Jelmer Vernooij [Tue, 14 Sep 2010 12:36:56 +0000 (14:36 +0200)]
selftest: If setting up environment fails, mark testsuites that use it as
errorring, don't skip it.
Günther Deschner [Tue, 14 Sep 2010 13:23:45 +0000 (15:23 +0200)]
s4-smbtorture: try to fix spoolss winreg Form tests on bigendian machines.
Guenther
Stefan Metzmacher [Tue, 14 Sep 2010 11:10:05 +0000 (13:10 +0200)]
tdb: add ABI/tdb-1.2.4.sigs
metze
Jelmer Vernooij [Tue, 14 Sep 2010 10:48:57 +0000 (12:48 +0200)]
nss_winbind: Fix soname.
Jelmer Vernooij [Tue, 14 Sep 2010 01:47:04 +0000 (03:47 +0200)]
subunit: Use RemoteError when passing errors to upstream subunit.
Jelmer Vernooij [Tue, 14 Sep 2010 00:36:51 +0000 (02:36 +0200)]
param: Add prototype for lpcfg_private_dir(), used by openchange.
Jelmer Vernooij [Mon, 13 Sep 2010 22:22:55 +0000 (00:22 +0200)]
subunit.pm: Fold Subunit::Filter into Subunit, trim further.
Jelmer Vernooij [Mon, 13 Sep 2010 22:09:46 +0000 (00:09 +0200)]
subunit.pm: Remove output_msg/control_msg functions.
Jelmer Vernooij [Mon, 13 Sep 2010 22:04:54 +0000 (00:04 +0200)]
selftest: Remove testsuite parsing.
Jelmer Vernooij [Mon, 13 Sep 2010 21:56:26 +0000 (23:56 +0200)]
subunit.pm: Simplify subunit handling in perl.
Jelmer Vernooij [Mon, 13 Sep 2010 21:22:35 +0000 (23:22 +0200)]
subunit.pm: Pass through milliseconds in time reports.
Jelmer Vernooij [Mon, 13 Sep 2010 21:07:41 +0000 (23:07 +0200)]
selftest: Report times in milliseconds rather than seconds.
Jelmer Vernooij [Mon, 13 Sep 2010 20:29:38 +0000 (22:29 +0200)]
subunit: Use standard subunit functions for reproducing subunit streams.
Jelmer Vernooij [Mon, 13 Sep 2010 20:13:15 +0000 (22:13 +0200)]
subunit: Remove unused methods.
Jelmer Vernooij [Mon, 13 Sep 2010 20:09:46 +0000 (22:09 +0200)]
subunit: Use standard functions for addSuccess, addExpectedFail,
addFailure, addSkip.
Jelmer Vernooij [Mon, 13 Sep 2010 19:55:22 +0000 (21:55 +0200)]
subunit: Use standard addError method implementation.
Jelmer Vernooij [Mon, 13 Sep 2010 19:42:32 +0000 (21:42 +0200)]
subunit: Pass TestCase objects to startTest rather than test name strings.
Jelmer Vernooij [Mon, 13 Sep 2010 19:31:08 +0000 (21:31 +0200)]
subunit: Use subunit standard functions for handling time and progress.
Jelmer Vernooij [Mon, 13 Sep 2010 19:17:05 +0000 (21:17 +0200)]
subunit: Use standard subunit test protocol client, use standard name for startTest.
Jelmer Vernooij [Mon, 13 Sep 2010 18:53:54 +0000 (20:53 +0200)]
subunit: Initial work on using the standard TestResult class.
Günther Deschner [Tue, 14 Sep 2010 06:38:30 +0000 (08:38 +0200)]
s3-waf: fix the build after privilege code changes.
Guenther
Volker Lendecke [Mon, 13 Sep 2010 22:02:01 +0000 (00:02 +0200)]
s3: Remove some unnecessary if-statements
Jeremy Allison [Mon, 13 Sep 2010 23:54:21 +0000 (16:54 -0700)]
Fix bug 7409 - Thousands of reduce_name: couldn't get realpath.
Don't log this at level 1 - every EACCES will generate one.
Thanks to muehlfeld@medizinische-genetik.de for pointing this out.
Jeremy.
Volker Lendecke [Mon, 13 Sep 2010 16:09:20 +0000 (18:09 +0200)]
ntlm_auth: Fix a valgrind error
Matthias Dieter Wallnöfer [Mon, 13 Sep 2010 20:41:06 +0000 (22:41 +0200)]
s4:SID handling - always encode the SID using "ldap_encode_ndr_dom_sid" for LDAP filters
This makes also lookups through special backends as "samba3sam" work.
Matthias Dieter Wallnöfer [Mon, 13 Sep 2010 20:39:50 +0000 (22:39 +0200)]
s4:cosmetic - the SID attribute is called objectSid - not objectSID
Matthias Dieter Wallnöfer [Mon, 13 Sep 2010 19:18:13 +0000 (21:18 +0200)]
testdata/samba3/provision_samba3sam.ldif - update also here the maximum domain controller functionality
And we do support also LDAPv2.
Jelmer Vernooij [Mon, 13 Sep 2010 18:40:19 +0000 (20:40 +0200)]
param: Only include param_proto.h for Samba builds, provide those
prototypes necessary for external users (OpenChange) manually.
Volker Lendecke [Mon, 13 Sep 2010 09:56:48 +0000 (11:56 +0200)]
s3: Fix a typo
Volker Lendecke [Mon, 13 Sep 2010 09:44:19 +0000 (11:44 +0200)]
s3: Fix a typo (authentictaion->authentication)
Volker Lendecke [Mon, 13 Sep 2010 09:31:58 +0000 (11:31 +0200)]
s3: Do not directly log off after a pam_logon
Volker Lendecke [Mon, 13 Sep 2010 09:31:26 +0000 (11:31 +0200)]
s3: Fix wbinfo arg for --pam-logon
Volker Lendecke [Mon, 13 Sep 2010 09:08:40 +0000 (11:08 +0200)]
ntlm_check: Fix some nonempty blank lines
Stefan Metzmacher [Fri, 10 Sep 2010 02:47:32 +0000 (04:47 +0200)]
lib/tdb: change version to 1.2.4 after hash checking improvments
lib/tdb: change version to 1.2.4 after hash checking improvments
metze
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
Rusty Russell [Mon, 13 Sep 2010 10:35:59 +0000 (20:05 +0930)]
tdb: put example hashes into header, so we notice incorrect hash_fn.
This is Stefan Metzmacher <metze@samba.org>'s patch with minor changes:
1) Use the TDB_MAGIC constant so both hashes aren't of strings.
2) Check the hash in tdb_check (paranoia, really).
3) Additional check in the (unlikely!) case where both examples hash to 0.
4) Cosmetic changes to var names and complaint message.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
Rusty Russell [Mon, 13 Sep 2010 10:29:18 +0000 (19:59 +0930)]
tdb: fix tdb_check() on other-endian tdbs.
We must not endian-convert the magic string, just the rest.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
Rusty Russell [Mon, 13 Sep 2010 10:28:23 +0000 (19:58 +0930)]
tdb: fix tdb_check() on read-only TDBs to actually work.
Commit
bc1c82ea137 "Fix tdb_check() to work with read-only tdb databases."
claimed to do this, but tdb_lockall_read() fails on read-only databases.
Also make sure we can still do tdb_check() inside a transaction (weird,
but we previously allowed it so don't break the API).
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
Rusty Russell [Mon, 13 Sep 2010 10:25:26 +0000 (19:55 +0930)]
tdb: make check more robust against recovery failures.
We can end up with dead areas when we die during transaction commit;
tdb_check() fails on such a (valid) database.
This is particularly noticable now we no longer truncate on recovery;
if the recovery area was at the end of the file we used to remove it
that way.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
Matthias Dieter Wallnöfer [Mon, 13 Sep 2010 08:38:08 +0000 (10:38 +0200)]
Revert "s4:samldb LDB module - simplify the message handling on add and modify operations"
This reverts commit
1d94bb3ad4d9c6de3b77ed4690a54ebf2399cc0d.
This commit causes unconditional behaviour (sometimes it works, sometimes not) -sorry for introducing this.
I will rework this further.
Matthias Dieter Wallnöfer [Sun, 12 Sep 2010 20:26:10 +0000 (22:26 +0200)]
s4:samldb LDB module - remove a disastrous "talloc_free"
This completely destroys the program logic (async callbacks). Sorry for
introducing this.
Matthias Dieter Wallnöfer [Sun, 12 Sep 2010 20:24:42 +0000 (22:24 +0200)]
Revert "s4:util_samr.c - also here we've now the default primaryGroupID detection working"
This reverts commit
7e9e35db4126f953e8a2579d992c63b274011119.
Sorry, the logic is working differently here. We do still need this.
Matthias Dieter Wallnöfer [Sun, 12 Sep 2010 20:10:06 +0000 (22:10 +0200)]
s4:torture/rpc/samr.c - fix typos in outputs
Matthias Dieter Wallnöfer [Sun, 12 Sep 2010 19:19:27 +0000 (21:19 +0200)]
s4:util_samr.c - also here we've now the default primaryGroupID detection working
Matthias Dieter Wallnöfer [Sun, 12 Sep 2010 17:11:26 +0000 (19:11 +0200)]
s4:ldap.py - tests the primary group detection by the "userAccountControl"
Matthias Dieter Wallnöfer [Sun, 12 Sep 2010 16:39:50 +0000 (18:39 +0200)]
s4:setup/provision_self_join.ldif - now the samldb LDB module detects automatically that this is a DC account
Matthias Dieter Wallnöfer [Sun, 12 Sep 2010 16:26:06 +0000 (18:26 +0200)]
s4:samldb LDB module - "samldb_check_primaryGroupID" - support RID derivation from "userAccountControl"
Specified in MS-SAMR 3.1.1.8.1 and probably fixes also bug #7441.
Matthias Dieter Wallnöfer [Sun, 12 Sep 2010 16:00:21 +0000 (18:00 +0200)]
libds:flag_mapping.c - introduce a call which maps the "userAccountControl" to the default primary group RID
Matthias Dieter Wallnöfer [Sun, 12 Sep 2010 15:49:47 +0000 (17:49 +0200)]
libds:flag_mapping.c - fix counter variable types
Matthias Dieter Wallnöfer [Sun, 12 Sep 2010 13:05:19 +0000 (15:05 +0200)]
s4:samldb LDB module - free the "ac" context after the delete checks
Matthias Dieter Wallnöfer [Sun, 12 Sep 2010 12:38:11 +0000 (14:38 +0200)]
s4:samldb LDB module - simplify the message handling on add and modify operations
We perform always only one shallow copy operation of the message on the "req"
context. This allows to free the "ac" context when we've prepared all our
changes.
Matthias Dieter Wallnöfer [Sun, 12 Sep 2010 12:41:53 +0000 (14:41 +0200)]
s4:samldb LDB module - move "samldb_prim_group_users_check" more down to see that it is only in use by the delete operation
add and modify helpers will stay on the top of the add and modify operation
since they will likely be shared as much as possible.
Matthias Dieter Wallnöfer [Sun, 12 Sep 2010 12:40:17 +0000 (14:40 +0200)]
s4:samldb LDB module - add a comment to mark the beginning of the extended operation handler
Matthias Dieter Wallnöfer [Sun, 12 Sep 2010 11:14:36 +0000 (13:14 +0200)]
s4:samldb LDB module - refactor "samldb_find_for_defaultObjectCategory" to be again synchronous
Also to make it easier to comprehend
Matthias Dieter Wallnöfer [Sun, 12 Sep 2010 10:54:31 +0000 (12:54 +0200)]
s4:samldb LDB module - refactor the "primaryGroupID" check on user creation
This looks more straight-forward now.
Matthias Dieter Wallnöfer [Sun, 12 Sep 2010 10:53:37 +0000 (12:53 +0200)]
s4:samldb LDB module - get rid of the SID context variable
Since we get more and more rid of async stuff we don't need this in the context
anymore.
Matthias Dieter Wallnöfer [Sun, 12 Sep 2010 10:31:41 +0000 (12:31 +0200)]
s4:samldb LDB module - use also here the real attribute denomination "sAMAccountName"
Purely cosmetic - but nicer to read
Matthias Dieter Wallnöfer [Sun, 12 Sep 2010 10:29:21 +0000 (12:29 +0200)]
s4:samldb LDB module - rename "check_SamAccountType" into "check_sAMAccountType"
And a small cosmetic change.
I like to have the real attribute names in the function denominations
Matthias Dieter Wallnöfer [Sun, 12 Sep 2010 10:25:55 +0000 (12:25 +0200)]
s4:samldb LDB module - make "samldb_check_sAMAccountName" synchronous again
To make it more understandable
Matthias Dieter Wallnöfer [Sun, 12 Sep 2010 13:05:46 +0000 (15:05 +0200)]
s4:fsmo.py - fix an obvious typo
Volker Lendecke [Sat, 11 Sep 2010 16:24:54 +0000 (18:24 +0200)]
s3: Remove a nesting level in winbindd_dual_pam_chauthtok
Matthieu Patou [Tue, 9 Mar 2010 12:39:56 +0000 (15:39 +0300)]
s4:unittest: Test wbinfo --group-info and --gid-info
Signed-off-by: Matthias Dieter Wallnöfer <mdw@samba.org>
Matthias Dieter Wallnöfer [Sat, 11 Sep 2010 17:13:13 +0000 (19:13 +0200)]
test_wbinfo.c - count more possible failures
Matthias Dieter Wallnöfer [Sat, 11 Sep 2010 15:44:43 +0000 (17:44 +0200)]
ldb:tools/cmdline.c - reorganise imports
Matthias Dieter Wallnöfer [Sat, 11 Sep 2010 16:01:57 +0000 (18:01 +0200)]
s4:param/secrets.c - reorganise imports
Matthias Dieter Wallnöfer [Sat, 11 Sep 2010 15:53:32 +0000 (17:53 +0200)]
s4:rpc_server/common/common.h - introduce two forward declarations to suppress parameter declaration warnings
Always Tru64 in file "param/loadparm.c" and possibly others.
Matthias Dieter Wallnöfer [Sat, 11 Sep 2010 15:43:44 +0000 (17:43 +0200)]
ldb:tools/cmdline.c - make a counter unsigned where appropriate
Matthias Dieter Wallnöfer [Sat, 11 Sep 2010 15:41:38 +0000 (17:41 +0200)]
s4:ldb_register_samba_handlers - fix up and convert result codes to LDB/LDAP results
Matthias Dieter Wallnöfer [Sat, 11 Sep 2010 14:50:47 +0000 (16:50 +0200)]
lib/replace/wscript:Tru64 build - Better use version 600 for _XOPEN_SOURCE
This means we request the "Single UNIX Specification, Version 3" with C99
compatibility as the Python 2.5 release on the system. This prevents
redefinitions with different values.
> [ 451/1918] Compiling scripting/python/pyglue.c
> cc: Warning: /usr/local/include/python2.5/pyconfig.h, line 951: The redefinition of the macro "_XOPEN_SOURCE" conflicts with a current definition because the replacement lists differ. The redefinition is now in effect. (macroredef)
> #define _XOPEN_SOURCE 600
> ----------------------^
> cc: Warning: default/source4/include/config.h, line 54: The redefinition of the macro "_XOPEN_SOURCE" conflicts with a current definition because the replacement lists differ. The redefinition is now in effect. (macroredef)
> #define _XOPEN_SOURCE 500
> ----------------------^
Matthias Dieter Wallnöfer [Sat, 11 Sep 2010 12:02:11 +0000 (14:02 +0200)]
s4:dcesrv_samr_GetGroupsForUser - also universal group memberships are returned here
Tested using User Manager for Domains against Windows Server 2008.
MS-SAMR 3.1.5.9.1 is wrong in this case therefore I've informed the dochelp team.
Andrew Bartlett [Sat, 11 Sep 2010 10:38:15 +0000 (20:38 +1000)]
s4-privs Fix enum privileges in LSARPC server
We were returning the index, not the LUID value
Andrew Bartlett
Andrew Bartlett [Sat, 11 Sep 2010 10:38:02 +0000 (20:38 +1000)]
s3-auth Fix typo in comment
Andrew Tridgell [Mon, 19 Jul 2010 05:43:25 +0000 (15:43 +1000)]
nss-waf: use the right winbind pipe path
s4 uses a different location for the winbind pipe to s3
Andrew Tridgell [Mon, 19 Jul 2010 05:42:42 +0000 (15:42 +1000)]
winbind-waf: the installed name is libnss_winbind.so.2
the .2 is what libc adds to the name for this version of the nss API
Andrew Bartlett [Tue, 1 Jun 2010 09:12:29 +0000 (19:12 +1000)]
s4:gensec Put the "NTLM" string for NTLMSSP's SASL name in a header
Andrew Tridgell [Wed, 11 Aug 2010 03:40:48 +0000 (13:40 +1000)]
s4-param: removed the lp_ varients of the functions
these made debugging much harder. We should replace these with
generated macros
Andrew Tridgell [Wed, 11 Aug 2010 03:36:48 +0000 (13:36 +1000)]
s4-param: move back to auto-generation of loadparm prototypes
Andrew Tridgell [Wed, 28 Jul 2010 07:30:09 +0000 (17:30 +1000)]
s4-credentials: get all attributes in cli_credentials_set_secrets()
This ensures we get whenChanged, which is needed by the s3 winbind
code to ensure we don't repeatedly try to change the password
Andrew Bartlett [Sat, 11 Sep 2010 09:42:17 +0000 (19:42 +1000)]
security.idl Clarify that this is not a network structure
Matthias Dieter Wallnöfer [Sat, 11 Sep 2010 10:53:21 +0000 (12:53 +0200)]
libcli/auth/schannel_state_tdb.c - fix includes
Otherwise we get a "declared inside parameter list" warning.
Matthias Dieter Wallnöfer [Sat, 11 Sep 2010 10:15:20 +0000 (12:15 +0200)]
lib/replace:wscript - additional attempt to fix the build on Tru64
Obviously we really need both definitions ("socklen_t" has been found by
"_XOPEN_SOURCE"=500). But now FIONREAD wasn't accessible.
Andrew Bartlett [Sat, 11 Sep 2010 07:00:10 +0000 (17:00 +1000)]
libcli/security Use talloc_zero when making a struct security_token
Andrew Bartlett [Sat, 11 Sep 2010 06:59:53 +0000 (16:59 +1000)]
libcli/privileges Fix comment
Andrew Bartlett [Sat, 11 Sep 2010 06:58:45 +0000 (16:58 +1000)]
s4-privs Seperate rights and privileges
These are related, but slightly different concepts. The biggest difference
is that rights are not enumerated as a system-wide list.
This moves the rights to security.idl due to dependencies.
Andrew Bartlett
Andrew Bartlett [Sat, 11 Sep 2010 06:13:33 +0000 (16:13 +1000)]
s3-krb5 Fix Kerberos on FreeBSD with Samba4 DCs
The idea of this patch is: Don't support a mix of different kerberos
features.
Either we should prepare a GSSAPI (8003) checksum and mark the request as
such, or we should use the old behaviour (a normal kerberos checksum of 0 data).
Sending the GSSAPI checksum data, but without marking it as GSSAPI broke
Samba4, and seems well outside the expected behaviour, even if Windows accepts it.
Andrew Bartlett
Andrew Bartlett [Fri, 3 Sep 2010 23:32:21 +0000 (09:32 +1000)]
libcli/security Remove unused SE_NONE define
Signed-off-by: Andrew Tridgell <tridge@samba.org>
Andrew Bartlett [Fri, 3 Sep 2010 23:23:12 +0000 (09:23 +1000)]
libcli/security Move 'private' privileges functions to another header
These functions work on the bitmap, and are only exposed because
the source3/ privileges storage uses the bitmap in account_policy.tdb
Andrew Bartlett
Signed-off-by: Andrew Tridgell <tridge@samba.org>
Andrew Bartlett [Fri, 3 Sep 2010 23:18:05 +0000 (09:18 +1000)]
s3-samr Explian better the use of two privileges in this call
Signed-off-by: Andrew Tridgell <tridge@samba.org>
Andrew Bartlett [Fri, 3 Sep 2010 23:16:23 +0000 (09:16 +1000)]
libcli/security Remove 'always true' return from se_priv_put_all_privileges
Andrew Bartlett
Signed-off-by: Andrew Tridgell <tridge@samba.org>
Andrew Bartlett [Fri, 3 Sep 2010 22:37:21 +0000 (08:37 +1000)]
s3-util_sid Tidy up global struct security_token
This no longer needs to be global, and should be const. We now also
init it with the C99 style initialisers.
Andrew Bartlett
Signed-off-by: Andrew Tridgell <tridge@samba.org>
Andrew Bartlett [Fri, 3 Sep 2010 21:02:38 +0000 (07:02 +1000)]
s4-rpc_server Put all 'logon failure' messages at the same debug level 4
Signed-off-by: Andrew Tridgell <tridge@samba.org>
Andrew Bartlett [Fri, 3 Sep 2010 21:01:38 +0000 (07:01 +1000)]
libcli/auth Failure to find the cached session key for SCHANNEL isn't level 0
This happens all the time, particularly now that we don't keep the
db around after a reboot. Don't scare the admins with the level 0.
Andrew Bartlett
Signed-off-by: Andrew Tridgell <tridge@samba.org>
Andrew Bartlett [Fri, 3 Sep 2010 10:30:50 +0000 (20:30 +1000)]
s3-privs Add const
Signed-off-by: Andrew Tridgell <tridge@samba.org>
Andrew Bartlett [Fri, 3 Sep 2010 10:30:16 +0000 (20:30 +1000)]
s3-privs Remove extra pointer on privilege mask
Now that this is a scalar, this isn't required.
Signed-off-by: Andrew Tridgell <tridge@samba.org>
Andrew Tridgell [Fri, 3 Sep 2010 06:33:41 +0000 (16:33 +1000)]
s3-privileges: add handling of both old and new formats in database
We update privileges on a per-record basis instead of all at once, as
this maintains maximum compatibility is someone uses old tools with a
new version of Samba. The also auto-detects the byte order of the old
entries in the database, and copes with either native or reversed byte
order.
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
Andrew Tridgell [Thu, 2 Sep 2010 04:15:13 +0000 (14:15 +1000)]
s4-lsa: privilege IDs should use the enum, not an int
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
Andrew Tridgell [Thu, 2 Sep 2010 04:14:51 +0000 (14:14 +1000)]
privileges: privilege luids are not all below 64
the ones brought across from s3 have higher values
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
Andrew Bartlett [Mon, 30 Aug 2010 23:28:51 +0000 (09:28 +1000)]
libcli/security Make sec_privilege_from_index() return SEC_PRIV_INVALID on failure
This is clearer and more consistent than using a magic -1 return
Andrew Bartlett
Signed-off-by: Andrew Tridgell <tridge@samba.org>
Andrew Bartlett [Mon, 30 Aug 2010 23:20:39 +0000 (09:20 +1000)]
libcli/security Remove unused declarations from privileges.h
Signed-off-by: Andrew Tridgell <tridge@samba.org>
Andrew Bartlett [Mon, 30 Aug 2010 06:29:05 +0000 (16:29 +1000)]
s3-privs Remove unused function
Signed-off-by: Andrew Tridgell <tridge@samba.org>
Andrew Bartlett [Mon, 30 Aug 2010 05:38:18 +0000 (15:38 +1000)]
s3-privs Overhaul PRIVILEGE_SET handling, avoid dealing with the bitmap
This avoids us dealing with the privilege bitmap in the LSA server, and
overhauls much of the rest of the handling to be currnet with the modern
world of talloc.
Andrew Bartlett
Signed-off-by: Andrew Tridgell <tridge@samba.org>