The branch, master has been updated
via 7cb98a0... s4/spnupdate: Fixed spnupdate to use secrets credentials
when accessing SamDB.
via 5bee3ef... s4/libcli: Register LDB_CONTROL_REVEAL_INTERNALS and
DSDB_CONTROL_PASSWORD_CHANGE_STATUS_OID controls.
via ed4c107... s4/dsdb: Fixed partition_search() not to pass special
DN's to LDAP backend.
via fa9557f... s4/auth: Fixed authsam_expand_nested_groups() to find
entry SID if not available in the DN.
from ba0ba4e... s3: Make some routines static in smbldap
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit 7cb98a0cdcef27f591357ec63633b50fd9dce29f
Author: Endi S. Dewata <[email protected]>
Date: Mon Jun 28 11:13:03 2010 -0500
s4/spnupdate: Fixed spnupdate to use secrets credentials when accessing
SamDB.
Signed-off-by: Matthias Dieter Wallnöfer <[email protected]>
commit 5bee3efacac76fdf8753a7c7cb2845bf6058d088
Author: Endi S. Dewata <[email protected]>
Date: Mon Jun 28 11:18:16 2010 -0500
s4/libcli: Register LDB_CONTROL_REVEAL_INTERNALS and
DSDB_CONTROL_PASSWORD_CHANGE_STATUS_OID controls.
Signed-off-by: Matthias Dieter Wallnöfer <[email protected]>
commit ed4c107bc1eac8531fdd8d09f7698efcbc7ecb14
Author: Endi S. Dewata <[email protected]>
Date: Mon Jun 28 10:54:37 2010 -0500
s4/dsdb: Fixed partition_search() not to pass special DN's to LDAP backend.
Signed-off-by: Matthias Dieter Wallnöfer <[email protected]>
commit fa9557fee3ca546878d99b77f1ff37f724c37024
Author: Endi S. Dewata <[email protected]>
Date: Mon Jun 28 10:45:04 2010 -0500
s4/auth: Fixed authsam_expand_nested_groups() to find entry SID if not
available in the DN.
Signed-off-by: Matthias Dieter Wallnöfer <[email protected]>
-----------------------------------------------------------------------
Summary of changes:
source4/auth/sam.c | 9 ++++++-
source4/dsdb/samdb/ldb_modules/partition.c | 14 ++++++-----
source4/libcli/ldap/ldap_controls.c | 4 +++
source4/scripting/bin/samba_spnupdate | 33 +++++++++++++++++++++++++--
4 files changed, 50 insertions(+), 10 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source4/auth/sam.c b/source4/auth/sam.c
index 894ba37..b0fc9ca 100644
--- a/source4/auth/sam.c
+++ b/source4/auth/sam.c
@@ -319,9 +319,16 @@ NTSTATUS authsam_expand_nested_groups(struct ldb_context
*sam_ctx,
talloc_free(tmp_ctx);
return NT_STATUS_INTERNAL_DB_CORRUPTION;
}
+
status = dsdb_get_extended_dn_sid(dn, &sid, "SID");
if (!NT_STATUS_IS_OK(status)) {
- DEBUG(0, (__location__ "when parsing DN %s we failed to find or
parse SID component, so we cannot calculate the group token: %s",
+ ret = dsdb_search(sam_ctx, tmp_ctx, &res, dn, LDB_SCOPE_BASE,
attrs, DSDB_SEARCH_SHOW_EXTENDED_DN, NULL);
+ dn = res->msgs[0]->dn;
+ status = dsdb_get_extended_dn_sid(dn, &sid, "SID");
+ }
+
+ if (!NT_STATUS_IS_OK(status)) {
+ DEBUG(0, (__location__ ": when parsing DN %s we failed to find
or parse SID component, so we cannot calculate the group token: %s\n",
ldb_dn_get_extended_linearized(tmp_ctx, dn, 1),
nt_errstr(status)));
talloc_free(tmp_ctx);
diff --git a/source4/dsdb/samdb/ldb_modules/partition.c
b/source4/dsdb/samdb/ldb_modules/partition.c
index 6c0d9cd..d022d12 100644
--- a/source4/dsdb/samdb/ldb_modules/partition.c
+++ b/source4/dsdb/samdb/ldb_modules/partition.c
@@ -470,12 +470,14 @@ static int partition_search(struct ldb_module *module,
struct ldb_request *req)
return ret;
}
- p = find_partition(data, NULL, req);
- if (p != NULL) {
- /* the caller specified what partition they want the
- * search - just pass it on
- */
- return ldb_next_request(p->module, req);
+ if (!ldb_dn_is_special(req->op.search.base)) {
+ p = find_partition(data, NULL, req);
+ if (p != NULL) {
+ /* the caller specified what partition they want the
+ * search - just pass it on
+ */
+ return ldb_next_request(p->module, req);
+ }
}
/* Get back the search options from the search control, and mark it as
diff --git a/source4/libcli/ldap/ldap_controls.c
b/source4/libcli/ldap/ldap_controls.c
index 7f99a9c..49fb38c 100644
--- a/source4/libcli/ldap/ldap_controls.c
+++ b/source4/libcli/ldap/ldap_controls.c
@@ -1312,8 +1312,12 @@ static const struct ldap_control_handler
ldap_known_controls[] = {
{ "1.3.6.1.4.1.7165.4.3.2", NULL, NULL },
/* DSDB_CONTROL_DN_STORAGE_FORMAT_OID is internal only, and has no network
representation */
{ "1.3.6.1.4.1.7165.4.3.4", NULL, NULL },
+/* LDB_CONTROL_REVEAL_INTERNALS is internal only, and has no network
representation */
+ { "1.3.6.1.4.1.7165.4.3.6", NULL, NULL },
/* LDB_CONTROL_AS_SYSTEM_OID is internal only, and has no network
representation */
{ "1.3.6.1.4.1.7165.4.3.7", NULL, NULL },
+/* DSDB_CONTROL_PASSWORD_CHANGE_STATUS_OID is internal only, and has no
network representation */
+ { "1.3.6.1.4.1.7165.4.3.8", NULL, NULL },
/* DSDB_EXTENDED_REPLICATED_OBJECTS_OID is internal only, and has no network
representation */
{ "1.3.6.1.4.1.7165.4.4.1", NULL, NULL },
{ DSDB_OPENLDAP_DEREFERENCE_CONTROL, decode_openldap_dereference,
encode_openldap_dereference},
diff --git a/source4/scripting/bin/samba_spnupdate
b/source4/scripting/bin/samba_spnupdate
index 1971ea1..c675a54 100755
--- a/source4/scripting/bin/samba_spnupdate
+++ b/source4/scripting/bin/samba_spnupdate
@@ -29,9 +29,11 @@ sys.path.insert(0, "bin/python")
import samba, ldb
import optparse
+from samba import Ldb
from samba import getopt as options
from samba.auth import system_session
from samba.samdb import SamDB
+from samba.credentials import Credentials, DONT_USE_KERBEROS
parser = optparse.OptionParser("samba_spnupdate")
sambaopts = options.SambaOptions(parser)
@@ -39,7 +41,9 @@ parser.add_option_group(sambaopts)
parser.add_option_group(options.VersionOptions(parser))
parser.add_option("--verbose", action="store_true")
-creds = None
+credopts = options.CredentialsOptions(parser)
+parser.add_option_group(credopts)
+
ccachename = None
opts, args = parser.parse_args()
@@ -49,6 +53,7 @@ if len(args) != 0:
sys.exit(1)
lp = sambaopts.get_loadparm()
+creds = credopts.get_credentials(lp)
domain = lp.get("realm")
host = lp.get("netbios name")
@@ -70,9 +75,31 @@ def get_subst_vars(samdb):
return vars
try:
- samdb = SamDB(url=lp.get("sam database"), session_info=system_session(),
lp=lp)
+ private_dir = lp.get("private dir")
+ secrets_path = os.path.join(private_dir, lp.get("secrets database"))
+
+ secrets_db = Ldb(url=secrets_path, session_info=system_session(),
+ credentials=creds, lp=lp)
+ res = secrets_db.search(base=None,
+ expression="(&(objectclass=ldapSecret)(cn=SAMDB
Credentials))",
+ attrs=["samAccountName", "secret"])
+
+ if len(res) == 1:
+ credentials = Credentials()
+ credentials.set_kerberos_state(DONT_USE_KERBEROS)
+
+ if "samAccountName" in res[0]:
+ credentials.set_username(res[0]["samAccountName"][0])
+
+ if "secret" in res[0]:
+ credentials.set_password(res[0]["secret"][0])
+
+ else:
+ credentials = None
+
+ samdb = SamDB(url=lp.get("sam database"), session_info=system_session(),
credentials=credentials, lp=lp)
except ldb.LdbError, (num, msg):
- print("Unable to open sam database %s : %s" % (lp.get("sam database")),
msg)
+ print("Unable to open sam database %s : %s" % (lp.get("sam database"),
msg))
sys.exit(1)
# get the substitution dictionary
--
Samba Shared Repository
