svn commit: samba r24061 - in branches/SAMBA_4_0/source: auth kdc
Author: abartlet Date: 2007-07-27 06:31:12 + (Fri, 27 Jul 2007) New Revision: 24061 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=24061 Log: Anther part of bug #4823, which is that until now Samba4 didn't parse the logon hours, even if set. This code happily stolen from the great work in Samba3 :-) Andrew Bartlett Modified: branches/SAMBA_4_0/source/auth/auth.h branches/SAMBA_4_0/source/auth/sam.c branches/SAMBA_4_0/source/kdc/hdb-ldb.c Changeset: Modified: branches/SAMBA_4_0/source/auth/auth.h === --- branches/SAMBA_4_0/source/auth/auth.h 2007-07-27 03:08:15 UTC (rev 24060) +++ branches/SAMBA_4_0/source/auth/auth.h 2007-07-27 06:31:12 UTC (rev 24061) @@ -21,6 +21,8 @@ #ifndef _SAMBA_AUTH_H #define _SAMBA_AUTH_H +extern const char *user_attrs[]; + union netr_Validation; struct netr_SamBaseInfo; struct netr_SamInfo3; Modified: branches/SAMBA_4_0/source/auth/sam.c === --- branches/SAMBA_4_0/source/auth/sam.c2007-07-27 03:08:15 UTC (rev 24060) +++ branches/SAMBA_4_0/source/auth/sam.c2007-07-27 06:31:12 UTC (rev 24061) @@ -45,6 +45,7 @@ "pwdLastSet", "accountExpires", + "logonHours", "objectSid", @@ -67,9 +68,70 @@ }; const char *domain_ref_attrs[] = {"nETBIOSName", "nCName", - "dnsRoot", "objectClass", NULL}; + "dnsRoot", "objectClass", NULL}; +/ + Check if a user is allowed to logon at this time. Note this is the + servers local time, as logon hours are just specified as a weekly + bitmask. +/ + +static BOOL logon_hours_ok(struct ldb_message *msg, const char *name_for_logs) +{ + /* In logon hours first bit is Sunday from 12AM to 1AM */ + const struct ldb_val *hours; + struct tm *utctime; + time_t lasttime; + const char *asct; + uint8_t bitmask, bitpos; + hours = ldb_msg_find_ldb_val(msg, "logonHours"); + if (!hours) { + DEBUG(5,("logon_hours_ok: No hours restrictions for user %s\n", name_for_logs)); + return True; + } + + if (hours->length != 168/8) { + DEBUG(5,("logon_hours_ok: malformed logon hours restrictions for user %s\n", name_for_logs)); + return True; + } + + lasttime = time(NULL); + utctime = gmtime(&lasttime); + if (!utctime) { + DEBUG(1, ("logon_hours_ok: failed to get gmtime. Failing logon for user %s\n", + name_for_logs)); + return False; + } + + /* find the corresponding byte and bit */ + bitpos = (utctime->tm_wday * 24 + utctime->tm_hour) % 168; + bitmask = 1 << (bitpos % 8); + + if (! (hours->data[bitpos/8] & bitmask)) { + struct tm *t = localtime(&lasttime); + if (!t) { + asct = "INVALID TIME"; + } else { + asct = asctime(t); + if (!asct) { + asct = "INVALID TIME"; + } + } + + DEBUG(1, ("logon_hours_ok: Account for user %s not allowed to " + "logon at this time (%s).\n", + name_for_logs, asct )); + return False; + } + + asct = asctime(utctime); + DEBUG(5,("logon_hours_ok: user %s allowed to logon at this time (%s)\n", + name_for_logs, asct ? asct : "UNKNOWN TIME" )); + + return True; +} + / Do a specific test for a SAM_ACCOUNT being vaild for this connection (ie not disabled, expired and the like). @@ -164,6 +226,10 @@ } } + if (!logon_hours_ok(msg, name_for_logs)) { + return NT_STATUS_INVALID_LOGON_HOURS; + } + if (acct_flags & ACB_DOMTRUST) { DEBUG(2,("sam_account_ok: Domain trust account %s denied by server\n", name_for_logs)); return NT_STATUS_NOLOGON_INTERDOMAIN_TRUST_ACCOUNT; Modified: branches/SAMBA_4_0/source/kdc/hdb-ldb.c === --- branches/SAMBA_4_0/source/kdc/hdb-ldb.c 2007-07-27 03:08:15 UTC (rev 24060) +++ branches/SAMBA_4_0/source/kdc/hdb-ldb.c 2007-07-27 06:31:12 UTC (rev 24061) @@ -54,29 +54,6 @@ { HDB_LDB_ENT_TYPE_CLIENT, HDB_LDB_ENT_TYPE_SERVER, HDB_LDB_ENT_TYPE_KRBTGT, HDB_LDB_ENT_TYPE_
svn commit: samba r24060 - in branches/SAMBA_4_0/source: dsdb/samdb/ldb_modules dsdb/schema setup
Author: abartlet Date: 2007-07-27 03:08:15 + (Fri, 27 Jul 2007) New Revision: 24060 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=24060 Log: Fix bug #4806 by Matthias Walln?\195?\182fer <[EMAIL PROTECTED]>: We need to include the attribute allowedChildClassesEffective for MMC to allow the creation of containers. This may need further refinement, but it seems to work for now. Andrew Bartlett Modified: branches/SAMBA_4_0/source/dsdb/samdb/ldb_modules/kludge_acl.c branches/SAMBA_4_0/source/dsdb/schema/schema.h branches/SAMBA_4_0/source/dsdb/schema/schema_init.c branches/SAMBA_4_0/source/setup/provision_users_modify.ldif Changeset: Modified: branches/SAMBA_4_0/source/dsdb/samdb/ldb_modules/kludge_acl.c === --- branches/SAMBA_4_0/source/dsdb/samdb/ldb_modules/kludge_acl.c 2007-07-27 02:07:17 UTC (rev 24059) +++ branches/SAMBA_4_0/source/dsdb/samdb/ldb_modules/kludge_acl.c 2007-07-27 03:08:15 UTC (rev 24060) @@ -107,13 +107,15 @@ enum user_is user_type; bool allowedAttributes; bool allowedAttributesEffective; + bool allowedChildClasses; + bool allowedChildClassesEffective; const char **attrs; }; /* read all objectClasses */ static int kludge_acl_allowedAttributes(struct ldb_context *ldb, struct ldb_message *msg, -const char *attrName) + const char *attrName) { struct ldb_message_element *oc_el; struct ldb_message_element *allowedAttributes; @@ -129,12 +131,13 @@ we alter the element array in ldb_msg_add_empty() */ oc_el = ldb_msg_find_element(msg, "objectClass"); - for (i=0; i < oc_el->num_values; i++) { + for (i=0; oc_el && i < oc_el->num_values; i++) { class = dsdb_class_by_lDAPDisplayName(schema, (const char *)oc_el->values[i].data); if (!class) { /* We don't know this class? what is going on? */ continue; } + for (j=0; class->mayContain && class->mayContain[j]; j++) { ldb_msg_add_string(msg, attrName, class->mayContain[j]); } @@ -169,7 +172,58 @@ return 0; } +/* read all objectClasses */ +static int kludge_acl_childClasses(struct ldb_context *ldb, struct ldb_message *msg, + const char *attrName) +{ + struct ldb_message_element *oc_el; + struct ldb_message_element *allowedClasses; + const struct dsdb_schema *schema = dsdb_get_schema(ldb); + const struct dsdb_class *class; + int i, j, ret; + ret = ldb_msg_add_empty(msg, attrName, 0, &allowedClasses); + if (ret != LDB_SUCCESS) { + return ret; + } + + /* To ensure that oc_el is valid, we must look for it after + we alter the element array in ldb_msg_add_empty() */ + oc_el = ldb_msg_find_element(msg, "objectClass"); + + for (i=0; oc_el && i < oc_el->num_values; i++) { + class = dsdb_class_by_lDAPDisplayName(schema, (const char *)oc_el->values[i].data); + if (!class) { + /* We don't know this class? what is going on? */ + continue; + } + + for (j=0; class->possibleInferiors && class->possibleInferiors[j]; j++) { + ldb_msg_add_string(msg, attrName, class->possibleInferiors[j]); + } + } + + if (allowedClasses->num_values > 1) { + qsort(allowedClasses->values, + allowedClasses->num_values, + sizeof(*allowedClasses->values), + (comparison_fn_t)data_blob_cmp); + + for (i=1 ; i < allowedClasses->num_values; i++) { + struct ldb_val *val1 = &allowedClasses->values[i-1]; + struct ldb_val *val2 = &allowedClasses->values[i]; + if (data_blob_cmp(val1, val2) == 0) { + memmove(val1, val2, (allowedClasses->num_values - i) * sizeof( struct ldb_val)); + allowedClasses->num_values--; + i--; + } + } + } + + return 0; + +} + /* find all attributes allowed by all these objectClasses */ static int kludge_acl_callback(struct ldb_context *ldb, void *context, struct ldb_reply *ares) @@ -194,8 +248,15 @@ ret = kludge_acl_allowedAttributes(ldb, ares->message, "allowedAttributes"); if (ret != LDB_SUCCESS) { return ret; + } } + if (ac->allowedChildClasses) { + ret = kludge_acl_childClasses(ldb, ares->message,
svn commit: samba r24059 - in branches/SAMBA_4_0/source: rpc_server/samr torture/rpc
Author: abartlet Date: 2007-07-27 02:07:17 + (Fri, 27 Jul 2007) New Revision: 24059 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=24059 Log: Fix bug 4822 reported by Matthias Walln?\195?\182fer <[EMAIL PROTECTED]>. Any SAMR client (usrmgr.exe in this case) that attempted to set a property to a zero length string found instead the the old value was kept. In fixing this, rework the macros to be cleaner (add the always-present .string) to every macro, and remove the use of the samdb_modify() and samdb_replace() wrappers where possible. Andrew Bartlett Modified: branches/SAMBA_4_0/source/rpc_server/samr/dcesrv_samr.c branches/SAMBA_4_0/source/torture/rpc/samr.c Changeset: Sorry, the patch is too large (673 lines) to include; please use WebSVN to see it! WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=24059
Build status as of Fri Jul 27 00:00:01 2007
URL: http://build.samba.org/ --- /home/build/master/cache/broken_results.txt.old 2007-07-26 00:00:46.0 + +++ /home/build/master/cache/broken_results.txt 2007-07-27 00:00:32.0 + @@ -1,10 +1,10 @@ -Build status as of Thu Jul 26 00:00:02 2007 +Build status as of Fri Jul 27 00:00:01 2007 Build counts: Tree Total Broken Panic SOC 0 0 0 build_farm 0 0 0 -ccache 35 8 0 +ccache 34 8 0 ctdb 0 0 0 distcc 2 0 0 ldb 35 4 0 @@ -16,9 +16,9 @@ rsync36 13 0 samba-docs 0 0 0 samba-gtk3 3 0 -samba4 33 30 6 +samba4 32 30 4 samba_3_236 21 0 smb-build33 33 0 -talloc 36 1 0 -tdb 34 3 0 +talloc 35 1 0 +tdb 35 3 0
svn commit: samba-web r1135 - in trunk/cifs: .
Author: sfrench Date: 2007-07-26 21:20:01 + (Thu, 26 Jul 2007) New Revision: 1135 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba-web&rev=1135 Log: Update with link to new cifs backport version 1.50 Modified: trunk/cifs/cifs_download.html Changeset: Modified: trunk/cifs/cifs_download.html === --- trunk/cifs/cifs_download.html 2007-07-26 21:19:39 UTC (rev 1134) +++ trunk/cifs/cifs_download.html 2007-07-26 21:20:01 UTC (rev 1135) @@ -34,7 +34,7 @@ cifs.ko kernel module (source code) http://pserver.samba.org/samba/ftp/cifs-cvs/cifs-1.34a-SLES9.tar.gz";>fs/cifs/ src 1.34a ftp://pserver.samba.org/samba/ftp/cifs-cvs/cifs-1.34-RHEL4a.tar.gz";>fs/cifs src 1.34a - http://pserver.samba.org/samba/ftp/cifs-cvs/cifs-1.34a.tar.gz";>fs/cifs src 1.34a + http://pserver.samba.org/samba/ftp/cifs-cvs/cifs-1.50.tar.gz";>fs/cifs src 1.50 cifs.ko kernel module (prebuilt for x86 default kernel) @@ -122,4 +122,4 @@ - \ No newline at end of file +
svn commit: samba-web r1134 - in trunk: .
Author: sfrench Date: 2007-07-26 21:19:39 + (Thu, 26 Jul 2007) New Revision: 1134 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba-web&rev=1134 Log: Update link to new cifs version (1.50). Modified: trunk/Linux_CIFS_client.html Changeset: Modified: trunk/Linux_CIFS_client.html === --- trunk/Linux_CIFS_client.html2007-07-26 21:11:19 UTC (rev 1133) +++ trunk/Linux_CIFS_client.html2007-07-26 21:19:39 UTC (rev 1134) @@ -14,14 +14,11 @@ LATEST UPDATES – cifs user's guide documentation is now -available on samba.org. cifs vfs version 1.48 is accepted into -mainline kernel (2.6.21) which includes spectacularly better write -performance for some common small sequential write workloads. cifs -1.49 includes support for ipv6 and also much better mkdir performance -to Samba 3.0.25 (which leverages the newest CIFS POSIX protocol -extensions). A backported version of cifs 1.48 which builds on old -kernel versions is also available. cifs vfs 1.49 is current in the -cifs-2.6.git tree. +available on samba.org. cifs vfs version 1.50 is accepted into +mainline kernel (2.6.23-rc1) and includes improved POSIX delete +as well as bug fixes (e.g. for NTLMv2 signing). +A backported version of cifs 1.50 which builds on old +kernel versions is also available. @@ -83,9 +80,7 @@ the other features being planned for future releases. The CIFS VFS has been tested with Linux 2.4.14 and later as well as regular testing on Linux 2.6 (and has been in the kernel source - starting with Linux kernel 2.5.42. The CIFS client is no longer - considered "expiremental" in Linux versions after 2.6.7 - (cifs version 1.19) or later. Testing has been done on various + starting with Linux kernel 2.5.42. Testing has been done on various hardware architectures including x86 and even big endian zSeries hardware. The cifs and smbfs file systems can coexist on the same system and do not conflict. @@ -94,8 +89,8 @@ compile on 2.4 kernels, not just older 2.6. kernel versions). To download replacement files for the fs/cifs directory which includes a relatively recent version of the cifs vfs which has - been backported to build on various earlier kernels click http://pserver.samba.org/samba/ftp/cifs-cvs/cifs-1.48a.tar.gz";>cifs - 1.48a for 2.6 kernels (released April 4th, 2007). + been backported to build on various earlier kernels (2.6.14 or later) click http://pserver.samba.org/samba/ftp/cifs-cvs/cifs-1.50.tar.gz";>cifs + 1.50 for 2.6 kernels (released July 25th, 2007). CIFS VFS is licensed under the http://www.gnu.org/copyleft/gpl.html";>GNU General Public License version 2 or later. @@ -111,4 +106,4 @@ - \ No newline at end of file +
svn commit: samba-web r1133 - in trunk: .
Author: sfrench Date: 2007-07-26 21:11:19 + (Thu, 26 Jul 2007) New Revision: 1133 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba-web&rev=1133 Log: Add link to CIFS Unix Extensions wiki Modified: trunk/CIFS_POSIX_extensions.html Changeset: Modified: trunk/CIFS_POSIX_extensions.html === --- trunk/CIFS_POSIX_extensions.html2007-07-09 17:12:37 UTC (rev 1132) +++ trunk/CIFS_POSIX_extensions.html2007-07-26 21:11:19 UTC (rev 1133) @@ -1,7 +1,7 @@ -CIFS POSIX Protocol/TITLE> +CIFS POSIX Protocol @@ -9,7 +9,7 @@ -LATEST UPDATES - CIFS POSIX Extensions presented at the 2006 Storage Developer Conference hosted by SNIA. +LATEST UPDATES - CIFS POSIX Extensions presented at the 2007 Ottawa Linux Symposium and at Connectathon. Overview of the most current version will be presented at 2007 Storage Developer Conference in September @@ -28,18 +28,20 @@ http://us1.samba.org/samba/images/cifs-rail.jpg"; src="samba/images/cifs-rail.jpg"> - http://en.wikipedia.org/wiki/CIFS";>What is the CIFS Protocol? - mailto:[EMAIL PROTECTED]@us.ibm.com">Questions to developers - -ftp://ftp.microsoft.com/developr/drg/cifs/";> Older Specifications - http://ubiqx.org/cifs/References.html";>Miscellaneous references to SMB/CIFS and loosely related protocols - http://samba.org/samba/ftp/cifs-cvs/snia-developer-2006-cifs-extensions.pdf";>Presentations -http://www.snia.org/tech_activities/CIFS/CIFS-TR-1p00_FINAL.pdf";>SNIA + + +http://en.wikipedia.org/wiki/CIFS";>What is the CIFS Protocol? +http://wiki.samba.org/index.php/UNIX_Extensions";>Unix Extensions Documentation (wiki) +ftp://ftp.microsoft.com/developr/drg/cifs/";> Older Specifications +http://ubiqx.org/cifs/References.html";>Miscellaneous references to SMB/CIFS and loosely related protocols +http://samba.org/samba/ftp/cifs-cvs/snia-developer-2006-cifs-extensions.pdf";>Presentations +http://www.snia.org/tech_activities/CIFS/CIFS-TR-1p00_FINAL.pdf";>SNIA CIFS Specification - http://www.ietf.org/internet-drafts/draft-crhertel-smb-url-11.txt";>SMB URL Specification +http://www.ietf.org/internet-drafts/draft-crhertel-smb-url-11.txt";>SMB URL Specification http://www.ubiqx.org/cifs/";>Implementing CIFS (Online Book) - + +mailto:[EMAIL PROTECTED]@us.ibm.com">Questions to developers + The CIFS POSIX Extensions are protocol extensions to enable POSIX compliant
svn commit: samba r24058 - in branches: SAMBA_3_2/source/libads SAMBA_3_2_0/source/libads
Author: vlendec Date: 2007-07-26 17:27:03 + (Thu, 26 Jul 2007) New Revision: 24058 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=24058 Log: Fix some memory leaks in ads_secrets_verify_ticket. Jeremy, G?\195?\188nther, please review! Thanks, Volker Modified: branches/SAMBA_3_2/source/libads/kerberos_verify.c branches/SAMBA_3_2_0/source/libads/kerberos_verify.c Changeset: Modified: branches/SAMBA_3_2/source/libads/kerberos_verify.c === --- branches/SAMBA_3_2/source/libads/kerberos_verify.c 2007-07-26 16:39:48 UTC (rev 24057) +++ branches/SAMBA_3_2/source/libads/kerberos_verify.c 2007-07-26 17:27:03 UTC (rev 24058) @@ -274,6 +274,7 @@ auth_ok = True; krb5_copy_keyblock(context, key, keyblock); krb5_free_keyblock(context, key); + SAFE_FREE(key); break; } @@ -285,10 +286,12 @@ if (ret == KRB5KRB_AP_ERR_TKT_NYV || ret == KRB5KRB_AP_ERR_TKT_EXPIRED || ret == KRB5KRB_AP_ERR_SKEW) { + SAFE_FREE(key); break; } krb5_free_keyblock(context, key); + SAFE_FREE(key); } Modified: branches/SAMBA_3_2_0/source/libads/kerberos_verify.c === --- branches/SAMBA_3_2_0/source/libads/kerberos_verify.c2007-07-26 16:39:48 UTC (rev 24057) +++ branches/SAMBA_3_2_0/source/libads/kerberos_verify.c2007-07-26 17:27:03 UTC (rev 24058) @@ -274,6 +274,7 @@ auth_ok = True; krb5_copy_keyblock(context, key, keyblock); krb5_free_keyblock(context, key); + SAFE_FREE(key); break; } @@ -285,10 +286,12 @@ if (ret == KRB5KRB_AP_ERR_TKT_NYV || ret == KRB5KRB_AP_ERR_TKT_EXPIRED || ret == KRB5KRB_AP_ERR_SKEW) { + SAFE_FREE(key); break; } krb5_free_keyblock(context, key); + SAFE_FREE(key); }
svn commit: samba r24057 - in branches/SAMBA_3_2/source/utils: .
Author: vlendec Date: 2007-07-26 16:39:48 + (Thu, 26 Jul 2007) New Revision: 24057 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=24057 Log: Fix some uninitialized variables found by the IBM checker Modified: branches/SAMBA_3_2/source/utils/net_rpc_registry.c Changeset: Modified: branches/SAMBA_3_2/source/utils/net_rpc_registry.c === --- branches/SAMBA_3_2/source/utils/net_rpc_registry.c 2007-07-26 16:01:12 UTC (rev 24056) +++ branches/SAMBA_3_2/source/utils/net_rpc_registry.c 2007-07-26 16:39:48 UTC (rev 24057) @@ -70,6 +70,8 @@ NTSTATUS status; struct winreg_String key; + ZERO_STRUCT(key); + if (!reg_hive_key(name, &hive, &key.name)) { return NT_STATUS_INVALID_PARAMETER; } @@ -330,6 +332,8 @@ return werror_to_ntstatus(err); } + ZERO_STRUCT(name_string); + name_string.name = name; result = rpccli_winreg_SetValue(pipe_hnd, blob.data, key_hnd, name_string, value->type, @@ -417,6 +421,8 @@ NTSTATUS status; struct winreg_String valuename; + ZERO_STRUCT(valuename); + status = registry_openkey(mem_ctx, pipe_hnd, argv[0], REG_KEY_WRITE, &hive_hnd, &key_hnd); if (!NT_STATUS_IS_OK(status)) { @@ -467,6 +473,9 @@ enum winreg_CreateAction action; NTSTATUS status; + ZERO_STRUCT(key); + ZERO_STRUCT(keyclass); + if (!reg_hive_key(argv[0], &hive, &key.name)) { return NT_STATUS_INVALID_PARAMETER; } @@ -533,6 +542,8 @@ struct winreg_String key; NTSTATUS status; + ZERO_STRUCT(key); + if (!reg_hive_key(argv[0], &hive, &key.name)) { return NT_STATUS_INVALID_PARAMETER; }
svn commit: samba r24056 - in branches/SAMBA_3_2/source/smbd: .
Author: vlendec Date: 2007-07-26 16:01:12 + (Thu, 26 Jul 2007) New Revision: 24056 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=24056 Log: Another big one: This converts reply_sesssetup_and_X to the new API. As usual, its history can be found on http://samba.org/~vlendec/sesssetup/. This very obviously needs close review. Volker Modified: branches/SAMBA_3_2/source/smbd/process.c branches/SAMBA_3_2/source/smbd/sesssetup.c Changeset: Sorry, the patch is too large (999 lines) to include; please use WebSVN to see it! WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=24056
svn commit: samba r24055 - in branches: SAMBA_3_0 SAMBA_3_0_25 SAMBA_3_0_26 SAMBA_3_2 SAMBA_3_2_0
Author: jerry Date: 2007-07-26 12:08:13 + (Thu, 26 Jul 2007) New Revision: 24055 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=24055 Log: Remove a reference to the outdated samba-docs mailing list. This entire README really needs to be overhauled at some point. Modified: branches/SAMBA_3_0/README branches/SAMBA_3_0_25/README branches/SAMBA_3_0_26/README branches/SAMBA_3_2/README branches/SAMBA_3_2_0/README Changeset: Modified: branches/SAMBA_3_0/README === --- branches/SAMBA_3_0/README 2007-07-26 07:48:14 UTC (rev 24054) +++ branches/SAMBA_3_0/README 2007-07-26 12:08:13 UTC (rev 24055) @@ -134,9 +134,9 @@ A list of Samba documentation in languages other than English is available on the web page. -If you would like to help with the documentation (and we _need_ help!) -then have a look at the mailing list samba-docs, archived at -http://lists.samba.org/listinfo/samba-docs/ +If you would like to help with the documentation, please coodinate +on the [EMAIL PROTECTED] mailing list. See the next section for details +on subscribing to samba mailing lists. MAILING LIST Modified: branches/SAMBA_3_0_25/README === --- branches/SAMBA_3_0_25/README2007-07-26 07:48:14 UTC (rev 24054) +++ branches/SAMBA_3_0_25/README2007-07-26 12:08:13 UTC (rev 24055) @@ -134,9 +134,9 @@ A list of Samba documentation in languages other than English is available on the web page. -If you would like to help with the documentation (and we _need_ help!) -then have a look at the mailing list samba-docs, archived at -http://lists.samba.org/listinfo/samba-docs/ +If you would like to help with the documentation, please coodinate +on the [EMAIL PROTECTED] mailing list. See the next section for details +on subscribing to samba mailing lists. MAILING LIST Modified: branches/SAMBA_3_0_26/README === --- branches/SAMBA_3_0_26/README2007-07-26 07:48:14 UTC (rev 24054) +++ branches/SAMBA_3_0_26/README2007-07-26 12:08:13 UTC (rev 24055) @@ -134,9 +134,9 @@ A list of Samba documentation in languages other than English is available on the web page. -If you would like to help with the documentation (and we _need_ help!) -then have a look at the mailing list samba-docs, archived at -http://lists.samba.org/listinfo/samba-docs/ +If you would like to help with the documentation, please coodinate +on the [EMAIL PROTECTED] mailing list. See the next section for details +on subscribing to samba mailing lists. MAILING LIST Modified: branches/SAMBA_3_2/README === --- branches/SAMBA_3_2/README 2007-07-26 07:48:14 UTC (rev 24054) +++ branches/SAMBA_3_2/README 2007-07-26 12:08:13 UTC (rev 24055) @@ -134,9 +134,9 @@ A list of Samba documentation in languages other than English is available on the web page. -If you would like to help with the documentation (and we _need_ help!) -then have a look at the mailing list samba-docs, archived at -http://lists.samba.org/listinfo/samba-docs/ +If you would like to help with the documentation, please coodinate +on the [EMAIL PROTECTED] mailing list. See the next section for details +on subscribing to samba mailing lists. MAILING LIST Modified: branches/SAMBA_3_2_0/README === --- branches/SAMBA_3_2_0/README 2007-07-26 07:48:14 UTC (rev 24054) +++ branches/SAMBA_3_2_0/README 2007-07-26 12:08:13 UTC (rev 24055) @@ -134,9 +134,9 @@ A list of Samba documentation in languages other than English is available on the web page. -If you would like to help with the documentation (and we _need_ help!) -then have a look at the mailing list samba-docs, archived at -http://lists.samba.org/listinfo/samba-docs/ +If you would like to help with the documentation, please coodinate +on the [EMAIL PROTECTED] mailing list. See the next section for details +on subscribing to samba mailing lists. MAILING LIST
svn commit: samba r24054 - in branches: SAMBA_3_2/source/lib/replace/test SAMBA_3_2_0/source/lib/replace/test SAMBA_4_0/source/lib/replace/test
Author: vlendec Date: 2007-07-26 07:48:14 + (Thu, 26 Jul 2007) New Revision: 24054 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=24054 Log: Fix some warnings Modified: branches/SAMBA_3_2/source/lib/replace/test/testsuite.c branches/SAMBA_3_2_0/source/lib/replace/test/testsuite.c branches/SAMBA_4_0/source/lib/replace/test/testsuite.c Changeset: Modified: branches/SAMBA_3_2/source/lib/replace/test/testsuite.c === --- branches/SAMBA_3_2/source/lib/replace/test/testsuite.c 2007-07-26 07:27:46 UTC (rev 24053) +++ branches/SAMBA_3_2/source/lib/replace/test/testsuite.c 2007-07-26 07:48:14 UTC (rev 24054) @@ -519,7 +519,7 @@ { printf("test: strtoll\n"); -#define TEST_STRTOLL(str,base,res,diff,errnoo) TEST_STRTO_X(int64_t, "%lld", strtoll,str,base,res,diff,errnoo) +#define TEST_STRTOLL(str,base,res,diff,errnoo) TEST_STRTO_X(long long int, "%lld", strtoll,str,base,res,diff,errnoo) TEST_STRTOLL("15", 10, 15LL, 2, 0); TEST_STRTOLL(" 15",10, 15LL, 4, 0); @@ -618,7 +618,7 @@ { printf("test: strtoull\n"); -#define TEST_STRTOULL(str,base,res,diff,errnoo) TEST_STRTO_X(uint64_t,"%llu",strtoull,str,base,res,diff,errnoo) +#define TEST_STRTOULL(str,base,res,diff,errnoo) TEST_STRTO_X(long long unsigned int,"%llu",strtoull,str,base,res,diff,errnoo) TEST_STRTOULL("15", 10, 15LLU, 2, 0); TEST_STRTOULL(" 15", 10, 15LLU, 4, 0); Modified: branches/SAMBA_3_2_0/source/lib/replace/test/testsuite.c === --- branches/SAMBA_3_2_0/source/lib/replace/test/testsuite.c2007-07-26 07:27:46 UTC (rev 24053) +++ branches/SAMBA_3_2_0/source/lib/replace/test/testsuite.c2007-07-26 07:48:14 UTC (rev 24054) @@ -519,7 +519,7 @@ { printf("test: strtoll\n"); -#define TEST_STRTOLL(str,base,res,diff,errnoo) TEST_STRTO_X(int64_t, "%lld", strtoll,str,base,res,diff,errnoo) +#define TEST_STRTOLL(str,base,res,diff,errnoo) TEST_STRTO_X(long long int, "%lld", strtoll,str,base,res,diff,errnoo) TEST_STRTOLL("15", 10, 15LL, 2, 0); TEST_STRTOLL(" 15",10, 15LL, 4, 0); @@ -618,7 +618,7 @@ { printf("test: strtoull\n"); -#define TEST_STRTOULL(str,base,res,diff,errnoo) TEST_STRTO_X(uint64_t,"%llu",strtoull,str,base,res,diff,errnoo) +#define TEST_STRTOULL(str,base,res,diff,errnoo) TEST_STRTO_X(long long unsigned int,"%llu",strtoull,str,base,res,diff,errnoo) TEST_STRTOULL("15", 10, 15LLU, 2, 0); TEST_STRTOULL(" 15", 10, 15LLU, 4, 0); Modified: branches/SAMBA_4_0/source/lib/replace/test/testsuite.c === --- branches/SAMBA_4_0/source/lib/replace/test/testsuite.c 2007-07-26 07:27:46 UTC (rev 24053) +++ branches/SAMBA_4_0/source/lib/replace/test/testsuite.c 2007-07-26 07:48:14 UTC (rev 24054) @@ -519,7 +519,7 @@ { printf("test: strtoll\n"); -#define TEST_STRTOLL(str,base,res,diff,errnoo) TEST_STRTO_X(int64_t, "%lld", strtoll,str,base,res,diff,errnoo) +#define TEST_STRTOLL(str,base,res,diff,errnoo) TEST_STRTO_X(long long int, "%lld", strtoll,str,base,res,diff,errnoo) TEST_STRTOLL("15", 10, 15LL, 2, 0); TEST_STRTOLL(" 15",10, 15LL, 4, 0); @@ -618,7 +618,7 @@ { printf("test: strtoull\n"); -#define TEST_STRTOULL(str,base,res,diff,errnoo) TEST_STRTO_X(uint64_t,"%llu",strtoull,str,base,res,diff,errnoo) +#define TEST_STRTOULL(str,base,res,diff,errnoo) TEST_STRTO_X(long long unsigned int,"%llu",strtoull,str,base,res,diff,errnoo) TEST_STRTOULL("15", 10, 15LLU, 2, 0); TEST_STRTOULL(" 15", 10, 15LLU, 4, 0);
svn commit: samba r24053 - in branches/SAMBA_4_0/source: rpc_server/samr torture/rpc
Author: abartlet Date: 2007-07-26 07:27:46 + (Thu, 26 Jul 2007) New Revision: 24053 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=24053 Log: Ensure we filter EnumDomainUsers with the supplied mask. Should fix another part (list of domains in usrmgr incorrectly including accounts) of bug #4815 by [EMAIL PROTECTED] Andrew Bartlett Modified: branches/SAMBA_4_0/source/rpc_server/samr/dcesrv_samr.c branches/SAMBA_4_0/source/torture/rpc/samr.c Changeset: Modified: branches/SAMBA_4_0/source/rpc_server/samr/dcesrv_samr.c === --- branches/SAMBA_4_0/source/rpc_server/samr/dcesrv_samr.c 2007-07-26 03:50:24 UTC (rev 24052) +++ branches/SAMBA_4_0/source/rpc_server/samr/dcesrv_samr.c 2007-07-26 07:27:46 UTC (rev 24053) @@ -1428,9 +1428,9 @@ struct dcesrv_handle *h; struct samr_domain_state *d_state; struct ldb_message **res; - int count, i, first; + int count, num_filtered_entries, i, first; struct samr_SamEntry *entries; - const char * const attrs[3] = { "objectSid", "sAMAccountName", NULL }; + const char * const attrs[] = { "objectSid", "sAMAccountName", "userAccountControl", NULL }; *r->out.resume_handle = 0; r->out.sam = NULL; @@ -1456,27 +1456,31 @@ if (!entries) { return NT_STATUS_NO_MEMORY; } + num_filtered_entries = 0; for (i=0;iin.acct_flags + && ((samdb_result_acct_flags(res[i], +"userAccountControl") & r->in.acct_flags) == 0)) { + continue; + } + entries[num_filtered_entries].idx = samdb_result_rid_from_sid(mem_ctx, res[i], "objectSid", 0); + entries[num_filtered_entries].name.string = samdb_result_string(res[i], "sAMAccountName", ""); + num_filtered_entries++; } /* sort the results by rid */ - qsort(entries, count, sizeof(struct samr_SamEntry), + qsort(entries, num_filtered_entries, sizeof(struct samr_SamEntry), (comparison_fn_t)compare_SamEntry); /* find the first entry to return */ for (first=0; -firstin.resume_handle; +firstin.resume_handle; first++) ; - if (first == count) { - return NT_STATUS_OK; - } - /* return the rest, limit by max_size. Note that we use the w2k3 element size value of 54 */ - r->out.num_entries = count - first; + r->out.num_entries = num_filtered_entries - first; r->out.num_entries = MIN(r->out.num_entries, 1+(r->in.max_size/SAMR_ENUM_USERS_MULTIPLIER)); @@ -1488,7 +1492,11 @@ r->out.sam->entries = entries+first; r->out.sam->count = r->out.num_entries; - if (r->out.num_entries < count - first) { + if (first == num_filtered_entries) { + return NT_STATUS_OK; + } + + if (r->out.num_entries < num_filtered_entries - first) { *r->out.resume_handle = entries[first+r->out.num_entries-1].idx; return STATUS_MORE_ENTRIES; } Modified: branches/SAMBA_4_0/source/torture/rpc/samr.c === --- branches/SAMBA_4_0/source/torture/rpc/samr.c2007-07-26 03:50:24 UTC (rev 24052) +++ branches/SAMBA_4_0/source/torture/rpc/samr.c2007-07-26 07:27:46 UTC (rev 24053) @@ -2861,43 +2861,101 @@ return ret; } -static BOOL test_EnumDomainUsers(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx, -struct policy_handle *handle) +static BOOL check_mask(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx, + struct policy_handle *handle, uint32_t rid, + uint32_t acct_flag_mask) { NTSTATUS status; - struct samr_EnumDomainUsers r; - uint32_t resume_handle=0; - int i; + struct samr_OpenUser r; + struct samr_QueryUserInfo q; + struct policy_handle user_handle; BOOL ret = True; - struct samr_LookupNames n; - struct samr_LookupRids lr ; - printf("Testing EnumDomainUsers\n"); + printf("Testing OpenUser(%u)\n", rid); r.in.domain_handle = handle; - r.in.resume_handle = &resume_handle; - r.in.acct_flags = 0; - r.in.max_size = (uint32_t)-1; - r.out.resume_handle = &resume_handle; + r.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED; + r.in.rid = rid; + r.out.user_handle = &user_handle; - status = dcerpc_samr_EnumDomainUsers(p, mem_ctx, &r); + status = dcerpc_samr_OpenUser(p, mem_ctx, &r); if (!NT_STATUS_IS_OK(status)) { - printf("EnumDomainUsers failed - %s\n", nt_errstr(status)); + printf("OpenUser(%u) failed - %s\n", rid, nt_errstr(s