summaryrefslogtreecommitdiff
path: root/source4
AgeCommit message (Collapse)AuthorFilesLines
2009-08-14s4: Better way to call "dom_sid_to_rid" from ldap.pyMatthias Dieter Wallnöfer2-4/+12
2009-08-14s4: Remove obsolete "samdb_password_quality_ok" function (it's just a ↵Matthias Dieter Wallnöfer1-10/+1
one-line wrapper)
2009-08-14s4: cracknames.c: Change the handling of the NT_STATUS_NO_MEMORY status resultsMatthias Dieter Wallnöfer1-4/+6
With the previous check I got random failures when trying to connect to the LDAP server.
2009-08-14s4:ldap_server Correct removal of talloc_steal()Andrew Bartlett1-1/+0
This corrects commit 7a82aed71b74af8bc2a8a4381541adbb22452d20. The steal did not set ent->attributes, so it was incorrect to assign to ent->attributes. Andrew Bartlett
2009-08-14s4:ldap_server Remove another talloc_steal (with references)Andrew Bartlett1-1/+1
This talloc_steal also conflicts with the ldb_map code, and like the previous commit, is rudundent given the talloc_steal of the whole msg above. Andrew Bartlett
2009-08-14s4:ldap_server Don't talloc_steal (with references) in ldap_backendAndrew Bartlett1-1/+1
There may or may not be a need to take a reference to the 'name' in the ldb_map code, but given we seal the whole msg just above here, it makes no senst to steal the name, but not the values. Andrew Bartlett
2009-08-12libcli/smb: move smb2_create_blob code to libcli/smb/Stefan Metzmacher4-165/+3
I want to use this in source3/smbd/ metze
2009-08-12libcli: move some common SMB and SMB2 stuff into libcli/smb/Stefan Metzmacher3-177/+1
This will hold code that's shared between source3 and source4. metze
2009-08-11s4:operational - Remove some outdated commentsMatthias Dieter Wallnöfer1-12/+0
2009-08-11ldb: Don't break the standalone LDB build (operational module removed)Matthias Dieter Wallnöfer1-2/+2
2009-08-11s4:test for "primaryGroupToken"Matthias Dieter Wallnöfer2-10/+81
Tests for the right behaviour of this introduced constructed attribute. Since we don't support the read-only-ness of those attributes yet, I commented some lines out. Also I had to add a function for python which converts domain SIDs in RIDs. And a small fix for the "groupType" test.
2009-08-11s4:samldb module - Remove duplicate lineMatthias Dieter Wallnöfer1-1/+0
2009-08-11s4:operational module - move and enhancementsMatthias Dieter Wallnöfer3-27/+59
This moves the "operational" LDB module to the right place under "dsdb/samdb/ldb_modules" (suggested by abartlet) and enhances it for supporting dynamic generated "primaryGroupToken" for AD groups. This should fix bug #6466.
2009-08-11s4:pwsettings script - Fix a small glitchMatthias Dieter Wallnöfer1-5/+10
This fixes the problem with the setting and getting of the "minPwdAge" and "maxPwdAge" attributes. I wanted to handle them in days but forgot to add conversions (from "ticks" (tenth of microsecond) -> "days" and backwards).
2009-08-11torture/basic: in run_derefopen() the file could have been deleted before ↵Matthias Dieter Wallnöfer1-2/+6
the last unlink Through a suggestion pointed out in bug #6622 the test file sometimes doesn't exist on the last turn anymore. So we haven't to fail here since it could have been deleted by a concurrent process (e.g. when the same test runs multiple times). Therefore also NT_STATUS_OBJECT_NAME_NOT_FOUND is an acceptable result.
2009-08-11s4:AD LDIFs - More refactoringMatthias Dieter Wallnöfer4-221/+167
This commit includes: - Additional static object data in SAMBA 4's AD to start supporting of - forest updates, - lost and found, - quotas on DS, - physical locations, - licensing of sites, - subnets, - policies for WMI, - DNS entries in AD - Reordering of provision*.ldif files to be able to find entries and make future additions easier - Add comments in provision*.ldif files to point out where subentries are located when they are based in other LDIFs - Removations of autogenerated "cn" attributes
2009-08-12try to give some hint as to what is causing NDR string errorsAndrew Tridgell1-8/+8
2009-08-12no need to shout about getting an oplockAndrew Tridgell1-1/+1
2009-08-12raise the debug level for a common messageAndrew Tridgell1-1/+1
when a client disconnects we expect this to happen, so don't print an error each time
2009-08-12s4:provision Allow provision-backend to not run slapd for 'make test'Andrew Bartlett3-28/+33
As the version of OpenLDAP required for Samba4 is fairly new, we don't want to make it a requirement before this python code is run in 'make test'. As such, skip over the actual starting of slapd, but check the rest runs alright (which still validates syntax and other modules). Andrew Bartlett
2009-08-12s4:provision Make the --ol-slapd paramter take the full path to slapdAndrew Bartlett2-3/+2
2009-08-12s4:provision Assume the OpenLDAP backend can find it's own modulesAndrew Bartlett1-2/+0
2009-08-12s4:provision Rework and further automate setup of OpenLDAP backendOliver Liebel3-75/+204
heres the summary of all changes/extensions: - Andrew Bartlett's patch to generate indext - Howard Chu's idea to use nosync on the DB included, but made optional - slaptest-path is not needed any more (slapd -Ttest is used instead) and is therefore removed. slapd-path is now recommended when openldap-backend is chosen. its also used for olc-conversion - slapd-detection is now always done by ldapsearch (ldb module), looking anonymous for objectClass: OpenLDAProotDSE via our ldapi_uri. - if ldapsearch was not successfull, (no slapd listening on our socket) slapd is started via special generated slapdcommand_prov (ldapi_uri only) - slapd-"provision-process" startup is done via pythons subprocess. - the slapd-provision-pid is stored under paths.ldapdir/slapd_provision_pid. - after provision-backend is finished: --- slapd.pid is compared with our stored slapd_provision_pid. if the are unique, slapd.pid will be read out, and the slapd "provison"-process will be shut down. --- proper slapd-shutdown is verified again with ldb-search -> ldapi_uri -> rootDSE. --- if the pids are different or one of the pid-files is missing, slapd will not be shut down, instead an error message is displayed to locate slapd manually --- extended help-messages (relevant to slapd) are always displayed, e.g. the commandline with which slapd has to be started when everythings finished (slapd-commandline is stored under paths.ldapdir/slapd_command_file.txt)) - upgraded the content of the mini-howto (howto-ol-backend-s4.txt)
2009-08-11s4:torture Add test for the NTP signd serverAndrew Bartlett5-1/+297
This is used by at patch to the NTP project to supply authenticated time as required by MS-SNTP. (ie, to keep windows clients in time sync in the domain) Andrew Bartlett
2009-08-07s4: Add a new script for setting password properties for a domain in a ↵Matthias Dieter Wallnöfer2-1/+203
easier way
2009-08-07s4:libcli/smb2: move SMB2_GETINFO_* flags into smb2_constants.hStefan Metzmacher2-6/+6
metze
2009-08-07s4:libcli/smb2: remove unused and redundant SMB2 security flagsStefan Metzmacher1-6/+0
metze
2009-08-07s4:libcli: move SMB2 Find constants to smb2_constants.hStefan Metzmacher2-16/+16
metze
2009-08-07s4:libcli/raw: we don't need to include "smb.h" explicitStefan Metzmacher4-4/+0
metze
2009-08-07s4:libcli/raw: also include smb2_constants.h into interfaces.hStefan Metzmacher1-1/+2
metze
2009-08-07fixed another ambiguous talloc callAndrew Tridgell1-3/+3
During the creation of the 3 RPC pipes in winbind we try to steal the RPC binding structure to be a child of the pipe once the pipe is established. This fails with a talloc warning as the rpc connection code already holds a reference to the binding. The fix is to use talloc_reparent() instead.
2009-08-07ensure that child tasks die when the parent diesAndrew Tridgell1-0/+24
Previously we relied on process groups and SIGTERM to ensure that child tasks died in the standard process model when the parent task died. This doesn't work when the server is run in interactive mode, as in that case we don't call become_daemon() and don't get a separate process group. The fix is to have a pipe held open by the parent server process, and inherited by child tasks. If the parent exits then the write side of the pipe is implicitly closed, which causes an event in the child tasks that causes them to exit
2009-08-07prime the sam ldb schema in the parent samba processAndrew Tridgell1-0/+18
While testing the use of the standard process model with 'make test' I found that testing was much slower (by several times) with the standard model than with the single model. The primary problem was that each SMB connection would open a new sam ldb context, and all of those would reload the full AD schema. The fix is to pre-open the SAM during server startup, before any child processes are forked. This sets up the global schema context which is inherited by all connections. The standard model is still slower at make test than the single model, but not by nearly as much. I am working on further reducing the gap.
2009-08-07use talloc with the global schema consistentlyAndrew Tridgell1-1/+2
Before this change, the first opener of the sam ldb context would become the owner of the global schema, then the autofree context got a reference to the schema. Any subsequent opens of the sam ldb also got a reference. This meant that the talloc hierarchy was inconsistent between the first sam ldb open and subsequent opens. With this change the autofree context becomes the owner of the global schema, and all ldb contexts get a reference.
2009-08-07fixed several places that unnecessarily take a reference to the event contextAndrew Tridgell9-20/+11
These references were triggering the ambiguous talloc_free errors from the recent talloc changes when the server is run using the 'standard' process model instead of the 'single' process model. I am aiming to move the build farm to use the 'standard' process model soon, as part of an effort to make our test environment better match the real deployment of Samba4. The references are not needed as the way that the event context is used is as the 'top parent', so when the event context is freed then all of the structures that were taking a reference to the event context were actually freed as well, thus making the references redundent.
2009-08-07make sure we never look past the end of either string in ldb_comparison_fold()Andrew Tridgell1-26/+44
This fixes a bug in the samba3sam test with the python libraries as noticed by abartlet
2009-08-07s4:ldb Make error message in rnd_name more usefulAndrew Bartlett1-3/+9
2009-08-07Merge branch 'master' of ssh://git.samba.org/data/git/samba into master-develAndrew Bartlett1-0/+50
2009-08-07s4:setup Remove extra newlines that break OpenLDAP backendOliver Liebel1-2/+0
2009-08-06s4 torture: Extend the RAW-RENAME test to more fully test directory renames.Tim Prouty1-0/+50
The existing test was only covering files opened underneath the directory that was being renamed. It is not uncommon for windows clients to actually hold a read-only handle to a directory open across the rename, which it turns out doesn't return NT_STATUS_ACCESS_DENIED. Additionally, holding a handle open to a stream on the directory is also allowed.
2009-08-06s4: Simplify two lines in the "samdb.py" file (cosmetic)Matthias Dieter Wallnöfer1-2/+1
2009-08-06s4:enableaccount script: Remove a redundant lineMatthias Dieter Wallnöfer1-1/+0
2009-08-06Revert "deliberately break the build"Andrew Tridgell1-1/+1
This reverts commit 57da47c1bd76157a6a403154551645c16ad64a75. The build emails do work :-)
2009-08-06deliberately break the buildAndrew Tridgell1-1/+1
I want to make sure that the build breakage emails are now working correctly
2009-08-06s4:heimdal: import lorikeet-heimdal-200908052208 (commit ↵Andrew Bartlett33-117/+31
370a73a74199a5a55188340906e15fd795f67a74) This removes some of the portability changes made to code under heimdal/ If these are still required, then we will re-add them with code under heimdal_build/ (so that we can simply 'drop in' future heimdal releases). Andrew Bartlett
2009-08-05s4:ldb Cosmetic corrections in "rdn_name" moduleMatthias Dieter Wallnöfer1-4/+4
2009-08-05changed BCC handling for SMBwriteX to handle broken MacOSX clientAndrew Tridgell1-13/+8
see bug #6610 The MacOSX SMB client sets the BCC value in SMBwriteX calls to zero instead of the correct size. Checking against WindowsXP, I've found that Windows uses the maximum of the computed buffer size and the given BCC value. I've changed Samba4 to do the same to allow MacOSX to work. I've limited this change to non-chained packets to ensure we don't get the possibility of exploits based on overlapping chained requests
2009-08-05on buffer overflow windows gives SMBSRV:ERRerror hereAndrew Tridgell1-1/+1
2009-08-05s4:torture The test logic for the target was wrong. This should correct it.Matthias Dieter Wallnöfer1-4/+4
2009-08-05s4:heimdal_build: define HEIMDAL_LOCALEDIRStefan Metzmacher1-0/+1
metze