svn commit: samba r16263 - in branches/SAMBA_4_0/source/dsdb/samdb: .
Author: abartlet Date: 2006-06-15 17:19:18 + (Thu, 15 Jun 2006) New Revision: 16263 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=16263 Log: A number of these searches need to be under the partitions DN, and the other needs the default basedn. Andrew Bartlett Modified: branches/SAMBA_4_0/source/dsdb/samdb/cracknames.c Changeset: Modified: branches/SAMBA_4_0/source/dsdb/samdb/cracknames.c === --- branches/SAMBA_4_0/source/dsdb/samdb/cracknames.c 2006-06-15 17:18:08 UTC (rev 16262) +++ branches/SAMBA_4_0/source/dsdb/samdb/cracknames.c 2006-06-15 17:19:18 UTC (rev 16263) @@ -577,6 +577,8 @@ const char * const *result_attrs; struct ldb_message **result_res = NULL; const struct ldb_dn *result_basedn; + const struct ldb_dn *partitions_basedn = ldb_dn_string_compose(mem_ctx, samdb_base_dn(mem_ctx), CN=Partitions,CN=Configuration); + const struct ldb_dn *basedn = samdb_base_dn(mem_ctx); const char * const _domain_attrs_1779[] = { ncName, dnsRoot, NULL}; const char * const _result_attrs_null[] = { NULL }; @@ -622,10 +624,10 @@ if (domain_filter) { /* if we have a domain_filter look it up and set the result_basedn and the dns_domain_name */ - ldb_ret = gendb_search(sam_ctx, mem_ctx, NULL, domain_res, domain_attrs, + ldb_ret = gendb_search(sam_ctx, mem_ctx, partitions_basedn, domain_res, domain_attrs, %s, domain_filter); } else { - ldb_ret = gendb_search(sam_ctx, mem_ctx, NULL, domain_res, domain_attrs, + ldb_ret = gendb_search(sam_ctx, mem_ctx, partitions_basedn, domain_res, domain_attrs, (ncName=%s), ldb_dn_linearize(mem_ctx, samdb_base_dn(mem_ctx))); } @@ -718,7 +720,7 @@ } if (sid-num_auths == 4) { - ldb_ret = gendb_search(sam_ctx, mem_ctx, NULL, domain_res, domain_attrs, + ldb_ret = gendb_search(sam_ctx, mem_ctx, partitions_basedn, domain_res, domain_attrs, (ncName=%s), ldb_dn_linearize(mem_ctx, result_res[0]-dn)); if (ldb_ret != 1) { info1-status = DRSUAPI_DS_NAME_STATUS_NOT_FOUND; @@ -735,13 +737,13 @@ return WERR_OK; } dom_sid-num_auths--; - ldb_ret = gendb_search(sam_ctx, mem_ctx, NULL, domain_res, attrs, + ldb_ret = gendb_search(sam_ctx, mem_ctx, basedn, domain_res, attrs, ((objectSid=%s)(objectClass=domain)), ldap_encode_ndr_dom_sid(mem_ctx, dom_sid)); if (ldb_ret != 1) { info1-status = DRSUAPI_DS_NAME_STATUS_NOT_FOUND; return WERR_OK; } - ldb_ret = gendb_search(sam_ctx, mem_ctx, NULL, domain_res2, domain_attrs, + ldb_ret = gendb_search(sam_ctx, mem_ctx, partitions_basedn, domain_res2, domain_attrs, (ncName=%s), ldb_dn_linearize(mem_ctx, domain_res[0]-dn)); if (ldb_ret != 1) { info1-status = DRSUAPI_DS_NAME_STATUS_NOT_FOUND;
svn commit: samba r16262 - in branches/SAMBA_4_0/source/rpc_server/samr: .
Author: abartlet Date: 2006-06-15 17:18:08 + (Thu, 15 Jun 2006) New Revision: 16262 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=16262 Log: Another basedn fix. Andrew Bartlett Modified: branches/SAMBA_4_0/source/rpc_server/samr/samr_password.c Changeset: Modified: branches/SAMBA_4_0/source/rpc_server/samr/samr_password.c === --- branches/SAMBA_4_0/source/rpc_server/samr/samr_password.c 2006-06-15 16:09:31 UTC (rev 16261) +++ branches/SAMBA_4_0/source/rpc_server/samr/samr_password.c 2006-06-15 17:18:08 UTC (rev 16262) @@ -356,7 +356,7 @@ user SID). We also need the current lm and nt password hashes in order to decrypt the incoming passwords */ ret = gendb_search(sam_ctx, - mem_ctx, NULL, res, attrs, + mem_ctx, samdb_base_dn(mem_ctx), res, attrs, ((sAMAccountName=%s)(objectclass=user)), r-in.account-string); if (ret != 1) {
svn commit: samba r16264 - in branches/SAMBA_4_0/source: dsdb/samdb dsdb/samdb/ldb_modules lib/ldb/include lib/ldb/modules scripting/libjs setup
Author: abartlet Date: 2006-06-15 18:04:24 + (Thu, 15 Jun 2006) New Revision: 16264 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=16264 Log: Add, but do not yet enable, the partitions module. This required changes to the rootDSE module, to allow registration of partitions. In doing so I renamed the 'register' operation to 'register_control' and 'register_partition', which changed a few more modules. Due to the behaviour of certain LDAP servers, we create the baseDN entry in two parts: Firstly, we allow the admin to export a simple LDIF file to add to their server. Then we perform a modify to add the remaining attributes. To delete all users in partitions, we must now search and delete all objects in the partition, rather than a simple search from the root. Against LDAP, this might not delete all objects, so we allow this to fail. In testing, we found that the 'Domain Controllers' container was misnamed, and should be 'CN=', rather than 'OU='. To avoid the Templates being found in default searches, they have been moved to CN=Templates from CN=Templates,${BASEDN}. Andrew Bartlett Added: branches/SAMBA_4_0/source/dsdb/samdb/ldb_modules/partition.c branches/SAMBA_4_0/source/setup/provision_basedn.ldif branches/SAMBA_4_0/source/setup/provision_basedn_modify.ldif Modified: branches/SAMBA_4_0/source/dsdb/samdb/ldb_modules/config.mk branches/SAMBA_4_0/source/dsdb/samdb/ldb_modules/extended_dn.c branches/SAMBA_4_0/source/dsdb/samdb/ldb_modules/rootdse.c branches/SAMBA_4_0/source/dsdb/samdb/ldb_modules/samldb.c branches/SAMBA_4_0/source/dsdb/samdb/samdb.c branches/SAMBA_4_0/source/lib/ldb/include/ldb.h branches/SAMBA_4_0/source/lib/ldb/modules/asq.c branches/SAMBA_4_0/source/lib/ldb/modules/paged_results.c branches/SAMBA_4_0/source/lib/ldb/modules/sort.c branches/SAMBA_4_0/source/scripting/libjs/provision.js branches/SAMBA_4_0/source/setup/provision branches/SAMBA_4_0/source/setup/provision.ldif branches/SAMBA_4_0/source/setup/provision_templates.ldif branches/SAMBA_4_0/source/setup/provision_users.ldif Changeset: Sorry, the patch is too large (1213 lines) to include; please use WebSVN to see it! WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=16264
svn commit: samba r16265 - in branches/SAMBA_4_0/source/scripting/libjs: .
Author: abartlet Date: 2006-06-15 18:25:41 + (Thu, 15 Jun 2006) New Revision: 16265 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=16265 Log: Fix 'newuser' command. Andrew Bartlett Modified: branches/SAMBA_4_0/source/scripting/libjs/provision.js Changeset: Modified: branches/SAMBA_4_0/source/scripting/libjs/provision.js === --- branches/SAMBA_4_0/source/scripting/libjs/provision.js 2006-06-15 18:04:24 UTC (rev 16264) +++ branches/SAMBA_4_0/source/scripting/libjs/provision.js 2006-06-15 18:25:41 UTC (rev 16265) @@ -654,7 +654,7 @@ /* find the DNs for the domain and the domain users group */ var attrs = new Array(defaultNamingContext); res = ldb.search(defaultNamingContext=*, , ldb.SCOPE_BASE, attrs); - assert(res.length == 1 res[0].defaultNamingContext != undefined) + assert(res.length == 1 res[0].defaultNamingContext != undefined); var domain_dn = res[0].defaultNamingContext; assert(domain_dn != undefined); var dom_users = searchone(ldb, domain_dn, name=Domain Users, dn);
svn commit: samba r16226 - in branches/SAMBA_4_0/source/libnet: .
Author: abartlet Date: 2006-06-14 16:08:43 + (Wed, 14 Jun 2006) New Revision: 16226 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=16226 Log: Fixes for various segfault bugs found against a buggy Samba4. With the current API we need to check both that the RPC didn't fault, and that the query succeeded. Also print the right things in debug messages. Andrew Bartlett Modified: branches/SAMBA_4_0/source/libnet/libnet_join.c branches/SAMBA_4_0/source/libnet/libnet_rpc.c Changeset: Modified: branches/SAMBA_4_0/source/libnet/libnet_join.c === --- branches/SAMBA_4_0/source/libnet/libnet_join.c 2006-06-14 15:33:44 UTC (rev 16225) +++ branches/SAMBA_4_0/source/libnet/libnet_join.c 2006-06-14 16:08:43 UTC (rev 16226) @@ -642,7 +642,7 @@ if (!NT_STATUS_IS_OK(status)) { r-out.error_string = talloc_asprintf(mem_ctx, samr_CreateUser2 (recreate) for [%s] failed: %s\n, - r-in.domain_name, nt_errstr(status)); + r-in.account_name, nt_errstr(status)); talloc_free(tmp_ctx); return status; } @@ -650,7 +650,7 @@ } else if (!NT_STATUS_IS_OK(status)) { r-out.error_string = talloc_asprintf(mem_ctx, samr_CreateUser2 for [%s] failed: %s\n, - r-in.domain_name, nt_errstr(status)); + r-in.account_name, nt_errstr(status)); talloc_free(tmp_ctx); return status; } Modified: branches/SAMBA_4_0/source/libnet/libnet_rpc.c === --- branches/SAMBA_4_0/source/libnet/libnet_rpc.c 2006-06-14 15:33:44 UTC (rev 16225) +++ branches/SAMBA_4_0/source/libnet/libnet_rpc.c 2006-06-14 16:08:43 UTC (rev 16226) @@ -474,6 +474,11 @@ return; } + if (!NT_STATUS_IS_OK(s-lsa_query_info2.out.result)) { + composite_error(c, s-lsa_query_info2.out.result); + return; + } + /* query lsa info for dns domain name and guid */ s-lsa_query_info2.in.handle = s-lsa_handle; s-lsa_query_info2.in.level = LSA_POLICY_INFO_DNS; @@ -517,6 +522,14 @@ return; } + if (!NT_STATUS_IS_OK(s-lsa_query_info2.out.result)) { + s-r.out.error_string = talloc_asprintf(c, + lsa_QueryInfoPolicy2 failed: %s, + nt_errstr(s-lsa_query_info2.out.result)); + composite_error(c, s-lsa_query_info2.out.result); + return; + } + /* Copy the dns domain name and guid from the query result */ /* this should actually be a conversion from lsa_StringLarge */
svn commit: samba r16227 - in branches/SAMBA_4_0/source/dsdb/samdb/ldb_modules: .
Author: abartlet Date: 2006-06-14 16:09:34 + (Wed, 14 Jun 2006) New Revision: 16227 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=16227 Log: Don't segfault if the ldb_search() fails. Andrew Bartlett Modified: branches/SAMBA_4_0/source/dsdb/samdb/ldb_modules/samldb.c Changeset: Modified: branches/SAMBA_4_0/source/dsdb/samdb/ldb_modules/samldb.c === --- branches/SAMBA_4_0/source/dsdb/samdb/ldb_modules/samldb.c 2006-06-14 16:08:43 UTC (rev 16226) +++ branches/SAMBA_4_0/source/dsdb/samdb/ldb_modules/samldb.c 2006-06-14 16:09:34 UTC (rev 16227) @@ -292,7 +292,7 @@ struct ldb_result *res = NULL; const struct ldb_dn *dom_dn; int ret; - struct dom_sid *dom_sid, *obj_sid; + struct dom_sid *dom_sid; /* get the domain component part of the provided dn */ @@ -494,7 +494,10 @@ /* pull the template record */ ret = ldb_search(module-ldb, basedn, LDB_SCOPE_SUBTREE, filter, NULL, res); - if (ret != LDB_SUCCESS || res-count != 1) { + if (ret != LDB_SUCCESS) { + return ret; + } + if (res-count != 1) { ldb_set_errstring(module-ldb, talloc_asprintf(module, samldb_copy_template: ERROR: template '%s' matched %d records, expected 1\n, filter, res-count)); return LDB_ERR_OPERATIONS_ERROR;
svn commit: samba r16232 - in branches/SAMBA_4_0/source/cldap_server: .
Author: abartlet Date: 2006-06-14 23:32:19 + (Wed, 14 Jun 2006) New Revision: 16232 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=16232 Log: Avoid searching on domainDns, as it is not an AD attribute in the official schema. Add baseDNs, so we search the correct partition. Andrew Bartlett Modified: branches/SAMBA_4_0/source/cldap_server/netlogon.c Changeset: Modified: branches/SAMBA_4_0/source/cldap_server/netlogon.c === --- branches/SAMBA_4_0/source/cldap_server/netlogon.c 2006-06-14 21:52:23 UTC (rev 16231) +++ branches/SAMBA_4_0/source/cldap_server/netlogon.c 2006-06-14 23:32:19 UTC (rev 16232) @@ -22,6 +22,8 @@ #include includes.h #include libcli/ldap/ldap.h +#include lib/ldb/include/ldb.h +#include lib/ldb/include/ldb_errors.h #include lib/events/events.h #include lib/socket/socket.h #include smbd/service_task.h @@ -45,10 +47,10 @@ uint32_t version, union nbt_cldap_netlogon *netlogon) { - const char *ref_attrs[] = {nETBIOSName, NULL}; + const char *ref_attrs[] = {nETBIOSName, ncName, NULL}; const char *dom_attrs[] = {dnsDomain, objectGUID, NULL}; struct ldb_message **ref_res, **dom_res; - int ret; + int ret, count = 0; const char **services = lp_server_services(); uint32_t server_type; const char *pdc_name; @@ -60,6 +62,7 @@ const char *site_name; const char *site_name2; const char *pdc_ip; + const struct ldb_dn *partitions_basedn = ldb_dn_string_compose(mem_ctx, samdb_base_dn(mem_ctx), CN=Partitions,CN=Configuration); if (cldapd-samctx == NULL) { cldapd-samctx = samdb_connect(cldapd, anonymous_session(cldapd)); @@ -74,23 +77,53 @@ domain = talloc_strndup(mem_ctx, domain, strlen(domain)-1); } - /* try and find the domain */ - ret = gendb_search(cldapd-samctx, mem_ctx, NULL, dom_res, dom_attrs, - ((objectClass=domainDNS)(|(dnsDomain=%s)(objectGUID=%s))), - domain?domain:, - domain_guid?domain_guid:); - if (ret != 1) { - DEBUG(2,(Unable to find domain '%s' in sam\n, domain)); - return NT_STATUS_NO_SUCH_DOMAIN; + if (domain) { + struct ldb_result *dom_ldb_result; + struct ldb_dn *dom_dn; + /* try and find the domain */ + count = gendb_search(cldapd-samctx, mem_ctx, partitions_basedn, ref_res, ref_attrs, + (((objectClass=crossRef)(dnsRoot=%s))(nETBIOSName=*)), + domain); + if (count == 1) { + dom_dn = samdb_result_dn(mem_ctx, ref_res[0], ncName, NULL); + if (!dom_dn) { + return NT_STATUS_NO_SUCH_DOMAIN; + } + ret = ldb_search(cldapd-samctx, dom_dn, +LDB_SCOPE_BASE, objectClass=domain, +dom_attrs, dom_ldb_result); + if (ret != LDB_SUCCESS) { + DEBUG(2,(Error finding domain '%s'/'%s' in sam: %s\n, domain, ldb_dn_linearize(mem_ctx, dom_dn), ldb_errstring(cldapd-samctx))); + return NT_STATUS_NO_SUCH_DOMAIN; + } + if (dom_ldb_result-count != 1) { + DEBUG(2,(Error finding domain '%s'/'%s' in sam\n, domain, ldb_dn_linearize(mem_ctx, dom_dn))); + return NT_STATUS_NO_SUCH_DOMAIN; + } + dom_res = dom_ldb_result-msgs; + } } - /* try and find the domain */ - ret = gendb_search(cldapd-samctx, mem_ctx, NULL, ref_res, ref_attrs, - ((objectClass=crossRef)(ncName=%s)), - ldb_dn_linearize(mem_ctx, dom_res[0]-dn)); - if (ret != 1) { - DEBUG(2,(Unable to find referece to '%s' in sam\n, -ldb_dn_linearize(mem_ctx, dom_res[0]-dn))); + if (count == 0 domain_guid) { + /* OK, so no dice with the name, try and find the domain with the GUID */ + count = gendb_search(cldapd-samctx, mem_ctx, samdb_base_dn(mem_ctx), dom_res, dom_attrs, + ((objectClass=domainDNS)(objectGUID=%s)), + domain_guid); + if (count == 1) { + /* try and find the domain */ + ret = gendb_search(cldapd-samctx, mem_ctx, partitions_basedn, ref_res, ref_attrs, + ((objectClass=crossRef)(ncName=%s
svn commit: samba r16234 - in branches/SAMBA_4_0/source/ldap_server: .
Author: abartlet Date: 2006-06-14 23:39:18 + (Wed, 14 Jun 2006) New Revision: 16234 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=16234 Log: Set the request timeout from the LDAP search. Without this, the initial request time is uninitialised, and this causes havoc later. This also allows us to honour the client's wishes. We should be doing this for all the operations... Andrew Bartlett Modified: branches/SAMBA_4_0/source/ldap_server/ldap_backend.c Changeset: Modified: branches/SAMBA_4_0/source/ldap_server/ldap_backend.c === --- branches/SAMBA_4_0/source/ldap_server/ldap_backend.c2006-06-14 23:37:19 UTC (rev 16233) +++ branches/SAMBA_4_0/source/ldap_server/ldap_backend.c2006-06-14 23:39:18 UTC (rev 16234) @@ -247,8 +247,10 @@ lreq-async.context = res; lreq-async.callback = ldapsrv_SearchCallback; - lreq-async.timeout = 600; + /* Copy the timeout from the incoming call */ + ldb_set_timeout(samdb, lreq, req-timelimit); + ldb_ret = ldb_request(samdb, lreq); if (ldb_ret != LDB_SUCCESS) {
svn commit: lorikeet r557 - in trunk/heimdal/lib/gssapi: .
Author: abartlet Date: 2006-06-14 23:45:23 + (Wed, 14 Jun 2006) New Revision: 557 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=lorikeetrev=557 Log: Don't overwrite minor_status when cleaning up on failure. Andrew Bartlett Modified: trunk/heimdal/lib/gssapi/accept_sec_context.c trunk/heimdal/lib/gssapi/decapsulate.c Changeset: Modified: trunk/heimdal/lib/gssapi/accept_sec_context.c === --- trunk/heimdal/lib/gssapi/accept_sec_context.c 2006-06-06 20:02:25 UTC (rev 556) +++ trunk/heimdal/lib/gssapi/accept_sec_context.c 2006-06-14 23:45:23 UTC (rev 557) @@ -698,6 +698,7 @@ ) { OM_uint32 ret = GSS_S_COMPLETE; +OM_uint32 minor_status2 = 0; krb5_data fwd_data; gss_ctx_id_t local_context; @@ -772,7 +773,7 @@ if (ret == GSS_S_COMPLETE || ret == GSS_S_CONTINUE_NEEDED) { *context_handle = local_context; } else { - gss_delete_sec_context(minor_status, + gss_delete_sec_context(minor_status2, local_context, NULL); } Modified: trunk/heimdal/lib/gssapi/decapsulate.c === --- trunk/heimdal/lib/gssapi/decapsulate.c 2006-06-06 20:02:25 UTC (rev 556) +++ trunk/heimdal/lib/gssapi/decapsulate.c 2006-06-14 23:45:23 UTC (rev 557) @@ -94,7 +94,7 @@ OM_uint32 gssapi_krb5_verify_header(u_char **str, size_t total_len, - const u_char *type, + const void *type, gss_OID oid) { OM_uint32 ret; @@ -157,7 +157,7 @@ gssapi_krb5_decapsulate(OM_uint32 *minor_status, gss_buffer_t input_token_buffer, krb5_data *out_data, - const char *type, + const void *type, gss_OID oid) { u_char *p;
svn commit: samba r16235 - in branches/SAMBA_4_0/source/heimdal/lib/gssapi: .
Author: abartlet Date: 2006-06-14 23:46:27 + (Wed, 14 Jun 2006) New Revision: 16235 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=16235 Log: Don't update minor_status when cleaning up on error. This restores sensible log messages to gensec_gssapi. Andrew Bartlett Modified: branches/SAMBA_4_0/source/heimdal/lib/gssapi/accept_sec_context.c Changeset: Modified: branches/SAMBA_4_0/source/heimdal/lib/gssapi/accept_sec_context.c === --- branches/SAMBA_4_0/source/heimdal/lib/gssapi/accept_sec_context.c 2006-06-14 23:39:18 UTC (rev 16234) +++ branches/SAMBA_4_0/source/heimdal/lib/gssapi/accept_sec_context.c 2006-06-14 23:46:27 UTC (rev 16235) @@ -700,7 +700,7 @@ OM_uint32 ret = GSS_S_COMPLETE; krb5_data fwd_data; gss_ctx_id_t local_context; - +OM_uint32 minor_status2; GSSAPI_KRB5_INIT(); krb5_data_zero (fwd_data); @@ -772,7 +772,7 @@ if (ret == GSS_S_COMPLETE || ret == GSS_S_CONTINUE_NEEDED) { *context_handle = local_context; } else { - gss_delete_sec_context(minor_status, + gss_delete_sec_context(minor_status2, local_context, NULL); }
svn commit: samba r16236 - in branches/SAMBA_4_0/source/rpc_server: lsa netlogon samr
Author: abartlet Date: 2006-06-14 23:47:45 + (Wed, 14 Jun 2006) New Revision: 16236 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=16236 Log: Add a proper baseDN to a large number of queries. Searching the NULL baseDN won't work once the partitions module is loaded. Andrew Bartlett Modified: branches/SAMBA_4_0/source/rpc_server/lsa/dcesrv_lsa.c branches/SAMBA_4_0/source/rpc_server/netlogon/dcerpc_netlogon.c branches/SAMBA_4_0/source/rpc_server/samr/dcesrv_samr.c Changeset: Modified: branches/SAMBA_4_0/source/rpc_server/lsa/dcesrv_lsa.c === --- branches/SAMBA_4_0/source/rpc_server/lsa/dcesrv_lsa.c 2006-06-14 23:46:27 UTC (rev 16235) +++ branches/SAMBA_4_0/source/rpc_server/lsa/dcesrv_lsa.c 2006-06-14 23:47:45 UTC (rev 16236) @@ -221,6 +221,7 @@ struct lsa_policy_state **_state) { struct lsa_policy_state *state; + const struct ldb_dn *partitions_basedn = ldb_dn_string_compose(mem_ctx, samdb_base_dn(mem_ctx), CN=Partitions,CN=Configuration); state = talloc(mem_ctx, struct lsa_policy_state); if (!state) { @@ -246,7 +247,7 @@ } state-domain_name - = samdb_search_string(state-sam_ldb, state, NULL, nETBIOSName, + = samdb_search_string(state-sam_ldb, state, partitions_basedn, nETBIOSName, ((objectclass=crossRef)(ncName=%s)), ldb_dn_linearize(mem_ctx, state-domain_dn)); if (!state-domain_name) { Modified: branches/SAMBA_4_0/source/rpc_server/netlogon/dcerpc_netlogon.c === --- branches/SAMBA_4_0/source/rpc_server/netlogon/dcerpc_netlogon.c 2006-06-14 23:46:27 UTC (rev 16235) +++ branches/SAMBA_4_0/source/rpc_server/netlogon/dcerpc_netlogon.c 2006-06-14 23:47:45 UTC (rev 16236) @@ -99,7 +99,7 @@ return NT_STATUS_INVALID_SYSTEM_SERVICE; } /* pull the user attributes */ - num_records = gendb_search(sam_ctx, mem_ctx, NULL, msgs, attrs, + num_records = gendb_search(sam_ctx, mem_ctx, samdb_base_dn(mem_ctx), msgs, attrs, ((sAMAccountName=%s)(objectclass=user)), r-in.account_name); @@ -901,6 +901,7 @@ struct netr_DomainInfo1 *info1; int ret, ret1, ret2, i; NTSTATUS status; + const struct ldb_dn *partitions_basedn = ldb_dn_string_compose(mem_ctx, samdb_base_dn(mem_ctx), CN=Partitions,CN=Configuration); const char *local_domain; @@ -922,13 +923,13 @@ primary domain is also a trusted domain, so we need to put the primary domain into the lists of returned trusts as well */ - ret1 = gendb_search(sam_ctx, mem_ctx, NULL, res1, attrs, (objectClass=domainDNS)); + ret1 = gendb_search(sam_ctx, mem_ctx, samdb_base_dn(mem_ctx), res1, attrs, (objectClass=domainDNS)); if (ret1 != 1) { return NT_STATUS_INTERNAL_DB_CORRUPTION; } /* try and find the domain */ - ret = gendb_search(sam_ctx, mem_ctx, NULL, + ret = gendb_search(sam_ctx, mem_ctx, partitions_basedn, ref_res, ref_attrs, ((objectClass=crossRef)(ncName=%s)), ldb_dn_linearize(mem_ctx, res1[0]-dn)); @@ -938,7 +939,7 @@ local_domain = samdb_result_string(ref_res[0], nETBIOSName, NULL); - ret2 = gendb_search(sam_ctx, mem_ctx, NULL, res2, attrs, (objectClass=trustedDomain)); + ret2 = gendb_search(sam_ctx, mem_ctx, samdb_base_dn(mem_ctx), res2, attrs, (objectClass=trustedDomain)); if (ret2 == -1) { return NT_STATUS_INTERNAL_DB_CORRUPTION; } @@ -1164,6 +1165,7 @@ struct ldb_message **dom_res, **ref_res; const char * const dom_attrs[] = { dnsDomain, objectSid, objectGUID, NULL }; const char * const ref_attrs[] = { nETBIOSName, NULL }; + const struct ldb_dn *partitions_basedn = ldb_dn_string_compose(mem_ctx, samdb_base_dn(mem_ctx), CN=Partitions,CN=Configuration); ZERO_STRUCT(r-out); @@ -1181,7 +1183,7 @@ return WERR_GENERAL_FAILURE; } - ret = gendb_search(sam_ctx, mem_ctx, NULL, ref_res, ref_attrs, + ret = gendb_search(sam_ctx, mem_ctx, partitions_basedn, ref_res, ref_attrs, ((objectClass=crossRef)(ncName=%s)), ldb_dn_linearize(mem_ctx, dom_res[0]-dn)); if (ret == -1) { Modified: branches/SAMBA_4_0/source/rpc_server/samr/dcesrv_samr.c === --- branches/SAMBA_4_0/source/rpc_server/samr/dcesrv_samr.c 2006-06-14 23:46:27 UTC (rev 16235) +++ branches/SAMBA_4_0/source/rpc_server/samr/dcesrv_samr.c 2006-06-14 23
svn commit: samba r16237 - in branches/SAMBA_4_0/source/kdc: .
Author: abartlet Date: 2006-06-14 23:49:14 + (Wed, 14 Jun 2006) New Revision: 16237 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=16237 Log: Use an appropriate basedn for these searches, so they occour into the correct partition. Andrew Bartlett Modified: branches/SAMBA_4_0/source/kdc/hdb-ldb.c Changeset: Modified: branches/SAMBA_4_0/source/kdc/hdb-ldb.c === --- branches/SAMBA_4_0/source/kdc/hdb-ldb.c 2006-06-14 23:47:45 UTC (rev 16236) +++ branches/SAMBA_4_0/source/kdc/hdb-ldb.c 2006-06-14 23:49:14 UTC (rev 16237) @@ -527,6 +527,7 @@ int ret; char *cross_ref_filter; struct ldb_result *cross_ref_res; + const struct ldb_dn *partitions_basedn = ldb_dn_string_compose(mem_ctx, samdb_base_dn(mem_ctx), CN=Partitions,CN=Configuration); cross_ref_filter = talloc_asprintf(mem_ctx, (((|((dnsRoot=%s)(nETBIOSName=*))(nETBIOSName=%s))(objectclass=crossRef))(ncName=*)), @@ -536,7 +537,7 @@ return ENOMEM; } - ret = ldb_search(ldb_ctx, NULL, LDB_SCOPE_SUBTREE, cross_ref_filter, realm_ref_attrs, cross_ref_res); + ret = ldb_search(ldb_ctx, partitions_basedn, LDB_SCOPE_SUBTREE, cross_ref_filter, realm_ref_attrs, cross_ref_res); if (ret != LDB_SUCCESS) { DEBUG(3, (Failed to search for %s: %s\n, cross_ref_filter, ldb_errstring(ldb_ctx))); @@ -708,6 +709,7 @@ const char *realm; struct ldb_message **msg = NULL; struct ldb_message **realm_ref_msg = NULL; + const struct ldb_dn *partitions_basedn = ldb_dn_string_compose(mem_ctx, samdb_base_dn(mem_ctx), CN=Partitions,CN=Configuration); if (principal-name.name_string.len = 2) { /* 'normal server' case */ int ldb_ret; @@ -740,7 +742,7 @@ } ldb_ret = gendb_search((struct ldb_context *)db-hdb_db, - mem_ctx, NULL, realm_ref_msg, realm_ref_attrs, + mem_ctx, partitions_basedn, realm_ref_msg, realm_ref_attrs, ncName=%s, ldb_dn_linearize(mem_ctx, domain_dn)); if (ldb_ret != 1) {
svn commit: samba r16238 - in branches/SAMBA_4_0/source/auth: .
Author: abartlet Date: 2006-06-14 23:50:58 + (Wed, 14 Jun 2006) New Revision: 16238 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=16238 Log: Use a baseDN for the auth_sam searches, to allow continued function with partitions. Also fix some debug messages. Andrew Bartlett Modified: branches/SAMBA_4_0/source/auth/auth_sam.c branches/SAMBA_4_0/source/auth/sam.c Changeset: Modified: branches/SAMBA_4_0/source/auth/auth_sam.c === --- branches/SAMBA_4_0/source/auth/auth_sam.c 2006-06-14 23:49:14 UTC (rev 16237) +++ branches/SAMBA_4_0/source/auth/auth_sam.c 2006-06-14 23:50:58 UTC (rev 16238) @@ -45,6 +45,7 @@ struct ldb_message **msgs_tmp; struct ldb_message **msgs; struct ldb_message **msgs_domain_ref; + const struct ldb_dn *partitions_basedn = ldb_dn_string_compose(mem_ctx, samdb_base_dn(mem_ctx), CN=Partitions,CN=Configuration); int ret; int ret_domain; @@ -54,7 +55,7 @@ if (domain_name) { char *escaped_domain = ldb_binary_encode_string(mem_ctx, domain_name); /* find the domain's DN */ - ret_domain = gendb_search(sam_ctx, mem_ctx, NULL, msgs_domain_ref, domain_ref_attrs, + ret_domain = gendb_search(sam_ctx, mem_ctx, partitions_basedn, msgs_domain_ref, domain_ref_attrs, (((|((dnsRoot=%s)(nETBIOSName=*))(nETBIOSName=%s))(objectclass=crossRef))(ncName=*)), escaped_domain, escaped_domain); if (ret_domain == -1) { @@ -74,6 +75,8 @@ } domain_dn = samdb_result_dn(mem_ctx, msgs_domain_ref[0], nCName, NULL); + } else { + domain_dn = samdb_base_dn(mem_ctx); } /* pull the user attributes */ @@ -85,8 +88,8 @@ } if (ret == 0) { - DEBUG(3,(sam_search_user: Couldn't find user [%s] in samdb.\n, -account_name)); + DEBUG(3,(sam_search_user: Couldn't find user [%s\\%s] in samdb, under %s\n, +domain_name, account_name, ldb_dn_linearize(mem_ctx, domain_dn))); return NT_STATUS_NO_SUCH_USER; } @@ -104,7 +107,7 @@ } /* find the domain's DN */ - ret = gendb_search(sam_ctx, mem_ctx, NULL, msgs_tmp, NULL, + ret = gendb_search(sam_ctx, mem_ctx, samdb_base_dn(mem_ctx), msgs_tmp, NULL, ((objectSid=%s)(objectclass=domain)), ldap_encode_ndr_dom_sid(mem_ctx, domain_sid)); if (ret == -1) { @@ -123,7 +126,7 @@ return NT_STATUS_INTERNAL_DB_CORRUPTION; } - ret_domain = gendb_search(sam_ctx, mem_ctx, NULL, msgs_domain_ref, domain_ref_attrs, + ret_domain = gendb_search(sam_ctx, mem_ctx, partitions_basedn, msgs_domain_ref, domain_ref_attrs, (nCName=%s), ldb_dn_linearize(msgs_tmp, msgs_tmp[0]-dn)); if (ret_domain == -1) { Modified: branches/SAMBA_4_0/source/auth/sam.c === --- branches/SAMBA_4_0/source/auth/sam.c2006-06-14 23:49:14 UTC (rev 16237) +++ branches/SAMBA_4_0/source/auth/sam.c2006-06-14 23:50:58 UTC (rev 16238) @@ -206,7 +206,7 @@ TALLOC_CTX *tmp_ctx = talloc_new(mem_ctx); group_ret = gendb_search(sam_ctx, -tmp_ctx, NULL, group_msgs, group_attrs, +tmp_ctx, samdb_base_dn(tmp_ctx), group_msgs, group_attrs, ((member=%s)(sAMAccountType=*)), ldb_dn_linearize(tmp_ctx, msg-dn)); if (group_ret == -1) { @@ -321,6 +321,7 @@ NTSTATUS nt_status; TALLOC_CTX *tmp_ctx = talloc_new(mem_ctx); int ret; + const struct ldb_dn *partitions_basedn = ldb_dn_string_compose(mem_ctx, samdb_base_dn(mem_ctx), CN=Partitions,CN=Configuration); if (!tmp_ctx) { return NT_STATUS_NO_MEMORY; @@ -333,7 +334,7 @@ } /* grab domain info from the reference */ - ret = gendb_search(sam_ctx, tmp_ctx, NULL, msgs_domain_ref, domain_ref_attrs, + ret = gendb_search(sam_ctx, tmp_ctx, partitions_basedn, msgs_domain_ref, domain_ref_attrs, (ncName=%s), ldb_dn_linearize(tmp_ctx, domain_dn)); if (ret != 1) {
svn commit: samba r16239 - in branches/SAMBA_4_0/source/nbt_server/dgram: .
Author: abartlet Date: 2006-06-14 23:52:18 + (Wed, 14 Jun 2006) New Revision: 16239 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=16239 Log: Search for the domain in the correct partition, so this will work with LDAP backends. Andrew Bartlett Modified: branches/SAMBA_4_0/source/nbt_server/dgram/netlogon.c Changeset: Modified: branches/SAMBA_4_0/source/nbt_server/dgram/netlogon.c === --- branches/SAMBA_4_0/source/nbt_server/dgram/netlogon.c 2006-06-14 23:50:58 UTC (rev 16238) +++ branches/SAMBA_4_0/source/nbt_server/dgram/netlogon.c 2006-06-14 23:52:18 UTC (rev 16239) @@ -109,6 +109,7 @@ int ret; const char **services = lp_server_services(); const char *my_ip = reply_iface-ip_address; + const struct ldb_dn *partitions_basedn = ldb_dn_string_compose(packet, samdb_base_dn(packet), CN=Partitions,CN=Configuration); if (!my_ip) { DEBUG(0, (Could not obtain own IP address for datagram socket\n)); return; @@ -125,7 +126,7 @@ return; } - ret = gendb_search(samctx, samctx, NULL, ref_res, ref_attrs, + ret = gendb_search(samctx, samctx, partitions_basedn, ref_res, ref_attrs, (((nETBIOSName=%s)(objectclass=crossRef))(ncName=*)), name-name);
svn commit: samba r16240 - in branches/SAMBA_4_0/source/dsdb/samdb/ldb_modules: .
Author: abartlet Date: 2006-06-15 00:29:11 + (Thu, 15 Jun 2006) New Revision: 16240 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=16240 Log: Add better error reporting in the password_hash module Remove duplicate attribute in search request Search for the domain by NDR-encoded SID, not string (consistant with the rest of the C code, and helps partially-constructed LDAP backends). Use the default basedn for the domain search. Andrew Bartlett Modified: branches/SAMBA_4_0/source/dsdb/samdb/ldb_modules/password_hash.c Changeset: Modified: branches/SAMBA_4_0/source/dsdb/samdb/ldb_modules/password_hash.c === --- branches/SAMBA_4_0/source/dsdb/samdb/ldb_modules/password_hash.c 2006-06-14 23:52:18 UTC (rev 16239) +++ branches/SAMBA_4_0/source/dsdb/samdb/ldb_modules/password_hash.c 2006-06-15 00:29:11 UTC (rev 16240) @@ -489,10 +489,11 @@ return LDB_ERR_OPERATIONS_ERROR; } ac-dom_req-operation = LDB_SEARCH; - ac-dom_req-op.search.base = NULL; + ac-dom_req-op.search.base = samdb_base_dn(ac); ac-dom_req-op.search.scope = LDB_SCOPE_SUBTREE; - filter = talloc_asprintf(ac-dom_req, ((objectSid=%s)(objectClass=domain)), dom_sid_string(ac-dom_req, sid)); + filter = talloc_asprintf(ac-dom_req, ((objectSid=%s)(objectClass=domain)), +ldap_encode_ndr_dom_sid(ac-dom_req, sid)); if (filter == NULL) { ldb_debug(ac-module-ldb, LDB_DEBUG_ERROR, Out of Memory!\n); talloc_free(ac-dom_req); @@ -525,6 +526,12 @@ return NULL; } + if (res == NULL) { + ldb_debug(module-ldb, LDB_DEBUG_ERROR, Could not find this user's domain!\n); + talloc_free(data); + return NULL; + } + data-pwdProperties = samdb_result_uint(res-message, pwdProperties, 0); data-pwdHistoryLength = samdb_result_uint(res-message, pwdHistoryLength, 0); tmp = ldb_msg_find_string(res-message, dnsDomain, NULL); @@ -575,14 +582,16 @@ /* if it is not an entry of type person its an error */ /* TODO: remove this when sambaPassword will be in schema */ if (!ldb_msg_check_string_attribute(req-op.add.message, objectClass, person)) { + ldb_set_errstring(module-ldb, talloc_asprintf(module, Cannot set a password on entry that does not have objectClass 'person')); return LDB_ERR_OBJECT_CLASS_VIOLATION; } /* check sambaPassword is single valued here */ /* TODO: remove this when sambaPassword will be single valued in schema */ if (attribute-num_values 1) { - ldb_set_errstring(module-ldb, talloc_asprintf(req, - mupltiple values for sambaPassword not allowed!\n)); + ldb_set_errstring(module-ldb, + talloc_asprintf(req, + mupltiple values for sambaPassword not allowed!\n)); return LDB_ERR_CONSTRAINT_VIOLATION; } @@ -825,7 +834,6 @@ struct ph_async_context *ac; static const char * const attrs[] = { userAccountControl, sambaLMPwdHistory, sambaNTPwdHistory, - ntPwdHash, objectSid, msDS-KeyVersionNumber, objectClass, userPrincipalName, samAccountName,
svn commit: samba r16218 - in branches/SAMBA_4_0/source/auth/credentials: .
Author: abartlet Date: 2006-06-14 04:00:42 + (Wed, 14 Jun 2006) New Revision: 16218 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=16218 Log: If a connection is forced as 'anonymous', don't treat it as 'authentication requested'... Andrew Bartlett Modified: branches/SAMBA_4_0/source/auth/credentials/credentials.c Changeset: Modified: branches/SAMBA_4_0/source/auth/credentials/credentials.c === --- branches/SAMBA_4_0/source/auth/credentials/credentials.c2006-06-14 02:06:30 UTC (rev 16217) +++ branches/SAMBA_4_0/source/auth/credentials/credentials.c2006-06-14 04:00:42 UTC (rev 16218) @@ -216,8 +216,8 @@ return True; } - if (cred-machine_account_pending) { - cli_credentials_set_machine_account(cred); + if (cli_credentials_is_anonymous(cred)){ + return False; } if (cred-principal_obtained = CRED_SPECIFIED) {
svn commit: samba r16159 - in branches/SAMBA_4_0/source/dsdb/samdb/ldb_modules: .
Author: abartlet Date: 2006-06-12 19:02:41 + (Mon, 12 Jun 2006) New Revision: 16159 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=16159 Log: Even more work on samldb error reporting. Make sure to get the original error strings back to the callers. Andrew Bartlett Modified: branches/SAMBA_4_0/source/dsdb/samdb/ldb_modules/samldb.c Changeset: Modified: branches/SAMBA_4_0/source/dsdb/samdb/ldb_modules/samldb.c === --- branches/SAMBA_4_0/source/dsdb/samdb/ldb_modules/samldb.c 2006-06-12 19:02:38 UTC (rev 16158) +++ branches/SAMBA_4_0/source/dsdb/samdb/ldb_modules/samldb.c 2006-06-12 19:02:41 UTC (rev 16159) @@ -42,6 +42,8 @@ #include librpc/gen_ndr/ndr_security.h #include db_wrap.h +int samldb_notice_sid(struct ldb_module *module, + TALLOC_CTX *mem_ctx, const struct dom_sid *sid); /* if value is not null also check for attribute to have exactly that value */ static struct ldb_message_element *samldb_find_attribute(const struct ldb_message *msg, const char *name, const char *value) @@ -222,8 +224,6 @@ struct dom_sid *obj_sid; uint32_t old_rid; int ret; - struct ldb_message **sid_msgs; - const char *sid_attrs[] = { NULL }; ret = samldb_find_next_rid(module, mem_ctx, dn, old_rid); if (ret) { @@ -233,30 +233,19 @@ /* return the new object sid */ obj_sid = dom_sid_add_rid(mem_ctx, dom_sid, old_rid); - ret = samldb_set_next_rid(module-ldb, mem_ctx, dn, old_rid, old_rid + 1); - if (ret != 0) { - return ret; - } - *new_sid = dom_sid_add_rid(mem_ctx, dom_sid, old_rid + 1); if (!*new_sid) { return LDB_ERR_OPERATIONS_ERROR; } - ret = gendb_search(module-ldb, - mem_ctx, NULL, sid_msgs, sid_attrs, - objectSid=%s, - ldap_encode_ndr_dom_sid(mem_ctx, *new_sid)); - if (ret == -1) { - /* Bugger, there is a problem, and we don't know what it is until gendb_search improves */ - return LDB_ERR_OPERATIONS_ERROR; - } else if (ret != 0) { + ret = samldb_notice_sid(module, mem_ctx, *new_sid); + if (ret != 0) { /* gah, there are conflicting sids. * This is a critical situation it means that someone messed up with * the DB and nextRid is not returning free RIDs, report an error * and refuse to create any user until the problem is fixed */ - ldb_set_errstring(module-ldb, talloc_asprintf(mem_ctx, Critical Error: unconsistent DB, unable to retireve an unique RID to generate a new SID)); - return LDB_ERR_OPERATIONS_ERROR; + ldb_set_errstring(module-ldb, talloc_asprintf(mem_ctx, Critical Error: unconsistent DB, unable to retireve an unique RID to generate a new SID: %s, ldb_errstring(module-ldb))); + return ret; } return ret; } @@ -295,8 +284,9 @@ allocate a new RID for the domain return the new sid string */ -static struct dom_sid *samldb_get_new_sid(struct ldb_module *module, - TALLOC_CTX *mem_ctx, const struct ldb_dn *obj_dn) +static int samldb_get_new_sid(struct ldb_module *module, + TALLOC_CTX *mem_ctx, const struct ldb_dn *obj_dn, + struct dom_sid **sid) { const char * const attrs[2] = { objectSid, NULL }; struct ldb_result *res = NULL; @@ -308,37 +298,45 @@ dom_dn = samldb_search_domain(module, mem_ctx, obj_dn); if (dom_dn == NULL) { - ldb_debug(module-ldb, LDB_DEBUG_FATAL, Invalid dn (%s) not child of a domain object!\n, ldb_dn_linearize(mem_ctx, obj_dn)); - return NULL; + ldb_set_errstring(module-ldb, talloc_asprintf(mem_ctx, Invalid dn (%s) not child of a domain object!\n, ldb_dn_linearize(mem_ctx, obj_dn))); + return LDB_ERR_CONSTRAINT_VIOLATION; } /* find the domain sid */ ret = ldb_search(module-ldb, dom_dn, LDB_SCOPE_BASE, objectSid=*, attrs, res); - if (ret != LDB_SUCCESS || res-count != 1) { - ldb_debug(module-ldb, LDB_DEBUG_FATAL, samldb_get_new_sid: error retrieving domain sid!\n); + if (ret != LDB_SUCCESS) { + ldb_set_errstring(module-ldb, talloc_asprintf(module, samldb_get_new_sid: error retrieving domain sid from %s: %s!\n, + ldb_dn_linearize(mem_ctx, dom_dn), + ldb_errstring(module-ldb))); talloc_free(res); - return NULL; + return ret; } + if (res-count != 1
svn commit: samba r16166 - in branches/SAMBA_4_0/source: rpc_server/samr setup
Author: abartlet Date: 2006-06-12 20:00:18 + (Mon, 12 Jun 2006) New Revision: 16166 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=16166 Log: Remove hexidecimal constants from the Samba4 provision files. This change is required for compatibility with the OSX client, in particular, but returning 0x8002 rather than -2147483646 violates what LDAP clients expect in general. Andrew Bartlett Modified: branches/SAMBA_4_0/source/rpc_server/samr/dcesrv_samr.c branches/SAMBA_4_0/source/setup/provision.ldif branches/SAMBA_4_0/source/setup/provision_templates.ldif branches/SAMBA_4_0/source/setup/provision_users.ldif Changeset: Sorry, the patch is too large (679 lines) to include; please use WebSVN to see it! WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=16166
svn commit: samba r16167 - in branches/SAMBA_4_0/testprogs/ejs: .
Author: abartlet Date: 2006-06-12 20:02:16 + (Mon, 12 Jun 2006) New Revision: 16167 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=16167 Log: Add tests for the changes to use hex digits, including some tests commented out until we fix some more things on our server. Andrew Bartlett Modified: branches/SAMBA_4_0/testprogs/ejs/ldap.js Changeset: Modified: branches/SAMBA_4_0/testprogs/ejs/ldap.js === --- branches/SAMBA_4_0/testprogs/ejs/ldap.js2006-06-12 20:00:18 UTC (rev 16166) +++ branches/SAMBA_4_0/testprogs/ejs/ldap.js2006-06-12 20:02:16 UTC (rev 16167) @@ -76,6 +76,30 @@ } } + var ok = ldb.add( +dn: cn=ldaptest2computer,cn=computers, + base_dn + +objectClass: computer +cn: LDAPtest2COMPUTER +userAccountControl: 4096 +); + if (!ok) { + ok = ldb.del(cn=ldaptest2computer,cn=computers, + base_dn); + if (!ok) { + println(ldb.errstring()); + assert(ok); + } + ok = ldb.add( +dn: cn=ldaptest2computer,cn=computers, + base_dn + +objectClass: computer +cn: LDAPtest2COMPUTER +userAccountControl: 4096 +); + if (!ok) { + println(ldb.errstring()); + assert(ok); + } + } + ok = ldb.add( dn: cn=ldaptestuser2,cn=users, + base_dn + objectClass: person @@ -157,6 +181,8 @@ assert(res[0].objectGUID != undefined); assert(res[0].whenCreated != undefined); assert(res[0].objectCategory == cn=Person,cn=Schema,cn=Configuration, + base_dn); + assert(res[0].sAMAccountType == 805306368); +// assert(res[0].userAccountControl == 546); println(Testing ldb.search for ((cn=ldaptestuser)(objectCategory=cn=person,cn=schema,cn=configuration, + base_dn + ))); var res2 = ldb.search(((cn=ldaptestuser)(objectCategory=cn=person,cn=schema,cn=configuration, + base_dn + ))); @@ -200,6 +226,8 @@ assert(res[0].objectGUID != undefined); assert(res[0].whenCreated != undefined); assert(res[0].objectCategory == cn=Computer,cn=Schema,cn=Configuration, + base_dn); +// assert(res[0].sAMAccountType == 805306368); +// assert(res[0].userAccountControl == 546); println(Testing ldb.search for ((cn=ldaptestcomputer)(objectCategory=cn=computer,cn=schema,cn=configuration, + base_dn + ))); var res2 = ldb.search(((cn=ldaptestcomputer)(objectCategory=cn=computer,cn=schema,cn=configuration, + base_dn + ))); @@ -219,10 +247,10 @@ assert(res[0].dn == res3[0].dn); - println(Testing ldb.search for ((cn=ldaptest*computer)(objectCategory=compuTER))); - var res4 = ldb.search(((cn=ldaptest*computer)(objectCategory=compuTER))); + println(Testing ldb.search for ((cn=ldaptestcomp*r)(objectCategory=compuTER))); + var res4 = ldb.search(((cn=ldaptestcomp*r)(objectCategory=compuTER))); if (res4.length != 1) { - println(Could not find ((cn=ldaptest*computer)(objectCategory=compuTER))); + println(Could not find ((cn=ldaptestcomp*r)(objectCategory=compuTER))); assert(res4.length == 1); } @@ -252,6 +280,28 @@ assert(ok); } + println(Testing ldb.search for ((cn=ldaptest2computer)(objectClass=user))); + var res = ldb.search(((cn=ldaptest2computer)(objectClass=user))); + if (res.length != 1) { + println(Could not find ((cn=ldaptest2computer)(objectClass=user))); + assert(res.length == 1); + } + + assert(res[0].dn == cn=ldaptest2computer,cn=computers, + base_dn); + assert(res[0].cn == ldaptest2computer); + assert(res[0].name == ldaptest2computer); + assert(res[0].objectClass[0] == top); + assert(res[0].objectClass[1] == person); + assert(res[0].objectClass[2] == organizationalPerson); + assert(res[0].objectClass[3] == user); + assert(res[0].objectClass[4] == computer); + assert(res[0].objectGUID != undefined); + assert(res[0].whenCreated != undefined); + assert(res[0].objectCategory == cn=Computer,cn=Schema,cn=Configuration, + base_dn); + assert(res[0].sAMAccountType == 805306369); +// assert(res[0].userAccountControl == 4098); + + println(Testing ldb.search for ((cn=ldaptestUSer2)(objectClass=user))); var res = ldb.search(((cn=ldaptestUSer2)(objectClass=user))); if (res.length != 1) {
svn commit: samba r16168 - in branches/SAMBA_4_0/source/scripting/ejs: .
Author: abartlet Date: 2006-06-12 20:08:19 + (Mon, 12 Jun 2006) New Revision: 16168 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=16168 Log: Make the example match the actual function. This was very confusing until I really looked at it. Andrew Bartlett Modified: branches/SAMBA_4_0/source/scripting/ejs/smbcalls_ldb.c Changeset: Modified: branches/SAMBA_4_0/source/scripting/ejs/smbcalls_ldb.c === --- branches/SAMBA_4_0/source/scripting/ejs/smbcalls_ldb.c 2006-06-12 20:02:16 UTC (rev 16167) +++ branches/SAMBA_4_0/source/scripting/ejs/smbcalls_ldb.c 2006-06-12 20:08:19 UTC (rev 16168) @@ -48,7 +48,7 @@ var attrs = new Array(attr1, attr2, attr3); ldb.search(expression, attrs); var basedn = cn=this,dc=is,dc=a,dc=test; - ldb.search(expression, attrs, ldb.SCOPE_SUBTREE, basedn); + ldb.search(expression, basedn, ldb.SCOPE_SUBTREE, attrs); */ static int ejs_ldbSearch(MprVarHandle eid, int argc, struct MprVar **argv) {
svn commit: samba r16172 - in branches/SAMBA_4_0/source/lib/ldb/common: .
Author: abartlet Date: 2006-06-12 21:29:21 + (Mon, 12 Jun 2006) New Revision: 16172 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=16172 Log: Translate the ldb error codes into appropriate messages for the transaction cases. Andrew Bartlett Modified: branches/SAMBA_4_0/source/lib/ldb/common/ldb.c Changeset: Modified: branches/SAMBA_4_0/source/lib/ldb/common/ldb.c === --- branches/SAMBA_4_0/source/lib/ldb/common/ldb.c 2006-06-12 20:26:01 UTC (rev 16171) +++ branches/SAMBA_4_0/source/lib/ldb/common/ldb.c 2006-06-12 21:29:21 UTC (rev 16172) @@ -214,7 +214,9 @@ if (ldb-err_string == NULL) { /* no error string was setup by the backend */ ldb_set_errstring(ldb, - talloc_asprintf(ldb, ldb transaction start error %d, status)); + talloc_asprintf(ldb, ldb transaction start: %s (%d), + ldb_strerror(status), + status)); } } return status; @@ -236,7 +238,9 @@ if (ldb-err_string == NULL) { /* no error string was setup by the backend */ ldb_set_errstring(ldb, - talloc_asprintf(ldb, ldb transaction commit error %d, status)); + talloc_asprintf(ldb, ldb transaction commit: %s (%d), + ldb_strerror(status), + status)); } } return status; @@ -256,7 +260,9 @@ if (ldb-err_string == NULL) { /* no error string was setup by the backend */ ldb_set_errstring(ldb, - talloc_asprintf(ldb, ldb transaction cancel error %d, status)); + talloc_asprintf(ldb, ldb transaction cancel: %s (%d), + ldb_strerror(status), + status)); } } return status;
svn commit: samba r16125 - in branches/SAMBA_4_0/source/dsdb/samdb: .
Author: abartlet Date: 2006-06-09 16:33:46 + (Fri, 09 Jun 2006) New Revision: 16125 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=16125 Log: Add another helpful utility function: samdb_msg_add_int() Andrew Bartlett Modified: branches/SAMBA_4_0/source/dsdb/samdb/samdb.c Changeset: Modified: branches/SAMBA_4_0/source/dsdb/samdb/samdb.c === --- branches/SAMBA_4_0/source/dsdb/samdb/samdb.c2006-06-09 14:59:04 UTC (rev 16124) +++ branches/SAMBA_4_0/source/dsdb/samdb/samdb.c2006-06-09 16:33:46 UTC (rev 16125) @@ -761,6 +761,16 @@ } /* + add a int element to a message +*/ +int samdb_msg_add_int(struct ldb_context *sam_ldb, TALLOC_CTX *mem_ctx, struct ldb_message *msg, + const char *attr_name, int v) +{ + const char *s = talloc_asprintf(mem_ctx, %d, v); + return samdb_msg_add_string(sam_ldb, mem_ctx, msg, attr_name, s); +} + +/* add a uint_t element to a message */ int samdb_msg_add_uint(struct ldb_context *sam_ldb, TALLOC_CTX *mem_ctx, struct ldb_message *msg,
svn commit: samba r16129 - in branches/SAMBA_4_0/source/dsdb/samdb/ldb_modules: .
Author: abartlet Date: 2006-06-09 21:10:08 + (Fri, 09 Jun 2006) New Revision: 16129 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=16129 Log: Further clean up the samldb module. This adds more/better setting of the ldb error string, and avoids using gendb_search(), as this doens't return the error code. Andrew Bartlett Modified: branches/SAMBA_4_0/source/dsdb/samdb/ldb_modules/samldb.c Changeset: Modified: branches/SAMBA_4_0/source/dsdb/samdb/ldb_modules/samldb.c === --- branches/SAMBA_4_0/source/dsdb/samdb/ldb_modules/samldb.c 2006-06-09 19:32:17 UTC (rev 16128) +++ branches/SAMBA_4_0/source/dsdb/samdb/ldb_modules/samldb.c 2006-06-09 21:10:08 UTC (rev 16129) @@ -351,31 +351,36 @@ int ret; struct ldb_dn *dom_dn; struct dom_sid *dom_sid; - const char *dom_attrs[] = { NULL }; - struct ldb_message **dom_msgs; + const char *attrs[] = { NULL }; + struct ldb_result *dom_res; + struct ldb_result *res; uint32_t old_rid; + char *filter; - /* find the domain DN */ + /* find if this SID already exists */ - ret = gendb_search(module-ldb, - mem_ctx, NULL, dom_msgs, dom_attrs, - objectSid=%s, - ldap_encode_ndr_dom_sid(mem_ctx, sid)); - if (ret 0) { - ldb_set_errstring(module-ldb, - talloc_asprintf(mem_ctx, - Attempt to add record with SID %s rejected, - because this SID is already in the database, - dom_sid_string(mem_ctx, sid))); - /* We have a duplicate SID, we must reject the add */ - talloc_free(dom_msgs); - return LDB_ERR_CONSTRAINT_VIOLATION; + filter = talloc_asprintf(mem_ctx, (objectSid=%s), +ldap_encode_ndr_dom_sid(mem_ctx, sid)); + + ret = ldb_search(module-ldb, samdb_base_dn(mem_ctx), LDB_SCOPE_SUBTREE, filter, attrs, res); + if (ret == LDB_SUCCESS) { + if (res-count 0) { + talloc_free(res); + ldb_set_errstring(module-ldb, + talloc_asprintf(mem_ctx, + Attempt to add record with SID %s rejected, + because this SID is already in the database, + dom_sid_string(mem_ctx, sid))); + /* We have a duplicate SID, we must reject the add */ + return LDB_ERR_CONSTRAINT_VIOLATION; + } + talloc_free(res); + } else { + ldb_set_errstring(module-ldb, talloc_asprintf(module, samldb_notice_sid: error searching to see if sid %s is in use: %s\n, + dom_sid_string(dom_res, sid), + ldb_errstring(module-ldb))); + return ret; } - - if (ret == -1) { - ldb_debug(module-ldb, LDB_DEBUG_FATAL, samldb_get_new_sid: error searching for proposed sid!\n); - return LDB_ERR_OPERATIONS_ERROR; - } dom_sid = dom_sid_dup(mem_ctx, sid); if (!dom_sid) { @@ -385,33 +390,38 @@ dom_sid-num_auths--; /* find the domain DN */ + + filter = talloc_asprintf(mem_ctx, ((objectSid=%s)(objectclass=domain)), +ldap_encode_ndr_dom_sid(mem_ctx, dom_sid)); - ret = gendb_search(module-ldb, - mem_ctx, NULL, dom_msgs, dom_attrs, - ((objectSid=%s)(objectclass=domain)), - ldap_encode_ndr_dom_sid(mem_ctx, dom_sid)); - if (ret == 0) { - /* This isn't an operation on a domain we know about, so nothing to update */ - return LDB_SUCCESS; - } + ret = ldb_search(module-ldb, samdb_base_dn(mem_ctx), LDB_SCOPE_SUBTREE, filter, attrs, dom_res); + if (ret == LDB_SUCCESS) { + talloc_steal(mem_ctx, dom_res); + if (dom_res-count == 0) { + talloc_free(dom_res); + /* This isn't an operation on a domain we know about, so nothing to update */ + return LDB_SUCCESS; + } - if (ret 1) { - ldb_debug(module-ldb, LDB_DEBUG_FATAL, samldb_get_new_sid: error retrieving domain from sid: duplicate domains!\n); - talloc_free(dom_msgs); - return LDB_ERR_OPERATIONS_ERROR; + if (dom_res-count 1
svn commit: samba r16108 - in branches/SAMBA_4_0/source/dsdb/samdb/ldb_modules: .
Author: abartlet Date: 2006-06-08 23:22:04 + (Thu, 08 Jun 2006) New Revision: 16108 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=16108 Log: Fixes from working with the partition module. We were not using the correct baseDN for the templates search. Using NULL is no longer valid (like against AD). While chasing that down, return proper error codes, and use the ldb_set_errstr() to get a good error string back up to the UI layer. Andrew Bartlett Modified: branches/SAMBA_4_0/source/dsdb/samdb/ldb_modules/samldb.c Changeset: Modified: branches/SAMBA_4_0/source/dsdb/samdb/ldb_modules/samldb.c === --- branches/SAMBA_4_0/source/dsdb/samdb/ldb_modules/samldb.c 2006-06-08 21:53:47 UTC (rev 16107) +++ branches/SAMBA_4_0/source/dsdb/samdb/ldb_modules/samldb.c 2006-06-08 23:22:04 UTC (rev 16108) @@ -483,12 +483,14 @@ struct ldb_message *t; int ret, i, j; + struct ldb_dn *basedn = ldb_dn_string_compose(msg, samdb_base_dn(msg), cn=Templates); /* pull the template record */ - ret = ldb_search(module-ldb, NULL, LDB_SCOPE_SUBTREE, filter, NULL, res); + ret = ldb_search(module-ldb, basedn, LDB_SCOPE_SUBTREE, filter, NULL, res); if (ret != LDB_SUCCESS || res-count != 1) { - ldb_debug(module-ldb, LDB_DEBUG_WARNING, samldb: ERROR: template '%s' matched too many records\n, filter); - return -1; + ldb_set_errstring(module-ldb, talloc_asprintf(module, samldb_copy_template: ERROR: template '%s' matched %d records, expected 1\n, filter, + res-count)); + return LDB_ERR_OPERATIONS_ERROR; } t = res-msgs[0]; @@ -515,16 +517,16 @@ if ( ! samldb_find_or_add_value(module, msg, el-name, (char *)el-values[j].data, (char *)el-values[j].data)) { - ldb_debug(module-ldb, LDB_DEBUG_FATAL, Attribute adding failed...\n); + ldb_set_errstring(module-ldb, talloc_asprintf(module, Adding objectClass %s failed.\n, el-values[j].data)); talloc_free(res); - return -1; + return LDB_ERR_OPERATIONS_ERROR; } } else { if ( ! samldb_find_or_add_attribute(module, msg, el-name, (char *)el-values[j].data)) { - ldb_debug(module-ldb, LDB_DEBUG_FATAL, Attribute adding failed...\n); + ldb_set_errstring(module-ldb, talloc_asprintf(module, Adding attribute %s failed.\n, el-name)); talloc_free(res); - return -1; + return LDB_ERR_OPERATIONS_ERROR; } } } @@ -532,7 +534,7 @@ talloc_free(res); - return 0; + return LDB_SUCCESS; } static int samldb_fill_group_object(struct ldb_module *module, const struct ldb_message *msg, @@ -557,7 +559,6 @@ ret = samldb_copy_template(module, msg2, ((CN=TemplateGroup)(objectclass=groupTemplate))); if (ret != 0) { - ldb_debug(module-ldb, LDB_DEBUG_WARNING, samldb_fill_group_object: Error copying template!\n); talloc_free(mem_ctx); return ret; } @@ -755,13 +756,17 @@ ldap_encode_ndr_dom_sid(mem_ctx, dom_sid)); if (ret = 1) { const char *name = samdb_result_string(dom_msgs[0], name, NULL); - ldb_set_errstring(module-ldb, talloc_asprintf(mem_ctx, Attempt to add foreign SID record with SID %s rejected, because this domian (%s) is already in the database, dom_sid_string(mem_ctx, sid), name)); + ldb_set_errstring(module-ldb, talloc_asprintf(mem_ctx, + Attempt to add foreign SID record with SID %s rejected, because this domian (%s) is already in the database, + dom_sid_string(mem_ctx, sid), name)); /* We don't really like the idea of foreign sids that are not foreign */ return LDB_ERR_CONSTRAINT_VIOLATION; } else if (ret == -1) { - ldb_debug(module-ldb, LDB_DEBUG_FATAL, samldb_fill_foreignSecurityPrincipal_object: error searching for a domain with this sid: %s\n, dom_sid_string(mem_ctx, dom_sid
svn commit: samba r16109 - in branches/SAMBA_4_0/source/dsdb/samdb/ldb_modules: .
Author: abartlet Date: 2006-06-08 23:23:14 + (Thu, 08 Jun 2006) New Revision: 16109 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=16109 Log: Make this module simpiler, don't intercept operations we are not going to implement. Andrew Bartlett Modified: branches/SAMBA_4_0/source/dsdb/samdb/ldb_modules/kludge_acl.c Changeset: Modified: branches/SAMBA_4_0/source/dsdb/samdb/ldb_modules/kludge_acl.c === --- branches/SAMBA_4_0/source/dsdb/samdb/ldb_modules/kludge_acl.c 2006-06-08 23:22:04 UTC (rev 16108) +++ branches/SAMBA_4_0/source/dsdb/samdb/ldb_modules/kludge_acl.c 2006-06-08 23:23:14 UTC (rev 16109) @@ -207,24 +207,6 @@ } } -/* start a transaction */ -static int kludge_acl_start_trans(struct ldb_module *module) -{ - return ldb_next_start_trans(module); -} - -/* end a transaction */ -static int kludge_acl_end_trans(struct ldb_module *module) -{ - return ldb_next_end_trans(module); -} - -/* delete a transaction */ -static int kludge_acl_del_trans(struct ldb_module *module) -{ - return ldb_next_del_trans(module); -} - static int kludge_acl_init(struct ldb_module *module) { int ret, i; @@ -294,9 +276,6 @@ .modify= kludge_acl_change, .del = kludge_acl_change, .rename= kludge_acl_change, - .start_transaction = kludge_acl_start_trans, - .end_transaction = kludge_acl_end_trans, - .del_transaction = kludge_acl_del_trans, .init_context = kludge_acl_init };
svn commit: samba r16110 - in branches/SAMBA_4_0/testprogs/ejs: .
Author: abartlet Date: 2006-06-09 00:04:36 + (Fri, 09 Jun 2006) New Revision: 16110 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=16110 Log: Start some simple rootDSE LDAP tests in ejs. Andrew Bartlett Modified: branches/SAMBA_4_0/testprogs/ejs/ldap.js Changeset: Modified: branches/SAMBA_4_0/testprogs/ejs/ldap.js === --- branches/SAMBA_4_0/testprogs/ejs/ldap.js2006-06-08 23:23:14 UTC (rev 16109) +++ branches/SAMBA_4_0/testprogs/ejs/ldap.js2006-06-09 00:04:36 UTC (rev 16110) @@ -309,6 +309,13 @@ assert(res[0].cn == ldaptestutf8user2 èùéìòà ); } + println(Testing for highestCommittedUSN); + var attrs = new Array(highestCommittedUSN); + var res = ldb.search(, , ldb.SCOPE_BASE, attrs); + assert(res.length == 1); + assert(res[0].highestCommittedUSN != undefined); + assert(res[0].highestCommittedUSN != 0); + } function find_basedn(ldb)
svn commit: samba r16082 - in branches/SAMBA_4_0/source/setup: .
Author: abartlet Date: 2006-06-07 20:43:50 + (Wed, 07 Jun 2006) New Revision: 16082 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=16082 Log: Index objectCategory like objectClass, as it is searched on a lot. Andrew Bartlett Modified: branches/SAMBA_4_0/source/setup/provision_init.ldif Changeset: Modified: branches/SAMBA_4_0/source/setup/provision_init.ldif === --- branches/SAMBA_4_0/source/setup/provision_init.ldif 2006-06-07 14:45:07 UTC (rev 16081) +++ branches/SAMBA_4_0/source/setup/provision_init.ldif 2006-06-07 20:43:50 UTC (rev 16082) @@ -3,6 +3,7 @@ @IDXATTR: sAMAccountName @IDXATTR: objectSid @IDXATTR: objectClass [EMAIL PROTECTED]: objectCategory @IDXATTR: member @IDXATTR: unixID @IDXATTR: unixName
svn commit: samba r16083 - in branches/SAMBA_4_0/source: dsdb/samdb/ldb_modules lib/ldb/common lib/ldb/include lib/ldb/ldb_ildap lib/ldb/ldb_ldap lib/ldb/ldb_sqlite3 lib/ldb/ldb_tdb
Author: abartlet Date: 2006-06-07 21:03:38 + (Wed, 07 Jun 2006) New Revision: 16083 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=16083 Log: Make it possible to initialise a backend module, without it setting up the whole ldb structure. Because the sequence number was a fn pointer on the main ldb context, turn it into a full request (currently sync). Andrew Bartlett Modified: branches/SAMBA_4_0/source/dsdb/samdb/ldb_modules/rootdse.c branches/SAMBA_4_0/source/lib/ldb/common/ldb.c branches/SAMBA_4_0/source/lib/ldb/common/ldb_modules.c branches/SAMBA_4_0/source/lib/ldb/include/ldb.h branches/SAMBA_4_0/source/lib/ldb/include/ldb_private.h branches/SAMBA_4_0/source/lib/ldb/ldb_ildap/ldb_ildap.c branches/SAMBA_4_0/source/lib/ldb/ldb_ldap/ldb_ldap.c branches/SAMBA_4_0/source/lib/ldb/ldb_sqlite3/ldb_sqlite3.c branches/SAMBA_4_0/source/lib/ldb/ldb_tdb/ldb_tdb.c Changeset: Modified: branches/SAMBA_4_0/source/dsdb/samdb/ldb_modules/rootdse.c === --- branches/SAMBA_4_0/source/dsdb/samdb/ldb_modules/rootdse.c 2006-06-07 20:43:50 UTC (rev 16082) +++ branches/SAMBA_4_0/source/dsdb/samdb/ldb_modules/rootdse.c 2006-06-07 21:03:38 UTC (rev 16083) @@ -102,10 +102,13 @@ } if (do_attribute(attrs, highestCommittedUSN)) { - if (module-ldb-sequence_number != NULL - ldb_msg_add_fmt(msg, highestCommittedUSN, - %llu, module-ldb-sequence_number(module-ldb)) != 0) { - goto failed; + uint64_t seq_num; + int ret = ldb_sequence_number(module-ldb, seq_num); + if (ret == LDB_SUCCESS) { + if (ldb_msg_add_fmt(msg, highestCommittedUSN, + %llu, seq_num) != 0) { + goto failed; + } } } Modified: branches/SAMBA_4_0/source/lib/ldb/common/ldb.c === --- branches/SAMBA_4_0/source/lib/ldb/common/ldb.c 2006-06-07 20:43:50 UTC (rev 16082) +++ branches/SAMBA_4_0/source/lib/ldb/common/ldb.c 2006-06-07 21:03:38 UTC (rev 16083) @@ -91,16 +91,20 @@ } /* - connect to a database. The URL can either be one of the following forms + Return the ldb module form of a database. The URL can either be one of the following forms ldb://path ldapi://path flags is made up of LDB_FLG_* the options are passed uninterpreted to the backend, and are - backend specific + backend specific. + + This allows modules to get at only the backend module, for example where a module + may wish to direct certain requests at a particular backend. */ -int ldb_connect(struct ldb_context *ldb, const char *url, unsigned int flags, const char *options[]) +int ldb_connect_backend(struct ldb_context *ldb, const char *url, unsigned int flags, const char *options[], + struct ldb_module **backend_module) { int ret; char *backend; @@ -128,13 +132,35 @@ return LDB_ERR_OTHER; } - ret = fn(ldb, url, flags, options); + ret = fn(ldb, url, flags, options, backend_module); if (ret != LDB_SUCCESS) { ldb_debug(ldb, LDB_DEBUG_ERROR, Failed to connect to '%s'\n, url); return ret; } + return ret; +} + +/* + connect to a database. The URL can either be one of the following forms + ldb://path + ldapi://path + + flags is made up of LDB_FLG_* + + the options are passed uninterpreted to the backend, and are + backend specific +*/ +int ldb_connect(struct ldb_context *ldb, const char *url, unsigned int flags, const char *options[]) +{ + int ret; + + ret = ldb_connect_backend(ldb, url, flags, options, ldb-modules); + if (ret != LDB_SUCCESS) { + return ret; + } + if (ldb_load_modules(ldb, options) != LDB_SUCCESS) { ldb_debug(ldb, LDB_DEBUG_FATAL, Unable to load modules for '%s'\n, url); return LDB_ERR_OTHER; @@ -395,6 +421,10 @@ FIRST_OP(ldb, rename); ret = module-ops-rename(module, req); break; + case LDB_SEQUENCE_NUMBER: + FIRST_OP(ldb, sequence_number); + ret = module-ops-sequence_number(module, req); + break; default: FIRST_OP(ldb, request); ret = module-ops-request(module, req); @@ -655,7 +685,39 @@ } +/* + rename a record in the database +*/ +int ldb_sequence_number(struct ldb_context *ldb, uint64_t *seq_num) +{ + struct ldb_request *req; + int ret; + req = talloc(ldb, struct ldb_request); + if (req == NULL) { + ldb_set_errstring(ldb, talloc_strdup(ldb, Out of memory
svn commit: samba r16084 - in branches/SAMBA_4_0/source/lib/ldb/include: .
Author: abartlet Date: 2006-06-07 22:03:06 + (Wed, 07 Jun 2006) New Revision: 16084 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=16084 Log: Add private prototype for new ldb_connect_backend() function. Andrew Bartlett Modified: branches/SAMBA_4_0/source/lib/ldb/include/ldb_private.h Changeset: Modified: branches/SAMBA_4_0/source/lib/ldb/include/ldb_private.h === --- branches/SAMBA_4_0/source/lib/ldb/include/ldb_private.h 2006-06-07 21:03:38 UTC (rev 16083) +++ branches/SAMBA_4_0/source/lib/ldb/include/ldb_private.h 2006-06-07 22:03:06 UTC (rev 16084) @@ -130,6 +130,11 @@ */ #define ldb_oom(ldb) ldb_debug_set(ldb, LDB_DEBUG_FATAL, ldb out of memory at %s:%d\n, __FILE__, __LINE__) +/* The following definitions come from lib/ldb/common/ldb.c */ + +int ldb_connect_backend(struct ldb_context *ldb, const char *url, unsigned int flags, const char *options[], + struct ldb_module **backend_module); + /* The following definitions come from lib/ldb/common/ldb_modules.c */ int ldb_load_modules(struct ldb_context *ldb, const char *options[]);
svn commit: samba r16085 - in branches/SAMBA_4_0/source/lib/ldb/common: .
Author: abartlet Date: 2006-06-08 00:58:57 + (Thu, 08 Jun 2006) New Revision: 16085 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=16085 Log: Set the error string if we fail to find a valid op to execute. Helps in chasing down bugs :-) Andrew Bartlett Modified: branches/SAMBA_4_0/source/lib/ldb/common/ldb.c Changeset: Modified: branches/SAMBA_4_0/source/lib/ldb/common/ldb.c === --- branches/SAMBA_4_0/source/lib/ldb/common/ldb.c 2006-06-07 22:03:06 UTC (rev 16084) +++ branches/SAMBA_4_0/source/lib/ldb/common/ldb.c 2006-06-08 00:58:57 UTC (rev 16085) @@ -189,9 +189,13 @@ } #define FIRST_OP(ldb, op) do { \ - module = ldb-modules; \ + module = ldb-modules; \ while (module module-ops-op == NULL) module = module-next; \ - if (module == NULL) return LDB_ERR_OPERATIONS_ERROR; \ + if (module == NULL) { \ + ldb_set_errstring(ldb, \ + talloc_asprintf(ldb, unable to find module or backend to handle operation: #op)); \ + return LDB_ERR_OPERATIONS_ERROR;\ + } \ } while (0) /*
svn commit: samba r16086 - in branches/SAMBA_4_0/source/lib/ldb/common: .
Author: abartlet Date: 2006-06-08 01:00:46 + (Thu, 08 Jun 2006) New Revision: 16086 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=16086 Log: Ensure we can never dereference NULL pointers, and that describe what these two DN comparison functions do. Andrew Bartlett Modified: branches/SAMBA_4_0/source/lib/ldb/common/ldb_dn.c Changeset: Modified: branches/SAMBA_4_0/source/lib/ldb/common/ldb_dn.c === --- branches/SAMBA_4_0/source/lib/ldb/common/ldb_dn.c 2006-06-08 00:58:57 UTC (rev 16085) +++ branches/SAMBA_4_0/source/lib/ldb/common/ldb_dn.c 2006-06-08 01:00:46 UTC (rev 16086) @@ -478,23 +478,25 @@ return NULL; } -/* compare DNs using casefolding compare functions */ +/* Determine if dn is below base, in the ldap tree. Used for + * evaluating a subtree search. + * 0 if they match, otherwise non-zero + */ int ldb_dn_compare_base(struct ldb_context *ldb, - const struct ldb_dn *base, - const struct ldb_dn *dn) + const struct ldb_dn *base, + const struct ldb_dn *dn) { int ret; int n0, n1; + if (base == NULL || base-comp_num == 0) return 0; + if (dn == NULL || dn-comp_num == 0) return -1; + if (base-comp_num dn-comp_num) { return (dn-comp_num - base-comp_num); } - if (base == NULL || base-comp_num == 0) return 0; - if (dn == NULL || dn-comp_num == 0) return -1; - if (base-comp_num dn-comp_num) return -1; - /* if the number of components doesn't match they differ */ n0 = base-comp_num - 1; n1 = dn-comp_num - 1; @@ -522,6 +524,11 @@ return 0; } +/* compare DNs using casefolding compare functions. + + If they match, then return 0 + */ + int ldb_dn_compare(struct ldb_context *ldb, const struct ldb_dn *edn0, const struct ldb_dn *edn1)
svn commit: samba r16087 - in branches/SAMBA_4_0/source/lib/ldb: ldb_ildap ldb_ldap ldb_sqlite3 ldb_tdb
Author: abartlet Date: 2006-06-08 01:02:14 + (Thu, 08 Jun 2006) New Revision: 16087 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=16087 Log: Fix silly cut-and-paste typo that cost me much of my afternoon... This only affects my new partitions module, which I will post soon, but should be fixed anyway. Andrew Bartlett Modified: branches/SAMBA_4_0/source/lib/ldb/ldb_ildap/ldb_ildap.c branches/SAMBA_4_0/source/lib/ldb/ldb_ldap/ldb_ldap.c branches/SAMBA_4_0/source/lib/ldb/ldb_sqlite3/ldb_sqlite3.c branches/SAMBA_4_0/source/lib/ldb/ldb_tdb/ldb_tdb.c Changeset: Modified: branches/SAMBA_4_0/source/lib/ldb/ldb_ildap/ldb_ildap.c === --- branches/SAMBA_4_0/source/lib/ldb/ldb_ildap/ldb_ildap.c 2006-06-08 01:00:46 UTC (rev 16086) +++ branches/SAMBA_4_0/source/lib/ldb/ldb_ildap/ldb_ildap.c 2006-06-08 01:02:14 UTC (rev 16087) @@ -833,7 +833,7 @@ return -1; } (*module)-ldb = ldb; - (*module)-prev = ldb-modules-next = NULL; + (*module)-prev = (*module)-next = NULL; (*module)-private_data = ildb; (*module)-ops = ildb_ops; @@ -869,9 +869,6 @@ return 0; failed: - if (ldb-modules) { - ldb-modules-private_data = NULL; - } talloc_free(ildb); return -1; } Modified: branches/SAMBA_4_0/source/lib/ldb/ldb_ldap/ldb_ldap.c === --- branches/SAMBA_4_0/source/lib/ldb/ldb_ldap/ldb_ldap.c 2006-06-08 01:00:46 UTC (rev 16086) +++ branches/SAMBA_4_0/source/lib/ldb/ldb_ldap/ldb_ldap.c 2006-06-08 01:02:14 UTC (rev 16087) @@ -811,7 +811,7 @@ return -1; } (*module)-ldb = ldb; - (*module)-prev = ldb-modules-next = NULL; + (*module)-prev = (*module)-next = NULL; (*module)-private_data = lldb; (*module)-ops = lldb_ops; Modified: branches/SAMBA_4_0/source/lib/ldb/ldb_sqlite3/ldb_sqlite3.c === --- branches/SAMBA_4_0/source/lib/ldb/ldb_sqlite3/ldb_sqlite3.c 2006-06-08 01:00:46 UTC (rev 16086) +++ branches/SAMBA_4_0/source/lib/ldb/ldb_sqlite3/ldb_sqlite3.c 2006-06-08 01:02:14 UTC (rev 16087) @@ -2106,7 +2106,7 @@ goto failed; } (*module)-ldb = ldb; - (*module)-prev = ldb-modules-next = NULL; + (*module)-prev = (*module)-next = NULL; (*module)-private_data = lsqlite3; (*module)-ops = lsqlite3_ops; Modified: branches/SAMBA_4_0/source/lib/ldb/ldb_tdb/ldb_tdb.c === --- branches/SAMBA_4_0/source/lib/ldb/ldb_tdb/ldb_tdb.c 2006-06-08 01:00:46 UTC (rev 16086) +++ branches/SAMBA_4_0/source/lib/ldb/ldb_tdb/ldb_tdb.c 2006-06-08 01:02:14 UTC (rev 16087) @@ -1028,7 +1028,7 @@ return -1; } (*module)-ldb = ldb; - (*module)-prev = ldb-modules-next = NULL; + (*module)-prev = (*module)-next = NULL; (*module)-private_data = ltdb; (*module)-ops = ltdb_ops;
svn commit: samba r16061 - in branches/SAMBA_4_0: source/dsdb/samdb/ldb_modules testprogs/ejs
Author: abartlet Date: 2006-06-06 17:19:58 + (Tue, 06 Jun 2006) New Revision: 16061 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=16061 Log: Prove that removing the objectClass list in the samldb module breaks things. With this fix, we now correctly detect computers again, and get the correct objectCategory, which is important for the OSX AD plugin. Andrew Bartlett Modified: branches/SAMBA_4_0/source/dsdb/samdb/ldb_modules/samldb.c branches/SAMBA_4_0/testprogs/ejs/ldap.js Changeset: Modified: branches/SAMBA_4_0/source/dsdb/samdb/ldb_modules/samldb.c === --- branches/SAMBA_4_0/source/dsdb/samdb/ldb_modules/samldb.c 2006-06-06 14:18:12 UTC (rev 16060) +++ branches/SAMBA_4_0/source/dsdb/samdb/ldb_modules/samldb.c 2006-06-06 17:19:58 UTC (rev 16061) @@ -615,9 +615,6 @@ return LDB_ERR_OPERATIONS_ERROR; } - /* remove objectclasses so that they will be added in the right order for MMC to be happy */ - ldb_msg_remove_attr(msg, objectclass); - if (samldb_find_attribute(msg, objectclass, computer) != NULL) { ret = samldb_copy_template(module, msg2, ((CN=TemplateComputer)(objectclass=userTemplate))); Modified: branches/SAMBA_4_0/testprogs/ejs/ldap.js === --- branches/SAMBA_4_0/testprogs/ejs/ldap.js2006-06-06 14:18:12 UTC (rev 16060) +++ branches/SAMBA_4_0/testprogs/ejs/ldap.js2006-06-06 17:19:58 UTC (rev 16061) @@ -54,6 +54,28 @@ } } + var ok = ldb.add( +dn: cn=ldaptestcomputer,cn=computers, + base_dn + +objectClass: computer +cn: LDAPtestCOMPUTER +); + if (!ok) { + ok = ldb.del(cn=ldaptestcomputer,cn=computers, + base_dn); + if (!ok) { + println(ldb.errstring()); + assert(ok); + } + ok = ldb.add( +dn: cn=ldaptestcomputer,cn=computers, + base_dn + +objectClass: computer +cn: LDAPtestCOMPUTER +); + if (!ok) { + println(ldb.errstring()); + assert(ok); + } + } + ok = ldb.add( dn: cn=ldaptestuser2,cn=users, + base_dn + objectClass: person @@ -134,24 +156,51 @@ assert(res[0].objectClass[3] == user); assert(res[0].objectGUID != undefined); assert(res[0].whenCreated != undefined); + assert(res[0].objectCategory == cn=Person,cn=Schema,cn=Configuration, + base_dn); - println(Testing ldb.search for ((cn=ldaptestuser)(objectClass=user))); - var res = ldb.search(((cn=ldaptestuser)(objectClass=user))); + println(Testing ldb.search for ((cn=ldaptestuser)(objectCategory=cn=person,cn=schema,cn=configuration, + base_dn + ))); + var res2 = ldb.search(((cn=ldaptestuser)(objectCategory=cn=person,cn=schema,cn=configuration, + base_dn + ))); if (res.length != 1) { + println(Could not find ((cn=ldaptestuser)(objectCategory=cn=person,cn=schema,cn=configuration, + base_dn + ))); + assert(res.length == 1); + } + + assert(res[0].dn == res2[0].dn); + + ok = ldb.del(res[0].dn); + if (!ok) { + println(ldb.errstring()); + assert(ok); + } + + println(Testing ldb.search for ((cn=ldaptestcomputer)(objectClass=user))); + var res = ldb.search(((cn=ldaptestcomputer)(objectClass=user))); + if (res.length != 1) { println(Could not find ((cn=ldaptestuser)(objectClass=user))); assert(res.length == 1); } - assert(res[0].dn == cn=ldaptestuser,cn=users, + base_dn); - assert(res[0].cn == ldaptestuser); - assert(res[0].name == ldaptestuser); + assert(res[0].dn == cn=ldaptestcomputer,cn=computers, + base_dn); + assert(res[0].cn == ldaptestcomputer); + assert(res[0].name == ldaptestcomputer); assert(res[0].objectClass[0] == top); assert(res[0].objectClass[1] == person); assert(res[0].objectClass[2] == organizationalPerson); assert(res[0].objectClass[3] == user); + assert(res[0].objectClass[4] == computer); assert(res[0].objectGUID != undefined); assert(res[0].whenCreated != undefined); + assert(res[0].objectCategory == cn=Computer,cn=Schema,cn=Configuration, + base_dn); + println(Testing ldb.search for ((cn=ldaptestcomputer)(objectCategory=cn=computer,cn=schema,cn=configuration, + base_dn + ))); + var res2 = ldb.search(((cn=ldaptestcomputer)(objectCategory=cn=computer,cn=schema,cn=configuration, + base_dn + ))); + if (res.length != 1) { + println(Could not find ((cn=ldaptestcomputer)(objectCategory=cn=computer,cn=schema,cn=configuration, + base_dn + ))); + assert(res.length == 1); + } + + assert(res[0].dn
svn commit: samba r16062 - in branches/SAMBA_4_0/source/lib/ldb/common: .
Author: abartlet Date: 2006-06-06 17:54:10 + (Tue, 06 Jun 2006) New Revision: 16062 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=16062 Log: objectCategory is a DN, and needs to be matched as such. Andrew Bartlett Modified: branches/SAMBA_4_0/source/lib/ldb/common/ldb_attributes.c Changeset: Modified: branches/SAMBA_4_0/source/lib/ldb/common/ldb_attributes.c === --- branches/SAMBA_4_0/source/lib/ldb/common/ldb_attributes.c 2006-06-06 17:19:58 UTC (rev 16061) +++ branches/SAMBA_4_0/source/lib/ldb/common/ldb_attributes.c 2006-06-06 17:54:10 UTC (rev 16062) @@ -166,6 +166,7 @@ { dn, LDB_SYNTAX_DN }, { ncName, LDB_SYNTAX_DN }, { distinguishedName, LDB_SYNTAX_DN }, + { objectCategory, LDB_SYNTAX_DN }, { cn, LDB_SYNTAX_DIRECTORY_STRING }, { dc, LDB_SYNTAX_DIRECTORY_STRING }, { ou, LDB_SYNTAX_DIRECTORY_STRING },
svn commit: samba r16063 - in branches/SAMBA_4_0/source/scripting/libjs: .
Author: abartlet Date: 2006-06-06 17:55:41 + (Tue, 06 Jun 2006) New Revision: 16063 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=16063 Log: Make is clearer when we can't write to the smb.conf Find more possible posix group names for the 'domain users' group, as the existing options don't exist in OSX. Andrew Bartlett Modified: branches/SAMBA_4_0/source/scripting/libjs/provision.js Changeset: Modified: branches/SAMBA_4_0/source/scripting/libjs/provision.js === --- branches/SAMBA_4_0/source/scripting/libjs/provision.js 2006-06-06 17:54:10 UTC (rev 16062) +++ branches/SAMBA_4_0/source/scripting/libjs/provision.js 2006-06-06 17:55:41 UTC (rev 16063) @@ -238,7 +238,7 @@ /* setup a file in the private dir */ -function setup_file(template, fname, subobj) +function setup_file(template, message, fname, subobj) { var lp = loadparm_init(); var f = fname; @@ -250,7 +250,10 @@ data = substitute_var(data, subobj); ok = sys.file_save(f, data); - assert(ok); + if (!ok) { + message(failed to create file: + f + \n); + assert(ok); + } } function provision_default_paths(subobj) @@ -355,7 +358,7 @@ var st = sys.stat(paths.smbconf); if (st == undefined) { message(Setting up smb.conf\n); - setup_file(provision.smb.conf, paths.smbconf, subobj); + setup_file(provision.smb.conf, info.message, paths.smbconf, subobj); lp.reload(); } message(Setting up secrets.ldb\n); @@ -412,7 +415,7 @@ assert(subobj.HOSTGUID != undefined); setup_file(provision.zone, - paths.dns, + message, paths.dns, subobj); message(Please install the zone located in + paths.dns + into your DNS server\n); @@ -456,7 +459,7 @@ subobj.NOGROUP = findnss(nss.getgrnam, nogroup, nobody); subobj.WHEEL= findnss(nss.getgrnam, wheel, root, staff); subobj.BACKUP = findnss(nss.getgrnam, backup, wheel, root, staff); - subobj.USERS= findnss(nss.getgrnam, users, guest, other); + subobj.USERS= findnss(nss.getgrnam, users, guest, other, unknown); subobj.DNSDOMAIN= strlower(subobj.REALM); subobj.DNSNAME = sprintf(%s.%s, strlower(subobj.HOSTNAME),
svn commit: samba r16066 - in branches/SAMBA_4_0: source/lib/ldb/common source/lib/ldb/samba testprogs/ejs
Author: abartlet Date: 2006-06-06 22:04:55 + (Tue, 06 Jun 2006) New Revision: 16066 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=16066 Log: The OSX AD plugin uses objectCategory searches a lot, and uses them both fully qualified and in the 'short' form. Now we test and support this query format. Andrew Bartlett Modified: branches/SAMBA_4_0/source/lib/ldb/common/ldb_attributes.c branches/SAMBA_4_0/source/lib/ldb/common/ldb_match.c branches/SAMBA_4_0/source/lib/ldb/samba/ldif_handlers.c branches/SAMBA_4_0/testprogs/ejs/ldap.js Changeset: Modified: branches/SAMBA_4_0/source/lib/ldb/common/ldb_attributes.c === --- branches/SAMBA_4_0/source/lib/ldb/common/ldb_attributes.c 2006-06-06 20:34:26 UTC (rev 16065) +++ branches/SAMBA_4_0/source/lib/ldb/common/ldb_attributes.c 2006-06-06 22:04:55 UTC (rev 16066) @@ -166,7 +166,6 @@ { dn, LDB_SYNTAX_DN }, { ncName, LDB_SYNTAX_DN }, { distinguishedName, LDB_SYNTAX_DN }, - { objectCategory, LDB_SYNTAX_DN }, { cn, LDB_SYNTAX_DIRECTORY_STRING }, { dc, LDB_SYNTAX_DIRECTORY_STRING }, { ou, LDB_SYNTAX_DIRECTORY_STRING }, Modified: branches/SAMBA_4_0/source/lib/ldb/common/ldb_match.c === --- branches/SAMBA_4_0/source/lib/ldb/common/ldb_match.c2006-06-06 20:34:26 UTC (rev 16065) +++ branches/SAMBA_4_0/source/lib/ldb/common/ldb_match.c2006-06-06 22:04:55 UTC (rev 16066) @@ -207,8 +207,11 @@ chunk = tree-u.substring.chunks[c]; if(h-canonicalise_fn(ldb, ldb, chunk, cnk) != 0) goto failed; - /* FIXME: case of embedded nulls */ - if (strncmp((char *)val.data, (char *)cnk.data, cnk.length) != 0) goto failed; + /* This deals with wildcard prefix searches on binary attributes (eg objectGUID) */ + if (cnk.length val.length) { + goto failed; + } + if (memcmp((char *)val.data, (char *)cnk.data, cnk.length) != 0) goto failed; val.length -= cnk.length; val.data += cnk.length; c++; Modified: branches/SAMBA_4_0/source/lib/ldb/samba/ldif_handlers.c === --- branches/SAMBA_4_0/source/lib/ldb/samba/ldif_handlers.c 2006-06-06 20:34:26 UTC (rev 16065) +++ branches/SAMBA_4_0/source/lib/ldb/samba/ldif_handlers.c 2006-06-06 22:04:55 UTC (rev 16066) @@ -1,8 +1,8 @@ /* ldb database library - ldif handlers for Samba - Copyright (C) Andrew Tridgell 2005 - + Copyright (C) Andrew Tridgell 2005 + Copyright (C) Andrew Bartlett 2006 ** NOTE! The following LGPL license applies to the ldb ** library. This does NOT imply that all of Samba is released ** under the LGPL @@ -275,6 +275,75 @@ return 0; } +/* + canonicolise an objectCategory. We use the short form as the cannoical form: + cn=Person,cn=Schema,cn=Configuration,basedn becomes 'person' +*/ + +static int ldif_canonicalise_objectCategory(struct ldb_context *ldb, void *mem_ctx, + const struct ldb_val *in, struct ldb_val *out) +{ + struct ldb_dn *dn1 = NULL; + const char *oc1; + + dn1 = ldb_dn_explode(mem_ctx, (char *)in-data); + if (dn1 == NULL) { + oc1 = talloc_strndup(mem_ctx, in-data, in-length); + } else if (dn1-comp_num = 1 strcasecmp(dn1-components[0].name, cn) == 0) { + oc1 = talloc_strndup(mem_ctx, dn1-components[0].value.data, +dn1-components[0].value.length); + } else { + return -1; + } + + oc1 = ldb_casefold(ldb, mem_ctx, oc1); + out-data = oc1; + out-length = strlen(oc1); + return 0; +} + +static int ldif_comparison_objectCategory(struct ldb_context *ldb, void *mem_ctx, + const struct ldb_val *v1, + const struct ldb_val *v2) +{ + struct ldb_dn *dn1 = NULL, *dn2 = NULL; + const char *oc1, *oc2; + + dn1 = ldb_dn_explode(mem_ctx, (char *)v1-data); + if (dn1 == NULL) { + oc1 = talloc_strndup(mem_ctx, v1-data, v1-length); + } else if (dn1-comp_num = 1 strcasecmp(dn1-components[0].name, cn) == 0) { + oc1 = talloc_strndup(mem_ctx, dn1-components[0].value.data, +dn1-components[0].value.length); + } else { + oc1 = NULL; + } + + dn2 = ldb_dn_explode(mem_ctx, (char *)v2-data); + if (dn2 == NULL) { + oc2 = talloc_strndup(mem_ctx, v2-data, v2-length); + } else if (dn2-comp_num = 2 strcasecmp(dn2-components[0].name
svn commit: samba r16067 - in branches/SAMBA_4_0/source/lib/ldb/samba: .
Author: abartlet Date: 2006-06-06 22:10:52 + (Tue, 06 Jun 2006) New Revision: 16067 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=16067 Log: Remove const, it isn't required and just causes a warning. Andrew Bartlett Modified: branches/SAMBA_4_0/source/lib/ldb/samba/ldif_handlers.c Changeset: Modified: branches/SAMBA_4_0/source/lib/ldb/samba/ldif_handlers.c === --- branches/SAMBA_4_0/source/lib/ldb/samba/ldif_handlers.c 2006-06-06 22:04:55 UTC (rev 16066) +++ branches/SAMBA_4_0/source/lib/ldb/samba/ldif_handlers.c 2006-06-06 22:10:52 UTC (rev 16067) @@ -284,7 +284,7 @@ const struct ldb_val *in, struct ldb_val *out) { struct ldb_dn *dn1 = NULL; - const char *oc1; + char *oc1; dn1 = ldb_dn_explode(mem_ctx, (char *)in-data); if (dn1 == NULL) {
svn commit: samba r16068 - in branches/SAMBA_4_0/testprogs/ejs: .
Author: abartlet Date: 2006-06-06 22:31:20 + (Tue, 06 Jun 2006) New Revision: 16068 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=16068 Log: Check against the correct result in the ldap.js test Andrew Bartlett Modified: branches/SAMBA_4_0/testprogs/ejs/ldap.js Changeset: Modified: branches/SAMBA_4_0/testprogs/ejs/ldap.js === --- branches/SAMBA_4_0/testprogs/ejs/ldap.js2006-06-06 22:10:52 UTC (rev 16067) +++ branches/SAMBA_4_0/testprogs/ejs/ldap.js2006-06-06 22:31:20 UTC (rev 16068) @@ -160,9 +160,9 @@ println(Testing ldb.search for ((cn=ldaptestuser)(objectCategory=cn=person,cn=schema,cn=configuration, + base_dn + ))); var res2 = ldb.search(((cn=ldaptestuser)(objectCategory=cn=person,cn=schema,cn=configuration, + base_dn + ))); - if (res.length != 1) { + if (res2.length != 1) { println(Could not find ((cn=ldaptestuser)(objectCategory=cn=person,cn=schema,cn=configuration, + base_dn + ))); - assert(res.length == 1); + assert(res2.length == 1); } assert(res[0].dn == res2[0].dn);
svn commit: samba r16069 - in branches/SAMBA_4_0/source/dsdb/samdb/ldb_modules: .
Author: abartlet Date: 2006-06-06 22:32:24 + (Tue, 06 Jun 2006) New Revision: 16069 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=16069 Log: Remove unused destructor and an unused variable. Andrew Bartlett Modified: branches/SAMBA_4_0/source/dsdb/samdb/ldb_modules/samldb.c Changeset: Modified: branches/SAMBA_4_0/source/dsdb/samdb/ldb_modules/samldb.c === --- branches/SAMBA_4_0/source/dsdb/samdb/ldb_modules/samldb.c 2006-06-06 22:31:20 UTC (rev 16068) +++ branches/SAMBA_4_0/source/dsdb/samdb/ldb_modules/samldb.c 2006-06-06 22:32:24 UTC (rev 16069) @@ -108,7 +108,6 @@ static BOOL samldb_find_or_add_attribute(struct ldb_module *module, struct ldb_message *msg, const char *name, const char *set_value) { - int j; struct ldb_message_element *el; if (msg == NULL || name == NULL || set_value == NULL) { @@ -857,16 +856,8 @@ return ret; } -static int samldb_destructor(void *module_ctx) -{ - /* struct ldb_module *ctx = module_ctx; */ - /* put your clean-up functions here */ - return 0; -} - static int samldb_init(struct ldb_module *module) { - talloc_set_destructor(module, samldb_destructor); return ldb_next_init(module); }
svn commit: samba r16072 - in branches/SAMBA_4_0/testprogs/ejs: .
Author: abartlet Date: 2006-06-07 04:16:02 + (Wed, 07 Jun 2006) New Revision: 16072 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=16072 Log: Do basic wildcard searching in the ejs LDAP test. Unfortunetly this didn't find the wildcard bug, but at least it tests something... Andrew Bartlett Modified: branches/SAMBA_4_0/testprogs/ejs/ldap.js Changeset: Modified: branches/SAMBA_4_0/testprogs/ejs/ldap.js === --- branches/SAMBA_4_0/testprogs/ejs/ldap.js2006-06-07 00:55:48 UTC (rev 16071) +++ branches/SAMBA_4_0/testprogs/ejs/ldap.js2006-06-07 04:16:02 UTC (rev 16072) @@ -219,6 +219,33 @@ assert(res[0].dn == res3[0].dn); + println(Testing ldb.search for ((cn=ldaptest*computer)(objectCategory=compuTER))); + var res4 = ldb.search(((cn=ldaptest*computer)(objectCategory=compuTER))); + if (res4.length != 1) { + println(Could not find ((cn=ldaptest*computer)(objectCategory=compuTER))); + assert(res4.length == 1); + } + + assert(res[0].dn == res4[0].dn); + + println(Testing ldb.search for ((cn=ldaptestcomput*)(objectCategory=compuTER))); + var res5 = ldb.search(((cn=ldaptestcomput*)(objectCategory=compuTER))); + if (res5.length != 1) { + println(Could not find ((cn=ldaptestcomput*)(objectCategory=compuTER))); + assert(res5.length == 1); + } + + assert(res[0].dn == res5[0].dn); + + println(Testing ldb.search for ((cn=*daptestcomputer)(objectCategory=compuTER))); + var res6 = ldb.search(((cn=*daptestcomputer)(objectCategory=compuTER))); + if (res6.length != 1) { + println(Could not find ((cn=*daptestcomputer)(objectCategory=compuTER))); + assert(res6.length == 1); + } + + assert(res[0].dn == res6[0].dn); + ok = ldb.del(res[0].dn); if (!ok) { println(ldb.errstring());
svn commit: samba r16073 - in branches/SAMBA_4_0/source/libcli/ldap: .
Author: abartlet Date: 2006-06-07 04:23:42 + (Wed, 07 Jun 2006) New Revision: 16073 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=16073 Log: On an incoming wildcard search, it is critical that the size be correct, or we try and do a memcmp on the trailing '\0'. This happens because we now use memcmp for the prefix matching. I just wish I had a test other than a particular invocation of the OSX client. (I've tried and failed so far) Andrew Bartlett Modified: branches/SAMBA_4_0/source/libcli/ldap/ldap.c Changeset: Modified: branches/SAMBA_4_0/source/libcli/ldap/ldap.c === --- branches/SAMBA_4_0/source/libcli/ldap/ldap.c2006-06-07 04:16:02 UTC (rev 16072) +++ branches/SAMBA_4_0/source/libcli/ldap/ldap.c2006-06-07 04:23:42 UTC (rev 16073) @@ -548,9 +548,9 @@ if (chunks[chunk_num]-data == NULL) { return NULL; } - chunks[chunk_num]-length = strlen(value) + 1; + chunks[chunk_num]-length = strlen(value); - chunks[chunk_num + 1] = NULL; + chunks[chunk_num + 1] = '\0'; return chunks; }
svn commit: samba r16051 - in branches/SAMBA_4_0/source: . lib/util ntvfs/posix utils
Author: abartlet Date: 2006-06-05 21:48:29 + (Mon, 05 Jun 2006) New Revision: 16051 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=16051 Log: Move the XATTR compatability code into a new file, so I can use it for the getntacl utility. Andrew Bartlett Added: branches/SAMBA_4_0/source/lib/util/wrap_xattr.c branches/SAMBA_4_0/source/lib/util/wrap_xattr.h Modified: branches/SAMBA_4_0/source/configure.ac branches/SAMBA_4_0/source/lib/util/config.mk branches/SAMBA_4_0/source/ntvfs/posix/config.m4 branches/SAMBA_4_0/source/ntvfs/posix/config.mk branches/SAMBA_4_0/source/ntvfs/posix/xattr_system.c branches/SAMBA_4_0/source/utils/config.mk branches/SAMBA_4_0/source/utils/getntacl.c Changeset: Modified: branches/SAMBA_4_0/source/configure.ac === --- branches/SAMBA_4_0/source/configure.ac 2006-06-05 20:38:21 UTC (rev 16050) +++ branches/SAMBA_4_0/source/configure.ac 2006-06-05 21:48:29 UTC (rev 16051) @@ -22,6 +22,7 @@ sinclude(lib/util/signal.m4) sinclude(lib/util/util.m4) sinclude(lib/util/fsusage.m4) +sinclude(lib/util/xattr.m4) sinclude(lib/util/capability.m4) sinclude(lib/util/time.m4) sinclude(lib/popt/config.m4) Modified: branches/SAMBA_4_0/source/lib/util/config.mk === --- branches/SAMBA_4_0/source/lib/util/config.mk2006-06-05 20:38:21 UTC (rev 16050) +++ branches/SAMBA_4_0/source/lib/util/config.mk2006-06-05 21:48:29 UTC (rev 16051) @@ -39,3 +39,14 @@ [SUBSYSTEM::UNIX_PRIVS] PRIVATE_PROTO_HEADER = unix_privs.h OBJ_FILES = unix_privs.o + + +# Start SUBSYSTEM WRAP_XATTR +[SUBSYSTEM::WRAP_XATTR] +PUBLIC_PROTO_HEADER = wrap_xattr.h +OBJ_FILES = \ + wrap_xattr.o +PUBLIC_DEPENDENCIES = XATTR +# +# End SUBSYSTEM WRAP_XATTR + Added: branches/SAMBA_4_0/source/lib/util/wrap_xattr.c === --- branches/SAMBA_4_0/source/lib/util/wrap_xattr.c 2006-06-05 20:38:21 UTC (rev 16050) +++ branches/SAMBA_4_0/source/lib/util/wrap_xattr.c 2006-06-05 21:48:29 UTC (rev 16051) @@ -0,0 +1,121 @@ +/* + Unix SMB/CIFS implementation. + + POSIX NTVFS backend - xattr support using filesystem xattrs + + Copyright (C) Andrew Tridgell 2004 + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 2 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. +*/ + +#include includes.h +#include system/filesys.h +#include wrap_xattr.h + +#if defined(HAVE_XATTR_SUPPORT) defined(XATTR_ADDITIONAL_OPTIONS) +static ssize_t _wrap_darwin_fgetxattr(int fd, const char *name, void *value, size_t size) +{ + return fgetxattr(fd, name, value, size, 0, 0); +} +static ssize_t _wrap_darwin_getxattr(const char *path, const char *name, void *value, size_t size) +{ + return getxattr(path, name, value, size, 0, 0); +} +static int _wrap_darwin_fsetxattr(int fd, const char *name, void *value, size_t size, int flags) +{ + return fsetxattr(fd, name, value, size, 0, flags); +} +static int _wrap_darwin_setxattr(const char *path, const char *name, void *value, size_t size, int flags) +{ + return setxattr(path, name, value, size, 0, flags); +} +static int _wrap_darwin_fremovexattr(int fd, const char *name) +{ + return fremovexattr(fd, name, 0); +} +static int _wrap_darwin_removexattr(const char *path, const char *name) +{ + return removexattr(path, name, 0); +} +#define fgetxattr _wrap_darwin_fgetxattr +#define getxattr _wrap_darwin_getxattr +#define fsetxattr _wrap_darwin_fsetxattr +#define setxattr _wrap_darwin_setxattr +#define fremovexattr _wrap_darwin_fremovexattr +#define removexattr_wrap_darwin_removexattr +#elif !defined(HAVE_XATTR_SUPPORT) +static ssize_t _none_fgetxattr(int fd, const char *name, void *value, size_t size) +{ + errno = ENOSYS; + return -1; +} +static ssize_t _none_getxattr(const char *path, const char *name, void *value, size_t size) +{ + errno = ENOSYS; + return -1; +} +static int _none_fsetxattr(int fd, const char *name, void *value, size_t size, int flags) +{ + errno = ENOSYS; + return -1; +} +static int _none_setxattr(const char *path
svn commit: samba r16052 - in branches/SAMBA_4_0/source/lib/util: .
Author: abartlet Date: 2006-06-05 21:51:10 + (Mon, 05 Jun 2006) New Revision: 16052 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=16052 Log: Add .m4 file for XATTR detection (from ntvfs/posix/config.m4) Andrew Bartlett Added: branches/SAMBA_4_0/source/lib/util/xattr.m4 Changeset: Added: branches/SAMBA_4_0/source/lib/util/xattr.m4 === --- branches/SAMBA_4_0/source/lib/util/xattr.m4 2006-06-05 21:48:29 UTC (rev 16051) +++ branches/SAMBA_4_0/source/lib/util/xattr.m4 2006-06-05 21:51:10 UTC (rev 16052) @@ -0,0 +1,32 @@ +dnl +dnl use flistxattr as the key function for having +dnl sufficient xattr support for posix xattr backend +AC_CHECK_HEADERS(sys/attributes.h attr/xattr.h sys/xattr.h) +AC_SEARCH_LIBS_EXT(flistxattr, [attr], XATTR_LIBS) +AC_CHECK_FUNC_EXT(flistxattr, $XATTR_LIBS) +SMB_EXT_LIB(XATTR,[${XATTR_LIBS}],[${XATTR_CFLAGS}],[${XATTR_CPPFLAGS}],[${XATTR_LDFLAGS}]) +if test x$ac_cv_func_ext_flistxattr = xyes; then + AC_CACHE_CHECK([whether xattr interface takes additional options], smb_attr_cv_xattr_add_opt, + [old_LIBS=$LIBS +LIBS=$LIBS $XATTRLIBS +AC_TRY_COMPILE([ + #include sys/types.h + #if HAVE_ATTR_XATTR_H + #include attr/xattr.h + #elif HAVE_SYS_XATTR_H + #include sys/xattr.h + #endif + #ifndef NULL + #define NULL ((void *)0) + #endif + ],[ + getxattr(NULL, NULL, NULL, 0, 0, 0); + ],smb_attr_cv_xattr_add_opt=yes,smb_attr_cv_xattr_add_opt=no) + LIBS=$old_LIBS]) + if test x$smb_attr_cv_xattr_add_opt = xyes; then + AC_DEFINE(XATTR_ADDITIONAL_OPTIONS, 1, [xattr functions have additional options]) + fi + AC_DEFINE(HAVE_XATTR_SUPPORT,1,[Whether we have xattr support]) + SMB_ENABLE(XATTR,YES) +fi +
svn commit: samba r16053 - in branches/SAMBA_4_0/source/lib/ldb/modules: .
Author: abartlet Date: 2006-06-05 23:22:22 + (Mon, 05 Jun 2006) New Revision: 16053 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=16053 Log: Allow entries without an objectClass. We need this to permit the cn=rootDSE entry. (it was also crashing, as 'ac' wasn't initialised at this point) Andrew Bartlett Modified: branches/SAMBA_4_0/source/lib/ldb/modules/objectclass.c Changeset: Modified: branches/SAMBA_4_0/source/lib/ldb/modules/objectclass.c === --- branches/SAMBA_4_0/source/lib/ldb/modules/objectclass.c 2006-06-05 21:51:10 UTC (rev 16052) +++ branches/SAMBA_4_0/source/lib/ldb/modules/objectclass.c 2006-06-05 23:22:22 UTC (rev 16053) @@ -96,12 +96,10 @@ objectClassAttr = ldb_msg_find_element(req-op.add.message, objectClass); - /* If no part of this touches the objectClass, then we don't -* need to make any changes. */ - /* If the only operation is the deletion of the objectClass then go on */ + /* If no part of this add has an objectClass, then we don't +* need to make any changes. cn=rootdse doesn't have an objectClass */ if (!objectClassAttr) { - ldb_set_errstring(module-ldb, talloc_asprintf(ac, Object class violation: no objectClass present)); - return LDB_ERR_OBJECT_CLASS_VIOLATION; + return ldb_next_request(module, req); } h = oc_init_handle(req, module);
svn commit: samba r16056 - in branches/SAMBA_4_0/source: auth/gensec heimdal/lib/hdb kdc
Author: abartlet Date: 2006-06-06 04:50:14 + (Tue, 06 Jun 2006) New Revision: 16056 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=16056 Log: Fix errors found by trying to use our kpasswd server and the Apple client. Andrew Bartlett Modified: branches/SAMBA_4_0/source/auth/gensec/gensec_krb5.c branches/SAMBA_4_0/source/heimdal/lib/hdb/keytab.c branches/SAMBA_4_0/source/kdc/hdb-ldb.c Changeset: Modified: branches/SAMBA_4_0/source/auth/gensec/gensec_krb5.c === --- branches/SAMBA_4_0/source/auth/gensec/gensec_krb5.c 2006-06-06 03:19:15 UTC (rev 16055) +++ branches/SAMBA_4_0/source/auth/gensec/gensec_krb5.c 2006-06-06 04:50:14 UTC (rev 16056) @@ -151,7 +151,7 @@ } } - peer_addr = gensec_get_my_addr(gensec_security); + peer_addr = gensec_get_peer_addr(gensec_security); if (peer_addr peer_addr-sockaddr) { ret = krb5_sockaddr2address(gensec_krb5_state-smb_krb5_context-krb5_context, peer_addr-sockaddr, peer_krb5_addr); Modified: branches/SAMBA_4_0/source/heimdal/lib/hdb/keytab.c === --- branches/SAMBA_4_0/source/heimdal/lib/hdb/keytab.c 2006-06-06 03:19:15 UTC (rev 16055) +++ branches/SAMBA_4_0/source/heimdal/lib/hdb/keytab.c 2006-06-06 04:50:14 UTC (rev 16056) @@ -218,7 +218,7 @@ (*db-hdb_destroy)(context, db); return ret; } -ret = (*db-hdb_fetch)(context, db, principal, HDB_F_DECRYPT, ent); +ret = (*db-hdb_fetch)(context, db, principal, HDB_F_DECRYPT|HDB_F_GET_CLIENT|HDB_F_GET_SERVER, ent); /* Shutdown the hdb on error */ Modified: branches/SAMBA_4_0/source/kdc/hdb-ldb.c === --- branches/SAMBA_4_0/source/kdc/hdb-ldb.c 2006-06-06 03:19:15 UTC (rev 16055) +++ branches/SAMBA_4_0/source/kdc/hdb-ldb.c 2006-06-06 04:50:14 UTC (rev 16056) @@ -611,13 +611,10 @@ msg, realm_ref_msg); free(principal_string); if (NT_STATUS_EQUAL(nt_status, NT_STATUS_NO_SUCH_USER)) { - talloc_free(mem_ctx); return HDB_ERR_NOENTRY; } else if (NT_STATUS_EQUAL(nt_status, NT_STATUS_NO_MEMORY)) { - talloc_free(mem_ctx); return ENOMEM; } else if (!NT_STATUS_IS_OK(nt_status)) { - talloc_free(mem_ctx); return EINVAL; } @@ -788,7 +785,7 @@ unsigned flags, hdb_entry_ex *entry_ex) { - krb5_error_code ret; + krb5_error_code ret = HDB_ERR_NOENTRY; TALLOC_CTX *mem_ctx = talloc_named(db, 0, LDB_fetch context);
svn commit: lorikeet r555 - in trunk/heimdal/lib/hdb: .
Author: abartlet Date: 2006-06-06 04:52:31 + (Tue, 06 Jun 2006) New Revision: 555 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=lorikeetrev=555 Log: Merge fix for missing hdb flags from Samba4. Andrew Bartlett Modified: trunk/heimdal/lib/hdb/keytab.c Changeset: Modified: trunk/heimdal/lib/hdb/keytab.c === --- trunk/heimdal/lib/hdb/keytab.c 2006-06-02 15:15:03 UTC (rev 554) +++ trunk/heimdal/lib/hdb/keytab.c 2006-06-06 04:52:31 UTC (rev 555) @@ -218,7 +218,7 @@ (*db-hdb_destroy)(context, db); return ret; } -ret = (*db-hdb_fetch)(context, db, principal, HDB_F_DECRYPT, ent); +ret = (*db-hdb_fetch)(context, db, principal, HDB_F_DECRYPT|HDB_F_GET_CLIENT|HDB_F_GET_SERVER, ent); /* Shutdown the hdb on error */
svn commit: samba r16028 - in branches/SAMBA_4_0: source/lib/ldb source/lib/ldb/modules source/setup testprogs/ejs
Author: abartlet Date: 2006-06-03 11:57:20 + (Sat, 03 Jun 2006) New Revision: 16028 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=16028 Log: Re-add the objectclass module, in the new async scheme. Add a test to show that we need this, and to prove it works (for add at least). Andrew Bartlett Modified: branches/SAMBA_4_0/source/lib/ldb/config.mk branches/SAMBA_4_0/source/lib/ldb/modules/objectclass.c branches/SAMBA_4_0/source/setup/provision_init.ldif branches/SAMBA_4_0/testprogs/ejs/ldap.js Changeset: Sorry, the patch is too large (789 lines) to include; please use WebSVN to see it! WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=16028
svn commit: samba r16007 - in branches/SAMBA_4_0/source/lib/ldb/common: .
Author: abartlet Date: 2006-06-02 14:33:57 + (Fri, 02 Jun 2006) New Revision: 16007 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=16007 Log: If no error string was setup by the backend, ensure that we always get at least a generic error, even when inside a transaction. This helps debugging ldb/js interactions a lot... Andrew Bartlett Modified: branches/SAMBA_4_0/source/lib/ldb/common/ldb.c Changeset: Modified: branches/SAMBA_4_0/source/lib/ldb/common/ldb.c === --- branches/SAMBA_4_0/source/lib/ldb/common/ldb.c 2006-06-02 14:26:15 UTC (rev 16006) +++ branches/SAMBA_4_0/source/lib/ldb/common/ldb.c 2006-06-02 14:33:57 UTC (rev 16007) @@ -265,7 +265,8 @@ if (ldb-err_string == NULL) { /* no error string was setup by the backend */ ldb_set_errstring(ldb, - talloc_asprintf(ldb, ldb error %d, status)); + talloc_asprintf(ldb, %s (%d), + ldb_strerror(status), status)); } ldb_transaction_cancel(ldb); return status; @@ -463,6 +464,13 @@ return ldb_op_finish(ldb, ret); } + if (ldb-err_string == NULL) { + /* no error string was setup by the backend */ + ldb_set_errstring(ldb, + talloc_asprintf(ldb, %s (%d), + ldb_strerror(ret), ret)); + } + return ret; }
svn commit: lorikeet r543 - in trunk/heimdal/lib/krb5: .
Author: abartlet Date: 2006-05-08 06:31:54 + (Mon, 08 May 2006) New Revision: 543 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=lorikeetrev=543 Log: Another missing file... Andrew Bartlett Added: trunk/heimdal/lib/krb5/test_store.c Changeset: Sorry, the patch is too large (257 lines) to include; please use WebSVN to see it! WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=lorikeetrev=543
svn commit: samba r15510 - in branches/SAMBA_4_0/source: . lib script
Author: abartlet Date: 2006-05-08 08:27:22 + (Mon, 08 May 2006) New Revision: 15510 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=15510 Log: As discussed on samba-technical, move the VERSION system back to a #define based system only. This avoids allocation in the fault code. Andrew Bartlett Modified: branches/SAMBA_4_0/source/VERSION branches/SAMBA_4_0/source/lib/version.c branches/SAMBA_4_0/source/script/mkversion.sh Changeset: Modified: branches/SAMBA_4_0/source/VERSION === --- branches/SAMBA_4_0/source/VERSION 2006-05-08 03:28:26 UTC (rev 15509) +++ branches/SAMBA_4_0/source/VERSION 2006-05-08 08:27:22 UTC (rev 15510) @@ -74,7 +74,7 @@ # in the development BRANCH, and set to 'no' only in # # the SAMBA_X_X_RELEASE BRANCH # # # -# MAJOR.MINOR.RELEASE[...]cvs# +# MAJOR.MINOR.RELEASE[...]-SVN-build-xxx # # # # e.g. SAMBA_VERSION_IS_SVN_SNAPSHOT=yes # # - 3.0.0-SVN-build-199 # @@ -84,7 +84,7 @@ # This is for specifying a release nickname# # # -# e.g. SAMBA_VERSION_RELEASE_NICKNAME=Nicky Nickname # +# e.g. SAMBA_VERSION_RELEASE_NICKNAME=Nicky Nickname # # smbd --version will then give: # # - 4.0.0-tp1-VendorVersion (Nicky Nickname) # @@ -99,21 +99,9 @@ # # # Note the '-' is automaticaly added # # # -# e.g. SAMBA_VERSION_VENDOR_SUFFIX=VendorVersion # +# e.g. SAMBA_VERSION_VENDOR_SUFFIX=VendorVersion # # - CVS 3.0.0rc2-VendorVersion# # # -# Note: If you want to use a function, # -# then patch lib/version.c and add this function # -# there, because the symbol must be available in # -# binary.# -# # -# const char *vendor_version(void) # -# {# -# return VendorVersion;# -# }# -# # -# e.g. SAMBA_VERSION_VENDOR_SUFFIX=vendor_version()# -# - CVS 3.0.0rc2-VendorVersion# SAMBA_VERSION_VENDOR_SUFFIX= SAMBA_VERSION_VENDOR_PATCH= Modified: branches/SAMBA_4_0/source/lib/version.c === --- branches/SAMBA_4_0/source/lib/version.c 2006-05-08 03:28:26 UTC (rev 15509) +++ branches/SAMBA_4_0/source/lib/version.c 2006-05-08 08:27:22 UTC (rev 15510) @@ -24,40 +24,5 @@ const char *samba_version_string(void) { - const char *official_string = SAMBA_VERSION_OFFICIAL_STRING; -#ifdef SAMBA_VERSION_RELEASE_NICKNAME - const char *release_nickname = SAMBA_VERSION_RELEASE_NICKNAME; -#else - const char *release_nickname = NULL; -#endif -#ifdef SAMBA_VERSION_VENDOR_SUFFIX - const char *vendor_suffix = SAMBA_VERSION_VENDOR_SUFFIX; -#else - const char *vendor_suffix = NULL; -#endif -#ifdef SAMBA_VERSION_VENDOR_PATCH - const char *vendor_patch = SAMBA_VERSION_VENDOR_PATCH; -#else - const char *vendor_patch = NULL; -#endif - static char *samba_version; - static BOOL init_samba_version; - - if (init_samba_version) { - return samba_version; - } - - samba_version = talloc_asprintf(talloc_autofree_context(), - %s%s%s%s%s%s%s%s, - official_string, - (vendor_suffix?-:), - (vendor_suffix?vendor_suffix:), - (vendor_patch?-:), - (vendor_patch?vendor_patch:), - (release_nickname? (:), - (release_nickname?release_nickname:), - (release_nickname?):)); - - init_samba_version = True; - return samba_version; + return SAMBA_VERSION_STRING; } Modified: branches/SAMBA_4_0/source/script/mkversion.sh === --- branches/SAMBA_4_0/source/script/mkversion.sh 2006-05-08 03:28:26 UTC (rev 15509) +++ branches/SAMBA_4_0/source/script
svn commit: samba r15511 - in branches/SAMBA_4_0/source: auth/kerberos dsdb/samdb/ldb_modules include
Author: abartlet Date: 2006-05-08 09:24:07 + (Mon, 08 May 2006) New Revision: 15511 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=15511 Log: Using this name causes less warnings on the IBM checker, due to using the original, rather than equivilant, enum type. Andrew Bartlett Modified: branches/SAMBA_4_0/source/auth/kerberos/kerberos_util.c branches/SAMBA_4_0/source/dsdb/samdb/ldb_modules/password_hash.c branches/SAMBA_4_0/source/include/ads.h Changeset: Modified: branches/SAMBA_4_0/source/auth/kerberos/kerberos_util.c === --- branches/SAMBA_4_0/source/auth/kerberos/kerberos_util.c 2006-05-08 08:27:22 UTC (rev 15510) +++ branches/SAMBA_4_0/source/auth/kerberos/kerberos_util.c 2006-05-08 09:24:07 UTC (rev 15511) @@ -181,7 +181,7 @@ return EINVAL; } ret = krb5_keyblock_init(smb_krb5_context-krb5_context, -ENCTYPE_ARCFOUR_HMAC, +ETYPE_ARCFOUR_HMAC_MD5, mach_pwd-hash, sizeof(mach_pwd-hash), keyblock); @@ -410,7 +410,7 @@ return EINVAL; } ret = krb5_keyblock_init(smb_krb5_context-krb5_context, -ENCTYPE_ARCFOUR_HMAC, +ETYPE_ARCFOUR_HMAC_MD5, mach_pwd-hash, sizeof(mach_pwd-hash), entry.keyblock); if (ret) { @@ -434,7 +434,9 @@ return ret; } - krb5_enctype_to_string(smb_krb5_context-krb5_context, ENCTYPE_ARCFOUR_HMAC, enctype_string); + krb5_enctype_to_string(smb_krb5_context-krb5_context, + ETYPE_ARCFOUR_HMAC_MD5, + enctype_string); DEBUG(5, (Added %s(kvno %d) to keytab (%s)\n, cli_credentials_get_principal(machine_account, mem_ctx), cli_credentials_get_kvno(machine_account), Modified: branches/SAMBA_4_0/source/dsdb/samdb/ldb_modules/password_hash.c === --- branches/SAMBA_4_0/source/dsdb/samdb/ldb_modules/password_hash.c 2006-05-08 08:27:22 UTC (rev 15510) +++ branches/SAMBA_4_0/source/dsdb/samdb/ldb_modules/password_hash.c 2006-05-08 09:24:07 UTC (rev 15511) @@ -491,7 +491,7 @@ size_t len; struct ldb_val val; - if (keys[i].key.keytype == ENCTYPE_ARCFOUR_HMAC) { + if (keys[i].key.keytype == ETYPE_ARCFOUR_HMAC_MD5) { /* We might end up doing this below: * This ensures we get the unicode * conversion right. This should also @@ -548,9 +548,9 @@ key.salt = NULL; /* No salt for this enc type */ krb5_ret = krb5_keyblock_init(smb_krb5_context-krb5_context, -ENCTYPE_ARCFOUR_HMAC, -ntPwdHash-hash, sizeof(ntPwdHash-hash), -key.key); + ETYPE_ARCFOUR_HMAC_MD5, + ntPwdHash-hash, sizeof(ntPwdHash-hash), + key.key); if (krb5_ret) { return LDB_ERR_OPERATIONS_ERROR; } Modified: branches/SAMBA_4_0/source/include/ads.h === --- branches/SAMBA_4_0/source/include/ads.h 2006-05-08 08:27:22 UTC (rev 15510) +++ branches/SAMBA_4_0/source/include/ads.h 2006-05-08 09:24:07 UTC (rev 15511) @@ -197,11 +197,6 @@ /* Kerberos environment variable names */ #define KRB5_ENV_CCNAME KRB5CCNAME -/* Heimdal uses a slightly different name */ -#if defined(HAVE_ENCTYPE_ARCFOUR_HMAC_MD5) -#define ENCTYPE_ARCFOUR_HMAC ENCTYPE_ARCFOUR_HMAC_MD5 -#endif - #define INSTANCE_TYPE_IS_NC_HEAD 0x0001 #define INSTANCE_TYPE_UNINSTANT0x0002 #define INSTANCE_TYPE_WRITE0x0004
svn commit: lorikeet r544 - in trunk/heimdal/lib/hx509: .
Author: abartlet Date: 2006-05-08 15:09:43 + (Mon, 08 May 2006) New Revision: 544 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=lorikeetrev=544 Log: Don't double-free in case of low system entropy. Andrew Bartlett Modified: trunk/heimdal/lib/hx509/crypto.c Changeset: Modified: trunk/heimdal/lib/hx509/crypto.c === --- trunk/heimdal/lib/hx509/crypto.c2006-05-08 06:31:54 UTC (rev 543) +++ trunk/heimdal/lib/hx509/crypto.c2006-05-08 15:09:43 UTC (rev 544) @@ -1443,6 +1443,7 @@ if (crypto-key.data) { free(crypto-key.data); + crypto-key.data = NULL; crypto-key.length = 0; } crypto-key.data = malloc(length); @@ -1470,6 +1471,7 @@ } if (RAND_bytes(crypto-key.data, crypto-key.length) = 0) { free(crypto-key.data); + crypto-key.data = NULL; crypto-key.length = 0; return HX509_CRYPTO_INTERNAL_ERROR; }
svn commit: lorikeet r545 - in trunk/heimdal/lib/hx509: .
Author: abartlet Date: 2006-05-08 18:52:36 + (Mon, 08 May 2006) New Revision: 545 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=lorikeetrev=545 Log: Another fix for the low-entropy failure case. Andrew Bartlett Modified: trunk/heimdal/lib/hx509/crypto.c Changeset: Modified: trunk/heimdal/lib/hx509/crypto.c === --- trunk/heimdal/lib/hx509/crypto.c2006-05-08 15:09:43 UTC (rev 544) +++ trunk/heimdal/lib/hx509/crypto.c2006-05-08 18:52:36 UTC (rev 545) @@ -32,7 +32,7 @@ */ #include hx_locl.h -RCSID($Id: crypto.c,v 1.37 2006/05/02 10:40:53 lha Exp $); +RCSID($Id: crypto.c,v 1.38 2006/05/08 16:46:31 lha Exp $); struct hx509_crypto; @@ -1577,7 +1577,7 @@ free(ivec-data); memset(ivec, 0, sizeof(*ivec)); } - if (ciphertext) { + if (*ciphertext) { if ((*ciphertext)-data) { free((*ciphertext)-data); }
svn commit: lorikeet r546 - in trunk/heimdal: . kadmin lib/des lib/gssapi lib/hdb lib/hx509 lib/hx509/data lib/kadm5 lib/krb5 lib/otp tests/kdc
Author: abartlet Date: 2006-05-08 23:01:40 + (Mon, 08 May 2006) New Revision: 546 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=lorikeetrev=546 Log: Update to current Heimdal CVS, as of 2006-05-09. Andrew Bartlett Modified: trunk/heimdal/ChangeLog trunk/heimdal/configure.in trunk/heimdal/kadmin/server.c trunk/heimdal/lib/des/ChangeLog trunk/heimdal/lib/des/Makefile.am trunk/heimdal/lib/des/dh-imath.c trunk/heimdal/lib/des/dh.c trunk/heimdal/lib/des/dsa.c trunk/heimdal/lib/des/engine.c trunk/heimdal/lib/des/rand.c trunk/heimdal/lib/des/rc2test.c trunk/heimdal/lib/des/rctest.c trunk/heimdal/lib/des/rsa.c trunk/heimdal/lib/des/rsa.h trunk/heimdal/lib/des/test_engine_dso.c trunk/heimdal/lib/gssapi/8003.c trunk/heimdal/lib/gssapi/accept_sec_context.c trunk/heimdal/lib/gssapi/get_mic.c trunk/heimdal/lib/hdb/hdb-ldap.c trunk/heimdal/lib/hx509/ChangeLog trunk/heimdal/lib/hx509/crypto.c trunk/heimdal/lib/hx509/data/crl1.der trunk/heimdal/lib/hx509/data/kdc.crt trunk/heimdal/lib/hx509/data/kdc.key trunk/heimdal/lib/hx509/data/ocsp-req1.der trunk/heimdal/lib/hx509/data/ocsp-req2.der trunk/heimdal/lib/hx509/data/ocsp-resp1-ca.der trunk/heimdal/lib/hx509/data/ocsp-resp1-keyhash.der trunk/heimdal/lib/hx509/data/ocsp-resp1-ocsp-no-cert.der trunk/heimdal/lib/hx509/data/ocsp-resp1-ocsp.der trunk/heimdal/lib/hx509/data/ocsp-resp2.der trunk/heimdal/lib/hx509/data/openssl.cnf trunk/heimdal/lib/hx509/data/pkinit.crt trunk/heimdal/lib/hx509/data/pkinit.key trunk/heimdal/lib/hx509/data/sub-cert.p12 trunk/heimdal/lib/hx509/data/test-enveloped-aes-128 trunk/heimdal/lib/hx509/data/test-enveloped-aes-256 trunk/heimdal/lib/hx509/data/test-enveloped-des trunk/heimdal/lib/hx509/data/test-enveloped-des-ede3 trunk/heimdal/lib/hx509/data/test-enveloped-rc2-128 trunk/heimdal/lib/hx509/data/test-enveloped-rc2-40 trunk/heimdal/lib/hx509/data/test-enveloped-rc2-64 trunk/heimdal/lib/hx509/data/test-signed-data trunk/heimdal/lib/hx509/data/test-signed-data-noattr trunk/heimdal/lib/hx509/data/test-signed-data-noattr-nocerts trunk/heimdal/lib/hx509/data/test.p12 trunk/heimdal/lib/hx509/test_chain.in trunk/heimdal/lib/hx509/test_cms.in trunk/heimdal/lib/hx509/test_nist.in trunk/heimdal/lib/hx509/test_req.in trunk/heimdal/lib/kadm5/ChangeLog trunk/heimdal/lib/kadm5/chpass_s.c trunk/heimdal/lib/kadm5/privs_c.c trunk/heimdal/lib/kadm5/rename_s.c trunk/heimdal/lib/krb5/aes-test.c trunk/heimdal/lib/krb5/crypto.c trunk/heimdal/lib/krb5/pkinit.c trunk/heimdal/lib/otp/ChangeLog trunk/heimdal/lib/otp/otp_parse.c trunk/heimdal/tests/kdc/pki-mapping Changeset: Sorry, the patch is too large (1603 lines) to include; please use WebSVN to see it! WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=lorikeetrev=546
svn commit: samba r15515 - in branches/SAMBA_4_0/source/heimdal/lib: des gssapi krb5
Author: abartlet Date: 2006-05-08 23:30:40 + (Mon, 08 May 2006) New Revision: 15515 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=15515 Log: Syncronsise with current lorikeet-heimdal. Andrew Bartlett Modified: branches/SAMBA_4_0/source/heimdal/lib/des/rsa.h branches/SAMBA_4_0/source/heimdal/lib/gssapi/8003.c branches/SAMBA_4_0/source/heimdal/lib/gssapi/get_mic.c branches/SAMBA_4_0/source/heimdal/lib/krb5/crypto.c branches/SAMBA_4_0/source/heimdal/lib/krb5/pkinit.c Changeset: Modified: branches/SAMBA_4_0/source/heimdal/lib/des/rsa.h === --- branches/SAMBA_4_0/source/heimdal/lib/des/rsa.h 2006-05-08 13:10:23 UTC (rev 15514) +++ branches/SAMBA_4_0/source/heimdal/lib/des/rsa.h 2006-05-08 23:30:40 UTC (rev 15515) @@ -32,7 +32,7 @@ */ /* - * $Id: rsa.h,v 1.4 2006/04/16 19:38:23 lha Exp $ + * $Id: rsa.h,v 1.5 2006/05/07 11:34:02 lha Exp $ */ #ifndef _HEIM_RSA_H @@ -40,6 +40,7 @@ /* symbol renaming */ #define RSA_null_method hc_RSA_null_method +#define RSA_imath_method hc_RSA_imath_method #define RSA_new hc_RSA_new #define RSA_new_method hc_RSA_new_method #define RSA_free hc_RSA_free @@ -128,6 +129,7 @@ */ const RSA_METHOD *RSA_null_method(void); +const RSA_METHOD *RSA_imath_method(void); /* * Modified: branches/SAMBA_4_0/source/heimdal/lib/gssapi/8003.c === --- branches/SAMBA_4_0/source/heimdal/lib/gssapi/8003.c 2006-05-08 13:10:23 UTC (rev 15514) +++ branches/SAMBA_4_0/source/heimdal/lib/gssapi/8003.c 2006-05-08 23:30:40 UTC (rev 15515) @@ -184,14 +184,9 @@ *minor_status = 0; return GSS_S_BAD_BINDINGS; } - -if(cksum-cksumtype != CKSUMTYPE_GSSAPI) { - *minor_status = 0; - return GSS_S_BAD_BINDINGS; -} - + /* XXX should handle checksums 24 bytes */ -if(cksum-checksum.length 24) { +if(cksum-cksumtype != CKSUMTYPE_GSSAPI || cksum-checksum.length 24) { *minor_status = 0; return GSS_S_BAD_BINDINGS; } Modified: branches/SAMBA_4_0/source/heimdal/lib/gssapi/get_mic.c === --- branches/SAMBA_4_0/source/heimdal/lib/gssapi/get_mic.c 2006-05-08 13:10:23 UTC (rev 15514) +++ branches/SAMBA_4_0/source/heimdal/lib/gssapi/get_mic.c 2006-05-08 23:30:40 UTC (rev 15515) @@ -33,7 +33,7 @@ #include gssapi_locl.h -RCSID($Id: get_mic.c,v 1.30 2006/04/02 02:12:52 lha Exp $); +RCSID($Id: get_mic.c,v 1.31 2006/05/08 09:55:37 lha Exp $); static OM_uint32 mic_des @@ -172,6 +172,8 @@ tmp = malloc (message_buffer-length + 8); if (tmp == NULL) { free (message_token-value); + message_token-value = NULL; + message_token-length = 0; *minor_status = ENOMEM; return GSS_S_FAILURE; } Modified: branches/SAMBA_4_0/source/heimdal/lib/krb5/crypto.c === --- branches/SAMBA_4_0/source/heimdal/lib/krb5/crypto.c 2006-05-08 13:10:23 UTC (rev 15514) +++ branches/SAMBA_4_0/source/heimdal/lib/krb5/crypto.c 2006-05-08 23:30:40 UTC (rev 15515) @@ -32,7 +32,7 @@ */ #include krb5_locl.h -RCSID($Id: crypto.c,v 1.135 2006/05/05 09:27:24 lha Exp $); +RCSID($Id: crypto.c,v 1.138 2006/05/08 13:47:24 lha Exp $); #undef CRYPTO_DEBUG #ifdef CRYPTO_DEBUG @@ -70,7 +70,6 @@ #define F_PSEUDO 16 /* not a real protocol type */ #define F_SPECIAL 32 /* backwards */ #define F_DISABLED 64 /* enctype/checksum disabled */ -#define F_PADCMS 128 /* padding done like in CMS */ struct salt_type { krb5_salttype type; @@ -1957,7 +1956,9 @@ } keyed_checksum = (ct-flags F_KEYED) != 0; if(keyed_checksum crypto == NULL) { - krb5_clear_error_string (context); + krb5_set_error_string (context, Checksum type %s is keyed + but no crypto context (key) was passed in, + ct-name); return KRB5_PROG_SUMTYPE_NOSUPP; /* XXX */ } if(keyed_checksum) { @@ -2042,7 +2043,8 @@ } keyed_checksum = (ct-flags F_KEYED) != 0; if(keyed_checksum crypto == NULL) { - krb5_set_error_string (context, checksum type %s is keyed, and requires a crypto context, + krb5_set_error_string (context, Checksum type %s is keyed + but no crypto context (key) was passed in, ct-name); return KRB5_PROG_SUMTYPE_NOSUPP; /* XXX */ } @@ -2391,56 +2393,7 @@ return 0; } -static krb5_error_code -AES_CBC_encrypt(krb5_context context, -struct key_data *key, -void *data, -size_t len, -krb5_boolean encryptp, -int usage, -void *ivec) -{ -struct krb5_aes_schedule *aeskey = key-schedule
svn commit: lorikeet r547 - in trunk/heimdal/lib/des: .
Author: abartlet Date: 2006-05-08 23:33:26 + (Mon, 08 May 2006) New Revision: 547 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=lorikeetrev=547 Log: Missing files again. I need to find better ways to do this syncronisation. Andrew Bartlett Added: trunk/heimdal/lib/des/rsa-imath.c Changeset: Sorry, the patch is too large (349 lines) to include; please use WebSVN to see it! WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=lorikeetrev=547
svn commit: lorikeet r538 - in trunk/heimdal/lib/krb5: .
Author: abartlet Date: 2006-05-07 09:10:52 + (Sun, 07 May 2006) New Revision: 538 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=lorikeetrev=538 Log: I hit this (probably due to a programming error), but make this easier for the next person. Andrew Bartlett Modified: trunk/heimdal/lib/krb5/crypto.c Changeset: Modified: trunk/heimdal/lib/krb5/crypto.c === --- trunk/heimdal/lib/krb5/crypto.c 2006-05-07 03:01:03 UTC (rev 537) +++ trunk/heimdal/lib/krb5/crypto.c 2006-05-07 09:10:52 UTC (rev 538) @@ -2042,7 +2042,8 @@ } keyed_checksum = (ct-flags F_KEYED) != 0; if(keyed_checksum crypto == NULL) { - krb5_clear_error_string (context); + krb5_set_error_string (context, checksum type %s is keyed, and requires a crypto context, + ct-name); return KRB5_PROG_SUMTYPE_NOSUPP; /* XXX */ } if(keyed_checksum)
svn commit: lorikeet r539 - in trunk/heimdal/lib/gssapi: .
Author: abartlet Date: 2006-05-07 09:26:06 + (Sun, 07 May 2006) New Revision: 539 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=lorikeetrev=539 Log: Make accept_security_context() more compatible with how Samba3 (and similarly built clients) behave. This is better than just ignoring the checksum, if it isn't the GSSAPI checksum. (Samba4 clients in Samba3 mode use more than just the MD5 checksum, and will use a signed AES checksum if available. Actual samba3 may well do the same in future, against a suitable KDC). Andrew Bartlett Modified: trunk/heimdal/lib/gssapi/8003.c trunk/heimdal/lib/gssapi/accept_sec_context.c Changeset: Modified: trunk/heimdal/lib/gssapi/8003.c === --- trunk/heimdal/lib/gssapi/8003.c 2006-05-07 09:10:52 UTC (rev 538) +++ trunk/heimdal/lib/gssapi/8003.c 2006-05-07 09:26:06 UTC (rev 539) @@ -185,13 +185,9 @@ return GSS_S_BAD_BINDINGS; } -/* This is the case where Samba3 has built GSSAPI out of - * krb5 the 'dodgy' way. We have to accept the non-GSSAPI - * checksum because windows does */ - if(cksum-cksumtype != CKSUMTYPE_GSSAPI) { - *flags = 0; - return GSS_S_COMPLETE; + *minor_status = 0; + return GSS_S_BAD_BINDINGS; } /* XXX should handle checksums 24 bytes */ Modified: trunk/heimdal/lib/gssapi/accept_sec_context.c === --- trunk/heimdal/lib/gssapi/accept_sec_context.c 2006-05-07 09:10:52 UTC (rev 538) +++ trunk/heimdal/lib/gssapi/accept_sec_context.c 2006-05-07 09:26:06 UTC (rev 539) @@ -371,15 +371,48 @@ return ret; } - ret = gssapi_krb5_verify_8003_checksum(minor_status, - input_chan_bindings, - authenticator-cksum, - flags, - (*context_handle)-fwd_data); - krb5_free_authenticator(gssapi_krb5_context, authenticator); - if (ret) { - return ret; - } +if (authenticator-cksum-cksumtype == CKSUMTYPE_GSSAPI) { +ret = gssapi_krb5_verify_8003_checksum(minor_status, + input_chan_bindings, + authenticator-cksum, + flags, + (*context_handle)-fwd_data); + + krb5_free_authenticator(gssapi_krb5_context, authenticator); + if (ret) { + return ret; + } +} else { + krb5_crypto crypto; + + kret = krb5_crypto_init(gssapi_krb5_context, + (*context_handle)-auth_context-keyblock, + 0, crypto); + if(kret) { + krb5_free_authenticator(gssapi_krb5_context, authenticator); + + ret = GSS_S_FAILURE; + *minor_status = kret; + gssapi_krb5_set_error_string (); + return ret; + } + + /* Windows accepts Samba3's use of a kerberos, + rather than GSSAPI checksum here */ + kret = krb5_verify_checksum(gssapi_krb5_context, + crypto, KRB5_KU_AP_REQ_AUTH_CKSUM, NULL, 0, + authenticator-cksum); + krb5_free_authenticator(gssapi_krb5_context, authenticator); + + if(kret) { + ret = GSS_S_FAILURE; + *minor_status = kret; + gssapi_krb5_set_error_string (); + return ret; + } + + flags = GSS_C_MUTUAL_FLAG | GSS_C_REPLAY_FLAG | GSS_C_SEQUENCE_FLAG; +} } if(flags GSS_C_MUTUAL_FLAG) {
svn commit: samba r15484 - in branches/SAMBA_4_0/source/heimdal/lib: gssapi krb5
Author: abartlet Date: 2006-05-07 09:28:49 + (Sun, 07 May 2006) New Revision: 15484 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=15484 Log: Make accept_security_context() more compatible with how Samba3 (and similarly built clients) behave. This is better than just ignoring the checksum, if it isn't the GSSAPI checksum. (Samba4 clients in Samba3 mode use more than just the MD5 checksum, and will use a signed AES checksum if available. Actual samba3 may well do the same in future, against a suitable KDC). Also a change for easier debugging of checksum issues. Andrew Bartlett Modified: branches/SAMBA_4_0/source/heimdal/lib/gssapi/8003.c branches/SAMBA_4_0/source/heimdal/lib/gssapi/accept_sec_context.c branches/SAMBA_4_0/source/heimdal/lib/krb5/crypto.c Changeset: Modified: branches/SAMBA_4_0/source/heimdal/lib/gssapi/8003.c === --- branches/SAMBA_4_0/source/heimdal/lib/gssapi/8003.c 2006-05-07 09:21:39 UTC (rev 15483) +++ branches/SAMBA_4_0/source/heimdal/lib/gssapi/8003.c 2006-05-07 09:28:49 UTC (rev 15484) @@ -185,13 +185,9 @@ return GSS_S_BAD_BINDINGS; } -/* This is the case where Samba3 has built GSSAPI out of - * krb5 the 'dodgy' way. We have to accept the non-GSSAPI - * checksum because windows does */ - if(cksum-cksumtype != CKSUMTYPE_GSSAPI) { - *flags = 0; - return GSS_S_COMPLETE; + *minor_status = 0; + return GSS_S_BAD_BINDINGS; } /* XXX should handle checksums 24 bytes */ Modified: branches/SAMBA_4_0/source/heimdal/lib/gssapi/accept_sec_context.c === --- branches/SAMBA_4_0/source/heimdal/lib/gssapi/accept_sec_context.c 2006-05-07 09:21:39 UTC (rev 15483) +++ branches/SAMBA_4_0/source/heimdal/lib/gssapi/accept_sec_context.c 2006-05-07 09:28:49 UTC (rev 15484) @@ -371,15 +371,48 @@ return ret; } - ret = gssapi_krb5_verify_8003_checksum(minor_status, - input_chan_bindings, - authenticator-cksum, - flags, - (*context_handle)-fwd_data); - krb5_free_authenticator(gssapi_krb5_context, authenticator); - if (ret) { - return ret; - } +if (authenticator-cksum-cksumtype == CKSUMTYPE_GSSAPI) { +ret = gssapi_krb5_verify_8003_checksum(minor_status, + input_chan_bindings, + authenticator-cksum, + flags, + (*context_handle)-fwd_data); + + krb5_free_authenticator(gssapi_krb5_context, authenticator); + if (ret) { + return ret; + } +} else { + krb5_crypto crypto; + + kret = krb5_crypto_init(gssapi_krb5_context, + (*context_handle)-auth_context-keyblock, + 0, crypto); + if(kret) { + krb5_free_authenticator(gssapi_krb5_context, authenticator); + + ret = GSS_S_FAILURE; + *minor_status = kret; + gssapi_krb5_set_error_string (); + return ret; + } + + /* Windows accepts Samba3's use of a kerberos, + rather than GSSAPI checksum here */ + kret = krb5_verify_checksum(gssapi_krb5_context, + crypto, KRB5_KU_AP_REQ_AUTH_CKSUM, NULL, 0, + authenticator-cksum); + krb5_free_authenticator(gssapi_krb5_context, authenticator); + + if(kret) { + ret = GSS_S_FAILURE; + *minor_status = kret; + gssapi_krb5_set_error_string (); + return ret; + } + + flags = GSS_C_MUTUAL_FLAG | GSS_C_REPLAY_FLAG | GSS_C_SEQUENCE_FLAG; +} } if(flags GSS_C_MUTUAL_FLAG) { Modified: branches/SAMBA_4_0/source/heimdal/lib/krb5/crypto.c === --- branches/SAMBA_4_0/source/heimdal/lib/krb5/crypto.c 2006-05-07 09:21:39 UTC (rev 15483) +++ branches/SAMBA_4_0/source/heimdal/lib/krb5/crypto.c 2006-05-07 09:28:49 UTC (rev 15484) @@ -2042,7 +2042,8 @@ } keyed_checksum = (ct-flags F_KEYED) != 0; if(keyed_checksum crypto == NULL) { - krb5_clear_error_string (context); + krb5_set_error_string (context, checksum type %s is keyed, and requires a crypto context, + ct-name); return KRB5_PROG_SUMTYPE_NOSUPP; /* XXX */ } if(keyed_checksum)
svn commit: samba r15485 - in branches/SAMBA_4_0/source/auth/gensec: .
Author: abartlet Date: 2006-05-07 11:14:46 + (Sun, 07 May 2006) New Revision: 15485 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=15485 Log: This 'fake' GSSAPI doesn't do the extra SASL negotiation correctly, so don't attribute the GSSAPI SASL mech to it. Andrew Bartlett Modified: branches/SAMBA_4_0/source/auth/gensec/gensec_krb5.c Changeset: Modified: branches/SAMBA_4_0/source/auth/gensec/gensec_krb5.c === --- branches/SAMBA_4_0/source/auth/gensec/gensec_krb5.c 2006-05-07 09:28:49 UTC (rev 15484) +++ branches/SAMBA_4_0/source/auth/gensec/gensec_krb5.c 2006-05-07 11:14:46 UTC (rev 15485) @@ -721,7 +721,6 @@ static const struct gensec_security_ops gensec_fake_gssapi_krb5_security_ops = { .name = fake_gssapi_krb5, - .sasl_name = GSSAPI, .auth_type = DCERPC_AUTH_TYPE_KRB5, .oid= gensec_krb5_oids, .client_start = gensec_fake_gssapi_krb5_client_start,
svn commit: samba r15486 - in branches/SAMBA_4_0/source/script/tests: .
Author: abartlet Date: 2006-05-07 11:15:52 + (Sun, 07 May 2006) New Revision: 15486 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=15486 Log: Ensure that our Samba3-like implementation of fake-GSSAPI is tested. This also tests that the server accepts the incorrect GSSAPI checksum, and that we get the right session key. Andrew Bartlett Modified: branches/SAMBA_4_0/source/script/tests/test_session_key.sh Changeset: Modified: branches/SAMBA_4_0/source/script/tests/test_session_key.sh === --- branches/SAMBA_4_0/source/script/tests/test_session_key.sh 2006-05-07 11:14:46 UTC (rev 15485) +++ branches/SAMBA_4_0/source/script/tests/test_session_key.sh 2006-05-07 11:15:52 UTC (rev 15486) @@ -46,4 +46,8 @@ name=RPC-SECRETS on $transport:$server[$bindoptions] with Kerberos (use target principal) testit $name bin/smbtorture $TORTURE_OPTIONS $transport:$server[$bindoptions] -k yes -U$username%$password -W $domain --option=clientusespnegoprincipal=yes --option=gensec:target_hostname=$netbios_name RPC-SECRETS $* || failed=`expr $failed + 1` done +name=RPC-SECRETS on $transport:$server with Kerberos (use Samba3 style login) + testit $name bin/smbtorture $TORTURE_OPTIONS $transport:$server -k yes -U$username%$password -W $domain --option=gensec:fake_gssapi_krb5=yes --option=gensec:gssapi_krb5=no --option=gensec:target_hostname=$netbios_name RPC-SECRETS $* || failed=`expr $failed + 1` +name=RPC-SECRETS on $transport:$server with Kerberos (use Samba3 style login, use target principal) + testit $name bin/smbtorture $TORTURE_OPTIONS $transport:$server -k yes -U$username%$password -W $domain --option=clientusespnegoprincipal=yes --option=gensec:fake_gssapi_krb5=yes --option=gensec:gssapi_krb5=no --option=gensec:target_hostname=$netbios_name RPC-SECRETS $* || failed=`expr $failed + 1` testok $0 $failed
svn commit: samba r15491 - in branches/SAMBA_4_0/source/heimdal/lib/gssapi: .
Author: abartlet Date: 2006-05-07 15:02:27 + (Sun, 07 May 2006) New Revision: 15491 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=15491 Log: Always initialise is_cfx (found by Valgrind) Always remember to free the crypto context (found by Luke Howard) Modified: branches/SAMBA_4_0/source/heimdal/lib/gssapi/accept_sec_context.c Changeset: Modified: branches/SAMBA_4_0/source/heimdal/lib/gssapi/accept_sec_context.c === --- branches/SAMBA_4_0/source/heimdal/lib/gssapi/accept_sec_context.c 2006-05-07 13:40:56 UTC (rev 15490) +++ branches/SAMBA_4_0/source/heimdal/lib/gssapi/accept_sec_context.c 2006-05-07 15:02:27 UTC (rev 15491) @@ -77,6 +77,7 @@ { krb5_keyblock *key; int acceptor = (context_handle-more_flags LOCAL) == 0; +*is_cfx = 0; if (acceptor) { if (context_handle-auth_context-local_subkey) @@ -403,9 +404,10 @@ crypto, KRB5_KU_AP_REQ_AUTH_CKSUM, NULL, 0, authenticator-cksum); krb5_free_authenticator(gssapi_krb5_context, authenticator); + krb5_crypto_destroy(gssapi_krb5_context, crypto); if(kret) { - ret = GSS_S_FAILURE; + ret = GSS_S_BAD_SIG; *minor_status = kret; gssapi_krb5_set_error_string (); return ret;
svn commit: samba r15492 - in branches/SAMBA_3_0/source/libads: .
Author: abartlet Date: 2006-05-07 15:05:32 + (Sun, 07 May 2006) New Revision: 15492 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=15492 Log: Without this patch, the LDAP client libs will call abort() in ldap_get_values_len, because they were handed a NULL msgs pointer, for example in ads_pull_sid(). This occurs when the AD server fails at the connect stage. (The toubled AD server is actually Samba4 in my example). Andrew Bartlett Modified: branches/SAMBA_3_0/source/libads/ldap_utils.c Changeset: Modified: branches/SAMBA_3_0/source/libads/ldap_utils.c === --- branches/SAMBA_3_0/source/libads/ldap_utils.c 2006-05-07 15:02:27 UTC (rev 15491) +++ branches/SAMBA_3_0/source/libads/ldap_utils.c 2006-05-07 15:05:32 UTC (rev 15492) @@ -48,16 +48,17 @@ return ADS_ERROR_NT(NT_STATUS_NO_MEMORY); } - while (count--) { - *res = NULL; - status = ads_do_search_all(ads, bp, scope, expr, attrs, res); - if (ADS_ERR_OK(status)) { - DEBUG(5,(Search for %s gave %d replies\n, -expr, ads_count_replies(ads, *res))); - SAFE_FREE(bp); - return status; - } + *res = NULL; + status = ads_do_search_all(ads, bp, scope, expr, attrs, res); + if (ADS_ERR_OK(status)) { + DEBUG(5,(Search for %s gave %d replies\n, +expr, ads_count_replies(ads, *res))); + SAFE_FREE(bp); + return status; + } + while (--count) { + if (*res) ads_msgfree(ads, *res); *res = NULL; @@ -79,6 +80,15 @@ SAFE_FREE(bp); return status; } + + *res = NULL; + status = ads_do_search_all(ads, bp, scope, expr, attrs, res); + if (ADS_ERR_OK(status)) { + DEBUG(5,(Search for %s gave %d replies\n, +expr, ads_count_replies(ads, *res))); + SAFE_FREE(bp); + return status; + } } SAFE_FREE(bp);
svn commit: samba r15497 - in branches/SAMBA_4_0/source/kdc: .
Author: abartlet Date: 2006-05-07 17:55:20 + (Sun, 07 May 2006) New Revision: 15497 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=15497 Log: I'm not really sure this is correct in terms of how we should be responding to krbtgt/[EMAIL PROTECTED] TGS ticket requests, but for the moment, these are still marked as 'server' requests by the kerberos5.c caller. Andrew Bartlett Modified: branches/SAMBA_4_0/source/kdc/hdb-ldb.c Changeset: Modified: branches/SAMBA_4_0/source/kdc/hdb-ldb.c === --- branches/SAMBA_4_0/source/kdc/hdb-ldb.c 2006-05-07 17:40:52 UTC (rev 15496) +++ branches/SAMBA_4_0/source/kdc/hdb-ldb.c 2006-05-07 17:55:20 UTC (rev 15497) @@ -810,6 +810,10 @@ if (ret != HDB_ERR_NOENTRY) { return ret; } + ret = LDB_fetch_krbtgt(context, db, mem_ctx, principal, flags, entry_ex); + if (ret != HDB_ERR_NOENTRY) { + return ret; + } } if (flags HDB_F_GET_KRBTGT) { ret = LDB_fetch_krbtgt(context, db, mem_ctx, principal, flags, entry_ex);
svn commit: lorikeet r540 - in trunk/heimdal/lib/des: . imath
Author: abartlet Date: 2006-05-07 17:57:38 + (Sun, 07 May 2006) New Revision: 540 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=lorikeetrev=540 Log: I seemed to miss imath in my last upstream sync commit. Andrew Bartlett Added: trunk/heimdal/lib/des/imath/ trunk/heimdal/lib/des/imath/LICENSE trunk/heimdal/lib/des/imath/imath.c trunk/heimdal/lib/des/imath/imath.h trunk/heimdal/lib/des/imath/import.sh trunk/heimdal/lib/des/imath/imrat.c trunk/heimdal/lib/des/imath/imrat.h trunk/heimdal/lib/des/imath/iprime.c trunk/heimdal/lib/des/imath/iprime.h trunk/heimdal/lib/des/imath/rsamath.c trunk/heimdal/lib/des/imath/rsamath.h Changeset: Sorry, the patch is too large (5262 lines) to include; please use WebSVN to see it! WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=lorikeetrev=540
svn commit: lorikeet r541 - in trunk/heimdal/lib/des: .
Author: abartlet Date: 2006-05-07 18:00:07 + (Sun, 07 May 2006) New Revision: 541 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=lorikeetrev=541 Log: another missing file Added: trunk/heimdal/lib/des/dh-imath.c Changeset: Added: trunk/heimdal/lib/des/dh-imath.c === --- trunk/heimdal/lib/des/dh-imath.c2006-05-07 17:57:38 UTC (rev 540) +++ trunk/heimdal/lib/des/dh-imath.c2006-05-07 18:00:07 UTC (rev 541) @@ -0,0 +1,213 @@ +/* + * Copyright (c) 2006 Kungliga Tekniska H�gskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + *notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + *notice, this list of conditions and the following disclaimer in the + *documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + *may be used to endorse or promote products derived from this software + *without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#ifdef HAVE_CONFIG_H +#include config.h +#endif + +#include stdio.h +#include stdlib.h +#include dh.h + +#include roken.h + +#include imath/imath.h + +RCSID($Id: dh-imath.c,v 1.1 2006/05/06 12:32:28 lha Exp $); + +static void +BN2mpz(mpz_t *s, const BIGNUM *bn) +{ +size_t len; +void *p; + +len = BN_num_bytes(bn); +p = malloc(len); +BN_bn2bin(bn, p); +mp_int_read_unsigned(s, p, len); +free(p); +} + + +static BIGNUM * +mpz2BN(mpz_t *s) +{ +size_t size; +BIGNUM *bn; +void *p; + +size = mp_int_unsigned_len(s); +p = malloc(size); +if (p == NULL size != 0) + return NULL; +mp_int_to_unsigned(s, p, size); + +bn = BN_bin2bn(p, size, NULL); +free(p); +return bn; +} + +/* + * + */ + +static int +dh_generate_key(DH *dh) +{ +mpz_t pub, priv_key, g, p; + +if (dh-p == NULL || dh-g == NULL) + return 0; + +if (dh-priv_key == NULL) { + size_t bits = BN_num_bits(dh-p); + dh-priv_key = BN_new(); + if (dh-priv_key == NULL) + return 0; + if (!BN_rand(dh-priv_key, bits - 1, 0, 0)) { + BN_clear_free(dh-priv_key); + dh-priv_key = NULL; + return 0; + } +} +if (dh-pub_key) + BN_free(dh-pub_key); + +mp_int_init(pub); +mp_int_init(priv_key); +mp_int_init(g); +mp_int_init(p); + +BN2mpz(priv_key, dh-priv_key); +BN2mpz(g, dh-g); +BN2mpz(p, dh-p); + +mp_int_exptmod(g, priv_key, p, pub); + +mp_int_clear(priv_key); +mp_int_clear(g); +mp_int_clear(p); + +dh-pub_key = mpz2BN(pub); +mp_int_clear(pub); +if (dh-pub_key == NULL) + return 0; + +return 1; +} + +static int +dh_compute_key(unsigned char *shared, const BIGNUM * pub, DH *dh) +{ +mpz_t s, priv_key, p, peer_pub; +size_t size = 0; +mp_result res; + +if (dh-pub_key == NULL || dh-g == NULL || dh-priv_key == NULL) + return 0; + +mp_int_init(p); +BN2mpz(p, dh-p); + +mp_int_init(peer_pub); +BN2mpz(peer_pub, pub); + +/* check if peers pubkey is reasonable */ +if (MP_SIGN(peer_pub) != 1 + || mp_int_compare(peer_pub, p) = 0 + || mp_int_compare_value(peer_pub, 1) = 0) +{ + mp_int_clear(p); + mp_int_clear(peer_pub); + return 0; +} + +mp_int_init(priv_key); +BN2mpz(priv_key, dh-priv_key); + +mp_int_init(s); + +mp_int_exptmod(peer_pub, priv_key, p, s); + +mp_int_clear(p); +mp_int_clear(peer_pub); +mp_int_clear(priv_key); + +size = mp_int_unsigned_len(s); +res = mp_int_to_unsigned(s, shared, size); +mp_int_clear(s); + +return (res == MP_OK) ? size : -1; +} + +static int +dh_generate_params(DH *dh, int a, int b, BN_GENCB *callback) +{ +/* groups should
svn commit: lorikeet r542 - in trunk/heimdal/lib/hx509: .
Author: abartlet Date: 2006-05-07 18:01:57 + (Sun, 07 May 2006) New Revision: 542 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=lorikeetrev=542 Log: Remove generated files (I should watch what gets added more carefully...) Andrew Bartlett Removed: trunk/heimdal/lib/hx509/asn1_CertificationRequest.c trunk/heimdal/lib/hx509/asn1_CertificationRequest.x trunk/heimdal/lib/hx509/asn1_CertificationRequestInfo.c trunk/heimdal/lib/hx509/asn1_CertificationRequestInfo.x trunk/heimdal/lib/hx509/asn1_OCSPBasicOCSPResponse.c trunk/heimdal/lib/hx509/asn1_OCSPBasicOCSPResponse.x trunk/heimdal/lib/hx509/asn1_OCSPCertID.c trunk/heimdal/lib/hx509/asn1_OCSPCertID.x trunk/heimdal/lib/hx509/asn1_OCSPCertStatus.c trunk/heimdal/lib/hx509/asn1_OCSPCertStatus.x trunk/heimdal/lib/hx509/asn1_OCSPInnerRequest.c trunk/heimdal/lib/hx509/asn1_OCSPInnerRequest.x trunk/heimdal/lib/hx509/asn1_OCSPKeyHash.c trunk/heimdal/lib/hx509/asn1_OCSPKeyHash.x trunk/heimdal/lib/hx509/asn1_OCSPRequest.c trunk/heimdal/lib/hx509/asn1_OCSPRequest.x trunk/heimdal/lib/hx509/asn1_OCSPResponderID.c trunk/heimdal/lib/hx509/asn1_OCSPResponderID.x trunk/heimdal/lib/hx509/asn1_OCSPResponse.c trunk/heimdal/lib/hx509/asn1_OCSPResponse.x trunk/heimdal/lib/hx509/asn1_OCSPResponseBytes.c trunk/heimdal/lib/hx509/asn1_OCSPResponseBytes.x trunk/heimdal/lib/hx509/asn1_OCSPResponseData.c trunk/heimdal/lib/hx509/asn1_OCSPResponseData.x trunk/heimdal/lib/hx509/asn1_OCSPResponseStatus.c trunk/heimdal/lib/hx509/asn1_OCSPResponseStatus.x trunk/heimdal/lib/hx509/asn1_OCSPSignature.c trunk/heimdal/lib/hx509/asn1_OCSPSignature.x trunk/heimdal/lib/hx509/asn1_OCSPSingleResponse.c trunk/heimdal/lib/hx509/asn1_OCSPSingleResponse.x trunk/heimdal/lib/hx509/asn1_OCSPTBSRequest.c trunk/heimdal/lib/hx509/asn1_OCSPTBSRequest.x trunk/heimdal/lib/hx509/asn1_OCSPVersion.c trunk/heimdal/lib/hx509/asn1_OCSPVersion.x trunk/heimdal/lib/hx509/asn1_id_kp_OCSPSigning.c trunk/heimdal/lib/hx509/asn1_id_kp_OCSPSigning.x trunk/heimdal/lib/hx509/asn1_id_pkix_ocsp.c trunk/heimdal/lib/hx509/asn1_id_pkix_ocsp.x trunk/heimdal/lib/hx509/asn1_id_pkix_ocsp_basic.c trunk/heimdal/lib/hx509/asn1_id_pkix_ocsp_basic.x trunk/heimdal/lib/hx509/asn1_id_pkix_ocsp_nonce.c trunk/heimdal/lib/hx509/asn1_id_pkix_ocsp_nonce.x trunk/heimdal/lib/hx509/ocsp_asn1.h trunk/heimdal/lib/hx509/ocsp_asn1_files trunk/heimdal/lib/hx509/pkcs10_asn1.h trunk/heimdal/lib/hx509/pkcs10_asn1_files Changeset: Sorry, the patch is too large (7706 lines) to include; please use WebSVN to see it! WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=lorikeetrev=542
svn commit: samba r15498 - in branches/SAMBA_4_0/source/auth/credentials: .
Author: abartlet Date: 2006-05-07 18:08:57 + (Sun, 07 May 2006) New Revision: 15498 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=15498 Log: Initialise the callback_running field, and get the flag set/clear the right way around for all the callers. Andrew Bartlett Modified: branches/SAMBA_4_0/source/auth/credentials/credentials.c Changeset: Modified: branches/SAMBA_4_0/source/auth/credentials/credentials.c === --- branches/SAMBA_4_0/source/auth/credentials/credentials.c2006-05-07 17:55:20 UTC (rev 15497) +++ branches/SAMBA_4_0/source/auth/credentials/credentials.c2006-05-07 18:08:57 UTC (rev 15498) @@ -59,6 +59,7 @@ cred-bind_dn = NULL; cred-tries = 3; + cred-callback_running = False; cli_credentials_set_kerberos_state(cred, CRED_AUTO_USE_KERBEROS); @@ -157,9 +158,9 @@ if (cred-principal_obtained == CRED_CALLBACK !cred-callback_running) { + cred-callback_running = True; + cred-principal = cred-principal_cb(cred); cred-callback_running = False; - cred-principal = cred-principal_cb(cred); - cred-callback_running = True; cred-principal_obtained = CRED_SPECIFIED; } @@ -241,9 +242,9 @@ if (cred-password_obtained == CRED_CALLBACK !cred-callback_running) { + cred-callback_running = True; + cred-password = cred-password_cb(cred); cred-callback_running = False; - cred-password = cred-password_cb(cred); - cred-callback_running = True; cred-password_obtained = CRED_CALLBACK_RESULT; }
svn commit: samba r15499 - in branches/SAMBA_4_0/source/torture/rpc: .
Author: abartlet Date: 2006-05-07 18:09:54 + (Sun, 07 May 2006) New Revision: 15499 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=15499 Log: This test can't run if the remote server won't let us open a policy handle. Andrew Bartlett Modified: branches/SAMBA_4_0/source/torture/rpc/session_key.c Changeset: Modified: branches/SAMBA_4_0/source/torture/rpc/session_key.c === --- branches/SAMBA_4_0/source/torture/rpc/session_key.c 2006-05-07 18:08:57 UTC (rev 15498) +++ branches/SAMBA_4_0/source/torture/rpc/session_key.c 2006-05-07 18:09:54 UTC (rev 15499) @@ -180,8 +180,11 @@ } if (test_lsa_OpenPolicy2(p, mem_ctx, handle)) { - if (!test_CreateSecret_basic(p, mem_ctx, handle)) { + if (!handle) { + printf(OpenPolicy2 failed. This test cannot run against this server\n); ret = False; + } else if (!test_CreateSecret_basic(p, mem_ctx, handle)) { + ret = False; } } else { return False;
svn commit: samba r15500 - in branches/SAMBA_4_0/source: libnet librpc/rpc torture/rpc
Author: abartlet Date: 2006-05-07 18:11:47 + (Sun, 07 May 2006) New Revision: 15500 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=15500 Log: Add support for interactive prompting on bad passwords to the RPC libraries. This support requires that the bind_ack and alter_ack recv functions also be send the DCE/RPC fault. This would be best done by having the ack run as a normal RPC reply callback, but this isn't easily possible for now. Andrew Bartlett Modified: branches/SAMBA_4_0/source/libnet/libnet_join.c branches/SAMBA_4_0/source/librpc/rpc/dcerpc.c branches/SAMBA_4_0/source/librpc/rpc/dcerpc_connect.c branches/SAMBA_4_0/source/librpc/rpc/dcerpc_util.c branches/SAMBA_4_0/source/torture/rpc/bind.c Changeset: Modified: branches/SAMBA_4_0/source/libnet/libnet_join.c === --- branches/SAMBA_4_0/source/libnet/libnet_join.c 2006-05-07 18:09:54 UTC (rev 15499) +++ branches/SAMBA_4_0/source/libnet/libnet_join.c 2006-05-07 18:11:47 UTC (rev 15500) @@ -482,7 +482,7 @@ samr_pipe = connect_with_info-out.dcerpc_pipe; - status = dcerpc_pipe_auth(tmp_ctx, samr_pipe, + status = dcerpc_pipe_auth(samr_pipe, connect_with_info-out.dcerpc_pipe-binding, dcerpc_table_samr, ctx-cred); if (!NT_STATUS_IS_OK(status)) { Modified: branches/SAMBA_4_0/source/librpc/rpc/dcerpc.c === --- branches/SAMBA_4_0/source/librpc/rpc/dcerpc.c 2006-05-07 18:09:54 UTC (rev 15499) +++ branches/SAMBA_4_0/source/librpc/rpc/dcerpc.c 2006-05-07 18:11:47 UTC (rev 15500) @@ -490,6 +490,20 @@ } /* + map a fault reason to a NTSTATUS +*/ +static NTSTATUS dcerpc_map_fault(uint32_t status) +{ + switch (status) { + case DCERPC_FAULT_OP_RNG_ERROR: + return NT_STATUS_ILLEGAL_FUNCTION; + case DCERPC_FAULT_ACCESS_DENIED: + return NT_STATUS_ACCESS_DENIED; + } + return NT_STATUS_NET_WRITE_FAULT; +} + +/* mark the dcerpc connection dead. All outstanding requests get an error */ static void dcerpc_connection_dead(struct dcerpc_connection *conn, NTSTATUS status) @@ -555,27 +569,19 @@ dcerpc_connection_dead(conn, status); } - switch (pkt.ptype) { - case DCERPC_PKT_BIND_NAK: - case DCERPC_PKT_BIND_ACK: - if (conn-bind_private) { - talloc_steal(conn-bind_private, blob-data); - dcerpc_bind_recv_data(conn, pkt); - } - break; + if (conn-bind_private) { + talloc_steal(conn-bind_private, blob-data); + dcerpc_bind_recv_data(conn, pkt); + return; + } + if (conn-alter_private) { + talloc_steal(conn-alter_private, blob-data); + dcerpc_alter_recv_data(conn, pkt); + return; + } - case DCERPC_PKT_ALTER_RESP: - if (conn-alter_private) { - talloc_steal(conn-alter_private, blob-data); - dcerpc_alter_recv_data(conn, pkt); - } - break; - - default: - /* assume its an ordinary request */ - dcerpc_request_recv_data(conn, blob, pkt); - break; - } + /* assume its an ordinary request */ + dcerpc_request_recv_data(conn, blob, pkt); } @@ -591,6 +597,13 @@ /* mark the connection as not waiting for a bind reply */ conn-bind_private = NULL; + if (pkt-ptype == DCERPC_PKT_FAULT) { + DEBUG(2,(dcerpc: bind faulted: reason %s\n, +dcerpc_errstr(c, pkt-u.fault.status))); + composite_error(c, dcerpc_map_fault(pkt-u.fault.status)); + return; + } + if (pkt-ptype == DCERPC_PKT_BIND_NAK) { DEBUG(2,(dcerpc: bind_nak reason %d\n, pkt-u.bind_nak.reject_reason)); @@ -1528,6 +1541,13 @@ /* mark the connection as not waiting for a alter context reply */ conn-alter_private = NULL; + if (pkt-ptype == DCERPC_PKT_FAULT) { + DEBUG(2,(dcerpc: alter context faulted: reason %s\n, +dcerpc_errstr(c, pkt-u.fault.status))); + composite_error(c, dcerpc_map_fault(pkt-u.fault.status)); + return; + } + if (pkt-ptype == DCERPC_PKT_ALTER_RESP pkt-u.alter_resp.num_results == 1 pkt-u.alter_resp.ctx_list[0].result != 0) { Modified: branches/SAMBA_4_0/source/librpc/rpc/dcerpc_connect.c === --- branches/SAMBA_4_0/source/librpc/rpc/dcerpc_connect.c 2006-05-07 18:09:54 UTC (rev 15499) +++ branches/SAMBA_4_0/source/librpc/rpc
svn commit: samba r15501 - in branches/SAMBA_4_0/source/auth/kerberos: .
Author: abartlet Date: 2006-05-07 18:21:55 + (Sun, 07 May 2006) New Revision: 15501 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=15501 Log: Allow interactive password prompting on kerberos as well. Andrew Bartlett Modified: branches/SAMBA_4_0/source/auth/kerberos/kerberos_util.c Changeset: Modified: branches/SAMBA_4_0/source/auth/kerberos/kerberos_util.c === --- branches/SAMBA_4_0/source/auth/kerberos/kerberos_util.c 2006-05-07 18:11:47 UTC (rev 15500) +++ branches/SAMBA_4_0/source/auth/kerberos/kerberos_util.c 2006-05-07 18:21:55 UTC (rev 15501) @@ -209,6 +209,13 @@ talloc_free(mem_ctx); return ret; } + + if (ret == KRB5KDC_ERR_PREAUTH_FAILED cli_credentials_wrong_password(credentials)) { + ret = kinit_to_ccache(parent_ctx, + credentials, + smb_krb5_context, + ccache); + } if (ret) { DEBUG(1,(kinit for %s failed (%s)\n, cli_credentials_get_principal(credentials, mem_ctx),
svn commit: samba r15503 - in branches/SAMBA_4_0/source/librpc/rpc: .
Author: abartlet Date: 2006-05-07 19:36:06 + (Sun, 07 May 2006) New Revision: 15503 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=15503 Log: I may shortly have to revert all of this, but be clearer about how we handle the NTLMSSP and wrong password fallbacks. Andrew Bartlett Modified: branches/SAMBA_4_0/source/librpc/rpc/dcerpc_util.c Changeset: Modified: branches/SAMBA_4_0/source/librpc/rpc/dcerpc_util.c === --- branches/SAMBA_4_0/source/librpc/rpc/dcerpc_util.c 2006-05-07 19:26:48 UTC (rev 15502) +++ branches/SAMBA_4_0/source/librpc/rpc/dcerpc_util.c 2006-05-07 19:36:06 UTC (rev 15503) @@ -976,7 +976,7 @@ struct dcerpc_binding *binding; const struct dcerpc_interface_table *table; struct cli_credentials *credentials; - uint8_t next_auth_type; + uint8_t auth_type; BOOL try_ntlm_fallback; }; @@ -1011,10 +1011,12 @@ struct pipe_auth_state *s = talloc_get_type(c-private_data, struct pipe_auth_state); status = dcerpc_bind_auth_recv(ctx); - if (s-try_ntlm_fallback NT_STATUS_EQUAL(status, NT_STATUS_INVALID_PARAMETER)) { + if (s-auth_type == DCERPC_AUTH_TYPE_SPNEGO +s-try_ntlm_fallback +NT_STATUS_EQUAL(status, NT_STATUS_INVALID_PARAMETER)) { struct composite_context *sec_conn_req; s-try_ntlm_fallback = False; - s-next_auth_type = DCERPC_AUTH_TYPE_NTLMSSP; + s-auth_type = DCERPC_AUTH_TYPE_NTLMSSP; /* send a request for secondary rpc connection */ sec_conn_req = dcerpc_secondary_connection_send(s-pipe, s-binding); @@ -1023,10 +1025,9 @@ composite_continue(c, sec_conn_req, continue_new_auth_bind, c); return; - } else if (NT_STATUS_EQUAL(status, NT_STATUS_ACCESS_DENIED)) { + } else if (s-auth_type == DCERPC_AUTH_TYPE_SPNEGO NT_STATUS_EQUAL(status, NT_STATUS_ACCESS_DENIED)) { struct composite_context *sec_conn_req; if (cli_credentials_wrong_password(s-credentials)) { - s-next_auth_type = DCERPC_AUTH_TYPE_SPNEGO; /* send a request for secondary rpc connection */ sec_conn_req = dcerpc_secondary_connection_send(s-pipe, s-binding); @@ -1070,7 +1071,7 @@ /* initiate a authenticated bind */ auth_req = dcerpc_bind_auth_send(c, s-pipe, s-table, -s-credentials, s-next_auth_type, +s-credentials, s-auth_type, dcerpc_auth_level(s-pipe-conn), s-table-authservices-names[0]); if (composite_nomem(auth_req, c)) return; @@ -1157,8 +1158,6 @@ * connection is not signed or sealed. For that case * we rely on the already authenticated CIFS connection */ - - uint8_t auth_type; if ((conn-flags (DCERPC_SIGN|DCERPC_SEAL)) == 0) { /* @@ -1172,23 +1171,23 @@ } if (s-binding-flags DCERPC_AUTH_SPNEGO) { - auth_type = DCERPC_AUTH_TYPE_SPNEGO; + s-auth_type = DCERPC_AUTH_TYPE_SPNEGO; } else if (s-binding-flags DCERPC_AUTH_KRB5) { - auth_type = DCERPC_AUTH_TYPE_KRB5; + s-auth_type = DCERPC_AUTH_TYPE_KRB5; } else if (s-binding-flags DCERPC_SCHANNEL) { - auth_type = DCERPC_AUTH_TYPE_SCHANNEL; + s-auth_type = DCERPC_AUTH_TYPE_SCHANNEL; } else if (s-binding-flags DCERPC_AUTH_NTLM) { - auth_type = DCERPC_AUTH_TYPE_NTLMSSP; + s-auth_type = DCERPC_AUTH_TYPE_NTLMSSP; } else { - auth_type = DCERPC_AUTH_TYPE_SPNEGO; + s-auth_type = DCERPC_AUTH_TYPE_SPNEGO; s-try_ntlm_fallback = True; } auth_req = dcerpc_bind_auth_send(c, s-pipe, s-table, -s-credentials, DCERPC_AUTH_TYPE_SPNEGO, +s-credentials, s-auth_type, dcerpc_auth_level(conn), s-table-authservices-names[0]); if (composite_nomem(auth_req, c)) return c;
svn commit: samba r15504 - in branches/SAMBA_4_0/source: libnet librpc/rpc torture/rpc
Author: abartlet Date: 2006-05-07 19:55:14 + (Sun, 07 May 2006) New Revision: 15504 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=15504 Log: Revert -r 15500 and -r 15503 until I'm awake, and can get my head around the mess that is composite functions... Async might be all the rage, but it's bloody painful to debug. Andrew Bartlett Modified: branches/SAMBA_4_0/source/libnet/libnet_join.c branches/SAMBA_4_0/source/librpc/rpc/dcerpc.c branches/SAMBA_4_0/source/librpc/rpc/dcerpc_connect.c branches/SAMBA_4_0/source/librpc/rpc/dcerpc_util.c branches/SAMBA_4_0/source/torture/rpc/bind.c Changeset: Modified: branches/SAMBA_4_0/source/libnet/libnet_join.c === --- branches/SAMBA_4_0/source/libnet/libnet_join.c 2006-05-07 19:36:06 UTC (rev 15503) +++ branches/SAMBA_4_0/source/libnet/libnet_join.c 2006-05-07 19:55:14 UTC (rev 15504) @@ -482,7 +482,7 @@ samr_pipe = connect_with_info-out.dcerpc_pipe; - status = dcerpc_pipe_auth(samr_pipe, + status = dcerpc_pipe_auth(tmp_ctx, samr_pipe, connect_with_info-out.dcerpc_pipe-binding, dcerpc_table_samr, ctx-cred); if (!NT_STATUS_IS_OK(status)) { Modified: branches/SAMBA_4_0/source/librpc/rpc/dcerpc.c === --- branches/SAMBA_4_0/source/librpc/rpc/dcerpc.c 2006-05-07 19:36:06 UTC (rev 15503) +++ branches/SAMBA_4_0/source/librpc/rpc/dcerpc.c 2006-05-07 19:55:14 UTC (rev 15504) @@ -490,20 +490,6 @@ } /* - map a fault reason to a NTSTATUS -*/ -static NTSTATUS dcerpc_map_fault(uint32_t status) -{ - switch (status) { - case DCERPC_FAULT_OP_RNG_ERROR: - return NT_STATUS_ILLEGAL_FUNCTION; - case DCERPC_FAULT_ACCESS_DENIED: - return NT_STATUS_ACCESS_DENIED; - } - return NT_STATUS_NET_WRITE_FAULT; -} - -/* mark the dcerpc connection dead. All outstanding requests get an error */ static void dcerpc_connection_dead(struct dcerpc_connection *conn, NTSTATUS status) @@ -569,19 +555,27 @@ dcerpc_connection_dead(conn, status); } - if (conn-bind_private) { - talloc_steal(conn-bind_private, blob-data); - dcerpc_bind_recv_data(conn, pkt); - return; - } - if (conn-alter_private) { - talloc_steal(conn-alter_private, blob-data); - dcerpc_alter_recv_data(conn, pkt); - return; - } + switch (pkt.ptype) { + case DCERPC_PKT_BIND_NAK: + case DCERPC_PKT_BIND_ACK: + if (conn-bind_private) { + talloc_steal(conn-bind_private, blob-data); + dcerpc_bind_recv_data(conn, pkt); + } + break; - /* assume its an ordinary request */ - dcerpc_request_recv_data(conn, blob, pkt); + case DCERPC_PKT_ALTER_RESP: + if (conn-alter_private) { + talloc_steal(conn-alter_private, blob-data); + dcerpc_alter_recv_data(conn, pkt); + } + break; + + default: + /* assume its an ordinary request */ + dcerpc_request_recv_data(conn, blob, pkt); + break; + } } @@ -597,13 +591,6 @@ /* mark the connection as not waiting for a bind reply */ conn-bind_private = NULL; - if (pkt-ptype == DCERPC_PKT_FAULT) { - DEBUG(2,(dcerpc: bind faulted: reason %s\n, -dcerpc_errstr(c, pkt-u.fault.status))); - composite_error(c, dcerpc_map_fault(pkt-u.fault.status)); - return; - } - if (pkt-ptype == DCERPC_PKT_BIND_NAK) { DEBUG(2,(dcerpc: bind_nak reason %d\n, pkt-u.bind_nak.reject_reason)); @@ -1541,13 +1528,6 @@ /* mark the connection as not waiting for a alter context reply */ conn-alter_private = NULL; - if (pkt-ptype == DCERPC_PKT_FAULT) { - DEBUG(2,(dcerpc: alter context faulted: reason %s\n, -dcerpc_errstr(c, pkt-u.fault.status))); - composite_error(c, dcerpc_map_fault(pkt-u.fault.status)); - return; - } - if (pkt-ptype == DCERPC_PKT_ALTER_RESP pkt-u.alter_resp.num_results == 1 pkt-u.alter_resp.ctx_list[0].result != 0) { Modified: branches/SAMBA_4_0/source/librpc/rpc/dcerpc_connect.c === --- branches/SAMBA_4_0/source/librpc/rpc/dcerpc_connect.c 2006-05-07 19:36:06 UTC (rev 15503) +++ branches/SAMBA_4_0/source/librpc/rpc/dcerpc_connect.c 2006-05-07 19:55:14 UTC (rev 15504) @@ -764,7 +764,7
svn commit: lorikeet r536 - in trunk/heimdal: . appl/ftp appl/ftp/ftp appl/kx appl/popper appl/rsh appl/telnet/libtelnet appl/test cf doc include kadmin kcm kdc kpasswd kuser lib/45 lib/asn1 lib/des l
Author: abartlet Date: 2006-05-07 02:35:34 + (Sun, 07 May 2006) New Revision: 536 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=lorikeetrev=536 Log: Update lorikeet-heimdal to upstream CVS as of 2006-05-07. Andrew Bartlett Added: trunk/heimdal/lib/hx509/data/crl1.crl trunk/heimdal/lib/hx509/error.c Modified: trunk/heimdal/ChangeLog trunk/heimdal/appl/ftp/ChangeLog trunk/heimdal/appl/ftp/ftp/krb4.c trunk/heimdal/appl/kx/common.c trunk/heimdal/appl/kx/krb5.c trunk/heimdal/appl/kx/kx.c trunk/heimdal/appl/kx/kx.h trunk/heimdal/appl/kx/kxd.c trunk/heimdal/appl/popper/auth_krb4.c trunk/heimdal/appl/popper/pop_init.c trunk/heimdal/appl/rsh/common.c trunk/heimdal/appl/rsh/rshd.c trunk/heimdal/appl/telnet/libtelnet/kerberos.c trunk/heimdal/appl/test/gss_common.c trunk/heimdal/appl/test/nt_gss_common.c trunk/heimdal/appl/test/tcp_client.c trunk/heimdal/appl/test/tcp_server.c trunk/heimdal/cf/ChangeLog trunk/heimdal/cf/crypto.m4 trunk/heimdal/configure.in trunk/heimdal/doc/ack.texi trunk/heimdal/doc/heimdal.texi trunk/heimdal/doc/programming.texi trunk/heimdal/include/make_crypto.c trunk/heimdal/kadmin/ChangeLog trunk/heimdal/kadmin/get.c trunk/heimdal/kadmin/init.c trunk/heimdal/kadmin/kadmin.8 trunk/heimdal/kadmin/kadmin.c trunk/heimdal/kcm/acl.c trunk/heimdal/kcm/cursor.c trunk/heimdal/kcm/kcm_locl.h trunk/heimdal/kcm/protocol.c trunk/heimdal/kdc/config.c trunk/heimdal/kdc/hpropd.c trunk/heimdal/kdc/kaserver.c trunk/heimdal/kdc/kdc.h trunk/heimdal/kdc/kerberos4.c trunk/heimdal/kdc/pkinit.c trunk/heimdal/kdc/rx.h trunk/heimdal/kpasswd/kpasswdd.c trunk/heimdal/kuser/klist.c trunk/heimdal/lib/45/mk_req.c trunk/heimdal/lib/asn1/ChangeLog trunk/heimdal/lib/asn1/Makefile.am trunk/heimdal/lib/asn1/pkinit.asn1 trunk/heimdal/lib/des/ChangeLog trunk/heimdal/lib/des/Makefile.am trunk/heimdal/lib/des/aes.h trunk/heimdal/lib/des/dh.c trunk/heimdal/lib/des/dh.h trunk/heimdal/lib/des/engine.c trunk/heimdal/lib/des/engine.h trunk/heimdal/lib/des/hash.h trunk/heimdal/lib/des/md4.c trunk/heimdal/lib/des/md4.h trunk/heimdal/lib/des/md5.c trunk/heimdal/lib/des/md5.h trunk/heimdal/lib/des/pkcs5.c trunk/heimdal/lib/des/rijndael-alg-fst.c trunk/heimdal/lib/des/rijndael-alg-fst.h trunk/heimdal/lib/des/rnd_keys.c trunk/heimdal/lib/des/sha.c trunk/heimdal/lib/des/sha.h trunk/heimdal/lib/des/sha256.c trunk/heimdal/lib/des/test_engine_dso.c trunk/heimdal/lib/gssapi/8003.c trunk/heimdal/lib/gssapi/ChangeLog trunk/heimdal/lib/gssapi/arcfour.c trunk/heimdal/lib/gssapi/cfx.c trunk/heimdal/lib/gssapi/gssapi.h trunk/heimdal/lib/gssapi/gssapi_locl.h trunk/heimdal/lib/gssapi/init_sec_context.c trunk/heimdal/lib/gssapi/wrap.c trunk/heimdal/lib/hdb/mkey.c trunk/heimdal/lib/hx509/Makefile.am trunk/heimdal/lib/hx509/Makefile.in trunk/heimdal/lib/hx509/TODO trunk/heimdal/lib/hx509/cert.c trunk/heimdal/lib/hx509/cms.c trunk/heimdal/lib/hx509/collector.c trunk/heimdal/lib/hx509/crypto.c trunk/heimdal/lib/hx509/data/ca.crt trunk/heimdal/lib/hx509/data/ca.key trunk/heimdal/lib/hx509/data/index.txt trunk/heimdal/lib/hx509/data/index.txt.attr trunk/heimdal/lib/hx509/data/no-proxy-test.crt trunk/heimdal/lib/hx509/data/no-proxy-test.key trunk/heimdal/lib/hx509/data/ocsp-responder.crt trunk/heimdal/lib/hx509/data/ocsp-responder.key trunk/heimdal/lib/hx509/data/openssl.cnf trunk/heimdal/lib/hx509/data/proxy-level-test.crt trunk/heimdal/lib/hx509/data/proxy-level-test.key trunk/heimdal/lib/hx509/data/proxy-test.crt trunk/heimdal/lib/hx509/data/proxy-test.key trunk/heimdal/lib/hx509/data/proxy10-child-test.crt trunk/heimdal/lib/hx509/data/proxy10-child-test.key trunk/heimdal/lib/hx509/data/proxy10-test.crt trunk/heimdal/lib/hx509/data/proxy10-test.key trunk/heimdal/lib/hx509/data/revoke.crt trunk/heimdal/lib/hx509/data/revoke.key trunk/heimdal/lib/hx509/data/serial trunk/heimdal/lib/hx509/data/sub-ca.crt trunk/heimdal/lib/hx509/data/sub-ca.key trunk/heimdal/lib/hx509/data/sub-cert.crt trunk/heimdal/lib/hx509/data/sub-cert.key trunk/heimdal/lib/hx509/data/test-ds-only.crt trunk/heimdal/lib/hx509/data/test-ds-only.key trunk/heimdal/lib/hx509/data/test-ke-only.crt trunk/heimdal/lib/hx509/data/test-ke-only.key trunk/heimdal/lib/hx509/data/test-pw.key trunk/heimdal/lib/hx509/data/test.combined.crt trunk/heimdal/lib/hx509/data/test.crt trunk/heimdal/lib/hx509/data/test.key trunk/heimdal/lib/hx509/hx509.h trunk/heimdal/lib/hx509/hx509_err.et trunk/heimdal/lib/hx509/hx_locl.h trunk/heimdal/lib/hx509/hxtool.c trunk/heimdal/lib/hx509/keyset.c trunk/heimdal/lib/hx509/ks_file.c trunk/heimdal/lib/hx509/ks_p11.c trunk/heimdal/lib/hx509/ks_p12.c trunk/heimdal/lib/hx509/lock.c
svn commit: lorikeet r537 - in trunk/heimdal: .
Author: abartlet Date: 2006-05-07 03:01:03 + (Sun, 07 May 2006) New Revision: 537 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=lorikeetrev=537 Log: Start building PKINIT in my default config. Andrew Bartlett Modified: trunk/heimdal/config.abartlet Changeset: Modified: trunk/heimdal/config.abartlet === --- trunk/heimdal/config.abartlet 2006-05-07 02:35:34 UTC (rev 536) +++ trunk/heimdal/config.abartlet 2006-05-07 03:01:03 UTC (rev 537) @@ -1 +1,2 @@ -CFLAGS=-g -O -Wall -Wstrict-prototypes -Wpointer-arith -Wcast-align -Wwrite-strings -Wdeclaration-after-statement CC=ccache gcc ./configure --with-ldap=/usr --disable-shared --without-openssl +CFLAGS=-g -O -Wall -Wstrict-prototypes -Wpointer-arith -Wcast-align -Wwrite-strings -Wdeclaration-after-statement CC=ccache gcc ./configure --with-ldap=/usr --disable-shared --without-openssl --enable-pk-init +
svn commit: samba r15480 - in branches/SAMBA_4_0/source/kdc: .
Author: abartlet Date: 2006-05-07 04:16:48 + (Sun, 07 May 2006) New Revision: 15480 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=15480 Log: Patch from lha, to ensure we don't leave a free()'ed element in the principal on strdup failure. Andrew Bartlett Modified: branches/SAMBA_4_0/source/kdc/hdb-ldb.c Changeset: Modified: branches/SAMBA_4_0/source/kdc/hdb-ldb.c === --- branches/SAMBA_4_0/source/kdc/hdb-ldb.c 2006-05-06 20:17:12 UTC (rev 15479) +++ branches/SAMBA_4_0/source/kdc/hdb-ldb.c 2006-05-07 04:16:48 UTC (rev 15480) @@ -295,9 +295,6 @@ * replace the client principal's realm with the one * we determine from our records */ - /* don't leak */ - free(*krb5_princ_realm(context, entry_ex-entry.principal)); - /* this has to be with malloc() */ strdup_realm = strdup(realm); if (!strdup_realm) { @@ -305,6 +302,7 @@ krb5_clear_error_string(context); goto out; } + free(*krb5_princ_realm(context, entry_ex-entry.principal)); krb5_princ_set_realm(context, entry_ex-entry.principal, strdup_realm); }
svn commit: samba r15481 - in branches/SAMBA_4_0/source: heimdal/kdc heimdal/lib/asn1 heimdal/lib/des heimdal/lib/gssapi heimdal/lib/hdb heimdal/lib/krb5 kdc
Author: abartlet Date: 2006-05-07 04:51:30 + (Sun, 07 May 2006) New Revision: 15481 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=15481 Log: Update heimdal/ to match current lorikeet-heimdal. This includes many useful upstream changes, many of which should reduce warnings in our compile. It also includes a change to the HDB interface, which removes the need for Samba4/lorikeet-heimdal to deviate from upstream for hdb_fetch(). The new flags replace the old entry type enum. (This required the rework in hdb-ldb.c included in this commit) Andrew Bartlett Modified: branches/SAMBA_4_0/source/heimdal/kdc/524.c branches/SAMBA_4_0/source/heimdal/kdc/kaserver.c branches/SAMBA_4_0/source/heimdal/kdc/kdc-private.h branches/SAMBA_4_0/source/heimdal/kdc/kdc.h branches/SAMBA_4_0/source/heimdal/kdc/kerberos4.c branches/SAMBA_4_0/source/heimdal/kdc/kerberos5.c branches/SAMBA_4_0/source/heimdal/kdc/misc.c branches/SAMBA_4_0/source/heimdal/kdc/pkinit.c branches/SAMBA_4_0/source/heimdal/kdc/rx.h branches/SAMBA_4_0/source/heimdal/lib/asn1/parse.c branches/SAMBA_4_0/source/heimdal/lib/asn1/pkcs9.asn1 branches/SAMBA_4_0/source/heimdal/lib/des/aes.h branches/SAMBA_4_0/source/heimdal/lib/des/des.c branches/SAMBA_4_0/source/heimdal/lib/des/dh.h branches/SAMBA_4_0/source/heimdal/lib/des/engine.h branches/SAMBA_4_0/source/heimdal/lib/des/evp.c branches/SAMBA_4_0/source/heimdal/lib/des/hash.h branches/SAMBA_4_0/source/heimdal/lib/des/md4.c branches/SAMBA_4_0/source/heimdal/lib/des/md4.h branches/SAMBA_4_0/source/heimdal/lib/des/md5.c branches/SAMBA_4_0/source/heimdal/lib/des/md5.h branches/SAMBA_4_0/source/heimdal/lib/des/pkcs5.c branches/SAMBA_4_0/source/heimdal/lib/des/rijndael-alg-fst.c branches/SAMBA_4_0/source/heimdal/lib/des/rijndael-alg-fst.h branches/SAMBA_4_0/source/heimdal/lib/des/rnd_keys.c branches/SAMBA_4_0/source/heimdal/lib/des/sha.c branches/SAMBA_4_0/source/heimdal/lib/des/sha.h branches/SAMBA_4_0/source/heimdal/lib/des/sha256.c branches/SAMBA_4_0/source/heimdal/lib/gssapi/8003.c branches/SAMBA_4_0/source/heimdal/lib/gssapi/arcfour.c branches/SAMBA_4_0/source/heimdal/lib/gssapi/cfx.c branches/SAMBA_4_0/source/heimdal/lib/gssapi/gssapi.h branches/SAMBA_4_0/source/heimdal/lib/gssapi/gssapi_locl.h branches/SAMBA_4_0/source/heimdal/lib/gssapi/init_sec_context.c branches/SAMBA_4_0/source/heimdal/lib/gssapi/wrap.c branches/SAMBA_4_0/source/heimdal/lib/hdb/ext.c branches/SAMBA_4_0/source/heimdal/lib/hdb/hdb-private.h branches/SAMBA_4_0/source/heimdal/lib/hdb/hdb.c branches/SAMBA_4_0/source/heimdal/lib/hdb/hdb.h branches/SAMBA_4_0/source/heimdal/lib/hdb/keys.c branches/SAMBA_4_0/source/heimdal/lib/hdb/keytab.c branches/SAMBA_4_0/source/heimdal/lib/hdb/mkey.c branches/SAMBA_4_0/source/heimdal/lib/hdb/ndbm.c branches/SAMBA_4_0/source/heimdal/lib/krb5/addr_families.c branches/SAMBA_4_0/source/heimdal/lib/krb5/changepw.c branches/SAMBA_4_0/source/heimdal/lib/krb5/crc.c branches/SAMBA_4_0/source/heimdal/lib/krb5/crypto.c branches/SAMBA_4_0/source/heimdal/lib/krb5/generate_seq_number.c branches/SAMBA_4_0/source/heimdal/lib/krb5/init_creds_pw.c branches/SAMBA_4_0/source/heimdal/lib/krb5/kcm.c branches/SAMBA_4_0/source/heimdal/lib/krb5/keytab_file.c branches/SAMBA_4_0/source/heimdal/lib/krb5/keytab_keyfile.c branches/SAMBA_4_0/source/heimdal/lib/krb5/krb5-private.h branches/SAMBA_4_0/source/heimdal/lib/krb5/krb5-protos.h branches/SAMBA_4_0/source/heimdal/lib/krb5/krb5-v4compat.h branches/SAMBA_4_0/source/heimdal/lib/krb5/krb5.h branches/SAMBA_4_0/source/heimdal/lib/krb5/krb5_ccapi.h branches/SAMBA_4_0/source/heimdal/lib/krb5/krb5_locl.h branches/SAMBA_4_0/source/heimdal/lib/krb5/log.c branches/SAMBA_4_0/source/heimdal/lib/krb5/pkinit.c branches/SAMBA_4_0/source/heimdal/lib/krb5/principal.c branches/SAMBA_4_0/source/heimdal/lib/krb5/store.c branches/SAMBA_4_0/source/heimdal/lib/krb5/v4_glue.c branches/SAMBA_4_0/source/kdc/hdb-ldb.c Changeset: Sorry, the patch is too large (4472 lines) to include; please use WebSVN to see it! WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=15481
svn commit: samba r15482 - in branches/SAMBA_4_0/source/librpc/rpc: .
Author: abartlet Date: 2006-05-07 05:35:52 + (Sun, 07 May 2006) New Revision: 15482 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=15482 Log: Don't shadow the global function pipe() with a local variable name. Andrew Bartlett Modified: branches/SAMBA_4_0/source/librpc/rpc/dcerpc.c Changeset: Modified: branches/SAMBA_4_0/source/librpc/rpc/dcerpc.c === --- branches/SAMBA_4_0/source/librpc/rpc/dcerpc.c 2006-05-07 04:51:30 UTC (rev 15481) +++ branches/SAMBA_4_0/source/librpc/rpc/dcerpc.c 2006-05-07 05:35:52 UTC (rev 15482) @@ -585,10 +585,8 @@ static void dcerpc_bind_recv_data(struct dcerpc_connection *conn, struct ncacn_packet *pkt) { struct composite_context *c; - struct dcerpc_pipe *pipe; c = talloc_get_type(conn-bind_private, struct composite_context); - pipe = talloc_get_type(c-private_data, struct dcerpc_pipe); /* mark the connection as not waiting for a bind reply */ conn-bind_private = NULL; @@ -633,10 +631,10 @@ { struct composite_context *ctx = talloc_get_type(private, struct composite_context); - struct dcerpc_pipe *pipe = talloc_get_type(ctx-private_data, struct dcerpc_pipe); + struct dcerpc_pipe *timeout_pipe = talloc_get_type(ctx-private_data, struct dcerpc_pipe); - SMB_ASSERT(pipe-conn-bind_private != NULL); - pipe-conn-bind_private = NULL; + SMB_ASSERT(timeout_pipe-conn-bind_private != NULL); + timeout_pipe-conn-bind_private = NULL; composite_error(ctx, NT_STATUS_IO_TIMEOUT); } @@ -1522,10 +1520,10 @@ static void dcerpc_alter_recv_data(struct dcerpc_connection *conn, struct ncacn_packet *pkt) { struct composite_context *c; - struct dcerpc_pipe *pipe; + struct dcerpc_pipe *recv_pipe; c = talloc_get_type(conn-alter_private, struct composite_context); - pipe = talloc_get_type(c-private_data, struct dcerpc_pipe); + recv_pipe = talloc_get_type(c-private_data, struct dcerpc_pipe); /* mark the connection as not waiting for a alter context reply */ conn-alter_private = NULL; @@ -1547,11 +1545,11 @@ } /* the alter_resp might contain a reply set of credentials */ - if (pipe-conn-security_state.auth_info + if (recv_pipe-conn-security_state.auth_info pkt-u.alter_resp.auth_info.length) { c-status = ndr_pull_struct_blob( - pkt-u.alter_resp.auth_info, pipe, - pipe-conn-security_state.auth_info, + pkt-u.alter_resp.auth_info, recv_pipe, + recv_pipe-conn-security_state.auth_info, (ndr_pull_flags_fn_t)ndr_pull_dcerpc_auth); if (!composite_is_ok(c)) return; }
svn commit: samba r15426 - in branches/SAMBA_4_0/source: auth/gensec libnet librpc/rpc script/tests torture/rpc
Author: abartlet Date: 2006-05-04 10:03:41 + (Thu, 04 May 2006) New Revision: 15426 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=15426 Log: Implement SPNEGO as the default RPC authentication mechanism. Where this isn't supported, fallback to NTLM. Also, where we get a failure as 'logon failure', try and do a '3 tries' for the password, like we already do for CIFS. (Incomplete: needs a mapping between RPC errors and the logon failure NTSTATUS). Because we don't yet support Kerberos sign/seal to win2k3 SP1 for DCE/RPC, disable this (causing SPNEGO to negotiate NTLM) when kerberos isn't demanded. Andrew Bartlett Modified: branches/SAMBA_4_0/source/auth/gensec/gensec_gssapi.c branches/SAMBA_4_0/source/libnet/libnet_join.c branches/SAMBA_4_0/source/librpc/rpc/dcerpc.h branches/SAMBA_4_0/source/librpc/rpc/dcerpc_connect.c branches/SAMBA_4_0/source/librpc/rpc/dcerpc_util.c branches/SAMBA_4_0/source/script/tests/test_session_key.sh branches/SAMBA_4_0/source/script/tests/test_w2k3.sh branches/SAMBA_4_0/source/script/tests/tests_all.sh branches/SAMBA_4_0/source/torture/rpc/bind.c Changeset: Sorry, the patch is too large (560 lines) to include; please use WebSVN to see it! WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=15426
svn commit: samba r15433 - in branches/SAMBA_4_0/source/lib: .
Author: abartlet Date: 2006-05-04 13:06:08 + (Thu, 04 May 2006) New Revision: 15433 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=15433 Log: Add a todo. Andrew Bartlett Modified: branches/SAMBA_4_0/source/lib/db_wrap.c Changeset: Modified: branches/SAMBA_4_0/source/lib/db_wrap.c === --- branches/SAMBA_4_0/source/lib/db_wrap.c 2006-05-04 13:04:22 UTC (rev 15432) +++ branches/SAMBA_4_0/source/lib/db_wrap.c 2006-05-04 13:06:08 UTC (rev 15433) @@ -68,6 +68,8 @@ /* wrapped connection to a ldb database to close just talloc_free() the returned ldb_context + + TODO: We need an error_string parameter */ struct ldb_context *ldb_wrap_connect(TALLOC_CTX *mem_ctx, const char *url,
svn commit: samba r15415 - in branches/SAMBA_4_0/source: auth/credentials libcli/smb_composite
Author: abartlet Date: 2006-05-03 14:54:57 + (Wed, 03 May 2006) New Revision: 15415 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=15415 Log: Use Jelmer's new credentials 'wrong password' code to give the user 3 attempts for the password, when talking to a remote CIFS server. Andrew Bartlett Modified: branches/SAMBA_4_0/source/auth/credentials/credentials.c branches/SAMBA_4_0/source/libcli/smb_composite/sesssetup.c Changeset: Modified: branches/SAMBA_4_0/source/auth/credentials/credentials.c === --- branches/SAMBA_4_0/source/auth/credentials/credentials.c2006-05-03 14:15:31 UTC (rev 15414) +++ branches/SAMBA_4_0/source/auth/credentials/credentials.c2006-05-03 14:54:57 UTC (rev 15415) @@ -58,6 +58,8 @@ cred-bind_dn = NULL; + cred-tries = 3; + cli_credentials_set_kerberos_state(cred, CRED_AUTO_USE_KERBEROS); return cred; @@ -233,7 +235,7 @@ if (cred-password_obtained == CRED_CALLBACK) { cred-password = cred-password_cb(cred); - cred-password_obtained = CRED_SPECIFIED; + cred-password_obtained = CRED_CALLBACK_RESULT; } return cred-password; Modified: branches/SAMBA_4_0/source/libcli/smb_composite/sesssetup.c === --- branches/SAMBA_4_0/source/libcli/smb_composite/sesssetup.c 2006-05-03 14:15:31 UTC (rev 15414) +++ branches/SAMBA_4_0/source/libcli/smb_composite/sesssetup.c 2006-05-03 14:54:57 UTC (rev 15415) @@ -36,6 +36,18 @@ struct smbcli_request *req; }; +static NTSTATUS session_setup_old(struct composite_context *c, + struct smbcli_session *session, + struct smb_composite_sesssetup *io, + struct smbcli_request **req); +static NTSTATUS session_setup_nt1(struct composite_context *c, + struct smbcli_session *session, + struct smb_composite_sesssetup *io, + struct smbcli_request **req); +static NTSTATUS session_setup_spnego(struct composite_context *c, +struct smbcli_session *session, +struct smb_composite_sesssetup *io, +struct smbcli_request **req); /* store the user session key for a transport @@ -58,21 +70,60 @@ struct smbcli_session *session = req-session; DATA_BLOB session_key = data_blob(NULL, 0); DATA_BLOB null_data_blob = data_blob(NULL, 0); - NTSTATUS session_key_err; + NTSTATUS session_key_err, nt_status; c-status = smb_raw_sesssetup_recv(req, state, state-setup); switch (state-setup.old.level) { case RAW_SESSSETUP_OLD: state-io-out.vuid = state-setup.old.out.vuid; + if (NT_STATUS_EQUAL(c-status, NT_STATUS_LOGON_FAILURE)) { + if (cli_credentials_wrong_password(state-io-in.credentials)) { + nt_status = session_setup_old(c, session, + state-io, + state-req); + if (NT_STATUS_IS_OK(nt_status)) { + c-status = nt_status; + state-req-async.fn = request_handler; + state-req-async.private = c; + return; + } + } + } break; case RAW_SESSSETUP_NT1: state-io-out.vuid = state-setup.nt1.out.vuid; + if (NT_STATUS_EQUAL(c-status, NT_STATUS_LOGON_FAILURE)) { + if (cli_credentials_wrong_password(state-io-in.credentials)) { + nt_status = session_setup_nt1(c, session, + state-io, + state-req); + if (NT_STATUS_IS_OK(nt_status)) { + c-status = nt_status; + state-req-async.fn = request_handler; + state-req-async.private = c; + return; + } + } + } break; case RAW_SESSSETUP_SPNEGO: session-vuid = state-io-out.vuid = state-setup.spnego.out.vuid; + if (NT_STATUS_EQUAL(c-status, NT_STATUS_LOGON_FAILURE)) { + if (cli_credentials_wrong_password(state-io-in.credentials
svn commit: samba r15416 - in branches/SAMBA_4_0/source/libcli/smb_composite: .
Author: abartlet Date: 2006-05-03 14:59:55 + (Wed, 03 May 2006) New Revision: 15416 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=15416 Log: Point out that this doesn't work, but for servers this old, I just don't care... Andrew Bartlett Modified: branches/SAMBA_4_0/source/libcli/smb_composite/sesssetup.c Changeset: Modified: branches/SAMBA_4_0/source/libcli/smb_composite/sesssetup.c === --- branches/SAMBA_4_0/source/libcli/smb_composite/sesssetup.c 2006-05-03 14:54:57 UTC (rev 15415) +++ branches/SAMBA_4_0/source/libcli/smb_composite/sesssetup.c 2006-05-03 14:59:55 UTC (rev 15416) @@ -77,6 +77,8 @@ switch (state-setup.old.level) { case RAW_SESSSETUP_OLD: state-io-out.vuid = state-setup.old.out.vuid; + /* This doesn't work, as this only happens on old +* protocols, where this comparison won't match. */ if (NT_STATUS_EQUAL(c-status, NT_STATUS_LOGON_FAILURE)) { if (cli_credentials_wrong_password(state-io-in.credentials)) { nt_status = session_setup_old(c, session,
svn commit: samba r15420 - in branches/SAMBA_4_0/source: auth/credentials lib/cmdline
Author: abartlet Date: 2006-05-03 20:23:19 + (Wed, 03 May 2006) New Revision: 15420 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=15420 Log: Add a new function to print a the 'unparsed' string format for usernames. This is used in the password prompt, and should be reversable by the parse string function. Also, don't look at the ccache, even for the guess code, if kerberos is disabled. Andrew Bartlett Modified: branches/SAMBA_4_0/source/auth/credentials/credentials.c branches/SAMBA_4_0/source/lib/cmdline/credentials.c Changeset: Modified: branches/SAMBA_4_0/source/auth/credentials/credentials.c === --- branches/SAMBA_4_0/source/auth/credentials/credentials.c2006-05-03 16:07:21 UTC (rev 15419) +++ branches/SAMBA_4_0/source/auth/credentials/credentials.c2006-05-03 20:23:19 UTC (rev 15420) @@ -514,6 +514,38 @@ } /** + * Given a string, typically obtained from a -U argument, parse it into domain, username, realm and password fields + * + * The format accepted is [domain\\]user[%password] or [EMAIL PROTECTED] + * + * @param credentials Credentials structure on which to set the password + * @param data the string containing the username, password etc + * @param obtained This enum describes how 'specified' this password is + */ + +const char *cli_credentials_get_unparsed_name(struct cli_credentials *credentials, TALLOC_CTX *mem_ctx) +{ + const char *bind_dn = cli_credentials_get_bind_dn(credentials); + const char *domain; + const char *username; + const char *name; + + if (bind_dn) { + name = talloc_reference(mem_ctx, bind_dn); + } else { + cli_credentials_get_ntlm_username_domain(credentials, mem_ctx, username, domain); + if (domain domain[0]) { + name = talloc_asprintf(mem_ctx, %s\\%s, + domain, username); + } else { + name = talloc_asprintf(mem_ctx, %s, + username); + } + } + return name; +} + +/** * Specifies default values for domain, workstation and realm * from the smb.conf configuration file * @@ -565,8 +597,10 @@ if (getenv(PASSWD_FILE)) { cli_credentials_parse_password_file(cred, getenv(PASSWD_FILE), CRED_GUESS_FILE); } - - cli_credentials_set_ccache(cred, NULL, CRED_GUESS_FILE); + + if (cli_credentials_get_kerberos_state(cred) != CRED_DONT_USE_KERBEROS) { + cli_credentials_set_ccache(cred, NULL, CRED_GUESS_FILE); + } } /** @@ -646,7 +680,7 @@ * Mark the current password for a credentials struct as wrong. This will * cause the password to be prompted again (if a callback is set). * - * This will decremebt the number of times the password can be tried. + * This will decrement the number of times the password can be tried. * * @retval whether the credentials struct is finished */ Modified: branches/SAMBA_4_0/source/lib/cmdline/credentials.c === --- branches/SAMBA_4_0/source/lib/cmdline/credentials.c 2006-05-03 16:07:21 UTC (rev 15419) +++ branches/SAMBA_4_0/source/lib/cmdline/credentials.c 2006-05-03 20:23:19 UTC (rev 15420) @@ -24,28 +24,15 @@ static const char *cmdline_get_userpassword(struct cli_credentials *credentials) { - char *prompt; char *ret; - const char *domain; - const char *username; TALLOC_CTX *mem_ctx = talloc_new(NULL); - const char *bind_dn = cli_credentials_get_bind_dn(credentials); - - if (bind_dn) { - prompt = talloc_asprintf(mem_ctx, Password for [%s]:, -bind_dn); - } else { - cli_credentials_get_ntlm_username_domain(credentials, mem_ctx, username, domain); - if (domain domain[0]) { - prompt = talloc_asprintf(mem_ctx, Password for [%s\\%s]:, -domain, username); - } else { - prompt = talloc_asprintf(mem_ctx, Password for [%s]:, -username); - } - } + const char *prompt_name = cli_credentials_get_unparsed_name(credentials, mem_ctx); + const char *prompt; + prompt = talloc_asprintf(mem_ctx, Password for [%s]:, +prompt_name); + ret = getpass(prompt); talloc_free(mem_ctx);
svn commit: samba r15400 - in branches/SAMBA_4_0/source: ldap_server lib/socket lib/stream lib/tls libcli/ldap web_server
Author: abartlet Date: 2006-05-02 20:15:47 + (Tue, 02 May 2006) New Revision: 15400 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=15400 Log: Move the TLS code behind the socket interface. This reduces caller complexity, because the TLS code is now called just like any other socket. (A new socket context is returned by the tls_init_server and tls_init_client routines). When TLS is not available, the original socket is returned. Andrew Bartlett Modified: branches/SAMBA_4_0/source/ldap_server/ldap_server.c branches/SAMBA_4_0/source/ldap_server/ldap_server.h branches/SAMBA_4_0/source/lib/socket/socket.c branches/SAMBA_4_0/source/lib/socket/socket.h branches/SAMBA_4_0/source/lib/stream/packet.c branches/SAMBA_4_0/source/lib/stream/packet.h branches/SAMBA_4_0/source/lib/tls/tls.c branches/SAMBA_4_0/source/lib/tls/tls.h branches/SAMBA_4_0/source/libcli/ldap/ldap_bind.c branches/SAMBA_4_0/source/libcli/ldap/ldap_client.c branches/SAMBA_4_0/source/libcli/ldap/ldap_client.h branches/SAMBA_4_0/source/web_server/http.c branches/SAMBA_4_0/source/web_server/web_server.c branches/SAMBA_4_0/source/web_server/web_server.h Changeset: Sorry, the patch is too large (858 lines) to include; please use WebSVN to see it! WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=15400
svn commit: samba r15372 - in branches/SAMBA_4_0/source/lib/ldb/tools: .
Author: abartlet Date: 2006-05-01 06:49:02 + (Mon, 01 May 2006) New Revision: 15372 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=15372 Log: Don't look at possibly undefined controls in failure cases. Andrew Bartlett Modified: branches/SAMBA_4_0/source/lib/ldb/tools/ldbsearch.c Changeset: Modified: branches/SAMBA_4_0/source/lib/ldb/tools/ldbsearch.c === --- branches/SAMBA_4_0/source/lib/ldb/tools/ldbsearch.c 2006-05-01 01:41:57 UTC (rev 15371) +++ branches/SAMBA_4_0/source/lib/ldb/tools/ldbsearch.c 2006-05-01 06:49:02 UTC (rev 15372) @@ -89,9 +89,6 @@ ret = ldb_request(ldb, req); if (ret != LDB_SUCCESS) { printf(search failed - %s\n, ldb_errstring(ldb)); - if (req-op.search.res req-op.search.res-controls) { - handle_controls_reply(req-op.search.res-controls, req-controls); - } return -1; }
svn commit: samba-web r973 - in trunk/projects: .
Author: abartlet Date: 2006-05-01 21:56:27 + (Mon, 01 May 2006) New Revision: 973 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=samba-webrev=973 Log: Some project ideas. Andrew Bartlett Modified: trunk/projects/summercode06.html Changeset: Modified: trunk/projects/summercode06.html === --- trunk/projects/summercode06.html2006-05-01 15:03:03 UTC (rev 972) +++ trunk/projects/summercode06.html2006-05-01 21:56:27 UTC (rev 973) @@ -176,4 +176,37 @@ analyzing completely new protocols. Talk to [EMAIL PROTECTED] for details. + h4GQ replacement using GTK and LDB/h4 + pGQ is a widely used LDAP query tool. Unfortunetly, it has some + annoying habits (stealing the mouse when it crashes), and is + unmaintained. Many LDAP administrators would benifit if a similar + tool were constructed, in particular with similar schema knowlege. + Using LDB as a backend could allow easy use of Samba-supported SASL + mechanisms for easier authentication. Talk to + [EMAIL PROTECTED]/p + + h4GQ replacement in Samba4's SWAT/h4 + pLikewise to the above proposal, an LDB editor in SWAT would be + very useful. Builting it with interactive (AJAX like) functionalty + would make it a very powerful way to manage Samba4's LDB databases. + Talk to [EMAIL PROTECTED]/p + + h4Samba4 using a real LDAP backend server/h4 + pCurrently, Samba4 can use either an in-memory database, or a LDAP + server as the backend for it's primary user database. The LDAP + backend server alternative is currently very restricted: The only + supported server is a matching version of Samba4. This project + would be to advance this support. Initial steps would be to load + the provision, then permit password changes. Eventual support would + include schema mapping. (Participants should discuss with + [EMAIL PROTECTED], and work out how far would be reasonable to + support in the timeframe). /p + + h4User Manager for Samba4 SWAT/h4 + pSamba4 needs a user manger tool, built into the SWAT server. + This could be a new tool, or an existing tool ported to Samba4. It + would benifit from being interactive without page load delays, + (possibly AJAX), and should at least allow modification of similar + properties to MMC/p + !--#include virtual=/samba/footer.html --
svn commit: samba r15357 - in branches/SAMBA_4_0/source/lib/tls: .
Author: abartlet Date: 2006-04-30 06:44:19 + (Sun, 30 Apr 2006) New Revision: 15357 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=15357 Log: Fix the build on systems without GNUTLS. Andrew Bartlett Modified: branches/SAMBA_4_0/source/lib/tls/tls.c Changeset: Modified: branches/SAMBA_4_0/source/lib/tls/tls.c === --- branches/SAMBA_4_0/source/lib/tls/tls.c 2006-04-30 05:58:31 UTC (rev 15356) +++ branches/SAMBA_4_0/source/lib/tls/tls.c 2006-04-30 06:44:19 UTC (rev 15357) @@ -547,12 +547,12 @@ NTSTATUS tls_socket_recv(struct tls_context *tls, void *buf, size_t wantlen, size_t *nread) { - return socket_recv((struct socket_context *)tls, buf, wantlen, nread, 0); + return socket_recv((struct socket_context *)tls, buf, wantlen, nread); } NTSTATUS tls_socket_send(struct tls_context *tls, const DATA_BLOB *blob, size_t *sendlen) { - return socket_send((struct socket_context *)tls, blob, sendlen, 0); + return socket_send((struct socket_context *)tls, blob, sendlen); } BOOL tls_enabled(struct tls_context *tls)
svn commit: samba r15316 - in branches/SAMBA_4_0/source/lib/util: .
Author: abartlet Date: 2006-04-29 09:11:07 + (Sat, 29 Apr 2006) New Revision: 15316 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=15316 Log: I don't understand quite why this function was ever like this, but we need to replace every instance of the character. Previously we skipped the first. Andrew Bartlett Modified: branches/SAMBA_4_0/source/lib/util/util_str.c Changeset: Modified: branches/SAMBA_4_0/source/lib/util/util_str.c === --- branches/SAMBA_4_0/source/lib/util/util_str.c 2006-04-29 07:21:17 UTC (rev 15315) +++ branches/SAMBA_4_0/source/lib/util/util_str.c 2006-04-29 09:11:07 UTC (rev 15316) @@ -775,8 +775,7 @@ **/ _PUBLIC_ void string_replace(char *s, char oldc, char newc) { - while (*s) { - s++; + for (;s *s; s++) { if (*s == oldc) *s = newc; } }
svn commit: samba r15317 - in branches/SAMBA_4_0/source/ldap_server: .
Author: abartlet Date: 2006-04-29 09:20:22 + (Sat, 29 Apr 2006) New Revision: 15317 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=15317 Log: Because LDB is now async, there are more places were we might run the even context again. We need to ensure we don't process packets until we are finished setting up the connection, have the ldb in place etc. We may need to do the same in other servers. Andrew Bartlett Modified: branches/SAMBA_4_0/source/ldap_server/ldap_server.c Changeset: Modified: branches/SAMBA_4_0/source/ldap_server/ldap_server.c === --- branches/SAMBA_4_0/source/ldap_server/ldap_server.c 2006-04-29 09:11:07 UTC (rev 15316) +++ branches/SAMBA_4_0/source/ldap_server/ldap_server.c 2006-04-29 09:20:22 UTC (rev 15317) @@ -420,21 +420,6 @@ conn-connection = c; conn-service = ldapsrv_service; - server_credentials - = cli_credentials_init(conn); - if (!server_credentials) { - stream_terminate_connection(c, Failed to init server credentials\n); - return; - } - - cli_credentials_set_conf(server_credentials); - status = cli_credentials_set_machine_account(server_credentials); - if (!NT_STATUS_IS_OK(status)) { - stream_terminate_connection(c, talloc_asprintf(conn, Failed to obtain server credentials, perhaps a standalone server?: %s\n, nt_errstr(status))); - return; - } - conn-server_credentials = server_credentials; - c-private= conn; socket_address = socket_get_my_addr(c-socket, conn); @@ -457,6 +442,7 @@ ldapsrv_terminate_connection(conn, out of memory); return; } + packet_set_private(conn-packet, conn); packet_set_tls(conn-packet, conn-tls); packet_set_callback(conn-packet, ldapsrv_decode); @@ -465,7 +451,25 @@ packet_set_event_context(conn-packet, c-event.ctx); packet_set_fde(conn-packet, c-event.fde); packet_set_serialise(conn-packet); + + /* Ensure we don't get packets until the database is ready below */ + packet_recv_disable(conn-packet); + server_credentials + = cli_credentials_init(conn); + if (!server_credentials) { + stream_terminate_connection(c, Failed to init server credentials\n); + return; + } + + cli_credentials_set_conf(server_credentials); + status = cli_credentials_set_machine_account(server_credentials); + if (!NT_STATUS_IS_OK(status)) { + stream_terminate_connection(c, talloc_asprintf(conn, Failed to obtain server credentials, perhaps a standalone server?: %s\n, nt_errstr(status))); + return; + } + conn-server_credentials = server_credentials; + /* Connections start out anonymous */ if (!NT_STATUS_IS_OK(auth_anonymous_session_info(conn, conn-session_info))) { ldapsrv_terminate_connection(conn, failed to setup anonymous session info); @@ -487,6 +491,9 @@ conn-limits.ite = event_add_timed(c-event.ctx, conn, timeval_current_ofs(conn-limits.initial_timeout, 0), ldapsrv_conn_init_timeout, conn); + + packet_recv_enable(conn-packet); + } static const struct stream_server_ops ldap_stream_ops = {
svn commit: lorikeet r535 - in trunk/heimdal: . appl/login appl/rsh doc doc/standardisation kdc kuser lib/asn1 lib/des lib/hdb lib/hx509 lib/hx509/data lib/kadm5 lib/krb5 tests tests/db tests/kdc tool
Author: abartlet Date: 2006-04-29 09:55:12 + (Sat, 29 Apr 2006) New Revision: 535 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=lorikeetrev=535 Log: Update to Heimdal CVS as of 2006-04-29 This is a major and important update for Samba4's ongoing maintainence, as many of the KDC-related changes and interfaces have been merged upstream. (They were cleaned up, and I'm quite happy with the new versions). There is also a new run-time KDC test, which will be very valuable. Andrew Bartlett Added: trunk/heimdal/appl/login/loginpaths.h trunk/heimdal/doc/standardisation/draft-josefsson-krb-tcp-expansion-02.txt trunk/heimdal/lib/hx509/data/kdc.crt trunk/heimdal/lib/hx509/data/kdc.key trunk/heimdal/lib/hx509/data/no-proxy-test.crt trunk/heimdal/lib/hx509/data/no-proxy-test.key trunk/heimdal/lib/hx509/data/pkinit.crt trunk/heimdal/lib/hx509/data/pkinit.key trunk/heimdal/lib/hx509/data/proxy-level-test.crt trunk/heimdal/lib/hx509/data/proxy-level-test.key trunk/heimdal/lib/hx509/data/proxy-test.crt trunk/heimdal/lib/hx509/data/proxy-test.key trunk/heimdal/lib/hx509/data/proxy10-child-test.crt trunk/heimdal/lib/hx509/data/proxy10-child-test.key trunk/heimdal/lib/hx509/data/proxy10-test.crt trunk/heimdal/lib/hx509/data/proxy10-test.key trunk/heimdal/lib/hx509/test_name.c trunk/heimdal/tests/db/add-modify-delete.in trunk/heimdal/tests/kdc/ trunk/heimdal/tests/kdc/Makefile.am trunk/heimdal/tests/kdc/ap-req.c trunk/heimdal/tests/kdc/check-kdc.in trunk/heimdal/tests/kdc/krb5.conf.in trunk/heimdal/tests/kdc/pki-mapping Modified: trunk/heimdal/ChangeLog trunk/heimdal/appl/login/ChangeLog trunk/heimdal/appl/login/login_locl.h trunk/heimdal/appl/rsh/ChangeLog trunk/heimdal/appl/rsh/Makefile.am trunk/heimdal/appl/rsh/rsh_locl.h trunk/heimdal/appl/rsh/rshd.c trunk/heimdal/configure.in trunk/heimdal/doc/heimdal.texi trunk/heimdal/doc/setup.texi trunk/heimdal/fix-export trunk/heimdal/kdc/524.c trunk/heimdal/kdc/kaserver.c trunk/heimdal/kdc/kerberos4.c trunk/heimdal/kdc/kerberos5.c trunk/heimdal/kdc/misc.c trunk/heimdal/kdc/pkinit.c trunk/heimdal/kuser/kdestroy.1 trunk/heimdal/kuser/kinit.1 trunk/heimdal/kuser/kinit.c trunk/heimdal/lib/asn1/ChangeLog trunk/heimdal/lib/asn1/Makefile.am trunk/heimdal/lib/asn1/parse.y trunk/heimdal/lib/asn1/pkcs9.asn1 trunk/heimdal/lib/asn1/rfc2459.asn1 trunk/heimdal/lib/des/ChangeLog trunk/heimdal/lib/des/des.c trunk/heimdal/lib/des/evp.c trunk/heimdal/lib/des/pkcs5.c trunk/heimdal/lib/hdb/common.c trunk/heimdal/lib/hdb/ext.c trunk/heimdal/lib/hdb/hdb.c trunk/heimdal/lib/hdb/hdb.h trunk/heimdal/lib/hdb/keys.c trunk/heimdal/lib/hdb/keytab.c trunk/heimdal/lib/hdb/ndbm.c trunk/heimdal/lib/hx509/ChangeLog trunk/heimdal/lib/hx509/Makefile.am trunk/heimdal/lib/hx509/Makefile.in trunk/heimdal/lib/hx509/TODO trunk/heimdal/lib/hx509/cert.c trunk/heimdal/lib/hx509/data/ca.crt trunk/heimdal/lib/hx509/data/ca.key trunk/heimdal/lib/hx509/data/gen-req.sh trunk/heimdal/lib/hx509/data/index.txt trunk/heimdal/lib/hx509/data/ocsp-responder.crt trunk/heimdal/lib/hx509/data/ocsp-responder.key trunk/heimdal/lib/hx509/data/openssl.cnf trunk/heimdal/lib/hx509/data/revoke.crt trunk/heimdal/lib/hx509/data/revoke.key trunk/heimdal/lib/hx509/data/sub-ca.crt trunk/heimdal/lib/hx509/data/sub-ca.key trunk/heimdal/lib/hx509/data/sub-cert.crt trunk/heimdal/lib/hx509/data/sub-cert.key trunk/heimdal/lib/hx509/data/test-ds-only.crt trunk/heimdal/lib/hx509/data/test-ds-only.key trunk/heimdal/lib/hx509/data/test-ke-only.crt trunk/heimdal/lib/hx509/data/test-ke-only.key trunk/heimdal/lib/hx509/data/test-pw.key trunk/heimdal/lib/hx509/data/test.combined.crt trunk/heimdal/lib/hx509/data/test.crt trunk/heimdal/lib/hx509/data/test.key trunk/heimdal/lib/hx509/hx509_err.et trunk/heimdal/lib/hx509/hxtool-commands.in trunk/heimdal/lib/hx509/hxtool.c trunk/heimdal/lib/hx509/name.c trunk/heimdal/lib/hx509/test_chain.in trunk/heimdal/lib/kadm5/ChangeLog trunk/heimdal/lib/kadm5/chpass_s.c trunk/heimdal/lib/kadm5/create_s.c trunk/heimdal/lib/kadm5/delete_s.c trunk/heimdal/lib/kadm5/get_s.c trunk/heimdal/lib/kadm5/log.c trunk/heimdal/lib/kadm5/modify_s.c trunk/heimdal/lib/kadm5/randkey_s.c trunk/heimdal/lib/kadm5/rename_s.c trunk/heimdal/lib/kadm5/send_recv.c trunk/heimdal/lib/krb5/init_creds_pw.c trunk/heimdal/lib/krb5/keytab_keyfile.c trunk/heimdal/lib/krb5/krb5_locl.h trunk/heimdal/lib/krb5/log.c trunk/heimdal/lib/krb5/pkinit.c trunk/heimdal/lib/krb5/principal.c trunk/heimdal/lib/krb5/recvauth.c trunk/heimdal/lib/krb5/verify_init.c trunk/heimdal/tests/ChangeLog trunk/heimdal/tests/Makefile.am trunk/heimdal/tests/db/Makefile.am trunk/heimdal/tests/db/krb5.conf.in trunk/heimdal/tools
svn commit: samba r15329 - in branches/SAMBA_4_0/source/lib/socket: .
Author: abartlet Date: 2006-04-29 20:01:07 + (Sat, 29 Apr 2006) New Revision: 15329 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=15329 Log: I'm sick of this patch being in my local tree... Use inet_ntop to convert IPv6 names to strings. Don't do a reverse lookup. Andrew Bartlett Modified: branches/SAMBA_4_0/source/lib/socket/socket_ipv6.c Changeset: Modified: branches/SAMBA_4_0/source/lib/socket/socket_ipv6.c === --- branches/SAMBA_4_0/source/lib/socket/socket_ipv6.c 2006-04-29 17:34:49 UTC (rev 15328) +++ branches/SAMBA_4_0/source/lib/socket/socket_ipv6.c 2006-04-29 20:01:07 UTC (rev 15329) @@ -302,7 +302,8 @@ socklen_t len = sizeof(*peer_addr); struct socket_address *peer; int ret; - struct hostent *he; + char addr[128]; + const char *addr_ret; peer = talloc(mem_ctx, struct socket_address); if (!peer) { @@ -326,18 +327,18 @@ peer-sockaddrlen = len; - he = gethostbyaddr((char *)peer_addr-sin6_addr, len, AF_INET6); - - if (!he || !he-h_name) { + addr_ret = inet_ntop(AF_INET6, peer_addr-sin6_addr, addr, sizeof(addr)); + if (addr_ret == NULL) { talloc_free(peer); return NULL; } - - peer-addr = talloc_strdup(mem_ctx, he-h_name); - if (!peer-addr) { + + peer-addr = talloc_strdup(peer, addr_ret); + if (peer-addr == NULL) { talloc_free(peer); return NULL; } + peer-port = ntohs(peer_addr-sin6_port); return peer;
svn commit: samba r15330 - in branches/SAMBA_4_0/source/auth/gensec: .
Author: abartlet Date: 2006-04-29 20:59:46 + (Sat, 29 Apr 2006) New Revision: 15330 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=15330 Log: Add comment for IBM checker. Andrew Bartlett Modified: branches/SAMBA_4_0/source/auth/gensec/gensec_krb5.c Changeset: Modified: branches/SAMBA_4_0/source/auth/gensec/gensec_krb5.c === --- branches/SAMBA_4_0/source/auth/gensec/gensec_krb5.c 2006-04-29 20:01:07 UTC (rev 15329) +++ branches/SAMBA_4_0/source/auth/gensec/gensec_krb5.c 2006-04-29 20:59:46 UTC (rev 15330) @@ -296,10 +296,9 @@ { DEBUG(3, (kerberos (mk_req) failed: %s\n, smb_get_krb5_error_message(gensec_krb5_state-smb_krb5_context-krb5_context, ret, gensec_krb5_state))); - /* fall down to remaining code */ + /*fall through*/ } - /* just don't print a message for these really ordinary messages */ case KRB5_FCC_NOFILE: case KRB5_CC_NOTFOUND:
svn commit: samba r15356 - in branches/SAMBA_4_0/source: auth/kerberos kdc lib/messaging lib/socket lib/stream lib/tls libcli/cldap libcli/dgram libcli/nbt rpc_server torture/local
Author: abartlet Date: 2006-04-30 05:58:31 + (Sun, 30 Apr 2006) New Revision: 15356 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=15356 Log: Remove unused 'flags' argument from socket_send() and friends. This is in preperation for making TLS a socket library. Andrew Bartlett Modified: branches/SAMBA_4_0/source/auth/kerberos/krb5_init_context.c branches/SAMBA_4_0/source/kdc/kdc.c branches/SAMBA_4_0/source/lib/messaging/messaging.c branches/SAMBA_4_0/source/lib/socket/socket.c branches/SAMBA_4_0/source/lib/socket/socket.h branches/SAMBA_4_0/source/lib/socket/socket_ipv4.c branches/SAMBA_4_0/source/lib/socket/socket_ipv6.c branches/SAMBA_4_0/source/lib/socket/socket_unix.c branches/SAMBA_4_0/source/lib/stream/packet.c branches/SAMBA_4_0/source/lib/tls/tls.c branches/SAMBA_4_0/source/libcli/cldap/cldap.c branches/SAMBA_4_0/source/libcli/dgram/dgramsocket.c branches/SAMBA_4_0/source/libcli/nbt/nbtsocket.c branches/SAMBA_4_0/source/rpc_server/dcerpc_sock.c branches/SAMBA_4_0/source/torture/local/socket.c Changeset: Sorry, the patch is too large (695 lines) to include; please use WebSVN to see it! WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=15356
svn commit: samba r15225 - in branches/SAMBA_4_0/source/libcli: .
Author: abartlet Date: 2006-04-25 06:53:28 + (Tue, 25 Apr 2006) New Revision: 15225 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=15225 Log: Use talloc_zero() to avoid use of uninitialised values later on. Andrew Bartlett Modified: branches/SAMBA_4_0/source/libcli/finddcs.c Changeset: Modified: branches/SAMBA_4_0/source/libcli/finddcs.c === --- branches/SAMBA_4_0/source/libcli/finddcs.c 2006-04-24 22:50:19 UTC (rev 15224) +++ branches/SAMBA_4_0/source/libcli/finddcs.c 2006-04-25 06:53:28 UTC (rev 15225) @@ -70,7 +70,7 @@ struct finddcs_state *state; struct nbt_name name; - result = talloc(mem_ctx, struct composite_context); + result = talloc_zero(mem_ctx, struct composite_context); if (result == NULL) goto failed; result-state = COMPOSITE_STATE_IN_PROGRESS; result-async.fn = NULL;
svn commit: lorikeet r531 - in trunk/heimdal: . admin appl/ftp appl/ftp/ftp appl/telnet appl/telnet/libtelnet cf doc kadmin kdc kpasswd kuser lib lib/asn1 lib/des lib/gssapi lib/hdb lib/hx509 lib/hx50
Author: abartlet Date: 2006-04-24 09:25:18 + (Mon, 24 Apr 2006) New Revision: 531 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=lorikeetrev=531 Log: Update lorikeet-heimdal to current CVS as of 2005-04-24. I've still got problems with the compile with rk_fnmatch, but I want to try again from a clean tree. Andrew Bartlett Added: trunk/heimdal/lib/des/sha256.c trunk/heimdal/lib/hx509/ trunk/heimdal/lib/hx509/ChangeLog trunk/heimdal/lib/hx509/Makefile trunk/heimdal/lib/hx509/Makefile.am trunk/heimdal/lib/hx509/Makefile.in trunk/heimdal/lib/hx509/TODO trunk/heimdal/lib/hx509/asn1_CertificationRequest.c trunk/heimdal/lib/hx509/asn1_CertificationRequest.x trunk/heimdal/lib/hx509/asn1_CertificationRequestInfo.c trunk/heimdal/lib/hx509/asn1_CertificationRequestInfo.x trunk/heimdal/lib/hx509/asn1_OCSPBasicOCSPResponse.c trunk/heimdal/lib/hx509/asn1_OCSPBasicOCSPResponse.x trunk/heimdal/lib/hx509/asn1_OCSPCertID.c trunk/heimdal/lib/hx509/asn1_OCSPCertID.x trunk/heimdal/lib/hx509/asn1_OCSPCertStatus.c trunk/heimdal/lib/hx509/asn1_OCSPCertStatus.x trunk/heimdal/lib/hx509/asn1_OCSPInnerRequest.c trunk/heimdal/lib/hx509/asn1_OCSPInnerRequest.x trunk/heimdal/lib/hx509/asn1_OCSPKeyHash.c trunk/heimdal/lib/hx509/asn1_OCSPKeyHash.x trunk/heimdal/lib/hx509/asn1_OCSPRequest.c trunk/heimdal/lib/hx509/asn1_OCSPRequest.x trunk/heimdal/lib/hx509/asn1_OCSPResponderID.c trunk/heimdal/lib/hx509/asn1_OCSPResponderID.x trunk/heimdal/lib/hx509/asn1_OCSPResponse.c trunk/heimdal/lib/hx509/asn1_OCSPResponse.x trunk/heimdal/lib/hx509/asn1_OCSPResponseBytes.c trunk/heimdal/lib/hx509/asn1_OCSPResponseBytes.x trunk/heimdal/lib/hx509/asn1_OCSPResponseData.c trunk/heimdal/lib/hx509/asn1_OCSPResponseData.x trunk/heimdal/lib/hx509/asn1_OCSPResponseStatus.c trunk/heimdal/lib/hx509/asn1_OCSPResponseStatus.x trunk/heimdal/lib/hx509/asn1_OCSPSignature.c trunk/heimdal/lib/hx509/asn1_OCSPSignature.x trunk/heimdal/lib/hx509/asn1_OCSPSingleResponse.c trunk/heimdal/lib/hx509/asn1_OCSPSingleResponse.x trunk/heimdal/lib/hx509/asn1_OCSPTBSRequest.c trunk/heimdal/lib/hx509/asn1_OCSPTBSRequest.x trunk/heimdal/lib/hx509/asn1_OCSPVersion.c trunk/heimdal/lib/hx509/asn1_OCSPVersion.x trunk/heimdal/lib/hx509/asn1_id_kp_OCSPSigning.c trunk/heimdal/lib/hx509/asn1_id_kp_OCSPSigning.x trunk/heimdal/lib/hx509/asn1_id_pkix_ocsp.c trunk/heimdal/lib/hx509/asn1_id_pkix_ocsp.x trunk/heimdal/lib/hx509/asn1_id_pkix_ocsp_basic.c trunk/heimdal/lib/hx509/asn1_id_pkix_ocsp_basic.x trunk/heimdal/lib/hx509/asn1_id_pkix_ocsp_nonce.c trunk/heimdal/lib/hx509/asn1_id_pkix_ocsp_nonce.x trunk/heimdal/lib/hx509/cert.c trunk/heimdal/lib/hx509/cms.c trunk/heimdal/lib/hx509/collector.c trunk/heimdal/lib/hx509/crmf.asn1 trunk/heimdal/lib/hx509/crypto.c trunk/heimdal/lib/hx509/data/ trunk/heimdal/lib/hx509/data/ca.crt trunk/heimdal/lib/hx509/data/ca.key trunk/heimdal/lib/hx509/data/crl1.der trunk/heimdal/lib/hx509/data/gen-req.sh trunk/heimdal/lib/hx509/data/index.txt trunk/heimdal/lib/hx509/data/index.txt.attr trunk/heimdal/lib/hx509/data/key.der trunk/heimdal/lib/hx509/data/nist-data trunk/heimdal/lib/hx509/data/ocsp-req1.der trunk/heimdal/lib/hx509/data/ocsp-req2.der trunk/heimdal/lib/hx509/data/ocsp-resp1-2.der trunk/heimdal/lib/hx509/data/ocsp-resp1-3.der trunk/heimdal/lib/hx509/data/ocsp-resp1-ca.der trunk/heimdal/lib/hx509/data/ocsp-resp1-keyhash.der trunk/heimdal/lib/hx509/data/ocsp-resp1-ocsp-no-cert.der trunk/heimdal/lib/hx509/data/ocsp-resp1-ocsp.der trunk/heimdal/lib/hx509/data/ocsp-resp1.der trunk/heimdal/lib/hx509/data/ocsp-resp2.der trunk/heimdal/lib/hx509/data/ocsp-responder.crt trunk/heimdal/lib/hx509/data/ocsp-responder.key trunk/heimdal/lib/hx509/data/openssl.cnf trunk/heimdal/lib/hx509/data/revoke.crt trunk/heimdal/lib/hx509/data/revoke.key trunk/heimdal/lib/hx509/data/serial trunk/heimdal/lib/hx509/data/static-file trunk/heimdal/lib/hx509/data/sub-ca.crt trunk/heimdal/lib/hx509/data/sub-ca.key trunk/heimdal/lib/hx509/data/sub-cert.crt trunk/heimdal/lib/hx509/data/sub-cert.key trunk/heimdal/lib/hx509/data/sub-cert.p12 trunk/heimdal/lib/hx509/data/test-ds-only.crt trunk/heimdal/lib/hx509/data/test-ds-only.key trunk/heimdal/lib/hx509/data/test-enveloped-aes-128 trunk/heimdal/lib/hx509/data/test-enveloped-aes-256 trunk/heimdal/lib/hx509/data/test-enveloped-des trunk/heimdal/lib/hx509/data/test-enveloped-des-ede3 trunk/heimdal/lib/hx509/data/test-enveloped-rc2-128 trunk/heimdal/lib/hx509/data/test-enveloped-rc2-40 trunk/heimdal/lib/hx509/data/test-enveloped-rc2-64 trunk/heimdal/lib/hx509/data/test-ke-only.crt trunk/heimdal/lib/hx509/data/test-ke-only.key trunk/heimdal/lib/hx509/data/test-pw.key trunk/heimdal/lib/hx509/data/test-signed-data trunk/heimdal/lib
svn commit: samba r15192 - in branches/SAMBA_4_0/source: heimdal/kdc heimdal/lib/asn1 heimdal/lib/com_err heimdal/lib/des heimdal/lib/gssapi heimdal/lib/hdb heimdal/lib/krb5 heimdal/lib/roken heimdal_
Author: abartlet Date: 2006-04-24 09:36:24 + (Mon, 24 Apr 2006) New Revision: 15192 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=15192 Log: Update Samba4 to use current lorikeet-heimdal. Andrew Bartlett Added: branches/SAMBA_4_0/source/heimdal/lib/des/sha256.c Modified: branches/SAMBA_4_0/source/heimdal/kdc/524.c branches/SAMBA_4_0/source/heimdal/kdc/kaserver.c branches/SAMBA_4_0/source/heimdal/kdc/kdc-private.h branches/SAMBA_4_0/source/heimdal/kdc/kerberos4.c branches/SAMBA_4_0/source/heimdal/kdc/kerberos5.c branches/SAMBA_4_0/source/heimdal/kdc/pkinit.c branches/SAMBA_4_0/source/heimdal/lib/asn1/CMS.asn1 branches/SAMBA_4_0/source/heimdal/lib/asn1/canthandle.asn1 branches/SAMBA_4_0/source/heimdal/lib/asn1/gen.c branches/SAMBA_4_0/source/heimdal/lib/asn1/hash.c branches/SAMBA_4_0/source/heimdal/lib/asn1/k5.asn1 branches/SAMBA_4_0/source/heimdal/lib/asn1/lex.c branches/SAMBA_4_0/source/heimdal/lib/asn1/parse.c branches/SAMBA_4_0/source/heimdal/lib/asn1/parse.h branches/SAMBA_4_0/source/heimdal/lib/asn1/test.asn1 branches/SAMBA_4_0/source/heimdal/lib/com_err/lex.c branches/SAMBA_4_0/source/heimdal/lib/des/des.c branches/SAMBA_4_0/source/heimdal/lib/des/dh.h branches/SAMBA_4_0/source/heimdal/lib/des/engine.h branches/SAMBA_4_0/source/heimdal/lib/des/evp.c branches/SAMBA_4_0/source/heimdal/lib/des/evp.h branches/SAMBA_4_0/source/heimdal/lib/des/rand.h branches/SAMBA_4_0/source/heimdal/lib/des/rc2.c branches/SAMBA_4_0/source/heimdal/lib/des/rsa.h branches/SAMBA_4_0/source/heimdal/lib/des/sha.h branches/SAMBA_4_0/source/heimdal/lib/gssapi/accept_sec_context.c branches/SAMBA_4_0/source/heimdal/lib/gssapi/get_mic.c branches/SAMBA_4_0/source/heimdal/lib/gssapi/gssapi_locl.h branches/SAMBA_4_0/source/heimdal/lib/gssapi/init_sec_context.c branches/SAMBA_4_0/source/heimdal/lib/gssapi/sequence.c branches/SAMBA_4_0/source/heimdal/lib/gssapi/wrap.c branches/SAMBA_4_0/source/heimdal/lib/hdb/keys.c branches/SAMBA_4_0/source/heimdal/lib/hdb/keytab.c branches/SAMBA_4_0/source/heimdal/lib/krb5/acache.c branches/SAMBA_4_0/source/heimdal/lib/krb5/addr_families.c branches/SAMBA_4_0/source/heimdal/lib/krb5/build_auth.c branches/SAMBA_4_0/source/heimdal/lib/krb5/cache.c branches/SAMBA_4_0/source/heimdal/lib/krb5/config_file.c branches/SAMBA_4_0/source/heimdal/lib/krb5/crypto.c branches/SAMBA_4_0/source/heimdal/lib/krb5/data.c branches/SAMBA_4_0/source/heimdal/lib/krb5/fcache.c branches/SAMBA_4_0/source/heimdal/lib/krb5/get_for_creds.c branches/SAMBA_4_0/source/heimdal/lib/krb5/init_creds.c branches/SAMBA_4_0/source/heimdal/lib/krb5/init_creds_pw.c branches/SAMBA_4_0/source/heimdal/lib/krb5/keytab_any.c branches/SAMBA_4_0/source/heimdal/lib/krb5/keytab_file.c branches/SAMBA_4_0/source/heimdal/lib/krb5/keytab_keyfile.c branches/SAMBA_4_0/source/heimdal/lib/krb5/keytab_krb4.c branches/SAMBA_4_0/source/heimdal/lib/krb5/krb5-private.h branches/SAMBA_4_0/source/heimdal/lib/krb5/krb5-protos.h branches/SAMBA_4_0/source/heimdal/lib/krb5/krb5_ccapi.h branches/SAMBA_4_0/source/heimdal/lib/krb5/krbhst.c branches/SAMBA_4_0/source/heimdal/lib/krb5/log.c branches/SAMBA_4_0/source/heimdal/lib/krb5/pkinit.c branches/SAMBA_4_0/source/heimdal/lib/krb5/principal.c branches/SAMBA_4_0/source/heimdal/lib/krb5/rd_cred.c branches/SAMBA_4_0/source/heimdal/lib/krb5/rd_priv.c branches/SAMBA_4_0/source/heimdal/lib/krb5/rd_req.c branches/SAMBA_4_0/source/heimdal/lib/krb5/replay.c branches/SAMBA_4_0/source/heimdal/lib/krb5/send_to_kdc.c branches/SAMBA_4_0/source/heimdal/lib/krb5/store.c branches/SAMBA_4_0/source/heimdal/lib/krb5/transited.c branches/SAMBA_4_0/source/heimdal/lib/krb5/v4_glue.c branches/SAMBA_4_0/source/heimdal/lib/roken/resolve.c branches/SAMBA_4_0/source/heimdal/lib/roken/roken_gethostby.c branches/SAMBA_4_0/source/heimdal_build/config.mk Changeset: Sorry, the patch is too large (11311 lines) to include; please use WebSVN to see it! WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=15192
svn commit: lorikeet r532 - in trunk/heimdal: . lib/hx509
Author: abartlet Date: 2006-04-24 10:02:00 + (Mon, 24 Apr 2006) New Revision: 532 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=lorikeetrev=532 Log: Remove generated file, shorten ### prefix in configure.in (added by fix-export script) Andrew Bartlett Removed: trunk/heimdal/lib/hx509/Makefile Modified: trunk/heimdal/configure.in Changeset: Sorry, the patch is too large (1277 lines) to include; please use WebSVN to see it! WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=lorikeetrev=532
svn commit: lorikeet r533 - in trunk/heimdal/lib/roken: .
Author: abartlet Date: 2006-04-24 10:05:25 + (Mon, 24 Apr 2006) New Revision: 533 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=lorikeetrev=533 Log: Move back to Heimdal's way of handling roken.h, to make it easier to trace issues as being in our code or upstream. Andrew Bartlett Added: trunk/heimdal/lib/roken/roken.awk trunk/heimdal/lib/roken/roken.h.in Removed: trunk/heimdal/lib/roken/roken.h Modified: trunk/heimdal/lib/roken/Makefile.am Changeset: Sorry, the patch is too large (1507 lines) to include; please use WebSVN to see it! WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=lorikeetrev=533
svn commit: lorikeet r534 - in trunk/heimdal/lib/hx509: .
Author: abartlet Date: 2006-04-24 11:11:04 + (Mon, 24 Apr 2006) New Revision: 534 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=lorikeetrev=534 Log: Remvove generated files from SVN: This fixes the build on systems that are not my laptop :-) Andrew Bartlett Removed: trunk/heimdal/lib/hx509/hx509-private.h trunk/heimdal/lib/hx509/hx509-protos.h trunk/heimdal/lib/hx509/hx509_err.c trunk/heimdal/lib/hx509/hx509_err.h Changeset: Sorry, the patch is too large (1123 lines) to include; please use WebSVN to see it! WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=lorikeetrev=534
svn commit: samba r15199 - in branches/SAMBA_4_0/source/lib/crypto: .
Author: abartlet Date: 2006-04-24 13:55:21 + (Mon, 24 Apr 2006) New Revision: 15199 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=15199 Log: Try to make these prototypes match, to get the build on S390 linux going. Andrew Bartlett Modified: branches/SAMBA_4_0/source/lib/crypto/md5.h Changeset: Modified: branches/SAMBA_4_0/source/lib/crypto/md5.h === --- branches/SAMBA_4_0/source/lib/crypto/md5.h 2006-04-24 12:01:14 UTC (rev 15198) +++ branches/SAMBA_4_0/source/lib/crypto/md5.h 2006-04-24 13:55:21 UTC (rev 15199) @@ -11,9 +11,9 @@ uint8_t in[64]; }; -void MD5Init(struct MD5Context *context); -void MD5Update(struct MD5Context *context, const uint8_t *buf, +_PUBLIC_ void MD5Init(struct MD5Context *context); +_PUBLIC_ void MD5Update(struct MD5Context *context, const uint8_t *buf, uint_t len); -void MD5Final(uint8_t digest[16], struct MD5Context *context); +_PUBLIC_ void MD5Final(uint8_t digest[16], struct MD5Context *context); #endif /* !MD5_H */