Andrew Bartlett [Thu, 21 Aug 2008 09:24:58 +0000 (19:24 +1000)]
Don't walk past the end of ldb values.
This is a partial fix towards bugs due to us walking past the end of
what we think are strings in ldb. There is much more work to do in
this area.
Andrew Bartlett
Andrew Bartlett [Thu, 21 Aug 2008 07:29:47 +0000 (17:29 +1000)]
Push loading the objectGUID and objectSID handlers earlier.
Andrew Bartlett
Andrew Bartlett [Thu, 21 Aug 2008 06:42:03 +0000 (16:42 +1000)]
Stop every ldb startup doing a write to the database.
Something in the search stack adds a distinguisedName record, which
isn't in the message we generate. So we compare, fail and rewrite the
record - every time ldb starts up...
Andrew Bartlett
Andrew Bartlett [Thu, 21 Aug 2008 06:09:42 +0000 (16:09 +1000)]
Validate input in the CLDAP and DGRAM 'netlogon' responder.
Andrew Bartlett [Thu, 21 Aug 2008 05:10:40 +0000 (15:10 +1000)]
Handle error cases in attribute handlers better.
We don't need to just bail, for all these error cases there is still
real result that can be made - just fall back to binary copy/compare.
Andrew Bartlett
Andrew Bartlett [Thu, 21 Aug 2008 02:59:16 +0000 (12:59 +1000)]
The index handling is now configured from the schema load, not by a
template.
Andrew Bartlett
Andrew Bartlett [Thu, 21 Aug 2008 02:58:00 +0000 (12:58 +1000)]
Set both attributes and indexes into the database on schema load.
This ensures that a rudementary schema is always present (for
bootstrapping), and that the indexes are maintained equal to the
schema (rather than hard-coded).
Andrew Bartlett
Andrew Bartlett [Thu, 21 Aug 2008 02:56:34 +0000 (12:56 +1000)]
All these syntaxes are now handled by the schema.
Andrew Bartlett [Thu, 21 Aug 2008 02:56:04 +0000 (12:56 +1000)]
Don't hardcode attributes to be treated as a DN
This is now handled by reading the schema into the attributes.
Also, when we do set something here, mark it as FIXED, so the schema
and any reload from @ATTRIBUTES won't touch it.
Andrew Bartlett
Andrew Bartlett [Thu, 21 Aug 2008 02:51:55 +0000 (12:51 +1000)]
Correct anr search commants and error messages in ldap.js
Andrew Bartlett [Thu, 21 Aug 2008 02:51:06 +0000 (12:51 +1000)]
Don't allow a NULL syntax
Andrew Bartlett [Thu, 21 Aug 2008 02:50:22 +0000 (12:50 +1000)]
Don't maniplate control entries in samldb
Andrew Bartlett [Wed, 20 Aug 2008 06:18:44 +0000 (16:18 +1000)]
Use the new SEARCH_FLAG_ANR define
Andrew Bartlett [Wed, 20 Aug 2008 06:02:13 +0000 (16:02 +1000)]
Merge branch 'v4-0-test' of ssh://git.samba.org/data/git/samba into 4-0-abartlet
Andrew Tridgell [Wed, 20 Aug 2008 06:00:54 +0000 (16:00 +1000)]
don't overwrite fixed attributes with @ATTRIBUTES
Andrew Bartlett [Wed, 20 Aug 2008 05:52:08 +0000 (15:52 +1000)]
Merge branch 'v4-0-test' of ssh://git.samba.org/data/git/samba into 4-0-abartlet
Andrew Tridgell [Wed, 20 Aug 2008 05:50:58 +0000 (15:50 +1000)]
Merge commit 'origin/v4-0-test' into v4-0-test
Andrew Tridgell [Wed, 20 Aug 2008 05:46:58 +0000 (15:46 +1000)]
added a LDB_ATTR_FLAG_FIXED so the schema module can mark attributes
as never to be removed.
Andrew Bartlett [Wed, 20 Aug 2008 05:46:46 +0000 (15:46 +1000)]
Apply attributes (and their syntax) from the schema into ldb
This changes the @ATTRIBUTES record to be for bootstrapping only,
before we find the schema.
Andrew Bartlett
Andrew Bartlett [Wed, 20 Aug 2008 05:45:16 +0000 (15:45 +1000)]
Add schema search flags from MS-ADTS
Andrew Bartlett [Wed, 20 Aug 2008 03:22:16 +0000 (13:22 +1000)]
Split schema_init.c into smaller bits.
This should make schema manipulation a little easier to follow.
Andrew Bartlett
Andrew Bartlett [Wed, 20 Aug 2008 03:09:40 +0000 (13:09 +1000)]
Remove last traces of the old 'subclass' feature
Matthias Dieter Wallnöfer [Wed, 20 Aug 2008 02:46:37 +0000 (12:46 +1000)]
Add a torture test for the new 'netlogon' flags.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Matthias Dieter Wallnöfer [Wed, 20 Aug 2008 02:45:41 +0000 (12:45 +1000)]
Add extra bits to our 'netlogon' response in CLDAP and NBT.
I've studied now the netlogon attribute from the CLDAP request and
have compared them with the table presented in the WSPP docs
(http://msdn.microsoft.com/en-us/library/
cc201036.aspx). The first two
bytes seem to be correct, but that the third and fourth one is
completely clear with SAMBA 4.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Andrew Bartlett [Wed, 20 Aug 2008 02:21:36 +0000 (12:21 +1000)]
Update OpenLDAP MMR configuration per comments by Oliver Liebel
<oliver@itc.li>
This changes the RIDs to be <serverID><DBID>, to ease later debugging.
The need to specify the port on the MMR URLs is now included in the
help.
Andrew Bartlett
Andrew Tridgell [Tue, 19 Aug 2008 07:49:34 +0000 (17:49 +1000)]
added some comments at the request of a frustrated abartlet
Andrew Bartlett [Tue, 19 Aug 2008 04:11:51 +0000 (14:11 +1000)]
Merge branch 'v4-0-test' of ssh://git.samba.org/data/git/samba into 4-0-abartlet
Andrew Bartlett [Tue, 19 Aug 2008 04:10:53 +0000 (14:10 +1000)]
Merge branch 'v4-0-test' of ssh://git.samba.org/data/git/samba into 4-0-abartlet
Andrew Bartlett [Tue, 19 Aug 2008 04:10:14 +0000 (14:10 +1000)]
Fix up new OpenLDAP MMR code.
This changes the MMR password from hard-coded value of 'linux',
adds tests and fixes the Fedora DS backend.
Currently the MMR password matches the admin password, but we can
change this to be another random value if required.
Also require the port to be specified on the command line, so we don't
hard-code a port of 9000.
Andrew Bartlett
Oliver Liebel [Tue, 19 Aug 2008 02:03:04 +0000 (12:03 +1000)]
Generate Multi-Master Replication configuration for OpenLDAP
This patches provision-backend and the related scripts to generate the
correct configuration blobs for N-way multi-master replication using
OpenLDAP.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Andrew Bartlett [Tue, 19 Aug 2008 01:43:41 +0000 (11:43 +1000)]
Fix templates.ldb reprovision handling.
This sets the attributes in a seperate transaction, and allows a
forced delete of the whole file.
Andrew Bartlett
Stefan Metzmacher [Mon, 18 Aug 2008 13:33:11 +0000 (15:33 +0200)]
librpc: don't build the old mszip decompression code
metze
Stefan Metzmacher [Thu, 7 Aug 2008 16:24:57 +0000 (16:24 +0000)]
ndr_compression: use zlib's inflate() for decompression
metze
Stefan Metzmacher [Mon, 18 Aug 2008 12:26:53 +0000 (14:26 +0200)]
zlib: mark as modified for samba
metze
Stefan Metzmacher [Fri, 15 Aug 2008 11:32:51 +0000 (13:32 +0200)]
zlib: fix compiler warnings
metze
Stefan Metzmacher [Mon, 18 Aug 2008 12:25:41 +0000 (14:25 +0200)]
zlib: we don't need the inflateReset2 prototype twice
metze
Matthieu Suiche [Thu, 10 Jul 2008 09:31:43 +0000 (09:31 +0000)]
librpc/ndr: add support for XPRESS decompression
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Matthieu Suiche [Thu, 10 Jul 2008 09:31:43 +0000 (09:31 +0000)]
lib/compression: Import of lzxpress decompression algorithm
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Andrew Bartlett [Mon, 18 Aug 2008 10:30:27 +0000 (20:30 +1000)]
Note the ldb syntax for attribute syntaxes in the table.
This includes additional Samba-specific syntaxes made available from
the ldif_handlers code.
This commit also changes some table to use #defines, to ensure
consistancy in other parts of the code.
Andrew Bartlett
Andrew Bartlett [Mon, 18 Aug 2008 10:21:31 +0000 (20:21 +1000)]
Allow attributes to be overwritten, not just added to
Andrew Bartlett [Mon, 18 Aug 2008 10:20:24 +0000 (20:20 +1000)]
Fix segfaults when loading the schema fails.
Andrew Bartlett [Mon, 18 Aug 2008 05:12:08 +0000 (15:12 +1000)]
Ensure we fail to proceed if the schema won't load.
Andrew Bartlett [Mon, 18 Aug 2008 02:01:27 +0000 (12:01 +1000)]
Remove references to the unused @SUBCLASS feature.
This was removed from ldb_tdb a while ago
Andrew Bartlett
Andrew Bartlett [Mon, 18 Aug 2008 00:16:45 +0000 (10:16 +1000)]
Merge the two attribute syntax tables.
This merges the table once found in the oLschema2ldif tool (and moved
many times) with the table used for DRSUAPI.
The OpenLDAP schema map has been updated, to ensure that despite a
number of attributes being declared as OIDs, they are actually used as
strings (as they are actually LDAP class/attribute names).
Andrew Bartlett
Michael Adam [Fri, 15 Aug 2008 22:37:26 +0000 (00:37 +0200)]
configure: use AS_HELP_STRING for --with-disable-ext-lib
Michael
Michael Adam [Fri, 15 Aug 2008 22:35:52 +0000 (00:35 +0200)]
configure: use AS_HELP_STRING for --enable-developer
Michael
Michael Adam [Fri, 15 Aug 2008 22:34:43 +0000 (00:34 +0200)]
configure: use AS_HELP_STRING for --enable-debug.
Michael
Michael Adam [Fri, 15 Aug 2008 22:33:04 +0000 (00:33 +0200)]
configure: use AS_HELP_STRING for --with-selftest-prefix.
Michael
Michael Adam [Fri, 15 Aug 2008 22:31:23 +0000 (00:31 +0200)]
configure: use AS_HELP_STRING for --with-logfilebase.
Michael
Michael Adam [Fri, 15 Aug 2008 22:30:02 +0000 (00:30 +0200)]
configure: use AS_HELP_STRING for --with-piddir
Michael
Michael Adam [Fri, 15 Aug 2008 22:28:36 +0000 (00:28 +0200)]
configure: use AS_HELP_STRING for --with-lockdir.
Michael
Michael Adam [Fri, 15 Aug 2008 22:27:15 +0000 (00:27 +0200)]
configure: use AS_HELP_STRING for --ntp-signd-socket-dir.
Michael
Michael Adam [Fri, 15 Aug 2008 22:25:42 +0000 (00:25 +0200)]
configure: use AS_HELP_STRING for --with-winbindd-privileged-socket-dir.
Michael
Michael Adam [Fri, 15 Aug 2008 22:25:09 +0000 (00:25 +0200)]
configure: use AS_HELP_STRING for --with-winbindd-socket-dir .
Michael
Michael Adam [Fri, 15 Aug 2008 22:13:34 +0000 (00:13 +0200)]
configure: use AS_HELP_STRING for --with-privatedir
Michael
Michael Adam [Fri, 15 Aug 2008 22:07:54 +0000 (00:07 +0200)]
configure: format help string for --with-fhs with AS_HELP_STRING().
Michael
Michael Adam [Fri, 15 Aug 2008 22:23:47 +0000 (00:23 +0200)]
configure: remove duplicate definition of --with-winbindd-socket-dir.
I think this should have gone with
fa361354433fb9a5c09c84997a7c51f3052c294e.
Michael
Andrew Bartlett [Fri, 15 Aug 2008 11:20:05 +0000 (21:20 +1000)]
Fix the build, after the ad2oLschema changes.
Andrew Bartlett [Fri, 15 Aug 2008 11:16:40 +0000 (21:16 +1000)]
Merge branch 'v4-0-test' of ssh://git.samba.org/data/git/samba into 4-0-abartlet
Andrew Bartlett [Fri, 15 Aug 2008 10:41:50 +0000 (20:41 +1000)]
Merge branch 'v4-0-test' of ssh://git.samba.org/data/git/samba into 4-0-abartlet
Andrew Bartlett [Fri, 15 Aug 2008 10:40:57 +0000 (20:40 +1000)]
Generate the subSchema in cn=Aggregate
This reads the schema from the in-memory structure, when the magic
attributes are requested. The code is a modified version of that used
in the ad2oLschema tool (now shared).
The schema_fsmo module handles the insertion of the generated result.
As such, this commit also removes these entries from the setup/schema.ldif
Metze's previous stub of this functionality is also removed.
Andrew Bartlett
Andrew Bartlett [Fri, 15 Aug 2008 03:18:48 +0000 (13:18 +1000)]
Rework generation of the objectClass and attributeType lines.
Now that these are subroutines, we can factor them out into a file the
CN=Aggregate schema code can also use.
Andrew Bartlett
Andrew Bartlett [Fri, 15 Aug 2008 02:08:10 +0000 (12:08 +1000)]
Paramaterise the seperator in ad2OLschema
This will allow me to add a new mode, with the CN=Aggregate schema
format automatically generated.
Andrew Bartlett
Andrew Bartlett [Thu, 14 Aug 2008 23:46:51 +0000 (09:46 +1000)]
Don't segfault in RPC-ATSVC.
Stefan Metzmacher [Thu, 14 Aug 2008 13:14:53 +0000 (15:14 +0200)]
RAW-OPEN: be more strict in create_option checking
metze
Stefan Metzmacher [Wed, 13 Aug 2008 05:22:36 +0000 (07:22 +0200)]
Revert "krb5: always generate the acceptor subkey as the same enctype as the used service key"
This reverts commit
dbb94133e0313cae933d261af0bf1210807a6d11.
As we fixed gensec_gssapi to only return a session key when it's
have the correct session key, this hack isn't needed anymore.
metze
Stefan Metzmacher [Wed, 13 Aug 2008 07:52:20 +0000 (09:52 +0200)]
gsskrb5: always return an acceptor subkey
For non cfx keys it's the same as the intiator subkey.
This matches windows behavior.
metze
Stefan Metzmacher [Wed, 13 Aug 2008 05:18:35 +0000 (07:18 +0200)]
gensec_gssapi: only cache the session key in STAGE_DONE
The key may change because we switch from initiator to acceptor
subkey.
metze
Stefan Metzmacher [Thu, 14 Aug 2008 11:12:07 +0000 (13:12 +0200)]
SMB2-CREATE: add a special test for FILE_ATTRIBUTE_ENCRYPTED
Some standalone server (and samba4) doesn't support this.
metze
Stefan Metzmacher [Thu, 14 Aug 2008 07:54:51 +0000 (09:54 +0200)]
SMB2-CREATE: be more strict in checking file attributes
metze
Stefan Metzmacher [Thu, 14 Aug 2008 07:54:22 +0000 (09:54 +0200)]
SMB2-CREATE: be more strict in error checking
metze
Stefan Metzmacher [Thu, 14 Aug 2008 07:52:45 +0000 (09:52 +0200)]
ntvfs_generic: fix handling of create_options for SMB2
metze
Stefan Metzmacher [Thu, 14 Aug 2008 10:48:37 +0000 (12:48 +0200)]
libcli/smb2: add SMB2_CREATE_OPTIONS_NOT_SUPPORTED_MASK
SMB2 returns NOT_SUPPORTED to some more NTCREATE_OPTIONS.
metze
Stefan Metzmacher [Thu, 14 Aug 2008 10:37:31 +0000 (12:37 +0200)]
pvfs: fix handling of create_option flags
metze
Stefan Metzmacher [Thu, 14 Aug 2008 10:44:25 +0000 (12:44 +0200)]
libcli/raw: fix the special NTCREATE_OPTIONS_*_MASK values
We now reuse ignored values for the ntvfs backend private flags.
metze
Stefan Metzmacher [Wed, 13 Aug 2008 07:48:44 +0000 (09:48 +0200)]
smb2srv: async replies with STATUS_PENDING are not signed
..., but the they may have the sign flag set.
metze
Stefan Metzmacher [Wed, 13 Aug 2008 13:20:18 +0000 (15:20 +0200)]
smb2srv: sign replies when the request was also signed
metze
Stefan Metzmacher [Wed, 13 Aug 2008 07:45:44 +0000 (09:45 +0200)]
smb2srv: use defines instead of hex values
metze
Stefan Metzmacher [Wed, 13 Aug 2008 13:19:01 +0000 (15:19 +0200)]
libcli/smb2: use smb2 signing in auto mode if the server supports it
metze
Stefan Metzmacher [Wed, 13 Aug 2008 07:44:06 +0000 (09:44 +0200)]
libcli/smb2: we don't need check the same thing twice...
metze
Stefan Metzmacher [Wed, 13 Aug 2008 07:42:27 +0000 (09:42 +0200)]
libcli/smb2: async replies with STATUS_PENDING are not signed
metze
Stefan Metzmacher [Wed, 13 Aug 2008 14:58:12 +0000 (16:58 +0200)]
pidl: fix samba4.pidl.samba3-cli test
metze
Stefan Metzmacher [Wed, 13 Aug 2008 14:53:13 +0000 (16:53 +0200)]
NBT-WINSREPLICATION: be more robust to timing errors
Also reenable disabled tests.
metze
Andrew Tridgell [Thu, 14 Aug 2008 07:26:30 +0000 (17:26 +1000)]
expanded the SMB2-CREATE and RAW-OPEN tests to explore more of how the
create options fields are supposed to work
Andrew Tridgell [Thu, 14 Aug 2008 05:27:48 +0000 (15:27 +1000)]
cope with arbitrary unknown pac buffer types, so when MS adds
a new one we don't break our server
Andrew Tridgell [Thu, 14 Aug 2008 05:27:22 +0000 (15:27 +1000)]
cope with not knowing the kdc key
Andrew Bartlett [Tue, 12 Aug 2008 23:47:18 +0000 (09:47 +1000)]
Merge branch 'v4-0-test' of ssh://git.samba.org/data/git/samba into 4-0-abartlet
Stefan Metzmacher [Tue, 12 Aug 2008 13:02:02 +0000 (15:02 +0200)]
gensec_gssapi: add support for GENSEC_FEATURE_NEW_SPNEGO
metze
Stefan Metzmacher [Tue, 12 Aug 2008 12:57:14 +0000 (14:57 +0200)]
gensec_gssapi: fix compiler warnings
metze
Stefan Metzmacher [Tue, 12 Aug 2008 12:56:36 +0000 (14:56 +0200)]
gensec_gssapi: add a function to load the lucid structure once
metze
Stefan Metzmacher [Tue, 12 Aug 2008 12:26:21 +0000 (14:26 +0200)]
gensec: add support for new style spnego and correctly handle mechListMIC
metze
Andrew Bartlett [Tue, 12 Aug 2008 07:46:48 +0000 (17:46 +1000)]
Merge branch 'v4-0-test' of ssh://git.samba.org/data/git/samba into 4-0-abartlet
Stefan Metzmacher [Mon, 11 Aug 2008 16:14:51 +0000 (18:14 +0200)]
dcerpc.idl: remove used DCERPC_MAX_SIGN_SIZE
metze
Stefan Metzmacher [Mon, 11 Aug 2008 16:12:54 +0000 (18:12 +0200)]
rpc_server: correct the chunk_size depending on the signature size
metze
Stefan Metzmacher [Mon, 11 Aug 2008 16:00:11 +0000 (18:00 +0200)]
librpc/rpc: correct the chunk_size depending on the signature size
metze
Stefan Metzmacher [Mon, 11 Aug 2008 15:59:38 +0000 (17:59 +0200)]
dcerpc.idl: add DCERPC_AUTH_TRAILER_LENGTH
metze
Andrew Bartlett [Mon, 11 Aug 2008 01:45:45 +0000 (11:45 +1000)]
Only allow trust accounts access to the NTP signing service.
Stefan Metzmacher [Fri, 8 Aug 2008 10:39:11 +0000 (12:39 +0200)]
gensec_gssapi: use the correct signature size for cfx/rfc4121 style signatures
metze
Stefan Metzmacher [Fri, 8 Aug 2008 13:01:15 +0000 (15:01 +0200)]
gsskrb5: try to be compatible with windows for gss_wrap* and cfx
The good thing is that windows and heimdal both use EC=0
in the non DCE_STYLE case, so we need the windows compat hack
only in DCE_STYLE mode.
metze
Stefan Metzmacher [Fri, 8 Aug 2008 13:27:40 +0000 (15:27 +0200)]
gensec_gssapi: use gsskrb5_get_subkey() to get the session key
This is needed to get the correct key, when aes keys are used.
metze