[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 3471d36... selftest-s4: set the posix:eadb at the global level via c12d536... s4-python: add some helper for converting ldb_flag to text via 8c6fc09... upgradeprovision: forbid running upgradeprovision when there is more than 1 DC via 929dbf8... upgradeprovision: mark rIDAvailablePool never upgraded via 4d6cda7... upgradeprovision: reformat + add groupType as possibly overwritten via 4c28e7f... upgradeprovision: improve info messages via bd9fbda... Revert "s4:upgradeprovision - fix up the script regarding linked attributes" via 9704249... upgradeprovision: never use xattr it's pointless in this usecase via 0cdc39e... Add a comment to tdb_wrap to explain why it should be used instead of directly using tdb via a4b01dd... s4: utils recreate in python setntacl and getntacl via 1a143b8... s4: allow python code to dump NTACL object as well via c637c52... provision: use message and do not display warning if the user choosed delibarately posix:eadb via d4514a6... provision: introduce use-xattr parameter for defining where to store attributes via 711c760... s4-tests: register new unit tests via 10995d9... s4-python: add unit test for ntacls manipulation in python via 3789ba2... s4-python: add more unit tests for xattr manipulation in python via f0954c7... s4: update setntacl and getntacl to select the adaquate backend (fs/tdb) for storing xattr via c442b25... s4: ntvfs, create push_xattr_blob_tdb_raw and pull_xattr_blob_tdb_raw that do not depend on pvfs objects via e78626d... s4: Set acls correctly on all sysvol and scripts shares via 9b70979... s4: Make unixid optional via 028c9b1... s4: regroup gpo modification in one function, set acl on files accordingly with ACL in LDAP via 08c59c3... s4: Create unit tests for python "samba.xattr" module via c80ecd9... s4: add python bindings for wrap_(s|g)etxattr from 45465cb... s4:selftest: add the samr-passwords-lockout test to knownfail http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 3471d3677a781e6a03e1a8010946aa82ad7aad83 Author: Matthieu Patou Date: Fri Jan 15 14:08:26 2010 +0300 selftest-s4: set the posix:eadb at the global level commit c12d5363d6789528c8b63c71d171d30ccecc7109 Author: Matthieu Patou Date: Tue Jan 12 19:49:49 2010 +0300 s4-python: add some helper for converting ldb_flag to text commit 8c6fc09f18757e49e90936266fa763e0267d2e57 Author: Matthieu Patou Date: Fri Jan 15 14:09:06 2010 +0300 upgradeprovision: forbid running upgradeprovision when there is more than 1 DC commit 929dbf8ef817cb1646a5f82b9a0f0eece4ab84ee Author: Matthieu Patou Date: Tue Jan 19 01:53:01 2010 +0300 upgradeprovision: mark rIDAvailablePool never upgraded handle properly the fact that missing object might depend on some other in order to be correctly created debug change also if we are in debugall mode commit 4d6cda75e3f0536c71741051ae4c643d11ab95d8 Author: Matthieu Patou Date: Tue Jan 12 15:43:39 2010 +0300 upgradeprovision: reformat + add groupType as possibly overwritten commit 4c28e7ff0cbd9a1e8c981c9ee6f5c48a8c7a0002 Author: Matthieu Patou Date: Tue Jan 12 19:53:38 2010 +0300 upgradeprovision: improve info messages commit bd9fbdab4c6ebe703800baccc274206fc1bd4ada Author: Matthieu Patou Date: Tue Jan 12 20:13:33 2010 +0300 Revert "s4:upgradeprovision - fix up the script regarding linked attributes" This reverts commit 2cedefabc93c8a1fcb49d65a3f78a344e814f826. commit 9704249ccc6d3d5f0a0c1860ab869d0304118849 Author: Matthieu Patou Date: Tue Jan 19 01:56:30 2010 +0300 upgradeprovision: never use xattr it's pointless in this usecase commit 0cdc39e7302adf86010d23ef0f08f3cbdcf6b1b2 Author: Matthieu Patou Date: Tue Jan 12 02:23:13 2010 +0300 Add a comment to tdb_wrap to explain why it should be used instead of directly using tdb commit a4b01dd59c386c84776367b46b0fa726918dbebc Author: Matthieu Patou Date: Sat Oct 24 15:34:31 2009 +0400 s4: utils recreate in python setntacl and getntacl setntacl is able to set NTACL attribute from command line getntacl now use getopt for parsing command line option and is also able to dump the acl in the SDDL format. commit 1a143b8a590f5173ccacb7368f3cf36a8785da33 Author: Matthieu Patou Date: Mon Jan 11 02:19:22 2010 +0300 s4: allow python code to dump NTACL object as well commit c637c528762e5972bc47cc18f158186c670b4f7d Author: Matthieu Patou Date: Sun Jan 17 22:50:31 2010 +0300 provision: use message and do not display warning if the user choosed delibarately posix:eadb commit d4514a6539052b6944582ef8e5e1930b5f42ffd7 Author: Matthieu Patou Date: Fri Jan 8 17:00:54 2010 +0
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated
via f299fe5... s4:provision Just 'do the right thing' with empty
smb.conf files
from f8778ba... s4-smbtorture: use test_GetPrinter_level in
RPC-SPOOLSS-NOTIFY.
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -
commit f299fe565ae5dba76ffc708da9a47405d61b0af9
Author: Andrew Bartlett
Date: Wed Feb 10 13:56:24 2010 +1100
s4:provision Just 'do the right thing' with empty smb.conf files
For some reason, JHT keeps on creating an empty smb.conf file,
expecting it to be the same as a non-existant one. It is easier to
just realise what he meant.
Andrew Bartlett
---
Summary of changes:
source4/scripting/python/samba/provision.py | 12 ++--
source4/setup/tests/blackbox_provision.sh | 16
2 files changed, 26 insertions(+), 2 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source4/scripting/python/samba/provision.py
b/source4/scripting/python/samba/provision.py
index 58c172f..b02d94d 100644
--- a/source4/scripting/python/samba/provision.py
+++ b/source4/scripting/python/samba/provision.py
@@ -1172,9 +1172,17 @@ def provision(setup_dir, message, session_info,
smbconf = param.default_path()
# only install a new smb.conf if there isn't one there already
-if not os.path.exists(smbconf):
+if os.path.exists(smbconf):
+# JHT calls me up often enough with weird errors, because he
+# uses an empty smb.conf. --abartlet
+data = open(smbconf, 'r').read()
+data = data.lstrip()
+if data is None or data == "":
+make_smbconf(smbconf, setup_path, hostname, domain, realm,
serverrole,
+ targetdir, sid_generator, useeadb)
+else:
make_smbconf(smbconf, setup_path, hostname, domain, realm, serverrole,
- targetdir, sid_generator,useeadb)
+ targetdir, sid_generator, useeadb)
lp = param.LoadParm()
lp.load(smbconf)
diff --git a/source4/setup/tests/blackbox_provision.sh
b/source4/setup/tests/blackbox_provision.sh
index 22d062d..6b2c227 100755
--- a/source4/setup/tests/blackbox_provision.sh
+++ b/source4/setup/tests/blackbox_provision.sh
@@ -12,15 +12,31 @@ shift 1
. `dirname $0`/../../../testprogs/blackbox/subunit.sh
+#Prepare an empty smb.conf to ensure it is overwritten
+rm -rf $PREFIX/simple-default
+mkdir -p $PREFIX/simple-default/etc
+touch $PREFIX/simple-default/etc/smb.conf
testit "simple-default" $PYTHON ./setup/provision --domain=FOO
--realm=foo.example.com --targetdir=$PREFIX/simple-default
+#And try with just whitespace
+rm -rf $PREFIX/simple-dc
+mkdir -p $PREFIX/simple-dc/etc
+echo " " > $PREFIX/simple-dc/etc/smb.conf
testit "simple-dc" $PYTHON ./setup/provision --server-role="dc" --domain=FOO
--realm=foo.example.com --domain-sid=S-1-5-21-4177067393-1453636373-93818738
--targetdir=$PREFIX/simple-dc
+#The rest of these tests are with no smb.conf file present
+
+rm -rf $PREFIX/simple-dc
testit "simple-dc-guids" $PYTHON ./setup/provision --server-role="dc"
--domain=FOO --realm=foo.example.com
--domain-sid=S-1-5-21-4177067393-1453636373-93818738
--domain-guid=6054d36d-2bfd-44f1-a9cd-32cfbb06480b
--ntds-guid=b838f255-c8aa-4fe8-9402-b7d61ca3bd1b
--invocationid=6d4cff9a-2bbf-4b4c-98a2-36242ddb0bd6
--targetdir=$PREFIX/simple-dc
+rm -rf $PREFIX/simple-member
testit "simple-member" $PYTHON ./setup/provision --server-role="member"
--domain=FOO --realm=foo.example.com --targetdir=$PREFIX/simple-member
+rm -rf $PREFIX/simple-standalone
testit "simple-standalone" $PYTHON ./setup/provision
--server-role="standalone" --domain=FOO --realm=foo.example.com
--targetdir=$PREFIX/simple-standalone
+rm -rf $PREFIX/blank-dc
testit "blank-dc" $PYTHON ./setup/provision --server-role="dc" --domain=FOO
--realm=foo.example.com --domain-sid=S-1-5-21-4177067393-1453636373-93818738
--targetdir=$PREFIX/blank-dc --blank
+rm -rf $PREFIX/partitions-only-dc
testit "partitions-only-dc" $PYTHON ./setup/provision --server-role="dc"
--domain=FOO --realm=foo.example.com
--domain-sid=S-1-5-21-4177067393-1453636373-93818738
--targetdir=$PREFIX/partitions-only-dc --partitions-only
reprovision() {
+rm -rf $PREFIX/reprovision
$PYTHON ./setup/provision --domain=FOO --realm=foo.example.com
--targetdir="$PREFIX/reprovision"
$PYTHON ./setup/provision --domain=FOO --realm=foo.example.com
--targetdir="$PREFIX/reprovision"
}
--
Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 5a2ff4d... s4:provision Be more polite to long-suffering Samba testers. from 0f0229c... Fix unused variable warning after change to new DLINK macros. http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 5a2ff4d16f67a2617a3b54e30900e5b4825d6617 Author: Andrew Bartlett Date: Thu Feb 11 17:13:42 2010 +1100 s4:provision Be more polite to long-suffering Samba testers. Our testers put up with a lot of odd things when testing out Samba4. Andrew Bartlett --- Summary of changes: source4/scripting/python/samba/provision.py |5 +++-- 1 files changed, 3 insertions(+), 2 deletions(-) Changeset truncated at 500 lines: diff --git a/source4/scripting/python/samba/provision.py b/source4/scripting/python/samba/provision.py index b02d94d..2ea4613 100644 --- a/source4/scripting/python/samba/provision.py +++ b/source4/scripting/python/samba/provision.py @@ -1173,8 +1173,9 @@ def provision(setup_dir, message, session_info, # only install a new smb.conf if there isn't one there already if os.path.exists(smbconf): -# JHT calls me up often enough with weird errors, because he -# uses an empty smb.conf. --abartlet +# if Samba Team members can't figure out the weird errors +# loading an empty smb.conf gives, then we need to be smarter. +# Pretend it just didn't exist --abartlet data = open(smbconf, 'r').read() data = data.lstrip() if data is None or data == "": -- Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated
via 7202dcd... s4:param Modify secrets_get_domain_sid to give more
useful errors
from 7b4387f... Fix bug #7146 - Samba miss-parses authenticated RPC
packets.
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -
commit 7202dcdcc06080f0227b82993b446bda4c0782df
Author: Andrew Bartlett
Date: Thu Feb 18 10:54:53 2010 +1100
s4:param Modify secrets_get_domain_sid to give more useful errors
This also moves the calls to secrets_get_domain_sid back into
winbind_task_init(), so that we can terminate with a much more
detailed error message. (The previous message was simply
NT_STATUS_CANT_ACCESS_DOMAIN_INFO).
Andrew Bartlett
---
Summary of changes:
source4/param/secrets.c| 43 +++--
source4/param/secrets.h|6 +++-
source4/winbind/config.mk |1 -
source4/winbind/wb_server.c| 39 +++---
source4/winbind/wb_setup_domains.c | 53
5 files changed, 55 insertions(+), 87 deletions(-)
delete mode 100644 source4/winbind/wb_setup_domains.c
Changeset truncated at 500 lines:
diff --git a/source4/param/secrets.c b/source4/param/secrets.c
index f21be82..18a0800 100644
--- a/source4/param/secrets.c
+++ b/source4/param/secrets.c
@@ -31,6 +31,9 @@
#include "../lib/util/util_tdb.h"
#include "../lib/util/util_ldb.h"
#include "librpc/gen_ndr/ndr_security.h"
+#include "dsdb/samdb/samdb.h"
+#include "dsdb/common/util.h"
+#include "dsdb/common/proto.h"
/**
* Use a TDB to store an incrementing random seed.
@@ -138,15 +141,17 @@ struct ldb_context *secrets_db_connect(TALLOC_CTX
*mem_ctx,
struct dom_sid *secrets_get_domain_sid(TALLOC_CTX *mem_ctx,
struct tevent_context *ev_ctx,
struct loadparm_context *lp_ctx,
- const char *domain)
+ const char *domain,
+ char **errstring)
{
struct ldb_context *ldb;
- struct ldb_message **msgs;
+ struct ldb_message *msg;
int ldb_ret;
const char *attrs[] = { "objectSid", NULL };
struct dom_sid *result = NULL;
const struct ldb_val *v;
enum ndr_err_code ndr_err;
+ *errstring = NULL;
ldb = secrets_db_connect(mem_ctx, ev_ctx, lp_ctx);
if (ldb == NULL) {
@@ -154,35 +159,18 @@ struct dom_sid *secrets_get_domain_sid(TALLOC_CTX
*mem_ctx,
return NULL;
}
- ldb_ret = gendb_search(ldb, ldb,
- ldb_dn_new(mem_ctx, ldb,
SECRETS_PRIMARY_DOMAIN_DN),
- &msgs, attrs,
- SECRETS_PRIMARY_DOMAIN_FILTER, domain);
+ ldb_ret = dsdb_search_one(ldb, ldb, &msg,
+ ldb_dn_new(mem_ctx, ldb,
SECRETS_PRIMARY_DOMAIN_DN),
+ LDB_SCOPE_ONELEVEL,
+ attrs, 0, SECRETS_PRIMARY_DOMAIN_FILTER, domain);
- if (ldb_ret == -1) {
- DEBUG(5, ("Error searching for domain SID for %s: %s",
- domain, ldb_errstring(ldb)));
- talloc_free(ldb);
- return NULL;
- }
-
- if (ldb_ret == 0) {
- DEBUG(5, ("Did not find domain record for %s\n", domain));
- talloc_free(ldb);
+ if (ldb_ret != LDB_SUCCESS) {
+ *errstring = talloc_asprintf(mem_ctx, "Failed to find record
for %s in secrets.ldb: %s: %s", domain, ldb_strerror(ldb_ret),
ldb_errstring(ldb));
return NULL;
}
-
- if (ldb_ret > 1) {
- DEBUG(5, ("Found more than one (%d) domain records for %s\n",
- ldb_ret, domain));
- talloc_free(ldb);
- return NULL;
- }
-
- v = ldb_msg_find_ldb_val(msgs[0], "objectSid");
+ v = ldb_msg_find_ldb_val(msg, "objectSid");
if (v == NULL) {
- DEBUG(0, ("Domain object for %s does not contain a SID!\n",
- domain));
+ *errstring = talloc_asprintf(mem_ctx, "Failed to find a SID on
record for %s in secrets.ldb", domain);
return NULL;
}
result = talloc(mem_ctx, struct dom_sid);
@@ -194,6 +182,7 @@ struct dom_sid *secrets_get_domain_sid(TALLOC_CTX *mem_ctx,
ndr_err = ndr_pull_struct_blob(v, result, NULL, result,
(ndr_pull_flags_fn_t)ndr_pull_dom_sid);
if (!NDR_ERR_CODE_IS_SUCCESS(ndr_
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated
via af4a7c0... s4:winbind Make the 'no SID found' message even more
detailed
from 91a4db6... More fixes for bug #7146 - Samba miss-parses
authenticated RPC packets.
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -
commit af4a7c0f4be4bb94d6299e93f22d26e2f8340e69
Author: Andrew Bartlett
Date: Fri Feb 19 11:14:15 2010 +1100
s4:winbind Make the 'no SID found' message even more detailed
Now we give the user a clue as to what may be wrong, and the file path
that we could not find the domain SID in.
Andrew Bartlett
---
Summary of changes:
source4/param/secrets.c | 10 +++---
source4/winbind/wb_server.c | 21 +++--
2 files changed, 26 insertions(+), 5 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source4/param/secrets.c b/source4/param/secrets.c
index 18a0800..407e27f 100644
--- a/source4/param/secrets.c
+++ b/source4/param/secrets.c
@@ -165,12 +165,15 @@ struct dom_sid *secrets_get_domain_sid(TALLOC_CTX
*mem_ctx,
attrs, 0, SECRETS_PRIMARY_DOMAIN_FILTER, domain);
if (ldb_ret != LDB_SUCCESS) {
- *errstring = talloc_asprintf(mem_ctx, "Failed to find record
for %s in secrets.ldb: %s: %s", domain, ldb_strerror(ldb_ret),
ldb_errstring(ldb));
+ *errstring = talloc_asprintf(mem_ctx, "Failed to find record
for %s in %s: %s: %s",
+domain, ldb_get_opaque(ldb,
"ldb_url"),
+ldb_strerror(ldb_ret),
ldb_errstring(ldb));
return NULL;
}
v = ldb_msg_find_ldb_val(msg, "objectSid");
if (v == NULL) {
- *errstring = talloc_asprintf(mem_ctx, "Failed to find a SID on
record for %s in secrets.ldb", domain);
+ *errstring = talloc_asprintf(mem_ctx, "Failed to find a SID on
record for %s in %s",
+domain, ldb_get_opaque(ldb,
"ldb_url"));
return NULL;
}
result = talloc(mem_ctx, struct dom_sid);
@@ -182,7 +185,8 @@ struct dom_sid *secrets_get_domain_sid(TALLOC_CTX *mem_ctx,
ndr_err = ndr_pull_struct_blob(v, result, NULL, result,
(ndr_pull_flags_fn_t)ndr_pull_dom_sid);
if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
- *errstring = talloc_asprintf(mem_ctx, "Failed to parse SID on
record for %s in secrets.ldb", domain);
+ *errstring = talloc_asprintf(mem_ctx, "Failed to parse SID on
record for %s in %s",
+domain, ldb_get_opaque(ldb,
"ldb_url"));
talloc_free(result);
talloc_free(ldb);
return NULL;
diff --git a/source4/winbind/wb_server.c b/source4/winbind/wb_server.c
index 03a443a..306c8e2 100644
--- a/source4/winbind/wb_server.c
+++ b/source4/winbind/wb_server.c
@@ -241,19 +241,36 @@ static void winbind_task_init(struct task_server *task)
service->task->lp_ctx,
lp_netbios_name(service->task->lp_ctx), &errstring);
if (!primary_sid) {
- char *message = talloc_asprintf(task, "Cannot start
Winbind (standalone configuration): %s", errstring);
+ char *message = talloc_asprintf(task,
+ "Cannot start Winbind
(standalone configuration): %s: "
+ "Have you provisioned
this server (%s) or changed it's name?",
+ errstring,
lp_netbios_name(service->task->lp_ctx));
task_server_terminate(task, message, true);
return;
}
break;
case ROLE_DOMAIN_MEMBER:
+ primary_sid = secrets_get_domain_sid(service,
+service->task->event_ctx,
+service->task->lp_ctx,
+
lp_workgroup(service->task->lp_ctx), &errstring);
+ if (!primary_sid) {
+ char *message = talloc_asprintf(task, "Cannot start
Winbind (domain member): %s: "
+ "Have you joined the %s
domain?",
+ errstri
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated
via 809dd8c... s4:selftest Add test for the RPC proxy
via a8b2088... s4:selftest Add infrastructure for testing against an
RPC proxy
via e4523e3... misc.idl: Add reference to the slightly odd
representation of if_version
via 10fed05... s4:rpc_server Record the remote connections association
group ID
from af4a7c0... s4:winbind Make the 'no SID found' message even more
detailed
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -
commit 809dd8c4137e8dcb52613067fea49357b71355fa
Author: Andrew Bartlett
Date: Fri Feb 19 15:57:59 2010 +1100
s4:selftest Add test for the RPC proxy
commit a8b2088a0eb6cd5b8f9a7fba276ca31418a7989a
Author: Andrew Bartlett
Date: Fri Feb 19 15:56:30 2010 +1100
s4:selftest Add infrastructure for testing against an RPC proxy
This also changes the 'testenv' code to use a new environment 'all'
(we may wish to make other complex tests depend on this in future),
and exports more names in more namespaces.
Andrew Bartlett
commit e4523e3c8f68752da65bedd3c1559c78b3be67a2
Author: Andrew Bartlett
Date: Fri Feb 19 15:55:28 2010 +1100
misc.idl: Add reference to the slightly odd representation of if_version
I found this confusing, so explian for the next poor programmer who
has to get up to speed with this quickly.
Andrew Bartlett
commit 10fed057cde7649b8fc8ee6611ea588a471c2483
Author: Andrew Bartlett
Date: Fri Feb 19 15:53:31 2010 +1100
s4:rpc_server Record the remote connections association group ID
By recording the association group the remote server assigned to our
proxied RPC connection, we can ensure we use the same value when the
client wishes to use it.
This isn't stored in a private pointer, as mapiproxy will want to use
this feature too.
Andrew Bartlett
---
Summary of changes:
librpc/idl/misc.idl |3 +
selftest/selftest.pl | 14 +++-
selftest/target/Samba4.pm | 114 ++---
source4/rpc_server/dcerpc_server.h|3 +
source4/rpc_server/remote/dcesrv_remote.c | 42 +--
source4/selftest/tests.sh |3 +
6 files changed, 162 insertions(+), 17 deletions(-)
Changeset truncated at 500 lines:
diff --git a/librpc/idl/misc.idl b/librpc/idl/misc.idl
index adaac9a..a60d30b 100644
--- a/librpc/idl/misc.idl
+++ b/librpc/idl/misc.idl
@@ -21,6 +21,9 @@ interface misc
typedef [public] struct {
GUID uuid;
+ /* The major version is encoded in the 16 least significant
bits,
+ the minor in the 16 most significant bits.
+ http://www.opengroup.org/onlinepubs/9629399/chap12.htm */
uint32 if_version;
} ndr_syntax_id;
diff --git a/selftest/selftest.pl b/selftest/selftest.pl
index ba66049..ea09c26 100755
--- a/selftest/selftest.pl
+++ b/selftest/selftest.pl
@@ -457,7 +457,7 @@ my $target;
my $testenv_default = "none";
if ($opt_target eq "samba4") {
- $testenv_default = "member";
+ $testenv_default = "all";
require target::Samba4;
$target = new Samba4($bindir, $ldap, "$srcdir/setup", $exeext);
} elsif ($opt_target eq "samba3") {
@@ -729,6 +729,18 @@ my @exported_envvars = (
"DC_NETBIOSNAME",
"DC_NETBIOSALIAS",
+ # domain controller stuff
+ "MEMBER_SERVER",
+ "MEMBER_SERVER_IP",
+ "MEMBER_NETBIOSNAME",
+ "MEMBER_NETBIOSALIAS",
+
+ # domain controller stuff
+ "RPC_PROXY_SERVER",
+ "RPC_PROXY_SERVER_IP",
+ "RPC_PROXY_NETBIOSNAME",
+ "RPC_PROXY_NETBIOSALIAS",
+
# server stuff
"SERVER",
"SERVER_IP",
diff --git a/selftest/target/Samba4.pm b/selftest/target/Samba4.pm
index b3f1e58..c1d6bec 100644
--- a/selftest/target/Samba4.pm
+++ b/selftest/target/Samba4.pm
@@ -715,7 +715,7 @@ sub provision_raw_step2($$$)
sub provision($$$)
{
- my ($self, $prefix, $server_role, $netbiosname, $netbiosalias,
$swiface, $password, $kdc_ipv4) = @_;
+ my ($self, $prefix, $server_role, $netbiosname, $netbiosalias,
$swiface, $password, $kdc_ipv4, $extra_smbconf_options) = @_;
my $ctx = $self->provision_raw_prepare($prefix, $server_role,
$netbiosname, $netbiosalias,
@@ -730,6 +730,7 @@ sub provision($$$)
max xmit = 32K
server max protocol = SMB2
+$extra_smbconf_options
[tmp]
path = $ctx->{tmpdir}
@@ -825,7
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated
via f74ce57... s4:rpc_server Add a 'if_version' parameter to the bind
operation.
via 9f22284... librpc When sending endpoint mapper requests, include
the minor if_version
from ec0aa8a... s4-smbtorture: more work on devicemode tests.
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -
commit f74ce57cb584d9e9d99b26e0467cc0c4b541f84d
Author: Andrew Bartlett
Date: Fri Feb 19 18:02:46 2010 +1100
s4:rpc_server Add a 'if_version' parameter to the bind operation.
This allows the interface version to be forwarded to the remote server
in the RPC proxy, both in the endpoint lookup and the subsequent bind.
Andrew Bartlett
commit 9f222841fedd3796c238146081c20591ae72747b
Author: Andrew Bartlett
Date: Fri Feb 19 16:33:45 2010 +1100
librpc When sending endpoint mapper requests, include the minor if_version
The minor version (in the upper 16 bits of syntax->if_version) needs
to be pushed as the right hand side of the endpoint mapper floor (the
same floor as the interface UUID and major if_version).
Andrew Bartlett
---
Summary of changes:
librpc/rpc/binding.c | 17 -
pidl/lib/Parse/Pidl/Samba4/COM/Stub.pm|2 +-
pidl/lib/Parse/Pidl/Samba4/NDR/Server.pm |2 +-
source4/rpc_server/dcerpc_server.c|4 ++--
source4/rpc_server/dcerpc_server.h|2 +-
source4/rpc_server/remote/dcesrv_remote.c |4 +++-
6 files changed, 24 insertions(+), 7 deletions(-)
Changeset truncated at 500 lines:
diff --git a/librpc/rpc/binding.c b/librpc/rpc/binding.c
index 20c3a38..3f15eef 100644
--- a/librpc/rpc/binding.c
+++ b/librpc/rpc/binding.c
@@ -417,6 +417,21 @@ static DATA_BLOB dcerpc_floor_pack_lhs_data(TALLOC_CTX
*mem_ctx, const struct nd
return blob;
}
+static DATA_BLOB dcerpc_floor_pack_rhs_if_version_data(TALLOC_CTX *mem_ctx,
const struct ndr_syntax_id *syntax)
+{
+ DATA_BLOB blob;
+ struct ndr_push *ndr = ndr_push_init_ctx(mem_ctx, NULL);
+
+ ndr->flags |= LIBNDR_FLAG_NOALIGN;
+
+ ndr_push_uint16(ndr, NDR_SCALARS, syntax->if_version >> 16);
+
+ blob = ndr_push_blob(ndr);
+ talloc_steal(mem_ctx, blob.data);
+ talloc_free(ndr);
+ return blob;
+}
+
const char *dcerpc_floor_get_rhs_data(TALLOC_CTX *mem_ctx, struct epm_floor
*epm_floor)
{
switch (epm_floor->lhs.protocol) {
@@ -697,7 +712,7 @@ _PUBLIC_ NTSTATUS dcerpc_binding_build_tower(TALLOC_CTX
*mem_ctx,
tower->floors[0].lhs.lhs_data =
dcerpc_floor_pack_lhs_data(tower->floors, &binding->object);
- tower->floors[0].rhs.uuid.unknown =
data_blob_talloc_zero(tower->floors, 2);
+ tower->floors[0].rhs.uuid.unknown =
dcerpc_floor_pack_rhs_if_version_data(tower->floors, &binding->object);
/* Floor 1 */
tower->floors[1].lhs.protocol = EPM_PROTOCOL_UUID;
diff --git a/pidl/lib/Parse/Pidl/Samba4/COM/Stub.pm
b/pidl/lib/Parse/Pidl/Samba4/COM/Stub.pm
index 150acbf..239f5ba 100644
--- a/pidl/lib/Parse/Pidl/Samba4/COM/Stub.pm
+++ b/pidl/lib/Parse/Pidl/Samba4/COM/Stub.pm
@@ -89,7 +89,7 @@ sub Boilerplate_Iface($)
my $if_version = $interface->{PROPERTIES}->{version};
pidl "
-static NTSTATUS $name\__op_bind(struct dcesrv_call_state *dce_call, const
struct dcesrv_interface *iface)
+static NTSTATUS $name\__op_bind(struct dcesrv_call_state *dce_call, const
struct dcesrv_interface *iface, uint32_t if_version)
{
#ifdef DCESRV_INTERFACE_$uname\_BIND
return DCESRV_INTERFACE_$uname\_BIND(dce_call,iface);
diff --git a/pidl/lib/Parse/Pidl/Samba4/NDR/Server.pm
b/pidl/lib/Parse/Pidl/Samba4/NDR/Server.pm
index bb0c18e..20c94c8 100644
--- a/pidl/lib/Parse/Pidl/Samba4/NDR/Server.pm
+++ b/pidl/lib/Parse/Pidl/Samba4/NDR/Server.pm
@@ -81,7 +81,7 @@ sub Boilerplate_Iface($)
my $if_version = $interface->{PROPERTIES}->{version};
pidl "
-static NTSTATUS $name\__op_bind(struct dcesrv_call_state *dce_call, const
struct dcesrv_interface *iface)
+static NTSTATUS $name\__op_bind(struct dcesrv_call_state *dce_call, const
struct dcesrv_interface *iface, uint32_t if_version)
{
#ifdef DCESRV_INTERFACE_$uname\_BIND
return DCESRV_INTERFACE_$uname\_BIND(dce_call,iface);
diff --git a/source4/rpc_server/dcerpc_server.c
b/source4/rpc_server/dcerpc_server.c
index 918646f..bc06c06 100644
--- a/source4/rpc_server/dcerpc_server.c
+++ b/source4/rpc_server/dcerpc_server.c
@@ -648,7 +648,7 @@ static NTSTATUS dcesrv_bind(struct dcesrv_call_state *call)
call->context = context;
talloc_set_destructor(context,
dcesrv_connection_context_destructor);
- status = iface->bind(call, iface)
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated
via a7036a9... librpc/ndr Remove unused macros
via a9d9447... s4:credentials Add hooks to extract a named Kerberos
credentials cache
from da1970c... s4:lsa open trusted domain also with dns name
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -
commit a7036a9e47382e738f6ebedf13719222950611d6
Author: Andrew Bartlett
Date: Sat Feb 20 11:51:47 2010 +1100
librpc/ndr Remove unused macros
Since the change to the way we pull these OIDs from the wire, these
macros are unused.
Andrew Bartlett
commit a9d9447d5a448e13d4373c3c4b48f0edd49dc38a
Author: Andrew Bartlett
Date: Sat Feb 20 11:44:41 2010 +1100
s4:credentials Add hooks to extract a named Kerberos credentials cache
This allows the integration of external tools that can't be linked
into C or python, but need to authenticate as the local machine
account.
The machineaccountccache script demonstrates this, and debugging has
been improved in cli_credentials_set_secrets() by passing back and
error string.
Andrew Bartlett
---
Summary of changes:
librpc/ndr/ndr_drsuapi.c | 16
source4/auth/credentials/credentials.h |8 ++-
source4/auth/credentials/credentials_files.c | 92 ---
source4/auth/credentials/credentials_krb5.c| 56 ++-
source4/auth/credentials/pycredentials.c | 63
source4/auth/credentials/pycredentials.h |6 ++
source4/dsdb/samdb/ldb_modules/update_keytab.c |3 +-
source4/dsdb/samdb/samdb.c |4 +-
source4/scripting/bin/machineaccountccache | 30
testprogs/blackbox/test_kinit.sh |7 ++-
10 files changed, 203 insertions(+), 82 deletions(-)
create mode 100755 source4/scripting/bin/machineaccountccache
Changeset truncated at 500 lines:
diff --git a/librpc/ndr/ndr_drsuapi.c b/librpc/ndr/ndr_drsuapi.c
index 17f2b7e..b91d5f7 100644
--- a/librpc/ndr/ndr_drsuapi.c
+++ b/librpc/ndr/ndr_drsuapi.c
@@ -66,22 +66,6 @@ void ndr_print_drsuapi_DsReplicaObjectListItemEx(struct
ndr_print *ndr, const ch
}
}
-#define _OID_PUSH_CHECK(call) do { \
- bool _status; \
- _status = call; \
- if (_status != true) { \
- return ndr_push_error(ndr, NDR_ERR_SUBCONTEXT, "OID Conversion
Error: %s\n", __location__); \
- } \
-} while (0)
-
-#define _OID_PULL_CHECK(call) do { \
- bool _status; \
- _status = call; \
- if (_status != true) { \
- return ndr_pull_error(ndr, NDR_ERR_SUBCONTEXT, "OID Conversion
Error: %s\n", __location__); \
- } \
-} while (0)
-
_PUBLIC_ void ndr_print_drsuapi_DsReplicaOID(struct ndr_print *ndr, const char
*name, const struct drsuapi_DsReplicaOID *r)
{
ndr_print_struct(ndr, name, "drsuapi_DsReplicaOID");
diff --git a/source4/auth/credentials/credentials.h
b/source4/auth/credentials/credentials.h
index 311cdc2..21a9c61 100644
--- a/source4/auth/credentials/credentials.h
+++ b/source4/auth/credentials/credentials.h
@@ -162,6 +162,11 @@ int cli_credentials_get_ccache(struct cli_credentials
*cred,
struct tevent_context *event_ctx,
struct loadparm_context *lp_ctx,
struct ccache_container **ccc);
+int cli_credentials_get_named_ccache(struct cli_credentials *cred,
+struct tevent_context *event_ctx,
+struct loadparm_context *lp_ctx,
+char *ccache_name,
+struct ccache_container **ccc);
int cli_credentials_get_keytab(struct cli_credentials *cred,
struct tevent_context *event_ctx,
struct loadparm_context *lp_ctx,
@@ -266,7 +271,8 @@ NTSTATUS cli_credentials_set_secrets(struct cli_credentials
*cred,
struct loadparm_context *lp_ctx,
struct ldb_context *ldb,
const char *base,
-const char *filter);
+const char *filter,
+char **error_string);
int cli_credentials_get_kvno(struct cli_credentials *cred);
#endif /* __CREDENTIALS_H__ */
diff --git a/source4/auth/credentials/credentials_files.c
b/source4/auth/credentials/credentials_files.c
index 8036e48..6ddee9e 100644
--- a/source4/auth/credentials/credentials_files.c
+++ b/source4/auth/credentials/credentials_files.c
@@ -175,15 +175,16 @@ _PUBLIC_ bool cli_credentials_parse_file(struct
cli_credentials *cred
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated
via fffdce6... s4/schema: Move msDS-IntId implementation to samldb.c
module
from 2523b20... s4/torture/smb2: Add two new SMB2 compound tests
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -
commit fffdce62fc1c9959f17c2dbb0a3939e95095fe54
Author: Kamen Mazdrashki
Date: Wed Feb 24 01:45:26 2010 +0200
s4/schema: Move msDS-IntId implementation to samldb.c module
msDS-IntId attribute should be replicated, so it must be
implemented in a module that is before repl_meta_data module
(thanks abartlet for pointing this out).
Signed-off-by: Andrew Bartlett
---
Summary of changes:
source4/dsdb/samdb/ldb_modules/samldb.c | 87 +++
source4/dsdb/samdb/ldb_modules/schema_data.c | 149 --
2 files changed, 87 insertions(+), 149 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source4/dsdb/samdb/ldb_modules/samldb.c
b/source4/dsdb/samdb/ldb_modules/samldb.c
index 9d79776..6420e05 100644
--- a/source4/dsdb/samdb/ldb_modules/samldb.c
+++ b/source4/dsdb/samdb/ldb_modules/samldb.c
@@ -689,6 +689,81 @@ static int samldb_find_for_defaultObjectCategory(struct
samldb_ctx *ac)
return ldb_next_request(ac->module, req);
}
+/**
+ * msDS-IntId attributeSchema attribute handling
+ * during LDB_ADD request processing
+ */
+static int samldb_add_handle_msDS_IntId(struct samldb_ctx *ac)
+{
+ int ret;
+ bool id_exists;
+ uint32_t msds_intid;
+ uint32_t system_flags;
+ struct ldb_context *ldb;
+ struct ldb_result *ldb_res;
+ struct ldb_dn *schema_dn;
+
+ ldb = ldb_module_get_ctx(ac->module);
+ schema_dn = ldb_get_schema_basedn(ldb);
+
+ /* replicated update should always go through */
+ if (ldb_request_get_control(ac->req,
DSDB_CONTROL_REPLICATED_UPDATE_OID)) {
+ return LDB_SUCCESS;
+ }
+
+ /* msDS-IntId is handled by system and should never be
+* passed by clients */
+ if (ldb_msg_find_element(ac->msg, "msDS-IntId")) {
+ return LDB_ERR_UNWILLING_TO_PERFORM;
+ }
+
+ /* do not generate msDS-IntId if Relax control is passed */
+ if (ldb_request_get_control(ac->req, LDB_CONTROL_RELAX_OID)) {
+ return LDB_SUCCESS;
+ }
+
+ /* check Functional Level */
+ if (dsdb_functional_level(ldb) < DS_DOMAIN_FUNCTION_2003) {
+ return LDB_SUCCESS;
+ }
+
+ /* check systemFlags for SCHEMA_BASE_OBJECT flag */
+ system_flags = ldb_msg_find_attr_as_uint(ac->msg, "systemFlags", 0);
+ if (system_flags & SYSTEM_FLAG_SCHEMA_BASE_OBJECT) {
+ return LDB_SUCCESS;
+ }
+
+ /* Generate new value for msDs-IntId
+* Value should be in 0x8000..0xBFFF range */
+ msds_intid = generate_random() % 0X3FFF;
+ msds_intid += 0x8000;
+
+ /* probe id values until unique one is found */
+ do {
+ msds_intid++;
+ if (msds_intid > 0xBFFF) {
+ msds_intid = 0x8001;
+ }
+
+ ret = dsdb_module_search(ac->module, ac,
+&ldb_res,
+schema_dn, LDB_SCOPE_ONELEVEL, NULL, 0,
+"(msDS-IntId=%d)", msds_intid);
+ if (ret != LDB_SUCCESS) {
+ ldb_debug_set(ldb, LDB_DEBUG_ERROR,
+ __location__": Searching for
msDS-IntId=%d failed - %s\n",
+ msds_intid,
+ ldb_errstring(ldb));
+ return LDB_ERR_OPERATIONS_ERROR;
+ }
+ id_exists = (ldb_res->count > 0);
+
+ talloc_free(ldb_res);
+ } while(id_exists);
+
+ return ldb_msg_add_fmt(ac->msg, "msDS-IntId", "%d", msds_intid);
+}
+
/*
* samldb_add_entry (async)
@@ -870,6 +945,10 @@ static int samldb_fill_object(struct samldb_ctx *ac, const
char *type)
}
}
+ /* handle msDS-IntID attribute */
+ ret = samldb_add_handle_msDS_IntId(ac);
+ if (ret != LDB_SUCCESS) return ret;
+
ret = samldb_add_step(ac, samldb_add_entry);
if (ret != LDB_SUCCESS) return ret;
@@ -1763,6 +1842,14 @@ static int samldb_modify(struct ldb_module *module,
struct ldb_request *req)
return LDB_ERR_UNWILLING_TO_PERFORM;
}
+ /* msDS-IntId is not allowed to be modified
+* except when modification comes from replication */
+ if (ldb
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via fc4c839... s4:DNS update - change "i" to be unsigned via ec536a0... s4:ldap_server - make it "signed-safe" via e912d50... s4:auth - make some parts "signed-safe" via f10fc7c... s4:cldap_server - make it "signed-safe" via 68caf90... s4:torture/ldap/basic.c - add a basic test for referral return via 0be57c7... s4:partition DSDB module - Generate basic referrals via cd5b542... s4:partition DSDB module - change the search and domain scope control handling via 545889a... s4:LDAP server - Enable support for returning referrals through it via 0efa8f4... s4:SAMLDB module - ignore referrals from f09802c... s4:netlogon remove wrong ZERO_STRUCT of output http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit fc4c839bc839faadefc3283d2c2bdfc6d5279c9b Author: Matthias Dieter Wallnöfer Date: Thu Feb 11 11:49:26 2010 +0100 s4:DNS update - change "i" to be unsigned Signed-off-by: Andrew Bartlett commit ec536a0121a752b9211ba258ed015a821b8391ba Author: Matthias Dieter Wallnöfer Date: Sat Nov 7 21:21:26 2009 +0100 s4:ldap_server - make it "signed-safe" Signed-off-by: Andrew Bartlett commit e912d507093b7c22130158ef0bf2c0c4ffc78bac Author: Matthias Dieter Wallnöfer Date: Sat Nov 7 21:20:12 2009 +0100 s4:auth - make some parts "signed-safe" Signed-off-by: Andrew Bartlett commit f10fc7c16e3c71603e34c58fc0329f6d01d89603 Author: Matthias Dieter Wallnöfer Date: Sat Nov 7 21:20:56 2009 +0100 s4:cldap_server - make it "signed-safe" Signed-off-by: Andrew Bartlett commit 68caf9060621b8c0da183c38a9288a2c0a53b087 Author: Matthias Dieter Wallnöfer Date: Sun Feb 21 20:36:34 2010 +0100 s4:torture/ldap/basic.c - add a basic test for referral return I implemented this referral test in C since the LDB python API isn't capable to extract referrals from search result sets (there the result sets are simple lists which contain only the matching entries). First I enhanced the RootDSE test to return all partition base DNs in a new null-terminated list "partitions". Then I used this in my referrals test which I've implemented in the LDB api since I needed some certain DN functions. commit 0be57c747825737fa9d64411223e693b055b5f8f Author: Matthias Dieter Wallnöfer Date: Sat Feb 20 22:07:12 2010 +0100 s4:partition DSDB module - Generate basic referrals This is a first, very basic implementation of the referrals (more informations at MS-ADTS 3.1.1.4.6 and 3.1.1.3.4.1.12). To have the full referral support (and to always point to the right host) the full implementation using DNS will be needed (at the moment we always point to the main DC which is referenceable through the DNS domainname). Signed-off-by: Andrew Bartlett commit cd5b5428781128b11de6bb3270828cc83a45cc03 Author: Matthias Dieter Wallnöfer Date: Mon Feb 22 11:19:10 2010 +0100 s4:partition DSDB module - change the search and domain scope control handling The domain scope control is always removed, from the search one only the two interesting flags (which are handled) and it is marked as non-critical. Signed-off-by: Andrew Bartlett commit 545889a048da0bc58c4a4db4500839ab050518fa Author: Matthias Dieter Wallnöfer Date: Sun Feb 21 11:56:12 2010 +0100 s4:LDAP server - Enable support for returning referrals through it This is needed for my work regarding the referrals when the domain scope control isn't specified. Signed-off-by: Andrew Bartlett commit 0efa8f4fbb3206512c69d74024c7a937ee035285 Author: Matthias Dieter Wallnöfer Date: Tue Feb 23 17:59:55 2010 +0100 s4:SAMLDB module - ignore referrals They don't cause any harm to our functionality - so ignore them were not needed. Signed-off-by: Andrew Bartlett --- Summary of changes: source4/auth/sam.c |7 +- source4/auth/system_session.c |8 +- source4/cldap_server/cldap_server.c|2 +- source4/cldap_server/netlogon.c|2 +- source4/dsdb/dns/dns_update.c |3 +- source4/dsdb/samdb/ldb_modules/partition.c | 237 +++- source4/dsdb/samdb/ldb_modules/partition.h |1 + source4/dsdb/samdb/ldb_modules/samldb.c| 11 +- source4/ldap_server/ldap_backend.c | 32 +++- source4/ldap_server/ldap_extended.c|2 +- source4/ldap_server/ldap_server.c |3 +- source4/torture/ldap/basic.c | 222 +- 12 files changed, 428 insertions(
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 612eec4... s4:scripting/devel Allow tmpfs script to be re-run from fc4c839... s4:DNS update - change "i" to be unsigned http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 612eec4aa737de40cc18ef10722d35a36803816f Author: Andrew Bartlett Date: Mon Jan 18 19:24:45 2010 +1300 s4:scripting/devel Allow tmpfs script to be re-run By doing the unmount, we can avoid double-mounting st and bin --- Summary of changes: source4/scripting/devel/tmpfs.sh |5 - 1 files changed, 4 insertions(+), 1 deletions(-) Changeset truncated at 500 lines: diff --git a/source4/scripting/devel/tmpfs.sh b/source4/scripting/devel/tmpfs.sh index 5604f68..14e9b27 100755 --- a/source4/scripting/devel/tmpfs.sh +++ b/source4/scripting/devel/tmpfs.sh @@ -3,7 +3,10 @@ # This sets up bin/ and st/ as tmpfs filesystems, which saves a lot of # time waiting on the disk! -rm -rf bin st +sudo echo "About to (re)mount bin and st as tmpfs" +rm -rf bin st +sudo umount bin > /dev/null 2>&1 +sudo umount st > /dev/null 2>&1 mkdir -p bin st || exit 1 sudo mount -t tmpfs /dev/null bin || exit 1 sudo chown $USER bin || exit 1 -- Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 8d03b5e... s4:install Fix bug #7149 reported by JHT. from 612eec4... s4:scripting/devel Allow tmpfs script to be re-run http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 8d03b5e2246ddb234cc3199daff03d4763e6d030 Author: Andrew Bartlett Date: Wed Feb 24 19:19:41 2010 +1100 s4:install Fix bug #7149 reported by JHT. We need to install named.conf.update for provision to succeed from the installed setup file. Andrew Bartlett --- Summary of changes: source4/script/installmisc.sh |2 ++ 1 files changed, 2 insertions(+), 0 deletions(-) Changeset truncated at 500 lines: diff --git a/source4/script/installmisc.sh b/source4/script/installmisc.sh index 15fc645..da979ea 100755 --- a/source4/script/installmisc.sh +++ b/source4/script/installmisc.sh @@ -74,6 +74,8 @@ cp setup/*.zone $SETUPDIR || exit 1 cp setup/*.conf $SETUPDIR || exit 1 cp setup/*.php $SETUPDIR || exit 1 cp setup/*.txt $SETUPDIR || exit 1 +cp setup/named.conf $SETUPDIR || exit 1 +cp setup/named.conf.update $SETUPDIR || exit 1 cp setup/provision.smb.conf.dc $SETUPDIR || exit 1 cp setup/provision.smb.conf.member $SETUPDIR || exit 1 cp setup/provision.smb.conf.standalone $SETUPDIR || exit 1 -- Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated
via 3c20251... s4:ldb Fix segfault in ldbsearch store_referral callback
from 2689165... Change the credential handling so that we start with
maxmux creds, and then return to the client the number of credits per operation
that they asked for. This is a more sensible algorithm than just blindly
returning "20" on every reply, although we will probably still need more
changes to this going forward. Jeremy.
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -
commit 3c202519eccfa1922f315e2f2910d832016ad3f1
Author: Andrew Bartlett
Date: Thu Feb 25 11:46:41 2010 +1100
s4:ldb Fix segfault in ldbsearch store_referral callback
sctx->refs_store was not initialised, and that made talloc_realloc
grumpy once we started actually returning referrals regularly from
Samba4's partitions module (0be57c747825737fa9d64411223e693b055b5f8f
by mdw).
We now just use talloc_zero() and forget about this manual
initialisation work. Tracking down use of uninitialised variables
with valgrind was the grand idea when this started, but in practice we
just get segfaults in unusual places.
Andrew Bartlett
---
Summary of changes:
source4/lib/ldb/tools/ldbsearch.c |7 +--
1 files changed, 1 insertions(+), 6 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source4/lib/ldb/tools/ldbsearch.c
b/source4/lib/ldb/tools/ldbsearch.c
index 207b344..af0c12a 100644
--- a/source4/lib/ldb/tools/ldbsearch.c
+++ b/source4/lib/ldb/tools/ldbsearch.c
@@ -191,21 +191,16 @@ static int do_search(struct ldb_context *ldb,
req = NULL;
- sctx = talloc(ldb, struct search_context);
+ sctx = talloc_zero(ldb, struct search_context);
if (!sctx) return -1;
sctx->ldb = ldb;
sctx->sort = options->sorted;
- sctx->num_stored = 0;
- sctx->refs_stored = 0;
- sctx->store = NULL;
sctx->req_ctrls = ldb_parse_control_strings(ldb, sctx, (const char
**)options->controls);
if (options->controls != NULL && sctx->req_ctrls== NULL) {
printf("parsing controls failed: %s\n", ldb_errstring(ldb));
return -1;
}
- sctx->entries = 0;
- sctx->refs = 0;
if (basedn == NULL) {
basedn = ldb_get_default_basedn(ldb);
--
Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated
via b792e55... s4: Winbind allow to behave more correctly when we have
more than a few users
via 2572391... s4:python Add bindings to set GENSEC flags on
credentials in python
from ee547e7... s3: remove unused schannel_auth_struct.
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -
commit b792e5575c8dcd1ec4f5a572561a48ea5744000c
Author: Matthieu Patou
Date: Thu Feb 25 20:41:57 2010 +0300
s4: Winbind allow to behave more correctly when we have more than a few
users
commit 25723914c5f5b18a25f758f1098ddded3c5aa074
Author: Andrew Bartlett
Date: Thu Feb 25 20:22:52 2010 +1100
s4:python Add bindings to set GENSEC flags on credentials in python
This should allow these to be manipulated by python scripts that need
encrypted connections.
Andrew Bartlett
---
Summary of changes:
source4/auth/credentials/pycredentials.c | 23 ++
source4/auth/gensec/pygensec.c |9 +
source4/winbind/wb_cmd_setpwent.c| 49 +-
3 files changed, 73 insertions(+), 8 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source4/auth/credentials/pycredentials.c
b/source4/auth/credentials/pycredentials.c
index 8602be8..f5e8029 100644
--- a/source4/auth/credentials/pycredentials.c
+++ b/source4/auth/credentials/pycredentials.c
@@ -278,6 +278,27 @@ static PyObject
*py_creds_get_named_ccache(py_talloc_Object *self, PyObject *arg
return NULL;
}
+static PyObject *py_creds_set_gensec_features(py_talloc_Object *self, PyObject
*args)
+{
+ unsigned int gensec_features;
+
+ if (!PyArg_ParseTuple(args, "I", &gensec_features))
+ return NULL;
+
+
cli_credentials_set_gensec_features(PyCredentials_AsCliCredentials(self),
gensec_features);
+
+ Py_RETURN_NONE;
+}
+
+static PyObject *py_creds_get_gensec_features(py_talloc_Object *self, PyObject
*args)
+{
+ unsigned int gensec_features;
+
+ gensec_features =
cli_credentials_get_gensec_features(PyCredentials_AsCliCredentials(self));
+ return PyInt_FromLong(gensec_features);
+}
+
+
static PyMethodDef py_creds_methods[] = {
{ "get_username", (PyCFunction)py_creds_get_username, METH_NOARGS,
"S.get_username() -> username\nObtain username." },
@@ -335,6 +356,8 @@ static PyMethodDef py_creds_methods[] = {
{ "guess", (PyCFunction)py_creds_guess, METH_VARARGS, NULL },
{ "set_machine_account", (PyCFunction)py_creds_set_machine_account,
METH_VARARGS, NULL },
{ "get_named_ccache", (PyCFunction)py_creds_get_named_ccache,
METH_VARARGS, NULL },
+ { "set_gensec_features", (PyCFunction)py_creds_set_gensec_features,
METH_VARARGS, NULL },
+ { "get_gensec_features", (PyCFunction)py_creds_get_gensec_features,
METH_NOARGS, NULL },
{ NULL }
};
diff --git a/source4/auth/gensec/pygensec.c b/source4/auth/gensec/pygensec.c
index 1c2bd20..21acff8 100644
--- a/source4/auth/gensec/pygensec.c
+++ b/source4/auth/gensec/pygensec.c
@@ -177,6 +177,15 @@ void initgensec(void)
if (m == NULL)
return;
+ PyModule_AddObject(m, "FEATURE_SESSION_KEY",
PyInt_FromLong(GENSEC_FEATURE_SESSION_KEY));
+ PyModule_AddObject(m, "FEATURE_SIGN",
PyInt_FromLong(GENSEC_FEATURE_SIGN));
+ PyModule_AddObject(m, "FEATURE_SEAL",
PyInt_FromLong(GENSEC_FEATURE_SEAL));
+ PyModule_AddObject(m, "FEATURE_DCE_STYLE",
PyInt_FromLong(GENSEC_FEATURE_DCE_STYLE));
+ PyModule_AddObject(m, "FEATURE_ASYNC_REPLIES",
PyInt_FromLong(GENSEC_FEATURE_ASYNC_REPLIES));
+ PyModule_AddObject(m, "FEATURE_DATAGRAM_MODE",
PyInt_FromLong(GENSEC_FEATURE_DATAGRAM_MODE));
+ PyModule_AddObject(m, "FEATURE_SIGN_PKT_HEADER",
PyInt_FromLong(GENSEC_FEATURE_SIGN_PKT_HEADER));
+ PyModule_AddObject(m, "FEATURE_NEW_SPNEGO",
PyInt_FromLong(GENSEC_FEATURE_NEW_SPNEGO));
+
Py_INCREF(&Py_Security);
PyModule_AddObject(m, "Security", (PyObject *)&Py_Security);
}
diff --git a/source4/winbind/wb_cmd_setpwent.c
b/source4/winbind/wb_cmd_setpwent.c
index 7fb1889..9384849 100644
--- a/source4/winbind/wb_cmd_setpwent.c
+++ b/source4/winbind/wb_cmd_setpwent.c
@@ -30,6 +30,7 @@ struct cmd_setpwent_state {
struct libnet_context *libnet_ctx;
struct wbsrv_pwent *result;
+ char *domain_name;
};
static void cmd_setpwent_recv_domain(struct composite_context *ctx);
@@ -80,6 +81,8 @@ static void cmd_setpwent_recv_domain(struct composite_context
*ctx)
user_list = talloc(state->result, st
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated
via c54699f... s4:provision - Moved default FDS SASL mappings deletion
from post_setup() to init().
via 7ad931d... s4:provision - Moved setup_db_config() into
OpenLDAPBackend class.
via fc6d9e7... s4:provision - Moved backend-specific variables into
backend class.
via 02533c9... s4:provision - Use netbios name for FDS instance name.
via 07669b0... s4-libcli: Added NULL handlers for
DSDB_CONTROL_DN_STORAGE_FORMAT_OID and LDB_CONTROL_AS_SYSTEM_OID
from be026a6... s3:groupmap revert to tdb storage
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -
commit c54699faf2796e1e8acbb2215fab835a6d86318e
Author: Endi S. Dewata
Date: Fri Jan 29 16:05:22 2010 -0600
s4:provision - Moved default FDS SASL mappings deletion from post_setup()
to init().
Signed-off-by: Andrew Bartlett
commit 7ad931dda929e230b90d6ce3f35db7480321d6b0
Author: Endi S. Dewata
Date: Fri Jan 29 03:24:20 2010 -0600
s4:provision - Moved setup_db_config() into OpenLDAPBackend class.
Signed-off-by: Andrew Bartlett
commit fc6d9e7b4f191ec7efea4c87fdeb461f8ed43bba
Author: Endi S. Dewata
Date: Thu Jan 28 19:51:11 2010 -0600
s4:provision - Moved backend-specific variables into backend class.
Signed-off-by: Andrew Bartlett
commit 02533c9f1ba9434aabc92fac06995a858874c002
Author: Endi S. Dewata
Date: Thu Jan 28 19:35:29 2010 -0600
s4:provision - Use netbios name for FDS instance name.
Signed-off-by: Andrew Bartlett
commit 07669b0704eac9db46e241e681c92b09ee5a4c2e
Author: Endi S. Dewata
Date: Mon Jan 18 20:57:01 2010 -0600
s4-libcli: Added NULL handlers for DSDB_CONTROL_DN_STORAGE_FORMAT_OID and
LDB_CONTROL_AS_SYSTEM_OID
Signed-off-by: Andrew Bartlett
---
Summary of changes:
selftest/target/Samba4.pm | 21 ++--
source4/libcli/ldap/ldap_controls.c|4 +
source4/scripting/python/samba/provision.py| 33 +-
source4/scripting/python/samba/provisionbackend.py | 137 ++-
source4/setup/fedorads-sasl.ldif | 11 ++
source4/setup/fedorads.inf | 24 ++--
6 files changed, 114 insertions(+), 116 deletions(-)
Changeset truncated at 500 lines:
diff --git a/selftest/target/Samba4.pm b/selftest/target/Samba4.pm
index 9a808d3..7a65847 100644
--- a/selftest/target/Samba4.pm
+++ b/selftest/target/Samba4.pm
@@ -67,7 +67,7 @@ sub slapd_stop($$)
{
my ($self, $envvars) = @_;
if ($self->{ldap} eq "fedora-ds") {
- system("$envvars->{LDAPDIR}/slapd-samba4/stop-slapd");
+
system("$envvars->{LDAPDIR}/slapd-$envvars->{LDAP_INSTANCE}/stop-slapd");
} elsif ($self->{ldap} eq "openldap") {
open(IN, "<$envvars->{OPENLDAP_PIDFILE}") or
die("unable to open slapd pid file:
$envvars->{OPENLDAP_PIDFILE}");
@@ -211,22 +211,22 @@ type: 0x3
sub mk_fedora_ds($$)
{
- my ($self, $ldapdir) = @_;
+ my ($self, $ctx) = @_;
#Make the subdirectory be as fedora DS would expect
- my $fedora_ds_dir = "$ldapdir/slapd-samba4";
+ my $fedora_ds_dir = "$ctx->{ldapdir}/slapd-$ctx->{ldap_instance}";
- my $pidfile = "$fedora_ds_dir/logs/slapd-samba4.pid";
+ my $pidfile = "$fedora_ds_dir/logs/slapd-$ctx->{ldap_instance}.pid";
return ($fedora_ds_dir, $pidfile);
}
sub mk_openldap($$)
{
- my ($self, $ldapdir) = @_;
+ my ($self, $ctx) = @_;
- my $slapd_conf_d = "$ldapdir/slapd.d";
- my $pidfile = "$ldapdir/slapd.pid";
+ my $slapd_conf_d = "$ctx->{ldapdir}/slapd.d";
+ my $pidfile = "$ctx->{ldapdir}/slapd.pid";
return ($slapd_conf_d, $pidfile);
}
@@ -683,6 +683,7 @@ nogroup:x:65534:nobody
REALM => $ctx->{realm},
PASSWORD => $ctx->{password},
LDAPDIR => $ctx->{ldapdir},
+ LDAP_INSTANCE => $ctx->{ldap_instance},
WINBINDD_SOCKET_DIR => $ctx->{winbindd_socket_dir},
NCALRPCDIR => $ctx->{ncalrpcdir},
LOCKDIR => $ctx->{lockdir},
@@ -792,6 +793,8 @@ sub provision($$$)
if ($self->{ldap} eq "fedora-ds") {
$ctx->{sid_generator} = "backend";
}
+
+ $ctx->{ldap_instance} = lc($ctx->{netbiosname});
}
my $ret = $self->provision_raw_step1($ctx);
@@ -801,12 +804,12 @@ sub provision($$$)
push (@{$ctx->{provisio
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated
via 5338e42... s4/ildap: fine tune ildb_callback()
from e3c2e1a... s3: net_share.c: fix argc handling
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -
commit 5338e42182ee34f20fde104006a752662099af22
Author: Kamen Mazdrashki
Date: Wed Mar 3 02:33:31 2010 +0200
s4/ildap: fine tune ildb_callback()
Actually ildb_context pointer is not supposed to be
valid after calling ildb_request_done().
This is due to the fact that when calling ildb_request_done()
caller will (most probably) free any locally built
ldap_request objects - thus rendering ildb_context invalid.
Signed-off-by: Andrew Bartlett
---
Summary of changes:
source4/lib/ldb/ldb_ildap/ldb_ildap.c |6 +++---
1 files changed, 3 insertions(+), 3 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source4/lib/ldb/ldb_ildap/ldb_ildap.c
b/source4/lib/ldb/ldb_ildap/ldb_ildap.c
index 3110008..9f81c4e 100644
--- a/source4/lib/ldb/ldb_ildap/ldb_ildap.c
+++ b/source4/lib/ldb/ldb_ildap/ldb_ildap.c
@@ -383,13 +383,13 @@ static void ildb_callback(struct ldap_request *req)
}
}
+ /* mark the request as not being in progress */
+ ac->in_ildb_callback = false;
+
if (request_done) {
ildb_request_done(ac, controls, ret);
}
- /* unmark the request as beign in progress */
- ac->in_ildb_callback = false;
-
return;
}
--
Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated
via e999472... s4:libcli Use integrated name resolution when connecting
SMB
via 1af2cd2b.. s4:libcli/resovle File based lookup module for DNS name
types
via 263d4b5... libcli/nbt Add parser for a 'hosts' file that takes DNS
record types
via 3723e32... s4:samba_dnsupdate Add a 'file based' mode to
samba_dnsupdate
via 79b4a3b... s4:lib/socket Don't go via a string when resolving
addresses in connect_multi
via 9457b7e... s4:libcli/resolve Use a more robust way to return the
string address
via 0201b2f... s4:lib/socket Add function to set a port on the socket
address
via 4ab3e22... Move prototype to header of common code for
set_sockaddr_port
via 5ed18fa... s4/rpc_server Don't segfault over replPropertyMetaData
contents
from c1fb657... vfs_netatalk: Segfault if hide files or veto files has
no ".AppleDouble"
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -
commit e999472e36076e432187371b0853b887effe1067
Author: Andrew Bartlett
Date: Wed Mar 10 16:01:41 2010 +1100
s4:libcli Use integrated name resolution when connecting SMB
This avoids pulling the address into a string and back again if given
a name, by letting the next async layer down do the name resolution.
If it was an IP address to start with, then the resolver library just
converts that to the struct socket_address.
Andrew Bartlett
commit 1af2cd2bd1c74c88dd00088eb37ad6286af7561f
Author: Andrew Bartlett
Date: Wed Feb 24 22:57:09 2010 +1100
s4:libcli/resovle File based lookup module for DNS name types
This uses the new common code to read a file containing DNS host
names, so we don't have to use real DNS lookups in our test
environment.
Andrew Bartlett
commit 263d4b5c93a1ec8a027130800c98643f559677c5
Author: Andrew Bartlett
Date: Tue Mar 9 23:29:43 2010 +1100
libcli/nbt Add parser for a 'hosts' file that takes DNS record types
commit 3723e32e8cca79b52b97d6d6f4cda8ce5ce1bd33
Author: Andrew Bartlett
Date: Tue Mar 9 23:34:10 2010 +1100
s4:samba_dnsupdate Add a 'file based' mode to samba_dnsupdate
For the testsuite to use DNS like names, we need to write these names
to a file.
Also, to have this run in 'make test' the usual rules about 'no 127.*'
IP addresses in DNS must be skipped, so glue.interface_ips takes two
arguments now
commit 79b4a3b22e8a70844b9654f057f6169c553cc809
Author: Andrew Bartlett
Date: Wed Mar 10 16:04:44 2010 +1100
s4:lib/socket Don't go via a string when resolving addresses in
connect_multi
This also removes the special case for IP addresses, and leaves that
to the code in the resolver library.
Andrew Bartlett
commit 9457b7ea2214aaa3a466e5dbc2daa0b931975073
Author: Andrew Bartlett
Date: Wed Mar 10 15:56:13 2010 +1100
s4:libcli/resolve Use a more robust way to return the string address
By going via these tevent functions, we avoid needing to dereference
the struct socket_address, which may contain a 'struct sockaddr' or
strings. The new dns_host_file resolver returns in the form of a
struct sockaddr.
Andrew Bartlett
commit 0201b2fa9f31d8c9a75f3057f91b3f720f62292c
Author: Andrew Bartlett
Date: Wed Mar 10 15:55:26 2010 +1100
s4:lib/socket Add function to set a port on the socket address
commit 4ab3e220c4188b6c147e1a0fa8ce1e2965d74d43
Author: Andrew Bartlett
Date: Tue Mar 9 23:30:41 2010 +1100
Move prototype to header of common code for set_sockaddr_port
commit 5ed18fad0037146bb321eb7e73c82be403a45917
Author: Andrew Bartlett
Date: Thu Mar 11 10:42:18 2010 +1100
s4/rpc_server Don't segfault over replPropertyMetaData contents
The replPropertyMetaData may contain attrid values that we don't yet
have in the local schema. We need to deal with this - it is a serious
error, but we should not segfault.
Andrew Bartlett
---
Summary of changes:
lib/util/util_net.h |2 +
libcli/nbt/config.mk|1 +
libcli/nbt/dns_hosts_file.c | 306 +++
libcli/nbt/libnbt.h |6 +
source3/include/proto.h |1 -
source4/lib/socket/connect_multi.c | 48 ++---
source4/lib/socket/socket.c | 12 +
source4/lib/socket/socket.h |2 +
source4/libcli/config.mk|4 +-
source4/libcli/raw/clisocket.c |4 +
source4/libcli/resolve/file.c | 150 +
source4/libcli/resolve/resolve.c| 13 +-
source4/l
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated
via 6441a5b... Explain why we don't use certain characters in the
generated pw
via a6253a4... lib/util - Removed curly braces from
generate_random_password().
via ade9375... s4:provision - Updated FDS schema mapping.
via 0271231... s4:provision Improve the handling of provision errors
from 5954527... Try and fix bug #7233 - print fails with jobs >4GB from
Win7 clients.
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -
commit 6441a5b0b97973b834ba025f1762abe2b5c3f3c9
Author: Andrew Bartlett
Date: Thu Mar 11 15:34:01 2010 +1100
Explain why we don't use certain characters in the generated pw
commit a6253a45c0733e81a8d2200d1d8892383bc00c31
Author: Endi S. Dewata
Date: Wed Mar 10 20:34:01 2010 -0600
lib/util - Removed curly braces from generate_random_password().
commit ade93755d51e80374e4e6bc6bc501e3230988799
Author: Endi S. Dewata
Date: Tue Mar 9 19:12:30 2010 -0600
s4:provision - Updated FDS schema mapping.
commit 027123199e13cc02ae4edadd8f0dd0f0660e1193
Author: Andrew Bartlett
Date: Thu Mar 11 14:49:34 2010 +1100
s4:provision Improve the handling of provision errors
The backtraces were too confusing for our users, and didn't tell them
what to do to fix the problem. By printing the string (rather than a
backtrace), and including in the error what to do, and what file to
remove, we give them a chance.
Andrew Bartlett
---
Summary of changes:
lib/util/genrand.c |8 +++-
source4/scripting/python/samba/provision.py| 22 +-
.../scripting/python/samba/provisionexceptions.py |6 ++-
source4/setup/provision| 43 +++
source4/setup/schema-map-fedora-ds-1.0 | 10 ++---
5 files changed, 53 insertions(+), 36 deletions(-)
Changeset truncated at 500 lines:
diff --git a/lib/util/genrand.c b/lib/util/genrand.c
index 02b8d8b..7fe55f3 100644
--- a/lib/util/genrand.c
+++ b/lib/util/genrand.c
@@ -368,7 +368,13 @@ again:
_PUBLIC_ char *generate_random_password(TALLOC_CTX *mem_ctx, size_t min,
size_t max)
{
char *retstr;
- const char *c_list =
"ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+_-#.,@$%&!?:;<=>(){}[]~";
+ /* This list does not include { or } because they cause
+* problems for our provision (it can create a substring
+* ${...}, and for Fedora DS (which treats {...} at the start
+* of a stored password as special
+* -- Andrew Bartlett 2010-03-11
+*/
+ const char *c_list =
"ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+_-#.,@$%&!?:;<=>()[]~";
size_t len = max;
size_t diff;
diff --git a/source4/scripting/python/samba/provision.py
b/source4/scripting/python/samba/provision.py
index bac234c..0a24837 100644
--- a/source4/scripting/python/samba/provision.py
+++ b/source4/scripting/python/samba/provision.py
@@ -330,34 +330,36 @@ def guess_names(lp=None, hostname=None, domain=None,
dnsdomain=None,
if dnsdomain is None:
dnsdomain = lp.get("realm")
if dnsdomain is None or dnsdomain == "":
-raise ProvisioningError("guess_names: 'realm' not specified in
supplied smb.conf!")
+raise ProvisioningError("guess_names: 'realm' not specified in
supplied %s!", lp.configfile)
dnsdomain = dnsdomain.lower()
if serverrole is None:
serverrole = lp.get("server role")
if serverrole is None:
-raise ProvisioningError("guess_names: 'server role' not specified
in supplied smb.conf!")
+raise ProvisioningError("guess_names: 'server role' not specified
in supplied %s!" % lp.configfile)
serverrole = serverrole.lower()
realm = dnsdomain.upper()
+if lp.get("realm") == "":
+raise ProvisioningError("guess_names: 'realm =' was not specified in
supplied %s. Please remove the smb.conf file and let provision generate it" %
lp.configfile)
+
if lp.get("realm").upper() != realm:
-raise ProvisioningError("guess_names: Realm '%s' in smb.conf must
match chosen realm '%s'!", lp.get("realm").upper(), realm)
+raise ProvisioningError("guess_names: 'realm=%s' in %s must match
chosen realm '%s'! Please remove the smb.conf file and let provision generate
it" % (lp.get("realm").upper(), realm, lp.configfile))
if lp.get("server role").lower() != serverrole:
-raise Pr
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated
via ca67768... s4:selftest Add file based DNS resolver to selftest
environment
via 8529b0a... selftest: Remove dns_host_file every time we start
from be79f57... Split the dsdb_access_check_on_dn.
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -
commit ca67768b66758cadcc0e5e2f7544698b41c8f8ba
Author: Andrew Bartlett
Date: Wed Feb 24 15:09:28 2010 +1100
s4:selftest Add file based DNS resolver to selftest environment
This will in future allow us to test 'net vampire' in the test
environment, using the file based DNS lookups to avoid us hitting real
DNS.
commit 8529b0afc1f56ba29ddcb5a4fdc62790868cfbe6
Author: Andrew Bartlett
Date: Fri Mar 12 10:45:16 2010 +1100
selftest: Remove dns_host_file every time we start
---
Summary of changes:
selftest/selftest.pl |3 +++
selftest/target/Samba4.pm |8 ++--
2 files changed, 9 insertions(+), 2 deletions(-)
Changeset truncated at 500 lines:
diff --git a/selftest/selftest.pl b/selftest/selftest.pl
index f534263..7bbad62 100755
--- a/selftest/selftest.pl
+++ b/selftest/selftest.pl
@@ -853,6 +853,9 @@ sub teardown_env($)
delete $running_envs{$envname};
}
+# This 'global' file needs to be empty when we start
+unlink("$prefix_abs/dns_host_file");
+
if ($opt_no_lazy_setup) {
setup_env($_) foreach (keys %required_envs);
}
diff --git a/selftest/target/Samba4.pm b/selftest/target/Samba4.pm
index 7a65847..9370a17 100644
--- a/selftest/target/Samba4.pm
+++ b/selftest/target/Samba4.pm
@@ -458,6 +458,9 @@ sub provision_raw_prepare($$$)
$ctx->{prefix} = $prefix;
$ctx->{prefix_abs} = $prefix_abs;
+
+ $ctx->{dns_host_file} = "$ENV{SELFTEST_PREFIX}/dns_host_file";
+
$ctx->{server_role} = $server_role;
$ctx->{netbiosname} = $netbiosname;
$ctx->{netbiosalias} = $netbiosalias;
@@ -569,7 +572,7 @@ sub provision_raw_step1($$)
winbindd privileged socket directory =
$ctx->{winbindd_privileged_socket_dir}
ntp signd socket directory = $ctx->{ntp_signd_socket_dir}
winbind separator = /
- name resolve order = bcast
+ name resolve order = bcast file
interfaces = $ctx->{interfaces}
tls dh params file = $ctx->{tlsdir}/dhparms.pem
panic action = $RealBin/gdb_backtrace \%PID% \%PROG%
@@ -582,7 +585,8 @@ sub provision_raw_step1($$)
log level = $ctx->{server_loglevel}
lanman auth = Yes
rndc command = /bin/true
- dns update command = /bin/true
+dns update command = $ENV{SRCDIR_ABS}/scripting/bin/samba_dnsupdate -s
$ctx->{smb_conf} --all-interfaces --use-file=$ctx->{dns_host_file}
+resolv:host file = $ctx->{dns_host_file}
";
if (defined($ctx->{sid_generator}) && $ctx->{sid_generator} ne
"internal") {
--
Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated
via e3cb626... s4:dsdb Show more detail in failure to compute the
aggregate DN.
via 2de0776... s4:dsdb Change dsdb_get_schema() callers to use new
talloc argument
via bf0b4d7... s4:dsdb Fix warnings in DEBUG() by casting to unsigned
long int
via a7ec946... s4:dsdb/acl Reduce calls to dsdb_get_schema() and add
memory context
via 1e6fee4... s4:dsdb Add a memory context for dsdb_get_schema()
via c874b9f... s4:dsdb Don't error out if we can't get the Aggregate
schema DN yet
from 19aa075... s4:registry - check also for other registry value types
in the generic test
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -
commit e3cb626c61515a9c372352843fafc368ffc6e871
Author: Andrew Bartlett
Date: Tue Mar 16 14:56:32 2010 +1100
s4:dsdb Show more detail in failure to compute the aggregate DN.
Andrew Bartlett
commit 2de07761e071ccf09c0ea9e0fdc6a61303356549
Author: Andrew Bartlett
Date: Tue Mar 16 14:52:39 2010 +1100
s4:dsdb Change dsdb_get_schema() callers to use new talloc argument
This choses an appropriate talloc context to attach the schema too,
long enough lived to ensure it does not go away before the operation
compleates.
Andrew Bartlett
commit bf0b4d7ee3f52f77d706ccea12abb2f033b4abd9
Author: Andrew Bartlett
Date: Tue Mar 16 14:46:31 2010 +1100
s4:dsdb Fix warnings in DEBUG() by casting to unsigned long int
commit a7ec946cedf29ad8a88fcd0b253468b61f369d86
Author: Andrew Bartlett
Date: Tue Mar 16 14:43:33 2010 +1100
s4:dsdb/acl Reduce calls to dsdb_get_schema() and add memory context
dsdb_get_schema() isn't a very cheap call, due to the use of LDB
opaque pointers. We need to call it less, and instead pass it as a
parameter where possible.
This also changes to the new API with a talloc context.
Andrew Bartlett
commit 1e6fee4185b726e532c98e0feec1121d59f734c5
Author: Andrew Bartlett
Date: Tue Mar 16 14:41:51 2010 +1100
s4:dsdb Add a memory context for dsdb_get_schema()
When specified, we talloc_reference onto this context to ensure that
pointers found in it are valid for the life of the objects they are
placed into. (Such as the string form of LDAP attributes).
Andrew Bartlett
commit c874b9f42eebacd9ad6baa90309635db8b8ec3fb
Author: Andrew Bartlett
Date: Tue Mar 16 14:40:15 2010 +1100
s4:dsdb Don't error out if we can't get the Aggregate schema DN yet
It's easier to just set it up when we can, then to deal with the
ordering issues in ldb startup. As long as we have it ready if a real
client ever asks for it, then we should be happy.
Andrew Bartlett
---
Summary of changes:
source4/dsdb/kcc/kcc_drs_replica_info.c| 10 +++-
source4/dsdb/repl/replicated_objects.c | 30 +---
source4/dsdb/samdb/ldb_modules/acl.c | 70 +---
source4/dsdb/samdb/ldb_modules/anr.c |2 +-
source4/dsdb/samdb/ldb_modules/descriptor.c|4 +-
source4/dsdb/samdb/ldb_modules/extended_dn_out.c |4 +-
source4/dsdb/samdb/ldb_modules/extended_dn_store.c |2 +-
source4/dsdb/samdb/ldb_modules/kludge_acl.c|7 ++-
source4/dsdb/samdb/ldb_modules/linked_attributes.c |9 ++-
source4/dsdb/samdb/ldb_modules/objectclass.c | 13 +++-
source4/dsdb/samdb/ldb_modules/operational.c | 25 +---
source4/dsdb/samdb/ldb_modules/repl_meta_data.c| 36 --
source4/dsdb/samdb/ldb_modules/resolve_oids.c | 20 +-
source4/dsdb/samdb/ldb_modules/rootdse.c |2 +-
source4/dsdb/samdb/ldb_modules/schema_data.c | 14 +++--
source4/dsdb/samdb/ldb_modules/schema_load.c |2 +-
source4/dsdb/samdb/ldb_modules/validate_update.c |8 +-
source4/dsdb/schema/schema_convert_to_ol.c |2 +-
source4/dsdb/schema/schema_set.c | 12 +++-
source4/dsdb/schema/tests/schema_syntax.c |2 +-
source4/lib/ldb-samba/ldif_handlers.c |2 +-
source4/libnet/libnet_vampire.c|2 +-
source4/rpc_server/drsuapi/getncchanges.c |4 +-
source4/scripting/python/pyglue.c |4 +-
source4/torture/libnet/libnet_BecomeDC.c |6 +-
source4/torture/rpc/dssync.c |2 +-
26 files changed, 201 insertions(+), 93 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source4/dsdb/kcc/kcc_drs_replica_info.c
b/source4/dsdb/kcc/kcc_drs_replica_info.c
index c64753b..322ccc9 100644
--- a/source4/dsdb/kcc/kcc_drs_replica_info.c
+++ b/source4/dsdb/kcc/kcc_drs_replica_info.c
@@ -181,6 +181,8 @@ static WERROR
kccdrs_replica_get_info_obj
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated
via 752b220... Fixed --ol-mmr-url helpline
via 947560f... Fixed OL-MMR make test
via 15172d3... Fixed MMR-URL-Split and changed RID-Range OpenLDAP
ITS6394
from b05f0db... s4-smbtorture: fix typo in RPC-SAMR-PASSWORDS-LOCKOUT
test.
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -
commit 752b2206cbb411e98e88efcfd1df9876a79d4a3d
Author: Oliver Liebel
Date: Wed Mar 17 20:11:11 2010 +0100
Fixed --ol-mmr-url helpline
Signed-off-by: Andrew Bartlett
commit 947560fe3754185cd6edf7e1cd7e5c5fe405fa39
Author: Oliver Liebel
Date: Wed Mar 17 20:14:19 2010 +0100
Fixed OL-MMR make test
Signed-off-by: Andrew Bartlett
commit 15172d3055349ba1280d671a94794ccb1e787775
Author: Oliver Liebel
Date: Wed Mar 17 20:08:08 2010 +0100
Fixed MMR-URL-Split and changed RID-Range OpenLDAP ITS6394
Signed-off-by: Andrew Bartlett
---
Summary of changes:
source4/scripting/python/samba/provisionbackend.py | 18 ++
source4/setup/provision|2 +-
source4/setup/tests/blackbox_provision-backend.sh |2 +-
3 files changed, 12 insertions(+), 10 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source4/scripting/python/samba/provisionbackend.py
b/source4/scripting/python/samba/provisionbackend.py
index 1919c5d..e510486 100644
--- a/source4/scripting/python/samba/provisionbackend.py
+++ b/source4/scripting/python/samba/provisionbackend.py
@@ -356,15 +356,17 @@ class OpenLDAPBackend(LDAPBackend):
# For now, make these equal
mmr_pass = self.ldapadminpass
-url_list=filter(None,self.ol_mmr_urls.split(' '))
+url_list=filter(None,self.ol_mmr_urls.split(','))
+for url in url_list:
+self.message("Using LDAP-URL: "+url)
if (len(url_list) == 1):
-url_list=filter(None,self.ol_mmr_urls.split(','))
-
+raise ProvisioningError("At least 2 LDAP-URLs needed for MMR!")
+
-mmr_on_config = "MirrorMode On"
-mmr_replicator_acl = " by dn=cn=replicator,cn=samba read"
-serverid=0
-for url in url_list:
+mmr_on_config = "MirrorMode On"
+mmr_replicator_acl = " by dn=cn=replicator,cn=samba read"
+serverid=0
+for url in url_list:
serverid=serverid+1
mmr_serverids_config +=
read_and_sub_file(self.setup_path("mmr_serverids.conf"),
{ "SERVERID" :
str(serverid),
@@ -400,7 +402,7 @@ class OpenLDAPBackend(LDAPBackend):
olc_serverids_config = ""
olc_syncrepl_seed_config = ""
olc_mmr_config +=
read_and_sub_file(self.setup_path("olc_mmr.conf"),{})
-rid=1000
+rid=500
for url in url_list:
serverid=serverid+1
olc_serverids_config +=
read_and_sub_file(self.setup_path("olc_serverid.conf"),
diff --git a/source4/setup/provision b/source4/setup/provision
index a04bc2a..9932759 100755
--- a/source4/setup/provision
+++ b/source4/setup/provision
@@ -109,7 +109,7 @@ parser.add_option("--partitions-only",
parser.add_option("--targetdir", type="string", metavar="DIR",
help="Set target directory")
parser.add_option("--ol-mmr-urls", type="string", metavar="LDAPSERVER",
-help="List of LDAP-URLS [ ldap://:/ (where
has to be different than 389!) ] separated with whitespaces for use with
OpenLDAP-MMR (Multi-Master-Replication)")
+help="List of LDAP-URLS [ ldap://:/ (where
has to be different than 389!) ] separated with comma (\",\") for use with
OpenLDAP-MMR (Multi-Master-Replication), e.g.:
\"ldap://s4dc1:9000,ldap://s4dc2:9000\"";)
parser.add_option("--slapd-path", type="string", metavar="SLAPD-PATH",
help="Path to slapd for LDAP backend
[e.g.:'/usr/local/libexec/slapd']. Required for Setup with LDAP-Backend.
OpenLDAP Version >= 2.4.17 should be used.")
parser.add_option("--setup-ds-path", type="string", metavar="SETUP_DS-PATH",
diff --git a/source4/setup/tests/blackbox_provision-backend.sh
b/source4/setup/tests/blackbox_provision-backend.sh
index 305c87a..ef7819f 100755
--- a/source4/setup/tests/blackbox_provision-backend.sh
+++ b/source4/s
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated
via 6de83ef... s4:dsdb Move rdn_name down the stack
from 0d6d068... s3-printing: Fix "printer admin" functionality.
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -
commit 6de83ef6277d8506478ce5ff43d33e39541b310c
Author: Andrew Bartlett
Date: Thu Mar 18 22:03:40 2010 +1100
s4:dsdb Move rdn_name down the stack
This is done so that it can be (in future) removed when the OpenLDAP
backend is in use and the rdn_val module is used, while keeping as
similar semantics as possible between the module stacks.
Andrew Bartlett
---
Summary of changes:
source4/dsdb/samdb/ldb_modules/samba_dsdb.c |2 +-
1 files changed, 1 insertions(+), 1 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source4/dsdb/samdb/ldb_modules/samba_dsdb.c
b/source4/dsdb/samdb/ldb_modules/samba_dsdb.c
index c929d65..8f7e540 100644
--- a/source4/dsdb/samdb/ldb_modules/samba_dsdb.c
+++ b/source4/dsdb/samdb/ldb_modules/samba_dsdb.c
@@ -175,7 +175,6 @@ static int samba_dsdb_init(struct ldb_module *module)
"asq",
"extended_dn_store",
"extended_dn_in",
-"rdn_name",
"objectclass",
"descriptor",
"acl",
@@ -186,6 +185,7 @@ static int samba_dsdb_init(struct ldb_module *module)
"kludge_acl",
"schema_load",
"instancetype",
+"rdn_name",
NULL };
const char **link_modules;
--
Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated
via f8019ff... s4:dsdb Add a shortcut sequence number for schema reloads
via fe3e1af... s4:dsdb Rework schema loading and add schema reloading
via d0b5447... s4:dsdb Move dsdb_save_partition_usn() to be a module
helper function
via 639728a... s4:schema Expand the schema structure
via 775c5ec... s4:dsdb Remove unused 'dsdb_make_schema_global' call
from pyglue
via 7fc94eb... s4:dsdb Add 'const' to some struct dsdb_schema variables
via fc5a507... s4:dsdb Don't load the schema unconditionally
from 8195832... s3: file_walk_table -> files_forall
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -
commit f8019ff793a735563ccedf5581c72e015fd62014
Author: Andrew Bartlett
Date: Mon Mar 22 18:44:51 2010 +1100
s4:dsdb Add a shortcut sequence number for schema reloads
This uses the ldb sequence number, in a hope to detect an unchanged
schema quicker.
Andrew Bartlett
commit fe3e1af901c970f738bee92baac5d7d4f5736e17
Author: Andrew Bartlett
Date: Mon Mar 22 16:03:33 2010 +1100
s4:dsdb Rework schema loading and add schema reloading
This commit reworks Samba4's schema loading code to detect when it
needs to reload the schema. This is done by watching the @REPLCHANGED
special DN.
The reload happens by means of a callback, which is only set when the
schema is loaded from the ldb - not when loaded from an LDIF file or
DRS.
We also rework the global schema handling - instead of storing the
pointer to the global schema in each ldb, we store a flag indicating
that the global schema should be returned at run time. This makes it
much easier to switch to a new global schema.
Andrew Bartlett
commit d0b54476fc9f855d1e482597538a7ec60e04f331
Author: Andrew Bartlett
Date: Mon Mar 22 16:00:39 2010 +1100
s4:dsdb Move dsdb_save_partition_usn() to be a module helper function
This function should not traverse the module stack again, but instead
run from this point. Also add a matching
dsdb_module_load_partition_usn() and change repl_meta_data to match.
Andrew Bartlett
commit 639728a29873e4cf59dfa149a231eae353f3753a
Author: Andrew Bartlett
Date: Mon Mar 22 15:41:51 2010 +1100
s4:schema Expand the schema structure
We now store the location of the schema in the schema, and provide
hooks for a future schema reloading mechanism.
Andrew Bartlett
commit 775c5ec1c57b4acf61c1c750c4832f64defcb5b6
Author: Andrew Bartlett
Date: Mon Mar 22 15:20:47 2010 +1100
s4:dsdb Remove unused 'dsdb_make_schema_global' call from pyglue
commit 7fc94eb9a7034c36943efbe04f4f4cdfb174c50e
Author: Andrew Bartlett
Date: Mon Mar 22 15:19:55 2010 +1100
s4:dsdb Add 'const' to some struct dsdb_schema variables
We don't currently require this, but we may move this way in future.
commit fc5a507a86f37aecb6702d8c2c3bdc462e49f9fd
Author: Andrew Bartlett
Date: Mon Mar 22 15:17:58 2010 +1100
s4:dsdb Don't load the schema unconditionally
Schema loads now come at a price, so avoid doing them if we don't have
to (such as when doing an @REPLCHANGED or other special DN based
search).
Andrew Bartlett
---
Summary of changes:
source4/dsdb/common/util.c | 88 ---
source4/dsdb/samdb/ldb_modules/extended_dn_out.c |7 +-
source4/dsdb/samdb/ldb_modules/repl_meta_data.c | 23 +-
source4/dsdb/samdb/ldb_modules/schema_data.c | 17 +-
source4/dsdb/samdb/ldb_modules/schema_load.c | 296 ++
source4/dsdb/samdb/ldb_modules/util.c| 175 +
source4/dsdb/schema/schema.h | 11 +
source4/dsdb/schema/schema_init.c|2 +
source4/dsdb/schema/schema_set.c | 80 --
source4/lib/ldb_wrap.c |5 +-
source4/scripting/python/pyglue.c| 17 --
11 files changed, 469 insertions(+), 252 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source4/dsdb/common/util.c b/source4/dsdb/common/util.c
index 9c29509..b469b06 100644
--- a/source4/dsdb/common/util.c
+++ b/source4/dsdb/common/util.c
@@ -2585,94 +2585,6 @@ int dsdb_load_partition_usn(struct ldb_context *ldb,
struct ldb_dn *dn,
return LDB_SUCCESS;
}
-/*
- save uSNHighest and uSNUrgent attributes in the @REPLCHANGED object for a
- partition
- */
-int dsdb_save_partition_usn(struct ldb_context *ldb, struct ldb_dn *dn,
- uint64_t uSN, uint64_t urgent_uSN)
-{
- struct ldb_request *req;
- struct ldb_message *msg;
- struct dsdb_control_current_partition *p_ctrl
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated
via 5592a9b... s4:selftest Test --sign and --encrypt options to
ldbsearch
via bb7854a... s4:cmdline Add --sign and --encrypt options to our
common command line
via a2286ba... s4:ntlmssp Ensure that we always negotiate signing if we
negotiate sealing.
from fbdcaa9... s3: Optimize gencache for smbd exit
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -
commit 5592a9ba5adb6e23a0fc580725184f39efce0486
Author: Andrew Bartlett
Date: Wed Mar 24 19:27:18 2010 +1100
s4:selftest Test --sign and --encrypt options to ldbsearch
commit bb7854afea47699be32f5331fe5f8f05e469cb96
Author: Andrew Bartlett
Date: Wed Mar 24 19:26:02 2010 +1100
s4:cmdline Add --sign and --encrypt options to our common command line
This allows ldbsearch to accept --sign and --encrypt. I'll soon work
to integrate with the --signing= option in smbclient.
Andrew Bartlett
commit a2286bad67a772d290fead9832b7ca52877c40b2
Author: Andrew Bartlett
Date: Wed Mar 24 16:09:02 2010 +1100
s4:ntlmssp Ensure that we always negotiate signing if we negotiate sealing.
Without this, a sealed LDAP connection to windows does not work.
Andrew Bartlett
---
Summary of changes:
source4/auth/ntlmssp/ntlmssp_client.c |1 +
source4/lib/cmdline/popt_credentials.c | 29 -
source4/selftest/tests.sh |4 ++--
3 files changed, 31 insertions(+), 3 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source4/auth/ntlmssp/ntlmssp_client.c
b/source4/auth/ntlmssp/ntlmssp_client.c
index 7aef086..b518fa8 100644
--- a/source4/auth/ntlmssp/ntlmssp_client.c
+++ b/source4/auth/ntlmssp/ntlmssp_client.c
@@ -368,6 +368,7 @@ NTSTATUS gensec_ntlmssp_client_start(struct gensec_security
*gensec_security)
gensec_ntlmssp_state->neg_flags |= NTLMSSP_NEGOTIATE_SIGN;
}
if (gensec_security->want_features & GENSEC_FEATURE_SEAL) {
+ gensec_ntlmssp_state->neg_flags |= NTLMSSP_NEGOTIATE_SIGN;
gensec_ntlmssp_state->neg_flags |= NTLMSSP_NEGOTIATE_SEAL;
}
diff --git a/source4/lib/cmdline/popt_credentials.c
b/source4/lib/cmdline/popt_credentials.c
index 42ecac1..80f71eb 100644
--- a/source4/lib/cmdline/popt_credentials.c
+++ b/source4/lib/cmdline/popt_credentials.c
@@ -39,7 +39,7 @@
static bool dont_ask;
-enum opt { OPT_SIMPLE_BIND_DN, OPT_PASSWORD, OPT_KERBEROS };
+enum opt { OPT_SIMPLE_BIND_DN, OPT_PASSWORD, OPT_KERBEROS, OPT_SIGN,
OPT_ENCRYPT };
/*
disable asking for a password
@@ -66,6 +66,7 @@ static void popt_common_credentials_callback(poptContext con,
cli_credentials_set_cmdline_callbacks(cmdline_credentials);
}
return;
+
}
switch(opt->val) {
@@ -119,9 +120,33 @@ static void popt_common_credentials_callback(poptContext
con,
}
case OPT_SIMPLE_BIND_DN:
+ {
cli_credentials_set_bind_dn(cmdline_credentials, arg);
break;
}
+ case OPT_SIGN:
+ {
+ uint32_t gensec_features;
+
+ gensec_features =
cli_credentials_get_gensec_features(cmdline_credentials);
+
+ gensec_features |= GENSEC_FEATURE_SIGN;
+ cli_credentials_set_gensec_features(cmdline_credentials,
+ gensec_features);
+ break;
+ }
+ case OPT_ENCRYPT:
+ {
+ uint32_t gensec_features;
+
+ gensec_features =
cli_credentials_get_gensec_features(cmdline_credentials);
+
+ gensec_features |= GENSEC_FEATURE_SEAL;
+ cli_credentials_set_gensec_features(cmdline_credentials,
+ gensec_features);
+ break;
+ }
+ }
}
@@ -135,5 +160,7 @@ struct poptOption popt_common_credentials[] = {
{ "machine-pass", 'P', POPT_ARG_NONE, NULL, 'P', "Use stored machine
account password (implies -k)" },
{ "simple-bind-dn", 0, POPT_ARG_STRING, NULL, OPT_SIMPLE_BIND_DN, "DN
to use for a simple bind" },
{ "kerberos", 'k', POPT_ARG_STRING, NULL, OPT_KERBEROS, "Use Kerberos"
},
+ { "sign", 'S', POPT_ARG_NONE, NULL, OPT_SIGN, "Sign connection to
prevent modification in transit" },
+ { "encrypt", 'e', POPT_ARG_NONE, NULL, OPT_ENCRYPT, "Encrypt connection
for privacy" },
{ NULL }
};
diff --git a/source4/selftest/tests.sh b/source4/selftest/tests.sh
index e6a8c25..8dd8f2b 100755
--- a/source4/selftest/tests.sh
++
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated
via 0a65bb5... s4:selftest Add testing of kpasswd password set on
servicePrincipalName
via 5f6f7a2... s4:kdc Add support for changing password of a
servicePrincipalName
from 6199ae4... s4-ldb: fixed command line parsing in oLschema2ldif
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -
commit 0a65bb57a18176a4aaa6972c025062577b124ee7
Author: Andrew Bartlett
Date: Thu Mar 25 16:30:54 2010 +1100
s4:selftest Add testing of kpasswd password set on servicePrincipalName
commit 5f6f7a2e518b53783df60e497e1b12fdaee307a7
Author: Andrew Bartlett
Date: Thu Mar 25 16:27:40 2010 +1100
s4:kdc Add support for changing password of a servicePrincipalName
Apparently AD supports setting a password on a servicePrincipalName,
not just a user principal name. This should fix (part of) the join of
OpenSolaris's internal CIFS server to Samba4 as reported by Bug #7273
Andrew Bartlett
---
Summary of changes:
source4/kdc/kpasswdd.c | 42 -
testprogs/blackbox/test_kinit.sh | 31
2 files changed, 63 insertions(+), 10 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source4/kdc/kpasswdd.c b/source4/kdc/kpasswdd.c
index e65f25d..5e1efee 100644
--- a/source4/kdc/kpasswdd.c
+++ b/source4/kdc/kpasswdd.c
@@ -250,6 +250,7 @@ static bool kpasswd_process_request(struct kdc_server *kdc,
krb5_principal principal;
char *set_password_on_princ;
struct ldb_dn *set_password_on_dn;
+ bool service_principal_name = false;
size_t len;
int ret;
@@ -311,14 +312,29 @@ static bool kpasswd_process_request(struct kdc_server
*kdc,
}
free_ChangePasswdDataMS(&chpw);
- if (krb5_unparse_name(context, principal,
&set_password_on_princ) != 0) {
- krb5_free_principal(context, principal);
- return kpasswdd_make_error_reply(kdc, mem_ctx,
- KRB5_KPASSWD_MALFORMED,
- "krb5_unparse_name
failed!",
- reply);
- }
+ if (principal->name.name_string.len >= 2) {
+ service_principal_name = true;
+ /* We use this, rather than 'no realm' flag,
+* as we don't want to accept a password
+* change on a principal from another realm */
+
+ if (krb5_unparse_name_short(context, principal,
&set_password_on_princ) != 0) {
+ krb5_free_principal(context, principal);
+ return kpasswdd_make_error_reply(kdc, mem_ctx,
+
KRB5_KPASSWD_MALFORMED,
+
"krb5_unparse_name failed!",
+reply);
+ }
+ } else {
+ if (krb5_unparse_name(context, principal,
&set_password_on_princ) != 0) {
+ krb5_free_principal(context, principal);
+ return kpasswdd_make_error_reply(kdc, mem_ctx,
+
KRB5_KPASSWD_MALFORMED,
+
"krb5_unparse_name failed!",
+reply);
+ }
+ }
krb5_free_principal(context, principal);
samdb = samdb_connect(mem_ctx, kdc->task->event_ctx,
kdc->task->lp_ctx, session_info);
@@ -344,9 +360,15 @@ static bool kpasswd_process_request(struct kdc_server *kdc,
reply);
}
- status = crack_user_principal_name(samdb, mem_ctx,
- set_password_on_princ,
- &set_password_on_dn, NULL);
+ if (service_principal_name) {
+ status = crack_service_principal_name(samdb, mem_ctx,
+
set_password_on_princ,
+
&set_password_on_dn, NULL);
+ } else {
+ status = crack_user_principal_name(samdb
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 1f04675... s4:heimdal Use correct variable to advance past -- options in kpasswd via f47454a... s4:heimdal_build Remove forced HAVE_STRERROR_R via 64b8b0c... s4:heimal Update generated files (cp from Heimdal) via df7fbf2... s4:testprogs Update test to match current Heimdal via 533024b... s4:heimdal: import lorikeet-heimdal-201003262338 (commit f4e0dc17709829235f057e0e100d34802d3929ff) via 6798543... s4:testprogs Fix kinit test for updated Heimdal via 564d5cd... s4:heimdal New files and supporting logic for heimdal update via 89eaef0... s4:heimdal: import lorikeet-heimdal-201001120029 (commit a5e675fed7c5db8a7370b77ed0bfa724196aa84d) from fac8ca5... Fix bug #7240 - Net usershare is not case sensitive. http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 1f0467562b50e29eabae070c3d0088d4fc62d3a0 Author: Andrew Bartlett Date: Sat Mar 27 19:13:28 2010 +1100 s4:heimdal Use correct variable to advance past -- options in kpasswd This bug was introduced when kpasswd was migrated to a local getarg() call, in Heimdal commit 7dd146072cd9b56d660a01f4aa20f8d81be356e8 Andrew Bartlett commit f47454a04d7656e93de7286e1105119fe80cb366 Author: Andrew Bartlett Date: Sat Mar 27 19:12:33 2010 +1100 s4:heimdal_build Remove forced HAVE_STRERROR_R This just causes warnings, now upstream has a more complete fix. commit 64b8b0cdafc18dcf65dcc4210be50e6139f553d7 Author: Andrew Bartlett Date: Sat Mar 27 12:24:00 2010 +1100 s4:heimal Update generated files (cp from Heimdal) commit df7fbf28ee3e4d75a6bf824bb2a5681dc65d38b1 Author: Andrew Bartlett Date: Sat Mar 27 12:23:21 2010 +1100 s4:testprogs Update test to match current Heimdal commit 533024be44861c8d2c8ba3232738c7d2dbbe2e4f Author: Andrew Bartlett Date: Sat Mar 27 11:55:22 2010 +1100 s4:heimdal: import lorikeet-heimdal-201003262338 (commit f4e0dc17709829235f057e0e100d34802d3929ff) commit 679854384252e698b8f8c09d31eb15ed043c919b Author: Andrew Bartlett Date: Sat Mar 27 11:48:05 2010 +1100 s4:testprogs Fix kinit test for updated Heimdal commit 564d5cd2c48b9d9debccf03433cfee282040e2da Author: Andrew Bartlett Date: Tue Jan 12 13:24:33 2010 +1100 s4:heimdal New files and supporting logic for heimdal update commit 89eaef025376339ef25d07cdc4748920fceaa968 Author: Andrew Bartlett Date: Tue Jan 12 18:16:45 2010 +1100 s4:heimdal: import lorikeet-heimdal-201001120029 (commit a5e675fed7c5db8a7370b77ed0bfa724196aa84d) --- Summary of changes: .gitignore |5 + source4/heimdal/cf/make-proto.pl | 23 +- source4/heimdal/kdc/default_config.c | 121 ++-- source4/heimdal/kdc/headers.h |5 +- source4/heimdal/kdc/kaserver.c |6 +- source4/heimdal/kdc/kdc.h |8 +- source4/heimdal/kdc/kdc_locl.h |4 + source4/heimdal/kdc/kerberos5.c| 176 ++-- source4/heimdal/kdc/krb5tgs.c |7 +- source4/heimdal/kdc/kx509.c| 18 +- source4/heimdal/kdc/log.c |8 +- source4/heimdal/kdc/misc.c |2 - source4/heimdal/kdc/pkinit.c | 33 +- source4/heimdal/kdc/windc.c|2 - source4/heimdal/kpasswd/kpasswd.c | 21 +- source4/heimdal/kuser/kinit.c | 164 ++--- source4/heimdal/lib/asn1/asn1-common.h |1 + source4/heimdal/lib/asn1/asn1-template.h | 141 +++ source4/heimdal/lib/asn1/asn1_err.et |2 + source4/heimdal/lib/asn1/asn1parse.c | 818 +- source4/heimdal/lib/asn1/asn1parse.h |2 +- source4/heimdal/lib/asn1/asn1parse.y | 15 +- source4/heimdal/lib/asn1/cms.asn1 |2 +- source4/heimdal/lib/asn1/der.h |2 + source4/heimdal/lib/asn1/der_copy.c| 30 + source4/heimdal/lib/asn1/der_free.c| 27 + source4/heimdal/lib/asn1/der_get.c | 34 +- source4/heimdal/lib/asn1/der_length.c | 16 + source4/heimdal/lib/asn1/der_locl.h|2 + source4/heimdal/lib/asn1/digest.asn1 | 15 + source4/heimdal/lib/asn1/extra.c | 42 +- source4/heimdal/lib/asn1/gen.c | 267 +- source4/heimdal/lib/asn1/gen_copy.c|4 - source4/heimdal/lib/asn1/gen_decode.c | 36 +- source4/heimdal/lib/asn1/gen_encode.c |5 - source4/heimdal/lib/asn1/gen_free.c
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated
via 7726773... s4:dsdb Don't use the permissive modify control on
schemaInfo updates
via 5ebeab3... s4:dsdb Don't return operational attributes on special
DNs
via 6ef167c... s4:rootdse Implement "tokenGroups" in the rootDSE
via 944dc2c... s4:dsdb Improve error message in extended_dn_in
via 78dd377... s4:ldif_handlers tokenGroups are SIDs
via 4b27cc0... s4:rpc_server Fix segfault in modified SamLogon handling
via bc66599... s4:provision Don't make the 'slaptest' call produce
errors
via 0340826... s4:rpc_server Add all SIDs into the netlogon SamLogon
reply
via 4074739... s4:schema Try to fix OpenLDAP backend after schema
reload support.
via c8cb17a... s4:heimdal Create a new PAC when impersonating a user
with S4U2Self
via f2b63d5... s4:kdc Add functions to hdb-samba4 for the new s4u2self
callback.
via 1d59abc... s4:heimdal Add hooks to check with the DB before we
allow s4u2self
via aecaddf... s4:credentials Add the functions needed to do S4U2Self
with cli_credentials
via 18f0e24... s4:credentials talloc_free() any previous salt_principal
from 5beaef7... s4:autogen-waf: generate 'Makefile' instead of 'makefile'
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -
commit 77267733edba42f03f89f3777854569bf221
Author: Andrew Bartlett
Date: Sat Apr 10 20:39:45 2010 +1000
s4:dsdb Don't use the permissive modify control on schemaInfo updates
The use of 'replace' is enough to wipe out the old value, whatever it
is, we don't need to set 'permissive modify' too.
Additionally, this seems to be causing trouble for the OpenLDAP backend
Andrew Bartlett
commit 5ebeab379430104c615fd401abe9a8c7dc3339b8
Author: Andrew Bartlett
Date: Fri Apr 9 19:07:12 2010 +1000
s4:dsdb Don't return operational attributes on special DNs
commit 6ef167c37bcf2842434a51733c351246294842a2
Author: Andrew Bartlett
Date: Fri Apr 9 17:22:35 2010 +1000
s4:rootdse Implement "tokenGroups" in the rootDSE
This returns the currently connected user's full token. This is very
useful for debugging, and should be used in ACL tests.
Andrew Bartlett
commit 944dc2cb0ba13799a343f655a353013e4a9d8dd1
Author: Andrew Bartlett
Date: Fri Apr 9 17:21:21 2010 +1000
s4:dsdb Improve error message in extended_dn_in
This error occours when an extended DN cannot be resolved, so it's
most helpful to print the problematic extended DN.
Andrew Bartlett
commit 78dd3778494600f8047ba2dd0ea8635eb84258f7
Author: Andrew Bartlett
Date: Wed Apr 7 14:03:29 2010 +1000
s4:ldif_handlers tokenGroups are SIDs
commit 4b27cc0ea6e829c316da1ee87de180ff8de88fc5
Author: Andrew Bartlett
Date: Wed Apr 7 10:42:16 2010 +1000
s4:rpc_server Fix segfault in modified SamLogon handling
commit bc6659936a4719a30d1f289bca7dbe639cb972cf
Author: Andrew Bartlett
Date: Mon Apr 5 19:03:14 2010 +1000
s4:provision Don't make the 'slaptest' call produce errors
Adding -n 0 also allows us to check the error code too
Andrew Bartlett
commit 03408267720cc1326be06fe1b6871b31ab18c097
Author: Andrew Bartlett
Date: Tue Mar 30 21:23:46 2010 +1100
s4:rpc_server Add all SIDs into the netlogon SamLogon reply
We were missing the SIDs that are not in the domain.
commit 4074739fe71a27feb950aa35f74bb27dc42c17f2
Author: Andrew Bartlett
Date: Mon Mar 29 21:16:18 2010 +1100
s4:schema Try to fix OpenLDAP backend after schema reload support.
If we can't get @REPLCHANGED, default to a value of 0.
Andrew Bartlett
commit c8cb17a18c8acd831d9197fd4457881bf58250b1
Author: Andrew Bartlett
Date: Mon Mar 29 18:13:46 2010 +1100
s4:heimdal Create a new PAC when impersonating a user with S4U2Self
If we don't do this, the PAC is given for the machine accout, not the
account being impersonated.
Andrew Bartlett
commit f2b63d58da895d11ed4905df30c777369fad
Author: Andrew Bartlett
Date: Sat Mar 27 23:11:06 2010 +1100
s4:kdc Add functions to hdb-samba4 for the new s4u2self callback.
For now, this shares the 'if it's the same host' system with the
constrained delegation code.
Andrew Bartlett
commit 1d59abc724a9ad01fdc61f3e6cfdf41c9f4cb910
Author: Andrew Bartlett
Date: Sat Mar 27 23:09:31 2010 +1100
s4:heimdal Add hooks to check with the DB before we allow s4u2self
This allows us to resolve multiple forms of a name, allowing for
example machi...@realm to get an S4U2Self ticket for
host/mach...@realm.
Andrew Bartlett
commit aecaddfa1b2a55c9cc91c3644947c3686714ceb5
Author: Andr
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated
via 2c193fe... s4:auth Remove event context from anonymous_session()
from 18078ec... s3: Use IS_DC macro in get_global_sam_name()
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -
commit 2c193fe91af60f29ed4d560496842073097469bb
Author: Andrew Bartlett
Date: Fri Apr 9 17:18:53 2010 +1000
s4:auth Remove event context from anonymous_session()
This should always return a simple structure with no need to consult a
DB, so remove the event context, and simplfy to call helper functions
that don't look at privilages.
Andrew Bartlett
---
Summary of changes:
source4/auth/gensec/schannel.c |2 +-
source4/auth/session.c | 114 +-
source4/auth/session.h |2 -
source4/auth/system_session.c | 119 +--
source4/ldap_server/ldap_server.c |2 +-
source4/rpc_server/common/server_info.c |2 +-
source4/rpc_server/service_rpc.c|1 -
7 files changed, 119 insertions(+), 123 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source4/auth/gensec/schannel.c b/source4/auth/gensec/schannel.c
index 939a383..7877ea4 100644
--- a/source4/auth/gensec/schannel.c
+++ b/source4/auth/gensec/schannel.c
@@ -206,7 +206,7 @@ static NTSTATUS schannel_session_info(struct
gensec_security *gensec_security,
struct auth_session_info
**_session_info)
{
struct schannel_state *state =
talloc_get_type(gensec_security->private_data, struct schannel_state);
- return auth_anonymous_session_info(state, gensec_security->event_ctx,
gensec_security->settings->lp_ctx, _session_info);
+ return auth_anonymous_session_info(state,
gensec_security->settings->lp_ctx, _session_info);
}
static NTSTATUS schannel_start(struct gensec_security *gensec_security)
diff --git a/source4/auth/session.c b/source4/auth/session.c
index ef5646f..8efdcd8 100644
--- a/source4/auth/session.c
+++ b/source4/auth/session.c
@@ -2,7 +2,7 @@
Unix SMB/CIFS implementation.
Authentication utility functions
Copyright (C) Andrew Tridgell 1992-1998
- Copyright (C) Andrew Bartlett 2001
+ Copyright (C) Andrew Bartlett 2001-2010
Copyright (C) Jeremy Allison 2000-2001
Copyright (C) Rafal Szczesniak 2002
Copyright (C) Stefan Metzmacher 2005
@@ -31,127 +31,17 @@
#include "auth/session_proto.h"
_PUBLIC_ struct auth_session_info *anonymous_session(TALLOC_CTX *mem_ctx,
- struct tevent_context *event_ctx,
struct loadparm_context *lp_ctx)
{
NTSTATUS nt_status;
struct auth_session_info *session_info = NULL;
- nt_status = auth_anonymous_session_info(mem_ctx, event_ctx, lp_ctx,
&session_info);
+ nt_status = auth_anonymous_session_info(mem_ctx, lp_ctx, &session_info);
if (!NT_STATUS_IS_OK(nt_status)) {
return NULL;
}
return session_info;
}
-_PUBLIC_ NTSTATUS auth_anonymous_session_info(TALLOC_CTX *parent_ctx,
-struct tevent_context *event_ctx,
-struct loadparm_context *lp_ctx,
-struct auth_session_info **_session_info)
-{
- NTSTATUS nt_status;
- struct auth_serversupplied_info *server_info = NULL;
- struct auth_session_info *session_info = NULL;
- TALLOC_CTX *mem_ctx = talloc_new(parent_ctx);
-
- nt_status = auth_anonymous_server_info(mem_ctx,
- lp_netbios_name(lp_ctx),
- &server_info);
- if (!NT_STATUS_IS_OK(nt_status)) {
- talloc_free(mem_ctx);
- return nt_status;
- }
-
- /* references the server_info into the session_info */
- nt_status = auth_generate_session_info(parent_ctx, event_ctx, lp_ctx,
server_info, &session_info);
- talloc_free(mem_ctx);
-
- NT_STATUS_NOT_OK_RETURN(nt_status);
-
- session_info->credentials = cli_credentials_init(session_info);
- if (!session_info->credentials) {
- return NT_STATUS_NO_MEMORY;
- }
-
- cli_credentials_set_conf(session_info->credentials, lp_ctx);
- cli_credentials_set_anonymous(session_info->credentials);
-
- *_session_info = session_info;
-
- return NT_STATUS_OK;
-}
-
-_PUBLIC_ NTSTATUS auth_anonymous_server_info(TALLOC_CTX *mem_ctx,
- const char *netbios_name,
- struct auth_serversupplied_info
**_server_info)
-{
- struct auth_s
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated
via 589a42e... s4:auth Change auth_generate_session_info to take an
auth context
via 4e2384e... s4:auth Allow the simple 'struct auth_session_info'
generator for all users
from 577bceb... s3-winbind: Authenticate SAM users
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -
commit 589a42e2da7d7cd382deb94c57b0c6dbca269e55
Author: Andrew Bartlett
Date: Tue Apr 13 12:00:06 2010 +1000
s4:auth Change auth_generate_session_info to take an auth context
The auth context was in the past only for NTLM authentication, but we
need a SAM, an event context and and loadparm context for calculating
the local groups too, so re-use that infrustructure we already have in
place.
However, to avoid problems where we may not have an auth_context (in
torture tests, for example), allow a simpler 'session_info' to be
generated, by passing this via an indirection in gensec and an
generate_session_info() function pointer in the struct auth_context.
In the smb_server (for old-style session setups) we need to change the
async context to a new 'struct sesssetup_context'. This allows us to
use the auth_context in processing the authentication reply .
Andrew Bartlett
commit 4e2384e2426745023553afb21270165872c61b02
Author: Andrew Bartlett
Date: Tue Apr 13 18:24:43 2010 +1000
s4:auth Allow the simple 'struct auth_session_info' generator for all users
This code isn't ideal, but it is better than needing to consult the
main SamDB in things like a torture test.
Andrew Bartlett
---
Summary of changes:
source4/auth/auth.h |8 +++
source4/auth/gensec/gensec.c | 21 -
source4/auth/gensec/gensec.h |1 +
source4/auth/gensec/gensec_gssapi.c |4 +-
source4/auth/gensec/gensec_krb5.c |2 +-
source4/auth/ntlm/auth.c |5 ++
source4/auth/ntlm/auth_sam.c | 24 +-
source4/auth/ntlm/auth_simple.c |3 +-
source4/auth/ntlmssp/ntlmssp_server.c | 10 ++--
source4/auth/sam.c|1 +
source4/auth/session.c| 13 +++---
source4/auth/session.h|9 ++--
source4/auth/system_session.c | 16 +++---
source4/smb_server/smb/sesssetup.c| 79 +---
source4/smbd/service_named_pipe.c | 62 --
15 files changed, 183 insertions(+), 75 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source4/auth/auth.h b/source4/auth/auth.h
index bbdbbc3..915d103 100644
--- a/source4/auth/auth.h
+++ b/source4/auth/auth.h
@@ -126,6 +126,7 @@ struct auth_serversupplied_info
struct auth_method_context;
struct auth_check_password_request;
struct auth_context;
+struct auth_session_info;
struct auth_operations {
const char *name;
@@ -185,6 +186,9 @@ struct auth_context {
/* loadparm context */
struct loadparm_context *lp_ctx;
+ /* SAM database for this local machine - to fill in local groups, or to
authenticate local NTLM users */
+ struct ldb_context *sam_ctx;
+
NTSTATUS (*check_password)(struct auth_context *auth_ctx,
TALLOC_CTX *mem_ctx,
const struct auth_usersupplied_info
*user_info,
@@ -201,6 +205,10 @@ struct auth_context {
const char *principal,
struct auth_serversupplied_info
**server_info);
+ NTSTATUS (*generate_session_info)(TALLOC_CTX *mem_ctx,
+ struct auth_context *auth_context,
+ struct auth_serversupplied_info
*server_info,
+ struct auth_session_info
**session_info);
};
/* this structure is used by backends to determine the size of some critical
types */
diff --git a/source4/auth/gensec/gensec.c b/source4/auth/gensec/gensec.c
index 7430eef..b532c15 100644
--- a/source4/auth/gensec/gensec.c
+++ b/source4/auth/gensec/gensec.c
@@ -29,6 +29,8 @@
#include "librpc/rpc/dcerpc.h"
#include "auth/credentials/credentials.h"
#include "auth/gensec/gensec.h"
+#include "auth/auth.h"
+#include "auth/system_session_proto.h"
#include "param/param.h"
#include "lib/util/tsort.h"
@@ -596,6 +598,8 @@ _PUBLIC_ NTSTATUS gensec_client_start(TALLOC_CTX *mem_ctx,
return status;
}
+
+
/**
Start the GENSEC system, in server mode, returning a context pointer.
@param mem_ctx The parent TALLOC memory context.
@@ -1292,7 +1296,6 @@ _PUBLIC_ const struct tsocket_addres
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated
via ea5cf7c... s4:provision Pass in the invoication ID and NTDS
Settings DN to Schema()
from 60d3692... Now SMB2 error messages are correctly being returned
with the 1 byte data area, smbd_smb2_request_error_ex() must call
smbd_smb2_request_done_ex() in order to do the padding correctly on compound
replies.
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -
commit ea5cf7ce05f295c34d0fca194ed7d8691f1e04ab
Author: Andrew Bartlett
Date: Tue Apr 20 11:48:51 2010 +1000
s4:provision Pass in the invoication ID and NTDS Settings DN to Schema()
By putting these values into the cache on the LDB, this reduces some
of the noise in provision, particularly with the LDAP backend.
Andrew Bartlett
---
Summary of changes:
source4/dsdb/common/util.c | 39 ++-
source4/dsdb/pydsdb.c | 36
source4/dsdb/samdb/ldb_modules/samba_dsdb.c |2 +-
source4/scripting/python/samba/provision.py | 10 +++---
source4/scripting/python/samba/samdb.py | 20 +++--
source4/scripting/python/samba/schema.py| 12 ++--
6 files changed, 106 insertions(+), 13 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source4/dsdb/common/util.c b/source4/dsdb/common/util.c
index 66a0b0f..30cb5c5 100644
--- a/source4/dsdb/common/util.c
+++ b/source4/dsdb/common/util.c
@@ -1173,6 +1173,43 @@ failed:
return false;
}
+bool samdb_set_ntds_settings_dn(struct ldb_context *ldb, struct ldb_dn
*ntds_settings_dn_in)
+{
+ TALLOC_CTX *tmp_ctx;
+ struct ldb_dn *ntds_settings_dn_new;
+ struct ldb_dn *ntds_settings_dn_old;
+
+ /* see if we have a cached copy */
+ ntds_settings_dn_old = talloc_get_type(ldb_get_opaque(ldb,
+
"cache.ntds_settings_dn"), struct ldb_dn);
+
+ tmp_ctx = talloc_new(ldb);
+ if (tmp_ctx == NULL) {
+ goto failed;
+ }
+
+ ntds_settings_dn_new = ldb_dn_copy(tmp_ctx, ntds_settings_dn_in);
+ if (!ntds_settings_dn_new) {
+ goto failed;
+ }
+
+ /* cache the domain_sid in the ldb */
+ if (ldb_set_opaque(ldb, "cache.ntds_settings_dn", ntds_settings_dn_new)
!= LDB_SUCCESS) {
+ goto failed;
+ }
+
+ talloc_steal(ldb, ntds_settings_dn_new);
+ talloc_free(tmp_ctx);
+ talloc_free(ntds_settings_dn_old);
+
+ return true;
+
+failed:
+ DEBUG(1,("Failed to set our NTDS Settings DN in the ldb!\n"));
+ talloc_free(tmp_ctx);
+ return false;
+}
+
/* Obtain the short name of the flexible single master operator
* (FSMO), such as the PDC Emulator */
const char *samdb_result_fsmo_name(struct ldb_context *ldb, TALLOC_CTX
*mem_ctx, const struct ldb_message *msg,
@@ -1207,7 +1244,7 @@ struct ldb_dn *samdb_ntds_settings_dn(struct ldb_context
*ldb)
struct ldb_dn *settings_dn;
/* see if we have a cached copy */
- settings_dn = (struct ldb_dn *)ldb_get_opaque(ldb, "cache.settings_dn");
+ settings_dn = (struct ldb_dn *)ldb_get_opaque(ldb,
"cache.ntds_settings_dn");
if (settings_dn) {
return settings_dn;
}
diff --git a/source4/dsdb/pydsdb.c b/source4/dsdb/pydsdb.c
index 88c6208..45f8b6e 100644
--- a/source4/dsdb/pydsdb.c
+++ b/source4/dsdb/pydsdb.c
@@ -127,6 +127,38 @@ static PyObject *py_samdb_set_domain_sid(PyLdbObject
*self, PyObject *args)
Py_RETURN_NONE;
}
+static PyObject *py_samdb_set_ntds_settings_dn(PyLdbObject *self, PyObject
*args)
+{
+ PyObject *py_ldb, *py_ntds_settings_dn;
+ struct ldb_context *ldb;
+ struct ldb_dn *ntds_settings_dn;
+ TALLOC_CTX *tmp_ctx;
+ bool ret;
+
+ if (!PyArg_ParseTuple(args, "OO", &py_ldb, &py_ntds_settings_dn))
+ return NULL;
+
+ PyErr_LDB_OR_RAISE(py_ldb, ldb);
+
+ tmp_ctx = talloc_new(NULL);
+ if (tmp_ctx == NULL) {
+ PyErr_NoMemory();
+ return NULL;
+ }
+
+ if (!PyObject_AsDn(tmp_ctx, py_ntds_settings_dn, ldb,
&ntds_settings_dn)) {
+ return NULL;
+ }
+
+ ret = samdb_set_ntds_settings_dn(ldb, ntds_settings_dn);
+ talloc_free(tmp_ctx);
+ if (!ret) {
+ PyErr_SetString(PyExc_RuntimeError, "set_ntds_settings_dn
failed");
+ return NULL;
+ }
+ Py_RETURN_NONE;
+}
+
static PyObject *py_samdb_get_domain_sid(PyLdbObject *self, PyObject *args)
{
PyObject *py_ldb;
@@ -356,6 +388,10 @@ static PyMethodDef py_dsdb_methods[] = {
"Get SID of domain in
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated
via 538a07a... s4:provisionbackend Print the command we failed to start
slapd with
from ea5cf7c... s4:provision Pass in the invoication ID and NTDS
Settings DN to Schema()
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -
commit 538a07a80aae72b57e5c23133158c7f214d0c27a
Author: Andrew Bartlett
Date: Tue Apr 20 14:24:22 2010 +1000
s4:provisionbackend Print the command we failed to start slapd with
This makes it easier to put failed startups into a debugger.
Andrew Bartlett
---
Summary of changes:
source4/scripting/python/samba/provisionbackend.py |3 ++-
1 files changed, 2 insertions(+), 1 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source4/scripting/python/samba/provisionbackend.py
b/source4/scripting/python/samba/provisionbackend.py
index 08deb4a..25e416c 100644
--- a/source4/scripting/python/samba/provisionbackend.py
+++ b/source4/scripting/python/samba/provisionbackend.py
@@ -232,7 +232,8 @@ class LDAPBackend(ProvisionBackend):
return
except LdbError:
time.sleep(1)
-
+
+self.message("Could not start slapd with: %s" % "\'" + "\'
\'".join(self.slapd_provision_command) + "\'")
raise ProvisioningError("slapd died before we could make a connection
to it")
def shutdown(self):
--
Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated
via e11f92b... s4:provision Make OpenLDAP backend more robust
via 47e7e48... s4:ldap-backend Fix LSA test failures with OpenLDAP
backend - convert SIDs
via 466fbe2... s4:provison Pass nosync in for the OpenLDAP cn=config too
via fe3d872... s4:selftest Ensure we don't fsync() all day in the LDAP
backend test
via cbb8182... s4:OpenLDAP-backend Use the new rdnval module in OpenLDAP
via 9eacde8... s4:dsdb Revert accidentilly commited change for LDAP
backends
via a50f6aa... s4:provision Use more reasonable values for DB_CONFIG
from d950e9e... build: added --enable-auto-reconfigure
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -
commit e11f92ba73028b608207ed91aaa22376756d7a73
Author: Andrew Bartlett
Date: Thu Apr 22 17:20:21 2010 +1000
s4:provision Make OpenLDAP backend more robust
With the extra moduleload lines (which succeed if it's already
staticly linked), we now work with OpenLDAP overlays as modules.
Andrew Bartlett
commit 47e7e487469fa1f3fafe0a52560e0049801a5ac7
Author: Andrew Bartlett
Date: Thu Apr 22 11:39:21 2010 +1000
s4:ldap-backend Fix LSA test failures with OpenLDAP backend - convert SIDs
The SIDs in some queries were not being passed as binary, but as
strings in comparison with the securityIdentifer object. We need to
recognise that these are SIDs in the simple_ldap_map.
Andrew Bartlett
commit 466fbe278a6f96f1b9942954a164262a14894bfe
Author: Andrew Bartlett
Date: Thu Apr 22 11:38:43 2010 +1000
s4:provison Pass nosync in for the OpenLDAP cn=config too
commit fe3d872656ff68de60c1af91ccf292e2565fde8b
Author: Andrew Bartlett
Date: Thu Apr 22 11:37:41 2010 +1000
s4:selftest Ensure we don't fsync() all day in the LDAP backend test
Passing this option greatly reduces the time spent in the test.
Andrew Bartlett
commit cbb818222aea20b47adbcd5e4461949d7e5d5107
Author: Andrew Bartlett
Date: Tue Apr 20 15:35:51 2010 +1000
s4:OpenLDAP-backend Use the new rdnval module in OpenLDAP
This is rather than rdn_name, which tries to do the job on the client
side. We need to leave this module in the stack for Fedora DS (and of
course the LDB backend).
Andrew Bartlett
commit 9eacde808ee464343620a311bb2bdea5ac7b5ee8
Author: Andrew Bartlett
Date: Tue Apr 20 14:49:30 2010 +1000
s4:dsdb Revert accidentilly commited change for LDAP backends
In the future, LDAP backends will be resposible for maintaining the
'name' attributes.
Andrew Bartlett
commit a50f6aad85b5fcbefafa52869651eb503b719cc6
Author: Andrew Bartlett
Date: Wed Apr 21 08:00:44 2010 +1000
s4:provision Use more reasonable values for DB_CONFIG
With the OpenLDAP backend, the old DB_CONFIG caused OpenLDAP to abort
on startup, and was very inefficient. This new one, kindly supplied
by Matthew Backes uses a more reasonable set of
buffer sizes.
Andrew Bartlett
---
Summary of changes:
selftest/target/Samba4.pm|1 +
source4/dsdb/samdb/ldb_modules/samba_dsdb.c |7 +-
source4/dsdb/samdb/ldb_modules/simple_ldap_map.c | 26 +-
source4/setup/DB_CONFIG | 18 +++
source4/setup/schema-map-openldap-2.3|6 +++-
source4/setup/slapd.conf | 14 +++
6 files changed, 63 insertions(+), 9 deletions(-)
Changeset truncated at 500 lines:
diff --git a/selftest/target/Samba4.pm b/selftest/target/Samba4.pm
index 4d6bca9..c5b6d77 100644
--- a/selftest/target/Samba4.pm
+++ b/selftest/target/Samba4.pm
@@ -806,6 +806,7 @@ sub provision($$$)
if (defined($self->{ldap})) {
$ret->{LDAP_URI} = $ctx->{ldap_uri};
push (@{$ctx->{provision_options}}, "--ldap-backend-type=" .
$self->{ldap});
+ push (@{$ctx->{provision_options}}, "--ldap-backend-nosync");
if ($self->{ldap} eq "openldap") {
push (@{$ctx->{provision_options}}, "--slapd-path=" .
$ENV{OPENLDAP_SLAPD});
($ret->{SLAPD_CONF_D}, $ret->{OPENLDAP_PIDFILE}) =
$self->mk_openldap($ctx) or die("Unable to create openldap directories");
diff --git a/source4/dsdb/samdb/ldb_modules/samba_dsdb.c
b/source4/dsdb/samdb/ldb_modules/samba_dsdb.c
index 0e635de..bbdb768 100644
--- a/source4/dsdb/samdb/ldb_modules/samba_dsdb.c
+++ b/source4/dsdb/samdb/ldb_modules/samba_dsdb.c
@@ -188,6 +188,10 @@ static int samba_dsdb_init(struct ldb_module *module)
NULL };
co
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated
via bd08249... s4:provision Remove moduleload for 'hdb' (wrong name).
from 4400752... spoolss: pretty-print a struct spoolss_Time.
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -
commit bd08249d683fd2f5ce6358ec2a9cebf2d03db1c6
Author: Andrew Bartlett
Date: Thu Apr 22 19:35:54 2010 +1000
s4:provision Remove moduleload for 'hdb' (wrong name).
The backends are not normally modules anyway
---
Summary of changes:
source4/setup/slapd.conf |1 -
1 files changed, 0 insertions(+), 1 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source4/setup/slapd.conf b/source4/setup/slapd.conf
index c592b6e..3aacb11 100644
--- a/source4/setup/slapd.conf
+++ b/source4/setup/slapd.conf
@@ -60,7 +60,6 @@ moduleload memberof
${MEMBEROF_CONFIG}
moduleload syncprov
-moduleload hdb
database ldif
suffix cn=Samba
--
Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated
via 1ae9044... s4:gensec Use a different form of 'name' in GSSAPI
import_name()
via 6be72df... Simple fix to prevent crash for non-pac principals
via 8c61477... s4:kerberos Give a better error message than "Could not
allocate memory"
from 8219c4f... s4:kcc_periodic.c - fix counter types
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -
commit 1ae9044b8e2347a0c8c948a65a22fae6ec1ef385
Author: Andrew Bartlett
Date: Tue Apr 20 15:00:50 2010 +1000
s4:gensec Use a different form of 'name' in GSSAPI import_name()
The idea here is to make it not dependent on the system's default
realm.
Andrew Bartlett
commit 6be72df7362c27c973a63a960d0b87eefa22db15
Author: Marcel Ritter
Date: Thu Apr 22 14:29:52 2010 +0200
Simple fix to prevent crash for non-pac principals
Signed-off-by: Andrew Bartlett
commit 8c6147715371e88c425ff8530f9bd7f44cd4cafb
Author: Andrew Bartlett
Date: Tue Apr 27 13:57:39 2010 +1000
s4:kerberos Give a better error message than "Could not allocate memory"
Andrew Bartlett
---
Summary of changes:
source4/auth/credentials/credentials_krb5.c |6 +++---
source4/auth/gensec/gensec_gssapi.c |6 +++---
source4/kdc/pac-glue.c |5 +
3 files changed, 11 insertions(+), 6 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source4/auth/credentials/credentials_krb5.c
b/source4/auth/credentials/credentials_krb5.c
index 1e0db3c..d760730 100644
--- a/source4/auth/credentials/credentials_krb5.c
+++ b/source4/auth/credentials/credentials_krb5.c
@@ -423,7 +423,7 @@ _PUBLIC_ int cli_credentials_get_client_gss_creds(struct
cli_credentials *cred,
} else {
ret = EINVAL;
}
- (*error_string) = error_message(ENOMEM);
+ (*error_string) = talloc_asprintf(cred, "gss_krb5_import_cred
failed: %s", error_message(ret));
return ret;
}
@@ -455,7 +455,7 @@ _PUBLIC_ int cli_credentials_get_client_gss_creds(struct
cli_credentials *cred,
} else {
ret = EINVAL;
}
- (*error_string) = error_message(ENOMEM);
+ (*error_string) = talloc_asprintf(cred,
"gss_krb5_set_allowable_enctypes failed: %s", error_message(ret));
return ret;
}
}
@@ -471,7 +471,7 @@ _PUBLIC_ int cli_credentials_get_client_gss_creds(struct
cli_credentials *cred,
} else {
ret = EINVAL;
}
- (*error_string) = error_message(ENOMEM);
+ (*error_string) = talloc_asprintf(cred, "gss_set_cred_option
failed: %s", error_message(ret));
return ret;
}
diff --git a/source4/auth/gensec/gensec_gssapi.c
b/source4/auth/gensec/gensec_gssapi.c
index fe9aaa3..9e974cb 100644
--- a/source4/auth/gensec/gensec_gssapi.c
+++ b/source4/auth/gensec/gensec_gssapi.c
@@ -347,11 +347,11 @@ static NTSTATUS gensec_gssapi_client_start(struct
gensec_security *gensec_securi
if (principal &&
lp_client_use_spnego_principal(gensec_security->settings->lp_ctx)) {
name_type = GSS_C_NULL_OID;
} else {
- principal = talloc_asprintf(gensec_gssapi_state, "%...@%s",
+ principal = talloc_asprintf(gensec_gssapi_state, "%s/%...@%s",
gensec_get_target_service(gensec_security),
- hostname);
+ hostname,
lp_realm(gensec_security->settings->lp_ctx));
- name_type = GSS_C_NT_HOSTBASED_SERVICE;
+ name_type = GSS_C_NT_USER_NAME;
}
name_token.value = discard_const_p(uint8_t, principal);
name_token.length = strlen(principal);
diff --git a/source4/kdc/pac-glue.c b/source4/kdc/pac-glue.c
index 97f7416..2a932fa 100644
--- a/source4/kdc/pac-glue.c
+++ b/source4/kdc/pac-glue.c
@@ -79,6 +79,11 @@ krb5_error_code samba_make_krb5_pac(krb5_context context,
krb5_data pac_data;
krb5_error_code ret;
+/* The user account may be set not to want the PAC */
+ if (!pac_blob) {
+ return 0;
+ }
+
ret = krb5_data_copy(&pac_data, pac_blob->data, pac_blob->length);
if (ret != 0) {
return ret;
--
Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated
via 3c585e9... s4:provisionbackend Don't loop forever waiting for
OpenLDAP
from 4d1f043... Don't return a potentially uninitialized NT_STATUS. We
can now see user lists in Windows ACLs.
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -
commit 3c585e9a8068d5065b1a5f320ffd130290c1cd07
Author: Andrew Bartlett
Date: Wed Apr 28 10:39:05 2010 +1000
s4:provisionbackend Don't loop forever waiting for OpenLDAP
We need to give a good error when we can't get OpenLDAP to accept our
connections.
Andrew Bartlett
---
Summary of changes:
source4/scripting/python/samba/provisionbackend.py |6 ++
1 files changed, 6 insertions(+), 0 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source4/scripting/python/samba/provisionbackend.py
b/source4/scripting/python/samba/provisionbackend.py
index 25e416c..8d035ab 100644
--- a/source4/scripting/python/samba/provisionbackend.py
+++ b/source4/scripting/python/samba/provisionbackend.py
@@ -222,6 +222,7 @@ class LDAPBackend(ProvisionBackend):
self.slapd = subprocess.Popen(self.slapd_provision_command,
close_fds=True, shell=False)
+count = 0
while self.slapd.poll() is None:
# Wait until the socket appears
try:
@@ -232,6 +233,11 @@ class LDAPBackend(ProvisionBackend):
return
except LdbError:
time.sleep(1)
+count = count + 1
+
+if count > 15:
+self.message("Could not connect to slapd started with: %s"
% "\'" + "\' \'".join(self.slapd_provision_command) + "\'")
+raise ProvisioningError("slapd never accepted a connection
within 15 seconds of starting")
self.message("Could not start slapd with: %s" % "\'" + "\'
\'".join(self.slapd_provision_command) + "\'")
raise ProvisioningError("slapd died before we could make a connection
to it")
--
Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 084c806... s4:libnet Make 'net vampire' more robust to command line arguments via 716ae7b... s4:howto Improve OpenLDAP backend instructions from dbbbc7d... s4/rodc: RODC FAS initial implementation http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 084c8065f871c1aa31f5d157f1843437db449603 Author: Andrew Bartlett Date: Thu Apr 29 08:51:01 2010 +1000 s4:libnet Make 'net vampire' more robust to command line arguments When we have just joined a domain, we know a bit about that domain. Use these to override previous guesses as to what domain and realm to use for the rest of the join. Andrew Bartlett commit 716ae7b4c829c811eb8a7fe03b702afd51d448b4 Author: Andrew Bartlett Date: Thu Apr 29 07:58:48 2010 +1000 s4:howto Improve OpenLDAP backend instructions --- Summary of changes: howto-ol-backend-s4.txt | 10 ++ source4/libnet/libnet_vampire.c | 20 2 files changed, 26 insertions(+), 4 deletions(-) Changeset truncated at 500 lines: diff --git a/howto-ol-backend-s4.txt b/howto-ol-backend-s4.txt index ef3aad6..04b8ab6 100644 --- a/howto-ol-backend-s4.txt +++ b/howto-ol-backend-s4.txt @@ -5,10 +5,13 @@ oli...@itc.li - August 2009 This Mini-Howto describes in a very simplified way -how to setup Samba 4 (S4) (pre)Alpha 9 with the +how to setup Samba 4 (S4) (pre)Alpha 13 with the OpenLDAP (OL) -Backend. -Use of OpenLDAP >= 2.4.17 is strongly recommended. +Use of OpenLDAP from CVS after 2010-04-22 is required +The current instructions are at: + +http://wiki.samba.org/index.php/Samba4/LDAP_Backend/OpenLDAP 1.) Download and compile OpenLDAP. @@ -32,7 +35,7 @@ cn=Administrator,cn=users,): #> setup/provision \ --ldap-backend-type=openldap \ - --ol-slapd="/usr/local/libexec/slapd" + --slapd-path="/usr/local/libexec/slapd" --username=samba-admin --realm=ldap.local.site \ --domain=LDAP --server-role='domain controller'\ --adminpass=linux @@ -92,7 +95,6 @@ Attention: You _should_not_ edit the olc-Sections b) MultiMaster-Configuration (MMR): -At this time (S4 (pre)Alpha9) the only possible Replication setup. Use the provision Parameter: --ol-mmr-urls= 389!). diff --git a/source4/libnet/libnet_vampire.c b/source4/libnet/libnet_vampire.c index 8d2393f..a5c8a8f 100644 --- a/source4/libnet/libnet_vampire.c +++ b/source4/libnet/libnet_vampire.c @@ -36,6 +36,7 @@ #include "system/time.h" #include "lib/ldb_wrap.h" #include "auth/auth.h" +#include "auth/credentials/credentials.h" #include "param/param.h" #include "param/provision.h" #include "libcli/security/dom_sid.h" @@ -655,6 +656,11 @@ NTSTATUS libnet_Vampire(struct libnet_context *ctx, TALLOC_CTX *mem_ctx, return NT_STATUS_NO_MEMORY; } + /* Re-use the domain we are joining as the domain for the user +* to be authenticated with, unless they specified +* otherwise */ + cli_credentials_set_domain(ctx->cred, r->in.domain_name, CRED_GUESS_ENV); + join->in.domain_name= r->in.domain_name; join->in.account_name = account_name; join->in.netbios_name = netbios_name; @@ -673,6 +679,20 @@ NTSTATUS libnet_Vampire(struct libnet_context *ctx, TALLOC_CTX *mem_ctx, s->targetdir = r->in.targetdir; ZERO_STRUCT(b); + + /* Be more robust: +* We now know the domain and realm for sure - if they didn't +* put one on the command line, use this for the rest of the +* join */ + cli_credentials_set_realm(ctx->cred, join->out.realm, CRED_GUESS_ENV); + cli_credentials_set_domain(ctx->cred, join->out.domain_name, CRED_GUESS_ENV); + + /* Now set these values into the smb.conf - we probably had +* empty or useless defaults here from whatever smb.conf we +* started with */ + lp_set_cmdline(s->lp_ctx, "realm", join->out.realm); + lp_set_cmdline(s->lp_ctx, "workgroup", join->out.domain_name); + b.in.domain_dns_name= join->out.realm; b.in.domain_netbios_name= join->out.domain_name; b.in.domain_sid = join->out.domain_sid; -- Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated
via 0a4a4ba devel-script: add options for RODC and partial replica for
replicate flags
via fa591a6 devel-scripts: ask with WRIT_REP by default
via 0755b83 devel-getncchange: try to find the dest_dsa automatically
via 7822952 security: Add documentation
via c0638da libcli-security: Add documentation for
object_tree_modify_access
via 3b79774 dbcheck: look in hasMasterNCs as well for determining the
instance type of a NC
from abc0030 dsdb: Fix warning about unused var
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -
commit 0a4a4ba3f6b9748e3fccb546b284de565de2c8b5
Author: Matthieu Patou
Date: Mon Oct 29 22:12:33 2012 -0700
devel-script: add options for RODC and partial replica for replicate flags
Reviewed-by: Andrew Bartlett
Autobuild-User(master): Andrew Bartlett
Autobuild-Date(master): Tue Jan 22 00:12:17 CET 2013 on sn-devel-104
commit fa591a6d3cf9182b6d49621c83a6c3fbfeab1ee7
Author: Matthieu Patou
Date: Mon Oct 29 21:43:14 2012 -0700
devel-scripts: ask with WRIT_REP by default
Reviewed-by: Andrew Bartlett
commit 0755b835cc4e474f752de1b8cc56a9a6da14a3cd
Author: Matthieu Patou
Date: Tue Oct 23 22:12:08 2012 -0700
devel-getncchange: try to find the dest_dsa automatically
Reviewed-by: Andrew Bartlett
commit 7822952a11707ff8aaa415adef62082c158c2398
Author: Matthieu Patou
Date: Sat Oct 13 15:02:57 2012 -0700
security: Add documentation
Names seems to be a bit cryptic and misleading (at least for me).
So documenting them should remove at least partially this problem.
Reviewed-by: Andrew Bartlett
commit c0638dae6cbf8915e6a436d575562fc131ba772a
Author: Matthieu Patou
Date: Sat Oct 13 15:28:08 2012 -0700
libcli-security: Add documentation for object_tree_modify_access
Reviewed-by: Andrew Bartlett
commit 3b7977419726a8630de828b634d669625ee358dd
Author: Matthieu Patou
Date: Tue Oct 23 22:09:20 2012 -0700
dbcheck: look in hasMasterNCs as well for determining the instance type of
a NC
Forest of level 2000 don't hve the msDS-hasMasterNCs parameter
Reviewed-by: Andrew Bartlett
---
Summary of changes:
libcli/security/object_tree.c | 14 +++-
libcli/security/security.h |9 +
source4/scripting/devel/getncchanges| 45 --
source4/scripting/python/samba/dbchecker.py | 12 ++-
4 files changed, 72 insertions(+), 8 deletions(-)
Changeset truncated at 500 lines:
diff --git a/libcli/security/object_tree.c b/libcli/security/object_tree.c
index 3e5ee10..fd00068 100644
--- a/libcli/security/object_tree.c
+++ b/libcli/security/object_tree.c
@@ -104,8 +104,18 @@ struct object_tree *get_object_tree_by_GUID(struct
object_tree *root,
return result;
}
-/* Change the granted access per each ACE */
-
+/**
+ * @brief Modify the tree to mark specified access rights as granted
+ *
+ * This function will modify the root and the child of the tree pointed by
+ * root, so that for each tree element the bits set in access_mask are
+ * marked as granted.
+ *
+ * @param[in] rootAn object_tree structure that we want to modify
+ *
+ * @param[in] access_mask A bitfield of access right that we want to mark as
+ * granted in the whole tree.
+ */
void object_tree_modify_access(struct object_tree *root,
uint32_t access_mask)
{
diff --git a/libcli/security/security.h b/libcli/security/security.h
index 659d341..6e4b172 100644
--- a/libcli/security/security.h
+++ b/libcli/security/security.h
@@ -89,6 +89,15 @@
#define SHARE_ALL_ACCESS FILE_GENERIC_ALL
#define SHARE_READ_ONLY (FILE_GENERIC_READ|FILE_EXECUTE)
+/**
+ * Remaining access is a bit mask of remaining access rights (bits) that have
+ * to be granted in order to fulfill the requested access.
+ *
+ * The GUID is optional, if specified it restricts this object tree and its
+ * childs to object/attributes that inherits from this GUID.
+ * For DS access an object inherits from a GUID if one of its class has this
GUID
+ * in the schemaIDGUID attribute.
+ */
struct object_tree {
uint32_t remaining_access;
struct GUID guid;
diff --git a/source4/scripting/devel/getncchanges
b/source4/scripting/devel/getncchanges
index d401c82..37ec18b 100755
--- a/source4/scripting/devel/getncchanges
+++ b/source4/scripting/devel/getncchanges
@@ -13,6 +13,7 @@ import samba.getopt as options
from samba.dcerpc import drsuapi, misc
from samba.samdb import SamDB
from samba.auth import system_session
+from samba.ndr import ndr_unpack
def do_DsBind(drs):
'''make a DsBind call, returning the binding handle'&#
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated
via 9aca528 Tests: Fix the display of test vars in screen --testenv
via b1e2313 libcli-acl: add documentation
via 65396ad drsuapi: Add documentation
via d7bbd18 drepl-notify: change misleading message
from 0a4a4ba devel-script: add options for RODC and partial replica for
replicate flags
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -
commit 9aca52877a3f6f59887098ebb8e664922c8c7aad
Author: Matthieu Patou
Date: Thu Jan 3 14:33:45 2013 -0800
Tests: Fix the display of test vars in screen --testenv
The form bash -c echo "important stuff blabla bla" && LD_LIBARY_PATH bash
is not working in screen when it's working in xterm and the in_screen
script already wrap all the command within a bash shell so there is no
need to re-force bash as the echo will execute in a bash shell
Signed-off-by: Matthieu Patou
Reviewed-by: Andrew Bartlett
Autobuild-User(master): Andrew Bartlett
Autobuild-Date(master): Tue Jan 22 13:03:52 CET 2013 on sn-devel-104
commit b1e231384a9245a191ef5e004544d7cafe17e036
Author: Matthieu Patou
Date: Sun Oct 14 01:01:08 2012 -0700
libcli-acl: add documentation
Reviewed-by: Andrew Bartlett
commit 65396adaad18821568f727a223c38c36a2b16291
Author: Matthieu Patou
Date: Sun Oct 14 01:04:51 2012 -0700
drsuapi: Add documentation
Reviewed-by: Andrew Bartlett
commit d7bbd182b33441a0a4e91c00a31de29b2b09f59a
Author: Matthieu Patou
Date: Mon Oct 15 22:15:17 2012 -0700
drepl-notify: change misleading message
Reviewed-by: Andrew Bartlett
---
Summary of changes:
libcli/security/access_check.c | 20 +++-
selftest/selftest.pl| 15 ---
source4/dsdb/repl/drepl_notify.c|2 +-
source4/rpc_server/drsuapi/updaterefs.c | 21 ++---
4 files changed, 46 insertions(+), 12 deletions(-)
Changeset truncated at 500 lines:
diff --git a/libcli/security/access_check.c b/libcli/security/access_check.c
index f0a7b66..936ffca 100644
--- a/libcli/security/access_check.c
+++ b/libcli/security/access_check.c
@@ -374,7 +374,25 @@ static const struct GUID *get_ace_object_type(struct
security_ace *ace)
return NULL;
}
-/* modified access check for the purposes of DS security
+/**
+ * @brief Perform directoryservice (DS) related access checks for a given user
+ *
+ * Perform DS access checks for the user represented by its security_token, on
+ * the provided security descriptor. If an tree associating GUID and access
+ * required is provided then object access (OA) are checked as well. *
+ * @param[in] sd The security descritor against which the
required
+ * access are requested
+ *
+ * @param[in] token The security_token associated with the user to
+ * test
+ *
+ * @param[in] access_desired A bitfield of rights that must be granted for
the
+ * given user in the specified SD.
+ *
+ * If one
+ * of the entry in the tree grants all the requested rights for the given GUID
+ * FIXME
+ * tree can be null if not null it's the
* Lots of code duplication, it will ve united in just one
* function eventually */
diff --git a/selftest/selftest.pl b/selftest/selftest.pl
index 4ac5aeb..639c8a2 100755
--- a/selftest/selftest.pl
+++ b/selftest/selftest.pl
@@ -849,13 +849,7 @@ if ($opt_testenv) {
my $envvarstr = exported_envvars_str($testenv_vars);
- my @term = ();
- if ($ENV{TERMINAL}) {
- @term = ($ENV{TERMINAL});
- } else {
- @term = ("xterm", "-e");
- }
- my @term_args = ("bash", "-c", "echo -e \"
+ my @term_args = ("echo -e \"
Welcome to the Samba4 Test environment '$testenv_name'
This matches the client environment used in make test
@@ -867,6 +861,13 @@ SMB_CONF_PATH=\$SMB_CONF_PATH
$envvarstr
\" && LD_LIBRARY_PATH=$ENV{LD_LIBRARY_PATH} bash");
+ my @term = ();
+ if ($ENV{TERMINAL}) {
+ @term = ($ENV{TERMINAL});
+ } else {
+ @term = ("xterm", "-e");
+ unshift(@term_args, ("bash", "-c"));
+ }
system(@term, @term_args);
diff --git a/source4/dsdb/repl/drepl_notify.c b/source4/dsdb/repl/drepl_notify.c
index cd248d5..905fe5f 100644
--- a/source4/dsdb/repl/drepl_notify.c
+++ b/source4/dsdb/repl/drepl_notify.c
@@ -195,7 +195,7 @@ static void dreplsrv_notify_op_callback(struct tevent_req
*subreq)
ldb_dn_get_linearized(op->source_dsa->partition->dn),
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated
via c5db4eb bug9598: s4-process_single: Use pid,fd as cluster_id in
process_single just like process_prefork
from da35cd7 Avoid a very small memleak on talloc_tos()
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -
commit c5db4eb9104f1a95220273ee2b0290d157053922
Author: Andrew Bartlett
Date: Fri Jan 25 13:15:51 2013 +1100
bug9598: s4-process_single: Use pid,fd as cluster_id in process_single just
like process_prefork
This avoids two different process single servers (say LDAP and the RPC
server) sharing the same
server id.
Fix-bug: https://bugzilla.samba.org/show_bug.cgi?id=9598
Reported-by: Matthieu Patou
Reviewed-by: Matthieu Patou
Signed-off-by: Andrew Bartlett
Autobuild-User(master): Andrew Bartlett
Autobuild-Date(master): Fri Jan 25 12:00:04 CET 2013 on sn-devel-104
---
Summary of changes:
source4/smbd/process_single.c | 11 ---
1 files changed, 8 insertions(+), 3 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source4/smbd/process_single.c b/source4/smbd/process_single.c
index 742eac1..ff67750 100644
--- a/source4/smbd/process_single.c
+++ b/source4/smbd/process_single.c
@@ -49,6 +49,7 @@ static void single_accept_connection(struct tevent_context
*ev,
{
NTSTATUS status;
struct socket_context *connected_socket;
+ pid_t pid = getpid();
/* accept an incoming connection. */
status = socket_accept(listen_socket, &connected_socket);
@@ -71,10 +72,14 @@ static void single_accept_connection(struct tevent_context
*ev,
talloc_steal(private_data, connected_socket);
- /* The cluster_id(0, fd) cannot collide with the incrementing
-* task below, as the first component is 0, not 1 */
+ /*
+* We use the PID so we cannot collide in with cluster ids
+* generated in other single mode tasks, and, and won't
+* collide with PIDs from process model standard because a the
+* combination of pid/fd should be unique system-wide
+*/
new_conn(ev, lp_ctx, connected_socket,
-cluster_id(0, socket_get_fd(connected_socket)), private_data);
+cluster_id(pid, socket_get_fd(connected_socket)),
private_data);
}
/*
--
Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated
via 0f8ef5a selftest: Add test of upgradeprovision using the old
alpha13 tree
via 58d6d88 samba_upgradeprovision: detect dns_backend for the
reference provision
via b855df2 provision: setup names.dns_backend
via 4752731 samba_upgradeprovision: fix the nTSecurityDescriptor on
more containers (bug #9481)
via 5cf9882 provision: fix nTSecurityDescriptor of containers in the
DnsZones (bug #9481)
via a477649 provision: fix nTSecurityDescriptor attributes of
CN=*,${CONFIGDN} (bug #9481)
via 1de5c2f provision: fix nTSecurityDescriptor of
CN={LostAndFound,System},${DOMAINDN} (bug #9481)
via 4775f9a provision: setup names.name_map['DnsAdmins']
via e0712a7 provision: introduce names.name_map = {}
via ebb73f1 provision: add
get_dns_{forest,domain}_microsoft_dns_descriptor()
via d00fb6a provision: add get_config_ntds_quotas_descriptor()
via 1207cbd provision: add
get_{config,domain}_delete_protected*_descriptor()
via 8880c2d schema.py: add optional name_map={} to
get_schema_descriptor()
via 27a99c6 provision: add optional name_map={} argument to
get_*_descriptor()
via d4653e9 provision: import/export get_dns_partition_descriptor()
via b54b58e provision: setup names.dns{forest,domain}dn
via f512483 samba_upgradeprovision: fix resetting of
'nTSecurityDescriptor' on schema objects
via b5cafa3 samba_upgradeprovision: don't reset 'whenCreated' when
resetting 'nTSecurityDescriptor'
via ec466aa dbckecker: fix nTSecurityDescriptor values from before
4.0.0rc6 (bug #9481)
via 38655a8 dsdb-descriptor: get_default_group() should always return
the DAG sid (bug #9481)
via cd5cb84 tests/sec_descriptor: the default owner behavior depends on
domainControllerFunctionality (bug #9481)
via 2413962 libcli/security: calculate INHERIT_ONLY correcty for AUDIT
and ALARM aces (bug #9481)
from b9f1c88 s4-process_single: Use pid,task_id as cluster_id in
process_single just like process_prefork
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -
commit 0f8ef5a2c83e0496ef79c3d6f8b1188fdd1943a0
Author: Andrew Bartlett
Date: Tue Jan 22 23:39:15 2013 +1100
selftest: Add test of upgradeprovision using the old alpha13 tree
This ensures that upgradeprovision works as expected on a known good old
database.
Andrew Bartlett
Reviewed-by: Stefan Metzmacher
Autobuild-User(master): Andrew Bartlett
Autobuild-Date(master): Sun Jan 27 11:55:54 CET 2013 on sn-devel-104
commit 58d6d884cf8a8de5a1fa2dfd4a0cbacdff0d2483
Author: Stefan Metzmacher
Date: Fri Jan 25 09:36:47 2013 +0100
samba_upgradeprovision: detect dns_backend for the reference provision
If we have a DomainDnsZone partition, we use BIND9_DLZ as backend
and fix errors in the ForestDnsZone and DomainDnsZone partitions.
Note: this should work fine also for SAMBA_INTERNAL.
If the current setup doesn't use dns specific partitions (e.g. alpha13
setups)
we pass dns_backend=BIND9_FLATFILE.
Signed-off-by: Stefan Metzmacher
Reviewed-by: Andrew Bartlett
commit b855df254de40d9de0b7f9042564f6d521ab1c5d
Author: Stefan Metzmacher
Date: Fri Jan 25 09:36:47 2013 +0100
provision: setup names.dns_backend
If we have a DomainDnsZone partition:
- we use BIND9_DLZ as backend if a dns- account is available
- otherwise, we use SAMBA_INTERNAL
else:
- we use BIND9_FLATFILE if a dns or dns- account is available
- otherwise, we use NONE
Signed-off-by: Stefan Metzmacher
Reviewed-by: Andrew Bartlett
commit 4752731c2eb4abeb0b5da3e33aa3096786301a19
Author: Stefan Metzmacher
Date: Thu Dec 13 12:56:37 2012 +0100
samba_upgradeprovision: fix the nTSecurityDescriptor on more containers
(bug #9481)
Signed-off-by: Stefan Metzmacher
Reviewed-by: Andrew Bartlett
commit 5cf98823cc804906833f7ea763f99de0147b0fee
Author: Stefan Metzmacher
Date: Wed Jan 23 16:27:17 2013 +0100
provision: fix nTSecurityDescriptor of containers in the DnsZones (bug
#9481)
Signed-off-by: Stefan Metzmacher
Reviewed-by: Andrew Bartlett
commit a477649e568577875be577c70a6b25cbeea6985a
Author: Stefan Metzmacher
Date: Wed Jan 23 16:27:17 2013 +0100
provision: fix nTSecurityDescriptor attributes of CN=*,${CONFIGDN} (bug
#9481)
Signed-off-by: Stefan Metzmacher
Reviewed-by: Andrew Bartlett
commit 1de5c2f78544385d2fe270d766fc1ca6726d71fb
Author: Stefan Metzmacher
Date: Wed Jan 23 16:27:17 2013 +0100
provision: fix nTSecurityDescriptor of CN={LostAndFound,System},${DOMAINDN}
(bug #9481)
Signed-off-by: Stefan Metzmacher
Reviewed-by: Andrew Bartlett
comm
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 4c1527b s3:modules remove gpfs_getacl_alloc via 18bfcac s3:modules use vfs_gpfs_getacl in gpfsacl_get_posix_acl via 5388773 s3:modules use vfs_gpfs_getacl in gpfsacl_set_nt_acl_internal via 16940d8 s3:modules use vfs_gpfs_getacl in gpfs_get_nfs4_acl via 940b7ec s3:torture/vfstest add memreport option via 8e571fd s3:torture/vfstest implement sys_acl_blob_get_fd via de67655 s3:torture/vfstest implement sys_acl_blob_get_file via 0621991 s3:vfs_gpfs use non_posix_sys_acl_blob_get_*_helper via f1ff845 s3:vfs_gpfs add a generic vfs_gpfs_getacl function via d9075e1 s3:modules/vfs_gpfs add GPFS_GETACL_NATIVE define via b4be8d5 s3:modules/non_posix_acls: only stat if we do not have it cached via 7cd91ca s3:autoconf add non_posix_acls to NFS4ACL_OBJ via ea6ac28 s3:autoconf introduce NFS4ACL_OBJ via d7ad24a s3-waf:modules add non_posix_acls dependency to vfs_gpfs via 2a2dbf8 vfs: Add helper function for non posix ACL modules via e650a5f idl: Provide a common wrapper for the data to hash for a non-POSIX ACL via a133a98 selftest: add a test that demonstrates how new ACL blob code helps via f0e49b0 vfs_acl_common: Do not fetch the underlying NT ACL unless we need it via 4e8c895 vfs: Whitespace fix only to get_nt_acl_internal indentation via 25526ed vfs: Implement an improved vfs_acl_common that uses the hash of the system ACL via 6a5f65b vfs: Add helper function hash_blob_sha256 to vfs_acl_common.c from 5a8e049 Fix typo in warning message http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 4c1527b1ce26759dbb7470b23f9f83a391d99b30 Author: Christian Ambach Date: Tue Jan 8 17:10:27 2013 +0100 s3:modules remove gpfs_getacl_alloc last caller has gone Signed-off-by: Christian Ambach Reviewed-by: Andrew Bartlett Autobuild-User(master): Andrew Bartlett Autobuild-Date(master): Mon Feb 4 14:10:08 CET 2013 on sn-devel-104 commit 18bfcac810bed431d0ca33ad02508fd87df1c626 Author: Christian Ambach Date: Tue Jan 8 17:10:10 2013 +0100 s3:modules use vfs_gpfs_getacl in gpfsacl_get_posix_acl as preparation to remove gpfs_getacl_alloc() Signed-off-by: Christian Ambach Reviewed-by: Andrew Bartlett commit 5388773d4baf902d8dd70d046cacc5a15fa790d7 Author: Christian Ambach Date: Tue Jan 8 17:07:09 2013 +0100 s3:modules use vfs_gpfs_getacl in gpfsacl_set_nt_acl_internal as preparation to remove gpfs_getacl_alloc() Signed-off-by: Christian Ambach Reviewed-by: Andrew Bartlett commit 16940d8a8ecb46a6de9cf5c83da7d2f54030777b Author: Christian Ambach Date: Tue Jan 8 16:54:16 2013 +0100 s3:modules use vfs_gpfs_getacl in gpfs_get_nfs4_acl as preparation to remove gpfs_getacl_alloc() Signed-off-by: Christian Ambach Reviewed-by: Andrew Bartlett commit 940b7ec78c50c41a399bee2775cd008618baf8f8 Author: Christian Ambach Date: Fri Nov 16 22:58:06 2012 +0100 s3:torture/vfstest add memreport option this will run a talloc_report_full on the talloc stackframe after each command Signed-off-by: Christian Ambach Reviewed-by: Andrew Bartlett commit 8e571fd385334bc12ee5c5bdfd32b31ad2c4b4b8 Author: Christian Ambach Date: Thu Nov 15 15:25:52 2012 +0100 s3:torture/vfstest implement sys_acl_blob_get_fd Signed-off-by: Christian Ambach Reviewed-by: Andrew Bartlett commit de676555ab882bd110a2649555645d58abe2bfeb Author: Christian Ambach Date: Thu Nov 15 15:19:07 2012 +0100 s3:torture/vfstest implement sys_acl_blob_get_file Signed-off-by: Christian Ambach Reviewed-by: Andrew Bartlett commit 06219913abc4f1c3912b377b4a9521a11ad45886 Author: Christian Ambach Date: Tue Oct 30 13:44:40 2012 +0100 s3:vfs_gpfs use non_posix_sys_acl_blob_get_*_helper use the helper functions to return the blob based on the raw GPFS ACL blob (if it is a NFSv4 ACL). If not, fall back to the POSIX ACL code Signed-off-by: Christian Ambach Reviewed-by: Andrew Bartlett commit f1ff845720604fc32788a59ec9a1a128135efe35 Author: Christian Ambach Date: Mon Nov 5 19:26:57 2012 +0100 s3:vfs_gpfs add a generic vfs_gpfs_getacl function in contrast to gpfs_getacl_alloc which always puts the ACL on talloc_tos(), this one allows to specify the memory context and if the caller is interested in the raw ACL blob or a structured version Signed-off-by: Christian Ambach Reviewed-by: Andrew Bartlett commit d9075e19ca8c788824208ee1d77ad5861fe778ed Author: Christian Ambach Date: Tue Jan 8 15:15:02 2013 +0100 s3:modules/vfs_gpfs add GPFS_GETACL_NATIVE define this is not in the official GPFS header
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated
via 554ba5e ldb: Add more data test data for one level test cases
via 9206eaa ldb: Add tests for the python api
via 2dc9c07 dsdb-operational: rework the loop for attribute removal
via 13b4815 ldb: Add more tests related to onelevel search
via 057896a ldb: use strncmp instead of strcmp when comparing the val
part
via 87cbd94 ldb: make test output more readable
via 75f422f ldb-tdb: Document ltdb_index_add1 for more clarity
via 1e4e51f ldb-tdb: Fix a wrong parameter in ltdb_store
via 2470b0f ldb_tdb: raise level of full index scan message so that it
starts to be really visible
via 1c0d348 dsdb-repl: make message more clearer
via 7222ee0 replmetadata: raise msg level for conflict resolution so
that we don't polute logs
via fdca2f6 dsdb-repl: do not ask to add ref when doing getncchange for
an exop
via 123954d dsdb-cracknames: Fix potential double free and memory leaks
from 64eba0a BUG 9633: Recursive mget should continue on EPERM.
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -
commit 554ba5ebbf1d2e520883cfad6f8a2ed6eb9b2b0f
Author: Matthieu Patou
Date: Tue Jan 8 00:09:32 2013 -0800
ldb: Add more data test data for one level test cases
Reviewed-by: Andrew Bartlett
Autobuild-User(master): Andrew Bartlett
Autobuild-Date(master): Fri Feb 8 06:46:40 CET 2013 on sn-devel-104
commit 9206eaaf5dbacade3ccc79d5900d4b242730b2f3
Author: Matthieu Patou
Date: Tue Jan 8 00:28:03 2013 -0800
ldb: Add tests for the python api
Reviewed-by: Andrew Bartlett
commit 2dc9c072cbb9b857bf52e229573d92c9a70bdcf6
Author: Matthieu Patou
Date: Thu Dec 27 18:29:49 2012 -0800
dsdb-operational: rework the loop for attribute removal
Instead of doing ldb_in_list size(operational_remove) * (attrs_user +
attr_searched) * number of entries times to get the list of attributes to
remove we construct this
list before the search and then use it for every entries.
Reviewed-by: Andrew Bartlett
commit 13b481594585cdb079dcf9b8cf892f5094f44a16
Author: Matthieu Patou
Date: Sat Dec 29 21:48:46 2012 -0800
ldb: Add more tests related to onelevel search
Reviewed-by: Andrew Bartlett
commit 057896a090870ecec56ad0d2f960e55cef561e9e
Author: Matthieu Patou
Date: Thu Dec 13 02:18:34 2012 -0800
ldb: use strncmp instead of strcmp when comparing the val part
val part of a DN's component is DATA_BLOB and nothing insure that it
will be finished by a '\0'
Reviewed-by: Andrew Bartlett
commit 87cbd9414bab2f0a71d71b2c145c11ee71acd573
Author: Matthieu Patou
Date: Sat Dec 29 16:42:28 2012 -0800
ldb: make test output more readable
Reviewed-by: Andrew Bartlett
commit 75f422fe1df7dd04aa46d5c77cbeb43d101c3ad6
Author: Matthieu Patou
Date: Mon Dec 17 01:45:30 2012 -0800
ldb-tdb: Document ltdb_index_add1 for more clarity
Reviewed-by: Andrew Bartlett
commit 1e4e51f4c913a3821d7ecbd0842280240917ae38
Author: Matthieu Patou
Date: Wed Dec 26 21:41:52 2012 -0800
ldb-tdb: Fix a wrong parameter in ltdb_store
Reviewed-by: Andrew Bartlett
commit 2470b0fe5f3facf7bb41acbdb3028e2d5daaf8da
Author: Matthieu Patou
Date: Sun Jan 6 22:17:26 2013 -0800
ldb_tdb: raise level of full index scan message so that it starts to be
really visible
We don't want to have to set log level to 4 or 5 AND set the environment
variable to be able to see those log messages
Reviewed-by: Andrew Bartlett
commit 1c0d3486a485cf01338dd5eff49ce847628d1b83
Author: Matthieu Patou
Date: Wed Jan 23 11:33:30 2013 -0800
dsdb-repl: make message more clearer
Reviewed-by: Andrew Bartlett
commit 7222ee0a245d340b526b8220d53c9ffd8c0c4dfa
Author: Matthieu Patou
Date: Sat Jan 26 01:53:41 2013 -0800
replmetadata: raise msg level for conflict resolution so that we don't
polute logs
Reviewed-by: Andrew Bartlett
commit fdca2f6ff47a389cb6300d3ea8327f8486de3c2a
Author: Matthieu Patou
Date: Sat Jan 26 01:53:28 2013 -0800
dsdb-repl: do not ask to add ref when doing getncchange for an exop
Reviewed-by: Andrew Bartlett
commit 123954d94ee783bd241c89fa53fc902312176875
Author: Matthieu Patou
Date: Mon Dec 24 10:01:30 2012 -0800
dsdb-cracknames: Fix potential double free and memory leaks
Reviewed-by: Andrew Bartlett
---
Summary of changes:
lib/ldb/common/ldb_dn.c |4 +-
lib/ldb/ldb_tdb/ldb_index.c | 23 -
lib/ldb/ldb_tdb/ldb_search.c|2 +-
lib/ldb/ldb_tdb/ldb_tdb.c |3 +-
lib/ldb/tests/test-controls.sh |
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated
via c932b13 Improve the configure tests for aio_suspend to get rid of
warnings. Timur provided the wscript method, I added the configure.in
correction.
from 233b32b s3: Make SMB2_GETINFO multi-volume aware.
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -
commit c932b139c8d1fc0b6a357623fe4011edabb45422
Author: Richard Sharpe
Date: Fri Feb 8 19:56:56 2013 -0800
Improve the configure tests for aio_suspend to get rid of warnings. Timur
provided the wscript method, I added the configure.in correction.
Signed-off-by: Timur Bakeyev
Signed-off-by: Richard Sharpe
Reviewed-by: Andrew Bartlett
Autobuild-User(master): Andrew Bartlett
Autobuild-Date(master): Sat Feb 9 09:24:06 CET 2013 on sn-devel-104
---
Summary of changes:
source3/configure.in |2 +-
source3/wscript |2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source3/configure.in b/source3/configure.in
index 031a33d..1b24ad6 100644
--- a/source3/configure.in
+++ b/source3/configure.in
@@ -5387,7 +5387,7 @@ int main() { struct aiocb a; return aio_cancel(1, &a);
}])],
AC_MSG_CHECKING(for aio_suspend)
AC_LINK_IFELSE([AC_LANG_SOURCE([#include
-int main() { struct aiocb a; struct timespec t; return aio_suspend(&a, 1, &t);
}])],
+int main() { const struct aiocb * const [a[1]]; struct timespec t; return
aio_suspend(a, 1, &t); }])],
[AC_DEFINE(HAVE_AIO_SUSPEND, 1, [Have aio_suspend]) AC_MSG_RESULT(yes)],
[AC_MSG_RESULT(no)])
else
diff --git a/source3/wscript b/source3/wscript
index 84abf76..7a99dc1 100644
--- a/source3/wscript
+++ b/source3/wscript
@@ -471,7 +471,7 @@ return acl_get_perm_np(permset_d, perm);
conf.CHECK_CODE('struct aiocb a; return aio_return(&a);',
'HAVE_AIO_RETURN', msg='Checking for aio_return', headers='aio.h', lib='aio rt')
conf.CHECK_CODE('struct aiocb a; return aio_error(&a);',
'HAVE_AIO_ERROR', msg='Checking for aio_error', headers='aio.h', lib='aio rt')
conf.CHECK_CODE('struct aiocb a; return aio_cancel(1, &a);',
'HAVE_AIO_CANCEL', msg='Checking for aio_cancel', headers='aio.h', lib='aio rt')
-conf.CHECK_CODE('struct aiocb a; struct timespec t; return
aio_suspend(&a, 1, &t);', 'HAVE_AIO_SUSPEND', msg='Checking for aio_suspend',
headers='aio.h', lib='aio rt')
+conf.CHECK_CODE('const struct aiocb * const a[1]; struct timespec
t; return aio_suspend(&a, 1, &t);', 'HAVE_AIO_SUSPEND', msg='Checking for
aio_suspend', headers='aio.h', lib='aio rt')
if not conf.CONFIG_SET('HAVE_AIO'):
conf.DEFINE('HAVE_NO_AIO', '1')
else:
--
Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated
via efd60ae Fix some cut-and-paste and spelling in debug messages
from f25debf Fix bug #9642 - vfs_afsacl.c won't build.
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -
commit efd60aeff7aac308d85b767cdf394dd866cce078
Author: Guenter Kukkukk
Date: Tue Feb 12 05:37:09 2013 +0100
Fix some cut-and-paste and spelling in debug messages
Signed-off-by: Guenter Kukkukk
Reviewed-by: Andrew Bartlett
Autobuild-User(master): Andrew Bartlett
Autobuild-Date(master): Tue Feb 12 07:28:27 CET 2013 on sn-devel-104
---
Summary of changes:
source4/auth/gensec/gensec_gssapi.c | 16
1 files changed, 8 insertions(+), 8 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source4/auth/gensec/gensec_gssapi.c
b/source4/auth/gensec/gensec_gssapi.c
index 2b09665..e3bafe2 100644
--- a/source4/auth/gensec/gensec_gssapi.c
+++ b/source4/auth/gensec/gensec_gssapi.c
@@ -182,7 +182,7 @@ static NTSTATUS gensec_gssapi_start(struct gensec_security
*gensec_security)
gensec_security->settings->lp_ctx,
&gensec_gssapi_state->smb_krb5_context);
if (ret) {
- DEBUG(1,("gensec_krb5_start: krb5_init_context failed (%s)\n",
+ DEBUG(1,("gensec_gssapi_start: smb_krb5_init_context failed
(%s)\n",
error_message(ret)));
talloc_free(gensec_gssapi_state);
return NT_STATUS_INTERNAL_ERROR;
@@ -211,7 +211,7 @@ static NTSTATUS gensec_gssapi_start(struct gensec_security
*gensec_security)
if (realm != NULL) {
ret = gsskrb5_set_default_realm(realm);
if (ret) {
- DEBUG(1,("gensec_krb5_start: gsskrb5_set_default_realm
failed\n"));
+ DEBUG(1,("gensec_gssapi_start:
gsskrb5_set_default_realm failed\n"));
talloc_free(gensec_gssapi_state);
return NT_STATUS_INTERNAL_ERROR;
}
@@ -220,7 +220,7 @@ static NTSTATUS gensec_gssapi_start(struct gensec_security
*gensec_security)
/* don't do DNS lookups of any kind, it might/will fail for a netbios
name */
ret =
gsskrb5_set_dns_canonicalize(gensec_setting_bool(gensec_security->settings,
"krb5", "set_dns_canonicalize", false));
if (ret) {
- DEBUG(1,("gensec_krb5_start: gsskrb5_set_dns_canonicalize
failed\n"));
+ DEBUG(1,("gensec_gssapi_start: gsskrb5_set_dns_canonicalize
failed\n"));
talloc_free(gensec_gssapi_state);
return NT_STATUS_INTERNAL_ERROR;
}
@@ -457,7 +457,7 @@ static NTSTATUS gensec_gssapi_update(struct gensec_security
*gensec_security,
min_stat = gsskrb5_set_send_to_kdc(&send_to_kdc);
if (min_stat) {
- DEBUG(1,("gensec_krb5_start:
gsskrb5_set_send_to_kdc failed\n"));
+ DEBUG(1,("gensec_gssapi_update:
gsskrb5_set_send_to_kdc failed\n"));
return NT_STATUS_INTERNAL_ERROR;
}
#endif
@@ -484,7 +484,7 @@ static NTSTATUS gensec_gssapi_update(struct gensec_security
*gensec_security,
ret = gsskrb5_set_send_to_kdc(&send_to_kdc);
if (ret) {
- DEBUG(1,("gensec_krb5_start:
gsskrb5_set_send_to_kdc failed\n"));
+ DEBUG(1,("gensec_gssapi_update:
gsskrb5_set_send_to_kdc failed\n"));
return NT_STATUS_INTERNAL_ERROR;
}
#endif
@@ -999,7 +999,7 @@ static size_t gensec_gssapi_max_input_size(struct
gensec_security *gensec_securi
&max_input_size);
if (GSS_ERROR(maj_stat)) {
TALLOC_CTX *mem_ctx = talloc_new(NULL);
- DEBUG(1, ("gensec_gssapi_max_input_size: determinaing signature
size with gss_wrap_size_limit failed: %s\n",
+ DEBUG(1, ("gensec_gssapi_max_input_size: determining signature
size with gss_wrap_size_limit failed: %s\n",
gssapi_error_string(mem_ctx, maj_stat, min_stat,
gensec_gssapi_state->gss_oid)));
talloc_free(mem_ctx);
return 0;
@@ -1152,7 +1152,7 @@ static NTSTATUS gensec_gssapi_sign_packet(struct
gensec_security *gensec_securit
*sig = data_blob_talloc(mem_ctx, (uint8_t *)output_token.value,
output_token.length);
- dump_data_pw("gensec_gssapi_seal_packet: sig\n&q
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 6dfb35f Fallback to the internal resolver on EAI_FAIL. from 05235d5 tdb: Fix a typo http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 6dfb35f3ff7ad2d2089c0a3e5eab342384e45e4c Author: Landon Fuller Date: Sat Feb 16 22:57:40 2013 -0500 Fallback to the internal resolver on EAI_FAIL. On Linux, non-RFC 1034-complaint names (such as gc._msdsc.example.org) will result in the resolver returning the non-POSIX EAI_NODATA. In that case, the case statement here would fall back on the internal resolver, allowing resolution to complete successfully. On FreeBSD, the libc resolver uses the same validation code, but the POSIX result of EAI_FAIL is returned instead of EAI_NODATA. Since there was no case for this error code, no fallback to the internal resolver would occur. This led to replication failing on FreeBSD. Reviewed-by: Andrew Bartlett Autobuild-User(master): Andrew Bartlett Autobuild-Date(master): Sun Feb 17 07:06:36 CET 2013 on sn-devel-104 --- Summary of changes: source4/libcli/resolve/dns_ex.c |4 +++- 1 files changed, 3 insertions(+), 1 deletions(-) Changeset truncated at 500 lines: diff --git a/source4/libcli/resolve/dns_ex.c b/source4/libcli/resolve/dns_ex.c index bc64e8d..1226ed6 100644 --- a/source4/libcli/resolve/dns_ex.c +++ b/source4/libcli/resolve/dns_ex.c @@ -400,8 +400,10 @@ static void run_child_getaddrinfo(struct dns_ex_state *state, int fd) #ifdef EAI_NODATA case EAI_NODATA: #endif + case EAI_FAIL: + /* Linux returns EAI_NODATA on non-RFC1034-compliant names. FreeBSD returns EAI_FAIL */ case EAI_NONAME: - /* getaddrinfo() doesn't handle CNAME records */ + /* getaddrinfo() doesn't handle CNAME or non-RFC1034 compatible records */ run_child_dns_lookup(state, fd); return; default: -- Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated
via dcc94f0 s4-nbt: Ensure source4/ nbt client and server honour
'disable netbios'
from 6dfb35f Fallback to the internal resolver on EAI_FAIL.
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -
commit dcc94f093317ffa2bbbc776fb82657088eb63305
Author: Andrew Bartlett
Date: Wed Feb 6 20:58:18 2013 +1100
s4-nbt: Ensure source4/ nbt client and server honour 'disable netbios'
Reviewed-by: Stefan Metzmacher
Autobuild-User(master): Andrew Bartlett
Autobuild-Date(master): Sun Feb 17 11:25:34 CET 2013 on sn-devel-104
---
Summary of changes:
source4/libcli/resolve/resolve_lp.c |8 ++--
source4/nbt_server/nbt_server.c |5 +
2 files changed, 11 insertions(+), 2 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source4/libcli/resolve/resolve_lp.c
b/source4/libcli/resolve/resolve_lp.c
index 69c05a2..92e11f0 100644
--- a/source4/libcli/resolve/resolve_lp.c
+++ b/source4/libcli/resolve/resolve_lp.c
@@ -32,9 +32,13 @@ struct resolve_context *lpcfg_resolve_context(struct
loadparm_context *lp_ctx)
for (i = 0; methods != NULL && methods[i] != NULL; i++) {
if (!strcmp(methods[i], "wins")) {
- resolve_context_add_wins_method_lp(ret, lp_ctx);
+ if (lpcfg_disable_netbios(lp_ctx) == false) {
+ resolve_context_add_wins_method_lp(ret, lp_ctx);
+ }
} else if (!strcmp(methods[i], "bcast")) {
- resolve_context_add_bcast_method_lp(ret, lp_ctx);
+ if (lpcfg_disable_netbios(lp_ctx) == false) {
+ resolve_context_add_bcast_method_lp(ret,
lp_ctx);
+ }
} else if (!strcmp(methods[i], "file")) {
resolve_context_add_file_method_lp(ret, lp_ctx);
} else if (!strcmp(methods[i], "host")) {
diff --git a/source4/nbt_server/nbt_server.c b/source4/nbt_server/nbt_server.c
index 175ad5e..232fb9d 100644
--- a/source4/nbt_server/nbt_server.c
+++ b/source4/nbt_server/nbt_server.c
@@ -48,6 +48,11 @@ static void nbtd_task_init(struct task_server *task)
return;
}
+ if (lpcfg_disable_netbios(task->lp_ctx)) {
+ task_server_terminate(task, "nbtd: 'disable netbios = yes' set
in smb.conf, shutting down nbt server", false);
+ return;
+ }
+
task_server_set_title(task, "task[nbtd]");
nbtsrv = talloc(task, struct nbtd_server);
--
Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated
via 8adbd1c srv_epmapper.c: Fix typo.
via 240df6c wb_samba3_cmd.c: Fix typo in comment.
via b22b22d brlock_tdb.c: Fix typo in comment.
via 75ca814 srv_netlog_nt.c: Fix typo in comment.
via 6eb59eb brlock.c: Fix typo in comment.
via 38cb141 vfs_gpfs: Fix typos in comments.
via 2ed035b fault.c: Fix typo in comment.
via 68b2e30 docs: Fix typo.
from dcc94f0 s4-nbt: Ensure source4/ nbt client and server honour
'disable netbios'
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -
commit 8adbd1cf75492869f7fd1935eb211a070ef924cc
Author: Karolin Seeger
Date: Mon Feb 18 10:25:09 2013 +0100
srv_epmapper.c: Fix typo.
priviledge -> privilege
Signed-off-by: Karolin Seeger
Autobuild-User(master): Andrew Bartlett
Autobuild-Date(master): Mon Feb 18 13:57:40 CET 2013 on sn-devel-104
commit 240df6c7b05e3c5c7be80d7607824147f360d64e
Author: Karolin Seeger
Date: Mon Feb 18 10:05:23 2013 +0100
wb_samba3_cmd.c: Fix typo in comment.
redundent -> redundant
Signed-off-by: Karolin Seeger
commit b22b22dccac6d3bdf7f02d9fe037a472df7956fd
Author: Karolin Seeger
Date: Mon Feb 18 10:04:42 2013 +0100
brlock_tdb.c: Fix typo in comment.
redundent -> redundant
Signed-off-by: Karolin Seeger
commit 75ca814f1efe435da018f7604865fda7ac59f712
Author: Karolin Seeger
Date: Mon Feb 18 10:03:51 2013 +0100
srv_netlog_nt.c: Fix typo in comment.
redundent -> redundant
Signed-off-by: Karolin Seeger
commit 6eb59eb388ac7b98f7f7812e45ad4c8d333f03e8
Author: Karolin Seeger
Date: Mon Feb 18 10:02:51 2013 +0100
brlock.c: Fix typo in comment.
redundent -> redundant
Signed-off-by: Karolin Seeger
commit 38cb1410f5107f42ddea9cbf9555adb273b35b18
Author: Karolin Seeger
Date: Mon Feb 18 10:01:21 2013 +0100
vfs_gpfs: Fix typos in comments.
Signed-off-by: Karolin Seeger
commit 2ed035b5a064e21f57c89adc9c947ffa7721c600
Author: Karolin Seeger
Date: Mon Feb 18 09:59:52 2013 +0100
fault.c: Fix typo in comment.
redundent -> redundant
Signed-off-by: Karolin Seeger
commit 68b2e30ae62d8a563cb7ee35e10c45fe0266c612
Author: Karolin Seeger
Date: Wed Feb 6 09:08:15 2013 +0100
docs: Fix typo.
Signed-off-by: Karolin Seeger
---
Summary of changes:
.../smbdotconf/printing/showaddprinterwizard.xml |2 +-
lib/util/fault.c |2 +-
prog_guide4.txt|6 +++---
source3/locking/brlock.c |2 +-
source3/modules/vfs_gpfs.c |4 ++--
source3/rpc_server/epmapper/srv_epmapper.c | 10 +-
source3/rpc_server/netlogon/srv_netlog_nt.c|2 +-
source4/ntvfs/common/brlock_tdb.c |2 +-
source4/winbind/wb_samba3_cmd.c|2 +-
9 files changed, 16 insertions(+), 16 deletions(-)
Changeset truncated at 500 lines:
diff --git a/docs-xml/smbdotconf/printing/showaddprinterwizard.xml
b/docs-xml/smbdotconf/printing/showaddprinterwizard.xml
index f6c1b90..f24bdb5 100644
--- a/docs-xml/smbdotconf/printing/showaddprinterwizard.xml
+++ b/docs-xml/smbdotconf/printing/showaddprinterwizard.xml
@@ -14,7 +14,7 @@
Under normal circumstances, the Windows NT/2000 client will
open a handle on the printer server with OpenPrinterEx() asking for
Administrator privileges. If the user does not have administrative
-access on the print server (i.e is not root or the priviledge
+access on the print server (i.e is not root or has granted the
SePrintOperatorPrivilege), the OpenPrinterEx()
call fails and the client makes another open call with a request for
a lower privilege level. This should succeed, however the APW
diff --git a/lib/util/fault.c b/lib/util/fault.c
index 4f8e8db..13d29db 100644
--- a/lib/util/fault.c
+++ b/lib/util/fault.c
@@ -76,7 +76,7 @@ static void fault_report(int sig)
smb_panic("internal error");
- /* smb_panic() never returns, so this is really redundent */
+ /* smb_panic() never returns, so this is really redundant */
exit(1);
}
diff --git a/prog_guide4.txt b/prog_guide4.txt
index c8c91c4..0a33284 100644
--- a/prog_guide4.txt
+++ b/prog_guide4.txt
@@ -267,7 +267,7 @@ parser where to find the following four variables, but they
should
In Samba3 there were unwritten rules about which variables in a
structure a high level caller has to fill in and which ones are filled
in by the marshalling code. In Samba4 those rules are gone, because
-the redundent artifact variables are gone. The high level caller just
+the redundant artif
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated
via 06780ae samba_upgradeprovision: Remove options to fix FS ACLs
from cfebce3 s3:smbd: add debugging to close code (regarding disconnect
of a durable)
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -
commit 06780ae82281fb62a08d0c3604d2e679976756c2
Author: Andrew Bartlett
Date: Sat Feb 16 08:51:51 2013 +1100
samba_upgradeprovision: Remove options to fix FS ACLs
samba-tool ntacl sysvolreset handles this better, and makes this tool
much less confusing internally.
Andrew Bartlett
Reviewed-by: Matthieu Patou
Autobuild-User(master): Andrew Bartlett
Autobuild-Date(master): Tue Feb 19 06:06:41 CET 2013 on sn-devel-104
---
Summary of changes:
source4/scripting/bin/samba_upgradeprovision | 427 +++---
source4/scripting/python/samba/upgradehelpers.py | 49 +---
2 files changed, 205 insertions(+), 271 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source4/scripting/bin/samba_upgradeprovision
b/source4/scripting/bin/samba_upgradeprovision
index e2c57f2..570f783 100755
--- a/source4/scripting/bin/samba_upgradeprovision
+++ b/source4/scripting/bin/samba_upgradeprovision
@@ -186,12 +186,6 @@ parser.add_option("--debugchangesd", action="store_true",
help="Print security descriptor differences")
parser.add_option("--debugall", action="store_true",
help="Print all available information (very verbose)")
-parser.add_option("--resetfileacl", action="store_true",
- help="Force a reset on filesystem acls in sysvol / netlogon
share")
-parser.add_option("--nontaclfix", action="store_true",
- help="In full upgrade mode do not try to upgrade sysvol /
netlogon acls")
-parser.add_option("--fixntacl", action="store_true",
- help="Only fix NT ACLs in sysvol / netlogon share")
parser.add_option("--db_backup_only", action="store_true",
help="Do the backup of the database in the provision, skip
the sysvol / netlogon shares")
parser.add_option("--full", action="store_true",
@@ -1726,8 +1720,6 @@ if __name__ == '__main__':
global defSDmodified
defSDmodified = False
-if opts.nontaclfix and opts.fixntacl:
-message(SIMPLE, "nontaclfix and fixntacl are mutally exclusive")
# From here start the big steps of the program
# 1) First get files paths
paths = get_paths(param, smbconf=smbconf)
@@ -1787,225 +1779,214 @@ if __name__ == '__main__':
adm_session = admin_session(lp, str(names.domainsid))
# So we reget handle on objects
# ldbs = get_ldbs(paths, creds, adm_session, lp)
-if not opts.fixntacl:
-if not sanitychecks(ldbs.sam, names):
-message(SIMPLE, "Sanity checks for the upgrade have failed. "
-"Check the messages and correct the errors "
-"before rerunning upgradeprovision")
-ldbs.groupedRollback()
-sys.exit(1)
-# Let's see provision parameters
-print_provision_key_parameters(names)
-
-# 5) With all this information let's create a fresh new provision
used as
-# reference
-message(SIMPLE, "Creating a reference provision")
-provisiondir = tempfile.mkdtemp(dir=paths.private_dir,
-prefix="referenceprovision")
-result = newprovision(names, creds, session, smbconf, provisiondir,
-provision_logger)
-result.report_logger(provision_logger)
-
-# TODO
-# 6) and 7)
-# We need to get a list of object which SD is directly computed
from
-# defaultSecurityDescriptor.
-# This will allow us to know which object we can rebuild the SD in
case
-# of change of the parent's SD or of the defaultSD.
-# Get file paths of this new provision
-newpaths = get_paths(param, targetdir=provisiondir)
-new_ldbs = get_ldbs(newpaths, creds, session, lp)
-new_ldbs.startTransactions()
-
-populateNotReplicated(new_ldbs.sam, names.schemadn)
-# 8) Populate some associative array to ease the update process
-# List of attribute which are link and backlink
-populate_links(new_ldbs.sam, names.schemadn)
-# List of attribute with ASN DN synthax)
-populate_dnsyntax(new_ldbs.sam, name
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 2cf83f7 samba_upgradeprovision: Use tdb_util.tdb_copy not shutil.copy2 via 3c51e18 samba_upgradeprovision: Do not update privileges.ldb any more (unchanged since 2009) via 396df64 scripting: Make tdb_copy a common util function in samba.tdb_util via 2c2759e scripting: Make tdb_copy use the python subprocess module from 06780ae samba_upgradeprovision: Remove options to fix FS ACLs http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 2cf83f7c645e4b216cf6f23857fd72ec0e6ca7a6 Author: Andrew Bartlett Date: Sun Feb 17 18:15:52 2013 +1100 samba_upgradeprovision: Use tdb_util.tdb_copy not shutil.copy2 This is really important, because copying a file will both ignore locks held by another process and break any locks we hold (due to POSIX brain-damage regarding multiple fds on one file in a process). By leaving this to tdbbackup in a child, both of these issues are avoided. Andrew Bartlett Reviewed-by: Matthieu Patou Autobuild-User(master): Andrew Bartlett Autobuild-Date(master): Tue Feb 19 07:48:18 CET 2013 on sn-devel-104 commit 3c51e18a0cd1cb4b54cd29e312abd7cc2c0fbc98 Author: Andrew Bartlett Date: Sun Feb 17 18:41:00 2013 +1100 samba_upgradeprovision: Do not update privileges.ldb any more (unchanged since 2009) This update was only a total oblitoration of the existing database and not a merge, and the shutil.copy would both disregard and break locks on the database that are held at this point. Andrew Bartlett Reviewed-by: Matthieu Patou commit 396df64ef6f2c66c35989ecda3e564d5578fe9f3 Author: Andrew Bartlett Date: Sun Feb 17 18:14:06 2013 +1100 scripting: Make tdb_copy a common util function in samba.tdb_util This will allow samba_upgradeprovision to also call it. Andrew Bartlett Reviewed-by: Matthieu Patou commit 2c2759e408d9c45c2aee0c2578f45edd246afec3 Author: Andrew Bartlett Date: Sun Feb 17 17:57:42 2013 +1100 scripting: Make tdb_copy use the python subprocess module This makes the code more robust to spaces in the file names (etc). Andrew Bartlett Reviewed-by: Matthieu Patou --- Summary of changes: source4/scripting/bin/samba_upgradeprovision | 51 --- .../scripting/python/samba/provision/sambadns.py | 23 + source4/scripting/python/samba/tdb_util.py | 41 3 files changed, 66 insertions(+), 49 deletions(-) create mode 100644 source4/scripting/python/samba/tdb_util.py Changeset truncated at 500 lines: diff --git a/source4/scripting/bin/samba_upgradeprovision b/source4/scripting/bin/samba_upgradeprovision index 570f783..25c3ac2 100755 --- a/source4/scripting/bin/samba_upgradeprovision +++ b/source4/scripting/bin/samba_upgradeprovision @@ -40,6 +40,7 @@ import samba.getopt as options from base64 import b64encode from samba.credentials import DONT_USE_KERBEROS from samba.auth import system_session, admin_session +from samba import tdb_util from ldb import (SCOPE_SUBTREE, SCOPE_BASE, FLAG_MOD_REPLACE, FLAG_MOD_ADD, FLAG_MOD_DELETE, MessageElement, Message, Dn, LdbError) @@ -1470,7 +1471,7 @@ def simple_update_basesamdb(newpaths, paths, names): :param names: List of key provision parameters""" message(SIMPLE, "Copy samdb") -shutil.copy(newpaths.samdb, paths.samdb) +tdb_util.tdb_copy(newpaths.samdb, paths.samdb) message(SIMPLE, "Update partitions filename if needed") schemaldb = os.path.join(paths.private_dir, "schema.ldb") @@ -1482,31 +1483,19 @@ def simple_update_basesamdb(newpaths, paths, names): os.mkdir(samldbdir) os.chmod(samldbdir, 0700) if os.path.isfile(schemaldb): -shutil.copy(schemaldb, os.path.join(samldbdir, +tdb_util.tdb_copy(schemaldb, os.path.join(samldbdir, "%s.ldb"%str(names.schemadn).upper())) os.remove(schemaldb) if os.path.isfile(usersldb): -shutil.copy(usersldb, os.path.join(samldbdir, +tdb_util.tdb_copy(usersldb, os.path.join(samldbdir, "%s.ldb"%str(names.rootdn).upper())) os.remove(usersldb) if os.path.isfile(configldb): -shutil.copy(configldb, os.path.join(samldbdir, +tdb_util.tdb_copy(configldb, os.path.join(samldbdir, "%s.ldb"%str(names.configdn).upper())) os.remove(configldb) -def update_privilege(ref_private_path, cur_private_path): -"""Update the privilege database - -:param ref_private_pa
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 46ab33d build:autoconf: fix output of syslog-facility check from 3d29bb2 s3:rpc_client fix a crash http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 46ab33dc6753c135effedc204f3028a7e2bc2b1b Author: Björn Jacke Date: Wed Feb 20 19:57:24 2013 +0100 build:autoconf: fix output of syslog-facility check thanks to Thomas Bork for reporting! Signed-off-by: Bjoern Jacke Reviewed-by: Andrew Bartlett Autobuild-User(master): Andrew Bartlett Autobuild-Date(master): Thu Feb 21 00:00:06 CET 2013 on sn-devel-104 --- Summary of changes: source3/configure.in |5 - 1 files changed, 4 insertions(+), 1 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/configure.in b/source3/configure.in index 594f4b9..56c9190 100644 --- a/source3/configure.in +++ b/source3/configure.in @@ -4512,12 +4512,15 @@ AC_ARG_WITH(syslog-facility, if test "$withval" = "no" ; then AC_MSG_ERROR([argument to --with-syslog-facility must be a string]) else + AC_MSG_RESULT([$withval]) if test "$withval" != "yes" ; then syslog_facility="$withval" AC_DEFINE_UNQUOTED(SYSLOG_FACILITY,$syslog_facility, [syslog facility to log to]) fi fi -]) +], +AC_MSG_RESULT(no) +) # # check for experimental disk-quotas support -- Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated
via bb0e4cb s4:winbindd: do not drop the workgroup name in the getgrgid
call
via ecd0b10 s4:winbindd: do not drop the workgroup name in the getgrnam
and getgrent calls.
from 3e5acc1 Fix bug #9674 - Samba denies owner Read Control when there
is a DENY entry while W2K08 does not.
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -
commit bb0e4cbc3c30137245ca6b6cf9d74812ad17cee1
Author: Michael Adam
Date: Wed Feb 27 01:04:46 2013 +0100
s4:winbindd: do not drop the workgroup name in the getgrgid call
Signed-off-by: Michael Adam
Reviewed-by: Andrew Bartlett
Autobuild-User(master): Andrew Bartlett
Autobuild-Date(master): Wed Feb 27 05:44:39 CET 2013 on sn-devel-104
commit ecd0b10d2f1de986303f8aab2915c20c2f025244
Author: Michael Adam
Date: Wed Feb 27 00:45:55 2013 +0100
s4:winbindd: do not drop the workgroup name in the getgrnam and getgrent
calls.
Signed-off-by: Michael Adam
Reviewed-by: Andrew Bartlett
---
Summary of changes:
source4/winbind/wb_cmd_getgrgid.c | 12 +++-
source4/winbind/wb_cmd_getgrnam.c | 12 +++-
2 files changed, 22 insertions(+), 2 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source4/winbind/wb_cmd_getgrgid.c
b/source4/winbind/wb_cmd_getgrgid.c
index fe946ed..8ca93db 100644
--- a/source4/winbind/wb_cmd_getgrgid.c
+++ b/source4/winbind/wb_cmd_getgrgid.c
@@ -23,6 +23,7 @@
#include "libcli/composite/composite.h"
#include "winbind/wb_server.h"
#include "smbd/service_task.h"
+#include "param/param.h"
struct cmd_getgrgid_state {
struct composite_context *ctx;
@@ -127,6 +128,7 @@ static void cmd_getgrgid_recv_group_info(struct
composite_context *ctx)
struct cmd_getgrgid_state);
struct libnet_GroupInfo *group_info;
struct winbindd_gr *gr;
+ char *group_name_with_domain;
DEBUG(5, ("cmd_getgrgid_recv_group_info called\n"));
@@ -139,7 +141,15 @@ static void cmd_getgrgid_recv_group_info(struct
composite_context *ctx)
state->ctx->status = libnet_GroupInfo_recv(ctx, state, group_info);
if (!composite_is_ok(state->ctx)) return;
- WBSRV_SAMBA3_SET_STRING(gr->gr_name, group_info->out.group_name);
+ group_name_with_domain = talloc_asprintf(gr, "%s%s%s",
+ state->workgroup,
+ lpcfg_winbind_separator(state->service->task->lp_ctx),
+ group_info->out.group_name);
+ if (composite_nomem(group_name_with_domain, state->ctx)) {
+ return;
+ }
+
+ WBSRV_SAMBA3_SET_STRING(gr->gr_name, group_name_with_domain);
WBSRV_SAMBA3_SET_STRING(gr->gr_passwd, "*");
gr->gr_gid = state->gid;
diff --git a/source4/winbind/wb_cmd_getgrnam.c
b/source4/winbind/wb_cmd_getgrnam.c
index 7073209..d75a460 100644
--- a/source4/winbind/wb_cmd_getgrnam.c
+++ b/source4/winbind/wb_cmd_getgrnam.c
@@ -24,6 +24,7 @@
#include "winbind/wb_server.h"
#include "winbind/wb_helper.h"
#include "smbd/service_task.h"
+#include "param/param.h"
struct cmd_getgrnam_state {
struct composite_context *ctx;
@@ -105,6 +106,7 @@ static void cmd_getgrnam_recv_group_info(struct
composite_context *ctx)
ctx->async.private_data, struct cmd_getgrnam_state);
struct libnet_GroupInfo *group_info;
struct winbindd_gr *gr;
+ char *group_name_with_domain;
DEBUG(5, ("cmd_getgrnam_recv_group_info called\n"));
@@ -117,7 +119,15 @@ static void cmd_getgrnam_recv_group_info(struct
composite_context *ctx)
state->ctx->status = libnet_GroupInfo_recv(ctx, state, group_info);
if(!composite_is_ok(state->ctx)) return;
- WBSRV_SAMBA3_SET_STRING(gr->gr_name, group_info->out.group_name);
+ group_name_with_domain = talloc_asprintf(gr, "%s%s%s",
+ state->workgroup_name,
+ lpcfg_winbind_separator(state->service->task->lp_ctx),
+ group_info->out.group_name);
+ if (composite_nomem(group_name_with_domain, state->ctx)) {
+ return;
+ }
+
+ WBSRV_SAMBA3_SET_STRING(gr->gr_name, group_name_with_domain);
WBSRV_SAMBA3_SET_STRING(gr->gr_passwd, "*");
gr->num_gr_mem = group_info->out.num_members;
gr->gr_mem_ofs = 0;
--
Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated
via 87afc3a Move python modules from source4/scripting/python/ to
python/.
via 80fce35 build: Change bin/default/python -> bin/python symlink to
bin/default/python_modules
via 2d13532 build: Rename samba_python waf node to avoid duplicate name
from f9eb055 tevent: change version to 0.9.18
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -
commit 87afc3aee1ea593069322a49355dd8780d99e123
Author: Jelmer Vernooij
Date: Fri Dec 28 15:37:14 2012 +0100
Move python modules from source4/scripting/python/ to python/.
Reviewed-by: Andrew Bartlett
Autobuild-User(master): Andrew Bartlett
Autobuild-Date(master): Sat Mar 2 03:57:34 CET 2013 on sn-devel-104
commit 80fce353e740c793619005ac102ab07fb5e7d280
Author: Andrew Bartlett
Date: Sat Mar 2 10:58:50 2013 +1100
build: Change bin/default/python -> bin/python symlink to
bin/default/python_modules
This avoids a collision with the new top level python directory.
Andrew Bartlett
commit 2d13532cb3ad3a3deaee1f158408478284bc595a
Author: Andrew Bartlett
Date: Sat Mar 2 08:28:11 2013 +1100
build: Rename samba_python waf node to avoid duplicate name
This makes it clearer when debuging build issues.
Andrew Bartlett
---
Summary of changes:
buildtools/wafsamba/samba_python.py|2 +-
buildtools/wafsamba/wafsamba.py|6 +++---
libcli/nbt/pynbt.c |2 +-
.../python => python}/examples/dnsserver.py|0
.../python => python}/examples/netbios.py |0
.../scripting/python => python}/examples/samr.py |0
.../scripting/python => python}/examples/winreg.py |0
{source4/scripting/python => python}/modules.c |2 +-
{source4/scripting/python => python}/modules.h |0
{source4/scripting/python => python}/pyglue.c |0
.../scripting/python => python}/samba/__init__.py |0
.../scripting/python => python}/samba/common.py|0
.../scripting/python => python}/samba/dbchecker.py |0
.../scripting/python => python}/samba/drs_utils.py |0
.../scripting/python => python}/samba/getopt.py|0
.../python => python}/samba/hostconfig.py |0
.../scripting/python => python}/samba/idmap.py |0
{source4/scripting/python => python}/samba/join.py |0
.../scripting/python => python}/samba/kcc_utils.py |0
.../samba/ms_display_specifiers.py |0
.../scripting/python => python}/samba/ms_schema.py |0
{source4/scripting/python => python}/samba/ndr.py |0
.../python => python}/samba/netcmd/__init__.py |0
.../python => python}/samba/netcmd/common.py |0
.../python => python}/samba/netcmd/dbcheck.py |0
.../python => python}/samba/netcmd/delegation.py |0
.../python => python}/samba/netcmd/dns.py |0
.../python => python}/samba/netcmd/domain.py |0
.../python => python}/samba/netcmd/drs.py |0
.../python => python}/samba/netcmd/dsacl.py|0
.../python => python}/samba/netcmd/fsmo.py |0
.../python => python}/samba/netcmd/gpo.py |0
.../python => python}/samba/netcmd/group.py|0
.../python => python}/samba/netcmd/ldapcmp.py |0
.../python => python}/samba/netcmd/main.py |0
.../python => python}/samba/netcmd/ntacl.py|0
.../python => python}/samba/netcmd/processes.py|0
.../python => python}/samba/netcmd/rodc.py |0
.../python => python}/samba/netcmd/sites.py|0
.../python => python}/samba/netcmd/spn.py |0
.../python => python}/samba/netcmd/testparm.py |0
.../python => python}/samba/netcmd/time.py |0
.../python => python}/samba/netcmd/user.py |0
.../python => python}/samba/netcmd/vampire.py |0
.../scripting/python => python}/samba/ntacls.py|0
.../python => python}/samba/provision/__init__.py |0
.../python => python}/samba/provision/backend.py |0
.../python => python}/samba/provision/common.py|0
.../samba/provision/descriptor.py |0
.../python => python}/samba/provision/sambadns.py |0
.../python => python}/samba/samba3/__init__.py |0
.../scripting/python => python}/samba/samdb.py |0
.../scripting/python => python}/samba/schema.py|0
.../scripting/python => python}/samba/sd_utils.py |0
.../scripting/python => python}/samba/sites.py |0
.../scripting/python => python}/samba/tdb_util.py |0
.../python => python}/sa
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated
via 2cfbfa6 Remove incomplete check for IPv6 link-local addresses.
from 87afc3a Move python modules from source4/scripting/python/ to
python/.
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -
commit 2cfbfa6337675d13a9abc4c0426886beeff3134f
Author: Landon Fuller
Date: Sat Feb 23 22:32:25 2013 -0500
Remove incomplete check for IPv6 link-local addresses.
This has been superceded by a check for link-local
addresses in get_interfaces()
Signed-Off-By: Landon Fuller
Reviewed-By: Richard Sharpe
Reviewed-by: Andrew Bartlett
Autobuild-User(master): Andrew Bartlett
Autobuild-Date(master): Sat Mar 2 08:38:54 CET 2013 on sn-devel-104
---
Summary of changes:
source4/scripting/bin/samba_dnsupdate |4 +---
1 files changed, 1 insertions(+), 3 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source4/scripting/bin/samba_dnsupdate
b/source4/scripting/bin/samba_dnsupdate
index a5cece1..33c16ec 100755
--- a/source4/scripting/bin/samba_dnsupdate
+++ b/source4/scripting/bin/samba_dnsupdate
@@ -96,9 +96,7 @@ IP6s = []
IP4s = []
for i in IPs:
if i.find(':') != -1:
-if i.find('%') == -1:
-# we don't want link local addresses for DNS updates
-IP6s.append(i)
+IP6s.append(i)
else:
IP4s.append(i)
--
Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via c692bb0 Handle EMSGSIZE on UNIX domain sockets. via 606f5d6 samba-tool ldapcmp: Add --skip-missing-dn to not error on DNs present in one DB but not the other via 161fa15 samba-tool domain classicupgrade: Fix typo in error path for multiple account flags via 669c302 samba-tool domain classicupgrade: Print a better error when the ldap backend PW was not found via 68f13f5 samba-tool dbcheck: fix comment on err_wrong_sd from 2cfbfa6 Remove incomplete check for IPv6 link-local addresses. http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit c692bb02b039ae8fef6ba968fd13b36ad7d62a72 Author: Landon Fuller Date: Sat Mar 2 14:08:47 2013 -0500 Handle EMSGSIZE on UNIX domain sockets. On some systems (eg, FreeBSD) the default SO_SNDBUF for UNIX domain sockets is to small, and EMSGSIZE is returned. Other systems provide a larger default send buffer, but there is still no guarantee that the buffer will be sized appropriately. This patch modifies the sendto() path to attempt to resize the SO_SNDBUF dynamically upon an EMSGSIZE failure, and then retry the send. This fixes local DCE/RPC errors on FreeBSD, eg: https://lists.samba.org/archive/samba-technical/2013-January/089881.html Signed-Off-By: Landon Fuller Reviewed-by: Andrew Bartlett Autobuild-User(master): Andrew Bartlett Autobuild-Date(master): Sat Mar 2 23:34:03 CET 2013 on sn-devel-104 commit 606f5d6cc6b018259ba0306fe3b55e21b4b70fdb Author: Andrew Bartlett Date: Thu Feb 14 14:59:28 2013 +1100 samba-tool ldapcmp: Add --skip-missing-dn to not error on DNs present in one DB but not the other This is needed to compare some parts of the database, particularly in --two mode, which are just never going to have exactly the same DNs. Andrew Bartlett Reviewed-by: Stefan Metzmacher commit 161fa15697fab9effbe1db9640cece847dcf63cd Author: Andrew Bartlett Date: Tue Feb 12 09:20:03 2013 +1100 samba-tool domain classicupgrade: Fix typo in error path for multiple account flags Reviewed-by: Stefan Metzmacher commit 669c302f2d78ab4bbd35982373ae079246c8979d Author: Andrew Bartlett Date: Tue Jan 15 21:53:30 2013 +1100 samba-tool domain classicupgrade: Print a better error when the ldap backend PW was not found Reviewed-by: Stefan Metzmacher commit 68f13f5d7e80f2041e140a12fc2f7139561c83ce Author: Andrew Bartlett Date: Mon Feb 11 14:50:49 2013 +1100 samba-tool dbcheck: fix comment on err_wrong_sd Reviewed-by: Stefan Metzmacher --- Summary of changes: python/samba/dbchecker.py|3 +-- python/samba/netcmd/ldapcmp.py | 15 ++- python/samba/upgrade.py |7 +-- source4/lib/socket/socket_unix.c | 35 ++- 4 files changed, 42 insertions(+), 18 deletions(-) Changeset truncated at 500 lines: diff --git a/python/samba/dbchecker.py b/python/samba/dbchecker.py index 06fd827..297a065 100644 --- a/python/samba/dbchecker.py +++ b/python/samba/dbchecker.py @@ -692,8 +692,7 @@ newSuperior: %s""" % (str(from_dn), str(to_rdn), str(to_base))) return (sd, None) def err_wrong_sd(self, dn, sd, sd_broken): -'''re-write replPropertyMetaData elements for a single attribute for a -object. This is used to fix missing replPropertyMetaData elements''' +'''re-write the SD due to incorrect inherited ACEs''' sd_attr = "nTSecurityDescriptor" sd_val = ndr_pack(sd) sd_flags = security.SECINFO_DACL | security.SECINFO_SACL diff --git a/python/samba/netcmd/ldapcmp.py b/python/samba/netcmd/ldapcmp.py index 8398205..3c6c5f1 100644 --- a/python/samba/netcmd/ldapcmp.py +++ b/python/samba/netcmd/ldapcmp.py @@ -45,7 +45,7 @@ class LDAPBase(object): def __init__(self, host, creds, lp, two=False, quiet=False, descriptor=False, sort_aces=False, verbose=False, view="section", base="", scope="SUB", - outf=sys.stdout, errf=sys.stderr): + outf=sys.stdout, errf=sys.stderr, skip_missing_dn=True): ldb_options = [] samdb_url = host if not "://" in host: @@ -71,6 +71,7 @@ class LDAPBase(object): self.view = view self.verbose = verbose self.host = host +self.skip_missing_dn = skip_missing_dn self.base_dn = str(self.ldb.get_default_basedn()) self.root_dn = str(self.ldb.get_root_basedn()) self.config_dn = str(self.ldb.get_config_basedn()) @@ -686,6 +687,7 @@ class LDAPBundel(
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated
via 7fa4795 waf: add -fstack-protector to LDFLAGS if detected.
via 511e575 Documentation: Add a warning to "socket options"
from 90cbfc9 Make sure to set umask() before calling mkstemp().
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -
commit 7fa4795607f018590caa26b5eca5abb68922c039
Author: Ira Cooper
Date: Wed Mar 6 00:54:43 2013 +
waf: add -fstack-protector to LDFLAGS if detected.
If we compile with -fstack-protector, we should link
with it.
Reviewed-by: Andrew Bartlett
Autobuild-User(master): Andrew Bartlett
Autobuild-Date(master): Wed Mar 6 04:06:04 CET 2013 on sn-devel-104
commit 511e575e29a62c5d7dece91e41dd965e9546147c
Author: Scott Lovenberg
Date: Mon Mar 4 19:09:12 2013 -0500
Documentation: Add a warning to "socket options"
Add a warning to the "socket options" section of the
smb.conf man page that changing socket options can be
dangerous to performance. Hopefully this will cut down on
users reporting poor performance after changing socket
options.
Signed-off-by: Scott Lovenberg
Reviewed-by: Andrew Bartlett
Reviewed-by: Jeremy Allison
---
Summary of changes:
docs-xml/smbdotconf/tuning/socketoptions.xml | 17 +
lib/replace/wscript |1 +
2 files changed, 18 insertions(+), 0 deletions(-)
Changeset truncated at 500 lines:
diff --git a/docs-xml/smbdotconf/tuning/socketoptions.xml
b/docs-xml/smbdotconf/tuning/socketoptions.xml
index 7a5c221..27ae5fd 100644
--- a/docs-xml/smbdotconf/tuning/socketoptions.xml
+++ b/docs-xml/smbdotconf/tuning/socketoptions.xml
@@ -4,6 +4,23 @@
developer="1"
xmlns:samba="http://www.samba.org/samba/DTD/samba-doc";>
+
+
+Modern server operating systems are tuned for high
+network performance in the majority of situations; when you set socket
+options you are overriding those settings. Linux in particular has an
+auto-tuning mechanism for buffer sizes that will be disabled if you
+specify a socket buffer size. This can potentially cripple your
+TCP/IP stack.
+
+ Getting the socket options correct can make a big difference to
+your performance, but getting them wrong can degrade it by just as
+much. As with any other low level setting, if you must make changes
+to it, make small changes and test the effect
+before making any large changes.
+
+
+
This option allows you to set socket options
to be used when talking with the client.
diff --git a/lib/replace/wscript b/lib/replace/wscript
index 36a9f6a..9483e23 100644
--- a/lib/replace/wscript
+++ b/lib/replace/wscript
@@ -55,6 +55,7 @@ struct foo bar = { .y = 'X', .x = 1 };
if conf.CHECK_CFLAGS(['-fstack-protector']):
conf.ADD_CFLAGS('-fstack-protector')
+conf.ADD_LDFLAGS('-fstack-protector')
# Try to find the right extra flags for -Werror behaviour
for f in ["-Werror", # GCC
--
Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated
via 5372571 s3:idmap: fix a debug message and lower its level
from 93d57df vfs_catia: add my copyright
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -
commit 5372571fde68dcc7ccd0d3fa754bdfa148e7ca48
Author: Michael Adam
Date: Mon Mar 4 12:52:26 2013 +0100
s3:idmap: fix a debug message and lower its level
It is not an error to be logged at level 1 when a
domain has no explicitly configured idmap backend.
Signed-off-by: Michael Adam
Reviewed-by: Andrew Bartlett
Autobuild-User(master): Andrew Bartlett
Autobuild-Date(master): Fri Mar 8 03:16:54 CET 2013 on sn-devel-104
---
Summary of changes:
source3/winbindd/idmap.c |3 ++-
1 files changed, 2 insertions(+), 1 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source3/winbindd/idmap.c b/source3/winbindd/idmap.c
index d5eeac6..97a34d4 100644
--- a/source3/winbindd/idmap.c
+++ b/source3/winbindd/idmap.c
@@ -285,7 +285,8 @@ static struct idmap_domain
*idmap_init_named_domain(TALLOC_CTX *mem_ctx,
backend = lp_parm_const_string(-1, config_option, "backend", NULL);
if (backend == NULL) {
- DEBUG(1, ("no backend defined for %s\n", config_option));
+ DEBUG(10, ("no idmap backend configured for domain '%s'\n",
+ domname));
goto fail;
}
--
Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 6ac0bdc Add testcase for idmap_rfc2307 module via 8241daf packaging(RHEL-CTDB): Add idmap_rfc2307 module via b755152 s3-net: Allow setting the ldap password for idmap_rfc2307 via 30b2f74 s3-docs: Add manpage for idmap_rfc2307 module via 6aa739a s3-winbindd: Add new module idmap_rfc2307 via ad1fbe2 s3-winbindd: Move connection to AD server from idmap_ad via baf9b78 s3-winbindd: Use common helper function for connecting to ADS via 0c4e467 s3-winbindd: Move code for verifying ADS connection to common helper function via c07c167 s3-winbindd: Move idmap_fetch_secret to idmap_utils.c for reuse via 86d09ce s3-winbindd: Move common code for LDAP id mapping to idmap_utils via 666a563 s4-dns: dlz_bind9: Check result to avoid segfault via 83e4ff9 doc: add vfs_btrfs man page via 15ce3a9 s3-vfs: add vfs_btrfs module from 11d1286 Correct the name of the nss_winbind module for FreeBSD by creating a symlink from the FreeBSD required name to the built module. http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 6ac0bdc4513bb5a7bf9ecf0cd0986f6122f96dba Author: Christof Schmitt Date: Thu Feb 21 12:33:23 2013 -0700 Add testcase for idmap_rfc2307 module Create a new test environment with 'idmap config DOMAIN : backend = rfc2307'. A new test script adds LDAP records and queries them again for the mapped uid and gid. Reviewed-by: Andrew Bartlett Autobuild-User(master): Andrew Bartlett Autobuild-Date(master): Sat Mar 9 08:18:43 CET 2013 on sn-devel-104 commit 8241dafdb832808f0b88a7d83095105e7d532fa4 Author: Christof Schmitt Date: Thu Feb 21 12:33:19 2013 -0700 packaging(RHEL-CTDB): Add idmap_rfc2307 module Reviewed-by: Andrew Bartlett commit b75515248a641c1b1e1e3dad40eb323280658129 Author: Christof Schmitt Date: Thu Feb 21 12:33:13 2013 -0700 s3-net: Allow setting the ldap password for idmap_rfc2307 Reviewed-by: Andrew Bartlett commit 30b2f74ffc8f7c38e132eddede7884c5195b634a Author: Christof Schmitt Date: Thu Feb 21 12:32:54 2013 -0700 s3-docs: Add manpage for idmap_rfc2307 module Reviewed-by: Andrew Bartlett commit 6aa739a21903d9013d6fbb45b9581f84a192b4d5 Author: Christof Schmitt Date: Thu Feb 21 12:32:37 2013 -0700 s3-winbindd: Add new module idmap_rfc2307 This module allows querying id mappings from LDAP servers as described in RFC 2307. The LDAP records can be queried from an Active Directory Server or from a stand-alone LDAP server. Reviewed-by: Andrew Bartlett commit ad1fbe29fbeea48381c7bedd78f7a45d07ad14d5 Author: Christof Schmitt Date: Thu Feb 21 12:31:41 2013 -0700 s3-winbindd: Move connection to AD server from idmap_ad Having this in a common place allows reuse by other idmap modules. Reviewed-by: Andrew Bartlett commit baf9b78d47079b81cf33682ee481cf6e30ed89e9 Author: Christof Schmitt Date: Thu Feb 21 12:31:37 2013 -0700 s3-winbindd: Use common helper function for connecting to ADS Reviewed-by: Andrew Bartlett commit 0c4e467c1cc661552bfd6745825e2106ec8279d7 Author: Christof Schmitt Date: Thu Feb 21 12:31:28 2013 -0700 s3-winbindd: Move code for verifying ADS connection to common helper function Reviewed-by: Andrew Bartlett commit c07c167edb71568ab18f016346e60803d1195d42 Author: Christof Schmitt Date: Thu Feb 21 12:31:19 2013 -0700 s3-winbindd: Move idmap_fetch_secret to idmap_utils.c for reuse Reviewed-by: Andrew Bartlett commit 86d09ce779fdc9d6ebbbe44b25656808ab37ee14 Author: Christof Schmitt Date: Thu Feb 21 12:30:48 2013 -0700 s3-winbindd: Move common code for LDAP id mapping to idmap_utils idmap_ad and idmap_ldap use the same helper functions and the same maximum query size. Move the code to idmap_utils so that it can be shared by every module issuing LDAP queries. Reviewed-by: Andrew Bartlett commit 666a5630ef3b03640089a0b6e81bf578b91b88ab Author: Stefan Gohmann Date: Fri Mar 8 20:57:31 2013 +0100 s4-dns: dlz_bind9: Check result to avoid segfault We saw this issue in a customer environment with many CNF objects. I wasn't able to reproduce it, but I got the following core dump: (gdb) directory samba4-4.0.0~rc6/source4/dns_server/ Source directories searched: /root/samba4-4.0.0~rc6/source4/dns_server:$cdir:$cwd (gdb) bt #0 0xb4b0bc13 in dlz_lookup_types (state=0x9648e48, zone=0xb659b9a8 "xx.x.de", name=0xb659bda8 "client9173", lookup=0xb6db7588, types=0x0) at ../source4/dns_server/dlz_bind9.c:830 #1 0xb4b0bdb8 in dlz_lookup (zone=0xb659b9a8 "xx.x.de", name=0xb659bda8 "client9173", dbdata=
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 287b5f6 param: Remove incorrectly added defaults in AD DC allowing WORLD WRITABLE files from 6ac0bdc Add testcase for idmap_rfc2307 module http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 287b5f6c0f40d3e3d09bc2ce80f5fee02cbae40f Author: Andrew Bartlett Date: Fri Mar 8 16:49:21 2013 +1100 param: Remove incorrectly added defaults in AD DC allowing WORLD WRITABLE files These defaults were incorrectly added in fc5caffbc139d63cab1ec105884863f73772586f in what turns out to be an incorrect fix for bug #9462, which was in turn introduced by the swapping of security mask (default 0777) for create mask (0755) in 6adc7dad96b8c7366da042f0d93b28c1ecb092eb. While the permissions on sysvol and netlogon (the default shares) were fixed by provision, any additional shares that did not yet have an explit ACL set would create world-writable files by default. Administrators will need to manually correct the file permissions on any additional shares that were created after installation of the AD DC. Andrew Bartlett Reviewed-by: Michael Adam Autobuild-User(master): Andrew Bartlett Autobuild-Date(master): Sun Mar 10 12:00:31 CET 2013 on sn-devel-104 --- Summary of changes: source3/param/loadparm.c |2 -- 1 files changed, 0 insertions(+), 2 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/param/loadparm.c b/source3/param/loadparm.c index ce1c1d8..75b63c5 100644 --- a/source3/param/loadparm.c +++ b/source3/param/loadparm.c @@ -3535,8 +3535,6 @@ static void init_locals(void) lp_do_parameter(-1, "map readonly", "no"); lp_do_parameter(-1, "map archive", "no"); lp_do_parameter(-1, "store dos attributes", "yes"); - lp_do_parameter(-1, "create mask", "0777"); - lp_do_parameter(-1, "directory mask", "0777"); } } -- Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 156fa6c vfstest: update the manual page from 41edcf8 vfs_catia: testcase - add missing pieces http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 156fa6cd0add0c040288b5c9dc4390ad1abf656a Author: Guenter Kukkukk Date: Wed Mar 13 05:46:07 2013 +0100 vfstest: update the manual page many added commands were missing. The "-c" multiple command parameter option delimiter is not the colon (anymore) - the semicolon is used. Signed-off-by: Guenter Kukkukk Autobuild-User(master): Andrew Bartlett Autobuild-Date(master): Wed Mar 13 08:27:54 CET 2013 on sn-devel-104 --- Summary of changes: docs-xml/manpages/vfstest.1.xml | 25 ++--- 1 files changed, 22 insertions(+), 3 deletions(-) Changeset truncated at 500 lines: diff --git a/docs-xml/manpages/vfstest.1.xml b/docs-xml/manpages/vfstest.1.xml index 0245b9c..cf6ad51 100644 --- a/docs-xml/manpages/vfstest.1.xml +++ b/docs-xml/manpages/vfstest.1.xml @@ -47,7 +47,7 @@ -c|--command=command - Execute the specified (colon-separated) commands. + Execute the specified (semicolon-separated) commands. See below for the commands that are available. @@ -115,6 +115,25 @@ link - VFS link() mknod - VFS mknod() realpath - VFS realpath() + + getxattr - VFS getxattr() + listxattr - VFS listxattr() + setxattr - VFS setxattr() + removexattr - VFS removexattr() + fget_nt_acl - VFS fget_nt_acl() + get_nt_acl - VFS get_nt_acl() + fset_nt_acl - VFS fset_nt_acl() + set_nt_acl - VFS open() and fset_nt_acl() + fchmod_acl - VFS fchmod_acl() + chmod_acl - VFS chmod_acl() + sys_acl_get_file - VFS sys_acl_get_file() + sys_acl_get_fd - VFS sys_acl_get_fd() + sys_acl_blob_get_file - VFS sys_acl_blob_get_file() + sys_acl_blob_get_fd - VFS sys_acl_blob_get_fd() + sys_acl_delete_def_file - VFS sys_acl_delete_def_file() + test_chain - test chain code + translate_name - VFS translate_name() + GENERAL COMMANDS @@ -135,7 +154,7 @@ VERSION - This man page is correct for version 3 of the Samba + This man page is correct for version 3 and 4 of the Samba suite. @@ -147,7 +166,7 @@ by the Samba Team as an Open Source project similar to the way the Linux kernel is developed. - The vfstest man page was written by Jelmer Vernooij. + The vfstest man page was written by Jelmer Vernooij. Updated version by Guenter Kukkukk. -- Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated
via 96d731c samba-tool group list: add more info to samba-tool group
list
from 1d15fc7 Fix bug #9724 - is_encrypted_packet() function incorrectly
used inside server.
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -
commit 96d731c79befdee297eb0e72a3488547f6361ab4
Author: Ricky Nance
Date: Mon Mar 11 14:47:19 2013 -0500
samba-tool group list: add more info to samba-tool group list
Reviewed-by: Andrew Bartlett
Autobuild-User(master): Andrew Bartlett
Autobuild-Date(master): Sun Mar 17 12:56:47 CET 2013 on sn-devel-104
---
Summary of changes:
python/samba/netcmd/group.py | 48 +++--
1 files changed, 41 insertions(+), 7 deletions(-)
Changeset truncated at 500 lines:
diff --git a/python/samba/netcmd/group.py b/python/samba/netcmd/group.py
index 731d4c1..4004a7d 100644
--- a/python/samba/netcmd/group.py
+++ b/python/samba/netcmd/group.py
@@ -27,6 +27,7 @@ from getpass import getpass
from samba.auth import system_session
from samba.samdb import SamDB
from samba.dsdb import (
+GTYPE_SECURITY_BUILTIN_LOCAL_GROUP,
GTYPE_SECURITY_DOMAIN_LOCAL_GROUP,
GTYPE_SECURITY_GLOBAL_GROUP,
GTYPE_SECURITY_UNIVERSAL_GROUP,
@@ -35,8 +36,13 @@ from samba.dsdb import (
GTYPE_DISTRIBUTION_UNIVERSAL_GROUP,
)
-security_group = dict({"Domain": GTYPE_SECURITY_DOMAIN_LOCAL_GROUP, "Global":
GTYPE_SECURITY_GLOBAL_GROUP, "Universal": GTYPE_SECURITY_UNIVERSAL_GROUP})
-distribution_group = dict({"Domain": GTYPE_DISTRIBUTION_DOMAIN_LOCAL_GROUP,
"Global": GTYPE_DISTRIBUTION_GLOBAL_GROUP, "Universal":
GTYPE_DISTRIBUTION_UNIVERSAL_GROUP})
+security_group = dict({"Builtin": GTYPE_SECURITY_BUILTIN_LOCAL_GROUP,
+ "Domain": GTYPE_SECURITY_DOMAIN_LOCAL_GROUP,
+ "Global": GTYPE_SECURITY_GLOBAL_GROUP,
+ "Universal": GTYPE_SECURITY_UNIVERSAL_GROUP})
+distribution_group = dict({"Domain": GTYPE_DISTRIBUTION_DOMAIN_LOCAL_GROUP,
+ "Global": GTYPE_DISTRIBUTION_GLOBAL_GROUP,
+ "Universal": GTYPE_DISTRIBUTION_UNIVERSAL_GROUP})
class cmd_group_add(Command):
@@ -274,6 +280,10 @@ class cmd_group_list(Command):
takes_options = [
Option("-H", "--URL", help="LDB URL for database or target server",
type=str,
metavar="URL", dest="H"),
+Option("-v", "--verbose",
+ help="Verbose output, showing group type and group scope.",
+ action="store_true"),
+
]
takes_optiongroups = {
@@ -282,7 +292,8 @@ class cmd_group_list(Command):
"versionopts": options.VersionOptions,
}
-def run(self, sambaopts=None, credopts=None, versionopts=None, H=None):
+def run(self, sambaopts=None, credopts=None, versionopts=None, H=None,
+verbose=False):
lp = sambaopts.get_loadparm()
creds = credopts.get_credentials(lp, fallback_machine=True)
@@ -292,13 +303,36 @@ class cmd_group_list(Command):
domain_dn = samdb.domain_dn()
res = samdb.search(domain_dn, scope=ldb.SCOPE_SUBTREE,
expression=("(objectClass=group)"),
-attrs=["samaccountname"])
+attrs=["samaccountname", "grouptype"])
if (len(res) == 0):
return
-for msg in res:
-self.outf.write("%s\n" % msg.get("samaccountname", idx=0))
+if verbose:
+self.outf.write("Group Name Group
Type Group Scope\n")
+
self.outf.write("-\n")
+for msg in res:
+self.outf.write("%-44s" % msg.get("samaccountname", idx=0))
+hgtype = hex(int("%s" % msg["grouptype"]) & 0x)
+if (hgtype == hex(int(security_group.get("Builtin":
+self.outf.write("Security Builtin\n")
+elif (hgtype == hex(int(security_group.get("Domain":
+self.outf.write("Security Domain\n")
+elif (hgtype == hex(int(security_group.get("Global":
+self.outf.write("Security Global\n")
+elif (hgtype == hex(int(security_group.get("Universal":
+
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via afd291b Avoid leaking temp file if an exception is raised from 8aae8b5 s3:smbd: do not access data behind req->buf+req->buflen in srvstr_pull_req_talloc() http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit afd291b1dee44b2400bed119bccfc0b722d8cc9c Author: Jean Raby Date: Wed Apr 10 21:33:34 2013 -0400 Avoid leaking temp file if an exception is raised Reviewed-by: Andrew Bartlett Autobuild-User(master): Andrew Bartlett Autobuild-Date(master): Thu Apr 11 06:06:03 CEST 2013 on sn-devel-104 --- Summary of changes: source4/scripting/bin/samba_dnsupdate |6 +- 1 files changed, 5 insertions(+), 1 deletions(-) Changeset truncated at 500 lines: diff --git a/source4/scripting/bin/samba_dnsupdate b/source4/scripting/bin/samba_dnsupdate index 33c16ec..68b0f72 100755 --- a/source4/scripting/bin/samba_dnsupdate +++ b/source4/scripting/bin/samba_dnsupdate @@ -116,7 +116,11 @@ def get_credentials(lp): creds.set_machine_account(lp) creds.set_krb_forwardable(credentials.NO_KRB_FORWARDABLE) (tmp_fd, ccachename) = tempfile.mkstemp() -creds.get_named_ccache(lp, ccachename) +try: +creds.get_named_ccache(lp, ccachename) +except RuntimeError as e: +os.unlink(ccachename) +raise e class dnsobj(object): -- Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated
via f775613 scripting-provision: Do not enforce domain != realm if we
are joining an existing domain
via 7955bf4 build: Raise minimum python version to 2.5.0 for samba build
from afd291b Avoid leaking temp file if an exception is raised
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -
commit f7756137e8f8a7591c9d95482ca1fca3f6484a51
Author: Andrew Bartlett
Date: Fri Apr 5 12:01:17 2013 +1100
scripting-provision: Do not enforce domain != realm if we are joining an
existing domain
This will allow us users to join existing oddly named domains without
objection from provision.
Andrew Bartlett
Reviewed-by: Matthieu Patou
Autobuild-User(master): Andrew Bartlett
Autobuild-Date(master): Thu Apr 11 10:41:02 CEST 2013 on sn-devel-104
commit 7955bf473f63e31566e29299b03d44d9b450d1ae
Author: Andrew Bartlett
Date: Mon Apr 8 17:25:27 2013 +1000
build: Raise minimum python version to 2.5.0 for samba build
RHEL5 has a python26 package for a modern python, and was the main reason we
kept python 2.5 support.
However, this support never actually worked for AD DC installations,
as samba-tool uses a feature only in 2.5 and above. Very few folks
noticed and those were on RHEL5, and moving to 2.5 allows us to remove
some other workarounds.
Andrew Bartlett
Reviewed-by: Matthieu Patou
Reviewed-by: Andrew Bartlett
---
Summary of changes:
buildtools/wafsamba/samba_python.py |4 ++--
m4/check_python.m4 |6 +++---
python/samba/provision/__init__.py |9 +
wscript |2 +-
4 files changed, 11 insertions(+), 10 deletions(-)
Changeset truncated at 500 lines:
diff --git a/buildtools/wafsamba/samba_python.py
b/buildtools/wafsamba/samba_python.py
index 847b431..aee9547 100644
--- a/buildtools/wafsamba/samba_python.py
+++ b/buildtools/wafsamba/samba_python.py
@@ -7,13 +7,13 @@ from samba_autoconf import *
from Configure import conf
@conf
-def SAMBA_CHECK_PYTHON(conf, mandatory=True):
+def SAMBA_CHECK_PYTHON(conf, mandatory=True, version=(2,4,2)):
# enable tool to build python extensions
conf.find_program('python', var='PYTHON', mandatory=mandatory)
conf.check_tool('python')
path_python = conf.find_program('python')
conf.env.PYTHON_SPECIFIED = (conf.env.PYTHON != path_python)
-conf.check_python_version((2,4,2))
+conf.check_python_version(version)
@conf
def SAMBA_CHECK_PYTHON_HEADERS(conf, mandatory=True):
diff --git a/m4/check_python.m4 b/m4/check_python.m4
index 9d0524a..66dadbd 100644
--- a/m4/check_python.m4
+++ b/m4/check_python.m4
@@ -43,7 +43,7 @@ dnl $PYTHON_LDFLAGS
AC_DEFUN([AC_SAMBA_PYTHON_DEVEL],
[
if test -z "$PYTHON_VER"; then
- AC_PATH_PROGS([PYTHON], [python2.6 python2.5 python2.4 python])
+ AC_PATH_PROGS([PYTHON], [python2.6 python2.5 python])
else
AC_PATH_PROG([PYTHON],[python[$PYTHON_VER]])
fi
@@ -91,9 +91,9 @@ AC_DEFUN([AC_SAMBA_PYTHON_DEVEL],
sysconfig.get_config_var('LIBPL'))"`
TRY_LINK_PYTHON($DISTUTILS_LDFLAGS, $DISTUTILS_CFLAGS)
- if `$PYTHON -c "import sys;
sys.exit(sys.version_info.__getslice__(0, 2) >= (2, 4))"`
+ if `$PYTHON -c "import sys;
sys.exit(sys.version_info.__getslice__(0, 2) >= (2, 5))"`
then
- AC_MSG_WARN([Python ($PYTHON) is too old. At least
version 2.4 is required])
+ AC_MSG_WARN([Python ($PYTHON) is too old. At least
version 2.5 is required])
working_python=no
fi
fi
diff --git a/python/samba/provision/__init__.py
b/python/samba/provision/__init__.py
index 252cfd9..a84b92f 100644
--- a/python/samba/provision/__init__.py
+++ b/python/samba/provision/__init__.py
@@ -561,7 +561,8 @@ def determine_netbios_name(hostname):
def guess_names(lp=None, hostname=None, domain=None, dnsdomain=None,
serverrole=None, rootdn=None, domaindn=None, configdn=None,
-schemadn=None, serverdn=None, sitename=None):
+schemadn=None, serverdn=None, sitename=None,
+domain_names_forced=False):
"""Guess configuration settings to use."""
if hostname is None:
@@ -624,8 +625,8 @@ def guess_names(lp=None, hostname=None, domain=None,
dnsdomain=None,
if hostname.upper() == realm:
raise ProvisioningError("guess_names: Realm '%s' must not be equal to
hostname '%s'!" % (realm
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated
via 3434140 samba-tool - MX records cannot be deleted (error in called
C-program)
from 41333f9 ntdb: remove --disable-ntdb.
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -
commit 3434140c0959d9608f9a4636df2060d00ac9b518
Author: Guenter Kukkukk
Date: Sun Apr 14 06:17:28 2013 +0200
samba-tool - MX records cannot be deleted (error in called C-program)
Only matching UNION-members should be compared. MX vs. SRV record
Signed-off-by: Guenter Kukkukk
Reviewed-by: Andrew Bartlett
Autobuild-User(master): Andrew Bartlett
Autobuild-Date(master): Sun Apr 14 08:46:07 CEST 2013 on sn-devel-104
---
Summary of changes:
source4/rpc_server/dnsserver/dnsdata.c |2 +-
1 files changed, 1 insertions(+), 1 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source4/rpc_server/dnsserver/dnsdata.c
b/source4/rpc_server/dnsserver/dnsdata.c
index 3dc7dcc..09dba53 100644
--- a/source4/rpc_server/dnsserver/dnsdata.c
+++ b/source4/rpc_server/dnsserver/dnsdata.c
@@ -971,7 +971,7 @@ bool dns_record_match(struct dnsp_DnssrvRpcRecord *rec1,
struct dnsp_DnssrvRpcRe
case DNS_TYPE_MX:
return rec1->data.mx.wPriority == rec2->data.srv.wPriority &&
- dns_name_equal(rec1->data.mx.nameTarget,
rec2->data.srv.nameTarget);
+ dns_name_equal(rec1->data.mx.nameTarget,
rec2->data.mx.nameTarget);
case DNS_TYPE_TXT:
if (rec1->data.txt.count != rec2->data.txt.count) {
--
Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via f67ae78 samba-tool - MX records cannot be deleted (part2) from 3434140 samba-tool - MX records cannot be deleted (error in called C-program) http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit f67ae788cf8a678af0e309c8527f2b25c98b557b Author: Guenter Kukkukk Date: Sun Apr 14 19:39:02 2013 +0200 samba-tool - MX records cannot be deleted (part2) I missed this one, also a wrong compare of MX vs. SRV record Signed-off-by: Guenter Kukkukk Reviewed-by: Andrew Bartlett Autobuild-User(master): Andrew Bartlett Autobuild-Date(master): Sun Apr 14 22:43:07 CEST 2013 on sn-devel-104 --- Summary of changes: source4/rpc_server/dnsserver/dnsdata.c |2 +- 1 files changed, 1 insertions(+), 1 deletions(-) Changeset truncated at 500 lines: diff --git a/source4/rpc_server/dnsserver/dnsdata.c b/source4/rpc_server/dnsserver/dnsdata.c index 09dba53..f0584a9 100644 --- a/source4/rpc_server/dnsserver/dnsdata.c +++ b/source4/rpc_server/dnsserver/dnsdata.c @@ -970,7 +970,7 @@ bool dns_record_match(struct dnsp_DnssrvRpcRecord *rec1, struct dnsp_DnssrvRpcRe return dns_name_equal(rec1->data.ptr, rec2->data.ptr); case DNS_TYPE_MX: - return rec1->data.mx.wPriority == rec2->data.srv.wPriority && + return rec1->data.mx.wPriority == rec2->data.mx.wPriority && dns_name_equal(rec1->data.mx.nameTarget, rec2->data.mx.nameTarget); case DNS_TYPE_TXT: -- Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated
via bbf6221 selftest: do not run doc tests if we don't build manpages
via fffbdf0 selftest: Output error when samba_tool user command fails
via 1160b69 configure: print a message when docbook.xsl is missing
localy
from 99c95fc libsmb: call directly tevent_req_simple_finish_ntstatus
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -
commit bbf62213efb0b77388aff1f5feb852414e1128a2
Author: Matthieu Patou
Date: Sun May 5 15:37:58 2013 -0700
selftest: do not run doc tests if we don't build manpages
if XSLTPROC_MANPAGES is not set then manpages won't be built so there is
no sense trying to test it.
Signed-off-by: Matthieu Patou
Reviewed-by: Andrew Bartlett
Autobuild-User(master): Andrew Bartlett
Autobuild-Date(master): Mon May 6 12:53:37 CEST 2013 on sn-devel-104
commit fffbdf01fa6a74e6da70815607a1c22b9b6ebcdb
Author: Matthieu Patou
Date: Sun May 5 15:37:00 2013 -0700
selftest: Output error when samba_tool user command fails
It should help to debug why is it failing on some hosts in the build
farm (ie. sn-devel)
Signed-off-by: Matthieu Patou
Reviewed-by: Andrew Bartlett
commit 1160b699cb73cc466163504ebb7299912f10cd9b
Author: Matthieu Patou
Date: Sun May 5 15:05:37 2013 -0700
configure: print a message when docbook.xsl is missing localy
Signed-off-by: Matthieu Patou
Reviewed-by: Andrew Bartlett
---
Summary of changes:
buildtools/wafsamba/samba_conftests.py |3 +++
python/samba/tests/samba_tool/user.py |6 --
selftest/tests.py | 16 +++-
3 files changed, 22 insertions(+), 3 deletions(-)
Changeset truncated at 500 lines:
diff --git a/buildtools/wafsamba/samba_conftests.py
b/buildtools/wafsamba/samba_conftests.py
index 0274f66..ec98ba0 100644
--- a/buildtools/wafsamba/samba_conftests.py
+++ b/buildtools/wafsamba/samba_conftests.py
@@ -503,3 +503,6 @@ def CHECK_XSLTPROC_MANPAGES(conf):
msg='Checking for stylesheet %s' % s,
define='XSLTPROC_MANPAGES', on_target=False,
boolean=True)
+if not conf.CONFIG_SET('XSLTPROC_MANPAGES'):
+print "A local copy of the docbook.xsl wasn't found on your system" \
+ " consider installing package like docbook-xsl"
diff --git a/python/samba/tests/samba_tool/user.py
b/python/samba/tests/samba_tool/user.py
index 33344cd..89fa22b 100644
--- a/python/samba/tests/samba_tool/user.py
+++ b/python/samba/tests/samba_tool/user.py
@@ -232,7 +232,8 @@ class UserCmdTestCase(SambaToolCmdTest):
"-H", "ldap://%s"; %
os.environ["DC_SERVER"],
"-U%s%%%s" %
(os.environ["DC_USERNAME"], os.environ["DC_PASSWORD"]))
-self.assertCmdSuccess(result)
+msg = "command should return %s" % err
+self.assertCmdSuccess(result, msg)
self.assertEquals(err,"","Shouldn't be any error messages")
self.assertIn("User '%s' created successfully" % user["name"], out)
@@ -261,7 +262,8 @@ class UserCmdTestCase(SambaToolCmdTest):
"-H", "ldap://%s"; %
os.environ["DC_SERVER"],
"-U%s%%%s" %
(os.environ["DC_USERNAME"], os.environ["DC_PASSWORD"]))
-self.assertCmdSuccess(result)
+msg = "command should return %s" % err
+self.assertCmdSuccess(result, msg)
self.assertEquals(err,"","Shouldn't be any error messages")
self.assertIn("User '%s' created successfully" % user["name"], out)
diff --git a/selftest/tests.py b/selftest/tests.py
index 9a59e9d..aebfc57 100644
--- a/selftest/tests.py
+++ b/selftest/tests.py
@@ -20,8 +20,22 @@
from selftesthelpers import *
+try:
+config_h = os.environ["CONFIG_H"]
+except KeyError:
+config_h = os.path.join(samba4bindir, "default/include/config.h")
+
+# define here var to check what we support
+f = open(config_h, 'r')
+try:
+have_man_pages_support = ("XSLTPROC_MANPAGES 1" in f.read())
+finally:
+f.close()
+
planpythontestsuite("none", "samba.tests.source")
-planpythontestsuite("none", "samba.tests.docs")
+if have_man_pages_support:
+planpythontestsuite("none", "samba.tests.docs")
+
planpythontestsuite("none", "selftest.tests.test_suite", extra_path=[srcdir()])
planpythontestsuite("none", "subunit")
planpythontestsuite("none", "samba.tests.blackbox.ndrdump")
--
Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated
via 8ca4b75 Fix up the man pages to explain that "store dos attributes"
overrides them.
via d25ba3f Allow "store dos attributes" to override the other "map
XXX" parameters.
from 9f36d0c build: default --with-regedit to "auto" instead of "yes"
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -
commit 8ca4b7597d91355c4885b8ab89b0996c98f5c805
Author: Jeremy Allison
Date: Mon May 6 14:10:58 2013 -0700
Fix up the man pages to explain that "store dos attributes" overrides them.
Signed-off-by: Jeremy Allison
Reviewed-by: Andrew Bartlett
Autobuild-User(master): Andrew Bartlett
Autobuild-Date(master): Tue May 7 01:24:54 CEST 2013 on sn-devel-104
commit d25ba3f5a6266c2787ab2cc6b17e0d3cde2e33a9
Author: Jeremy Allison
Date: Mon May 6 14:10:15 2013 -0700
Allow "store dos attributes" to override the other "map XXX" parameters.
Makes us consistent with what is described in the man pages.
Signed-off-by: Jeremy Allison
Reviewed-by: Andrew Bartlett
---
Summary of changes:
docs-xml/smbdotconf/filename/maparchive.xml|6 ++
docs-xml/smbdotconf/filename/maphidden.xml |6 ++
docs-xml/smbdotconf/filename/mapreadonly.xml |6 ++
docs-xml/smbdotconf/filename/mapsystem.xml |6 ++
.../smbdotconf/filename/storedosattributes.xml |4 ++--
source3/smbd/dosmode.c | 13 -
6 files changed, 34 insertions(+), 7 deletions(-)
Changeset truncated at 500 lines:
diff --git a/docs-xml/smbdotconf/filename/maparchive.xml
b/docs-xml/smbdotconf/filename/maparchive.xml
index ead72cf..33ff876 100644
--- a/docs-xml/smbdotconf/filename/maparchive.xml
+++ b/docs-xml/smbdotconf/filename/maparchive.xml
@@ -13,6 +13,12 @@
+ Note that this parameter will be ignored if the
+ parameter is set, as the DOS archive attribute will then be stored
inside a UNIX extended
+ attribute.
+
+
+
Note that this requires the
parameter to be set such that owner
execute bit is not masked out (i.e. it must include 100). See the
parameter
for details.
diff --git a/docs-xml/smbdotconf/filename/maphidden.xml
b/docs-xml/smbdotconf/filename/maphidden.xml
index 841c687..004f493 100644
--- a/docs-xml/smbdotconf/filename/maphidden.xml
+++ b/docs-xml/smbdotconf/filename/maphidden.xml
@@ -8,6 +8,12 @@
+ Note that this parameter will be ignored if the
+ parameter is set, as the DOS hidden attribute will then be stored
inside a UNIX extended
+ attribute.
+
+
+
Note that this requires the to be
set such that the world execute
bit is not masked out (i.e. it must include 001). See the parameter
for details.
diff --git a/docs-xml/smbdotconf/filename/mapreadonly.xml
b/docs-xml/smbdotconf/filename/mapreadonly.xml
index 24a2c84..f4ac7c8 100644
--- a/docs-xml/smbdotconf/filename/mapreadonly.xml
+++ b/docs-xml/smbdotconf/filename/mapreadonly.xml
@@ -42,6 +42,12 @@
+
+Note that this parameter will be ignored if the
+parameter is set, as the DOS 'read-only' attribute will then be stored
inside a UNIX extended
+attribute.
+
+
yes
diff --git a/docs-xml/smbdotconf/filename/mapsystem.xml
b/docs-xml/smbdotconf/filename/mapsystem.xml
index 021602d..5605d88 100644
--- a/docs-xml/smbdotconf/filename/mapsystem.xml
+++ b/docs-xml/smbdotconf/filename/mapsystem.xml
@@ -7,6 +7,12 @@
This controls whether DOS style system files should be mapped to the
UNIX group execute bit.
+
+Note that this parameter will be ignored if the
+parameter is set, as the DOS system attribute will then be stored
inside a UNIX extended
+attribute.
+
+
Note that this requires the to be
set such that the group
execute bit is not masked out (i.e. it must include 010). See the
parameter
diff --git a/docs-xml/smbdotconf/filename/storedosattributes.xml
b/docs-xml/smbdotconf/filename/storedosattributes.xml
index 621b4ac..acd78b0 100644
--- a/docs-xml/smbdotconf/filename/storedosattributes.xml
+++ b/docs-xml/smbdotconf/filename/storedosattributes.xml
@@ -8,9 +8,9 @@
READ-ONLY) from a filesystem extended attribute, before mapping DOS
attributes to UNIX permission bits (such
as occurs with and ). When set, DOS
attributes will be stored onto an extended attribute in the UNIX
filesystem, associated with the file or
- directory. For no other mapping to occur as a fall-back, the
p
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated
via 392b01f s4:torture fix a build break on AIX
via e0ca7c4 s3:modules/vfs_aixacl2 fix compile errors
via c1c9b99 Fix missing TALLOC_FREE of stackframes.
via fb1847f Tidy up old bool usage. False -> false, True -> true.
via 00cb635 vfs: Allow CREATOR GROUP to be used with vfs_zfsacl
via 6fa3f7d s4-smbtorture: Run tests for nfs4:modes simple and special.
via 381812e s3: Update vfs_gpfs man page with new nfs4:mode help text.
via dae5f19 s3: Update README.nfs4acls.txt
via a9f75bd s3: Use mode bits in some cases in mode simple.
via ec138b2 s3: Add changes that keep nfs4:mode special behavior.
via 877f833 s3: Mapping of cifs creator owner to nfs owner@ ace.
via 83774a8 s3: Mapping of special entries to creator owner in mode
simple.
via 4a3bf4d s3: Add params parameter to smbacl4_nfs42win function.
via 7978fe2 s3: Change smbacl4_get_vfs_params to use connection_struct
instead of fsp.
via be0e269 s3: Move up declaration of params struct and related
function.
via 9018aa8 s4-smbtorture: Set result message when failing the
inheritance test.
via 97eb8f7 vfs: Add inheritance emulation to vfs_nfs4acl_xattr.
via fe8a1fc selftest: Run raw.acls test against the nfs4acl_xattr module
via 7874a43 librpc: Add special owner/group/other constants to
nfs4acl.idl
via a0d1685 build: Add vfs_nfs4acl to the autoconf build
via 76969ab vfs: Add new VFS module vfs_nfs4acl_xattr to use nfs4acl.idl
via 5d517f4 vfs: Remove unused security_info argument in vfz_zfsacl.c
via 188d0f0 vfs: Fix compile of vfs_gpfs.c.
via a655687 vfs: Allocate SMB4ACL_T on an explict memory context
via 67bb7d9 vfs: Add vfs_handle_struct argument to smb_set_nt_acl_nfs4
and the callback
via d87b81f build: Move nfs4acl to the top level
from 41f1c39 pidl:NDR/Parser: correctly set
$ndr->[relative_highest_]offset for relative_short pointers
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -
commit 392b01f53c73e10c596a435040225766a188cda1
Author: Christian Ambach
Date: Mon May 6 19:00:29 2013 +0200
s4:torture fix a build break on AIX
Signed-off-by: Christian Ambach
Reviewed-by: Jeremy Allison
Autobuild-User(master): Andrew Bartlett
Autobuild-Date(master): Thu May 9 08:05:12 CEST 2013 on sn-devel-104
commit e0ca7c4cff49f39559531aafb892fdf95ddfc2ce
Author: Christian Ambach
Date: Mon May 6 16:56:09 2013 +
s3:modules/vfs_aixacl2 fix compile errors
fix various compile errors that were introduced with latest ACL changes
Signed-off-by: Christian Ambach
Pair-Programmed-With: Alexander Werth
Reviewed-by: Jeremy Allison
commit c1c9b99054f28f9c10f79a2bbc95be9864270705
Author: Jeremy Allison
Date: Tue May 7 14:04:24 2013 -0700
Fix missing TALLOC_FREE of stackframes.
Signed-off-by: Jeremy Allison
commit fb1847f41cf3d7ef45d8df9a61720305aea965d9
Author: Jeremy Allison
Date: Tue May 7 13:58:26 2013 -0700
Tidy up old bool usage. False -> false, True -> true.
Signed-off-by: Jeremy Allison
commit 00cb6354cfe007e4c0c25a508ce5008f9a69e5d2
Author: Andrew Bartlett
Date: Sun Apr 28 18:20:04 2013 +1000
vfs: Allow CREATOR GROUP to be used with vfs_zfsacl
The solaris acl() code requires that both ACE_GROUP|ACE_IDENTIFIER_GROUP be
set to indicate the @group permissions.
Otherwise, it would return Invalid Paramter to clients.
Andrew Bartlett
Reviewed-by: Jeremy Allison
commit 6fa3f7d0f4f5de8b6ef85fa729e0a572b831a738
Author: Alexander Werth
Date: Sun Apr 28 19:06:59 2013 +0200
s4-smbtorture: Run tests for nfs4:modes simple and special.
Reviewed-by: Andrew Bartlett
Reviewed-by: Jeremy Allison
commit 381812e9f62a7cf66cdd9e08460890b149e4773e
Author: Alexander Werth
Date: Fri May 3 05:46:25 2013 +0200
s3: Update vfs_gpfs man page with new nfs4:mode help text.
Reviewed-by: Andrew Bartlett
Reviewed-by: Jeremy Allison
commit dae5f1943e321f3ba9c8b25a0d49a7323eeae25d
Author: Alexander Werth
Date: Thu May 2 17:45:23 2013 +0200
s3: Update README.nfs4acls.txt
Reviewed-by: Andrew Bartlett
Reviewed-by: Jeremy Allison
commit a9f75bd3b7e86090eb95ae3d9c3dce787befcfc1
Author: Alexander Werth
Date: Thu May 2 16:53:35 2013 +0200
s3: Use mode bits in some cases in mode simple.
Non inheriting ACL entries will show mode bits.
With this an file owner change does affect the effective ACL because
the special owner acl will now refer to the new owner.
This could be fixed by updating the ACL on a file owner change.
Reviewed-by: Andrew Bartlett
Reviewed-by: Jeremy A
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated
via 3fda852 selftests-drs: make our generated class subclass of
classschema
via 33b5479 Export PROMOTED_DC related variable
via 2bdf2c5 dsdb: make the name of non related class more obvious
from fde1757 build: Add missing dep from vfs_nfs4acl_xattr to NDR_NFS4ACL
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -
commit 3fda85276b9a3b3df6c5f1341dd586606deacfb1
Author: Matthieu Patou
Date: Mon May 6 00:58:28 2013 -0700
selftests-drs: make our generated class subclass of classschema
Without this change objectclass=["top", "classSchema", "Foobar"] will
not be sorted correctly and will generated an error saying that class
Foobar is unreleated to classSchema (which is not true). It's mimicing what
other classes of the default schema are doing (ie. contact)
Signed-off-by: Matthieu Patou
Reviewed-by: Andrew Bartlett
Autobuild-User(master): Andrew Bartlett
Autobuild-Date(master): Tue May 14 07:07:19 CEST 2013 on sn-devel-104
commit 33b54799a61eb6873eaeea2e7853f1314d8e6eee
Author: Matthieu Patou
Date: Mon May 13 09:16:24 2013 -0700
Export PROMOTED_DC related variable
Signed-off-by: Matthieu Patou
Reviewed-by: Andrew Bartlett
commit 2bdf2c56cc1f7635441cf3b13d94941157b047f8
Author: Matthieu Patou
Date: Mon May 6 01:09:05 2013 -0700
dsdb: make the name of non related class more obvious
Signed-off-by: Matthieu Patou
Reviewed-by: Andrew Bartlett
---
Summary of changes:
selftest/selftest.pl |5 +
selftest/selftest.py |6 ++
source4/dsdb/samdb/ldb_modules/objectclass.c |5 +++--
source4/torture/drs/python/repl_schema.py|3 ++-
4 files changed, 16 insertions(+), 3 deletions(-)
Changeset truncated at 500 lines:
diff --git a/selftest/selftest.pl b/selftest/selftest.pl
index 639c8a2..cc947a1 100755
--- a/selftest/selftest.pl
+++ b/selftest/selftest.pl
@@ -692,6 +692,11 @@ my @exported_envvars = (
"VAMPIRE_DC_NETBIOSNAME",
"VAMPIRE_DC_NETBIOSALIAS",
+ "PROMOTED_DC_SERVER",
+ "PROMOTED_DC_SERVER_IP",
+ "PROMOTED_DC_NETBIOSNAME",
+ "PROMOTED_DC_NETBIOSALIAS",
+
# server stuff
"SERVER",
"SERVER_IP",
diff --git a/selftest/selftest.py b/selftest/selftest.py
index af2e552..2da1ef8 100755
--- a/selftest/selftest.py
+++ b/selftest/selftest.py
@@ -388,6 +388,12 @@ exported_envvars = [
"VAMPIRE_DC_NETBIOSNAME",
"VAMPIRE_DC_NETBIOSALIAS",
+# domain controller stuff for Vampired DC
+"PROMOTED_DC_SERVER",
+"PROMOTED_DC_SERVER_IP",
+"PROMOTED_DC_NETBIOSNAME",
+"PROMOTED_DC_NETBIOSALIAS",
+
# server stuff
"SERVER",
"SERVER_IP",
diff --git a/source4/dsdb/samdb/ldb_modules/objectclass.c
b/source4/dsdb/samdb/ldb_modules/objectclass.c
index de154ec..f6f7338 100644
--- a/source4/dsdb/samdb/ldb_modules/objectclass.c
+++ b/source4/dsdb/samdb/ldb_modules/objectclass.c
@@ -127,8 +127,9 @@ static int check_unrelated_objectclasses(struct ldb_module
*module,
}
ldb_asprintf_errstring(ldb,
- "objectclass: the objectclass '%s' seems
to be unrelated to the entry!",
- tmp_class->lDAPDisplayName);
+ "objectclass: the objectclass '%s' seems
to be unrelated to %s!",
+ tmp_class->lDAPDisplayName,
+ struct_objectclass->lDAPDisplayName);
return LDB_ERR_OBJECT_CLASS_VIOLATION;
}
diff --git a/source4/torture/drs/python/repl_schema.py
b/source4/torture/drs/python/repl_schema.py
index cbed640..aefeadb 100644
--- a/source4/torture/drs/python/repl_schema.py
+++ b/source4/torture/drs/python/repl_schema.py
@@ -174,7 +174,8 @@ class DrsReplSchemaTestCase(drs_base.DrsBaseTestCase):
# add a base classSchema class so we can use our new
# attribute in class definition in a sibling class
(c_ldn, c_dn) = self._schema_new_class(self.ldb_dc1, "cls-A",
- {"systemMayContain": a_ldn})
+ {"systemMayContain": a_ldn,
+"subClassOf": "classSchema"})
# add new classSchema object with value for a_ldb attribute
(c_ldn, c_dn) = self._schema_new_class(self.ldb_dc1, "cls-B",
{"objectClass": ["top",
"classSchema", c_ldn],
--
Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated
via 1a7bd5e nsswitch: fix some typos
via 9910b80 s3:lib/dbwrap add missing curly braces
via bdc3e9a s3:include remove non-blank line endings
from 2ed6b08 auth: Ensure auth_sam is not used on the AD DC
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -
commit 1a7bd5e12c519f8d14120f21198038dae1e5c914
Author: Christian Ambach
Date: Thu May 16 15:06:49 2013 +0200
nsswitch: fix some typos
Signed-off-by: Christian Ambach
Reviewed-by: Andrew Bartlett
Autobuild-User(master): Andrew Bartlett
Autobuild-Date(master): Fri May 17 01:09:33 CEST 2013 on sn-devel-104
commit 9910b8050ccb073fe47c26b60955d9f2d043
Author: Christian Ambach
Date: Tue May 14 21:02:15 2013 +0200
s3:lib/dbwrap add missing curly braces
violation of README.Coding
Signed-off-by: Christian Ambach
Reviewed-by: Andrew Bartlett
commit bdc3e9acaf1b03af0e523f60b3260c6fdc62523c
Author: Christian Ambach
Date: Tue Apr 23 11:20:42 2013 +0200
s3:include remove non-blank line endings
Signed-off-by: Christian Ambach
Reviewed-by: Andrew Bartlett
---
Summary of changes:
nsswitch/libwbclient/wbclient.h |4 ++--
source3/include/smbprofile.h |6 +++---
source3/lib/dbwrap/dbwrap_ctdb.c |6 --
3 files changed, 9 insertions(+), 7 deletions(-)
Changeset truncated at 500 lines:
diff --git a/nsswitch/libwbclient/wbclient.h b/nsswitch/libwbclient/wbclient.h
index a72d09e..dc3e822 100644
--- a/nsswitch/libwbclient/wbclient.h
+++ b/nsswitch/libwbclient/wbclient.h
@@ -850,7 +850,7 @@ wbcErr wbcAllocateGid(gid_t *pgid);
* @brief Set an user id mapping
*
* @param uid Uid of the desired mapping.
- * @param *sid Pointer to the sid of the diresired mapping.
+ * @param *sid Pointer to the sid of the desired mapping.
*
* @return #wbcErr
*
@@ -863,7 +863,7 @@ wbcErr wbcSetUidMapping(uid_t uid, const struct
wbcDomainSid *sid);
* @brief Set a group id mapping
*
* @param gid Gid of the desired mapping.
- * @param *sid Pointer to the sid of the diresired mapping.
+ * @param *sid Pointer to the sid of the desired mapping.
*
* @return #wbcErr
*
diff --git a/source3/include/smbprofile.h b/source3/include/smbprofile.h
index 69df2ca..79410e5 100644
--- a/source3/include/smbprofile.h
+++ b/source3/include/smbprofile.h
@@ -1,6 +1,6 @@
#ifndef _PROFILE_H_
#define _PROFILE_H_
-/*
+/*
Unix SMB/CIFS implementation.
store smbd profiling information in shared memory
Copyright (C) Andrew Tridgell 1999
@@ -10,12 +10,12 @@
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 3 of the License, or
(at your option) any later version.
-
+
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
-
+
You should have received a copy of the GNU General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
diff --git a/source3/lib/dbwrap/dbwrap_ctdb.c b/source3/lib/dbwrap/dbwrap_ctdb.c
index e55689c..f90e7b8 100644
--- a/source3/lib/dbwrap/dbwrap_ctdb.c
+++ b/source3/lib/dbwrap/dbwrap_ctdb.c
@@ -986,11 +986,13 @@ static bool db_ctdb_can_use_local_hdr(const struct
ctdb_ltdb_header *hdr,
static bool db_ctdb_can_use_local_copy(TDB_DATA ctdb_data, bool read_only)
{
- if (ctdb_data.dptr == NULL)
+ if (ctdb_data.dptr == NULL) {
return false;
+ }
- if (ctdb_data.dsize < sizeof(struct ctdb_ltdb_header))
+ if (ctdb_data.dsize < sizeof(struct ctdb_ltdb_header)) {
return false;
+ }
return db_ctdb_can_use_local_hdr(
(struct ctdb_ltdb_header *)ctdb_data.dptr, read_only);
--
Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated
via 3f3576d drsuapi: Debug more clearly why NC is bad in updateRefs
from 1a7bd5e nsswitch: fix some typos
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -
commit 3f3576d64275dbf4964458dab39252ae4da9ba06
Author: Matthieu Patou
Date: Fri Jan 11 20:05:39 2013 -0800
drsuapi: Debug more clearly why NC is bad in updateRefs
Reviewed-by: Andrew Bartlett
Autobuild-User(master): Andrew Bartlett
Autobuild-Date(master): Fri May 17 04:17:14 CEST 2013 on sn-devel-104
---
Summary of changes:
source4/rpc_server/drsuapi/updaterefs.c |2 ++
1 files changed, 2 insertions(+), 0 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source4/rpc_server/drsuapi/updaterefs.c
b/source4/rpc_server/drsuapi/updaterefs.c
index b7a0b44..14bd3f6 100644
--- a/source4/rpc_server/drsuapi/updaterefs.c
+++ b/source4/rpc_server/drsuapi/updaterefs.c
@@ -172,9 +172,11 @@ WERROR drsuapi_UpdateRefs(struct drsuapi_bind_state
*b_state, TALLOC_CTX *mem_ct
W_ERROR_HAVE_NO_MEMORY(dn);
ret = dsdb_find_nc_root(sam_ctx, dn, dn, &nc_root);
if (ret != LDB_SUCCESS) {
+ DEBUG(2, ("Didn't find a nc for %s\n",
ldb_dn_get_linearized(dn)));
return WERR_DS_DRA_BAD_NC;
}
if (ldb_dn_compare(dn, nc_root) != 0) {
+ DEBUG(2, ("dn %s is not equal to %s\n",
ldb_dn_get_linearized(dn), ldb_dn_get_linearized(nc_root)));
return WERR_DS_DRA_BAD_NC;
}
--
Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 96f9724 ldb_tdb: Warn when reindexing is done via 74fa70c smbtorture: Show the list of cracknames we expect to have and the result via 6c4cf59 smbtorture: fix a warning due to a set but unused var via d42a31d smbtorture: fix crash when the returning a crackname with an empty name when a valid one was expected via d5b440f Fix warning by setting the variable from GUID to const GUID via 3734488 Fix more unused vars via 4cc3d06 Fix a warning about a set but unused variable by actually using it via 9724171 Fix warnings about set but unused variables via bfce969 Fix a warning about a shadowed variable by renaming the shadowing var via e1b71f1 buildtools: Fix compilation warnings via 61989ae operational: remove double loops via cd7f3fd dsdb-schema: remove looping on all schema classes for system_possible_inferrior from 61a2ad3 swat: Remove swat. http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 96f972460ca458e86edbd97c682bfa462e01a242 Author: Matthieu Patou Date: Tue Jan 1 20:57:25 2013 -0800 ldb_tdb: Warn when reindexing is done Signed-off-by: Matthieu Patou Reviewed-by: Andrew Bartlett Autobuild-User(master): Andrew Bartlett Autobuild-Date(master): Mon May 20 15:47:33 CEST 2013 on sn-devel-104 commit 74fa70cdece0aabf86f8d70e4b48268d48879b9e Author: Matthieu Patou Date: Fri May 17 17:14:29 2013 +0200 smbtorture: Show the list of cracknames we expect to have and the result Reviewed-by: Andrew Bartlett commit 6c4cf59fba463943fa4dfb9afe0a217d8a2b0b23 Author: Matthieu Patou Date: Fri May 17 07:21:57 2013 -0700 smbtorture: fix a warning due to a set but unused var Signed-off-by: Matthieu Patou Reviewed-by: Andrew Bartlett commit d42a31d68f3154651f31618f74e2df77084f12f3 Author: Matthieu Patou Date: Fri May 17 07:19:22 2013 -0700 smbtorture: fix crash when the returning a crackname with an empty name when a valid one was expected Signed-off-by: Matthieu Patou Reviewed-by: Andrew Bartlett commit d5b440fa897ace7bef4d02a7ad1af556819139a6 Author: Matthieu Patou Date: Fri May 17 05:26:46 2013 -0700 Fix warning by setting the variable from GUID to const GUID Signed-off-by: Matthieu Patou Reviewed-by: Andrew Bartlett commit 373448804ba02378ab0957b0f80a6dd28910a261 Author: Matthieu Patou Date: Fri May 17 05:24:08 2013 -0700 Fix more unused vars Reviewed-by: Andrew Bartlett commit 4cc3d065bca7ffe2b8bae58c8e2c4387add3ad52 Author: Matthieu Patou Date: Fri May 17 05:22:33 2013 -0700 Fix a warning about a set but unused variable by actually using it Signed-off-by: Matthieu Patou Reviewed-by: Andrew Bartlett commit 972417131d8c23855d728f35fc7680c2dedb21b7 Author: Matthieu Patou Date: Fri May 17 05:22:15 2013 -0700 Fix warnings about set but unused variables Signed-off-by: Matthieu Patou Reviewed-by: Andrew Bartlett commit bfce9690bf6e6592d32dd41642a33cbe3c027b81 Author: Matthieu Patou Date: Fri May 17 05:17:41 2013 -0700 Fix a warning about a shadowed variable by renaming the shadowing var Signed-off-by: Matthieu Patou Reviewed-by: Andrew Bartlett commit e1b71f1c133fd43935135a44cdbbb7e912ff4279 Author: Matthieu Patou Date: Fri May 17 04:50:20 2013 -0700 buildtools: Fix compilation warnings STATIC_%s_MODULES_PROTO is defined on the compilation command line by -DSTATIC__MODULES_PROTO which the compiler seems to turn into define STATIC__MODULES_PROTO 1 thus yielding a warning due to unused var Signed-off-by: Matthieu Patou Reviewed-by: Andrew Bartlett commit 61989aee31c6dbf5646579c4d774c5b1d7a7f74c Author: Matthieu Patou Date: Tue Jan 22 00:09:11 2013 -0800 operational: remove double loops Reviewed-by: Andrew Bartlett commit cd7f3fd07215a7b8372b6b623faed02ae1310cb1 Author: Matthieu Patou Date: Mon Jan 21 22:27:10 2013 -0800 dsdb-schema: remove looping on all schema classes for system_possible_inferrior The logic to populate possible inferriors and system possible inferriors is the same so instead of looping twice we do both attributes (depending on the type of the class) in the same loop Reviewed-by: Andrew Bartlett --- Summary of changes: buildtools/wafsamba/samba_deps.py|2 +- lib/ldb/ldb_tdb/ldb_tdb.c| 12 +++- lib/ldb/ldb_tdb/ldb_tdb.h|1 + source4/dsdb/kcc/kcc_drs_replica_info.c |8 -- source4/dsdb/kcc/kcc_periodic.c |3 +- source4/dsdb/samdb/ldb_modules
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via e24fe57 libnet-vampire: make use of dsdb_repl_resolve_working_schema() via 24fb281 dsdb-repl: merge the logic from libnet_vampire_cb_apply_schema() via 9af430e dsdb-repl: split out dsdb_repl_resolve_working_schema via d36e911 selftest: Improve test coverage of DRS (bug #8680) via 640c2ff dsdb-drs: when replicating schema object checks ask for removal of previous version if exists (bug #8680) via c7d4b87 libnet-vampire: add attributes and classes from the replicated schema to the bootstrap schema (bug #8680) via fe85bc1 dsdb-schema: make deduplication of class and schema possible (bug #8680) via c524be1 dsdb-schema: schema_fill_possible_inferiors() should rebuild everthing from bea2af9 Revert my accidental commit. http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit e24fe5705e3c4d33705ebb584ea2009bb4a1a82c Author: Stefan Metzmacher Date: Fri May 17 23:18:55 2013 +0200 libnet-vampire: make use of dsdb_repl_resolve_working_schema() Pair-Programmed-With: Matthieu Patou Signed-off-by: Stefan Metzmacher Reviewed-by: Andrew Bartlett Autobuild-User(master): Andrew Bartlett Autobuild-Date(master): Thu May 23 14:18:03 CEST 2013 on sn-devel-104 commit 24fb281ea7983a42ba94b664530170e2401523f7 Author: Stefan Metzmacher Date: Fri May 17 23:18:41 2013 +0200 dsdb-repl: merge the logic from libnet_vampire_cb_apply_schema() This way libnet_vampire_cb_apply_schema() is able to use dsdb_repl_resolve_working_schema(). Pair-Programmed-With: Matthieu Patou Signed-off-by: Stefan Metzmacher Reviewed-by: Andrew Bartlett commit 9af430ec0be46d0a616faee3552600219bc57097 Author: Stefan Metzmacher Date: Fri May 17 23:02:03 2013 +0200 dsdb-repl: split out dsdb_repl_resolve_working_schema This can be reused later in other places. Pair-Programmed-With: Matthieu Patou Signed-off-by: Stefan Metzmacher Reviewed-by: Andrew Bartlett commit d36e9118cbf9deb01c6ee9af6790ce35bb3b936a Author: Matthieu Patou Date: Thu Apr 18 22:03:23 2013 -0700 selftest: Improve test coverage of DRS (bug #8680) Pair-Programmed-With: Andrew Bartlett Signed-off-by: Matthieu Patou Reviewed-by: Stefan Metzmacher Reviewed-by: Andrew Bartlett commit 640c2ff57518a5711e795e6cc9f48ae29d379a01 Author: Matthieu Patou Date: Sun Jan 27 15:43:07 2013 -0800 dsdb-drs: when replicating schema object checks ask for removal of previous version if exists (bug #8680) Signed-off-by: Matthieu Patou Reviewed-by: Stefan Metzmacher Reviewed-by: Andrew Bartlett commit c7d4b87512eabbff5172716a755a3cd61fe5476b Author: Matthieu Patou Date: Sun Oct 7 21:46:38 2012 -0700 libnet-vampire: add attributes and classes from the replicated schema to the bootstrap schema (bug #8680) Replicated schema might have attributes and auxilary classes on some critical classes (ie. top, user, computer ) that are not in the bootstrap schema. Without those new attributes and classes, bootstrap schema is unable to translate those critical classes in the schema constructed from the replicated data. Without thoses classes new schema is useless and can't be indexed properly. In order to overcome this problem, we put all new attributes and classes definitions into the bootstrap schema so that foundations classes can be translated. Pair-Programmed-With: Stefan Metzmacher Signed-off-by: Matthieu Patou Signed-off-by: Stefan Metzmacher Reviewed-by: Andrew Bartlett commit fe85bc1fb9ab2f891a9fd46bd8e00325622d39cf Author: Matthieu Patou Date: Sat Jan 26 23:42:10 2013 -0800 dsdb-schema: make deduplication of class and schema possible (bug #8680) When a class or an attribute is replicated it might already exists in the existing schema, so while replicating the new version of this object we want to get rid of the old version of the object is the current validating schema so that we don't end up having duplicates. Pair-Programmed-With: Stefan Metzmacher Signed-off-by: Matthieu Patou Signed-off-by: Stefan Metzmacher Reviewed-by: Andrew Bartlett commit c524be17815e92ce9fcdd0565e76b026e483cc9d Author: Stefan Metzmacher Date: Thu May 23 08:46:31 2013 +0200 dsdb-schema: schema_fill_possible_inferiors() should rebuild everthing commit cd7f3fd07215a7b8372b6b623faed02ae1310cb1 reverted the change of commit c2853f55fc603d4875bb1e50a1cbf409df0421ea. Signed-off-by: Stefan Metzmacher Reviewed-by: Andrew Bartlett --- Summary of changes: sel
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated
via 940a6a6 lib/replace: Remove unused install-sh
via 7926330 build: Remove unused expand-includes.pl
via a153eb0 build: Remove old create-tarball release script
via 8903103 build: Do not always regenerate the version.h file
via cbb833d smbd: Fix build on platforms that will not support var = {}
initialisation
via d41ec68 examples: Remove browser and DC settings from example
smb.conf
via 02ee9e4 examples: Remove password server from example smb.conf
via 8a06c3d examples: Remove default printing form example smb.conf
via 2a110aa examples: Move example smb.conf over to "server role"
via 2a4eaa3 build: Rework BSD_STYLE_STATVFS check to match autoconf
build
via c6673b9 build: Remove binaries and libraries build groups
via dfe73e7 build: Build all of samba in autoconf make test
from 8bf3112 s4:idmap: break account_type check lines for readability in
idmap_sid_to_xid()
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -
commit 940a6a62058a6bbd5f32ac1e1eba11b37d411401
Author: Andrew Bartlett
Date: Thu May 23 13:17:19 2013 +1000
lib/replace: Remove unused install-sh
Reviewed-by: Jelmer Vernooij
Autobuild-User(master): Andrew Bartlett
Autobuild-Date(master): Mon May 27 05:51:04 CEST 2013 on sn-devel-104
commit 792633006002ef62bf35a0279cad7fbd60520077
Author: Andrew Bartlett
Date: Thu May 23 09:51:03 2013 +1000
build: Remove unused expand-includes.pl
We no longer have makefiles with includes.
Andrew Bartlett
Reviewed-by: Jelmer Vernooij
commit a153eb0d2198a774f7c046f9e96c73d55405877e
Author: Andrew Bartlett
Date: Thu May 23 09:38:47 2013 +1000
build: Remove old create-tarball release script
Releases are now done via "waf dist" and script/librelease.sh.
Andrew Bartlett
Reviewed-by: Jelmer Vernooij
commit 8903103bd691c3927a644ed9162d6412df9ffeea
Author: Andrew Bartlett
Date: Thu May 23 09:33:19 2013 +1000
build: Do not always regenerate the version.h file
Reviewed-by: Jelmer Vernooij
commit cbb833d78e48953b3a04c0463f68c5370f2d4187
Author: Andrew Bartlett
Date: Wed May 22 07:37:33 2013 +1000
smbd: Fix build on platforms that will not support var = {} initialisation
Reviewed-by: Jelmer Vernooij
commit d41ec68601cfca67874f78d2f64784904d1530da
Author: Andrew Bartlett
Date: Wed May 22 00:13:52 2013 +1000
examples: Remove browser and DC settings from example smb.conf
These examples just encourage folks to set browing values that are not
needed.
The domain logons setting is already covered by the server role at the
top of the file and logon script is not special enough to be in the
default smb.conf.
Andrew Bartlett
Reviewed-by: Jelmer Vernooij
commit 02ee9e4d8a2befe3fa27bc8be211c80a99767f34
Author: Andrew Bartlett
Date: Wed May 22 00:12:23 2013 +1000
examples: Remove password server from example smb.conf
This should discourage folks from setting it when they do not really need
it.
Andrew Bartlett
Reviewed-by: Jelmer Vernooij
commit 8a06c3dd79af0165c8701a465c3f8483ada89a83
Author: Andrew Bartlett
Date: Wed May 22 00:11:32 2013 +1000
examples: Remove default printing form example smb.conf
These settings are all defaults, and just work for most systems. Users on
other platforms
can read man smb.conf, rather than cluttering up this file.
Andrew Bartlett
Reviewed-by: Jelmer Vernooij
commit 2a110aaecad5439534eacfc91b607a3c3653e81d
Author: Andrew Bartlett
Date: Wed May 22 00:10:39 2013 +1000
examples: Move example smb.conf over to "server role"
Reviewed-by: Jelmer Vernooij
commit 2a4eaa3241fc4ccb79359ea4e4d511754a84d46b
Author: Andrew Bartlett
Date: Wed May 22 00:14:29 2013 +1000
build: Rework BSD_STYLE_STATVFS check to match autoconf build
Reviewed-by: Jelmer Vernooij
commit c6673b96a59e38031da6654580250bbc58766cfd
Author: Andrew Bartlett
Date: Sun May 26 23:11:03 2013 +1000
build: Remove binaries and libraries build groups
Build groups are used in Samba to ensure that even if the dependency
chain for a target is not perfect, that it builds reliably. This
matters most in the early build stages, where we are building the asn1
compiler and autogenerating files.
Once we get to the main stage, dependencies between C files, libraries
and binaries are much clearer, because the C compiler and linker takes
these as inputs anyway.
Groups were added to our waf build for stability during early
development, as dependency information was first imported from the
previous autoconf/perl based build system.
[SCM] Samba Website Repository - branch master updated
The branch, master has been updated via 35e443c docs: Remove dead links from 5e16f0b Bump latest stable release up to 4.0.6. http://gitweb.samba.org/?p=samba-web.git;a=shortlog;h=master - Log - commit 35e443cfccf4d64bd64046e7f9e3d87c28f38b4a Author: Andrew Bartlett Date: Mon May 27 18:21:55 2013 +1000 docs: Remove dead links --- Summary of changes: docs/index.html |7 --- 1 files changed, 0 insertions(+), 7 deletions(-) Changeset truncated at 500 lines: diff --git a/docs/index.html b/docs/index.html index 9669efe..f3cd1ff 100755 --- a/docs/index.html +++ b/docs/index.html @@ -27,16 +27,9 @@ earlier version of Samba then you may find some differences. members http://www.atmarkit.co.jp/flinux/special/samba3/samba3a.html";>Introduction to Samba 3.0 by Motonobu Takahashi (written in Japanese). - http://www.linux-mag.com/2001-05/smb_01.html";>Understanding - the Network Neighborhood, by team member Chris Hertel. This - article appeared in the May 2001 issue of http://www.linux-mag.com/";>Linux Magazine. http://www.ubiqx.org/cifs/";>Implementing CIFS; an on-line book describing the workings and implementation of the CIFS protocol suite. - ftp://ftp.stratus.com/pub/vos/customers/samba/";>Samba 2.0.x - Troubleshooting guide from - mailto:paul_gr...@alum.mit.edu";>Paul Green How to use SWAT with SSL security (updated for OpenSSL) Ten Years of Samba Samba Licensing (GNU GPL) -- Samba Website Repository
[SCM] Samba Website Repository - branch master updated
The branch, master has been updated via b06d18f docs: The russian translation site times out from 35e443c docs: Remove dead links http://gitweb.samba.org/?p=samba-web.git;a=shortlog;h=master - Log - commit b06d18fc18bed2cc9996c01654a58a2fc9ead355 Author: Andrew Bartlett Date: Mon May 27 18:26:41 2013 +1000 docs: The russian translation site times out --- Summary of changes: docs/index.html |1 - 1 files changed, 0 insertions(+), 1 deletions(-) Changeset truncated at 500 lines: diff --git a/docs/index.html b/docs/index.html index f3cd1ff..3dd9889 100755 --- a/docs/index.html +++ b/docs/index.html @@ -53,7 +53,6 @@ earlier version of Samba then you may find some differences. http://www.samba.gr.jp/project/translation/Samba3-HOWTO/ ">Samba HOWTO Collection in Japanese http://smb-conf.ru/";>Samba 3 smb.conf man page in Russian - http://samba-doc.ru/samba3example/index.html";>Samba 3 by Example in Russian (translation in progress) Contributing -- Samba Website Repository
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated
via 99c1c2b build: Remove duplicate call to bld.SYMBOL_CHECK()
via e78e156 build: Remove mkinstalldirs
from 940a6a6 lib/replace: Remove unused install-sh
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -
commit 99c1c2b8d399c662596d9942aa6af9fb0db00086
Author: Andrew Bartlett
Date: Thu May 23 07:34:15 2013 +1000
build: Remove duplicate call to bld.SYMBOL_CHECK()
This was missed when we merged the two waf systems.
Andrew Bartlett
Reviewed-by: Jelmer Vernooij
Autobuild-User(master): Andrew Bartlett
Autobuild-Date(master): Mon May 27 10:30:06 CEST 2013 on sn-devel-104
commit e78e156d95ba19fec663b83f31aaca13d19cfd7b
Author: Andrew Bartlett
Date: Thu May 23 09:51:36 2013 +1000
build: Remove mkinstalldirs
This is not used in the waf build.
Andrew Bartlett
Reviewed-by: Jelmer Vernooij
---
Summary of changes:
source3/script/mkinstalldirs | 38 --
source3/wscript_build|1 -
2 files changed, 0 insertions(+), 39 deletions(-)
delete mode 100755 source3/script/mkinstalldirs
Changeset truncated at 500 lines:
diff --git a/source3/script/mkinstalldirs b/source3/script/mkinstalldirs
deleted file mode 100755
index f945dbf..000
--- a/source3/script/mkinstalldirs
+++ /dev/null
@@ -1,38 +0,0 @@
-#! /bin/sh
-# mkinstalldirs --- make directory hierarchy
-# Author: Noah Friedman
-# Created: 1993-05-16
-# Public domain
-
-errstatus=0
-
-for file
-do
- set fnord `echo ":$file" | sed -ne 's/^:\//#/;s/^://;s/\// /g;s/^#/\//;p'`
- shift
-
- pathcomp=
- for d
- do
- pathcomp="$pathcomp$d"
- case "$pathcomp" in
- -* ) pathcomp=./$pathcomp ;;
- esac
-
- if test ! -d "$pathcomp"; then
-echo "mkdir $pathcomp" 1>&2
-
-mkdir "$pathcomp" || lasterr=$?
-
-if test ! -d "$pathcomp"; then
- errstatus=$lasterr
-fi
- fi
-
- pathcomp="$pathcomp/"
- done
-done
-
-exit $errstatus
-
-# mkinstalldirs ends here
diff --git a/source3/wscript_build b/source3/wscript_build
index 0a85653..f1d41c6 100755
--- a/source3/wscript_build
+++ b/source3/wscript_build
@@ -1648,4 +1648,3 @@ bld.RECURSE('lib/netapi/examples')
bld.ENFORCE_GROUP_ORDERING()
bld.CHECK_PROJECT_RULES()
-bld.SYMBOL_CHECK()
--
Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 1754b52 build: Install smbtar in waf build via 4ae3cdc docs: Remove all references to testprns from 99c1c2b build: Remove duplicate call to bld.SYMBOL_CHECK() http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 1754b52204563a722920805b76e6c571d0268434 Author: Andrew Bartlett Date: Sun May 26 21:05:12 2013 +1000 build: Install smbtar in waf build Reviewed-by: Kai Blin Autobuild-User(master): Andrew Bartlett Autobuild-Date(master): Mon May 27 12:55:05 CEST 2013 on sn-devel-104 commit 4ae3cdcd7151237a858f668357d08ab6916bdb3b Author: Andrew Bartlett Date: Sun May 26 20:29:19 2013 +1000 docs: Remove all references to testprns Based on debian patch documentation2.patch by Christian Perrier . This tool no longer exists in Samba. Andrew Bartlett Reviewed-by: Kai Blin --- Summary of changes: docs-xml/manpages/nmbd.8.xml |1 - docs-xml/manpages/smb.conf.5.xml |1 - docs-xml/manpages/smbd.8.xml |1 - docs-xml/using_samba/appd.xml| 18 -- docs-xml/using_samba/ch01.xml|6 -- docs-xml/using_samba/ch07.xml|8 examples/tridge/smb.conf |8 source3/script/wscript_build |7 +++ source3/wscript_build|1 + 9 files changed, 8 insertions(+), 43 deletions(-) create mode 100644 source3/script/wscript_build Changeset truncated at 500 lines: diff --git a/docs-xml/manpages/nmbd.8.xml b/docs-xml/manpages/nmbd.8.xml index f666f58..0599ba3 100644 --- a/docs-xml/manpages/nmbd.8.xml +++ b/docs-xml/manpages/nmbd.8.xml @@ -266,7 +266,6 @@ 8, smb.conf 5, smbclient 1, testparm - 1, testprns 1, and the Internet RFC's rfc1001.txt, rfc1002.txt. In addition the CIFS (formerly SMB) specification is available diff --git a/docs-xml/manpages/smb.conf.5.xml b/docs-xml/manpages/smb.conf.5.xml index 44411b0..dd4f858 100644 --- a/docs-xml/manpages/smb.conf.5.xml +++ b/docs-xml/manpages/smb.conf.5.xml @@ -809,7 +809,6 @@ chmod 1770 /usr/local/samba/lib/usershares 8, smbclient 1, nmblookup 1, testparm - 1, testprns 1. diff --git a/docs-xml/manpages/smbd.8.xml b/docs-xml/manpages/smbd.8.xml index 98e76fb..0d246cd 100644 --- a/docs-xml/manpages/smbd.8.xml +++ b/docs-xml/manpages/smbd.8.xml @@ -421,7 +421,6 @@ 8, smb.conf 5, smbclient 1, testparm - 1, testprns 1, and the Internet RFC's rfc1001.txt, rfc1002.txt. In addition the CIFS (formerly SMB) specification is available diff --git a/docs-xml/using_samba/appd.xml b/docs-xml/using_samba/appd.xml index a3a23f8..018e590 100644 --- a/docs-xml/using_samba/appd.xml +++ b/docs-xml/using_samba/appd.xml @@ -1315,24 +1315,6 @@ received 6 names - -testprns - - -Thetestprns program -printersnameschecking testprns program checks a specified printer name against the system printer capabilities (printcap) file. Its command line is: - - -testprns printername [printcapname] - - -If the printcapname isn't specified, Samba attempts to use one located in the smb.conf file. If one isn't specified there, Samba will try /etc/printcap. If that fails, the program will generate an error. - - - - - - rpcclient diff --git a/docs-xml/using_samba/ch01.xml b/docs-xml/using_samba/ch01.xml index ca8bc13..01d7791 100644 --- a/docs-xml/using_samba/ch01.xml +++ b/docs-xml/using_samba/ch01.xml @@ -1375,12 +1375,6 @@ SIMPLE <1E> GROUP Registered -testprns -A program that tests whether various printers are recognized by the smbd daemon - - - - Each significant release of Samba goes through a significant exposure test before it's announced. In addition, it is quickly updated afterward if problems or unwanted side-effects are found. The latest stable distribution as of this writing is Samba 2.0.5, the long-awaited production version of Samba 2.0. This book focuses on the functionality supported in Samba 2.0, as opposed to the older 1.9.x versions of Samba, which are now obsolete. diff --git a/docs-xml/using_samba/ch07.xml b/docs-xml/using_samba/ch07.xml index 307cab7..988aab8 100644 --- a/docs-xml/using_samba/ch07.xml +++ b/docs-xml/using_samba/ch07.xml @@ -306,14 +306,6 @@ lppause command: public: true -Second, try the command testprns printername. This is a simple program that verifies that the specified printer is available in your printcap file. If your printcap file is not in the usual place, you can specify its full pathname as the second argument to the testprns command: - - -# testprns lp /etc/printcap -Looking for printer lp in printcap file /etc/pri
[SCM] Samba Website Repository - branch master updated
The branch, master has been updated via c989bdc Revert "docs: The russian translation site times out" from b06d18f docs: The russian translation site times out http://gitweb.samba.org/?p=samba-web.git;a=shortlog;h=master - Log - commit c989bdc25a39077391ec4a6f385619258f9b449a Author: Andrew Bartlett Date: Mon May 27 22:29:54 2013 +1000 Revert "docs: The russian translation site times out" This reverts commit b06d18fc18bed2cc9996c01654a58a2fc9ead355. The timeout was transient. Andrew Bartlett --- Summary of changes: docs/index.html |1 + 1 files changed, 1 insertions(+), 0 deletions(-) Changeset truncated at 500 lines: diff --git a/docs/index.html b/docs/index.html index 3dd9889..f3cd1ff 100755 --- a/docs/index.html +++ b/docs/index.html @@ -53,6 +53,7 @@ earlier version of Samba then you may find some differences. http://www.samba.gr.jp/project/translation/Samba3-HOWTO/ ">Samba HOWTO Collection in Japanese http://smb-conf.ru/";>Samba 3 smb.conf man page in Russian + http://samba-doc.ru/samba3example/index.html";>Samba 3 by Example in Russian (translation in progress) Contributing -- Samba Website Repository
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated
via 4e76a77 waf: build position independent executables
via d47c124 waf: add --with[out]-pie configure arguments
from 1754b52 build: Install smbtar in waf build
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -
commit 4e76a77f622f1fa30a8ae1e011d87fc9754e1b85
Author: David Disseldorp
Date: Mon May 27 17:57:01 2013 +0200
waf: build position independent executables
This patch re-instates support for building Position Independent
Executables using the '-fPIE' and '-pie' compiler and linker flags
respectively.
PIE builds are enabled by default, and can be explicitly disabled using
the '--without-pie' configure argument.
Reviewed-by: Andrew Bartlett
Autobuild-User(master): Andrew Bartlett
Autobuild-Date(master): Tue May 28 02:56:36 CEST 2013 on sn-devel-104
commit d47c1245788505cfaca9a25c855a2503c83e4315
Author: David Disseldorp
Date: Mon May 27 17:57:00 2013 +0200
waf: add --with[out]-pie configure arguments
The arguments do not currently have any effect.
Reviewed-by: Andrew Bartlett
---
Summary of changes:
buildtools/wafsamba/wafsamba.py | 11 +--
wscript | 11 +++
2 files changed, 20 insertions(+), 2 deletions(-)
Changeset truncated at 500 lines:
diff --git a/buildtools/wafsamba/wafsamba.py b/buildtools/wafsamba/wafsamba.py
index 2ef68b1..0d407e6 100644
--- a/buildtools/wafsamba/wafsamba.py
+++ b/buildtools/wafsamba/wafsamba.py
@@ -342,6 +342,13 @@ def SAMBA_BINARY(bld, binname, source,
else:
subsystem_group = group
+# only specify PIE flags for binaries
+pie_cflags = cflags
+pie_ldflags = TO_LIST(ldflags)
+if bld.env['ENABLE_PIE'] == True:
+pie_cflags += ' -fPIE'
+pie_ldflags.extend(TO_LIST('-pie'))
+
# first create a target for building the object files for this binary
# by separating in this way, we avoid recompiling the C files
# separately for the install binary and the build binary
@@ -349,7 +356,7 @@ def SAMBA_BINARY(bld, binname, source,
source = source,
deps = deps,
includes = includes,
-cflags = cflags,
+cflags = pie_cflags,
group = subsystem_group,
autoproto = autoproto,
subsystem_name = subsystem_name,
@@ -379,7 +386,7 @@ def SAMBA_BINARY(bld, binname, source,
install_path = None,
samba_inst_path= install_path,
samba_install = install,
-samba_ldflags = TO_LIST(ldflags)
+samba_ldflags = pie_ldflags
)
if manpages is not None and 'XSLTPROC_MANPAGES' in bld.env and
bld.env['XSLTPROC_MANPAGES']:
diff --git a/wscript b/wscript
index 3509939..2ff6c35 100644
--- a/wscript
+++ b/wscript
@@ -56,6 +56,13 @@ def set_options(opt):
help='disable AD DC functionality (enables Samba 4 client
and Samba 3 code base).',
action='store_true', dest='without_ad_dc', default=False)
+opt.add_option('--with-pie',
+ help=("Build Position Independent Executables (default)"),
+ action="store_true", dest='enable_pie', default=True)
+opt.add_option('--without-pie',
+ help=("Disable Position Independent Executable builds"),
+ action="store_false", dest='enable_pie')
+
gr = opt.option_group('developer options')
@@ -160,6 +167,10 @@ def configure(conf):
conf.SAMBA_CONFIG_H('include/config.h')
+if Options.options.enable_pie == True:
+conf.check_cc(cflags='-fPIE', ldflags='-pie', mandatory=True,
+ msg="Checking compiler for PIE support")
+conf.env['ENABLE_PIE'] = True
def etags(ctx):
'''build TAGS file using etags'''
--
Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated
via 5a633dd s4-dns: Print/Set minimumTTL value in SOA record
via 6676511 build: Remove unused mkbuildoptions.awk
via dd72d85 build: Remove unused tool for config.h comparison
via 4c4520a build: Remove feature tests for variables now always
provided
via dc6b03f build: Remove unused credentials_samba3.c
via 26d36be selftest: VFSLIBDIR is not needed, the waf build knows
where to find modules automatically
via cbddf9e build: Remove autoconf build system from examples/VFS
via f073401 passdb-machine_account_secrets: Remove #if SAMBA_BUILD_ ==
4 now we only have the waf build
via 2c70b0e nsswitch: Remove #if SAMBA_BUILD_ >= 4 now we only have the
waf build
via 922fe92 lib/util/modules.c: Remove #if SAMBA_BUILD_ == 3 now we
only have the waf build
via 2bede9d param: Remove _SAMBA_BUILD_ checks from now the autoconf
build is gone
via ae14497 docs: Document removal of the autoconf build system
via 11aab8a build: Remove unused preproc-dummy.c
via 53c61a3 build: Remove unused linkmodules.sh script
via 69c09e7 build: Remove unused revert.sh script
via 26ff1f2 build: Remove unused uninstall*.sh scripts
via d98f107 build: Remove unused install*.sh scripts
via 167b8bd build: Remove unused build_idl.sh
via c5bde69 Remove lib/netapi autoconf build system, this is now build
with waf
via 87049bf build: Remove unused build_idl.sh
via af443d0 Remove now-unused s3-selftest.sh wrapper
via 8bcaa14 Remove stub ldb_version.h and source3/include/autoconf as
no longer needed
via 8b2590c build: Remove autoconf directory no longer needed
via 0b5c23b build: Remove unused script/mkversion.sh
via a768e6b build: Remove unused install-sh
via cd4b413 build: Remove autoconf build system
via 97cceb5 build: No longer run autogen.sh during tarball creation
via fb67cea autobuild: Remove samba3 and samba3-ctdb targets to allow
autoconf removal for 4.1
from 4e76a77 waf: build position independent executables
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -
commit 5a633dd6bb5be817c6b421df0c098e3428a20773
Author: Amitay Isaacs
Date: Thu Dec 6 16:10:42 2012 +1100
s4-dns: Print/Set minimumTTL value in SOA record
Signed-off-by: Amitay Isaacs
Reviewed-by: Andrew Bartlett
Autobuild-User(master): Andrew Bartlett
Autobuild-Date(master): Tue May 28 08:47:56 CEST 2013 on sn-devel-104
commit 667651132b9136e1ad9d7dc5f44dd86c66907e70
Author: Andrew Bartlett
Date: Thu May 23 09:37:10 2013 +1000
build: Remove unused mkbuildoptions.awk
This is not used by the waf build.
Andrew Bartlett
Reviewed-by: Jelmer Vernooij
Reviewed-by: David Disseldorp
commit dd72d85e928a9f52113235daaab1e71ea916aa0d
Author: Andrew Bartlett
Date: Wed May 22 17:05:11 2013 +1000
build: Remove unused tool for config.h comparison
Reviewed-by: Jelmer Vernooij
Reviewed-by: David Disseldorp
commit 4c4520ac3794f917c831255d6598945712bcfb5c
Author: Andrew Bartlett
Date: Wed May 22 16:23:23 2013 +1000
build: Remove feature tests for variables now always provided
These #ifdef statements were added in replacement for #if (_SAMBA_BUILD_ >=
4)
in fbe7ed79b0f056a9a8f44a9b42e887441d2f00d5
Andrew Bartlett
Reviewed-by: Jelmer Vernooij
Reviewed-by: David Disseldorp
commit dc6b03ffa55968708576cb527f1b52a37d8e5317
Author: Andrew Bartlett
Date: Wed May 22 16:16:31 2013 +1000
build: Remove unused credentials_samba3.c
This file was only used by the autoconf build system.
Andrew Bartlett
Reviewed-by: Jelmer Vernooij
Reviewed-by: David Disseldorp
commit 26d36befa8347eb093850cc8853fd9939555d458
Author: Andrew Bartlett
Date: Wed May 22 16:13:21 2013 +1000
selftest: VFSLIBDIR is not needed, the waf build knows where to find
modules automatically
This is why was relinks on install, because it is fixing these
internal variables up.
Andrew Bartlett
Reviewed-by: Jelmer Vernooij
Reviewed-by: David Disseldorp
commit cbddf9e2efd856a25c6405f6893ad3a9cda1b181
Author: Andrew Bartlett
Date: Wed May 22 14:22:36 2013 +1000
build: Remove autoconf build system from examples/VFS
Reviewed-by: Jelmer Vernooij
Reviewed-by: David Disseldorp
commit f073401abf9a0f91715854d885fad96332d001b5
Author: Andrew Bartlett
Date: Wed May 22 13:48:35 2013 +1000
passdb-machine_account_secrets: Remove #if SAMBA_BUILD_ == 4 now we only
have the waf build
Reviewed-by: Jelmer Vernooij
Reviewed-by: David Disseldorp
commit 2c70b0edcfbc009b5cdc27454d3703fbf20a50bd
Author: Andrew Ba
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated
via 3bd686c tdb: fix logging of offets and lengths.
from 5a633dd s4-dns: Print/Set minimumTTL value in SOA record
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -
commit 3bd686c5ad4756af1033ac14ba09a40156cc6d47
Author: Rusty Russell
Date: Tue May 28 16:53:56 2013 +0930
tdb: fix logging of offets and lengths.
We can have offsets > 2G, so use unsigned values. Fixes other prints to be
native types rather than casts, too.
Signed-off-by: Rusty Russell
Reviewed-by: Andrew Bartlett
Autobuild-User(master): Andrew Bartlett
Autobuild-Date(master): Tue May 28 11:22:14 CEST 2013 on sn-devel-104
---
Summary of changes:
lib/tdb/common/check.c | 22 +++---
lib/tdb/common/dump.c|9 -
lib/tdb/common/freelist.c|8
lib/tdb/common/io.c | 36 ++--
lib/tdb/common/lock.c|8
lib/tdb/common/summary.c |2 +-
lib/tdb/common/transaction.c |8
7 files changed, 46 insertions(+), 47 deletions(-)
Changeset truncated at 500 lines:
diff --git a/lib/tdb/common/check.c b/lib/tdb/common/check.c
index dc38102..9f9d870 100644
--- a/lib/tdb/common/check.c
+++ b/lib/tdb/common/check.c
@@ -76,19 +76,19 @@ static bool tdb_check_record(struct tdb_context *tdb,
/* Check rec->next: 0 or points to record offset, aligned. */
if (rec->next > 0 && rec->next < TDB_DATA_START(tdb->hash_size)){
TDB_LOG((tdb, TDB_DEBUG_ERROR,
-"Record offset %d too small next %d\n",
+"Record offset %u too small next %u\n",
off, rec->next));
goto corrupt;
}
if (rec->next + sizeof(*rec) < rec->next) {
TDB_LOG((tdb, TDB_DEBUG_ERROR,
-"Record offset %d too large next %d\n",
+"Record offset %u too large next %u\n",
off, rec->next));
goto corrupt;
}
if ((rec->next % TDB_ALIGNMENT) != 0) {
TDB_LOG((tdb, TDB_DEBUG_ERROR,
-"Record offset %d misaligned next %d\n",
+"Record offset %u misaligned next %u\n",
off, rec->next));
goto corrupt;
}
@@ -98,14 +98,14 @@ static bool tdb_check_record(struct tdb_context *tdb,
/* Check rec_len: similar to rec->next, implies next record. */
if ((rec->rec_len % TDB_ALIGNMENT) != 0) {
TDB_LOG((tdb, TDB_DEBUG_ERROR,
-"Record offset %d misaligned length %d\n",
+"Record offset %u misaligned length %u\n",
off, rec->rec_len));
goto corrupt;
}
/* Must fit tailer. */
if (rec->rec_len < sizeof(tailer)) {
TDB_LOG((tdb, TDB_DEBUG_ERROR,
-"Record offset %d too short length %d\n",
+"Record offset %u too short length %u\n",
off, rec->rec_len));
goto corrupt;
}
@@ -119,7 +119,7 @@ static bool tdb_check_record(struct tdb_context *tdb,
goto corrupt;
if (tailer != sizeof(*rec) + rec->rec_len) {
TDB_LOG((tdb, TDB_DEBUG_ERROR,
-"Record offset %d invalid tailer\n", off));
+"Record offset %u invalid tailer\n", off));
goto corrupt;
}
@@ -247,7 +247,7 @@ static bool tdb_check_used_record(struct tdb_context *tdb,
/* key + data + tailer must fit in record */
if (rec->key_len + rec->data_len + sizeof(tdb_off_t) > rec->rec_len) {
TDB_LOG((tdb, TDB_DEBUG_ERROR,
-"Record offset %d too short for contents\n", off));
+"Record offset %u too short for contents\n", off));
return false;
}
@@ -257,7 +257,7 @@ static bool tdb_check_used_record(struct tdb_context *tdb,
if (tdb->hash_fn(&key) != rec->full_hash) {
TDB_LOG((tdb, TDB_DEBUG_ERROR,
-"Record offset %d has incorrect hash\n", off));
+"Record offset %u has incorrect hash\n", off));
goto fail_put_key;
}
@@ -411,14 +411,14 @@ _PUBLIC_ int tdb_check(struct tdb_context *tdb,
goto corrupt;
TDB_LOG((tdb
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated
via 09aaa99 build-htmlman-nogit: Run build-htmlman-nogit with bash.
via fa3cca3 build-htmlman-git: Run build-htmlman-git with bash.
via 737dd2a build-htmlman-nogit: manpages-3 has been moved to manpages.
via ce8bbdd build-htmlman-git: manpages-3 has been moved to manpages.
via 0c67a29 docs-xml/.gitignore: manpages-3 has been moved to manpages.
via 0b8b6fd vfs_glusterfs: Samba VFS module for glusterfs
via 05578dc samba-tool/dns: Set secure zone update flag after creating
new zone
via c22eb10 samba-tool/dns: Pass on additional flags when creating zones
via 612fbc1 s4-dns: Support update of SOA records
via de2788a s4-rpc: dnsserver: When updating SOA record, use the
specified serial
via cc103a8 s4-rpc: dnsserver: dns_name_equal() returns boolean
via b5c3ec0 s4-rpc: dnsserver: Fix removal of trailing '.' in soa mname
from 3f24d69 build: Add missing new line to replaced python shebang
line. (Fix bug #9909)
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -
commit 09aaa991ef765405108c09c2059bbae2d897363e
Author: Karolin Seeger
Date: Wed May 29 10:25:25 2013 +0200
build-htmlman-nogit: Run build-htmlman-nogit with bash.
On debian/ubuntu, the "dash" which is sh, does not
provide pushd/popd...
Signed-off-by: Karolin Seeger
Reviewed-by: Andrew Bartlett
Autobuild-User(master): Andrew Bartlett
Autobuild-Date(master): Thu May 30 04:48:06 CEST 2013 on sn-devel-104
commit fa3cca3fb0ab957604a29feda734f5bc7db7afdc
Author: Karolin Seeger
Date: Wed May 29 10:23:49 2013 +0200
build-htmlman-git: Run build-htmlman-git with bash.
On debian/ubuntu, the "dash" which is sh, does not
provide pushd/popd...
Signed-off-by: Karolin Seeger
Reviewed-by: Andrew Bartlett
commit 737dd2a9fd91a27affd61087639cdc1df21b1cc0
Author: Karolin Seeger
Date: Wed May 29 10:21:23 2013 +0200
build-htmlman-nogit: manpages-3 has been moved to manpages.
Signed-off-by: Karolin Seeger
Reviewed-by: Andrew Bartlett
commit ce8bbdd9fc45bda5fb8900a83cc1a2e16a21af06
Author: Karolin Seeger
Date: Wed May 29 10:20:39 2013 +0200
build-htmlman-git: manpages-3 has been moved to manpages.
Signed-off-by: Karolin Seeger
Reviewed-by: Andrew Bartlett
commit 0c67a29976310ace5cb9966fdd9971bba24c62b6
Author: Karolin Seeger
Date: Wed May 29 10:19:10 2013 +0200
docs-xml/.gitignore: manpages-3 has been moved to manpages.
Signed-off-by: Karolin Seeger
Reviewed-by: Andrew Bartlett
commit 0b8b6fdc96f59895536d16de43a1494c5eef5c67
Author: Anand Avati
Date: Wed May 29 07:21:46 2013 -0400
vfs_glusterfs: Samba VFS module for glusterfs
Implement a Samba VFS plugin for glusterfs based on gluster's gfapi.
This is a "bottom" vfs plugin (not something to be stacked on top of
another module), and translates (most) calls into closest actions
on gfapi.
Reviewed-by: Andrew Bartlett
Reviewed-by: Simo Sorce
Signed-off-by: Anand Avati
commit 05578dcdbfa1734ae7bafb70859a76f4cd2a023d
Author: Amitay Isaacs
Date: Mon May 27 12:37:20 2013 +1000
samba-tool/dns: Set secure zone update flag after creating new zone
Windows DC ignores the secure update flag while creating new zone. Windows
performs another operation to set the secure update flag.
Signed-off-by: Amitay Isaacs
commit c22eb103d865ed50a6c3ca89750245b92e17b493
Author: Amitay Isaacs
Date: Mon May 27 12:26:36 2013 +1000
samba-tool/dns: Pass on additional flags when creating zones
Windows DCs require additional flags to be set when creating zones.
This fixes bug #9599.
Signed-off-by: Amitay Isaacs
commit 612fbc18c3bf5307bd71ef533a5b6a13c7ef78b6
Author: Amitay Isaacs
Date: Thu Dec 6 16:11:18 2012 +1100
s4-dns: Support update of SOA records
Signed-off-by: Amitay Isaacs
commit de2788acd1ee2136b673c5d1ddf5bab335b4675f
Author: Amitay Isaacs
Date: Thu Dec 6 16:06:35 2012 +1100
s4-rpc: dnsserver: When updating SOA record, use the specified serial
This makes sure that when updating SOA record, the serial is set to the
value
sent by client. For all other records, serial is incremented.
Signed-off-by: Amitay Isaacs
commit cc103a8187317047347a679e42b076de7d69d181
Author: Amitay Isaacs
Date: Thu Dec 6 16:05:26 2012 +1100
s4-rpc: dnsserver: dns_name_equal() returns boolean
Remove the remaining check for return value after strcmp() was changed to
dns_name_equal().
Signed-off-by: Amitay Isaacs
Reviewed-by: Andrew Bartlett
commit b5c3ec0abc22145841b9b528cb55ec381e9c0d06
Author: Amitay Isaacs
Date
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 553d63f s4-dns: set TTL value in the NS server part of the SOA record from 09aaa99 build-htmlman-nogit: Run build-htmlman-nogit with bash. http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 553d63f0ead74ea101b2169bdad4af80caa16e2b Author: Guenter Kukkukk Date: Thu May 30 02:19:32 2013 +0200 s4-dns: set TTL value in the NS server part of the SOA record noticed this when using samba-tool to create a new zone Signed-off-by: Guenter Kukkukk Reviewed-by: Andrew Bartlett Reviewed-by: Amitay Isaacs Autobuild-User(master): Andrew Bartlett Autobuild-Date(master): Thu May 30 09:41:20 CEST 2013 on sn-devel-104 --- Summary of changes: source4/rpc_server/dnsserver/dnsdb.c |1 + 1 files changed, 1 insertions(+), 0 deletions(-) Changeset truncated at 500 lines: diff --git a/source4/rpc_server/dnsserver/dnsdb.c b/source4/rpc_server/dnsserver/dnsdb.c index 91e9aa8..8cdeae4 100644 --- a/source4/rpc_server/dnsserver/dnsdb.c +++ b/source4/rpc_server/dnsserver/dnsdb.c @@ -934,6 +934,7 @@ WERROR dnsserver_db_create_zone(struct ldb_context *samdb, dns_rec[1].wType = DNS_TYPE_NS; dns_rec[1].rank = DNS_RANK_ZONE; dns_rec[1].dwSerial = soa.serial; + dns_rec[1].dwTtlSeconds = 3600; dns_rec[1].dwTimeStamp = (uint32_t)t; dns_rec[1].data.ns = server_fqdn; -- Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated
via 42b0b27 param_table: Remove misleading allow dns updates options.
via 5528551 docs: Avoid mentioning a possibly misleading option.
via 7c4c896 WHATSNEW: Fix 4.0 default for allow dns updates.
via 0de1675 libcli: Remove uneeded debug message
via 8b24c43 dns: Delete dnsNode objects when they are empty
from 553d63f s4-dns: set TTL value in the NS server part of the SOA
record
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -
commit 42b0b275059f9c98b9bf417f2048fdc973449def
Author: Michael Wood
Date: Sat Jun 1 10:37:37 2013 +0200
param_table: Remove misleading allow dns updates options.
Reviewed-by: Andrew Bartlett
Autobuild-User(master): Andrew Bartlett
Autobuild-Date(master): Sat Jun 1 12:46:32 CEST 2013 on sn-devel-104
commit 5528551ea39686194837a8083c85b71dedbe6f0e
Author: Michael Wood
Date: Sat Jun 1 10:35:56 2013 +0200
docs: Avoid mentioning a possibly misleading option.
Reviewed-by: Andrew Bartlett
commit 7c4c896eacdeda27559f3bf47861392adeb3e10a
Author: Michael Wood
Date: Sat Jun 1 10:34:20 2013 +0200
WHATSNEW: Fix 4.0 default for allow dns updates.
Reviewed-by: Andrew Bartlett
commit 0de1675e5d3854c5110ed34029be1e59d17991da
Author: Kai Blin
Date: Sat Jun 1 10:24:12 2013 +0200
libcli: Remove uneeded debug message
Signed-off-by: Kai Blin
Reviewed-by: Andrew Bartlett
commit 8b24c43b382740106474e26dec59e1419ba77306
Author: Kai Blin
Date: Sat Jun 1 10:24:11 2013 +0200
dns: Delete dnsNode objects when they are empty
If an update leaves the dnsNode without any entries, the dnsNode object
should be deleted. Thanks to Günter Kukkukk for his excellent debugging
work on this one.
This should fix bug #9559
Signed-off-by: Kai Blin
Reviewed-by: Andrew Bartlett
---
Summary of changes:
WHATSNEW.txt |2 +-
docs-xml/smbdotconf/domain/allowdnsupdates.xml |4 +-
lib/param/param_table.c|5 -
lib/util/util.c|1 -
python/samba/tests/dns.py | 117
source4/dns_server/dns_utils.c |8 ++-
6 files changed, 127 insertions(+), 10 deletions(-)
Changeset truncated at 500 lines:
diff --git a/WHATSNEW.txt b/WHATSNEW.txt
index f1089db..25bd1ab 100644
--- a/WHATSNEW.txt
+++ b/WHATSNEW.txt
@@ -105,7 +105,7 @@ smb.conf changes
Parameter Name Description Default
-- --- ---
- allow dns updates New disabled
+ allow dns updates New secure only
announce as Removed
announce versionRemoved
cldap port New 0
diff --git a/docs-xml/smbdotconf/domain/allowdnsupdates.xml
b/docs-xml/smbdotconf/domain/allowdnsupdates.xml
index fc7d3e8..1563d29 100644
--- a/docs-xml/smbdotconf/domain/allowdnsupdates.xml
+++ b/docs-xml/smbdotconf/domain/allowdnsupdates.xml
@@ -8,8 +8,8 @@
DNS updates can either be disallowed completely by setting it to
disabled, enabled over secure connections
only by
- setting it to secure or allowed in all
cases
- by setting it to enabled or
nonsecure.
+ setting it to secure only or allowed in
all cases
+ by setting it to nonsecure.
diff --git a/lib/param/param_table.c b/lib/param/param_table.c
index 833d3ca..7ff9d0c 100644
--- a/lib/param/param_table.c
+++ b/lib/param/param_table.c
@@ -118,11 +118,6 @@ static const struct enum_list enum_dns_update_settings[] =
{
{DNS_UPDATE_OFF, "Off"},
{DNS_UPDATE_ON, "nonsecure and secure"},
{DNS_UPDATE_ON, "nonsecure"},
- {DNS_UPDATE_ON, "Yes"},
- {DNS_UPDATE_ON, "True"},
- {DNS_UPDATE_ON, "1"},
- {DNS_UPDATE_ON, "On"},
- {DNS_UPDATE_ON, "enabled"},
{DNS_UPDATE_SIGNED, "secure only"},
{DNS_UPDATE_SIGNED, "secure"},
{DNS_UPDATE_SIGNED, "signed"},
diff --git a/lib/util/util.c b/lib/util/util.c
index 7c669fb..f0ed7f6 100644
--- a/lib/util/util.c
+++ b/lib/util/util.c
@@ -526,7 +526,6 @@ _PUBLIC_ void dump_data_dbgc(int dbgc_class, int level,
const uint8_t *buf, int
struct debug_channel_level dcl = { dbgc_class, level };
if (!DEBUGLVLC(dbgc_class, level)) {
- DEBUG(0, ("dbgc_class is %d\n", dbgc_class));
return;
}
dump_data_cb(buf, len, false, debu
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 8a6743e Bug 8997: change libreplace GPL source to LGPL from b475ef0 torture: support printer publish pending responses http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 8a6743e4edcdff1c7860d150720483f19f3b33bb Author: David Disseldorp Date: Mon Jun 3 13:00:31 2013 +0200 Bug 8997: change libreplace GPL source to LGPL libreplace currently includes socket.c and getifaddrs.c both of which are GPL licensed. Although not required, talloc and tdb build alongside this source, leading to some ambiguity regarding their LGPL licences. The following copyright holders have agreed to the GPL->LGPL change: lib/replace/getifaddrs.c Copyright (C) Andrew Tridgell 1998 Copyright (C) Jeremy Allison 2007 Copyright (C) Jelmer Vernooij 2007 lib/replace/test/getifaddrs.c lib/replace/socket.c * Copyright (C) Michael Adam 2008 Signed-off-by: David Disseldorp Reviewed-by: Andrew Bartlett Autobuild-User(master): Andrew Bartlett Autobuild-Date(master): Mon Jun 3 18:06:18 CEST 2013 on sn-devel-104 --- Summary of changes: lib/replace/getifaddrs.c | 28 lib/replace/socket.c | 22 +- lib/replace/test/getifaddrs.c | 24 ++-- 3 files changed, 43 insertions(+), 31 deletions(-) Changeset truncated at 500 lines: diff --git a/lib/replace/getifaddrs.c b/lib/replace/getifaddrs.c index 84d7906..8da022f 100644 --- a/lib/replace/getifaddrs.c +++ b/lib/replace/getifaddrs.c @@ -4,19 +4,23 @@ Copyright (C) Andrew Tridgell 1998 Copyright (C) Jeremy Allison 2007 Copyright (C) Jelmer Vernooij 2007 - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 3 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, + + ** NOTE! The following LGPL license applies to the replace + ** library. This does NOT imply that all of Samba is released + ** under the LGPL + + This library is free software; you can redistribute it and/or + modify it under the terms of the GNU Lesser General Public + License as published by the Free Software Foundation; either + version 3 of the License, or (at your option) any later version. + + This library is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program. If not, see <http://www.gnu.org/licenses/>. + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + Library General Public License for more details. + + You should have received a copy of the GNU Lesser General Public + License along with this library; if not, see <http://www.gnu.org/licenses/>. */ #define SOCKET_WRAPPER_NOT_REPLACE diff --git a/lib/replace/socket.c b/lib/replace/socket.c index 35e975f..4cd9d2e 100644 --- a/lib/replace/socket.c +++ b/lib/replace/socket.c @@ -5,18 +5,22 @@ * * Copyright (C) Michael Adam 2008 * - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 3 of the License, or - * (at your option) any later version. + * ** NOTE! The following LGPL license applies to the replace + * ** library. This does NOT imply that all of Samba is released + * ** under the LGPL * - * This program is distributed in the hope that it will be useful, + * This library is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; either + * version 3 of the License, or (at your option) any later version. + * + * This library is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Library General Public License for more details. * - * You should have received a copy of the GNU General Public License - * along with this program. If not, see <http://www.gnu.org/licenses/>. + * You should have received a copy of the GNU Lesser General Public + * License along with this libra
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated
via 097a8c7 s4:winbind: don't leak libnet_context into the main event
context
from b238008 s3:lib/ctdb_packet use sys_send in packet_fd_write
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -
commit 097a8c723925d3e35606215cb16be28a37b0112e
Author: Stefan Metzmacher
Date: Fri May 31 16:04:26 2013 +0200
s4:winbind: don't leak libnet_context into the main event context
This needs to be a talloc child of struct wbsrv_domain
otherwise the cleanup of a broken connection doesn't work.
The following command can trigger the leak on a domain controller.
root@dc:~/samba# ls -l /var/lib/samba/sysvol/samba.private/
total 16
drwxrwx---+ 5 root 300 4096 May 14 14:46 Policies
drwxrwx---+ 2 root 300 4096 May 14 11:45 scripts
gid 300 belongs to Builtin\Administrators.
The code triggers a ncacn_np: connection to the local smbd
and complains that domain BUILTIN is not available:
[2013/05/29 17:28:03, 2]
../source4/winbind/wb_init_domain.c:376(init_domain_recv_queryinfo)
Expected domain name BUILTIN, DC dc.samba.private said SAMBA
In that case the connection was not closed, which is fixed by this commit.
Using ncalrpc: for all local SIDs and serving the BUILTIN domain is
a project for another day...
Signed-off-by: Stefan Metzmacher
Reviewed-by: Andrew Bartlett
Autobuild-User(master): Andrew Bartlett
Autobuild-Date(master): Tue Jun 4 11:05:09 CEST 2013 on sn-devel-104
---
Summary of changes:
source4/winbind/wb_init_domain.c |2 ++
1 files changed, 2 insertions(+), 0 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source4/winbind/wb_init_domain.c b/source4/winbind/wb_init_domain.c
index 5e2aa47..70dbaa9 100644
--- a/source4/winbind/wb_init_domain.c
+++ b/source4/winbind/wb_init_domain.c
@@ -144,6 +144,8 @@ struct composite_context *wb_init_domain_send(TALLOC_CTX
*mem_ctx,
state->domain->libnet_ctx =
libnet_context_init(service->task->event_ctx,
service->task->lp_ctx);
+ if (state->domain->libnet_ctx == NULL) goto failed;
+ talloc_steal(state->domain, state->domain->libnet_ctx);
/* Create a credentials structure */
state->domain->libnet_ctx->cred = cli_credentials_init(state->domain);
--
Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated
via 1a6eac2 s4:samldb LDB module - permit "userAccountControl"
modifications without acct. type
via 62ee2a5 s4:samldb LDB module - "userAccountControl" = 0 means
UF_NORMAL_ACCOUNT on add
from ad383ac s3:smbd: explain parameters in call to
SMB_VFS_DURABLE_RECONNECT()
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -
commit 1a6eac2c37f4d80033e450731bd36a9af4b2bd1d
Author: Matthias Dieter Wallnöfer
Date: Wed May 29 22:17:35 2013 +0200
s4:samldb LDB module - permit "userAccountControl" modifications without
acct. type
Obviously this defaults to UF_NORMAL_ACCOUNT. Some background can be found
in
MS-SAMR section 3.1.1.8.10.
Reviewed-by: Andrew Bartlett
Autobuild-User(master): Andrew Bartlett
Autobuild-Date(master): Wed Jun 5 03:26:25 CEST 2013 on sn-devel-104
commit 62ee2a5caf8b8e7750a650c7ebc9729beda48a89
Author: Matthias Dieter Wallnöfer
Date: Sat Apr 21 17:20:24 2012 +0200
s4:samldb LDB module - "userAccountControl" = 0 means UF_NORMAL_ACCOUNT on
add
Windows Server 2008 has changed semantics in comparison to Server 2003.
Reviewed-by: Andrew Bartlett
---
Summary of changes:
source4/dsdb/samdb/ldb_modules/samldb.c | 42 +++--
source4/dsdb/tests/python/sam.py| 76 +++---
2 files changed, 95 insertions(+), 23 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source4/dsdb/samdb/ldb_modules/samldb.c
b/source4/dsdb/samdb/ldb_modules/samldb.c
index da9c966..5bb0b61 100644
--- a/source4/dsdb/samdb/ldb_modules/samldb.c
+++ b/source4/dsdb/samdb/ldb_modules/samldb.c
@@ -990,7 +990,7 @@ static int samldb_objectclass_trigger(struct samldb_ctx *ac)
switch(ac->type) {
case SAMLDB_TYPE_USER: {
- bool uac_generated = false;
+ bool uac_generated = false, uac_add_flags = false;
/* Step 1.2: Default values */
ret = samdb_find_or_add_attribute(ldb, ac->msg,
@@ -1032,6 +1032,7 @@ static int samldb_objectclass_trigger(struct samldb_ctx
*ac)
return ret;
}
uac_generated = true;
+ uac_add_flags = true;
}
el = ldb_msg_find_element(ac->msg, "userAccountControl");
@@ -1042,6 +1043,11 @@ static int samldb_objectclass_trigger(struct samldb_ctx
*ac)
user_account_control =
ldb_msg_find_attr_as_uint(ac->msg,
"userAccountControl",
0);
+ /* "userAccountControl" = 0 means "UF_NORMAL_ACCOUNT" */
+ if (user_account_control == 0) {
+ user_account_control = UF_NORMAL_ACCOUNT;
+ uac_generated = true;
+ }
/* Temporary duplicate accounts aren't allowed */
if ((user_account_control & UF_TEMP_DUPLICATE_ACCOUNT)
!= 0) {
@@ -1124,8 +1130,10 @@ static int samldb_objectclass_trigger(struct samldb_ctx
*ac)
* has been generated here (tested against Windows
* Server) */
if (uac_generated) {
- user_account_control |= UF_ACCOUNTDISABLE;
- user_account_control |= UF_PASSWD_NOTREQD;
+ if (uac_add_flags) {
+ user_account_control |=
UF_ACCOUNTDISABLE;
+ user_account_control |=
UF_PASSWD_NOTREQD;
+ }
ret = samdb_msg_set_uint(ldb, ac->msg, ac->msg,
"userAccountControl",
@@ -1509,8 +1517,32 @@ static int samldb_user_account_control_change(struct
samldb_ctx *ac)
account_type = ds_uf2atype(user_account_control);
if (account_type == 0) {
- ldb_set_errstring(ldb, "samldb: Unrecognized account type!");
- return LDB_ERR_UNWILLING_TO_PERFORM;
+ char *tempstr;
+
+ /*
+* When there is no account type embedded in
"userAccountControl"
+* fall back to default "UF_NORMAL_ACCOUNT".
+*/
+ if (user_account_control == 0) {
+ ldb_set_errstring(ldb,
+ "samldb: Inval
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated
via 7d8354c smbd: Change logging when SET_OFFLINE is not supported
from 1a6eac2 s4:samldb LDB module - permit "userAccountControl"
modifications without acct. type
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -
commit 7d8354c719fa620a580f6d7d322ca80185c50c7e
Author: Christof Schmitt
Date: Wed Jun 5 17:08:03 2013 -0700
smbd: Change logging when SET_OFFLINE is not supported
A client can send a request to set the OFFLINE attribute. In the default
code this is not supported and triggers a log message each time. Change
this to only log with level 0 when an actual errors occurs, and log
ENOTSUP with level 10.
Signed-off-by: Christof Schmitt
Reviewed-by: Andrew Bartlett
Autobuild-User(master): Andrew Bartlett
Autobuild-Date(master): Thu Jun 6 04:30:26 CEST 2013 on sn-devel-104
---
Summary of changes:
source3/smbd/dosmode.c | 25 +++--
1 files changed, 15 insertions(+), 10 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source3/smbd/dosmode.c b/source3/smbd/dosmode.c
index 04d27c7..a6ad107 100644
--- a/source3/smbd/dosmode.c
+++ b/source3/smbd/dosmode.c
@@ -732,16 +732,21 @@ int file_set_dosmode(connection_struct *conn, struct
smb_filename *smb_fname,
old_mode = dos_mode(conn, smb_fname);
- if (dosmode & FILE_ATTRIBUTE_OFFLINE) {
- if (!(old_mode & FILE_ATTRIBUTE_OFFLINE)) {
- lret = SMB_VFS_SET_OFFLINE(conn, smb_fname);
- if (lret == -1) {
- DEBUG(0, ("set_dos_mode: client has asked to "
- "set FILE_ATTRIBUTE_OFFLINE to "
- "%s/%s but there was an error while "
- "setting it or it is not "
- "supported.\n", parent_dir,
- smb_fname_str_dbg(smb_fname)));
+ if ((dosmode & FILE_ATTRIBUTE_OFFLINE) &&
+ !(old_mode & FILE_ATTRIBUTE_OFFLINE)) {
+ lret = SMB_VFS_SET_OFFLINE(conn, smb_fname);
+ if (lret == -1) {
+ if (errno == ENOTSUP) {
+ DEBUG(10, ("Setting FILE_ATTRIBUTE_OFFLINE for "
+ "%s/%s is not supported.\n",
+ parent_dir,
+ smb_fname_str_dbg(smb_fname)));
+ } else {
+ DEBUG(0, ("An error occurred while setting "
+ "FILE_ATTRIBUTE_OFFLINE for "
+ "%s/%s: %s", parent_dir,
+ smb_fname_str_dbg(smb_fname),
+ strerror(errno)));
}
}
}
--
Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 036af07 .gitignore: Tidy up after removal of the autoconf build from 3cd640d tdb: Fix typos. http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 036af07e863b09c6e84965ef288324cbac93de69 Author: Andrew Bartlett Date: Sat Jun 8 18:10:36 2013 +1000 .gitignore: Tidy up after removal of the autoconf build Reviewed-By: Jelmer Vernooij Autobuild-User(master): Andrew Bartlett Autobuild-Date(master): Mon Jun 10 04:42:46 CEST 2013 on sn-devel-104 --- Summary of changes: .gitignore | 85 1 files changed, 0 insertions(+), 85 deletions(-) Changeset truncated at 500 lines: diff --git a/.gitignore b/.gitignore index 7f2c590..8e1092f 100644 --- a/.gitignore +++ b/.gitignore @@ -3,100 +3,15 @@ st/ .waf* .lock-wscript *~ -*.1 -*.3 -*.8 *.swp tags TAGS cscope*.out -*.x autom4te.cache -config.cache -config.h -config.h.in -config.log -config.status -source3/.build.log source3/.clang_complete -source3/configure -source3/Makefile -examples/libsmbclient/Makefile.internal -examples/libsmbclient/smbwrapper/smbsh -examples/libsmbclient/smbwrapper/smbwrapper.so -examples/libsmbclient/testacl -examples/libsmbclient/testacl2 -examples/libsmbclient/testacl3 -examples/libsmbclient/testbrowse -examples/libsmbclient/testbrowse2 -examples/libsmbclient/testchmod -examples/libsmbclient/testread -examples/libsmbclient/testsmbc -examples/libsmbclient/teststat -examples/libsmbclient/teststat2 -examples/libsmbclient/teststat3 -examples/libsmbclient/testtruncate -examples/libsmbclient/testutime -examples/libsmbclient/testwrite -examples/libsmbclient/tree -examples/libsmbclient/testfstatvfs -examples/libsmbclient/teststatvfs -examples/VFS/config.log -examples/VFS/config.status -examples/VFS/configure -examples/VFS/Makefile -examples/VFS/module_config.h -examples/VFS/module_config.h.in -examples/VFS/shadow_copy_test.so -examples/VFS/skel_opaque.so -examples/VFS/skel_transparent.so -*.gcda -*.gcno -*.o *.patch -*.pc -*.po *.pyc semantic.cache -nsswitch/libnss_winbind.so -nsswitch/libnss_wins.so -nsswitch/WINBIND -source3/config.cache -source3/config.log -source3/config.status -source3/configure -source3/exports/libnetapi.syms -source3/exports/libsmbclient.syms -source3/exports/libsmbsharemodes.syms -source3/exports/libtalloc.syms -source3/exports/libtdb.syms -source3/exports/libwbclient.syms -source3/include/build_env.h -source3/include/autoconf/config.h -source3/include/autoconf/config.h.in -source3/include/includes.h.gch -source3/include/stamp-h -source3/include/autoconf/version.h -source3/lib/netapi/examples/Makefile -source3/lib/netapi/tests/Makefile -source3/library-versions -librpc/gen_ndr/*.* -source3/autoconf/librpc/gen_ndr/*.* -source3/nsswitch/*.so -source3/pkgconfig/*.pc -source3/proto_exists -source3/script/findsmb -source3/script/installbin.sh -source3/script/uninstallbin.sh -source3/smbadduser -source3/smbd/build_options.c -source3/autoconf/source3/param/param_global.h -source3/autoconf/source3/param/param_local.h -source3/setup -source3/autoconf/lib/param/param_global.h -source3/autoconf/lib/param/param_local.h -source3/autoconf/lib/param/param_proto.h -source3/autoconf/lib/param/s3_param.h pidl/blib pidl/cover_db pidl/Makefile -- Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated
via 7f760ed s4:samldb LDB module - MS-SAMR 3.1.1.8.10
"userAccountControl"
via 2f7d9fd s4:samr RPC server - dcesrv_samr_SetUserInfo() - password
expiration
from 036af07 .gitignore: Tidy up after removal of the autoconf build
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -
commit 7f760ed84b4b34937b3a65577f971cc95f452e0f
Author: Matthias Dieter Wallnöfer
Date: Sat Jun 8 23:45:43 2013 +0200
s4:samldb LDB module - MS-SAMR 3.1.1.8.10 "userAccountControl"
"UF_LOCKOUT" and "UF_PASSWORD_EXPIRED" are never stored but rather are
used for special semantics.
"UF_LOCKOUT" performs an account lockout and "UF_PASSWORD_EXPIRED"
forces password expiration.
Reviewed-by: Andrew Bartlett
Autobuild-User(master): Andrew Bartlett
Autobuild-Date(master): Mon Jun 10 07:32:35 CEST 2013 on sn-devel-104
commit 2f7d9fddf7102d76b182fbd50ccaf18cb5a10014
Author: Matthias Dieter Wallnöfer
Date: Sun Jun 9 10:46:06 2013 +0200
s4:samr RPC server - dcesrv_samr_SetUserInfo() - password expiration
Also on level 26 this has to be handled the same as on levels 21, 23, 25.
Reviewed-by: Andrew Bartlett
---
Summary of changes:
source4/dsdb/samdb/ldb_modules/samldb.c | 82 +--
source4/dsdb/tests/python/sam.py| 82 ++-
source4/rpc_server/samr/dcesrv_samr.c |8 +++-
3 files changed, 154 insertions(+), 18 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source4/dsdb/samdb/ldb_modules/samldb.c
b/source4/dsdb/samdb/ldb_modules/samldb.c
index 5bb0b61..603370f 100644
--- a/source4/dsdb/samdb/ldb_modules/samldb.c
+++ b/source4/dsdb/samdb/ldb_modules/samldb.c
@@ -1049,6 +1049,18 @@ static int samldb_objectclass_trigger(struct samldb_ctx
*ac)
uac_generated = true;
}
+ /*
+* As per MS-SAMR 3.1.1.8.10 these flags have not to be
set
+*/
+ if ((user_account_control & UF_LOCKOUT) != 0) {
+ user_account_control &= ~UF_LOCKOUT;
+ uac_generated = true;
+ }
+ if ((user_account_control & UF_PASSWORD_EXPIRED) != 0) {
+ user_account_control &= ~UF_PASSWORD_EXPIRED;
+ uac_generated = true;
+ }
+
/* Temporary duplicate accounts aren't allowed */
if ((user_account_control & UF_TEMP_DUPLICATE_ACCOUNT)
!= 0) {
return LDB_ERR_OTHER;
@@ -1442,9 +1454,10 @@ static int samldb_user_account_control_change(struct
samldb_ctx *ac)
struct ldb_message *tmp_msg;
int ret;
struct ldb_result *res;
- const char * const attrs[] = { "userAccountControl", "objectClass",
NULL };
+ const char * const attrs[] = { "userAccountControl", "objectClass",
+ "lockoutTime", NULL };
unsigned int i;
- bool is_computer = false;
+ bool is_computer = false, uac_generated = false;
el = dsdb_get_single_valued_attr(ac->msg, "userAccountControl",
ac->req->operation);
@@ -1517,8 +1530,6 @@ static int samldb_user_account_control_change(struct
samldb_ctx *ac)
account_type = ds_uf2atype(user_account_control);
if (account_type == 0) {
- char *tempstr;
-
/*
* When there is no account type embedded in
"userAccountControl"
* fall back to default "UF_NORMAL_ACCOUNT".
@@ -1530,18 +1541,7 @@ static int samldb_user_account_control_change(struct
samldb_ctx *ac)
}
user_account_control |= UF_NORMAL_ACCOUNT;
-
- tempstr = talloc_asprintf(ac->msg, "%d", user_account_control);
- if (tempstr == NULL) {
- return ldb_module_oom(ac->module);
- }
-
- /* Overwrite "userAccountControl" with "UF_NORMAL_ACCOUNT"
added */
- el = dsdb_get_single_valued_attr(ac->msg, "userAccountControl",
-ac->req->operation);
- el->values[0].data = (uint8_t *) tempstr;
- el->values[0].length = strlen(tempstr);
-
+ uac_generated = true;
account_type = ATYPE_NORMAL_ACCOUNT;
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated
via 3e66cb7 Fix bug #9932 - Currently the maximum number of aces in an
SD is limited to 1000, but Microsoft supports around 1800.
from e2a08e5 smbd: Remove an unused variable
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -
commit 3e66cb7d771e9f2156f4183485736cca7d5609f9
Author: Partha Sarathi
Date: Fri Jun 7 16:30:07 2013 -0700
Fix bug #9932 - Currently the maximum number of aces in an SD is limited to
1000, but Microsoft supports around 1800.
Issue description: I was trying to add maximum number of aces on Microsoft
share, where I was able to add nearly 1800 aces on a file/folder SD. But
Samba
does not support adding 1800 aces to SD instead it limited to 1000.
Expected behavior: Ideally SAMBA should also support as like Windows to
compare
with Windows standard. Set to 2000 until we add EA limits in the server.
Reviewed-by: Jeremy Allison
Autobuild-User(master): Andrew Bartlett
Autobuild-Date(master): Wed Jun 12 02:52:36 CEST 2013 on sn-devel-104
---
Summary of changes:
librpc/idl/security.idl |2 +-
1 files changed, 1 insertions(+), 1 deletions(-)
Changeset truncated at 500 lines:
diff --git a/librpc/idl/security.idl b/librpc/idl/security.idl
index d4324ab..00bb6e6 100644
--- a/librpc/idl/security.idl
+++ b/librpc/idl/security.idl
@@ -536,7 +536,7 @@ interface security
typedef [public,gensize,nosize] struct {
security_acl_revision revision;
[value(ndr_size_security_acl(r,ndr->flags))] uint16 size;
- [range(0,1000)] uint32 num_aces;
+ [range(0,2000)] uint32 num_aces;
security_ace aces[num_aces];
} security_acl;
--
Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated
via 7bad9d1 s3-libads: Print the debug string of a failed call with
LDAP_OTHER.
via ee156ef krb5wrap: Move mask to the right position.
from 68f8f4e dsdb-tests ldap.py: Add test for usn behaviour on certain
changes
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -
commit 7bad9d1fcd7ad78d060d95953ee6aaff5339bba6
Author: Andreas Schneider
Date: Wed Jun 12 10:07:22 2013 +0200
s3-libads: Print the debug string of a failed call with LDAP_OTHER.
Signed-off-by: Andreas Schneider
Reviewed-by: Andrew Bartlett
Autobuild-User(master): Andrew Bartlett
Autobuild-Date(master): Wed Jun 12 13:46:57 CEST 2013 on sn-devel-104
commit ee156ef23511713a29095f4ab5d7750a36ba850c
Author: Andreas Schneider
Date: Wed Jun 12 10:08:44 2013 +0200
krb5wrap: Move mask to the right position.
Signed-off-by: Andreas Schneider
Reviewed-by: Andrew Bartlett
---
Summary of changes:
lib/krb5_wrap/krb5_samba.c |2 +-
source3/libads/ldap.c | 18 ++
2 files changed, 19 insertions(+), 1 deletions(-)
Changeset truncated at 500 lines:
diff --git a/lib/krb5_wrap/krb5_samba.c b/lib/krb5_wrap/krb5_samba.c
index 3a2401a..024e188 100644
--- a/lib/krb5_wrap/krb5_samba.c
+++ b/lib/krb5_wrap/krb5_samba.c
@@ -1484,7 +1484,6 @@ krb5_error_code kerberos_kinit_keyblock_cc(krb5_context
ctx, krb5_ccache cc,
{
krb5_error_code code = 0;
krb5_creds my_creds;
- mode_t mask;
#if defined(HAVE_KRB5_GET_INIT_CREDS_KEYBLOCK)
code = krb5_get_init_creds_keyblock(ctx, &my_creds, principal,
@@ -1496,6 +1495,7 @@ krb5_error_code kerberos_kinit_keyblock_cc(krb5_context
ctx, krb5_ccache cc,
char tmp_name[sizeof(SMB_CREDS_KEYTAB)];
krb5_keytab_entry entry;
krb5_keytab keytab;
+ mode_t mask;
memset(&entry, 0, sizeof(entry));
entry.principal = principal;
diff --git a/source3/libads/ldap.c b/source3/libads/ldap.c
index 2a4a83b..c8ef5b5 100644
--- a/source3/libads/ldap.c
+++ b/source3/libads/ldap.c
@@ -1041,6 +1041,24 @@ static ADS_STATUS ads_do_paged_search_args(ADS_STRUCT
*ads,
if (rc) {
DEBUG(3,("ads_do_paged_search_args:
ldap_search_with_timeout(%s) -> %s\n", expr,
ldap_err2string(rc)));
+ if (rc == LDAP_OTHER) {
+ char *ldap_errmsg;
+ int ret;
+
+ ret = ldap_parse_result(ads->ldap.ld,
+ *res,
+ NULL,
+ NULL,
+ &ldap_errmsg,
+ NULL,
+ NULL,
+ 0);
+ if (ret == LDAP_SUCCESS) {
+ DEBUG(3, ("ldap_search_with_timeout(%s) "
+ "error: %s\n", expr, ldap_errmsg));
+ ldap_memfree(ldap_errmsg);
+ }
+ }
goto done;
}
--
Samba Shared Repository
[SCM] Samba Website Repository - branch master updated
The branch, master has been updated
via 8af03ee Update and clarify the Samba copyright policy and Developer
Certificate Origin
from c989bdc Revert "docs: The russian translation site times out"
http://gitweb.samba.org/?p=samba-web.git;a=shortlog;h=master
- Log -
commit 8af03ee622aa0e1d27fc5a927967c8c660b04c3b
Author: Andrew Bartlett
Date: Wed Jun 19 15:07:16 2013 +1000
Update and clarify the Samba copyright policy and Developer Certificate
Origin
This clarifies how this process interacts with Signed-off-by for
individual developers.
Andrew Bartlett
---
Summary of changes:
devel/copyright-policy.html | 66 ++
1 files changed, 47 insertions(+), 19 deletions(-)
Changeset truncated at 500 lines:
diff --git a/devel/copyright-policy.html b/devel/copyright-policy.html
index d24eddc..a160119 100644
--- a/devel/copyright-policy.html
+++ b/devel/copyright-policy.html
@@ -38,27 +38,36 @@ copyright ownership. It just requires a simple set-up
process first.
We use a process very similar to the way things are done in the Linux
kernel community, so it should be very easy to get a sign off from
-your corporate legal department. The only changes we've made are to
-accommodate the licenses we use, which are
-http://www.gnu.org/licenses/gpl-3.0.html";>GPLv3 and
-http://www.gnu.org/licenses/lgpl-3.0.html";>LGPLv3 (or later)
-whereas the Linux kernel uses
-http://www.gnu.org/licenses/old-licenses/gpl-2.0.html";>GPLv2.
+your corporate legal department. The only changes we've made are: (a)
+Samba uses
+the http://www.gnu.org/licenses/gpl-3.0.html";>GPLv3-or-later
+and http://www.gnu.org/licenses/lgpl-3.0.html";>LGPLv3-or-later
+licenses, whereas the Linux kernel
+uses http://www.gnu.org/licenses/old-licenses/gpl-2.0.html";>GPLv2-only,
+and we (b) don't mandate signing Samba's DCO if copyright is held by
+individuals. (Individuals who wish to sign the DCO are welcome to do
+so if they like.)
-
+
The process is called signing.
-How to sign your work
+How to sign your work on behalf of your employer
-Once you have permission to contribute to Samba from
-your employer, simply email a copy of the following text
-from your corporate email address to mailto:contribut...@samba.org";>contribut...@samba.org
+Once you have permission to contribute to Samba from your employer,
+complete our signing process by completing two steps:
+
+
+
+
+Email a copy of the following text from your corporate email
+address to mailto:contribut...@samba.org";>contribut...@samba.org:
+
Samba Developer's Certificate of Origin. Version 1.0
@@ -101,10 +110,11 @@ We will maintain a copy of that email as a record that
you have the
rights to contribute code to Samba under the required licenses whilst
working for the company where the email came from.
+
+
-Then when sending in a patch via the normal mechanisms described
-above, add a line that states:
+Whenever sending in a patch, add a line that states:
@@ -115,10 +125,12 @@ above, add a line that states:
-using your real name and the email address you sent the original email
-you used to send the Samba Developer's Certificate of Origin to us
-(sorry, no pseudonyms or anonymous contributions.)
+using your real name and the company email address you used to send
+the Samba Developer's Certificate of Origin to us (sorry, no
+pseudonyms or anonymous contributions.)
+
+
That's it ! Such code can then quite happily contain changes that have
@@ -136,8 +148,24 @@ copyright messages such as :
and can be merged into the Samba codebase in the same way as patches
from any other individual. You don't need to send in a copy of the
Samba Developer's Certificate of Origin for each patch, or inside each
-patch. Just the sign-off message is all that is required once we've
-received the initial email.
+patch. Just the sign-off is all that is required once we've received
+the initial email.
+
+
+
+Please note that merely including a sign-off in the commit does not
+imply assent to the Samba Developer's Certificate of Origin, whether
+you're submitting a patch containing your personal copyrights or those
+of your employer. As such, we won't be able to accept patches
+submitted by companies that don't follow *both* steps of this signing
+process. Individual copyright holders who don't assent to the DCO
+should use other means (such as copyright/license headers in the
+source files) to indicate their chosen license for contributed code.
+
+
+
+If you have any questions about signing, please email us at mailto:contribut...@samba.org";>contribut...@samba.org.
--
Samba Website Repository
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated
via 88c72fc s4-winbind: Add special case for BUILTIN domain
via d4091c5 Fix bug #9166 - Starting smbd or nmbd with stdin from
/dev/null results in "EOF on stdin"
from fc13489 build: Build with system md5.h on OpenIndiana
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -
commit 88c72fceb1c86752c52651bdea5b116806dd92c5
Author: Andrew Bartlett
Date: Sat Jun 15 23:01:44 2013 +1000
s4-winbind: Add special case for BUILTIN domain
This should mean that lookups for the BUILTIN domain cause less trouble
then they have in the past, because they will no longer go via the
trusted domain handler.
Andrew Bartlett
Signed-off-by: Andrew Bartlett
Reviewed-by: Volker Lendecke
Autobuild-User(master): Andrew Bartlett
Autobuild-Date(master): Thu Jun 20 15:30:00 CEST 2013 on sn-devel-104
commit d4091c5809f174b68714fa50fa501c99617c016e
Author: Jeremy Allison
Date: Mon Jun 10 13:33:40 2013 -0700
Fix bug #9166 - Starting smbd or nmbd with stdin from /dev/null results in
"EOF on stdin"
Only install the stdin handler if it's a pipe or fifo.
Signed-off-by: Jeremy Allison
Reviewed-by: Andrew Bartlett
---
Summary of changes:
source3/nmbd/nmbd.c | 14 +-
source3/smbd/server.c| 14 +-
source3/winbindd/winbindd.c | 15 ++-
source4/smbd/server.c| 17 ++---
source4/winbind/wb_dom_info.c|5 +++--
source4/winbind/wb_init_domain.c | 38 --
source4/winbind/wb_sid2domain.c | 14 ++
7 files changed, 91 insertions(+), 26 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source3/nmbd/nmbd.c b/source3/nmbd/nmbd.c
index 12afb00..42e2b2f 100644
--- a/source3/nmbd/nmbd.c
+++ b/source3/nmbd/nmbd.c
@@ -130,8 +130,20 @@ static bool nmbd_setup_stdin_handler(struct
messaging_context *msg, bool foregro
/* if we are running in the foreground then look for
EOF on stdin, and exit if it happens. This allows
us to die if the parent process dies
+ Only do this on a pipe or socket, no other device.
*/
- tevent_add_fd(nmbd_event_context(), nmbd_event_context(), 0,
TEVENT_FD_READ, nmbd_stdin_handler, msg);
+ struct stat st;
+ if (fstat(0, &st) != 0) {
+ return false;
+ }
+ if (S_ISFIFO(st.st_mode) || S_ISSOCK(st.st_mode)) {
+ tevent_add_fd(nmbd_event_context(),
+ nmbd_event_context(),
+ 0,
+ TEVENT_FD_READ,
+ nmbd_stdin_handler,
+ msg);
+ }
}
return true;
diff --git a/source3/smbd/server.c b/source3/smbd/server.c
index f07bd28..d3cd33e 100644
--- a/source3/smbd/server.c
+++ b/source3/smbd/server.c
@@ -1558,8 +1558,20 @@ extern void build_options(bool screen);
/* if we are running in the foreground then look for
EOF on stdin, and exit if it happens. This allows
us to die if the parent process dies
+ Only do this on a pipe or socket, no other device.
*/
- tevent_add_fd(ev_ctx, parent, 0, TEVENT_FD_READ,
smbd_stdin_handler, NULL);
+ struct stat st;
+ if (fstat(0, &st) != 0) {
+ return false;
+ }
+ if (S_ISFIFO(st.st_mode) || S_ISSOCK(st.st_mode)) {
+ tevent_add_fd(ev_ctx,
+ parent,
+ 0,
+ TEVENT_FD_READ,
+ smbd_stdin_handler,
+ NULL);
+ }
}
smbd_parent_loop(ev_ctx, parent);
diff --git a/source3/winbindd/winbindd.c b/source3/winbindd/winbindd.c
index 7a0700d..141ca5c 100644
--- a/source3/winbindd/winbindd.c
+++ b/source3/winbindd/winbindd.c
@@ -308,6 +308,8 @@ bool winbindd_setup_stdin_handler(bool parent, bool
foreground)
bool *is_parent;
if (foreground) {
+ struct stat st;
+
is_parent = talloc(winbind_event_context(), bool);
if (!is_parent) {
return false;
@@ -318,8 +320,19 @@ bool winbindd_setup_stdin_handler(bool parent, bool
foreground)
/* if we are running in the foreground then look for
EOF on stdin, and exit if it happens. This allow
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated
via 0ee8650 ldb: Ensure not to segfault on a filter such as (mail=)
from bbe09b3 Add missing SMB2/SMB3 share capability flag define
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -
commit 0ee8650d778736a130e914df9e14734ef18e0fb5
Author: Andrew Bartlett
Date: Sat Jun 15 16:00:42 2013 +1000
ldb: Ensure not to segfault on a filter such as (mail=)
As reported by Robin McCorkell triggered by
Mozilla Thunderbird as an LDAP client.
Andrew Bartlett
Signed-off-by: Andrew Bartlett
Reviewed-by: Matthieu Patou
Autobuild-User(master): Andrew Bartlett
Autobuild-Date(master): Sat Jun 22 09:33:14 CEST 2013 on sn-devel-104
---
Summary of changes:
lib/ldb/common/ldb_match.c |5 +
1 files changed, 5 insertions(+), 0 deletions(-)
Changeset truncated at 500 lines:
diff --git a/lib/ldb/common/ldb_match.c b/lib/ldb/common/ldb_match.c
index 5eee02d..7918aec 100644
--- a/lib/ldb/common/ldb_match.c
+++ b/lib/ldb/common/ldb_match.c
@@ -249,6 +249,11 @@ static int ldb_wildcard_compare(struct ldb_context *ldb,
return LDB_ERR_INVALID_ATTRIBUTE_SYNTAX;
}
+ if (tree->u.substring.chunks == NULL) {
+ *matched = false;
+ return LDB_SUCCESS;
+ }
+
if (a->syntax->canonicalise_fn(ldb, ldb, &value, &val) != 0) {
return LDB_ERR_INVALID_ATTRIBUTE_SYNTAX;
}
--
Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated
via 48ae86f heimdal_build: Add missing dep on samba4kgetcred
from 7bf8fc7 torture: Add tests for LDAP substring search with no
strings provided
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -
commit 48ae86f74c5ed2ae2612d61e232bfcf93d44c7f8
Author: Andrew Bartlett
Date: Sun Jun 16 14:02:57 2013 +1000
heimdal_build: Add missing dep on samba4kgetcred
This started to fail on current Debian Sid with system Heimdal after a
binutils update.
Andrew Bartlett
Signed-off-by: Andrew Bartlett
Reviewed-By: Jelmer Vernooij
Autobuild-User(master): Andrew Bartlett
Autobuild-Date(master): Tue Jun 25 02:30:59 CEST 2013 on sn-devel-104
---
Summary of changes:
source4/heimdal_build/wscript_build |2 +-
1 files changed, 1 insertions(+), 1 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source4/heimdal_build/wscript_build
b/source4/heimdal_build/wscript_build
index 44634b4..8ca8788 100644
--- a/source4/heimdal_build/wscript_build
+++ b/source4/heimdal_build/wscript_build
@@ -948,7 +948,7 @@ HEIMDAL_BINARY('samba4kinit',
HEIMDAL_BINARY('samba4kgetcred',
'kuser/kgetcred.c',
-deps='krb5 heimntlm roken HEIMDAL_VERS hcrypto',
+deps='krb5 heimntlm roken HEIMDAL_VERS hcrypto asn1',
install=False
)
--
Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 6ac6bf9 docs: Bump version in meta data up to 4.1. from 596b51c s4:server: avoid calling into nss_winbind from within 'samba' http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 6ac6bf9c8c59fa679436d0d674a1b4525b4c6dbb Author: Karolin Seeger Date: Mon Jul 8 09:07:32 2013 +0200 docs: Bump version in meta data up to 4.1. Signed-off-by: Karolin Seeger Reviewed-by: Andrew Bartlett Autobuild-User(master): Andrew Bartlett Autobuild-Date(master): Thu Jul 11 02:53:34 CEST 2013 on sn-devel-104 --- Summary of changes: docs-xml/manpages/dbwrap_tool.1.xml |2 +- docs-xml/manpages/eventlogadm.8.xml |2 +- docs-xml/manpages/findsmb.1.xml |2 +- docs-xml/manpages/idmap_ad.8.xml |2 +- docs-xml/manpages/idmap_autorid.8.xml|2 +- docs-xml/manpages/idmap_hash.8.xml |2 +- docs-xml/manpages/idmap_ldap.8.xml |2 +- docs-xml/manpages/idmap_nss.8.xml|2 +- docs-xml/manpages/idmap_rfc2307.8.xml|2 +- docs-xml/manpages/idmap_rid.8.xml|2 +- docs-xml/manpages/idmap_tdb.8.xml|2 +- docs-xml/manpages/idmap_tdb2.8.xml |2 +- docs-xml/manpages/libsmbclient.7.xml |2 +- docs-xml/manpages/lmhosts.5.xml |2 +- docs-xml/manpages/log2pcap.1.xml |2 +- docs-xml/manpages/net.8.xml |2 +- docs-xml/manpages/nmbd.8.xml |2 +- docs-xml/manpages/nmblookup.1.xml|2 +- docs-xml/manpages/ntlm_auth.1.xml|2 +- docs-xml/manpages/pam_winbind.8.xml |2 +- docs-xml/manpages/pam_winbind.conf.5.xml |2 +- docs-xml/manpages/pdbedit.8.xml |2 +- docs-xml/manpages/profiles.1.xml |2 +- docs-xml/manpages/rpcclient.1.xml|2 +- docs-xml/manpages/samba-tool.8.xml |2 +- docs-xml/manpages/samba.7.xml|2 +- docs-xml/manpages/samba.8.xml|2 +- docs-xml/manpages/sharesec.1.xml |2 +- docs-xml/manpages/smb.conf.5.xml |2 +- docs-xml/manpages/smbcacls.1.xml |2 +- docs-xml/manpages/smbclient.1.xml|2 +- docs-xml/manpages/smbcontrol.1.xml |2 +- docs-xml/manpages/smbcquotas.1.xml |2 +- docs-xml/manpages/smbd.8.xml |2 +- docs-xml/manpages/smbget.1.xml |2 +- docs-xml/manpages/smbgetrc.5.xml |2 +- docs-xml/manpages/smbpasswd.5.xml|2 +- docs-xml/manpages/smbpasswd.8.xml|2 +- docs-xml/manpages/smbspool.8.xml |2 +- docs-xml/manpages/smbstatus.1.xml|2 +- docs-xml/manpages/smbta-util.8.xml |2 +- docs-xml/manpages/smbtar.1.xml |2 +- docs-xml/manpages/smbtree.1.xml |2 +- docs-xml/manpages/swat.8.xml |2 +- docs-xml/manpages/testparm.1.xml |2 +- docs-xml/manpages/vfs_acl_tdb.8.xml |2 +- docs-xml/manpages/vfs_acl_xattr.8.xml|2 +- docs-xml/manpages/vfs_aio_fork.8.xml |2 +- docs-xml/manpages/vfs_aio_linux.8.xml|2 +- docs-xml/manpages/vfs_aio_pthread.8.xml |2 +- docs-xml/manpages/vfs_audit.8.xml|2 +- docs-xml/manpages/vfs_btrfs.8.xml|2 +- docs-xml/manpages/vfs_cacheprime.8.xml |2 +- docs-xml/manpages/vfs_cap.8.xml |2 +- docs-xml/manpages/vfs_catia.8.xml|2 +- docs-xml/manpages/vfs_commit.8.xml |2 +- docs-xml/manpages/vfs_crossrename.8.xml |2 +- docs-xml/manpages/vfs_default_quota.8.xml|2 +- docs-xml/manpages/vfs_dirsort.8.xml |2 +- docs-xml/manpages/vfs_extd_audit.8.xml |2 +- docs-xml/manpages/vfs_fake_perms.8.xml |2 +- docs-xml/manpages/vfs_fileid.8.xml |2 +- docs-xml/manpages/vfs_full_audit.8.xml |2 +- docs-xml/manpages/vfs_gpfs.8.xml |2 +- docs-xml/manpages/vfs_media_harmony.8.xml|2 +- docs-xml/manpages/vfs_netatalk.8.xml |2 +- docs-xml/manpages/vfs_notify_fam.8.xml |2 +- docs-xml/manpages/vfs_prealloc.8.xml |2 +- docs-xml/manpages/vfs_preopen.8.xml |2 +- docs-xml/manpages/vfs_readahead.8.xml|2 +- docs-xm
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated
via bb21fc5 Add torture tests to raw.eas to check sending Windows
invalid names in the middle of an EA list.
via 5d54ac4 Reply with correct trans2 message on a setpathinfo with a
bad EA name.
via b50b006 Ensure we do pathname processing before SD and EA
processing in NTTRANS_CREATE.
via 4a43600 Ensure we can't create a file using NTTRANS with an invalid
EA list.
via 66fb5ee Ensure we can't create a file using TRANS2_OPEN with an
invalid EA list.
via fe542fc Add error map of STATUS_INVALID_EA_NAME -> ERRDOS,
ERRbadfile
via 50a288c Add the ability to send an NTSTATUS result back with a
trans2 reply so we can return a parameter block with an error code.
via 21c9296 Ensure we can't create a file using SMB2_CREATE with an
invalid EA list.
via 66e7b15 Ensure we never return an EA name to a Windows client it
can't handle.
via f246d69 Ensure set_ea cannot set invalid Windows EA names.
via 1766f9e Add ea_list_has_invalid_name() function.
from 51c68c2 librpc: srvsvc.idl: define level 1005 share info flags
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -
commit bb21fc51e42c830d7fab4e89d83f8ef4d122fa1a
Author: Jeremy Allison
Date: Tue Jul 9 16:37:48 2013 -0700
Add torture tests to raw.eas to check sending Windows invalid names in the
middle of an EA list.
Add torture tests to probe the set of invalid
Windows EA names.
Bug 9992 - Windows error 0x800700FE when copying files with xattr names
containing ":"
Signed-off-by: Jeremy Allison
Reviewed-by: Andrew Bartlett
Autobuild-User(master): Andrew Bartlett
Autobuild-Date(master): Fri Jul 19 11:50:25 CEST 2013 on sn-devel-104
commit 5d54ac414f2130fcbd434b7c96e1efe4a22cc1ff
Author: Jeremy Allison
Date: Tue Jul 16 09:14:12 2013 -0700
Reply with correct trans2 message on a setpathinfo with a bad EA name.
Bug 9992 - Windows error 0x800700FE when copying files with xattr names
containing ":"
Signed-off-by: Jeremy Allison
Reviewed-by: Andrew Bartlett
commit b50b006ace92bb0781173b1244e84ae7bf64732f
Author: Jeremy Allison
Date: Tue Jul 16 11:05:10 2013 -0700
Ensure we do pathname processing before SD and EA processing in
NTTRANS_CREATE.
Bug 9992 - Windows error 0x800700FE when copying files with xattr names
containing ":"
Signed-off-by: Jeremy Allison
Reviewed-by: Andrew Bartlett
commit 4a4360070589a314667166f86c395878659123e1
Author: Jeremy Allison
Date: Tue Jul 9 15:54:39 2013 -0700
Ensure we can't create a file using NTTRANS with an invalid EA list.
Bug 9992 - Windows error 0x800700FE when copying files with xattr names
containing ":"
Signed-off-by: Jeremy Allison
Reviewed-by: Andrew Bartlett
commit 66fb5eeb968e12049381337d7c01401815537a34
Author: Jeremy Allison
Date: Tue Jul 9 15:59:53 2013 -0700
Ensure we can't create a file using TRANS2_OPEN with an invalid EA list.
Bug 9992 - Windows error 0x800700FE when copying files with xattr names
containing ":"
Signed-off-by: Jeremy Allison
Reviewed-by: Andrew Bartlett
commit fe542fc170053a370092fcf442075dc44189f23e
Author: Jeremy Allison
Date: Wed Jul 10 12:18:36 2013 -0700
Add error map of STATUS_INVALID_EA_NAME -> ERRDOS, ERRbadfile
(from Windows2012 tests).
Bug 9992 - Windows error 0x800700FE when copying files with xattr names
containing ":"
Signed-off-by: Jeremy Allison
Reviewed-by: Andrew Bartlett
commit 50a288cb6a9bfff1d16cf488bbc0eedcb6ad4602
Author: Jeremy Allison
Date: Wed Jul 10 12:38:41 2013 -0700
Add the ability to send an NTSTATUS result back with a trans2 reply so we
can return a parameter block with an error code.
This is needed when returning a STATUS_INVALID_NAME result (tested
from Windows 2012).
Bug 9992 - Windows error 0x800700FE when copying files with xattr names
containing ":"
Signed-off-by: Jeremy Allison
Reviewed-by: Andrew Bartlett
commit 21c92969b8d0ad7a77028d24c5b3fea63264e473
Author: Jeremy Allison
Date: Tue Jul 9 16:02:50 2013 -0700
Ensure we can't create a file using SMB2_CREATE with an invalid EA list.
Bug 9992 - Windows error 0x800700FE when copying files with xattr names
containing ":"
Signed-off-by: Jeremy Allison
Reviewed-by: Andrew Bartlett
commit 66e7b15982f188e8b1886eaacf850a7c623733d8
Author: Jeremy Allison
Date: Tue Jul 9 16:21:18 2013 -0700
Ensure we never return an EA name to a Windows client it can't handle.
Bug 9992 - Windows error 0x800700FE when copying
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated
via 077dfd0 s4-lib/socket: Allocate a the larger sockaddr_un and not
just a sockaddr_in in unixdom_get_my_addr()
from a7801db docs-xml: Remove obsolete swat manpage and references.
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -
commit 077dfd0a89a854c21b91b0f871d034fd9fe82a9a
Author: Stefan Metzmacher
Date: Wed Jul 24 10:19:26 2013 +1200
s4-lib/socket: Allocate a the larger sockaddr_un and not just a sockaddr_in
in unixdom_get_my_addr()
This caused crashes in _tsocket_address_bsd_from_sockaddr() when we
read past the end of the allocation.
(similar to commit e9ae36e9683372b86f1efbd29904722a33fea083)
Bug: https://bugzilla.samba.org/show_bug.cgi?id=10042
Signed-off-by: Stefan Metzmacher
Reviewed-by: Andrew Bartlett
Autobuild-User(master): Andrew Bartlett
Autobuild-Date(master): Wed Jul 24 14:37:43 CEST 2013 on sn-devel-104
---
Summary of changes:
source4/lib/socket/socket_unix.c |4 ++--
1 files changed, 2 insertions(+), 2 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source4/lib/socket/socket_unix.c b/source4/lib/socket/socket_unix.c
index 3aa5440..6876e39 100644
--- a/source4/lib/socket/socket_unix.c
+++ b/source4/lib/socket/socket_unix.c
@@ -362,7 +362,7 @@ static struct socket_address *unixdom_get_peer_addr(struct
socket_context *sock,
static struct socket_address *unixdom_get_my_addr(struct socket_context *sock,
TALLOC_CTX *mem_ctx)
{
- struct sockaddr_in *local_addr;
+ struct sockaddr_un *local_addr;
socklen_t len = sizeof(*local_addr);
struct socket_address *local;
int ret;
@@ -373,7 +373,7 @@ static struct socket_address *unixdom_get_my_addr(struct
socket_context *sock, T
}
local->family = sock->backend_name;
- local_addr = talloc(local, struct sockaddr_in);
+ local_addr = talloc(local, struct sockaddr_un);
if (!local_addr) {
talloc_free(local);
return NULL;
--
Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated
via 73a9e6a selftest: Print error message when smbd does not have ADS
support
from f908e6b nsswitch: Add OPT_KRB5CCNAME to avoid an error message.
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -
commit 73a9e6a73b3508fd689a18c72d0f5574f2fecf91
Author: Christof Schmitt
Date: Wed Jul 3 12:49:43 2013 -0700
selftest: Print error message when smbd does not have ADS support
When smbd cannot be compiled with ADS support, setting up the s3member
environment fails with:
samba: using 'standard' process model
Samba can't provide environment 's3member' at
/test/samba/selftest/target/Samba.pm line 44.
Can't use string ("UNKNOWN") as a HASH ref while "strict refs" in use at
/test/samba/selftest/selftest.pl line 852.
samba: EOF on stdin - terminating
Add an explicit error message for the missing ADS support to make this
easier to debug and also avoid the warning about the hash reference:
samba: using 'standard' process model
Samba can't provide environment 's3member' at
/test/samba/selftest/target/Samba.pm line 44.
Unable to setup environment s3member at /test/samba/selftest/selftest.pl
line 851.
smbd does not have ADS support
samba: EOF on stdin - terminating
Signed-off-by: Christof Schmitt
Reviewed-by: Andreas Schneider
Reviewed-by: Andrew Bartlett
Autobuild-User(master): Andrew Bartlett
Autobuild-Date(master): Sat Jul 27 08:31:14 CEST 2013 on sn-devel-104
---
Summary of changes:
selftest/selftest.pl |4 +++-
selftest/target/Samba3.pm |1 +
2 files changed, 4 insertions(+), 1 deletions(-)
Changeset truncated at 500 lines:
diff --git a/selftest/selftest.pl b/selftest/selftest.pl
index cc947a1..b60b762 100755
--- a/selftest/selftest.pl
+++ b/selftest/selftest.pl
@@ -847,7 +847,9 @@ if ($opt_testenv) {
my $testenv_vars = setup_env($testenv_name, $prefix);
- die("Unable to setup environment $testenv_name") unless ($testenv_vars);
+ if (not $testenv_vars or $testenv_vars eq "UNKNOWN") {
+ die("Unable to setup environment $testenv_name");
+ }
$ENV{PIDDIR} = $testenv_vars->{PIDDIR};
$ENV{ENVNAME} = $testenv_name;
diff --git a/selftest/target/Samba3.pm b/selftest/target/Samba3.pm
index 26f5e92..20587bf 100755
--- a/selftest/target/Samba3.pm
+++ b/selftest/target/Samba3.pm
@@ -25,6 +25,7 @@ sub have_ads($) {
close IN;
# If we were not built with ADS support, pretend we were never even
available
+ print "smbd does not have ADS support\n" unless $found_ads;
return $found_ads;
}
--
Samba Shared Repository
