diff options
Diffstat (limited to 'source4')
| -rw-r--r-- | source4/auth/config.m4 | 2 | ||||
| -rw-r--r-- | source4/auth/credentials/credentials_krb5.h | 1 | ||||
| -rw-r--r-- | source4/auth/kerberos/clikrb5.c | 6 | ||||
| -rw-r--r-- | source4/build/m4/public.m4 | 4 | ||||
| -rwxr-xr-x | source4/dsdb/samdb/ldb_modules/tests/possibleinferiors.py | 166 | ||||
| -rw-r--r-- | source4/heimdal_build/replace.c | 4 | ||||
| -rw-r--r-- | source4/heimdal_build/roken.h | 19 | ||||
| -rw-r--r-- | source4/kdc/kdc.c | 2 | ||||
| -rw-r--r-- | source4/libcli/security/config.mk | 2 |
9 files changed, 158 insertions, 48 deletions
diff --git a/source4/auth/config.m4 b/source4/auth/config.m4 index fb9ee58c60..9735b17cac 100644 --- a/source4/auth/config.m4 +++ b/source4/auth/config.m4 @@ -28,6 +28,8 @@ if test x"$ac_cv_header_sasl_sasl_h" = x"yes" -a x"$ac_cv_lib_ext_sasl2_sasl_cli SASL_CPPFLAGS="$CPPFLAGS" SASL_LDFLAGS="$LDFLAGS" LIB_REMOVE_USR_LIB(SASL_LDFLAGS) + CFLAGS_REMOVE_USR_INCLUDE(SASL_CPPFLAGS) + CFLAGS_REMOVE_USR_INCLUDE(SASL_CFLAGS) else SMB_ENABLE(cyrus_sasl,NO) fi diff --git a/source4/auth/credentials/credentials_krb5.h b/source4/auth/credentials/credentials_krb5.h index 0d0e9f330f..5e56752eb4 100644 --- a/source4/auth/credentials/credentials_krb5.h +++ b/source4/auth/credentials/credentials_krb5.h @@ -24,6 +24,7 @@ #define __CREDENTIALS_KRB5_H__ #include <gssapi/gssapi.h> +#include <gssapi/gssapi_krb5.h> #include <krb5.h> struct gssapi_creds_container { diff --git a/source4/auth/kerberos/clikrb5.c b/source4/auth/kerberos/clikrb5.c index cf87d13cf2..68e7eb90cc 100644 --- a/source4/auth/kerberos/clikrb5.c +++ b/source4/auth/kerberos/clikrb5.c @@ -74,13 +74,9 @@ void kerberos_free_data_contents(krb5_context context, krb5_data *pdata) { -#if defined(HAVE_KRB5_FREE_DATA_CONTENTS) if (pdata->data) { - krb5_free_data_contents(context, pdata); + krb5_data_free(pdata); } -#else - SAFE_FREE(pdata->data); -#endif } krb5_error_code smb_krb5_kt_free_entry(krb5_context context, krb5_keytab_entry *kt_entry) diff --git a/source4/build/m4/public.m4 b/source4/build/m4/public.m4 index bd98a400be..2bf63f0ca6 100644 --- a/source4/build/m4/public.m4 +++ b/source4/build/m4/public.m4 @@ -102,10 +102,12 @@ AC_DEFUN([SMB_EXT_LIB_FROM_PKGCONFIG], ac_cv_$1_libs_only_other="`$PKG_CONFIG --libs-only-other '$2'` `$PKG_CONFIG --libs-only-L '$2'`" LIB_REMOVE_USR_LIB(ac_cv_$1_libs_only_other) + ac_cv_$1_includedir_only="`$PKG_CONFIG --cflags-only-I '$2'`" + CFLAGS_REMOVE_USR_INCLUDE(ac_cv_$1_includedir_only) SMB_EXT_LIB($1, [`$PKG_CONFIG --libs-only-l '$2'`], [`$PKG_CONFIG --cflags-only-other '$2'`], - [`$PKG_CONFIG --cflags-only-I '$2'`], + [$ac_cv_$1_includedir_only], [$ac_cv_$1_libs_only_other]) ac_cv_$1_found=yes diff --git a/source4/dsdb/samdb/ldb_modules/tests/possibleinferiors.py b/source4/dsdb/samdb/ldb_modules/tests/possibleinferiors.py index 0e74456dac..ec426c099b 100755 --- a/source4/dsdb/samdb/ldb_modules/tests/possibleinferiors.py +++ b/source4/dsdb/samdb/ldb_modules/tests/possibleinferiors.py @@ -71,7 +71,7 @@ schema_base = rootDse["schemaNamingContext"][0] def possible_inferiors_search(db, oc): """return the possible inferiors via a search for the possibleInferiors attribute""" res = db.search(base=schema_base, - expression=("ldapdisplayname=%s" % oc), + expression=("ldapDisplayName=%s" % oc), attrs=["possibleInferiors"]) poss=[] @@ -86,47 +86,137 @@ def possible_inferiors_search(db, oc): # see [MS-ADTS] section 3.1.1.4.5.21 -# for this algorithm +# and section 3.1.1.4.2 for this algorithm # !systemOnly=TRUE # !objectClassCategory=2 # !objectClassCategory=3 -def POSSINFERIORS(db, oc): - """returns a list of possible inferiors to a class. Returned list has the ldapdisplayname, systemOnly and objectClassCategory for each element""" - expanded = [oc] - res = db.search(base=schema_base, - expression=("subclassof=%s" % str(oc["ldapdisplayname"][0])), - attrs=["ldapdisplayname", "systemOnly", "objectClassCategory"]) +def SUPCLASSES(classinfo, oc): + list = [] + if oc == "top": + return list + if classinfo[oc].get("SUPCLASSES") is not None: + return classinfo[oc]["SUPCLASSES"] + res = classinfo[oc]["subClassOf"]; for r in res: - expanded.extend(POSSINFERIORS(db,r)) - return expanded + list.append(r) + list.extend(SUPCLASSES(classinfo,r)) + classinfo[oc]["SUPCLASSES"] = list + return list -def possible_inferiors_constructed(db, oc): - """return the possbible inferiors via a recursive search and match""" - res = db.search(base=schema_base, - expression=("(&(objectclass=classSchema)(|(posssuperiors=%s)(systemposssuperiors=%s)))" % (oc,oc)), - attrs=["ldapdisplayname", "systemOnly", "objectClassCategory"]) +def AUXCLASSES(classinfo, oclist): + list = [] + if oclist == []: + return list + for oc in oclist: + if classinfo[oc].get("AUXCLASSES") is not None: + list.extend(classinfo[oc]["AUXCLASSES"]) + else: + list2 = [] + list2.extend(classinfo[oc]["systemAuxiliaryClass"]) + list2.extend(AUXCLASSES(classinfo, classinfo[oc]["systemAuxiliaryClass"])) + list2.extend(classinfo[oc]["auxiliaryClass"]) + list2.extend(AUXCLASSES(classinfo, classinfo[oc]["auxiliaryClass"])) + list2.extend(AUXCLASSES(classinfo, SUPCLASSES(classinfo, oc))) + classinfo[oc]["AUXCLASSES"] = list2 + list.extend(list2) + return list - poss = [] +def SUBCLASSES(classinfo, oclist): + list = [] + for oc in oclist: + list.extend(classinfo[oc]["SUBCLASSES"]) + return list + +def POSSSUPERIORS(classinfo, oclist): + list = [] + for oc in oclist: + if classinfo[oc].get("POSSSUPERIORS") is not None: + list.extend(classinfo[oc]["POSSSUPERIORS"]) + else: + list2 = [] + list2.extend(classinfo[oc]["systemPossSuperiors"]) + list2.extend(classinfo[oc]["possSuperiors"]) + list2.extend(POSSSUPERIORS(classinfo, SUPCLASSES(classinfo, oc))) + # the WSPP docs suggest we should do this: + # list2.extend(POSSSUPERIORS(classinfo, AUXCLASSES(classinfo, [oc]))) + # but testing against w2k3 and w2k8 shows that we need to do this instead + list2.extend(SUBCLASSES(classinfo, list2)) + classinfo[oc]["POSSSUPERIORS"] = list2 + list.extend(list2) + return list + +def pull_classinfo(db): + """At startup we build a classinfo[] dictionary that holds all the information needed to construct the possible inferiors""" + classinfo = {} + res = db.search(base=schema_base, + expression="objectclass=classSchema", + attrs=["ldapDisplayName", "systemOnly", "objectClassCategory", + "possSuperiors", "systemPossSuperiors", + "auxiliaryClass", "systemAuxiliaryClass", "subClassOf"]) for r in res: - poss.extend(POSSINFERIORS(db,r)) - - poss2 = [] - for p in poss: - if (not (p["systemOnly"][0] == "TRUE" or - int(p["objectClassCategory"][0]) == 2 or - int(p["objectClassCategory"][0]) == 3)): - poss2.append(p["ldapdisplayname"][0]) - - poss2 = uniq_list(poss2) - poss2.sort() - return poss2 - -def test_class(db, oc): + name = str(r["ldapDisplayName"][0]) + classinfo[name] = {} + if str(r["systemOnly"]) == "TRUE": + classinfo[name]["systemOnly"] = True + else: + classinfo[name]["systemOnly"] = False + if r.get("objectClassCategory"): + classinfo[name]["objectClassCategory"] = int(r["objectClassCategory"][0]) + else: + classinfo[name]["objectClassCategory"] = 0 + for a in [ "possSuperiors", "systemPossSuperiors", + "auxiliaryClass", "systemAuxiliaryClass", + "subClassOf" ]: + classinfo[name][a] = [] + if r.get(a): + for i in r[a]: + classinfo[name][a].append(str(i)) + + # build a list of subclasses for each class + def subclasses_recurse(subclasses, oc): + list = subclasses[oc] + for c in list: + list.extend(subclasses_recurse(subclasses, c)) + return list + + subclasses = {} + for oc in classinfo: + subclasses[oc] = [] + for oc in classinfo: + for c in classinfo[oc]["subClassOf"]: + if not c == oc: + subclasses[c].append(oc) + for oc in classinfo: + classinfo[oc]["SUBCLASSES"] = uniq_list(subclasses_recurse(subclasses, oc)) + + return classinfo + +def is_in_list(list, c): + for a in list: + if c == a: + return True + return False + +def possible_inferiors_constructed(db, classinfo, c): + list = [] + for oc in classinfo: + superiors = POSSSUPERIORS(classinfo, [oc]) + if (is_in_list(superiors, c) and + classinfo[oc]["systemOnly"] == False and + classinfo[oc]["objectClassCategory"] != 2 and + classinfo[oc]["objectClassCategory"] != 3): + list.append(oc) + list = uniq_list(list) + list.sort() + return list + +def test_class(db, classinfo, oc): """test to see if one objectclass returns the correct possibleInferiors""" + print "testing objectClass %s" % oc poss1 = possible_inferiors_search(db, oc) - poss2 = possible_inferiors_constructed(db, oc) + poss2 = possible_inferiors_constructed(db, classinfo, oc) if poss1 != poss2: print "Returned incorrect list for objectclass %s" % oc print poss1 @@ -137,19 +227,17 @@ def test_class(db, oc): def get_object_classes(db): """return a list of all object classes""" - res = db.search(base=schema_base, - expression="objectClass=classSchema", - attrs=["ldapdisplayname"]) list=[] - for item in res: - list.append(item["ldapdisplayname"][0]) + for item in classinfo: + list.append(item) return list +classinfo = pull_classinfo(db) + if objectclass is None: for oc in get_object_classes(db): - print "testing objectClass %s" % oc - test_class(db,oc) + test_class(db,classinfo,oc) else: - test_class(db,objectclass) + test_class(db,classinfo,objectclass) print "Lists match OK" diff --git a/source4/heimdal_build/replace.c b/source4/heimdal_build/replace.c index 41309fea6e..ba43dd9495 100644 --- a/source4/heimdal_build/replace.c +++ b/source4/heimdal_build/replace.c @@ -84,3 +84,7 @@ return -1; } #endif + +const char *heimdal_version = "samba-internal-heimdal"; +const char *heimdal_long_version = "samba-interal-heimdal"; + diff --git a/source4/heimdal_build/roken.h b/source4/heimdal_build/roken.h index 3edeb2fb2e..e3edd53872 100644 --- a/source4/heimdal_build/roken.h +++ b/source4/heimdal_build/roken.h @@ -41,6 +41,22 @@ #define HAVE_STRNDUP #endif +#ifndef HAVE_STRLCPY +#define HAVE_STRLCPY +#endif + +#ifndef HAVE_STRLCAT +#define HAVE_STRLCAT +#endif + +#ifndef HAVE_STRCASECMP +#define HAVE_STRCASECMP +#endif + +#ifndef HAVE_MKSTEMP +#define HAVE_MKSTEMP +#endif + #ifndef HAVE_SETENV #define HAVE_SETENV #endif @@ -84,4 +100,7 @@ #undef SOCKET_WRAPPER_REPLACE #include "heimdal/lib/roken/roken.h.in" +extern const char *heimdal_version; +extern const char *heimdal_long_version; + #endif diff --git a/source4/kdc/kdc.c b/source4/kdc/kdc.c index 1cfe9852f0..3d11441062 100644 --- a/source4/kdc/kdc.c +++ b/source4/kdc/kdc.c @@ -345,7 +345,7 @@ static bool kdc_process(struct kdc_server *kdc, } if (k5_reply.length) { *reply = data_blob_talloc(mem_ctx, k5_reply.data, k5_reply.length); - krb5_free_data_contents(kdc->smb_krb5_context->krb5_context, &k5_reply); + krb5_data_free(&k5_reply); } else { *reply = data_blob(NULL, 0); } diff --git a/source4/libcli/security/config.mk b/source4/libcli/security/config.mk index d6d9ad5545..9d23fe9588 100644 --- a/source4/libcli/security/config.mk +++ b/source4/libcli/security/config.mk @@ -4,7 +4,5 @@ PUBLIC_DEPENDENCIES = LIBNDR LIBSECURITY_COMMON LIBSECURITY_OBJ_FILES = $(addprefix $(libclisrcdir)/security/, \ security_token.o security_descriptor.o \ access_check.o privilege.o sddl.o) \ - ../libcli/security/secace.o \ - ../libcli/security/secacl.o $(eval $(call proto_header_template,$(libclisrcdir)/security/proto.h,$(LIBSECURITY_OBJ_FILES:.o=.c))) |