From 7e0ef3fd0ef4dba827f331cbe43fa0524be91130 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Thu, 6 Mar 2008 21:55:26 +1100 Subject: Make Samba4 pass the NET-API-BECOMEDC test against Win2k3 (again). To make Samba4, using the python provision system, pass this test required some major rework. Untested code is broken code, and some of the refactoring for a seperate provision test (which also now passes) broke things. Similarly, the iconv work has compiled, but these codepaths have never been run (NULL pointer de-reference). In working to use a local, rather than global, loadparm context, and to support using a target directory, a few things needed to be reworked, particularly around path handling. Andrew Bartlett (This used to be commit 1169e8d7bee20477b0efbfea3534ac63c83fb3d6) --- source4/dsdb/samdb/ldb_modules/schema_fsmo.c | 3 ++- source4/dsdb/schema/schema_init.c | 19 +++++++++++++------ 2 files changed, 15 insertions(+), 7 deletions(-) (limited to 'source4/dsdb') diff --git a/source4/dsdb/samdb/ldb_modules/schema_fsmo.c b/source4/dsdb/samdb/ldb_modules/schema_fsmo.c index 729fd15202..8ceeba9804 100644 --- a/source4/dsdb/samdb/ldb_modules/schema_fsmo.c +++ b/source4/dsdb/samdb/ldb_modules/schema_fsmo.c @@ -30,6 +30,7 @@ #include "librpc/gen_ndr/ndr_drsuapi.h" #include "librpc/gen_ndr/ndr_drsblobs.h" #include "lib/util/dlinklist.h" +#include "param/param.h" static int schema_fsmo_init(struct ldb_module *module) { @@ -78,7 +79,7 @@ static int schema_fsmo_init(struct ldb_module *module) } module->private_data = schema_fsmo; - schema = talloc_zero(mem_ctx, struct dsdb_schema); + schema = dsdb_new_schema(mem_ctx, lp_iconv_convenience(ldb_get_opaque(module->ldb, "loadparm"))); if (!schema) { ldb_oom(module->ldb); return LDB_ERR_OPERATIONS_ERROR; diff --git a/source4/dsdb/schema/schema_init.c b/source4/dsdb/schema/schema_init.c index 30d0adeda7..c046cb597f 100644 --- a/source4/dsdb/schema/schema_init.c +++ b/source4/dsdb/schema/schema_init.c @@ -29,6 +29,18 @@ #include "librpc/gen_ndr/ndr_drsblobs.h" #include "param/param.h" +struct dsdb_schema *dsdb_new_schema(TALLOC_CTX *mem_ctx, struct smb_iconv_convenience *iconv_convenience) +{ + struct dsdb_schema *schema = talloc_zero(mem_ctx, struct dsdb_schema); + if (!schema) { + return NULL; + } + + schema->iconv_convenience = iconv_convenience; + return schema; +} + + WERROR dsdb_load_oid_mappings_drsuapi(struct dsdb_schema *schema, const struct drsuapi_DsReplicaOIDMapping_Ctr *ctr) { uint32_t i,j; @@ -1150,12 +1162,7 @@ WERROR dsdb_attach_schema_from_ldif_file(struct ldb_context *ldb, const char *pf goto nomem; } - schema = talloc_zero(mem_ctx, struct dsdb_schema); - if (!schema) { - goto nomem; - } - - schema->iconv_convenience = lp_iconv_convenience(ldb_get_opaque(ldb, "loadparm")); + schema = dsdb_new_schema(mem_ctx, lp_iconv_convenience(ldb_get_opaque(ldb, "loadparm"))); /* * load the prefixMap attribute from pf -- cgit From 01b3d89aeccdd7bd6bc2a9636e59f0c928cc22dc Mon Sep 17 00:00:00 2001 From: Andrew Kroeger Date: Thu, 6 Mar 2008 06:02:46 -0600 Subject: Add samdb_result_account_expires() function. Windows uses 2 different values to indicate an account doesn't expire: 0 and 9223372036854775807 (0x7FFFFFFFFFFFFFFFULL). This function looks up the value of the accountExpires attribute and if the value is either value indicating the account doesn't expire, 0x7FFFFFFFFFFFFFFFULL is returned. This simplifies the tests for account expiration. There is no need to check elsewhere in the code for both values, therefore a simple greater-than expression can be used. (This used to be commit 7ce5575a3a40cca4a45ec179a153f7e909065a87) --- source4/dsdb/common/util.c | 24 ++++++++++++++++++++++++ 1 file changed, 24 insertions(+) (limited to 'source4/dsdb') diff --git a/source4/dsdb/common/util.c b/source4/dsdb/common/util.c index ace5e0edaf..07a433780b 100644 --- a/source4/dsdb/common/util.c +++ b/source4/dsdb/common/util.c @@ -433,6 +433,30 @@ NTTIME samdb_result_nttime(struct ldb_message *msg, const char *attr, NTTIME def return ldb_msg_find_attr_as_uint64(msg, attr, default_value); } +/* + * Windows uses both 0 and 9223372036854775807 (0x7FFFFFFFFFFFFFFFULL) to + * indicate an account doesn't expire. + * + * When Windows initially creates an account, it sets + * accountExpires = 9223372036854775807 (0x7FFFFFFFFFFFFFFF). However, + * when changing from an account having a specific expiration date to + * that account never expiring, it sets accountExpires = 0. + * + * Consolidate that logic here to allow clearer logic for account expiry in + * the rest of the code. + */ +NTTIME samdb_result_account_expires(struct ldb_message *msg, + NTTIME default_value) +{ + NTTIME ret = ldb_msg_find_attr_as_uint64(msg, "accountExpires", + default_value); + + if (ret == (NTTIME)0) + ret = 0x7FFFFFFFFFFFFFFFULL; + + return ret; +} + /* pull a uint64_t from a result set. */ -- cgit From a689d65e4ff393ca99051c385f9608b8050b7517 Mon Sep 17 00:00:00 2001 From: Andrew Kroeger Date: Fri, 7 Mar 2008 05:56:04 -0600 Subject: Treat maxPwdAge == 0 as passwords never expire. (This used to be commit d28f2cb678b334086f601505c88e56b9c1ee559d) --- source4/dsdb/common/util.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source4/dsdb') diff --git a/source4/dsdb/common/util.c b/source4/dsdb/common/util.c index 07a433780b..88c8afd6cc 100644 --- a/source4/dsdb/common/util.c +++ b/source4/dsdb/common/util.c @@ -517,7 +517,7 @@ NTTIME samdb_result_force_password_change(struct ldb_context *sam_ldb, maxPwdAge = samdb_search_int64(sam_ldb, mem_ctx, 0, domain_dn, "maxPwdAge", NULL); if (maxPwdAge == 0) { - return 0; + return 0x7FFFFFFFFFFFFFFFULL; } else { attr_time -= maxPwdAge; } -- cgit