summaryrefslogtreecommitdiff
path: root/source4
AgeCommit message (Collapse)AuthorFilesLines
2013-09-23Drop paged-search from OpenLDAP stackHoward Chu1-1/+1
Unnecessary, waste of time Signed-off-by: Howard Chu <hyc@symas.com> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Nadezhda Ivanova <nivanova@symas.com>
2013-09-23Add LDB_MAP_RENDROP optionHoward Chu1-1/+1
Like LDB_MAP_RENAME, but drop the attribute if it occurs in an Add request. Used for distinguishedName attribute, is read-only and generated but for some bizarre reason AD allows it in an Add request. Signed-off-by: Howard Chu <hyc@symas.com> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Nadezhda Ivanova <nivanova@symas.com>
2013-09-23Return a couple more attrs by defaultHoward Chu1-0/+2
Seems to want name and distinguishedName to always be returned. Signed-off-by: Howard Chu <hyc@symas.com> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Nadezhda Ivanova <nivanova@symas.com>
2013-09-23s4:torture:ldap: Fix misleading outputHoward Chu1-2/+2
Looks like an errant copy/paste from the Abandon test. Signed-off-by: Howard Chu <hyc@symas.com> Reviewed-by: Jeremy Allison <jra@samba.org> Reviewed-by: Michael Adam <obnox@samba.org> Autobuild-User(master): Michael Adam <obnox@samba.org> Autobuild-Date(master): Mon Sep 23 22:47:50 CEST 2013 on sn-devel-104
2013-09-22selftest: Add release-4-1-0rc3 saved provisionAndrew Bartlett32-0/+155536
This version has the regression where we would, on join, write an all-zero invocationID in the replPropertyMetaData attribute, on Deleted Objects in particular. To demonstrate this regression, this is based on the promoted_dc environment from make test, with the domain altered to match the pattern used in these trees. Andrew Bartlett Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Michael Adam <obnox@samba.org>
2013-09-22selftest: Add script to assist in writing out a tree undump.sh can restoreAndrew Bartlett1-0/+48
Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Michael Adam <obnox@samba.org>
2013-09-22dsdb: Refuse to replicate an all-zero invocationID GUID in replPropertyMetaDataAndrew Bartlett1-0/+9
This matches Windows 2008R2. Andrew Bartlett Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Michael Adam <obnox@samba.org>
2013-09-22Remove NEWS file containing confusing informationAndrew Bartlett1-496/+0
Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Michael Adam <obnox@samba.org>
2013-09-22Remove confusing TODO fileAndrew Bartlett1-276/+0
This makes no sense in the merged tree, and only confuses users. Andrew Bartlett Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Michael Adam <obnox@samba.org>
2013-09-22dsdb: Use WERR_DS_ATT_NOT_DEF_IN_SCHEMA for failed schema lookupsAndrew Bartlett1-28/+28
Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Michael Adam <obnox@samba.org>
2013-09-21s4:torture: remove and useless variable and assignment in smb2.session.reauth5Michael Adam1-3/+1
Signed-off-by: Michael Adam <obnox@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Sat Sep 21 08:00:02 CEST 2013 on sn-devel-104
2013-09-20libcli: continue to read from the socket even if the size is 0Matthieu Patou1-1/+1
This is an issue found by Codenomicon, with a malicious packet with 0 bytes UDP payload we will continiously be looping trying to react from the socket event and continiously do nothing as we will bail out thinking that we had a memory allocation error. Original fix comes from Volker Lendecke <vl@samba.org> Signed-off-by: Matthieu Patou <mat@matws.net> Reviewed-by: Volker Lendecke <vl@samba.org> Autobuild-User(master): Volker Lendecke <vl@samba.org> Autobuild-Date(master): Fri Sep 20 04:46:47 CEST 2013 on sn-devel-104
2013-09-19lib/messaging: Check the server_id type correctlyAndrew Bartlett1-1/+1
Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> Autobuild-User(master): Andrew Bartlett <abartlet@samba.org> Autobuild-Date(master): Thu Sep 19 23:19:16 CEST 2013 on sn-devel-104
2013-09-19dsdb-repl_meta_data: Make handling of Deleted Objects DN clearer in deleteAndrew Bartlett1-5/+10
This code no longer needs to handle not renaming Deleted Objects during a re-delete, because it is no longer called in that case. Andrew Bartlett Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
2013-09-19dsdb-repl_meta_data: Do not re-delete the Deleted Objects DN during replicationAndrew Bartlett1-3/+5
We need to ensure we do not re-delete the Deleted Objects DN during replication. It itself not entirely a deleted object, but has isDeleted set. Andrew Bartlett Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
2013-09-19dsdb: Refuse to return an all-zero invocationIDAndrew Bartlett1-0/+8
This could cause an all-zero GUID to be entered into the replPropertyMetaData, which will then fail to be replicated to other DCs. Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
2013-09-19dsdb-repl_meta_data: Check for a NULL invocationID and do not proceedAndrew Bartlett1-0/+4
This can happen if we do not find the invocationID, with later patches. Andrew Bartlett Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
2013-09-19python/drs: Ensure to pass in the local invocationID during the domain joinAndrew Bartlett3-4/+20
This ensures (and asserts) that we never write an all-zero GUID as an invocationID to the database in replPropertyMetaData. Andrew Bartlett Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
2013-09-19gensec: move schannel module to toplevel.Günther Deschner2-340/+0
Guenther Signed-off-by: Günther Deschner <gd@samba.org> Pair-Programmed-With: Andreas Schneider <asn@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
2013-09-18OpenLDAP provisioning tweaksHoward Chu4-32/+13
Remove BerkeleyDB-specific setup. Streamline cn=samba partition initialization - allow any backend type for it. Use back-mdb instead of back-ldif for cn=samba partition Signed-off-by: Howard Chu <hyc@symas.com> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Nadezhda Ivanova <nivanova@symas.com> Autobuild-User(master): Nadezhda Ivanova <nivanova@samba.org> Autobuild-Date(master): Wed Sep 18 21:39:51 CEST 2013 on sn-devel-104
2013-09-18Use SASL/EXTERNAL over ldapi://Howard Chu2-50/+82
The provision script will map the uid of the user running the script to the samba-admin LDAP DN. Signed-off-by: Howard Chu <hyc@symas.com> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Nadezhda Ivanova <nivanova@symas.com>
2013-09-18Prepare for SASL/EXTERNAL supportHoward Chu1-2/+11
Signed-off-by: Howard Chu <hyc@symas.com> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Nadezhda Ivanova <nivanova@symas.com>
2013-09-18Free memory on errorAlistair Leslie-Hughes1-0/+1
Reviewed-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Wed Sep 18 19:46:41 CEST 2013 on sn-devel-104
2013-09-18Add an OpenLDAP-specific extended_dn_in moduleHoward Chu2-5/+37
Don't "fix" plain DNs before sending them to OpenLDAP Signed-off-by: Howard Chu <hyc@symas.com> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Nadezhda Ivanova <nivanova@symas.com>
2013-09-17Fix OpenLDAP partition configsHoward Chu1-3/+50
Update to use LMDB backend, BDB is deprecated Update to support DomainDNSZones and ForestDNSZones partitions. Signed-off-by: Howard Chu <hyc@symas.com> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-09-17dsdb: Use credentials.get_forced_sasl_mech()Andrew Bartlett1-0/+1
This will allow us to force the use of only DIGEST-MD5, for example, which is useful to avoid hitting GSSAPI, SPNEGO or NTLM when talking to OpenLDAP and Cyrus-SASL. Andrew Bartlett Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Nadezhda Ivanova <nivanova@symas.com> Autobuild-User(master): Nadezhda Ivanova <nivanova@samba.org> Autobuild-Date(master): Tue Sep 17 01:41:41 CEST 2013 on sn-devel-104
2013-09-16s4-rpc_server/drsuapi: Print ldb error showing why we failed to perform the ↵Andrew Bartlett1-1/+1
access check Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
2013-09-16dsdb: Use dsdb_next_callback() rather than a no-op per-module callbackAndrew Bartlett1-38/+16
Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
2013-09-16dsdb: Add DSDB_SEARCH_ONE_ONLY support to dsdb_module_search*()Andrew Bartlett1-0/+13
Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
2013-09-11dsdb: When using an LDAP backend, force use of the password from secrets.ldbAndrew Bartlett1-0/+99
This makes testing from the command line much easier, as ldbsearch -H sam.ldb will now just work as well as it did with a tdb-based provision. This code was removed from it's previous location outside the ldb module stack in aabda85a2fc9f6763abd56d61ff819012f2225ad. Andrew Bartlett Signed-off-by: Andrew Bartlett <abartlet@samba.org> Signed-off-by: Nadezhda Ivanova <nivanova@symas.com> Autobuild-User(master): Nadezhda Ivanova <nivanova@samba.org> Autobuild-Date(master): Wed Sep 11 21:15:50 CEST 2013 on sn-devel-104
2013-09-10ldb: Do not build libldb-cmdline when using system ldb.Jeroen Dekkers2-2/+1
Cleanup leftover include and linking of libldb-cmdline in oLschema2ldif. Do not build libldb-cmdline anymore when using the system ldb, oLschema2ldif was the only reason for building libldb-cmdline. Signed-off-by: Jeroen Dekkers <jeroen@dekkers.ch> Reviewed-by: Andreas Schneider <asn@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> Autobuild-User(master): Stefan Metzmacher <metze@samba.org> Autobuild-Date(master): Tue Sep 10 12:52:26 CEST 2013 on sn-devel-104
2013-09-06smbd: Remove FORCE_OPLOCK_BREAK_TO_NONEVolker Lendecke1-0/+3
This flag existed to break an exclusive or batch oplock in just one instead of two steps down to "no oplock" when we did an allocation or file size change. Running raw.oplock against W2k12 differs in this respect from W2k3: W2k12 takes two steps (via level2) to break to none. This removes the special flag that we only had for compatibility with systems older than W2k12... Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Fri Sep 6 00:47:07 CEST 2013 on sn-devel-104
2013-09-05torture: Adapt raw.oplock to w2k12Volker Lendecke1-6/+18
Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
2013-09-05torture: Add a new w2k12 targetVolker Lendecke2-0/+3
W2k12 seems to do the 2-step break to none, try running raw.oplock.batch12 against it. Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
2013-09-04torture: Ensure that GSSAPI and SPNEGO packets are accepted by dlz_bind9Andrew Bartlett3-1/+80
This exercises some more of the dlz_bind9 code outside BIND, by sending in a ticket to be access checked, wrapped either in SPNEGO or just in GSSAPI. Andrew Bartlett Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> Autobuild-User(master): Stefan Metzmacher <metze@samba.org> Autobuild-Date(master): Wed Sep 4 11:25:10 CEST 2013 on sn-devel-104
2013-09-04selftest: Add a basic test of samba_upgradednsAndrew Bartlett1-0/+1
This does not check that the command runs correctly, but does at least check that the command runs to completion without errors. Andrew Bartlett Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
2013-09-04scripting/samba_upgradedns: Tighten up exception and attribute list handlingAndrew Bartlett1-9/+10
This avoids asking for attributes that will not be used, and looks only for the expected exceptions, rather than all exceptions. Andrew Bartlett Reviewed-by: Stefan Metzmacher <metze@samba.org> Signed-off-by: Andrew Bartlett <abartlet@samba.org>
2013-09-04scripting/join.py: Handle creating the dns-NAME account during a DC joinAndrew Bartlett2-2/+11
This will ensure that the DLZ plugin works out of the box when joining a second Samba DC to the domain. Andrew Bartlett Reviewed-by: Stefan Metzmacher <metze@samba.org> Signed-off-by: Andrew Bartlett <abartlet@samba.org>
2013-08-30s4:samba_upgradedns: don't pass linklocal=False to interface_ips_v6()Stefan Metzmacher1-1/+1
This is the default... Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Bjoern Jacke <bj@sernet.de>
2013-08-29provision: Rewrite named.txt to be more usefulAndrew Bartlett1-16/+20
We already chown the dns.keytab file, so remove the suggestion to do that, and instead explain why we can not use chroot (an often-requested feature). Andrew Bartlett Signed-off-by: Andrew Bartlett <abartlet@samba.org> Signed-off-by: Björn Jacke <bj@sernet.de> Autobuild-User(master): Björn Jacke <bj@sernet.de> Autobuild-Date(master): Thu Aug 29 13:53:25 CEST 2013 on sn-devel-104
2013-08-29torture: Add buffercheck testsVolker Lendecke1-18/+226
Make sure we get the smb2 infolevel fixed portions right I could not find correct #defines for the infolevels Bug: https://bugzilla.samba.org/show_bug.cgi?id=10106 Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Thu Aug 29 01:27:11 CEST 2013 on sn-devel-104
2013-08-23torture: Split the fsinfo check into a separate testVolker Lendecke1-2/+8
Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Fri Aug 23 20:53:12 CEST 2013 on sn-devel-104
2013-08-23torture: Split the buffercheck into a separate testVolker Lendecke1-2/+9
Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
2013-08-23torture: Change smb2.getinfo into a suiteVolker Lendecke2-2/+11
Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
2013-08-23libsmb2: Fix opening the rootdirectory, part 2Volker Lendecke1-1/+1
smb2_push_o16s16_blob is wrong for the blob.data==NULL case. It does not do the same magic that the rest of the routine does with regards to padding_fix. padding_fix is wrong in its own respect, with a 0-length blob we end up with a negative padding fix. It's wrong, but it seems to work. Why am I doing this? I want to make smb2.getinfo work against w2k12. smb2_util_roothandle() always gives NT_STATUS_INVALID_PARAMETER without this and the preceding fix. Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
2013-08-23libsmb2: Fix opening the rootdirectory, part 1Volker Lendecke1-0/+15
[MS-SMB2], 2.2.13 says: In the request, the Buffer field MUST be at least one byte in length. Implement that for the 0-length filename without create blobs. Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
2013-08-23torture: Remove an unused variableVolker Lendecke1-3/+0
Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
2013-08-19registry4: Fix CID 1034911 Dereference before null checkVolker Lendecke1-1/+1
curbegin is always != NULL here (curend + 1) and is dereferenced by strchr. Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-08-19samdb: Fix CID 1034910 Dereference before null checkVolker Lendecke1-3/+3
strncmp("tdb://", sam_name, 6) dereferences sam_name. Check for NULL before that. Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-08-19samdb: Fix CID 1034910 Dereference before null checkVolker Lendecke1-3/+3
strncmp("tdb://", sam_name, 6) dereferences sam_name. Check for NULL before that. Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>