summaryrefslogtreecommitdiff
path: root/source4
AgeCommit message (Collapse)AuthorFilesLines
2009-08-12s4:provision Assume the OpenLDAP backend can find it's own modulesAndrew Bartlett1-2/+0
2009-08-12s4:provision Rework and further automate setup of OpenLDAP backendOliver Liebel3-75/+204
heres the summary of all changes/extensions: - Andrew Bartlett's patch to generate indext - Howard Chu's idea to use nosync on the DB included, but made optional - slaptest-path is not needed any more (slapd -Ttest is used instead) and is therefore removed. slapd-path is now recommended when openldap-backend is chosen. its also used for olc-conversion - slapd-detection is now always done by ldapsearch (ldb module), looking anonymous for objectClass: OpenLDAProotDSE via our ldapi_uri. - if ldapsearch was not successfull, (no slapd listening on our socket) slapd is started via special generated slapdcommand_prov (ldapi_uri only) - slapd-"provision-process" startup is done via pythons subprocess. - the slapd-provision-pid is stored under paths.ldapdir/slapd_provision_pid. - after provision-backend is finished: --- slapd.pid is compared with our stored slapd_provision_pid. if the are unique, slapd.pid will be read out, and the slapd "provison"-process will be shut down. --- proper slapd-shutdown is verified again with ldb-search -> ldapi_uri -> rootDSE. --- if the pids are different or one of the pid-files is missing, slapd will not be shut down, instead an error message is displayed to locate slapd manually --- extended help-messages (relevant to slapd) are always displayed, e.g. the commandline with which slapd has to be started when everythings finished (slapd-commandline is stored under paths.ldapdir/slapd_command_file.txt)) - upgraded the content of the mini-howto (howto-ol-backend-s4.txt)
2009-08-11s4:torture Add test for the NTP signd serverAndrew Bartlett5-1/+297
This is used by at patch to the NTP project to supply authenticated time as required by MS-SNTP. (ie, to keep windows clients in time sync in the domain) Andrew Bartlett
2009-08-07s4: Add a new script for setting password properties for a domain in a ↵Matthias Dieter Wallnöfer2-1/+203
easier way
2009-08-07s4:libcli/smb2: move SMB2_GETINFO_* flags into smb2_constants.hStefan Metzmacher2-6/+6
metze
2009-08-07s4:libcli/smb2: remove unused and redundant SMB2 security flagsStefan Metzmacher1-6/+0
metze
2009-08-07s4:libcli: move SMB2 Find constants to smb2_constants.hStefan Metzmacher2-16/+16
metze
2009-08-07s4:libcli/raw: we don't need to include "smb.h" explicitStefan Metzmacher4-4/+0
metze
2009-08-07s4:libcli/raw: also include smb2_constants.h into interfaces.hStefan Metzmacher1-1/+2
metze
2009-08-07fixed another ambiguous talloc callAndrew Tridgell1-3/+3
During the creation of the 3 RPC pipes in winbind we try to steal the RPC binding structure to be a child of the pipe once the pipe is established. This fails with a talloc warning as the rpc connection code already holds a reference to the binding. The fix is to use talloc_reparent() instead.
2009-08-07ensure that child tasks die when the parent diesAndrew Tridgell1-0/+24
Previously we relied on process groups and SIGTERM to ensure that child tasks died in the standard process model when the parent task died. This doesn't work when the server is run in interactive mode, as in that case we don't call become_daemon() and don't get a separate process group. The fix is to have a pipe held open by the parent server process, and inherited by child tasks. If the parent exits then the write side of the pipe is implicitly closed, which causes an event in the child tasks that causes them to exit
2009-08-07prime the sam ldb schema in the parent samba processAndrew Tridgell1-0/+18
While testing the use of the standard process model with 'make test' I found that testing was much slower (by several times) with the standard model than with the single model. The primary problem was that each SMB connection would open a new sam ldb context, and all of those would reload the full AD schema. The fix is to pre-open the SAM during server startup, before any child processes are forked. This sets up the global schema context which is inherited by all connections. The standard model is still slower at make test than the single model, but not by nearly as much. I am working on further reducing the gap.
2009-08-07use talloc with the global schema consistentlyAndrew Tridgell1-1/+2
Before this change, the first opener of the sam ldb context would become the owner of the global schema, then the autofree context got a reference to the schema. Any subsequent opens of the sam ldb also got a reference. This meant that the talloc hierarchy was inconsistent between the first sam ldb open and subsequent opens. With this change the autofree context becomes the owner of the global schema, and all ldb contexts get a reference.
2009-08-07fixed several places that unnecessarily take a reference to the event contextAndrew Tridgell9-20/+11
These references were triggering the ambiguous talloc_free errors from the recent talloc changes when the server is run using the 'standard' process model instead of the 'single' process model. I am aiming to move the build farm to use the 'standard' process model soon, as part of an effort to make our test environment better match the real deployment of Samba4. The references are not needed as the way that the event context is used is as the 'top parent', so when the event context is freed then all of the structures that were taking a reference to the event context were actually freed as well, thus making the references redundent.
2009-08-07make sure we never look past the end of either string in ldb_comparison_fold()Andrew Tridgell1-26/+44
This fixes a bug in the samba3sam test with the python libraries as noticed by abartlet
2009-08-07s4:ldb Make error message in rnd_name more usefulAndrew Bartlett1-3/+9
2009-08-07Merge branch 'master' of ssh://git.samba.org/data/git/samba into master-develAndrew Bartlett1-0/+50
2009-08-07s4:setup Remove extra newlines that break OpenLDAP backendOliver Liebel1-2/+0
2009-08-06s4 torture: Extend the RAW-RENAME test to more fully test directory renames.Tim Prouty1-0/+50
The existing test was only covering files opened underneath the directory that was being renamed. It is not uncommon for windows clients to actually hold a read-only handle to a directory open across the rename, which it turns out doesn't return NT_STATUS_ACCESS_DENIED. Additionally, holding a handle open to a stream on the directory is also allowed.
2009-08-06s4: Simplify two lines in the "samdb.py" file (cosmetic)Matthias Dieter Wallnöfer1-2/+1
2009-08-06s4:enableaccount script: Remove a redundant lineMatthias Dieter Wallnöfer1-1/+0
2009-08-06Revert "deliberately break the build"Andrew Tridgell1-1/+1
This reverts commit 57da47c1bd76157a6a403154551645c16ad64a75. The build emails do work :-)
2009-08-06deliberately break the buildAndrew Tridgell1-1/+1
I want to make sure that the build breakage emails are now working correctly
2009-08-06s4:heimdal: import lorikeet-heimdal-200908052208 (commit ↵Andrew Bartlett33-117/+31
370a73a74199a5a55188340906e15fd795f67a74) This removes some of the portability changes made to code under heimdal/ If these are still required, then we will re-add them with code under heimdal_build/ (so that we can simply 'drop in' future heimdal releases). Andrew Bartlett
2009-08-05s4:ldb Cosmetic corrections in "rdn_name" moduleMatthias Dieter Wallnöfer1-4/+4
2009-08-05changed BCC handling for SMBwriteX to handle broken MacOSX clientAndrew Tridgell1-13/+8
see bug #6610 The MacOSX SMB client sets the BCC value in SMBwriteX calls to zero instead of the correct size. Checking against WindowsXP, I've found that Windows uses the maximum of the computed buffer size and the given BCC value. I've changed Samba4 to do the same to allow MacOSX to work. I've limited this change to non-chained packets to ensure we don't get the possibility of exploits based on overlapping chained requests
2009-08-05on buffer overflow windows gives SMBSRV:ERRerror hereAndrew Tridgell1-1/+1
2009-08-05s4:torture The test logic for the target was wrong. This should correct it.Matthias Dieter Wallnöfer1-4/+4
2009-08-05s4:heimdal_build: define HEIMDAL_LOCALEDIRStefan Metzmacher1-0/+1
metze
2009-08-05s4:ldap_server: make sure we shutdown the tls socket before ↵Stefan Metzmacher1-0/+1
stream_terminate_connection() removes the fd event This fixes a crash bug where tls_destructor() relies on the fd event still being there. metze
2009-08-05s4:torture Remove some unwanted code in the LDAP test - hope this fixes up ↵Matthias Dieter Wallnöfer1-12/+0
the test failures
2009-08-05fixed a problem with group policy writes causing policy corruptionAndrew Tridgell3-4/+48
This bug was caused by two things: 1) in the unix ACL mapping, we were not taking into account group write permssions for the SEC_STD_DELETE flag 2) when a file is created using OVERWRITE mode, a fchmod() would fail if the user is not the file owner. We resolve that by only doing the fchmod() if the mapped file attribute does not match the desired file attribute
2009-08-05handle large directories in smb2_deltree()Andrew Tridgell1-36/+42
2009-08-05s4:heimdal: import lorikeet-heimdal-200908050050 (commit ↵Andrew Bartlett50-367/+1155
8714779fa7376fd9f7761587639e68b48afc8c9c) This also adds a new hdb-glue.c file, to cope with Heimdal's uncondtional enabling of SQLITE. (Very reasonable, but not required for Samba4's use). Andrew Bartlett
2009-08-05s4 now supports the large readx extensionAndrew Tridgell1-6/+11
2009-08-05fixed the sense of the pvfs_acl uwrap checkAndrew Tridgell1-1/+1
2009-08-05pyldb: Fix reference counting on ldb_message_elements, add extra typeJelmer Vernooij1-1/+9
check.
2009-08-05skip the readbraw tests if the server does not support itAndrew Tridgell1-0/+5
This allows the RAW-READ test to pass against w2k8
2009-08-05make the UID_WRAPPER skip checks at runtimeAndrew Tridgell3-9/+17
This fixes two issues pointed out by Andrew. It adds a runtime uwrap_enabled() call that wraps the skips needed for uid emulation. It also makes the skip in the directory_create_or_exist() function only change the uid checking code, not the permissions code
2009-08-05added a uid_wrapper libraryAndrew Tridgell9-3/+25
This library intercepts seteuid and related calls, and simulates them in a manner similar to the nss_wrapper and socket_wrapper libraries. This allows us to enable the vfs_unixuid NTVFS module in the build farm, which means we are more likely to catch errors in the token manipulation. The simulation is not complete, but it is enough for Samba4 for now. The major areas of incompleteness are: - no emulation of setreuid, setresuid or saved uids. These would be needed for use in Samba3 - no emulation of ruid changing. That would also be needed for Samba3 - no attempt to emulate file ownership changing, so code that (for example) tests whether st.st_uid matches geteuid() needs special handling
2009-08-05s4:ldb initialise e->values[i].length before use in python bindingsAndrew Bartlett1-1/+1
2009-08-05s4:dsdb Don't cast an ldb_val into a const char * for schema lookupsAndrew Bartlett5-52/+129
This removes a number of cases where we did a cast into a const char * of an ldb_val. While convention is to alway have an extra \0 at data[length] in the ldb_val, this is not required, and does not occour at least on build farm host 'svart'. Andrew Bartlett
2009-08-04s4: make install: prevent overwriting failureRusty Russell1-1/+1
We don't have to remove the eventual write privileges to enable the execute ones.
2009-08-04s4: Change my nested groups patch to don't include user's SID itself in the ↵Matthias Dieter Wallnöfer1-17/+24
"groupSID"s structure
2009-08-04s4:torture Make RPC-NETLOGON pass against ncaclrpc serversAndrew Bartlett1-122/+132
The original patch didn't cope with a NULL target server name - we now key off that to decide it isn't worth checking against LDAP for this host. I still can't get this to pass against Windows 2008, but mdw was testing against Windows 2008R2. at least 'make test' is happy, and the rest should not be too hard... Andrew Bartlett
2009-08-04Add constAndrew Bartlett1-1/+1
2009-08-04s4:ldif_handlers Allow a binary nTsecurityDescriptor when parsing LDIFAndrew Bartlett1-1/+17
Also allow a SDDL security descriptor, using the domain SID attached to the session (it will search for it during the LDIF parse if need be). Andrew Bartlett
2009-08-04s4:netlogon Fix warnings and segfault in GetDomainInfo callAndrew Bartlett1-4/+5
- Correctly use samdb_search_string to do a 'base' search (this needs a NULL, not a "" argument for the format string) - There is no need (and it caused a security hole) to use talloc_asprintf() with the only argument being the string to duplicate. Andrew Bartlett
2009-08-04Merge branch 'master' of ssh://git.samba.org/data/git/sambaAndrew Tridgell5-11/+163
2009-08-04fixed support for readx greater than 64kAndrew Tridgell2-3/+4
This fixes bug 6547, where smbclient in S3 reads more than 64k at a time with readx.