summaryrefslogtreecommitdiff
path: root/source4
AgeCommit message (Collapse)AuthorFilesLines
2011-01-20s4-auth Remove special case for account_sid from auth_serversupplied_infoAndrew Bartlett14-288/+257
This makes everything reference a server_info->sids list, which is now a struct dom_sid *, not a struct dom_sid **. This is in keeping with the other sid lists in the security_token etc. In the process, I also tidy up the talloc tree (move more structures under their logical parents) and check for some possible overflows in situations with a pathological number of sids. Andrew Bartlett
2011-01-20s4-gensec Add prototype for gensec_ntlmssp_init()Andrew Bartlett1-0/+2
Andrew Bartlett
2011-01-20libcli/auth move ntlmssp_wrap() and ntlmssp_unwrap() into common code.Andrew Bartlett1-123/+12
The idea here is to allow the source3/libads/sasl.c code to call this instead of the lower level ntlmssp_* functions. Andrew Bartlett
2011-01-20s4:selftest: mark samba4.nbt.winsreplication.owned as knownfailStefan Metzmacher1-0/+1
This sometimes fails on a busy server. metze Autobuild-User: Stefan Metzmacher <metze@samba.org> Autobuild-Date: Thu Jan 20 09:29:12 CET 2011 on sn-devel-104
2011-01-20s4:selftest/skip: remove samba4.tokengroups.pythonStefan Metzmacher1-1/+0
metze
2011-01-20lib/util: add tests for anonymous_shared_allocate/free()Stefan Metzmacher2-1/+17
metze Autobuild-User: Stefan Metzmacher <metze@samba.org> Autobuild-Date: Thu Jan 20 06:25:03 CET 2011 on sn-devel-104
2011-01-19s4-selftest Remove knownfail for tokengroups testAndrew Bartlett1-1/+0
The problem with this test (use of None rather than "" has been fixed) Andrew Bartlett Autobuild-User: Andrew Bartlett <abartlet@samba.org> Autobuild-Date: Wed Jan 19 23:56:31 CET 2011 on sn-devel-104
2011-01-19s4-dsdb Don't use None as the input to the GENSEC loop in tokengroups testAndrew Bartlett1-1/+1
The input to gensec.update() should always be a string. Andrew Bartlett
2011-01-19s4:selftest/skip: add samba4.tokengroups.pythonStefan Metzmacher2-1/+2
This fails randomly like this with an error (not a failure): [651/695 in 27m37s] samba4.tokengroups.python(dc) running client gensec_update UNEXPECTED(error): samba4.tokengroups.python(dc).__main__.TokenTest.test_pac_groups REASON: _StringException: _StringException: Content-Type: text/x-traceback;charset=utf8,language=python traceback 1E2 Traceback (most recent call last): File "/usr/lib/python2.6/dist-packages/testtools/runtest.py", line 128, in _run_user return fn(*args) File "/usr/lib/python2.6/dist-packages/testtools/testcase.py", line 368, in _run_test_method testMethod() File "/memdisk/tridge/flakey/b2413/source4/source4/dsdb/tests/python/token_group.py", line 142, in test_pac_groups (client_finished, client_to_server) = gensec_client.update(server_to_client) TypeError: expected a string 0 FAILED (0 failures and 1 errors in 0 testsuites) A summary with detailed information can be found in: ./st/summary test: running (/usr/bin/perl /memdisk/tridge/flakey/b2413/source4/source4/../selftest/selftest.pl --prefix=./st --builddir=. --srcdir=. --exclude=./selftest/skip --testlist="/usr/bin/python ./selftest/tests.py|" --exclude=./selftest/slow --socket-wrapper && touch ./st/st_done) | /usr/bin/python -u ../selftest/filter-subunit --expected-failures=./selftest/knownfail --fail-immediately | tee ./st/subunit | /usr/bin/python -u ../selftest/format-subunit --prefix=./st --immediate ERROR: test failed with exit code 1 metze
2011-01-19s4-dsdb Add PAC validation test to tokengroups test.Andrew Bartlett2-21/+79
This confirms that the groups obtained from a Kerberos PAC match those that a manual search of a target LDAP server would reveal. This should allow mixing of a KDC specified by krb5.conf to test Samba or Windows alternatly. Andrew Bartlett Autobuild-User: Andrew Bartlett <abartlet@samba.org> Autobuild-Date: Wed Jan 19 13:13:48 CET 2011 on sn-devel-104
2011-01-19s4-pyauth Fix AuthContext wrapperAndrew Bartlett1-2/+13
2011-01-19s4-auth Allow NULL methods to be specified to auth_context_create_methods()Andrew Bartlett1-14/+3
This allows us to init an auth context that isn't going to do any NTLM authentication, but is used by other subsystems. Andrew Bartlett
2011-01-19s4-dsdb Add a test of the tokenGroups behaviour on the user's DN.Andrew Bartlett1-3/+21
Andrew Bartlett
2011-01-19s4-gensec Remove special case 'for SASL' that is not required any more.Andrew Bartlett1-13/+0
I've examined the code paths involved, and it appears an alternative fix has been made in the ldap_server/ldap_bind.c code, and there is no code path that uses this behaviour. Andrew Bartlett
2011-01-19pygensec: remove special case handling for None for buffersAndrew Tridgell2-36/+29
always returning a buffer makes life easier for callers Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2011-01-18s4:tls_tstream: also use a dynamic buffer for the pull sideStefan Metzmacher1-3/+12
Maybe that fixes the remaining issues with some gnutls versions. metze Autobuild-User: Stefan Metzmacher <metze@samba.org> Autobuild-Date: Tue Jan 18 17:26:08 CET 2011 on sn-devel-104
2011-01-18s4:tls_tstream: fix partial reads, so that the gnutls layer doesn't read the ↵Stefan Metzmacher1-1/+6
same data twice metze
2011-01-18s4-tests: Added a test for correct inheritance of IO flagged ACEs.Nadezhda Ivanova1-0/+18
Autobuild-User: Nadezhda Ivanova <nivanova@samba.org> Autobuild-Date: Tue Jan 18 15:53:46 CET 2011 on sn-devel-104
2011-01-18s4-gensec Extend python bindings for GENSEC and the associated testAndrew Bartlett3-28/+275
This now tests a real GENSEC exchange, including wrap and unwrap, using GSSAPI. Therefore, it now needs to access a KDC. Andrew Bartlett Autobuild-User: Andrew Bartlett <abartlet@samba.org> Autobuild-Date: Tue Jan 18 11:41:26 CET 2011 on sn-devel-104
2011-01-18s4-auth Extend python bindings to allow ldb and message to be specifiedAndrew Bartlett3-11/+61
This will allow for some more tokenGroups tests in future. Andrew Bartlett
2011-01-18s4-pygensec Fix indentation of py_gensec_start_mech_by_name()Andrew Bartlett1-11/+11
2011-01-18s4-torture Remove unused temp dirs from the RPC-PAC test.Andrew Bartlett1-9/+0
The code previously required the creation of a messaging context, but this isn't done any more, so we don't need the tmp dir to put it in. Andrew Bartlett
2011-01-18s4-pyldb Fix tp_basicsize for PyLdbDnAndrew Bartlett1-1/+1
This wasn't actually causing problems before, as the structures were the same size. Andrew Bartlett
2011-01-18s4-pygensec Add bindings for server_start() and update()Andrew Bartlett1-4/+96
2011-01-18s4-pyauth Add bindings for auth_context_create() as AuthContext()Andrew Bartlett2-1/+81
2011-01-18s4-pyauth Use py_talloc_get_type() for greater talloc binding safetyAndrew Bartlett2-12/+15
This does a talloc check of the returned pointer before casting it. Andrew Bartlett
2011-01-18s4-gensec Don't steal the auth_context, reference it.Andrew Bartlett2-6/+17
We don't want to steal this pointer away from the caller if it's been set up from python. Andrew Bartlett
2011-01-18s4-ldb_ldif: Take into account LDB_FLG_SHOW_BINARYKamen Mazdrashki1-1/+4
when user requires binary data to be displayed using samba user-friendly ldif handlers Found using following test search: bin/ldbsearch -H st/dc/private/sam.ldb -b "CN=Deleted Objects,DC=samba,DC=example,DC=com" \ "(objectGUID=97b52eac-6d89-434d-b935-1e5f2e086ffc)" replPropertyMetaData --show-deleted --show-binary Autobuild-User: Kamen Mazdrashki <kamenim@samba.org> Autobuild-Date: Tue Jan 18 00:40:01 CET 2011 on sn-devel-104
2011-01-18s4-ldb_ldif: Don't check for LDB_FLG_SHOW_BINARY in ldb_should_b64_encodeKamen Mazdrashki1-4/+0
LDB_FLG_SHOW_BINARY is data representation flag and should not modify behavior of data checking functions. This lead to a bug in lib/ldb/ldb_tdb/ldb_index.c as ltdb_index_key() function relies on ldb_should_b64_encode function to determine how to process index keys. Found using following test search: bin/ldbsearch -H st/dc/private/sam.ldb -b "CN=Deleted Objects,DC=samba,DC=example,DC=com" \ "(objectGUID=97b52eac-6d89-434d-b935-1e5f2e086ffc)" replPropertyMetaData --show-deleted --show-binary
2011-01-17s4-provision: Fixed owner/group for hard-coded Sites descriptor.Nadezhda Ivanova1-3/+1
We must not specify explicitly owner and group. As there is a difference between WIN_2003 and WIN_2008, we should let descriptor module compute the correct default ones. Also removed inherited ACEs, they are ignored during SD creation anyway. Autobuild-User: Nadezhda Ivanova <nivanova@samba.org> Autobuild-Date: Mon Jan 17 18:23:24 CET 2011 on sn-devel-104
2011-01-17s4-tools: Fixed a bug in ldapcmp - DACL was not retrieved correctly if the ↵Nadezhda Ivanova1-1/+4
object had no SACL. --Pair-Programmed-With: Zahari Zahariev
2011-01-17s4-tools: Added a --sort-aces option to ldapcmpNadezhda Ivanova1-6/+12
This option sorts the ACE lists during SD comparison in collision view to make it easier to determine of a difference is only in ACE order, and if not, where do differences start. Autobuild-User: Nadezhda Ivanova <nivanova@samba.org> Autobuild-Date: Mon Jan 17 14:09:09 CET 2011 on sn-devel-104
2011-01-17ldb: new ABI sigs fileAndrew Tridgell1-0/+248
Autobuild-User: Andrew Tridgell <tridge@samba.org> Autobuild-Date: Mon Jan 17 06:09:23 CET 2011 on sn-devel-104
2011-01-17s4-dsdb: replaced the calls to ldb_search() in dsdb modules with ↵Andrew Tridgell4-26/+32
dsdb_module_search() this ensures we follow the module stack, and set the parent on child requests
2011-01-17s4-dsdb: pass parent request to dsdb_module_*() functions Andrew Tridgell25-235/+335
this preserves the request hierarchy for dsdb_module_*() calls inside dsdb ldb modules Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2011-01-17ldb: added ldb_req_mark_trusted()Andrew Tridgell3-1/+14
this is used to mark a ldb child request trusted, if the caller has validated all inputs. This will be used when creating new child requests with trusted inputs. Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2011-01-17ldb: inherit parent flags on child requests in modulesMatthias Dieter Wallnöfer1-0/+11
2011-01-17web_server: Display trivial placeholder page if SWAT could not be found.Jelmer Vernooij1-6/+19
Autobuild-User: Jelmer Vernooij <jelmer@samba.org> Autobuild-Date: Mon Jan 17 01:27:10 CET 2011 on sn-devel-104
2011-01-17web_server: Fix initialization.Jelmer Vernooij1-3/+6
2011-01-17web_server: Avoid references to swat. Load samba.web_server instead.Jelmer Vernooij2-8/+11
2011-01-17param: Load web service by default.Jelmer Vernooij1-1/+1
2011-01-15s4:dsdb_find_nc_root - fix it up to let the provisioning work correctlyMatthias Dieter Wallnöfer1-2/+2
Use the temporary list unless we have at least the three main "namingContexts" from the rootDSE available (Default, Configuration, Schema - these are mandatory on all AD deployments!). This bug has been discovered by Nadya in relation with her SD work. Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org> Autobuild-Date: Sat Jan 15 19:01:11 CET 2011 on sn-devel-104
2011-01-15s4:auth/ntlm/auth_sam.c - fix call to "get_server_info_principal"Matthias Dieter Wallnöfer1-7/+7
This should obviously point to the wrapper not the call itself. Found out by Tru64 host build warning. Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org> Autobuild-Date: Sat Jan 15 18:05:59 CET 2011 on sn-devel-104
2011-01-15s4:samr RPC server - always interpret filter integer values as signedMatthias Dieter Wallnöfer1-4/+4
To prevent platform-dependant problems. Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org> Autobuild-Date: Sat Jan 15 14:54:14 CET 2011 on sn-devel-104
2011-01-14s4:web_server - immeditately assign "wdata" as private data for the stream ↵Matthias Dieter Wallnöfer1-11/+11
socket This fixes bug #7887. Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org> Autobuild-Date: Fri Jan 14 22:33:13 CET 2011 on sn-devel-104
2011-01-14s4:urgent_replication.py - remove a now superflous RELAX controlMatthias Dieter Wallnöfer1-1/+1
The LSA object creation protection changed to the trusted/untrusted connection model. Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org> Autobuild-Date: Fri Jan 14 19:30:52 CET 2011 on sn-devel-104
2011-01-14s4:samldb LDB module - fix "userAccountControl" handlingMatthias Dieter Wallnöfer2-15/+39
"UF_ACCOUNTDISABLE" is only added automatically if no "userAccountControl" flags are set on LDAP add operations. Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org> Autobuild-Date: Fri Jan 14 18:29:07 CET 2011 on sn-devel-104
2011-01-14ldb:ldb_dn.c - fix counter type in "ldb_dn_minimise"Matthias Dieter Wallnöfer1-1/+1
Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org> Autobuild-Date: Fri Jan 14 10:43:29 CET 2011 on sn-devel-104
2011-01-14waf: use PYTHONARCHDIR for installing python shared libsAndrew Tridgell5-1/+10
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org> Autobuild-User: Andrew Tridgell <tridge@samba.org> Autobuild-Date: Fri Jan 14 08:19:40 CET 2011 on sn-devel-104
2011-01-14s4-dsdb: only enforce the extended dn rules over ldapAndrew Tridgell1-2/+21
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org> Autobuild-User: Andrew Tridgell <tridge@samba.org> Autobuild-Date: Fri Jan 14 07:23:31 CET 2011 on sn-devel-104