[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 83f0dc4 s4-dsdb: special case for deleted objects one way link via 9b981ff s4-dsdb: don't display links to deleted objects via a729dbb s4-dsdb: fixed one_way_link calculation via a5f311d s4-dsdb: fixed behaviour of show_deleted and show_recycled control via 365f705 s4-dsdb: fixed the check_optional_feature() call from ceb831c s3:lib: remove unused/empty modules.c http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 83f0dc44a70ed7e49bcee3718ff17b2063b2a01e Author: Andrew Tridgell tri...@samba.org Date: Fri Oct 7 15:25:59 2011 +1100 s4-dsdb: special case for deleted objects one way link we show wellknown links to the deleted objects container Pair-Programmed-With: Andrew Bartlett abart...@samba.org Autobuild-User: Andrew Tridgell tri...@samba.org Autobuild-Date: Fri Oct 7 07:58:08 CEST 2011 on sn-devel-104 commit 9b981ff1e82e06c9365b6ae46ddc911a4a84f560 Author: Andrew Tridgell tri...@samba.org Date: Fri Oct 7 13:20:35 2011 +1100 s4-dsdb: don't display links to deleted objects unless the user asks for the display of deactivated links, we should not display DNs that link to deleted objects Pair-Programmed-With: Andrew Bartlett abart...@samba.org commit a729dbb269d4a368f79dcadaa5e74adb91bfd6e2 Author: Andrew Tridgell tri...@samba.org Date: Fri Oct 7 13:19:48 2011 +1100 s4-dsdb: fixed one_way_link calculation we need to check for the other end of the link, not the current linkID Pair-Programmed-With: Andrew Bartlett abart...@samba.org commit a5f311d4690f6b76e6bd304b1fad98811488ed1f Author: Andrew Tridgell tri...@samba.org Date: Fri Oct 7 11:46:59 2011 +1100 s4-dsdb: fixed behaviour of show_deleted and show_recycled control to correctly implement the show_deleted and show_recycled control we need to know if the recyclebin is enabled. When not enabled, the isRecycled attribute is ignored, and only isDeleted is used. Pair-Programmed-With: Andrew Bartlett abart...@samba.org commit 365f705345be02915fafedc83ec3c610285f6f81 Author: Andrew Tridgell tri...@samba.org Date: Fri Oct 7 11:46:05 2011 +1100 s4-dsdb: fixed the check_optional_feature() call the dsdb_check_optional_feature() call should look on our own NTDS DN for the enabled feature. This should work for all features, not just for forest wide fetaures. Pair-Programmed-With: Andrew Bartlett abart...@samba.org --- Summary of changes: source4/dsdb/samdb/ldb_modules/extended_dn_out.c | 66 +++-- source4/dsdb/samdb/ldb_modules/show_deleted.c| 109 ++ source4/dsdb/samdb/ldb_modules/util.c| 43 + source4/dsdb/schema/schema_set.c |3 +- 4 files changed, 153 insertions(+), 68 deletions(-) Changeset truncated at 500 lines: diff --git a/source4/dsdb/samdb/ldb_modules/extended_dn_out.c b/source4/dsdb/samdb/ldb_modules/extended_dn_out.c index 9e1bec9..8e28ec7 100644 --- a/source4/dsdb/samdb/ldb_modules/extended_dn_out.c +++ b/source4/dsdb/samdb/ldb_modules/extended_dn_out.c @@ -353,30 +353,51 @@ struct extended_search_context { fix one-way links to have the right string DN, to cope with renames of the target */ -static int fix_one_way_link(struct extended_search_context *ac, struct ldb_dn *dn) +static int fix_one_way_link(struct extended_search_context *ac, struct ldb_dn *dn, + bool is_deleted_objects, bool *remove_value) { struct GUID guid; NTSTATUS status; int ret; struct ldb_dn *real_dn; + uint32_t search_flags; + TALLOC_CTX *tmp_ctx = talloc_new(ac); + const char *attrs[] = { NULL }; + struct ldb_result *res; + + (*remove_value) = false; status = dsdb_get_extended_dn_guid(dn, guid, GUID); if (!NT_STATUS_IS_OK(status)) { /* this is a strange DN that doesn't have a GUID! just return the current DN string?? */ + talloc_free(tmp_ctx); return LDB_SUCCESS; } - ret = dsdb_module_dn_by_guid(ac-module, dn, guid, real_dn, ac-req); - if (ret != LDB_SUCCESS) { - /* it could be on another server, we need to leave the - string DN alone */ + search_flags = DSDB_FLAG_NEXT_MODULE | DSDB_SEARCH_SEARCH_ALL_PARTITIONS | DSDB_SEARCH_ONE_ONLY; + + if (ldb_request_get_control(ac-req, LDB_CONTROL_SHOW_DEACTIVATED_LINK_OID) || + is_deleted_objects) { + search_flags |= DSDB_SEARCH_SHOW_DELETED; + } + + ret = dsdb_module_search(ac-module, tmp_ctx, res, NULL, LDB_SCOPE_SUBTREE, attrs, +search_flags,
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 556ef6a s4-param copy print_parameter and equal_parameter in from source3 via 6386251 s3-param Remove odd formatting to allow code merge via 0ba6076 s3-param: inline octal_string into caller to allow code merge via 80e4394 param: Use a bool to hold boolean parameters via 516ee5f s3-param use Auto define for lm_announce default via 36b2227 ldb: use ldb directly rather than via a copy via ed41edd build: ndrdump is only built with waf via 64d0230 build: Remove obsolete --enable/disable-merged-build via 4980cd7 build: Remove _SAMBA_WAF_BUILD_ via 1da89da autobuild: Remove s3-waf from autobuild via 055f017 build: Reduce build systems to just top level waf and autoconf from 83f0dc4 s4-dsdb: special case for deleted objects one way link http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 556ef6ac906ef6155c21714aaa6f3cf3ee52a9ac Author: Andrew Bartlett abart...@samba.org Date: Thu Oct 6 16:59:19 2011 +1100 s4-param copy print_parameter and equal_parameter in from source3 This will allow these functions to be put into lib/param shortly. Andrew Bartlett Autobuild-User: Andrew Bartlett abart...@samba.org Autobuild-Date: Fri Oct 7 10:17:01 CEST 2011 on sn-devel-104 commit 63862516213d9e556db039a3278233c45ff11404 Author: Andrew Bartlett abart...@samba.org Date: Thu Oct 6 16:58:32 2011 +1100 s3-param Remove odd formatting to allow code merge This code is very old, and has some code styles that we have not used in Samba for a very long time. This fixes up a the extra braces around return values. Andrew Bartlett commit 0ba60760a3601a41161c93f7b9186c35e3e31621 Author: Andrew Bartlett abart...@samba.org Date: Thu Oct 6 16:54:08 2011 +1100 s3-param: inline octal_string into caller to allow code merge commit 80e439453d4c0f6e160745826c561dd99e2bd167 Author: Andrew Bartlett abart...@samba.org Date: Thu Oct 6 16:35:39 2011 +1100 param: Use a bool to hold boolean parameters All three-state parameters invoking Auto (2) are already declared as integers, not booleans. Andrew Bartlett commit 516ee5f0b04143b72239fae53ec34e4b6e3ca0d7 Author: Andrew Bartlett abart...@samba.org Date: Thu Oct 6 16:34:52 2011 +1100 s3-param use Auto define for lm_announce default commit 36b2227eca55e769813eecc97366ba18a2832fb3 Author: Andrew Bartlett abart...@samba.org Date: Tue Jul 5 10:14:12 2011 +1000 ldb: use ldb directly rather than via a copy This avoids needing to manually sync the two files, which due to the top level build must be API compatible at all times anyway. The most important recent change was: commit e3b76bd6205acfc1a89fbcab5d9588b32cb47b88 Author: Andrew Tridgell tri...@samba.org Date: Thu Jul 28 15:51:31 2011 +1000 ldb: fixed a search expression parse bug However, as we always control the search expression in the callers to this code, no backport to other releases is required. Andrew Bartlett commit ed41ee6b81b759d4b4c8d9e59ee541a37c0a Author: Andrew Bartlett abart...@samba.org Date: Thu Sep 8 10:42:02 2011 +1000 build: ndrdump is only built with waf We no longer need an #if (_SAMBA_BUILD = 4) here. Andrew Bartlett commit 64d0230332351d37873350722f2ce3bcd39728e4 Author: Andrew Bartlett abart...@samba.org Date: Thu Sep 8 10:09:12 2011 +1000 build: Remove obsolete --enable/disable-merged-build All waf builds build everything now. Andrew Bartlett commit 4980cd772a6c81b528d5a40646f4f1d0dde17b16 Author: Andrew Bartlett abart...@samba.org Date: Thu Sep 8 08:46:42 2011 +1000 build: Remove _SAMBA_WAF_BUILD_ The _SAMBA_BUILD_ macro can pick the difference between autoconf and waf builds now Andrew Bartlett commit 1da89da251f225fc2246ac49c9656df1df7336bd Author: Andrew Bartlett abart...@samba.org Date: Thu Sep 1 12:45:53 2011 +1000 autobuild: Remove s3-waf from autobuild commit 055f017b3693af95864f6595cf4ead041c389c52 Author: Andrew Bartlett abart...@samba.org Date: Thu Sep 1 12:45:38 2011 +1000 build: Reduce build systems to just top level waf and autoconf The s3-waf build system is a key component of the top level build, but with this commit is is no longer available directly. This reduces the number of build system combinations in master as we prepare for the Samba 4.0 release. Andrew Bartlett --- Summary of changes: buildtools/wafsamba/samba3.py|2 +- buildtools/wafsamba/samba_autoconf.py|3 +- dynconfig/wscript|2 - lib/util/wscript_build | 13 +-
[SCM] build.samba.org - branch master updated
The branch, master has been updated via 01a3d51 now that samba_3_waf is just a regular part of the build, remove seperate tree from 0c5ef6c update location of upstream waf tree http://gitweb.samba.org/?p=build-farm.git;a=shortlog;h=master - Log - commit 01a3d51024f13d6b4b92899910950e7301bfec18 Author: Andrew Bartlett abart...@samba.org Date: Fri Oct 7 20:23:17 2011 +1100 now that samba_3_waf is just a regular part of the build, remove seperate tree --- Summary of changes: SerNet-IRIX.fns |1 - SerNet-Tru64.fns|1 - SerNet-aix.fns |1 - SerNet-solaris8.fns |1 - build_test.fns | 11 +-- charis.fns |1 - fjall.fns |1 - generic.fns |1 - gwen.fns|1 - hape.fns|1 - m104.fns|1 - magni.fns |1 - opi.fns |1 - qnx18.fns |1 - sunX.fns|1 - web/trees.conf |6 -- 16 files changed, 1 insertions(+), 30 deletions(-) Changeset truncated at 500 lines: diff --git a/SerNet-IRIX.fns b/SerNet-IRIX.fns index 1a4d7b4..9475898 100644 --- a/SerNet-IRIX.fns +++ b/SerNet-IRIX.fns @@ -20,7 +20,6 @@ for compiler in $compilers; do test_tree samba_3_current source3 $compiler test_tree samba_3_next source3 $compiler test_tree samba_3_master source3 $compiler - test_tree samba_3_waf source3 $compiler done global_unlock diff --git a/SerNet-Tru64.fns b/SerNet-Tru64.fns index efb706d..8622412 100644 --- a/SerNet-Tru64.fns +++ b/SerNet-Tru64.fns @@ -26,7 +26,6 @@ for compiler in $compilers; do test_tree samba_3_current source3 $compiler test_tree samba_3_next source3 $compiler test_tree samba_3_master source3 $compiler - test_tree samba_3_waf source3 $compiler TDB_NO_FSYNC=0 export TDB_NO_FSYNC diff --git a/SerNet-aix.fns b/SerNet-aix.fns index d7bb98a..825a42a 100644 --- a/SerNet-aix.fns +++ b/SerNet-aix.fns @@ -27,7 +27,6 @@ test_tree lorikeet-heimdal . $compiler test_tree samba_3_current source3 $compiler test_tree samba_3_next source3 $compiler test_tree samba_3_master source3 $compiler -test_tree samba_3_waf source3 $compiler test_tree pidl . cc build test compiler=xlc_r diff --git a/SerNet-solaris8.fns b/SerNet-solaris8.fns index 6798044..66464f4 100644 --- a/SerNet-solaris8.fns +++ b/SerNet-solaris8.fns @@ -38,7 +38,6 @@ for compiler in $compilers; do test_tree samba_3_current source3 $compiler test_tree samba_3_next source3 $compiler test_tree samba_3_master source3 $compiler - test_tree samba_3_waf source3 $compiler TDB_NO_FSYNC=0 export TDB_NO_FSYNC done diff --git a/build_test.fns b/build_test.fns index 4616cd6..b5ab052 100644 --- a/build_test.fns +++ b/build_test.fns @@ -353,15 +353,6 @@ action_configure() { echo CONFIGURE STATUS: $cstatus return $cstatus ;; - samba_3_waf) - $builddir/timelimit $MAXTIME $srcdir/autogen-waf.sh - cstatus=$? - echo autogen-waf.sh STATUS: $cstatus - if [ x$cstatus != x0 ]; then - return $cstatus - fi - # fall through - ;; esac if [ ! -x $srcdir/configure -a -r $srcdir/Makefile.PL ]; then @@ -965,7 +956,7 @@ per_run_hook() { old_trees=web popt distcc samba-gtk smb-build lorikeet-heimdal samba_3_2 old_trees=$old_tree samba_3_2_test samba4 samba_4_0_waf samba_4_0_waf.metze - old_trees=$old_tree samba_3_X_test samba_3_X_devel samba_3_X_devel + old_trees=$old_tree samba_3_X_test samba_3_X_devel samba_3_X_devel samba_3_waf for d in $old_trees; do delete_old_tree $d done diff --git a/charis.fns b/charis.fns index 0e8eb11..f3cad96 100755 --- a/charis.fns +++ b/charis.fns @@ -11,6 +11,5 @@ compiler=gcc test_tree samba_4_0_test . gcc export config=--enable-merged-build test_tree samba_3_master source3 gcc -test_tree samba_3_waf source3 gcc global_unlock diff --git a/fjall.fns b/fjall.fns index dc3adfe..4398ba8 100644 --- a/fjall.fns +++ b/fjall.fns @@ -25,7 +25,6 @@ test_tree samba_4_0_test . $compiler test_tree samba_3_current source3 $compiler test_tree samba_3_next source3 $compiler test_tree samba_3_master source3 $compiler -test_tree samba_3_waf source3 $compiler export TESTS_ENVIRONMENT=$PWD/lorikeet-heimdal/libtool --mode=execute valgrind --trace-children=yes --quiet -q --num-callers=30 --gen-suppressions=all --suppressions=$PWD/lorikeet-heimdal/cf/valgrind-suppressions test_tree lorikeet-heimdal . $compiler diff --git a/generic.fns b/generic.fns index 453097e..25a6b2e 100644 --- a/generic.fns +++ b/generic.fns @@ -64,7 +64,6 @@ for
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 4493c57 uid_wrapper: Add uwrap_setresuid(). via 17f1276 uid_wrapper: Add uwrap_setregid(). via c2b9e9b uid_wrapper: Add uwrap_setreuid(). from 556ef6a s4-param copy print_parameter and equal_parameter in from source3 http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 4493c578b0da44ae2100cc0d4d6acc714bf39a3f Author: Andreas Schneider a...@samba.org Date: Fri Oct 7 10:30:23 2011 +0200 uid_wrapper: Add uwrap_setresuid(). Autobuild-User: Andreas Schneider a...@cryptomilk.org Autobuild-Date: Fri Oct 7 12:04:05 CEST 2011 on sn-devel-104 commit 17f1276feadae1cfeea559e46e44ad136c438251 Author: Andreas Schneider a...@samba.org Date: Thu Oct 6 16:52:03 2011 +0200 uid_wrapper: Add uwrap_setregid(). commit c2b9e9b0eab3b10e36a56835602e7c931c406b12 Author: Andreas Schneider a...@samba.org Date: Thu Oct 6 16:25:32 2011 +0200 uid_wrapper: Add uwrap_setreuid(). --- Summary of changes: lib/uid_wrapper/uid_wrapper.c | 33 + lib/uid_wrapper/uid_wrapper.h | 18 ++ 2 files changed, 51 insertions(+), 0 deletions(-) Changeset truncated at 500 lines: diff --git a/lib/uid_wrapper/uid_wrapper.c b/lib/uid_wrapper/uid_wrapper.c index 05d226b..8229fbb 100644 --- a/lib/uid_wrapper/uid_wrapper.c +++ b/lib/uid_wrapper/uid_wrapper.c @@ -73,6 +73,28 @@ _PUBLIC_ int uwrap_seteuid(uid_t euid) return 0; } +_PUBLIC_ int uwrap_setreuid(uid_t ruid, uid_t euid) +{ + uwrap_init(); + if (!uwrap.enabled) { + return setreuid(ruid, euid); + } + /* assume for now that the ruid stays as root */ + uwrap.euid = euid; + return 0; +} + +_PUBLIC_ int uwrap_setresuid(uid_t ruid, uid_t euid, uid_t suid) +{ + uwrap_init(); + if (!uwrap.enabled) { + return setresuid(ruid, euid, suid); + } + /* assume for now that the ruid stays as root */ + uwrap.euid = euid; + return 0; +} + _PUBLIC_ uid_t uwrap_geteuid(void) { uwrap_init(); @@ -93,6 +115,17 @@ _PUBLIC_ int uwrap_setegid(gid_t egid) return 0; } +_PUBLIC_ int uwrap_setregid(gid_t rgid, gid_t egid) +{ + uwrap_init(); + if (!uwrap.enabled) { + return setregid(rgid, egid); + } + /* assume for now that the ruid stays as root */ + uwrap.egid = egid; + return 0; +} + _PUBLIC_ uid_t uwrap_getegid(void) { uwrap_init(); diff --git a/lib/uid_wrapper/uid_wrapper.h b/lib/uid_wrapper/uid_wrapper.h index b3b11d9..51a11c5 100644 --- a/lib/uid_wrapper/uid_wrapper.h +++ b/lib/uid_wrapper/uid_wrapper.h @@ -21,8 +21,11 @@ int uwrap_enabled(void); int uwrap_seteuid(uid_t euid); +int uwrap_setreuid(uid_t reuid, uid_t euid); +int uwrap_setresuid(uid_t reuid, uid_t euid, uid_t suid); uid_t uwrap_geteuid(void); int uwrap_setegid(gid_t egid); +int uwrap_setregid(gid_t egid); uid_t uwrap_getegid(void); int uwrap_setgroups(size_t size, const gid_t *list); int uwrap_getgroups(int size, gid_t *list); @@ -34,11 +37,26 @@ gid_t uwrap_getgid(void); #endif #define seteuiduwrap_seteuid +#ifdef setreuid +#undef setreuid +#endif +#define setreuid uwrap_setreuid + +#ifdef setresuid +#undef setresuid +#endif +#define setresuid uwrap_setresuid + #ifdef setegid #undef setegid #endif #define setegiduwrap_setegid +#ifdef setregid +#undef setregid +#endif +#define setregid uwrap_setegid + #ifdef geteuid #undef geteuid #endif -- Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via bcb0212 s4:dsdb/password_hash: add DSDB_CONTROL_PASSWORD_BYPASS_LAST_SET_OID via 94899cd Revert ldb: support raw OIDs in control string parsing via c180feb s4:dbchecker: make use of local_oid controls for dsdb.DSDB_CONTROL_DBCHECK via ec910d9 ldb/ldb_controls: allow oid up to 255 chars via ff1ce65 s4:dsdb: fix the order of DSDB_CONTROL_* defines in samdb.h from 4493c57 uid_wrapper: Add uwrap_setresuid(). http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit bcb02129c3eaa3e22b74f65a44c7059a298831a3 Author: Stefan Metzmacher me...@samba.org Date: Wed Oct 5 14:59:59 2011 +0200 s4:dsdb/password_hash: add DSDB_CONTROL_PASSWORD_BYPASS_LAST_SET_OID Which allows the caller to pass a given 'pwdLastSet' value (every useful for migrations). metze Autobuild-User: Stefan Metzmacher me...@samba.org Autobuild-Date: Fri Oct 7 15:28:13 CEST 2011 on sn-devel-104 commit 94899cd83ce2270d7760e0f9bb472b80de89f80b Author: Stefan Metzmacher me...@samba.org Date: Fri Oct 7 09:58:29 2011 +0200 Revert ldb: support raw OIDs in control string parsing This reverts commit ea41860d32d38448e08cefd79d30ee1150317a9e. This is not needed, because we already have the 'local_oid' magic. metze commit c180feb16cd6933fc81e949b440707c4982a8295 Author: Stefan Metzmacher me...@samba.org Date: Fri Oct 7 09:57:34 2011 +0200 s4:dbchecker: make use of local_oid controls for dsdb.DSDB_CONTROL_DBCHECK metze commit ec910d94d3f4515c1cb4528e5e07be2296734f9a Author: Stefan Metzmacher me...@samba.org Date: Fri Oct 7 09:56:17 2011 +0200 ldb/ldb_controls: allow oid up to 255 chars We have char oid[256], so allow sscanf() to consume 255 chars. metze commit ff1ce6521b0b38fa3d2e09d79a8145a52c63b926 Author: Stefan Metzmacher me...@samba.org Date: Fri Oct 7 09:49:48 2011 +0200 s4:dsdb: fix the order of DSDB_CONTROL_* defines in samdb.h This makes clear that struct dsdb_control_password_change belongs to DSDB_CONTROL_PASSWORD_CHANGE_OID. metze --- Summary of changes: lib/ldb/common/ldb_controls.c | 20 + lib/ldb/include/ldb_private.h |1 - source4/dsdb/samdb/ldb_modules/password_hash.c | 38 source4/dsdb/samdb/samdb.h | 22 +++-- source4/scripting/python/samba/dbchecker.py|2 +- source4/setup/schema_samba4.ldif |1 + 6 files changed, 53 insertions(+), 31 deletions(-) Changeset truncated at 500 lines: diff --git a/lib/ldb/common/ldb_controls.c b/lib/ldb/common/ldb_controls.c index 42fabfc..5b5f357 100644 --- a/lib/ldb/common/ldb_controls.c +++ b/lib/ldb/common/ldb_controls.c @@ -949,7 +949,7 @@ struct ldb_control *ldb_parse_control_from_string(struct ldb_context *ldb, TALLO oid[0] = '\0'; p = (control_strings[10]); - ret = sscanf(p, %64[^:]:%d, oid, crit); + ret = sscanf(p, %255[^:]:%d, oid, crit); if ((ret != 2) || strlen(oid) == 0 || (crit 0) || (crit 1)) { error_string = talloc_asprintf(mem_ctx, invalid local_oid control syntax\n); @@ -1018,27 +1018,9 @@ struct ldb_control *ldb_parse_control_from_string(struct ldb_context *ldb, TALLO return ctrl; } - - /* support a raw OID */ - if (isdigit(control_strings[0])) { - const char *p = strchr(control_strings, ':'); - if (p == NULL) { - goto failed; - } - if (strspn(control_strings, 0123456789.) != (p-control_strings)) { - goto failed; - } - ctrl-oid = talloc_strndup(ctrl, control_strings, p-control_strings); - ctrl-critical = (p[1]=='1'?1:0); - ctrl-data = NULL; - return ctrl; - } - /* * When no matching control has been found. */ -failed: - talloc_free(ctrl); return NULL; } diff --git a/lib/ldb/include/ldb_private.h b/lib/ldb/include/ldb_private.h index db2457d..cafc020 100644 --- a/lib/ldb/include/ldb_private.h +++ b/lib/ldb/include/ldb_private.h @@ -40,7 +40,6 @@ #include replace.h #include system/filesys.h #include system/time.h -#include system/locale.h #include ldb.h #include ldb_module.h diff --git a/source4/dsdb/samdb/ldb_modules/password_hash.c b/source4/dsdb/samdb/ldb_modules/password_hash.c index 02e68cd..9fcdcf7 100644 --- a/source4/dsdb/samdb/ldb_modules/password_hash.c +++ b/source4/dsdb/samdb/ldb_modules/password_hash.c @@ -95,6 +95,7 @@ struct ph_context { bool change_status; bool hash_values;
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via c80ba57 Fix bug #8509 - Read-only handles on SAMR allow SAMR_DOMAIN_ACCESS_CREATE_USER. from bcb0212 s4:dsdb/password_hash: add DSDB_CONTROL_PASSWORD_BYPASS_LAST_SET_OID http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit c80ba57169cee2ec66e8afe3616956c17958a3ae Author: Jeremy Allison j...@samba.org Date: Fri Oct 7 11:09:44 2011 -0700 Fix bug #8509 - Read-only handles on SAMR allow SAMR_DOMAIN_ACCESS_CREATE_USER. Not a security issue as we also check inside _samr_CreateUser2. Thanks to Andreas Schneider a...@samba.org for finding and testing this. Autobuild-User: Jeremy Allison j...@samba.org Autobuild-Date: Fri Oct 7 21:51:27 CEST 2011 on sn-devel-104 --- Summary of changes: source3/rpc_server/srv_access_check.c | 11 --- 1 files changed, 8 insertions(+), 3 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/rpc_server/srv_access_check.c b/source3/rpc_server/srv_access_check.c index 12d9024..4e74b04 100644 --- a/source3/rpc_server/srv_access_check.c +++ b/source3/rpc_server/srv_access_check.c @@ -52,6 +52,7 @@ NTSTATUS access_check_object( struct security_descriptor *psd, struct security_t { NTSTATUS status = NT_STATUS_ACCESS_DENIED; uint32 saved_mask = 0; + bool priv_granted = false; /* check privileges; certain SAM access bits should be overridden by privileges (mostly having to do with creating/modifying/deleting @@ -59,6 +60,7 @@ NTSTATUS access_check_object( struct security_descriptor *psd, struct security_t if ((needed_priv_1 != SEC_PRIV_INVALID security_token_has_privilege(token, needed_priv_1)) || (needed_priv_2 != SEC_PRIV_INVALID security_token_has_privilege(token, needed_priv_2))) { + priv_granted = true; saved_mask = (des_access rights_mask); des_access = ~saved_mask; @@ -81,6 +83,7 @@ NTSTATUS access_check_object( struct security_descriptor *psd, struct security_t DEBUG(4,(%s: ACCESS should be DENIED (requested: %#010x)\n, debug, des_access)); DEBUGADD(4,(but overritten by euid == sec_initial_uid()\n)); + priv_granted = true; *acc_granted = des_access; status = NT_STATUS_OK; @@ -89,10 +92,12 @@ NTSTATUS access_check_object( struct security_descriptor *psd, struct security_t done: - /* add in any bits saved during the privilege check (only - matters is status is ok) */ + if (priv_granted) { + /* add in any bits saved during the privilege check (only + matters if status is ok) */ - *acc_granted |= rights_mask; + *acc_granted |= rights_mask; + } DEBUG(4,(%s: access %s (requested: 0x%08x, granted: 0x%08x)\n, debug, NT_STATUS_IS_OK(status) ? GRANTED : DENIED, -- Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via de912e7 examples/VFS: fix a typo in the README from c80ba57 Fix bug #8509 - Read-only handles on SAMR allow SAMR_DOMAIN_ACCESS_CREATE_USER. http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit de912e783b9ca3a95776fd26073eb43034c0acb0 Author: Michael Adam ob...@samba.org Date: Fri Oct 7 14:00:18 2011 +0200 examples/VFS: fix a typo in the README Autobuild-User: Michael Adam ob...@samba.org Autobuild-Date: Sat Oct 8 01:42:33 CEST 2011 on sn-devel-104 --- Summary of changes: examples/VFS/README |2 +- 1 files changed, 1 insertions(+), 1 deletions(-) Changeset truncated at 500 lines: diff --git a/examples/VFS/README b/examples/VFS/README index 2f6196d..dc99e20 100644 --- a/examples/VFS/README +++ b/examples/VFS/README @@ -10,7 +10,7 @@ modules. Please look at skel_opaque.c when you want your module to provide final functions, like a database filesystem. -Please look at skel_transport.c when you want your module to provide +Please look at skel_transparent.c when you want your module to provide passthrough functions, like audit modules. Please read the VFS chapter in the HOWTO collection for general help -- Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via f0cd3f6 selftest: run dfs tests on plugin_s4_dc via 29dbda5 s3:modules: add vfs_dfs_samba4 via 09731c7 s3:msdfs: removed unused variables via f6eb85c s3:msdfs: implement setup_dfs_referral() on top of SMB_VFS_GET_DFS_REFERRALS() via 9bd26d8 s3:vfs: add SMB_VFS_GET_DFS_REFERRAL() hooks via 37a17a4 s3:param: add lp_host_msdfs to loadparm_s3_context via cc17ac9 s4:smb_server: implement dfs referral handing on top of dfs_server_ad_get_referrals() via f697956 dfs_server: add generic dfs_server_ad_get_referrals() call from de912e7 examples/VFS: fix a typo in the README http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit f0cd3f62d04a99347a88d5355b568f1295752876 Author: Stefan Metzmacher me...@samba.org Date: Tue Oct 4 12:44:12 2011 +0200 selftest: run dfs tests on plugin_s4_dc metze Autobuild-User: Stefan Metzmacher me...@samba.org Autobuild-Date: Sat Oct 8 03:18:54 CEST 2011 on sn-devel-104 commit 29dbda56b5ba6db9fd04cdea1de377630bea9016 Author: Stefan Metzmacher me...@samba.org Date: Tue Oct 4 12:38:00 2011 +0200 s3:modules: add vfs_dfs_samba4 This module overloads the SMB_VFS_GET_DFS_REFERRAL() hooks, in order to support the domain, dc and sysvol referrals for a AD DC. The config would look like this: [IPC$] vfs objects = dfs_samba4 metze commit 09731c76877137291f0041711f01b40e33eb3d1c Author: Stefan Metzmacher me...@samba.org Date: Sat Oct 1 09:15:58 2011 +0200 s3:msdfs: removed unused variables metze commit f6eb85c952841bf9d42deedbbb0839c96d54ce55 Author: Stefan Metzmacher me...@samba.org Date: Sat Oct 1 09:13:50 2011 +0200 s3:msdfs: implement setup_dfs_referral() on top of SMB_VFS_GET_DFS_REFERRALS() metze commit 9bd26d81900c16718e9ad3916aec5a7ac6b636be Author: Stefan Metzmacher me...@samba.org Date: Sat Oct 1 06:57:18 2011 +0200 s3:vfs: add SMB_VFS_GET_DFS_REFERRAL() hooks metze commit 37a17a49175b2f0eca5578467b785325561eb0cf Author: Stefan Metzmacher me...@samba.org Date: Tue Oct 4 12:41:12 2011 +0200 s3:param: add lp_host_msdfs to loadparm_s3_context metze commit cc17ac9bba0de5ea8f057cf7683aa914ff4e5702 Author: Stefan Metzmacher me...@samba.org Date: Tue Oct 4 12:42:11 2011 +0200 s4:smb_server: implement dfs referral handing on top of dfs_server_ad_get_referrals() metze commit f697956dcba801e4209b375f6ebda3168e2a210d Author: Stefan Metzmacher me...@samba.org Date: Tue Oct 4 13:08:50 2011 +0200 dfs_server: add generic dfs_server_ad_get_referrals() call This is a generic function to implement the domain, dc and sysvol DFS referrals. metze --- Summary of changes: dfs_server/dfs_server_ad.c | 847 +++ .../dfs_server_ad.h| 15 +- dfs_server/wscript_build |7 + selftest/target/Samba3.pm |3 + source3/Makefile.in|1 + source3/include/vfs.h | 14 + source3/include/vfs_macros.h |9 + source3/modules/vfs_default.c | 177 source3/modules/vfs_dfs_samba4.c | 159 source3/modules/wscript_build | 10 +- source3/param/loadparm_ctx.c |4 +- source3/smbd/msdfs.c | 325 +--- source3/smbd/vfs.c |7 + source3/wscript|2 +- source3/wscript_build |2 +- source4/selftest/tests.py |1 + source4/smb_server/smb/trans2.c| 865 ++-- source4/smb_server/smb/wscript_build |1 + wscript_build |1 + 19 files changed, 1330 insertions(+), 1120 deletions(-) create mode 100644 dfs_server/dfs_server_ad.c copy source4/auth/ntlm/auth_server_service.c = dfs_server/dfs_server_ad.h (74%) create mode 100644 dfs_server/wscript_build create mode 100644 source3/modules/vfs_dfs_samba4.c Changeset truncated at 500 lines: diff --git a/dfs_server/dfs_server_ad.c b/dfs_server/dfs_server_ad.c new file mode 100644 index 000..22d3263 --- /dev/null +++ b/dfs_server/dfs_server_ad.c @@ -0,0 +1,847 @@ +/* + Unix SMB/CIFS implementation. + + Copyright Matthieu Patou m...@matws.net 2010-2011 + Copyright Stefan Metzmacher 2011 + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 078db8f build: build wbinfo only once in the waf build via 820fe8a build: remove double-setting of build_public_headers via 50c8d38 build: s3 public headers appear to be correct now from f0cd3f6 selftest: run dfs tests on plugin_s4_dc http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 078db8f6c9580e215d850d26e8a9942aa757e245 Author: Andrew Bartlett abart...@samba.org Date: Sat Oct 8 11:19:35 2011 +1100 build: build wbinfo only once in the waf build Autobuild-User: Andrew Bartlett abart...@samba.org Autobuild-Date: Sat Oct 8 04:52:03 CEST 2011 on sn-devel-104 commit 820fe8acca1454b43bc5454f56cf848d6250bc4c Author: Andrew Bartlett abart...@samba.org Date: Sat Oct 8 10:50:32 2011 +1100 build: remove double-setting of build_public_headers The top level build already sets this, so we do not need to set it twice. Andrew Bartlett commit 50c8d3813ce88ae48f7fbf513fa74930c9e661a0 Author: Andrew Bartlett abart...@samba.org Date: Sat Oct 8 10:49:49 2011 +1100 build: s3 public headers appear to be correct now The build now passes without this setting, so remove it to ensure we do this check in future. Andrew Bartlett --- Summary of changes: nsswitch/wbinfo.c |3 ++- nsswitch/wscript_build|5 + source3/wscript_build | 15 --- source4/winbind/wscript_build |4 4 files changed, 7 insertions(+), 20 deletions(-) Changeset truncated at 500 lines: diff --git a/nsswitch/wbinfo.c b/nsswitch/wbinfo.c index 6459b8e..e7f902f 100644 --- a/nsswitch/wbinfo.c +++ b/nsswitch/wbinfo.c @@ -22,13 +22,14 @@ */ #include includes.h -#include popt_common.h #include winbind_client.h #include libwbclient/wbclient.h #include lib/popt/popt.h #include ../libcli/auth/libcli_auth.h #if (_SAMBA_BUILD_) = 4 #include lib/cmdline/popt_common.h +#else +#include popt_common.h #endif #ifdef DBGC_CLASS diff --git a/nsswitch/wscript_build b/nsswitch/wscript_build index 4e353d3..f740fdf 100644 --- a/nsswitch/wscript_build +++ b/nsswitch/wscript_build @@ -40,3 +40,8 @@ bld.SAMBA_SUBSYSTEM('WB_REQTRANS', source='wb_reqtrans.c', deps='talloc tevent LIBASYNC_REQ' ) + +bld.SAMBA_BINARY('wbinfo', + source='wbinfo.c', + deps='samba-util LIBCLI_AUTH popt POPT_SAMBA wbclient LIBAFS_SETTOKEN' + ) diff --git a/source3/wscript_build b/source3/wscript_build index 289d9a1..78b2474 100755 --- a/source3/wscript_build +++ b/source3/wscript_build @@ -3,12 +3,6 @@ from samba_utils import * import samba_version, samba3 -# enable building of public headers in the build tree -bld.env.build_public_headers = 'include/public' - -# s3 public headers refer to non-public headers -bld.env.public_headers_allow_broken = True - TDB_LIB_SRC = ''' lib/dbwrap/dbwrap_open.c lib/dbwrap/dbwrap_tdb.c @@ -612,8 +606,6 @@ SMBFILTER_SRC = '''utils/smbfilter.c''' WINBIND_WINS_NSS_SRC = '''../nsswitch/wins.c''' -WBINFO_SRC = '''../nsswitch/wbinfo.c''' - NTLM_AUTH_SRC1 = '''utils/ntlm_auth.c utils/ntlm_auth_diagnostics.c''' NTLM_AUTH_SRC = '''${NTLM_AUTH_SRC1}''' @@ -1344,13 +1336,6 @@ bld.SAMBA3_BINARY('versiontest', deps='SAMBA_VERSION samba3core param', vars=locals()) -bld.SAMBA3_BINARY('wbinfo' + bld.env.suffix3, - source=WBINFO_SRC, - deps='''talloc wbclient tevent cap - asn1util LIBTSOCKET pdb ldap param smbd_shim - LIBNTLMSSP popt_samba3 LIBAFS_SETTOKEN''', - vars=locals()) - bld.SAMBA3_BINARY('ntlm_auth' + bld.env.suffix3, source=NTLM_AUTH_SRC, deps='''tdb_compat talloc cap KRB5_WRAP k5crypto wbclient param smbd_shim diff --git a/source4/winbind/wscript_build b/source4/winbind/wscript_build index 8bf5d76..5ba9c2a 100644 --- a/source4/winbind/wscript_build +++ b/source4/winbind/wscript_build @@ -24,7 +24,3 @@ bld.SAMBA_SUBSYSTEM('IDMAP', public_deps='samdb-common ldbsamba' ) -bld.SAMBA_BINARY('wbinfo', - source='../../nsswitch/wbinfo.c', - deps='samba-util LIBCLI_AUTH popt POPT_SAMBA winbind-client wbclient tevent tevent-util LIBASYNC_REQ security ndr NDR_SECURITY' - ) -- Samba Shared Repository