Age | Commit message (Collapse) | Author | Files | Lines |
|
Guenther
|
|
Guenther
|
|
This makes everything reference a server_info->sids list, which is now
a struct dom_sid *, not a struct dom_sid **. This is in keeping with
the other sid lists in the security_token etc.
In the process, I also tidy up the talloc tree (move more structures
under their logical parents) and check for some possible overflows in
situations with a pathological number of sids.
Andrew Bartlett
|
|
Andrew Bartlett
|
|
The idea here is to allow the source3/libads/sasl.c code to call this
instead of the lower level ntlmssp_* functions.
Andrew Bartlett
|
|
This sometimes fails on a busy server.
metze
Autobuild-User: Stefan Metzmacher <metze@samba.org>
Autobuild-Date: Thu Jan 20 09:29:12 CET 2011 on sn-devel-104
|
|
metze
|
|
metze
Autobuild-User: Stefan Metzmacher <metze@samba.org>
Autobuild-Date: Thu Jan 20 06:25:03 CET 2011 on sn-devel-104
|
|
The problem with this test (use of None rather than "" has been fixed)
Andrew Bartlett
Autobuild-User: Andrew Bartlett <abartlet@samba.org>
Autobuild-Date: Wed Jan 19 23:56:31 CET 2011 on sn-devel-104
|
|
The input to gensec.update() should always be a string.
Andrew Bartlett
|
|
This fails randomly like this with an error (not a failure):
[651/695 in 27m37s] samba4.tokengroups.python(dc)
running client gensec_update
UNEXPECTED(error): samba4.tokengroups.python(dc).__main__.TokenTest.test_pac_groups
REASON: _StringException: _StringException: Content-Type: text/x-traceback;charset=utf8,language=python
traceback
1E2
Traceback (most recent call last):
File "/usr/lib/python2.6/dist-packages/testtools/runtest.py", line 128, in _run_user
return fn(*args)
File "/usr/lib/python2.6/dist-packages/testtools/testcase.py", line 368, in _run_test_method
testMethod()
File "/memdisk/tridge/flakey/b2413/source4/source4/dsdb/tests/python/token_group.py", line 142, in test_pac_groups
(client_finished, client_to_server) = gensec_client.update(server_to_client)
TypeError: expected a string
0
FAILED (0 failures and 1 errors in 0 testsuites)
A summary with detailed information can be found in:
./st/summary
test: running (/usr/bin/perl /memdisk/tridge/flakey/b2413/source4/source4/../selftest/selftest.pl --prefix=./st --builddir=. --srcdir=. --exclude=./selftest/skip --testlist="/usr/bin/python ./selftest/tests.py|" --exclude=./selftest/slow --socket-wrapper && touch ./st/st_done) | /usr/bin/python -u ../selftest/filter-subunit --expected-failures=./selftest/knownfail --fail-immediately | tee ./st/subunit | /usr/bin/python -u ../selftest/format-subunit --prefix=./st --immediate
ERROR: test failed with exit code 1
metze
|
|
This confirms that the groups obtained from a Kerberos PAC match those
that a manual search of a target LDAP server would reveal.
This should allow mixing of a KDC specified by krb5.conf to test Samba
or Windows alternatly.
Andrew Bartlett
Autobuild-User: Andrew Bartlett <abartlet@samba.org>
Autobuild-Date: Wed Jan 19 13:13:48 CET 2011 on sn-devel-104
|
|
|
|
This allows us to init an auth context that isn't going to do any NTLM
authentication, but is used by other subsystems.
Andrew Bartlett
|
|
Andrew Bartlett
|
|
I've examined the code paths involved, and it appears an alternative
fix has been made in the ldap_server/ldap_bind.c code, and there is no
code path that uses this behaviour.
Andrew Bartlett
|
|
always returning a buffer makes life easier for callers
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
Maybe that fixes the remaining issues with some gnutls versions.
metze
Autobuild-User: Stefan Metzmacher <metze@samba.org>
Autobuild-Date: Tue Jan 18 17:26:08 CET 2011 on sn-devel-104
|
|
same data twice
metze
|
|
Autobuild-User: Nadezhda Ivanova <nivanova@samba.org>
Autobuild-Date: Tue Jan 18 15:53:46 CET 2011 on sn-devel-104
|
|
This now tests a real GENSEC exchange, including wrap and unwrap,
using GSSAPI. Therefore, it now needs to access a KDC.
Andrew Bartlett
Autobuild-User: Andrew Bartlett <abartlet@samba.org>
Autobuild-Date: Tue Jan 18 11:41:26 CET 2011 on sn-devel-104
|
|
This will allow for some more tokenGroups tests in future.
Andrew Bartlett
|
|
|
|
The code previously required the creation of a messaging context, but
this isn't done any more, so we don't need the tmp dir to put it in.
Andrew Bartlett
|
|
This wasn't actually causing problems before, as the structures were
the same size.
Andrew Bartlett
|
|
|
|
|
|
This does a talloc check of the returned pointer before casting it.
Andrew Bartlett
|
|
We don't want to steal this pointer away from the caller if it's been
set up from python.
Andrew Bartlett
|
|
when user requires binary data to be displayed
using samba user-friendly ldif handlers
Found using following test search:
bin/ldbsearch -H st/dc/private/sam.ldb -b "CN=Deleted Objects,DC=samba,DC=example,DC=com" \
"(objectGUID=97b52eac-6d89-434d-b935-1e5f2e086ffc)" replPropertyMetaData --show-deleted --show-binary
Autobuild-User: Kamen Mazdrashki <kamenim@samba.org>
Autobuild-Date: Tue Jan 18 00:40:01 CET 2011 on sn-devel-104
|
|
LDB_FLG_SHOW_BINARY is data representation flag and should
not modify behavior of data checking functions.
This lead to a bug in lib/ldb/ldb_tdb/ldb_index.c as ltdb_index_key()
function relies on ldb_should_b64_encode function to determine
how to process index keys.
Found using following test search:
bin/ldbsearch -H st/dc/private/sam.ldb -b "CN=Deleted Objects,DC=samba,DC=example,DC=com" \
"(objectGUID=97b52eac-6d89-434d-b935-1e5f2e086ffc)" replPropertyMetaData --show-deleted --show-binary
|
|
We must not specify explicitly owner and group. As there is a difference between WIN_2003 and WIN_2008, we should let descriptor
module compute the correct default ones. Also removed inherited ACEs, they are ignored during SD creation anyway.
Autobuild-User: Nadezhda Ivanova <nivanova@samba.org>
Autobuild-Date: Mon Jan 17 18:23:24 CET 2011 on sn-devel-104
|
|
object had no SACL.
--Pair-Programmed-With: Zahari Zahariev
|
|
This option sorts the ACE lists during SD comparison in collision view to make it easier to
determine of a difference is only in ACE order, and if not, where do differences start.
Autobuild-User: Nadezhda Ivanova <nivanova@samba.org>
Autobuild-Date: Mon Jan 17 14:09:09 CET 2011 on sn-devel-104
|
|
Autobuild-User: Andrew Tridgell <tridge@samba.org>
Autobuild-Date: Mon Jan 17 06:09:23 CET 2011 on sn-devel-104
|
|
dsdb_module_search()
this ensures we follow the module stack, and set the parent on child
requests
|
|
this preserves the request hierarchy for dsdb_module_*() calls inside
dsdb ldb modules
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
this is used to mark a ldb child request trusted, if the caller has
validated all inputs. This will be used when creating new child
requests with trusted inputs.
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
|
|
Autobuild-User: Jelmer Vernooij <jelmer@samba.org>
Autobuild-Date: Mon Jan 17 01:27:10 CET 2011 on sn-devel-104
|
|
|
|
|
|
|
|
Use the temporary list unless we have at least the three main
"namingContexts" from the rootDSE available (Default, Configuration, Schema -
these are mandatory on all AD deployments!).
This bug has been discovered by Nadya in relation with her SD work.
Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org>
Autobuild-Date: Sat Jan 15 19:01:11 CET 2011 on sn-devel-104
|
|
This should obviously point to the wrapper not the call itself.
Found out by Tru64 host build warning.
Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org>
Autobuild-Date: Sat Jan 15 18:05:59 CET 2011 on sn-devel-104
|
|
To prevent platform-dependant problems.
Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org>
Autobuild-Date: Sat Jan 15 14:54:14 CET 2011 on sn-devel-104
|
|
socket
This fixes bug #7887.
Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org>
Autobuild-Date: Fri Jan 14 22:33:13 CET 2011 on sn-devel-104
|
|
The LSA object creation protection changed to the trusted/untrusted
connection model.
Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org>
Autobuild-Date: Fri Jan 14 19:30:52 CET 2011 on sn-devel-104
|
|
"UF_ACCOUNTDISABLE" is only added automatically if no "userAccountControl" flags
are set on LDAP add operations.
Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org>
Autobuild-Date: Fri Jan 14 18:29:07 CET 2011 on sn-devel-104
|
|
Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org>
Autobuild-Date: Fri Jan 14 10:43:29 CET 2011 on sn-devel-104
|