summaryrefslogtreecommitdiff
AgeCommit message (Collapse)AuthorFilesLines
2013-01-21dsdb-acl: add acl_check_access_on_objectclass() helperStefan Metzmacher1-0/+39
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-01-21dsdb-acl: Add helper function dsdb_get_structural_oc_from_msg()Andrew Bartlett1-0/+13
This will eventually replace get_oc_guid_from_message(), returning the full dsdb_class. Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-01-21dsdb-acl: attr is not optional to acl_check_access_on_attribute()Stefan Metzmacher1-25/+24
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-01-21dsdb-acl: dsdb_attribute_by_lDAPDisplayName() is needed for all attributesStefan Metzmacher1-16/+18
"clearTextPassword" is the only exception. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-01-21dsdb-acl: introduce a 'el' helper variable to acl_modify()Stefan Metzmacher1-12/+11
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-01-21dsdb-acl: introduce a 'msg' helper variable to acl_modify()Stefan Metzmacher1-20/+20
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-01-21dsdb-schema: make sure we build [system]PossibleInferiors completelyStefan Metzmacher1-0/+4
Otherwise callers like dsdb_schema_copy_shallow() will corrupt the talloc hierarchie. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-01-21dsdb-schema: make sure use clean caches in schema_inferiors.cStefan Metzmacher2-28/+32
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-01-21dsdb-schema: make schema_subclasses_order_recurse() staticStefan Metzmacher1-3/+3
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-01-21BUG 9474: Downgrade v4 printer driver requests to v3.Günther Deschner1-1/+8
Guenther Signed-off-by: Günther Deschner <gd@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org> Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org> Autobuild-Date(master): Mon Jan 21 16:11:02 CET 2013 on sn-devel-104
2013-01-21BUG 9574: Fix a possible null pointer dereference in spoolss.Andreas Schneider1-1/+2
If the the client enumerates the printers and didn't specify a servername we have a null pointer dereference, so the process serving the connection crashes. Reviewed-by: David Disseldorp <ddiss@samba.org> Autobuild-User(master): David Disseldorp <ddiss@samba.org> Autobuild-Date(master): Mon Jan 21 13:30:11 CET 2013 on sn-devel-104
2013-01-21Tests: remove redondent testsuites in provisionMatthieu Patou1-6/+1
Removed provision are already tested somewhere else. Signed-off-by: Matthieu Patou <mat@matws.net> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Autobuild-User(master): Matthieu Patou <mat@samba.org> Autobuild-Date(master): Mon Jan 21 09:59:43 CET 2013 on sn-devel-104
2013-01-21Tests: avoid adding python options that are functions in the envMatthieu Patou1-1/+6
This fix errors when running test --testenv --screen Signed-off-by: Matthieu Patou <mat@matws.net> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-01-21Tests: rewrite ldap_schema to specify attributesMatthieu Patou1-15/+24
Signed-off-by: Matthieu Patou <mat@matws.net> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-01-19Fix warnings with mismatched sizes in arguments to DEBUG statements.Jeremy Allison1-8/+8
This can cause compile errors on 32-bit systems. Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> Autobuild-User(master): Stefan Metzmacher <metze@samba.org> Autobuild-Date(master): Sat Jan 19 12:14:13 CET 2013 on sn-devel-104
2013-01-19Remove some unused variables.Jeremy Allison1-3/+0
Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
2013-01-19heimdal_build: Try again to sort out the strerror_r messAndrew Bartlett5-10/+11
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2013-01-19printing: Free talloc_stackframe() on all exit pathsAndrew Bartlett1-0/+2
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2013-01-18nsswitch: Fix two bitfield constants being the same.Ira Cooper1-3/+1
WBFLAG_PAM_AUTH_PAC and WBFLAG_BIG_NTLMV2_BLOB are the same causing errors in NTLMv2 authentication. Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Fri Jan 18 22:13:09 CET 2013 on sn-devel-104
2013-01-18Sort winbind request flags. Ira saw we have a duplicate.Jeremy Allison1-9/+9
Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed by: Ira Cooper <ira@wakeful.net> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-01-18smbtorture: Satisfy a linker dependencyVolker Lendecke1-1/+8
Reviewed by: Jeremy Allison <jra@samba.org>
2013-01-18winbind: Handle child requests in a tevent_fdVolker Lendecke1-105/+65
This enables the use of standard tevent_loop_once in the child, which now also uses epoll where available. Reviewed by: Jeremy Allison <jra@samba.org>
2013-01-18winbind: Introduce "struct child_handler_state"Volker Lendecke1-22/+30
This will make the next patch simpler. child_handler_state contains the information that the handler for the parent fde needs to pass to process_child_request Reviewed by: Jeremy Allison <jra@samba.org>
2013-01-18winbind: Use standard tevent_context_initVolker Lendecke3-7/+34
This makes winbind use epoll instead of poll Reviewed by: Jeremy Allison <jra@samba.org>
2013-01-18BUG 9378: Add extra attributes for AD printer publishing.David Disseldorp1-1/+85
Currently attempting to publish a printer in AD fails with "Object class violation", due to a number of missing attributes in the LDAP request. Reviewed-by: Andreas Schneider <asn@samba.org> Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org> Autobuild-Date(master): Fri Jan 18 17:27:35 CET 2013 on sn-devel-104
2013-01-18printing: Remove invalid free from error path.David Disseldorp1-1/+0
Reviewed-by: Andreas Schneider <asn@samba.org>
2013-01-18Remove locking across the lifetime of the copychunk call.Jeremy Allison1-116/+1
Previous commit handles this around each read/write call. Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: David Disseldorp <ddiss@samba.org> Autobuild-User(master): David Disseldorp <ddiss@samba.org> Autobuild-Date(master): Fri Jan 18 01:47:01 CET 2013 on sn-devel-104
2013-01-18Move copychunk locking to be local to the read/write calls.Jeremy Allison1-0/+42
Eliminates the need to hold locks across the entire lifetime of the call. Next commit will remove these. Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: David Disseldorp <ddiss@samba.org>
2013-01-18Add additional copychunk checks.Jeremy Allison1-0/+22
For printer, ipc$ connections, and directory handles. Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: David Disseldorp <ddiss@samba.org>
2013-01-18Move handle checking code to copychunk_check_handles().Jeremy Allison1-21/+37
Planning to add extra checks to ensure we don't attempt copychunk on printer or IPC$ handles. Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: David Disseldorp <ddiss@samba.org>
2013-01-18tevent: Fix a commentVolker Lendecke1-1/+1
liboop.org is now in a language I don't understand. But it does definitely not contain a library. Reviewed by: Jeremy Allison <jra@samba.org> Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Fri Jan 18 00:05:37 CET 2013 on sn-devel-104
2013-01-17printing: Create default architecture directories on init.Andreas Schneider1-0/+59
Reviewed-by: Guenther Deschner <gd@samba.org> Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org> Autobuild-Date(master): Thu Jan 17 20:36:17 CET 2013 on sn-devel-104
2013-01-17s3-spoolss: use configurable spoolss architecture in ↵Günther Deschner1-1/+5
compose_spoolss_server_path(). Guenther Signed-off-by: Günther Deschner <gd@samba.org> Reviewed-by: David Disseldorp <ddiss@samba.org> Autobuild-User(master): David Disseldorp <ddiss@samba.org> Autobuild-Date(master): Thu Jan 17 18:53:47 CET 2013 on sn-devel-104
2013-01-17spoolss: make spoolss deal with ndr64 SetForm by using proper container object.Günther Deschner5-21/+32
Guenther Signed-off-by: Günther Deschner <gd@samba.org> Reviewed-by: David Disseldorp <ddiss@samba.org>
2013-01-17spoolss: make spoolss deal with ndr64 AddForm by using proper container object.Günther Deschner6-31/+46
Guenther Signed-off-by: Günther Deschner <gd@samba.org> Reviewed-by: David Disseldorp <ddiss@samba.org>
2013-01-17s4-torture: add ndr64 spoolss_SetPrinter ndr test.Günther Deschner2-1/+74
Guenther Signed-off-by: Günther Deschner <gd@samba.org> Reviewed-by: David Disseldorp <ddiss@samba.org>
2013-01-17spoolss: make spoolss deal with ndr64 ULONG_PTR of devmode_ptr and secdesc_ptr.Günther Deschner6-23/+21
Guenther Signed-off-by: Günther Deschner <gd@samba.org> Reviewed-by: David Disseldorp <ddiss@samba.org>
2013-01-17dsdb-operational: Avoid doing the ldb_attr_cmp if bypass flag is not setMatthieu Patou1-1/+1
Most of the time this flag is not set and so we can avoid the strcasecmp in ldb_attr_cmp() Reviewed-by: Stefan Metzmacher <metze@samba.org> Autobuild-User(master): Stefan Metzmacher <metze@samba.org> Autobuild-Date(master): Thu Jan 17 17:10:32 CET 2013 on sn-devel-104
2013-01-17torture: Fix fsmo test to use correct -H samba-tool syntaxAndrew Bartlett1-2/+2
However, the test still does not pass. Reviewed-by: Stefan Metzmacher <metze@samba.org>
2013-01-17dsdb: Do not hold the transaction over the IRPC call to perform a role transferAndrew Bartlett2-2/+26
This avoids one samba process locking out another from the DB. Andrew Bartlett Reviewed-by: Stefan Metzmacher <metze@samba.org>
2013-01-17selftest: also skip raw.search as it also spinsAndrew Bartlett1-0/+1
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2013-01-17drs-fsmo: Improve handling of FSMO role takeover.Andrew Bartlett3-5/+14
This needs to be more async, and give less scary errors. Andrew Bartlett Reviewed-by: Stefan Metzmacher <metze@samba.org>
2013-01-17dsdb-acl: calculate sDRightsEffective based on "nTSecurityDescriptor"Stefan Metzmacher1-3/+11
acl_check_access_on_attribute should never be called with attr=NULL because we don't check access on an attribute in that case Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Matthieu Patou <mat@matws.net> Autobuild-User(master): Matthieu Patou <mat@samba.org> Autobuild-Date(master): Thu Jan 17 11:21:10 CET 2013 on sn-devel-104
2013-01-17dsdb-acl: add helper variable 'ldb' in acl_sDRightsEffectiveStefan Metzmacher1-1/+2
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Matthieu Patou <mat@matws.net>
2013-01-17libcli/security: don't look at the inherited type in get_ace_object_type()Stefan Metzmacher1-2/+0
The inherited_type is only used to decide if aces should be inherited effectively or not (INHERIT_ONLY) for the specified object. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Matthieu Patou <mat@matws.net>
2013-01-17dsdb-acl: fix the order of special and system checksStefan Metzmacher1-22/+61
First we check for a special dn, then for system access. All allocations happen after this checks in order to avoid allocations we won't use. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Matthieu Patou <mat@matws.net>
2013-01-17dsdb-acl: Do not apply ACL on special DNs to hide attributes that the user ↵Matthieu Patou1-0/+4
shouldn't see This fix frequent reindexing when using python script with a user that is not system. The reindexing is caused by ACL module hidding (removing) attributes in the search request for all attributes in dn=@ATTRIBUTES and because dsdb_schema_set_indices_and_attributes checks that the list of attributes that it just calculated from the schema is the same as the list written in @ATTRIBUTES, if not the list is replaced and a reindexing is triggered. Signed-off-by: Matthieu Patou <mat@matws.net> Reviewed-by: Stefan Metzmacher <metze@samba.org>
2013-01-17dsdb-acl: talloc_free the private context when we pass to the next moduleStefan Metzmacher1-0/+1
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Matthieu Patou <mat@matws.net>
2013-01-17dsdb-acl: don't call dsdb_user_password_support() if we don't use the resultStefan Metzmacher1-2/+8
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Matthieu Patou <mat@matws.net>
2013-01-17smb2_ioctl: copychunk request max output validationDavid Disseldorp1-0/+12
Check that the copychunk ioctl request maximum output specified by the client is large enough to hold copychunk response data. Reviewed by: Jeremy Allison <jra@samba.org> Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Thu Jan 17 00:59:44 CET 2013 on sn-devel-104