summaryrefslogtreecommitdiff
path: root/source4
AgeCommit message (Collapse)AuthorFilesLines
2013-07-10s4:server: avoid calling into nss_winbind from within 'samba'Stefan Metzmacher1-0/+7
The most important part is that the 'winbind_server' doesn't recurse into itself. This could happen if the krb5 libraries call getlogin(). As we may run in single process mode, we need to set _NO_WINBINDD=1 everywhere, the only exception is the forked 'smbd'. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Autobuild-User(master): Stefan Metzmacher <metze@samba.org> Autobuild-Date(master): Wed Jul 10 23:18:06 CEST 2013 on sn-devel-104
2013-07-10s4:rpc_server: make sure we don't terminate a connection with pending ↵Stefan Metzmacher2-3/+60
requests (bug #9820) Sadly we may have nested event loops, which won't work correctly with broken connections, that's why we have to do this... Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Autobuild-User(master): Stefan Metzmacher <metze@samba.org> Autobuild-Date(master): Wed Jul 10 08:47:38 CEST 2013 on sn-devel-104
2013-07-10s4-winbindd: Do not terminate a connection that is still pending (bug #9820)Andrew Bartlett3-2/+64
Instead, wait until the call attempts to reply, and let it terminate then (often this happens in the attempt to then write to the broken pipe). Andrew Bartlett Pair-Programmed-With: Stefan Metzmacher <metze@samba.org> Signed-off-by: Andrew Bartlett <abartlet@samba.org> Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
2013-07-10service_stream: Log if the connection termination is deferred or not (bug #9820)Andrew Bartlett1-1/+5
Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
2013-07-04dsdb-ridalloc: Fix RID pools - RID numbers increase too quicklyAndrew Bartlett1-1/+2
A patch by Cove Schneider <cove_s@yahoo.com> who reports: I noticed that the RID numbers seem to increase incrementally, then will suddenly jump by 124501. Unless I'm misunderstanding, shouldn't RID pool allocations just be 500 at a time? e.g. Adding accounts one after another on a single test instance here's how they're incrementing (from 4.0.6): 1596 1597 1598 1599 126100 126101 126102 ... 126599 251100 ... 251599 376100 ... The problem is that this complicates using sssd's AD integration, as that it doesn't expect the RIDs to increase in a single domain so quickly. Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> Autobuild-User(master): Stefan Metzmacher <metze@samba.org> Autobuild-Date(master): Thu Jul 4 20:13:05 CEST 2013 on sn-devel-104
2013-07-03Make the output of the crackname script more readableMatthieu Patou1-4/+4
Signed-off-by: Matthieu Patou <mat@matws.net> Reviewed-by: Andreas Schneider <asn@samba.org> Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Wed Jul 3 23:17:57 CEST 2013 on sn-devel-104
2013-07-02torture: Don't segfault in smb2.session on error.Andreas Schneider1-1/+1
Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
2013-07-02torture: Don't segfault in raw.session on error.Andreas Schneider1-1/+1
Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
2013-07-02torture: Fix comparsion of uninitalized bytes.Andreas Schneider1-0/+2
As we compare string make sure we have the null terminator. Found by valgrind. Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Volker Lendecke <vl@samba.org>
2013-07-01smbtorture: Make cracksname easier to debug by outputing the offered formatMatthieu Patou1-18/+49
Reviewed-By: Jelmer Vernooij <jelmer@samba.org> Signed-off-by: Matthieu Patou <mat@matws.net> Autobuild-User(master): Matthieu Patou <mat@samba.org> Autobuild-Date(master): Mon Jul 1 11:22:57 CEST 2013 on sn-devel-104
2013-06-30Fix a missing parenthesis in the LDAP search requestMatthieu Patou1-1/+1
Signed-off-by: Matthieu Patou <mat@matws.net> Reviewed-by: Volker Lendecke <vl@samba.org> Autobuild-User(master): Volker Lendecke <vl@samba.org> Autobuild-Date(master): Sun Jun 30 13:34:13 CEST 2013 on sn-devel-104
2013-06-25heimdal_build: Add missing dep on samba4kgetcredAndrew Bartlett1-1/+1
This started to fail on current Debian Sid with system Heimdal after a binutils update. Andrew Bartlett Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-By: Jelmer Vernooij <jelmer@samba.org> Autobuild-User(master): Andrew Bartlett <abartlet@samba.org> Autobuild-Date(master): Tue Jun 25 02:30:59 CEST 2013 on sn-devel-104
2013-06-24torture: Add tests for LDAP substring search with no strings providedAndrew Bartlett1-0/+110
Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Mon Jun 24 23:55:07 CEST 2013 on sn-devel-104
2013-06-24lsa4: Fix a set but unused variable warningSimo Sorce1-2/+12
Also insure that we exit immediately on any error. Signed-off-by: Volker Lendecke <vl@samba.org> Signed-off-by: Simo Sorce <idra@samba.org> Autobuild-User(master): Volker Lendecke <vl@samba.org> Autobuild-Date(master): Mon Jun 24 12:17:52 CEST 2013 on sn-devel-104
2013-06-21lsa4: Fix a set but unused variable warningVolker Lendecke1-2/+0
Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
2013-06-21lsa4: Remove an unused variableVolker Lendecke1-3/+0
Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
2013-06-21lsa4: Remove an unused variableVolker Lendecke1-3/+0
Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
2013-06-21lsa4: Remove an unused variableVolker Lendecke1-3/+0
Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
2013-06-21Fix some blank line endingsVolker Lendecke1-292/+287
Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Michael Adam <obnox@samba.org> Autobuild-User(master): Volker Lendecke <vl@samba.org> Autobuild-Date(master): Fri Jun 21 19:57:06 CEST 2013 on sn-devel-104
2013-06-21dns: Fix CID 1034969 Uninitialized scalar variableVolker Lendecke1-1/+1
Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-By: Amitay Isaacs <amitay@gmail.com> Autobuild-User(master): Amitay Isaacs <amitay@samba.org> Autobuild-Date(master): Fri Jun 21 17:32:16 CEST 2013 on sn-devel-104
2013-06-20s4-winbind: Add special case for BUILTIN domainAndrew Bartlett3-20/+37
This should mean that lookups for the BUILTIN domain cause less trouble then they have in the past, because they will no longer go via the trusted domain handler. Andrew Bartlett Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Volker Lendecke <vl@samba.org> Autobuild-User(master): Andrew Bartlett <abartlet@samba.org> Autobuild-Date(master): Thu Jun 20 15:30:00 CEST 2013 on sn-devel-104
2013-06-20Fix bug #9166 - Starting smbd or nmbd with stdin from /dev/null results in ↵Jeremy Allison1-3/+14
"EOF on stdin" Only install the stdin handler if it's a pipe or fifo. Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-06-19build: Build with system md5.h on OpenIndianaAndrew Bartlett9-14/+14
This changes (again...) our system md5 detection to cope with how OpenIndiana does md5. I'm becoming increasingly convinced this isn't worth our while (we should have just done samba_md5...), but for now this change seems to work on FreeBSD, OpenIndiana and Linux with libbsd. This needs us to rename struct MD5Context -> MD5_CTX, but we provide a config.h define to rename the type bad if MD5_CTX does not exist (it does however exist in the md5.h from libbsd). Andrew Bartlett Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Wed Jun 19 21:32:36 CEST 2013 on sn-devel-104
2013-06-13dsdb: remove a wrong comment in dsdb_check_access_on_dn_internal()Stefan Metzmacher1-4/+1
Signed-off-by: Stefan Metzmacher <metze@samba.org> Autobuild-User(master): Stefan Metzmacher <metze@samba.org> Autobuild-Date(master): Thu Jun 13 18:19:24 CEST 2013 on sn-devel-104
2013-06-13dsdb: don't allow a missing nTSecurityDescriptor in ↵Stefan Metzmacher1-3/+3
dsdb_get_sd_from_ldb_message() Every object has a nTSecurityDescriptor attribute. This also avoids potential segfaults in the callers. Signed-off-by: Stefan Metzmacher <metze@samba.org>
2013-06-13dsdb: use AS_SYSTEM | SHOW_RECYCLED for access check searchesStefan Metzmacher1-1/+7
We need AS_SYSTEM in order to get the nTSecurityDescriptor attribute. Also the result of this search not controlled by the client nor is the result exposed to the client. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-06-13s4:smb_server: call irpc_add_name() at startup (bug #9905)Stefan Metzmacher1-0/+1
We should call irpc_add_name() when we start the smb_server task. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-06-13s4:rpc_server: call irpc_add_name() at startup (bug #9905)Stefan Metzmacher1-0/+1
We should call irpc_add_name() when we start the rpc_server task. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-06-13s4:ldap_server: call irpc_add_name() at startup (bug #9905)Stefan Metzmacher1-0/+3
We should call irpc_add_name() when we start the ldap_server task. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-06-13dsdb repl_meta_data: Use dsdb_request_add_controls()Andrew Bartlett1-18/+1
This makes the code easier to read. Andrew Bartlett Reviewed-by: Stefan Metzmacher <metze@samba.org> Autobuild-User(master): Stefan Metzmacher <metze@samba.org> Autobuild-Date(master): Thu Jun 13 11:15:01 CEST 2013 on sn-devel-104
2013-06-12dsdb-tests ldap.py: Add test for usn behaviour on certain changesAndrew Bartlett1-54/+155
This probes when the usn is updated, and when it is not. Andrew Bartlett Reviewed-by: Stefan Metzmacher <metze@samba.org> Autobuild-User(master): Stefan Metzmacher <metze@samba.org> Autobuild-Date(master): Wed Jun 12 11:54:01 CEST 2013 on sn-devel-104
2013-06-12dsdb-tests ldap.py: Fix quoting of print statementsAndrew Bartlett1-10/+10
While python didn't mind (oddly) it really confused my editor. Andrew Bartlett Reviewed-by: Stefan Metzmacher <metze@samba.org>
2013-06-12dsdb: Fix behaviour for when to update the USN when there is no changeAndrew Bartlett1-6/+28
This handles deletions and replacements with no value, or with an exactly specified value, as well as modifies. Pair-Programmed-With: Stefan Metzmacher <metze@samba.org> Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org>
2013-06-12dsdb: Allow dsdb_find_dn_by_guid to show deleted DNsAndrew Bartlett5-9/+17
This helps us in the KCC as we need to return the deleted DN for the GUID in DsReplicaGetInfo calls (tested for deleted servers against Windows 2008R2). Andrew Bartlett Reviewed-by: Stefan Metzmacher <metze@samba.org>
2013-06-11dsdb: reset schema->{classes,attributes}_to_remove_size to 0Stefan Metzmacher1-1/+3
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Autobuild-User(master): Stefan Metzmacher <metze@samba.org> Autobuild-Date(master): Tue Jun 11 11:40:39 CEST 2013 on sn-devel-104
2013-06-11dsdb: use the correct talloc parent in dsdb_repl_merge_working_schema()Stefan Metzmacher1-2/+2
schema->{classes,attributes} are the DLIST pointer not an array. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-06-11Revert "s4-dsdb: Remove strcasecmp() fallback in ↵Andrew Bartlett1-0/+7
replmd_ldb_message_element_attid_sort" This reverts commit d799b25dd3ed0f72ee03949225ba241c5538d7d6. Sometimes the schema just isn't right. A segfault is not the correct answer in those cases. Andrew Bartlett Reviewed-by: Stefan Metzmacher <metze@samba.org>
2013-06-10s4:samldb LDB module - MS-SAMR 3.1.1.8.10 "userAccountControl"Matthias Dieter Wallnöfer2-17/+147
"UF_LOCKOUT" and "UF_PASSWORD_EXPIRED" are never stored but rather are used for special semantics. "UF_LOCKOUT" performs an account lockout and "UF_PASSWORD_EXPIRED" forces password expiration. Reviewed-by: Andrew Bartlett <abartlet@samba.org> Autobuild-User(master): Andrew Bartlett <abartlet@samba.org> Autobuild-Date(master): Mon Jun 10 07:32:35 CEST 2013 on sn-devel-104
2013-06-10s4:samr RPC server - dcesrv_samr_SetUserInfo() - password expirationMatthias Dieter Wallnöfer1-1/+7
Also on level 26 this has to be handled the same as on levels 21, 23, 25. Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-06-05s4:samldb LDB module - permit "userAccountControl" modifications without ↵Matthias Dieter Wallnöfer2-2/+58
acct. type Obviously this defaults to UF_NORMAL_ACCOUNT. Some background can be found in MS-SAMR section 3.1.1.8.10. Reviewed-by: Andrew Bartlett <abartlet@samba.org> Autobuild-User(master): Andrew Bartlett <abartlet@samba.org> Autobuild-Date(master): Wed Jun 5 03:26:25 CEST 2013 on sn-devel-104
2013-06-05s4:samldb LDB module - "userAccountControl" = 0 means UF_NORMAL_ACCOUNT on addMatthias Dieter Wallnöfer2-21/+37
Windows Server 2008 has changed semantics in comparison to Server 2003. Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-06-04s4:winbind: don't leak libnet_context into the main event contextStefan Metzmacher1-0/+2
This needs to be a talloc child of struct wbsrv_domain otherwise the cleanup of a broken connection doesn't work. The following command can trigger the leak on a domain controller. root@dc:~/samba# ls -l /var/lib/samba/sysvol/samba.private/ total 16 drwxrwx---+ 5 root 3000000 4096 May 14 14:46 Policies drwxrwx---+ 2 root 3000000 4096 May 14 11:45 scripts gid 3000000 belongs to Builtin\Administrators. The code triggers a ncacn_np: connection to the local smbd and complains that domain BUILTIN is not available: [2013/05/29 17:28:03, 2] ../source4/winbind/wb_init_domain.c:376(init_domain_recv_queryinfo) Expected domain name BUILTIN, DC dc.samba.private said SAMBA In that case the connection was not closed, which is fixed by this commit. Using ncalrpc: for all local SIDs and serving the BUILTIN domain is a project for another day... Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Autobuild-User(master): Andrew Bartlett <abartlet@samba.org> Autobuild-Date(master): Tue Jun 4 11:05:09 CEST 2013 on sn-devel-104
2013-06-03torture: support printer publish pending responsesDavid Disseldorp1-14/+37
Windows (tested against 2k8r2) returns WERR_IO_PENDING and DSPRINT_PENDING when a publish or unpublish is requested via setprinter(level=7). Modify the AD printer publishing test to support these responses. Signed-off-by: David Disseldorp <ddiss@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org> Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org> Autobuild-Date(master): Mon Jun 3 16:06:15 CEST 2013 on sn-devel-104
2013-06-03torture: add AD printer publishing testDavid Disseldorp1-0/+121
This test publishes and unpublishes a printer using setprinter(level=7). Printer info2.attributes and info7.action flags are check at each point to ensure MS-RPRN conformance. Signed-off-by: David Disseldorp <ddiss@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
2013-06-01dns: Delete dnsNode objects when they are emptyKai Blin1-1/+7
If an update leaves the dnsNode without any entries, the dnsNode object should be deleted. Thanks to Günter Kukkukk for his excellent debugging work on this one. This should fix bug #9559 Signed-off-by: Kai Blin <kai@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-05-30s4-dns: set TTL value in the NS server part of the SOA recordGuenter Kukkukk1-0/+1
noticed this when using samba-tool to create a new zone Signed-off-by: Guenter Kukkukk <kukks@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Amitay Isaacs <amitay@gmail.com> Autobuild-User(master): Andrew Bartlett <abartlet@samba.org> Autobuild-Date(master): Thu May 30 09:41:20 CEST 2013 on sn-devel-104
2013-05-30s4-rpc: dnsserver: When updating SOA record, use the specified serialAmitay Isaacs1-6/+9
This makes sure that when updating SOA record, the serial is set to the value sent by client. For all other records, serial is incremented. Signed-off-by: Amitay Isaacs <amitay@gmail.com>
2013-05-30s4-rpc: dnsserver: dns_name_equal() returns booleanAmitay Isaacs1-2/+2
Remove the remaining check for return value after strcmp() was changed to dns_name_equal(). Signed-off-by: Amitay Isaacs <amitay@gmail.com> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-05-30s4-rpc: dnsserver: Fix removal of trailing '.' in soa mnameAmitay Isaacs1-2/+2
Signed-off-by: Amitay Isaacs <amitay@gmail.com> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-05-29s4-torture: Always compile backupkey ndr testsuite.Günther Deschner2-4/+1
This removes another incorrect AD_DC_BUILD_IS_ENABLED check ifdef check. The ndr test is not at all heimdal specific. Guenther Signed-off-by: Günther Deschner <gd@samba.org> Reviewed-by: Alexander Bokovoy <ab@samba.org> Autobuild-User(master): Alexander Bokovoy <ab@samba.org> Autobuild-Date(master): Wed May 29 11:29:51 CEST 2013 on sn-devel-104