The branch, master has been updated
via 813bdf4 ldb: Remove use after free in error case
via 070b970 s4-provision Add support for fixing the DC rid to a
particular value
via daa78ea s3-smbd Avoid races creating 'ncaclrpc dir' with epmd in a
child process
via b51f973 s4-param Set szConfigFile even for s3 loadparm contexts
via 305cb56 upgrade: Add missing bits for the s3 to s4 upgrade script
via 64ec42d tests: Update test for s3 to s4 upgrade with two cases
via 1c1f7df s3-passdb: Added python method to get_global_sam_sid
via e580f33 s3-passdb: Return dom_sid and guid with correct python
types.
via a252e69 passdb: Move python wrapper for passdb in samba3 python
package
via 9a4a2b0 py-samba3: Create samba3 python package to hold other
modules
via 6d139d6 s3-param: Add python wrapper for s3 parameters
via 6a18664 s3-passdb: Connect to specified samdb if location is
provided, otherwise use default
via d7ab07e s3-passdb: Fix the error messages and return correct
NTSTATUS
via ae65b97 s4-dsdb: Provide additional method to connect to specified
database path
via 8e4e408 s3-param: Make sure we have talloc stack frame before
calling in s3 code
via 7c9ecf3 param: Add smb.conf loading support to s3/s4 loadparm bridge
via 11698a2 s4-dsdb ensure we honour the hash_values control, even for
really odd hashes
via 2d6e98e s4-dsdb Give a less worrying error message on failure to
get a transaction
via 93e8d3b s4-scripting Rename passdb upgrade routine to avoid
conflict with upgradeprovision
via 00364e4 s3-passdb Add support for pdb_add_sam_account() and
password hashes to pdb_samba4
via 2993113 s4-dsdb Add ability to force a particular SID in the
upgrade case
via add8505 s3-passdb Make pdb_element_is_changed available to all
passdb modules
via c5e41a2 s4-dsdb Add flag to set DSDB_BYPASS_PASSWORD_HASH control
via 65e12c0 passdb: Allocate talloc stackframe before calling in pdb
functions.
via ae9a327 passdb: Call with correct backend methods instead of
default methods
via 2e0ccc4 passdb: Added python wrapper to passdb
via 08ccc6e passdb: Add a function to read secrets db from a specified
path
via 6f21f55 passdb: Add a function to expose loaded backend list.
via a1088d0 waf: Add SAMBA3_PYTHON context to build python wrappers in
samba3
via 4967b04 samba-tool: Remove gpo setacl command
from eeb0298 s3:smb2cli: pass more fields to
smb2cli_req_create()/smb2cli_req_send()
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit 813bdf466d1e0262c7b4bdf98343451db08c60f6
Author: Andrew Bartlett <abart...@samba.org>
Date: Sat Aug 13 13:42:04 2011 +1000
ldb: Remove use after free in error case
Autobuild-User: Andrew Bartlett <abart...@samba.org>
Autobuild-Date: Sat Aug 13 13:49:44 CEST 2011 on sn-devel-104
commit 070b970a9d0b4c490d652eb1c5aa5fb23cc7b6a6
Author: Andrew Bartlett <abart...@samba.org>
Date: Sat Aug 13 13:32:18 2011 +1000
s4-provision Add support for fixing the DC rid to a particular value
This will allow an upgraded DC to keep its SID, while being upgraded
to AD. We also watch for the highest RID in the existing DB to set
next_rid for other additional users.
Andrew Bartlett
commit daa78ead19fcbfcd5aa169d96c11ab8df49efe4b
Author: Andrew Bartlett <abart...@samba.org>
Date: Sat Aug 13 13:30:16 2011 +1000
s3-smbd Avoid races creating 'ncaclrpc dir' with epmd in a child process
commit b51f97325b8ea330e20ee7c4bf673c4475dd0a0e
Author: Andrew Bartlett <abart...@samba.org>
Date: Fri Aug 12 22:17:26 2011 +1000
s4-param Set szConfigFile even for s3 loadparm contexts
commit 305cb567f4f14ef329efc4756a17483076d9270c
Author: Amitay Isaacs <ami...@gmail.com>
Date: Fri Aug 12 11:37:57 2011 +1000
upgrade: Add missing bits for the s3 to s4 upgrade script
Use passdb backend to import/export users
Remove unused options for upgrade_from_s3 command (--blank) and credentials
options
Config file is specified with -s/--configfile option and no need to specify
as an argument.
Pair-Programmed-With: Andrew Bartlett <abart...@samba.org>
commit 64ec42d64f0a6029b135c49cfeb8bc5c6f8cbdbe
Author: Amitay Isaacs <ami...@gmail.com>
Date: Fri Aug 12 17:47:49 2011 +1000
tests: Update test for s3 to s4 upgrade with two cases
S3-member to S4-member and S3-dc to S4-dc
Pair-Programmed-With: Andrew Bartlett <abart...@samba.org>
commit 1c1f7df956de9658a0bc4594af3202badbdaeeeb
Author: Amitay Isaacs <ami...@gmail.com>
Date: Fri Aug 12 17:10:17 2011 +1000
s3-passdb: Added python method to get_global_sam_sid
Pair-Programmed-With: Andrew Bartlett <abart...@samba.org>
commit e580f33b131471b9fa70764d3fc395db592accd2
Author: Amitay Isaacs <ami...@gmail.com>
Date: Fri Aug 12 17:09:19 2011 +1000
s3-passdb: Return dom_sid and guid with correct python types.
Pair-Programmed-With: Andrew Bartlett <abart...@samba.org>
commit a252e69db28c1e65fe1ba74ce5b6db7d34c2bcff
Author: Amitay Isaacs <ami...@gmail.com>
Date: Fri Aug 12 16:20:11 2011 +1000
passdb: Move python wrapper for passdb in samba3 python package
commit 9a4a2b0f0d1411c98194a838390862bff8c184dd
Author: Amitay Isaacs <ami...@gmail.com>
Date: Fri Aug 12 16:19:06 2011 +1000
py-samba3: Create samba3 python package to hold other modules
This will include passdb and param.
commit 6d139d6b0f3d38be395626a7fb4e8d02151102ab
Author: Amitay Isaacs <ami...@gmail.com>
Date: Fri Aug 12 15:48:03 2011 +1000
s3-param: Add python wrapper for s3 parameters
This provids a get_context() method to return s3 context as s4 context type.
Pair-Programmed-With: Andrew Bartlett <abart...@samba.org>
commit 6a18664d511ac77bde3df040e3c95ffef385c186
Author: Amitay Isaacs <ami...@gmail.com>
Date: Fri Aug 12 15:45:43 2011 +1000
s3-passdb: Connect to specified samdb if location is provided, otherwise
use default
Pair-Programmed-With: Andrew Bartlett <abart...@samba.org>
commit d7ab07e86f421de1cb4dbd3905ec2567f0e34c1b
Author: Amitay Isaacs <ami...@gmail.com>
Date: Fri Aug 12 15:44:39 2011 +1000
s3-passdb: Fix the error messages and return correct NTSTATUS
Pair-Programmed-With: Andrew Bartlett <abart...@samba.org>
commit ae65b971ac1492da53b1259d113f686504e570cd
Author: Amitay Isaacs <ami...@gmail.com>
Date: Fri Aug 12 15:43:04 2011 +1000
s4-dsdb: Provide additional method to connect to specified database path
samdb_connect() now calls samdb_connect_url() with default "sam.ldb".
Pair-Programmed-With: Andrew Bartlett <abart...@samba.org>
commit 8e4e408e3a96c0fb5540d2f9a99269c09226e4a4
Author: Amitay Isaacs <ami...@gmail.com>
Date: Fri Aug 12 15:40:26 2011 +1000
s3-param: Make sure we have talloc stack frame before calling in s3 code
When loading parameters as s4 context in s3 code, ensure we have a
talloc stack frame. This is required for python wrapping s3 params.
commit 7c9ecf35fa92395ce46d1410ae0b343f6dc24774
Author: Andrew Bartlett <abart...@samba.org>
Date: Fri Aug 12 11:26:42 2011 +1000
param: Add smb.conf loading support to s3/s4 loadparm bridge
commit 11698a287e2ca1e937a465225af033e269749eb3
Author: Andrew Bartlett <abart...@samba.org>
Date: Thu Aug 11 15:50:54 2011 +1000
s4-dsdb ensure we honour the hash_values control, even for really odd hashes
commit 2d6e98e5c8f44b20b1f071c34ff791e39d3bb052
Author: Andrew Bartlett <abart...@samba.org>
Date: Thu Aug 11 15:49:37 2011 +1000
s4-dsdb Give a less worrying error message on failure to get a transaction
commit 93e8d3b38185538e3549aee0ee4c1134118626c9
Author: Andrew Bartlett <abart...@samba.org>
Date: Thu Aug 11 16:19:24 2011 +1000
s4-scripting Rename passdb upgrade routine to avoid conflict with
upgradeprovision
commit 00364e4e0d3d091e1b8cc9dd2b1b30eb84f2f085
Author: Andrew Bartlett <abart...@samba.org>
Date: Thu Aug 11 15:47:01 2011 +1000
s3-passdb Add support for pdb_add_sam_account() and password hashes to
pdb_samba4
This will help when using this as part of the Samba3 passdb -> Samba4
ldb database upgrade script.
Andrew Bartlett
commit 2993113a56032be89272a626a7ef4c436d73080a
Author: Andrew Bartlett <abart...@samba.org>
Date: Thu Aug 11 15:46:26 2011 +1000
s4-dsdb Add ability to force a particular SID in the upgrade case
commit add8505fde9d178b3a0dbb71a207485cdb8fc161
Author: Andrew Bartlett <abart...@samba.org>
Date: Thu Aug 11 15:39:47 2011 +1000
s3-passdb Make pdb_element_is_changed available to all passdb modules
This will allow pdb_samba4 to use this
Andrew Bartlett
commit c5e41a21dd2dad9b43b40b38f75cea0da67c2cce
Author: Andrew Bartlett <abart...@samba.org>
Date: Thu Aug 11 16:14:36 2011 +1000
s4-dsdb Add flag to set DSDB_BYPASS_PASSWORD_HASH control
commit 65e12c05012b714dc1060650419f72266bf5ad07
Author: Amitay Isaacs <ami...@gmail.com>
Date: Thu Aug 11 13:59:00 2011 +1000
passdb: Allocate talloc stackframe before calling in pdb functions.
commit ae9a3274bc511a302ab52ec94b43b7a0abd84fe9
Author: Amitay Isaacs <ami...@gmail.com>
Date: Wed Aug 10 17:32:32 2011 +1000
passdb: Call with correct backend methods instead of default methods
Pair-Programmed-With: Andrew Bartlett <abart...@samba.org>
commit 2e0ccc47723e5117180a4ece8a260920fc66b2b8
Author: Amitay Isaacs <ami...@gmail.com>
Date: Wed Aug 10 13:53:43 2011 +1000
passdb: Added python wrapper to passdb
- Added python wrapper for samu structure.
- Added python wrapper for passdb methods:
domain_info(), getsampwnam(), getsampwsid(), create_user(),
delete_user(), add_sam_account(), delete_sam_account(),
update_sam_account(), rename_sam_account(), search_users()
Pair-Programmed-With: Andrew Bartlett <abart...@samba.org>
commit 08ccc6ed5121dae8485328fc2ac8ad4f35db2729
Author: Amitay Isaacs <ami...@gmail.com>
Date: Wed Aug 10 13:50:26 2011 +1000
passdb: Add a function to read secrets db from a specified path
This allows to load secrets db from a different location. The original
secrets_init() now calls secrets_init_path() with lp_private_dir().
commit 6f21f556c1e9a6df9f7dc00aa1e270ff91ffd850
Author: Amitay Isaacs <ami...@gmail.com>
Date: Wed Aug 10 13:46:34 2011 +1000
passdb: Add a function to expose loaded backend list.
This function is used in python wrapper to list available python backends.
commit a1088d08430bbf487c34236bbad367158621ecd9
Author: Amitay Isaacs <ami...@gmail.com>
Date: Wed Aug 10 13:43:18 2011 +1000
waf: Add SAMBA3_PYTHON context to build python wrappers in samba3
commit 4967b04ada42d82acb1dfdade0f776ee7885f99d
Author: Amitay Isaacs <ami...@gmail.com>
Date: Wed Aug 3 15:09:19 2011 +1000
samba-tool: Remove gpo setacl command
-----------------------------------------------------------------------
Summary of changes:
buildtools/wafsamba/samba3.py | 5 +
lib/ldb/ldb_tdb/ldb_tdb.c | 1 -
source3/include/secrets.h | 1 +
source3/param/loadparm_ctx.c | 13 +
source3/param/pyparam.c | 87 +
source3/passdb/passdb.c | 14 +-
source3/passdb/pdb_get_set.c | 23 +
source3/passdb/pdb_interface.c | 14 +-
source3/passdb/pdb_ldap.c | 35 +-
source3/passdb/pdb_samba4.c | 311 +++-
source3/passdb/proto.h | 8 +-
source3/passdb/py_passdb.c | 1638 ++++++++++++++++++++
source3/passdb/secrets.c | 22 +-
source3/passdb/wscript_build | 7 +
source3/smbd/server.c | 9 +
source3/wscript_build | 7 +
source4/dsdb/common/util.c | 8 +
source4/dsdb/common/util.h | 1 +
source4/dsdb/common/util_samr.c | 19 +-
source4/dsdb/samdb/ldb_modules/password_hash.c | 6 +-
source4/dsdb/samdb/samdb.c | 21 +-
source4/param/loadparm.c | 4 +
source4/rpc_server/samr/dcesrv_samr.c | 3 +-
source4/script/mks3param.pl | 1 +
source4/scripting/python/samba/netcmd/gpo.py | 5 -
.../scripting/python/samba/provision/__init__.py | 34 +-
.../python/samba/{samba3.py => samba3/__init__.py} | 36 +-
source4/scripting/python/samba/upgrade.py | 110 +-
source4/selftest/tests.py | 2 +-
source4/setup/tests/blackbox_s3upgrade.sh | 62 +
source4/setup/upgrade_from_s3 | 23 +-
31 files changed, 2311 insertions(+), 219 deletions(-)
create mode 100644 source3/param/pyparam.c
create mode 100644 source3/passdb/py_passdb.c
rename source4/scripting/python/samba/{samba3.py => samba3/__init__.py} (98%)
create mode 100755 source4/setup/tests/blackbox_s3upgrade.sh
Changeset truncated at 500 lines:
diff --git a/buildtools/wafsamba/samba3.py b/buildtools/wafsamba/samba3.py
index e1411e1..b2a3655 100644
--- a/buildtools/wafsamba/samba3.py
+++ b/buildtools/wafsamba/samba3.py
@@ -110,3 +110,8 @@ def SAMBA3_BINARY(bld, name, *args, **kwargs):
s3_fix_kwargs(bld, kwargs)
return bld.SAMBA_BINARY(name, *args, **kwargs)
Build.BuildContext.SAMBA3_BINARY = SAMBA3_BINARY
+
+def SAMBA3_PYTHON(bld, name, *args, **kwargs):
+ s3_fix_kwargs(bld, kwargs)
+ return bld.SAMBA_PYTHON(name, *args, **kwargs)
+Build.BuildContext.SAMBA3_PYTHON = SAMBA3_PYTHON
diff --git a/lib/ldb/ldb_tdb/ldb_tdb.c b/lib/ldb/ldb_tdb/ldb_tdb.c
index d111e01..f07a9d2 100644
--- a/lib/ldb/ldb_tdb/ldb_tdb.c
+++ b/lib/ldb/ldb_tdb/ldb_tdb.c
@@ -1511,7 +1511,6 @@ static int ltdb_connect(struct ldb_context *ldb, const
char *url,
if (ltdb_cache_load(module) != 0) {
talloc_free(module);
- talloc_free(ltdb);
return LDB_ERR_OPERATIONS_ERROR;
}
diff --git a/source3/include/secrets.h b/source3/include/secrets.h
index 4c23335..3e36f2e 100644
--- a/source3/include/secrets.h
+++ b/source3/include/secrets.h
@@ -81,6 +81,7 @@ struct afs_keyfile {
/* The following definitions come from passdb/secrets.c */
+bool secrets_init_path(const char *private_dir);
bool secrets_init(void);
struct db_context *secrets_db_ctx(void);
void secrets_shutdown(void);
diff --git a/source3/param/loadparm_ctx.c b/source3/param/loadparm_ctx.c
index 7c59ca7..3aadda1 100644
--- a/source3/param/loadparm_ctx.c
+++ b/source3/param/loadparm_ctx.c
@@ -20,6 +20,18 @@
#include "includes.h"
#include "../source4/param/s3_param.h"
+static bool lp_load_for_s4_ctx(const char *filename)
+{
+ TALLOC_CTX *mem_ctx;
+ bool status;
+
+ mem_ctx = talloc_stackframe();
+ status = lp_load(filename, false, false, false, false);
+ talloc_free(mem_ctx);
+
+ return status;
+}
+
/* These are in the order that they appear in the s4 loadparm file.
* All of the s4 loadparm functions should be here eventually, once
* they are implemented in the s3 loadparm, have the same format (enum
@@ -33,6 +45,7 @@ static const struct loadparm_s3_context s3_fns =
.get_servicebynum = lp_servicebynum,
.get_default_loadparm_service = lp_default_loadparm_service,
.get_numservices = lp_numservices,
+ .load = lp_load_for_s4_ctx,
.set_cmdline = lp_set_cmdline,
.server_role = lp_server_role,
diff --git a/source3/param/pyparam.c b/source3/param/pyparam.c
new file mode 100644
index 0000000..ff234ac
--- /dev/null
+++ b/source3/param/pyparam.c
@@ -0,0 +1,87 @@
+/*
+ Unix SMB/CIFS implementation.
+ Samba utility functions
+ Copyright (C) Amitay Isaacs <ami...@gmail.com> 2011
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include <Python.h>
+#include "includes.h"
+#include "param/param.h"
+#include "param/loadparm.h"
+#include "lib/talloc/pytalloc.h"
+
+static PyTypeObject *loadparm_Type = NULL;
+
+void initparam(void);
+
+static PyObject *py_get_context(PyObject *self)
+{
+ PyObject *py_loadparm;
+ const struct loadparm_s3_context *s3_context;
+ const struct loadparm_context *s4_context;
+ TALLOC_CTX *mem_ctx;
+
+ mem_ctx = talloc_new(NULL);
+ if (mem_ctx == NULL) {
+ PyErr_NoMemory();
+ return NULL;
+ }
+
+ s3_context = loadparm_s3_context();
+
+ s4_context = loadparm_init_s3(mem_ctx, s3_context);
+ if (s4_context == NULL) {
+ PyErr_NoMemory();
+ return NULL;
+ }
+
+ py_loadparm = pytalloc_steal(loadparm_Type, discard_const_p(struct
loadparm_context, s4_context));
+ if (py_loadparm == NULL) {
+ talloc_free(mem_ctx);
+ PyErr_NoMemory();
+ return NULL;
+ }
+
+ talloc_free(mem_ctx);
+
+ return py_loadparm;
+}
+
+static PyMethodDef pyparam_methods[] = {
+ { "get_context", (PyCFunction)py_get_context, METH_NOARGS,
+ "Returns LoadParm context." },
+ { NULL }
+};
+
+void initparam(void)
+{
+ PyObject *m, *mod;
+
+ m = Py_InitModule3("param", pyparam_methods, "Parsing and writing
Samba3 configuration files.");
+ if (m == NULL)
+ return;
+
+ mod = PyImport_ImportModule("samba.param");
+ if (mod == NULL) {
+ return;
+ }
+
+ loadparm_Type = (PyTypeObject *)PyObject_GetAttrString(mod, "LoadParm");
+ Py_DECREF(mod);
+ if (loadparm_Type == NULL) {
+ return;
+ }
+}
diff --git a/source3/passdb/passdb.c b/source3/passdb/passdb.c
index faa608c..62dcb5d 100644
--- a/source3/passdb/passdb.c
+++ b/source3/passdb/passdb.c
@@ -146,7 +146,8 @@ static int count_commas(const char *str)
attributes and a user SID.
*********************************************************************/
-static NTSTATUS samu_set_unix_internal(struct samu *user, const struct passwd
*pwd, bool create)
+static NTSTATUS samu_set_unix_internal(struct pdb_methods *methods,
+ struct samu *user, const struct passwd
*pwd, bool create)
{
const char *guest_account = lp_guestaccount();
const char *domain = lp_netbios_name();
@@ -246,11 +247,11 @@ static NTSTATUS samu_set_unix_internal(struct samu *user,
const struct passwd *p
initialized and will fill in these fields later (such as from a
netr_SamInfo3 structure) */
- if ( create && (pdb_capabilities() & PDB_CAP_STORE_RIDS)) {
+ if ( create && (methods->capabilities(methods) & PDB_CAP_STORE_RIDS)) {
uint32_t user_rid;
struct dom_sid user_sid;
- if ( !pdb_new_rid( &user_rid ) ) {
+ if ( !methods->new_rid(methods, &user_rid) ) {
DEBUG(3, ("Could not allocate a new RID\n"));
return NT_STATUS_ACCESS_DENIED;
}
@@ -282,12 +283,13 @@ static NTSTATUS samu_set_unix_internal(struct samu *user,
const struct passwd *p
NTSTATUS samu_set_unix(struct samu *user, const struct passwd *pwd)
{
- return samu_set_unix_internal( user, pwd, False );
+ return samu_set_unix_internal( NULL, user, pwd, False );
}
-NTSTATUS samu_alloc_rid_unix(struct samu *user, const struct passwd *pwd)
+NTSTATUS samu_alloc_rid_unix(struct pdb_methods *methods,
+ struct samu *user, const struct passwd *pwd)
{
- return samu_set_unix_internal( user, pwd, True );
+ return samu_set_unix_internal( methods, user, pwd, True );
}
/**********************************************************
diff --git a/source3/passdb/pdb_get_set.c b/source3/passdb/pdb_get_set.c
index 4ff1380..d0d7317 100644
--- a/source3/passdb/pdb_get_set.c
+++ b/source3/passdb/pdb_get_set.c
@@ -1088,3 +1088,26 @@ uint32_t pdb_build_fields_present(struct samu *sampass)
/* value set to all for testing */
return 0x00ffffff;
}
+
+/**********************************************************************
+ Helper function to determine for update_sam_account whether
+ we need LDAP modification.
+*********************************************************************/
+
+bool pdb_element_is_changed(const struct samu *sampass,
+ enum pdb_elements element)
+{
+ return IS_SAM_CHANGED(sampass, element);
+}
+
+/**********************************************************************
+ Helper function to determine for update_sam_account whether
+ we need LDAP modification.
+ *********************************************************************/
+
+bool pdb_element_is_set_or_changed(const struct samu *sampass,
+ enum pdb_elements element)
+{
+ return (IS_SAM_SET(sampass, element) ||
+ IS_SAM_CHANGED(sampass, element));
+}
diff --git a/source3/passdb/pdb_interface.c b/source3/passdb/pdb_interface.c
index c92b22a..44e7421 100644
--- a/source3/passdb/pdb_interface.c
+++ b/source3/passdb/pdb_interface.c
@@ -99,6 +99,12 @@ struct pdb_init_function_entry *pdb_find_backend_entry(const
char *name)
return NULL;
}
+const struct pdb_init_function_entry *pdb_get_backends(void)
+{
+ return backends;
+}
+
+
/*
* The event context for the passdb backend. I know this is a bad hack and yet
* another static variable, but our pdb API is a global thing per
@@ -490,7 +496,7 @@ static NTSTATUS pdb_default_create_user(struct pdb_methods
*methods,
/* we have a valid SID coming out of this call */
- status = samu_alloc_rid_unix( sam_pass, pwd );
+ status = samu_alloc_rid_unix(methods, sam_pass, pwd);
TALLOC_FREE( pwd );
@@ -515,7 +521,7 @@ static NTSTATUS pdb_default_create_user(struct pdb_methods
*methods,
pdb_set_acct_ctrl(sam_pass, acb_info, PDB_CHANGED);
- status = pdb_add_sam_account(sam_pass);
+ status = methods->add_sam_account(methods, sam_pass);
TALLOC_FREE(sam_pass);
@@ -573,7 +579,9 @@ static NTSTATUS pdb_default_delete_user(struct pdb_methods
*methods,
NTSTATUS status;
fstring username;
- status = pdb_delete_sam_account(sam_acct);
+ memcache_flush(NULL, PDB_GETPWSID_CACHE);
+
+ status = methods->delete_sam_account(methods, sam_acct);
if (!NT_STATUS_IS_OK(status)) {
return status;
}
diff --git a/source3/passdb/pdb_ldap.c b/source3/passdb/pdb_ldap.c
index f8da0ff..74dccec 100644
--- a/source3/passdb/pdb_ldap.c
+++ b/source3/passdb/pdb_ldap.c
@@ -1942,17 +1942,6 @@ static NTSTATUS ldapsam_delete_sam_account(struct
pdb_methods *my_methods,
}
/**********************************************************************
- Helper function to determine for update_sam_account whether
- we need LDAP modification.
-*********************************************************************/
-
-static bool element_is_changed(const struct samu *sampass,
- enum pdb_elements element)
-{
- return IS_SAM_CHANGED(sampass, element);
-}
-
-/**********************************************************************
Update struct samu.
*********************************************************************/
@@ -1997,7 +1986,7 @@ static NTSTATUS ldapsam_update_sam_account(struct
pdb_methods *my_methods, struc
DEBUG(4, ("ldapsam_update_sam_account: user %s to be modified has dn:
%s\n", pdb_get_username(newpwd), dn));
if (!init_ldap_from_sam(ldap_state, entry, &mods, newpwd,
- element_is_changed)) {
+ pdb_element_is_changed)) {
DEBUG(0, ("ldapsam_update_sam_account: init_ldap_from_sam
failed!\n"));
TALLOC_FREE(dn);
if (mods != NULL)
@@ -2013,7 +2002,7 @@ static NTSTATUS ldapsam_update_sam_account(struct
pdb_methods *my_methods, struc
return NT_STATUS_OK;
}
- ret = ldapsam_modify_entry(my_methods,newpwd,dn,mods,LDAP_MOD_REPLACE,
element_is_changed);
+ ret = ldapsam_modify_entry(my_methods,newpwd,dn,mods,LDAP_MOD_REPLACE,
pdb_element_is_changed);
if (mods != NULL) {
ldap_mods_free(mods,True);
@@ -2133,18 +2122,6 @@ static NTSTATUS ldapsam_rename_sam_account(struct
pdb_methods *my_methods,
}
/**********************************************************************
- Helper function to determine for update_sam_account whether
- we need LDAP modification.
- *********************************************************************/
-
-static bool element_is_set_or_changed(const struct samu *sampass,
- enum pdb_elements element)
-{
- return (IS_SAM_SET(sampass, element) ||
- IS_SAM_CHANGED(sampass, element));
-}
-
-/**********************************************************************
Add struct samu to LDAP.
*********************************************************************/
@@ -2194,7 +2171,7 @@ static NTSTATUS ldapsam_add_sam_account(struct
pdb_methods *my_methods, struct s
ldap_msgfree(result);
result = NULL;
- if (element_is_set_or_changed(newpwd, PDB_USERSID)) {
+ if (pdb_element_is_set_or_changed(newpwd, PDB_USERSID)) {
rc = ldapsam_get_ldap_user_by_sid(ldap_state,
sid, &result);
if (rc == LDAP_SUCCESS) {
@@ -2330,7 +2307,7 @@ static NTSTATUS ldapsam_add_sam_account(struct
pdb_methods *my_methods, struct s
}
if (!init_ldap_from_sam(ldap_state, entry, &mods, newpwd,
- element_is_set_or_changed)) {
+ pdb_element_is_set_or_changed)) {
DEBUG(0, ("ldapsam_add_sam_account: init_ldap_from_sam
failed!\n"));
if (mods != NULL) {
ldap_mods_free(mods, true);
@@ -2354,7 +2331,7 @@ static NTSTATUS ldapsam_add_sam_account(struct
pdb_methods *my_methods, struct s
break;
}
- ret = ldapsam_modify_entry(my_methods,newpwd,dn,mods,ldap_op,
element_is_set_or_changed);
+ ret = ldapsam_modify_entry(my_methods,newpwd,dn,mods,ldap_op,
pdb_element_is_set_or_changed);
if (!NT_STATUS_IS_OK(ret)) {
DEBUG(0,("ldapsam_add_sam_account: failed to modify/add user
with uid = %s (dn = %s)\n",
pdb_get_username(newpwd),dn));
@@ -5367,7 +5344,7 @@ static NTSTATUS ldapsam_create_user(struct pdb_methods
*my_methods,
return NT_STATUS_UNSUCCESSFUL;
}
- if (!init_ldap_from_sam(ldap_state, entry, &mods, user,
element_is_set_or_changed)) {
+ if (!init_ldap_from_sam(ldap_state, entry, &mods, user,
pdb_element_is_set_or_changed)) {
DEBUG(1,("ldapsam_create_user: Unable to fill user structs\n"));
return NT_STATUS_UNSUCCESSFUL;
}
diff --git a/source3/passdb/pdb_samba4.c b/source3/passdb/pdb_samba4.c
index 5848c23..ae38133 100644
--- a/source3/passdb/pdb_samba4.c
+++ b/source3/passdb/pdb_samba4.c
@@ -33,6 +33,7 @@
#include "source4/auth/session.h"
#include "source4/auth/system_session_proto.h"
#include "source4/param/param.h"
+#include "source4/dsdb/common/util.h"
struct pdb_samba4_state {
struct tevent_context *ev;
@@ -328,115 +329,224 @@ static bool pdb_samba4_add_time(struct ldb_message *msg,
return ldb_msg_add_fmt(msg, attrib, "%llu", (unsigned long long)
nt_time);
}
-/* Like in pdb_ldap(), this will need to be a function pointer when we
- * start to support 'adds' for migrations from samba3 passdb backends
- * to samba4 */
-static bool update_required(struct samu *sam, enum pdb_elements element)
-{
- return (IS_SAM_CHANGED(sam, element));
-}
-
-static bool pdb_samba4_init_samba4_from_sam(struct pdb_samba4_state *state,
- struct ldb_message *existing,
- TALLOC_CTX *mem_ctx,
- struct ldb_message **pmods,
- struct samu *sam)
+static int pdb_samba4_replace_by_sam(struct pdb_samba4_state *state,
+ bool (*need_update)(const struct samu *,
+ enum pdb_elements),
+ struct ldb_dn *dn,
+ struct samu *sam)
{
int ret = LDB_SUCCESS;
const char *pw;
struct ldb_message *msg;
-
+ struct ldb_request *req;
+ uint32_t dsdb_flags = 0;
/* TODO: All fields :-) */
- msg = ldb_msg_new(mem_ctx);
+ msg = ldb_msg_new(talloc_tos());
if (!msg) {
return false;
}
- msg->dn = existing->dn;
+ msg->dn = dn;
+
+ /* build modify request */
+ ret = ldb_build_mod_req(&req, state->ldb, talloc_tos(), msg, NULL, NULL,
+ ldb_op_default_callback,
+ NULL);
+ if (ret != LDB_SUCCESS) {
+ talloc_free(msg);
+ return ret;
+ }
pw = pdb_get_plaintext_passwd(sam);
- if (update_required(sam, PDB_PLAINTEXT_PW)) {
+ if (need_update(sam, PDB_PLAINTEXT_PW)) {
if (pw == NULL) {
- ret = LDB_ERR_OPERATIONS_ERROR;
- goto fail;
+ return LDB_ERR_OPERATIONS_ERROR;
}
ret |= ldb_msg_add_string(msg, "clearTextPassword", pw);
+ } else {
+ bool changed_lm_pw = false;
+ bool changed_nt_pw = false;
+ bool changed_history = false;
+ if (need_update(sam, PDB_LMPASSWD)) {
+ struct ldb_val val;
+ val.data = pdb_get_lanman_passwd(sam);
+ if (!val.data) {
+ samdb_msg_add_delete(state->ldb, msg, msg,
+ "dBCSPwd");
+ } else {
+ val.length = LM_HASH_LEN;
+ ret |= ldb_msg_add_value(msg, "dBCSPwd", &val,
NULL);
+ }
+ changed_lm_pw = true;
+ }
+ if (need_update(sam, PDB_NTPASSWD)) {
+ struct ldb_val val;
+ val.data = pdb_get_lanman_passwd(sam);
+ if (!val.data) {
+ samdb_msg_add_delete(state->ldb, msg, msg,
+ "unicodePwd");
+ } else {
+ val.length = NT_HASH_LEN;
+ ret |= ldb_msg_add_value(msg, "unicodePwd",
&val, NULL);
+ }
+ changed_nt_pw = true;
+ }
+
+ /* Try to ensure we don't get out of sync */
+ if (changed_lm_pw && !changed_nt_pw) {
+ samdb_msg_add_delete(state->ldb, msg, msg,
+ "unicodePwd");
+ } else if (changed_nt_pw && !changed_lm_pw) {
+ samdb_msg_add_delete(state->ldb, msg, msg,
+ "dBCSPwd");
+ }
+ if (changed_lm_pw || changed_nt_pw) {
+ samdb_msg_add_delete(state->ldb, msg, msg,
+ "supplementalCredentials");
+
+ }
+
+ /* If we set a plaintext password, the system will
+ * force the pwdLastSet to now(), and it isn't worth
+ * working around this for the real world use cases of
+ * pdb_samba4 */
+ if (need_update(sam, PDB_PASSLASTSET)) {
+ ret |= pdb_samba4_add_time(msg, "pwdLastSet",
+
pdb_get_pass_last_set_time(sam));
+ }
--
Samba Shared Repository
