Michael Adam [Fri, 13 Nov 2009 14:51:33 +0000 (15:51 +0100)]
s3:smbd: make idmap cache persistent for "ldapsam:trusted".
This stores the mappings found in the idmap cache (which lives
inside gencache). This cache is already read in sid_to_Xid()
and Xid_to_sid() for ldapsam:trusted, this fills the opposite
direction, massively reducing the number of ldap roundtrips
across smbd restarts.
Kamen Mazdrashki [Fri, 13 Nov 2009 01:56:07 +0000 (03:56 +0200)]
util: str_list_unique_2() test implementation
Difference with previous test for str_list_unique() is
that this test allows number of elements and number
of duplicates to be supplied on command line using
--option="list_unique:count=47"
--option="list_unique:dups=7"
Andrew Tridgell [Fri, 13 Nov 2009 06:48:35 +0000 (17:48 +1100)]
s4-ldb: make DN escaping/unescaping consistent
The DN escape function was using the form \c where c is any
character. The unescape function was using \XX where XX is a 2 digit
hex number. The asymmetry led to quite a few problems when we start to
deal with DNs containing escape chars, such as CN=foo\0ADEL:XXX. The
result was a DN that was not accessible.
This patch changes the escaping to follow RFC2253 much more
closely. We accept either type of escape, and produce the two types of
escape, depending on the character being escaped
Andrew Bartlett [Wed, 11 Nov 2009 21:08:26 +0000 (08:08 +1100)]
s4:torture Remove _drs_util_verify_attids() from RPC-DSSYNC
I'm satisfied that the task this test does is already done by the time
we map the incoming schema, and process the objects. If we have the
OID mapping wrong or incomplete, we will get any errors this test
found errors there.
(And this dramaticly reduces the test time, so we can now add
RPC-DSSYNC to 'make test').
Andrew Bartlett [Tue, 10 Nov 2009 04:21:40 +0000 (15:21 +1100)]
s4:dsdb Add expected value tests for most DRS syntax conversions
I've left out those for which I could not find an expected value in my
default Windows 2003 server's database, and the values that rely on
the current prefix map at the time.
Andrew Bartlett [Sat, 7 Nov 2009 01:07:06 +0000 (12:07 +1100)]
s4:dsdb Cosmetic fixes found by metze in review of dsdb_dn changes
These changes include reworking the code to call ldb_module_get_ctx()
less often (avoid the function calls, particularly during the step
into a complex function).
Andrew Bartlett [Wed, 4 Nov 2009 06:42:53 +0000 (17:42 +1100)]
lib/util Split data_blob_hex_string() into upper and lower
Rather than have a repeat of the bugs we found at the plugfest where
hexidecimal strings must be in upper or lower case in particular
places, ensure that each caller chooses which case they want.
This reverts most of the callers back to upper case, as things were
before tridge's patch. The critical call in the extended DN code is
of course handled in lower case.
Jeremy Allison [Thu, 12 Nov 2009 02:35:18 +0000 (18:35 -0800)]
Second part of bugfix for 6865 - acl_xattr module: Has dependency that inherit acls = yes or xattrs are removed.
We also need dos filemode = true set as well.
Jeremy.
Jeremy Allison [Wed, 11 Nov 2009 20:17:47 +0000 (12:17 -0800)]
Fix bug 6878 - Cannot change ACL's inherit flag.
Based on a patch submitted by Tsukasa Hamano <hamano@osstech.co.jp>,
this is a change in the POSIX ACL mapping to deal with the lossy
mapping for directory ACE entries:
We have a lossy mapping: directory ACE entries
CREATOR_OWNER ------\
(map to) +---> SMB_ACL_USER_OBJ
owning sid ------/
CREATOR_GROUP ------\
(map to) +---> SMB_ACL_GROUP_OBJ
primary group sid --/
Jeff Layton [Wed, 11 Nov 2009 19:04:54 +0000 (14:04 -0500)]
mount.cifs: get rid of CONST_DISCARD
Apparently, we need to strip the "const" attribute off of the mnt_fstype
before passing it to addmntent to prevent a (somewhat bogus) compiler
warning.
Rather than just stripping off the "const" attribute, clarify the code
by declaring a new non-const char pointer that points to the same
string. We can also use that same pointer in the mount(2) call too.
Signed-off-by: Jeff Layton <jlayton@redhat.com> Acked-by: Matthias Dieter Wallnöfer <mdw@samba.org>
Jeremy Allison [Mon, 9 Nov 2009 20:44:47 +0000 (12:44 -0800)]
Fix bug 6880 - cannot list workgroup servers
reported by Alban Browaeys <prahal@yahoo.com> with fix.
Revert 2e989bab0764c298a2530a2d4c8690258eba210c
with extra comments - this broke workgroup enumeration.
Jeremy.
The LogonControl tests now are split out to a new RPC-NETLOGON-ADMIN test that
tests the behaviour of that call when called by user, dc or workstation.
Andrew Tridgell [Mon, 9 Nov 2009 11:19:52 +0000 (22:19 +1100)]
s4-samdb: remove the rDN size constraint of 64
This size constraint is not correct in it's current form, as windows
does send us rDN values for CN with lengths longer than 64. Once we
know how this constraint really works we can add it back in.
Andrew Tridgell [Mon, 9 Nov 2009 10:38:49 +0000 (21:38 +1100)]
s4-hdb: go back to a separate samdb for the KDC
The change to use a common system_session broke replication as the KDC
forces CRED_DONT_USE_KERBEROS on session->credentials, which is shared
with other parts of the system.
This should be fixed once we confirm whether the ldap backend actually
relies on CRED_DONT_USE_KERBEROS