Andrew Bartlett [Wed, 2 Jun 2010 12:35:53 +0000 (22:35 +1000)]
s3:auth Change auth_ntlmssp_server_info API to return NTSTATUS
It's nicer to have an NTSTATUS return, and in s3compat there may be a
reason other than 'no memory' why this can fail.
Andrew Bartlett
Andrew Bartlett [Thu, 3 Jun 2010 11:05:57 +0000 (21:05 +1000)]
s3:named pipe proxy Improve error messages when named pipes fail to forward
I hope this helps the next person who needs to debug this.
Andrew Bartlett
Andrew Bartlett [Thu, 3 Jun 2010 11:15:33 +0000 (21:15 +1000)]
s3:smbd Give the kerberos session key a parent
I can't see what would free this, so this should prevent a memory leak.
Andrew Bartlett
Andrew Bartlett [Thu, 3 Jun 2010 10:59:25 +0000 (20:59 +1000)]
named_pipe_auth Always lower case the incoming pipe name
Windows connects to an upper case NETLOGON pipe, and we can't find the
socket to connect to until we lower case the name.
Andrew Bartlett
Andrew Bartlett [Tue, 1 Jun 2010 09:19:01 +0000 (19:19 +1000)]
s3:smbd Fix segfault if register_existing_vuid() fails
The register_existing_vuid() call will handle both the ntlmssp_end and
vuid invalidation internally, so we don't want to do it again.
Andrew Bartlett
Andrew Bartlett [Tue, 1 Jun 2010 11:11:14 +0000 (21:11 +1000)]
s3:auth Rename user_info->domain -> user_info->mapped.domain_name
This is closer to the structure I want for a common struct
auth_usersupplied_info.
Andrew Bartlett
Andrew Bartlett [Tue, 1 Jun 2010 11:08:38 +0000 (21:08 +1000)]
s3:auth Rename user_info->client_domain -> user_info->client.domain_name
This is closer to the structure I want for a common struct
auth_usersupplied_info.
Andrew Bartlett
Andrew Bartlett [Tue, 1 Jun 2010 11:01:23 +0000 (21:01 +1000)]
s3:auth fix header comment for internal_username -> mapped.account_name
Andrew Bartlett [Tue, 1 Jun 2010 10:30:56 +0000 (20:30 +1000)]
s3:auth Rename user_info->internal_username -> user_info->mapped.account_name
This is closer to the structure I want for a common struct
auth_usersupplied_info.
Andrew Bartlett
Andrew Bartlett [Tue, 1 Jun 2010 10:27:03 +0000 (20:27 +1000)]
s3:auth Rename user_info->smb_name -> user_info->client.account_name
This is closer to the structure I want for a common struct
auth_usersupplied_info.
Andrew Bartlett
Matthias Dieter Wallnöfer [Mon, 7 Jun 2010 13:02:38 +0000 (15:02 +0200)]
s4:samba_dsdb LDB module - fix typos
Matthias Dieter Wallnöfer [Mon, 7 Jun 2010 12:58:30 +0000 (14:58 +0200)]
s4:samba_dsdb LDB module - enhance/fix module rule comments
Simo Sorce [Sat, 29 May 2010 15:29:29 +0000 (11:29 -0400)]
s3:auth make sure the primary group sid is usable
This function was previously performed under the cover by converting
back and forth from info3 to samu and then later from samu to info3.
Since we now shortcircuit that in some cases, check explicitly using
get_primary_group_sid()
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Simo Sorce [Sat, 29 May 2010 15:02:47 +0000 (11:02 -0400)]
s3:auth return the full passwd struct from check_account
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Simo Sorce [Sat, 29 May 2010 14:51:40 +0000 (10:51 -0400)]
s3:passdb Export function to calculate the proper primary group sid
Don't keep it buried in passdb, this function need to be available
for use in places where we do not want to construct an artificial
samu struct just to play tricks.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Simo Sorce [Fri, 28 May 2010 21:03:18 +0000 (17:03 -0400)]
s3:auth remove unused structure member
sids are now completely handled using info3, remove dead code that fills
server info sids and the structure members themselves
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Simo Sorce [Fri, 28 May 2010 20:16:53 +0000 (16:16 -0400)]
s3:auth create nt token from info3 directly
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Simo Sorce [Fri, 28 May 2010 17:18:13 +0000 (13:18 -0400)]
s3:auth handle unix domain sids in samu
When we generate a user out of thin air we may end up adding sids
that are not part of the sam domain (unix domain sids).
Handle the case and preserve these sids as extra sids.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Simo Sorce [Fri, 28 May 2010 17:22:41 +0000 (13:22 -0400)]
s3:auth set the resolved user sid in the fake sam account
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Simo Sorce [Fri, 28 May 2010 15:14:01 +0000 (11:14 -0400)]
s3:auth check the user is valid first
It makes no sense to go through all the hoops to build samu and
convert it to info3, just to discard them later if the user was
not valid.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Simo Sorce [Fri, 28 May 2010 15:07:49 +0000 (11:07 -0400)]
s3:auth make sure we set the right username
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Matthias Dieter Wallnöfer [Thu, 3 Jun 2010 18:58:43 +0000 (20:58 +0200)]
s4:ldap.py - add some "objectclass" behaviour tests
Matthias Dieter Wallnöfer [Sat, 5 Jun 2010 21:02:25 +0000 (23:02 +0200)]
s4:objectclass LDB module - rework the code which handles the objectclasses modification
Before it has been very incomplete. We try now to match the Windows Server
behaviour as close as possible.
Matthias Dieter Wallnöfer [Sun, 6 Jun 2010 21:09:28 +0000 (23:09 +0200)]
s4:ldap.py - enhance the attributes testcase to demonstrate how the attributes are checked against the schema and the specified objectclasses
This demonstrates the bew "objectclass_attrs" LDB module behaviour.
Matthias Dieter Wallnöfer [Sun, 6 Jun 2010 17:06:58 +0000 (19:06 +0200)]
s4:acl LDB module - LDB attribute names should be compared using "ldb_attr_cmp" or "strcasecmp"
Matthias Dieter Wallnöfer [Sat, 5 Jun 2010 18:19:31 +0000 (20:19 +0200)]
s4:acl LDB module - adaption for "objectclass_attrs" module
Since the attribute schema checking code moved back we need to give here the
"LDB_ERR_NO_SUCH_ATTRIBUTE" error.
Matthias Dieter Wallnöfer [Sat, 5 Jun 2010 17:11:25 +0000 (19:11 +0200)]
s4:objectclass LDB module - remove "fix_check_attributes"
Also this task is now performed by the "objectclass_attrs" LDB module.
Matthias Dieter Wallnöfer [Sun, 6 Jun 2010 17:53:33 +0000 (19:53 +0200)]
s4:samldb LDB module - adjust the module to set always a "defaultObjectCategory" on objectclass add operations
This is needed to make the "objectclass_attrs" LDB module happy. The search
check and case adjustment are done as it was using a second modify operation.
Matthias Dieter Wallnöfer [Sat, 5 Jun 2010 17:09:51 +0000 (19:09 +0200)]
s4:remove the "validate_update" LDB module - the task is now handled by the far more complete "objectclass_attrs" LDB module
Matthias Dieter Wallnöfer [Sat, 5 Jun 2010 15:34:35 +0000 (17:34 +0200)]
s4:dsdb - introduce a new "objectclass_attrs" LDB module which performs the objectclass attributes checking
Until now we had no real consistent mechanism which allowed us to check if
attributes belong to the specified objectclasses.
Matthias Dieter Wallnöfer [Thu, 3 Jun 2010 17:17:16 +0000 (19:17 +0200)]
s4:objectclass LDB module - instanciate the schema variable centrally on the "ac" context creation
This unifies the position when the schema is read and prevents multiple
instanciations (eg on a modification operation).
Matthias Dieter Wallnöfer [Wed, 2 Jun 2010 20:13:03 +0000 (22:13 +0200)]
s4:samldb LDB module - finally we can remove the RDN check
This is now dynamically always done by the objectclass LDB module
Matthias Dieter Wallnöfer [Wed, 2 Jun 2010 20:06:39 +0000 (22:06 +0200)]
s4:ldap.py - enhance the rename tests to demonstrate the functionality
Matthias Dieter Wallnöfer [Wed, 2 Jun 2010 19:55:08 +0000 (21:55 +0200)]
s4:objectclass LDB module - finally implement the correct entry rename protections
Only the "systemFlags" check is still missing.
Matthias Dieter Wallnöfer [Wed, 2 Jun 2010 19:43:55 +0000 (21:43 +0200)]
s4:objectclass LDB module - cosmetic change
Matthias Dieter Wallnöfer [Wed, 2 Jun 2010 19:42:06 +0000 (21:42 +0200)]
s4:objectclass LDB module - remove duplicated code
Matthias Dieter Wallnöfer [Wed, 2 Jun 2010 19:24:49 +0000 (21:24 +0200)]
s4:objectclass LDB module - fix counter variable types
Matthias Dieter Wallnöfer [Wed, 2 Jun 2010 19:23:34 +0000 (21:23 +0200)]
s4:objectclass LDB module - explain why the search can return with an empty return
Matthias Dieter Wallnöfer [Wed, 2 Jun 2010 17:44:22 +0000 (19:44 +0200)]
s4:objectclass LDB module - this "talloc_steal" is not necessary
The "parent_dn" was created on the "ac" context which lives anyway longer
than this child request.
Matthias Dieter Wallnöfer [Fri, 4 Jun 2010 18:48:52 +0000 (20:48 +0200)]
s4:objectclass LDB module - fix error result if an entry doesn't contain a structural objectclass
We need to return LDB_ERR_UNWILLING_TO_PERFORM (not LDB_ERR_NAMING_VIOLATION).
Matthias Dieter Wallnöfer [Sat, 5 Jun 2010 11:06:54 +0000 (13:06 +0200)]
s4:objectclass LDB module - use "ldb_oom" for expressing out of memory
Matthias Dieter Wallnöfer [Wed, 2 Jun 2010 20:42:59 +0000 (22:42 +0200)]
s4:objectclass LDB module - fix header and add my copyright
Andreas Schneider [Thu, 27 May 2010 07:07:03 +0000 (09:07 +0200)]
s3-waf: Build rpc_server/srv_spoolss_util.c too.
Signed-off-by: Günther Deschner <gd@samba.org>
Günther Deschner [Mon, 7 Jun 2010 10:55:43 +0000 (12:55 +0200)]
s3-lsa: Fix static list of luids in our privileges implementation.
The high/low order changed while moving to LSA defines. Found by torture test.
Guenther
Günther Deschner [Mon, 7 Jun 2010 10:41:39 +0000 (12:41 +0200)]
s4-smbtorture: test workstation auth as well in RPC-SPOOLSS-ACCESS.
Guenther
Matthieu Patou [Fri, 7 May 2010 00:15:28 +0000 (04:15 +0400)]
s4:ldb python bindings - implement comparison on Python LDB Message objects
Coauthors: Jelmer Vernooij, Matthias Dieter Wallnöfer
Matthieu Patou [Sat, 5 Jun 2010 15:25:18 +0000 (19:25 +0400)]
s4: Remove an uselessly exposed control
Günther Deschner [Mon, 7 Jun 2010 09:21:26 +0000 (11:21 +0200)]
s4-smbtorture: handle printservers w/o printers in RPC-SPOOLSS-ACCESS.
Guenther
Günther Deschner [Sat, 5 Jun 2010 00:39:11 +0000 (02:39 +0200)]
s3-privileges: use LUID defines from lsa IDL.
Guenther
Matthew McGillis [Sat, 5 Jun 2010 00:48:40 +0000 (17:48 -0700)]
Fix bug with incorrect flag values for inherited ace in some cases.
Matthias Dieter Wallnöfer [Thu, 3 Jun 2010 16:35:00 +0000 (18:35 +0200)]
s4:password_hash LDB module - adapt the module to the new "ldb_msg_remove_attr" behaviour
Matthias Dieter Wallnöfer [Thu, 3 Jun 2010 16:22:10 +0000 (18:22 +0200)]
ldb:ldb_msg_remove_attr - provide a better implementation
We can have some special (bad) messages which contain multiple message elements
for the same attribute. The AD password change ones are such an example.
Matthias Dieter Wallnöfer [Sun, 6 Jun 2010 17:12:48 +0000 (19:12 +0200)]
s4:samldb LDB module - this codepart isn't needed due to the objectclass LDB module
When a "computer" entry will be added, also the inherited "user" objectclass is
going to be specified.
Matthias Dieter Wallnöfer [Fri, 4 Jun 2010 19:10:41 +0000 (21:10 +0200)]
s4:get_last_structural_class - only real structural classes can be candidates for fetching the last one
Classes with objectCategory = 1 are always structural, these with
objectCategory = 0 also (as we can see in our Windows 2008 R2 schema file where
class "Person" has 0 but is structural).
Abstract classes and auxiliary ones cannot be considered (objectCategory = 2, 3)
http://msdn.microsoft.com/en-us/library/ms677964(VS.85).aspx
Matthias Dieter Wallnöfer [Thu, 3 Jun 2010 16:05:52 +0000 (18:05 +0200)]
s4:ldap.py - enhance the RDN name test to show that invalid "name" attributes are allowed on add operations
Matthias Dieter Wallnöfer [Thu, 3 Jun 2010 16:25:43 +0000 (18:25 +0200)]
s4:rdn_name LDB module - use "ldb_msg_remove_attr" for deleting attributes
Matthias Dieter Wallnöfer [Thu, 3 Jun 2010 15:56:09 +0000 (17:56 +0200)]
s4:rdn_name LDB module - remove "rdn_name_find_attribute"
It does exactly the same as "ldb_msg_find_element".
Matthias Dieter Wallnöfer [Mon, 31 May 2010 12:52:46 +0000 (14:52 +0200)]
s4:dsdb/common/util.c - provide a better implementation of the "samdb_msg_add_(add/del)val" calls
This supports now also coexisting add and delete message elements with the
same attribute name.
Matthias Dieter Wallnöfer [Thu, 3 Jun 2010 16:37:15 +0000 (18:37 +0200)]
ldb:ltdb_filter_attrs - fix a counter variable type
Matthias Dieter Wallnöfer [Sat, 5 Jun 2010 12:33:52 +0000 (14:33 +0200)]
s4:ldap_server/ldap_backend.c - send back also the extended error message if it exists
This message often contains suggestions how to fix issues.
Matthias Dieter Wallnöfer [Sat, 5 Jun 2010 15:45:51 +0000 (17:45 +0200)]
s4:ridalloc LDB module - add more "talloc_free"s where useful
Some were missing on failure return branches.
Matthias Dieter Wallnöfer [Sat, 5 Jun 2010 18:08:45 +0000 (20:08 +0200)]
s4:acl LDB module - fix counter types where appropriate
Matthias Dieter Wallnöfer [Sat, 5 Jun 2010 17:58:28 +0000 (19:58 +0200)]
s4:descriptor LDB module - cosmetic fixup
Matthias Dieter Wallnöfer [Sun, 6 Jun 2010 18:23:42 +0000 (20:23 +0200)]
s4:urgent_replication.py - specify the "dnsRoot" attribute which is requested on "crossRef" entries
Matthias Dieter Wallnöfer [Sat, 5 Jun 2010 20:19:58 +0000 (22:19 +0200)]
s4:ldap.py - make sure that also the "posixuser" will be deleted on test breakages
Matthias Dieter Wallnöfer [Sat, 5 Jun 2010 22:11:16 +0000 (00:11 +0200)]
s4:provision - fix typo in substitution variable
Jeremy Allison [Sat, 5 Jun 2010 04:00:24 +0000 (21:00 -0700)]
Fix a long-standing bug with async io that would only be triggered by SMB2.
On normal or shutdown close, ensure we wait for any pending IO to
complete before returning. Implement a blocking aio_suspend inside
vfs_aio_fork.c. These changes pass make test when the aio_fork module
is used by default on the test shares.
Jeremy.
Björn Jacke [Sat, 5 Jun 2010 00:13:21 +0000 (02:13 +0200)]
s3:build: add shared lib flag for HP-UX compiler
Björn Jacke [Sat, 5 Jun 2010 00:12:02 +0000 (02:12 +0200)]
s3: fix build on Heimdal based systems like NetBSD5
Günther Deschner [Fri, 4 Jun 2010 23:26:49 +0000 (01:26 +0200)]
s4-smbtorture: make RPC-SPOOLSS-ACCESS more compatible with older samba releases.
Guenther
Günther Deschner [Fri, 4 Jun 2010 23:25:05 +0000 (01:25 +0200)]
s4-smbtorture: remove another incarnation of test_ClosePrinter.
This should fix the build; why waf didn't catch that durint make bin/smbtorture4 ?
Guenther
Günther Deschner [Fri, 4 Jun 2010 17:03:11 +0000 (19:03 +0200)]
s4-smbtorture: add RPC-SPOOLSS-ACCESS.
This test creates
- a user
- a user with BUILTIN\Administrators membership
- a user with BUILTIN\Print Operators membership
- a user with SePrintOperatorPrivilege (if available)
- a user with full access in security descriptor
and checks what access rights are granted in spoolss_OpenPrinterEx.
Guenther
Günther Deschner [Fri, 4 Jun 2010 17:02:17 +0000 (19:02 +0200)]
s4-smbtorture: share test_ClosePrinter between RPC-SPOOLSS and RPC-SPOOLSS-WIN.
Guenther
Günther Deschner [Fri, 4 Jun 2010 14:55:07 +0000 (16:55 +0200)]
s3-rpcclient: allow to add access_mask in cmd_spoolss_open_printer_ex().
Guenther
Günther Deschner [Fri, 4 Jun 2010 17:05:24 +0000 (19:05 +0200)]
s4-smbtorture: check error codes in RAP-SAM testsuite.
Guenther
Jeremy Allison [Fri, 4 Jun 2010 20:49:38 +0000 (13:49 -0700)]
Oops. Forgot to re-initialize the aio_ex pointer from sival_ptr.
Jeremy Allison [Fri, 4 Jun 2010 18:41:57 +0000 (11:41 -0700)]
wait_for_aio_completion() should return 0 on non-aio compiled case.
Jeremy Allison [Fri, 4 Jun 2010 18:41:38 +0000 (11:41 -0700)]
Rename req -> smbreq.
Jeremy Allison [Fri, 4 Jun 2010 18:30:46 +0000 (11:30 -0700)]
Change smbd_aio_complete_mid() -> smbd_aio_complete_aio_ex(). Simplifies
the code and eliminates find_aio_ex().
Jeremy.
Andreas Schneider [Thu, 3 Jun 2010 20:04:08 +0000 (22:04 +0200)]
s3-rpc: Create a file with all functions for a internal named pipe.
This makes it possible to use the samr rpc server in winbind without
linking in smbd.
Reviewed-by: Simo Sorce <idra@samba.org>
Andreas Schneider [Thu, 3 Jun 2010 20:01:46 +0000 (22:01 +0200)]
s3-rpc: Seperate rpc_srv_register for plain connection.
This will make it possible to create plain rpc named pipe connnections.
Reviewed-by: Simo Sorce <idra@samba.org>
Andreas Schneider [Wed, 2 Jun 2010 17:39:18 +0000 (19:39 +0200)]
s3-auth: Moved smbd user functions to a generic place.
Reviewed-by: Simo Sorce <idra@samba.org>
Andreas Schneider [Mon, 31 May 2010 16:33:38 +0000 (18:33 +0200)]
s3-smbd: Remove unneeded dependency of map_username to globals.c.
Reviewed-by: Simo Sorce <idra@samba.org>
Günther Deschner [Fri, 4 Jun 2010 12:31:08 +0000 (14:31 +0200)]
s3-selftest: do not call main RPC-SPOOLSS testsuite.
The tests formerly available in there can now be accessed via
RPC-SPOOLSS-PRINTSERVER.
Guenther
Günther Deschner [Thu, 3 Jun 2010 19:39:51 +0000 (21:39 +0200)]
s4-smbtorture: completely rework RPC-SPOOLSS-PRINTER.
This is now a child testsuite to RPC-SPOOLSS. You can call simple tests via
RPC-SPOOLSS-{addprinter,addprinterex}-testname.
Guenther
Günther Deschner [Thu, 3 Jun 2010 18:48:49 +0000 (20:48 +0200)]
s4-smbtorture: rework order of test in RPC-SPOOLSS-PRINTSERVER a bit.
Guenther
Björn Jacke [Thu, 3 Jun 2010 22:55:10 +0000 (00:55 +0200)]
ѕ3:Makefile: use PIC instead of PIE flags for shared libs
otherwise shared lib builds are broken on some platforms
Jeremy Allison [Thu, 3 Jun 2010 18:50:08 +0000 (11:50 -0700)]
Allow us to cope correctly with NT_STATUS_MORE_PROCESSING_REQUIRED when downgrading from krb5 to NTLMSSP over SMB2.
Jeremy.
Jeremy Allison [Thu, 3 Jun 2010 18:18:11 +0000 (11:18 -0700)]
Found by Guenther - fix up our fallback paths from krb5 to NTLMSSP when using SMB2.
Jeremy.
Günther Deschner [Tue, 18 May 2010 21:40:43 +0000 (23:40 +0200)]
s4-smbtorture: convert RPC-SPOOLSS into a torture suite.
Guenther
Günther Deschner [Thu, 3 Jun 2010 15:08:55 +0000 (17:08 +0200)]
s4-smbtorture: allow to call single tests from a testcase in a testsuite
directly on the commandline.
Guenther
James Peach [Fri, 19 Mar 2010 02:30:54 +0000 (19:30 -0700)]
libreplace: Fix readline build with libedit.
libedit on MAc OSX 10.5 does not have the rl_completion_t typedef,
but uses a internal typedef names CPPFunction.
Signed-off-by: Günther Deschner <gd@samba.org>
Günther Deschner [Thu, 3 Jun 2010 14:30:55 +0000 (16:30 +0200)]
s3-spoolss: add and use spoolss_printerinfo2_to_setprinterinfo2().
This fixes some invalid typecasts.
Guenther
Volker Lendecke [Thu, 3 Jun 2010 14:09:31 +0000 (16:09 +0200)]
s3: Fix the build of the nfsv4 acl code
Günther Deschner [Thu, 3 Jun 2010 12:54:02 +0000 (14:54 +0200)]
s4-smbtorture: move PrintProcessors winreg test to main RPC-SPOOLSS test.
Guenther
Günther Deschner [Thu, 3 Jun 2010 11:01:40 +0000 (13:01 +0200)]
s4-smbtorture: add test_PrintProcessors_winreg.
This does cross reference checks between spoolss PrintProcessors and entries
stored in winreg.
Guenther
Günther Deschner [Thu, 3 Jun 2010 11:01:16 +0000 (13:01 +0200)]
s4-smbtorture: refactor test_EnumPrintProcessors().
Guenther
Günther Deschner [Thu, 3 Jun 2010 09:46:44 +0000 (11:46 +0200)]
s4-smbtorture: only test data up to a length of 9 bytes in test_SetPrinterDataEx_matrix().
Guenther
Günther Deschner [Wed, 2 Jun 2010 23:45:01 +0000 (01:45 +0200)]
s3: remove authdata.h
Guenther
Günther Deschner [Thu, 3 Jun 2010 08:25:32 +0000 (10:25 +0200)]
s3-build: pure cosmetics, use better names for gen_ndr code pieces.
Guenther