Matthias Dieter Wallnöfer [Mon, 28 Jun 2010 08:43:11 +0000 (10:43 +0200)]
s4:torture/rpc/samr.c - test_SetPassword_LastSet - introduce the delays also for s4
Matthias Dieter Wallnöfer [Sat, 12 Jun 2010 13:47:14 +0000 (15:47 +0200)]
s4:torture - SAMR password tests - activate support for password sets on level "18" and "21"
Matthias Dieter Wallnöfer [Tue, 22 Jun 2010 20:11:00 +0000 (22:11 +0200)]
s4:selftest - activate the lanman password changes
This is needed for a working "OemChangePasswordUser2" operation.
Matthias Dieter Wallnöfer [Mon, 21 Jun 2010 20:26:31 +0000 (22:26 +0200)]
s4:dcesrv_samr_SetUserInfo - implement right "pwdLastSet" behaviour
Behaviour as the torture SAMR passwords tests show.
Matthias Dieter Wallnöfer [Sun, 27 Jun 2010 21:13:14 +0000 (23:13 +0200)]
s4:dcesrv_samr_SetUserInfo - deny operations when "fields_present" is 0
Taken from s3
Matthias Dieter Wallnöfer [Mon, 21 Jun 2010 12:54:19 +0000 (14:54 +0200)]
s4:dcesrv_samr_SetUserInfo - port the "SAMR_FIELD_LAST_PWD_CHANGE" check from s3 to s4
Matthias Dieter Wallnöfer [Mon, 21 Jun 2010 12:41:27 +0000 (14:41 +0200)]
s4:dcesrv_samr_SetUserInfo - implement password set level 21
Matthias Dieter Wallnöfer [Sat, 12 Jun 2010 12:40:11 +0000 (14:40 +0200)]
s4:dcesrv_samr_SetUserInfo - implement case 18 which allows to reset the user password
Matthias Dieter Wallnöfer [Mon, 21 Jun 2010 20:59:11 +0000 (22:59 +0200)]
s4:OemChangePasswordUser2 - return "NT_STATUS_WRONG_PASSWORD" when we haven't activated the the lanman auth
This is what s3 does.
Matthias Dieter Wallnöfer [Mon, 21 Jun 2010 19:16:20 +0000 (21:16 +0200)]
s4:samr_password.c - add a function which sets the password through encrypted password hashes
Used for password sets on "samr_SetUserInfo" level 18 and 21.
Günther Deschner [Mon, 28 Jun 2010 12:47:16 +0000 (14:47 +0200)]
s4-smbtorture: fix typo.
Not my day...
Guenther
Matthias Dieter Wallnöfer [Mon, 28 Jun 2010 08:24:28 +0000 (10:24 +0200)]
s4:torture/rpc/samr.c - test_SetPassword_LastSet - fix "pwdLastSet" test
- Remove superflous checks (on level 18, 24, 26 we do always have "pwdLastSet"
resets if "password_expired" > 0)
- Fixed some bugs
Signed-off-by: Günther Deschner <gd@samba.org>
Günther Deschner [Mon, 28 Jun 2010 12:08:30 +0000 (14:08 +0200)]
s4-smbtorture: add trustDomainPasswords blob test to LOCAL-NDR testsuite.
Our parsing of this struct is incorrect atm. and apparently also causes the s4
server to crash.
Thanks to Sumit Bose <sbose@redhat.com> for providing the auth data retrieved
from a w2k3 domain.msc operation.
Guenther
Günther Deschner [Mon, 28 Jun 2010 12:04:47 +0000 (14:04 +0200)]
s3-registry: missed one perflib keyname delimiter.
Guenther
Volker Lendecke [Mon, 28 Jun 2010 12:08:11 +0000 (14:08 +0200)]
s3: More cleanup in winbindd_ads.c:query_user
We can't ads_msgfree after the ads struct has been killed. Do early returns.
Volker Lendecke [Mon, 28 Jun 2010 11:51:51 +0000 (13:51 +0200)]
s3: Fix a valgrind error
nss_get_info_cached does not necessarily fill in gid
Volker Lendecke [Mon, 28 Jun 2010 09:52:26 +0000 (11:52 +0200)]
s3: Re-arrange winbindd_ads.c:query_user
We can't access the LDAP message after nss_get_info_cached has potentially
destroyed the ads_struct
Volker Lendecke [Mon, 28 Jun 2010 09:21:03 +0000 (11:21 +0200)]
s3: free -> SAFE_FREE
Volker Lendecke [Mon, 28 Jun 2010 09:20:23 +0000 (11:20 +0200)]
s3: Do an early TALLOC_FREE
Günther Deschner [Mon, 28 Jun 2010 11:15:06 +0000 (13:15 +0200)]
s3-registry: fix printing keyname delimiter.
Guenther
Günther Deschner [Mon, 28 Jun 2010 11:14:36 +0000 (13:14 +0200)]
s3-registry: fix perfmon keyname delimiter.
Guenther
Andreas Schneider [Mon, 28 Jun 2010 10:54:11 +0000 (12:54 +0200)]
s3-net: Make sure that the data blob is initialized.
Found by clang-analyzer.
Andreas Schneider [Mon, 28 Jun 2010 09:48:15 +0000 (11:48 +0200)]
s3-eventlog: Fixed the keyname delimiter for the registry key.
Andreas Schneider [Mon, 28 Jun 2010 09:37:28 +0000 (11:37 +0200)]
s3-registry: Fixed keyname delimiter in KEY_CURRENT_VERSION_NORM.
Andreas Schneider [Mon, 28 Jun 2010 09:19:18 +0000 (11:19 +0200)]
s3-smbd: Make sure that status is initialized when used.
Found by clang-analyzer.
Andreas Schneider [Mon, 28 Jun 2010 09:16:19 +0000 (11:16 +0200)]
s3-lanman: Make sure count is not used uninitialized if we jump to out.
Found by clang-analyzer.
Andreas Schneider [Mon, 28 Jun 2010 09:13:24 +0000 (11:13 +0200)]
s3-vfs: Make sure that retval isn't used uninitialized.
Found by clang-analyzer.
Andreas Schneider [Mon, 28 Jun 2010 09:06:22 +0000 (11:06 +0200)]
s3-passdb: Make sure dn is initialized and don't free it.
dn is just a pointer to a memory which hasn't been duplicated.
Found by clang-analyzer.
Andreas Schneider [Mon, 28 Jun 2010 08:58:08 +0000 (10:58 +0200)]
s3-passdb: Make sure we don't call free on a garbage pointer.
Found by clang-analyzer.
Andreas Schneider [Mon, 28 Jun 2010 08:49:55 +0000 (10:49 +0200)]
s3-lanman: Make sure that job_info is not undefined.
Found by clang-analyzer.
Andreas Schneider [Mon, 28 Jun 2010 08:44:58 +0000 (10:44 +0200)]
s3-nmbd: Leave the sync function if there are no syncs.
Found by clang-analyzer.
Andreas Schneider [Mon, 28 Jun 2010 08:33:47 +0000 (10:33 +0200)]
s3-libsmb: Make sure that finfo is initialized.
Found by clang-analyzer.
Günther Deschner [Mon, 28 Jun 2010 10:51:28 +0000 (12:51 +0200)]
s3-eventlog: make sure _eventlog_OpenEventLogW fails when we cannot open the registry key.
Guenther
Volker Lendecke [Mon, 28 Jun 2010 10:26:17 +0000 (12:26 +0200)]
s3: Fix some valgrind errors
Essentially the same change as
15297ee, this time for the client side.
Günther, Andrew B, please check!
Thanks,
Volker
Andreas Schneider [Mon, 7 Jun 2010 08:03:50 +0000 (10:03 +0200)]
s3-passdb: Make sure that we don't assign garbage.
Andreas Schneider [Mon, 7 Jun 2010 08:00:39 +0000 (10:00 +0200)]
librpc: Use switch in GUID_from_data_blob().
Andreas Schneider [Mon, 7 Jun 2010 07:30:29 +0000 (09:30 +0200)]
nss_wrapper: Fixed a possible NULL pointer problem.
Stefan Metzmacher [Mon, 28 Jun 2010 07:57:33 +0000 (09:57 +0200)]
s4:ldap_server: don't start if we can't bind to port 389
metze
Nadezhda Ivanova [Mon, 28 Jun 2010 07:34:14 +0000 (10:34 +0300)]
Implementation of self membership validated right.
When this right is granted, the user can add or remove themselves from a group even
if they dont have write property right.
Kamen Mazdrashki [Mon, 28 Jun 2010 01:37:37 +0000 (04:37 +0300)]
s4/test: Run DrsDeleteObjectTestCase as part of S4 testing
I put this test in the end of the list of tests as it
runs with 'vampire_dc' environment running.
Currently there are tests that are failing when we have
2 DCs constantly replicating in the test environment
(this, of course, should be fixed in the near future)
Kamen Mazdrashki [Mon, 28 Jun 2010 01:33:40 +0000 (04:33 +0300)]
s4/drs: re-implement 'renaming' object replication
We should rename objects only after we make sure, that
changes on the partner DC are newer than what we have.
This fixes a bug, when we have following situation with 2 DCs:
- we have an object O on the two DCs
- we rename (delete) object O on DC1
- DC1 replicates from DC2
In the above scenario, object O will be renamed back
to its original name (i.e. it will be restored).
Now, we check that DC2 state is older than what we have,
so nothing happens with object's DN.
Kamen Mazdrashki [Mon, 28 Jun 2010 01:27:27 +0000 (04:27 +0300)]
s4/drs-test: Add few comments in DrsDeleteObjectTestCase test
Also remove unused code
Matthias Dieter Wallnöfer [Sat, 26 Jun 2010 17:58:45 +0000 (19:58 +0200)]
s4:rpc_server/srvsvc/dcesrv_srvsvc.c - remove unreachable code
Matthias Dieter Wallnöfer [Sat, 26 Jun 2010 17:58:45 +0000 (19:58 +0200)]
s4:rpc_server/wkssvc/dcesrv_wkssvc.c - remove unreachable code
Matthias Dieter Wallnöfer [Sat, 26 Jun 2010 17:58:45 +0000 (19:58 +0200)]
s4:rpc_server/lsa/dcesrv_lsa.c - remove unreachable code
Matthias Dieter Wallnöfer [Sat, 26 Jun 2010 17:55:07 +0000 (19:55 +0200)]
s4:lsa/lsa_lookup.c - use a better type for the "rtype" of the wellknown SIDs
To suppress warnings on Solaris 10
Matthias Dieter Wallnöfer [Sat, 26 Jun 2010 17:45:45 +0000 (19:45 +0200)]
s4:rpc_server/drsuapi/drsutil.c - remove unreachable code
Matthias Dieter Wallnöfer [Sat, 26 Jun 2010 17:45:45 +0000 (19:45 +0200)]
s4:rpc_server/dcesrv_auth.c - remove unreachable code
Matthias Dieter Wallnöfer [Sat, 26 Jun 2010 17:43:51 +0000 (19:43 +0200)]
s4:winbind/wb_samba3_protocol.c - add cast to suppress warnings on Solaris 10 cc
Matthias Dieter Wallnöfer [Sat, 26 Jun 2010 17:43:51 +0000 (19:43 +0200)]
s4:kdc/kdc.c - add cast to suppress warnings on Solaris 10 cc
Matthias Dieter Wallnöfer [Sat, 26 Jun 2010 17:42:29 +0000 (19:42 +0200)]
s4:kdc/kpasswdd.c - remove unreachable code
Matthias Dieter Wallnöfer [Sat, 26 Jun 2010 09:10:55 +0000 (11:10 +0200)]
s4:provision.py - fix comment regarding DNS entries
I think this should mean partially Samba4 specified (all beside the "dns"
account is standard)
Stefan Metzmacher [Fri, 25 Jun 2010 13:10:32 +0000 (15:10 +0200)]
s4:provision: add entries for root dns servers
metze
Stefan Metzmacher [Fri, 25 Jun 2010 11:32:39 +0000 (13:32 +0200)]
s4:provision: move Samba4 specific DNS stuff to its own file
metze
Stefan Metzmacher [Fri, 25 Jun 2010 12:01:21 +0000 (14:01 +0200)]
s4:provision: add --next-rid option
Make it possible to provision a domain with a given next rid counter.
This will be useful for upgrades, where we want to import users
with already given SIDs.
metze
Stefan Metzmacher [Fri, 25 Jun 2010 10:47:34 +0000 (12:47 +0200)]
s4:dsdb/ridalloc: add comment about windows behavior regarding rIDUsedPool
metze
Stefan Metzmacher [Fri, 25 Jun 2010 09:11:56 +0000 (11:11 +0200)]
s4:provision: don't use hardcoded values for 'nextRid' and 'rIDAvailablePool'
On Windows dcpromo imports nextRid from the local SAM,
which means it's not hardcoded to 1000.
The initlal rIDAvailablePool starts at nextRid + 100.
I also found that the RID Set of the local dc
should be created via provision and not at runtime,
when the first rid is needed.
(Tested with dcpromo on w2k8r2, while disabling the DNS
check box).
After provision we should have this (assuming nextRid=1000):
rIDAllocationPool: 1100-1599
rIDPrevAllocationPool: 1100-1599
rIDUsedPool: 0
rIDNextRID: 1100
rIDAvailablePool: 1600-
1073741823
Because provision sets rIDNextRid=1100, the first created account
(typically DNS related accounts) will get 1101 as rid!
metze
Stefan Metzmacher [Fri, 25 Jun 2010 10:27:27 +0000 (12:27 +0200)]
s4:provision: pass relax control also to modify_ldif
metze
Kamen Mazdrashki [Fri, 25 Jun 2010 12:56:35 +0000 (15:56 +0300)]
s4/net-drs: Fix error messages typo and formatting
Kamen Mazdrashki [Fri, 25 Jun 2010 11:56:03 +0000 (14:56 +0300)]
s4/drs-test: Fix whitespaces and permissions for delete_object.py test
Sorry I've missed to do this before
Jelmer Vernooij [Fri, 25 Jun 2010 19:51:23 +0000 (21:51 +0200)]
Move UCS2 macros to common code
Jeremy Allison [Fri, 25 Jun 2010 20:29:00 +0000 (13:29 -0700)]
Don't use frame as the talloc ctx in open_schannel_session_store(), as this breaks running from inetd
(we free frame below). Use NULL instead.
Jeremy.
Jeremy Allison [Fri, 25 Jun 2010 19:02:08 +0000 (12:02 -0700)]
Change talloc_autofree_context() to frame in Andrew's schannel.tdb TDB_CLEAR_IF_FIRST
changes. Using talloc_autofree_context() has undesirable effects when forked
subprocesses exit.
Jeremy.
Andrew Bartlett [Wed, 23 Jun 2010 00:37:13 +0000 (10:37 +1000)]
schannel Change to TDB_CLEAR_IF_FIRST to reduce fsync()
By making this DB TDB_NOSYNC, and by making that safe with
TDB_CLEAR_IF_FIRST, we greatly reduce the fsync() load on the server.
This particularly helps the source4/ 'make test', which otherwise tries
to disable fsync() in ldb.
Andrew Bartlett
Signed-off-by: Jeremy Allison <jra@samba.org>
Andrew Bartlett [Wed, 23 Jun 2010 00:36:32 +0000 (10:36 +1000)]
s3:schannel Open the schannel_state.tdb at startup
This will allow future TDB_CLEAR_IF_FIRST behaviour
Signed-off-by: Jeremy Allison <jra@samba.org>
Andrew Bartlett [Wed, 23 Jun 2010 00:33:15 +0000 (10:33 +1000)]
s4:schannel Open the schannel_store.tdb at startup
This will allow TDB_CLEAR_IF_FIRST behaviour in future
Signed-off-by: Jeremy Allison <jra@samba.org>
Andrew Bartlett [Wed, 23 Jun 2010 00:31:50 +0000 (10:31 +1000)]
libcli/auth make open_schannel_session_store() public
This will allow TDB_CLEAR_IF_FIRST to be used
Signed-off-by: Jeremy Allison <jra@samba.org>
Michael Adam [Fri, 25 Jun 2010 16:13:06 +0000 (18:13 +0200)]
s3:registry: use regdb_store_regdb_version() in regdb_init().
Michael Adam [Fri, 25 Jun 2010 16:12:28 +0000 (18:12 +0200)]
s3:registry: use regdb_store_regdb_version() in regdb_upgrade_v1_to_v2()
Michael Adam [Fri, 25 Jun 2010 16:11:35 +0000 (18:11 +0200)]
s3:registry: add a function regdb_store_regdb_version()
Michael Adam [Fri, 25 Jun 2010 16:04:52 +0000 (18:04 +0200)]
s3:registry: rename regdb_upgrade_to_version_2() -> regdb_upgrade_v1_to_v2()
Michael Adam [Fri, 25 Jun 2010 15:26:34 +0000 (17:26 +0200)]
s3:net [rpc] registry: be as user-friendly as possible wrt to the normalization change
The registry has been changed to use '\' as a key delimiter instead of '/'.
Originally, one could mix both characters in the specification of registry
key for net [rpc] registry. Now this can not work any more, since '/' is
generally treated as a valid character of a key name.
Now, to be as user-friendly as possible, the net [rpc] registry code has
been changed to still support '/' as a key name delimiter if no '\' character
is found in the given registry path string. In that case, all '/' characters
are converted to '\' characters before proceeding. If on the other hand,
a '\' character is found in the path string, then no conversion is assumed,
and it is hence assumed that the path is already in the correct form and
'/' characters are supposed to be part of the key names.
Michael Adam [Fri, 25 Jun 2010 12:34:04 +0000 (14:34 +0200)]
s3:registry: improve logic of upgrade code in regdb_init()
Don't overwrite unknown versions (0 or > 2) of the registry.
Michael Adam [Fri, 25 Jun 2010 10:32:22 +0000 (12:32 +0200)]
s3:registry: fix some debug messages in regdb_ini()
Andreas Schneider [Thu, 24 Jun 2010 14:33:37 +0000 (16:33 +0200)]
s3-registry: Convert registry key delimiter from slash to backslash.
This is needed to support keynames containing a '/' like TCP/IP. Which
is used in serveral standard paths.
Signed-off-by: Michael Adam <obnox@samba.org>
Andreas Schneider [Thu, 24 Jun 2010 13:26:04 +0000 (15:26 +0200)]
s3-registry: Added a db upgrade function to normalize the key delimiter.
This converts the key delimiter from a slash to a blackslash. We need to
support keynames with a backslash.
Signed-off-by: Michael Adam <obnox@samba.org>
Volker Lendecke [Fri, 25 Jun 2010 15:06:00 +0000 (17:06 +0200)]
s3: In make_server_info_info3, check the result of copy_netr_SamInfo3
Volker Lendecke [Fri, 25 Jun 2010 14:56:38 +0000 (16:56 +0200)]
s3: In copy_netr_SamInfo3 copy all of the sids array
Volker Lendecke [Fri, 25 Jun 2010 09:47:30 +0000 (11:47 +0200)]
s3: Fix a winbind crash
nss_get_info_cached might deep inside sequence_number() invalidate the
ads_struct without telling its callers.
Volker Lendecke [Tue, 22 Jun 2010 13:59:44 +0000 (15:59 +0200)]
s3: Fix a winbind crash
nss_get_info_cached might have invalidated "ads" deep inside.
Matthieu Patou [Mon, 21 Jun 2010 20:58:48 +0000 (00:58 +0400)]
s4 python: Add unit tests related to PyLong/PyInt handling
Signed-off-by: Jelmer Vernooij <jelmer@samba.org>
Matthieu Patou [Tue, 22 Jun 2010 15:57:22 +0000 (19:57 +0400)]
ldb: Fix a wrong changetype in unit test
Signed-off-by: Jelmer Vernooij <jelmer@samba.org>
Matthieu Patou [Mon, 21 Jun 2010 06:48:58 +0000 (10:48 +0400)]
pidl: Finish to fix the python generated code for 64bit integers
Signed-off-by: Jelmer Vernooij <jelmer@samba.org>
Jelmer Vernooij [Fri, 25 Jun 2010 00:40:37 +0000 (02:40 +0200)]
smbtorture: Fix loading of --load-list.
Jelmer Vernooij [Fri, 25 Jun 2010 00:35:29 +0000 (02:35 +0200)]
selftest: Clarify generation of idlist option.
Matthias Dieter Wallnöfer [Thu, 24 Jun 2010 14:06:11 +0000 (16:06 +0200)]
s4:lib/registry/ldb.c - cosmetic - fix comment
Matthias Dieter Wallnöfer [Thu, 24 Jun 2010 14:05:31 +0000 (16:05 +0200)]
s4:lib/registry/ldb.c - cosmetic - wrap lines
Michael Wood [Fri, 25 Jun 2010 06:46:13 +0000 (08:46 +0200)]
s4 upgradeprovision: Try to support older Pythons.
Use "...".split(sep, 1) instead of "...".partition(sep).
Signed-off-by: Matthias Dieter Wallnöfer <mdw@samba.org>
Kamen Mazdrashki [Fri, 25 Jun 2010 01:34:42 +0000 (04:34 +0300)]
s4/drs: DsReplicaSync should search partition to Sync
by any valid DSName attribute given, be it - partition DN,
partition GUID or partition SID
Kamen Mazdrashki [Fri, 25 Jun 2010 01:31:41 +0000 (04:31 +0300)]
s4/utils: fix few 'net drs replicate' error messages
mainly for the output to be more informative
Kamen Mazdrashki [Fri, 25 Jun 2010 01:30:21 +0000 (04:30 +0300)]
s4/drs-test: Tests Deleted objects replication
Tests how deleted objects are replicated between two DCs.
Currently the test exploits following vulnerabilities:
- DsReplicaSync is not correctly implemented
- a 'deleted object' is restored (kind of) in case DC1 replicates
from DC2 before the 'deleted object' is replicated
Jelmer Vernooij [Thu, 24 Jun 2010 23:21:14 +0000 (01:21 +0200)]
selftest: Store the output of the last test run in st/subunit.
If a testrepository repository is present, add the test output when it
has completed.
Jelmer Vernooij [Thu, 24 Jun 2010 22:16:18 +0000 (00:16 +0200)]
pidl/python: Make sure to always increment reference counter when using
Py_None.
Jelmer Vernooij [Thu, 24 Jun 2010 21:17:51 +0000 (23:17 +0200)]
pidl/python: Increment reference counter on Py_None to prevent us from
accidentally deallocating it.
Aravind Srinivasan [Tue, 22 Jun 2010 17:42:20 +0000 (10:42 -0700)]
s4 torture: Warn on NOT_IMPLEMENTED in addition to NOT_SUPPORTED for RAW-QFILEINFO
Signed-off-by: Tim Prouty <tprouty@samba.org>
Michael Adam [Thu, 24 Jun 2010 13:32:46 +0000 (15:32 +0200)]
s3:registry: remove unused function normalize_dbkey()
Michael Adam [Thu, 24 Jun 2010 13:31:06 +0000 (15:31 +0200)]
s3:registry: use normalize_reg_path() in regdb_set_secdesc()
instead of normalize_dbkey
Michael Adam [Thu, 24 Jun 2010 13:30:31 +0000 (15:30 +0200)]
s3:registry: use normalize_reg_path() in regdb_get_secdesc()
instead of normalize_dbkey.
Matthias Dieter Wallnöfer [Thu, 24 Jun 2010 13:11:25 +0000 (15:11 +0200)]
Revert "s4:provision.ldif - fix the number of available RIDs"
This reverts commit
41cdcd54b7b7e3fb70fdb220e74a1daf30e1891a.
As per request of metze revert this (cause written on the mailing list).
Matthias Dieter Wallnöfer [Thu, 24 Jun 2010 09:05:41 +0000 (11:05 +0200)]
s4:auth/gensec/gensec_gssapi.c - reorder constructor
To have the same order as in the structure definition.