Andrew Bartlett [Thu, 22 Jan 2015 04:22:52 +0000 (17:22 +1300)]
dsdb: Do not use _ prefix in tombstone_reanimate module
This should only be used by the C library.
Andrew Bartlett
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Kamen Mazdrashki [Wed, 21 Jan 2015 01:03:54 +0000 (03:03 +0200)]
s4-dsdb: Refactor user objects defaults setter to use attribute/value map
Change-Id: Iaa32af4225219a4c5c42c663022e8be429b8a1d2
Signed-off-by: Kamen Mazdrashki <kamenim@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Kamen Mazdrashki [Sun, 18 Jan 2015 21:58:13 +0000 (23:58 +0200)]
s4-dsdb: common helper to determine "primaryGroupID" attribute value
At the moment current implementation does not check if group RID
is existing group RID - this responsibility is left to the caller.
Change-Id: I8c58dd23a7185d63fa2117be0617884eb78d13c1
Signed-off-by: Kamen Mazdrashki <kamenim@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Kamen Mazdrashki [Mon, 12 Jan 2015 02:46:38 +0000 (04:46 +0200)]
s4-dsdb: Common helper for setting "sAMAccountType" on User objects
Change-Id: I4480e7d1ed0c754e960028e0be9a90ee56935e94
Signed-off-by: Kamen Mazdrashki <kamenim@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Kamen Mazdrashki [Mon, 12 Jan 2015 01:30:17 +0000 (03:30 +0200)]
s4-dsdb: Move User object default attribute values in separate helper
Change-Id: I1e291bcf0a5c9b2fca11323dc7f8be29f5145d42
Signed-off-by: Kamen Mazdrashki <kamenim@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Kamen Mazdrashki [Tue, 20 Jan 2015 23:03:13 +0000 (01:03 +0200)]
s4-tests: Add tombstone_reanimation test case to s4 test suite
DC, USERNAME and PASSWORD are passed as environment variables
prefixed with TEST_
Change-Id: I84ff628496bfa3e0538011400328585d080f21b8
Signed-off-by: Kamen Mazdrashki <kamenim@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Kamen Mazdrashki [Sun, 28 Dec 2014 02:23:33 +0000 (04:23 +0200)]
s4-dsdb/tests: Do not pre-create LoadParm - connect_samdb_env() will handle it
Change-Id: I3483c5aa50de2f7aca19e4d7cc4fa49bbe5f889d
Signed-off-by: Kamen Mazdrashki <kamenim@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Kamen Mazdrashki [Thu, 27 Nov 2014 16:49:15 +0000 (17:49 +0100)]
s4-dsdb-test: Use common base method for restoring Deleted objects
Change-Id: I266b58ced814cf7ea3616862506df5b55f4f1d8c
Signed-off-by: Kamen Mazdrashki <kamenim@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Kamen Mazdrashki [Thu, 27 Nov 2014 05:20:33 +0000 (06:20 +0100)]
s4-dsdb/samldb: Don't allow rename requests on Deleted object
Windows behavior in case of renaming Deleted object is:
* return ERR_NO_SUCH_OBJECT in case client is not providing
SHOW_DELETED control
* ERR_UNWILLING_TO_PERFORM otherwise
Renaming of Deleted objects is allowed only through special
Tombstone reanimation modify request
Change-Id: I1eb33fc294a5de44917f6037988ea6362e6e21fc
Signed-off-by: Kamen Mazdrashki <kamenim@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Kamen Mazdrashki [Thu, 27 Nov 2014 04:20:22 +0000 (05:20 +0100)]
s4-dsdb/test: Delete any leftover objects in the beginning of Cross-NC test
This way we ensure that samdb is clean before we make the test
Change-Id: I3c6fc94763807394e52b6df41548e9aba8b452c1
Signed-off-by: Kamen Mazdrashki <kamenim@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Kamen Mazdrashki [Thu, 27 Nov 2014 04:15:58 +0000 (05:15 +0100)]
s4-dsdb/samldb: Relax a bit restrictions in Config partition while
restoring deleted object
Change-Id: Iead460d24058b160b46cf3ddedaf4d84b844da4d
Signed-off-by: Kamen Mazdrashki <kamenim@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Kamen Mazdrashki [Wed, 26 Nov 2014 20:53:53 +0000 (21:53 +0100)]
s4-dsdb/samdb: Don't relax contraint checking during rename for Deleted objects
Now we have a module to handle to handle Tombstone reanimation
and it is better we do all the check here as usual
Change-Id: Ia5d28d64e99f7a961cfe8b9aa7cc96e4ca56192e
Signed-off-by: Kamen Mazdrashki <kamenim@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Kamen Mazdrashki [Wed, 26 Nov 2014 05:59:09 +0000 (06:59 +0100)]
s4-dsdb-test/reanimate: Fix whitespaces according to PEP8
Change-Id: I7b46992c80178d40a0531b5afd71a7783068a9dd
Signed-off-by: Kamen Mazdrashki <kamenim@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Kamen Mazdrashki [Wed, 26 Nov 2014 05:23:51 +0000 (06:23 +0100)]
s4-dsdb-tests: Move base tests for Tombstone reanimation in tombstone_reanimation module
So we have them all in one place.
While moving, I have:
* inherited from the base class for Tombstone reanimations
* replace self.ldb with self.samdb
Change-Id: Id3e4f02cc2e0877d736da812c14c91e2311203d2
Signed-off-by: Kamen Mazdrashki <kamenim@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Kamen Mazdrashki [Fri, 21 Nov 2014 18:31:25 +0000 (19:31 +0100)]
s4-dsdb-test: Fix duplicated key in a dictionary in sam.py
Change-Id: Ie33d92bd308262d9bfda553d6d5e2cfd98f6d7b3
Signed-off-by: Kamen Mazdrashki <kamenim@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Kamen Mazdrashki [Sun, 16 Nov 2014 02:35:01 +0000 (03:35 +0100)]
s4-dsdb/objectclass: remove duplicated declaration for objectclass_do_add
Change-Id: Ib88a45cea64fb661a41ca3b4a3df9dabf509fc6c
Signed-off-by: Kamen Mazdrashki <kamenim@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Kamen Mazdrashki [Sun, 16 Nov 2014 02:34:22 +0000 (03:34 +0100)]
s4-dsdb-test: remove trailing ';' in ldap.py
Change-Id: I5edc6e017b576791c1575f71a625c49ccc88fe8f
Signed-off-by: Kamen Mazdrashki <kamenim@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Kamen Mazdrashki [Thu, 13 Nov 2014 03:11:08 +0000 (04:11 +0100)]
s4-dsdb/reanimate: Group objects reanimation implementation
Change-Id: Iea92924ff6b33fa3723b104d5dfff1ce5a7a09b0
Signed-off-by: Kamen Mazdrashki <kamenim@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Kamen Mazdrashki [Fri, 7 Nov 2014 06:11:59 +0000 (07:11 +0100)]
s4-dsdb/reanimate: Swap rename->modify operations to modify->rename sequence
This way it is more visible that we work on 'deleted object' during modify
and also will help us to handle 'stop rename for deletec objects'
propertly in future
[MS-ADTS]: 3.1.1.5.3.7.3 Undelete Processing Specifics
Change-Id: I9bb644e099a4a2afcb261ad22515c9c4ce4875bb
Signed-off-by: Kamen Mazdrashki <kamenim@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Kamen Mazdrashki [Fri, 7 Nov 2014 06:08:29 +0000 (07:08 +0100)]
s4-dsdb/reanimate: Use 'show deleted' control in modify operations too
Before committing changes, object is still deleted - isDeleted = true
Change-Id: Ie1ab53dc594d1bfaf5b9e06316e7a1fc0dd4b8cb
Signed-off-by: Kamen Mazdrashki <kamenim@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Kamen Mazdrashki [Fri, 7 Nov 2014 06:07:07 +0000 (07:07 +0100)]
s4-dsdb/samldb: Skip 'sAMAccountType' and 'primaryGroupID' during Tombstone reanimate
tombstone_reanimate.c module is going to restore those attributes
and it needs a way to propagate them to DB
Change-Id: I36f30b33fa204fd28329eab01044a125f7a3f08e
Signed-off-by: Kamen Mazdrashki <kamenim@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Kamen Mazdrashki [Fri, 7 Nov 2014 06:05:56 +0000 (07:05 +0100)]
s4-dsdb/samldb: Fix type "omputer" -> "computer"
Change-Id: Ic56c6945528b7f60becc4f0b318429f4c22c3d2e
Signed-off-by: Kamen Mazdrashki <kamenim@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Kamen Mazdrashki [Fri, 7 Nov 2014 06:04:30 +0000 (07:04 +0100)]
s4-dsdb/reanimate: Implement attribute_restore function
At the moment it works for objects with objectClass user + a common
case of removing isRecycled attribute
Change-Id: I70b0ef0ef65c13d3def82ca53ace52a85a078a37
Signed-off-by: Kamen Mazdrashki <kamenim@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Kamen Mazdrashki [Fri, 7 Nov 2014 06:02:51 +0000 (07:02 +0100)]
s4-dsdb-util: Mark attributes with ADD flag in samdb_find_or_add_attribute()
At the moment no flags are set and it works fine, since this function
is solely used in samldb during ADD requests handling.
Pre-setting a flag make it usefull for other modules and request
handlers too
Change-Id: I7e43dcbe2a8f34e3b0ec16ae2db80ef436df8bfe
Signed-off-by: Kamen Mazdrashki <kamenim@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Kamen Mazdrashki [Thu, 6 Nov 2014 03:10:42 +0000 (04:10 +0100)]
s4-dsdb-test: Fix Undelete tests after subunit upgrade work
Change-Id: I4712a2a2163a57fde037511afcc1cb7bee05f12e
Signed-off-by: Kamen Mazdrashki <kamenim@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Kamen Mazdrashki [Thu, 6 Nov 2014 02:01:54 +0000 (03:01 +0100)]
s4-dsdb-test: Use case insensitive comparison for DNs in undelete test
Change-Id: I4a009bb7ed58ab857ac74a235bb5f580911f0d92
Signed-off-by: Kamen Mazdrashki <kamenim@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Kamen Mazdrashki [Tue, 20 Jan 2015 22:58:56 +0000 (00:58 +0200)]
s4-dsdb-test: Initial implementation for Tombstone restore test suite
Change-Id: Ib35ff930b6e7cee14317328b6fe25b59eec5262c
Signed-off-by: Kamen Mazdrashki <kamenim@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Kamen Mazdrashki [Wed, 5 Nov 2014 05:26:25 +0000 (06:26 +0100)]
s4-dsdb-test: Implement samdb_connect_env() to rely solely on environment
this is to help me port Python tests to be more Unit test alike
and remove all global handling
Starting from a new test suite - tombstone_reanimation.py
Andrew Bartlett rose his concerns that passing parameters
through environment may make tests hard to trace for
failures. However, passing parameters on command line
is not Unit test alike either. After discussing this with him
offline, we agreed to continue this approach, but prefix
environment variables with "TEST_". So that an env var
should not be used by coincidence.
Change-Id: I29445c42cdcafede3897c8dd1f1529222a74afc9
Signed-off-by: Kamen Mazdrashki <kamenim@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Nadezhda Ivanova [Tue, 4 Nov 2014 18:24:11 +0000 (20:24 +0200)]
s4-dsdb: Some minor fixes in tombstone_reanimate, to make it work with acl
Change-Id: Idad221c7ecf778fd24f6017bb4c6eacac541086a
Signed-off-by: Nadezhda Ivanova <nivanova@symas.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Nadezhda Ivanova [Tue, 4 Nov 2014 18:21:57 +0000 (20:21 +0200)]
s4-dsdb: Implementation of access checks on a undelete operation
Special Reanimate-Tombstone access right is required, as well as most of
the checks on a standard rename.
Change-Id: Idae5101a5df4cd0d54fe4ab2f7e5ad7fc1c23648
Signed-off-by: Nadezhda Ivanova <nivanova@symas.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Nadezhda Ivanova [Tue, 4 Nov 2014 18:08:58 +0000 (20:08 +0200)]
s4-dsdb: Tests for security checks on undelete operation
Implemented according to MS-ADTS 3.1.1.5.3.7.1. Unfortunately it appears
LC is also necessary, and it is not granted by default to anyone but
System and Administrator, so tests had to be done negatively
Signed-off-by: Nadezhda Ivanova <nivanova@symas.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Change-Id: Ic03b8fc4e222e7842ec8a9645a1bb33e7df9c438
Kamen Mazdrashki [Tue, 4 Nov 2014 03:17:35 +0000 (04:17 +0100)]
s4-dsdb: Mark request during Tombstone reanimation with custom LDAP control
We are going to need this so that underlying modules (acl.c)
can treat those requests properly
Change-Id: I6c12069aa6e7e01197dddda6c610d930d3fd9cb0
Signed-off-by: Kamen Mazdrashki <kamenim@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Kamen Mazdrashki [Tue, 4 Nov 2014 03:10:16 +0000 (04:10 +0100)]
s4-dsdb: Implement rename/modify requests as local for the module
The aim is for us to be able to fine tune the implementation
and also add custom LDAP controls to mark all requests as
being part of Reanimation procedure
Change-Id: I9f1c04cd21bf032146eb2626d6495711fcadf10c
Signed-off-by: Kamen Mazdrashki <kamenim@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Kamen Mazdrashki [Mon, 3 Nov 2014 03:58:20 +0000 (04:58 +0100)]
s4-dsdb: Add documentation link for Tombstone Reanimation
Change-Id: Ib779c8b0839889371f25ad5751c9cda1a510eb54
Signed-off-by: Kamen Mazdrashki <kamenim@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Kamen Mazdrashki [Sun, 2 Nov 2014 16:11:20 +0000 (17:11 +0100)]
s4-tests: Print out what the error is in delete_force()
Change-Id: Iaa631179dc79fa756416be8eaf8c55e3b0c1a29f
Signed-off-by: Kamen Mazdrashki <kamenim@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Kamen Mazdrashki [Tue, 28 Oct 2014 14:03:59 +0000 (15:03 +0100)]
s4-dsdb: Define internal dsdb control to mark Tombstone reanimation requests
Tombstone reanimation requries some special handling which is going
to affect several modules. Most notably:
- a bit different access checks in acl.c
- restore certain attributes during modify requests in samldb.c
Control added also to schema_samba4.ldif by Andrew Bartlett
hence the "pair programmed with" tag.
Change-Id: Ief4f7dabbbdc2570924fae48c30ac9c531a701f4
Pair-programmed-with: Andrew Bartlett <abartlet@samba.org>
Signed-off-by: Kamen Mazdrashki <kamenim@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Kamen Mazdrashki [Tue, 28 Oct 2014 05:11:31 +0000 (06:11 +0100)]
s4-dsdb: Make use dsdb_make_object_category() for objectCategory
Change-Id: If65c54a653ad7078ca7a535b5c247db2746b5be7
Signed-off-by: Kamen Mazdrashki <kamenim@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Kamen Mazdrashki [Tue, 28 Oct 2014 05:10:56 +0000 (06:10 +0100)]
s4-dsdb: Make most specific objectCategory for an object
This is lightweight implementation and should be used on objects
with already verified objectClass attribute value - eg. valid classes,
sorted properly, etc.
Checkout objectclass.c module for heavy weight implementation.
Change-Id: Ifa7880d26246f67e2f982496fcc6c77e6648d56f
Signed-off-by: Kamen Mazdrashki <kamenim@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Kamen Mazdrashki [Mon, 27 Oct 2014 04:31:54 +0000 (05:31 +0100)]
s4-dsdb: Initialize module context only we are to handle Tombstone request
Change-Id: I73bd2043e96907e3d1a669bdbd943ddee1df8c0a
Signed-off-by: Kamen Mazdrashki <kamenim@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Kamen Mazdrashki [Sun, 26 Oct 2014 03:31:41 +0000 (04:31 +0100)]
s4-dsdb: Return error codes as windows does for Tombstone reanimation
Tested against Windows Server 2008 R2
In case we try to restore to already existing object, windows
returns: LDB_ERR_ENTRY_ALREADY_EXISTS
Otherwise it is: LDB_ERR_OPERATIONS_ERROR
Change-Id: I6b5fea1e327416ccf5069d97a4a378a527a25f80
Signed-off-by: Kamen Mazdrashki <kamenim@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Kamen Mazdrashki [Sun, 26 Oct 2014 03:29:49 +0000 (04:29 +0100)]
s4-dsdb-tests: Fix whitespace in deletetest.py
Change-Id: Ic2924b0aa9cffd29fe0c857317ccb65ba53a1c21
Signed-off-by: Kamen Mazdrashki <kamenim@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Kamen Mazdrashki [Sun, 26 Oct 2014 03:29:16 +0000 (04:29 +0100)]
s4-dsdb-tests: Make unique object names to test with in deletetest
This way we can re-run the test again and again
Change-Id: I29bd878b77073d94a279c38bd0afc2f0befa6f9d
Signed-off-by: Kamen Mazdrashki <kamenim@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Kamen Mazdrashki [Sun, 26 Oct 2014 02:43:29 +0000 (03:43 +0100)]
s4-dsdb-tests: Remove unused method get_ldap_connection()
Change-Id: Ie50f77dbba724dbd3c2822de5c2cfff41016fac6
Signed-off-by: Kamen Mazdrashki <kamenim@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Kamen Mazdrashki [Sun, 26 Oct 2014 02:42:45 +0000 (03:42 +0100)]
s4-dsdb-tests: Remove trailing ';' in deletetest.py
Change-Id: Ic1ad6bbda55be56cbf7ae78a8ad988b8e479a40c
Signed-off-by: Kamen Mazdrashki <kamenim@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Kamen Mazdrashki [Thu, 23 Oct 2014 06:15:23 +0000 (08:15 +0200)]
s4-dsdb: Insert tombstone_reanimate module in ldb modules chain after objectclass
Change-Id: Id9748f36f0aefe40b1894ecd2e5071e3b9c8a6d6
Signed-off-by: Kamen Mazdrashki <kamenim@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Kamen Mazdrashki [Sat, 27 Dec 2014 19:14:25 +0000 (21:14 +0200)]
s4-dsdb: Initial implementation for Tombstone reanimation module
At the moment it works for basic scenario:
- add user
- delete user
- restore deleted user
TODO:
- security checks
- flags verification
- cross-NC checks
- asynchronous implementation (may not be needed, but anyway)
Change-Id: If396a6dfc766c224acfeb7e93ca75703e08c26e6
Signed-off-by: Kamen Mazdrashki <kamenim@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Nadezhda Ivanova [Tue, 21 Oct 2014 13:35:30 +0000 (16:35 +0300)]
s4-dsdb-tests: Some tests for deleted objects undelete operation
Based on MS-ADTS 3.1.1.5.3.7.2
Signed-off-by: Nadezhda Ivanova <nivanova@symas.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Change-Id: I650b315601fce574f9302435f812d1dd4b177e68
Andrew Bartlett [Tue, 6 Jan 2015 03:49:14 +0000 (16:49 +1300)]
dsdb-tests: Clarify that accounts really do fall back to UF_NORMAL_ACCOUNT if no account set
Also confirm what bits have to be ignored, or otherwise processed
Bug: https://bugzilla.samba.org/show_bug.cgi?id=10993
Pair-programmed-with: Garming Sam <garming@catalyst.net.nz>
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Thu Jan 22 10:16:42 CET 2015 on sn-devel-104
Andrew Bartlett [Tue, 6 Jan 2015 03:48:40 +0000 (16:48 +1300)]
dsdb-samldb: Clarify userAccountControl manipulation code by always using UF_ flags
The use of ACB_ flags was required before msDS-User-Account-Control-Computed was implemented
Bug: https://bugzilla.samba.org/show_bug.cgi?id=10993
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Andrew Bartlett [Tue, 6 Jan 2015 03:47:36 +0000 (16:47 +1300)]
dsdb-samldb: Clarify that accounts really do fall back to UF_NORMAL_ACCOUNT if no account set
Bug: https://bugzilla.samba.org/show_bug.cgi?id=10993
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Andrew Bartlett [Tue, 6 Jan 2015 03:43:37 +0000 (16:43 +1300)]
dsdb-samldb: Only allow known and settable userAccountControl bits to be set
Bug: https://bugzilla.samba.org/show_bug.cgi?id=10993
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Pair-programmed-with: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Andrew Bartlett [Wed, 10 Dec 2014 02:54:11 +0000 (15:54 +1300)]
dsdb-tests: Show that we can not change the primaryGroupID of a DC
Bug: https://bugzilla.samba.org/show_bug.cgi?id=10993
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Pair-programmed-with: Garming Sam <garming@catalyst.net.nz>
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Stefan Metzmacher [Tue, 1 Apr 2014 17:22:35 +0000 (19:22 +0200)]
s4:dsdb/samldb: let samldb_prim_group_change() protect DOMAIN_RID_{READONLY_,}DCS
Bug: https://bugzilla.samba.org/show_bug.cgi?id=10993
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Andrew Bartlett [Wed, 10 Dec 2014 01:15:54 +0000 (14:15 +1300)]
dsdb: Improve userAccountControl handling
We now always check the ACL and invarient rules using the same function
The change to libds is because UF_PARTIAL_SECRETS_ACCOUNT is a flag,
not an account type
This list should only be of the account exclusive account type bits.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=10993
Pair-programmed-with: Garming Sam <garming@catalyst.net.nz>
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Andrew Bartlett [Mon, 8 Dec 2014 02:07:59 +0000 (15:07 +1300)]
dsdb-tests: Add new test samba4.user_account_control.python
This confirms security behaviour of the userAccountControl attribute
as well as the behaviour on ADD as well as MODIFY, for every
userAccountControl bit.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=10993
Change-Id: I8cd0e0b3c8d40e8b8aea844189703c756cc372f0
Pair-programmed-with: Garming Sam <garming@catalyst.net.nz>
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Andrew Bartlett [Wed, 10 Dec 2014 01:26:28 +0000 (14:26 +1300)]
dsdb: Default to UF_NORMAL_ACCOUNT when no account type is specified
Bug: https://bugzilla.samba.org/show_bug.cgi?id=10993
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Andrew Bartlett [Wed, 10 Dec 2014 01:15:54 +0000 (14:15 +1300)]
libds: UF_PARTIAL_SECRETS_ACCOUNT is a flag, not an account type
This list should only be of the account exclusive account type bits.
Note, this corrects the behaviour in samldb modifies of
userAccountControl.
This reverts
6cb91a8f33516a33210a25e4019f3f3fbbfe61f2
Bug: https://bugzilla.samba.org/show_bug.cgi?id=10993
Pair-programmed-with: Garming Sam <garming@catalyst.net.nz>
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Andrew Bartlett [Mon, 8 Dec 2014 01:31:42 +0000 (14:31 +1300)]
dsdb-tests: Align sam.py with Windows 2012R2 and uncomment userAccountControl tests
These tests now pass against Samba and Windows 2012R2.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=10993
Change-Id: I1d7ba5e6a720b8da88c667bbbf3a4302c54642f4
Pair-programmed-with: Garming Sam <garming@catalyst.net.nz>
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Michael Adam [Wed, 21 Jan 2015 21:07:53 +0000 (22:07 +0100)]
vfs:glusterfs: whitespace fix.
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Thu Jan 22 03:20:17 CET 2015 on sn-devel-104
David Disseldorp [Wed, 21 Jan 2015 17:16:57 +0000 (18:16 +0100)]
vfs_snapper: encode and decode Snapper DBus strings
Snapper uses a special character encoding for strings used in DBus
requests and responses. This change ensures that Samba packs and unpacks
strings in the corresponding format, using the previously added
encode/decode helper functions.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=11055
Signed-off-by: David Disseldorp <ddiss@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
David Disseldorp [Wed, 21 Jan 2015 17:16:56 +0000 (18:16 +0100)]
vfs_snapper: add DBus string encoding and decoding helpers
Snapper uses the following mechanism for encoding and decoding strings
used in DBus traffic:
Characters above 127 (0x7F - ASCII DEL) must be encoded hexadecimal as
"\x??". As a consequence "\" must be encoded as "\\".
This change adds string encoding and decoding helpers to vfs_snapper.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=11055
Signed-off-by: David Disseldorp <ddiss@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
David Disseldorp [Wed, 21 Jan 2015 17:16:55 +0000 (18:16 +0100)]
vfs_snapper: free dbus req messages in error paths
Bug: https://bugzilla.samba.org/show_bug.cgi?id=11055
Signed-off-by: David Disseldorp <ddiss@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Ira Cooper [Tue, 20 Jan 2015 04:08:17 +0000 (23:08 -0500)]
vfs_glusterfs: Replace eventfd with pipes, for AIO use
Pipes clean up the AIO implementation substantially, due to the fact
that they implement a natural ithread safe queue instead of us
creating our own queue.
Signed-off-by: Ira Cooper <ira@samba.org>
Signed-off-by: Poornima G <pgurusid@redhat.com>
Reviewed-by: Günther Deschner <gd@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
Autobuild-User(master): Ira Cooper <ira@samba.org>
Autobuild-Date(master): Wed Jan 21 20:40:11 CET 2015 on sn-devel-104
Stefan Metzmacher [Mon, 22 Dec 2014 21:02:04 +0000 (22:02 +0100)]
libcli/auth: add netlogon_creds_cli_GetForestTrustInformation*()
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
Autobuild-User(master): Günther Deschner <gd@samba.org>
Autobuild-Date(master): Wed Jan 21 17:19:33 CET 2015 on sn-devel-104
Stefan Metzmacher [Mon, 22 Dec 2014 20:48:18 +0000 (21:48 +0100)]
libcli/auth: add netlogon_creds_cli_ServerGetTrustInfo*()
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
Stefan Metzmacher [Tue, 20 Jan 2015 10:52:22 +0000 (10:52 +0000)]
s4:kdc/db-glue: fix supported_enctypes samba_kdc_trust_message2entry()
This avoids writing invalid memory, because num_keys was calculated
in a wrong way...
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
David Disseldorp [Mon, 19 Jan 2015 12:39:35 +0000 (13:39 +0100)]
libsmb: provide authinfo domain for encrypted session referrals
6c9de0cd056afc0b478c02f1bdb0e06532388037 requires this extra change.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=11059
Signed-off-by: David Disseldorp <ddiss@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Wed Jan 21 04:29:06 CET 2015 on sn-devel-104
Andreas Schneider [Tue, 20 Jan 2015 11:07:38 +0000 (12:07 +0100)]
CodingStyle: Update example to use our coding practice.
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Tue Jan 20 18:51:55 CET 2015 on sn-devel-104
Stefan Metzmacher [Mon, 19 Jan 2015 11:37:13 +0000 (12:37 +0100)]
tdb_wrap: don't let tdb_wrap_open() segfault with name==NULL
Bug: https://bugzilla.samba.org/show_bug.cgi?id=11032
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
Autobuild-User(master): Michael Adam <obnox@samba.org>
Autobuild-Date(master): Mon Jan 19 16:17:28 CET 2015 on sn-devel-104
Stefan Metzmacher [Sat, 10 Jan 2015 08:51:45 +0000 (09:51 +0100)]
selftest: use env.SELFTEST_PREFIX to define subunit_cache
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
Volker Lendecke [Mon, 19 Jan 2015 09:48:20 +0000 (10:48 +0100)]
README.Coding: Add hint for if-statments
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Mon Jan 19 13:25:12 CET 2015 on sn-devel-104
David Disseldorp [Fri, 16 Jan 2015 15:21:24 +0000 (16:21 +0100)]
docs/idmap_rid: remove deprecated base_rid from example
The base_rid option has been deprecated for some time. Specifying a
value of 1000 (as recommended in the parameter description and example
section) can result in failed mapping of group SIDs, where RIDs do not
start at 1000.
Signed-off-by: David Disseldorp <ddiss@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Michael Adam <obnox@samba.org>
Autobuild-Date(master): Mon Jan 19 09:09:22 CET 2015 on sn-devel-104
David Disseldorp [Fri, 16 Jan 2015 15:21:23 +0000 (16:21 +0100)]
libsmb: provide authinfo domain for DFS referral auth
libsmbclient uses the smbc_init->smbc_get_auth_data_fn() provided
workgroup/domain in initial connections, but then switches to the
default smb.conf workgroup/domain when handling DFS referrals.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=11059
Signed-off-by: David Disseldorp <ddiss@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
David Disseldorp [Fri, 16 Jan 2015 15:21:22 +0000 (16:21 +0100)]
libsmb: reuse connections derived from DFS referrals
[MS-DFSC] 3.2.1.1 and 3.2.1.2 states that DFS targets with the same site
location or relative cost are placed in random order in a DFS referral
response.
libsmbclient currently resolves DFS referrals on every API call, always
using the first entry in the referral response. With random ordering,
libsmbclient may open a new server connection, rather than reuse an
existing (cached) connection established in a previous DFS referred API
call.
This change sees libsmbclient check the connection cache for any of the
DFS referral response entries before creating a new connection.
This change is based on a patch by Har Gagan Sahai
<SHarGagan@novell.com>.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=10123
Signed-off-by: David Disseldorp <ddiss@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Andreas Schneider [Tue, 13 Jan 2015 16:04:26 +0000 (17:04 +0100)]
utils: Fix 'net time' segfault.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11058
This is part two of the bugfix. Make sure we pass the IP we found to
cli_servertime(). Hence we always pass at least one of name or IP.
Pair-Programmed-With: Michael Adam <obnox@samba.org>
Signed-off-by: Andreas Schneider <asn@samba.org>
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Michael Adam [Fri, 16 Jan 2015 15:18:45 +0000 (16:18 +0100)]
cli_connect_nb_send: don't segfault on host == NULL.
The functions called futher down can cope with host == NULL.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11058
This is part one of the bugfix:
This ensures that it is enough to pass one of host or address to the function.
Pair-Programmed-With: Andreas Schneider <asn@samba.org>
Signed-off-by: Michael Adam <obnox@samba.org>
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Stefan Metzmacher [Fri, 16 Jan 2015 23:24:53 +0000 (00:24 +0100)]
wafsamba: create unique names when building shared modules
After commit
76fdcf5c15bd904c3686f0c2dd93d27486c61ca4, we could endup
with bin/default/source3/auth/libauth-samba4.so being created two times.
Once by SAMBA3_LIBRARY('auth',...) and once again by SAMBA3_MODULE('auth_samba4', ...).
As a result bin/default/source3/auth/libauth-samba4.so gets randomly
overwritten.
SAMBA3_MODULE('auth_samba4', ...) results in
bin/default/source3/auth/libauth_module_samba4.so now.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=10112
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jelmer Vernooij <jelmer@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Mon Jan 19 04:43:53 CET 2015 on sn-devel-104
Stefan Metzmacher [Fri, 16 Jan 2015 23:24:53 +0000 (00:24 +0100)]
wafsamba: remove unused variable in SAMBA_MODULE()
Bug: https://bugzilla.samba.org/show_bug.cgi?id=10112
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jelmer Vernooij <jelmer@samba.org>
Stefan Metzmacher [Fri, 16 Jan 2015 23:24:53 +0000 (00:24 +0100)]
wafsamba: passing 'subsystem' to SAMBA_MODULE() is not optional
Bug: https://bugzilla.samba.org/show_bug.cgi?id=10112
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jelmer Vernooij <jelmer@samba.org>
Stefan Metzmacher [Fri, 16 Jan 2015 23:24:53 +0000 (00:24 +0100)]
wafsamba: make it possible to pass bundled_name to SAMBA_LIBRARY()
Bug: https://bugzilla.samba.org/show_bug.cgi?id=10112
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jelmer Vernooij <jelmer@samba.org>
Ralph Boehme [Thu, 15 Jan 2015 20:08:47 +0000 (21:08 +0100)]
lib/util: add missing commas to statfs_types
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
Autobuild-User(master): Michael Adam <obnox@samba.org>
Autobuild-Date(master): Fri Jan 16 13:24:16 CET 2015 on sn-devel-104
Christof Schmitt [Thu, 15 Jan 2015 21:31:19 +0000 (14:31 -0700)]
samba3.py: Correctly initialize cache directory for passdb test
Running 'make test TESTS=tests.samba3' succeeds, but the log shows that
it tried to open the gencache tdb in the wrong directory:
Unable to create directory /usr/local/samba/var/cache for file gencache.tdb. Error was No such file or directory
Fix this by correctly initializing the cache directory.
Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-By: Jelmer Vernooij <jelmer@samba.org>
Autobuild-User(master): Christof Schmitt <cs@samba.org>
Autobuild-Date(master): Fri Jan 16 02:36:39 CET 2015 on sn-devel-104
Ira Cooper [Thu, 15 Jan 2015 16:41:50 +0000 (11:41 -0500)]
smbd: Stop using vfs_Chdir after SMB_VFS_DISCONNECT.
This sequencing is causing problems for vfs_ceph, and likely
other vfs modules.
Signed-off-by: Ira Cooper <ira@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Fri Jan 16 00:13:17 CET 2015 on sn-devel-104
Andrew Bartlett [Thu, 4 Dec 2014 04:23:29 +0000 (17:23 +1300)]
CVE-2014-8143:dsdb-samldb: Check for extended access rights before we allow changes to userAccountControl
This requires an additional control to be used in the
LSA server to add domain trust account objects.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=10993
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(master): Thu Jan 15 14:54:47 CET 2015 on sn-devel-104
Andrew Bartlett [Mon, 8 Dec 2014 01:20:21 +0000 (14:20 +1300)]
CVE-2014-8143:dsdb: Allow use of dsdb_autotransaction_request outside util.c
Bug: https://bugzilla.samba.org/show_bug.cgi?id=10993
Change-Id: If6bc90305a1e9a5a92562a01ba7e44330de91cc1
Pair-programmed-with: Garming Sam <garming@catalyst.net.nz>
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Andrew Bartlett [Sun, 7 Dec 2014 23:19:19 +0000 (12:19 +1300)]
CVE-2014-8143:pydsdb: Pull in UF_USE_AES_KEYS flag
Bug: https://bugzilla.samba.org/show_bug.cgi?id=10993
Change-Id: I36ad5ebc5d8a4811c41b59af90a3add4ae5fd857
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Andrew Bartlett [Tue, 11 Nov 2014 02:23:02 +0000 (15:23 +1300)]
CVE-2014-8143:auth: Force talloc type of session_info pointer to match
This helps us keep things safe in LDB where we put this in a opaque pointer.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=10993
Andrew Bartlett
Change-Id: I46fe53ba655ca0810c276b72fbca524884cdf22d
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Jeremy Allison [Tue, 13 Jan 2015 21:49:58 +0000 (13:49 -0800)]
s3: auth - tests: Add test for "force user" being a unix-only user, not in passdb.
https://bugzilla.samba.org/show_bug.cgi?id=11044
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Wed Jan 14 08:46:08 CET 2015 on sn-devel-104
Jeremy Allison [Tue, 13 Jan 2015 21:49:36 +0000 (13:49 -0800)]
s3: auth: Add previously missing allocation fail check.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Jeremy Allison [Tue, 13 Jan 2015 21:45:16 +0000 (13:45 -0800)]
s3: auth: Plumb in the SamInfo3_handle_sids() utility function into passwd_to_SamInfo3().
Core fix for:
https://bugzilla.samba.org/show_bug.cgi?id=11044
Based on code from Michael Zeis <mzeis.quantum@gmail.com>
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Jeremy Allison [Tue, 13 Jan 2015 21:39:21 +0000 (13:39 -0800)]
s3: auth: Convert samu_to_SamInfo3() to use the new utility function.
Based on code from Michael Zeis <mzeis.quantum@gmail.com>
https://bugzilla.samba.org/show_bug.cgi?id=11044
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Jeremy Allison [Tue, 13 Jan 2015 21:35:56 +0000 (13:35 -0800)]
s3: auth: Add a utility function - SamInfo3_handle_sids() that factors out the code to handle "Unix Users" and "Unix Groups".
Based on code from Michael Zeis <mzeis.quantum@gmail.com>
https://bugzilla.samba.org/show_bug.cgi?id=11044
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Andreas Schneider [Tue, 13 Jan 2015 14:14:25 +0000 (15:14 +0100)]
rwrap: Bump version to 1.1.2.
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Tue Jan 13 19:19:25 CET 2015 on sn-devel-104
Andreas Schneider [Tue, 13 Jan 2015 14:13:40 +0000 (15:13 +0100)]
rwrap: Fix ns_name_compress detection.
On some platforms it is a macro and not a function. So we need to
check if the macro exists.
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
Andreas Schneider [Mon, 12 Jan 2015 16:36:44 +0000 (17:36 +0100)]
rwrap: Bump version to 1.1.1.
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
Andreas Schneider [Mon, 12 Jan 2015 16:33:58 +0000 (17:33 +0100)]
rwrap: Fix a possible NULL dereference.
CID: #84271
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jakub Hrozek <jakub.hrozek@gmail.com>
Reviewed-by: Guenther Deschner <gd@samba.org>
Andreas Schneider [Mon, 12 Jan 2015 16:32:45 +0000 (17:32 +0100)]
rwrap: If we do not have ns_name_compress() use dn_comp().
This should fix older Linux versions which do not export
ns_name_compress(). In newer glibc versions dn_comp() calls
ns_name_compress().
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11019
Reviewed-by: Jakub Hrozek <jakub.hrozek@gmail.com>
Reviewed-by: Michael Adam <obnox@samba.org>
Volker Lendecke [Tue, 13 Jan 2015 11:51:13 +0000 (12:51 +0100)]
net: Fix sam addgroupmem
Domain local groups come across as SID_TYPE_ALIAS and are sent to us in the
PAC/Info3 struct. We should allow this in net sam addgroupmem.
Volker
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
Autobuild-User(master): Günther Deschner <gd@samba.org>
Autobuild-Date(master): Tue Jan 13 15:28:16 CET 2015 on sn-devel-104
Andreas Schneider [Mon, 12 Jan 2015 17:12:13 +0000 (18:12 +0100)]
s3-util: Fix authentication with long hostnames.
If the hostname is longer than MAX_NETBIOSNAME_LEN we fail to correctly
check the hostname.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11008
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Mon Jan 12 23:10:30 CET 2015 on sn-devel-104
David Disseldorp [Mon, 12 Jan 2015 15:49:54 +0000 (16:49 +0100)]
leases_db: don't leak lock_path onto talloc tos
Also check for allocation failures.
Signed-off-by: David Disseldorp <ddiss@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Mon Jan 12 19:22:31 CET 2015 on sn-devel-104