svn commit: samba-web r1324 - in trunk: .
Author: abartlet Date: 2009-09-25 09:56:46 -0600 (Fri, 25 Sep 2009) New Revision: 1324 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=samba-webrev=1324 Log: Remove mirror redirect JS, now we don't do mirrors Removed: trunk/redirect_us.html Modified: trunk/header_columns.html trunk/header_wide.html Changeset: Modified: trunk/header_columns.html === --- trunk/header_columns.html 2009-09-19 06:05:59 UTC (rev 1323) +++ trunk/header_columns.html 2009-09-25 15:56:46 UTC (rev 1324) @@ -52,15 +52,6 @@ input type=submit value=Go / /form span|/span - form action=no_script_yet.cgi name=mirrorForm -select name=mirrorLocation onchange=changeMirror(this.form.mirrorLocation) -option selected=selectedChoose A Mirror/option -!--#include virtual=/samba/menu_options.html -- -/select -noscript - spanJavascript must be enabled for this menu to work./span -/noscript - /form /div /div Modified: trunk/header_wide.html === --- trunk/header_wide.html 2009-09-19 06:05:59 UTC (rev 1323) +++ trunk/header_wide.html 2009-09-25 15:56:46 UTC (rev 1324) @@ -50,16 +50,6 @@ input type=text size=15 name=words value= / input type=submit value=Go / /form - span|/span - form action=no_script_required.cgi name=mirrorForm -select name=mirrorLocation onchange=changeMirror(this.form.mirrorLocation) -option selected=selectedChoose A Mirror/option -!--#include virtual=/samba/menu_options.html -- -/select -noscript - spanJavascript must be enabled for this menu to work./span -/noscript - /form /div /div Deleted: trunk/redirect_us.html === --- trunk/redirect_us.html 2009-09-19 06:05:59 UTC (rev 1323) +++ trunk/redirect_us.html 2009-09-25 15:56:46 UTC (rev 1324) @@ -1,48 +0,0 @@ -html - -head - -titleSamba -- Opening Windows to a Wider World/title - -meta http-equiv=Content-Type content=text/html; charset=utf-8 / -meta http-equiv=Content-Language content=en-us / -meta name=keywords content=Samba SMB CIFS / -meta name=description content=Home of Samba, the SMB file server / - -!--#include virtual=/samba/redirect_include.html -- - -script type=text/javascript -!-- Hide from old browsers -function loadUSMirror() -{ -if (randomMirror.length 0) { -window.location = randomMirror[n]; -} else { -window.location = http://us1.samba.org/samba/;; -} -} -// end hide -- -/script - -/head - - -body onload=loadUSMirror() -noscript -h2Samba -- Opening Windows to a Wider World/h2 -pstrongJavaScript/strong is strongnot/strong required to use the Samba web site, -but strong enabling JavaScript/strong will add some useful features, mostly -to do with content display and format./p - -h3Please choose a mirror/h3 - -h4For the samba.org web site:/h4 -!--#include virtual=/samba/web_hosts.html -- - -h4For download ftp sites:/h4 -!--#include virtual=/samba/ftp_hosts.html -- -/noscript -!--#include virtual=/samba/local_footer.html -- -/body -/html -
svn commit: samba-web r1325 - in trunk: .
Author: abartlet Date: 2009-09-25 10:01:52 -0600 (Fri, 25 Sep 2009) New Revision: 1325 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=samba-webrev=1325 Log: Fix typos and misinformation on the IRC page Modified: trunk/irc.html Changeset: Modified: trunk/irc.html === --- trunk/irc.html 2009-09-25 15:56:46 UTC (rev 1324) +++ trunk/irc.html 2009-09-25 16:01:52 UTC (rev 1325) @@ -4,7 +4,8 @@ h2Samba IRC Channels/h2 -pSamba is discussed on two IRC channels on the a href=http://www.freenode.net/;FreeNode/a network(irc.freenode.net)./p +pSamba is discussed on two IRC channels on the a +href=http://www.freenode.net/;FreeNode/a network (irc.freenode.net)./p h3#samba/h3 @@ -12,7 +13,7 @@ Please keep a few things in mind:/p ul - liMake sure you have read the right parts of the a href=docs/man/documentation/a before asking a question./li + liMake sure you have read the right parts of the a href=docs/documentation/a before asking a question./li liDon't ask if there is anybody who can help, just ask your question. If there is somebody who knows the answer, (s)he will reply./li liMake sure you are either running the latest version of Samba or have verified that your problem is not fixed in a later release then
svn commit: samba-web r1326 - in trunk: .
Author: abartlet Date: 2009-09-25 10:06:15 -0600 (Fri, 25 Sep 2009) New Revision: 1326 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=samba-webrev=1326 Log: fix formatting inconsistancy Modified: trunk/header_columns.html Changeset: Modified: trunk/header_columns.html === --- trunk/header_columns.html 2009-09-25 16:01:52 UTC (rev 1325) +++ trunk/header_columns.html 2009-09-25 16:06:15 UTC (rev 1326) @@ -51,7 +51,6 @@ input type=text size=15 name=words value= / input type=submit value=Go / /form - span|/span /div /div
svn commit: samba-web r1323 - in trunk: .
Author: abartlet Date: 2009-09-19 00:05:59 -0600 (Sat, 19 Sep 2009) New Revision: 1323 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=samba-webrev=1323 Log: We don't redirect any more, and we don't use the US mirror rotation any more. Andrew Bartlett Modified: trunk/index.html Changeset: Modified: trunk/index.html === --- trunk/index.html2009-09-09 14:17:31 UTC (rev 1322) +++ trunk/index.html2009-09-19 06:05:59 UTC (rev 1323) @@ -160,12 +160,4 @@ See a href=/samba/history/samba-3.0.35.htmlthe release notes for more info/a./p - div class=request - phttp://samba.org/ is automatically redirected to one of our US - mirrors. To change to a mirror closer to your location, choose a - span class=punchmirror site/span from the drop-down menu above. - The popularity of Samba puts a strain on our network. By using a - mirror site you can do your bit to reduce the load./p -/div - !--#include virtual=/samba/footer.html --
svn commit: lorikeet r799 - in trunk/heimdal: . admin appl/su appl/telnet/libtelnet cf doc doc/standardisation kadmin kdc kpasswd kuser lib lib/gssapi lib/gssapi/gssapi lib/gssapi/krb5 lib/gssapi/mech
Author: abartlet Date: 2008-07-28 06:20:35 + (Mon, 28 Jul 2008) New Revision: 799 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=lorikeetrev=799 Log: Merged with upstream Heimdal -r 23473. Dropped gss_wrap_ex patch (will maintain this with metze in GIT, then commit it here when finished). Andrew Bartlett Added: trunk/heimdal/cf/symbol-version.py trunk/heimdal/doc/standardisation/draft-ietf-krb-wg-gss-cb-hash-agility-04.txt trunk/heimdal/doc/standardisation/draft-ietf-krb-wg-kerberos-referrals-11.txt trunk/heimdal/doc/standardisation/draft-ietf-krb-wg-otp-preauth-05.txt trunk/heimdal/doc/standardisation/draft-ietf-krb-wg-preauth-framework-08.txt trunk/heimdal/lib/krb5/send_to_kdc_plugin.h trunk/heimdal/lib/roken/cloexec.c trunk/heimdal/lib/roken/xfree.c Removed: trunk/heimdal/lib/gssapi/mech/gss_unwrap_ex.c trunk/heimdal/lib/gssapi/mech/gss_wrap_ex.c trunk/heimdal/lib/krb5/keytab_krb4.c Modified: trunk/heimdal/ChangeLog trunk/heimdal/admin/change.c trunk/heimdal/admin/get.c trunk/heimdal/appl/su/ChangeLog trunk/heimdal/appl/su/Makefile.am trunk/heimdal/appl/su/su.c trunk/heimdal/appl/telnet/libtelnet/encrypt.c trunk/heimdal/appl/telnet/libtelnet/genget.c trunk/heimdal/cf/ChangeLog trunk/heimdal/cf/krb-ipv6.m4 trunk/heimdal/cf/krb-readline.m4 trunk/heimdal/cf/version-script.m4 trunk/heimdal/doc/ack.texi trunk/heimdal/kadmin/ank.c trunk/heimdal/kdc/default_config.c trunk/heimdal/kdc/digest.c trunk/heimdal/kdc/kerberos5.c trunk/heimdal/kdc/krb5tgs.c trunk/heimdal/kdc/kx509.c trunk/heimdal/kdc/misc.c trunk/heimdal/kdc/pkinit.c trunk/heimdal/kdc/process.c trunk/heimdal/kdc/set_dbinfo.c trunk/heimdal/kdc/windc.c trunk/heimdal/kpasswd/kpasswd-generator.c trunk/heimdal/kpasswd/kpasswdd.c trunk/heimdal/kuser/kinit.c trunk/heimdal/lib/Makefile.am trunk/heimdal/lib/gssapi/ChangeLog trunk/heimdal/lib/gssapi/Makefile.am trunk/heimdal/lib/gssapi/gssapi/gssapi.h trunk/heimdal/lib/gssapi/gssapi/gssapi_krb5.h trunk/heimdal/lib/gssapi/gssapi_mech.h trunk/heimdal/lib/gssapi/krb5/accept_sec_context.c trunk/heimdal/lib/gssapi/krb5/delete_sec_context.c trunk/heimdal/lib/gssapi/krb5/display_status.c trunk/heimdal/lib/gssapi/krb5/external.c trunk/heimdal/lib/gssapi/krb5/gsskrb5_locl.h trunk/heimdal/lib/gssapi/krb5/init_sec_context.c trunk/heimdal/lib/gssapi/krb5/set_cred_option.c trunk/heimdal/lib/gssapi/krb5/set_sec_context_option.c trunk/heimdal/lib/gssapi/krb5/wrap.c trunk/heimdal/lib/gssapi/mech/gss_krb5.c trunk/heimdal/lib/gssapi/mech/gss_mech_switch.c trunk/heimdal/lib/gssapi/ntlm/crypto.c trunk/heimdal/lib/gssapi/ntlm/external.c trunk/heimdal/lib/gssapi/ntlm/init_sec_context.c trunk/heimdal/lib/gssapi/test_context.c trunk/heimdal/lib/hcrypto/ChangeLog trunk/heimdal/lib/hcrypto/rand-egd.c trunk/heimdal/lib/hcrypto/rand-fortuna.c trunk/heimdal/lib/hcrypto/rand-unix.c trunk/heimdal/lib/hcrypto/rand.c trunk/heimdal/lib/hcrypto/test_rsa.c trunk/heimdal/lib/hcrypto/ui.c trunk/heimdal/lib/hdb/Makefile.am trunk/heimdal/lib/hdb/common.c trunk/heimdal/lib/hdb/db.c trunk/heimdal/lib/hdb/db3.c trunk/heimdal/lib/hdb/dbinfo.c trunk/heimdal/lib/hdb/ext.c trunk/heimdal/lib/hdb/hdb-ldap.c trunk/heimdal/lib/hdb/hdb.c trunk/heimdal/lib/hdb/keys.c trunk/heimdal/lib/hdb/keytab.c trunk/heimdal/lib/hdb/mkey.c trunk/heimdal/lib/hdb/ndbm.c trunk/heimdal/lib/hdb/print.c trunk/heimdal/lib/hdb/version-script.map trunk/heimdal/lib/hx509/ChangeLog trunk/heimdal/lib/hx509/Makefile.am trunk/heimdal/lib/hx509/cert.c trunk/heimdal/lib/hx509/cms.c trunk/heimdal/lib/hx509/file.c trunk/heimdal/lib/hx509/hxtool-commands.in trunk/heimdal/lib/hx509/hxtool.c trunk/heimdal/lib/hx509/ks_dir.c trunk/heimdal/lib/hx509/ks_file.c trunk/heimdal/lib/hx509/ks_p12.c trunk/heimdal/lib/hx509/req.c trunk/heimdal/lib/hx509/revoke.c trunk/heimdal/lib/hx509/softp11.c trunk/heimdal/lib/hx509/version-script.map trunk/heimdal/lib/kadm5/ad.c trunk/heimdal/lib/kadm5/chpass_s.c trunk/heimdal/lib/kadm5/init_c.c trunk/heimdal/lib/kadm5/ipropd_slave.c trunk/heimdal/lib/kadm5/log.c trunk/heimdal/lib/kadm5/password_quality.c trunk/heimdal/lib/kafs/ChangeLog trunk/heimdal/lib/kafs/common.c trunk/heimdal/lib/krb5/Makefile.am trunk/heimdal/lib/krb5/acache.c trunk/heimdal/lib/krb5/acl.c trunk/heimdal/lib/krb5/addr_families.c trunk/heimdal/lib/krb5/auth_context.c trunk/heimdal/lib/krb5/build_auth.c trunk/heimdal/lib/krb5/cache.c trunk/heimdal/lib/krb5/changepw.c trunk/heimdal/lib/krb5/config_file.c trunk/heimdal/lib/krb5/context.c trunk/heimdal/lib/krb5/convert_creds.c trunk/heimdal/lib/krb5/copy_host_realm.c trunk/heimdal/lib/krb5/creds.c trunk/heimdal/lib/krb5/crypto.c trunk/heimdal/lib/krb5/data.c trunk/heimdal/lib
svn commit: lorikeet r800 - in trunk/heimdal: .
Author: abartlet Date: 2008-07-28 06:24:17 + (Mon, 28 Jul 2008) New Revision: 800 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=lorikeetrev=800 Log: Remove gss_wrap_ex patch from heimdal-lorikeet.diff Keep the NTLM parts in wrap_ex_ntlm.diff for the moment (re-integrate when we finish the work with metze on a working gss_wrap_ex()). Andrew Bartlett Added: trunk/heimdal/wrap_ex_ntlm.diff Modified: trunk/heimdal/heimdal-lorikeet.diff Changeset: Sorry, the patch is too large (1852 lines) to include; please use WebSVN to see it! WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=lorikeetrev=800
svn commit: lorikeet r801 - in trunk/heimdal: . lib/krb5
Author: abartlet Date: 2008-07-28 09:31:00 + (Mon, 28 Jul 2008) New Revision: 801 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=lorikeetrev=801 Log: Revert back to using the extra argument on send_to_kdc, until Samba moves to the plugin version of this function. Andrew Bartlett Modified: trunk/heimdal/heimdal-lorikeet.diff trunk/heimdal/lib/krb5/krb5.h trunk/heimdal/lib/krb5/send_to_kdc.c Changeset: Modified: trunk/heimdal/heimdal-lorikeet.diff === --- trunk/heimdal/heimdal-lorikeet.diff 2008-07-28 06:24:17 UTC (rev 800) +++ trunk/heimdal/heimdal-lorikeet.diff 2008-07-28 09:31:00 UTC (rev 801) @@ -180,3 +180,28 @@ ret = _krb5_principalname2krb5_principal (context, tmp_principal, rep-kdc_rep.cname, +Index: lib/krb5/send_to_kdc.c +=== +--- lib/krb5/send_to_kdc.c (revision 800) lib/krb5/send_to_kdc.c (working copy) +@@ -385,7 +385,7 @@ +struct send_to_kdc *s = context-send_to_kdc; + +ret = (*s-func)(context, s-data, +-hi, send_data, receive); ++hi, context-kdc_timeout, send_data, receive); +if (ret == 0 receive-length != 0) +goto out; +continue; +Index: lib/krb5/krb5.h +=== +--- lib/krb5/krb5.h(revision 800) lib/krb5/krb5.h(working copy) +@@ -725,6 +725,7 @@ + typedef krb5_error_code (*krb5_send_to_kdc_func)(krb5_context, +void *, +krb5_krbhst_info *, ++ time_t timeout, +const krb5_data *, +krb5_data *); + Modified: trunk/heimdal/lib/krb5/krb5.h === --- trunk/heimdal/lib/krb5/krb5.h 2008-07-28 06:24:17 UTC (rev 800) +++ trunk/heimdal/lib/krb5/krb5.h 2008-07-28 09:31:00 UTC (rev 801) @@ -725,6 +725,7 @@ typedef krb5_error_code (*krb5_send_to_kdc_func)(krb5_context, void *, krb5_krbhst_info *, +time_t timeout, const krb5_data *, krb5_data *); Modified: trunk/heimdal/lib/krb5/send_to_kdc.c === --- trunk/heimdal/lib/krb5/send_to_kdc.c2008-07-28 06:24:17 UTC (rev 800) +++ trunk/heimdal/lib/krb5/send_to_kdc.c2008-07-28 09:31:00 UTC (rev 801) @@ -385,7 +385,7 @@ struct send_to_kdc *s = context-send_to_kdc; ret = (*s-func)(context, s-data, - hi, send_data, receive); + hi, context-kdc_timeout, send_data, receive); if (ret == 0 receive-length != 0) goto out; continue;
svn commit: lorikeet r796 - in trunk/heimdal: . lib/krb5
Author: abartlet Date: 2008-06-24 10:04:11 + (Tue, 24 Jun 2008) New Revision: 796 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=lorikeetrev=796 Log: Add in timeout parameter to send_to_kdc plugin. Andrew Bartlett Modified: trunk/heimdal/heimdal-lorikeet.diff trunk/heimdal/lib/krb5/krb5.h trunk/heimdal/lib/krb5/send_to_kdc.c Changeset: Modified: trunk/heimdal/heimdal-lorikeet.diff === --- trunk/heimdal/heimdal-lorikeet.diff 2008-06-09 12:00:44 UTC (rev 795) +++ trunk/heimdal/heimdal-lorikeet.diff 2008-06-24 10:04:11 UTC (rev 796) @@ -180,3 +180,28 @@ ret = _krb5_principalname2krb5_principal (context, tmp_principal, rep-kdc_rep.cname, +Index: lib/krb5/send_to_kdc.c +=== +--- lib/krb5/send_to_kdc.c (revision 795) lib/krb5/send_to_kdc.c (working copy) +@@ -343,7 +343,7 @@ +struct send_to_kdc *s = context-send_to_kdc; + +ret = (*s-func)(context, s-data, +-hi, send_data, receive); ++hi, context-kdc_timeout, send_data, receive); +if (ret == 0 receive-length != 0) +goto out; +continue; +Index: lib/krb5/krb5.h +=== +--- lib/krb5/krb5.h(revision 795) lib/krb5/krb5.h(working copy) +@@ -725,6 +725,7 @@ + typedef krb5_error_code (*krb5_send_to_kdc_func)(krb5_context, +void *, +krb5_krbhst_info *, ++ time_t timeout, +const krb5_data *, +krb5_data *); + Modified: trunk/heimdal/lib/krb5/krb5.h === --- trunk/heimdal/lib/krb5/krb5.h 2008-06-09 12:00:44 UTC (rev 795) +++ trunk/heimdal/lib/krb5/krb5.h 2008-06-24 10:04:11 UTC (rev 796) @@ -725,6 +725,7 @@ typedef krb5_error_code (*krb5_send_to_kdc_func)(krb5_context, void *, krb5_krbhst_info *, +time_t timeout, const krb5_data *, krb5_data *); Modified: trunk/heimdal/lib/krb5/send_to_kdc.c === --- trunk/heimdal/lib/krb5/send_to_kdc.c2008-06-09 12:00:44 UTC (rev 795) +++ trunk/heimdal/lib/krb5/send_to_kdc.c2008-06-24 10:04:11 UTC (rev 796) @@ -343,7 +343,7 @@ struct send_to_kdc *s = context-send_to_kdc; ret = (*s-func)(context, s-data, - hi, send_data, receive); + hi, context-kdc_timeout, send_data, receive); if (ret == 0 receive-length != 0) goto out; continue;
svn commit: lorikeet r797 - in trunk/heimdal/lib/gssapi: . gssapi mech ntlm
Author: abartlet Date: 2008-06-24 10:08:22 + (Tue, 24 Jun 2008) New Revision: 797 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=lorikeetrev=797 Log: Add in new interface, gss_wrap_ex and gss_unwrap_ex. Also fix up the NTLM2 sealing code to correctly handle the key exchange case). (I didn't write most of gss_(un)wrap_ex.c, just adapted it to current heimdal). Andrew Bartlett Added: trunk/heimdal/lib/gssapi/mech/gss_unwrap_ex.c trunk/heimdal/lib/gssapi/mech/gss_wrap_ex.c Modified: trunk/heimdal/lib/gssapi/Makefile.am trunk/heimdal/lib/gssapi/gssapi/gssapi.h trunk/heimdal/lib/gssapi/gssapi_mech.h trunk/heimdal/lib/gssapi/ntlm/crypto.c trunk/heimdal/lib/gssapi/ntlm/external.c Changeset: Sorry, the patch is too large (741 lines) to include; please use WebSVN to see it! WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=lorikeetrev=797
svn commit: lorikeet r798 - in trunk/heimdal: .
Author: abartlet Date: 2008-06-24 10:09:37 + (Tue, 24 Jun 2008) New Revision: 798 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=lorikeetrev=798 Log: Add gss_(un)wrap_ex changes to heimdal-lorikeet diff Andrew Bartlett Modified: trunk/heimdal/heimdal-lorikeet.diff Changeset: Sorry, the patch is too large (1486 lines) to include; please use WebSVN to see it! WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=lorikeetrev=798
svn commit: lorikeet r791 - in trunk/heimdal: . kdc
Author: abartlet Date: 2008-03-19 01:21:06 + (Wed, 19 Mar 2008) New Revision: 791 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=lorikeetrev=791 Log: Update lorikeet-heimdal with Andrew Kroeger [EMAIL PROTECTED]'s work to allow AD-like custom error data (including an NT status code) to be pushed to the clients. This fixes the windows dialog for 'must change password' etc. Andrew Bartlett Modified: trunk/heimdal/heimdal-lorikeet.diff trunk/heimdal/kdc/kerberos5.c trunk/heimdal/kdc/windc.c trunk/heimdal/kdc/windc_plugin.h Changeset: Modified: trunk/heimdal/heimdal-lorikeet.diff === --- trunk/heimdal/heimdal-lorikeet.diff 2008-03-18 01:10:15 UTC (rev 790) +++ trunk/heimdal/heimdal-lorikeet.diff 2008-03-19 01:21:06 UTC (rev 791) @@ -270,3 +270,104 @@ { u32 il,ir,t0,t1; /* temporary valiables */ +Binary files /data/samba/lorikeet/heimdal/kdc/524.gcda and kdc/524.gcda differ +Binary files /data/samba/lorikeet/heimdal/kdc/524.gcno and kdc/524.gcno differ +Only in /data/samba/lorikeet/heimdal/kdc: 524.lo +Binary files /data/samba/lorikeet/heimdal/kdc/524.o and kdc/524.o differ +Only in /data/samba/lorikeet/heimdal/kdc: config.c +Only in /data/samba/lorikeet/heimdal/kdc: config.gcda +Only in /data/samba/lorikeet/heimdal/kdc: config.gcno +Only in /data/samba/lorikeet/heimdal/kdc: config.o +Only in /data/samba/lorikeet/heimdal/kdc: connect.c +Only in /data/samba/lorikeet/heimdal/kdc: connect.gcda +Only in /data/samba/lorikeet/heimdal/kdc: connect.gcno +Only in /data/samba/lorikeet/heimdal/kdc: connect.o +Binary files /data/samba/lorikeet/heimdal/kdc/default_config.gcda and kdc/default_config.gcda differ +Binary files /data/samba/lorikeet/heimdal/kdc/default_config.gcno and kdc/default_config.gcno differ +Only in /data/samba/lorikeet/heimdal/kdc: default_config.lo +Binary files /data/samba/lorikeet/heimdal/kdc/default_config.o and kdc/default_config.o differ +Binary files /data/samba/lorikeet/heimdal/kdc/digest.gcda and kdc/digest.gcda differ +Binary files /data/samba/lorikeet/heimdal/kdc/digest.gcno and kdc/digest.gcno differ +Only in /data/samba/lorikeet/heimdal/kdc: digest.lo +Binary files /data/samba/lorikeet/heimdal/kdc/digest.o and kdc/digest.o differ +Only in /data/samba/lorikeet/heimdal/kdc: hprop +Only in /data/samba/lorikeet/heimdal/kdc: hprop.8 +Only in /data/samba/lorikeet/heimdal/kdc: hprop.c +Only in /data/samba/lorikeet/heimdal/kdc: hpropd +Only in /data/samba/lorikeet/heimdal/kdc: hpropd.8 +Only in /data/samba/lorikeet/heimdal/kdc: hpropd.c +Only in /data/samba/lorikeet/heimdal/kdc: hpropd.gcda +Only in /data/samba/lorikeet/heimdal/kdc: hpropd.gcno +Only in /data/samba/lorikeet/heimdal/kdc: hpropd.o +Only in /data/samba/lorikeet/heimdal/kdc: hprop.gcda +Only in /data/samba/lorikeet/heimdal/kdc: hprop.gcno +Only in /data/samba/lorikeet/heimdal/kdc: hprop.h +Only in /data/samba/lorikeet/heimdal/kdc: hprop.o +Only in /data/samba/lorikeet/heimdal/kdc: kadb.h +Binary files /data/samba/lorikeet/heimdal/kdc/kaserver.gcda and kdc/kaserver.gcda differ +Binary files /data/samba/lorikeet/heimdal/kdc/kaserver.gcno and kdc/kaserver.gcno differ +Only in /data/samba/lorikeet/heimdal/kdc: kaserver.lo +Binary files /data/samba/lorikeet/heimdal/kdc/kaserver.o and kdc/kaserver.o differ +Only in /data/samba/lorikeet/heimdal/kdc: kdc +Only in /data/samba/lorikeet/heimdal/kdc: kdc.8 +diff -ur /data/samba/lorikeet/heimdal/kdc/kdc-private.h kdc/kdc-private.h +--- /data/samba/lorikeet/heimdal/kdc/kdc-private.h 2008-03-17 18:12:47.0 +1100 kdc/kdc-private.h 2008-03-19 11:04:42.0 +1100 +@@ -281,6 +281,7 @@ + _kdc_windc_client_access ( + krb5_context /*context*/, + struct hdb_entry_ex */*client*/, +- KDC_REQ */*req*/); ++ KDC_REQ */*req*/, ++ krb5_data */*e_data*/); + + #endif /* __kdc_private_h__ */ +Only in /data/samba/lorikeet/heimdal/kdc: kdc-replay +Only in /data/samba/lorikeet/heimdal/kdc: kdc-replay.c +Only in /data/samba/lorikeet/heimdal/kdc: kdc-replay.gcda +Only in /data/samba/lorikeet/heimdal/kdc: kdc-replay.gcno +Only in /data/samba/lorikeet/heimdal/kdc: kdc-replay.o +Binary files /data/samba/lorikeet/heimdal/kdc/kerberos4.gcda and kdc/kerberos4.gcda differ +Binary files /data/samba/lorikeet/heimdal/kdc/kerberos4.gcno and kdc/kerberos4.gcno differ +Only in /data/samba/lorikeet/heimdal/kdc: kerberos4.lo +Binary files /data/samba/lorikeet/heimdal/kdc/kerberos4.o and kdc/kerberos4.o differ +diff -ur /data/samba/lorikeet/heimdal/kdc/kerberos5.c kdc/kerberos5.c +--- /data/samba/lorikeet/heimdal/kdc/kerberos5.c 2008-03-04 10:20:46.0 +1100 kdc/kerberos5.c2008-03-19 11:04:42.0 +1100 +@@ -1050,7 +1050,7 @@ + goto out; + } + +-ret = _kdc_windc_client_access(context, client, req); ++ret = _kdc_windc_client_access(context, client, req, e_data); + if(ret) + goto out; + +diff -ur
svn commit: lorikeet r788 - in trunk/heimdal/lib/hcrypto: .
Author: abartlet Date: 2008-03-18 00:36:03 + (Tue, 18 Mar 2008) New Revision: 788 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=lorikeetrev=788 Log: Change to the GPL, rather than looks-like-BSD licenced versions of the camellia cypher. Downloaded from http://info.isl.ntt.co.jp/crypt/eng/camellia/dl/camellia-GPL-1.2.0.tar.gz Andrew Bartlett Modified: trunk/heimdal/lib/hcrypto/camellia-ntt.c trunk/heimdal/lib/hcrypto/camellia-ntt.h Changeset: Modified: trunk/heimdal/lib/hcrypto/camellia-ntt.c === --- trunk/heimdal/lib/hcrypto/camellia-ntt.c2008-03-13 05:39:49 UTC (rev 787) +++ trunk/heimdal/lib/hcrypto/camellia-ntt.c2008-03-18 00:36:03 UTC (rev 788) @@ -1,28 +1,21 @@ -/* camellia.c ver 1.2.0 +/* camellia.h ver 1.2.0 * - * Copyright (c) 2006,2007 - * NTT (Nippon Telegraph and Telephone Corporation) . All rights reserved. + * Copyright (C) 2006,2007 + * NTT (Nippon Telegraph and Telephone Corporation). * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer as - * the first lines of this file unmodified. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * This program is free software; you can redistribute it and/or + * modify it under the terms of the GNU General Public License + * as published by the Free Software Foundation; either version 2 + * of the License, or (at your option) any later version. * - * THIS SOFTWARE IS PROVIDED BY NTT ``AS IS'' AND ANY EXPRESS OR - * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES - * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. - * IN NO EVENT SHALL NTT BE LIABLE FOR ANY DIRECT, INDIRECT, - * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, - * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY - * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF - * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. */ /* @@ -30,15 +23,13 @@ * http://info.isl.ntt.co.jp/crypt/eng/camellia/specifications.html */ - #include string.h #include stdlib.h -#include krb5-types.h -#include camellia-ntt.h +#include camellia.h /* u32 must be 32bit word */ -typedef uint32_t u32; +typedef unsigned int u32; typedef unsigned char u8; /* key constants */ @@ -453,7 +444,7 @@ #define subl(x) subL[(x)] #define subr(x) subR[(x)] -static void camellia_setup128(const unsigned char *key, u32 *subkey) +void camellia_setup128(const unsigned char *key, u32 *subkey) { u32 kll, klr, krl, krr; u32 il, ir, t0, t1, w0, w1; @@ -664,7 +655,7 @@ return; } -static void camellia_setup256(const unsigned char *key, u32 *subkey) +void camellia_setup256(const unsigned char *key, u32 *subkey) { u32 kll,klr,krl,krr; /* left half of key */ u32 krll,krlr,krrl,krrr; /* right half of key */ @@ -950,7 +941,7 @@ return; } -static void camellia_setup192(const unsigned char *key, u32 *subkey) +void camellia_setup192(const unsigned char *key, u32 *subkey) { unsigned char kk[32]; u32 krll, krlr, krrl,krrr; @@ -972,7 +963,7 @@ * * io must be 4byte aligned and big-endian data. */ -static void camellia_encrypt128(const u32 *subkey, u32 *io) +void camellia_encrypt128(const u32 *subkey, u32 *io) { u32 il, ir, t0, t1; @@ -1062,7 +1053,7 @@ return; } -static void camellia_decrypt128(const u32 *subkey, u32 *io) +void camellia_decrypt128(const u32 *subkey, u32 *io) { u32 il,ir,t0,t1; /* temporary valiables */ @@ -1155,7 +1146,7 @@ /** * stuff for 192 and 256bit encryption/decryption */ -static void camellia_encrypt256(const u32 *subkey, u32 *io) +void camellia_encrypt256(const u32 *subkey, u32 *io) { u32 il,ir,t0,t1; /* temporary valiables */ @@ -1269,7 +1260,7 @@ return; } -static void camellia_decrypt256(const u32
svn commit: lorikeet r789 - in trunk/heimdal/lib/hcrypto: .
Author: abartlet Date: 2008-03-18 01:02:30 + (Tue, 18 Mar 2008) New Revision: 789 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=lorikeetrev=789 Log: Bring in krb5-types into camellia.h (and therefore into camellia-ntt.[ch]) Andrew Bartlett Modified: trunk/heimdal/lib/hcrypto/camellia.h Changeset: Modified: trunk/heimdal/lib/hcrypto/camellia.h === --- trunk/heimdal/lib/hcrypto/camellia.h2008-03-18 00:36:03 UTC (rev 788) +++ trunk/heimdal/lib/hcrypto/camellia.h2008-03-18 01:02:30 UTC (rev 789) @@ -36,6 +36,7 @@ #ifndef HEIM_CAMELLIA_H #define HEIM_CAMELLIA_H 1 +#include krb5-types.h #include camellia-ntt.h /* symbol renaming */
svn commit: lorikeet r790 - in trunk/heimdal: .
Author: abartlet Date: 2008-03-18 01:10:15 + (Tue, 18 Mar 2008) New Revision: 790 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=lorikeetrev=790 Log: This patch looks *really* odd, but this is due to pulling in the GPL, rather than BSD-like licence for the camellia cypher from http://info.isl.ntt.co.jp/crypt/eng/camellia/dl/camellia-GPL-1.2.0.tar.gz Andrew Bartlett Modified: trunk/heimdal/heimdal-lorikeet.diff Changeset: Modified: trunk/heimdal/heimdal-lorikeet.diff === --- trunk/heimdal/heimdal-lorikeet.diff 2008-03-18 01:02:30 UTC (rev 789) +++ trunk/heimdal/heimdal-lorikeet.diff 2008-03-18 01:10:15 UTC (rev 790) @@ -87,3 +87,186 @@ tmp_principal, rep-kdc_rep.cname, rep-kdc_rep.crealm); +--- /data/heimdal-svn/lib/hcrypto/camellia.h 2007-08-07 09:21:33.0 +1000 lib/hcrypto/camellia.h 2008-03-18 11:37:04.0 +1100 +@@ -36,6 +36,7 @@ + #ifndef HEIM_CAMELLIA_H + #define HEIM_CAMELLIA_H 1 + ++#include krb5-types.h + #include camellia-ntt.h + + /* symbol renaming */ +--- /data/heimdal-svn/lib/hcrypto/camellia-ntt.h 2007-08-07 09:21:33.0 +1000 lib/hcrypto/camellia-ntt.h 2007-01-11 18:27:37.0 +1100 +@@ -1,28 +1,21 @@ +-/* camellia.h ver 1.2.0 ++/* camellia.h ver 1.2.0 + * +- * Copyright (c) 2006,2007 +- * NTT (Nippon Telegraph and Telephone Corporation) . All rights reserved. ++ * Copyright (C) 2006,2007 ++ * NTT (Nippon Telegraph and Telephone Corporation). + * +- * Redistribution and use in source and binary forms, with or without +- * modification, are permitted provided that the following conditions +- * are met: +- * 1. Redistributions of source code must retain the above copyright +- * notice, this list of conditions and the following disclaimer as +- * the first lines of this file unmodified. +- * 2. Redistributions in binary form must reproduce the above copyright +- * notice, this list of conditions and the following disclaimer in the +- * documentation and/or other materials provided with the distribution. ++ * This program is free software; you can redistribute it and/or ++ * modify it under the terms of the GNU General Public License ++ * as published by the Free Software Foundation; either version 2 ++ * of the License, or (at your option) any later version. + * +- * THIS SOFTWARE IS PROVIDED BY NTT ``AS IS'' AND ANY EXPRESS OR +- * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES +- * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. +- * IN NO EVENT SHALL NTT BE LIABLE FOR ANY DIRECT, INDIRECT, +- * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT +- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, +- * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY +- * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT +- * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF +- * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. ++ * This program is distributed in the hope that it will be useful, ++ * but WITHOUT ANY WARRANTY; without even the implied warranty of ++ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ++ * GNU General Public License for more details. ++ * ++ * You should have received a copy of the GNU General Public License ++ * along with this program; if not, write to the Free Software ++ * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. + */ + + #ifndef HEADER_CAMELLIA_H +--- /data/heimdal-svn/lib/hcrypto/camellia-ntt.c 2007-08-07 09:21:33.0 +1000 lib/hcrypto/camellia-ntt.c 2007-01-11 18:28:12.0 +1100 +@@ -1,28 +1,21 @@ +-/* camellia.c ver 1.2.0 ++/* camellia.h ver 1.2.0 + * +- * Copyright (c) 2006,2007 +- * NTT (Nippon Telegraph and Telephone Corporation) . All rights reserved. ++ * Copyright (C) 2006,2007 ++ * NTT (Nippon Telegraph and Telephone Corporation). + * +- * Redistribution and use in source and binary forms, with or without +- * modification, are permitted provided that the following conditions +- * are met: +- * 1. Redistributions of source code must retain the above copyright +- * notice, this list of conditions and the following disclaimer as +- * the first lines of this file unmodified. +- * 2. Redistributions in binary form must reproduce the above copyright +- * notice, this list of conditions and the following disclaimer in the +- * documentation and/or other materials provided with the distribution. ++ * This program is free software; you can redistribute it and/or ++ * modify it under the terms of the GNU General Public License ++ * as published by the Free Software Foundation; either version 2 ++ * of the License
svn commit: lorikeet r787 - in trunk/heimdal: . appl/telnet appl/telnet/telnetd cf doc include lib/gssapi lib/gssapi/gssapi lib/gssapi/krb5 lib/gssapi/mech lib/gssapi/spnego lib/hcrypto lib/hcrypto/im
Author: abartlet Date: 2008-03-13 05:39:49 + (Thu, 13 Mar 2008) New Revision: 787 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=lorikeetrev=787 Log: Merge with upstream heimdal -r 22676. (Hoping to have a new snapshot of Heimdal in next Samba4 alpha). Andrew Bartlett Added: trunk/heimdal/doc/oid.txt trunk/heimdal/lib/wind/ldap.c trunk/heimdal/lib/wind/test-ldap.c Modified: trunk/heimdal/ChangeLog trunk/heimdal/appl/telnet/ChangeLog trunk/heimdal/appl/telnet/telnetd/sys_term.c trunk/heimdal/cf/ChangeLog trunk/heimdal/cf/Makefile.am.common trunk/heimdal/cf/make-proto.pl trunk/heimdal/heimdal-lorikeet.diff trunk/heimdal/include/Makefile.am trunk/heimdal/lib/gssapi/ChangeLog trunk/heimdal/lib/gssapi/Makefile.am trunk/heimdal/lib/gssapi/gssapi/gssapi_krb5.h trunk/heimdal/lib/gssapi/gssapi_mech.h trunk/heimdal/lib/gssapi/krb5/gsskrb5_locl.h trunk/heimdal/lib/gssapi/krb5/init_sec_context.c trunk/heimdal/lib/gssapi/krb5/set_cred_option.c trunk/heimdal/lib/gssapi/mech/context.c trunk/heimdal/lib/gssapi/spnego/accept_sec_context.c trunk/heimdal/lib/gssapi/spnego/context_stubs.c trunk/heimdal/lib/gssapi/spnego/external.c trunk/heimdal/lib/gssapi/spnego/init_sec_context.c trunk/heimdal/lib/gssapi/version-script.map trunk/heimdal/lib/hcrypto/hmac.c trunk/heimdal/lib/hcrypto/imath/imath.c trunk/heimdal/lib/hx509/ChangeLog trunk/heimdal/lib/hx509/Makefile.am trunk/heimdal/lib/hx509/hxtool-commands.in trunk/heimdal/lib/hx509/hxtool.c trunk/heimdal/lib/hx509/softp11.c trunk/heimdal/lib/hx509/test_cms.in trunk/heimdal/lib/hx509/version-script.map trunk/heimdal/lib/krb5/acache.c trunk/heimdal/lib/krb5/add_et_list.c trunk/heimdal/lib/krb5/get_in_tkt.c trunk/heimdal/lib/krb5/pkinit.c trunk/heimdal/lib/otp/Makefile.am trunk/heimdal/lib/roken/ChangeLog trunk/heimdal/lib/roken/Makefile.am trunk/heimdal/lib/wind/ChangeLog trunk/heimdal/lib/wind/Makefile.am trunk/heimdal/lib/wind/combining.c trunk/heimdal/lib/wind/errorlist.c trunk/heimdal/lib/wind/punycode.c trunk/heimdal/lib/wind/test-punycode.c trunk/heimdal/lib/wind/version-script.map trunk/heimdal/tests/gss/check-context.in Changeset: Sorry, the patch is too large (2330 lines) to include; please use WebSVN to see it! WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=lorikeetrev=787
svn commit: lorikeet r786 - in trunk/heimdal: . admin appl/dceutils appl/ftp/ftpd appl/rcp appl/su appl/telnet appl/telnet/libtelnet appl/telnet/telnet appl/telnet/telnetd appl/xnlock cf doc doc/stand
Author: abartlet Date: 2008-03-03 22:53:23 + (Mon, 03 Mar 2008) New Revision: 786 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=lorikeetrev=786 Log: Update to Heimdal -r 22664, in preperation for a merge to Samba4 Andrew Bartlett Added: trunk/heimdal/appl/su/supaths.h trunk/heimdal/doc/doxytmpl.dxy trunk/heimdal/doc/footer.html trunk/heimdal/doc/hcrypto.din trunk/heimdal/doc/header.html trunk/heimdal/doc/hx509.din trunk/heimdal/doc/krb5.din trunk/heimdal/doc/ntlm.din trunk/heimdal/doc/standardisation/draft-ietf-krb-wg-gss-cb-hash-agility-03.txt trunk/heimdal/doc/standardisation/draft-ietf-krb-wg-kerberos-referrals-09.txt trunk/heimdal/doc/standardisation/draft-kamada-krb-client-friendly-cross-02.txt trunk/heimdal/doc/standardisation/draft-sakane-krb-cross-problem-statement-03.txt trunk/heimdal/doc/vars.tin trunk/heimdal/doc/wind.din trunk/heimdal/lib/hcrypto/camellia-ntt.c trunk/heimdal/lib/hcrypto/camellia-ntt.h trunk/heimdal/lib/hcrypto/camellia.c trunk/heimdal/lib/hcrypto/camellia.h trunk/heimdal/lib/hcrypto/doxygen.c trunk/heimdal/lib/hcrypto/rsa-gmp.c trunk/heimdal/lib/hcrypto/test_dh.c trunk/heimdal/lib/hx509/data/PKITS.pdf trunk/heimdal/lib/hx509/data/PKITS_data.zip trunk/heimdal/lib/hx509/data/https.crt trunk/heimdal/lib/hx509/data/https.key trunk/heimdal/lib/hx509/data/nist-data2 trunk/heimdal/lib/hx509/data/nist-result2 trunk/heimdal/lib/hx509/doxygen.c trunk/heimdal/lib/hx509/softp11.c trunk/heimdal/lib/hx509/test_java_pkcs11.in trunk/heimdal/lib/hx509/test_nist2.in trunk/heimdal/lib/hx509/test_pkcs11.in trunk/heimdal/lib/hx509/test_soft_pkcs11.c trunk/heimdal/lib/kadm5/version-script.map trunk/heimdal/lib/krb5/doxygen.c trunk/heimdal/lib/krb5/test_forward.c trunk/heimdal/lib/krb5/test_renew.c trunk/heimdal/lib/roken/strpftime-test.h trunk/heimdal/lib/wind/ trunk/heimdal/lib/wind/ChangeLog trunk/heimdal/lib/wind/CompositionExclusions-3.2.0.txt trunk/heimdal/lib/wind/DerivedNormalizationProps.txt trunk/heimdal/lib/wind/Makefile.am trunk/heimdal/lib/wind/NormalizationCorrections.txt trunk/heimdal/lib/wind/NormalizationTest.txt trunk/heimdal/lib/wind/UnicodeData.py trunk/heimdal/lib/wind/UnicodeData.txt trunk/heimdal/lib/wind/bidi.c trunk/heimdal/lib/wind/combining.c trunk/heimdal/lib/wind/doxygen.c trunk/heimdal/lib/wind/errorlist.c trunk/heimdal/lib/wind/gen-bidi.py trunk/heimdal/lib/wind/gen-combining.py trunk/heimdal/lib/wind/gen-errorlist.py trunk/heimdal/lib/wind/gen-map.py trunk/heimdal/lib/wind/gen-normalize.py trunk/heimdal/lib/wind/gen-punycode-examples.py trunk/heimdal/lib/wind/generate.py trunk/heimdal/lib/wind/idn-lookup.c trunk/heimdal/lib/wind/map.c trunk/heimdal/lib/wind/normalize.c trunk/heimdal/lib/wind/punycode.c trunk/heimdal/lib/wind/rfc3454.py trunk/heimdal/lib/wind/rfc3454.txt trunk/heimdal/lib/wind/rfc3490.txt trunk/heimdal/lib/wind/rfc3491.txt trunk/heimdal/lib/wind/rfc3492.txt trunk/heimdal/lib/wind/rfc4013.txt trunk/heimdal/lib/wind/rfc4518.py trunk/heimdal/lib/wind/rfc4518.txt trunk/heimdal/lib/wind/stringprep.c trunk/heimdal/lib/wind/stringprep.py trunk/heimdal/lib/wind/test-bidi.c trunk/heimdal/lib/wind/test-map.c trunk/heimdal/lib/wind/test-normalize.c trunk/heimdal/lib/wind/test-prohibited.c trunk/heimdal/lib/wind/test-punycode.c trunk/heimdal/lib/wind/test-rw.c trunk/heimdal/lib/wind/test-utf8.c trunk/heimdal/lib/wind/utf8.c trunk/heimdal/lib/wind/util.py trunk/heimdal/lib/wind/version-script.map trunk/heimdal/lib/wind/wind.h trunk/heimdal/lib/wind/wind_err.et trunk/heimdal/lib/wind/windlocl.h trunk/heimdal/packages/debian/ trunk/heimdal/packages/debian/Makefile.am trunk/heimdal/packages/debian/README trunk/heimdal/packages/debian/README.Debian trunk/heimdal/packages/debian/changelog trunk/heimdal/packages/debian/compat trunk/heimdal/packages/debian/control trunk/heimdal/packages/debian/copyright trunk/heimdal/packages/debian/extras/ trunk/heimdal/packages/debian/extras/default trunk/heimdal/packages/debian/extras/kadmind.acl trunk/heimdal/packages/debian/extras/kdc.conf trunk/heimdal/packages/debian/heimdal-clients-x.install trunk/heimdal/packages/debian/heimdal-clients.install trunk/heimdal/packages/debian/heimdal-clients.postinst trunk/heimdal/packages/debian/heimdal-clients.prerm trunk/heimdal/packages/debian/heimdal-dev.install trunk/heimdal/packages/debian/heimdal-docs.install trunk/heimdal/packages/debian/heimdal-kcm.init trunk/heimdal/packages/debian/heimdal-kcm.install trunk/heimdal/packages/debian/heimdal-kdc.dirs trunk/heimdal/packages/debian/heimdal-kdc.examples trunk/heimdal/packages/debian/heimdal-kdc.init trunk/heimdal/packages/debian/heimdal-kdc.install trunk/heimdal/packages/debian/heimdal
svn commit: samba r26697 - in branches/SAMBA_4_0/source/dsdb/schema: .
Author: abartlet Date: 2008-01-09 05:36:02 + (Wed, 09 Jan 2008) New Revision: 26697 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=26697 Log: Leak less memory into the ldb context. (Trying to chase down memory leaks in provision) Andrew Bartlett Modified: branches/SAMBA_4_0/source/dsdb/schema/schema_init.c Changeset: Modified: branches/SAMBA_4_0/source/dsdb/schema/schema_init.c === --- branches/SAMBA_4_0/source/dsdb/schema/schema_init.c 2008-01-08 22:56:44 UTC (rev 26696) +++ branches/SAMBA_4_0/source/dsdb/schema/schema_init.c 2008-01-09 05:36:02 UTC (rev 26697) @@ -85,24 +85,30 @@ struct prefixMapBlob pfm; char *schema_info; - ndr_err = ndr_pull_struct_blob(prefixMap, schema, lp_iconv_convenience(global_loadparm), pfm, + TALLOC_CTX *mem_ctx = talloc_new(schema); + W_ERROR_HAVE_NO_MEMORY(mem_ctx); + + ndr_err = ndr_pull_struct_blob(prefixMap, mem_ctx, lp_iconv_convenience(global_loadparm), pfm, (ndr_pull_flags_fn_t)ndr_pull_prefixMapBlob); if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) { NTSTATUS nt_status = ndr_map_error2ntstatus(ndr_err); + talloc_free(mem_ctx); return ntstatus_to_werror(nt_status); } if (pfm.version != PREFIX_MAP_VERSION_DSDB) { + talloc_free(mem_ctx); return WERR_FOOBAR; } if (schemaInfo-length != 21 schemaInfo-data[0] == 0xFF) { + talloc_free(mem_ctx); return WERR_FOOBAR; } /* append the schema info as last element */ pfm.ctr.dsdb.num_mappings++; - pfm.ctr.dsdb.mappings = talloc_realloc(schema, pfm.ctr.dsdb.mappings, + pfm.ctr.dsdb.mappings = talloc_realloc(mem_ctx, pfm.ctr.dsdb.mappings, struct drsuapi_DsReplicaOIDMapping, pfm.ctr.dsdb.num_mappings); W_ERROR_HAVE_NO_MEMORY(pfm.ctr.dsdb.mappings); @@ -116,7 +122,8 @@ /* call the drsuapi version */ status = dsdb_load_oid_mappings_drsuapi(schema, pfm.ctr.dsdb); - talloc_free(pfm.ctr.dsdb.mappings); + talloc_free(mem_ctx); + W_ERROR_NOT_OK_RETURN(status); return WERR_OK; @@ -1164,6 +1171,8 @@ if (!msg) { goto nomem; } + talloc_steal(mem_ctx, msg); + talloc_free(ldif); prefix_val = ldb_msg_find_ldb_val(msg, prefixMap); if (!prefix_val) { @@ -1200,6 +1209,9 @@ goto nomem; } + talloc_steal(mem_ctx, msg); + talloc_free(ldif); + is_sa = ldb_msg_check_string_attribute(msg, objectClass, attributeSchema); is_sc = ldb_msg_check_string_attribute(msg, objectClass, classSchema);
svn commit: samba r26679 - in branches/SAMBA_4_0/source/dsdb/common: .
Author: abartlet Date: 2008-01-07 00:46:39 + (Mon, 07 Jan 2008) New Revision: 26679 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=26679 Log: It is very bad to free the ldb handle when you didn't create it... (My bad when copying this code into samdb_is_gc()). Andrew Bartlett Modified: branches/SAMBA_4_0/source/dsdb/common/util.c Changeset: Modified: branches/SAMBA_4_0/source/dsdb/common/util.c === --- branches/SAMBA_4_0/source/dsdb/common/util.c2008-01-06 23:42:46 UTC (rev 26678) +++ branches/SAMBA_4_0/source/dsdb/common/util.c2008-01-07 00:46:39 UTC (rev 26679) @@ -1395,7 +1395,7 @@ options = ldb_msg_find_attr_as_int(res-msgs[0], options, 0); talloc_free(res); - talloc_free(ldb); + talloc_free(tmp_ctx); /* if options attribute has the 0x0001 flag set, then enable the global catlog */ if (options 0x1) {
svn commit: samba r26680 - in branches/SAMBA_4_0/source/cldap_server: .
Author: abartlet Date: 2008-01-07 00:47:01 + (Mon, 07 Jan 2008) New Revision: 26680 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=26680 Log: Don't always advertise GC functionality. Andrew Bartlett Modified: branches/SAMBA_4_0/source/cldap_server/netlogon.c Changeset: Modified: branches/SAMBA_4_0/source/cldap_server/netlogon.c === --- branches/SAMBA_4_0/source/cldap_server/netlogon.c 2008-01-07 00:46:39 UTC (rev 26679) +++ branches/SAMBA_4_0/source/cldap_server/netlogon.c 2008-01-07 00:47:01 UTC (rev 26680) @@ -162,7 +162,6 @@ } server_type = - NBT_SERVER_GC | NBT_SERVER_DS | NBT_SERVER_TIMESERV | NBT_SERVER_CLOSEST | NBT_SERVER_WRITABLE | NBT_SERVER_GOOD_TIMESERV; @@ -171,6 +170,10 @@ server_type |= NBT_SERVER_PDC; } + if (samdb_is_gc(cldapd-samctx)) { + server_type |= NBT_SERVER_GC; + } + if (str_list_check(services, ldap)) { server_type |= NBT_SERVER_LDAP; }
svn commit: samba r26681 - in branches/SAMBA_4_0/source/cldap_server: .
Author: abartlet Date: 2008-01-07 03:14:51 + (Mon, 07 Jan 2008) New Revision: 26681 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=26681 Log: Use fewer magic numbers. Andrew Bartlett Modified: branches/SAMBA_4_0/source/cldap_server/netlogon.c Changeset: Modified: branches/SAMBA_4_0/source/cldap_server/netlogon.c === --- branches/SAMBA_4_0/source/cldap_server/netlogon.c 2008-01-07 00:47:01 UTC (rev 26680) +++ branches/SAMBA_4_0/source/cldap_server/netlogon.c 2008-01-07 03:14:51 UTC (rev 26681) @@ -230,7 +230,7 @@ case 5: case 6: case 7: - netlogon-logon5.type = (user?23+2:23); + netlogon-logon5.type = (user?NETLOGON_RESPONSE_FROM_PDC_USER:NETLOGON_RESPONSE_FROM_PDC2); netlogon-logon5.server_type = server_type; netlogon-logon5.domain_uuid = domain_uuid; netlogon-logon5.forest = realm; @@ -245,7 +245,7 @@ netlogon-logon5.lm20_token = 0x; break; default: - netlogon-logon13.type = (user?23+2:23); + netlogon-logon13.type = (user?NETLOGON_RESPONSE_FROM_PDC_USER:NETLOGON_RESPONSE_FROM_PDC2); netlogon-logon13.server_type = server_type; netlogon-logon13.domain_uuid = domain_uuid; netlogon-logon13.forest = realm;
svn commit: samba r26682 - in branches/SAMBA_4_0/source/torture/ldap: .
Author: abartlet Date: 2008-01-07 03:15:39 + (Mon, 07 Jan 2008) New Revision: 26682 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=26682 Log: Move CLDAP to the modern torture system, and add value checking. Andrew Bartlett Modified: branches/SAMBA_4_0/source/torture/ldap/cldap.c Changeset: Modified: branches/SAMBA_4_0/source/torture/ldap/cldap.c === --- branches/SAMBA_4_0/source/torture/ldap/cldap.c 2008-01-07 03:14:51 UTC (rev 26681) +++ branches/SAMBA_4_0/source/torture/ldap/cldap.c 2008-01-07 03:15:39 UTC (rev 26682) @@ -28,15 +28,11 @@ #include lib/ldb/include/ldb.h #include param/param.h -#define CHECK_STATUS(status, correct) do { \ - if (!NT_STATUS_EQUAL(status, correct)) { \ - printf((%s) Incorrect status %s - should be %s\n, \ - __location__, nt_errstr(status), nt_errstr(correct)); \ - ret = false; \ - goto done; \ - } \ -} while (0) +#define CHECK_STATUS(status, correct) torture_assert_ntstatus_equal(tctx, status, correct, incorrect status) +#define CHECK_VAL(v, correct) torture_assert_int_equal(tctx, (v), (correct), incorrect value); + +#define CHECK_STRING(v, correct) torture_assert_str_equal(tctx, v, correct, incorrect value); /* test netlogon operations */ @@ -48,7 +44,6 @@ union nbt_cldap_netlogon n1; struct GUID guid; int i; - bool ret = true; ZERO_STRUCT(search); search.in.dest_address = dest; @@ -94,6 +89,8 @@ search.in.user = NULL; status = cldap_netlogon(cldap, tctx, search); CHECK_STATUS(status, NT_STATUS_OK); + CHECK_STRING(search.out.netlogon.logon5.user_name, ); + CHECK_VAL(search.out.netlogon.logon5.type, NETLOGON_RESPONSE_FROM_PDC2); printf(Trying with User=Administrator\n); @@ -101,11 +98,16 @@ status = cldap_netlogon(cldap, tctx, search); CHECK_STATUS(status, NT_STATUS_OK); + CHECK_STRING(search.out.netlogon.logon5.user_name, search.in.user); + CHECK_VAL(search.out.netlogon.logon5.type, NETLOGON_RESPONSE_FROM_PDC_USER); + printf(Trying with a GUID\n); search.in.realm = NULL; search.in.domain_guid = GUID_string(tctx, n1.logon5.domain_uuid); status = cldap_netlogon(cldap, tctx, search); CHECK_STATUS(status, NT_STATUS_OK); + CHECK_VAL(search.out.netlogon.logon5.type, NETLOGON_RESPONSE_FROM_PDC_USER); + CHECK_STRING(GUID_string(tctx, search.out.netlogon.logon5.domain_uuid), search.in.domain_guid); printf(Trying with a incorrect GUID\n); guid = GUID_random(); @@ -119,6 +121,8 @@ search.in.realm = n1.logon5.dns_domain; status = cldap_netlogon(cldap, tctx, search); CHECK_STATUS(status, NT_STATUS_OK); + CHECK_VAL(search.out.netlogon.logon5.type, NETLOGON_RESPONSE_FROM_PDC2); + CHECK_STRING(search.out.netlogon.logon5.user_name, ); printf(Trying with a bad AAC\n); search.in.acct_control = 0xFF00FF00; @@ -131,11 +135,15 @@ search.in.user = Administrator; status = cldap_netlogon(cldap, tctx, search); CHECK_STATUS(status, NT_STATUS_OK); + CHECK_STRING(search.out.netlogon.logon5.dns_domain, n1.logon5.dns_domain); + CHECK_STRING(search.out.netlogon.logon5.user_name, search.in.user); printf(Trying with just a bad username\n); search.in.user = ___no_such_user___; status = cldap_netlogon(cldap, tctx, search); CHECK_STATUS(status, NT_STATUS_OK); + CHECK_STRING(search.out.netlogon.logon5.user_name, search.in.user); + CHECK_STRING(search.out.netlogon.logon5.dns_domain, n1.logon5.dns_domain); printf(Trying with just a bad domain\n); search = empty_search; @@ -147,20 +155,28 @@ search.in.domain_guid = GUID_string(tctx, n1.logon5.domain_uuid); status = cldap_netlogon(cldap, tctx, search); CHECK_STATUS(status, NT_STATUS_OK); + CHECK_STRING(search.out.netlogon.logon5.dns_domain, n1.logon5.dns_domain); + CHECK_STRING(search.out.netlogon.logon5.user_name, ); + CHECK_VAL(search.out.netlogon.logon5.type, NETLOGON_RESPONSE_FROM_PDC2); printf(Trying with a incorrect domain and incorrect guid\n); search.in.domain_guid = GUID_string(tctx, guid); status = cldap_netlogon(cldap, tctx, search); CHECK_STATUS(status, NT_STATUS_NOT_FOUND); + CHECK_STRING(search.out.netlogon.logon5.dns_domain, n1.logon5.dns_domain); + CHECK_STRING(search.out.netlogon.logon5.user_name, ); + CHECK_VAL(search.out.netlogon.logon5.type, NETLOGON_RESPONSE_FROM_PDC2); printf(Trying with a incorrect GUID and correct domain\n); search.in.domain_guid = GUID_string(tctx, guid); search.in.realm = n1.logon5.dns_domain; status = cldap_netlogon(cldap, tctx, search
svn commit: samba r26683 - in branches/SAMBA_4_0/source/torture/ldap: .
Author: abartlet Date: 2008-01-07 04:46:13 + (Mon, 07 Jan 2008) New Revision: 26683 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=26683 Log: Add another testcase. I still don't know what's wrong here. Andrew Bartlett Modified: branches/SAMBA_4_0/source/torture/ldap/cldap.c Changeset: Modified: branches/SAMBA_4_0/source/torture/ldap/cldap.c === --- branches/SAMBA_4_0/source/torture/ldap/cldap.c 2008-01-07 03:15:39 UTC (rev 26682) +++ branches/SAMBA_4_0/source/torture/ldap/cldap.c 2008-01-07 04:46:13 UTC (rev 26683) @@ -80,6 +80,27 @@ CHECK_STATUS(status, NT_STATUS_OK); } + search.in.version = 0x2006; + status = cldap_netlogon(cldap, tctx, search); + CHECK_STATUS(status, NT_STATUS_OK); + + printf(Trying with User=NULL\n); + + search.in.user = NULL; + status = cldap_netlogon(cldap, tctx, search); + CHECK_STATUS(status, NT_STATUS_OK); + CHECK_STRING(search.out.netlogon.logon5.user_name, ); + CHECK_VAL(search.out.netlogon.logon5.type, NETLOGON_RESPONSE_FROM_PDC2); + + printf(Trying with User=Administrator\n); + + search.in.user = Administrator; + status = cldap_netlogon(cldap, tctx, search); + CHECK_STATUS(status, NT_STATUS_OK); + + CHECK_STRING(search.out.netlogon.logon5.user_name, search.in.user); + CHECK_VAL(search.out.netlogon.logon5.type, NETLOGON_RESPONSE_FROM_PDC_USER); + search.in.version = 6; status = cldap_netlogon(cldap, tctx, search); CHECK_STATUS(status, NT_STATUS_OK);
svn commit: samba r26684 - in branches/SAMBA_4_0/source/lib/ldb/ldb_tdb: .
Author: abartlet Date: 2008-01-07 05:22:14 + (Mon, 07 Jan 2008) New Revision: 26684 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=26684 Log: Trivial cleanup from Matthias Dieter Walln?\195?\182fer, from bug 5090 Andrew Bartlett Modified: branches/SAMBA_4_0/source/lib/ldb/ldb_tdb/ldb_index.c Changeset: Modified: branches/SAMBA_4_0/source/lib/ldb/ldb_tdb/ldb_index.c === --- branches/SAMBA_4_0/source/lib/ldb/ldb_tdb/ldb_index.c 2008-01-07 04:46:13 UTC (rev 26683) +++ branches/SAMBA_4_0/source/lib/ldb/ldb_tdb/ldb_index.c 2008-01-07 05:22:14 UTC (rev 26684) @@ -886,7 +886,7 @@ msg-elements[idx].values[msg-elements[idx].num_values].data = discard_const_p(uint8_t, dn); msg-elements[idx].num_values++; - return 0; + return LDB_SUCCESS; } /*
svn commit: samba r26685 - in branches/SAMBA_4_0/source/torture/rpc: .
Author: abartlet Date: 2008-01-07 05:41:16 + (Mon, 07 Jan 2008) New Revision: 26685 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=26685 Log: Fix bug 5137 by Mark Ridley. The RPC-ATSVC test is not tested, so was broken by 'ref' changes long ago. We need a working script to aim against windows. Andrew Bartlett Modified: branches/SAMBA_4_0/source/torture/rpc/atsvc.c Changeset: Modified: branches/SAMBA_4_0/source/torture/rpc/atsvc.c === --- branches/SAMBA_4_0/source/torture/rpc/atsvc.c 2008-01-07 05:22:14 UTC (rev 26684) +++ branches/SAMBA_4_0/source/torture/rpc/atsvc.c 2008-01-07 05:41:16 UTC (rev 26685) @@ -27,9 +27,14 @@ { NTSTATUS status; struct atsvc_JobGetInfo r; + struct atsvc_JobInfo *info = talloc(tctx, struct atsvc_JobInfo); + if (!info) { + return false; + } r.in.servername = dcerpc_server_name(p); r.in.job_id = job_id; + r.out.job_info = info; status = dcerpc_atsvc_JobGetInfo(p, tctx, r);
svn commit: samba r26686 - in branches/SAMBA_4_0/source/setup: .
Author: abartlet Date: 2008-01-07 05:50:04 + (Mon, 07 Jan 2008) New Revision: 26686 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=26686 Log: Fix bug 5143 by Jason Tarbet. This prevented an easy cut-and-paste of the provision options used. Andrew Bartlett Modified: branches/SAMBA_4_0/source/setup/provision Changeset: Modified: branches/SAMBA_4_0/source/setup/provision === --- branches/SAMBA_4_0/source/setup/provision 2008-01-07 05:41:16 UTC (rev 26685) +++ branches/SAMBA_4_0/source/setup/provision 2008-01-07 05:50:04 UTC (rev 26686) @@ -182,7 +182,7 @@ message(--invocationid='%s' \\\n, subobj.INVOCATIONID); message(--adminpass='%s' --krbtgtpass='%s' \\\n, subobj.ADMINPASS, subobj.KRBTGTPASS); message(--machinepass='%s' --dnspass='%s' \\\n, subobj.MACHINEPASS, subobj.DNSPASS); - message(--root='%s' --nobody='%s' --nogroup-'%s' \\\n, subobj.ROOT, subobj.NOBODY, subobj.NOGROUP); + message(--root='%s' --nobody='%s' --nogroup='%s' \\\n, subobj.ROOT, subobj.NOBODY, subobj.NOGROUP); message(--wheel='%s' --users='%s' --server-role='%s' \\\n, subobj.WHEEL, subobj.USERS, subobj.SERVERROLE); if (ldapbackend) { message(--ldap-backend='%s' \\\n, subobj.LDAPBACKEND);
svn commit: samba r26647 - in branches/SAMBA_4_0/source/script: .
Author: abartlet Date: 2008-01-03 03:31:14 + (Thu, 03 Jan 2008) New Revision: 26647 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=26647 Log: Mark 'valgrind_run' as executable Modified: branches/SAMBA_4_0/source/script/valgrind_run Changeset: Property changes on: branches/SAMBA_4_0/source/script/valgrind_run ___ Name: svn:executable + *
svn commit: samba r26648 - in branches/SAMBA_4_0/source: dsdb/common ldap_server
Author: abartlet Date: 2008-01-03 04:40:24 + (Thu, 03 Jan 2008) New Revision: 26648 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=26648 Log: Move detection of global catalog captability to a central function, so this can be shared with the CLDAP server (for the netlogon reply). Andrew Bartlett Modified: branches/SAMBA_4_0/source/dsdb/common/util.c branches/SAMBA_4_0/source/ldap_server/ldap_server.c Changeset: Modified: branches/SAMBA_4_0/source/dsdb/common/util.c === --- branches/SAMBA_4_0/source/dsdb/common/util.c2008-01-03 03:31:14 UTC (rev 26647) +++ branches/SAMBA_4_0/source/dsdb/common/util.c2008-01-03 04:40:24 UTC (rev 26648) @@ -1367,7 +1367,43 @@ return false; } +/* + work out if we are a Global Catalog server for the domain of the current open ldb +*/ +bool samdb_is_gc(struct ldb_context *ldb) +{ + const char *attrs[] = { options, NULL }; + int ret, options; + struct ldb_result *res; + TALLOC_CTX *tmp_ctx; + tmp_ctx = talloc_new(ldb); + if (tmp_ctx == NULL) { + DEBUG(1, (talloc_new failed in samdb_is_pdc)); + return false; + } + + /* Query cn=ntds settings, */ + ret = ldb_search(ldb, samdb_ntds_settings_dn(ldb), LDB_SCOPE_BASE, NULL, attrs, res); + if (ret) { + return false; + } + if (res-count != 1) { + talloc_free(res); + return false; + } + + options = ldb_msg_find_attr_as_int(res-msgs[0], options, 0); + talloc_free(res); + talloc_free(ldb); + + /* if options attribute has the 0x0001 flag set, then enable the global catlog */ + if (options 0x1) { + return true; + } + return false; +} + /* Find a domain object in the parents of a particular DN. */ int samdb_search_for_parent_domain(struct ldb_context *ldb, TALLOC_CTX *mem_ctx, struct ldb_dn *dn, struct ldb_dn **parent_dn, const char **errstring) Modified: branches/SAMBA_4_0/source/ldap_server/ldap_server.c === --- branches/SAMBA_4_0/source/ldap_server/ldap_server.c 2008-01-03 03:31:14 UTC (rev 26647) +++ branches/SAMBA_4_0/source/ldap_server/ldap_server.c 2008-01-03 04:40:24 UTC (rev 26648) @@ -447,11 +447,7 @@ { uint16_t port = 389; NTSTATUS status; - const char *attrs[] = { options, NULL }; - int ret; - struct ldb_result *res; struct ldb_context *ldb; - int options; status = stream_setup_socket(event_context, model_ops, ldap_stream_ops, ipv4, address, port, @@ -481,22 +477,7 @@ return NT_STATUS_INTERNAL_DB_CORRUPTION; } - /* Query cn=ntds settings, */ - ret = ldb_search(ldb, samdb_ntds_settings_dn(ldb), LDB_SCOPE_BASE, NULL, attrs, res); - if (ret) { - return NT_STATUS_INTERNAL_DB_CORRUPTION; - } - if (res-count != 1) { - talloc_free(res); - return NT_STATUS_NOT_FOUND; - } - - options = ldb_msg_find_attr_as_int(res-msgs[0], options, 0); - talloc_free(res); - talloc_free(ldb); - - /* if options attribute has the 0x0001 flag set, then enable the global catlog */ - if (options 0x1) { + if (samdb_is_gc(ldb)) { port = 3268; status = stream_setup_socket(event_context, model_ops, ldap_stream_ops, ipv4, address, port,
svn commit: samba r26649 - in branches/SAMBA_4_0/source/cldap_server: .
Author: abartlet Date: 2008-01-03 06:00:38 + (Thu, 03 Jan 2008) New Revision: 26649 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=26649 Log: Only claim to be a PDC if we are a PDC. Andrew Bartlett Modified: branches/SAMBA_4_0/source/cldap_server/netlogon.c Changeset: Modified: branches/SAMBA_4_0/source/cldap_server/netlogon.c === --- branches/SAMBA_4_0/source/cldap_server/netlogon.c 2008-01-03 04:40:24 UTC (rev 26648) +++ branches/SAMBA_4_0/source/cldap_server/netlogon.c 2008-01-03 06:00:38 UTC (rev 26649) @@ -162,11 +162,15 @@ } server_type = - NBT_SERVER_PDC | NBT_SERVER_GC | + NBT_SERVER_GC | NBT_SERVER_DS | NBT_SERVER_TIMESERV | NBT_SERVER_CLOSEST | NBT_SERVER_WRITABLE | NBT_SERVER_GOOD_TIMESERV; + if (samdb_is_pdc(cldapd-samctx)) { + server_type |= NBT_SERVER_PDC; + } + if (str_list_check(services, ldap)) { server_type |= NBT_SERVER_LDAP; }
svn commit: samba r26635 - in branches/SAMBA_4_0/source/setup: .
Author: abartlet Date: 2008-01-01 03:27:53 + (Tue, 01 Jan 2008) New Revision: 26635 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=26635 Log: The OpenLDAP folks have been very accommodating, and their memberof plugin allows the error being returned to be adjusted. Andrew Bartlett Modified: branches/SAMBA_4_0/source/setup/provision-backend Changeset: Modified: branches/SAMBA_4_0/source/setup/provision-backend === --- branches/SAMBA_4_0/source/setup/provision-backend 2007-12-30 19:18:17 UTC (rev 26634) +++ branches/SAMBA_4_0/source/setup/provision-backend 2008-01-01 03:27:53 UTC (rev 26635) @@ -161,6 +161,7 @@ memberof-group-oc top memberof-member-ad + res.msgs[i].lDAPDisplayName + memberof-memberof-ad + target + +memberof-dangling-error 32 ; }
svn commit: samba r26636 - in branches/SAMBA_4_0/source/setup: .
Author: abartlet Date: 2008-01-01 04:01:07 + (Tue, 01 Jan 2008) New Revision: 26636 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=26636 Log: Remove useless 'backend' parameter, and make the memberof overlay use global. Andrew Bartlett Modified: branches/SAMBA_4_0/source/setup/slapd.conf Changeset: Modified: branches/SAMBA_4_0/source/setup/slapd.conf === --- branches/SAMBA_4_0/source/setup/slapd.conf 2008-01-01 03:27:53 UTC (rev 26635) +++ branches/SAMBA_4_0/source/setup/slapd.conf 2008-01-01 04:01:07 UTC (rev 26636) @@ -21,7 +21,8 @@ defaultsearchbase ${DOMAINDN} -backendhdb +include ${LDAPDIR}/memberof.conf + databasehdb suffix ${SCHEMADN} directory ${LDAPDIR}/db/schema @@ -74,5 +75,3 @@ overlay syncprov syncprov-checkpoint 100 10 syncprov-sessionlog 100 - -include ${LDAPDIR}/memberof.conf
svn commit: samba r26609 - in branches/SAMBA_4_0/source/selftest/env: .
Author: abartlet Date: 2007-12-27 04:17:28 + (Thu, 27 Dec 2007) New Revision: 26609 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=26609 Log: Try a few more variatations to get the selftest to run against OpenLDAP. Andrew Bartlett Modified: branches/SAMBA_4_0/source/selftest/env/Samba4.pm Changeset: Modified: branches/SAMBA_4_0/source/selftest/env/Samba4.pm === --- branches/SAMBA_4_0/source/selftest/env/Samba4.pm2007-12-27 03:09:49 UTC (rev 26608) +++ branches/SAMBA_4_0/source/selftest/env/Samba4.pm2007-12-27 04:17:28 UTC (rev 26609) @@ -241,9 +241,20 @@ open(CONF, $modconf); # enable slapd modules print CONF -modulepath $olpath/libexec/openldap +modulepath $olroot/libexec/openldap +moduleload syncprov +moduleload memberof +; + close(CONF); + } + if (system(slaptest -u -f $slapd_conf 2) != 0) { + open(CONF, $modconf); + # enable slapd modules + print CONF +modulepath $olroot/libexec/openldap moduleload back_hdb moduleload syncprov +moduleload memberof ; close(CONF); } @@ -254,6 +265,7 @@ print CONF moduleload back_hdb moduleload syncprov +moduleload memberof ; close(CONF); } @@ -265,6 +277,7 @@ modulepath /usr/lib/ldap moduleload back_hdb moduleload syncprov +moduleload memberof ; close(CONF); } @@ -275,6 +288,7 @@ print CONF modulepath /usr/lib/openldap moduleload syncprov +moduleload memberof ; close(CONF); } @@ -285,6 +299,7 @@ print CONF modulepath /usr/lib64/openldap moduleload syncprov +moduleload memberof ; close(CONF); }
svn commit: samba r26610 - in branches/SAMBA_4_0/source/setup: .
Author: abartlet Date: 2007-12-27 04:18:54 + (Thu, 27 Dec 2007) New Revision: 26610 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=26610 Log: Write out a memberof.conf, to run the memberof plugin on all linked attributes, as found in the schema. Index 'cn', as otherwise exact match searches on this attribute always fail (need to figure out what is so special about cn in OpenLDAP). Andrew Bartlett Modified: branches/SAMBA_4_0/source/setup/provision-backend branches/SAMBA_4_0/source/setup/slapd.conf Changeset: Modified: branches/SAMBA_4_0/source/setup/provision-backend === --- branches/SAMBA_4_0/source/setup/provision-backend 2007-12-27 04:17:28 UTC (rev 26609) +++ branches/SAMBA_4_0/source/setup/provision-backend 2007-12-27 04:18:54 UTC (rev 26610) @@ -141,6 +141,36 @@ } else { slapd_command = slapd -f + subobj.LDAPDIR + /slapd.conf -h + subobj.LDAPI_URI; } + + var ldb = ldb_init(); + ldb.filename = tmp_schema_ldb; + + var connect_ok = ldb.connect(ldb.filename); + assert(connect_ok); + var attrs = new Array(linkID, lDAPDisplayName); + var res = ldb.searchlinkID=*)(!(linkID:1.2.840.113556.1.4.803:=1)))(objectclass=attributeSchema)), subobj.SCHEMADN, ldb.SCOPE_SUBTREE, attrs); + assert(res.error == 0); + var memberof_config = ; + for (i=0; i res.msgs.length; i++) { +searchone(ldb, subobj.DOMAINDN, ((objectClass=computer)(cn= + subobj.NETBIOSNAME + )), objectGUID); + var target = searchone(ldb, subobj.SCHEMADN, ((objectclass=attributeSchema)(linkID= + (res.msgs[i].linkID + 1) + )), lDAPDisplayName); + if (target != undefined) { + memberof_config = memberof_config + overlay memberof +memberof-dangling error +memberof-refint TRUE +memberof-group-oc top +memberof-member-ad + res.msgs[i].lDAPDisplayName + +memberof-memberof-ad + target + + +; + } + } + ok = sys.file_save(subobj.LDAPDIR + /memberof.conf, memberof_config); + if (!ok) { + message(failed to create file: + f + \n); + assert(ok); + } + } var schema_command = ad2oLschema --option=convert:target= + options[ldap-backend-type] + -I + lp.get(setup directory) + / + mapping + -H tdb:// + tmp_schema_ldb + -O + subobj.LDAPDIR + / + backend_schema; Modified: branches/SAMBA_4_0/source/setup/slapd.conf === --- branches/SAMBA_4_0/source/setup/slapd.conf 2007-12-27 04:17:28 UTC (rev 26609) +++ branches/SAMBA_4_0/source/setup/slapd.conf 2007-12-27 04:18:54 UTC (rev 26610) @@ -31,6 +31,7 @@ index objectCategory eq index lDAPDisplayName eq index subClassOf eq +index cn eq databasehdb suffix ${CONFIGDN} @@ -44,6 +45,7 @@ index subClassOf eq index dnsRoot eq index nETBIOSName eq +index cn eq databasehdb suffix ${DOMAINDN} @@ -65,9 +67,12 @@ index subClassOf eq index dnsRoot eq index nETBIOSName eq +index cn eq #syncprov is stable in OpenLDAP 2.3, and available in 2.2. #We only need this for the contextCSN attribute anyway overlay syncprov syncprov-checkpoint 100 10 syncprov-sessionlog 100 + +include ${LDAPDIR}/memberof.conf
svn commit: samba r26613 - in branches/SAMBA_4_0/source/libcli: ldap util
Author: abartlet Date: 2007-12-27 07:47:11 + (Thu, 27 Dec 2007) New Revision: 26613 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=26613 Log: Add a function to write a DATA_BLOB into an LDAPString. This respects the length set in the DATA_BLOB, rather than hoping to see NULL termination of the data pointer. (found testing the Ambigious Name Resolution code against OpenLDAP). Andrew Bartlett Modified: branches/SAMBA_4_0/source/libcli/ldap/ldap.c branches/SAMBA_4_0/source/libcli/util/asn1.c Changeset: Modified: branches/SAMBA_4_0/source/libcli/ldap/ldap.c === --- branches/SAMBA_4_0/source/libcli/ldap/ldap.c2007-12-27 07:45:22 UTC (rev 26612) +++ branches/SAMBA_4_0/source/libcli/ldap/ldap.c2007-12-27 07:47:11 UTC (rev 26613) @@ -77,7 +77,7 @@ i = 0; if ( ! tree-u.substring.start_with_wildcard) { asn1_push_tag(data, ASN1_CONTEXT_SIMPLE(0)); - asn1_write_LDAPString(data, (char *)tree-u.substring.chunks[i]-data); + asn1_write_DATA_BLOB_LDAPString(data, tree-u.substring.chunks[i]); asn1_pop_tag(data); i++; } @@ -91,7 +91,7 @@ ctx = 1; } asn1_push_tag(data, ASN1_CONTEXT_SIMPLE(ctx)); - asn1_write_LDAPString(data, (char *)tree-u.substring.chunks[i]-data); + asn1_write_DATA_BLOB_LDAPString(data, tree-u.substring.chunks[i]); asn1_pop_tag(data); i++; } @@ -157,7 +157,7 @@ asn1_pop_tag(data); } asn1_push_tag(data, ASN1_CONTEXT_SIMPLE(3)); - asn1_write_LDAPString(data, (char *)tree-u.extended.value.data); + asn1_write_DATA_BLOB_LDAPString(data, tree-u.extended.value); asn1_pop_tag(data); asn1_push_tag(data, ASN1_CONTEXT_SIMPLE(4)); asn1_write_uint8(data, tree-u.extended.dnAttributes); Modified: branches/SAMBA_4_0/source/libcli/util/asn1.c === --- branches/SAMBA_4_0/source/libcli/util/asn1.c2007-12-27 07:45:22 UTC (rev 26612) +++ branches/SAMBA_4_0/source/libcli/util/asn1.c2007-12-27 07:47:11 UTC (rev 26613) @@ -285,6 +285,13 @@ return !data-has_error; } +/* write a LDAP string from a DATA_BLOB */ +bool asn1_write_DATA_BLOB_LDAPString(struct asn1_data *data, const DATA_BLOB *s) +{ + asn1_write(data, s-data, s-length); + return !data-has_error; +} + /* write a general string */ bool asn1_write_GeneralString(struct asn1_data *data, const char *s) {
svn commit: samba r26611 - in branches/SAMBA_4_0/source/lib/ldb/tools: .
Author: abartlet Date: 2007-12-27 07:44:57 + (Thu, 27 Dec 2007) New Revision: 26611 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=26611 Log: Tridge didn't write this... Andrew Bartlett Modified: branches/SAMBA_4_0/source/lib/ldb/tools/ad2oLschema.c Changeset: Modified: branches/SAMBA_4_0/source/lib/ldb/tools/ad2oLschema.c === --- branches/SAMBA_4_0/source/lib/ldb/tools/ad2oLschema.c 2007-12-27 04:18:54 UTC (rev 26610) +++ branches/SAMBA_4_0/source/lib/ldb/tools/ad2oLschema.c 2007-12-27 07:44:57 UTC (rev 26611) @@ -28,7 +28,7 @@ * * Description: utility to convert an AD schema into the format required by OpenLDAP * - * Author: Andrew Tridgell + * Author: Andrew Bartlett */ #include includes.h
svn commit: samba r26612 - in branches/SAMBA_4_0/source/dsdb/samdb/ldb_modules: .
Author: abartlet Date: 2007-12-27 07:45:22 + (Thu, 27 Dec 2007) New Revision: 26612 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=26612 Log: Tests show that we don't need to use a callback. Andrew Bartlett Modified: branches/SAMBA_4_0/source/dsdb/samdb/ldb_modules/anr.c Changeset: Modified: branches/SAMBA_4_0/source/dsdb/samdb/ldb_modules/anr.c === --- branches/SAMBA_4_0/source/dsdb/samdb/ldb_modules/anr.c 2007-12-27 07:44:57 UTC (rev 26611) +++ branches/SAMBA_4_0/source/dsdb/samdb/ldb_modules/anr.c 2007-12-27 07:45:22 UTC (rev 26612) @@ -292,9 +292,6 @@ req-op.search.tree = talloc_steal(req, anr_tree); } - - /* TODO: Add a callback, and ensure we retry the search with surname and given name if we fail to match */ - return ldb_next_request(module, req); }
svn commit: samba r26557 - in branches/SAMBA_4_0: .
Author: abartlet Date: 2007-12-21 22:55:02 + (Fri, 21 Dec 2007) New Revision: 26557 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=26557 Log: sync WHATSNEW with release branch of Samba4 Modified: branches/SAMBA_4_0/WHATSNEW.txt Changeset: Modified: branches/SAMBA_4_0/WHATSNEW.txt === --- branches/SAMBA_4_0/WHATSNEW.txt 2007-12-21 02:33:43 UTC (rev 26556) +++ branches/SAMBA_4_0/WHATSNEW.txt 2007-12-21 22:55:02 UTC (rev 26557) @@ -1,4 +1,4 @@ -What's new in Samba 4 alpha1 +What's new in Samba 4 alpha2 Samba 4 is the ambitious next version of the Samba suite that is being @@ -10,17 +10,14 @@ production environments. Note the WARNINGS below, and the STATUS file, which aims to document what should and should not work. -Samba4 alpha1 is the culmination of 4.5 years of development under our -belt since Tridge first proposed a new Virtual File System (VFS) layer -for Samba3 (a project which eventually lead to our Active Directory -efforts), and 1.5 years since we first released a Technology Preview, -we wish to allow users, managers and developers to see how we have -progressed, and to invite feedback and support. +Samba4 alpha2 follows on from our first alpha release, made in +September, and the Technology Preview series we have offered for some +time now. WARNINGS -Samba4 alpha1 is not a final Samba release. That is more a reference +Samba4 alpha2 is not a final Samba release. That is more a reference to Samba4's lack of the features we expect you will need than a statement of code quality, but clearly it hasn't seen a broad deployment yet. If you were to upgrade Samba3 (or indeed Windows) to @@ -58,7 +55,7 @@ VFS is backed with an extensive automated test suite. A new scripting interface has been added to Samba 4, allowing -JavaScript programs to interface to Samba's internals. +Python programs to interface to Samba's internals. The Samba 4 architecture is based around an LDAP-like database that can use a range of modular backends. One of the backends supports @@ -67,27 +64,27 @@ We are aiming for Samba 4 to be powerful frontend to large directories. -CHANGES SINCE TP5 -= +CHANGES SINCE Alpha 1 += -In the time since TP5 was released in June 2007, Samba has +In the time since Samba4 Alpha1 was released in September 2007, Samba has continued to evolve, but you may particularly notice these areas: - Group Policy Support: Basic group policies may be defined, and are - enforced by Windows clients - MMC Support: The Active Directory Users and Computers console now - works, supporting most operations. + handles group membership correctly. - Winbind: Kai Blin has been working hard on his Google Summer of - Code project, creating a winbind implementation for Samba4. + member/memberOf: These and other linked attributes are now kept in + sync - Heimdal update: A Heimdal 1.0 snapshot is now included as the - internal Kerberos library in Samba4. + subtree renames: Renaming a subtree of LDAP objects is now possible, + with all linked attributes being kept consistant. - In the past few weeks, many small but significant bugs have been - fixed, particularly thanks to Matthias Dieter Wallnöfer [EMAIL PROTECTED] + Python Bindings: Bindings for a future move to Python as the + internal scripting language have been created. + Shared library use: In support of projects such as OpenChange, + which depend on Samba4, more of Samba4 is built as shared libraries. + These are just some of the highlights of the work done in the past few months. More details can be found in our SVN history. @@ -106,12 +103,6 @@ - There is no printing support in the current release. -- Support for managing groups is currently poor (as the - memberOf/member linked attributes are not kept in sync). - -- Renaming and deleting subtrees (containers) in the the LDB tree will - have unexpected results. - - The Samba4 port of the CTDB clustering support is not yet complete - Clock Synchronisation is critical. Many 'wrong password' errors are
svn commit: samba r26556 - in branches/SAMBA_4_0/source/selftest: . env
Author: abartlet Date: 2007-12-21 02:33:43 + (Fri, 21 Dec 2007) New Revision: 26556 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=26556 Log: Make Fedora DS consistant use FEDORA_DS_ROOT, now we use OPENLDAP_ROOT. Add in another varient to test with in the OpenLDAP module-guessing game, from Howard Chu. Andrew Bartlett Modified: branches/SAMBA_4_0/source/selftest/env/Samba4.pm branches/SAMBA_4_0/source/selftest/selftest.pl Changeset: Modified: branches/SAMBA_4_0/source/selftest/env/Samba4.pm === --- branches/SAMBA_4_0/source/selftest/env/Samba4.pm2007-12-21 00:36:17 UTC (rev 26555) +++ branches/SAMBA_4_0/source/selftest/env/Samba4.pm2007-12-21 02:33:43 UTC (rev 26556) @@ -46,7 +46,7 @@ # running slapd in the background means it stays in the same process group, so it can be # killed by timelimit if ($self-{ldap} eq fedora-ds) { - system($ENV{FEDORA_DS_PREFIX}/sbin/ns-slapd -D $env_vars-{FEDORA_DS_DIR} -d0 -i $env_vars-{FEDORA_DS_PIDFILE} $env_vars-{LDAPDIR}/logs 21 ); + system($ENV{FEDORA_DS_ROOT}/sbin/ns-slapd -D $env_vars-{FEDORA_DS_DIR} -d0 -i $env_vars-{FEDORA_DS_PIDFILE} $env_vars-{LDAPDIR}/logs 21 ); } elsif ($self-{ldap} eq openldap) { openldap_start($env_vars-{SLAPD_CONF}, $uri, $env_vars-{LDAPDIR}/logs); } @@ -204,10 +204,10 @@ system($self-{bindir}/ad2oLschema $configuration -H $ldapdir/schema-tmp.ldb --option=convert:target=fedora-ds -I $self-{setupdir}/schema-map-fedora-ds-1.0 -O $ldapdir/99_ad.ldif 2) == 0 or die(schema conversion for Fedora DS failed); my $dir = getcwd(); -chdir $ENV{FEDORA_DS_PREFIX}/bin || die; - if (system(perl $ENV{FEDORA_DS_PREFIX}/sbin/setup-ds.pl --silent --file=$fedora_ds_inf 2) != 0) { +chdir $ENV{FEDORA_DS_ROOT}/bin || die; + if (system(perl $ENV{FEDORA_DS_ROOT}/sbin/setup-ds.pl --silent --file=$fedora_ds_inf 2) != 0) { chdir $dir; -die(perl $ENV{FEDORA_DS_PREFIX}/sbin/setup-ds.pl --silent --file=$fedora_ds_inf FAILED: $?); +die(perl $ENV{FEDORA_DS_ROOT}/sbin/setup-ds.pl --silent --file=$fedora_ds_inf FAILED: $?); } chdir $dir || die; @@ -227,10 +227,10 @@ my $oldpath = $ENV{PATH}; my $olpath = ; - my $olroot = ; - if (defined $ENV{OPENLDAP_ROOT}) { + my $olroot = ; + if (defined $ENV{OPENLDAP_ROOT}) { $olroot = $ENV{OPENLDAP_ROOT}; - $olpath = $olroot/libexec:$olroot/sbin:; + $olpath = $olroot/libexec:$olroot/sbin:; } $ENV{PATH} = $olpath/usr/local/sbin:/usr/sbin:/sbin:$ENV{PATH}; @@ -241,6 +241,7 @@ open(CONF, $modconf); # enable slapd modules print CONF +modulepath $olpath/libexec/openldap moduleload back_hdb moduleload syncprov ; @@ -251,6 +252,16 @@ open(CONF, $modconf); # enable slapd modules print CONF +moduleload back_hdb +moduleload syncprov +; + close(CONF); + } + + if (system(slaptest -u -f $slapd_conf 2) != 0) { + open(CONF, $modconf); + # enable slapd modules + print CONF modulepath /usr/lib/ldap moduleload back_hdb moduleload syncprov Modified: branches/SAMBA_4_0/source/selftest/selftest.pl === --- branches/SAMBA_4_0/source/selftest/selftest.pl 2007-12-21 00:36:17 UTC (rev 26555) +++ branches/SAMBA_4_0/source/selftest/selftest.pl 2007-12-21 02:33:43 UTC (rev 26556) @@ -356,7 +356,7 @@ # Backwards compatibility: if (defined($ENV{TEST_LDAP}) and $ENV{TEST_LDAP} eq yes) { - if (defined($ENV{FEDORA_DS_PREFIX})) { + if (defined($ENV{FEDORA_DS_ROOT})) { $ldap = fedora-ds; } else { $ldap = openldap;
svn commit: samba r26541 - in branches/SAMBA_4_0_RELEASE/source: .
Author: abartlet Date: 2007-12-20 03:44:06 + (Thu, 20 Dec 2007) New Revision: 26541 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=26541 Log: Mark this as the release Modified: branches/SAMBA_4_0_RELEASE/source/VERSION Changeset: Modified: branches/SAMBA_4_0_RELEASE/source/VERSION === --- branches/SAMBA_4_0_RELEASE/source/VERSION 2007-12-20 00:02:15 UTC (rev 26540) +++ branches/SAMBA_4_0_RELEASE/source/VERSION 2007-12-20 03:44:06 UTC (rev 26541) @@ -89,7 +89,7 @@ # e.g. SAMBA_VERSION_IS_SVN_SNAPSHOT=yes # # - 3.0.0-SVN-build-199 # -SAMBA_VERSION_IS_SVN_SNAPSHOT=yes +SAMBA_VERSION_IS_SVN_SNAPSHOT=no # This is for specifying a release nickname#
svn commit: samba r26542 - in tags: .
Author: abartlet Date: 2007-12-20 03:56:41 + (Thu, 20 Dec 2007) New Revision: 26542 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=26542 Log: Tag alpha2 release. Andrew Bartlett Added: tags/release-4-0-0alpha2/ Changeset: Copied: tags/release-4-0-0alpha2 (from rev 26541, branches/SAMBA_4_0_RELEASE)
svn commit: samba r26543 - in tags: .
Author: abartlet Date: 2007-12-20 04:03:33 + (Thu, 20 Dec 2007) New Revision: 26543 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=26543 Log: Tag Samba4 alpha1 release Andrew Bartlett Added: tags/release-4-0-0alpha1/ Changeset: Copied: tags/release-4-0-0alpha1 (from rev 26542, branches/SAMBA_4_0_RELEASE_ALPHA1)
svn commit: samba r26544 - in tags: .
Author: abartlet Date: 2007-12-20 04:10:28 + (Thu, 20 Dec 2007) New Revision: 26544 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=26544 Log: Tag Samba4 tp5 release. Andrew Bartlett Added: tags/release-4-0-0tp5/ Changeset: Copied: tags/release-4-0-0tp5 (from rev 26543, branches/SAMBA_4_0_RELEASE_TP5)
svn commit: samba r26529 - in branches/SAMBA_4_0/source/lib/ldb/common: .
Author: abartlet Date: 2007-12-19 00:39:27 + (Wed, 19 Dec 2007) New Revision: 26529 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=26529 Log: Indeed, this belongs in the schema module. Ranged results need to use an attribute with ';' in the name. Andrew Bartlett Modified: branches/SAMBA_4_0/source/lib/ldb/common/ldb_msg.c Changeset: Modified: branches/SAMBA_4_0/source/lib/ldb/common/ldb_msg.c === --- branches/SAMBA_4_0/source/lib/ldb/common/ldb_msg.c 2007-12-18 22:50:49 UTC (rev 26528) +++ branches/SAMBA_4_0/source/lib/ldb/common/ldb_msg.c 2007-12-19 00:39:27 UTC (rev 26529) @@ -124,11 +124,6 @@ { struct ldb_message_element *els; - /* FIXME: we should probably leave this to the schema module to check */ - if (! ldb_valid_attr_name(attr_name)) { - return LDB_ERR_OPERATIONS_ERROR; - } - els = talloc_realloc(msg, msg-elements, struct ldb_message_element, msg-num_elements+1); if (!els) {
svn commit: samba r26501 - in branches/SAMBA_4_0_RELEASE: .
Author: abartlet Date: 2007-12-17 10:26:56 + (Mon, 17 Dec 2007) New Revision: 26501 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=26501 Log: Merge kblin's updated README Andrew Bartlett Modified: branches/SAMBA_4_0_RELEASE/README Changeset: Modified: branches/SAMBA_4_0_RELEASE/README === --- branches/SAMBA_4_0_RELEASE/README 2007-12-17 10:24:26 UTC (rev 26500) +++ branches/SAMBA_4_0_RELEASE/README 2007-12-17 10:26:56 UTC (rev 26501) @@ -3,8 +3,9 @@ this branch is support for the Active Directory logon protocols used by Windows 2000 and above. -While we welcome your interest in Samba 4, we don't want you to run your network with it quite yet. Please note the WARNINGS below, and the STATUS file, -which aims to document what should and should not work. +While we welcome your interest in Samba 4, we don't want you to run your +network with it quite yet. Please note the WARNINGS below, and the +STATUS file, which aims to document what should and should not work. With 4 years of development under our belt since Tridge first proposed a new Virtual File System (VFS) layer for Samba3 (a project which @@ -17,12 +18,12 @@ WARNINGS -Samba4 TP is currently a pre-alpha technology. That is more a -reference to Samba4's lack of the features we expect you will need -than a statement of code quality, but clearly it hasn't seen a broad -deployment yet. If you were to upgrade Samba3 (or indeed Windows) to -Samba4, you would find many things work, but that other key features -you may have relied on simply are not there yet. +Samba4 is currently at alpha stage. That is more a reference to +Samba4's lack of the features we expect you will need than a statement +of code quality, but clearly it hasn't seen a broad deployment yet. If +you were to upgrade Samba3 (or indeed Windows) to Samba4, you would find +many things work, but that other key features you may have relied on +simply are not there yet. For example, while Samba 3.0 is an excellent member of a Active Directory domain, Samba4 is happier as a domain controller: (This is @@ -98,10 +99,10 @@ Those familiar with Samba 3 can find a list of user-visible changes since that release series in the NEWS file. - - An optional password is no longer supported as the second argument to + - An optional password is no longer supported as the second argument to smbclient. - - The default location of smb.conf in non-FHS builds has changed from the + - The default location of smb.conf in non-FHS builds has changed from the PREFIX/lib directory to the PREFIX/etc directory. KNOWN ISSUES @@ -109,7 +110,7 @@ - Standalone server and domain member roles are not currently supported. While we have much of the infrastructure required, we - have not collected these pieces together. + have not collected these pieces together. - There is no printing support in the current release.
svn commit: samba r26479 - in branches/SAMBA_4_0/testprogs/ejs: .
Author: abartlet Date: 2007-12-17 02:13:41 + (Mon, 17 Dec 2007) New Revision: 26479 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=26479 Log: Further test behaviour of 'attribute or value exists'. Andrew Bartlett Modified: branches/SAMBA_4_0/testprogs/ejs/ldap.js Changeset: Modified: branches/SAMBA_4_0/testprogs/ejs/ldap.js === --- branches/SAMBA_4_0/testprogs/ejs/ldap.js2007-12-17 01:03:08 UTC (rev 26478) +++ branches/SAMBA_4_0/testprogs/ejs/ldap.js2007-12-17 02:13:41 UTC (rev 26479) @@ -137,6 +137,7 @@ } } + println(Testing attribute or value exists behaviour); ok = ldb.modify( dn: cn=ldaptest2computer,cn=computers, + base_dn + changetype: modify @@ -152,6 +153,32 @@ assert(ok.error == 20); } + ok = ldb.modify( +dn: cn=ldaptest2computer,cn=computers, + base_dn + +changetype: modify +replace: servicePrincipalName +servicePrincipalName: host/ldaptest2computer +servicePrincipalName: cifs/ldaptest2computer +); + + if (ok.error != 0) { + println(Failed to replace servicePrincpalName: + ok.errstr); + assert(ok.error == 20); + } + + ok = ldb.modify( +dn: cn=ldaptest2computer,cn=computers, + base_dn + +changetype: modify +add: servicePrincipalName +servicePrincipalName: host/ldaptest2computer +); + +//LDB_ERR_ATTRIBUTE_OR_VALUE_EXISTS + if (ok.error != 20) { + println(Expected error LDB_ERR_ATTRIBUTE_OR_VALUE_EXISTS, got : + ok.errstr); + assert(ok.error == 20); + } + ok = ldb.add( dn: cn=ldaptestuser2,cn=useRs, + base_dn + objectClass: person
svn commit: samba r26485 - in branches/SAMBA_4_0/source/dsdb/samdb/ldb_modules: .
Author: abartlet Date: 2007-12-17 05:19:48 + (Mon, 17 Dec 2007) New Revision: 26485 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=26485 Log: Fix indent, remove left-over debug. Andrew Bartlett Modified: branches/SAMBA_4_0/source/dsdb/samdb/ldb_modules/anr.c Changeset: Modified: branches/SAMBA_4_0/source/dsdb/samdb/ldb_modules/anr.c === --- branches/SAMBA_4_0/source/dsdb/samdb/ldb_modules/anr.c 2007-12-17 04:56:54 UTC (rev 26484) +++ branches/SAMBA_4_0/source/dsdb/samdb/ldb_modules/anr.c 2007-12-17 05:19:48 UTC (rev 26485) @@ -229,7 +229,7 @@ case LDB_OP_OR: for (i=0;itree-u.list.num_elements;i++) { tree-u.list.elements[i] = anr_replace_subtrees(tree-u.list.elements[i], - attr, callback, context); + attr, callback, context); if (!tree-u.list.elements[i]) { return NULL; } @@ -291,7 +291,6 @@ * point just setting this on the down_req */ req-op.search.tree = talloc_steal(req, anr_tree); - DEBUG(0, (anr: %s\n, ldb_filter_from_tree(req, anr_tree))); } /* TODO: Add a callback, and ensure we retry the search with surname and given name if we fail to match */
svn commit: samba r26488 - in branches/SAMBA_4_0: source/dsdb/samdb/ldb_modules testprogs/ejs
Author: abartlet Date: 2007-12-17 05:56:42 + (Mon, 17 Dec 2007) New Revision: 26488 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=26488 Log: Implement tests for the ranged_results module. Untested code is broken code, so rework the module until it passes... It turns out that AD puts search attributes onto the wire in the reverse order to what Samba does. This complicates exact value matching, so this is skipped for now. Andrew Bartlett Modified: branches/SAMBA_4_0/source/dsdb/samdb/ldb_modules/ranged_results.c branches/SAMBA_4_0/testprogs/ejs/ldap.js Changeset: Modified: branches/SAMBA_4_0/source/dsdb/samdb/ldb_modules/ranged_results.c === --- branches/SAMBA_4_0/source/dsdb/samdb/ldb_modules/ranged_results.c 2007-12-17 05:53:37 UTC (rev 26487) +++ branches/SAMBA_4_0/source/dsdb/samdb/ldb_modules/ranged_results.c 2007-12-17 05:56:42 UTC (rev 26488) @@ -60,9 +60,10 @@ if (strncasecmp(p, ;range=, strlen(;range=)) != 0) { continue; } - if (sscanf(p, ;range=%u-*, start) == 1) { + if (sscanf(p, ;range=%u-%u, start, end) == 2) { + } else if (sscanf(p, ;range=%u-*, start) == 1) { end = (unsigned int)-1; - } else if (sscanf(p, ;range=%u-%u, start, end) != 2) { + } else { continue; } new_attr = talloc_strndup(orig_req, @@ -82,39 +83,44 @@ ldb_asprintf_errstring(ldb, range request error: start must not be greater than end); return LDB_ERR_UNWILLING_TO_PERFORM; } - if (end = el-num_values) { + if (end = (el-num_values - 1)) { /* Need to leave the requested attribute in * there (so add an empty one to match) */ end_str = *; - end = el-num_values; - ret = ldb_msg_add_empty(ares-message, orig_req-op.search.attrs[i], - 0, NULL); - if (ret != LDB_SUCCESS) { - return ret; - } + end = el-num_values - 1; } else { end_str = talloc_asprintf(el, %u, end); + if (!end_str) { + ldb_oom(ldb); + return LDB_ERR_OPERATIONS_ERROR; + } } - orig_values = el-values; - orig_num_values = el-num_values; - - if ((start + end start) || (start + end end)) { - ldb_asprintf_errstring(ldb, range request error: start or end would overflow!); - return LDB_ERR_UNWILLING_TO_PERFORM; + /* If start is greater then where we noe find the end to be */ + if (start end) { + el-num_values = 0; + el-values = NULL; + } else { + orig_values = el-values; + orig_num_values = el-num_values; + + if ((start + end start) || (start + end end)) { + ldb_asprintf_errstring(ldb, range request error: start or end would overflow!); + return LDB_ERR_UNWILLING_TO_PERFORM; + } + + el-num_values = 0; + + el-values = talloc_array(el, struct ldb_val, (end - start) + 1); + if (!el-values) { + ldb_oom(ldb); + return LDB_ERR_OPERATIONS_ERROR; + } + for (j=start; j = end; j++) { + el-values[el-num_values] = orig_values[j]; + el-num_values++; + } } - - el-values = talloc_array(el, struct ldb_val, end - start); - el-num_values = 0; - - if (!el-values) { - ldb_oom(ldb); - return LDB_ERR_OPERATIONS_ERROR; - } - for (j=start; j end; j++) { - el-values[el-num_values] = orig_values[j]; - el-num_values++; - } - el-name = talloc_asprintf(el, %s;Range=%u-%s, el-name, start, end_str); + el-name = talloc_asprintf(el, %s;range=%u-%s, el-name, start, end_str); if (!el-name) { ldb_oom(ldb); return LDB_ERR_OPERATIONS_ERROR; Modified: branches/SAMBA_4_0/testprogs
svn commit: samba r26489 - in branches/SAMBA_4_0_RELEASE/source/dsdb/samdb/ldb_modules: .
Author: abartlet Date: 2007-12-17 06:02:54 + (Mon, 17 Dec 2007) New Revision: 26489 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=26489 Log: Merge fixed ranged results module to release branch. This is the last blocker for the release that I know of. Andrew Bartlett Modified: branches/SAMBA_4_0_RELEASE/source/dsdb/samdb/ldb_modules/ranged_results.c Changeset: Modified: branches/SAMBA_4_0_RELEASE/source/dsdb/samdb/ldb_modules/ranged_results.c === --- branches/SAMBA_4_0_RELEASE/source/dsdb/samdb/ldb_modules/ranged_results.c 2007-12-17 05:56:42 UTC (rev 26488) +++ branches/SAMBA_4_0_RELEASE/source/dsdb/samdb/ldb_modules/ranged_results.c 2007-12-17 06:02:54 UTC (rev 26489) @@ -60,9 +60,10 @@ if (strncasecmp(p, ;range=, strlen(;range=)) != 0) { continue; } - if (sscanf(p, ;range=%u-*, start) == 1) { + if (sscanf(p, ;range=%u-%u, start, end) == 2) { + } else if (sscanf(p, ;range=%u-*, start) == 1) { end = (unsigned int)-1; - } else if (sscanf(p, ;range=%u-%u, start, end) != 2) { + } else { continue; } new_attr = talloc_strndup(orig_req, @@ -82,39 +83,44 @@ ldb_asprintf_errstring(ldb, range request error: start must not be greater than end); return LDB_ERR_UNWILLING_TO_PERFORM; } - if (end = el-num_values) { + if (end = (el-num_values - 1)) { /* Need to leave the requested attribute in * there (so add an empty one to match) */ end_str = *; - end = el-num_values; - ret = ldb_msg_add_empty(ares-message, orig_req-op.search.attrs[i], - 0, NULL); - if (ret != LDB_SUCCESS) { - return ret; - } + end = el-num_values - 1; } else { end_str = talloc_asprintf(el, %u, end); + if (!end_str) { + ldb_oom(ldb); + return LDB_ERR_OPERATIONS_ERROR; + } } - orig_values = el-values; - orig_num_values = el-num_values; - - if ((start + end start) || (start + end end)) { - ldb_asprintf_errstring(ldb, range request error: start or end would overflow!); - return LDB_ERR_UNWILLING_TO_PERFORM; + /* If start is greater then where we noe find the end to be */ + if (start end) { + el-num_values = 0; + el-values = NULL; + } else { + orig_values = el-values; + orig_num_values = el-num_values; + + if ((start + end start) || (start + end end)) { + ldb_asprintf_errstring(ldb, range request error: start or end would overflow!); + return LDB_ERR_UNWILLING_TO_PERFORM; + } + + el-num_values = 0; + + el-values = talloc_array(el, struct ldb_val, (end - start) + 1); + if (!el-values) { + ldb_oom(ldb); + return LDB_ERR_OPERATIONS_ERROR; + } + for (j=start; j = end; j++) { + el-values[el-num_values] = orig_values[j]; + el-num_values++; + } } - - el-values = talloc_array(el, struct ldb_val, end - start); - el-num_values = 0; - - if (!el-values) { - ldb_oom(ldb); - return LDB_ERR_OPERATIONS_ERROR; - } - for (j=start; j end; j++) { - el-values[el-num_values] = orig_values[j]; - el-num_values++; - } - el-name = talloc_asprintf(el, %s;Range=%u-%s, el-name, start, end_str); + el-name = talloc_asprintf(el, %s;range=%u-%s, el-name, start, end_str); if (!el-name) { ldb_oom(ldb); return LDB_ERR_OPERATIONS_ERROR;
svn commit: samba r26490 - in branches/SAMBA_4_0_RELEASE: .
Author: abartlet Date: 2007-12-17 06:03:53 + (Mon, 17 Dec 2007) New Revision: 26490 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=26490 Log: Update WHATSNEW. Unless some fancy new words arive soon, this is what we will put out... Andrew Bartlett Modified: branches/SAMBA_4_0_RELEASE/WHATSNEW.txt Changeset: Modified: branches/SAMBA_4_0_RELEASE/WHATSNEW.txt === --- branches/SAMBA_4_0_RELEASE/WHATSNEW.txt 2007-12-17 06:02:54 UTC (rev 26489) +++ branches/SAMBA_4_0_RELEASE/WHATSNEW.txt 2007-12-17 06:03:53 UTC (rev 26490) @@ -10,12 +10,9 @@ production environments. Note the WARNINGS below, and the STATUS file, which aims to document what should and should not work. -Samba4 alpha2 is the culmination of 4.5 years of development under our -belt since Tridge first proposed a new Virtual File System (VFS) layer -for Samba3 (a project which eventually lead to our Active Directory -efforts), and 1.5 years since we first released a Technology Preview, -we wish to allow users, managers and developers to see how we have -progressed, and to invite feedback and support. +Samba4 alpha2 follows on from our first alpha release, made in +September, and the Technology Preview series we have offered for some +time now. WARNINGS @@ -58,7 +55,7 @@ VFS is backed with an extensive automated test suite. A new scripting interface has been added to Samba 4, allowing -JavaScript programs to interface to Samba's internals. +Python programs to interface to Samba's internals. The Samba 4 architecture is based around an LDAP-like database that can use a range of modular backends. One of the backends supports
svn commit: samba r26424 - in branches/SAMBA_4_0/source: selftest/env setup
Author: abartlet Date: 2007-12-13 09:46:41 + (Thu, 13 Dec 2007) New Revision: 26424 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=26424 Log: Patch and hits from Howard Chu [EMAIL PROTECTED] for our automated setup of OpenLDAP. This makes it consistant with the Fedora DS setup, and doesn't mix both hdb and bdb. Andrew Bartlett Modified: branches/SAMBA_4_0/source/selftest/env/Samba4.pm branches/SAMBA_4_0/source/setup/slapd.conf Changeset: Modified: branches/SAMBA_4_0/source/selftest/env/Samba4.pm === --- branches/SAMBA_4_0/source/selftest/env/Samba4.pm2007-12-13 09:13:35 UTC (rev 26423) +++ branches/SAMBA_4_0/source/selftest/env/Samba4.pm2007-12-13 09:46:41 UTC (rev 26424) @@ -25,9 +25,11 @@ sub openldap_start($$$) { my ($slapd_conf, $uri, $logs) = @_; my $oldpath = $ENV{PATH}; + my $olroot = ; my $olpath = ; - if (defined $ENV{OPENLDAP_PATH}) { - $olpath = $ENV{OPENLDAP_PATH}: + if (defined $ENV{OPENLDAP_ROOT}) { + $olroot = $ENV{OPENLDAP_ROOT}; + $olpath = $olroot/libexec:$olroot/sbin:; } $ENV{PATH} = $olpath/usr/local/sbin:/usr/sbin:/sbin:$ENV{PATH}; system(slapd -d63 -f $slapd_conf -h $uri $logs 21 ); @@ -225,8 +227,10 @@ my $oldpath = $ENV{PATH}; my $olpath = ; - if (defined $ENV{OPENLDAP_PATH}) { - $olpath = $ENV{OPENLDAP_PATH}: + my $olroot = ; + if (defined $ENV{OPENLDAP_ROOT}) { + $olroot = $ENV{OPENLDAP_ROOT}; + $olpath = $olroot/libexec:$olroot/sbin:; } $ENV{PATH} = $olpath/usr/local/sbin:/usr/sbin:/sbin:$ENV{PATH}; Modified: branches/SAMBA_4_0/source/setup/slapd.conf === --- branches/SAMBA_4_0/source/setup/slapd.conf 2007-12-13 09:13:35 UTC (rev 26423) +++ branches/SAMBA_4_0/source/setup/slapd.conf 2007-12-13 09:46:41 UTC (rev 26424) @@ -22,7 +22,7 @@ defaultsearchbase ${DOMAINDN} backendhdb -databasebdb +databasehdb suffix ${SCHEMADN} directory ${LDAPDIR}/db/schema index objectClass eq
svn commit: samba r26419 - in branches/SAMBA_4_0: source/dsdb/samdb/ldb_modules source/scripting/libjs testprogs/ejs
Author: abartlet Date: 2007-12-13 03:07:38 + (Thu, 13 Dec 2007) New Revision: 26419 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=26419 Log: Add a module to implement 'ambigious name resolution' by munging the incoming LDAP filter. Warning: Any anr search will perform a full index search. Untill ldb gets substring indexes, this is unavoidable. Also implement a testsutie to show we match AD behaviour for this important extension (used in the Active Directory Users and Computers MMC plugin, as a genereral 'find'). This will also be useful to OpenChange, as their server needs to implement this. Andrew Bartlett Added: branches/SAMBA_4_0/source/dsdb/samdb/ldb_modules/anr.c Modified: branches/SAMBA_4_0/source/dsdb/samdb/ldb_modules/config.mk branches/SAMBA_4_0/source/scripting/libjs/provision.js branches/SAMBA_4_0/testprogs/ejs/ldap.js Changeset: Sorry, the patch is too large (566 lines) to include; please use WebSVN to see it! WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=26419
svn commit: samba r26420 - in branches/SAMBA_4_0/testprogs/ejs: .
Author: abartlet Date: 2007-12-13 07:04:57 + (Thu, 13 Dec 2007) New Revision: 26420 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=26420 Log: Don't print a blow-by-blow description of every search we do, just the errors that occour. Andrew Bartlett Modified: branches/SAMBA_4_0/testprogs/ejs/ldap.js Changeset: Modified: branches/SAMBA_4_0/testprogs/ejs/ldap.js === --- branches/SAMBA_4_0/testprogs/ejs/ldap.js2007-12-13 03:07:38 UTC (rev 26419) +++ branches/SAMBA_4_0/testprogs/ejs/ldap.js2007-12-13 07:04:57 UTC (rev 26420) @@ -182,7 +182,7 @@ println(Testing Ambigious Name Resolution); - println(Testing ldb.search for ((anr=ldap testy)(objectClass=user))); +// Testing ldb.search for ((anr=ldap testy)(objectClass=user)) var res = ldb.search(((anr=ldap testy)(objectClass=user))); if (res.error != 0 || res.msgs.length != 3) { println(Could not find ((anr=ldap testy)(objectClass=user))); @@ -190,15 +190,15 @@ assert(res.msgs.length == 3); } - println(Testing ldb.search for ((anr=testy ldap)(objectClass=user))); +// Testing ldb.search for ((anr=testy ldap)(objectClass=user)) var res = ldb.search(((anr=testy ldap)(objectClass=user))); if (res.error != 0 || res.msgs.length != 2) { - println(Could not find ((anr=testy ldap)(objectClass=user))); + println(Found only + res.msgs.length + for ((anr=testy ldap)(objectClass=user))); assert(res.error == 0); assert(res.msgs.length == 2); } - println(Testing ldb.search for ((anr=ldap)(objectClass=user))); +// Testing ldb.search for ((anr=ldap)(objectClass=user)) var res = ldb.search(((anr=ldap)(objectClass=user))); if (res.error != 0 || res.msgs.length != 4) { println(Found only + res.msgs.length + for ((anr=ldap)(objectClass=user))); @@ -206,9 +206,10 @@ assert(res.msgs.length == 4); } - println(Testing ldb.search for ((anr==ldap)(objectClass=user))); +// Testing ldb.search for ((anr==ldap)(objectClass=user)) var res = ldb.search(((anr==ldap)(objectClass=user))); if (res.error != 0 || res.msgs.length != 1) { + println(Found only + res.msgs.length + for ((anr=ldap)(objectClass=user))); println(Could not find ((anr==ldap)(objectClass=user))); assert(res.error == 0); assert(res.msgs.length == 1); @@ -218,26 +219,26 @@ assert(res.msgs[0].cn == ldaptestuser); assert(res.msgs[0].name == ldaptestuser); - println(Testing ldb.search for ((anr=testy)(objectClass=user))); +// Testing ldb.search for ((anr=testy)(objectClass=user)) var res = ldb.search(((anr=testy)(objectClass=user))); if (res.error != 0 || res.msgs.length != 2) { - println(Could not find ((anr=testy)(objectClass=user))); + println(Found only + res.msgs.length + for ((anr=testy)(objectClass=user))); assert(res.error == 0); assert(res.msgs.length == 2); } - println(Testing ldb.search for ((anr=ldap testy)(objectClass=user))); +// Testing ldb.search for ((anr=ldap testy)(objectClass=user)) var res = ldb.search(((anr=testy ldap)(objectClass=user))); if (res.error != 0 || res.msgs.length != 2) { - println(Could not find ((anr=ldap testy)(objectClass=user))); + println(Found only + res.msgs.length + for ((anr=ldap testy)(objectClass=user))); assert(res.error == 0); assert(res.msgs.length == 2); } - println(Testing ldb.search for ((anr==ldap testy)(objectClass=user))); +// Testing ldb.search for ((anr==ldap testy)(objectClass=user)) var res = ldb.search(((anr==testy ldap)(objectClass=user))); if (res.error != 0 || res.msgs.length != 1) { - println(Could not find ((anr==ldap testy)(objectClass=user))); + println(Found only + res.msgs.length + for ((anr==ldap testy)(objectClass=user))); assert(res.error == 0); assert(res.msgs.length == 1); } @@ -246,7 +247,7 @@ assert(res.msgs[0].cn == ldaptestuser); assert(res.msgs[0].name == ldaptestuser); - println(Testing ldb.search for ((anr==testy ldap)(objectClass=user))); +// Testing ldb.search for ((anr==testy ldap)(objectClass=user)) var res = ldb.search(((anr==testy ldap)(objectClass=user))); if (res.error != 0 || res.msgs.length != 1) { println(Could not find ((anr==testy ldap)(objectClass=user))); @@ -258,7 +259,7 @@ assert(res.msgs[0].cn == ldaptestuser); assert(res.msgs[0].name == ldaptestuser); - println(Testing ldb.search for ((anr=testy ldap user)(objectClass=user
svn commit: samba r26412 - in branches/SAMBA_4_0/source/dsdb/schema: .
Author: abartlet Date: 2007-12-12 07:02:07 + (Wed, 12 Dec 2007) New Revision: 26412 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=26412 Log: Add comments and refactor to reuse common code. Andrew Bartlett Modified: branches/SAMBA_4_0/source/dsdb/schema/schema_init.c Changeset: Modified: branches/SAMBA_4_0/source/dsdb/schema/schema_init.c === --- branches/SAMBA_4_0/source/dsdb/schema/schema_init.c 2007-12-12 03:02:18 UTC (rev 26411) +++ branches/SAMBA_4_0/source/dsdb/schema/schema_init.c 2007-12-12 07:02:07 UTC (rev 26412) @@ -3,7 +3,8 @@ DSDB schema header Copyright (C) Stefan Metzmacher [EMAIL PROTECTED] 2006 - + Copyright (C) Andrew Bartlett [EMAIL PROTECTED] 2007 + This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 3 of the License, or @@ -1038,6 +1039,11 @@ return WERR_OK; } +/** + * Attach the schema to an opaque pointer on the ldb, so ldb modules + * can find it + */ + int dsdb_set_schema(struct ldb_context *ldb, struct dsdb_schema *schema) { int ret; @@ -1052,8 +1058,14 @@ return LDB_SUCCESS; } +/** + * Global variable to hold one copy of the schema, used to avoid memory bloat + */ static struct dsdb_schema *global_schema; +/** + * Make this ldb use the 'global' schema, setup to avoid having multiple copies in this process + */ int dsdb_set_global_schema(struct ldb_context *ldb) { int ret; @@ -1068,6 +1080,10 @@ return LDB_SUCCESS; } +/** + * Find the schema object for this ldb + */ + const struct dsdb_schema *dsdb_get_schema(struct ldb_context *ldb) { const void *p; @@ -1087,18 +1103,14 @@ return schema; } +/** + * Make the schema found on this ldb the 'global' schema + */ + void dsdb_make_schema_global(struct ldb_context *ldb) { const void *p; - const struct dsdb_schema *schema; - - /* see if we have a cached copy */ - p = ldb_get_opaque(ldb, dsdb_schema); - if (!p) { - return; - } - - schema = talloc_get_type(p, struct dsdb_schema); + const struct dsdb_schema *schema = dsdb_get_schema(ldb); if (!schema) { return; } @@ -1109,6 +1121,13 @@ dsdb_set_global_schema(ldb); } + +/** + * Rather than read a schema from the LDB itself, read it from an ldif + * file. This allows schema to be loaded and used while adding the + * schema itself to the directory. + */ + WERROR dsdb_attach_schema_from_ldif_file(struct ldb_context *ldb, const char *pf, const char *df) { struct ldb_ldif *ldif;
svn commit: samba r26386 - in branches/SAMBA_4_0/source/lib/util: .
Author: abartlet Date: 2007-12-11 00:22:05 + (Tue, 11 Dec 2007) New Revision: 26386 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=26386 Log: We need to test in more than just 'interactive' mode... Fix segfault found when running smbd without options. Andrew Bartlett Modified: branches/SAMBA_4_0/source/lib/util/debug.c Changeset: Modified: branches/SAMBA_4_0/source/lib/util/debug.c === --- branches/SAMBA_4_0/source/lib/util/debug.c 2007-12-10 18:42:07 UTC (rev 26385) +++ branches/SAMBA_4_0/source/lib/util/debug.c 2007-12-11 00:22:05 UTC (rev 26386) @@ -137,7 +137,7 @@ break; case DEBUG_FILE: - if ((*logfile) == '/') { + if (logfile (*logfile) == '/') { fname = strdup(logfile); } else { asprintf(fname, %s/%s.log, dyn_LOGFILEBASE, state.prog_name);
svn commit: samba r26387 - in branches/SAMBA_4_0_RELEASE/source/lib/util: .
Author: abartlet Date: 2007-12-11 00:23:08 + (Tue, 11 Dec 2007) New Revision: 26387 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=26387 Log: Merge logfile segfault into alpha2 branch. Andrew Bartlett Modified: branches/SAMBA_4_0_RELEASE/source/lib/util/debug.c Changeset: Modified: branches/SAMBA_4_0_RELEASE/source/lib/util/debug.c === --- branches/SAMBA_4_0_RELEASE/source/lib/util/debug.c 2007-12-11 00:22:05 UTC (rev 26386) +++ branches/SAMBA_4_0_RELEASE/source/lib/util/debug.c 2007-12-11 00:23:08 UTC (rev 26387) @@ -137,7 +137,7 @@ break; case DEBUG_FILE: - if ((*logfile) == '/') { + if (logfile (*logfile) == '/') { fname = strdup(logfile); } else { asprintf(fname, %s/%s.log, dyn_LOGFILEBASE, state.prog_name);
svn commit: samba r26388 - in branches/SAMBA_4_0_RELEASE/swat/install: .
Author: abartlet Date: 2007-12-11 02:09:37 + (Tue, 11 Dec 2007) New Revision: 26388 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=26388 Log: Fix up SWAT provision (again...), after changes I made to the command-line version a while back. Andrew Bartlett Modified: branches/SAMBA_4_0_RELEASE/swat/install/provision.esp branches/SAMBA_4_0_RELEASE/swat/install/vampire.esp Changeset: Modified: branches/SAMBA_4_0_RELEASE/swat/install/provision.esp === --- branches/SAMBA_4_0_RELEASE/swat/install/provision.esp 2007-12-11 00:23:08 UTC (rev 26387) +++ branches/SAMBA_4_0_RELEASE/swat/install/provision.esp 2007-12-11 02:09:37 UTC (rev 26388) @@ -11,7 +11,6 @@ var f = FormObj(Provisioning, 0, 2); var i; var lp = loadparm_init(); - if ((session.authinfo.user_class == ADMINISTRATOR) || (session.authinfo.user_class == SYSTEM)) { @@ -56,6 +55,9 @@ lp.reload(); var goodpass = (subobj.CONFIRM == subobj.ADMINPASS); + var paths = provision_default_paths(subobj); + provision_fix_subobj(subobj, paths); + if (!goodpass) { write(h3Passwords don't match. Please try again./h3); f.display(); @@ -65,7 +67,6 @@ } else if (!provision_validate(subobj, writefln)) { f.display(); } else { - var paths = provision_default_paths(subobj); if (!provision(subobj, writefln, false, paths, session.authinfo.session_info, session.authinfo.credentials, false)) { writefln(Provision failed!); Modified: branches/SAMBA_4_0_RELEASE/swat/install/vampire.esp === --- branches/SAMBA_4_0_RELEASE/swat/install/vampire.esp 2007-12-11 00:23:08 UTC (rev 26387) +++ branches/SAMBA_4_0_RELEASE/swat/install/vampire.esp 2007-12-11 02:09:37 UTC (rev 26388) @@ -76,7 +76,8 @@ var session_info = session.authinfo.session_info; var credentials = session.authinfo.credentials; - info.credentials = credentials; + provision_fix_subobj(subobj, paths); + info.session_info = session_info; info.message = writefln; info.subobj = subobj;
svn commit: samba r26389 - in branches/SAMBA_4_0/swat/install: .
Author: abartlet Date: 2007-12-11 02:10:46 + (Tue, 11 Dec 2007) New Revision: 26389 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=26389 Log: Merge SWAT changes from alpha2 back into main Samba4 tree. Andrew Bartlett Modified: branches/SAMBA_4_0/swat/install/index.esp branches/SAMBA_4_0/swat/install/provision.esp branches/SAMBA_4_0/swat/install/samba3.esp branches/SAMBA_4_0/swat/install/vampire.esp Changeset: Modified: branches/SAMBA_4_0/swat/install/index.esp === --- branches/SAMBA_4_0/swat/install/index.esp 2007-12-11 02:09:37 UTC (rev 26388) +++ branches/SAMBA_4_0/swat/install/index.esp 2007-12-11 02:10:46 UTC (rev 26389) @@ -1,7 +1,7 @@ % page_header(columns, Server Installation, install); -if (session.authinfo.user_class == ADMINISTRATOR -|| session.authinfo.user_class == SYSTEM) { +if ((session.authinfo.user_class == ADMINISTRATOR) +|| (session.authinfo.user_class == SYSTEM)) { % Modified: branches/SAMBA_4_0/swat/install/provision.esp === --- branches/SAMBA_4_0/swat/install/provision.esp 2007-12-11 02:09:37 UTC (rev 26388) +++ branches/SAMBA_4_0/swat/install/provision.esp 2007-12-11 02:10:46 UTC (rev 26389) @@ -11,10 +11,9 @@ var f = FormObj(Provisioning, 0, 2); var i; var lp = loadparm_init(); +if ((session.authinfo.user_class == ADMINISTRATOR) +|| (session.authinfo.user_class == SYSTEM)) { -if (session.authinfo.user_class == ADMINISTRATOR -|| session.authinfo.user_class == SYSTEM) { - if (lp.get(realm) == ) { lp.set(realm, lp.get(workgroup) + .example.com); } @@ -56,6 +55,9 @@ lp.reload(); var goodpass = (subobj.CONFIRM == subobj.ADMINPASS); + var paths = provision_default_paths(subobj); + provision_fix_subobj(subobj, paths); + if (!goodpass) { write(h3Passwords don't match. Please try again./h3); f.display(); @@ -65,7 +67,6 @@ } else if (!provision_validate(subobj, writefln)) { f.display(); } else { - var paths = provision_default_paths(subobj); if (!provision(subobj, writefln, false, paths, session.authinfo.session_info, session.authinfo.credentials, false)) { writefln(Provision failed!); Modified: branches/SAMBA_4_0/swat/install/samba3.esp === --- branches/SAMBA_4_0/swat/install/samba3.esp 2007-12-11 02:09:37 UTC (rev 26388) +++ branches/SAMBA_4_0/swat/install/samba3.esp 2007-12-11 02:10:46 UTC (rev 26389) @@ -15,8 +15,8 @@ h1Import from Samba3/h1 % -if (session.authinfo.user_class == ADMINISTRATOR -|| session.authinfo.user_class == SYSTEM) { +if ((session.authinfo.user_class == ADMINISTRATOR) +|| (session.authinfo.user_class == SYSTEM)) { if (form['submit'] == Cancel) { redirect(/); Modified: branches/SAMBA_4_0/swat/install/vampire.esp === --- branches/SAMBA_4_0/swat/install/vampire.esp 2007-12-11 02:09:37 UTC (rev 26388) +++ branches/SAMBA_4_0/swat/install/vampire.esp 2007-12-11 02:10:46 UTC (rev 26389) @@ -14,8 +14,8 @@ var i; var lp = loadparm_init(); -if (session.authinfo.user_class == ADMINISTRATOR -|| session.authinfo.user_class == SYSTEM) { +if ((session.authinfo.user_class == ADMINISTRATOR) +|| (session.authinfo.user_class == SYSTEM)) { if (lp.get(realm) == ) { lp.set(realm, lp.get(workgroup) + .example.com); @@ -76,7 +76,8 @@ var session_info = session.authinfo.session_info; var credentials = session.authinfo.credentials; - info.credentials = credentials; + provision_fix_subobj(subobj, paths); + info.session_info = session_info; info.message = writefln; info.subobj = subobj;
svn commit: samba r26390 - in branches/SAMBA_4_0_RELEASE: .
Author: abartlet Date: 2007-12-11 02:53:40 + (Tue, 11 Dec 2007) New Revision: 26390 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=26390 Log: Start on a WHATSNEW for the alpah2 release. Andrew Bartlett Modified: branches/SAMBA_4_0_RELEASE/WHATSNEW.txt Changeset: Modified: branches/SAMBA_4_0_RELEASE/WHATSNEW.txt === --- branches/SAMBA_4_0_RELEASE/WHATSNEW.txt 2007-12-11 02:10:46 UTC (rev 26389) +++ branches/SAMBA_4_0_RELEASE/WHATSNEW.txt 2007-12-11 02:53:40 UTC (rev 26390) @@ -70,24 +70,24 @@ CHANGES SINCE TP5 = -In the time since TP5 was released in June 2007, Samba has +In the time since Sama4 Alpha1 was released in September 2007, Samba has continued to evolve, but you may particularly notice these areas: - Group Policy Support: Basic group policies may be defined, and are - enforced by Windows clients - MMC Support: The Active Directory Users and Computers console now - works, supporting most operations. + handles group membership correctly. - Winbind: Kai Blin has been working hard on his Google Summer of - Code project, creating a winbind implementation for Samba4. + member/memberOf: These and other linked attributes are now kept in + sync - Heimdal update: A Heimdal 1.0 snapshot is now included as the - internal Kerberos library in Samba4. + subtree renames: Renaming a subtree of LDAP objects is now possible, + with all linked attributes being kept consistant. - In the past few weeks, many small but significant bugs have been - fixed, particularly thanks to Matthias Dieter Wallnöfer [EMAIL PROTECTED] + Python Bindings: Bindings for a future move to python as the + internal scripting language have been created. + Shared library use: In support of projects such as OpenChange, + which depend on Samba4, more of Samba4 is built as shared libraries. + These are just some of the highlights of the work done in the past few months. More details can be found in our SVN history. @@ -106,12 +106,6 @@ - There is no printing support in the current release. -- Support for managing groups is currently poor (as the - memberOf/member linked attributes are not kept in sync). - -- Renaming and deleting subtrees (containers) in the the LDB tree will - have unexpected results. - - The Samba4 port of the CTDB clustering support is not yet complete - Clock Synchronisation is critical. Many 'wrong password' errors are
svn commit: samba r26354 - in branches/SAMBA_4_0/source/torture/rpc: .
Author: abartlet Date: 2007-12-10 01:45:04 + (Mon, 10 Dec 2007) New Revision: 26354 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=26354 Log: In trying to chase down why we have reports that WinXP won't join Samba4, rule out incorrect sid types in LSA LookupName returns. Also fix the test to pass against Win2k3 Native mode. Andrew Bartlett Modified: branches/SAMBA_4_0/source/torture/rpc/lsa.c Changeset: Modified: branches/SAMBA_4_0/source/torture/rpc/lsa.c === --- branches/SAMBA_4_0/source/torture/rpc/lsa.c 2007-12-08 23:32:43 UTC (rev 26353) +++ branches/SAMBA_4_0/source/torture/rpc/lsa.c 2007-12-10 01:45:04 UTC (rev 26354) @@ -29,6 +29,8 @@ #include torture/rpc/rpc.h #include param/param.h +#define TEST_MACHINENAME lsatestmach + static void init_lsa_String(struct lsa_String *name, const char *s) { name-string = s; @@ -125,9 +127,27 @@ return true; } + +static const char *sid_type_lookup(enum lsa_SidType r) +{ + switch (r) { + case SID_NAME_USE_NONE: return SID_NAME_USE_NONE; break; + case SID_NAME_USER: return SID_NAME_USER; break; + case SID_NAME_DOM_GRP: return SID_NAME_DOM_GRP; break; + case SID_NAME_DOMAIN: return SID_NAME_DOMAIN; break; + case SID_NAME_ALIAS: return SID_NAME_ALIAS; break; + case SID_NAME_WKN_GRP: return SID_NAME_WKN_GRP; break; + case SID_NAME_DELETED: return SID_NAME_DELETED; break; + case SID_NAME_INVALID: return SID_NAME_INVALID; break; + case SID_NAME_UNKNOWN: return SID_NAME_UNKNOWN; break; + case SID_NAME_COMPUTER: return SID_NAME_COMPUTER; break; + } + return Invalid sid type\n; +} + static bool test_LookupNames(struct dcerpc_pipe *p, - TALLOC_CTX *mem_ctx, - struct policy_handle *handle, +TALLOC_CTX *mem_ctx, +struct policy_handle *handle, struct lsa_TransNameArray *tnames) { struct lsa_LookupNames r; @@ -157,11 +177,34 @@ r.out.sids = sids; status = dcerpc_lsa_LookupNames(p, mem_ctx, r); - if (!NT_STATUS_IS_OK(status)) { + + if (NT_STATUS_EQUAL(status, STATUS_SOME_UNMAPPED) || + NT_STATUS_EQUAL(status, NT_STATUS_NONE_MAPPED)) { + for (i=0;i tnames-count;i++) { + if (i count sids.sids[i].sid_type == SID_NAME_UNKNOWN) { + printf(LookupName of %s was unmapped\n, + tnames-names[i].name.string); + } else if (i =count) { + printf(LookupName of %s failed to return a result\n, + tnames-names[i].name.string); + } + } printf(LookupNames failed - %s\n, nt_errstr(status)); return false; + } else if (!NT_STATUS_IS_OK(status)) { + printf(LookupNames failed - %s\n, nt_errstr(status)); + return false; } - + + for (i=0;i tnames-count;i++) { + if (i count sids.sids[i].sid_type != tnames-names[i].sid_type) { + printf(LookupName of %s got unexpected name type: %s\n, + tnames-names[i].name.string, sid_type_lookup(sids.sids[i].sid_type)); + } else if (i =count) { + printf(LookupName of %s failed to return a result\n, + tnames-names[i].name.string); + } + } printf(\n); return true; @@ -228,30 +271,39 @@ tnames.names = name; tnames.count = 1; name.name.string = NT AUTHORITY\\SYSTEM; + name.sid_type = SID_NAME_WKN_GRP; ret = test_LookupNames(p, mem_ctx, handle, tnames); name.name.string = NT AUTHORITY\\ANONYMOUS LOGON; + name.sid_type = SID_NAME_WKN_GRP; ret = test_LookupNames(p, mem_ctx, handle, tnames); name.name.string = NT AUTHORITY\\Authenticated Users; + name.sid_type = SID_NAME_WKN_GRP; ret = test_LookupNames(p, mem_ctx, handle, tnames); +#if 0 name.name.string = NT AUTHORITY; ret = test_LookupNames(p, mem_ctx, handle, tnames); name.name.string = NT AUTHORITY\\; ret = test_LookupNames(p, mem_ctx, handle, tnames); +#endif name.name.string = BUILTIN\\; + name.sid_type = SID_NAME_DOMAIN; ret = test_LookupNames(p, mem_ctx, handle, tnames); name.name.string = BUILTIN\\Administrators; ret = test_LookupNames(p, mem_ctx, handle, tnames); + name.sid_type = SID_NAME_ALIAS; name.name.string = SYSTEM; + name.sid_type = SID_NAME_WKN_GRP; ret
svn commit: samba r26361 - in branches/SAMBA_4_0/source/torture/libnet: .
Author: abartlet Date: 2007-12-10 05:45:41 + (Mon, 10 Dec 2007) New Revision: 26361 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=26361 Log: Ensure this test cannot proceed if the pipe connection failed. Andrew Bartlett Modified: branches/SAMBA_4_0/source/torture/libnet/libnet_share.c Changeset: Modified: branches/SAMBA_4_0/source/torture/libnet/libnet_share.c === --- branches/SAMBA_4_0/source/torture/libnet/libnet_share.c 2007-12-10 04:33:39 UTC (rev 26360) +++ branches/SAMBA_4_0/source/torture/libnet/libnet_share.c 2007-12-10 05:45:41 UTC (rev 26361) @@ -216,6 +216,8 @@ p, ndr_table_srvsvc); + torture_assert_ntstatus_ok(torture, status, Failed to get rpc connection); + if (!test_addshare(p, torture, host, TEST_SHARENAME)) { return false; }
svn commit: samba r26362 - in branches/SAMBA_4_0/source/torture/libnet: .
Author: abartlet Date: 2007-12-10 06:21:29 + (Mon, 10 Dec 2007) New Revision: 26362 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=26362 Log: Fix segfault in NET-API-DELSHARE torture test. Andrew Bartlett Modified: branches/SAMBA_4_0/source/torture/libnet/libnet_share.c Changeset: Modified: branches/SAMBA_4_0/source/torture/libnet/libnet_share.c === --- branches/SAMBA_4_0/source/torture/libnet/libnet_share.c 2007-12-10 05:45:41 UTC (rev 26361) +++ branches/SAMBA_4_0/source/torture/libnet/libnet_share.c 2007-12-10 06:21:29 UTC (rev 26362) @@ -183,6 +183,7 @@ add.in.server_unc = host; add.in.level = 2; add.in.info.info2 = i; + add.in.parm_error = NULL; status = dcerpc_srvsvc_NetShareAdd(svc_pipe, mem_ctx, add); if (!NT_STATUS_IS_OK(status)) {
svn commit: samba r26363 - in branches: .
Author: abartlet Date: 2007-12-10 06:38:59 + (Mon, 10 Dec 2007) New Revision: 26363 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=26363 Log: Move alpha1 release aside in preperation for cutting an alpha2 release. Andrew Bartlett Added: branches/SAMBA_4_0_RELEASE_ALPHA1/ Removed: branches/SAMBA_4_0_RELEASE/ Changeset: Copied: branches/SAMBA_4_0_RELEASE_ALPHA1 (from rev 26362, branches/SAMBA_4_0_RELEASE)
svn commit: samba r26364 - in branches: . SAMBA_4_0_RELEASE/source/lib/util SAMBA_4_0_RELEASE/swat/install
Author: abartlet Date: 2007-12-10 06:39:42 + (Mon, 10 Dec 2007) New Revision: 26364 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=26364 Log: Branch Samba 4.0 for an alpha2 release. Andrew Bartlett Added: branches/SAMBA_4_0_RELEASE/ branches/SAMBA_4_0_RELEASE/source/lib/util/smbrun.c Modified: branches/SAMBA_4_0_RELEASE/swat/install/index.esp branches/SAMBA_4_0_RELEASE/swat/install/provision.esp branches/SAMBA_4_0_RELEASE/swat/install/samba3.esp branches/SAMBA_4_0_RELEASE/swat/install/vampire.esp Changeset: Copied: branches/SAMBA_4_0_RELEASE (from rev 26362, branches/SAMBA_4_0) Copied: branches/SAMBA_4_0_RELEASE/source/lib/util/smbrun.c (from rev 25225, branches/SAMBA_3_2/source/lib/smbrun.c) Modified: branches/SAMBA_4_0_RELEASE/swat/install/index.esp === --- branches/SAMBA_4_0/swat/install/index.esp 2007-12-10 06:21:29 UTC (rev 26362) +++ branches/SAMBA_4_0_RELEASE/swat/install/index.esp 2007-12-10 06:39:42 UTC (rev 26364) @@ -1,7 +1,7 @@ % page_header(columns, Server Installation, install); -if (session.authinfo.user_class == ADMINISTRATOR -|| session.authinfo.user_class == SYSTEM) { +if ((session.authinfo.user_class == ADMINISTRATOR) +|| (session.authinfo.user_class == SYSTEM)) { % Modified: branches/SAMBA_4_0_RELEASE/swat/install/provision.esp === --- branches/SAMBA_4_0/swat/install/provision.esp 2007-12-10 06:21:29 UTC (rev 26362) +++ branches/SAMBA_4_0_RELEASE/swat/install/provision.esp 2007-12-10 06:39:42 UTC (rev 26364) @@ -12,8 +12,8 @@ var i; var lp = loadparm_init(); -if (session.authinfo.user_class == ADMINISTRATOR -|| session.authinfo.user_class == SYSTEM) { +if ((session.authinfo.user_class == ADMINISTRATOR) +|| (session.authinfo.user_class == SYSTEM)) { if (lp.get(realm) == ) { lp.set(realm, lp.get(workgroup) + .example.com); Modified: branches/SAMBA_4_0_RELEASE/swat/install/samba3.esp === --- branches/SAMBA_4_0/swat/install/samba3.esp 2007-12-10 06:21:29 UTC (rev 26362) +++ branches/SAMBA_4_0_RELEASE/swat/install/samba3.esp 2007-12-10 06:39:42 UTC (rev 26364) @@ -15,8 +15,8 @@ h1Import from Samba3/h1 % -if (session.authinfo.user_class == ADMINISTRATOR -|| session.authinfo.user_class == SYSTEM) { +if ((session.authinfo.user_class == ADMINISTRATOR) +|| (session.authinfo.user_class == SYSTEM)) { if (form['submit'] == Cancel) { redirect(/); Modified: branches/SAMBA_4_0_RELEASE/swat/install/vampire.esp === --- branches/SAMBA_4_0/swat/install/vampire.esp 2007-12-10 06:21:29 UTC (rev 26362) +++ branches/SAMBA_4_0_RELEASE/swat/install/vampire.esp 2007-12-10 06:39:42 UTC (rev 26364) @@ -14,8 +14,8 @@ var i; var lp = loadparm_init(); -if (session.authinfo.user_class == ADMINISTRATOR -|| session.authinfo.user_class == SYSTEM) { +if ((session.authinfo.user_class == ADMINISTRATOR) +|| (session.authinfo.user_class == SYSTEM)) { if (lp.get(realm) == ) { lp.set(realm, lp.get(workgroup) + .example.com);
svn commit: samba r26365 - in branches/SAMBA_4_0/source: .
Author: abartlet Date: 2007-12-10 06:40:37 + (Mon, 10 Dec 2007) New Revision: 26365 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=26365 Log: This will now be the alpha3 tree (once I release alpha2). Andrew Bartlett Modified: branches/SAMBA_4_0/source/VERSION Changeset: Modified: branches/SAMBA_4_0/source/VERSION === --- branches/SAMBA_4_0/source/VERSION 2007-12-10 06:39:42 UTC (rev 26364) +++ branches/SAMBA_4_0/source/VERSION 2007-12-10 06:40:37 UTC (rev 26365) @@ -57,7 +57,7 @@ # e.g. SAMBA_VERSION_ALPHA_RELEASE=1 # # - 4.0.0alpha1 # -SAMBA_VERSION_ALPHA_RELEASE=2 +SAMBA_VERSION_ALPHA_RELEASE=3 # For 'pre' releases the version will be #
svn commit: samba r26324 - in branches/SAMBA_4_0/source/dsdb: common samdb
Author: abartlet Date: 2007-12-06 23:15:37 + (Thu, 06 Dec 2007) New Revision: 26324 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=26324 Log: Fix includes for Jelmer. Andrew Bartlett Modified: branches/SAMBA_4_0/source/dsdb/common/sidmap.c branches/SAMBA_4_0/source/dsdb/samdb/cracknames.c Changeset: Modified: branches/SAMBA_4_0/source/dsdb/common/sidmap.c === --- branches/SAMBA_4_0/source/dsdb/common/sidmap.c 2007-12-06 22:39:44 UTC (rev 26323) +++ branches/SAMBA_4_0/source/dsdb/common/sidmap.c 2007-12-06 23:15:37 UTC (rev 26324) @@ -25,7 +25,7 @@ #include dsdb/samdb/samdb.h #include auth/auth.h #include libcli/ldap/ldap_ndr.h -#include ldb.h +#include lib/ldb/include/ldb.h #include util/util_ldb.h #include libcli/security/security.h #include param/param.h Modified: branches/SAMBA_4_0/source/dsdb/samdb/cracknames.c === --- branches/SAMBA_4_0/source/dsdb/samdb/cracknames.c 2007-12-06 22:39:44 UTC (rev 26323) +++ branches/SAMBA_4_0/source/dsdb/samdb/cracknames.c 2007-12-06 23:15:37 UTC (rev 26324) @@ -24,6 +24,7 @@ #include includes.h #include librpc/gen_ndr/drsuapi.h #include rpc_server/common/common.h +#include lib/ldb/include/ldb.h #include lib/ldb/include/ldb_errors.h #include system/kerberos.h #include auth/kerberos/kerberos.h @@ -31,7 +32,6 @@ #include libcli/security/security.h #include librpc/gen_ndr/ndr_misc.h #include auth/auth.h -#include ldb.h #include util/util_ldb.h #include dsdb/samdb/samdb.h #include param/param.h
svn commit: samba r26297 - in branches/SAMBA_4_0/source/dsdb/samdb/ldb_modules: .
Author: abartlet Date: 2007-12-05 00:35:19 + (Wed, 05 Dec 2007) New Revision: 26297 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=26297 Log: Correct error message. This function verifies attributes, not objectclasses. Andrew Bartlett Modified: branches/SAMBA_4_0/source/dsdb/samdb/ldb_modules/objectclass.c Changeset: Modified: branches/SAMBA_4_0/source/dsdb/samdb/ldb_modules/objectclass.c === --- branches/SAMBA_4_0/source/dsdb/samdb/ldb_modules/objectclass.c 2007-12-04 20:05:00 UTC (rev 26296) +++ branches/SAMBA_4_0/source/dsdb/samdb/ldb_modules/objectclass.c 2007-12-05 00:35:19 UTC (rev 26297) @@ -349,7 +349,7 @@ for (i=0; i msg-num_elements; i++) { const struct dsdb_attribute *attribute = dsdb_attribute_by_lDAPDisplayName(schema, msg-elements[i].name); if (!attribute) { - ldb_asprintf_errstring(ldb, objectclass %s is not a valid objectClass in schema, msg-elements[i].name); + ldb_asprintf_errstring(ldb, attribute %s is not a valid attribute in schema, msg-elements[i].name); return LDB_ERR_UNDEFINED_ATTRIBUTE_TYPE; } msg-elements[i].name = attribute-lDAPDisplayName;
svn commit: samba r26298 - in branches/SAMBA_4_0/source: dsdb/samdb rpc_server/netlogon scripting/ejs scripting/libjs setup
Author: abartlet Date: 2007-12-05 00:40:48 + (Wed, 05 Dec 2007) New Revision: 26298 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=26298 Log: Use metze's schema loading code to pre-initialise the schema into the samdb before we start writing entries into it. In doing so, I realised we still used 'dnsDomain', which is not part of the standard schema (now removed). We also set the 'wrong' side of the linked attributes for the masteredBy on each partition - this is now set in provision_self_join and backlinks via the linked attributes code. When we have the schema loaded, we must also have a valid domain SID loaded, so that the objectclass module works. This required some ejs glue. Andrew Bartlett Modified: branches/SAMBA_4_0/source/dsdb/samdb/samdb.c branches/SAMBA_4_0/source/rpc_server/netlogon/dcerpc_netlogon.c branches/SAMBA_4_0/source/scripting/ejs/smbcalls_ldb.c branches/SAMBA_4_0/source/scripting/libjs/provision.js branches/SAMBA_4_0/source/setup/provision_basedn_modify.ldif branches/SAMBA_4_0/source/setup/provision_configuration_basedn_modify.ldif branches/SAMBA_4_0/source/setup/provision_schema_basedn_modify.ldif branches/SAMBA_4_0/source/setup/provision_self_join.ldif branches/SAMBA_4_0/source/setup/schema_samba4.ldif Changeset: Modified: branches/SAMBA_4_0/source/dsdb/samdb/samdb.c === --- branches/SAMBA_4_0/source/dsdb/samdb/samdb.c2007-12-05 00:35:19 UTC (rev 26297) +++ branches/SAMBA_4_0/source/dsdb/samdb/samdb.c2007-12-05 00:40:48 UTC (rev 26298) @@ -1136,6 +1136,43 @@ return NULL; } +bool samdb_set_domain_sid(struct ldb_context *ldb, const struct dom_sid *dom_sid_in) +{ + TALLOC_CTX *tmp_ctx; + struct dom_sid *dom_sid_new; + struct dom_sid *dom_sid_old; + + /* see if we have a cached copy */ + dom_sid_old = talloc_get_type(ldb_get_opaque(ldb, +cache.domain_sid), struct dom_sid); + + tmp_ctx = talloc_new(ldb); + if (tmp_ctx == NULL) { + goto failed; + } + + dom_sid_new = dom_sid_dup(tmp_ctx, dom_sid_in); + if (!dom_sid_new) { + goto failed; + } + + /* cache the domain_sid in the ldb */ + if (ldb_set_opaque(ldb, cache.domain_sid, dom_sid_new) != LDB_SUCCESS) { + goto failed; + } + + talloc_steal(ldb, dom_sid_new); + talloc_free(tmp_ctx); + talloc_free(dom_sid_old); + + return true; + +failed: + DEBUG(1,(Failed to set our own cached domain SID in the ldb!\n)); + talloc_free(tmp_ctx); + return false; +} + /* Obtain the short name of the flexible single master operator * (FSMO), such as the PDC Emulator */ const char *samdb_result_fsmo_name(struct ldb_context *ldb, TALLOC_CTX *mem_ctx, const struct ldb_message *msg, Modified: branches/SAMBA_4_0/source/rpc_server/netlogon/dcerpc_netlogon.c === --- branches/SAMBA_4_0/source/rpc_server/netlogon/dcerpc_netlogon.c 2007-12-05 00:35:19 UTC (rev 26297) +++ branches/SAMBA_4_0/source/rpc_server/netlogon/dcerpc_netlogon.c 2007-12-05 00:40:48 UTC (rev 26298) @@ -985,6 +985,7 @@ const char * const attrs[] = { dnsDomain, objectGUID, NULL }; void *sam_ctx; struct ldb_message **res; + struct ldb_dn *domain_dn; int ret; ZERO_STRUCT(r-out); @@ -994,9 +995,13 @@ return WERR_DS_SERVICE_UNAVAILABLE; } - ret = gendb_search(sam_ctx, mem_ctx, NULL, res, attrs, - ((objectClass=domainDNS)(dnsDomain=%s)), - r-in.domain_name); + domain_dn = samdb_dns_domain_to_dn(sam_ctx, mem_ctx, + r-in.domain_name); + if (domain_dn == NULL) { + return WERR_DS_SERVICE_UNAVAILABLE; + } + + ret = gendb_search_dn(sam_ctx, mem_ctx, domain_dn, res, attrs); if (ret != 1) { return WERR_NO_SUCH_DOMAIN; } Modified: branches/SAMBA_4_0/source/scripting/ejs/smbcalls_ldb.c === --- branches/SAMBA_4_0/source/scripting/ejs/smbcalls_ldb.c 2007-12-05 00:35:19 UTC (rev 26297) +++ branches/SAMBA_4_0/source/scripting/ejs/smbcalls_ldb.c 2007-12-05 00:40:48 UTC (rev 26298) @@ -28,6 +28,7 @@ #include ldb_wrap.h #include dsdb/samdb/samdb.h #include librpc/ndr/libndr.h +#include libcli/security/security.h /* get the connected db @@ -598,7 +599,7 @@ } /* - commit a ldb attach a dsdb_schema from ldif files + set a particular invocationId against the running LDB usage: ok = ldb.set_ntds_invocationId(7729aa4b-f990-41ad-b81a-8b6a14090f41); */ @@ -640,9 +641,9 @@ } /* - commit a ldb attach a dsdb_schema from
svn commit: samba r26299 - in branches/SAMBA_4_0/source/lib/ldb/common: .
Author: abartlet Date: 2007-12-05 00:56:11 + (Wed, 05 Dec 2007) New Revision: 26299 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=26299 Log: Print out which module failed to initialise. Andrew Bartlett Modified: branches/SAMBA_4_0/source/lib/ldb/common/ldb_modules.c Changeset: Modified: branches/SAMBA_4_0/source/lib/ldb/common/ldb_modules.c === --- branches/SAMBA_4_0/source/lib/ldb/common/ldb_modules.c 2007-12-05 00:40:48 UTC (rev 26298) +++ branches/SAMBA_4_0/source/lib/ldb/common/ldb_modules.c 2007-12-05 00:56:11 UTC (rev 26299) @@ -281,7 +281,7 @@ if (module module-ops-init_context module-ops-init_context(module) != LDB_SUCCESS) { - ldb_debug(ldb, LDB_DEBUG_FATAL, module initialization failed\n); + ldb_debug(ldb, LDB_DEBUG_FATAL, module %s initialization failed\n, module-ops-name); return LDB_ERR_OPERATIONS_ERROR; }
svn commit: samba r26300 - in branches/SAMBA_4_0/source/rpc_server/common: .
Author: abartlet Date: 2007-12-05 01:20:53 + (Wed, 05 Dec 2007) New Revision: 26300 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=26300 Log: Don't segfault when called from the ntptr libs. Andrew Bartlett Modified: branches/SAMBA_4_0/source/rpc_server/common/server_info.c Changeset: Modified: branches/SAMBA_4_0/source/rpc_server/common/server_info.c === --- branches/SAMBA_4_0/source/rpc_server/common/server_info.c 2007-12-05 00:56:11 UTC (rev 26299) +++ branches/SAMBA_4_0/source/rpc_server/common/server_info.c 2007-12-05 01:20:53 UTC (rev 26300) @@ -66,19 +66,19 @@ /* This hardcoded value should go into a ldb database! */ _PUBLIC_ uint32_t dcesrv_common_get_version_major(TALLOC_CTX *mem_ctx, struct dcesrv_context *dce_ctx) { - return lp_parm_int(dce_ctx-lp_ctx, NULL, server_info, version_major, 5); + return lp_parm_int(dce_ctx ? dce_ctx-lp_ctx : global_loadparm, NULL, server_info, version_major, 5); } /* This hardcoded value should go into a ldb database! */ _PUBLIC_ uint32_t dcesrv_common_get_version_minor(TALLOC_CTX *mem_ctx, struct dcesrv_context *dce_ctx) { - return lp_parm_int(dce_ctx-lp_ctx, NULL, server_info, version_minor, 2); + return lp_parm_int(dce_ctx ? dce_ctx-lp_ctx : global_loadparm, NULL, server_info, version_minor, 2); } /* This hardcoded value should go into a ldb database! */ _PUBLIC_ uint32_t dcesrv_common_get_version_build(TALLOC_CTX *mem_ctx, struct dcesrv_context *dce_ctx) { - return lp_parm_int(dce_ctx-lp_ctx, NULL, server_info, version_build, 3790); + return lp_parm_int(dce_ctx ? dce_ctx-lp_ctx : global_loadparm, NULL, server_info, version_build, 3790); } /* This hardcoded value should go into a ldb database! */
svn commit: samba r26302 - in branches/SAMBA_4_0/source/scripting/libjs: .
Author: abartlet Date: 2007-12-05 01:25:39 + (Wed, 05 Dec 2007) New Revision: 26302 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=26302 Log: Print the error string for failed rootdse searches. Andrew Bartlett Modified: branches/SAMBA_4_0/source/scripting/libjs/provision.js Changeset: Modified: branches/SAMBA_4_0/source/scripting/libjs/provision.js === --- branches/SAMBA_4_0/source/scripting/libjs/provision.js 2007-12-05 01:25:07 UTC (rev 26301) +++ branches/SAMBA_4_0/source/scripting/libjs/provision.js 2007-12-05 01:25:39 UTC (rev 26302) @@ -198,7 +198,10 @@ var j; var res = ldb.search((objectClass=*), , ldb.SCOPE_BASE, rootDSE_attrs); - assert(res.error == 0); + if (res.error != 0) { + info.message(rootdse search failed: + res.errstr + \n); + assert(res.error == 0); + } assert(res.msgs.length == 1); if (typeof(res.msgs[0].namingContexts) == undefined) { return;
svn commit: samba r26303 - in branches/SAMBA_4_0/source/scripting/libjs: .
Author: abartlet Date: 2007-12-05 03:00:48 + (Wed, 05 Dec 2007) New Revision: 26303 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=26303 Log: Fix up error reporting during the delete of previous entries in the provision, and ignore 'no such entry' as an error (it is normal, and just means the partition is compleatly empty). Andrew Bartlett Modified: branches/SAMBA_4_0/source/scripting/libjs/provision.js Changeset: Modified: branches/SAMBA_4_0/source/scripting/libjs/provision.js === --- branches/SAMBA_4_0/source/scripting/libjs/provision.js 2007-12-05 01:25:39 UTC (rev 26302) +++ branches/SAMBA_4_0/source/scripting/libjs/provision.js 2007-12-05 03:00:48 UTC (rev 26303) @@ -224,7 +224,10 @@ var res2 = ldb.search(anything, basedn, ldb.SCOPE_SUBTREE, attrs); var i; if (res2.error != 0) { - info.message(ldb search failed: + res.errstr + \n); + if (res2.error == 32) { + break; + } + info.message(ldb search failed: + res2.errstr + \n); continue; } previous_remaining = current_remaining; @@ -235,7 +238,7 @@ var res3 = ldb.search(anything, basedn, ldb.SCOPE_SUBTREE, attrs); if (res3.error != 0) { - info.message(ldb search failed: + res.errstr + \n); + info.message(ldb search failed: + res3.errstr + \n); continue; } if (res3.msgs.length != 0) {
svn commit: samba r26304 - in branches/SAMBA_4_0/source/scripting/libjs: .
Author: abartlet Date: 2007-12-05 03:03:33 + (Wed, 05 Dec 2007) New Revision: 26304 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=26304 Log: More work to remove silly error printouts. Andrew Bartlett Modified: branches/SAMBA_4_0/source/scripting/libjs/provision.js Changeset: Modified: branches/SAMBA_4_0/source/scripting/libjs/provision.js === --- branches/SAMBA_4_0/source/scripting/libjs/provision.js 2007-12-05 03:00:48 UTC (rev 26303) +++ branches/SAMBA_4_0/source/scripting/libjs/provision.js 2007-12-05 03:03:33 UTC (rev 26304) @@ -226,9 +226,10 @@ if (res2.error != 0) { if (res2.error == 32) { break; + } else { + info.message(ldb search(2) failed: + res2.errstr + \n); + continue; } - info.message(ldb search failed: + res2.errstr + \n); - continue; } previous_remaining = current_remaining; current_remaining = res2.msgs.length; @@ -238,7 +239,7 @@ var res3 = ldb.search(anything, basedn, ldb.SCOPE_SUBTREE, attrs); if (res3.error != 0) { - info.message(ldb search failed: + res3.errstr + \n); + info.message(ldb search(3) failed: + res3.errstr + \n); continue; } if (res3.msgs.length != 0) {
svn commit: samba r26305 - in branches/SAMBA_4_0/source: selftest/env setup
Author: abartlet Date: 2007-12-05 04:26:28 + (Wed, 05 Dec 2007) New Revision: 26305 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=26305 Log: Update template files and testsuite to try and work with current openldap, and fully support different LDAP server locations. Andrew Bartlett Modified: branches/SAMBA_4_0/source/selftest/env/Samba4.pm branches/SAMBA_4_0/source/setup/schema-map-openldap-2.3 branches/SAMBA_4_0/source/setup/slapd.conf Changeset: Modified: branches/SAMBA_4_0/source/selftest/env/Samba4.pm === --- branches/SAMBA_4_0/source/selftest/env/Samba4.pm2007-12-05 03:03:33 UTC (rev 26304) +++ branches/SAMBA_4_0/source/selftest/env/Samba4.pm2007-12-05 04:26:28 UTC (rev 26305) @@ -24,9 +24,13 @@ sub openldap_start($$$) { my ($slapd_conf, $uri, $logs) = @_; -my $oldpath = $ENV{PATH}; -$ENV{PATH} = /usr/local/sbin:/usr/sbin:/sbin:$ENV{PATH}; -system(slapd -d0 -f $slapd_conf -h $uri $logs 21 ); + my $oldpath = $ENV{PATH}; + my $olpath = ; + if (defined $ENV{OPENLDAP_PATH}) { + $olpath = $ENV{OPENLDAP_PATH}: + } + $ENV{PATH} = $olpath/usr/local/sbin:/usr/sbin:/sbin:$ENV{PATH}; +system(slapd -d63 -f $slapd_conf -h $uri $logs 21 ); $ENV{PATH} = $oldpath; } Modified: branches/SAMBA_4_0/source/setup/schema-map-openldap-2.3 === --- branches/SAMBA_4_0/source/setup/schema-map-openldap-2.3 2007-12-05 03:03:33 UTC (rev 26304) +++ branches/SAMBA_4_0/source/setup/schema-map-openldap-2.3 2007-12-05 04:26:28 UTC (rev 26305) @@ -11,6 +11,7 @@ description cn top +memberOf #This shouldn't make it to the ldap server sambaPassword #These conflict with OpenLDAP builtins Modified: branches/SAMBA_4_0/source/setup/slapd.conf === --- branches/SAMBA_4_0/source/setup/slapd.conf 2007-12-05 03:03:33 UTC (rev 26304) +++ branches/SAMBA_4_0/source/setup/slapd.conf 2007-12-05 04:26:28 UTC (rev 26305) @@ -40,10 +40,10 @@ index name eq index objectSid eq index objectCategory eq -index nCName eq pres +index nCName eq index subClassOf eq index dnsRoot eq -index nETBIOSName eq pres +index nETBIOSName eq databasehdb suffix ${DOMAINDN} @@ -60,11 +60,11 @@ index gidNumber eq index unixName eq index privilege eq -index nCName eq pres +index nCName eq index lDAPDisplayName eq index subClassOf eq index dnsRoot eq -index nETBIOSName eq pres +index nETBIOSName eq #syncprov is stable in OpenLDAP 2.3, and available in 2.2. #We only need this for the contextCSN attribute anyway
svn commit: samba r26282 - in branches/SAMBA_4_0/source/dsdb/samdb/ldb_modules: .
Author: abartlet Date: 2007-12-04 03:37:41 + (Tue, 04 Dec 2007) New Revision: 26282 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=26282 Log: These modules expect errors, but if we don't wipe the error string, we get phony error strings at the caller, which is very confusing. Andrew Bartlett Modified: branches/SAMBA_4_0/source/dsdb/samdb/ldb_modules/objectclass.c branches/SAMBA_4_0/source/dsdb/samdb/ldb_modules/subtree_delete.c Changeset: Modified: branches/SAMBA_4_0/source/dsdb/samdb/ldb_modules/objectclass.c === --- branches/SAMBA_4_0/source/dsdb/samdb/ldb_modules/objectclass.c 2007-12-04 03:13:12 UTC (rev 26281) +++ branches/SAMBA_4_0/source/dsdb/samdb/ldb_modules/objectclass.c 2007-12-04 03:37:41 UTC (rev 26282) @@ -453,6 +453,9 @@ if (ac-search_res == NULL) { if (ldb_dn_compare(ldb_get_root_basedn(ac-module-ldb), ac-orig_req-op.add.message-dn) == 0) { /* Allow the tree to be started */ + + /* but don't keep any error string, it's meaningless */ + ldb_set_errstring(ac-module-ldb, NULL); } else { ldb_asprintf_errstring(ac-module-ldb, objectclass: Cannot add %s, parent does not exist!, ldb_dn_get_linearized(ac-orig_req-op.add.message-dn)); Modified: branches/SAMBA_4_0/source/dsdb/samdb/ldb_modules/subtree_delete.c === --- branches/SAMBA_4_0/source/dsdb/samdb/ldb_modules/subtree_delete.c 2007-12-04 03:13:12 UTC (rev 26281) +++ branches/SAMBA_4_0/source/dsdb/samdb/ldb_modules/subtree_delete.c 2007-12-04 03:37:41 UTC (rev 26282) @@ -89,6 +89,10 @@ } *req = *ac-orig_req; + /* Ensure any (io) errors during the search for +* children don't propgate back in the error string */ + ldb_set_errstr(ac-module-ldb, NULL); + ac-down_req = req; ac-step = SD_DO_DEL; return ldb_next_request(ac-module, req);
svn commit: samba r26283 - in branches/SAMBA_4_0/source/dsdb/samdb/ldb_modules: .
Author: abartlet Date: 2007-12-04 03:38:35 + (Tue, 04 Dec 2007) New Revision: 26283 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=26283 Log: fix typo Modified: branches/SAMBA_4_0/source/dsdb/samdb/ldb_modules/subtree_delete.c Changeset: Modified: branches/SAMBA_4_0/source/dsdb/samdb/ldb_modules/subtree_delete.c === --- branches/SAMBA_4_0/source/dsdb/samdb/ldb_modules/subtree_delete.c 2007-12-04 03:37:41 UTC (rev 26282) +++ branches/SAMBA_4_0/source/dsdb/samdb/ldb_modules/subtree_delete.c 2007-12-04 03:38:35 UTC (rev 26283) @@ -91,7 +91,7 @@ /* Ensure any (io) errors during the search for * children don't propgate back in the error string */ - ldb_set_errstr(ac-module-ldb, NULL); + ldb_set_errstring(ac-module-ldb, NULL); ac-down_req = req; ac-step = SD_DO_DEL;
svn commit: samba r26284 - in branches/SAMBA_4_0/source/dsdb/samdb/ldb_modules: .
Author: abartlet Date: 2007-12-04 05:32:23 + (Tue, 04 Dec 2007) New Revision: 26284 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=26284 Log: Rather than just debug, push the error back up the stack as the error string, if we fail to load the schema. Andrew Bartlett Modified: branches/SAMBA_4_0/source/dsdb/samdb/ldb_modules/schema_fsmo.c Changeset: Modified: branches/SAMBA_4_0/source/dsdb/samdb/ldb_modules/schema_fsmo.c === --- branches/SAMBA_4_0/source/dsdb/samdb/ldb_modules/schema_fsmo.c 2007-12-04 03:38:35 UTC (rev 26283) +++ branches/SAMBA_4_0/source/dsdb/samdb/ldb_modules/schema_fsmo.c 2007-12-04 05:32:23 UTC (rev 26284) @@ -54,7 +54,7 @@ }; if (dsdb_get_schema(module-ldb)) { - return ldb_next_init(module); + return ldb_next_init(module); } schema_dn = samdb_schema_dn(module-ldb); @@ -96,9 +96,9 @@ talloc_free(mem_ctx); return ldb_next_init(module); } else if (ret != LDB_SUCCESS) { - ldb_debug_set(module-ldb, LDB_DEBUG_FATAL, - schema_fsmo_init: failed to search the schema head: %d:%s, - ret, ldb_strerror(ret)); + ldb_asprintf_errstring(module-ldb, + schema_fsmo_init: failed to search the schema head: %s, + ldb_errstring(module-ldb)); talloc_free(mem_ctx); return ret; } @@ -151,9 +151,9 @@ (objectClass=attributeSchema), NULL, a_res); if (ret != LDB_SUCCESS) { - ldb_debug_set(module-ldb, LDB_DEBUG_FATAL, - schema_fsmo_init: failed to search attributeSchema objects: %d:%s, - ret, ldb_strerror(ret)); + ldb_asprintf_errstring(module-ldb, + schema_fsmo_init: failed to search attributeSchema objects: %s, + ldb_errstring(module-ldb)); talloc_free(mem_ctx); return ret; } @@ -190,9 +190,9 @@ (objectClass=classSchema), NULL, c_res); if (ret != LDB_SUCCESS) { - ldb_debug_set(module-ldb, LDB_DEBUG_FATAL, - schema_fsmo_init: failed to search classSchema objects: %d:%s, - ret, ldb_strerror(ret)); + ldb_asprintf_errstring(module-ldb, + schema_fsmo_init: failed to search classSchema objects: %s, + ldb_errstring(module-ldb)); talloc_free(mem_ctx); return ret; }
svn commit: samba r26245 - in branches/SAMBA_4_0/source: scripting/libjs setup
Author: abartlet Date: 2007-12-03 05:51:04 + (Mon, 03 Dec 2007) New Revision: 26245 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=26245 Log: Make it easier to handle the LDAP backend, with it's differing needs, by seperating the modules list into parts. That way, we can remove the modules that the backend will provide. Andrew Bartlett Modified: branches/SAMBA_4_0/source/scripting/libjs/provision.js branches/SAMBA_4_0/source/setup/provision branches/SAMBA_4_0/source/setup/provision_partitions.ldif Changeset: Modified: branches/SAMBA_4_0/source/scripting/libjs/provision.js === --- branches/SAMBA_4_0/source/scripting/libjs/provision.js 2007-12-03 05:49:06 UTC (rev 26244) +++ branches/SAMBA_4_0/source/scripting/libjs/provision.js 2007-12-03 05:51:04 UTC (rev 26245) @@ -977,23 +977,25 @@ // module when expanding the objectclass list) // - partition must be last // - each partition has its own module list then - modules_list= new Array(rootdse, - paged_results, - ranged_results, - server_sort, - extended_dn, - asq, - samldb, - rdn_name, - objectclass, - kludge_acl, - operational, - subtree_rename, - subtree_delete, - linked_attributes, - show_deleted, - partition); + var modules_list = new Array(rootdse, +paged_results, +ranged_results, +server_sort, +extended_dn, +asq, +samldb, +rdn_name, +objectclass, +kludge_acl, +operational); + var tdb_modules_list = new Array(subtree_rename, +subtree_delete, +linked_attributes); + var modules_list2= new Array(show_deleted, +partition); subobj.MODULES_LIST = join(,, modules_list); + subobj.TDB_MODULES_LIST = , + join(,, tdb_modules_list); + subobj.MODULES_LIST2 = join(,, modules_list2); subobj.DOMAINDN_LDB = users.ldb; subobj.CONFIGDN_LDB = configuration.ldb; subobj.SCHEMADN_LDB = schema.ldb; Modified: branches/SAMBA_4_0/source/setup/provision === --- branches/SAMBA_4_0/source/setup/provision 2007-12-03 05:49:06 UTC (rev 26244) +++ branches/SAMBA_4_0/source/setup/provision 2007-12-03 05:51:04 UTC (rev 26245) @@ -142,6 +142,7 @@ } if (!ldapmodule) { subobj.LDAPMODULE = entryuuid; + subobj.TDB_MODULES_LIST = ; } subobj.DOMAINDN_LDB = subobj.LDAPBACKEND; subobj.DOMAINDN_MOD2 = , + subobj.LDAPMODULE + ,paged_searches; Modified: branches/SAMBA_4_0/source/setup/provision_partitions.ldif === --- branches/SAMBA_4_0/source/setup/provision_partitions.ldif 2007-12-03 05:49:06 UTC (rev 26244) +++ branches/SAMBA_4_0/source/setup/provision_partitions.ldif 2007-12-03 05:51:04 UTC (rev 26245) @@ -10,4 +10,4 @@ modules:${DOMAINDN}:${DOMAINDN_MOD}${DOMAINDN_MOD2} dn: @MODULES [EMAIL PROTECTED]: ${MODULES_LIST} [EMAIL PROTECTED]: ${MODULES_LIST}${TDB_MODULES_LIST},${MODULES_LIST2}
svn commit: samba r26244 - in branches/SAMBA_4_0/source: dsdb/samdb/ldb_modules scripting/libjs
Author: abartlet Date: 2007-12-03 05:49:06 + (Mon, 03 Dec 2007) New Revision: 26244 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=26244 Log: Add a module (sans tests for the moment) that implements ranged results, as used particularly by MMC's Active Directory Users and Computers to list group members. This may be used on any attribute, but is useful to obtain attributes that may be lengthy in 'pages'. The implementation presumes that attributes will always be returned by the DB in the same order. Andrew Bartlett Added: branches/SAMBA_4_0/source/dsdb/samdb/ldb_modules/ranged_results.c Modified: branches/SAMBA_4_0/source/dsdb/samdb/ldb_modules/config.mk branches/SAMBA_4_0/source/scripting/libjs/provision.js Changeset: Modified: branches/SAMBA_4_0/source/dsdb/samdb/ldb_modules/config.mk === --- branches/SAMBA_4_0/source/dsdb/samdb/ldb_modules/config.mk 2007-12-03 04:14:24 UTC (rev 26243) +++ branches/SAMBA_4_0/source/dsdb/samdb/ldb_modules/config.mk 2007-12-03 05:49:06 UTC (rev 26244) @@ -291,3 +291,16 @@ # End MODULE ldb_linked_attributes + +# Start MODULE ldb_ranged_results +[MODULE::ldb_ranged_results] +INIT_FUNCTION = ldb_ranged_results_init +CFLAGS = -Ilib/ldb/include +OUTPUT_TYPE = SHARED_LIBRARY +PRIVATE_DEPENDENCIES = LIBTALLOC +SUBSYSTEM = LIBLDB +OBJ_FILES = \ + ranged_results.o +# End MODULE ldb_ranged_results + + Added: branches/SAMBA_4_0/source/dsdb/samdb/ldb_modules/ranged_results.c === --- branches/SAMBA_4_0/source/dsdb/samdb/ldb_modules/ranged_results.c 2007-12-03 04:14:24 UTC (rev 26243) +++ branches/SAMBA_4_0/source/dsdb/samdb/ldb_modules/ranged_results.c 2007-12-03 05:49:06 UTC (rev 26244) @@ -0,0 +1,204 @@ +/* + ldb database library + + Copyright (C) Andrew Bartlett 2007 + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 3 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program. If not, see http://www.gnu.org/licenses/. +*/ + +/* + * Name: ldb + * + * Component: ldb ranged results module + * + * Description: munge AD-style 'ranged results' requests into + * requests for all values in an attribute, then return the range to + * the client. + * + * Author: Andrew Bartlett + */ + +#include ldb_includes.h + +struct rr_context { + struct ldb_request *orig_req; + struct ldb_request *down_req; +}; + +static int rr_search_callback(struct ldb_context *ldb, void *context, struct ldb_reply *ares) +{ + struct rr_context *rr_context = talloc_get_type(context, struct rr_context); + struct ldb_request *orig_req = rr_context-orig_req; + int i, j, ret; + + if (ares-type != LDB_REPLY_ENTRY) { + return rr_context-orig_req-callback(ldb, rr_context-orig_req-context, ares); + } + + /* Find those that are range requests from the attribute list */ + for (i = 0; orig_req-op.search.attrs[i]; i++) { + char *p, *new_attr; + const char *end_str; + unsigned int start, end, orig_num_values; + struct ldb_message_element *el; + struct ldb_val *orig_values; + p = strchr(orig_req-op.search.attrs[i], ';'); + if (!p) { + continue; + } + if (strncasecmp(p, ;range=, strlen(;range=)) != 0) { + continue; + } + if (sscanf(p, ;range=%u-*, start) == 1) { + end = (unsigned int)-1; + } else if (sscanf(p, ;range=%u-%u, start, end) != 2) { + continue; + } + new_attr = talloc_strndup(orig_req, + orig_req-op.search.attrs[i], + (unsigned int)(p-orig_req-op.search.attrs[i])); + + if (!new_attr) { + ldb_oom(ldb); + return LDB_ERR_OPERATIONS_ERROR; + } + el = ldb_msg_find_element(ares-message, new_attr); + talloc_free(new_attr); + if (!el) { + continue; + } + if (start end
svn commit: samba r26246 - in branches/SAMBA_4_0/source/scripting/libjs: .
Author: abartlet Date: 2007-12-03 07:03:52 + (Mon, 03 Dec 2007) New Revision: 26246 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=26246 Log: Make it easier to debug assert()s in the provision, if messages are suppressed with --quiet. Hopefully this will be easier with python. Andrew Bartlett Modified: branches/SAMBA_4_0/source/scripting/libjs/provision.js Changeset: Modified: branches/SAMBA_4_0/source/scripting/libjs/provision.js === --- branches/SAMBA_4_0/source/scripting/libjs/provision.js 2007-12-03 05:51:04 UTC (rev 26245) +++ branches/SAMBA_4_0/source/scripting/libjs/provision.js 2007-12-03 07:03:52 UTC (rev 26246) @@ -653,40 +653,38 @@ message(Adding DomainDN: + subobj.DOMAINDN + (permitted to fail)\n); var add_ok = setup_add_ldif(provision_basedn.ldif, info, samdb, true); message(Modifying DomainDN: + subobj.DOMAINDN + \n); - var modify_ok = setup_ldb_modify(provision_basedn_modify.ldif, info, samdb); - if (!modify_ok) { + var modify_basedn_ok = setup_ldb_modify(provision_basedn_modify.ldif, info, samdb); + if (!modify_basedn_ok) { if (!add_ok) { message(%s, Failed to both add and modify + subobj.DOMAINDN + in target + subobj.DOMAINDN_LDB + : + samdb.errstring() + \n); message(Perhaps you need to run the provision script with the --ldap-base-dn option, and add this record to the backend manually\n); }; - assert(modify_ok); + assert(modify_basedn_ok); }; message(Adding configuration container (permitted to fail)\n); - var add_ok = setup_add_ldif(provision_configuration_basedn.ldif, info, samdb, true); + var add_config_ok = setup_add_ldif(provision_configuration_basedn.ldif, info, samdb, true); message(Modifying configuration container\n); - var modify_ok = setup_ldb_modify(provision_configuration_basedn_modify.ldif, info, samdb); - if (!modify_ok) { - if (!add_ok) { + var modify_config_ok = setup_ldb_modify(provision_configuration_basedn_modify.ldif, info, samdb); + if (!modify_config_ok) { + if (!add_config_ok) { message(%s, Failed to both add and modify + subobj.CONFIGDN + in target + subobj.CONFIGDN_LDB + : + samdb.errstring() + \n); message(Perhaps you need to run the provision script with the --ldap-base-dn option, and add this record to the backend manually\n); - assert(modify_ok); } - assert(modify_ok); + assert(modify_config_ok); } message(Adding schema container (permitted to fail)\n); - var add_ok = setup_add_ldif(provision_schema_basedn.ldif, info, samdb, true); + var add_schema_ok = setup_add_ldif(provision_schema_basedn.ldif, info, samdb, true); message(Modifying schema container\n); - var modify_ok = setup_ldb_modify(provision_schema_basedn_modify.ldif, info, samdb); - if (!modify_ok) { - if (!add_ok) { + var modify_schema_ok = setup_ldb_modify(provision_schema_basedn_modify.ldif, info, samdb); + if (!modify_schema_ok) { + if (!add_schema_ok) { message(%s, Failed to both add and modify + subobj.SCHEMADN + in target + subobj.SCHEMADN_LDB + : + samdb.errstring() + \n); message(Perhaps you need to run the provision script with the --ldap-base-dn option, and add this record to the backend manually\n); - assert(modify_ok); } message(Failed to modify the schema container: + samdb.errstring() + \n); - assert(modify_ok); + assert(modify_schema_ok); } message(Setting up sam.ldb Samba4 schema\n); @@ -711,26 +709,24 @@ setup_add_ldif(display_specifiers.ldif, info, samdb, false); message(Adding users container (permitted to fail)\n); - var add_ok = setup_add_ldif(provision_users_add.ldif, info, samdb, true); + var add_users_ok = setup_add_ldif(provision_users_add.ldif, info, samdb, true); message(Modifying users container\n); - var modify_ok = setup_ldb_modify(provision_users_modify.ldif, info, samdb); - if (!modify_ok) { - if (!add_ok) { + var modify_users_ok = setup_ldb_modify(provision_users_modify.ldif, info, samdb); + if (!modify_users_ok) { + if (!add_users_ok) { message(Failed to both add and modify the users container\n); - assert(modify_ok); } - assert(modify_ok); + assert(modify_users_ok); } message(Adding computers container (permitted to fail
svn commit: samba r26192 - in branches/SAMBA_4_0: source/dsdb/samdb/ldb_modules source/lib/ldb/common source/libcli/ldap testprogs/blackbox
Author: abartlet Date: 2007-11-29 08:00:04 + (Thu, 29 Nov 2007) New Revision: 26192 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=26192 Log: Handle, test and implement the style of extended_dn requiest that MMC uses. It appears that the control value is optional, implying type 0 responses. Failing to parse this was causing LDAP disconnects with 'unavailable critical extension'. Andrew Bartlett Modified: branches/SAMBA_4_0/source/dsdb/samdb/ldb_modules/extended_dn.c branches/SAMBA_4_0/source/lib/ldb/common/ldb_controls.c branches/SAMBA_4_0/source/libcli/ldap/ldap.c branches/SAMBA_4_0/source/libcli/ldap/ldap.h branches/SAMBA_4_0/source/libcli/ldap/ldap_client.c branches/SAMBA_4_0/source/libcli/ldap/ldap_controls.c branches/SAMBA_4_0/testprogs/blackbox/test_ldb.sh Changeset: Modified: branches/SAMBA_4_0/source/dsdb/samdb/ldb_modules/extended_dn.c === --- branches/SAMBA_4_0/source/dsdb/samdb/ldb_modules/extended_dn.c 2007-11-29 01:36:41 UTC (rev 26191) +++ branches/SAMBA_4_0/source/dsdb/samdb/ldb_modules/extended_dn.c 2007-11-29 08:00:04 UTC (rev 26192) @@ -104,35 +104,58 @@ const struct ldb_val *val; struct GUID guid; struct dom_sid *sid; + const DATA_BLOB *guid_blob; + const DATA_BLOB *sid_blob; char *object_guid; char *object_sid; char *new_dn; - /* retrieve object_guid */ - guid = samdb_result_guid(msg, objectGUID); - object_guid = GUID_string(msg, guid); - if (!object_guid) + guid_blob = ldb_msg_find_ldb_val(msg, objectGUID); + sid_blob = ldb_msg_find_ldb_val(msg, objectSID); + + if (!guid_blob) return false; - if (remove_guid) - ldb_msg_remove_attr(msg, objectGUID); - - /* retrieve object_sid */ - object_sid = NULL; - sid = samdb_result_dom_sid(msg, msg, objectSID); - if (sid) { - object_sid = dom_sid_string(msg, sid); - if (!object_sid) - return false; - - if (remove_sid) - ldb_msg_remove_attr(msg, objectSID); - } - - /* TODO: handle type */ switch (type) { case 0: + /* return things in hexadecimal format */ + if (sid_blob) { + const char *lower_guid_hex = strlower_talloc(msg, data_blob_hex_string(msg, guid_blob)); + const char *lower_sid_hex = strlower_talloc(msg, data_blob_hex_string(msg, sid_blob)); + if (!lower_guid_hex || !lower_sid_hex) { + return false; + } + new_dn = talloc_asprintf(msg, GUID=%s;SID=%s;%s, +lower_guid_hex, +lower_sid_hex, + ldb_dn_get_linearized(msg-dn)); + } else { + const char *lower_guid_hex = strlower_talloc(msg, data_blob_hex_string(msg, guid_blob)); + if (!lower_guid_hex) { + return false; + } + new_dn = talloc_asprintf(msg, GUID=%s;%s, +lower_guid_hex, + ldb_dn_get_linearized(msg-dn)); + } + + break; case 1: + /* retrieve object_guid */ + guid = samdb_result_guid(msg, objectGUID); + object_guid = GUID_string(msg, guid); + + /* retrieve object_sid */ + object_sid = NULL; + sid = samdb_result_dom_sid(msg, msg, objectSID); + if (sid) { + object_sid = dom_sid_string(msg, sid); + if (!object_sid) + return false; + + } + + /* Normal, sane format */ if (object_sid) { new_dn = talloc_asprintf(msg, GUID=%s;SID=%s;%s, object_guid, object_sid, @@ -147,9 +170,18 @@ return false; } - if (!new_dn) + if (!new_dn) { return false; + } + if (remove_guid) { + ldb_msg_remove_attr(msg, objectGUID); + } + + if (sid_blob remove_sid
svn commit: samba r26193 - in branches/SAMBA_4_0/source/ldap_server: .
Author: abartlet Date: 2007-11-29 08:02:36 + (Thu, 29 Nov 2007) New Revision: 26193 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=26193 Log: In the LDAP server, use the new 'controls_decoded' element to determine if this (possibly critical) control has been decoded. This allows us to return an error, rather than just dropping the socket. Andrew Bartlett Modified: branches/SAMBA_4_0/source/ldap_server/ldap_backend.c Changeset: Modified: branches/SAMBA_4_0/source/ldap_server/ldap_backend.c === --- branches/SAMBA_4_0/source/ldap_server/ldap_backend.c2007-11-29 08:00:04 UTC (rev 26192) +++ branches/SAMBA_4_0/source/ldap_server/ldap_backend.c2007-11-29 08:02:36 UTC (rev 26193) @@ -720,6 +720,18 @@ NTSTATUS ldapsrv_do_call(struct ldapsrv_call *call) { + int i; + struct ldap_message *msg = call-request; + /* Check for undecoded critical extensions */ + for (i=0; msg-controls msg-controls[i]; i++) { + if (!msg-controls_decoded[i] + msg-controls[i]-critical) { + DEBUG(3, (ldapsrv_do_call: Critical extension %s is not known to this server\n, + msg-controls[i]-oid)); + return ldapsrv_unwilling(call, LDAP_UNAVAILABLE_CRITICAL_EXTENSION); + } + } + switch(call-request-type) { case LDAP_TAG_BindRequest: return ldapsrv_BindRequest(call);
svn commit: samba r26182 - in branches/SAMBA_4_0: source/dsdb/samdb/ldb_modules testprogs/ejs
Author: abartlet Date: 2007-11-28 04:24:12 + (Wed, 28 Nov 2007) New Revision: 26182 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=26182 Log: Extend our linked attribute testsuite to cover many more possible modifications, and then extend our implementation to match. Andrew Bartlett Modified: branches/SAMBA_4_0/source/dsdb/samdb/ldb_modules/linked_attributes.c branches/SAMBA_4_0/testprogs/ejs/ldap.js Changeset: Sorry, the patch is too large (605 lines) to include; please use WebSVN to see it! WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=26182
svn commit: samba r26135 - in branches/SAMBA_4_0/source: dsdb/samdb libnet ntptr/simple_ldb rpc_server/drsuapi rpc_server/lsa rpc_server/samr
Author: abartlet Date: 2007-11-27 01:25:11 + (Tue, 27 Nov 2007) New Revision: 26135 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=26135 Log: Remove samdb_add(), samdb_delete() and samdb_modify(), which were just wrappers to ldb_add() etc. samdb_replace() remains, as it sets flags on all entries as 'replace'. Andrew Bartlett Modified: branches/SAMBA_4_0/source/dsdb/samdb/samdb.c branches/SAMBA_4_0/source/libnet/libnet_join.c branches/SAMBA_4_0/source/libnet/libnet_samsync_ldb.c branches/SAMBA_4_0/source/ntptr/simple_ldb/ntptr_simple_ldb.c branches/SAMBA_4_0/source/rpc_server/drsuapi/dcesrv_drsuapi.c branches/SAMBA_4_0/source/rpc_server/lsa/dcesrv_lsa.c branches/SAMBA_4_0/source/rpc_server/samr/dcesrv_samr.c Changeset: Modified: branches/SAMBA_4_0/source/dsdb/samdb/samdb.c === --- branches/SAMBA_4_0/source/dsdb/samdb/samdb.c2007-11-27 01:14:54 UTC (rev 26134) +++ branches/SAMBA_4_0/source/dsdb/samdb/samdb.c2007-11-27 01:25:11 UTC (rev 26135) @@ -1022,30 +1022,6 @@ } /* - add a record -*/ -int samdb_add(struct ldb_context *sam_ldb, TALLOC_CTX *mem_ctx, struct ldb_message *msg) -{ - return ldb_add(sam_ldb, msg); -} - -/* - delete a record -*/ -int samdb_delete(struct ldb_context *sam_ldb, TALLOC_CTX *mem_ctx, struct ldb_dn *dn) -{ - return ldb_delete(sam_ldb, dn); -} - -/* - modify a record -*/ -int samdb_modify(struct ldb_context *sam_ldb, TALLOC_CTX *mem_ctx, struct ldb_message *msg) -{ - return ldb_modify(sam_ldb, msg); -} - -/* replace elements in a record */ int samdb_replace(struct ldb_context *sam_ldb, TALLOC_CTX *mem_ctx, struct ldb_message *msg) @@ -1058,7 +1034,7 @@ } /* modify the samdb record */ - return samdb_modify(sam_ldb, mem_ctx, msg); + return ldb_modify(sam_ldb, msg); } /* @@ -1992,7 +1968,7 @@ foreignSecurityPrincipal); /* create the alias */ - ret = samdb_add(sam_ctx, mem_ctx, msg); + ret = ldb_add(sam_ctx, msg); if (ret != 0) { DEBUG(0,(Failed to create foreignSecurityPrincipal record %s: %s\n, Modified: branches/SAMBA_4_0/source/libnet/libnet_join.c === --- branches/SAMBA_4_0/source/libnet/libnet_join.c 2007-11-27 01:14:54 UTC (rev 26134) +++ branches/SAMBA_4_0/source/libnet/libnet_join.c 2007-11-27 01:25:11 UTC (rev 26135) @@ -1136,7 +1136,7 @@ } /* create the secret */ - ret = samdb_add(ldb, tmp_mem, msg); + ret = ldb_add(ldb, msg); if (ret != 0) { r-out.error_string = talloc_asprintf(mem_ctx, Failed to create secret record %s, ldb_dn_get_linearized(msg-dn)); Modified: branches/SAMBA_4_0/source/libnet/libnet_samsync_ldb.c === --- branches/SAMBA_4_0/source/libnet/libnet_samsync_ldb.c 2007-11-27 01:14:54 UTC (rev 26134) +++ branches/SAMBA_4_0/source/libnet/libnet_samsync_ldb.c 2007-11-27 01:25:11 UTC (rev 26135) @@ -101,7 +101,7 @@ *fsp_dn = msg-dn; /* create the alias */ - ret = samdb_add(state-sam_ldb, mem_ctx, msg); + ret = ldb_add(state-sam_ldb, msg); if (ret != 0) { *error_string = talloc_asprintf(mem_ctx, Failed to create foreignSecurityPrincipal record %s: %s, @@ -429,7 +429,7 @@ } } - ret = samdb_add(state-sam_ldb, mem_ctx, msg); + ret = ldb_add(state-sam_ldb, msg); if (ret != 0) { struct ldb_dn *first_try_dn = msg-dn; /* Try again with the default DN */ @@ -440,7 +440,7 @@ return NT_STATUS_INTERNAL_DB_CORRUPTION; } else { msg-dn = talloc_steal(msg, remote_msgs[0]-dn); - ret = samdb_add(state-sam_ldb, mem_ctx, msg); + ret = ldb_add(state-sam_ldb, msg); if (ret != 0) { *error_string = talloc_asprintf(mem_ctx, Failed to create user record. Tried both %s and %s: %s, ldb_dn_get_linearized(first_try_dn), @@ -493,7 +493,7 @@ return NT_STATUS_INTERNAL_DB_CORRUPTION; } - ret = samdb_delete(state-sam_ldb, mem_ctx, msgs[0]-dn); + ret = ldb_delete(state-sam_ldb, msgs[0]-dn); if (ret != 0) { *error_string = talloc_asprintf(mem_ctx, Failed to delete user record %s: %s
svn commit: samba r26137 - in branches/SAMBA_4_0/source: dsdb/samdb/ldb_modules selftest/env setup
Author: abartlet Date: 2007-11-27 02:26:47 + (Tue, 27 Nov 2007) New Revision: 26137 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=26137 Log: Rename the entryUUID module to better match it's purpose: being a simple ldap mapping (a complex mapping will follow). Fix the module to handle 'name' better, rather than using the 'name' attribute built into OpenLDAP, rename to samba4RDN. We need to see if this can be handled in the backend. Also rename the functions and inernal module name to entryuuid for consistancy. Andrew Bartlett Added: branches/SAMBA_4_0/source/dsdb/samdb/ldb_modules/simple_ldap_map.c Removed: branches/SAMBA_4_0/source/dsdb/samdb/ldb_modules/entryUUID.c Modified: branches/SAMBA_4_0/source/dsdb/samdb/ldb_modules/config.mk branches/SAMBA_4_0/source/selftest/env/Samba4.pm branches/SAMBA_4_0/source/setup/provision branches/SAMBA_4_0/source/setup/schema-map-openldap-2.3 Changeset: Sorry, the patch is too large (1750 lines) to include; please use WebSVN to see it! WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=26137
svn commit: samba r26138 - in branches/SAMBA_4_0/source/dsdb/samdb: .
Author: abartlet Date: 2007-11-27 02:47:57 + (Tue, 27 Nov 2007) New Revision: 26138 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=26138 Log: Don't talloc_free() res if an error occoured. Andrew Bartlett Modified: branches/SAMBA_4_0/source/dsdb/samdb/cracknames.c Changeset: Modified: branches/SAMBA_4_0/source/dsdb/samdb/cracknames.c === --- branches/SAMBA_4_0/source/dsdb/samdb/cracknames.c 2007-11-27 02:26:47 UTC (rev 26137) +++ branches/SAMBA_4_0/source/dsdb/samdb/cracknames.c 2007-11-27 02:47:57 UTC (rev 26138) @@ -110,7 +110,10 @@ if (ret != LDB_SUCCESS ret != LDB_ERR_NO_SUCH_OBJECT) { DEBUG(1, (ldb_search: dn: %s not found: %s, service_dn_str, ldb_errstring(ldb_ctx))); return DRSUAPI_DS_NAME_STATUS_RESOLVE_ERROR; - } else if (ret == LDB_ERR_NO_SUCH_OBJECT || res-count != 1) { + } else if (ret == LDB_ERR_NO_SUCH_OBJECT) { + DEBUG(1, (ldb_search: dn: %s not found, service_dn_str)); + return DRSUAPI_DS_NAME_STATUS_NOT_FOUND; + } else if (res-count != 1) { talloc_free(res); DEBUG(1, (ldb_search: dn: %s not found, service_dn_str)); return DRSUAPI_DS_NAME_STATUS_NOT_FOUND;
svn commit: samba r26139 - in branches/SAMBA_4_0/source/scripting/libjs: .
Author: abartlet Date: 2007-11-27 02:49:37 + (Tue, 27 Nov 2007) New Revision: 26139 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=26139 Log: Based on a report by Theodor Chirana, don't assert() on invalid netbios names at this point, the calling order has changed, and we have a more informative place to do it. Andrew Bartlett Modified: branches/SAMBA_4_0/source/scripting/libjs/provision.js Changeset: Modified: branches/SAMBA_4_0/source/scripting/libjs/provision.js === --- branches/SAMBA_4_0/source/scripting/libjs/provision.js 2007-11-27 02:47:57 UTC (rev 26138) +++ branches/SAMBA_4_0/source/scripting/libjs/provision.js 2007-11-27 02:49:37 UTC (rev 26139) @@ -464,9 +464,7 @@ subobj.REALM = strupper(subobj.REALM); subobj.HOSTNAME= strlower(subobj.HOSTNAME); subobj.DOMAIN = strupper(subobj.DOMAIN); - assert(valid_netbios_name(subobj.DOMAIN)); subobj.NETBIOSNAME = strupper(subobj.HOSTNAME); - assert(valid_netbios_name(subobj.NETBIOSNAME)); subobj.DNSDOMAIN= strlower(subobj.REALM); subobj.DNSNAME = sprintf(%s.%s, strlower(subobj.HOSTNAME),
svn commit: samba r26140 - in branches/SAMBA_4_0: source/dsdb/samdb/ldb_modules testprogs/ejs
Author: abartlet Date: 2007-11-27 04:43:20 + (Tue, 27 Nov 2007) New Revision: 26140 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=26140 Log: Add a new test for searches by distinguieshedName and dn, and implement these in the simple ldap mapping module. We still don't pass this test, because we must get linked attributes into OpenLDAP. Andrew Bartlett Modified: branches/SAMBA_4_0/source/dsdb/samdb/ldb_modules/simple_ldap_map.c branches/SAMBA_4_0/testprogs/ejs/ldap.js Changeset: Modified: branches/SAMBA_4_0/source/dsdb/samdb/ldb_modules/simple_ldap_map.c === --- branches/SAMBA_4_0/source/dsdb/samdb/ldb_modules/simple_ldap_map.c 2007-11-27 02:49:37 UTC (rev 26139) +++ branches/SAMBA_4_0/source/dsdb/samdb/ldb_modules/simple_ldap_map.c 2007-11-27 04:43:20 UTC (rev 26140) @@ -376,6 +376,15 @@ } }, { + .local_name = dn, + .type = MAP_RENAME, + .u = { + .rename = { +.remote_name = entryDN +} + } + }, + { .local_name = groupType, .type = MAP_CONVERT, .u = { @@ -525,6 +534,15 @@ } }, { + .local_name = dn, + .type = MAP_RENAME, + .u = { + .rename = { +.remote_name = entryDN +} + } + }, + { .local_name = groupType, .type = MAP_CONVERT, .u = { Modified: branches/SAMBA_4_0/testprogs/ejs/ldap.js === --- branches/SAMBA_4_0/testprogs/ejs/ldap.js2007-11-27 02:49:37 UTC (rev 26139) +++ branches/SAMBA_4_0/testprogs/ejs/ldap.js2007-11-27 04:43:20 UTC (rev 26140) @@ -230,6 +230,28 @@ assert(res.msgs[0].cn == ldaptestUSER3); assert(res.msgs[0].name == ldaptestUSER3); + println(Testing ldb.search for (dn=CN=ldaptestUSER3,CN=Users, + base_dn + )); + var res = ldb.search((dn=CN=ldaptestUSER3,CN=Users, + base_dn + )); + if (res.error != 0 || res.msgs.length != 1) { + println(Could not find (dn=CN=ldaptestUSER3,CN=Users, + base_dn + )); + assert(res.error == 0); + assert(res.msgs.length == 1); + } + assert(res.msgs[0].dn == (CN=ldaptestUSER3,CN=Users, + base_dn)); + assert(res.msgs[0].cn == ldaptestUSER3); + assert(res.msgs[0].name == ldaptestUSER3); + + println(Testing ldb.search for (distinguishedName=CN=ldaptestUSER3,CN=Users, + base_dn + )); + var res = ldb.search((distinguishedName=CN=ldaptestUSER3,CN=Users, + base_dn + )); + if (res.error != 0 || res.msgs.length != 1) { + println(Could not find (dn=CN=ldaptestUSER3,CN=Users, + base_dn + )); + assert(res.error == 0); + assert(res.msgs.length == 1); + } + assert(res.msgs[0].dn == (CN=ldaptestUSER3,CN=Users, + base_dn)); + assert(res.msgs[0].cn == ldaptestUSER3); + assert(res.msgs[0].name == ldaptestUSER3); + // ensure we cannot add it again ok = ldb.add( dn: cn=ldaptestuser3,cn=userS, + base_dn +
svn commit: samba r26131 - in branches/SAMBA_4_0/source/lib/ldb/ldb_tdb: .
Author: abartlet Date: 2007-11-26 06:12:01 + (Mon, 26 Nov 2007) New Revision: 26131 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=26131 Log: Ensure we show the right errors in the NULL base DN case. Based on bug 5090 by Matthias Dieter Walln?\195?\182fer [EMAIL PROTECTED] Andrew Bartlett Modified: branches/SAMBA_4_0/source/lib/ldb/ldb_tdb/ldb_search.c Changeset: Modified: branches/SAMBA_4_0/source/lib/ldb/ldb_tdb/ldb_search.c === --- branches/SAMBA_4_0/source/lib/ldb/ldb_tdb/ldb_search.c 2007-11-26 03:14:57 UTC (rev 26130) +++ branches/SAMBA_4_0/source/lib/ldb/ldb_tdb/ldb_search.c 2007-11-26 06:12:01 UTC (rev 26131) @@ -530,10 +530,12 @@ ldb_asprintf_errstring(module-ldb, NULL Base DN invalid for a base search); ret = LDB_ERR_INVALID_DN_SYNTAX; + break; case LDB_SCOPE_ONELEVEL: ldb_asprintf_errstring(module-ldb, NULL Base DN invalid for a one-level search); ret = LDB_ERR_INVALID_DN_SYNTAX; + break; case LDB_SCOPE_SUBTREE: default: /* We accept subtree searches from a NULL base DN, ie over the whole DB */
svn commit: samba r25965 - in branches/SAMBA_4_0/source/lib/ldb/ldb_tdb: .
Author: abartlet Date: 2007-11-15 11:05:22 + (Thu, 15 Nov 2007) New Revision: 25965 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=25965 Log: Remove duplicate block - thanks metze! Andrew Bartlett Modified: branches/SAMBA_4_0/source/lib/ldb/ldb_tdb/ldb_search.c Changeset: Modified: branches/SAMBA_4_0/source/lib/ldb/ldb_tdb/ldb_search.c === --- branches/SAMBA_4_0/source/lib/ldb/ldb_tdb/ldb_search.c 2007-11-15 11:01:14 UTC (rev 25964) +++ branches/SAMBA_4_0/source/lib/ldb/ldb_tdb/ldb_search.c 2007-11-15 11:05:22 UTC (rev 25965) @@ -547,24 +547,6 @@ ldb_dn_get_linearized(req-op.search.base)); ret = LDB_ERR_INVALID_DN_SYNTAX; - } else if (ldb_dn_is_null(req-op.search.base) == true) { - - /* Check what we should do with a NULL dn */ - switch (req-op.search.scope) { - case LDB_SCOPE_BASE: - ldb_asprintf_errstring(module-ldb, - NULL Base DN invalid for a base search); - ret = LDB_ERR_INVALID_DN_SYNTAX; - case LDB_SCOPE_ONELEVEL: - ldb_asprintf_errstring(module-ldb, - NULL Base DN invalid for a one-level search); - ret = LDB_ERR_INVALID_DN_SYNTAX; - case LDB_SCOPE_SUBTREE: - default: - /* We accept subtree searches from a NULL base DN, ie over the whole DB */ - ret = LDB_SUCCESS; - } - } else if (ltdb-check_base) { /* This database has been marked as 'checkBaseOnSearch', so do a spot check of the base dn */ ret = ltdb_search_base(module, req-op.search.base);
svn commit: samba r25964 - in branches/SAMBA_4_0/source/lib/ldb/ldb_tdb: .
Author: abartlet Date: 2007-11-15 11:01:14 + (Thu, 15 Nov 2007) New Revision: 25964 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=25964 Log: Fix comment and use talloc hirachy in ldb_tdb initialisation. Andrew Bartlett Modified: branches/SAMBA_4_0/source/lib/ldb/ldb_tdb/ldb_cache.c Changeset: Modified: branches/SAMBA_4_0/source/lib/ldb/ldb_tdb/ldb_cache.c === --- branches/SAMBA_4_0/source/lib/ldb/ldb_tdb/ldb_cache.c 2007-11-15 10:20:55 UTC (rev 25963) +++ branches/SAMBA_4_0/source/lib/ldb/ldb_tdb/ldb_cache.c 2007-11-15 11:01:14 UTC (rev 25964) @@ -307,7 +307,7 @@ options = talloc(ltdb-cache, struct ldb_message); if (options == NULL) goto failed; - options_dn = ldb_dn_new(module, module-ldb, LTDB_OPTIONS); + options_dn = ldb_dn_new(options, module-ldb, LTDB_OPTIONS); if (options_dn == NULL) goto failed; r= ltdb_search_dn1(module, options_dn, options); @@ -315,7 +315,7 @@ goto failed; } - /* possibly initialise the baseinfo */ + /* set flag for checking base DN on searches */ if (r == LDB_SUCCESS) { ltdb-check_base = ldb_msg_find_attr_as_bool(options, LTDB_CHECK_BASE, false); } else { @@ -350,7 +350,6 @@ done: talloc_free(options); - talloc_free(options_dn); talloc_free(baseinfo); talloc_free(baseinfo_dn); talloc_free(indexlist_dn); @@ -358,7 +357,6 @@ failed: talloc_free(options); - talloc_free(options_dn); talloc_free(baseinfo); talloc_free(baseinfo_dn); talloc_free(indexlist_dn);
svn commit: samba r25966 - in branches/SAMBA_4_0/source/scripting/ejs: .
Author: abartlet Date: 2007-11-15 11:37:41 + (Thu, 15 Nov 2007) New Revision: 25966 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=25966 Log: Don't force an 8 byte width to generated SIDs, as this can actually end up with a SID with a space in it. Andrew Bartlett Modified: branches/SAMBA_4_0/source/scripting/ejs/smbcalls_rand.c Changeset: Modified: branches/SAMBA_4_0/source/scripting/ejs/smbcalls_rand.c === --- branches/SAMBA_4_0/source/scripting/ejs/smbcalls_rand.c 2007-11-15 11:05:22 UTC (rev 25965) +++ branches/SAMBA_4_0/source/scripting/ejs/smbcalls_rand.c 2007-11-15 11:37:41 UTC (rev 25966) @@ -70,7 +70,7 @@ */ static int ejs_randsid(MprVarHandle eid, int argc, struct MprVar **argv) { - char *s = talloc_asprintf(mprMemCtx(), S-1-5-21-%8u-%8u-%8u, + char *s = talloc_asprintf(mprMemCtx(), S-1-5-21-%u-%u-%u, (unsigned)generate_random(), (unsigned)generate_random(), (unsigned)generate_random());
svn commit: samba r25981 - in branches/SAMBA_4_0/source/dsdb/samdb/ldb_modules: .
Author: abartlet Date: 2007-11-16 04:18:22 + (Fri, 16 Nov 2007) New Revision: 25981 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=25981 Log: Don't create an ldb_request on NULL. A re-arrangment of the code due to the base DN checking meant that the ac-down_req array wasn't started, so was NULL Andrew Bartlett Modified: branches/SAMBA_4_0/source/dsdb/samdb/ldb_modules/linked_attributes.c Changeset: Modified: branches/SAMBA_4_0/source/dsdb/samdb/ldb_modules/linked_attributes.c === --- branches/SAMBA_4_0/source/dsdb/samdb/ldb_modules/linked_attributes.c 2007-11-15 23:40:46 UTC (rev 25980) +++ branches/SAMBA_4_0/source/dsdb/samdb/ldb_modules/linked_attributes.c 2007-11-16 04:18:22 UTC (rev 25981) @@ -127,8 +127,18 @@ for (j=0; j el-num_values; j++) { struct ldb_message_element *ret_el; struct ldb_request *new_req; + struct ldb_message *new_msg; + + /* Create a spot in the list for the requests */ + ac-down_req = talloc_realloc(ac, ac-down_req, + struct ldb_request *, ac-num_requests + 1); + if (!ac-down_req) { + ldb_oom(ldb); + return LDB_ERR_OPERATIONS_ERROR; + } + /* Create the modify request */ - struct ldb_message *new_msg = ldb_msg_new(ac-down_req); + new_msg = ldb_msg_new(ac-down_req); if (!new_msg) { ldb_oom(ldb); return LDB_ERR_OPERATIONS_ERROR; @@ -184,13 +194,6 @@ ldb_set_timeout_from_prev_req(ldb, ac-orig_req, new_req); - /* Now add it to the list */ - ac-down_req = talloc_realloc(ac, ac-down_req, - struct ldb_request *, ac-num_requests + 1); - if (!ac-down_req) { - ldb_oom(ldb); - return LDB_ERR_OPERATIONS_ERROR; - } ac-down_req[ac-num_requests] = new_req; ac-num_requests++;
svn commit: samba r25952 - in branches/SAMBA_4_0/testdata/samba3: .
Author: abartlet Date: 2007-11-14 10:40:58 + (Wed, 14 Nov 2007) New Revision: 25952 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=25952 Log: Add in new data file required by samba3sam test. Andrew Bartlett Added: branches/SAMBA_4_0/testdata/samba3/provision_samba3sam_templates.ldif Changeset: Added: branches/SAMBA_4_0/testdata/samba3/provision_samba3sam_templates.ldif === --- branches/SAMBA_4_0/testdata/samba3/provision_samba3sam_templates.ldif 2007-11-14 09:48:12 UTC (rev 25951) +++ branches/SAMBA_4_0/testdata/samba3/provision_samba3sam_templates.ldif 2007-11-14 10:40:58 UTC (rev 25952) @@ -0,0 +1,123 @@ +dn: CN=Templates +objectClass: top +objectClass: container +cn: Templates +description: Container for SAM account templates +instanceType: 4 +showInAdvancedViewOnly: TRUE +systemFlags: 2348810240 +objectCategory: CN=Container,CN=Schema,CN=Configuration,${BASEDN} +isCriticalSystemObject: TRUE + +### +# note! the template users must not match normal searches. Be careful +# with what classes you put them in +### + +dn: CN=TemplateUser,CN=Templates +objectClass: top +objectClass: person +objectClass: organizationalPerson +objectClass: Template +objectClass: userTemplate +cn: TemplateUser +instanceType: 4 +userAccountControl: 514 +badPwdCount: 0 +codePage: 0 +countryCode: 0 +badPasswordTime: 0 +lastLogoff: 0 +lastLogon: 0 +pwdLastSet: 0 +primaryGroupID: 513 +accountExpires: -1 +logonCount: 0 +sAMAccountType: 805306368 +objectCategory: CN=Person,CN=Schema,CN=Configuration,${BASEDN} + +dn: CN=TemplateComputer,CN=Templates +objectClass: top +objectClass: person +objectClass: organizationalPerson +objectClass: Template +objectClass: userTemplate +cn: TemplateComputer +instanceType: 4 +userAccountControl: 4098 +badPwdCount: 0 +codePage: 0 +countryCode: 0 +badPasswordTime: 0 +lastLogoff: 0 +lastLogon: 0 +pwdLastSet: 0 +primaryGroupID: 513 +accountExpires: -1 +logonCount: 0 +sAMAccountType: 805306369 +objectCategory: CN=Computer,CN=Schema,CN=Configuration,${BASEDN} + +dn: CN=TemplateTrustingDomain,CN=Templates +objectClass: top +objectClass: Template +objectClass: userTemplate +cn: TemplateTrustingDomain +instanceType: 4 +userAccountControl: 2080 +badPwdCount: 0 +codePage: 0 +countryCode: 0 +badPasswordTime: 0 +lastLogoff: 0 +lastLogon: 0 +primaryGroupID: 513 +accountExpires: -1 +logonCount: 0 +sAMAccountType: 805306370 + +dn: CN=TemplateGroup,CN=Templates +objectClass: top +objectClass: Template +objectClass: groupTemplate +cn: TemplateGroup +instanceType: 4 +groupType: -2147483646 +sAMAccountType: 268435456 +objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN} + +# Currently this isn't used, we don't have a way to detect it different from an incoming alias +# +# dn: CN=TemplateAlias,CN=Templates +# objectClass: top +# objectClass: Template +# objectClass: aliasTemplate +# cn: TemplateAlias +# instanceType: 4 +# groupType: -2147483644 +# sAMAccountType: 268435456 + +dn: CN=TemplateForeignSecurityPrincipal,CN=Templates +objectClass: top +objectClass: Template +objectClass: foreignSecurityPrincipalTemplate +cn: TemplateForeignSecurityPrincipal +instanceType: 4 +showInAdvancedViewOnly: TRUE +objectCategory: CN=Foreign-Security-Principal,CN=Schema,CN=Configuration,${BASEDN} + +dn: CN=TemplateSecret,CN=Templates +objectClass: top +objectClass: leaf +objectClass: Template +objectClass: secretTemplate +cn: TemplateSecret +instanceType: 4 + +dn: CN=TemplateTrustedDomain,CN=Templates +objectClass: top +objectClass: leaf +objectClass: Template +objectClass: trustedDomainTemplate +cn: TemplateTrustedDomain +instanceType: 4
svn commit: samba r25957 - in branches/SAMBA_4_0/source/dsdb/samdb: .
Author: abartlet Date: 2007-11-15 01:12:10 + (Thu, 15 Nov 2007) New Revision: 25957 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=25957 Log: Rework the cracknames code to use less gendb_search() and instead call ldb_search_exp_fmt(). While it is a bit more verbose to code with, it returns better error codes, and allows us to handle the case where the base DN doesn't exist better. Andrew Bartlett Modified: branches/SAMBA_4_0/source/dsdb/samdb/cracknames.c Changeset: Modified: branches/SAMBA_4_0/source/dsdb/samdb/cracknames.c === --- branches/SAMBA_4_0/source/dsdb/samdb/cracknames.c 2007-11-14 22:46:29 UTC (rev 25956) +++ branches/SAMBA_4_0/source/dsdb/samdb/cracknames.c 2007-11-15 01:12:10 UTC (rev 25957) @@ -107,12 +107,12 @@ ret = ldb_search(ldb_ctx, service_dn, LDB_SCOPE_BASE, (objectClass=nTDSService), directory_attrs, res); - if (ret != LDB_SUCCESS) { + if (ret != LDB_SUCCESS ret != LDB_ERR_NO_SUCH_OBJECT) { DEBUG(1, (ldb_search: dn: %s not found: %s, service_dn_str, ldb_errstring(ldb_ctx))); return DRSUAPI_DS_NAME_STATUS_RESOLVE_ERROR; - } else if (res-count != 1) { + } else if (ret == LDB_ERR_NO_SUCH_OBJECT || res-count != 1) { talloc_free(res); - DEBUG(1, (ldb_search: dn: %s found %d times!, service_dn_str, res-count)); + DEBUG(1, (ldb_search: dn: %s not found, service_dn_str)); return DRSUAPI_DS_NAME_STATUS_NOT_FOUND; } talloc_steal(tmp_ctx, res); @@ -269,7 +269,7 @@ char **realm; char *unparsed_name_short; const char *domain_attrs[] = { NULL }; - struct ldb_message **domain_res = NULL; + struct ldb_result *domain_res = NULL; /* Prevent recursion */ if (!name) { @@ -284,26 +284,28 @@ return WERR_OK; } - domain_filter = NULL; realm = krb5_princ_realm(smb_krb5_context-krb5_context, principal); - domain_filter = talloc_asprintf(mem_ctx, - (((|((dnsRoot=%s)(nETBIOSName=*))(nETBIOSName=%s))(objectclass=crossRef))(ncName=*)), - ldb_binary_encode_string(mem_ctx, *realm), - ldb_binary_encode_string(mem_ctx, *realm)); - ldb_ret = gendb_search(sam_ctx, mem_ctx, samdb_partitions_dn(sam_ctx, mem_ctx), - domain_res, domain_attrs, - %s, domain_filter); - switch (ldb_ret) { + ldb_ret = ldb_search_exp_fmt(sam_ctx, mem_ctx, domain_res, +samdb_partitions_dn(sam_ctx, mem_ctx), +LDB_SCOPE_ONELEVEL, +domain_attrs, + (((|((dnsRoot=%s)(nETBIOSName=*))(nETBIOSName=%s))(objectclass=crossRef))(ncName=*)), +ldb_binary_encode_string(mem_ctx, *realm), +ldb_binary_encode_string(mem_ctx, *realm)); + + if (ldb_ret != LDB_SUCCESS) { + DEBUG(2, (DsCrackNameUPN domain ref search failed: %s, ldb_errstring(sam_ctx))); + info1-status = DRSUAPI_DS_NAME_STATUS_RESOLVE_ERROR; + return WERR_OK; + } + + switch (domain_res-count) { case 1: break; case 0: return dns_domain_from_principal(mem_ctx, smb_krb5_context, name, info1); - case -1: - DEBUG(2, (DsCrackNameUPN domain ref search failed: %s, ldb_errstring(sam_ctx))); - info1-status = DRSUAPI_DS_NAME_STATUS_RESOLVE_ERROR; - return WERR_OK; default: info1-status = DRSUAPI_DS_NAME_STATUS_NOT_UNIQUE; return WERR_OK; @@ -321,6 +323,9 @@ /* This may need to be extended for more userPrincipalName variations */ result_filter = talloc_asprintf(mem_ctx, ((objectClass=user)(samAccountName=%s)), ldb_binary_encode_string(mem_ctx, unparsed_name_short)); + + domain_filter = talloc_asprintf(mem_ctx, (dn=%s), ldb_dn_get_linearized(domain_res-msgs[0]-dn)); + if (!result_filter || !domain_filter) { free(unparsed_name_short); return WERR_NOMEM; @@ -666,15 +671,15 @@ struct drsuapi_DsNameInfo1 *info1) { int ldb_ret; - struct ldb_message **domain_res = NULL; + struct ldb_result *domain_res = NULL; const char * const *domain_attrs; const char * const *result_attrs; struct ldb_message **result_res = NULL; struct ldb_message *result = NULL; struct ldb_dn
svn commit: samba r25959 - in branches/SAMBA_4_0/source/lib/ldb/ldb_tdb: .
Author: abartlet Date: 2007-11-15 01:53:44 + (Thu, 15 Nov 2007) New Revision: 25959 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=25959 Log: Add a new special DN to LDB: @OPTIONS Use the checkBaseOnSearch attribute to control if we should check the base DN on search requests. Also ensure we honour any errors in searching, not just errors in the supplied 'done' callback. Andrew Bartlett Modified: branches/SAMBA_4_0/source/lib/ldb/ldb_tdb/ldb_cache.c branches/SAMBA_4_0/source/lib/ldb/ldb_tdb/ldb_search.c branches/SAMBA_4_0/source/lib/ldb/ldb_tdb/ldb_tdb.h Changeset: Modified: branches/SAMBA_4_0/source/lib/ldb/ldb_tdb/ldb_cache.c === --- branches/SAMBA_4_0/source/lib/ldb/ldb_tdb/ldb_cache.c 2007-11-15 01:13:24 UTC (rev 25958) +++ branches/SAMBA_4_0/source/lib/ldb/ldb_tdb/ldb_cache.c 2007-11-15 01:53:44 UTC (rev 25959) @@ -113,11 +113,13 @@ if (dn == NULL) goto failed; r = ltdb_search_dn1(module, dn, msg); + talloc_free(dn); if (r != LDB_SUCCESS r != LDB_ERR_NO_SUCH_OBJECT) { - talloc_free(dn); goto failed; } - talloc_free(dn); + if (r == LDB_ERR_NO_SUCH_OBJECT) { + return 0; + } /* mapping these flags onto ldap 'syntaxes' isn't strictly correct, but its close enough for now */ for (i=0;imsg-num_elements;i++) { @@ -247,10 +249,10 @@ int ltdb_cache_load(struct ldb_module *module) { struct ltdb_private *ltdb = (struct ltdb_private *)module-private_data; - struct ldb_dn *baseinfo_dn = NULL; + struct ldb_dn *baseinfo_dn = NULL, *options_dn = NULL; struct ldb_dn *indexlist_dn = NULL; uint64_t seq; - struct ldb_message *baseinfo = NULL; + struct ldb_message *baseinfo = NULL, *options = NULL; int r; /* a very fast check to avoid extra database reads */ @@ -282,7 +284,7 @@ } /* possibly initialise the baseinfo */ - if (!baseinfo-dn) { + if (r == LDB_ERR_NO_SUCH_OBJECT) { if (ltdb_baseinfo_init(module) != LDB_SUCCESS) { goto failed; } @@ -301,6 +303,25 @@ } ltdb-sequence_number = seq; + /* Read an interpret database options */ + options = talloc(ltdb-cache, struct ldb_message); + if (options == NULL) goto failed; + + options_dn = ldb_dn_new(module, module-ldb, LTDB_OPTIONS); + if (options_dn == NULL) goto failed; + + r= ltdb_search_dn1(module, options_dn, options); + if (r != LDB_SUCCESS r != LDB_ERR_NO_SUCH_OBJECT) { + goto failed; + } + + /* possibly initialise the baseinfo */ + if (r == LDB_SUCCESS) { + ltdb-check_base = ldb_msg_find_attr_as_bool(options, LTDB_CHECK_BASE, false); + } else { + ltdb-check_base = false; + } + talloc_free(ltdb-cache-last_attribute.name); memset(ltdb-cache-last_attribute, 0, sizeof(ltdb-cache-last_attribute)); @@ -328,12 +349,16 @@ } done: + talloc_free(options); + talloc_free(options_dn); talloc_free(baseinfo); talloc_free(baseinfo_dn); talloc_free(indexlist_dn); return 0; failed: + talloc_free(options); + talloc_free(options_dn); talloc_free(baseinfo); talloc_free(baseinfo_dn); talloc_free(indexlist_dn); Modified: branches/SAMBA_4_0/source/lib/ldb/ldb_tdb/ldb_search.c === --- branches/SAMBA_4_0/source/lib/ldb/ldb_tdb/ldb_search.c 2007-11-15 01:13:24 UTC (rev 25958) +++ branches/SAMBA_4_0/source/lib/ldb/ldb_tdb/ldb_search.c 2007-11-15 01:53:44 UTC (rev 25959) @@ -200,7 +200,36 @@ return ret; } +/* + search the database for a single simple dn. + return LDB_ERR_NO_SUCH_OBJECT on record-not-found + and LDB_SUCCESS on success +*/ +int ltdb_search_base(struct ldb_module *module, struct ldb_dn *dn) +{ + struct ltdb_private *ltdb = (struct ltdb_private *)module-private_data; + TDB_DATA tdb_key, tdb_data; + if (ldb_dn_is_null(dn)) { + return LDB_ERR_NO_SUCH_OBJECT; + } + + /* form the key */ + tdb_key = ltdb_key(module, dn); + if (!tdb_key.dptr) { + return LDB_ERR_OPERATIONS_ERROR; + } + + tdb_data = tdb_fetch(ltdb-tdb, tdb_key); + talloc_free(tdb_key.dptr); + if (!tdb_data.dptr) { + return LDB_ERR_NO_SUCH_OBJECT; + } + + free(tdb_data.dptr); + return LDB_SUCCESS; +} + /* search the database for a single simple dn, returning all attributes in a single message @@ -227,7 +256,7 @@ if (!tdb_data.dptr) { return LDB_ERR_NO_SUCH_OBJECT; } - + msg-num_elements = 0
svn commit: samba r25960 - in branches/SAMBA_4_0/source: ldap_server setup
Author: abartlet Date: 2007-11-15 02:45:31 + (Thu, 15 Nov 2007) New Revision: 25960 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=25960 Log: Enable checks on the validity of the search base on sam.ldb in Samba4. Remove bogus check to return NO_SUCH_ENTRY in ldap_backend.c, as this error is now correctly emited from ldb. Andrew Bartlett Modified: branches/SAMBA_4_0/source/ldap_server/ldap_backend.c branches/SAMBA_4_0/source/setup/provision_init.ldif branches/SAMBA_4_0/source/setup/provision_partitions.ldif Changeset: Modified: branches/SAMBA_4_0/source/ldap_server/ldap_backend.c === --- branches/SAMBA_4_0/source/ldap_server/ldap_backend.c2007-11-15 01:53:44 UTC (rev 25959) +++ branches/SAMBA_4_0/source/ldap_server/ldap_backend.c2007-11-15 02:45:31 UTC (rev 25960) @@ -300,10 +300,6 @@ DEBUG(10,(SearchRequest: results: [%d]\n, res-count)); result = LDAP_SUCCESS; errstr = NULL; - } else if (res-count == 0) { - DEBUG(10,(SearchRequest: no results\n)); - result = LDAP_NO_SUCH_OBJECT; - errstr = ldb_errstring(samdb); } if (res-controls) { done_r-msg-controls = res-controls; Modified: branches/SAMBA_4_0/source/setup/provision_init.ldif === --- branches/SAMBA_4_0/source/setup/provision_init.ldif 2007-11-15 01:53:44 UTC (rev 25959) +++ branches/SAMBA_4_0/source/setup/provision_init.ldif 2007-11-15 02:45:31 UTC (rev 25960) @@ -23,6 +23,9 @@ systemFlags: INTEGER userAccountControl: INTEGER +dn: @OPTIONS +checkBaseOnSearch: TRUE + dn: @KLUDGEACL passwordAttribute: sambaPassword passwordAttribute: ntPwdHash Modified: branches/SAMBA_4_0/source/setup/provision_partitions.ldif === --- branches/SAMBA_4_0/source/setup/provision_partitions.ldif 2007-11-15 01:53:44 UTC (rev 25959) +++ branches/SAMBA_4_0/source/setup/provision_partitions.ldif 2007-11-15 02:45:31 UTC (rev 25960) @@ -4,6 +4,7 @@ partition: ${DOMAINDN}:${DOMAINDN_LDB} replicateEntries: @ATTRIBUTES replicateEntries: @INDEXLIST +replicateEntries: @OPTIONS modules:${SCHEMADN}:${SCHEMADN_MOD}${SCHEMADN_MOD2} modules:${CONFIGDN}:${CONFIGDN_MOD}${CONFIGDN_MOD2} modules:${DOMAINDN}:${DOMAINDN_MOD}${DOMAINDN_MOD2}
svn commit: samba r25958 - in branches/SAMBA_4_0/source/lib: .
Author: abartlet Date: 2007-11-15 01:13:24 + (Thu, 15 Nov 2007) New Revision: 25958 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=25958 Log: Callers of gendb_search_dn() don't expect to get LDB_ERR_NO_SUCH_OBJECT for base searches. Return 0 in this case. Andrew Bartlett Modified: branches/SAMBA_4_0/source/lib/gendb.c Changeset: Modified: branches/SAMBA_4_0/source/lib/gendb.c === --- branches/SAMBA_4_0/source/lib/gendb.c 2007-11-15 01:12:10 UTC (rev 25957) +++ branches/SAMBA_4_0/source/lib/gendb.c 2007-11-15 01:13:24 UTC (rev 25958) @@ -64,6 +64,9 @@ ret = res-count; *msgs = res-msgs; talloc_free(res); + } else if (scope == LDB_SCOPE_BASE ret == LDB_ERR_NO_SUCH_OBJECT) { + ret = 0; + *msgs = NULL; } else { DEBUG(4,(gendb_search_v: search failed: %s, ldb_errstring(ldb))); ret = -1;
svn commit: samba r25961 - in branches/SAMBA_4_0/testprogs/ejs: .
Author: abartlet Date: 2007-11-15 02:46:13 + (Thu, 15 Nov 2007) New Revision: 25961 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=25961 Log: Add new tests to verify basedn validation in LDAP searches. Andrew Bartlett Modified: branches/SAMBA_4_0/testprogs/ejs/ldap.js Changeset: Modified: branches/SAMBA_4_0/testprogs/ejs/ldap.js === --- branches/SAMBA_4_0/testprogs/ejs/ldap.js2007-11-15 02:45:31 UTC (rev 25960) +++ branches/SAMBA_4_0/testprogs/ejs/ldap.js2007-11-15 02:46:13 UTC (rev 25961) @@ -45,6 +45,7 @@ assert(ok.error == 32); } + println(Testing user add); var ok = ldb.add( dn: cn=ldaptestuser,cn=uSers, + base_dn + objectclass: user @@ -339,8 +340,20 @@ assert(res.msgs.length == 1); } - assert(res.msgs[0].dn == (CN=ldaptestuser4,CN=ldaptestcontainer2, + base_dn)); + println(Testing subtree ldb.search for ((cn=ldaptestuser4)(objectClass=user)) in (just renamed from) cn=ldaptestcontainer, + base_dn); + var res = ldb.search(((cn=ldaptestuser4)(objectClass=user)), cn=ldaptestcontainer, + base_dn, ldb.SCOPE_SUBTREE); + if (res.error != 32) { + println(res.errstr); + assert(res.error == 32); + } + println(Testing one-level ldb.search for ((cn=ldaptestuser4)(objectClass=user)) in (just renamed from) cn=ldaptestcontainer, + base_dn); + var res = ldb.search(((cn=ldaptestuser4)(objectClass=user)), cn=ldaptestcontainer, + base_dn, ldb.SCOPE_ONELEVEL); + if (res.error != 32) { + println(res.errstr); + assert(res.error == 32); + } + println(Testing ldb.search for ((cn=ldaptestuser4)(objectClass=user)) in renamed container); var res = ldb.search(((cn=ldaptestuser4)(objectClass=user)), cn=ldaptestcontainer2, + base_dn, ldb.SCOPE_SUBTREE); if (res.error != 0 || res.msgs.length != 1) { @@ -371,8 +384,31 @@ println(ok.errstr); assert(ok.error == 66); } - println(Testing delete of subtree renamed +res.msgs[0].dn); - ok = ldb.del(res.msgs[0].dn); + + println(Testing base ldb.search for CN=ldaptestuser4,CN=ldaptestcontainer2, + base_dn); + var res = ldb.search((objectclass=*), (CN=ldaptestuser4,CN=ldaptestcontainer2, + base_dn), ldb.SCOPE_BASE); + if (res.error == 0 res.count == 1) { + assert(res.error == 0 res.count == 1); + } + var res = ldb.search((cn=ldaptestuser40), (CN=ldaptestuser4,CN=ldaptestcontainer2, + base_dn), ldb.SCOPE_BASE); + if (res.error == 0 res.count == 0) { + assert(res.error == 0 res.count == 0); + } + + println(Testing one-level ldb.search for ((cn=ldaptestuser4)(objectClass=user)) in cn=ldaptestcontainer2, + base_dn); + var res = ldb.search(((cn=ldaptestuser4)(objectClass=user)), cn=ldaptestcontainer2, + base_dn, ldb.SCOPE_ONELEVEL); + if (res.error == 0 res.count == 0) { + assert(res.error == 0 res.count == 0); + } + + println(Testing one-level ldb.search for ((cn=ldaptestuser4)(objectClass=user)) in cn=ldaptestcontainer2, + base_dn); + var res = ldb.search(((cn=ldaptestuser4)(objectClass=user)), cn=ldaptestcontainer2, + base_dn, ldb.SCOPE_SUBTREE); + if (res.error == 0 res.count == 0) { + assert(res.error == 0 res.count == 0); + } + + println(Testing delete of subtree renamed +(CN=ldaptestuser4,CN=ldaptestcontainer2, + base_dn)); + ok = ldb.del((CN=ldaptestuser4,CN=ldaptestcontainer2, + base_dn)); if (ok.error != 0) { println(ok.errstr); assert(ok.error == 0); @@ -904,6 +940,7 @@ var ok = ldb.connect(ldap://; + host); var base_dn = find_basedn(ldb); + var configuration_dn = find_configurationdn(ldb); var schema_dn = find_schemadn(ldb);
svn commit: samba r25938 - in branches/SAMBA_4_0/source/cldap_server: .
Author: abartlet Date: 2007-11-13 22:26:24 + (Tue, 13 Nov 2007) New Revision: 25938 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=25938 Log: We don't need the CLDAP server unless we are a DC. Andrew Bartlett Modified: branches/SAMBA_4_0/source/cldap_server/cldap_server.c Changeset: Modified: branches/SAMBA_4_0/source/cldap_server/cldap_server.c === --- branches/SAMBA_4_0/source/cldap_server/cldap_server.c 2007-11-13 21:27:37 UTC (rev 25937) +++ branches/SAMBA_4_0/source/cldap_server/cldap_server.c 2007-11-13 22:26:24 UTC (rev 25938) @@ -159,6 +159,18 @@ return; } + switch (lp_server_role(global_loadparm)) { + case ROLE_STANDALONE: + task_server_terminate(task, cldap_server: no CLDAP server required in standalone configuration); + return; + case ROLE_DOMAIN_MEMBER: + task_server_terminate(task, cldap_server: no CLDAP server required in member server configuration); + return; + case ROLE_DOMAIN_CONTROLLER: + /* Yes, we want an CLDAP server */ + break; + } + task_server_set_title(task, task[cldapd]); cldapd = talloc(task, struct cldapd_server);
svn commit: samba r25939 - in branches/SAMBA_4_0/source/cldap_server: .
Author: abartlet Date: 2007-11-13 22:30:33 + (Tue, 13 Nov 2007) New Revision: 25939 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=25939 Log: Rework the CLDAP server not to use gendb_search but to call ldb_search directly. Handle the errors from ldb_search (now that we get more than just -1), including NO_SUCH_ENTRY when the base DN doesn't exist. Andrew Bartlett Modified: branches/SAMBA_4_0/source/cldap_server/netlogon.c Changeset: Modified: branches/SAMBA_4_0/source/cldap_server/netlogon.c === --- branches/SAMBA_4_0/source/cldap_server/netlogon.c 2007-11-13 22:26:24 UTC (rev 25938) +++ branches/SAMBA_4_0/source/cldap_server/netlogon.c 2007-11-13 22:30:33 UTC (rev 25939) @@ -49,8 +49,8 @@ { const char *ref_attrs[] = {nETBIOSName, dnsRoot, ncName, NULL}; const char *dom_attrs[] = {objectGUID, NULL}; - struct ldb_message **ref_res, **dom_res; - int ret, count = 0; + struct ldb_result *ref_res = NULL, *dom_res = NULL; + int ret; const char **services = lp_server_services(global_loadparm); uint32_t server_type; const char *pdc_name; @@ -72,52 +72,89 @@ } if (domain) { - struct ldb_result *dom_ldb_result; struct ldb_dn *dom_dn; /* try and find the domain */ - count = gendb_search(cldapd-samctx, mem_ctx, partitions_basedn, ref_res, ref_attrs, - (((objectClass=crossRef)(dnsRoot=%s))(nETBIOSName=*)), - domain); - if (count == 1) { - dom_dn = samdb_result_dn(cldapd-samctx, mem_ctx, ref_res[0], ncName, NULL); + + ret = ldb_search_exp_fmt(cldapd-samctx, mem_ctx, ref_res, +partitions_basedn, LDB_SCOPE_ONELEVEL, +ref_attrs, + (((objectClass=crossRef)(dnsRoot=%s))(nETBIOSName=*)), +domain); + + if (ret != LDB_SUCCESS) { + DEBUG(2,(Unable to find referece to '%s' in sam: %s\n, +domain, +ldb_errstring(cldapd-samctx))); + return NT_STATUS_NO_SUCH_DOMAIN; + } else if (ref_res-count == 1) { + talloc_steal(mem_ctx, dom_res); + dom_dn = ldb_msg_find_attr_as_dn(cldapd-samctx, mem_ctx, ref_res-msgs[0], ncName); if (!dom_dn) { return NT_STATUS_NO_SUCH_DOMAIN; } ret = ldb_search(cldapd-samctx, dom_dn, LDB_SCOPE_BASE, objectClass=domain, -dom_attrs, dom_ldb_result); +dom_attrs, dom_res); if (ret != LDB_SUCCESS) { DEBUG(2,(Error finding domain '%s'/'%s' in sam: %s\n, domain, ldb_dn_get_linearized(dom_dn), ldb_errstring(cldapd-samctx))); return NT_STATUS_NO_SUCH_DOMAIN; } - talloc_steal(mem_ctx, dom_ldb_result); - if (dom_ldb_result-count != 1) { + talloc_steal(mem_ctx, dom_res); + if (dom_res-count != 1) { DEBUG(2,(Error finding domain '%s'/'%s' in sam\n, domain, ldb_dn_get_linearized(dom_dn))); return NT_STATUS_NO_SUCH_DOMAIN; } - dom_res = dom_ldb_result-msgs; + } else if (ref_res-count 1) { + talloc_free(ref_res); + return NT_STATUS_NO_SUCH_DOMAIN; } } - if (count == 0 domain_guid) { - /* OK, so no dice with the name, try and find the domain with the GUID */ - count = gendb_search(cldapd-samctx, mem_ctx, NULL, dom_res, dom_attrs, - ((objectClass=domainDNS)(objectGUID=%s)), - domain_guid); - if (count == 1) { + if ((dom_res == NULL || dom_res-count == 0) domain_guid) { + ref_res = NULL; + + ret = ldb_search_exp_fmt(cldapd-samctx, mem_ctx, dom_res, +NULL, LDB_SCOPE_SUBTREE, +dom_attrs, +((objectClass=domainDNS)(objectGUID=%s)), +domain_guid); + + if (ret != LDB_SUCCESS) { + DEBUG(2,(Unable to find referece to GUID '%s' in sam: %s\n
svn commit: samba r25940 - in branches/SAMBA_4_0/source: dsdb/samdb dsdb/samdb/ldb_modules rpc_server/drsuapi scripting/libjs setup
Author: abartlet Date: 2007-11-13 22:38:55 + (Tue, 13 Nov 2007) New Revision: 25940 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=25940 Log: Rework the samldb and templates handling. Templates just don't belong in the sam.ldb, as they don't obey any of the other rules. This moves them to a seperate templates.ldb. In samldb, this patch reworks the duplicate SID and Name detection code, to use ldb_search_exp_fmt() rather than gendb_search. This returns far more useful errors, which we now handle and report better. The call to samdb_search_for_parent_domain() has been moved in samldb, to allow both the account and SID uniqueness checks to be in the same domain. This function also returns better errors. dcesrv_drsuapi.c is updated for the new prototype of samdb_search_for_parent_domain() Andrew Bartlett Modified: branches/SAMBA_4_0/source/dsdb/samdb/ldb_modules/samldb.c branches/SAMBA_4_0/source/dsdb/samdb/samdb.c branches/SAMBA_4_0/source/rpc_server/drsuapi/dcesrv_drsuapi.c branches/SAMBA_4_0/source/scripting/libjs/provision.js branches/SAMBA_4_0/source/setup/provision_templates.ldif Changeset: Modified: branches/SAMBA_4_0/source/dsdb/samdb/ldb_modules/samldb.c === --- branches/SAMBA_4_0/source/dsdb/samdb/ldb_modules/samldb.c 2007-11-13 22:30:33 UTC (rev 25939) +++ branches/SAMBA_4_0/source/dsdb/samdb/ldb_modules/samldb.c 2007-11-13 22:38:55 UTC (rev 25940) @@ -190,24 +190,16 @@ */ static int samldb_get_new_sid(struct ldb_module *module, TALLOC_CTX *mem_ctx, struct ldb_dn *obj_dn, + struct ldb_dn *dom_dn, struct dom_sid **sid) { const char * const attrs[2] = { objectSid, NULL }; struct ldb_result *res = NULL; - struct ldb_dn *dom_dn; int ret; struct dom_sid *dom_sid; /* get the domain component part of the provided dn */ - dom_dn = samdb_search_for_parent_domain(module-ldb, mem_ctx, obj_dn); - if (dom_dn == NULL) { - ldb_asprintf_errstring(module-ldb, - Invalid dn (%s) not child of a domain object!\n, - ldb_dn_get_linearized(obj_dn)); - return LDB_ERR_CONSTRAINT_VIOLATION; - } - /* find the domain sid */ ret = ldb_search(module-ldb, dom_dn, LDB_SCOPE_BASE, objectSid=*, attrs, res); @@ -338,13 +330,14 @@ } static int samldb_handle_sid(struct ldb_module *module, -TALLOC_CTX *mem_ctx, struct ldb_message *msg2) +TALLOC_CTX *mem_ctx, struct ldb_message *msg2, +struct ldb_dn *parent_dn) { int ret; struct dom_sid *sid = samdb_result_dom_sid(mem_ctx, msg2, objectSid); if (sid == NULL) { - ret = samldb_get_new_sid(module, msg2, msg2-dn, sid); + ret = samldb_get_new_sid(module, msg2, msg2-dn, parent_dn, sid); if (ret != 0) { return ret; } @@ -361,31 +354,35 @@ return ret; } -static char *samldb_generate_samAccountName(struct ldb_module *module, TALLOC_CTX *mem_ctx) +static int samldb_generate_samAccountName(struct ldb_module *module, TALLOC_CTX *mem_ctx, + struct ldb_dn *dom_dn, char **name) { - char *name; const char *attrs[] = { NULL }; - struct ldb_message **msgs; + struct ldb_result *res; int ret; /* Format: $00- */ do { - name = talloc_asprintf(mem_ctx, $%.6X-%.6X%.6X, (unsigned int)random(), (unsigned int)random(), (unsigned int)random()); + *name = talloc_asprintf(mem_ctx, $%.6X-%.6X%.6X, (unsigned int)random(), (unsigned int)random(), (unsigned int)random()); /* TODO: Figure out exactly what this is meant to conflict with */ - ret = gendb_search(module-ldb, - mem_ctx, NULL, msgs, attrs, - samAccountName=%s, - ldb_binary_encode_string(mem_ctx, name)); - if (ret == 0) { + ret = ldb_search_exp_fmt(module-ldb, +mem_ctx, res, dom_dn, LDB_SCOPE_SUBTREE, attrs, +samAccountName=%s, +ldb_binary_encode_string(mem_ctx, *name)); + if (ret != LDB_SUCCESS) { + ldb_asprintf_errstring(module-ldb, samldb: Failure searching to determine if samAccountName %s is unique: %s, + *name, ldb_errstring(module-ldb)); + return ret