summaryrefslogtreecommitdiff
AgeCommit message (Collapse)AuthorFilesLines
2009-09-07s4:samldb - Major reworkMatthias Dieter Wallnöfer4-328/+1000
This fixes up the change of the primary group of a user when using the ADUC console: - When the "primaryGroupId" attribute changes, we have to delete the "member"/"memberOf" attribute reference of the new primary group and add one for the old primary group. - Deny deletion of primary groups according to Windows Server (so we cannot have invalid "primaryGroupID" attributes in our AD). - We cannot add a primary group directly before it isn't a secondary one of a user account. - We cannot add a secondary reference ("member" attribute) when the group has been chosen as primary one. This also removes the LDB templates which are basically overhead now. This should also fix bug #6599.
2009-09-07s4:provision - Add a new delete function only for users and computersMatthias Dieter Wallnöfer1-0/+25
We need this new function to delete users and computers before other objects on reprovisioning. Otherwise primary groups could be deleted before user/computer accounts (which isn't allowed anymore by the reworked "samldb" module).
2009-09-07s4:provision - Change the "provision_users.ldif" file to support the ↵Matthias Dieter Wallnöfer1-26/+35
"samldb" changes The "provision_users.ldif" file needs some rework to pass against the changed and improved "samldb" module (see next commit).
2009-09-06Fix bug 6673 - smbpasswd does not work with "unix password sync = yes".Jeremy Allison5-22/+30
Revert change from 3.3 -> 3.4 with read_socket_with_timeout changed from sys_read() to sys_recv(). read_socket_with_timeout() is called with non-fd's (with a pty in chgpasswd.c and with a disk file in lib/dbwrap_file.c via read_data()). recv works for the disk file, but not the pty. Change the name of read_socket_with_timeout() to read_fd_with_timeout() to make this clear (and add comments). Jeremy.
2009-09-07s4:setup_dns.sh fixed the update of the GUID CNAMEAndrew Tridgell1-8/+14
2009-09-07s4:nsupdate-gss allow forcing of the realmAndrew Tridgell1-35/+37
this is needed for the _msdcs zone
2009-09-07s4:setup: Remove display_specifiers.ldif.Andrew Kroeger1-482/+0
This file is no longer needed as the DisplaySpecifiers are now generated from files provided by Microsoft.
2009-09-07s4:setup: Updated comment to reflect new DisplaySpecifiers location.Andrew Kroeger1-1/+3
2009-09-07s4:setup: Use ms_display_specifiers script for provision.Andrew Kroeger1-2/+5
Changed the provisioning to use the new script to parse the Microsoft-provided DisplaySpecifiers LDIF file.
2009-09-07s4:setup: Added script to parse Microsoft DisplaySpecifiers document.Andrew Kroeger1-0/+189
Created this script based on the existing ms_schema.py script. - Removed some unnecessary transformations that are only necessary for schema processing. - Added capability to parse and properly output base64-encoded values. - Removed unnecessary attributes based on what attributes were present (and also what were explicitly removed) from display_specifiers.ldif.
2009-09-07s4:setup: Change license headers to LDIF comments.Andrew Kroeger5-86/+146
The original license headers provided by Microsoft cannot be parsed as valid LDIF. Changed the license headers to be valid LDIF comments, and added a new header section detailing the exact changes that were made to the original document. Signed-off-by: Andrew Bartlett <abartlet@samba.org>
2009-09-07s4:setup Add DisplaySpecifiers from Microsoft.Andrew Bartlett5-0/+148158
Like the schema, these are provided under the licence at the head of the file, which is not the GPL, but allows us to distribute them with Samba. Andrew Bartlett
2009-09-07s4: bring nsupdate-gss into the s4 treeAndrew Tridgell2-0/+379
This is a perl script that does TSIG-GSS DNS updates against a AD DC. The bind 9.5 nsupdate still doesn't seem to work with TSIG-GSS, and we need a way to do DNS updates when we vampire a domain, so I revived this ancient perl script and added a wrapper script that can update DNS entries using our machine account credentials
2009-09-07s4: fixed the secrets.ldb construction in libnetAndrew Tridgell1-8/+8
on a vampire join we were not putting the right attributes and objectclass on the secrets.ldb record
2009-09-07s4: the secrets.ldb module needs the loadparm opaque setupAndrew Tridgell1-0/+7
2009-09-07s3:winbind: Convert WINBINDD_SET_HWM to the new APIVolker Lendecke15-128/+454
2009-09-07s3:winbind: Convert WINBINDD_REMOVE_MAPPING to the new APIVolker Lendecke15-108/+488
2009-09-07s3:winbind: Convert WINBINDD_SET_MAPPING to the new APIVolker Lendecke15-106/+538
2009-09-07s3:winbind: Convert WINBINDD_CHECK_MACHACC to the new APIVolker Lendecke15-76/+451
2009-09-07s3:smbd: Add the ntstatus to the smb_panic in share_mode_lock_destructorVolker Lendecke1-2/+18
This might help finding why bug 6518 happens
2009-09-06s4:simple_ldap_map - Enhance it for supporting "primaryGroupID" in the right wayMatthias Dieter Wallnöfer1-14/+25
2009-09-06s4:torture - Fix uninitialized variableMatthias Dieter Wallnöfer1-1/+1
2009-09-06s4:"linked attributes" modules - correct the commentsMatthias Dieter Wallnöfer1-2/+2
2009-09-06s4: Fix typoMatthias Dieter Wallnöfer1-2/+2
2009-09-06s4:pwsettings - Introduce the LDB modify flags in the right wayMatthias Dieter Wallnöfer1-27/+8
We can't emulate them through the LDB changetype flags since they haven't the same constants! The previous behaviour led to huge problems.
2009-09-06s4:ldb_errors - add spacesMatthias Dieter Wallnöfer1-0/+2
2009-09-06s4:dsdb/common/util.c - Copy parameters to prevent segfaultsMatthias Dieter Wallnöfer1-3/+8
The parameters "lmNewHash" and/or "ntNewHash" could be NULL and when we perform write operations on them (look below in the code) we could get SIGSEGVs!
2009-09-06s4:dsdb/common/util - Indentation fixesMatthias Dieter Wallnöfer1-4/+5
2009-09-06Tell newbie devs about ./configure.developerRusty Russell2-2/+2
Enhances the outputs in autogen.sh for both s3 and s4. Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2009-09-05Check we read off the compelte event from inotifySimo Sorce1-2/+8
The kernel may return a short read, so we must use read_data() to make sure we read off the full buffer. If somethign bad happens we also need to kill the inotify watch because the filedescriptor will return out of sync structures if we read only part of the data.
2009-09-05Save and report the correct errno value.Simo Sorce1-8/+12
2009-09-05s3:winbind: Use fstr_sprintf, it is simpler than talloc_asprintf->fstrcpyVolker Lendecke1-8/+5
2009-09-05s3:winbind: Remove pointless <cond> ? true : false;Volker Lendecke1-4/+4
2009-09-05s3:winbind: Make the pam_auth subfunctions staticVolker Lendecke2-18/+9
2009-09-05s3:libsmb: Convert (state->received) to (state->received != 0)Volker Lendecke1-1/+1
This confused me for a second, this should not happen a second time :-)
2009-09-05util:tests: Correct time tests for negative UTC offsets.Andrew Kroeger1-2/+23
All: Please find attached a patch to fix the timestring and http_timestring tests on hosts that have a negative UTC offset (west of the Prime Meridian). Sincerely, Andrew Kroeger >From 8a8ca35edccf64aa98f2f3ae1469c4c27db8215e Mon Sep 17 00:00:00 2001 From: Andrew Kroeger <andrew@id10ts.net> Date: Fri, 4 Sep 2009 01:31:50 -0500 Subject: [PATCH] util:tests: Correct time tests for negative UTC offsets. The timestring and http_timestring tests were failing on hosts with negative offsets from UTC. Due to the timezone offset, the returned values were back in the year 1969 (before the epoch) and did not match the test patterns. The correction computes the offset from UTC, and if it is negative that offset is added onto the value given to the timestring() and http_timestring() calls so that the returned values fall on 01-Jan-1970 and match the test pattern.
2009-09-05selftest: Account for 0-based months in date parsing and printing.Andrew Kroeger1-3/+3
All: Please find attached 2 patches to correct date/time parsing and output in the Subunit processing. The first patch corrects the logic to account for months being 0-based. The second corrects the time formatting, as it is dealing with local, not "Z"ulu (UTC) time. Sincerely, Andrew Kroeger >From 3cf81eea1309084a973359c7f6a2375d5d20a3f0 Mon Sep 17 00:00:00 2001 From: Andrew Kroeger <andrew@id10ts.net> Date: Fri, 4 Sep 2009 01:24:00 -0500 Subject: [PATCH] selftest: Account for 0-based months in date parsing and printing.
2009-09-04Add release script for teventSimo Sorce1-0/+48
2009-09-04s4:configure: require tevent >= 0.9.8Stefan Metzmacher1-1/+1
metze
2009-09-04tevent: change version to 0.9.8 after some critical bugs have been fixedStefan Metzmacher1-1/+1
metze
2009-09-04cifs.upcall: do a brute-force search for KRB5 credcacheJeff Layton1-46/+138
A few weeks ago, I added some code to cifs.upcall to take the pid sent by the kernel and use that to get the value of the $KRB5CCNAME environment var for the process. That works fine on the initial mount, but could be problematic on reconnect. There's no guarantee on a reconnect that the process that initiates the upcall will have $KRB5CCNAME pointed at the correct credcache. Because of this, the current scheme isn't going to be reliable enough and we need to use something different. This patch replaces that scheme with one very similar to the one used by rpc.gssd in nfs-utils. It searches the credcache dir (currently hardcoded to /tmp) for a valid credcache for the given uid. If it finds one then it uses that as the credentials cache. If it finds more than one, it uses the one with the latest TGT expiration. Signed-off-by: Jeff Layton <jlayton@redhat.com>
2009-09-04s4:python fixed subunit tests of dcerpcAndrew Tridgell7-6/+6
The version of the unitest python module in Ubuntu Jaunty doesn't seem to support this many level of subdirectories. Moving the tests up one level solves the problem.
2009-09-04ldb: make ldb module programming less error proneAndrew Tridgell2-0/+17
When a top level method in a module returns an error, it is supposed to call ldb_module_done(). We ran across a case where this wasn't done, and then found that in fact that are hundreds of similar cases in our modules. It took Andrew and I a full day to work out that this was the cause of a subtle segv in another part of the code. To try to prevent this happening again, this patch changes ldb_next_request() to catch the error by checking if a module returning an error has called ldb_module_done(). If it hasn't then the call is made on behalf of the module.
2009-09-04s3:winbind: Fix Coverity ID 933: FORWARD_NULLVolker Lendecke1-0/+1
2009-09-04s3:smbd: Fix Coverity ID 937, REVERSE_INULLVolker Lendecke1-2/+2
2009-09-04s3:winbind: Fix Coverity ID 940: Resource LeakVolker Lendecke1-0/+1
2009-09-04ldb: ensure we cancel a ldb transactionAndrew Tridgell2-3/+9
When we fail a ldbadd or ldbedit we should cancel the transaction to prevent ldb giving a warning about having a open transaction in the ldb destructor
2009-09-04s4: fixed a missing NULL termination in a attribute list passed to ldb_searchAndrew Tridgell1-1/+1
2009-09-04report the location of the original talloc_free on double freeAndrew Tridgell1-11/+18
When we get a double free abort from talloc it is often hard to work out where the first free came from. This patch takes advantage of the fact that _talloc_free() now takes a location the free was called from to allow the double free abort code to print the location of the first free that conflicts.
2009-09-04wbinfo: fix various valgrind warnings and an invalid free.Günther Deschner1-7/+1
Kai, please check. Guenther