summaryrefslogtreecommitdiff
path: root/source4
AgeCommit message (Collapse)AuthorFilesLines
2013-01-21dsdb-acl: dsdb_attribute_by_lDAPDisplayName() is needed for all attributesStefan Metzmacher1-16/+18
"clearTextPassword" is the only exception. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-01-21dsdb-acl: introduce a 'el' helper variable to acl_modify()Stefan Metzmacher1-12/+11
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-01-21dsdb-acl: introduce a 'msg' helper variable to acl_modify()Stefan Metzmacher1-20/+20
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-01-21dsdb-schema: make sure we build [system]PossibleInferiors completelyStefan Metzmacher1-0/+4
Otherwise callers like dsdb_schema_copy_shallow() will corrupt the talloc hierarchie. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-01-21dsdb-schema: make sure use clean caches in schema_inferiors.cStefan Metzmacher2-28/+32
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-01-21dsdb-schema: make schema_subclasses_order_recurse() staticStefan Metzmacher1-3/+3
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-01-21Tests: remove redondent testsuites in provisionMatthieu Patou1-6/+1
Removed provision are already tested somewhere else. Signed-off-by: Matthieu Patou <mat@matws.net> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Autobuild-User(master): Matthieu Patou <mat@samba.org> Autobuild-Date(master): Mon Jan 21 09:59:43 CET 2013 on sn-devel-104
2013-01-21Tests: rewrite ldap_schema to specify attributesMatthieu Patou1-15/+24
Signed-off-by: Matthieu Patou <mat@matws.net> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-01-19heimdal_build: Try again to sort out the strerror_r messAndrew Bartlett3-8/+8
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2013-01-17spoolss: make spoolss deal with ndr64 SetForm by using proper container object.Günther Deschner2-14/+17
Guenther Signed-off-by: Günther Deschner <gd@samba.org> Reviewed-by: David Disseldorp <ddiss@samba.org>
2013-01-17spoolss: make spoolss deal with ndr64 AddForm by using proper container object.Günther Deschner2-17/+20
Guenther Signed-off-by: Günther Deschner <gd@samba.org> Reviewed-by: David Disseldorp <ddiss@samba.org>
2013-01-17s4-torture: add ndr64 spoolss_SetPrinter ndr test.Günther Deschner1-0/+73
Guenther Signed-off-by: Günther Deschner <gd@samba.org> Reviewed-by: David Disseldorp <ddiss@samba.org>
2013-01-17spoolss: make spoolss deal with ndr64 ULONG_PTR of devmode_ptr and secdesc_ptr.Günther Deschner2-8/+8
Guenther Signed-off-by: Günther Deschner <gd@samba.org> Reviewed-by: David Disseldorp <ddiss@samba.org>
2013-01-17dsdb-operational: Avoid doing the ldb_attr_cmp if bypass flag is not setMatthieu Patou1-1/+1
Most of the time this flag is not set and so we can avoid the strcasecmp in ldb_attr_cmp() Reviewed-by: Stefan Metzmacher <metze@samba.org> Autobuild-User(master): Stefan Metzmacher <metze@samba.org> Autobuild-Date(master): Thu Jan 17 17:10:32 CET 2013 on sn-devel-104
2013-01-17torture: Fix fsmo test to use correct -H samba-tool syntaxAndrew Bartlett1-2/+2
However, the test still does not pass. Reviewed-by: Stefan Metzmacher <metze@samba.org>
2013-01-17dsdb: Do not hold the transaction over the IRPC call to perform a role transferAndrew Bartlett1-1/+26
This avoids one samba process locking out another from the DB. Andrew Bartlett Reviewed-by: Stefan Metzmacher <metze@samba.org>
2013-01-17drs-fsmo: Improve handling of FSMO role takeover.Andrew Bartlett3-5/+14
This needs to be more async, and give less scary errors. Andrew Bartlett Reviewed-by: Stefan Metzmacher <metze@samba.org>
2013-01-17dsdb-acl: calculate sDRightsEffective based on "nTSecurityDescriptor"Stefan Metzmacher1-3/+11
acl_check_access_on_attribute should never be called with attr=NULL because we don't check access on an attribute in that case Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Matthieu Patou <mat@matws.net> Autobuild-User(master): Matthieu Patou <mat@samba.org> Autobuild-Date(master): Thu Jan 17 11:21:10 CET 2013 on sn-devel-104
2013-01-17dsdb-acl: add helper variable 'ldb' in acl_sDRightsEffectiveStefan Metzmacher1-1/+2
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Matthieu Patou <mat@matws.net>
2013-01-17dsdb-acl: fix the order of special and system checksStefan Metzmacher1-22/+61
First we check for a special dn, then for system access. All allocations happen after this checks in order to avoid allocations we won't use. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Matthieu Patou <mat@matws.net>
2013-01-17dsdb-acl: Do not apply ACL on special DNs to hide attributes that the user ↵Matthieu Patou1-0/+4
shouldn't see This fix frequent reindexing when using python script with a user that is not system. The reindexing is caused by ACL module hidding (removing) attributes in the search request for all attributes in dn=@ATTRIBUTES and because dsdb_schema_set_indices_and_attributes checks that the list of attributes that it just calculated from the schema is the same as the list written in @ATTRIBUTES, if not the list is replaced and a reindexing is triggered. Signed-off-by: Matthieu Patou <mat@matws.net> Reviewed-by: Stefan Metzmacher <metze@samba.org>
2013-01-17dsdb-acl: talloc_free the private context when we pass to the next moduleStefan Metzmacher1-0/+1
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Matthieu Patou <mat@matws.net>
2013-01-17dsdb-acl: don't call dsdb_user_password_support() if we don't use the resultStefan Metzmacher1-2/+8
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Matthieu Patou <mat@matws.net>
2013-01-16torture: copychunk test suite improvementsDavid Disseldorp1-8/+719
Allow for large files in test_setup_copy_chunk(): Write test data in 1M IOs, rather than attempting to do the whole thing in one go. Add copychunk bad resume key test: Send a copy chunk request with an intentionally bogus resume key (source key handle). Add copychunk src=dest test: Test copychunk requests where the source and destination handles refer to the same file. Add copychunk src=dest overlap test. Add desired access args to test_setup_copy_chunk(). Add copychunk_bad_access test: Open the copychunk source and destination files with differing desired_access values. Confirm copychunk response matches 2k8 and 2k12 behaviour. Add copy_chunk_src_exceed test: Attempts to copy more data than is present in the copychunk source file. Add copy_chunk_src_exceed_multi test: Test whether the first chunk in a multi-chunk copychunk request is written to disk, where the second chunk is invalid due to src file overrun. Add copy_chunk_sparse_dest test: Issue a request where the target offset exceeds the file size, resulting in a sparse region. Add copy_chunk_max_output_sz test. Reviewed by: Jeremy Allison <jra@samba.org>
2013-01-16torture: replace ioctl failure returns with helper callsDavid Disseldorp1-33/+25
Also change test_ioctl_get_shadow_copy() to use torture_skip(), and clean up test output. Reviewed by: Jeremy Allison <jra@samba.org>
2013-01-16torture: add locking tests for copychunkDavid Disseldorp1-0/+228
Reviewed by: Jeremy Allison <jra@samba.org>
2013-01-16torture: skip FSCTL_SRV_ENUM_SNAPS test when not supportedDavid Disseldorp1-0/+6
If FSCTL_SRV_ENUM_SNAPS fails with NT_STATUS_NOT_SUPPORTED then skip the test, this means we can run the full ioctl test suite as part of autobuild. Reviewed by: Jeremy Allison <jra@samba.org>
2013-01-16smb2_ioctl: remove ioctl error response assumptionsDavid Disseldorp2-3/+92
MS-SMB2 3.3.4.4 documents cases where a ntstatus indicating an error should not be considered a failure. In such a case the output data buffer should be sent to the client rather than an error response packet. Add a new fsctl copy_chunk test to confirm field limits are sent back in response to an oversize chunk request. Reviewed by: Jeremy Allison <jra@samba.org>
2013-01-16s4-torture: add ndr64 spoolss openprinterex to ndr test.Günther Deschner1-0/+28
Guenther Signed-off-by: Günther Deschner <gd@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org> Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org> Autobuild-Date(master): Wed Jan 16 13:26:53 CET 2013 on sn-devel-104
2013-01-16s4-torture: allow to do ndr tests with flags, not only ndr_flags.Günther Deschner2-3/+14
Guenther Signed-off-by: Günther Deschner <gd@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
2013-01-16spoolss: Make OpenPrinterEx work with NDR64 by using UserInfo Container.Günther Deschner5-31/+29
Guenther Signed-off-by: Günther Deschner <gd@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
2013-01-15dsdb: Add test for modification of two attributes, one permitted, one denied ↵Andrew Bartlett1-0/+15
(bug #9554 - CVE-2013-0172) Reviewed-by: Stefan Metzmacher <metze@samba.org> (cherry picked from commit 8bafe0871526cd5d5e7fdbe123ab661379f64cb1) Autobuild-User(master): Stefan Metzmacher <metze@samba.org> Autobuild-Date(master): Tue Jan 15 14:03:47 CET 2013 on sn-devel-104
2013-01-15dsdb-acl: Run sec_access_check_ds on each attribute proposed to modify (bug ↵Andrew Bartlett1-28/+27
#9554 - CVE-2013-0172) This seems inefficient, but is needed for correctness. The alternative might be to have the sec_access_check_ds code confirm that *all* of the nodes in the object tree have been cleared to node->remaining_bits == 0. Otherwise, I fear that write access to one attribute will become write access to all attributes. Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> (cherry picked from commit d776fd807e0c9a62f428ce666ff812655f98bc47)
2013-01-12dsdb: Make linked_attributes module GUID based for renamesAndrew Bartlett1-13/+64
This ensures that when we have the backlink out of sync with the forward link (perhaps due to another operation that has put the backlink handling in an end-of-transaction TODO list in repl_meta_data) that we do not error out, we just cope as well as we can. The GUID is the unique identifier, not the DN. Andrew Bartlett Reviewed-by: Stefan Metzmacher <metze@samba.org> Autobuild-User(master): Stefan Metzmacher <metze@samba.org> Autobuild-Date(master): Sat Jan 12 12:52:28 CET 2013 on sn-devel-104
2013-01-12s4-resolve: Fix parsing of IPv6/AAAA in dns_lookup (bug #9555)Arvid Requate1-0/+1
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2013-01-10scripting/samba_upgradedns: Only look for IPv4/IPv6 addresses if we actually ↵Andrew Bartlett1-21/+22
them This allows the script to be used to create/remove the samba-specific dns-SERVER account when we do not need to create the in-directory partition. Andrew Bartlett Reviewed-by: Stefan Metzmacher <metze@samba.org> Autobuild-User(master): Stefan Metzmacher <metze@samba.org> Autobuild-Date(master): Thu Jan 10 20:56:50 CET 2013 on sn-devel-104
2013-01-10samba-tool classicupgrade: Do not print the admin password during upgradeAndrew Bartlett1-1/+10
This changes the code to only set and show a new password if no admin user is found during the upgrade. Andrew Bartlett Reviewed-by: Stefan Metzmacher <metze@samba.org> Autobuild-User(master): Stefan Metzmacher <metze@samba.org> Autobuild-Date(master): Thu Jan 10 16:55:23 CET 2013 on sn-devel-104
2013-01-10s4-idmap: Remove requirement that posixAccount or posixGroup be set for rfc2307Andrew Bartlett1-6/+3
This change matches the source3/idmap/idmap_ad.c code, and allows this feature to work with only the setting of the UID/GID in Active Directory Users and Computers. Andrew Bartlett Reviewed-by: Stefan Metzmacher <metze@samba.org>
2013-01-10selftest: Add test for rfc2307 mapping handlingAndrew Bartlett1-0/+1
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2013-01-10dsdb-acl: give error string if we can not obtain the schemaAndrew Bartlett1-2/+3
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2013-01-10s4-dbcheck: Allow forcing an override of an old @MODULES recordAndrew Bartlett2-4/+29
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2013-01-09Use the new directory_create_or_exist_strict() function.Andreas Schneider4-5/+10
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-01-09samba_dnsupdate: set KRB5_CONFIG for nsupdate commandBjörn Baumbach1-4/+5
Let nslookup use krb5.conf, which is set in our KRB5_CONFIG. Signed-off-by: Björn Baumbach <bb@sernet.de> Reviewed-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-01-09s4:lib/messaging: terminate the irpc_servers_byname() result with ↵Stefan Metzmacher2-4/+4
server_id_set_disconnected() (bug #9540) Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-01-09libnet-vampire: reports Exops as they rather than sync on some partitionsMatthieu Patou1-6/+27
Instead of showing: Partition[CN=RODC,OU=Domain Controllers,DC=samba,DC=example,DC=com] objects[1] linked_values[8] Report a exop based on CN=RODC,OU=Domain Controllers,DC=samba,DC=example,DC=com as Exop on CN=RODC,OU=Domain Controllers,DC=samba,DC=example,DC=com, ... Signed-off-by: Matthieu Patou <mat@matws.net> Reviewed-By: Andrew Bartlett <abartlet@samba.org> Autobuild-User(master): Matthieu Patou <mat@samba.org> Autobuild-Date(master): Wed Jan 9 09:01:30 CET 2013 on sn-devel-104
2013-01-09libnet: set the invocation_id earlier in order to avoid annoying messagesMatthieu Patou1-13/+13
At that moment we have all the information to set the invocation id so let's set it, it will avoid useless messages about missing invocation id. Signed-off-by: Matthieu Patou <mat@matws.net> Reviewed-By: Andrew Bartlett <abartlet@samba.org>
2013-01-08samba-tool Add --service argument to samba-tool ntacl get/setAndrew Bartlett1-6/+10
This also ensures a VFS connect is done to the correct service. Andrew Bartlett Reviewed-by: Jeremy Allison <jra@samba.org> Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Tue Jan 8 03:39:21 CET 2013 on sn-devel-104
2013-01-07pysmbd: Change to keyword based argumentsAndrew Bartlett1-4/+4
Reviewed-by: Jeremy Allison <jra@samba.org>
2013-01-07scripting-provision: Set sysvol ACLs on the sysvol shareAndrew Bartlett1-14/+23
This allows us to correctly load any modules that have been specified by the smb.conf for [sysvol] and issue a VFS connect operation which may be required by some VFS modules. Andrew Bartlett Reviewed-by: Jeremy Allison <jra@samba.org>
2013-01-07scripting-ntacls: Optionally allow the service to be specified.Andrew Bartlett1-6/+6
Providing a service allows a VFS connect to be issued on the correct service, and so ensures that the correct modules are loaded rather than just what is specified in [globals]. Andrew Bartlett Reviewed-by: Jeremy Allison <jra@samba.org>
generated by cgit (git 2.34.1) at 2024-11-07 23:33:40 +0000