Andrew Bartlett [Thu, 3 Jun 2010 12:32:49 +0000 (22:32 +1000)]
s3:s3compat Override default pipe forwarding for s3compat
This allows s3compat to be run without smb.conf options being set.
Andrew Bartlett [Mon, 24 May 2010 05:00:20 +0000 (15:00 +1000)]
s3:s3compat Allow replacement of lp_idmap_backend() and lp_idmap_alloc_backend
Andrew Bartlett [Sun, 23 May 2010 15:13:54 +0000 (01:13 +1000)]
s3:param Allow lp_security() and lp_passdb_backend to be omited for s3compat
When we build s3compat into the source4 code, we will provide a
replacement for both these functions.
Andrew Bartlett
Andrew Bartlett [Fri, 14 May 2010 14:10:56 +0000 (00:10 +1000)]
s3:winbindd Add hooks for s3compat into source3/winbindd
These extra pointers help the s3compat code do it's job
Andrew Bartlett [Tue, 18 May 2010 03:00:53 +0000 (13:00 +1000)]
s3:auth Improve make_auth_context_text_list API - add const
Andrew Bartlett [Mon, 17 May 2010 10:47:59 +0000 (20:47 +1000)]
s3:auth Enable make_auth_context_subsystem to be replaced in s3compat
This allows s3compat to replace this with a function that only directs
authentication to the source4 auth subsystem.
Andrew Bartlett
Andrew Bartlett [Tue, 4 May 2010 13:44:50 +0000 (23:44 +1000)]
s3:auth Add error paths for invalid password_state values
Andrew Bartlett [Mon, 17 May 2010 09:04:31 +0000 (19:04 +1000)]
s3:auth Change winbindd -> auth interface to more standard structures
This removes conversions to and from the source3 varient of the
server_info structure when replaced in s3compat, and presents a tidier
interface to winbindd in any case.
Andrew Bartlett
Andrew Bartlett [Mon, 17 May 2010 03:38:08 +0000 (13:38 +1000)]
auth/common_auth.h Add a few more 'common' functions
This helps ensure that we don't have different prototypes for the
different implementaitons of these functions.
Andrew Bartlett
Andrew Bartlett [Tue, 18 May 2010 03:11:46 +0000 (13:11 +1000)]
auth Add kerberos_return_pac() to common_auth.h
Andrew Bartlett [Tue, 18 May 2010 03:09:39 +0000 (13:09 +1000)]
auth Add ads_verify_ticket() to common_auth.h
Andrew Bartlett [Mon, 17 May 2010 08:10:13 +0000 (18:10 +1000)]
s3:auth Change 'make_user_info' to be talloc based
This is an ideal candidate, as it already uses a free function. It
now uses talloc destructors to clear the passwords if required.
Andrew Bartlett
Andrew Bartlett [Tue, 1 Jun 2010 11:53:42 +0000 (21:53 +1000)]
s3:auth Whitespace fixes after auth merge
Andrew Bartlett [Tue, 1 Jun 2010 11:52:01 +0000 (21:52 +1000)]
s3:auth Make Samba3 use the new common struct auth_usersupplied_info
This common structure will make it much easier to produce an auth
module for s3compat that calls Samba4's auth subsystem.
In order the make the link work properly (and not map twice), we mark
both that we did try and map the user, as well as if we changed the
user during the mapping.
Andrew Bartlett
Andrew Bartlett [Tue, 4 May 2010 06:44:08 +0000 (16:44 +1000)]
s4:auth Move struct auth_usersupplied_info to a common location
This also changes the calling convention slightly - we should always
allocate this with talloc_zero() to allow some elements to be
optional. Some elements may only make sense in Samba3, which I hope
will use this common structure.
Andrew Bartlett
Andrew Bartlett [Mon, 12 Jul 2010 04:26:34 +0000 (14:26 +1000)]
s3:auth Change auth_ntlmssp_server_info API to return NTSTATUS
It's nicer to have an NTSTATUS return, and in s3compat there may be a
reason other than 'no memory' why this can fail.
Andrew Bartlett
Signed-off-by: Jelmer Vernooij <jelmer@samba.org>
Andrew Bartlett [Mon, 12 Jul 2010 04:25:28 +0000 (14:25 +1000)]
s3:smbd Give the kerberos session key a parent
Nothing will free this, so this prevents a memory leak.
Andrew Bartlett
Signed-off-by: Jelmer Vernooij <jelmer@samba.org>
Andrew Bartlett [Mon, 12 Jul 2010 04:21:34 +0000 (14:21 +1000)]
s3:smbd Fix segfault if register_existing_vuid() fails
The register_existing_vuid() call will handle both the ntlmssp_end and
vuid invalidation internally, so we don't want to do it again.
Andrew Bartlett
Signed-off-by: Jelmer Vernooij <jelmer@samba.org>
Volker Lendecke [Sat, 22 May 2010 21:44:01 +0000 (23:44 +0200)]
tsocket: Fix some unreachable code
Volker Lendecke [Sun, 11 Jul 2010 15:30:53 +0000 (17:30 +0200)]
s3: [ug]id_to_unix_... can not fail
Remove some silly failure checks
Stefan Metzmacher [Sat, 10 Jul 2010 12:15:08 +0000 (14:15 +0200)]
README.Coding: fix typos
Thanks to Michael Wood <esiotrot@gmail.com> for the review.
metze
Stefan Metzmacher [Sat, 10 Jul 2010 08:06:17 +0000 (10:06 +0200)]
README.Coding: add examples for good and bad comments
metze
Stefan Metzmacher [Fri, 9 Jul 2010 11:08:07 +0000 (13:08 +0200)]
s4:provision: remove --policy-guid and --policy-guid-dc cmdline options
metze
Stefan Metzmacher [Fri, 25 Jun 2010 11:26:06 +0000 (13:26 +0200)]
s4:provision: also use fixed GUID names of the default group policies for domain and domain controllers in tests
metze
Matthieu Patou [Thu, 8 Jul 2010 20:09:49 +0000 (00:09 +0400)]
s4 provision: use correct GUID for default policies
The value of GUID for policy is not random for default policies, it is
described here ("How Core Group Policy Works"):
http://technet.microsoft.com/en-us/library/
cc784268%28WS.10%29.aspx
at paragraph System\Policies Container.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Matthieu Patou [Fri, 9 Jul 2010 16:29:27 +0000 (20:29 +0400)]
s4 unittests: remove the provision directory before (re)generating
Matthieu Patou [Fri, 2 Jul 2010 19:52:33 +0000 (23:52 +0400)]
s4 net: Add spn module to list/add/remove spn on objects
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Stefan Metzmacher [Sat, 10 Jul 2010 07:25:57 +0000 (09:25 +0200)]
testprogs/blackbox/subunit.sh: initialize failed to 0
This is a short-term workarround for broken scripts,
which use "exit $failed", without initializing failed.
We need a discussion on the mailing list how to handle this
in a nicer way.
This should fix some random failures in the blackbox tests.
metze
Stefan Metzmacher [Sat, 10 Jul 2010 07:09:28 +0000 (09:09 +0200)]
s4:winbind: let WBSRV_SAMBA3_SET_STRING() initialize the whole buffer
We should not send uninitialized bytes to the winbind pipe,
this makes also makes valgrind very unhappy.
metze
Stefan Metzmacher [Sat, 10 Jul 2010 07:08:57 +0000 (09:08 +0200)]
s4:wb_cmd_list_groups: also handle NT_STATUS_NO_MORE_ENTRIES
metze
Stefan Metzmacher [Sat, 10 Jul 2010 07:08:31 +0000 (09:08 +0200)]
s4:wb_cmd_list_users: also handle NT_STATUS_NO_MORE_ENTRIES
metze
Stefan Metzmacher [Sat, 10 Jul 2010 07:06:44 +0000 (09:06 +0200)]
s4:libnet_GroupList: allocate children strings on the correct talloc parent
Otherwise the _recv() function won't move the children strings to the
callers memory context and let the callers crash.
metze
Stefan Metzmacher [Sat, 10 Jul 2010 07:04:43 +0000 (09:04 +0200)]
s4:libnet_UserList: allocate children strings on the correct talloc parent
Otherwise the _recv() function won't move the children strings to the
callers memory context and let the callers crash.
metze
Stefan Metzmacher [Sat, 10 Jul 2010 07:14:15 +0000 (09:14 +0200)]
s4:buildtools: add 'make show_waf_options'
metze
Stefan Metzmacher [Sat, 10 Jul 2010 07:10:52 +0000 (09:10 +0200)]
s4:buildtools: make it possible to use advanced test options via the make waf wrapper
You can to do thinks like this now:
make test TEST_OPTIONS="--valgrind-server" TESTS=wbinfo
metze
Ira Cooper [Thu, 8 Jul 2010 20:30:12 +0000 (16:30 -0400)]
s3: Cleanup of the initial SMB2 counters patch.
This reorganizes smbd_smb2_request_dispatch to have a central exit point,
and use the normal profiling macros.
Signed-off-by: Jeremy Allison <jra@samba.org>
Stefan Metzmacher [Fri, 9 Jul 2010 14:27:34 +0000 (16:27 +0200)]
s4:drepl_notify: hide some bugs from the make test output
It's useless to get messages like this every few seconds:
dreplsrv_notify: Failed to send DsReplicaSync to
edbf4745-2966-49a7-8653-
99200f1c9430._msdcs.samba2003.example.com for
CN=Configuration,DC=samba2003,DC=example,DC=com -
NT_STATUS_OBJECT_NAME_NOT_FOUND : WERR_BADFILE
We have a non bug regarding non-linked DN attributes
and changes of the target DN.
metze
Stefan Metzmacher [Fri, 9 Jul 2010 10:52:11 +0000 (12:52 +0200)]
s4:drsuapi: don't return all linked attributes at the same time
Windows gives them in chunks, but I don't know the correct
rule to calculate the chunk size.
For now I'll use 1500 as the max size.
Windows isn't happy when it gets ~ 100000 linked attributes in one
response. It corrupts its directory index and later moves some objects
to the LostAndFound folder.
metze
Andreas Schneider [Fri, 9 Jul 2010 13:42:34 +0000 (15:42 +0200)]
s3-build: Add a gdbtestenv environment for Samba3.
This will open 3 xterms; smbd with gdb, winbind with gdb and a window to
run client commands.
Example: make gdbtestenv SMBD_OPTIONS="-d2"
Stefan Metzmacher [Fri, 9 Jul 2010 07:24:30 +0000 (09:24 +0200)]
s4:selftest: run RPC-SAMR-LARGE-DC against the vampire_dc to test the rid alloc code
metze
Stefan Metzmacher [Fri, 9 Jul 2010 07:23:04 +0000 (09:23 +0200)]
selftest/Samba4: set dreplsrv:periodic_startup_interval = 0
metze
Stefan Metzmacher [Thu, 8 Jul 2010 14:20:11 +0000 (16:20 +0200)]
s4:dsdb/repl: expose drsuapi_DsExtendedError to the caller (e.g. the ridalloc client)
metze
Stefan Metzmacher [Thu, 8 Jul 2010 14:18:21 +0000 (16:18 +0200)]
s4:drepl_out_helpers: don't return NT_STATUS_OK, if an extended operation doesn't return success
metze
Stefan Metzmacher [Thu, 8 Jul 2010 13:38:16 +0000 (15:38 +0200)]
s4:drepl_ridalloc: only ask the rid master for a new rid pool if we need to.
if we are at least half-exhausted then ask for a new pool.
This fixes a bug where we're sending unintialized alloc_pool
variable as exop->fsmo_info to the rid master and get back
DRSUAPI_EXOP_ERR_PARAM_ERROR.
metze
Stefan Metzmacher [Thu, 8 Jul 2010 13:14:59 +0000 (15:14 +0200)]
s4:dsdb:ridalloc: use ridalloc_ridset_values infrastructure in ridalloc_allocate_rid_pool_fsmo()
metze
Stefan Metzmacher [Thu, 8 Jul 2010 19:38:28 +0000 (21:38 +0200)]
s4:dsdb:ridalloc: use ridalloc_ridset_values infrastructure in ridalloc_allocate_rid()
metze
Stefan Metzmacher [Thu, 8 Jul 2010 13:10:07 +0000 (15:10 +0200)]
s4:dsdb:ridalloc: use ridalloc_ridset_values infrastructure in ridalloc_create_rid_set_ntds()
metze
Stefan Metzmacher [Thu, 8 Jul 2010 10:32:33 +0000 (12:32 +0200)]
s4:dsdb:ridalloc: add ridalloc_ridset_values infrastructure
metze
Stefan Metzmacher [Thu, 8 Jul 2010 10:34:15 +0000 (12:34 +0200)]
s4:dsdb:ridalloc: use dsdb_module_constrainted_update_uint64() to update rIDAvailablePool
metze
Stefan Metzmacher [Thu, 8 Jul 2010 10:06:39 +0000 (12:06 +0200)]
s4:dsdb:ridalloc.c: fix C++ warning
metze
Stefan Metzmacher [Thu, 8 Jul 2010 10:02:42 +0000 (12:02 +0200)]
s4:dsdb: add dsdb_module_constrainted_update_uint32/64() wrapper functions
metze
Stefan Metzmacher [Thu, 8 Jul 2010 10:01:44 +0000 (12:01 +0200)]
s4:dsdb: add dsdb_msg_constrainted_update_uint32/64() wrapper functions
metze
Stefan Metzmacher [Thu, 8 Jul 2010 09:32:59 +0000 (11:32 +0200)]
s4:dsdb: add dsdb_module_constrainted_update_int32/64() functions
metze
Stefan Metzmacher [Thu, 8 Jul 2010 09:32:26 +0000 (11:32 +0200)]
s4:dsdb: add dsdb_msg_constrainted_update_int32/64() functions
metze
Matthias Dieter Wallnöfer [Thu, 8 Jul 2010 20:04:23 +0000 (22:04 +0200)]
ldb:common/ldb_dn.c - "ldb_dn_get_parent" - no need to manipulate the real DN
Since the parent DN is a duplication of the passed DN parameter.
Volker Lendecke [Wed, 7 Jul 2010 19:50:23 +0000 (21:50 +0200)]
s3: Optimize the write cache for sequential writes
In case of the one-byte allocating writes we don't work work optimally because
we start the write cache at the current offset. This patch tries to avoid this
case.
Kamen Mazdrashki [Thu, 8 Jul 2010 18:04:13 +0000 (21:04 +0300)]
s4: fix warning: unused variable ‘i’
Simo Sorce [Thu, 8 Jul 2010 22:38:25 +0000 (18:38 -0400)]
s3-dcerpc: Use dcerpc_pull_dcerpc_auth in api_pipe_bind_auth3()
Simo Sorce [Thu, 8 Jul 2010 20:02:08 +0000 (16:02 -0400)]
s3-dcerpc: Use dcerpc_auth in api_pipe_bind_req()
Simo Sorce [Thu, 8 Jul 2010 19:18:08 +0000 (15:18 -0400)]
s3-dcerpc: make dcerpc_pull_dcerpc_auth() public
Simo Sorce [Thu, 8 Jul 2010 15:36:03 +0000 (11:36 -0400)]
s3-dcerpc: make dceprc_push_dcerpc_auth public
Simo Sorce [Thu, 8 Jul 2010 19:16:32 +0000 (15:16 -0400)]
s3-dcerpc: use dcerpc_pull_dcerpc_auth() in rpc_finish_spnego_ntlmssp_bind_send()
Simo Sorce [Thu, 8 Jul 2010 19:04:40 +0000 (15:04 -0400)]
s3-dcerpc: use dcerpc_push_dcerpc_auth in add_schannel_auth_footer()
Simo Sorce [Thu, 8 Jul 2010 18:55:20 +0000 (14:55 -0400)]
s3-dcerpc: use dcerpc_push_dcerpc_auth() in add_ntlmssp_auth_footer()
Simo Sorce [Thu, 8 Jul 2010 18:00:54 +0000 (14:00 -0400)]
s3-dcerpc: use dcerpc_pull_dcerpc_auth() in cli_pipe_verify_schannel()
Simo Sorce [Thu, 8 Jul 2010 17:30:50 +0000 (13:30 -0400)]
s3-dcerpc: use dcerpc_push_ncacn_packet() in create_rpc_bind_auth3()
Jeremy Allison [Thu, 8 Jul 2010 22:18:30 +0000 (15:18 -0700)]
Change one more use of "struct rpc_hdr_info" -> "struct ncacn_packet_header"
Jeremy
Matthias Dieter Wallnöfer [Thu, 8 Jul 2010 12:51:49 +0000 (14:51 +0200)]
s4:acl LDB module - password attributes - check also the "dBCSPwd" attribute
It's also a possible password change/set attribute candidate.
Matthias Dieter Wallnöfer [Wed, 7 Jul 2010 16:01:34 +0000 (18:01 +0200)]
s4:acl LDB module - move a "mem_ctx" creation to the place where it is actually checked
Memory allocations and their result checks should be as tight as possible.
Matthias Dieter Wallnöfer [Wed, 7 Jul 2010 17:03:13 +0000 (19:03 +0200)]
s4:drsuapi RPC server - "result_site_name" - fix variable denomination
Matthias Dieter Wallnöfer [Thu, 8 Jul 2010 07:36:30 +0000 (09:36 +0200)]
s4:samdb.py - "setpassword" - performs password sets using the "unicodePwd" attribute
This does work per default on each AD-compatible DC. "userPassword" support on
Windows however has to be activated explicitly by the "dSHeuristics".
Matthieu Patou [Mon, 5 Jul 2010 19:41:13 +0000 (23:41 +0400)]
s4 upgradeprovision: For SID > 1000 do not copy them, let the system regenerated a new one
This should avoid colliion with newly added objects that use the same
SID as existing users in the upgraded provision.
Signed-off-by: Matthias Dieter Wallnöfer <mdw@samba.org>
Günther Deschner [Fri, 2 Jul 2010 08:17:44 +0000 (10:17 +0200)]
s3-rpc: when using rpc_pipe_open_internal, make sure to go through NDR.
Otherwise a lot of information that is usually generated in the ndr_push remains
in an uninitialized state.
Guenther
Günther Deschner [Thu, 8 Jul 2010 13:58:12 +0000 (15:58 +0200)]
s4-smbtorture: skip wbcChangeUserPassword test when no oldpass is set in environment.
Guenther
Nadezhda Ivanova [Thu, 8 Jul 2010 12:38:16 +0000 (15:38 +0300)]
Added a test to prove by default users can change each other's pass if the old is known
Volker Lendecke [Thu, 8 Jul 2010 11:32:48 +0000 (13:32 +0200)]
s3: Slightly simplify make_server_info_pw
Günther Deschner [Thu, 8 Jul 2010 09:46:48 +0000 (11:46 +0200)]
s3-rpcclient: add another usage display to sign and seal commands.
Guenther
Günther Deschner [Thu, 8 Jul 2010 08:59:16 +0000 (10:59 +0200)]
Revert "s4-smbtorture: skip bigendian tests against s3 in RPC-LSA-SECRETS."
This reverts commit
3587bb63e21c3f033a17bb493dceb64b05fe85d6.
Andrew Tridgell [Thu, 8 Jul 2010 06:42:39 +0000 (16:42 +1000)]
s4-net: the net binary depends on the auth subsystem
This helps with the OpenChange build
Simo Sorce [Thu, 8 Jul 2010 05:48:05 +0000 (01:48 -0400)]
s3:dcerpc Remove unused structure and functions
Simo Sorce [Thu, 8 Jul 2010 05:14:16 +0000 (01:14 -0400)]
s3:dcerpc Use prs_parse_dcerpc_bind
Simo Sorce [Thu, 8 Jul 2010 05:13:57 +0000 (01:13 -0400)]
s3:dcerpc Add prs_parse_dcerpc_bind
Simo Sorce [Wed, 7 Jul 2010 21:14:27 +0000 (17:14 -0400)]
s3:rpc user idl define dcerpc_ctx_list instead of custom RPC_CONTEXT
Günther Deschner [Wed, 1 Apr 2009 23:05:55 +0000 (01:05 +0200)]
s3-dcerpc: use dcerpc_pull_ncacn_packet() for rpc_pipe_bind_step_one_done().
Guenther
Signed-off-by: Simo Sorce <idra@samba.org>
Günther Deschner [Wed, 1 Apr 2009 22:35:19 +0000 (00:35 +0200)]
s3-dcerpc: use dcerpc_push_ncacn_packet() in push_next_frag().
Guenther
Signed-off-by: Simo Sorce <idra@samba.org>
Günther Deschner [Wed, 1 Apr 2009 22:34:42 +0000 (00:34 +0200)]
s3-dcerpc: use dcerpc_pull_ncacn_packet() in cli_pipe_validate_current_pdu().
Guenther
Signed-off-by: Simo Sorce <idra@samba.org>
Günther Deschner [Wed, 1 Apr 2009 22:33:52 +0000 (00:33 +0200)]
s3-dcerpc: use dcerpc_pull_dcerpc_auth() in cli_pipe_verify_ntlmssp().
Guenther
Signed-off-by: Simo Sorce <idra@samba.org>
Günther Deschner [Wed, 1 Apr 2009 21:39:20 +0000 (23:39 +0200)]
s3-dcerpc: add dcerpc_pull_dcerpc_auth().
Guenther
Signed-off-by: Simo Sorce <idra@samba.org>
Günther Deschner [Wed, 1 Apr 2009 21:18:25 +0000 (23:18 +0200)]
s3-dcerpc: use struct ncacn_packet_header instead of struct rpc_hdr_info.
Guenther
Signed-off-by: Simo Sorce <idra@samba.org>
Günther Deschner [Wed, 1 Apr 2009 21:07:03 +0000 (23:07 +0200)]
s3-dcerpc: add dcerpc_pull_ncacn_packet_header().
Guenther
Signed-off-by: Simo Sorce <idra@samba.org>
Günther Deschner [Wed, 1 Apr 2009 21:04:23 +0000 (23:04 +0200)]
dcerpc: add ncacn_packet_header to IDL.
Guenther
Signed-off-by: Simo Sorce <idra@samba.org>
Günther Deschner [Tue, 24 Mar 2009 22:56:42 +0000 (23:56 +0100)]
s3-dcerpc: use dcerpc_push_dcerpc_auth() for all authenticated binds.
Guenther
Signed-off-by: Simo Sorce <idra@samba.org>
Günther Deschner [Tue, 24 Mar 2009 22:50:32 +0000 (23:50 +0100)]
s3-dcerpc: add dcerpc_push_schannel_bind().
Guenther
Signed-off-by: Simo Sorce <idra@samba.org>
Günther Deschner [Tue, 24 Mar 2009 18:09:29 +0000 (19:09 +0100)]
s3-dcerpc: add dcerpc_push_dcerpc_auth().
Guenther
Signed-off-by: Simo Sorce <idra@samba.org>
Günther Deschner [Tue, 24 Mar 2009 19:29:59 +0000 (20:29 +0100)]
s3-dcerpc: remove unused init_rpc_hdr_rb and init_rpc_context.
Guenther
Signed-off-by: Simo Sorce <idra@samba.org>
Günther Deschner [Tue, 24 Mar 2009 17:21:18 +0000 (18:21 +0100)]
s3-dcerpc: use dcerpc_push_ncacn_packet() for create_bind_or_alt_ctx_internal().
Guenther
Signed-off-by: Simo Sorce <idra@samba.org>
Günther Deschner [Mon, 23 Mar 2009 11:45:09 +0000 (12:45 +0100)]
s3-dcerpc: remove unused smb_io_rpc_hdr_fault.
Guenther
Signed-off-by: Simo Sorce <idra@samba.org>
Günther Deschner [Mon, 23 Mar 2009 11:00:40 +0000 (12:00 +0100)]
s3-dcerpc: use dcerpc_pull_ncacn_packet() for pulling a RPC fault pdu.
Guenther
Signed-off-by: Simo Sorce <idra@samba.org>
Günther Deschner [Mon, 23 Mar 2009 11:00:12 +0000 (12:00 +0100)]
s3-dcerpc: add dcerpc_pull_ncacn_packet().
Guenther
Signed-off-by: Simo Sorce <idra@samba.org>
Günther Deschner [Mon, 23 Mar 2009 10:05:21 +0000 (11:05 +0100)]
s3-dcerpc: use dcerpc_push_ncacn_packet() for setup_fault_pdu().
Guenther
Signed-off-by: Simo Sorce <idra@samba.org>