri, 10 Sep 2010 10:18:11 +0000 (20:18 +1000)]
s4-kcc: removed redundent loop check
el has already been checked for NULL
Andrew Tridgell [Fri, 10 Sep 2010 10:17:39 +0000 (20:17 +1000)]
s4-smb: smbsrv_blob_push_string() can return -1
need to use ssize_t, not size_t for error handling
Andrew Tridgell [Fri, 10 Sep 2010 10:16:29 +0000 (20:16 +1000)]
s4-dsdb: check for invalid backend type
Andrew Tridgell [Fri, 10 Sep 2010 10:16:14 +0000 (20:16 +1000)]
s4-rootdse: setup length after NULL check
Andrew Tridgell [Fri, 10 Sep 2010 10:15:51 +0000 (20:15 +1000)]
s4-dsdb: fixed use after free for RODC
Andrew Tridgell [Fri, 10 Sep 2010 10:15:27 +0000 (20:15 +1000)]
s4-dsdb: free right context on failure
down_req is not initialised yet
Andrew Tridgell [Fri, 10 Sep 2010 10:15:00 +0000 (20:15 +1000)]
s4-dsdb: defer ac->msg after check for NULL ac
Andrew Tridgell [Fri, 10 Sep 2010 10:14:29 +0000 (20:14 +1000)]
s4-anr: check for allocation failure before use
Volker Lendecke [Tue, 14 Sep 2010 16:20:08 +0000 (18:20 +0200)]
s4: Fix two typos
Pierre Carrier [Tue, 14 Sep 2010 23:43:39 +0000 (16:43 -0700)]
Allows changing the maximum number of simultaneous clients in winbindd through an smb.conf option.
Signed-off-by: Jeremy Allison <jra@samba.org>
Jeremy Allison [Tue, 14 Sep 2010 21:53:17 +0000 (14:53 -0700)]
Ensure incoming timespec values correctly wrap at nsecs.
Jeremy.
Jeremy Allison [Tue, 14 Sep 2010 21:45:45 +0000 (14:45 -0700)]
Fix string_to_sid() to allow non '\0' termination of the string - allows
string_to_sid() to be used in formatted strings like FOO/S-1-5-XXXX-YYYY/BAR.
Jeremy.
Andrew Bartlett [Sat, 4 Sep 2010 04:13:31 +0000 (14:13 +1000)]
s3-torture Add tests to show that the dom_sid parsing was faulty.
Andrew Bartlett
Andrew Bartlett [Sat, 4 Sep 2010 04:11:46 +0000 (14:11 +1000)]
s3-util_sid Use the NDR parser to parse struct dom_sid
The manual parser failed to constrain the maximum number of
sub-authorities to 15, allowing an overflow of the array.
Andrew Bartlett
Andrew Bartlett [Sat, 4 Sep 2010 04:10:31 +0000 (14:10 +1000)]
libcli/security Use sid_append_rid() in dom_sid_append_rid()
This ensures that the maximum number of sub-authorities is respected,
otherwise we may run off the end of the array.
Andrew Bartlett
Andrew Bartlett [Sat, 4 Sep 2010 04:09:17 +0000 (14:09 +1000)]
libcli/security Merge source3/ string_to_sid() to common code
The source3 code repsects the limit of a maximum of 15 subauths,
while the source4 code does not, creating a security issue as
we parse string-form SIDs from clients.
Andrew Bartlett
Andrew Bartlett [Sat, 4 Sep 2010 04:05:59 +0000 (14:05 +1000)]
s3-util_sid use ARRAY_SIZE() to ensure we never overflow the dom_sid
This ensures that this, unlike the MAXSUBAUTHS macro, can't get
out of sync with the structure.
Andrew Bartlett
Andrew Bartlett [Sat, 4 Sep 2010 04:05:30 +0000 (14:05 +1000)]
s3-util_sid Accept S-1-5 as a SID
Andrew Bartlett [Sat, 4 Sep 2010 04:04:55 +0000 (14:04 +1000)]
s3-dom_sid Use C99 types in dom_sid handling
Andrew Bartlett
Björn Jacke [Tue, 14 Sep 2010 20:40:51 +0000 (22:40 +0200)]
s3/profile: remove the magical clock initialization from the profile code
there's no point in not profiling times if no monotonic clock is found -
monotonic and realtime clock are equally fast. Just use clock_gettime_mono
instead.
Björn Jacke [Tue, 14 Sep 2010 20:17:47 +0000 (22:17 +0200)]
s3/profiling: don't use CLOCK_PROCESS_CPUTIME_ID
that clock is a CPU burnometer but we need a chronometer for profiling.
Björn Jacke [Tue, 14 Sep 2010 12:08:44 +0000 (14:08 +0200)]
libreplace: use CLOCK_HIGHRES when available
in Solaris 8 CLOCK_HIGHRES was the (only) name for CLOCK_MONOTONIC
Günther Deschner [Tue, 14 Sep 2010 15:57:23 +0000 (17:57 +0200)]
ntlmssp: when pushing an ntlmssp NEGOTIATE_MESSAGE deal with NULL strings.
Guenther
Jelmer Vernooij [Tue, 14 Sep 2010 13:15:43 +0000 (15:15 +0200)]
rpc_server: Remove unnecessary dependency on server modules, build
system will take care of that.
Jelmer Vernooij [Tue, 14 Sep 2010 13:00:50 +0000 (15:00 +0200)]
waf: work around circular dependency finder erroneously removing dependency of gensec on dcerpc.
Jelmer Vernooij [Tue, 14 Sep 2010 12:41:42 +0000 (14:41 +0200)]
selftest: Error out rather than die() when setting up an environment
fails.
Jelmer Vernooij [Tue, 14 Sep 2010 12:36:56 +0000 (14:36 +0200)]
selftest: If setting up environment fails, mark testsuites that use it as
errorring, don't skip it.
Günther Deschner [Tue, 14 Sep 2010 13:23:45 +0000 (15:23 +0200)]
s4-smbtorture: try to fix spoolss winreg Form tests on bigendian machines.
Guenther
Stefan Metzmacher [Tue, 14 Sep 2010 11:10:05 +0000 (13:10 +0200)]
tdb: add ABI/tdb-1.2.4.sigs
metze
Jelmer Vernooij [Tue, 14 Sep 2010 10:48:57 +0000 (12:48 +0200)]
nss_winbind: Fix soname.
Jelmer Vernooij [Tue, 14 Sep 2010 01:47:04 +0000 (03:47 +0200)]
subunit: Use RemoteError when passing errors to upstream subunit.
Jelmer Vernooij [Tue, 14 Sep 2010 00:36:51 +0000 (02:36 +0200)]
param: Add prototype for lpcfg_private_dir(), used by openchange.
Jelmer Vernooij [Mon, 13 Sep 2010 22:22:55 +0000 (00:22 +0200)]
subunit.pm: Fold Subunit::Filter into Subunit, trim further.
Jelmer Vernooij [Mon, 13 Sep 2010 22:09:46 +0000 (00:09 +0200)]
subunit.pm: Remove output_msg/control_msg functions.
Jelmer Vernooij [Mon, 13 Sep 2010 22:04:54 +0000 (00:04 +0200)]
selftest: Remove testsuite parsing.
Jelmer Vernooij [Mon, 13 Sep 2010 21:56:26 +0000 (23:56 +0200)]
subunit.pm: Simplify subunit handling in perl.
Jelmer Vernooij [Mon, 13 Sep 2010 21:22:35 +0000 (23:22 +0200)]
subunit.pm: Pass through milliseconds in time reports.
Jelmer Vernooij [Mon, 13 Sep 2010 21:07:41 +0000 (23:07 +0200)]
selftest: Report times in milliseconds rather than seconds.
Jelmer Vernooij [Mon, 13 Sep 2010 20:29:38 +0000 (22:29 +0200)]
subunit: Use standard subunit functions for reproducing subunit streams.
Jelmer Vernooij [Mon, 13 Sep 2010 20:13:15 +0000 (22:13 +0200)]
subunit: Remove unused methods.
Jelmer Vernooij [Mon, 13 Sep 2010 20:09:46 +0000 (22:09 +0200)]
subunit: Use standard functions for addSuccess, addExpectedFail,
addFailure, addSkip.
Jelmer Vernooij [Mon, 13 Sep 2010 19:55:22 +0000 (21:55 +0200)]
subunit: Use standard addError method implementation.
Jelmer Vernooij [Mon, 13 Sep 2010 19:42:32 +0000 (21:42 +0200)]
subunit: Pass TestCase objects to startTest rather than test name strings.
Jelmer Vernooij [Mon, 13 Sep 2010 19:31:08 +0000 (21:31 +0200)]
subunit: Use subunit standard functions for handling time and progress.
Jelmer Vernooij [Mon, 13 Sep 2010 19:17:05 +0000 (21:17 +0200)]
subunit: Use standard subunit test protocol client, use standard name for startTest.
Jelmer Vernooij [Mon, 13 Sep 2010 18:53:54 +0000 (20:53 +0200)]
subunit: Initial work on using the standard TestResult class.
Günther Deschner [Tue, 14 Sep 2010 06:38:30 +0000 (08:38 +0200)]
s3-waf: fix the build after privilege code changes.
Guenther
Volker Lendecke [Mon, 13 Sep 2010 22:02:01 +0000 (00:02 +0200)]
s3: Remove some unnecessary if-statements
Jeremy Allison [Mon, 13 Sep 2010 23:54:21 +0000 (16:54 -0700)]
Fix bug 7409 - Thousands of reduce_name: couldn't get realpath.
Don't log this at level 1 - every EACCES will generate one.
Thanks to muehlfeld@medizinische-genetik.de for pointing this out.
Jeremy.
Volker Lendecke [Mon, 13 Sep 2010 16:09:20 +0000 (18:09 +0200)]
ntlm_auth: Fix a valgrind error
Matthias Dieter Wallnöfer [Mon, 13 Sep 2010 20:41:06 +0000 (22:41 +0200)]
s4:SID handling - always encode the SID using "ldap_encode_ndr_dom_sid" for LDAP filters
This makes also lookups through special backends as "samba3sam" work.
Matthias Dieter Wallnöfer [Mon, 13 Sep 2010 20:39:50 +0000 (22:39 +0200)]
s4:cosmetic - the SID attribute is called objectSid - not objectSID
Matthias Dieter Wallnöfer [Mon, 13 Sep 2010 19:18:13 +0000 (21:18 +0200)]
testdata/samba3/provision_samba3sam.ldif - update also here the maximum domain controller functionality
And we do support also LDAPv2.
Jelmer Vernooij [Mon, 13 Sep 2010 18:40:19 +0000 (20:40 +0200)]
param: Only include param_proto.h for Samba builds, provide those
prototypes necessary for external users (OpenChange) manually.
Volker Lendecke [Mon, 13 Sep 2010 09:56:48 +0000 (11:56 +0200)]
s3: Fix a typo
Volker Lendecke [Mon, 13 Sep 2010 09:44:19 +0000 (11:44 +0200)]
s3: Fix a typo (authentictaion->authentication)
Volker Lendecke [Mon, 13 Sep 2010 09:31:58 +0000 (11:31 +0200)]
s3: Do not directly log off after a pam_logon
Volker Lendecke [Mon, 13 Sep 2010 09:31:26 +0000 (11:31 +0200)]
s3: Fix wbinfo arg for --pam-logon
Volker Lendecke [Mon, 13 Sep 2010 09:08:40 +0000 (11:08 +0200)]
ntlm_check: Fix some nonempty blank lines
Stefan Metzmacher [Fri, 10 Sep 2010 02:47:32 +0000 (04:47 +0200)]
lib/tdb: change version to 1.2.4 after hash checking improvments
lib/tdb: change version to 1.2.4 after hash checking improvments
metze
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
Rusty Russell [Mon, 13 Sep 2010 10:35:59 +0000 (20:05 +0930)]
tdb: put example hashes into header, so we notice incorrect hash_fn.
This is Stefan Metzmacher <metze@samba.org>'s patch with minor changes:
1) Use the TDB_MAGIC constant so both hashes aren't of strings.
2) Check the hash in tdb_check (paranoia, really).
3) Additional check in the (unlikely!) case where both examples hash to 0.
4) Cosmetic changes to var names and complaint message.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
Rusty Russell [Mon, 13 Sep 2010 10:29:18 +0000 (19:59 +0930)]
tdb: fix tdb_check() on other-endian tdbs.
We must not endian-convert the magic string, just the rest.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
Rusty Russell [Mon, 13 Sep 2010 10:28:23 +0000 (19:58 +0930)]
tdb: fix tdb_check() on read-only TDBs to actually work.
Commit
bc1c82ea137 "Fix tdb_check() to work with read-only tdb databases."
claimed to do this, but tdb_lockall_read() fails on read-only databases.
Also make sure we can still do tdb_check() inside a transaction (weird,
but we previously allowed it so don't break the API).
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
Rusty Russell [Mon, 13 Sep 2010 10:25:26 +0000 (19:55 +0930)]
tdb: make check more robust against recovery failures.
We can end up with dead areas when we die during transaction commit;
tdb_check() fails on such a (valid) database.
This is particularly noticable now we no longer truncate on recovery;
if the recovery area was at the end of the file we used to remove it
that way.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
Matthias Dieter Wallnöfer [Mon, 13 Sep 2010 08:38:08 +0000 (10:38 +0200)]
Revert "s4:samldb LDB module - simplify the message handling on add and modify operations"
This reverts commit
1d94bb3ad4d9c6de3b77ed4690a54ebf2399cc0d.
This commit causes unconditional behaviour (sometimes it works, sometimes not) -sorry for introducing this.
I will rework this further.
Matthias Dieter Wallnöfer [Sun, 12 Sep 2010 20:26:10 +0000 (22:26 +0200)]
s4:samldb LDB module - remove a disastrous "talloc_free"
This completely destroys the program logic (async callbacks). Sorry for
introducing this.
Matthias Dieter Wallnöfer [Sun, 12 Sep 2010 20:24:42 +0000 (22:24 +0200)]
Revert "s4:util_samr.c - also here we've now the default primaryGroupID detection working"
This reverts commit
7e9e35db4126f953e8a2579d992c63b274011119.
Sorry, the logic is working differently here. We do still need this.
Matthias Dieter Wallnöfer [Sun, 12 Sep 2010 20:10:06 +0000 (22:10 +0200)]
s4:torture/rpc/samr.c - fix typos in outputs
Matthias Dieter Wallnöfer [Sun, 12 Sep 2010 19:19:27 +0000 (21:19 +0200)]
s4:util_samr.c - also here we've now the default primaryGroupID detection working
Matthias Dieter Wallnöfer [Sun, 12 Sep 2010 17:11:26 +0000 (19:11 +0200)]
s4:ldap.py - tests the primary group detection by the "userAccountControl"
Matthias Dieter Wallnöfer [Sun, 12 Sep 2010 16:39:50 +0000 (18:39 +0200)]
s4:setup/provision_self_join.ldif - now the samldb LDB module detects automatically that this is a DC account
Matthias Dieter Wallnöfer [Sun, 12 Sep 2010 16:26:06 +0000 (18:26 +0200)]
s4:samldb LDB module - "samldb_check_primaryGroupID" - support RID derivation from "userAccountControl"
Specified in MS-SAMR 3.1.1.8.1 and probably fixes also bug #7441.
Matthias Dieter Wallnöfer [Sun, 12 Sep 2010 16:00:21 +0000 (18:00 +0200)]
libds:flag_mapping.c - introduce a call which maps the "userAccountControl" to the default primary group RID
Matthias Dieter Wallnöfer [Sun, 12 Sep 2010 15:49:47 +0000 (17:49 +0200)]
libds:flag_mapping.c - fix counter variable types
Matthias Dieter Wallnöfer [Sun, 12 Sep 2010 13:05:19 +0000 (15:05 +0200)]
s4:samldb LDB module - free the "ac" context after the delete checks
git.samba.org / sfrench / samba-autobuild / .git / log